[Midnightbsd-cvs] src [6977] vendor-crypto/openssl/0.9.8zf: tag openssl 0.9.8zf
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Thu Mar 19 20:02:09 EDT 2015
Revision: 6977
http://svnweb.midnightbsd.org/src/?rev=6977
Author: laffer1
Date: 2015-03-19 20:02:03 -0400 (Thu, 19 Mar 2015)
Log Message:
-----------
tag openssl 0.9.8zf
Added Paths:
-----------
vendor-crypto/openssl/0.9.8zf/
vendor-crypto/openssl/0.9.8zf/CHANGES
vendor-crypto/openssl/0.9.8zf/Makefile
vendor-crypto/openssl/0.9.8zf/Makefile.bak
vendor-crypto/openssl/0.9.8zf/NEWS
vendor-crypto/openssl/0.9.8zf/README
vendor-crypto/openssl/0.9.8zf/apps/app_rand.c
vendor-crypto/openssl/0.9.8zf/apps/apps.c
vendor-crypto/openssl/0.9.8zf/apps/apps.h
vendor-crypto/openssl/0.9.8zf/apps/asn1pars.c
vendor-crypto/openssl/0.9.8zf/apps/ca.c
vendor-crypto/openssl/0.9.8zf/apps/ciphers.c
vendor-crypto/openssl/0.9.8zf/apps/cms.c
vendor-crypto/openssl/0.9.8zf/apps/crl.c
vendor-crypto/openssl/0.9.8zf/apps/crl2p7.c
vendor-crypto/openssl/0.9.8zf/apps/dgst.c
vendor-crypto/openssl/0.9.8zf/apps/dh.c
vendor-crypto/openssl/0.9.8zf/apps/dhparam.c
vendor-crypto/openssl/0.9.8zf/apps/dsa.c
vendor-crypto/openssl/0.9.8zf/apps/dsaparam.c
vendor-crypto/openssl/0.9.8zf/apps/ec.c
vendor-crypto/openssl/0.9.8zf/apps/ecparam.c
vendor-crypto/openssl/0.9.8zf/apps/enc.c
vendor-crypto/openssl/0.9.8zf/apps/engine.c
vendor-crypto/openssl/0.9.8zf/apps/errstr.c
vendor-crypto/openssl/0.9.8zf/apps/gendh.c
vendor-crypto/openssl/0.9.8zf/apps/gendsa.c
vendor-crypto/openssl/0.9.8zf/apps/genrsa.c
vendor-crypto/openssl/0.9.8zf/apps/nseq.c
vendor-crypto/openssl/0.9.8zf/apps/ocsp.c
vendor-crypto/openssl/0.9.8zf/apps/openssl.c
vendor-crypto/openssl/0.9.8zf/apps/passwd.c
vendor-crypto/openssl/0.9.8zf/apps/pkcs12.c
vendor-crypto/openssl/0.9.8zf/apps/pkcs7.c
vendor-crypto/openssl/0.9.8zf/apps/pkcs8.c
vendor-crypto/openssl/0.9.8zf/apps/prime.c
vendor-crypto/openssl/0.9.8zf/apps/progs.h
vendor-crypto/openssl/0.9.8zf/apps/rand.c
vendor-crypto/openssl/0.9.8zf/apps/req.c
vendor-crypto/openssl/0.9.8zf/apps/rsa.c
vendor-crypto/openssl/0.9.8zf/apps/rsautl.c
vendor-crypto/openssl/0.9.8zf/apps/s_apps.h
vendor-crypto/openssl/0.9.8zf/apps/s_cb.c
vendor-crypto/openssl/0.9.8zf/apps/s_client.c
vendor-crypto/openssl/0.9.8zf/apps/s_server.c
vendor-crypto/openssl/0.9.8zf/apps/s_socket.c
vendor-crypto/openssl/0.9.8zf/apps/s_time.c
vendor-crypto/openssl/0.9.8zf/apps/sess_id.c
vendor-crypto/openssl/0.9.8zf/apps/smime.c
vendor-crypto/openssl/0.9.8zf/apps/speed.c
vendor-crypto/openssl/0.9.8zf/apps/spkac.c
vendor-crypto/openssl/0.9.8zf/apps/testdsa.h
vendor-crypto/openssl/0.9.8zf/apps/testrsa.h
vendor-crypto/openssl/0.9.8zf/apps/timeouts.h
vendor-crypto/openssl/0.9.8zf/apps/verify.c
vendor-crypto/openssl/0.9.8zf/apps/version.c
vendor-crypto/openssl/0.9.8zf/apps/winrand.c
vendor-crypto/openssl/0.9.8zf/apps/x509.c
vendor-crypto/openssl/0.9.8zf/bugs/alpha.c
vendor-crypto/openssl/0.9.8zf/bugs/dggccbug.c
vendor-crypto/openssl/0.9.8zf/bugs/sgiccbug.c
vendor-crypto/openssl/0.9.8zf/bugs/stream.c
vendor-crypto/openssl/0.9.8zf/bugs/ultrixcc.c
vendor-crypto/openssl/0.9.8zf/crypto/LPdir_nyi.c
vendor-crypto/openssl/0.9.8zf/crypto/LPdir_unix.c
vendor-crypto/openssl/0.9.8zf/crypto/LPdir_vms.c
vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win.c
vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win32.c
vendor-crypto/openssl/0.9.8zf/crypto/LPdir_wince.c
vendor-crypto/openssl/0.9.8zf/crypto/Makefile
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes.h
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cbc.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cfb.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_core.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ctr.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ige.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_misc.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ofb.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_wrap.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bitstr.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bool.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bytes.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_d2i_fp.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_digest.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_dup.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_enum.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_gentm.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_hdr.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_i2d_fp.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_int.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_mbstr.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_meth.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_object.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_octet.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_print.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_set.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_sign.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strex.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strnid.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_time.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_type.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utctm.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utf8.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_verify.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1.h
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_err.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_gen.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_mac.h
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_par.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1t.h
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_mime.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_moid.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_pack.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/charmap.h
vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pr.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pu.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/evp_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_enum.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_int.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_string.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pr.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pu.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/n_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/nsseq.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbe.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbev2.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_key.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_bitst.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_crl.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_req.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_spki.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509a.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_dec.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_fre.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_new.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_prn.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_typ.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_utl.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_algor.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_attrib.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_bignum.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_crl.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_exten.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_info.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_long.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_name.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pubkey.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_req.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_sig.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_spki.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_val.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509a.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cbc.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cfb64.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ofb64.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_opts.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_pi.h
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bfspeed.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bftest.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/blowfish.h
vendor-crypto/openssl/0.9.8zf/crypto/bio/b_dump.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/b_print.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/b_sock.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_buff.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_lbuf.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_nbio.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_null.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bio.h
vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_cb.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_err.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_acpt.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_bio.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_conn.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_dgram.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_fd.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_file.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_log.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_mem.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_null.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_rtcp.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_sock.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/mips3.s
vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/x86_64-gcc.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn.h
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_add.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_asm.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_blind.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_const.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_ctx.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_depr.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_div.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_err.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp2.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gcd.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gf2m.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_kron.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mod.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mont.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mpi.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mul.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_nist.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_opt.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.h
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_print.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_rand.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_recp.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_shift.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqr.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqrt.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_word.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_x931p.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bnspeed.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bntest.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/divtest.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/exp.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/expspeed.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/exptest.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/vms-helper.c
vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_err.c
vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_str.c
vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.c
vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.h
vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.c
vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.h
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cbc.c
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cfb.c
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ctr.c
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_misc.c
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ofb.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/c_cfb64.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/c_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ofb64.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/c_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/cast.h
vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_s.h
vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_spd.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/castopts.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/casttest.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms.h
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_att.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_cd.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_dd.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_env.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_err.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_ess.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_io.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_sd.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_smime.c
vendor-crypto/openssl/0.9.8zf/crypto/comp/c_rle.c
vendor-crypto/openssl/0.9.8zf/crypto/comp/c_zlib.c
vendor-crypto/openssl/0.9.8zf/crypto/comp/comp.h
vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_err.c
vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/cnf_save.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf.h
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.h
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.h
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_err.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mall.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mod.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_sap.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/test.c
vendor-crypto/openssl/0.9.8zf/crypto/constant_time_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/constant_time_test.c
vendor-crypto/openssl/0.9.8zf/crypto/cpt_err.c
vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.c
vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.h
vendor-crypto/openssl/0.9.8zf/crypto/crypto.h
vendor-crypto/openssl/0.9.8zf/crypto/cversion.c
vendor-crypto/openssl/0.9.8zf/crypto/des/cbc3_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_cksm.c
vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64ede.c
vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/cfb_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des.h
vendor-crypto/openssl/0.9.8zf/crypto/des/des_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.h
vendor-crypto/openssl/0.9.8zf/crypto/des/des_old2.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des_opts.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des_ver.h
vendor-crypto/openssl/0.9.8zf/crypto/des/destest.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ecb3_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ecb_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ede_cbcm_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/enc_read.c
vendor-crypto/openssl/0.9.8zf/crypto/des/enc_writ.c
vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt.c
vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt_b.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ncbc_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64ede.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ofb_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/pcbc_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/qud_cksm.c
vendor-crypto/openssl/0.9.8zf/crypto/des/rand_key.c
vendor-crypto/openssl/0.9.8zf/crypto/des/read2pwd.c
vendor-crypto/openssl/0.9.8zf/crypto/des/read_pwd.c
vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_des.h
vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/rpw.c
vendor-crypto/openssl/0.9.8zf/crypto/des/set_key.c
vendor-crypto/openssl/0.9.8zf/crypto/des/speed.c
vendor-crypto/openssl/0.9.8zf/crypto/des/spr.h
vendor-crypto/openssl/0.9.8zf/crypto/des/str2key.c
vendor-crypto/openssl/0.9.8zf/crypto/des/xcbc_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh.h
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_check.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_depr.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_err.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_gen.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_key.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dhtest.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/p1024.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/p192.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/p512.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa.h
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_depr.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_err.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_gen.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_key.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_ossl.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_sign.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_utl.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_vrf.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsagen.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsatest.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso.h
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dl.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dlfcn.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_err.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_null.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_openssl.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_vms.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_win32.c
vendor-crypto/openssl/0.9.8zf/crypto/dyn_lck.c
vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.c
vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.h
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec.h
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_mult.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpl.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpt.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_check.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_curve.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_cvt.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_err.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_key.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_mult.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_print.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_mont.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_nist.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_smpl.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ectest.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdh.h
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdhtest.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_err.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_key.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_ossl.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsa.h
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsatest.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_err.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_ossl.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_sign.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_vrf.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_all.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cnf.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cryptodev.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_ctrl.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_dyn.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_err.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_fat.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_init.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_int.h
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_list.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_openssl.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_padlock.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_table.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/engine.h
vendor-crypto/openssl/0.9.8zf/crypto/engine/enginetest.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_cipher.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dh.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_digest.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dsa.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdh.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdsa.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rand.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rsa.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_store.c
vendor-crypto/openssl/0.9.8zf/crypto/err/err.c
vendor-crypto/openssl/0.9.8zf/crypto/err/err.h
vendor-crypto/openssl/0.9.8zf/crypto/err/err_all.c
vendor-crypto/openssl/0.9.8zf/crypto/err/err_bio.c
vendor-crypto/openssl/0.9.8zf/crypto/err/err_def.c
vendor-crypto/openssl/0.9.8zf/crypto/err/err_prn.c
vendor-crypto/openssl/0.9.8zf/crypto/err/err_str.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/Makefile
vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_b64.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_md.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_ok.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/c_all.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/c_allc.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/c_alld.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/dig_eng.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/digest.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_aes.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_bf.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_camellia.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_cast.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des3.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_dsa.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_idea.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_null.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_old.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc2.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc4.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc5.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_seed.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_xcbc_d.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/enc_min.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/encode.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp.h
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_acnf.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_cnf.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_err.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_key.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pbe.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_test.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss1.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ecdsa.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md2.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md4.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md5.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_mdc2.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_null.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ripemd.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha1.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/names.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/openbsd_hw.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt2.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_dec.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_open.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_seal.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_sign.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_verify.c
vendor-crypto/openssl/0.9.8zf/crypto/ex_data.c
vendor-crypto/openssl/0.9.8zf/crypto/fips_err.c
vendor-crypto/openssl/0.9.8zf/crypto/fips_err.h
vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.c
vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.h
vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmactest.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cbc.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cfb64.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ofb64.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/i_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/idea.h
vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_spd.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/ideatest.c
vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.c
vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.h
vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake_err.c
vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpaketest.c
vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.c
vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.h
vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_stats.c
vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_test.c
vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.c
vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.h
vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.c
vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.h
vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_one.c
vendor-crypto/openssl/0.9.8zf/crypto/md2/md2test.c
vendor-crypto/openssl/0.9.8zf/crypto/md32_common.h
vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.c
vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.h
vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_one.c
vendor-crypto/openssl/0.9.8zf/crypto/md4/md4test.c
vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.c
vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.h
vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_one.c
vendor-crypto/openssl/0.9.8zf/crypto/md5/md5test.c
vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2.h
vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2_one.c
vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2test.c
vendor-crypto/openssl/0.9.8zf/crypto/mem.c
vendor-crypto/openssl/0.9.8zf/crypto/mem_clr.c
vendor-crypto/openssl/0.9.8zf/crypto/mem_dbg.c
vendor-crypto/openssl/0.9.8zf/crypto/o_dir.c
vendor-crypto/openssl/0.9.8zf/crypto/o_dir.h
vendor-crypto/openssl/0.9.8zf/crypto/o_dir_test.c
vendor-crypto/openssl/0.9.8zf/crypto/o_init.c
vendor-crypto/openssl/0.9.8zf/crypto/o_str.c
vendor-crypto/openssl/0.9.8zf/crypto/o_str.h
vendor-crypto/openssl/0.9.8zf/crypto/o_time.c
vendor-crypto/openssl/0.9.8zf/crypto/o_time.h
vendor-crypto/openssl/0.9.8zf/crypto/objects/o_names.c
vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_dat.c
vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_err.c
vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_mac.h
vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.h
vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.pl
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp.h
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_asn.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_cl.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_err.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ext.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ht.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_prn.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_srv.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_vfy.c
vendor-crypto/openssl/0.9.8zf/crypto/opensslv.h
vendor-crypto/openssl/0.9.8zf/crypto/ossl_typ.h
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem.h
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem2.h
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_all.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_err.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_info.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_oth.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pk8.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_seal.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_sign.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_x509.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_xaux.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_add.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_asn.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_attr.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crpt.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crt.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_decr.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_init.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_key.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_kiss.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_mutl.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_npas.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8d.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8e.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_utl.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pk12err.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pkcs12.h
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_attr.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_doit.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_mime.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_smime.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7.h
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7err.c
vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_compat.h
vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_test.c
vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.c
vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.h
vendor-crypto/openssl/0.9.8zf/crypto/rand/md_rand.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand.h
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_egd.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_eng.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_err.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_nw.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_os2.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_unix.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_vms.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_win.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/randfile.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/randtest.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2.h
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_cbc.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2cfb64.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2ofb64.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2speed.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2test.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/tab.c
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.c
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.h
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_fblk.c
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4speed.c
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4test.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5.h
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5cfb64.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5ofb64.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5speed.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5test.c
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/ripemd.h
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd160.c
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_one.c
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdconst.h
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdtest.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa.h
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_chk.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_depr.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eay.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eng.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_err.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_gen.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_none.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_null.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_oaep.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pk1.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pss.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_saos.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_sign.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_ssl.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_test.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931g.c
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.c
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.h
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cbc.c
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cfb.c
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ofb.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.h
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1_one.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1test.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256t.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512t.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_one.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/shatest.c
vendor-crypto/openssl/0.9.8zf/crypto/stack/safestack.h
vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.c
vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.h
vendor-crypto/openssl/0.9.8zf/crypto/store/store.h
vendor-crypto/openssl/0.9.8zf/crypto/store/str_err.c
vendor-crypto/openssl/0.9.8zf/crypto/store/str_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/store/str_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/store/str_mem.c
vendor-crypto/openssl/0.9.8zf/crypto/store/str_meth.c
vendor-crypto/openssl/0.9.8zf/crypto/symhacks.h
vendor-crypto/openssl/0.9.8zf/crypto/threads/mttest.c
vendor-crypto/openssl/0.9.8zf/crypto/threads/th-lock.c
vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.c
vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.h
vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.c
vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.h
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui.h
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.c
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.h
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_err.c
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_openssl.c
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_util.c
vendor-crypto/openssl/0.9.8zf/crypto/uid.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/by_dir.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/by_file.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509.h
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_att.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_cmp.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_d2.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_def.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_err.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_ext.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_lu.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_obj.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_r2x.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_req.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_set.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_trs.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_txt.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_v3.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.h
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vpm.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509cset.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509name.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509rset.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509spki.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509type.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x_all.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/ext_dat.h
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_cache.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_data.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_int.h
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_map.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_node.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_tree.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/tabtest.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_addr.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akey.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akeya.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_alt.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_asid.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bcons.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bitst.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_conf.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_cpols.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_crld.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_enum.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_extku.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_genn.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ia5.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_info.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_int.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ncons.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ocsp.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pci.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcia.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcons.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pku.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pmaps.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_prn.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_purp.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_sxnet.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_utl.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3conf.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3err.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3prin.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/x509v3.h
vendor-crypto/openssl/0.9.8zf/demos/asn1/ocsp.c
vendor-crypto/openssl/0.9.8zf/demos/b64.c
vendor-crypto/openssl/0.9.8zf/demos/bio/saccept.c
vendor-crypto/openssl/0.9.8zf/demos/bio/sconnect.c
vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.c
vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.h
vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.c
vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.h
vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/cluster_labs.h
vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs.c
vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.c
vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.h
vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca.c
vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.c
vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.h
vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/ica_openssl_api.h
vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref.c
vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.c
vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.h
vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.c
vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.h
vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.c
vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.h
vendor-crypto/openssl/0.9.8zf/demos/jpake/jpakedemo.c
vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkread.c
vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkwrite.c
vendor-crypto/openssl/0.9.8zf/demos/prime/prime.c
vendor-crypto/openssl/0.9.8zf/demos/selfsign.c
vendor-crypto/openssl/0.9.8zf/demos/sign/sign.c
vendor-crypto/openssl/0.9.8zf/demos/spkigen.c
vendor-crypto/openssl/0.9.8zf/demos/state_machine/state_machine.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/breakage.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/buffer.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/cb.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/ip.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/sm.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.h
vendor-crypto/openssl/0.9.8zf/demos/x509/mkcert.c
vendor-crypto/openssl/0.9.8zf/demos/x509/mkreq.c
vendor-crypto/openssl/0.9.8zf/doc/apps/ciphers.pod
vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_mode.pod
vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_options.pod
vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
vendor-crypto/openssl/0.9.8zf/e_os.h
vendor-crypto/openssl/0.9.8zf/e_os2.h
vendor-crypto/openssl/0.9.8zf/engines/e_4758cca.c
vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_aep.c
vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_atalla.c
vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_capi.c
vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_chil.c
vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_cswift.c
vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_gmp.c
vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_nuron.c
vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_sureware.c
vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_ubsec.c
vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/aep.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/atalla.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/cswift.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_4758_cca.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_ubsec.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hwcryptohook.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/sureware.h
vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aes_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aesavs.c
vendor-crypto/openssl/0.9.8zf/fips/des/fips_des_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/des/fips_desmovs.c
vendor-crypto/openssl/0.9.8zf/fips/dh/dh_gen.c
vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_check.c
vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_gen.c
vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_key.c
vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_lib.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_gen.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_key.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_lib.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_ossl.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_sign.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsatest.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dssvs.c
vendor-crypto/openssl/0.9.8zf/fips/fips.c
vendor-crypto/openssl/0.9.8zf/fips/fips.h
vendor-crypto/openssl/0.9.8zf/fips/fips_canister.c
vendor-crypto/openssl/0.9.8zf/fips/fips_locl.h
vendor-crypto/openssl/0.9.8zf/fips/fips_premain.c
vendor-crypto/openssl/0.9.8zf/fips/fips_test_suite.c
vendor-crypto/openssl/0.9.8zf/fips/fips_utl.h
vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac.c
vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmactest.c
vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.c
vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.h
vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/rand/fips_randtest.c
vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rngvs.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_eay.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_gen.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_lib.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_sign.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_x931g.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsagtest.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsastest.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsavtest.c
vendor-crypto/openssl/0.9.8zf/fips/sha/fips_sha1_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/sha/fips_shatest.c
vendor-crypto/openssl/0.9.8zf/fips/sha/fips_standalone_sha1.c
vendor-crypto/openssl/0.9.8zf/openssl.spec
vendor-crypto/openssl/0.9.8zf/ssl/bio_ssl.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_both.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_clnt.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_enc.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_lib.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_meth.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_pkt.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_srvr.c
vendor-crypto/openssl/0.9.8zf/ssl/dtls1.h
vendor-crypto/openssl/0.9.8zf/ssl/kssl.c
vendor-crypto/openssl/0.9.8zf/ssl/kssl.h
vendor-crypto/openssl/0.9.8zf/ssl/kssl_lcl.h
vendor-crypto/openssl/0.9.8zf/ssl/s23_clnt.c
vendor-crypto/openssl/0.9.8zf/ssl/s23_lib.c
vendor-crypto/openssl/0.9.8zf/ssl/s23_meth.c
vendor-crypto/openssl/0.9.8zf/ssl/s23_pkt.c
vendor-crypto/openssl/0.9.8zf/ssl/s23_srvr.c
vendor-crypto/openssl/0.9.8zf/ssl/s2_clnt.c
vendor-crypto/openssl/0.9.8zf/ssl/s2_enc.c
vendor-crypto/openssl/0.9.8zf/ssl/s2_lib.c
vendor-crypto/openssl/0.9.8zf/ssl/s2_meth.c
vendor-crypto/openssl/0.9.8zf/ssl/s2_pkt.c
vendor-crypto/openssl/0.9.8zf/ssl/s2_srvr.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_both.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_cbc.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_clnt.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_enc.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_lib.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_meth.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_pkt.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_srvr.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl-lib.com
vendor-crypto/openssl/0.9.8zf/ssl/ssl.h
vendor-crypto/openssl/0.9.8zf/ssl/ssl2.h
vendor-crypto/openssl/0.9.8zf/ssl/ssl23.h
vendor-crypto/openssl/0.9.8zf/ssl/ssl3.h
vendor-crypto/openssl/0.9.8zf/ssl/ssl_algs.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_asn1.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_cert.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_ciph.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_err.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_err2.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_lib.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_locl.h
vendor-crypto/openssl/0.9.8zf/ssl/ssl_rsa.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_sess.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_stat.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_task.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_txt.c
vendor-crypto/openssl/0.9.8zf/ssl/ssltest.c
vendor-crypto/openssl/0.9.8zf/ssl/t1_clnt.c
vendor-crypto/openssl/0.9.8zf/ssl/t1_enc.c
vendor-crypto/openssl/0.9.8zf/ssl/t1_lib.c
vendor-crypto/openssl/0.9.8zf/ssl/t1_meth.c
vendor-crypto/openssl/0.9.8zf/ssl/t1_reneg.c
vendor-crypto/openssl/0.9.8zf/ssl/t1_srvr.c
vendor-crypto/openssl/0.9.8zf/ssl/tls1.h
vendor-crypto/openssl/0.9.8zf/test/dummytest.c
vendor-crypto/openssl/0.9.8zf/test/igetest.c
vendor-crypto/openssl/0.9.8zf/test/methtest.c
vendor-crypto/openssl/0.9.8zf/test/r160test.c
vendor-crypto/openssl/0.9.8zf/util/ck_errf.pl
vendor-crypto/openssl/0.9.8zf/util/indent.pro
vendor-crypto/openssl/0.9.8zf/util/libeay.num
vendor-crypto/openssl/0.9.8zf/util/mk1mf.pl
vendor-crypto/openssl/0.9.8zf/util/mkerr.pl
vendor-crypto/openssl/0.9.8zf/util/openssl-format-source
vendor-crypto/openssl/0.9.8zf/util/su-filter.pl
Removed Paths:
-------------
vendor-crypto/openssl/0.9.8zf/CHANGES
vendor-crypto/openssl/0.9.8zf/INSTALL.DJGPP
vendor-crypto/openssl/0.9.8zf/INSTALL.VMS
vendor-crypto/openssl/0.9.8zf/Makefile
vendor-crypto/openssl/0.9.8zf/Makefile.bak
vendor-crypto/openssl/0.9.8zf/NEWS
vendor-crypto/openssl/0.9.8zf/README
vendor-crypto/openssl/0.9.8zf/apps/app_rand.c
vendor-crypto/openssl/0.9.8zf/apps/apps.c
vendor-crypto/openssl/0.9.8zf/apps/apps.h
vendor-crypto/openssl/0.9.8zf/apps/asn1pars.c
vendor-crypto/openssl/0.9.8zf/apps/ca.c
vendor-crypto/openssl/0.9.8zf/apps/ciphers.c
vendor-crypto/openssl/0.9.8zf/apps/cms.c
vendor-crypto/openssl/0.9.8zf/apps/crl.c
vendor-crypto/openssl/0.9.8zf/apps/crl2p7.c
vendor-crypto/openssl/0.9.8zf/apps/dgst.c
vendor-crypto/openssl/0.9.8zf/apps/dh.c
vendor-crypto/openssl/0.9.8zf/apps/dhparam.c
vendor-crypto/openssl/0.9.8zf/apps/dsa.c
vendor-crypto/openssl/0.9.8zf/apps/dsaparam.c
vendor-crypto/openssl/0.9.8zf/apps/ec.c
vendor-crypto/openssl/0.9.8zf/apps/ecparam.c
vendor-crypto/openssl/0.9.8zf/apps/enc.c
vendor-crypto/openssl/0.9.8zf/apps/engine.c
vendor-crypto/openssl/0.9.8zf/apps/errstr.c
vendor-crypto/openssl/0.9.8zf/apps/gendh.c
vendor-crypto/openssl/0.9.8zf/apps/gendsa.c
vendor-crypto/openssl/0.9.8zf/apps/genrsa.c
vendor-crypto/openssl/0.9.8zf/apps/nseq.c
vendor-crypto/openssl/0.9.8zf/apps/ocsp.c
vendor-crypto/openssl/0.9.8zf/apps/openssl.c
vendor-crypto/openssl/0.9.8zf/apps/passwd.c
vendor-crypto/openssl/0.9.8zf/apps/pkcs12.c
vendor-crypto/openssl/0.9.8zf/apps/pkcs7.c
vendor-crypto/openssl/0.9.8zf/apps/pkcs8.c
vendor-crypto/openssl/0.9.8zf/apps/prime.c
vendor-crypto/openssl/0.9.8zf/apps/progs.h
vendor-crypto/openssl/0.9.8zf/apps/rand.c
vendor-crypto/openssl/0.9.8zf/apps/req.c
vendor-crypto/openssl/0.9.8zf/apps/rsa.c
vendor-crypto/openssl/0.9.8zf/apps/rsautl.c
vendor-crypto/openssl/0.9.8zf/apps/s_apps.h
vendor-crypto/openssl/0.9.8zf/apps/s_cb.c
vendor-crypto/openssl/0.9.8zf/apps/s_client.c
vendor-crypto/openssl/0.9.8zf/apps/s_server.c
vendor-crypto/openssl/0.9.8zf/apps/s_socket.c
vendor-crypto/openssl/0.9.8zf/apps/s_time.c
vendor-crypto/openssl/0.9.8zf/apps/sess_id.c
vendor-crypto/openssl/0.9.8zf/apps/smime.c
vendor-crypto/openssl/0.9.8zf/apps/speed.c
vendor-crypto/openssl/0.9.8zf/apps/spkac.c
vendor-crypto/openssl/0.9.8zf/apps/testdsa.h
vendor-crypto/openssl/0.9.8zf/apps/testrsa.h
vendor-crypto/openssl/0.9.8zf/apps/timeouts.h
vendor-crypto/openssl/0.9.8zf/apps/verify.c
vendor-crypto/openssl/0.9.8zf/apps/version.c
vendor-crypto/openssl/0.9.8zf/apps/winrand.c
vendor-crypto/openssl/0.9.8zf/apps/x509.c
vendor-crypto/openssl/0.9.8zf/bugs/alpha.c
vendor-crypto/openssl/0.9.8zf/bugs/dggccbug.c
vendor-crypto/openssl/0.9.8zf/bugs/sgiccbug.c
vendor-crypto/openssl/0.9.8zf/bugs/stream.c
vendor-crypto/openssl/0.9.8zf/bugs/ultrixcc.c
vendor-crypto/openssl/0.9.8zf/crypto/LPdir_nyi.c
vendor-crypto/openssl/0.9.8zf/crypto/LPdir_unix.c
vendor-crypto/openssl/0.9.8zf/crypto/LPdir_vms.c
vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win.c
vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win32.c
vendor-crypto/openssl/0.9.8zf/crypto/LPdir_wince.c
vendor-crypto/openssl/0.9.8zf/crypto/Makefile
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes.h
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cbc.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cfb.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_core.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ctr.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ige.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_misc.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ofb.c
vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_wrap.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bitstr.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bool.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bytes.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_d2i_fp.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_digest.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_dup.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_enum.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_gentm.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_hdr.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_i2d_fp.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_int.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_mbstr.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_meth.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_object.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_octet.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_print.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_set.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_sign.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strex.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strnid.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_time.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_type.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utctm.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utf8.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_verify.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1.h
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_err.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_gen.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_mac.h
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_par.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1t.h
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_mime.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_moid.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_pack.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/charmap.h
vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pr.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pu.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/evp_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_enum.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_int.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_string.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pr.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pu.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/n_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/nsseq.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbe.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbev2.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_key.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_bitst.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_crl.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_req.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_spki.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509a.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_dec.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_fre.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_new.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_prn.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_typ.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_utl.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_algor.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_attrib.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_bignum.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_crl.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_exten.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_info.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_long.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_name.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pubkey.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_req.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_sig.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_spki.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_val.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509.c
vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509a.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cbc.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cfb64.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ofb64.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_opts.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_pi.h
vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bfspeed.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/bftest.c
vendor-crypto/openssl/0.9.8zf/crypto/bf/blowfish.h
vendor-crypto/openssl/0.9.8zf/crypto/bio/b_dump.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/b_print.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/b_sock.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_buff.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_lbuf.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_nbio.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_null.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bio.h
vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_cb.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_err.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_acpt.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_bio.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_conn.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_dgram.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_fd.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_file.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_log.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_mem.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_null.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_rtcp.c
vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_sock.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/mips3.s
vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/x86_64-gcc.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn.h
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_add.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_asm.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_blind.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_const.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_ctx.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_depr.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_div.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_err.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp2.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gcd.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gf2m.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_kron.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mod.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mont.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mpi.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mul.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_nist.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_opt.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.h
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_print.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_rand.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_recp.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_shift.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqr.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqrt.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_word.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_x931p.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bnspeed.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/bntest.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/divtest.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/exp.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/expspeed.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/exptest.c
vendor-crypto/openssl/0.9.8zf/crypto/bn/vms-helper.c
vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_err.c
vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_str.c
vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.c
vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.h
vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.c
vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.h
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cbc.c
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cfb.c
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ctr.c
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_misc.c
vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ofb.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/c_cfb64.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/c_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ofb64.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/c_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/cast.h
vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_s.h
vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_spd.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/castopts.c
vendor-crypto/openssl/0.9.8zf/crypto/cast/casttest.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms.h
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_att.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_cd.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_dd.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_env.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_err.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_ess.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_io.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_sd.c
vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_smime.c
vendor-crypto/openssl/0.9.8zf/crypto/comp/c_rle.c
vendor-crypto/openssl/0.9.8zf/crypto/comp/c_zlib.c
vendor-crypto/openssl/0.9.8zf/crypto/comp/comp.h
vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_err.c
vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/cnf_save.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf.h
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.h
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.h
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_err.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mall.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mod.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_sap.c
vendor-crypto/openssl/0.9.8zf/crypto/conf/test.c
vendor-crypto/openssl/0.9.8zf/crypto/constant_time_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/constant_time_test.c
vendor-crypto/openssl/0.9.8zf/crypto/cpt_err.c
vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.c
vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.h
vendor-crypto/openssl/0.9.8zf/crypto/crypto.h
vendor-crypto/openssl/0.9.8zf/crypto/cversion.c
vendor-crypto/openssl/0.9.8zf/crypto/des/cbc3_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_cksm.c
vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64ede.c
vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/cfb_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des.h
vendor-crypto/openssl/0.9.8zf/crypto/des/des_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.h
vendor-crypto/openssl/0.9.8zf/crypto/des/des_old2.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des_opts.c
vendor-crypto/openssl/0.9.8zf/crypto/des/des_ver.h
vendor-crypto/openssl/0.9.8zf/crypto/des/destest.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ecb3_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ecb_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ede_cbcm_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/enc_read.c
vendor-crypto/openssl/0.9.8zf/crypto/des/enc_writ.c
vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt.c
vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt_b.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ncbc_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64ede.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/ofb_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/pcbc_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/qud_cksm.c
vendor-crypto/openssl/0.9.8zf/crypto/des/rand_key.c
vendor-crypto/openssl/0.9.8zf/crypto/des/read2pwd.c
vendor-crypto/openssl/0.9.8zf/crypto/des/read_pwd.c
vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_des.h
vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/des/rpw.c
vendor-crypto/openssl/0.9.8zf/crypto/des/set_key.c
vendor-crypto/openssl/0.9.8zf/crypto/des/speed.c
vendor-crypto/openssl/0.9.8zf/crypto/des/spr.h
vendor-crypto/openssl/0.9.8zf/crypto/des/str2key.c
vendor-crypto/openssl/0.9.8zf/crypto/des/xcbc_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh.h
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_check.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_depr.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_err.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_gen.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_key.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/dhtest.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/p1024.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/p192.c
vendor-crypto/openssl/0.9.8zf/crypto/dh/p512.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa.h
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_depr.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_err.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_gen.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_key.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_ossl.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_sign.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_utl.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_vrf.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsagen.c
vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsatest.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso.h
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dl.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dlfcn.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_err.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_null.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_openssl.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_vms.c
vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_win32.c
vendor-crypto/openssl/0.9.8zf/crypto/dyn_lck.c
vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.c
vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.h
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec.h
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_mult.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpl.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpt.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_check.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_curve.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_cvt.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_err.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_key.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_mult.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_print.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_mont.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_nist.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_smpl.c
vendor-crypto/openssl/0.9.8zf/crypto/ec/ectest.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdh.h
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdhtest.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_err.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_key.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_ossl.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsa.h
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsatest.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_err.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_ossl.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_sign.c
vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_vrf.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_all.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cnf.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cryptodev.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_ctrl.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_dyn.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_err.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_fat.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_init.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_int.h
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_list.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_openssl.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_padlock.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_table.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/engine.h
vendor-crypto/openssl/0.9.8zf/crypto/engine/enginetest.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_cipher.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dh.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_digest.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dsa.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdh.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdsa.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rand.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rsa.c
vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_store.c
vendor-crypto/openssl/0.9.8zf/crypto/err/err.c
vendor-crypto/openssl/0.9.8zf/crypto/err/err.h
vendor-crypto/openssl/0.9.8zf/crypto/err/err_all.c
vendor-crypto/openssl/0.9.8zf/crypto/err/err_bio.c
vendor-crypto/openssl/0.9.8zf/crypto/err/err_def.c
vendor-crypto/openssl/0.9.8zf/crypto/err/err_prn.c
vendor-crypto/openssl/0.9.8zf/crypto/err/err_str.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/Makefile
vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_b64.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_md.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_ok.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/c_all.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/c_allc.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/c_alld.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/dig_eng.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/digest.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_aes.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_bf.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_camellia.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_cast.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des3.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_dsa.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_idea.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_null.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_old.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc2.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc4.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc5.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_seed.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/e_xcbc_d.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/enc_min.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/encode.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp.h
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_acnf.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_cnf.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_err.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_key.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pbe.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_test.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss1.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ecdsa.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md2.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md4.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md5.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_mdc2.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_null.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ripemd.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha1.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/names.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/openbsd_hw.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt2.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_dec.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_open.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_seal.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_sign.c
vendor-crypto/openssl/0.9.8zf/crypto/evp/p_verify.c
vendor-crypto/openssl/0.9.8zf/crypto/ex_data.c
vendor-crypto/openssl/0.9.8zf/crypto/fips_err.c
vendor-crypto/openssl/0.9.8zf/crypto/fips_err.h
vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.c
vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.h
vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmactest.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cbc.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cfb64.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ofb64.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/i_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/idea.h
vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_spd.c
vendor-crypto/openssl/0.9.8zf/crypto/idea/ideatest.c
vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.c
vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.h
vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake_err.c
vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpaketest.c
vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.c
vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.h
vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_stats.c
vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_test.c
vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.c
vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.h
vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.c
vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.h
vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_one.c
vendor-crypto/openssl/0.9.8zf/crypto/md2/md2test.c
vendor-crypto/openssl/0.9.8zf/crypto/md32_common.h
vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.c
vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.h
vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_one.c
vendor-crypto/openssl/0.9.8zf/crypto/md4/md4test.c
vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.c
vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.h
vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_one.c
vendor-crypto/openssl/0.9.8zf/crypto/md5/md5test.c
vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2.h
vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2_one.c
vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2test.c
vendor-crypto/openssl/0.9.8zf/crypto/mem.c
vendor-crypto/openssl/0.9.8zf/crypto/mem_clr.c
vendor-crypto/openssl/0.9.8zf/crypto/mem_dbg.c
vendor-crypto/openssl/0.9.8zf/crypto/o_dir.c
vendor-crypto/openssl/0.9.8zf/crypto/o_dir.h
vendor-crypto/openssl/0.9.8zf/crypto/o_dir_test.c
vendor-crypto/openssl/0.9.8zf/crypto/o_init.c
vendor-crypto/openssl/0.9.8zf/crypto/o_str.c
vendor-crypto/openssl/0.9.8zf/crypto/o_str.h
vendor-crypto/openssl/0.9.8zf/crypto/o_time.c
vendor-crypto/openssl/0.9.8zf/crypto/o_time.h
vendor-crypto/openssl/0.9.8zf/crypto/objects/o_names.c
vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_dat.c
vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_err.c
vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_mac.h
vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.h
vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.pl
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp.h
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_asn.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_cl.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_err.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ext.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ht.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_prn.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_srv.c
vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_vfy.c
vendor-crypto/openssl/0.9.8zf/crypto/opensslv.h
vendor-crypto/openssl/0.9.8zf/crypto/ossl_typ.h
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem.h
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem2.h
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_all.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_err.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_info.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_oth.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pk8.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pkey.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_seal.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_sign.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_x509.c
vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_xaux.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_add.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_asn.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_attr.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crpt.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crt.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_decr.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_init.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_key.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_kiss.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_mutl.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_npas.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8d.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8e.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_utl.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pk12err.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pkcs12.h
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_attr.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_doit.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_mime.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_smime.c
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7.h
vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7err.c
vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_compat.h
vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_test.c
vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.c
vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.h
vendor-crypto/openssl/0.9.8zf/crypto/rand/md_rand.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand.h
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_egd.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_eng.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_err.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lcl.h
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_nw.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_os2.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_unix.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_vms.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_win.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/randfile.c
vendor-crypto/openssl/0.9.8zf/crypto/rand/randtest.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2.h
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_cbc.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2cfb64.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2ofb64.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2speed.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2test.c
vendor-crypto/openssl/0.9.8zf/crypto/rc2/tab.c
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.c
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.h
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_fblk.c
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4speed.c
vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4test.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5.h
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_enc.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5cfb64.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5ofb64.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5speed.c
vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5test.c
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/ripemd.h
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd160.c
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_one.c
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdconst.h
vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdtest.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa.h
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_asn1.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_chk.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_depr.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eay.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eng.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_err.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_gen.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_none.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_null.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_oaep.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pk1.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pss.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_saos.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_sign.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_ssl.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_test.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931.c
vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931g.c
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.c
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.h
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cbc.c
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cfb.c
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ecb.c
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ofb.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.h
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1_one.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1test.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256t.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512t.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_dgst.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_one.c
vendor-crypto/openssl/0.9.8zf/crypto/sha/shatest.c
vendor-crypto/openssl/0.9.8zf/crypto/stack/safestack.h
vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.c
vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.h
vendor-crypto/openssl/0.9.8zf/crypto/store/store.h
vendor-crypto/openssl/0.9.8zf/crypto/store/str_err.c
vendor-crypto/openssl/0.9.8zf/crypto/store/str_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/store/str_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/store/str_mem.c
vendor-crypto/openssl/0.9.8zf/crypto/store/str_meth.c
vendor-crypto/openssl/0.9.8zf/crypto/symhacks.h
vendor-crypto/openssl/0.9.8zf/crypto/threads/mttest.c
vendor-crypto/openssl/0.9.8zf/crypto/threads/th-lock.c
vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.c
vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.h
vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.c
vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.h
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui.h
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.c
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.h
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_err.c
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_locl.h
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_openssl.c
vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_util.c
vendor-crypto/openssl/0.9.8zf/crypto/uid.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/by_dir.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/by_file.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509.h
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_att.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_cmp.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_d2.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_def.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_err.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_ext.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_lu.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_obj.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_r2x.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_req.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_set.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_trs.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_txt.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_v3.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.h
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vpm.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509cset.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509name.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509rset.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509spki.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x509type.c
vendor-crypto/openssl/0.9.8zf/crypto/x509/x_all.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/ext_dat.h
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_cache.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_data.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_int.h
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_map.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_node.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_tree.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/tabtest.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_addr.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akey.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akeya.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_alt.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_asid.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bcons.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bitst.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_conf.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_cpols.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_crld.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_enum.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_extku.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_genn.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ia5.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_info.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_int.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_lib.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ncons.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ocsp.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pci.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcia.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcons.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pku.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pmaps.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_prn.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_purp.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_skey.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_sxnet.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_utl.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3conf.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3err.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3prin.c
vendor-crypto/openssl/0.9.8zf/crypto/x509v3/x509v3.h
vendor-crypto/openssl/0.9.8zf/demos/asn1/ocsp.c
vendor-crypto/openssl/0.9.8zf/demos/b64.c
vendor-crypto/openssl/0.9.8zf/demos/bio/saccept.c
vendor-crypto/openssl/0.9.8zf/demos/bio/sconnect.c
vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.c
vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.h
vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.c
vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.h
vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/cluster_labs.h
vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs.c
vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.c
vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.h
vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca.c
vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.c
vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.h
vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/ica_openssl_api.h
vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref.c
vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.c
vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.h
vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.c
vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.h
vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.c
vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.h
vendor-crypto/openssl/0.9.8zf/demos/jpake/jpakedemo.c
vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkread.c
vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkwrite.c
vendor-crypto/openssl/0.9.8zf/demos/prime/prime.c
vendor-crypto/openssl/0.9.8zf/demos/selfsign.c
vendor-crypto/openssl/0.9.8zf/demos/sign/sign.c
vendor-crypto/openssl/0.9.8zf/demos/spkigen.c
vendor-crypto/openssl/0.9.8zf/demos/state_machine/state_machine.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/breakage.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/buffer.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/cb.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/ip.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/sm.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.c
vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.h
vendor-crypto/openssl/0.9.8zf/demos/x509/mkcert.c
vendor-crypto/openssl/0.9.8zf/demos/x509/mkreq.c
vendor-crypto/openssl/0.9.8zf/doc/apps/ciphers.pod
vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_mode.pod
vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_options.pod
vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
vendor-crypto/openssl/0.9.8zf/e_os.h
vendor-crypto/openssl/0.9.8zf/e_os2.h
vendor-crypto/openssl/0.9.8zf/engines/e_4758cca.c
vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_aep.c
vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_atalla.c
vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_capi.c
vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_chil.c
vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_cswift.c
vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_gmp.c
vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_nuron.c
vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_sureware.c
vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.h
vendor-crypto/openssl/0.9.8zf/engines/e_ubsec.c
vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.c
vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/aep.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/atalla.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/cswift.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_4758_cca.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_ubsec.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hwcryptohook.h
vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/sureware.h
vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aes_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aesavs.c
vendor-crypto/openssl/0.9.8zf/fips/des/fips_des_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/des/fips_desmovs.c
vendor-crypto/openssl/0.9.8zf/fips/dh/dh_gen.c
vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_check.c
vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_gen.c
vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_key.c
vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_lib.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_gen.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_key.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_lib.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_ossl.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_sign.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsatest.c
vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dssvs.c
vendor-crypto/openssl/0.9.8zf/fips/fips.c
vendor-crypto/openssl/0.9.8zf/fips/fips.h
vendor-crypto/openssl/0.9.8zf/fips/fips_canister.c
vendor-crypto/openssl/0.9.8zf/fips/fips_locl.h
vendor-crypto/openssl/0.9.8zf/fips/fips_premain.c
vendor-crypto/openssl/0.9.8zf/fips/fips_test_suite.c
vendor-crypto/openssl/0.9.8zf/fips/fips_utl.h
vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac.c
vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmactest.c
vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.c
vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.h
vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/rand/fips_randtest.c
vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rngvs.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_eay.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_gen.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_lib.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_sign.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_x931g.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsagtest.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsastest.c
vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsavtest.c
vendor-crypto/openssl/0.9.8zf/fips/sha/fips_sha1_selftest.c
vendor-crypto/openssl/0.9.8zf/fips/sha/fips_shatest.c
vendor-crypto/openssl/0.9.8zf/fips/sha/fips_standalone_sha1.c
vendor-crypto/openssl/0.9.8zf/openssl.spec
vendor-crypto/openssl/0.9.8zf/ssl/bio_ssl.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_both.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_clnt.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_enc.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_lib.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_meth.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_pkt.c
vendor-crypto/openssl/0.9.8zf/ssl/d1_srvr.c
vendor-crypto/openssl/0.9.8zf/ssl/dtls1.h
vendor-crypto/openssl/0.9.8zf/ssl/kssl.c
vendor-crypto/openssl/0.9.8zf/ssl/kssl.h
vendor-crypto/openssl/0.9.8zf/ssl/kssl_lcl.h
vendor-crypto/openssl/0.9.8zf/ssl/s23_clnt.c
vendor-crypto/openssl/0.9.8zf/ssl/s23_lib.c
vendor-crypto/openssl/0.9.8zf/ssl/s23_meth.c
vendor-crypto/openssl/0.9.8zf/ssl/s23_pkt.c
vendor-crypto/openssl/0.9.8zf/ssl/s23_srvr.c
vendor-crypto/openssl/0.9.8zf/ssl/s2_clnt.c
vendor-crypto/openssl/0.9.8zf/ssl/s2_enc.c
vendor-crypto/openssl/0.9.8zf/ssl/s2_lib.c
vendor-crypto/openssl/0.9.8zf/ssl/s2_meth.c
vendor-crypto/openssl/0.9.8zf/ssl/s2_pkt.c
vendor-crypto/openssl/0.9.8zf/ssl/s2_srvr.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_both.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_cbc.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_clnt.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_enc.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_lib.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_meth.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_pkt.c
vendor-crypto/openssl/0.9.8zf/ssl/s3_srvr.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl-lib.com
vendor-crypto/openssl/0.9.8zf/ssl/ssl.h
vendor-crypto/openssl/0.9.8zf/ssl/ssl2.h
vendor-crypto/openssl/0.9.8zf/ssl/ssl23.h
vendor-crypto/openssl/0.9.8zf/ssl/ssl3.h
vendor-crypto/openssl/0.9.8zf/ssl/ssl_algs.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_asn1.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_cert.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_ciph.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_err.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_err2.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_lib.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_locl.h
vendor-crypto/openssl/0.9.8zf/ssl/ssl_rsa.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_sess.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_stat.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_task.c
vendor-crypto/openssl/0.9.8zf/ssl/ssl_txt.c
vendor-crypto/openssl/0.9.8zf/ssl/ssltest.c
vendor-crypto/openssl/0.9.8zf/ssl/t1_clnt.c
vendor-crypto/openssl/0.9.8zf/ssl/t1_enc.c
vendor-crypto/openssl/0.9.8zf/ssl/t1_lib.c
vendor-crypto/openssl/0.9.8zf/ssl/t1_meth.c
vendor-crypto/openssl/0.9.8zf/ssl/t1_reneg.c
vendor-crypto/openssl/0.9.8zf/ssl/t1_srvr.c
vendor-crypto/openssl/0.9.8zf/ssl/tls1.h
vendor-crypto/openssl/0.9.8zf/test/dummytest.c
vendor-crypto/openssl/0.9.8zf/test/igetest.c
vendor-crypto/openssl/0.9.8zf/test/methtest.c
vendor-crypto/openssl/0.9.8zf/test/r160test.c
vendor-crypto/openssl/0.9.8zf/util/ck_errf.pl
vendor-crypto/openssl/0.9.8zf/util/libeay.num
vendor-crypto/openssl/0.9.8zf/util/mk1mf.pl
vendor-crypto/openssl/0.9.8zf/util/mkerr.pl
Deleted: vendor-crypto/openssl/0.9.8zf/CHANGES
===================================================================
--- vendor-crypto/openssl/dist/CHANGES 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/CHANGES 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,8869 +0,0 @@
-
- OpenSSL CHANGES
- _______________
-
- Changes between 0.9.8zb and 0.9.8zc [15 Oct 2014]
-
- *) Session Ticket Memory Leak.
-
- When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
- integrity of that ticket is first verified. In the event of a session
- ticket integrity check failing, OpenSSL will fail to free memory
- causing a memory leak. By sending a large number of invalid session
- tickets an attacker could exploit this issue in a Denial Of Service
- attack.
- (CVE-2014-3567)
- [Steve Henson]
-
- *) Build option no-ssl3 is incomplete.
-
- When OpenSSL is configured with "no-ssl3" as a build option, servers
- could accept and complete a SSL 3.0 handshake, and clients could be
- configured to send them.
- (CVE-2014-3568)
- [Akamai and the OpenSSL team]
-
- *) Add support for TLS_FALLBACK_SCSV.
- Client applications doing fallback retries should call
- SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
- (CVE-2014-3566)
- [Adam Langley, Bodo Moeller]
-
- *) Add additional DigestInfo checks.
-
- Reencode DigestInto in DER and check against the original when
- verifying RSA signature: this will reject any improperly encoded
- DigestInfo structures.
-
- Note: this is a precautionary measure and no attacks are currently known.
-
- [Steve Henson]
-
- Changes between 0.9.8za and 0.9.8zb [6 Aug 2014]
-
- *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
- to a denial of service attack. A malicious server can crash the client
- with a null pointer dereference (read) by specifying an anonymous (EC)DH
- ciphersuite and sending carefully crafted handshake messages.
-
- Thanks to Felix Gr\xF6bert (Google) for discovering and researching this
- issue.
- (CVE-2014-3510)
- [Emilia K\xE4sper]
-
- *) By sending carefully crafted DTLS packets an attacker could cause openssl
- to leak memory. This can be exploited through a Denial of Service attack.
- Thanks to Adam Langley for discovering and researching this issue.
- (CVE-2014-3507)
- [Adam Langley]
-
- *) An attacker can force openssl to consume large amounts of memory whilst
- processing DTLS handshake messages. This can be exploited through a
- Denial of Service attack.
- Thanks to Adam Langley for discovering and researching this issue.
- (CVE-2014-3506)
- [Adam Langley]
-
- *) An attacker can force an error condition which causes openssl to crash
- whilst processing DTLS packets due to memory being freed twice. This
- can be exploited through a Denial of Service attack.
- Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
- this issue.
- (CVE-2014-3505)
- [Adam Langley]
-
- *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
- X509_name_oneline, X509_name_print_ex et al. to leak some information
- from the stack. Applications may be affected if they echo pretty printing
- output to the attacker.
-
- Thanks to Ivan Fratric (Google) for discovering this issue.
- (CVE-2014-3508)
- [Emilia K\xE4sper, and Steve Henson]
-
- *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
- for corner cases. (Certain input points at infinity could lead to
- bogus results, with non-infinity inputs mapped to infinity too.)
- [Bodo Moeller]
-
- Changes between 0.9.8y and 0.9.8za [5 Jun 2014]
-
- *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
- handshake can force the use of weak keying material in OpenSSL
- SSL/TLS clients and servers.
-
- Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
- researching this issue. (CVE-2014-0224)
- [KIKUCHI Masashi, Steve Henson]
-
- *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
- OpenSSL DTLS client the code can be made to recurse eventually crashing
- in a DoS attack.
-
- Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
- (CVE-2014-0221)
- [Imre Rad, Steve Henson]
-
- *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
- be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
- client or server. This is potentially exploitable to run arbitrary
- code on a vulnerable client or server.
-
- Thanks to J\xFCri Aedla for reporting this issue. (CVE-2014-0195)
- [J\xFCri Aedla, Steve Henson]
-
- *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
- are subject to a denial of service attack.
-
- Thanks to Felix Gr\xF6bert and Ivan Fratric at Google for discovering
- this issue. (CVE-2014-3470)
- [Felix Gr\xF6bert, Ivan Fratric, Steve Henson]
-
- *) Fix for the attack described in the paper "Recovering OpenSSL
- ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
- by Yuval Yarom and Naomi Benger. Details can be obtained from:
- http://eprint.iacr.org/2014/140
-
- Thanks to Yuval Yarom and Naomi Benger for discovering this
- flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
- [Yuval Yarom and Naomi Benger]
-
- Thanks to mancha for backporting the fix to the 0.9.8 branch.
-
- *) Fix handling of warning-level alerts in SSL23 client mode so they
- don't cause client-side termination (eg. on SNI unrecognized_name
- warnings). Add client and server support for six additional alerts
- per RFC 6066 and RFC 4279.
- [mancha]
-
- *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
- avoids preferring ECDHE-ECDSA ciphers when the client appears to be
- Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
- several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
- is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
- 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
- [Rob Stradling, Adam Langley]
-
- Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
-
- *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
-
- This addresses the flaw in CBC record processing discovered by
- Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
- at: http://www.isg.rhul.ac.uk/tls/
-
- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
- Security Group at Royal Holloway, University of London
- (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
- Emilia K\xE4sper for the initial patch.
- (CVE-2013-0169)
- [Emilia K\xE4sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
-
- *) Return an error when checking OCSP signatures when key is NULL.
- This fixes a DoS attack. (CVE-2013-0166)
- [Steve Henson]
-
- *) Call OCSP Stapling callback after ciphersuite has been chosen, so
- the right response is stapled. Also change SSL_get_certificate()
- so it returns the certificate actually sent.
- See http://rt.openssl.org/Ticket/Display.html?id=2836.
- (This is a backport)
- [Rob Stradling <rob.stradling at comodo.com>]
-
- *) Fix possible deadlock when decoding public keys.
- [Steve Henson]
-
- Changes between 0.9.8w and 0.9.8x [10 May 2012]
-
- *) Sanity check record length before skipping explicit IV in DTLS
- to fix DoS attack.
-
- Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
- fuzzing as a service testing platform.
- (CVE-2012-2333)
- [Steve Henson]
-
- *) Initialise tkeylen properly when encrypting CMS messages.
- Thanks to Solar Designer of Openwall for reporting this issue.
- [Steve Henson]
-
- Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
-
- *) The fix for CVE-2012-2110 did not take into account that the
- 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
- int in OpenSSL 0.9.8, making it still vulnerable. Fix by
- rejecting negative len parameter. (CVE-2012-2131)
- [Tomas Hoger <thoger at redhat.com>]
-
- Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
-
- *) Check for potentially exploitable overflows in asn1_d2i_read_bio
- BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
- in CRYPTO_realloc_clean.
-
- Thanks to Tavis Ormandy, Google Security Team, for discovering this
- issue and to Adam Langley <agl at chromium.org> for fixing it.
- (CVE-2012-2110)
- [Adam Langley (Google), Tavis Ormandy, Google Security Team]
-
- Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
-
- *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
- in CMS and PKCS7 code. When RSA decryption fails use a random key for
- content decryption and always return the same error. Note: this attack
- needs on average 2^20 messages so it only affects automated senders. The
- old behaviour can be reenabled in the CMS code by setting the
- CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
- an MMA defence is not necessary.
- Thanks to Ivan Nestlerode <inestlerode at us.ibm.com> for discovering
- this issue. (CVE-2012-0884)
- [Steve Henson]
-
- *) Fix CVE-2011-4619: make sure we really are receiving a
- client hello before rejecting multiple SGC restarts. Thanks to
- Ivan Nestlerode <inestlerode at us.ibm.com> for discovering this bug.
- [Steve Henson]
-
- Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
-
- *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
- Thanks to Antonio Martin, Enterprise Secure Access Research and
- Development, Cisco Systems, Inc. for discovering this bug and
- preparing a fix. (CVE-2012-0050)
- [Antonio Martin]
-
- Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
-
- *) Nadhem Alfardan and Kenny Paterson have discovered an extension
- of the Vaudenay padding oracle attack on CBC mode encryption
- which enables an efficient plaintext recovery attack against
- the OpenSSL implementation of DTLS. Their attack exploits timing
- differences arising during decryption processing. A research
- paper describing this attack can be found at:
- http://www.isg.rhul.ac.uk/~kp/dtls.pdf
- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
- Security Group at Royal Holloway, University of London
- (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
- <seggelmann at fh-muenster.de> and Michael Tuexen <tuexen at fh-muenster.de>
- for preparing the fix. (CVE-2011-4108)
- [Robin Seggelmann, Michael Tuexen]
-
- *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
- [Ben Laurie, Kasper <ekasper at google.com>]
-
- *) Clear bytes used for block padding of SSL 3.0 records.
- (CVE-2011-4576)
- [Adam Langley (Google)]
-
- *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
- Kadianakis <desnacked at gmail.com> for discovering this issue and
- Adam Langley for preparing the fix. (CVE-2011-4619)
- [Adam Langley (Google)]
-
- *) Prevent malformed RFC3779 data triggering an assertion failure.
- Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
- and Rob Austein <sra at hactrn.net> for fixing it. (CVE-2011-4577)
- [Rob Austein <sra at hactrn.net>]
-
- *) Fix ssl_ciph.c set-up race.
- [Adam Langley (Google)]
-
- *) Fix spurious failures in ecdsatest.c.
- [Emilia K\xE4sper (Google)]
-
- *) Fix the BIO_f_buffer() implementation (which was mixing different
- interpretations of the '..._len' fields).
- [Adam Langley (Google)]
-
- *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
- BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
- threads won't reuse the same blinding coefficients.
-
- This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
- lock to call BN_BLINDING_invert_ex, and avoids one use of
- BN_BLINDING_update for each BN_BLINDING structure (previously,
- the last update always remained unused).
- [Emilia K\xE4sper (Google)]
-
- *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
- for multi-threaded use of ECDH.
- [Adam Langley (Google)]
-
- *) Fix x509_name_ex_d2i memory leak on bad inputs.
- [Bodo Moeller]
-
- *) Add protection against ECDSA timing attacks as mentioned in the paper
- by Billy Bob Brumley and Nicola Tuveri, see:
-
- http://eprint.iacr.org/2011/232.pdf
-
- [Billy Bob Brumley and Nicola Tuveri]
-
- Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
-
- *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
- [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
-
- *) Fix bug in string printing code: if *any* escaping is enabled we must
- escape the escape character (backslash) or the resulting string is
- ambiguous.
- [Steve Henson]
-
- Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
-
- *) Disable code workaround for ancient and obsolete Netscape browsers
- and servers: an attacker can use it in a ciphersuite downgrade attack.
- Thanks to Martin Rex for discovering this bug. CVE-2010-4180
- [Steve Henson]
-
- *) Fixed J-PAKE implementation error, originally discovered by
- Sebastien Martini, further info and confirmation from Stefan
- Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
- [Ben Laurie]
-
- Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
-
- *) Fix extension code to avoid race conditions which can result in a buffer
- overrun vulnerability: resumed sessions must not be modified as they can
- be shared by multiple threads. CVE-2010-3864
- [Steve Henson]
-
- *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
- [Steve Henson]
-
- *) Don't reencode certificate when calculating signature: cache and use
- the original encoding instead. This makes signature verification of
- some broken encodings work correctly.
- [Steve Henson]
-
- *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
- is also one of the inputs.
- [Emilia K\xE4sper <emilia.kasper at esat.kuleuven.be> (Google)]
-
- *) Don't repeatedly append PBE algorithms to table if they already exist.
- Sort table on each new add. This effectively makes the table read only
- after all algorithms are added and subsequent calls to PKCS12_pbe_add
- etc are non-op.
- [Steve Henson]
-
- Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
-
- [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
- OpenSSL 1.0.0.]
-
- *) Correct a typo in the CMS ASN1 module which can result in invalid memory
- access or freeing data twice (CVE-2010-0742)
- [Steve Henson, Ronald Moesbergen <intercommit at gmail.com>]
-
- *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
- common in certificates and some applications which only call
- SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
- [Steve Henson]
-
- *) VMS fixes:
- Reduce copying into .apps and .test in makevms.com
- Don't try to use blank CA certificate in CA.com
- Allow use of C files from original directories in maketests.com
- [Steven M. Schweda" <sms at antinode.info>]
-
- Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
-
- *) When rejecting SSL/TLS records due to an incorrect version number, never
- update s->server with a new major version number. As of
- - OpenSSL 0.9.8m if 'short' is a 16-bit type,
- - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
- the previous behavior could result in a read attempt at NULL when
- receiving specific incorrect SSL/TLS records once record payload
- protection is active. (CVE-2010-0740)
- [Bodo Moeller, Adam Langley <agl at chromium.org>]
-
- *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
- could be crashed if the relevant tables were not present (e.g. chrooted).
- [Tomas Hoger <thoger at redhat.com>]
-
- Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
-
- *) Always check bn_wexpend() return values for failure. (CVE-2009-3245)
- [Martin Olsson, Neel Mehta]
-
- *) Fix X509_STORE locking: Every 'objs' access requires a lock (to
- accommodate for stack sorting, always a write lock!).
- [Bodo Moeller]
-
- *) On some versions of WIN32 Heap32Next is very slow. This can cause
- excessive delays in the RAND_poll(): over a minute. As a workaround
- include a time check in the inner Heap32Next loop too.
- [Steve Henson]
-
- *) The code that handled flushing of data in SSL/TLS originally used the
- BIO_CTRL_INFO ctrl to see if any data was pending first. This caused
- the problem outlined in PR#1949. The fix suggested there however can
- trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions
- of Apache). So instead simplify the code to flush unconditionally.
- This should be fine since flushing with no data to flush is a no op.
- [Steve Henson]
-
- *) Handle TLS versions 2.0 and later properly and correctly use the
- highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
- off ancient servers have a habit of sticking around for a while...
- [Steve Henson]
-
- *) Modify compression code so it frees up structures without using the
- ex_data callbacks. This works around a problem where some applications
- call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when
- restarting) then use compression (e.g. SSL with compression) later.
- This results in significant per-connection memory leaks and
- has caused some security issues including CVE-2008-1678 and
- CVE-2009-4355.
- [Steve Henson]
-
- *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
- change when encrypting or decrypting.
- [Bodo Moeller]
-
- *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
- connect and renegotiate with servers which do not support RI.
- Until RI is more widely deployed this option is enabled by default.
- [Steve Henson]
-
- *) Add "missing" ssl ctrls to clear options and mode.
- [Steve Henson]
-
- *) If client attempts to renegotiate and doesn't support RI respond with
- a no_renegotiation alert as required by RFC5746. Some renegotiating
- TLS clients will continue a connection gracefully when they receive
- the alert. Unfortunately OpenSSL mishandled this alert and would hang
- waiting for a server hello which it will never receive. Now we treat a
- received no_renegotiation alert as a fatal error. This is because
- applications requesting a renegotiation might well expect it to succeed
- and would have no code in place to handle the server denying it so the
- only safe thing to do is to terminate the connection.
- [Steve Henson]
-
- *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
- peer supports secure renegotiation and 0 otherwise. Print out peer
- renegotiation support in s_client/s_server.
- [Steve Henson]
-
- *) Replace the highly broken and deprecated SPKAC certification method with
- the updated NID creation version. This should correctly handle UTF8.
- [Steve Henson]
-
- *) Implement RFC5746. Re-enable renegotiation but require the extension
- as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
- turns out to be a bad idea. It has been replaced by
- SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
- SSL_CTX_set_options(). This is really not recommended unless you
- know what you are doing.
- [Eric Rescorla <ekr at networkresonance.com>, Ben Laurie, Steve Henson]
-
- *) Fixes to stateless session resumption handling. Use initial_ctx when
- issuing and attempting to decrypt tickets in case it has changed during
- servername handling. Use a non-zero length session ID when attempting
- stateless session resumption: this makes it possible to determine if
- a resumption has occurred immediately after receiving server hello
- (several places in OpenSSL subtly assume this) instead of later in
- the handshake.
- [Steve Henson]
-
- *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
- CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
- fixes for a few places where the return code is not checked
- correctly.
- [Julia Lawall <julia at diku.dk>]
-
- *) Add --strict-warnings option to Configure script to include devteam
- warnings in other configurations.
- [Steve Henson]
-
- *) Add support for --libdir option and LIBDIR variable in makefiles. This
- makes it possible to install openssl libraries in locations which
- have names other than "lib", for example "/usr/lib64" which some
- systems need.
- [Steve Henson, based on patch from Jeremy Utley]
-
- *) Don't allow the use of leading 0x80 in OIDs. This is a violation of
- X690 8.9.12 and can produce some misleading textual output of OIDs.
- [Steve Henson, reported by Dan Kaminsky]
-
- *) Delete MD2 from algorithm tables. This follows the recommendation in
- several standards that it is not used in new applications due to
- several cryptographic weaknesses. For binary compatibility reasons
- the MD2 API is still compiled in by default.
- [Steve Henson]
-
- *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
- and restored.
- [Steve Henson]
-
- *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
- OPENSSL_asc2uni conditionally on Netware platforms to avoid a name
- clash.
- [Guenter <lists at gknw.net>]
-
- *) Fix the server certificate chain building code to use X509_verify_cert(),
- it used to have an ad-hoc builder which was unable to cope with anything
- other than a simple chain.
- [David Woodhouse <dwmw2 at infradead.org>, Steve Henson]
-
- *) Don't check self signed certificate signatures in X509_verify_cert()
- by default (a flag can override this): it just wastes time without
- adding any security. As a useful side effect self signed root CAs
- with non-FIPS digests are now usable in FIPS mode.
- [Steve Henson]
-
- *) In dtls1_process_out_of_seq_message() the check if the current message
- is already buffered was missing. For every new message was memory
- allocated, allowing an attacker to perform an denial of service attack
- with sending out of seq handshake messages until there is no memory
- left. Additionally every future messege was buffered, even if the
- sequence number made no sense and would be part of another handshake.
- So only messages with sequence numbers less than 10 in advance will be
- buffered. (CVE-2009-1378)
- [Robin Seggelmann, discovered by Daniel Mentz]
-
- *) Records are buffered if they arrive with a future epoch to be
- processed after finishing the corresponding handshake. There is
- currently no limitation to this buffer allowing an attacker to perform
- a DOS attack with sending records with future epochs until there is no
- memory left. This patch adds the pqueue_size() function to detemine
- the size of a buffer and limits the record buffer to 100 entries.
- (CVE-2009-1377)
- [Robin Seggelmann, discovered by Daniel Mentz]
-
- *) Keep a copy of frag->msg_header.frag_len so it can be used after the
- parent structure is freed. (CVE-2009-1379)
- [Daniel Mentz]
-
- *) Handle non-blocking I/O properly in SSL_shutdown() call.
- [Darryl Miles <darryl-mailinglists at netbauds.net>]
-
- *) Add 2.5.4.* OIDs
- [Ilya O. <vrghost at gmail.com>]
-
- Changes between 0.9.8k and 0.9.8l [5 Nov 2009]
-
- *) Disable renegotiation completely - this fixes a severe security
- problem (CVE-2009-3555) at the cost of breaking all
- renegotiation. Renegotiation can be re-enabled by setting
- SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
- run-time. This is really not recommended unless you know what
- you're doing.
- [Ben Laurie]
-
- Changes between 0.9.8j and 0.9.8k [25 Mar 2009]
-
- *) Don't set val to NULL when freeing up structures, it is freed up by
- underlying code. If sizeof(void *) > sizeof(long) this can result in
- zeroing past the valid field. (CVE-2009-0789)
- [Paolo Ganci <Paolo.Ganci at AdNovum.CH>]
-
- *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
- checked correctly. This would allow some invalid signed attributes to
- appear to verify correctly. (CVE-2009-0591)
- [Ivan Nestlerode <inestlerode at us.ibm.com>]
-
- *) Reject UniversalString and BMPString types with invalid lengths. This
- prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
- a legal length. (CVE-2009-0590)
- [Steve Henson]
-
- *) Set S/MIME signing as the default purpose rather than setting it
- unconditionally. This allows applications to override it at the store
- level.
- [Steve Henson]
-
- *) Permit restricted recursion of ASN1 strings. This is needed in practice
- to handle some structures.
- [Steve Henson]
-
- *) Improve efficiency of mem_gets: don't search whole buffer each time
- for a '\n'
- [Jeremy Shapiro <jnshapir at us.ibm.com>]
-
- *) New -hex option for openssl rand.
- [Matthieu Herrb]
-
- *) Print out UTF8String and NumericString when parsing ASN1.
- [Steve Henson]
-
- *) Support NumericString type for name components.
- [Steve Henson]
-
- *) Allow CC in the environment to override the automatically chosen
- compiler. Note that nothing is done to ensure flags work with the
- chosen compiler.
- [Ben Laurie]
-
- Changes between 0.9.8i and 0.9.8j [07 Jan 2009]
-
- *) Properly check EVP_VerifyFinal() and similar return values
- (CVE-2008-5077).
- [Ben Laurie, Bodo Moeller, Google Security Team]
-
- *) Enable TLS extensions by default.
- [Ben Laurie]
-
- *) Allow the CHIL engine to be loaded, whether the application is
- multithreaded or not. (This does not release the developer from the
- obligation to set up the dynamic locking callbacks.)
- [Sander Temme <sander at temme.net>]
-
- *) Use correct exit code if there is an error in dgst command.
- [Steve Henson; problem pointed out by Roland Dirlewanger]
-
- *) Tweak Configure so that you need to say "experimental-jpake" to enable
- JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
- [Bodo Moeller]
-
- *) Add experimental JPAKE support, including demo authentication in
- s_client and s_server.
- [Ben Laurie]
-
- *) Set the comparison function in v3_addr_canonize().
- [Rob Austein <sra at hactrn.net>]
-
- *) Add support for XMPP STARTTLS in s_client.
- [Philip Paeps <philip at freebsd.org>]
-
- *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
- to ensure that even with this option, only ciphersuites in the
- server's preference list will be accepted. (Note that the option
- applies only when resuming a session, so the earlier behavior was
- just about the algorithm choice for symmetric cryptography.)
- [Bodo Moeller]
-
- Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
-
- *) Fix NULL pointer dereference if a DTLS server received
- ChangeCipherSpec as first record (CVE-2009-1386).
- [PR #1679]
-
- *) Fix a state transitition in s3_srvr.c and d1_srvr.c
- (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
- [Nagendra Modadugu]
-
- *) The fix in 0.9.8c that supposedly got rid of unsafe
- double-checked locking was incomplete for RSA blinding,
- addressing just one layer of what turns out to have been
- doubly unsafe triple-checked locking.
-
- So now fix this for real by retiring the MONT_HELPER macro
- in crypto/rsa/rsa_eay.c.
-
- [Bodo Moeller; problem pointed out by Marius Schilder]
-
- *) Various precautionary measures:
-
- - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
-
- - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
- (NB: This would require knowledge of the secret session ticket key
- to exploit, in which case you'd be SOL either way.)
-
- - Change bn_nist.c so that it will properly handle input BIGNUMs
- outside the expected range.
-
- - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
- builds.
-
- [Neel Mehta, Bodo Moeller]
-
- *) Allow engines to be "soft loaded" - i.e. optionally don't die if
- the load fails. Useful for distros.
- [Ben Laurie and the FreeBSD team]
-
- *) Add support for Local Machine Keyset attribute in PKCS#12 files.
- [Steve Henson]
-
- *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
- [Huang Ying]
-
- *) Expand ENGINE to support engine supplied SSL client certificate functions.
-
- This work was sponsored by Logica.
- [Steve Henson]
-
- *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
- keystores. Support for SSL/TLS client authentication too.
- Not compiled unless enable-capieng specified to Configure.
-
- This work was sponsored by Logica.
- [Steve Henson]
-
- *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
- ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
- attribute creation routines such as certifcate requests and PKCS#12
- files.
- [Steve Henson]
-
- Changes between 0.9.8g and 0.9.8h [28 May 2008]
-
- *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
- handshake which could lead to a cilent crash as found using the
- Codenomicon TLS test suite (CVE-2008-1672)
- [Steve Henson, Mark Cox]
-
- *) Fix double free in TLS server name extensions which could lead to
- a remote crash found by Codenomicon TLS test suite (CVE-2008-0891)
- [Joe Orton]
-
- *) Clear error queue in SSL_CTX_use_certificate_chain_file()
-
- Clear the error queue to ensure that error entries left from
- older function calls do not interfere with the correct operation.
- [Lutz Jaenicke, Erik de Castro Lopo]
-
- *) Remove root CA certificates of commercial CAs:
-
- The OpenSSL project does not recommend any specific CA and does not
- have any policy with respect to including or excluding any CA.
- Therefore it does not make any sense to ship an arbitrary selection
- of root CA certificates with the OpenSSL software.
- [Lutz Jaenicke]
-
- *) RSA OAEP patches to fix two separate invalid memory reads.
- The first one involves inputs when 'lzero' is greater than
- 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
- before the beginning of from). The second one involves inputs where
- the 'db' section contains nothing but zeroes (there is a one-byte
- invalid read after the end of 'db').
- [Ivan Nestlerode <inestlerode at us.ibm.com>]
-
- *) Partial backport from 0.9.9-dev:
-
- Introduce bn_mul_mont (dedicated Montgomery multiplication
- procedure) as a candidate for BIGNUM assembler implementation.
- While 0.9.9-dev uses assembler for various architectures, only
- x86_64 is available by default here in the 0.9.8 branch, and
- 32-bit x86 is available through a compile-time setting.
-
- To try the 32-bit x86 assembler implementation, use Configure
- option "enable-montasm" (which exists only for this backport).
-
- As "enable-montasm" for 32-bit x86 disclaims code stability
- anyway, in this constellation we activate additional code
- backported from 0.9.9-dev for further performance improvements,
- namely BN_from_montgomery_word. (To enable this otherwise,
- e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".)
-
- [Andy Polyakov (backport partially by Bodo Moeller)]
-
- *) Add TLS session ticket callback. This allows an application to set
- TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
- values. This is useful for key rollover for example where several key
- sets may exist with different names.
- [Steve Henson]
-
- *) Reverse ENGINE-internal logic for caching default ENGINE handles.
- This was broken until now in 0.9.8 releases, such that the only way
- a registered ENGINE could be used (assuming it initialises
- successfully on the host) was to explicitly set it as the default
- for the relevant algorithms. This is in contradiction with 0.9.7
- behaviour and the documentation. With this fix, when an ENGINE is
- registered into a given algorithm's table of implementations, the
- 'uptodate' flag is reset so that auto-discovery will be used next
- time a new context for that algorithm attempts to select an
- implementation.
- [Ian Lister (tweaked by Geoff Thorpe)]
-
- *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
- implemention in the following ways:
-
- Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
- hard coded.
-
- Lack of BER streaming support means one pass streaming processing is
- only supported if data is detached: setting the streaming flag is
- ignored for embedded content.
-
- CMS support is disabled by default and must be explicitly enabled
- with the enable-cms configuration option.
- [Steve Henson]
-
- *) Update the GMP engine glue to do direct copies between BIGNUM and
- mpz_t when openssl and GMP use the same limb size. Otherwise the
- existing "conversion via a text string export" trick is still used.
- [Paul Sheer <paulsheer at gmail.com>]
-
- *) Zlib compression BIO. This is a filter BIO which compressed and
- uncompresses any data passed through it.
- [Steve Henson]
-
- *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
- RFC3394 compatible AES key wrapping.
- [Steve Henson]
-
- *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
- sets string data without copying. X509_ALGOR_set0() and
- X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
- data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
- from an X509_ATTRIBUTE structure optionally checking it occurs only
- once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
- data.
- [Steve Henson]
-
- *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
- to get the expected BN_FLG_CONSTTIME behavior.
- [Bodo Moeller (Google)]
-
- *) Netware support:
-
- - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
- - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
- - added some more tests to do_tests.pl
- - fixed RunningProcess usage so that it works with newer LIBC NDKs too
- - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
- - added new Configure targets netware-clib-bsdsock, netware-clib-gcc,
- netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
- - various changes to netware.pl to enable gcc-cross builds on Win32
- platform
- - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
- - various changes to fix missing prototype warnings
- - fixed x86nasm.pl to create correct asm files for NASM COFF output
- - added AES, WHIRLPOOL and CPUID assembler code to build files
- - added missing AES assembler make rules to mk1mf.pl
- - fixed order of includes in apps/ocsp.c so that e_os.h settings apply
- [Guenter Knauf <eflash at gmx.net>]
-
- *) Implement certificate status request TLS extension defined in RFC3546.
- A client can set the appropriate parameters and receive the encoded
- OCSP response via a callback. A server can query the supplied parameters
- and set the encoded OCSP response in the callback. Add simplified examples
- to s_client and s_server.
- [Steve Henson]
-
- Changes between 0.9.8f and 0.9.8g [19 Oct 2007]
-
- *) Fix various bugs:
- + Binary incompatibility of ssl_ctx_st structure
- + DTLS interoperation with non-compliant servers
- + Don't call get_session_cb() without proposed session
- + Fix ia64 assembler code
- [Andy Polyakov, Steve Henson]
-
- Changes between 0.9.8e and 0.9.8f [11 Oct 2007]
-
- *) DTLS Handshake overhaul. There were longstanding issues with
- OpenSSL DTLS implementation, which were making it impossible for
- RFC 4347 compliant client to communicate with OpenSSL server.
- Unfortunately just fixing these incompatibilities would "cut off"
- pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e
- server keeps tolerating non RFC compliant syntax. The opposite is
- not true, 0.9.8f client can not communicate with earlier server.
- This update even addresses CVE-2007-4995.
- [Andy Polyakov]
-
- *) Changes to avoid need for function casts in OpenSSL: some compilers
- (gcc 4.2 and later) reject their use.
- [Kurt Roeckx <kurt at roeckx.be>, Peter Hartley <pdh at utter.chaos.org.uk>,
- Steve Henson]
-
- *) Add RFC4507 support to OpenSSL. This includes the corrections in
- RFC4507bis. The encrypted ticket format is an encrypted encoded
- SSL_SESSION structure, that way new session features are automatically
- supported.
-
- If a client application caches session in an SSL_SESSION structure
- support is transparent because tickets are now stored in the encoded
- SSL_SESSION.
-
- The SSL_CTX structure automatically generates keys for ticket
- protection in servers so again support should be possible
- with no application modification.
-
- If a client or server wishes to disable RFC4507 support then the option
- SSL_OP_NO_TICKET can be set.
-
- Add a TLS extension debugging callback to allow the contents of any client
- or server extensions to be examined.
-
- This work was sponsored by Google.
- [Steve Henson]
-
- *) Add initial support for TLS extensions, specifically for the server_name
- extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
- have new members for a host name. The SSL data structure has an
- additional member SSL_CTX *initial_ctx so that new sessions can be
- stored in that context to allow for session resumption, even after the
- SSL has been switched to a new SSL_CTX in reaction to a client's
- server_name extension.
-
- New functions (subject to change):
-
- SSL_get_servername()
- SSL_get_servername_type()
- SSL_set_SSL_CTX()
-
- New CTRL codes and macros (subject to change):
-
- SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
- - SSL_CTX_set_tlsext_servername_callback()
- SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
- - SSL_CTX_set_tlsext_servername_arg()
- SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_host_name()
-
- openssl s_client has a new '-servername ...' option.
-
- openssl s_server has new options '-servername_host ...', '-cert2 ...',
- '-key2 ...', '-servername_fatal' (subject to change). This allows
- testing the HostName extension for a specific single host name ('-cert'
- and '-key' remain fallbacks for handshakes without HostName
- negotiation). If the unrecogninzed_name alert has to be sent, this by
- default is a warning; it becomes fatal with the '-servername_fatal'
- option.
-
- [Peter Sylvester, Remy Allais, Christophe Renou, Steve Henson]
-
- *) Add AES and SSE2 assembly language support to VC++ build.
- [Steve Henson]
-
- *) Mitigate attack on final subtraction in Montgomery reduction.
- [Andy Polyakov]
-
- *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
- (which previously caused an internal error).
- [Bodo Moeller]
-
- *) Squeeze another 10% out of IGE mode when in != out.
- [Ben Laurie]
-
- *) AES IGE mode speedup.
- [Dean Gaudet (Google)]
-
- *) Add the Korean symmetric 128-bit cipher SEED (see
- http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and
- add SEED ciphersuites from RFC 4162:
-
- TLS_RSA_WITH_SEED_CBC_SHA = "SEED-SHA"
- TLS_DHE_DSS_WITH_SEED_CBC_SHA = "DHE-DSS-SEED-SHA"
- TLS_DHE_RSA_WITH_SEED_CBC_SHA = "DHE-RSA-SEED-SHA"
- TLS_DH_anon_WITH_SEED_CBC_SHA = "ADH-SEED-SHA"
-
- To minimize changes between patchlevels in the OpenSSL 0.9.8
- series, SEED remains excluded from compilation unless OpenSSL
- is configured with 'enable-seed'.
- [KISA, Bodo Moeller]
-
- *) Mitigate branch prediction attacks, which can be practical if a
- single processor is shared, allowing a spy process to extract
- information. For detailed background information, see
- http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron,
- J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL
- and Necessary Software Countermeasures"). The core of the change
- are new versions BN_div_no_branch() and
- BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(),
- respectively, which are slower, but avoid the security-relevant
- conditional branches. These are automatically called by BN_div()
- and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one
- of the input BIGNUMs. Also, BN_is_bit_set() has been changed to
- remove a conditional branch.
-
- BN_FLG_CONSTTIME is the new name for the previous
- BN_FLG_EXP_CONSTTIME flag, since it now affects more than just
- modular exponentiation. (Since OpenSSL 0.9.7h, setting this flag
- in the exponent causes BN_mod_exp_mont() to use the alternative
- implementation in BN_mod_exp_mont_consttime().) The old name
- remains as a deprecated alias.
-
- Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
- RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
- constant-time implementations for more than just exponentiation.
- Here too the old name is kept as a deprecated alias.
-
- BN_BLINDING_new() will now use BN_dup() for the modulus so that
- the BN_BLINDING structure gets an independent copy of the
- modulus. This means that the previous "BIGNUM *m" argument to
- BN_BLINDING_new() and to BN_BLINDING_create_param() now
- essentially becomes "const BIGNUM *m", although we can't actually
- change this in the header file before 0.9.9. It allows
- RSA_setup_blinding() to use BN_with_flags() on the modulus to
- enable BN_FLG_CONSTTIME.
-
- [Matthew D Wood (Intel Corp)]
-
- *) In the SSL/TLS server implementation, be strict about session ID
- context matching (which matters if an application uses a single
- external cache for different purposes). Previously,
- out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
- set. This did ensure strict client verification, but meant that,
- with applications using a single external cache for quite
- different requirements, clients could circumvent ciphersuite
- restrictions for a given session ID context by starting a session
- in a different context.
- [Bodo Moeller]
-
- *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
- a ciphersuite string such as "DEFAULT:RSA" cannot enable
- authentication-only ciphersuites.
- [Bodo Moeller]
-
- *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was
- not complete and could lead to a possible single byte overflow
- (CVE-2007-5135) [Ben Laurie]
-
- Changes between 0.9.8d and 0.9.8e [23 Feb 2007]
-
- *) Since AES128 and AES256 (and similarly Camellia128 and
- Camellia256) share a single mask bit in the logic of
- ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
- kludge to work properly if AES128 is available and AES256 isn't
- (or if Camellia128 is available and Camellia256 isn't).
- [Victor Duchovni]
-
- *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c
- (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):
- When a point or a seed is encoded in a BIT STRING, we need to
- prevent the removal of trailing zero bits to get the proper DER
- encoding. (By default, crypto/asn1/a_bitstr.c assumes the case
- of a NamedBitList, for which trailing 0 bits need to be removed.)
- [Bodo Moeller]
-
- *) Have SSL/TLS server implementation tolerate "mismatched" record
- protocol version while receiving ClientHello even if the
- ClientHello is fragmented. (The server can't insist on the
- particular protocol version it has chosen before the ServerHello
- message has informed the client about his choice.)
- [Bodo Moeller]
-
- *) Add RFC 3779 support.
- [Rob Austein for ARIN, Ben Laurie]
-
- *) Load error codes if they are not already present instead of using a
- static variable. This allows them to be cleanly unloaded and reloaded.
- Improve header file function name parsing.
- [Steve Henson]
-
- *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
- or CAPABILITY handshake as required by RFCs.
- [Goetz Babin-Ebell]
-
- Changes between 0.9.8c and 0.9.8d [28 Sep 2006]
-
- *) Introduce limits to prevent malicious keys being able to
- cause a denial of service. (CVE-2006-2940)
- [Steve Henson, Bodo Moeller]
-
- *) Fix ASN.1 parsing of certain invalid structures that can result
- in a denial of service. (CVE-2006-2937) [Steve Henson]
-
- *) Fix buffer overflow in SSL_get_shared_ciphers() function.
- (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
-
- *) Fix SSL client code which could crash if connecting to a
- malicious SSLv2 server. (CVE-2006-4343)
- [Tavis Ormandy and Will Drewry, Google Security Team]
-
- *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
- match only those. Before that, "AES256-SHA" would be interpreted
- as a pattern and match "AES128-SHA" too (since AES128-SHA got
- the same strength classification in 0.9.7h) as we currently only
- have a single AES bit in the ciphersuite description bitmap.
- That change, however, also applied to ciphersuite strings such as
- "RC4-MD5" that intentionally matched multiple ciphersuites --
- namely, SSL 2.0 ciphersuites in addition to the more common ones
- from SSL 3.0/TLS 1.0.
-
- So we change the selection algorithm again: Naming an explicit
- ciphersuite selects this one ciphersuite, and any other similar
- ciphersuite (same bitmap) from *other* protocol versions.
- Thus, "RC4-MD5" again will properly select both the SSL 2.0
- ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
-
- Since SSL 2.0 does not have any ciphersuites for which the
- 128/256 bit distinction would be relevant, this works for now.
- The proper fix will be to use different bits for AES128 and
- AES256, which would have avoided the problems from the beginning;
- however, bits are scarce, so we can only do this in a new release
- (not just a patchlevel) when we can change the SSL_CIPHER
- definition to split the single 'unsigned long mask' bitmap into
- multiple values to extend the available space.
-
- [Bodo Moeller]
-
- Changes between 0.9.8b and 0.9.8c [05 Sep 2006]
-
- *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
- (CVE-2006-4339) [Ben Laurie and Google Security Team]
-
- *) Add AES IGE and biIGE modes.
- [Ben Laurie]
-
- *) Change the Unix randomness entropy gathering to use poll() when
- possible instead of select(), since the latter has some
- undesirable limitations.
- [Darryl Miles via Richard Levitte and Bodo Moeller]
-
- *) Disable "ECCdraft" ciphersuites more thoroughly. Now special
- treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
- cannot be implicitly activated as part of, e.g., the "AES" alias.
- However, please upgrade to OpenSSL 0.9.9[-dev] for
- non-experimental use of the ECC ciphersuites to get TLS extension
- support, which is required for curve and point format negotiation
- to avoid potential handshake problems.
- [Bodo Moeller]
-
- *) Disable rogue ciphersuites:
-
- - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
-
- The latter two were purportedly from
- draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
- appear there.
-
- Also deactivate the remaining ciphersuites from
- draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
- unofficial, and the ID has long expired.
- [Bodo Moeller]
-
- *) Fix RSA blinding Heisenbug (problems sometimes occured on
- dual-core machines) and other potential thread-safety issues.
- [Bodo Moeller]
-
- *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
- versions), which is now available for royalty-free use
- (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
- Also, add Camellia TLS ciphersuites from RFC 4132.
-
- To minimize changes between patchlevels in the OpenSSL 0.9.8
- series, Camellia remains excluded from compilation unless OpenSSL
- is configured with 'enable-camellia'.
- [NTT]
-
- *) Disable the padding bug check when compression is in use. The padding
- bug check assumes the first packet is of even length, this is not
- necessarily true if compresssion is enabled and can result in false
- positives causing handshake failure. The actual bug test is ancient
- code so it is hoped that implementations will either have fixed it by
- now or any which still have the bug do not support compression.
- [Steve Henson]
-
- Changes between 0.9.8a and 0.9.8b [04 May 2006]
-
- *) When applying a cipher rule check to see if string match is an explicit
- cipher suite and only match that one cipher suite if it is.
- [Steve Henson]
-
- *) Link in manifests for VC++ if needed.
- [Austin Ziegler <halostatue at gmail.com>]
-
- *) Update support for ECC-based TLS ciphersuites according to
- draft-ietf-tls-ecc-12.txt with proposed changes (but without
- TLS extensions, which are supported starting with the 0.9.9
- branch, not in the OpenSSL 0.9.8 branch).
- [Douglas Stebila]
-
- *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
- opaque EVP_CIPHER_CTX handling.
- [Steve Henson]
-
- *) Fixes and enhancements to zlib compression code. We now only use
- "zlib1.dll" and use the default __cdecl calling convention on Win32
- to conform with the standards mentioned here:
- http://www.zlib.net/DLL_FAQ.txt
- Static zlib linking now works on Windows and the new --with-zlib-include
- --with-zlib-lib options to Configure can be used to supply the location
- of the headers and library. Gracefully handle case where zlib library
- can't be loaded.
- [Steve Henson]
-
- *) Several fixes and enhancements to the OID generation code. The old code
- sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
- handle numbers larger than ULONG_MAX, truncated printing and had a
- non standard OBJ_obj2txt() behaviour.
- [Steve Henson]
-
- *) Add support for building of engines under engine/ as shared libraries
- under VC++ build system.
- [Steve Henson]
-
- *) Corrected the numerous bugs in the Win32 path splitter in DSO.
- Hopefully, we will not see any false combination of paths any more.
- [Richard Levitte]
-
- Changes between 0.9.8 and 0.9.8a [11 Oct 2005]
-
- *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
- (part of SSL_OP_ALL). This option used to disable the
- countermeasure against man-in-the-middle protocol-version
- rollback in the SSL 2.0 server implementation, which is a bad
- idea. (CVE-2005-2969)
-
- [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
- for Information Security, National Institute of Advanced Industrial
- Science and Technology [AIST], Japan)]
-
- *) Add two function to clear and return the verify parameter flags.
- [Steve Henson]
-
- *) Keep cipherlists sorted in the source instead of sorting them at
- runtime, thus removing the need for a lock.
- [Nils Larsch]
-
- *) Avoid some small subgroup attacks in Diffie-Hellman.
- [Nick Mathewson and Ben Laurie]
-
- *) Add functions for well-known primes.
- [Nick Mathewson]
-
- *) Extended Windows CE support.
- [Satoshi Nakamura and Andy Polyakov]
-
- *) Initialize SSL_METHOD structures at compile time instead of during
- runtime, thus removing the need for a lock.
- [Steve Henson]
-
- *) Make PKCS7_decrypt() work even if no certificate is supplied by
- attempting to decrypt each encrypted key in turn. Add support to
- smime utility.
- [Steve Henson]
-
- Changes between 0.9.7h and 0.9.8 [05 Jul 2005]
-
- [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
- OpenSSL 0.9.8.]
-
- *) Add libcrypto.pc and libssl.pc for those who feel they need them.
- [Richard Levitte]
-
- *) Change CA.sh and CA.pl so they don't bundle the CSR and the private
- key into the same file any more.
- [Richard Levitte]
-
- *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.
- [Andy Polyakov]
-
- *) Add -utf8 command line and config file option to 'ca'.
- [Stefan <stf at udoma.org]
-
- *) Removed the macro des_crypt(), as it seems to conflict with some
- libraries. Use DES_crypt().
- [Richard Levitte]
-
- *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
- involves renaming the source and generated shared-libs for
- both. The engines will accept the corrected or legacy ids
- ('ncipher' and '4758_cca' respectively) when binding. NB,
- this only applies when building 'shared'.
- [Corinna Vinschen <vinschen at redhat.com> and Geoff Thorpe]
-
- *) Add attribute functions to EVP_PKEY structure. Modify
- PKCS12_create() to recognize a CSP name attribute and
- use it. Make -CSP option work again in pkcs12 utility.
- [Steve Henson]
-
- *) Add new functionality to the bn blinding code:
- - automatic re-creation of the BN_BLINDING parameters after
- a fixed number of uses (currently 32)
- - add new function for parameter creation
- - introduce flags to control the update behaviour of the
- BN_BLINDING parameters
- - hide BN_BLINDING structure
- Add a second BN_BLINDING slot to the RSA structure to improve
- performance when a single RSA object is shared among several
- threads.
- [Nils Larsch]
-
- *) Add support for DTLS.
- [Nagendra Modadugu <nagendra at cs.stanford.edu> and Ben Laurie]
-
- *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
- to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
- [Walter Goulet]
-
- *) Remove buggy and incompletet DH cert support from
- ssl/ssl_rsa.c and ssl/s3_both.c
- [Nils Larsch]
-
- *) Use SHA-1 instead of MD5 as the default digest algorithm for
- the apps/openssl applications.
- [Nils Larsch]
-
- *) Compile clean with "-Wall -Wmissing-prototypes
- -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
- DEBUG_SAFESTACK must also be set.
- [Ben Laurie]
-
- *) Change ./Configure so that certain algorithms can be disabled by default.
- The new counterpiece to "no-xxx" is "enable-xxx".
-
- The patented RC5 and MDC2 algorithms will now be disabled unless
- "enable-rc5" and "enable-mdc2", respectively, are specified.
-
- (IDEA remains enabled despite being patented. This is because IDEA
- is frequently required for interoperability, and there is no license
- fee for non-commercial use. As before, "no-idea" can be used to
- avoid this algorithm.)
-
- [Bodo Moeller]
-
- *) Add processing of proxy certificates (see RFC 3820). This work was
- sponsored by KTH (The Royal Institute of Technology in Stockholm) and
- EGEE (Enabling Grids for E-science in Europe).
- [Richard Levitte]
-
- *) RC4 performance overhaul on modern architectures/implementations, such
- as Intel P4, IA-64 and AMD64.
- [Andy Polyakov]
-
- *) New utility extract-section.pl. This can be used specify an alternative
- section number in a pod file instead of having to treat each file as
- a separate case in Makefile. This can be done by adding two lines to the
- pod file:
-
- =for comment openssl_section:XXX
-
- The blank line is mandatory.
-
- [Steve Henson]
-
- *) New arguments -certform, -keyform and -pass for s_client and s_server
- to allow alternative format key and certificate files and passphrase
- sources.
- [Steve Henson]
-
- *) New structure X509_VERIFY_PARAM which combines current verify parameters,
- update associated structures and add various utility functions.
-
- Add new policy related verify parameters, include policy checking in
- standard verify code. Enhance 'smime' application with extra parameters
- to support policy checking and print out.
- [Steve Henson]
-
- *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
- Nehemiah processors. These extensions support AES encryption in hardware
- as well as RNG (though RNG support is currently disabled).
- [Michal Ludvig <michal at logix.cz>, with help from Andy Polyakov]
-
- *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
- [Geoff Thorpe]
-
- *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
- [Andy Polyakov and a number of other people]
-
- *) Improved PowerPC platform support. Most notably BIGNUM assembler
- implementation contributed by IBM.
- [Suresh Chari, Peter Waltenberg, Andy Polyakov]
-
- *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
- exponent rather than 'unsigned long'. There is a corresponding change to
- the new 'rsa_keygen' element of the RSA_METHOD structure.
- [Jelte Jansen, Geoff Thorpe]
-
- *) Functionality for creating the initial serial number file is now
- moved from CA.pl to the 'ca' utility with a new option -create_serial.
-
- (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
- number file to 1, which is bound to cause problems. To avoid
- the problems while respecting compatibility between different 0.9.7
- patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in
- CA.pl for serial number initialization. With the new release 0.9.8,
- we can fix the problem directly in the 'ca' utility.)
- [Steve Henson]
-
- *) Reduced header interdepencies by declaring more opaque objects in
- ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
- give fewer recursive includes, which could break lazy source code - so
- this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
- developers should define this symbol when building and using openssl to
- ensure they track the recommended behaviour, interfaces, [etc], but
- backwards-compatible behaviour prevails when this isn't defined.
- [Geoff Thorpe]
-
- *) New function X509_POLICY_NODE_print() which prints out policy nodes.
- [Steve Henson]
-
- *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
- This will generate a random key of the appropriate length based on the
- cipher context. The EVP_CIPHER can provide its own random key generation
- routine to support keys of a specific form. This is used in the des and
- 3des routines to generate a key of the correct parity. Update S/MIME
- code to use new functions and hence generate correct parity DES keys.
- Add EVP_CHECK_DES_KEY #define to return an error if the key is not
- valid (weak or incorrect parity).
- [Steve Henson]
-
- *) Add a local set of CRLs that can be used by X509_verify_cert() as well
- as looking them up. This is useful when the verified structure may contain
- CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
- present unless the new PKCS7_NO_CRL flag is asserted.
- [Steve Henson]
-
- *) Extend ASN1 oid configuration module. It now additionally accepts the
- syntax:
-
- shortName = some long name, 1.2.3.4
- [Steve Henson]
-
- *) Reimplemented the BN_CTX implementation. There is now no more static
- limitation on the number of variables it can handle nor the depth of the
- "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
- information can now expand as required, and rather than having a single
- static array of bignums, BN_CTX now uses a linked-list of such arrays
- allowing it to expand on demand whilst maintaining the usefulness of
- BN_CTX's "bundling".
- [Geoff Thorpe]
-
- *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
- to allow all RSA operations to function using a single BN_CTX.
- [Geoff Thorpe]
-
- *) Preliminary support for certificate policy evaluation and checking. This
- is initially intended to pass the tests outlined in "Conformance Testing
- of Relying Party Client Certificate Path Processing Logic" v1.07.
- [Steve Henson]
-
- *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
- remained unused and not that useful. A variety of other little bignum
- tweaks and fixes have also been made continuing on from the audit (see
- below).
- [Geoff Thorpe]
-
- *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
- associated ASN1, EVP and SSL functions and old ASN1 macros.
- [Richard Levitte]
-
- *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
- and this should never fail. So the return value from the use of
- BN_set_word() (which can fail due to needless expansion) is now deprecated;
- if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
- [Geoff Thorpe]
-
- *) BN_CTX_get() should return zero-valued bignums, providing the same
- initialised value as BN_new().
- [Geoff Thorpe, suggested by Ulf M\xF6ller]
-
- *) Support for inhibitAnyPolicy certificate extension.
- [Steve Henson]
-
- *) An audit of the BIGNUM code is underway, for which debugging code is
- enabled when BN_DEBUG is defined. This makes stricter enforcements on what
- is considered valid when processing BIGNUMs, and causes execution to
- assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
- further steps are taken to deliberately pollute unused data in BIGNUM
- structures to try and expose faulty code further on. For now, openssl will
- (in its default mode of operation) continue to tolerate the inconsistent
- forms that it has tolerated in the past, but authors and packagers should
- consider trying openssl and their own applications when compiled with
- these debugging symbols defined. It will help highlight potential bugs in
- their own code, and will improve the test coverage for OpenSSL itself. At
- some point, these tighter rules will become openssl's default to improve
- maintainability, though the assert()s and other overheads will remain only
- in debugging configurations. See bn.h for more details.
- [Geoff Thorpe, Nils Larsch, Ulf M\xF6ller]
-
- *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
- that can only be obtained through BN_CTX_new() (which implicitly
- initialises it). The presence of this function only made it possible
- to overwrite an existing structure (and cause memory leaks).
- [Geoff Thorpe]
-
- *) Because of the callback-based approach for implementing LHASH as a
- template type, lh_insert() adds opaque objects to hash-tables and
- lh_doall() or lh_doall_arg() are typically used with a destructor callback
- to clean up those corresponding objects before destroying the hash table
- (and losing the object pointers). So some over-zealous constifications in
- LHASH have been relaxed so that lh_insert() does not take (nor store) the
- objects as "const" and the lh_doall[_arg] callback wrappers are not
- prototyped to have "const" restrictions on the object pointers they are
- given (and so aren't required to cast them away any more).
- [Geoff Thorpe]
-
- *) The tmdiff.h API was so ugly and minimal that our own timing utility
- (speed) prefers to use its own implementation. The two implementations
- haven't been consolidated as yet (volunteers?) but the tmdiff API has had
- its object type properly exposed (MS_TM) instead of casting to/from "char
- *". This may still change yet if someone realises MS_TM and "ms_time_***"
- aren't necessarily the greatest nomenclatures - but this is what was used
- internally to the implementation so I've used that for now.
- [Geoff Thorpe]
-
- *) Ensure that deprecated functions do not get compiled when
- OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
- the self-tests were still using deprecated key-generation functions so
- these have been updated also.
- [Geoff Thorpe]
-
- *) Reorganise PKCS#7 code to separate the digest location functionality
- into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
- New function PKCS7_set_digest() to set the digest type for PKCS#7
- digestedData type. Add additional code to correctly generate the
- digestedData type and add support for this type in PKCS7 initialization
- functions.
- [Steve Henson]
-
- *) New function PKCS7_set0_type_other() this initializes a PKCS7
- structure of type "other".
- [Steve Henson]
-
- *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
- sure the loop does correctly stop and breaking ("division by zero")
- modulus operations are not performed. The (pre-generated) prime
- table crypto/bn/bn_prime.h was already correct, but it could not be
- re-generated on some platforms because of the "division by zero"
- situation in the script.
- [Ralf S. Engelschall]
-
- *) Update support for ECC-based TLS ciphersuites according to
- draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
- SHA-1 now is only used for "small" curves (where the
- representation of a field element takes up to 24 bytes); for
- larger curves, the field element resulting from ECDH is directly
- used as premaster secret.
- [Douglas Stebila (Sun Microsystems Laboratories)]
-
- *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
- curve secp160r1 to the tests.
- [Douglas Stebila (Sun Microsystems Laboratories)]
-
- *) Add the possibility to load symbols globally with DSO.
- [G\xF6tz Babin-Ebell <babin-ebell at trustcenter.de> via Richard Levitte]
-
- *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
- control of the error stack.
- [Richard Levitte]
-
- *) Add support for STORE in ENGINE.
- [Richard Levitte]
-
- *) Add the STORE type. The intention is to provide a common interface
- to certificate and key stores, be they simple file-based stores, or
- HSM-type store, or LDAP stores, or...
- NOTE: The code is currently UNTESTED and isn't really used anywhere.
- [Richard Levitte]
-
- *) Add a generic structure called OPENSSL_ITEM. This can be used to
- pass a list of arguments to any function as well as provide a way
- for a function to pass data back to the caller.
- [Richard Levitte]
-
- *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup()
- works like BUF_strdup() but can be used to duplicate a portion of
- a string. The copy gets NUL-terminated. BUF_memdup() duplicates
- a memory area.
- [Richard Levitte]
-
- *) Add the function sk_find_ex() which works like sk_find(), but will
- return an index to an element even if an exact match couldn't be
- found. The index is guaranteed to point at the element where the
- searched-for key would be inserted to preserve sorting order.
- [Richard Levitte]
-
- *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
- takes an extra flags argument for optional functionality. Currently,
- the following flags are defined:
-
- OBJ_BSEARCH_VALUE_ON_NOMATCH
- This one gets OBJ_bsearch_ex() to return a pointer to the first
- element where the comparing function returns a negative or zero
- number.
-
- OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
- This one gets OBJ_bsearch_ex() to return a pointer to the first
- element where the comparing function returns zero. This is useful
- if there are more than one element where the comparing function
- returns zero.
- [Richard Levitte]
-
- *) Make it possible to create self-signed certificates with 'openssl ca'
- in such a way that the self-signed certificate becomes part of the
- CA database and uses the same mechanisms for serial number generation
- as all other certificate signing. The new flag '-selfsign' enables
- this functionality. Adapt CA.sh and CA.pl.in.
- [Richard Levitte]
-
- *) Add functionality to check the public key of a certificate request
- against a given private. This is useful to check that a certificate
- request can be signed by that key (self-signing).
- [Richard Levitte]
-
- *) Make it possible to have multiple active certificates with the same
- subject in the CA index file. This is done only if the keyword
- 'unique_subject' is set to 'no' in the main CA section (default
- if 'CA_default') of the configuration file. The value is saved
- with the database itself in a separate index attribute file,
- named like the index file with '.attr' appended to the name.
- [Richard Levitte]
-
- *) Generate muti valued AVAs using '+' notation in config files for
- req and dirName.
- [Steve Henson]
-
- *) Support for nameConstraints certificate extension.
- [Steve Henson]
-
- *) Support for policyConstraints certificate extension.
- [Steve Henson]
-
- *) Support for policyMappings certificate extension.
- [Steve Henson]
-
- *) Make sure the default DSA_METHOD implementation only uses its
- dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
- and change its own handlers to be NULL so as to remove unnecessary
- indirection. This lets alternative implementations fallback to the
- default implementation more easily.
- [Geoff Thorpe]
-
- *) Support for directoryName in GeneralName related extensions
- in config files.
- [Steve Henson]
-
- *) Make it possible to link applications using Makefile.shared.
- Make that possible even when linking against static libraries!
- [Richard Levitte]
-
- *) Support for single pass processing for S/MIME signing. This now
- means that S/MIME signing can be done from a pipe, in addition
- cleartext signing (multipart/signed type) is effectively streaming
- and the signed data does not need to be all held in memory.
-
- This is done with a new flag PKCS7_STREAM. When this flag is set
- PKCS7_sign() only initializes the PKCS7 structure and the actual signing
- is done after the data is output (and digests calculated) in
- SMIME_write_PKCS7().
- [Steve Henson]
-
- *) Add full support for -rpath/-R, both in shared libraries and
- applications, at least on the platforms where it's known how
- to do it.
- [Richard Levitte]
-
- *) In crypto/ec/ec_mult.c, implement fast point multiplication with
- precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
- will now compute a table of multiples of the generator that
- makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
- faster (notably in the case of a single point multiplication,
- scalar * generator).
- [Nils Larsch, Bodo Moeller]
-
- *) IPv6 support for certificate extensions. The various extensions
- which use the IP:a.b.c.d can now take IPv6 addresses using the
- formats of RFC1884 2.2 . IPv6 addresses are now also displayed
- correctly.
- [Steve Henson]
-
- *) Added an ENGINE that implements RSA by performing private key
- exponentiations with the GMP library. The conversions to and from
- GMP's mpz_t format aren't optimised nor are any montgomery forms
- cached, and on x86 it appears OpenSSL's own performance has caught up.
- However there are likely to be other architectures where GMP could
- provide a boost. This ENGINE is not built in by default, but it can be
- specified at Configure time and should be accompanied by the necessary
- linker additions, eg;
- ./config -DOPENSSL_USE_GMP -lgmp
- [Geoff Thorpe]
-
- *) "openssl engine" will not display ENGINE/DSO load failure errors when
- testing availability of engines with "-t" - the old behaviour is
- produced by increasing the feature's verbosity with "-tt".
- [Geoff Thorpe]
-
- *) ECDSA routines: under certain error conditions uninitialized BN objects
- could be freed. Solution: make sure initialization is performed early
- enough. (Reported and fix supplied by Nils Larsch <nla at trustcenter.de>
- via PR#459)
- [Lutz Jaenicke]
-
- *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
- and DH_METHOD (eg. by ENGINE implementations) to override the normal
- software implementations. For DSA and DH, parameter generation can
- also be overriden by providing the appropriate method callbacks.
- [Geoff Thorpe]
-
- *) Change the "progress" mechanism used in key-generation and
- primality testing to functions that take a new BN_GENCB pointer in
- place of callback/argument pairs. The new API functions have "_ex"
- postfixes and the older functions are reimplemented as wrappers for
- the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
- declarations of the old functions to help (graceful) attempts to
- migrate to the new functions. Also, the new key-generation API
- functions operate on a caller-supplied key-structure and return
- success/failure rather than returning a key or NULL - this is to
- help make "keygen" another member function of RSA_METHOD etc.
-
- Example for using the new callback interface:
-
- int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
- void *my_arg = ...;
- BN_GENCB my_cb;
-
- BN_GENCB_set(&my_cb, my_callback, my_arg);
-
- return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
- /* For the meaning of a, b in calls to my_callback(), see the
- * documentation of the function that calls the callback.
- * cb will point to my_cb; my_arg can be retrieved as cb->arg.
- * my_callback should return 1 if it wants BN_is_prime_ex()
- * to continue, or 0 to stop.
- */
-
- [Geoff Thorpe]
-
- *) Change the ZLIB compression method to be stateful, and make it
- available to TLS with the number defined in
- draft-ietf-tls-compression-04.txt.
- [Richard Levitte]
-
- *) Add the ASN.1 structures and functions for CertificatePair, which
- is defined as follows (according to X.509_4thEditionDraftV6.pdf):
-
- CertificatePair ::= SEQUENCE {
- forward [0] Certificate OPTIONAL,
- reverse [1] Certificate OPTIONAL,
- -- at least one of the pair shall be present -- }
-
- Also implement the PEM functions to read and write certificate
- pairs, and defined the PEM tag as "CERTIFICATE PAIR".
-
- This needed to be defined, mostly for the sake of the LDAP
- attribute crossCertificatePair, but may prove useful elsewhere as
- well.
- [Richard Levitte]
-
- *) Make it possible to inhibit symlinking of shared libraries in
- Makefile.shared, for Cygwin's sake.
- [Richard Levitte]
-
- *) Extend the BIGNUM API by creating a function
- void BN_set_negative(BIGNUM *a, int neg);
- and a macro that behave like
- int BN_is_negative(const BIGNUM *a);
-
- to avoid the need to access 'a->neg' directly in applications.
- [Nils Larsch]
-
- *) Implement fast modular reduction for pseudo-Mersenne primes
- used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
- EC_GROUP_new_curve_GFp() will now automatically use this
- if applicable.
- [Nils Larsch <nla at trustcenter.de>]
-
- *) Add new lock type (CRYPTO_LOCK_BN).
- [Bodo Moeller]
-
- *) Change the ENGINE framework to automatically load engines
- dynamically from specific directories unless they could be
- found to already be built in or loaded. Move all the
- current engines except for the cryptodev one to a new
- directory engines/.
- The engines in engines/ are built as shared libraries if
- the "shared" options was given to ./Configure or ./config.
- Otherwise, they are inserted in libcrypto.a.
- /usr/local/ssl/engines is the default directory for dynamic
- engines, but that can be overriden at configure time through
- the usual use of --prefix and/or --openssldir, and at run
- time with the environment variable OPENSSL_ENGINES.
- [Geoff Thorpe and Richard Levitte]
-
- *) Add Makefile.shared, a helper makefile to build shared
- libraries. Addapt Makefile.org.
- [Richard Levitte]
-
- *) Add version info to Win32 DLLs.
- [Peter 'Luna' Runestig" <peter at runestig.com>]
-
- *) Add new 'medium level' PKCS#12 API. Certificates and keys
- can be added using this API to created arbitrary PKCS#12
- files while avoiding the low level API.
-
- New options to PKCS12_create(), key or cert can be NULL and
- will then be omitted from the output file. The encryption
- algorithm NIDs can be set to -1 for no encryption, the mac
- iteration count can be set to 0 to omit the mac.
-
- Enhance pkcs12 utility by making the -nokeys and -nocerts
- options work when creating a PKCS#12 file. New option -nomac
- to omit the mac, NONE can be set for an encryption algorithm.
- New code is modified to use the enhanced PKCS12_create()
- instead of the low level API.
- [Steve Henson]
-
- *) Extend ASN1 encoder to support indefinite length constructed
- encoding. This can output sequences tags and octet strings in
- this form. Modify pk7_asn1.c to support indefinite length
- encoding. This is experimental and needs additional code to
- be useful, such as an ASN1 bio and some enhanced streaming
- PKCS#7 code.
-
- Extend template encode functionality so that tagging is passed
- down to the template encoder.
- [Steve Henson]
-
- *) Let 'openssl req' fail if an argument to '-newkey' is not
- recognized instead of using RSA as a default.
- [Bodo Moeller]
-
- *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
- As these are not official, they are not included in "ALL";
- the "ECCdraft" ciphersuite group alias can be used to select them.
- [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
-
- *) Add ECDH engine support.
- [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
-
- *) Add ECDH in new directory crypto/ecdh/.
- [Douglas Stebila (Sun Microsystems Laboratories)]
-
- *) Let BN_rand_range() abort with an error after 100 iterations
- without success (which indicates a broken PRNG).
- [Bodo Moeller]
-
- *) Change BN_mod_sqrt() so that it verifies that the input value
- is really the square of the return value. (Previously,
- BN_mod_sqrt would show GIGO behaviour.)
- [Bodo Moeller]
-
- *) Add named elliptic curves over binary fields from X9.62, SECG,
- and WAP/WTLS; add OIDs that were still missing.
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) Extend the EC library for elliptic curves over binary fields
- (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
- New EC_METHOD:
-
- EC_GF2m_simple_method
-
- New API functions:
-
- EC_GROUP_new_curve_GF2m
- EC_GROUP_set_curve_GF2m
- EC_GROUP_get_curve_GF2m
- EC_POINT_set_affine_coordinates_GF2m
- EC_POINT_get_affine_coordinates_GF2m
- EC_POINT_set_compressed_coordinates_GF2m
-
- Point compression for binary fields is disabled by default for
- patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
- enable it).
-
- As binary polynomials are represented as BIGNUMs, various members
- of the EC_GROUP and EC_POINT data structures can be shared
- between the implementations for prime fields and binary fields;
- the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
- are essentially identical to their ..._GFp counterparts.
- (For simplicity, the '..._GFp' prefix has been dropped from
- various internal method names.)
-
- An internal 'field_div' method (similar to 'field_mul' and
- 'field_sqr') has been added; this is used only for binary fields.
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
- through methods ('mul', 'precompute_mult').
-
- The generic implementations (now internally called 'ec_wNAF_mul'
- and 'ec_wNAF_precomputed_mult') remain the default if these
- methods are undefined.
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) New function EC_GROUP_get_degree, which is defined through
- EC_METHOD. For curves over prime fields, this returns the bit
- length of the modulus.
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) New functions EC_GROUP_dup, EC_POINT_dup.
- (These simply call ..._new and ..._copy).
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
- Polynomials are represented as BIGNUMs (where the sign bit is not
- used) in the following functions [macros]:
-
- BN_GF2m_add
- BN_GF2m_sub [= BN_GF2m_add]
- BN_GF2m_mod [wrapper for BN_GF2m_mod_arr]
- BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr]
- BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr]
- BN_GF2m_mod_inv
- BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr]
- BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr]
- BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr]
- BN_GF2m_cmp [= BN_ucmp]
-
- (Note that only the 'mod' functions are actually for fields GF(2^m).
- BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
-
- For some functions, an the irreducible polynomial defining a
- field can be given as an 'unsigned int[]' with strictly
- decreasing elements giving the indices of those bits that are set;
- i.e., p[] represents the polynomial
- f(t) = t^p[0] + t^p[1] + ... + t^p[k]
- where
- p[0] > p[1] > ... > p[k] = 0.
- This applies to the following functions:
-
- BN_GF2m_mod_arr
- BN_GF2m_mod_mul_arr
- BN_GF2m_mod_sqr_arr
- BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv]
- BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div]
- BN_GF2m_mod_exp_arr
- BN_GF2m_mod_sqrt_arr
- BN_GF2m_mod_solve_quad_arr
- BN_GF2m_poly2arr
- BN_GF2m_arr2poly
-
- Conversion can be performed by the following functions:
-
- BN_GF2m_poly2arr
- BN_GF2m_arr2poly
-
- bntest.c has additional tests for binary polynomial arithmetic.
-
- Two implementations for BN_GF2m_mod_div() are available.
- The default algorithm simply uses BN_GF2m_mod_inv() and
- BN_GF2m_mod_mul(). The alternative algorithm is compiled in only
- if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
- copyright notice in crypto/bn/bn_gf2m.c before enabling it).
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) Add new error code 'ERR_R_DISABLED' that can be used when some
- functionality is disabled at compile-time.
- [Douglas Stebila <douglas.stebila at sun.com>]
-
- *) Change default behaviour of 'openssl asn1parse' so that more
- information is visible when viewing, e.g., a certificate:
-
- Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
- mode the content of non-printable OCTET STRINGs is output in a
- style similar to INTEGERs, but with '[HEX DUMP]' prepended to
- avoid the appearance of a printable string.
- [Nils Larsch <nla at trustcenter.de>]
-
- *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
- functions
- EC_GROUP_set_asn1_flag()
- EC_GROUP_get_asn1_flag()
- EC_GROUP_set_point_conversion_form()
- EC_GROUP_get_point_conversion_form()
- These control ASN1 encoding details:
- - Curves (i.e., groups) are encoded explicitly unless asn1_flag
- has been set to OPENSSL_EC_NAMED_CURVE.
- - Points are encoded in uncompressed form by default; options for
- asn1_for are as for point2oct, namely
- POINT_CONVERSION_COMPRESSED
- POINT_CONVERSION_UNCOMPRESSED
- POINT_CONVERSION_HYBRID
-
- Also add 'seed' and 'seed_len' members to EC_GROUP with access
- functions
- EC_GROUP_set_seed()
- EC_GROUP_get0_seed()
- EC_GROUP_get_seed_len()
- This is used only for ASN1 purposes (so far).
- [Nils Larsch <nla at trustcenter.de>]
-
- *) Add 'field_type' member to EC_METHOD, which holds the NID
- of the appropriate field type OID. The new function
- EC_METHOD_get_field_type() returns this value.
- [Nils Larsch <nla at trustcenter.de>]
-
- *) Add functions
- EC_POINT_point2bn()
- EC_POINT_bn2point()
- EC_POINT_point2hex()
- EC_POINT_hex2point()
- providing useful interfaces to EC_POINT_point2oct() and
- EC_POINT_oct2point().
- [Nils Larsch <nla at trustcenter.de>]
-
- *) Change internals of the EC library so that the functions
- EC_GROUP_set_generator()
- EC_GROUP_get_generator()
- EC_GROUP_get_order()
- EC_GROUP_get_cofactor()
- are implemented directly in crypto/ec/ec_lib.c and not dispatched
- to methods, which would lead to unnecessary code duplication when
- adding different types of curves.
- [Nils Larsch <nla at trustcenter.de> with input by Bodo Moeller]
-
- *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
- arithmetic, and such that modified wNAFs are generated
- (which avoid length expansion in many cases).
- [Bodo Moeller]
-
- *) Add a function EC_GROUP_check_discriminant() (defined via
- EC_METHOD) that verifies that the curve discriminant is non-zero.
-
- Add a function EC_GROUP_check() that makes some sanity tests
- on a EC_GROUP, its generator and order. This includes
- EC_GROUP_check_discriminant().
- [Nils Larsch <nla at trustcenter.de>]
-
- *) Add ECDSA in new directory crypto/ecdsa/.
-
- Add applications 'openssl ecparam' and 'openssl ecdsa'
- (these are based on 'openssl dsaparam' and 'openssl dsa').
-
- ECDSA support is also included in various other files across the
- library. Most notably,
- - 'openssl req' now has a '-newkey ecdsa:file' option;
- - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
- - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
- d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
- them suitable for ECDSA where domain parameters must be
- extracted before the specific public key;
- - ECDSA engine support has been added.
- [Nils Larsch <nla at trustcenter.de>]
-
- *) Include some named elliptic curves, and add OIDs from X9.62,
- SECG, and WAP/WTLS. Each curve can be obtained from the new
- function
- EC_GROUP_new_by_curve_name(),
- and the list of available named curves can be obtained with
- EC_get_builtin_curves().
- Also add a 'curve_name' member to EC_GROUP objects, which can be
- accessed via
- EC_GROUP_set_curve_name()
- EC_GROUP_get_curve_name()
- [Nils Larsch <larsch at trustcenter.de, Bodo Moeller]
-
- *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
- was actually never needed) and in BN_mul(). The removal in BN_mul()
- required a small change in bn_mul_part_recursive() and the addition
- of the functions bn_cmp_part_words(), bn_sub_part_words() and
- bn_add_part_words(), which do the same thing as bn_cmp_words(),
- bn_sub_words() and bn_add_words() except they take arrays with
- differing sizes.
- [Richard Levitte]
-
- Changes between 0.9.7l and 0.9.7m [23 Feb 2007]
-
- *) Cleanse PEM buffers before freeing them since they may contain
- sensitive data.
- [Benjamin Bennett <ben at psc.edu>]
-
- *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
- a ciphersuite string such as "DEFAULT:RSA" cannot enable
- authentication-only ciphersuites.
- [Bodo Moeller]
-
- *) Since AES128 and AES256 share a single mask bit in the logic of
- ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
- kludge to work properly if AES128 is available and AES256 isn't.
- [Victor Duchovni]
-
- *) Expand security boundary to match 1.1.1 module.
- [Steve Henson]
-
- *) Remove redundant features: hash file source, editing of test vectors
- modify fipsld to use external fips_premain.c signature.
- [Steve Henson]
-
- *) New perl script mkfipsscr.pl to create shell scripts or batch files to
- run algorithm test programs.
- [Steve Henson]
-
- *) Make algorithm test programs more tolerant of whitespace.
- [Steve Henson]
-
- *) Have SSL/TLS server implementation tolerate "mismatched" record
- protocol version while receiving ClientHello even if the
- ClientHello is fragmented. (The server can't insist on the
- particular protocol version it has chosen before the ServerHello
- message has informed the client about his choice.)
- [Bodo Moeller]
-
- *) Load error codes if they are not already present instead of using a
- static variable. This allows them to be cleanly unloaded and reloaded.
- [Steve Henson]
-
- Changes between 0.9.7k and 0.9.7l [28 Sep 2006]
-
- *) Introduce limits to prevent malicious keys being able to
- cause a denial of service. (CVE-2006-2940)
- [Steve Henson, Bodo Moeller]
-
- *) Fix ASN.1 parsing of certain invalid structures that can result
- in a denial of service. (CVE-2006-2937) [Steve Henson]
-
- *) Fix buffer overflow in SSL_get_shared_ciphers() function.
- (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
-
- *) Fix SSL client code which could crash if connecting to a
- malicious SSLv2 server. (CVE-2006-4343)
- [Tavis Ormandy and Will Drewry, Google Security Team]
-
- *) Change ciphersuite string processing so that an explicit
- ciphersuite selects this one ciphersuite (so that "AES256-SHA"
- will no longer include "AES128-SHA"), and any other similar
- ciphersuite (same bitmap) from *other* protocol versions (so that
- "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
- SSL 3.0/TLS 1.0 ciphersuite). This is a backport combining
- changes from 0.9.8b and 0.9.8d.
- [Bodo Moeller]
-
- Changes between 0.9.7j and 0.9.7k [05 Sep 2006]
-
- *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
- (CVE-2006-4339) [Ben Laurie and Google Security Team]
-
- *) Change the Unix randomness entropy gathering to use poll() when
- possible instead of select(), since the latter has some
- undesirable limitations.
- [Darryl Miles via Richard Levitte and Bodo Moeller]
-
- *) Disable rogue ciphersuites:
-
- - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
-
- The latter two were purportedly from
- draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
- appear there.
-
- Also deactive the remaining ciphersuites from
- draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
- unofficial, and the ID has long expired.
- [Bodo Moeller]
-
- *) Fix RSA blinding Heisenbug (problems sometimes occured on
- dual-core machines) and other potential thread-safety issues.
- [Bodo Moeller]
-
- Changes between 0.9.7i and 0.9.7j [04 May 2006]
-
- *) Adapt fipsld and the build system to link against the validated FIPS
- module in FIPS mode.
- [Steve Henson]
-
- *) Fixes for VC++ 2005 build under Windows.
- [Steve Henson]
-
- *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make
- from a Windows bash shell such as MSYS. It is autodetected from the
- "config" script when run from a VC++ environment. Modify standard VC++
- build to use fipscanister.o from the GNU make build.
- [Steve Henson]
-
- Changes between 0.9.7h and 0.9.7i [14 Oct 2005]
-
- *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
- The value now differs depending on if you build for FIPS or not.
- BEWARE! A program linked with a shared FIPSed libcrypto can't be
- safely run with a non-FIPSed libcrypto, as it may crash because of
- the difference induced by this change.
- [Andy Polyakov]
-
- Changes between 0.9.7g and 0.9.7h [11 Oct 2005]
-
- *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
- (part of SSL_OP_ALL). This option used to disable the
- countermeasure against man-in-the-middle protocol-version
- rollback in the SSL 2.0 server implementation, which is a bad
- idea. (CVE-2005-2969)
-
- [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
- for Information Security, National Institute of Advanced Industrial
- Science and Technology [AIST], Japan)]
-
- *) Minimal support for X9.31 signatures and PSS padding modes. This is
- mainly for FIPS compliance and not fully integrated at this stage.
- [Steve Henson]
-
- *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
- the exponentiation using a fixed-length exponent. (Otherwise,
- the information leaked through timing could expose the secret key
- after many signatures; cf. Bleichenbacher's attack on DSA with
- biased k.)
- [Bodo Moeller]
-
- *) Make a new fixed-window mod_exp implementation the default for
- RSA, DSA, and DH private-key operations so that the sequence of
- squares and multiplies and the memory access pattern are
- independent of the particular secret key. This will mitigate
- cache-timing and potential related attacks.
-
- BN_mod_exp_mont_consttime() is the new exponentiation implementation,
- and this is automatically used by BN_mod_exp_mont() if the new flag
- BN_FLG_EXP_CONSTTIME is set for the exponent. RSA, DSA, and DH
- will use this BN flag for private exponents unless the flag
- RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
- DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
-
- [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
-
- *) Change the client implementation for SSLv23_method() and
- SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
- Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
- (Previously, the SSL 2.0 backwards compatible Client Hello
- message format would be used even with SSL_OP_NO_SSLv2.)
- [Bodo Moeller]
-
- *) Add support for smime-type MIME parameter in S/MIME messages which some
- clients need.
- [Steve Henson]
-
- *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
- a threadsafe manner. Modify rsa code to use new function and add calls
- to dsa and dh code (which had race conditions before).
- [Steve Henson]
-
- *) Include the fixed error library code in the C error file definitions
- instead of fixing them up at runtime. This keeps the error code
- structures constant.
- [Steve Henson]
-
- Changes between 0.9.7f and 0.9.7g [11 Apr 2005]
-
- [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
- OpenSSL 0.9.8.]
-
- *) Fixes for newer kerberos headers. NB: the casts are needed because
- the 'length' field is signed on one version and unsigned on another
- with no (?) obvious way to tell the difference, without these VC++
- complains. Also the "definition" of FAR (blank) is no longer included
- nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
- some needed definitions.
- [Steve Henson]
-
- *) Undo Cygwin change.
- [Ulf M\xF6ller]
-
- *) Added support for proxy certificates according to RFC 3820.
- Because they may be a security thread to unaware applications,
- they must be explicitely allowed in run-time. See
- docs/HOWTO/proxy_certificates.txt for further information.
- [Richard Levitte]
-
- Changes between 0.9.7e and 0.9.7f [22 Mar 2005]
-
- *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
- server and client random values. Previously
- (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
- less random data when sizeof(time_t) > 4 (some 64 bit platforms).
-
- This change has negligible security impact because:
-
- 1. Server and client random values still have 24 bytes of pseudo random
- data.
-
- 2. Server and client random values are sent in the clear in the initial
- handshake.
-
- 3. The master secret is derived using the premaster secret (48 bytes in
- size for static RSA ciphersuites) as well as client server and random
- values.
-
- The OpenSSL team would like to thank the UK NISCC for bringing this issue
- to our attention.
-
- [Stephen Henson, reported by UK NISCC]
-
- *) Use Windows randomness collection on Cygwin.
- [Ulf M\xF6ller]
-
- *) Fix hang in EGD/PRNGD query when communication socket is closed
- prematurely by EGD/PRNGD.
- [Darren Tucker <dtucker at zip.com.au> via Lutz J\xE4nicke, resolves #1014]
-
- *) Prompt for pass phrases when appropriate for PKCS12 input format.
- [Steve Henson]
-
- *) Back-port of selected performance improvements from development
- branch, as well as improved support for PowerPC platforms.
- [Andy Polyakov]
-
- *) Add lots of checks for memory allocation failure, error codes to indicate
- failure and freeing up memory if a failure occurs.
- [Nauticus Networks SSL Team <openssl at nauticusnet.com>, Steve Henson]
-
- *) Add new -passin argument to dgst.
- [Steve Henson]
-
- *) Perform some character comparisons of different types in X509_NAME_cmp:
- this is needed for some certificates that reencode DNs into UTF8Strings
- (in violation of RFC3280) and can't or wont issue name rollover
- certificates.
- [Steve Henson]
-
- *) Make an explicit check during certificate validation to see that
- the CA setting in each certificate on the chain is correct. As a
- side effect always do the following basic checks on extensions,
- not just when there's an associated purpose to the check:
-
- - if there is an unhandled critical extension (unless the user
- has chosen to ignore this fault)
- - if the path length has been exceeded (if one is set at all)
- - that certain extensions fit the associated purpose (if one has
- been given)
- [Richard Levitte]
-
- Changes between 0.9.7d and 0.9.7e [25 Oct 2004]
-
- *) Avoid a race condition when CRLs are checked in a multi threaded
- environment. This would happen due to the reordering of the revoked
- entries during signature checking and serial number lookup. Now the
- encoding is cached and the serial number sort performed under a lock.
- Add new STACK function sk_is_sorted().
- [Steve Henson]
-
- *) Add Delta CRL to the extension code.
- [Steve Henson]
-
- *) Various fixes to s3_pkt.c so alerts are sent properly.
- [David Holmes <d.holmes at f5.com>]
-
- *) Reduce the chances of duplicate issuer name and serial numbers (in
- violation of RFC3280) using the OpenSSL certificate creation utilities.
- This is done by creating a random 64 bit value for the initial serial
- number when a serial number file is created or when a self signed
- certificate is created using 'openssl req -x509'. The initial serial
- number file is created using 'openssl x509 -next_serial' in CA.pl
- rather than being initialized to 1.
- [Steve Henson]
-
- Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
-
- *) Fix null-pointer assignment in do_change_cipher_spec() revealed
- by using the Codenomicon TLS Test Tool (CVE-2004-0079)
- [Joe Orton, Steve Henson]
-
- *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
- (CVE-2004-0112)
- [Joe Orton, Steve Henson]
-
- *) Make it possible to have multiple active certificates with the same
- subject in the CA index file. This is done only if the keyword
- 'unique_subject' is set to 'no' in the main CA section (default
- if 'CA_default') of the configuration file. The value is saved
- with the database itself in a separate index attribute file,
- named like the index file with '.attr' appended to the name.
- [Richard Levitte]
-
- *) X509 verify fixes. Disable broken certificate workarounds when
- X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
- keyUsage extension present. Don't accept CRLs with unhandled critical
- extensions: since verify currently doesn't process CRL extensions this
- rejects a CRL with *any* critical extensions. Add new verify error codes
- for these cases.
- [Steve Henson]
-
- *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
- A clarification of RFC2560 will require the use of OCTET STRINGs and
- some implementations cannot handle the current raw format. Since OpenSSL
- copies and compares OCSP nonces as opaque blobs without any attempt at
- parsing them this should not create any compatibility issues.
- [Steve Henson]
-
- *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
- calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
- this HMAC (and other) operations are several times slower than OpenSSL
- < 0.9.7.
- [Steve Henson]
-
- *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
- [Peter Sylvester <Peter.Sylvester at EdelWeb.fr>]
-
- *) Use the correct content when signing type "other".
- [Steve Henson]
-
- Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
-
- *) Fix various bugs revealed by running the NISCC test suite:
-
- Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CVE-2003-0543 and CVE-2003-0544).
-
- Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
-
- If verify callback ignores invalid public key errors don't try to check
- certificate signature with the NULL public key.
-
- [Steve Henson]
-
- *) New -ignore_err option in ocsp application to stop the server
- exiting on the first error in a request.
- [Steve Henson]
-
- *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
- if the server requested one: as stated in TLS 1.0 and SSL 3.0
- specifications.
- [Steve Henson]
-
- *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
- extra data after the compression methods not only for TLS 1.0
- but also for SSL 3.0 (as required by the specification).
- [Bodo Moeller; problem pointed out by Matthias Loepfe]
-
- *) Change X509_certificate_type() to mark the key as exported/exportable
- when it's 512 *bits* long, not 512 bytes.
- [Richard Levitte]
-
- *) Change AES_cbc_encrypt() so it outputs exact multiple of
- blocks during encryption.
- [Richard Levitte]
-
- *) Various fixes to base64 BIO and non blocking I/O. On write
- flushes were not handled properly if the BIO retried. On read
- data was not being buffered properly and had various logic bugs.
- This also affects blocking I/O when the data being decoded is a
- certain size.
- [Steve Henson]
-
- *) Various S/MIME bugfixes and compatibility changes:
- output correct application/pkcs7 MIME type if
- PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
- Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
- of files as .eml work). Correctly handle very long lines in MIME
- parser.
- [Steve Henson]
-
- Changes between 0.9.7a and 0.9.7b [10 Apr 2003]
-
- *) Countermeasure against the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack on PKCS #1 v1.5 padding: treat
- a protocol version number mismatch like a decryption error
- in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
- [Bodo Moeller]
-
- *) Turn on RSA blinding by default in the default implementation
- to avoid a timing attack. Applications that don't want it can call
- RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
- They would be ill-advised to do so in most cases.
- [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
-
- *) Change RSA blinding code so that it works when the PRNG is not
- seeded (in this case, the secret RSA exponent is abused as
- an unpredictable seed -- if it is not unpredictable, there
- is no point in blinding anyway). Make RSA blinding thread-safe
- by remembering the creator's thread ID in rsa->blinding and
- having all other threads use local one-time blinding factors
- (this requires more computation than sharing rsa->blinding, but
- avoids excessive locking; and if an RSA object is not shared
- between threads, blinding will still be very fast).
- [Bodo Moeller]
-
- *) Fixed a typo bug that would cause ENGINE_set_default() to set an
- ENGINE as defaults for all supported algorithms irrespective of
- the 'flags' parameter. 'flags' is now honoured, so applications
- should make sure they are passing it correctly.
- [Geoff Thorpe]
-
- *) Target "mingw" now allows native Windows code to be generated in
- the Cygwin environment as well as with the MinGW compiler.
- [Ulf Moeller]
-
- Changes between 0.9.7 and 0.9.7a [19 Feb 2003]
-
- *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
- via timing by performing a MAC computation even if incorrrect
- block cipher padding has been found. This is a countermeasure
- against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CVE-2003-0078)
-
- [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
- Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
- Martin Vuagnoux (EPFL, Ilion)]
-
- *) Make the no-err option work as intended. The intention with no-err
- is not to have the whole error stack handling routines removed from
- libcrypto, it's only intended to remove all the function name and
- reason texts, thereby removing some of the footprint that may not
- be interesting if those errors aren't displayed anyway.
-
- NOTE: it's still possible for any application or module to have it's
- own set of error texts inserted. The routines are there, just not
- used by default when no-err is given.
- [Richard Levitte]
-
- *) Add support for FreeBSD on IA64.
- [dirk.meyer at dinoex.sub.org via Richard Levitte, resolves #454]
-
- *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
- Kerberos function mit_des_cbc_cksum(). Before this change,
- the value returned by DES_cbc_cksum() was like the one from
- mit_des_cbc_cksum(), except the bytes were swapped.
- [Kevin Greaney <Kevin.Greaney at hp.com> and Richard Levitte]
-
- *) Allow an application to disable the automatic SSL chain building.
- Before this a rather primitive chain build was always performed in
- ssl3_output_cert_chain(): an application had no way to send the
- correct chain if the automatic operation produced an incorrect result.
-
- Now the chain builder is disabled if either:
-
- 1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
-
- 2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
-
- The reasoning behind this is that an application would not want the
- auto chain building to take place if extra chain certificates are
- present and it might also want a means of sending no additional
- certificates (for example the chain has two certificates and the
- root is omitted).
- [Steve Henson]
-
- *) Add the possibility to build without the ENGINE framework.
- [Steven Reddie <smr at essemer.com.au> via Richard Levitte]
-
- *) Under Win32 gmtime() can return NULL: check return value in
- OPENSSL_gmtime(). Add error code for case where gmtime() fails.
- [Steve Henson]
-
- *) DSA routines: under certain error conditions uninitialized BN objects
- could be freed. Solution: make sure initialization is performed early
- enough. (Reported and fix supplied by Ivan D Nestlerode <nestler at MIT.EDU>,
- Nils Larsch <nla at trustcenter.de> via PR#459)
- [Lutz Jaenicke]
-
- *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
- checked on reconnect on the client side, therefore session resumption
- could still fail with a "ssl session id is different" error. This
- behaviour is masked when SSL_OP_ALL is used due to
- SSL_OP_MICROSOFT_SESS_ID_BUG being set.
- Behaviour observed by Crispin Flowerday <crispin at flowerday.cx> as
- followup to PR #377.
- [Lutz Jaenicke]
-
- *) IA-32 assembler support enhancements: unified ELF targets, support
- for SCO/Caldera platforms, fix for Cygwin shared build.
- [Andy Polyakov]
-
- *) Add support for FreeBSD on sparc64. As a consequence, support for
- FreeBSD on non-x86 processors is separate from x86 processors on
- the config script, much like the NetBSD support.
- [Richard Levitte & Kris Kennaway <kris at obsecurity.org>]
-
- Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
-
- [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
- OpenSSL 0.9.7.]
-
- *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
- code (06) was taken as the first octet of the session ID and the last
- octet was ignored consequently. As a result SSLv2 client side session
- caching could not have worked due to the session ID mismatch between
- client and server.
- Behaviour observed by Crispin Flowerday <crispin at flowerday.cx> as
- PR #377.
- [Lutz Jaenicke]
-
- *) Change the declaration of needed Kerberos libraries to use EX_LIBS
- instead of the special (and badly supported) LIBKRB5. LIBKRB5 is
- removed entirely.
- [Richard Levitte]
-
- *) The hw_ncipher.c engine requires dynamic locks. Unfortunately, it
- seems that in spite of existing for more than a year, many application
- author have done nothing to provide the necessary callbacks, which
- means that this particular engine will not work properly anywhere.
- This is a very unfortunate situation which forces us, in the name
- of usability, to give the hw_ncipher.c a static lock, which is part
- of libcrypto.
- NOTE: This is for the 0.9.7 series ONLY. This hack will never
- appear in 0.9.8 or later. We EXPECT application authors to have
- dealt properly with this when 0.9.8 is released (unless we actually
- make such changes in the libcrypto locking code that changes will
- have to be made anyway).
- [Richard Levitte]
-
- *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
- octets have been read, EOF or an error occurs. Without this change
- some truncated ASN1 structures will not produce an error.
- [Steve Henson]
-
- *) Disable Heimdal support, since it hasn't been fully implemented.
- Still give the possibility to force the use of Heimdal, but with
- warnings and a request that patches get sent to openssl-dev.
- [Richard Levitte]
-
- *) Add the VC-CE target, introduce the WINCE sysname, and add
- INSTALL.WCE and appropriate conditionals to make it build.
- [Steven Reddie <smr at essemer.com.au> via Richard Levitte]
-
- *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
- cygssl-x.y.z.dll, where x, y and z are the major, minor and
- edit numbers of the version.
- [Corinna Vinschen <vinschen at redhat.com> and Richard Levitte]
-
- *) Introduce safe string copy and catenation functions
- (BUF_strlcpy() and BUF_strlcat()).
- [Ben Laurie (CHATS) and Richard Levitte]
-
- *) Avoid using fixed-size buffers for one-line DNs.
- [Ben Laurie (CHATS)]
-
- *) Add BUF_MEM_grow_clean() to avoid information leakage when
- resizing buffers containing secrets, and use where appropriate.
- [Ben Laurie (CHATS)]
-
- *) Avoid using fixed size buffers for configuration file location.
- [Ben Laurie (CHATS)]
-
- *) Avoid filename truncation for various CA files.
- [Ben Laurie (CHATS)]
-
- *) Use sizeof in preference to magic numbers.
- [Ben Laurie (CHATS)]
-
- *) Avoid filename truncation in cert requests.
- [Ben Laurie (CHATS)]
-
- *) Add assertions to check for (supposedly impossible) buffer
- overflows.
- [Ben Laurie (CHATS)]
-
- *) Don't cache truncated DNS entries in the local cache (this could
- potentially lead to a spoofing attack).
- [Ben Laurie (CHATS)]
-
- *) Fix various buffers to be large enough for hex/decimal
- representations in a platform independent manner.
- [Ben Laurie (CHATS)]
-
- *) Add CRYPTO_realloc_clean() to avoid information leakage when
- resizing buffers containing secrets, and use where appropriate.
- [Ben Laurie (CHATS)]
-
- *) Add BIO_indent() to avoid much slightly worrying code to do
- indents.
- [Ben Laurie (CHATS)]
-
- *) Convert sprintf()/BIO_puts() to BIO_printf().
- [Ben Laurie (CHATS)]
-
- *) buffer_gets() could terminate with the buffer only half
- full. Fixed.
- [Ben Laurie (CHATS)]
-
- *) Add assertions to prevent user-supplied crypto functions from
- overflowing internal buffers by having large block sizes, etc.
- [Ben Laurie (CHATS)]
-
- *) New OPENSSL_assert() macro (similar to assert(), but enabled
- unconditionally).
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused copy of key in RC4.
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
- [Ben Laurie (CHATS)]
-
- *) Fix off-by-one error in EGD path.
- [Ben Laurie (CHATS)]
-
- *) If RANDFILE path is too long, ignore instead of truncating.
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused and incorrectly sized X.509 structure
- CBCParameter.
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused and dangerous function knumber().
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused and dangerous structure, KSSL_ERR.
- [Ben Laurie (CHATS)]
-
- *) Protect against overlong session ID context length in an encoded
- session object. Since these are local, this does not appear to be
- exploitable.
- [Ben Laurie (CHATS)]
-
- *) Change from security patch (see 0.9.6e below) that did not affect
- the 0.9.6 release series:
-
- Remote buffer overflow in SSL3 protocol - an attacker could
- supply an oversized master key in Kerberos-enabled versions.
- (CVE-2002-0657)
- [Ben Laurie (CHATS)]
-
- *) Change the SSL kerb5 codes to match RFC 2712.
- [Richard Levitte]
-
- *) Make -nameopt work fully for req and add -reqopt switch.
- [Michael Bell <michael.bell at rz.hu-berlin.de>, Steve Henson]
-
- *) The "block size" for block ciphers in CFB and OFB mode should be 1.
- [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve at opera.com>]
-
- *) Make sure tests can be performed even if the corresponding algorithms
- have been removed entirely. This was also the last step to make
- OpenSSL compilable with DJGPP under all reasonable conditions.
- [Richard Levitte, Doug Kaufman <dkaufman at rahul.net>]
-
- *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
- to allow version independent disabling of normally unselected ciphers,
- which may be activated as a side-effect of selecting a single cipher.
-
- (E.g., cipher list string "RSA" enables ciphersuites that are left
- out of "ALL" because they do not provide symmetric encryption.
- "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
- [Lutz Jaenicke, Bodo Moeller]
-
- *) Add appropriate support for separate platform-dependent build
- directories. The recommended way to make a platform-dependent
- build directory is the following (tested on Linux), maybe with
- some local tweaks:
-
- # Place yourself outside of the OpenSSL source tree. In
- # this example, the environment variable OPENSSL_SOURCE
- # is assumed to contain the absolute OpenSSL source directory.
- mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
- cd objtree/"`uname -s`-`uname -r`-`uname -m`"
- (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
- mkdir -p `dirname $F`
- ln -s $OPENSSL_SOURCE/$F $F
- done
-
- To be absolutely sure not to disturb the source tree, a "make clean"
- is a good thing. If it isn't successfull, don't worry about it,
- it probably means the source directory is very clean.
- [Richard Levitte]
-
- *) Make sure any ENGINE control commands make local copies of string
- pointers passed to them whenever necessary. Otherwise it is possible
- the caller may have overwritten (or deallocated) the original string
- data when a later ENGINE operation tries to use the stored values.
- [G\xF6tz Babin-Ebell <babinebell at trustcenter.de>]
-
- *) Improve diagnostics in file reading and command-line digests.
- [Ben Laurie aided and abetted by Solar Designer <solar at openwall.com>]
-
- *) Add AES modes CFB and OFB to the object database. Correct an
- error in AES-CFB decryption.
- [Richard Levitte]
-
- *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this
- allows existing EVP_CIPHER_CTX structures to be reused after
- calling EVP_*Final(). This behaviour is used by encryption
- BIOs and some applications. This has the side effect that
- applications must explicitly clean up cipher contexts with
- EVP_CIPHER_CTX_cleanup() or they will leak memory.
- [Steve Henson]
-
- *) Check the values of dna and dnb in bn_mul_recursive before calling
- bn_mul_comba (a non zero value means the a or b arrays do not contain
- n2 elements) and fallback to bn_mul_normal if either is not zero.
- [Steve Henson]
-
- *) Fix escaping of non-ASCII characters when using the -subj option
- of the "openssl req" command line tool. (Robert Joop <joop at fokus.gmd.de>)
- [Lutz Jaenicke]
-
- *) Make object definitions compliant to LDAP (RFC2256): SN is the short
- form for "surname", serialNumber has no short form.
- Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
- therefore remove "mail" short name for "internet 7".
- The OID for unique identifiers in X509 certificates is
- x500UniqueIdentifier, not uniqueIdentifier.
- Some more OID additions. (Michael Bell <michael.bell at rz.hu-berlin.de>)
- [Lutz Jaenicke]
-
- *) Add an "init" command to the ENGINE config module and auto initialize
- ENGINEs. Without any "init" command the ENGINE will be initialized
- after all ctrl commands have been executed on it. If init=1 the
- ENGINE is initailized at that point (ctrls before that point are run
- on the uninitialized ENGINE and after on the initialized one). If
- init=0 then the ENGINE will not be iniatialized at all.
- [Steve Henson]
-
- *) Fix the 'app_verify_callback' interface so that the user-defined
- argument is actually passed to the callback: In the
- SSL_CTX_set_cert_verify_callback() prototype, the callback
- declaration has been changed from
- int (*cb)()
- into
- int (*cb)(X509_STORE_CTX *,void *);
- in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
- i=s->ctx->app_verify_callback(&ctx)
- has been changed into
- i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
-
- To update applications using SSL_CTX_set_cert_verify_callback(),
- a dummy argument can be added to their callback functions.
- [D. K. Smetters <smetters at parc.xerox.com>]
-
- *) Added the '4758cca' ENGINE to support IBM 4758 cards.
- [Maurice Gittens <maurice at gittens.nl>, touchups by Geoff Thorpe]
-
- *) Add and OPENSSL_LOAD_CONF define which will cause
- OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
- This allows older applications to transparently support certain
- OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
- Two new functions OPENSSL_add_all_algorithms_noconf() which will never
- load the config file and OPENSSL_add_all_algorithms_conf() which will
- always load it have also been added.
- [Steve Henson]
-
- *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
- Adjust NIDs and EVP layer.
- [Stephen Sprunk <stephen at sprunk.org> and Richard Levitte]
-
- *) Config modules support in openssl utility.
-
- Most commands now load modules from the config file,
- though in a few (such as version) this isn't done
- because it couldn't be used for anything.
-
- In the case of ca and req the config file used is
- the same as the utility itself: that is the -config
- command line option can be used to specify an
- alternative file.
- [Steve Henson]
-
- *) Move default behaviour from OPENSSL_config(). If appname is NULL
- use "openssl_conf" if filename is NULL use default openssl config file.
- [Steve Henson]
-
- *) Add an argument to OPENSSL_config() to allow the use of an alternative
- config section name. Add a new flag to tolerate a missing config file
- and move code to CONF_modules_load_file().
- [Steve Henson]
-
- *) Support for crypto accelerator cards from Accelerated Encryption
- Processing, www.aep.ie. (Use engine 'aep')
- The support was copied from 0.9.6c [engine] and adapted/corrected
- to work with the new engine framework.
- [AEP Inc. and Richard Levitte]
-
- *) Support for SureWare crypto accelerator cards from Baltimore
- Technologies. (Use engine 'sureware')
- The support was copied from 0.9.6c [engine] and adapted
- to work with the new engine framework.
- [Richard Levitte]
-
- *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
- make the newer ENGINE framework commands for the CHIL engine work.
- [Toomas Kiisk <vix at cyber.ee> and Richard Levitte]
-
- *) Make it possible to produce shared libraries on ReliantUNIX.
- [Robert Dahlem <Robert.Dahlem at ffm2.siemens.de> via Richard Levitte]
-
- *) Add the configuration target debug-linux-ppro.
- Make 'openssl rsa' use the general key loading routines
- implemented in apps.c, and make those routines able to
- handle the key format FORMAT_NETSCAPE and the variant
- FORMAT_IISSGC.
- [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
-
- *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
- [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
-
- *) Add -keyform to rsautl, and document -engine.
- [Richard Levitte, inspired by Toomas Kiisk <vix at cyber.ee>]
-
- *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
- BIO_R_NO_SUCH_FILE error code rather than the generic
- ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
- [Ben Laurie]
-
- *) Add new functions
- ERR_peek_last_error
- ERR_peek_last_error_line
- ERR_peek_last_error_line_data.
- These are similar to
- ERR_peek_error
- ERR_peek_error_line
- ERR_peek_error_line_data,
- but report on the latest error recorded rather than the first one
- still in the error queue.
- [Ben Laurie, Bodo Moeller]
-
- *) default_algorithms option in ENGINE config module. This allows things
- like:
- default_algorithms = ALL
- default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
- [Steve Henson]
-
- *) Prelminary ENGINE config module.
- [Steve Henson]
-
- *) New experimental application configuration code.
- [Steve Henson]
-
- *) Change the AES code to follow the same name structure as all other
- symmetric ciphers, and behave the same way. Move everything to
- the directory crypto/aes, thereby obsoleting crypto/rijndael.
- [Stephen Sprunk <stephen at sprunk.org> and Richard Levitte]
-
- *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
- [Ben Laurie and Theo de Raadt]
-
- *) Add option to output public keys in req command.
- [Massimiliano Pala madwolf at openca.org]
-
- *) Use wNAFs in EC_POINTs_mul() for improved efficiency
- (up to about 10% better than before for P-192 and P-224).
- [Bodo Moeller]
-
- *) New functions/macros
-
- SSL_CTX_set_msg_callback(ctx, cb)
- SSL_CTX_set_msg_callback_arg(ctx, arg)
- SSL_set_msg_callback(ssl, cb)
- SSL_set_msg_callback_arg(ssl, arg)
-
- to request calling a callback function
-
- void cb(int write_p, int version, int content_type,
- const void *buf, size_t len, SSL *ssl, void *arg)
-
- whenever a protocol message has been completely received
- (write_p == 0) or sent (write_p == 1). Here 'version' is the
- protocol version according to which the SSL library interprets
- the current protocol message (SSL2_VERSION, SSL3_VERSION, or
- TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or
- the content type as defined in the SSL 3.0/TLS 1.0 protocol
- specification (change_cipher_spec(20), alert(21), handshake(22)).
- 'buf' and 'len' point to the actual message, 'ssl' to the
- SSL object, and 'arg' is the application-defined value set by
- SSL[_CTX]_set_msg_callback_arg().
-
- 'openssl s_client' and 'openssl s_server' have new '-msg' options
- to enable a callback that displays all protocol messages.
- [Bodo Moeller]
-
- *) Change the shared library support so shared libraries are built as
- soon as the corresponding static library is finished, and thereby get
- openssl and the test programs linked against the shared library.
- This still only happens when the keyword "shard" has been given to
- the configuration scripts.
-
- NOTE: shared library support is still an experimental thing, and
- backward binary compatibility is still not guaranteed.
- ["Maciej W. Rozycki" <macro at ds2.pg.gda.pl> and Richard Levitte]
-
- *) Add support for Subject Information Access extension.
- [Peter Sylvester <Peter.Sylvester at EdelWeb.fr>]
-
- *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
- additional bytes when new memory had to be allocated, not just
- when reusing an existing buffer.
- [Bodo Moeller]
-
- *) New command line and configuration option 'utf8' for the req command.
- This allows field values to be specified as UTF8 strings.
- [Steve Henson]
-
- *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
- runs for the former and machine-readable output for the latter.
- [Ben Laurie]
-
- *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion
- of the e-mail address in the DN (i.e., it will go into a certificate
- extension only). The new configuration file option 'email_in_dn = no'
- has the same effect.
- [Massimiliano Pala madwolf at openca.org]
-
- *) Change all functions with names starting with des_ to be starting
- with DES_ instead. Add wrappers that are compatible with libdes,
- but are named _ossl_old_des_*. Finally, add macros that map the
- des_* symbols to the corresponding _ossl_old_des_* if libdes
- compatibility is desired. If OpenSSL 0.9.6c compatibility is
- desired, the des_* symbols will be mapped to DES_*, with one
- exception.
-
- Since we provide two compatibility mappings, the user needs to
- define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
- compatibility is desired. The default (i.e., when that macro
- isn't defined) is OpenSSL 0.9.6c compatibility.
-
- There are also macros that enable and disable the support of old
- des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
- and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those
- are defined, the default will apply: to support the old des routines.
-
- In either case, one must include openssl/des.h to get the correct
- definitions. Do not try to just include openssl/des_old.h, that
- won't work.
-
- NOTE: This is a major break of an old API into a new one. Software
- authors are encouraged to switch to the DES_ style functions. Some
- time in the future, des_old.h and the libdes compatibility functions
- will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
- default), and then completely removed.
- [Richard Levitte]
-
- *) Test for certificates which contain unsupported critical extensions.
- If such a certificate is found during a verify operation it is
- rejected by default: this behaviour can be overridden by either
- handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
- by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
- X509_supported_extension() has also been added which returns 1 if a
- particular extension is supported.
- [Steve Henson]
-
- *) Modify the behaviour of EVP cipher functions in similar way to digests
- to retain compatibility with existing code.
- [Steve Henson]
-
- *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
- compatibility with existing code. In particular the 'ctx' parameter does
- not have to be to be initialized before the call to EVP_DigestInit() and
- it is tidied up after a call to EVP_DigestFinal(). New function
- EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
- EVP_MD_CTX_copy() changed to not require the destination to be
- initialized valid and new function EVP_MD_CTX_copy_ex() added which
- requires the destination to be valid.
-
- Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
- EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
- [Steve Henson]
-
- *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
- so that complete 'Handshake' protocol structures are kept in memory
- instead of overwriting 'msg_type' and 'length' with 'body' data.
- [Bodo Moeller]
-
- *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
- [Massimo Santin via Richard Levitte]
-
- *) Major restructuring to the underlying ENGINE code. This includes
- reduction of linker bloat, separation of pure "ENGINE" manipulation
- (initialisation, etc) from functionality dealing with implementations
- of specific crypto iterfaces. This change also introduces integrated
- support for symmetric ciphers and digest implementations - so ENGINEs
- can now accelerate these by providing EVP_CIPHER and EVP_MD
- implementations of their own. This is detailed in crypto/engine/README
- as it couldn't be adequately described here. However, there are a few
- API changes worth noting - some RSA, DSA, DH, and RAND functions that
- were changed in the original introduction of ENGINE code have now
- reverted back - the hooking from this code to ENGINE is now a good
- deal more passive and at run-time, operations deal directly with
- RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
- dereferencing through an ENGINE pointer any more. Also, the ENGINE
- functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
- they were not being used by the framework as there is no concept of a
- BIGNUM_METHOD and they could not be generalised to the new
- 'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
- ENGINE_cpy() has been removed as it cannot be consistently defined in
- the new code.
- [Geoff Thorpe]
-
- *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
- [Steve Henson]
-
- *) Change mkdef.pl to sort symbols that get the same entry number,
- and make sure the automatically generated functions ERR_load_*
- become part of libeay.num as well.
- [Richard Levitte]
-
- *) New function SSL_renegotiate_pending(). This returns true once
- renegotiation has been requested (either SSL_renegotiate() call
- or HelloRequest/ClientHello receveived from the peer) and becomes
- false once a handshake has been completed.
- (For servers, SSL_renegotiate() followed by SSL_do_handshake()
- sends a HelloRequest, but does not ensure that a handshake takes
- place. SSL_renegotiate_pending() is useful for checking if the
- client has followed the request.)
- [Bodo Moeller]
-
- *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
- By default, clients may request session resumption even during
- renegotiation (if session ID contexts permit); with this option,
- session resumption is possible only in the first handshake.
-
- SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes
- more bits available for options that should not be part of
- SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
- [Bodo Moeller]
-
- *) Add some demos for certificate and certificate request creation.
- [Steve Henson]
-
- *) Make maximum certificate chain size accepted from the peer application
- settable (SSL*_get/set_max_cert_list()), as proposed by
- "Douglas E. Engert" <deengert at anl.gov>.
- [Lutz Jaenicke]
-
- *) Add support for shared libraries for Unixware-7
- (Boyd Lynn Gerber <gerberb at zenez.com>).
- [Lutz Jaenicke]
-
- *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
- be done prior to destruction. Use this to unload error strings from
- ENGINEs that load their own error strings. NB: This adds two new API
- functions to "get" and "set" this destroy handler in an ENGINE.
- [Geoff Thorpe]
-
- *) Alter all existing ENGINE implementations (except "openssl" and
- "openbsd") to dynamically instantiate their own error strings. This
- makes them more flexible to be built both as statically-linked ENGINEs
- and self-contained shared-libraries loadable via the "dynamic" ENGINE.
- Also, add stub code to each that makes building them as self-contained
- shared-libraries easier (see README.ENGINE).
- [Geoff Thorpe]
-
- *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
- implementations into applications that are completely implemented in
- self-contained shared-libraries. The "dynamic" ENGINE exposes control
- commands that can be used to configure what shared-library to load and
- to control aspects of the way it is handled. Also, made an update to
- the README.ENGINE file that brings its information up-to-date and
- provides some information and instructions on the "dynamic" ENGINE
- (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
- [Geoff Thorpe]
-
- *) Make it possible to unload ranges of ERR strings with a new
- "ERR_unload_strings" function.
- [Geoff Thorpe]
-
- *) Add a copy() function to EVP_MD.
- [Ben Laurie]
-
- *) Make EVP_MD routines take a context pointer instead of just the
- md_data void pointer.
- [Ben Laurie]
-
- *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
- that the digest can only process a single chunk of data
- (typically because it is provided by a piece of
- hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
- is only going to provide a single chunk of data, and hence the
- framework needn't accumulate the data for oneshot drivers.
- [Ben Laurie]
-
- *) As with "ERR", make it possible to replace the underlying "ex_data"
- functions. This change also alters the storage and management of global
- ex_data state - it's now all inside ex_data.c and all "class" code (eg.
- RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
- index counters. The API functions that use this state have been changed
- to take a "class_index" rather than pointers to the class's local STACK
- and counter, and there is now an API function to dynamically create new
- classes. This centralisation allows us to (a) plug a lot of the
- thread-safety problems that existed, and (b) makes it possible to clean
- up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
- such data would previously have always leaked in application code and
- workarounds were in place to make the memory debugging turn a blind eye
- to it. Application code that doesn't use this new function will still
- leak as before, but their memory debugging output will announce it now
- rather than letting it slide.
-
- Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
- induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
- has a return value to indicate success or failure.
- [Geoff Thorpe]
-
- *) Make it possible to replace the underlying "ERR" functions such that the
- global state (2 LHASH tables and 2 locks) is only used by the "default"
- implementation. This change also adds two functions to "get" and "set"
- the implementation prior to it being automatically set the first time
- any other ERR function takes place. Ie. an application can call "get",
- pass the return value to a module it has just loaded, and that module
- can call its own "set" function using that value. This means the
- module's "ERR" operations will use (and modify) the error state in the
- application and not in its own statically linked copy of OpenSSL code.
- [Geoff Thorpe]
-
- *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
- reference counts. This performs normal REF_PRINT/REF_CHECK macros on
- the operation, and provides a more encapsulated way for external code
- (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
- to use these functions rather than manually incrementing the counts.
-
- Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
- [Geoff Thorpe]
-
- *) Add EVP test program.
- [Ben Laurie]
-
- *) Add symmetric cipher support to ENGINE. Expect the API to change!
- [Ben Laurie]
-
- *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
- X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
- X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
- These allow a CRL to be built without having to access X509_CRL fields
- directly. Modify 'ca' application to use new functions.
- [Steve Henson]
-
- *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
- bug workarounds. Rollback attack detection is a security feature.
- The problem will only arise on OpenSSL servers when TLSv1 is not
- available (sslv3_server_method() or SSL_OP_NO_TLSv1).
- Software authors not wanting to support TLSv1 will have special reasons
- for their choice and can explicitly enable this option.
- [Bodo Moeller, Lutz Jaenicke]
-
- *) Rationalise EVP so it can be extended: don't include a union of
- cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
- (similar to those existing for EVP_CIPHER_CTX).
- Usage example:
-
- EVP_MD_CTX md;
-
- EVP_MD_CTX_init(&md); /* new function call */
- EVP_DigestInit(&md, EVP_sha1());
- EVP_DigestUpdate(&md, in, len);
- EVP_DigestFinal(&md, out, NULL);
- EVP_MD_CTX_cleanup(&md); /* new function call */
-
- [Ben Laurie]
-
- *) Make DES key schedule conform to the usual scheme, as well as
- correcting its structure. This means that calls to DES functions
- now have to pass a pointer to a des_key_schedule instead of a
- plain des_key_schedule (which was actually always a pointer
- anyway): E.g.,
-
- des_key_schedule ks;
-
- des_set_key_checked(..., &ks);
- des_ncbc_encrypt(..., &ks, ...);
-
- (Note that a later change renames 'des_...' into 'DES_...'.)
- [Ben Laurie]
-
- *) Initial reduction of linker bloat: the use of some functions, such as
- PEM causes large amounts of unused functions to be linked in due to
- poor organisation. For example pem_all.c contains every PEM function
- which has a knock on effect of linking in large amounts of (unused)
- ASN1 code. Grouping together similar functions and splitting unrelated
- functions prevents this.
- [Steve Henson]
-
- *) Cleanup of EVP macros.
- [Ben Laurie]
-
- *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
- correct _ecb suffix.
- [Ben Laurie]
-
- *) Add initial OCSP responder support to ocsp application. The
- revocation information is handled using the text based index
- use by the ca application. The responder can either handle
- requests generated internally, supplied in files (for example
- via a CGI script) or using an internal minimal server.
- [Steve Henson]
-
- *) Add configuration choices to get zlib compression for TLS.
- [Richard Levitte]
-
- *) Changes to Kerberos SSL for RFC 2712 compliance:
- 1. Implemented real KerberosWrapper, instead of just using
- KRB5 AP_REQ message. [Thanks to Simon Wilkinson <sxw at sxw.org.uk>]
- 2. Implemented optional authenticator field of KerberosWrapper.
-
- Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
- and authenticator structs; see crypto/krb5/.
-
- Generalized Kerberos calls to support multiple Kerberos libraries.
- [Vern Staats <staatsvr at asc.hpc.mil>,
- Jeffrey Altman <jaltman at columbia.edu>
- via Richard Levitte]
-
- *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
- already does with RSA. testdsa.h now has 'priv_key/pub_key'
- values for each of the key sizes rather than having just
- parameters (and 'speed' generating keys each time).
- [Geoff Thorpe]
-
- *) Speed up EVP routines.
- Before:
-encrypt
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k
-des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k
-des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k
-decrypt
-des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k
-des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k
-des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k
- After:
-encrypt
-des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k
-decrypt
-des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
- [Ben Laurie]
-
- *) Added the OS2-EMX target.
- ["Brian Havard" <brianh at kheldar.apana.org.au> and Richard Levitte]
-
- *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
- to support NCONF routines in extension code. New function CONF_set_nconf()
- to allow functions which take an NCONF to also handle the old LHASH
- structure: this means that the old CONF compatible routines can be
- retained (in particular wrt extensions) without having to duplicate the
- code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
- [Steve Henson]
-
- *) Enhance the general user interface with mechanisms for inner control
- and with possibilities to have yes/no kind of prompts.
- [Richard Levitte]
-
- *) Change all calls to low level digest routines in the library and
- applications to use EVP. Add missing calls to HMAC_cleanup() and
- don't assume HMAC_CTX can be copied using memcpy().
- [Verdon Walker <VWalker at novell.com>, Steve Henson]
-
- *) Add the possibility to control engines through control names but with
- arbitrary arguments instead of just a string.
- Change the key loaders to take a UI_METHOD instead of a callback
- function pointer. NOTE: this breaks binary compatibility with earlier
- versions of OpenSSL [engine].
- Adapt the nCipher code for these new conditions and add a card insertion
- callback.
- [Richard Levitte]
-
- *) Enhance the general user interface with mechanisms to better support
- dialog box interfaces, application-defined prompts, the possibility
- to use defaults (for example default passwords from somewhere else)
- and interrupts/cancellations.
- [Richard Levitte]
-
- *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
- attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
- [Steve Henson]
-
- *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
- tidy up some unnecessarily weird code in 'sk_new()').
- [Geoff, reported by Diego Tartara <dtartara at novamens.com>]
-
- *) Change the key loading routines for ENGINEs to use the same kind
- callback (pem_password_cb) as all other routines that need this
- kind of callback.
- [Richard Levitte]
-
- *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
- 256 bit (=32 byte) keys. Of course seeding with more entropy bytes
- than this minimum value is recommended.
- [Lutz Jaenicke]
-
- *) New random seeder for OpenVMS, using the system process statistics
- that are easily reachable.
- [Richard Levitte]
-
- *) Windows apparently can't transparently handle global
- variables defined in DLLs. Initialisations such as:
-
- const ASN1_ITEM *it = &ASN1_INTEGER_it;
-
- wont compile. This is used by the any applications that need to
- declare their own ASN1 modules. This was fixed by adding the option
- EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
- needed for static libraries under Win32.
- [Steve Henson]
-
- *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
- setting of purpose and trust fields. New X509_STORE trust and
- purpose functions and tidy up setting in other SSL functions.
- [Steve Henson]
-
- *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
- structure. These are inherited by X509_STORE_CTX when it is
- initialised. This allows various defaults to be set in the
- X509_STORE structure (such as flags for CRL checking and custom
- purpose or trust settings) for functions which only use X509_STORE_CTX
- internally such as S/MIME.
-
- Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
- trust settings if they are not set in X509_STORE. This allows X509_STORE
- purposes and trust (in S/MIME for example) to override any set by default.
-
- Add command line options for CRL checking to smime, s_client and s_server
- applications.
- [Steve Henson]
-
- *) Initial CRL based revocation checking. If the CRL checking flag(s)
- are set then the CRL is looked up in the X509_STORE structure and
- its validity and signature checked, then if the certificate is found
- in the CRL the verify fails with a revoked error.
-
- Various new CRL related callbacks added to X509_STORE_CTX structure.
-
- Command line options added to 'verify' application to support this.
-
- This needs some additional work, such as being able to handle multiple
- CRLs with different times, extension based lookup (rather than just
- by subject name) and ultimately more complete V2 CRL extension
- handling.
- [Steve Henson]
-
- *) Add a general user interface API (crypto/ui/). This is designed
- to replace things like des_read_password and friends (backward
- compatibility functions using this new API are provided).
- The purpose is to remove prompting functions from the DES code
- section as well as provide for prompting through dialog boxes in
- a window system and the like.
- [Richard Levitte]
-
- *) Add "ex_data" support to ENGINE so implementations can add state at a
- per-structure level rather than having to store it globally.
- [Geoff]
-
- *) Make it possible for ENGINE structures to be copied when retrieved by
- ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
- This causes the "original" ENGINE structure to act like a template,
- analogous to the RSA vs. RSA_METHOD type of separation. Because of this
- operational state can be localised to each ENGINE structure, despite the
- fact they all share the same "methods". New ENGINE structures returned in
- this case have no functional references and the return value is the single
- structural reference. This matches the single structural reference returned
- by ENGINE_by_id() normally, when it is incremented on the pre-existing
- ENGINE structure.
- [Geoff]
-
- *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
- needs to match any other type at all we need to manually clear the
- tag cache.
- [Steve Henson]
-
- *) Changes to the "openssl engine" utility to include;
- - verbosity levels ('-v', '-vv', and '-vvv') that provide information
- about an ENGINE's available control commands.
- - executing control commands from command line arguments using the
- '-pre' and '-post' switches. '-post' is only used if '-t' is
- specified and the ENGINE is successfully initialised. The syntax for
- the individual commands are colon-separated, for example;
- openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
- [Geoff]
-
- *) New dynamic control command support for ENGINEs. ENGINEs can now
- declare their own commands (numbers), names (strings), descriptions,
- and input types for run-time discovery by calling applications. A
- subset of these commands are implicitly classed as "executable"
- depending on their input type, and only these can be invoked through
- the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
- can be based on user input, config files, etc). The distinction is
- that "executable" commands cannot return anything other than a boolean
- result and can only support numeric or string input, whereas some
- discoverable commands may only be for direct use through
- ENGINE_ctrl(), eg. supporting the exchange of binary data, function
- pointers, or other custom uses. The "executable" commands are to
- support parameterisations of ENGINE behaviour that can be
- unambiguously defined by ENGINEs and used consistently across any
- OpenSSL-based application. Commands have been added to all the
- existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
- control over shared-library paths without source code alterations.
- [Geoff]
-
- *) Changed all ENGINE implementations to dynamically allocate their
- ENGINEs rather than declaring them statically. Apart from this being
- necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
- this also allows the implementations to compile without using the
- internal engine_int.h header.
- [Geoff]
-
- *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
- 'const' value. Any code that should be able to modify a RAND_METHOD
- should already have non-const pointers to it (ie. they should only
- modify their own ones).
- [Geoff]
-
- *) Made a variety of little tweaks to the ENGINE code.
- - "atalla" and "ubsec" string definitions were moved from header files
- to C code. "nuron" string definitions were placed in variables
- rather than hard-coded - allowing parameterisation of these values
- later on via ctrl() commands.
- - Removed unused "#if 0"'d code.
- - Fixed engine list iteration code so it uses ENGINE_free() to release
- structural references.
- - Constified the RAND_METHOD element of ENGINE structures.
- - Constified various get/set functions as appropriate and added
- missing functions (including a catch-all ENGINE_cpy that duplicates
- all ENGINE values onto a new ENGINE except reference counts/state).
- - Removed NULL parameter checks in get/set functions. Setting a method
- or function to NULL is a way of cancelling out a previously set
- value. Passing a NULL ENGINE parameter is just plain stupid anyway
- and doesn't justify the extra error symbols and code.
- - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
- flags from engine_int.h to engine.h.
- - Changed prototypes for ENGINE handler functions (init(), finish(),
- ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
- [Geoff]
-
- *) Implement binary inversion algorithm for BN_mod_inverse in addition
- to the algorithm using long division. The binary algorithm can be
- used only if the modulus is odd. On 32-bit systems, it is faster
- only for relatively small moduli (roughly 20-30% for 128-bit moduli,
- roughly 5-15% for 256-bit moduli), so we use it only for moduli
- up to 450 bits. In 64-bit environments, the binary algorithm
- appears to be advantageous for much longer moduli; here we use it
- for moduli up to 2048 bits.
- [Bodo Moeller]
-
- *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
- could not support the combine flag in choice fields.
- [Steve Henson]
-
- *) Add a 'copy_extensions' option to the 'ca' utility. This copies
- extensions from a certificate request to the certificate.
- [Steve Henson]
-
- *) Allow multiple 'certopt' and 'nameopt' options to be separated
- by commas. Add 'namopt' and 'certopt' options to the 'ca' config
- file: this allows the display of the certificate about to be
- signed to be customised, to allow certain fields to be included
- or excluded and extension details. The old system didn't display
- multicharacter strings properly, omitted fields not in the policy
- and couldn't display additional details such as extensions.
- [Steve Henson]
-
- *) Function EC_POINTs_mul for multiple scalar multiplication
- of an arbitrary number of elliptic curve points
- \sum scalars[i]*points[i],
- optionally including the generator defined for the EC_GROUP:
- scalar*generator + \sum scalars[i]*points[i].
-
- EC_POINT_mul is a simple wrapper function for the typical case
- that the point list has just one item (besides the optional
- generator).
- [Bodo Moeller]
-
- *) First EC_METHODs for curves over GF(p):
-
- EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
- operations and provides various method functions that can also
- operate with faster implementations of modular arithmetic.
-
- EC_GFp_mont_method() reuses most functions that are part of
- EC_GFp_simple_method, but uses Montgomery arithmetic.
-
- [Bodo Moeller; point addition and point doubling
- implementation directly derived from source code provided by
- Lenka Fibikova <fibikova at exp-math.uni-essen.de>]
-
- *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
- crypto/ec/ec_lib.c):
-
- Curves are EC_GROUP objects (with an optional group generator)
- based on EC_METHODs that are built into the library.
-
- Points are EC_POINT objects based on EC_GROUP objects.
-
- Most of the framework would be able to handle curves over arbitrary
- finite fields, but as there are no obvious types for fields other
- than GF(p), some functions are limited to that for now.
- [Bodo Moeller]
-
- *) Add the -HTTP option to s_server. It is similar to -WWW, but requires
- that the file contains a complete HTTP response.
- [Richard Levitte]
-
- *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
- change the def and num file printf format specifier from "%-40sXXX"
- to "%-39s XXX". The latter will always guarantee a space after the
- field while the former will cause them to run together if the field
- is 40 of more characters long.
- [Steve Henson]
-
- *) Constify the cipher and digest 'method' functions and structures
- and modify related functions to take constant EVP_MD and EVP_CIPHER
- pointers.
- [Steve Henson]
-
- *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
- in <openssl/bn.h>. Also further increase BN_CTX_NUM to 32.
- [Bodo Moeller]
-
- *) Modify EVP_Digest*() routines so they now return values. Although the
- internal software routines can never fail additional hardware versions
- might.
- [Steve Henson]
-
- *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
-
- Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
- (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
-
- ASN1 error codes
- ERR_R_NESTED_ASN1_ERROR
- ...
- ERR_R_MISSING_ASN1_EOS
- were 4 .. 9, conflicting with
- ERR_LIB_RSA (= ERR_R_RSA_LIB)
- ...
- ERR_LIB_PEM (= ERR_R_PEM_LIB).
- They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
-
- Add new error code 'ERR_R_INTERNAL_ERROR'.
- [Bodo Moeller]
-
- *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
- suffices.
- [Bodo Moeller]
-
- *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This
- sets the subject name for a new request or supersedes the
- subject name in a given request. Formats that can be parsed are
- 'CN=Some Name, OU=myOU, C=IT'
- and
- 'CN=Some Name/OU=myOU/C=IT'.
-
- Add options '-batch' and '-verbose' to 'openssl req'.
- [Massimiliano Pala <madwolf at hackmasters.net>]
-
- *) Introduce the possibility to access global variables through
- functions on platform were that's the best way to handle exporting
- global variables in shared libraries. To enable this functionality,
- one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
- "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
- is normally done by Configure or something similar).
-
- To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
- in the source file (foo.c) like this:
-
- OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
- OPENSSL_IMPLEMENT_GLOBAL(double,bar);
-
- To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
- and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
-
- OPENSSL_DECLARE_GLOBAL(int,foo);
- #define foo OPENSSL_GLOBAL_REF(foo)
- OPENSSL_DECLARE_GLOBAL(double,bar);
- #define bar OPENSSL_GLOBAL_REF(bar)
-
- The #defines are very important, and therefore so is including the
- header file everywhere where the defined globals are used.
-
- The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
- of ASN.1 items, but that structure is a bit different.
-
- The largest change is in util/mkdef.pl which has been enhanced with
- better and easier to understand logic to choose which symbols should
- go into the Windows .def files as well as a number of fixes and code
- cleanup (among others, algorithm keywords are now sorted
- lexicographically to avoid constant rewrites).
- [Richard Levitte]
-
- *) In BN_div() keep a copy of the sign of 'num' before writing the
- result to 'rm' because if rm==num the value will be overwritten
- and produce the wrong result if 'num' is negative: this caused
- problems with BN_mod() and BN_nnmod().
- [Steve Henson]
-
- *) Function OCSP_request_verify(). This checks the signature on an
- OCSP request and verifies the signer certificate. The signer
- certificate is just checked for a generic purpose and OCSP request
- trust settings.
- [Steve Henson]
-
- *) Add OCSP_check_validity() function to check the validity of OCSP
- responses. OCSP responses are prepared in real time and may only
- be a few seconds old. Simply checking that the current time lies
- between thisUpdate and nextUpdate max reject otherwise valid responses
- caused by either OCSP responder or client clock inaccuracy. Instead
- we allow thisUpdate and nextUpdate to fall within a certain period of
- the current time. The age of the response can also optionally be
- checked. Two new options -validity_period and -status_age added to
- ocsp utility.
- [Steve Henson]
-
- *) If signature or public key algorithm is unrecognized print out its
- OID rather that just UNKNOWN.
- [Steve Henson]
-
- *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
- OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
- ID to be generated from the issuer certificate alone which can then be
- passed to OCSP_id_issuer_cmp().
- [Steve Henson]
-
- *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
- ASN1 modules to export functions returning ASN1_ITEM pointers
- instead of the ASN1_ITEM structures themselves. This adds several
- new macros which allow the underlying ASN1 function/structure to
- be accessed transparently. As a result code should not use ASN1_ITEM
- references directly (such as &X509_it) but instead use the relevant
- macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
- use of the new ASN1 code on platforms where exporting structures
- is problematical (for example in shared libraries) but exporting
- functions returning pointers to structures is not.
- [Steve Henson]
-
- *) Add support for overriding the generation of SSL/TLS session IDs.
- These callbacks can be registered either in an SSL_CTX or per SSL.
- The purpose of this is to allow applications to control, if they wish,
- the arbitrary values chosen for use as session IDs, particularly as it
- can be useful for session caching in multiple-server environments. A
- command-line switch for testing this (and any client code that wishes
- to use such a feature) has been added to "s_server".
- [Geoff Thorpe, Lutz Jaenicke]
-
- *) Modify mkdef.pl to recognise and parse preprocessor conditionals
- of the form '#if defined(...) || defined(...) || ...' and
- '#if !defined(...) && !defined(...) && ...'. This also avoids
- the growing number of special cases it was previously handling.
- [Richard Levitte]
-
- *) Make all configuration macros available for application by making
- sure they are available in opensslconf.h, by giving them names starting
- with "OPENSSL_" to avoid conflicts with other packages and by making
- sure e_os2.h will cover all platform-specific cases together with
- opensslconf.h.
- Additionally, it is now possible to define configuration/platform-
- specific names (called "system identities"). In the C code, these
- are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another
- macro with the name beginning with "OPENSSL_SYS_", which is determined
- from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
- what is available.
- [Richard Levitte]
-
- *) New option -set_serial to 'req' and 'x509' this allows the serial
- number to use to be specified on the command line. Previously self
- signed certificates were hard coded with serial number 0 and the
- CA options of 'x509' had to use a serial number in a file which was
- auto incremented.
- [Steve Henson]
-
- *) New options to 'ca' utility to support V2 CRL entry extensions.
- Currently CRL reason, invalidity date and hold instruction are
- supported. Add new CRL extensions to V3 code and some new objects.
- [Steve Henson]
-
- *) New function EVP_CIPHER_CTX_set_padding() this is used to
- disable standard block padding (aka PKCS#5 padding) in the EVP
- API, which was previously mandatory. This means that the data is
- not padded in any way and so the total length much be a multiple
- of the block size, otherwise an error occurs.
- [Steve Henson]
-
- *) Initial (incomplete) OCSP SSL support.
- [Steve Henson]
-
- *) New function OCSP_parse_url(). This splits up a URL into its host,
- port and path components: primarily to parse OCSP URLs. New -url
- option to ocsp utility.
- [Steve Henson]
-
- *) New nonce behavior. The return value of OCSP_check_nonce() now
- reflects the various checks performed. Applications can decide
- whether to tolerate certain situations such as an absent nonce
- in a response when one was present in a request: the ocsp application
- just prints out a warning. New function OCSP_add1_basic_nonce()
- this is to allow responders to include a nonce in a response even if
- the request is nonce-less.
- [Steve Henson]
-
- *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
- skipped when using openssl x509 multiple times on a single input file,
- e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
- [Bodo Moeller]
-
- *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
- set string type: to handle setting ASN1_TIME structures. Fix ca
- utility to correctly initialize revocation date of CRLs.
- [Steve Henson]
-
- *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
- the clients preferred ciphersuites and rather use its own preferences.
- Should help to work around M$ SGC (Server Gated Cryptography) bug in
- Internet Explorer by ensuring unchanged hash method during stepup.
- (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
- [Lutz Jaenicke]
-
- *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
- to aes and add a new 'exist' option to print out symbols that don't
- appear to exist.
- [Steve Henson]
-
- *) Additional options to ocsp utility to allow flags to be set and
- additional certificates supplied.
- [Steve Henson]
-
- *) Add the option -VAfile to 'openssl ocsp', so the user can give the
- OCSP client a number of certificate to only verify the response
- signature against.
- [Richard Levitte]
-
- *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
- handle the new API. Currently only ECB, CBC modes supported. Add new
- AES OIDs.
-
- Add TLS AES ciphersuites as described in RFC3268, "Advanced
- Encryption Standard (AES) Ciphersuites for Transport Layer
- Security (TLS)". (In beta versions of OpenSSL 0.9.7, these were
- not enabled by default and were not part of the "ALL" ciphersuite
- alias because they were not yet official; they could be
- explicitly requested by specifying the "AESdraft" ciphersuite
- group alias. In the final release of OpenSSL 0.9.7, the group
- alias is called "AES" and is part of "ALL".)
- [Ben Laurie, Steve Henson, Bodo Moeller]
-
- *) New function OCSP_copy_nonce() to copy nonce value (if present) from
- request to response.
- [Steve Henson]
-
- *) Functions for OCSP responders. OCSP_request_onereq_count(),
- OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
- extract information from a certificate request. OCSP_response_create()
- creates a response and optionally adds a basic response structure.
- OCSP_basic_add1_status() adds a complete single response to a basic
- response and returns the OCSP_SINGLERESP structure just added (to allow
- extensions to be included for example). OCSP_basic_add1_cert() adds a
- certificate to a basic response and OCSP_basic_sign() signs a basic
- response with various flags. New helper functions ASN1_TIME_check()
- (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
- (converts ASN1_TIME to GeneralizedTime).
- [Steve Henson]
-
- *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
- in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
- structure from a certificate. X509_pubkey_digest() digests the public_key
- contents: this is used in various key identifiers.
- [Steve Henson]
-
- *) Make sk_sort() tolerate a NULL argument.
- [Steve Henson reported by Massimiliano Pala <madwolf at comune.modena.it>]
-
- *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
- passed by the function are trusted implicitly. If any of them signed the
- response then it is assumed to be valid and is not verified.
- [Steve Henson]
-
- *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
- to data. This was previously part of the PKCS7 ASN1 code. This
- was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
- [Steve Henson, reported by Kenneth R. Robinette
- <support at securenetterm.com>]
-
- *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
- routines: without these tracing memory leaks is very painful.
- Fix leaks in PKCS12 and PKCS7 routines.
- [Steve Henson]
-
- *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
- Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
- effectively meant GeneralizedTime would never be used. Now it
- is initialised to -1 but X509_time_adj() now has to check the value
- and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
- V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
- [Steve Henson, reported by Kenneth R. Robinette
- <support at securenetterm.com>]
-
- *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
- result in a zero length in the ASN1_INTEGER structure which was
- not consistent with the structure when d2i_ASN1_INTEGER() was used
- and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
- to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
- where it did not print out a minus for negative ASN1_INTEGER.
- [Steve Henson]
-
- *) Add summary printout to ocsp utility. The various functions which
- convert status values to strings have been renamed to:
- OCSP_response_status_str(), OCSP_cert_status_str() and
- OCSP_crl_reason_str() and are no longer static. New options
- to verify nonce values and to disable verification. OCSP response
- printout format cleaned up.
- [Steve Henson]
-
- *) Add additional OCSP certificate checks. These are those specified
- in RFC2560. This consists of two separate checks: the CA of the
- certificate being checked must either be the OCSP signer certificate
- or the issuer of the OCSP signer certificate. In the latter case the
- OCSP signer certificate must contain the OCSP signing extended key
- usage. This check is performed by attempting to match the OCSP
- signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
- in the OCSP_CERTID structures of the response.
- [Steve Henson]
-
- *) Initial OCSP certificate verification added to OCSP_basic_verify()
- and related routines. This uses the standard OpenSSL certificate
- verify routines to perform initial checks (just CA validity) and
- to obtain the certificate chain. Then additional checks will be
- performed on the chain. Currently the root CA is checked to see
- if it is explicitly trusted for OCSP signing. This is used to set
- a root CA as a global signing root: that is any certificate that
- chains to that CA is an acceptable OCSP signing certificate.
- [Steve Henson]
-
- *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
- extensions from a separate configuration file.
- As when reading extensions from the main configuration file,
- the '-extensions ...' option may be used for specifying the
- section to use.
- [Massimiliano Pala <madwolf at comune.modena.it>]
-
- *) New OCSP utility. Allows OCSP requests to be generated or
- read. The request can be sent to a responder and the output
- parsed, outputed or printed in text form. Not complete yet:
- still needs to check the OCSP response validity.
- [Steve Henson]
-
- *) New subcommands for 'openssl ca':
- 'openssl ca -status <serial>' prints the status of the cert with
- the given serial number (according to the index file).
- 'openssl ca -updatedb' updates the expiry status of certificates
- in the index file.
- [Massimiliano Pala <madwolf at comune.modena.it>]
-
- *) New '-newreq-nodes' command option to CA.pl. This is like
- '-newreq', but calls 'openssl req' with the '-nodes' option
- so that the resulting key is not encrypted.
- [Damien Miller <djm at mindrot.org>]
-
- *) New configuration for the GNU Hurd.
- [Jonathan Bartlett <johnnyb at wolfram.com> via Richard Levitte]
-
- *) Initial code to implement OCSP basic response verify. This
- is currently incomplete. Currently just finds the signer's
- certificate and verifies the signature on the response.
- [Steve Henson]
-
- *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
- value of OPENSSLDIR. This is available via the new '-d' option
- to 'openssl version', and is also included in 'openssl version -a'.
- [Bodo Moeller]
-
- *) Allowing defining memory allocation callbacks that will be given
- file name and line number information in additional arguments
- (a const char* and an int). The basic functionality remains, as
- well as the original possibility to just replace malloc(),
- realloc() and free() by functions that do not know about these
- additional arguments. To register and find out the current
- settings for extended allocation functions, the following
- functions are provided:
-
- CRYPTO_set_mem_ex_functions
- CRYPTO_set_locked_mem_ex_functions
- CRYPTO_get_mem_ex_functions
- CRYPTO_get_locked_mem_ex_functions
-
- These work the same way as CRYPTO_set_mem_functions and friends.
- CRYPTO_get_[locked_]mem_functions now writes 0 where such an
- extended allocation function is enabled.
- Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
- a conventional allocation function is enabled.
- [Richard Levitte, Bodo Moeller]
-
- *) Finish off removing the remaining LHASH function pointer casts.
- There should no longer be any prototype-casting required when using
- the LHASH abstraction, and any casts that remain are "bugs". See
- the callback types and macros at the head of lhash.h for details
- (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
- [Geoff Thorpe]
-
- *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
- If /dev/[u]random devices are not available or do not return enough
- entropy, EGD style sockets (served by EGD or PRNGD) will automatically
- be queried.
- The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
- /etc/entropy will be queried once each in this sequence, quering stops
- when enough entropy was collected without querying more sockets.
- [Lutz Jaenicke]
-
- *) Change the Unix RAND_poll() variant to be able to poll several
- random devices, as specified by DEVRANDOM, until a sufficient amount
- of data has been collected. We spend at most 10 ms on each file
- (select timeout) and read in non-blocking mode. DEVRANDOM now
- defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
- (previously it was just the string "/dev/urandom"), so on typical
- platforms the 10 ms delay will never occur.
- Also separate out the Unix variant to its own file, rand_unix.c.
- For VMS, there's a currently-empty rand_vms.c.
- [Richard Levitte]
-
- *) Move OCSP client related routines to ocsp_cl.c. These
- provide utility functions which an application needing
- to issue a request to an OCSP responder and analyse the
- response will typically need: as opposed to those which an
- OCSP responder itself would need which will be added later.
-
- OCSP_request_sign() signs an OCSP request with an API similar
- to PKCS7_sign(). OCSP_response_status() returns status of OCSP
- response. OCSP_response_get1_basic() extracts basic response
- from response. OCSP_resp_find_status(): finds and extracts status
- information from an OCSP_CERTID structure (which will be created
- when the request structure is built). These are built from lower
- level functions which work on OCSP_SINGLERESP structures but
- wont normally be used unless the application wishes to examine
- extensions in the OCSP response for example.
-
- Replace nonce routines with a pair of functions.
- OCSP_request_add1_nonce() adds a nonce value and optionally
- generates a random value. OCSP_check_nonce() checks the
- validity of the nonce in an OCSP response.
- [Steve Henson]
-
- *) Change function OCSP_request_add() to OCSP_request_add0_id().
- This doesn't copy the supplied OCSP_CERTID and avoids the
- need to free up the newly created id. Change return type
- to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
- This can then be used to add extensions to the request.
- Deleted OCSP_request_new(), since most of its functionality
- is now in OCSP_REQUEST_new() (and the case insensitive name
- clash) apart from the ability to set the request name which
- will be added elsewhere.
- [Steve Henson]
-
- *) Update OCSP API. Remove obsolete extensions argument from
- various functions. Extensions are now handled using the new
- OCSP extension code. New simple OCSP HTTP function which
- can be used to send requests and parse the response.
- [Steve Henson]
-
- *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
- ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
- uses the special reorder version of SET OF to sort the attributes
- and reorder them to match the encoded order. This resolves a long
- standing problem: a verify on a PKCS7 structure just after signing
- it used to fail because the attribute order did not match the
- encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
- it uses the received order. This is necessary to tolerate some broken
- software that does not order SET OF. This is handled by encoding
- as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
- to produce the required SET OF.
- [Steve Henson]
-
- *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
- OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
- files to get correct declarations of the ASN.1 item variables.
- [Richard Levitte]
-
- *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
- PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
- asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
- NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
- New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
- ASN1_ITEM and no wrapper functions.
- [Steve Henson]
-
- *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
- replace the old function pointer based I/O routines. Change most of
- the *_d2i_bio() and *_d2i_fp() functions to use these.
- [Steve Henson]
-
- *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
- lines, recognice more "algorithms" that can be deselected, and make
- it complain about algorithm deselection that isn't recognised.
- [Richard Levitte]
-
- *) New ASN1 functions to handle dup, sign, verify, digest, pack and
- unpack operations in terms of ASN1_ITEM. Modify existing wrappers
- to use new functions. Add NO_ASN1_OLD which can be set to remove
- some old style ASN1 functions: this can be used to determine if old
- code will still work when these eventually go away.
- [Steve Henson]
-
- *) New extension functions for OCSP structures, these follow the
- same conventions as certificates and CRLs.
- [Steve Henson]
-
- *) New function X509V3_add1_i2d(). This automatically encodes and
- adds an extension. Its behaviour can be customised with various
- flags to append, replace or delete. Various wrappers added for
- certifcates and CRLs.
- [Steve Henson]
-
- *) Fix to avoid calling the underlying ASN1 print routine when
- an extension cannot be parsed. Correct a typo in the
- OCSP_SERVICELOC extension. Tidy up print OCSP format.
- [Steve Henson]
-
- *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
- entries for variables.
- [Steve Henson]
-
- *) Add functionality to apps/openssl.c for detecting locking
- problems: As the program is single-threaded, all we have
- to do is register a locking callback using an array for
- storing which locks are currently held by the program.
- [Bodo Moeller]
-
- *) Use a lock around the call to CRYPTO_get_ex_new_index() in
- SSL_get_ex_data_X509_STORE_idx(), which is used in
- ssl_verify_cert_chain() and thus can be called at any time
- during TLS/SSL handshakes so that thread-safety is essential.
- Unfortunately, the ex_data design is not at all suited
- for multi-threaded use, so it probably should be abolished.
- [Bodo Moeller]
-
- *) Added Broadcom "ubsec" ENGINE to OpenSSL.
- [Broadcom, tweaked and integrated by Geoff Thorpe]
-
- *) Move common extension printing code to new function
- X509V3_print_extensions(). Reorganise OCSP print routines and
- implement some needed OCSP ASN1 functions. Add OCSP extensions.
- [Steve Henson]
-
- *) New function X509_signature_print() to remove duplication in some
- print routines.
- [Steve Henson]
-
- *) Add a special meaning when SET OF and SEQUENCE OF flags are both
- set (this was treated exactly the same as SET OF previously). This
- is used to reorder the STACK representing the structure to match the
- encoding. This will be used to get round a problem where a PKCS7
- structure which was signed could not be verified because the STACK
- order did not reflect the encoded order.
- [Steve Henson]
-
- *) Reimplement the OCSP ASN1 module using the new code.
- [Steve Henson]
-
- *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
- for its ASN1 operations. The old style function pointers still exist
- for now but they will eventually go away.
- [Steve Henson]
-
- *) Merge in replacement ASN1 code from the ASN1 branch. This almost
- completely replaces the old ASN1 functionality with a table driven
- encoder and decoder which interprets an ASN1_ITEM structure describing
- the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
- largely maintained. Almost all of the old asn1_mac.h macro based ASN1
- has also been converted to the new form.
- [Steve Henson]
-
- *) Change BN_mod_exp_recp so that negative moduli are tolerated
- (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set
- so that BN_mod_exp_mont and BN_mod_exp_mont_word work
- for negative moduli.
- [Bodo Moeller]
-
- *) Fix BN_uadd and BN_usub: Always return non-negative results instead
- of not touching the result's sign bit.
- [Bodo Moeller]
-
- *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
- set.
- [Bodo Moeller]
-
- *) Changed the LHASH code to use prototypes for callbacks, and created
- macros to declare and implement thin (optionally static) functions
- that provide type-safety and avoid function pointer casting for the
- type-specific callbacks.
- [Geoff Thorpe]
-
- *) Added Kerberos Cipher Suites to be used with TLS, as written in
- RFC 2712.
- [Veers Staats <staatsvr at asc.hpc.mil>,
- Jeffrey Altman <jaltman at columbia.edu>, via Richard Levitte]
-
- *) Reformat the FAQ so the different questions and answers can be divided
- in sections depending on the subject.
- [Richard Levitte]
-
- *) Have the zlib compression code load ZLIB.DLL dynamically under
- Windows.
- [Richard Levitte]
-
- *) New function BN_mod_sqrt for computing square roots modulo a prime
- (using the probabilistic Tonelli-Shanks algorithm unless
- p == 3 (mod 4) or p == 5 (mod 8), which are cases that can
- be handled deterministically).
- [Lenka Fibikova <fibikova at exp-math.uni-essen.de>, Bodo Moeller]
-
- *) Make BN_mod_inverse faster by explicitly handling small quotients
- in the Euclid loop. (Speed gain about 20% for small moduli [256 or
- 512 bits], about 30% for larger ones [1024 or 2048 bits].)
- [Bodo Moeller]
-
- *) New function BN_kronecker.
- [Bodo Moeller]
-
- *) Fix BN_gcd so that it works on negative inputs; the result is
- positive unless both parameters are zero.
- Previously something reasonably close to an infinite loop was
- possible because numbers could be growing instead of shrinking
- in the implementation of Euclid's algorithm.
- [Bodo Moeller]
-
- *) Fix BN_is_word() and BN_is_one() macros to take into account the
- sign of the number in question.
-
- Fix BN_is_word(a,w) to work correctly for w == 0.
-
- The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
- because its test if the absolute value of 'a' equals 'w'.
- Note that BN_abs_is_word does *not* handle w == 0 reliably;
- it exists mostly for use in the implementations of BN_is_zero(),
- BN_is_one(), and BN_is_word().
- [Bodo Moeller]
-
- *) New function BN_swap.
- [Bodo Moeller]
-
- *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
- the exponentiation functions are more likely to produce reasonable
- results on negative inputs.
- [Bodo Moeller]
-
- *) Change BN_mod_mul so that the result is always non-negative.
- Previously, it could be negative if one of the factors was negative;
- I don't think anyone really wanted that behaviour.
- [Bodo Moeller]
-
- *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
- (except for exponentiation, which stays in crypto/bn/bn_exp.c,
- and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
- and add new functions:
-
- BN_nnmod
- BN_mod_sqr
- BN_mod_add
- BN_mod_add_quick
- BN_mod_sub
- BN_mod_sub_quick
- BN_mod_lshift1
- BN_mod_lshift1_quick
- BN_mod_lshift
- BN_mod_lshift_quick
-
- These functions always generate non-negative results.
-
- BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r
- such that |m| < r < 0, BN_nnmod will output rem + |m| instead).
-
- BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
- BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b]
- be reduced modulo m.
- [Lenka Fibikova <fibikova at exp-math.uni-essen.de>, Bodo Moeller]
-
-#if 0
- The following entry accidentily appeared in the CHANGES file
- distributed with OpenSSL 0.9.7. The modifications described in
- it do *not* apply to OpenSSL 0.9.7.
-
- *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
- was actually never needed) and in BN_mul(). The removal in BN_mul()
- required a small change in bn_mul_part_recursive() and the addition
- of the functions bn_cmp_part_words(), bn_sub_part_words() and
- bn_add_part_words(), which do the same thing as bn_cmp_words(),
- bn_sub_words() and bn_add_words() except they take arrays with
- differing sizes.
- [Richard Levitte]
-#endif
-
- *) In 'openssl passwd', verify passwords read from the terminal
- unless the '-salt' option is used (which usually means that
- verification would just waste user's time since the resulting
- hash is going to be compared with some given password hash)
- or the new '-noverify' option is used.
-
- This is an incompatible change, but it does not affect
- non-interactive use of 'openssl passwd' (passwords on the command
- line, '-stdin' option, '-in ...' option) and thus should not
- cause any problems.
- [Bodo Moeller]
-
- *) Remove all references to RSAref, since there's no more need for it.
- [Richard Levitte]
-
- *) Make DSO load along a path given through an environment variable
- (SHLIB_PATH) with shl_load().
- [Richard Levitte]
-
- *) Constify the ENGINE code as a result of BIGNUM constification.
- Also constify the RSA code and most things related to it. In a
- few places, most notable in the depth of the ASN.1 code, ugly
- casts back to non-const were required (to be solved at a later
- time)
- [Richard Levitte]
-
- *) Make it so the openssl application has all engines loaded by default.
- [Richard Levitte]
-
- *) Constify the BIGNUM routines a little more.
- [Richard Levitte]
-
- *) Add the following functions:
-
- ENGINE_load_cswift()
- ENGINE_load_chil()
- ENGINE_load_atalla()
- ENGINE_load_nuron()
- ENGINE_load_builtin_engines()
-
- That way, an application can itself choose if external engines that
- are built-in in OpenSSL shall ever be used or not. The benefit is
- that applications won't have to be linked with libdl or other dso
- libraries unless it's really needed.
-
- Changed 'openssl engine' to load all engines on demand.
- Changed the engine header files to avoid the duplication of some
- declarations (they differed!).
- [Richard Levitte]
-
- *) 'openssl engine' can now list capabilities.
- [Richard Levitte]
-
- *) Better error reporting in 'openssl engine'.
- [Richard Levitte]
-
- *) Never call load_dh_param(NULL) in s_server.
- [Bodo Moeller]
-
- *) Add engine application. It can currently list engines by name and
- identity, and test if they are actually available.
- [Richard Levitte]
-
- *) Improve RPM specification file by forcing symbolic linking and making
- sure the installed documentation is also owned by root.root.
- [Damien Miller <djm at mindrot.org>]
-
- *) Give the OpenSSL applications more possibilities to make use of
- keys (public as well as private) handled by engines.
- [Richard Levitte]
-
- *) Add OCSP code that comes from CertCo.
- [Richard Levitte]
-
- *) Add VMS support for the Rijndael code.
- [Richard Levitte]
-
- *) Added untested support for Nuron crypto accelerator.
- [Ben Laurie]
-
- *) Add support for external cryptographic devices. This code was
- previously distributed separately as the "engine" branch.
- [Geoff Thorpe, Richard Levitte]
-
- *) Rework the filename-translation in the DSO code. It is now possible to
- have far greater control over how a "name" is turned into a filename
- depending on the operating environment and any oddities about the
- different shared library filenames on each system.
- [Geoff Thorpe]
-
- *) Support threads on FreeBSD-elf in Configure.
- [Richard Levitte]
-
- *) Fix for SHA1 assembly problem with MASM: it produces
- warnings about corrupt line number information when assembling
- with debugging information. This is caused by the overlapping
- of two sections.
- [Bernd Matthes <mainbug at celocom.de>, Steve Henson]
-
- *) NCONF changes.
- NCONF_get_number() has no error checking at all. As a replacement,
- NCONF_get_number_e() is defined (_e for "error checking") and is
- promoted strongly. The old NCONF_get_number is kept around for
- binary backward compatibility.
- Make it possible for methods to load from something other than a BIO,
- by providing a function pointer that is given a name instead of a BIO.
- For example, this could be used to load configuration data from an
- LDAP server.
- [Richard Levitte]
-
- *) Fix for non blocking accept BIOs. Added new I/O special reason
- BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
- with non blocking I/O was not possible because no retry code was
- implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
- this case.
- [Steve Henson]
-
- *) Added the beginnings of Rijndael support.
- [Ben Laurie]
-
- *) Fix for bug in DirectoryString mask setting. Add support for
- X509_NAME_print_ex() in 'req' and X509_print_ex() function
- to allow certificate printing to more controllable, additional
- 'certopt' option to 'x509' to allow new printing options to be
- set.
- [Steve Henson]
-
- *) Clean old EAY MD5 hack from e_os.h.
- [Richard Levitte]
-
- Changes between 0.9.6l and 0.9.6m [17 Mar 2004]
-
- *) Fix null-pointer assignment in do_change_cipher_spec() revealed
- by using the Codenomicon TLS Test Tool (CVE-2004-0079)
- [Joe Orton, Steve Henson]
-
- Changes between 0.9.6k and 0.9.6l [04 Nov 2003]
-
- *) Fix additional bug revealed by the NISCC test suite:
-
- Stop bug triggering large recursion when presented with
- certain ASN.1 tags (CVE-2003-0851)
- [Steve Henson]
-
- Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
-
- *) Fix various bugs revealed by running the NISCC test suite:
-
- Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CVE-2003-0543 and CVE-2003-0544).
-
- If verify callback ignores invalid public key errors don't try to check
- certificate signature with the NULL public key.
-
- [Steve Henson]
-
- *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
- if the server requested one: as stated in TLS 1.0 and SSL 3.0
- specifications.
- [Steve Henson]
-
- *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
- extra data after the compression methods not only for TLS 1.0
- but also for SSL 3.0 (as required by the specification).
- [Bodo Moeller; problem pointed out by Matthias Loepfe]
-
- *) Change X509_certificate_type() to mark the key as exported/exportable
- when it's 512 *bits* long, not 512 bytes.
- [Richard Levitte]
-
- Changes between 0.9.6i and 0.9.6j [10 Apr 2003]
-
- *) Countermeasure against the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack on PKCS #1 v1.5 padding: treat
- a protocol version number mismatch like a decryption error
- in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
- [Bodo Moeller]
-
- *) Turn on RSA blinding by default in the default implementation
- to avoid a timing attack. Applications that don't want it can call
- RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
- They would be ill-advised to do so in most cases.
- [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
-
- *) Change RSA blinding code so that it works when the PRNG is not
- seeded (in this case, the secret RSA exponent is abused as
- an unpredictable seed -- if it is not unpredictable, there
- is no point in blinding anyway). Make RSA blinding thread-safe
- by remembering the creator's thread ID in rsa->blinding and
- having all other threads use local one-time blinding factors
- (this requires more computation than sharing rsa->blinding, but
- avoids excessive locking; and if an RSA object is not shared
- between threads, blinding will still be very fast).
- [Bodo Moeller]
-
- Changes between 0.9.6h and 0.9.6i [19 Feb 2003]
-
- *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
- via timing by performing a MAC computation even if incorrrect
- block cipher padding has been found. This is a countermeasure
- against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CVE-2003-0078)
-
- [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
- Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
- Martin Vuagnoux (EPFL, Ilion)]
-
- Changes between 0.9.6g and 0.9.6h [5 Dec 2002]
-
- *) New function OPENSSL_cleanse(), which is used to cleanse a section of
- memory from it's contents. This is done with a counter that will
- place alternating values in each byte. This can be used to solve
- two issues: 1) the removal of calls to memset() by highly optimizing
- compilers, and 2) cleansing with other values than 0, since those can
- be read through on certain media, for example a swap space on disk.
- [Geoff Thorpe]
-
- *) Bugfix: client side session caching did not work with external caching,
- because the session->cipher setting was not restored when reloading
- from the external cache. This problem was masked, when
- SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
- (Found by Steve Haslam <steve at araqnid.ddts.net>.)
- [Lutz Jaenicke]
-
- *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
- length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
- [Zeev Lieber <zeev-l at yahoo.com>]
-
- *) Undo an undocumented change introduced in 0.9.6e which caused
- repeated calls to OpenSSL_add_all_ciphers() and
- OpenSSL_add_all_digests() to be ignored, even after calling
- EVP_cleanup().
- [Richard Levitte]
-
- *) Change the default configuration reader to deal with last line not
- being properly terminated.
- [Richard Levitte]
-
- *) Change X509_NAME_cmp() so it applies the special rules on handling
- DN values that are of type PrintableString, as well as RDNs of type
- emailAddress where the value has the type ia5String.
- [stefank at valicert.com via Richard Levitte]
-
- *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
- the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
- doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
- the bitwise-OR of the two for use by the majority of applications
- wanting this behaviour, and update the docs. The documented
- behaviour and actual behaviour were inconsistent and had been
- changing anyway, so this is more a bug-fix than a behavioural
- change.
- [Geoff Thorpe, diagnosed by Nadav Har'El]
-
- *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
- (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
- [Bodo Moeller]
-
- *) Fix initialization code race conditions in
- SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(),
- SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(),
- SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(),
- TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(),
- ssl2_get_cipher_by_char(),
- ssl3_get_cipher_by_char().
- [Patrick McCormick <patrick at tellme.com>, Bodo Moeller]
-
- *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
- the cached sessions are flushed, as the remove_cb() might use ex_data
- contents. Bug found by Sam Varshavchik <mrsam at courier-mta.com>
- (see [openssl.org #212]).
- [Geoff Thorpe, Lutz Jaenicke]
-
- *) Fix typo in OBJ_txt2obj which incorrectly passed the content
- length, instead of the encoding length to d2i_ASN1_OBJECT.
- [Steve Henson]
-
- Changes between 0.9.6f and 0.9.6g [9 Aug 2002]
-
- *) [In 0.9.6g-engine release:]
- Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
- [Lynn Gazis <lgazis at rainbow.com>]
-
- Changes between 0.9.6e and 0.9.6f [8 Aug 2002]
-
- *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
- and get fix the header length calculation.
- [Florian Weimer <Weimer at CERT.Uni-Stuttgart.DE>,
- Alon Kantor <alonk at checkpoint.com> (and others),
- Steve Henson]
-
- *) Use proper error handling instead of 'assertions' in buffer
- overflow checks added in 0.9.6e. This prevents DoS (the
- assertions could call abort()).
- [Arne Ansper <arne at ats.cyber.ee>, Bodo Moeller]
-
- Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
-
- *) Add various sanity checks to asn1_get_length() to reject
- the ASN1 length bytes if they exceed sizeof(long), will appear
- negative or the content length exceeds the length of the
- supplied buffer.
- [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
-
- *) Fix cipher selection routines: ciphers without encryption had no flags
- for the cipher strength set and where therefore not handled correctly
- by the selection routines (PR #130).
- [Lutz Jaenicke]
-
- *) Fix EVP_dsa_sha macro.
- [Nils Larsch]
-
- *) New option
- SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
- for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
- that was added in OpenSSL 0.9.6d.
-
- As the countermeasure turned out to be incompatible with some
- broken SSL implementations, the new option is part of SSL_OP_ALL.
- SSL_OP_ALL is usually employed when compatibility with weird SSL
- implementations is desired (e.g. '-bugs' option to 's_client' and
- 's_server'), so the new option is automatically set in many
- applications.
- [Bodo Moeller]
-
- *) Changes in security patch:
-
- Changes marked "(CHATS)" were sponsored by the Defense Advanced
- Research Projects Agency (DARPA) and Air Force Research Laboratory,
- Air Force Materiel Command, USAF, under agreement number
- F30602-01-2-0537.
-
- *) Add various sanity checks to asn1_get_length() to reject
- the ASN1 length bytes if they exceed sizeof(long), will appear
- negative or the content length exceeds the length of the
- supplied buffer. (CVE-2002-0659)
- [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
-
- *) Assertions for various potential buffer overflows, not known to
- happen in practice.
- [Ben Laurie (CHATS)]
-
- *) Various temporary buffers to hold ASCII versions of integers were
- too small for 64 bit platforms. (CVE-2002-0655)
- [Matthew Byng-Maddick <mbm at aldigital.co.uk> and Ben Laurie (CHATS)>
-
- *) Remote buffer overflow in SSL3 protocol - an attacker could
- supply an oversized session ID to a client. (CVE-2002-0656)
- [Ben Laurie (CHATS)]
-
- *) Remote buffer overflow in SSL2 protocol - an attacker could
- supply an oversized client master key. (CVE-2002-0656)
- [Ben Laurie (CHATS)]
-
- Changes between 0.9.6c and 0.9.6d [9 May 2002]
-
- *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
- encoded as NULL) with id-dsa-with-sha1.
- [Nils Larsch <nla at trustcenter.de>; problem pointed out by Bodo Moeller]
-
- *) Check various X509_...() return values in apps/req.c.
- [Nils Larsch <nla at trustcenter.de>]
-
- *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
- an end-of-file condition would erronously be flagged, when the CRLF
- was just at the end of a processed block. The bug was discovered when
- processing data through a buffering memory BIO handing the data to a
- BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
- <ptsekov at syntrex.com> and Nedelcho Stanev.
- [Lutz Jaenicke]
-
- *) Implement a countermeasure against a vulnerability recently found
- in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
- before application data chunks to avoid the use of known IVs
- with data potentially chosen by the attacker.
- [Bodo Moeller]
-
- *) Fix length checks in ssl3_get_client_hello().
- [Bodo Moeller]
-
- *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
- to prevent ssl3_read_internal() from incorrectly assuming that
- ssl3_read_bytes() found application data while handshake
- processing was enabled when in fact s->s3->in_read_app_data was
- merely automatically cleared during the initial handshake.
- [Bodo Moeller; problem pointed out by Arne Ansper <arne at ats.cyber.ee>]
-
- *) Fix object definitions for Private and Enterprise: they were not
- recognized in their shortname (=lowercase) representation. Extend
- obj_dat.pl to issue an error when using undefined keywords instead
- of silently ignoring the problem (Svenning Sorensen
- <sss at sss.dnsalias.net>).
- [Lutz Jaenicke]
-
- *) Fix DH_generate_parameters() so that it works for 'non-standard'
- generators, i.e. generators other than 2 and 5. (Previously, the
- code did not properly initialise the 'add' and 'rem' values to
- BN_generate_prime().)
-
- In the new general case, we do not insist that 'generator' is
- actually a primitive root: This requirement is rather pointless;
- a generator of the order-q subgroup is just as good, if not
- better.
- [Bodo Moeller]
-
- *) Map new X509 verification errors to alerts. Discovered and submitted by
- Tom Wu <tom at arcot.com>.
- [Lutz Jaenicke]
-
- *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
- returning non-zero before the data has been completely received
- when using non-blocking I/O.
- [Bodo Moeller; problem pointed out by John Hughes]
-
- *) Some of the ciphers missed the strength entry (SSL_LOW etc).
- [Ben Laurie, Lutz Jaenicke]
-
- *) Fix bug in SSL_clear(): bad sessions were not removed (found by
- Yoram Zahavi <YoramZ at gilian.com>).
- [Lutz Jaenicke]
-
- *) Add information about CygWin 1.3 and on, and preserve proper
- configuration for the versions before that.
- [Corinna Vinschen <vinschen at redhat.com> and Richard Levitte]
-
- *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
- check whether we deal with a copy of a session and do not delete from
- the cache in this case. Problem reported by "Izhar Shoshani Levi"
- <izhar at checkpoint.com>.
- [Lutz Jaenicke]
-
- *) Do not store session data into the internal session cache, if it
- is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
- flag is set). Proposed by Aslam <aslam at funk.com>.
- [Lutz Jaenicke]
-
- *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
- value is 0.
- [Richard Levitte]
-
- *) [In 0.9.6d-engine release:]
- Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
- [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
-
- *) Add the configuration target linux-s390x.
- [Neale Ferguson <Neale.Ferguson at SoftwareAG-USA.com> via Richard Levitte]
-
- *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
- ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
- variable as an indication that a ClientHello message has been
- received. As the flag value will be lost between multiple
- invocations of ssl3_accept when using non-blocking I/O, the
- function may not be aware that a handshake has actually taken
- place, thus preventing a new session from being added to the
- session cache.
-
- To avoid this problem, we now set s->new_session to 2 instead of
- using a local variable.
- [Lutz Jaenicke, Bodo Moeller]
-
- *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
- if the SSL_R_LENGTH_MISMATCH error is detected.
- [Geoff Thorpe, Bodo Moeller]
-
- *) New 'shared_ldflag' column in Configure platform table.
- [Richard Levitte]
-
- *) Fix EVP_CIPHER_mode macro.
- ["Dan S. Camper" <dan at bti.net>]
-
- *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
- type, we must throw them away by setting rr->length to 0.
- [D P Chang <dpc at qualys.com>]
-
- Changes between 0.9.6b and 0.9.6c [21 dec 2001]
-
- *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
- <Dominikus.Scherkl at biodata.com>. (The previous implementation
- worked incorrectly for those cases where range = 10..._2 and
- 3*range is two bits longer than range.)
- [Bodo Moeller]
-
- *) Only add signing time to PKCS7 structures if it is not already
- present.
- [Steve Henson]
-
- *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
- OBJ_ld_ce should be OBJ_id_ce.
- Also some ip-pda OIDs in crypto/objects/objects.txt were
- incorrect (cf. RFC 3039).
- [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
-
- *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
- returns early because it has nothing to do.
- [Andy Schneider <andy.schneider at bjss.co.uk>]
-
- *) [In 0.9.6c-engine release:]
- Fix mutex callback return values in crypto/engine/hw_ncipher.c.
- [Andy Schneider <andy.schneider at bjss.co.uk>]
-
- *) [In 0.9.6c-engine release:]
- Add support for Cryptographic Appliance's keyserver technology.
- (Use engine 'keyclient')
- [Cryptographic Appliances and Geoff Thorpe]
-
- *) Add a configuration entry for OS/390 Unix. The C compiler 'c89'
- is called via tools/c89.sh because arguments have to be
- rearranged (all '-L' options must appear before the first object
- modules).
- [Richard Shapiro <rshapiro at abinitio.com>]
-
- *) [In 0.9.6c-engine release:]
- Add support for Broadcom crypto accelerator cards, backported
- from 0.9.7.
- [Broadcom, Nalin Dahyabhai <nalin at redhat.com>, Mark Cox]
-
- *) [In 0.9.6c-engine release:]
- Add support for SureWare crypto accelerator cards from
- Baltimore Technologies. (Use engine 'sureware')
- [Baltimore Technologies and Mark Cox]
-
- *) [In 0.9.6c-engine release:]
- Add support for crypto accelerator cards from Accelerated
- Encryption Processing, www.aep.ie. (Use engine 'aep')
- [AEP Inc. and Mark Cox]
-
- *) Add a configuration entry for gcc on UnixWare.
- [Gary Benson <gbenson at redhat.com>]
-
- *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
- messages are stored in a single piece (fixed-length part and
- variable-length part combined) and fix various bugs found on the way.
- [Bodo Moeller]
-
- *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
- instead. BIO_gethostbyname() does not know what timeouts are
- appropriate, so entries would stay in cache even when they have
- become invalid.
- [Bodo Moeller; problem pointed out by Rich Salz <rsalz at zolera.com>
-
- *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
- faced with a pathologically small ClientHello fragment that does
- not contain client_version: Instead of aborting with an error,
- simply choose the highest available protocol version (i.e.,
- TLS 1.0 unless it is disabled). In practice, ClientHello
- messages are never sent like this, but this change gives us
- strictly correct behaviour at least for TLS.
- [Bodo Moeller]
-
- *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
- never resets s->method to s->ctx->method when called from within
- one of the SSL handshake functions.
- [Bodo Moeller; problem pointed out by Niko Baric]
-
- *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
- (sent using the client's version number) if client_version is
- smaller than the protocol version in use. Also change
- ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
- the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
- the client will at least see that alert.
- [Bodo Moeller]
-
- *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
- correctly.
- [Bodo Moeller]
-
- *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
- client receives HelloRequest while in a handshake.
- [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider at bjss.co.uk>]
-
- *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
- should end in 'break', not 'goto end' which circuments various
- cleanups done in state SSL_ST_OK. But session related stuff
- must be disabled for SSL_ST_OK in the case that we just sent a
- HelloRequest.
-
- Also avoid some overhead by not calling ssl_init_wbio_buffer()
- before just sending a HelloRequest.
- [Bodo Moeller, Eric Rescorla <ekr at rtfm.com>]
-
- *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
- reveal whether illegal block cipher padding was found or a MAC
- verification error occured. (Neither SSLerr() codes nor alerts
- are directly visible to potential attackers, but the information
- may leak via logfiles.)
-
- Similar changes are not required for the SSL 2.0 implementation
- because the number of padding bytes is sent in clear for SSL 2.0,
- and the extra bytes are just ignored. However ssl/s2_pkt.c
- failed to verify that the purported number of padding bytes is in
- the legal range.
- [Bodo Moeller]
-
- *) Add OpenUNIX-8 support including shared libraries
- (Boyd Lynn Gerber <gerberb at zenez.com>).
- [Lutz Jaenicke]
-
- *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
- 'wristwatch attack' using huge encoding parameters (cf.
- James H. Manger's CRYPTO 2001 paper). Note that the
- RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
- encoding parameters and hence was not vulnerable.
- [Bodo Moeller]
-
- *) BN_sqr() bug fix.
- [Ulf M\xF6ller, reported by Jim Ellis <jim.ellis at cavium.com>]
-
- *) Rabin-Miller test analyses assume uniformly distributed witnesses,
- so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
- followed by modular reduction.
- [Bodo Moeller; pointed out by Adam Young <AYoung1 at NCSUS.JNJ.COM>]
-
- *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
- equivalent based on BN_pseudo_rand() instead of BN_rand().
- [Bodo Moeller]
-
- *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
- This function was broken, as the check for a new client hello message
- to handle SGC did not allow these large messages.
- (Tracked down by "Douglas E. Engert" <deengert at anl.gov>.)
- [Lutz Jaenicke]
-
- *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
- [Lutz Jaenicke]
-
- *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
- for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton at netopia.com>).
- [Lutz Jaenicke]
-
- *) Rework the configuration and shared library support for Tru64 Unix.
- The configuration part makes use of modern compiler features and
- still retains old compiler behavior for those that run older versions
- of the OS. The shared library support part includes a variant that
- uses the RPATH feature, and is available through the special
- configuration target "alpha-cc-rpath", which will never be selected
- automatically.
- [Tim Mooney <mooney at dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
-
- *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
- with the same message size as in ssl3_get_certificate_request().
- Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
- messages might inadvertently be reject as too long.
- [Petr Lampa <lampa at fee.vutbr.cz>]
-
- *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
- [Andy Polyakov]
-
- *) Modified SSL library such that the verify_callback that has been set
- specificly for an SSL object with SSL_set_verify() is actually being
- used. Before the change, a verify_callback set with this function was
- ignored and the verify_callback() set in the SSL_CTX at the time of
- the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
- to allow the necessary settings.
- [Lutz Jaenicke]
-
- *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
- explicitly to NULL, as at least on Solaris 8 this seems not always to be
- done automatically (in contradiction to the requirements of the C
- standard). This made problems when used from OpenSSH.
- [Lutz Jaenicke]
-
- *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
- dh->length and always used
-
- BN_rand_range(priv_key, dh->p).
-
- BN_rand_range() is not necessary for Diffie-Hellman, and this
- specific range makes Diffie-Hellman unnecessarily inefficient if
- dh->length (recommended exponent length) is much smaller than the
- length of dh->p. We could use BN_rand_range() if the order of
- the subgroup was stored in the DH structure, but we only have
- dh->length.
-
- So switch back to
-
- BN_rand(priv_key, l, ...)
-
- where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
- otherwise.
- [Bodo Moeller]
-
- *) In
-
- RSA_eay_public_encrypt
- RSA_eay_private_decrypt
- RSA_eay_private_encrypt (signing)
- RSA_eay_public_decrypt (signature verification)
-
- (default implementations for RSA_public_encrypt,
- RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
- always reject numbers >= n.
- [Bodo Moeller]
-
- *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
- to synchronize access to 'locking_thread'. This is necessary on
- systems where access to 'locking_thread' (an 'unsigned long'
- variable) is not atomic.
- [Bodo Moeller]
-
- *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
- *before* setting the 'crypto_lock_rand' flag. The previous code had
- a race condition if 0 is a valid thread ID.
- [Travis Vitek <vitek at roguewave.com>]
-
- *) Add support for shared libraries under Irix.
- [Albert Chin-A-Young <china at thewrittenword.com>]
-
- *) Add configuration option to build on Linux on both big-endian and
- little-endian MIPS.
- [Ralf Baechle <ralf at uni-koblenz.de>]
-
- *) Add the possibility to create shared libraries on HP-UX.
- [Richard Levitte]
-
- Changes between 0.9.6a and 0.9.6b [9 Jul 2001]
-
- *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
- to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
- Markku-Juhani O. Saarinen <markku-juhani.saarinen at nokia.com>:
- PRNG state recovery was possible based on the output of
- one PRNG request appropriately sized to gain knowledge on
- 'md' followed by enough consecutive 1-byte PRNG requests
- to traverse all of 'state'.
-
- 1. When updating 'md_local' (the current thread's copy of 'md')
- during PRNG output generation, hash all of the previous
- 'md_local' value, not just the half used for PRNG output.
-
- 2. Make the number of bytes from 'state' included into the hash
- independent from the number of PRNG bytes requested.
-
- The first measure alone would be sufficient to avoid
- Markku-Juhani's attack. (Actually it had never occurred
- to me that the half of 'md_local' used for chaining was the
- half from which PRNG output bytes were taken -- I had always
- assumed that the secret half would be used.) The second
- measure makes sure that additional data from 'state' is never
- mixed into 'md_local' in small portions; this heuristically
- further strengthens the PRNG.
- [Bodo Moeller]
-
- *) Fix crypto/bn/asm/mips3.s.
- [Andy Polyakov]
-
- *) When only the key is given to "enc", the IV is undefined. Print out
- an error message in this case.
- [Lutz Jaenicke]
-
- *) Handle special case when X509_NAME is empty in X509 printing routines.
- [Steve Henson]
-
- *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
- positive and less than q.
- [Bodo Moeller]
-
- *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
- used: it isn't thread safe and the add_lock_callback should handle
- that itself.
- [Paul Rose <Paul.Rose at bridge.com>]
-
- *) Verify that incoming data obeys the block size in
- ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
- [Bodo Moeller]
-
- *) Fix OAEP check.
- [Ulf M\xF6ller, Bodo M\xF6ller]
-
- *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
- RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
- when fixing the server behaviour for backwards-compatible 'client
- hello' messages. (Note that the attack is impractical against
- SSL 3.0 and TLS 1.0 anyway because length and version checking
- means that the probability of guessing a valid ciphertext is
- around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
- paper.)
-
- Before 0.9.5, the countermeasure (hide the error by generating a
- random 'decryption result') did not work properly because
- ERR_clear_error() was missing, meaning that SSL_get_error() would
- detect the supposedly ignored error.
-
- Both problems are now fixed.
- [Bodo Moeller]
-
- *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
- (previously it was 1024).
- [Bodo Moeller]
-
- *) Fix for compatibility mode trust settings: ignore trust settings
- unless some valid trust or reject settings are present.
- [Steve Henson]
-
- *) Fix for blowfish EVP: its a variable length cipher.
- [Steve Henson]
-
- *) Fix various bugs related to DSA S/MIME verification. Handle missing
- parameters in DSA public key structures and return an error in the
- DSA routines if parameters are absent.
- [Steve Henson]
-
- *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
- in the current directory if neither $RANDFILE nor $HOME was set.
- RAND_file_name() in 0.9.6a returned NULL in this case. This has
- caused some confusion to Windows users who haven't defined $HOME.
- Thus RAND_file_name() is changed again: e_os.h can define a
- DEFAULT_HOME, which will be used if $HOME is not set.
- For Windows, we use "C:"; on other platforms, we still require
- environment variables.
-
- *) Move 'if (!initialized) RAND_poll()' into regions protected by
- CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids
- having multiple threads call RAND_poll() concurrently.
- [Bodo Moeller]
-
- *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
- combination of a flag and a thread ID variable.
- Otherwise while one thread is in ssleay_rand_bytes (which sets the
- flag), *other* threads can enter ssleay_add_bytes without obeying
- the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
- that they do not hold after the first thread unsets add_do_not_lock).
- [Bodo Moeller]
-
- *) Change bctest again: '-x' expressions are not available in all
- versions of 'test'.
- [Bodo Moeller]
-
- Changes between 0.9.6 and 0.9.6a [5 Apr 2001]
-
- *) Fix a couple of memory leaks in PKCS7_dataDecode()
- [Steve Henson, reported by Heyun Zheng <hzheng at atdsprint.com>]
-
- *) Change Configure and Makefiles to provide EXE_EXT, which will contain
- the default extension for executables, if any. Also, make the perl
- scripts that use symlink() to test if it really exists and use "cp"
- if it doesn't. All this made OpenSSL compilable and installable in
- CygWin.
- [Richard Levitte]
-
- *) Fix for asn1_GetSequence() for indefinite length constructed data.
- If SEQUENCE is length is indefinite just set c->slen to the total
- amount of data available.
- [Steve Henson, reported by shige at FreeBSD.org]
- [This change does not apply to 0.9.7.]
-
- *) Change bctest to avoid here-documents inside command substitution
- (workaround for FreeBSD /bin/sh bug).
- For compatibility with Ultrix, avoid shell functions (introduced
- in the bctest version that searches along $PATH).
- [Bodo Moeller]
-
- *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
- with des_encrypt() defined on some operating systems, like Solaris
- and UnixWare.
- [Richard Levitte]
-
- *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
- On the Importance of Eliminating Errors in Cryptographic
- Computations, J. Cryptology 14 (2001) 2, 101-119,
- http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
- [Ulf Moeller]
-
- *) MIPS assembler BIGNUM division bug fix.
- [Andy Polyakov]
-
- *) Disabled incorrect Alpha assembler code.
- [Richard Levitte]
-
- *) Fix PKCS#7 decode routines so they correctly update the length
- after reading an EOC for the EXPLICIT tag.
- [Steve Henson]
- [This change does not apply to 0.9.7.]
-
- *) Fix bug in PKCS#12 key generation routines. This was triggered
- if a 3DES key was generated with a 0 initial byte. Include
- PKCS12_BROKEN_KEYGEN compilation option to retain the old
- (but broken) behaviour.
- [Steve Henson]
-
- *) Enhance bctest to search for a working bc along $PATH and print
- it when found.
- [Tim Rice <tim at multitalents.net> via Richard Levitte]
-
- *) Fix memory leaks in err.c: free err_data string if necessary;
- don't write to the wrong index in ERR_set_error_data.
- [Bodo Moeller]
-
- *) Implement ssl23_peek (analogous to ssl23_read), which previously
- did not exist.
- [Bodo Moeller]
-
- *) Replace rdtsc with _emit statements for VC++ version 5.
- [Jeremy Cooper <jeremy at baymoo.org>]
-
- *) Make it possible to reuse SSLv2 sessions.
- [Richard Levitte]
-
- *) In copy_email() check for >= 0 as a return value for
- X509_NAME_get_index_by_NID() since 0 is a valid index.
- [Steve Henson reported by Massimiliano Pala <madwolf at opensca.org>]
-
- *) Avoid coredump with unsupported or invalid public keys by checking if
- X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
- PKCS7_verify() fails with non detached data.
- [Steve Henson]
-
- *) Don't use getenv in library functions when run as setuid/setgid.
- New function OPENSSL_issetugid().
- [Ulf Moeller]
-
- *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
- due to incorrect handling of multi-threading:
-
- 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
-
- 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
-
- 3. Count how many times MemCheck_off() has been called so that
- nested use can be treated correctly. This also avoids
- inband-signalling in the previous code (which relied on the
- assumption that thread ID 0 is impossible).
- [Bodo Moeller]
-
- *) Add "-rand" option also to s_client and s_server.
- [Lutz Jaenicke]
-
- *) Fix CPU detection on Irix 6.x.
- [Kurt Hockenbury <khockenb at stevens-tech.edu> and
- "Bruce W. Forsberg" <bruce.forsberg at baesystems.com>]
-
- *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
- was empty.
- [Steve Henson]
- [This change does not apply to 0.9.7.]
-
- *) Use the cached encoding of an X509_NAME structure rather than
- copying it. This is apparently the reason for the libsafe "errors"
- but the code is actually correct.
- [Steve Henson]
-
- *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
- Bleichenbacher's DSA attack.
- Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
- to be set and top=0 forces the highest bit to be set; top=-1 is new
- and leaves the highest bit random.
- [Ulf Moeller, Bodo Moeller]
-
- *) In the NCONF_...-based implementations for CONF_... queries
- (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
- a temporary CONF structure with the data component set to NULL
- (which gives segmentation faults in lh_retrieve).
- Instead, use NULL for the CONF pointer in CONF_get_string and
- CONF_get_number (which may use environment variables) and directly
- return NULL from CONF_get_section.
- [Bodo Moeller]
-
- *) Fix potential buffer overrun for EBCDIC.
- [Ulf Moeller]
-
- *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
- keyUsage if basicConstraints absent for a CA.
- [Steve Henson]
-
- *) Make SMIME_write_PKCS7() write mail header values with a format that
- is more generally accepted (no spaces before the semicolon), since
- some programs can't parse those values properly otherwise. Also make
- sure BIO's that break lines after each write do not create invalid
- headers.
- [Richard Levitte]
-
- *) Make the CRL encoding routines work with empty SEQUENCE OF. The
- macros previously used would not encode an empty SEQUENCE OF
- and break the signature.
- [Steve Henson]
- [This change does not apply to 0.9.7.]
-
- *) Zero the premaster secret after deriving the master secret in
- DH ciphersuites.
- [Steve Henson]
-
- *) Add some EVP_add_digest_alias registrations (as found in
- OpenSSL_add_all_digests()) to SSL_library_init()
- aka OpenSSL_add_ssl_algorithms(). This provides improved
- compatibility with peers using X.509 certificates
- with unconventional AlgorithmIdentifier OIDs.
- [Bodo Moeller]
-
- *) Fix for Irix with NO_ASM.
- ["Bruce W. Forsberg" <bruce.forsberg at baesystems.com>]
-
- *) ./config script fixes.
- [Ulf Moeller, Richard Levitte]
-
- *) Fix 'openssl passwd -1'.
- [Bodo Moeller]
-
- *) Change PKCS12_key_gen_asc() so it can cope with non null
- terminated strings whose length is passed in the passlen
- parameter, for example from PEM callbacks. This was done
- by adding an extra length parameter to asc2uni().
- [Steve Henson, reported by <oddissey at samsung.co.kr>]
-
- *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
- call failed, free the DSA structure.
- [Bodo Moeller]
-
- *) Fix to uni2asc() to cope with zero length Unicode strings.
- These are present in some PKCS#12 files.
- [Steve Henson]
-
- *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
- Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
- when writing a 32767 byte record.
- [Bodo Moeller; problem reported by Eric Day <eday at concentric.net>]
-
- *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
- obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
-
- (RSA objects have a reference count access to which is protected
- by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
- so they are meant to be shared between threads.)
- [Bodo Moeller, Geoff Thorpe; original patch submitted by
- "Reddie, Steven" <Steven.Reddie at ca.com>]
-
- *) Fix a deadlock in CRYPTO_mem_leaks().
- [Bodo Moeller]
-
- *) Use better test patterns in bntest.
- [Ulf M\xF6ller]
-
- *) rand_win.c fix for Borland C.
- [Ulf M\xF6ller]
-
- *) BN_rshift bugfix for n == 0.
- [Bodo Moeller]
-
- *) Add a 'bctest' script that checks for some known 'bc' bugs
- so that 'make test' does not abort just because 'bc' is broken.
- [Bodo Moeller]
-
- *) Store verify_result within SSL_SESSION also for client side to
- avoid potential security hole. (Re-used sessions on the client side
- always resulted in verify_result==X509_V_OK, not using the original
- result of the server certificate verification.)
- [Lutz Jaenicke]
-
- *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
- SSL3_RT_APPLICATION_DATA, return 0.
- Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
- [Bodo Moeller]
-
- *) Fix SSL_peek:
- Both ssl2_peek and ssl3_peek, which were totally broken in earlier
- releases, have been re-implemented by renaming the previous
- implementations of ssl2_read and ssl3_read to ssl2_read_internal
- and ssl3_read_internal, respectively, and adding 'peek' parameters
- to them. The new ssl[23]_{read,peek} functions are calls to
- ssl[23]_read_internal with the 'peek' flag set appropriately.
- A 'peek' parameter has also been added to ssl3_read_bytes, which
- does the actual work for ssl3_read_internal.
- [Bodo Moeller]
-
- *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
- the method-specific "init()" handler. Also clean up ex_data after
- calling the method-specific "finish()" handler. Previously, this was
- happening the other way round.
- [Geoff Thorpe]
-
- *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
- The previous value, 12, was not always sufficient for BN_mod_exp().
- [Bodo Moeller]
-
- *) Make sure that shared libraries get the internal name engine with
- the full version number and not just 0. This should mark the
- shared libraries as not backward compatible. Of course, this should
- be changed again when we can guarantee backward binary compatibility.
- [Richard Levitte]
-
- *) Fix typo in get_cert_by_subject() in by_dir.c
- [Jean-Marc Desperrier <jean-marc.desperrier at certplus.com>]
-
- *) Rework the system to generate shared libraries:
-
- - Make note of the expected extension for the shared libraries and
- if there is a need for symbolic links from for example libcrypto.so.0
- to libcrypto.so.0.9.7. There is extended info in Configure for
- that.
-
- - Make as few rebuilds of the shared libraries as possible.
-
- - Still avoid linking the OpenSSL programs with the shared libraries.
-
- - When installing, install the shared libraries separately from the
- static ones.
- [Richard Levitte]
-
- *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
-
- Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
- and not in SSL_clear because the latter is also used by the
- accept/connect functions; previously, the settings made by
- SSL_set_read_ahead would be lost during the handshake.
- [Bodo Moeller; problems reported by Anders Gertz <gertz at epact.se>]
-
- *) Correct util/mkdef.pl to be selective about disabled algorithms.
- Previously, it would create entries for disableed algorithms no
- matter what.
- [Richard Levitte]
-
- *) Added several new manual pages for SSL_* function.
- [Lutz Jaenicke]
-
- Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
-
- *) In ssl23_get_client_hello, generate an error message when faced
- with an initial SSL 3.0/TLS record that is too small to contain the
- first two bytes of the ClientHello message, i.e. client_version.
- (Note that this is a pathologic case that probably has never happened
- in real life.) The previous approach was to use the version number
- from the record header as a substitute; but our protocol choice
- should not depend on that one because it is not authenticated
- by the Finished messages.
- [Bodo Moeller]
-
- *) More robust randomness gathering functions for Windows.
- [Jeffrey Altman <jaltman at columbia.edu>]
-
- *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
- not set then we don't setup the error code for issuer check errors
- to avoid possibly overwriting other errors which the callback does
- handle. If an application does set the flag then we assume it knows
- what it is doing and can handle the new informational codes
- appropriately.
- [Steve Henson]
-
- *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
- a general "ANY" type, as such it should be able to decode anything
- including tagged types. However it didn't check the class so it would
- wrongly interpret tagged types in the same way as their universal
- counterpart and unknown types were just rejected. Changed so that the
- tagged and unknown types are handled in the same way as a SEQUENCE:
- that is the encoding is stored intact. There is also a new type
- "V_ASN1_OTHER" which is used when the class is not universal, in this
- case we have no idea what the actual type is so we just lump them all
- together.
- [Steve Henson]
-
- *) On VMS, stdout may very well lead to a file that is written to
- in a record-oriented fashion. That means that every write() will
- write a separate record, which will be read separately by the
- programs trying to read from it. This can be very confusing.
-
- The solution is to put a BIO filter in the way that will buffer
- text until a linefeed is reached, and then write everything a
- line at a time, so every record written will be an actual line,
- not chunks of lines and not (usually doesn't happen, but I've
- seen it once) several lines in one record. BIO_f_linebuffer() is
- the answer.
-
- Currently, it's a VMS-only method, because that's where it has
- been tested well enough.
- [Richard Levitte]
-
- *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
- it can return incorrect results.
- (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
- but it was in 0.9.6-beta[12].)
- [Bodo Moeller]
-
- *) Disable the check for content being present when verifying detached
- signatures in pk7_smime.c. Some versions of Netscape (wrongly)
- include zero length content when signing messages.
- [Steve Henson]
-
- *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
- BIO_ctrl (for BIO pairs).
- [Bodo M\xF6ller]
-
- *) Add DSO method for VMS.
- [Richard Levitte]
-
- *) Bug fix: Montgomery multiplication could produce results with the
- wrong sign.
- [Ulf M\xF6ller]
-
- *) Add RPM specification openssl.spec and modify it to build three
- packages. The default package contains applications, application
- documentation and run-time libraries. The devel package contains
- include files, static libraries and function documentation. The
- doc package contains the contents of the doc directory. The original
- openssl.spec was provided by Damien Miller <djm at mindrot.org>.
- [Richard Levitte]
-
- *) Add a large number of documentation files for many SSL routines.
- [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>]
-
- *) Add a configuration entry for Sony News 4.
- [NAKAJI Hiroyuki <nakaji at tutrp.tut.ac.jp>]
-
- *) Don't set the two most significant bits to one when generating a
- random number < q in the DSA library.
- [Ulf M\xF6ller]
-
- *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default
- behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
- the underlying transport is blocking) if a handshake took place.
- (The default behaviour is needed by applications such as s_client
- and s_server that use select() to determine when to use SSL_read;
- but for applications that know in advance when to expect data, it
- just makes things more complicated.)
- [Bodo Moeller]
-
- *) Add RAND_egd_bytes(), which gives control over the number of bytes read
- from EGD.
- [Ben Laurie]
-
- *) Add a few more EBCDIC conditionals that make `req' and `x509'
- work better on such systems.
- [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
-
- *) Add two demo programs for PKCS12_parse() and PKCS12_create().
- Update PKCS12_parse() so it copies the friendlyName and the
- keyid to the certificates aux info.
- [Steve Henson]
-
- *) Fix bug in PKCS7_verify() which caused an infinite loop
- if there was more than one signature.
- [Sven Uszpelkat <su at celocom.de>]
-
- *) Major change in util/mkdef.pl to include extra information
- about each symbol, as well as presentig variables as well
- as functions. This change means that there's n more need
- to rebuild the .num files when some algorithms are excluded.
- [Richard Levitte]
-
- *) Allow the verify time to be set by an application,
- rather than always using the current time.
- [Steve Henson]
-
- *) Phase 2 verify code reorganisation. The certificate
- verify code now looks up an issuer certificate by a
- number of criteria: subject name, authority key id
- and key usage. It also verifies self signed certificates
- by the same criteria. The main comparison function is
- X509_check_issued() which performs these checks.
-
- Lot of changes were necessary in order to support this
- without completely rewriting the lookup code.
-
- Authority and subject key identifier are now cached.
-
- The LHASH 'certs' is X509_STORE has now been replaced
- by a STACK_OF(X509_OBJECT). This is mainly because an
- LHASH can't store or retrieve multiple objects with
- the same hash value.
-
- As a result various functions (which were all internal
- use only) have changed to handle the new X509_STORE
- structure. This will break anything that messed round
- with X509_STORE internally.
-
- The functions X509_STORE_add_cert() now checks for an
- exact match, rather than just subject name.
-
- The X509_STORE API doesn't directly support the retrieval
- of multiple certificates matching a given criteria, however
- this can be worked round by performing a lookup first
- (which will fill the cache with candidate certificates)
- and then examining the cache for matches. This is probably
- the best we can do without throwing out X509_LOOKUP
- entirely (maybe later...).
-
- The X509_VERIFY_CTX structure has been enhanced considerably.
-
- All certificate lookup operations now go via a get_issuer()
- callback. Although this currently uses an X509_STORE it
- can be replaced by custom lookups. This is a simple way
- to bypass the X509_STORE hackery necessary to make this
- work and makes it possible to use more efficient techniques
- in future. A very simple version which uses a simple
- STACK for its trusted certificate store is also provided
- using X509_STORE_CTX_trusted_stack().
-
- The verify_cb() and verify() callbacks now have equivalents
- in the X509_STORE_CTX structure.
-
- X509_STORE_CTX also has a 'flags' field which can be used
- to customise the verify behaviour.
- [Steve Henson]
-
- *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which
- excludes S/MIME capabilities.
- [Steve Henson]
-
- *) When a certificate request is read in keep a copy of the
- original encoding of the signed data and use it when outputing
- again. Signatures then use the original encoding rather than
- a decoded, encoded version which may cause problems if the
- request is improperly encoded.
- [Steve Henson]
-
- *) For consistency with other BIO_puts implementations, call
- buffer_write(b, ...) directly in buffer_puts instead of calling
- BIO_write(b, ...).
-
- In BIO_puts, increment b->num_write as in BIO_write.
- [Peter.Sylvester at EdelWeb.fr]
-
- *) Fix BN_mul_word for the case where the word is 0. (We have to use
- BN_zero, we may not return a BIGNUM with an array consisting of
- words set to zero.)
- [Bodo Moeller]
-
- *) Avoid calling abort() from within the library when problems are
- detected, except if preprocessor symbols have been defined
- (such as REF_CHECK, BN_DEBUG etc.).
- [Bodo Moeller]
-
- *) New openssl application 'rsautl'. This utility can be
- used for low level RSA operations. DER public key
- BIO/fp routines also added.
- [Steve Henson]
-
- *) New Configure entry and patches for compiling on QNX 4.
- [Andreas Schneider <andreas at ds3.etech.fh-hamburg.de>]
-
- *) A demo state-machine implementation was sponsored by
- Nuron (http://www.nuron.com/) and is now available in
- demos/state_machine.
- [Ben Laurie]
-
- *) New options added to the 'dgst' utility for signature
- generation and verification.
- [Steve Henson]
-
- *) Unrecognized PKCS#7 content types are now handled via a
- catch all ASN1_TYPE structure. This allows unsupported
- types to be stored as a "blob" and an application can
- encode and decode it manually.
- [Steve Henson]
-
- *) Fix various signed/unsigned issues to make a_strex.c
- compile under VC++.
- [Oscar Jacobsson <oscar.jacobsson at celocom.com>]
-
- *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
- length if passed a buffer. ASN1_INTEGER_to_BN failed
- if passed a NULL BN and its argument was negative.
- [Steve Henson, pointed out by Sven Heiberg <sven at tartu.cyber.ee>]
-
- *) Modification to PKCS#7 encoding routines to output definite
- length encoding. Since currently the whole structures are in
- memory there's not real point in using indefinite length
- constructed encoding. However if OpenSSL is compiled with
- the flag PKCS7_INDEFINITE_ENCODING the old form is used.
- [Steve Henson]
-
- *) Added BIO_vprintf() and BIO_vsnprintf().
- [Richard Levitte]
-
- *) Added more prefixes to parse for in the the strings written
- through a logging bio, to cover all the levels that are available
- through syslog. The prefixes are now:
-
- PANIC, EMERG, EMR => LOG_EMERG
- ALERT, ALR => LOG_ALERT
- CRIT, CRI => LOG_CRIT
- ERROR, ERR => LOG_ERR
- WARNING, WARN, WAR => LOG_WARNING
- NOTICE, NOTE, NOT => LOG_NOTICE
- INFO, INF => LOG_INFO
- DEBUG, DBG => LOG_DEBUG
-
- and as before, if none of those prefixes are present at the
- beginning of the string, LOG_ERR is chosen.
-
- On Win32, the LOG_* levels are mapped according to this:
-
- LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE
- LOG_WARNING => EVENTLOG_WARNING_TYPE
- LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE
-
- [Richard Levitte]
-
- *) Made it possible to reconfigure with just the configuration
- argument "reconf" or "reconfigure". The command line arguments
- are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
- and are retrieved from there when reconfiguring.
- [Richard Levitte]
-
- *) MD4 implemented.
- [Assar Westerlund <assar at sics.se>, Richard Levitte]
-
- *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
- [Richard Levitte]
-
- *) The obj_dat.pl script was messing up the sorting of object
- names. The reason was that it compared the quoted version
- of strings as a result "OCSP" > "OCSP Signing" because
- " > SPACE. Changed script to store unquoted versions of
- names and add quotes on output. It was also omitting some
- names from the lookup table if they were given a default
- value (that is if SN is missing it is given the same
- value as LN and vice versa), these are now added on the
- grounds that if an object has a name we should be able to
- look it up. Finally added warning output when duplicate
- short or long names are found.
- [Steve Henson]
-
- *) Changes needed for Tandem NSK.
- [Scott Uroff <scott at xypro.com>]
-
- *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
- RSA_padding_check_SSLv23(), special padding was never detected
- and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
- version rollback attacks was not effective.
-
- In s23_clnt.c, don't use special rollback-attack detection padding
- (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
- client; similarly, in s23_srvr.c, don't do the rollback check if
- SSL 2.0 is the only protocol enabled in the server.
- [Bodo Moeller]
-
- *) Make it possible to get hexdumps of unprintable data with 'openssl
- asn1parse'. By implication, the functions ASN1_parse_dump() and
- BIO_dump_indent() are added.
- [Richard Levitte]
-
- *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
- these print out strings and name structures based on various
- flags including RFC2253 support and proper handling of
- multibyte characters. Added options to the 'x509' utility
- to allow the various flags to be set.
- [Steve Henson]
-
- *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
- Also change the functions X509_cmp_current_time() and
- X509_gmtime_adj() work with an ASN1_TIME structure,
- this will enable certificates using GeneralizedTime in validity
- dates to be checked.
- [Steve Henson]
-
- *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
- negative public key encodings) on by default,
- NO_NEG_PUBKEY_BUG can be set to disable it.
- [Steve Henson]
-
- *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
- content octets. An i2c_ASN1_OBJECT is unnecessary because
- the encoding can be trivially obtained from the structure.
- [Steve Henson]
-
- *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
- not read locks (CRYPTO_r_[un]lock).
- [Bodo Moeller]
-
- *) A first attempt at creating official support for shared
- libraries through configuration. I've kept it so the
- default is static libraries only, and the OpenSSL programs
- are always statically linked for now, but there are
- preparations for dynamic linking in place.
- This has been tested on Linux and Tru64.
- [Richard Levitte]
-
- *) Randomness polling function for Win9x, as described in:
- Peter Gutmann, Software Generation of Practically Strong
- Random Numbers.
- [Ulf M\xF6ller]
-
- *) Fix so PRNG is seeded in req if using an already existing
- DSA key.
- [Steve Henson]
-
- *) New options to smime application. -inform and -outform
- allow alternative formats for the S/MIME message including
- PEM and DER. The -content option allows the content to be
- specified separately. This should allow things like Netscape
- form signing output easier to verify.
- [Steve Henson]
-
- *) Fix the ASN1 encoding of tags using the 'long form'.
- [Steve Henson]
-
- *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
- STRING types. These convert content octets to and from the
- underlying type. The actual tag and length octets are
- already assumed to have been read in and checked. These
- are needed because all other string types have virtually
- identical handling apart from the tag. By having versions
- of the ASN1 functions that just operate on content octets
- IMPLICIT tagging can be handled properly. It also allows
- the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
- and ASN1_INTEGER are identical apart from the tag.
- [Steve Henson]
-
- *) Change the handling of OID objects as follows:
-
- - New object identifiers are inserted in objects.txt, following
- the syntax given in objects.README.
- - objects.pl is used to process obj_mac.num and create a new
- obj_mac.h.
- - obj_dat.pl is used to create a new obj_dat.h, using the data in
- obj_mac.h.
-
- This is currently kind of a hack, and the perl code in objects.pl
- isn't very elegant, but it works as I intended. The simplest way
- to check that it worked correctly is to look in obj_dat.h and
- check the array nid_objs and make sure the objects haven't moved
- around (this is important!). Additions are OK, as well as
- consistent name changes.
- [Richard Levitte]
-
- *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
- [Bodo Moeller]
-
- *) Addition of the command line parameter '-rand file' to 'openssl req'.
- The given file adds to whatever has already been seeded into the
- random pool through the RANDFILE configuration file option or
- environment variable, or the default random state file.
- [Richard Levitte]
-
- *) mkstack.pl now sorts each macro group into lexical order.
- Previously the output order depended on the order the files
- appeared in the directory, resulting in needless rewriting
- of safestack.h .
- [Steve Henson]
-
- *) Patches to make OpenSSL compile under Win32 again. Mostly
- work arounds for the VC++ problem that it treats func() as
- func(void). Also stripped out the parts of mkdef.pl that
- added extra typesafe functions: these no longer exist.
- [Steve Henson]
-
- *) Reorganisation of the stack code. The macros are now all
- collected in safestack.h . Each macro is defined in terms of
- a "stack macro" of the form SKM_<name>(type, a, b). The
- DEBUG_SAFESTACK is now handled in terms of function casts,
- this has the advantage of retaining type safety without the
- use of additional functions. If DEBUG_SAFESTACK is not defined
- then the non typesafe macros are used instead. Also modified the
- mkstack.pl script to handle the new form. Needs testing to see
- if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
- the default if no major problems. Similar behaviour for ASN1_SET_OF
- and PKCS12_STACK_OF.
- [Steve Henson]
-
- *) When some versions of IIS use the 'NET' form of private key the
- key derivation algorithm is different. Normally MD5(password) is
- used as a 128 bit RC4 key. In the modified case
- MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some
- new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
- as the old Netscape_RSA functions except they have an additional
- 'sgckey' parameter which uses the modified algorithm. Also added
- an -sgckey command line option to the rsa utility. Thanks to
- Adrian Peck <bertie at ncipher.com> for posting details of the modified
- algorithm to openssl-dev.
- [Steve Henson]
-
- *) The evp_local.h macros were using 'c.##kname' which resulted in
- invalid expansion on some systems (SCO 5.0.5 for example).
- Corrected to 'c.kname'.
- [Phillip Porch <root at theporch.com>]
-
- *) New X509_get1_email() and X509_REQ_get1_email() functions that return
- a STACK of email addresses from a certificate or request, these look
- in the subject name and the subject alternative name extensions and
- omit any duplicate addresses.
- [Steve Henson]
-
- *) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
- This makes DSA verification about 2 % faster.
- [Bodo Moeller]
-
- *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
- (meaning that now 2^5 values will be precomputed, which is only 4 KB
- plus overhead for 1024 bit moduli).
- This makes exponentiations about 0.5 % faster for 1024 bit
- exponents (as measured by "openssl speed rsa2048").
- [Bodo Moeller]
-
- *) Rename memory handling macros to avoid conflicts with other
- software:
- Malloc => OPENSSL_malloc
- Malloc_locked => OPENSSL_malloc_locked
- Realloc => OPENSSL_realloc
- Free => OPENSSL_free
- [Richard Levitte]
-
- *) New function BN_mod_exp_mont_word for small bases (roughly 15%
- faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
- [Bodo Moeller]
-
- *) CygWin32 support.
- [John Jarvie <jjarvie at newsguy.com>]
-
- *) The type-safe stack code has been rejigged. It is now only compiled
- in when OpenSSL is configured with the DEBUG_SAFESTACK option and
- by default all type-specific stack functions are "#define"d back to
- standard stack functions. This results in more streamlined output
- but retains the type-safety checking possibilities of the original
- approach.
- [Geoff Thorpe]
-
- *) The STACK code has been cleaned up, and certain type declarations
- that didn't make a lot of sense have been brought in line. This has
- also involved a cleanup of sorts in safestack.h to more correctly
- map type-safe stack functions onto their plain stack counterparts.
- This work has also resulted in a variety of "const"ifications of
- lots of the code, especially "_cmp" operations which should normally
- be prototyped with "const" parameters anyway.
- [Geoff Thorpe]
-
- *) When generating bytes for the first time in md_rand.c, 'stir the pool'
- by seeding with STATE_SIZE dummy bytes (with zero entropy count).
- (The PRNG state consists of two parts, the large pool 'state' and 'md',
- where all of 'md' is used each time the PRNG is used, but 'state'
- is used only indexed by a cyclic counter. As entropy may not be
- well distributed from the beginning, 'md' is important as a
- chaining variable. However, the output function chains only half
- of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains
- all of 'md', and seeding with STATE_SIZE dummy bytes will result
- in all of 'state' being rewritten, with the new values depending
- on virtually all of 'md'. This overcomes the 80 bit limitation.)
- [Bodo Moeller]
-
- *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
- the handshake is continued after ssl_verify_cert_chain();
- otherwise, if SSL_VERIFY_NONE is set, remaining error codes
- can lead to 'unexplainable' connection aborts later.
- [Bodo Moeller; problem tracked down by Lutz Jaenicke]
-
- *) Major EVP API cipher revision.
- Add hooks for extra EVP features. This allows various cipher
- parameters to be set in the EVP interface. Support added for variable
- key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
- setting of RC2 and RC5 parameters.
-
- Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
- ciphers.
-
- Remove lots of duplicated code from the EVP library. For example *every*
- cipher init() function handles the 'iv' in the same way according to the
- cipher mode. They also all do nothing if the 'key' parameter is NULL and
- for CFB and OFB modes they zero ctx->num.
-
- New functionality allows removal of S/MIME code RC2 hack.
-
- Most of the routines have the same form and so can be declared in terms
- of macros.
-
- By shifting this to the top level EVP_CipherInit() it can be removed from
- all individual ciphers. If the cipher wants to handle IVs or keys
- differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
- flags.
-
- Change lots of functions like EVP_EncryptUpdate() to now return a
- value: although software versions of the algorithms cannot fail
- any installed hardware versions can.
- [Steve Henson]
-
- *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
- this option is set, tolerate broken clients that send the negotiated
- protocol version number instead of the requested protocol version
- number.
- [Bodo Moeller]
-
- *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
- i.e. non-zero for export ciphersuites, zero otherwise.
- Previous versions had this flag inverted, inconsistent with
- rsa_tmp_cb (..._TMP_RSA_CB).
- [Bodo Moeller; problem reported by Amit Chopra]
-
- *) Add missing DSA library text string. Work around for some IIS
- key files with invalid SEQUENCE encoding.
- [Steve Henson]
-
- *) Add a document (doc/standards.txt) that list all kinds of standards
- and so on that are implemented in OpenSSL.
- [Richard Levitte]
-
- *) Enhance c_rehash script. Old version would mishandle certificates
- with the same subject name hash and wouldn't handle CRLs at all.
- Added -fingerprint option to crl utility, to support new c_rehash
- features.
- [Steve Henson]
-
- *) Eliminate non-ANSI declarations in crypto.h and stack.h.
- [Ulf M\xF6ller]
-
- *) Fix for SSL server purpose checking. Server checking was
- rejecting certificates which had extended key usage present
- but no ssl client purpose.
- [Steve Henson, reported by Rene Grosser <grosser at hisolutions.com>]
-
- *) Make PKCS#12 code work with no password. The PKCS#12 spec
- is a little unclear about how a blank password is handled.
- Since the password in encoded as a BMPString with terminating
- double NULL a zero length password would end up as just the
- double NULL. However no password at all is different and is
- handled differently in the PKCS#12 key generation code. NS
- treats a blank password as zero length. MSIE treats it as no
- password on export: but it will try both on import. We now do
- the same: PKCS12_parse() tries zero length and no password if
- the password is set to "" or NULL (NULL is now a valid password:
- it wasn't before) as does the pkcs12 application.
- [Steve Henson]
-
- *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
- perror when PEM_read_bio_X509_REQ fails, the error message must
- be obtained from the error queue.
- [Bodo Moeller]
-
- *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
- it in ERR_remove_state if appropriate, and change ERR_get_state
- accordingly to avoid race conditions (this is necessary because
- thread_hash is no longer constant once set).
- [Bodo Moeller]
-
- *) Bugfix for linux-elf makefile.one.
- [Ulf M\xF6ller]
-
- *) RSA_get_default_method() will now cause a default
- RSA_METHOD to be chosen if one doesn't exist already.
- Previously this was only set during a call to RSA_new()
- or RSA_new_method(NULL) meaning it was possible for
- RSA_get_default_method() to return NULL.
- [Geoff Thorpe]
-
- *) Added native name translation to the existing DSO code
- that will convert (if the flag to do so is set) filenames
- that are sufficiently small and have no path information
- into a canonical native form. Eg. "blah" converted to
- "libblah.so" or "blah.dll" etc.
- [Geoff Thorpe]
-
- *) New function ERR_error_string_n(e, buf, len) which is like
- ERR_error_string(e, buf), but writes at most 'len' bytes
- including the 0 terminator. For ERR_error_string_n, 'buf'
- may not be NULL.
- [Damien Miller <djm at mindrot.org>, Bodo Moeller]
-
- *) CONF library reworked to become more general. A new CONF
- configuration file reader "class" is implemented as well as a
- new functions (NCONF_*, for "New CONF") to handle it. The now
- old CONF_* functions are still there, but are reimplemented to
- work in terms of the new functions. Also, a set of functions
- to handle the internal storage of the configuration data is
- provided to make it easier to write new configuration file
- reader "classes" (I can definitely see something reading a
- configuration file in XML format, for example), called _CONF_*,
- or "the configuration storage API"...
-
- The new configuration file reading functions are:
-
- NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
- NCONF_get_section, NCONF_get_string, NCONF_get_numbre
-
- NCONF_default, NCONF_WIN32
-
- NCONF_dump_fp, NCONF_dump_bio
-
- NCONF_default and NCONF_WIN32 are method (or "class") choosers,
- NCONF_new creates a new CONF object. This works in the same way
- as other interfaces in OpenSSL, like the BIO interface.
- NCONF_dump_* dump the internal storage of the configuration file,
- which is useful for debugging. All other functions take the same
- arguments as the old CONF_* functions wth the exception of the
- first that must be a `CONF *' instead of a `LHASH *'.
-
- To make it easer to use the new classes with the old CONF_* functions,
- the function CONF_set_default_method is provided.
- [Richard Levitte]
-
- *) Add '-tls1' option to 'openssl ciphers', which was already
- mentioned in the documentation but had not been implemented.
- (This option is not yet really useful because even the additional
- experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
- [Bodo Moeller]
-
- *) Initial DSO code added into libcrypto for letting OpenSSL (and
- OpenSSL-based applications) load shared libraries and bind to
- them in a portable way.
- [Geoff Thorpe, with contributions from Richard Levitte]
-
- Changes between 0.9.5 and 0.9.5a [1 Apr 2000]
-
- *) Make sure _lrotl and _lrotr are only used with MSVC.
-
- *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
- (the default implementation of RAND_status).
-
- *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
- to '-clrext' (= clear extensions), as intended and documented.
- [Bodo Moeller; inconsistency pointed out by Michael Attili
- <attili at amaxo.com>]
-
- *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
- was larger than the MD block size.
- [Steve Henson, pointed out by Yost William <YostW at tce.com>]
-
- *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
- fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
- using the passed key: if the passed key was a private key the result
- of X509_print(), for example, would be to print out all the private key
- components.
- [Steve Henson]
-
- *) des_quad_cksum() byte order bug fix.
- [Ulf M\xF6ller, using the problem description in krb4-0.9.7, where
- the solution is attributed to Derrick J Brashear <shadow at DEMENTIA.ORG>]
-
- *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
- discouraged.
- [Steve Henson, pointed out by Brian Korver <briank at cs.stanford.edu>]
-
- *) For easily testing in shell scripts whether some command
- 'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
- returns with exit code 0 iff no command of the given name is available.
- 'no-XXX' is printed in this case, 'XXX' otherwise. In both cases,
- the output goes to stdout and nothing is printed to stderr.
- Additional arguments are always ignored.
-
- Since for each cipher there is a command of the same name,
- the 'no-cipher' compilation switches can be tested this way.
-
- ('openssl no-XXX' is not able to detect pseudo-commands such
- as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
- [Bodo Moeller]
-
- *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
- [Bodo Moeller]
-
- *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
- is set; it will be thrown away anyway because each handshake creates
- its own key.
- ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
- to parameters -- in previous versions (since OpenSSL 0.9.3) the
- 'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining
- you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
- [Bodo Moeller]
-
- *) New s_client option -ign_eof: EOF at stdin is ignored, and
- 'Q' and 'R' lose their special meanings (quit/renegotiate).
- This is part of what -quiet does; unlike -quiet, -ign_eof
- does not suppress any output.
- [Richard Levitte]
-
- *) Add compatibility options to the purpose and trust code. The
- purpose X509_PURPOSE_ANY is "any purpose" which automatically
- accepts a certificate or CA, this was the previous behaviour,
- with all the associated security issues.
-
- X509_TRUST_COMPAT is the old trust behaviour: only and
- automatically trust self signed roots in certificate store. A
- new trust setting X509_TRUST_DEFAULT is used to specify that
- a purpose has no associated trust setting and it should instead
- use the value in the default purpose.
- [Steve Henson]
-
- *) Fix the PKCS#8 DSA private key code so it decodes keys again
- and fix a memory leak.
- [Steve Henson]
-
- *) In util/mkerr.pl (which implements 'make errors'), preserve
- reason strings from the previous version of the .c file, as
- the default to have only downcase letters (and digits) in
- automatically generated reasons codes is not always appropriate.
- [Bodo Moeller]
-
- *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
- using strerror. Previously, ERR_reason_error_string() returned
- library names as reason strings for SYSerr; but SYSerr is a special
- case where small numbers are errno values, not library numbers.
- [Bodo Moeller]
-
- *) Add '-dsaparam' option to 'openssl dhparam' application. This
- converts DSA parameters into DH parameters. (When creating parameters,
- DSA_generate_parameters is used.)
- [Bodo Moeller]
-
- *) Include 'length' (recommended exponent length) in C code generated
- by 'openssl dhparam -C'.
- [Bodo Moeller]
-
- *) The second argument to set_label in perlasm was already being used
- so couldn't be used as a "file scope" flag. Moved to third argument
- which was free.
- [Steve Henson]
-
- *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
- instead of RAND_bytes for encryption IVs and salts.
- [Bodo Moeller]
-
- *) Include RAND_status() into RAND_METHOD instead of implementing
- it only for md_rand.c Otherwise replacing the PRNG by calling
- RAND_set_rand_method would be impossible.
- [Bodo Moeller]
-
- *) Don't let DSA_generate_key() enter an infinite loop if the random
- number generation fails.
- [Bodo Moeller]
-
- *) New 'rand' application for creating pseudo-random output.
- [Bodo Moeller]
-
- *) Added configuration support for Linux/IA64
- [Rolf Haberrecker <rolf at suse.de>]
-
- *) Assembler module support for Mingw32.
- [Ulf M\xF6ller]
-
- *) Shared library support for HPUX (in shlib/).
- [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE> and Anonymous]
-
- *) Shared library support for Solaris gcc.
- [Lutz Behnke <behnke at trustcenter.de>]
-
- Changes between 0.9.4 and 0.9.5 [28 Feb 2000]
-
- *) PKCS7_encrypt() was adding text MIME headers twice because they
- were added manually and by SMIME_crlf_copy().
- [Steve Henson]
-
- *) In bntest.c don't call BN_rand with zero bits argument.
- [Steve Henson, pointed out by Andrew W. Gray <agray at iconsinc.com>]
-
- *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
- case was implemented. This caused BN_div_recp() to fail occasionally.
- [Ulf M\xF6ller]
-
- *) Add an optional second argument to the set_label() in the perl
- assembly language builder. If this argument exists and is set
- to 1 it signals that the assembler should use a symbol whose
- scope is the entire file, not just the current function. This
- is needed with MASM which uses the format label:: for this scope.
- [Steve Henson, pointed out by Peter Runestig <peter at runestig.com>]
-
- *) Change the ASN1 types so they are typedefs by default. Before
- almost all types were #define'd to ASN1_STRING which was causing
- STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING)
- for example.
- [Steve Henson]
-
- *) Change names of new functions to the new get1/get0 naming
- convention: After 'get1', the caller owns a reference count
- and has to call ..._free; 'get0' returns a pointer to some
- data structure without incrementing reference counters.
- (Some of the existing 'get' functions increment a reference
- counter, some don't.)
- Similarly, 'set1' and 'add1' functions increase reference
- counters or duplicate objects.
- [Steve Henson]
-
- *) Allow for the possibility of temp RSA key generation failure:
- the code used to assume it always worked and crashed on failure.
- [Steve Henson]
-
- *) Fix potential buffer overrun problem in BIO_printf().
- [Ulf M\xF6ller, using public domain code by Patrick Powell; problem
- pointed out by David Sacerdote <das33 at cornell.edu>]
-
- *) Support EGD <http://www.lothar.com/tech/crypto/>. New functions
- RAND_egd() and RAND_status(). In the command line application,
- the EGD socket can be specified like a seed file using RANDFILE
- or -rand.
- [Ulf M\xF6ller]
-
- *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
- Some CAs (e.g. Verisign) distribute certificates in this form.
- [Steve Henson]
-
- *) Remove the SSL_ALLOW_ADH compile option and set the default cipher
- list to exclude them. This means that no special compilation option
- is needed to use anonymous DH: it just needs to be included in the
- cipher list.
- [Steve Henson]
-
- *) Change the EVP_MD_CTX_type macro so its meaning consistent with
- EVP_MD_type. The old functionality is available in a new macro called
- EVP_MD_md(). Change code that uses it and update docs.
- [Steve Henson]
-
- *) ..._ctrl functions now have corresponding ..._callback_ctrl functions
- where the 'void *' argument is replaced by a function pointer argument.
- Previously 'void *' was abused to point to functions, which works on
- many platforms, but is not correct. As these functions are usually
- called by macros defined in OpenSSL header files, most source code
- should work without changes.
- [Richard Levitte]
-
- *) <openssl/opensslconf.h> (which is created by Configure) now contains
- sections with information on -D... compiler switches used for
- compiling the library so that applications can see them. To enable
- one of these sections, a pre-processor symbol OPENSSL_..._DEFINES
- must be defined. E.g.,
- #define OPENSSL_ALGORITHM_DEFINES
- #include <openssl/opensslconf.h>
- defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
- [Richard Levitte, Ulf and Bodo M\xF6ller]
-
- *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
- record layer.
- [Bodo Moeller]
-
- *) Change the 'other' type in certificate aux info to a STACK_OF
- X509_ALGOR. Although not an AlgorithmIdentifier as such it has
- the required ASN1 format: arbitrary types determined by an OID.
- [Steve Henson]
-
- *) Add some PEM_write_X509_REQ_NEW() functions and a command line
- argument to 'req'. This is not because the function is newer or
- better than others it just uses the work 'NEW' in the certificate
- request header lines. Some software needs this.
- [Steve Henson]
-
- *) Reorganise password command line arguments: now passwords can be
- obtained from various sources. Delete the PEM_cb function and make
- it the default behaviour: i.e. if the callback is NULL and the
- usrdata argument is not NULL interpret it as a null terminated pass
- phrase. If usrdata and the callback are NULL then the pass phrase
- is prompted for as usual.
- [Steve Henson]
-
- *) Add support for the Compaq Atalla crypto accelerator. If it is installed,
- the support is automatically enabled. The resulting binaries will
- autodetect the card and use it if present.
- [Ben Laurie and Compaq Inc.]
-
- *) Work around for Netscape hang bug. This sends certificate request
- and server done in one record. Since this is perfectly legal in the
- SSL/TLS protocol it isn't a "bug" option and is on by default. See
- the bugs/SSLv3 entry for more info.
- [Steve Henson]
-
- *) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
- [Andy Polyakov]
-
- *) Add -rand argument to smime and pkcs12 applications and read/write
- of seed file.
- [Steve Henson]
-
- *) New 'passwd' tool for crypt(3) and apr1 password hashes.
- [Bodo Moeller]
-
- *) Add command line password options to the remaining applications.
- [Steve Henson]
-
- *) Bug fix for BN_div_recp() for numerators with an even number of
- bits.
- [Ulf M\xF6ller]
-
- *) More tests in bntest.c, and changed test_bn output.
- [Ulf M\xF6ller]
-
- *) ./config recognizes MacOS X now.
- [Andy Polyakov]
-
- *) Bug fix for BN_div() when the first words of num and divsor are
- equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
- [Ulf M\xF6ller]
-
- *) Add support for various broken PKCS#8 formats, and command line
- options to produce them.
- [Steve Henson]
-
- *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
- get temporary BIGNUMs from a BN_CTX.
- [Ulf M\xF6ller]
-
- *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
- for p == 0.
- [Ulf M\xF6ller]
-
- *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
- include a #define from the old name to the new. The original intent
- was that statically linked binaries could for example just call
- SSLeay_add_all_ciphers() to just add ciphers to the table and not
- link with digests. This never worked becayse SSLeay_add_all_digests()
- and SSLeay_add_all_ciphers() were in the same source file so calling
- one would link with the other. They are now in separate source files.
- [Steve Henson]
-
- *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
- [Steve Henson]
-
- *) Use a less unusual form of the Miller-Rabin primality test (it used
- a binary algorithm for exponentiation integrated into the Miller-Rabin
- loop, our standard modexp algorithms are faster).
- [Bodo Moeller]
-
- *) Support for the EBCDIC character set completed.
- [Martin Kraemer <Martin.Kraemer at Mch.SNI.De>]
-
- *) Source code cleanups: use const where appropriate, eliminate casts,
- use void * instead of char * in lhash.
- [Ulf M\xF6ller]
-
- *) Bugfix: ssl3_send_server_key_exchange was not restartable
- (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
- this the server could overwrite ephemeral keys that the client
- has already seen).
- [Bodo Moeller]
-
- *) Turn DSA_is_prime into a macro that calls BN_is_prime,
- using 50 iterations of the Rabin-Miller test.
-
- DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
- iterations of the Rabin-Miller test as required by the appendix
- to FIPS PUB 186[-1]) instead of DSA_is_prime.
- As BN_is_prime_fasttest includes trial division, DSA parameter
- generation becomes much faster.
-
- This implies a change for the callback functions in DSA_is_prime
- and DSA_generate_parameters: The callback function is called once
- for each positive witness in the Rabin-Miller test, not just
- occasionally in the inner loop; and the parameters to the
- callback function now provide an iteration count for the outer
- loop rather than for the current invocation of the inner loop.
- DSA_generate_parameters additionally can call the callback
- function with an 'iteration count' of -1, meaning that a
- candidate has passed the trial division test (when q is generated
- from an application-provided seed, trial division is skipped).
- [Bodo Moeller]
-
- *) New function BN_is_prime_fasttest that optionally does trial
- division before starting the Rabin-Miller test and has
- an additional BN_CTX * argument (whereas BN_is_prime always
- has to allocate at least one BN_CTX).
- 'callback(1, -1, cb_arg)' is called when a number has passed the
- trial division stage.
- [Bodo Moeller]
-
- *) Fix for bug in CRL encoding. The validity dates weren't being handled
- as ASN1_TIME.
- [Steve Henson]
-
- *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
- [Steve Henson]
-
- *) New function BN_pseudo_rand().
- [Ulf M\xF6ller]
-
- *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
- bignum version of BN_from_montgomery() with the working code from
- SSLeay 0.9.0 (the word based version is faster anyway), and clean up
- the comments.
- [Ulf M\xF6ller]
-
- *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
- made it impossible to use the same SSL_SESSION data structure in
- SSL2 clients in multiple threads.
- [Bodo Moeller]
-
- *) The return value of RAND_load_file() no longer counts bytes obtained
- by stat(). RAND_load_file(..., -1) is new and uses the complete file
- to seed the PRNG (previously an explicit byte count was required).
- [Ulf M\xF6ller, Bodo M\xF6ller]
-
- *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
- used (char *) instead of (void *) and had casts all over the place.
- [Steve Henson]
-
- *) Make BN_generate_prime() return NULL on error if ret!=NULL.
- [Ulf M\xF6ller]
-
- *) Retain source code compatibility for BN_prime_checks macro:
- BN_is_prime(..., BN_prime_checks, ...) now uses
- BN_prime_checks_for_size to determine the appropriate number of
- Rabin-Miller iterations.
- [Ulf M\xF6ller]
-
- *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
- DH_CHECK_P_NOT_SAFE_PRIME.
- (Check if this is true? OpenPGP calls them "strong".)
- [Ulf M\xF6ller]
-
- *) Merge the functionality of "dh" and "gendh" programs into a new program
- "dhparam". The old programs are retained for now but will handle DH keys
- (instead of parameters) in future.
- [Steve Henson]
-
- *) Make the ciphers, s_server and s_client programs check the return values
- when a new cipher list is set.
- [Steve Henson]
-
- *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit
- ciphers. Before when the 56bit ciphers were enabled the sorting was
- wrong.
-
- The syntax for the cipher sorting has been extended to support sorting by
- cipher-strength (using the strength_bits hard coded in the tables).
- The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).
-
- Fix a bug in the cipher-command parser: when supplying a cipher command
- string with an "undefined" symbol (neither command nor alphanumeric
- [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now
- an error is flagged.
-
- Due to the strength-sorting extension, the code of the
- ssl_create_cipher_list() function was completely rearranged. I hope that
- the readability was also increased :-)
- [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>]
-
- *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
- for the first serial number and places 2 in the serial number file. This
- avoids problems when the root CA is created with serial number zero and
- the first user certificate has the same issuer name and serial number
- as the root CA.
- [Steve Henson]
-
- *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
- the new code. Add documentation for this stuff.
- [Steve Henson]
-
- *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
- X509_*() to X509at_*() on the grounds that they don't handle X509
- structures and behave in an analagous way to the X509v3 functions:
- they shouldn't be called directly but wrapper functions should be used
- instead.
-
- So we also now have some wrapper functions that call the X509at functions
- when passed certificate requests. (TO DO: similar things can be done with
- PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
- things. Some of these need some d2i or i2d and print functionality
- because they handle more complex structures.)
- [Steve Henson]
-
- *) Add missing #ifndefs that caused missing symbols when building libssl
- as a shared library without RSA. Use #ifndef NO_SSL2 instead of
- NO_RSA in ssl/s2*.c.
- [Kris Kennaway <kris at hub.freebsd.org>, modified by Ulf M\xF6ller]
-
- *) Precautions against using the PRNG uninitialized: RAND_bytes() now
- has a return value which indicates the quality of the random data
- (1 = ok, 0 = not seeded). Also an error is recorded on the thread's
- error queue. New function RAND_pseudo_bytes() generates output that is
- guaranteed to be unique but not unpredictable. RAND_add is like
- RAND_seed, but takes an extra argument for an entropy estimate
- (RAND_seed always assumes full entropy).
- [Ulf M\xF6ller]
-
- *) Do more iterations of Rabin-Miller probable prime test (specifically,
- 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
- instead of only 2 for all lengths; see BN_prime_checks_for_size definition
- in crypto/bn/bn_prime.c for the complete table). This guarantees a
- false-positive rate of at most 2^-80 for random input.
- [Bodo Moeller]
-
- *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
- [Bodo Moeller]
-
- *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain
- in the 0.9.5 release), this returns the chain
- from an X509_CTX structure with a dup of the stack and all
- the X509 reference counts upped: so the stack will exist
- after X509_CTX_cleanup() has been called. Modify pkcs12.c
- to use this.
-
- Also make SSL_SESSION_print() print out the verify return
- code.
- [Steve Henson]
-
- *) Add manpage for the pkcs12 command. Also change the default
- behaviour so MAC iteration counts are used unless the new
- -nomaciter option is used. This improves file security and
- only older versions of MSIE (4.0 for example) need it.
- [Steve Henson]
-
- *) Honor the no-xxx Configure options when creating .DEF files.
- [Ulf M\xF6ller]
-
- *) Add PKCS#10 attributes to field table: challengePassword,
- unstructuredName and unstructuredAddress. These are taken from
- draft PKCS#9 v2.0 but are compatible with v1.2 provided no
- international characters are used.
-
- More changes to X509_ATTRIBUTE code: allow the setting of types
- based on strings. Remove the 'loc' parameter when adding
- attributes because these will be a SET OF encoding which is sorted
- in ASN1 order.
- [Steve Henson]
-
- *) Initial changes to the 'req' utility to allow request generation
- automation. This will allow an application to just generate a template
- file containing all the field values and have req construct the
- request.
-
- Initial support for X509_ATTRIBUTE handling. Stacks of these are
- used all over the place including certificate requests and PKCS#7
- structures. They are currently handled manually where necessary with
- some primitive wrappers for PKCS#7. The new functions behave in a
- manner analogous to the X509 extension functions: they allow
- attributes to be looked up by NID and added.
-
- Later something similar to the X509V3 code would be desirable to
- automatically handle the encoding, decoding and printing of the
- more complex types. The string types like challengePassword can
- be handled by the string table functions.
-
- Also modified the multi byte string table handling. Now there is
- a 'global mask' which masks out certain types. The table itself
- can use the flag STABLE_NO_MASK to ignore the mask setting: this
- is useful when for example there is only one permissible type
- (as in countryName) and using the mask might result in no valid
- types at all.
- [Steve Henson]
-
- *) Clean up 'Finished' handling, and add functions SSL_get_finished and
- SSL_get_peer_finished to allow applications to obtain the latest
- Finished messages sent to the peer or expected from the peer,
- respectively. (SSL_get_peer_finished is usually the Finished message
- actually received from the peer, otherwise the protocol will be aborted.)
-
- As the Finished message are message digests of the complete handshake
- (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
- be used for external authentication procedures when the authentication
- provided by SSL/TLS is not desired or is not enough.
- [Bodo Moeller]
-
- *) Enhanced support for Alpha Linux is added. Now ./config checks if
- the host supports BWX extension and if Compaq C is present on the
- $PATH. Just exploiting of the BWX extension results in 20-30%
- performance kick for some algorithms, e.g. DES and RC4 to mention
- a couple. Compaq C in turn generates ~20% faster code for MD5 and
- SHA1.
- [Andy Polyakov]
-
- *) Add support for MS "fast SGC". This is arguably a violation of the
- SSL3/TLS protocol. Netscape SGC does two handshakes: the first with
- weak crypto and after checking the certificate is SGC a second one
- with strong crypto. MS SGC stops the first handshake after receiving
- the server certificate message and sends a second client hello. Since
- a server will typically do all the time consuming operations before
- expecting any further messages from the client (server key exchange
- is the most expensive) there is little difference between the two.
-
- To get OpenSSL to support MS SGC we have to permit a second client
- hello message after we have sent server done. In addition we have to
- reset the MAC if we do get this second client hello.
- [Steve Henson]
-
- *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide
- if a DER encoded private key is RSA or DSA traditional format. Changed
- d2i_PrivateKey_bio() to use it. This is only needed for the "traditional"
- format DER encoded private key. Newer code should use PKCS#8 format which
- has the key type encoded in the ASN1 structure. Added DER private key
- support to pkcs8 application.
- [Steve Henson]
-
- *) SSL 3/TLS 1 servers now don't request certificates when an anonymous
- ciphersuites has been selected (as required by the SSL 3/TLS 1
- specifications). Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
- is set, we interpret this as a request to violate the specification
- (the worst that can happen is a handshake failure, and 'correct'
- behaviour would result in a handshake failure anyway).
- [Bodo Moeller]
-
- *) In SSL_CTX_add_session, take into account that there might be multiple
- SSL_SESSION structures with the same session ID (e.g. when two threads
- concurrently obtain them from an external cache).
- The internal cache can handle only one SSL_SESSION with a given ID,
- so if there's a conflict, we now throw out the old one to achieve
- consistency.
- [Bodo Moeller]
-
- *) Add OIDs for idea and blowfish in CBC mode. This will allow both
- to be used in PKCS#5 v2.0 and S/MIME. Also add checking to
- some routines that use cipher OIDs: some ciphers do not have OIDs
- defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for
- example.
- [Steve Henson]
-
- *) Simplify the trust setting structure and code. Now we just have
- two sequences of OIDs for trusted and rejected settings. These will
- typically have values the same as the extended key usage extension
- and any application specific purposes.
-
- The trust checking code now has a default behaviour: it will just
- check for an object with the same NID as the passed id. Functions can
- be provided to override either the default behaviour or the behaviour
- for a given id. SSL client, server and email already have functions
- in place for compatibility: they check the NID and also return "trusted"
- if the certificate is self signed.
- [Steve Henson]
-
- *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
- traditional format into an EVP_PKEY structure.
- [Steve Henson]
-
- *) Add a password callback function PEM_cb() which either prompts for
- a password if usr_data is NULL or otherwise assumes it is a null
- terminated password. Allow passwords to be passed on command line
- environment or config files in a few more utilities.
- [Steve Henson]
-
- *) Add a bunch of DER and PEM functions to handle PKCS#8 format private
- keys. Add some short names for PKCS#8 PBE algorithms and allow them
- to be specified on the command line for the pkcs8 and pkcs12 utilities.
- Update documentation.
- [Steve Henson]
-
- *) Support for ASN1 "NULL" type. This could be handled before by using
- ASN1_TYPE but there wasn't any function that would try to read a NULL
- and produce an error if it couldn't. For compatibility we also have
- ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and
- don't allocate anything because they don't need to.
- [Steve Henson]
-
- *) Initial support for MacOS is now provided. Examine INSTALL.MacOS
- for details.
- [Andy Polyakov, Roy Woods <roy at centicsystems.ca>]
-
- *) Rebuild of the memory allocation routines used by OpenSSL code and
- possibly others as well. The purpose is to make an interface that
- provide hooks so anyone can build a separate set of allocation and
- deallocation routines to be used by OpenSSL, for example memory
- pool implementations, or something else, which was previously hard
- since Malloc(), Realloc() and Free() were defined as macros having
- the values malloc, realloc and free, respectively (except for Win32
- compilations). The same is provided for memory debugging code.
- OpenSSL already comes with functionality to find memory leaks, but
- this gives people a chance to debug other memory problems.
-
- With these changes, a new set of functions and macros have appeared:
-
- CRYPTO_set_mem_debug_functions() [F]
- CRYPTO_get_mem_debug_functions() [F]
- CRYPTO_dbg_set_options() [F]
- CRYPTO_dbg_get_options() [F]
- CRYPTO_malloc_debug_init() [M]
-
- The memory debug functions are NULL by default, unless the library
- is compiled with CRYPTO_MDEBUG or friends is defined. If someone
- wants to debug memory anyway, CRYPTO_malloc_debug_init() (which
- gives the standard debugging functions that come with OpenSSL) or
- CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions
- provided by the library user) must be used. When the standard
- debugging functions are used, CRYPTO_dbg_set_options can be used to
- request additional information:
- CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting
- the CRYPTO_MDEBUG_xxx macro when compiling the library.
-
- Also, things like CRYPTO_set_mem_functions will always give the
- expected result (the new set of functions is used for allocation
- and deallocation) at all times, regardless of platform and compiler
- options.
-
- To finish it up, some functions that were never use in any other
- way than through macros have a new API and new semantic:
-
- CRYPTO_dbg_malloc()
- CRYPTO_dbg_realloc()
- CRYPTO_dbg_free()
-
- All macros of value have retained their old syntax.
- [Richard Levitte and Bodo Moeller]
-
- *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the
- ordering of SMIMECapabilities wasn't in "strength order" and there
- was a missing NULL in the AlgorithmIdentifier for the SHA1 signature
- algorithm.
- [Steve Henson]
-
- *) Some ASN1 types with illegal zero length encoding (INTEGER,
- ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.
- [Frans Heymans <fheymans at isaserver.be>, modified by Steve Henson]
-
- *) Merge in my S/MIME library for OpenSSL. This provides a simple
- S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
- functionality to handle multipart/signed properly) and a utility
- called 'smime' to call all this stuff. This is based on code I
- originally wrote for Celo who have kindly allowed it to be
- included in OpenSSL.
- [Steve Henson]
-
- *) Add variants des_set_key_checked and des_set_key_unchecked of
- des_set_key (aka des_key_sched). Global variable des_check_key
- decides which of these is called by des_set_key; this way
- des_check_key behaves as it always did, but applications and
- the library itself, which was buggy for des_check_key == 1,
- have a cleaner way to pick the version they need.
- [Bodo Moeller]
-
- *) New function PKCS12_newpass() which changes the password of a
- PKCS12 structure.
- [Steve Henson]
-
- *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and
- dynamic mix. In both cases the ids can be used as an index into the
- table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()
- functions so they accept a list of the field values and the
- application doesn't need to directly manipulate the X509_TRUST
- structure.
- [Steve Henson]
-
- *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't
- need initialising.
- [Steve Henson]
-
- *) Modify the way the V3 extension code looks up extensions. This now
- works in a similar way to the object code: we have some "standard"
- extensions in a static table which is searched with OBJ_bsearch()
- and the application can add dynamic ones if needed. The file
- crypto/x509v3/ext_dat.h now has the info: this file needs to be
- updated whenever a new extension is added to the core code and kept
- in ext_nid order. There is a simple program 'tabtest.c' which checks
- this. New extensions are not added too often so this file can readily
- be maintained manually.
-
- There are two big advantages in doing things this way. The extensions
- can be looked up immediately and no longer need to be "added" using
- X509V3_add_standard_extensions(): this function now does nothing.
- [Side note: I get *lots* of email saying the extension code doesn't
- work because people forget to call this function]
- Also no dynamic allocation is done unless new extensions are added:
- so if we don't add custom extensions there is no need to call
- X509V3_EXT_cleanup().
- [Steve Henson]
-
- *) Modify enc utility's salting as follows: make salting the default. Add a
- magic header, so unsalted files fail gracefully instead of just decrypting
- to garbage. This is because not salting is a big security hole, so people
- should be discouraged from doing it.
- [Ben Laurie]
-
- *) Fixes and enhancements to the 'x509' utility. It allowed a message
- digest to be passed on the command line but it only used this
- parameter when signing a certificate. Modified so all relevant
- operations are affected by the digest parameter including the
- -fingerprint and -x509toreq options. Also -x509toreq choked if a
- DSA key was used because it didn't fix the digest.
- [Steve Henson]
-
- *) Initial certificate chain verify code. Currently tests the untrusted
- certificates for consistency with the verify purpose (which is set
- when the X509_STORE_CTX structure is set up) and checks the pathlength.
-
- There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour:
- this is because it will reject chains with invalid extensions whereas
- every previous version of OpenSSL and SSLeay made no checks at all.
-
- Trust code: checks the root CA for the relevant trust settings. Trust
- settings have an initial value consistent with the verify purpose: e.g.
- if the verify purpose is for SSL client use it expects the CA to be
- trusted for SSL client use. However the default value can be changed to
- permit custom trust settings: one example of this would be to only trust
- certificates from a specific "secure" set of CAs.
-
- Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions
- which should be used for version portability: especially since the
- verify structure is likely to change more often now.
-
- SSL integration. Add purpose and trust to SSL_CTX and SSL and functions
- to set them. If not set then assume SSL clients will verify SSL servers
- and vice versa.
-
- Two new options to the verify program: -untrusted allows a set of
- untrusted certificates to be passed in and -purpose which sets the
- intended purpose of the certificate. If a purpose is set then the
- new chain verify code is used to check extension consistency.
- [Steve Henson]
-
- *) Support for the authority information access extension.
- [Steve Henson]
-
- *) Modify RSA and DSA PEM read routines to transparently handle
- PKCS#8 format private keys. New *_PUBKEY_* functions that handle
- public keys in a format compatible with certificate
- SubjectPublicKeyInfo structures. Unfortunately there were already
- functions called *_PublicKey_* which used various odd formats so
- these are retained for compatibility: however the DSA variants were
- never in a public release so they have been deleted. Changed dsa/rsa
- utilities to handle the new format: note no releases ever handled public
- keys so we should be OK.
-
- The primary motivation for this change is to avoid the same fiasco
- that dogs private keys: there are several incompatible private key
- formats some of which are standard and some OpenSSL specific and
- require various evil hacks to allow partial transparent handling and
- even then it doesn't work with DER formats. Given the option anything
- other than PKCS#8 should be dumped: but the other formats have to
- stay in the name of compatibility.
-
- With public keys and the benefit of hindsight one standard format
- is used which works with EVP_PKEY, RSA or DSA structures: though
- it clearly returns an error if you try to read the wrong kind of key.
-
- Added a -pubkey option to the 'x509' utility to output the public key.
- Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*()
- (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add
- EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*())
- that do the same as the EVP_PKEY_assign_*() except they up the
- reference count of the added key (they don't "swallow" the
- supplied key).
- [Steve Henson]
-
- *) Fixes to crypto/x509/by_file.c the code to read in certificates and
- CRLs would fail if the file contained no certificates or no CRLs:
- added a new function to read in both types and return the number
- read: this means that if none are read it will be an error. The
- DER versions of the certificate and CRL reader would always fail
- because it isn't possible to mix certificates and CRLs in DER format
- without choking one or the other routine. Changed this to just read
- a certificate: this is the best we can do. Also modified the code
- in apps/verify.c to take notice of return codes: it was previously
- attempting to read in certificates from NULL pointers and ignoring
- any errors: this is one reason why the cert and CRL reader seemed
- to work. It doesn't check return codes from the default certificate
- routines: these may well fail if the certificates aren't installed.
- [Steve Henson]
-
- *) Code to support otherName option in GeneralName.
- [Steve Henson]
-
- *) First update to verify code. Change the verify utility
- so it warns if it is passed a self signed certificate:
- for consistency with the normal behaviour. X509_verify
- has been modified to it will now verify a self signed
- certificate if *exactly* the same certificate appears
- in the store: it was previously impossible to trust a
- single self signed certificate. This means that:
- openssl verify ss.pem
- now gives a warning about a self signed certificate but
- openssl verify -CAfile ss.pem ss.pem
- is OK.
- [Steve Henson]
-
- *) For servers, store verify_result in SSL_SESSION data structure
- (and add it to external session representation).
- This is needed when client certificate verifications fails,
- but an application-provided verification callback (set by
- SSL_CTX_set_cert_verify_callback) allows accepting the session
- anyway (i.e. leaves x509_store_ctx->error != X509_V_OK
- but returns 1): When the session is reused, we have to set
- ssl->verify_result to the appropriate error code to avoid
- security holes.
- [Bodo Moeller, problem pointed out by Lutz Jaenicke]
-
- *) Fix a bug in the new PKCS#7 code: it didn't consider the
- case in PKCS7_dataInit() where the signed PKCS7 structure
- didn't contain any existing data because it was being created.
- [Po-Cheng Chen <pocheng at nst.com.tw>, slightly modified by Steve Henson]
-
- *) Add a salt to the key derivation routines in enc.c. This
- forms the first 8 bytes of the encrypted file. Also add a
- -S option to allow a salt to be input on the command line.
- [Steve Henson]
-
- *) New function X509_cmp(). Oddly enough there wasn't a function
- to compare two certificates. We do this by working out the SHA1
- hash and comparing that. X509_cmp() will be needed by the trust
- code.
- [Steve Henson]
-
- *) SSL_get1_session() is like SSL_get_session(), but increments
- the reference count in the SSL_SESSION returned.
- [Geoff Thorpe <geoff at eu.c2.net>]
-
- *) Fix for 'req': it was adding a null to request attributes.
- Also change the X509_LOOKUP and X509_INFO code to handle
- certificate auxiliary information.
- [Steve Henson]
-
- *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
- the 'enc' command.
- [Steve Henson]
-
- *) Add the possibility to add extra information to the memory leak
- detecting output, to form tracebacks, showing from where each
- allocation was originated: CRYPTO_push_info("constant string") adds
- the string plus current file name and line number to a per-thread
- stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info()
- is like calling CYRPTO_pop_info() until the stack is empty.
- Also updated memory leak detection code to be multi-thread-safe.
- [Richard Levitte]
-
- *) Add options -text and -noout to pkcs7 utility and delete the
- encryption options which never did anything. Update docs.
- [Steve Henson]
-
- *) Add options to some of the utilities to allow the pass phrase
- to be included on either the command line (not recommended on
- OSes like Unix) or read from the environment. Update the
- manpages and fix a few bugs.
- [Steve Henson]
-
- *) Add a few manpages for some of the openssl commands.
- [Steve Henson]
-
- *) Fix the -revoke option in ca. It was freeing up memory twice,
- leaking and not finding already revoked certificates.
- [Steve Henson]
-
- *) Extensive changes to support certificate auxiliary information.
- This involves the use of X509_CERT_AUX structure and X509_AUX
- functions. An X509_AUX function such as PEM_read_X509_AUX()
- can still read in a certificate file in the usual way but it
- will also read in any additional "auxiliary information". By
- doing things this way a fair degree of compatibility can be
- retained: existing certificates can have this information added
- using the new 'x509' options.
-
- Current auxiliary information includes an "alias" and some trust
- settings. The trust settings will ultimately be used in enhanced
- certificate chain verification routines: currently a certificate
- can only be trusted if it is self signed and then it is trusted
- for all purposes.
- [Steve Henson]
-
- *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).
- The problem was that one of the replacement routines had not been working
- since SSLeay releases. For now the offending routine has been replaced
- with non-optimised assembler. Even so, this now gives around 95%
- performance improvement for 1024 bit RSA signs.
- [Mark Cox]
-
- *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2
- handling. Most clients have the effective key size in bits equal to
- the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key.
- A few however don't do this and instead use the size of the decrypted key
- to determine the RC2 key length and the AlgorithmIdentifier to determine
- the effective key length. In this case the effective key length can still
- be 40 bits but the key length can be 168 bits for example. This is fixed
- by manually forcing an RC2 key into the EVP_PKEY structure because the
- EVP code can't currently handle unusual RC2 key sizes: it always assumes
- the key length and effective key length are equal.
- [Steve Henson]
-
- *) Add a bunch of functions that should simplify the creation of
- X509_NAME structures. Now you should be able to do:
- X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0);
- and have it automatically work out the correct field type and fill in
- the structures. The more adventurous can try:
- X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0);
- and it will (hopefully) work out the correct multibyte encoding.
- [Steve Henson]
-
- *) Change the 'req' utility to use the new field handling and multibyte
- copy routines. Before the DN field creation was handled in an ad hoc
- way in req, ca, and x509 which was rather broken and didn't support
- BMPStrings or UTF8Strings. Since some software doesn't implement
- BMPStrings or UTF8Strings yet, they can be enabled using the config file
- using the dirstring_type option. See the new comment in the default
- openssl.cnf for more info.
- [Steve Henson]
-
- *) Make crypto/rand/md_rand.c more robust:
- - Assure unique random numbers after fork().
- - Make sure that concurrent threads access the global counter and
- md serializably so that we never lose entropy in them
- or use exactly the same state in multiple threads.
- Access to the large state is not always serializable because
- the additional locking could be a performance killer, and
- md should be large enough anyway.
- [Bodo Moeller]
-
- *) New file apps/app_rand.c with commonly needed functionality
- for handling the random seed file.
-
- Use the random seed file in some applications that previously did not:
- ca,
- dsaparam -genkey (which also ignored its '-rand' option),
- s_client,
- s_server,
- x509 (when signing).
- Except on systems with /dev/urandom, it is crucial to have a random
- seed file at least for key creation, DSA signing, and for DH exchanges;
- for RSA signatures we could do without one.
-
- gendh and gendsa (unlike genrsa) used to read only the first byte
- of each file listed in the '-rand' option. The function as previously
- found in genrsa is now in app_rand.c and is used by all programs
- that support '-rand'.
- [Bodo Moeller]
-
- *) In RAND_write_file, use mode 0600 for creating files;
- don't just chmod when it may be too late.
- [Bodo Moeller]
-
- *) Report an error from X509_STORE_load_locations
- when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
- [Bill Perry]
-
- *) New function ASN1_mbstring_copy() this copies a string in either
- ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
- into an ASN1_STRING type. A mask of permissible types is passed
- and it chooses the "minimal" type to use or an error if not type
- is suitable.
- [Steve Henson]
-
- *) Add function equivalents to the various macros in asn1.h. The old
- macros are retained with an M_ prefix. Code inside the library can
- use the M_ macros. External code (including the openssl utility)
- should *NOT* in order to be "shared library friendly".
- [Steve Henson]
-
- *) Add various functions that can check a certificate's extensions
- to see if it usable for various purposes such as SSL client,
- server or S/MIME and CAs of these types. This is currently
- VERY EXPERIMENTAL but will ultimately be used for certificate chain
- verification. Also added a -purpose flag to x509 utility to
- print out all the purposes.
- [Steve Henson]
-
- *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated
- functions.
- [Steve Henson]
-
- *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search
- for, obtain and decode and extension and obtain its critical flag.
- This allows all the necessary extension code to be handled in a
- single function call.
- [Steve Henson]
-
- *) RC4 tune-up featuring 30-40% performance improvement on most RISC
- platforms. See crypto/rc4/rc4_enc.c for further details.
- [Andy Polyakov]
-
- *) New -noout option to asn1parse. This causes no output to be produced
- its main use is when combined with -strparse and -out to extract data
- from a file (which may not be in ASN.1 format).
- [Steve Henson]
-
- *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
- when producing the local key id.
- [Richard Levitte <levitte at stacken.kth.se>]
-
- *) New option -dhparam in s_server. This allows a DH parameter file to be
- stated explicitly. If it is not stated then it tries the first server
- certificate file. The previous behaviour hard coded the filename
- "server.pem".
- [Steve Henson]
-
- *) Add -pubin and -pubout options to the rsa and dsa commands. These allow
- a public key to be input or output. For example:
- openssl rsa -in key.pem -pubout -out pubkey.pem
- Also added necessary DSA public key functions to handle this.
- [Steve Henson]
-
- *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained
- in the message. This was handled by allowing
- X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.
- [Steve Henson, reported by Sampo Kellomaki <sampo at mail.neuronio.pt>]
-
- *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null
- to the end of the strings whereas this didn't. This would cause problems
- if strings read with d2i_ASN1_bytes() were later modified.
- [Steve Henson, reported by Arne Ansper <arne at ats.cyber.ee>]
-
- *) Fix for base64 decode bug. When a base64 bio reads only one line of
- data and it contains EOF it will end up returning an error. This is
- caused by input 46 bytes long. The cause is due to the way base64
- BIOs find the start of base64 encoded data. They do this by trying a
- trial decode on each line until they find one that works. When they
- do a flag is set and it starts again knowing it can pass all the
- data directly through the decoder. Unfortunately it doesn't reset
- the context it uses. This means that if EOF is reached an attempt
- is made to pass two EOFs through the context and this causes the
- resulting error. This can also cause other problems as well. As is
- usual with these problems it takes *ages* to find and the fix is
- trivial: move one line.
- [Steve Henson, reported by ian at uns.ns.ac.yu (Ivan Nejgebauer) ]
-
- *) Ugly workaround to get s_client and s_server working under Windows. The
- old code wouldn't work because it needed to select() on sockets and the
- tty (for keypresses and to see if data could be written). Win32 only
- supports select() on sockets so we select() with a 1s timeout on the
- sockets and then see if any characters are waiting to be read, if none
- are present then we retry, we also assume we can always write data to
- the tty. This isn't nice because the code then blocks until we've
- received a complete line of data and it is effectively polling the
- keyboard at 1s intervals: however it's quite a bit better than not
- working at all :-) A dedicated Windows application might handle this
- with an event loop for example.
- [Steve Henson]
-
- *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign
- and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions
- will be called when RSA_sign() and RSA_verify() are used. This is useful
- if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.
- For this to work properly RSA_public_decrypt() and RSA_private_encrypt()
- should *not* be used: RSA_sign() and RSA_verify() must be used instead.
- This necessitated the support of an extra signature type NID_md5_sha1
- for SSL signatures and modifications to the SSL library to use it instead
- of calling RSA_public_decrypt() and RSA_private_encrypt().
- [Steve Henson]
-
- *) Add new -verify -CAfile and -CApath options to the crl program, these
- will lookup a CRL issuers certificate and verify the signature in a
- similar way to the verify program. Tidy up the crl program so it
- no longer accesses structures directly. Make the ASN1 CRL parsing a bit
- less strict. It will now permit CRL extensions even if it is not
- a V2 CRL: this will allow it to tolerate some broken CRLs.
- [Steve Henson]
-
- *) Initialize all non-automatic variables each time one of the openssl
- sub-programs is started (this is necessary as they may be started
- multiple times from the "OpenSSL>" prompt).
- [Lennart Bang, Bodo Moeller]
-
- *) Preliminary compilation option RSA_NULL which disables RSA crypto without
- removing all other RSA functionality (this is what NO_RSA does). This
- is so (for example) those in the US can disable those operations covered
- by the RSA patent while allowing storage and parsing of RSA keys and RSA
- key generation.
- [Steve Henson]
-
- *) Non-copying interface to BIO pairs.
- (still largely untested)
- [Bodo Moeller]
-
- *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive
- ASCII string. This was handled independently in various places before.
- [Steve Henson]
-
- *) New functions UTF8_getc() and UTF8_putc() that parse and generate
- UTF8 strings a character at a time.
- [Steve Henson]
-
- *) Use client_version from client hello to select the protocol
- (s23_srvr.c) and for RSA client key exchange verification
- (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.
- [Bodo Moeller]
-
- *) Add various utility functions to handle SPKACs, these were previously
- handled by poking round in the structure internals. Added new function
- NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
- print, verify and generate SPKACs. Based on an original idea from
- Massimiliano Pala <madwolf at comune.modena.it> but extensively modified.
- [Steve Henson]
-
- *) RIPEMD160 is operational on all platforms and is back in 'make test'.
- [Andy Polyakov]
-
- *) Allow the config file extension section to be overwritten on the
- command line. Based on an original idea from Massimiliano Pala
- <madwolf at comune.modena.it>. The new option is called -extensions
- and can be applied to ca, req and x509. Also -reqexts to override
- the request extensions in req and -crlexts to override the crl extensions
- in ca.
- [Steve Henson]
-
- *) Add new feature to the SPKAC handling in ca. Now you can include
- the same field multiple times by preceding it by "XXXX." for example:
- 1.OU="Unit name 1"
- 2.OU="Unit name 2"
- this is the same syntax as used in the req config file.
- [Steve Henson]
-
- *) Allow certificate extensions to be added to certificate requests. These
- are specified in a 'req_extensions' option of the req section of the
- config file. They can be printed out with the -text option to req but
- are otherwise ignored at present.
- [Steve Henson]
-
- *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first
- data read consists of only the final block it would not decrypted because
- EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
- A misplaced 'break' also meant the decrypted final block might not be
- copied until the next read.
- [Steve Henson]
-
- *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
- a few extra parameters to the DH structure: these will be useful if
- for example we want the value of 'q' or implement X9.42 DH.
- [Steve Henson]
-
- *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
- provides hooks that allow the default DSA functions or functions on a
- "per key" basis to be replaced. This allows hardware acceleration and
- hardware key storage to be handled without major modification to the
- library. Also added low level modexp hooks and CRYPTO_EX structure and
- associated functions.
- [Steve Henson]
-
- *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
- as "read only": it can't be written to and the buffer it points to will
- not be freed. Reading from a read only BIO is much more efficient than
- a normal memory BIO. This was added because there are several times when
- an area of memory needs to be read from a BIO. The previous method was
- to create a memory BIO and write the data to it, this results in two
- copies of the data and an O(n^2) reading algorithm. There is a new
- function BIO_new_mem_buf() which creates a read only memory BIO from
- an area of memory. Also modified the PKCS#7 routines to use read only
- memory BIOs.
- [Steve Henson]
-
- *) Bugfix: ssl23_get_client_hello did not work properly when called in
- state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
- a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
- but a retry condition occured while trying to read the rest.
- [Bodo Moeller]
-
- *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
- NID_pkcs7_encrypted by default: this was wrong since this should almost
- always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
- the encrypted data type: this is a more sensible place to put it and it
- allows the PKCS#12 code to be tidied up that duplicated this
- functionality.
- [Steve Henson]
-
- *) Changed obj_dat.pl script so it takes its input and output files on
- the command line. This should avoid shell escape redirection problems
- under Win32.
- [Steve Henson]
-
- *) Initial support for certificate extension requests, these are included
- in things like Xenroll certificate requests. Included functions to allow
- extensions to be obtained and added.
- [Steve Henson]
-
- *) -crlf option to s_client and s_server for sending newlines as
- CRLF (as required by many protocols).
- [Bodo Moeller]
-
- Changes between 0.9.3a and 0.9.4 [09 Aug 1999]
-
- *) Install libRSAglue.a when OpenSSL is built with RSAref.
- [Ralf S. Engelschall]
-
- *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
- [Andrija Antonijevic <TheAntony2 at bigfoot.com>]
-
- *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
- program.
- [Steve Henson]
-
- *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
- DH parameters/keys (q is lost during that conversion, but the resulting
- DH parameters contain its length).
-
- For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
- much faster than DH_generate_parameters (which creates parameters
- where p = 2*q + 1), and also the smaller q makes DH computations
- much more efficient (160-bit exponentiation instead of 1024-bit
- exponentiation); so this provides a convenient way to support DHE
- ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of
- utter importance to use
- SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
- or
- SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
- when such DH parameters are used, because otherwise small subgroup
- attacks may become possible!
- [Bodo Moeller]
-
- *) Avoid memory leak in i2d_DHparams.
- [Bodo Moeller]
-
- *) Allow the -k option to be used more than once in the enc program:
- this allows the same encrypted message to be read by multiple recipients.
- [Steve Henson]
-
- *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
- an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
- it will always use the numerical form of the OID, even if it has a short
- or long name.
- [Steve Henson]
-
- *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
- method only got called if p,q,dmp1,dmq1,iqmp components were present,
- otherwise bn_mod_exp was called. In the case of hardware keys for example
- no private key components need be present and it might store extra data
- in the RSA structure, which cannot be accessed from bn_mod_exp.
- By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for
- private key operations.
- [Steve Henson]
-
- *) Added support for SPARC Linux.
- [Andy Polyakov]
-
- *) pem_password_cb function type incompatibly changed from
- typedef int pem_password_cb(char *buf, int size, int rwflag);
- to
- ....(char *buf, int size, int rwflag, void *userdata);
- so that applications can pass data to their callbacks:
- The PEM[_ASN1]_{read,write}... functions and macros now take an
- additional void * argument, which is just handed through whenever
- the password callback is called.
- [Damien Miller <dmiller at ilogic.com.au>; tiny changes by Bodo Moeller]
-
- New function SSL_CTX_set_default_passwd_cb_userdata.
-
- Compatibility note: As many C implementations push function arguments
- onto the stack in reverse order, the new library version is likely to
- interoperate with programs that have been compiled with the old
- pem_password_cb definition (PEM_whatever takes some data that
- happens to be on the stack as its last argument, and the callback
- just ignores this garbage); but there is no guarantee whatsoever that
- this will work.
-
- *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
- (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
- problems not only on Windows, but also on some Unix platforms.
- To avoid problematic command lines, these definitions are now in an
- auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
- for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
- [Bodo Moeller]
-
- *) MIPS III/IV assembler module is reimplemented.
- [Andy Polyakov]
-
- *) More DES library cleanups: remove references to srand/rand and
- delete an unused file.
- [Ulf M\xF6ller]
-
- *) Add support for the the free Netwide assembler (NASM) under Win32,
- since not many people have MASM (ml) and it can be hard to obtain.
- This is currently experimental but it seems to work OK and pass all
- the tests. Check out INSTALL.W32 for info.
- [Steve Henson]
-
- *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
- without temporary keys kept an extra copy of the server key,
- and connections with temporary keys did not free everything in case
- of an error.
- [Bodo Moeller]
-
- *) New function RSA_check_key and new openssl rsa option -check
- for verifying the consistency of RSA keys.
- [Ulf Moeller, Bodo Moeller]
-
- *) Various changes to make Win32 compile work:
- 1. Casts to avoid "loss of data" warnings in p5_crpt2.c
- 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
- comparison" warnings.
- 3. Add sk_<TYPE>_sort to DEF file generator and do make update.
- [Steve Henson]
-
- *) Add a debugging option to PKCS#5 v2 key generation function: when
- you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
- derived keys are printed to stderr.
- [Steve Henson]
-
- *) Copy the flags in ASN1_STRING_dup().
- [Roman E. Pavlov <pre at mo.msk.ru>]
-
- *) The x509 application mishandled signing requests containing DSA
- keys when the signing key was also DSA and the parameters didn't match.
-
- It was supposed to omit the parameters when they matched the signing key:
- the verifying software was then supposed to automatically use the CA's
- parameters if they were absent from the end user certificate.
-
- Omitting parameters is no longer recommended. The test was also
- the wrong way round! This was probably due to unusual behaviour in
- EVP_cmp_parameters() which returns 1 if the parameters match.
- This meant that parameters were omitted when they *didn't* match and
- the certificate was useless. Certificates signed with 'ca' didn't have
- this bug.
- [Steve Henson, reported by Doug Erickson <Doug.Erickson at Part.NET>]
-
- *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
- The interface is as follows:
- Applications can use
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
- "off" is now the default.
- The library internally uses
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
- to disable memory-checking temporarily.
-
- Some inconsistent states that previously were possible (and were
- even the default) are now avoided.
-
- -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
- with each memory chunk allocated; this is occasionally more helpful
- than just having a counter.
-
- -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.
-
- -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future
- extensions.
- [Bodo Moeller]
-
- *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
- which largely parallels "options", but is for changing API behaviour,
- whereas "options" are about protocol behaviour.
- Initial "mode" flags are:
-
- SSL_MODE_ENABLE_PARTIAL_WRITE Allow SSL_write to report success when
- a single record has been written.
- SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Don't insist that SSL_write
- retries use the same buffer location.
- (But all of the contents must be
- copied!)
- [Bodo Moeller]
-
- *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
- worked.
-
- *) Fix problems with no-hmac etc.
- [Ulf M\xF6ller, pointed out by Brian Wellington <bwelling at tislabs.com>]
-
- *) New functions RSA_get_default_method(), RSA_set_method() and
- RSA_get_method(). These allows replacement of RSA_METHODs without having
- to mess around with the internals of an RSA structure.
- [Steve Henson]
-
- *) Fix memory leaks in DSA_do_sign and DSA_is_prime.
- Also really enable memory leak checks in openssl.c and in some
- test programs.
- [Chad C. Mulligan, Bodo Moeller]
-
- *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
- up the length of negative integers. This has now been simplified to just
- store the length when it is first determined and use it later, rather
- than trying to keep track of where data is copied and updating it to
- point to the end.
- [Steve Henson, reported by Brien Wheeler
- <bwheeler at authentica-security.com>]
-
- *) Add a new function PKCS7_signatureVerify. This allows the verification
- of a PKCS#7 signature but with the signing certificate passed to the
- function itself. This contrasts with PKCS7_dataVerify which assumes the
- certificate is present in the PKCS#7 structure. This isn't always the
- case: certificates can be omitted from a PKCS#7 structure and be
- distributed by "out of band" means (such as a certificate database).
- [Steve Henson]
-
- *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
- function prototypes in pem.h, also change util/mkdef.pl to add the
- necessary function names.
- [Steve Henson]
-
- *) mk1mf.pl (used by Windows builds) did not properly read the
- options set by Configure in the top level Makefile, and Configure
- was not even able to write more than one option correctly.
- Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
- [Bodo Moeller]
-
- *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
- file to be loaded from a BIO or FILE pointer. The BIO version will
- for example allow memory BIOs to contain config info.
- [Steve Henson]
-
- *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
- Whoever hopes to achieve shared-library compatibility across versions
- must use this, not the compile-time macro.
- (Exercise 0.9.4: Which is the minimum library version required by
- such programs?)
- Note: All this applies only to multi-threaded programs, others don't
- need locks.
- [Bodo Moeller]
-
- *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
- through a BIO pair triggered the default case, i.e.
- SSLerr(...,SSL_R_UNKNOWN_STATE).
- [Bodo Moeller]
-
- *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
- can use the SSL library even if none of the specific BIOs is
- appropriate.
- [Bodo Moeller]
-
- *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
- for the encoded length.
- [Jeon KyoungHo <khjeon at sds.samsung.co.kr>]
-
- *) Add initial documentation of the X509V3 functions.
- [Steve Henson]
-
- *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and
- PEM_write_bio_PKCS8PrivateKey() that are equivalent to
- PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
- secure PKCS#8 private key format with a high iteration count.
- [Steve Henson]
-
- *) Fix determination of Perl interpreter: A perl or perl5
- _directory_ in $PATH was also accepted as the interpreter.
- [Ralf S. Engelschall]
-
- *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
- wrong with it but it was very old and did things like calling
- PEM_ASN1_read() directly and used MD5 for the hash not to mention some
- unusual formatting.
- [Steve Henson]
-
- *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
- to use the new extension code.
- [Steve Henson]
-
- *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
- with macros. This should make it easier to change their form, add extra
- arguments etc. Fix a few PEM prototypes which didn't have cipher as a
- constant.
- [Steve Henson]
-
- *) Add to configuration table a new entry that can specify an alternative
- name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
- according to Mark Crispin <MRC at Panda.COM>.
- [Bodo Moeller]
-
-#if 0
- *) DES CBC did not update the IV. Weird.
- [Ben Laurie]
-#else
- des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
- Changing the behaviour of the former might break existing programs --
- where IV updating is needed, des_ncbc_encrypt can be used.
-#endif
-
- *) When bntest is run from "make test" it drives bc to check its
- calculations, as well as internally checking them. If an internal check
- fails, it needs to cause bc to give a non-zero result or make test carries
- on without noticing the failure. Fixed.
- [Ben Laurie]
-
- *) DES library cleanups.
- [Ulf M\xF6ller]
-
- *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
- used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
- ciphers. NOTE: although the key derivation function has been verified
- against some published test vectors it has not been extensively tested
- yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
- of v2.0.
- [Steve Henson]
-
- *) Instead of "mkdir -p", which is not fully portable, use new
- Perl script "util/mkdir-p.pl".
- [Bodo Moeller]
-
- *) Rewrite the way password based encryption (PBE) is handled. It used to
- assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
- structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
- but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
- the 'parameter' field of the AlgorithmIdentifier is passed to the
- underlying key generation function so it must do its own ASN1 parsing.
- This has also changed the EVP_PBE_CipherInit() function which now has a
- 'parameter' argument instead of literal salt and iteration count values
- and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
- [Steve Henson]
-
- *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
- and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
- Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
- KEY" because this clashed with PKCS#8 unencrypted string. Since this
- value was just used as a "magic string" and not used directly its
- value doesn't matter.
- [Steve Henson]
-
- *) Introduce some semblance of const correctness to BN. Shame C doesn't
- support mutable.
- [Ben Laurie]
-
- *) "linux-sparc64" configuration (ultrapenguin).
- [Ray Miller <ray.miller at oucs.ox.ac.uk>]
- "linux-sparc" configuration.
- [Christian Forster <fo at hawo.stw.uni-erlangen.de>]
-
- *) config now generates no-xxx options for missing ciphers.
- [Ulf M\xF6ller]
-
- *) Support the EBCDIC character set (work in progress).
- File ebcdic.c not yet included because it has a different license.
- [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
-
- *) Support BS2000/OSD-POSIX.
- [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
-
- *) Make callbacks for key generation use void * instead of char *.
- [Ben Laurie]
-
- *) Make S/MIME samples compile (not yet tested).
- [Ben Laurie]
-
- *) Additional typesafe stacks.
- [Ben Laurie]
-
- *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).
- [Bodo Moeller]
-
-
- Changes between 0.9.3 and 0.9.3a [29 May 1999]
-
- *) New configuration variant "sco5-gcc".
-
- *) Updated some demos.
- [Sean O Riordain, Wade Scholine]
-
- *) Add missing BIO_free at exit of pkcs12 application.
- [Wu Zhigang]
-
- *) Fix memory leak in conf.c.
- [Steve Henson]
-
- *) Updates for Win32 to assembler version of MD5.
- [Steve Henson]
-
- *) Set #! path to perl in apps/der_chop to where we found it
- instead of using a fixed path.
- [Bodo Moeller]
-
- *) SHA library changes for irix64-mips4-cc.
- [Andy Polyakov]
-
- *) Improvements for VMS support.
- [Richard Levitte]
-
-
- Changes between 0.9.2b and 0.9.3 [24 May 1999]
-
- *) Bignum library bug fix. IRIX 6 passes "make test" now!
- This also avoids the problems with SC4.2 and unpatched SC5.
- [Andy Polyakov <appro at fy.chalmers.se>]
-
- *) New functions sk_num, sk_value and sk_set to replace the previous macros.
- These are required because of the typesafe stack would otherwise break
- existing code. If old code used a structure member which used to be STACK
- and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
- sk_num or sk_value it would produce an error because the num, data members
- are not present in STACK_OF. Now it just produces a warning. sk_set
- replaces the old method of assigning a value to sk_value
- (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
- that does this will no longer work (and should use sk_set instead) but
- this could be regarded as a "questionable" behaviour anyway.
- [Steve Henson]
-
- *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
- correctly handle encrypted S/MIME data.
- [Steve Henson]
-
- *) Change type of various DES function arguments from des_cblock
- (which means, in function argument declarations, pointer to char)
- to des_cblock * (meaning pointer to array with 8 char elements),
- which allows the compiler to do more typechecking; it was like
- that back in SSLeay, but with lots of ugly casts.
-
- Introduce new type const_des_cblock.
- [Bodo Moeller]
-
- *) Reorganise the PKCS#7 library and get rid of some of the more obvious
- problems: find RecipientInfo structure that matches recipient certificate
- and initialise the ASN1 structures properly based on passed cipher.
- [Steve Henson]
-
- *) Belatedly make the BN tests actually check the results.
- [Ben Laurie]
-
- *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
- to and from BNs: it was completely broken. New compilation option
- NEG_PUBKEY_BUG to allow for some broken certificates that encode public
- key elements as negative integers.
- [Steve Henson]
-
- *) Reorganize and speed up MD5.
- [Andy Polyakov <appro at fy.chalmers.se>]
-
- *) VMS support.
- [Richard Levitte <richard at levitte.org>]
-
- *) New option -out to asn1parse to allow the parsed structure to be
- output to a file. This is most useful when combined with the -strparse
- option to examine the output of things like OCTET STRINGS.
- [Steve Henson]
-
- *) Make SSL library a little more fool-proof by not requiring any longer
- that SSL_set_{accept,connect}_state be called before
- SSL_{accept,connect} may be used (SSL_set_..._state is omitted
- in many applications because usually everything *appeared* to work as
- intended anyway -- now it really works as intended).
- [Bodo Moeller]
-
- *) Move openssl.cnf out of lib/.
- [Ulf M\xF6ller]
-
- *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
- -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
- -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+
- [Ralf S. Engelschall]
-
- *) Various fixes to the EVP and PKCS#7 code. It may now be able to
- handle PKCS#7 enveloped data properly.
- [Sebastian Akerman <sak at parallelconsulting.com>, modified by Steve]
-
- *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
- copying pointers. The cert_st handling is changed by this in
- various ways (and thus what used to be known as ctx->default_cert
- is now called ctx->cert, since we don't resort to s->ctx->[default_]cert
- any longer when s->cert does not give us what we need).
- ssl_cert_instantiate becomes obsolete by this change.
- As soon as we've got the new code right (possibly it already is?),
- we have solved a couple of bugs of the earlier code where s->cert
- was used as if it could not have been shared with other SSL structures.
-
- Note that using the SSL API in certain dirty ways now will result
- in different behaviour than observed with earlier library versions:
- Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
- does not influence s as it used to.
-
- In order to clean up things more thoroughly, inside SSL_SESSION
- we don't use CERT any longer, but a new structure SESS_CERT
- that holds per-session data (if available); currently, this is
- the peer's certificate chain and, for clients, the server's certificate
- and temporary key. CERT holds only those values that can have
- meaningful defaults in an SSL_CTX.
- [Bodo Moeller]
-
- *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
- from the internal representation. Various PKCS#7 fixes: remove some
- evil casts and set the enc_dig_alg field properly based on the signing
- key type.
- [Steve Henson]
-
- *) Allow PKCS#12 password to be set from the command line or the
- environment. Let 'ca' get its config file name from the environment
- variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
- and 'x509').
- [Steve Henson]
-
- *) Allow certificate policies extension to use an IA5STRING for the
- organization field. This is contrary to the PKIX definition but
- VeriSign uses it and IE5 only recognises this form. Document 'x509'
- extension option.
- [Steve Henson]
-
- *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,
- without disallowing inline assembler and the like for non-pedantic builds.
- [Ben Laurie]
-
- *) Support Borland C++ builder.
- [Janez Jere <jj at void.si>, modified by Ulf M\xF6ller]
-
- *) Support Mingw32.
- [Ulf M\xF6ller]
-
- *) SHA-1 cleanups and performance enhancements.
- [Andy Polyakov <appro at fy.chalmers.se>]
-
- *) Sparc v8plus assembler for the bignum library.
- [Andy Polyakov <appro at fy.chalmers.se>]
-
- *) Accept any -xxx and +xxx compiler options in Configure.
- [Ulf M\xF6ller]
-
- *) Update HPUX configuration.
- [Anonymous]
-
- *) Add missing sk_<type>_unshift() function to safestack.h
- [Ralf S. Engelschall]
-
- *) New function SSL_CTX_use_certificate_chain_file that sets the
- "extra_cert"s in addition to the certificate. (This makes sense
- only for "PEM" format files, as chains as a whole are not
- DER-encoded.)
- [Bodo Moeller]
-
- *) Support verify_depth from the SSL API.
- x509_vfy.c had what can be considered an off-by-one-error:
- Its depth (which was not part of the external interface)
- was actually counting the number of certificates in a chain;
- now it really counts the depth.
- [Bodo Moeller]
-
- *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
- instead of X509err, which often resulted in confusing error
- messages since the error codes are not globally unique
- (e.g. an alleged error in ssl3_accept when a certificate
- didn't match the private key).
-
- *) New function SSL_CTX_set_session_id_context that allows to set a default
- value (so that you don't need SSL_set_session_id_context for each
- connection using the SSL_CTX).
- [Bodo Moeller]
-
- *) OAEP decoding bug fix.
- [Ulf M\xF6ller]
-
- *) Support INSTALL_PREFIX for package builders, as proposed by
- David Harris.
- [Bodo Moeller]
-
- *) New Configure options "threads" and "no-threads". For systems
- where the proper compiler options are known (currently Solaris
- and Linux), "threads" is the default.
- [Bodo Moeller]
-
- *) New script util/mklink.pl as a faster substitute for util/mklink.sh.
- [Bodo Moeller]
-
- *) Install various scripts to $(OPENSSLDIR)/misc, not to
- $(INSTALLTOP)/bin -- they shouldn't clutter directories
- such as /usr/local/bin.
- [Bodo Moeller]
-
- *) "make linux-shared" to build shared libraries.
- [Niels Poppe <niels at netbox.org>]
-
- *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
- [Ulf M\xF6ller]
-
- *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
- extension adding in x509 utility.
- [Steve Henson]
-
- *) Remove NOPROTO sections and error code comments.
- [Ulf M\xF6ller]
-
- *) Partial rewrite of the DEF file generator to now parse the ANSI
- prototypes.
- [Steve Henson]
-
- *) New Configure options --prefix=DIR and --openssldir=DIR.
- [Ulf M\xF6ller]
-
- *) Complete rewrite of the error code script(s). It is all now handled
- by one script at the top level which handles error code gathering,
- header rewriting and C source file generation. It should be much better
- than the old method: it now uses a modified version of Ulf's parser to
- read the ANSI prototypes in all header files (thus the old K&R definitions
- aren't needed for error creation any more) and do a better job of
- translating function codes into names. The old 'ASN1 error code imbedded
- in a comment' is no longer necessary and it doesn't use .err files which
- have now been deleted. Also the error code call doesn't have to appear all
- on one line (which resulted in some large lines...).
- [Steve Henson]
-
- *) Change #include filenames from <foo.h> to <openssl/foo.h>.
- [Bodo Moeller]
-
- *) Change behaviour of ssl2_read when facing length-0 packets: Don't return
- 0 (which usually indicates a closed connection), but continue reading.
- [Bodo Moeller]
-
- *) Fix some race conditions.
- [Bodo Moeller]
-
- *) Add support for CRL distribution points extension. Add Certificate
- Policies and CRL distribution points documentation.
- [Steve Henson]
-
- *) Move the autogenerated header file parts to crypto/opensslconf.h.
- [Ulf M\xF6ller]
-
- *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
- 8 of keying material. Merlin has also confirmed interop with this fix
- between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
- [Merlin Hughes <merlin at baltimore.ie>]
-
- *) Fix lots of warnings.
- [Richard Levitte <levitte at stacken.kth.se>]
-
- *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
- the directory spec didn't end with a LIST_SEPARATOR_CHAR.
- [Richard Levitte <levitte at stacken.kth.se>]
-
- *) Fix problems with sizeof(long) == 8.
- [Andy Polyakov <appro at fy.chalmers.se>]
-
- *) Change functions to ANSI C.
- [Ulf M\xF6ller]
-
- *) Fix typos in error codes.
- [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>, Ulf M\xF6ller]
-
- *) Remove defunct assembler files from Configure.
- [Ulf M\xF6ller]
-
- *) SPARC v8 assembler BIGNUM implementation.
- [Andy Polyakov <appro at fy.chalmers.se>]
-
- *) Support for Certificate Policies extension: both print and set.
- Various additions to support the r2i method this uses.
- [Steve Henson]
-
- *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
- return a const string when you are expecting an allocated buffer.
- [Ben Laurie]
-
- *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE
- types DirectoryString and DisplayText.
- [Steve Henson]
-
- *) Add code to allow r2i extensions to access the configuration database,
- add an LHASH database driver and add several ctx helper functions.
- [Steve Henson]
-
- *) Fix an evil bug in bn_expand2() which caused various BN functions to
- fail when they extended the size of a BIGNUM.
- [Steve Henson]
-
- *) Various utility functions to handle SXNet extension. Modify mkdef.pl to
- support typesafe stack.
- [Steve Henson]
-
- *) Fix typo in SSL_[gs]et_options().
- [Nils Frostberg <nils at medcom.se>]
-
- *) Delete various functions and files that belonged to the (now obsolete)
- old X509V3 handling code.
- [Steve Henson]
-
- *) New Configure option "rsaref".
- [Ulf M\xF6ller]
-
- *) Don't auto-generate pem.h.
- [Bodo Moeller]
-
- *) Introduce type-safe ASN.1 SETs.
- [Ben Laurie]
-
- *) Convert various additional casted stacks to type-safe STACK_OF() variants.
- [Ben Laurie, Ralf S. Engelschall, Steve Henson]
-
- *) Introduce type-safe STACKs. This will almost certainly break lots of code
- that links with OpenSSL (well at least cause lots of warnings), but fear
- not: the conversion is trivial, and it eliminates loads of evil casts. A
- few STACKed things have been converted already. Feel free to convert more.
- In the fullness of time, I'll do away with the STACK type altogether.
- [Ben Laurie]
-
- *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
- specified in <certfile> by updating the entry in the index.txt file.
- This way one no longer has to edit the index.txt file manually for
- revoking a certificate. The -revoke option does the gory details now.
- [Massimiliano Pala <madwolf at openca.org>, Ralf S. Engelschall]
-
- *) Fix `openssl crl -noout -text' combination where `-noout' killed the
- `-text' option at all and this way the `-noout -text' combination was
- inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
- [Ralf S. Engelschall]
-
- *) Make sure a corresponding plain text error message exists for the
- X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
- verify callback function determined that a certificate was revoked.
- [Ralf S. Engelschall]
-
- *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
- ciphers that were excluded, e.g. by -DNO_IDEA. Also, test
- all available cipers including rc5, which was forgotten until now.
- In order to let the testing shell script know which algorithms
- are available, a new (up to now undocumented) command
- "openssl list-cipher-commands" is used.
- [Bodo Moeller]
-
- *) Bugfix: s_client occasionally would sleep in select() when
- it should have checked SSL_pending() first.
- [Bodo Moeller]
-
- *) New functions DSA_do_sign and DSA_do_verify to provide access to
- the raw DSA values prior to ASN.1 encoding.
- [Ulf M\xF6ller]
-
- *) Tweaks to Configure
- [Niels Poppe <niels at netbox.org>]
-
- *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
- yet...
- [Steve Henson]
-
- *) New variables $(RANLIB) and $(PERL) in the Makefiles.
- [Ulf M\xF6ller]
-
- *) New config option to avoid instructions that are illegal on the 80386.
- The default code is faster, but requires at least a 486.
- [Ulf M\xF6ller]
-
- *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
- SSL2_SERVER_VERSION (not used at all) macros, which are now the
- same as SSL2_VERSION anyway.
- [Bodo Moeller]
-
- *) New "-showcerts" option for s_client.
- [Bodo Moeller]
-
- *) Still more PKCS#12 integration. Add pkcs12 application to openssl
- application. Various cleanups and fixes.
- [Steve Henson]
-
- *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
- modify error routines to work internally. Add error codes and PBE init
- to library startup routines.
- [Steve Henson]
-
- *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
- packing functions to asn1 and evp. Changed function names and error
- codes along the way.
- [Steve Henson]
-
- *) PKCS12 integration: and so it begins... First of several patches to
- slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
- objects to objects.h
- [Steve Henson]
-
- *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
- and display support for Thawte strong extranet extension.
- [Steve Henson]
-
- *) Add LinuxPPC support.
- [Jeff Dubrule <igor at pobox.org>]
-
- *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
- bn_div_words in alpha.s.
- [Hannes Reinecke <H.Reinecke at hw.ac.uk> and Ben Laurie]
-
- *) Make sure the RSA OAEP test is skipped under -DRSAref because
- OAEP isn't supported when OpenSSL is built with RSAref.
- [Ulf Moeller <ulf at fitug.de>]
-
- *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h
- so they no longer are missing under -DNOPROTO.
- [Soren S. Jorvang <soren at t.dk>]
-
-
- Changes between 0.9.1c and 0.9.2b [22 Mar 1999]
-
- *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
- doesn't work when the session is reused. Coming soon!
- [Ben Laurie]
-
- *) Fix a security hole, that allows sessions to be reused in the wrong
- context thus bypassing client cert protection! All software that uses
- client certs and session caches in multiple contexts NEEDS PATCHING to
- allow session reuse! A fuller solution is in the works.
- [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
-
- *) Some more source tree cleanups (removed obsolete files
- crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
- permission on "config" script to be executable) and a fix for the INSTALL
- document.
- [Ulf Moeller <ulf at fitug.de>]
-
- *) Remove some legacy and erroneous uses of malloc, free instead of
- Malloc, Free.
- [Lennart Bang <lob at netstream.se>, with minor changes by Steve]
-
- *) Make rsa_oaep_test return non-zero on error.
- [Ulf Moeller <ulf at fitug.de>]
-
- *) Add support for native Solaris shared libraries. Configure
- solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
- if someone would make that last step automatic.
- [Matthias Loepfe <Matthias.Loepfe at AdNovum.CH>]
-
- *) ctx_size was not built with the right compiler during "make links". Fixed.
- [Ben Laurie]
-
- *) Change the meaning of 'ALL' in the cipher list. It now means "everything
- except NULL ciphers". This means the default cipher list will no longer
- enable NULL ciphers. They need to be specifically enabled e.g. with
- the string "DEFAULT:eNULL".
- [Steve Henson]
-
- *) Fix to RSA private encryption routines: if p < q then it would
- occasionally produce an invalid result. This will only happen with
- externally generated keys because OpenSSL (and SSLeay) ensure p > q.
- [Steve Henson]
-
- *) Be less restrictive and allow also `perl util/perlpath.pl
- /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
- because this way one can also use an interpreter named `perl5' (which is
- usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
- installed as `perl').
- [Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
-
- *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
- [Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
-
- *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
- advapi32.lib to Win32 build and change the pem test comparision
- to fc.exe (thanks to Ulrich Kroener <kroneru at yahoo.com> for the
- suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
- and crypto/des/ede_cbcm_enc.c.
- [Steve Henson]
-
- *) DES quad checksum was broken on big-endian architectures. Fixed.
- [Ben Laurie]
-
- *) Comment out two functions in bio.h that aren't implemented. Fix up the
- Win32 test batch file so it (might) work again. The Win32 test batch file
- is horrible: I feel ill....
- [Steve Henson]
-
- *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
- in e_os.h. Audit of header files to check ANSI and non ANSI
- sections: 10 functions were absent from non ANSI section and not exported
- from Windows DLLs. Fixed up libeay.num for new functions.
- [Steve Henson]
-
- *) Make `openssl version' output lines consistent.
- [Ralf S. Engelschall]
-
- *) Fix Win32 symbol export lists for BIO functions: Added
- BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
- to ms/libeay{16,32}.def.
- [Ralf S. Engelschall]
-
- *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
- fine under Unix and passes some trivial tests I've now added. But the
- whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
- added to make sure no one expects that this stuff really works in the
- OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources
- up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
- openssl_bio.xs.
- [Ralf S. Engelschall]
-
- *) Fix the generation of two part addresses in perl.
- [Kenji Miyake <kenji at miyake.org>, integrated by Ben Laurie]
-
- *) Add config entry for Linux on MIPS.
- [John Tobey <jtobey at channel1.com>]
-
- *) Make links whenever Configure is run, unless we are on Windoze.
- [Ben Laurie]
-
- *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
- Currently only issuerAltName and AuthorityKeyIdentifier make any sense
- in CRLs.
- [Steve Henson]
-
- *) Add a useful kludge to allow package maintainers to specify compiler and
- other platforms details on the command line without having to patch the
- Configure script everytime: One now can use ``perl Configure
- <id>:<details>'', i.e. platform ids are allowed to have details appended
- to them (seperated by colons). This is treated as there would be a static
- pre-configured entry in Configure's %table under key <id> with value
- <details> and ``perl Configure <id>'' is called. So, when you want to
- perform a quick test-compile under FreeBSD 3.1 with pgcc and without
- assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
- now, which overrides the FreeBSD-elf entry on-the-fly.
- [Ralf S. Engelschall]
-
- *) Disable new TLS1 ciphersuites by default: they aren't official yet.
- [Ben Laurie]
-
- *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
- on the `perl Configure ...' command line. This way one can compile
- OpenSSL libraries with Position Independent Code (PIC) which is needed
- for linking it into DSOs.
- [Ralf S. Engelschall]
-
- *) Remarkably, export ciphers were totally broken and no-one had noticed!
- Fixed.
- [Ben Laurie]
-
- *) Cleaned up the LICENSE document: The official contact for any license
- questions now is the OpenSSL core team under openssl-core at openssl.org.
- And add a paragraph about the dual-license situation to make sure people
- recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
- to the OpenSSL toolkit.
- [Ralf S. Engelschall]
-
- *) General source tree makefile cleanups: Made `making xxx in yyy...'
- display consistent in the source tree and replaced `/bin/rm' by `rm'.
- Additonally cleaned up the `make links' target: Remove unnecessary
- semicolons, subsequent redundant removes, inline point.sh into mklink.sh
- to speed processing and no longer clutter the display with confusing
- stuff. Instead only the actually done links are displayed.
- [Ralf S. Engelschall]
-
- *) Permit null encryption ciphersuites, used for authentication only. It used
- to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
- It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
- encryption.
- [Ben Laurie]
-
- *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
- signed attributes when verifying signatures (this would break them),
- the detached data encoding was wrong and public keys obtained using
- X509_get_pubkey() weren't freed.
- [Steve Henson]
-
- *) Add text documentation for the BUFFER functions. Also added a work around
- to a Win95 console bug. This was triggered by the password read stuff: the
- last character typed gets carried over to the next fread(). If you were
- generating a new cert request using 'req' for example then the last
- character of the passphrase would be CR which would then enter the first
- field as blank.
- [Steve Henson]
-
- *) Added the new `Includes OpenSSL Cryptography Software' button as
- doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
- button and can be used by applications based on OpenSSL to show the
- relationship to the OpenSSL project.
- [Ralf S. Engelschall]
-
- *) Remove confusing variables in function signatures in files
- ssl/ssl_lib.c and ssl/ssl.h.
- [Lennart Bong <lob at kulthea.stacken.kth.se>]
-
- *) Don't install bss_file.c under PREFIX/include/
- [Lennart Bong <lob at kulthea.stacken.kth.se>]
-
- *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
- functions that return function pointers and has support for NT specific
- stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
- #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
- unsigned to signed types: this was killing the Win32 compile.
- [Steve Henson]
-
- *) Add new certificate file to stack functions,
- SSL_add_dir_cert_subjects_to_stack() and
- SSL_add_file_cert_subjects_to_stack(). These largely supplant
- SSL_load_client_CA_file(), and can be used to add multiple certs easily
- to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
- This means that Apache-SSL and similar packages don't have to mess around
- to add as many CAs as they want to the preferred list.
- [Ben Laurie]
-
- *) Experiment with doxygen documentation. Currently only partially applied to
- ssl/ssl_lib.c.
- See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
- openssl.doxy as the configuration file.
- [Ben Laurie]
-
- *) Get rid of remaining C++-style comments which strict C compilers hate.
- [Ralf S. Engelschall, pointed out by Carlos Amengual]
-
- *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
- compiled in by default: it has problems with large keys.
- [Steve Henson]
-
- *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
- DH private keys and/or callback functions which directly correspond to
- their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
- is needed for applications which have to configure certificates on a
- per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
- (e.g. s_server).
- For the RSA certificate situation is makes no difference, but
- for the DSA certificate situation this fixes the "no shared cipher"
- problem where the OpenSSL cipher selection procedure failed because the
- temporary keys were not overtaken from the context and the API provided
- no way to reconfigure them.
- The new functions now let applications reconfigure the stuff and they
- are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
- SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new
- non-public-API function ssl_cert_instantiate() is used as a helper
- function and also to reduce code redundancy inside ssl_rsa.c.
- [Ralf S. Engelschall]
-
- *) Move s_server -dcert and -dkey options out of the undocumented feature
- area because they are useful for the DSA situation and should be
- recognized by the users.
- [Ralf S. Engelschall]
-
- *) Fix the cipher decision scheme for export ciphers: the export bits are
- *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
- SSL_EXP_MASK. So, the original variable has to be used instead of the
- already masked variable.
- [Richard Levitte <levitte at stacken.kth.se>]
-
- *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
- [Richard Levitte <levitte at stacken.kth.se>]
-
- *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
- from `int' to `unsigned int' because it's a length and initialized by
- EVP_DigestFinal() which expects an `unsigned int *'.
- [Richard Levitte <levitte at stacken.kth.se>]
-
- *) Don't hard-code path to Perl interpreter on shebang line of Configure
- script. Instead use the usual Shell->Perl transition trick.
- [Ralf S. Engelschall]
-
- *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
- (in addition to RSA certificates) to match the behaviour of `openssl dsa
- -noout -modulus' as it's already the case for `openssl rsa -noout
- -modulus'. For RSA the -modulus is the real "modulus" while for DSA
- currently the public key is printed (a decision which was already done by
- `openssl dsa -modulus' in the past) which serves a similar purpose.
- Additionally the NO_RSA no longer completely removes the whole -modulus
- option; it now only avoids using the RSA stuff. Same applies to NO_DSA
- now, too.
- [Ralf S. Engelschall]
-
- *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
- BIO. See the source (crypto/evp/bio_ok.c) for more info.
- [Arne Ansper <arne at ats.cyber.ee>]
-
- *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
- to be added. Now both 'req' and 'ca' can use new objects defined in the
- config file.
- [Steve Henson]
-
- *) Add cool BIO that does syslog (or event log on NT).
- [Arne Ansper <arne at ats.cyber.ee>, integrated by Ben Laurie]
-
- *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
- TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
- TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
- Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
- [Ben Laurie]
-
- *) Add preliminary config info for new extension code.
- [Steve Henson]
-
- *) Make RSA_NO_PADDING really use no padding.
- [Ulf Moeller <ulf at fitug.de>]
-
- *) Generate errors when private/public key check is done.
- [Ben Laurie]
-
- *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
- for some CRL extensions and new objects added.
- [Steve Henson]
-
- *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
- key usage extension and fuller support for authority key id.
- [Steve Henson]
-
- *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
- padding method for RSA, which is recommended for new applications in PKCS
- #1 v2.0 (RFC 2437, October 1998).
- OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
- foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
- against Bleichbacher's attack on RSA.
- [Ulf Moeller <ulf at fitug.de>, reformatted, corrected and integrated by
- Ben Laurie]
-
- *) Updates to the new SSL compression code
- [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
-
- *) Fix so that the version number in the master secret, when passed
- via RSA, checks that if TLS was proposed, but we roll back to SSLv3
- (because the server will not accept higher), that the version number
- is 0x03,0x01, not 0x03,0x00
- [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
-
- *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
- leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
- in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
- [Steve Henson]
-
- *) Support for RAW extensions where an arbitrary extension can be
- created by including its DER encoding. See apps/openssl.cnf for
- an example.
- [Steve Henson]
-
- *) Make sure latest Perl versions don't interpret some generated C array
- code as Perl array code in the crypto/err/err_genc.pl script.
- [Lars Weber <3weber at informatik.uni-hamburg.de>]
-
- *) Modify ms/do_ms.bat to not generate assembly language makefiles since
- not many people have the assembler. Various Win32 compilation fixes and
- update to the INSTALL.W32 file with (hopefully) more accurate Win32
- build instructions.
- [Steve Henson]
-
- *) Modify configure script 'Configure' to automatically create crypto/date.h
- file under Win32 and also build pem.h from pem.org. New script
- util/mkfiles.pl to create the MINFO file on environments that can't do a
- 'make files': perl util/mkfiles.pl >MINFO should work.
- [Steve Henson]
-
- *) Major rework of DES function declarations, in the pursuit of correctness
- and purity. As a result, many evil casts evaporated, and some weirdness,
- too. You may find this causes warnings in your code. Zapping your evil
- casts will probably fix them. Mostly.
- [Ben Laurie]
-
- *) Fix for a typo in asn1.h. Bug fix to object creation script
- obj_dat.pl. It considered a zero in an object definition to mean
- "end of object": none of the objects in objects.h have any zeros
- so it wasn't spotted.
- [Steve Henson, reported by Erwann ABALEA <eabalea at certplus.com>]
-
- *) Add support for Triple DES Cipher Block Chaining with Output Feedback
- Masking (CBCM). In the absence of test vectors, the best I have been able
- to do is check that the decrypt undoes the encrypt, so far. Send me test
- vectors if you have them.
- [Ben Laurie]
-
- *) Correct calculation of key length for export ciphers (too much space was
- allocated for null ciphers). This has not been tested!
- [Ben Laurie]
-
- *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
- message is now correct (it understands "crypto" and "ssl" on its
- command line). There is also now an "update" option. This will update
- the util/ssleay.num and util/libeay.num files with any new functions.
- If you do a:
- perl util/mkdef.pl crypto ssl update
- it will update them.
- [Steve Henson]
-
- *) Overhauled the Perl interface (perl/*):
- - ported BN stuff to OpenSSL's different BN library
- - made the perl/ source tree CVS-aware
- - renamed the package from SSLeay to OpenSSL (the files still contain
- their history because I've copied them in the repository)
- - removed obsolete files (the test scripts will be replaced
- by better Test::Harness variants in the future)
- [Ralf S. Engelschall]
-
- *) First cut for a very conservative source tree cleanup:
- 1. merge various obsolete readme texts into doc/ssleay.txt
- where we collect the old documents and readme texts.
- 2. remove the first part of files where I'm already sure that we no
- longer need them because of three reasons: either they are just temporary
- files which were left by Eric or they are preserved original files where
- I've verified that the diff is also available in the CVS via "cvs diff
- -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
- the crypto/md/ stuff).
- [Ralf S. Engelschall]
-
- *) More extension code. Incomplete support for subject and issuer alt
- name, issuer and authority key id. Change the i2v function parameters
- and add an extra 'crl' parameter in the X509V3_CTX structure: guess
- what that's for :-) Fix to ASN1 macro which messed up
- IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
- [Steve Henson]
-
- *) Preliminary support for ENUMERATED type. This is largely copied from the
- INTEGER code.
- [Steve Henson]
-
- *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
- [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
-
- *) Make sure `make rehash' target really finds the `openssl' program.
- [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
-
- *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
- like to hear about it if this slows down other processors.
- [Ben Laurie]
-
- *) Add CygWin32 platform information to Configure script.
- [Alan Batie <batie at aahz.jf.intel.com>]
-
- *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
- [Rainer W. Gerling <gerling at mpg-gv.mpg.de>]
-
- *) New program nseq to manipulate netscape certificate sequences
- [Steve Henson]
-
- *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
- few typos.
- [Steve Henson]
-
- *) Fixes to BN code. Previously the default was to define BN_RECURSION
- but the BN code had some problems that would cause failures when
- doing certificate verification and some other functions.
- [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
-
- *) Add ASN1 and PEM code to support netscape certificate sequences.
- [Steve Henson]
-
- *) Add ASN1 and PEM code to support netscape certificate sequences.
- [Steve Henson]
-
- *) Add several PKIX and private extended key usage OIDs.
- [Steve Henson]
-
- *) Modify the 'ca' program to handle the new extension code. Modify
- openssl.cnf for new extension format, add comments.
- [Steve Henson]
-
- *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
- and add a sample to openssl.cnf so req -x509 now adds appropriate
- CA extensions.
- [Steve Henson]
-
- *) Continued X509 V3 changes. Add to other makefiles, integrate with the
- error code, add initial support to X509_print() and x509 application.
- [Steve Henson]
-
- *) Takes a deep breath and start addding X509 V3 extension support code. Add
- files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
- stuff is currently isolated and isn't even compiled yet.
- [Steve Henson]
-
- *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
- ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
- Removed the versions check from X509 routines when loading extensions:
- this allows certain broken certificates that don't set the version
- properly to be processed.
- [Steve Henson]
-
- *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
- Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
- can still be regenerated with "make depend".
- [Ben Laurie]
-
- *) Spelling mistake in C version of CAST-128.
- [Ben Laurie, reported by Jeremy Hylton <jeremy at cnri.reston.va.us>]
-
- *) Changes to the error generation code. The perl script err-code.pl
- now reads in the old error codes and retains the old numbers, only
- adding new ones if necessary. It also only changes the .err files if new
- codes are added. The makefiles have been modified to only insert errors
- when needed (to avoid needlessly modifying header files). This is done
- by only inserting errors if the .err file is newer than the auto generated
- C file. To rebuild all the error codes from scratch (the old behaviour)
- either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
- or delete all the .err files.
- [Steve Henson]
-
- *) CAST-128 was incorrectly implemented for short keys. The C version has
- been fixed, but is untested. The assembler versions are also fixed, but
- new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
- to regenerate it if needed.
- [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
- Hagino <itojun at kame.net>]
-
- *) File was opened incorrectly in randfile.c.
- [Ulf M\xF6ller <ulf at fitug.de>]
-
- *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
- functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
- GeneralizedTime. ASN1_TIME is the proper type used in certificates et
- al: it's just almost always a UTCTime. Note this patch adds new error
- codes so do a "make errors" if there are problems.
- [Steve Henson]
-
- *) Correct Linux 1 recognition in config.
- [Ulf M\xF6ller <ulf at fitug.de>]
-
- *) Remove pointless MD5 hash when using DSA keys in ca.
- [Anonymous <nobody at replay.com>]
-
- *) Generate an error if given an empty string as a cert directory. Also
- generate an error if handed NULL (previously returned 0 to indicate an
- error, but didn't set one).
- [Ben Laurie, reported by Anonymous <nobody at replay.com>]
-
- *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
- [Ben Laurie]
-
- *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
- parameters. This was causing a warning which killed off the Win32 compile.
- [Steve Henson]
-
- *) Remove C++ style comments from crypto/bn/bn_local.h.
- [Neil Costigan <neil.costigan at celocom.com>]
-
- *) The function OBJ_txt2nid was broken. It was supposed to return a nid
- based on a text string, looking up short and long names and finally
- "dot" format. The "dot" format stuff didn't work. Added new function
- OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote
- OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
- OID is not part of the table.
- [Steve Henson]
-
- *) Add prototypes to X509 lookup/verify methods, fixing a bug in
- X509_LOOKUP_by_alias().
- [Ben Laurie]
-
- *) Sort openssl functions by name.
- [Ben Laurie]
-
- *) Get the gendsa program working (hopefully) and add it to app list. Remove
- encryption from sample DSA keys (in case anyone is interested the password
- was "1234").
- [Steve Henson]
-
- *) Make _all_ *_free functions accept a NULL pointer.
- [Frans Heymans <fheymans at isaserver.be>]
-
- *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
- NULL pointers.
- [Anonymous <nobody at replay.com>]
-
- *) s_server should send the CAfile as acceptable CAs, not its own cert.
- [Bodo Moeller <3moeller at informatik.uni-hamburg.de>]
-
- *) Don't blow it for numeric -newkey arguments to apps/req.
- [Bodo Moeller <3moeller at informatik.uni-hamburg.de>]
-
- *) Temp key "for export" tests were wrong in s3_srvr.c.
- [Anonymous <nobody at replay.com>]
-
- *) Add prototype for temp key callback functions
- SSL_CTX_set_tmp_{rsa,dh}_callback().
- [Ben Laurie]
-
- *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
- DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
- [Steve Henson]
-
- *) X509_name_add_entry() freed the wrong thing after an error.
- [Arne Ansper <arne at ats.cyber.ee>]
-
- *) rsa_eay.c would attempt to free a NULL context.
- [Arne Ansper <arne at ats.cyber.ee>]
-
- *) BIO_s_socket() had a broken should_retry() on Windoze.
- [Arne Ansper <arne at ats.cyber.ee>]
-
- *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
- [Arne Ansper <arne at ats.cyber.ee>]
-
- *) Make sure the already existing X509_STORE->depth variable is initialized
- in X509_STORE_new(), but document the fact that this variable is still
- unused in the certificate verification process.
- [Ralf S. Engelschall]
-
- *) Fix the various library and apps files to free up pkeys obtained from
- X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
- [Steve Henson]
-
- *) Fix reference counting in X509_PUBKEY_get(). This makes
- demos/maurice/example2.c work, amongst others, probably.
- [Steve Henson and Ben Laurie]
-
- *) First cut of a cleanup for apps/. First the `ssleay' program is now named
- `openssl' and second, the shortcut symlinks for the `openssl <command>'
- are no longer created. This way we have a single and consistent command
- line interface `openssl <command>', similar to `cvs <command>'.
- [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
-
- *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
- BIT STRING wrapper always have zero unused bits.
- [Steve Henson]
-
- *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
- [Steve Henson]
-
- *) Make the top-level INSTALL documentation easier to understand.
- [Paul Sutton]
-
- *) Makefiles updated to exit if an error occurs in a sub-directory
- make (including if user presses ^C) [Paul Sutton]
-
- *) Make Montgomery context stuff explicit in RSA data structure.
- [Ben Laurie]
-
- *) Fix build order of pem and err to allow for generated pem.h.
- [Ben Laurie]
-
- *) Fix renumbering bug in X509_NAME_delete_entry().
- [Ben Laurie]
-
- *) Enhanced the err-ins.pl script so it makes the error library number
- global and can add a library name. This is needed for external ASN1 and
- other error libraries.
- [Steve Henson]
-
- *) Fixed sk_insert which never worked properly.
- [Steve Henson]
-
- *) Fix ASN1 macros so they can handle indefinite length construted
- EXPLICIT tags. Some non standard certificates use these: they can now
- be read in.
- [Steve Henson]
-
- *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
- into a single doc/ssleay.txt bundle. This way the information is still
- preserved but no longer messes up this directory. Now it's new room for
- the new set of documenation files.
- [Ralf S. Engelschall]
-
- *) SETs were incorrectly DER encoded. This was a major pain, because they
- shared code with SEQUENCEs, which aren't coded the same. This means that
- almost everything to do with SETs or SEQUENCEs has either changed name or
- number of arguments.
- [Ben Laurie, based on a partial fix by GP Jayan <gp at nsj.co.jp>]
-
- *) Fix test data to work with the above.
- [Ben Laurie]
-
- *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
- was already fixed by Eric for 0.9.1 it seems.
- [Ben Laurie - pointed out by Ulf M\xF6ller <ulf at fitug.de>]
-
- *) Autodetect FreeBSD3.
- [Ben Laurie]
-
- *) Fix various bugs in Configure. This affects the following platforms:
- nextstep
- ncr-scde
- unixware-2.0
- unixware-2.0-pentium
- sco5-cc.
- [Ben Laurie]
-
- *) Eliminate generated files from CVS. Reorder tests to regenerate files
- before they are needed.
- [Ben Laurie]
-
- *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
- [Ben Laurie]
-
-
- Changes between 0.9.1b and 0.9.1c [23-Dec-1998]
-
- *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and
- changed SSLeay to OpenSSL in version strings.
- [Ralf S. Engelschall]
-
- *) Some fixups to the top-level documents.
- [Paul Sutton]
-
- *) Fixed the nasty bug where rsaref.h was not found under compile-time
- because the symlink to include/ was missing.
- [Ralf S. Engelschall]
-
- *) Incorporated the popular no-RSA/DSA-only patches
- which allow to compile a RSA-free SSLeay.
- [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
-
- *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
- when "ssleay" is still not found.
- [Ralf S. Engelschall]
-
- *) Added more platforms to Configure: Cray T3E, HPUX 11,
- [Ralf S. Engelschall, Beckmann <beckman at acl.lanl.gov>]
-
- *) Updated the README file.
- [Ralf S. Engelschall]
-
- *) Added various .cvsignore files in the CVS repository subdirs
- to make a "cvs update" really silent.
- [Ralf S. Engelschall]
-
- *) Recompiled the error-definition header files and added
- missing symbols to the Win32 linker tables.
- [Ralf S. Engelschall]
-
- *) Cleaned up the top-level documents;
- o new files: CHANGES and LICENSE
- o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay
- o merged COPYRIGHT into LICENSE
- o removed obsolete TODO file
- o renamed MICROSOFT to INSTALL.W32
- [Ralf S. Engelschall]
-
- *) Removed dummy files from the 0.9.1b source tree:
- crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
- crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
- crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
- crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
- util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
- [Ralf S. Engelschall]
-
- *) Added various platform portability fixes.
- [Mark J. Cox]
-
- *) The Genesis of the OpenSSL rpject:
- We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
- Young and Tim J. Hudson created while they were working for C2Net until
- summer 1998.
- [The OpenSSL Project]
-
-
- Changes between 0.9.0b and 0.9.1b [not released]
-
- *) Updated a few CA certificates under certs/
- [Eric A. Young]
-
- *) Changed some BIGNUM api stuff.
- [Eric A. Young]
-
- *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD,
- DGUX x86, Linux Alpha, etc.
- [Eric A. Young]
-
- *) New COMP library [crypto/comp/] for SSL Record Layer Compression:
- RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
- available).
- [Eric A. Young]
-
- *) Add -strparse option to asn1pars program which parses nested
- binary structures
- [Dr Stephen Henson <shenson at bigfoot.com>]
-
- *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
- [Eric A. Young]
-
- *) DSA fix for "ca" program.
- [Eric A. Young]
-
- *) Added "-genkey" option to "dsaparam" program.
- [Eric A. Young]
-
- *) Added RIPE MD160 (rmd160) message digest.
- [Eric A. Young]
-
- *) Added -a (all) option to "ssleay version" command.
- [Eric A. Young]
-
- *) Added PLATFORM define which is the id given to Configure.
- [Eric A. Young]
-
- *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
- [Eric A. Young]
-
- *) Extended the ASN.1 parser routines.
- [Eric A. Young]
-
- *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
- [Eric A. Young]
-
- *) Added a BN_CTX to the BN library.
- [Eric A. Young]
-
- *) Fixed the weak key values in DES library
- [Eric A. Young]
-
- *) Changed API in EVP library for cipher aliases.
- [Eric A. Young]
-
- *) Added support for RC2/64bit cipher.
- [Eric A. Young]
-
- *) Converted the lhash library to the crypto/mem.c functions.
- [Eric A. Young]
-
- *) Added more recognized ASN.1 object ids.
- [Eric A. Young]
-
- *) Added more RSA padding checks for SSL/TLS.
- [Eric A. Young]
-
- *) Added BIO proxy/filter functionality.
- [Eric A. Young]
-
- *) Added extra_certs to SSL_CTX which can be used
- send extra CA certificates to the client in the CA cert chain sending
- process. It can be configured with SSL_CTX_add_extra_chain_cert().
- [Eric A. Young]
-
- *) Now Fortezza is denied in the authentication phase because
- this is key exchange mechanism is not supported by SSLeay at all.
- [Eric A. Young]
-
- *) Additional PKCS1 checks.
- [Eric A. Young]
-
- *) Support the string "TLSv1" for all TLS v1 ciphers.
- [Eric A. Young]
-
- *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
- ex_data index of the SSL context in the X509_STORE_CTX ex_data.
- [Eric A. Young]
-
- *) Fixed a few memory leaks.
- [Eric A. Young]
-
- *) Fixed various code and comment typos.
- [Eric A. Young]
-
- *) A minor bug in ssl/s3_clnt.c where there would always be 4 0
- bytes sent in the client random.
- [Edward Bishop <ebishop at spyglass.com>]
-
Copied: vendor-crypto/openssl/0.9.8zf/CHANGES (from rev 6976, vendor-crypto/openssl/dist/CHANGES)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/CHANGES (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/CHANGES 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,9032 @@
+
+ OpenSSL CHANGES
+ _______________
+
+ Changes between 0.9.8ze and 0.9.8zf [19 Mar 2015]
+
+ *) Segmentation fault in ASN1_TYPE_cmp fix
+
+ The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
+ made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
+ certificate signature algorithm consistency this can be used to crash any
+ certificate verification operation and exploited in a DoS attack. Any
+ application which performs certificate verification is vulnerable including
+ OpenSSL clients and servers which enable client authentication.
+ (CVE-2015-0286)
+ [Stephen Henson]
+
+ *) ASN.1 structure reuse memory corruption fix
+
+ Reusing a structure in ASN.1 parsing may allow an attacker to cause
+ memory corruption via an invalid write. Such reuse is and has been
+ strongly discouraged and is believed to be rare.
+
+ Applications that parse structures containing CHOICE or ANY DEFINED BY
+ components may be affected. Certificate parsing (d2i_X509 and related
+ functions) are however not affected. OpenSSL clients and servers are
+ not affected.
+ (CVE-2015-0287)
+ [Stephen Henson]
+
+ *) PKCS7 NULL pointer dereferences fix
+
+ The PKCS#7 parsing code does not handle missing outer ContentInfo
+ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
+ missing content and trigger a NULL pointer dereference on parsing.
+
+ Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
+ otherwise parse PKCS#7 structures from untrusted sources are
+ affected. OpenSSL clients and servers are not affected.
+
+ This issue was reported to OpenSSL by Michal Zalewski (Google).
+ (CVE-2015-0289)
+ [Emilia K\xE4sper]
+
+ *) DoS via reachable assert in SSLv2 servers fix
+
+ A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
+ servers that both support SSLv2 and enable export cipher suites by sending
+ a specially crafted SSLv2 CLIENT-MASTER-KEY message.
+
+ This issue was discovered by Sean Burford (Google) and Emilia K\xE4sper
+ (OpenSSL development team).
+ (CVE-2015-0293)
+ [Emilia K\xE4sper]
+
+ *) Use After Free following d2i_ECPrivatekey error fix
+
+ A malformed EC private key file consumed via the d2i_ECPrivateKey function
+ could cause a use after free condition. This, in turn, could cause a double
+ free in several private key parsing functions (such as d2i_PrivateKey
+ or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
+ for applications that receive EC private keys from untrusted
+ sources. This scenario is considered rare.
+
+ This issue was discovered by the BoringSSL project and fixed in their
+ commit 517073cd4b.
+ (CVE-2015-0209)
+ [Matt Caswell]
+
+ *) X509_to_X509_REQ NULL pointer deref fix
+
+ The function X509_to_X509_REQ will crash with a NULL pointer dereference if
+ the certificate key is invalid. This function is rarely used in practice.
+
+ This issue was discovered by Brian Carpenter.
+ (CVE-2015-0288)
+ [Stephen Henson]
+
+ *) Removed the export and SSLv2 ciphers from the DEFAULT ciphers
+ [Kurt Roeckx]
+
+ Changes between 0.9.8zd and 0.9.8ze [15 Jan 2015]
+
+ *) Build fixes for the Windows and OpenVMS platforms
+ [Matt Caswell and Richard Levitte]
+
+ Changes between 0.9.8zc and 0.9.8zd [8 Jan 2015]
+
+ *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
+ message can cause a segmentation fault in OpenSSL due to a NULL pointer
+ dereference. This could lead to a Denial Of Service attack. Thanks to
+ Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
+ (CVE-2014-3571)
+ [Steve Henson]
+
+ *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
+ built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
+ method would be set to NULL which could later result in a NULL pointer
+ dereference. Thanks to Frank Schmirler for reporting this issue.
+ (CVE-2014-3569)
+ [Kurt Roeckx]
+
+ *) Abort handshake if server key exchange message is omitted for ephemeral
+ ECDH ciphersuites.
+
+ Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+ reporting this issue.
+ (CVE-2014-3572)
+ [Steve Henson]
+
+ *) Remove non-export ephemeral RSA code on client and server. This code
+ violated the TLS standard by allowing the use of temporary RSA keys in
+ non-export ciphersuites and could be used by a server to effectively
+ downgrade the RSA key length used to a value smaller than the server
+ certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+ INRIA or reporting this issue.
+ (CVE-2015-0204)
+ [Steve Henson]
+
+ *) Fix various certificate fingerprint issues.
+
+ By using non-DER or invalid encodings outside the signed portion of a
+ certificate the fingerprint can be changed without breaking the signature.
+ Although no details of the signed portion of the certificate can be changed
+ this can cause problems with some applications: e.g. those using the
+ certificate fingerprint for blacklists.
+
+ 1. Reject signatures with non zero unused bits.
+
+ If the BIT STRING containing the signature has non zero unused bits reject
+ the signature. All current signature algorithms require zero unused bits.
+
+ 2. Check certificate algorithm consistency.
+
+ Check the AlgorithmIdentifier inside TBS matches the one in the
+ certificate signature. NB: this will result in signature failure
+ errors for some broken certificates.
+
+ Thanks to Konrad Kraszewski from Google for reporting this issue.
+
+ 3. Check DSA/ECDSA signatures use DER.
+
+ Reencode DSA/ECDSA signatures and compare with the original received
+ signature. Return an error if there is a mismatch.
+
+ This will reject various cases including garbage after signature
+ (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
+ program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
+ (negative or with leading zeroes).
+
+ Further analysis was conducted and fixes were developed by Stephen Henson
+ of the OpenSSL core team.
+
+ (CVE-2014-8275)
+ [Steve Henson]
+
+ *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+ results on some platforms, including x86_64. This bug occurs at random
+ with a very low probability, and is not known to be exploitable in any
+ way, though its exact impact is difficult to determine. Thanks to Pieter
+ Wuille (Blockstream) who reported this issue and also suggested an initial
+ fix. Further analysis was conducted by the OpenSSL development team and
+ Adam Langley of Google. The final fix was developed by Andy Polyakov of
+ the OpenSSL core team.
+ (CVE-2014-3570)
+ [Andy Polyakov]
+
+ Changes between 0.9.8zb and 0.9.8zc [15 Oct 2014]
+
+ *) Session Ticket Memory Leak.
+
+ When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+ integrity of that ticket is first verified. In the event of a session
+ ticket integrity check failing, OpenSSL will fail to free memory
+ causing a memory leak. By sending a large number of invalid session
+ tickets an attacker could exploit this issue in a Denial Of Service
+ attack.
+ (CVE-2014-3567)
+ [Steve Henson]
+
+ *) Build option no-ssl3 is incomplete.
+
+ When OpenSSL is configured with "no-ssl3" as a build option, servers
+ could accept and complete a SSL 3.0 handshake, and clients could be
+ configured to send them.
+ (CVE-2014-3568)
+ [Akamai and the OpenSSL team]
+
+ *) Add support for TLS_FALLBACK_SCSV.
+ Client applications doing fallback retries should call
+ SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
+ (CVE-2014-3566)
+ [Adam Langley, Bodo Moeller]
+
+ *) Add additional DigestInfo checks.
+
+ Reencode DigestInto in DER and check against the original when
+ verifying RSA signature: this will reject any improperly encoded
+ DigestInfo structures.
+
+ Note: this is a precautionary measure and no attacks are currently known.
+
+ [Steve Henson]
+
+ Changes between 0.9.8za and 0.9.8zb [6 Aug 2014]
+
+ *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
+ to a denial of service attack. A malicious server can crash the client
+ with a null pointer dereference (read) by specifying an anonymous (EC)DH
+ ciphersuite and sending carefully crafted handshake messages.
+
+ Thanks to Felix Gr\xF6bert (Google) for discovering and researching this
+ issue.
+ (CVE-2014-3510)
+ [Emilia K\xE4sper]
+
+ *) By sending carefully crafted DTLS packets an attacker could cause openssl
+ to leak memory. This can be exploited through a Denial of Service attack.
+ Thanks to Adam Langley for discovering and researching this issue.
+ (CVE-2014-3507)
+ [Adam Langley]
+
+ *) An attacker can force openssl to consume large amounts of memory whilst
+ processing DTLS handshake messages. This can be exploited through a
+ Denial of Service attack.
+ Thanks to Adam Langley for discovering and researching this issue.
+ (CVE-2014-3506)
+ [Adam Langley]
+
+ *) An attacker can force an error condition which causes openssl to crash
+ whilst processing DTLS packets due to memory being freed twice. This
+ can be exploited through a Denial of Service attack.
+ Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
+ this issue.
+ (CVE-2014-3505)
+ [Adam Langley]
+
+ *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
+ X509_name_oneline, X509_name_print_ex et al. to leak some information
+ from the stack. Applications may be affected if they echo pretty printing
+ output to the attacker.
+
+ Thanks to Ivan Fratric (Google) for discovering this issue.
+ (CVE-2014-3508)
+ [Emilia K\xE4sper, and Steve Henson]
+
+ *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+ for corner cases. (Certain input points at infinity could lead to
+ bogus results, with non-infinity inputs mapped to infinity too.)
+ [Bodo Moeller]
+
+ Changes between 0.9.8y and 0.9.8za [5 Jun 2014]
+
+ *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+ handshake can force the use of weak keying material in OpenSSL
+ SSL/TLS clients and servers.
+
+ Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
+ researching this issue. (CVE-2014-0224)
+ [KIKUCHI Masashi, Steve Henson]
+
+ *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
+ OpenSSL DTLS client the code can be made to recurse eventually crashing
+ in a DoS attack.
+
+ Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+ (CVE-2014-0221)
+ [Imre Rad, Steve Henson]
+
+ *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
+ be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
+ client or server. This is potentially exploitable to run arbitrary
+ code on a vulnerable client or server.
+
+ Thanks to J\xFCri Aedla for reporting this issue. (CVE-2014-0195)
+ [J\xFCri Aedla, Steve Henson]
+
+ *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
+ are subject to a denial of service attack.
+
+ Thanks to Felix Gr\xF6bert and Ivan Fratric at Google for discovering
+ this issue. (CVE-2014-3470)
+ [Felix Gr\xF6bert, Ivan Fratric, Steve Henson]
+
+ *) Fix for the attack described in the paper "Recovering OpenSSL
+ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+ by Yuval Yarom and Naomi Benger. Details can be obtained from:
+ http://eprint.iacr.org/2014/140
+
+ Thanks to Yuval Yarom and Naomi Benger for discovering this
+ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+ [Yuval Yarom and Naomi Benger]
+
+ Thanks to mancha for backporting the fix to the 0.9.8 branch.
+
+ *) Fix handling of warning-level alerts in SSL23 client mode so they
+ don't cause client-side termination (eg. on SNI unrecognized_name
+ warnings). Add client and server support for six additional alerts
+ per RFC 6066 and RFC 4279.
+ [mancha]
+
+ *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
+ avoids preferring ECDHE-ECDSA ciphers when the client appears to be
+ Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
+ several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
+ is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
+ 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
+ [Rob Stradling, Adam Langley]
+
+ Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
+
+ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+ This addresses the flaw in CBC record processing discovered by
+ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+ at: http://www.isg.rhul.ac.uk/tls/
+
+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+ Security Group at Royal Holloway, University of London
+ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+ Emilia K\xE4sper for the initial patch.
+ (CVE-2013-0169)
+ [Emilia K\xE4sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+ *) Return an error when checking OCSP signatures when key is NULL.
+ This fixes a DoS attack. (CVE-2013-0166)
+ [Steve Henson]
+
+ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+ the right response is stapled. Also change SSL_get_certificate()
+ so it returns the certificate actually sent.
+ See http://rt.openssl.org/Ticket/Display.html?id=2836.
+ (This is a backport)
+ [Rob Stradling <rob.stradling at comodo.com>]
+
+ *) Fix possible deadlock when decoding public keys.
+ [Steve Henson]
+
+ Changes between 0.9.8w and 0.9.8x [10 May 2012]
+
+ *) Sanity check record length before skipping explicit IV in DTLS
+ to fix DoS attack.
+
+ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+ fuzzing as a service testing platform.
+ (CVE-2012-2333)
+ [Steve Henson]
+
+ *) Initialise tkeylen properly when encrypting CMS messages.
+ Thanks to Solar Designer of Openwall for reporting this issue.
+ [Steve Henson]
+
+ Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
+
+ *) The fix for CVE-2012-2110 did not take into account that the
+ 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
+ int in OpenSSL 0.9.8, making it still vulnerable. Fix by
+ rejecting negative len parameter. (CVE-2012-2131)
+ [Tomas Hoger <thoger at redhat.com>]
+
+ Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
+
+ *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+ BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+ in CRYPTO_realloc_clean.
+
+ Thanks to Tavis Ormandy, Google Security Team, for discovering this
+ issue and to Adam Langley <agl at chromium.org> for fixing it.
+ (CVE-2012-2110)
+ [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
+ Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
+
+ *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+ in CMS and PKCS7 code. When RSA decryption fails use a random key for
+ content decryption and always return the same error. Note: this attack
+ needs on average 2^20 messages so it only affects automated senders. The
+ old behaviour can be reenabled in the CMS code by setting the
+ CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+ an MMA defence is not necessary.
+ Thanks to Ivan Nestlerode <inestlerode at us.ibm.com> for discovering
+ this issue. (CVE-2012-0884)
+ [Steve Henson]
+
+ *) Fix CVE-2011-4619: make sure we really are receiving a
+ client hello before rejecting multiple SGC restarts. Thanks to
+ Ivan Nestlerode <inestlerode at us.ibm.com> for discovering this bug.
+ [Steve Henson]
+
+ Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
+
+ *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
+ Thanks to Antonio Martin, Enterprise Secure Access Research and
+ Development, Cisco Systems, Inc. for discovering this bug and
+ preparing a fix. (CVE-2012-0050)
+ [Antonio Martin]
+
+ Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
+
+ *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+ of the Vaudenay padding oracle attack on CBC mode encryption
+ which enables an efficient plaintext recovery attack against
+ the OpenSSL implementation of DTLS. Their attack exploits timing
+ differences arising during decryption processing. A research
+ paper describing this attack can be found at:
+ http://www.isg.rhul.ac.uk/~kp/dtls.pdf
+ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+ Security Group at Royal Holloway, University of London
+ (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
+ <seggelmann at fh-muenster.de> and Michael Tuexen <tuexen at fh-muenster.de>
+ for preparing the fix. (CVE-2011-4108)
+ [Robin Seggelmann, Michael Tuexen]
+
+ *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
+ [Ben Laurie, Kasper <ekasper at google.com>]
+
+ *) Clear bytes used for block padding of SSL 3.0 records.
+ (CVE-2011-4576)
+ [Adam Langley (Google)]
+
+ *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
+ Kadianakis <desnacked at gmail.com> for discovering this issue and
+ Adam Langley for preparing the fix. (CVE-2011-4619)
+ [Adam Langley (Google)]
+
+ *) Prevent malformed RFC3779 data triggering an assertion failure.
+ Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+ and Rob Austein <sra at hactrn.net> for fixing it. (CVE-2011-4577)
+ [Rob Austein <sra at hactrn.net>]
+
+ *) Fix ssl_ciph.c set-up race.
+ [Adam Langley (Google)]
+
+ *) Fix spurious failures in ecdsatest.c.
+ [Emilia K\xE4sper (Google)]
+
+ *) Fix the BIO_f_buffer() implementation (which was mixing different
+ interpretations of the '..._len' fields).
+ [Adam Langley (Google)]
+
+ *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
+ BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
+ threads won't reuse the same blinding coefficients.
+
+ This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
+ lock to call BN_BLINDING_invert_ex, and avoids one use of
+ BN_BLINDING_update for each BN_BLINDING structure (previously,
+ the last update always remained unused).
+ [Emilia K\xE4sper (Google)]
+
+ *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+ for multi-threaded use of ECDH.
+ [Adam Langley (Google)]
+
+ *) Fix x509_name_ex_d2i memory leak on bad inputs.
+ [Bodo Moeller]
+
+ *) Add protection against ECDSA timing attacks as mentioned in the paper
+ by Billy Bob Brumley and Nicola Tuveri, see:
+
+ http://eprint.iacr.org/2011/232.pdf
+
+ [Billy Bob Brumley and Nicola Tuveri]
+
+ Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
+
+ *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+ [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
+
+ *) Fix bug in string printing code: if *any* escaping is enabled we must
+ escape the escape character (backslash) or the resulting string is
+ ambiguous.
+ [Steve Henson]
+
+ Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
+
+ *) Disable code workaround for ancient and obsolete Netscape browsers
+ and servers: an attacker can use it in a ciphersuite downgrade attack.
+ Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+ [Steve Henson]
+
+ *) Fixed J-PAKE implementation error, originally discovered by
+ Sebastien Martini, further info and confirmation from Stefan
+ Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+ [Ben Laurie]
+
+ Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
+
+ *) Fix extension code to avoid race conditions which can result in a buffer
+ overrun vulnerability: resumed sessions must not be modified as they can
+ be shared by multiple threads. CVE-2010-3864
+ [Steve Henson]
+
+ *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
+ [Steve Henson]
+
+ *) Don't reencode certificate when calculating signature: cache and use
+ the original encoding instead. This makes signature verification of
+ some broken encodings work correctly.
+ [Steve Henson]
+
+ *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
+ is also one of the inputs.
+ [Emilia K\xE4sper <emilia.kasper at esat.kuleuven.be> (Google)]
+
+ *) Don't repeatedly append PBE algorithms to table if they already exist.
+ Sort table on each new add. This effectively makes the table read only
+ after all algorithms are added and subsequent calls to PKCS12_pbe_add
+ etc are non-op.
+ [Steve Henson]
+
+ Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
+
+ [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
+ OpenSSL 1.0.0.]
+
+ *) Correct a typo in the CMS ASN1 module which can result in invalid memory
+ access or freeing data twice (CVE-2010-0742)
+ [Steve Henson, Ronald Moesbergen <intercommit at gmail.com>]
+
+ *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
+ common in certificates and some applications which only call
+ SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
+ [Steve Henson]
+
+ *) VMS fixes:
+ Reduce copying into .apps and .test in makevms.com
+ Don't try to use blank CA certificate in CA.com
+ Allow use of C files from original directories in maketests.com
+ [Steven M. Schweda" <sms at antinode.info>]
+
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+
+ *) When rejecting SSL/TLS records due to an incorrect version number, never
+ update s->server with a new major version number. As of
+ - OpenSSL 0.9.8m if 'short' is a 16-bit type,
+ - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
+ the previous behavior could result in a read attempt at NULL when
+ receiving specific incorrect SSL/TLS records once record payload
+ protection is active. (CVE-2010-0740)
+ [Bodo Moeller, Adam Langley <agl at chromium.org>]
+
+ *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
+ could be crashed if the relevant tables were not present (e.g. chrooted).
+ [Tomas Hoger <thoger at redhat.com>]
+
+ Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
+
+ *) Always check bn_wexpend() return values for failure. (CVE-2009-3245)
+ [Martin Olsson, Neel Mehta]
+
+ *) Fix X509_STORE locking: Every 'objs' access requires a lock (to
+ accommodate for stack sorting, always a write lock!).
+ [Bodo Moeller]
+
+ *) On some versions of WIN32 Heap32Next is very slow. This can cause
+ excessive delays in the RAND_poll(): over a minute. As a workaround
+ include a time check in the inner Heap32Next loop too.
+ [Steve Henson]
+
+ *) The code that handled flushing of data in SSL/TLS originally used the
+ BIO_CTRL_INFO ctrl to see if any data was pending first. This caused
+ the problem outlined in PR#1949. The fix suggested there however can
+ trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions
+ of Apache). So instead simplify the code to flush unconditionally.
+ This should be fine since flushing with no data to flush is a no op.
+ [Steve Henson]
+
+ *) Handle TLS versions 2.0 and later properly and correctly use the
+ highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
+ off ancient servers have a habit of sticking around for a while...
+ [Steve Henson]
+
+ *) Modify compression code so it frees up structures without using the
+ ex_data callbacks. This works around a problem where some applications
+ call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when
+ restarting) then use compression (e.g. SSL with compression) later.
+ This results in significant per-connection memory leaks and
+ has caused some security issues including CVE-2008-1678 and
+ CVE-2009-4355.
+ [Steve Henson]
+
+ *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
+ change when encrypting or decrypting.
+ [Bodo Moeller]
+
+ *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
+ connect and renegotiate with servers which do not support RI.
+ Until RI is more widely deployed this option is enabled by default.
+ [Steve Henson]
+
+ *) Add "missing" ssl ctrls to clear options and mode.
+ [Steve Henson]
+
+ *) If client attempts to renegotiate and doesn't support RI respond with
+ a no_renegotiation alert as required by RFC5746. Some renegotiating
+ TLS clients will continue a connection gracefully when they receive
+ the alert. Unfortunately OpenSSL mishandled this alert and would hang
+ waiting for a server hello which it will never receive. Now we treat a
+ received no_renegotiation alert as a fatal error. This is because
+ applications requesting a renegotiation might well expect it to succeed
+ and would have no code in place to handle the server denying it so the
+ only safe thing to do is to terminate the connection.
+ [Steve Henson]
+
+ *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
+ peer supports secure renegotiation and 0 otherwise. Print out peer
+ renegotiation support in s_client/s_server.
+ [Steve Henson]
+
+ *) Replace the highly broken and deprecated SPKAC certification method with
+ the updated NID creation version. This should correctly handle UTF8.
+ [Steve Henson]
+
+ *) Implement RFC5746. Re-enable renegotiation but require the extension
+ as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+ turns out to be a bad idea. It has been replaced by
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
+ SSL_CTX_set_options(). This is really not recommended unless you
+ know what you are doing.
+ [Eric Rescorla <ekr at networkresonance.com>, Ben Laurie, Steve Henson]
+
+ *) Fixes to stateless session resumption handling. Use initial_ctx when
+ issuing and attempting to decrypt tickets in case it has changed during
+ servername handling. Use a non-zero length session ID when attempting
+ stateless session resumption: this makes it possible to determine if
+ a resumption has occurred immediately after receiving server hello
+ (several places in OpenSSL subtly assume this) instead of later in
+ the handshake.
+ [Steve Henson]
+
+ *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
+ CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
+ fixes for a few places where the return code is not checked
+ correctly.
+ [Julia Lawall <julia at diku.dk>]
+
+ *) Add --strict-warnings option to Configure script to include devteam
+ warnings in other configurations.
+ [Steve Henson]
+
+ *) Add support for --libdir option and LIBDIR variable in makefiles. This
+ makes it possible to install openssl libraries in locations which
+ have names other than "lib", for example "/usr/lib64" which some
+ systems need.
+ [Steve Henson, based on patch from Jeremy Utley]
+
+ *) Don't allow the use of leading 0x80 in OIDs. This is a violation of
+ X690 8.9.12 and can produce some misleading textual output of OIDs.
+ [Steve Henson, reported by Dan Kaminsky]
+
+ *) Delete MD2 from algorithm tables. This follows the recommendation in
+ several standards that it is not used in new applications due to
+ several cryptographic weaknesses. For binary compatibility reasons
+ the MD2 API is still compiled in by default.
+ [Steve Henson]
+
+ *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
+ and restored.
+ [Steve Henson]
+
+ *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
+ OPENSSL_asc2uni conditionally on Netware platforms to avoid a name
+ clash.
+ [Guenter <lists at gknw.net>]
+
+ *) Fix the server certificate chain building code to use X509_verify_cert(),
+ it used to have an ad-hoc builder which was unable to cope with anything
+ other than a simple chain.
+ [David Woodhouse <dwmw2 at infradead.org>, Steve Henson]
+
+ *) Don't check self signed certificate signatures in X509_verify_cert()
+ by default (a flag can override this): it just wastes time without
+ adding any security. As a useful side effect self signed root CAs
+ with non-FIPS digests are now usable in FIPS mode.
+ [Steve Henson]
+
+ *) In dtls1_process_out_of_seq_message() the check if the current message
+ is already buffered was missing. For every new message was memory
+ allocated, allowing an attacker to perform an denial of service attack
+ with sending out of seq handshake messages until there is no memory
+ left. Additionally every future messege was buffered, even if the
+ sequence number made no sense and would be part of another handshake.
+ So only messages with sequence numbers less than 10 in advance will be
+ buffered. (CVE-2009-1378)
+ [Robin Seggelmann, discovered by Daniel Mentz]
+
+ *) Records are buffered if they arrive with a future epoch to be
+ processed after finishing the corresponding handshake. There is
+ currently no limitation to this buffer allowing an attacker to perform
+ a DOS attack with sending records with future epochs until there is no
+ memory left. This patch adds the pqueue_size() function to detemine
+ the size of a buffer and limits the record buffer to 100 entries.
+ (CVE-2009-1377)
+ [Robin Seggelmann, discovered by Daniel Mentz]
+
+ *) Keep a copy of frag->msg_header.frag_len so it can be used after the
+ parent structure is freed. (CVE-2009-1379)
+ [Daniel Mentz]
+
+ *) Handle non-blocking I/O properly in SSL_shutdown() call.
+ [Darryl Miles <darryl-mailinglists at netbauds.net>]
+
+ *) Add 2.5.4.* OIDs
+ [Ilya O. <vrghost at gmail.com>]
+
+ Changes between 0.9.8k and 0.9.8l [5 Nov 2009]
+
+ *) Disable renegotiation completely - this fixes a severe security
+ problem (CVE-2009-3555) at the cost of breaking all
+ renegotiation. Renegotiation can be re-enabled by setting
+ SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+ run-time. This is really not recommended unless you know what
+ you're doing.
+ [Ben Laurie]
+
+ Changes between 0.9.8j and 0.9.8k [25 Mar 2009]
+
+ *) Don't set val to NULL when freeing up structures, it is freed up by
+ underlying code. If sizeof(void *) > sizeof(long) this can result in
+ zeroing past the valid field. (CVE-2009-0789)
+ [Paolo Ganci <Paolo.Ganci at AdNovum.CH>]
+
+ *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
+ checked correctly. This would allow some invalid signed attributes to
+ appear to verify correctly. (CVE-2009-0591)
+ [Ivan Nestlerode <inestlerode at us.ibm.com>]
+
+ *) Reject UniversalString and BMPString types with invalid lengths. This
+ prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
+ a legal length. (CVE-2009-0590)
+ [Steve Henson]
+
+ *) Set S/MIME signing as the default purpose rather than setting it
+ unconditionally. This allows applications to override it at the store
+ level.
+ [Steve Henson]
+
+ *) Permit restricted recursion of ASN1 strings. This is needed in practice
+ to handle some structures.
+ [Steve Henson]
+
+ *) Improve efficiency of mem_gets: don't search whole buffer each time
+ for a '\n'
+ [Jeremy Shapiro <jnshapir at us.ibm.com>]
+
+ *) New -hex option for openssl rand.
+ [Matthieu Herrb]
+
+ *) Print out UTF8String and NumericString when parsing ASN1.
+ [Steve Henson]
+
+ *) Support NumericString type for name components.
+ [Steve Henson]
+
+ *) Allow CC in the environment to override the automatically chosen
+ compiler. Note that nothing is done to ensure flags work with the
+ chosen compiler.
+ [Ben Laurie]
+
+ Changes between 0.9.8i and 0.9.8j [07 Jan 2009]
+
+ *) Properly check EVP_VerifyFinal() and similar return values
+ (CVE-2008-5077).
+ [Ben Laurie, Bodo Moeller, Google Security Team]
+
+ *) Enable TLS extensions by default.
+ [Ben Laurie]
+
+ *) Allow the CHIL engine to be loaded, whether the application is
+ multithreaded or not. (This does not release the developer from the
+ obligation to set up the dynamic locking callbacks.)
+ [Sander Temme <sander at temme.net>]
+
+ *) Use correct exit code if there is an error in dgst command.
+ [Steve Henson; problem pointed out by Roland Dirlewanger]
+
+ *) Tweak Configure so that you need to say "experimental-jpake" to enable
+ JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
+ [Bodo Moeller]
+
+ *) Add experimental JPAKE support, including demo authentication in
+ s_client and s_server.
+ [Ben Laurie]
+
+ *) Set the comparison function in v3_addr_canonize().
+ [Rob Austein <sra at hactrn.net>]
+
+ *) Add support for XMPP STARTTLS in s_client.
+ [Philip Paeps <philip at freebsd.org>]
+
+ *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
+ to ensure that even with this option, only ciphersuites in the
+ server's preference list will be accepted. (Note that the option
+ applies only when resuming a session, so the earlier behavior was
+ just about the algorithm choice for symmetric cryptography.)
+ [Bodo Moeller]
+
+ Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
+
+ *) Fix NULL pointer dereference if a DTLS server received
+ ChangeCipherSpec as first record (CVE-2009-1386).
+ [PR #1679]
+
+ *) Fix a state transitition in s3_srvr.c and d1_srvr.c
+ (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
+ [Nagendra Modadugu]
+
+ *) The fix in 0.9.8c that supposedly got rid of unsafe
+ double-checked locking was incomplete for RSA blinding,
+ addressing just one layer of what turns out to have been
+ doubly unsafe triple-checked locking.
+
+ So now fix this for real by retiring the MONT_HELPER macro
+ in crypto/rsa/rsa_eay.c.
+
+ [Bodo Moeller; problem pointed out by Marius Schilder]
+
+ *) Various precautionary measures:
+
+ - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
+
+ - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
+ (NB: This would require knowledge of the secret session ticket key
+ to exploit, in which case you'd be SOL either way.)
+
+ - Change bn_nist.c so that it will properly handle input BIGNUMs
+ outside the expected range.
+
+ - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
+ builds.
+
+ [Neel Mehta, Bodo Moeller]
+
+ *) Allow engines to be "soft loaded" - i.e. optionally don't die if
+ the load fails. Useful for distros.
+ [Ben Laurie and the FreeBSD team]
+
+ *) Add support for Local Machine Keyset attribute in PKCS#12 files.
+ [Steve Henson]
+
+ *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
+ [Huang Ying]
+
+ *) Expand ENGINE to support engine supplied SSL client certificate functions.
+
+ This work was sponsored by Logica.
+ [Steve Henson]
+
+ *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
+ keystores. Support for SSL/TLS client authentication too.
+ Not compiled unless enable-capieng specified to Configure.
+
+ This work was sponsored by Logica.
+ [Steve Henson]
+
+ *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
+ ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
+ attribute creation routines such as certifcate requests and PKCS#12
+ files.
+ [Steve Henson]
+
+ Changes between 0.9.8g and 0.9.8h [28 May 2008]
+
+ *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
+ handshake which could lead to a cilent crash as found using the
+ Codenomicon TLS test suite (CVE-2008-1672)
+ [Steve Henson, Mark Cox]
+
+ *) Fix double free in TLS server name extensions which could lead to
+ a remote crash found by Codenomicon TLS test suite (CVE-2008-0891)
+ [Joe Orton]
+
+ *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+ Clear the error queue to ensure that error entries left from
+ older function calls do not interfere with the correct operation.
+ [Lutz Jaenicke, Erik de Castro Lopo]
+
+ *) Remove root CA certificates of commercial CAs:
+
+ The OpenSSL project does not recommend any specific CA and does not
+ have any policy with respect to including or excluding any CA.
+ Therefore it does not make any sense to ship an arbitrary selection
+ of root CA certificates with the OpenSSL software.
+ [Lutz Jaenicke]
+
+ *) RSA OAEP patches to fix two separate invalid memory reads.
+ The first one involves inputs when 'lzero' is greater than
+ 'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
+ before the beginning of from). The second one involves inputs where
+ the 'db' section contains nothing but zeroes (there is a one-byte
+ invalid read after the end of 'db').
+ [Ivan Nestlerode <inestlerode at us.ibm.com>]
+
+ *) Partial backport from 0.9.9-dev:
+
+ Introduce bn_mul_mont (dedicated Montgomery multiplication
+ procedure) as a candidate for BIGNUM assembler implementation.
+ While 0.9.9-dev uses assembler for various architectures, only
+ x86_64 is available by default here in the 0.9.8 branch, and
+ 32-bit x86 is available through a compile-time setting.
+
+ To try the 32-bit x86 assembler implementation, use Configure
+ option "enable-montasm" (which exists only for this backport).
+
+ As "enable-montasm" for 32-bit x86 disclaims code stability
+ anyway, in this constellation we activate additional code
+ backported from 0.9.9-dev for further performance improvements,
+ namely BN_from_montgomery_word. (To enable this otherwise,
+ e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".)
+
+ [Andy Polyakov (backport partially by Bodo Moeller)]
+
+ *) Add TLS session ticket callback. This allows an application to set
+ TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
+ values. This is useful for key rollover for example where several key
+ sets may exist with different names.
+ [Steve Henson]
+
+ *) Reverse ENGINE-internal logic for caching default ENGINE handles.
+ This was broken until now in 0.9.8 releases, such that the only way
+ a registered ENGINE could be used (assuming it initialises
+ successfully on the host) was to explicitly set it as the default
+ for the relevant algorithms. This is in contradiction with 0.9.7
+ behaviour and the documentation. With this fix, when an ENGINE is
+ registered into a given algorithm's table of implementations, the
+ 'uptodate' flag is reset so that auto-discovery will be used next
+ time a new context for that algorithm attempts to select an
+ implementation.
+ [Ian Lister (tweaked by Geoff Thorpe)]
+
+ *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
+ implemention in the following ways:
+
+ Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
+ hard coded.
+
+ Lack of BER streaming support means one pass streaming processing is
+ only supported if data is detached: setting the streaming flag is
+ ignored for embedded content.
+
+ CMS support is disabled by default and must be explicitly enabled
+ with the enable-cms configuration option.
+ [Steve Henson]
+
+ *) Update the GMP engine glue to do direct copies between BIGNUM and
+ mpz_t when openssl and GMP use the same limb size. Otherwise the
+ existing "conversion via a text string export" trick is still used.
+ [Paul Sheer <paulsheer at gmail.com>]
+
+ *) Zlib compression BIO. This is a filter BIO which compressed and
+ uncompresses any data passed through it.
+ [Steve Henson]
+
+ *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
+ RFC3394 compatible AES key wrapping.
+ [Steve Henson]
+
+ *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
+ sets string data without copying. X509_ALGOR_set0() and
+ X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
+ data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
+ from an X509_ATTRIBUTE structure optionally checking it occurs only
+ once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
+ data.
+ [Steve Henson]
+
+ *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
+ to get the expected BN_FLG_CONSTTIME behavior.
+ [Bodo Moeller (Google)]
+
+ *) Netware support:
+
+ - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
+ - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
+ - added some more tests to do_tests.pl
+ - fixed RunningProcess usage so that it works with newer LIBC NDKs too
+ - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
+ - added new Configure targets netware-clib-bsdsock, netware-clib-gcc,
+ netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
+ - various changes to netware.pl to enable gcc-cross builds on Win32
+ platform
+ - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
+ - various changes to fix missing prototype warnings
+ - fixed x86nasm.pl to create correct asm files for NASM COFF output
+ - added AES, WHIRLPOOL and CPUID assembler code to build files
+ - added missing AES assembler make rules to mk1mf.pl
+ - fixed order of includes in apps/ocsp.c so that e_os.h settings apply
+ [Guenter Knauf <eflash at gmx.net>]
+
+ *) Implement certificate status request TLS extension defined in RFC3546.
+ A client can set the appropriate parameters and receive the encoded
+ OCSP response via a callback. A server can query the supplied parameters
+ and set the encoded OCSP response in the callback. Add simplified examples
+ to s_client and s_server.
+ [Steve Henson]
+
+ Changes between 0.9.8f and 0.9.8g [19 Oct 2007]
+
+ *) Fix various bugs:
+ + Binary incompatibility of ssl_ctx_st structure
+ + DTLS interoperation with non-compliant servers
+ + Don't call get_session_cb() without proposed session
+ + Fix ia64 assembler code
+ [Andy Polyakov, Steve Henson]
+
+ Changes between 0.9.8e and 0.9.8f [11 Oct 2007]
+
+ *) DTLS Handshake overhaul. There were longstanding issues with
+ OpenSSL DTLS implementation, which were making it impossible for
+ RFC 4347 compliant client to communicate with OpenSSL server.
+ Unfortunately just fixing these incompatibilities would "cut off"
+ pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e
+ server keeps tolerating non RFC compliant syntax. The opposite is
+ not true, 0.9.8f client can not communicate with earlier server.
+ This update even addresses CVE-2007-4995.
+ [Andy Polyakov]
+
+ *) Changes to avoid need for function casts in OpenSSL: some compilers
+ (gcc 4.2 and later) reject their use.
+ [Kurt Roeckx <kurt at roeckx.be>, Peter Hartley <pdh at utter.chaos.org.uk>,
+ Steve Henson]
+
+ *) Add RFC4507 support to OpenSSL. This includes the corrections in
+ RFC4507bis. The encrypted ticket format is an encrypted encoded
+ SSL_SESSION structure, that way new session features are automatically
+ supported.
+
+ If a client application caches session in an SSL_SESSION structure
+ support is transparent because tickets are now stored in the encoded
+ SSL_SESSION.
+
+ The SSL_CTX structure automatically generates keys for ticket
+ protection in servers so again support should be possible
+ with no application modification.
+
+ If a client or server wishes to disable RFC4507 support then the option
+ SSL_OP_NO_TICKET can be set.
+
+ Add a TLS extension debugging callback to allow the contents of any client
+ or server extensions to be examined.
+
+ This work was sponsored by Google.
+ [Steve Henson]
+
+ *) Add initial support for TLS extensions, specifically for the server_name
+ extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
+ have new members for a host name. The SSL data structure has an
+ additional member SSL_CTX *initial_ctx so that new sessions can be
+ stored in that context to allow for session resumption, even after the
+ SSL has been switched to a new SSL_CTX in reaction to a client's
+ server_name extension.
+
+ New functions (subject to change):
+
+ SSL_get_servername()
+ SSL_get_servername_type()
+ SSL_set_SSL_CTX()
+
+ New CTRL codes and macros (subject to change):
+
+ SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+ - SSL_CTX_set_tlsext_servername_callback()
+ SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+ - SSL_CTX_set_tlsext_servername_arg()
+ SSL_CTRL_SET_TLSEXT_HOSTNAME - SSL_set_tlsext_host_name()
+
+ openssl s_client has a new '-servername ...' option.
+
+ openssl s_server has new options '-servername_host ...', '-cert2 ...',
+ '-key2 ...', '-servername_fatal' (subject to change). This allows
+ testing the HostName extension for a specific single host name ('-cert'
+ and '-key' remain fallbacks for handshakes without HostName
+ negotiation). If the unrecogninzed_name alert has to be sent, this by
+ default is a warning; it becomes fatal with the '-servername_fatal'
+ option.
+
+ [Peter Sylvester, Remy Allais, Christophe Renou, Steve Henson]
+
+ *) Add AES and SSE2 assembly language support to VC++ build.
+ [Steve Henson]
+
+ *) Mitigate attack on final subtraction in Montgomery reduction.
+ [Andy Polyakov]
+
+ *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
+ (which previously caused an internal error).
+ [Bodo Moeller]
+
+ *) Squeeze another 10% out of IGE mode when in != out.
+ [Ben Laurie]
+
+ *) AES IGE mode speedup.
+ [Dean Gaudet (Google)]
+
+ *) Add the Korean symmetric 128-bit cipher SEED (see
+ http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and
+ add SEED ciphersuites from RFC 4162:
+
+ TLS_RSA_WITH_SEED_CBC_SHA = "SEED-SHA"
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA = "DHE-DSS-SEED-SHA"
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA = "DHE-RSA-SEED-SHA"
+ TLS_DH_anon_WITH_SEED_CBC_SHA = "ADH-SEED-SHA"
+
+ To minimize changes between patchlevels in the OpenSSL 0.9.8
+ series, SEED remains excluded from compilation unless OpenSSL
+ is configured with 'enable-seed'.
+ [KISA, Bodo Moeller]
+
+ *) Mitigate branch prediction attacks, which can be practical if a
+ single processor is shared, allowing a spy process to extract
+ information. For detailed background information, see
+ http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron,
+ J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL
+ and Necessary Software Countermeasures"). The core of the change
+ are new versions BN_div_no_branch() and
+ BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(),
+ respectively, which are slower, but avoid the security-relevant
+ conditional branches. These are automatically called by BN_div()
+ and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one
+ of the input BIGNUMs. Also, BN_is_bit_set() has been changed to
+ remove a conditional branch.
+
+ BN_FLG_CONSTTIME is the new name for the previous
+ BN_FLG_EXP_CONSTTIME flag, since it now affects more than just
+ modular exponentiation. (Since OpenSSL 0.9.7h, setting this flag
+ in the exponent causes BN_mod_exp_mont() to use the alternative
+ implementation in BN_mod_exp_mont_consttime().) The old name
+ remains as a deprecated alias.
+
+ Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
+ RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
+ constant-time implementations for more than just exponentiation.
+ Here too the old name is kept as a deprecated alias.
+
+ BN_BLINDING_new() will now use BN_dup() for the modulus so that
+ the BN_BLINDING structure gets an independent copy of the
+ modulus. This means that the previous "BIGNUM *m" argument to
+ BN_BLINDING_new() and to BN_BLINDING_create_param() now
+ essentially becomes "const BIGNUM *m", although we can't actually
+ change this in the header file before 0.9.9. It allows
+ RSA_setup_blinding() to use BN_with_flags() on the modulus to
+ enable BN_FLG_CONSTTIME.
+
+ [Matthew D Wood (Intel Corp)]
+
+ *) In the SSL/TLS server implementation, be strict about session ID
+ context matching (which matters if an application uses a single
+ external cache for different purposes). Previously,
+ out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
+ set. This did ensure strict client verification, but meant that,
+ with applications using a single external cache for quite
+ different requirements, clients could circumvent ciphersuite
+ restrictions for a given session ID context by starting a session
+ in a different context.
+ [Bodo Moeller]
+
+ *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+ a ciphersuite string such as "DEFAULT:RSA" cannot enable
+ authentication-only ciphersuites.
+ [Bodo Moeller]
+
+ *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was
+ not complete and could lead to a possible single byte overflow
+ (CVE-2007-5135) [Ben Laurie]
+
+ Changes between 0.9.8d and 0.9.8e [23 Feb 2007]
+
+ *) Since AES128 and AES256 (and similarly Camellia128 and
+ Camellia256) share a single mask bit in the logic of
+ ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+ kludge to work properly if AES128 is available and AES256 isn't
+ (or if Camellia128 is available and Camellia256 isn't).
+ [Victor Duchovni]
+
+ *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c
+ (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):
+ When a point or a seed is encoded in a BIT STRING, we need to
+ prevent the removal of trailing zero bits to get the proper DER
+ encoding. (By default, crypto/asn1/a_bitstr.c assumes the case
+ of a NamedBitList, for which trailing 0 bits need to be removed.)
+ [Bodo Moeller]
+
+ *) Have SSL/TLS server implementation tolerate "mismatched" record
+ protocol version while receiving ClientHello even if the
+ ClientHello is fragmented. (The server can't insist on the
+ particular protocol version it has chosen before the ServerHello
+ message has informed the client about his choice.)
+ [Bodo Moeller]
+
+ *) Add RFC 3779 support.
+ [Rob Austein for ARIN, Ben Laurie]
+
+ *) Load error codes if they are not already present instead of using a
+ static variable. This allows them to be cleanly unloaded and reloaded.
+ Improve header file function name parsing.
+ [Steve Henson]
+
+ *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
+ or CAPABILITY handshake as required by RFCs.
+ [Goetz Babin-Ebell]
+
+ Changes between 0.9.8c and 0.9.8d [28 Sep 2006]
+
+ *) Introduce limits to prevent malicious keys being able to
+ cause a denial of service. (CVE-2006-2940)
+ [Steve Henson, Bodo Moeller]
+
+ *) Fix ASN.1 parsing of certain invalid structures that can result
+ in a denial of service. (CVE-2006-2937) [Steve Henson]
+
+ *) Fix buffer overflow in SSL_get_shared_ciphers() function.
+ (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+ *) Fix SSL client code which could crash if connecting to a
+ malicious SSLv2 server. (CVE-2006-4343)
+ [Tavis Ormandy and Will Drewry, Google Security Team]
+
+ *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
+ match only those. Before that, "AES256-SHA" would be interpreted
+ as a pattern and match "AES128-SHA" too (since AES128-SHA got
+ the same strength classification in 0.9.7h) as we currently only
+ have a single AES bit in the ciphersuite description bitmap.
+ That change, however, also applied to ciphersuite strings such as
+ "RC4-MD5" that intentionally matched multiple ciphersuites --
+ namely, SSL 2.0 ciphersuites in addition to the more common ones
+ from SSL 3.0/TLS 1.0.
+
+ So we change the selection algorithm again: Naming an explicit
+ ciphersuite selects this one ciphersuite, and any other similar
+ ciphersuite (same bitmap) from *other* protocol versions.
+ Thus, "RC4-MD5" again will properly select both the SSL 2.0
+ ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
+
+ Since SSL 2.0 does not have any ciphersuites for which the
+ 128/256 bit distinction would be relevant, this works for now.
+ The proper fix will be to use different bits for AES128 and
+ AES256, which would have avoided the problems from the beginning;
+ however, bits are scarce, so we can only do this in a new release
+ (not just a patchlevel) when we can change the SSL_CIPHER
+ definition to split the single 'unsigned long mask' bitmap into
+ multiple values to extend the available space.
+
+ [Bodo Moeller]
+
+ Changes between 0.9.8b and 0.9.8c [05 Sep 2006]
+
+ *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+ (CVE-2006-4339) [Ben Laurie and Google Security Team]
+
+ *) Add AES IGE and biIGE modes.
+ [Ben Laurie]
+
+ *) Change the Unix randomness entropy gathering to use poll() when
+ possible instead of select(), since the latter has some
+ undesirable limitations.
+ [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+ *) Disable "ECCdraft" ciphersuites more thoroughly. Now special
+ treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
+ cannot be implicitly activated as part of, e.g., the "AES" alias.
+ However, please upgrade to OpenSSL 0.9.9[-dev] for
+ non-experimental use of the ECC ciphersuites to get TLS extension
+ support, which is required for curve and point format negotiation
+ to avoid potential handshake problems.
+ [Bodo Moeller]
+
+ *) Disable rogue ciphersuites:
+
+ - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+ - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+ - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+ The latter two were purportedly from
+ draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+ appear there.
+
+ Also deactivate the remaining ciphersuites from
+ draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
+ unofficial, and the ID has long expired.
+ [Bodo Moeller]
+
+ *) Fix RSA blinding Heisenbug (problems sometimes occured on
+ dual-core machines) and other potential thread-safety issues.
+ [Bodo Moeller]
+
+ *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
+ versions), which is now available for royalty-free use
+ (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
+ Also, add Camellia TLS ciphersuites from RFC 4132.
+
+ To minimize changes between patchlevels in the OpenSSL 0.9.8
+ series, Camellia remains excluded from compilation unless OpenSSL
+ is configured with 'enable-camellia'.
+ [NTT]
+
+ *) Disable the padding bug check when compression is in use. The padding
+ bug check assumes the first packet is of even length, this is not
+ necessarily true if compresssion is enabled and can result in false
+ positives causing handshake failure. The actual bug test is ancient
+ code so it is hoped that implementations will either have fixed it by
+ now or any which still have the bug do not support compression.
+ [Steve Henson]
+
+ Changes between 0.9.8a and 0.9.8b [04 May 2006]
+
+ *) When applying a cipher rule check to see if string match is an explicit
+ cipher suite and only match that one cipher suite if it is.
+ [Steve Henson]
+
+ *) Link in manifests for VC++ if needed.
+ [Austin Ziegler <halostatue at gmail.com>]
+
+ *) Update support for ECC-based TLS ciphersuites according to
+ draft-ietf-tls-ecc-12.txt with proposed changes (but without
+ TLS extensions, which are supported starting with the 0.9.9
+ branch, not in the OpenSSL 0.9.8 branch).
+ [Douglas Stebila]
+
+ *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
+ opaque EVP_CIPHER_CTX handling.
+ [Steve Henson]
+
+ *) Fixes and enhancements to zlib compression code. We now only use
+ "zlib1.dll" and use the default __cdecl calling convention on Win32
+ to conform with the standards mentioned here:
+ http://www.zlib.net/DLL_FAQ.txt
+ Static zlib linking now works on Windows and the new --with-zlib-include
+ --with-zlib-lib options to Configure can be used to supply the location
+ of the headers and library. Gracefully handle case where zlib library
+ can't be loaded.
+ [Steve Henson]
+
+ *) Several fixes and enhancements to the OID generation code. The old code
+ sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
+ handle numbers larger than ULONG_MAX, truncated printing and had a
+ non standard OBJ_obj2txt() behaviour.
+ [Steve Henson]
+
+ *) Add support for building of engines under engine/ as shared libraries
+ under VC++ build system.
+ [Steve Henson]
+
+ *) Corrected the numerous bugs in the Win32 path splitter in DSO.
+ Hopefully, we will not see any false combination of paths any more.
+ [Richard Levitte]
+
+ Changes between 0.9.8 and 0.9.8a [11 Oct 2005]
+
+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+ (part of SSL_OP_ALL). This option used to disable the
+ countermeasure against man-in-the-middle protocol-version
+ rollback in the SSL 2.0 server implementation, which is a bad
+ idea. (CVE-2005-2969)
+
+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+ for Information Security, National Institute of Advanced Industrial
+ Science and Technology [AIST], Japan)]
+
+ *) Add two function to clear and return the verify parameter flags.
+ [Steve Henson]
+
+ *) Keep cipherlists sorted in the source instead of sorting them at
+ runtime, thus removing the need for a lock.
+ [Nils Larsch]
+
+ *) Avoid some small subgroup attacks in Diffie-Hellman.
+ [Nick Mathewson and Ben Laurie]
+
+ *) Add functions for well-known primes.
+ [Nick Mathewson]
+
+ *) Extended Windows CE support.
+ [Satoshi Nakamura and Andy Polyakov]
+
+ *) Initialize SSL_METHOD structures at compile time instead of during
+ runtime, thus removing the need for a lock.
+ [Steve Henson]
+
+ *) Make PKCS7_decrypt() work even if no certificate is supplied by
+ attempting to decrypt each encrypted key in turn. Add support to
+ smime utility.
+ [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.8 [05 Jul 2005]
+
+ [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
+ OpenSSL 0.9.8.]
+
+ *) Add libcrypto.pc and libssl.pc for those who feel they need them.
+ [Richard Levitte]
+
+ *) Change CA.sh and CA.pl so they don't bundle the CSR and the private
+ key into the same file any more.
+ [Richard Levitte]
+
+ *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.
+ [Andy Polyakov]
+
+ *) Add -utf8 command line and config file option to 'ca'.
+ [Stefan <stf at udoma.org]
+
+ *) Removed the macro des_crypt(), as it seems to conflict with some
+ libraries. Use DES_crypt().
+ [Richard Levitte]
+
+ *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
+ involves renaming the source and generated shared-libs for
+ both. The engines will accept the corrected or legacy ids
+ ('ncipher' and '4758_cca' respectively) when binding. NB,
+ this only applies when building 'shared'.
+ [Corinna Vinschen <vinschen at redhat.com> and Geoff Thorpe]
+
+ *) Add attribute functions to EVP_PKEY structure. Modify
+ PKCS12_create() to recognize a CSP name attribute and
+ use it. Make -CSP option work again in pkcs12 utility.
+ [Steve Henson]
+
+ *) Add new functionality to the bn blinding code:
+ - automatic re-creation of the BN_BLINDING parameters after
+ a fixed number of uses (currently 32)
+ - add new function for parameter creation
+ - introduce flags to control the update behaviour of the
+ BN_BLINDING parameters
+ - hide BN_BLINDING structure
+ Add a second BN_BLINDING slot to the RSA structure to improve
+ performance when a single RSA object is shared among several
+ threads.
+ [Nils Larsch]
+
+ *) Add support for DTLS.
+ [Nagendra Modadugu <nagendra at cs.stanford.edu> and Ben Laurie]
+
+ *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
+ to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
+ [Walter Goulet]
+
+ *) Remove buggy and incompletet DH cert support from
+ ssl/ssl_rsa.c and ssl/s3_both.c
+ [Nils Larsch]
+
+ *) Use SHA-1 instead of MD5 as the default digest algorithm for
+ the apps/openssl applications.
+ [Nils Larsch]
+
+ *) Compile clean with "-Wall -Wmissing-prototypes
+ -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
+ DEBUG_SAFESTACK must also be set.
+ [Ben Laurie]
+
+ *) Change ./Configure so that certain algorithms can be disabled by default.
+ The new counterpiece to "no-xxx" is "enable-xxx".
+
+ The patented RC5 and MDC2 algorithms will now be disabled unless
+ "enable-rc5" and "enable-mdc2", respectively, are specified.
+
+ (IDEA remains enabled despite being patented. This is because IDEA
+ is frequently required for interoperability, and there is no license
+ fee for non-commercial use. As before, "no-idea" can be used to
+ avoid this algorithm.)
+
+ [Bodo Moeller]
+
+ *) Add processing of proxy certificates (see RFC 3820). This work was
+ sponsored by KTH (The Royal Institute of Technology in Stockholm) and
+ EGEE (Enabling Grids for E-science in Europe).
+ [Richard Levitte]
+
+ *) RC4 performance overhaul on modern architectures/implementations, such
+ as Intel P4, IA-64 and AMD64.
+ [Andy Polyakov]
+
+ *) New utility extract-section.pl. This can be used specify an alternative
+ section number in a pod file instead of having to treat each file as
+ a separate case in Makefile. This can be done by adding two lines to the
+ pod file:
+
+ =for comment openssl_section:XXX
+
+ The blank line is mandatory.
+
+ [Steve Henson]
+
+ *) New arguments -certform, -keyform and -pass for s_client and s_server
+ to allow alternative format key and certificate files and passphrase
+ sources.
+ [Steve Henson]
+
+ *) New structure X509_VERIFY_PARAM which combines current verify parameters,
+ update associated structures and add various utility functions.
+
+ Add new policy related verify parameters, include policy checking in
+ standard verify code. Enhance 'smime' application with extra parameters
+ to support policy checking and print out.
+ [Steve Henson]
+
+ *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
+ Nehemiah processors. These extensions support AES encryption in hardware
+ as well as RNG (though RNG support is currently disabled).
+ [Michal Ludvig <michal at logix.cz>, with help from Andy Polyakov]
+
+ *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
+ [Geoff Thorpe]
+
+ *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
+ [Andy Polyakov and a number of other people]
+
+ *) Improved PowerPC platform support. Most notably BIGNUM assembler
+ implementation contributed by IBM.
+ [Suresh Chari, Peter Waltenberg, Andy Polyakov]
+
+ *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
+ exponent rather than 'unsigned long'. There is a corresponding change to
+ the new 'rsa_keygen' element of the RSA_METHOD structure.
+ [Jelte Jansen, Geoff Thorpe]
+
+ *) Functionality for creating the initial serial number file is now
+ moved from CA.pl to the 'ca' utility with a new option -create_serial.
+
+ (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
+ number file to 1, which is bound to cause problems. To avoid
+ the problems while respecting compatibility between different 0.9.7
+ patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in
+ CA.pl for serial number initialization. With the new release 0.9.8,
+ we can fix the problem directly in the 'ca' utility.)
+ [Steve Henson]
+
+ *) Reduced header interdepencies by declaring more opaque objects in
+ ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
+ give fewer recursive includes, which could break lazy source code - so
+ this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
+ developers should define this symbol when building and using openssl to
+ ensure they track the recommended behaviour, interfaces, [etc], but
+ backwards-compatible behaviour prevails when this isn't defined.
+ [Geoff Thorpe]
+
+ *) New function X509_POLICY_NODE_print() which prints out policy nodes.
+ [Steve Henson]
+
+ *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
+ This will generate a random key of the appropriate length based on the
+ cipher context. The EVP_CIPHER can provide its own random key generation
+ routine to support keys of a specific form. This is used in the des and
+ 3des routines to generate a key of the correct parity. Update S/MIME
+ code to use new functions and hence generate correct parity DES keys.
+ Add EVP_CHECK_DES_KEY #define to return an error if the key is not
+ valid (weak or incorrect parity).
+ [Steve Henson]
+
+ *) Add a local set of CRLs that can be used by X509_verify_cert() as well
+ as looking them up. This is useful when the verified structure may contain
+ CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
+ present unless the new PKCS7_NO_CRL flag is asserted.
+ [Steve Henson]
+
+ *) Extend ASN1 oid configuration module. It now additionally accepts the
+ syntax:
+
+ shortName = some long name, 1.2.3.4
+ [Steve Henson]
+
+ *) Reimplemented the BN_CTX implementation. There is now no more static
+ limitation on the number of variables it can handle nor the depth of the
+ "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
+ information can now expand as required, and rather than having a single
+ static array of bignums, BN_CTX now uses a linked-list of such arrays
+ allowing it to expand on demand whilst maintaining the usefulness of
+ BN_CTX's "bundling".
+ [Geoff Thorpe]
+
+ *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
+ to allow all RSA operations to function using a single BN_CTX.
+ [Geoff Thorpe]
+
+ *) Preliminary support for certificate policy evaluation and checking. This
+ is initially intended to pass the tests outlined in "Conformance Testing
+ of Relying Party Client Certificate Path Processing Logic" v1.07.
+ [Steve Henson]
+
+ *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
+ remained unused and not that useful. A variety of other little bignum
+ tweaks and fixes have also been made continuing on from the audit (see
+ below).
+ [Geoff Thorpe]
+
+ *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
+ associated ASN1, EVP and SSL functions and old ASN1 macros.
+ [Richard Levitte]
+
+ *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
+ and this should never fail. So the return value from the use of
+ BN_set_word() (which can fail due to needless expansion) is now deprecated;
+ if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
+ [Geoff Thorpe]
+
+ *) BN_CTX_get() should return zero-valued bignums, providing the same
+ initialised value as BN_new().
+ [Geoff Thorpe, suggested by Ulf M\xF6ller]
+
+ *) Support for inhibitAnyPolicy certificate extension.
+ [Steve Henson]
+
+ *) An audit of the BIGNUM code is underway, for which debugging code is
+ enabled when BN_DEBUG is defined. This makes stricter enforcements on what
+ is considered valid when processing BIGNUMs, and causes execution to
+ assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
+ further steps are taken to deliberately pollute unused data in BIGNUM
+ structures to try and expose faulty code further on. For now, openssl will
+ (in its default mode of operation) continue to tolerate the inconsistent
+ forms that it has tolerated in the past, but authors and packagers should
+ consider trying openssl and their own applications when compiled with
+ these debugging symbols defined. It will help highlight potential bugs in
+ their own code, and will improve the test coverage for OpenSSL itself. At
+ some point, these tighter rules will become openssl's default to improve
+ maintainability, though the assert()s and other overheads will remain only
+ in debugging configurations. See bn.h for more details.
+ [Geoff Thorpe, Nils Larsch, Ulf M\xF6ller]
+
+ *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
+ that can only be obtained through BN_CTX_new() (which implicitly
+ initialises it). The presence of this function only made it possible
+ to overwrite an existing structure (and cause memory leaks).
+ [Geoff Thorpe]
+
+ *) Because of the callback-based approach for implementing LHASH as a
+ template type, lh_insert() adds opaque objects to hash-tables and
+ lh_doall() or lh_doall_arg() are typically used with a destructor callback
+ to clean up those corresponding objects before destroying the hash table
+ (and losing the object pointers). So some over-zealous constifications in
+ LHASH have been relaxed so that lh_insert() does not take (nor store) the
+ objects as "const" and the lh_doall[_arg] callback wrappers are not
+ prototyped to have "const" restrictions on the object pointers they are
+ given (and so aren't required to cast them away any more).
+ [Geoff Thorpe]
+
+ *) The tmdiff.h API was so ugly and minimal that our own timing utility
+ (speed) prefers to use its own implementation. The two implementations
+ haven't been consolidated as yet (volunteers?) but the tmdiff API has had
+ its object type properly exposed (MS_TM) instead of casting to/from "char
+ *". This may still change yet if someone realises MS_TM and "ms_time_***"
+ aren't necessarily the greatest nomenclatures - but this is what was used
+ internally to the implementation so I've used that for now.
+ [Geoff Thorpe]
+
+ *) Ensure that deprecated functions do not get compiled when
+ OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
+ the self-tests were still using deprecated key-generation functions so
+ these have been updated also.
+ [Geoff Thorpe]
+
+ *) Reorganise PKCS#7 code to separate the digest location functionality
+ into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
+ New function PKCS7_set_digest() to set the digest type for PKCS#7
+ digestedData type. Add additional code to correctly generate the
+ digestedData type and add support for this type in PKCS7 initialization
+ functions.
+ [Steve Henson]
+
+ *) New function PKCS7_set0_type_other() this initializes a PKCS7
+ structure of type "other".
+ [Steve Henson]
+
+ *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
+ sure the loop does correctly stop and breaking ("division by zero")
+ modulus operations are not performed. The (pre-generated) prime
+ table crypto/bn/bn_prime.h was already correct, but it could not be
+ re-generated on some platforms because of the "division by zero"
+ situation in the script.
+ [Ralf S. Engelschall]
+
+ *) Update support for ECC-based TLS ciphersuites according to
+ draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
+ SHA-1 now is only used for "small" curves (where the
+ representation of a field element takes up to 24 bytes); for
+ larger curves, the field element resulting from ECDH is directly
+ used as premaster secret.
+ [Douglas Stebila (Sun Microsystems Laboratories)]
+
+ *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
+ curve secp160r1 to the tests.
+ [Douglas Stebila (Sun Microsystems Laboratories)]
+
+ *) Add the possibility to load symbols globally with DSO.
+ [G\xF6tz Babin-Ebell <babin-ebell at trustcenter.de> via Richard Levitte]
+
+ *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
+ control of the error stack.
+ [Richard Levitte]
+
+ *) Add support for STORE in ENGINE.
+ [Richard Levitte]
+
+ *) Add the STORE type. The intention is to provide a common interface
+ to certificate and key stores, be they simple file-based stores, or
+ HSM-type store, or LDAP stores, or...
+ NOTE: The code is currently UNTESTED and isn't really used anywhere.
+ [Richard Levitte]
+
+ *) Add a generic structure called OPENSSL_ITEM. This can be used to
+ pass a list of arguments to any function as well as provide a way
+ for a function to pass data back to the caller.
+ [Richard Levitte]
+
+ *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup()
+ works like BUF_strdup() but can be used to duplicate a portion of
+ a string. The copy gets NUL-terminated. BUF_memdup() duplicates
+ a memory area.
+ [Richard Levitte]
+
+ *) Add the function sk_find_ex() which works like sk_find(), but will
+ return an index to an element even if an exact match couldn't be
+ found. The index is guaranteed to point at the element where the
+ searched-for key would be inserted to preserve sorting order.
+ [Richard Levitte]
+
+ *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
+ takes an extra flags argument for optional functionality. Currently,
+ the following flags are defined:
+
+ OBJ_BSEARCH_VALUE_ON_NOMATCH
+ This one gets OBJ_bsearch_ex() to return a pointer to the first
+ element where the comparing function returns a negative or zero
+ number.
+
+ OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
+ This one gets OBJ_bsearch_ex() to return a pointer to the first
+ element where the comparing function returns zero. This is useful
+ if there are more than one element where the comparing function
+ returns zero.
+ [Richard Levitte]
+
+ *) Make it possible to create self-signed certificates with 'openssl ca'
+ in such a way that the self-signed certificate becomes part of the
+ CA database and uses the same mechanisms for serial number generation
+ as all other certificate signing. The new flag '-selfsign' enables
+ this functionality. Adapt CA.sh and CA.pl.in.
+ [Richard Levitte]
+
+ *) Add functionality to check the public key of a certificate request
+ against a given private. This is useful to check that a certificate
+ request can be signed by that key (self-signing).
+ [Richard Levitte]
+
+ *) Make it possible to have multiple active certificates with the same
+ subject in the CA index file. This is done only if the keyword
+ 'unique_subject' is set to 'no' in the main CA section (default
+ if 'CA_default') of the configuration file. The value is saved
+ with the database itself in a separate index attribute file,
+ named like the index file with '.attr' appended to the name.
+ [Richard Levitte]
+
+ *) Generate muti valued AVAs using '+' notation in config files for
+ req and dirName.
+ [Steve Henson]
+
+ *) Support for nameConstraints certificate extension.
+ [Steve Henson]
+
+ *) Support for policyConstraints certificate extension.
+ [Steve Henson]
+
+ *) Support for policyMappings certificate extension.
+ [Steve Henson]
+
+ *) Make sure the default DSA_METHOD implementation only uses its
+ dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
+ and change its own handlers to be NULL so as to remove unnecessary
+ indirection. This lets alternative implementations fallback to the
+ default implementation more easily.
+ [Geoff Thorpe]
+
+ *) Support for directoryName in GeneralName related extensions
+ in config files.
+ [Steve Henson]
+
+ *) Make it possible to link applications using Makefile.shared.
+ Make that possible even when linking against static libraries!
+ [Richard Levitte]
+
+ *) Support for single pass processing for S/MIME signing. This now
+ means that S/MIME signing can be done from a pipe, in addition
+ cleartext signing (multipart/signed type) is effectively streaming
+ and the signed data does not need to be all held in memory.
+
+ This is done with a new flag PKCS7_STREAM. When this flag is set
+ PKCS7_sign() only initializes the PKCS7 structure and the actual signing
+ is done after the data is output (and digests calculated) in
+ SMIME_write_PKCS7().
+ [Steve Henson]
+
+ *) Add full support for -rpath/-R, both in shared libraries and
+ applications, at least on the platforms where it's known how
+ to do it.
+ [Richard Levitte]
+
+ *) In crypto/ec/ec_mult.c, implement fast point multiplication with
+ precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
+ will now compute a table of multiples of the generator that
+ makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
+ faster (notably in the case of a single point multiplication,
+ scalar * generator).
+ [Nils Larsch, Bodo Moeller]
+
+ *) IPv6 support for certificate extensions. The various extensions
+ which use the IP:a.b.c.d can now take IPv6 addresses using the
+ formats of RFC1884 2.2 . IPv6 addresses are now also displayed
+ correctly.
+ [Steve Henson]
+
+ *) Added an ENGINE that implements RSA by performing private key
+ exponentiations with the GMP library. The conversions to and from
+ GMP's mpz_t format aren't optimised nor are any montgomery forms
+ cached, and on x86 it appears OpenSSL's own performance has caught up.
+ However there are likely to be other architectures where GMP could
+ provide a boost. This ENGINE is not built in by default, but it can be
+ specified at Configure time and should be accompanied by the necessary
+ linker additions, eg;
+ ./config -DOPENSSL_USE_GMP -lgmp
+ [Geoff Thorpe]
+
+ *) "openssl engine" will not display ENGINE/DSO load failure errors when
+ testing availability of engines with "-t" - the old behaviour is
+ produced by increasing the feature's verbosity with "-tt".
+ [Geoff Thorpe]
+
+ *) ECDSA routines: under certain error conditions uninitialized BN objects
+ could be freed. Solution: make sure initialization is performed early
+ enough. (Reported and fix supplied by Nils Larsch <nla at trustcenter.de>
+ via PR#459)
+ [Lutz Jaenicke]
+
+ *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
+ and DH_METHOD (eg. by ENGINE implementations) to override the normal
+ software implementations. For DSA and DH, parameter generation can
+ also be overriden by providing the appropriate method callbacks.
+ [Geoff Thorpe]
+
+ *) Change the "progress" mechanism used in key-generation and
+ primality testing to functions that take a new BN_GENCB pointer in
+ place of callback/argument pairs. The new API functions have "_ex"
+ postfixes and the older functions are reimplemented as wrappers for
+ the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
+ declarations of the old functions to help (graceful) attempts to
+ migrate to the new functions. Also, the new key-generation API
+ functions operate on a caller-supplied key-structure and return
+ success/failure rather than returning a key or NULL - this is to
+ help make "keygen" another member function of RSA_METHOD etc.
+
+ Example for using the new callback interface:
+
+ int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
+ void *my_arg = ...;
+ BN_GENCB my_cb;
+
+ BN_GENCB_set(&my_cb, my_callback, my_arg);
+
+ return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
+ /* For the meaning of a, b in calls to my_callback(), see the
+ * documentation of the function that calls the callback.
+ * cb will point to my_cb; my_arg can be retrieved as cb->arg.
+ * my_callback should return 1 if it wants BN_is_prime_ex()
+ * to continue, or 0 to stop.
+ */
+
+ [Geoff Thorpe]
+
+ *) Change the ZLIB compression method to be stateful, and make it
+ available to TLS with the number defined in
+ draft-ietf-tls-compression-04.txt.
+ [Richard Levitte]
+
+ *) Add the ASN.1 structures and functions for CertificatePair, which
+ is defined as follows (according to X.509_4thEditionDraftV6.pdf):
+
+ CertificatePair ::= SEQUENCE {
+ forward [0] Certificate OPTIONAL,
+ reverse [1] Certificate OPTIONAL,
+ -- at least one of the pair shall be present -- }
+
+ Also implement the PEM functions to read and write certificate
+ pairs, and defined the PEM tag as "CERTIFICATE PAIR".
+
+ This needed to be defined, mostly for the sake of the LDAP
+ attribute crossCertificatePair, but may prove useful elsewhere as
+ well.
+ [Richard Levitte]
+
+ *) Make it possible to inhibit symlinking of shared libraries in
+ Makefile.shared, for Cygwin's sake.
+ [Richard Levitte]
+
+ *) Extend the BIGNUM API by creating a function
+ void BN_set_negative(BIGNUM *a, int neg);
+ and a macro that behave like
+ int BN_is_negative(const BIGNUM *a);
+
+ to avoid the need to access 'a->neg' directly in applications.
+ [Nils Larsch]
+
+ *) Implement fast modular reduction for pseudo-Mersenne primes
+ used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
+ EC_GROUP_new_curve_GFp() will now automatically use this
+ if applicable.
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Add new lock type (CRYPTO_LOCK_BN).
+ [Bodo Moeller]
+
+ *) Change the ENGINE framework to automatically load engines
+ dynamically from specific directories unless they could be
+ found to already be built in or loaded. Move all the
+ current engines except for the cryptodev one to a new
+ directory engines/.
+ The engines in engines/ are built as shared libraries if
+ the "shared" options was given to ./Configure or ./config.
+ Otherwise, they are inserted in libcrypto.a.
+ /usr/local/ssl/engines is the default directory for dynamic
+ engines, but that can be overriden at configure time through
+ the usual use of --prefix and/or --openssldir, and at run
+ time with the environment variable OPENSSL_ENGINES.
+ [Geoff Thorpe and Richard Levitte]
+
+ *) Add Makefile.shared, a helper makefile to build shared
+ libraries. Addapt Makefile.org.
+ [Richard Levitte]
+
+ *) Add version info to Win32 DLLs.
+ [Peter 'Luna' Runestig" <peter at runestig.com>]
+
+ *) Add new 'medium level' PKCS#12 API. Certificates and keys
+ can be added using this API to created arbitrary PKCS#12
+ files while avoiding the low level API.
+
+ New options to PKCS12_create(), key or cert can be NULL and
+ will then be omitted from the output file. The encryption
+ algorithm NIDs can be set to -1 for no encryption, the mac
+ iteration count can be set to 0 to omit the mac.
+
+ Enhance pkcs12 utility by making the -nokeys and -nocerts
+ options work when creating a PKCS#12 file. New option -nomac
+ to omit the mac, NONE can be set for an encryption algorithm.
+ New code is modified to use the enhanced PKCS12_create()
+ instead of the low level API.
+ [Steve Henson]
+
+ *) Extend ASN1 encoder to support indefinite length constructed
+ encoding. This can output sequences tags and octet strings in
+ this form. Modify pk7_asn1.c to support indefinite length
+ encoding. This is experimental and needs additional code to
+ be useful, such as an ASN1 bio and some enhanced streaming
+ PKCS#7 code.
+
+ Extend template encode functionality so that tagging is passed
+ down to the template encoder.
+ [Steve Henson]
+
+ *) Let 'openssl req' fail if an argument to '-newkey' is not
+ recognized instead of using RSA as a default.
+ [Bodo Moeller]
+
+ *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
+ As these are not official, they are not included in "ALL";
+ the "ECCdraft" ciphersuite group alias can be used to select them.
+ [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
+
+ *) Add ECDH engine support.
+ [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
+
+ *) Add ECDH in new directory crypto/ecdh/.
+ [Douglas Stebila (Sun Microsystems Laboratories)]
+
+ *) Let BN_rand_range() abort with an error after 100 iterations
+ without success (which indicates a broken PRNG).
+ [Bodo Moeller]
+
+ *) Change BN_mod_sqrt() so that it verifies that the input value
+ is really the square of the return value. (Previously,
+ BN_mod_sqrt would show GIGO behaviour.)
+ [Bodo Moeller]
+
+ *) Add named elliptic curves over binary fields from X9.62, SECG,
+ and WAP/WTLS; add OIDs that were still missing.
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) Extend the EC library for elliptic curves over binary fields
+ (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
+ New EC_METHOD:
+
+ EC_GF2m_simple_method
+
+ New API functions:
+
+ EC_GROUP_new_curve_GF2m
+ EC_GROUP_set_curve_GF2m
+ EC_GROUP_get_curve_GF2m
+ EC_POINT_set_affine_coordinates_GF2m
+ EC_POINT_get_affine_coordinates_GF2m
+ EC_POINT_set_compressed_coordinates_GF2m
+
+ Point compression for binary fields is disabled by default for
+ patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
+ enable it).
+
+ As binary polynomials are represented as BIGNUMs, various members
+ of the EC_GROUP and EC_POINT data structures can be shared
+ between the implementations for prime fields and binary fields;
+ the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
+ are essentially identical to their ..._GFp counterparts.
+ (For simplicity, the '..._GFp' prefix has been dropped from
+ various internal method names.)
+
+ An internal 'field_div' method (similar to 'field_mul' and
+ 'field_sqr') has been added; this is used only for binary fields.
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
+ through methods ('mul', 'precompute_mult').
+
+ The generic implementations (now internally called 'ec_wNAF_mul'
+ and 'ec_wNAF_precomputed_mult') remain the default if these
+ methods are undefined.
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) New function EC_GROUP_get_degree, which is defined through
+ EC_METHOD. For curves over prime fields, this returns the bit
+ length of the modulus.
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) New functions EC_GROUP_dup, EC_POINT_dup.
+ (These simply call ..._new and ..._copy).
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
+ Polynomials are represented as BIGNUMs (where the sign bit is not
+ used) in the following functions [macros]:
+
+ BN_GF2m_add
+ BN_GF2m_sub [= BN_GF2m_add]
+ BN_GF2m_mod [wrapper for BN_GF2m_mod_arr]
+ BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr]
+ BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr]
+ BN_GF2m_mod_inv
+ BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr]
+ BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr]
+ BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr]
+ BN_GF2m_cmp [= BN_ucmp]
+
+ (Note that only the 'mod' functions are actually for fields GF(2^m).
+ BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
+
+ For some functions, an the irreducible polynomial defining a
+ field can be given as an 'unsigned int[]' with strictly
+ decreasing elements giving the indices of those bits that are set;
+ i.e., p[] represents the polynomial
+ f(t) = t^p[0] + t^p[1] + ... + t^p[k]
+ where
+ p[0] > p[1] > ... > p[k] = 0.
+ This applies to the following functions:
+
+ BN_GF2m_mod_arr
+ BN_GF2m_mod_mul_arr
+ BN_GF2m_mod_sqr_arr
+ BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv]
+ BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div]
+ BN_GF2m_mod_exp_arr
+ BN_GF2m_mod_sqrt_arr
+ BN_GF2m_mod_solve_quad_arr
+ BN_GF2m_poly2arr
+ BN_GF2m_arr2poly
+
+ Conversion can be performed by the following functions:
+
+ BN_GF2m_poly2arr
+ BN_GF2m_arr2poly
+
+ bntest.c has additional tests for binary polynomial arithmetic.
+
+ Two implementations for BN_GF2m_mod_div() are available.
+ The default algorithm simply uses BN_GF2m_mod_inv() and
+ BN_GF2m_mod_mul(). The alternative algorithm is compiled in only
+ if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
+ copyright notice in crypto/bn/bn_gf2m.c before enabling it).
+
+ [Sheueling Chang Shantz and Douglas Stebila
+ (Sun Microsystems Laboratories)]
+
+ *) Add new error code 'ERR_R_DISABLED' that can be used when some
+ functionality is disabled at compile-time.
+ [Douglas Stebila <douglas.stebila at sun.com>]
+
+ *) Change default behaviour of 'openssl asn1parse' so that more
+ information is visible when viewing, e.g., a certificate:
+
+ Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
+ mode the content of non-printable OCTET STRINGs is output in a
+ style similar to INTEGERs, but with '[HEX DUMP]' prepended to
+ avoid the appearance of a printable string.
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
+ functions
+ EC_GROUP_set_asn1_flag()
+ EC_GROUP_get_asn1_flag()
+ EC_GROUP_set_point_conversion_form()
+ EC_GROUP_get_point_conversion_form()
+ These control ASN1 encoding details:
+ - Curves (i.e., groups) are encoded explicitly unless asn1_flag
+ has been set to OPENSSL_EC_NAMED_CURVE.
+ - Points are encoded in uncompressed form by default; options for
+ asn1_for are as for point2oct, namely
+ POINT_CONVERSION_COMPRESSED
+ POINT_CONVERSION_UNCOMPRESSED
+ POINT_CONVERSION_HYBRID
+
+ Also add 'seed' and 'seed_len' members to EC_GROUP with access
+ functions
+ EC_GROUP_set_seed()
+ EC_GROUP_get0_seed()
+ EC_GROUP_get_seed_len()
+ This is used only for ASN1 purposes (so far).
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Add 'field_type' member to EC_METHOD, which holds the NID
+ of the appropriate field type OID. The new function
+ EC_METHOD_get_field_type() returns this value.
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Add functions
+ EC_POINT_point2bn()
+ EC_POINT_bn2point()
+ EC_POINT_point2hex()
+ EC_POINT_hex2point()
+ providing useful interfaces to EC_POINT_point2oct() and
+ EC_POINT_oct2point().
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Change internals of the EC library so that the functions
+ EC_GROUP_set_generator()
+ EC_GROUP_get_generator()
+ EC_GROUP_get_order()
+ EC_GROUP_get_cofactor()
+ are implemented directly in crypto/ec/ec_lib.c and not dispatched
+ to methods, which would lead to unnecessary code duplication when
+ adding different types of curves.
+ [Nils Larsch <nla at trustcenter.de> with input by Bodo Moeller]
+
+ *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
+ arithmetic, and such that modified wNAFs are generated
+ (which avoid length expansion in many cases).
+ [Bodo Moeller]
+
+ *) Add a function EC_GROUP_check_discriminant() (defined via
+ EC_METHOD) that verifies that the curve discriminant is non-zero.
+
+ Add a function EC_GROUP_check() that makes some sanity tests
+ on a EC_GROUP, its generator and order. This includes
+ EC_GROUP_check_discriminant().
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Add ECDSA in new directory crypto/ecdsa/.
+
+ Add applications 'openssl ecparam' and 'openssl ecdsa'
+ (these are based on 'openssl dsaparam' and 'openssl dsa').
+
+ ECDSA support is also included in various other files across the
+ library. Most notably,
+ - 'openssl req' now has a '-newkey ecdsa:file' option;
+ - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
+ - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
+ d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
+ them suitable for ECDSA where domain parameters must be
+ extracted before the specific public key;
+ - ECDSA engine support has been added.
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Include some named elliptic curves, and add OIDs from X9.62,
+ SECG, and WAP/WTLS. Each curve can be obtained from the new
+ function
+ EC_GROUP_new_by_curve_name(),
+ and the list of available named curves can be obtained with
+ EC_get_builtin_curves().
+ Also add a 'curve_name' member to EC_GROUP objects, which can be
+ accessed via
+ EC_GROUP_set_curve_name()
+ EC_GROUP_get_curve_name()
+ [Nils Larsch <larsch at trustcenter.de, Bodo Moeller]
+
+ *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+ was actually never needed) and in BN_mul(). The removal in BN_mul()
+ required a small change in bn_mul_part_recursive() and the addition
+ of the functions bn_cmp_part_words(), bn_sub_part_words() and
+ bn_add_part_words(), which do the same thing as bn_cmp_words(),
+ bn_sub_words() and bn_add_words() except they take arrays with
+ differing sizes.
+ [Richard Levitte]
+
+ Changes between 0.9.7l and 0.9.7m [23 Feb 2007]
+
+ *) Cleanse PEM buffers before freeing them since they may contain
+ sensitive data.
+ [Benjamin Bennett <ben at psc.edu>]
+
+ *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+ a ciphersuite string such as "DEFAULT:RSA" cannot enable
+ authentication-only ciphersuites.
+ [Bodo Moeller]
+
+ *) Since AES128 and AES256 share a single mask bit in the logic of
+ ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+ kludge to work properly if AES128 is available and AES256 isn't.
+ [Victor Duchovni]
+
+ *) Expand security boundary to match 1.1.1 module.
+ [Steve Henson]
+
+ *) Remove redundant features: hash file source, editing of test vectors
+ modify fipsld to use external fips_premain.c signature.
+ [Steve Henson]
+
+ *) New perl script mkfipsscr.pl to create shell scripts or batch files to
+ run algorithm test programs.
+ [Steve Henson]
+
+ *) Make algorithm test programs more tolerant of whitespace.
+ [Steve Henson]
+
+ *) Have SSL/TLS server implementation tolerate "mismatched" record
+ protocol version while receiving ClientHello even if the
+ ClientHello is fragmented. (The server can't insist on the
+ particular protocol version it has chosen before the ServerHello
+ message has informed the client about his choice.)
+ [Bodo Moeller]
+
+ *) Load error codes if they are not already present instead of using a
+ static variable. This allows them to be cleanly unloaded and reloaded.
+ [Steve Henson]
+
+ Changes between 0.9.7k and 0.9.7l [28 Sep 2006]
+
+ *) Introduce limits to prevent malicious keys being able to
+ cause a denial of service. (CVE-2006-2940)
+ [Steve Henson, Bodo Moeller]
+
+ *) Fix ASN.1 parsing of certain invalid structures that can result
+ in a denial of service. (CVE-2006-2937) [Steve Henson]
+
+ *) Fix buffer overflow in SSL_get_shared_ciphers() function.
+ (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+ *) Fix SSL client code which could crash if connecting to a
+ malicious SSLv2 server. (CVE-2006-4343)
+ [Tavis Ormandy and Will Drewry, Google Security Team]
+
+ *) Change ciphersuite string processing so that an explicit
+ ciphersuite selects this one ciphersuite (so that "AES256-SHA"
+ will no longer include "AES128-SHA"), and any other similar
+ ciphersuite (same bitmap) from *other* protocol versions (so that
+ "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
+ SSL 3.0/TLS 1.0 ciphersuite). This is a backport combining
+ changes from 0.9.8b and 0.9.8d.
+ [Bodo Moeller]
+
+ Changes between 0.9.7j and 0.9.7k [05 Sep 2006]
+
+ *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+ (CVE-2006-4339) [Ben Laurie and Google Security Team]
+
+ *) Change the Unix randomness entropy gathering to use poll() when
+ possible instead of select(), since the latter has some
+ undesirable limitations.
+ [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+ *) Disable rogue ciphersuites:
+
+ - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+ - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+ - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+ The latter two were purportedly from
+ draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+ appear there.
+
+ Also deactive the remaining ciphersuites from
+ draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
+ unofficial, and the ID has long expired.
+ [Bodo Moeller]
+
+ *) Fix RSA blinding Heisenbug (problems sometimes occured on
+ dual-core machines) and other potential thread-safety issues.
+ [Bodo Moeller]
+
+ Changes between 0.9.7i and 0.9.7j [04 May 2006]
+
+ *) Adapt fipsld and the build system to link against the validated FIPS
+ module in FIPS mode.
+ [Steve Henson]
+
+ *) Fixes for VC++ 2005 build under Windows.
+ [Steve Henson]
+
+ *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make
+ from a Windows bash shell such as MSYS. It is autodetected from the
+ "config" script when run from a VC++ environment. Modify standard VC++
+ build to use fipscanister.o from the GNU make build.
+ [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.7i [14 Oct 2005]
+
+ *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
+ The value now differs depending on if you build for FIPS or not.
+ BEWARE! A program linked with a shared FIPSed libcrypto can't be
+ safely run with a non-FIPSed libcrypto, as it may crash because of
+ the difference induced by this change.
+ [Andy Polyakov]
+
+ Changes between 0.9.7g and 0.9.7h [11 Oct 2005]
+
+ *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+ (part of SSL_OP_ALL). This option used to disable the
+ countermeasure against man-in-the-middle protocol-version
+ rollback in the SSL 2.0 server implementation, which is a bad
+ idea. (CVE-2005-2969)
+
+ [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+ for Information Security, National Institute of Advanced Industrial
+ Science and Technology [AIST], Japan)]
+
+ *) Minimal support for X9.31 signatures and PSS padding modes. This is
+ mainly for FIPS compliance and not fully integrated at this stage.
+ [Steve Henson]
+
+ *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
+ the exponentiation using a fixed-length exponent. (Otherwise,
+ the information leaked through timing could expose the secret key
+ after many signatures; cf. Bleichenbacher's attack on DSA with
+ biased k.)
+ [Bodo Moeller]
+
+ *) Make a new fixed-window mod_exp implementation the default for
+ RSA, DSA, and DH private-key operations so that the sequence of
+ squares and multiplies and the memory access pattern are
+ independent of the particular secret key. This will mitigate
+ cache-timing and potential related attacks.
+
+ BN_mod_exp_mont_consttime() is the new exponentiation implementation,
+ and this is automatically used by BN_mod_exp_mont() if the new flag
+ BN_FLG_EXP_CONSTTIME is set for the exponent. RSA, DSA, and DH
+ will use this BN flag for private exponents unless the flag
+ RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
+ DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
+
+ [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
+
+ *) Change the client implementation for SSLv23_method() and
+ SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
+ Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
+ (Previously, the SSL 2.0 backwards compatible Client Hello
+ message format would be used even with SSL_OP_NO_SSLv2.)
+ [Bodo Moeller]
+
+ *) Add support for smime-type MIME parameter in S/MIME messages which some
+ clients need.
+ [Steve Henson]
+
+ *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
+ a threadsafe manner. Modify rsa code to use new function and add calls
+ to dsa and dh code (which had race conditions before).
+ [Steve Henson]
+
+ *) Include the fixed error library code in the C error file definitions
+ instead of fixing them up at runtime. This keeps the error code
+ structures constant.
+ [Steve Henson]
+
+ Changes between 0.9.7f and 0.9.7g [11 Apr 2005]
+
+ [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+ OpenSSL 0.9.8.]
+
+ *) Fixes for newer kerberos headers. NB: the casts are needed because
+ the 'length' field is signed on one version and unsigned on another
+ with no (?) obvious way to tell the difference, without these VC++
+ complains. Also the "definition" of FAR (blank) is no longer included
+ nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
+ some needed definitions.
+ [Steve Henson]
+
+ *) Undo Cygwin change.
+ [Ulf M\xF6ller]
+
+ *) Added support for proxy certificates according to RFC 3820.
+ Because they may be a security thread to unaware applications,
+ they must be explicitely allowed in run-time. See
+ docs/HOWTO/proxy_certificates.txt for further information.
+ [Richard Levitte]
+
+ Changes between 0.9.7e and 0.9.7f [22 Mar 2005]
+
+ *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
+ server and client random values. Previously
+ (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
+ less random data when sizeof(time_t) > 4 (some 64 bit platforms).
+
+ This change has negligible security impact because:
+
+ 1. Server and client random values still have 24 bytes of pseudo random
+ data.
+
+ 2. Server and client random values are sent in the clear in the initial
+ handshake.
+
+ 3. The master secret is derived using the premaster secret (48 bytes in
+ size for static RSA ciphersuites) as well as client server and random
+ values.
+
+ The OpenSSL team would like to thank the UK NISCC for bringing this issue
+ to our attention.
+
+ [Stephen Henson, reported by UK NISCC]
+
+ *) Use Windows randomness collection on Cygwin.
+ [Ulf M\xF6ller]
+
+ *) Fix hang in EGD/PRNGD query when communication socket is closed
+ prematurely by EGD/PRNGD.
+ [Darren Tucker <dtucker at zip.com.au> via Lutz J\xE4nicke, resolves #1014]
+
+ *) Prompt for pass phrases when appropriate for PKCS12 input format.
+ [Steve Henson]
+
+ *) Back-port of selected performance improvements from development
+ branch, as well as improved support for PowerPC platforms.
+ [Andy Polyakov]
+
+ *) Add lots of checks for memory allocation failure, error codes to indicate
+ failure and freeing up memory if a failure occurs.
+ [Nauticus Networks SSL Team <openssl at nauticusnet.com>, Steve Henson]
+
+ *) Add new -passin argument to dgst.
+ [Steve Henson]
+
+ *) Perform some character comparisons of different types in X509_NAME_cmp:
+ this is needed for some certificates that reencode DNs into UTF8Strings
+ (in violation of RFC3280) and can't or wont issue name rollover
+ certificates.
+ [Steve Henson]
+
+ *) Make an explicit check during certificate validation to see that
+ the CA setting in each certificate on the chain is correct. As a
+ side effect always do the following basic checks on extensions,
+ not just when there's an associated purpose to the check:
+
+ - if there is an unhandled critical extension (unless the user
+ has chosen to ignore this fault)
+ - if the path length has been exceeded (if one is set at all)
+ - that certain extensions fit the associated purpose (if one has
+ been given)
+ [Richard Levitte]
+
+ Changes between 0.9.7d and 0.9.7e [25 Oct 2004]
+
+ *) Avoid a race condition when CRLs are checked in a multi threaded
+ environment. This would happen due to the reordering of the revoked
+ entries during signature checking and serial number lookup. Now the
+ encoding is cached and the serial number sort performed under a lock.
+ Add new STACK function sk_is_sorted().
+ [Steve Henson]
+
+ *) Add Delta CRL to the extension code.
+ [Steve Henson]
+
+ *) Various fixes to s3_pkt.c so alerts are sent properly.
+ [David Holmes <d.holmes at f5.com>]
+
+ *) Reduce the chances of duplicate issuer name and serial numbers (in
+ violation of RFC3280) using the OpenSSL certificate creation utilities.
+ This is done by creating a random 64 bit value for the initial serial
+ number when a serial number file is created or when a self signed
+ certificate is created using 'openssl req -x509'. The initial serial
+ number file is created using 'openssl x509 -next_serial' in CA.pl
+ rather than being initialized to 1.
+ [Steve Henson]
+
+ Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
+
+ *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+ by using the Codenomicon TLS Test Tool (CVE-2004-0079)
+ [Joe Orton, Steve Henson]
+
+ *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
+ (CVE-2004-0112)
+ [Joe Orton, Steve Henson]
+
+ *) Make it possible to have multiple active certificates with the same
+ subject in the CA index file. This is done only if the keyword
+ 'unique_subject' is set to 'no' in the main CA section (default
+ if 'CA_default') of the configuration file. The value is saved
+ with the database itself in a separate index attribute file,
+ named like the index file with '.attr' appended to the name.
+ [Richard Levitte]
+
+ *) X509 verify fixes. Disable broken certificate workarounds when
+ X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
+ keyUsage extension present. Don't accept CRLs with unhandled critical
+ extensions: since verify currently doesn't process CRL extensions this
+ rejects a CRL with *any* critical extensions. Add new verify error codes
+ for these cases.
+ [Steve Henson]
+
+ *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
+ A clarification of RFC2560 will require the use of OCTET STRINGs and
+ some implementations cannot handle the current raw format. Since OpenSSL
+ copies and compares OCSP nonces as opaque blobs without any attempt at
+ parsing them this should not create any compatibility issues.
+ [Steve Henson]
+
+ *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
+ calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
+ this HMAC (and other) operations are several times slower than OpenSSL
+ < 0.9.7.
+ [Steve Henson]
+
+ *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
+ [Peter Sylvester <Peter.Sylvester at EdelWeb.fr>]
+
+ *) Use the correct content when signing type "other".
+ [Steve Henson]
+
+ Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
+
+ *) Fix various bugs revealed by running the NISCC test suite:
+
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CVE-2003-0543 and CVE-2003-0544).
+
+ Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
+
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+
+ [Steve Henson]
+
+ *) New -ignore_err option in ocsp application to stop the server
+ exiting on the first error in a request.
+ [Steve Henson]
+
+ *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+ if the server requested one: as stated in TLS 1.0 and SSL 3.0
+ specifications.
+ [Steve Henson]
+
+ *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+ extra data after the compression methods not only for TLS 1.0
+ but also for SSL 3.0 (as required by the specification).
+ [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+ *) Change X509_certificate_type() to mark the key as exported/exportable
+ when it's 512 *bits* long, not 512 bytes.
+ [Richard Levitte]
+
+ *) Change AES_cbc_encrypt() so it outputs exact multiple of
+ blocks during encryption.
+ [Richard Levitte]
+
+ *) Various fixes to base64 BIO and non blocking I/O. On write
+ flushes were not handled properly if the BIO retried. On read
+ data was not being buffered properly and had various logic bugs.
+ This also affects blocking I/O when the data being decoded is a
+ certain size.
+ [Steve Henson]
+
+ *) Various S/MIME bugfixes and compatibility changes:
+ output correct application/pkcs7 MIME type if
+ PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
+ Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
+ of files as .eml work). Correctly handle very long lines in MIME
+ parser.
+ [Steve Henson]
+
+ Changes between 0.9.7a and 0.9.7b [10 Apr 2003]
+
+ *) Countermeasure against the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+ a protocol version number mismatch like a decryption error
+ in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+ [Bodo Moeller]
+
+ *) Turn on RSA blinding by default in the default implementation
+ to avoid a timing attack. Applications that don't want it can call
+ RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+ They would be ill-advised to do so in most cases.
+ [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+ *) Change RSA blinding code so that it works when the PRNG is not
+ seeded (in this case, the secret RSA exponent is abused as
+ an unpredictable seed -- if it is not unpredictable, there
+ is no point in blinding anyway). Make RSA blinding thread-safe
+ by remembering the creator's thread ID in rsa->blinding and
+ having all other threads use local one-time blinding factors
+ (this requires more computation than sharing rsa->blinding, but
+ avoids excessive locking; and if an RSA object is not shared
+ between threads, blinding will still be very fast).
+ [Bodo Moeller]
+
+ *) Fixed a typo bug that would cause ENGINE_set_default() to set an
+ ENGINE as defaults for all supported algorithms irrespective of
+ the 'flags' parameter. 'flags' is now honoured, so applications
+ should make sure they are passing it correctly.
+ [Geoff Thorpe]
+
+ *) Target "mingw" now allows native Windows code to be generated in
+ the Cygwin environment as well as with the MinGW compiler.
+ [Ulf Moeller]
+
+ Changes between 0.9.7 and 0.9.7a [19 Feb 2003]
+
+ *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+ via timing by performing a MAC computation even if incorrrect
+ block cipher padding has been found. This is a countermeasure
+ against active attacks where the attacker has to distinguish
+ between bad padding and a MAC verification error. (CVE-2003-0078)
+
+ [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+ Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+ Martin Vuagnoux (EPFL, Ilion)]
+
+ *) Make the no-err option work as intended. The intention with no-err
+ is not to have the whole error stack handling routines removed from
+ libcrypto, it's only intended to remove all the function name and
+ reason texts, thereby removing some of the footprint that may not
+ be interesting if those errors aren't displayed anyway.
+
+ NOTE: it's still possible for any application or module to have it's
+ own set of error texts inserted. The routines are there, just not
+ used by default when no-err is given.
+ [Richard Levitte]
+
+ *) Add support for FreeBSD on IA64.
+ [dirk.meyer at dinoex.sub.org via Richard Levitte, resolves #454]
+
+ *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
+ Kerberos function mit_des_cbc_cksum(). Before this change,
+ the value returned by DES_cbc_cksum() was like the one from
+ mit_des_cbc_cksum(), except the bytes were swapped.
+ [Kevin Greaney <Kevin.Greaney at hp.com> and Richard Levitte]
+
+ *) Allow an application to disable the automatic SSL chain building.
+ Before this a rather primitive chain build was always performed in
+ ssl3_output_cert_chain(): an application had no way to send the
+ correct chain if the automatic operation produced an incorrect result.
+
+ Now the chain builder is disabled if either:
+
+ 1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
+
+ 2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
+
+ The reasoning behind this is that an application would not want the
+ auto chain building to take place if extra chain certificates are
+ present and it might also want a means of sending no additional
+ certificates (for example the chain has two certificates and the
+ root is omitted).
+ [Steve Henson]
+
+ *) Add the possibility to build without the ENGINE framework.
+ [Steven Reddie <smr at essemer.com.au> via Richard Levitte]
+
+ *) Under Win32 gmtime() can return NULL: check return value in
+ OPENSSL_gmtime(). Add error code for case where gmtime() fails.
+ [Steve Henson]
+
+ *) DSA routines: under certain error conditions uninitialized BN objects
+ could be freed. Solution: make sure initialization is performed early
+ enough. (Reported and fix supplied by Ivan D Nestlerode <nestler at MIT.EDU>,
+ Nils Larsch <nla at trustcenter.de> via PR#459)
+ [Lutz Jaenicke]
+
+ *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
+ checked on reconnect on the client side, therefore session resumption
+ could still fail with a "ssl session id is different" error. This
+ behaviour is masked when SSL_OP_ALL is used due to
+ SSL_OP_MICROSOFT_SESS_ID_BUG being set.
+ Behaviour observed by Crispin Flowerday <crispin at flowerday.cx> as
+ followup to PR #377.
+ [Lutz Jaenicke]
+
+ *) IA-32 assembler support enhancements: unified ELF targets, support
+ for SCO/Caldera platforms, fix for Cygwin shared build.
+ [Andy Polyakov]
+
+ *) Add support for FreeBSD on sparc64. As a consequence, support for
+ FreeBSD on non-x86 processors is separate from x86 processors on
+ the config script, much like the NetBSD support.
+ [Richard Levitte & Kris Kennaway <kris at obsecurity.org>]
+
+ Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
+
+ [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
+ OpenSSL 0.9.7.]
+
+ *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+ code (06) was taken as the first octet of the session ID and the last
+ octet was ignored consequently. As a result SSLv2 client side session
+ caching could not have worked due to the session ID mismatch between
+ client and server.
+ Behaviour observed by Crispin Flowerday <crispin at flowerday.cx> as
+ PR #377.
+ [Lutz Jaenicke]
+
+ *) Change the declaration of needed Kerberos libraries to use EX_LIBS
+ instead of the special (and badly supported) LIBKRB5. LIBKRB5 is
+ removed entirely.
+ [Richard Levitte]
+
+ *) The hw_ncipher.c engine requires dynamic locks. Unfortunately, it
+ seems that in spite of existing for more than a year, many application
+ author have done nothing to provide the necessary callbacks, which
+ means that this particular engine will not work properly anywhere.
+ This is a very unfortunate situation which forces us, in the name
+ of usability, to give the hw_ncipher.c a static lock, which is part
+ of libcrypto.
+ NOTE: This is for the 0.9.7 series ONLY. This hack will never
+ appear in 0.9.8 or later. We EXPECT application authors to have
+ dealt properly with this when 0.9.8 is released (unless we actually
+ make such changes in the libcrypto locking code that changes will
+ have to be made anyway).
+ [Richard Levitte]
+
+ *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
+ octets have been read, EOF or an error occurs. Without this change
+ some truncated ASN1 structures will not produce an error.
+ [Steve Henson]
+
+ *) Disable Heimdal support, since it hasn't been fully implemented.
+ Still give the possibility to force the use of Heimdal, but with
+ warnings and a request that patches get sent to openssl-dev.
+ [Richard Levitte]
+
+ *) Add the VC-CE target, introduce the WINCE sysname, and add
+ INSTALL.WCE and appropriate conditionals to make it build.
+ [Steven Reddie <smr at essemer.com.au> via Richard Levitte]
+
+ *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
+ cygssl-x.y.z.dll, where x, y and z are the major, minor and
+ edit numbers of the version.
+ [Corinna Vinschen <vinschen at redhat.com> and Richard Levitte]
+
+ *) Introduce safe string copy and catenation functions
+ (BUF_strlcpy() and BUF_strlcat()).
+ [Ben Laurie (CHATS) and Richard Levitte]
+
+ *) Avoid using fixed-size buffers for one-line DNs.
+ [Ben Laurie (CHATS)]
+
+ *) Add BUF_MEM_grow_clean() to avoid information leakage when
+ resizing buffers containing secrets, and use where appropriate.
+ [Ben Laurie (CHATS)]
+
+ *) Avoid using fixed size buffers for configuration file location.
+ [Ben Laurie (CHATS)]
+
+ *) Avoid filename truncation for various CA files.
+ [Ben Laurie (CHATS)]
+
+ *) Use sizeof in preference to magic numbers.
+ [Ben Laurie (CHATS)]
+
+ *) Avoid filename truncation in cert requests.
+ [Ben Laurie (CHATS)]
+
+ *) Add assertions to check for (supposedly impossible) buffer
+ overflows.
+ [Ben Laurie (CHATS)]
+
+ *) Don't cache truncated DNS entries in the local cache (this could
+ potentially lead to a spoofing attack).
+ [Ben Laurie (CHATS)]
+
+ *) Fix various buffers to be large enough for hex/decimal
+ representations in a platform independent manner.
+ [Ben Laurie (CHATS)]
+
+ *) Add CRYPTO_realloc_clean() to avoid information leakage when
+ resizing buffers containing secrets, and use where appropriate.
+ [Ben Laurie (CHATS)]
+
+ *) Add BIO_indent() to avoid much slightly worrying code to do
+ indents.
+ [Ben Laurie (CHATS)]
+
+ *) Convert sprintf()/BIO_puts() to BIO_printf().
+ [Ben Laurie (CHATS)]
+
+ *) buffer_gets() could terminate with the buffer only half
+ full. Fixed.
+ [Ben Laurie (CHATS)]
+
+ *) Add assertions to prevent user-supplied crypto functions from
+ overflowing internal buffers by having large block sizes, etc.
+ [Ben Laurie (CHATS)]
+
+ *) New OPENSSL_assert() macro (similar to assert(), but enabled
+ unconditionally).
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused copy of key in RC4.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
+ [Ben Laurie (CHATS)]
+
+ *) Fix off-by-one error in EGD path.
+ [Ben Laurie (CHATS)]
+
+ *) If RANDFILE path is too long, ignore instead of truncating.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and incorrectly sized X.509 structure
+ CBCParameter.
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and dangerous function knumber().
+ [Ben Laurie (CHATS)]
+
+ *) Eliminate unused and dangerous structure, KSSL_ERR.
+ [Ben Laurie (CHATS)]
+
+ *) Protect against overlong session ID context length in an encoded
+ session object. Since these are local, this does not appear to be
+ exploitable.
+ [Ben Laurie (CHATS)]
+
+ *) Change from security patch (see 0.9.6e below) that did not affect
+ the 0.9.6 release series:
+
+ Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized master key in Kerberos-enabled versions.
+ (CVE-2002-0657)
+ [Ben Laurie (CHATS)]
+
+ *) Change the SSL kerb5 codes to match RFC 2712.
+ [Richard Levitte]
+
+ *) Make -nameopt work fully for req and add -reqopt switch.
+ [Michael Bell <michael.bell at rz.hu-berlin.de>, Steve Henson]
+
+ *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+ [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve at opera.com>]
+
+ *) Make sure tests can be performed even if the corresponding algorithms
+ have been removed entirely. This was also the last step to make
+ OpenSSL compilable with DJGPP under all reasonable conditions.
+ [Richard Levitte, Doug Kaufman <dkaufman at rahul.net>]
+
+ *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
+ to allow version independent disabling of normally unselected ciphers,
+ which may be activated as a side-effect of selecting a single cipher.
+
+ (E.g., cipher list string "RSA" enables ciphersuites that are left
+ out of "ALL" because they do not provide symmetric encryption.
+ "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
+ [Lutz Jaenicke, Bodo Moeller]
+
+ *) Add appropriate support for separate platform-dependent build
+ directories. The recommended way to make a platform-dependent
+ build directory is the following (tested on Linux), maybe with
+ some local tweaks:
+
+ # Place yourself outside of the OpenSSL source tree. In
+ # this example, the environment variable OPENSSL_SOURCE
+ # is assumed to contain the absolute OpenSSL source directory.
+ mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+ cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+ (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+ mkdir -p `dirname $F`
+ ln -s $OPENSSL_SOURCE/$F $F
+ done
+
+ To be absolutely sure not to disturb the source tree, a "make clean"
+ is a good thing. If it isn't successfull, don't worry about it,
+ it probably means the source directory is very clean.
+ [Richard Levitte]
+
+ *) Make sure any ENGINE control commands make local copies of string
+ pointers passed to them whenever necessary. Otherwise it is possible
+ the caller may have overwritten (or deallocated) the original string
+ data when a later ENGINE operation tries to use the stored values.
+ [G\xF6tz Babin-Ebell <babinebell at trustcenter.de>]
+
+ *) Improve diagnostics in file reading and command-line digests.
+ [Ben Laurie aided and abetted by Solar Designer <solar at openwall.com>]
+
+ *) Add AES modes CFB and OFB to the object database. Correct an
+ error in AES-CFB decryption.
+ [Richard Levitte]
+
+ *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this
+ allows existing EVP_CIPHER_CTX structures to be reused after
+ calling EVP_*Final(). This behaviour is used by encryption
+ BIOs and some applications. This has the side effect that
+ applications must explicitly clean up cipher contexts with
+ EVP_CIPHER_CTX_cleanup() or they will leak memory.
+ [Steve Henson]
+
+ *) Check the values of dna and dnb in bn_mul_recursive before calling
+ bn_mul_comba (a non zero value means the a or b arrays do not contain
+ n2 elements) and fallback to bn_mul_normal if either is not zero.
+ [Steve Henson]
+
+ *) Fix escaping of non-ASCII characters when using the -subj option
+ of the "openssl req" command line tool. (Robert Joop <joop at fokus.gmd.de>)
+ [Lutz Jaenicke]
+
+ *) Make object definitions compliant to LDAP (RFC2256): SN is the short
+ form for "surname", serialNumber has no short form.
+ Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
+ therefore remove "mail" short name for "internet 7".
+ The OID for unique identifiers in X509 certificates is
+ x500UniqueIdentifier, not uniqueIdentifier.
+ Some more OID additions. (Michael Bell <michael.bell at rz.hu-berlin.de>)
+ [Lutz Jaenicke]
+
+ *) Add an "init" command to the ENGINE config module and auto initialize
+ ENGINEs. Without any "init" command the ENGINE will be initialized
+ after all ctrl commands have been executed on it. If init=1 the
+ ENGINE is initailized at that point (ctrls before that point are run
+ on the uninitialized ENGINE and after on the initialized one). If
+ init=0 then the ENGINE will not be iniatialized at all.
+ [Steve Henson]
+
+ *) Fix the 'app_verify_callback' interface so that the user-defined
+ argument is actually passed to the callback: In the
+ SSL_CTX_set_cert_verify_callback() prototype, the callback
+ declaration has been changed from
+ int (*cb)()
+ into
+ int (*cb)(X509_STORE_CTX *,void *);
+ in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
+ i=s->ctx->app_verify_callback(&ctx)
+ has been changed into
+ i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
+
+ To update applications using SSL_CTX_set_cert_verify_callback(),
+ a dummy argument can be added to their callback functions.
+ [D. K. Smetters <smetters at parc.xerox.com>]
+
+ *) Added the '4758cca' ENGINE to support IBM 4758 cards.
+ [Maurice Gittens <maurice at gittens.nl>, touchups by Geoff Thorpe]
+
+ *) Add and OPENSSL_LOAD_CONF define which will cause
+ OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
+ This allows older applications to transparently support certain
+ OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
+ Two new functions OPENSSL_add_all_algorithms_noconf() which will never
+ load the config file and OPENSSL_add_all_algorithms_conf() which will
+ always load it have also been added.
+ [Steve Henson]
+
+ *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
+ Adjust NIDs and EVP layer.
+ [Stephen Sprunk <stephen at sprunk.org> and Richard Levitte]
+
+ *) Config modules support in openssl utility.
+
+ Most commands now load modules from the config file,
+ though in a few (such as version) this isn't done
+ because it couldn't be used for anything.
+
+ In the case of ca and req the config file used is
+ the same as the utility itself: that is the -config
+ command line option can be used to specify an
+ alternative file.
+ [Steve Henson]
+
+ *) Move default behaviour from OPENSSL_config(). If appname is NULL
+ use "openssl_conf" if filename is NULL use default openssl config file.
+ [Steve Henson]
+
+ *) Add an argument to OPENSSL_config() to allow the use of an alternative
+ config section name. Add a new flag to tolerate a missing config file
+ and move code to CONF_modules_load_file().
+ [Steve Henson]
+
+ *) Support for crypto accelerator cards from Accelerated Encryption
+ Processing, www.aep.ie. (Use engine 'aep')
+ The support was copied from 0.9.6c [engine] and adapted/corrected
+ to work with the new engine framework.
+ [AEP Inc. and Richard Levitte]
+
+ *) Support for SureWare crypto accelerator cards from Baltimore
+ Technologies. (Use engine 'sureware')
+ The support was copied from 0.9.6c [engine] and adapted
+ to work with the new engine framework.
+ [Richard Levitte]
+
+ *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
+ make the newer ENGINE framework commands for the CHIL engine work.
+ [Toomas Kiisk <vix at cyber.ee> and Richard Levitte]
+
+ *) Make it possible to produce shared libraries on ReliantUNIX.
+ [Robert Dahlem <Robert.Dahlem at ffm2.siemens.de> via Richard Levitte]
+
+ *) Add the configuration target debug-linux-ppro.
+ Make 'openssl rsa' use the general key loading routines
+ implemented in apps.c, and make those routines able to
+ handle the key format FORMAT_NETSCAPE and the variant
+ FORMAT_IISSGC.
+ [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
+
+ *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+ [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
+
+ *) Add -keyform to rsautl, and document -engine.
+ [Richard Levitte, inspired by Toomas Kiisk <vix at cyber.ee>]
+
+ *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
+ BIO_R_NO_SUCH_FILE error code rather than the generic
+ ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
+ [Ben Laurie]
+
+ *) Add new functions
+ ERR_peek_last_error
+ ERR_peek_last_error_line
+ ERR_peek_last_error_line_data.
+ These are similar to
+ ERR_peek_error
+ ERR_peek_error_line
+ ERR_peek_error_line_data,
+ but report on the latest error recorded rather than the first one
+ still in the error queue.
+ [Ben Laurie, Bodo Moeller]
+
+ *) default_algorithms option in ENGINE config module. This allows things
+ like:
+ default_algorithms = ALL
+ default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
+ [Steve Henson]
+
+ *) Prelminary ENGINE config module.
+ [Steve Henson]
+
+ *) New experimental application configuration code.
+ [Steve Henson]
+
+ *) Change the AES code to follow the same name structure as all other
+ symmetric ciphers, and behave the same way. Move everything to
+ the directory crypto/aes, thereby obsoleting crypto/rijndael.
+ [Stephen Sprunk <stephen at sprunk.org> and Richard Levitte]
+
+ *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
+ [Ben Laurie and Theo de Raadt]
+
+ *) Add option to output public keys in req command.
+ [Massimiliano Pala madwolf at openca.org]
+
+ *) Use wNAFs in EC_POINTs_mul() for improved efficiency
+ (up to about 10% better than before for P-192 and P-224).
+ [Bodo Moeller]
+
+ *) New functions/macros
+
+ SSL_CTX_set_msg_callback(ctx, cb)
+ SSL_CTX_set_msg_callback_arg(ctx, arg)
+ SSL_set_msg_callback(ssl, cb)
+ SSL_set_msg_callback_arg(ssl, arg)
+
+ to request calling a callback function
+
+ void cb(int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg)
+
+ whenever a protocol message has been completely received
+ (write_p == 0) or sent (write_p == 1). Here 'version' is the
+ protocol version according to which the SSL library interprets
+ the current protocol message (SSL2_VERSION, SSL3_VERSION, or
+ TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or
+ the content type as defined in the SSL 3.0/TLS 1.0 protocol
+ specification (change_cipher_spec(20), alert(21), handshake(22)).
+ 'buf' and 'len' point to the actual message, 'ssl' to the
+ SSL object, and 'arg' is the application-defined value set by
+ SSL[_CTX]_set_msg_callback_arg().
+
+ 'openssl s_client' and 'openssl s_server' have new '-msg' options
+ to enable a callback that displays all protocol messages.
+ [Bodo Moeller]
+
+ *) Change the shared library support so shared libraries are built as
+ soon as the corresponding static library is finished, and thereby get
+ openssl and the test programs linked against the shared library.
+ This still only happens when the keyword "shard" has been given to
+ the configuration scripts.
+
+ NOTE: shared library support is still an experimental thing, and
+ backward binary compatibility is still not guaranteed.
+ ["Maciej W. Rozycki" <macro at ds2.pg.gda.pl> and Richard Levitte]
+
+ *) Add support for Subject Information Access extension.
+ [Peter Sylvester <Peter.Sylvester at EdelWeb.fr>]
+
+ *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
+ additional bytes when new memory had to be allocated, not just
+ when reusing an existing buffer.
+ [Bodo Moeller]
+
+ *) New command line and configuration option 'utf8' for the req command.
+ This allows field values to be specified as UTF8 strings.
+ [Steve Henson]
+
+ *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
+ runs for the former and machine-readable output for the latter.
+ [Ben Laurie]
+
+ *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion
+ of the e-mail address in the DN (i.e., it will go into a certificate
+ extension only). The new configuration file option 'email_in_dn = no'
+ has the same effect.
+ [Massimiliano Pala madwolf at openca.org]
+
+ *) Change all functions with names starting with des_ to be starting
+ with DES_ instead. Add wrappers that are compatible with libdes,
+ but are named _ossl_old_des_*. Finally, add macros that map the
+ des_* symbols to the corresponding _ossl_old_des_* if libdes
+ compatibility is desired. If OpenSSL 0.9.6c compatibility is
+ desired, the des_* symbols will be mapped to DES_*, with one
+ exception.
+
+ Since we provide two compatibility mappings, the user needs to
+ define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
+ compatibility is desired. The default (i.e., when that macro
+ isn't defined) is OpenSSL 0.9.6c compatibility.
+
+ There are also macros that enable and disable the support of old
+ des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
+ and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those
+ are defined, the default will apply: to support the old des routines.
+
+ In either case, one must include openssl/des.h to get the correct
+ definitions. Do not try to just include openssl/des_old.h, that
+ won't work.
+
+ NOTE: This is a major break of an old API into a new one. Software
+ authors are encouraged to switch to the DES_ style functions. Some
+ time in the future, des_old.h and the libdes compatibility functions
+ will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
+ default), and then completely removed.
+ [Richard Levitte]
+
+ *) Test for certificates which contain unsupported critical extensions.
+ If such a certificate is found during a verify operation it is
+ rejected by default: this behaviour can be overridden by either
+ handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
+ by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
+ X509_supported_extension() has also been added which returns 1 if a
+ particular extension is supported.
+ [Steve Henson]
+
+ *) Modify the behaviour of EVP cipher functions in similar way to digests
+ to retain compatibility with existing code.
+ [Steve Henson]
+
+ *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
+ compatibility with existing code. In particular the 'ctx' parameter does
+ not have to be to be initialized before the call to EVP_DigestInit() and
+ it is tidied up after a call to EVP_DigestFinal(). New function
+ EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
+ EVP_MD_CTX_copy() changed to not require the destination to be
+ initialized valid and new function EVP_MD_CTX_copy_ex() added which
+ requires the destination to be valid.
+
+ Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
+ EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
+ [Steve Henson]
+
+ *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
+ so that complete 'Handshake' protocol structures are kept in memory
+ instead of overwriting 'msg_type' and 'length' with 'body' data.
+ [Bodo Moeller]
+
+ *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
+ [Massimo Santin via Richard Levitte]
+
+ *) Major restructuring to the underlying ENGINE code. This includes
+ reduction of linker bloat, separation of pure "ENGINE" manipulation
+ (initialisation, etc) from functionality dealing with implementations
+ of specific crypto iterfaces. This change also introduces integrated
+ support for symmetric ciphers and digest implementations - so ENGINEs
+ can now accelerate these by providing EVP_CIPHER and EVP_MD
+ implementations of their own. This is detailed in crypto/engine/README
+ as it couldn't be adequately described here. However, there are a few
+ API changes worth noting - some RSA, DSA, DH, and RAND functions that
+ were changed in the original introduction of ENGINE code have now
+ reverted back - the hooking from this code to ENGINE is now a good
+ deal more passive and at run-time, operations deal directly with
+ RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
+ dereferencing through an ENGINE pointer any more. Also, the ENGINE
+ functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
+ they were not being used by the framework as there is no concept of a
+ BIGNUM_METHOD and they could not be generalised to the new
+ 'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
+ ENGINE_cpy() has been removed as it cannot be consistently defined in
+ the new code.
+ [Geoff Thorpe]
+
+ *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
+ [Steve Henson]
+
+ *) Change mkdef.pl to sort symbols that get the same entry number,
+ and make sure the automatically generated functions ERR_load_*
+ become part of libeay.num as well.
+ [Richard Levitte]
+
+ *) New function SSL_renegotiate_pending(). This returns true once
+ renegotiation has been requested (either SSL_renegotiate() call
+ or HelloRequest/ClientHello receveived from the peer) and becomes
+ false once a handshake has been completed.
+ (For servers, SSL_renegotiate() followed by SSL_do_handshake()
+ sends a HelloRequest, but does not ensure that a handshake takes
+ place. SSL_renegotiate_pending() is useful for checking if the
+ client has followed the request.)
+ [Bodo Moeller]
+
+ *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
+ By default, clients may request session resumption even during
+ renegotiation (if session ID contexts permit); with this option,
+ session resumption is possible only in the first handshake.
+
+ SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes
+ more bits available for options that should not be part of
+ SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
+ [Bodo Moeller]
+
+ *) Add some demos for certificate and certificate request creation.
+ [Steve Henson]
+
+ *) Make maximum certificate chain size accepted from the peer application
+ settable (SSL*_get/set_max_cert_list()), as proposed by
+ "Douglas E. Engert" <deengert at anl.gov>.
+ [Lutz Jaenicke]
+
+ *) Add support for shared libraries for Unixware-7
+ (Boyd Lynn Gerber <gerberb at zenez.com>).
+ [Lutz Jaenicke]
+
+ *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
+ be done prior to destruction. Use this to unload error strings from
+ ENGINEs that load their own error strings. NB: This adds two new API
+ functions to "get" and "set" this destroy handler in an ENGINE.
+ [Geoff Thorpe]
+
+ *) Alter all existing ENGINE implementations (except "openssl" and
+ "openbsd") to dynamically instantiate their own error strings. This
+ makes them more flexible to be built both as statically-linked ENGINEs
+ and self-contained shared-libraries loadable via the "dynamic" ENGINE.
+ Also, add stub code to each that makes building them as self-contained
+ shared-libraries easier (see README.ENGINE).
+ [Geoff Thorpe]
+
+ *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
+ implementations into applications that are completely implemented in
+ self-contained shared-libraries. The "dynamic" ENGINE exposes control
+ commands that can be used to configure what shared-library to load and
+ to control aspects of the way it is handled. Also, made an update to
+ the README.ENGINE file that brings its information up-to-date and
+ provides some information and instructions on the "dynamic" ENGINE
+ (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
+ [Geoff Thorpe]
+
+ *) Make it possible to unload ranges of ERR strings with a new
+ "ERR_unload_strings" function.
+ [Geoff Thorpe]
+
+ *) Add a copy() function to EVP_MD.
+ [Ben Laurie]
+
+ *) Make EVP_MD routines take a context pointer instead of just the
+ md_data void pointer.
+ [Ben Laurie]
+
+ *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
+ that the digest can only process a single chunk of data
+ (typically because it is provided by a piece of
+ hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
+ is only going to provide a single chunk of data, and hence the
+ framework needn't accumulate the data for oneshot drivers.
+ [Ben Laurie]
+
+ *) As with "ERR", make it possible to replace the underlying "ex_data"
+ functions. This change also alters the storage and management of global
+ ex_data state - it's now all inside ex_data.c and all "class" code (eg.
+ RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
+ index counters. The API functions that use this state have been changed
+ to take a "class_index" rather than pointers to the class's local STACK
+ and counter, and there is now an API function to dynamically create new
+ classes. This centralisation allows us to (a) plug a lot of the
+ thread-safety problems that existed, and (b) makes it possible to clean
+ up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
+ such data would previously have always leaked in application code and
+ workarounds were in place to make the memory debugging turn a blind eye
+ to it. Application code that doesn't use this new function will still
+ leak as before, but their memory debugging output will announce it now
+ rather than letting it slide.
+
+ Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
+ induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
+ has a return value to indicate success or failure.
+ [Geoff Thorpe]
+
+ *) Make it possible to replace the underlying "ERR" functions such that the
+ global state (2 LHASH tables and 2 locks) is only used by the "default"
+ implementation. This change also adds two functions to "get" and "set"
+ the implementation prior to it being automatically set the first time
+ any other ERR function takes place. Ie. an application can call "get",
+ pass the return value to a module it has just loaded, and that module
+ can call its own "set" function using that value. This means the
+ module's "ERR" operations will use (and modify) the error state in the
+ application and not in its own statically linked copy of OpenSSL code.
+ [Geoff Thorpe]
+
+ *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
+ reference counts. This performs normal REF_PRINT/REF_CHECK macros on
+ the operation, and provides a more encapsulated way for external code
+ (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
+ to use these functions rather than manually incrementing the counts.
+
+ Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
+ [Geoff Thorpe]
+
+ *) Add EVP test program.
+ [Ben Laurie]
+
+ *) Add symmetric cipher support to ENGINE. Expect the API to change!
+ [Ben Laurie]
+
+ *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
+ X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
+ X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
+ These allow a CRL to be built without having to access X509_CRL fields
+ directly. Modify 'ca' application to use new functions.
+ [Steve Henson]
+
+ *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
+ bug workarounds. Rollback attack detection is a security feature.
+ The problem will only arise on OpenSSL servers when TLSv1 is not
+ available (sslv3_server_method() or SSL_OP_NO_TLSv1).
+ Software authors not wanting to support TLSv1 will have special reasons
+ for their choice and can explicitly enable this option.
+ [Bodo Moeller, Lutz Jaenicke]
+
+ *) Rationalise EVP so it can be extended: don't include a union of
+ cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
+ (similar to those existing for EVP_CIPHER_CTX).
+ Usage example:
+
+ EVP_MD_CTX md;
+
+ EVP_MD_CTX_init(&md); /* new function call */
+ EVP_DigestInit(&md, EVP_sha1());
+ EVP_DigestUpdate(&md, in, len);
+ EVP_DigestFinal(&md, out, NULL);
+ EVP_MD_CTX_cleanup(&md); /* new function call */
+
+ [Ben Laurie]
+
+ *) Make DES key schedule conform to the usual scheme, as well as
+ correcting its structure. This means that calls to DES functions
+ now have to pass a pointer to a des_key_schedule instead of a
+ plain des_key_schedule (which was actually always a pointer
+ anyway): E.g.,
+
+ des_key_schedule ks;
+
+ des_set_key_checked(..., &ks);
+ des_ncbc_encrypt(..., &ks, ...);
+
+ (Note that a later change renames 'des_...' into 'DES_...'.)
+ [Ben Laurie]
+
+ *) Initial reduction of linker bloat: the use of some functions, such as
+ PEM causes large amounts of unused functions to be linked in due to
+ poor organisation. For example pem_all.c contains every PEM function
+ which has a knock on effect of linking in large amounts of (unused)
+ ASN1 code. Grouping together similar functions and splitting unrelated
+ functions prevents this.
+ [Steve Henson]
+
+ *) Cleanup of EVP macros.
+ [Ben Laurie]
+
+ *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
+ correct _ecb suffix.
+ [Ben Laurie]
+
+ *) Add initial OCSP responder support to ocsp application. The
+ revocation information is handled using the text based index
+ use by the ca application. The responder can either handle
+ requests generated internally, supplied in files (for example
+ via a CGI script) or using an internal minimal server.
+ [Steve Henson]
+
+ *) Add configuration choices to get zlib compression for TLS.
+ [Richard Levitte]
+
+ *) Changes to Kerberos SSL for RFC 2712 compliance:
+ 1. Implemented real KerberosWrapper, instead of just using
+ KRB5 AP_REQ message. [Thanks to Simon Wilkinson <sxw at sxw.org.uk>]
+ 2. Implemented optional authenticator field of KerberosWrapper.
+
+ Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
+ and authenticator structs; see crypto/krb5/.
+
+ Generalized Kerberos calls to support multiple Kerberos libraries.
+ [Vern Staats <staatsvr at asc.hpc.mil>,
+ Jeffrey Altman <jaltman at columbia.edu>
+ via Richard Levitte]
+
+ *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
+ already does with RSA. testdsa.h now has 'priv_key/pub_key'
+ values for each of the key sizes rather than having just
+ parameters (and 'speed' generating keys each time).
+ [Geoff Thorpe]
+
+ *) Speed up EVP routines.
+ Before:
+encrypt
+type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
+des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k
+des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k
+des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k
+decrypt
+des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k
+des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k
+des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k
+ After:
+encrypt
+des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k
+decrypt
+des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
+ [Ben Laurie]
+
+ *) Added the OS2-EMX target.
+ ["Brian Havard" <brianh at kheldar.apana.org.au> and Richard Levitte]
+
+ *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+ to support NCONF routines in extension code. New function CONF_set_nconf()
+ to allow functions which take an NCONF to also handle the old LHASH
+ structure: this means that the old CONF compatible routines can be
+ retained (in particular wrt extensions) without having to duplicate the
+ code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+ [Steve Henson]
+
+ *) Enhance the general user interface with mechanisms for inner control
+ and with possibilities to have yes/no kind of prompts.
+ [Richard Levitte]
+
+ *) Change all calls to low level digest routines in the library and
+ applications to use EVP. Add missing calls to HMAC_cleanup() and
+ don't assume HMAC_CTX can be copied using memcpy().
+ [Verdon Walker <VWalker at novell.com>, Steve Henson]
+
+ *) Add the possibility to control engines through control names but with
+ arbitrary arguments instead of just a string.
+ Change the key loaders to take a UI_METHOD instead of a callback
+ function pointer. NOTE: this breaks binary compatibility with earlier
+ versions of OpenSSL [engine].
+ Adapt the nCipher code for these new conditions and add a card insertion
+ callback.
+ [Richard Levitte]
+
+ *) Enhance the general user interface with mechanisms to better support
+ dialog box interfaces, application-defined prompts, the possibility
+ to use defaults (for example default passwords from somewhere else)
+ and interrupts/cancellations.
+ [Richard Levitte]
+
+ *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
+ attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
+ [Steve Henson]
+
+ *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
+ tidy up some unnecessarily weird code in 'sk_new()').
+ [Geoff, reported by Diego Tartara <dtartara at novamens.com>]
+
+ *) Change the key loading routines for ENGINEs to use the same kind
+ callback (pem_password_cb) as all other routines that need this
+ kind of callback.
+ [Richard Levitte]
+
+ *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
+ 256 bit (=32 byte) keys. Of course seeding with more entropy bytes
+ than this minimum value is recommended.
+ [Lutz Jaenicke]
+
+ *) New random seeder for OpenVMS, using the system process statistics
+ that are easily reachable.
+ [Richard Levitte]
+
+ *) Windows apparently can't transparently handle global
+ variables defined in DLLs. Initialisations such as:
+
+ const ASN1_ITEM *it = &ASN1_INTEGER_it;
+
+ wont compile. This is used by the any applications that need to
+ declare their own ASN1 modules. This was fixed by adding the option
+ EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
+ needed for static libraries under Win32.
+ [Steve Henson]
+
+ *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
+ setting of purpose and trust fields. New X509_STORE trust and
+ purpose functions and tidy up setting in other SSL functions.
+ [Steve Henson]
+
+ *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
+ structure. These are inherited by X509_STORE_CTX when it is
+ initialised. This allows various defaults to be set in the
+ X509_STORE structure (such as flags for CRL checking and custom
+ purpose or trust settings) for functions which only use X509_STORE_CTX
+ internally such as S/MIME.
+
+ Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
+ trust settings if they are not set in X509_STORE. This allows X509_STORE
+ purposes and trust (in S/MIME for example) to override any set by default.
+
+ Add command line options for CRL checking to smime, s_client and s_server
+ applications.
+ [Steve Henson]
+
+ *) Initial CRL based revocation checking. If the CRL checking flag(s)
+ are set then the CRL is looked up in the X509_STORE structure and
+ its validity and signature checked, then if the certificate is found
+ in the CRL the verify fails with a revoked error.
+
+ Various new CRL related callbacks added to X509_STORE_CTX structure.
+
+ Command line options added to 'verify' application to support this.
+
+ This needs some additional work, such as being able to handle multiple
+ CRLs with different times, extension based lookup (rather than just
+ by subject name) and ultimately more complete V2 CRL extension
+ handling.
+ [Steve Henson]
+
+ *) Add a general user interface API (crypto/ui/). This is designed
+ to replace things like des_read_password and friends (backward
+ compatibility functions using this new API are provided).
+ The purpose is to remove prompting functions from the DES code
+ section as well as provide for prompting through dialog boxes in
+ a window system and the like.
+ [Richard Levitte]
+
+ *) Add "ex_data" support to ENGINE so implementations can add state at a
+ per-structure level rather than having to store it globally.
+ [Geoff]
+
+ *) Make it possible for ENGINE structures to be copied when retrieved by
+ ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
+ This causes the "original" ENGINE structure to act like a template,
+ analogous to the RSA vs. RSA_METHOD type of separation. Because of this
+ operational state can be localised to each ENGINE structure, despite the
+ fact they all share the same "methods". New ENGINE structures returned in
+ this case have no functional references and the return value is the single
+ structural reference. This matches the single structural reference returned
+ by ENGINE_by_id() normally, when it is incremented on the pre-existing
+ ENGINE structure.
+ [Geoff]
+
+ *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
+ needs to match any other type at all we need to manually clear the
+ tag cache.
+ [Steve Henson]
+
+ *) Changes to the "openssl engine" utility to include;
+ - verbosity levels ('-v', '-vv', and '-vvv') that provide information
+ about an ENGINE's available control commands.
+ - executing control commands from command line arguments using the
+ '-pre' and '-post' switches. '-post' is only used if '-t' is
+ specified and the ENGINE is successfully initialised. The syntax for
+ the individual commands are colon-separated, for example;
+ openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
+ [Geoff]
+
+ *) New dynamic control command support for ENGINEs. ENGINEs can now
+ declare their own commands (numbers), names (strings), descriptions,
+ and input types for run-time discovery by calling applications. A
+ subset of these commands are implicitly classed as "executable"
+ depending on their input type, and only these can be invoked through
+ the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
+ can be based on user input, config files, etc). The distinction is
+ that "executable" commands cannot return anything other than a boolean
+ result and can only support numeric or string input, whereas some
+ discoverable commands may only be for direct use through
+ ENGINE_ctrl(), eg. supporting the exchange of binary data, function
+ pointers, or other custom uses. The "executable" commands are to
+ support parameterisations of ENGINE behaviour that can be
+ unambiguously defined by ENGINEs and used consistently across any
+ OpenSSL-based application. Commands have been added to all the
+ existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
+ control over shared-library paths without source code alterations.
+ [Geoff]
+
+ *) Changed all ENGINE implementations to dynamically allocate their
+ ENGINEs rather than declaring them statically. Apart from this being
+ necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
+ this also allows the implementations to compile without using the
+ internal engine_int.h header.
+ [Geoff]
+
+ *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
+ 'const' value. Any code that should be able to modify a RAND_METHOD
+ should already have non-const pointers to it (ie. they should only
+ modify their own ones).
+ [Geoff]
+
+ *) Made a variety of little tweaks to the ENGINE code.
+ - "atalla" and "ubsec" string definitions were moved from header files
+ to C code. "nuron" string definitions were placed in variables
+ rather than hard-coded - allowing parameterisation of these values
+ later on via ctrl() commands.
+ - Removed unused "#if 0"'d code.
+ - Fixed engine list iteration code so it uses ENGINE_free() to release
+ structural references.
+ - Constified the RAND_METHOD element of ENGINE structures.
+ - Constified various get/set functions as appropriate and added
+ missing functions (including a catch-all ENGINE_cpy that duplicates
+ all ENGINE values onto a new ENGINE except reference counts/state).
+ - Removed NULL parameter checks in get/set functions. Setting a method
+ or function to NULL is a way of cancelling out a previously set
+ value. Passing a NULL ENGINE parameter is just plain stupid anyway
+ and doesn't justify the extra error symbols and code.
+ - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
+ flags from engine_int.h to engine.h.
+ - Changed prototypes for ENGINE handler functions (init(), finish(),
+ ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
+ [Geoff]
+
+ *) Implement binary inversion algorithm for BN_mod_inverse in addition
+ to the algorithm using long division. The binary algorithm can be
+ used only if the modulus is odd. On 32-bit systems, it is faster
+ only for relatively small moduli (roughly 20-30% for 128-bit moduli,
+ roughly 5-15% for 256-bit moduli), so we use it only for moduli
+ up to 450 bits. In 64-bit environments, the binary algorithm
+ appears to be advantageous for much longer moduli; here we use it
+ for moduli up to 2048 bits.
+ [Bodo Moeller]
+
+ *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
+ could not support the combine flag in choice fields.
+ [Steve Henson]
+
+ *) Add a 'copy_extensions' option to the 'ca' utility. This copies
+ extensions from a certificate request to the certificate.
+ [Steve Henson]
+
+ *) Allow multiple 'certopt' and 'nameopt' options to be separated
+ by commas. Add 'namopt' and 'certopt' options to the 'ca' config
+ file: this allows the display of the certificate about to be
+ signed to be customised, to allow certain fields to be included
+ or excluded and extension details. The old system didn't display
+ multicharacter strings properly, omitted fields not in the policy
+ and couldn't display additional details such as extensions.
+ [Steve Henson]
+
+ *) Function EC_POINTs_mul for multiple scalar multiplication
+ of an arbitrary number of elliptic curve points
+ \sum scalars[i]*points[i],
+ optionally including the generator defined for the EC_GROUP:
+ scalar*generator + \sum scalars[i]*points[i].
+
+ EC_POINT_mul is a simple wrapper function for the typical case
+ that the point list has just one item (besides the optional
+ generator).
+ [Bodo Moeller]
+
+ *) First EC_METHODs for curves over GF(p):
+
+ EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
+ operations and provides various method functions that can also
+ operate with faster implementations of modular arithmetic.
+
+ EC_GFp_mont_method() reuses most functions that are part of
+ EC_GFp_simple_method, but uses Montgomery arithmetic.
+
+ [Bodo Moeller; point addition and point doubling
+ implementation directly derived from source code provided by
+ Lenka Fibikova <fibikova at exp-math.uni-essen.de>]
+
+ *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
+ crypto/ec/ec_lib.c):
+
+ Curves are EC_GROUP objects (with an optional group generator)
+ based on EC_METHODs that are built into the library.
+
+ Points are EC_POINT objects based on EC_GROUP objects.
+
+ Most of the framework would be able to handle curves over arbitrary
+ finite fields, but as there are no obvious types for fields other
+ than GF(p), some functions are limited to that for now.
+ [Bodo Moeller]
+
+ *) Add the -HTTP option to s_server. It is similar to -WWW, but requires
+ that the file contains a complete HTTP response.
+ [Richard Levitte]
+
+ *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
+ change the def and num file printf format specifier from "%-40sXXX"
+ to "%-39s XXX". The latter will always guarantee a space after the
+ field while the former will cause them to run together if the field
+ is 40 of more characters long.
+ [Steve Henson]
+
+ *) Constify the cipher and digest 'method' functions and structures
+ and modify related functions to take constant EVP_MD and EVP_CIPHER
+ pointers.
+ [Steve Henson]
+
+ *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
+ in <openssl/bn.h>. Also further increase BN_CTX_NUM to 32.
+ [Bodo Moeller]
+
+ *) Modify EVP_Digest*() routines so they now return values. Although the
+ internal software routines can never fail additional hardware versions
+ might.
+ [Steve Henson]
+
+ *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
+
+ Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
+ (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
+
+ ASN1 error codes
+ ERR_R_NESTED_ASN1_ERROR
+ ...
+ ERR_R_MISSING_ASN1_EOS
+ were 4 .. 9, conflicting with
+ ERR_LIB_RSA (= ERR_R_RSA_LIB)
+ ...
+ ERR_LIB_PEM (= ERR_R_PEM_LIB).
+ They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
+
+ Add new error code 'ERR_R_INTERNAL_ERROR'.
+ [Bodo Moeller]
+
+ *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
+ suffices.
+ [Bodo Moeller]
+
+ *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This
+ sets the subject name for a new request or supersedes the
+ subject name in a given request. Formats that can be parsed are
+ 'CN=Some Name, OU=myOU, C=IT'
+ and
+ 'CN=Some Name/OU=myOU/C=IT'.
+
+ Add options '-batch' and '-verbose' to 'openssl req'.
+ [Massimiliano Pala <madwolf at hackmasters.net>]
+
+ *) Introduce the possibility to access global variables through
+ functions on platform were that's the best way to handle exporting
+ global variables in shared libraries. To enable this functionality,
+ one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
+ "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
+ is normally done by Configure or something similar).
+
+ To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
+ in the source file (foo.c) like this:
+
+ OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
+ OPENSSL_IMPLEMENT_GLOBAL(double,bar);
+
+ To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
+ and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
+
+ OPENSSL_DECLARE_GLOBAL(int,foo);
+ #define foo OPENSSL_GLOBAL_REF(foo)
+ OPENSSL_DECLARE_GLOBAL(double,bar);
+ #define bar OPENSSL_GLOBAL_REF(bar)
+
+ The #defines are very important, and therefore so is including the
+ header file everywhere where the defined globals are used.
+
+ The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
+ of ASN.1 items, but that structure is a bit different.
+
+ The largest change is in util/mkdef.pl which has been enhanced with
+ better and easier to understand logic to choose which symbols should
+ go into the Windows .def files as well as a number of fixes and code
+ cleanup (among others, algorithm keywords are now sorted
+ lexicographically to avoid constant rewrites).
+ [Richard Levitte]
+
+ *) In BN_div() keep a copy of the sign of 'num' before writing the
+ result to 'rm' because if rm==num the value will be overwritten
+ and produce the wrong result if 'num' is negative: this caused
+ problems with BN_mod() and BN_nnmod().
+ [Steve Henson]
+
+ *) Function OCSP_request_verify(). This checks the signature on an
+ OCSP request and verifies the signer certificate. The signer
+ certificate is just checked for a generic purpose and OCSP request
+ trust settings.
+ [Steve Henson]
+
+ *) Add OCSP_check_validity() function to check the validity of OCSP
+ responses. OCSP responses are prepared in real time and may only
+ be a few seconds old. Simply checking that the current time lies
+ between thisUpdate and nextUpdate max reject otherwise valid responses
+ caused by either OCSP responder or client clock inaccuracy. Instead
+ we allow thisUpdate and nextUpdate to fall within a certain period of
+ the current time. The age of the response can also optionally be
+ checked. Two new options -validity_period and -status_age added to
+ ocsp utility.
+ [Steve Henson]
+
+ *) If signature or public key algorithm is unrecognized print out its
+ OID rather that just UNKNOWN.
+ [Steve Henson]
+
+ *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
+ OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
+ ID to be generated from the issuer certificate alone which can then be
+ passed to OCSP_id_issuer_cmp().
+ [Steve Henson]
+
+ *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
+ ASN1 modules to export functions returning ASN1_ITEM pointers
+ instead of the ASN1_ITEM structures themselves. This adds several
+ new macros which allow the underlying ASN1 function/structure to
+ be accessed transparently. As a result code should not use ASN1_ITEM
+ references directly (such as &X509_it) but instead use the relevant
+ macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
+ use of the new ASN1 code on platforms where exporting structures
+ is problematical (for example in shared libraries) but exporting
+ functions returning pointers to structures is not.
+ [Steve Henson]
+
+ *) Add support for overriding the generation of SSL/TLS session IDs.
+ These callbacks can be registered either in an SSL_CTX or per SSL.
+ The purpose of this is to allow applications to control, if they wish,
+ the arbitrary values chosen for use as session IDs, particularly as it
+ can be useful for session caching in multiple-server environments. A
+ command-line switch for testing this (and any client code that wishes
+ to use such a feature) has been added to "s_server".
+ [Geoff Thorpe, Lutz Jaenicke]
+
+ *) Modify mkdef.pl to recognise and parse preprocessor conditionals
+ of the form '#if defined(...) || defined(...) || ...' and
+ '#if !defined(...) && !defined(...) && ...'. This also avoids
+ the growing number of special cases it was previously handling.
+ [Richard Levitte]
+
+ *) Make all configuration macros available for application by making
+ sure they are available in opensslconf.h, by giving them names starting
+ with "OPENSSL_" to avoid conflicts with other packages and by making
+ sure e_os2.h will cover all platform-specific cases together with
+ opensslconf.h.
+ Additionally, it is now possible to define configuration/platform-
+ specific names (called "system identities"). In the C code, these
+ are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another
+ macro with the name beginning with "OPENSSL_SYS_", which is determined
+ from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
+ what is available.
+ [Richard Levitte]
+
+ *) New option -set_serial to 'req' and 'x509' this allows the serial
+ number to use to be specified on the command line. Previously self
+ signed certificates were hard coded with serial number 0 and the
+ CA options of 'x509' had to use a serial number in a file which was
+ auto incremented.
+ [Steve Henson]
+
+ *) New options to 'ca' utility to support V2 CRL entry extensions.
+ Currently CRL reason, invalidity date and hold instruction are
+ supported. Add new CRL extensions to V3 code and some new objects.
+ [Steve Henson]
+
+ *) New function EVP_CIPHER_CTX_set_padding() this is used to
+ disable standard block padding (aka PKCS#5 padding) in the EVP
+ API, which was previously mandatory. This means that the data is
+ not padded in any way and so the total length much be a multiple
+ of the block size, otherwise an error occurs.
+ [Steve Henson]
+
+ *) Initial (incomplete) OCSP SSL support.
+ [Steve Henson]
+
+ *) New function OCSP_parse_url(). This splits up a URL into its host,
+ port and path components: primarily to parse OCSP URLs. New -url
+ option to ocsp utility.
+ [Steve Henson]
+
+ *) New nonce behavior. The return value of OCSP_check_nonce() now
+ reflects the various checks performed. Applications can decide
+ whether to tolerate certain situations such as an absent nonce
+ in a response when one was present in a request: the ocsp application
+ just prints out a warning. New function OCSP_add1_basic_nonce()
+ this is to allow responders to include a nonce in a response even if
+ the request is nonce-less.
+ [Steve Henson]
+
+ *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
+ skipped when using openssl x509 multiple times on a single input file,
+ e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
+ [Bodo Moeller]
+
+ *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
+ set string type: to handle setting ASN1_TIME structures. Fix ca
+ utility to correctly initialize revocation date of CRLs.
+ [Steve Henson]
+
+ *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
+ the clients preferred ciphersuites and rather use its own preferences.
+ Should help to work around M$ SGC (Server Gated Cryptography) bug in
+ Internet Explorer by ensuring unchanged hash method during stepup.
+ (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
+ [Lutz Jaenicke]
+
+ *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
+ to aes and add a new 'exist' option to print out symbols that don't
+ appear to exist.
+ [Steve Henson]
+
+ *) Additional options to ocsp utility to allow flags to be set and
+ additional certificates supplied.
+ [Steve Henson]
+
+ *) Add the option -VAfile to 'openssl ocsp', so the user can give the
+ OCSP client a number of certificate to only verify the response
+ signature against.
+ [Richard Levitte]
+
+ *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
+ handle the new API. Currently only ECB, CBC modes supported. Add new
+ AES OIDs.
+
+ Add TLS AES ciphersuites as described in RFC3268, "Advanced
+ Encryption Standard (AES) Ciphersuites for Transport Layer
+ Security (TLS)". (In beta versions of OpenSSL 0.9.7, these were
+ not enabled by default and were not part of the "ALL" ciphersuite
+ alias because they were not yet official; they could be
+ explicitly requested by specifying the "AESdraft" ciphersuite
+ group alias. In the final release of OpenSSL 0.9.7, the group
+ alias is called "AES" and is part of "ALL".)
+ [Ben Laurie, Steve Henson, Bodo Moeller]
+
+ *) New function OCSP_copy_nonce() to copy nonce value (if present) from
+ request to response.
+ [Steve Henson]
+
+ *) Functions for OCSP responders. OCSP_request_onereq_count(),
+ OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
+ extract information from a certificate request. OCSP_response_create()
+ creates a response and optionally adds a basic response structure.
+ OCSP_basic_add1_status() adds a complete single response to a basic
+ response and returns the OCSP_SINGLERESP structure just added (to allow
+ extensions to be included for example). OCSP_basic_add1_cert() adds a
+ certificate to a basic response and OCSP_basic_sign() signs a basic
+ response with various flags. New helper functions ASN1_TIME_check()
+ (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
+ (converts ASN1_TIME to GeneralizedTime).
+ [Steve Henson]
+
+ *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
+ in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
+ structure from a certificate. X509_pubkey_digest() digests the public_key
+ contents: this is used in various key identifiers.
+ [Steve Henson]
+
+ *) Make sk_sort() tolerate a NULL argument.
+ [Steve Henson reported by Massimiliano Pala <madwolf at comune.modena.it>]
+
+ *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
+ passed by the function are trusted implicitly. If any of them signed the
+ response then it is assumed to be valid and is not verified.
+ [Steve Henson]
+
+ *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
+ to data. This was previously part of the PKCS7 ASN1 code. This
+ was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
+ [Steve Henson, reported by Kenneth R. Robinette
+ <support at securenetterm.com>]
+
+ *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
+ routines: without these tracing memory leaks is very painful.
+ Fix leaks in PKCS12 and PKCS7 routines.
+ [Steve Henson]
+
+ *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
+ Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
+ effectively meant GeneralizedTime would never be used. Now it
+ is initialised to -1 but X509_time_adj() now has to check the value
+ and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
+ V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
+ [Steve Henson, reported by Kenneth R. Robinette
+ <support at securenetterm.com>]
+
+ *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
+ result in a zero length in the ASN1_INTEGER structure which was
+ not consistent with the structure when d2i_ASN1_INTEGER() was used
+ and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
+ to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
+ where it did not print out a minus for negative ASN1_INTEGER.
+ [Steve Henson]
+
+ *) Add summary printout to ocsp utility. The various functions which
+ convert status values to strings have been renamed to:
+ OCSP_response_status_str(), OCSP_cert_status_str() and
+ OCSP_crl_reason_str() and are no longer static. New options
+ to verify nonce values and to disable verification. OCSP response
+ printout format cleaned up.
+ [Steve Henson]
+
+ *) Add additional OCSP certificate checks. These are those specified
+ in RFC2560. This consists of two separate checks: the CA of the
+ certificate being checked must either be the OCSP signer certificate
+ or the issuer of the OCSP signer certificate. In the latter case the
+ OCSP signer certificate must contain the OCSP signing extended key
+ usage. This check is performed by attempting to match the OCSP
+ signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
+ in the OCSP_CERTID structures of the response.
+ [Steve Henson]
+
+ *) Initial OCSP certificate verification added to OCSP_basic_verify()
+ and related routines. This uses the standard OpenSSL certificate
+ verify routines to perform initial checks (just CA validity) and
+ to obtain the certificate chain. Then additional checks will be
+ performed on the chain. Currently the root CA is checked to see
+ if it is explicitly trusted for OCSP signing. This is used to set
+ a root CA as a global signing root: that is any certificate that
+ chains to that CA is an acceptable OCSP signing certificate.
+ [Steve Henson]
+
+ *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
+ extensions from a separate configuration file.
+ As when reading extensions from the main configuration file,
+ the '-extensions ...' option may be used for specifying the
+ section to use.
+ [Massimiliano Pala <madwolf at comune.modena.it>]
+
+ *) New OCSP utility. Allows OCSP requests to be generated or
+ read. The request can be sent to a responder and the output
+ parsed, outputed or printed in text form. Not complete yet:
+ still needs to check the OCSP response validity.
+ [Steve Henson]
+
+ *) New subcommands for 'openssl ca':
+ 'openssl ca -status <serial>' prints the status of the cert with
+ the given serial number (according to the index file).
+ 'openssl ca -updatedb' updates the expiry status of certificates
+ in the index file.
+ [Massimiliano Pala <madwolf at comune.modena.it>]
+
+ *) New '-newreq-nodes' command option to CA.pl. This is like
+ '-newreq', but calls 'openssl req' with the '-nodes' option
+ so that the resulting key is not encrypted.
+ [Damien Miller <djm at mindrot.org>]
+
+ *) New configuration for the GNU Hurd.
+ [Jonathan Bartlett <johnnyb at wolfram.com> via Richard Levitte]
+
+ *) Initial code to implement OCSP basic response verify. This
+ is currently incomplete. Currently just finds the signer's
+ certificate and verifies the signature on the response.
+ [Steve Henson]
+
+ *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
+ value of OPENSSLDIR. This is available via the new '-d' option
+ to 'openssl version', and is also included in 'openssl version -a'.
+ [Bodo Moeller]
+
+ *) Allowing defining memory allocation callbacks that will be given
+ file name and line number information in additional arguments
+ (a const char* and an int). The basic functionality remains, as
+ well as the original possibility to just replace malloc(),
+ realloc() and free() by functions that do not know about these
+ additional arguments. To register and find out the current
+ settings for extended allocation functions, the following
+ functions are provided:
+
+ CRYPTO_set_mem_ex_functions
+ CRYPTO_set_locked_mem_ex_functions
+ CRYPTO_get_mem_ex_functions
+ CRYPTO_get_locked_mem_ex_functions
+
+ These work the same way as CRYPTO_set_mem_functions and friends.
+ CRYPTO_get_[locked_]mem_functions now writes 0 where such an
+ extended allocation function is enabled.
+ Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
+ a conventional allocation function is enabled.
+ [Richard Levitte, Bodo Moeller]
+
+ *) Finish off removing the remaining LHASH function pointer casts.
+ There should no longer be any prototype-casting required when using
+ the LHASH abstraction, and any casts that remain are "bugs". See
+ the callback types and macros at the head of lhash.h for details
+ (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
+ [Geoff Thorpe]
+
+ *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
+ If /dev/[u]random devices are not available or do not return enough
+ entropy, EGD style sockets (served by EGD or PRNGD) will automatically
+ be queried.
+ The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
+ /etc/entropy will be queried once each in this sequence, quering stops
+ when enough entropy was collected without querying more sockets.
+ [Lutz Jaenicke]
+
+ *) Change the Unix RAND_poll() variant to be able to poll several
+ random devices, as specified by DEVRANDOM, until a sufficient amount
+ of data has been collected. We spend at most 10 ms on each file
+ (select timeout) and read in non-blocking mode. DEVRANDOM now
+ defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
+ (previously it was just the string "/dev/urandom"), so on typical
+ platforms the 10 ms delay will never occur.
+ Also separate out the Unix variant to its own file, rand_unix.c.
+ For VMS, there's a currently-empty rand_vms.c.
+ [Richard Levitte]
+
+ *) Move OCSP client related routines to ocsp_cl.c. These
+ provide utility functions which an application needing
+ to issue a request to an OCSP responder and analyse the
+ response will typically need: as opposed to those which an
+ OCSP responder itself would need which will be added later.
+
+ OCSP_request_sign() signs an OCSP request with an API similar
+ to PKCS7_sign(). OCSP_response_status() returns status of OCSP
+ response. OCSP_response_get1_basic() extracts basic response
+ from response. OCSP_resp_find_status(): finds and extracts status
+ information from an OCSP_CERTID structure (which will be created
+ when the request structure is built). These are built from lower
+ level functions which work on OCSP_SINGLERESP structures but
+ wont normally be used unless the application wishes to examine
+ extensions in the OCSP response for example.
+
+ Replace nonce routines with a pair of functions.
+ OCSP_request_add1_nonce() adds a nonce value and optionally
+ generates a random value. OCSP_check_nonce() checks the
+ validity of the nonce in an OCSP response.
+ [Steve Henson]
+
+ *) Change function OCSP_request_add() to OCSP_request_add0_id().
+ This doesn't copy the supplied OCSP_CERTID and avoids the
+ need to free up the newly created id. Change return type
+ to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
+ This can then be used to add extensions to the request.
+ Deleted OCSP_request_new(), since most of its functionality
+ is now in OCSP_REQUEST_new() (and the case insensitive name
+ clash) apart from the ability to set the request name which
+ will be added elsewhere.
+ [Steve Henson]
+
+ *) Update OCSP API. Remove obsolete extensions argument from
+ various functions. Extensions are now handled using the new
+ OCSP extension code. New simple OCSP HTTP function which
+ can be used to send requests and parse the response.
+ [Steve Henson]
+
+ *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
+ ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
+ uses the special reorder version of SET OF to sort the attributes
+ and reorder them to match the encoded order. This resolves a long
+ standing problem: a verify on a PKCS7 structure just after signing
+ it used to fail because the attribute order did not match the
+ encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
+ it uses the received order. This is necessary to tolerate some broken
+ software that does not order SET OF. This is handled by encoding
+ as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
+ to produce the required SET OF.
+ [Steve Henson]
+
+ *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
+ OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
+ files to get correct declarations of the ASN.1 item variables.
+ [Richard Levitte]
+
+ *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
+ PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
+ asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
+ NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
+ New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
+ ASN1_ITEM and no wrapper functions.
+ [Steve Henson]
+
+ *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
+ replace the old function pointer based I/O routines. Change most of
+ the *_d2i_bio() and *_d2i_fp() functions to use these.
+ [Steve Henson]
+
+ *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
+ lines, recognice more "algorithms" that can be deselected, and make
+ it complain about algorithm deselection that isn't recognised.
+ [Richard Levitte]
+
+ *) New ASN1 functions to handle dup, sign, verify, digest, pack and
+ unpack operations in terms of ASN1_ITEM. Modify existing wrappers
+ to use new functions. Add NO_ASN1_OLD which can be set to remove
+ some old style ASN1 functions: this can be used to determine if old
+ code will still work when these eventually go away.
+ [Steve Henson]
+
+ *) New extension functions for OCSP structures, these follow the
+ same conventions as certificates and CRLs.
+ [Steve Henson]
+
+ *) New function X509V3_add1_i2d(). This automatically encodes and
+ adds an extension. Its behaviour can be customised with various
+ flags to append, replace or delete. Various wrappers added for
+ certifcates and CRLs.
+ [Steve Henson]
+
+ *) Fix to avoid calling the underlying ASN1 print routine when
+ an extension cannot be parsed. Correct a typo in the
+ OCSP_SERVICELOC extension. Tidy up print OCSP format.
+ [Steve Henson]
+
+ *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
+ entries for variables.
+ [Steve Henson]
+
+ *) Add functionality to apps/openssl.c for detecting locking
+ problems: As the program is single-threaded, all we have
+ to do is register a locking callback using an array for
+ storing which locks are currently held by the program.
+ [Bodo Moeller]
+
+ *) Use a lock around the call to CRYPTO_get_ex_new_index() in
+ SSL_get_ex_data_X509_STORE_idx(), which is used in
+ ssl_verify_cert_chain() and thus can be called at any time
+ during TLS/SSL handshakes so that thread-safety is essential.
+ Unfortunately, the ex_data design is not at all suited
+ for multi-threaded use, so it probably should be abolished.
+ [Bodo Moeller]
+
+ *) Added Broadcom "ubsec" ENGINE to OpenSSL.
+ [Broadcom, tweaked and integrated by Geoff Thorpe]
+
+ *) Move common extension printing code to new function
+ X509V3_print_extensions(). Reorganise OCSP print routines and
+ implement some needed OCSP ASN1 functions. Add OCSP extensions.
+ [Steve Henson]
+
+ *) New function X509_signature_print() to remove duplication in some
+ print routines.
+ [Steve Henson]
+
+ *) Add a special meaning when SET OF and SEQUENCE OF flags are both
+ set (this was treated exactly the same as SET OF previously). This
+ is used to reorder the STACK representing the structure to match the
+ encoding. This will be used to get round a problem where a PKCS7
+ structure which was signed could not be verified because the STACK
+ order did not reflect the encoded order.
+ [Steve Henson]
+
+ *) Reimplement the OCSP ASN1 module using the new code.
+ [Steve Henson]
+
+ *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
+ for its ASN1 operations. The old style function pointers still exist
+ for now but they will eventually go away.
+ [Steve Henson]
+
+ *) Merge in replacement ASN1 code from the ASN1 branch. This almost
+ completely replaces the old ASN1 functionality with a table driven
+ encoder and decoder which interprets an ASN1_ITEM structure describing
+ the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+ largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+ has also been converted to the new form.
+ [Steve Henson]
+
+ *) Change BN_mod_exp_recp so that negative moduli are tolerated
+ (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set
+ so that BN_mod_exp_mont and BN_mod_exp_mont_word work
+ for negative moduli.
+ [Bodo Moeller]
+
+ *) Fix BN_uadd and BN_usub: Always return non-negative results instead
+ of not touching the result's sign bit.
+ [Bodo Moeller]
+
+ *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
+ set.
+ [Bodo Moeller]
+
+ *) Changed the LHASH code to use prototypes for callbacks, and created
+ macros to declare and implement thin (optionally static) functions
+ that provide type-safety and avoid function pointer casting for the
+ type-specific callbacks.
+ [Geoff Thorpe]
+
+ *) Added Kerberos Cipher Suites to be used with TLS, as written in
+ RFC 2712.
+ [Veers Staats <staatsvr at asc.hpc.mil>,
+ Jeffrey Altman <jaltman at columbia.edu>, via Richard Levitte]
+
+ *) Reformat the FAQ so the different questions and answers can be divided
+ in sections depending on the subject.
+ [Richard Levitte]
+
+ *) Have the zlib compression code load ZLIB.DLL dynamically under
+ Windows.
+ [Richard Levitte]
+
+ *) New function BN_mod_sqrt for computing square roots modulo a prime
+ (using the probabilistic Tonelli-Shanks algorithm unless
+ p == 3 (mod 4) or p == 5 (mod 8), which are cases that can
+ be handled deterministically).
+ [Lenka Fibikova <fibikova at exp-math.uni-essen.de>, Bodo Moeller]
+
+ *) Make BN_mod_inverse faster by explicitly handling small quotients
+ in the Euclid loop. (Speed gain about 20% for small moduli [256 or
+ 512 bits], about 30% for larger ones [1024 or 2048 bits].)
+ [Bodo Moeller]
+
+ *) New function BN_kronecker.
+ [Bodo Moeller]
+
+ *) Fix BN_gcd so that it works on negative inputs; the result is
+ positive unless both parameters are zero.
+ Previously something reasonably close to an infinite loop was
+ possible because numbers could be growing instead of shrinking
+ in the implementation of Euclid's algorithm.
+ [Bodo Moeller]
+
+ *) Fix BN_is_word() and BN_is_one() macros to take into account the
+ sign of the number in question.
+
+ Fix BN_is_word(a,w) to work correctly for w == 0.
+
+ The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
+ because its test if the absolute value of 'a' equals 'w'.
+ Note that BN_abs_is_word does *not* handle w == 0 reliably;
+ it exists mostly for use in the implementations of BN_is_zero(),
+ BN_is_one(), and BN_is_word().
+ [Bodo Moeller]
+
+ *) New function BN_swap.
+ [Bodo Moeller]
+
+ *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
+ the exponentiation functions are more likely to produce reasonable
+ results on negative inputs.
+ [Bodo Moeller]
+
+ *) Change BN_mod_mul so that the result is always non-negative.
+ Previously, it could be negative if one of the factors was negative;
+ I don't think anyone really wanted that behaviour.
+ [Bodo Moeller]
+
+ *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
+ (except for exponentiation, which stays in crypto/bn/bn_exp.c,
+ and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
+ and add new functions:
+
+ BN_nnmod
+ BN_mod_sqr
+ BN_mod_add
+ BN_mod_add_quick
+ BN_mod_sub
+ BN_mod_sub_quick
+ BN_mod_lshift1
+ BN_mod_lshift1_quick
+ BN_mod_lshift
+ BN_mod_lshift_quick
+
+ These functions always generate non-negative results.
+
+ BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r
+ such that |m| < r < 0, BN_nnmod will output rem + |m| instead).
+
+ BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
+ BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b]
+ be reduced modulo m.
+ [Lenka Fibikova <fibikova at exp-math.uni-essen.de>, Bodo Moeller]
+
+#if 0
+ The following entry accidentily appeared in the CHANGES file
+ distributed with OpenSSL 0.9.7. The modifications described in
+ it do *not* apply to OpenSSL 0.9.7.
+
+ *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+ was actually never needed) and in BN_mul(). The removal in BN_mul()
+ required a small change in bn_mul_part_recursive() and the addition
+ of the functions bn_cmp_part_words(), bn_sub_part_words() and
+ bn_add_part_words(), which do the same thing as bn_cmp_words(),
+ bn_sub_words() and bn_add_words() except they take arrays with
+ differing sizes.
+ [Richard Levitte]
+#endif
+
+ *) In 'openssl passwd', verify passwords read from the terminal
+ unless the '-salt' option is used (which usually means that
+ verification would just waste user's time since the resulting
+ hash is going to be compared with some given password hash)
+ or the new '-noverify' option is used.
+
+ This is an incompatible change, but it does not affect
+ non-interactive use of 'openssl passwd' (passwords on the command
+ line, '-stdin' option, '-in ...' option) and thus should not
+ cause any problems.
+ [Bodo Moeller]
+
+ *) Remove all references to RSAref, since there's no more need for it.
+ [Richard Levitte]
+
+ *) Make DSO load along a path given through an environment variable
+ (SHLIB_PATH) with shl_load().
+ [Richard Levitte]
+
+ *) Constify the ENGINE code as a result of BIGNUM constification.
+ Also constify the RSA code and most things related to it. In a
+ few places, most notable in the depth of the ASN.1 code, ugly
+ casts back to non-const were required (to be solved at a later
+ time)
+ [Richard Levitte]
+
+ *) Make it so the openssl application has all engines loaded by default.
+ [Richard Levitte]
+
+ *) Constify the BIGNUM routines a little more.
+ [Richard Levitte]
+
+ *) Add the following functions:
+
+ ENGINE_load_cswift()
+ ENGINE_load_chil()
+ ENGINE_load_atalla()
+ ENGINE_load_nuron()
+ ENGINE_load_builtin_engines()
+
+ That way, an application can itself choose if external engines that
+ are built-in in OpenSSL shall ever be used or not. The benefit is
+ that applications won't have to be linked with libdl or other dso
+ libraries unless it's really needed.
+
+ Changed 'openssl engine' to load all engines on demand.
+ Changed the engine header files to avoid the duplication of some
+ declarations (they differed!).
+ [Richard Levitte]
+
+ *) 'openssl engine' can now list capabilities.
+ [Richard Levitte]
+
+ *) Better error reporting in 'openssl engine'.
+ [Richard Levitte]
+
+ *) Never call load_dh_param(NULL) in s_server.
+ [Bodo Moeller]
+
+ *) Add engine application. It can currently list engines by name and
+ identity, and test if they are actually available.
+ [Richard Levitte]
+
+ *) Improve RPM specification file by forcing symbolic linking and making
+ sure the installed documentation is also owned by root.root.
+ [Damien Miller <djm at mindrot.org>]
+
+ *) Give the OpenSSL applications more possibilities to make use of
+ keys (public as well as private) handled by engines.
+ [Richard Levitte]
+
+ *) Add OCSP code that comes from CertCo.
+ [Richard Levitte]
+
+ *) Add VMS support for the Rijndael code.
+ [Richard Levitte]
+
+ *) Added untested support for Nuron crypto accelerator.
+ [Ben Laurie]
+
+ *) Add support for external cryptographic devices. This code was
+ previously distributed separately as the "engine" branch.
+ [Geoff Thorpe, Richard Levitte]
+
+ *) Rework the filename-translation in the DSO code. It is now possible to
+ have far greater control over how a "name" is turned into a filename
+ depending on the operating environment and any oddities about the
+ different shared library filenames on each system.
+ [Geoff Thorpe]
+
+ *) Support threads on FreeBSD-elf in Configure.
+ [Richard Levitte]
+
+ *) Fix for SHA1 assembly problem with MASM: it produces
+ warnings about corrupt line number information when assembling
+ with debugging information. This is caused by the overlapping
+ of two sections.
+ [Bernd Matthes <mainbug at celocom.de>, Steve Henson]
+
+ *) NCONF changes.
+ NCONF_get_number() has no error checking at all. As a replacement,
+ NCONF_get_number_e() is defined (_e for "error checking") and is
+ promoted strongly. The old NCONF_get_number is kept around for
+ binary backward compatibility.
+ Make it possible for methods to load from something other than a BIO,
+ by providing a function pointer that is given a name instead of a BIO.
+ For example, this could be used to load configuration data from an
+ LDAP server.
+ [Richard Levitte]
+
+ *) Fix for non blocking accept BIOs. Added new I/O special reason
+ BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
+ with non blocking I/O was not possible because no retry code was
+ implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
+ this case.
+ [Steve Henson]
+
+ *) Added the beginnings of Rijndael support.
+ [Ben Laurie]
+
+ *) Fix for bug in DirectoryString mask setting. Add support for
+ X509_NAME_print_ex() in 'req' and X509_print_ex() function
+ to allow certificate printing to more controllable, additional
+ 'certopt' option to 'x509' to allow new printing options to be
+ set.
+ [Steve Henson]
+
+ *) Clean old EAY MD5 hack from e_os.h.
+ [Richard Levitte]
+
+ Changes between 0.9.6l and 0.9.6m [17 Mar 2004]
+
+ *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+ by using the Codenomicon TLS Test Tool (CVE-2004-0079)
+ [Joe Orton, Steve Henson]
+
+ Changes between 0.9.6k and 0.9.6l [04 Nov 2003]
+
+ *) Fix additional bug revealed by the NISCC test suite:
+
+ Stop bug triggering large recursion when presented with
+ certain ASN.1 tags (CVE-2003-0851)
+ [Steve Henson]
+
+ Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
+
+ *) Fix various bugs revealed by running the NISCC test suite:
+
+ Stop out of bounds reads in the ASN1 code when presented with
+ invalid tags (CVE-2003-0543 and CVE-2003-0544).
+
+ If verify callback ignores invalid public key errors don't try to check
+ certificate signature with the NULL public key.
+
+ [Steve Henson]
+
+ *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+ if the server requested one: as stated in TLS 1.0 and SSL 3.0
+ specifications.
+ [Steve Henson]
+
+ *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+ extra data after the compression methods not only for TLS 1.0
+ but also for SSL 3.0 (as required by the specification).
+ [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+ *) Change X509_certificate_type() to mark the key as exported/exportable
+ when it's 512 *bits* long, not 512 bytes.
+ [Richard Levitte]
+
+ Changes between 0.9.6i and 0.9.6j [10 Apr 2003]
+
+ *) Countermeasure against the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+ a protocol version number mismatch like a decryption error
+ in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+ [Bodo Moeller]
+
+ *) Turn on RSA blinding by default in the default implementation
+ to avoid a timing attack. Applications that don't want it can call
+ RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+ They would be ill-advised to do so in most cases.
+ [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+ *) Change RSA blinding code so that it works when the PRNG is not
+ seeded (in this case, the secret RSA exponent is abused as
+ an unpredictable seed -- if it is not unpredictable, there
+ is no point in blinding anyway). Make RSA blinding thread-safe
+ by remembering the creator's thread ID in rsa->blinding and
+ having all other threads use local one-time blinding factors
+ (this requires more computation than sharing rsa->blinding, but
+ avoids excessive locking; and if an RSA object is not shared
+ between threads, blinding will still be very fast).
+ [Bodo Moeller]
+
+ Changes between 0.9.6h and 0.9.6i [19 Feb 2003]
+
+ *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+ via timing by performing a MAC computation even if incorrrect
+ block cipher padding has been found. This is a countermeasure
+ against active attacks where the attacker has to distinguish
+ between bad padding and a MAC verification error. (CVE-2003-0078)
+
+ [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+ Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+ Martin Vuagnoux (EPFL, Ilion)]
+
+ Changes between 0.9.6g and 0.9.6h [5 Dec 2002]
+
+ *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+ memory from it's contents. This is done with a counter that will
+ place alternating values in each byte. This can be used to solve
+ two issues: 1) the removal of calls to memset() by highly optimizing
+ compilers, and 2) cleansing with other values than 0, since those can
+ be read through on certain media, for example a swap space on disk.
+ [Geoff Thorpe]
+
+ *) Bugfix: client side session caching did not work with external caching,
+ because the session->cipher setting was not restored when reloading
+ from the external cache. This problem was masked, when
+ SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+ (Found by Steve Haslam <steve at araqnid.ddts.net>.)
+ [Lutz Jaenicke]
+
+ *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+ length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+ [Zeev Lieber <zeev-l at yahoo.com>]
+
+ *) Undo an undocumented change introduced in 0.9.6e which caused
+ repeated calls to OpenSSL_add_all_ciphers() and
+ OpenSSL_add_all_digests() to be ignored, even after calling
+ EVP_cleanup().
+ [Richard Levitte]
+
+ *) Change the default configuration reader to deal with last line not
+ being properly terminated.
+ [Richard Levitte]
+
+ *) Change X509_NAME_cmp() so it applies the special rules on handling
+ DN values that are of type PrintableString, as well as RDNs of type
+ emailAddress where the value has the type ia5String.
+ [stefank at valicert.com via Richard Levitte]
+
+ *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
+ the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
+ doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
+ the bitwise-OR of the two for use by the majority of applications
+ wanting this behaviour, and update the docs. The documented
+ behaviour and actual behaviour were inconsistent and had been
+ changing anyway, so this is more a bug-fix than a behavioural
+ change.
+ [Geoff Thorpe, diagnosed by Nadav Har'El]
+
+ *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+ (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+ [Bodo Moeller]
+
+ *) Fix initialization code race conditions in
+ SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(),
+ SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(),
+ SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(),
+ TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(),
+ ssl2_get_cipher_by_char(),
+ ssl3_get_cipher_by_char().
+ [Patrick McCormick <patrick at tellme.com>, Bodo Moeller]
+
+ *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+ the cached sessions are flushed, as the remove_cb() might use ex_data
+ contents. Bug found by Sam Varshavchik <mrsam at courier-mta.com>
+ (see [openssl.org #212]).
+ [Geoff Thorpe, Lutz Jaenicke]
+
+ *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+ length, instead of the encoding length to d2i_ASN1_OBJECT.
+ [Steve Henson]
+
+ Changes between 0.9.6f and 0.9.6g [9 Aug 2002]
+
+ *) [In 0.9.6g-engine release:]
+ Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
+ [Lynn Gazis <lgazis at rainbow.com>]
+
+ Changes between 0.9.6e and 0.9.6f [8 Aug 2002]
+
+ *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+ and get fix the header length calculation.
+ [Florian Weimer <Weimer at CERT.Uni-Stuttgart.DE>,
+ Alon Kantor <alonk at checkpoint.com> (and others),
+ Steve Henson]
+
+ *) Use proper error handling instead of 'assertions' in buffer
+ overflow checks added in 0.9.6e. This prevents DoS (the
+ assertions could call abort()).
+ [Arne Ansper <arne at ats.cyber.ee>, Bodo Moeller]
+
+ Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
+
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer.
+ [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
+
+ *) Fix cipher selection routines: ciphers without encryption had no flags
+ for the cipher strength set and where therefore not handled correctly
+ by the selection routines (PR #130).
+ [Lutz Jaenicke]
+
+ *) Fix EVP_dsa_sha macro.
+ [Nils Larsch]
+
+ *) New option
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+ for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
+ that was added in OpenSSL 0.9.6d.
+
+ As the countermeasure turned out to be incompatible with some
+ broken SSL implementations, the new option is part of SSL_OP_ALL.
+ SSL_OP_ALL is usually employed when compatibility with weird SSL
+ implementations is desired (e.g. '-bugs' option to 's_client' and
+ 's_server'), so the new option is automatically set in many
+ applications.
+ [Bodo Moeller]
+
+ *) Changes in security patch:
+
+ Changes marked "(CHATS)" were sponsored by the Defense Advanced
+ Research Projects Agency (DARPA) and Air Force Research Laboratory,
+ Air Force Materiel Command, USAF, under agreement number
+ F30602-01-2-0537.
+
+ *) Add various sanity checks to asn1_get_length() to reject
+ the ASN1 length bytes if they exceed sizeof(long), will appear
+ negative or the content length exceeds the length of the
+ supplied buffer. (CVE-2002-0659)
+ [Steve Henson, Adi Stav <stav at mercury.co.il>, James Yonan <jim at ntlp.com>]
+
+ *) Assertions for various potential buffer overflows, not known to
+ happen in practice.
+ [Ben Laurie (CHATS)]
+
+ *) Various temporary buffers to hold ASCII versions of integers were
+ too small for 64 bit platforms. (CVE-2002-0655)
+ [Matthew Byng-Maddick <mbm at aldigital.co.uk> and Ben Laurie (CHATS)>
+
+ *) Remote buffer overflow in SSL3 protocol - an attacker could
+ supply an oversized session ID to a client. (CVE-2002-0656)
+ [Ben Laurie (CHATS)]
+
+ *) Remote buffer overflow in SSL2 protocol - an attacker could
+ supply an oversized client master key. (CVE-2002-0656)
+ [Ben Laurie (CHATS)]
+
+ Changes between 0.9.6c and 0.9.6d [9 May 2002]
+
+ *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
+ encoded as NULL) with id-dsa-with-sha1.
+ [Nils Larsch <nla at trustcenter.de>; problem pointed out by Bodo Moeller]
+
+ *) Check various X509_...() return values in apps/req.c.
+ [Nils Larsch <nla at trustcenter.de>]
+
+ *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
+ an end-of-file condition would erronously be flagged, when the CRLF
+ was just at the end of a processed block. The bug was discovered when
+ processing data through a buffering memory BIO handing the data to a
+ BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
+ <ptsekov at syntrex.com> and Nedelcho Stanev.
+ [Lutz Jaenicke]
+
+ *) Implement a countermeasure against a vulnerability recently found
+ in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
+ before application data chunks to avoid the use of known IVs
+ with data potentially chosen by the attacker.
+ [Bodo Moeller]
+
+ *) Fix length checks in ssl3_get_client_hello().
+ [Bodo Moeller]
+
+ *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
+ to prevent ssl3_read_internal() from incorrectly assuming that
+ ssl3_read_bytes() found application data while handshake
+ processing was enabled when in fact s->s3->in_read_app_data was
+ merely automatically cleared during the initial handshake.
+ [Bodo Moeller; problem pointed out by Arne Ansper <arne at ats.cyber.ee>]
+
+ *) Fix object definitions for Private and Enterprise: they were not
+ recognized in their shortname (=lowercase) representation. Extend
+ obj_dat.pl to issue an error when using undefined keywords instead
+ of silently ignoring the problem (Svenning Sorensen
+ <sss at sss.dnsalias.net>).
+ [Lutz Jaenicke]
+
+ *) Fix DH_generate_parameters() so that it works for 'non-standard'
+ generators, i.e. generators other than 2 and 5. (Previously, the
+ code did not properly initialise the 'add' and 'rem' values to
+ BN_generate_prime().)
+
+ In the new general case, we do not insist that 'generator' is
+ actually a primitive root: This requirement is rather pointless;
+ a generator of the order-q subgroup is just as good, if not
+ better.
+ [Bodo Moeller]
+
+ *) Map new X509 verification errors to alerts. Discovered and submitted by
+ Tom Wu <tom at arcot.com>.
+ [Lutz Jaenicke]
+
+ *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
+ returning non-zero before the data has been completely received
+ when using non-blocking I/O.
+ [Bodo Moeller; problem pointed out by John Hughes]
+
+ *) Some of the ciphers missed the strength entry (SSL_LOW etc).
+ [Ben Laurie, Lutz Jaenicke]
+
+ *) Fix bug in SSL_clear(): bad sessions were not removed (found by
+ Yoram Zahavi <YoramZ at gilian.com>).
+ [Lutz Jaenicke]
+
+ *) Add information about CygWin 1.3 and on, and preserve proper
+ configuration for the versions before that.
+ [Corinna Vinschen <vinschen at redhat.com> and Richard Levitte]
+
+ *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
+ check whether we deal with a copy of a session and do not delete from
+ the cache in this case. Problem reported by "Izhar Shoshani Levi"
+ <izhar at checkpoint.com>.
+ [Lutz Jaenicke]
+
+ *) Do not store session data into the internal session cache, if it
+ is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+ flag is set). Proposed by Aslam <aslam at funk.com>.
+ [Lutz Jaenicke]
+
+ *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
+ value is 0.
+ [Richard Levitte]
+
+ *) [In 0.9.6d-engine release:]
+ Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+ [Toomas Kiisk <vix at cyber.ee> via Richard Levitte]
+
+ *) Add the configuration target linux-s390x.
+ [Neale Ferguson <Neale.Ferguson at SoftwareAG-USA.com> via Richard Levitte]
+
+ *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
+ ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
+ variable as an indication that a ClientHello message has been
+ received. As the flag value will be lost between multiple
+ invocations of ssl3_accept when using non-blocking I/O, the
+ function may not be aware that a handshake has actually taken
+ place, thus preventing a new session from being added to the
+ session cache.
+
+ To avoid this problem, we now set s->new_session to 2 instead of
+ using a local variable.
+ [Lutz Jaenicke, Bodo Moeller]
+
+ *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
+ if the SSL_R_LENGTH_MISMATCH error is detected.
+ [Geoff Thorpe, Bodo Moeller]
+
+ *) New 'shared_ldflag' column in Configure platform table.
+ [Richard Levitte]
+
+ *) Fix EVP_CIPHER_mode macro.
+ ["Dan S. Camper" <dan at bti.net>]
+
+ *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
+ type, we must throw them away by setting rr->length to 0.
+ [D P Chang <dpc at qualys.com>]
+
+ Changes between 0.9.6b and 0.9.6c [21 dec 2001]
+
+ *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
+ <Dominikus.Scherkl at biodata.com>. (The previous implementation
+ worked incorrectly for those cases where range = 10..._2 and
+ 3*range is two bits longer than range.)
+ [Bodo Moeller]
+
+ *) Only add signing time to PKCS7 structures if it is not already
+ present.
+ [Steve Henson]
+
+ *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
+ OBJ_ld_ce should be OBJ_id_ce.
+ Also some ip-pda OIDs in crypto/objects/objects.txt were
+ incorrect (cf. RFC 3039).
+ [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
+
+ *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
+ returns early because it has nothing to do.
+ [Andy Schneider <andy.schneider at bjss.co.uk>]
+
+ *) [In 0.9.6c-engine release:]
+ Fix mutex callback return values in crypto/engine/hw_ncipher.c.
+ [Andy Schneider <andy.schneider at bjss.co.uk>]
+
+ *) [In 0.9.6c-engine release:]
+ Add support for Cryptographic Appliance's keyserver technology.
+ (Use engine 'keyclient')
+ [Cryptographic Appliances and Geoff Thorpe]
+
+ *) Add a configuration entry for OS/390 Unix. The C compiler 'c89'
+ is called via tools/c89.sh because arguments have to be
+ rearranged (all '-L' options must appear before the first object
+ modules).
+ [Richard Shapiro <rshapiro at abinitio.com>]
+
+ *) [In 0.9.6c-engine release:]
+ Add support for Broadcom crypto accelerator cards, backported
+ from 0.9.7.
+ [Broadcom, Nalin Dahyabhai <nalin at redhat.com>, Mark Cox]
+
+ *) [In 0.9.6c-engine release:]
+ Add support for SureWare crypto accelerator cards from
+ Baltimore Technologies. (Use engine 'sureware')
+ [Baltimore Technologies and Mark Cox]
+
+ *) [In 0.9.6c-engine release:]
+ Add support for crypto accelerator cards from Accelerated
+ Encryption Processing, www.aep.ie. (Use engine 'aep')
+ [AEP Inc. and Mark Cox]
+
+ *) Add a configuration entry for gcc on UnixWare.
+ [Gary Benson <gbenson at redhat.com>]
+
+ *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
+ messages are stored in a single piece (fixed-length part and
+ variable-length part combined) and fix various bugs found on the way.
+ [Bodo Moeller]
+
+ *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
+ instead. BIO_gethostbyname() does not know what timeouts are
+ appropriate, so entries would stay in cache even when they have
+ become invalid.
+ [Bodo Moeller; problem pointed out by Rich Salz <rsalz at zolera.com>
+
+ *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
+ faced with a pathologically small ClientHello fragment that does
+ not contain client_version: Instead of aborting with an error,
+ simply choose the highest available protocol version (i.e.,
+ TLS 1.0 unless it is disabled). In practice, ClientHello
+ messages are never sent like this, but this change gives us
+ strictly correct behaviour at least for TLS.
+ [Bodo Moeller]
+
+ *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
+ never resets s->method to s->ctx->method when called from within
+ one of the SSL handshake functions.
+ [Bodo Moeller; problem pointed out by Niko Baric]
+
+ *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
+ (sent using the client's version number) if client_version is
+ smaller than the protocol version in use. Also change
+ ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
+ the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
+ the client will at least see that alert.
+ [Bodo Moeller]
+
+ *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
+ correctly.
+ [Bodo Moeller]
+
+ *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
+ client receives HelloRequest while in a handshake.
+ [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider at bjss.co.uk>]
+
+ *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
+ should end in 'break', not 'goto end' which circuments various
+ cleanups done in state SSL_ST_OK. But session related stuff
+ must be disabled for SSL_ST_OK in the case that we just sent a
+ HelloRequest.
+
+ Also avoid some overhead by not calling ssl_init_wbio_buffer()
+ before just sending a HelloRequest.
+ [Bodo Moeller, Eric Rescorla <ekr at rtfm.com>]
+
+ *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
+ reveal whether illegal block cipher padding was found or a MAC
+ verification error occured. (Neither SSLerr() codes nor alerts
+ are directly visible to potential attackers, but the information
+ may leak via logfiles.)
+
+ Similar changes are not required for the SSL 2.0 implementation
+ because the number of padding bytes is sent in clear for SSL 2.0,
+ and the extra bytes are just ignored. However ssl/s2_pkt.c
+ failed to verify that the purported number of padding bytes is in
+ the legal range.
+ [Bodo Moeller]
+
+ *) Add OpenUNIX-8 support including shared libraries
+ (Boyd Lynn Gerber <gerberb at zenez.com>).
+ [Lutz Jaenicke]
+
+ *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
+ 'wristwatch attack' using huge encoding parameters (cf.
+ James H. Manger's CRYPTO 2001 paper). Note that the
+ RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
+ encoding parameters and hence was not vulnerable.
+ [Bodo Moeller]
+
+ *) BN_sqr() bug fix.
+ [Ulf M\xF6ller, reported by Jim Ellis <jim.ellis at cavium.com>]
+
+ *) Rabin-Miller test analyses assume uniformly distributed witnesses,
+ so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
+ followed by modular reduction.
+ [Bodo Moeller; pointed out by Adam Young <AYoung1 at NCSUS.JNJ.COM>]
+
+ *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
+ equivalent based on BN_pseudo_rand() instead of BN_rand().
+ [Bodo Moeller]
+
+ *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
+ This function was broken, as the check for a new client hello message
+ to handle SGC did not allow these large messages.
+ (Tracked down by "Douglas E. Engert" <deengert at anl.gov>.)
+ [Lutz Jaenicke]
+
+ *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
+ [Lutz Jaenicke]
+
+ *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
+ for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton at netopia.com>).
+ [Lutz Jaenicke]
+
+ *) Rework the configuration and shared library support for Tru64 Unix.
+ The configuration part makes use of modern compiler features and
+ still retains old compiler behavior for those that run older versions
+ of the OS. The shared library support part includes a variant that
+ uses the RPATH feature, and is available through the special
+ configuration target "alpha-cc-rpath", which will never be selected
+ automatically.
+ [Tim Mooney <mooney at dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
+
+ *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
+ with the same message size as in ssl3_get_certificate_request().
+ Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
+ messages might inadvertently be reject as too long.
+ [Petr Lampa <lampa at fee.vutbr.cz>]
+
+ *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
+ [Andy Polyakov]
+
+ *) Modified SSL library such that the verify_callback that has been set
+ specificly for an SSL object with SSL_set_verify() is actually being
+ used. Before the change, a verify_callback set with this function was
+ ignored and the verify_callback() set in the SSL_CTX at the time of
+ the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
+ to allow the necessary settings.
+ [Lutz Jaenicke]
+
+ *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
+ explicitly to NULL, as at least on Solaris 8 this seems not always to be
+ done automatically (in contradiction to the requirements of the C
+ standard). This made problems when used from OpenSSH.
+ [Lutz Jaenicke]
+
+ *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
+ dh->length and always used
+
+ BN_rand_range(priv_key, dh->p).
+
+ BN_rand_range() is not necessary for Diffie-Hellman, and this
+ specific range makes Diffie-Hellman unnecessarily inefficient if
+ dh->length (recommended exponent length) is much smaller than the
+ length of dh->p. We could use BN_rand_range() if the order of
+ the subgroup was stored in the DH structure, but we only have
+ dh->length.
+
+ So switch back to
+
+ BN_rand(priv_key, l, ...)
+
+ where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
+ otherwise.
+ [Bodo Moeller]
+
+ *) In
+
+ RSA_eay_public_encrypt
+ RSA_eay_private_decrypt
+ RSA_eay_private_encrypt (signing)
+ RSA_eay_public_decrypt (signature verification)
+
+ (default implementations for RSA_public_encrypt,
+ RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
+ always reject numbers >= n.
+ [Bodo Moeller]
+
+ *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
+ to synchronize access to 'locking_thread'. This is necessary on
+ systems where access to 'locking_thread' (an 'unsigned long'
+ variable) is not atomic.
+ [Bodo Moeller]
+
+ *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
+ *before* setting the 'crypto_lock_rand' flag. The previous code had
+ a race condition if 0 is a valid thread ID.
+ [Travis Vitek <vitek at roguewave.com>]
+
+ *) Add support for shared libraries under Irix.
+ [Albert Chin-A-Young <china at thewrittenword.com>]
+
+ *) Add configuration option to build on Linux on both big-endian and
+ little-endian MIPS.
+ [Ralf Baechle <ralf at uni-koblenz.de>]
+
+ *) Add the possibility to create shared libraries on HP-UX.
+ [Richard Levitte]
+
+ Changes between 0.9.6a and 0.9.6b [9 Jul 2001]
+
+ *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
+ to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
+ Markku-Juhani O. Saarinen <markku-juhani.saarinen at nokia.com>:
+ PRNG state recovery was possible based on the output of
+ one PRNG request appropriately sized to gain knowledge on
+ 'md' followed by enough consecutive 1-byte PRNG requests
+ to traverse all of 'state'.
+
+ 1. When updating 'md_local' (the current thread's copy of 'md')
+ during PRNG output generation, hash all of the previous
+ 'md_local' value, not just the half used for PRNG output.
+
+ 2. Make the number of bytes from 'state' included into the hash
+ independent from the number of PRNG bytes requested.
+
+ The first measure alone would be sufficient to avoid
+ Markku-Juhani's attack. (Actually it had never occurred
+ to me that the half of 'md_local' used for chaining was the
+ half from which PRNG output bytes were taken -- I had always
+ assumed that the secret half would be used.) The second
+ measure makes sure that additional data from 'state' is never
+ mixed into 'md_local' in small portions; this heuristically
+ further strengthens the PRNG.
+ [Bodo Moeller]
+
+ *) Fix crypto/bn/asm/mips3.s.
+ [Andy Polyakov]
+
+ *) When only the key is given to "enc", the IV is undefined. Print out
+ an error message in this case.
+ [Lutz Jaenicke]
+
+ *) Handle special case when X509_NAME is empty in X509 printing routines.
+ [Steve Henson]
+
+ *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
+ positive and less than q.
+ [Bodo Moeller]
+
+ *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
+ used: it isn't thread safe and the add_lock_callback should handle
+ that itself.
+ [Paul Rose <Paul.Rose at bridge.com>]
+
+ *) Verify that incoming data obeys the block size in
+ ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
+ [Bodo Moeller]
+
+ *) Fix OAEP check.
+ [Ulf M\xF6ller, Bodo M\xF6ller]
+
+ *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
+ RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
+ when fixing the server behaviour for backwards-compatible 'client
+ hello' messages. (Note that the attack is impractical against
+ SSL 3.0 and TLS 1.0 anyway because length and version checking
+ means that the probability of guessing a valid ciphertext is
+ around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
+ paper.)
+
+ Before 0.9.5, the countermeasure (hide the error by generating a
+ random 'decryption result') did not work properly because
+ ERR_clear_error() was missing, meaning that SSL_get_error() would
+ detect the supposedly ignored error.
+
+ Both problems are now fixed.
+ [Bodo Moeller]
+
+ *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
+ (previously it was 1024).
+ [Bodo Moeller]
+
+ *) Fix for compatibility mode trust settings: ignore trust settings
+ unless some valid trust or reject settings are present.
+ [Steve Henson]
+
+ *) Fix for blowfish EVP: its a variable length cipher.
+ [Steve Henson]
+
+ *) Fix various bugs related to DSA S/MIME verification. Handle missing
+ parameters in DSA public key structures and return an error in the
+ DSA routines if parameters are absent.
+ [Steve Henson]
+
+ *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
+ in the current directory if neither $RANDFILE nor $HOME was set.
+ RAND_file_name() in 0.9.6a returned NULL in this case. This has
+ caused some confusion to Windows users who haven't defined $HOME.
+ Thus RAND_file_name() is changed again: e_os.h can define a
+ DEFAULT_HOME, which will be used if $HOME is not set.
+ For Windows, we use "C:"; on other platforms, we still require
+ environment variables.
+
+ *) Move 'if (!initialized) RAND_poll()' into regions protected by
+ CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids
+ having multiple threads call RAND_poll() concurrently.
+ [Bodo Moeller]
+
+ *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
+ combination of a flag and a thread ID variable.
+ Otherwise while one thread is in ssleay_rand_bytes (which sets the
+ flag), *other* threads can enter ssleay_add_bytes without obeying
+ the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
+ that they do not hold after the first thread unsets add_do_not_lock).
+ [Bodo Moeller]
+
+ *) Change bctest again: '-x' expressions are not available in all
+ versions of 'test'.
+ [Bodo Moeller]
+
+ Changes between 0.9.6 and 0.9.6a [5 Apr 2001]
+
+ *) Fix a couple of memory leaks in PKCS7_dataDecode()
+ [Steve Henson, reported by Heyun Zheng <hzheng at atdsprint.com>]
+
+ *) Change Configure and Makefiles to provide EXE_EXT, which will contain
+ the default extension for executables, if any. Also, make the perl
+ scripts that use symlink() to test if it really exists and use "cp"
+ if it doesn't. All this made OpenSSL compilable and installable in
+ CygWin.
+ [Richard Levitte]
+
+ *) Fix for asn1_GetSequence() for indefinite length constructed data.
+ If SEQUENCE is length is indefinite just set c->slen to the total
+ amount of data available.
+ [Steve Henson, reported by shige at FreeBSD.org]
+ [This change does not apply to 0.9.7.]
+
+ *) Change bctest to avoid here-documents inside command substitution
+ (workaround for FreeBSD /bin/sh bug).
+ For compatibility with Ultrix, avoid shell functions (introduced
+ in the bctest version that searches along $PATH).
+ [Bodo Moeller]
+
+ *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
+ with des_encrypt() defined on some operating systems, like Solaris
+ and UnixWare.
+ [Richard Levitte]
+
+ *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
+ On the Importance of Eliminating Errors in Cryptographic
+ Computations, J. Cryptology 14 (2001) 2, 101-119,
+ http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
+ [Ulf Moeller]
+
+ *) MIPS assembler BIGNUM division bug fix.
+ [Andy Polyakov]
+
+ *) Disabled incorrect Alpha assembler code.
+ [Richard Levitte]
+
+ *) Fix PKCS#7 decode routines so they correctly update the length
+ after reading an EOC for the EXPLICIT tag.
+ [Steve Henson]
+ [This change does not apply to 0.9.7.]
+
+ *) Fix bug in PKCS#12 key generation routines. This was triggered
+ if a 3DES key was generated with a 0 initial byte. Include
+ PKCS12_BROKEN_KEYGEN compilation option to retain the old
+ (but broken) behaviour.
+ [Steve Henson]
+
+ *) Enhance bctest to search for a working bc along $PATH and print
+ it when found.
+ [Tim Rice <tim at multitalents.net> via Richard Levitte]
+
+ *) Fix memory leaks in err.c: free err_data string if necessary;
+ don't write to the wrong index in ERR_set_error_data.
+ [Bodo Moeller]
+
+ *) Implement ssl23_peek (analogous to ssl23_read), which previously
+ did not exist.
+ [Bodo Moeller]
+
+ *) Replace rdtsc with _emit statements for VC++ version 5.
+ [Jeremy Cooper <jeremy at baymoo.org>]
+
+ *) Make it possible to reuse SSLv2 sessions.
+ [Richard Levitte]
+
+ *) In copy_email() check for >= 0 as a return value for
+ X509_NAME_get_index_by_NID() since 0 is a valid index.
+ [Steve Henson reported by Massimiliano Pala <madwolf at opensca.org>]
+
+ *) Avoid coredump with unsupported or invalid public keys by checking if
+ X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+ PKCS7_verify() fails with non detached data.
+ [Steve Henson]
+
+ *) Don't use getenv in library functions when run as setuid/setgid.
+ New function OPENSSL_issetugid().
+ [Ulf Moeller]
+
+ *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+ due to incorrect handling of multi-threading:
+
+ 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+ 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+ 3. Count how many times MemCheck_off() has been called so that
+ nested use can be treated correctly. This also avoids
+ inband-signalling in the previous code (which relied on the
+ assumption that thread ID 0 is impossible).
+ [Bodo Moeller]
+
+ *) Add "-rand" option also to s_client and s_server.
+ [Lutz Jaenicke]
+
+ *) Fix CPU detection on Irix 6.x.
+ [Kurt Hockenbury <khockenb at stevens-tech.edu> and
+ "Bruce W. Forsberg" <bruce.forsberg at baesystems.com>]
+
+ *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+ was empty.
+ [Steve Henson]
+ [This change does not apply to 0.9.7.]
+
+ *) Use the cached encoding of an X509_NAME structure rather than
+ copying it. This is apparently the reason for the libsafe "errors"
+ but the code is actually correct.
+ [Steve Henson]
+
+ *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+ Bleichenbacher's DSA attack.
+ Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+ to be set and top=0 forces the highest bit to be set; top=-1 is new
+ and leaves the highest bit random.
+ [Ulf Moeller, Bodo Moeller]
+
+ *) In the NCONF_...-based implementations for CONF_... queries
+ (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+ a temporary CONF structure with the data component set to NULL
+ (which gives segmentation faults in lh_retrieve).
+ Instead, use NULL for the CONF pointer in CONF_get_string and
+ CONF_get_number (which may use environment variables) and directly
+ return NULL from CONF_get_section.
+ [Bodo Moeller]
+
+ *) Fix potential buffer overrun for EBCDIC.
+ [Ulf Moeller]
+
+ *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+ keyUsage if basicConstraints absent for a CA.
+ [Steve Henson]
+
+ *) Make SMIME_write_PKCS7() write mail header values with a format that
+ is more generally accepted (no spaces before the semicolon), since
+ some programs can't parse those values properly otherwise. Also make
+ sure BIO's that break lines after each write do not create invalid
+ headers.
+ [Richard Levitte]
+
+ *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+ macros previously used would not encode an empty SEQUENCE OF
+ and break the signature.
+ [Steve Henson]
+ [This change does not apply to 0.9.7.]
+
+ *) Zero the premaster secret after deriving the master secret in
+ DH ciphersuites.
+ [Steve Henson]
+
+ *) Add some EVP_add_digest_alias registrations (as found in
+ OpenSSL_add_all_digests()) to SSL_library_init()
+ aka OpenSSL_add_ssl_algorithms(). This provides improved
+ compatibility with peers using X.509 certificates
+ with unconventional AlgorithmIdentifier OIDs.
+ [Bodo Moeller]
+
+ *) Fix for Irix with NO_ASM.
+ ["Bruce W. Forsberg" <bruce.forsberg at baesystems.com>]
+
+ *) ./config script fixes.
+ [Ulf Moeller, Richard Levitte]
+
+ *) Fix 'openssl passwd -1'.
+ [Bodo Moeller]
+
+ *) Change PKCS12_key_gen_asc() so it can cope with non null
+ terminated strings whose length is passed in the passlen
+ parameter, for example from PEM callbacks. This was done
+ by adding an extra length parameter to asc2uni().
+ [Steve Henson, reported by <oddissey at samsung.co.kr>]
+
+ *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+ call failed, free the DSA structure.
+ [Bodo Moeller]
+
+ *) Fix to uni2asc() to cope with zero length Unicode strings.
+ These are present in some PKCS#12 files.
+ [Steve Henson]
+
+ *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
+ Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
+ when writing a 32767 byte record.
+ [Bodo Moeller; problem reported by Eric Day <eday at concentric.net>]
+
+ *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+ obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
+
+ (RSA objects have a reference count access to which is protected
+ by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+ so they are meant to be shared between threads.)
+ [Bodo Moeller, Geoff Thorpe; original patch submitted by
+ "Reddie, Steven" <Steven.Reddie at ca.com>]
+
+ *) Fix a deadlock in CRYPTO_mem_leaks().
+ [Bodo Moeller]
+
+ *) Use better test patterns in bntest.
+ [Ulf M\xF6ller]
+
+ *) rand_win.c fix for Borland C.
+ [Ulf M\xF6ller]
+
+ *) BN_rshift bugfix for n == 0.
+ [Bodo Moeller]
+
+ *) Add a 'bctest' script that checks for some known 'bc' bugs
+ so that 'make test' does not abort just because 'bc' is broken.
+ [Bodo Moeller]
+
+ *) Store verify_result within SSL_SESSION also for client side to
+ avoid potential security hole. (Re-used sessions on the client side
+ always resulted in verify_result==X509_V_OK, not using the original
+ result of the server certificate verification.)
+ [Lutz Jaenicke]
+
+ *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
+ SSL3_RT_APPLICATION_DATA, return 0.
+ Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
+ [Bodo Moeller]
+
+ *) Fix SSL_peek:
+ Both ssl2_peek and ssl3_peek, which were totally broken in earlier
+ releases, have been re-implemented by renaming the previous
+ implementations of ssl2_read and ssl3_read to ssl2_read_internal
+ and ssl3_read_internal, respectively, and adding 'peek' parameters
+ to them. The new ssl[23]_{read,peek} functions are calls to
+ ssl[23]_read_internal with the 'peek' flag set appropriately.
+ A 'peek' parameter has also been added to ssl3_read_bytes, which
+ does the actual work for ssl3_read_internal.
+ [Bodo Moeller]
+
+ *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+ the method-specific "init()" handler. Also clean up ex_data after
+ calling the method-specific "finish()" handler. Previously, this was
+ happening the other way round.
+ [Geoff Thorpe]
+
+ *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
+ The previous value, 12, was not always sufficient for BN_mod_exp().
+ [Bodo Moeller]
+
+ *) Make sure that shared libraries get the internal name engine with
+ the full version number and not just 0. This should mark the
+ shared libraries as not backward compatible. Of course, this should
+ be changed again when we can guarantee backward binary compatibility.
+ [Richard Levitte]
+
+ *) Fix typo in get_cert_by_subject() in by_dir.c
+ [Jean-Marc Desperrier <jean-marc.desperrier at certplus.com>]
+
+ *) Rework the system to generate shared libraries:
+
+ - Make note of the expected extension for the shared libraries and
+ if there is a need for symbolic links from for example libcrypto.so.0
+ to libcrypto.so.0.9.7. There is extended info in Configure for
+ that.
+
+ - Make as few rebuilds of the shared libraries as possible.
+
+ - Still avoid linking the OpenSSL programs with the shared libraries.
+
+ - When installing, install the shared libraries separately from the
+ static ones.
+ [Richard Levitte]
+
+ *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
+
+ Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
+ and not in SSL_clear because the latter is also used by the
+ accept/connect functions; previously, the settings made by
+ SSL_set_read_ahead would be lost during the handshake.
+ [Bodo Moeller; problems reported by Anders Gertz <gertz at epact.se>]
+
+ *) Correct util/mkdef.pl to be selective about disabled algorithms.
+ Previously, it would create entries for disableed algorithms no
+ matter what.
+ [Richard Levitte]
+
+ *) Added several new manual pages for SSL_* function.
+ [Lutz Jaenicke]
+
+ Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
+
+ *) In ssl23_get_client_hello, generate an error message when faced
+ with an initial SSL 3.0/TLS record that is too small to contain the
+ first two bytes of the ClientHello message, i.e. client_version.
+ (Note that this is a pathologic case that probably has never happened
+ in real life.) The previous approach was to use the version number
+ from the record header as a substitute; but our protocol choice
+ should not depend on that one because it is not authenticated
+ by the Finished messages.
+ [Bodo Moeller]
+
+ *) More robust randomness gathering functions for Windows.
+ [Jeffrey Altman <jaltman at columbia.edu>]
+
+ *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
+ not set then we don't setup the error code for issuer check errors
+ to avoid possibly overwriting other errors which the callback does
+ handle. If an application does set the flag then we assume it knows
+ what it is doing and can handle the new informational codes
+ appropriately.
+ [Steve Henson]
+
+ *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
+ a general "ANY" type, as such it should be able to decode anything
+ including tagged types. However it didn't check the class so it would
+ wrongly interpret tagged types in the same way as their universal
+ counterpart and unknown types were just rejected. Changed so that the
+ tagged and unknown types are handled in the same way as a SEQUENCE:
+ that is the encoding is stored intact. There is also a new type
+ "V_ASN1_OTHER" which is used when the class is not universal, in this
+ case we have no idea what the actual type is so we just lump them all
+ together.
+ [Steve Henson]
+
+ *) On VMS, stdout may very well lead to a file that is written to
+ in a record-oriented fashion. That means that every write() will
+ write a separate record, which will be read separately by the
+ programs trying to read from it. This can be very confusing.
+
+ The solution is to put a BIO filter in the way that will buffer
+ text until a linefeed is reached, and then write everything a
+ line at a time, so every record written will be an actual line,
+ not chunks of lines and not (usually doesn't happen, but I've
+ seen it once) several lines in one record. BIO_f_linebuffer() is
+ the answer.
+
+ Currently, it's a VMS-only method, because that's where it has
+ been tested well enough.
+ [Richard Levitte]
+
+ *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
+ it can return incorrect results.
+ (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
+ but it was in 0.9.6-beta[12].)
+ [Bodo Moeller]
+
+ *) Disable the check for content being present when verifying detached
+ signatures in pk7_smime.c. Some versions of Netscape (wrongly)
+ include zero length content when signing messages.
+ [Steve Henson]
+
+ *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
+ BIO_ctrl (for BIO pairs).
+ [Bodo M\xF6ller]
+
+ *) Add DSO method for VMS.
+ [Richard Levitte]
+
+ *) Bug fix: Montgomery multiplication could produce results with the
+ wrong sign.
+ [Ulf M\xF6ller]
+
+ *) Add RPM specification openssl.spec and modify it to build three
+ packages. The default package contains applications, application
+ documentation and run-time libraries. The devel package contains
+ include files, static libraries and function documentation. The
+ doc package contains the contents of the doc directory. The original
+ openssl.spec was provided by Damien Miller <djm at mindrot.org>.
+ [Richard Levitte]
+
+ *) Add a large number of documentation files for many SSL routines.
+ [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>]
+
+ *) Add a configuration entry for Sony News 4.
+ [NAKAJI Hiroyuki <nakaji at tutrp.tut.ac.jp>]
+
+ *) Don't set the two most significant bits to one when generating a
+ random number < q in the DSA library.
+ [Ulf M\xF6ller]
+
+ *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default
+ behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
+ the underlying transport is blocking) if a handshake took place.
+ (The default behaviour is needed by applications such as s_client
+ and s_server that use select() to determine when to use SSL_read;
+ but for applications that know in advance when to expect data, it
+ just makes things more complicated.)
+ [Bodo Moeller]
+
+ *) Add RAND_egd_bytes(), which gives control over the number of bytes read
+ from EGD.
+ [Ben Laurie]
+
+ *) Add a few more EBCDIC conditionals that make `req' and `x509'
+ work better on such systems.
+ [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
+
+ *) Add two demo programs for PKCS12_parse() and PKCS12_create().
+ Update PKCS12_parse() so it copies the friendlyName and the
+ keyid to the certificates aux info.
+ [Steve Henson]
+
+ *) Fix bug in PKCS7_verify() which caused an infinite loop
+ if there was more than one signature.
+ [Sven Uszpelkat <su at celocom.de>]
+
+ *) Major change in util/mkdef.pl to include extra information
+ about each symbol, as well as presentig variables as well
+ as functions. This change means that there's n more need
+ to rebuild the .num files when some algorithms are excluded.
+ [Richard Levitte]
+
+ *) Allow the verify time to be set by an application,
+ rather than always using the current time.
+ [Steve Henson]
+
+ *) Phase 2 verify code reorganisation. The certificate
+ verify code now looks up an issuer certificate by a
+ number of criteria: subject name, authority key id
+ and key usage. It also verifies self signed certificates
+ by the same criteria. The main comparison function is
+ X509_check_issued() which performs these checks.
+
+ Lot of changes were necessary in order to support this
+ without completely rewriting the lookup code.
+
+ Authority and subject key identifier are now cached.
+
+ The LHASH 'certs' is X509_STORE has now been replaced
+ by a STACK_OF(X509_OBJECT). This is mainly because an
+ LHASH can't store or retrieve multiple objects with
+ the same hash value.
+
+ As a result various functions (which were all internal
+ use only) have changed to handle the new X509_STORE
+ structure. This will break anything that messed round
+ with X509_STORE internally.
+
+ The functions X509_STORE_add_cert() now checks for an
+ exact match, rather than just subject name.
+
+ The X509_STORE API doesn't directly support the retrieval
+ of multiple certificates matching a given criteria, however
+ this can be worked round by performing a lookup first
+ (which will fill the cache with candidate certificates)
+ and then examining the cache for matches. This is probably
+ the best we can do without throwing out X509_LOOKUP
+ entirely (maybe later...).
+
+ The X509_VERIFY_CTX structure has been enhanced considerably.
+
+ All certificate lookup operations now go via a get_issuer()
+ callback. Although this currently uses an X509_STORE it
+ can be replaced by custom lookups. This is a simple way
+ to bypass the X509_STORE hackery necessary to make this
+ work and makes it possible to use more efficient techniques
+ in future. A very simple version which uses a simple
+ STACK for its trusted certificate store is also provided
+ using X509_STORE_CTX_trusted_stack().
+
+ The verify_cb() and verify() callbacks now have equivalents
+ in the X509_STORE_CTX structure.
+
+ X509_STORE_CTX also has a 'flags' field which can be used
+ to customise the verify behaviour.
+ [Steve Henson]
+
+ *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which
+ excludes S/MIME capabilities.
+ [Steve Henson]
+
+ *) When a certificate request is read in keep a copy of the
+ original encoding of the signed data and use it when outputing
+ again. Signatures then use the original encoding rather than
+ a decoded, encoded version which may cause problems if the
+ request is improperly encoded.
+ [Steve Henson]
+
+ *) For consistency with other BIO_puts implementations, call
+ buffer_write(b, ...) directly in buffer_puts instead of calling
+ BIO_write(b, ...).
+
+ In BIO_puts, increment b->num_write as in BIO_write.
+ [Peter.Sylvester at EdelWeb.fr]
+
+ *) Fix BN_mul_word for the case where the word is 0. (We have to use
+ BN_zero, we may not return a BIGNUM with an array consisting of
+ words set to zero.)
+ [Bodo Moeller]
+
+ *) Avoid calling abort() from within the library when problems are
+ detected, except if preprocessor symbols have been defined
+ (such as REF_CHECK, BN_DEBUG etc.).
+ [Bodo Moeller]
+
+ *) New openssl application 'rsautl'. This utility can be
+ used for low level RSA operations. DER public key
+ BIO/fp routines also added.
+ [Steve Henson]
+
+ *) New Configure entry and patches for compiling on QNX 4.
+ [Andreas Schneider <andreas at ds3.etech.fh-hamburg.de>]
+
+ *) A demo state-machine implementation was sponsored by
+ Nuron (http://www.nuron.com/) and is now available in
+ demos/state_machine.
+ [Ben Laurie]
+
+ *) New options added to the 'dgst' utility for signature
+ generation and verification.
+ [Steve Henson]
+
+ *) Unrecognized PKCS#7 content types are now handled via a
+ catch all ASN1_TYPE structure. This allows unsupported
+ types to be stored as a "blob" and an application can
+ encode and decode it manually.
+ [Steve Henson]
+
+ *) Fix various signed/unsigned issues to make a_strex.c
+ compile under VC++.
+ [Oscar Jacobsson <oscar.jacobsson at celocom.com>]
+
+ *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
+ length if passed a buffer. ASN1_INTEGER_to_BN failed
+ if passed a NULL BN and its argument was negative.
+ [Steve Henson, pointed out by Sven Heiberg <sven at tartu.cyber.ee>]
+
+ *) Modification to PKCS#7 encoding routines to output definite
+ length encoding. Since currently the whole structures are in
+ memory there's not real point in using indefinite length
+ constructed encoding. However if OpenSSL is compiled with
+ the flag PKCS7_INDEFINITE_ENCODING the old form is used.
+ [Steve Henson]
+
+ *) Added BIO_vprintf() and BIO_vsnprintf().
+ [Richard Levitte]
+
+ *) Added more prefixes to parse for in the the strings written
+ through a logging bio, to cover all the levels that are available
+ through syslog. The prefixes are now:
+
+ PANIC, EMERG, EMR => LOG_EMERG
+ ALERT, ALR => LOG_ALERT
+ CRIT, CRI => LOG_CRIT
+ ERROR, ERR => LOG_ERR
+ WARNING, WARN, WAR => LOG_WARNING
+ NOTICE, NOTE, NOT => LOG_NOTICE
+ INFO, INF => LOG_INFO
+ DEBUG, DBG => LOG_DEBUG
+
+ and as before, if none of those prefixes are present at the
+ beginning of the string, LOG_ERR is chosen.
+
+ On Win32, the LOG_* levels are mapped according to this:
+
+ LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE
+ LOG_WARNING => EVENTLOG_WARNING_TYPE
+ LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE
+
+ [Richard Levitte]
+
+ *) Made it possible to reconfigure with just the configuration
+ argument "reconf" or "reconfigure". The command line arguments
+ are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
+ and are retrieved from there when reconfiguring.
+ [Richard Levitte]
+
+ *) MD4 implemented.
+ [Assar Westerlund <assar at sics.se>, Richard Levitte]
+
+ *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
+ [Richard Levitte]
+
+ *) The obj_dat.pl script was messing up the sorting of object
+ names. The reason was that it compared the quoted version
+ of strings as a result "OCSP" > "OCSP Signing" because
+ " > SPACE. Changed script to store unquoted versions of
+ names and add quotes on output. It was also omitting some
+ names from the lookup table if they were given a default
+ value (that is if SN is missing it is given the same
+ value as LN and vice versa), these are now added on the
+ grounds that if an object has a name we should be able to
+ look it up. Finally added warning output when duplicate
+ short or long names are found.
+ [Steve Henson]
+
+ *) Changes needed for Tandem NSK.
+ [Scott Uroff <scott at xypro.com>]
+
+ *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
+ RSA_padding_check_SSLv23(), special padding was never detected
+ and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
+ version rollback attacks was not effective.
+
+ In s23_clnt.c, don't use special rollback-attack detection padding
+ (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
+ client; similarly, in s23_srvr.c, don't do the rollback check if
+ SSL 2.0 is the only protocol enabled in the server.
+ [Bodo Moeller]
+
+ *) Make it possible to get hexdumps of unprintable data with 'openssl
+ asn1parse'. By implication, the functions ASN1_parse_dump() and
+ BIO_dump_indent() are added.
+ [Richard Levitte]
+
+ *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
+ these print out strings and name structures based on various
+ flags including RFC2253 support and proper handling of
+ multibyte characters. Added options to the 'x509' utility
+ to allow the various flags to be set.
+ [Steve Henson]
+
+ *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
+ Also change the functions X509_cmp_current_time() and
+ X509_gmtime_adj() work with an ASN1_TIME structure,
+ this will enable certificates using GeneralizedTime in validity
+ dates to be checked.
+ [Steve Henson]
+
+ *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
+ negative public key encodings) on by default,
+ NO_NEG_PUBKEY_BUG can be set to disable it.
+ [Steve Henson]
+
+ *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
+ content octets. An i2c_ASN1_OBJECT is unnecessary because
+ the encoding can be trivially obtained from the structure.
+ [Steve Henson]
+
+ *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
+ not read locks (CRYPTO_r_[un]lock).
+ [Bodo Moeller]
+
+ *) A first attempt at creating official support for shared
+ libraries through configuration. I've kept it so the
+ default is static libraries only, and the OpenSSL programs
+ are always statically linked for now, but there are
+ preparations for dynamic linking in place.
+ This has been tested on Linux and Tru64.
+ [Richard Levitte]
+
+ *) Randomness polling function for Win9x, as described in:
+ Peter Gutmann, Software Generation of Practically Strong
+ Random Numbers.
+ [Ulf M\xF6ller]
+
+ *) Fix so PRNG is seeded in req if using an already existing
+ DSA key.
+ [Steve Henson]
+
+ *) New options to smime application. -inform and -outform
+ allow alternative formats for the S/MIME message including
+ PEM and DER. The -content option allows the content to be
+ specified separately. This should allow things like Netscape
+ form signing output easier to verify.
+ [Steve Henson]
+
+ *) Fix the ASN1 encoding of tags using the 'long form'.
+ [Steve Henson]
+
+ *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
+ STRING types. These convert content octets to and from the
+ underlying type. The actual tag and length octets are
+ already assumed to have been read in and checked. These
+ are needed because all other string types have virtually
+ identical handling apart from the tag. By having versions
+ of the ASN1 functions that just operate on content octets
+ IMPLICIT tagging can be handled properly. It also allows
+ the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
+ and ASN1_INTEGER are identical apart from the tag.
+ [Steve Henson]
+
+ *) Change the handling of OID objects as follows:
+
+ - New object identifiers are inserted in objects.txt, following
+ the syntax given in objects.README.
+ - objects.pl is used to process obj_mac.num and create a new
+ obj_mac.h.
+ - obj_dat.pl is used to create a new obj_dat.h, using the data in
+ obj_mac.h.
+
+ This is currently kind of a hack, and the perl code in objects.pl
+ isn't very elegant, but it works as I intended. The simplest way
+ to check that it worked correctly is to look in obj_dat.h and
+ check the array nid_objs and make sure the objects haven't moved
+ around (this is important!). Additions are OK, as well as
+ consistent name changes.
+ [Richard Levitte]
+
+ *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
+ [Bodo Moeller]
+
+ *) Addition of the command line parameter '-rand file' to 'openssl req'.
+ The given file adds to whatever has already been seeded into the
+ random pool through the RANDFILE configuration file option or
+ environment variable, or the default random state file.
+ [Richard Levitte]
+
+ *) mkstack.pl now sorts each macro group into lexical order.
+ Previously the output order depended on the order the files
+ appeared in the directory, resulting in needless rewriting
+ of safestack.h .
+ [Steve Henson]
+
+ *) Patches to make OpenSSL compile under Win32 again. Mostly
+ work arounds for the VC++ problem that it treats func() as
+ func(void). Also stripped out the parts of mkdef.pl that
+ added extra typesafe functions: these no longer exist.
+ [Steve Henson]
+
+ *) Reorganisation of the stack code. The macros are now all
+ collected in safestack.h . Each macro is defined in terms of
+ a "stack macro" of the form SKM_<name>(type, a, b). The
+ DEBUG_SAFESTACK is now handled in terms of function casts,
+ this has the advantage of retaining type safety without the
+ use of additional functions. If DEBUG_SAFESTACK is not defined
+ then the non typesafe macros are used instead. Also modified the
+ mkstack.pl script to handle the new form. Needs testing to see
+ if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
+ the default if no major problems. Similar behaviour for ASN1_SET_OF
+ and PKCS12_STACK_OF.
+ [Steve Henson]
+
+ *) When some versions of IIS use the 'NET' form of private key the
+ key derivation algorithm is different. Normally MD5(password) is
+ used as a 128 bit RC4 key. In the modified case
+ MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some
+ new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
+ as the old Netscape_RSA functions except they have an additional
+ 'sgckey' parameter which uses the modified algorithm. Also added
+ an -sgckey command line option to the rsa utility. Thanks to
+ Adrian Peck <bertie at ncipher.com> for posting details of the modified
+ algorithm to openssl-dev.
+ [Steve Henson]
+
+ *) The evp_local.h macros were using 'c.##kname' which resulted in
+ invalid expansion on some systems (SCO 5.0.5 for example).
+ Corrected to 'c.kname'.
+ [Phillip Porch <root at theporch.com>]
+
+ *) New X509_get1_email() and X509_REQ_get1_email() functions that return
+ a STACK of email addresses from a certificate or request, these look
+ in the subject name and the subject alternative name extensions and
+ omit any duplicate addresses.
+ [Steve Henson]
+
+ *) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
+ This makes DSA verification about 2 % faster.
+ [Bodo Moeller]
+
+ *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
+ (meaning that now 2^5 values will be precomputed, which is only 4 KB
+ plus overhead for 1024 bit moduli).
+ This makes exponentiations about 0.5 % faster for 1024 bit
+ exponents (as measured by "openssl speed rsa2048").
+ [Bodo Moeller]
+
+ *) Rename memory handling macros to avoid conflicts with other
+ software:
+ Malloc => OPENSSL_malloc
+ Malloc_locked => OPENSSL_malloc_locked
+ Realloc => OPENSSL_realloc
+ Free => OPENSSL_free
+ [Richard Levitte]
+
+ *) New function BN_mod_exp_mont_word for small bases (roughly 15%
+ faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
+ [Bodo Moeller]
+
+ *) CygWin32 support.
+ [John Jarvie <jjarvie at newsguy.com>]
+
+ *) The type-safe stack code has been rejigged. It is now only compiled
+ in when OpenSSL is configured with the DEBUG_SAFESTACK option and
+ by default all type-specific stack functions are "#define"d back to
+ standard stack functions. This results in more streamlined output
+ but retains the type-safety checking possibilities of the original
+ approach.
+ [Geoff Thorpe]
+
+ *) The STACK code has been cleaned up, and certain type declarations
+ that didn't make a lot of sense have been brought in line. This has
+ also involved a cleanup of sorts in safestack.h to more correctly
+ map type-safe stack functions onto their plain stack counterparts.
+ This work has also resulted in a variety of "const"ifications of
+ lots of the code, especially "_cmp" operations which should normally
+ be prototyped with "const" parameters anyway.
+ [Geoff Thorpe]
+
+ *) When generating bytes for the first time in md_rand.c, 'stir the pool'
+ by seeding with STATE_SIZE dummy bytes (with zero entropy count).
+ (The PRNG state consists of two parts, the large pool 'state' and 'md',
+ where all of 'md' is used each time the PRNG is used, but 'state'
+ is used only indexed by a cyclic counter. As entropy may not be
+ well distributed from the beginning, 'md' is important as a
+ chaining variable. However, the output function chains only half
+ of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains
+ all of 'md', and seeding with STATE_SIZE dummy bytes will result
+ in all of 'state' being rewritten, with the new values depending
+ on virtually all of 'md'. This overcomes the 80 bit limitation.)
+ [Bodo Moeller]
+
+ *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
+ the handshake is continued after ssl_verify_cert_chain();
+ otherwise, if SSL_VERIFY_NONE is set, remaining error codes
+ can lead to 'unexplainable' connection aborts later.
+ [Bodo Moeller; problem tracked down by Lutz Jaenicke]
+
+ *) Major EVP API cipher revision.
+ Add hooks for extra EVP features. This allows various cipher
+ parameters to be set in the EVP interface. Support added for variable
+ key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
+ setting of RC2 and RC5 parameters.
+
+ Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
+ ciphers.
+
+ Remove lots of duplicated code from the EVP library. For example *every*
+ cipher init() function handles the 'iv' in the same way according to the
+ cipher mode. They also all do nothing if the 'key' parameter is NULL and
+ for CFB and OFB modes they zero ctx->num.
+
+ New functionality allows removal of S/MIME code RC2 hack.
+
+ Most of the routines have the same form and so can be declared in terms
+ of macros.
+
+ By shifting this to the top level EVP_CipherInit() it can be removed from
+ all individual ciphers. If the cipher wants to handle IVs or keys
+ differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
+ flags.
+
+ Change lots of functions like EVP_EncryptUpdate() to now return a
+ value: although software versions of the algorithms cannot fail
+ any installed hardware versions can.
+ [Steve Henson]
+
+ *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
+ this option is set, tolerate broken clients that send the negotiated
+ protocol version number instead of the requested protocol version
+ number.
+ [Bodo Moeller]
+
+ *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
+ i.e. non-zero for export ciphersuites, zero otherwise.
+ Previous versions had this flag inverted, inconsistent with
+ rsa_tmp_cb (..._TMP_RSA_CB).
+ [Bodo Moeller; problem reported by Amit Chopra]
+
+ *) Add missing DSA library text string. Work around for some IIS
+ key files with invalid SEQUENCE encoding.
+ [Steve Henson]
+
+ *) Add a document (doc/standards.txt) that list all kinds of standards
+ and so on that are implemented in OpenSSL.
+ [Richard Levitte]
+
+ *) Enhance c_rehash script. Old version would mishandle certificates
+ with the same subject name hash and wouldn't handle CRLs at all.
+ Added -fingerprint option to crl utility, to support new c_rehash
+ features.
+ [Steve Henson]
+
+ *) Eliminate non-ANSI declarations in crypto.h and stack.h.
+ [Ulf M\xF6ller]
+
+ *) Fix for SSL server purpose checking. Server checking was
+ rejecting certificates which had extended key usage present
+ but no ssl client purpose.
+ [Steve Henson, reported by Rene Grosser <grosser at hisolutions.com>]
+
+ *) Make PKCS#12 code work with no password. The PKCS#12 spec
+ is a little unclear about how a blank password is handled.
+ Since the password in encoded as a BMPString with terminating
+ double NULL a zero length password would end up as just the
+ double NULL. However no password at all is different and is
+ handled differently in the PKCS#12 key generation code. NS
+ treats a blank password as zero length. MSIE treats it as no
+ password on export: but it will try both on import. We now do
+ the same: PKCS12_parse() tries zero length and no password if
+ the password is set to "" or NULL (NULL is now a valid password:
+ it wasn't before) as does the pkcs12 application.
+ [Steve Henson]
+
+ *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
+ perror when PEM_read_bio_X509_REQ fails, the error message must
+ be obtained from the error queue.
+ [Bodo Moeller]
+
+ *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
+ it in ERR_remove_state if appropriate, and change ERR_get_state
+ accordingly to avoid race conditions (this is necessary because
+ thread_hash is no longer constant once set).
+ [Bodo Moeller]
+
+ *) Bugfix for linux-elf makefile.one.
+ [Ulf M\xF6ller]
+
+ *) RSA_get_default_method() will now cause a default
+ RSA_METHOD to be chosen if one doesn't exist already.
+ Previously this was only set during a call to RSA_new()
+ or RSA_new_method(NULL) meaning it was possible for
+ RSA_get_default_method() to return NULL.
+ [Geoff Thorpe]
+
+ *) Added native name translation to the existing DSO code
+ that will convert (if the flag to do so is set) filenames
+ that are sufficiently small and have no path information
+ into a canonical native form. Eg. "blah" converted to
+ "libblah.so" or "blah.dll" etc.
+ [Geoff Thorpe]
+
+ *) New function ERR_error_string_n(e, buf, len) which is like
+ ERR_error_string(e, buf), but writes at most 'len' bytes
+ including the 0 terminator. For ERR_error_string_n, 'buf'
+ may not be NULL.
+ [Damien Miller <djm at mindrot.org>, Bodo Moeller]
+
+ *) CONF library reworked to become more general. A new CONF
+ configuration file reader "class" is implemented as well as a
+ new functions (NCONF_*, for "New CONF") to handle it. The now
+ old CONF_* functions are still there, but are reimplemented to
+ work in terms of the new functions. Also, a set of functions
+ to handle the internal storage of the configuration data is
+ provided to make it easier to write new configuration file
+ reader "classes" (I can definitely see something reading a
+ configuration file in XML format, for example), called _CONF_*,
+ or "the configuration storage API"...
+
+ The new configuration file reading functions are:
+
+ NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
+ NCONF_get_section, NCONF_get_string, NCONF_get_numbre
+
+ NCONF_default, NCONF_WIN32
+
+ NCONF_dump_fp, NCONF_dump_bio
+
+ NCONF_default and NCONF_WIN32 are method (or "class") choosers,
+ NCONF_new creates a new CONF object. This works in the same way
+ as other interfaces in OpenSSL, like the BIO interface.
+ NCONF_dump_* dump the internal storage of the configuration file,
+ which is useful for debugging. All other functions take the same
+ arguments as the old CONF_* functions wth the exception of the
+ first that must be a `CONF *' instead of a `LHASH *'.
+
+ To make it easer to use the new classes with the old CONF_* functions,
+ the function CONF_set_default_method is provided.
+ [Richard Levitte]
+
+ *) Add '-tls1' option to 'openssl ciphers', which was already
+ mentioned in the documentation but had not been implemented.
+ (This option is not yet really useful because even the additional
+ experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
+ [Bodo Moeller]
+
+ *) Initial DSO code added into libcrypto for letting OpenSSL (and
+ OpenSSL-based applications) load shared libraries and bind to
+ them in a portable way.
+ [Geoff Thorpe, with contributions from Richard Levitte]
+
+ Changes between 0.9.5 and 0.9.5a [1 Apr 2000]
+
+ *) Make sure _lrotl and _lrotr are only used with MSVC.
+
+ *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
+ (the default implementation of RAND_status).
+
+ *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
+ to '-clrext' (= clear extensions), as intended and documented.
+ [Bodo Moeller; inconsistency pointed out by Michael Attili
+ <attili at amaxo.com>]
+
+ *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
+ was larger than the MD block size.
+ [Steve Henson, pointed out by Yost William <YostW at tce.com>]
+
+ *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
+ fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
+ using the passed key: if the passed key was a private key the result
+ of X509_print(), for example, would be to print out all the private key
+ components.
+ [Steve Henson]
+
+ *) des_quad_cksum() byte order bug fix.
+ [Ulf M\xF6ller, using the problem description in krb4-0.9.7, where
+ the solution is attributed to Derrick J Brashear <shadow at DEMENTIA.ORG>]
+
+ *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
+ discouraged.
+ [Steve Henson, pointed out by Brian Korver <briank at cs.stanford.edu>]
+
+ *) For easily testing in shell scripts whether some command
+ 'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
+ returns with exit code 0 iff no command of the given name is available.
+ 'no-XXX' is printed in this case, 'XXX' otherwise. In both cases,
+ the output goes to stdout and nothing is printed to stderr.
+ Additional arguments are always ignored.
+
+ Since for each cipher there is a command of the same name,
+ the 'no-cipher' compilation switches can be tested this way.
+
+ ('openssl no-XXX' is not able to detect pseudo-commands such
+ as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
+ [Bodo Moeller]
+
+ *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
+ [Bodo Moeller]
+
+ *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
+ is set; it will be thrown away anyway because each handshake creates
+ its own key.
+ ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
+ to parameters -- in previous versions (since OpenSSL 0.9.3) the
+ 'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining
+ you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
+ [Bodo Moeller]
+
+ *) New s_client option -ign_eof: EOF at stdin is ignored, and
+ 'Q' and 'R' lose their special meanings (quit/renegotiate).
+ This is part of what -quiet does; unlike -quiet, -ign_eof
+ does not suppress any output.
+ [Richard Levitte]
+
+ *) Add compatibility options to the purpose and trust code. The
+ purpose X509_PURPOSE_ANY is "any purpose" which automatically
+ accepts a certificate or CA, this was the previous behaviour,
+ with all the associated security issues.
+
+ X509_TRUST_COMPAT is the old trust behaviour: only and
+ automatically trust self signed roots in certificate store. A
+ new trust setting X509_TRUST_DEFAULT is used to specify that
+ a purpose has no associated trust setting and it should instead
+ use the value in the default purpose.
+ [Steve Henson]
+
+ *) Fix the PKCS#8 DSA private key code so it decodes keys again
+ and fix a memory leak.
+ [Steve Henson]
+
+ *) In util/mkerr.pl (which implements 'make errors'), preserve
+ reason strings from the previous version of the .c file, as
+ the default to have only downcase letters (and digits) in
+ automatically generated reasons codes is not always appropriate.
+ [Bodo Moeller]
+
+ *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
+ using strerror. Previously, ERR_reason_error_string() returned
+ library names as reason strings for SYSerr; but SYSerr is a special
+ case where small numbers are errno values, not library numbers.
+ [Bodo Moeller]
+
+ *) Add '-dsaparam' option to 'openssl dhparam' application. This
+ converts DSA parameters into DH parameters. (When creating parameters,
+ DSA_generate_parameters is used.)
+ [Bodo Moeller]
+
+ *) Include 'length' (recommended exponent length) in C code generated
+ by 'openssl dhparam -C'.
+ [Bodo Moeller]
+
+ *) The second argument to set_label in perlasm was already being used
+ so couldn't be used as a "file scope" flag. Moved to third argument
+ which was free.
+ [Steve Henson]
+
+ *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
+ instead of RAND_bytes for encryption IVs and salts.
+ [Bodo Moeller]
+
+ *) Include RAND_status() into RAND_METHOD instead of implementing
+ it only for md_rand.c Otherwise replacing the PRNG by calling
+ RAND_set_rand_method would be impossible.
+ [Bodo Moeller]
+
+ *) Don't let DSA_generate_key() enter an infinite loop if the random
+ number generation fails.
+ [Bodo Moeller]
+
+ *) New 'rand' application for creating pseudo-random output.
+ [Bodo Moeller]
+
+ *) Added configuration support for Linux/IA64
+ [Rolf Haberrecker <rolf at suse.de>]
+
+ *) Assembler module support for Mingw32.
+ [Ulf M\xF6ller]
+
+ *) Shared library support for HPUX (in shlib/).
+ [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE> and Anonymous]
+
+ *) Shared library support for Solaris gcc.
+ [Lutz Behnke <behnke at trustcenter.de>]
+
+ Changes between 0.9.4 and 0.9.5 [28 Feb 2000]
+
+ *) PKCS7_encrypt() was adding text MIME headers twice because they
+ were added manually and by SMIME_crlf_copy().
+ [Steve Henson]
+
+ *) In bntest.c don't call BN_rand with zero bits argument.
+ [Steve Henson, pointed out by Andrew W. Gray <agray at iconsinc.com>]
+
+ *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
+ case was implemented. This caused BN_div_recp() to fail occasionally.
+ [Ulf M\xF6ller]
+
+ *) Add an optional second argument to the set_label() in the perl
+ assembly language builder. If this argument exists and is set
+ to 1 it signals that the assembler should use a symbol whose
+ scope is the entire file, not just the current function. This
+ is needed with MASM which uses the format label:: for this scope.
+ [Steve Henson, pointed out by Peter Runestig <peter at runestig.com>]
+
+ *) Change the ASN1 types so they are typedefs by default. Before
+ almost all types were #define'd to ASN1_STRING which was causing
+ STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING)
+ for example.
+ [Steve Henson]
+
+ *) Change names of new functions to the new get1/get0 naming
+ convention: After 'get1', the caller owns a reference count
+ and has to call ..._free; 'get0' returns a pointer to some
+ data structure without incrementing reference counters.
+ (Some of the existing 'get' functions increment a reference
+ counter, some don't.)
+ Similarly, 'set1' and 'add1' functions increase reference
+ counters or duplicate objects.
+ [Steve Henson]
+
+ *) Allow for the possibility of temp RSA key generation failure:
+ the code used to assume it always worked and crashed on failure.
+ [Steve Henson]
+
+ *) Fix potential buffer overrun problem in BIO_printf().
+ [Ulf M\xF6ller, using public domain code by Patrick Powell; problem
+ pointed out by David Sacerdote <das33 at cornell.edu>]
+
+ *) Support EGD <http://www.lothar.com/tech/crypto/>. New functions
+ RAND_egd() and RAND_status(). In the command line application,
+ the EGD socket can be specified like a seed file using RANDFILE
+ or -rand.
+ [Ulf M\xF6ller]
+
+ *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
+ Some CAs (e.g. Verisign) distribute certificates in this form.
+ [Steve Henson]
+
+ *) Remove the SSL_ALLOW_ADH compile option and set the default cipher
+ list to exclude them. This means that no special compilation option
+ is needed to use anonymous DH: it just needs to be included in the
+ cipher list.
+ [Steve Henson]
+
+ *) Change the EVP_MD_CTX_type macro so its meaning consistent with
+ EVP_MD_type. The old functionality is available in a new macro called
+ EVP_MD_md(). Change code that uses it and update docs.
+ [Steve Henson]
+
+ *) ..._ctrl functions now have corresponding ..._callback_ctrl functions
+ where the 'void *' argument is replaced by a function pointer argument.
+ Previously 'void *' was abused to point to functions, which works on
+ many platforms, but is not correct. As these functions are usually
+ called by macros defined in OpenSSL header files, most source code
+ should work without changes.
+ [Richard Levitte]
+
+ *) <openssl/opensslconf.h> (which is created by Configure) now contains
+ sections with information on -D... compiler switches used for
+ compiling the library so that applications can see them. To enable
+ one of these sections, a pre-processor symbol OPENSSL_..._DEFINES
+ must be defined. E.g.,
+ #define OPENSSL_ALGORITHM_DEFINES
+ #include <openssl/opensslconf.h>
+ defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
+ [Richard Levitte, Ulf and Bodo M\xF6ller]
+
+ *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
+ record layer.
+ [Bodo Moeller]
+
+ *) Change the 'other' type in certificate aux info to a STACK_OF
+ X509_ALGOR. Although not an AlgorithmIdentifier as such it has
+ the required ASN1 format: arbitrary types determined by an OID.
+ [Steve Henson]
+
+ *) Add some PEM_write_X509_REQ_NEW() functions and a command line
+ argument to 'req'. This is not because the function is newer or
+ better than others it just uses the work 'NEW' in the certificate
+ request header lines. Some software needs this.
+ [Steve Henson]
+
+ *) Reorganise password command line arguments: now passwords can be
+ obtained from various sources. Delete the PEM_cb function and make
+ it the default behaviour: i.e. if the callback is NULL and the
+ usrdata argument is not NULL interpret it as a null terminated pass
+ phrase. If usrdata and the callback are NULL then the pass phrase
+ is prompted for as usual.
+ [Steve Henson]
+
+ *) Add support for the Compaq Atalla crypto accelerator. If it is installed,
+ the support is automatically enabled. The resulting binaries will
+ autodetect the card and use it if present.
+ [Ben Laurie and Compaq Inc.]
+
+ *) Work around for Netscape hang bug. This sends certificate request
+ and server done in one record. Since this is perfectly legal in the
+ SSL/TLS protocol it isn't a "bug" option and is on by default. See
+ the bugs/SSLv3 entry for more info.
+ [Steve Henson]
+
+ *) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
+ [Andy Polyakov]
+
+ *) Add -rand argument to smime and pkcs12 applications and read/write
+ of seed file.
+ [Steve Henson]
+
+ *) New 'passwd' tool for crypt(3) and apr1 password hashes.
+ [Bodo Moeller]
+
+ *) Add command line password options to the remaining applications.
+ [Steve Henson]
+
+ *) Bug fix for BN_div_recp() for numerators with an even number of
+ bits.
+ [Ulf M\xF6ller]
+
+ *) More tests in bntest.c, and changed test_bn output.
+ [Ulf M\xF6ller]
+
+ *) ./config recognizes MacOS X now.
+ [Andy Polyakov]
+
+ *) Bug fix for BN_div() when the first words of num and divsor are
+ equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
+ [Ulf M\xF6ller]
+
+ *) Add support for various broken PKCS#8 formats, and command line
+ options to produce them.
+ [Steve Henson]
+
+ *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
+ get temporary BIGNUMs from a BN_CTX.
+ [Ulf M\xF6ller]
+
+ *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
+ for p == 0.
+ [Ulf M\xF6ller]
+
+ *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
+ include a #define from the old name to the new. The original intent
+ was that statically linked binaries could for example just call
+ SSLeay_add_all_ciphers() to just add ciphers to the table and not
+ link with digests. This never worked becayse SSLeay_add_all_digests()
+ and SSLeay_add_all_ciphers() were in the same source file so calling
+ one would link with the other. They are now in separate source files.
+ [Steve Henson]
+
+ *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
+ [Steve Henson]
+
+ *) Use a less unusual form of the Miller-Rabin primality test (it used
+ a binary algorithm for exponentiation integrated into the Miller-Rabin
+ loop, our standard modexp algorithms are faster).
+ [Bodo Moeller]
+
+ *) Support for the EBCDIC character set completed.
+ [Martin Kraemer <Martin.Kraemer at Mch.SNI.De>]
+
+ *) Source code cleanups: use const where appropriate, eliminate casts,
+ use void * instead of char * in lhash.
+ [Ulf M\xF6ller]
+
+ *) Bugfix: ssl3_send_server_key_exchange was not restartable
+ (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
+ this the server could overwrite ephemeral keys that the client
+ has already seen).
+ [Bodo Moeller]
+
+ *) Turn DSA_is_prime into a macro that calls BN_is_prime,
+ using 50 iterations of the Rabin-Miller test.
+
+ DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
+ iterations of the Rabin-Miller test as required by the appendix
+ to FIPS PUB 186[-1]) instead of DSA_is_prime.
+ As BN_is_prime_fasttest includes trial division, DSA parameter
+ generation becomes much faster.
+
+ This implies a change for the callback functions in DSA_is_prime
+ and DSA_generate_parameters: The callback function is called once
+ for each positive witness in the Rabin-Miller test, not just
+ occasionally in the inner loop; and the parameters to the
+ callback function now provide an iteration count for the outer
+ loop rather than for the current invocation of the inner loop.
+ DSA_generate_parameters additionally can call the callback
+ function with an 'iteration count' of -1, meaning that a
+ candidate has passed the trial division test (when q is generated
+ from an application-provided seed, trial division is skipped).
+ [Bodo Moeller]
+
+ *) New function BN_is_prime_fasttest that optionally does trial
+ division before starting the Rabin-Miller test and has
+ an additional BN_CTX * argument (whereas BN_is_prime always
+ has to allocate at least one BN_CTX).
+ 'callback(1, -1, cb_arg)' is called when a number has passed the
+ trial division stage.
+ [Bodo Moeller]
+
+ *) Fix for bug in CRL encoding. The validity dates weren't being handled
+ as ASN1_TIME.
+ [Steve Henson]
+
+ *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
+ [Steve Henson]
+
+ *) New function BN_pseudo_rand().
+ [Ulf M\xF6ller]
+
+ *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
+ bignum version of BN_from_montgomery() with the working code from
+ SSLeay 0.9.0 (the word based version is faster anyway), and clean up
+ the comments.
+ [Ulf M\xF6ller]
+
+ *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
+ made it impossible to use the same SSL_SESSION data structure in
+ SSL2 clients in multiple threads.
+ [Bodo Moeller]
+
+ *) The return value of RAND_load_file() no longer counts bytes obtained
+ by stat(). RAND_load_file(..., -1) is new and uses the complete file
+ to seed the PRNG (previously an explicit byte count was required).
+ [Ulf M\xF6ller, Bodo M\xF6ller]
+
+ *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
+ used (char *) instead of (void *) and had casts all over the place.
+ [Steve Henson]
+
+ *) Make BN_generate_prime() return NULL on error if ret!=NULL.
+ [Ulf M\xF6ller]
+
+ *) Retain source code compatibility for BN_prime_checks macro:
+ BN_is_prime(..., BN_prime_checks, ...) now uses
+ BN_prime_checks_for_size to determine the appropriate number of
+ Rabin-Miller iterations.
+ [Ulf M\xF6ller]
+
+ *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
+ DH_CHECK_P_NOT_SAFE_PRIME.
+ (Check if this is true? OpenPGP calls them "strong".)
+ [Ulf M\xF6ller]
+
+ *) Merge the functionality of "dh" and "gendh" programs into a new program
+ "dhparam". The old programs are retained for now but will handle DH keys
+ (instead of parameters) in future.
+ [Steve Henson]
+
+ *) Make the ciphers, s_server and s_client programs check the return values
+ when a new cipher list is set.
+ [Steve Henson]
+
+ *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit
+ ciphers. Before when the 56bit ciphers were enabled the sorting was
+ wrong.
+
+ The syntax for the cipher sorting has been extended to support sorting by
+ cipher-strength (using the strength_bits hard coded in the tables).
+ The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).
+
+ Fix a bug in the cipher-command parser: when supplying a cipher command
+ string with an "undefined" symbol (neither command nor alphanumeric
+ [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now
+ an error is flagged.
+
+ Due to the strength-sorting extension, the code of the
+ ssl_create_cipher_list() function was completely rearranged. I hope that
+ the readability was also increased :-)
+ [Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>]
+
+ *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
+ for the first serial number and places 2 in the serial number file. This
+ avoids problems when the root CA is created with serial number zero and
+ the first user certificate has the same issuer name and serial number
+ as the root CA.
+ [Steve Henson]
+
+ *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
+ the new code. Add documentation for this stuff.
+ [Steve Henson]
+
+ *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
+ X509_*() to X509at_*() on the grounds that they don't handle X509
+ structures and behave in an analagous way to the X509v3 functions:
+ they shouldn't be called directly but wrapper functions should be used
+ instead.
+
+ So we also now have some wrapper functions that call the X509at functions
+ when passed certificate requests. (TO DO: similar things can be done with
+ PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
+ things. Some of these need some d2i or i2d and print functionality
+ because they handle more complex structures.)
+ [Steve Henson]
+
+ *) Add missing #ifndefs that caused missing symbols when building libssl
+ as a shared library without RSA. Use #ifndef NO_SSL2 instead of
+ NO_RSA in ssl/s2*.c.
+ [Kris Kennaway <kris at hub.freebsd.org>, modified by Ulf M\xF6ller]
+
+ *) Precautions against using the PRNG uninitialized: RAND_bytes() now
+ has a return value which indicates the quality of the random data
+ (1 = ok, 0 = not seeded). Also an error is recorded on the thread's
+ error queue. New function RAND_pseudo_bytes() generates output that is
+ guaranteed to be unique but not unpredictable. RAND_add is like
+ RAND_seed, but takes an extra argument for an entropy estimate
+ (RAND_seed always assumes full entropy).
+ [Ulf M\xF6ller]
+
+ *) Do more iterations of Rabin-Miller probable prime test (specifically,
+ 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
+ instead of only 2 for all lengths; see BN_prime_checks_for_size definition
+ in crypto/bn/bn_prime.c for the complete table). This guarantees a
+ false-positive rate of at most 2^-80 for random input.
+ [Bodo Moeller]
+
+ *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
+ [Bodo Moeller]
+
+ *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain
+ in the 0.9.5 release), this returns the chain
+ from an X509_CTX structure with a dup of the stack and all
+ the X509 reference counts upped: so the stack will exist
+ after X509_CTX_cleanup() has been called. Modify pkcs12.c
+ to use this.
+
+ Also make SSL_SESSION_print() print out the verify return
+ code.
+ [Steve Henson]
+
+ *) Add manpage for the pkcs12 command. Also change the default
+ behaviour so MAC iteration counts are used unless the new
+ -nomaciter option is used. This improves file security and
+ only older versions of MSIE (4.0 for example) need it.
+ [Steve Henson]
+
+ *) Honor the no-xxx Configure options when creating .DEF files.
+ [Ulf M\xF6ller]
+
+ *) Add PKCS#10 attributes to field table: challengePassword,
+ unstructuredName and unstructuredAddress. These are taken from
+ draft PKCS#9 v2.0 but are compatible with v1.2 provided no
+ international characters are used.
+
+ More changes to X509_ATTRIBUTE code: allow the setting of types
+ based on strings. Remove the 'loc' parameter when adding
+ attributes because these will be a SET OF encoding which is sorted
+ in ASN1 order.
+ [Steve Henson]
+
+ *) Initial changes to the 'req' utility to allow request generation
+ automation. This will allow an application to just generate a template
+ file containing all the field values and have req construct the
+ request.
+
+ Initial support for X509_ATTRIBUTE handling. Stacks of these are
+ used all over the place including certificate requests and PKCS#7
+ structures. They are currently handled manually where necessary with
+ some primitive wrappers for PKCS#7. The new functions behave in a
+ manner analogous to the X509 extension functions: they allow
+ attributes to be looked up by NID and added.
+
+ Later something similar to the X509V3 code would be desirable to
+ automatically handle the encoding, decoding and printing of the
+ more complex types. The string types like challengePassword can
+ be handled by the string table functions.
+
+ Also modified the multi byte string table handling. Now there is
+ a 'global mask' which masks out certain types. The table itself
+ can use the flag STABLE_NO_MASK to ignore the mask setting: this
+ is useful when for example there is only one permissible type
+ (as in countryName) and using the mask might result in no valid
+ types at all.
+ [Steve Henson]
+
+ *) Clean up 'Finished' handling, and add functions SSL_get_finished and
+ SSL_get_peer_finished to allow applications to obtain the latest
+ Finished messages sent to the peer or expected from the peer,
+ respectively. (SSL_get_peer_finished is usually the Finished message
+ actually received from the peer, otherwise the protocol will be aborted.)
+
+ As the Finished message are message digests of the complete handshake
+ (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
+ be used for external authentication procedures when the authentication
+ provided by SSL/TLS is not desired or is not enough.
+ [Bodo Moeller]
+
+ *) Enhanced support for Alpha Linux is added. Now ./config checks if
+ the host supports BWX extension and if Compaq C is present on the
+ $PATH. Just exploiting of the BWX extension results in 20-30%
+ performance kick for some algorithms, e.g. DES and RC4 to mention
+ a couple. Compaq C in turn generates ~20% faster code for MD5 and
+ SHA1.
+ [Andy Polyakov]
+
+ *) Add support for MS "fast SGC". This is arguably a violation of the
+ SSL3/TLS protocol. Netscape SGC does two handshakes: the first with
+ weak crypto and after checking the certificate is SGC a second one
+ with strong crypto. MS SGC stops the first handshake after receiving
+ the server certificate message and sends a second client hello. Since
+ a server will typically do all the time consuming operations before
+ expecting any further messages from the client (server key exchange
+ is the most expensive) there is little difference between the two.
+
+ To get OpenSSL to support MS SGC we have to permit a second client
+ hello message after we have sent server done. In addition we have to
+ reset the MAC if we do get this second client hello.
+ [Steve Henson]
+
+ *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide
+ if a DER encoded private key is RSA or DSA traditional format. Changed
+ d2i_PrivateKey_bio() to use it. This is only needed for the "traditional"
+ format DER encoded private key. Newer code should use PKCS#8 format which
+ has the key type encoded in the ASN1 structure. Added DER private key
+ support to pkcs8 application.
+ [Steve Henson]
+
+ *) SSL 3/TLS 1 servers now don't request certificates when an anonymous
+ ciphersuites has been selected (as required by the SSL 3/TLS 1
+ specifications). Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+ is set, we interpret this as a request to violate the specification
+ (the worst that can happen is a handshake failure, and 'correct'
+ behaviour would result in a handshake failure anyway).
+ [Bodo Moeller]
+
+ *) In SSL_CTX_add_session, take into account that there might be multiple
+ SSL_SESSION structures with the same session ID (e.g. when two threads
+ concurrently obtain them from an external cache).
+ The internal cache can handle only one SSL_SESSION with a given ID,
+ so if there's a conflict, we now throw out the old one to achieve
+ consistency.
+ [Bodo Moeller]
+
+ *) Add OIDs for idea and blowfish in CBC mode. This will allow both
+ to be used in PKCS#5 v2.0 and S/MIME. Also add checking to
+ some routines that use cipher OIDs: some ciphers do not have OIDs
+ defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for
+ example.
+ [Steve Henson]
+
+ *) Simplify the trust setting structure and code. Now we just have
+ two sequences of OIDs for trusted and rejected settings. These will
+ typically have values the same as the extended key usage extension
+ and any application specific purposes.
+
+ The trust checking code now has a default behaviour: it will just
+ check for an object with the same NID as the passed id. Functions can
+ be provided to override either the default behaviour or the behaviour
+ for a given id. SSL client, server and email already have functions
+ in place for compatibility: they check the NID and also return "trusted"
+ if the certificate is self signed.
+ [Steve Henson]
+
+ *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
+ traditional format into an EVP_PKEY structure.
+ [Steve Henson]
+
+ *) Add a password callback function PEM_cb() which either prompts for
+ a password if usr_data is NULL or otherwise assumes it is a null
+ terminated password. Allow passwords to be passed on command line
+ environment or config files in a few more utilities.
+ [Steve Henson]
+
+ *) Add a bunch of DER and PEM functions to handle PKCS#8 format private
+ keys. Add some short names for PKCS#8 PBE algorithms and allow them
+ to be specified on the command line for the pkcs8 and pkcs12 utilities.
+ Update documentation.
+ [Steve Henson]
+
+ *) Support for ASN1 "NULL" type. This could be handled before by using
+ ASN1_TYPE but there wasn't any function that would try to read a NULL
+ and produce an error if it couldn't. For compatibility we also have
+ ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and
+ don't allocate anything because they don't need to.
+ [Steve Henson]
+
+ *) Initial support for MacOS is now provided. Examine INSTALL.MacOS
+ for details.
+ [Andy Polyakov, Roy Woods <roy at centicsystems.ca>]
+
+ *) Rebuild of the memory allocation routines used by OpenSSL code and
+ possibly others as well. The purpose is to make an interface that
+ provide hooks so anyone can build a separate set of allocation and
+ deallocation routines to be used by OpenSSL, for example memory
+ pool implementations, or something else, which was previously hard
+ since Malloc(), Realloc() and Free() were defined as macros having
+ the values malloc, realloc and free, respectively (except for Win32
+ compilations). The same is provided for memory debugging code.
+ OpenSSL already comes with functionality to find memory leaks, but
+ this gives people a chance to debug other memory problems.
+
+ With these changes, a new set of functions and macros have appeared:
+
+ CRYPTO_set_mem_debug_functions() [F]
+ CRYPTO_get_mem_debug_functions() [F]
+ CRYPTO_dbg_set_options() [F]
+ CRYPTO_dbg_get_options() [F]
+ CRYPTO_malloc_debug_init() [M]
+
+ The memory debug functions are NULL by default, unless the library
+ is compiled with CRYPTO_MDEBUG or friends is defined. If someone
+ wants to debug memory anyway, CRYPTO_malloc_debug_init() (which
+ gives the standard debugging functions that come with OpenSSL) or
+ CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions
+ provided by the library user) must be used. When the standard
+ debugging functions are used, CRYPTO_dbg_set_options can be used to
+ request additional information:
+ CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting
+ the CRYPTO_MDEBUG_xxx macro when compiling the library.
+
+ Also, things like CRYPTO_set_mem_functions will always give the
+ expected result (the new set of functions is used for allocation
+ and deallocation) at all times, regardless of platform and compiler
+ options.
+
+ To finish it up, some functions that were never use in any other
+ way than through macros have a new API and new semantic:
+
+ CRYPTO_dbg_malloc()
+ CRYPTO_dbg_realloc()
+ CRYPTO_dbg_free()
+
+ All macros of value have retained their old syntax.
+ [Richard Levitte and Bodo Moeller]
+
+ *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the
+ ordering of SMIMECapabilities wasn't in "strength order" and there
+ was a missing NULL in the AlgorithmIdentifier for the SHA1 signature
+ algorithm.
+ [Steve Henson]
+
+ *) Some ASN1 types with illegal zero length encoding (INTEGER,
+ ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.
+ [Frans Heymans <fheymans at isaserver.be>, modified by Steve Henson]
+
+ *) Merge in my S/MIME library for OpenSSL. This provides a simple
+ S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
+ functionality to handle multipart/signed properly) and a utility
+ called 'smime' to call all this stuff. This is based on code I
+ originally wrote for Celo who have kindly allowed it to be
+ included in OpenSSL.
+ [Steve Henson]
+
+ *) Add variants des_set_key_checked and des_set_key_unchecked of
+ des_set_key (aka des_key_sched). Global variable des_check_key
+ decides which of these is called by des_set_key; this way
+ des_check_key behaves as it always did, but applications and
+ the library itself, which was buggy for des_check_key == 1,
+ have a cleaner way to pick the version they need.
+ [Bodo Moeller]
+
+ *) New function PKCS12_newpass() which changes the password of a
+ PKCS12 structure.
+ [Steve Henson]
+
+ *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and
+ dynamic mix. In both cases the ids can be used as an index into the
+ table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()
+ functions so they accept a list of the field values and the
+ application doesn't need to directly manipulate the X509_TRUST
+ structure.
+ [Steve Henson]
+
+ *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't
+ need initialising.
+ [Steve Henson]
+
+ *) Modify the way the V3 extension code looks up extensions. This now
+ works in a similar way to the object code: we have some "standard"
+ extensions in a static table which is searched with OBJ_bsearch()
+ and the application can add dynamic ones if needed. The file
+ crypto/x509v3/ext_dat.h now has the info: this file needs to be
+ updated whenever a new extension is added to the core code and kept
+ in ext_nid order. There is a simple program 'tabtest.c' which checks
+ this. New extensions are not added too often so this file can readily
+ be maintained manually.
+
+ There are two big advantages in doing things this way. The extensions
+ can be looked up immediately and no longer need to be "added" using
+ X509V3_add_standard_extensions(): this function now does nothing.
+ [Side note: I get *lots* of email saying the extension code doesn't
+ work because people forget to call this function]
+ Also no dynamic allocation is done unless new extensions are added:
+ so if we don't add custom extensions there is no need to call
+ X509V3_EXT_cleanup().
+ [Steve Henson]
+
+ *) Modify enc utility's salting as follows: make salting the default. Add a
+ magic header, so unsalted files fail gracefully instead of just decrypting
+ to garbage. This is because not salting is a big security hole, so people
+ should be discouraged from doing it.
+ [Ben Laurie]
+
+ *) Fixes and enhancements to the 'x509' utility. It allowed a message
+ digest to be passed on the command line but it only used this
+ parameter when signing a certificate. Modified so all relevant
+ operations are affected by the digest parameter including the
+ -fingerprint and -x509toreq options. Also -x509toreq choked if a
+ DSA key was used because it didn't fix the digest.
+ [Steve Henson]
+
+ *) Initial certificate chain verify code. Currently tests the untrusted
+ certificates for consistency with the verify purpose (which is set
+ when the X509_STORE_CTX structure is set up) and checks the pathlength.
+
+ There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour:
+ this is because it will reject chains with invalid extensions whereas
+ every previous version of OpenSSL and SSLeay made no checks at all.
+
+ Trust code: checks the root CA for the relevant trust settings. Trust
+ settings have an initial value consistent with the verify purpose: e.g.
+ if the verify purpose is for SSL client use it expects the CA to be
+ trusted for SSL client use. However the default value can be changed to
+ permit custom trust settings: one example of this would be to only trust
+ certificates from a specific "secure" set of CAs.
+
+ Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions
+ which should be used for version portability: especially since the
+ verify structure is likely to change more often now.
+
+ SSL integration. Add purpose and trust to SSL_CTX and SSL and functions
+ to set them. If not set then assume SSL clients will verify SSL servers
+ and vice versa.
+
+ Two new options to the verify program: -untrusted allows a set of
+ untrusted certificates to be passed in and -purpose which sets the
+ intended purpose of the certificate. If a purpose is set then the
+ new chain verify code is used to check extension consistency.
+ [Steve Henson]
+
+ *) Support for the authority information access extension.
+ [Steve Henson]
+
+ *) Modify RSA and DSA PEM read routines to transparently handle
+ PKCS#8 format private keys. New *_PUBKEY_* functions that handle
+ public keys in a format compatible with certificate
+ SubjectPublicKeyInfo structures. Unfortunately there were already
+ functions called *_PublicKey_* which used various odd formats so
+ these are retained for compatibility: however the DSA variants were
+ never in a public release so they have been deleted. Changed dsa/rsa
+ utilities to handle the new format: note no releases ever handled public
+ keys so we should be OK.
+
+ The primary motivation for this change is to avoid the same fiasco
+ that dogs private keys: there are several incompatible private key
+ formats some of which are standard and some OpenSSL specific and
+ require various evil hacks to allow partial transparent handling and
+ even then it doesn't work with DER formats. Given the option anything
+ other than PKCS#8 should be dumped: but the other formats have to
+ stay in the name of compatibility.
+
+ With public keys and the benefit of hindsight one standard format
+ is used which works with EVP_PKEY, RSA or DSA structures: though
+ it clearly returns an error if you try to read the wrong kind of key.
+
+ Added a -pubkey option to the 'x509' utility to output the public key.
+ Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*()
+ (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add
+ EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*())
+ that do the same as the EVP_PKEY_assign_*() except they up the
+ reference count of the added key (they don't "swallow" the
+ supplied key).
+ [Steve Henson]
+
+ *) Fixes to crypto/x509/by_file.c the code to read in certificates and
+ CRLs would fail if the file contained no certificates or no CRLs:
+ added a new function to read in both types and return the number
+ read: this means that if none are read it will be an error. The
+ DER versions of the certificate and CRL reader would always fail
+ because it isn't possible to mix certificates and CRLs in DER format
+ without choking one or the other routine. Changed this to just read
+ a certificate: this is the best we can do. Also modified the code
+ in apps/verify.c to take notice of return codes: it was previously
+ attempting to read in certificates from NULL pointers and ignoring
+ any errors: this is one reason why the cert and CRL reader seemed
+ to work. It doesn't check return codes from the default certificate
+ routines: these may well fail if the certificates aren't installed.
+ [Steve Henson]
+
+ *) Code to support otherName option in GeneralName.
+ [Steve Henson]
+
+ *) First update to verify code. Change the verify utility
+ so it warns if it is passed a self signed certificate:
+ for consistency with the normal behaviour. X509_verify
+ has been modified to it will now verify a self signed
+ certificate if *exactly* the same certificate appears
+ in the store: it was previously impossible to trust a
+ single self signed certificate. This means that:
+ openssl verify ss.pem
+ now gives a warning about a self signed certificate but
+ openssl verify -CAfile ss.pem ss.pem
+ is OK.
+ [Steve Henson]
+
+ *) For servers, store verify_result in SSL_SESSION data structure
+ (and add it to external session representation).
+ This is needed when client certificate verifications fails,
+ but an application-provided verification callback (set by
+ SSL_CTX_set_cert_verify_callback) allows accepting the session
+ anyway (i.e. leaves x509_store_ctx->error != X509_V_OK
+ but returns 1): When the session is reused, we have to set
+ ssl->verify_result to the appropriate error code to avoid
+ security holes.
+ [Bodo Moeller, problem pointed out by Lutz Jaenicke]
+
+ *) Fix a bug in the new PKCS#7 code: it didn't consider the
+ case in PKCS7_dataInit() where the signed PKCS7 structure
+ didn't contain any existing data because it was being created.
+ [Po-Cheng Chen <pocheng at nst.com.tw>, slightly modified by Steve Henson]
+
+ *) Add a salt to the key derivation routines in enc.c. This
+ forms the first 8 bytes of the encrypted file. Also add a
+ -S option to allow a salt to be input on the command line.
+ [Steve Henson]
+
+ *) New function X509_cmp(). Oddly enough there wasn't a function
+ to compare two certificates. We do this by working out the SHA1
+ hash and comparing that. X509_cmp() will be needed by the trust
+ code.
+ [Steve Henson]
+
+ *) SSL_get1_session() is like SSL_get_session(), but increments
+ the reference count in the SSL_SESSION returned.
+ [Geoff Thorpe <geoff at eu.c2.net>]
+
+ *) Fix for 'req': it was adding a null to request attributes.
+ Also change the X509_LOOKUP and X509_INFO code to handle
+ certificate auxiliary information.
+ [Steve Henson]
+
+ *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
+ the 'enc' command.
+ [Steve Henson]
+
+ *) Add the possibility to add extra information to the memory leak
+ detecting output, to form tracebacks, showing from where each
+ allocation was originated: CRYPTO_push_info("constant string") adds
+ the string plus current file name and line number to a per-thread
+ stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info()
+ is like calling CYRPTO_pop_info() until the stack is empty.
+ Also updated memory leak detection code to be multi-thread-safe.
+ [Richard Levitte]
+
+ *) Add options -text and -noout to pkcs7 utility and delete the
+ encryption options which never did anything. Update docs.
+ [Steve Henson]
+
+ *) Add options to some of the utilities to allow the pass phrase
+ to be included on either the command line (not recommended on
+ OSes like Unix) or read from the environment. Update the
+ manpages and fix a few bugs.
+ [Steve Henson]
+
+ *) Add a few manpages for some of the openssl commands.
+ [Steve Henson]
+
+ *) Fix the -revoke option in ca. It was freeing up memory twice,
+ leaking and not finding already revoked certificates.
+ [Steve Henson]
+
+ *) Extensive changes to support certificate auxiliary information.
+ This involves the use of X509_CERT_AUX structure and X509_AUX
+ functions. An X509_AUX function such as PEM_read_X509_AUX()
+ can still read in a certificate file in the usual way but it
+ will also read in any additional "auxiliary information". By
+ doing things this way a fair degree of compatibility can be
+ retained: existing certificates can have this information added
+ using the new 'x509' options.
+
+ Current auxiliary information includes an "alias" and some trust
+ settings. The trust settings will ultimately be used in enhanced
+ certificate chain verification routines: currently a certificate
+ can only be trusted if it is self signed and then it is trusted
+ for all purposes.
+ [Steve Henson]
+
+ *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).
+ The problem was that one of the replacement routines had not been working
+ since SSLeay releases. For now the offending routine has been replaced
+ with non-optimised assembler. Even so, this now gives around 95%
+ performance improvement for 1024 bit RSA signs.
+ [Mark Cox]
+
+ *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2
+ handling. Most clients have the effective key size in bits equal to
+ the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key.
+ A few however don't do this and instead use the size of the decrypted key
+ to determine the RC2 key length and the AlgorithmIdentifier to determine
+ the effective key length. In this case the effective key length can still
+ be 40 bits but the key length can be 168 bits for example. This is fixed
+ by manually forcing an RC2 key into the EVP_PKEY structure because the
+ EVP code can't currently handle unusual RC2 key sizes: it always assumes
+ the key length and effective key length are equal.
+ [Steve Henson]
+
+ *) Add a bunch of functions that should simplify the creation of
+ X509_NAME structures. Now you should be able to do:
+ X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0);
+ and have it automatically work out the correct field type and fill in
+ the structures. The more adventurous can try:
+ X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0);
+ and it will (hopefully) work out the correct multibyte encoding.
+ [Steve Henson]
+
+ *) Change the 'req' utility to use the new field handling and multibyte
+ copy routines. Before the DN field creation was handled in an ad hoc
+ way in req, ca, and x509 which was rather broken and didn't support
+ BMPStrings or UTF8Strings. Since some software doesn't implement
+ BMPStrings or UTF8Strings yet, they can be enabled using the config file
+ using the dirstring_type option. See the new comment in the default
+ openssl.cnf for more info.
+ [Steve Henson]
+
+ *) Make crypto/rand/md_rand.c more robust:
+ - Assure unique random numbers after fork().
+ - Make sure that concurrent threads access the global counter and
+ md serializably so that we never lose entropy in them
+ or use exactly the same state in multiple threads.
+ Access to the large state is not always serializable because
+ the additional locking could be a performance killer, and
+ md should be large enough anyway.
+ [Bodo Moeller]
+
+ *) New file apps/app_rand.c with commonly needed functionality
+ for handling the random seed file.
+
+ Use the random seed file in some applications that previously did not:
+ ca,
+ dsaparam -genkey (which also ignored its '-rand' option),
+ s_client,
+ s_server,
+ x509 (when signing).
+ Except on systems with /dev/urandom, it is crucial to have a random
+ seed file at least for key creation, DSA signing, and for DH exchanges;
+ for RSA signatures we could do without one.
+
+ gendh and gendsa (unlike genrsa) used to read only the first byte
+ of each file listed in the '-rand' option. The function as previously
+ found in genrsa is now in app_rand.c and is used by all programs
+ that support '-rand'.
+ [Bodo Moeller]
+
+ *) In RAND_write_file, use mode 0600 for creating files;
+ don't just chmod when it may be too late.
+ [Bodo Moeller]
+
+ *) Report an error from X509_STORE_load_locations
+ when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
+ [Bill Perry]
+
+ *) New function ASN1_mbstring_copy() this copies a string in either
+ ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
+ into an ASN1_STRING type. A mask of permissible types is passed
+ and it chooses the "minimal" type to use or an error if not type
+ is suitable.
+ [Steve Henson]
+
+ *) Add function equivalents to the various macros in asn1.h. The old
+ macros are retained with an M_ prefix. Code inside the library can
+ use the M_ macros. External code (including the openssl utility)
+ should *NOT* in order to be "shared library friendly".
+ [Steve Henson]
+
+ *) Add various functions that can check a certificate's extensions
+ to see if it usable for various purposes such as SSL client,
+ server or S/MIME and CAs of these types. This is currently
+ VERY EXPERIMENTAL but will ultimately be used for certificate chain
+ verification. Also added a -purpose flag to x509 utility to
+ print out all the purposes.
+ [Steve Henson]
+
+ *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated
+ functions.
+ [Steve Henson]
+
+ *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search
+ for, obtain and decode and extension and obtain its critical flag.
+ This allows all the necessary extension code to be handled in a
+ single function call.
+ [Steve Henson]
+
+ *) RC4 tune-up featuring 30-40% performance improvement on most RISC
+ platforms. See crypto/rc4/rc4_enc.c for further details.
+ [Andy Polyakov]
+
+ *) New -noout option to asn1parse. This causes no output to be produced
+ its main use is when combined with -strparse and -out to extract data
+ from a file (which may not be in ASN.1 format).
+ [Steve Henson]
+
+ *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
+ when producing the local key id.
+ [Richard Levitte <levitte at stacken.kth.se>]
+
+ *) New option -dhparam in s_server. This allows a DH parameter file to be
+ stated explicitly. If it is not stated then it tries the first server
+ certificate file. The previous behaviour hard coded the filename
+ "server.pem".
+ [Steve Henson]
+
+ *) Add -pubin and -pubout options to the rsa and dsa commands. These allow
+ a public key to be input or output. For example:
+ openssl rsa -in key.pem -pubout -out pubkey.pem
+ Also added necessary DSA public key functions to handle this.
+ [Steve Henson]
+
+ *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained
+ in the message. This was handled by allowing
+ X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.
+ [Steve Henson, reported by Sampo Kellomaki <sampo at mail.neuronio.pt>]
+
+ *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null
+ to the end of the strings whereas this didn't. This would cause problems
+ if strings read with d2i_ASN1_bytes() were later modified.
+ [Steve Henson, reported by Arne Ansper <arne at ats.cyber.ee>]
+
+ *) Fix for base64 decode bug. When a base64 bio reads only one line of
+ data and it contains EOF it will end up returning an error. This is
+ caused by input 46 bytes long. The cause is due to the way base64
+ BIOs find the start of base64 encoded data. They do this by trying a
+ trial decode on each line until they find one that works. When they
+ do a flag is set and it starts again knowing it can pass all the
+ data directly through the decoder. Unfortunately it doesn't reset
+ the context it uses. This means that if EOF is reached an attempt
+ is made to pass two EOFs through the context and this causes the
+ resulting error. This can also cause other problems as well. As is
+ usual with these problems it takes *ages* to find and the fix is
+ trivial: move one line.
+ [Steve Henson, reported by ian at uns.ns.ac.yu (Ivan Nejgebauer) ]
+
+ *) Ugly workaround to get s_client and s_server working under Windows. The
+ old code wouldn't work because it needed to select() on sockets and the
+ tty (for keypresses and to see if data could be written). Win32 only
+ supports select() on sockets so we select() with a 1s timeout on the
+ sockets and then see if any characters are waiting to be read, if none
+ are present then we retry, we also assume we can always write data to
+ the tty. This isn't nice because the code then blocks until we've
+ received a complete line of data and it is effectively polling the
+ keyboard at 1s intervals: however it's quite a bit better than not
+ working at all :-) A dedicated Windows application might handle this
+ with an event loop for example.
+ [Steve Henson]
+
+ *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign
+ and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions
+ will be called when RSA_sign() and RSA_verify() are used. This is useful
+ if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.
+ For this to work properly RSA_public_decrypt() and RSA_private_encrypt()
+ should *not* be used: RSA_sign() and RSA_verify() must be used instead.
+ This necessitated the support of an extra signature type NID_md5_sha1
+ for SSL signatures and modifications to the SSL library to use it instead
+ of calling RSA_public_decrypt() and RSA_private_encrypt().
+ [Steve Henson]
+
+ *) Add new -verify -CAfile and -CApath options to the crl program, these
+ will lookup a CRL issuers certificate and verify the signature in a
+ similar way to the verify program. Tidy up the crl program so it
+ no longer accesses structures directly. Make the ASN1 CRL parsing a bit
+ less strict. It will now permit CRL extensions even if it is not
+ a V2 CRL: this will allow it to tolerate some broken CRLs.
+ [Steve Henson]
+
+ *) Initialize all non-automatic variables each time one of the openssl
+ sub-programs is started (this is necessary as they may be started
+ multiple times from the "OpenSSL>" prompt).
+ [Lennart Bang, Bodo Moeller]
+
+ *) Preliminary compilation option RSA_NULL which disables RSA crypto without
+ removing all other RSA functionality (this is what NO_RSA does). This
+ is so (for example) those in the US can disable those operations covered
+ by the RSA patent while allowing storage and parsing of RSA keys and RSA
+ key generation.
+ [Steve Henson]
+
+ *) Non-copying interface to BIO pairs.
+ (still largely untested)
+ [Bodo Moeller]
+
+ *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive
+ ASCII string. This was handled independently in various places before.
+ [Steve Henson]
+
+ *) New functions UTF8_getc() and UTF8_putc() that parse and generate
+ UTF8 strings a character at a time.
+ [Steve Henson]
+
+ *) Use client_version from client hello to select the protocol
+ (s23_srvr.c) and for RSA client key exchange verification
+ (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.
+ [Bodo Moeller]
+
+ *) Add various utility functions to handle SPKACs, these were previously
+ handled by poking round in the structure internals. Added new function
+ NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
+ print, verify and generate SPKACs. Based on an original idea from
+ Massimiliano Pala <madwolf at comune.modena.it> but extensively modified.
+ [Steve Henson]
+
+ *) RIPEMD160 is operational on all platforms and is back in 'make test'.
+ [Andy Polyakov]
+
+ *) Allow the config file extension section to be overwritten on the
+ command line. Based on an original idea from Massimiliano Pala
+ <madwolf at comune.modena.it>. The new option is called -extensions
+ and can be applied to ca, req and x509. Also -reqexts to override
+ the request extensions in req and -crlexts to override the crl extensions
+ in ca.
+ [Steve Henson]
+
+ *) Add new feature to the SPKAC handling in ca. Now you can include
+ the same field multiple times by preceding it by "XXXX." for example:
+ 1.OU="Unit name 1"
+ 2.OU="Unit name 2"
+ this is the same syntax as used in the req config file.
+ [Steve Henson]
+
+ *) Allow certificate extensions to be added to certificate requests. These
+ are specified in a 'req_extensions' option of the req section of the
+ config file. They can be printed out with the -text option to req but
+ are otherwise ignored at present.
+ [Steve Henson]
+
+ *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first
+ data read consists of only the final block it would not decrypted because
+ EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
+ A misplaced 'break' also meant the decrypted final block might not be
+ copied until the next read.
+ [Steve Henson]
+
+ *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
+ a few extra parameters to the DH structure: these will be useful if
+ for example we want the value of 'q' or implement X9.42 DH.
+ [Steve Henson]
+
+ *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
+ provides hooks that allow the default DSA functions or functions on a
+ "per key" basis to be replaced. This allows hardware acceleration and
+ hardware key storage to be handled without major modification to the
+ library. Also added low level modexp hooks and CRYPTO_EX structure and
+ associated functions.
+ [Steve Henson]
+
+ *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
+ as "read only": it can't be written to and the buffer it points to will
+ not be freed. Reading from a read only BIO is much more efficient than
+ a normal memory BIO. This was added because there are several times when
+ an area of memory needs to be read from a BIO. The previous method was
+ to create a memory BIO and write the data to it, this results in two
+ copies of the data and an O(n^2) reading algorithm. There is a new
+ function BIO_new_mem_buf() which creates a read only memory BIO from
+ an area of memory. Also modified the PKCS#7 routines to use read only
+ memory BIOs.
+ [Steve Henson]
+
+ *) Bugfix: ssl23_get_client_hello did not work properly when called in
+ state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
+ a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
+ but a retry condition occured while trying to read the rest.
+ [Bodo Moeller]
+
+ *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
+ NID_pkcs7_encrypted by default: this was wrong since this should almost
+ always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
+ the encrypted data type: this is a more sensible place to put it and it
+ allows the PKCS#12 code to be tidied up that duplicated this
+ functionality.
+ [Steve Henson]
+
+ *) Changed obj_dat.pl script so it takes its input and output files on
+ the command line. This should avoid shell escape redirection problems
+ under Win32.
+ [Steve Henson]
+
+ *) Initial support for certificate extension requests, these are included
+ in things like Xenroll certificate requests. Included functions to allow
+ extensions to be obtained and added.
+ [Steve Henson]
+
+ *) -crlf option to s_client and s_server for sending newlines as
+ CRLF (as required by many protocols).
+ [Bodo Moeller]
+
+ Changes between 0.9.3a and 0.9.4 [09 Aug 1999]
+
+ *) Install libRSAglue.a when OpenSSL is built with RSAref.
+ [Ralf S. Engelschall]
+
+ *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
+ [Andrija Antonijevic <TheAntony2 at bigfoot.com>]
+
+ *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
+ program.
+ [Steve Henson]
+
+ *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
+ DH parameters/keys (q is lost during that conversion, but the resulting
+ DH parameters contain its length).
+
+ For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
+ much faster than DH_generate_parameters (which creates parameters
+ where p = 2*q + 1), and also the smaller q makes DH computations
+ much more efficient (160-bit exponentiation instead of 1024-bit
+ exponentiation); so this provides a convenient way to support DHE
+ ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of
+ utter importance to use
+ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+ or
+ SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+ when such DH parameters are used, because otherwise small subgroup
+ attacks may become possible!
+ [Bodo Moeller]
+
+ *) Avoid memory leak in i2d_DHparams.
+ [Bodo Moeller]
+
+ *) Allow the -k option to be used more than once in the enc program:
+ this allows the same encrypted message to be read by multiple recipients.
+ [Steve Henson]
+
+ *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
+ an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
+ it will always use the numerical form of the OID, even if it has a short
+ or long name.
+ [Steve Henson]
+
+ *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+ method only got called if p,q,dmp1,dmq1,iqmp components were present,
+ otherwise bn_mod_exp was called. In the case of hardware keys for example
+ no private key components need be present and it might store extra data
+ in the RSA structure, which cannot be accessed from bn_mod_exp.
+ By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for
+ private key operations.
+ [Steve Henson]
+
+ *) Added support for SPARC Linux.
+ [Andy Polyakov]
+
+ *) pem_password_cb function type incompatibly changed from
+ typedef int pem_password_cb(char *buf, int size, int rwflag);
+ to
+ ....(char *buf, int size, int rwflag, void *userdata);
+ so that applications can pass data to their callbacks:
+ The PEM[_ASN1]_{read,write}... functions and macros now take an
+ additional void * argument, which is just handed through whenever
+ the password callback is called.
+ [Damien Miller <dmiller at ilogic.com.au>; tiny changes by Bodo Moeller]
+
+ New function SSL_CTX_set_default_passwd_cb_userdata.
+
+ Compatibility note: As many C implementations push function arguments
+ onto the stack in reverse order, the new library version is likely to
+ interoperate with programs that have been compiled with the old
+ pem_password_cb definition (PEM_whatever takes some data that
+ happens to be on the stack as its last argument, and the callback
+ just ignores this garbage); but there is no guarantee whatsoever that
+ this will work.
+
+ *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
+ (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
+ problems not only on Windows, but also on some Unix platforms.
+ To avoid problematic command lines, these definitions are now in an
+ auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
+ for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
+ [Bodo Moeller]
+
+ *) MIPS III/IV assembler module is reimplemented.
+ [Andy Polyakov]
+
+ *) More DES library cleanups: remove references to srand/rand and
+ delete an unused file.
+ [Ulf M\xF6ller]
+
+ *) Add support for the the free Netwide assembler (NASM) under Win32,
+ since not many people have MASM (ml) and it can be hard to obtain.
+ This is currently experimental but it seems to work OK and pass all
+ the tests. Check out INSTALL.W32 for info.
+ [Steve Henson]
+
+ *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
+ without temporary keys kept an extra copy of the server key,
+ and connections with temporary keys did not free everything in case
+ of an error.
+ [Bodo Moeller]
+
+ *) New function RSA_check_key and new openssl rsa option -check
+ for verifying the consistency of RSA keys.
+ [Ulf Moeller, Bodo Moeller]
+
+ *) Various changes to make Win32 compile work:
+ 1. Casts to avoid "loss of data" warnings in p5_crpt2.c
+ 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
+ comparison" warnings.
+ 3. Add sk_<TYPE>_sort to DEF file generator and do make update.
+ [Steve Henson]
+
+ *) Add a debugging option to PKCS#5 v2 key generation function: when
+ you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
+ derived keys are printed to stderr.
+ [Steve Henson]
+
+ *) Copy the flags in ASN1_STRING_dup().
+ [Roman E. Pavlov <pre at mo.msk.ru>]
+
+ *) The x509 application mishandled signing requests containing DSA
+ keys when the signing key was also DSA and the parameters didn't match.
+
+ It was supposed to omit the parameters when they matched the signing key:
+ the verifying software was then supposed to automatically use the CA's
+ parameters if they were absent from the end user certificate.
+
+ Omitting parameters is no longer recommended. The test was also
+ the wrong way round! This was probably due to unusual behaviour in
+ EVP_cmp_parameters() which returns 1 if the parameters match.
+ This meant that parameters were omitted when they *didn't* match and
+ the certificate was useless. Certificates signed with 'ca' didn't have
+ this bug.
+ [Steve Henson, reported by Doug Erickson <Doug.Erickson at Part.NET>]
+
+ *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
+ The interface is as follows:
+ Applications can use
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
+ "off" is now the default.
+ The library internally uses
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
+ to disable memory-checking temporarily.
+
+ Some inconsistent states that previously were possible (and were
+ even the default) are now avoided.
+
+ -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
+ with each memory chunk allocated; this is occasionally more helpful
+ than just having a counter.
+
+ -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.
+
+ -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future
+ extensions.
+ [Bodo Moeller]
+
+ *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
+ which largely parallels "options", but is for changing API behaviour,
+ whereas "options" are about protocol behaviour.
+ Initial "mode" flags are:
+
+ SSL_MODE_ENABLE_PARTIAL_WRITE Allow SSL_write to report success when
+ a single record has been written.
+ SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Don't insist that SSL_write
+ retries use the same buffer location.
+ (But all of the contents must be
+ copied!)
+ [Bodo Moeller]
+
+ *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
+ worked.
+
+ *) Fix problems with no-hmac etc.
+ [Ulf M\xF6ller, pointed out by Brian Wellington <bwelling at tislabs.com>]
+
+ *) New functions RSA_get_default_method(), RSA_set_method() and
+ RSA_get_method(). These allows replacement of RSA_METHODs without having
+ to mess around with the internals of an RSA structure.
+ [Steve Henson]
+
+ *) Fix memory leaks in DSA_do_sign and DSA_is_prime.
+ Also really enable memory leak checks in openssl.c and in some
+ test programs.
+ [Chad C. Mulligan, Bodo Moeller]
+
+ *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
+ up the length of negative integers. This has now been simplified to just
+ store the length when it is first determined and use it later, rather
+ than trying to keep track of where data is copied and updating it to
+ point to the end.
+ [Steve Henson, reported by Brien Wheeler
+ <bwheeler at authentica-security.com>]
+
+ *) Add a new function PKCS7_signatureVerify. This allows the verification
+ of a PKCS#7 signature but with the signing certificate passed to the
+ function itself. This contrasts with PKCS7_dataVerify which assumes the
+ certificate is present in the PKCS#7 structure. This isn't always the
+ case: certificates can be omitted from a PKCS#7 structure and be
+ distributed by "out of band" means (such as a certificate database).
+ [Steve Henson]
+
+ *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
+ function prototypes in pem.h, also change util/mkdef.pl to add the
+ necessary function names.
+ [Steve Henson]
+
+ *) mk1mf.pl (used by Windows builds) did not properly read the
+ options set by Configure in the top level Makefile, and Configure
+ was not even able to write more than one option correctly.
+ Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
+ [Bodo Moeller]
+
+ *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
+ file to be loaded from a BIO or FILE pointer. The BIO version will
+ for example allow memory BIOs to contain config info.
+ [Steve Henson]
+
+ *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
+ Whoever hopes to achieve shared-library compatibility across versions
+ must use this, not the compile-time macro.
+ (Exercise 0.9.4: Which is the minimum library version required by
+ such programs?)
+ Note: All this applies only to multi-threaded programs, others don't
+ need locks.
+ [Bodo Moeller]
+
+ *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
+ through a BIO pair triggered the default case, i.e.
+ SSLerr(...,SSL_R_UNKNOWN_STATE).
+ [Bodo Moeller]
+
+ *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
+ can use the SSL library even if none of the specific BIOs is
+ appropriate.
+ [Bodo Moeller]
+
+ *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
+ for the encoded length.
+ [Jeon KyoungHo <khjeon at sds.samsung.co.kr>]
+
+ *) Add initial documentation of the X509V3 functions.
+ [Steve Henson]
+
+ *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and
+ PEM_write_bio_PKCS8PrivateKey() that are equivalent to
+ PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
+ secure PKCS#8 private key format with a high iteration count.
+ [Steve Henson]
+
+ *) Fix determination of Perl interpreter: A perl or perl5
+ _directory_ in $PATH was also accepted as the interpreter.
+ [Ralf S. Engelschall]
+
+ *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
+ wrong with it but it was very old and did things like calling
+ PEM_ASN1_read() directly and used MD5 for the hash not to mention some
+ unusual formatting.
+ [Steve Henson]
+
+ *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
+ to use the new extension code.
+ [Steve Henson]
+
+ *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
+ with macros. This should make it easier to change their form, add extra
+ arguments etc. Fix a few PEM prototypes which didn't have cipher as a
+ constant.
+ [Steve Henson]
+
+ *) Add to configuration table a new entry that can specify an alternative
+ name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
+ according to Mark Crispin <MRC at Panda.COM>.
+ [Bodo Moeller]
+
+#if 0
+ *) DES CBC did not update the IV. Weird.
+ [Ben Laurie]
+#else
+ des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
+ Changing the behaviour of the former might break existing programs --
+ where IV updating is needed, des_ncbc_encrypt can be used.
+#endif
+
+ *) When bntest is run from "make test" it drives bc to check its
+ calculations, as well as internally checking them. If an internal check
+ fails, it needs to cause bc to give a non-zero result or make test carries
+ on without noticing the failure. Fixed.
+ [Ben Laurie]
+
+ *) DES library cleanups.
+ [Ulf M\xF6ller]
+
+ *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
+ used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
+ ciphers. NOTE: although the key derivation function has been verified
+ against some published test vectors it has not been extensively tested
+ yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
+ of v2.0.
+ [Steve Henson]
+
+ *) Instead of "mkdir -p", which is not fully portable, use new
+ Perl script "util/mkdir-p.pl".
+ [Bodo Moeller]
+
+ *) Rewrite the way password based encryption (PBE) is handled. It used to
+ assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
+ structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
+ but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
+ the 'parameter' field of the AlgorithmIdentifier is passed to the
+ underlying key generation function so it must do its own ASN1 parsing.
+ This has also changed the EVP_PBE_CipherInit() function which now has a
+ 'parameter' argument instead of literal salt and iteration count values
+ and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
+ [Steve Henson]
+
+ *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
+ and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
+ Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
+ KEY" because this clashed with PKCS#8 unencrypted string. Since this
+ value was just used as a "magic string" and not used directly its
+ value doesn't matter.
+ [Steve Henson]
+
+ *) Introduce some semblance of const correctness to BN. Shame C doesn't
+ support mutable.
+ [Ben Laurie]
+
+ *) "linux-sparc64" configuration (ultrapenguin).
+ [Ray Miller <ray.miller at oucs.ox.ac.uk>]
+ "linux-sparc" configuration.
+ [Christian Forster <fo at hawo.stw.uni-erlangen.de>]
+
+ *) config now generates no-xxx options for missing ciphers.
+ [Ulf M\xF6ller]
+
+ *) Support the EBCDIC character set (work in progress).
+ File ebcdic.c not yet included because it has a different license.
+ [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
+
+ *) Support BS2000/OSD-POSIX.
+ [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>]
+
+ *) Make callbacks for key generation use void * instead of char *.
+ [Ben Laurie]
+
+ *) Make S/MIME samples compile (not yet tested).
+ [Ben Laurie]
+
+ *) Additional typesafe stacks.
+ [Ben Laurie]
+
+ *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).
+ [Bodo Moeller]
+
+
+ Changes between 0.9.3 and 0.9.3a [29 May 1999]
+
+ *) New configuration variant "sco5-gcc".
+
+ *) Updated some demos.
+ [Sean O Riordain, Wade Scholine]
+
+ *) Add missing BIO_free at exit of pkcs12 application.
+ [Wu Zhigang]
+
+ *) Fix memory leak in conf.c.
+ [Steve Henson]
+
+ *) Updates for Win32 to assembler version of MD5.
+ [Steve Henson]
+
+ *) Set #! path to perl in apps/der_chop to where we found it
+ instead of using a fixed path.
+ [Bodo Moeller]
+
+ *) SHA library changes for irix64-mips4-cc.
+ [Andy Polyakov]
+
+ *) Improvements for VMS support.
+ [Richard Levitte]
+
+
+ Changes between 0.9.2b and 0.9.3 [24 May 1999]
+
+ *) Bignum library bug fix. IRIX 6 passes "make test" now!
+ This also avoids the problems with SC4.2 and unpatched SC5.
+ [Andy Polyakov <appro at fy.chalmers.se>]
+
+ *) New functions sk_num, sk_value and sk_set to replace the previous macros.
+ These are required because of the typesafe stack would otherwise break
+ existing code. If old code used a structure member which used to be STACK
+ and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
+ sk_num or sk_value it would produce an error because the num, data members
+ are not present in STACK_OF. Now it just produces a warning. sk_set
+ replaces the old method of assigning a value to sk_value
+ (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
+ that does this will no longer work (and should use sk_set instead) but
+ this could be regarded as a "questionable" behaviour anyway.
+ [Steve Henson]
+
+ *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
+ correctly handle encrypted S/MIME data.
+ [Steve Henson]
+
+ *) Change type of various DES function arguments from des_cblock
+ (which means, in function argument declarations, pointer to char)
+ to des_cblock * (meaning pointer to array with 8 char elements),
+ which allows the compiler to do more typechecking; it was like
+ that back in SSLeay, but with lots of ugly casts.
+
+ Introduce new type const_des_cblock.
+ [Bodo Moeller]
+
+ *) Reorganise the PKCS#7 library and get rid of some of the more obvious
+ problems: find RecipientInfo structure that matches recipient certificate
+ and initialise the ASN1 structures properly based on passed cipher.
+ [Steve Henson]
+
+ *) Belatedly make the BN tests actually check the results.
+ [Ben Laurie]
+
+ *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
+ to and from BNs: it was completely broken. New compilation option
+ NEG_PUBKEY_BUG to allow for some broken certificates that encode public
+ key elements as negative integers.
+ [Steve Henson]
+
+ *) Reorganize and speed up MD5.
+ [Andy Polyakov <appro at fy.chalmers.se>]
+
+ *) VMS support.
+ [Richard Levitte <richard at levitte.org>]
+
+ *) New option -out to asn1parse to allow the parsed structure to be
+ output to a file. This is most useful when combined with the -strparse
+ option to examine the output of things like OCTET STRINGS.
+ [Steve Henson]
+
+ *) Make SSL library a little more fool-proof by not requiring any longer
+ that SSL_set_{accept,connect}_state be called before
+ SSL_{accept,connect} may be used (SSL_set_..._state is omitted
+ in many applications because usually everything *appeared* to work as
+ intended anyway -- now it really works as intended).
+ [Bodo Moeller]
+
+ *) Move openssl.cnf out of lib/.
+ [Ulf M\xF6ller]
+
+ *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
+ -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
+ -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+
+ [Ralf S. Engelschall]
+
+ *) Various fixes to the EVP and PKCS#7 code. It may now be able to
+ handle PKCS#7 enveloped data properly.
+ [Sebastian Akerman <sak at parallelconsulting.com>, modified by Steve]
+
+ *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
+ copying pointers. The cert_st handling is changed by this in
+ various ways (and thus what used to be known as ctx->default_cert
+ is now called ctx->cert, since we don't resort to s->ctx->[default_]cert
+ any longer when s->cert does not give us what we need).
+ ssl_cert_instantiate becomes obsolete by this change.
+ As soon as we've got the new code right (possibly it already is?),
+ we have solved a couple of bugs of the earlier code where s->cert
+ was used as if it could not have been shared with other SSL structures.
+
+ Note that using the SSL API in certain dirty ways now will result
+ in different behaviour than observed with earlier library versions:
+ Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
+ does not influence s as it used to.
+
+ In order to clean up things more thoroughly, inside SSL_SESSION
+ we don't use CERT any longer, but a new structure SESS_CERT
+ that holds per-session data (if available); currently, this is
+ the peer's certificate chain and, for clients, the server's certificate
+ and temporary key. CERT holds only those values that can have
+ meaningful defaults in an SSL_CTX.
+ [Bodo Moeller]
+
+ *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
+ from the internal representation. Various PKCS#7 fixes: remove some
+ evil casts and set the enc_dig_alg field properly based on the signing
+ key type.
+ [Steve Henson]
+
+ *) Allow PKCS#12 password to be set from the command line or the
+ environment. Let 'ca' get its config file name from the environment
+ variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
+ and 'x509').
+ [Steve Henson]
+
+ *) Allow certificate policies extension to use an IA5STRING for the
+ organization field. This is contrary to the PKIX definition but
+ VeriSign uses it and IE5 only recognises this form. Document 'x509'
+ extension option.
+ [Steve Henson]
+
+ *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,
+ without disallowing inline assembler and the like for non-pedantic builds.
+ [Ben Laurie]
+
+ *) Support Borland C++ builder.
+ [Janez Jere <jj at void.si>, modified by Ulf M\xF6ller]
+
+ *) Support Mingw32.
+ [Ulf M\xF6ller]
+
+ *) SHA-1 cleanups and performance enhancements.
+ [Andy Polyakov <appro at fy.chalmers.se>]
+
+ *) Sparc v8plus assembler for the bignum library.
+ [Andy Polyakov <appro at fy.chalmers.se>]
+
+ *) Accept any -xxx and +xxx compiler options in Configure.
+ [Ulf M\xF6ller]
+
+ *) Update HPUX configuration.
+ [Anonymous]
+
+ *) Add missing sk_<type>_unshift() function to safestack.h
+ [Ralf S. Engelschall]
+
+ *) New function SSL_CTX_use_certificate_chain_file that sets the
+ "extra_cert"s in addition to the certificate. (This makes sense
+ only for "PEM" format files, as chains as a whole are not
+ DER-encoded.)
+ [Bodo Moeller]
+
+ *) Support verify_depth from the SSL API.
+ x509_vfy.c had what can be considered an off-by-one-error:
+ Its depth (which was not part of the external interface)
+ was actually counting the number of certificates in a chain;
+ now it really counts the depth.
+ [Bodo Moeller]
+
+ *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
+ instead of X509err, which often resulted in confusing error
+ messages since the error codes are not globally unique
+ (e.g. an alleged error in ssl3_accept when a certificate
+ didn't match the private key).
+
+ *) New function SSL_CTX_set_session_id_context that allows to set a default
+ value (so that you don't need SSL_set_session_id_context for each
+ connection using the SSL_CTX).
+ [Bodo Moeller]
+
+ *) OAEP decoding bug fix.
+ [Ulf M\xF6ller]
+
+ *) Support INSTALL_PREFIX for package builders, as proposed by
+ David Harris.
+ [Bodo Moeller]
+
+ *) New Configure options "threads" and "no-threads". For systems
+ where the proper compiler options are known (currently Solaris
+ and Linux), "threads" is the default.
+ [Bodo Moeller]
+
+ *) New script util/mklink.pl as a faster substitute for util/mklink.sh.
+ [Bodo Moeller]
+
+ *) Install various scripts to $(OPENSSLDIR)/misc, not to
+ $(INSTALLTOP)/bin -- they shouldn't clutter directories
+ such as /usr/local/bin.
+ [Bodo Moeller]
+
+ *) "make linux-shared" to build shared libraries.
+ [Niels Poppe <niels at netbox.org>]
+
+ *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
+ [Ulf M\xF6ller]
+
+ *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
+ extension adding in x509 utility.
+ [Steve Henson]
+
+ *) Remove NOPROTO sections and error code comments.
+ [Ulf M\xF6ller]
+
+ *) Partial rewrite of the DEF file generator to now parse the ANSI
+ prototypes.
+ [Steve Henson]
+
+ *) New Configure options --prefix=DIR and --openssldir=DIR.
+ [Ulf M\xF6ller]
+
+ *) Complete rewrite of the error code script(s). It is all now handled
+ by one script at the top level which handles error code gathering,
+ header rewriting and C source file generation. It should be much better
+ than the old method: it now uses a modified version of Ulf's parser to
+ read the ANSI prototypes in all header files (thus the old K&R definitions
+ aren't needed for error creation any more) and do a better job of
+ translating function codes into names. The old 'ASN1 error code imbedded
+ in a comment' is no longer necessary and it doesn't use .err files which
+ have now been deleted. Also the error code call doesn't have to appear all
+ on one line (which resulted in some large lines...).
+ [Steve Henson]
+
+ *) Change #include filenames from <foo.h> to <openssl/foo.h>.
+ [Bodo Moeller]
+
+ *) Change behaviour of ssl2_read when facing length-0 packets: Don't return
+ 0 (which usually indicates a closed connection), but continue reading.
+ [Bodo Moeller]
+
+ *) Fix some race conditions.
+ [Bodo Moeller]
+
+ *) Add support for CRL distribution points extension. Add Certificate
+ Policies and CRL distribution points documentation.
+ [Steve Henson]
+
+ *) Move the autogenerated header file parts to crypto/opensslconf.h.
+ [Ulf M\xF6ller]
+
+ *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
+ 8 of keying material. Merlin has also confirmed interop with this fix
+ between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
+ [Merlin Hughes <merlin at baltimore.ie>]
+
+ *) Fix lots of warnings.
+ [Richard Levitte <levitte at stacken.kth.se>]
+
+ *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
+ the directory spec didn't end with a LIST_SEPARATOR_CHAR.
+ [Richard Levitte <levitte at stacken.kth.se>]
+
+ *) Fix problems with sizeof(long) == 8.
+ [Andy Polyakov <appro at fy.chalmers.se>]
+
+ *) Change functions to ANSI C.
+ [Ulf M\xF6ller]
+
+ *) Fix typos in error codes.
+ [Martin Kraemer <Martin.Kraemer at MchP.Siemens.De>, Ulf M\xF6ller]
+
+ *) Remove defunct assembler files from Configure.
+ [Ulf M\xF6ller]
+
+ *) SPARC v8 assembler BIGNUM implementation.
+ [Andy Polyakov <appro at fy.chalmers.se>]
+
+ *) Support for Certificate Policies extension: both print and set.
+ Various additions to support the r2i method this uses.
+ [Steve Henson]
+
+ *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
+ return a const string when you are expecting an allocated buffer.
+ [Ben Laurie]
+
+ *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE
+ types DirectoryString and DisplayText.
+ [Steve Henson]
+
+ *) Add code to allow r2i extensions to access the configuration database,
+ add an LHASH database driver and add several ctx helper functions.
+ [Steve Henson]
+
+ *) Fix an evil bug in bn_expand2() which caused various BN functions to
+ fail when they extended the size of a BIGNUM.
+ [Steve Henson]
+
+ *) Various utility functions to handle SXNet extension. Modify mkdef.pl to
+ support typesafe stack.
+ [Steve Henson]
+
+ *) Fix typo in SSL_[gs]et_options().
+ [Nils Frostberg <nils at medcom.se>]
+
+ *) Delete various functions and files that belonged to the (now obsolete)
+ old X509V3 handling code.
+ [Steve Henson]
+
+ *) New Configure option "rsaref".
+ [Ulf M\xF6ller]
+
+ *) Don't auto-generate pem.h.
+ [Bodo Moeller]
+
+ *) Introduce type-safe ASN.1 SETs.
+ [Ben Laurie]
+
+ *) Convert various additional casted stacks to type-safe STACK_OF() variants.
+ [Ben Laurie, Ralf S. Engelschall, Steve Henson]
+
+ *) Introduce type-safe STACKs. This will almost certainly break lots of code
+ that links with OpenSSL (well at least cause lots of warnings), but fear
+ not: the conversion is trivial, and it eliminates loads of evil casts. A
+ few STACKed things have been converted already. Feel free to convert more.
+ In the fullness of time, I'll do away with the STACK type altogether.
+ [Ben Laurie]
+
+ *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
+ specified in <certfile> by updating the entry in the index.txt file.
+ This way one no longer has to edit the index.txt file manually for
+ revoking a certificate. The -revoke option does the gory details now.
+ [Massimiliano Pala <madwolf at openca.org>, Ralf S. Engelschall]
+
+ *) Fix `openssl crl -noout -text' combination where `-noout' killed the
+ `-text' option at all and this way the `-noout -text' combination was
+ inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
+ [Ralf S. Engelschall]
+
+ *) Make sure a corresponding plain text error message exists for the
+ X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
+ verify callback function determined that a certificate was revoked.
+ [Ralf S. Engelschall]
+
+ *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
+ ciphers that were excluded, e.g. by -DNO_IDEA. Also, test
+ all available cipers including rc5, which was forgotten until now.
+ In order to let the testing shell script know which algorithms
+ are available, a new (up to now undocumented) command
+ "openssl list-cipher-commands" is used.
+ [Bodo Moeller]
+
+ *) Bugfix: s_client occasionally would sleep in select() when
+ it should have checked SSL_pending() first.
+ [Bodo Moeller]
+
+ *) New functions DSA_do_sign and DSA_do_verify to provide access to
+ the raw DSA values prior to ASN.1 encoding.
+ [Ulf M\xF6ller]
+
+ *) Tweaks to Configure
+ [Niels Poppe <niels at netbox.org>]
+
+ *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
+ yet...
+ [Steve Henson]
+
+ *) New variables $(RANLIB) and $(PERL) in the Makefiles.
+ [Ulf M\xF6ller]
+
+ *) New config option to avoid instructions that are illegal on the 80386.
+ The default code is faster, but requires at least a 486.
+ [Ulf M\xF6ller]
+
+ *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+ SSL2_SERVER_VERSION (not used at all) macros, which are now the
+ same as SSL2_VERSION anyway.
+ [Bodo Moeller]
+
+ *) New "-showcerts" option for s_client.
+ [Bodo Moeller]
+
+ *) Still more PKCS#12 integration. Add pkcs12 application to openssl
+ application. Various cleanups and fixes.
+ [Steve Henson]
+
+ *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
+ modify error routines to work internally. Add error codes and PBE init
+ to library startup routines.
+ [Steve Henson]
+
+ *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
+ packing functions to asn1 and evp. Changed function names and error
+ codes along the way.
+ [Steve Henson]
+
+ *) PKCS12 integration: and so it begins... First of several patches to
+ slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
+ objects to objects.h
+ [Steve Henson]
+
+ *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
+ and display support for Thawte strong extranet extension.
+ [Steve Henson]
+
+ *) Add LinuxPPC support.
+ [Jeff Dubrule <igor at pobox.org>]
+
+ *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
+ bn_div_words in alpha.s.
+ [Hannes Reinecke <H.Reinecke at hw.ac.uk> and Ben Laurie]
+
+ *) Make sure the RSA OAEP test is skipped under -DRSAref because
+ OAEP isn't supported when OpenSSL is built with RSAref.
+ [Ulf Moeller <ulf at fitug.de>]
+
+ *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h
+ so they no longer are missing under -DNOPROTO.
+ [Soren S. Jorvang <soren at t.dk>]
+
+
+ Changes between 0.9.1c and 0.9.2b [22 Mar 1999]
+
+ *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
+ doesn't work when the session is reused. Coming soon!
+ [Ben Laurie]
+
+ *) Fix a security hole, that allows sessions to be reused in the wrong
+ context thus bypassing client cert protection! All software that uses
+ client certs and session caches in multiple contexts NEEDS PATCHING to
+ allow session reuse! A fuller solution is in the works.
+ [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
+
+ *) Some more source tree cleanups (removed obsolete files
+ crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
+ permission on "config" script to be executable) and a fix for the INSTALL
+ document.
+ [Ulf Moeller <ulf at fitug.de>]
+
+ *) Remove some legacy and erroneous uses of malloc, free instead of
+ Malloc, Free.
+ [Lennart Bang <lob at netstream.se>, with minor changes by Steve]
+
+ *) Make rsa_oaep_test return non-zero on error.
+ [Ulf Moeller <ulf at fitug.de>]
+
+ *) Add support for native Solaris shared libraries. Configure
+ solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
+ if someone would make that last step automatic.
+ [Matthias Loepfe <Matthias.Loepfe at AdNovum.CH>]
+
+ *) ctx_size was not built with the right compiler during "make links". Fixed.
+ [Ben Laurie]
+
+ *) Change the meaning of 'ALL' in the cipher list. It now means "everything
+ except NULL ciphers". This means the default cipher list will no longer
+ enable NULL ciphers. They need to be specifically enabled e.g. with
+ the string "DEFAULT:eNULL".
+ [Steve Henson]
+
+ *) Fix to RSA private encryption routines: if p < q then it would
+ occasionally produce an invalid result. This will only happen with
+ externally generated keys because OpenSSL (and SSLeay) ensure p > q.
+ [Steve Henson]
+
+ *) Be less restrictive and allow also `perl util/perlpath.pl
+ /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
+ because this way one can also use an interpreter named `perl5' (which is
+ usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
+ installed as `perl').
+ [Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
+
+ *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
+ [Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
+
+ *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
+ advapi32.lib to Win32 build and change the pem test comparision
+ to fc.exe (thanks to Ulrich Kroener <kroneru at yahoo.com> for the
+ suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
+ and crypto/des/ede_cbcm_enc.c.
+ [Steve Henson]
+
+ *) DES quad checksum was broken on big-endian architectures. Fixed.
+ [Ben Laurie]
+
+ *) Comment out two functions in bio.h that aren't implemented. Fix up the
+ Win32 test batch file so it (might) work again. The Win32 test batch file
+ is horrible: I feel ill....
+ [Steve Henson]
+
+ *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
+ in e_os.h. Audit of header files to check ANSI and non ANSI
+ sections: 10 functions were absent from non ANSI section and not exported
+ from Windows DLLs. Fixed up libeay.num for new functions.
+ [Steve Henson]
+
+ *) Make `openssl version' output lines consistent.
+ [Ralf S. Engelschall]
+
+ *) Fix Win32 symbol export lists for BIO functions: Added
+ BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
+ to ms/libeay{16,32}.def.
+ [Ralf S. Engelschall]
+
+ *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
+ fine under Unix and passes some trivial tests I've now added. But the
+ whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
+ added to make sure no one expects that this stuff really works in the
+ OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources
+ up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
+ openssl_bio.xs.
+ [Ralf S. Engelschall]
+
+ *) Fix the generation of two part addresses in perl.
+ [Kenji Miyake <kenji at miyake.org>, integrated by Ben Laurie]
+
+ *) Add config entry for Linux on MIPS.
+ [John Tobey <jtobey at channel1.com>]
+
+ *) Make links whenever Configure is run, unless we are on Windoze.
+ [Ben Laurie]
+
+ *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
+ Currently only issuerAltName and AuthorityKeyIdentifier make any sense
+ in CRLs.
+ [Steve Henson]
+
+ *) Add a useful kludge to allow package maintainers to specify compiler and
+ other platforms details on the command line without having to patch the
+ Configure script everytime: One now can use ``perl Configure
+ <id>:<details>'', i.e. platform ids are allowed to have details appended
+ to them (seperated by colons). This is treated as there would be a static
+ pre-configured entry in Configure's %table under key <id> with value
+ <details> and ``perl Configure <id>'' is called. So, when you want to
+ perform a quick test-compile under FreeBSD 3.1 with pgcc and without
+ assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
+ now, which overrides the FreeBSD-elf entry on-the-fly.
+ [Ralf S. Engelschall]
+
+ *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+ [Ben Laurie]
+
+ *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
+ on the `perl Configure ...' command line. This way one can compile
+ OpenSSL libraries with Position Independent Code (PIC) which is needed
+ for linking it into DSOs.
+ [Ralf S. Engelschall]
+
+ *) Remarkably, export ciphers were totally broken and no-one had noticed!
+ Fixed.
+ [Ben Laurie]
+
+ *) Cleaned up the LICENSE document: The official contact for any license
+ questions now is the OpenSSL core team under openssl-core at openssl.org.
+ And add a paragraph about the dual-license situation to make sure people
+ recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
+ to the OpenSSL toolkit.
+ [Ralf S. Engelschall]
+
+ *) General source tree makefile cleanups: Made `making xxx in yyy...'
+ display consistent in the source tree and replaced `/bin/rm' by `rm'.
+ Additonally cleaned up the `make links' target: Remove unnecessary
+ semicolons, subsequent redundant removes, inline point.sh into mklink.sh
+ to speed processing and no longer clutter the display with confusing
+ stuff. Instead only the actually done links are displayed.
+ [Ralf S. Engelschall]
+
+ *) Permit null encryption ciphersuites, used for authentication only. It used
+ to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
+ It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
+ encryption.
+ [Ben Laurie]
+
+ *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
+ signed attributes when verifying signatures (this would break them),
+ the detached data encoding was wrong and public keys obtained using
+ X509_get_pubkey() weren't freed.
+ [Steve Henson]
+
+ *) Add text documentation for the BUFFER functions. Also added a work around
+ to a Win95 console bug. This was triggered by the password read stuff: the
+ last character typed gets carried over to the next fread(). If you were
+ generating a new cert request using 'req' for example then the last
+ character of the passphrase would be CR which would then enter the first
+ field as blank.
+ [Steve Henson]
+
+ *) Added the new `Includes OpenSSL Cryptography Software' button as
+ doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
+ button and can be used by applications based on OpenSSL to show the
+ relationship to the OpenSSL project.
+ [Ralf S. Engelschall]
+
+ *) Remove confusing variables in function signatures in files
+ ssl/ssl_lib.c and ssl/ssl.h.
+ [Lennart Bong <lob at kulthea.stacken.kth.se>]
+
+ *) Don't install bss_file.c under PREFIX/include/
+ [Lennart Bong <lob at kulthea.stacken.kth.se>]
+
+ *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
+ functions that return function pointers and has support for NT specific
+ stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
+ #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
+ unsigned to signed types: this was killing the Win32 compile.
+ [Steve Henson]
+
+ *) Add new certificate file to stack functions,
+ SSL_add_dir_cert_subjects_to_stack() and
+ SSL_add_file_cert_subjects_to_stack(). These largely supplant
+ SSL_load_client_CA_file(), and can be used to add multiple certs easily
+ to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
+ This means that Apache-SSL and similar packages don't have to mess around
+ to add as many CAs as they want to the preferred list.
+ [Ben Laurie]
+
+ *) Experiment with doxygen documentation. Currently only partially applied to
+ ssl/ssl_lib.c.
+ See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
+ openssl.doxy as the configuration file.
+ [Ben Laurie]
+
+ *) Get rid of remaining C++-style comments which strict C compilers hate.
+ [Ralf S. Engelschall, pointed out by Carlos Amengual]
+
+ *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
+ compiled in by default: it has problems with large keys.
+ [Steve Henson]
+
+ *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
+ DH private keys and/or callback functions which directly correspond to
+ their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
+ is needed for applications which have to configure certificates on a
+ per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
+ (e.g. s_server).
+ For the RSA certificate situation is makes no difference, but
+ for the DSA certificate situation this fixes the "no shared cipher"
+ problem where the OpenSSL cipher selection procedure failed because the
+ temporary keys were not overtaken from the context and the API provided
+ no way to reconfigure them.
+ The new functions now let applications reconfigure the stuff and they
+ are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
+ SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new
+ non-public-API function ssl_cert_instantiate() is used as a helper
+ function and also to reduce code redundancy inside ssl_rsa.c.
+ [Ralf S. Engelschall]
+
+ *) Move s_server -dcert and -dkey options out of the undocumented feature
+ area because they are useful for the DSA situation and should be
+ recognized by the users.
+ [Ralf S. Engelschall]
+
+ *) Fix the cipher decision scheme for export ciphers: the export bits are
+ *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
+ SSL_EXP_MASK. So, the original variable has to be used instead of the
+ already masked variable.
+ [Richard Levitte <levitte at stacken.kth.se>]
+
+ *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
+ [Richard Levitte <levitte at stacken.kth.se>]
+
+ *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
+ from `int' to `unsigned int' because it's a length and initialized by
+ EVP_DigestFinal() which expects an `unsigned int *'.
+ [Richard Levitte <levitte at stacken.kth.se>]
+
+ *) Don't hard-code path to Perl interpreter on shebang line of Configure
+ script. Instead use the usual Shell->Perl transition trick.
+ [Ralf S. Engelschall]
+
+ *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
+ (in addition to RSA certificates) to match the behaviour of `openssl dsa
+ -noout -modulus' as it's already the case for `openssl rsa -noout
+ -modulus'. For RSA the -modulus is the real "modulus" while for DSA
+ currently the public key is printed (a decision which was already done by
+ `openssl dsa -modulus' in the past) which serves a similar purpose.
+ Additionally the NO_RSA no longer completely removes the whole -modulus
+ option; it now only avoids using the RSA stuff. Same applies to NO_DSA
+ now, too.
+ [Ralf S. Engelschall]
+
+ *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
+ BIO. See the source (crypto/evp/bio_ok.c) for more info.
+ [Arne Ansper <arne at ats.cyber.ee>]
+
+ *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
+ to be added. Now both 'req' and 'ca' can use new objects defined in the
+ config file.
+ [Steve Henson]
+
+ *) Add cool BIO that does syslog (or event log on NT).
+ [Arne Ansper <arne at ats.cyber.ee>, integrated by Ben Laurie]
+
+ *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
+ TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
+ TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
+ Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
+ [Ben Laurie]
+
+ *) Add preliminary config info for new extension code.
+ [Steve Henson]
+
+ *) Make RSA_NO_PADDING really use no padding.
+ [Ulf Moeller <ulf at fitug.de>]
+
+ *) Generate errors when private/public key check is done.
+ [Ben Laurie]
+
+ *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
+ for some CRL extensions and new objects added.
+ [Steve Henson]
+
+ *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
+ key usage extension and fuller support for authority key id.
+ [Steve Henson]
+
+ *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
+ padding method for RSA, which is recommended for new applications in PKCS
+ #1 v2.0 (RFC 2437, October 1998).
+ OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
+ foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
+ against Bleichbacher's attack on RSA.
+ [Ulf Moeller <ulf at fitug.de>, reformatted, corrected and integrated by
+ Ben Laurie]
+
+ *) Updates to the new SSL compression code
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Fix so that the version number in the master secret, when passed
+ via RSA, checks that if TLS was proposed, but we roll back to SSLv3
+ (because the server will not accept higher), that the version number
+ is 0x03,0x01, not 0x03,0x00
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
+ leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
+ in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
+ [Steve Henson]
+
+ *) Support for RAW extensions where an arbitrary extension can be
+ created by including its DER encoding. See apps/openssl.cnf for
+ an example.
+ [Steve Henson]
+
+ *) Make sure latest Perl versions don't interpret some generated C array
+ code as Perl array code in the crypto/err/err_genc.pl script.
+ [Lars Weber <3weber at informatik.uni-hamburg.de>]
+
+ *) Modify ms/do_ms.bat to not generate assembly language makefiles since
+ not many people have the assembler. Various Win32 compilation fixes and
+ update to the INSTALL.W32 file with (hopefully) more accurate Win32
+ build instructions.
+ [Steve Henson]
+
+ *) Modify configure script 'Configure' to automatically create crypto/date.h
+ file under Win32 and also build pem.h from pem.org. New script
+ util/mkfiles.pl to create the MINFO file on environments that can't do a
+ 'make files': perl util/mkfiles.pl >MINFO should work.
+ [Steve Henson]
+
+ *) Major rework of DES function declarations, in the pursuit of correctness
+ and purity. As a result, many evil casts evaporated, and some weirdness,
+ too. You may find this causes warnings in your code. Zapping your evil
+ casts will probably fix them. Mostly.
+ [Ben Laurie]
+
+ *) Fix for a typo in asn1.h. Bug fix to object creation script
+ obj_dat.pl. It considered a zero in an object definition to mean
+ "end of object": none of the objects in objects.h have any zeros
+ so it wasn't spotted.
+ [Steve Henson, reported by Erwann ABALEA <eabalea at certplus.com>]
+
+ *) Add support for Triple DES Cipher Block Chaining with Output Feedback
+ Masking (CBCM). In the absence of test vectors, the best I have been able
+ to do is check that the decrypt undoes the encrypt, so far. Send me test
+ vectors if you have them.
+ [Ben Laurie]
+
+ *) Correct calculation of key length for export ciphers (too much space was
+ allocated for null ciphers). This has not been tested!
+ [Ben Laurie]
+
+ *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
+ message is now correct (it understands "crypto" and "ssl" on its
+ command line). There is also now an "update" option. This will update
+ the util/ssleay.num and util/libeay.num files with any new functions.
+ If you do a:
+ perl util/mkdef.pl crypto ssl update
+ it will update them.
+ [Steve Henson]
+
+ *) Overhauled the Perl interface (perl/*):
+ - ported BN stuff to OpenSSL's different BN library
+ - made the perl/ source tree CVS-aware
+ - renamed the package from SSLeay to OpenSSL (the files still contain
+ their history because I've copied them in the repository)
+ - removed obsolete files (the test scripts will be replaced
+ by better Test::Harness variants in the future)
+ [Ralf S. Engelschall]
+
+ *) First cut for a very conservative source tree cleanup:
+ 1. merge various obsolete readme texts into doc/ssleay.txt
+ where we collect the old documents and readme texts.
+ 2. remove the first part of files where I'm already sure that we no
+ longer need them because of three reasons: either they are just temporary
+ files which were left by Eric or they are preserved original files where
+ I've verified that the diff is also available in the CVS via "cvs diff
+ -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
+ the crypto/md/ stuff).
+ [Ralf S. Engelschall]
+
+ *) More extension code. Incomplete support for subject and issuer alt
+ name, issuer and authority key id. Change the i2v function parameters
+ and add an extra 'crl' parameter in the X509V3_CTX structure: guess
+ what that's for :-) Fix to ASN1 macro which messed up
+ IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
+ [Steve Henson]
+
+ *) Preliminary support for ENUMERATED type. This is largely copied from the
+ INTEGER code.
+ [Steve Henson]
+
+ *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Make sure `make rehash' target really finds the `openssl' program.
+ [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe at adnovum.ch>]
+
+ *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
+ like to hear about it if this slows down other processors.
+ [Ben Laurie]
+
+ *) Add CygWin32 platform information to Configure script.
+ [Alan Batie <batie at aahz.jf.intel.com>]
+
+ *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
+ [Rainer W. Gerling <gerling at mpg-gv.mpg.de>]
+
+ *) New program nseq to manipulate netscape certificate sequences
+ [Steve Henson]
+
+ *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
+ few typos.
+ [Steve Henson]
+
+ *) Fixes to BN code. Previously the default was to define BN_RECURSION
+ but the BN code had some problems that would cause failures when
+ doing certificate verification and some other functions.
+ [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+ *) Add ASN1 and PEM code to support netscape certificate sequences.
+ [Steve Henson]
+
+ *) Add ASN1 and PEM code to support netscape certificate sequences.
+ [Steve Henson]
+
+ *) Add several PKIX and private extended key usage OIDs.
+ [Steve Henson]
+
+ *) Modify the 'ca' program to handle the new extension code. Modify
+ openssl.cnf for new extension format, add comments.
+ [Steve Henson]
+
+ *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
+ and add a sample to openssl.cnf so req -x509 now adds appropriate
+ CA extensions.
+ [Steve Henson]
+
+ *) Continued X509 V3 changes. Add to other makefiles, integrate with the
+ error code, add initial support to X509_print() and x509 application.
+ [Steve Henson]
+
+ *) Takes a deep breath and start addding X509 V3 extension support code. Add
+ files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
+ stuff is currently isolated and isn't even compiled yet.
+ [Steve Henson]
+
+ *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
+ ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
+ Removed the versions check from X509 routines when loading extensions:
+ this allows certain broken certificates that don't set the version
+ properly to be processed.
+ [Steve Henson]
+
+ *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
+ Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
+ can still be regenerated with "make depend".
+ [Ben Laurie]
+
+ *) Spelling mistake in C version of CAST-128.
+ [Ben Laurie, reported by Jeremy Hylton <jeremy at cnri.reston.va.us>]
+
+ *) Changes to the error generation code. The perl script err-code.pl
+ now reads in the old error codes and retains the old numbers, only
+ adding new ones if necessary. It also only changes the .err files if new
+ codes are added. The makefiles have been modified to only insert errors
+ when needed (to avoid needlessly modifying header files). This is done
+ by only inserting errors if the .err file is newer than the auto generated
+ C file. To rebuild all the error codes from scratch (the old behaviour)
+ either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
+ or delete all the .err files.
+ [Steve Henson]
+
+ *) CAST-128 was incorrectly implemented for short keys. The C version has
+ been fixed, but is untested. The assembler versions are also fixed, but
+ new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
+ to regenerate it if needed.
+ [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
+ Hagino <itojun at kame.net>]
+
+ *) File was opened incorrectly in randfile.c.
+ [Ulf M\xF6ller <ulf at fitug.de>]
+
+ *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
+ functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
+ GeneralizedTime. ASN1_TIME is the proper type used in certificates et
+ al: it's just almost always a UTCTime. Note this patch adds new error
+ codes so do a "make errors" if there are problems.
+ [Steve Henson]
+
+ *) Correct Linux 1 recognition in config.
+ [Ulf M\xF6ller <ulf at fitug.de>]
+
+ *) Remove pointless MD5 hash when using DSA keys in ca.
+ [Anonymous <nobody at replay.com>]
+
+ *) Generate an error if given an empty string as a cert directory. Also
+ generate an error if handed NULL (previously returned 0 to indicate an
+ error, but didn't set one).
+ [Ben Laurie, reported by Anonymous <nobody at replay.com>]
+
+ *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
+ [Ben Laurie]
+
+ *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
+ parameters. This was causing a warning which killed off the Win32 compile.
+ [Steve Henson]
+
+ *) Remove C++ style comments from crypto/bn/bn_local.h.
+ [Neil Costigan <neil.costigan at celocom.com>]
+
+ *) The function OBJ_txt2nid was broken. It was supposed to return a nid
+ based on a text string, looking up short and long names and finally
+ "dot" format. The "dot" format stuff didn't work. Added new function
+ OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote
+ OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
+ OID is not part of the table.
+ [Steve Henson]
+
+ *) Add prototypes to X509 lookup/verify methods, fixing a bug in
+ X509_LOOKUP_by_alias().
+ [Ben Laurie]
+
+ *) Sort openssl functions by name.
+ [Ben Laurie]
+
+ *) Get the gendsa program working (hopefully) and add it to app list. Remove
+ encryption from sample DSA keys (in case anyone is interested the password
+ was "1234").
+ [Steve Henson]
+
+ *) Make _all_ *_free functions accept a NULL pointer.
+ [Frans Heymans <fheymans at isaserver.be>]
+
+ *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
+ NULL pointers.
+ [Anonymous <nobody at replay.com>]
+
+ *) s_server should send the CAfile as acceptable CAs, not its own cert.
+ [Bodo Moeller <3moeller at informatik.uni-hamburg.de>]
+
+ *) Don't blow it for numeric -newkey arguments to apps/req.
+ [Bodo Moeller <3moeller at informatik.uni-hamburg.de>]
+
+ *) Temp key "for export" tests were wrong in s3_srvr.c.
+ [Anonymous <nobody at replay.com>]
+
+ *) Add prototype for temp key callback functions
+ SSL_CTX_set_tmp_{rsa,dh}_callback().
+ [Ben Laurie]
+
+ *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
+ DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
+ [Steve Henson]
+
+ *) X509_name_add_entry() freed the wrong thing after an error.
+ [Arne Ansper <arne at ats.cyber.ee>]
+
+ *) rsa_eay.c would attempt to free a NULL context.
+ [Arne Ansper <arne at ats.cyber.ee>]
+
+ *) BIO_s_socket() had a broken should_retry() on Windoze.
+ [Arne Ansper <arne at ats.cyber.ee>]
+
+ *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
+ [Arne Ansper <arne at ats.cyber.ee>]
+
+ *) Make sure the already existing X509_STORE->depth variable is initialized
+ in X509_STORE_new(), but document the fact that this variable is still
+ unused in the certificate verification process.
+ [Ralf S. Engelschall]
+
+ *) Fix the various library and apps files to free up pkeys obtained from
+ X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+ [Steve Henson]
+
+ *) Fix reference counting in X509_PUBKEY_get(). This makes
+ demos/maurice/example2.c work, amongst others, probably.
+ [Steve Henson and Ben Laurie]
+
+ *) First cut of a cleanup for apps/. First the `ssleay' program is now named
+ `openssl' and second, the shortcut symlinks for the `openssl <command>'
+ are no longer created. This way we have a single and consistent command
+ line interface `openssl <command>', similar to `cvs <command>'.
+ [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
+
+ *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
+ BIT STRING wrapper always have zero unused bits.
+ [Steve Henson]
+
+ *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
+ [Steve Henson]
+
+ *) Make the top-level INSTALL documentation easier to understand.
+ [Paul Sutton]
+
+ *) Makefiles updated to exit if an error occurs in a sub-directory
+ make (including if user presses ^C) [Paul Sutton]
+
+ *) Make Montgomery context stuff explicit in RSA data structure.
+ [Ben Laurie]
+
+ *) Fix build order of pem and err to allow for generated pem.h.
+ [Ben Laurie]
+
+ *) Fix renumbering bug in X509_NAME_delete_entry().
+ [Ben Laurie]
+
+ *) Enhanced the err-ins.pl script so it makes the error library number
+ global and can add a library name. This is needed for external ASN1 and
+ other error libraries.
+ [Steve Henson]
+
+ *) Fixed sk_insert which never worked properly.
+ [Steve Henson]
+
+ *) Fix ASN1 macros so they can handle indefinite length construted
+ EXPLICIT tags. Some non standard certificates use these: they can now
+ be read in.
+ [Steve Henson]
+
+ *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
+ into a single doc/ssleay.txt bundle. This way the information is still
+ preserved but no longer messes up this directory. Now it's new room for
+ the new set of documenation files.
+ [Ralf S. Engelschall]
+
+ *) SETs were incorrectly DER encoded. This was a major pain, because they
+ shared code with SEQUENCEs, which aren't coded the same. This means that
+ almost everything to do with SETs or SEQUENCEs has either changed name or
+ number of arguments.
+ [Ben Laurie, based on a partial fix by GP Jayan <gp at nsj.co.jp>]
+
+ *) Fix test data to work with the above.
+ [Ben Laurie]
+
+ *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
+ was already fixed by Eric for 0.9.1 it seems.
+ [Ben Laurie - pointed out by Ulf M\xF6ller <ulf at fitug.de>]
+
+ *) Autodetect FreeBSD3.
+ [Ben Laurie]
+
+ *) Fix various bugs in Configure. This affects the following platforms:
+ nextstep
+ ncr-scde
+ unixware-2.0
+ unixware-2.0-pentium
+ sco5-cc.
+ [Ben Laurie]
+
+ *) Eliminate generated files from CVS. Reorder tests to regenerate files
+ before they are needed.
+ [Ben Laurie]
+
+ *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
+ [Ben Laurie]
+
+
+ Changes between 0.9.1b and 0.9.1c [23-Dec-1998]
+
+ *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and
+ changed SSLeay to OpenSSL in version strings.
+ [Ralf S. Engelschall]
+
+ *) Some fixups to the top-level documents.
+ [Paul Sutton]
+
+ *) Fixed the nasty bug where rsaref.h was not found under compile-time
+ because the symlink to include/ was missing.
+ [Ralf S. Engelschall]
+
+ *) Incorporated the popular no-RSA/DSA-only patches
+ which allow to compile a RSA-free SSLeay.
+ [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
+
+ *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
+ when "ssleay" is still not found.
+ [Ralf S. Engelschall]
+
+ *) Added more platforms to Configure: Cray T3E, HPUX 11,
+ [Ralf S. Engelschall, Beckmann <beckman at acl.lanl.gov>]
+
+ *) Updated the README file.
+ [Ralf S. Engelschall]
+
+ *) Added various .cvsignore files in the CVS repository subdirs
+ to make a "cvs update" really silent.
+ [Ralf S. Engelschall]
+
+ *) Recompiled the error-definition header files and added
+ missing symbols to the Win32 linker tables.
+ [Ralf S. Engelschall]
+
+ *) Cleaned up the top-level documents;
+ o new files: CHANGES and LICENSE
+ o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay
+ o merged COPYRIGHT into LICENSE
+ o removed obsolete TODO file
+ o renamed MICROSOFT to INSTALL.W32
+ [Ralf S. Engelschall]
+
+ *) Removed dummy files from the 0.9.1b source tree:
+ crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
+ crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
+ crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
+ crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
+ util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
+ [Ralf S. Engelschall]
+
+ *) Added various platform portability fixes.
+ [Mark J. Cox]
+
+ *) The Genesis of the OpenSSL rpject:
+ We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
+ Young and Tim J. Hudson created while they were working for C2Net until
+ summer 1998.
+ [The OpenSSL Project]
+
+
+ Changes between 0.9.0b and 0.9.1b [not released]
+
+ *) Updated a few CA certificates under certs/
+ [Eric A. Young]
+
+ *) Changed some BIGNUM api stuff.
+ [Eric A. Young]
+
+ *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD,
+ DGUX x86, Linux Alpha, etc.
+ [Eric A. Young]
+
+ *) New COMP library [crypto/comp/] for SSL Record Layer Compression:
+ RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
+ available).
+ [Eric A. Young]
+
+ *) Add -strparse option to asn1pars program which parses nested
+ binary structures
+ [Dr Stephen Henson <shenson at bigfoot.com>]
+
+ *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
+ [Eric A. Young]
+
+ *) DSA fix for "ca" program.
+ [Eric A. Young]
+
+ *) Added "-genkey" option to "dsaparam" program.
+ [Eric A. Young]
+
+ *) Added RIPE MD160 (rmd160) message digest.
+ [Eric A. Young]
+
+ *) Added -a (all) option to "ssleay version" command.
+ [Eric A. Young]
+
+ *) Added PLATFORM define which is the id given to Configure.
+ [Eric A. Young]
+
+ *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
+ [Eric A. Young]
+
+ *) Extended the ASN.1 parser routines.
+ [Eric A. Young]
+
+ *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
+ [Eric A. Young]
+
+ *) Added a BN_CTX to the BN library.
+ [Eric A. Young]
+
+ *) Fixed the weak key values in DES library
+ [Eric A. Young]
+
+ *) Changed API in EVP library for cipher aliases.
+ [Eric A. Young]
+
+ *) Added support for RC2/64bit cipher.
+ [Eric A. Young]
+
+ *) Converted the lhash library to the crypto/mem.c functions.
+ [Eric A. Young]
+
+ *) Added more recognized ASN.1 object ids.
+ [Eric A. Young]
+
+ *) Added more RSA padding checks for SSL/TLS.
+ [Eric A. Young]
+
+ *) Added BIO proxy/filter functionality.
+ [Eric A. Young]
+
+ *) Added extra_certs to SSL_CTX which can be used
+ send extra CA certificates to the client in the CA cert chain sending
+ process. It can be configured with SSL_CTX_add_extra_chain_cert().
+ [Eric A. Young]
+
+ *) Now Fortezza is denied in the authentication phase because
+ this is key exchange mechanism is not supported by SSLeay at all.
+ [Eric A. Young]
+
+ *) Additional PKCS1 checks.
+ [Eric A. Young]
+
+ *) Support the string "TLSv1" for all TLS v1 ciphers.
+ [Eric A. Young]
+
+ *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
+ ex_data index of the SSL context in the X509_STORE_CTX ex_data.
+ [Eric A. Young]
+
+ *) Fixed a few memory leaks.
+ [Eric A. Young]
+
+ *) Fixed various code and comment typos.
+ [Eric A. Young]
+
+ *) A minor bug in ssl/s3_clnt.c where there would always be 4 0
+ bytes sent in the client random.
+ [Edward Bishop <ebishop at spyglass.com>]
+
Deleted: vendor-crypto/openssl/0.9.8zf/INSTALL.DJGPP
===================================================================
--- vendor-crypto/openssl/dist/INSTALL.DJGPP 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/INSTALL.DJGPP 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,47 +0,0 @@
-
-
- INSTALLATION ON THE DOS PLATFORM WITH DJGPP
- -------------------------------------------
-
- OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
- environment for 16-bit DOS, but only with long filename support.
- If you wish to compile on native DOS with 8+3 filenames, you will
- have to tweak the installation yourself, including renaming files
- with illegal or duplicate names.
-
- You should have a full DJGPP environment installed, including the
- latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
- requires that PERL and BC also be installed.
-
- All of these can be obtained from the usual DJGPP mirror sites or
- directly at "http://www.delorie.com/pub/djgpp". For help on which
- files to download, see the DJGPP "ZIP PICKER" page at
- "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
- the WATT-32 networking package installed before you try to compile
- OpenSSL. This can be obtained from "http://www.bgnett.no/~giva/".
- The Makefile assumes that the WATT-32 code is in the directory
- specified by the environment variable WATT_ROOT. If you have watt-32
- in directory "watt32" under your main DJGPP directory, specify
- WATT_ROOT="/dev/env/DJDIR/watt32".
-
- To compile OpenSSL, start your BASH shell, then configure for DJGPP by
- running "./Configure" with appropriate arguments:
-
- ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
-
- And finally fire up "make". You may run out of DPMI selectors when
- running in a DOS box under Windows. If so, just close the BASH
- shell, go back to Windows, and restart BASH. Then run "make" again.
-
- RUN-TIME CAVEAT LECTOR
- --------------
-
- Quoting FAQ:
-
- "Cryptographic software needs a source of unpredictable data to work
- correctly. Many open source operating systems provide a "randomness
- device" (/dev/urandom or /dev/random) that serves this purpose."
-
- As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
- party "randomness" DOS driver. One such driver, NOISE.SYS, can be
- obtained from "http://www.rahul.net/dkaufman/index.html".
Deleted: vendor-crypto/openssl/0.9.8zf/INSTALL.VMS
===================================================================
--- vendor-crypto/openssl/dist/INSTALL.VMS 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/INSTALL.VMS 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,299 +0,0 @@
- VMS Installation instructions
- written by Richard Levitte
- <richard at levitte.org>
-
-
-Intro:
-======
-
-This file is divided in the following parts:
-
- Requirements - Mandatory reading.
- Checking the distribution - Mandatory reading.
- Compilation - Mandatory reading.
- Logical names - Mandatory reading.
- Test - Mandatory reading.
- Installation - Mandatory reading.
- Backward portability - Read if it's an issue.
- Possible bugs or quirks - A few warnings on things that
- may go wrong or may surprise you.
- TODO - Things that are to come.
-
-
-Requirements:
-=============
-
-To build and install OpenSSL, you will need:
-
- * DEC C or some other ANSI C compiler. VAX C is *not* supported.
- [Note: OpenSSL has only been tested with DEC C. Compiling with
- a different ANSI C compiler may require some work]
-
-Checking the distribution:
-==========================
-
-There have been reports of places where the distribution didn't quite get
-through, for example if you've copied the tree from a NFS-mounted Unix
-mount point.
-
-The easiest way to check if everything got through as it should is to check
-for one of the following files:
-
- [.CRYPTO]OPENSSLCONF.H_IN
- [.CRYPTO]OPENSSLCONF_H.IN
-
-They should never exist both at once, but one of them should (preferably
-the first variant). If you can't find any of those two, something went
-wrong.
-
-The best way to get a correct distribution is to download the gzipped tar
-file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
-use VMSTAR to unpack the resulting tar file.
-
-GUNZIP is available in many places on the net. One of the distribution
-points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
-
-VMSTAR is also available in many places on the net. The recommended place
-to find information about it is http://www.free.lp.se/vmstar/ .
-
-
-Compilation:
-============
-
-I've used the very good command procedures written by Robert Byer
-<byer at mail.all-net.net>, and just slightly modified them, making
-them slightly more general and easier to maintain.
-
-You can actually compile in almost any directory separately. Look
-for a command procedure name xxx-LIB.COM (in the library directories)
-or MAKExxx.COM (in the program directories) and read the comments at
-the top to understand how to use them. However, if you want to
-compile all you can get, the simplest is to use MAKEVMS.COM in the top
-directory. The syntax is the following:
-
- @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
-
-<option> must be one of the following:
-
- ALL Just build "everything".
- CONFIG Just build the "[.CRYPTO]OPENSSLCONF.H" file.
- BUILDINF Just build the "[.INCLUDE]BUILDINF.H" file.
- SOFTLINKS Just copies some files, to simulate Unix soft links.
- BUILDALL Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done.
- RSAREF Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
- CRYPTO Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
- SSL Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
- SSL_TASK Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
- TEST Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
- APPS Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
-
-<rsaref-p> must be one of the following:
-
- RSAREF compile using the RSAREF Library
- NORSAREF compile without using RSAREF
-
-Note 0: The RSAREF library IS NO LONGER NEEDED. The RSA patent
- expires September 20, 2000, and RSA Security chose to make
- the algorithm public domain two weeks before that.
-
-Note 1: If you still want to use RSAREF, the library is NOT INCLUDED
- and you have to download it. RSA Security doesn't carry it
- any more, but there are a number of places where you can find
- it. You have to get the ".tar-Z" file as the ".zip" file
- doesn't have the directory structure stored. You have to
- extract the file into the [.RSAREF] directory as that is where
- the scripts will look for the files.
-
-Note 2: I have never done this, so I've no idea if it works or not.
-
-<debug-p> must be one of the following:
-
- DEBUG compile with debugging info (will not optimize)
- NODEBUG compile without debugging info (will optimize)
-
-<compiler> must be one of the following:
-
- DECC For DEC C.
- GNUC For GNU C.
-
-
-You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
-where xxx is VAX or AXP. You will find the SSL library in [.xxx.EXE.SSL],
-named LIBSSL.OLB, and you will find a bunch of useful programs in
-[.xxx.EXE.APPS]. However, these shouldn't be used right off unless it's
-just to test them. For production use, make sure you install first, see
-Installation below.
-
-Note 1: Some programs in this package require a TCP/IP library.
-
-Note 2: if you want to compile the crypto library only, please make sure
- you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
- a @MAKEVMS SOFTLINKS. A lot of things will break if you don't.
-
-
-Logical names:
-==============
-
-There are a few things that can't currently be given through the command
-line. Instead, logical names are used.
-
-Currently, the logical names supported are:
-
- OPENSSL_NO_ASM with value YES, the assembler parts of OpenSSL will
- not be used. Instead, plain C implementations are
- used. This is good to try if something doesn't work.
- OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm
- will not be implemented. Supported algorithms to
- do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
- SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
- SSL2. So, for example, having the logical name
- OPENSSL_NO_RSA with the value YES means that the
- LIBCRYPTO.OLB library will not contain an RSA
- implementation.
-
-
-Test:
-=====
-
-Testing is very simple, just do the following:
-
- @[.TEST]TESTS
-
-If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
-it's an ugly hack!) and rebuild. Please send a bug report to
-<openssl-bugs at openssl.org>, including the output of "openssl version -a"
-and of the failed test.
-
-
-Installation:
-=============
-
-Installation is easy, just do the following:
-
- @INSTALL <root>
-
-<root> is the directory in which everything will be installed,
-subdirectories, libraries, header files, programs and startup command
-procedures.
-
-N.B.: INSTALL.COM builds a new directory structure, different from
-the directory tree where you have now build OpenSSL.
-
-In the [.VMS] subdirectory of the installation, you will find the
-following command procedures:
-
- OPENSSL_STARTUP.COM
-
- defines all needed logical names. Takes one argument that
- tells it in what logical name table to insert the logical
- names. If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
- call should look like this:
-
- @openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
-
- OPENSSL_UTILS.COM
-
- sets up the symbols to the applications. Should be called
- from for example SYS$MANAGER:SYLOGIN.COM
-
-The logical names that are set up are the following:
-
- SSLROOT a dotted concealed logical name pointing at the
- root directory.
-
- SSLCERTS Initially an empty directory, this is the default
- location for certificate files.
- SSLMISC Various scripts.
- SSLPRIVATE Initially an empty directory, this is the default
- location for private key files.
-
- SSLEXE Contains the openssl binary and a few other utility
- programs.
- SSLINCLUDE Contains the header files needed if you want to
- compile programs with libcrypto or libssl.
- SSLLIB Contains the OpenSSL library files (LIBCRYPTO.OLB
- and LIBSSL.OLB) themselves.
-
- OPENSSL Same as SSLINCLUDE. This is because the standard
- way to include OpenSSL header files from version
- 0.9.3 and on is:
-
- #include <openssl/header.h>
-
- For more info on this issue, see the INSTALL. file
- (the NOTE in section 4 of "Installation in Detail").
- You don't need to "deleting old header files"!!!
-
-
-Backward portability:
-=====================
-
-One great problem when you build a library is making sure it will work
-on as many versions of VMS as possible. Especially, code compiled on
-OpenVMS version 7.x and above tend to be unusable in version 6.x or
-lower, because some C library routines have changed names internally
-(the C programmer won't usually see it, because the old name is
-maintained through C macros). One obvious solution is to make sure
-you have a development machine with an old enough version of OpenVMS.
-However, if you are stuck with a bunch of Alphas running OpenVMS version
-7.1, you seem to be out of luck. Fortunately, the DEC C header files
-are cluttered with conditionals that make some declarations and definitions
-dependent on the OpenVMS version or the C library version, *and* you
-can use those macros to simulate older OpenVMS or C library versions,
-by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
-correct values. In the compilation scripts, I've provided the possibility
-for the user to influence the creation of such macros, through a bunch of
-symbols, all having names starting with USER_. Here's the list of them:
-
- USER_CCFLAGS - Used to give additional qualifiers to the
- compiler. It can't be used to define macros
- since the scripts will do such things as well.
- To do such things, use USER_CCDEFS.
- USER_CCDEFS - Used to define macros on the command line. The
- value of this symbol will be inserted inside a
- /DEFINE=(...).
- USER_CCDISABLEWARNINGS - Used to disable some warnings. The value is
- inserted inside a /DISABLE=WARNING=(...).
-
-So, to maintain backward compatibility with older VMS versions, do the
-following before you start compiling:
-
- $ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
- $ USER_CCDISABLEWARNINGS := PREOPTW
-
-The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
-that those macros have been changed.
-
-Note: Currently, this is only useful for library compilation. The
- programs will still be linked with the current version of the
- C library shareable image, and will thus complain if they are
- faced with an older version of the same C library shareable image.
- This will probably be fixed in a future revision of OpenSSL.
-
-
-Possible bugs or quirks:
-========================
-
-I'm not perfectly sure all the programs will use the SSLCERTS:
-directory by default, it may very well be that you have to give them
-extra arguments. Please experiment.
-
-
-TODO:
-=====
-
-There are a few things that need to be worked out in the VMS version of
-OpenSSL, still:
-
-- Description files. ("Makefile's" :-))
-- Script code to link an already compiled build tree.
-- A VMSINSTALlable version (way in the future, unless someone else hacks).
-- shareable images (DLL for you Windows folks).
-
-There may be other things that I have missed and that may be desirable.
-Please send mail to <openssl-users at openssl.org> or to me directly if you
-have any ideas.
-
---
-Richard Levitte <richard at levitte.org>
-2000-02-27
Deleted: vendor-crypto/openssl/0.9.8zf/Makefile
===================================================================
--- vendor-crypto/openssl/dist/Makefile 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/Makefile 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,732 +0,0 @@
-### Generated automatically from Makefile.org by Configure.
-
-##
-## Makefile for OpenSSL
-##
-
-VERSION=0.9.8zc
-MAJOR=0
-MINOR=9.8
-SHLIB_VERSION_NUMBER=0.9.8
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=0
-SHLIB_MINOR=9.8
-SHLIB_EXT=
-PLATFORM=dist
-OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic
-CONFIGURE_ARGS=dist
-SHLIB_TARGET=
-
-# HERE indicates where this Makefile lives. This can be used to indicate
-# where sub-Makefiles are expected to be. Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
-
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4 - Define to build without the RC4 algorithm
-# NO_RC2 - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-# one. 32 bytes will be read from this when the random
-# number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-# NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-# call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= cc
-CFLAG= -O
-DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED
-PEX_LIBS=
-EX_LIBS=
-EXE_EXT=
-ARFLAGS=
-AR= ar $(ARFLAGS) r
-ARD=ar $(ARFLAGS) d
-RANLIB= /usr/bin/ranlib
-PERL= /usr/bin/perl
-TAR= tar
-TARFLAGS= --no-recursion --record-size=10240
-MAKEDEPPROG=makedepend
-LIBDIR=lib
-
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR=
-
-# CPUID module collects small commonly used assembler snippets
-CPUID_OBJ=
-BN_ASM= bn_asm.o
-DES_ENC= des_enc.o fcrypt_b.o
-AES_ASM_OBJ= aes_core.o aes_cbc.o
-BF_ENC= bf_enc.o
-CAST_ENC= c_enc.o
-RC4_ENC= rc4_enc.o rc4_skey.o
-RC5_ENC= rc5_enc.o
-MD5_ASM_OBJ=
-SHA1_ASM_OBJ=
-RMD160_ASM_OBJ=
-
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-# Zlib stuff
-ZLIB_INCLUDE=
-LIBZLIB=
-
-# This is the location of fipscanister.o and friends.
-# The FIPS module build will place it $(INSTALLTOP)/lib
-# but since $(INSTALLTOP) can only take the default value
-# when the module is built it will be in /usr/local/ssl/lib
-# $(INSTALLTOP) for this build make be different so hard
-# code the path.
-
-FIPSLIBDIR=/usr/local/ssl/fips-1.0/lib/
-
-# This is set to "y" if fipscanister.o is compiled internally as
-# opposed to coming from an external validated location.
-
-FIPSCANISTERINTERNAL=n
-
-# The location of the library which contains fipscanister.o
-# normally it will be libcrypto unless fipsdso is set in which
-# case it will be libfips. If not compiling in FIPS mode at all
-# this is empty making it a useful test for a FIPS compile.
-
-FIPSCANLIB=
-
-# Shared library base address. Currently only used on Windows.
-#
-
-BASEADDR=0xFB00000
-
-DIRS= crypto ssl engines apps test tools
-SHLIBDIRS= crypto ssl
-
-# dirs in crypto to build
-SDIRS= \
- objects \
- md2 md4 md5 sha hmac ripemd \
- des aes rc2 rc4 idea bf cast \
- bn ec rsa dsa ecdsa dh ecdh dso engine \
- buffer bio stack lhash rand err \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
- store pqueue
-# keep in mind that the above list is adjusted by ./Configure
-# according to no-xxx arguments...
-
-# tests to perform. "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
-
-MAKEFILE= Makefile
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-MANSUFFIX=
-SHELL=/bin/sh
-
-TOP= .
-ONEDIRS=out tmp
-EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-WDIRS= windows
-LIBS= libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_FIPS=
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
-
-GENERAL= Makefile
-BASENAME= openssl
-NAME= $(BASENAME)-$(VERSION)
-TARFILE= $(NAME).tar
-WTARFILE= $(NAME)-win.tar
-EXHEADER= e_os2.h
-HEADER= e_os.h
-
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
-
-# as we stick to -e, CLEARENV ensures that local variables in lower
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-# shell, which [annoyingly enough] terminates unset with error if VAR
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
-# which terminates unset with error if no variable was present:-(
-CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
- $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
- $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
- $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
- $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
- $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
- $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
- $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
- $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
- $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
-
-BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
- CC='${CC}' CFLAG='${CFLAG}' \
- AS='${CC}' ASFLAG='${CFLAG} -c' \
- AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
- SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/$(LIBDIR)' \
- INSTALL_PREFIX='${INSTALL_PREFIX}' \
- INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
- LIBDIR='${LIBDIR}' \
- MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
- DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
- MAKEDEPPROG='${MAKEDEPPROG}' \
- SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
- KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
- EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
- SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
- PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
- CPUID_OBJ='${CPUID_OBJ}' \
- BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
- AES_ASM_OBJ='${AES_ASM_OBJ}' \
- BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
- RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
- SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
- MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
- RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
- FIPSLIBDIR='${FIPSLIBDIR}' \
- FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
- FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
- FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
- THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
-# which in turn eliminates ambiguities in variable treatment with -e.
-
-# BUILD_CMD is a generic macro to build a given target in a given
-# subdirectory. The target must be given through the shell variable
-# `target' and the subdirectory to build in must be given through `dir'.
-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
-# BUILD_ONE_CMD instead.
-#
-# BUILD_ONE_CMD is a macro to build a given target in a given
-# subdirectory if that subdirectory is part of $(DIRS). It requires
-# exactly the same shell variables as BUILD_CMD.
-#
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS). It requires that the target
-# is given through the shell variable `target'.
-BUILD_CMD= if [ -d "$$dir" ]; then \
- ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
- cd $$dir && echo "making $$target in $$dir..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
- ) || exit 1; \
- fi
-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
-BUILD_ONE_CMD=\
- if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
- $(BUILD_CMD); \
- fi
-
-reflect:
- @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-
-FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
- ../crypto/aes/aes_ecb.o \
- ../crypto/aes/aes_ofb.o \
- ../crypto/bn/bn_add.o \
- ../crypto/bn/bn_blind.o \
- ../crypto/bn/bn_ctx.o \
- ../crypto/bn/bn_div.o \
- ../crypto/bn/bn_exp2.o \
- ../crypto/bn/bn_exp.o \
- ../crypto/bn/bn_gcd.o \
- ../crypto/bn/bn_lib.o \
- ../crypto/bn/bn_mod.o \
- ../crypto/bn/bn_mont.o \
- ../crypto/bn/bn_mul.o \
- ../crypto/bn/bn_prime.o \
- ../crypto/bn/bn_rand.o \
- ../crypto/bn/bn_recp.o \
- ../crypto/bn/bn_shift.o \
- ../crypto/bn/bn_sqr.o \
- ../crypto/bn/bn_word.o \
- ../crypto/bn/bn_x931p.o \
- ../crypto/buffer/buf_str.o \
- ../crypto/cryptlib.o \
- ../crypto/des/cfb64ede.o \
- ../crypto/des/cfb64enc.o \
- ../crypto/des/cfb_enc.o \
- ../crypto/des/ecb3_enc.o \
- ../crypto/des/ecb_enc.o \
- ../crypto/des/ofb64ede.o \
- ../crypto/des/ofb64enc.o \
- ../crypto/des/fcrypt.o \
- ../crypto/des/set_key.o \
- ../crypto/dsa/dsa_utl.o \
- ../crypto/dsa/dsa_sign.o \
- ../crypto/dsa/dsa_vrf.o \
- ../crypto/err/err.o \
- ../crypto/evp/digest.o \
- ../crypto/evp/enc_min.o \
- ../crypto/evp/e_aes.o \
- ../crypto/evp/e_des3.o \
- ../crypto/evp/p_sign.o \
- ../crypto/evp/p_verify.o \
- ../crypto/mem_clr.o \
- ../crypto/mem.o \
- ../crypto/rand/md_rand.o \
- ../crypto/rand/rand_egd.o \
- ../crypto/rand/randfile.o \
- ../crypto/rand/rand_lib.o \
- ../crypto/rand/rand_os2.o \
- ../crypto/rand/rand_unix.o \
- ../crypto/rand/rand_win.o \
- ../crypto/rsa/rsa_lib.o \
- ../crypto/rsa/rsa_none.o \
- ../crypto/rsa/rsa_oaep.o \
- ../crypto/rsa/rsa_pk1.o \
- ../crypto/rsa/rsa_pss.o \
- ../crypto/rsa/rsa_ssl.o \
- ../crypto/rsa/rsa_x931.o \
- ../crypto/sha/sha1dgst.o \
- ../crypto/sha/sha256.o \
- ../crypto/sha/sha512.o \
- ../crypto/uid.o
-
-sub_all: build_all
-build_all: build_libs build_apps build_tests build_tools
-
-build_libs: build_crypto build_fips build_ssl build_shared build_engines
-
-build_crypto:
- if [ -n "$(FIPSCANLIB)" ]; then \
- EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
- ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
- else \
- ARX='${AR}' ; \
- fi ; export ARX ; \
- dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_fips:
- @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
-build_ssl: build_crypto
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
- @dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
- @dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
- @dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
- @dir=tools; target=all; $(BUILD_ONE_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
- @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-
-build_shared: $(SHARED_LIBS)
-libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- if [ "$(FIPSCANLIB)" = "libfips" ]; then \
- $(ARD) libcrypto.a fipscanister.o ; \
- $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
- $(AR) libcrypto.a fips/fipscanister.o ; \
- else \
- if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
- FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
- export CC FIPSLD_CC; \
- fi; \
- $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
- fi \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- shlibdeps=-lcrypto; \
- [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2 ; \
- exit 1; \
- fi
-
-fips/fipscanister.o: build_fips
-libfips$(SHLIB_EXT): fips/fipscanister.o
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \
- $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- CC=$${CC} LIBNAME=fips THIS=$@ \
- LIBEXTRAS=fips/fipscanister.o \
- LIBDEPS="$(EX_LIBS)" \
- LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
- link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-libfips.a:
- dir=fips; target=all; $(BUILD_ONE_CMD)
-
-clean-shared:
- @set -e; for i in $(SHLIBDIRS); do \
- if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
- tmp="$(SHARED_LIBS_LINK_EXTS)"; \
- for j in $${tmp:-x}; do \
- ( set -x; rm -f lib$$i$$j ); \
- done; \
- fi; \
- ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
- if [ "$(PLATFORM)" = "Cygwin" ]; then \
- ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
- fi; \
- done
-
-link-shared:
- @ set -e; for i in ${SHLIBDIRS}; do \
- $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
- LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
- symlink.$(SHLIB_TARGET); \
- libs="$$libs -l$$i"; \
- done
-
-build-shared: do_$(SHLIB_TARGET) link-shared
-
-do_$(SHLIB_TARGET):
- @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
- LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
- LIBDEPS="$$libs $(EX_LIBS)" \
- link_a.$(SHLIB_TARGET); \
- libs="-l$$i $$libs"; \
- done
-
-libcrypto.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL-libcrypto'; \
- echo 'Description: OpenSSL cryptography library'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-
-libssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
-
-openssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-
-Makefile: Makefile.org Configure config
- @echo "Makefile is older than Makefile.org, Configure or config."
- @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
- @false
-
-libclean:
- rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
-
-clean: libclean
- rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
- @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
- rm -f $(LIBS)
- rm -f openssl.pc libssl.pc libcrypto.pc
- rm -f speed.* .pure
- rm -f $(TARFILE)
- @set -e; for i in $(ONEDIRS) ;\
- do \
- rm -fr $$i/*; \
- done
-
-makefile.one: files
- $(PERL) util/mk1mf.pl >makefile.one; \
- sh util/do_ms.sh
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
- @set -e; target=files; $(RECURSIVE_BUILD_CMD)
-
-links:
- @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
- @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
- @set -e; target=links; $(RECURSIVE_BUILD_CMD)
- @if [ -z "$(FIPSCANLIB)" ]; then \
- set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
- fi
-
-gentests:
- @(cd test && echo "generating dummy tests (if needed)..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
-
-dclean:
- rm -f *.bak
- @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
-
-rehash: rehash.time
-rehash.time: certs apps
- @if [ -z "$(CROSS_COMPILE)" ]; then \
- (OPENSSL="`pwd`/util/opensslwrap.sh"; \
- OPENSSL_DEBUG_MEMORY=on; \
- export OPENSSL OPENSSL_DEBUG_MEMORY; \
- $(PERL) tools/c_rehash certs) && \
- touch rehash.time; \
- fi
-
-test: tests
-
-tests: rehash
- @(cd test && echo "testing..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
- util/opensslwrap.sh version -a
-
-report:
- @$(PERL) util/selftest.pl
-
-depend:
- @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-
-lint:
- @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-
-tags:
- rm -f TAGS
- find . -name '[^.]*.[ch]' | xargs etags -a
-
-errors:
- $(PERL) util/mkerr.pl -recurse -write
- (cd engines; $(MAKE) PERL=$(PERL) errors)
- $(PERL) util/ck_errf.pl */*.c */*/*.c
-
-stacks:
- $(PERL) util/mkstack.pl -write
-
-util/libeay.num::
- $(PERL) util/mkdef.pl crypto update
-
-util/ssleay.num::
- $(PERL) util/mkdef.pl ssl update
-
-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
- $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
-
-apps/openssl-vms.cnf: apps/openssl.cnf
- $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
-
-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
- $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
-
-
-TABLE: Configure
- (echo 'Output of `Configure TABLE'"':"; \
- $(PERL) Configure TABLE) > TABLE
-
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
-
-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
-tar:
- find . -type d -print | xargs chmod 755
- find . -type f -print | xargs chmod a+r
- find . -type f -perm -0100 -print | xargs chmod a+x
- find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
- $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
- tardy --user_number=0 --user_name=openssl \
- --group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - |\
- gzip --best >../$(TARFILE).gz; \
- rm -f ../$(TARFILE).list; \
- ls -l ../$(TARFILE).gz
-
-tar-snap:
- @$(TAR) $(TARFLAGS) -cvf - \
- `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
- tardy --user_number=0 --user_name=openssl \
- --group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
- ls -l ../$(TARFILE)
-
-dist:
- $(PERL) Configure dist
- @$(MAKE) dist_pem_h
- @$(MAKE) SDIRS='${SDIRS}' clean
- @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
-
-dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
-install: all install_docs install_sw
-
-install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
- $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; for i in $(LIBS) ;\
- do \
- if [ -f "$$i" ]; then \
- ( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
- fi; \
- done;
- @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
- tmp="$(SHARED_LIBS)"; \
- for i in $${tmp:-x}; \
- do \
- if [ -f "$$i" -o -f "$$i.a" ]; then \
- ( echo installing $$i; \
- if [ "$(PLATFORM)" != "Cygwin" ]; then \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
- else \
- c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
- cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
- fi ); \
- fi; \
- done; \
- ( here="`pwd`"; \
- cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
- $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
- if [ "$(INSTALLTOP)" != "/usr" ]; then \
- echo 'OpenSSL shared libraries have been installed in:'; \
- echo ' $(INSTALLTOP)'; \
- echo ''; \
- sed -e '1,/^$$/d' doc/openssl-shared.txt; \
- fi; \
- fi
- cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
- cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
- cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
-
-install_docs:
- @$(PERL) $(TOP)/util/mkdir-p.pl \
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
- $(INSTALL_PREFIX)$(MANDIR)/man7
- @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- here="`pwd`"; \
- filecase=; \
- if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
- filecase=-i; \
- fi; \
- set -e; for i in doc/apps/*.pod; do \
- fn=`basename $$i .pod`; \
- sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- (grep -v $$filecase "^$$fn\$$"; true) | \
- (grep -v "[ ]"; true) | \
- (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
- while read n; do \
- $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
- done); \
- done; \
- set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
- fn=`basename $$i .pod`; \
- sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- (grep -v $$filecase "^$$fn\$$"; true) | \
- (grep -v "[ ]"; true) | \
- (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
- while read n; do \
- $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
- done); \
- done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
Copied: vendor-crypto/openssl/0.9.8zf/Makefile (from rev 6976, vendor-crypto/openssl/dist/Makefile)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/Makefile (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/Makefile 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,732 @@
+### Generated automatically from Makefile.org by Configure.
+
+##
+## Makefile for OpenSSL
+##
+
+VERSION=0.9.8zf
+MAJOR=0
+MINOR=9.8
+SHLIB_VERSION_NUMBER=0.9.8
+SHLIB_VERSION_HISTORY=
+SHLIB_MAJOR=0
+SHLIB_MINOR=9.8
+SHLIB_EXT=
+PLATFORM=dist
+OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic
+CONFIGURE_ARGS=dist
+SHLIB_TARGET=
+
+# HERE indicates where this Makefile lives. This can be used to indicate
+# where sub-Makefiles are expected to be. Currently has very limited usage,
+# and should probably not be bothered with at all.
+HERE=.
+
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4 - Define to build without the RC4 algorithm
+# NO_RC2 - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+# one. 32 bytes will be read from this when the random
+# number generator is initalised.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+# NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+# call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= cc
+CFLAG= -O
+DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED
+PEX_LIBS=
+EX_LIBS=
+EXE_EXT=
+ARFLAGS=
+AR= ar $(ARFLAGS) r
+ARD=ar $(ARFLAGS) d
+RANLIB= /usr/bin/ranlib
+PERL= /usr/bin/perl
+TAR= tar
+TARFLAGS= --no-recursion --record-size=10240
+MAKEDEPPROG=makedepend
+LIBDIR=lib
+
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAG=$(CFLAG)
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
+# CPUID module collects small commonly used assembler snippets
+CPUID_OBJ=
+BN_ASM= bn_asm.o
+DES_ENC= des_enc.o fcrypt_b.o
+AES_ASM_OBJ= aes_core.o aes_cbc.o
+BF_ENC= bf_enc.o
+CAST_ENC= c_enc.o
+RC4_ENC= rc4_enc.o rc4_skey.o
+RC5_ENC= rc5_enc.o
+MD5_ASM_OBJ=
+SHA1_ASM_OBJ=
+RMD160_ASM_OBJ=
+
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
+
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build make be different so hard
+# code the path.
+
+FIPSLIBDIR=/usr/local/ssl/fips-1.0/lib/
+
+# This is set to "y" if fipscanister.o is compiled internally as
+# opposed to coming from an external validated location.
+
+FIPSCANISTERINTERNAL=n
+
+# The location of the library which contains fipscanister.o
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
+
+FIPSCANLIB=
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=0xFB00000
+
+DIRS= crypto ssl engines apps test tools
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS= \
+ objects \
+ md2 md4 md5 sha hmac ripemd \
+ des aes rc2 rc4 idea bf cast \
+ bn ec rsa dsa ecdsa dh ecdh dso engine \
+ buffer bio stack lhash rand err \
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+ store pqueue
+# keep in mind that the above list is adjusted by ./Configure
+# according to no-xxx arguments...
+
+# tests to perform. "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
+
+MAKEFILE= Makefile
+
+MANDIR=$(OPENSSLDIR)/man
+MAN1=1
+MAN3=3
+MANSUFFIX=
+SHELL=/bin/sh
+
+TOP= .
+ONEDIRS=out tmp
+EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS= windows
+LIBS= libcrypto.a libssl.a
+SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+SHARED_SSL=libssl$(SHLIB_EXT)
+SHARED_FIPS=
+SHARED_LIBS=
+SHARED_LIBS_LINK_EXTS=
+SHARED_LDFLAGS=
+
+GENERAL= Makefile
+BASENAME= openssl
+NAME= $(BASENAME)-$(VERSION)
+TARFILE= $(NAME).tar
+WTARFILE= $(NAME)-win.tar
+EXHEADER= e_os2.h
+HEADER= e_os.h
+
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+
+# as we stick to -e, CLEARENV ensures that local variables in lower
+# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+# shell, which [annoyingly enough] terminates unset with error if VAR
+# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
+# which terminates unset with error if no variable was present:-(
+CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
+ $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
+ $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
+ $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
+ $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
+ $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
+ $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
+ $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
+ $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
+ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+
+BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
+ CC='${CC}' CFLAG='${CFLAG}' \
+ AS='${CC}' ASFLAG='${CFLAG} -c' \
+ AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
+ SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/$(LIBDIR)' \
+ INSTALL_PREFIX='${INSTALL_PREFIX}' \
+ INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
+ LIBDIR='${LIBDIR}' \
+ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+ DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
+ MAKEDEPPROG='${MAKEDEPPROG}' \
+ SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
+ KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
+ EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
+ SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
+ PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
+ CPUID_OBJ='${CPUID_OBJ}' \
+ BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
+ AES_ASM_OBJ='${AES_ASM_OBJ}' \
+ BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
+ RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
+ SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
+ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
+ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
+ FIPSLIBDIR='${FIPSLIBDIR}' \
+ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
+ FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
+ FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
+ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
+# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
+# which in turn eliminates ambiguities in variable treatment with -e.
+
+# BUILD_CMD is a generic macro to build a given target in a given
+# subdirectory. The target must be given through the shell variable
+# `target' and the subdirectory to build in must be given through `dir'.
+# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
+# BUILD_ONE_CMD instead.
+#
+# BUILD_ONE_CMD is a macro to build a given target in a given
+# subdirectory if that subdirectory is part of $(DIRS). It requires
+# exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS). It requires that the target
+# is given through the shell variable `target'.
+BUILD_CMD= if [ -d "$$dir" ]; then \
+ ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
+ cd $$dir && echo "making $$target in $$dir..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
+ ) || exit 1; \
+ fi
+RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
+BUILD_ONE_CMD=\
+ if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
+ $(BUILD_CMD); \
+ fi
+
+reflect:
+ @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+
+FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
+ ../crypto/aes/aes_ecb.o \
+ ../crypto/aes/aes_ofb.o \
+ ../crypto/bn/bn_add.o \
+ ../crypto/bn/bn_blind.o \
+ ../crypto/bn/bn_ctx.o \
+ ../crypto/bn/bn_div.o \
+ ../crypto/bn/bn_exp2.o \
+ ../crypto/bn/bn_exp.o \
+ ../crypto/bn/bn_gcd.o \
+ ../crypto/bn/bn_lib.o \
+ ../crypto/bn/bn_mod.o \
+ ../crypto/bn/bn_mont.o \
+ ../crypto/bn/bn_mul.o \
+ ../crypto/bn/bn_prime.o \
+ ../crypto/bn/bn_rand.o \
+ ../crypto/bn/bn_recp.o \
+ ../crypto/bn/bn_shift.o \
+ ../crypto/bn/bn_sqr.o \
+ ../crypto/bn/bn_word.o \
+ ../crypto/bn/bn_x931p.o \
+ ../crypto/buffer/buf_str.o \
+ ../crypto/cryptlib.o \
+ ../crypto/des/cfb64ede.o \
+ ../crypto/des/cfb64enc.o \
+ ../crypto/des/cfb_enc.o \
+ ../crypto/des/ecb3_enc.o \
+ ../crypto/des/ecb_enc.o \
+ ../crypto/des/ofb64ede.o \
+ ../crypto/des/ofb64enc.o \
+ ../crypto/des/fcrypt.o \
+ ../crypto/des/set_key.o \
+ ../crypto/dsa/dsa_utl.o \
+ ../crypto/dsa/dsa_sign.o \
+ ../crypto/dsa/dsa_vrf.o \
+ ../crypto/err/err.o \
+ ../crypto/evp/digest.o \
+ ../crypto/evp/enc_min.o \
+ ../crypto/evp/e_aes.o \
+ ../crypto/evp/e_des3.o \
+ ../crypto/evp/p_sign.o \
+ ../crypto/evp/p_verify.o \
+ ../crypto/mem_clr.o \
+ ../crypto/mem.o \
+ ../crypto/rand/md_rand.o \
+ ../crypto/rand/rand_egd.o \
+ ../crypto/rand/randfile.o \
+ ../crypto/rand/rand_lib.o \
+ ../crypto/rand/rand_os2.o \
+ ../crypto/rand/rand_unix.o \
+ ../crypto/rand/rand_win.o \
+ ../crypto/rsa/rsa_lib.o \
+ ../crypto/rsa/rsa_none.o \
+ ../crypto/rsa/rsa_oaep.o \
+ ../crypto/rsa/rsa_pk1.o \
+ ../crypto/rsa/rsa_pss.o \
+ ../crypto/rsa/rsa_ssl.o \
+ ../crypto/rsa/rsa_x931.o \
+ ../crypto/sha/sha1dgst.o \
+ ../crypto/sha/sha256.o \
+ ../crypto/sha/sha512.o \
+ ../crypto/uid.o
+
+sub_all: build_all
+build_all: build_libs build_apps build_tests build_tools
+
+build_libs: build_crypto build_fips build_ssl build_shared build_engines
+
+build_crypto:
+ if [ -n "$(FIPSCANLIB)" ]; then \
+ EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
+ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
+ else \
+ ARX='${AR}' ; \
+ fi ; export ARX ; \
+ dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_fips:
+ @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
+build_ssl: build_crypto
+ @dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines: build_crypto
+ @dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps: build_libs
+ @dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests: build_libs
+ @dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools: build_libs
+ @dir=tools; target=all; $(BUILD_ONE_CMD)
+
+all_testapps: build_libs build_testapps
+build_testapps:
+ @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
+
+build_shared: $(SHARED_LIBS)
+libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+ $(ARD) libcrypto.a fipscanister.o ; \
+ $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
+ $(AR) libcrypto.a fips/fipscanister.o ; \
+ else \
+ if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
+ export CC FIPSLD_CC; \
+ fi; \
+ $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
+ fi \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+ fi
+
+libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ shlibdeps=-lcrypto; \
+ [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
+ $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2 ; \
+ exit 1; \
+ fi
+
+fips/fipscanister.o: build_fips
+libfips$(SHLIB_EXT): fips/fipscanister.o
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \
+ $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ CC=$${CC} LIBNAME=fips THIS=$@ \
+ LIBEXTRAS=fips/fipscanister.o \
+ LIBDEPS="$(EX_LIBS)" \
+ LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+ fi
+
+libfips.a:
+ dir=fips; target=all; $(BUILD_ONE_CMD)
+
+clean-shared:
+ @set -e; for i in $(SHLIBDIRS); do \
+ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+ tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+ for j in $${tmp:-x}; do \
+ ( set -x; rm -f lib$$i$$j ); \
+ done; \
+ fi; \
+ ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
+ if [ "$(PLATFORM)" = "Cygwin" ]; then \
+ ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+ fi; \
+ done
+
+link-shared:
+ @ set -e; for i in ${SHLIBDIRS}; do \
+ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ symlink.$(SHLIB_TARGET); \
+ libs="$$libs -l$$i"; \
+ done
+
+build-shared: do_$(SHLIB_TARGET) link-shared
+
+do_$(SHLIB_TARGET):
+ @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
+ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ LIBDEPS="$$libs $(EX_LIBS)" \
+ link_a.$(SHLIB_TARGET); \
+ libs="-l$$i $$libs"; \
+ done
+
+libcrypto.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL-libcrypto'; \
+ echo 'Description: OpenSSL cryptography library'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
+
+libssl.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+
+openssl.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+
+Makefile: Makefile.org Configure config
+ @echo "Makefile is older than Makefile.org, Configure or config."
+ @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+ @false
+
+libclean:
+ rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
+
+clean: libclean
+ rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
+ @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
+ rm -f $(LIBS)
+ rm -f openssl.pc libssl.pc libcrypto.pc
+ rm -f speed.* .pure
+ rm -f $(TARFILE)
+ @set -e; for i in $(ONEDIRS) ;\
+ do \
+ rm -fr $$i/*; \
+ done
+
+makefile.one: files
+ $(PERL) util/mk1mf.pl >makefile.one; \
+ sh util/do_ms.sh
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
+ @set -e; target=files; $(RECURSIVE_BUILD_CMD)
+
+links:
+ @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+ @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+ @set -e; target=links; $(RECURSIVE_BUILD_CMD)
+ @if [ -z "$(FIPSCANLIB)" ]; then \
+ set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
+ fi
+
+gentests:
+ @(cd test && echo "generating dummy tests (if needed)..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
+dclean:
+ rm -f *.bak
+ @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
+
+rehash: rehash.time
+rehash.time: certs apps
+ @if [ -z "$(CROSS_COMPILE)" ]; then \
+ (OPENSSL="`pwd`/util/opensslwrap.sh"; \
+ OPENSSL_DEBUG_MEMORY=on; \
+ export OPENSSL OPENSSL_DEBUG_MEMORY; \
+ $(PERL) tools/c_rehash certs) && \
+ touch rehash.time; \
+ fi
+
+test: tests
+
+tests: rehash
+ @(cd test && echo "testing..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+ util/opensslwrap.sh version -a
+
+report:
+ @$(PERL) util/selftest.pl
+
+depend:
+ @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+
+lint:
+ @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
+
+tags:
+ rm -f TAGS
+ find . -name '[^.]*.[ch]' | xargs etags -a
+
+errors:
+ $(PERL) util/mkerr.pl -recurse -write
+ (cd engines; $(MAKE) PERL=$(PERL) errors)
+ $(PERL) util/ck_errf.pl */*.c */*/*.c
+
+stacks:
+ $(PERL) util/mkstack.pl -write
+
+util/libeay.num::
+ $(PERL) util/mkdef.pl crypto update
+
+util/ssleay.num::
+ $(PERL) util/mkdef.pl ssl update
+
+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+ $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+ $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+
+apps/openssl-vms.cnf: apps/openssl.cnf
+ $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+ $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
+TABLE: Configure
+ (echo 'Output of `Configure TABLE'"':"; \
+ $(PERL) Configure TABLE) > TABLE
+
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+
+# Build distribution tar-file. As the list of files returned by "find" is
+# pretty long, on several platforms a "too many arguments" error or similar
+# would occur. Therefore the list of files is temporarily stored into a file
+# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+# tar does not support the --files-from option.
+tar:
+ find . -type d -print | xargs chmod 755
+ find . -type f -print | xargs chmod a+r
+ find . -type f -perm -0100 -print | xargs chmod a+x
+ find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+ $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - |\
+ gzip --best >../$(TARFILE).gz; \
+ rm -f ../$(TARFILE).list; \
+ ls -l ../$(TARFILE).gz
+
+tar-snap:
+ @$(TAR) $(TARFLAGS) -cvf - \
+ `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+ ls -l ../$(TARFILE)
+
+dist:
+ $(PERL) Configure dist
+ @$(MAKE) dist_pem_h
+ @$(MAKE) SDIRS='${SDIRS}' clean
+ @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+
+dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+install: all install_docs install_sw
+
+install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; for i in $(LIBS) ;\
+ do \
+ if [ -f "$$i" ]; then \
+ ( echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
+ fi; \
+ done;
+ @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+ tmp="$(SHARED_LIBS)"; \
+ for i in $${tmp:-x}; \
+ do \
+ if [ -f "$$i" -o -f "$$i.a" ]; then \
+ ( echo installing $$i; \
+ if [ "$(PLATFORM)" != "Cygwin" ]; then \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ else \
+ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ fi ); \
+ fi; \
+ done; \
+ ( here="`pwd`"; \
+ cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
+ $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
+ if [ "$(INSTALLTOP)" != "/usr" ]; then \
+ echo 'OpenSSL shared libraries have been installed in:'; \
+ echo ' $(INSTALLTOP)'; \
+ echo ''; \
+ sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+ fi; \
+ fi
+ cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+ cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+ cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
+
+install_docs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
+ $(INSTALL_PREFIX)$(MANDIR)/man7
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+ filecase=-i; \
+ fi; \
+ set -e; for i in doc/apps/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+ sh -c "$$pod2man \
+ --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+ $(PERL) util/extract-names.pl < $$i | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+ done); \
+ done; \
+ set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+ sh -c "$$pod2man \
+ --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+ $(PERL) util/extract-names.pl < $$i | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+ done); \
+ done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
Deleted: vendor-crypto/openssl/0.9.8zf/Makefile.bak
===================================================================
--- vendor-crypto/openssl/dist/Makefile.bak 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/Makefile.bak 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,732 +0,0 @@
-### Generated automatically from Makefile.org by Configure.
-
-##
-## Makefile for OpenSSL
-##
-
-VERSION=0.9.8zb-dev
-MAJOR=0
-MINOR=9.8
-SHLIB_VERSION_NUMBER=0.9.8
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=0
-SHLIB_MINOR=9.8
-SHLIB_EXT=
-PLATFORM=gcc
-OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic
-CONFIGURE_ARGS=gcc
-SHLIB_TARGET=
-
-# HERE indicates where this Makefile lives. This can be used to indicate
-# where sub-Makefiles are expected to be. Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
-
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4 - Define to build without the RC4 algorithm
-# NO_RC2 - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-# one. 32 bytes will be read from this when the random
-# number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-# NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-# call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= gcc
-CFLAG= -O3
-DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED
-PEX_LIBS=
-EX_LIBS=
-EXE_EXT=
-ARFLAGS=
-AR= ar $(ARFLAGS) r
-ARD=ar $(ARFLAGS) d
-RANLIB= /usr/bin/ranlib
-PERL= /usr/bin/perl
-TAR= tar
-TARFLAGS= --no-recursion --record-size=10240
-MAKEDEPPROG= gcc
-LIBDIR=lib
-
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR=
-
-# CPUID module collects small commonly used assembler snippets
-CPUID_OBJ=
-BN_ASM= bn_asm.o
-DES_ENC= des_enc.o fcrypt_b.o
-AES_ASM_OBJ= aes_core.o aes_cbc.o
-BF_ENC= bf_enc.o
-CAST_ENC= c_enc.o
-RC4_ENC= rc4_enc.o rc4_skey.o
-RC5_ENC= rc5_enc.o
-MD5_ASM_OBJ=
-SHA1_ASM_OBJ=
-RMD160_ASM_OBJ=
-
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-# Zlib stuff
-ZLIB_INCLUDE=
-LIBZLIB=
-
-# This is the location of fipscanister.o and friends.
-# The FIPS module build will place it $(INSTALLTOP)/lib
-# but since $(INSTALLTOP) can only take the default value
-# when the module is built it will be in /usr/local/ssl/lib
-# $(INSTALLTOP) for this build make be different so hard
-# code the path.
-
-FIPSLIBDIR=/usr/local/ssl/fips-1.0/lib/
-
-# This is set to "y" if fipscanister.o is compiled internally as
-# opposed to coming from an external validated location.
-
-FIPSCANISTERINTERNAL=n
-
-# The location of the library which contains fipscanister.o
-# normally it will be libcrypto unless fipsdso is set in which
-# case it will be libfips. If not compiling in FIPS mode at all
-# this is empty making it a useful test for a FIPS compile.
-
-FIPSCANLIB=
-
-# Shared library base address. Currently only used on Windows.
-#
-
-BASEADDR=0xFB00000
-
-DIRS= crypto ssl engines apps test tools
-SHLIBDIRS= crypto ssl
-
-# dirs in crypto to build
-SDIRS= \
- objects \
- md2 md4 md5 sha hmac ripemd \
- des aes rc2 rc4 idea bf cast \
- bn ec rsa dsa ecdsa dh ecdh dso engine \
- buffer bio stack lhash rand err \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
- store pqueue
-# keep in mind that the above list is adjusted by ./Configure
-# according to no-xxx arguments...
-
-# tests to perform. "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
-
-MAKEFILE= Makefile
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-MANSUFFIX=
-SHELL=/bin/sh
-
-TOP= .
-ONEDIRS=out tmp
-EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-WDIRS= windows
-LIBS= libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_FIPS=
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
-
-GENERAL= Makefile
-BASENAME= openssl
-NAME= $(BASENAME)-$(VERSION)
-TARFILE= $(NAME).tar
-WTARFILE= $(NAME)-win.tar
-EXHEADER= e_os2.h
-HEADER= e_os.h
-
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
-
-# as we stick to -e, CLEARENV ensures that local variables in lower
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-# shell, which [annoyingly enough] terminates unset with error if VAR
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
-# which terminates unset with error if no variable was present:-(
-CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
- $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
- $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
- $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
- $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
- $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
- $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
- $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
- $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
- $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
-
-BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
- CC='${CC}' CFLAG='${CFLAG}' \
- AS='${CC}' ASFLAG='${CFLAG} -c' \
- AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
- SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/$(LIBDIR)' \
- INSTALL_PREFIX='${INSTALL_PREFIX}' \
- INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
- LIBDIR='${LIBDIR}' \
- MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
- DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
- MAKEDEPPROG='${MAKEDEPPROG}' \
- SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
- KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
- EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
- SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
- PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
- CPUID_OBJ='${CPUID_OBJ}' \
- BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
- AES_ASM_OBJ='${AES_ASM_OBJ}' \
- BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
- RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
- SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
- MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
- RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
- FIPSLIBDIR='${FIPSLIBDIR}' \
- FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
- FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
- FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
- THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
-# which in turn eliminates ambiguities in variable treatment with -e.
-
-# BUILD_CMD is a generic macro to build a given target in a given
-# subdirectory. The target must be given through the shell variable
-# `target' and the subdirectory to build in must be given through `dir'.
-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
-# BUILD_ONE_CMD instead.
-#
-# BUILD_ONE_CMD is a macro to build a given target in a given
-# subdirectory if that subdirectory is part of $(DIRS). It requires
-# exactly the same shell variables as BUILD_CMD.
-#
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS). It requires that the target
-# is given through the shell variable `target'.
-BUILD_CMD= if [ -d "$$dir" ]; then \
- ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
- cd $$dir && echo "making $$target in $$dir..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
- ) || exit 1; \
- fi
-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
-BUILD_ONE_CMD=\
- if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
- $(BUILD_CMD); \
- fi
-
-reflect:
- @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-
-FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
- ../crypto/aes/aes_ecb.o \
- ../crypto/aes/aes_ofb.o \
- ../crypto/bn/bn_add.o \
- ../crypto/bn/bn_blind.o \
- ../crypto/bn/bn_ctx.o \
- ../crypto/bn/bn_div.o \
- ../crypto/bn/bn_exp2.o \
- ../crypto/bn/bn_exp.o \
- ../crypto/bn/bn_gcd.o \
- ../crypto/bn/bn_lib.o \
- ../crypto/bn/bn_mod.o \
- ../crypto/bn/bn_mont.o \
- ../crypto/bn/bn_mul.o \
- ../crypto/bn/bn_prime.o \
- ../crypto/bn/bn_rand.o \
- ../crypto/bn/bn_recp.o \
- ../crypto/bn/bn_shift.o \
- ../crypto/bn/bn_sqr.o \
- ../crypto/bn/bn_word.o \
- ../crypto/bn/bn_x931p.o \
- ../crypto/buffer/buf_str.o \
- ../crypto/cryptlib.o \
- ../crypto/des/cfb64ede.o \
- ../crypto/des/cfb64enc.o \
- ../crypto/des/cfb_enc.o \
- ../crypto/des/ecb3_enc.o \
- ../crypto/des/ecb_enc.o \
- ../crypto/des/ofb64ede.o \
- ../crypto/des/ofb64enc.o \
- ../crypto/des/fcrypt.o \
- ../crypto/des/set_key.o \
- ../crypto/dsa/dsa_utl.o \
- ../crypto/dsa/dsa_sign.o \
- ../crypto/dsa/dsa_vrf.o \
- ../crypto/err/err.o \
- ../crypto/evp/digest.o \
- ../crypto/evp/enc_min.o \
- ../crypto/evp/e_aes.o \
- ../crypto/evp/e_des3.o \
- ../crypto/evp/p_sign.o \
- ../crypto/evp/p_verify.o \
- ../crypto/mem_clr.o \
- ../crypto/mem.o \
- ../crypto/rand/md_rand.o \
- ../crypto/rand/rand_egd.o \
- ../crypto/rand/randfile.o \
- ../crypto/rand/rand_lib.o \
- ../crypto/rand/rand_os2.o \
- ../crypto/rand/rand_unix.o \
- ../crypto/rand/rand_win.o \
- ../crypto/rsa/rsa_lib.o \
- ../crypto/rsa/rsa_none.o \
- ../crypto/rsa/rsa_oaep.o \
- ../crypto/rsa/rsa_pk1.o \
- ../crypto/rsa/rsa_pss.o \
- ../crypto/rsa/rsa_ssl.o \
- ../crypto/rsa/rsa_x931.o \
- ../crypto/sha/sha1dgst.o \
- ../crypto/sha/sha256.o \
- ../crypto/sha/sha512.o \
- ../crypto/uid.o
-
-sub_all: build_all
-build_all: build_libs build_apps build_tests build_tools
-
-build_libs: build_crypto build_fips build_ssl build_shared build_engines
-
-build_crypto:
- if [ -n "$(FIPSCANLIB)" ]; then \
- EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
- ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
- else \
- ARX='${AR}' ; \
- fi ; export ARX ; \
- dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_fips:
- @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
-build_ssl: build_crypto
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
- @dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
- @dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
- @dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
- @dir=tools; target=all; $(BUILD_ONE_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
- @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-
-build_shared: $(SHARED_LIBS)
-libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- if [ "$(FIPSCANLIB)" = "libfips" ]; then \
- $(ARD) libcrypto.a fipscanister.o ; \
- $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
- $(AR) libcrypto.a fips/fipscanister.o ; \
- else \
- if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
- FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
- export CC FIPSLD_CC; \
- fi; \
- $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
- fi \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- shlibdeps=-lcrypto; \
- [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2 ; \
- exit 1; \
- fi
-
-fips/fipscanister.o: build_fips
-libfips$(SHLIB_EXT): fips/fipscanister.o
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \
- $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- CC=$${CC} LIBNAME=fips THIS=$@ \
- LIBEXTRAS=fips/fipscanister.o \
- LIBDEPS="$(EX_LIBS)" \
- LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
- link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-libfips.a:
- dir=fips; target=all; $(BUILD_ONE_CMD)
-
-clean-shared:
- @set -e; for i in $(SHLIBDIRS); do \
- if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
- tmp="$(SHARED_LIBS_LINK_EXTS)"; \
- for j in $${tmp:-x}; do \
- ( set -x; rm -f lib$$i$$j ); \
- done; \
- fi; \
- ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
- if [ "$(PLATFORM)" = "Cygwin" ]; then \
- ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
- fi; \
- done
-
-link-shared:
- @ set -e; for i in ${SHLIBDIRS}; do \
- $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
- LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
- symlink.$(SHLIB_TARGET); \
- libs="$$libs -l$$i"; \
- done
-
-build-shared: do_$(SHLIB_TARGET) link-shared
-
-do_$(SHLIB_TARGET):
- @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
- LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
- LIBDEPS="$$libs $(EX_LIBS)" \
- link_a.$(SHLIB_TARGET); \
- libs="-l$$i $$libs"; \
- done
-
-libcrypto.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL-libcrypto'; \
- echo 'Description: OpenSSL cryptography library'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-
-libssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
-
-openssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-
-Makefile: Makefile.org Configure config
- @echo "Makefile is older than Makefile.org, Configure or config."
- @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
- @false
-
-libclean:
- rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
-
-clean: libclean
- rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
- @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
- rm -f $(LIBS)
- rm -f openssl.pc libssl.pc libcrypto.pc
- rm -f speed.* .pure
- rm -f $(TARFILE)
- @set -e; for i in $(ONEDIRS) ;\
- do \
- rm -fr $$i/*; \
- done
-
-makefile.one: files
- $(PERL) util/mk1mf.pl >makefile.one; \
- sh util/do_ms.sh
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
- @set -e; target=files; $(RECURSIVE_BUILD_CMD)
-
-links:
- @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
- @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
- @set -e; target=links; $(RECURSIVE_BUILD_CMD)
- @if [ -z "$(FIPSCANLIB)" ]; then \
- set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
- fi
-
-gentests:
- @(cd test && echo "generating dummy tests (if needed)..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
-
-dclean:
- rm -f *.bak
- @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
-
-rehash: rehash.time
-rehash.time: certs apps
- @if [ -z "$(CROSS_COMPILE)" ]; then \
- (OPENSSL="`pwd`/util/opensslwrap.sh"; \
- OPENSSL_DEBUG_MEMORY=on; \
- export OPENSSL OPENSSL_DEBUG_MEMORY; \
- $(PERL) tools/c_rehash certs) && \
- touch rehash.time; \
- fi
-
-test: tests
-
-tests: rehash
- @(cd test && echo "testing..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
- util/opensslwrap.sh version -a
-
-report:
- @$(PERL) util/selftest.pl
-
-depend:
- @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-
-lint:
- @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-
-tags:
- rm -f TAGS
- find . -name '[^.]*.[ch]' | xargs etags -a
-
-errors:
- $(PERL) util/mkerr.pl -recurse -write
- (cd engines; $(MAKE) PERL=$(PERL) errors)
- $(PERL) util/ck_errf.pl */*.c */*/*.c
-
-stacks:
- $(PERL) util/mkstack.pl -write
-
-util/libeay.num::
- $(PERL) util/mkdef.pl crypto update
-
-util/ssleay.num::
- $(PERL) util/mkdef.pl ssl update
-
-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
- $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
-
-apps/openssl-vms.cnf: apps/openssl.cnf
- $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
-
-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
- $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
-
-
-TABLE: Configure
- (echo 'Output of `Configure TABLE'"':"; \
- $(PERL) Configure TABLE) > TABLE
-
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
-
-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
-tar:
- find . -type d -print | xargs chmod 755
- find . -type f -print | xargs chmod a+r
- find . -type f -perm -0100 -print | xargs chmod a+x
- find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
- $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
- tardy --user_number=0 --user_name=openssl \
- --group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - |\
- gzip --best >../$(TARFILE).gz; \
- rm -f ../$(TARFILE).list; \
- ls -l ../$(TARFILE).gz
-
-tar-snap:
- @$(TAR) $(TARFLAGS) -cvf - \
- `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
- tardy --user_number=0 --user_name=openssl \
- --group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
- ls -l ../$(TARFILE)
-
-dist:
- $(PERL) Configure dist
- @$(MAKE) dist_pem_h
- @$(MAKE) SDIRS='${SDIRS}' clean
- @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
-
-dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
-install: all install_docs install_sw
-
-install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
- $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; for i in $(LIBS) ;\
- do \
- if [ -f "$$i" ]; then \
- ( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
- fi; \
- done;
- @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
- tmp="$(SHARED_LIBS)"; \
- for i in $${tmp:-x}; \
- do \
- if [ -f "$$i" -o -f "$$i.a" ]; then \
- ( echo installing $$i; \
- if [ "$(PLATFORM)" != "Cygwin" ]; then \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
- else \
- c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
- cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
- fi ); \
- fi; \
- done; \
- ( here="`pwd`"; \
- cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
- $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
- if [ "$(INSTALLTOP)" != "/usr" ]; then \
- echo 'OpenSSL shared libraries have been installed in:'; \
- echo ' $(INSTALLTOP)'; \
- echo ''; \
- sed -e '1,/^$$/d' doc/openssl-shared.txt; \
- fi; \
- fi
- cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
- cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
- cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
-
-install_docs:
- @$(PERL) $(TOP)/util/mkdir-p.pl \
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
- $(INSTALL_PREFIX)$(MANDIR)/man7
- @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- here="`pwd`"; \
- filecase=; \
- if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
- filecase=-i; \
- fi; \
- set -e; for i in doc/apps/*.pod; do \
- fn=`basename $$i .pod`; \
- sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- (grep -v $$filecase "^$$fn\$$"; true) | \
- (grep -v "[ ]"; true) | \
- (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
- while read n; do \
- $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
- done); \
- done; \
- set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
- fn=`basename $$i .pod`; \
- sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- (grep -v $$filecase "^$$fn\$$"; true) | \
- (grep -v "[ ]"; true) | \
- (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
- while read n; do \
- $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
- done); \
- done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
Copied: vendor-crypto/openssl/0.9.8zf/Makefile.bak (from rev 6976, vendor-crypto/openssl/dist/Makefile.bak)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/Makefile.bak (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/Makefile.bak 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,732 @@
+### Generated automatically from Makefile.org by Configure.
+
+##
+## Makefile for OpenSSL
+##
+
+VERSION=0.9.8zf-dev
+MAJOR=0
+MINOR=9.8
+SHLIB_VERSION_NUMBER=0.9.8
+SHLIB_VERSION_HISTORY=
+SHLIB_MAJOR=0
+SHLIB_MINOR=9.8
+SHLIB_EXT=
+PLATFORM=gcc
+OPTIONS= no-camellia no-capieng no-cms no-gmp no-jpake no-krb5 no-mdc2 no-montasm no-rc5 no-rfc3779 no-seed no-shared no-zlib no-zlib-dynamic
+CONFIGURE_ARGS=gcc
+SHLIB_TARGET=
+
+# HERE indicates where this Makefile lives. This can be used to indicate
+# where sub-Makefiles are expected to be. Currently has very limited usage,
+# and should probably not be bothered with at all.
+HERE=.
+
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4 - Define to build without the RC4 algorithm
+# NO_RC2 - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+# one. 32 bytes will be read from this when the random
+# number generator is initalised.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+# NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+# call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= gcc
+CFLAG= -O3
+DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED
+PEX_LIBS=
+EX_LIBS=
+EXE_EXT=
+ARFLAGS=
+AR= ar $(ARFLAGS) r
+ARD=ar $(ARFLAGS) d
+RANLIB= /usr/bin/ranlib
+PERL= /usr/bin/perl
+TAR= tar
+TARFLAGS= --no-recursion --record-size=10240
+MAKEDEPPROG= gcc
+LIBDIR=lib
+
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAG=$(CFLAG)
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
+# CPUID module collects small commonly used assembler snippets
+CPUID_OBJ=
+BN_ASM= bn_asm.o
+DES_ENC= des_enc.o fcrypt_b.o
+AES_ASM_OBJ= aes_core.o aes_cbc.o
+BF_ENC= bf_enc.o
+CAST_ENC= c_enc.o
+RC4_ENC= rc4_enc.o rc4_skey.o
+RC5_ENC= rc5_enc.o
+MD5_ASM_OBJ=
+SHA1_ASM_OBJ=
+RMD160_ASM_OBJ=
+
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+# Zlib stuff
+ZLIB_INCLUDE=
+LIBZLIB=
+
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build make be different so hard
+# code the path.
+
+FIPSLIBDIR=/usr/local/ssl/fips-1.0/lib/
+
+# This is set to "y" if fipscanister.o is compiled internally as
+# opposed to coming from an external validated location.
+
+FIPSCANISTERINTERNAL=n
+
+# The location of the library which contains fipscanister.o
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
+
+FIPSCANLIB=
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=0xFB00000
+
+DIRS= crypto ssl engines apps test tools
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS= \
+ objects \
+ md2 md4 md5 sha hmac ripemd \
+ des aes rc2 rc4 idea bf cast \
+ bn ec rsa dsa ecdsa dh ecdh dso engine \
+ buffer bio stack lhash rand err \
+ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
+ store pqueue
+# keep in mind that the above list is adjusted by ./Configure
+# according to no-xxx arguments...
+
+# tests to perform. "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
+
+MAKEFILE= Makefile
+
+MANDIR=$(OPENSSLDIR)/man
+MAN1=1
+MAN3=3
+MANSUFFIX=
+SHELL=/bin/sh
+
+TOP= .
+ONEDIRS=out tmp
+EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS= windows
+LIBS= libcrypto.a libssl.a
+SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+SHARED_SSL=libssl$(SHLIB_EXT)
+SHARED_FIPS=
+SHARED_LIBS=
+SHARED_LIBS_LINK_EXTS=
+SHARED_LDFLAGS=
+
+GENERAL= Makefile
+BASENAME= openssl
+NAME= $(BASENAME)-$(VERSION)
+TARFILE= $(NAME).tar
+WTARFILE= $(NAME)-win.tar
+EXHEADER= e_os2.h
+HEADER= e_os.h
+
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
+
+# as we stick to -e, CLEARENV ensures that local variables in lower
+# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+# shell, which [annoyingly enough] terminates unset with error if VAR
+# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
+# which terminates unset with error if no variable was present:-(
+CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
+ $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
+ $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
+ $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
+ $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
+ $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
+ $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
+ $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
+ $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
+ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+
+BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
+ CC='${CC}' CFLAG='${CFLAG}' \
+ AS='${CC}' ASFLAG='${CFLAG} -c' \
+ AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
+ SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/$(LIBDIR)' \
+ INSTALL_PREFIX='${INSTALL_PREFIX}' \
+ INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
+ LIBDIR='${LIBDIR}' \
+ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+ DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
+ MAKEDEPPROG='${MAKEDEPPROG}' \
+ SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
+ KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
+ EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
+ SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
+ PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
+ CPUID_OBJ='${CPUID_OBJ}' \
+ BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
+ AES_ASM_OBJ='${AES_ASM_OBJ}' \
+ BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
+ RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
+ SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
+ MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
+ RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
+ FIPSLIBDIR='${FIPSLIBDIR}' \
+ FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}" \
+ FIPSCANISTERINTERNAL='${FIPSCANISTERINTERNAL}' \
+ FIPS_EX_OBJ='${FIPS_EX_OBJ}' \
+ THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
+# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
+# which in turn eliminates ambiguities in variable treatment with -e.
+
+# BUILD_CMD is a generic macro to build a given target in a given
+# subdirectory. The target must be given through the shell variable
+# `target' and the subdirectory to build in must be given through `dir'.
+# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
+# BUILD_ONE_CMD instead.
+#
+# BUILD_ONE_CMD is a macro to build a given target in a given
+# subdirectory if that subdirectory is part of $(DIRS). It requires
+# exactly the same shell variables as BUILD_CMD.
+#
+# RECURSIVE_BUILD_CMD is a macro to build a given target in all
+# subdirectories defined in $(DIRS). It requires that the target
+# is given through the shell variable `target'.
+BUILD_CMD= if [ -d "$$dir" ]; then \
+ ( [ $$target != all -a -z "$(FIPSCANLIB)" ] && FIPSCANLIB=/dev/null; \
+ cd $$dir && echo "making $$target in $$dir..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
+ ) || exit 1; \
+ fi
+RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
+BUILD_ONE_CMD=\
+ if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
+ $(BUILD_CMD); \
+ fi
+
+reflect:
+ @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+
+FIPS_EX_OBJ= ../crypto/aes/aes_cfb.o \
+ ../crypto/aes/aes_ecb.o \
+ ../crypto/aes/aes_ofb.o \
+ ../crypto/bn/bn_add.o \
+ ../crypto/bn/bn_blind.o \
+ ../crypto/bn/bn_ctx.o \
+ ../crypto/bn/bn_div.o \
+ ../crypto/bn/bn_exp2.o \
+ ../crypto/bn/bn_exp.o \
+ ../crypto/bn/bn_gcd.o \
+ ../crypto/bn/bn_lib.o \
+ ../crypto/bn/bn_mod.o \
+ ../crypto/bn/bn_mont.o \
+ ../crypto/bn/bn_mul.o \
+ ../crypto/bn/bn_prime.o \
+ ../crypto/bn/bn_rand.o \
+ ../crypto/bn/bn_recp.o \
+ ../crypto/bn/bn_shift.o \
+ ../crypto/bn/bn_sqr.o \
+ ../crypto/bn/bn_word.o \
+ ../crypto/bn/bn_x931p.o \
+ ../crypto/buffer/buf_str.o \
+ ../crypto/cryptlib.o \
+ ../crypto/des/cfb64ede.o \
+ ../crypto/des/cfb64enc.o \
+ ../crypto/des/cfb_enc.o \
+ ../crypto/des/ecb3_enc.o \
+ ../crypto/des/ecb_enc.o \
+ ../crypto/des/ofb64ede.o \
+ ../crypto/des/ofb64enc.o \
+ ../crypto/des/fcrypt.o \
+ ../crypto/des/set_key.o \
+ ../crypto/dsa/dsa_utl.o \
+ ../crypto/dsa/dsa_sign.o \
+ ../crypto/dsa/dsa_vrf.o \
+ ../crypto/err/err.o \
+ ../crypto/evp/digest.o \
+ ../crypto/evp/enc_min.o \
+ ../crypto/evp/e_aes.o \
+ ../crypto/evp/e_des3.o \
+ ../crypto/evp/p_sign.o \
+ ../crypto/evp/p_verify.o \
+ ../crypto/mem_clr.o \
+ ../crypto/mem.o \
+ ../crypto/rand/md_rand.o \
+ ../crypto/rand/rand_egd.o \
+ ../crypto/rand/randfile.o \
+ ../crypto/rand/rand_lib.o \
+ ../crypto/rand/rand_os2.o \
+ ../crypto/rand/rand_unix.o \
+ ../crypto/rand/rand_win.o \
+ ../crypto/rsa/rsa_lib.o \
+ ../crypto/rsa/rsa_none.o \
+ ../crypto/rsa/rsa_oaep.o \
+ ../crypto/rsa/rsa_pk1.o \
+ ../crypto/rsa/rsa_pss.o \
+ ../crypto/rsa/rsa_ssl.o \
+ ../crypto/rsa/rsa_x931.o \
+ ../crypto/sha/sha1dgst.o \
+ ../crypto/sha/sha256.o \
+ ../crypto/sha/sha512.o \
+ ../crypto/uid.o
+
+sub_all: build_all
+build_all: build_libs build_apps build_tests build_tools
+
+build_libs: build_crypto build_fips build_ssl build_shared build_engines
+
+build_crypto:
+ if [ -n "$(FIPSCANLIB)" ]; then \
+ EXCL_OBJ='$(AES_ASM_OBJ) $(BN_ASM) $(DES_ENC) $(CPUID_OBJ) $(SHA1_ASM_OBJ) $(FIPS_EX_OBJ)' ; export EXCL_OBJ ; \
+ ARX='$(PERL) $${TOP}/util/arx.pl $(AR)' ; \
+ else \
+ ARX='${AR}' ; \
+ fi ; export ARX ; \
+ dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_fips:
+ @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
+build_ssl: build_crypto
+ @dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines: build_crypto
+ @dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps: build_libs
+ @dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests: build_libs
+ @dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools: build_libs
+ @dir=tools; target=all; $(BUILD_ONE_CMD)
+
+all_testapps: build_libs build_testapps
+build_testapps:
+ @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
+
+build_shared: $(SHARED_LIBS)
+libcrypto$(SHLIB_EXT): libcrypto.a $(SHARED_FIPS)
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+ $(ARD) libcrypto.a fipscanister.o ; \
+ $(MAKE) SHLIBDIRS='crypto' SHLIBDEPS='-lfips' build-shared; \
+ $(AR) libcrypto.a fips/fipscanister.o ; \
+ else \
+ if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
+ export CC FIPSLD_CC; \
+ fi; \
+ $(MAKE) -e SHLIBDIRS='crypto' build-shared; \
+ fi \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+ fi
+
+libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ shlibdeps=-lcrypto; \
+ [ "$(FIPSCANLIB)" = "libfips" ] && shlibdeps="$$shlibdeps -lfips"; \
+ $(MAKE) SHLIBDIRS=ssl SHLIBDEPS="$$shlibdeps" build-shared; \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2 ; \
+ exit 1; \
+ fi
+
+fips/fipscanister.o: build_fips
+libfips$(SHLIB_EXT): fips/fipscanister.o
+ @if [ "$(SHLIB_TARGET)" != "" ]; then \
+ FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \
+ $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ CC=$${CC} LIBNAME=fips THIS=$@ \
+ LIBEXTRAS=fips/fipscanister.o \
+ LIBDEPS="$(EX_LIBS)" \
+ LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ link_o.$(SHLIB_TARGET) || { rm -f $@; exit 1; } \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+ fi
+
+libfips.a:
+ dir=fips; target=all; $(BUILD_ONE_CMD)
+
+clean-shared:
+ @set -e; for i in $(SHLIBDIRS); do \
+ if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+ tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+ for j in $${tmp:-x}; do \
+ ( set -x; rm -f lib$$i$$j ); \
+ done; \
+ fi; \
+ ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
+ if [ "$(PLATFORM)" = "Cygwin" ]; then \
+ ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+ fi; \
+ done
+
+link-shared:
+ @ set -e; for i in ${SHLIBDIRS}; do \
+ $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ symlink.$(SHLIB_TARGET); \
+ libs="$$libs -l$$i"; \
+ done
+
+build-shared: do_$(SHLIB_TARGET) link-shared
+
+do_$(SHLIB_TARGET):
+ @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+ libs="$(LIBKRB5) $$libs"; \
+ fi; \
+ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+ LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+ LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+ LIBDEPS="$$libs $(EX_LIBS)" \
+ link_a.$(SHLIB_TARGET); \
+ libs="-l$$i $$libs"; \
+ done
+
+libcrypto.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL-libcrypto'; \
+ echo 'Description: OpenSSL cryptography library'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
+
+libssl.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+
+openssl.pc: Makefile
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+ echo 'Version: '$(VERSION); \
+ echo 'Requires: '; \
+ echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+
+Makefile: Makefile.org Configure config
+ @echo "Makefile is older than Makefile.org, Configure or config."
+ @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+ @false
+
+libclean:
+ rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
+
+clean: libclean
+ rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
+ @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
+ rm -f $(LIBS)
+ rm -f openssl.pc libssl.pc libcrypto.pc
+ rm -f speed.* .pure
+ rm -f $(TARFILE)
+ @set -e; for i in $(ONEDIRS) ;\
+ do \
+ rm -fr $$i/*; \
+ done
+
+makefile.one: files
+ $(PERL) util/mk1mf.pl >makefile.one; \
+ sh util/do_ms.sh
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
+ @set -e; target=files; $(RECURSIVE_BUILD_CMD)
+
+links:
+ @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+ @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+ @set -e; target=links; $(RECURSIVE_BUILD_CMD)
+ @if [ -z "$(FIPSCANLIB)" ]; then \
+ set -e; target=links; dir=fips ; $(BUILD_CMD) ; \
+ fi
+
+gentests:
+ @(cd test && echo "generating dummy tests (if needed)..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
+dclean:
+ rm -f *.bak
+ @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
+
+rehash: rehash.time
+rehash.time: certs apps
+ @if [ -z "$(CROSS_COMPILE)" ]; then \
+ (OPENSSL="`pwd`/util/opensslwrap.sh"; \
+ OPENSSL_DEBUG_MEMORY=on; \
+ export OPENSSL OPENSSL_DEBUG_MEMORY; \
+ $(PERL) tools/c_rehash certs) && \
+ touch rehash.time; \
+ fi
+
+test: tests
+
+tests: rehash
+ @(cd test && echo "testing..." && \
+ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+ util/opensslwrap.sh version -a
+
+report:
+ @$(PERL) util/selftest.pl
+
+depend:
+ @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+
+lint:
+ @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
+
+tags:
+ rm -f TAGS
+ find . -name '[^.]*.[ch]' | xargs etags -a
+
+errors:
+ $(PERL) util/mkerr.pl -recurse -write
+ (cd engines; $(MAKE) PERL=$(PERL) errors)
+ $(PERL) util/ck_errf.pl */*.c */*/*.c
+
+stacks:
+ $(PERL) util/mkstack.pl -write
+
+util/libeay.num::
+ $(PERL) util/mkdef.pl crypto update
+
+util/ssleay.num::
+ $(PERL) util/mkdef.pl ssl update
+
+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+ $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+ $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+
+apps/openssl-vms.cnf: apps/openssl.cnf
+ $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+ $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
+TABLE: Configure
+ (echo 'Output of `Configure TABLE'"':"; \
+ $(PERL) Configure TABLE) > TABLE
+
+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+
+# Build distribution tar-file. As the list of files returned by "find" is
+# pretty long, on several platforms a "too many arguments" error or similar
+# would occur. Therefore the list of files is temporarily stored into a file
+# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+# tar does not support the --files-from option.
+tar:
+ find . -type d -print | xargs chmod 755
+ find . -type f -print | xargs chmod a+r
+ find . -type f -perm -0100 -print | xargs chmod a+x
+ find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+ $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - |\
+ gzip --best >../$(TARFILE).gz; \
+ rm -f ../$(TARFILE).list; \
+ ls -l ../$(TARFILE).gz
+
+tar-snap:
+ @$(TAR) $(TARFLAGS) -cvf - \
+ `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+ tardy --user_number=0 --user_name=openssl \
+ --group_number=0 --group_name=openssl \
+ --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+ ls -l ../$(TARFILE)
+
+dist:
+ $(PERL) Configure dist
+ @$(MAKE) dist_pem_h
+ @$(MAKE) SDIRS='${SDIRS}' clean
+ @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+
+dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+install: all install_docs install_sw
+
+install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; for i in $(LIBS) ;\
+ do \
+ if [ -f "$$i" ]; then \
+ ( echo installing $$i; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \
+ fi; \
+ done;
+ @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
+ tmp="$(SHARED_LIBS)"; \
+ for i in $${tmp:-x}; \
+ do \
+ if [ -f "$$i" -o -f "$$i.a" ]; then \
+ ( echo installing $$i; \
+ if [ "$(PLATFORM)" != "Cygwin" ]; then \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ else \
+ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+ fi ); \
+ fi; \
+ done; \
+ ( here="`pwd`"; \
+ cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \
+ $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
+ if [ "$(INSTALLTOP)" != "/usr" ]; then \
+ echo 'OpenSSL shared libraries have been installed in:'; \
+ echo ' $(INSTALLTOP)'; \
+ echo ''; \
+ sed -e '1,/^$$/d' doc/openssl-shared.txt; \
+ fi; \
+ fi
+ cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc
+ cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc
+ cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc
+
+install_docs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
+ $(INSTALL_PREFIX)$(MANDIR)/man7
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+ filecase=-i; \
+ fi; \
+ set -e; for i in doc/apps/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+ sh -c "$$pod2man \
+ --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+ $(PERL) util/extract-names.pl < $$i | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+ done); \
+ done; \
+ set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+ fn=`basename $$i .pod`; \
+ sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+ sh -c "$$pod2man \
+ --section=$$sec --center=OpenSSL \
+ --release=$(VERSION) `basename $$i`") \
+ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
+ $(PERL) util/extract-names.pl < $$i | \
+ (grep -v $$filecase "^$$fn\$$"; true) | \
+ (grep -v "[ ]"; true) | \
+ (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
+ while read n; do \
+ $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
+ done); \
+ done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
Deleted: vendor-crypto/openssl/0.9.8zf/NEWS
===================================================================
--- vendor-crypto/openssl/dist/NEWS 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/NEWS 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,610 +0,0 @@
-
- NEWS
- ====
-
- This file gives a brief overview of the major changes between each OpenSSL
- release. For more details please read the CHANGES file.
-
- Major changes between OpenSSL 0.9.8zb and OpenSSL 0.9.8zc [15 Oct 2014]:
-
- o Fix for CVE-2014-3513
- o Fix for CVE-2014-3567
- o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
- o Fix for CVE-2014-3568
-
- Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]:
-
- o Fix for CVE-2014-3510
- o Fix for CVE-2014-3507
- o Fix for CVE-2014-3506
- o Fix for CVE-2014-3505
- o Fix for CVE-2014-3508
-
- Known issues in OpenSSL 0.9.8za:
-
- o Compilation failure of s3_pkt.c on some platforms due to missing
- <limits.h> include. Fixed in 0.9.8zb-dev.
- o FIPS capable link failure with missing symbol BN_consttime_swap.
- Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC
- algorithms are not FIPS approved in OpenSSL 0.9.8 anyway.
-
- Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]:
-
- o Fix for CVE-2014-0224
- o Fix for CVE-2014-0221
- o Fix for CVE-2014-0195
- o Fix for CVE-2014-3470
- o Fix for CVE-2014-0076
- o Fix for CVE-2010-5298
- o Fix to TLS alert handling.
-
- Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
-
- o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
- o Fix OCSP bad key DoS attack CVE-2013-0166
-
- Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
-
- o Fix DTLS record length checking bug CVE-2012-2333
-
- Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
-
- o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
-
- Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
-
- o Fix for ASN1 overflow bug CVE-2012-2110
-
- Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
-
- o Fix for CMS/PKCS#7 MMA CVE-2012-0884
- o Corrected fix for CVE-2011-4619
- o Various DTLS fixes.
-
- Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
-
- o Fix for DTLS DoS issue CVE-2012-0050
-
- Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
-
- o Fix for DTLS plaintext recovery attack CVE-2011-4108
- o Fix policy check double free error CVE-2011-4109
- o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
- o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
- o Check for malformed RFC3779 data CVE-2011-4577
-
- Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
-
- o Fix for security issue CVE-2011-0014
-
- Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
-
- o Fix for security issue CVE-2010-4180
- o Fix for CVE-2010-4252
-
- Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
-
- o Fix for security issue CVE-2010-3864.
-
- Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
-
- o Fix for security issue CVE-2010-0742.
- o Various DTLS fixes.
- o Recognise SHA2 certificates if only SSL algorithms added.
- o Fix for no-rc4 compilation.
- o Chil ENGINE unload workaround.
-
- Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
-
- o CFB cipher definition fixes.
- o Fix security issues CVE-2010-0740 and CVE-2010-0433.
-
- Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
-
- o Cipher definition fixes.
- o Workaround for slow RAND_poll() on some WIN32 versions.
- o Remove MD2 from algorithm tables.
- o SPKAC handling fixes.
- o Support for RFC5746 TLS renegotiation extension.
- o Compression memory leak fixed.
- o Compression session resumption fixed.
- o Ticket and SNI coexistence fixes.
- o Many fixes to DTLS handling.
-
- Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
-
- o Temporary work around for CVE-2009-3555: disable renegotiation.
-
- Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
-
- o Fix various build issues.
- o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
-
- Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
-
- o Fix security issue (CVE-2008-5077)
- o Merge FIPS 140-2 branch code.
-
- Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
-
- o CryptoAPI ENGINE support.
- o Various precautionary measures.
- o Fix for bugs affecting certificate request creation.
- o Support for local machine keyset attribute in PKCS#12 files.
-
- Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
-
- o Backport of CMS functionality to 0.9.8.
- o Fixes for bugs introduced with 0.9.8f.
-
- Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
-
- o Add gcc 4.2 support.
- o Add support for AES and SSE2 assembly lanugauge optimization
- for VC++ build.
- o Support for RFC4507bis and server name extensions if explicitly
- selected at compile time.
- o DTLS improvements.
- o RFC4507bis support.
- o TLS Extensions support.
-
- Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
-
- o Various ciphersuite selection fixes.
- o RFC3779 support.
-
- Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
-
- o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
- o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
- o Changes to ciphersuite selection algorithm
-
- Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
-
- o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
- o New cipher Camellia
-
- Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
-
- o Cipher string fixes.
- o Fixes for VC++ 2005.
- o Updated ECC cipher suite support.
- o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
- o Zlib compression usage fixes.
- o Built in dynamic engine compilation support on Win32.
- o Fixes auto dynamic engine loading in Win32.
-
- Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
-
- o Fix potential SSL 2.0 rollback, CVE-2005-2969
- o Extended Windows CE support
-
- Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
-
- o Major work on the BIGNUM library for higher efficiency and to
- make operations more streamlined and less contradictory. This
- is the result of a major audit of the BIGNUM library.
- o Addition of BIGNUM functions for fields GF(2^m) and NIST
- curves, to support the Elliptic Crypto functions.
- o Major work on Elliptic Crypto; ECDH and ECDSA added, including
- the use through EVP, X509 and ENGINE.
- o New ASN.1 mini-compiler that's usable through the OpenSSL
- configuration file.
- o Added support for ASN.1 indefinite length constructed encoding.
- o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
- o Complete rework of shared library construction and linking
- programs with shared or static libraries, through a separate
- Makefile.shared.
- o Rework of the passing of parameters from one Makefile to another.
- o Changed ENGINE framework to load dynamic engine modules
- automatically from specifically given directories.
- o New structure and ASN.1 functions for CertificatePair.
- o Changed the ZLIB compression method to be stateful.
- o Changed the key-generation and primality testing "progress"
- mechanism to take a structure that contains the ticker
- function and an argument.
- o New engine module: GMP (performs private key exponentiation).
- o New engine module: VIA PadLOck ACE extension in VIA C3
- Nehemiah processors.
- o Added support for IPv6 addresses in certificate extensions.
- See RFC 1884, section 2.2.
- o Added support for certificate policy mappings, policy
- constraints and name constraints.
- o Added support for multi-valued AVAs in the OpenSSL
- configuration file.
- o Added support for multiple certificates with the same subject
- in the 'openssl ca' index file.
- o Make it possible to create self-signed certificates using
- 'openssl ca -selfsign'.
- o Make it possible to generate a serial number file with
- 'openssl ca -create_serial'.
- o New binary search functions with extended functionality.
- o New BUF functions.
- o New STORE structure and library to provide an interface to all
- sorts of data repositories. Supports storage of public and
- private keys, certificates, CRLs, numbers and arbitrary blobs.
- This library is unfortunately unfinished and unused withing
- OpenSSL.
- o New control functions for the error stack.
- o Changed the PKCS#7 library to support one-pass S/MIME
- processing.
- o Added the possibility to compile without old deprecated
- functionality with the OPENSSL_NO_DEPRECATED macro or the
- 'no-deprecated' argument to the config and Configure scripts.
- o Constification of all ASN.1 conversion functions, and other
- affected functions.
- o Improved platform support for PowerPC.
- o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
- o New X509_VERIFY_PARAM structure to support parametrisation
- of X.509 path validation.
- o Major overhaul of RC4 performance on Intel P4, IA-64 and
- AMD64.
- o Changed the Configure script to have some algorithms disabled
- by default. Those can be explicitely enabled with the new
- argument form 'enable-xxx'.
- o Change the default digest in 'openssl' commands from MD5 to
- SHA-1.
- o Added support for DTLS.
- o New BIGNUM blinding.
- o Added support for the RSA-PSS encryption scheme
- o Added support for the RSA X.931 padding.
- o Added support for BSD sockets on NetWare.
- o Added support for files larger than 2GB.
- o Added initial support for Win64.
- o Added alternate pkg-config files.
-
- Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
-
- o FIPS 1.1.1 module linking.
- o Various ciphersuite selection fixes.
-
- Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
-
- o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
- o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
-
- Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
-
- o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
-
- Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
-
- o Visual C++ 2005 fixes.
- o Update Windows build system for FIPS.
-
- Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
-
- o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
-
- Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
-
- o Fix SSL 2.0 Rollback, CVE-2005-2969
- o Allow use of fixed-length exponent on DSA signing
- o Default fixed-window RSA, DSA, DH private-key operations
-
- Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
-
- o More compilation issues fixed.
- o Adaptation to more modern Kerberos API.
- o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
- o Enhanced x86_64 assembler BIGNUM module.
- o More constification.
- o Added processing of proxy certificates (RFC 3820).
-
- Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
-
- o Several compilation issues fixed.
- o Many memory allocation failure checks added.
- o Improved comparison of X509 Name type.
- o Mandatory basic checks on certificates.
- o Performance improvements.
-
- Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
-
- o Fix race condition in CRL checking code.
- o Fixes to PKCS#7 (S/MIME) code.
-
- Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
-
- o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
- o Security: Fix null-pointer assignment in do_change_cipher_spec()
- o Allow multiple active certificates with same subject in CA index
- o Multiple X509 verification fixes
- o Speed up HMAC and other operations
-
- Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
-
- o Security: fix various ASN1 parsing bugs.
- o New -ignore_err option to OCSP utility.
- o Various interop and bug fixes in S/MIME code.
- o SSL/TLS protocol fix for unrequested client certificates.
-
- Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
-
- o Security: counter the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack
- o Security: make RSA blinding default.
- o Configuration: Irix fixes, AIX fixes, better mingw support.
- o Support for new platforms: linux-ia64-ecc.
- o Build: shared library support fixes.
- o ASN.1: treat domainComponent correctly.
- o Documentation: fixes and additions.
-
- Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
-
- o Security: Important security related bugfixes.
- o Enhanced compatibility with MIT Kerberos.
- o Can be built without the ENGINE framework.
- o IA32 assembler enhancements.
- o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
- o Configuration: the no-err option now works properly.
- o SSL/TLS: now handles manual certificate chain building.
- o SSL/TLS: certain session ID malfunctions corrected.
-
- Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
-
- o New library section OCSP.
- o Complete rewrite of ASN1 code.
- o CRL checking in verify code and openssl utility.
- o Extension copying in 'ca' utility.
- o Flexible display options in 'ca' utility.
- o Provisional support for international characters with UTF8.
- o Support for external crypto devices ('engine') is no longer
- a separate distribution.
- o New elliptic curve library section.
- o New AES (Rijndael) library section.
- o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
- Linux x86_64, Linux 64-bit on Sparc v9
- o Extended support for some platforms: VxWorks
- o Enhanced support for shared libraries.
- o Now only builds PIC code when shared library support is requested.
- o Support for pkg-config.
- o Lots of new manuals.
- o Makes symbolic links to or copies of manuals to cover all described
- functions.
- o Change DES API to clean up the namespace (some applications link also
- against libdes providing similar functions having the same name).
- Provide macros for backward compatibility (will be removed in the
- future).
- o Unify handling of cryptographic algorithms (software and engine)
- to be available via EVP routines for asymmetric and symmetric ciphers.
- o NCONF: new configuration handling routines.
- o Change API to use more 'const' modifiers to improve error checking
- and help optimizers.
- o Finally remove references to RSAref.
- o Reworked parts of the BIGNUM code.
- o Support for new engines: Broadcom ubsec, Accelerated Encryption
- Processing, IBM 4758.
- o A few new engines added in the demos area.
- o Extended and corrected OID (object identifier) table.
- o PRNG: query at more locations for a random device, automatic query for
- EGD style random sources at several locations.
- o SSL/TLS: allow optional cipher choice according to server's preference.
- o SSL/TLS: allow server to explicitly set new session ids.
- o SSL/TLS: support Kerberos cipher suites (RFC2712).
- Only supports MIT Kerberos for now.
- o SSL/TLS: allow more precise control of renegotiations and sessions.
- o SSL/TLS: add callback to retrieve SSL/TLS messages.
- o SSL/TLS: support AES cipher suites (RFC3268).
-
- Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
-
- o Security: fix various ASN1 parsing bugs.
- o SSL/TLS protocol fix for unrequested client certificates.
-
- Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
-
- o Security: counter the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack
- o Security: make RSA blinding default.
- o Build: shared library support fixes.
-
- Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
-
- o Important security related bugfixes.
-
- Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
-
- o New configuration targets for Tandem OSS and A/UX.
- o New OIDs for Microsoft attributes.
- o Better handling of SSL session caching.
- o Better comparison of distinguished names.
- o Better handling of shared libraries in a mixed GNU/non-GNU environment.
- o Support assembler code with Borland C.
- o Fixes for length problems.
- o Fixes for uninitialised variables.
- o Fixes for memory leaks, some unusual crashes and some race conditions.
- o Fixes for smaller building problems.
- o Updates of manuals, FAQ and other instructive documents.
-
- Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
-
- o Important building fixes on Unix.
-
- Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
-
- o Various important bugfixes.
-
- Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
-
- o Important security related bugfixes.
- o Various SSL/TLS library bugfixes.
-
- Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
-
- o Various SSL/TLS library bugfixes.
- o Fix DH parameter generation for 'non-standard' generators.
-
- Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
-
- o Various SSL/TLS library bugfixes.
- o BIGNUM library fixes.
- o RSA OAEP and random number generation fixes.
- o Object identifiers corrected and added.
- o Add assembler BN routines for IA64.
- o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
- MIPS Linux; shared library support for Irix, HP-UX.
- o Add crypto accelerator support for AEP, Baltimore SureWare,
- Broadcom and Cryptographic Appliance's keyserver
- [in 0.9.6c-engine release].
-
- Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
-
- o Security fix: PRNG improvements.
- o Security fix: RSA OAEP check.
- o Security fix: Reinsert and fix countermeasure to Bleichbacher's
- attack.
- o MIPS bug fix in BIGNUM.
- o Bug fix in "openssl enc".
- o Bug fix in X.509 printing routine.
- o Bug fix in DSA verification routine and DSA S/MIME verification.
- o Bug fix to make PRNG thread-safe.
- o Bug fix in RAND_file_name().
- o Bug fix in compatibility mode trust settings.
- o Bug fix in blowfish EVP.
- o Increase default size for BIO buffering filter.
- o Compatibility fixes in some scripts.
-
- Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
-
- o Security fix: change behavior of OpenSSL to avoid using
- environment variables when running as root.
- o Security fix: check the result of RSA-CRT to reduce the
- possibility of deducing the private key from an incorrectly
- calculated signature.
- o Security fix: prevent Bleichenbacher's DSA attack.
- o Security fix: Zero the premaster secret after deriving the
- master secret in DH ciphersuites.
- o Reimplement SSL_peek(), which had various problems.
- o Compatibility fix: the function des_encrypt() renamed to
- des_encrypt1() to avoid clashes with some Unixen libc.
- o Bug fixes for Win32, HP/UX and Irix.
- o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
- memory checking routines.
- o Bug fixes for RSA operations in threaded environments.
- o Bug fixes in misc. openssl applications.
- o Remove a few potential memory leaks.
- o Add tighter checks of BIGNUM routines.
- o Shared library support has been reworked for generality.
- o More documentation.
- o New function BN_rand_range().
- o Add "-rand" option to openssl s_client and s_server.
-
- Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
-
- o Some documentation for BIO and SSL libraries.
- o Enhanced chain verification using key identifiers.
- o New sign and verify options to 'dgst' application.
- o Support for DER and PEM encoded messages in 'smime' application.
- o New 'rsautl' application, low level RSA utility.
- o MD4 now included.
- o Bugfix for SSL rollback padding check.
- o Support for external crypto devices [1].
- o Enhanced EVP interface.
-
- [1] The support for external crypto devices is currently a separate
- distribution. See the file README.ENGINE.
-
- Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
-
- o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
- o Shared library support for HPUX and Solaris-gcc
- o Support of Linux/IA64
- o Assembler support for Mingw32
- o New 'rand' application
- o New way to check for existence of algorithms from scripts
-
- Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
-
- o S/MIME support in new 'smime' command
- o Documentation for the OpenSSL command line application
- o Automation of 'req' application
- o Fixes to make s_client, s_server work under Windows
- o Support for multiple fieldnames in SPKACs
- o New SPKAC command line utilty and associated library functions
- o Options to allow passwords to be obtained from various sources
- o New public key PEM format and options to handle it
- o Many other fixes and enhancements to command line utilities
- o Usable certificate chain verification
- o Certificate purpose checking
- o Certificate trust settings
- o Support of authority information access extension
- o Extensions in certificate requests
- o Simplified X509 name and attribute routines
- o Initial (incomplete) support for international character sets
- o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
- o Read only memory BIOs and simplified creation function
- o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
- record; allow fragmentation and interleaving of handshake and other
- data
- o TLS/SSL code now "tolerates" MS SGC
- o Work around for Netscape client certificate hang bug
- o RSA_NULL option that removes RSA patent code but keeps other
- RSA functionality
- o Memory leak detection now allows applications to add extra information
- via a per-thread stack
- o PRNG robustness improved
- o EGD support
- o BIGNUM library bug fixes
- o Faster DSA parameter generation
- o Enhanced support for Alpha Linux
- o Experimental MacOS support
-
- Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
-
- o Transparent support for PKCS#8 format private keys: these are used
- by several software packages and are more secure than the standard
- form
- o PKCS#5 v2.0 implementation
- o Password callbacks have a new void * argument for application data
- o Avoid various memory leaks
- o New pipe-like BIO that allows using the SSL library when actual I/O
- must be handled by the application (BIO pair)
-
- Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
- o Lots of enhancements and cleanups to the Configuration mechanism
- o RSA OEAP related fixes
- o Added `openssl ca -revoke' option for revoking a certificate
- o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
- o Source tree cleanups: removed lots of obsolete files
- o Thawte SXNet, certificate policies and CRL distribution points
- extension support
- o Preliminary (experimental) S/MIME support
- o Support for ASN.1 UTF8String and VisibleString
- o Full integration of PKCS#12 code
- o Sparc assembler bignum implementation, optimized hash functions
- o Option to disable selected ciphers
-
- Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
- o Fixed a security hole related to session resumption
- o Fixed RSA encryption routines for the p < q case
- o "ALL" in cipher lists now means "everything except NULL ciphers"
- o Support for Triple-DES CBCM cipher
- o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
- o First support for new TLSv1 ciphers
- o Added a few new BIOs (syslog BIO, reliable BIO)
- o Extended support for DSA certificate/keys.
- o Extended support for Certificate Signing Requests (CSR)
- o Initial support for X.509v3 extensions
- o Extended support for compression inside the SSL record layer
- o Overhauled Win32 builds
- o Cleanups and fixes to the Big Number (BN) library
- o Support for ASN.1 GeneralizedTime
- o Splitted ASN.1 SETs from SEQUENCEs
- o ASN1 and PEM support for Netscape Certificate Sequences
- o Overhauled Perl interface
- o Lots of source tree cleanups.
- o Lots of memory leak fixes.
- o Lots of bug fixes.
-
- Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
- o Integration of the popular NO_RSA/NO_DSA patches
- o Initial support for compression inside the SSL record layer
- o Added BIO proxy and filtering functionality
- o Extended Big Number (BN) library
- o Added RIPE MD160 message digest
- o Addeed support for RC2/64bit cipher
- o Extended ASN.1 parser routines
- o Adjustations of the source tree for CVS
- o Support for various new platforms
-
Copied: vendor-crypto/openssl/0.9.8zf/NEWS (from rev 6976, vendor-crypto/openssl/dist/NEWS)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/NEWS (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/NEWS 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,633 @@
+
+ NEWS
+ ====
+
+ This file gives a brief overview of the major changes between each OpenSSL
+ release. For more details please read the CHANGES file.
+
+ Major changes between OpenSSL 0.9.8ze and OpenSSL 0.9.8zf [19 Mar 2015]
+
+ o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
+ o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
+ o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
+ o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
+ o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
+ o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
+ o Removed the export ciphers from the DEFAULT ciphers
+
+ Major changes between OpenSSL 0.9.8zd and OpenSSL 0.9.8ze [15 Jan 2015]
+
+ o Build fixes for the Windows and OpenVMS platforms
+
+ Major changes between OpenSSL 0.9.8zc and OpenSSL 0.9.8zd [8 Jan 2015]
+
+ o Fix for CVE-2014-3571
+ o Fix for CVE-2014-3569
+ o Fix for CVE-2014-3572
+ o Fix for CVE-2015-0204
+ o Fix for CVE-2014-8275
+ o Fix for CVE-2014-3570
+
+ Major changes between OpenSSL 0.9.8zb and OpenSSL 0.9.8zc [15 Oct 2014]:
+
+ o Fix for CVE-2014-3513
+ o Fix for CVE-2014-3567
+ o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+ o Fix for CVE-2014-3568
+
+ Major changes between OpenSSL 0.9.8za and OpenSSL 0.9.8zb [6 Aug 2014]:
+
+ o Fix for CVE-2014-3510
+ o Fix for CVE-2014-3507
+ o Fix for CVE-2014-3506
+ o Fix for CVE-2014-3505
+ o Fix for CVE-2014-3508
+
+ Known issues in OpenSSL 0.9.8za:
+
+ o Compilation failure of s3_pkt.c on some platforms due to missing
+ <limits.h> include. Fixed in 0.9.8zb-dev.
+ o FIPS capable link failure with missing symbol BN_consttime_swap.
+ Fixed in 0.9.8zb-dev. Workaround is to compile with no-ec: the EC
+ algorithms are not FIPS approved in OpenSSL 0.9.8 anyway.
+
+ Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]:
+
+ o Fix for CVE-2014-0224
+ o Fix for CVE-2014-0221
+ o Fix for CVE-2014-0195
+ o Fix for CVE-2014-3470
+ o Fix for CVE-2014-0076
+ o Fix for CVE-2010-5298
+ o Fix to TLS alert handling.
+
+ Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
+
+ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+ o Fix OCSP bad key DoS attack CVE-2013-0166
+
+ Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
+
+ o Fix DTLS record length checking bug CVE-2012-2333
+
+ Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
+
+ o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
+
+ Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
+
+ o Fix for ASN1 overflow bug CVE-2012-2110
+
+ Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
+
+ o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+ o Corrected fix for CVE-2011-4619
+ o Various DTLS fixes.
+
+ Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
+
+ o Fix for DTLS DoS issue CVE-2012-0050
+
+ Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
+
+ o Fix for DTLS plaintext recovery attack CVE-2011-4108
+ o Fix policy check double free error CVE-2011-4109
+ o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+ o Check for malformed RFC3779 data CVE-2011-4577
+
+ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
+
+ o Fix for security issue CVE-2011-0014
+
+ Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
+
+ o Fix for security issue CVE-2010-4180
+ o Fix for CVE-2010-4252
+
+ Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
+
+ o Fix for security issue CVE-2010-3864.
+
+ Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
+
+ o Fix for security issue CVE-2010-0742.
+ o Various DTLS fixes.
+ o Recognise SHA2 certificates if only SSL algorithms added.
+ o Fix for no-rc4 compilation.
+ o Chil ENGINE unload workaround.
+
+ Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
+
+ o CFB cipher definition fixes.
+ o Fix security issues CVE-2010-0740 and CVE-2010-0433.
+
+ Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
+
+ o Cipher definition fixes.
+ o Workaround for slow RAND_poll() on some WIN32 versions.
+ o Remove MD2 from algorithm tables.
+ o SPKAC handling fixes.
+ o Support for RFC5746 TLS renegotiation extension.
+ o Compression memory leak fixed.
+ o Compression session resumption fixed.
+ o Ticket and SNI coexistence fixes.
+ o Many fixes to DTLS handling.
+
+ Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
+
+ o Temporary work around for CVE-2009-3555: disable renegotiation.
+
+ Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
+
+ o Fix various build issues.
+ o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
+
+ Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
+
+ o Fix security issue (CVE-2008-5077)
+ o Merge FIPS 140-2 branch code.
+
+ Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
+
+ o CryptoAPI ENGINE support.
+ o Various precautionary measures.
+ o Fix for bugs affecting certificate request creation.
+ o Support for local machine keyset attribute in PKCS#12 files.
+
+ Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
+
+ o Backport of CMS functionality to 0.9.8.
+ o Fixes for bugs introduced with 0.9.8f.
+
+ Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
+
+ o Add gcc 4.2 support.
+ o Add support for AES and SSE2 assembly lanugauge optimization
+ for VC++ build.
+ o Support for RFC4507bis and server name extensions if explicitly
+ selected at compile time.
+ o DTLS improvements.
+ o RFC4507bis support.
+ o TLS Extensions support.
+
+ Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
+
+ o Various ciphersuite selection fixes.
+ o RFC3779 support.
+
+ Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
+
+ o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
+ o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+ o Changes to ciphersuite selection algorithm
+
+ Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
+
+ o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+ o New cipher Camellia
+
+ Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
+
+ o Cipher string fixes.
+ o Fixes for VC++ 2005.
+ o Updated ECC cipher suite support.
+ o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
+ o Zlib compression usage fixes.
+ o Built in dynamic engine compilation support on Win32.
+ o Fixes auto dynamic engine loading in Win32.
+
+ Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
+
+ o Fix potential SSL 2.0 rollback, CVE-2005-2969
+ o Extended Windows CE support
+
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
+
+ o Major work on the BIGNUM library for higher efficiency and to
+ make operations more streamlined and less contradictory. This
+ is the result of a major audit of the BIGNUM library.
+ o Addition of BIGNUM functions for fields GF(2^m) and NIST
+ curves, to support the Elliptic Crypto functions.
+ o Major work on Elliptic Crypto; ECDH and ECDSA added, including
+ the use through EVP, X509 and ENGINE.
+ o New ASN.1 mini-compiler that's usable through the OpenSSL
+ configuration file.
+ o Added support for ASN.1 indefinite length constructed encoding.
+ o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
+ o Complete rework of shared library construction and linking
+ programs with shared or static libraries, through a separate
+ Makefile.shared.
+ o Rework of the passing of parameters from one Makefile to another.
+ o Changed ENGINE framework to load dynamic engine modules
+ automatically from specifically given directories.
+ o New structure and ASN.1 functions for CertificatePair.
+ o Changed the ZLIB compression method to be stateful.
+ o Changed the key-generation and primality testing "progress"
+ mechanism to take a structure that contains the ticker
+ function and an argument.
+ o New engine module: GMP (performs private key exponentiation).
+ o New engine module: VIA PadLOck ACE extension in VIA C3
+ Nehemiah processors.
+ o Added support for IPv6 addresses in certificate extensions.
+ See RFC 1884, section 2.2.
+ o Added support for certificate policy mappings, policy
+ constraints and name constraints.
+ o Added support for multi-valued AVAs in the OpenSSL
+ configuration file.
+ o Added support for multiple certificates with the same subject
+ in the 'openssl ca' index file.
+ o Make it possible to create self-signed certificates using
+ 'openssl ca -selfsign'.
+ o Make it possible to generate a serial number file with
+ 'openssl ca -create_serial'.
+ o New binary search functions with extended functionality.
+ o New BUF functions.
+ o New STORE structure and library to provide an interface to all
+ sorts of data repositories. Supports storage of public and
+ private keys, certificates, CRLs, numbers and arbitrary blobs.
+ This library is unfortunately unfinished and unused withing
+ OpenSSL.
+ o New control functions for the error stack.
+ o Changed the PKCS#7 library to support one-pass S/MIME
+ processing.
+ o Added the possibility to compile without old deprecated
+ functionality with the OPENSSL_NO_DEPRECATED macro or the
+ 'no-deprecated' argument to the config and Configure scripts.
+ o Constification of all ASN.1 conversion functions, and other
+ affected functions.
+ o Improved platform support for PowerPC.
+ o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
+ o New X509_VERIFY_PARAM structure to support parametrisation
+ of X.509 path validation.
+ o Major overhaul of RC4 performance on Intel P4, IA-64 and
+ AMD64.
+ o Changed the Configure script to have some algorithms disabled
+ by default. Those can be explicitely enabled with the new
+ argument form 'enable-xxx'.
+ o Change the default digest in 'openssl' commands from MD5 to
+ SHA-1.
+ o Added support for DTLS.
+ o New BIGNUM blinding.
+ o Added support for the RSA-PSS encryption scheme
+ o Added support for the RSA X.931 padding.
+ o Added support for BSD sockets on NetWare.
+ o Added support for files larger than 2GB.
+ o Added initial support for Win64.
+ o Added alternate pkg-config files.
+
+ Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
+
+ o FIPS 1.1.1 module linking.
+ o Various ciphersuite selection fixes.
+
+ Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
+
+ o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
+ o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+
+ Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
+
+ o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+
+ Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
+
+ o Visual C++ 2005 fixes.
+ o Update Windows build system for FIPS.
+
+ Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
+
+ o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
+
+ Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
+
+ o Fix SSL 2.0 Rollback, CVE-2005-2969
+ o Allow use of fixed-length exponent on DSA signing
+ o Default fixed-window RSA, DSA, DH private-key operations
+
+ Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
+
+ o More compilation issues fixed.
+ o Adaptation to more modern Kerberos API.
+ o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
+ o Enhanced x86_64 assembler BIGNUM module.
+ o More constification.
+ o Added processing of proxy certificates (RFC 3820).
+
+ Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
+
+ o Several compilation issues fixed.
+ o Many memory allocation failure checks added.
+ o Improved comparison of X509 Name type.
+ o Mandatory basic checks on certificates.
+ o Performance improvements.
+
+ Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
+
+ o Fix race condition in CRL checking code.
+ o Fixes to PKCS#7 (S/MIME) code.
+
+ Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
+
+ o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
+ o Security: Fix null-pointer assignment in do_change_cipher_spec()
+ o Allow multiple active certificates with same subject in CA index
+ o Multiple X509 verification fixes
+ o Speed up HMAC and other operations
+
+ Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
+
+ o Security: fix various ASN1 parsing bugs.
+ o New -ignore_err option to OCSP utility.
+ o Various interop and bug fixes in S/MIME code.
+ o SSL/TLS protocol fix for unrequested client certificates.
+
+ Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
+
+ o Security: counter the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack
+ o Security: make RSA blinding default.
+ o Configuration: Irix fixes, AIX fixes, better mingw support.
+ o Support for new platforms: linux-ia64-ecc.
+ o Build: shared library support fixes.
+ o ASN.1: treat domainComponent correctly.
+ o Documentation: fixes and additions.
+
+ Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
+
+ o Security: Important security related bugfixes.
+ o Enhanced compatibility with MIT Kerberos.
+ o Can be built without the ENGINE framework.
+ o IA32 assembler enhancements.
+ o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
+ o Configuration: the no-err option now works properly.
+ o SSL/TLS: now handles manual certificate chain building.
+ o SSL/TLS: certain session ID malfunctions corrected.
+
+ Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
+
+ o New library section OCSP.
+ o Complete rewrite of ASN1 code.
+ o CRL checking in verify code and openssl utility.
+ o Extension copying in 'ca' utility.
+ o Flexible display options in 'ca' utility.
+ o Provisional support for international characters with UTF8.
+ o Support for external crypto devices ('engine') is no longer
+ a separate distribution.
+ o New elliptic curve library section.
+ o New AES (Rijndael) library section.
+ o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
+ Linux x86_64, Linux 64-bit on Sparc v9
+ o Extended support for some platforms: VxWorks
+ o Enhanced support for shared libraries.
+ o Now only builds PIC code when shared library support is requested.
+ o Support for pkg-config.
+ o Lots of new manuals.
+ o Makes symbolic links to or copies of manuals to cover all described
+ functions.
+ o Change DES API to clean up the namespace (some applications link also
+ against libdes providing similar functions having the same name).
+ Provide macros for backward compatibility (will be removed in the
+ future).
+ o Unify handling of cryptographic algorithms (software and engine)
+ to be available via EVP routines for asymmetric and symmetric ciphers.
+ o NCONF: new configuration handling routines.
+ o Change API to use more 'const' modifiers to improve error checking
+ and help optimizers.
+ o Finally remove references to RSAref.
+ o Reworked parts of the BIGNUM code.
+ o Support for new engines: Broadcom ubsec, Accelerated Encryption
+ Processing, IBM 4758.
+ o A few new engines added in the demos area.
+ o Extended and corrected OID (object identifier) table.
+ o PRNG: query at more locations for a random device, automatic query for
+ EGD style random sources at several locations.
+ o SSL/TLS: allow optional cipher choice according to server's preference.
+ o SSL/TLS: allow server to explicitly set new session ids.
+ o SSL/TLS: support Kerberos cipher suites (RFC2712).
+ Only supports MIT Kerberos for now.
+ o SSL/TLS: allow more precise control of renegotiations and sessions.
+ o SSL/TLS: add callback to retrieve SSL/TLS messages.
+ o SSL/TLS: support AES cipher suites (RFC3268).
+
+ Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
+
+ o Security: fix various ASN1 parsing bugs.
+ o SSL/TLS protocol fix for unrequested client certificates.
+
+ Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
+
+ o Security: counter the Klima-Pokorny-Rosa extension of
+ Bleichbacher's attack
+ o Security: make RSA blinding default.
+ o Build: shared library support fixes.
+
+ Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
+
+ o Important security related bugfixes.
+
+ Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
+
+ o New configuration targets for Tandem OSS and A/UX.
+ o New OIDs for Microsoft attributes.
+ o Better handling of SSL session caching.
+ o Better comparison of distinguished names.
+ o Better handling of shared libraries in a mixed GNU/non-GNU environment.
+ o Support assembler code with Borland C.
+ o Fixes for length problems.
+ o Fixes for uninitialised variables.
+ o Fixes for memory leaks, some unusual crashes and some race conditions.
+ o Fixes for smaller building problems.
+ o Updates of manuals, FAQ and other instructive documents.
+
+ Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
+
+ o Important building fixes on Unix.
+
+ Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
+
+ o Various important bugfixes.
+
+ Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
+
+ o Important security related bugfixes.
+ o Various SSL/TLS library bugfixes.
+
+ Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
+
+ o Various SSL/TLS library bugfixes.
+ o Fix DH parameter generation for 'non-standard' generators.
+
+ Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
+
+ o Various SSL/TLS library bugfixes.
+ o BIGNUM library fixes.
+ o RSA OAEP and random number generation fixes.
+ o Object identifiers corrected and added.
+ o Add assembler BN routines for IA64.
+ o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
+ MIPS Linux; shared library support for Irix, HP-UX.
+ o Add crypto accelerator support for AEP, Baltimore SureWare,
+ Broadcom and Cryptographic Appliance's keyserver
+ [in 0.9.6c-engine release].
+
+ Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
+
+ o Security fix: PRNG improvements.
+ o Security fix: RSA OAEP check.
+ o Security fix: Reinsert and fix countermeasure to Bleichbacher's
+ attack.
+ o MIPS bug fix in BIGNUM.
+ o Bug fix in "openssl enc".
+ o Bug fix in X.509 printing routine.
+ o Bug fix in DSA verification routine and DSA S/MIME verification.
+ o Bug fix to make PRNG thread-safe.
+ o Bug fix in RAND_file_name().
+ o Bug fix in compatibility mode trust settings.
+ o Bug fix in blowfish EVP.
+ o Increase default size for BIO buffering filter.
+ o Compatibility fixes in some scripts.
+
+ Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
+
+ o Security fix: change behavior of OpenSSL to avoid using
+ environment variables when running as root.
+ o Security fix: check the result of RSA-CRT to reduce the
+ possibility of deducing the private key from an incorrectly
+ calculated signature.
+ o Security fix: prevent Bleichenbacher's DSA attack.
+ o Security fix: Zero the premaster secret after deriving the
+ master secret in DH ciphersuites.
+ o Reimplement SSL_peek(), which had various problems.
+ o Compatibility fix: the function des_encrypt() renamed to
+ des_encrypt1() to avoid clashes with some Unixen libc.
+ o Bug fixes for Win32, HP/UX and Irix.
+ o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+ memory checking routines.
+ o Bug fixes for RSA operations in threaded environments.
+ o Bug fixes in misc. openssl applications.
+ o Remove a few potential memory leaks.
+ o Add tighter checks of BIGNUM routines.
+ o Shared library support has been reworked for generality.
+ o More documentation.
+ o New function BN_rand_range().
+ o Add "-rand" option to openssl s_client and s_server.
+
+ Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
+
+ o Some documentation for BIO and SSL libraries.
+ o Enhanced chain verification using key identifiers.
+ o New sign and verify options to 'dgst' application.
+ o Support for DER and PEM encoded messages in 'smime' application.
+ o New 'rsautl' application, low level RSA utility.
+ o MD4 now included.
+ o Bugfix for SSL rollback padding check.
+ o Support for external crypto devices [1].
+ o Enhanced EVP interface.
+
+ [1] The support for external crypto devices is currently a separate
+ distribution. See the file README.ENGINE.
+
+ Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
+
+ o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
+ o Shared library support for HPUX and Solaris-gcc
+ o Support of Linux/IA64
+ o Assembler support for Mingw32
+ o New 'rand' application
+ o New way to check for existence of algorithms from scripts
+
+ Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
+
+ o S/MIME support in new 'smime' command
+ o Documentation for the OpenSSL command line application
+ o Automation of 'req' application
+ o Fixes to make s_client, s_server work under Windows
+ o Support for multiple fieldnames in SPKACs
+ o New SPKAC command line utilty and associated library functions
+ o Options to allow passwords to be obtained from various sources
+ o New public key PEM format and options to handle it
+ o Many other fixes and enhancements to command line utilities
+ o Usable certificate chain verification
+ o Certificate purpose checking
+ o Certificate trust settings
+ o Support of authority information access extension
+ o Extensions in certificate requests
+ o Simplified X509 name and attribute routines
+ o Initial (incomplete) support for international character sets
+ o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
+ o Read only memory BIOs and simplified creation function
+ o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
+ record; allow fragmentation and interleaving of handshake and other
+ data
+ o TLS/SSL code now "tolerates" MS SGC
+ o Work around for Netscape client certificate hang bug
+ o RSA_NULL option that removes RSA patent code but keeps other
+ RSA functionality
+ o Memory leak detection now allows applications to add extra information
+ via a per-thread stack
+ o PRNG robustness improved
+ o EGD support
+ o BIGNUM library bug fixes
+ o Faster DSA parameter generation
+ o Enhanced support for Alpha Linux
+ o Experimental MacOS support
+
+ Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
+
+ o Transparent support for PKCS#8 format private keys: these are used
+ by several software packages and are more secure than the standard
+ form
+ o PKCS#5 v2.0 implementation
+ o Password callbacks have a new void * argument for application data
+ o Avoid various memory leaks
+ o New pipe-like BIO that allows using the SSL library when actual I/O
+ must be handled by the application (BIO pair)
+
+ Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
+ o Lots of enhancements and cleanups to the Configuration mechanism
+ o RSA OEAP related fixes
+ o Added `openssl ca -revoke' option for revoking a certificate
+ o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
+ o Source tree cleanups: removed lots of obsolete files
+ o Thawte SXNet, certificate policies and CRL distribution points
+ extension support
+ o Preliminary (experimental) S/MIME support
+ o Support for ASN.1 UTF8String and VisibleString
+ o Full integration of PKCS#12 code
+ o Sparc assembler bignum implementation, optimized hash functions
+ o Option to disable selected ciphers
+
+ Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
+ o Fixed a security hole related to session resumption
+ o Fixed RSA encryption routines for the p < q case
+ o "ALL" in cipher lists now means "everything except NULL ciphers"
+ o Support for Triple-DES CBCM cipher
+ o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
+ o First support for new TLSv1 ciphers
+ o Added a few new BIOs (syslog BIO, reliable BIO)
+ o Extended support for DSA certificate/keys.
+ o Extended support for Certificate Signing Requests (CSR)
+ o Initial support for X.509v3 extensions
+ o Extended support for compression inside the SSL record layer
+ o Overhauled Win32 builds
+ o Cleanups and fixes to the Big Number (BN) library
+ o Support for ASN.1 GeneralizedTime
+ o Splitted ASN.1 SETs from SEQUENCEs
+ o ASN1 and PEM support for Netscape Certificate Sequences
+ o Overhauled Perl interface
+ o Lots of source tree cleanups.
+ o Lots of memory leak fixes.
+ o Lots of bug fixes.
+
+ Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
+ o Integration of the popular NO_RSA/NO_DSA patches
+ o Initial support for compression inside the SSL record layer
+ o Added BIO proxy and filtering functionality
+ o Extended Big Number (BN) library
+ o Added RIPE MD160 message digest
+ o Addeed support for RC2/64bit cipher
+ o Extended ASN.1 parser routines
+ o Adjustations of the source tree for CVS
+ o Support for various new platforms
+
Deleted: vendor-crypto/openssl/0.9.8zf/README
===================================================================
--- vendor-crypto/openssl/dist/README 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/README 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,218 +0,0 @@
-
- OpenSSL 0.9.8zc 15 Oct 2014
-
- Copyright (c) 1998-2011 The OpenSSL Project
- Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
- All rights reserved.
-
- DESCRIPTION
- -----------
-
- The OpenSSL Project is a collaborative effort to develop a robust,
- commercial-grade, fully featured, and Open Source toolkit implementing the
- Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
- protocols as well as a full-strength general purpose cryptography library.
- The project is managed by a worldwide community of volunteers that use the
- Internet to communicate, plan, and develop the OpenSSL toolkit and its
- related documentation.
-
- OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
- and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
- OpenSSL license plus the SSLeay license) situation, which basically means
- that you are free to get and use it for commercial and non-commercial
- purposes as long as you fulfill the conditions of both licenses.
-
- OVERVIEW
- --------
-
- The OpenSSL toolkit includes:
-
- libssl.a:
- Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
- both SSLv2, SSLv3 and TLSv1 in the one server and client.
-
- libcrypto.a:
- General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
- actually logically part of it. It includes routines for the following:
-
- Ciphers
- libdes - EAY's libdes DES encryption package which was floating
- around the net for a few years, and was then relicensed by
- him as part of SSLeay. It includes 15 'modes/variations'
- of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
- pcbc and a more general form of cfb and ofb) including desx
- in cbc mode, a fast crypt(3), and routines to read
- passwords from the keyboard.
- RC4 encryption,
- RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
- Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
- IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
-
- Digests
- MD5 and MD2 message digest algorithms, fast implementations,
- SHA (SHA-0) and SHA-1 message digest algorithms,
- MDC2 message digest. A DES based hash that is popular on smart cards.
-
- Public Key
- RSA encryption/decryption/generation.
- There is no limit on the number of bits.
- DSA encryption/decryption/generation.
- There is no limit on the number of bits.
- Diffie-Hellman key-exchange/key generation.
- There is no limit on the number of bits.
-
- X.509v3 certificates
- X509 encoding/decoding into/from binary ASN1 and a PEM
- based ASCII-binary encoding which supports encryption with a
- private key. Program to generate RSA and DSA certificate
- requests and to generate RSA and DSA certificates.
-
- Systems
- The normal digital envelope routines and base64 encoding. Higher
- level access to ciphers and digests by name. New ciphers can be
- loaded at run time. The BIO io system which is a simple non-blocking
- IO abstraction. Current methods supported are file descriptors,
- sockets, socket accept, socket connect, memory buffer, buffering, SSL
- client/server, file pointer, encryption, digest, non-blocking testing
- and null.
-
- Data structures
- A dynamically growing hashing system
- A simple stack.
- A Configuration loader that uses a format similar to MS .ini files.
-
- openssl:
- A command line tool that can be used for:
- Creation of RSA, DH and DSA key parameters
- Creation of X.509 certificates, CSRs and CRLs
- Calculation of Message Digests
- Encryption and Decryption with Ciphers
- SSL/TLS Client and Server Tests
- Handling of S/MIME signed or encrypted mail
-
-
- PATENTS
- -------
-
- Various companies hold various patents for various algorithms in various
- locations around the world. _YOU_ are responsible for ensuring that your use
- of any algorithms is legal by checking if there are any patents in your
- country. The file contains some of the patents that we know about or are
- rumored to exist. This is not a definitive list.
-
- RSA Security holds software patents on the RC5 algorithm. If you
- intend to use this cipher, you must contact RSA Security for
- licensing conditions. Their web page is http://www.rsasecurity.com/.
-
- RC4 is a trademark of RSA Security, so use of this label should perhaps
- only be used with RSA Security's permission.
-
- The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
- Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
- should be contacted if that algorithm is to be used; their web page is
- http://www.ascom.ch/.
-
- NTT and Mitsubishi have patents and pending patents on the Camellia
- algorithm, but allow use at no charge without requiring an explicit
- licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
-
- INSTALLATION
- ------------
-
- To install this package under a Unix derivative, read the INSTALL file. For
- a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
- INSTALL.VMS.
-
- Read the documentation in the doc/ directory. It is quite rough, but it
- lists the functions; you will probably have to look at the code to work out
- how to use them. Look at the example programs.
-
- PROBLEMS
- --------
-
- For some platforms, there are some known problems that may affect the user
- or application author. We try to collect those in doc/PROBLEMS, with current
- thoughts on how they should be solved in a future of OpenSSL.
-
- SUPPORT
- -------
-
- See the OpenSSL website www.openssl.org for details of how to obtain
- commercial technical support.
-
- If you have any problems with OpenSSL then please take the following steps
- first:
-
- - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
- to see if the problem has already been addressed
- - Remove ASM versions of libraries
- - Remove compiler optimisation flags
-
- If you wish to report a bug then please include the following information in
- any bug report:
-
- - On Unix systems:
- Self-test report generated by 'make report'
- - On other systems:
- OpenSSL version: output of 'openssl version -a'
- OS Name, Version, Hardware platform
- Compiler Details (name, version)
- - Application Details (name, version)
- - Problem Description (steps that will reproduce the problem, if known)
- - Stack Traceback (if the application dumps core)
-
- Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/support/rt.html) by mail to:
-
- openssl-bugs at openssl.org
-
- Note that the request tracker should NOT be used for general assistance
- or support queries. Just because something doesn't work the way you expect
- does not mean it is necessarily a bug in OpenSSL.
-
- Note that mail to openssl-bugs at openssl.org is recorded in the publicly
- readable request tracker database and is forwarded to a public
- mailing list. Confidential mail may be sent to openssl-security at openssl.org
- (PGP key available from the key servers).
-
- HOW TO CONTRIBUTE TO OpenSSL
- ----------------------------
-
- Development is coordinated on the openssl-dev mailing list (see
- http://www.openssl.org for information on subscribing). If you
- would like to submit a patch, send it to openssl-bugs at openssl.org with
- the string "[PATCH]" in the subject. Please be sure to include a
- textual explanation of what your patch does.
-
- If you are unsure as to whether a feature will be useful for the general
- OpenSSL community please discuss it on the openssl-dev mailing list first.
- Someone may be already working on the same thing or there may be a good
- reason as to why that feature isn't implemented.
-
- Patches should be as up to date as possible, preferably relative to the
- current Git or the last snapshot. They should follow the coding style of
- OpenSSL and compile without warnings. Some of the core team developer targets
- can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
- compiles on many varied platforms: try to ensure you only use portable
- features.
-
- Note: For legal reasons, contributions from the US can be accepted only
- if a TSU notification and a copy of the patch are sent to crypt at bis.doc.gov
- (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
- please take some time to look at
- http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
- and
- http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
- for the details. If "your encryption source code is too large to serve as
- an email attachment", they are glad to receive it by fax instead; hope you
- have a cheap long-distance plan.
-
- Our preferred format for changes is "diff -u" output. You might
- generate it like this:
-
- # cd openssl-work
- # [your changes]
- # ./Configure dist; make clean
- # cd ..
- # diff -ur openssl-orig openssl-work > mydiffs.patch
-
Copied: vendor-crypto/openssl/0.9.8zf/README (from rev 6976, vendor-crypto/openssl/dist/README)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/README (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/README 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,218 @@
+
+ OpenSSL 0.9.8zf 19 Mar 2015
+
+ Copyright (c) 1998-2011 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+ DESCRIPTION
+ -----------
+
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+ protocols as well as a full-strength general purpose cryptography library.
+ The project is managed by a worldwide community of volunteers that use the
+ Internet to communicate, plan, and develop the OpenSSL toolkit and its
+ related documentation.
+
+ OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
+ and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license) situation, which basically means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fulfill the conditions of both licenses.
+
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
+
+ libssl.a:
+ Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
+ both SSLv2, SSLv3 and TLSv1 in the one server and client.
+
+ libcrypto.a:
+ General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
+ actually logically part of it. It includes routines for the following:
+
+ Ciphers
+ libdes - EAY's libdes DES encryption package which was floating
+ around the net for a few years, and was then relicensed by
+ him as part of SSLeay. It includes 15 'modes/variations'
+ of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
+ pcbc and a more general form of cfb and ofb) including desx
+ in cbc mode, a fast crypt(3), and routines to read
+ passwords from the keyboard.
+ RC4 encryption,
+ RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
+ Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
+ IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
+
+ Digests
+ MD5 and MD2 message digest algorithms, fast implementations,
+ SHA (SHA-0) and SHA-1 message digest algorithms,
+ MDC2 message digest. A DES based hash that is popular on smart cards.
+
+ Public Key
+ RSA encryption/decryption/generation.
+ There is no limit on the number of bits.
+ DSA encryption/decryption/generation.
+ There is no limit on the number of bits.
+ Diffie-Hellman key-exchange/key generation.
+ There is no limit on the number of bits.
+
+ X.509v3 certificates
+ X509 encoding/decoding into/from binary ASN1 and a PEM
+ based ASCII-binary encoding which supports encryption with a
+ private key. Program to generate RSA and DSA certificate
+ requests and to generate RSA and DSA certificates.
+
+ Systems
+ The normal digital envelope routines and base64 encoding. Higher
+ level access to ciphers and digests by name. New ciphers can be
+ loaded at run time. The BIO io system which is a simple non-blocking
+ IO abstraction. Current methods supported are file descriptors,
+ sockets, socket accept, socket connect, memory buffer, buffering, SSL
+ client/server, file pointer, encryption, digest, non-blocking testing
+ and null.
+
+ Data structures
+ A dynamically growing hashing system
+ A simple stack.
+ A Configuration loader that uses a format similar to MS .ini files.
+
+ openssl:
+ A command line tool that can be used for:
+ Creation of RSA, DH and DSA key parameters
+ Creation of X.509 certificates, CSRs and CRLs
+ Calculation of Message Digests
+ Encryption and Decryption with Ciphers
+ SSL/TLS Client and Server Tests
+ Handling of S/MIME signed or encrypted mail
+
+
+ PATENTS
+ -------
+
+ Various companies hold various patents for various algorithms in various
+ locations around the world. _YOU_ are responsible for ensuring that your use
+ of any algorithms is legal by checking if there are any patents in your
+ country. The file contains some of the patents that we know about or are
+ rumored to exist. This is not a definitive list.
+
+ RSA Security holds software patents on the RC5 algorithm. If you
+ intend to use this cipher, you must contact RSA Security for
+ licensing conditions. Their web page is http://www.rsasecurity.com/.
+
+ RC4 is a trademark of RSA Security, so use of this label should perhaps
+ only be used with RSA Security's permission.
+
+ The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+ Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
+ should be contacted if that algorithm is to be used; their web page is
+ http://www.ascom.ch/.
+
+ NTT and Mitsubishi have patents and pending patents on the Camellia
+ algorithm, but allow use at no charge without requiring an explicit
+ licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+
+ INSTALLATION
+ ------------
+
+ To install this package under a Unix derivative, read the INSTALL file. For
+ a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
+ INSTALL.VMS.
+
+ Read the documentation in the doc/ directory. It is quite rough, but it
+ lists the functions; you will probably have to look at the code to work out
+ how to use them. Look at the example programs.
+
+ PROBLEMS
+ --------
+
+ For some platforms, there are some known problems that may affect the user
+ or application author. We try to collect those in doc/PROBLEMS, with current
+ thoughts on how they should be solved in a future of OpenSSL.
+
+ SUPPORT
+ -------
+
+ See the OpenSSL website www.openssl.org for details of how to obtain
+ commercial technical support.
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+ - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
+ to see if the problem has already been addressed
+ - Remove ASM versions of libraries
+ - Remove compiler optimisation flags
+
+ If you wish to report a bug then please include the following information in
+ any bug report:
+
+ - On Unix systems:
+ Self-test report generated by 'make report'
+ - On other systems:
+ OpenSSL version: output of 'openssl version -a'
+ OS Name, Version, Hardware platform
+ Compiler Details (name, version)
+ - Application Details (name, version)
+ - Problem Description (steps that will reproduce the problem, if known)
+ - Stack Traceback (if the application dumps core)
+
+ Report the bug to the OpenSSL project via the Request Tracker
+ (http://www.openssl.org/support/rt.html) by mail to:
+
+ openssl-bugs at openssl.org
+
+ Note that the request tracker should NOT be used for general assistance
+ or support queries. Just because something doesn't work the way you expect
+ does not mean it is necessarily a bug in OpenSSL.
+
+ Note that mail to openssl-bugs at openssl.org is recorded in the publicly
+ readable request tracker database and is forwarded to a public
+ mailing list. Confidential mail may be sent to openssl-security at openssl.org
+ (PGP key available from the key servers).
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-bugs at openssl.org with
+ the string "[PATCH]" in the subject. Please be sure to include a
+ textual explanation of what your patch does.
+
+ If you are unsure as to whether a feature will be useful for the general
+ OpenSSL community please discuss it on the openssl-dev mailing list first.
+ Someone may be already working on the same thing or there may be a good
+ reason as to why that feature isn't implemented.
+
+ Patches should be as up to date as possible, preferably relative to the
+ current Git or the last snapshot. They should follow the coding style of
+ OpenSSL and compile without warnings. Some of the core team developer targets
+ can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
+ compiles on many varied platforms: try to ensure you only use portable
+ features.
+
+ Note: For legal reasons, contributions from the US can be accepted only
+ if a TSU notification and a copy of the patch are sent to crypt at bis.doc.gov
+ (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
+ please take some time to look at
+ http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
+ and
+ http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
+ for the details. If "your encryption source code is too large to serve as
+ an email attachment", they are glad to receive it by fax instead; hope you
+ have a cheap long-distance plan.
+
+ Our preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -ur openssl-orig openssl-work > mydiffs.patch
+
Deleted: vendor-crypto/openssl/0.9.8zf/apps/app_rand.c
===================================================================
--- vendor-crypto/openssl/dist/apps/app_rand.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/app_rand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,218 +0,0 @@
-/* apps/app_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-
-
-static int seeded = 0;
-static int egdsocket = 0;
-
-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
- {
- int consider_randfile = (file == NULL);
- char buffer[200];
-
-#ifdef OPENSSL_SYS_WINDOWS
- BIO_printf(bio_e,"Loading 'screen' into random state -");
- BIO_flush(bio_e);
- RAND_screen();
- BIO_printf(bio_e," done\n");
-#endif
-
- if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
- else if (RAND_egd(file) > 0)
- {
- /* we try if the given filename is an EGD socket.
- if it is, we don't write anything back to the file. */
- egdsocket = 1;
- return 1;
- }
- if (file == NULL || !RAND_load_file(file, -1))
- {
- if (RAND_status() == 0)
- {
- if (!dont_warn)
- {
- BIO_printf(bio_e,"unable to load 'random state'\n");
- BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
- BIO_printf(bio_e,"with much random data.\n");
- if (consider_randfile) /* explanation does not apply when a file is explicitly named */
- {
- BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
- BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
- }
- }
- return 0;
- }
- }
- seeded = 1;
- return 1;
- }
-
-long app_RAND_load_files(char *name)
- {
- char *p,*n;
- int last;
- long tot=0;
- int egd;
-
- for (;;)
- {
- last=0;
- for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
- if (*p == '\0') last=1;
- *p='\0';
- n=name;
- name=p+1;
- if (*n == '\0') break;
-
- egd=RAND_egd(n);
- if (egd > 0)
- tot+=egd;
- else
- tot+=RAND_load_file(n,-1);
- if (last) break;
- }
- if (tot > 512)
- app_RAND_allow_write_file();
- return(tot);
- }
-
-int app_RAND_write_file(const char *file, BIO *bio_e)
- {
- char buffer[200];
-
- if (egdsocket || !seeded)
- /* If we did not manage to read the seed file,
- * we should not write a low-entropy seed file back --
- * it would suppress a crucial warning the next time
- * we want to use it. */
- return 0;
-
- if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
- if (file == NULL || !RAND_write_file(file))
- {
- BIO_printf(bio_e,"unable to write 'random state'\n");
- return 0;
- }
- return 1;
- }
-
-void app_RAND_allow_write_file(void)
- {
- seeded = 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/app_rand.c (from rev 6976, vendor-crypto/openssl/dist/apps/app_rand.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/app_rand.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/app_rand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,220 @@
+/* apps/app_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+
+static int seeded = 0;
+static int egdsocket = 0;
+
+int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
+{
+ int consider_randfile = (file == NULL);
+ char buffer[200];
+
+#ifdef OPENSSL_SYS_WINDOWS
+ BIO_printf(bio_e, "Loading 'screen' into random state -");
+ BIO_flush(bio_e);
+ RAND_screen();
+ BIO_printf(bio_e, " done\n");
+#endif
+
+ if (file == NULL)
+ file = RAND_file_name(buffer, sizeof buffer);
+ else if (RAND_egd(file) > 0) {
+ /*
+ * we try if the given filename is an EGD socket. if it is, we don't
+ * write anything back to the file.
+ */
+ egdsocket = 1;
+ return 1;
+ }
+ if (file == NULL || !RAND_load_file(file, -1)) {
+ if (RAND_status() == 0) {
+ if (!dont_warn) {
+ BIO_printf(bio_e, "unable to load 'random state'\n");
+ BIO_printf(bio_e,
+ "This means that the random number generator has not been seeded\n");
+ BIO_printf(bio_e, "with much random data.\n");
+ if (consider_randfile) { /* explanation does not apply when a
+ * file is explicitly named */
+ BIO_printf(bio_e,
+ "Consider setting the RANDFILE environment variable to point at a file that\n");
+ BIO_printf(bio_e,
+ "'random' data can be kept in (the file will be overwritten).\n");
+ }
+ }
+ return 0;
+ }
+ }
+ seeded = 1;
+ return 1;
+}
+
+long app_RAND_load_files(char *name)
+{
+ char *p, *n;
+ int last;
+ long tot = 0;
+ int egd;
+
+ for (;;) {
+ last = 0;
+ for (p = name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++) ;
+ if (*p == '\0')
+ last = 1;
+ *p = '\0';
+ n = name;
+ name = p + 1;
+ if (*n == '\0')
+ break;
+
+ egd = RAND_egd(n);
+ if (egd > 0)
+ tot += egd;
+ else
+ tot += RAND_load_file(n, -1);
+ if (last)
+ break;
+ }
+ if (tot > 512)
+ app_RAND_allow_write_file();
+ return (tot);
+}
+
+int app_RAND_write_file(const char *file, BIO *bio_e)
+{
+ char buffer[200];
+
+ if (egdsocket || !seeded)
+ /*
+ * If we did not manage to read the seed file, we should not write a
+ * low-entropy seed file back -- it would suppress a crucial warning
+ * the next time we want to use it.
+ */
+ return 0;
+
+ if (file == NULL)
+ file = RAND_file_name(buffer, sizeof buffer);
+ if (file == NULL || !RAND_write_file(file)) {
+ BIO_printf(bio_e, "unable to write 'random state'\n");
+ return 0;
+ }
+ return 1;
+}
+
+void app_RAND_allow_write_file(void)
+{
+ seeded = 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/apps.c
===================================================================
--- vendor-crypto/openssl/dist/apps/apps.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/apps.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2587 +0,0 @@
-/* apps/apps.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <ctype.h>
-#include <assert.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-#include <openssl/ui.h>
-#include <openssl/safestack.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_JPAKE
-#include <openssl/jpake.h>
-#endif
-
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
-
-typedef struct {
- const char *name;
- unsigned long flag;
- unsigned long mask;
-} NAME_EX_TBL;
-
-static UI_METHOD *ui_method = NULL;
-
-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
-static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
-
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-/* Looks like this stuff is worth moving into separate function */
-static EVP_PKEY *
-load_netscape_key(BIO *err, BIO *key, const char *file,
- const char *key_descrip, int format);
-#endif
-
-int app_init(long mesgwin);
-#ifdef undef /* never finished - probably never will be :-) */
-int args_from_file(char *file, int *argc, char **argv[])
- {
- FILE *fp;
- int num,i;
- unsigned int len;
- static char *buf=NULL;
- static char **arg=NULL;
- char *p;
- struct stat stbuf;
-
- if (stat(file,&stbuf) < 0) return(0);
-
- fp=fopen(file,"r");
- if (fp == NULL)
- return(0);
-
- *argc=0;
- *argv=NULL;
-
- len=(unsigned int)stbuf.st_size;
- if (buf != NULL) OPENSSL_free(buf);
- buf=(char *)OPENSSL_malloc(len+1);
- if (buf == NULL) return(0);
-
- len=fread(buf,1,len,fp);
- if (len <= 1) return(0);
- buf[len]='\0';
-
- i=0;
- for (p=buf; *p; p++)
- if (*p == '\n') i++;
- if (arg != NULL) OPENSSL_free(arg);
- arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
-
- *argv=arg;
- num=0;
- p=buf;
- for (;;)
- {
- if (!*p) break;
- if (*p == '#') /* comment line */
- {
- while (*p && (*p != '\n')) p++;
- continue;
- }
- /* else we have a line */
- *(arg++)=p;
- num++;
- while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
- p++;
- if (!*p) break;
- if (*p == '\n')
- {
- *(p++)='\0';
- continue;
- }
- /* else it is a tab or space */
- p++;
- while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
- p++;
- if (!*p) break;
- if (*p == '\n')
- {
- p++;
- continue;
- }
- *(arg++)=p++;
- num++;
- while (*p && (*p != '\n')) p++;
- if (!*p) break;
- /* else *p == '\n' */
- *(p++)='\0';
- }
- *argc=num;
- return(1);
- }
-#endif
-
-int str2fmt(char *s)
- {
- if ((*s == 'D') || (*s == 'd'))
- return(FORMAT_ASN1);
- else if ((*s == 'T') || (*s == 't'))
- return(FORMAT_TEXT);
- else if ((*s == 'P') || (*s == 'p'))
- return(FORMAT_PEM);
- else if ((*s == 'N') || (*s == 'n'))
- return(FORMAT_NETSCAPE);
- else if ((*s == 'S') || (*s == 's'))
- return(FORMAT_SMIME);
- else if ((*s == '1')
- || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
- || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
- return(FORMAT_PKCS12);
- else if ((*s == 'E') || (*s == 'e'))
- return(FORMAT_ENGINE);
- else
- return(FORMAT_UNDEF);
- }
-
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
-void program_name(char *in, char *out, int size)
- {
- int i,n;
- char *p=NULL;
-
- n=strlen(in);
- /* find the last '/', '\' or ':' */
- for (i=n-1; i>0; i--)
- {
- if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
- {
- p= &(in[i+1]);
- break;
- }
- }
- if (p == NULL)
- p=in;
- n=strlen(p);
-
-#if defined(OPENSSL_SYS_NETWARE)
- /* strip off trailing .nlm if present. */
- if ((n > 4) && (p[n-4] == '.') &&
- ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
- ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
- ((p[n-1] == 'm') || (p[n-1] == 'M')))
- n-=4;
-#else
- /* strip off trailing .exe if present. */
- if ((n > 4) && (p[n-4] == '.') &&
- ((p[n-3] == 'e') || (p[n-3] == 'E')) &&
- ((p[n-2] == 'x') || (p[n-2] == 'X')) &&
- ((p[n-1] == 'e') || (p[n-1] == 'E')))
- n-=4;
-#endif
-
- if (n > size-1)
- n=size-1;
-
- for (i=0; i<n; i++)
- {
- if ((p[i] >= 'A') && (p[i] <= 'Z'))
- out[i]=p[i]-'A'+'a';
- else
- out[i]=p[i];
- }
- out[n]='\0';
- }
-#else
-#ifdef OPENSSL_SYS_VMS
-void program_name(char *in, char *out, int size)
- {
- char *p=in, *q;
- char *chars=":]>";
-
- while(*chars != '\0')
- {
- q=strrchr(p,*chars);
- if (q > p)
- p = q + 1;
- chars++;
- }
-
- q=strrchr(p,'.');
- if (q == NULL)
- q = p + strlen(p);
- strncpy(out,p,size-1);
- if (q-p >= size)
- {
- out[size-1]='\0';
- }
- else
- {
- out[q-p]='\0';
- }
- }
-#else
-void program_name(char *in, char *out, int size)
- {
- char *p;
-
- p=strrchr(in,'/');
- if (p != NULL)
- p++;
- else
- p=in;
- BUF_strlcpy(out,p,size);
- }
-#endif
-#endif
-
-int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
- {
- int num,i;
- char *p;
-
- *argc=0;
- *argv=NULL;
-
- i=0;
- if (arg->count == 0)
- {
- arg->count=20;
- arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
- if (arg->data == NULL)
- return 0;
- }
- for (i=0; i<arg->count; i++)
- arg->data[i]=NULL;
-
- num=0;
- p=buf;
- for (;;)
- {
- /* first scan over white space */
- if (!*p) break;
- while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
- p++;
- if (!*p) break;
-
- /* The start of something good :-) */
- if (num >= arg->count)
- {
- char **tmp_p;
- int tlen = arg->count + 20;
- tmp_p = (char **)OPENSSL_realloc(arg->data,
- sizeof(char *)*tlen);
- if (tmp_p == NULL)
- return 0;
- arg->data = tmp_p;
- arg->count = tlen;
- /* initialize newly allocated data */
- for (i = num; i < arg->count; i++)
- arg->data[i] = NULL;
- }
- arg->data[num++]=p;
-
- /* now look for the end of this */
- if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
- {
- i= *(p++);
- arg->data[num-1]++; /* jump over quote */
- while (*p && (*p != i))
- p++;
- *p='\0';
- }
- else
- {
- while (*p && ((*p != ' ') &&
- (*p != '\t') && (*p != '\n')))
- p++;
-
- if (*p == '\0')
- p--;
- else
- *p='\0';
- }
- p++;
- }
- *argc=num;
- *argv=arg->data;
- return(1);
- }
-
-#ifndef APP_INIT
-int app_init(long mesgwin)
- {
- return(1);
- }
-#endif
-
-
-int dump_cert_text (BIO *out, X509 *x)
-{
- char *p;
-
- p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
- BIO_puts(out,"subject=");
- BIO_puts(out,p);
- OPENSSL_free(p);
-
- p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
- BIO_puts(out,"\nissuer=");
- BIO_puts(out,p);
- BIO_puts(out,"\n");
- OPENSSL_free(p);
-
- return 0;
-}
-
-static int ui_open(UI *ui)
- {
- return UI_method_get_opener(UI_OpenSSL())(ui);
- }
-static int ui_read(UI *ui, UI_STRING *uis)
- {
- if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
- && UI_get0_user_data(ui))
- {
- switch(UI_get_string_type(uis))
- {
- case UIT_PROMPT:
- case UIT_VERIFY:
- {
- const char *password =
- ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password && password[0] != '\0')
- {
- UI_set_result(ui, uis, password);
- return 1;
- }
- }
- default:
- break;
- }
- }
- return UI_method_get_reader(UI_OpenSSL())(ui, uis);
- }
-static int ui_write(UI *ui, UI_STRING *uis)
- {
- if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
- && UI_get0_user_data(ui))
- {
- switch(UI_get_string_type(uis))
- {
- case UIT_PROMPT:
- case UIT_VERIFY:
- {
- const char *password =
- ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password && password[0] != '\0')
- return 1;
- }
- default:
- break;
- }
- }
- return UI_method_get_writer(UI_OpenSSL())(ui, uis);
- }
-static int ui_close(UI *ui)
- {
- return UI_method_get_closer(UI_OpenSSL())(ui);
- }
-int setup_ui_method(void)
- {
- ui_method = UI_create_method("OpenSSL application user interface");
- UI_method_set_opener(ui_method, ui_open);
- UI_method_set_reader(ui_method, ui_read);
- UI_method_set_writer(ui_method, ui_write);
- UI_method_set_closer(ui_method, ui_close);
- return 0;
- }
-void destroy_ui_method(void)
- {
- if(ui_method)
- {
- UI_destroy_method(ui_method);
- ui_method = NULL;
- }
- }
-int password_callback(char *buf, int bufsiz, int verify,
- PW_CB_DATA *cb_tmp)
- {
- UI *ui = NULL;
- int res = 0;
- const char *prompt_info = NULL;
- const char *password = NULL;
- PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
-
- if (cb_data)
- {
- if (cb_data->password)
- password = cb_data->password;
- if (cb_data->prompt_info)
- prompt_info = cb_data->prompt_info;
- }
-
- if (password)
- {
- res = strlen(password);
- if (res > bufsiz)
- res = bufsiz;
- memcpy(buf, password, res);
- return res;
- }
-
- ui = UI_new_method(ui_method);
- if (ui)
- {
- int ok = 0;
- char *buff = NULL;
- int ui_flags = 0;
- char *prompt = NULL;
-
- prompt = UI_construct_prompt(ui, "pass phrase",
- prompt_info);
-
- ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
- UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
-
- if (ok >= 0)
- ok = UI_add_input_string(ui,prompt,ui_flags,buf,
- PW_MIN_LENGTH,bufsiz-1);
- if (ok >= 0 && verify)
- {
- buff = (char *)OPENSSL_malloc(bufsiz);
- ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
- PW_MIN_LENGTH,bufsiz-1, buf);
- }
- if (ok >= 0)
- do
- {
- ok = UI_process(ui);
- }
- while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
-
- if (buff)
- {
- OPENSSL_cleanse(buff,(unsigned int)bufsiz);
- OPENSSL_free(buff);
- }
-
- if (ok >= 0)
- res = strlen(buf);
- if (ok == -1)
- {
- BIO_printf(bio_err, "User interface error\n");
- ERR_print_errors(bio_err);
- OPENSSL_cleanse(buf,(unsigned int)bufsiz);
- res = 0;
- }
- if (ok == -2)
- {
- BIO_printf(bio_err,"aborted!\n");
- OPENSSL_cleanse(buf,(unsigned int)bufsiz);
- res = 0;
- }
- UI_free(ui);
- OPENSSL_free(prompt);
- }
- return res;
- }
-
-static char *app_get_pass(BIO *err, char *arg, int keepbio);
-
-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
-{
- int same;
- if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
- else same = 1;
- if(arg1) {
- *pass1 = app_get_pass(err, arg1, same);
- if(!*pass1) return 0;
- } else if(pass1) *pass1 = NULL;
- if(arg2) {
- *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
- if(!*pass2) return 0;
- } else if(pass2) *pass2 = NULL;
- return 1;
-}
-
-static char *app_get_pass(BIO *err, char *arg, int keepbio)
-{
- char *tmp, tpass[APP_PASS_LEN];
- static BIO *pwdbio = NULL;
- int i;
- if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
- if(!strncmp(arg, "env:", 4)) {
- tmp = getenv(arg + 4);
- if(!tmp) {
- BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
- return NULL;
- }
- return BUF_strdup(tmp);
- }
- if(!keepbio || !pwdbio) {
- if(!strncmp(arg, "file:", 5)) {
- pwdbio = BIO_new_file(arg + 5, "r");
- if(!pwdbio) {
- BIO_printf(err, "Can't open file %s\n", arg + 5);
- return NULL;
- }
- } else if(!strncmp(arg, "fd:", 3)) {
- BIO *btmp;
- i = atoi(arg + 3);
- if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
- if((i < 0) || !pwdbio) {
- BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
- return NULL;
- }
- /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
- btmp = BIO_new(BIO_f_buffer());
- pwdbio = BIO_push(btmp, pwdbio);
- } else if(!strcmp(arg, "stdin")) {
- pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
- if(!pwdbio) {
- BIO_printf(err, "Can't open BIO for stdin\n");
- return NULL;
- }
- } else {
- BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
- return NULL;
- }
- }
- i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
- if(keepbio != 1) {
- BIO_free_all(pwdbio);
- pwdbio = NULL;
- }
- if(i <= 0) {
- BIO_printf(err, "Error reading password from BIO\n");
- return NULL;
- }
- tmp = strchr(tpass, '\n');
- if(tmp) *tmp = 0;
- return BUF_strdup(tpass);
-}
-
-int add_oid_section(BIO *err, CONF *conf)
-{
- char *p;
- STACK_OF(CONF_VALUE) *sktmp;
- CONF_VALUE *cnf;
- int i;
- if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
- {
- ERR_clear_error();
- return 1;
- }
- if(!(sktmp = NCONF_get_section(conf, p))) {
- BIO_printf(err, "problem loading oid section %s\n", p);
- return 0;
- }
- for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
- cnf = sk_CONF_VALUE_value(sktmp, i);
- if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
- BIO_printf(err, "problem creating object %s=%s\n",
- cnf->name, cnf->value);
- return 0;
- }
- }
- return 1;
-}
-
-static int load_pkcs12(BIO *err, BIO *in, const char *desc,
- pem_password_cb *pem_cb, void *cb_data,
- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
- {
- const char *pass;
- char tpass[PEM_BUFSIZE];
- int len, ret = 0;
- PKCS12 *p12;
- p12 = d2i_PKCS12_bio(in, NULL);
- if (p12 == NULL)
- {
- BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
- goto die;
- }
- /* See if an empty password will do */
- if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
- pass = "";
- else
- {
- if (!pem_cb)
- pem_cb = (pem_password_cb *)password_callback;
- len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
- if (len < 0)
- {
- BIO_printf(err, "Passpharse callback error for %s\n",
- desc);
- goto die;
- }
- if (len < PEM_BUFSIZE)
- tpass[len] = 0;
- if (!PKCS12_verify_mac(p12, tpass, len))
- {
- BIO_printf(err,
- "Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);
- goto die;
- }
- pass = tpass;
- }
- ret = PKCS12_parse(p12, pass, pkey, cert, ca);
- die:
- if (p12)
- PKCS12_free(p12);
- return ret;
- }
-
-X509 *load_cert(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip)
- {
- ASN1_HEADER *ah=NULL;
- BUF_MEM *buf=NULL;
- X509 *x=NULL;
- BIO *cert;
-
- if ((cert=BIO_new(BIO_s_file())) == NULL)
- {
- ERR_print_errors(err);
- goto end;
- }
-
- if (file == NULL)
- {
- setvbuf(stdin, NULL, _IONBF, 0);
- BIO_set_fp(cert,stdin,BIO_NOCLOSE);
- }
- else
- {
- if (BIO_read_filename(cert,file) <= 0)
- {
- BIO_printf(err, "Error opening %s %s\n",
- cert_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- }
-
- if (format == FORMAT_ASN1)
- x=d2i_X509_bio(cert,NULL);
- else if (format == FORMAT_NETSCAPE)
- {
- const unsigned char *p,*op;
- int size=0,i;
-
- /* We sort of have to do it this way because it is sort of nice
- * to read the header first and check it, then
- * try to read the certificate */
- buf=BUF_MEM_new();
- for (;;)
- {
- if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
- goto end;
- i=BIO_read(cert,&(buf->data[size]),1024*10);
- size+=i;
- if (i == 0) break;
- if (i < 0)
- {
- perror("reading certificate");
- goto end;
- }
- }
- p=(unsigned char *)buf->data;
- op=p;
-
- /* First load the header */
- if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
- goto end;
- if ((ah->header == NULL) || (ah->header->data == NULL) ||
- (strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
- ah->header->length) != 0))
- {
- BIO_printf(err,"Error reading header on certificate\n");
- goto end;
- }
- /* header is ok, so now read the object */
- p=op;
- ah->meth=X509_asn1_meth();
- if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
- goto end;
- x=(X509 *)ah->data;
- ah->data=NULL;
- }
- else if (format == FORMAT_PEM)
- x=PEM_read_bio_X509_AUX(cert,NULL,
- (pem_password_cb *)password_callback, NULL);
- else if (format == FORMAT_PKCS12)
- {
- if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
- NULL, &x, NULL))
- goto end;
- }
- else {
- BIO_printf(err,"bad input format specified for %s\n",
- cert_descrip);
- goto end;
- }
-end:
- if (x == NULL)
- {
- BIO_printf(err,"unable to load certificate\n");
- ERR_print_errors(err);
- }
- if (ah != NULL) ASN1_HEADER_free(ah);
- if (cert != NULL) BIO_free(cert);
- if (buf != NULL) BUF_MEM_free(buf);
- return(x);
- }
-
-EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip)
- {
- BIO *key=NULL;
- EVP_PKEY *pkey=NULL;
- PW_CB_DATA cb_data;
-
- cb_data.password = pass;
- cb_data.prompt_info = file;
-
- if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
- {
- BIO_printf(err,"no keyfile specified\n");
- goto end;
- }
-#ifndef OPENSSL_NO_ENGINE
- if (format == FORMAT_ENGINE)
- {
- if (!e)
- BIO_printf(err,"no engine specified\n");
- else
- {
- pkey = ENGINE_load_private_key(e, file,
- ui_method, &cb_data);
- if (!pkey)
- {
- BIO_printf(err,"cannot load %s from engine\n",key_descrip);
- ERR_print_errors(err);
- }
- }
- goto end;
- }
-#endif
- key=BIO_new(BIO_s_file());
- if (key == NULL)
- {
- ERR_print_errors(err);
- goto end;
- }
- if (file == NULL && maybe_stdin)
- {
- setvbuf(stdin, NULL, _IONBF, 0);
- BIO_set_fp(key,stdin,BIO_NOCLOSE);
- }
- else
- if (BIO_read_filename(key,file) <= 0)
- {
- BIO_printf(err, "Error opening %s %s\n",
- key_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- if (format == FORMAT_ASN1)
- {
- pkey=d2i_PrivateKey_bio(key, NULL);
- }
- else if (format == FORMAT_PEM)
- {
- pkey=PEM_read_bio_PrivateKey(key,NULL,
- (pem_password_cb *)password_callback, &cb_data);
- }
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
- pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
- else if (format == FORMAT_PKCS12)
- {
- if (!load_pkcs12(err, key, key_descrip,
- (pem_password_cb *)password_callback, &cb_data,
- &pkey, NULL, NULL))
- goto end;
- }
- else
- {
- BIO_printf(err,"bad input format specified for key file\n");
- goto end;
- }
- end:
- if (key != NULL) BIO_free(key);
- if (pkey == NULL)
- {
- BIO_printf(err,"unable to load %s\n", key_descrip);
- ERR_print_errors(err);
- }
- return(pkey);
- }
-
-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip)
- {
- BIO *key=NULL;
- EVP_PKEY *pkey=NULL;
- PW_CB_DATA cb_data;
-
- cb_data.password = pass;
- cb_data.prompt_info = file;
-
- if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
- {
- BIO_printf(err,"no keyfile specified\n");
- goto end;
- }
-#ifndef OPENSSL_NO_ENGINE
- if (format == FORMAT_ENGINE)
- {
- if (!e)
- BIO_printf(bio_err,"no engine specified\n");
- else
- pkey = ENGINE_load_public_key(e, file,
- ui_method, &cb_data);
- goto end;
- }
-#endif
- key=BIO_new(BIO_s_file());
- if (key == NULL)
- {
- ERR_print_errors(err);
- goto end;
- }
- if (file == NULL && maybe_stdin)
- {
- setvbuf(stdin, NULL, _IONBF, 0);
- BIO_set_fp(key,stdin,BIO_NOCLOSE);
- }
- else
- if (BIO_read_filename(key,file) <= 0)
- {
- BIO_printf(err, "Error opening %s %s\n",
- key_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- if (format == FORMAT_ASN1)
- {
- pkey=d2i_PUBKEY_bio(key, NULL);
- }
- else if (format == FORMAT_PEM)
- {
- pkey=PEM_read_bio_PUBKEY(key,NULL,
- (pem_password_cb *)password_callback, &cb_data);
- }
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
- pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
- else
- {
- BIO_printf(err,"bad input format specified for key file\n");
- goto end;
- }
- end:
- if (key != NULL) BIO_free(key);
- if (pkey == NULL)
- BIO_printf(err,"unable to load %s\n", key_descrip);
- return(pkey);
- }
-
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-static EVP_PKEY *
-load_netscape_key(BIO *err, BIO *key, const char *file,
- const char *key_descrip, int format)
- {
- EVP_PKEY *pkey;
- BUF_MEM *buf;
- RSA *rsa;
- const unsigned char *p;
- int size, i;
-
- buf=BUF_MEM_new();
- pkey = EVP_PKEY_new();
- size = 0;
- if (buf == NULL || pkey == NULL)
- goto error;
- for (;;)
- {
- if (!BUF_MEM_grow_clean(buf,size+1024*10))
- goto error;
- i = BIO_read(key, &(buf->data[size]), 1024*10);
- size += i;
- if (i == 0)
- break;
- if (i < 0)
- {
- BIO_printf(err, "Error reading %s %s",
- key_descrip, file);
- goto error;
- }
- }
- p=(unsigned char *)buf->data;
- rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
- (format == FORMAT_IISSGC ? 1 : 0));
- if (rsa == NULL)
- goto error;
- BUF_MEM_free(buf);
- EVP_PKEY_set1_RSA(pkey, rsa);
- return pkey;
-error:
- BUF_MEM_free(buf);
- EVP_PKEY_free(pkey);
- return NULL;
- }
-#endif /* ndef OPENSSL_NO_RC4 */
-
-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip)
- {
- BIO *certs;
- int i;
- STACK_OF(X509) *othercerts = NULL;
- STACK_OF(X509_INFO) *allcerts = NULL;
- X509_INFO *xi;
- PW_CB_DATA cb_data;
-
- cb_data.password = pass;
- cb_data.prompt_info = file;
-
- if((certs = BIO_new(BIO_s_file())) == NULL)
- {
- ERR_print_errors(err);
- goto end;
- }
-
- if (file == NULL)
- BIO_set_fp(certs,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(certs,file) <= 0)
- {
- BIO_printf(err, "Error opening %s %s\n",
- cert_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- }
-
- if (format == FORMAT_PEM)
- {
- othercerts = sk_X509_new_null();
- if(!othercerts)
- {
- sk_X509_free(othercerts);
- othercerts = NULL;
- goto end;
- }
- allcerts = PEM_X509_INFO_read_bio(certs, NULL,
- (pem_password_cb *)password_callback, &cb_data);
- for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
- {
- xi = sk_X509_INFO_value (allcerts, i);
- if (xi->x509)
- {
- sk_X509_push(othercerts, xi->x509);
- xi->x509 = NULL;
- }
- }
- goto end;
- }
- else {
- BIO_printf(err,"bad input format specified for %s\n",
- cert_descrip);
- goto end;
- }
-end:
- if (othercerts == NULL)
- {
- BIO_printf(err,"unable to load certificates\n");
- ERR_print_errors(err);
- }
- if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
- if (certs != NULL) BIO_free(certs);
- return(othercerts);
- }
-
-
-#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
-/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT 0
-/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
-/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
-/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
-
-#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
- X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
-
-int set_cert_ex(unsigned long *flags, const char *arg)
-{
- static const NAME_EX_TBL cert_tbl[] = {
- { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
- { "ca_default", X509_FLAG_CA, 0xffffffffl},
- { "no_header", X509_FLAG_NO_HEADER, 0},
- { "no_version", X509_FLAG_NO_VERSION, 0},
- { "no_serial", X509_FLAG_NO_SERIAL, 0},
- { "no_signame", X509_FLAG_NO_SIGNAME, 0},
- { "no_validity", X509_FLAG_NO_VALIDITY, 0},
- { "no_subject", X509_FLAG_NO_SUBJECT, 0},
- { "no_issuer", X509_FLAG_NO_ISSUER, 0},
- { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
- { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
- { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
- { "no_aux", X509_FLAG_NO_AUX, 0},
- { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
- { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
- { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- { NULL, 0, 0}
- };
- return set_multi_opts(flags, arg, cert_tbl);
-}
-
-int set_name_ex(unsigned long *flags, const char *arg)
-{
- static const NAME_EX_TBL ex_tbl[] = {
- { "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
- { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
- { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
- { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
- { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
- { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
- { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
- { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
- { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
- { "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
- { "compat", XN_FLAG_COMPAT, 0xffffffffL},
- { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
- { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
- { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
- { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
- { "dn_rev", XN_FLAG_DN_REV, 0},
- { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
- { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
- { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
- { "align", XN_FLAG_FN_ALIGN, 0},
- { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
- { "space_eq", XN_FLAG_SPC_EQ, 0},
- { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
- { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
- { "oneline", XN_FLAG_ONELINE, 0xffffffffL},
- { "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
- { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
- { NULL, 0, 0}
- };
- return set_multi_opts(flags, arg, ex_tbl);
-}
-
-int set_ext_copy(int *copy_type, const char *arg)
-{
- if (!strcasecmp(arg, "none"))
- *copy_type = EXT_COPY_NONE;
- else if (!strcasecmp(arg, "copy"))
- *copy_type = EXT_COPY_ADD;
- else if (!strcasecmp(arg, "copyall"))
- *copy_type = EXT_COPY_ALL;
- else
- return 0;
- return 1;
-}
-
-int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
-{
- STACK_OF(X509_EXTENSION) *exts = NULL;
- X509_EXTENSION *ext, *tmpext;
- ASN1_OBJECT *obj;
- int i, idx, ret = 0;
- if (!x || !req || (copy_type == EXT_COPY_NONE))
- return 1;
- exts = X509_REQ_get_extensions(req);
-
- for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
- ext = sk_X509_EXTENSION_value(exts, i);
- obj = X509_EXTENSION_get_object(ext);
- idx = X509_get_ext_by_OBJ(x, obj, -1);
- /* Does extension exist? */
- if (idx != -1) {
- /* If normal copy don't override existing extension */
- if (copy_type == EXT_COPY_ADD)
- continue;
- /* Delete all extensions of same type */
- do {
- tmpext = X509_get_ext(x, idx);
- X509_delete_ext(x, idx);
- X509_EXTENSION_free(tmpext);
- idx = X509_get_ext_by_OBJ(x, obj, -1);
- } while (idx != -1);
- }
- if (!X509_add_ext(x, ext, -1))
- goto end;
- }
-
- ret = 1;
-
- end:
-
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-
- return ret;
-}
-
-
-
-
-static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
-{
- STACK_OF(CONF_VALUE) *vals;
- CONF_VALUE *val;
- int i, ret = 1;
- if(!arg) return 0;
- vals = X509V3_parse_list(arg);
- for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
- val = sk_CONF_VALUE_value(vals, i);
- if (!set_table_opts(flags, val->name, in_tbl))
- ret = 0;
- }
- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
- return ret;
-}
-
-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
-{
- char c;
- const NAME_EX_TBL *ptbl;
- c = arg[0];
-
- if(c == '-') {
- c = 0;
- arg++;
- } else if (c == '+') {
- c = 1;
- arg++;
- } else c = 1;
-
- for(ptbl = in_tbl; ptbl->name; ptbl++) {
- if(!strcasecmp(arg, ptbl->name)) {
- *flags &= ~ptbl->mask;
- if(c) *flags |= ptbl->flag;
- else *flags &= ~ptbl->flag;
- return 1;
- }
- }
- return 0;
-}
-
-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
-{
- char *buf;
- char mline = 0;
- int indent = 0;
-
- if(title) BIO_puts(out, title);
- if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
- mline = 1;
- indent = 4;
- }
- if(lflags == XN_FLAG_COMPAT) {
- buf = X509_NAME_oneline(nm, 0, 0);
- BIO_puts(out, buf);
- BIO_puts(out, "\n");
- OPENSSL_free(buf);
- } else {
- if(mline) BIO_puts(out, "\n");
- X509_NAME_print_ex(out, nm, indent, lflags);
- BIO_puts(out, "\n");
- }
-}
-
-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
-{
- X509_STORE *store;
- X509_LOOKUP *lookup;
- if(!(store = X509_STORE_new())) goto end;
- lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
- if (lookup == NULL) goto end;
- if (CAfile) {
- if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
- BIO_printf(bp, "Error loading file %s\n", CAfile);
- goto end;
- }
- } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
- if (lookup == NULL) goto end;
- if (CApath) {
- if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
- BIO_printf(bp, "Error loading directory %s\n", CApath);
- goto end;
- }
- } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- ERR_clear_error();
- return store;
- end:
- X509_STORE_free(store);
- return NULL;
-}
-
-#ifndef OPENSSL_NO_ENGINE
-/* Try to load an engine in a shareable library */
-static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
- {
- ENGINE *e = ENGINE_by_id("dynamic");
- if (e)
- {
- if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
- || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
- {
- ENGINE_free(e);
- e = NULL;
- }
- }
- return e;
- }
-
-ENGINE *setup_engine(BIO *err, const char *engine, int debug)
- {
- ENGINE *e = NULL;
-
- if (engine)
- {
- if(strcmp(engine, "auto") == 0)
- {
- BIO_printf(err,"enabling auto ENGINE support\n");
- ENGINE_register_all_complete();
- return NULL;
- }
- if((e = ENGINE_by_id(engine)) == NULL
- && (e = try_load_engine(err, engine, debug)) == NULL)
- {
- BIO_printf(err,"invalid engine \"%s\"\n", engine);
- ERR_print_errors(err);
- return NULL;
- }
- if (debug)
- {
- ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
- 0, err, 0);
- }
- ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
- if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
- {
- BIO_printf(err,"can't use that engine\n");
- ERR_print_errors(err);
- ENGINE_free(e);
- return NULL;
- }
-
- BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
-
- /* Free our "structural" reference. */
- ENGINE_free(e);
- }
- return e;
- }
-#endif
-
-int load_config(BIO *err, CONF *cnf)
- {
- if (!cnf)
- cnf = config;
- if (!cnf)
- return 1;
-
- OPENSSL_load_builtin_modules();
-
- if (CONF_modules_load(cnf, NULL, 0) <= 0)
- {
- BIO_printf(err, "Error configuring OpenSSL\n");
- ERR_print_errors(err);
- return 0;
- }
- return 1;
- }
-
-char *make_config_name()
- {
- const char *t=X509_get_default_cert_area();
- size_t len;
- char *p;
-
- len=strlen(t)+strlen(OPENSSL_CONF)+2;
- p=OPENSSL_malloc(len);
- if (p == NULL)
- return NULL;
- BUF_strlcpy(p,t,len);
-#ifndef OPENSSL_SYS_VMS
- BUF_strlcat(p,"/",len);
-#endif
- BUF_strlcat(p,OPENSSL_CONF,len);
-
- return p;
- }
-
-static unsigned long index_serial_hash(const char **a)
- {
- const char *n;
-
- n=a[DB_serial];
- while (*n == '0') n++;
- return(lh_strhash(n));
- }
-
-static int index_serial_cmp(const char **a, const char **b)
- {
- const char *aa,*bb;
-
- for (aa=a[DB_serial]; *aa == '0'; aa++);
- for (bb=b[DB_serial]; *bb == '0'; bb++);
- return(strcmp(aa,bb));
- }
-
-static int index_name_qual(char **a)
- { return(a[0][0] == 'V'); }
-
-static unsigned long index_name_hash(const char **a)
- { return(lh_strhash(a[DB_name])); }
-
-int index_name_cmp(const char **a, const char **b)
- { return(strcmp(a[DB_name],
- b[DB_name])); }
-
-static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
-static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
-
-#undef BSIZE
-#define BSIZE 256
-
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
- {
- BIO *in=NULL;
- BIGNUM *ret=NULL;
- MS_STATIC char buf[1024];
- ASN1_INTEGER *ai=NULL;
-
- ai=ASN1_INTEGER_new();
- if (ai == NULL) goto err;
-
- if ((in=BIO_new(BIO_s_file())) == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- if (BIO_read_filename(in,serialfile) <= 0)
- {
- if (!create)
- {
- perror(serialfile);
- goto err;
- }
- else
- {
- ret=BN_new();
- if (ret == NULL || !rand_serial(ret, ai))
- BIO_printf(bio_err, "Out of memory\n");
- }
- }
- else
- {
- if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
- {
- BIO_printf(bio_err,"unable to load number from %s\n",
- serialfile);
- goto err;
- }
- ret=ASN1_INTEGER_to_BN(ai,NULL);
- if (ret == NULL)
- {
- BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
- goto err;
- }
- }
-
- if (ret && retai)
- {
- *retai = ai;
- ai = NULL;
- }
- err:
- if (in != NULL) BIO_free(in);
- if (ai != NULL) ASN1_INTEGER_free(ai);
- return(ret);
- }
-
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
- {
- char buf[1][BSIZE];
- BIO *out = NULL;
- int ret=0;
- ASN1_INTEGER *ai=NULL;
- int j;
-
- if (suffix == NULL)
- j = strlen(serialfile);
- else
- j = strlen(serialfile) + strlen(suffix) + 1;
- if (j >= BSIZE)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
- if (suffix == NULL)
- BUF_strlcpy(buf[0], serialfile, BSIZE);
- else
- {
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
-#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
-#endif
- }
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- if (BIO_write_filename(out,buf[0]) <= 0)
- {
- perror(serialfile);
- goto err;
- }
-
- if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
- {
- BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
- goto err;
- }
- i2a_ASN1_INTEGER(out,ai);
- BIO_puts(out,"\n");
- ret=1;
- if (retai)
- {
- *retai = ai;
- ai = NULL;
- }
-err:
- if (out != NULL) BIO_free_all(out);
- if (ai != NULL) ASN1_INTEGER_free(ai);
- return(ret);
- }
-
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
- {
- char buf[5][BSIZE];
- int i,j;
- struct stat sb;
-
- i = strlen(serialfile) + strlen(old_suffix);
- j = strlen(serialfile) + strlen(new_suffix);
- if (i > j) j = i;
- if (j + 1 >= BSIZE)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
- serialfile, new_suffix);
-#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
- serialfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
- serialfile, old_suffix);
-#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
- serialfile, old_suffix);
-#endif
- if (stat(serialfile,&sb) < 0)
- {
- if (errno != ENOENT
-#ifdef ENOTDIR
- && errno != ENOTDIR
-#endif
- )
- goto err;
- }
- else
- {
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- serialfile, buf[1]);
-#endif
- if (rename(serialfile,buf[1]) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- serialfile, buf[1]);
- perror("reason");
- goto err;
- }
- }
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[0],serialfile);
-#endif
- if (rename(buf[0],serialfile) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[0],serialfile);
- perror("reason");
- rename(buf[1],serialfile);
- goto err;
- }
- return 1;
- err:
- return 0;
- }
-
-int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
- {
- BIGNUM *btmp;
- int ret = 0;
- if (b)
- btmp = b;
- else
- btmp = BN_new();
-
- if (!btmp)
- return 0;
-
- if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
- goto error;
- if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
- goto error;
-
- ret = 1;
-
- error:
-
- if (!b)
- BN_free(btmp);
-
- return ret;
- }
-
-CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
- {
- CA_DB *retdb = NULL;
- TXT_DB *tmpdb = NULL;
- BIO *in = BIO_new(BIO_s_file());
- CONF *dbattr_conf = NULL;
- char buf[1][BSIZE];
- long errorline= -1;
-
- if (in == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- if (BIO_read_filename(in,dbfile) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
- goto err;
- }
- if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
- {
- if (tmpdb != NULL) TXT_DB_free(tmpdb);
- goto err;
- }
-
-#ifndef OPENSSL_SYS_VMS
- BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
-#else
- BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
-#endif
- dbattr_conf = NCONF_new(NULL);
- if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
- {
- if (errorline > 0)
- {
- BIO_printf(bio_err,
- "error on line %ld of db attribute file '%s'\n"
- ,errorline,buf[0]);
- goto err;
- }
- else
- {
- NCONF_free(dbattr_conf);
- dbattr_conf = NULL;
- }
- }
-
- if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
- {
- fprintf(stderr, "Out of memory\n");
- goto err;
- }
-
- retdb->db = tmpdb;
- tmpdb = NULL;
- if (db_attr)
- retdb->attributes = *db_attr;
- else
- {
- retdb->attributes.unique_subject = 1;
- }
-
- if (dbattr_conf)
- {
- char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
- if (p)
- {
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
-#endif
- retdb->attributes.unique_subject = parse_yesno(p,1);
- }
- }
-
- err:
- if (dbattr_conf) NCONF_free(dbattr_conf);
- if (tmpdb) TXT_DB_free(tmpdb);
- if (in) BIO_free_all(in);
- return retdb;
- }
-
-int index_index(CA_DB *db)
- {
- if (!TXT_DB_create_index(db->db, DB_serial, NULL,
- LHASH_HASH_FN(index_serial_hash),
- LHASH_COMP_FN(index_serial_cmp)))
- {
- BIO_printf(bio_err,
- "error creating serial number index:(%ld,%ld,%ld)\n",
- db->db->error,db->db->arg1,db->db->arg2);
- return 0;
- }
-
- if (db->attributes.unique_subject
- && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
- LHASH_HASH_FN(index_name_hash),
- LHASH_COMP_FN(index_name_cmp)))
- {
- BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
- db->db->error,db->db->arg1,db->db->arg2);
- return 0;
- }
- return 1;
- }
-
-int save_index(const char *dbfile, const char *suffix, CA_DB *db)
- {
- char buf[3][BSIZE];
- BIO *out = BIO_new(BIO_s_file());
- int j;
-
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- j = strlen(dbfile) + strlen(suffix);
- if (j + 6 >= BSIZE)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
-#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
-#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
-#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
-#endif
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
- if (BIO_write_filename(out,buf[0]) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
- goto err;
- }
- j=TXT_DB_write(out,db->db);
- if (j <= 0) goto err;
-
- BIO_free(out);
-
- out = BIO_new(BIO_s_file());
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
-#endif
- if (BIO_write_filename(out,buf[1]) <= 0)
- {
- perror(buf[2]);
- BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
- goto err;
- }
- BIO_printf(out,"unique_subject = %s\n",
- db->attributes.unique_subject ? "yes" : "no");
- BIO_free(out);
-
- return 1;
- err:
- return 0;
- }
-
-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
- {
- char buf[5][BSIZE];
- int i,j;
- struct stat sb;
-
- i = strlen(dbfile) + strlen(old_suffix);
- j = strlen(dbfile) + strlen(new_suffix);
- if (i > j) j = i;
- if (j + 6 >= BSIZE)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
-#else
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
- dbfile, new_suffix);
-#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
- dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
- dbfile, new_suffix);
-#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
- dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
- dbfile, old_suffix);
-#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
- dbfile, old_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
- dbfile, old_suffix);
-#else
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
- dbfile, old_suffix);
-#endif
- if (stat(dbfile,&sb) < 0)
- {
- if (errno != ENOENT
-#ifdef ENOTDIR
- && errno != ENOTDIR
-#endif
- )
- goto err;
- }
- else
- {
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- dbfile, buf[1]);
-#endif
- if (rename(dbfile,buf[1]) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- dbfile, buf[1]);
- perror("reason");
- goto err;
- }
- }
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[0],dbfile);
-#endif
- if (rename(buf[0],dbfile) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[0],dbfile);
- perror("reason");
- rename(buf[1],dbfile);
- goto err;
- }
- if (stat(buf[4],&sb) < 0)
- {
- if (errno != ENOENT
-#ifdef ENOTDIR
- && errno != ENOTDIR
-#endif
- )
- goto err;
- }
- else
- {
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[4],buf[3]);
-#endif
- if (rename(buf[4],buf[3]) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[4], buf[3]);
- perror("reason");
- rename(dbfile,buf[0]);
- rename(buf[1],dbfile);
- goto err;
- }
- }
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[2],buf[4]);
-#endif
- if (rename(buf[2],buf[4]) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[2],buf[4]);
- perror("reason");
- rename(buf[3],buf[4]);
- rename(dbfile,buf[0]);
- rename(buf[1],dbfile);
- goto err;
- }
- return 1;
- err:
- return 0;
- }
-
-void free_index(CA_DB *db)
- {
- if (db)
- {
- if (db->db) TXT_DB_free(db->db);
- OPENSSL_free(db);
- }
- }
-
-int parse_yesno(const char *str, int def)
- {
- int ret = def;
- if (str)
- {
- switch (*str)
- {
- case 'f': /* false */
- case 'F': /* FALSE */
- case 'n': /* no */
- case 'N': /* NO */
- case '0': /* 0 */
- ret = 0;
- break;
- case 't': /* true */
- case 'T': /* TRUE */
- case 'y': /* yes */
- case 'Y': /* YES */
- case '1': /* 1 */
- ret = 1;
- break;
- default:
- ret = def;
- break;
- }
- }
- return ret;
- }
-
-/*
- * subject is expected to be in the format /type0=value0/type1=value1/type2=...
- * where characters may be escaped by \
- */
-X509_NAME *parse_name(char *subject, long chtype, int multirdn)
- {
- size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
- char *buf = OPENSSL_malloc(buflen);
- size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
- char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
- char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
- int *mval = OPENSSL_malloc (max_ne * sizeof (int));
-
- char *sp = subject, *bp = buf;
- int i, ne_num = 0;
-
- X509_NAME *n = NULL;
- int nid;
-
- if (!buf || !ne_types || !ne_values || !mval)
- {
- BIO_printf(bio_err, "malloc error\n");
- goto error;
- }
-
- if (*subject != '/')
- {
- BIO_printf(bio_err, "Subject does not start with '/'.\n");
- goto error;
- }
- sp++; /* skip leading / */
-
- /* no multivalued RDN by default */
- mval[ne_num] = 0;
-
- while (*sp)
- {
- /* collect type */
- ne_types[ne_num] = bp;
- while (*sp)
- {
- if (*sp == '\\') /* is there anything to escape in the type...? */
- {
- if (*++sp)
- *bp++ = *sp++;
- else
- {
- BIO_printf(bio_err, "escape character at end of string\n");
- goto error;
- }
- }
- else if (*sp == '=')
- {
- sp++;
- *bp++ = '\0';
- break;
- }
- else
- *bp++ = *sp++;
- }
- if (!*sp)
- {
- BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
- goto error;
- }
- ne_values[ne_num] = bp;
- while (*sp)
- {
- if (*sp == '\\')
- {
- if (*++sp)
- *bp++ = *sp++;
- else
- {
- BIO_printf(bio_err, "escape character at end of string\n");
- goto error;
- }
- }
- else if (*sp == '/')
- {
- sp++;
- /* no multivalued RDN by default */
- mval[ne_num+1] = 0;
- break;
- }
- else if (*sp == '+' && multirdn)
- {
- /* a not escaped + signals a mutlivalued RDN */
- sp++;
- mval[ne_num+1] = -1;
- break;
- }
- else
- *bp++ = *sp++;
- }
- *bp++ = '\0';
- ne_num++;
- }
-
- if (!(n = X509_NAME_new()))
- goto error;
-
- for (i = 0; i < ne_num; i++)
- {
- if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
- {
- BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
- continue;
- }
-
- if (!*ne_values[i])
- {
- BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
- continue;
- }
-
- if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
- goto error;
- }
-
- OPENSSL_free(ne_values);
- OPENSSL_free(ne_types);
- OPENSSL_free(buf);
- OPENSSL_free(mval);
- return n;
-
-error:
- X509_NAME_free(n);
- if (ne_values)
- OPENSSL_free(ne_values);
- if (ne_types)
- OPENSSL_free(ne_types);
- if (mval)
- OPENSSL_free(mval);
- if (buf)
- OPENSSL_free(buf);
- return NULL;
-}
-
-/* This code MUST COME AFTER anything that uses rename() */
-#ifdef OPENSSL_SYS_WIN32
-int WIN32_rename(const char *from, const char *to)
- {
-#ifndef OPENSSL_SYS_WINCE
- /* Windows rename gives an error if 'to' exists, so delete it
- * first and ignore file not found errror
- */
- if((remove(to) != 0) && (errno != ENOENT))
- return -1;
-#undef rename
- return rename(from, to);
-#else
- /* convert strings to UNICODE */
- {
- BOOL result = FALSE;
- WCHAR* wfrom;
- WCHAR* wto;
- int i;
- wfrom = malloc((strlen(from)+1)*2);
- wto = malloc((strlen(to)+1)*2);
- if (wfrom != NULL && wto != NULL)
- {
- for (i=0; i<(int)strlen(from)+1; i++)
- wfrom[i] = (short)from[i];
- for (i=0; i<(int)strlen(to)+1; i++)
- wto[i] = (short)to[i];
- result = MoveFile(wfrom, wto);
- }
- if (wfrom != NULL)
- free(wfrom);
- if (wto != NULL)
- free(wto);
- return result;
- }
-#endif
- }
-#endif
-
-int args_verify(char ***pargs, int *pargc,
- int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
- {
- ASN1_OBJECT *otmp = NULL;
- unsigned long flags = 0;
- int i;
- int purpose = 0;
- char **oldargs = *pargs;
- char *arg = **pargs, *argn = (*pargs)[1];
- if (!strcmp(arg, "-policy"))
- {
- if (!argn)
- *badarg = 1;
- else
- {
- otmp = OBJ_txt2obj(argn, 0);
- if (!otmp)
- {
- BIO_printf(err, "Invalid Policy \"%s\"\n",
- argn);
- *badarg = 1;
- }
- }
- (*pargs)++;
- }
- else if (strcmp(arg,"-purpose") == 0)
- {
- X509_PURPOSE *xptmp;
- if (!argn)
- *badarg = 1;
- else
- {
- i = X509_PURPOSE_get_by_sname(argn);
- if(i < 0)
- {
- BIO_printf(err, "unrecognized purpose\n");
- *badarg = 1;
- }
- else
- {
- xptmp = X509_PURPOSE_get0(i);
- purpose = X509_PURPOSE_get_id(xptmp);
- }
- }
- (*pargs)++;
- }
- else if (!strcmp(arg, "-ignore_critical"))
- flags |= X509_V_FLAG_IGNORE_CRITICAL;
- else if (!strcmp(arg, "-issuer_checks"))
- flags |= X509_V_FLAG_CB_ISSUER_CHECK;
- else if (!strcmp(arg, "-crl_check"))
- flags |= X509_V_FLAG_CRL_CHECK;
- else if (!strcmp(arg, "-crl_check_all"))
- flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
- else if (!strcmp(arg, "-policy_check"))
- flags |= X509_V_FLAG_POLICY_CHECK;
- else if (!strcmp(arg, "-explicit_policy"))
- flags |= X509_V_FLAG_EXPLICIT_POLICY;
- else if (!strcmp(arg, "-x509_strict"))
- flags |= X509_V_FLAG_X509_STRICT;
- else if (!strcmp(arg, "-policy_print"))
- flags |= X509_V_FLAG_NOTIFY_POLICY;
- else if (!strcmp(arg, "-check_ss_sig"))
- flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
- else
- return 0;
-
- if (*badarg)
- {
- if (*pm)
- X509_VERIFY_PARAM_free(*pm);
- *pm = NULL;
- goto end;
- }
-
- if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
- {
- *badarg = 1;
- goto end;
- }
-
- if (otmp)
- X509_VERIFY_PARAM_add0_policy(*pm, otmp);
- if (flags)
- X509_VERIFY_PARAM_set_flags(*pm, flags);
-
- if (purpose)
- X509_VERIFY_PARAM_set_purpose(*pm, purpose);
-
- end:
-
- (*pargs)++;
-
- if (pargc)
- *pargc -= *pargs - oldargs;
-
- return 1;
-
- }
-
-static void nodes_print(BIO *out, const char *name,
- STACK_OF(X509_POLICY_NODE) *nodes)
- {
- X509_POLICY_NODE *node;
- int i;
- BIO_printf(out, "%s Policies:", name);
- if (nodes)
- {
- BIO_puts(out, "\n");
- for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
- {
- node = sk_X509_POLICY_NODE_value(nodes, i);
- X509_POLICY_NODE_print(out, node, 2);
- }
- }
- else
- BIO_puts(out, " <empty>\n");
- }
-
-void policies_print(BIO *out, X509_STORE_CTX *ctx)
- {
- X509_POLICY_TREE *tree;
- int explicit_policy;
- int free_out = 0;
- if (out == NULL)
- {
- out = BIO_new_fp(stderr, BIO_NOCLOSE);
- free_out = 1;
- }
- tree = X509_STORE_CTX_get0_policy_tree(ctx);
- explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
-
- BIO_printf(out, "Require explicit Policy: %s\n",
- explicit_policy ? "True" : "False");
-
- nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
- nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
- if (free_out)
- BIO_free(out);
- }
-
-#ifndef OPENSSL_NO_JPAKE
-
-static JPAKE_CTX *jpake_init(const char *us, const char *them,
- const char *secret)
- {
- BIGNUM *p = NULL;
- BIGNUM *g = NULL;
- BIGNUM *q = NULL;
- BIGNUM *bnsecret = BN_new();
- JPAKE_CTX *ctx;
-
- /* Use a safe prime for p (that we found earlier) */
- BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
- g = BN_new();
- BN_set_word(g, 2);
- q = BN_new();
- BN_rshift1(q, p);
-
- BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
-
- ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
- BN_free(bnsecret);
- BN_free(q);
- BN_free(g);
- BN_free(p);
-
- return ctx;
- }
-
-static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
- {
- BN_print(conn, p->gx);
- BIO_puts(conn, "\n");
- BN_print(conn, p->zkpx.gr);
- BIO_puts(conn, "\n");
- BN_print(conn, p->zkpx.b);
- BIO_puts(conn, "\n");
- }
-
-static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
- {
- JPAKE_STEP1 s1;
-
- JPAKE_STEP1_init(&s1);
- JPAKE_STEP1_generate(&s1, ctx);
- jpake_send_part(bconn, &s1.p1);
- jpake_send_part(bconn, &s1.p2);
- (void)BIO_flush(bconn);
- JPAKE_STEP1_release(&s1);
- }
-
-static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
- {
- JPAKE_STEP2 s2;
-
- JPAKE_STEP2_init(&s2);
- JPAKE_STEP2_generate(&s2, ctx);
- jpake_send_part(bconn, &s2);
- (void)BIO_flush(bconn);
- JPAKE_STEP2_release(&s2);
- }
-
-static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
- {
- JPAKE_STEP3A s3a;
-
- JPAKE_STEP3A_init(&s3a);
- JPAKE_STEP3A_generate(&s3a, ctx);
- BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
- (void)BIO_flush(bconn);
- JPAKE_STEP3A_release(&s3a);
- }
-
-static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
- {
- JPAKE_STEP3B s3b;
-
- JPAKE_STEP3B_init(&s3b);
- JPAKE_STEP3B_generate(&s3b, ctx);
- BIO_write(bconn, s3b.hk, sizeof s3b.hk);
- (void)BIO_flush(bconn);
- JPAKE_STEP3B_release(&s3b);
- }
-
-static void readbn(BIGNUM **bn, BIO *bconn)
- {
- char buf[10240];
- int l;
-
- l = BIO_gets(bconn, buf, sizeof buf);
- assert(l > 0);
- assert(buf[l-1] == '\n');
- buf[l-1] = '\0';
- BN_hex2bn(bn, buf);
- }
-
-static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
- {
- readbn(&p->gx, bconn);
- readbn(&p->zkpx.gr, bconn);
- readbn(&p->zkpx.b, bconn);
- }
-
-static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
- {
- JPAKE_STEP1 s1;
-
- JPAKE_STEP1_init(&s1);
- jpake_receive_part(&s1.p1, bconn);
- jpake_receive_part(&s1.p2, bconn);
- if(!JPAKE_STEP1_process(ctx, &s1))
- {
- ERR_print_errors(bio_err);
- exit(1);
- }
- JPAKE_STEP1_release(&s1);
- }
-
-static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
- {
- JPAKE_STEP2 s2;
-
- JPAKE_STEP2_init(&s2);
- jpake_receive_part(&s2, bconn);
- if(!JPAKE_STEP2_process(ctx, &s2))
- {
- ERR_print_errors(bio_err);
- exit(1);
- }
- JPAKE_STEP2_release(&s2);
- }
-
-static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
- {
- JPAKE_STEP3A s3a;
- int l;
-
- JPAKE_STEP3A_init(&s3a);
- l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
- assert(l == sizeof s3a.hhk);
- if(!JPAKE_STEP3A_process(ctx, &s3a))
- {
- ERR_print_errors(bio_err);
- exit(1);
- }
- JPAKE_STEP3A_release(&s3a);
- }
-
-static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
- {
- JPAKE_STEP3B s3b;
- int l;
-
- JPAKE_STEP3B_init(&s3b);
- l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
- assert(l == sizeof s3b.hk);
- if(!JPAKE_STEP3B_process(ctx, &s3b))
- {
- ERR_print_errors(bio_err);
- exit(1);
- }
- JPAKE_STEP3B_release(&s3b);
- }
-
-void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
- {
- JPAKE_CTX *ctx;
- BIO *bconn;
-
- BIO_puts(out, "Authenticating with JPAKE\n");
-
- ctx = jpake_init("client", "server", secret);
-
- bconn = BIO_new(BIO_f_buffer());
- BIO_push(bconn, conn);
-
- jpake_send_step1(bconn, ctx);
- jpake_receive_step1(ctx, bconn);
- jpake_send_step2(bconn, ctx);
- jpake_receive_step2(ctx, bconn);
- jpake_send_step3a(bconn, ctx);
- jpake_receive_step3b(ctx, bconn);
-
- /*
- * The problem is that you must use the derived key in the
- * session key or you are subject to man-in-the-middle
- * attacks.
- */
- BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
- " be MitMed. See the version in HEAD for how to do it"
- " properly)\n");
-
- BIO_pop(bconn);
- BIO_free(bconn);
- }
-
-void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
- {
- JPAKE_CTX *ctx;
- BIO *bconn;
-
- BIO_puts(out, "Authenticating with JPAKE\n");
-
- ctx = jpake_init("server", "client", secret);
-
- bconn = BIO_new(BIO_f_buffer());
- BIO_push(bconn, conn);
-
- jpake_receive_step1(ctx, bconn);
- jpake_send_step1(bconn, ctx);
- jpake_receive_step2(ctx, bconn);
- jpake_send_step2(bconn, ctx);
- jpake_receive_step3a(ctx, bconn);
- jpake_send_step3b(bconn, ctx);
-
- /*
- * The problem is that you must use the derived key in the
- * session key or you are subject to man-in-the-middle
- * attacks.
- */
- BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
- " be MitMed. See the version in HEAD for how to do it"
- " properly)\n");
-
- BIO_pop(bconn);
- BIO_free(bconn);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/apps.c (from rev 6976, vendor-crypto/openssl/dist/apps/apps.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/apps.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/apps.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2447 @@
+/* apps/apps.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <ctype.h>
+#include <assert.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include <openssl/ui.h>
+#include <openssl/safestack.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_JPAKE
+# include <openssl/jpake.h>
+#endif
+
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+
+typedef struct {
+ const char *name;
+ unsigned long flag;
+ unsigned long mask;
+} NAME_EX_TBL;
+
+static UI_METHOD *ui_method = NULL;
+
+static int set_table_opts(unsigned long *flags, const char *arg,
+ const NAME_EX_TBL * in_tbl);
+static int set_multi_opts(unsigned long *flags, const char *arg,
+ const NAME_EX_TBL * in_tbl);
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+/* Looks like this stuff is worth moving into separate function */
+static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
+ const char *key_descrip, int format);
+#endif
+
+int app_init(long mesgwin);
+#ifdef undef /* never finished - probably never will be
+ * :-) */
+int args_from_file(char *file, int *argc, char **argv[])
+{
+ FILE *fp;
+ int num, i;
+ unsigned int len;
+ static char *buf = NULL;
+ static char **arg = NULL;
+ char *p;
+ struct stat stbuf;
+
+ if (stat(file, &stbuf) < 0)
+ return (0);
+
+ fp = fopen(file, "r");
+ if (fp == NULL)
+ return (0);
+
+ *argc = 0;
+ *argv = NULL;
+
+ len = (unsigned int)stbuf.st_size;
+ if (buf != NULL)
+ OPENSSL_free(buf);
+ buf = (char *)OPENSSL_malloc(len + 1);
+ if (buf == NULL)
+ return (0);
+
+ len = fread(buf, 1, len, fp);
+ if (len <= 1)
+ return (0);
+ buf[len] = '\0';
+
+ i = 0;
+ for (p = buf; *p; p++)
+ if (*p == '\n')
+ i++;
+ if (arg != NULL)
+ OPENSSL_free(arg);
+ arg = (char **)OPENSSL_malloc(sizeof(char *) * (i * 2));
+
+ *argv = arg;
+ num = 0;
+ p = buf;
+ for (;;) {
+ if (!*p)
+ break;
+ if (*p == '#') { /* comment line */
+ while (*p && (*p != '\n'))
+ p++;
+ continue;
+ }
+ /* else we have a line */
+ *(arg++) = p;
+ num++;
+ while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
+ p++;
+ if (!*p)
+ break;
+ if (*p == '\n') {
+ *(p++) = '\0';
+ continue;
+ }
+ /* else it is a tab or space */
+ p++;
+ while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+ p++;
+ if (!*p)
+ break;
+ if (*p == '\n') {
+ p++;
+ continue;
+ }
+ *(arg++) = p++;
+ num++;
+ while (*p && (*p != '\n'))
+ p++;
+ if (!*p)
+ break;
+ /* else *p == '\n' */
+ *(p++) = '\0';
+ }
+ *argc = num;
+ return (1);
+}
+#endif
+
+int str2fmt(char *s)
+{
+ if ((*s == 'D') || (*s == 'd'))
+ return (FORMAT_ASN1);
+ else if ((*s == 'T') || (*s == 't'))
+ return (FORMAT_TEXT);
+ else if ((*s == 'P') || (*s == 'p'))
+ return (FORMAT_PEM);
+ else if ((*s == 'N') || (*s == 'n'))
+ return (FORMAT_NETSCAPE);
+ else if ((*s == 'S') || (*s == 's'))
+ return (FORMAT_SMIME);
+ else if ((*s == '1')
+ || (strcmp(s, "PKCS12") == 0) || (strcmp(s, "pkcs12") == 0)
+ || (strcmp(s, "P12") == 0) || (strcmp(s, "p12") == 0))
+ return (FORMAT_PKCS12);
+ else if ((*s == 'E') || (*s == 'e'))
+ return (FORMAT_ENGINE);
+ else
+ return (FORMAT_UNDEF);
+}
+
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
+void program_name(char *in, char *out, int size)
+{
+ int i, n;
+ char *p = NULL;
+
+ n = strlen(in);
+ /* find the last '/', '\' or ':' */
+ for (i = n - 1; i > 0; i--) {
+ if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':')) {
+ p = &(in[i + 1]);
+ break;
+ }
+ }
+ if (p == NULL)
+ p = in;
+ n = strlen(p);
+
+# if defined(OPENSSL_SYS_NETWARE)
+ /* strip off trailing .nlm if present. */
+ if ((n > 4) && (p[n - 4] == '.') &&
+ ((p[n - 3] == 'n') || (p[n - 3] == 'N')) &&
+ ((p[n - 2] == 'l') || (p[n - 2] == 'L')) &&
+ ((p[n - 1] == 'm') || (p[n - 1] == 'M')))
+ n -= 4;
+# else
+ /* strip off trailing .exe if present. */
+ if ((n > 4) && (p[n - 4] == '.') &&
+ ((p[n - 3] == 'e') || (p[n - 3] == 'E')) &&
+ ((p[n - 2] == 'x') || (p[n - 2] == 'X')) &&
+ ((p[n - 1] == 'e') || (p[n - 1] == 'E')))
+ n -= 4;
+# endif
+
+ if (n > size - 1)
+ n = size - 1;
+
+ for (i = 0; i < n; i++) {
+ if ((p[i] >= 'A') && (p[i] <= 'Z'))
+ out[i] = p[i] - 'A' + 'a';
+ else
+ out[i] = p[i];
+ }
+ out[n] = '\0';
+}
+#else
+# ifdef OPENSSL_SYS_VMS
+void program_name(char *in, char *out, int size)
+{
+ char *p = in, *q;
+ char *chars = ":]>";
+
+ while (*chars != '\0') {
+ q = strrchr(p, *chars);
+ if (q > p)
+ p = q + 1;
+ chars++;
+ }
+
+ q = strrchr(p, '.');
+ if (q == NULL)
+ q = p + strlen(p);
+ strncpy(out, p, size - 1);
+ if (q - p >= size) {
+ out[size - 1] = '\0';
+ } else {
+ out[q - p] = '\0';
+ }
+}
+# else
+void program_name(char *in, char *out, int size)
+{
+ char *p;
+
+ p = strrchr(in, '/');
+ if (p != NULL)
+ p++;
+ else
+ p = in;
+ BUF_strlcpy(out, p, size);
+}
+# endif
+#endif
+
+int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
+{
+ int num, i;
+ char *p;
+
+ *argc = 0;
+ *argv = NULL;
+
+ i = 0;
+ if (arg->count == 0) {
+ arg->count = 20;
+ arg->data = (char **)OPENSSL_malloc(sizeof(char *) * arg->count);
+ if (arg->data == NULL)
+ return 0;
+ }
+ for (i = 0; i < arg->count; i++)
+ arg->data[i] = NULL;
+
+ num = 0;
+ p = buf;
+ for (;;) {
+ /* first scan over white space */
+ if (!*p)
+ break;
+ while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
+ p++;
+ if (!*p)
+ break;
+
+ /* The start of something good :-) */
+ if (num >= arg->count) {
+ char **tmp_p;
+ int tlen = arg->count + 20;
+ tmp_p = (char **)OPENSSL_realloc(arg->data,
+ sizeof(char *) * tlen);
+ if (tmp_p == NULL)
+ return 0;
+ arg->data = tmp_p;
+ arg->count = tlen;
+ /* initialize newly allocated data */
+ for (i = num; i < arg->count; i++)
+ arg->data[i] = NULL;
+ }
+ arg->data[num++] = p;
+
+ /* now look for the end of this */
+ if ((*p == '\'') || (*p == '\"')) { /* scan for closing quote */
+ i = *(p++);
+ arg->data[num - 1]++; /* jump over quote */
+ while (*p && (*p != i))
+ p++;
+ *p = '\0';
+ } else {
+ while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
+ p++;
+
+ if (*p == '\0')
+ p--;
+ else
+ *p = '\0';
+ }
+ p++;
+ }
+ *argc = num;
+ *argv = arg->data;
+ return (1);
+}
+
+#ifndef APP_INIT
+int app_init(long mesgwin)
+{
+ return (1);
+}
+#endif
+
+int dump_cert_text(BIO *out, X509 *x)
+{
+ char *p;
+
+ p = X509_NAME_oneline(X509_get_subject_name(x), NULL, 0);
+ BIO_puts(out, "subject=");
+ BIO_puts(out, p);
+ OPENSSL_free(p);
+
+ p = X509_NAME_oneline(X509_get_issuer_name(x), NULL, 0);
+ BIO_puts(out, "\nissuer=");
+ BIO_puts(out, p);
+ BIO_puts(out, "\n");
+ OPENSSL_free(p);
+
+ return 0;
+}
+
+static int ui_open(UI *ui)
+{
+ return UI_method_get_opener(UI_OpenSSL())(ui);
+}
+
+static int ui_read(UI *ui, UI_STRING *uis)
+{
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui)) {
+ switch (UI_get_string_type(uis)) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password && password[0] != '\0') {
+ UI_set_result(ui, uis, password);
+ return 1;
+ }
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+}
+
+static int ui_write(UI *ui, UI_STRING *uis)
+{
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui)) {
+ switch (UI_get_string_type(uis)) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password && password[0] != '\0')
+ return 1;
+ }
+ default:
+ break;
+ }
+ }
+ return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+}
+
+static int ui_close(UI *ui)
+{
+ return UI_method_get_closer(UI_OpenSSL())(ui);
+}
+
+int setup_ui_method(void)
+{
+ ui_method = UI_create_method("OpenSSL application user interface");
+ UI_method_set_opener(ui_method, ui_open);
+ UI_method_set_reader(ui_method, ui_read);
+ UI_method_set_writer(ui_method, ui_write);
+ UI_method_set_closer(ui_method, ui_close);
+ return 0;
+}
+
+void destroy_ui_method(void)
+{
+ if (ui_method) {
+ UI_destroy_method(ui_method);
+ ui_method = NULL;
+ }
+}
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
+{
+ UI *ui = NULL;
+ int res = 0;
+ const char *prompt_info = NULL;
+ const char *password = NULL;
+ PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
+
+ if (cb_data) {
+ if (cb_data->password)
+ password = cb_data->password;
+ if (cb_data->prompt_info)
+ prompt_info = cb_data->prompt_info;
+ }
+
+ if (password) {
+ res = strlen(password);
+ if (res > bufsiz)
+ res = bufsiz;
+ memcpy(buf, password, res);
+ return res;
+ }
+
+ ui = UI_new_method(ui_method);
+ if (ui) {
+ int ok = 0;
+ char *buff = NULL;
+ int ui_flags = 0;
+ char *prompt = NULL;
+
+ prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
+
+ ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+ UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+ if (ok >= 0)
+ ok = UI_add_input_string(ui, prompt, ui_flags, buf,
+ PW_MIN_LENGTH, bufsiz - 1);
+ if (ok >= 0 && verify) {
+ buff = (char *)OPENSSL_malloc(bufsiz);
+ ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
+ PW_MIN_LENGTH, bufsiz - 1, buf);
+ }
+ if (ok >= 0)
+ do {
+ ok = UI_process(ui);
+ }
+ while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+ if (buff) {
+ OPENSSL_cleanse(buff, (unsigned int)bufsiz);
+ OPENSSL_free(buff);
+ }
+
+ if (ok >= 0)
+ res = strlen(buf);
+ if (ok == -1) {
+ BIO_printf(bio_err, "User interface error\n");
+ ERR_print_errors(bio_err);
+ OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+ res = 0;
+ }
+ if (ok == -2) {
+ BIO_printf(bio_err, "aborted!\n");
+ OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+ res = 0;
+ }
+ UI_free(ui);
+ OPENSSL_free(prompt);
+ }
+ return res;
+}
+
+static char *app_get_pass(BIO *err, char *arg, int keepbio);
+
+int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
+{
+ int same;
+ if (!arg2 || !arg1 || strcmp(arg1, arg2))
+ same = 0;
+ else
+ same = 1;
+ if (arg1) {
+ *pass1 = app_get_pass(err, arg1, same);
+ if (!*pass1)
+ return 0;
+ } else if (pass1)
+ *pass1 = NULL;
+ if (arg2) {
+ *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
+ if (!*pass2)
+ return 0;
+ } else if (pass2)
+ *pass2 = NULL;
+ return 1;
+}
+
+static char *app_get_pass(BIO *err, char *arg, int keepbio)
+{
+ char *tmp, tpass[APP_PASS_LEN];
+ static BIO *pwdbio = NULL;
+ int i;
+ if (!strncmp(arg, "pass:", 5))
+ return BUF_strdup(arg + 5);
+ if (!strncmp(arg, "env:", 4)) {
+ tmp = getenv(arg + 4);
+ if (!tmp) {
+ BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
+ return NULL;
+ }
+ return BUF_strdup(tmp);
+ }
+ if (!keepbio || !pwdbio) {
+ if (!strncmp(arg, "file:", 5)) {
+ pwdbio = BIO_new_file(arg + 5, "r");
+ if (!pwdbio) {
+ BIO_printf(err, "Can't open file %s\n", arg + 5);
+ return NULL;
+ }
+ } else if (!strncmp(arg, "fd:", 3)) {
+ BIO *btmp;
+ i = atoi(arg + 3);
+ if (i >= 0)
+ pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
+ if ((i < 0) || !pwdbio) {
+ BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
+ return NULL;
+ }
+ /*
+ * Can't do BIO_gets on an fd BIO so add a buffering BIO
+ */
+ btmp = BIO_new(BIO_f_buffer());
+ pwdbio = BIO_push(btmp, pwdbio);
+ } else if (!strcmp(arg, "stdin")) {
+ pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ if (!pwdbio) {
+ BIO_printf(err, "Can't open BIO for stdin\n");
+ return NULL;
+ }
+ } else {
+ BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
+ return NULL;
+ }
+ }
+ i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
+ if (keepbio != 1) {
+ BIO_free_all(pwdbio);
+ pwdbio = NULL;
+ }
+ if (i <= 0) {
+ BIO_printf(err, "Error reading password from BIO\n");
+ return NULL;
+ }
+ tmp = strchr(tpass, '\n');
+ if (tmp)
+ *tmp = 0;
+ return BUF_strdup(tpass);
+}
+
+int add_oid_section(BIO *err, CONF *conf)
+{
+ char *p;
+ STACK_OF(CONF_VALUE) *sktmp;
+ CONF_VALUE *cnf;
+ int i;
+ if (!(p = NCONF_get_string(conf, NULL, "oid_section"))) {
+ ERR_clear_error();
+ return 1;
+ }
+ if (!(sktmp = NCONF_get_section(conf, p))) {
+ BIO_printf(err, "problem loading oid section %s\n", p);
+ return 0;
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+ cnf = sk_CONF_VALUE_value(sktmp, i);
+ if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+ BIO_printf(err, "problem creating object %s=%s\n",
+ cnf->name, cnf->value);
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static int load_pkcs12(BIO *err, BIO *in, const char *desc,
+ pem_password_cb *pem_cb, void *cb_data,
+ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+{
+ const char *pass;
+ char tpass[PEM_BUFSIZE];
+ int len, ret = 0;
+ PKCS12 *p12;
+ p12 = d2i_PKCS12_bio(in, NULL);
+ if (p12 == NULL) {
+ BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
+ goto die;
+ }
+ /* See if an empty password will do */
+ if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
+ pass = "";
+ else {
+ if (!pem_cb)
+ pem_cb = (pem_password_cb *)password_callback;
+ len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
+ if (len < 0) {
+ BIO_printf(err, "Passpharse callback error for %s\n", desc);
+ goto die;
+ }
+ if (len < PEM_BUFSIZE)
+ tpass[len] = 0;
+ if (!PKCS12_verify_mac(p12, tpass, len)) {
+ BIO_printf(err,
+ "Mac verify error (wrong password?) in PKCS12 file for %s\n",
+ desc);
+ goto die;
+ }
+ pass = tpass;
+ }
+ ret = PKCS12_parse(p12, pass, pkey, cert, ca);
+ die:
+ if (p12)
+ PKCS12_free(p12);
+ return ret;
+}
+
+X509 *load_cert(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip)
+{
+ ASN1_HEADER *ah = NULL;
+ BUF_MEM *buf = NULL;
+ X509 *x = NULL;
+ BIO *cert;
+
+ if ((cert = BIO_new(BIO_s_file())) == NULL) {
+ ERR_print_errors(err);
+ goto end;
+ }
+
+ if (file == NULL) {
+ setvbuf(stdin, NULL, _IONBF, 0);
+ BIO_set_fp(cert, stdin, BIO_NOCLOSE);
+ } else {
+ if (BIO_read_filename(cert, file) <= 0) {
+ BIO_printf(err, "Error opening %s %s\n", cert_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
+ }
+
+ if (format == FORMAT_ASN1)
+ x = d2i_X509_bio(cert, NULL);
+ else if (format == FORMAT_NETSCAPE) {
+ const unsigned char *p, *op;
+ int size = 0, i;
+
+ /*
+ * We sort of have to do it this way because it is sort of nice to
+ * read the header first and check it, then try to read the
+ * certificate
+ */
+ buf = BUF_MEM_new();
+ for (;;) {
+ if ((buf == NULL) || (!BUF_MEM_grow(buf, size + 1024 * 10)))
+ goto end;
+ i = BIO_read(cert, &(buf->data[size]), 1024 * 10);
+ size += i;
+ if (i == 0)
+ break;
+ if (i < 0) {
+ perror("reading certificate");
+ goto end;
+ }
+ }
+ p = (unsigned char *)buf->data;
+ op = p;
+
+ /* First load the header */
+ if ((ah = d2i_ASN1_HEADER(NULL, &p, (long)size)) == NULL)
+ goto end;
+ if ((ah->header == NULL) || (ah->header->data == NULL) ||
+ (strncmp(NETSCAPE_CERT_HDR, (char *)ah->header->data,
+ ah->header->length) != 0)) {
+ BIO_printf(err, "Error reading header on certificate\n");
+ goto end;
+ }
+ /* header is ok, so now read the object */
+ p = op;
+ ah->meth = X509_asn1_meth();
+ if ((ah = d2i_ASN1_HEADER(&ah, &p, (long)size)) == NULL)
+ goto end;
+ x = (X509 *)ah->data;
+ ah->data = NULL;
+ } else if (format == FORMAT_PEM)
+ x = PEM_read_bio_X509_AUX(cert, NULL,
+ (pem_password_cb *)password_callback, NULL);
+ else if (format == FORMAT_PKCS12) {
+ if (!load_pkcs12(err, cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
+ goto end;
+ } else {
+ BIO_printf(err, "bad input format specified for %s\n", cert_descrip);
+ goto end;
+ }
+ end:
+ if (x == NULL) {
+ BIO_printf(err, "unable to load certificate\n");
+ ERR_print_errors(err);
+ }
+ if (ah != NULL)
+ ASN1_HEADER_free(ah);
+ if (cert != NULL)
+ BIO_free(cert);
+ if (buf != NULL)
+ BUF_MEM_free(buf);
+ return (x);
+}
+
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip)
+{
+ BIO *key = NULL;
+ EVP_PKEY *pkey = NULL;
+ PW_CB_DATA cb_data;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
+ BIO_printf(err, "no keyfile specified\n");
+ goto end;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ if (format == FORMAT_ENGINE) {
+ if (!e)
+ BIO_printf(err, "no engine specified\n");
+ else {
+ pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+ if (!pkey) {
+ BIO_printf(err, "cannot load %s from engine\n", key_descrip);
+ ERR_print_errors(err);
+ }
+ }
+ goto end;
+ }
+#endif
+ key = BIO_new(BIO_s_file());
+ if (key == NULL) {
+ ERR_print_errors(err);
+ goto end;
+ }
+ if (file == NULL && maybe_stdin) {
+ setvbuf(stdin, NULL, _IONBF, 0);
+ BIO_set_fp(key, stdin, BIO_NOCLOSE);
+ } else if (BIO_read_filename(key, file) <= 0) {
+ BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
+ if (format == FORMAT_ASN1) {
+ pkey = d2i_PrivateKey_bio(key, NULL);
+ } else if (format == FORMAT_PEM) {
+ pkey = PEM_read_bio_PrivateKey(key, NULL,
+ (pem_password_cb *)password_callback,
+ &cb_data);
+ }
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+ else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+ pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
+ else if (format == FORMAT_PKCS12) {
+ if (!load_pkcs12(err, key, key_descrip,
+ (pem_password_cb *)password_callback, &cb_data,
+ &pkey, NULL, NULL))
+ goto end;
+ } else {
+ BIO_printf(err, "bad input format specified for key file\n");
+ goto end;
+ }
+ end:
+ if (key != NULL)
+ BIO_free(key);
+ if (pkey == NULL) {
+ BIO_printf(err, "unable to load %s\n", key_descrip);
+ ERR_print_errors(err);
+ }
+ return (pkey);
+}
+
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip)
+{
+ BIO *key = NULL;
+ EVP_PKEY *pkey = NULL;
+ PW_CB_DATA cb_data;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
+ BIO_printf(err, "no keyfile specified\n");
+ goto end;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ if (format == FORMAT_ENGINE) {
+ if (!e)
+ BIO_printf(bio_err, "no engine specified\n");
+ else
+ pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
+ goto end;
+ }
+#endif
+ key = BIO_new(BIO_s_file());
+ if (key == NULL) {
+ ERR_print_errors(err);
+ goto end;
+ }
+ if (file == NULL && maybe_stdin) {
+ setvbuf(stdin, NULL, _IONBF, 0);
+ BIO_set_fp(key, stdin, BIO_NOCLOSE);
+ } else if (BIO_read_filename(key, file) <= 0) {
+ BIO_printf(err, "Error opening %s %s\n", key_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
+ if (format == FORMAT_ASN1) {
+ pkey = d2i_PUBKEY_bio(key, NULL);
+ } else if (format == FORMAT_PEM) {
+ pkey = PEM_read_bio_PUBKEY(key, NULL,
+ (pem_password_cb *)password_callback,
+ &cb_data);
+ }
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+ else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+ pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
+ else {
+ BIO_printf(err, "bad input format specified for key file\n");
+ goto end;
+ }
+ end:
+ if (key != NULL)
+ BIO_free(key);
+ if (pkey == NULL)
+ BIO_printf(err, "unable to load %s\n", key_descrip);
+ return (pkey);
+}
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+static EVP_PKEY *load_netscape_key(BIO *err, BIO *key, const char *file,
+ const char *key_descrip, int format)
+{
+ EVP_PKEY *pkey;
+ BUF_MEM *buf;
+ RSA *rsa;
+ const unsigned char *p;
+ int size, i;
+
+ buf = BUF_MEM_new();
+ pkey = EVP_PKEY_new();
+ size = 0;
+ if (buf == NULL || pkey == NULL)
+ goto error;
+ for (;;) {
+ if (!BUF_MEM_grow_clean(buf, size + 1024 * 10))
+ goto error;
+ i = BIO_read(key, &(buf->data[size]), 1024 * 10);
+ size += i;
+ if (i == 0)
+ break;
+ if (i < 0) {
+ BIO_printf(err, "Error reading %s %s", key_descrip, file);
+ goto error;
+ }
+ }
+ p = (unsigned char *)buf->data;
+ rsa = d2i_RSA_NET(NULL, &p, (long)size, NULL,
+ (format == FORMAT_IISSGC ? 1 : 0));
+ if (rsa == NULL)
+ goto error;
+ BUF_MEM_free(buf);
+ EVP_PKEY_set1_RSA(pkey, rsa);
+ return pkey;
+ error:
+ BUF_MEM_free(buf);
+ EVP_PKEY_free(pkey);
+ return NULL;
+}
+#endif /* ndef OPENSSL_NO_RC4 */
+
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e,
+ const char *cert_descrip)
+{
+ BIO *certs;
+ int i;
+ STACK_OF(X509) *othercerts = NULL;
+ STACK_OF(X509_INFO) *allcerts = NULL;
+ X509_INFO *xi;
+ PW_CB_DATA cb_data;
+
+ cb_data.password = pass;
+ cb_data.prompt_info = file;
+
+ if ((certs = BIO_new(BIO_s_file())) == NULL) {
+ ERR_print_errors(err);
+ goto end;
+ }
+
+ if (file == NULL)
+ BIO_set_fp(certs, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(certs, file) <= 0) {
+ BIO_printf(err, "Error opening %s %s\n", cert_descrip, file);
+ ERR_print_errors(err);
+ goto end;
+ }
+ }
+
+ if (format == FORMAT_PEM) {
+ othercerts = sk_X509_new_null();
+ if (!othercerts) {
+ sk_X509_free(othercerts);
+ othercerts = NULL;
+ goto end;
+ }
+ allcerts = PEM_X509_INFO_read_bio(certs, NULL, (pem_password_cb *)
+ password_callback, &cb_data);
+ for (i = 0; i < sk_X509_INFO_num(allcerts); i++) {
+ xi = sk_X509_INFO_value(allcerts, i);
+ if (xi->x509) {
+ sk_X509_push(othercerts, xi->x509);
+ xi->x509 = NULL;
+ }
+ }
+ goto end;
+ } else {
+ BIO_printf(err, "bad input format specified for %s\n", cert_descrip);
+ goto end;
+ }
+ end:
+ if (othercerts == NULL) {
+ BIO_printf(err, "unable to load certificates\n");
+ ERR_print_errors(err);
+ }
+ if (allcerts)
+ sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+ if (certs != NULL)
+ BIO_free(certs);
+ return (othercerts);
+}
+
+#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT 0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
+
+#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
+ X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
+
+int set_cert_ex(unsigned long *flags, const char *arg)
+{
+ static const NAME_EX_TBL cert_tbl[] = {
+ {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
+ {"ca_default", X509_FLAG_CA, 0xffffffffl},
+ {"no_header", X509_FLAG_NO_HEADER, 0},
+ {"no_version", X509_FLAG_NO_VERSION, 0},
+ {"no_serial", X509_FLAG_NO_SERIAL, 0},
+ {"no_signame", X509_FLAG_NO_SIGNAME, 0},
+ {"no_validity", X509_FLAG_NO_VALIDITY, 0},
+ {"no_subject", X509_FLAG_NO_SUBJECT, 0},
+ {"no_issuer", X509_FLAG_NO_ISSUER, 0},
+ {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+ {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+ {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+ {"no_aux", X509_FLAG_NO_AUX, 0},
+ {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
+ {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+ {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+ {NULL, 0, 0}
+ };
+ return set_multi_opts(flags, arg, cert_tbl);
+}
+
+int set_name_ex(unsigned long *flags, const char *arg)
+{
+ static const NAME_EX_TBL ex_tbl[] = {
+ {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+ {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
+ {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
+ {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
+ {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
+ {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
+ {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
+ {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
+ {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
+ {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
+ {"compat", XN_FLAG_COMPAT, 0xffffffffL},
+ {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
+ {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
+ {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
+ {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
+ {"dn_rev", XN_FLAG_DN_REV, 0},
+ {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
+ {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
+ {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+ {"align", XN_FLAG_FN_ALIGN, 0},
+ {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
+ {"space_eq", XN_FLAG_SPC_EQ, 0},
+ {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
+ {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
+ {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
+ {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+ {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
+ {NULL, 0, 0}
+ };
+ return set_multi_opts(flags, arg, ex_tbl);
+}
+
+int set_ext_copy(int *copy_type, const char *arg)
+{
+ if (!strcasecmp(arg, "none"))
+ *copy_type = EXT_COPY_NONE;
+ else if (!strcasecmp(arg, "copy"))
+ *copy_type = EXT_COPY_ADD;
+ else if (!strcasecmp(arg, "copyall"))
+ *copy_type = EXT_COPY_ALL;
+ else
+ return 0;
+ return 1;
+}
+
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
+{
+ STACK_OF(X509_EXTENSION) *exts = NULL;
+ X509_EXTENSION *ext, *tmpext;
+ ASN1_OBJECT *obj;
+ int i, idx, ret = 0;
+ if (!x || !req || (copy_type == EXT_COPY_NONE))
+ return 1;
+ exts = X509_REQ_get_extensions(req);
+
+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+ ext = sk_X509_EXTENSION_value(exts, i);
+ obj = X509_EXTENSION_get_object(ext);
+ idx = X509_get_ext_by_OBJ(x, obj, -1);
+ /* Does extension exist? */
+ if (idx != -1) {
+ /* If normal copy don't override existing extension */
+ if (copy_type == EXT_COPY_ADD)
+ continue;
+ /* Delete all extensions of same type */
+ do {
+ tmpext = X509_get_ext(x, idx);
+ X509_delete_ext(x, idx);
+ X509_EXTENSION_free(tmpext);
+ idx = X509_get_ext_by_OBJ(x, obj, -1);
+ } while (idx != -1);
+ }
+ if (!X509_add_ext(x, ext, -1))
+ goto end;
+ }
+
+ ret = 1;
+
+ end:
+
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+ return ret;
+}
+
+static int set_multi_opts(unsigned long *flags, const char *arg,
+ const NAME_EX_TBL * in_tbl)
+{
+ STACK_OF(CONF_VALUE) *vals;
+ CONF_VALUE *val;
+ int i, ret = 1;
+ if (!arg)
+ return 0;
+ vals = X509V3_parse_list(arg);
+ for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+ val = sk_CONF_VALUE_value(vals, i);
+ if (!set_table_opts(flags, val->name, in_tbl))
+ ret = 0;
+ }
+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+ return ret;
+}
+
+static int set_table_opts(unsigned long *flags, const char *arg,
+ const NAME_EX_TBL * in_tbl)
+{
+ char c;
+ const NAME_EX_TBL *ptbl;
+ c = arg[0];
+
+ if (c == '-') {
+ c = 0;
+ arg++;
+ } else if (c == '+') {
+ c = 1;
+ arg++;
+ } else
+ c = 1;
+
+ for (ptbl = in_tbl; ptbl->name; ptbl++) {
+ if (!strcasecmp(arg, ptbl->name)) {
+ *flags &= ~ptbl->mask;
+ if (c)
+ *flags |= ptbl->flag;
+ else
+ *flags &= ~ptbl->flag;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+void print_name(BIO *out, const char *title, X509_NAME *nm,
+ unsigned long lflags)
+{
+ char *buf;
+ char mline = 0;
+ int indent = 0;
+
+ if (title)
+ BIO_puts(out, title);
+ if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+ mline = 1;
+ indent = 4;
+ }
+ if (lflags == XN_FLAG_COMPAT) {
+ buf = X509_NAME_oneline(nm, 0, 0);
+ BIO_puts(out, buf);
+ BIO_puts(out, "\n");
+ OPENSSL_free(buf);
+ } else {
+ if (mline)
+ BIO_puts(out, "\n");
+ X509_NAME_print_ex(out, nm, indent, lflags);
+ BIO_puts(out, "\n");
+ }
+}
+
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
+{
+ X509_STORE *store;
+ X509_LOOKUP *lookup;
+ if (!(store = X509_STORE_new()))
+ goto end;
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+ if (lookup == NULL)
+ goto end;
+ if (CAfile) {
+ if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
+ BIO_printf(bp, "Error loading file %s\n", CAfile);
+ goto end;
+ }
+ } else
+ X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
+ goto end;
+ if (CApath) {
+ if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
+ BIO_printf(bp, "Error loading directory %s\n", CApath);
+ goto end;
+ }
+ } else
+ X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+ ERR_clear_error();
+ return store;
+ end:
+ X509_STORE_free(store);
+ return NULL;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+/* Try to load an engine in a shareable library */
+static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
+{
+ ENGINE *e = ENGINE_by_id("dynamic");
+ if (e) {
+ if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
+ || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
+ ENGINE_free(e);
+ e = NULL;
+ }
+ }
+ return e;
+}
+
+ENGINE *setup_engine(BIO *err, const char *engine, int debug)
+{
+ ENGINE *e = NULL;
+
+ if (engine) {
+ if (strcmp(engine, "auto") == 0) {
+ BIO_printf(err, "enabling auto ENGINE support\n");
+ ENGINE_register_all_complete();
+ return NULL;
+ }
+ if ((e = ENGINE_by_id(engine)) == NULL
+ && (e = try_load_engine(err, engine, debug)) == NULL) {
+ BIO_printf(err, "invalid engine \"%s\"\n", engine);
+ ERR_print_errors(err);
+ return NULL;
+ }
+ if (debug) {
+ ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, err, 0);
+ }
+ ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+ if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+ BIO_printf(err, "can't use that engine\n");
+ ERR_print_errors(err);
+ ENGINE_free(e);
+ return NULL;
+ }
+
+ BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
+
+ /* Free our "structural" reference. */
+ ENGINE_free(e);
+ }
+ return e;
+}
+#endif
+
+int load_config(BIO *err, CONF *cnf)
+{
+ if (!cnf)
+ cnf = config;
+ if (!cnf)
+ return 1;
+
+ OPENSSL_load_builtin_modules();
+
+ if (CONF_modules_load(cnf, NULL, 0) <= 0) {
+ BIO_printf(err, "Error configuring OpenSSL\n");
+ ERR_print_errors(err);
+ return 0;
+ }
+ return 1;
+}
+
+char *make_config_name()
+{
+ const char *t = X509_get_default_cert_area();
+ size_t len;
+ char *p;
+
+ len = strlen(t) + strlen(OPENSSL_CONF) + 2;
+ p = OPENSSL_malloc(len);
+ if (p == NULL)
+ return NULL;
+ BUF_strlcpy(p, t, len);
+#ifndef OPENSSL_SYS_VMS
+ BUF_strlcat(p, "/", len);
+#endif
+ BUF_strlcat(p, OPENSSL_CONF, len);
+
+ return p;
+}
+
+static unsigned long index_serial_hash(const char **a)
+{
+ const char *n;
+
+ n = a[DB_serial];
+ while (*n == '0')
+ n++;
+ return (lh_strhash(n));
+}
+
+static int index_serial_cmp(const char **a, const char **b)
+{
+ const char *aa, *bb;
+
+ for (aa = a[DB_serial]; *aa == '0'; aa++) ;
+ for (bb = b[DB_serial]; *bb == '0'; bb++) ;
+ return (strcmp(aa, bb));
+}
+
+static int index_name_qual(char **a)
+{
+ return (a[0][0] == 'V');
+}
+
+static unsigned long index_name_hash(const char **a)
+{
+ return (lh_strhash(a[DB_name]));
+}
+
+int index_name_cmp(const char **a, const char **b)
+{
+ return (strcmp(a[DB_name], b[DB_name]));
+}
+
+static IMPLEMENT_LHASH_HASH_FN(index_serial_hash, const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp, const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_name_hash, const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_name_cmp, const char **)
+#undef BSIZE
+#define BSIZE 256
+BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
+{
+ BIO *in = NULL;
+ BIGNUM *ret = NULL;
+ MS_STATIC char buf[1024];
+ ASN1_INTEGER *ai = NULL;
+
+ ai = ASN1_INTEGER_new();
+ if (ai == NULL)
+ goto err;
+
+ if ((in = BIO_new(BIO_s_file())) == NULL) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ if (BIO_read_filename(in, serialfile) <= 0) {
+ if (!create) {
+ perror(serialfile);
+ goto err;
+ } else {
+ ret = BN_new();
+ if (ret == NULL || !rand_serial(ret, ai))
+ BIO_printf(bio_err, "Out of memory\n");
+ }
+ } else {
+ if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
+ BIO_printf(bio_err, "unable to load number from %s\n",
+ serialfile);
+ goto err;
+ }
+ ret = ASN1_INTEGER_to_BN(ai, NULL);
+ if (ret == NULL) {
+ BIO_printf(bio_err,
+ "error converting number from bin to BIGNUM\n");
+ goto err;
+ }
+ }
+
+ if (ret && retai) {
+ *retai = ai;
+ ai = NULL;
+ }
+ err:
+ if (in != NULL)
+ BIO_free(in);
+ if (ai != NULL)
+ ASN1_INTEGER_free(ai);
+ return (ret);
+}
+
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
+ ASN1_INTEGER **retai)
+{
+ char buf[1][BSIZE];
+ BIO *out = NULL;
+ int ret = 0;
+ ASN1_INTEGER *ai = NULL;
+ int j;
+
+ if (suffix == NULL)
+ j = strlen(serialfile);
+ else
+ j = strlen(serialfile) + strlen(suffix) + 1;
+ if (j >= BSIZE) {
+ BIO_printf(bio_err, "file name too long\n");
+ goto err;
+ }
+
+ if (suffix == NULL)
+ BUF_strlcpy(buf[0], serialfile, BSIZE);
+ else {
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
+#endif
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
+#endif
+ out = BIO_new(BIO_s_file());
+ if (out == NULL) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (BIO_write_filename(out, buf[0]) <= 0) {
+ perror(serialfile);
+ goto err;
+ }
+
+ if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
+ BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
+ goto err;
+ }
+ i2a_ASN1_INTEGER(out, ai);
+ BIO_puts(out, "\n");
+ ret = 1;
+ if (retai) {
+ *retai = ai;
+ ai = NULL;
+ }
+ err:
+ if (out != NULL)
+ BIO_free_all(out);
+ if (ai != NULL)
+ ASN1_INTEGER_free(ai);
+ return (ret);
+}
+
+int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
+{
+ char buf[5][BSIZE];
+ int i, j;
+ struct stat sb;
+
+ i = strlen(serialfile) + strlen(old_suffix);
+ j = strlen(serialfile) + strlen(new_suffix);
+ if (i > j)
+ j = i;
+ if (j + 1 >= BSIZE) {
+ BIO_printf(bio_err, "file name too long\n");
+ goto err;
+ }
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, new_suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", serialfile, old_suffix);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", serialfile, old_suffix);
+#endif
+ if (stat(serialfile, &sb) < 0) {
+ if (errno != ENOENT
+#ifdef ENOTDIR
+ && errno != ENOTDIR
+#endif
+ )
+ goto err;
+ } else {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ serialfile, buf[1]);
+#endif
+ if (rename(serialfile, buf[1]) < 0) {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n", serialfile, buf[1]);
+ perror("reason");
+ goto err;
+ }
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[0], serialfile);
+#endif
+ if (rename(buf[0], serialfile) < 0) {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n", buf[0], serialfile);
+ perror("reason");
+ rename(buf[1], serialfile);
+ goto err;
+ }
+ return 1;
+ err:
+ return 0;
+}
+
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
+{
+ BIGNUM *btmp;
+ int ret = 0;
+ if (b)
+ btmp = b;
+ else
+ btmp = BN_new();
+
+ if (!btmp)
+ return 0;
+
+ if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+ goto error;
+ if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
+ goto error;
+
+ ret = 1;
+
+ error:
+
+ if (!b)
+ BN_free(btmp);
+
+ return ret;
+}
+
+CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
+{
+ CA_DB *retdb = NULL;
+ TXT_DB *tmpdb = NULL;
+ BIO *in = BIO_new(BIO_s_file());
+ CONF *dbattr_conf = NULL;
+ char buf[1][BSIZE];
+ long errorline = -1;
+
+ if (in == NULL) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (BIO_read_filename(in, dbfile) <= 0) {
+ perror(dbfile);
+ BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
+ goto err;
+ }
+ if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL) {
+ if (tmpdb != NULL)
+ TXT_DB_free(tmpdb);
+ goto err;
+ }
+#ifndef OPENSSL_SYS_VMS
+ BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
+#else
+ BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
+#endif
+ dbattr_conf = NCONF_new(NULL);
+ if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
+ if (errorline > 0) {
+ BIO_printf(bio_err,
+ "error on line %ld of db attribute file '%s'\n",
+ errorline, buf[0]);
+ goto err;
+ } else {
+ NCONF_free(dbattr_conf);
+ dbattr_conf = NULL;
+ }
+ }
+
+ if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL) {
+ fprintf(stderr, "Out of memory\n");
+ goto err;
+ }
+
+ retdb->db = tmpdb;
+ tmpdb = NULL;
+ if (db_attr)
+ retdb->attributes = *db_attr;
+ else {
+ retdb->attributes.unique_subject = 1;
+ }
+
+ if (dbattr_conf) {
+ char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
+ if (p) {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err,
+ "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
+#endif
+ retdb->attributes.unique_subject = parse_yesno(p, 1);
+ }
+ }
+
+ err:
+ if (dbattr_conf)
+ NCONF_free(dbattr_conf);
+ if (tmpdb)
+ TXT_DB_free(tmpdb);
+ if (in)
+ BIO_free_all(in);
+ return retdb;
+}
+
+int index_index(CA_DB *db)
+{
+ if (!TXT_DB_create_index(db->db, DB_serial, NULL,
+ LHASH_HASH_FN(index_serial_hash),
+ LHASH_COMP_FN(index_serial_cmp))) {
+ BIO_printf(bio_err,
+ "error creating serial number index:(%ld,%ld,%ld)\n",
+ db->db->error, db->db->arg1, db->db->arg2);
+ return 0;
+ }
+
+ if (db->attributes.unique_subject
+ && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
+ LHASH_HASH_FN(index_name_hash),
+ LHASH_COMP_FN(index_name_cmp))) {
+ BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n",
+ db->db->error, db->db->arg1, db->db->arg2);
+ return 0;
+ }
+ return 1;
+}
+
+int save_index(const char *dbfile, const char *suffix, CA_DB *db)
+{
+ char buf[3][BSIZE];
+ BIO *out = BIO_new(BIO_s_file());
+ int j;
+
+ if (out == NULL) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ j = strlen(dbfile) + strlen(suffix);
+ if (j + 6 >= BSIZE) {
+ BIO_printf(bio_err, "file name too long\n");
+ goto err;
+ }
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
+#else
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
+#endif
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
+#endif
+ if (BIO_write_filename(out, buf[0]) <= 0) {
+ perror(dbfile);
+ BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
+ goto err;
+ }
+ j = TXT_DB_write(out, db->db);
+ if (j <= 0)
+ goto err;
+
+ BIO_free(out);
+
+ out = BIO_new(BIO_s_file());
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
+#endif
+ if (BIO_write_filename(out, buf[1]) <= 0) {
+ perror(buf[2]);
+ BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
+ goto err;
+ }
+ BIO_printf(out, "unique_subject = %s\n",
+ db->attributes.unique_subject ? "yes" : "no");
+ BIO_free(out);
+
+ return 1;
+ err:
+ return 0;
+}
+
+int rotate_index(const char *dbfile, const char *new_suffix,
+ const char *old_suffix)
+{
+ char buf[5][BSIZE];
+ int i, j;
+ struct stat sb;
+
+ i = strlen(dbfile) + strlen(old_suffix);
+ j = strlen(dbfile) + strlen(new_suffix);
+ if (i > j)
+ j = i;
+ if (j + 6 >= BSIZE) {
+ BIO_printf(bio_err, "file name too long\n");
+ goto err;
+ }
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
+#else
+ j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s", dbfile, new_suffix);
+#else
+ j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s", dbfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, new_suffix);
+#else
+ j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, new_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s", dbfile, old_suffix);
+#else
+ j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s", dbfile, old_suffix);
+#endif
+#ifndef OPENSSL_SYS_VMS
+ j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s", dbfile, old_suffix);
+#else
+ j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s", dbfile, old_suffix);
+#endif
+ if (stat(dbfile, &sb) < 0) {
+ if (errno != ENOENT
+#ifdef ENOTDIR
+ && errno != ENOTDIR
+#endif
+ )
+ goto err;
+ } else {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ dbfile, buf[1]);
+#endif
+ if (rename(dbfile, buf[1]) < 0) {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n", dbfile, buf[1]);
+ perror("reason");
+ goto err;
+ }
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[0], dbfile);
+#endif
+ if (rename(buf[0], dbfile) < 0) {
+ BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
+ perror("reason");
+ rename(buf[1], dbfile);
+ goto err;
+ }
+ if (stat(buf[4], &sb) < 0) {
+ if (errno != ENOENT
+#ifdef ENOTDIR
+ && errno != ENOTDIR
+#endif
+ )
+ goto err;
+ } else {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
+ buf[4], buf[3]);
+#endif
+ if (rename(buf[4], buf[3]) < 0) {
+ BIO_printf(bio_err,
+ "unable to rename %s to %s\n", buf[4], buf[3]);
+ perror("reason");
+ rename(dbfile, buf[0]);
+ rename(buf[1], dbfile);
+ goto err;
+ }
+ }
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n", buf[2], buf[4]);
+#endif
+ if (rename(buf[2], buf[4]) < 0) {
+ BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
+ perror("reason");
+ rename(buf[3], buf[4]);
+ rename(dbfile, buf[0]);
+ rename(buf[1], dbfile);
+ goto err;
+ }
+ return 1;
+ err:
+ return 0;
+}
+
+void free_index(CA_DB *db)
+{
+ if (db) {
+ if (db->db)
+ TXT_DB_free(db->db);
+ OPENSSL_free(db);
+ }
+}
+
+int parse_yesno(const char *str, int def)
+{
+ int ret = def;
+ if (str) {
+ switch (*str) {
+ case 'f': /* false */
+ case 'F': /* FALSE */
+ case 'n': /* no */
+ case 'N': /* NO */
+ case '0': /* 0 */
+ ret = 0;
+ break;
+ case 't': /* true */
+ case 'T': /* TRUE */
+ case 'y': /* yes */
+ case 'Y': /* YES */
+ case '1': /* 1 */
+ ret = 1;
+ break;
+ default:
+ ret = def;
+ break;
+ }
+ }
+ return ret;
+}
+
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+X509_NAME *parse_name(char *subject, long chtype, int multirdn)
+{
+ size_t buflen = strlen(subject) + 1; /* to copy the types and values
+ * into. due to escaping, the copy
+ * can only become shorter */
+ char *buf = OPENSSL_malloc(buflen);
+ size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
+ char **ne_types = OPENSSL_malloc(max_ne * sizeof(char *));
+ char **ne_values = OPENSSL_malloc(max_ne * sizeof(char *));
+ int *mval = OPENSSL_malloc(max_ne * sizeof(int));
+
+ char *sp = subject, *bp = buf;
+ int i, ne_num = 0;
+
+ X509_NAME *n = NULL;
+ int nid;
+
+ if (!buf || !ne_types || !ne_values || !mval) {
+ BIO_printf(bio_err, "malloc error\n");
+ goto error;
+ }
+
+ if (*subject != '/') {
+ BIO_printf(bio_err, "Subject does not start with '/'.\n");
+ goto error;
+ }
+ sp++; /* skip leading / */
+
+ /* no multivalued RDN by default */
+ mval[ne_num] = 0;
+
+ while (*sp) {
+ /* collect type */
+ ne_types[ne_num] = bp;
+ while (*sp) {
+ if (*sp == '\\') { /* is there anything to escape in the
+ * type...? */
+ if (*++sp)
+ *bp++ = *sp++;
+ else {
+ BIO_printf(bio_err,
+ "escape character at end of string\n");
+ goto error;
+ }
+ } else if (*sp == '=') {
+ sp++;
+ *bp++ = '\0';
+ break;
+ } else
+ *bp++ = *sp++;
+ }
+ if (!*sp) {
+ BIO_printf(bio_err,
+ "end of string encountered while processing type of subject name element #%d\n",
+ ne_num);
+ goto error;
+ }
+ ne_values[ne_num] = bp;
+ while (*sp) {
+ if (*sp == '\\') {
+ if (*++sp)
+ *bp++ = *sp++;
+ else {
+ BIO_printf(bio_err,
+ "escape character at end of string\n");
+ goto error;
+ }
+ } else if (*sp == '/') {
+ sp++;
+ /* no multivalued RDN by default */
+ mval[ne_num + 1] = 0;
+ break;
+ } else if (*sp == '+' && multirdn) {
+ /*
+ * a not escaped + signals a mutlivalued RDN
+ */
+ sp++;
+ mval[ne_num + 1] = -1;
+ break;
+ } else
+ *bp++ = *sp++;
+ }
+ *bp++ = '\0';
+ ne_num++;
+ }
+
+ if (!(n = X509_NAME_new()))
+ goto error;
+
+ for (i = 0; i < ne_num; i++) {
+ if ((nid = OBJ_txt2nid(ne_types[i])) == NID_undef) {
+ BIO_printf(bio_err,
+ "Subject Attribute %s has no known NID, skipped\n",
+ ne_types[i]);
+ continue;
+ }
+
+ if (!*ne_values[i]) {
+ BIO_printf(bio_err,
+ "No value provided for Subject Attribute %s, skipped\n",
+ ne_types[i]);
+ continue;
+ }
+
+ if (!X509_NAME_add_entry_by_NID
+ (n, nid, chtype, (unsigned char *)ne_values[i], -1, -1, mval[i]))
+ goto error;
+ }
+
+ OPENSSL_free(ne_values);
+ OPENSSL_free(ne_types);
+ OPENSSL_free(buf);
+ OPENSSL_free(mval);
+ return n;
+
+ error:
+ X509_NAME_free(n);
+ if (ne_values)
+ OPENSSL_free(ne_values);
+ if (ne_types)
+ OPENSSL_free(ne_types);
+ if (mval)
+ OPENSSL_free(mval);
+ if (buf)
+ OPENSSL_free(buf);
+ return NULL;
+}
+
+/* This code MUST COME AFTER anything that uses rename() */
+#ifdef OPENSSL_SYS_WIN32
+int WIN32_rename(const char *from, const char *to)
+{
+# ifndef OPENSSL_SYS_WINCE
+ /*
+ * Windows rename gives an error if 'to' exists, so delete it first and
+ * ignore file not found errror
+ */
+ if ((remove(to) != 0) && (errno != ENOENT))
+ return -1;
+# undef rename
+ return rename(from, to);
+# else
+ /* convert strings to UNICODE */
+ {
+ BOOL result = FALSE;
+ WCHAR *wfrom;
+ WCHAR *wto;
+ int i;
+ wfrom = malloc((strlen(from) + 1) * 2);
+ wto = malloc((strlen(to) + 1) * 2);
+ if (wfrom != NULL && wto != NULL) {
+ for (i = 0; i < (int)strlen(from) + 1; i++)
+ wfrom[i] = (short)from[i];
+ for (i = 0; i < (int)strlen(to) + 1; i++)
+ wto[i] = (short)to[i];
+ result = MoveFile(wfrom, wto);
+ }
+ if (wfrom != NULL)
+ free(wfrom);
+ if (wto != NULL)
+ free(wto);
+ return result;
+ }
+# endif
+}
+#endif
+
+int args_verify(char ***pargs, int *pargc,
+ int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
+{
+ ASN1_OBJECT *otmp = NULL;
+ unsigned long flags = 0;
+ int i;
+ int purpose = 0;
+ char **oldargs = *pargs;
+ char *arg = **pargs, *argn = (*pargs)[1];
+ if (!strcmp(arg, "-policy")) {
+ if (!argn)
+ *badarg = 1;
+ else {
+ otmp = OBJ_txt2obj(argn, 0);
+ if (!otmp) {
+ BIO_printf(err, "Invalid Policy \"%s\"\n", argn);
+ *badarg = 1;
+ }
+ }
+ (*pargs)++;
+ } else if (strcmp(arg, "-purpose") == 0) {
+ X509_PURPOSE *xptmp;
+ if (!argn)
+ *badarg = 1;
+ else {
+ i = X509_PURPOSE_get_by_sname(argn);
+ if (i < 0) {
+ BIO_printf(err, "unrecognized purpose\n");
+ *badarg = 1;
+ } else {
+ xptmp = X509_PURPOSE_get0(i);
+ purpose = X509_PURPOSE_get_id(xptmp);
+ }
+ }
+ (*pargs)++;
+ } else if (!strcmp(arg, "-ignore_critical"))
+ flags |= X509_V_FLAG_IGNORE_CRITICAL;
+ else if (!strcmp(arg, "-issuer_checks"))
+ flags |= X509_V_FLAG_CB_ISSUER_CHECK;
+ else if (!strcmp(arg, "-crl_check"))
+ flags |= X509_V_FLAG_CRL_CHECK;
+ else if (!strcmp(arg, "-crl_check_all"))
+ flags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
+ else if (!strcmp(arg, "-policy_check"))
+ flags |= X509_V_FLAG_POLICY_CHECK;
+ else if (!strcmp(arg, "-explicit_policy"))
+ flags |= X509_V_FLAG_EXPLICIT_POLICY;
+ else if (!strcmp(arg, "-x509_strict"))
+ flags |= X509_V_FLAG_X509_STRICT;
+ else if (!strcmp(arg, "-policy_print"))
+ flags |= X509_V_FLAG_NOTIFY_POLICY;
+ else if (!strcmp(arg, "-check_ss_sig"))
+ flags |= X509_V_FLAG_CHECK_SS_SIGNATURE;
+ else
+ return 0;
+
+ if (*badarg) {
+ if (*pm)
+ X509_VERIFY_PARAM_free(*pm);
+ *pm = NULL;
+ goto end;
+ }
+
+ if (!*pm && !(*pm = X509_VERIFY_PARAM_new())) {
+ *badarg = 1;
+ goto end;
+ }
+
+ if (otmp)
+ X509_VERIFY_PARAM_add0_policy(*pm, otmp);
+ if (flags)
+ X509_VERIFY_PARAM_set_flags(*pm, flags);
+
+ if (purpose)
+ X509_VERIFY_PARAM_set_purpose(*pm, purpose);
+
+ end:
+
+ (*pargs)++;
+
+ if (pargc)
+ *pargc -= *pargs - oldargs;
+
+ return 1;
+
+}
+
+static void nodes_print(BIO *out, const char *name,
+ STACK_OF(X509_POLICY_NODE) *nodes)
+{
+ X509_POLICY_NODE *node;
+ int i;
+ BIO_printf(out, "%s Policies:", name);
+ if (nodes) {
+ BIO_puts(out, "\n");
+ for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) {
+ node = sk_X509_POLICY_NODE_value(nodes, i);
+ X509_POLICY_NODE_print(out, node, 2);
+ }
+ } else
+ BIO_puts(out, " <empty>\n");
+}
+
+void policies_print(BIO *out, X509_STORE_CTX *ctx)
+{
+ X509_POLICY_TREE *tree;
+ int explicit_policy;
+ int free_out = 0;
+ if (out == NULL) {
+ out = BIO_new_fp(stderr, BIO_NOCLOSE);
+ free_out = 1;
+ }
+ tree = X509_STORE_CTX_get0_policy_tree(ctx);
+ explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
+
+ BIO_printf(out, "Require explicit Policy: %s\n",
+ explicit_policy ? "True" : "False");
+
+ nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
+ nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
+ if (free_out)
+ BIO_free(out);
+}
+
+#ifndef OPENSSL_NO_JPAKE
+
+static JPAKE_CTX *jpake_init(const char *us, const char *them,
+ const char *secret)
+{
+ BIGNUM *p = NULL;
+ BIGNUM *g = NULL;
+ BIGNUM *q = NULL;
+ BIGNUM *bnsecret = BN_new();
+ JPAKE_CTX *ctx;
+
+ /* Use a safe prime for p (that we found earlier) */
+ BN_hex2bn(&p,
+ "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
+ g = BN_new();
+ BN_set_word(g, 2);
+ q = BN_new();
+ BN_rshift1(q, p);
+
+ BN_bin2bn((const unsigned char *)secret, strlen(secret), bnsecret);
+
+ ctx = JPAKE_CTX_new(us, them, p, g, q, bnsecret);
+ BN_free(bnsecret);
+ BN_free(q);
+ BN_free(g);
+ BN_free(p);
+
+ return ctx;
+}
+
+static void jpake_send_part(BIO *conn, const JPAKE_STEP_PART *p)
+{
+ BN_print(conn, p->gx);
+ BIO_puts(conn, "\n");
+ BN_print(conn, p->zkpx.gr);
+ BIO_puts(conn, "\n");
+ BN_print(conn, p->zkpx.b);
+ BIO_puts(conn, "\n");
+}
+
+static void jpake_send_step1(BIO *bconn, JPAKE_CTX *ctx)
+{
+ JPAKE_STEP1 s1;
+
+ JPAKE_STEP1_init(&s1);
+ JPAKE_STEP1_generate(&s1, ctx);
+ jpake_send_part(bconn, &s1.p1);
+ jpake_send_part(bconn, &s1.p2);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP1_release(&s1);
+}
+
+static void jpake_send_step2(BIO *bconn, JPAKE_CTX *ctx)
+{
+ JPAKE_STEP2 s2;
+
+ JPAKE_STEP2_init(&s2);
+ JPAKE_STEP2_generate(&s2, ctx);
+ jpake_send_part(bconn, &s2);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP2_release(&s2);
+}
+
+static void jpake_send_step3a(BIO *bconn, JPAKE_CTX *ctx)
+{
+ JPAKE_STEP3A s3a;
+
+ JPAKE_STEP3A_init(&s3a);
+ JPAKE_STEP3A_generate(&s3a, ctx);
+ BIO_write(bconn, s3a.hhk, sizeof s3a.hhk);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP3A_release(&s3a);
+}
+
+static void jpake_send_step3b(BIO *bconn, JPAKE_CTX *ctx)
+{
+ JPAKE_STEP3B s3b;
+
+ JPAKE_STEP3B_init(&s3b);
+ JPAKE_STEP3B_generate(&s3b, ctx);
+ BIO_write(bconn, s3b.hk, sizeof s3b.hk);
+ (void)BIO_flush(bconn);
+ JPAKE_STEP3B_release(&s3b);
+}
+
+static void readbn(BIGNUM **bn, BIO *bconn)
+{
+ char buf[10240];
+ int l;
+
+ l = BIO_gets(bconn, buf, sizeof buf);
+ assert(l > 0);
+ assert(buf[l - 1] == '\n');
+ buf[l - 1] = '\0';
+ BN_hex2bn(bn, buf);
+}
+
+static void jpake_receive_part(JPAKE_STEP_PART *p, BIO *bconn)
+{
+ readbn(&p->gx, bconn);
+ readbn(&p->zkpx.gr, bconn);
+ readbn(&p->zkpx.b, bconn);
+}
+
+static void jpake_receive_step1(JPAKE_CTX *ctx, BIO *bconn)
+{
+ JPAKE_STEP1 s1;
+
+ JPAKE_STEP1_init(&s1);
+ jpake_receive_part(&s1.p1, bconn);
+ jpake_receive_part(&s1.p2, bconn);
+ if (!JPAKE_STEP1_process(ctx, &s1)) {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP1_release(&s1);
+}
+
+static void jpake_receive_step2(JPAKE_CTX *ctx, BIO *bconn)
+{
+ JPAKE_STEP2 s2;
+
+ JPAKE_STEP2_init(&s2);
+ jpake_receive_part(&s2, bconn);
+ if (!JPAKE_STEP2_process(ctx, &s2)) {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP2_release(&s2);
+}
+
+static void jpake_receive_step3a(JPAKE_CTX *ctx, BIO *bconn)
+{
+ JPAKE_STEP3A s3a;
+ int l;
+
+ JPAKE_STEP3A_init(&s3a);
+ l = BIO_read(bconn, s3a.hhk, sizeof s3a.hhk);
+ assert(l == sizeof s3a.hhk);
+ if (!JPAKE_STEP3A_process(ctx, &s3a)) {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP3A_release(&s3a);
+}
+
+static void jpake_receive_step3b(JPAKE_CTX *ctx, BIO *bconn)
+{
+ JPAKE_STEP3B s3b;
+ int l;
+
+ JPAKE_STEP3B_init(&s3b);
+ l = BIO_read(bconn, s3b.hk, sizeof s3b.hk);
+ assert(l == sizeof s3b.hk);
+ if (!JPAKE_STEP3B_process(ctx, &s3b)) {
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ JPAKE_STEP3B_release(&s3b);
+}
+
+void jpake_client_auth(BIO *out, BIO *conn, const char *secret)
+{
+ JPAKE_CTX *ctx;
+ BIO *bconn;
+
+ BIO_puts(out, "Authenticating with JPAKE\n");
+
+ ctx = jpake_init("client", "server", secret);
+
+ bconn = BIO_new(BIO_f_buffer());
+ BIO_push(bconn, conn);
+
+ jpake_send_step1(bconn, ctx);
+ jpake_receive_step1(ctx, bconn);
+ jpake_send_step2(bconn, ctx);
+ jpake_receive_step2(ctx, bconn);
+ jpake_send_step3a(bconn, ctx);
+ jpake_receive_step3b(ctx, bconn);
+
+ /*
+ * The problem is that you must use the derived key in the
+ * session key or you are subject to man-in-the-middle
+ * attacks.
+ */
+ BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
+ " be MitMed. See the version in HEAD for how to do it"
+ " properly)\n");
+
+ BIO_pop(bconn);
+ BIO_free(bconn);
+}
+
+void jpake_server_auth(BIO *out, BIO *conn, const char *secret)
+{
+ JPAKE_CTX *ctx;
+ BIO *bconn;
+
+ BIO_puts(out, "Authenticating with JPAKE\n");
+
+ ctx = jpake_init("server", "client", secret);
+
+ bconn = BIO_new(BIO_f_buffer());
+ BIO_push(bconn, conn);
+
+ jpake_receive_step1(ctx, bconn);
+ jpake_send_step1(bconn, ctx);
+ jpake_receive_step2(ctx, bconn);
+ jpake_send_step2(bconn, ctx);
+ jpake_receive_step3a(ctx, bconn);
+ jpake_send_step3b(bconn, ctx);
+
+ /*
+ * The problem is that you must use the derived key in the
+ * session key or you are subject to man-in-the-middle
+ * attacks.
+ */
+ BIO_puts(out, "JPAKE authentication succeeded (N.B. This version can"
+ " be MitMed. See the version in HEAD for how to do it"
+ " properly)\n");
+
+ BIO_pop(bconn);
+ BIO_free(bconn);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/apps.h
===================================================================
--- vendor-crypto/openssl/dist/apps/apps.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/apps.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,367 +0,0 @@
-/* apps/apps.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_APPS_H
-#define HEADER_APPS_H
-
-#include "e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-#include <openssl/txt_db.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#ifndef OPENSSL_NO_OCSP
-#include <openssl/ocsp.h>
-#endif
-#include <openssl/ossl_typ.h>
-
-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
-int app_RAND_write_file(const char *file, BIO *bio_e);
-/* When `file' is NULL, use defaults.
- * `bio_e' is for error messages. */
-void app_RAND_allow_write_file(void);
-long app_RAND_load_files(char *file); /* `file' is a list of files to read,
- * separated by LIST_SEPARATOR_CHAR
- * (see e_os.h). The string is
- * destroyed! */
-
-#ifdef OPENSSL_SYS_WIN32
-#define rename(from,to) WIN32_rename((from),(to))
-int WIN32_rename(const char *oldname,const char *newname);
-#endif
-
-#ifndef MONOLITH
-
-#define MAIN(a,v) main(a,v)
-
-#ifndef NON_MAIN
-CONF *config=NULL;
-BIO *bio_err=NULL;
-int in_FIPS_mode=0;
-#else
-extern CONF *config;
-extern BIO *bio_err;
-extern int in_FIPS_mode;
-#endif
-
-#else
-
-#define MAIN(a,v) PROG(a,v)
-extern CONF *config;
-extern char *default_config_file;
-extern BIO *bio_err;
-extern int in_FIPS_mode;
-
-#endif
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifdef SIGPIPE
-#define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
-#else
-#define do_pipe_sig()
-#endif
-
-#if defined(MONOLITH) && !defined(OPENSSL_C)
-# define apps_startup() \
- do_pipe_sig()
-# define apps_shutdown()
-#else
-# ifndef OPENSSL_NO_ENGINE
-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
- defined(OPENSSL_SYS_WIN32)
-# ifdef _O_BINARY
-# define apps_startup() \
- do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-# else
-# define apps_startup() \
- do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-# endif
-# else
-# define apps_startup() \
- do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
- ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
- setup_ui_method(); } while(0)
-# endif
-# define apps_shutdown() \
- do { CONF_modules_unload(1); destroy_ui_method(); \
- EVP_cleanup(); ENGINE_cleanup(); \
- CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
- ERR_free_strings(); } while(0)
-# else
-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
- defined(OPENSSL_SYS_WIN32)
-# ifdef _O_BINARY
-# define apps_startup() \
- do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- setup_ui_method(); } while(0)
-# else
-# define apps_startup() \
- do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- setup_ui_method(); } while(0)
-# endif
-# else
-# define apps_startup() \
- do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
- ERR_load_crypto_strings(); \
- setup_ui_method(); } while(0)
-# endif
-# define apps_shutdown() \
- do { CONF_modules_unload(1); destroy_ui_method(); \
- EVP_cleanup(); \
- CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
- ERR_free_strings(); } while(0)
-# endif
-#endif
-
-#ifdef OPENSSL_SYSNAME_WIN32
-# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
-#else
-# define openssl_fdset(a,b) FD_SET(a, b)
-#endif
-
-typedef struct args_st
- {
- char **data;
- int count;
- } ARGS;
-
-#define PW_MIN_LENGTH 4
-typedef struct pw_cb_data
- {
- const void *password;
- const char *prompt_info;
- } PW_CB_DATA;
-
-int password_callback(char *buf, int bufsiz, int verify,
- PW_CB_DATA *cb_data);
-
-int setup_ui_method(void);
-void destroy_ui_method(void);
-
-int should_retry(int i);
-int args_from_file(char *file, int *argc, char **argv[]);
-int str2fmt(char *s);
-void program_name(char *in,char *out,int size);
-int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-#ifdef HEADER_X509_H
-int dump_cert_text(BIO *out, X509 *x);
-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);
-#endif
-int set_cert_ex(unsigned long *flags, const char *arg);
-int set_name_ex(unsigned long *flags, const char *arg);
-int set_ext_copy(int *copy_type, const char *arg);
-int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, CONF *conf);
-X509 *load_cert(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
-EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip);
-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip);
-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
-#ifndef OPENSSL_NO_ENGINE
-ENGINE *setup_engine(BIO *err, const char *engine, int debug);
-#endif
-
-#ifndef OPENSSL_NO_OCSP
-OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
- char *host, char *path, char *port, int use_ssl,
- int req_timeout);
-#endif
-
-int load_config(BIO *err, CONF *cnf);
-char *make_config_name(void);
-
-/* Functions defined in ca.c and also used in ocsp.c */
-int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
- ASN1_GENERALIZEDTIME **pinvtm, const char *str);
-
-#define DB_type 0
-#define DB_exp_date 1
-#define DB_rev_date 2
-#define DB_serial 3 /* index - unique */
-#define DB_file 4
-#define DB_name 5 /* index - unique when active and not disabled */
-#define DB_NUMBER 6
-
-#define DB_TYPE_REV 'R'
-#define DB_TYPE_EXP 'E'
-#define DB_TYPE_VAL 'V'
-
-typedef struct db_attr_st
- {
- int unique_subject;
- } DB_ATTR;
-typedef struct ca_db_st
- {
- DB_ATTR attributes;
- TXT_DB *db;
- } CA_DB;
-
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
-int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
-CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
-int index_index(CA_DB *db);
-int save_index(const char *dbfile, const char *suffix, CA_DB *db);
-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
-void free_index(CA_DB *db);
-int index_name_cmp(const char **a, const char **b);
-int parse_yesno(const char *str, int def);
-
-X509_NAME *parse_name(char *str, long chtype, int multirdn);
-int args_verify(char ***pargs, int *pargc,
- int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
-void policies_print(BIO *out, X509_STORE_CTX *ctx);
-#ifndef OPENSSL_NO_JPAKE
-void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
-void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
-#endif
-
-#define FORMAT_UNDEF 0
-#define FORMAT_ASN1 1
-#define FORMAT_TEXT 2
-#define FORMAT_PEM 3
-#define FORMAT_NETSCAPE 4
-#define FORMAT_PKCS12 5
-#define FORMAT_SMIME 6
-#define FORMAT_ENGINE 7
-#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
- * adding yet another param to load_*key() */
-
-#define EXT_COPY_NONE 0
-#define EXT_COPY_ADD 1
-#define EXT_COPY_ALL 2
-
-#define NETSCAPE_CERT_HDR "certificate"
-
-#define APP_PASS_LEN 1024
-
-#define SERIAL_RAND_BITS 64
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/apps.h (from rev 6976, vendor-crypto/openssl/dist/apps/apps.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/apps.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/apps.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,368 @@
+/* apps/apps.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_APPS_H
+# define HEADER_APPS_H
+
+# include "e_os.h"
+
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+# include <openssl/lhash.h>
+# include <openssl/conf.h>
+# include <openssl/txt_db.h>
+# ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+# endif
+# ifndef OPENSSL_NO_OCSP
+# include <openssl/ocsp.h>
+# endif
+# include <openssl/ossl_typ.h>
+
+int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
+int app_RAND_write_file(const char *file, BIO *bio_e);
+/*
+ * When `file' is NULL, use defaults. `bio_e' is for error messages.
+ */
+void app_RAND_allow_write_file(void);
+long app_RAND_load_files(char *file); /* `file' is a list of files to read,
+ * separated by LIST_SEPARATOR_CHAR
+ * (see e_os.h). The string is
+ * destroyed! */
+
+# ifdef OPENSSL_SYS_WIN32
+# define rename(from,to) WIN32_rename((from),(to))
+int WIN32_rename(const char *oldname, const char *newname);
+# endif
+
+# ifndef MONOLITH
+
+# define MAIN(a,v) main(a,v)
+
+# ifndef NON_MAIN
+CONF *config = NULL;
+BIO *bio_err = NULL;
+int in_FIPS_mode = 0;
+# else
+extern CONF *config;
+extern BIO *bio_err;
+extern int in_FIPS_mode;
+# endif
+
+# else
+
+# define MAIN(a,v) PROG(a,v)
+extern CONF *config;
+extern char *default_config_file;
+extern BIO *bio_err;
+extern int in_FIPS_mode;
+
+# endif
+
+# ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+# endif
+
+# ifdef SIGPIPE
+# define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
+# else
+# define do_pipe_sig()
+# endif
+
+# if defined(MONOLITH) && !defined(OPENSSL_C)
+# define apps_startup() \
+ do_pipe_sig()
+# define apps_shutdown()
+# else
+# ifndef OPENSSL_NO_ENGINE
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+ defined(OPENSSL_SYS_WIN32)
+# ifdef _O_BINARY
+# define apps_startup() \
+ do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+# else
+# define apps_startup() \
+ do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+# endif
+# else
+# define apps_startup() \
+ do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+ ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+ setup_ui_method(); } while(0)
+# endif
+# define apps_shutdown() \
+ do { CONF_modules_unload(1); destroy_ui_method(); \
+ EVP_cleanup(); ENGINE_cleanup(); \
+ CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+ ERR_free_strings(); } while(0)
+# else
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+ defined(OPENSSL_SYS_WIN32)
+# ifdef _O_BINARY
+# define apps_startup() \
+ do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ setup_ui_method(); } while(0)
+# else
+# define apps_startup() \
+ do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+ ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+ setup_ui_method(); } while(0)
+# endif
+# else
+# define apps_startup() \
+ do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+ ERR_load_crypto_strings(); \
+ setup_ui_method(); } while(0)
+# endif
+# define apps_shutdown() \
+ do { CONF_modules_unload(1); destroy_ui_method(); \
+ EVP_cleanup(); \
+ CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+ ERR_free_strings(); } while(0)
+# endif
+# endif
+
+# ifdef OPENSSL_SYSNAME_WIN32
+# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
+# else
+# define openssl_fdset(a,b) FD_SET(a, b)
+# endif
+
+typedef struct args_st {
+ char **data;
+ int count;
+} ARGS;
+
+# define PW_MIN_LENGTH 4
+typedef struct pw_cb_data {
+ const void *password;
+ const char *prompt_info;
+} PW_CB_DATA;
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
+
+int setup_ui_method(void);
+void destroy_ui_method(void);
+
+int should_retry(int i);
+int args_from_file(char *file, int *argc, char **argv[]);
+int str2fmt(char *s);
+void program_name(char *in, char *out, int size);
+int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[]);
+# ifdef HEADER_X509_H
+int dump_cert_text(BIO *out, X509 *x);
+void print_name(BIO *out, const char *title, X509_NAME *nm,
+ unsigned long lflags);
+# endif
+int set_cert_ex(unsigned long *flags, const char *arg);
+int set_name_ex(unsigned long *flags, const char *arg);
+int set_ext_copy(int *copy_type, const char *arg);
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
+int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
+int add_oid_section(BIO *err, CONF *conf);
+X509 *load_cert(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e, const char *cert_descrip);
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip);
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+ const char *pass, ENGINE *e, const char *key_descrip);
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+ const char *pass, ENGINE *e,
+ const char *cert_descrip);
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
+# ifndef OPENSSL_NO_ENGINE
+ENGINE *setup_engine(BIO *err, const char *engine, int debug);
+# endif
+
+# ifndef OPENSSL_NO_OCSP
+OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
+ char *host, char *path, char *port,
+ int use_ssl, int req_timeout);
+# endif
+
+int load_config(BIO *err, CONF *cnf);
+char *make_config_name(void);
+
+/* Functions defined in ca.c and also used in ocsp.c */
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+ ASN1_GENERALIZEDTIME **pinvtm, const char *str);
+
+# define DB_type 0
+# define DB_exp_date 1
+# define DB_rev_date 2
+# define DB_serial 3 /* index - unique */
+# define DB_file 4
+# define DB_name 5 /* index - unique when active and not
+ * disabled */
+# define DB_NUMBER 6
+
+# define DB_TYPE_REV 'R'
+# define DB_TYPE_EXP 'E'
+# define DB_TYPE_VAL 'V'
+
+typedef struct db_attr_st {
+ int unique_subject;
+} DB_ATTR;
+typedef struct ca_db_st {
+ DB_ATTR attributes;
+ TXT_DB *db;
+} CA_DB;
+
+BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
+ ASN1_INTEGER **retai);
+int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
+CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
+int index_index(CA_DB *db);
+int save_index(const char *dbfile, const char *suffix, CA_DB *db);
+int rotate_index(const char *dbfile, const char *new_suffix,
+ const char *old_suffix);
+void free_index(CA_DB *db);
+int index_name_cmp(const char **a, const char **b);
+int parse_yesno(const char *str, int def);
+
+X509_NAME *parse_name(char *str, long chtype, int multirdn);
+int args_verify(char ***pargs, int *pargc,
+ int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
+void policies_print(BIO *out, X509_STORE_CTX *ctx);
+# ifndef OPENSSL_NO_JPAKE
+void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
+void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
+# endif
+
+# define FORMAT_UNDEF 0
+# define FORMAT_ASN1 1
+# define FORMAT_TEXT 2
+# define FORMAT_PEM 3
+# define FORMAT_NETSCAPE 4
+# define FORMAT_PKCS12 5
+# define FORMAT_SMIME 6
+# define FORMAT_ENGINE 7
+# define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
+ * adding yet another param to load_*key() */
+
+# define EXT_COPY_NONE 0
+# define EXT_COPY_ADD 1
+# define EXT_COPY_ALL 2
+
+# define NETSCAPE_CERT_HDR "certificate"
+
+# define APP_PASS_LEN 1024
+
+# define SERIAL_RAND_BITS 64
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/asn1pars.c
===================================================================
--- vendor-crypto/openssl/dist/apps/asn1pars.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/asn1pars.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,445 +0,0 @@
-/* apps/asn1pars.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* A nice addition from Dr Stephen Henson <steve at openssl.org> to
- * add the -strparse option which parses nested binary structures
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -in arg - input file - default stdin
- * -i - indent the details by depth
- * -offset - where in the file to start
- * -length - how many bytes to use
- * -oid file - extra oid description file
- */
-
-#undef PROG
-#define PROG asn1parse_main
-
-int MAIN(int, char **);
-
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
-
-int MAIN(int argc, char **argv)
- {
- int i,badops=0,offset=0,ret=1,j;
- unsigned int length=0;
- long num,tmplen;
- BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
- int informat,indent=0, noout = 0, dump = 0;
- char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
- char *genstr=NULL, *genconf=NULL;
- unsigned char *tmpbuf;
- const unsigned char *ctmpbuf;
- BUF_MEM *buf=NULL;
- STACK *osk=NULL;
- ASN1_TYPE *at=NULL;
-
- informat=FORMAT_PEM;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- prog=argv[0];
- argc--;
- argv++;
- if ((osk=sk_new_null()) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto end;
- }
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- derfile= *(++argv);
- }
- else if (strcmp(*argv,"-i") == 0)
- {
- indent=1;
- }
- else if (strcmp(*argv,"-noout") == 0) noout = 1;
- else if (strcmp(*argv,"-oid") == 0)
- {
- if (--argc < 1) goto bad;
- oidfile= *(++argv);
- }
- else if (strcmp(*argv,"-offset") == 0)
- {
- if (--argc < 1) goto bad;
- offset= atoi(*(++argv));
- }
- else if (strcmp(*argv,"-length") == 0)
- {
- if (--argc < 1) goto bad;
- length= atoi(*(++argv));
- if (length == 0) goto bad;
- }
- else if (strcmp(*argv,"-dump") == 0)
- {
- dump= -1;
- }
- else if (strcmp(*argv,"-dlimit") == 0)
- {
- if (--argc < 1) goto bad;
- dump= atoi(*(++argv));
- if (dump <= 0) goto bad;
- }
- else if (strcmp(*argv,"-strparse") == 0)
- {
- if (--argc < 1) goto bad;
- sk_push(osk,*(++argv));
- }
- else if (strcmp(*argv,"-genstr") == 0)
- {
- if (--argc < 1) goto bad;
- genstr= *(++argv);
- }
- else if (strcmp(*argv,"-genconf") == 0)
- {
- if (--argc < 1) goto bad;
- genconf= *(++argv);
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file (output format is always DER\n");
- BIO_printf(bio_err," -noout arg don't produce any output\n");
- BIO_printf(bio_err," -offset arg offset into file\n");
- BIO_printf(bio_err," -length arg length of section in file\n");
- BIO_printf(bio_err," -i indent entries\n");
- BIO_printf(bio_err," -dump dump unknown data in hex form\n");
- BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n");
- BIO_printf(bio_err," -oid file file of extra oid definitions\n");
- BIO_printf(bio_err," -strparse offset\n");
- BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
- BIO_printf(bio_err," ASN1 blob wrappings\n");
- BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n");
- BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
-
- if (oidfile != NULL)
- {
- if (BIO_read_filename(in,oidfile) <= 0)
- {
- BIO_printf(bio_err,"problems opening %s\n",oidfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- OBJ_create_objects(in);
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
- if (derfile) {
- if(!(derout = BIO_new_file(derfile, "wb"))) {
- BIO_printf(bio_err,"problems opening %s\n",derfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if ((buf=BUF_MEM_new()) == NULL) goto end;
- if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
-
- if (genstr || genconf)
- {
- num = do_generate(bio_err, genstr, genconf, buf);
- if (num < 0)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- else
- {
-
- if (informat == FORMAT_PEM)
- {
- BIO *tmp;
-
- if ((b64=BIO_new(BIO_f_base64())) == NULL)
- goto end;
- BIO_push(b64,in);
- tmp=in;
- in=b64;
- b64=tmp;
- }
-
- num=0;
- for (;;)
- {
- if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
- i=BIO_read(in,&(buf->data[num]),BUFSIZ);
- if (i <= 0) break;
- num+=i;
- }
- }
- str=buf->data;
-
- /* If any structs to parse go through in sequence */
-
- if (sk_num(osk))
- {
- tmpbuf=(unsigned char *)str;
- tmplen=num;
- for (i=0; i<sk_num(osk); i++)
- {
- ASN1_TYPE *atmp;
- int typ;
- j=atoi(sk_value(osk,i));
- if (j == 0)
- {
- BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
- continue;
- }
- tmpbuf+=j;
- tmplen-=j;
- atmp = at;
- ctmpbuf = tmpbuf;
- at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen);
- ASN1_TYPE_free(atmp);
- if(!at)
- {
- BIO_printf(bio_err,"Error parsing structure\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- typ = ASN1_TYPE_get(at);
- if ((typ == V_ASN1_OBJECT)
- || (typ == V_ASN1_NULL))
- {
- BIO_printf(bio_err, "Can't parse %s type\n",
- typ == V_ASN1_NULL ? "NULL" : "OBJECT");
- ERR_print_errors(bio_err);
- goto end;
- }
- /* hmm... this is a little evil but it works */
- tmpbuf=at->value.asn1_string->data;
- tmplen=at->value.asn1_string->length;
- }
- str=(char *)tmpbuf;
- num=tmplen;
- }
-
- if (offset >= num)
- {
- BIO_printf(bio_err, "Error: offset too large\n");
- goto end;
- }
-
- num -= offset;
-
- if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
- if(derout) {
- if(BIO_write(derout, str + offset, length) != (int)length) {
- BIO_printf(bio_err, "Error writing output\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- if (!noout &&
- !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
- indent,dump))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- ret=0;
-end:
- BIO_free(derout);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (b64 != NULL) BIO_free(b64);
- if (ret != 0)
- ERR_print_errors(bio_err);
- if (buf != NULL) BUF_MEM_free(buf);
- if (at != NULL) ASN1_TYPE_free(at);
- if (osk != NULL) sk_free(osk);
- OBJ_cleanup();
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
- {
- CONF *cnf = NULL;
- int len;
- long errline;
- unsigned char *p;
- ASN1_TYPE *atyp = NULL;
-
- if (genconf)
- {
- cnf = NCONF_new(NULL);
- if (!NCONF_load(cnf, genconf, &errline))
- goto conferr;
- if (!genstr)
- genstr = NCONF_get_string(cnf, "default", "asn1");
- if (!genstr)
- {
- BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
- goto err;
- }
- }
-
- atyp = ASN1_generate_nconf(genstr, cnf);
- NCONF_free(cnf);
- cnf = NULL;
-
- if (!atyp)
- return -1;
-
- len = i2d_ASN1_TYPE(atyp, NULL);
-
- if (len <= 0)
- goto err;
-
- if (!BUF_MEM_grow(buf,len))
- goto err;
-
- p=(unsigned char *)buf->data;
-
- i2d_ASN1_TYPE(atyp, &p);
-
- ASN1_TYPE_free(atyp);
- return len;
-
- conferr:
-
- if (errline > 0)
- BIO_printf(bio, "Error on line %ld of config file '%s'\n",
- errline, genconf);
- else
- BIO_printf(bio, "Error loading config file '%s'\n", genconf);
-
- err:
- NCONF_free(cnf);
- ASN1_TYPE_free(atyp);
-
- return -1;
-
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/asn1pars.c (from rev 6976, vendor-crypto/openssl/dist/apps/asn1pars.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/asn1pars.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/asn1pars.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,430 @@
+/* apps/asn1pars.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * A nice addition from Dr Stephen Henson <steve at openssl.org> to add the
+ * -strparse option which parses nested binary structures
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
+ * -in arg - input file - default stdin
+ * -i - indent the details by depth
+ * -offset - where in the file to start
+ * -length - how many bytes to use
+ * -oid file - extra oid description file
+ */
+
+#undef PROG
+#define PROG asn1parse_main
+
+int MAIN(int, char **);
+
+static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
+
+int MAIN(int argc, char **argv)
+{
+ int i, badops = 0, offset = 0, ret = 1, j;
+ unsigned int length = 0;
+ long num, tmplen;
+ BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL;
+ int informat, indent = 0, noout = 0, dump = 0;
+ char *infile = NULL, *str = NULL, *prog, *oidfile = NULL, *derfile = NULL;
+ char *genstr = NULL, *genconf = NULL;
+ unsigned char *tmpbuf;
+ const unsigned char *ctmpbuf;
+ BUF_MEM *buf = NULL;
+ STACK *osk = NULL;
+ ASN1_TYPE *at = NULL;
+
+ informat = FORMAT_PEM;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ if ((osk = sk_new_null()) == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto end;
+ }
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ derfile = *(++argv);
+ } else if (strcmp(*argv, "-i") == 0) {
+ indent = 1;
+ } else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-oid") == 0) {
+ if (--argc < 1)
+ goto bad;
+ oidfile = *(++argv);
+ } else if (strcmp(*argv, "-offset") == 0) {
+ if (--argc < 1)
+ goto bad;
+ offset = atoi(*(++argv));
+ } else if (strcmp(*argv, "-length") == 0) {
+ if (--argc < 1)
+ goto bad;
+ length = atoi(*(++argv));
+ if (length == 0)
+ goto bad;
+ } else if (strcmp(*argv, "-dump") == 0) {
+ dump = -1;
+ } else if (strcmp(*argv, "-dlimit") == 0) {
+ if (--argc < 1)
+ goto bad;
+ dump = atoi(*(++argv));
+ if (dump <= 0)
+ goto bad;
+ } else if (strcmp(*argv, "-strparse") == 0) {
+ if (--argc < 1)
+ goto bad;
+ sk_push(osk, *(++argv));
+ } else if (strcmp(*argv, "-genstr") == 0) {
+ if (--argc < 1)
+ goto bad;
+ genstr = *(++argv);
+ } else if (strcmp(*argv, "-genconf") == 0) {
+ if (--argc < 1)
+ goto bad;
+ genconf = *(++argv);
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options] <infile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err,
+ " -out arg output file (output format is always DER\n");
+ BIO_printf(bio_err, " -noout arg don't produce any output\n");
+ BIO_printf(bio_err, " -offset arg offset into file\n");
+ BIO_printf(bio_err, " -length arg length of section in file\n");
+ BIO_printf(bio_err, " -i indent entries\n");
+ BIO_printf(bio_err, " -dump dump unknown data in hex form\n");
+ BIO_printf(bio_err,
+ " -dlimit arg dump the first arg bytes of unknown data in hex form\n");
+ BIO_printf(bio_err, " -oid file file of extra oid definitions\n");
+ BIO_printf(bio_err, " -strparse offset\n");
+ BIO_printf(bio_err,
+ " a series of these can be used to 'dig' into multiple\n");
+ BIO_printf(bio_err, " ASN1 blob wrappings\n");
+ BIO_printf(bio_err,
+ " -genstr str string to generate ASN1 structure from\n");
+ BIO_printf(bio_err,
+ " -genconf file file to generate ASN1 structure from\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+
+ if (oidfile != NULL) {
+ if (BIO_read_filename(in, oidfile) <= 0) {
+ BIO_printf(bio_err, "problems opening %s\n", oidfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ OBJ_create_objects(in);
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (derfile) {
+ if (!(derout = BIO_new_file(derfile, "wb"))) {
+ BIO_printf(bio_err, "problems opening %s\n", derfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if ((buf = BUF_MEM_new()) == NULL)
+ goto end;
+ if (!BUF_MEM_grow(buf, BUFSIZ * 8))
+ goto end; /* Pre-allocate :-) */
+
+ if (genstr || genconf) {
+ num = do_generate(bio_err, genstr, genconf, buf);
+ if (num < 0) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ else {
+
+ if (informat == FORMAT_PEM) {
+ BIO *tmp;
+
+ if ((b64 = BIO_new(BIO_f_base64())) == NULL)
+ goto end;
+ BIO_push(b64, in);
+ tmp = in;
+ in = b64;
+ b64 = tmp;
+ }
+
+ num = 0;
+ for (;;) {
+ if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
+ goto end;
+ i = BIO_read(in, &(buf->data[num]), BUFSIZ);
+ if (i <= 0)
+ break;
+ num += i;
+ }
+ }
+ str = buf->data;
+
+ /* If any structs to parse go through in sequence */
+
+ if (sk_num(osk)) {
+ tmpbuf = (unsigned char *)str;
+ tmplen = num;
+ for (i = 0; i < sk_num(osk); i++) {
+ ASN1_TYPE *atmp;
+ int typ;
+ j = atoi(sk_value(osk, i));
+ if (j == 0) {
+ BIO_printf(bio_err, "'%s' is an invalid number\n",
+ sk_value(osk, i));
+ continue;
+ }
+ tmpbuf += j;
+ tmplen -= j;
+ atmp = at;
+ ctmpbuf = tmpbuf;
+ at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
+ ASN1_TYPE_free(atmp);
+ if (!at) {
+ BIO_printf(bio_err, "Error parsing structure\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ typ = ASN1_TYPE_get(at);
+ if ((typ == V_ASN1_OBJECT)
+ || (typ == V_ASN1_NULL)) {
+ BIO_printf(bio_err, "Can't parse %s type\n",
+ typ == V_ASN1_NULL ? "NULL" : "OBJECT");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ /* hmm... this is a little evil but it works */
+ tmpbuf = at->value.asn1_string->data;
+ tmplen = at->value.asn1_string->length;
+ }
+ str = (char *)tmpbuf;
+ num = tmplen;
+ }
+
+ if (offset >= num) {
+ BIO_printf(bio_err, "Error: offset too large\n");
+ goto end;
+ }
+
+ num -= offset;
+
+ if ((length == 0) || ((long)length > num))
+ length = (unsigned int)num;
+ if (derout) {
+ if (BIO_write(derout, str + offset, length) != (int)length) {
+ BIO_printf(bio_err, "Error writing output\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ if (!noout &&
+ !ASN1_parse_dump(out, (unsigned char *)&(str[offset]), length,
+ indent, dump)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret = 0;
+ end:
+ BIO_free(derout);
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (b64 != NULL)
+ BIO_free(b64);
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ if (buf != NULL)
+ BUF_MEM_free(buf);
+ if (at != NULL)
+ ASN1_TYPE_free(at);
+ if (osk != NULL)
+ sk_free(osk);
+ OBJ_cleanup();
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
+{
+ CONF *cnf = NULL;
+ int len;
+ long errline;
+ unsigned char *p;
+ ASN1_TYPE *atyp = NULL;
+
+ if (genconf) {
+ cnf = NCONF_new(NULL);
+ if (!NCONF_load(cnf, genconf, &errline))
+ goto conferr;
+ if (!genstr)
+ genstr = NCONF_get_string(cnf, "default", "asn1");
+ if (!genstr) {
+ BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
+ goto err;
+ }
+ }
+
+ atyp = ASN1_generate_nconf(genstr, cnf);
+ NCONF_free(cnf);
+ cnf = NULL;
+
+ if (!atyp)
+ return -1;
+
+ len = i2d_ASN1_TYPE(atyp, NULL);
+
+ if (len <= 0)
+ goto err;
+
+ if (!BUF_MEM_grow(buf, len))
+ goto err;
+
+ p = (unsigned char *)buf->data;
+
+ i2d_ASN1_TYPE(atyp, &p);
+
+ ASN1_TYPE_free(atyp);
+ return len;
+
+ conferr:
+
+ if (errline > 0)
+ BIO_printf(bio, "Error on line %ld of config file '%s'\n",
+ errline, genconf);
+ else
+ BIO_printf(bio, "Error loading config file '%s'\n", genconf);
+
+ err:
+ NCONF_free(cnf);
+ ASN1_TYPE_free(atyp);
+
+ return -1;
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/ca.c
===================================================================
--- vendor-crypto/openssl/dist/apps/ca.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/ca.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2998 +0,0 @@
-/* apps/ca.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* The PPKI stuff has been donated by Jeff Barber <jeffb at issl.atl.hp.com> */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <openssl/conf.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/txt_db.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-#include <openssl/ocsp.h>
-#include <openssl/pem.h>
-
-#ifndef W_OK
-# ifdef OPENSSL_SYS_VMS
-# if defined(__DECC)
-# include <unistd.h>
-# else
-# include <unixlib.h>
-# endif
-# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) && !defined(__TANDEM)
-# include <sys/file.h>
-# endif
-#endif
-
-#include "apps.h"
-
-#ifndef W_OK
-# define F_OK 0
-# define X_OK 1
-# define W_OK 2
-# define R_OK 4
-#endif
-
-#undef PROG
-#define PROG ca_main
-
-#define BASE_SECTION "ca"
-#define CONFIG_FILE "openssl.cnf"
-
-#define ENV_DEFAULT_CA "default_ca"
-
-#define STRING_MASK "string_mask"
-#define UTF8_IN "utf8"
-
-#define ENV_DIR "dir"
-#define ENV_CERTS "certs"
-#define ENV_CRL_DIR "crl_dir"
-#define ENV_CA_DB "CA_DB"
-#define ENV_NEW_CERTS_DIR "new_certs_dir"
-#define ENV_CERTIFICATE "certificate"
-#define ENV_SERIAL "serial"
-#define ENV_CRLNUMBER "crlnumber"
-#define ENV_CRL "crl"
-#define ENV_PRIVATE_KEY "private_key"
-#define ENV_RANDFILE "RANDFILE"
-#define ENV_DEFAULT_DAYS "default_days"
-#define ENV_DEFAULT_STARTDATE "default_startdate"
-#define ENV_DEFAULT_ENDDATE "default_enddate"
-#define ENV_DEFAULT_CRL_DAYS "default_crl_days"
-#define ENV_DEFAULT_CRL_HOURS "default_crl_hours"
-#define ENV_DEFAULT_MD "default_md"
-#define ENV_DEFAULT_EMAIL_DN "email_in_dn"
-#define ENV_PRESERVE "preserve"
-#define ENV_POLICY "policy"
-#define ENV_EXTENSIONS "x509_extensions"
-#define ENV_CRLEXT "crl_extensions"
-#define ENV_MSIE_HACK "msie_hack"
-#define ENV_NAMEOPT "name_opt"
-#define ENV_CERTOPT "cert_opt"
-#define ENV_EXTCOPY "copy_extensions"
-#define ENV_UNIQUE_SUBJECT "unique_subject"
-
-#define ENV_DATABASE "database"
-
-/* Additional revocation information types */
-
-#define REV_NONE 0 /* No addditional information */
-#define REV_CRL_REASON 1 /* Value is CRL reason code */
-#define REV_HOLD 2 /* Value is hold instruction */
-#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
-#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
-
-static const char *ca_usage[]={
-"usage: ca args\n",
-"\n",
-" -verbose - Talk alot while doing things\n",
-" -config file - A config file\n",
-" -name arg - The particular CA definition to use\n",
-" -gencrl - Generate a new CRL\n",
-" -crldays days - Days is when the next CRL is due\n",
-" -crlhours hours - Hours is when the next CRL is due\n",
-" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
-" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
-" -days arg - number of days to certify the certificate for\n",
-" -md arg - md to use, one of md2, md5, sha or sha1\n",
-" -policy arg - The CA 'policy' to support\n",
-" -keyfile arg - private key file\n",
-" -keyform arg - private key file format (PEM or ENGINE)\n",
-" -key arg - key to decode the private key if it is encrypted\n",
-" -cert file - The CA certificate\n",
-" -selfsign - sign a certificate with the key associated with it\n",
-" -in file - The input PEM encoded certificate request(s)\n",
-" -out file - Where to put the output file(s)\n",
-" -outdir dir - Where to put output certificates\n",
-" -infiles .... - The last argument, requests to process\n",
-" -spkac file - File contains DN and signed public key and challenge\n",
-" -ss_cert file - File contains a self signed cert to sign\n",
-" -preserveDN - Don't re-order the DN\n",
-" -noemailDN - Don't add the EMAIL field into certificate' subject\n",
-" -batch - Don't ask questions\n",
-" -msie_hack - msie modifications to handle all those universal strings\n",
-" -revoke file - Revoke a certificate (given in file)\n",
-" -subj arg - Use arg instead of request's subject\n",
-" -utf8 - input characters are UTF8 (default ASCII)\n",
-" -multivalue-rdn - enable support for multivalued RDNs\n",
-" -extensions .. - Extension section (override value in config file)\n",
-" -extfile file - Configuration file with X509v3 extentions to add\n",
-" -crlexts .. - CRL extension section (override value in config file)\n",
-#ifndef OPENSSL_NO_ENGINE
-" -engine e - use engine e, possibly a hardware device.\n",
-#endif
-" -status serial - Shows certificate status given the serial number\n",
-" -updatedb - Updates db for expired certificates\n",
-NULL
-};
-
-#ifdef EFENCE
-extern int EF_PROTECT_FREE;
-extern int EF_PROTECT_BELOW;
-extern int EF_ALIGNMENT;
-#endif
-
-static void lookup_fail(const char *name, const char *tag);
-static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
- const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
- BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate,
- char *enddate, long days, int batch, char *ext_sect, CONF *conf,
- int verbose, unsigned long certopt, unsigned long nameopt,
- int default_op, int ext_copy, int selfsign);
-static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
- const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
- CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn,
- char *startdate, char *enddate, long days, int batch,
- char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy,
- ENGINE *e);
-static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
- const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
- CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn,
- char *startdate, char *enddate, long days, char *ext_sect,
- CONF *conf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy);
-static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
- int email_dn, char *startdate, char *enddate, long days, int batch,
- int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
- unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, int selfsign);
-static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
-static int get_certificate_status(const char *ser_status, CA_DB *db);
-static int do_updatedb(CA_DB *db);
-static int check_time_format(const char *str);
-char *make_revocation_str(int rev_type, char *rev_arg);
-int make_revoked(X509_REVOKED *rev, const char *str);
-int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
-static CONF *conf=NULL;
-static CONF *extconf=NULL;
-static char *section=NULL;
-
-static int preserve=0;
-static int msie_hack=0;
-
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- char *key=NULL,*passargin=NULL;
- int create_ser = 0;
- int free_key = 0;
- int total=0;
- int total_done=0;
- int badops=0;
- int ret=1;
- int email_dn=1;
- int req=0;
- int verbose=0;
- int gencrl=0;
- int dorevoke=0;
- int doupdatedb=0;
- long crldays=0;
- long crlhours=0;
- long errorline= -1;
- char *configfile=NULL;
- char *md=NULL;
- char *policy=NULL;
- char *keyfile=NULL;
- char *certfile=NULL;
- int keyform=FORMAT_PEM;
- char *infile=NULL;
- char *spkac_file=NULL;
- char *ss_cert_file=NULL;
- char *ser_status=NULL;
- EVP_PKEY *pkey=NULL;
- int output_der = 0;
- char *outfile=NULL;
- char *outdir=NULL;
- char *serialfile=NULL;
- char *crlnumberfile=NULL;
- char *extensions=NULL;
- char *extfile=NULL;
- char *subj=NULL;
- unsigned long chtype = MBSTRING_ASC;
- int multirdn = 0;
- char *tmp_email_dn=NULL;
- char *crl_ext=NULL;
- int rev_type = REV_NONE;
- char *rev_arg = NULL;
- BIGNUM *serial=NULL;
- BIGNUM *crlnumber=NULL;
- char *startdate=NULL;
- char *enddate=NULL;
- long days=0;
- int batch=0;
- int notext=0;
- unsigned long nameopt = 0, certopt = 0;
- int default_op = 1;
- int ext_copy = EXT_COPY_NONE;
- int selfsign = 0;
- X509 *x509=NULL, *x509p = NULL;
- X509 *x=NULL;
- BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
- char *dbfile=NULL;
- CA_DB *db=NULL;
- X509_CRL *crl=NULL;
- X509_REVOKED *r=NULL;
- ASN1_TIME *tmptm;
- ASN1_INTEGER *tmpser;
- char *f;
- const char *p, **pp;
- int i,j;
- const EVP_MD *dgst=NULL;
- STACK_OF(CONF_VALUE) *attribs=NULL;
- STACK_OF(X509) *cert_sk=NULL;
-#undef BSIZE
-#define BSIZE 256
- MS_STATIC char buf[3][BSIZE];
- char *randfile=NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine = NULL;
-#endif
- char *tofree=NULL;
- DB_ATTR db_attr;
-
-#ifdef EFENCE
-EF_PROTECT_FREE=1;
-EF_PROTECT_BELOW=1;
-EF_ALIGNMENT=0;
-#endif
-
- apps_startup();
-
- conf = NULL;
- key = NULL;
- section = NULL;
-
- preserve=0;
- msie_hack=0;
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-verbose") == 0)
- verbose=1;
- else if (strcmp(*argv,"-config") == 0)
- {
- if (--argc < 1) goto bad;
- configfile= *(++argv);
- }
- else if (strcmp(*argv,"-name") == 0)
- {
- if (--argc < 1) goto bad;
- section= *(++argv);
- }
- else if (strcmp(*argv,"-subj") == 0)
- {
- if (--argc < 1) goto bad;
- subj= *(++argv);
- /* preserve=1; */
- }
- else if (strcmp(*argv,"-utf8") == 0)
- chtype = MBSTRING_UTF8;
- else if (strcmp(*argv,"-create_serial") == 0)
- create_ser = 1;
- else if (strcmp(*argv,"-multivalue-rdn") == 0)
- multirdn=1;
- else if (strcmp(*argv,"-startdate") == 0)
- {
- if (--argc < 1) goto bad;
- startdate= *(++argv);
- }
- else if (strcmp(*argv,"-enddate") == 0)
- {
- if (--argc < 1) goto bad;
- enddate= *(++argv);
- }
- else if (strcmp(*argv,"-days") == 0)
- {
- if (--argc < 1) goto bad;
- days=atoi(*(++argv));
- }
- else if (strcmp(*argv,"-md") == 0)
- {
- if (--argc < 1) goto bad;
- md= *(++argv);
- }
- else if (strcmp(*argv,"-policy") == 0)
- {
- if (--argc < 1) goto bad;
- policy= *(++argv);
- }
- else if (strcmp(*argv,"-keyfile") == 0)
- {
- if (--argc < 1) goto bad;
- keyfile= *(++argv);
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- keyform=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- key= *(++argv);
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- certfile= *(++argv);
- }
- else if (strcmp(*argv,"-selfsign") == 0)
- selfsign=1;
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- req=1;
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-outdir") == 0)
- {
- if (--argc < 1) goto bad;
- outdir= *(++argv);
- }
- else if (strcmp(*argv,"-notext") == 0)
- notext=1;
- else if (strcmp(*argv,"-batch") == 0)
- batch=1;
- else if (strcmp(*argv,"-preserveDN") == 0)
- preserve=1;
- else if (strcmp(*argv,"-noemailDN") == 0)
- email_dn=0;
- else if (strcmp(*argv,"-gencrl") == 0)
- gencrl=1;
- else if (strcmp(*argv,"-msie_hack") == 0)
- msie_hack=1;
- else if (strcmp(*argv,"-crldays") == 0)
- {
- if (--argc < 1) goto bad;
- crldays= atol(*(++argv));
- }
- else if (strcmp(*argv,"-crlhours") == 0)
- {
- if (--argc < 1) goto bad;
- crlhours= atol(*(++argv));
- }
- else if (strcmp(*argv,"-infiles") == 0)
- {
- argc--;
- argv++;
- req=1;
- break;
- }
- else if (strcmp(*argv, "-ss_cert") == 0)
- {
- if (--argc < 1) goto bad;
- ss_cert_file = *(++argv);
- req=1;
- }
- else if (strcmp(*argv, "-spkac") == 0)
- {
- if (--argc < 1) goto bad;
- spkac_file = *(++argv);
- req=1;
- }
- else if (strcmp(*argv,"-revoke") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- dorevoke=1;
- }
- else if (strcmp(*argv,"-extensions") == 0)
- {
- if (--argc < 1) goto bad;
- extensions= *(++argv);
- }
- else if (strcmp(*argv,"-extfile") == 0)
- {
- if (--argc < 1) goto bad;
- extfile= *(++argv);
- }
- else if (strcmp(*argv,"-status") == 0)
- {
- if (--argc < 1) goto bad;
- ser_status= *(++argv);
- }
- else if (strcmp(*argv,"-updatedb") == 0)
- {
- doupdatedb=1;
- }
- else if (strcmp(*argv,"-crlexts") == 0)
- {
- if (--argc < 1) goto bad;
- crl_ext= *(++argv);
- }
- else if (strcmp(*argv,"-crl_reason") == 0)
- {
- if (--argc < 1) goto bad;
- rev_arg = *(++argv);
- rev_type = REV_CRL_REASON;
- }
- else if (strcmp(*argv,"-crl_hold") == 0)
- {
- if (--argc < 1) goto bad;
- rev_arg = *(++argv);
- rev_type = REV_HOLD;
- }
- else if (strcmp(*argv,"-crl_compromise") == 0)
- {
- if (--argc < 1) goto bad;
- rev_arg = *(++argv);
- rev_type = REV_KEY_COMPROMISE;
- }
- else if (strcmp(*argv,"-crl_CA_compromise") == 0)
- {
- if (--argc < 1) goto bad;
- rev_arg = *(++argv);
- rev_type = REV_CA_COMPROMISE;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else
- {
-bad:
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
- for (pp=ca_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
- goto err;
- }
-
- ERR_load_crypto_strings();
-
- /*****************************************************************/
- tofree=NULL;
- if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
- if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
- if (configfile == NULL)
- {
- const char *s=X509_get_default_cert_area();
- size_t len;
-
-#ifdef OPENSSL_SYS_VMS
- len = strlen(s)+sizeof(CONFIG_FILE);
- tofree=OPENSSL_malloc(len);
- strcpy(tofree,s);
-#else
- len = strlen(s)+sizeof(CONFIG_FILE)+1;
- tofree=OPENSSL_malloc(len);
- BUF_strlcpy(tofree,s,len);
- BUF_strlcat(tofree,"/",len);
-#endif
- BUF_strlcat(tofree,CONFIG_FILE,len);
- configfile=tofree;
- }
-
- BIO_printf(bio_err,"Using configuration from %s\n",configfile);
- conf = NCONF_new(NULL);
- if (NCONF_load(conf,configfile,&errorline) <= 0)
- {
- if (errorline <= 0)
- BIO_printf(bio_err,"error loading the config file '%s'\n",
- configfile);
- else
- BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
- ,errorline,configfile);
- goto err;
- }
- if(tofree)
- {
- OPENSSL_free(tofree);
- tofree = NULL;
- }
-
- if (!load_config(bio_err, conf))
- goto err;
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- /* Lets get the config section we are using */
- if (section == NULL)
- {
- section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
- if (section == NULL)
- {
- lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
- goto err;
- }
- }
-
- if (conf != NULL)
- {
- p=NCONF_get_string(conf,NULL,"oid_file");
- if (p == NULL)
- ERR_clear_error();
- if (p != NULL)
- {
- BIO *oid_bio;
-
- oid_bio=BIO_new_file(p,"r");
- if (oid_bio == NULL)
- {
- /*
- BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
- ERR_print_errors(bio_err);
- */
- ERR_clear_error();
- }
- else
- {
- OBJ_create_objects(oid_bio);
- BIO_free(oid_bio);
- }
- }
- if (!add_oid_section(bio_err,conf))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- }
-
- randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, bio_err, 0);
-
- f = NCONF_get_string(conf, section, STRING_MASK);
- if (!f)
- ERR_clear_error();
-
- if(f && !ASN1_STRING_set_default_mask_asc(f)) {
- BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
- goto err;
- }
-
- if (chtype != MBSTRING_UTF8){
- f = NCONF_get_string(conf, section, UTF8_IN);
- if (!f)
- ERR_clear_error();
- else if (!strcmp(f, "yes"))
- chtype = MBSTRING_UTF8;
- }
-
- db_attr.unique_subject = 1;
- p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
- if (p)
- {
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
-#endif
- db_attr.unique_subject = parse_yesno(p,1);
- }
- else
- ERR_clear_error();
-#ifdef RL_DEBUG
- if (!p)
- BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
-#endif
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
- db_attr.unique_subject);
-#endif
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- Sout=BIO_new(BIO_s_file());
- Cout=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- /*****************************************************************/
- /* report status of cert with serial number given on command line */
- if (ser_status)
- {
- if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
- {
- lookup_fail(section,ENV_DATABASE);
- goto err;
- }
- db = load_index(dbfile,&db_attr);
- if (db == NULL) goto err;
-
- if (!index_index(db)) goto err;
-
- if (get_certificate_status(ser_status,db) != 1)
- BIO_printf(bio_err,"Error verifying serial %s!\n",
- ser_status);
- goto err;
- }
-
- /*****************************************************************/
- /* we definitely need a private key, so let's get it */
-
- if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
- section,ENV_PRIVATE_KEY)) == NULL))
- {
- lookup_fail(section,ENV_PRIVATE_KEY);
- goto err;
- }
- if (!key)
- {
- free_key = 1;
- if (!app_passwd(bio_err, passargin, NULL, &key, NULL))
- {
- BIO_printf(bio_err,"Error getting password\n");
- goto err;
- }
- }
- pkey = load_key(bio_err, keyfile, keyform, 0, key, e,
- "CA private key");
- if (key) OPENSSL_cleanse(key,strlen(key));
- if (pkey == NULL)
- {
- /* load_key() has already printed an appropriate message */
- goto err;
- }
-
- /*****************************************************************/
- /* we need a certificate */
- if (!selfsign || spkac_file || ss_cert_file || gencrl)
- {
- if ((certfile == NULL)
- && ((certfile=NCONF_get_string(conf,
- section,ENV_CERTIFICATE)) == NULL))
- {
- lookup_fail(section,ENV_CERTIFICATE);
- goto err;
- }
- x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
- "CA certificate");
- if (x509 == NULL)
- goto err;
-
- if (!X509_check_private_key(x509,pkey))
- {
- BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
- goto err;
- }
- }
- if (!selfsign) x509p = x509;
-
- f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
- if (f == NULL)
- ERR_clear_error();
- if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
- preserve=1;
- f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
- if (f == NULL)
- ERR_clear_error();
- if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
- msie_hack=1;
-
- f=NCONF_get_string(conf,section,ENV_NAMEOPT);
-
- if (f)
- {
- if (!set_name_ex(&nameopt, f))
- {
- BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
- goto err;
- }
- default_op = 0;
- }
- else
- ERR_clear_error();
-
- f=NCONF_get_string(conf,section,ENV_CERTOPT);
-
- if (f)
- {
- if (!set_cert_ex(&certopt, f))
- {
- BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
- goto err;
- }
- default_op = 0;
- }
- else
- ERR_clear_error();
-
- f=NCONF_get_string(conf,section,ENV_EXTCOPY);
-
- if (f)
- {
- if (!set_ext_copy(&ext_copy, f))
- {
- BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
- goto err;
- }
- }
- else
- ERR_clear_error();
-
- /*****************************************************************/
- /* lookup where to write new certificates */
- if ((outdir == NULL) && (req))
- {
- struct stat sb;
-
- if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
- == NULL)
- {
- BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
- goto err;
- }
-#ifndef OPENSSL_SYS_VMS
- /* outdir is a directory spec, but access() for VMS demands a
- filename. In any case, stat(), below, will catch the problem
- if outdir is not a directory spec, and the fopen() or open()
- will catch an error if there is no write access.
-
- Presumably, this problem could also be solved by using the DEC
- C routines to convert the directory syntax to Unixly, and give
- that to access(). However, time's too short to do that just
- now.
- */
- if (access(outdir,R_OK|W_OK|X_OK) != 0)
- {
- BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
- perror(outdir);
- goto err;
- }
-
- if (stat(outdir,&sb) != 0)
- {
- BIO_printf(bio_err,"unable to stat(%s)\n",outdir);
- perror(outdir);
- goto err;
- }
-#ifdef S_ISDIR
- if (!S_ISDIR(sb.st_mode))
- {
- BIO_printf(bio_err,"%s need to be a directory\n",outdir);
- perror(outdir);
- goto err;
- }
-#endif
-#endif
- }
-
- /*****************************************************************/
- /* we need to load the database file */
- if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
- {
- lookup_fail(section,ENV_DATABASE);
- goto err;
- }
- db = load_index(dbfile, &db_attr);
- if (db == NULL) goto err;
-
- /* Lets check some fields */
- for (i=0; i<sk_num(db->db->data); i++)
- {
- pp=(const char **)sk_value(db->db->data,i);
- if ((pp[DB_type][0] != DB_TYPE_REV) &&
- (pp[DB_rev_date][0] != '\0'))
- {
- BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1);
- goto err;
- }
- if ((pp[DB_type][0] == DB_TYPE_REV) &&
- !make_revoked(NULL, pp[DB_rev_date]))
- {
- BIO_printf(bio_err," in entry %d\n", i+1);
- goto err;
- }
- if (!check_time_format(pp[DB_exp_date]))
- {
- BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
- goto err;
- }
- p=pp[DB_serial];
- j=strlen(p);
- if (*p == '-')
- {
- p++;
- j--;
- }
- if ((j&1) || (j < 2))
- {
- BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);
- goto err;
- }
- while (*p)
- {
- if (!( ((*p >= '0') && (*p <= '9')) ||
- ((*p >= 'A') && (*p <= 'F')) ||
- ((*p >= 'a') && (*p <= 'f'))) )
- {
- BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p);
- goto err;
- }
- p++;
- }
- }
- if (verbose)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- TXT_DB_write(out,db->db);
- BIO_printf(bio_err,"%d entries loaded from the database\n",
- db->db->data->num);
- BIO_printf(bio_err,"generating index\n");
- }
-
- if (!index_index(db)) goto err;
-
- /*****************************************************************/
- /* Update the db file for expired certificates */
- if (doupdatedb)
- {
- if (verbose)
- BIO_printf(bio_err, "Updating %s ...\n",
- dbfile);
-
- i = do_updatedb(db);
- if (i == -1)
- {
- BIO_printf(bio_err,"Malloc failure\n");
- goto err;
- }
- else if (i == 0)
- {
- if (verbose) BIO_printf(bio_err,
- "No entries found to mark expired\n");
- }
- else
- {
- if (!save_index(dbfile,"new",db)) goto err;
-
- if (!rotate_index(dbfile,"new","old")) goto err;
-
- if (verbose) BIO_printf(bio_err,
- "Done. %d entries marked as expired\n",i);
- }
- }
-
- /*****************************************************************/
- /* Read extentions config file */
- if (extfile)
- {
- extconf = NCONF_new(NULL);
- if (NCONF_load(extconf,extfile,&errorline) <= 0)
- {
- if (errorline <= 0)
- BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
- extfile);
- else
- BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n",
- errorline,extfile);
- ret = 1;
- goto err;
- }
-
- if (verbose)
- BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);
-
- /* We can have sections in the ext file */
- if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
- extensions = "default";
- }
-
- /*****************************************************************/
- if (req || gencrl)
- {
- if (outfile != NULL)
- {
- if (BIO_write_filename(Sout,outfile) <= 0)
- {
- perror(outfile);
- goto err;
- }
- }
- else
- {
- BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- Sout = BIO_push(tmpbio, Sout);
- }
-#endif
- }
- }
-
- if ((md == NULL) && ((md=NCONF_get_string(conf,
- section,ENV_DEFAULT_MD)) == NULL))
- {
- lookup_fail(section,ENV_DEFAULT_MD);
- goto err;
- }
-
- if ((dgst=EVP_get_digestbyname(md)) == NULL)
- {
- BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
- goto err;
- }
-
- if (req)
- {
- if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
- section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
- {
- if(strcmp(tmp_email_dn,"no") == 0)
- email_dn=0;
- }
- if (verbose)
- BIO_printf(bio_err,"message digest is %s\n",
- OBJ_nid2ln(dgst->type));
- if ((policy == NULL) && ((policy=NCONF_get_string(conf,
- section,ENV_POLICY)) == NULL))
- {
- lookup_fail(section,ENV_POLICY);
- goto err;
- }
- if (verbose)
- BIO_printf(bio_err,"policy is %s\n",policy);
-
- if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
- == NULL)
- {
- lookup_fail(section,ENV_SERIAL);
- goto err;
- }
-
- if (!extconf)
- {
- /* no '-extfile' option, so we look for extensions
- * in the main configuration file */
- if (!extensions)
- {
- extensions=NCONF_get_string(conf,section,
- ENV_EXTENSIONS);
- if (!extensions)
- ERR_clear_error();
- }
- if (extensions)
- {
- /* Check syntax of file */
- X509V3_CTX ctx;
- X509V3_set_ctx_test(&ctx);
- X509V3_set_nconf(&ctx, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
- NULL))
- {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- extensions);
- ret = 1;
- goto err;
- }
- }
- }
-
- if (startdate == NULL)
- {
- startdate=NCONF_get_string(conf,section,
- ENV_DEFAULT_STARTDATE);
- if (startdate == NULL)
- ERR_clear_error();
- }
- if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
- {
- BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
- goto err;
- }
- if (startdate == NULL) startdate="today";
-
- if (enddate == NULL)
- {
- enddate=NCONF_get_string(conf,section,
- ENV_DEFAULT_ENDDATE);
- if (enddate == NULL)
- ERR_clear_error();
- }
- if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
- {
- BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
- goto err;
- }
-
- if (days == 0)
- {
- if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
- days = 0;
- }
- if (!enddate && (days == 0))
- {
- BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
- goto err;
- }
-
- if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)
- {
- BIO_printf(bio_err,"error while loading serial number\n");
- goto err;
- }
- if (verbose)
- {
- if (BN_is_zero(serial))
- BIO_printf(bio_err,"next serial number is 00\n");
- else
- {
- if ((f=BN_bn2hex(serial)) == NULL) goto err;
- BIO_printf(bio_err,"next serial number is %s\n",f);
- OPENSSL_free(f);
- }
- }
-
- if ((attribs=NCONF_get_section(conf,policy)) == NULL)
- {
- BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
- goto err;
- }
-
- if ((cert_sk=sk_X509_new_null()) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- if (spkac_file != NULL)
- {
- total++;
- j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
- serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions,
- conf,verbose,certopt,nameopt,default_op,ext_copy);
- if (j < 0) goto err;
- if (j > 0)
- {
- total_done++;
- BIO_printf(bio_err,"\n");
- if (!BN_add_word(serial,1)) goto err;
- if (!sk_X509_push(cert_sk,x))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- if (outfile)
- {
- output_der = 1;
- batch = 1;
- }
- }
- }
- if (ss_cert_file != NULL)
- {
- total++;
- j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
- db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
- extensions,conf,verbose, certopt, nameopt,
- default_op, ext_copy, e);
- if (j < 0) goto err;
- if (j > 0)
- {
- total_done++;
- BIO_printf(bio_err,"\n");
- if (!BN_add_word(serial,1)) goto err;
- if (!sk_X509_push(cert_sk,x))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- }
- }
- if (infile != NULL)
- {
- total++;
- j=certify(&x,infile,pkey,x509p,dgst,attribs,db,
- serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
- extensions,conf,verbose, certopt, nameopt,
- default_op, ext_copy, selfsign);
- if (j < 0) goto err;
- if (j > 0)
- {
- total_done++;
- BIO_printf(bio_err,"\n");
- if (!BN_add_word(serial,1)) goto err;
- if (!sk_X509_push(cert_sk,x))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- }
- }
- for (i=0; i<argc; i++)
- {
- total++;
- j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db,
- serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
- extensions,conf,verbose, certopt, nameopt,
- default_op, ext_copy, selfsign);
- if (j < 0) goto err;
- if (j > 0)
- {
- total_done++;
- BIO_printf(bio_err,"\n");
- if (!BN_add_word(serial,1)) goto err;
- if (!sk_X509_push(cert_sk,x))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- }
- }
- /* we have a stack of newly certified certificates
- * and a data base and serial number that need
- * updating */
-
- if (sk_X509_num(cert_sk) > 0)
- {
- if (!batch)
- {
- BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
- (void)BIO_flush(bio_err);
- buf[0][0]='\0';
- if (!fgets(buf[0],10,stdin))
- {
- BIO_printf(bio_err,"CERTIFICATION CANCELED: I/O error\n");
- ret=0;
- goto err;
- }
- if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
- {
- BIO_printf(bio_err,"CERTIFICATION CANCELED\n");
- ret=0;
- goto err;
- }
- }
-
- BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
-
- if (!save_serial(serialfile,"new",serial,NULL)) goto err;
-
- if (!save_index(dbfile, "new", db)) goto err;
- }
-
- if (verbose)
- BIO_printf(bio_err,"writing new certificates\n");
- for (i=0; i<sk_X509_num(cert_sk); i++)
- {
- int k;
- char *n;
-
- x=sk_X509_value(cert_sk,i);
-
- j=x->cert_info->serialNumber->length;
- p=(const char *)x->cert_info->serialNumber->data;
-
- if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
- {
- BIO_printf(bio_err,"certificate file name too long\n");
- goto err;
- }
-
- strcpy(buf[2],outdir);
-
-#ifndef OPENSSL_SYS_VMS
- BUF_strlcat(buf[2],"/",sizeof(buf[2]));
-#endif
-
- n=(char *)&(buf[2][strlen(buf[2])]);
- if (j > 0)
- {
- for (k=0; k<j; k++)
- {
- if (n >= &(buf[2][sizeof(buf[2])]))
- break;
- BIO_snprintf(n,
- &buf[2][0] + sizeof(buf[2]) - n,
- "%02X",(unsigned char)*(p++));
- n+=2;
- }
- }
- else
- {
- *(n++)='0';
- *(n++)='0';
- }
- *(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m';
- *n='\0';
- if (verbose)
- BIO_printf(bio_err,"writing %s\n",buf[2]);
-
- if (BIO_write_filename(Cout,buf[2]) <= 0)
- {
- perror(buf[2]);
- goto err;
- }
- write_new_certificate(Cout,x, 0, notext);
- write_new_certificate(Sout,x, output_der, notext);
- }
-
- if (sk_X509_num(cert_sk))
- {
- /* Rename the database and the serial file */
- if (!rotate_serial(serialfile,"new","old")) goto err;
-
- if (!rotate_index(dbfile,"new","old")) goto err;
-
- BIO_printf(bio_err,"Data Base Updated\n");
- }
- }
-
- /*****************************************************************/
- if (gencrl)
- {
- int crl_v2 = 0;
- if (!crl_ext)
- {
- crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
- if (!crl_ext)
- ERR_clear_error();
- }
- if (crl_ext)
- {
- /* Check syntax of file */
- X509V3_CTX ctx;
- X509V3_set_ctx_test(&ctx);
- X509V3_set_nconf(&ctx, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
- {
- BIO_printf(bio_err,
- "Error Loading CRL extension section %s\n",
- crl_ext);
- ret = 1;
- goto err;
- }
- }
-
- if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
- != NULL)
- if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
- {
- BIO_printf(bio_err,"error while loading CRL number\n");
- goto err;
- }
-
- if (!crldays && !crlhours)
- {
- if (!NCONF_get_number(conf,section,
- ENV_DEFAULT_CRL_DAYS, &crldays))
- crldays = 0;
- if (!NCONF_get_number(conf,section,
- ENV_DEFAULT_CRL_HOURS, &crlhours))
- crlhours = 0;
- }
- if ((crldays == 0) && (crlhours == 0))
- {
- BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
- goto err;
- }
-
- if (verbose) BIO_printf(bio_err,"making CRL\n");
- if ((crl=X509_CRL_new()) == NULL) goto err;
- if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;
-
- tmptm = ASN1_TIME_new();
- if (!tmptm) goto err;
- X509_gmtime_adj(tmptm,0);
- X509_CRL_set_lastUpdate(crl, tmptm);
- X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60);
- X509_CRL_set_nextUpdate(crl, tmptm);
-
- ASN1_TIME_free(tmptm);
-
- for (i=0; i<sk_num(db->db->data); i++)
- {
- pp=(const char **)sk_value(db->db->data,i);
- if (pp[DB_type][0] == DB_TYPE_REV)
- {
- if ((r=X509_REVOKED_new()) == NULL) goto err;
- j = make_revoked(r, pp[DB_rev_date]);
- if (!j) goto err;
- if (j == 2) crl_v2 = 1;
- if (!BN_hex2bn(&serial, pp[DB_serial]))
- goto err;
- tmpser = BN_to_ASN1_INTEGER(serial, NULL);
- BN_free(serial);
- serial = NULL;
- if (!tmpser)
- goto err;
- X509_REVOKED_set_serialNumber(r, tmpser);
- ASN1_INTEGER_free(tmpser);
- X509_CRL_add0_revoked(crl,r);
- }
- }
-
- /* sort the data so it will be written in serial
- * number order */
- X509_CRL_sort(crl);
-
- /* we now have a CRL */
- if (verbose) BIO_printf(bio_err,"signing CRL\n");
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- dgst=EVP_dss1();
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- dgst=EVP_ecdsa();
-#endif
-
- /* Add any extensions asked for */
-
- if (crl_ext || crlnumberfile != NULL)
- {
- X509V3_CTX crlctx;
- X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
- X509V3_set_nconf(&crlctx, conf);
-
- if (crl_ext)
- if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
- crl_ext, crl)) goto err;
- if (crlnumberfile != NULL)
- {
- tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
- if (!tmpser) goto err;
- X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
- ASN1_INTEGER_free(tmpser);
- crl_v2 = 1;
- if (!BN_add_word(crlnumber,1)) goto err;
- }
- }
- if (crl_ext || crl_v2)
- {
- if (!X509_CRL_set_version(crl, 1))
- goto err; /* version 2 CRL */
- }
-
-
- if (crlnumberfile != NULL) /* we have a CRL number that need updating */
- if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
-
- if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
-
- PEM_write_bio_X509_CRL(Sout,crl);
-
- if (crlnumberfile != NULL) /* Rename the crlnumber file */
- if (!rotate_serial(crlnumberfile,"new","old")) goto err;
-
- }
- /*****************************************************************/
- if (dorevoke)
- {
- if (infile == NULL)
- {
- BIO_printf(bio_err,"no input files\n");
- goto err;
- }
- else
- {
- X509 *revcert;
- revcert=load_cert(bio_err, infile, FORMAT_PEM,
- NULL, e, infile);
- if (revcert == NULL)
- goto err;
- j=do_revoke(revcert,db, rev_type, rev_arg);
- if (j <= 0) goto err;
- X509_free(revcert);
-
- if (!save_index(dbfile, "new", db)) goto err;
-
- if (!rotate_index(dbfile, "new", "old")) goto err;
-
- BIO_printf(bio_err,"Data Base Updated\n");
- }
- }
- /*****************************************************************/
- ret=0;
-err:
- if(tofree)
- OPENSSL_free(tofree);
- BIO_free_all(Cout);
- BIO_free_all(Sout);
- BIO_free_all(out);
- BIO_free_all(in);
-
- if (cert_sk)
- sk_X509_pop_free(cert_sk,X509_free);
-
- if (ret) ERR_print_errors(bio_err);
- app_RAND_write_file(randfile, bio_err);
- if (free_key && key)
- OPENSSL_free(key);
- BN_free(serial);
- free_index(db);
- EVP_PKEY_free(pkey);
- if (x509) X509_free(x509);
- X509_CRL_free(crl);
- NCONF_free(conf);
- NCONF_free(extconf);
- OBJ_cleanup();
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static void lookup_fail(const char *name, const char *tag)
- {
- BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
- }
-
-static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
- long days, int batch, char *ext_sect, CONF *lconf, int verbose,
- unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, int selfsign)
- {
- X509_REQ *req=NULL;
- BIO *in=NULL;
- EVP_PKEY *pktmp=NULL;
- int ok= -1,i;
-
- in=BIO_new(BIO_s_file());
-
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto err;
- }
- if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL)
- {
- BIO_printf(bio_err,"Error reading certificate request in %s\n",
- infile);
- goto err;
- }
- if (verbose)
- X509_REQ_print(bio_err,req);
-
- BIO_printf(bio_err,"Check that the request matches the signature\n");
-
- if (selfsign && !X509_REQ_check_private_key(req,pkey))
- {
- BIO_printf(bio_err,"Certificate request and CA private key do not match\n");
- ok=0;
- goto err;
- }
- if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)
- {
- BIO_printf(bio_err,"error unpacking public key\n");
- goto err;
- }
- i=X509_REQ_verify(req,pktmp);
- EVP_PKEY_free(pktmp);
- if (i < 0)
- {
- ok=0;
- BIO_printf(bio_err,"Signature verification problems....\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- if (i == 0)
- {
- ok=0;
- BIO_printf(bio_err,"Signature did not match the certificate request\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- else
- BIO_printf(bio_err,"Signature ok\n");
-
- ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn,
- startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
- certopt, nameopt, default_op, ext_copy, selfsign);
-
-err:
- if (req != NULL) X509_REQ_free(req);
- if (in != NULL) BIO_free(in);
- return(ok);
- }
-
-static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
- long days, int batch, char *ext_sect, CONF *lconf, int verbose,
- unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, ENGINE *e)
- {
- X509 *req=NULL;
- X509_REQ *rreq=NULL;
- EVP_PKEY *pktmp=NULL;
- int ok= -1,i;
-
- if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
- goto err;
- if (verbose)
- X509_print(bio_err,req);
-
- BIO_printf(bio_err,"Check that the request matches the signature\n");
-
- if ((pktmp=X509_get_pubkey(req)) == NULL)
- {
- BIO_printf(bio_err,"error unpacking public key\n");
- goto err;
- }
- i=X509_verify(req,pktmp);
- EVP_PKEY_free(pktmp);
- if (i < 0)
- {
- ok=0;
- BIO_printf(bio_err,"Signature verification problems....\n");
- goto err;
- }
- if (i == 0)
- {
- ok=0;
- BIO_printf(bio_err,"Signature did not match the certificate\n");
- goto err;
- }
- else
- BIO_printf(bio_err,"Signature ok\n");
-
- if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
- goto err;
-
- ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
- days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
- ext_copy, 0);
-
-err:
- if (rreq != NULL) X509_REQ_free(rreq);
- if (req != NULL) X509_free(req);
- return(ok);
- }
-
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
- unsigned long chtype, int multirdn,
- int email_dn, char *startdate, char *enddate, long days, int batch,
- int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
- unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, int selfsign)
- {
- X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;
- ASN1_UTCTIME *tm,*tmptm;
- ASN1_STRING *str,*str2;
- ASN1_OBJECT *obj;
- X509 *ret=NULL;
- X509_CINF *ci;
- X509_NAME_ENTRY *ne;
- X509_NAME_ENTRY *tne,*push;
- EVP_PKEY *pktmp;
- int ok= -1,i,j,last,nid;
- const char *p;
- CONF_VALUE *cv;
- char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
- char buf[25];
-
- tmptm=ASN1_UTCTIME_new();
- if (tmptm == NULL)
- {
- BIO_printf(bio_err,"malloc error\n");
- return(0);
- }
-
- for (i=0; i<DB_NUMBER; i++)
- row[i]=NULL;
-
- if (subj)
- {
- X509_NAME *n = parse_name(subj, chtype, multirdn);
-
- if (!n)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- X509_REQ_set_subject_name(req,n);
- req->req_info->enc.modified = 1;
- X509_NAME_free(n);
- }
-
- if (default_op)
- BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n");
-
- name=X509_REQ_get_subject_name(req);
- for (i=0; i<X509_NAME_entry_count(name); i++)
- {
- ne= X509_NAME_get_entry(name,i);
- str=X509_NAME_ENTRY_get_data(ne);
- obj=X509_NAME_ENTRY_get_object(ne);
-
- if (msie_hack)
- {
- /* assume all type should be strings */
- nid=OBJ_obj2nid(ne->object);
-
- if (str->type == V_ASN1_UNIVERSALSTRING)
- ASN1_UNIVERSALSTRING_to_string(str);
-
- if ((str->type == V_ASN1_IA5STRING) &&
- (nid != NID_pkcs9_emailAddress))
- str->type=V_ASN1_T61STRING;
-
- if ((nid == NID_pkcs9_emailAddress) &&
- (str->type == V_ASN1_PRINTABLESTRING))
- str->type=V_ASN1_IA5STRING;
- }
-
- /* If no EMAIL is wanted in the subject */
- if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
- continue;
-
- /* check some things */
- if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
- (str->type != V_ASN1_IA5STRING))
- {
- BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
- goto err;
- }
- if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING))
- {
- j=ASN1_PRINTABLE_type(str->data,str->length);
- if ( ((j == V_ASN1_T61STRING) &&
- (str->type != V_ASN1_T61STRING)) ||
- ((j == V_ASN1_IA5STRING) &&
- (str->type == V_ASN1_PRINTABLESTRING)))
- {
- BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
- goto err;
- }
- }
-
- if (default_op)
- old_entry_print(bio_err, obj, str);
- }
-
- /* Ok, now we check the 'policy' stuff. */
- if ((subject=X509_NAME_new()) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
-
- /* take a copy of the issuer name before we mess with it. */
- if (selfsign)
- CAname=X509_NAME_dup(name);
- else
- CAname=X509_NAME_dup(x509->cert_info->subject);
- if (CAname == NULL) goto err;
- str=str2=NULL;
-
- for (i=0; i<sk_CONF_VALUE_num(policy); i++)
- {
- cv=sk_CONF_VALUE_value(policy,i); /* get the object id */
- if ((j=OBJ_txt2nid(cv->name)) == NID_undef)
- {
- BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
- goto err;
- }
- obj=OBJ_nid2obj(j);
-
- last= -1;
- for (;;)
- {
- /* lookup the object in the supplied name list */
- j=X509_NAME_get_index_by_OBJ(name,obj,last);
- if (j < 0)
- {
- if (last != -1) break;
- tne=NULL;
- }
- else
- {
- tne=X509_NAME_get_entry(name,j);
- }
- last=j;
-
- /* depending on the 'policy', decide what to do. */
- push=NULL;
- if (strcmp(cv->value,"optional") == 0)
- {
- if (tne != NULL)
- push=tne;
- }
- else if (strcmp(cv->value,"supplied") == 0)
- {
- if (tne == NULL)
- {
- BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name);
- goto err;
- }
- else
- push=tne;
- }
- else if (strcmp(cv->value,"match") == 0)
- {
- int last2;
-
- if (tne == NULL)
- {
- BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name);
- goto err;
- }
-
- last2= -1;
-
-again2:
- j=X509_NAME_get_index_by_OBJ(CAname,obj,last2);
- if ((j < 0) && (last2 == -1))
- {
- BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name);
- goto err;
- }
- if (j >= 0)
- {
- push=X509_NAME_get_entry(CAname,j);
- str=X509_NAME_ENTRY_get_data(tne);
- str2=X509_NAME_ENTRY_get_data(push);
- last2=j;
- if (ASN1_STRING_cmp(str,str2) != 0)
- goto again2;
- }
- if (j < 0)
- {
- BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data));
- goto err;
- }
- }
- else
- {
- BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value);
- goto err;
- }
-
- if (push != NULL)
- {
- if (!X509_NAME_add_entry(subject,push, -1, 0))
- {
- if (push != NULL)
- X509_NAME_ENTRY_free(push);
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- }
- if (j < 0) break;
- }
- }
-
- if (preserve)
- {
- X509_NAME_free(subject);
- /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
- subject=X509_NAME_dup(name);
- if (subject == NULL) goto err;
- }
-
- if (verbose)
- BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
-
- /* Build the correct Subject if no e-mail is wanted in the subject */
- /* and add it later on because of the method extensions are added (altName) */
-
- if (email_dn)
- dn_subject = subject;
- else
- {
- X509_NAME_ENTRY *tmpne;
- /* Its best to dup the subject DN and then delete any email
- * addresses because this retains its structure.
- */
- if (!(dn_subject = X509_NAME_dup(subject)))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- while((i = X509_NAME_get_index_by_NID(dn_subject,
- NID_pkcs9_emailAddress, -1)) >= 0)
- {
- tmpne = X509_NAME_get_entry(dn_subject, i);
- X509_NAME_delete_entry(dn_subject, i);
- X509_NAME_ENTRY_free(tmpne);
- }
- }
-
- if (BN_is_zero(serial))
- row[DB_serial]=BUF_strdup("00");
- else
- row[DB_serial]=BN_bn2hex(serial);
- if (row[DB_serial] == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
-
- if (db->attributes.unique_subject)
- {
- rrow=TXT_DB_get_by_index(db->db,DB_name,row);
- if (rrow != NULL)
- {
- BIO_printf(bio_err,
- "ERROR:There is already a certificate for %s\n",
- row[DB_name]);
- }
- }
- if (rrow == NULL)
- {
- rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
- if (rrow != NULL)
- {
- BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
- row[DB_serial]);
- BIO_printf(bio_err," check the database/serial_file for corruption\n");
- }
- }
-
- if (rrow != NULL)
- {
- BIO_printf(bio_err,
- "The matching entry has the following details\n");
- if (rrow[DB_type][0] == 'E')
- p="Expired";
- else if (rrow[DB_type][0] == 'R')
- p="Revoked";
- else if (rrow[DB_type][0] == 'V')
- p="Valid";
- else
- p="\ninvalid type, Data base error\n";
- BIO_printf(bio_err,"Type :%s\n",p);;
- if (rrow[DB_type][0] == 'R')
- {
- p=rrow[DB_exp_date]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"Was revoked on:%s\n",p);
- }
- p=rrow[DB_exp_date]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"Expires on :%s\n",p);
- p=rrow[DB_serial]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"Serial Number :%s\n",p);
- p=rrow[DB_file]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"File name :%s\n",p);
- p=rrow[DB_name]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"Subject Name :%s\n",p);
- ok= -1; /* This is now a 'bad' error. */
- goto err;
- }
-
- /* We are now totally happy, lets make and sign the certificate */
- if (verbose)
- BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
-
- if ((ret=X509_new()) == NULL) goto err;
- ci=ret->cert_info;
-
-#ifdef X509_V3
- /* Make it an X509 v3 certificate. */
- if (!X509_set_version(ret,2)) goto err;
-#endif
-
- if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)
- goto err;
- if (selfsign)
- {
- if (!X509_set_issuer_name(ret,subject))
- goto err;
- }
- else
- {
- if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
- goto err;
- }
-
- if (strcmp(startdate,"today") == 0)
- X509_gmtime_adj(X509_get_notBefore(ret),0);
- else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
-
- if (enddate == NULL)
- X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
- else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
-
- if (!X509_set_subject_name(ret,subject)) goto err;
-
- pktmp=X509_REQ_get_pubkey(req);
- i = X509_set_pubkey(ret,pktmp);
- EVP_PKEY_free(pktmp);
- if (!i) goto err;
-
- /* Lets add the extensions, if there are any */
- if (ext_sect)
- {
- X509V3_CTX ctx;
- if (ci->version == NULL)
- if ((ci->version=ASN1_INTEGER_new()) == NULL)
- goto err;
- ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
-
- /* Free the current entries if any, there should not
- * be any I believe */
- if (ci->extensions != NULL)
- sk_X509_EXTENSION_pop_free(ci->extensions,
- X509_EXTENSION_free);
-
- ci->extensions = NULL;
-
- /* Initialize the context structure */
- if (selfsign)
- X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0);
- else
- X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
-
- if (extconf)
- {
- if (verbose)
- BIO_printf(bio_err, "Extra configuration file found\n");
-
- /* Use the extconf configuration db LHASH */
- X509V3_set_nconf(&ctx, extconf);
-
- /* Test the structure (needed?) */
- /* X509V3_set_ctx_test(&ctx); */
-
- /* Adds exts contained in the configuration file */
- if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
- {
- BIO_printf(bio_err,
- "ERROR: adding extensions in section %s\n",
- ext_sect);
- ERR_print_errors(bio_err);
- goto err;
- }
- if (verbose)
- BIO_printf(bio_err, "Successfully added extensions from file.\n");
- }
- else if (ext_sect)
- {
- /* We found extensions to be set from config file */
- X509V3_set_nconf(&ctx, lconf);
-
- if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
- {
- BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
- ERR_print_errors(bio_err);
- goto err;
- }
-
- if (verbose)
- BIO_printf(bio_err, "Successfully added extensions from config\n");
- }
- }
-
- /* Copy extensions from request (if any) */
-
- if (!copy_extensions(ret, req, ext_copy))
- {
- BIO_printf(bio_err, "ERROR: adding extensions from request\n");
- ERR_print_errors(bio_err);
- goto err;
- }
-
- /* Set the right value for the noemailDN option */
- if( email_dn == 0 )
- {
- if (!X509_set_subject_name(ret,dn_subject)) goto err;
- }
-
- if (!default_op)
- {
- BIO_printf(bio_err, "Certificate Details:\n");
- /* Never print signature details because signature not present */
- certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
- X509_print_ex(bio_err, ret, nameopt, certopt);
- }
-
- BIO_printf(bio_err,"Certificate is to be certified until ");
- ASN1_TIME_print(bio_err,X509_get_notAfter(ret));
- if (days) BIO_printf(bio_err," (%ld days)",days);
- BIO_printf(bio_err, "\n");
-
- if (!batch)
- {
-
- BIO_printf(bio_err,"Sign the certificate? [y/n]:");
- (void)BIO_flush(bio_err);
- buf[0]='\0';
- if (!fgets(buf,sizeof(buf)-1,stdin))
- {
- BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
- ok=0;
- goto err;
- }
- if (!((buf[0] == 'y') || (buf[0] == 'Y')))
- {
- BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");
- ok=0;
- goto err;
- }
- }
-
-
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
- pktmp=X509_get_pubkey(ret);
- if (EVP_PKEY_missing_parameters(pktmp) &&
- !EVP_PKEY_missing_parameters(pkey))
- EVP_PKEY_copy_parameters(pktmp,pkey);
- EVP_PKEY_free(pktmp);
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- dgst = EVP_ecdsa();
- pktmp = X509_get_pubkey(ret);
- if (EVP_PKEY_missing_parameters(pktmp) &&
- !EVP_PKEY_missing_parameters(pkey))
- EVP_PKEY_copy_parameters(pktmp, pkey);
- EVP_PKEY_free(pktmp);
-#endif
-
-
- if (!X509_sign(ret,pkey,dgst))
- goto err;
-
- /* We now just add it to the database */
- row[DB_type]=(char *)OPENSSL_malloc(2);
-
- tm=X509_get_notAfter(ret);
- row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
- memcpy(row[DB_exp_date],tm->data,tm->length);
- row[DB_exp_date][tm->length]='\0';
-
- row[DB_rev_date]=NULL;
-
- /* row[DB_serial] done already */
- row[DB_file]=(char *)OPENSSL_malloc(8);
- row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
-
- if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
- (row[DB_file] == NULL) || (row[DB_name] == NULL))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- BUF_strlcpy(row[DB_file],"unknown",8);
- row[DB_type][0]='V';
- row[DB_type][1]='\0';
-
- if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
-
- for (i=0; i<DB_NUMBER; i++)
- {
- irow[i]=row[i];
- row[i]=NULL;
- }
- irow[DB_NUMBER]=NULL;
-
- if (!TXT_DB_insert(db->db,irow))
- {
- BIO_printf(bio_err,"failed to update database\n");
- BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
- goto err;
- }
- ok=1;
-err:
- for (i=0; i<DB_NUMBER; i++)
- if (row[i] != NULL) OPENSSL_free(row[i]);
-
- if (CAname != NULL)
- X509_NAME_free(CAname);
- if (subject != NULL)
- X509_NAME_free(subject);
- if ((dn_subject != NULL) && !email_dn)
- X509_NAME_free(dn_subject);
- if (tmptm != NULL)
- ASN1_UTCTIME_free(tmptm);
- if (ok <= 0)
- {
- if (ret != NULL) X509_free(ret);
- ret=NULL;
- }
- else
- *xret=ret;
- return(ok);
- }
-
-static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
- {
-
- if (output_der)
- {
- (void)i2d_X509_bio(bp,x);
- return;
- }
-#if 0
- /* ??? Not needed since X509_print prints all this stuff anyway */
- f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
- BIO_printf(bp,"issuer :%s\n",f);
-
- f=X509_NAME_oneline(X509_get_subject_name(x),buf,256);
- BIO_printf(bp,"subject:%s\n",f);
-
- BIO_puts(bp,"serial :");
- i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
- BIO_puts(bp,"\n\n");
-#endif
- if (!notext)X509_print(bp,x);
- PEM_write_bio_X509(bp,x);
- }
-
-static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
- long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy)
- {
- STACK_OF(CONF_VALUE) *sk=NULL;
- LHASH *parms=NULL;
- X509_REQ *req=NULL;
- CONF_VALUE *cv=NULL;
- NETSCAPE_SPKI *spki = NULL;
- X509_REQ_INFO *ri;
- char *type,*buf;
- EVP_PKEY *pktmp=NULL;
- X509_NAME *n=NULL;
- X509_NAME_ENTRY *ne=NULL;
- int ok= -1,i,j;
- long errline;
- int nid;
-
- /*
- * Load input file into a hash table. (This is just an easy
- * way to read and parse the file, then put it into a convenient
- * STACK format).
- */
- parms=CONF_load(NULL,infile,&errline);
- if (parms == NULL)
- {
- BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile);
- ERR_print_errors(bio_err);
- goto err;
- }
-
- sk=CONF_get_section(parms, "default");
- if (sk_CONF_VALUE_num(sk) == 0)
- {
- BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
- CONF_free(parms);
- goto err;
- }
-
- /*
- * Now create a dummy X509 request structure. We don't actually
- * have an X509 request, but we have many of the components
- * (a public key, various DN components). The idea is that we
- * put these components into the right X509 request structure
- * and we can use the same code as if you had a real X509 request.
- */
- req=X509_REQ_new();
- if (req == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- /*
- * Build up the subject name set.
- */
- ri=req->req_info;
- n = ri->subject;
-
- for (i = 0; ; i++)
- {
- if (sk_CONF_VALUE_num(sk) <= i) break;
-
- cv=sk_CONF_VALUE_value(sk,i);
- type=cv->name;
- /* Skip past any leading X. X: X, etc to allow for
- * multiple instances
- */
- for (buf = cv->name; *buf ; buf++)
- if ((*buf == ':') || (*buf == ',') || (*buf == '.'))
- {
- buf++;
- if (*buf) type = buf;
- break;
- }
-
- buf=cv->value;
- if ((nid=OBJ_txt2nid(type)) == NID_undef)
- {
- if (strcmp(type, "SPKAC") == 0)
- {
- spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
- if (spki == NULL)
- {
- BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- continue;
- }
-
- if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
- (unsigned char *)buf, -1, -1, 0))
- goto err;
- }
- if (spki == NULL)
- {
- BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n",
- infile);
- goto err;
- }
-
- /*
- * Now extract the key from the SPKI structure.
- */
-
- BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n");
-
- if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL)
- {
- BIO_printf(bio_err,"error unpacking SPKAC public key\n");
- goto err;
- }
-
- j = NETSCAPE_SPKI_verify(spki, pktmp);
- if (j <= 0)
- {
- BIO_printf(bio_err,"signature verification failed on SPKAC public key\n");
- goto err;
- }
- BIO_printf(bio_err,"Signature ok\n");
-
- X509_REQ_set_pubkey(req,pktmp);
- EVP_PKEY_free(pktmp);
- ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
- days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op,
- ext_copy, 0);
-err:
- if (req != NULL) X509_REQ_free(req);
- if (parms != NULL) CONF_free(parms);
- if (spki != NULL) NETSCAPE_SPKI_free(spki);
- if (ne != NULL) X509_NAME_ENTRY_free(ne);
-
- return(ok);
- }
-
-static int check_time_format(const char *str)
- {
- ASN1_TIME tm;
-
- tm.data=(unsigned char *)str;
- tm.length=strlen(str);
- tm.type=V_ASN1_UTCTIME;
- if (ASN1_TIME_check(&tm))
- return 1;
- tm.type=V_ASN1_GENERALIZEDTIME;
- return ASN1_TIME_check(&tm);
- }
-
-static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
- {
- ASN1_UTCTIME *tm=NULL;
- char *row[DB_NUMBER],**rrow,**irow;
- char *rev_str = NULL;
- BIGNUM *bn = NULL;
- int ok=-1,i;
-
- for (i=0; i<DB_NUMBER; i++)
- row[i]=NULL;
- row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
- bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
- if (BN_is_zero(bn))
- row[DB_serial]=BUF_strdup("00");
- else
- row[DB_serial]=BN_bn2hex(bn);
- BN_free(bn);
- if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- /* We have to lookup by serial number because name lookup
- * skips revoked certs
- */
- rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
- if (rrow == NULL)
- {
- BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
-
- /* We now just add it to the database */
- row[DB_type]=(char *)OPENSSL_malloc(2);
-
- tm=X509_get_notAfter(x509);
- row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
- memcpy(row[DB_exp_date],tm->data,tm->length);
- row[DB_exp_date][tm->length]='\0';
-
- row[DB_rev_date]=NULL;
-
- /* row[DB_serial] done already */
- row[DB_file]=(char *)OPENSSL_malloc(8);
-
- /* row[DB_name] done already */
-
- if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
- (row[DB_file] == NULL))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- BUF_strlcpy(row[DB_file],"unknown",8);
- row[DB_type][0]='V';
- row[DB_type][1]='\0';
-
- if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
-
- for (i=0; i<DB_NUMBER; i++)
- {
- irow[i]=row[i];
- row[i]=NULL;
- }
- irow[DB_NUMBER]=NULL;
-
- if (!TXT_DB_insert(db->db,irow))
- {
- BIO_printf(bio_err,"failed to update database\n");
- BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
- goto err;
- }
-
- /* Revoke Certificate */
- ok = do_revoke(x509,db, type, value);
-
- goto err;
-
- }
- else if (index_name_cmp((const char **)row,(const char **)rrow))
- {
- BIO_printf(bio_err,"ERROR:name does not match %s\n",
- row[DB_name]);
- goto err;
- }
- else if (rrow[DB_type][0]=='R')
- {
- BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
- row[DB_serial]);
- goto err;
- }
- else
- {
- BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
- rev_str = make_revocation_str(type, value);
- if (!rev_str)
- {
- BIO_printf(bio_err, "Error in revocation arguments\n");
- goto err;
- }
- rrow[DB_type][0]='R';
- rrow[DB_type][1]='\0';
- rrow[DB_rev_date] = rev_str;
- }
- ok=1;
-err:
- for (i=0; i<DB_NUMBER; i++)
- {
- if (row[i] != NULL)
- OPENSSL_free(row[i]);
- }
- return(ok);
- }
-
-static int get_certificate_status(const char *serial, CA_DB *db)
- {
- char *row[DB_NUMBER],**rrow;
- int ok=-1,i;
-
- /* Free Resources */
- for (i=0; i<DB_NUMBER; i++)
- row[i]=NULL;
-
- /* Malloc needed char spaces */
- row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2);
- if (row[DB_serial] == NULL)
- {
- BIO_printf(bio_err,"Malloc failure\n");
- goto err;
- }
-
- if (strlen(serial) % 2)
- {
- /* Set the first char to 0 */;
- row[DB_serial][0]='0';
-
- /* Copy String from serial to row[DB_serial] */
- memcpy(row[DB_serial]+1, serial, strlen(serial));
- row[DB_serial][strlen(serial)+1]='\0';
- }
- else
- {
- /* Copy String from serial to row[DB_serial] */
- memcpy(row[DB_serial], serial, strlen(serial));
- row[DB_serial][strlen(serial)]='\0';
- }
-
- /* Make it Upper Case */
- for (i=0; row[DB_serial][i] != '\0'; i++)
- row[DB_serial][i] = toupper(row[DB_serial][i]);
-
-
- ok=1;
-
- /* Search for the certificate */
- rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
- if (rrow == NULL)
- {
- BIO_printf(bio_err,"Serial %s not present in db.\n",
- row[DB_serial]);
- ok=-1;
- goto err;
- }
- else if (rrow[DB_type][0]=='V')
- {
- BIO_printf(bio_err,"%s=Valid (%c)\n",
- row[DB_serial], rrow[DB_type][0]);
- goto err;
- }
- else if (rrow[DB_type][0]=='R')
- {
- BIO_printf(bio_err,"%s=Revoked (%c)\n",
- row[DB_serial], rrow[DB_type][0]);
- goto err;
- }
- else if (rrow[DB_type][0]=='E')
- {
- BIO_printf(bio_err,"%s=Expired (%c)\n",
- row[DB_serial], rrow[DB_type][0]);
- goto err;
- }
- else if (rrow[DB_type][0]=='S')
- {
- BIO_printf(bio_err,"%s=Suspended (%c)\n",
- row[DB_serial], rrow[DB_type][0]);
- goto err;
- }
- else
- {
- BIO_printf(bio_err,"%s=Unknown (%c).\n",
- row[DB_serial], rrow[DB_type][0]);
- ok=-1;
- }
-err:
- for (i=0; i<DB_NUMBER; i++)
- {
- if (row[i] != NULL)
- OPENSSL_free(row[i]);
- }
- return(ok);
- }
-
-static int do_updatedb (CA_DB *db)
- {
- ASN1_UTCTIME *a_tm = NULL;
- int i, cnt = 0;
- int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
- char **rrow, *a_tm_s;
-
- a_tm = ASN1_UTCTIME_new();
-
- /* get actual time and make a string */
- a_tm = X509_gmtime_adj(a_tm, 0);
- a_tm_s = (char *) OPENSSL_malloc(a_tm->length+1);
- if (a_tm_s == NULL)
- {
- cnt = -1;
- goto err;
- }
-
- memcpy(a_tm_s, a_tm->data, a_tm->length);
- a_tm_s[a_tm->length] = '\0';
-
- if (strncmp(a_tm_s, "49", 2) <= 0)
- a_y2k = 1;
- else
- a_y2k = 0;
-
- for (i = 0; i < sk_num(db->db->data); i++)
- {
- rrow = (char **) sk_value(db->db->data, i);
-
- if (rrow[DB_type][0] == 'V')
- {
- /* ignore entries that are not valid */
- if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
- db_y2k = 1;
- else
- db_y2k = 0;
-
- if (db_y2k == a_y2k)
- {
- /* all on the same y2k side */
- if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0)
- {
- rrow[DB_type][0] = 'E';
- rrow[DB_type][1] = '\0';
- cnt++;
-
- BIO_printf(bio_err, "%s=Expired\n",
- rrow[DB_serial]);
- }
- }
- else if (db_y2k < a_y2k)
- {
- rrow[DB_type][0] = 'E';
- rrow[DB_type][1] = '\0';
- cnt++;
-
- BIO_printf(bio_err, "%s=Expired\n",
- rrow[DB_serial]);
- }
-
- }
- }
-
-err:
-
- ASN1_UTCTIME_free(a_tm);
- OPENSSL_free(a_tm_s);
-
- return (cnt);
- }
-
-static const char *crl_reasons[] = {
- /* CRL reason strings */
- "unspecified",
- "keyCompromise",
- "CACompromise",
- "affiliationChanged",
- "superseded",
- "cessationOfOperation",
- "certificateHold",
- "removeFromCRL",
- /* Additional pseudo reasons */
- "holdInstruction",
- "keyTime",
- "CAkeyTime"
-};
-
-#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *))
-
-/* Given revocation information convert to a DB string.
- * The format of the string is:
- * revtime[,reason,extra]. Where 'revtime' is the
- * revocation time (the current time). 'reason' is the
- * optional CRL reason and 'extra' is any additional
- * argument
- */
-
-char *make_revocation_str(int rev_type, char *rev_arg)
- {
- char *other = NULL, *str;
- const char *reason = NULL;
- ASN1_OBJECT *otmp;
- ASN1_UTCTIME *revtm = NULL;
- int i;
- switch (rev_type)
- {
- case REV_NONE:
- break;
-
- case REV_CRL_REASON:
- for (i = 0; i < 8; i++)
- {
- if (!strcasecmp(rev_arg, crl_reasons[i]))
- {
- reason = crl_reasons[i];
- break;
- }
- }
- if (reason == NULL)
- {
- BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);
- return NULL;
- }
- break;
-
- case REV_HOLD:
- /* Argument is an OID */
-
- otmp = OBJ_txt2obj(rev_arg, 0);
- ASN1_OBJECT_free(otmp);
-
- if (otmp == NULL)
- {
- BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
- return NULL;
- }
-
- reason = "holdInstruction";
- other = rev_arg;
- break;
-
- case REV_KEY_COMPROMISE:
- case REV_CA_COMPROMISE:
-
- /* Argument is the key compromise time */
- if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg))
- {
- BIO_printf(bio_err, "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", rev_arg);
- return NULL;
- }
- other = rev_arg;
- if (rev_type == REV_KEY_COMPROMISE)
- reason = "keyTime";
- else
- reason = "CAkeyTime";
-
- break;
-
- }
-
- revtm = X509_gmtime_adj(NULL, 0);
-
- if (!revtm)
- return NULL;
-
- i = revtm->length + 1;
-
- if (reason) i += strlen(reason) + 1;
- if (other) i += strlen(other) + 1;
-
- str = OPENSSL_malloc(i);
-
- if (!str) return NULL;
-
- BUF_strlcpy(str, (char *)revtm->data, i);
- if (reason)
- {
- BUF_strlcat(str, ",", i);
- BUF_strlcat(str, reason, i);
- }
- if (other)
- {
- BUF_strlcat(str, ",", i);
- BUF_strlcat(str, other, i);
- }
- ASN1_UTCTIME_free(revtm);
- return str;
- }
-
-/* Convert revocation field to X509_REVOKED entry
- * return code:
- * 0 error
- * 1 OK
- * 2 OK and some extensions added (i.e. V2 CRL)
- */
-
-
-int make_revoked(X509_REVOKED *rev, const char *str)
- {
- char *tmp = NULL;
- int reason_code = -1;
- int i, ret = 0;
- ASN1_OBJECT *hold = NULL;
- ASN1_GENERALIZEDTIME *comp_time = NULL;
- ASN1_ENUMERATED *rtmp = NULL;
-
- ASN1_TIME *revDate = NULL;
-
- i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
-
- if (i == 0)
- goto err;
-
- if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
- goto err;
-
- if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS))
- {
- rtmp = ASN1_ENUMERATED_new();
- if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
- goto err;
- if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
- goto err;
- }
-
- if (rev && comp_time)
- {
- if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0))
- goto err;
- }
- if (rev && hold)
- {
- if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0))
- goto err;
- }
-
- if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
- ret = 2;
- else ret = 1;
-
- err:
-
- if (tmp) OPENSSL_free(tmp);
- ASN1_OBJECT_free(hold);
- ASN1_GENERALIZEDTIME_free(comp_time);
- ASN1_ENUMERATED_free(rtmp);
- ASN1_TIME_free(revDate);
-
- return ret;
- }
-
-int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
- {
- char buf[25],*pbuf, *p;
- int j;
- j=i2a_ASN1_OBJECT(bp,obj);
- pbuf=buf;
- for (j=22-j; j>0; j--)
- *(pbuf++)=' ';
- *(pbuf++)=':';
- *(pbuf++)='\0';
- BIO_puts(bp,buf);
-
- if (str->type == V_ASN1_PRINTABLESTRING)
- BIO_printf(bp,"PRINTABLE:'");
- else if (str->type == V_ASN1_T61STRING)
- BIO_printf(bp,"T61STRING:'");
- else if (str->type == V_ASN1_IA5STRING)
- BIO_printf(bp,"IA5STRING:'");
- else if (str->type == V_ASN1_UNIVERSALSTRING)
- BIO_printf(bp,"UNIVERSALSTRING:'");
- else
- BIO_printf(bp,"ASN.1 %2d:'",str->type);
-
- p=(char *)str->data;
- for (j=str->length; j>0; j--)
- {
-#ifdef CHARSET_EBCDIC
- if ((*p >= 0x20) && (*p <= 0x7e))
- BIO_printf(bp,"%c",os_toebcdic[*p]);
-#else
- if ((*p >= ' ') && (*p <= '~'))
- BIO_printf(bp,"%c",*p);
-#endif
- else if (*p & 0x80)
- BIO_printf(bp,"\\0x%02X",*p);
- else if ((unsigned char)*p == 0xf7)
- BIO_printf(bp,"^?");
-#ifdef CHARSET_EBCDIC
- else BIO_printf(bp,"^%c",os_toebcdic[*p+0x40]);
-#else
- else BIO_printf(bp,"^%c",*p+'@');
-#endif
- p++;
- }
- BIO_printf(bp,"'\n");
- return 1;
- }
-
-int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str)
- {
- char *tmp = NULL;
- char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
- int reason_code = -1;
- int ret = 0;
- unsigned int i;
- ASN1_OBJECT *hold = NULL;
- ASN1_GENERALIZEDTIME *comp_time = NULL;
- tmp = BUF_strdup(str);
-
- p = strchr(tmp, ',');
-
- rtime_str = tmp;
-
- if (p)
- {
- *p = '\0';
- p++;
- reason_str = p;
- p = strchr(p, ',');
- if (p)
- {
- *p = '\0';
- arg_str = p + 1;
- }
- }
-
- if (prevtm)
- {
- *prevtm = ASN1_UTCTIME_new();
- if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str))
- {
- BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
- goto err;
- }
- }
- if (reason_str)
- {
- for (i = 0; i < NUM_REASONS; i++)
- {
- if(!strcasecmp(reason_str, crl_reasons[i]))
- {
- reason_code = i;
- break;
- }
- }
- if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS)
- {
- BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
- goto err;
- }
-
- if (reason_code == 7)
- reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
- else if (reason_code == 8) /* Hold instruction */
- {
- if (!arg_str)
- {
- BIO_printf(bio_err, "missing hold instruction\n");
- goto err;
- }
- reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
- hold = OBJ_txt2obj(arg_str, 0);
-
- if (!hold)
- {
- BIO_printf(bio_err, "invalid object identifier %s\n", arg_str);
- goto err;
- }
- if (phold) *phold = hold;
- }
- else if ((reason_code == 9) || (reason_code == 10))
- {
- if (!arg_str)
- {
- BIO_printf(bio_err, "missing compromised time\n");
- goto err;
- }
- comp_time = ASN1_GENERALIZEDTIME_new();
- if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str))
- {
- BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
- goto err;
- }
- if (reason_code == 9)
- reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
- else
- reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
- }
- }
-
- if (preason) *preason = reason_code;
- if (pinvtm) *pinvtm = comp_time;
- else ASN1_GENERALIZEDTIME_free(comp_time);
-
- ret = 1;
-
- err:
-
- if (tmp) OPENSSL_free(tmp);
- if (!phold) ASN1_OBJECT_free(hold);
- if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time);
-
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/ca.c (from rev 6976, vendor-crypto/openssl/dist/apps/ca.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/ca.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/ca.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2879 @@
+/* apps/ca.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* The PPKI stuff has been donated by Jeff Barber <jeffb at issl.atl.hp.com> */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <openssl/conf.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/txt_db.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/ocsp.h>
+#include <openssl/pem.h>
+
+#ifndef W_OK
+# ifdef OPENSSL_SYS_VMS
+# if defined(__DECC)
+# include <unistd.h>
+# else
+# include <unixlib.h>
+# endif
+# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE) && !defined(__TANDEM)
+# include <sys/file.h>
+# endif
+#endif
+
+#include "apps.h"
+
+#ifndef W_OK
+# define F_OK 0
+# define X_OK 1
+# define W_OK 2
+# define R_OK 4
+#endif
+
+#undef PROG
+#define PROG ca_main
+
+#define BASE_SECTION "ca"
+#define CONFIG_FILE "openssl.cnf"
+
+#define ENV_DEFAULT_CA "default_ca"
+
+#define STRING_MASK "string_mask"
+#define UTF8_IN "utf8"
+
+#define ENV_DIR "dir"
+#define ENV_CERTS "certs"
+#define ENV_CRL_DIR "crl_dir"
+#define ENV_CA_DB "CA_DB"
+#define ENV_NEW_CERTS_DIR "new_certs_dir"
+#define ENV_CERTIFICATE "certificate"
+#define ENV_SERIAL "serial"
+#define ENV_CRLNUMBER "crlnumber"
+#define ENV_CRL "crl"
+#define ENV_PRIVATE_KEY "private_key"
+#define ENV_RANDFILE "RANDFILE"
+#define ENV_DEFAULT_DAYS "default_days"
+#define ENV_DEFAULT_STARTDATE "default_startdate"
+#define ENV_DEFAULT_ENDDATE "default_enddate"
+#define ENV_DEFAULT_CRL_DAYS "default_crl_days"
+#define ENV_DEFAULT_CRL_HOURS "default_crl_hours"
+#define ENV_DEFAULT_MD "default_md"
+#define ENV_DEFAULT_EMAIL_DN "email_in_dn"
+#define ENV_PRESERVE "preserve"
+#define ENV_POLICY "policy"
+#define ENV_EXTENSIONS "x509_extensions"
+#define ENV_CRLEXT "crl_extensions"
+#define ENV_MSIE_HACK "msie_hack"
+#define ENV_NAMEOPT "name_opt"
+#define ENV_CERTOPT "cert_opt"
+#define ENV_EXTCOPY "copy_extensions"
+#define ENV_UNIQUE_SUBJECT "unique_subject"
+
+#define ENV_DATABASE "database"
+
+/* Additional revocation information types */
+
+#define REV_NONE 0 /* No addditional information */
+#define REV_CRL_REASON 1 /* Value is CRL reason code */
+#define REV_HOLD 2 /* Value is hold instruction */
+#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
+#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
+
+static const char *ca_usage[] = {
+ "usage: ca args\n",
+ "\n",
+ " -verbose - Talk alot while doing things\n",
+ " -config file - A config file\n",
+ " -name arg - The particular CA definition to use\n",
+ " -gencrl - Generate a new CRL\n",
+ " -crldays days - Days is when the next CRL is due\n",
+ " -crlhours hours - Hours is when the next CRL is due\n",
+ " -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
+ " -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
+ " -days arg - number of days to certify the certificate for\n",
+ " -md arg - md to use, one of md2, md5, sha or sha1\n",
+ " -policy arg - The CA 'policy' to support\n",
+ " -keyfile arg - private key file\n",
+ " -keyform arg - private key file format (PEM or ENGINE)\n",
+ " -key arg - key to decode the private key if it is encrypted\n",
+ " -cert file - The CA certificate\n",
+ " -selfsign - sign a certificate with the key associated with it\n",
+ " -in file - The input PEM encoded certificate request(s)\n",
+ " -out file - Where to put the output file(s)\n",
+ " -outdir dir - Where to put output certificates\n",
+ " -infiles .... - The last argument, requests to process\n",
+ " -spkac file - File contains DN and signed public key and challenge\n",
+ " -ss_cert file - File contains a self signed cert to sign\n",
+ " -preserveDN - Don't re-order the DN\n",
+ " -noemailDN - Don't add the EMAIL field into certificate' subject\n",
+ " -batch - Don't ask questions\n",
+ " -msie_hack - msie modifications to handle all those universal strings\n",
+ " -revoke file - Revoke a certificate (given in file)\n",
+ " -subj arg - Use arg instead of request's subject\n",
+ " -utf8 - input characters are UTF8 (default ASCII)\n",
+ " -multivalue-rdn - enable support for multivalued RDNs\n",
+ " -extensions .. - Extension section (override value in config file)\n",
+ " -extfile file - Configuration file with X509v3 extentions to add\n",
+ " -crlexts .. - CRL extension section (override value in config file)\n",
+#ifndef OPENSSL_NO_ENGINE
+ " -engine e - use engine e, possibly a hardware device.\n",
+#endif
+ " -status serial - Shows certificate status given the serial number\n",
+ " -updatedb - Updates db for expired certificates\n",
+ NULL
+};
+
+#ifdef EFENCE
+extern int EF_PROTECT_FREE;
+extern int EF_PROTECT_BELOW;
+extern int EF_ALIGNMENT;
+#endif
+
+static void lookup_fail(const char *name, const char *tag);
+static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy,
+ CA_DB *db, BIGNUM *serial, char *subj,
+ unsigned long chtype, int multirdn, int email_dn,
+ char *startdate, char *enddate, long days, int batch,
+ char *ext_sect, CONF *conf, int verbose,
+ unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign);
+static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy,
+ CA_DB *db, BIGNUM *serial, char *subj,
+ unsigned long chtype, int multirdn, int email_dn,
+ char *startdate, char *enddate, long days, int batch,
+ char *ext_sect, CONF *conf, int verbose,
+ unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, ENGINE *e);
+static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
+ X509 *x509, const EVP_MD *dgst,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, char *subj, unsigned long chtype,
+ int multirdn, int email_dn, char *startdate,
+ char *enddate, long days, char *ext_sect, CONF *conf,
+ int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der,
+ int notext);
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy,
+ CA_DB *db, BIGNUM *serial, char *subj,
+ unsigned long chtype, int multirdn, int email_dn,
+ char *startdate, char *enddate, long days, int batch,
+ int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
+ unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign);
+static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
+static int get_certificate_status(const char *ser_status, CA_DB *db);
+static int do_updatedb(CA_DB *db);
+static int check_time_format(const char *str);
+char *make_revocation_str(int rev_type, char *rev_arg);
+int make_revoked(X509_REVOKED *rev, const char *str);
+int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
+static CONF *conf = NULL;
+static CONF *extconf = NULL;
+static char *section = NULL;
+
+static int preserve = 0;
+static int msie_hack = 0;
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ char *key = NULL, *passargin = NULL;
+ int create_ser = 0;
+ int free_key = 0;
+ int total = 0;
+ int total_done = 0;
+ int badops = 0;
+ int ret = 1;
+ int email_dn = 1;
+ int req = 0;
+ int verbose = 0;
+ int gencrl = 0;
+ int dorevoke = 0;
+ int doupdatedb = 0;
+ long crldays = 0;
+ long crlhours = 0;
+ long errorline = -1;
+ char *configfile = NULL;
+ char *md = NULL;
+ char *policy = NULL;
+ char *keyfile = NULL;
+ char *certfile = NULL;
+ int keyform = FORMAT_PEM;
+ char *infile = NULL;
+ char *spkac_file = NULL;
+ char *ss_cert_file = NULL;
+ char *ser_status = NULL;
+ EVP_PKEY *pkey = NULL;
+ int output_der = 0;
+ char *outfile = NULL;
+ char *outdir = NULL;
+ char *serialfile = NULL;
+ char *crlnumberfile = NULL;
+ char *extensions = NULL;
+ char *extfile = NULL;
+ char *subj = NULL;
+ unsigned long chtype = MBSTRING_ASC;
+ int multirdn = 0;
+ char *tmp_email_dn = NULL;
+ char *crl_ext = NULL;
+ int rev_type = REV_NONE;
+ char *rev_arg = NULL;
+ BIGNUM *serial = NULL;
+ BIGNUM *crlnumber = NULL;
+ char *startdate = NULL;
+ char *enddate = NULL;
+ long days = 0;
+ int batch = 0;
+ int notext = 0;
+ unsigned long nameopt = 0, certopt = 0;
+ int default_op = 1;
+ int ext_copy = EXT_COPY_NONE;
+ int selfsign = 0;
+ X509 *x509 = NULL, *x509p = NULL;
+ X509 *x = NULL;
+ BIO *in = NULL, *out = NULL, *Sout = NULL, *Cout = NULL;
+ char *dbfile = NULL;
+ CA_DB *db = NULL;
+ X509_CRL *crl = NULL;
+ X509_REVOKED *r = NULL;
+ ASN1_TIME *tmptm;
+ ASN1_INTEGER *tmpser;
+ char *f;
+ const char *p, **pp;
+ int i, j;
+ const EVP_MD *dgst = NULL;
+ STACK_OF(CONF_VALUE) *attribs = NULL;
+ STACK_OF(X509) *cert_sk = NULL;
+#undef BSIZE
+#define BSIZE 256
+ MS_STATIC char buf[3][BSIZE];
+ char *randfile = NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+ char *tofree = NULL;
+ DB_ATTR db_attr;
+
+#ifdef EFENCE
+ EF_PROTECT_FREE = 1;
+ EF_PROTECT_BELOW = 1;
+ EF_ALIGNMENT = 0;
+#endif
+
+ apps_startup();
+
+ conf = NULL;
+ key = NULL;
+ section = NULL;
+
+ preserve = 0;
+ msie_hack = 0;
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-verbose") == 0)
+ verbose = 1;
+ else if (strcmp(*argv, "-config") == 0) {
+ if (--argc < 1)
+ goto bad;
+ configfile = *(++argv);
+ } else if (strcmp(*argv, "-name") == 0) {
+ if (--argc < 1)
+ goto bad;
+ section = *(++argv);
+ } else if (strcmp(*argv, "-subj") == 0) {
+ if (--argc < 1)
+ goto bad;
+ subj = *(++argv);
+ /* preserve=1; */
+ } else if (strcmp(*argv, "-utf8") == 0)
+ chtype = MBSTRING_UTF8;
+ else if (strcmp(*argv, "-create_serial") == 0)
+ create_ser = 1;
+ else if (strcmp(*argv, "-multivalue-rdn") == 0)
+ multirdn = 1;
+ else if (strcmp(*argv, "-startdate") == 0) {
+ if (--argc < 1)
+ goto bad;
+ startdate = *(++argv);
+ } else if (strcmp(*argv, "-enddate") == 0) {
+ if (--argc < 1)
+ goto bad;
+ enddate = *(++argv);
+ } else if (strcmp(*argv, "-days") == 0) {
+ if (--argc < 1)
+ goto bad;
+ days = atoi(*(++argv));
+ } else if (strcmp(*argv, "-md") == 0) {
+ if (--argc < 1)
+ goto bad;
+ md = *(++argv);
+ } else if (strcmp(*argv, "-policy") == 0) {
+ if (--argc < 1)
+ goto bad;
+ policy = *(++argv);
+ } else if (strcmp(*argv, "-keyfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyfile = *(++argv);
+ } else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyform = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ key = *(++argv);
+ } else if (strcmp(*argv, "-cert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ certfile = *(++argv);
+ } else if (strcmp(*argv, "-selfsign") == 0)
+ selfsign = 1;
+ else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ req = 1;
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-outdir") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outdir = *(++argv);
+ } else if (strcmp(*argv, "-notext") == 0)
+ notext = 1;
+ else if (strcmp(*argv, "-batch") == 0)
+ batch = 1;
+ else if (strcmp(*argv, "-preserveDN") == 0)
+ preserve = 1;
+ else if (strcmp(*argv, "-noemailDN") == 0)
+ email_dn = 0;
+ else if (strcmp(*argv, "-gencrl") == 0)
+ gencrl = 1;
+ else if (strcmp(*argv, "-msie_hack") == 0)
+ msie_hack = 1;
+ else if (strcmp(*argv, "-crldays") == 0) {
+ if (--argc < 1)
+ goto bad;
+ crldays = atol(*(++argv));
+ } else if (strcmp(*argv, "-crlhours") == 0) {
+ if (--argc < 1)
+ goto bad;
+ crlhours = atol(*(++argv));
+ } else if (strcmp(*argv, "-infiles") == 0) {
+ argc--;
+ argv++;
+ req = 1;
+ break;
+ } else if (strcmp(*argv, "-ss_cert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ ss_cert_file = *(++argv);
+ req = 1;
+ } else if (strcmp(*argv, "-spkac") == 0) {
+ if (--argc < 1)
+ goto bad;
+ spkac_file = *(++argv);
+ req = 1;
+ } else if (strcmp(*argv, "-revoke") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ dorevoke = 1;
+ } else if (strcmp(*argv, "-extensions") == 0) {
+ if (--argc < 1)
+ goto bad;
+ extensions = *(++argv);
+ } else if (strcmp(*argv, "-extfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ extfile = *(++argv);
+ } else if (strcmp(*argv, "-status") == 0) {
+ if (--argc < 1)
+ goto bad;
+ ser_status = *(++argv);
+ } else if (strcmp(*argv, "-updatedb") == 0) {
+ doupdatedb = 1;
+ } else if (strcmp(*argv, "-crlexts") == 0) {
+ if (--argc < 1)
+ goto bad;
+ crl_ext = *(++argv);
+ } else if (strcmp(*argv, "-crl_reason") == 0) {
+ if (--argc < 1)
+ goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_CRL_REASON;
+ } else if (strcmp(*argv, "-crl_hold") == 0) {
+ if (--argc < 1)
+ goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_HOLD;
+ } else if (strcmp(*argv, "-crl_compromise") == 0) {
+ if (--argc < 1)
+ goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_KEY_COMPROMISE;
+ } else if (strcmp(*argv, "-crl_CA_compromise") == 0) {
+ if (--argc < 1)
+ goto bad;
+ rev_arg = *(++argv);
+ rev_type = REV_CA_COMPROMISE;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+#endif
+ else {
+ bad:
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ for (pp = ca_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err, "%s", *pp);
+ goto err;
+ }
+
+ ERR_load_crypto_strings();
+
+ /*****************************************************************/
+ tofree = NULL;
+ if (configfile == NULL)
+ configfile = getenv("OPENSSL_CONF");
+ if (configfile == NULL)
+ configfile = getenv("SSLEAY_CONF");
+ if (configfile == NULL) {
+ const char *s = X509_get_default_cert_area();
+ size_t len;
+
+#ifdef OPENSSL_SYS_VMS
+ len = strlen(s) + sizeof(CONFIG_FILE);
+ tofree = OPENSSL_malloc(len);
+ strcpy(tofree, s);
+#else
+ len = strlen(s) + sizeof(CONFIG_FILE) + 1;
+ tofree = OPENSSL_malloc(len);
+ BUF_strlcpy(tofree, s, len);
+ BUF_strlcat(tofree, "/", len);
+#endif
+ BUF_strlcat(tofree, CONFIG_FILE, len);
+ configfile = tofree;
+ }
+
+ BIO_printf(bio_err, "Using configuration from %s\n", configfile);
+ conf = NCONF_new(NULL);
+ if (NCONF_load(conf, configfile, &errorline) <= 0) {
+ if (errorline <= 0)
+ BIO_printf(bio_err, "error loading the config file '%s'\n",
+ configfile);
+ else
+ BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
+ errorline, configfile);
+ goto err;
+ }
+ if (tofree) {
+ OPENSSL_free(tofree);
+ tofree = NULL;
+ }
+
+ if (!load_config(bio_err, conf))
+ goto err;
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ /* Lets get the config section we are using */
+ if (section == NULL) {
+ section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_CA);
+ if (section == NULL) {
+ lookup_fail(BASE_SECTION, ENV_DEFAULT_CA);
+ goto err;
+ }
+ }
+
+ if (conf != NULL) {
+ p = NCONF_get_string(conf, NULL, "oid_file");
+ if (p == NULL)
+ ERR_clear_error();
+ if (p != NULL) {
+ BIO *oid_bio;
+
+ oid_bio = BIO_new_file(p, "r");
+ if (oid_bio == NULL) {
+ /*-
+ BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+ ERR_print_errors(bio_err);
+ */
+ ERR_clear_error();
+ } else {
+ OBJ_create_objects(oid_bio);
+ BIO_free(oid_bio);
+ }
+ }
+ if (!add_oid_section(bio_err, conf)) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ }
+
+ randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
+ if (randfile == NULL)
+ ERR_clear_error();
+ app_RAND_load_file(randfile, bio_err, 0);
+
+ f = NCONF_get_string(conf, section, STRING_MASK);
+ if (!f)
+ ERR_clear_error();
+
+ if (f && !ASN1_STRING_set_default_mask_asc(f)) {
+ BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
+ goto err;
+ }
+
+ if (chtype != MBSTRING_UTF8) {
+ f = NCONF_get_string(conf, section, UTF8_IN);
+ if (!f)
+ ERR_clear_error();
+ else if (!strcmp(f, "yes"))
+ chtype = MBSTRING_UTF8;
+ }
+
+ db_attr.unique_subject = 1;
+ p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
+ if (p) {
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
+#endif
+ db_attr.unique_subject = parse_yesno(p, 1);
+ } else
+ ERR_clear_error();
+#ifdef RL_DEBUG
+ if (!p)
+ BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
+#endif
+#ifdef RL_DEBUG
+ BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
+ db_attr.unique_subject);
+#endif
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ Sout = BIO_new(BIO_s_file());
+ Cout = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL)) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* report status of cert with serial number given on command line */
+ if (ser_status) {
+ if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
+ lookup_fail(section, ENV_DATABASE);
+ goto err;
+ }
+ db = load_index(dbfile, &db_attr);
+ if (db == NULL)
+ goto err;
+
+ if (!index_index(db))
+ goto err;
+
+ if (get_certificate_status(ser_status, db) != 1)
+ BIO_printf(bio_err, "Error verifying serial %s!\n", ser_status);
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* we definitely need a private key, so let's get it */
+
+ if ((keyfile == NULL) && ((keyfile = NCONF_get_string(conf,
+ section,
+ ENV_PRIVATE_KEY)) ==
+ NULL)) {
+ lookup_fail(section, ENV_PRIVATE_KEY);
+ goto err;
+ }
+ if (!key) {
+ free_key = 1;
+ if (!app_passwd(bio_err, passargin, NULL, &key, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto err;
+ }
+ }
+ pkey = load_key(bio_err, keyfile, keyform, 0, key, e, "CA private key");
+ if (key)
+ OPENSSL_cleanse(key, strlen(key));
+ if (pkey == NULL) {
+ /* load_key() has already printed an appropriate message */
+ goto err;
+ }
+
+ /*****************************************************************/
+ /* we need a certificate */
+ if (!selfsign || spkac_file || ss_cert_file || gencrl) {
+ if ((certfile == NULL)
+ && ((certfile = NCONF_get_string(conf,
+ section,
+ ENV_CERTIFICATE)) == NULL)) {
+ lookup_fail(section, ENV_CERTIFICATE);
+ goto err;
+ }
+ x509 = load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
+ "CA certificate");
+ if (x509 == NULL)
+ goto err;
+
+ if (!X509_check_private_key(x509, pkey)) {
+ BIO_printf(bio_err,
+ "CA certificate and CA private key do not match\n");
+ goto err;
+ }
+ }
+ if (!selfsign)
+ x509p = x509;
+
+ f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE);
+ if (f == NULL)
+ ERR_clear_error();
+ if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+ preserve = 1;
+ f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK);
+ if (f == NULL)
+ ERR_clear_error();
+ if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+ msie_hack = 1;
+
+ f = NCONF_get_string(conf, section, ENV_NAMEOPT);
+
+ if (f) {
+ if (!set_name_ex(&nameopt, f)) {
+ BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
+ goto err;
+ }
+ default_op = 0;
+ } else
+ ERR_clear_error();
+
+ f = NCONF_get_string(conf, section, ENV_CERTOPT);
+
+ if (f) {
+ if (!set_cert_ex(&certopt, f)) {
+ BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
+ goto err;
+ }
+ default_op = 0;
+ } else
+ ERR_clear_error();
+
+ f = NCONF_get_string(conf, section, ENV_EXTCOPY);
+
+ if (f) {
+ if (!set_ext_copy(&ext_copy, f)) {
+ BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
+ goto err;
+ }
+ } else
+ ERR_clear_error();
+
+ /*****************************************************************/
+ /* lookup where to write new certificates */
+ if ((outdir == NULL) && (req)) {
+ struct stat sb;
+
+ if ((outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR))
+ == NULL) {
+ BIO_printf(bio_err,
+ "there needs to be defined a directory for new certificate to be placed in\n");
+ goto err;
+ }
+#ifndef OPENSSL_SYS_VMS
+ /*
+ * outdir is a directory spec, but access() for VMS demands a
+ * filename. In any case, stat(), below, will catch the problem if
+ * outdir is not a directory spec, and the fopen() or open() will
+ * catch an error if there is no write access.
+ *
+ * Presumably, this problem could also be solved by using the DEC C
+ * routines to convert the directory syntax to Unixly, and give that
+ * to access(). However, time's too short to do that just now.
+ */
+ if (access(outdir, R_OK | W_OK | X_OK) != 0) {
+ BIO_printf(bio_err, "I am unable to access the %s directory\n",
+ outdir);
+ perror(outdir);
+ goto err;
+ }
+
+ if (stat(outdir, &sb) != 0) {
+ BIO_printf(bio_err, "unable to stat(%s)\n", outdir);
+ perror(outdir);
+ goto err;
+ }
+# ifdef S_ISDIR
+ if (!S_ISDIR(sb.st_mode)) {
+ BIO_printf(bio_err, "%s need to be a directory\n", outdir);
+ perror(outdir);
+ goto err;
+ }
+# endif
+#endif
+ }
+
+ /*****************************************************************/
+ /* we need to load the database file */
+ if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
+ lookup_fail(section, ENV_DATABASE);
+ goto err;
+ }
+ db = load_index(dbfile, &db_attr);
+ if (db == NULL)
+ goto err;
+
+ /* Lets check some fields */
+ for (i = 0; i < sk_num(db->db->data); i++) {
+ pp = (const char **)sk_value(db->db->data, i);
+ if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) {
+ BIO_printf(bio_err,
+ "entry %d: not revoked yet, but has a revocation date\n",
+ i + 1);
+ goto err;
+ }
+ if ((pp[DB_type][0] == DB_TYPE_REV) &&
+ !make_revoked(NULL, pp[DB_rev_date])) {
+ BIO_printf(bio_err, " in entry %d\n", i + 1);
+ goto err;
+ }
+ if (!check_time_format(pp[DB_exp_date])) {
+ BIO_printf(bio_err, "entry %d: invalid expiry date\n", i + 1);
+ goto err;
+ }
+ p = pp[DB_serial];
+ j = strlen(p);
+ if (*p == '-') {
+ p++;
+ j--;
+ }
+ if ((j & 1) || (j < 2)) {
+ BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n",
+ i + 1, j);
+ goto err;
+ }
+ while (*p) {
+ if (!(((*p >= '0') && (*p <= '9')) ||
+ ((*p >= 'A') && (*p <= 'F')) ||
+ ((*p >= 'a') && (*p <= 'f')))) {
+ BIO_printf(bio_err,
+ "entry %d: bad serial number characters, char pos %ld, char is '%c'\n",
+ i + 1, (long)(p - pp[DB_serial]), *p);
+ goto err;
+ }
+ p++;
+ }
+ }
+ if (verbose) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT); /* cannot fail */
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ TXT_DB_write(out, db->db);
+ BIO_printf(bio_err, "%d entries loaded from the database\n",
+ db->db->data->num);
+ BIO_printf(bio_err, "generating index\n");
+ }
+
+ if (!index_index(db))
+ goto err;
+
+ /*****************************************************************/
+ /* Update the db file for expired certificates */
+ if (doupdatedb) {
+ if (verbose)
+ BIO_printf(bio_err, "Updating %s ...\n", dbfile);
+
+ i = do_updatedb(db);
+ if (i == -1) {
+ BIO_printf(bio_err, "Malloc failure\n");
+ goto err;
+ } else if (i == 0) {
+ if (verbose)
+ BIO_printf(bio_err, "No entries found to mark expired\n");
+ } else {
+ if (!save_index(dbfile, "new", db))
+ goto err;
+
+ if (!rotate_index(dbfile, "new", "old"))
+ goto err;
+
+ if (verbose)
+ BIO_printf(bio_err,
+ "Done. %d entries marked as expired\n", i);
+ }
+ }
+
+ /*****************************************************************/
+ /* Read extentions config file */
+ if (extfile) {
+ extconf = NCONF_new(NULL);
+ if (NCONF_load(extconf, extfile, &errorline) <= 0) {
+ if (errorline <= 0)
+ BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
+ extfile);
+ else
+ BIO_printf(bio_err,
+ "ERROR: on line %ld of config file '%s'\n",
+ errorline, extfile);
+ ret = 1;
+ goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err, "Successfully loaded extensions file %s\n",
+ extfile);
+
+ /* We can have sections in the ext file */
+ if (!extensions
+ && !(extensions =
+ NCONF_get_string(extconf, "default", "extensions")))
+ extensions = "default";
+ }
+
+ /*****************************************************************/
+ if (req || gencrl) {
+ if (outfile != NULL) {
+ if (BIO_write_filename(Sout, outfile) <= 0) {
+ perror(outfile);
+ goto err;
+ }
+ } else {
+ BIO_set_fp(Sout, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ Sout = BIO_push(tmpbio, Sout);
+ }
+#endif
+ }
+ }
+
+ if ((md == NULL) && ((md = NCONF_get_string(conf,
+ section,
+ ENV_DEFAULT_MD)) == NULL)) {
+ lookup_fail(section, ENV_DEFAULT_MD);
+ goto err;
+ }
+
+ if ((dgst = EVP_get_digestbyname(md)) == NULL) {
+ BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
+ goto err;
+ }
+
+ if (req) {
+ if ((email_dn == 1) && ((tmp_email_dn = NCONF_get_string(conf,
+ section,
+ ENV_DEFAULT_EMAIL_DN))
+ != NULL)) {
+ if (strcmp(tmp_email_dn, "no") == 0)
+ email_dn = 0;
+ }
+ if (verbose)
+ BIO_printf(bio_err, "message digest is %s\n",
+ OBJ_nid2ln(dgst->type));
+ if ((policy == NULL) && ((policy = NCONF_get_string(conf,
+ section,
+ ENV_POLICY)) ==
+ NULL)) {
+ lookup_fail(section, ENV_POLICY);
+ goto err;
+ }
+ if (verbose)
+ BIO_printf(bio_err, "policy is %s\n", policy);
+
+ if ((serialfile = NCONF_get_string(conf, section, ENV_SERIAL))
+ == NULL) {
+ lookup_fail(section, ENV_SERIAL);
+ goto err;
+ }
+
+ if (!extconf) {
+ /*
+ * no '-extfile' option, so we look for extensions in the main
+ * configuration file
+ */
+ if (!extensions) {
+ extensions = NCONF_get_string(conf, section, ENV_EXTENSIONS);
+ if (!extensions)
+ ERR_clear_error();
+ }
+ if (extensions) {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n",
+ extensions);
+ ret = 1;
+ goto err;
+ }
+ }
+ }
+
+ if (startdate == NULL) {
+ startdate = NCONF_get_string(conf, section,
+ ENV_DEFAULT_STARTDATE);
+ if (startdate == NULL)
+ ERR_clear_error();
+ }
+ if (startdate && !ASN1_UTCTIME_set_string(NULL, startdate)) {
+ BIO_printf(bio_err,
+ "start date is invalid, it should be YYMMDDHHMMSSZ\n");
+ goto err;
+ }
+ if (startdate == NULL)
+ startdate = "today";
+
+ if (enddate == NULL) {
+ enddate = NCONF_get_string(conf, section, ENV_DEFAULT_ENDDATE);
+ if (enddate == NULL)
+ ERR_clear_error();
+ }
+ if (enddate && !ASN1_UTCTIME_set_string(NULL, enddate)) {
+ BIO_printf(bio_err,
+ "end date is invalid, it should be YYMMDDHHMMSSZ\n");
+ goto err;
+ }
+
+ if (days == 0) {
+ if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days))
+ days = 0;
+ }
+ if (!enddate && (days == 0)) {
+ BIO_printf(bio_err,
+ "cannot lookup how many days to certify for\n");
+ goto err;
+ }
+
+ if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) {
+ BIO_printf(bio_err, "error while loading serial number\n");
+ goto err;
+ }
+ if (verbose) {
+ if (BN_is_zero(serial))
+ BIO_printf(bio_err, "next serial number is 00\n");
+ else {
+ if ((f = BN_bn2hex(serial)) == NULL)
+ goto err;
+ BIO_printf(bio_err, "next serial number is %s\n", f);
+ OPENSSL_free(f);
+ }
+ }
+
+ if ((attribs = NCONF_get_section(conf, policy)) == NULL) {
+ BIO_printf(bio_err, "unable to find 'section' for %s\n", policy);
+ goto err;
+ }
+
+ if ((cert_sk = sk_X509_new_null()) == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ if (spkac_file != NULL) {
+ total++;
+ j = certify_spkac(&x, spkac_file, pkey, x509, dgst, attribs, db,
+ serial, subj, chtype, multirdn, email_dn,
+ startdate, enddate, days, extensions, conf,
+ verbose, certopt, nameopt, default_op,
+ ext_copy);
+ if (j < 0)
+ goto err;
+ if (j > 0) {
+ total_done++;
+ BIO_printf(bio_err, "\n");
+ if (!BN_add_word(serial, 1))
+ goto err;
+ if (!sk_X509_push(cert_sk, x)) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ if (outfile) {
+ output_der = 1;
+ batch = 1;
+ }
+ }
+ }
+ if (ss_cert_file != NULL) {
+ total++;
+ j = certify_cert(&x, ss_cert_file, pkey, x509, dgst, attribs,
+ db, serial, subj, chtype, multirdn, email_dn,
+ startdate, enddate, days, batch, extensions,
+ conf, verbose, certopt, nameopt, default_op,
+ ext_copy, e);
+ if (j < 0)
+ goto err;
+ if (j > 0) {
+ total_done++;
+ BIO_printf(bio_err, "\n");
+ if (!BN_add_word(serial, 1))
+ goto err;
+ if (!sk_X509_push(cert_sk, x)) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ }
+ }
+ if (infile != NULL) {
+ total++;
+ j = certify(&x, infile, pkey, x509p, dgst, attribs, db,
+ serial, subj, chtype, multirdn, email_dn, startdate,
+ enddate, days, batch, extensions, conf, verbose,
+ certopt, nameopt, default_op, ext_copy, selfsign);
+ if (j < 0)
+ goto err;
+ if (j > 0) {
+ total_done++;
+ BIO_printf(bio_err, "\n");
+ if (!BN_add_word(serial, 1))
+ goto err;
+ if (!sk_X509_push(cert_sk, x)) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ }
+ }
+ for (i = 0; i < argc; i++) {
+ total++;
+ j = certify(&x, argv[i], pkey, x509p, dgst, attribs, db,
+ serial, subj, chtype, multirdn, email_dn, startdate,
+ enddate, days, batch, extensions, conf, verbose,
+ certopt, nameopt, default_op, ext_copy, selfsign);
+ if (j < 0)
+ goto err;
+ if (j > 0) {
+ total_done++;
+ BIO_printf(bio_err, "\n");
+ if (!BN_add_word(serial, 1))
+ goto err;
+ if (!sk_X509_push(cert_sk, x)) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ }
+ }
+ /*
+ * we have a stack of newly certified certificates and a data base
+ * and serial number that need updating
+ */
+
+ if (sk_X509_num(cert_sk) > 0) {
+ if (!batch) {
+ BIO_printf(bio_err,
+ "\n%d out of %d certificate requests certified, commit? [y/n]",
+ total_done, total);
+ (void)BIO_flush(bio_err);
+ buf[0][0] = '\0';
+ if (!fgets(buf[0], 10, stdin)) {
+ BIO_printf(bio_err,
+ "CERTIFICATION CANCELED: I/O error\n");
+ ret = 0;
+ goto err;
+ }
+ if ((buf[0][0] != 'y') && (buf[0][0] != 'Y')) {
+ BIO_printf(bio_err, "CERTIFICATION CANCELED\n");
+ ret = 0;
+ goto err;
+ }
+ }
+
+ BIO_printf(bio_err, "Write out database with %d new entries\n",
+ sk_X509_num(cert_sk));
+
+ if (!save_serial(serialfile, "new", serial, NULL))
+ goto err;
+
+ if (!save_index(dbfile, "new", db))
+ goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err, "writing new certificates\n");
+ for (i = 0; i < sk_X509_num(cert_sk); i++) {
+ int k;
+ char *n;
+
+ x = sk_X509_value(cert_sk, i);
+
+ j = x->cert_info->serialNumber->length;
+ p = (const char *)x->cert_info->serialNumber->data;
+
+ if (strlen(outdir) >= (size_t)(j ? BSIZE - j * 2 - 6 : BSIZE - 8)) {
+ BIO_printf(bio_err, "certificate file name too long\n");
+ goto err;
+ }
+
+ strcpy(buf[2], outdir);
+
+#ifndef OPENSSL_SYS_VMS
+ BUF_strlcat(buf[2], "/", sizeof(buf[2]));
+#endif
+
+ n = (char *)&(buf[2][strlen(buf[2])]);
+ if (j > 0) {
+ for (k = 0; k < j; k++) {
+ if (n >= &(buf[2][sizeof(buf[2])]))
+ break;
+ BIO_snprintf(n,
+ &buf[2][0] + sizeof(buf[2]) - n,
+ "%02X", (unsigned char)*(p++));
+ n += 2;
+ }
+ } else {
+ *(n++) = '0';
+ *(n++) = '0';
+ }
+ *(n++) = '.';
+ *(n++) = 'p';
+ *(n++) = 'e';
+ *(n++) = 'm';
+ *n = '\0';
+ if (verbose)
+ BIO_printf(bio_err, "writing %s\n", buf[2]);
+
+ if (BIO_write_filename(Cout, buf[2]) <= 0) {
+ perror(buf[2]);
+ goto err;
+ }
+ write_new_certificate(Cout, x, 0, notext);
+ write_new_certificate(Sout, x, output_der, notext);
+ }
+
+ if (sk_X509_num(cert_sk)) {
+ /* Rename the database and the serial file */
+ if (!rotate_serial(serialfile, "new", "old"))
+ goto err;
+
+ if (!rotate_index(dbfile, "new", "old"))
+ goto err;
+
+ BIO_printf(bio_err, "Data Base Updated\n");
+ }
+ }
+
+ /*****************************************************************/
+ if (gencrl) {
+ int crl_v2 = 0;
+ if (!crl_ext) {
+ crl_ext = NCONF_get_string(conf, section, ENV_CRLEXT);
+ if (!crl_ext)
+ ERR_clear_error();
+ }
+ if (crl_ext) {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) {
+ BIO_printf(bio_err,
+ "Error Loading CRL extension section %s\n",
+ crl_ext);
+ ret = 1;
+ goto err;
+ }
+ }
+
+ if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
+ != NULL)
+ if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) {
+ BIO_printf(bio_err, "error while loading CRL number\n");
+ goto err;
+ }
+
+ if (!crldays && !crlhours) {
+ if (!NCONF_get_number(conf, section,
+ ENV_DEFAULT_CRL_DAYS, &crldays))
+ crldays = 0;
+ if (!NCONF_get_number(conf, section,
+ ENV_DEFAULT_CRL_HOURS, &crlhours))
+ crlhours = 0;
+ }
+ if ((crldays == 0) && (crlhours == 0)) {
+ BIO_printf(bio_err,
+ "cannot lookup how long until the next CRL is issued\n");
+ goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err, "making CRL\n");
+ if ((crl = X509_CRL_new()) == NULL)
+ goto err;
+ if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
+ goto err;
+
+ tmptm = ASN1_TIME_new();
+ if (!tmptm)
+ goto err;
+ X509_gmtime_adj(tmptm, 0);
+ X509_CRL_set_lastUpdate(crl, tmptm);
+ X509_gmtime_adj(tmptm, (crldays * 24 + crlhours) * 60 * 60);
+ X509_CRL_set_nextUpdate(crl, tmptm);
+
+ ASN1_TIME_free(tmptm);
+
+ for (i = 0; i < sk_num(db->db->data); i++) {
+ pp = (const char **)sk_value(db->db->data, i);
+ if (pp[DB_type][0] == DB_TYPE_REV) {
+ if ((r = X509_REVOKED_new()) == NULL)
+ goto err;
+ j = make_revoked(r, pp[DB_rev_date]);
+ if (!j)
+ goto err;
+ if (j == 2)
+ crl_v2 = 1;
+ if (!BN_hex2bn(&serial, pp[DB_serial]))
+ goto err;
+ tmpser = BN_to_ASN1_INTEGER(serial, NULL);
+ BN_free(serial);
+ serial = NULL;
+ if (!tmpser)
+ goto err;
+ X509_REVOKED_set_serialNumber(r, tmpser);
+ ASN1_INTEGER_free(tmpser);
+ X509_CRL_add0_revoked(crl, r);
+ }
+ }
+
+ /*
+ * sort the data so it will be written in serial number order
+ */
+ X509_CRL_sort(crl);
+
+ /* we now have a CRL */
+ if (verbose)
+ BIO_printf(bio_err, "signing CRL\n");
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ dgst = EVP_dss1();
+ else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ dgst = EVP_ecdsa();
+#endif
+
+ /* Add any extensions asked for */
+
+ if (crl_ext || crlnumberfile != NULL) {
+ X509V3_CTX crlctx;
+ X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+ X509V3_set_nconf(&crlctx, conf);
+
+ if (crl_ext)
+ if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl))
+ goto err;
+ if (crlnumberfile != NULL) {
+ tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
+ if (!tmpser)
+ goto err;
+ X509_CRL_add1_ext_i2d(crl, NID_crl_number, tmpser, 0, 0);
+ ASN1_INTEGER_free(tmpser);
+ crl_v2 = 1;
+ if (!BN_add_word(crlnumber, 1))
+ goto err;
+ }
+ }
+ if (crl_ext || crl_v2) {
+ if (!X509_CRL_set_version(crl, 1))
+ goto err; /* version 2 CRL */
+ }
+
+ /* we have a CRL number that need updating */
+ if (crlnumberfile != NULL)
+ if (!save_serial(crlnumberfile, "new", crlnumber, NULL))
+ goto err;
+
+ if (!X509_CRL_sign(crl, pkey, dgst))
+ goto err;
+
+ PEM_write_bio_X509_CRL(Sout, crl);
+
+ if (crlnumberfile != NULL) /* Rename the crlnumber file */
+ if (!rotate_serial(crlnumberfile, "new", "old"))
+ goto err;
+
+ }
+ /*****************************************************************/
+ if (dorevoke) {
+ if (infile == NULL) {
+ BIO_printf(bio_err, "no input files\n");
+ goto err;
+ } else {
+ X509 *revcert;
+ revcert = load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile);
+ if (revcert == NULL)
+ goto err;
+ j = do_revoke(revcert, db, rev_type, rev_arg);
+ if (j <= 0)
+ goto err;
+ X509_free(revcert);
+
+ if (!save_index(dbfile, "new", db))
+ goto err;
+
+ if (!rotate_index(dbfile, "new", "old"))
+ goto err;
+
+ BIO_printf(bio_err, "Data Base Updated\n");
+ }
+ }
+ /*****************************************************************/
+ ret = 0;
+ err:
+ if (tofree)
+ OPENSSL_free(tofree);
+ BIO_free_all(Cout);
+ BIO_free_all(Sout);
+ BIO_free_all(out);
+ BIO_free_all(in);
+
+ if (cert_sk)
+ sk_X509_pop_free(cert_sk, X509_free);
+
+ if (ret)
+ ERR_print_errors(bio_err);
+ app_RAND_write_file(randfile, bio_err);
+ if (free_key && key)
+ OPENSSL_free(key);
+ BN_free(serial);
+ free_index(db);
+ EVP_PKEY_free(pkey);
+ if (x509)
+ X509_free(x509);
+ X509_CRL_free(crl);
+ NCONF_free(conf);
+ NCONF_free(extconf);
+ OBJ_cleanup();
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static void lookup_fail(const char *name, const char *tag)
+{
+ BIO_printf(bio_err, "variable lookup failed for %s::%s\n", name, tag);
+}
+
+static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy,
+ CA_DB *db, BIGNUM *serial, char *subj,
+ unsigned long chtype, int multirdn, int email_dn,
+ char *startdate, char *enddate, long days, int batch,
+ char *ext_sect, CONF *lconf, int verbose,
+ unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign)
+{
+ X509_REQ *req = NULL;
+ BIO *in = NULL;
+ EVP_PKEY *pktmp = NULL;
+ int ok = -1, i;
+
+ in = BIO_new(BIO_s_file());
+
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto err;
+ }
+ if ((req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL)) == NULL) {
+ BIO_printf(bio_err, "Error reading certificate request in %s\n",
+ infile);
+ goto err;
+ }
+ if (verbose)
+ X509_REQ_print(bio_err, req);
+
+ BIO_printf(bio_err, "Check that the request matches the signature\n");
+
+ if (selfsign && !X509_REQ_check_private_key(req, pkey)) {
+ BIO_printf(bio_err,
+ "Certificate request and CA private key do not match\n");
+ ok = 0;
+ goto err;
+ }
+ if ((pktmp = X509_REQ_get_pubkey(req)) == NULL) {
+ BIO_printf(bio_err, "error unpacking public key\n");
+ goto err;
+ }
+ i = X509_REQ_verify(req, pktmp);
+ EVP_PKEY_free(pktmp);
+ if (i < 0) {
+ ok = 0;
+ BIO_printf(bio_err, "Signature verification problems....\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (i == 0) {
+ ok = 0;
+ BIO_printf(bio_err,
+ "Signature did not match the certificate request\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ } else
+ BIO_printf(bio_err, "Signature ok\n");
+
+ ok = do_body(xret, pkey, x509, dgst, policy, db, serial, subj, chtype,
+ multirdn, email_dn, startdate, enddate, days, batch, verbose,
+ req, ext_sect, lconf, certopt, nameopt, default_op, ext_copy,
+ selfsign);
+
+ err:
+ if (req != NULL)
+ X509_REQ_free(req);
+ if (in != NULL)
+ BIO_free(in);
+ return (ok);
+}
+
+static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy,
+ CA_DB *db, BIGNUM *serial, char *subj,
+ unsigned long chtype, int multirdn, int email_dn,
+ char *startdate, char *enddate, long days, int batch,
+ char *ext_sect, CONF *lconf, int verbose,
+ unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, ENGINE *e)
+{
+ X509 *req = NULL;
+ X509_REQ *rreq = NULL;
+ EVP_PKEY *pktmp = NULL;
+ int ok = -1, i;
+
+ if ((req =
+ load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
+ goto err;
+ if (verbose)
+ X509_print(bio_err, req);
+
+ BIO_printf(bio_err, "Check that the request matches the signature\n");
+
+ if ((pktmp = X509_get_pubkey(req)) == NULL) {
+ BIO_printf(bio_err, "error unpacking public key\n");
+ goto err;
+ }
+ i = X509_verify(req, pktmp);
+ EVP_PKEY_free(pktmp);
+ if (i < 0) {
+ ok = 0;
+ BIO_printf(bio_err, "Signature verification problems....\n");
+ goto err;
+ }
+ if (i == 0) {
+ ok = 0;
+ BIO_printf(bio_err, "Signature did not match the certificate\n");
+ goto err;
+ } else
+ BIO_printf(bio_err, "Signature ok\n");
+
+ if ((rreq = X509_to_X509_REQ(req, NULL, EVP_md5())) == NULL)
+ goto err;
+
+ ok = do_body(xret, pkey, x509, dgst, policy, db, serial, subj, chtype,
+ multirdn, email_dn, startdate, enddate, days, batch, verbose,
+ rreq, ext_sect, lconf, certopt, nameopt, default_op,
+ ext_copy, 0);
+
+ err:
+ if (rreq != NULL)
+ X509_REQ_free(rreq);
+ if (req != NULL)
+ X509_free(req);
+ return (ok);
+}
+
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
+ const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy,
+ CA_DB *db, BIGNUM *serial, char *subj,
+ unsigned long chtype, int multirdn, int email_dn,
+ char *startdate, char *enddate, long days, int batch,
+ int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
+ unsigned long certopt, unsigned long nameopt,
+ int default_op, int ext_copy, int selfsign)
+{
+ X509_NAME *name = NULL, *CAname = NULL, *subject = NULL, *dn_subject =
+ NULL;
+ ASN1_UTCTIME *tm, *tmptm;
+ ASN1_STRING *str, *str2;
+ ASN1_OBJECT *obj;
+ X509 *ret = NULL;
+ X509_CINF *ci;
+ X509_NAME_ENTRY *ne;
+ X509_NAME_ENTRY *tne, *push;
+ EVP_PKEY *pktmp;
+ int ok = -1, i, j, last, nid;
+ const char *p;
+ CONF_VALUE *cv;
+ char *row[DB_NUMBER], **rrow = NULL, **irow = NULL;
+ char buf[25];
+
+ tmptm = ASN1_UTCTIME_new();
+ if (tmptm == NULL) {
+ BIO_printf(bio_err, "malloc error\n");
+ return (0);
+ }
+
+ for (i = 0; i < DB_NUMBER; i++)
+ row[i] = NULL;
+
+ if (subj) {
+ X509_NAME *n = parse_name(subj, chtype, multirdn);
+
+ if (!n) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ X509_REQ_set_subject_name(req, n);
+ req->req_info->enc.modified = 1;
+ X509_NAME_free(n);
+ }
+
+ if (default_op)
+ BIO_printf(bio_err,
+ "The Subject's Distinguished Name is as follows\n");
+
+ name = X509_REQ_get_subject_name(req);
+ for (i = 0; i < X509_NAME_entry_count(name); i++) {
+ ne = X509_NAME_get_entry(name, i);
+ str = X509_NAME_ENTRY_get_data(ne);
+ obj = X509_NAME_ENTRY_get_object(ne);
+
+ if (msie_hack) {
+ /* assume all type should be strings */
+ nid = OBJ_obj2nid(ne->object);
+
+ if (str->type == V_ASN1_UNIVERSALSTRING)
+ ASN1_UNIVERSALSTRING_to_string(str);
+
+ if ((str->type == V_ASN1_IA5STRING) &&
+ (nid != NID_pkcs9_emailAddress))
+ str->type = V_ASN1_T61STRING;
+
+ if ((nid == NID_pkcs9_emailAddress) &&
+ (str->type == V_ASN1_PRINTABLESTRING))
+ str->type = V_ASN1_IA5STRING;
+ }
+
+ /* If no EMAIL is wanted in the subject */
+ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
+ continue;
+
+ /* check some things */
+ if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
+ (str->type != V_ASN1_IA5STRING)) {
+ BIO_printf(bio_err,
+ "\nemailAddress type needs to be of type IA5STRING\n");
+ goto err;
+ }
+ if ((str->type != V_ASN1_BMPSTRING)
+ && (str->type != V_ASN1_UTF8STRING)) {
+ j = ASN1_PRINTABLE_type(str->data, str->length);
+ if (((j == V_ASN1_T61STRING) &&
+ (str->type != V_ASN1_T61STRING)) ||
+ ((j == V_ASN1_IA5STRING) &&
+ (str->type == V_ASN1_PRINTABLESTRING))) {
+ BIO_printf(bio_err,
+ "\nThe string contains characters that are illegal for the ASN.1 type\n");
+ goto err;
+ }
+ }
+
+ if (default_op)
+ old_entry_print(bio_err, obj, str);
+ }
+
+ /* Ok, now we check the 'policy' stuff. */
+ if ((subject = X509_NAME_new()) == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+
+ /* take a copy of the issuer name before we mess with it. */
+ if (selfsign)
+ CAname = X509_NAME_dup(name);
+ else
+ CAname = X509_NAME_dup(x509->cert_info->subject);
+ if (CAname == NULL)
+ goto err;
+ str = str2 = NULL;
+
+ for (i = 0; i < sk_CONF_VALUE_num(policy); i++) {
+ cv = sk_CONF_VALUE_value(policy, i); /* get the object id */
+ if ((j = OBJ_txt2nid(cv->name)) == NID_undef) {
+ BIO_printf(bio_err,
+ "%s:unknown object type in 'policy' configuration\n",
+ cv->name);
+ goto err;
+ }
+ obj = OBJ_nid2obj(j);
+
+ last = -1;
+ for (;;) {
+ /* lookup the object in the supplied name list */
+ j = X509_NAME_get_index_by_OBJ(name, obj, last);
+ if (j < 0) {
+ if (last != -1)
+ break;
+ tne = NULL;
+ } else {
+ tne = X509_NAME_get_entry(name, j);
+ }
+ last = j;
+
+ /* depending on the 'policy', decide what to do. */
+ push = NULL;
+ if (strcmp(cv->value, "optional") == 0) {
+ if (tne != NULL)
+ push = tne;
+ } else if (strcmp(cv->value, "supplied") == 0) {
+ if (tne == NULL) {
+ BIO_printf(bio_err,
+ "The %s field needed to be supplied and was missing\n",
+ cv->name);
+ goto err;
+ } else
+ push = tne;
+ } else if (strcmp(cv->value, "match") == 0) {
+ int last2;
+
+ if (tne == NULL) {
+ BIO_printf(bio_err,
+ "The mandatory %s field was missing\n",
+ cv->name);
+ goto err;
+ }
+
+ last2 = -1;
+
+ again2:
+ j = X509_NAME_get_index_by_OBJ(CAname, obj, last2);
+ if ((j < 0) && (last2 == -1)) {
+ BIO_printf(bio_err,
+ "The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",
+ cv->name);
+ goto err;
+ }
+ if (j >= 0) {
+ push = X509_NAME_get_entry(CAname, j);
+ str = X509_NAME_ENTRY_get_data(tne);
+ str2 = X509_NAME_ENTRY_get_data(push);
+ last2 = j;
+ if (ASN1_STRING_cmp(str, str2) != 0)
+ goto again2;
+ }
+ if (j < 0) {
+ BIO_printf(bio_err,
+ "The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",
+ cv->name,
+ ((str2 == NULL) ? "NULL" : (char *)str2->data),
+ ((str == NULL) ? "NULL" : (char *)str->data));
+ goto err;
+ }
+ } else {
+ BIO_printf(bio_err,
+ "%s:invalid type in 'policy' configuration\n",
+ cv->value);
+ goto err;
+ }
+
+ if (push != NULL) {
+ if (!X509_NAME_add_entry(subject, push, -1, 0)) {
+ if (push != NULL)
+ X509_NAME_ENTRY_free(push);
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ }
+ if (j < 0)
+ break;
+ }
+ }
+
+ if (preserve) {
+ X509_NAME_free(subject);
+ /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
+ subject = X509_NAME_dup(name);
+ if (subject == NULL)
+ goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err,
+ "The subject name appears to be ok, checking data base for clashes\n");
+
+ /* Build the correct Subject if no e-mail is wanted in the subject */
+ /*
+ * and add it later on because of the method extensions are added
+ * (altName)
+ */
+
+ if (email_dn)
+ dn_subject = subject;
+ else {
+ X509_NAME_ENTRY *tmpne;
+ /*
+ * Its best to dup the subject DN and then delete any email addresses
+ * because this retains its structure.
+ */
+ if (!(dn_subject = X509_NAME_dup(subject))) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ while ((i = X509_NAME_get_index_by_NID(dn_subject,
+ NID_pkcs9_emailAddress,
+ -1)) >= 0) {
+ tmpne = X509_NAME_get_entry(dn_subject, i);
+ X509_NAME_delete_entry(dn_subject, i);
+ X509_NAME_ENTRY_free(tmpne);
+ }
+ }
+
+ if (BN_is_zero(serial))
+ row[DB_serial] = BUF_strdup("00");
+ else
+ row[DB_serial] = BN_bn2hex(serial);
+ if (row[DB_serial] == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+
+ if (db->attributes.unique_subject) {
+ rrow = TXT_DB_get_by_index(db->db, DB_name, row);
+ if (rrow != NULL) {
+ BIO_printf(bio_err,
+ "ERROR:There is already a certificate for %s\n",
+ row[DB_name]);
+ }
+ }
+ if (rrow == NULL) {
+ rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+ if (rrow != NULL) {
+ BIO_printf(bio_err,
+ "ERROR:Serial number %s has already been issued,\n",
+ row[DB_serial]);
+ BIO_printf(bio_err,
+ " check the database/serial_file for corruption\n");
+ }
+ }
+
+ if (rrow != NULL) {
+ BIO_printf(bio_err, "The matching entry has the following details\n");
+ if (rrow[DB_type][0] == 'E')
+ p = "Expired";
+ else if (rrow[DB_type][0] == 'R')
+ p = "Revoked";
+ else if (rrow[DB_type][0] == 'V')
+ p = "Valid";
+ else
+ p = "\ninvalid type, Data base error\n";
+ BIO_printf(bio_err, "Type :%s\n", p);;
+ if (rrow[DB_type][0] == 'R') {
+ p = rrow[DB_exp_date];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Was revoked on:%s\n", p);
+ }
+ p = rrow[DB_exp_date];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Expires on :%s\n", p);
+ p = rrow[DB_serial];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Serial Number :%s\n", p);
+ p = rrow[DB_file];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "File name :%s\n", p);
+ p = rrow[DB_name];
+ if (p == NULL)
+ p = "undef";
+ BIO_printf(bio_err, "Subject Name :%s\n", p);
+ ok = -1; /* This is now a 'bad' error. */
+ goto err;
+ }
+
+ /* We are now totally happy, lets make and sign the certificate */
+ if (verbose)
+ BIO_printf(bio_err,
+ "Everything appears to be ok, creating and signing the certificate\n");
+
+ if ((ret = X509_new()) == NULL)
+ goto err;
+ ci = ret->cert_info;
+
+#ifdef X509_V3
+ /* Make it an X509 v3 certificate. */
+ if (!X509_set_version(ret, 2))
+ goto err;
+#endif
+
+ if (BN_to_ASN1_INTEGER(serial, ci->serialNumber) == NULL)
+ goto err;
+ if (selfsign) {
+ if (!X509_set_issuer_name(ret, subject))
+ goto err;
+ } else {
+ if (!X509_set_issuer_name(ret, X509_get_subject_name(x509)))
+ goto err;
+ }
+
+ if (strcmp(startdate, "today") == 0)
+ X509_gmtime_adj(X509_get_notBefore(ret), 0);
+ else
+ ASN1_UTCTIME_set_string(X509_get_notBefore(ret), startdate);
+
+ if (enddate == NULL)
+ X509_gmtime_adj(X509_get_notAfter(ret), (long)60 * 60 * 24 * days);
+ else
+ ASN1_UTCTIME_set_string(X509_get_notAfter(ret), enddate);
+
+ if (!X509_set_subject_name(ret, subject))
+ goto err;
+
+ pktmp = X509_REQ_get_pubkey(req);
+ i = X509_set_pubkey(ret, pktmp);
+ EVP_PKEY_free(pktmp);
+ if (!i)
+ goto err;
+
+ /* Lets add the extensions, if there are any */
+ if (ext_sect) {
+ X509V3_CTX ctx;
+ if (ci->version == NULL)
+ if ((ci->version = ASN1_INTEGER_new()) == NULL)
+ goto err;
+ ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
+
+ /*
+ * Free the current entries if any, there should not be any I believe
+ */
+ if (ci->extensions != NULL)
+ sk_X509_EXTENSION_pop_free(ci->extensions, X509_EXTENSION_free);
+
+ ci->extensions = NULL;
+
+ /* Initialize the context structure */
+ if (selfsign)
+ X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0);
+ else
+ X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
+
+ if (extconf) {
+ if (verbose)
+ BIO_printf(bio_err, "Extra configuration file found\n");
+
+ /* Use the extconf configuration db LHASH */
+ X509V3_set_nconf(&ctx, extconf);
+
+ /* Test the structure (needed?) */
+ /* X509V3_set_ctx_test(&ctx); */
+
+ /* Adds exts contained in the configuration file */
+ if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect, ret)) {
+ BIO_printf(bio_err,
+ "ERROR: adding extensions in section %s\n",
+ ext_sect);
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (verbose)
+ BIO_printf(bio_err,
+ "Successfully added extensions from file.\n");
+ } else if (ext_sect) {
+ /* We found extensions to be set from config file */
+ X509V3_set_nconf(&ctx, lconf);
+
+ if (!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret)) {
+ BIO_printf(bio_err,
+ "ERROR: adding extensions in section %s\n",
+ ext_sect);
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ if (verbose)
+ BIO_printf(bio_err,
+ "Successfully added extensions from config\n");
+ }
+ }
+
+ /* Copy extensions from request (if any) */
+
+ if (!copy_extensions(ret, req, ext_copy)) {
+ BIO_printf(bio_err, "ERROR: adding extensions from request\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ /* Set the right value for the noemailDN option */
+ if (email_dn == 0) {
+ if (!X509_set_subject_name(ret, dn_subject))
+ goto err;
+ }
+
+ if (!default_op) {
+ BIO_printf(bio_err, "Certificate Details:\n");
+ /*
+ * Never print signature details because signature not present
+ */
+ certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
+ X509_print_ex(bio_err, ret, nameopt, certopt);
+ }
+
+ BIO_printf(bio_err, "Certificate is to be certified until ");
+ ASN1_TIME_print(bio_err, X509_get_notAfter(ret));
+ if (days)
+ BIO_printf(bio_err, " (%ld days)", days);
+ BIO_printf(bio_err, "\n");
+
+ if (!batch) {
+
+ BIO_printf(bio_err, "Sign the certificate? [y/n]:");
+ (void)BIO_flush(bio_err);
+ buf[0] = '\0';
+ if (!fgets(buf, sizeof(buf) - 1, stdin)) {
+ BIO_printf(bio_err,
+ "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
+ ok = 0;
+ goto err;
+ }
+ if (!((buf[0] == 'y') || (buf[0] == 'Y'))) {
+ BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED\n");
+ ok = 0;
+ goto err;
+ }
+ }
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ dgst = EVP_dss1();
+ pktmp = X509_get_pubkey(ret);
+ if (EVP_PKEY_missing_parameters(pktmp) &&
+ !EVP_PKEY_missing_parameters(pkey))
+ EVP_PKEY_copy_parameters(pktmp, pkey);
+ EVP_PKEY_free(pktmp);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ dgst = EVP_ecdsa();
+ pktmp = X509_get_pubkey(ret);
+ if (EVP_PKEY_missing_parameters(pktmp) &&
+ !EVP_PKEY_missing_parameters(pkey))
+ EVP_PKEY_copy_parameters(pktmp, pkey);
+ EVP_PKEY_free(pktmp);
+#endif
+
+ if (!X509_sign(ret, pkey, dgst))
+ goto err;
+
+ /* We now just add it to the database */
+ row[DB_type] = (char *)OPENSSL_malloc(2);
+
+ tm = X509_get_notAfter(ret);
+ row[DB_exp_date] = (char *)OPENSSL_malloc(tm->length + 1);
+ memcpy(row[DB_exp_date], tm->data, tm->length);
+ row[DB_exp_date][tm->length] = '\0';
+
+ row[DB_rev_date] = NULL;
+
+ /* row[DB_serial] done already */
+ row[DB_file] = (char *)OPENSSL_malloc(8);
+ row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
+
+ if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+ (row[DB_file] == NULL) || (row[DB_name] == NULL)) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ BUF_strlcpy(row[DB_file], "unknown", 8);
+ row[DB_type][0] = 'V';
+ row[DB_type][1] = '\0';
+
+ if ((irow =
+ (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+
+ for (i = 0; i < DB_NUMBER; i++) {
+ irow[i] = row[i];
+ row[i] = NULL;
+ }
+ irow[DB_NUMBER] = NULL;
+
+ if (!TXT_DB_insert(db->db, irow)) {
+ BIO_printf(bio_err, "failed to update database\n");
+ BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+ goto err;
+ }
+ ok = 1;
+ err:
+ for (i = 0; i < DB_NUMBER; i++)
+ if (row[i] != NULL)
+ OPENSSL_free(row[i]);
+
+ if (CAname != NULL)
+ X509_NAME_free(CAname);
+ if (subject != NULL)
+ X509_NAME_free(subject);
+ if ((dn_subject != NULL) && !email_dn)
+ X509_NAME_free(dn_subject);
+ if (tmptm != NULL)
+ ASN1_UTCTIME_free(tmptm);
+ if (ok <= 0) {
+ if (ret != NULL)
+ X509_free(ret);
+ ret = NULL;
+ } else
+ *xret = ret;
+ return (ok);
+}
+
+static void write_new_certificate(BIO *bp, X509 *x, int output_der,
+ int notext)
+{
+
+ if (output_der) {
+ (void)i2d_X509_bio(bp, x);
+ return;
+ }
+#if 0
+ /* ??? Not needed since X509_print prints all this stuff anyway */
+ f = X509_NAME_oneline(X509_get_issuer_name(x), buf, 256);
+ BIO_printf(bp, "issuer :%s\n", f);
+
+ f = X509_NAME_oneline(X509_get_subject_name(x), buf, 256);
+ BIO_printf(bp, "subject:%s\n", f);
+
+ BIO_puts(bp, "serial :");
+ i2a_ASN1_INTEGER(bp, x->cert_info->serialNumber);
+ BIO_puts(bp, "\n\n");
+#endif
+ if (!notext)
+ X509_print(bp, x);
+ PEM_write_bio_X509(bp, x);
+}
+
+static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey,
+ X509 *x509, const EVP_MD *dgst,
+ STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+ BIGNUM *serial, char *subj, unsigned long chtype,
+ int multirdn, int email_dn, char *startdate,
+ char *enddate, long days, char *ext_sect,
+ CONF *lconf, int verbose, unsigned long certopt,
+ unsigned long nameopt, int default_op, int ext_copy)
+{
+ STACK_OF(CONF_VALUE) *sk = NULL;
+ LHASH *parms = NULL;
+ X509_REQ *req = NULL;
+ CONF_VALUE *cv = NULL;
+ NETSCAPE_SPKI *spki = NULL;
+ X509_REQ_INFO *ri;
+ char *type, *buf;
+ EVP_PKEY *pktmp = NULL;
+ X509_NAME *n = NULL;
+ X509_NAME_ENTRY *ne = NULL;
+ int ok = -1, i, j;
+ long errline;
+ int nid;
+
+ /*
+ * Load input file into a hash table. (This is just an easy
+ * way to read and parse the file, then put it into a convenient
+ * STACK format).
+ */
+ parms = CONF_load(NULL, infile, &errline);
+ if (parms == NULL) {
+ BIO_printf(bio_err, "error on line %ld of %s\n", errline, infile);
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ sk = CONF_get_section(parms, "default");
+ if (sk_CONF_VALUE_num(sk) == 0) {
+ BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
+ CONF_free(parms);
+ goto err;
+ }
+
+ /*
+ * Now create a dummy X509 request structure. We don't actually
+ * have an X509 request, but we have many of the components
+ * (a public key, various DN components). The idea is that we
+ * put these components into the right X509 request structure
+ * and we can use the same code as if you had a real X509 request.
+ */
+ req = X509_REQ_new();
+ if (req == NULL) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ /*
+ * Build up the subject name set.
+ */
+ ri = req->req_info;
+ n = ri->subject;
+
+ for (i = 0;; i++) {
+ if (sk_CONF_VALUE_num(sk) <= i)
+ break;
+
+ cv = sk_CONF_VALUE_value(sk, i);
+ type = cv->name;
+ /*
+ * Skip past any leading X. X: X, etc to allow for multiple instances
+ */
+ for (buf = cv->name; *buf; buf++)
+ if ((*buf == ':') || (*buf == ',') || (*buf == '.')) {
+ buf++;
+ if (*buf)
+ type = buf;
+ break;
+ }
+
+ buf = cv->value;
+ if ((nid = OBJ_txt2nid(type)) == NID_undef) {
+ if (strcmp(type, "SPKAC") == 0) {
+ spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
+ if (spki == NULL) {
+ BIO_printf(bio_err,
+ "unable to load Netscape SPKAC structure\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ }
+ continue;
+ }
+
+ if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+ (unsigned char *)buf, -1, -1, 0))
+ goto err;
+ }
+ if (spki == NULL) {
+ BIO_printf(bio_err, "Netscape SPKAC structure not found in %s\n",
+ infile);
+ goto err;
+ }
+
+ /*
+ * Now extract the key from the SPKI structure.
+ */
+
+ BIO_printf(bio_err,
+ "Check that the SPKAC request matches the signature\n");
+
+ if ((pktmp = NETSCAPE_SPKI_get_pubkey(spki)) == NULL) {
+ BIO_printf(bio_err, "error unpacking SPKAC public key\n");
+ goto err;
+ }
+
+ j = NETSCAPE_SPKI_verify(spki, pktmp);
+ if (j <= 0) {
+ BIO_printf(bio_err,
+ "signature verification failed on SPKAC public key\n");
+ goto err;
+ }
+ BIO_printf(bio_err, "Signature ok\n");
+
+ X509_REQ_set_pubkey(req, pktmp);
+ EVP_PKEY_free(pktmp);
+ ok = do_body(xret, pkey, x509, dgst, policy, db, serial, subj, chtype,
+ multirdn, email_dn, startdate, enddate, days, 1, verbose,
+ req, ext_sect, lconf, certopt, nameopt, default_op, ext_copy,
+ 0);
+ err:
+ if (req != NULL)
+ X509_REQ_free(req);
+ if (parms != NULL)
+ CONF_free(parms);
+ if (spki != NULL)
+ NETSCAPE_SPKI_free(spki);
+ if (ne != NULL)
+ X509_NAME_ENTRY_free(ne);
+
+ return (ok);
+}
+
+static int check_time_format(const char *str)
+{
+ ASN1_TIME tm;
+
+ tm.data = (unsigned char *)str;
+ tm.length = strlen(str);
+ tm.type = V_ASN1_UTCTIME;
+ if (ASN1_TIME_check(&tm))
+ return 1;
+ tm.type = V_ASN1_GENERALIZEDTIME;
+ return ASN1_TIME_check(&tm);
+}
+
+static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
+{
+ ASN1_UTCTIME *tm = NULL;
+ char *row[DB_NUMBER], **rrow, **irow;
+ char *rev_str = NULL;
+ BIGNUM *bn = NULL;
+ int ok = -1, i;
+
+ for (i = 0; i < DB_NUMBER; i++)
+ row[i] = NULL;
+ row[DB_name] = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0);
+ bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509), NULL);
+ if (BN_is_zero(bn))
+ row[DB_serial] = BUF_strdup("00");
+ else
+ row[DB_serial] = BN_bn2hex(bn);
+ BN_free(bn);
+ if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ /*
+ * We have to lookup by serial number because name lookup skips revoked
+ * certs
+ */
+ rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+ if (rrow == NULL) {
+ BIO_printf(bio_err,
+ "Adding Entry with serial number %s to DB for %s\n",
+ row[DB_serial], row[DB_name]);
+
+ /* We now just add it to the database */
+ row[DB_type] = (char *)OPENSSL_malloc(2);
+
+ tm = X509_get_notAfter(x509);
+ row[DB_exp_date] = (char *)OPENSSL_malloc(tm->length + 1);
+ memcpy(row[DB_exp_date], tm->data, tm->length);
+ row[DB_exp_date][tm->length] = '\0';
+
+ row[DB_rev_date] = NULL;
+
+ /* row[DB_serial] done already */
+ row[DB_file] = (char *)OPENSSL_malloc(8);
+
+ /* row[DB_name] done already */
+
+ if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+ (row[DB_file] == NULL)) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+ BUF_strlcpy(row[DB_file], "unknown", 8);
+ row[DB_type][0] = 'V';
+ row[DB_type][1] = '\0';
+
+ if ((irow =
+ (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) ==
+ NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto err;
+ }
+
+ for (i = 0; i < DB_NUMBER; i++) {
+ irow[i] = row[i];
+ row[i] = NULL;
+ }
+ irow[DB_NUMBER] = NULL;
+
+ if (!TXT_DB_insert(db->db, irow)) {
+ BIO_printf(bio_err, "failed to update database\n");
+ BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+ goto err;
+ }
+
+ /* Revoke Certificate */
+ ok = do_revoke(x509, db, type, value);
+
+ goto err;
+
+ } else if (index_name_cmp((const char **)row, (const char **)rrow)) {
+ BIO_printf(bio_err, "ERROR:name does not match %s\n", row[DB_name]);
+ goto err;
+ } else if (rrow[DB_type][0] == 'R') {
+ BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n",
+ row[DB_serial]);
+ goto err;
+ } else {
+ BIO_printf(bio_err, "Revoking Certificate %s.\n", rrow[DB_serial]);
+ rev_str = make_revocation_str(type, value);
+ if (!rev_str) {
+ BIO_printf(bio_err, "Error in revocation arguments\n");
+ goto err;
+ }
+ rrow[DB_type][0] = 'R';
+ rrow[DB_type][1] = '\0';
+ rrow[DB_rev_date] = rev_str;
+ }
+ ok = 1;
+ err:
+ for (i = 0; i < DB_NUMBER; i++) {
+ if (row[i] != NULL)
+ OPENSSL_free(row[i]);
+ }
+ return (ok);
+}
+
+static int get_certificate_status(const char *serial, CA_DB *db)
+{
+ char *row[DB_NUMBER], **rrow;
+ int ok = -1, i;
+
+ /* Free Resources */
+ for (i = 0; i < DB_NUMBER; i++)
+ row[i] = NULL;
+
+ /* Malloc needed char spaces */
+ row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2);
+ if (row[DB_serial] == NULL) {
+ BIO_printf(bio_err, "Malloc failure\n");
+ goto err;
+ }
+
+ if (strlen(serial) % 2) {
+ /*
+ * Set the first char to 0
+ */ ;
+ row[DB_serial][0] = '0';
+
+ /* Copy String from serial to row[DB_serial] */
+ memcpy(row[DB_serial] + 1, serial, strlen(serial));
+ row[DB_serial][strlen(serial) + 1] = '\0';
+ } else {
+ /* Copy String from serial to row[DB_serial] */
+ memcpy(row[DB_serial], serial, strlen(serial));
+ row[DB_serial][strlen(serial)] = '\0';
+ }
+
+ /* Make it Upper Case */
+ for (i = 0; row[DB_serial][i] != '\0'; i++)
+ row[DB_serial][i] = toupper(row[DB_serial][i]);
+
+ ok = 1;
+
+ /* Search for the certificate */
+ rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+ if (rrow == NULL) {
+ BIO_printf(bio_err, "Serial %s not present in db.\n", row[DB_serial]);
+ ok = -1;
+ goto err;
+ } else if (rrow[DB_type][0] == 'V') {
+ BIO_printf(bio_err, "%s=Valid (%c)\n",
+ row[DB_serial], rrow[DB_type][0]);
+ goto err;
+ } else if (rrow[DB_type][0] == 'R') {
+ BIO_printf(bio_err, "%s=Revoked (%c)\n",
+ row[DB_serial], rrow[DB_type][0]);
+ goto err;
+ } else if (rrow[DB_type][0] == 'E') {
+ BIO_printf(bio_err, "%s=Expired (%c)\n",
+ row[DB_serial], rrow[DB_type][0]);
+ goto err;
+ } else if (rrow[DB_type][0] == 'S') {
+ BIO_printf(bio_err, "%s=Suspended (%c)\n",
+ row[DB_serial], rrow[DB_type][0]);
+ goto err;
+ } else {
+ BIO_printf(bio_err, "%s=Unknown (%c).\n",
+ row[DB_serial], rrow[DB_type][0]);
+ ok = -1;
+ }
+ err:
+ for (i = 0; i < DB_NUMBER; i++) {
+ if (row[i] != NULL)
+ OPENSSL_free(row[i]);
+ }
+ return (ok);
+}
+
+static int do_updatedb(CA_DB *db)
+{
+ ASN1_UTCTIME *a_tm = NULL;
+ int i, cnt = 0;
+ int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
+ char **rrow, *a_tm_s;
+
+ a_tm = ASN1_UTCTIME_new();
+
+ /* get actual time and make a string */
+ a_tm = X509_gmtime_adj(a_tm, 0);
+ a_tm_s = (char *)OPENSSL_malloc(a_tm->length + 1);
+ if (a_tm_s == NULL) {
+ cnt = -1;
+ goto err;
+ }
+
+ memcpy(a_tm_s, a_tm->data, a_tm->length);
+ a_tm_s[a_tm->length] = '\0';
+
+ if (strncmp(a_tm_s, "49", 2) <= 0)
+ a_y2k = 1;
+ else
+ a_y2k = 0;
+
+ for (i = 0; i < sk_num(db->db->data); i++) {
+ rrow = (char **)sk_value(db->db->data, i);
+
+ if (rrow[DB_type][0] == 'V') {
+ /* ignore entries that are not valid */
+ if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
+ db_y2k = 1;
+ else
+ db_y2k = 0;
+
+ if (db_y2k == a_y2k) {
+ /* all on the same y2k side */
+ if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
+ rrow[DB_type][0] = 'E';
+ rrow[DB_type][1] = '\0';
+ cnt++;
+
+ BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
+ }
+ } else if (db_y2k < a_y2k) {
+ rrow[DB_type][0] = 'E';
+ rrow[DB_type][1] = '\0';
+ cnt++;
+
+ BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
+ }
+
+ }
+ }
+
+ err:
+
+ ASN1_UTCTIME_free(a_tm);
+ OPENSSL_free(a_tm_s);
+
+ return (cnt);
+}
+
+static const char *crl_reasons[] = {
+ /* CRL reason strings */
+ "unspecified",
+ "keyCompromise",
+ "CACompromise",
+ "affiliationChanged",
+ "superseded",
+ "cessationOfOperation",
+ "certificateHold",
+ "removeFromCRL",
+ /* Additional pseudo reasons */
+ "holdInstruction",
+ "keyTime",
+ "CAkeyTime"
+};
+
+#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *))
+
+/*
+ * Given revocation information convert to a DB string. The format of the
+ * string is: revtime[,reason,extra]. Where 'revtime' is the revocation time
+ * (the current time). 'reason' is the optional CRL reason and 'extra' is any
+ * additional argument
+ */
+
+char *make_revocation_str(int rev_type, char *rev_arg)
+{
+ char *other = NULL, *str;
+ const char *reason = NULL;
+ ASN1_OBJECT *otmp;
+ ASN1_UTCTIME *revtm = NULL;
+ int i;
+ switch (rev_type) {
+ case REV_NONE:
+ break;
+
+ case REV_CRL_REASON:
+ for (i = 0; i < 8; i++) {
+ if (!strcasecmp(rev_arg, crl_reasons[i])) {
+ reason = crl_reasons[i];
+ break;
+ }
+ }
+ if (reason == NULL) {
+ BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);
+ return NULL;
+ }
+ break;
+
+ case REV_HOLD:
+ /* Argument is an OID */
+
+ otmp = OBJ_txt2obj(rev_arg, 0);
+ ASN1_OBJECT_free(otmp);
+
+ if (otmp == NULL) {
+ BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
+ return NULL;
+ }
+
+ reason = "holdInstruction";
+ other = rev_arg;
+ break;
+
+ case REV_KEY_COMPROMISE:
+ case REV_CA_COMPROMISE:
+
+ /* Argument is the key compromise time */
+ if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) {
+ BIO_printf(bio_err,
+ "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n",
+ rev_arg);
+ return NULL;
+ }
+ other = rev_arg;
+ if (rev_type == REV_KEY_COMPROMISE)
+ reason = "keyTime";
+ else
+ reason = "CAkeyTime";
+
+ break;
+
+ }
+
+ revtm = X509_gmtime_adj(NULL, 0);
+
+ if (!revtm)
+ return NULL;
+
+ i = revtm->length + 1;
+
+ if (reason)
+ i += strlen(reason) + 1;
+ if (other)
+ i += strlen(other) + 1;
+
+ str = OPENSSL_malloc(i);
+
+ if (!str)
+ return NULL;
+
+ BUF_strlcpy(str, (char *)revtm->data, i);
+ if (reason) {
+ BUF_strlcat(str, ",", i);
+ BUF_strlcat(str, reason, i);
+ }
+ if (other) {
+ BUF_strlcat(str, ",", i);
+ BUF_strlcat(str, other, i);
+ }
+ ASN1_UTCTIME_free(revtm);
+ return str;
+}
+
+/*-
+ * Convert revocation field to X509_REVOKED entry
+ * return code:
+ * 0 error
+ * 1 OK
+ * 2 OK and some extensions added (i.e. V2 CRL)
+ */
+
+int make_revoked(X509_REVOKED *rev, const char *str)
+{
+ char *tmp = NULL;
+ int reason_code = -1;
+ int i, ret = 0;
+ ASN1_OBJECT *hold = NULL;
+ ASN1_GENERALIZEDTIME *comp_time = NULL;
+ ASN1_ENUMERATED *rtmp = NULL;
+
+ ASN1_TIME *revDate = NULL;
+
+ i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
+
+ if (i == 0)
+ goto err;
+
+ if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
+ goto err;
+
+ if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) {
+ rtmp = ASN1_ENUMERATED_new();
+ if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
+ goto err;
+ if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
+ goto err;
+ }
+
+ if (rev && comp_time) {
+ if (!X509_REVOKED_add1_ext_i2d
+ (rev, NID_invalidity_date, comp_time, 0, 0))
+ goto err;
+ }
+ if (rev && hold) {
+ if (!X509_REVOKED_add1_ext_i2d
+ (rev, NID_hold_instruction_code, hold, 0, 0))
+ goto err;
+ }
+
+ if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
+ ret = 2;
+ else
+ ret = 1;
+
+ err:
+
+ if (tmp)
+ OPENSSL_free(tmp);
+ ASN1_OBJECT_free(hold);
+ ASN1_GENERALIZEDTIME_free(comp_time);
+ ASN1_ENUMERATED_free(rtmp);
+ ASN1_TIME_free(revDate);
+
+ return ret;
+}
+
+int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
+{
+ char buf[25], *pbuf, *p;
+ int j;
+ j = i2a_ASN1_OBJECT(bp, obj);
+ pbuf = buf;
+ for (j = 22 - j; j > 0; j--)
+ *(pbuf++) = ' ';
+ *(pbuf++) = ':';
+ *(pbuf++) = '\0';
+ BIO_puts(bp, buf);
+
+ if (str->type == V_ASN1_PRINTABLESTRING)
+ BIO_printf(bp, "PRINTABLE:'");
+ else if (str->type == V_ASN1_T61STRING)
+ BIO_printf(bp, "T61STRING:'");
+ else if (str->type == V_ASN1_IA5STRING)
+ BIO_printf(bp, "IA5STRING:'");
+ else if (str->type == V_ASN1_UNIVERSALSTRING)
+ BIO_printf(bp, "UNIVERSALSTRING:'");
+ else
+ BIO_printf(bp, "ASN.1 %2d:'", str->type);
+
+ p = (char *)str->data;
+ for (j = str->length; j > 0; j--) {
+#ifdef CHARSET_EBCDIC
+ if ((*p >= 0x20) && (*p <= 0x7e))
+ BIO_printf(bp, "%c", os_toebcdic[*p]);
+#else
+ if ((*p >= ' ') && (*p <= '~'))
+ BIO_printf(bp, "%c", *p);
+#endif
+ else if (*p & 0x80)
+ BIO_printf(bp, "\\0x%02X", *p);
+ else if ((unsigned char)*p == 0xf7)
+ BIO_printf(bp, "^?");
+#ifdef CHARSET_EBCDIC
+ else
+ BIO_printf(bp, "^%c", os_toebcdic[*p + 0x40]);
+#else
+ else
+ BIO_printf(bp, "^%c", *p + '@');
+#endif
+ p++;
+ }
+ BIO_printf(bp, "'\n");
+ return 1;
+}
+
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+ ASN1_GENERALIZEDTIME **pinvtm, const char *str)
+{
+ char *tmp = NULL;
+ char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
+ int reason_code = -1;
+ int ret = 0;
+ unsigned int i;
+ ASN1_OBJECT *hold = NULL;
+ ASN1_GENERALIZEDTIME *comp_time = NULL;
+ tmp = BUF_strdup(str);
+
+ p = strchr(tmp, ',');
+
+ rtime_str = tmp;
+
+ if (p) {
+ *p = '\0';
+ p++;
+ reason_str = p;
+ p = strchr(p, ',');
+ if (p) {
+ *p = '\0';
+ arg_str = p + 1;
+ }
+ }
+
+ if (prevtm) {
+ *prevtm = ASN1_UTCTIME_new();
+ if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
+ BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
+ goto err;
+ }
+ }
+ if (reason_str) {
+ for (i = 0; i < NUM_REASONS; i++) {
+ if (!strcasecmp(reason_str, crl_reasons[i])) {
+ reason_code = i;
+ break;
+ }
+ }
+ if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS) {
+ BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
+ goto err;
+ }
+
+ if (reason_code == 7)
+ reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
+ else if (reason_code == 8) { /* Hold instruction */
+ if (!arg_str) {
+ BIO_printf(bio_err, "missing hold instruction\n");
+ goto err;
+ }
+ reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
+ hold = OBJ_txt2obj(arg_str, 0);
+
+ if (!hold) {
+ BIO_printf(bio_err, "invalid object identifier %s\n",
+ arg_str);
+ goto err;
+ }
+ if (phold)
+ *phold = hold;
+ } else if ((reason_code == 9) || (reason_code == 10)) {
+ if (!arg_str) {
+ BIO_printf(bio_err, "missing compromised time\n");
+ goto err;
+ }
+ comp_time = ASN1_GENERALIZEDTIME_new();
+ if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) {
+ BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
+ goto err;
+ }
+ if (reason_code == 9)
+ reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
+ else
+ reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
+ }
+ }
+
+ if (preason)
+ *preason = reason_code;
+ if (pinvtm)
+ *pinvtm = comp_time;
+ else
+ ASN1_GENERALIZEDTIME_free(comp_time);
+
+ ret = 1;
+
+ err:
+
+ if (tmp)
+ OPENSSL_free(tmp);
+ if (!phold)
+ ASN1_OBJECT_free(hold);
+ if (!pinvtm)
+ ASN1_GENERALIZEDTIME_free(comp_time);
+
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/ciphers.c
===================================================================
--- vendor-crypto/openssl/dist/apps/ciphers.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/ciphers.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,208 +0,0 @@
-/* apps/ciphers.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG ciphers_main
-
-static const char *ciphers_usage[]={
-"usage: ciphers args\n",
-" -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
-" -ssl2 - SSL2 mode\n",
-" -ssl3 - SSL3 mode\n",
-" -tls1 - TLS1 mode\n",
-NULL
-};
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int ret=1,i;
- int verbose=0;
- const char **pp;
- const char *p;
- int badops=0;
- SSL_CTX *ctx=NULL;
- SSL *ssl=NULL;
- char *ciphers=NULL;
- SSL_METHOD *meth=NULL;
- STACK_OF(SSL_CIPHER) *sk;
- char buf[512];
- BIO *STDout=NULL;
-
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- meth=SSLv23_server_method();
-#elif !defined(OPENSSL_NO_SSL3)
- meth=SSLv3_server_method();
-#elif !defined(OPENSSL_NO_SSL2)
- meth=SSLv2_server_method();
-#endif
-
- apps_startup();
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
- STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- STDout = BIO_push(tmpbio, STDout);
- }
-#endif
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-v") == 0)
- verbose=1;
-#ifndef OPENSSL_NO_SSL2
- else if (strcmp(*argv,"-ssl2") == 0)
- meth=SSLv2_client_method();
-#endif
-#ifndef OPENSSL_NO_SSL3
- else if (strcmp(*argv,"-ssl3") == 0)
- meth=SSLv3_client_method();
-#endif
-#ifndef OPENSSL_NO_TLS1
- else if (strcmp(*argv,"-tls1") == 0)
- meth=TLSv1_client_method();
-#endif
- else if ((strncmp(*argv,"-h",2) == 0) ||
- (strcmp(*argv,"-?") == 0))
- {
- badops=1;
- break;
- }
- else
- {
- ciphers= *argv;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
- for (pp=ciphers_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
- goto end;
- }
-
- OpenSSL_add_ssl_algorithms();
-
- ctx=SSL_CTX_new(meth);
- if (ctx == NULL) goto err;
- if (ciphers != NULL) {
- if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
- BIO_printf(bio_err, "Error in cipher list\n");
- goto err;
- }
- }
- ssl=SSL_new(ctx);
- if (ssl == NULL) goto err;
-
-
- if (!verbose)
- {
- for (i=0; ; i++)
- {
- p=SSL_get_cipher_list(ssl,i);
- if (p == NULL) break;
- if (i != 0) BIO_printf(STDout,":");
- BIO_printf(STDout,"%s",p);
- }
- BIO_printf(STDout,"\n");
- }
- else
- {
- sk=SSL_get_ciphers(ssl);
-
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- BIO_puts(STDout,SSL_CIPHER_description(
- sk_SSL_CIPHER_value(sk,i),
- buf,sizeof buf));
- }
- }
-
- ret=0;
- if (0)
- {
-err:
- SSL_load_error_strings();
- ERR_print_errors(bio_err);
- }
-end:
- if (ctx != NULL) SSL_CTX_free(ctx);
- if (ssl != NULL) SSL_free(ssl);
- if (STDout != NULL) BIO_free_all(STDout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/apps/ciphers.c (from rev 6976, vendor-crypto/openssl/dist/apps/ciphers.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/ciphers.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/ciphers.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,201 @@
+/* apps/ciphers.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#undef PROG
+#define PROG ciphers_main
+
+static const char *ciphers_usage[] = {
+ "usage: ciphers args\n",
+ " -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
+ " -ssl2 - SSL2 mode\n",
+ " -ssl3 - SSL3 mode\n",
+ " -tls1 - TLS1 mode\n",
+ NULL
+};
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int ret = 1, i;
+ int verbose = 0;
+ const char **pp;
+ const char *p;
+ int badops = 0;
+ SSL_CTX *ctx = NULL;
+ SSL *ssl = NULL;
+ char *ciphers = NULL;
+ SSL_METHOD *meth = NULL;
+ STACK_OF(SSL_CIPHER) *sk;
+ char buf[512];
+ BIO *STDout = NULL;
+
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ meth = SSLv23_server_method();
+#elif !defined(OPENSSL_NO_SSL3)
+ meth = SSLv3_server_method();
+#elif !defined(OPENSSL_NO_SSL2)
+ meth = SSLv2_server_method();
+#endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+ STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ STDout = BIO_push(tmpbio, STDout);
+ }
+#endif
+
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-v") == 0)
+ verbose = 1;
+#ifndef OPENSSL_NO_SSL2
+ else if (strcmp(*argv, "-ssl2") == 0)
+ meth = SSLv2_client_method();
+#endif
+#ifndef OPENSSL_NO_SSL3
+ else if (strcmp(*argv, "-ssl3") == 0)
+ meth = SSLv3_client_method();
+#endif
+#ifndef OPENSSL_NO_TLS1
+ else if (strcmp(*argv, "-tls1") == 0)
+ meth = TLSv1_client_method();
+#endif
+ else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) {
+ badops = 1;
+ break;
+ } else {
+ ciphers = *argv;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ for (pp = ciphers_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err, "%s", *pp);
+ goto end;
+ }
+
+ OpenSSL_add_ssl_algorithms();
+
+ ctx = SSL_CTX_new(meth);
+ if (ctx == NULL)
+ goto err;
+ if (ciphers != NULL) {
+ if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
+ BIO_printf(bio_err, "Error in cipher list\n");
+ goto err;
+ }
+ }
+ ssl = SSL_new(ctx);
+ if (ssl == NULL)
+ goto err;
+
+ if (!verbose) {
+ for (i = 0;; i++) {
+ p = SSL_get_cipher_list(ssl, i);
+ if (p == NULL)
+ break;
+ if (i != 0)
+ BIO_printf(STDout, ":");
+ BIO_printf(STDout, "%s", p);
+ }
+ BIO_printf(STDout, "\n");
+ } else {
+ sk = SSL_get_ciphers(ssl);
+
+ for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+ BIO_puts(STDout,
+ SSL_CIPHER_description(sk_SSL_CIPHER_value(sk, i), buf,
+ sizeof buf));
+ }
+ }
+
+ ret = 0;
+ if (0) {
+ err:
+ SSL_load_error_strings();
+ ERR_print_errors(bio_err);
+ }
+ end:
+ if (ctx != NULL)
+ SSL_CTX_free(ctx);
+ if (ssl != NULL)
+ SSL_free(ssl);
+ if (STDout != NULL)
+ BIO_free_all(STDout);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/cms.c
===================================================================
--- vendor-crypto/openssl/dist/apps/cms.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/cms.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1351 +0,0 @@
-/* apps/cms.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/* CMS utility function */
-
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-
-#ifndef OPENSSL_NO_CMS
-
-#include <openssl/crypto.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/x509_vfy.h>
-#include <openssl/x509v3.h>
-#include <openssl/cms.h>
-
-#undef PROG
-#define PROG cms_main
-static int save_certs(char *signerfile, STACK_OF(X509) *signers);
-static int cms_cb(int ok, X509_STORE_CTX *ctx);
-static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
-static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
- STACK *rr_from);
-
-#define SMIME_OP 0x10
-#define SMIME_IP 0x20
-#define SMIME_SIGNERS 0x40
-#define SMIME_ENCRYPT (1 | SMIME_OP)
-#define SMIME_DECRYPT (2 | SMIME_IP)
-#define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
-#define SMIME_VERIFY (4 | SMIME_IP)
-#define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP)
-#define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
-#define SMIME_DATAOUT (7 | SMIME_IP)
-#define SMIME_DATA_CREATE (8 | SMIME_OP)
-#define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
-#define SMIME_DIGEST_CREATE (10 | SMIME_OP)
-#define SMIME_UNCOMPRESS (11 | SMIME_IP)
-#define SMIME_COMPRESS (12 | SMIME_OP)
-#define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
-#define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
-#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
-#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- int operation = 0;
- int ret = 0;
- char **args;
- const char *inmode = "r", *outmode = "w";
- char *infile = NULL, *outfile = NULL, *rctfile = NULL;
- char *signerfile = NULL, *recipfile = NULL;
- STACK *sksigners = NULL, *skkeys = NULL;
- char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
- char *certsoutfile = NULL;
- const EVP_CIPHER *cipher = NULL;
- CMS_ContentInfo *cms = NULL, *rcms = NULL;
- X509_STORE *store = NULL;
- X509 *cert = NULL, *recip = NULL, *signer = NULL;
- EVP_PKEY *key = NULL;
- STACK_OF(X509) *encerts = NULL, *other = NULL;
- BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
- int badarg = 0;
- int flags = CMS_DETACHED;
- int rr_print = 0, rr_allorfirst = -1;
- STACK *rr_to = NULL, *rr_from = NULL;
- CMS_ReceiptRequest *rr = NULL;
- char *to = NULL, *from = NULL, *subject = NULL;
- char *CAfile = NULL, *CApath = NULL;
- char *passargin = NULL, *passin = NULL;
- char *inrand = NULL;
- int need_rand = 0;
- const EVP_MD *sign_md = NULL;
- int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
- int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- unsigned char *secret_key = NULL, *secret_keyid = NULL;
- size_t secret_keylen = 0, secret_keyidlen = 0;
-
- ASN1_OBJECT *econtent_type = NULL;
-
- X509_VERIFY_PARAM *vpm = NULL;
-
- args = argv + 1;
- ret = 1;
-
- apps_startup();
-
- if (bio_err == NULL)
- {
- if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
- }
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- while (!badarg && *args && *args[0] == '-')
- {
- if (!strcmp (*args, "-encrypt"))
- operation = SMIME_ENCRYPT;
- else if (!strcmp (*args, "-decrypt"))
- operation = SMIME_DECRYPT;
- else if (!strcmp (*args, "-sign"))
- operation = SMIME_SIGN;
- else if (!strcmp (*args, "-sign_receipt"))
- operation = SMIME_SIGN_RECEIPT;
- else if (!strcmp (*args, "-resign"))
- operation = SMIME_RESIGN;
- else if (!strcmp (*args, "-verify"))
- operation = SMIME_VERIFY;
- else if (!strcmp(*args,"-verify_receipt"))
- {
- operation = SMIME_VERIFY_RECEIPT;
- if (!args[1])
- goto argerr;
- args++;
- rctfile = *args;
- }
- else if (!strcmp (*args, "-cmsout"))
- operation = SMIME_CMSOUT;
- else if (!strcmp (*args, "-data_out"))
- operation = SMIME_DATAOUT;
- else if (!strcmp (*args, "-data_create"))
- operation = SMIME_DATA_CREATE;
- else if (!strcmp (*args, "-digest_verify"))
- operation = SMIME_DIGEST_VERIFY;
- else if (!strcmp (*args, "-digest_create"))
- operation = SMIME_DIGEST_CREATE;
- else if (!strcmp (*args, "-compress"))
- operation = SMIME_COMPRESS;
- else if (!strcmp (*args, "-uncompress"))
- operation = SMIME_UNCOMPRESS;
- else if (!strcmp (*args, "-EncryptedData_decrypt"))
- operation = SMIME_ENCRYPTED_DECRYPT;
- else if (!strcmp (*args, "-EncryptedData_encrypt"))
- operation = SMIME_ENCRYPTED_ENCRYPT;
-#ifndef OPENSSL_NO_DES
- else if (!strcmp (*args, "-des3"))
- cipher = EVP_des_ede3_cbc();
- else if (!strcmp (*args, "-des"))
- cipher = EVP_des_cbc();
-#endif
-#ifndef OPENSSL_NO_SEED
- else if (!strcmp (*args, "-seed"))
- cipher = EVP_seed_cbc();
-#endif
-#ifndef OPENSSL_NO_RC2
- else if (!strcmp (*args, "-rc2-40"))
- cipher = EVP_rc2_40_cbc();
- else if (!strcmp (*args, "-rc2-128"))
- cipher = EVP_rc2_cbc();
- else if (!strcmp (*args, "-rc2-64"))
- cipher = EVP_rc2_64_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
- else if (!strcmp(*args,"-aes128"))
- cipher = EVP_aes_128_cbc();
- else if (!strcmp(*args,"-aes192"))
- cipher = EVP_aes_192_cbc();
- else if (!strcmp(*args,"-aes256"))
- cipher = EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- else if (!strcmp(*args,"-camellia128"))
- cipher = EVP_camellia_128_cbc();
- else if (!strcmp(*args,"-camellia192"))
- cipher = EVP_camellia_192_cbc();
- else if (!strcmp(*args,"-camellia256"))
- cipher = EVP_camellia_256_cbc();
-#endif
- else if (!strcmp (*args, "-debug_decrypt"))
- flags |= CMS_DEBUG_DECRYPT;
- else if (!strcmp (*args, "-text"))
- flags |= CMS_TEXT;
- else if (!strcmp (*args, "-nointern"))
- flags |= CMS_NOINTERN;
- else if (!strcmp (*args, "-noverify")
- || !strcmp (*args, "-no_signer_cert_verify"))
- flags |= CMS_NO_SIGNER_CERT_VERIFY;
- else if (!strcmp (*args, "-nocerts"))
- flags |= CMS_NOCERTS;
- else if (!strcmp (*args, "-noattr"))
- flags |= CMS_NOATTR;
- else if (!strcmp (*args, "-nodetach"))
- flags &= ~CMS_DETACHED;
- else if (!strcmp (*args, "-nosmimecap"))
- flags |= CMS_NOSMIMECAP;
- else if (!strcmp (*args, "-binary"))
- flags |= CMS_BINARY;
- else if (!strcmp (*args, "-keyid"))
- flags |= CMS_USE_KEYID;
- else if (!strcmp (*args, "-nosigs"))
- flags |= CMS_NOSIGS;
- else if (!strcmp (*args, "-no_content_verify"))
- flags |= CMS_NO_CONTENT_VERIFY;
- else if (!strcmp (*args, "-no_attr_verify"))
- flags |= CMS_NO_ATTR_VERIFY;
- else if (!strcmp (*args, "-stream"))
- {
- args++;
- continue;
- }
- else if (!strcmp (*args, "-indef"))
- {
- args++;
- continue;
- }
- else if (!strcmp (*args, "-noindef"))
- flags &= ~CMS_STREAM;
- else if (!strcmp (*args, "-nooldmime"))
- flags |= CMS_NOOLDMIMETYPE;
- else if (!strcmp (*args, "-crlfeol"))
- flags |= CMS_CRLFEOL;
- else if (!strcmp (*args, "-receipt_request_print"))
- rr_print = 1;
- else if (!strcmp (*args, "-receipt_request_all"))
- rr_allorfirst = 0;
- else if (!strcmp (*args, "-receipt_request_first"))
- rr_allorfirst = 1;
- else if (!strcmp(*args,"-receipt_request_from"))
- {
- if (!args[1])
- goto argerr;
- args++;
- if (!rr_from)
- rr_from = sk_new_null();
- sk_push(rr_from, *args);
- }
- else if (!strcmp(*args,"-receipt_request_to"))
- {
- if (!args[1])
- goto argerr;
- args++;
- if (!rr_to)
- rr_to = sk_new_null();
- sk_push(rr_to, *args);
- }
- else if (!strcmp(*args,"-secretkey"))
- {
- long ltmp;
- if (!args[1])
- goto argerr;
- args++;
- secret_key = string_to_hex(*args, <mp);
- if (!secret_key)
- {
- BIO_printf(bio_err, "Invalid key %s\n", *args);
- goto argerr;
- }
- secret_keylen = (size_t)ltmp;
- }
- else if (!strcmp(*args,"-secretkeyid"))
- {
- long ltmp;
- if (!args[1])
- goto argerr;
- args++;
- secret_keyid = string_to_hex(*args, <mp);
- if (!secret_keyid)
- {
- BIO_printf(bio_err, "Invalid id %s\n", *args);
- goto argerr;
- }
- secret_keyidlen = (size_t)ltmp;
- }
- else if (!strcmp(*args,"-econtent_type"))
- {
- if (!args[1])
- goto argerr;
- args++;
- econtent_type = OBJ_txt2obj(*args, 0);
- if (!econtent_type)
- {
- BIO_printf(bio_err, "Invalid OID %s\n", *args);
- goto argerr;
- }
- }
- else if (!strcmp(*args,"-rand"))
- {
- if (!args[1])
- goto argerr;
- args++;
- inrand = *args;
- need_rand = 1;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (!strcmp(*args,"-engine"))
- {
- if (!args[1])
- goto argerr;
- engine = *++args;
- }
-#endif
- else if (!strcmp(*args,"-passin"))
- {
- if (!args[1])
- goto argerr;
- passargin = *++args;
- }
- else if (!strcmp (*args, "-to"))
- {
- if (!args[1])
- goto argerr;
- to = *++args;
- }
- else if (!strcmp (*args, "-from"))
- {
- if (!args[1])
- goto argerr;
- from = *++args;
- }
- else if (!strcmp (*args, "-subject"))
- {
- if (!args[1])
- goto argerr;
- subject = *++args;
- }
- else if (!strcmp (*args, "-signer"))
- {
- if (!args[1])
- goto argerr;
- /* If previous -signer argument add signer to list */
-
- if (signerfile)
- {
- if (!sksigners)
- sksigners = sk_new_null();
- sk_push(sksigners, signerfile);
- if (!keyfile)
- keyfile = signerfile;
- if (!skkeys)
- skkeys = sk_new_null();
- sk_push(skkeys, keyfile);
- keyfile = NULL;
- }
- signerfile = *++args;
- }
- else if (!strcmp (*args, "-recip"))
- {
- if (!args[1])
- goto argerr;
- recipfile = *++args;
- }
- else if (!strcmp (*args, "-certsout"))
- {
- if (!args[1])
- goto argerr;
- certsoutfile = *++args;
- }
- else if (!strcmp (*args, "-md"))
- {
- if (!args[1])
- goto argerr;
- sign_md = EVP_get_digestbyname(*++args);
- if (sign_md == NULL)
- {
- BIO_printf(bio_err, "Unknown digest %s\n",
- *args);
- goto argerr;
- }
- }
- else if (!strcmp (*args, "-inkey"))
- {
- if (!args[1])
- goto argerr;
- /* If previous -inkey arument add signer to list */
- if (keyfile)
- {
- if (!signerfile)
- {
- BIO_puts(bio_err, "Illegal -inkey without -signer\n");
- goto argerr;
- }
- if (!sksigners)
- sksigners = sk_new_null();
- sk_push(sksigners, signerfile);
- signerfile = NULL;
- if (!skkeys)
- skkeys = sk_new_null();
- sk_push(skkeys, keyfile);
- }
- keyfile = *++args;
- }
- else if (!strcmp (*args, "-keyform"))
- {
- if (!args[1])
- goto argerr;
- keyform = str2fmt(*++args);
- }
- else if (!strcmp (*args, "-rctform"))
- {
- if (!args[1])
- goto argerr;
- rctformat = str2fmt(*++args);
- }
- else if (!strcmp (*args, "-certfile"))
- {
- if (!args[1])
- goto argerr;
- certfile = *++args;
- }
- else if (!strcmp (*args, "-CAfile"))
- {
- if (!args[1])
- goto argerr;
- CAfile = *++args;
- }
- else if (!strcmp (*args, "-CApath"))
- {
- if (!args[1])
- goto argerr;
- CApath = *++args;
- }
- else if (!strcmp (*args, "-in"))
- {
- if (!args[1])
- goto argerr;
- infile = *++args;
- }
- else if (!strcmp (*args, "-inform"))
- {
- if (!args[1])
- goto argerr;
- informat = str2fmt(*++args);
- }
- else if (!strcmp (*args, "-outform"))
- {
- if (!args[1])
- goto argerr;
- outformat = str2fmt(*++args);
- }
- else if (!strcmp (*args, "-out"))
- {
- if (!args[1])
- goto argerr;
- outfile = *++args;
- }
- else if (!strcmp (*args, "-content"))
- {
- if (!args[1])
- goto argerr;
- contfile = *++args;
- }
- else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
- continue;
- else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
- badarg = 1;
- args++;
- }
-
- if (((rr_allorfirst != -1) || rr_from) && !rr_to)
- {
- BIO_puts(bio_err, "No Signed Receipts Recipients\n");
- goto argerr;
- }
-
- if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from))
- {
- BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
- goto argerr;
- }
- if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
- {
- BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
- goto argerr;
- }
-
- if (operation & SMIME_SIGNERS)
- {
- if (keyfile && !signerfile)
- {
- BIO_puts(bio_err, "Illegal -inkey without -signer\n");
- goto argerr;
- }
- /* Check to see if any final signer needs to be appended */
- if (signerfile)
- {
- if (!sksigners)
- sksigners = sk_new_null();
- sk_push(sksigners, signerfile);
- if (!skkeys)
- skkeys = sk_new_null();
- if (!keyfile)
- keyfile = signerfile;
- sk_push(skkeys, keyfile);
- }
- if (!sksigners)
- {
- BIO_printf(bio_err, "No signer certificate specified\n");
- badarg = 1;
- }
- signerfile = NULL;
- keyfile = NULL;
- need_rand = 1;
- }
-
- else if (operation == SMIME_DECRYPT)
- {
- if (!recipfile && !keyfile && !secret_key)
- {
- BIO_printf(bio_err, "No recipient certificate or key specified\n");
- badarg = 1;
- }
- }
- else if (operation == SMIME_ENCRYPT)
- {
- if (!*args && !secret_key)
- {
- BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
- badarg = 1;
- }
- need_rand = 1;
- }
- else if (!operation)
- badarg = 1;
-
- if (badarg)
- {
- argerr:
- BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-encrypt encrypt message\n");
- BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
- BIO_printf (bio_err, "-sign sign message\n");
- BIO_printf (bio_err, "-verify verify signed message\n");
- BIO_printf (bio_err, "-cmsout output CMS structure\n");
-#ifndef OPENSSL_NO_DES
- BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
- BIO_printf (bio_err, "-des encrypt with DES\n");
-#endif
-#ifndef OPENSSL_NO_SEED
- BIO_printf (bio_err, "-seed encrypt with SEED\n");
-#endif
-#ifndef OPENSSL_NO_RC2
- BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
- BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
- BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
-#endif
- BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
- BIO_printf (bio_err, "-nosigs don't verify message signature\n");
- BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
- BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
- BIO_printf (bio_err, "-nodetach use opaque signing\n");
- BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
- BIO_printf (bio_err, "-binary don't translate message to text\n");
- BIO_printf (bio_err, "-certfile file other certificates file\n");
- BIO_printf (bio_err, "-certsout file certificate output file\n");
- BIO_printf (bio_err, "-signer file signer certificate file\n");
- BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
- BIO_printf (bio_err, "-keyid use subject key identifier\n");
- BIO_printf (bio_err, "-in file input file\n");
- BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
- BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
- BIO_printf (bio_err, "-out file output file\n");
- BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
- BIO_printf (bio_err, "-to addr to address\n");
- BIO_printf (bio_err, "-from ad from address\n");
- BIO_printf (bio_err, "-subject s subject\n");
- BIO_printf (bio_err, "-text include or delete text MIME headers\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
- BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
- BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
- BIO_printf(bio_err, " the random number generator\n");
- BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
- {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
- if (need_rand)
- {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
- ret = 2;
-
- if (!(operation & SMIME_SIGNERS))
- flags &= ~CMS_DETACHED;
-
- if (operation & SMIME_OP)
- {
- if (outformat == FORMAT_ASN1)
- outmode = "wb";
- }
- else
- {
- if (flags & CMS_BINARY)
- outmode = "wb";
- }
-
- if (operation & SMIME_IP)
- {
- if (informat == FORMAT_ASN1)
- inmode = "rb";
- }
- else
- {
- if (flags & CMS_BINARY)
- inmode = "rb";
- }
-
- if (operation == SMIME_ENCRYPT)
- {
- if (!cipher)
- {
-#ifndef OPENSSL_NO_DES
- cipher = EVP_des_ede3_cbc();
-#else
- BIO_printf(bio_err, "No cipher selected\n");
- goto end;
-#endif
- }
-
- if (secret_key && !secret_keyid)
- {
- BIO_printf(bio_err, "No sectre key id\n");
- goto end;
- }
-
- if (*args)
- encerts = sk_X509_new_null();
- while (*args)
- {
- if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
- NULL, e, "recipient certificate file")))
- goto end;
- sk_X509_push(encerts, cert);
- cert = NULL;
- args++;
- }
- }
-
- if (certfile)
- {
- if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
- e, "certificate file")))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (recipfile && (operation == SMIME_DECRYPT))
- {
- if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
- e, "recipient certificate file")))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (operation == SMIME_SIGN_RECEIPT)
- {
- if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM,NULL,
- e, "receipt signer certificate file")))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (operation == SMIME_DECRYPT)
- {
- if (!keyfile)
- keyfile = recipfile;
- }
- else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT))
- {
- if (!keyfile)
- keyfile = signerfile;
- }
- else keyfile = NULL;
-
- if (keyfile)
- {
- key = load_key(bio_err, keyfile, keyform, 0, passin, e,
- "signing key file");
- if (!key)
- goto end;
- }
-
- if (infile)
- {
- if (!(in = BIO_new_file(infile, inmode)))
- {
- BIO_printf (bio_err,
- "Can't open input file %s\n", infile);
- goto end;
- }
- }
- else
- in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
- if (operation & SMIME_IP)
- {
- if (informat == FORMAT_SMIME)
- cms = SMIME_read_CMS(in, &indata);
- else if (informat == FORMAT_PEM)
- cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
- else if (informat == FORMAT_ASN1)
- cms = d2i_CMS_bio(in, NULL);
- else
- {
- BIO_printf(bio_err, "Bad input format for CMS file\n");
- goto end;
- }
-
- if (!cms)
- {
- BIO_printf(bio_err, "Error reading S/MIME message\n");
- goto end;
- }
- if (contfile)
- {
- BIO_free(indata);
- if (!(indata = BIO_new_file(contfile, "rb")))
- {
- BIO_printf(bio_err, "Can't read content file %s\n", contfile);
- goto end;
- }
- }
- if (certsoutfile)
- {
- STACK_OF(X509) *allcerts;
- allcerts = CMS_get1_certs(cms);
- if (!save_certs(certsoutfile, allcerts))
- {
- BIO_printf(bio_err,
- "Error writing certs to %s\n",
- certsoutfile);
- ret = 5;
- goto end;
- }
- sk_X509_pop_free(allcerts, X509_free);
- }
- }
-
- if (rctfile)
- {
- char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
- if (!(rctin = BIO_new_file(rctfile, rctmode)))
- {
- BIO_printf (bio_err,
- "Can't open receipt file %s\n", rctfile);
- goto end;
- }
-
- if (rctformat == FORMAT_SMIME)
- rcms = SMIME_read_CMS(rctin, NULL);
- else if (rctformat == FORMAT_PEM)
- rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
- else if (rctformat == FORMAT_ASN1)
- rcms = d2i_CMS_bio(rctin, NULL);
- else
- {
- BIO_printf(bio_err, "Bad input format for receipt\n");
- goto end;
- }
-
- if (!rcms)
- {
- BIO_printf(bio_err, "Error reading receipt\n");
- goto end;
- }
- }
-
- if (outfile)
- {
- if (!(out = BIO_new_file(outfile, outmode)))
- {
- BIO_printf (bio_err,
- "Can't open output file %s\n", outfile);
- goto end;
- }
- }
- else
- {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
-
- if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT))
- {
- if (!(store = setup_verify(bio_err, CAfile, CApath)))
- goto end;
- X509_STORE_set_verify_cb_func(store, cms_cb);
- if (vpm)
- X509_STORE_set1_param(store, vpm);
- }
-
-
- ret = 3;
-
- if (operation == SMIME_DATA_CREATE)
- {
- cms = CMS_data_create(in, flags);
- }
- else if (operation == SMIME_DIGEST_CREATE)
- {
- cms = CMS_digest_create(in, sign_md, flags);
- }
- else if (operation == SMIME_COMPRESS)
- {
- cms = CMS_compress(in, -1, flags);
- }
- else if (operation == SMIME_ENCRYPT)
- {
- flags |= CMS_PARTIAL;
- cms = CMS_encrypt(encerts, in, cipher, flags);
- if (!cms)
- goto end;
- if (secret_key)
- {
- if (!CMS_add0_recipient_key(cms, NID_undef,
- secret_key, secret_keylen,
- secret_keyid, secret_keyidlen,
- NULL, NULL, NULL))
- goto end;
- /* NULL these because call absorbs them */
- secret_key = NULL;
- secret_keyid = NULL;
- }
- if (!(flags & CMS_STREAM))
- {
- if (!CMS_final(cms, in, NULL, flags))
- goto end;
- }
- }
- else if (operation == SMIME_ENCRYPTED_ENCRYPT)
- {
- cms = CMS_EncryptedData_encrypt(in, cipher,
- secret_key, secret_keylen,
- flags);
-
- }
- else if (operation == SMIME_SIGN_RECEIPT)
- {
- CMS_ContentInfo *srcms = NULL;
- STACK_OF(CMS_SignerInfo) *sis;
- CMS_SignerInfo *si;
- sis = CMS_get0_SignerInfos(cms);
- if (!sis)
- goto end;
- si = sk_CMS_SignerInfo_value(sis, 0);
- srcms = CMS_sign_receipt(si, signer, key, other, flags);
- if (!srcms)
- goto end;
- CMS_ContentInfo_free(cms);
- cms = srcms;
- }
- else if (operation & SMIME_SIGNERS)
- {
- int i;
- /* If detached data content we enable streaming if
- * S/MIME output format.
- */
- if (operation == SMIME_SIGN)
- {
-
- if (flags & CMS_DETACHED)
- {
- if (outformat == FORMAT_SMIME)
- flags |= CMS_STREAM;
- }
- flags |= CMS_PARTIAL;
- cms = CMS_sign(NULL, NULL, other, in, flags);
- if (!cms)
- goto end;
- if (econtent_type)
- CMS_set1_eContentType(cms, econtent_type);
-
- if (rr_to)
- {
- rr = make_receipt_request(rr_to, rr_allorfirst,
- rr_from);
- if (!rr)
- {
- BIO_puts(bio_err,
- "Signed Receipt Request Creation Error\n");
- goto end;
- }
- }
- }
- else
- flags |= CMS_REUSE_DIGEST;
- for (i = 0; i < sk_num(sksigners); i++)
- {
- CMS_SignerInfo *si;
- signerfile = sk_value(sksigners, i);
- keyfile = sk_value(skkeys, i);
- signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
- e, "signer certificate");
- if (!signer)
- goto end;
- key = load_key(bio_err, keyfile, keyform, 0, passin, e,
- "signing key file");
- if (!key)
- goto end;
- si = CMS_add1_signer(cms, signer, key, sign_md, flags);
- if (!si)
- goto end;
- if (rr && !CMS_add1_ReceiptRequest(si, rr))
- goto end;
- X509_free(signer);
- signer = NULL;
- EVP_PKEY_free(key);
- key = NULL;
- }
- /* If not streaming or resigning finalize structure */
- if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM))
- {
- if (!CMS_final(cms, in, NULL, flags))
- goto end;
- }
- }
-
- if (!cms)
- {
- BIO_printf(bio_err, "Error creating CMS structure\n");
- goto end;
- }
-
- ret = 4;
- if (operation == SMIME_DECRYPT)
- {
- if (flags & CMS_DEBUG_DECRYPT)
- CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
-
- if (secret_key)
- {
- if (!CMS_decrypt_set1_key(cms,
- secret_key, secret_keylen,
- secret_keyid, secret_keyidlen))
- {
- BIO_puts(bio_err,
- "Error decrypting CMS using secret key\n");
- goto end;
- }
- }
-
- if (key)
- {
- if (!CMS_decrypt_set1_pkey(cms, key, recip))
- {
- BIO_puts(bio_err,
- "Error decrypting CMS using private key\n");
- goto end;
- }
- }
-
- if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))
- {
- BIO_printf(bio_err, "Error decrypting CMS structure\n");
- goto end;
- }
- }
- else if (operation == SMIME_DATAOUT)
- {
- if (!CMS_data(cms, out, flags))
- goto end;
- }
- else if (operation == SMIME_UNCOMPRESS)
- {
- if (!CMS_uncompress(cms, indata, out, flags))
- goto end;
- }
- else if (operation == SMIME_DIGEST_VERIFY)
- {
- if (CMS_digest_verify(cms, indata, out, flags) > 0)
- BIO_printf(bio_err, "Verification successful\n");
- else
- {
- BIO_printf(bio_err, "Verification failure\n");
- goto end;
- }
- }
- else if (operation == SMIME_ENCRYPTED_DECRYPT)
- {
- if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
- indata, out, flags))
- goto end;
- }
- else if (operation == SMIME_VERIFY)
- {
- if (CMS_verify(cms, other, store, indata, out, flags) > 0)
- BIO_printf(bio_err, "Verification successful\n");
- else
- {
- BIO_printf(bio_err, "Verification failure\n");
- goto end;
- }
- if (signerfile)
- {
- STACK_OF(X509) *signers;
- signers = CMS_get0_signers(cms);
- if (!save_certs(signerfile, signers))
- {
- BIO_printf(bio_err,
- "Error writing signers to %s\n",
- signerfile);
- ret = 5;
- goto end;
- }
- sk_X509_free(signers);
- }
- if (rr_print)
- receipt_request_print(bio_err, cms);
-
- }
- else if (operation == SMIME_VERIFY_RECEIPT)
- {
- if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
- BIO_printf(bio_err, "Verification successful\n");
- else
- {
- BIO_printf(bio_err, "Verification failure\n");
- goto end;
- }
- }
- else
- {
- if (outformat == FORMAT_SMIME)
- {
- if (to)
- BIO_printf(out, "To: %s\n", to);
- if (from)
- BIO_printf(out, "From: %s\n", from);
- if (subject)
- BIO_printf(out, "Subject: %s\n", subject);
- if (operation == SMIME_RESIGN)
- ret = SMIME_write_CMS(out, cms, indata, flags);
- else
- ret = SMIME_write_CMS(out, cms, in, flags);
- }
- else if (outformat == FORMAT_PEM)
- ret = PEM_write_bio_CMS(out, cms);
- else if (outformat == FORMAT_ASN1)
- ret = i2d_CMS_bio(out,cms);
- else
- {
- BIO_printf(bio_err, "Bad output format for CMS file\n");
- goto end;
- }
- if (ret <= 0)
- {
- ret = 6;
- goto end;
- }
- }
- ret = 0;
-end:
- if (ret)
- ERR_print_errors(bio_err);
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
- sk_X509_pop_free(encerts, X509_free);
- sk_X509_pop_free(other, X509_free);
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
- if (sksigners)
- sk_free(sksigners);
- if (skkeys)
- sk_free(skkeys);
- if (secret_key)
- OPENSSL_free(secret_key);
- if (secret_keyid)
- OPENSSL_free(secret_keyid);
- if (econtent_type)
- ASN1_OBJECT_free(econtent_type);
- if (rr)
- CMS_ReceiptRequest_free(rr);
- if (rr_to)
- sk_free(rr_to);
- if (rr_from)
- sk_free(rr_from);
- X509_STORE_free(store);
- X509_free(cert);
- X509_free(recip);
- X509_free(signer);
- EVP_PKEY_free(key);
- CMS_ContentInfo_free(cms);
- CMS_ContentInfo_free(rcms);
- BIO_free(rctin);
- BIO_free(in);
- BIO_free(indata);
- BIO_free_all(out);
- if (passin) OPENSSL_free(passin);
- return (ret);
-}
-
-static int save_certs(char *signerfile, STACK_OF(X509) *signers)
- {
- int i;
- BIO *tmp;
- if (!signerfile)
- return 1;
- tmp = BIO_new_file(signerfile, "w");
- if (!tmp) return 0;
- for(i = 0; i < sk_X509_num(signers); i++)
- PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
- BIO_free(tmp);
- return 1;
- }
-
-
-/* Minimal callback just to output policy info (if any) */
-
-static int cms_cb(int ok, X509_STORE_CTX *ctx)
- {
- int error;
-
- error = X509_STORE_CTX_get_error(ctx);
-
- if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
- && ((error != X509_V_OK) || (ok != 2)))
- return ok;
-
- policies_print(NULL, ctx);
-
- return ok;
-
- }
-
-static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
- {
- STACK_OF(GENERAL_NAME) *gens;
- GENERAL_NAME *gen;
- int i, j;
- for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++)
- {
- gens = sk_GENERAL_NAMES_value(gns, i);
- for (j = 0; j < sk_GENERAL_NAME_num(gens); j++)
- {
- gen = sk_GENERAL_NAME_value(gens, j);
- BIO_puts(out, " ");
- GENERAL_NAME_print(out, gen);
- BIO_puts(out, "\n");
- }
- }
- return;
- }
-
-static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
- {
- STACK_OF(CMS_SignerInfo) *sis;
- CMS_SignerInfo *si;
- CMS_ReceiptRequest *rr;
- int allorfirst;
- STACK_OF(GENERAL_NAMES) *rto, *rlist;
- ASN1_STRING *scid;
- int i, rv;
- sis = CMS_get0_SignerInfos(cms);
- for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++)
- {
- si = sk_CMS_SignerInfo_value(sis, i);
- rv = CMS_get1_ReceiptRequest(si, &rr);
- BIO_printf(bio_err, "Signer %d:\n", i + 1);
- if (rv == 0)
- BIO_puts(bio_err, " No Receipt Request\n");
- else if (rv < 0)
- {
- BIO_puts(bio_err, " Receipt Request Parse Error\n");
- ERR_print_errors(bio_err);
- }
- else
- {
- char *id;
- int idlen;
- CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
- &rlist, &rto);
- BIO_puts(out, " Signed Content ID:\n");
- idlen = ASN1_STRING_length(scid);
- id = (char *)ASN1_STRING_data(scid);
- BIO_dump_indent(out, id, idlen, 4);
- BIO_puts(out, " Receipts From");
- if (rlist)
- {
- BIO_puts(out, " List:\n");
- gnames_stack_print(out, rlist);
- }
- else if (allorfirst == 1)
- BIO_puts(out, ": First Tier\n");
- else if (allorfirst == 0)
- BIO_puts(out, ": All\n");
- else
- BIO_printf(out, " Unknown (%d)\n", allorfirst);
- BIO_puts(out, " Receipts To:\n");
- gnames_stack_print(out, rto);
- }
- if (rr)
- CMS_ReceiptRequest_free(rr);
- }
- }
-
-static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns)
- {
- int i;
- STACK_OF(GENERAL_NAMES) *ret;
- GENERAL_NAMES *gens = NULL;
- GENERAL_NAME *gen = NULL;
- ret = sk_GENERAL_NAMES_new_null();
- if (!ret)
- goto err;
- for (i = 0; i < sk_num(ns); i++)
- {
- CONF_VALUE cnf;
- cnf.name = "email";
- cnf.value = sk_value(ns, i);
- gen = v2i_GENERAL_NAME(NULL, NULL, &cnf);
- if (!gen)
- goto err;
- gens = GENERAL_NAMES_new();
- if (!gens)
- goto err;
- if (!sk_GENERAL_NAME_push(gens, gen))
- goto err;
- gen = NULL;
- if (!sk_GENERAL_NAMES_push(ret, gens))
- goto err;
- gens = NULL;
- }
-
- return ret;
-
- err:
- if (ret)
- sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
- if (gens)
- GENERAL_NAMES_free(gens);
- if (gen)
- GENERAL_NAME_free(gen);
- return NULL;
- }
-
-
-static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,
- STACK *rr_from)
- {
- STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
- CMS_ReceiptRequest *rr;
- rct_to = make_names_stack(rr_to);
- if (!rct_to)
- goto err;
- if (rr_from)
- {
- rct_from = make_names_stack(rr_from);
- if (!rct_from)
- goto err;
- }
- else
- rct_from = NULL;
- rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
- rct_to);
- return rr;
- err:
- return NULL;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/cms.c (from rev 6976, vendor-crypto/openssl/dist/apps/cms.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/cms.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/cms.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1183 @@
+/* apps/cms.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+/* CMS utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+
+#ifndef OPENSSL_NO_CMS
+
+# include <openssl/crypto.h>
+# include <openssl/pem.h>
+# include <openssl/err.h>
+# include <openssl/x509_vfy.h>
+# include <openssl/x509v3.h>
+# include <openssl/cms.h>
+
+# undef PROG
+# define PROG cms_main
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int cms_cb(int ok, X509_STORE_CTX *ctx);
+static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);
+static CMS_ReceiptRequest *make_receipt_request(STACK * rr_to,
+ int rr_allorfirst,
+ STACK * rr_from);
+
+# define SMIME_OP 0x10
+# define SMIME_IP 0x20
+# define SMIME_SIGNERS 0x40
+# define SMIME_ENCRYPT (1 | SMIME_OP)
+# define SMIME_DECRYPT (2 | SMIME_IP)
+# define SMIME_SIGN (3 | SMIME_OP | SMIME_SIGNERS)
+# define SMIME_VERIFY (4 | SMIME_IP)
+# define SMIME_CMSOUT (5 | SMIME_IP | SMIME_OP)
+# define SMIME_RESIGN (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+# define SMIME_DATAOUT (7 | SMIME_IP)
+# define SMIME_DATA_CREATE (8 | SMIME_OP)
+# define SMIME_DIGEST_VERIFY (9 | SMIME_IP)
+# define SMIME_DIGEST_CREATE (10 | SMIME_OP)
+# define SMIME_UNCOMPRESS (11 | SMIME_IP)
+# define SMIME_COMPRESS (12 | SMIME_OP)
+# define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
+# define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
+# define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)
+# define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ int operation = 0;
+ int ret = 0;
+ char **args;
+ const char *inmode = "r", *outmode = "w";
+ char *infile = NULL, *outfile = NULL, *rctfile = NULL;
+ char *signerfile = NULL, *recipfile = NULL;
+ STACK *sksigners = NULL, *skkeys = NULL;
+ char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
+ char *certsoutfile = NULL;
+ const EVP_CIPHER *cipher = NULL;
+ CMS_ContentInfo *cms = NULL, *rcms = NULL;
+ X509_STORE *store = NULL;
+ X509 *cert = NULL, *recip = NULL, *signer = NULL;
+ EVP_PKEY *key = NULL;
+ STACK_OF(X509) *encerts = NULL, *other = NULL;
+ BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
+ int badarg = 0;
+ int flags = CMS_DETACHED;
+ int rr_print = 0, rr_allorfirst = -1;
+ STACK *rr_to = NULL, *rr_from = NULL;
+ CMS_ReceiptRequest *rr = NULL;
+ char *to = NULL, *from = NULL, *subject = NULL;
+ char *CAfile = NULL, *CApath = NULL;
+ char *passargin = NULL, *passin = NULL;
+ char *inrand = NULL;
+ int need_rand = 0;
+ const EVP_MD *sign_md = NULL;
+ int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+ int rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
+# ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+# endif
+ unsigned char *secret_key = NULL, *secret_keyid = NULL;
+ size_t secret_keylen = 0, secret_keyidlen = 0;
+
+ ASN1_OBJECT *econtent_type = NULL;
+
+ X509_VERIFY_PARAM *vpm = NULL;
+
+ args = argv + 1;
+ ret = 1;
+
+ apps_startup();
+
+ if (bio_err == NULL) {
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ }
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp(*args, "-encrypt"))
+ operation = SMIME_ENCRYPT;
+ else if (!strcmp(*args, "-decrypt"))
+ operation = SMIME_DECRYPT;
+ else if (!strcmp(*args, "-sign"))
+ operation = SMIME_SIGN;
+ else if (!strcmp(*args, "-sign_receipt"))
+ operation = SMIME_SIGN_RECEIPT;
+ else if (!strcmp(*args, "-resign"))
+ operation = SMIME_RESIGN;
+ else if (!strcmp(*args, "-verify"))
+ operation = SMIME_VERIFY;
+ else if (!strcmp(*args, "-verify_receipt")) {
+ operation = SMIME_VERIFY_RECEIPT;
+ if (!args[1])
+ goto argerr;
+ args++;
+ rctfile = *args;
+ } else if (!strcmp(*args, "-cmsout"))
+ operation = SMIME_CMSOUT;
+ else if (!strcmp(*args, "-data_out"))
+ operation = SMIME_DATAOUT;
+ else if (!strcmp(*args, "-data_create"))
+ operation = SMIME_DATA_CREATE;
+ else if (!strcmp(*args, "-digest_verify"))
+ operation = SMIME_DIGEST_VERIFY;
+ else if (!strcmp(*args, "-digest_create"))
+ operation = SMIME_DIGEST_CREATE;
+ else if (!strcmp(*args, "-compress"))
+ operation = SMIME_COMPRESS;
+ else if (!strcmp(*args, "-uncompress"))
+ operation = SMIME_UNCOMPRESS;
+ else if (!strcmp(*args, "-EncryptedData_decrypt"))
+ operation = SMIME_ENCRYPTED_DECRYPT;
+ else if (!strcmp(*args, "-EncryptedData_encrypt"))
+ operation = SMIME_ENCRYPTED_ENCRYPT;
+# ifndef OPENSSL_NO_DES
+ else if (!strcmp(*args, "-des3"))
+ cipher = EVP_des_ede3_cbc();
+ else if (!strcmp(*args, "-des"))
+ cipher = EVP_des_cbc();
+# endif
+# ifndef OPENSSL_NO_SEED
+ else if (!strcmp(*args, "-seed"))
+ cipher = EVP_seed_cbc();
+# endif
+# ifndef OPENSSL_NO_RC2
+ else if (!strcmp(*args, "-rc2-40"))
+ cipher = EVP_rc2_40_cbc();
+ else if (!strcmp(*args, "-rc2-128"))
+ cipher = EVP_rc2_cbc();
+ else if (!strcmp(*args, "-rc2-64"))
+ cipher = EVP_rc2_64_cbc();
+# endif
+# ifndef OPENSSL_NO_AES
+ else if (!strcmp(*args, "-aes128"))
+ cipher = EVP_aes_128_cbc();
+ else if (!strcmp(*args, "-aes192"))
+ cipher = EVP_aes_192_cbc();
+ else if (!strcmp(*args, "-aes256"))
+ cipher = EVP_aes_256_cbc();
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ else if (!strcmp(*args, "-camellia128"))
+ cipher = EVP_camellia_128_cbc();
+ else if (!strcmp(*args, "-camellia192"))
+ cipher = EVP_camellia_192_cbc();
+ else if (!strcmp(*args, "-camellia256"))
+ cipher = EVP_camellia_256_cbc();
+# endif
+ else if (!strcmp(*args, "-debug_decrypt"))
+ flags |= CMS_DEBUG_DECRYPT;
+ else if (!strcmp(*args, "-text"))
+ flags |= CMS_TEXT;
+ else if (!strcmp(*args, "-nointern"))
+ flags |= CMS_NOINTERN;
+ else if (!strcmp(*args, "-noverify")
+ || !strcmp(*args, "-no_signer_cert_verify"))
+ flags |= CMS_NO_SIGNER_CERT_VERIFY;
+ else if (!strcmp(*args, "-nocerts"))
+ flags |= CMS_NOCERTS;
+ else if (!strcmp(*args, "-noattr"))
+ flags |= CMS_NOATTR;
+ else if (!strcmp(*args, "-nodetach"))
+ flags &= ~CMS_DETACHED;
+ else if (!strcmp(*args, "-nosmimecap"))
+ flags |= CMS_NOSMIMECAP;
+ else if (!strcmp(*args, "-binary"))
+ flags |= CMS_BINARY;
+ else if (!strcmp(*args, "-keyid"))
+ flags |= CMS_USE_KEYID;
+ else if (!strcmp(*args, "-nosigs"))
+ flags |= CMS_NOSIGS;
+ else if (!strcmp(*args, "-no_content_verify"))
+ flags |= CMS_NO_CONTENT_VERIFY;
+ else if (!strcmp(*args, "-no_attr_verify"))
+ flags |= CMS_NO_ATTR_VERIFY;
+ else if (!strcmp(*args, "-stream")) {
+ args++;
+ continue;
+ } else if (!strcmp(*args, "-indef")) {
+ args++;
+ continue;
+ } else if (!strcmp(*args, "-noindef"))
+ flags &= ~CMS_STREAM;
+ else if (!strcmp(*args, "-nooldmime"))
+ flags |= CMS_NOOLDMIMETYPE;
+ else if (!strcmp(*args, "-crlfeol"))
+ flags |= CMS_CRLFEOL;
+ else if (!strcmp(*args, "-receipt_request_print"))
+ rr_print = 1;
+ else if (!strcmp(*args, "-receipt_request_all"))
+ rr_allorfirst = 0;
+ else if (!strcmp(*args, "-receipt_request_first"))
+ rr_allorfirst = 1;
+ else if (!strcmp(*args, "-receipt_request_from")) {
+ if (!args[1])
+ goto argerr;
+ args++;
+ if (!rr_from)
+ rr_from = sk_new_null();
+ sk_push(rr_from, *args);
+ } else if (!strcmp(*args, "-receipt_request_to")) {
+ if (!args[1])
+ goto argerr;
+ args++;
+ if (!rr_to)
+ rr_to = sk_new_null();
+ sk_push(rr_to, *args);
+ } else if (!strcmp(*args, "-secretkey")) {
+ long ltmp;
+ if (!args[1])
+ goto argerr;
+ args++;
+ secret_key = string_to_hex(*args, <mp);
+ if (!secret_key) {
+ BIO_printf(bio_err, "Invalid key %s\n", *args);
+ goto argerr;
+ }
+ secret_keylen = (size_t)ltmp;
+ } else if (!strcmp(*args, "-secretkeyid")) {
+ long ltmp;
+ if (!args[1])
+ goto argerr;
+ args++;
+ secret_keyid = string_to_hex(*args, <mp);
+ if (!secret_keyid) {
+ BIO_printf(bio_err, "Invalid id %s\n", *args);
+ goto argerr;
+ }
+ secret_keyidlen = (size_t)ltmp;
+ } else if (!strcmp(*args, "-econtent_type")) {
+ if (!args[1])
+ goto argerr;
+ args++;
+ econtent_type = OBJ_txt2obj(*args, 0);
+ if (!econtent_type) {
+ BIO_printf(bio_err, "Invalid OID %s\n", *args);
+ goto argerr;
+ }
+ } else if (!strcmp(*args, "-rand")) {
+ if (!args[1])
+ goto argerr;
+ args++;
+ inrand = *args;
+ need_rand = 1;
+ }
+# ifndef OPENSSL_NO_ENGINE
+ else if (!strcmp(*args, "-engine")) {
+ if (!args[1])
+ goto argerr;
+ engine = *++args;
+ }
+# endif
+ else if (!strcmp(*args, "-passin")) {
+ if (!args[1])
+ goto argerr;
+ passargin = *++args;
+ } else if (!strcmp(*args, "-to")) {
+ if (!args[1])
+ goto argerr;
+ to = *++args;
+ } else if (!strcmp(*args, "-from")) {
+ if (!args[1])
+ goto argerr;
+ from = *++args;
+ } else if (!strcmp(*args, "-subject")) {
+ if (!args[1])
+ goto argerr;
+ subject = *++args;
+ } else if (!strcmp(*args, "-signer")) {
+ if (!args[1])
+ goto argerr;
+ /* If previous -signer argument add signer to list */
+
+ if (signerfile) {
+ if (!sksigners)
+ sksigners = sk_new_null();
+ sk_push(sksigners, signerfile);
+ if (!keyfile)
+ keyfile = signerfile;
+ if (!skkeys)
+ skkeys = sk_new_null();
+ sk_push(skkeys, keyfile);
+ keyfile = NULL;
+ }
+ signerfile = *++args;
+ } else if (!strcmp(*args, "-recip")) {
+ if (!args[1])
+ goto argerr;
+ recipfile = *++args;
+ } else if (!strcmp(*args, "-certsout")) {
+ if (!args[1])
+ goto argerr;
+ certsoutfile = *++args;
+ } else if (!strcmp(*args, "-md")) {
+ if (!args[1])
+ goto argerr;
+ sign_md = EVP_get_digestbyname(*++args);
+ if (sign_md == NULL) {
+ BIO_printf(bio_err, "Unknown digest %s\n", *args);
+ goto argerr;
+ }
+ } else if (!strcmp(*args, "-inkey")) {
+ if (!args[1])
+ goto argerr;
+ /* If previous -inkey arument add signer to list */
+ if (keyfile) {
+ if (!signerfile) {
+ BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+ goto argerr;
+ }
+ if (!sksigners)
+ sksigners = sk_new_null();
+ sk_push(sksigners, signerfile);
+ signerfile = NULL;
+ if (!skkeys)
+ skkeys = sk_new_null();
+ sk_push(skkeys, keyfile);
+ }
+ keyfile = *++args;
+ } else if (!strcmp(*args, "-keyform")) {
+ if (!args[1])
+ goto argerr;
+ keyform = str2fmt(*++args);
+ } else if (!strcmp(*args, "-rctform")) {
+ if (!args[1])
+ goto argerr;
+ rctformat = str2fmt(*++args);
+ } else if (!strcmp(*args, "-certfile")) {
+ if (!args[1])
+ goto argerr;
+ certfile = *++args;
+ } else if (!strcmp(*args, "-CAfile")) {
+ if (!args[1])
+ goto argerr;
+ CAfile = *++args;
+ } else if (!strcmp(*args, "-CApath")) {
+ if (!args[1])
+ goto argerr;
+ CApath = *++args;
+ } else if (!strcmp(*args, "-in")) {
+ if (!args[1])
+ goto argerr;
+ infile = *++args;
+ } else if (!strcmp(*args, "-inform")) {
+ if (!args[1])
+ goto argerr;
+ informat = str2fmt(*++args);
+ } else if (!strcmp(*args, "-outform")) {
+ if (!args[1])
+ goto argerr;
+ outformat = str2fmt(*++args);
+ } else if (!strcmp(*args, "-out")) {
+ if (!args[1])
+ goto argerr;
+ outfile = *++args;
+ } else if (!strcmp(*args, "-content")) {
+ if (!args[1])
+ goto argerr;
+ contfile = *++args;
+ } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+ continue;
+ else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
+ badarg = 1;
+ args++;
+ }
+
+ if (((rr_allorfirst != -1) || rr_from) && !rr_to) {
+ BIO_puts(bio_err, "No Signed Receipts Recipients\n");
+ goto argerr;
+ }
+
+ if (!(operation & SMIME_SIGNERS) && (rr_to || rr_from)) {
+ BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
+ goto argerr;
+ }
+ if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
+ BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+ goto argerr;
+ }
+
+ if (operation & SMIME_SIGNERS) {
+ if (keyfile && !signerfile) {
+ BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+ goto argerr;
+ }
+ /* Check to see if any final signer needs to be appended */
+ if (signerfile) {
+ if (!sksigners)
+ sksigners = sk_new_null();
+ sk_push(sksigners, signerfile);
+ if (!skkeys)
+ skkeys = sk_new_null();
+ if (!keyfile)
+ keyfile = signerfile;
+ sk_push(skkeys, keyfile);
+ }
+ if (!sksigners) {
+ BIO_printf(bio_err, "No signer certificate specified\n");
+ badarg = 1;
+ }
+ signerfile = NULL;
+ keyfile = NULL;
+ need_rand = 1;
+ }
+
+ else if (operation == SMIME_DECRYPT) {
+ if (!recipfile && !keyfile && !secret_key) {
+ BIO_printf(bio_err,
+ "No recipient certificate or key specified\n");
+ badarg = 1;
+ }
+ } else if (operation == SMIME_ENCRYPT) {
+ if (!*args && !secret_key) {
+ BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+ badarg = 1;
+ }
+ need_rand = 1;
+ } else if (!operation)
+ badarg = 1;
+
+ if (badarg) {
+ argerr:
+ BIO_printf(bio_err, "Usage cms [options] cert.pem ...\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-encrypt encrypt message\n");
+ BIO_printf(bio_err, "-decrypt decrypt encrypted message\n");
+ BIO_printf(bio_err, "-sign sign message\n");
+ BIO_printf(bio_err, "-verify verify signed message\n");
+ BIO_printf(bio_err, "-cmsout output CMS structure\n");
+# ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err, "-des3 encrypt with triple DES\n");
+ BIO_printf(bio_err, "-des encrypt with DES\n");
+# endif
+# ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err, "-seed encrypt with SEED\n");
+# endif
+# ifndef OPENSSL_NO_RC2
+ BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
+ BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n");
+ BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n");
+# endif
+# ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc aes\n");
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc camellia\n");
+# endif
+ BIO_printf(bio_err,
+ "-nointern don't search certificates in message for signer\n");
+ BIO_printf(bio_err,
+ "-nosigs don't verify message signature\n");
+ BIO_printf(bio_err,
+ "-noverify don't verify signers certificate\n");
+ BIO_printf(bio_err,
+ "-nocerts don't include signers certificate when signing\n");
+ BIO_printf(bio_err, "-nodetach use opaque signing\n");
+ BIO_printf(bio_err,
+ "-noattr don't include any signed attributes\n");
+ BIO_printf(bio_err,
+ "-binary don't translate message to text\n");
+ BIO_printf(bio_err, "-certfile file other certificates file\n");
+ BIO_printf(bio_err, "-certsout file certificate output file\n");
+ BIO_printf(bio_err, "-signer file signer certificate file\n");
+ BIO_printf(bio_err,
+ "-recip file recipient certificate file for decryption\n");
+ BIO_printf(bio_err, "-keyid use subject key identifier\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err,
+ "-inform arg input format SMIME (default), PEM or DER\n");
+ BIO_printf(bio_err,
+ "-inkey file input private key (if not signer or recipient)\n");
+ BIO_printf(bio_err,
+ "-keyform arg input private key format (PEM or ENGINE)\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err,
+ "-outform arg output format SMIME (default), PEM or DER\n");
+ BIO_printf(bio_err,
+ "-content file supply or override content for detached signature\n");
+ BIO_printf(bio_err, "-to addr to address\n");
+ BIO_printf(bio_err, "-from ad from address\n");
+ BIO_printf(bio_err, "-subject s subject\n");
+ BIO_printf(bio_err,
+ "-text include or delete text MIME headers\n");
+ BIO_printf(bio_err,
+ "-CApath dir trusted certificates directory\n");
+ BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf(bio_err,
+ "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf(bio_err,
+ "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ "-engine e use engine e, possibly a hardware device.\n");
+# endif
+ BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+ LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err,
+ " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err,
+ "cert.pem recipient certificate(s) for encryption\n");
+ goto end;
+ }
+# ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+# endif
+
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (need_rand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ ret = 2;
+
+ if (!(operation & SMIME_SIGNERS))
+ flags &= ~CMS_DETACHED;
+
+ if (operation & SMIME_OP) {
+ if (outformat == FORMAT_ASN1)
+ outmode = "wb";
+ } else {
+ if (flags & CMS_BINARY)
+ outmode = "wb";
+ }
+
+ if (operation & SMIME_IP) {
+ if (informat == FORMAT_ASN1)
+ inmode = "rb";
+ } else {
+ if (flags & CMS_BINARY)
+ inmode = "rb";
+ }
+
+ if (operation == SMIME_ENCRYPT) {
+ if (!cipher) {
+# ifndef OPENSSL_NO_DES
+ cipher = EVP_des_ede3_cbc();
+# else
+ BIO_printf(bio_err, "No cipher selected\n");
+ goto end;
+# endif
+ }
+
+ if (secret_key && !secret_keyid) {
+ BIO_printf(bio_err, "No sectre key id\n");
+ goto end;
+ }
+
+ if (*args)
+ encerts = sk_X509_new_null();
+ while (*args) {
+ if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
+ NULL, e, "recipient certificate file")))
+ goto end;
+ sk_X509_push(encerts, cert);
+ cert = NULL;
+ args++;
+ }
+ }
+
+ if (certfile) {
+ if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
+ e, "certificate file"))) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (recipfile && (operation == SMIME_DECRYPT)) {
+ if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
+ e, "recipient certificate file"))) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (operation == SMIME_SIGN_RECEIPT) {
+ if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
+ e, "receipt signer certificate file"))) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (operation == SMIME_DECRYPT) {
+ if (!keyfile)
+ keyfile = recipfile;
+ } else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) {
+ if (!keyfile)
+ keyfile = signerfile;
+ } else
+ keyfile = NULL;
+
+ if (keyfile) {
+ key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "signing key file");
+ if (!key)
+ goto end;
+ }
+
+ if (infile) {
+ if (!(in = BIO_new_file(infile, inmode))) {
+ BIO_printf(bio_err, "Can't open input file %s\n", infile);
+ goto end;
+ }
+ } else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if (operation & SMIME_IP) {
+ if (informat == FORMAT_SMIME)
+ cms = SMIME_read_CMS(in, &indata);
+ else if (informat == FORMAT_PEM)
+ cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
+ else if (informat == FORMAT_ASN1)
+ cms = d2i_CMS_bio(in, NULL);
+ else {
+ BIO_printf(bio_err, "Bad input format for CMS file\n");
+ goto end;
+ }
+
+ if (!cms) {
+ BIO_printf(bio_err, "Error reading S/MIME message\n");
+ goto end;
+ }
+ if (contfile) {
+ BIO_free(indata);
+ if (!(indata = BIO_new_file(contfile, "rb"))) {
+ BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+ goto end;
+ }
+ }
+ if (certsoutfile) {
+ STACK_OF(X509) *allcerts;
+ allcerts = CMS_get1_certs(cms);
+ if (!save_certs(certsoutfile, allcerts)) {
+ BIO_printf(bio_err,
+ "Error writing certs to %s\n", certsoutfile);
+ ret = 5;
+ goto end;
+ }
+ sk_X509_pop_free(allcerts, X509_free);
+ }
+ }
+
+ if (rctfile) {
+ char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
+ if (!(rctin = BIO_new_file(rctfile, rctmode))) {
+ BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile);
+ goto end;
+ }
+
+ if (rctformat == FORMAT_SMIME)
+ rcms = SMIME_read_CMS(rctin, NULL);
+ else if (rctformat == FORMAT_PEM)
+ rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
+ else if (rctformat == FORMAT_ASN1)
+ rcms = d2i_CMS_bio(rctin, NULL);
+ else {
+ BIO_printf(bio_err, "Bad input format for receipt\n");
+ goto end;
+ }
+
+ if (!rcms) {
+ BIO_printf(bio_err, "Error reading receipt\n");
+ goto end;
+ }
+ }
+
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, outmode))) {
+ BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ } else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ }
+
+ if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) {
+ if (!(store = setup_verify(bio_err, CAfile, CApath)))
+ goto end;
+ X509_STORE_set_verify_cb_func(store, cms_cb);
+ if (vpm)
+ X509_STORE_set1_param(store, vpm);
+ }
+
+ ret = 3;
+
+ if (operation == SMIME_DATA_CREATE) {
+ cms = CMS_data_create(in, flags);
+ } else if (operation == SMIME_DIGEST_CREATE) {
+ cms = CMS_digest_create(in, sign_md, flags);
+ } else if (operation == SMIME_COMPRESS) {
+ cms = CMS_compress(in, -1, flags);
+ } else if (operation == SMIME_ENCRYPT) {
+ flags |= CMS_PARTIAL;
+ cms = CMS_encrypt(encerts, in, cipher, flags);
+ if (!cms)
+ goto end;
+ if (secret_key) {
+ if (!CMS_add0_recipient_key(cms, NID_undef,
+ secret_key, secret_keylen,
+ secret_keyid, secret_keyidlen,
+ NULL, NULL, NULL))
+ goto end;
+ /* NULL these because call absorbs them */
+ secret_key = NULL;
+ secret_keyid = NULL;
+ }
+ if (!(flags & CMS_STREAM)) {
+ if (!CMS_final(cms, in, NULL, flags))
+ goto end;
+ }
+ } else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
+ cms = CMS_EncryptedData_encrypt(in, cipher,
+ secret_key, secret_keylen, flags);
+
+ } else if (operation == SMIME_SIGN_RECEIPT) {
+ CMS_ContentInfo *srcms = NULL;
+ STACK_OF(CMS_SignerInfo) *sis;
+ CMS_SignerInfo *si;
+ sis = CMS_get0_SignerInfos(cms);
+ if (!sis)
+ goto end;
+ si = sk_CMS_SignerInfo_value(sis, 0);
+ srcms = CMS_sign_receipt(si, signer, key, other, flags);
+ if (!srcms)
+ goto end;
+ CMS_ContentInfo_free(cms);
+ cms = srcms;
+ } else if (operation & SMIME_SIGNERS) {
+ int i;
+ /*
+ * If detached data content we enable streaming if S/MIME output
+ * format.
+ */
+ if (operation == SMIME_SIGN) {
+
+ if (flags & CMS_DETACHED) {
+ if (outformat == FORMAT_SMIME)
+ flags |= CMS_STREAM;
+ }
+ flags |= CMS_PARTIAL;
+ cms = CMS_sign(NULL, NULL, other, in, flags);
+ if (!cms)
+ goto end;
+ if (econtent_type)
+ CMS_set1_eContentType(cms, econtent_type);
+
+ if (rr_to) {
+ rr = make_receipt_request(rr_to, rr_allorfirst, rr_from);
+ if (!rr) {
+ BIO_puts(bio_err,
+ "Signed Receipt Request Creation Error\n");
+ goto end;
+ }
+ }
+ } else
+ flags |= CMS_REUSE_DIGEST;
+ for (i = 0; i < sk_num(sksigners); i++) {
+ CMS_SignerInfo *si;
+ signerfile = sk_value(sksigners, i);
+ keyfile = sk_value(skkeys, i);
+ signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
+ e, "signer certificate");
+ if (!signer)
+ goto end;
+ key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "signing key file");
+ if (!key)
+ goto end;
+ si = CMS_add1_signer(cms, signer, key, sign_md, flags);
+ if (!si)
+ goto end;
+ if (rr && !CMS_add1_ReceiptRequest(si, rr))
+ goto end;
+ X509_free(signer);
+ signer = NULL;
+ EVP_PKEY_free(key);
+ key = NULL;
+ }
+ /* If not streaming or resigning finalize structure */
+ if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) {
+ if (!CMS_final(cms, in, NULL, flags))
+ goto end;
+ }
+ }
+
+ if (!cms) {
+ BIO_printf(bio_err, "Error creating CMS structure\n");
+ goto end;
+ }
+
+ ret = 4;
+ if (operation == SMIME_DECRYPT) {
+ if (flags & CMS_DEBUG_DECRYPT)
+ CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
+
+ if (secret_key) {
+ if (!CMS_decrypt_set1_key(cms,
+ secret_key, secret_keylen,
+ secret_keyid, secret_keyidlen)) {
+ BIO_puts(bio_err, "Error decrypting CMS using secret key\n");
+ goto end;
+ }
+ }
+
+ if (key) {
+ if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
+ BIO_puts(bio_err, "Error decrypting CMS using private key\n");
+ goto end;
+ }
+ }
+
+ if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) {
+ BIO_printf(bio_err, "Error decrypting CMS structure\n");
+ goto end;
+ }
+ } else if (operation == SMIME_DATAOUT) {
+ if (!CMS_data(cms, out, flags))
+ goto end;
+ } else if (operation == SMIME_UNCOMPRESS) {
+ if (!CMS_uncompress(cms, indata, out, flags))
+ goto end;
+ } else if (operation == SMIME_DIGEST_VERIFY) {
+ if (CMS_digest_verify(cms, indata, out, flags) > 0)
+ BIO_printf(bio_err, "Verification successful\n");
+ else {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ } else if (operation == SMIME_ENCRYPTED_DECRYPT) {
+ if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
+ indata, out, flags))
+ goto end;
+ } else if (operation == SMIME_VERIFY) {
+ if (CMS_verify(cms, other, store, indata, out, flags) > 0)
+ BIO_printf(bio_err, "Verification successful\n");
+ else {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ if (signerfile) {
+ STACK_OF(X509) *signers;
+ signers = CMS_get0_signers(cms);
+ if (!save_certs(signerfile, signers)) {
+ BIO_printf(bio_err,
+ "Error writing signers to %s\n", signerfile);
+ ret = 5;
+ goto end;
+ }
+ sk_X509_free(signers);
+ }
+ if (rr_print)
+ receipt_request_print(bio_err, cms);
+
+ } else if (operation == SMIME_VERIFY_RECEIPT) {
+ if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0)
+ BIO_printf(bio_err, "Verification successful\n");
+ else {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ } else {
+ if (outformat == FORMAT_SMIME) {
+ if (to)
+ BIO_printf(out, "To: %s\n", to);
+ if (from)
+ BIO_printf(out, "From: %s\n", from);
+ if (subject)
+ BIO_printf(out, "Subject: %s\n", subject);
+ if (operation == SMIME_RESIGN)
+ ret = SMIME_write_CMS(out, cms, indata, flags);
+ else
+ ret = SMIME_write_CMS(out, cms, in, flags);
+ } else if (outformat == FORMAT_PEM)
+ ret = PEM_write_bio_CMS(out, cms);
+ else if (outformat == FORMAT_ASN1)
+ ret = i2d_CMS_bio(out, cms);
+ else {
+ BIO_printf(bio_err, "Bad output format for CMS file\n");
+ goto end;
+ }
+ if (ret <= 0) {
+ ret = 6;
+ goto end;
+ }
+ }
+ ret = 0;
+ end:
+ if (ret)
+ ERR_print_errors(bio_err);
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+ sk_X509_pop_free(encerts, X509_free);
+ sk_X509_pop_free(other, X509_free);
+ if (vpm)
+ X509_VERIFY_PARAM_free(vpm);
+ if (sksigners)
+ sk_free(sksigners);
+ if (skkeys)
+ sk_free(skkeys);
+ if (secret_key)
+ OPENSSL_free(secret_key);
+ if (secret_keyid)
+ OPENSSL_free(secret_keyid);
+ if (econtent_type)
+ ASN1_OBJECT_free(econtent_type);
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+ if (rr_to)
+ sk_free(rr_to);
+ if (rr_from)
+ sk_free(rr_from);
+ X509_STORE_free(store);
+ X509_free(cert);
+ X509_free(recip);
+ X509_free(signer);
+ EVP_PKEY_free(key);
+ CMS_ContentInfo_free(cms);
+ CMS_ContentInfo_free(rcms);
+ BIO_free(rctin);
+ BIO_free(in);
+ BIO_free(indata);
+ BIO_free_all(out);
+ if (passin)
+ OPENSSL_free(passin);
+ return (ret);
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+{
+ int i;
+ BIO *tmp;
+ if (!signerfile)
+ return 1;
+ tmp = BIO_new_file(signerfile, "w");
+ if (!tmp)
+ return 0;
+ for (i = 0; i < sk_X509_num(signers); i++)
+ PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+ BIO_free(tmp);
+ return 1;
+}
+
+/* Minimal callback just to output policy info (if any) */
+
+static int cms_cb(int ok, X509_STORE_CTX *ctx)
+{
+ int error;
+
+ error = X509_STORE_CTX_get_error(ctx);
+
+ if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+ && ((error != X509_V_OK) || (ok != 2)))
+ return ok;
+
+ policies_print(NULL, ctx);
+
+ return ok;
+
+}
+
+static void gnames_stack_print(BIO *out, STACK_OF(GENERAL_NAMES) *gns)
+{
+ STACK_OF(GENERAL_NAME) *gens;
+ GENERAL_NAME *gen;
+ int i, j;
+ for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) {
+ gens = sk_GENERAL_NAMES_value(gns, i);
+ for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) {
+ gen = sk_GENERAL_NAME_value(gens, j);
+ BIO_puts(out, " ");
+ GENERAL_NAME_print(out, gen);
+ BIO_puts(out, "\n");
+ }
+ }
+ return;
+}
+
+static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)
+{
+ STACK_OF(CMS_SignerInfo) *sis;
+ CMS_SignerInfo *si;
+ CMS_ReceiptRequest *rr;
+ int allorfirst;
+ STACK_OF(GENERAL_NAMES) *rto, *rlist;
+ ASN1_STRING *scid;
+ int i, rv;
+ sis = CMS_get0_SignerInfos(cms);
+ for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) {
+ si = sk_CMS_SignerInfo_value(sis, i);
+ rv = CMS_get1_ReceiptRequest(si, &rr);
+ BIO_printf(bio_err, "Signer %d:\n", i + 1);
+ if (rv == 0)
+ BIO_puts(bio_err, " No Receipt Request\n");
+ else if (rv < 0) {
+ BIO_puts(bio_err, " Receipt Request Parse Error\n");
+ ERR_print_errors(bio_err);
+ } else {
+ char *id;
+ int idlen;
+ CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
+ &rlist, &rto);
+ BIO_puts(out, " Signed Content ID:\n");
+ idlen = ASN1_STRING_length(scid);
+ id = (char *)ASN1_STRING_data(scid);
+ BIO_dump_indent(out, id, idlen, 4);
+ BIO_puts(out, " Receipts From");
+ if (rlist) {
+ BIO_puts(out, " List:\n");
+ gnames_stack_print(out, rlist);
+ } else if (allorfirst == 1)
+ BIO_puts(out, ": First Tier\n");
+ else if (allorfirst == 0)
+ BIO_puts(out, ": All\n");
+ else
+ BIO_printf(out, " Unknown (%d)\n", allorfirst);
+ BIO_puts(out, " Receipts To:\n");
+ gnames_stack_print(out, rto);
+ }
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+ }
+}
+
+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK * ns)
+{
+ int i;
+ STACK_OF(GENERAL_NAMES) *ret;
+ GENERAL_NAMES *gens = NULL;
+ GENERAL_NAME *gen = NULL;
+ ret = sk_GENERAL_NAMES_new_null();
+ if (!ret)
+ goto err;
+ for (i = 0; i < sk_num(ns); i++) {
+ CONF_VALUE cnf;
+ cnf.name = "email";
+ cnf.value = sk_value(ns, i);
+ gen = v2i_GENERAL_NAME(NULL, NULL, &cnf);
+ if (!gen)
+ goto err;
+ gens = GENERAL_NAMES_new();
+ if (!gens)
+ goto err;
+ if (!sk_GENERAL_NAME_push(gens, gen))
+ goto err;
+ gen = NULL;
+ if (!sk_GENERAL_NAMES_push(ret, gens))
+ goto err;
+ gens = NULL;
+ }
+
+ return ret;
+
+ err:
+ if (ret)
+ sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
+ if (gens)
+ GENERAL_NAMES_free(gens);
+ if (gen)
+ GENERAL_NAME_free(gen);
+ return NULL;
+}
+
+static CMS_ReceiptRequest *make_receipt_request(STACK * rr_to,
+ int rr_allorfirst,
+ STACK * rr_from)
+{
+ STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;
+ CMS_ReceiptRequest *rr;
+ rct_to = make_names_stack(rr_to);
+ if (!rct_to)
+ goto err;
+ if (rr_from) {
+ rct_from = make_names_stack(rr_from);
+ if (!rct_from)
+ goto err;
+ } else
+ rct_from = NULL;
+ rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
+ rct_to);
+ return rr;
+ err:
+ return NULL;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/crl.c
===================================================================
--- vendor-crypto/openssl/dist/apps/crl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/crl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,446 +0,0 @@
-/* apps/crl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG crl_main
-
-#undef POSTFIX
-#define POSTFIX ".rvk"
-
-static const char *crl_usage[]={
-"usage: crl args\n",
-"\n",
-" -inform arg - input format - default PEM (DER or PEM)\n",
-" -outform arg - output format - default PEM\n",
-" -text - print out a text format version\n",
-" -in arg - input file - default stdin\n",
-" -out arg - output file - default stdout\n",
-" -hash - print hash value\n",
-" -fingerprint - print the crl fingerprint\n",
-" -issuer - print issuer DN\n",
-" -lastupdate - lastUpdate field\n",
-" -nextupdate - nextUpdate field\n",
-" -crlnumber - print CRL number\n",
-" -noout - no CRL output\n",
-" -CAfile name - verify CRL using certificates in file \"name\"\n",
-" -CApath dir - verify CRL using certificates in \"dir\"\n",
-" -nameopt arg - various certificate name options\n",
-NULL
-};
-
-static X509_CRL *load_crl(char *file, int format);
-static BIO *bio_out=NULL;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- unsigned long nmflag = 0;
- X509_CRL *x=NULL;
- char *CAfile = NULL, *CApath = NULL;
- int ret=1,i,num,badops=0;
- BIO *out=NULL;
- int informat,outformat;
- char *infile=NULL,*outfile=NULL;
- int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
- int fingerprint = 0, crlnumber = 0;
- const char **pp;
- X509_STORE *store = NULL;
- X509_STORE_CTX ctx;
- X509_LOOKUP *lookup = NULL;
- X509_OBJECT xobj;
- EVP_PKEY *pkey;
- int do_ver = 0;
- const EVP_MD *md_alg,*digest=EVP_sha1();
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- if (bio_out == NULL)
- if ((bio_out=BIO_new(BIO_s_file())) != NULL)
- {
- BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- bio_out = BIO_push(tmpbio, bio_out);
- }
-#endif
- }
-
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- argc--;
- argv++;
- num=0;
- while (argc >= 1)
- {
-#ifdef undef
- if (strcmp(*argv,"-p") == 0)
- {
- if (--argc < 1) goto bad;
- if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
- }
-#endif
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath = *(++argv);
- do_ver = 1;
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile = *(++argv);
- do_ver = 1;
- }
- else if (strcmp(*argv,"-verify") == 0)
- do_ver = 1;
- else if (strcmp(*argv,"-text") == 0)
- text = 1;
- else if (strcmp(*argv,"-hash") == 0)
- hash= ++num;
- else if (strcmp(*argv,"-nameopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_name_ex(&nmflag, *(++argv))) goto bad;
- }
- else if (strcmp(*argv,"-issuer") == 0)
- issuer= ++num;
- else if (strcmp(*argv,"-lastupdate") == 0)
- lastupdate= ++num;
- else if (strcmp(*argv,"-nextupdate") == 0)
- nextupdate= ++num;
- else if (strcmp(*argv,"-noout") == 0)
- noout= ++num;
- else if (strcmp(*argv,"-fingerprint") == 0)
- fingerprint= ++num;
- else if (strcmp(*argv,"-crlnumber") == 0)
- crlnumber= ++num;
- else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
- {
- /* ok */
- digest=md_alg;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- for (pp=crl_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
- goto end;
- }
-
- ERR_load_crypto_strings();
- x=load_crl(infile,informat);
- if (x == NULL) { goto end; }
-
- if(do_ver) {
- store = X509_STORE_new();
- lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
- if (lookup == NULL) goto end;
- if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
- X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
- if (lookup == NULL) goto end;
- if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
- X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
- ERR_clear_error();
-
- if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
- BIO_printf(bio_err,
- "Error initialising X509 store\n");
- goto end;
- }
-
- i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
- X509_CRL_get_issuer(x), &xobj);
- if(i <= 0) {
- BIO_printf(bio_err,
- "Error getting CRL issuer certificate\n");
- goto end;
- }
- pkey = X509_get_pubkey(xobj.data.x509);
- X509_OBJECT_free_contents(&xobj);
- if(!pkey) {
- BIO_printf(bio_err,
- "Error getting CRL issuer public key\n");
- goto end;
- }
- i = X509_CRL_verify(x, pkey);
- EVP_PKEY_free(pkey);
- if(i < 0) goto end;
- if(i == 0) BIO_printf(bio_err, "verify failure\n");
- else BIO_printf(bio_err, "verify OK\n");
- }
-
- if (num)
- {
- for (i=1; i<=num; i++)
- {
- if (issuer == i)
- {
- print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
- }
- if (crlnumber == i)
- {
- ASN1_INTEGER *crlnum;
- crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number,
- NULL, NULL);
- BIO_printf(bio_out,"crlNumber=");
- if (crlnum)
- {
- i2a_ASN1_INTEGER(bio_out, crlnum);
- ASN1_INTEGER_free(crlnum);
- }
- else
- BIO_puts(bio_out, "<NONE>");
- BIO_printf(bio_out,"\n");
- }
- if (hash == i)
- {
- BIO_printf(bio_out,"%08lx\n",
- X509_NAME_hash(X509_CRL_get_issuer(x)));
- }
- if (lastupdate == i)
- {
- BIO_printf(bio_out,"lastUpdate=");
- ASN1_TIME_print(bio_out,
- X509_CRL_get_lastUpdate(x));
- BIO_printf(bio_out,"\n");
- }
- if (nextupdate == i)
- {
- BIO_printf(bio_out,"nextUpdate=");
- if (X509_CRL_get_nextUpdate(x))
- ASN1_TIME_print(bio_out,
- X509_CRL_get_nextUpdate(x));
- else
- BIO_printf(bio_out,"NONE");
- BIO_printf(bio_out,"\n");
- }
- if (fingerprint == i)
- {
- int j;
- unsigned int n;
- unsigned char md[EVP_MAX_MD_SIZE];
-
- if (!X509_CRL_digest(x,digest,md,&n))
- {
- BIO_printf(bio_err,"out of memory\n");
- goto end;
- }
- BIO_printf(bio_out,"%s Fingerprint=",
- OBJ_nid2sn(EVP_MD_type(digest)));
- for (j=0; j<(int)n; j++)
- {
- BIO_printf(bio_out,"%02X%c",md[j],
- (j+1 == (int)n)
- ?'\n':':');
- }
- }
- }
- }
-
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (text) X509_CRL_print(out, x);
-
- if (noout)
- {
- ret = 0;
- goto end;
- }
-
- if (outformat == FORMAT_ASN1)
- i=(int)i2d_X509_CRL_bio(out,x);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_X509_CRL(out,x);
- else
- {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
- ret=0;
-end:
- BIO_free_all(out);
- BIO_free_all(bio_out);
- bio_out=NULL;
- X509_CRL_free(x);
- if(store) {
- X509_STORE_CTX_cleanup(&ctx);
- X509_STORE_free(store);
- }
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static X509_CRL *load_crl(char *infile, int format)
- {
- X509_CRL *x=NULL;
- BIO *in=NULL;
-
- in=BIO_new(BIO_s_file());
- if (in == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
- if (format == FORMAT_ASN1)
- x=d2i_X509_CRL_bio(in,NULL);
- else if (format == FORMAT_PEM)
- x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
- else {
- BIO_printf(bio_err,"bad input format specified for input crl\n");
- goto end;
- }
- if (x == NULL)
- {
- BIO_printf(bio_err,"unable to load CRL\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
-end:
- BIO_free(in);
- return(x);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/apps/crl.c (from rev 6976, vendor-crypto/openssl/dist/apps/crl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/crl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/crl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,418 @@
+/* apps/crl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG crl_main
+
+#undef POSTFIX
+#define POSTFIX ".rvk"
+
+static const char *crl_usage[] = {
+ "usage: crl args\n",
+ "\n",
+ " -inform arg - input format - default PEM (DER or PEM)\n",
+ " -outform arg - output format - default PEM\n",
+ " -text - print out a text format version\n",
+ " -in arg - input file - default stdin\n",
+ " -out arg - output file - default stdout\n",
+ " -hash - print hash value\n",
+ " -fingerprint - print the crl fingerprint\n",
+ " -issuer - print issuer DN\n",
+ " -lastupdate - lastUpdate field\n",
+ " -nextupdate - nextUpdate field\n",
+ " -crlnumber - print CRL number\n",
+ " -noout - no CRL output\n",
+ " -CAfile name - verify CRL using certificates in file \"name\"\n",
+ " -CApath dir - verify CRL using certificates in \"dir\"\n",
+ " -nameopt arg - various certificate name options\n",
+ NULL
+};
+
+static X509_CRL *load_crl(char *file, int format);
+static BIO *bio_out = NULL;
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ unsigned long nmflag = 0;
+ X509_CRL *x = NULL;
+ char *CAfile = NULL, *CApath = NULL;
+ int ret = 1, i, num, badops = 0;
+ BIO *out = NULL;
+ int informat, outformat;
+ char *infile = NULL, *outfile = NULL;
+ int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
+ 0, text = 0;
+ int fingerprint = 0, crlnumber = 0;
+ const char **pp;
+ X509_STORE *store = NULL;
+ X509_STORE_CTX ctx;
+ X509_LOOKUP *lookup = NULL;
+ X509_OBJECT xobj;
+ EVP_PKEY *pkey;
+ int do_ver = 0;
+ const EVP_MD *md_alg, *digest = EVP_sha1();
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ if (bio_out == NULL)
+ if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
+ BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ bio_out = BIO_push(tmpbio, bio_out);
+ }
+#endif
+ }
+
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ argc--;
+ argv++;
+ num = 0;
+ while (argc >= 1) {
+#ifdef undef
+ if (strcmp(*argv, "-p") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!args_from_file(++argv, Nargc, Nargv)) {
+ goto end;
+ }
+ */}
+#endif
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-CApath") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CApath = *(++argv);
+ do_ver = 1;
+ } else if (strcmp(*argv, "-CAfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAfile = *(++argv);
+ do_ver = 1;
+ } else if (strcmp(*argv, "-verify") == 0)
+ do_ver = 1;
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-hash") == 0)
+ hash = ++num;
+ else if (strcmp(*argv, "-nameopt") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!set_name_ex(&nmflag, *(++argv)))
+ goto bad;
+ } else if (strcmp(*argv, "-issuer") == 0)
+ issuer = ++num;
+ else if (strcmp(*argv, "-lastupdate") == 0)
+ lastupdate = ++num;
+ else if (strcmp(*argv, "-nextupdate") == 0)
+ nextupdate = ++num;
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = ++num;
+ else if (strcmp(*argv, "-fingerprint") == 0)
+ fingerprint = ++num;
+ else if (strcmp(*argv, "-crlnumber") == 0)
+ crlnumber = ++num;
+ else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
+ /* ok */
+ digest = md_alg;
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ for (pp = crl_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err, "%s", *pp);
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+ x = load_crl(infile, informat);
+ if (x == NULL) {
+ goto end;
+ }
+
+ if (do_ver) {
+ store = X509_STORE_new();
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+ if (lookup == NULL)
+ goto end;
+ if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM))
+ X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+ lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
+ goto end;
+ if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM))
+ X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+ ERR_clear_error();
+
+ if (!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
+ BIO_printf(bio_err, "Error initialising X509 store\n");
+ goto end;
+ }
+
+ i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
+ X509_CRL_get_issuer(x), &xobj);
+ if (i <= 0) {
+ BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
+ goto end;
+ }
+ pkey = X509_get_pubkey(xobj.data.x509);
+ X509_OBJECT_free_contents(&xobj);
+ if (!pkey) {
+ BIO_printf(bio_err, "Error getting CRL issuer public key\n");
+ goto end;
+ }
+ i = X509_CRL_verify(x, pkey);
+ EVP_PKEY_free(pkey);
+ if (i < 0)
+ goto end;
+ if (i == 0)
+ BIO_printf(bio_err, "verify failure\n");
+ else
+ BIO_printf(bio_err, "verify OK\n");
+ }
+
+ if (num) {
+ for (i = 1; i <= num; i++) {
+ if (issuer == i) {
+ print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
+ nmflag);
+ }
+ if (crlnumber == i) {
+ ASN1_INTEGER *crlnum;
+ crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
+ BIO_printf(bio_out, "crlNumber=");
+ if (crlnum) {
+ i2a_ASN1_INTEGER(bio_out, crlnum);
+ ASN1_INTEGER_free(crlnum);
+ } else
+ BIO_puts(bio_out, "<NONE>");
+ BIO_printf(bio_out, "\n");
+ }
+ if (hash == i) {
+ BIO_printf(bio_out, "%08lx\n",
+ X509_NAME_hash(X509_CRL_get_issuer(x)));
+ }
+ if (lastupdate == i) {
+ BIO_printf(bio_out, "lastUpdate=");
+ ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x));
+ BIO_printf(bio_out, "\n");
+ }
+ if (nextupdate == i) {
+ BIO_printf(bio_out, "nextUpdate=");
+ if (X509_CRL_get_nextUpdate(x))
+ ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x));
+ else
+ BIO_printf(bio_out, "NONE");
+ BIO_printf(bio_out, "\n");
+ }
+ if (fingerprint == i) {
+ int j;
+ unsigned int n;
+ unsigned char md[EVP_MAX_MD_SIZE];
+
+ if (!X509_CRL_digest(x, digest, md, &n)) {
+ BIO_printf(bio_err, "out of memory\n");
+ goto end;
+ }
+ BIO_printf(bio_out, "%s Fingerprint=",
+ OBJ_nid2sn(EVP_MD_type(digest)));
+ for (j = 0; j < (int)n; j++) {
+ BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
+ ? '\n' : ':');
+ }
+ }
+ }
+ }
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (text)
+ X509_CRL_print(out, x);
+
+ if (noout) {
+ ret = 0;
+ goto end;
+ }
+
+ if (outformat == FORMAT_ASN1)
+ i = (int)i2d_X509_CRL_bio(out, x);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_X509_CRL(out, x);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write CRL\n");
+ goto end;
+ }
+ ret = 0;
+ end:
+ BIO_free_all(out);
+ BIO_free_all(bio_out);
+ bio_out = NULL;
+ X509_CRL_free(x);
+ if (store) {
+ X509_STORE_CTX_cleanup(&ctx);
+ X509_STORE_free(store);
+ }
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static X509_CRL *load_crl(char *infile, int format)
+{
+ X509_CRL *x = NULL;
+ BIO *in = NULL;
+
+ in = BIO_new(BIO_s_file());
+ if (in == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (format == FORMAT_ASN1)
+ x = d2i_X509_CRL_bio(in, NULL);
+ else if (format == FORMAT_PEM)
+ x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
+ else {
+ BIO_printf(bio_err, "bad input format specified for input crl\n");
+ goto end;
+ }
+ if (x == NULL) {
+ BIO_printf(bio_err, "unable to load CRL\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ end:
+ BIO_free(in);
+ return (x);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/crl2p7.c
===================================================================
--- vendor-crypto/openssl/dist/apps/crl2p7.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/crl2p7.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,351 +0,0 @@
-/* apps/crl2p7.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* This was written by Gordon Chaffee <chaffee at plateau.cs.berkeley.edu>
- * and donated 'to the cause' along with lots and lots of other fixes to
- * the library. */
-
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-#include <openssl/objects.h>
-
-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
-#undef PROG
-#define PROG crl2pkcs7_main
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int i,badops=0;
- BIO *in=NULL,*out=NULL;
- int informat,outformat;
- char *infile,*outfile,*prog,*certfile;
- PKCS7 *p7 = NULL;
- PKCS7_SIGNED *p7s = NULL;
- X509_CRL *crl=NULL;
- STACK *certflst=NULL;
- STACK_OF(X509_CRL) *crl_stack=NULL;
- STACK_OF(X509) *cert_stack=NULL;
- int ret=1,nocrl=0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-nocrl") == 0)
- {
- nocrl=1;
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-certfile") == 0)
- {
- if (--argc < 1) goto bad;
- if(!certflst) certflst = sk_new_null();
- if (!certflst)
- goto end;
- if (!sk_push(certflst,*(++argv)))
- {
- sk_free(certflst);
- goto end;
- }
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
- BIO_printf(bio_err," (can be used more than once)\n");
- BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
- ret = 1;
- goto end;
- }
-
- ERR_load_crypto_strings();
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (!nocrl)
- {
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
- if (informat == FORMAT_ASN1)
- crl=d2i_X509_CRL_bio(in,NULL);
- else if (informat == FORMAT_PEM)
- crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
- else {
- BIO_printf(bio_err,"bad input format specified for input crl\n");
- goto end;
- }
- if (crl == NULL)
- {
- BIO_printf(bio_err,"unable to load CRL\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if ((p7=PKCS7_new()) == NULL) goto end;
- if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
- p7->type=OBJ_nid2obj(NID_pkcs7_signed);
- p7->d.sign=p7s;
- p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
-
- if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
- if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
- p7s->crl=crl_stack;
- if (crl != NULL)
- {
- sk_X509_CRL_push(crl_stack,crl);
- crl=NULL; /* now part of p7 for OPENSSL_freeing */
- }
-
- if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
- p7s->cert=cert_stack;
-
- if(certflst) for(i = 0; i < sk_num(certflst); i++) {
- certfile = sk_value(certflst, i);
- if (add_certs_from_file(cert_stack,certfile) < 0)
- {
- BIO_printf(bio_err, "error loading certificates\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- sk_free(certflst);
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (outformat == FORMAT_ASN1)
- i=i2d_PKCS7_bio(out,p7);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_PKCS7(out,p7);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write pkcs7 object\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- ret=0;
-end:
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (p7 != NULL) PKCS7_free(p7);
- if (crl != NULL) X509_CRL_free(crl);
-
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-/*
- *----------------------------------------------------------------------
- * int add_certs_from_file
- *
- * Read a list of certificates to be checked from a file.
- *
- * Results:
- * number of certs added if successful, -1 if not.
- *----------------------------------------------------------------------
- */
-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
- {
- struct stat st;
- BIO *in=NULL;
- int count=0;
- int ret= -1;
- STACK_OF(X509_INFO) *sk=NULL;
- X509_INFO *xi;
-
- if ((stat(certfile,&st) != 0))
- {
- BIO_printf(bio_err,"unable to load the file, %s\n",certfile);
- goto end;
- }
-
- in=BIO_new(BIO_s_file());
- if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
- {
- BIO_printf(bio_err,"error opening the file, %s\n",certfile);
- goto end;
- }
-
- /* This loads from a file, a stack of x509/crl/pkey sets */
- sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL);
- if (sk == NULL) {
- BIO_printf(bio_err,"error reading the file, %s\n",certfile);
- goto end;
- }
-
- /* scan over it and pull out the CRL's */
- while (sk_X509_INFO_num(sk))
- {
- xi=sk_X509_INFO_shift(sk);
- if (xi->x509 != NULL)
- {
- sk_X509_push(stack,xi->x509);
- xi->x509=NULL;
- count++;
- }
- X509_INFO_free(xi);
- }
-
- ret=count;
-end:
- /* never need to OPENSSL_free x */
- if (in != NULL) BIO_free(in);
- if (sk != NULL) sk_X509_INFO_free(sk);
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/apps/crl2p7.c (from rev 6976, vendor-crypto/openssl/dist/apps/crl2p7.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/crl2p7.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/crl2p7.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,341 @@
+/* apps/crl2p7.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * This was written by Gordon Chaffee <chaffee at plateau.cs.berkeley.edu> and
+ * donated 'to the cause' along with lots and lots of other fixes to the
+ * library.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/objects.h>
+
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
+#undef PROG
+#define PROG crl2pkcs7_main
+
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int i, badops = 0;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat;
+ char *infile, *outfile, *prog, *certfile;
+ PKCS7 *p7 = NULL;
+ PKCS7_SIGNED *p7s = NULL;
+ X509_CRL *crl = NULL;
+ STACK *certflst = NULL;
+ STACK_OF(X509_CRL) *crl_stack = NULL;
+ STACK_OF(X509) *cert_stack = NULL;
+ int ret = 1, nocrl = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-nocrl") == 0) {
+ nocrl = 1;
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-certfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!certflst)
+ certflst = sk_new_null();
+ if (!certflst)
+ goto end;
+ if (!sk_push(certflst, *(++argv))) {
+ sk_free(certflst);
+ goto end;
+ }
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err,
+ " -certfile arg certificates file of chain to a trusted CA\n");
+ BIO_printf(bio_err, " (can be used more than once)\n");
+ BIO_printf(bio_err,
+ " -nocrl no crl to load, just certs from '-certfile'\n");
+ ret = 1;
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (!nocrl) {
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ crl = d2i_X509_CRL_bio(in, NULL);
+ else if (informat == FORMAT_PEM)
+ crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
+ else {
+ BIO_printf(bio_err, "bad input format specified for input crl\n");
+ goto end;
+ }
+ if (crl == NULL) {
+ BIO_printf(bio_err, "unable to load CRL\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if ((p7 = PKCS7_new()) == NULL)
+ goto end;
+ if ((p7s = PKCS7_SIGNED_new()) == NULL)
+ goto end;
+ p7->type = OBJ_nid2obj(NID_pkcs7_signed);
+ p7->d.sign = p7s;
+ p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
+
+ if (!ASN1_INTEGER_set(p7s->version, 1))
+ goto end;
+ if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
+ goto end;
+ p7s->crl = crl_stack;
+ if (crl != NULL) {
+ sk_X509_CRL_push(crl_stack, crl);
+ crl = NULL; /* now part of p7 for OPENSSL_freeing */
+ }
+
+ if ((cert_stack = sk_X509_new_null()) == NULL)
+ goto end;
+ p7s->cert = cert_stack;
+
+ if (certflst)
+ for (i = 0; i < sk_num(certflst); i++) {
+ certfile = sk_value(certflst, i);
+ if (add_certs_from_file(cert_stack, certfile) < 0) {
+ BIO_printf(bio_err, "error loading certificates\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ sk_free(certflst);
+
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (outformat == FORMAT_ASN1)
+ i = i2d_PKCS7_bio(out, p7);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_PKCS7(out, p7);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write pkcs7 object\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret = 0;
+ end:
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (p7 != NULL)
+ PKCS7_free(p7);
+ if (crl != NULL)
+ X509_CRL_free(crl);
+
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+/*-
+ *----------------------------------------------------------------------
+ * int add_certs_from_file
+ *
+ * Read a list of certificates to be checked from a file.
+ *
+ * Results:
+ * number of certs added if successful, -1 if not.
+ *----------------------------------------------------------------------
+ */
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
+{
+ struct stat st;
+ BIO *in = NULL;
+ int count = 0;
+ int ret = -1;
+ STACK_OF(X509_INFO) *sk = NULL;
+ X509_INFO *xi;
+
+ if ((stat(certfile, &st) != 0)) {
+ BIO_printf(bio_err, "unable to load the file, %s\n", certfile);
+ goto end;
+ }
+
+ in = BIO_new(BIO_s_file());
+ if ((in == NULL) || (BIO_read_filename(in, certfile) <= 0)) {
+ BIO_printf(bio_err, "error opening the file, %s\n", certfile);
+ goto end;
+ }
+
+ /* This loads from a file, a stack of x509/crl/pkey sets */
+ sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+ if (sk == NULL) {
+ BIO_printf(bio_err, "error reading the file, %s\n", certfile);
+ goto end;
+ }
+
+ /* scan over it and pull out the CRL's */
+ while (sk_X509_INFO_num(sk)) {
+ xi = sk_X509_INFO_shift(sk);
+ if (xi->x509 != NULL) {
+ sk_X509_push(stack, xi->x509);
+ xi->x509 = NULL;
+ count++;
+ }
+ X509_INFO_free(xi);
+ }
+
+ ret = count;
+ end:
+ /* never need to OPENSSL_free x */
+ if (in != NULL)
+ BIO_free(in);
+ if (sk != NULL)
+ sk_X509_INFO_free(sk);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/dgst.c
===================================================================
--- vendor-crypto/openssl/dist/apps/dgst.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,552 +0,0 @@
-/* apps/dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/hmac.h>
-
-#undef BUFSIZE
-#define BUFSIZE 1024*8
-
-#undef PROG
-#define PROG dgst_main
-
-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
- EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
- const char *file,BIO *bmd,const char *hmac_key, int non_fips_allow);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- unsigned char *buf=NULL;
- int i,err=1;
- const EVP_MD *md=NULL,*m;
- BIO *in=NULL,*inp;
- BIO *bmd=NULL;
- BIO *out = NULL;
- const char *name;
-#define PROG_NAME_SIZE 39
- char pname[PROG_NAME_SIZE+1];
- int separator=0;
- int debug=0;
- int keyform=FORMAT_PEM;
- const char *outfile = NULL, *keyfile = NULL;
- const char *sigfile = NULL, *randfile = NULL;
- int out_bin = -1, want_pub = 0, do_verify = 0;
- EVP_PKEY *sigkey = NULL;
- unsigned char *sigbuf = NULL;
- int siglen = 0;
- unsigned int sig_flags = 0;
- char *passargin = NULL, *passin = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- char *hmac_key=NULL;
- int non_fips_allow = 0;
-
- apps_startup();
-ERR_load_crypto_strings();
- if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
- goto end;
- }
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- /* first check the program name */
- program_name(argv[0],pname,sizeof pname);
-
- md=EVP_get_digestbyname(pname);
-
- argc--;
- argv++;
- while (argc > 0)
- {
- if ((*argv)[0] != '-') break;
- if (strcmp(*argv,"-c") == 0)
- separator=1;
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) break;
- randfile=*(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) break;
- outfile=*(++argv);
- }
- else if (strcmp(*argv,"-sign") == 0)
- {
- if (--argc < 1) break;
- keyfile=*(++argv);
- }
- else if (!strcmp(*argv,"-passin"))
- {
- if (--argc < 1)
- break;
- passargin=*++argv;
- }
- else if (strcmp(*argv,"-verify") == 0)
- {
- if (--argc < 1) break;
- keyfile=*(++argv);
- want_pub = 1;
- do_verify = 1;
- }
- else if (strcmp(*argv,"-prverify") == 0)
- {
- if (--argc < 1) break;
- keyfile=*(++argv);
- do_verify = 1;
- }
- else if (strcmp(*argv,"-x931") == 0)
- sig_flags = EVP_MD_CTX_FLAG_PAD_X931;
- else if (strcmp(*argv,"-pss_saltlen") == 0)
- {
- int saltlen;
- if (--argc < 1) break;
- saltlen=atoi(*(++argv));
- if (saltlen == -1)
- sig_flags = EVP_MD_CTX_FLAG_PSS_MREC;
- else if (saltlen == -2)
- sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN;
- else if (saltlen < -2 || saltlen >= 0xFFFE)
- {
- BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen);
- goto end;
- }
- else
- sig_flags = saltlen;
- sig_flags <<= 16;
- sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS;
- }
- else if (strcmp(*argv,"-signature") == 0)
- {
- if (--argc < 1) break;
- sigfile=*(++argv);
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) break;
- keyform=str2fmt(*(++argv));
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) break;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-hex") == 0)
- out_bin = 0;
- else if (strcmp(*argv,"-binary") == 0)
- out_bin = 1;
- else if (strcmp(*argv,"-d") == 0)
- debug=1;
- else if (strcmp(*argv,"-non-fips-allow") == 0)
- non_fips_allow=1;
- else if (!strcmp(*argv,"-fips-fingerprint"))
- hmac_key = "etaonrishdlcupfm";
- else if (!strcmp(*argv,"-hmac"))
- {
- if (--argc < 1)
- break;
- hmac_key=*++argv;
- }
- else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
- md=m;
- else
- break;
- argc--;
- argv++;
- }
-
- if (md == NULL)
- md=EVP_md5();
-
- if(do_verify && !sigfile) {
- BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
- err = 1;
- goto end;
- }
-
- if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
- {
- BIO_printf(bio_err,"unknown option '%s'\n",*argv);
- BIO_printf(bio_err,"options are\n");
- BIO_printf(bio_err,"-c to output the digest with separating colons\n");
- BIO_printf(bio_err,"-d to output debug info\n");
- BIO_printf(bio_err,"-hex output as hex dump\n");
- BIO_printf(bio_err,"-binary output in binary form\n");
- BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
- BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
- BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
- BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
- BIO_printf(bio_err,"-signature file signature to verify\n");
- BIO_printf(bio_err,"-binary output in binary form\n");
- BIO_printf(bio_err,"-hmac key create hashed MAC with key\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
-#endif
-
- BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm (default)\n",
- LN_md5,LN_md5);
- BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
- LN_md4,LN_md4);
- BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
- LN_md2,LN_md2);
-#ifndef OPENSSL_NO_SHA
- BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
- LN_sha1,LN_sha1);
- BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
- LN_sha,LN_sha);
-#ifndef OPENSSL_NO_SHA256
- BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
- LN_sha224,LN_sha224);
- BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
- LN_sha256,LN_sha256);
-#endif
-#ifndef OPENSSL_NO_SHA512
- BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
- LN_sha384,LN_sha384);
- BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
- LN_sha512,LN_sha512);
-#endif
-#endif
- BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
- LN_mdc2,LN_mdc2);
- BIO_printf(bio_err,"-%-14s to use the %s message digest algorithm\n",
- LN_ripemd160,LN_ripemd160);
- err=1;
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- in=BIO_new(BIO_s_file());
- bmd=BIO_new(BIO_f_md());
- if (debug)
- {
- BIO_set_callback(in,BIO_debug_callback);
- /* needed for windows 3.1 */
- BIO_set_callback_arg(in,(char *)bio_err);
- }
-
- if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
- {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
- if ((in == NULL) || (bmd == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if(out_bin == -1) {
- if(keyfile) out_bin = 1;
- else out_bin = 0;
- }
-
- if(randfile)
- app_RAND_load_file(randfile, bio_err, 0);
-
- if(outfile) {
- if(out_bin)
- out = BIO_new_file(outfile, "wb");
- else out = BIO_new_file(outfile, "w");
- } else {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
-
- if(!out) {
- BIO_printf(bio_err, "Error opening output file %s\n",
- outfile ? outfile : "(stdout)");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if(keyfile)
- {
- if (want_pub)
- sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
- e, "key file");
- else
- sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
- e, "key file");
- if (!sigkey)
- {
- /* load_[pub]key() has already printed an appropriate
- message */
- goto end;
- }
- }
-
- if(sigfile && sigkey) {
- BIO *sigbio;
- sigbio = BIO_new_file(sigfile, "rb");
- siglen = EVP_PKEY_size(sigkey);
- sigbuf = OPENSSL_malloc(siglen);
- if(!sigbio) {
- BIO_printf(bio_err, "Error opening signature file %s\n",
- sigfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- siglen = BIO_read(sigbio, sigbuf, siglen);
- BIO_free(sigbio);
- if(siglen <= 0) {
- BIO_printf(bio_err, "Error reading signature file %s\n",
- sigfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (non_fips_allow)
- {
- EVP_MD_CTX *md_ctx;
- BIO_get_md_ctx(bmd,&md_ctx);
- EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- }
-
- if (sig_flags)
- {
- EVP_MD_CTX *md_ctx;
- BIO_get_md_ctx(bmd,&md_ctx);
- EVP_MD_CTX_set_flags(md_ctx, sig_flags);
- }
-
- /* we use md as a filter, reading from 'in' */
- if (!BIO_set_md(bmd,md))
- {
- BIO_printf(bio_err, "Error setting digest %s\n", pname);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- inp=BIO_push(bmd,in);
-
- if (argc == 0)
- {
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
- siglen,"","(stdin)",bmd,hmac_key,non_fips_allow);
- }
- else
- {
- name=OBJ_nid2sn(md->type);
- err = 0;
- for (i=0; i<argc; i++)
- {
- char *tmp,*tofree=NULL;
- int r;
-
- if (BIO_read_filename(in,argv[i]) <= 0)
- {
- perror(argv[i]);
- err++;
- continue;
- }
- if(!out_bin)
- {
- size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;
- tmp=tofree=OPENSSL_malloc(len);
- BIO_snprintf(tmp,len,"%s%s(%s)= ",
- hmac_key ? "HMAC-" : "",name,argv[i]);
- }
- else
- tmp="";
- r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
- siglen,tmp,argv[i],bmd,hmac_key,non_fips_allow);
- if(r)
- err=r;
- if(tofree)
- OPENSSL_free(tofree);
- (void)BIO_reset(bmd);
- }
- }
-end:
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,BUFSIZE);
- OPENSSL_free(buf);
- }
- if (in != NULL) BIO_free(in);
- if (passin)
- OPENSSL_free(passin);
- BIO_free_all(out);
- EVP_PKEY_free(sigkey);
- if(sigbuf) OPENSSL_free(sigbuf);
- if (bmd != NULL) BIO_free(bmd);
- apps_shutdown();
- OPENSSL_EXIT(err);
- }
-
-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
- EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
- const char *file,BIO *bmd,const char *hmac_key,int non_fips_allow)
- {
- unsigned int len;
- int i;
- EVP_MD_CTX *md_ctx;
- HMAC_CTX hmac_ctx;
-
- if (hmac_key)
- {
- EVP_MD *md;
-
- BIO_get_md(bmd,&md);
- HMAC_CTX_init(&hmac_ctx);
- HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);
- BIO_get_md_ctx(bmd,&md_ctx);
- BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
- }
- for (;;)
- {
- i=BIO_read(bp,(char *)buf,BUFSIZE);
- if(i < 0)
- {
- BIO_printf(bio_err, "Read Error in %s\n",file);
- ERR_print_errors(bio_err);
- return 1;
- }
- if (i == 0) break;
- }
- if(sigin)
- {
- EVP_MD_CTX *ctx;
- BIO_get_md_ctx(bp, &ctx);
- i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);
- if(i > 0)
- BIO_printf(out, "Verified OK\n");
- else if(i == 0)
- {
- BIO_printf(out, "Verification Failure\n");
- return 1;
- }
- else
- {
- BIO_printf(bio_err, "Error Verifying Data\n");
- ERR_print_errors(bio_err);
- return 1;
- }
- return 0;
- }
- if(key)
- {
- EVP_MD_CTX *ctx;
- BIO_get_md_ctx(bp, &ctx);
- if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key))
- {
- BIO_printf(bio_err, "Error Signing Data\n");
- ERR_print_errors(bio_err);
- return 1;
- }
- }
- else if(hmac_key)
- {
- HMAC_Final(&hmac_ctx,buf,&len);
- HMAC_CTX_cleanup(&hmac_ctx);
- }
- else
- len=BIO_gets(bp,(char *)buf,BUFSIZE);
-
- if(binout) BIO_write(out, buf, len);
- else
- {
- BIO_write(out,title,strlen(title));
- for (i=0; i<(int)len; i++)
- {
- if (sep && (i != 0))
- BIO_printf(out, ":");
- BIO_printf(out, "%02x",buf[i]);
- }
- BIO_printf(out, "\n");
- }
- if (hmac_key)
- {
- BIO_set_md_ctx(bmd,md_ctx);
- }
- return 0;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/apps/dgst.c (from rev 6976, vendor-crypto/openssl/dist/apps/dgst.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/dgst.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,522 @@
+/* apps/dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/hmac.h>
+
+#undef BUFSIZE
+#define BUFSIZE 1024*8
+
+#undef PROG
+#define PROG dgst_main
+
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+ EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+ const char *file, BIO *bmd, const char *hmac_key,
+ int non_fips_allow);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ unsigned char *buf = NULL;
+ int i, err = 1;
+ const EVP_MD *md = NULL, *m;
+ BIO *in = NULL, *inp;
+ BIO *bmd = NULL;
+ BIO *out = NULL;
+ const char *name;
+#define PROG_NAME_SIZE 39
+ char pname[PROG_NAME_SIZE + 1];
+ int separator = 0;
+ int debug = 0;
+ int keyform = FORMAT_PEM;
+ const char *outfile = NULL, *keyfile = NULL;
+ const char *sigfile = NULL, *randfile = NULL;
+ int out_bin = -1, want_pub = 0, do_verify = 0;
+ EVP_PKEY *sigkey = NULL;
+ unsigned char *sigbuf = NULL;
+ int siglen = 0;
+ unsigned int sig_flags = 0;
+ char *passargin = NULL, *passin = NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+ char *hmac_key = NULL;
+ int non_fips_allow = 0;
+
+ apps_startup();
+ ERR_load_crypto_strings();
+ if ((buf = (unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) {
+ BIO_printf(bio_err, "out of memory\n");
+ goto end;
+ }
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ /* first check the program name */
+ program_name(argv[0], pname, sizeof pname);
+
+ md = EVP_get_digestbyname(pname);
+
+ argc--;
+ argv++;
+ while (argc > 0) {
+ if ((*argv)[0] != '-')
+ break;
+ if (strcmp(*argv, "-c") == 0)
+ separator = 1;
+ else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ break;
+ randfile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ break;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-sign") == 0) {
+ if (--argc < 1)
+ break;
+ keyfile = *(++argv);
+ } else if (!strcmp(*argv, "-passin")) {
+ if (--argc < 1)
+ break;
+ passargin = *++argv;
+ } else if (strcmp(*argv, "-verify") == 0) {
+ if (--argc < 1)
+ break;
+ keyfile = *(++argv);
+ want_pub = 1;
+ do_verify = 1;
+ } else if (strcmp(*argv, "-prverify") == 0) {
+ if (--argc < 1)
+ break;
+ keyfile = *(++argv);
+ do_verify = 1;
+ } else if (strcmp(*argv, "-x931") == 0)
+ sig_flags = EVP_MD_CTX_FLAG_PAD_X931;
+ else if (strcmp(*argv, "-pss_saltlen") == 0) {
+ int saltlen;
+ if (--argc < 1)
+ break;
+ saltlen = atoi(*(++argv));
+ if (saltlen == -1)
+ sig_flags = EVP_MD_CTX_FLAG_PSS_MREC;
+ else if (saltlen == -2)
+ sig_flags = EVP_MD_CTX_FLAG_PSS_MDLEN;
+ else if (saltlen < -2 || saltlen >= 0xFFFE) {
+ BIO_printf(bio_err, "Invalid PSS salt length %d\n", saltlen);
+ goto end;
+ } else
+ sig_flags = saltlen;
+ sig_flags <<= 16;
+ sig_flags |= EVP_MD_CTX_FLAG_PAD_PSS;
+ } else if (strcmp(*argv, "-signature") == 0) {
+ if (--argc < 1)
+ break;
+ sigfile = *(++argv);
+ } else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ break;
+ keyform = str2fmt(*(++argv));
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ break;
+ engine = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv, "-hex") == 0)
+ out_bin = 0;
+ else if (strcmp(*argv, "-binary") == 0)
+ out_bin = 1;
+ else if (strcmp(*argv, "-d") == 0)
+ debug = 1;
+ else if (strcmp(*argv, "-non-fips-allow") == 0)
+ non_fips_allow = 1;
+ else if (!strcmp(*argv, "-fips-fingerprint"))
+ hmac_key = "etaonrishdlcupfm";
+ else if (!strcmp(*argv, "-hmac")) {
+ if (--argc < 1)
+ break;
+ hmac_key = *++argv;
+ } else if ((m = EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+ md = m;
+ else
+ break;
+ argc--;
+ argv++;
+ }
+
+ if (md == NULL)
+ md = EVP_md5();
+
+ if (do_verify && !sigfile) {
+ BIO_printf(bio_err,
+ "No signature to verify: use the -signature option\n");
+ err = 1;
+ goto end;
+ }
+
+ if ((argc > 0) && (argv[0][0] == '-')) { /* bad option */
+ BIO_printf(bio_err, "unknown option '%s'\n", *argv);
+ BIO_printf(bio_err, "options are\n");
+ BIO_printf(bio_err,
+ "-c to output the digest with separating colons\n");
+ BIO_printf(bio_err, "-d to output debug info\n");
+ BIO_printf(bio_err, "-hex output as hex dump\n");
+ BIO_printf(bio_err, "-binary output in binary form\n");
+ BIO_printf(bio_err,
+ "-sign file sign digest using private key in file\n");
+ BIO_printf(bio_err,
+ "-verify file verify a signature using public key in file\n");
+ BIO_printf(bio_err,
+ "-prverify file verify a signature using private key in file\n");
+ BIO_printf(bio_err,
+ "-keyform arg key file format (PEM or ENGINE)\n");
+ BIO_printf(bio_err, "-signature file signature to verify\n");
+ BIO_printf(bio_err, "-binary output in binary form\n");
+ BIO_printf(bio_err, "-hmac key create hashed MAC with key\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ "-engine e use engine e, possibly a hardware device.\n");
+#endif
+
+ BIO_printf(bio_err,
+ "-%-14s to use the %s message digest algorithm (default)\n",
+ LN_md5, LN_md5);
+ BIO_printf(bio_err, "-%-14s to use the %s message digest algorithm\n",
+ LN_md4, LN_md4);
+ BIO_printf(bio_err, "-%-14s to use the %s message digest algorithm\n",
+ LN_md2, LN_md2);
+#ifndef OPENSSL_NO_SHA
+ BIO_printf(bio_err, "-%-14s to use the %s message digest algorithm\n",
+ LN_sha1, LN_sha1);
+ BIO_printf(bio_err, "-%-14s to use the %s message digest algorithm\n",
+ LN_sha, LN_sha);
+# ifndef OPENSSL_NO_SHA256
+ BIO_printf(bio_err, "-%-14s to use the %s message digest algorithm\n",
+ LN_sha224, LN_sha224);
+ BIO_printf(bio_err, "-%-14s to use the %s message digest algorithm\n",
+ LN_sha256, LN_sha256);
+# endif
+# ifndef OPENSSL_NO_SHA512
+ BIO_printf(bio_err, "-%-14s to use the %s message digest algorithm\n",
+ LN_sha384, LN_sha384);
+ BIO_printf(bio_err, "-%-14s to use the %s message digest algorithm\n",
+ LN_sha512, LN_sha512);
+# endif
+#endif
+ BIO_printf(bio_err, "-%-14s to use the %s message digest algorithm\n",
+ LN_mdc2, LN_mdc2);
+ BIO_printf(bio_err, "-%-14s to use the %s message digest algorithm\n",
+ LN_ripemd160, LN_ripemd160);
+ err = 1;
+ goto end;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ in = BIO_new(BIO_s_file());
+ bmd = BIO_new(BIO_f_md());
+ if (debug) {
+ BIO_set_callback(in, BIO_debug_callback);
+ /* needed for windows 3.1 */
+ BIO_set_callback_arg(in, (char *)bio_err);
+ }
+
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if ((in == NULL) || (bmd == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (out_bin == -1) {
+ if (keyfile)
+ out_bin = 1;
+ else
+ out_bin = 0;
+ }
+
+ if (randfile)
+ app_RAND_load_file(randfile, bio_err, 0);
+
+ if (outfile) {
+ if (out_bin)
+ out = BIO_new_file(outfile, "wb");
+ else
+ out = BIO_new_file(outfile, "w");
+ } else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if (!out) {
+ BIO_printf(bio_err, "Error opening output file %s\n",
+ outfile ? outfile : "(stdout)");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (keyfile) {
+ if (want_pub)
+ sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
+ e, "key file");
+ else
+ sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
+ e, "key file");
+ if (!sigkey) {
+ /*
+ * load_[pub]key() has already printed an appropriate message
+ */
+ goto end;
+ }
+ }
+
+ if (sigfile && sigkey) {
+ BIO *sigbio;
+ sigbio = BIO_new_file(sigfile, "rb");
+ siglen = EVP_PKEY_size(sigkey);
+ sigbuf = OPENSSL_malloc(siglen);
+ if (!sigbio) {
+ BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ siglen = BIO_read(sigbio, sigbuf, siglen);
+ BIO_free(sigbio);
+ if (siglen <= 0) {
+ BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (non_fips_allow) {
+ EVP_MD_CTX *md_ctx;
+ BIO_get_md_ctx(bmd, &md_ctx);
+ EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ }
+
+ if (sig_flags) {
+ EVP_MD_CTX *md_ctx;
+ BIO_get_md_ctx(bmd, &md_ctx);
+ EVP_MD_CTX_set_flags(md_ctx, sig_flags);
+ }
+
+ /* we use md as a filter, reading from 'in' */
+ if (!BIO_set_md(bmd, md)) {
+ BIO_printf(bio_err, "Error setting digest %s\n", pname);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ inp = BIO_push(bmd, in);
+
+ if (argc == 0) {
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ err = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
+ siglen, "", "(stdin)", bmd, hmac_key, non_fips_allow);
+ } else {
+ name = OBJ_nid2sn(md->type);
+ err = 0;
+ for (i = 0; i < argc; i++) {
+ char *tmp, *tofree = NULL;
+ int r;
+
+ if (BIO_read_filename(in, argv[i]) <= 0) {
+ perror(argv[i]);
+ err++;
+ continue;
+ }
+ if (!out_bin) {
+ size_t len =
+ strlen(name) + strlen(argv[i]) + (hmac_key ? 5 : 0) + 5;
+ tmp = tofree = OPENSSL_malloc(len);
+ BIO_snprintf(tmp, len, "%s%s(%s)= ",
+ hmac_key ? "HMAC-" : "", name, argv[i]);
+ } else
+ tmp = "";
+ r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
+ siglen, tmp, argv[i], bmd, hmac_key, non_fips_allow);
+ if (r)
+ err = r;
+ if (tofree)
+ OPENSSL_free(tofree);
+ (void)BIO_reset(bmd);
+ }
+ }
+ end:
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, BUFSIZE);
+ OPENSSL_free(buf);
+ }
+ if (in != NULL)
+ BIO_free(in);
+ if (passin)
+ OPENSSL_free(passin);
+ BIO_free_all(out);
+ EVP_PKEY_free(sigkey);
+ if (sigbuf)
+ OPENSSL_free(sigbuf);
+ if (bmd != NULL)
+ BIO_free(bmd);
+ apps_shutdown();
+ OPENSSL_EXIT(err);
+}
+
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+ EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+ const char *file, BIO *bmd, const char *hmac_key,
+ int non_fips_allow)
+{
+ unsigned int len;
+ int i;
+ EVP_MD_CTX *md_ctx;
+ HMAC_CTX hmac_ctx;
+
+ if (hmac_key) {
+ EVP_MD *md;
+
+ BIO_get_md(bmd, &md);
+ HMAC_CTX_init(&hmac_ctx);
+ HMAC_Init_ex(&hmac_ctx, hmac_key, strlen(hmac_key), md, NULL);
+ BIO_get_md_ctx(bmd, &md_ctx);
+ BIO_set_md_ctx(bmd, &hmac_ctx.md_ctx);
+ }
+ for (;;) {
+ i = BIO_read(bp, (char *)buf, BUFSIZE);
+ if (i < 0) {
+ BIO_printf(bio_err, "Read Error in %s\n", file);
+ ERR_print_errors(bio_err);
+ return 1;
+ }
+ if (i == 0)
+ break;
+ }
+ if (sigin) {
+ EVP_MD_CTX *ctx;
+ BIO_get_md_ctx(bp, &ctx);
+ i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);
+ if (i > 0)
+ BIO_printf(out, "Verified OK\n");
+ else if (i == 0) {
+ BIO_printf(out, "Verification Failure\n");
+ return 1;
+ } else {
+ BIO_printf(bio_err, "Error Verifying Data\n");
+ ERR_print_errors(bio_err);
+ return 1;
+ }
+ return 0;
+ }
+ if (key) {
+ EVP_MD_CTX *ctx;
+ BIO_get_md_ctx(bp, &ctx);
+ if (!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) {
+ BIO_printf(bio_err, "Error Signing Data\n");
+ ERR_print_errors(bio_err);
+ return 1;
+ }
+ } else if (hmac_key) {
+ HMAC_Final(&hmac_ctx, buf, &len);
+ HMAC_CTX_cleanup(&hmac_ctx);
+ } else
+ len = BIO_gets(bp, (char *)buf, BUFSIZE);
+
+ if (binout)
+ BIO_write(out, buf, len);
+ else {
+ BIO_write(out, title, strlen(title));
+ for (i = 0; i < (int)len; i++) {
+ if (sep && (i != 0))
+ BIO_printf(out, ":");
+ BIO_printf(out, "%02x", buf[i]);
+ }
+ BIO_printf(out, "\n");
+ }
+ if (hmac_key) {
+ BIO_set_md_ctx(bmd, md_ctx);
+ }
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/dh.c
===================================================================
--- vendor-crypto/openssl/dist/apps/dh.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/dh.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,349 +0,0 @@
-/* apps/dh.c */
-/* obsoleted by dhparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_DH
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG dh_main
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -check - check the parameters are ok
- * -noout
- * -text
- * -C
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- DH *dh=NULL;
- int i,badops=0,text=0;
- BIO *in=NULL,*out=NULL;
- int informat,outformat,check=0,noout=0,C=0,ret=1;
- char *infile,*outfile,*prog;
-#ifndef OPENSSL_NO_ENGINE
- char *engine;
-#endif
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
-#ifndef OPENSSL_NO_ENGINE
- engine=NULL;
-#endif
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-check") == 0)
- check=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-C") == 0)
- C=1;
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -check check the DH parameters\n");
- BIO_printf(bio_err," -text print a text form of the DH parameters\n");
- BIO_printf(bio_err," -C Output C code\n");
- BIO_printf(bio_err," -noout no output\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- goto end;
- }
-
- ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (informat == FORMAT_ASN1)
- dh=d2i_DHparams_bio(in,NULL);
- else if (informat == FORMAT_PEM)
- dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
- else
- {
- BIO_printf(bio_err,"bad input format specified\n");
- goto end;
- }
- if (dh == NULL)
- {
- BIO_printf(bio_err,"unable to load DH parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
-
-
- if (text)
- {
- DHparams_print(out,dh);
-#ifdef undef
- printf("p=");
- BN_print(stdout,dh->p);
- printf("\ng=");
- BN_print(stdout,dh->g);
- printf("\n");
- if (dh->length != 0)
- printf("recommended private length=%ld\n",dh->length);
-#endif
- }
-
- if (check)
- {
- if (!DH_check(dh,&i))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (i & DH_CHECK_P_NOT_PRIME)
- printf("p value is not prime\n");
- if (i & DH_CHECK_P_NOT_SAFE_PRIME)
- printf("p value is not a safe prime\n");
- if (i & DH_UNABLE_TO_CHECK_GENERATOR)
- printf("unable to check the generator value\n");
- if (i & DH_NOT_SUITABLE_GENERATOR)
- printf("the g value is not a generator\n");
- if (i == 0)
- printf("DH parameters appear to be ok.\n");
- }
- if (C)
- {
- unsigned char *data;
- int len,l,bits;
-
- len=BN_num_bytes(dh->p);
- bits=BN_num_bits(dh->p);
- data=(unsigned char *)OPENSSL_malloc(len);
- if (data == NULL)
- {
- perror("OPENSSL_malloc");
- goto end;
- }
- l=BN_bn2bin(dh->p,data);
- printf("static unsigned char dh%d_p[]={",bits);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t};\n");
-
- l=BN_bn2bin(dh->g,data);
- printf("static unsigned char dh%d_g[]={",bits);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t};\n\n");
-
- printf("DH *get_dh%d()\n\t{\n",bits);
- printf("\tDH *dh;\n\n");
- printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
- printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
- bits,bits);
- printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
- bits,bits);
- printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
- printf("\t\treturn(NULL);\n");
- printf("\treturn(dh);\n\t}\n");
- OPENSSL_free(data);
- }
-
-
- if (!noout)
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_DHparams_bio(out,dh);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_DHparams(out,dh);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write DH parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- ret=0;
-end:
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (dh != NULL) DH_free(dh);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/dh.c (from rev 6976, vendor-crypto/openssl/dist/apps/dh.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/dh.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/dh.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,331 @@
+/* apps/dh.c */
+/* obsoleted by dhparam.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_DH
+# include <stdio.h>
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+# undef PROG
+# define PROG dh_main
+
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -check - check the parameters are ok
+ * -noout
+ * -text
+ * -C
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ DH *dh = NULL;
+ int i, badops = 0, text = 0;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
+ char *infile, *outfile, *prog;
+# ifndef OPENSSL_NO_ENGINE
+ char *engine;
+# endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+# ifndef OPENSSL_NO_ENGINE
+ engine = NULL;
+# endif
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ }
+# ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+# endif
+ else if (strcmp(*argv, "-check") == 0)
+ check = 1;
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-C") == 0)
+ C = 1;
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
+ BIO_printf(bio_err,
+ " -outform arg output format - one of DER PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err, " -check check the DH parameters\n");
+ BIO_printf(bio_err,
+ " -text print a text form of the DH parameters\n");
+ BIO_printf(bio_err, " -C Output C code\n");
+ BIO_printf(bio_err, " -noout no output\n");
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine e use engine e, possibly a hardware device.\n");
+# endif
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+# ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+# endif
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ dh = d2i_DHparams_bio(in, NULL);
+ else if (informat == FORMAT_PEM)
+ dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+ else {
+ BIO_printf(bio_err, "bad input format specified\n");
+ goto end;
+ }
+ if (dh == NULL) {
+ BIO_printf(bio_err, "unable to load DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (text) {
+ DHparams_print(out, dh);
+# ifdef undef
+ printf("p=");
+ BN_print(stdout, dh->p);
+ printf("\ng=");
+ BN_print(stdout, dh->g);
+ printf("\n");
+ if (dh->length != 0)
+ printf("recommended private length=%ld\n", dh->length);
+# endif
+ }
+
+ if (check) {
+ if (!DH_check(dh, &i)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (i & DH_CHECK_P_NOT_PRIME)
+ printf("p value is not prime\n");
+ if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+ printf("p value is not a safe prime\n");
+ if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+ printf("unable to check the generator value\n");
+ if (i & DH_NOT_SUITABLE_GENERATOR)
+ printf("the g value is not a generator\n");
+ if (i == 0)
+ printf("DH parameters appear to be ok.\n");
+ }
+ if (C) {
+ unsigned char *data;
+ int len, l, bits;
+
+ len = BN_num_bytes(dh->p);
+ bits = BN_num_bits(dh->p);
+ data = (unsigned char *)OPENSSL_malloc(len);
+ if (data == NULL) {
+ perror("OPENSSL_malloc");
+ goto end;
+ }
+ l = BN_bn2bin(dh->p, data);
+ printf("static unsigned char dh%d_p[]={", bits);
+ for (i = 0; i < l; i++) {
+ if ((i % 12) == 0)
+ printf("\n\t");
+ printf("0x%02X,", data[i]);
+ }
+ printf("\n\t};\n");
+
+ l = BN_bn2bin(dh->g, data);
+ printf("static unsigned char dh%d_g[]={", bits);
+ for (i = 0; i < l; i++) {
+ if ((i % 12) == 0)
+ printf("\n\t");
+ printf("0x%02X,", data[i]);
+ }
+ printf("\n\t};\n\n");
+
+ printf("DH *get_dh%d()\n\t{\n", bits);
+ printf("\tDH *dh;\n\n");
+ printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
+ printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
+ bits, bits);
+ printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
+ bits, bits);
+ printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
+ printf("\t\treturn(NULL);\n");
+ printf("\treturn(dh);\n\t}\n");
+ OPENSSL_free(data);
+ }
+
+ if (!noout) {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_DHparams_bio(out, dh);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_DHparams(out, dh);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ ret = 0;
+ end:
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (dh != NULL)
+ DH_free(dh);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/dhparam.c
===================================================================
--- vendor-crypto/openssl/dist/apps/dhparam.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/dhparam.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,553 +0,0 @@
-/* apps/dhparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_DH
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#undef PROG
-#define PROG dhparam_main
-
-#define DEFBITS 512
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -dsaparam - read or generate DSA parameters, convert to DH
- * -check - check the parameters are ok
- * -noout
- * -text
- * -C
- */
-
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- DH *dh=NULL;
- int i,badops=0,text=0;
-#ifndef OPENSSL_NO_DSA
- int dsaparam=0;
-#endif
- BIO *in=NULL,*out=NULL;
- int informat,outformat,check=0,noout=0,C=0,ret=1;
- char *infile,*outfile,*prog;
- char *inrand=NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- int num = 0, g = 0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-check") == 0)
- check=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
-#ifndef OPENSSL_NO_DSA
- else if (strcmp(*argv,"-dsaparam") == 0)
- dsaparam=1;
-#endif
- else if (strcmp(*argv,"-C") == 0)
- C=1;
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-2") == 0)
- g=2;
- else if (strcmp(*argv,"-5") == 0)
- g=5;
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
- else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
- goto bad;
- argv++;
- argc--;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] [numbits]\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
-#ifndef OPENSSL_NO_DSA
- BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n");
-#endif
- BIO_printf(bio_err," -check check the DH parameters\n");
- BIO_printf(bio_err," -text print a text form of the DH parameters\n");
- BIO_printf(bio_err," -C Output C code\n");
- BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
- BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
- BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," -noout no output\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
-
- if (g && !num)
- num = DEFBITS;
-
-#ifndef OPENSSL_NO_DSA
- if (dsaparam)
- {
- if (g)
- {
- BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
- goto end;
- }
- }
- else
-#endif
- {
- /* DH parameters */
- if (num && !g)
- g = 2;
- }
-
- if(num) {
-
- BN_GENCB cb;
- BN_GENCB_set(&cb, dh_cb, bio_err);
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
-#ifndef OPENSSL_NO_DSA
- if (dsaparam)
- {
- DSA *dsa = DSA_new();
-
- BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
- if(!dsa || !DSA_generate_parameters_ex(dsa, num,
- NULL, 0, NULL, NULL, &cb))
- {
- if(dsa) DSA_free(dsa);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- dh = DSA_dup_DH(dsa);
- DSA_free(dsa);
- if (dh == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- else
-#endif
- {
- dh = DH_new();
- BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
- BIO_printf(bio_err,"This is going to take a long time\n");
- if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- app_RAND_write_file(NULL, bio_err);
- } else {
-
- in=BIO_new(BIO_s_file());
- if (in == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
- if (informat != FORMAT_ASN1 && informat != FORMAT_PEM)
- {
- BIO_printf(bio_err,"bad input format specified\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_DSA
- if (dsaparam)
- {
- DSA *dsa;
-
- if (informat == FORMAT_ASN1)
- dsa=d2i_DSAparams_bio(in,NULL);
- else /* informat == FORMAT_PEM */
- dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
-
- if (dsa == NULL)
- {
- BIO_printf(bio_err,"unable to load DSA parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- dh = DSA_dup_DH(dsa);
- DSA_free(dsa);
- if (dh == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- else
-#endif
- {
- if (informat == FORMAT_ASN1)
- dh=d2i_DHparams_bio(in,NULL);
- else /* informat == FORMAT_PEM */
- dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
-
- if (dh == NULL)
- {
- BIO_printf(bio_err,"unable to load DH parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- /* dh != NULL */
- }
-
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
-
- if (text)
- {
- DHparams_print(out,dh);
- }
-
- if (check)
- {
- if (!DH_check(dh,&i))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (i & DH_CHECK_P_NOT_PRIME)
- printf("p value is not prime\n");
- if (i & DH_CHECK_P_NOT_SAFE_PRIME)
- printf("p value is not a safe prime\n");
- if (i & DH_UNABLE_TO_CHECK_GENERATOR)
- printf("unable to check the generator value\n");
- if (i & DH_NOT_SUITABLE_GENERATOR)
- printf("the g value is not a generator\n");
- if (i == 0)
- printf("DH parameters appear to be ok.\n");
- }
- if (C)
- {
- unsigned char *data;
- int len,l,bits;
-
- len=BN_num_bytes(dh->p);
- bits=BN_num_bits(dh->p);
- data=(unsigned char *)OPENSSL_malloc(len);
- if (data == NULL)
- {
- perror("OPENSSL_malloc");
- goto end;
- }
- printf("#ifndef HEADER_DH_H\n"
- "#include <openssl/dh.h>\n"
- "#endif\n");
- printf("DH *get_dh%d()\n\t{\n",bits);
-
- l=BN_bn2bin(dh->p,data);
- printf("\tstatic unsigned char dh%d_p[]={",bits);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t\t};\n");
-
- l=BN_bn2bin(dh->g,data);
- printf("\tstatic unsigned char dh%d_g[]={",bits);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t\t};\n");
-
- printf("\tDH *dh;\n\n");
- printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
- printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
- bits,bits);
- printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
- bits,bits);
- printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
- printf("\t\t{ DH_free(dh); return(NULL); }\n");
- if (dh->length)
- printf("\tdh->length = %ld;\n", dh->length);
- printf("\treturn(dh);\n\t}\n");
- OPENSSL_free(data);
- }
-
-
- if (!noout)
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_DHparams_bio(out,dh);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_DHparams(out,dh);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write DH parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- ret=0;
-end:
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (dh != NULL) DH_free(dh);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(cb->arg,&c,1);
- (void)BIO_flush(cb->arg);
-#ifdef LINT
- p=n;
-#endif
- return 1;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/dhparam.c (from rev 6976, vendor-crypto/openssl/dist/apps/dhparam.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/dhparam.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/dhparam.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,537 @@
+/* apps/dhparam.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_DH
+# include <stdio.h>
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+# ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+# endif
+
+# undef PROG
+# define PROG dhparam_main
+
+# define DEFBITS 512
+
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -dsaparam - read or generate DSA parameters, convert to DH
+ * -check - check the parameters are ok
+ * -noout
+ * -text
+ * -C
+ */
+
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ DH *dh = NULL;
+ int i, badops = 0, text = 0;
+# ifndef OPENSSL_NO_DSA
+ int dsaparam = 0;
+# endif
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat, check = 0, noout = 0, C = 0, ret = 1;
+ char *infile, *outfile, *prog;
+ char *inrand = NULL;
+# ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+# endif
+ int num = 0, g = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ }
+# ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+# endif
+ else if (strcmp(*argv, "-check") == 0)
+ check = 1;
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+# ifndef OPENSSL_NO_DSA
+ else if (strcmp(*argv, "-dsaparam") == 0)
+ dsaparam = 1;
+# endif
+ else if (strcmp(*argv, "-C") == 0)
+ C = 1;
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-2") == 0)
+ g = 2;
+ else if (strcmp(*argv, "-5") == 0)
+ g = 5;
+ else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ } else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0)))
+ goto bad;
+ argv++;
+ argc--;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options] [numbits]\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - one of DER PEM\n");
+ BIO_printf(bio_err,
+ " -outform arg output format - one of DER PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+# ifndef OPENSSL_NO_DSA
+ BIO_printf(bio_err,
+ " -dsaparam read or generate DSA parameters, convert to DH\n");
+# endif
+ BIO_printf(bio_err, " -check check the DH parameters\n");
+ BIO_printf(bio_err,
+ " -text print a text form of the DH parameters\n");
+ BIO_printf(bio_err, " -C Output C code\n");
+ BIO_printf(bio_err,
+ " -2 generate parameters using 2 as the generator value\n");
+ BIO_printf(bio_err,
+ " -5 generate parameters using 5 as the generator value\n");
+ BIO_printf(bio_err,
+ " numbits number of bits in to generate (default 512)\n");
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine e use engine e, possibly a hardware device.\n");
+# endif
+ BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+ LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err,
+ " - load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err, " -noout no output\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+# ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+# endif
+
+ if (g && !num)
+ num = DEFBITS;
+
+# ifndef OPENSSL_NO_DSA
+ if (dsaparam) {
+ if (g) {
+ BIO_printf(bio_err,
+ "generator may not be chosen for DSA parameters\n");
+ goto end;
+ }
+ } else
+# endif
+ {
+ /* DH parameters */
+ if (num && !g)
+ g = 2;
+ }
+
+ if (num) {
+
+ BN_GENCB cb;
+ BN_GENCB_set(&cb, dh_cb, bio_err);
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
+ BIO_printf(bio_err,
+ "warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+# ifndef OPENSSL_NO_DSA
+ if (dsaparam) {
+ DSA *dsa = DSA_new();
+
+ BIO_printf(bio_err,
+ "Generating DSA parameters, %d bit long prime\n", num);
+ if (!dsa
+ || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
+ &cb)) {
+ if (dsa)
+ DSA_free(dsa);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ dh = DSA_dup_DH(dsa);
+ DSA_free(dsa);
+ if (dh == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else
+# endif
+ {
+ dh = DH_new();
+ BIO_printf(bio_err,
+ "Generating DH parameters, %d bit long safe prime, generator %d\n",
+ num, g);
+ BIO_printf(bio_err, "This is going to take a long time\n");
+ if (!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ app_RAND_write_file(NULL, bio_err);
+ } else {
+
+ in = BIO_new(BIO_s_file());
+ if (in == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) {
+ BIO_printf(bio_err, "bad input format specified\n");
+ goto end;
+ }
+# ifndef OPENSSL_NO_DSA
+ if (dsaparam) {
+ DSA *dsa;
+
+ if (informat == FORMAT_ASN1)
+ dsa = d2i_DSAparams_bio(in, NULL);
+ else /* informat == FORMAT_PEM */
+ dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
+
+ if (dsa == NULL) {
+ BIO_printf(bio_err, "unable to load DSA parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ dh = DSA_dup_DH(dsa);
+ DSA_free(dsa);
+ if (dh == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else
+# endif
+ {
+ if (informat == FORMAT_ASN1)
+ dh = d2i_DHparams_bio(in, NULL);
+ else /* informat == FORMAT_PEM */
+ dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+
+ if (dh == NULL) {
+ BIO_printf(bio_err, "unable to load DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ /* dh != NULL */
+ }
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (text) {
+ DHparams_print(out, dh);
+ }
+
+ if (check) {
+ if (!DH_check(dh, &i)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (i & DH_CHECK_P_NOT_PRIME)
+ printf("p value is not prime\n");
+ if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+ printf("p value is not a safe prime\n");
+ if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+ printf("unable to check the generator value\n");
+ if (i & DH_NOT_SUITABLE_GENERATOR)
+ printf("the g value is not a generator\n");
+ if (i == 0)
+ printf("DH parameters appear to be ok.\n");
+ }
+ if (C) {
+ unsigned char *data;
+ int len, l, bits;
+
+ len = BN_num_bytes(dh->p);
+ bits = BN_num_bits(dh->p);
+ data = (unsigned char *)OPENSSL_malloc(len);
+ if (data == NULL) {
+ perror("OPENSSL_malloc");
+ goto end;
+ }
+ printf("#ifndef HEADER_DH_H\n"
+ "#include <openssl/dh.h>\n" "#endif\n");
+ printf("DH *get_dh%d()\n\t{\n", bits);
+
+ l = BN_bn2bin(dh->p, data);
+ printf("\tstatic unsigned char dh%d_p[]={", bits);
+ for (i = 0; i < l; i++) {
+ if ((i % 12) == 0)
+ printf("\n\t\t");
+ printf("0x%02X,", data[i]);
+ }
+ printf("\n\t\t};\n");
+
+ l = BN_bn2bin(dh->g, data);
+ printf("\tstatic unsigned char dh%d_g[]={", bits);
+ for (i = 0; i < l; i++) {
+ if ((i % 12) == 0)
+ printf("\n\t\t");
+ printf("0x%02X,", data[i]);
+ }
+ printf("\n\t\t};\n");
+
+ printf("\tDH *dh;\n\n");
+ printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
+ printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
+ bits, bits);
+ printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
+ bits, bits);
+ printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
+ printf("\t\t{ DH_free(dh); return(NULL); }\n");
+ if (dh->length)
+ printf("\tdh->length = %ld;\n", dh->length);
+ printf("\treturn(dh);\n\t}\n");
+ OPENSSL_free(data);
+ }
+
+ if (!noout) {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_DHparams_bio(out, dh);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_DHparams(out, dh);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write DH parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ ret = 0;
+ end:
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (dh != NULL)
+ DH_free(dh);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ BIO_write(cb->arg, &c, 1);
+ (void)BIO_flush(cb->arg);
+# ifdef LINT
+ p = n;
+# endif
+ return 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/dsa.c
===================================================================
--- vendor-crypto/openssl/dist/apps/dsa.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/dsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,333 +0,0 @@
-/* apps/dsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_DSA
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-
-#undef PROG
-#define PROG dsa_main
-
-/* -inform arg - input format - default PEM (one of DER, NET or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -des - encrypt output if PEM format with DES in cbc mode
- * -des3 - encrypt output if PEM format
- * -idea - encrypt output if PEM format
- * -aes128 - encrypt output if PEM format
- * -aes192 - encrypt output if PEM format
- * -aes256 - encrypt output if PEM format
- * -camellia128 - encrypt output if PEM format
- * -camellia192 - encrypt output if PEM format
- * -camellia256 - encrypt output if PEM format
- * -seed - encrypt output if PEM format
- * -text - print a text version
- * -modulus - print the DSA public key
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- int ret=1;
- DSA *dsa=NULL;
- int i,badops=0;
- const EVP_CIPHER *enc=NULL;
- BIO *in=NULL,*out=NULL;
- int informat,outformat,text=0,noout=0;
- int pubin = 0, pubout = 0;
- char *infile,*outfile,*prog;
-#ifndef OPENSSL_NO_ENGINE
- char *engine;
-#endif
- char *passargin = NULL, *passargout = NULL;
- char *passin = NULL, *passout = NULL;
- int modulus=0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
-#ifndef OPENSSL_NO_ENGINE
- engine=NULL;
-#endif
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-modulus") == 0)
- modulus=1;
- else if (strcmp(*argv,"-pubin") == 0)
- pubin=1;
- else if (strcmp(*argv,"-pubout") == 0)
- pubout=1;
- else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -passin arg input file pass phrase source\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -passout arg output file pass phrase source\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
- BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
-#endif
-#ifndef OPENSSL_NO_SEED
- BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n");
-#endif
- BIO_printf(bio_err," -text print the key in text\n");
- BIO_printf(bio_err," -noout don't print key out\n");
- BIO_printf(bio_err," -modulus print the DSA public value\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
- BIO_printf(bio_err, "Error getting passwords\n");
- goto end;
- }
-
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- BIO_printf(bio_err,"read DSA key\n");
- {
- EVP_PKEY *pkey;
- if (pubin)
- pkey = load_pubkey(bio_err, infile, informat, 1,
- passin, e, "Public Key");
- else
- pkey = load_key(bio_err, infile, informat, 1,
- passin, e, "Private Key");
-
- if (pkey != NULL)
- dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey);
- EVP_PKEY_free(pkey);
- }
- if (dsa == NULL)
- {
- BIO_printf(bio_err,"unable to load Key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (text)
- if (!DSA_print(out,dsa,0))
- {
- perror(outfile);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (modulus)
- {
- fprintf(stdout,"Public Key=");
- BN_print(out,dsa->pub_key);
- fprintf(stdout,"\n");
- }
-
- if (noout) goto end;
- BIO_printf(bio_err,"writing DSA key\n");
- if (outformat == FORMAT_ASN1) {
- if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
- else i=i2d_DSAPrivateKey_bio(out,dsa);
- } else if (outformat == FORMAT_PEM) {
- if(pubin || pubout)
- i=PEM_write_bio_DSA_PUBKEY(out,dsa);
- else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
- NULL,0,NULL, passout);
- } else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write private key\n");
- ERR_print_errors(bio_err);
- }
- else
- ret=0;
-end:
- if(in != NULL) BIO_free(in);
- if(out != NULL) BIO_free_all(out);
- if(dsa != NULL) DSA_free(dsa);
- if(passin) OPENSSL_free(passin);
- if(passout) OPENSSL_free(passout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/dsa.c (from rev 6976, vendor-crypto/openssl/dist/apps/dsa.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/dsa.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/dsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,334 @@
+/* apps/dsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
+#ifndef OPENSSL_NO_DSA
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <time.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+
+# undef PROG
+# define PROG dsa_main
+
+/*-
+ * -inform arg - input format - default PEM (one of DER, NET or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -des - encrypt output if PEM format with DES in cbc mode
+ * -des3 - encrypt output if PEM format
+ * -idea - encrypt output if PEM format
+ * -aes128 - encrypt output if PEM format
+ * -aes192 - encrypt output if PEM format
+ * -aes256 - encrypt output if PEM format
+ * -camellia128 - encrypt output if PEM format
+ * -camellia192 - encrypt output if PEM format
+ * -camellia256 - encrypt output if PEM format
+ * -seed - encrypt output if PEM format
+ * -text - print a text version
+ * -modulus - print the DSA public key
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ int ret = 1;
+ DSA *dsa = NULL;
+ int i, badops = 0;
+ const EVP_CIPHER *enc = NULL;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat, text = 0, noout = 0;
+ int pubin = 0, pubout = 0;
+ char *infile, *outfile, *prog;
+# ifndef OPENSSL_NO_ENGINE
+ char *engine;
+# endif
+ char *passargin = NULL, *passargout = NULL;
+ char *passin = NULL, *passout = NULL;
+ int modulus = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+# ifndef OPENSSL_NO_ENGINE
+ engine = NULL;
+# endif
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-passout") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargout = *(++argv);
+ }
+# ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+# endif
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-modulus") == 0)
+ modulus = 1;
+ else if (strcmp(*argv, "-pubin") == 0)
+ pubin = 1;
+ else if (strcmp(*argv, "-pubout") == 0)
+ pubout = 1;
+ else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err,
+ " -passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err,
+ " -passout arg output file pass phrase source\n");
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine e use engine e, possibly a hardware device.\n");
+# endif
+ BIO_printf(bio_err,
+ " -des encrypt PEM output with cbc des\n");
+ BIO_printf(bio_err,
+ " -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
+# ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err,
+ " -idea encrypt PEM output with cbc idea\n");
+# endif
+# ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc aes\n");
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc camellia\n");
+# endif
+# ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err,
+ " -seed encrypt PEM output with cbc seed\n");
+# endif
+ BIO_printf(bio_err, " -text print the key in text\n");
+ BIO_printf(bio_err, " -noout don't print key out\n");
+ BIO_printf(bio_err, " -modulus print the DSA public value\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+# ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+# endif
+
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ BIO_printf(bio_err, "read DSA key\n");
+ {
+ EVP_PKEY *pkey;
+ if (pubin)
+ pkey = load_pubkey(bio_err, infile, informat, 1,
+ passin, e, "Public Key");
+ else
+ pkey = load_key(bio_err, infile, informat, 1,
+ passin, e, "Private Key");
+
+ if (pkey != NULL)
+ dsa = pkey == NULL ? NULL : EVP_PKEY_get1_DSA(pkey);
+ EVP_PKEY_free(pkey);
+ }
+ if (dsa == NULL) {
+ BIO_printf(bio_err, "unable to load Key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (text)
+ if (!DSA_print(out, dsa, 0)) {
+ perror(outfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (modulus) {
+ fprintf(stdout, "Public Key=");
+ BN_print(out, dsa->pub_key);
+ fprintf(stdout, "\n");
+ }
+
+ if (noout)
+ goto end;
+ BIO_printf(bio_err, "writing DSA key\n");
+ if (outformat == FORMAT_ASN1) {
+ if (pubin || pubout)
+ i = i2d_DSA_PUBKEY_bio(out, dsa);
+ else
+ i = i2d_DSAPrivateKey_bio(out, dsa);
+ } else if (outformat == FORMAT_PEM) {
+ if (pubin || pubout)
+ i = PEM_write_bio_DSA_PUBKEY(out, dsa);
+ else
+ i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
+ NULL, 0, NULL, passout);
+ } else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write private key\n");
+ ERR_print_errors(bio_err);
+ } else
+ ret = 0;
+ end:
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (dsa != NULL)
+ DSA_free(dsa);
+ if (passin)
+ OPENSSL_free(passin);
+ if (passout)
+ OPENSSL_free(passout);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/dsaparam.c
===================================================================
--- vendor-crypto/openssl/dist/apps/dsaparam.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/dsaparam.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,479 +0,0 @@
-/* apps/dsaparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG dsaparam_main
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -noout
- * -text
- * -C
- * -noout
- * -genkey
- * #ifdef GENCB_TEST
- * -timebomb n - interrupt keygen after <n> seconds
- * #endif
- */
-
-#ifdef GENCB_TEST
-
-static int stop_keygen_flag = 0;
-
-static void timebomb_sigalarm(int foo)
- {
- stop_keygen_flag = 1;
- }
-
-#endif
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- DSA *dsa=NULL;
- int i,badops=0,text=0;
- BIO *in=NULL,*out=NULL;
- int informat,outformat,noout=0,C=0,ret=1;
- char *infile,*outfile,*prog,*inrand=NULL;
- int numbits= -1,num,genkey=0;
- int need_rand=0;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-#ifdef GENCB_TEST
- int timebomb=0;
-#endif
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if(strcmp(*argv, "-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine = *(++argv);
- }
-#endif
-#ifdef GENCB_TEST
- else if(strcmp(*argv, "-timebomb") == 0)
- {
- if (--argc < 1) goto bad;
- timebomb = atoi(*(++argv));
- }
-#endif
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-C") == 0)
- C=1;
- else if (strcmp(*argv,"-genkey") == 0)
- {
- genkey=1;
- need_rand=1;
- }
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- need_rand=1;
- }
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (sscanf(*argv,"%d",&num) == 1)
- {
- /* generate a key */
- numbits=num;
- need_rand=1;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -text print as text\n");
- BIO_printf(bio_err," -C Output C code\n");
- BIO_printf(bio_err," -noout no output\n");
- BIO_printf(bio_err," -genkey generate a DSA key\n");
- BIO_printf(bio_err," -rand files to use for random number input\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
-#ifdef GENCB_TEST
- BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n");
-#endif
- BIO_printf(bio_err," number number of bits to use for generating private key\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
-
- if (need_rand)
- {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
- if (numbits > 0)
- {
- BN_GENCB cb;
- BN_GENCB_set(&cb, dsa_cb, bio_err);
- assert(need_rand);
- dsa = DSA_new();
- if(!dsa)
- {
- BIO_printf(bio_err,"Error allocating DSA object\n");
- goto end;
- }
- BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
- BIO_printf(bio_err,"This could take some time\n");
-#ifdef GENCB_TEST
- if(timebomb > 0)
- {
- struct sigaction act;
- act.sa_handler = timebomb_sigalarm;
- act.sa_flags = 0;
- BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
- timebomb);
- if(sigaction(SIGALRM, &act, NULL) != 0)
- {
- BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
- goto end;
- }
- alarm(timebomb);
- }
-#endif
- if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
- {
-#ifdef GENCB_TEST
- if(stop_keygen_flag)
- {
- BIO_printf(bio_err,"DSA key generation time-stopped\n");
- /* This is an asked-for behaviour! */
- ret = 0;
- goto end;
- }
-#endif
- BIO_printf(bio_err,"Error, DSA key generation failed\n");
- goto end;
- }
- }
- else if (informat == FORMAT_ASN1)
- dsa=d2i_DSAparams_bio(in,NULL);
- else if (informat == FORMAT_PEM)
- dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
- else
- {
- BIO_printf(bio_err,"bad input format specified\n");
- goto end;
- }
- if (dsa == NULL)
- {
- BIO_printf(bio_err,"unable to load DSA parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (text)
- {
- DSAparams_print(out,dsa);
- }
-
- if (C)
- {
- unsigned char *data;
- int l,len,bits_p;
-
- len=BN_num_bytes(dsa->p);
- bits_p=BN_num_bits(dsa->p);
- data=(unsigned char *)OPENSSL_malloc(len+20);
- if (data == NULL)
- {
- perror("OPENSSL_malloc");
- goto end;
- }
- l=BN_bn2bin(dsa->p,data);
- printf("static unsigned char dsa%d_p[]={",bits_p);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t};\n");
-
- l=BN_bn2bin(dsa->q,data);
- printf("static unsigned char dsa%d_q[]={",bits_p);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t};\n");
-
- l=BN_bn2bin(dsa->g,data);
- printf("static unsigned char dsa%d_g[]={",bits_p);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t};\n\n");
-
- printf("DSA *get_dsa%d()\n\t{\n",bits_p);
- printf("\tDSA *dsa;\n\n");
- printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");
- printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",
- bits_p,bits_p);
- printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",
- bits_p,bits_p);
- printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
- bits_p,bits_p);
- printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
- printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
- printf("\treturn(dsa);\n\t}\n");
- }
-
-
- if (!noout)
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_DSAparams_bio(out,dsa);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_DSAparams(out,dsa);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write DSA parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- if (genkey)
- {
- DSA *dsakey;
-
- assert(need_rand);
- if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
- if (!DSA_generate_key(dsakey)) goto end;
- if (outformat == FORMAT_ASN1)
- i=i2d_DSAPrivateKey_bio(out,dsakey);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- DSA_free(dsakey);
- }
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
- ret=0;
-end:
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (dsa != NULL) DSA_free(dsa);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(cb->arg,&c,1);
- (void)BIO_flush(cb->arg);
-#ifdef LINT
- p=n;
-#endif
-#ifdef GENCB_TEST
- if(stop_keygen_flag)
- return 0;
-#endif
- return 1;
- }
-#else /* !OPENSSL_NO_DSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/dsaparam.c (from rev 6976, vendor-crypto/openssl/dist/apps/dsaparam.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/dsaparam.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/dsaparam.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,464 @@
+/* apps/dsaparam.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
+
+#ifndef OPENSSL_NO_DSA
+# include <assert.h>
+# include <stdio.h>
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+# undef PROG
+# define PROG dsaparam_main
+
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -noout
+ * -text
+ * -C
+ * -noout
+ * -genkey
+ * #ifdef GENCB_TEST
+ * -timebomb n - interrupt keygen after <n> seconds
+ * #endif
+ */
+
+# ifdef GENCB_TEST
+
+static int stop_keygen_flag = 0;
+
+static void timebomb_sigalarm(int foo)
+{
+ stop_keygen_flag = 1;
+}
+
+# endif
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ DSA *dsa = NULL;
+ int i, badops = 0, text = 0;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat, noout = 0, C = 0, ret = 1;
+ char *infile, *outfile, *prog, *inrand = NULL;
+ int numbits = -1, num, genkey = 0;
+ int need_rand = 0;
+# ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+# endif
+# ifdef GENCB_TEST
+ int timebomb = 0;
+# endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ }
+# ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+# endif
+# ifdef GENCB_TEST
+ else if (strcmp(*argv, "-timebomb") == 0) {
+ if (--argc < 1)
+ goto bad;
+ timebomb = atoi(*(++argv));
+ }
+# endif
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-C") == 0)
+ C = 1;
+ else if (strcmp(*argv, "-genkey") == 0) {
+ genkey = 1;
+ need_rand = 1;
+ } else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ need_rand = 1;
+ } else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (sscanf(*argv, "%d", &num) == 1) {
+ /* generate a key */
+ numbits = num;
+ need_rand = 1;
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options] [bits] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err, " -text print as text\n");
+ BIO_printf(bio_err, " -C Output C code\n");
+ BIO_printf(bio_err, " -noout no output\n");
+ BIO_printf(bio_err, " -genkey generate a DSA key\n");
+ BIO_printf(bio_err,
+ " -rand files to use for random number input\n");
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine e use engine e, possibly a hardware device.\n");
+# endif
+# ifdef GENCB_TEST
+ BIO_printf(bio_err,
+ " -timebomb n interrupt keygen after <n> seconds\n");
+# endif
+ BIO_printf(bio_err,
+ " number number of bits to use for generating private key\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+# ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+# endif
+
+ if (need_rand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ if (numbits > 0) {
+ BN_GENCB cb;
+ BN_GENCB_set(&cb, dsa_cb, bio_err);
+ assert(need_rand);
+ dsa = DSA_new();
+ if (!dsa) {
+ BIO_printf(bio_err, "Error allocating DSA object\n");
+ goto end;
+ }
+ BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
+ num);
+ BIO_printf(bio_err, "This could take some time\n");
+# ifdef GENCB_TEST
+ if (timebomb > 0) {
+ struct sigaction act;
+ act.sa_handler = timebomb_sigalarm;
+ act.sa_flags = 0;
+ BIO_printf(bio_err,
+ "(though I'll stop it if not done within %d secs)\n",
+ timebomb);
+ if (sigaction(SIGALRM, &act, NULL) != 0) {
+ BIO_printf(bio_err, "Error, couldn't set SIGALRM handler\n");
+ goto end;
+ }
+ alarm(timebomb);
+ }
+# endif
+ if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, &cb)) {
+# ifdef GENCB_TEST
+ if (stop_keygen_flag) {
+ BIO_printf(bio_err, "DSA key generation time-stopped\n");
+ /* This is an asked-for behaviour! */
+ ret = 0;
+ goto end;
+ }
+# endif
+ BIO_printf(bio_err, "Error, DSA key generation failed\n");
+ goto end;
+ }
+ } else if (informat == FORMAT_ASN1)
+ dsa = d2i_DSAparams_bio(in, NULL);
+ else if (informat == FORMAT_PEM)
+ dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
+ else {
+ BIO_printf(bio_err, "bad input format specified\n");
+ goto end;
+ }
+ if (dsa == NULL) {
+ BIO_printf(bio_err, "unable to load DSA parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (text) {
+ DSAparams_print(out, dsa);
+ }
+
+ if (C) {
+ unsigned char *data;
+ int l, len, bits_p;
+
+ len = BN_num_bytes(dsa->p);
+ bits_p = BN_num_bits(dsa->p);
+ data = (unsigned char *)OPENSSL_malloc(len + 20);
+ if (data == NULL) {
+ perror("OPENSSL_malloc");
+ goto end;
+ }
+ l = BN_bn2bin(dsa->p, data);
+ printf("static unsigned char dsa%d_p[]={", bits_p);
+ for (i = 0; i < l; i++) {
+ if ((i % 12) == 0)
+ printf("\n\t");
+ printf("0x%02X,", data[i]);
+ }
+ printf("\n\t};\n");
+
+ l = BN_bn2bin(dsa->q, data);
+ printf("static unsigned char dsa%d_q[]={", bits_p);
+ for (i = 0; i < l; i++) {
+ if ((i % 12) == 0)
+ printf("\n\t");
+ printf("0x%02X,", data[i]);
+ }
+ printf("\n\t};\n");
+
+ l = BN_bn2bin(dsa->g, data);
+ printf("static unsigned char dsa%d_g[]={", bits_p);
+ for (i = 0; i < l; i++) {
+ if ((i % 12) == 0)
+ printf("\n\t");
+ printf("0x%02X,", data[i]);
+ }
+ printf("\n\t};\n\n");
+
+ printf("DSA *get_dsa%d()\n\t{\n", bits_p);
+ printf("\tDSA *dsa;\n\n");
+ printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");
+ printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",
+ bits_p, bits_p);
+ printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",
+ bits_p, bits_p);
+ printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
+ bits_p, bits_p);
+ printf
+ ("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
+ printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
+ printf("\treturn(dsa);\n\t}\n");
+ }
+
+ if (!noout) {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_DSAparams_bio(out, dsa);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_DSAparams(out, dsa);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write DSA parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ if (genkey) {
+ DSA *dsakey;
+
+ assert(need_rand);
+ if ((dsakey = DSAparams_dup(dsa)) == NULL)
+ goto end;
+ if (!DSA_generate_key(dsakey))
+ goto end;
+ if (outformat == FORMAT_ASN1)
+ i = i2d_DSAPrivateKey_bio(out, dsakey);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
+ NULL);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ DSA_free(dsakey);
+ }
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+ ret = 0;
+ end:
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (dsa != NULL)
+ DSA_free(dsa);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ BIO_write(cb->arg, &c, 1);
+ (void)BIO_flush(cb->arg);
+# ifdef LINT
+ p = n;
+# endif
+# ifdef GENCB_TEST
+ if (stop_keygen_flag)
+ return 0;
+# endif
+ return 1;
+}
+#else /* !OPENSSL_NO_DSA */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/ec.c
===================================================================
--- vendor-crypto/openssl/dist/apps/ec.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/ec.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,400 +0,0 @@
-/* apps/ec.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_EC
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG ec_main
-
-/* -inform arg - input format - default PEM (one of DER, NET or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -des - encrypt output if PEM format with DES in cbc mode
- * -text - print a text version
- * -param_out - print the elliptic curve parameters
- * -conv_form arg - specifies the point encoding form
- * -param_enc arg - specifies the parameter encoding
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
- int ret = 1;
- EC_KEY *eckey = NULL;
- const EC_GROUP *group;
- int i, badops = 0;
- const EVP_CIPHER *enc = NULL;
- BIO *in = NULL, *out = NULL;
- int informat, outformat, text=0, noout=0;
- int pubin = 0, pubout = 0, param_out = 0;
- char *infile, *outfile, *prog, *engine;
- char *passargin = NULL, *passargout = NULL;
- char *passin = NULL, *passout = NULL;
- point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
- int new_form = 0;
- int asn1_flag = OPENSSL_EC_NAMED_CURVE;
- int new_asn1_flag = 0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- engine = NULL;
- infile = NULL;
- outfile = NULL;
- informat = FORMAT_PEM;
- outformat = FORMAT_PEM;
-
- prog = argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
- else if (strcmp(*argv, "-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
- else if (strcmp(*argv, "-noout") == 0)
- noout = 1;
- else if (strcmp(*argv, "-text") == 0)
- text = 1;
- else if (strcmp(*argv, "-conv_form") == 0)
- {
- if (--argc < 1)
- goto bad;
- ++argv;
- new_form = 1;
- if (strcmp(*argv, "compressed") == 0)
- form = POINT_CONVERSION_COMPRESSED;
- else if (strcmp(*argv, "uncompressed") == 0)
- form = POINT_CONVERSION_UNCOMPRESSED;
- else if (strcmp(*argv, "hybrid") == 0)
- form = POINT_CONVERSION_HYBRID;
- else
- goto bad;
- }
- else if (strcmp(*argv, "-param_enc") == 0)
- {
- if (--argc < 1)
- goto bad;
- ++argv;
- new_asn1_flag = 1;
- if (strcmp(*argv, "named_curve") == 0)
- asn1_flag = OPENSSL_EC_NAMED_CURVE;
- else if (strcmp(*argv, "explicit") == 0)
- asn1_flag = 0;
- else
- goto bad;
- }
- else if (strcmp(*argv, "-param_out") == 0)
- param_out = 1;
- else if (strcmp(*argv, "-pubin") == 0)
- pubin=1;
- else if (strcmp(*argv, "-pubout") == 0)
- pubout=1;
- else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
- {
- BIO_printf(bio_err, "unknown option %s\n", *argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
- BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, " -inform arg input format - "
- "DER or PEM\n");
- BIO_printf(bio_err, " -outform arg output format - "
- "DER or PEM\n");
- BIO_printf(bio_err, " -in arg input file\n");
- BIO_printf(bio_err, " -passin arg input file pass "
- "phrase source\n");
- BIO_printf(bio_err, " -out arg output file\n");
- BIO_printf(bio_err, " -passout arg output file pass "
- "phrase source\n");
- BIO_printf(bio_err, " -engine e use engine e, "
- "possibly a hardware device.\n");
- BIO_printf(bio_err, " -des encrypt PEM output, "
- "instead of 'des' every other \n"
- " cipher "
- "supported by OpenSSL can be used\n");
- BIO_printf(bio_err, " -text print the key\n");
- BIO_printf(bio_err, " -noout don't print key out\n");
- BIO_printf(bio_err, " -param_out print the elliptic "
- "curve parameters\n");
- BIO_printf(bio_err, " -conv_form arg specifies the "
- "point conversion form \n");
- BIO_printf(bio_err, " possible values:"
- " compressed\n");
- BIO_printf(bio_err, " "
- " uncompressed (default)\n");
- BIO_printf(bio_err, " "
- " hybrid\n");
- BIO_printf(bio_err, " -param_enc arg specifies the way"
- " the ec parameters are encoded\n");
- BIO_printf(bio_err, " in the asn1 der "
- "encoding\n");
- BIO_printf(bio_err, " possible values:"
- " named_curve (default)\n");
- BIO_printf(bio_err," "
- "explicit\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
-
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
- {
- BIO_printf(bio_err, "Error getting passwords\n");
- goto end;
- }
-
- in = BIO_new(BIO_s_file());
- out = BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in, stdin, BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in, infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
- BIO_printf(bio_err, "read EC key\n");
- if (informat == FORMAT_ASN1)
- {
- if (pubin)
- eckey = d2i_EC_PUBKEY_bio(in, NULL);
- else
- eckey = d2i_ECPrivateKey_bio(in, NULL);
- }
- else if (informat == FORMAT_PEM)
- {
- if (pubin)
- eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL,
- NULL);
- else
- eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
- passin);
- }
- else
- {
- BIO_printf(bio_err, "bad input format specified for key\n");
- goto end;
- }
- if (eckey == NULL)
- {
- BIO_printf(bio_err,"unable to load Key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out, stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out, outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- group = EC_KEY_get0_group(eckey);
-
- if (new_form)
- EC_KEY_set_conv_form(eckey, form);
-
- if (new_asn1_flag)
- EC_KEY_set_asn1_flag(eckey, asn1_flag);
-
- if (text)
- if (!EC_KEY_print(out, eckey, 0))
- {
- perror(outfile);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (noout)
- {
- ret = 0;
- goto end;
- }
-
- BIO_printf(bio_err, "writing EC key\n");
- if (outformat == FORMAT_ASN1)
- {
- if (param_out)
- i = i2d_ECPKParameters_bio(out, group);
- else if (pubin || pubout)
- i = i2d_EC_PUBKEY_bio(out, eckey);
- else
- i = i2d_ECPrivateKey_bio(out, eckey);
- }
- else if (outformat == FORMAT_PEM)
- {
- if (param_out)
- i = PEM_write_bio_ECPKParameters(out, group);
- else if (pubin || pubout)
- i = PEM_write_bio_EC_PUBKEY(out, eckey);
- else
- i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
- NULL, 0, NULL, passout);
- }
- else
- {
- BIO_printf(bio_err, "bad output format specified for "
- "outfile\n");
- goto end;
- }
-
- if (!i)
- {
- BIO_printf(bio_err, "unable to write private key\n");
- ERR_print_errors(bio_err);
- }
- else
- ret=0;
-end:
- if (in)
- BIO_free(in);
- if (out)
- BIO_free_all(out);
- if (eckey)
- EC_KEY_free(eckey);
- if (passin)
- OPENSSL_free(passin);
- if (passout)
- OPENSSL_free(passout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
-}
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/ec.c (from rev 6976, vendor-crypto/openssl/dist/apps/ec.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/ec.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/ec.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,359 @@
+/* apps/ec.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_EC
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/pem.h>
+
+# undef PROG
+# define PROG ec_main
+
+/*-
+ * -inform arg - input format - default PEM (one of DER, NET or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -des - encrypt output if PEM format with DES in cbc mode
+ * -text - print a text version
+ * -param_out - print the elliptic curve parameters
+ * -conv_form arg - specifies the point encoding form
+ * -param_enc arg - specifies the parameter encoding
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int ret = 1;
+ EC_KEY *eckey = NULL;
+ const EC_GROUP *group;
+ int i, badops = 0;
+ const EVP_CIPHER *enc = NULL;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat, text = 0, noout = 0;
+ int pubin = 0, pubout = 0, param_out = 0;
+ char *infile, *outfile, *prog, *engine;
+ char *passargin = NULL, *passargout = NULL;
+ char *passin = NULL, *passout = NULL;
+ point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+ int new_form = 0;
+ int asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ int new_asn1_flag = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ engine = NULL;
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-passout") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargout = *(++argv);
+ } else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ } else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-conv_form") == 0) {
+ if (--argc < 1)
+ goto bad;
+ ++argv;
+ new_form = 1;
+ if (strcmp(*argv, "compressed") == 0)
+ form = POINT_CONVERSION_COMPRESSED;
+ else if (strcmp(*argv, "uncompressed") == 0)
+ form = POINT_CONVERSION_UNCOMPRESSED;
+ else if (strcmp(*argv, "hybrid") == 0)
+ form = POINT_CONVERSION_HYBRID;
+ else
+ goto bad;
+ } else if (strcmp(*argv, "-param_enc") == 0) {
+ if (--argc < 1)
+ goto bad;
+ ++argv;
+ new_asn1_flag = 1;
+ if (strcmp(*argv, "named_curve") == 0)
+ asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ else if (strcmp(*argv, "explicit") == 0)
+ asn1_flag = 0;
+ else
+ goto bad;
+ } else if (strcmp(*argv, "-param_out") == 0)
+ param_out = 1;
+ else if (strcmp(*argv, "-pubin") == 0)
+ pubin = 1;
+ else if (strcmp(*argv, "-pubout") == 0)
+ pubout = 1;
+ else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - "
+ "DER or PEM\n");
+ BIO_printf(bio_err, " -outform arg output format - "
+ "DER or PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -passin arg input file pass "
+ "phrase source\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err, " -passout arg output file pass "
+ "phrase source\n");
+ BIO_printf(bio_err, " -engine e use engine e, "
+ "possibly a hardware device.\n");
+ BIO_printf(bio_err, " -des encrypt PEM output, "
+ "instead of 'des' every other \n"
+ " cipher "
+ "supported by OpenSSL can be used\n");
+ BIO_printf(bio_err, " -text print the key\n");
+ BIO_printf(bio_err, " -noout don't print key out\n");
+ BIO_printf(bio_err, " -param_out print the elliptic "
+ "curve parameters\n");
+ BIO_printf(bio_err, " -conv_form arg specifies the "
+ "point conversion form \n");
+ BIO_printf(bio_err, " possible values:"
+ " compressed\n");
+ BIO_printf(bio_err, " "
+ " uncompressed (default)\n");
+ BIO_printf(bio_err, " " " hybrid\n");
+ BIO_printf(bio_err, " -param_enc arg specifies the way"
+ " the ec parameters are encoded\n");
+ BIO_printf(bio_err, " in the asn1 der " "encoding\n");
+ BIO_printf(bio_err, " possible values:"
+ " named_curve (default)\n");
+ BIO_printf(bio_err, " "
+ "explicit\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+# ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+# endif
+
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ BIO_printf(bio_err, "read EC key\n");
+ if (informat == FORMAT_ASN1) {
+ if (pubin)
+ eckey = d2i_EC_PUBKEY_bio(in, NULL);
+ else
+ eckey = d2i_ECPrivateKey_bio(in, NULL);
+ } else if (informat == FORMAT_PEM) {
+ if (pubin)
+ eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
+ else
+ eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
+ } else {
+ BIO_printf(bio_err, "bad input format specified for key\n");
+ goto end;
+ }
+ if (eckey == NULL) {
+ BIO_printf(bio_err, "unable to load Key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ group = EC_KEY_get0_group(eckey);
+
+ if (new_form)
+ EC_KEY_set_conv_form(eckey, form);
+
+ if (new_asn1_flag)
+ EC_KEY_set_asn1_flag(eckey, asn1_flag);
+
+ if (text)
+ if (!EC_KEY_print(out, eckey, 0)) {
+ perror(outfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (noout) {
+ ret = 0;
+ goto end;
+ }
+
+ BIO_printf(bio_err, "writing EC key\n");
+ if (outformat == FORMAT_ASN1) {
+ if (param_out)
+ i = i2d_ECPKParameters_bio(out, group);
+ else if (pubin || pubout)
+ i = i2d_EC_PUBKEY_bio(out, eckey);
+ else
+ i = i2d_ECPrivateKey_bio(out, eckey);
+ } else if (outformat == FORMAT_PEM) {
+ if (param_out)
+ i = PEM_write_bio_ECPKParameters(out, group);
+ else if (pubin || pubout)
+ i = PEM_write_bio_EC_PUBKEY(out, eckey);
+ else
+ i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
+ NULL, 0, NULL, passout);
+ } else {
+ BIO_printf(bio_err, "bad output format specified for " "outfile\n");
+ goto end;
+ }
+
+ if (!i) {
+ BIO_printf(bio_err, "unable to write private key\n");
+ ERR_print_errors(bio_err);
+ } else
+ ret = 0;
+ end:
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free_all(out);
+ if (eckey)
+ EC_KEY_free(eckey);
+ if (passin)
+ OPENSSL_free(passin);
+ if (passout)
+ OPENSSL_free(passout);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/ecparam.c
===================================================================
--- vendor-crypto/openssl/dist/apps/ecparam.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/ecparam.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,725 +0,0 @@
-/* apps/ecparam.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_EC
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG ecparam_main
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -noout - do not print the ec parameter
- * -text - print the ec parameters in text form
- * -check - validate the ec parameters
- * -C - print a 'C' function creating the parameters
- * -name arg - use the ec parameters with 'short name' name
- * -list_curves - prints a list of all currently available curve 'short names'
- * -conv_form arg - specifies the point conversion form
- * - possible values: compressed
- * uncompressed (default)
- * hybrid
- * -param_enc arg - specifies the way the ec parameters are encoded
- * in the asn1 der encoding
- * possible values: named_curve (default)
- * explicit
- * -no_seed - if 'explicit' parameters are choosen do not use the seed
- * -genkey - generate ec key
- * -rand file - files to use for random number input
- * -engine e - use engine e, possibly a hardware device
- */
-
-
-static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- EC_GROUP *group = NULL;
- point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
- int new_form = 0;
- int asn1_flag = OPENSSL_EC_NAMED_CURVE;
- int new_asn1_flag = 0;
- char *curve_name = NULL, *inrand = NULL;
- int list_curves = 0, no_seed = 0, check = 0,
- badops = 0, text = 0, i, need_rand = 0, genkey = 0;
- char *infile = NULL, *outfile = NULL, *prog;
- BIO *in = NULL, *out = NULL;
- int informat, outformat, noout = 0, C = 0, ret = 1;
- char *engine = NULL;
-
- BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
- *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
- unsigned char *buffer = NULL;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-text") == 0)
- text = 1;
- else if (strcmp(*argv,"-C") == 0)
- C = 1;
- else if (strcmp(*argv,"-check") == 0)
- check = 1;
- else if (strcmp (*argv, "-name") == 0)
- {
- if (--argc < 1)
- goto bad;
- curve_name = *(++argv);
- }
- else if (strcmp(*argv, "-list_curves") == 0)
- list_curves = 1;
- else if (strcmp(*argv, "-conv_form") == 0)
- {
- if (--argc < 1)
- goto bad;
- ++argv;
- new_form = 1;
- if (strcmp(*argv, "compressed") == 0)
- form = POINT_CONVERSION_COMPRESSED;
- else if (strcmp(*argv, "uncompressed") == 0)
- form = POINT_CONVERSION_UNCOMPRESSED;
- else if (strcmp(*argv, "hybrid") == 0)
- form = POINT_CONVERSION_HYBRID;
- else
- goto bad;
- }
- else if (strcmp(*argv, "-param_enc") == 0)
- {
- if (--argc < 1)
- goto bad;
- ++argv;
- new_asn1_flag = 1;
- if (strcmp(*argv, "named_curve") == 0)
- asn1_flag = OPENSSL_EC_NAMED_CURVE;
- else if (strcmp(*argv, "explicit") == 0)
- asn1_flag = 0;
- else
- goto bad;
- }
- else if (strcmp(*argv, "-no_seed") == 0)
- no_seed = 1;
- else if (strcmp(*argv, "-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-genkey") == 0)
- {
- genkey=1;
- need_rand=1;
- }
- else if (strcmp(*argv, "-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- need_rand=1;
- }
- else if(strcmp(*argv, "-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine = *(++argv);
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, " -inform arg input format - "
- "default PEM (DER or PEM)\n");
- BIO_printf(bio_err, " -outform arg output format - "
- "default PEM\n");
- BIO_printf(bio_err, " -in arg input file - "
- "default stdin\n");
- BIO_printf(bio_err, " -out arg output file - "
- "default stdout\n");
- BIO_printf(bio_err, " -noout do not print the "
- "ec parameter\n");
- BIO_printf(bio_err, " -text print the ec "
- "parameters in text form\n");
- BIO_printf(bio_err, " -check validate the ec "
- "parameters\n");
- BIO_printf(bio_err, " -C print a 'C' "
- "function creating the parameters\n");
- BIO_printf(bio_err, " -name arg use the "
- "ec parameters with 'short name' name\n");
- BIO_printf(bio_err, " -list_curves prints a list of "
- "all currently available curve 'short names'\n");
- BIO_printf(bio_err, " -conv_form arg specifies the "
- "point conversion form \n");
- BIO_printf(bio_err, " possible values:"
- " compressed\n");
- BIO_printf(bio_err, " "
- " uncompressed (default)\n");
- BIO_printf(bio_err, " "
- " hybrid\n");
- BIO_printf(bio_err, " -param_enc arg specifies the way"
- " the ec parameters are encoded\n");
- BIO_printf(bio_err, " in the asn1 der "
- "encoding\n");
- BIO_printf(bio_err, " possible values:"
- " named_curve (default)\n");
- BIO_printf(bio_err, " "
- " explicit\n");
- BIO_printf(bio_err, " -no_seed if 'explicit'"
- " parameters are choosen do not"
- " use the seed\n");
- BIO_printf(bio_err, " -genkey generate ec"
- " key\n");
- BIO_printf(bio_err, " -rand file files to use for"
- " random number input\n");
- BIO_printf(bio_err, " -engine e use engine e, "
- "possibly a hardware device\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
-
- if (list_curves)
- {
- EC_builtin_curve *curves = NULL;
- size_t crv_len = 0;
- size_t n = 0;
-
- crv_len = EC_get_builtin_curves(NULL, 0);
-
- curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));
-
- if (curves == NULL)
- goto end;
-
- if (!EC_get_builtin_curves(curves, crv_len))
- {
- OPENSSL_free(curves);
- goto end;
- }
-
-
- for (n = 0; n < crv_len; n++)
- {
- const char *comment;
- const char *sname;
- comment = curves[n].comment;
- sname = OBJ_nid2sn(curves[n].nid);
- if (comment == NULL)
- comment = "CURVE DESCRIPTION NOT AVAILABLE";
- if (sname == NULL)
- sname = "";
-
- BIO_printf(out, " %-10s: ", sname);
- BIO_printf(out, "%s\n", comment);
- }
-
- OPENSSL_free(curves);
- ret = 0;
- goto end;
- }
-
- if (curve_name != NULL)
- {
- int nid;
-
- /* workaround for the SECG curve names secp192r1
- * and secp256r1 (which are the same as the curves
- * prime192v1 and prime256v1 defined in X9.62)
- */
- if (!strcmp(curve_name, "secp192r1"))
- {
- BIO_printf(bio_err, "using curve name prime192v1 "
- "instead of secp192r1\n");
- nid = NID_X9_62_prime192v1;
- }
- else if (!strcmp(curve_name, "secp256r1"))
- {
- BIO_printf(bio_err, "using curve name prime256v1 "
- "instead of secp256r1\n");
- nid = NID_X9_62_prime256v1;
- }
- else
- nid = OBJ_sn2nid(curve_name);
-
- if (nid == 0)
- {
- BIO_printf(bio_err, "unknown curve name (%s)\n",
- curve_name);
- goto end;
- }
-
- group = EC_GROUP_new_by_curve_name(nid);
- if (group == NULL)
- {
- BIO_printf(bio_err, "unable to create curve (%s)\n",
- curve_name);
- goto end;
- }
- EC_GROUP_set_asn1_flag(group, asn1_flag);
- EC_GROUP_set_point_conversion_form(group, form);
- }
- else if (informat == FORMAT_ASN1)
- {
- group = d2i_ECPKParameters_bio(in, NULL);
- }
- else if (informat == FORMAT_PEM)
- {
- group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
- }
- else
- {
- BIO_printf(bio_err, "bad input format specified\n");
- goto end;
- }
-
- if (group == NULL)
- {
- BIO_printf(bio_err,
- "unable to load elliptic curve parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (new_form)
- EC_GROUP_set_point_conversion_form(group, form);
-
- if (new_asn1_flag)
- EC_GROUP_set_asn1_flag(group, asn1_flag);
-
- if (no_seed)
- {
- EC_GROUP_set_seed(group, NULL, 0);
- }
-
- if (text)
- {
- if (!ECPKParameters_print(out, group, 0))
- goto end;
- }
-
- if (check)
- {
- if (group == NULL)
- BIO_printf(bio_err, "no elliptic curve parameters\n");
- BIO_printf(bio_err, "checking elliptic curve parameters: ");
- if (!EC_GROUP_check(group, NULL))
- {
- BIO_printf(bio_err, "failed\n");
- ERR_print_errors(bio_err);
- }
- else
- BIO_printf(bio_err, "ok\n");
-
- }
-
- if (C)
- {
- size_t buf_len = 0, tmp_len = 0;
- const EC_POINT *point;
- int is_prime, len = 0;
- const EC_METHOD *meth = EC_GROUP_method_of(group);
-
- if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
- (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
- (ec_order = BN_new()) == NULL ||
- (ec_cofactor = BN_new()) == NULL )
- {
- perror("OPENSSL_malloc");
- goto end;
- }
-
- is_prime = (EC_METHOD_get_field_type(meth) ==
- NID_X9_62_prime_field);
-
- if (is_prime)
- {
- if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
- ec_b, NULL))
- goto end;
- }
- else
- {
- /* TODO */
- goto end;
- }
-
- if ((point = EC_GROUP_get0_generator(group)) == NULL)
- goto end;
- if (!EC_POINT_point2bn(group, point,
- EC_GROUP_get_point_conversion_form(group), ec_gen,
- NULL))
- goto end;
- if (!EC_GROUP_get_order(group, ec_order, NULL))
- goto end;
- if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
- goto end;
-
- if (!ec_p || !ec_a || !ec_b || !ec_gen ||
- !ec_order || !ec_cofactor)
- goto end;
-
- len = BN_num_bits(ec_order);
-
- if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
- buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
- buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
- buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
- buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
- buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
- buf_len = tmp_len;
-
- buffer = (unsigned char *)OPENSSL_malloc(buf_len);
-
- if (buffer == NULL)
- {
- perror("OPENSSL_malloc");
- goto end;
- }
-
- ecparam_print_var(out, ec_p, "ec_p", len, buffer);
- ecparam_print_var(out, ec_a, "ec_a", len, buffer);
- ecparam_print_var(out, ec_b, "ec_b", len, buffer);
- ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
- ecparam_print_var(out, ec_order, "ec_order", len, buffer);
- ecparam_print_var(out, ec_cofactor, "ec_cofactor", len,
- buffer);
-
- BIO_printf(out, "\n\n");
-
- BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
- BIO_printf(out, "\tint ok=0;\n");
- BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
- BIO_printf(out, "\tEC_POINT *point = NULL;\n");
- BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, "
- "*tmp_3 = NULL;\n\n");
- BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
- "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
- "goto err;\n", len, len);
- BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
- "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
- "goto err;\n", len, len);
- BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
- "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
- "goto err;\n", len, len);
- if (is_prime)
- {
- BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
- "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
- "\n\t\tgoto err;\n\n");
- }
- else
- {
- /* TODO */
- goto end;
- }
- BIO_printf(out, "\t/* build generator */\n");
- BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
- "sizeof(ec_gen_%d), tmp_1)) == NULL)"
- "\n\t\tgoto err;\n", len, len);
- BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
- "NULL, NULL);\n");
- BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
- BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
- "sizeof(ec_order_%d), tmp_2)) == NULL)"
- "\n\t\tgoto err;\n", len, len);
- BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
- "sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
- "\n\t\tgoto err;\n", len, len);
- BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
- " tmp_2, tmp_3))\n\t\tgoto err;\n");
- BIO_printf(out, "\n\tok=1;\n");
- BIO_printf(out, "err:\n");
- BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
- BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
- BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
- BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
- BIO_printf(out, "\tif (!ok)\n");
- BIO_printf(out, "\t\t{\n");
- BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
- BIO_printf(out, "\t\tgroup = NULL;\n");
- BIO_printf(out, "\t\t}\n");
- BIO_printf(out, "\treturn(group);\n\t}\n");
- }
-
- if (!noout)
- {
- if (outformat == FORMAT_ASN1)
- i = i2d_ECPKParameters_bio(out, group);
- else if (outformat == FORMAT_PEM)
- i = PEM_write_bio_ECPKParameters(out, group);
- else
- {
- BIO_printf(bio_err,"bad output format specified for"
- " outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err, "unable to write elliptic "
- "curve parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (need_rand)
- {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
- if (genkey)
- {
- EC_KEY *eckey = EC_KEY_new();
-
- if (eckey == NULL)
- goto end;
-
- assert(need_rand);
-
- if (EC_KEY_set_group(eckey, group) == 0)
- goto end;
-
- if (!EC_KEY_generate_key(eckey))
- {
- EC_KEY_free(eckey);
- goto end;
- }
- if (outformat == FORMAT_ASN1)
- i = i2d_ECPrivateKey_bio(out, eckey);
- else if (outformat == FORMAT_PEM)
- i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
- NULL, 0, NULL, NULL);
- else
- {
- BIO_printf(bio_err, "bad output format specified "
- "for outfile\n");
- EC_KEY_free(eckey);
- goto end;
- }
- EC_KEY_free(eckey);
- }
-
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
-
- ret=0;
-end:
- if (ec_p)
- BN_free(ec_p);
- if (ec_a)
- BN_free(ec_a);
- if (ec_b)
- BN_free(ec_b);
- if (ec_gen)
- BN_free(ec_gen);
- if (ec_order)
- BN_free(ec_order);
- if (ec_cofactor)
- BN_free(ec_cofactor);
- if (buffer)
- OPENSSL_free(buffer);
- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free_all(out);
- if (group != NULL)
- EC_GROUP_free(group);
- apps_shutdown();
- OPENSSL_EXIT(ret);
-}
-
-static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
- int len, unsigned char *buffer)
- {
- BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
- if (BN_is_zero(in))
- BIO_printf(out, "\n\t0x00");
- else
- {
- int i, l;
-
- l = BN_bn2bin(in, buffer);
- for (i=0; i<l-1; i++)
- {
- if ((i%12) == 0)
- BIO_printf(out, "\n\t");
- BIO_printf(out, "0x%02X,", buffer[i]);
- }
- if ((i%12) == 0)
- BIO_printf(out, "\n\t");
- BIO_printf(out, "0x%02X", buffer[i]);
- }
- BIO_printf(out, "\n\t};\n\n");
- return 1;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/ecparam.c (from rev 6976, vendor-crypto/openssl/dist/apps/ecparam.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/ecparam.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/ecparam.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,653 @@
+/* apps/ecparam.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_EC
+# include <assert.h>
+# include <stdio.h>
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/ec.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+# undef PROG
+# define PROG ecparam_main
+
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -noout - do not print the ec parameter
+ * -text - print the ec parameters in text form
+ * -check - validate the ec parameters
+ * -C - print a 'C' function creating the parameters
+ * -name arg - use the ec parameters with 'short name' name
+ * -list_curves - prints a list of all currently available curve 'short names'
+ * -conv_form arg - specifies the point conversion form
+ * - possible values: compressed
+ * uncompressed (default)
+ * hybrid
+ * -param_enc arg - specifies the way the ec parameters are encoded
+ * in the asn1 der encoding
+ * possible values: named_curve (default)
+ * explicit
+ * -no_seed - if 'explicit' parameters are choosen do not use the seed
+ * -genkey - generate ec key
+ * -rand file - files to use for random number input
+ * -engine e - use engine e, possibly a hardware device
+ */
+
+static int ecparam_print_var(BIO *, BIGNUM *, const char *, int,
+ unsigned char *);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ EC_GROUP *group = NULL;
+ point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+ int new_form = 0;
+ int asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ int new_asn1_flag = 0;
+ char *curve_name = NULL, *inrand = NULL;
+ int list_curves = 0, no_seed = 0, check = 0,
+ badops = 0, text = 0, i, need_rand = 0, genkey = 0;
+ char *infile = NULL, *outfile = NULL, *prog;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat, noout = 0, C = 0, ret = 1;
+ char *engine = NULL;
+
+ BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
+ *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
+ unsigned char *buffer = NULL;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-C") == 0)
+ C = 1;
+ else if (strcmp(*argv, "-check") == 0)
+ check = 1;
+ else if (strcmp(*argv, "-name") == 0) {
+ if (--argc < 1)
+ goto bad;
+ curve_name = *(++argv);
+ } else if (strcmp(*argv, "-list_curves") == 0)
+ list_curves = 1;
+ else if (strcmp(*argv, "-conv_form") == 0) {
+ if (--argc < 1)
+ goto bad;
+ ++argv;
+ new_form = 1;
+ if (strcmp(*argv, "compressed") == 0)
+ form = POINT_CONVERSION_COMPRESSED;
+ else if (strcmp(*argv, "uncompressed") == 0)
+ form = POINT_CONVERSION_UNCOMPRESSED;
+ else if (strcmp(*argv, "hybrid") == 0)
+ form = POINT_CONVERSION_HYBRID;
+ else
+ goto bad;
+ } else if (strcmp(*argv, "-param_enc") == 0) {
+ if (--argc < 1)
+ goto bad;
+ ++argv;
+ new_asn1_flag = 1;
+ if (strcmp(*argv, "named_curve") == 0)
+ asn1_flag = OPENSSL_EC_NAMED_CURVE;
+ else if (strcmp(*argv, "explicit") == 0)
+ asn1_flag = 0;
+ else
+ goto bad;
+ } else if (strcmp(*argv, "-no_seed") == 0)
+ no_seed = 1;
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-genkey") == 0) {
+ genkey = 1;
+ need_rand = 1;
+ } else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ need_rand = 1;
+ } else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - "
+ "default PEM (DER or PEM)\n");
+ BIO_printf(bio_err, " -outform arg output format - "
+ "default PEM\n");
+ BIO_printf(bio_err, " -in arg input file - "
+ "default stdin\n");
+ BIO_printf(bio_err, " -out arg output file - "
+ "default stdout\n");
+ BIO_printf(bio_err, " -noout do not print the "
+ "ec parameter\n");
+ BIO_printf(bio_err, " -text print the ec "
+ "parameters in text form\n");
+ BIO_printf(bio_err, " -check validate the ec "
+ "parameters\n");
+ BIO_printf(bio_err, " -C print a 'C' "
+ "function creating the parameters\n");
+ BIO_printf(bio_err, " -name arg use the "
+ "ec parameters with 'short name' name\n");
+ BIO_printf(bio_err, " -list_curves prints a list of "
+ "all currently available curve 'short names'\n");
+ BIO_printf(bio_err, " -conv_form arg specifies the "
+ "point conversion form \n");
+ BIO_printf(bio_err, " possible values:"
+ " compressed\n");
+ BIO_printf(bio_err, " "
+ " uncompressed (default)\n");
+ BIO_printf(bio_err, " "
+ " hybrid\n");
+ BIO_printf(bio_err, " -param_enc arg specifies the way"
+ " the ec parameters are encoded\n");
+ BIO_printf(bio_err, " in the asn1 der "
+ "encoding\n");
+ BIO_printf(bio_err, " possible values:"
+ " named_curve (default)\n");
+ BIO_printf(bio_err, " "
+ " explicit\n");
+ BIO_printf(bio_err, " -no_seed if 'explicit'"
+ " parameters are choosen do not" " use the seed\n");
+ BIO_printf(bio_err, " -genkey generate ec" " key\n");
+ BIO_printf(bio_err, " -rand file files to use for"
+ " random number input\n");
+ BIO_printf(bio_err, " -engine e use engine e, "
+ "possibly a hardware device\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+# ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+# endif
+
+ if (list_curves) {
+ EC_builtin_curve *curves = NULL;
+ size_t crv_len = 0;
+ size_t n = 0;
+
+ crv_len = EC_get_builtin_curves(NULL, 0);
+
+ curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));
+
+ if (curves == NULL)
+ goto end;
+
+ if (!EC_get_builtin_curves(curves, crv_len)) {
+ OPENSSL_free(curves);
+ goto end;
+ }
+
+ for (n = 0; n < crv_len; n++) {
+ const char *comment;
+ const char *sname;
+ comment = curves[n].comment;
+ sname = OBJ_nid2sn(curves[n].nid);
+ if (comment == NULL)
+ comment = "CURVE DESCRIPTION NOT AVAILABLE";
+ if (sname == NULL)
+ sname = "";
+
+ BIO_printf(out, " %-10s: ", sname);
+ BIO_printf(out, "%s\n", comment);
+ }
+
+ OPENSSL_free(curves);
+ ret = 0;
+ goto end;
+ }
+
+ if (curve_name != NULL) {
+ int nid;
+
+ /*
+ * workaround for the SECG curve names secp192r1 and secp256r1 (which
+ * are the same as the curves prime192v1 and prime256v1 defined in
+ * X9.62)
+ */
+ if (!strcmp(curve_name, "secp192r1")) {
+ BIO_printf(bio_err, "using curve name prime192v1 "
+ "instead of secp192r1\n");
+ nid = NID_X9_62_prime192v1;
+ } else if (!strcmp(curve_name, "secp256r1")) {
+ BIO_printf(bio_err, "using curve name prime256v1 "
+ "instead of secp256r1\n");
+ nid = NID_X9_62_prime256v1;
+ } else
+ nid = OBJ_sn2nid(curve_name);
+
+ if (nid == 0) {
+ BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
+ goto end;
+ }
+
+ group = EC_GROUP_new_by_curve_name(nid);
+ if (group == NULL) {
+ BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
+ goto end;
+ }
+ EC_GROUP_set_asn1_flag(group, asn1_flag);
+ EC_GROUP_set_point_conversion_form(group, form);
+ } else if (informat == FORMAT_ASN1) {
+ group = d2i_ECPKParameters_bio(in, NULL);
+ } else if (informat == FORMAT_PEM) {
+ group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
+ } else {
+ BIO_printf(bio_err, "bad input format specified\n");
+ goto end;
+ }
+
+ if (group == NULL) {
+ BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (new_form)
+ EC_GROUP_set_point_conversion_form(group, form);
+
+ if (new_asn1_flag)
+ EC_GROUP_set_asn1_flag(group, asn1_flag);
+
+ if (no_seed) {
+ EC_GROUP_set_seed(group, NULL, 0);
+ }
+
+ if (text) {
+ if (!ECPKParameters_print(out, group, 0))
+ goto end;
+ }
+
+ if (check) {
+ if (group == NULL)
+ BIO_printf(bio_err, "no elliptic curve parameters\n");
+ BIO_printf(bio_err, "checking elliptic curve parameters: ");
+ if (!EC_GROUP_check(group, NULL)) {
+ BIO_printf(bio_err, "failed\n");
+ ERR_print_errors(bio_err);
+ } else
+ BIO_printf(bio_err, "ok\n");
+
+ }
+
+ if (C) {
+ size_t buf_len = 0, tmp_len = 0;
+ const EC_POINT *point;
+ int is_prime, len = 0;
+ const EC_METHOD *meth = EC_GROUP_method_of(group);
+
+ if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
+ (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
+ (ec_order = BN_new()) == NULL ||
+ (ec_cofactor = BN_new()) == NULL) {
+ perror("OPENSSL_malloc");
+ goto end;
+ }
+
+ is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
+
+ if (is_prime) {
+ if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL))
+ goto end;
+ } else {
+ /* TODO */
+ goto end;
+ }
+
+ if ((point = EC_GROUP_get0_generator(group)) == NULL)
+ goto end;
+ if (!EC_POINT_point2bn(group, point,
+ EC_GROUP_get_point_conversion_form(group),
+ ec_gen, NULL))
+ goto end;
+ if (!EC_GROUP_get_order(group, ec_order, NULL))
+ goto end;
+ if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
+ goto end;
+
+ if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor)
+ goto end;
+
+ len = BN_num_bits(ec_order);
+
+ if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
+ buf_len = tmp_len;
+ if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
+ buf_len = tmp_len;
+ if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
+ buf_len = tmp_len;
+ if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
+ buf_len = tmp_len;
+ if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
+ buf_len = tmp_len;
+ if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
+ buf_len = tmp_len;
+
+ buffer = (unsigned char *)OPENSSL_malloc(buf_len);
+
+ if (buffer == NULL) {
+ perror("OPENSSL_malloc");
+ goto end;
+ }
+
+ ecparam_print_var(out, ec_p, "ec_p", len, buffer);
+ ecparam_print_var(out, ec_a, "ec_a", len, buffer);
+ ecparam_print_var(out, ec_b, "ec_b", len, buffer);
+ ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
+ ecparam_print_var(out, ec_order, "ec_order", len, buffer);
+ ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, buffer);
+
+ BIO_printf(out, "\n\n");
+
+ BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
+ BIO_printf(out, "\tint ok=0;\n");
+ BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
+ BIO_printf(out, "\tEC_POINT *point = NULL;\n");
+ BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, "
+ "*tmp_3 = NULL;\n\n");
+ BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
+ "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
+ "goto err;\n", len, len);
+ BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
+ "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
+ "goto err;\n", len, len);
+ BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
+ "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
+ "goto err;\n", len, len);
+ if (is_prime) {
+ BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
+ "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
+ "\n\t\tgoto err;\n\n");
+ } else {
+ /* TODO */
+ goto end;
+ }
+ BIO_printf(out, "\t/* build generator */\n");
+ BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
+ "sizeof(ec_gen_%d), tmp_1)) == NULL)"
+ "\n\t\tgoto err;\n", len, len);
+ BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
+ "NULL, NULL);\n");
+ BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
+ BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
+ "sizeof(ec_order_%d), tmp_2)) == NULL)"
+ "\n\t\tgoto err;\n", len, len);
+ BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
+ "sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
+ "\n\t\tgoto err;\n", len, len);
+ BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
+ " tmp_2, tmp_3))\n\t\tgoto err;\n");
+ BIO_printf(out, "\n\tok=1;\n");
+ BIO_printf(out, "err:\n");
+ BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
+ BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
+ BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
+ BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
+ BIO_printf(out, "\tif (!ok)\n");
+ BIO_printf(out, "\t\t{\n");
+ BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
+ BIO_printf(out, "\t\tgroup = NULL;\n");
+ BIO_printf(out, "\t\t}\n");
+ BIO_printf(out, "\treturn(group);\n\t}\n");
+ }
+
+ if (!noout) {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_ECPKParameters_bio(out, group);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_ECPKParameters(out, group);
+ else {
+ BIO_printf(bio_err, "bad output format specified for"
+ " outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write elliptic "
+ "curve parameters\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (need_rand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ if (genkey) {
+ EC_KEY *eckey = EC_KEY_new();
+
+ if (eckey == NULL)
+ goto end;
+
+ assert(need_rand);
+
+ if (EC_KEY_set_group(eckey, group) == 0)
+ goto end;
+
+ if (!EC_KEY_generate_key(eckey)) {
+ EC_KEY_free(eckey);
+ goto end;
+ }
+ if (outformat == FORMAT_ASN1)
+ i = i2d_ECPrivateKey_bio(out, eckey);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
+ NULL, 0, NULL, NULL);
+ else {
+ BIO_printf(bio_err, "bad output format specified "
+ "for outfile\n");
+ EC_KEY_free(eckey);
+ goto end;
+ }
+ EC_KEY_free(eckey);
+ }
+
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+
+ ret = 0;
+ end:
+ if (ec_p)
+ BN_free(ec_p);
+ if (ec_a)
+ BN_free(ec_a);
+ if (ec_b)
+ BN_free(ec_b);
+ if (ec_gen)
+ BN_free(ec_gen);
+ if (ec_order)
+ BN_free(ec_order);
+ if (ec_cofactor)
+ BN_free(ec_cofactor);
+ if (buffer)
+ OPENSSL_free(buffer);
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (group != NULL)
+ EC_GROUP_free(group);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
+ int len, unsigned char *buffer)
+{
+ BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
+ if (BN_is_zero(in))
+ BIO_printf(out, "\n\t0x00");
+ else {
+ int i, l;
+
+ l = BN_bn2bin(in, buffer);
+ for (i = 0; i < l - 1; i++) {
+ if ((i % 12) == 0)
+ BIO_printf(out, "\n\t");
+ BIO_printf(out, "0x%02X,", buffer[i]);
+ }
+ if ((i % 12) == 0)
+ BIO_printf(out, "\n\t");
+ BIO_printf(out, "0x%02X", buffer[i]);
+ }
+ BIO_printf(out, "\n\t};\n\n");
+ return 1;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/enc.c
===================================================================
--- vendor-crypto/openssl/dist/apps/enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,695 +0,0 @@
-/* apps/enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-#include <openssl/pem.h>
-#include <ctype.h>
-
-int set_hex(char *in,unsigned char *out,int size);
-#undef SIZE
-#undef BSIZE
-#undef PROG
-
-#define SIZE (512)
-#define BSIZE (8*1024)
-#define PROG enc_main
-
-static void show_ciphers(const OBJ_NAME *name,void *bio_)
- {
- BIO *bio=bio_;
- static int n;
-
- if(!islower((unsigned char)*name->name))
- return;
-
- BIO_printf(bio,"-%-25s",name->name);
- if(++n == 3)
- {
- BIO_printf(bio,"\n");
- n=0;
- }
- else
- BIO_printf(bio," ");
- }
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- static const char magic[]="Salted__";
- char mbuf[sizeof magic-1];
- char *strbuf=NULL;
- unsigned char *buff=NULL,*bufsize=NULL;
- int bsize=BSIZE,verbose=0;
- int ret=1,inl;
- int nopad = 0;
- unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
- unsigned char salt[PKCS5_SALT_LEN];
- char *str=NULL, *passarg = NULL, *pass = NULL;
- char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
- char *md=NULL;
- int enc=1,printkey=0,i,base64=0;
- int debug=0,olb64=0,nosalt=0;
- const EVP_CIPHER *cipher=NULL,*c;
- EVP_CIPHER_CTX *ctx = NULL;
- char *inf=NULL,*outf=NULL;
- BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
-#define PROG_NAME_SIZE 39
- char pname[PROG_NAME_SIZE+1];
-#ifndef OPENSSL_NO_ENGINE
- char *engine = NULL;
-#endif
- const EVP_MD *dgst=NULL;
- int non_fips_allow = 0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- /* first check the program name */
- program_name(argv[0],pname,sizeof pname);
- if (strcmp(pname,"base64") == 0)
- base64=1;
-
- cipher=EVP_get_cipherbyname(pname);
- if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
- {
- BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
- goto bad;
- }
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-e") == 0)
- enc=1;
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- inf= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outf= *(++argv);
- }
- else if (strcmp(*argv,"-pass") == 0)
- {
- if (--argc < 1) goto bad;
- passarg= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-d") == 0)
- enc=0;
- else if (strcmp(*argv,"-p") == 0)
- printkey=1;
- else if (strcmp(*argv,"-v") == 0)
- verbose=1;
- else if (strcmp(*argv,"-nopad") == 0)
- nopad=1;
- else if (strcmp(*argv,"-salt") == 0)
- nosalt=0;
- else if (strcmp(*argv,"-nosalt") == 0)
- nosalt=1;
- else if (strcmp(*argv,"-debug") == 0)
- debug=1;
- else if (strcmp(*argv,"-P") == 0)
- printkey=2;
- else if (strcmp(*argv,"-A") == 0)
- olb64=1;
- else if (strcmp(*argv,"-a") == 0)
- base64=1;
- else if (strcmp(*argv,"-base64") == 0)
- base64=1;
- else if (strcmp(*argv,"-bufsize") == 0)
- {
- if (--argc < 1) goto bad;
- bufsize=(unsigned char *)*(++argv);
- }
- else if (strcmp(*argv,"-k") == 0)
- {
- if (--argc < 1) goto bad;
- str= *(++argv);
- }
- else if (strcmp(*argv,"-kfile") == 0)
- {
- static char buf[128];
- FILE *infile;
- char *file;
-
- if (--argc < 1) goto bad;
- file= *(++argv);
- infile=fopen(file,"r");
- if (infile == NULL)
- {
- BIO_printf(bio_err,"unable to read key from '%s'\n",
- file);
- goto bad;
- }
- buf[0]='\0';
- if (!fgets(buf,sizeof buf,infile))
- {
- BIO_printf(bio_err,"unable to read key from '%s'\n",
- file);
- goto bad;
- }
- fclose(infile);
- i=strlen(buf);
- if ((i > 0) &&
- ((buf[i-1] == '\n') || (buf[i-1] == '\r')))
- buf[--i]='\0';
- if ((i > 0) &&
- ((buf[i-1] == '\n') || (buf[i-1] == '\r')))
- buf[--i]='\0';
- if (i < 1)
- {
- BIO_printf(bio_err,"zero length password\n");
- goto bad;
- }
- str=buf;
- }
- else if (strcmp(*argv,"-K") == 0)
- {
- if (--argc < 1) goto bad;
- hkey= *(++argv);
- }
- else if (strcmp(*argv,"-S") == 0)
- {
- if (--argc < 1) goto bad;
- hsalt= *(++argv);
- }
- else if (strcmp(*argv,"-iv") == 0)
- {
- if (--argc < 1) goto bad;
- hiv= *(++argv);
- }
- else if (strcmp(*argv,"-md") == 0)
- {
- if (--argc < 1) goto bad;
- md= *(++argv);
- }
- else if (strcmp(*argv,"-non-fips-allow") == 0)
- non_fips_allow = 1;
- else if ((argv[0][0] == '-') &&
- ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
- {
- cipher=c;
- }
- else if (strcmp(*argv,"-none") == 0)
- cipher=NULL;
- else
- {
- BIO_printf(bio_err,"unknown option '%s'\n",*argv);
-bad:
- BIO_printf(bio_err,"options are\n");
- BIO_printf(bio_err,"%-14s input file\n","-in <file>");
- BIO_printf(bio_err,"%-14s output file\n","-out <file>");
- BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
- BIO_printf(bio_err,"%-14s encrypt\n","-e");
- BIO_printf(bio_err,"%-14s decrypt\n","-d");
- BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
- BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
- BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
- BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
- BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n","");
- BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
- BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
- BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
-#endif
-
- BIO_printf(bio_err,"Cipher Types\n");
- OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
- show_ciphers,
- bio_err);
- BIO_printf(bio_err,"\n");
-
- goto end;
- }
- argc--;
- argv++;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
-
- if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
- {
- BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
- goto end;
- }
-
- if (dgst == NULL)
- {
- if (in_FIPS_mode)
- dgst = EVP_sha1();
- else
- dgst = EVP_md5();
- }
-
- if (bufsize != NULL)
- {
- unsigned long n;
-
- for (n=0; *bufsize; bufsize++)
- {
- i= *bufsize;
- if ((i <= '9') && (i >= '0'))
- n=n*10+i-'0';
- else if (i == 'k')
- {
- n*=1024;
- bufsize++;
- break;
- }
- }
- if (*bufsize != '\0')
- {
- BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
- goto end;
- }
-
- /* It must be large enough for a base64 encoded line */
- if (base64 && n < 80) n=80;
-
- bsize=(int)n;
- if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
- }
-
- strbuf=OPENSSL_malloc(SIZE);
- buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
- if ((buff == NULL) || (strbuf == NULL))
- {
- BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
- goto end;
- }
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (debug)
- {
- BIO_set_callback(in,BIO_debug_callback);
- BIO_set_callback(out,BIO_debug_callback);
- BIO_set_callback_arg(in,(char *)bio_err);
- BIO_set_callback_arg(out,(char *)bio_err);
- }
-
- if (inf == NULL)
- {
- if (bufsize != NULL)
- setvbuf(stdin, (char *)NULL, _IONBF, 0);
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- }
- else
- {
- if (BIO_read_filename(in,inf) <= 0)
- {
- perror(inf);
- goto end;
- }
- }
-
- if(!str && passarg) {
- if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
- str = pass;
- }
-
- if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
- {
- for (;;)
- {
- char buf[200];
-
- BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
- OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
- (enc)?"encryption":"decryption");
- strbuf[0]='\0';
- i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
- if (i == 0)
- {
- if (strbuf[0] == '\0')
- {
- ret=1;
- goto end;
- }
- str=strbuf;
- break;
- }
- if (i < 0)
- {
- BIO_printf(bio_err,"bad password read\n");
- goto end;
- }
- }
- }
-
-
- if (outf == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
- if (bufsize != NULL)
- setvbuf(stdout, (char *)NULL, _IONBF, 0);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outf) <= 0)
- {
- perror(outf);
- goto end;
- }
- }
-
- rbio=in;
- wbio=out;
-
- if (base64)
- {
- if ((b64=BIO_new(BIO_f_base64())) == NULL)
- goto end;
- if (debug)
- {
- BIO_set_callback(b64,BIO_debug_callback);
- BIO_set_callback_arg(b64,(char *)bio_err);
- }
- if (olb64)
- BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
- if (enc)
- wbio=BIO_push(b64,wbio);
- else
- rbio=BIO_push(b64,rbio);
- }
-
- if (cipher != NULL)
- {
- /* Note that str is NULL if a key was passed on the command
- * line, so we get no salt in that case. Is this a bug?
- */
- if (str != NULL)
- {
- /* Salt handling: if encrypting generate a salt and
- * write to output BIO. If decrypting read salt from
- * input BIO.
- */
- unsigned char *sptr;
- if(nosalt) sptr = NULL;
- else {
- if(enc) {
- if(hsalt) {
- if(!set_hex(hsalt,salt,sizeof salt)) {
- BIO_printf(bio_err,
- "invalid hex salt value\n");
- goto end;
- }
- } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
- goto end;
- /* If -P option then don't bother writing */
- if((printkey != 2)
- && (BIO_write(wbio,magic,
- sizeof magic-1) != sizeof magic-1
- || BIO_write(wbio,
- (char *)salt,
- sizeof salt) != sizeof salt)) {
- BIO_printf(bio_err,"error writing output file\n");
- goto end;
- }
- } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
- || BIO_read(rbio,
- (unsigned char *)salt,
- sizeof salt) != sizeof salt) {
- BIO_printf(bio_err,"error reading input file\n");
- goto end;
- } else if(memcmp(mbuf,magic,sizeof magic-1)) {
- BIO_printf(bio_err,"bad magic number\n");
- goto end;
- }
-
- sptr = salt;
- }
-
- EVP_BytesToKey(cipher,dgst,sptr,
- (unsigned char *)str,
- strlen(str),1,key,iv);
- /* zero the complete buffer or the string
- * passed from the command line
- * bug picked up by
- * Larry J. Hughes Jr. <hughes at indiana.edu> */
- if (str == strbuf)
- OPENSSL_cleanse(str,SIZE);
- else
- OPENSSL_cleanse(str,strlen(str));
- }
- if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
- {
- BIO_printf(bio_err,"invalid hex iv value\n");
- goto end;
- }
- if ((hiv == NULL) && (str == NULL)
- && EVP_CIPHER_iv_length(cipher) != 0)
- {
- /* No IV was explicitly set and no IV was generated
- * during EVP_BytesToKey. Hence the IV is undefined,
- * making correct decryption impossible. */
- BIO_printf(bio_err, "iv undefined\n");
- goto end;
- }
- if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
- {
- BIO_printf(bio_err,"invalid hex key value\n");
- goto end;
- }
-
- if ((benc=BIO_new(BIO_f_cipher())) == NULL)
- goto end;
-
- /* Since we may be changing parameters work on the encryption
- * context rather than calling BIO_set_cipher().
- */
-
- BIO_get_cipher_ctx(benc, &ctx);
-
- if (non_fips_allow)
- EVP_CIPHER_CTX_set_flags(ctx,
- EVP_CIPH_FLAG_NON_FIPS_ALLOW);
-
- if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
- {
- BIO_printf(bio_err, "Error setting cipher %s\n",
- EVP_CIPHER_name(cipher));
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (nopad)
- EVP_CIPHER_CTX_set_padding(ctx, 0);
-
- if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
- {
- BIO_printf(bio_err, "Error setting cipher %s\n",
- EVP_CIPHER_name(cipher));
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (debug)
- {
- BIO_set_callback(benc,BIO_debug_callback);
- BIO_set_callback_arg(benc,(char *)bio_err);
- }
-
- if (printkey)
- {
- if (!nosalt)
- {
- printf("salt=");
- for (i=0; i<(int)sizeof(salt); i++)
- printf("%02X",salt[i]);
- printf("\n");
- }
- if (cipher->key_len > 0)
- {
- printf("key=");
- for (i=0; i<cipher->key_len; i++)
- printf("%02X",key[i]);
- printf("\n");
- }
- if (cipher->iv_len > 0)
- {
- printf("iv =");
- for (i=0; i<cipher->iv_len; i++)
- printf("%02X",iv[i]);
- printf("\n");
- }
- if (printkey == 2)
- {
- ret=0;
- goto end;
- }
- }
- }
-
- /* Only encrypt/decrypt as we write the file */
- if (benc != NULL)
- wbio=BIO_push(benc,wbio);
-
- for (;;)
- {
- inl=BIO_read(rbio,(char *)buff,bsize);
- if (inl <= 0) break;
- if (BIO_write(wbio,(char *)buff,inl) != inl)
- {
- BIO_printf(bio_err,"error writing output file\n");
- goto end;
- }
- }
- if (!BIO_flush(wbio))
- {
- BIO_printf(bio_err,"bad decrypt\n");
- goto end;
- }
-
- ret=0;
- if (verbose)
- {
- BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
- BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
- }
-end:
- ERR_print_errors(bio_err);
- if (strbuf != NULL) OPENSSL_free(strbuf);
- if (buff != NULL) OPENSSL_free(buff);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (benc != NULL) BIO_free(benc);
- if (b64 != NULL) BIO_free(b64);
- if(pass) OPENSSL_free(pass);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-int set_hex(char *in, unsigned char *out, int size)
- {
- int i,n;
- unsigned char j;
-
- n=strlen(in);
- if (n > (size*2))
- {
- BIO_printf(bio_err,"hex string is too long\n");
- return(0);
- }
- memset(out,0,size);
- for (i=0; i<n; i++)
- {
- j=(unsigned char)*in;
- *(in++)='\0';
- if (j == 0) break;
- if ((j >= '0') && (j <= '9'))
- j-='0';
- else if ((j >= 'A') && (j <= 'F'))
- j=j-'A'+10;
- else if ((j >= 'a') && (j <= 'f'))
- j=j-'a'+10;
- else
- {
- BIO_printf(bio_err,"non-hex digit\n");
- return(0);
- }
- if (i&1)
- out[i/2]|=j;
- else
- out[i/2]=(j<<4);
- }
- return(1);
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/enc.c (from rev 6976, vendor-crypto/openssl/dist/apps/enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,656 @@
+/* apps/enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+#include <openssl/pem.h>
+#include <ctype.h>
+
+int set_hex(char *in, unsigned char *out, int size);
+#undef SIZE
+#undef BSIZE
+#undef PROG
+
+#define SIZE (512)
+#define BSIZE (8*1024)
+#define PROG enc_main
+
+static void show_ciphers(const OBJ_NAME *name, void *bio_)
+{
+ BIO *bio = bio_;
+ static int n;
+
+ if (!islower((unsigned char)*name->name))
+ return;
+
+ BIO_printf(bio, "-%-25s", name->name);
+ if (++n == 3) {
+ BIO_printf(bio, "\n");
+ n = 0;
+ } else
+ BIO_printf(bio, " ");
+}
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ static const char magic[] = "Salted__";
+ char mbuf[sizeof magic - 1];
+ char *strbuf = NULL;
+ unsigned char *buff = NULL, *bufsize = NULL;
+ int bsize = BSIZE, verbose = 0;
+ int ret = 1, inl;
+ int nopad = 0;
+ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+ unsigned char salt[PKCS5_SALT_LEN];
+ char *str = NULL, *passarg = NULL, *pass = NULL;
+ char *hkey = NULL, *hiv = NULL, *hsalt = NULL;
+ char *md = NULL;
+ int enc = 1, printkey = 0, i, base64 = 0;
+ int debug = 0, olb64 = 0, nosalt = 0;
+ const EVP_CIPHER *cipher = NULL, *c;
+ EVP_CIPHER_CTX *ctx = NULL;
+ char *inf = NULL, *outf = NULL;
+ BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
+ NULL, *wbio = NULL;
+#define PROG_NAME_SIZE 39
+ char pname[PROG_NAME_SIZE + 1];
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+ const EVP_MD *dgst = NULL;
+ int non_fips_allow = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ /* first check the program name */
+ program_name(argv[0], pname, sizeof pname);
+ if (strcmp(pname, "base64") == 0)
+ base64 = 1;
+
+ cipher = EVP_get_cipherbyname(pname);
+ if (!base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0)) {
+ BIO_printf(bio_err, "%s is an unknown cipher\n", pname);
+ goto bad;
+ }
+
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-e") == 0)
+ enc = 1;
+ else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inf = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outf = *(++argv);
+ } else if (strcmp(*argv, "-pass") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passarg = *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv, "-d") == 0)
+ enc = 0;
+ else if (strcmp(*argv, "-p") == 0)
+ printkey = 1;
+ else if (strcmp(*argv, "-v") == 0)
+ verbose = 1;
+ else if (strcmp(*argv, "-nopad") == 0)
+ nopad = 1;
+ else if (strcmp(*argv, "-salt") == 0)
+ nosalt = 0;
+ else if (strcmp(*argv, "-nosalt") == 0)
+ nosalt = 1;
+ else if (strcmp(*argv, "-debug") == 0)
+ debug = 1;
+ else if (strcmp(*argv, "-P") == 0)
+ printkey = 2;
+ else if (strcmp(*argv, "-A") == 0)
+ olb64 = 1;
+ else if (strcmp(*argv, "-a") == 0)
+ base64 = 1;
+ else if (strcmp(*argv, "-base64") == 0)
+ base64 = 1;
+ else if (strcmp(*argv, "-bufsize") == 0) {
+ if (--argc < 1)
+ goto bad;
+ bufsize = (unsigned char *)*(++argv);
+ } else if (strcmp(*argv, "-k") == 0) {
+ if (--argc < 1)
+ goto bad;
+ str = *(++argv);
+ } else if (strcmp(*argv, "-kfile") == 0) {
+ static char buf[128];
+ FILE *infile;
+ char *file;
+
+ if (--argc < 1)
+ goto bad;
+ file = *(++argv);
+ infile = fopen(file, "r");
+ if (infile == NULL) {
+ BIO_printf(bio_err, "unable to read key from '%s'\n", file);
+ goto bad;
+ }
+ buf[0] = '\0';
+ if (!fgets(buf, sizeof buf, infile)) {
+ BIO_printf(bio_err, "unable to read key from '%s'\n", file);
+ goto bad;
+ }
+ fclose(infile);
+ i = strlen(buf);
+ if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
+ buf[--i] = '\0';
+ if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
+ buf[--i] = '\0';
+ if (i < 1) {
+ BIO_printf(bio_err, "zero length password\n");
+ goto bad;
+ }
+ str = buf;
+ } else if (strcmp(*argv, "-K") == 0) {
+ if (--argc < 1)
+ goto bad;
+ hkey = *(++argv);
+ } else if (strcmp(*argv, "-S") == 0) {
+ if (--argc < 1)
+ goto bad;
+ hsalt = *(++argv);
+ } else if (strcmp(*argv, "-iv") == 0) {
+ if (--argc < 1)
+ goto bad;
+ hiv = *(++argv);
+ } else if (strcmp(*argv, "-md") == 0) {
+ if (--argc < 1)
+ goto bad;
+ md = *(++argv);
+ } else if (strcmp(*argv, "-non-fips-allow") == 0)
+ non_fips_allow = 1;
+ else if ((argv[0][0] == '-') &&
+ ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
+ cipher = c;
+ } else if (strcmp(*argv, "-none") == 0)
+ cipher = NULL;
+ else {
+ BIO_printf(bio_err, "unknown option '%s'\n", *argv);
+ bad:
+ BIO_printf(bio_err, "options are\n");
+ BIO_printf(bio_err, "%-14s input file\n", "-in <file>");
+ BIO_printf(bio_err, "%-14s output file\n", "-out <file>");
+ BIO_printf(bio_err, "%-14s pass phrase source\n", "-pass <arg>");
+ BIO_printf(bio_err, "%-14s encrypt\n", "-e");
+ BIO_printf(bio_err, "%-14s decrypt\n", "-d");
+ BIO_printf(bio_err,
+ "%-14s base64 encode/decode, depending on encryption flag\n",
+ "-a/-base64");
+ BIO_printf(bio_err, "%-14s passphrase is the next argument\n",
+ "-k");
+ BIO_printf(bio_err,
+ "%-14s passphrase is the first line of the file argument\n",
+ "-kfile");
+ BIO_printf(bio_err,
+ "%-14s the next argument is the md to use to create a key\n",
+ "-md");
+ BIO_printf(bio_err,
+ "%-14s from a passphrase. One of md2, md5, sha or sha1\n",
+ "");
+ BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n",
+ "-K/-iv");
+ BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n",
+ "-[pP]");
+ BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ "%-14s use engine e, possibly a hardware device.\n",
+ "-engine e");
+#endif
+
+ BIO_printf(bio_err, "Cipher Types\n");
+ OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+ show_ciphers, bio_err);
+ BIO_printf(bio_err, "\n");
+
+ goto end;
+ }
+ argc--;
+ argv++;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ if (md && (dgst = EVP_get_digestbyname(md)) == NULL) {
+ BIO_printf(bio_err, "%s is an unsupported message digest type\n", md);
+ goto end;
+ }
+
+ if (dgst == NULL) {
+ if (in_FIPS_mode)
+ dgst = EVP_sha1();
+ else
+ dgst = EVP_md5();
+ }
+
+ if (bufsize != NULL) {
+ unsigned long n;
+
+ for (n = 0; *bufsize; bufsize++) {
+ i = *bufsize;
+ if ((i <= '9') && (i >= '0'))
+ n = n * 10 + i - '0';
+ else if (i == 'k') {
+ n *= 1024;
+ bufsize++;
+ break;
+ }
+ }
+ if (*bufsize != '\0') {
+ BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
+ goto end;
+ }
+
+ /* It must be large enough for a base64 encoded line */
+ if (base64 && n < 80)
+ n = 80;
+
+ bsize = (int)n;
+ if (verbose)
+ BIO_printf(bio_err, "bufsize=%d\n", bsize);
+ }
+
+ strbuf = OPENSSL_malloc(SIZE);
+ buff = (unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
+ if ((buff == NULL) || (strbuf == NULL)) {
+ BIO_printf(bio_err, "OPENSSL_malloc failure %ld\n",
+ (long)EVP_ENCODE_LENGTH(bsize));
+ goto end;
+ }
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (debug) {
+ BIO_set_callback(in, BIO_debug_callback);
+ BIO_set_callback(out, BIO_debug_callback);
+ BIO_set_callback_arg(in, (char *)bio_err);
+ BIO_set_callback_arg(out, (char *)bio_err);
+ }
+
+ if (inf == NULL) {
+ if (bufsize != NULL)
+ setvbuf(stdin, (char *)NULL, _IONBF, 0);
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ } else {
+ if (BIO_read_filename(in, inf) <= 0) {
+ perror(inf);
+ goto end;
+ }
+ }
+
+ if (!str && passarg) {
+ if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+ str = pass;
+ }
+
+ if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
+ for (;;) {
+ char buf[200];
+
+ BIO_snprintf(buf, sizeof buf, "enter %s %s password:",
+ OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+ (enc) ? "encryption" : "decryption");
+ strbuf[0] = '\0';
+ i = EVP_read_pw_string((char *)strbuf, SIZE, buf, enc);
+ if (i == 0) {
+ if (strbuf[0] == '\0') {
+ ret = 1;
+ goto end;
+ }
+ str = strbuf;
+ break;
+ }
+ if (i < 0) {
+ BIO_printf(bio_err, "bad password read\n");
+ goto end;
+ }
+ }
+ }
+
+ if (outf == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+ if (bufsize != NULL)
+ setvbuf(stdout, (char *)NULL, _IONBF, 0);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ } else {
+ if (BIO_write_filename(out, outf) <= 0) {
+ perror(outf);
+ goto end;
+ }
+ }
+
+ rbio = in;
+ wbio = out;
+
+ if (base64) {
+ if ((b64 = BIO_new(BIO_f_base64())) == NULL)
+ goto end;
+ if (debug) {
+ BIO_set_callback(b64, BIO_debug_callback);
+ BIO_set_callback_arg(b64, (char *)bio_err);
+ }
+ if (olb64)
+ BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+ if (enc)
+ wbio = BIO_push(b64, wbio);
+ else
+ rbio = BIO_push(b64, rbio);
+ }
+
+ if (cipher != NULL) {
+ /*
+ * Note that str is NULL if a key was passed on the command line, so
+ * we get no salt in that case. Is this a bug?
+ */
+ if (str != NULL) {
+ /*
+ * Salt handling: if encrypting generate a salt and write to
+ * output BIO. If decrypting read salt from input BIO.
+ */
+ unsigned char *sptr;
+ if (nosalt)
+ sptr = NULL;
+ else {
+ if (enc) {
+ if (hsalt) {
+ if (!set_hex(hsalt, salt, sizeof salt)) {
+ BIO_printf(bio_err, "invalid hex salt value\n");
+ goto end;
+ }
+ } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
+ goto end;
+ /*
+ * If -P option then don't bother writing
+ */
+ if ((printkey != 2)
+ && (BIO_write(wbio, magic,
+ sizeof magic - 1) != sizeof magic - 1
+ || BIO_write(wbio,
+ (char *)salt,
+ sizeof salt) != sizeof salt)) {
+ BIO_printf(bio_err, "error writing output file\n");
+ goto end;
+ }
+ } else if (BIO_read(rbio, mbuf, sizeof mbuf) != sizeof mbuf
+ || BIO_read(rbio,
+ (unsigned char *)salt,
+ sizeof salt) != sizeof salt) {
+ BIO_printf(bio_err, "error reading input file\n");
+ goto end;
+ } else if (memcmp(mbuf, magic, sizeof magic - 1)) {
+ BIO_printf(bio_err, "bad magic number\n");
+ goto end;
+ }
+
+ sptr = salt;
+ }
+
+ EVP_BytesToKey(cipher, dgst, sptr,
+ (unsigned char *)str, strlen(str), 1, key, iv);
+ /*
+ * zero the complete buffer or the string passed from the command
+ * line bug picked up by Larry J. Hughes Jr. <hughes at indiana.edu>
+ */
+ if (str == strbuf)
+ OPENSSL_cleanse(str, SIZE);
+ else
+ OPENSSL_cleanse(str, strlen(str));
+ }
+ if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) {
+ BIO_printf(bio_err, "invalid hex iv value\n");
+ goto end;
+ }
+ if ((hiv == NULL) && (str == NULL)
+ && EVP_CIPHER_iv_length(cipher) != 0) {
+ /*
+ * No IV was explicitly set and no IV was generated during
+ * EVP_BytesToKey. Hence the IV is undefined, making correct
+ * decryption impossible.
+ */
+ BIO_printf(bio_err, "iv undefined\n");
+ goto end;
+ }
+ if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) {
+ BIO_printf(bio_err, "invalid hex key value\n");
+ goto end;
+ }
+
+ if ((benc = BIO_new(BIO_f_cipher())) == NULL)
+ goto end;
+
+ /*
+ * Since we may be changing parameters work on the encryption context
+ * rather than calling BIO_set_cipher().
+ */
+
+ BIO_get_cipher_ctx(benc, &ctx);
+
+ if (non_fips_allow)
+ EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+
+ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
+ BIO_printf(bio_err, "Error setting cipher %s\n",
+ EVP_CIPHER_name(cipher));
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (nopad)
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+ if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
+ BIO_printf(bio_err, "Error setting cipher %s\n",
+ EVP_CIPHER_name(cipher));
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (debug) {
+ BIO_set_callback(benc, BIO_debug_callback);
+ BIO_set_callback_arg(benc, (char *)bio_err);
+ }
+
+ if (printkey) {
+ if (!nosalt) {
+ printf("salt=");
+ for (i = 0; i < (int)sizeof(salt); i++)
+ printf("%02X", salt[i]);
+ printf("\n");
+ }
+ if (cipher->key_len > 0) {
+ printf("key=");
+ for (i = 0; i < cipher->key_len; i++)
+ printf("%02X", key[i]);
+ printf("\n");
+ }
+ if (cipher->iv_len > 0) {
+ printf("iv =");
+ for (i = 0; i < cipher->iv_len; i++)
+ printf("%02X", iv[i]);
+ printf("\n");
+ }
+ if (printkey == 2) {
+ ret = 0;
+ goto end;
+ }
+ }
+ }
+
+ /* Only encrypt/decrypt as we write the file */
+ if (benc != NULL)
+ wbio = BIO_push(benc, wbio);
+
+ for (;;) {
+ inl = BIO_read(rbio, (char *)buff, bsize);
+ if (inl <= 0)
+ break;
+ if (BIO_write(wbio, (char *)buff, inl) != inl) {
+ BIO_printf(bio_err, "error writing output file\n");
+ goto end;
+ }
+ }
+ if (!BIO_flush(wbio)) {
+ BIO_printf(bio_err, "bad decrypt\n");
+ goto end;
+ }
+
+ ret = 0;
+ if (verbose) {
+ BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
+ BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
+ }
+ end:
+ ERR_print_errors(bio_err);
+ if (strbuf != NULL)
+ OPENSSL_free(strbuf);
+ if (buff != NULL)
+ OPENSSL_free(buff);
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (benc != NULL)
+ BIO_free(benc);
+ if (b64 != NULL)
+ BIO_free(b64);
+ if (pass)
+ OPENSSL_free(pass);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+int set_hex(char *in, unsigned char *out, int size)
+{
+ int i, n;
+ unsigned char j;
+
+ n = strlen(in);
+ if (n > (size * 2)) {
+ BIO_printf(bio_err, "hex string is too long\n");
+ return (0);
+ }
+ memset(out, 0, size);
+ for (i = 0; i < n; i++) {
+ j = (unsigned char)*in;
+ *(in++) = '\0';
+ if (j == 0)
+ break;
+ if ((j >= '0') && (j <= '9'))
+ j -= '0';
+ else if ((j >= 'A') && (j <= 'F'))
+ j = j - 'A' + 10;
+ else if ((j >= 'a') && (j <= 'f'))
+ j = j - 'a' + 10;
+ else {
+ BIO_printf(bio_err, "non-hex digit\n");
+ return (0);
+ }
+ if (i & 1)
+ out[i / 2] |= j;
+ else
+ out[i / 2] = (j << 4);
+ }
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/engine.c
===================================================================
--- vendor-crypto/openssl/dist/apps/engine.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/engine.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,542 +0,0 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte <richard at levitte.org> for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/err.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG engine_main
-
-static const char *engine_usage[]={
-"usage: engine opts [engine ...]\n",
-" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
-" -vv will additionally display each command's description\n",
-" -vvv will also add the input flags for each command\n",
-" -vvvv will also show internal input flags\n",
-" -c - for each engine, also list the capabilities\n",
-" -t[t] - for each engine, check that they are really available\n",
-" -tt will display error trace for unavailable engines\n",
-" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
-" to load it (if -t is used)\n",
-" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
-" (only used if -t is also provided)\n",
-" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
-" line, or all supported ENGINEs if none are specified.\n",
-" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
-" argument \"/lib/libdriver.so\".\n",
-NULL
-};
-
-static void identity(void *ptr)
- {
- return;
- }
-
-static int append_buf(char **buf, const char *s, int *size, int step)
- {
- int l = strlen(s);
-
- if (*buf == NULL)
- {
- *size = step;
- *buf = OPENSSL_malloc(*size);
- if (*buf == NULL)
- return 0;
- **buf = '\0';
- }
-
- if (**buf != '\0')
- l += 2; /* ", " */
-
- if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
- {
- *size += step;
- *buf = OPENSSL_realloc(*buf, *size);
- }
-
- if (*buf == NULL)
- return 0;
-
- if (**buf != '\0')
- BUF_strlcat(*buf, ", ", *size);
- BUF_strlcat(*buf, s, *size);
-
- return 1;
- }
-
-static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
- {
- int started = 0, err = 0;
- /* Indent before displaying input flags */
- BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
- if(flags == 0)
- {
- BIO_printf(bio_out, "<no flags>\n");
- return 1;
- }
- /* If the object is internal, mark it in a way that shows instead of
- * having it part of all the other flags, even if it really is. */
- if(flags & ENGINE_CMD_FLAG_INTERNAL)
- {
- BIO_printf(bio_out, "[Internal] ");
- }
-
- if(flags & ENGINE_CMD_FLAG_NUMERIC)
- {
- if(started)
- {
- BIO_printf(bio_out, "|");
- err = 1;
- }
- BIO_printf(bio_out, "NUMERIC");
- started = 1;
- }
- /* Now we check that no combinations of the mutually exclusive NUMERIC,
- * STRING, and NO_INPUT flags have been used. Future flags that can be
- * OR'd together with these would need to added after these to preserve
- * the testing logic. */
- if(flags & ENGINE_CMD_FLAG_STRING)
- {
- if(started)
- {
- BIO_printf(bio_out, "|");
- err = 1;
- }
- BIO_printf(bio_out, "STRING");
- started = 1;
- }
- if(flags & ENGINE_CMD_FLAG_NO_INPUT)
- {
- if(started)
- {
- BIO_printf(bio_out, "|");
- err = 1;
- }
- BIO_printf(bio_out, "NO_INPUT");
- started = 1;
- }
- /* Check for unknown flags */
- flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
- ~ENGINE_CMD_FLAG_STRING &
- ~ENGINE_CMD_FLAG_NO_INPUT &
- ~ENGINE_CMD_FLAG_INTERNAL;
- if(flags)
- {
- if(started) BIO_printf(bio_out, "|");
- BIO_printf(bio_out, "<0x%04X>", flags);
- }
- if(err)
- BIO_printf(bio_out, " <illegal flags!>");
- BIO_printf(bio_out, "\n");
- return 1;
- }
-
-static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
- {
- static const int line_wrap = 78;
- int num;
- int ret = 0;
- char *name = NULL;
- char *desc = NULL;
- int flags;
- int xpos = 0;
- STACK *cmds = NULL;
- if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
- ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
- 0, NULL, NULL)) <= 0))
- {
-#if 0
- BIO_printf(bio_out, "%s<no control commands>\n", indent);
-#endif
- return 1;
- }
-
- cmds = sk_new_null();
-
- if(!cmds)
- goto err;
- do {
- int len;
- /* Get the command input flags */
- if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
- NULL, NULL)) < 0)
- goto err;
- if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
- {
- /* Get the command name */
- if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
- NULL, NULL)) <= 0)
- goto err;
- if((name = OPENSSL_malloc(len + 1)) == NULL)
- goto err;
- if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
- NULL) <= 0)
- goto err;
- /* Get the command description */
- if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
- NULL, NULL)) < 0)
- goto err;
- if(len > 0)
- {
- if((desc = OPENSSL_malloc(len + 1)) == NULL)
- goto err;
- if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
- NULL) <= 0)
- goto err;
- }
- /* Now decide on the output */
- if(xpos == 0)
- /* Do an indent */
- xpos = BIO_puts(bio_out, indent);
- else
- /* Otherwise prepend a ", " */
- xpos += BIO_printf(bio_out, ", ");
- if(verbose == 1)
- {
- /* We're just listing names, comma-delimited */
- if((xpos > (int)strlen(indent)) &&
- (xpos + (int)strlen(name) > line_wrap))
- {
- BIO_printf(bio_out, "\n");
- xpos = BIO_puts(bio_out, indent);
- }
- xpos += BIO_printf(bio_out, "%s", name);
- }
- else
- {
- /* We're listing names plus descriptions */
- BIO_printf(bio_out, "%s: %s\n", name,
- (desc == NULL) ? "<no description>" : desc);
- /* ... and sometimes input flags */
- if((verbose >= 3) && !util_flags(bio_out, flags,
- indent))
- goto err;
- xpos = 0;
- }
- }
- OPENSSL_free(name); name = NULL;
- if(desc) { OPENSSL_free(desc); desc = NULL; }
- /* Move to the next command */
- num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
- num, NULL, NULL);
- } while(num > 0);
- if(xpos > 0)
- BIO_printf(bio_out, "\n");
- ret = 1;
-err:
- if(cmds) sk_pop_free(cmds, identity);
- if(name) OPENSSL_free(name);
- if(desc) OPENSSL_free(desc);
- return ret;
- }
-
-static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)
- {
- int loop, res, num = sk_num(cmds);
- if(num < 0)
- {
- BIO_printf(bio_out, "[Error]: internal stack error\n");
- return;
- }
- for(loop = 0; loop < num; loop++)
- {
- char buf[256];
- const char *cmd, *arg;
- cmd = sk_value(cmds, loop);
- res = 1; /* assume success */
- /* Check if this command has no ":arg" */
- if((arg = strstr(cmd, ":")) == NULL)
- {
- if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
- res = 0;
- }
- else
- {
- if((int)(arg - cmd) > 254)
- {
- BIO_printf(bio_out,"[Error]: command name too long\n");
- return;
- }
- memcpy(buf, cmd, (int)(arg - cmd));
- buf[arg-cmd] = '\0';
- arg++; /* Move past the ":" */
- /* Call the command with the argument */
- if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
- res = 0;
- }
- if(res)
- BIO_printf(bio_out, "[Success]: %s\n", cmd);
- else
- {
- BIO_printf(bio_out, "[Failure]: %s\n", cmd);
- ERR_print_errors(bio_out);
- }
- }
- }
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int ret=1,i;
- const char **pp;
- int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
- ENGINE *e;
- STACK *engines = sk_new_null();
- STACK *pre_cmds = sk_new_null();
- STACK *post_cmds = sk_new_null();
- int badops=1;
- BIO *bio_out=NULL;
- const char *indent = " ";
-
- apps_startup();
- SSL_load_error_strings();
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
- bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- bio_out = BIO_push(tmpbio, bio_out);
- }
-#endif
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strncmp(*argv,"-v",2) == 0)
- {
- if(strspn(*argv + 1, "v") < strlen(*argv + 1))
- goto skip_arg_loop;
- if((verbose=strlen(*argv + 1)) > 4)
- goto skip_arg_loop;
- }
- else if (strcmp(*argv,"-c") == 0)
- list_cap=1;
- else if (strncmp(*argv,"-t",2) == 0)
- {
- test_avail=1;
- if(strspn(*argv + 1, "t") < strlen(*argv + 1))
- goto skip_arg_loop;
- if((test_avail_noise = strlen(*argv + 1) - 1) > 1)
- goto skip_arg_loop;
- }
- else if (strcmp(*argv,"-pre") == 0)
- {
- argc--; argv++;
- if (argc == 0)
- goto skip_arg_loop;
- sk_push(pre_cmds,*argv);
- }
- else if (strcmp(*argv,"-post") == 0)
- {
- argc--; argv++;
- if (argc == 0)
- goto skip_arg_loop;
- sk_push(post_cmds,*argv);
- }
- else if ((strncmp(*argv,"-h",2) == 0) ||
- (strcmp(*argv,"-?") == 0))
- goto skip_arg_loop;
- else
- sk_push(engines,*argv);
- argc--;
- argv++;
- }
- /* Looks like everything went OK */
- badops = 0;
-skip_arg_loop:
-
- if (badops)
- {
- for (pp=engine_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
- goto end;
- }
-
- if (sk_num(engines) == 0)
- {
- for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
- {
- sk_push(engines,(char *)ENGINE_get_id(e));
- }
- }
-
- for (i=0; i<sk_num(engines); i++)
- {
- const char *id = sk_value(engines,i);
- if ((e = ENGINE_by_id(id)) != NULL)
- {
- const char *name = ENGINE_get_name(e);
- /* Do "id" first, then "name". Easier to auto-parse. */
- BIO_printf(bio_out, "(%s) %s\n", id, name);
- util_do_cmds(e, pre_cmds, bio_out, indent);
- if (strcmp(ENGINE_get_id(e), id) != 0)
- {
- BIO_printf(bio_out, "Loaded: (%s) %s\n",
- ENGINE_get_id(e), ENGINE_get_name(e));
- }
- if (list_cap)
- {
- int cap_size = 256;
- char *cap_buf = NULL;
- int k,n;
- const int *nids;
- ENGINE_CIPHERS_PTR fn_c;
- ENGINE_DIGESTS_PTR fn_d;
-
- if (ENGINE_get_RSA(e) != NULL
- && !append_buf(&cap_buf, "RSA",
- &cap_size, 256))
- goto end;
- if (ENGINE_get_DSA(e) != NULL
- && !append_buf(&cap_buf, "DSA",
- &cap_size, 256))
- goto end;
- if (ENGINE_get_DH(e) != NULL
- && !append_buf(&cap_buf, "DH",
- &cap_size, 256))
- goto end;
- if (ENGINE_get_RAND(e) != NULL
- && !append_buf(&cap_buf, "RAND",
- &cap_size, 256))
- goto end;
-
- fn_c = ENGINE_get_ciphers(e);
- if(!fn_c) goto skip_ciphers;
- n = fn_c(e, NULL, &nids, 0);
- for(k=0 ; k < n ; ++k)
- if(!append_buf(&cap_buf,
- OBJ_nid2sn(nids[k]),
- &cap_size, 256))
- goto end;
-
-skip_ciphers:
- fn_d = ENGINE_get_digests(e);
- if(!fn_d) goto skip_digests;
- n = fn_d(e, NULL, &nids, 0);
- for(k=0 ; k < n ; ++k)
- if(!append_buf(&cap_buf,
- OBJ_nid2sn(nids[k]),
- &cap_size, 256))
- goto end;
-
-skip_digests:
- if (cap_buf && (*cap_buf != '\0'))
- BIO_printf(bio_out, " [%s]\n", cap_buf);
-
- OPENSSL_free(cap_buf);
- }
- if(test_avail)
- {
- BIO_printf(bio_out, "%s", indent);
- if (ENGINE_init(e))
- {
- BIO_printf(bio_out, "[ available ]\n");
- util_do_cmds(e, post_cmds, bio_out, indent);
- ENGINE_finish(e);
- }
- else
- {
- BIO_printf(bio_out, "[ unavailable ]\n");
- if(test_avail_noise)
- ERR_print_errors_fp(stdout);
- ERR_clear_error();
- }
- }
- if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
- goto end;
- ENGINE_free(e);
- }
- else
- ERR_print_errors(bio_err);
- }
-
- ret=0;
-end:
-
- ERR_print_errors(bio_err);
- sk_pop_free(engines, identity);
- sk_pop_free(pre_cmds, identity);
- sk_pop_free(post_cmds, identity);
- if (bio_out != NULL) BIO_free_all(bio_out);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-#else
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/engine.c (from rev 6976, vendor-crypto/openssl/dist/apps/engine.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/engine.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/engine.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,510 @@
+/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+# include <openssl/ssl.h>
+
+# undef PROG
+# define PROG engine_main
+
+static const char *engine_usage[] = {
+ "usage: engine opts [engine ...]\n",
+ " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
+ " -vv will additionally display each command's description\n",
+ " -vvv will also add the input flags for each command\n",
+ " -vvvv will also show internal input flags\n",
+ " -c - for each engine, also list the capabilities\n",
+ " -t[t] - for each engine, check that they are really available\n",
+ " -tt will display error trace for unavailable engines\n",
+ " -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
+ " to load it (if -t is used)\n",
+ " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
+ " (only used if -t is also provided)\n",
+ " NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
+ " line, or all supported ENGINEs if none are specified.\n",
+ " Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
+ " argument \"/lib/libdriver.so\".\n",
+ NULL
+};
+
+static void identity(void *ptr)
+{
+ return;
+}
+
+static int append_buf(char **buf, const char *s, int *size, int step)
+{
+ int l = strlen(s);
+
+ if (*buf == NULL) {
+ *size = step;
+ *buf = OPENSSL_malloc(*size);
+ if (*buf == NULL)
+ return 0;
+ **buf = '\0';
+ }
+
+ if (**buf != '\0')
+ l += 2; /* ", " */
+
+ if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
+ *size += step;
+ *buf = OPENSSL_realloc(*buf, *size);
+ }
+
+ if (*buf == NULL)
+ return 0;
+
+ if (**buf != '\0')
+ BUF_strlcat(*buf, ", ", *size);
+ BUF_strlcat(*buf, s, *size);
+
+ return 1;
+}
+
+static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
+{
+ int started = 0, err = 0;
+ /* Indent before displaying input flags */
+ BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
+ if (flags == 0) {
+ BIO_printf(bio_out, "<no flags>\n");
+ return 1;
+ }
+ /*
+ * If the object is internal, mark it in a way that shows instead of
+ * having it part of all the other flags, even if it really is.
+ */
+ if (flags & ENGINE_CMD_FLAG_INTERNAL) {
+ BIO_printf(bio_out, "[Internal] ");
+ }
+
+ if (flags & ENGINE_CMD_FLAG_NUMERIC) {
+ if (started) {
+ BIO_printf(bio_out, "|");
+ err = 1;
+ }
+ BIO_printf(bio_out, "NUMERIC");
+ started = 1;
+ }
+ /*
+ * Now we check that no combinations of the mutually exclusive NUMERIC,
+ * STRING, and NO_INPUT flags have been used. Future flags that can be
+ * OR'd together with these would need to added after these to preserve
+ * the testing logic.
+ */
+ if (flags & ENGINE_CMD_FLAG_STRING) {
+ if (started) {
+ BIO_printf(bio_out, "|");
+ err = 1;
+ }
+ BIO_printf(bio_out, "STRING");
+ started = 1;
+ }
+ if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
+ if (started) {
+ BIO_printf(bio_out, "|");
+ err = 1;
+ }
+ BIO_printf(bio_out, "NO_INPUT");
+ started = 1;
+ }
+ /* Check for unknown flags */
+ flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
+ ~ENGINE_CMD_FLAG_STRING &
+ ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
+ if (flags) {
+ if (started)
+ BIO_printf(bio_out, "|");
+ BIO_printf(bio_out, "<0x%04X>", flags);
+ }
+ if (err)
+ BIO_printf(bio_out, " <illegal flags!>");
+ BIO_printf(bio_out, "\n");
+ return 1;
+}
+
+static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
+ const char *indent)
+{
+ static const int line_wrap = 78;
+ int num;
+ int ret = 0;
+ char *name = NULL;
+ char *desc = NULL;
+ int flags;
+ int xpos = 0;
+ STACK *cmds = NULL;
+ if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
+ ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
+ 0, NULL, NULL)) <= 0)) {
+# if 0
+ BIO_printf(bio_out, "%s<no control commands>\n", indent);
+# endif
+ return 1;
+ }
+
+ cmds = sk_new_null();
+
+ if (!cmds)
+ goto err;
+ do {
+ int len;
+ /* Get the command input flags */
+ if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
+ NULL, NULL)) < 0)
+ goto err;
+ if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
+ /* Get the command name */
+ if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
+ NULL, NULL)) <= 0)
+ goto err;
+ if ((name = OPENSSL_malloc(len + 1)) == NULL)
+ goto err;
+ if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
+ NULL) <= 0)
+ goto err;
+ /* Get the command description */
+ if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
+ NULL, NULL)) < 0)
+ goto err;
+ if (len > 0) {
+ if ((desc = OPENSSL_malloc(len + 1)) == NULL)
+ goto err;
+ if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
+ NULL) <= 0)
+ goto err;
+ }
+ /* Now decide on the output */
+ if (xpos == 0)
+ /* Do an indent */
+ xpos = BIO_puts(bio_out, indent);
+ else
+ /* Otherwise prepend a ", " */
+ xpos += BIO_printf(bio_out, ", ");
+ if (verbose == 1) {
+ /*
+ * We're just listing names, comma-delimited
+ */
+ if ((xpos > (int)strlen(indent)) &&
+ (xpos + (int)strlen(name) > line_wrap)) {
+ BIO_printf(bio_out, "\n");
+ xpos = BIO_puts(bio_out, indent);
+ }
+ xpos += BIO_printf(bio_out, "%s", name);
+ } else {
+ /* We're listing names plus descriptions */
+ BIO_printf(bio_out, "%s: %s\n", name,
+ (desc == NULL) ? "<no description>" : desc);
+ /* ... and sometimes input flags */
+ if ((verbose >= 3) && !util_flags(bio_out, flags, indent))
+ goto err;
+ xpos = 0;
+ }
+ }
+ OPENSSL_free(name);
+ name = NULL;
+ if (desc) {
+ OPENSSL_free(desc);
+ desc = NULL;
+ }
+ /* Move to the next command */
+ num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
+ } while (num > 0);
+ if (xpos > 0)
+ BIO_printf(bio_out, "\n");
+ ret = 1;
+ err:
+ if (cmds)
+ sk_pop_free(cmds, identity);
+ if (name)
+ OPENSSL_free(name);
+ if (desc)
+ OPENSSL_free(desc);
+ return ret;
+}
+
+static void util_do_cmds(ENGINE *e, STACK * cmds, BIO *bio_out,
+ const char *indent)
+{
+ int loop, res, num = sk_num(cmds);
+ if (num < 0) {
+ BIO_printf(bio_out, "[Error]: internal stack error\n");
+ return;
+ }
+ for (loop = 0; loop < num; loop++) {
+ char buf[256];
+ const char *cmd, *arg;
+ cmd = sk_value(cmds, loop);
+ res = 1; /* assume success */
+ /* Check if this command has no ":arg" */
+ if ((arg = strstr(cmd, ":")) == NULL) {
+ if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
+ res = 0;
+ } else {
+ if ((int)(arg - cmd) > 254) {
+ BIO_printf(bio_out, "[Error]: command name too long\n");
+ return;
+ }
+ memcpy(buf, cmd, (int)(arg - cmd));
+ buf[arg - cmd] = '\0';
+ arg++; /* Move past the ":" */
+ /* Call the command with the argument */
+ if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
+ res = 0;
+ }
+ if (res)
+ BIO_printf(bio_out, "[Success]: %s\n", cmd);
+ else {
+ BIO_printf(bio_out, "[Failure]: %s\n", cmd);
+ ERR_print_errors(bio_out);
+ }
+ }
+}
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int ret = 1, i;
+ const char **pp;
+ int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
+ ENGINE *e;
+ STACK *engines = sk_new_null();
+ STACK *pre_cmds = sk_new_null();
+ STACK *post_cmds = sk_new_null();
+ int badops = 1;
+ BIO *bio_out = NULL;
+ const char *indent = " ";
+
+ apps_startup();
+ SSL_load_error_strings();
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+ bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ bio_out = BIO_push(tmpbio, bio_out);
+ }
+# endif
+
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strncmp(*argv, "-v", 2) == 0) {
+ if (strspn(*argv + 1, "v") < strlen(*argv + 1))
+ goto skip_arg_loop;
+ if ((verbose = strlen(*argv + 1)) > 4)
+ goto skip_arg_loop;
+ } else if (strcmp(*argv, "-c") == 0)
+ list_cap = 1;
+ else if (strncmp(*argv, "-t", 2) == 0) {
+ test_avail = 1;
+ if (strspn(*argv + 1, "t") < strlen(*argv + 1))
+ goto skip_arg_loop;
+ if ((test_avail_noise = strlen(*argv + 1) - 1) > 1)
+ goto skip_arg_loop;
+ } else if (strcmp(*argv, "-pre") == 0) {
+ argc--;
+ argv++;
+ if (argc == 0)
+ goto skip_arg_loop;
+ sk_push(pre_cmds, *argv);
+ } else if (strcmp(*argv, "-post") == 0) {
+ argc--;
+ argv++;
+ if (argc == 0)
+ goto skip_arg_loop;
+ sk_push(post_cmds, *argv);
+ } else if ((strncmp(*argv, "-h", 2) == 0) ||
+ (strcmp(*argv, "-?") == 0))
+ goto skip_arg_loop;
+ else
+ sk_push(engines, *argv);
+ argc--;
+ argv++;
+ }
+ /* Looks like everything went OK */
+ badops = 0;
+ skip_arg_loop:
+
+ if (badops) {
+ for (pp = engine_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err, "%s", *pp);
+ goto end;
+ }
+
+ if (sk_num(engines) == 0) {
+ for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
+ sk_push(engines, (char *)ENGINE_get_id(e));
+ }
+ }
+
+ for (i = 0; i < sk_num(engines); i++) {
+ const char *id = sk_value(engines, i);
+ if ((e = ENGINE_by_id(id)) != NULL) {
+ const char *name = ENGINE_get_name(e);
+ /*
+ * Do "id" first, then "name". Easier to auto-parse.
+ */
+ BIO_printf(bio_out, "(%s) %s\n", id, name);
+ util_do_cmds(e, pre_cmds, bio_out, indent);
+ if (strcmp(ENGINE_get_id(e), id) != 0) {
+ BIO_printf(bio_out, "Loaded: (%s) %s\n",
+ ENGINE_get_id(e), ENGINE_get_name(e));
+ }
+ if (list_cap) {
+ int cap_size = 256;
+ char *cap_buf = NULL;
+ int k, n;
+ const int *nids;
+ ENGINE_CIPHERS_PTR fn_c;
+ ENGINE_DIGESTS_PTR fn_d;
+
+ if (ENGINE_get_RSA(e) != NULL
+ && !append_buf(&cap_buf, "RSA", &cap_size, 256))
+ goto end;
+ if (ENGINE_get_DSA(e) != NULL
+ && !append_buf(&cap_buf, "DSA", &cap_size, 256))
+ goto end;
+ if (ENGINE_get_DH(e) != NULL
+ && !append_buf(&cap_buf, "DH", &cap_size, 256))
+ goto end;
+ if (ENGINE_get_RAND(e) != NULL
+ && !append_buf(&cap_buf, "RAND", &cap_size, 256))
+ goto end;
+
+ fn_c = ENGINE_get_ciphers(e);
+ if (!fn_c)
+ goto skip_ciphers;
+ n = fn_c(e, NULL, &nids, 0);
+ for (k = 0; k < n; ++k)
+ if (!append_buf(&cap_buf,
+ OBJ_nid2sn(nids[k]), &cap_size, 256))
+ goto end;
+
+ skip_ciphers:
+ fn_d = ENGINE_get_digests(e);
+ if (!fn_d)
+ goto skip_digests;
+ n = fn_d(e, NULL, &nids, 0);
+ for (k = 0; k < n; ++k)
+ if (!append_buf(&cap_buf,
+ OBJ_nid2sn(nids[k]), &cap_size, 256))
+ goto end;
+
+ skip_digests:
+ if (cap_buf && (*cap_buf != '\0'))
+ BIO_printf(bio_out, " [%s]\n", cap_buf);
+
+ OPENSSL_free(cap_buf);
+ }
+ if (test_avail) {
+ BIO_printf(bio_out, "%s", indent);
+ if (ENGINE_init(e)) {
+ BIO_printf(bio_out, "[ available ]\n");
+ util_do_cmds(e, post_cmds, bio_out, indent);
+ ENGINE_finish(e);
+ } else {
+ BIO_printf(bio_out, "[ unavailable ]\n");
+ if (test_avail_noise)
+ ERR_print_errors_fp(stdout);
+ ERR_clear_error();
+ }
+ }
+ if ((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
+ goto end;
+ ENGINE_free(e);
+ } else
+ ERR_print_errors(bio_err);
+ }
+
+ ret = 0;
+ end:
+
+ ERR_print_errors(bio_err);
+ sk_pop_free(engines, identity);
+ sk_pop_free(pre_cmds, identity);
+ sk_pop_free(post_cmds, identity);
+ if (bio_out != NULL)
+ BIO_free_all(bio_out);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+#else
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/errstr.c
===================================================================
--- vendor-crypto/openssl/dist/apps/errstr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/errstr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,126 +0,0 @@
-/* apps/errstr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/lhash.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG errstr_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int i,ret=0;
- char buf[256];
- unsigned long l;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- SSL_load_error_strings();
-
- if ((argc > 1) && (strcmp(argv[1],"-stats") == 0))
- {
- BIO *out=NULL;
-
- out=BIO_new(BIO_s_file());
- if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
- {
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
- lh_stats_bio((LHASH *)ERR_get_string_table(),out);
- lh_node_usage_stats_bio((LHASH *)
- ERR_get_string_table(),out);
- }
- if (out != NULL) BIO_free_all(out);
- argc--;
- argv++;
- }
-
- for (i=1; i<argc; i++)
- {
- if (sscanf(argv[i],"%lx",&l))
- {
- ERR_error_string_n(l, buf, sizeof buf);
- printf("%s\n",buf);
- }
- else
- {
- printf("%s: bad error code\n",argv[i]);
- printf("usage: errstr [-stats] <errno> ...\n");
- ret++;
- }
- }
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/errstr.c (from rev 6976, vendor-crypto/openssl/dist/apps/errstr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/errstr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/errstr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,121 @@
+/* apps/errstr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#undef PROG
+#define PROG errstr_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int i, ret = 0;
+ char buf[256];
+ unsigned long l;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ SSL_load_error_strings();
+
+ if ((argc > 1) && (strcmp(argv[1], "-stats") == 0)) {
+ BIO *out = NULL;
+
+ out = BIO_new(BIO_s_file());
+ if ((out != NULL) && BIO_set_fp(out, stdout, BIO_NOCLOSE)) {
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ lh_node_stats_bio((LHASH *)ERR_get_string_table(), out);
+ lh_stats_bio((LHASH *)ERR_get_string_table(), out);
+ lh_node_usage_stats_bio((LHASH *)
+ ERR_get_string_table(), out);
+ }
+ if (out != NULL)
+ BIO_free_all(out);
+ argc--;
+ argv++;
+ }
+
+ for (i = 1; i < argc; i++) {
+ if (sscanf(argv[i], "%lx", &l)) {
+ ERR_error_string_n(l, buf, sizeof buf);
+ printf("%s\n", buf);
+ } else {
+ printf("%s: bad error code\n", argv[i]);
+ printf("usage: errstr [-stats] <errno> ...\n");
+ ret++;
+ }
+ }
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/gendh.c
===================================================================
--- vendor-crypto/openssl/dist/apps/gendh.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/gendh.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,235 +0,0 @@
-/* apps/gendh.c */
-/* obsoleted by dhparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#ifndef OPENSSL_NO_DH
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#define DEFBITS 512
-#undef PROG
-#define PROG gendh_main
-
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- BN_GENCB cb;
- DH *dh=NULL;
- int ret=1,num=DEFBITS;
- int g=2;
- char *outfile=NULL;
- char *inrand=NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- BIO *out=NULL;
-
- apps_startup();
-
- BN_GENCB_set(&cb, dh_cb, bio_err);
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- argv++;
- argc--;
- for (;;)
- {
- if (argc <= 0) break;
- if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-2") == 0)
- g=2;
- /* else if (strcmp(*argv,"-3") == 0)
- g=3; */
- else if (strcmp(*argv,"-5") == 0)
- g=5;
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
- else
- break;
- argv++;
- argc--;
- }
- if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
- {
-bad:
- BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
- BIO_printf(bio_err," -out file - output the key to 'file\n");
- BIO_printf(bio_err," -2 - use 2 as the generator value\n");
- /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
- BIO_printf(bio_err," -5 - use 5 as the generator value\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
-
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
- BIO_printf(bio_err,"This is going to take a long time\n");
-
- if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
- goto end;
-
- app_RAND_write_file(NULL, bio_err);
-
- if (!PEM_write_bio_DHparams(out,dh))
- goto end;
- ret=0;
-end:
- if (ret != 0)
- ERR_print_errors(bio_err);
- if (out != NULL) BIO_free_all(out);
- if (dh != NULL) DH_free(dh);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(cb->arg,&c,1);
- (void)BIO_flush(cb->arg);
-#ifdef LINT
- p=n;
-#endif
- return 1;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/gendh.c (from rev 6976, vendor-crypto/openssl/dist/apps/gendh.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/gendh.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/gendh.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,242 @@
+/* apps/gendh.c */
+/* obsoleted by dhparam.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h>
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
+
+#ifndef OPENSSL_NO_DH
+# include <stdio.h>
+# include <string.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/rand.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+# define DEFBITS 512
+# undef PROG
+# define PROG gendh_main
+
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ BN_GENCB cb;
+ DH *dh = NULL;
+ int ret = 1, num = DEFBITS;
+ int g = 2;
+ char *outfile = NULL;
+ char *inrand = NULL;
+# ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+# endif
+ BIO *out = NULL;
+
+ apps_startup();
+
+ BN_GENCB_set(&cb, dh_cb, bio_err);
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ argv++;
+ argc--;
+ for (;;) {
+ if (argc <= 0)
+ break;
+ if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-2") == 0)
+ g = 2;
+/*- else if (strcmp(*argv,"-3") == 0)
+ g=3; */
+ else if (strcmp(*argv, "-5") == 0)
+ g = 5;
+# ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+# endif
+ else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ } else
+ break;
+ argv++;
+ argc--;
+ }
+ if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
+ bad:
+ BIO_printf(bio_err, "usage: gendh [args] [numbits]\n");
+ BIO_printf(bio_err, " -out file - output the key to 'file\n");
+ BIO_printf(bio_err, " -2 - use 2 as the generator value\n");
+ /*
+ * BIO_printf(bio_err," -3 - use 3 as the generator value\n");
+ */
+ BIO_printf(bio_err, " -5 - use 5 as the generator value\n");
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine e - use engine e, possibly a hardware device.\n");
+# endif
+ BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+ LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err,
+ " - load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ goto end;
+ }
+# ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+# endif
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
+ BIO_printf(bio_err,
+ "warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ BIO_printf(bio_err,
+ "Generating DH parameters, %d bit long safe prime, generator %d\n",
+ num, g);
+ BIO_printf(bio_err, "This is going to take a long time\n");
+
+ if (((dh = DH_new()) == NULL)
+ || !DH_generate_parameters_ex(dh, num, g, &cb))
+ goto end;
+
+ app_RAND_write_file(NULL, bio_err);
+
+ if (!PEM_write_bio_DHparams(out, dh))
+ goto end;
+ ret = 0;
+ end:
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (dh != NULL)
+ DH_free(dh);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ BIO_write(cb->arg, &c, 1);
+ (void)BIO_flush(cb->arg);
+# ifdef LINT
+ p = n;
+# endif
+ return 1;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/gendsa.c
===================================================================
--- vendor-crypto/openssl/dist/apps/gendsa.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/gendsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,285 +0,0 @@
-/* apps/gendsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_DSA
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#define DEFBITS 512
-#undef PROG
-#define PROG gendsa_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- DSA *dsa=NULL;
- int ret=1;
- char *outfile=NULL;
- char *inrand=NULL,*dsaparams=NULL;
- char *passargout = NULL, *passout = NULL;
- BIO *out=NULL,*in=NULL;
- const EVP_CIPHER *enc=NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- argv++;
- argc--;
- for (;;)
- {
- if (argc <= 0) break;
- if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
- else if (strcmp(*argv,"-") == 0)
- goto bad;
-#ifndef OPENSSL_NO_DES
- else if (strcmp(*argv,"-des") == 0)
- enc=EVP_des_cbc();
- else if (strcmp(*argv,"-des3") == 0)
- enc=EVP_des_ede3_cbc();
-#endif
-#ifndef OPENSSL_NO_IDEA
- else if (strcmp(*argv,"-idea") == 0)
- enc=EVP_idea_cbc();
-#endif
-#ifndef OPENSSL_NO_SEED
- else if (strcmp(*argv,"-seed") == 0)
- enc=EVP_seed_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
- else if (strcmp(*argv,"-aes128") == 0)
- enc=EVP_aes_128_cbc();
- else if (strcmp(*argv,"-aes192") == 0)
- enc=EVP_aes_192_cbc();
- else if (strcmp(*argv,"-aes256") == 0)
- enc=EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- else if (strcmp(*argv,"-camellia128") == 0)
- enc=EVP_camellia_128_cbc();
- else if (strcmp(*argv,"-camellia192") == 0)
- enc=EVP_camellia_192_cbc();
- else if (strcmp(*argv,"-camellia256") == 0)
- enc=EVP_camellia_256_cbc();
-#endif
- else if (**argv != '-' && dsaparams == NULL)
- {
- dsaparams = *argv;
- }
- else
- goto bad;
- argv++;
- argc--;
- }
-
- if (dsaparams == NULL)
- {
-bad:
- BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
- BIO_printf(bio_err," -out file - output the key to 'file'\n");
-#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n");
- BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#endif
-#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
-#endif
-#ifndef OPENSSL_NO_SEED
- BIO_printf(bio_err," -seed\n");
- BIO_printf(bio_err," encrypt PEM output with cbc seed\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
-#endif
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," dsaparam-file\n");
- BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
-
- if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
-
- in=BIO_new(BIO_s_file());
- if (!(BIO_read_filename(in,dsaparams)))
- {
- perror(dsaparams);
- goto end;
- }
-
- if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
- {
- BIO_printf(bio_err,"unable to load DSA parameter file\n");
- goto end;
- }
- BIO_free(in);
- in = NULL;
-
- out=BIO_new(BIO_s_file());
- if (out == NULL) goto end;
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- BIO_printf(bio_err,"Generating DSA key, %d bits\n",
- BN_num_bits(dsa->p));
- if (!DSA_generate_key(dsa)) goto end;
-
- app_RAND_write_file(NULL, bio_err);
-
- if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))
- goto end;
- ret=0;
-end:
- if (ret != 0)
- ERR_print_errors(bio_err);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (dsa != NULL) DSA_free(dsa);
- if(passout) OPENSSL_free(passout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-#else /* !OPENSSL_NO_DSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/gendsa.c (from rev 6976, vendor-crypto/openssl/dist/apps/gendsa.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/gendsa.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/gendsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,287 @@
+/* apps/gendsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
+#ifndef OPENSSL_NO_DSA
+# include <stdio.h>
+# include <string.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+
+# define DEFBITS 512
+# undef PROG
+# define PROG gendsa_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ DSA *dsa = NULL;
+ int ret = 1;
+ char *outfile = NULL;
+ char *inrand = NULL, *dsaparams = NULL;
+ char *passargout = NULL, *passout = NULL;
+ BIO *out = NULL, *in = NULL;
+ const EVP_CIPHER *enc = NULL;
+# ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+# endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ argv++;
+ argc--;
+ for (;;) {
+ if (argc <= 0)
+ break;
+ if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-passout") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargout = *(++argv);
+ }
+# ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+# endif
+ else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ } else if (strcmp(*argv, "-") == 0)
+ goto bad;
+# ifndef OPENSSL_NO_DES
+ else if (strcmp(*argv, "-des") == 0)
+ enc = EVP_des_cbc();
+ else if (strcmp(*argv, "-des3") == 0)
+ enc = EVP_des_ede3_cbc();
+# endif
+# ifndef OPENSSL_NO_IDEA
+ else if (strcmp(*argv, "-idea") == 0)
+ enc = EVP_idea_cbc();
+# endif
+# ifndef OPENSSL_NO_SEED
+ else if (strcmp(*argv, "-seed") == 0)
+ enc = EVP_seed_cbc();
+# endif
+# ifndef OPENSSL_NO_AES
+ else if (strcmp(*argv, "-aes128") == 0)
+ enc = EVP_aes_128_cbc();
+ else if (strcmp(*argv, "-aes192") == 0)
+ enc = EVP_aes_192_cbc();
+ else if (strcmp(*argv, "-aes256") == 0)
+ enc = EVP_aes_256_cbc();
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ else if (strcmp(*argv, "-camellia128") == 0)
+ enc = EVP_camellia_128_cbc();
+ else if (strcmp(*argv, "-camellia192") == 0)
+ enc = EVP_camellia_192_cbc();
+ else if (strcmp(*argv, "-camellia256") == 0)
+ enc = EVP_camellia_256_cbc();
+# endif
+ else if (**argv != '-' && dsaparams == NULL) {
+ dsaparams = *argv;
+ } else
+ goto bad;
+ argv++;
+ argc--;
+ }
+
+ if (dsaparams == NULL) {
+ bad:
+ BIO_printf(bio_err, "usage: gendsa [args] dsaparam-file\n");
+ BIO_printf(bio_err, " -out file - output the key to 'file'\n");
+# ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err,
+ " -des - encrypt the generated key with DES in cbc mode\n");
+ BIO_printf(bio_err,
+ " -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+# endif
+# ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err,
+ " -idea - encrypt the generated key with IDEA in cbc mode\n");
+# endif
+# ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err, " -seed\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc seed\n");
+# endif
+# ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc aes\n");
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc camellia\n");
+# endif
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine e - use engine e, possibly a hardware device.\n");
+# endif
+ BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+ LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err,
+ " - load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err, " dsaparam-file\n");
+ BIO_printf(bio_err,
+ " - a DSA parameter file as generated by the dsaparam command\n");
+ goto end;
+ }
+# ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+# endif
+
+ if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ in = BIO_new(BIO_s_file());
+ if (!(BIO_read_filename(in, dsaparams))) {
+ perror(dsaparams);
+ goto end;
+ }
+
+ if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
+ BIO_printf(bio_err, "unable to load DSA parameter file\n");
+ goto end;
+ }
+ BIO_free(in);
+ in = NULL;
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ goto end;
+
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
+ BIO_printf(bio_err,
+ "warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(dsa->p));
+ if (!DSA_generate_key(dsa))
+ goto end;
+
+ app_RAND_write_file(NULL, bio_err);
+
+ if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
+ goto end;
+ ret = 0;
+ end:
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ if (dsa != NULL)
+ DSA_free(dsa);
+ if (passout)
+ OPENSSL_free(passout);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+#else /* !OPENSSL_NO_DSA */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/genrsa.c
===================================================================
--- vendor-crypto/openssl/dist/apps/genrsa.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/genrsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,342 +0,0 @@
-/* apps/genrsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#ifndef OPENSSL_NO_RSA
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-
-#define DEFBITS 512
-#undef PROG
-#define PROG genrsa_main
-
-static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- BN_GENCB cb;
- int ret=1;
- int i,num=DEFBITS;
- long l;
- int use_x931 = 0;
- const EVP_CIPHER *enc=NULL;
- unsigned long f4=RSA_F4;
- char *outfile=NULL;
- char *passargout = NULL, *passout = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- char *inrand=NULL;
- BIO *out=NULL;
- BIGNUM *bn = BN_new();
- RSA *rsa = NULL;
-
- if(!bn) goto err;
-
- apps_startup();
- BN_GENCB_set(&cb, genrsa_cb, bio_err);
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto err;
- if ((out=BIO_new(BIO_s_file())) == NULL)
- {
- BIO_printf(bio_err,"unable to create BIO for output\n");
- goto err;
- }
-
- argv++;
- argc--;
- for (;;)
- {
- if (argc <= 0) break;
- if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-3") == 0)
- f4=3;
- else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
- f4=RSA_F4;
- else if (strcmp(*argv,"-x931") == 0)
- use_x931 = 1;
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
-#ifndef OPENSSL_NO_DES
- else if (strcmp(*argv,"-des") == 0)
- enc=EVP_des_cbc();
- else if (strcmp(*argv,"-des3") == 0)
- enc=EVP_des_ede3_cbc();
-#endif
-#ifndef OPENSSL_NO_IDEA
- else if (strcmp(*argv,"-idea") == 0)
- enc=EVP_idea_cbc();
-#endif
-#ifndef OPENSSL_NO_SEED
- else if (strcmp(*argv,"-seed") == 0)
- enc=EVP_seed_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
- else if (strcmp(*argv,"-aes128") == 0)
- enc=EVP_aes_128_cbc();
- else if (strcmp(*argv,"-aes192") == 0)
- enc=EVP_aes_192_cbc();
- else if (strcmp(*argv,"-aes256") == 0)
- enc=EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- else if (strcmp(*argv,"-camellia128") == 0)
- enc=EVP_camellia_128_cbc();
- else if (strcmp(*argv,"-camellia192") == 0)
- enc=EVP_camellia_192_cbc();
- else if (strcmp(*argv,"-camellia256") == 0)
- enc=EVP_camellia_256_cbc();
-#endif
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
- else
- break;
- argv++;
- argc--;
- }
- if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
- {
-bad:
- BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
- BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n");
- BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n");
-#endif
-#ifndef OPENSSL_NO_SEED
- BIO_printf(bio_err," -seed\n");
- BIO_printf(bio_err," encrypt PEM output with cbc seed\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
-#endif
- BIO_printf(bio_err," -out file output the key to 'file\n");
- BIO_printf(bio_err," -passout arg output file pass phrase source\n");
- BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
- BIO_printf(bio_err," -3 use 3 for the E value\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
- goto err;
- }
-
- ERR_load_crypto_strings();
-
- if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
- BIO_printf(bio_err, "Error getting password\n");
- goto err;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto err;
- }
- }
-
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
- && !RAND_status())
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
- num);
-
- rsa = RSA_new();
- if (!rsa)
- goto err;
-
- if (use_x931)
- {
- BIGNUM *pubexp;
- pubexp = BN_new();
- if (!BN_set_word(pubexp, f4))
- goto err;
- if (!RSA_X931_generate_key_ex(rsa, num, pubexp, &cb))
- goto err;
- BN_free(pubexp);
- }
- else if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
- goto err;
-
- app_RAND_write_file(NULL, bio_err);
-
- /* We need to do the following for when the base number size is <
- * long, esp windows 3.1 :-(. */
- l=0L;
- for (i=0; i<rsa->e->top; i++)
- {
-#ifndef SIXTY_FOUR_BIT
- l<<=BN_BITS4;
- l<<=BN_BITS4;
-#endif
- l+=rsa->e->d[i];
- }
- BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
- {
- PW_CB_DATA cb_data;
- cb_data.password = passout;
- cb_data.prompt_info = outfile;
- if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
- (pem_password_cb *)password_callback,&cb_data))
- goto err;
- }
-
- ret=0;
-err:
- if (bn) BN_free(bn);
- if (rsa) RSA_free(rsa);
- if (out) BIO_free_all(out);
- if(passout) OPENSSL_free(passout);
- if (ret != 0)
- ERR_print_errors(bio_err);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(cb->arg,&c,1);
- (void)BIO_flush(cb->arg);
-#ifdef LINT
- p=n;
-#endif
- return 1;
- }
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/genrsa.c (from rev 6976, vendor-crypto/openssl/dist/apps/genrsa.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/genrsa.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/genrsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,356 @@
+/* apps/genrsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h>
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
+
+#ifndef OPENSSL_NO_RSA
+# include <stdio.h>
+# include <string.h>
+# include <sys/types.h>
+# include <sys/stat.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/bn.h>
+# include <openssl/rsa.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/rand.h>
+
+# define DEFBITS 512
+# undef PROG
+# define PROG genrsa_main
+
+static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ BN_GENCB cb;
+ int ret = 1;
+ int i, num = DEFBITS;
+ long l;
+ int use_x931 = 0;
+ const EVP_CIPHER *enc = NULL;
+ unsigned long f4 = RSA_F4;
+ char *outfile = NULL;
+ char *passargout = NULL, *passout = NULL;
+# ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+# endif
+ char *inrand = NULL;
+ BIO *out = NULL;
+ BIGNUM *bn = BN_new();
+ RSA *rsa = NULL;
+
+ if (!bn)
+ goto err;
+
+ apps_startup();
+ BN_GENCB_set(&cb, genrsa_cb, bio_err);
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto err;
+ if ((out = BIO_new(BIO_s_file())) == NULL) {
+ BIO_printf(bio_err, "unable to create BIO for output\n");
+ goto err;
+ }
+
+ argv++;
+ argc--;
+ for (;;) {
+ if (argc <= 0)
+ break;
+ if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-3") == 0)
+ f4 = 3;
+ else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0)
+ f4 = RSA_F4;
+ else if (strcmp(*argv, "-x931") == 0)
+ use_x931 = 1;
+# ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+# endif
+ else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ }
+# ifndef OPENSSL_NO_DES
+ else if (strcmp(*argv, "-des") == 0)
+ enc = EVP_des_cbc();
+ else if (strcmp(*argv, "-des3") == 0)
+ enc = EVP_des_ede3_cbc();
+# endif
+# ifndef OPENSSL_NO_IDEA
+ else if (strcmp(*argv, "-idea") == 0)
+ enc = EVP_idea_cbc();
+# endif
+# ifndef OPENSSL_NO_SEED
+ else if (strcmp(*argv, "-seed") == 0)
+ enc = EVP_seed_cbc();
+# endif
+# ifndef OPENSSL_NO_AES
+ else if (strcmp(*argv, "-aes128") == 0)
+ enc = EVP_aes_128_cbc();
+ else if (strcmp(*argv, "-aes192") == 0)
+ enc = EVP_aes_192_cbc();
+ else if (strcmp(*argv, "-aes256") == 0)
+ enc = EVP_aes_256_cbc();
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ else if (strcmp(*argv, "-camellia128") == 0)
+ enc = EVP_camellia_128_cbc();
+ else if (strcmp(*argv, "-camellia192") == 0)
+ enc = EVP_camellia_192_cbc();
+ else if (strcmp(*argv, "-camellia256") == 0)
+ enc = EVP_camellia_256_cbc();
+# endif
+ else if (strcmp(*argv, "-passout") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargout = *(++argv);
+ } else
+ break;
+ argv++;
+ argc--;
+ }
+ if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
+ bad:
+ BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n");
+ BIO_printf(bio_err,
+ " -des encrypt the generated key with DES in cbc mode\n");
+ BIO_printf(bio_err,
+ " -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+# ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err,
+ " -idea encrypt the generated key with IDEA in cbc mode\n");
+# endif
+# ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err, " -seed\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc seed\n");
+# endif
+# ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc aes\n");
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc camellia\n");
+# endif
+ BIO_printf(bio_err, " -out file output the key to 'file\n");
+ BIO_printf(bio_err,
+ " -passout arg output file pass phrase source\n");
+ BIO_printf(bio_err,
+ " -f4 use F4 (0x10001) for the E value\n");
+ BIO_printf(bio_err, " -3 use 3 for the E value\n");
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine e use engine e, possibly a hardware device.\n");
+# endif
+ BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+ LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err,
+ " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ goto err;
+ }
+
+ ERR_load_crypto_strings();
+
+ if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto err;
+ }
+# ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+# endif
+
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto err;
+ }
+ }
+
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+ && !RAND_status()) {
+ BIO_printf(bio_err,
+ "warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
+ num);
+
+ rsa = RSA_new();
+ if (!rsa)
+ goto err;
+
+ if (use_x931) {
+ BIGNUM *pubexp;
+ pubexp = BN_new();
+ if (!BN_set_word(pubexp, f4))
+ goto err;
+ if (!RSA_X931_generate_key_ex(rsa, num, pubexp, &cb))
+ goto err;
+ BN_free(pubexp);
+ } else if (!BN_set_word(bn, f4)
+ || !RSA_generate_key_ex(rsa, num, bn, &cb))
+ goto err;
+
+ app_RAND_write_file(NULL, bio_err);
+
+ /*
+ * We need to do the following for when the base number size is < long,
+ * esp windows 3.1 :-(.
+ */
+ l = 0L;
+ for (i = 0; i < rsa->e->top; i++) {
+# ifndef SIXTY_FOUR_BIT
+ l <<= BN_BITS4;
+ l <<= BN_BITS4;
+# endif
+ l += rsa->e->d[i];
+ }
+ BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l);
+ {
+ PW_CB_DATA cb_data;
+ cb_data.password = passout;
+ cb_data.prompt_info = outfile;
+ if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
+ (pem_password_cb *)password_callback,
+ &cb_data))
+ goto err;
+ }
+
+ ret = 0;
+ err:
+ if (bn)
+ BN_free(bn);
+ if (rsa)
+ RSA_free(rsa);
+ if (out)
+ BIO_free_all(out);
+ if (passout)
+ OPENSSL_free(passout);
+ if (ret != 0)
+ ERR_print_errors(bio_err);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ BIO_write(cb->arg, &c, 1);
+ (void)BIO_flush(cb->arg);
+# ifdef LINT
+ p = n;
+# endif
+ return 1;
+}
+#else /* !OPENSSL_NO_RSA */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/nseq.c
===================================================================
--- vendor-crypto/openssl/dist/apps/nseq.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/nseq.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,167 +0,0 @@
-/* nseq.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/pem.h>
-#include <openssl/err.h>
-
-#undef PROG
-#define PROG nseq_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
- char **args, *infile = NULL, *outfile = NULL;
- BIO *in = NULL, *out = NULL;
- int toseq = 0;
- X509 *x509 = NULL;
- NETSCAPE_CERT_SEQUENCE *seq = NULL;
- int i, ret = 1;
- int badarg = 0;
- if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
- ERR_load_crypto_strings();
- args = argv + 1;
- while (!badarg && *args && *args[0] == '-') {
- if (!strcmp (*args, "-toseq")) toseq = 1;
- else if (!strcmp (*args, "-in")) {
- if (args[1]) {
- args++;
- infile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-out")) {
- if (args[1]) {
- args++;
- outfile = *args;
- } else badarg = 1;
- } else badarg = 1;
- args++;
- }
-
- if (badarg) {
- BIO_printf (bio_err, "Netscape certificate sequence utility\n");
- BIO_printf (bio_err, "Usage nseq [options]\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-in file input file\n");
- BIO_printf (bio_err, "-out file output file\n");
- BIO_printf (bio_err, "-toseq output NS Sequence file\n");
- OPENSSL_EXIT(1);
- }
-
- if (infile) {
- if (!(in = BIO_new_file (infile, "r"))) {
- BIO_printf (bio_err,
- "Can't open input file %s\n", infile);
- goto end;
- }
- } else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
- if (outfile) {
- if (!(out = BIO_new_file (outfile, "w"))) {
- BIO_printf (bio_err,
- "Can't open output file %s\n", outfile);
- goto end;
- }
- } else {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- if (toseq) {
- seq = NETSCAPE_CERT_SEQUENCE_new();
- seq->certs = sk_X509_new_null();
- while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
- sk_X509_push(seq->certs,x509);
-
- if(!sk_X509_num(seq->certs))
- {
- BIO_printf (bio_err, "Error reading certs file %s\n", infile);
- ERR_print_errors(bio_err);
- goto end;
- }
- PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
- ret = 0;
- goto end;
- }
-
- if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
- BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- for(i = 0; i < sk_X509_num(seq->certs); i++) {
- x509 = sk_X509_value(seq->certs, i);
- dump_cert_text(out, x509);
- PEM_write_bio_X509(out, x509);
- }
- ret = 0;
-end:
- BIO_free(in);
- BIO_free_all(out);
- NETSCAPE_CERT_SEQUENCE_free(seq);
-
- OPENSSL_EXIT(ret);
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/apps/nseq.c (from rev 6976, vendor-crypto/openssl/dist/apps/nseq.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/nseq.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/nseq.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,170 @@
+/* nseq.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+#undef PROG
+#define PROG nseq_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ char **args, *infile = NULL, *outfile = NULL;
+ BIO *in = NULL, *out = NULL;
+ int toseq = 0;
+ X509 *x509 = NULL;
+ NETSCAPE_CERT_SEQUENCE *seq = NULL;
+ int i, ret = 1;
+ int badarg = 0;
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+ ERR_load_crypto_strings();
+ args = argv + 1;
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp(*args, "-toseq"))
+ toseq = 1;
+ else if (!strcmp(*args, "-in")) {
+ if (args[1]) {
+ args++;
+ infile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-out")) {
+ if (args[1]) {
+ args++;
+ outfile = *args;
+ } else
+ badarg = 1;
+ } else
+ badarg = 1;
+ args++;
+ }
+
+ if (badarg) {
+ BIO_printf(bio_err, "Netscape certificate sequence utility\n");
+ BIO_printf(bio_err, "Usage nseq [options]\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err, "-toseq output NS Sequence file\n");
+ OPENSSL_EXIT(1);
+ }
+
+ if (infile) {
+ if (!(in = BIO_new_file(infile, "r"))) {
+ BIO_printf(bio_err, "Can't open input file %s\n", infile);
+ goto end;
+ }
+ } else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, "w"))) {
+ BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ } else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ if (toseq) {
+ seq = NETSCAPE_CERT_SEQUENCE_new();
+ seq->certs = sk_X509_new_null();
+ while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
+ sk_X509_push(seq->certs, x509);
+
+ if (!sk_X509_num(seq->certs)) {
+ BIO_printf(bio_err, "Error reading certs file %s\n", infile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
+ ret = 0;
+ goto end;
+ }
+
+ if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
+ BIO_printf(bio_err, "Error reading sequence file %s\n", infile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ for (i = 0; i < sk_X509_num(seq->certs); i++) {
+ x509 = sk_X509_value(seq->certs, i);
+ dump_cert_text(out, x509);
+ PEM_write_bio_X509(out, x509);
+ }
+ ret = 0;
+ end:
+ BIO_free(in);
+ BIO_free_all(out);
+ NETSCAPE_CERT_SEQUENCE_free(seq);
+
+ OPENSSL_EXIT(ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/ocsp.c
===================================================================
--- vendor-crypto/openssl/dist/apps/ocsp.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/ocsp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1356 +0,0 @@
-/* ocsp.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#ifndef OPENSSL_NO_OCSP
-#define USE_SOCKETS
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h" /* needs to be included before the openssl headers! */
-#include <openssl/e_os2.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-/* Maximum leeway in validity period: default 5 minutes */
-#define MAX_VALIDITY_PERIOD (5 * 60)
-
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids);
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids);
-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
- STACK *names, STACK_OF(OCSP_CERTID) *ids,
- long nsec, long maxage);
-
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
- X509 *ca, X509 *rcert, EVP_PKEY *rkey,
- STACK_OF(X509) *rother, unsigned long flags,
- int nmin, int ndays);
-
-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
-static BIO *init_responder(char *port);
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
-static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
- OCSP_REQUEST *req, int req_timeout);
-
-#undef PROG
-#define PROG ocsp_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- char **args;
- char *host = NULL, *port = NULL, *path = "/";
- char *thost = NULL, *tport = NULL, *tpath = NULL;
- char *reqin = NULL, *respin = NULL;
- char *reqout = NULL, *respout = NULL;
- char *signfile = NULL, *keyfile = NULL;
- char *rsignfile = NULL, *rkeyfile = NULL;
- char *outfile = NULL;
- int add_nonce = 1, noverify = 0, use_ssl = -1;
- OCSP_REQUEST *req = NULL;
- OCSP_RESPONSE *resp = NULL;
- OCSP_BASICRESP *bs = NULL;
- X509 *issuer = NULL, *cert = NULL;
- X509 *signer = NULL, *rsigner = NULL;
- EVP_PKEY *key = NULL, *rkey = NULL;
- BIO *acbio = NULL, *cbio = NULL;
- BIO *derbio = NULL;
- BIO *out = NULL;
- int req_timeout = -1;
- int req_text = 0, resp_text = 0;
- long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
- char *CAfile = NULL, *CApath = NULL;
- X509_STORE *store = NULL;
- STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
- char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
- unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
- int ret = 1;
- int accept_count = -1;
- int badarg = 0;
- int i;
- int ignore_err = 0;
- STACK *reqnames = NULL;
- STACK_OF(OCSP_CERTID) *ids = NULL;
-
- X509 *rca_cert = NULL;
- char *ridx_filename = NULL;
- char *rca_filename = NULL;
- CA_DB *rdb = NULL;
- int nmin = 0, ndays = -1;
-
- if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
- SSL_load_error_strings();
- OpenSSL_add_ssl_algorithms();
- args = argv + 1;
- reqnames = sk_new_null();
- ids = sk_OCSP_CERTID_new_null();
- while (!badarg && *args && *args[0] == '-')
- {
- if (!strcmp(*args, "-out"))
- {
- if (args[1])
- {
- args++;
- outfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-timeout"))
- {
- if (args[1])
- {
- args++;
- req_timeout = atol(*args);
- if (req_timeout < 0)
- {
- BIO_printf(bio_err,
- "Illegal timeout value %s\n",
- *args);
- badarg = 1;
- }
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-url"))
- {
- if (thost)
- OPENSSL_free(thost);
- if (tport)
- OPENSSL_free(tport);
- if (tpath)
- OPENSSL_free(tpath);
- if (args[1])
- {
- args++;
- if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl))
- {
- BIO_printf(bio_err, "Error parsing URL\n");
- badarg = 1;
- }
- thost = host;
- tport = port;
- tpath = path;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-host"))
- {
- if (args[1])
- {
- args++;
- host = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-port"))
- {
- if (args[1])
- {
- args++;
- port = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-ignore_err"))
- ignore_err = 1;
- else if (!strcmp(*args, "-noverify"))
- noverify = 1;
- else if (!strcmp(*args, "-nonce"))
- add_nonce = 2;
- else if (!strcmp(*args, "-no_nonce"))
- add_nonce = 0;
- else if (!strcmp(*args, "-resp_no_certs"))
- rflags |= OCSP_NOCERTS;
- else if (!strcmp(*args, "-resp_key_id"))
- rflags |= OCSP_RESPID_KEY;
- else if (!strcmp(*args, "-no_certs"))
- sign_flags |= OCSP_NOCERTS;
- else if (!strcmp(*args, "-no_signature_verify"))
- verify_flags |= OCSP_NOSIGS;
- else if (!strcmp(*args, "-no_cert_verify"))
- verify_flags |= OCSP_NOVERIFY;
- else if (!strcmp(*args, "-no_chain"))
- verify_flags |= OCSP_NOCHAIN;
- else if (!strcmp(*args, "-no_cert_checks"))
- verify_flags |= OCSP_NOCHECKS;
- else if (!strcmp(*args, "-no_explicit"))
- verify_flags |= OCSP_NOEXPLICIT;
- else if (!strcmp(*args, "-trust_other"))
- verify_flags |= OCSP_TRUSTOTHER;
- else if (!strcmp(*args, "-no_intern"))
- verify_flags |= OCSP_NOINTERN;
- else if (!strcmp(*args, "-text"))
- {
- req_text = 1;
- resp_text = 1;
- }
- else if (!strcmp(*args, "-req_text"))
- req_text = 1;
- else if (!strcmp(*args, "-resp_text"))
- resp_text = 1;
- else if (!strcmp(*args, "-reqin"))
- {
- if (args[1])
- {
- args++;
- reqin = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-respin"))
- {
- if (args[1])
- {
- args++;
- respin = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-signer"))
- {
- if (args[1])
- {
- args++;
- signfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-VAfile"))
- {
- if (args[1])
- {
- args++;
- verify_certfile = *args;
- verify_flags |= OCSP_TRUSTOTHER;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-sign_other"))
- {
- if (args[1])
- {
- args++;
- sign_certfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-verify_other"))
- {
- if (args[1])
- {
- args++;
- verify_certfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-CAfile"))
- {
- if (args[1])
- {
- args++;
- CAfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-CApath"))
- {
- if (args[1])
- {
- args++;
- CApath = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-validity_period"))
- {
- if (args[1])
- {
- args++;
- nsec = atol(*args);
- if (nsec < 0)
- {
- BIO_printf(bio_err,
- "Illegal validity period %s\n",
- *args);
- badarg = 1;
- }
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-status_age"))
- {
- if (args[1])
- {
- args++;
- maxage = atol(*args);
- if (maxage < 0)
- {
- BIO_printf(bio_err,
- "Illegal validity age %s\n",
- *args);
- badarg = 1;
- }
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-signkey"))
- {
- if (args[1])
- {
- args++;
- keyfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-reqout"))
- {
- if (args[1])
- {
- args++;
- reqout = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-respout"))
- {
- if (args[1])
- {
- args++;
- respout = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-path"))
- {
- if (args[1])
- {
- args++;
- path = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-issuer"))
- {
- if (args[1])
- {
- args++;
- X509_free(issuer);
- issuer = load_cert(bio_err, *args, FORMAT_PEM,
- NULL, e, "issuer certificate");
- if(!issuer) goto end;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-cert"))
- {
- if (args[1])
- {
- args++;
- X509_free(cert);
- cert = load_cert(bio_err, *args, FORMAT_PEM,
- NULL, e, "certificate");
- if(!cert) goto end;
- if(!add_ocsp_cert(&req, cert, issuer, ids))
- goto end;
- if(!sk_push(reqnames, *args))
- goto end;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-serial"))
- {
- if (args[1])
- {
- args++;
- if(!add_ocsp_serial(&req, *args, issuer, ids))
- goto end;
- if(!sk_push(reqnames, *args))
- goto end;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-index"))
- {
- if (args[1])
- {
- args++;
- ridx_filename = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-CA"))
- {
- if (args[1])
- {
- args++;
- rca_filename = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-nmin"))
- {
- if (args[1])
- {
- args++;
- nmin = atol(*args);
- if (nmin < 0)
- {
- BIO_printf(bio_err,
- "Illegal update period %s\n",
- *args);
- badarg = 1;
- }
- }
- if (ndays == -1)
- ndays = 0;
- else badarg = 1;
- }
- else if (!strcmp (*args, "-nrequest"))
- {
- if (args[1])
- {
- args++;
- accept_count = atol(*args);
- if (accept_count < 0)
- {
- BIO_printf(bio_err,
- "Illegal accept count %s\n",
- *args);
- badarg = 1;
- }
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-ndays"))
- {
- if (args[1])
- {
- args++;
- ndays = atol(*args);
- if (ndays < 0)
- {
- BIO_printf(bio_err,
- "Illegal update period %s\n",
- *args);
- badarg = 1;
- }
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-rsigner"))
- {
- if (args[1])
- {
- args++;
- rsignfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-rkey"))
- {
- if (args[1])
- {
- args++;
- rkeyfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-rother"))
- {
- if (args[1])
- {
- args++;
- rcertfile = *args;
- }
- else badarg = 1;
- }
- else badarg = 1;
- args++;
- }
-
- /* Have we anything to do? */
- if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1;
-
- if (badarg)
- {
- BIO_printf (bio_err, "OCSP utility\n");
- BIO_printf (bio_err, "Usage ocsp [options]\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-out file output filename\n");
- BIO_printf (bio_err, "-issuer file issuer certificate\n");
- BIO_printf (bio_err, "-cert file certificate to check\n");
- BIO_printf (bio_err, "-serial n serial number to check\n");
- BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n");
- BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n");
- BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n");
- BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n");
- BIO_printf (bio_err, "-req_text print text form of request\n");
- BIO_printf (bio_err, "-resp_text print text form of response\n");
- BIO_printf (bio_err, "-text print text form of request and response\n");
- BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n");
- BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n");
- BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n");
- BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n");
- BIO_printf (bio_err, "-nonce add OCSP nonce to request\n");
- BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n");
- BIO_printf (bio_err, "-url URL OCSP responder URL\n");
- BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n");
- BIO_printf (bio_err, "-path path to use in OCSP request\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf (bio_err, "-VAfile file validator certificates file\n");
- BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
- BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
- BIO_printf (bio_err, "-noverify don't verify response at all\n");
- BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
- BIO_printf (bio_err, "-trust_other don't verify additional certificates\n");
- BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n");
- BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
- BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
- BIO_printf (bio_err, "-no_chain don't chain verify response\n");
- BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
- BIO_printf (bio_err, "-port num port to run responder on\n");
- BIO_printf (bio_err, "-index file certificate status index file\n");
- BIO_printf (bio_err, "-CA file CA certificate\n");
- BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n");
- BIO_printf (bio_err, "-rkey file responder key to sign responses with\n");
- BIO_printf (bio_err, "-rother file other certificates to include in response\n");
- BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n");
- BIO_printf (bio_err, "-nmin n number of minutes before next update\n");
- BIO_printf (bio_err, "-ndays n number of days before next update\n");
- BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
- BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
- goto end;
- }
-
- if(outfile) out = BIO_new_file(outfile, "w");
- else out = BIO_new_fp(stdout, BIO_NOCLOSE);
-
- if(!out)
- {
- BIO_printf(bio_err, "Error opening output file\n");
- goto end;
- }
-
- if (!req && (add_nonce != 2)) add_nonce = 0;
-
- if (!req && reqin)
- {
- derbio = BIO_new_file(reqin, "rb");
- if (!derbio)
- {
- BIO_printf(bio_err, "Error Opening OCSP request file\n");
- goto end;
- }
- req = d2i_OCSP_REQUEST_bio(derbio, NULL);
- BIO_free(derbio);
- if(!req)
- {
- BIO_printf(bio_err, "Error reading OCSP request\n");
- goto end;
- }
- }
-
- if (!req && port)
- {
- acbio = init_responder(port);
- if (!acbio)
- goto end;
- }
-
- if (rsignfile && !rdb)
- {
- if (!rkeyfile) rkeyfile = rsignfile;
- rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
- NULL, e, "responder certificate");
- if (!rsigner)
- {
- BIO_printf(bio_err, "Error loading responder certificate\n");
- goto end;
- }
- rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
- NULL, e, "CA certificate");
- if (rcertfile)
- {
- rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
- NULL, e, "responder other certificates");
- if (!rother) goto end;
- }
- rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
- "responder private key");
- if (!rkey)
- goto end;
- }
- if(acbio)
- BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
-
- redo_accept:
-
- if (acbio)
- {
- if (!do_responder(&req, &cbio, acbio, port))
- goto end;
- if (!req)
- {
- resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
- send_ocsp_response(cbio, resp);
- goto done_resp;
- }
- }
-
- if (!req && (signfile || reqout || host || add_nonce || ridx_filename))
- {
- BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
- goto end;
- }
-
- if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1);
-
- if (signfile)
- {
- if (!keyfile) keyfile = signfile;
- signer = load_cert(bio_err, signfile, FORMAT_PEM,
- NULL, e, "signer certificate");
- if (!signer)
- {
- BIO_printf(bio_err, "Error loading signer certificate\n");
- goto end;
- }
- if (sign_certfile)
- {
- sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
- NULL, e, "signer certificates");
- if (!sign_other) goto end;
- }
- key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
- "signer private key");
- if (!key)
- goto end;
- if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags))
- {
- BIO_printf(bio_err, "Error signing OCSP request\n");
- goto end;
- }
- }
-
- if (req_text && req) OCSP_REQUEST_print(out, req, 0);
-
- if (reqout)
- {
- derbio = BIO_new_file(reqout, "wb");
- if(!derbio)
- {
- BIO_printf(bio_err, "Error opening file %s\n", reqout);
- goto end;
- }
- i2d_OCSP_REQUEST_bio(derbio, req);
- BIO_free(derbio);
- }
-
- if (ridx_filename && (!rkey || !rsigner || !rca_cert))
- {
- BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
- goto end;
- }
-
- if (ridx_filename && !rdb)
- {
- rdb = load_index(ridx_filename, NULL);
- if (!rdb) goto end;
- if (!index_index(rdb)) goto end;
- }
-
- if (rdb)
- {
- i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays);
- if (cbio)
- send_ocsp_response(cbio, resp);
- }
- else if (host)
- {
-#ifndef OPENSSL_NO_SOCK
- resp = process_responder(bio_err, req, host, path,
- port, use_ssl, req_timeout);
- if (!resp)
- goto end;
-#else
- BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
- goto end;
-#endif
- }
- else if (respin)
- {
- derbio = BIO_new_file(respin, "rb");
- if (!derbio)
- {
- BIO_printf(bio_err, "Error Opening OCSP response file\n");
- goto end;
- }
- resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
- BIO_free(derbio);
- if(!resp)
- {
- BIO_printf(bio_err, "Error reading OCSP response\n");
- goto end;
- }
-
- }
- else
- {
- ret = 0;
- goto end;
- }
-
- done_resp:
-
- if (respout)
- {
- derbio = BIO_new_file(respout, "wb");
- if(!derbio)
- {
- BIO_printf(bio_err, "Error opening file %s\n", respout);
- goto end;
- }
- i2d_OCSP_RESPONSE_bio(derbio, resp);
- BIO_free(derbio);
- }
-
- i = OCSP_response_status(resp);
-
- if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
- {
- BIO_printf(out, "Responder Error: %s (%d)\n",
- OCSP_response_status_str(i), i);
- if (ignore_err)
- goto redo_accept;
- ret = 0;
- goto end;
- }
-
- if (resp_text) OCSP_RESPONSE_print(out, resp, 0);
-
- /* If running as responder don't verify our own response */
- if (cbio)
- {
- if (accept_count > 0)
- accept_count--;
- /* Redo if more connections needed */
- if (accept_count)
- {
- BIO_free_all(cbio);
- cbio = NULL;
- OCSP_REQUEST_free(req);
- req = NULL;
- OCSP_RESPONSE_free(resp);
- resp = NULL;
- goto redo_accept;
- }
- goto end;
- }
-
- if (!store)
- store = setup_verify(bio_err, CAfile, CApath);
- if (!store)
- goto end;
- if (verify_certfile)
- {
- verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
- NULL, e, "validator certificate");
- if (!verify_other) goto end;
- }
-
- bs = OCSP_response_get1_basic(resp);
-
- if (!bs)
- {
- BIO_printf(bio_err, "Error parsing response\n");
- goto end;
- }
-
- if (!noverify)
- {
- if (req && ((i = OCSP_check_nonce(req, bs)) <= 0))
- {
- if (i == -1)
- BIO_printf(bio_err, "WARNING: no nonce in response\n");
- else
- {
- BIO_printf(bio_err, "Nonce Verify error\n");
- goto end;
- }
- }
-
- i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
- if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);
-
- if(i <= 0)
- {
- BIO_printf(bio_err, "Response Verify Failure\n");
- ERR_print_errors(bio_err);
- }
- else
- BIO_printf(bio_err, "Response verify OK\n");
-
- }
-
- if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
- goto end;
-
- ret = 0;
-
-end:
- ERR_print_errors(bio_err);
- X509_free(signer);
- X509_STORE_free(store);
- EVP_PKEY_free(key);
- EVP_PKEY_free(rkey);
- X509_free(issuer);
- X509_free(cert);
- X509_free(rsigner);
- X509_free(rca_cert);
- free_index(rdb);
- BIO_free_all(cbio);
- BIO_free_all(acbio);
- BIO_free(out);
- OCSP_REQUEST_free(req);
- OCSP_RESPONSE_free(resp);
- OCSP_BASICRESP_free(bs);
- sk_free(reqnames);
- sk_OCSP_CERTID_free(ids);
- sk_X509_pop_free(sign_other, X509_free);
- sk_X509_pop_free(verify_other, X509_free);
-
- if (thost)
- OPENSSL_free(thost);
- if (tport)
- OPENSSL_free(tport);
- if (tpath)
- OPENSSL_free(tpath);
-
- OPENSSL_EXIT(ret);
-}
-
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids)
- {
- OCSP_CERTID *id;
- if(!issuer)
- {
- BIO_printf(bio_err, "No issuer certificate specified\n");
- return 0;
- }
- if(!*req) *req = OCSP_REQUEST_new();
- if(!*req) goto err;
- id = OCSP_cert_to_id(NULL, cert, issuer);
- if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
- if(!OCSP_request_add0_id(*req, id)) goto err;
- return 1;
-
- err:
- BIO_printf(bio_err, "Error Creating OCSP request\n");
- return 0;
- }
-
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids)
- {
- OCSP_CERTID *id;
- X509_NAME *iname;
- ASN1_BIT_STRING *ikey;
- ASN1_INTEGER *sno;
- if(!issuer)
- {
- BIO_printf(bio_err, "No issuer certificate specified\n");
- return 0;
- }
- if(!*req) *req = OCSP_REQUEST_new();
- if(!*req) goto err;
- iname = X509_get_subject_name(issuer);
- ikey = X509_get0_pubkey_bitstr(issuer);
- sno = s2i_ASN1_INTEGER(NULL, serial);
- if(!sno)
- {
- BIO_printf(bio_err, "Error converting serial number %s\n", serial);
- return 0;
- }
- id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);
- ASN1_INTEGER_free(sno);
- if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
- if(!OCSP_request_add0_id(*req, id)) goto err;
- return 1;
-
- err:
- BIO_printf(bio_err, "Error Creating OCSP request\n");
- return 0;
- }
-
-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
- STACK *names, STACK_OF(OCSP_CERTID) *ids,
- long nsec, long maxage)
- {
- OCSP_CERTID *id;
- char *name;
- int i;
-
- int status, reason;
-
- ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
-
- if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))
- return 1;
-
- for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
- {
- id = sk_OCSP_CERTID_value(ids, i);
- name = sk_value(names, i);
- BIO_printf(out, "%s: ", name);
-
- if(!OCSP_resp_find_status(bs, id, &status, &reason,
- &rev, &thisupd, &nextupd))
- {
- BIO_puts(out, "ERROR: No Status found.\n");
- continue;
- }
-
- /* Check validity: if invalid write to output BIO so we
- * know which response this refers to.
- */
- if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage))
- {
- BIO_puts(out, "WARNING: Status times invalid.\n");
- ERR_print_errors(out);
- }
- BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
-
- BIO_puts(out, "\tThis Update: ");
- ASN1_GENERALIZEDTIME_print(out, thisupd);
- BIO_puts(out, "\n");
-
- if(nextupd)
- {
- BIO_puts(out, "\tNext Update: ");
- ASN1_GENERALIZEDTIME_print(out, nextupd);
- BIO_puts(out, "\n");
- }
-
- if (status != V_OCSP_CERTSTATUS_REVOKED)
- continue;
-
- if (reason != -1)
- BIO_printf(out, "\tReason: %s\n",
- OCSP_crl_reason_str(reason));
-
- BIO_puts(out, "\tRevocation Time: ");
- ASN1_GENERALIZEDTIME_print(out, rev);
- BIO_puts(out, "\n");
- }
-
- return 1;
- }
-
-
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
- X509 *ca, X509 *rcert, EVP_PKEY *rkey,
- STACK_OF(X509) *rother, unsigned long flags,
- int nmin, int ndays)
- {
- ASN1_TIME *thisupd = NULL, *nextupd = NULL;
- OCSP_CERTID *cid, *ca_id = NULL;
- OCSP_BASICRESP *bs = NULL;
- int i, id_count, ret = 1;
-
-
- id_count = OCSP_request_onereq_count(req);
-
- if (id_count <= 0)
- {
- *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
- goto end;
- }
-
- ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca);
-
- bs = OCSP_BASICRESP_new();
- thisupd = X509_gmtime_adj(NULL, 0);
- if (ndays != -1)
- nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 );
-
- /* Examine each certificate id in the request */
- for (i = 0; i < id_count; i++)
- {
- OCSP_ONEREQ *one;
- ASN1_INTEGER *serial;
- char **inf;
- one = OCSP_request_onereq_get0(req, i);
- cid = OCSP_onereq_get0_id(one);
- /* Is this request about our CA? */
- if (OCSP_id_issuer_cmp(ca_id, cid))
- {
- OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_UNKNOWN,
- 0, NULL,
- thisupd, nextupd);
- continue;
- }
- OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
- inf = lookup_serial(db, serial);
- if (!inf)
- OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_UNKNOWN,
- 0, NULL,
- thisupd, nextupd);
- else if (inf[DB_type][0] == DB_TYPE_VAL)
- OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_GOOD,
- 0, NULL,
- thisupd, nextupd);
- else if (inf[DB_type][0] == DB_TYPE_REV)
- {
- ASN1_OBJECT *inst = NULL;
- ASN1_TIME *revtm = NULL;
- ASN1_GENERALIZEDTIME *invtm = NULL;
- OCSP_SINGLERESP *single;
- int reason = -1;
- unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
- single = OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_REVOKED,
- reason, revtm,
- thisupd, nextupd);
- if (invtm)
- OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0);
- else if (inst)
- OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0);
- ASN1_OBJECT_free(inst);
- ASN1_TIME_free(revtm);
- ASN1_GENERALIZEDTIME_free(invtm);
- }
- }
-
- OCSP_copy_nonce(bs, req);
-
- OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags);
-
- *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
-
- end:
- ASN1_TIME_free(thisupd);
- ASN1_TIME_free(nextupd);
- OCSP_CERTID_free(ca_id);
- OCSP_BASICRESP_free(bs);
- return ret;
-
- }
-
-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
- {
- int i;
- BIGNUM *bn = NULL;
- char *itmp, *row[DB_NUMBER],**rrow;
- for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
- bn = ASN1_INTEGER_to_BN(ser,NULL);
- OPENSSL_assert(bn); /* FIXME: should report an error at this point and abort */
- if (BN_is_zero(bn))
- itmp = BUF_strdup("00");
- else
- itmp = BN_bn2hex(bn);
- row[DB_serial] = itmp;
- BN_free(bn);
- rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
- OPENSSL_free(itmp);
- return rrow;
- }
-
-/* Quick and dirty OCSP server: read in and parse input request */
-
-static BIO *init_responder(char *port)
- {
- BIO *acbio = NULL, *bufbio = NULL;
- bufbio = BIO_new(BIO_f_buffer());
- if (!bufbio)
- goto err;
-#ifndef OPENSSL_NO_SOCK
- acbio = BIO_new_accept(port);
-#else
- BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n");
-#endif
- if (!acbio)
- goto err;
- BIO_set_accept_bios(acbio, bufbio);
- bufbio = NULL;
-
- if (BIO_do_accept(acbio) <= 0)
- {
- BIO_printf(bio_err, "Error setting up accept BIO\n");
- ERR_print_errors(bio_err);
- goto err;
- }
-
- return acbio;
-
- err:
- BIO_free_all(acbio);
- BIO_free(bufbio);
- return NULL;
- }
-
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)
- {
- int have_post = 0, len;
- OCSP_REQUEST *req = NULL;
- char inbuf[1024];
- BIO *cbio = NULL;
-
- if (BIO_do_accept(acbio) <= 0)
- {
- BIO_printf(bio_err, "Error accepting connection\n");
- ERR_print_errors(bio_err);
- return 0;
- }
-
- cbio = BIO_pop(acbio);
- *pcbio = cbio;
-
- for(;;)
- {
- len = BIO_gets(cbio, inbuf, sizeof inbuf);
- if (len <= 0)
- return 1;
- /* Look for "POST" signalling start of query */
- if (!have_post)
- {
- if(strncmp(inbuf, "POST", 4))
- {
- BIO_printf(bio_err, "Invalid request\n");
- return 1;
- }
- have_post = 1;
- }
- /* Look for end of headers */
- if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
- break;
- }
-
- /* Try to read OCSP request */
-
- req = d2i_OCSP_REQUEST_bio(cbio, NULL);
-
- if (!req)
- {
- BIO_printf(bio_err, "Error parsing OCSP request\n");
- ERR_print_errors(bio_err);
- }
-
- *preq = req;
-
- return 1;
-
- }
-
-static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
- {
- char http_resp[] =
- "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
- "Content-Length: %d\r\n\r\n";
- if (!cbio)
- return 0;
- BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
- i2d_OCSP_RESPONSE_bio(cbio, resp);
- (void)BIO_flush(cbio);
- return 1;
- }
-
-static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
- OCSP_REQUEST *req, int req_timeout)
- {
- int fd;
- int rv;
- OCSP_REQ_CTX *ctx = NULL;
- OCSP_RESPONSE *rsp = NULL;
- fd_set confds;
- struct timeval tv;
-
- if (req_timeout != -1)
- BIO_set_nbio(cbio, 1);
-
- rv = BIO_do_connect(cbio);
-
- if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio)))
- {
- BIO_puts(err, "Error connecting BIO\n");
- return NULL;
- }
-
- if (req_timeout == -1)
- return OCSP_sendreq_bio(cbio, path, req);
-
- if (BIO_get_fd(cbio, &fd) <= 0)
- {
- BIO_puts(err, "Can't get connection fd\n");
- goto err;
- }
-
- if (rv <= 0)
- {
- FD_ZERO(&confds);
- openssl_fdset(fd, &confds);
- tv.tv_usec = 0;
- tv.tv_sec = req_timeout;
- rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
- if (rv == 0)
- {
- BIO_puts(err, "Timeout on connect\n");
- return NULL;
- }
- }
-
-
- ctx = OCSP_sendreq_new(cbio, path, req, -1);
- if (!ctx)
- return NULL;
-
- for (;;)
- {
- rv = OCSP_sendreq_nbio(&rsp, ctx);
- if (rv != -1)
- break;
- FD_ZERO(&confds);
- openssl_fdset(fd, &confds);
- tv.tv_usec = 0;
- tv.tv_sec = req_timeout;
- if (BIO_should_read(cbio))
- rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
- else if (BIO_should_write(cbio))
- rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
- else
- {
- BIO_puts(err, "Unexpected retry condition\n");
- goto err;
- }
- if (rv == 0)
- {
- BIO_puts(err, "Timeout on request\n");
- break;
- }
- if (rv == -1)
- {
- BIO_puts(err, "Select error\n");
- break;
- }
-
- }
- err:
- if (ctx)
- OCSP_REQ_CTX_free(ctx);
-
- return rsp;
- }
-
-OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
- char *host, char *path, char *port, int use_ssl,
- int req_timeout)
- {
- BIO *cbio = NULL;
- SSL_CTX *ctx = NULL;
- OCSP_RESPONSE *resp = NULL;
- cbio = BIO_new_connect(host);
- if (!cbio)
- {
- BIO_printf(err, "Error creating connect BIO\n");
- goto end;
- }
- if (port) BIO_set_conn_port(cbio, port);
- if (use_ssl == 1)
- {
- BIO *sbio;
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- ctx = SSL_CTX_new(SSLv23_client_method());
-#elif !defined(OPENSSL_NO_SSL3)
- ctx = SSL_CTX_new(SSLv3_client_method());
-#elif !defined(OPENSSL_NO_SSL2)
- ctx = SSL_CTX_new(SSLv2_client_method());
-#else
- BIO_printf(err, "SSL is disabled\n");
- goto end;
-#endif
- if (ctx == NULL)
- {
- BIO_printf(err, "Error creating SSL context.\n");
- goto end;
- }
- SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
- sbio = BIO_new_ssl(ctx, 1);
- cbio = BIO_push(sbio, cbio);
- }
- resp = query_responder(err, cbio, path, req, req_timeout);
- if (!resp)
- BIO_printf(bio_err, "Error querying OCSP responder\n");
- end:
- if (ctx)
- SSL_CTX_free(ctx);
- if (cbio)
- BIO_free_all(cbio);
- return resp;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/ocsp.c (from rev 6976, vendor-crypto/openssl/dist/apps/ocsp.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/ocsp.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/ocsp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1250 @@
+/* ocsp.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#ifndef OPENSSL_NO_OCSP
+# define USE_SOCKETS
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h" /* needs to be included before the openssl
+ * headers! */
+# include <openssl/e_os2.h>
+# include <openssl/ssl.h>
+# include <openssl/err.h>
+
+/* Maximum leeway in validity period: default 5 minutes */
+# define MAX_VALIDITY_PERIOD (5 * 60)
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids);
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids);
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+ STACK * names, STACK_OF(OCSP_CERTID) *ids,
+ long nsec, long maxage);
+
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
+ CA_DB *db, X509 *ca, X509 *rcert,
+ EVP_PKEY *rkey, STACK_OF(X509) *rother,
+ unsigned long flags, int nmin, int ndays);
+
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
+static BIO *init_responder(char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
+ char *port);
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+ OCSP_REQUEST *req, int req_timeout);
+
+# undef PROG
+# define PROG ocsp_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ char **args;
+ char *host = NULL, *port = NULL, *path = "/";
+ char *thost = NULL, *tport = NULL, *tpath = NULL;
+ char *reqin = NULL, *respin = NULL;
+ char *reqout = NULL, *respout = NULL;
+ char *signfile = NULL, *keyfile = NULL;
+ char *rsignfile = NULL, *rkeyfile = NULL;
+ char *outfile = NULL;
+ int add_nonce = 1, noverify = 0, use_ssl = -1;
+ OCSP_REQUEST *req = NULL;
+ OCSP_RESPONSE *resp = NULL;
+ OCSP_BASICRESP *bs = NULL;
+ X509 *issuer = NULL, *cert = NULL;
+ X509 *signer = NULL, *rsigner = NULL;
+ EVP_PKEY *key = NULL, *rkey = NULL;
+ BIO *acbio = NULL, *cbio = NULL;
+ BIO *derbio = NULL;
+ BIO *out = NULL;
+ int req_timeout = -1;
+ int req_text = 0, resp_text = 0;
+ long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
+ char *CAfile = NULL, *CApath = NULL;
+ X509_STORE *store = NULL;
+ STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+ char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
+ unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
+ int ret = 1;
+ int accept_count = -1;
+ int badarg = 0;
+ int i;
+ int ignore_err = 0;
+ STACK *reqnames = NULL;
+ STACK_OF(OCSP_CERTID) *ids = NULL;
+
+ X509 *rca_cert = NULL;
+ char *ridx_filename = NULL;
+ char *rca_filename = NULL;
+ CA_DB *rdb = NULL;
+ int nmin = 0, ndays = -1;
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+ SSL_load_error_strings();
+ OpenSSL_add_ssl_algorithms();
+ args = argv + 1;
+ reqnames = sk_new_null();
+ ids = sk_OCSP_CERTID_new_null();
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp(*args, "-out")) {
+ if (args[1]) {
+ args++;
+ outfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-timeout")) {
+ if (args[1]) {
+ args++;
+ req_timeout = atol(*args);
+ if (req_timeout < 0) {
+ BIO_printf(bio_err, "Illegal timeout value %s\n", *args);
+ badarg = 1;
+ }
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-url")) {
+ if (thost)
+ OPENSSL_free(thost);
+ if (tport)
+ OPENSSL_free(tport);
+ if (tpath)
+ OPENSSL_free(tpath);
+ if (args[1]) {
+ args++;
+ if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl)) {
+ BIO_printf(bio_err, "Error parsing URL\n");
+ badarg = 1;
+ }
+ thost = host;
+ tport = port;
+ tpath = path;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-host")) {
+ if (args[1]) {
+ args++;
+ host = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-port")) {
+ if (args[1]) {
+ args++;
+ port = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-ignore_err"))
+ ignore_err = 1;
+ else if (!strcmp(*args, "-noverify"))
+ noverify = 1;
+ else if (!strcmp(*args, "-nonce"))
+ add_nonce = 2;
+ else if (!strcmp(*args, "-no_nonce"))
+ add_nonce = 0;
+ else if (!strcmp(*args, "-resp_no_certs"))
+ rflags |= OCSP_NOCERTS;
+ else if (!strcmp(*args, "-resp_key_id"))
+ rflags |= OCSP_RESPID_KEY;
+ else if (!strcmp(*args, "-no_certs"))
+ sign_flags |= OCSP_NOCERTS;
+ else if (!strcmp(*args, "-no_signature_verify"))
+ verify_flags |= OCSP_NOSIGS;
+ else if (!strcmp(*args, "-no_cert_verify"))
+ verify_flags |= OCSP_NOVERIFY;
+ else if (!strcmp(*args, "-no_chain"))
+ verify_flags |= OCSP_NOCHAIN;
+ else if (!strcmp(*args, "-no_cert_checks"))
+ verify_flags |= OCSP_NOCHECKS;
+ else if (!strcmp(*args, "-no_explicit"))
+ verify_flags |= OCSP_NOEXPLICIT;
+ else if (!strcmp(*args, "-trust_other"))
+ verify_flags |= OCSP_TRUSTOTHER;
+ else if (!strcmp(*args, "-no_intern"))
+ verify_flags |= OCSP_NOINTERN;
+ else if (!strcmp(*args, "-text")) {
+ req_text = 1;
+ resp_text = 1;
+ } else if (!strcmp(*args, "-req_text"))
+ req_text = 1;
+ else if (!strcmp(*args, "-resp_text"))
+ resp_text = 1;
+ else if (!strcmp(*args, "-reqin")) {
+ if (args[1]) {
+ args++;
+ reqin = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-respin")) {
+ if (args[1]) {
+ args++;
+ respin = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-signer")) {
+ if (args[1]) {
+ args++;
+ signfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-VAfile")) {
+ if (args[1]) {
+ args++;
+ verify_certfile = *args;
+ verify_flags |= OCSP_TRUSTOTHER;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-sign_other")) {
+ if (args[1]) {
+ args++;
+ sign_certfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-verify_other")) {
+ if (args[1]) {
+ args++;
+ verify_certfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CAfile")) {
+ if (args[1]) {
+ args++;
+ CAfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CApath")) {
+ if (args[1]) {
+ args++;
+ CApath = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-validity_period")) {
+ if (args[1]) {
+ args++;
+ nsec = atol(*args);
+ if (nsec < 0) {
+ BIO_printf(bio_err,
+ "Illegal validity period %s\n", *args);
+ badarg = 1;
+ }
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-status_age")) {
+ if (args[1]) {
+ args++;
+ maxage = atol(*args);
+ if (maxage < 0) {
+ BIO_printf(bio_err, "Illegal validity age %s\n", *args);
+ badarg = 1;
+ }
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-signkey")) {
+ if (args[1]) {
+ args++;
+ keyfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-reqout")) {
+ if (args[1]) {
+ args++;
+ reqout = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-respout")) {
+ if (args[1]) {
+ args++;
+ respout = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-path")) {
+ if (args[1]) {
+ args++;
+ path = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-issuer")) {
+ if (args[1]) {
+ args++;
+ X509_free(issuer);
+ issuer = load_cert(bio_err, *args, FORMAT_PEM,
+ NULL, e, "issuer certificate");
+ if (!issuer)
+ goto end;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-cert")) {
+ if (args[1]) {
+ args++;
+ X509_free(cert);
+ cert = load_cert(bio_err, *args, FORMAT_PEM,
+ NULL, e, "certificate");
+ if (!cert)
+ goto end;
+ if (!add_ocsp_cert(&req, cert, issuer, ids))
+ goto end;
+ if (!sk_push(reqnames, *args))
+ goto end;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-serial")) {
+ if (args[1]) {
+ args++;
+ if (!add_ocsp_serial(&req, *args, issuer, ids))
+ goto end;
+ if (!sk_push(reqnames, *args))
+ goto end;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-index")) {
+ if (args[1]) {
+ args++;
+ ridx_filename = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CA")) {
+ if (args[1]) {
+ args++;
+ rca_filename = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-nmin")) {
+ if (args[1]) {
+ args++;
+ nmin = atol(*args);
+ if (nmin < 0) {
+ BIO_printf(bio_err, "Illegal update period %s\n", *args);
+ badarg = 1;
+ }
+ }
+ if (ndays == -1)
+ ndays = 0;
+ else
+ badarg = 1;
+ } else if (!strcmp(*args, "-nrequest")) {
+ if (args[1]) {
+ args++;
+ accept_count = atol(*args);
+ if (accept_count < 0) {
+ BIO_printf(bio_err, "Illegal accept count %s\n", *args);
+ badarg = 1;
+ }
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-ndays")) {
+ if (args[1]) {
+ args++;
+ ndays = atol(*args);
+ if (ndays < 0) {
+ BIO_printf(bio_err, "Illegal update period %s\n", *args);
+ badarg = 1;
+ }
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-rsigner")) {
+ if (args[1]) {
+ args++;
+ rsignfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-rkey")) {
+ if (args[1]) {
+ args++;
+ rkeyfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-rother")) {
+ if (args[1]) {
+ args++;
+ rcertfile = *args;
+ } else
+ badarg = 1;
+ } else
+ badarg = 1;
+ args++;
+ }
+
+ /* Have we anything to do? */
+ if (!req && !reqin && !respin && !(port && ridx_filename))
+ badarg = 1;
+
+ if (badarg) {
+ BIO_printf(bio_err, "OCSP utility\n");
+ BIO_printf(bio_err, "Usage ocsp [options]\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-out file output filename\n");
+ BIO_printf(bio_err, "-issuer file issuer certificate\n");
+ BIO_printf(bio_err, "-cert file certificate to check\n");
+ BIO_printf(bio_err, "-serial n serial number to check\n");
+ BIO_printf(bio_err,
+ "-signer file certificate to sign OCSP request with\n");
+ BIO_printf(bio_err,
+ "-signkey file private key to sign OCSP request with\n");
+ BIO_printf(bio_err,
+ "-sign_other file additional certificates to include in signed request\n");
+ BIO_printf(bio_err,
+ "-no_certs don't include any certificates in signed request\n");
+ BIO_printf(bio_err,
+ "-req_text print text form of request\n");
+ BIO_printf(bio_err,
+ "-resp_text print text form of response\n");
+ BIO_printf(bio_err,
+ "-text print text form of request and response\n");
+ BIO_printf(bio_err,
+ "-reqout file write DER encoded OCSP request to \"file\"\n");
+ BIO_printf(bio_err,
+ "-respout file write DER encoded OCSP reponse to \"file\"\n");
+ BIO_printf(bio_err,
+ "-reqin file read DER encoded OCSP request from \"file\"\n");
+ BIO_printf(bio_err,
+ "-respin file read DER encoded OCSP reponse from \"file\"\n");
+ BIO_printf(bio_err, "-nonce add OCSP nonce to request\n");
+ BIO_printf(bio_err,
+ "-no_nonce don't add OCSP nonce to request\n");
+ BIO_printf(bio_err, "-url URL OCSP responder URL\n");
+ BIO_printf(bio_err,
+ "-host host:n send OCSP request to host on port n\n");
+ BIO_printf(bio_err,
+ "-path path to use in OCSP request\n");
+ BIO_printf(bio_err,
+ "-CApath dir trusted certificates directory\n");
+ BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf(bio_err,
+ "-VAfile file validator certificates file\n");
+ BIO_printf(bio_err,
+ "-validity_period n maximum validity discrepancy in seconds\n");
+ BIO_printf(bio_err,
+ "-status_age n maximum status age in seconds\n");
+ BIO_printf(bio_err,
+ "-noverify don't verify response at all\n");
+ BIO_printf(bio_err,
+ "-verify_other file additional certificates to search for signer\n");
+ BIO_printf(bio_err,
+ "-trust_other don't verify additional certificates\n");
+ BIO_printf(bio_err,
+ "-no_intern don't search certificates contained in response for signer\n");
+ BIO_printf(bio_err,
+ "-no_signature_verify don't check signature on response\n");
+ BIO_printf(bio_err,
+ "-no_cert_verify don't check signing certificate\n");
+ BIO_printf(bio_err,
+ "-no_chain don't chain verify response\n");
+ BIO_printf(bio_err,
+ "-no_cert_checks don't do additional checks on signing certificate\n");
+ BIO_printf(bio_err, "-port num port to run responder on\n");
+ BIO_printf(bio_err,
+ "-index file certificate status index file\n");
+ BIO_printf(bio_err, "-CA file CA certificate\n");
+ BIO_printf(bio_err,
+ "-rsigner file responder certificate to sign responses with\n");
+ BIO_printf(bio_err,
+ "-rkey file responder key to sign responses with\n");
+ BIO_printf(bio_err,
+ "-rother file other certificates to include in response\n");
+ BIO_printf(bio_err,
+ "-resp_no_certs don't include any certificates in response\n");
+ BIO_printf(bio_err,
+ "-nmin n number of minutes before next update\n");
+ BIO_printf(bio_err,
+ "-ndays n number of days before next update\n");
+ BIO_printf(bio_err,
+ "-resp_key_id identify reponse by signing certificate key ID\n");
+ BIO_printf(bio_err,
+ "-nrequest n number of requests to accept (default unlimited)\n");
+ goto end;
+ }
+
+ if (outfile)
+ out = BIO_new_file(outfile, "w");
+ else
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+ if (!out) {
+ BIO_printf(bio_err, "Error opening output file\n");
+ goto end;
+ }
+
+ if (!req && (add_nonce != 2))
+ add_nonce = 0;
+
+ if (!req && reqin) {
+ derbio = BIO_new_file(reqin, "rb");
+ if (!derbio) {
+ BIO_printf(bio_err, "Error Opening OCSP request file\n");
+ goto end;
+ }
+ req = d2i_OCSP_REQUEST_bio(derbio, NULL);
+ BIO_free(derbio);
+ if (!req) {
+ BIO_printf(bio_err, "Error reading OCSP request\n");
+ goto end;
+ }
+ }
+
+ if (!req && port) {
+ acbio = init_responder(port);
+ if (!acbio)
+ goto end;
+ }
+
+ if (rsignfile && !rdb) {
+ if (!rkeyfile)
+ rkeyfile = rsignfile;
+ rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
+ NULL, e, "responder certificate");
+ if (!rsigner) {
+ BIO_printf(bio_err, "Error loading responder certificate\n");
+ goto end;
+ }
+ rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
+ NULL, e, "CA certificate");
+ if (rcertfile) {
+ rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
+ NULL, e, "responder other certificates");
+ if (!rother)
+ goto end;
+ }
+ rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
+ "responder private key");
+ if (!rkey)
+ goto end;
+ }
+ if (acbio)
+ BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
+
+ redo_accept:
+
+ if (acbio) {
+ if (!do_responder(&req, &cbio, acbio, port))
+ goto end;
+ if (!req) {
+ resp =
+ OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
+ NULL);
+ send_ocsp_response(cbio, resp);
+ goto done_resp;
+ }
+ }
+
+ if (!req && (signfile || reqout || host || add_nonce || ridx_filename)) {
+ BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
+ goto end;
+ }
+
+ if (req && add_nonce)
+ OCSP_request_add1_nonce(req, NULL, -1);
+
+ if (signfile) {
+ if (!keyfile)
+ keyfile = signfile;
+ signer = load_cert(bio_err, signfile, FORMAT_PEM,
+ NULL, e, "signer certificate");
+ if (!signer) {
+ BIO_printf(bio_err, "Error loading signer certificate\n");
+ goto end;
+ }
+ if (sign_certfile) {
+ sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
+ NULL, e, "signer certificates");
+ if (!sign_other)
+ goto end;
+ }
+ key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
+ "signer private key");
+ if (!key)
+ goto end;
+ if (!OCSP_request_sign
+ (req, signer, key, EVP_sha1(), sign_other, sign_flags)) {
+ BIO_printf(bio_err, "Error signing OCSP request\n");
+ goto end;
+ }
+ }
+
+ if (req_text && req)
+ OCSP_REQUEST_print(out, req, 0);
+
+ if (reqout) {
+ derbio = BIO_new_file(reqout, "wb");
+ if (!derbio) {
+ BIO_printf(bio_err, "Error opening file %s\n", reqout);
+ goto end;
+ }
+ i2d_OCSP_REQUEST_bio(derbio, req);
+ BIO_free(derbio);
+ }
+
+ if (ridx_filename && (!rkey || !rsigner || !rca_cert)) {
+ BIO_printf(bio_err,
+ "Need a responder certificate, key and CA for this operation!\n");
+ goto end;
+ }
+
+ if (ridx_filename && !rdb) {
+ rdb = load_index(ridx_filename, NULL);
+ if (!rdb)
+ goto end;
+ if (!index_index(rdb))
+ goto end;
+ }
+
+ if (rdb) {
+ i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,
+ rother, rflags, nmin, ndays);
+ if (cbio)
+ send_ocsp_response(cbio, resp);
+ } else if (host) {
+# ifndef OPENSSL_NO_SOCK
+ resp = process_responder(bio_err, req, host, path,
+ port, use_ssl, req_timeout);
+ if (!resp)
+ goto end;
+# else
+ BIO_printf(bio_err,
+ "Error creating connect BIO - sockets not supported.\n");
+ goto end;
+# endif
+ } else if (respin) {
+ derbio = BIO_new_file(respin, "rb");
+ if (!derbio) {
+ BIO_printf(bio_err, "Error Opening OCSP response file\n");
+ goto end;
+ }
+ resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
+ BIO_free(derbio);
+ if (!resp) {
+ BIO_printf(bio_err, "Error reading OCSP response\n");
+ goto end;
+ }
+
+ } else {
+ ret = 0;
+ goto end;
+ }
+
+ done_resp:
+
+ if (respout) {
+ derbio = BIO_new_file(respout, "wb");
+ if (!derbio) {
+ BIO_printf(bio_err, "Error opening file %s\n", respout);
+ goto end;
+ }
+ i2d_OCSP_RESPONSE_bio(derbio, resp);
+ BIO_free(derbio);
+ }
+
+ i = OCSP_response_status(resp);
+
+ if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+ BIO_printf(out, "Responder Error: %s (%d)\n",
+ OCSP_response_status_str(i), i);
+ if (ignore_err)
+ goto redo_accept;
+ ret = 0;
+ goto end;
+ }
+
+ if (resp_text)
+ OCSP_RESPONSE_print(out, resp, 0);
+
+ /* If running as responder don't verify our own response */
+ if (cbio) {
+ if (accept_count > 0)
+ accept_count--;
+ /* Redo if more connections needed */
+ if (accept_count) {
+ BIO_free_all(cbio);
+ cbio = NULL;
+ OCSP_REQUEST_free(req);
+ req = NULL;
+ OCSP_RESPONSE_free(resp);
+ resp = NULL;
+ goto redo_accept;
+ }
+ goto end;
+ }
+
+ if (!store)
+ store = setup_verify(bio_err, CAfile, CApath);
+ if (!store)
+ goto end;
+ if (verify_certfile) {
+ verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
+ NULL, e, "validator certificate");
+ if (!verify_other)
+ goto end;
+ }
+
+ bs = OCSP_response_get1_basic(resp);
+
+ if (!bs) {
+ BIO_printf(bio_err, "Error parsing response\n");
+ goto end;
+ }
+
+ if (!noverify) {
+ if (req && ((i = OCSP_check_nonce(req, bs)) <= 0)) {
+ if (i == -1)
+ BIO_printf(bio_err, "WARNING: no nonce in response\n");
+ else {
+ BIO_printf(bio_err, "Nonce Verify error\n");
+ goto end;
+ }
+ }
+
+ i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
+ if (i < 0)
+ i = OCSP_basic_verify(bs, NULL, store, 0);
+
+ if (i <= 0) {
+ BIO_printf(bio_err, "Response Verify Failure\n");
+ ERR_print_errors(bio_err);
+ } else
+ BIO_printf(bio_err, "Response verify OK\n");
+
+ }
+
+ if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
+ goto end;
+
+ ret = 0;
+
+ end:
+ ERR_print_errors(bio_err);
+ X509_free(signer);
+ X509_STORE_free(store);
+ EVP_PKEY_free(key);
+ EVP_PKEY_free(rkey);
+ X509_free(issuer);
+ X509_free(cert);
+ X509_free(rsigner);
+ X509_free(rca_cert);
+ free_index(rdb);
+ BIO_free_all(cbio);
+ BIO_free_all(acbio);
+ BIO_free(out);
+ OCSP_REQUEST_free(req);
+ OCSP_RESPONSE_free(resp);
+ OCSP_BASICRESP_free(bs);
+ sk_free(reqnames);
+ sk_OCSP_CERTID_free(ids);
+ sk_X509_pop_free(sign_other, X509_free);
+ sk_X509_pop_free(verify_other, X509_free);
+
+ if (thost)
+ OPENSSL_free(thost);
+ if (tport)
+ OPENSSL_free(tport);
+ if (tpath)
+ OPENSSL_free(tpath);
+
+ OPENSSL_EXIT(ret);
+}
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids)
+{
+ OCSP_CERTID *id;
+ if (!issuer) {
+ BIO_printf(bio_err, "No issuer certificate specified\n");
+ return 0;
+ }
+ if (!*req)
+ *req = OCSP_REQUEST_new();
+ if (!*req)
+ goto err;
+ id = OCSP_cert_to_id(NULL, cert, issuer);
+ if (!id || !sk_OCSP_CERTID_push(ids, id))
+ goto err;
+ if (!OCSP_request_add0_id(*req, id))
+ goto err;
+ return 1;
+
+ err:
+ BIO_printf(bio_err, "Error Creating OCSP request\n");
+ return 0;
+}
+
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
+ STACK_OF(OCSP_CERTID) *ids)
+{
+ OCSP_CERTID *id;
+ X509_NAME *iname;
+ ASN1_BIT_STRING *ikey;
+ ASN1_INTEGER *sno;
+ if (!issuer) {
+ BIO_printf(bio_err, "No issuer certificate specified\n");
+ return 0;
+ }
+ if (!*req)
+ *req = OCSP_REQUEST_new();
+ if (!*req)
+ goto err;
+ iname = X509_get_subject_name(issuer);
+ ikey = X509_get0_pubkey_bitstr(issuer);
+ sno = s2i_ASN1_INTEGER(NULL, serial);
+ if (!sno) {
+ BIO_printf(bio_err, "Error converting serial number %s\n", serial);
+ return 0;
+ }
+ id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);
+ ASN1_INTEGER_free(sno);
+ if (!id || !sk_OCSP_CERTID_push(ids, id))
+ goto err;
+ if (!OCSP_request_add0_id(*req, id))
+ goto err;
+ return 1;
+
+ err:
+ BIO_printf(bio_err, "Error Creating OCSP request\n");
+ return 0;
+}
+
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+ STACK * names, STACK_OF(OCSP_CERTID) *ids,
+ long nsec, long maxage)
+{
+ OCSP_CERTID *id;
+ char *name;
+ int i;
+
+ int status, reason;
+
+ ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+
+ if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))
+ return 1;
+
+ for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) {
+ id = sk_OCSP_CERTID_value(ids, i);
+ name = sk_value(names, i);
+ BIO_printf(out, "%s: ", name);
+
+ if (!OCSP_resp_find_status(bs, id, &status, &reason,
+ &rev, &thisupd, &nextupd)) {
+ BIO_puts(out, "ERROR: No Status found.\n");
+ continue;
+ }
+
+ /*
+ * Check validity: if invalid write to output BIO so we know which
+ * response this refers to.
+ */
+ if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) {
+ BIO_puts(out, "WARNING: Status times invalid.\n");
+ ERR_print_errors(out);
+ }
+ BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
+
+ BIO_puts(out, "\tThis Update: ");
+ ASN1_GENERALIZEDTIME_print(out, thisupd);
+ BIO_puts(out, "\n");
+
+ if (nextupd) {
+ BIO_puts(out, "\tNext Update: ");
+ ASN1_GENERALIZEDTIME_print(out, nextupd);
+ BIO_puts(out, "\n");
+ }
+
+ if (status != V_OCSP_CERTSTATUS_REVOKED)
+ continue;
+
+ if (reason != -1)
+ BIO_printf(out, "\tReason: %s\n", OCSP_crl_reason_str(reason));
+
+ BIO_puts(out, "\tRevocation Time: ");
+ ASN1_GENERALIZEDTIME_print(out, rev);
+ BIO_puts(out, "\n");
+ }
+
+ return 1;
+}
+
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req,
+ CA_DB *db, X509 *ca, X509 *rcert,
+ EVP_PKEY *rkey, STACK_OF(X509) *rother,
+ unsigned long flags, int nmin, int ndays)
+{
+ ASN1_TIME *thisupd = NULL, *nextupd = NULL;
+ OCSP_CERTID *cid, *ca_id = NULL;
+ OCSP_BASICRESP *bs = NULL;
+ int i, id_count, ret = 1;
+
+ id_count = OCSP_request_onereq_count(req);
+
+ if (id_count <= 0) {
+ *resp =
+ OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+ goto end;
+ }
+
+ ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca);
+
+ bs = OCSP_BASICRESP_new();
+ thisupd = X509_gmtime_adj(NULL, 0);
+ if (ndays != -1)
+ nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24);
+
+ /* Examine each certificate id in the request */
+ for (i = 0; i < id_count; i++) {
+ OCSP_ONEREQ *one;
+ ASN1_INTEGER *serial;
+ char **inf;
+ one = OCSP_request_onereq_get0(req, i);
+ cid = OCSP_onereq_get0_id(one);
+ /* Is this request about our CA? */
+ if (OCSP_id_issuer_cmp(ca_id, cid)) {
+ OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_UNKNOWN,
+ 0, NULL, thisupd, nextupd);
+ continue;
+ }
+ OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
+ inf = lookup_serial(db, serial);
+ if (!inf)
+ OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_UNKNOWN,
+ 0, NULL, thisupd, nextupd);
+ else if (inf[DB_type][0] == DB_TYPE_VAL)
+ OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_GOOD,
+ 0, NULL, thisupd, nextupd);
+ else if (inf[DB_type][0] == DB_TYPE_REV) {
+ ASN1_OBJECT *inst = NULL;
+ ASN1_TIME *revtm = NULL;
+ ASN1_GENERALIZEDTIME *invtm = NULL;
+ OCSP_SINGLERESP *single;
+ int reason = -1;
+ unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
+ single = OCSP_basic_add1_status(bs, cid,
+ V_OCSP_CERTSTATUS_REVOKED,
+ reason, revtm, thisupd, nextupd);
+ if (invtm)
+ OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date,
+ invtm, 0, 0);
+ else if (inst)
+ OCSP_SINGLERESP_add1_ext_i2d(single,
+ NID_hold_instruction_code, inst,
+ 0, 0);
+ ASN1_OBJECT_free(inst);
+ ASN1_TIME_free(revtm);
+ ASN1_GENERALIZEDTIME_free(invtm);
+ }
+ }
+
+ OCSP_copy_nonce(bs, req);
+
+ OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags);
+
+ *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
+
+ end:
+ ASN1_TIME_free(thisupd);
+ ASN1_TIME_free(nextupd);
+ OCSP_CERTID_free(ca_id);
+ OCSP_BASICRESP_free(bs);
+ return ret;
+
+}
+
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
+{
+ int i;
+ BIGNUM *bn = NULL;
+ char *itmp, *row[DB_NUMBER], **rrow;
+ for (i = 0; i < DB_NUMBER; i++)
+ row[i] = NULL;
+ bn = ASN1_INTEGER_to_BN(ser, NULL);
+ OPENSSL_assert(bn); /* FIXME: should report an error at this
+ * point and abort */
+ if (BN_is_zero(bn))
+ itmp = BUF_strdup("00");
+ else
+ itmp = BN_bn2hex(bn);
+ row[DB_serial] = itmp;
+ BN_free(bn);
+ rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+ OPENSSL_free(itmp);
+ return rrow;
+}
+
+/* Quick and dirty OCSP server: read in and parse input request */
+
+static BIO *init_responder(char *port)
+{
+ BIO *acbio = NULL, *bufbio = NULL;
+ bufbio = BIO_new(BIO_f_buffer());
+ if (!bufbio)
+ goto err;
+# ifndef OPENSSL_NO_SOCK
+ acbio = BIO_new_accept(port);
+# else
+ BIO_printf(bio_err,
+ "Error setting up accept BIO - sockets not supported.\n");
+# endif
+ if (!acbio)
+ goto err;
+ BIO_set_accept_bios(acbio, bufbio);
+ bufbio = NULL;
+
+ if (BIO_do_accept(acbio) <= 0) {
+ BIO_printf(bio_err, "Error setting up accept BIO\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ return acbio;
+
+ err:
+ BIO_free_all(acbio);
+ BIO_free(bufbio);
+ return NULL;
+}
+
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
+ char *port)
+{
+ int have_post = 0, len;
+ OCSP_REQUEST *req = NULL;
+ char inbuf[1024];
+ BIO *cbio = NULL;
+
+ if (BIO_do_accept(acbio) <= 0) {
+ BIO_printf(bio_err, "Error accepting connection\n");
+ ERR_print_errors(bio_err);
+ return 0;
+ }
+
+ cbio = BIO_pop(acbio);
+ *pcbio = cbio;
+
+ for (;;) {
+ len = BIO_gets(cbio, inbuf, sizeof inbuf);
+ if (len <= 0)
+ return 1;
+ /* Look for "POST" signalling start of query */
+ if (!have_post) {
+ if (strncmp(inbuf, "POST", 4)) {
+ BIO_printf(bio_err, "Invalid request\n");
+ return 1;
+ }
+ have_post = 1;
+ }
+ /* Look for end of headers */
+ if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
+ break;
+ }
+
+ /* Try to read OCSP request */
+
+ req = d2i_OCSP_REQUEST_bio(cbio, NULL);
+
+ if (!req) {
+ BIO_printf(bio_err, "Error parsing OCSP request\n");
+ ERR_print_errors(bio_err);
+ }
+
+ *preq = req;
+
+ return 1;
+
+}
+
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
+{
+ char http_resp[] =
+ "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
+ "Content-Length: %d\r\n\r\n";
+ if (!cbio)
+ return 0;
+ BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
+ i2d_OCSP_RESPONSE_bio(cbio, resp);
+ (void)BIO_flush(cbio);
+ return 1;
+}
+
+static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, char *path,
+ OCSP_REQUEST *req, int req_timeout)
+{
+ int fd;
+ int rv;
+ OCSP_REQ_CTX *ctx = NULL;
+ OCSP_RESPONSE *rsp = NULL;
+ fd_set confds;
+ struct timeval tv;
+
+ if (req_timeout != -1)
+ BIO_set_nbio(cbio, 1);
+
+ rv = BIO_do_connect(cbio);
+
+ if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) {
+ BIO_puts(err, "Error connecting BIO\n");
+ return NULL;
+ }
+
+ if (req_timeout == -1)
+ return OCSP_sendreq_bio(cbio, path, req);
+
+ if (BIO_get_fd(cbio, &fd) <= 0) {
+ BIO_puts(err, "Can't get connection fd\n");
+ goto err;
+ }
+
+ if (rv <= 0) {
+ FD_ZERO(&confds);
+ openssl_fdset(fd, &confds);
+ tv.tv_usec = 0;
+ tv.tv_sec = req_timeout;
+ rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+ if (rv == 0) {
+ BIO_puts(err, "Timeout on connect\n");
+ return NULL;
+ }
+ }
+
+ ctx = OCSP_sendreq_new(cbio, path, req, -1);
+ if (!ctx)
+ return NULL;
+
+ for (;;) {
+ rv = OCSP_sendreq_nbio(&rsp, ctx);
+ if (rv != -1)
+ break;
+ FD_ZERO(&confds);
+ openssl_fdset(fd, &confds);
+ tv.tv_usec = 0;
+ tv.tv_sec = req_timeout;
+ if (BIO_should_read(cbio))
+ rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
+ else if (BIO_should_write(cbio))
+ rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+ else {
+ BIO_puts(err, "Unexpected retry condition\n");
+ goto err;
+ }
+ if (rv == 0) {
+ BIO_puts(err, "Timeout on request\n");
+ break;
+ }
+ if (rv == -1) {
+ BIO_puts(err, "Select error\n");
+ break;
+ }
+
+ }
+ err:
+ if (ctx)
+ OCSP_REQ_CTX_free(ctx);
+
+ return rsp;
+}
+
+OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
+ char *host, char *path, char *port,
+ int use_ssl, int req_timeout)
+{
+ BIO *cbio = NULL;
+ SSL_CTX *ctx = NULL;
+ OCSP_RESPONSE *resp = NULL;
+ cbio = BIO_new_connect(host);
+ if (!cbio) {
+ BIO_printf(err, "Error creating connect BIO\n");
+ goto end;
+ }
+ if (port)
+ BIO_set_conn_port(cbio, port);
+ if (use_ssl == 1) {
+ BIO *sbio;
+# if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ ctx = SSL_CTX_new(SSLv23_client_method());
+# elif !defined(OPENSSL_NO_SSL3)
+ ctx = SSL_CTX_new(SSLv3_client_method());
+# elif !defined(OPENSSL_NO_SSL2)
+ ctx = SSL_CTX_new(SSLv2_client_method());
+# else
+ BIO_printf(err, "SSL is disabled\n");
+ goto end;
+# endif
+ if (ctx == NULL) {
+ BIO_printf(err, "Error creating SSL context.\n");
+ goto end;
+ }
+ SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+ sbio = BIO_new_ssl(ctx, 1);
+ cbio = BIO_push(sbio, cbio);
+ }
+ resp = query_responder(err, cbio, path, req, req_timeout);
+ if (!resp)
+ BIO_printf(bio_err, "Error querying OCSP responder\n");
+ end:
+ if (ctx)
+ SSL_CTX_free(ctx);
+ if (cbio)
+ BIO_free_all(cbio);
+ return resp;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/openssl.c
===================================================================
--- vendor-crypto/openssl/dist/apps/openssl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/openssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,544 +0,0 @@
-/* apps/openssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#include "progs.h"
-#include "s_apps.h"
-#include <openssl/err.h>
-
-/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
- * base prototypes (we cast each variable inside the function to the required
- * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
- * functions. */
-
-/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
-static unsigned long MS_CALLBACK hash(const void *a_void);
-/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
-static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
-static LHASH *prog_init(void );
-static int do_cmd(LHASH *prog,int argc,char *argv[]);
-char *default_config_file=NULL;
-
-/* Make sure there is only one when MONOLITH is defined */
-#ifdef MONOLITH
-CONF *config=NULL;
-BIO *bio_err=NULL;
-int in_FIPS_mode=0;
-#endif
-
-
-static void lock_dbg_cb(int mode, int type, const char *file, int line)
- {
- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
- const char *errstr = NULL;
- int rw;
-
- rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
- if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
- {
- errstr = "invalid mode";
- goto err;
- }
-
- if (type < 0 || type >= CRYPTO_NUM_LOCKS)
- {
- errstr = "type out of bounds";
- goto err;
- }
-
- if (mode & CRYPTO_LOCK)
- {
- if (modes[type])
- {
- errstr = "already locked";
- /* must not happen in a single-threaded program
- * (would deadlock) */
- goto err;
- }
-
- modes[type] = rw;
- }
- else if (mode & CRYPTO_UNLOCK)
- {
- if (!modes[type])
- {
- errstr = "not locked";
- goto err;
- }
-
- if (modes[type] != rw)
- {
- errstr = (rw == CRYPTO_READ) ?
- "CRYPTO_r_unlock on write lock" :
- "CRYPTO_w_unlock on read lock";
- }
-
- modes[type] = 0;
- }
- else
- {
- errstr = "invalid mode";
- goto err;
- }
-
- err:
- if (errstr)
- {
- /* we cannot use bio_err here */
- fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
- errstr, mode, type, file, line);
- }
- }
-
-
-int main(int Argc, char *Argv[])
- {
- ARGS arg;
-#define PROG_NAME_SIZE 39
- char pname[PROG_NAME_SIZE+1];
- FUNCTION f,*fp;
- MS_STATIC const char *prompt;
- MS_STATIC char buf[1024];
- char *to_free=NULL;
- int n,i,ret=0;
- int argc;
- char **argv,*p;
- LHASH *prog=NULL;
- long errline;
-
- arg.data=NULL;
- arg.count=0;
-
- in_FIPS_mode = 0;
-
- if(getenv("OPENSSL_FIPS")) {
-#ifdef OPENSSL_FIPS
- if (!FIPS_mode_set(1)) {
- ERR_load_crypto_strings();
- ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
- EXIT(1);
- }
- in_FIPS_mode = 1;
-#else
- fprintf(stderr, "FIPS mode not supported.\n");
- EXIT(1);
-#endif
- }
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
- {
- if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
- {
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- }
- else
- {
- /* OPENSSL_DEBUG_MEMORY=off */
- CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
- }
- }
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-#if 0
- if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
-#endif
- {
- CRYPTO_set_locking_callback(lock_dbg_cb);
- }
-
- apps_startup();
-
- /* Lets load up our environment a little */
- p=getenv("OPENSSL_CONF");
- if (p == NULL)
- p=getenv("SSLEAY_CONF");
- if (p == NULL)
- p=to_free=make_config_name();
-
- default_config_file=p;
-
- config=NCONF_new(NULL);
- i=NCONF_load(config,p,&errline);
- if (i == 0)
- {
- NCONF_free(config);
- config = NULL;
- ERR_clear_error();
- }
-
- prog=prog_init();
-
- /* first check the program name */
- program_name(Argv[0],pname,sizeof pname);
-
- f.name=pname;
- fp=(FUNCTION *)lh_retrieve(prog,&f);
- if (fp != NULL)
- {
- Argv[0]=pname;
- ret=fp->func(Argc,Argv);
- goto end;
- }
-
- /* ok, now check that there are not arguments, if there are,
- * run with them, shifting the ssleay off the front */
- if (Argc != 1)
- {
- Argc--;
- Argv++;
- ret=do_cmd(prog,Argc,Argv);
- if (ret < 0) ret=0;
- goto end;
- }
-
- /* ok, lets enter the old 'OpenSSL>' mode */
-
- for (;;)
- {
- ret=0;
- p=buf;
- n=sizeof buf;
- i=0;
- for (;;)
- {
- p[0]='\0';
- if (i++)
- prompt=">";
- else prompt="OpenSSL> ";
- fputs(prompt,stdout);
- fflush(stdout);
- if (!fgets(p,n,stdin))
- goto end;
- if (p[0] == '\0') goto end;
- i=strlen(p);
- if (i <= 1) break;
- if (p[i-2] != '\\') break;
- i-=2;
- p+=i;
- n-=i;
- }
- if (!chopup_args(&arg,buf,&argc,&argv)) break;
-
- ret=do_cmd(prog,argc,argv);
- if (ret < 0)
- {
- ret=0;
- goto end;
- }
- if (ret != 0)
- BIO_printf(bio_err,"error in %s\n",argv[0]);
- (void)BIO_flush(bio_err);
- }
- BIO_printf(bio_err,"bad exit\n");
- ret=1;
-end:
- if (to_free)
- OPENSSL_free(to_free);
- if (config != NULL)
- {
- NCONF_free(config);
- config=NULL;
- }
- if (prog != NULL) lh_free(prog);
- if (arg.data != NULL) OPENSSL_free(arg.data);
-
- apps_shutdown();
-
- CRYPTO_mem_leaks(bio_err);
- if (bio_err != NULL)
- {
- BIO_free(bio_err);
- bio_err=NULL;
- }
- OPENSSL_EXIT(ret);
- }
-
-#define LIST_STANDARD_COMMANDS "list-standard-commands"
-#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
-#define LIST_CIPHER_COMMANDS "list-cipher-commands"
-
-static int do_cmd(LHASH *prog, int argc, char *argv[])
- {
- FUNCTION f,*fp;
- int i,ret=1,tp,nl;
-
- if ((argc <= 0) || (argv[0] == NULL))
- { ret=0; goto end; }
- f.name=argv[0];
- fp=(FUNCTION *)lh_retrieve(prog,&f);
- if (fp != NULL)
- {
- ret=fp->func(argc,argv);
- }
- else if ((strncmp(argv[0],"no-",3)) == 0)
- {
- BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- bio_stdout = BIO_push(tmpbio, bio_stdout);
- }
-#endif
- f.name=argv[0]+3;
- ret = (lh_retrieve(prog,&f) != NULL);
- if (!ret)
- BIO_printf(bio_stdout, "%s\n", argv[0]);
- else
- BIO_printf(bio_stdout, "%s\n", argv[0]+3);
- BIO_free_all(bio_stdout);
- goto end;
- }
- else if ((strcmp(argv[0],"quit") == 0) ||
- (strcmp(argv[0],"q") == 0) ||
- (strcmp(argv[0],"exit") == 0) ||
- (strcmp(argv[0],"bye") == 0))
- {
- ret= -1;
- goto end;
- }
- else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
- (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
- (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))
- {
- int list_type;
- BIO *bio_stdout;
-
- if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)
- list_type = FUNC_TYPE_GENERAL;
- else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
- list_type = FUNC_TYPE_MD;
- else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
- list_type = FUNC_TYPE_CIPHER;
- bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- bio_stdout = BIO_push(tmpbio, bio_stdout);
- }
-#endif
-
- for (fp=functions; fp->name != NULL; fp++)
- if (fp->type == list_type)
- BIO_printf(bio_stdout, "%s\n", fp->name);
- BIO_free_all(bio_stdout);
- ret=0;
- goto end;
- }
- else
- {
- BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
- argv[0]);
- BIO_printf(bio_err, "\nStandard commands");
- i=0;
- tp=0;
- for (fp=functions; fp->name != NULL; fp++)
- {
- nl=0;
-#ifdef OPENSSL_NO_CAMELLIA
- if (((i++) % 5) == 0)
-#else
- if (((i++) % 4) == 0)
-#endif
- {
- BIO_printf(bio_err,"\n");
- nl=1;
- }
- if (fp->type != tp)
- {
- tp=fp->type;
- if (!nl) BIO_printf(bio_err,"\n");
- if (tp == FUNC_TYPE_MD)
- {
- i=1;
- BIO_printf(bio_err,
- "\nMessage Digest commands (see the `dgst' command for more details)\n");
- }
- else if (tp == FUNC_TYPE_CIPHER)
- {
- i=1;
- BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
- }
- }
-#ifdef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err,"%-15s",fp->name);
-#else
- BIO_printf(bio_err,"%-18s",fp->name);
-#endif
- }
- BIO_printf(bio_err,"\n\n");
- ret=0;
- }
-end:
- return(ret);
- }
-
-static int SortFnByName(const void *_f1,const void *_f2)
- {
- const FUNCTION *f1=_f1;
- const FUNCTION *f2=_f2;
-
- if(f1->type != f2->type)
- return f1->type-f2->type;
- return strcmp(f1->name,f2->name);
- }
-
-static LHASH *prog_init(void)
- {
- LHASH *ret;
- FUNCTION *f;
- size_t i;
-
- /* Purely so it looks nice when the user hits ? */
- for(i=0,f=functions ; f->name != NULL ; ++f,++i)
- ;
- qsort(functions,i,sizeof *functions,SortFnByName);
-
- if ((ret=lh_new(hash, cmp)) == NULL)
- return(NULL);
-
- for (f=functions; f->name != NULL; f++)
- lh_insert(ret,f);
- return(ret);
- }
-
-/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
-static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
- {
- return(strncmp(((const FUNCTION *)a_void)->name,
- ((const FUNCTION *)b_void)->name,8));
- }
-
-/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
-static unsigned long MS_CALLBACK hash(const void *a_void)
- {
- return(lh_strhash(((const FUNCTION *)a_void)->name));
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/openssl.c (from rev 6976, vendor-crypto/openssl/dist/apps/openssl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/openssl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/openssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,525 @@
+/* apps/openssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#define OPENSSL_C /* tells apps.h to use complete
+ * apps_startup() */
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS
+ * world */
+#include "progs.h"
+#include "s_apps.h"
+#include <openssl/err.h>
+
+/*
+ * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
+ * the base prototypes (we cast each variable inside the function to the
+ * required type of "FUNCTION*"). This removes the necessity for
+ * macro-generated wrapper functions.
+ */
+
+/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
+static unsigned long MS_CALLBACK hash(const void *a_void);
+/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
+static int MS_CALLBACK cmp(const void *a_void, const void *b_void);
+static LHASH *prog_init(void);
+static int do_cmd(LHASH *prog, int argc, char *argv[]);
+char *default_config_file = NULL;
+
+/* Make sure there is only one when MONOLITH is defined */
+#ifdef MONOLITH
+CONF *config = NULL;
+BIO *bio_err = NULL;
+int in_FIPS_mode = 0;
+#endif
+
+static void lock_dbg_cb(int mode, int type, const char *file, int line)
+{
+ static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+ const char *errstr = NULL;
+ int rw;
+
+ rw = mode & (CRYPTO_READ | CRYPTO_WRITE);
+ if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
+ errstr = "invalid mode";
+ goto err;
+ }
+
+ if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
+ errstr = "type out of bounds";
+ goto err;
+ }
+
+ if (mode & CRYPTO_LOCK) {
+ if (modes[type]) {
+ errstr = "already locked";
+ /*
+ * must not happen in a single-threaded program (would deadlock)
+ */
+ goto err;
+ }
+
+ modes[type] = rw;
+ } else if (mode & CRYPTO_UNLOCK) {
+ if (!modes[type]) {
+ errstr = "not locked";
+ goto err;
+ }
+
+ if (modes[type] != rw) {
+ errstr = (rw == CRYPTO_READ) ?
+ "CRYPTO_r_unlock on write lock" :
+ "CRYPTO_w_unlock on read lock";
+ }
+
+ modes[type] = 0;
+ } else {
+ errstr = "invalid mode";
+ goto err;
+ }
+
+ err:
+ if (errstr) {
+ /* we cannot use bio_err here */
+ fprintf(stderr,
+ "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
+ errstr, mode, type, file, line);
+ }
+}
+
+int main(int Argc, char *Argv[])
+{
+ ARGS arg;
+#define PROG_NAME_SIZE 39
+ char pname[PROG_NAME_SIZE + 1];
+ FUNCTION f, *fp;
+ MS_STATIC const char *prompt;
+ MS_STATIC char buf[1024];
+ char *to_free = NULL;
+ int n, i, ret = 0;
+ int argc;
+ char **argv, *p;
+ LHASH *prog = NULL;
+ long errline;
+
+ arg.data = NULL;
+ arg.count = 0;
+
+ in_FIPS_mode = 0;
+
+ if (getenv("OPENSSL_FIPS")) {
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode_set(1)) {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
+ EXIT(1);
+ }
+ in_FIPS_mode = 1;
+#else
+ fprintf(stderr, "FIPS mode not supported.\n");
+ EXIT(1);
+#endif
+ }
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) { /* if not defined, use
+ * compiled-in library
+ * defaults */
+ if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) {
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ } else {
+ /* OPENSSL_DEBUG_MEMORY=off */
+ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+ }
+ }
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#if 0
+ if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
+#endif
+ {
+ CRYPTO_set_locking_callback(lock_dbg_cb);
+ }
+
+ apps_startup();
+
+ /* Lets load up our environment a little */
+ p = getenv("OPENSSL_CONF");
+ if (p == NULL)
+ p = getenv("SSLEAY_CONF");
+ if (p == NULL)
+ p = to_free = make_config_name();
+
+ default_config_file = p;
+
+ config = NCONF_new(NULL);
+ i = NCONF_load(config, p, &errline);
+ if (i == 0) {
+ NCONF_free(config);
+ config = NULL;
+ ERR_clear_error();
+ }
+
+ prog = prog_init();
+
+ /* first check the program name */
+ program_name(Argv[0], pname, sizeof pname);
+
+ f.name = pname;
+ fp = (FUNCTION *) lh_retrieve(prog, &f);
+ if (fp != NULL) {
+ Argv[0] = pname;
+ ret = fp->func(Argc, Argv);
+ goto end;
+ }
+
+ /*
+ * ok, now check that there are not arguments, if there are, run with
+ * them, shifting the ssleay off the front
+ */
+ if (Argc != 1) {
+ Argc--;
+ Argv++;
+ ret = do_cmd(prog, Argc, Argv);
+ if (ret < 0)
+ ret = 0;
+ goto end;
+ }
+
+ /* ok, lets enter the old 'OpenSSL>' mode */
+
+ for (;;) {
+ ret = 0;
+ p = buf;
+ n = sizeof buf;
+ i = 0;
+ for (;;) {
+ p[0] = '\0';
+ if (i++)
+ prompt = ">";
+ else
+ prompt = "OpenSSL> ";
+ fputs(prompt, stdout);
+ fflush(stdout);
+ if (!fgets(p, n, stdin))
+ goto end;
+ if (p[0] == '\0')
+ goto end;
+ i = strlen(p);
+ if (i <= 1)
+ break;
+ if (p[i - 2] != '\\')
+ break;
+ i -= 2;
+ p += i;
+ n -= i;
+ }
+ if (!chopup_args(&arg, buf, &argc, &argv))
+ break;
+
+ ret = do_cmd(prog, argc, argv);
+ if (ret < 0) {
+ ret = 0;
+ goto end;
+ }
+ if (ret != 0)
+ BIO_printf(bio_err, "error in %s\n", argv[0]);
+ (void)BIO_flush(bio_err);
+ }
+ BIO_printf(bio_err, "bad exit\n");
+ ret = 1;
+ end:
+ if (to_free)
+ OPENSSL_free(to_free);
+ if (config != NULL) {
+ NCONF_free(config);
+ config = NULL;
+ }
+ if (prog != NULL)
+ lh_free(prog);
+ if (arg.data != NULL)
+ OPENSSL_free(arg.data);
+
+ apps_shutdown();
+
+ CRYPTO_mem_leaks(bio_err);
+ if (bio_err != NULL) {
+ BIO_free(bio_err);
+ bio_err = NULL;
+ }
+ OPENSSL_EXIT(ret);
+}
+
+#define LIST_STANDARD_COMMANDS "list-standard-commands"
+#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
+#define LIST_CIPHER_COMMANDS "list-cipher-commands"
+
+static int do_cmd(LHASH *prog, int argc, char *argv[])
+{
+ FUNCTION f, *fp;
+ int i, ret = 1, tp, nl;
+
+ if ((argc <= 0) || (argv[0] == NULL)) {
+ ret = 0;
+ goto end;
+ }
+ f.name = argv[0];
+ fp = (FUNCTION *) lh_retrieve(prog, &f);
+ if (fp != NULL) {
+ ret = fp->func(argc, argv);
+ } else if ((strncmp(argv[0], "no-", 3)) == 0) {
+ BIO *bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ bio_stdout = BIO_push(tmpbio, bio_stdout);
+ }
+#endif
+ f.name = argv[0] + 3;
+ ret = (lh_retrieve(prog, &f) != NULL);
+ if (!ret)
+ BIO_printf(bio_stdout, "%s\n", argv[0]);
+ else
+ BIO_printf(bio_stdout, "%s\n", argv[0] + 3);
+ BIO_free_all(bio_stdout);
+ goto end;
+ } else if ((strcmp(argv[0], "quit") == 0) ||
+ (strcmp(argv[0], "q") == 0) ||
+ (strcmp(argv[0], "exit") == 0) ||
+ (strcmp(argv[0], "bye") == 0)) {
+ ret = -1;
+ goto end;
+ } else if ((strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) ||
+ (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
+ (strcmp(argv[0], LIST_CIPHER_COMMANDS) == 0)) {
+ int list_type;
+ BIO *bio_stdout;
+
+ if (strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0)
+ list_type = FUNC_TYPE_GENERAL;
+ else if (strcmp(argv[0], LIST_MESSAGE_DIGEST_COMMANDS) == 0)
+ list_type = FUNC_TYPE_MD;
+ else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
+ list_type = FUNC_TYPE_CIPHER;
+ bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ bio_stdout = BIO_push(tmpbio, bio_stdout);
+ }
+#endif
+
+ for (fp = functions; fp->name != NULL; fp++)
+ if (fp->type == list_type)
+ BIO_printf(bio_stdout, "%s\n", fp->name);
+ BIO_free_all(bio_stdout);
+ ret = 0;
+ goto end;
+ } else {
+ BIO_printf(bio_err, "openssl:Error: '%s' is an invalid command.\n",
+ argv[0]);
+ BIO_printf(bio_err, "\nStandard commands");
+ i = 0;
+ tp = 0;
+ for (fp = functions; fp->name != NULL; fp++) {
+ nl = 0;
+#ifdef OPENSSL_NO_CAMELLIA
+ if (((i++) % 5) == 0)
+#else
+ if (((i++) % 4) == 0)
+#endif
+ {
+ BIO_printf(bio_err, "\n");
+ nl = 1;
+ }
+ if (fp->type != tp) {
+ tp = fp->type;
+ if (!nl)
+ BIO_printf(bio_err, "\n");
+ if (tp == FUNC_TYPE_MD) {
+ i = 1;
+ BIO_printf(bio_err,
+ "\nMessage Digest commands (see the `dgst' command for more details)\n");
+ } else if (tp == FUNC_TYPE_CIPHER) {
+ i = 1;
+ BIO_printf(bio_err,
+ "\nCipher commands (see the `enc' command for more details)\n");
+ }
+ }
+#ifdef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err, "%-15s", fp->name);
+#else
+ BIO_printf(bio_err, "%-18s", fp->name);
+#endif
+ }
+ BIO_printf(bio_err, "\n\n");
+ ret = 0;
+ }
+ end:
+ return (ret);
+}
+
+static int SortFnByName(const void *_f1, const void *_f2)
+{
+ const FUNCTION *f1 = _f1;
+ const FUNCTION *f2 = _f2;
+
+ if (f1->type != f2->type)
+ return f1->type - f2->type;
+ return strcmp(f1->name, f2->name);
+}
+
+static LHASH *prog_init(void)
+{
+ LHASH *ret;
+ FUNCTION *f;
+ size_t i;
+
+ /* Purely so it looks nice when the user hits ? */
+ for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
+ qsort(functions, i, sizeof *functions, SortFnByName);
+
+ if ((ret = lh_new(hash, cmp)) == NULL)
+ return (NULL);
+
+ for (f = functions; f->name != NULL; f++)
+ lh_insert(ret, f);
+ return (ret);
+}
+
+/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
+static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
+{
+ return (strncmp(((const FUNCTION *)a_void)->name,
+ ((const FUNCTION *)b_void)->name, 8));
+}
+
+/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
+static unsigned long MS_CALLBACK hash(const void *a_void)
+{
+ return (lh_strhash(((const FUNCTION *)a_void)->name));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/passwd.c
===================================================================
--- vendor-crypto/openssl/dist/apps/passwd.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/passwd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,512 +0,0 @@
-/* apps/passwd.c */
-
-#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
-# define NO_MD5CRYPT_1
-#endif
-
-#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
-
-#include <assert.h>
-#include <string.h>
-
-#include "apps.h"
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_DES
-# include <openssl/des.h>
-#endif
-#ifndef NO_MD5CRYPT_1
-# include <openssl/md5.h>
-#endif
-
-
-#undef PROG
-#define PROG passwd_main
-
-
-static unsigned const char cov_2char[64]={
- /* from crypto/des/fcrypt.c */
- 0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
- 0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
- 0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
- 0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
- 0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
- 0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
- 0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
- 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
-};
-
-static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
- char *passwd, BIO *out, int quiet, int table, int reverse,
- size_t pw_maxlen, int usecrypt, int use1, int useapr1);
-
-/* -crypt - standard Unix password algorithm (default)
- * -1 - MD5-based password algorithm
- * -apr1 - MD5-based password algorithm, Apache variant
- * -salt string - salt
- * -in file - read passwords from file
- * -stdin - read passwords from stdin
- * -noverify - never verify when reading password from terminal
- * -quiet - no warnings
- * -table - format output as table
- * -reverse - switch table columns
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int ret = 1;
- char *infile = NULL;
- int in_stdin = 0;
- int in_noverify = 0;
- char *salt = NULL, *passwd = NULL, **passwds = NULL;
- char *salt_malloc = NULL, *passwd_malloc = NULL;
- size_t passwd_malloc_size = 0;
- int pw_source_defined = 0;
- BIO *in = NULL, *out = NULL;
- int i, badopt, opt_done;
- int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
- int usecrypt = 0, use1 = 0, useapr1 = 0;
- size_t pw_maxlen = 0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto err;
- out = BIO_new(BIO_s_file());
- if (out == NULL)
- goto err;
- BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
-
- badopt = 0, opt_done = 0;
- i = 0;
- while (!badopt && !opt_done && argv[++i] != NULL)
- {
- if (strcmp(argv[i], "-crypt") == 0)
- usecrypt = 1;
- else if (strcmp(argv[i], "-1") == 0)
- use1 = 1;
- else if (strcmp(argv[i], "-apr1") == 0)
- useapr1 = 1;
- else if (strcmp(argv[i], "-salt") == 0)
- {
- if ((argv[i+1] != NULL) && (salt == NULL))
- {
- passed_salt = 1;
- salt = argv[++i];
- }
- else
- badopt = 1;
- }
- else if (strcmp(argv[i], "-in") == 0)
- {
- if ((argv[i+1] != NULL) && !pw_source_defined)
- {
- pw_source_defined = 1;
- infile = argv[++i];
- }
- else
- badopt = 1;
- }
- else if (strcmp(argv[i], "-stdin") == 0)
- {
- if (!pw_source_defined)
- {
- pw_source_defined = 1;
- in_stdin = 1;
- }
- else
- badopt = 1;
- }
- else if (strcmp(argv[i], "-noverify") == 0)
- in_noverify = 1;
- else if (strcmp(argv[i], "-quiet") == 0)
- quiet = 1;
- else if (strcmp(argv[i], "-table") == 0)
- table = 1;
- else if (strcmp(argv[i], "-reverse") == 0)
- reverse = 1;
- else if (argv[i][0] == '-')
- badopt = 1;
- else if (!pw_source_defined)
- /* non-option arguments, use as passwords */
- {
- pw_source_defined = 1;
- passwds = &argv[i];
- opt_done = 1;
- }
- else
- badopt = 1;
- }
-
- if (!usecrypt && !use1 && !useapr1) /* use default */
- usecrypt = 1;
- if (usecrypt + use1 + useapr1 > 1) /* conflict */
- badopt = 1;
-
- /* reject unsupported algorithms */
-#ifdef OPENSSL_NO_DES
- if (usecrypt) badopt = 1;
-#endif
-#ifdef NO_MD5CRYPT_1
- if (use1 || useapr1) badopt = 1;
-#endif
-
- if (badopt)
- {
- BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
- BIO_printf(bio_err, "where options are\n");
-#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
-#endif
-#ifndef NO_MD5CRYPT_1
- BIO_printf(bio_err, "-1 MD5-based password algorithm\n");
- BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n");
-#endif
- BIO_printf(bio_err, "-salt string use provided salt\n");
- BIO_printf(bio_err, "-in file read passwords from file\n");
- BIO_printf(bio_err, "-stdin read passwords from stdin\n");
- BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n");
- BIO_printf(bio_err, "-quiet no warnings\n");
- BIO_printf(bio_err, "-table format output as table\n");
- BIO_printf(bio_err, "-reverse switch table columns\n");
-
- goto err;
- }
-
- if ((infile != NULL) || in_stdin)
- {
- in = BIO_new(BIO_s_file());
- if (in == NULL)
- goto err;
- if (infile != NULL)
- {
- assert(in_stdin == 0);
- if (BIO_read_filename(in, infile) <= 0)
- goto err;
- }
- else
- {
- assert(in_stdin);
- BIO_set_fp(in, stdin, BIO_NOCLOSE);
- }
- }
-
- if (usecrypt)
- pw_maxlen = 8;
- else if (use1 || useapr1)
- pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
-
- if (passwds == NULL)
- {
- /* no passwords on the command line */
-
- passwd_malloc_size = pw_maxlen + 2;
- /* longer than necessary so that we can warn about truncation */
- passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
- if (passwd_malloc == NULL)
- goto err;
- }
-
- if ((in == NULL) && (passwds == NULL))
- {
- /* build a null-terminated list */
- static char *passwds_static[2] = {NULL, NULL};
-
- passwds = passwds_static;
- if (in == NULL)
- if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
- goto err;
- passwds[0] = passwd_malloc;
- }
-
- if (in == NULL)
- {
- assert(passwds != NULL);
- assert(*passwds != NULL);
-
- do /* loop over list of passwords */
- {
- passwd = *passwds++;
- if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
- quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
- goto err;
- }
- while (*passwds != NULL);
- }
- else
- /* in != NULL */
- {
- int done;
-
- assert (passwd != NULL);
- do
- {
- int r = BIO_gets(in, passwd, pw_maxlen + 1);
- if (r > 0)
- {
- char *c = (strchr(passwd, '\n')) ;
- if (c != NULL)
- *c = 0; /* truncate at newline */
- else
- {
- /* ignore rest of line */
- char trash[BUFSIZ];
- do
- r = BIO_gets(in, trash, sizeof trash);
- while ((r > 0) && (!strchr(trash, '\n')));
- }
-
- if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
- quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
- goto err;
- }
- done = (r <= 0);
- }
- while (!done);
- }
- ret = 0;
-
-err:
- ERR_print_errors(bio_err);
- if (salt_malloc)
- OPENSSL_free(salt_malloc);
- if (passwd_malloc)
- OPENSSL_free(passwd_malloc);
- if (in)
- BIO_free(in);
- if (out)
- BIO_free_all(out);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-
-#ifndef NO_MD5CRYPT_1
-/* MD5-based password algorithm (should probably be available as a library
- * function; then the static buffer would not be acceptable).
- * For magic string "1", this should be compatible to the MD5-based BSD
- * password algorithm.
- * For 'magic' string "apr1", this is compatible to the MD5-based Apache
- * password algorithm.
- * (Apparently, the Apache password algorithm is identical except that the
- * 'magic' string was changed -- the laziest application of the NIH principle
- * I've ever encountered.)
- */
-static char *md5crypt(const char *passwd, const char *magic, const char *salt)
- {
- static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
- unsigned char buf[MD5_DIGEST_LENGTH];
- char *salt_out;
- int n;
- unsigned int i;
- EVP_MD_CTX md,md2;
- size_t passwd_len, salt_len;
-
- passwd_len = strlen(passwd);
- out_buf[0] = '$';
- out_buf[1] = 0;
- assert(strlen(magic) <= 4); /* "1" or "apr1" */
- strncat(out_buf, magic, 4);
- strncat(out_buf, "$", 1);
- strncat(out_buf, salt, 8);
- assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
- salt_out = out_buf + 2 + strlen(magic);
- salt_len = strlen(salt_out);
- assert(salt_len <= 8);
-
- EVP_MD_CTX_init(&md);
- EVP_DigestInit_ex(&md,EVP_md5(), NULL);
- EVP_DigestUpdate(&md, passwd, passwd_len);
- EVP_DigestUpdate(&md, "$", 1);
- EVP_DigestUpdate(&md, magic, strlen(magic));
- EVP_DigestUpdate(&md, "$", 1);
- EVP_DigestUpdate(&md, salt_out, salt_len);
-
- EVP_MD_CTX_init(&md2);
- EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
- EVP_DigestUpdate(&md2, passwd, passwd_len);
- EVP_DigestUpdate(&md2, salt_out, salt_len);
- EVP_DigestUpdate(&md2, passwd, passwd_len);
- EVP_DigestFinal_ex(&md2, buf, NULL);
-
- for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
- EVP_DigestUpdate(&md, buf, sizeof buf);
- EVP_DigestUpdate(&md, buf, i);
-
- n = passwd_len;
- while (n)
- {
- EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
- n >>= 1;
- }
- EVP_DigestFinal_ex(&md, buf, NULL);
-
- for (i = 0; i < 1000; i++)
- {
- EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
- EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,
- (i & 1) ? passwd_len : sizeof buf);
- if (i % 3)
- EVP_DigestUpdate(&md2, salt_out, salt_len);
- if (i % 7)
- EVP_DigestUpdate(&md2, passwd, passwd_len);
- EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd,
- (i & 1) ? sizeof buf : passwd_len);
- EVP_DigestFinal_ex(&md2, buf, NULL);
- }
- EVP_MD_CTX_cleanup(&md2);
-
- {
- /* transform buf into output string */
-
- unsigned char buf_perm[sizeof buf];
- int dest, source;
- char *output;
-
- /* silly output permutation */
- for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17)
- buf_perm[dest] = buf[source];
- buf_perm[14] = buf[5];
- buf_perm[15] = buf[11];
-#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */
- assert(16 == sizeof buf_perm);
-#endif
-
- output = salt_out + salt_len;
- assert(output == out_buf + strlen(out_buf));
-
- *output++ = '$';
-
- for (i = 0; i < 15; i += 3)
- {
- *output++ = cov_2char[buf_perm[i+2] & 0x3f];
- *output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) |
- (buf_perm[i+2] >> 6)];
- *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
- (buf_perm[i+1] >> 4)];
- *output++ = cov_2char[buf_perm[i] >> 2];
- }
- assert(i == 15);
- *output++ = cov_2char[buf_perm[i] & 0x3f];
- *output++ = cov_2char[buf_perm[i] >> 6];
- *output = 0;
- assert(strlen(out_buf) < sizeof(out_buf));
- }
- EVP_MD_CTX_cleanup(&md);
-
- return out_buf;
- }
-#endif
-
-
-static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
- char *passwd, BIO *out, int quiet, int table, int reverse,
- size_t pw_maxlen, int usecrypt, int use1, int useapr1)
- {
- char *hash = NULL;
-
- assert(salt_p != NULL);
- assert(salt_malloc_p != NULL);
-
- /* first make sure we have a salt */
- if (!passed_salt)
- {
-#ifndef OPENSSL_NO_DES
- if (usecrypt)
- {
- if (*salt_malloc_p == NULL)
- {
- *salt_p = *salt_malloc_p = OPENSSL_malloc(3);
- if (*salt_malloc_p == NULL)
- goto err;
- }
- if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
- goto err;
- (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
- (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
- (*salt_p)[2] = 0;
-#ifdef CHARSET_EBCDIC
- ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert
- * back to ASCII */
-#endif
- }
-#endif /* !OPENSSL_NO_DES */
-
-#ifndef NO_MD5CRYPT_1
- if (use1 || useapr1)
- {
- int i;
-
- if (*salt_malloc_p == NULL)
- {
- *salt_p = *salt_malloc_p = OPENSSL_malloc(9);
- if (*salt_malloc_p == NULL)
- goto err;
- }
- if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
- goto err;
-
- for (i = 0; i < 8; i++)
- (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
- (*salt_p)[8] = 0;
- }
-#endif /* !NO_MD5CRYPT_1 */
- }
-
- assert(*salt_p != NULL);
-
- /* truncate password if necessary */
- if ((strlen(passwd) > pw_maxlen))
- {
- if (!quiet)
- /* XXX: really we should know how to print a size_t, not cast it */
- BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen);
- passwd[pw_maxlen] = 0;
- }
- assert(strlen(passwd) <= pw_maxlen);
-
- /* now compute password hash */
-#ifndef OPENSSL_NO_DES
- if (usecrypt)
- hash = DES_crypt(passwd, *salt_p);
-#endif
-#ifndef NO_MD5CRYPT_1
- if (use1 || useapr1)
- hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
-#endif
- assert(hash != NULL);
-
- if (table && !reverse)
- BIO_printf(out, "%s\t%s\n", passwd, hash);
- else if (table && reverse)
- BIO_printf(out, "%s\t%s\n", hash, passwd);
- else
- BIO_printf(out, "%s\n", hash);
- return 1;
-
-err:
- return 0;
- }
-#else
-
-int MAIN(int argc, char **argv)
- {
- fputs("Program not available.\n", stderr)
- OPENSSL_EXIT(1);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/passwd.c (from rev 6976, vendor-crypto/openssl/dist/apps/passwd.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/passwd.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/passwd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,494 @@
+/* apps/passwd.c */
+
+#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
+# define NO_MD5CRYPT_1
+#endif
+
+#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
+
+# include <assert.h>
+# include <string.h>
+
+# include "apps.h"
+
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/rand.h>
+# ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+# endif
+# ifndef NO_MD5CRYPT_1
+# include <openssl/md5.h>
+# endif
+
+# undef PROG
+# define PROG passwd_main
+
+static unsigned const char cov_2char[64] = {
+ /* from crypto/des/fcrypt.c */
+ 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+ 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
+ 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
+ 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
+ 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
+ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
+ 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
+ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
+};
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+ char *passwd, BIO *out, int quiet, int table,
+ int reverse, size_t pw_maxlen, int usecrypt, int use1,
+ int useapr1);
+
+/*-
+ * -crypt - standard Unix password algorithm (default)
+ * -1 - MD5-based password algorithm
+ * -apr1 - MD5-based password algorithm, Apache variant
+ * -salt string - salt
+ * -in file - read passwords from file
+ * -stdin - read passwords from stdin
+ * -noverify - never verify when reading password from terminal
+ * -quiet - no warnings
+ * -table - format output as table
+ * -reverse - switch table columns
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int ret = 1;
+ char *infile = NULL;
+ int in_stdin = 0;
+ int in_noverify = 0;
+ char *salt = NULL, *passwd = NULL, **passwds = NULL;
+ char *salt_malloc = NULL, *passwd_malloc = NULL;
+ size_t passwd_malloc_size = 0;
+ int pw_source_defined = 0;
+ BIO *in = NULL, *out = NULL;
+ int i, badopt, opt_done;
+ int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
+ int usecrypt = 0, use1 = 0, useapr1 = 0;
+ size_t pw_maxlen = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto err;
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ goto err;
+ BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+
+ badopt = 0, opt_done = 0;
+ i = 0;
+ while (!badopt && !opt_done && argv[++i] != NULL) {
+ if (strcmp(argv[i], "-crypt") == 0)
+ usecrypt = 1;
+ else if (strcmp(argv[i], "-1") == 0)
+ use1 = 1;
+ else if (strcmp(argv[i], "-apr1") == 0)
+ useapr1 = 1;
+ else if (strcmp(argv[i], "-salt") == 0) {
+ if ((argv[i + 1] != NULL) && (salt == NULL)) {
+ passed_salt = 1;
+ salt = argv[++i];
+ } else
+ badopt = 1;
+ } else if (strcmp(argv[i], "-in") == 0) {
+ if ((argv[i + 1] != NULL) && !pw_source_defined) {
+ pw_source_defined = 1;
+ infile = argv[++i];
+ } else
+ badopt = 1;
+ } else if (strcmp(argv[i], "-stdin") == 0) {
+ if (!pw_source_defined) {
+ pw_source_defined = 1;
+ in_stdin = 1;
+ } else
+ badopt = 1;
+ } else if (strcmp(argv[i], "-noverify") == 0)
+ in_noverify = 1;
+ else if (strcmp(argv[i], "-quiet") == 0)
+ quiet = 1;
+ else if (strcmp(argv[i], "-table") == 0)
+ table = 1;
+ else if (strcmp(argv[i], "-reverse") == 0)
+ reverse = 1;
+ else if (argv[i][0] == '-')
+ badopt = 1;
+ else if (!pw_source_defined)
+ /* non-option arguments, use as passwords */
+ {
+ pw_source_defined = 1;
+ passwds = &argv[i];
+ opt_done = 1;
+ } else
+ badopt = 1;
+ }
+
+ if (!usecrypt && !use1 && !useapr1) /* use default */
+ usecrypt = 1;
+ if (usecrypt + use1 + useapr1 > 1) /* conflict */
+ badopt = 1;
+
+ /* reject unsupported algorithms */
+# ifdef OPENSSL_NO_DES
+ if (usecrypt)
+ badopt = 1;
+# endif
+# ifdef NO_MD5CRYPT_1
+ if (use1 || useapr1)
+ badopt = 1;
+# endif
+
+ if (badopt) {
+ BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
+ BIO_printf(bio_err, "where options are\n");
+# ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err,
+ "-crypt standard Unix password algorithm (default)\n");
+# endif
+# ifndef NO_MD5CRYPT_1
+ BIO_printf(bio_err,
+ "-1 MD5-based password algorithm\n");
+ BIO_printf(bio_err,
+ "-apr1 MD5-based password algorithm, Apache variant\n");
+# endif
+ BIO_printf(bio_err, "-salt string use provided salt\n");
+ BIO_printf(bio_err, "-in file read passwords from file\n");
+ BIO_printf(bio_err, "-stdin read passwords from stdin\n");
+ BIO_printf(bio_err,
+ "-noverify never verify when reading password from terminal\n");
+ BIO_printf(bio_err, "-quiet no warnings\n");
+ BIO_printf(bio_err, "-table format output as table\n");
+ BIO_printf(bio_err, "-reverse switch table columns\n");
+
+ goto err;
+ }
+
+ if ((infile != NULL) || in_stdin) {
+ in = BIO_new(BIO_s_file());
+ if (in == NULL)
+ goto err;
+ if (infile != NULL) {
+ assert(in_stdin == 0);
+ if (BIO_read_filename(in, infile) <= 0)
+ goto err;
+ } else {
+ assert(in_stdin);
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ }
+ }
+
+ if (usecrypt)
+ pw_maxlen = 8;
+ else if (use1 || useapr1)
+ pw_maxlen = 256; /* arbitrary limit, should be enough for most
+ * passwords */
+
+ if (passwds == NULL) {
+ /* no passwords on the command line */
+
+ passwd_malloc_size = pw_maxlen + 2;
+ /*
+ * longer than necessary so that we can warn about truncation
+ */
+ passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
+ if (passwd_malloc == NULL)
+ goto err;
+ }
+
+ if ((in == NULL) && (passwds == NULL)) {
+ /* build a null-terminated list */
+ static char *passwds_static[2] = { NULL, NULL };
+
+ passwds = passwds_static;
+ if (in == NULL)
+ if (EVP_read_pw_string
+ (passwd_malloc, passwd_malloc_size, "Password: ",
+ !(passed_salt || in_noverify)) != 0)
+ goto err;
+ passwds[0] = passwd_malloc;
+ }
+
+ if (in == NULL) {
+ assert(passwds != NULL);
+ assert(*passwds != NULL);
+
+ do { /* loop over list of passwords */
+ passwd = *passwds++;
+ if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
+ quiet, table, reverse, pw_maxlen, usecrypt, use1,
+ useapr1))
+ goto err;
+ }
+ while (*passwds != NULL);
+ } else
+ /* in != NULL */
+ {
+ int done;
+
+ assert(passwd != NULL);
+ do {
+ int r = BIO_gets(in, passwd, pw_maxlen + 1);
+ if (r > 0) {
+ char *c = (strchr(passwd, '\n'));
+ if (c != NULL)
+ *c = 0; /* truncate at newline */
+ else {
+ /* ignore rest of line */
+ char trash[BUFSIZ];
+ do
+ r = BIO_gets(in, trash, sizeof trash);
+ while ((r > 0) && (!strchr(trash, '\n')));
+ }
+
+ if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
+ quiet, table, reverse, pw_maxlen, usecrypt,
+ use1, useapr1))
+ goto err;
+ }
+ done = (r <= 0);
+ }
+ while (!done);
+ }
+ ret = 0;
+
+ err:
+ ERR_print_errors(bio_err);
+ if (salt_malloc)
+ OPENSSL_free(salt_malloc);
+ if (passwd_malloc)
+ OPENSSL_free(passwd_malloc);
+ if (in)
+ BIO_free(in);
+ if (out)
+ BIO_free_all(out);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+# ifndef NO_MD5CRYPT_1
+/*
+ * MD5-based password algorithm (should probably be available as a library
+ * function; then the static buffer would not be acceptable). For magic
+ * string "1", this should be compatible to the MD5-based BSD password
+ * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
+ * Apache password algorithm. (Apparently, the Apache password algorithm is
+ * identical except that the 'magic' string was changed -- the laziest
+ * application of the NIH principle I've ever encountered.)
+ */
+static char *md5crypt(const char *passwd, const char *magic, const char *salt)
+{
+ /* "$apr1$..salt..$.......md5hash..........\0" */
+ static char out_buf[6 + 9 + 24 + 2];
+ unsigned char buf[MD5_DIGEST_LENGTH];
+ char *salt_out;
+ int n;
+ unsigned int i;
+ EVP_MD_CTX md, md2;
+ size_t passwd_len, salt_len;
+
+ passwd_len = strlen(passwd);
+ out_buf[0] = '$';
+ out_buf[1] = 0;
+ assert(strlen(magic) <= 4); /* "1" or "apr1" */
+ strncat(out_buf, magic, 4);
+ strncat(out_buf, "$", 1);
+ strncat(out_buf, salt, 8);
+ assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
+ salt_out = out_buf + 2 + strlen(magic);
+ salt_len = strlen(salt_out);
+ assert(salt_len <= 8);
+
+ EVP_MD_CTX_init(&md);
+ EVP_DigestInit_ex(&md, EVP_md5(), NULL);
+ EVP_DigestUpdate(&md, passwd, passwd_len);
+ EVP_DigestUpdate(&md, "$", 1);
+ EVP_DigestUpdate(&md, magic, strlen(magic));
+ EVP_DigestUpdate(&md, "$", 1);
+ EVP_DigestUpdate(&md, salt_out, salt_len);
+
+ EVP_MD_CTX_init(&md2);
+ EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
+ EVP_DigestUpdate(&md2, passwd, passwd_len);
+ EVP_DigestUpdate(&md2, salt_out, salt_len);
+ EVP_DigestUpdate(&md2, passwd, passwd_len);
+ EVP_DigestFinal_ex(&md2, buf, NULL);
+
+ for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
+ EVP_DigestUpdate(&md, buf, sizeof buf);
+ EVP_DigestUpdate(&md, buf, i);
+
+ n = passwd_len;
+ while (n) {
+ EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
+ n >>= 1;
+ }
+ EVP_DigestFinal_ex(&md, buf, NULL);
+
+ for (i = 0; i < 1000; i++) {
+ EVP_DigestInit_ex(&md2, EVP_md5(), NULL);
+ EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *)passwd : buf,
+ (i & 1) ? passwd_len : sizeof buf);
+ if (i % 3)
+ EVP_DigestUpdate(&md2, salt_out, salt_len);
+ if (i % 7)
+ EVP_DigestUpdate(&md2, passwd, passwd_len);
+ EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *)passwd,
+ (i & 1) ? sizeof buf : passwd_len);
+ EVP_DigestFinal_ex(&md2, buf, NULL);
+ }
+ EVP_MD_CTX_cleanup(&md2);
+
+ {
+ /* transform buf into output string */
+
+ unsigned char buf_perm[sizeof buf];
+ int dest, source;
+ char *output;
+
+ /* silly output permutation */
+ for (dest = 0, source = 0; dest < 14;
+ dest++, source = (source + 6) % 17)
+ buf_perm[dest] = buf[source];
+ buf_perm[14] = buf[5];
+ buf_perm[15] = buf[11];
+# ifndef PEDANTIC /* Unfortunately, this generates a "no
+ * effect" warning */
+ assert(16 == sizeof buf_perm);
+# endif
+
+ output = salt_out + salt_len;
+ assert(output == out_buf + strlen(out_buf));
+
+ *output++ = '$';
+
+ for (i = 0; i < 15; i += 3) {
+ *output++ = cov_2char[buf_perm[i + 2] & 0x3f];
+ *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
+ (buf_perm[i + 2] >> 6)];
+ *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
+ (buf_perm[i + 1] >> 4)];
+ *output++ = cov_2char[buf_perm[i] >> 2];
+ }
+ assert(i == 15);
+ *output++ = cov_2char[buf_perm[i] & 0x3f];
+ *output++ = cov_2char[buf_perm[i] >> 6];
+ *output = 0;
+ assert(strlen(out_buf) < sizeof(out_buf));
+ }
+ EVP_MD_CTX_cleanup(&md);
+
+ return out_buf;
+}
+# endif
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+ char *passwd, BIO *out, int quiet, int table,
+ int reverse, size_t pw_maxlen, int usecrypt, int use1,
+ int useapr1)
+{
+ char *hash = NULL;
+
+ assert(salt_p != NULL);
+ assert(salt_malloc_p != NULL);
+
+ /* first make sure we have a salt */
+ if (!passed_salt) {
+# ifndef OPENSSL_NO_DES
+ if (usecrypt) {
+ if (*salt_malloc_p == NULL) {
+ *salt_p = *salt_malloc_p = OPENSSL_malloc(3);
+ if (*salt_malloc_p == NULL)
+ goto err;
+ }
+ if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
+ goto err;
+ (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
+ (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
+ (*salt_p)[2] = 0;
+# ifdef CHARSET_EBCDIC
+ ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert back
+ * to ASCII */
+# endif
+ }
+# endif /* !OPENSSL_NO_DES */
+
+# ifndef NO_MD5CRYPT_1
+ if (use1 || useapr1) {
+ int i;
+
+ if (*salt_malloc_p == NULL) {
+ *salt_p = *salt_malloc_p = OPENSSL_malloc(9);
+ if (*salt_malloc_p == NULL)
+ goto err;
+ }
+ if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
+ goto err;
+
+ for (i = 0; i < 8; i++)
+ (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
+ (*salt_p)[8] = 0;
+ }
+# endif /* !NO_MD5CRYPT_1 */
+ }
+
+ assert(*salt_p != NULL);
+
+ /* truncate password if necessary */
+ if ((strlen(passwd) > pw_maxlen)) {
+ if (!quiet)
+ /*
+ * XXX: really we should know how to print a size_t, not cast it
+ */
+ BIO_printf(bio_err,
+ "Warning: truncating password to %u characters\n",
+ (unsigned)pw_maxlen);
+ passwd[pw_maxlen] = 0;
+ }
+ assert(strlen(passwd) <= pw_maxlen);
+
+ /* now compute password hash */
+# ifndef OPENSSL_NO_DES
+ if (usecrypt)
+ hash = DES_crypt(passwd, *salt_p);
+# endif
+# ifndef NO_MD5CRYPT_1
+ if (use1 || useapr1)
+ hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
+# endif
+ assert(hash != NULL);
+
+ if (table && !reverse)
+ BIO_printf(out, "%s\t%s\n", passwd, hash);
+ else if (table && reverse)
+ BIO_printf(out, "%s\t%s\n", hash, passwd);
+ else
+ BIO_printf(out, "%s\n", hash);
+ return 1;
+
+ err:
+ return 0;
+}
+#else
+
+int MAIN(int argc, char **argv)
+{
+ fputs("Program not available.\n", stderr)
+ OPENSSL_EXIT(1);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/pkcs12.c
===================================================================
--- vendor-crypto/openssl/dist/apps/pkcs12.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/pkcs12.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,971 +0,0 @@
-/* pkcs12.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-
-#ifdef OPENSSL_SYS_NETWARE
-/* Rename these functions to avoid name clashes on NetWare OS */
-#define uni2asc OPENSSL_uni2asc
-#define asc2uni OPENSSL_asc2uni
-#endif
-
-#define PROG pkcs12_main
-
-const EVP_CIPHER *enc;
-
-
-#define NOKEYS 0x1
-#define NOCERTS 0x2
-#define INFO 0x4
-#define CLCERTS 0x8
-#define CACERTS 0x10
-
-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
- int passlen, int options, char *pempass);
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
-void hex_prin(BIO *out, unsigned char *buf, int len);
-int alg_print(BIO *x, X509_ALGOR *alg);
-int cert_load(BIO *in, STACK_OF(X509) *sk);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
- ENGINE *e = NULL;
- char *infile=NULL, *outfile=NULL, *keyname = NULL;
- char *certfile=NULL;
- BIO *in=NULL, *out = NULL;
- char **args;
- char *name = NULL;
- char *csp_name = NULL;
- int add_lmk = 0;
- PKCS12 *p12 = NULL;
- char pass[50], macpass[50];
- int export_cert = 0;
- int options = 0;
- int chain = 0;
- int badarg = 0;
- int iter = PKCS12_DEFAULT_ITER;
- int maciter = PKCS12_DEFAULT_ITER;
- int twopass = 0;
- int keytype = 0;
- int cert_pbe;
- int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- int ret = 1;
- int macver = 1;
- int noprompt = 0;
- STACK *canames = NULL;
- char *cpass = NULL, *mpass = NULL;
- char *passargin = NULL, *passargout = NULL, *passarg = NULL;
- char *passin = NULL, *passout = NULL;
- char *inrand = NULL;
- char *CApath = NULL, *CAfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- apps_startup();
-
-#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- else
-#endif
- cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
-
- enc = EVP_des_ede3_cbc();
- if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- args = argv + 1;
-
-
- while (*args) {
- if (*args[0] == '-') {
- if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
- else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
- else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
- else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
- else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
- else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
- else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
- else if (!strcmp (*args, "-info")) options |= INFO;
- else if (!strcmp (*args, "-chain")) chain = 1;
- else if (!strcmp (*args, "-twopass")) twopass = 1;
- else if (!strcmp (*args, "-nomacver")) macver = 0;
- else if (!strcmp (*args, "-descert"))
- cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- else if (!strcmp (*args, "-export")) export_cert = 1;
- else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
- else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
-#ifndef OPENSSL_NO_IDEA
- else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
-#endif
-#ifndef OPENSSL_NO_SEED
- else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
- else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
- else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
- else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
- else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
- else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
-#endif
- else if (!strcmp (*args, "-noiter")) iter = 1;
- else if (!strcmp (*args, "-maciter"))
- maciter = PKCS12_DEFAULT_ITER;
- else if (!strcmp (*args, "-nomaciter"))
- maciter = 1;
- else if (!strcmp (*args, "-nomac"))
- maciter = -1;
- else if (!strcmp (*args, "-nodes")) enc=NULL;
- else if (!strcmp (*args, "-certpbe")) {
- if (args[1]) {
- args++;
- if (!strcmp(*args, "NONE"))
- cert_pbe = -1;
- else
- cert_pbe=OBJ_txt2nid(*args);
- if(cert_pbe == NID_undef) {
- BIO_printf(bio_err,
- "Unknown PBE algorithm %s\n", *args);
- badarg = 1;
- }
- } else badarg = 1;
- } else if (!strcmp (*args, "-keypbe")) {
- if (args[1]) {
- args++;
- if (!strcmp(*args, "NONE"))
- key_pbe = -1;
- else
- key_pbe=OBJ_txt2nid(*args);
- if(key_pbe == NID_undef) {
- BIO_printf(bio_err,
- "Unknown PBE algorithm %s\n", *args);
- badarg = 1;
- }
- } else badarg = 1;
- } else if (!strcmp (*args, "-rand")) {
- if (args[1]) {
- args++;
- inrand = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-inkey")) {
- if (args[1]) {
- args++;
- keyname = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-certfile")) {
- if (args[1]) {
- args++;
- certfile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-name")) {
- if (args[1]) {
- args++;
- name = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-LMK"))
- add_lmk = 1;
- else if (!strcmp (*args, "-CSP")) {
- if (args[1]) {
- args++;
- csp_name = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-caname")) {
- if (args[1]) {
- args++;
- if (!canames) canames = sk_new_null();
- sk_push(canames, *args);
- } else badarg = 1;
- } else if (!strcmp (*args, "-in")) {
- if (args[1]) {
- args++;
- infile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-out")) {
- if (args[1]) {
- args++;
- outfile = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-passin")) {
- if (args[1]) {
- args++;
- passargin = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-passout")) {
- if (args[1]) {
- args++;
- passargout = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-password")) {
- if (args[1]) {
- args++;
- passarg = *args;
- noprompt = 1;
- } else badarg = 1;
- } else if (!strcmp(*args,"-CApath")) {
- if (args[1]) {
- args++;
- CApath = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-CAfile")) {
- if (args[1]) {
- args++;
- CAfile = *args;
- } else badarg = 1;
-#ifndef OPENSSL_NO_ENGINE
- } else if (!strcmp(*args,"-engine")) {
- if (args[1]) {
- args++;
- engine = *args;
- } else badarg = 1;
-#endif
- } else badarg = 1;
-
- } else badarg = 1;
- args++;
- }
-
- if (badarg) {
- BIO_printf (bio_err, "Usage: pkcs12 [options]\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-export output PKCS12 file\n");
- BIO_printf (bio_err, "-chain add certificate chain\n");
- BIO_printf (bio_err, "-inkey file private key if not infile\n");
- BIO_printf (bio_err, "-certfile f add all certs in f\n");
- BIO_printf (bio_err, "-CApath arg - PEM format directory of CA's\n");
- BIO_printf (bio_err, "-CAfile arg - PEM format file of CA's\n");
- BIO_printf (bio_err, "-name \"name\" use name as friendly name\n");
- BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
- BIO_printf (bio_err, "-in infile input filename\n");
- BIO_printf (bio_err, "-out outfile output filename\n");
- BIO_printf (bio_err, "-noout don't output anything, just verify.\n");
- BIO_printf (bio_err, "-nomacver don't verify MAC.\n");
- BIO_printf (bio_err, "-nocerts don't output certificates.\n");
- BIO_printf (bio_err, "-clcerts only output client certificates.\n");
- BIO_printf (bio_err, "-cacerts only output CA certificates.\n");
- BIO_printf (bio_err, "-nokeys don't output private keys.\n");
- BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n");
- BIO_printf (bio_err, "-des encrypt private keys with DES\n");
- BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n");
-#ifndef OPENSSL_NO_IDEA
- BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
-#endif
-#ifndef OPENSSL_NO_SEED
- BIO_printf (bio_err, "-seed encrypt private keys with seed\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
-#endif
- BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
- BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
- BIO_printf (bio_err, "-maciter use MAC iteration\n");
- BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
- BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
- BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
- BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
- BIO_printf (bio_err, "-keyex set MS key exchange type\n");
- BIO_printf (bio_err, "-keysig set MS key signature type\n");
- BIO_printf (bio_err, "-password p set import/export password source\n");
- BIO_printf (bio_err, "-passin p input file pass phrase source\n");
- BIO_printf (bio_err, "-passout p output file pass phrase source\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
- BIO_printf(bio_err, " the random number generator\n");
- BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
- BIO_printf(bio_err, "-LMK Add local machine keyset attribute to private key\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if(passarg) {
- if(export_cert) passargout = passarg;
- else passargin = passarg;
- }
-
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
- BIO_printf(bio_err, "Error getting passwords\n");
- goto end;
- }
-
- if(!cpass) {
- if(export_cert) cpass = passout;
- else cpass = passin;
- }
-
- if(cpass) {
- mpass = cpass;
- noprompt = 1;
- } else {
- cpass = pass;
- mpass = macpass;
- }
-
- if(export_cert || inrand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
- ERR_load_crypto_strings();
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("read files");
-#endif
-
- if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
- else in = BIO_new_file(infile, "rb");
- if (!in) {
- BIO_printf(bio_err, "Error opening input file %s\n",
- infile ? infile : "<stdin>");
- perror (infile);
- goto end;
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("write files");
-#endif
-
- if (!outfile) {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- } else out = BIO_new_file(outfile, "wb");
- if (!out) {
- BIO_printf(bio_err, "Error opening output file %s\n",
- outfile ? outfile : "<stdout>");
- perror (outfile);
- goto end;
- }
- if (twopass) {
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("read MAC password");
-#endif
- if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
- {
- BIO_printf (bio_err, "Can't read Password\n");
- goto end;
- }
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
- }
-
- if (export_cert) {
- EVP_PKEY *key = NULL;
- X509 *ucert = NULL, *x = NULL;
- STACK_OF(X509) *certs=NULL;
- unsigned char *catmp = NULL;
- int i;
-
- if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
- {
- BIO_printf(bio_err, "Nothing to do!\n");
- goto export_end;
- }
-
- if (options & NOCERTS)
- chain = 0;
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("process -export_cert");
- CRYPTO_push_info("reading private key");
-#endif
- if (!(options & NOKEYS))
- {
- key = load_key(bio_err, keyname ? keyname : infile,
- FORMAT_PEM, 1, passin, e, "private key");
- if (!key)
- goto export_end;
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading certs from input");
-#endif
-
- /* Load in all certs in input file */
- if(!(options & NOCERTS))
- {
- certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
- "certificates");
- if (!certs)
- goto export_end;
-
- if (key)
- {
- /* Look for matching private key */
- for(i = 0; i < sk_X509_num(certs); i++)
- {
- x = sk_X509_value(certs, i);
- if(X509_check_private_key(x, key))
- {
- ucert = x;
- /* Zero keyid and alias */
- X509_keyid_set1(ucert, NULL, 0);
- X509_alias_set1(ucert, NULL, 0);
- /* Remove from list */
- (void)sk_X509_delete(certs, i);
- break;
- }
- }
- if (!ucert)
- {
- BIO_printf(bio_err, "No certificate matches private key\n");
- goto export_end;
- }
- }
-
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading certs from input 2");
-#endif
-
- /* Add any more certificates asked for */
- if(certfile)
- {
- STACK_OF(X509) *morecerts=NULL;
- if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
- NULL, e,
- "certificates from certfile")))
- goto export_end;
- while(sk_X509_num(morecerts) > 0)
- sk_X509_push(certs, sk_X509_shift(morecerts));
- sk_X509_free(morecerts);
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading certs from certfile");
-#endif
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("building chain");
-#endif
-
- /* If chaining get chain from user cert */
- if (chain) {
- int vret;
- STACK_OF(X509) *chain2;
- X509_STORE *store = X509_STORE_new();
- if (!store)
- {
- BIO_printf (bio_err, "Memory allocation error\n");
- goto export_end;
- }
- if (!X509_STORE_load_locations(store, CAfile, CApath))
- X509_STORE_set_default_paths (store);
-
- vret = get_cert_chain (ucert, store, &chain2);
- X509_STORE_free(store);
-
- if (!vret) {
- /* Exclude verified certificate */
- for (i = 1; i < sk_X509_num (chain2) ; i++)
- sk_X509_push(certs, sk_X509_value (chain2, i));
- /* Free first certificate */
- X509_free(sk_X509_value(chain2, 0));
- sk_X509_free(chain2);
- } else {
- if (vret >= 0)
- BIO_printf (bio_err, "Error %s getting chain.\n",
- X509_verify_cert_error_string(vret));
- else
- ERR_print_errors(bio_err);
- goto export_end;
- }
- }
-
- /* Add any CA names */
-
- for (i = 0; i < sk_num(canames); i++)
- {
- catmp = (unsigned char *)sk_value(canames, i);
- X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
- }
-
- if (csp_name && key)
- EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
- MBSTRING_ASC, (unsigned char *)csp_name, -1);
-
- if (add_lmk && key)
- EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading password");
-#endif
-
- if(!noprompt &&
- EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
- {
- BIO_printf (bio_err, "Can't read Password\n");
- goto export_end;
- }
- if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("creating PKCS#12 structure");
-#endif
-
- p12 = PKCS12_create(cpass, name, key, ucert, certs,
- key_pbe, cert_pbe, iter, -1, keytype);
-
- if (!p12)
- {
- ERR_print_errors (bio_err);
- goto export_end;
- }
-
- if (maciter != -1)
- PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL);
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("writing pkcs12");
-#endif
-
- i2d_PKCS12_bio(out, p12);
-
- ret = 0;
-
- export_end:
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_pop_info();
- CRYPTO_push_info("process -export_cert: freeing");
-#endif
-
- if (key) EVP_PKEY_free(key);
- if (certs) sk_X509_pop_free(certs, X509_free);
- if (ucert) X509_free(ucert);
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
- goto end;
-
- }
-
- if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
- ERR_print_errors(bio_err);
- goto end;
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("read import password");
-#endif
- if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
- BIO_printf (bio_err, "Can't read Password\n");
- goto end;
- }
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
-
- if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
-
- if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
- if(macver) {
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("verify MAC");
-#endif
- /* If we enter empty password try no password first */
- if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
- /* If mac and crypto pass the same set it to NULL too */
- if(!twopass) cpass = NULL;
- } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
- BIO_printf (bio_err, "Mac verify error: invalid password?\n");
- ERR_print_errors (bio_err);
- goto end;
- }
- BIO_printf (bio_err, "MAC verified OK\n");
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("output keys and certificates");
-#endif
- if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) {
- BIO_printf(bio_err, "Error outputting keys and certificates\n");
- ERR_print_errors (bio_err);
- goto end;
- }
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
- ret = 0;
- end:
- if (p12) PKCS12_free(p12);
- if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
-#ifdef CRYPTO_MDEBUG
- CRYPTO_remove_all_info();
-#endif
- BIO_free(in);
- BIO_free_all(out);
- if (canames) sk_free(canames);
- if(passin) OPENSSL_free(passin);
- if(passout) OPENSSL_free(passout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
-}
-
-int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
- int passlen, int options, char *pempass)
-{
- STACK_OF(PKCS7) *asafes = NULL;
- STACK_OF(PKCS12_SAFEBAG) *bags;
- int i, bagnid;
- int ret = 0;
- PKCS7 *p7;
-
- if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
- for (i = 0; i < sk_PKCS7_num (asafes); i++) {
- p7 = sk_PKCS7_value (asafes, i);
- bagnid = OBJ_obj2nid (p7->type);
- if (bagnid == NID_pkcs7_data) {
- bags = PKCS12_unpack_p7data(p7);
- if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
- } else if (bagnid == NID_pkcs7_encrypted) {
- if (options & INFO) {
- BIO_printf(bio_err, "PKCS7 Encrypted data: ");
- alg_print(bio_err,
- p7->d.encrypted->enc_data->algorithm);
- }
- bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
- } else continue;
- if (!bags) goto err;
- if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
- options, pempass)) {
- sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
- goto err;
- }
- sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
- bags = NULL;
- }
- ret = 1;
-
- err:
-
- if (asafes)
- sk_PKCS7_pop_free (asafes, PKCS7_free);
- return ret;
-}
-
-int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
- char *pass, int passlen, int options, char *pempass)
-{
- int i;
- for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
- if (!dump_certs_pkeys_bag (out,
- sk_PKCS12_SAFEBAG_value (bags, i),
- pass, passlen,
- options, pempass))
- return 0;
- }
- return 1;
-}
-
-int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
- int passlen, int options, char *pempass)
-{
- EVP_PKEY *pkey;
- PKCS8_PRIV_KEY_INFO *p8;
- X509 *x509;
-
- switch (M_PKCS12_bag_type(bag))
- {
- case NID_keyBag:
- if (options & INFO) BIO_printf (bio_err, "Key bag\n");
- if (options & NOKEYS) return 1;
- print_attribs (out, bag->attrib, "Bag Attributes");
- p8 = bag->value.keybag;
- if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
- print_attribs (out, p8->attributes, "Key Attributes");
- PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
- EVP_PKEY_free(pkey);
- break;
-
- case NID_pkcs8ShroudedKeyBag:
- if (options & INFO) {
- BIO_printf (bio_err, "Shrouded Keybag: ");
- alg_print (bio_err, bag->value.shkeybag->algor);
- }
- if (options & NOKEYS) return 1;
- print_attribs (out, bag->attrib, "Bag Attributes");
- if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
- return 0;
- if (!(pkey = EVP_PKCS82PKEY (p8))) {
- PKCS8_PRIV_KEY_INFO_free(p8);
- return 0;
- }
- print_attribs (out, p8->attributes, "Key Attributes");
- PKCS8_PRIV_KEY_INFO_free(p8);
- PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
- EVP_PKEY_free(pkey);
- break;
-
- case NID_certBag:
- if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
- if (options & NOCERTS) return 1;
- if (PKCS12_get_attr(bag, NID_localKeyID)) {
- if (options & CACERTS) return 1;
- } else if (options & CLCERTS) return 1;
- print_attribs (out, bag->attrib, "Bag Attributes");
- if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
- return 1;
- if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
- dump_cert_text (out, x509);
- PEM_write_bio_X509 (out, x509);
- X509_free(x509);
- break;
-
- case NID_safeContentsBag:
- if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
- print_attribs (out, bag->attrib, "Bag Attributes");
- return dump_certs_pkeys_bags (out, bag->value.safes, pass,
- passlen, options, pempass);
-
- default:
- BIO_printf (bio_err, "Warning unsupported bag type: ");
- i2a_ASN1_OBJECT (bio_err, bag->type);
- BIO_printf (bio_err, "\n");
- return 1;
- break;
- }
- return 1;
-}
-
-/* Given a single certificate return a verified chain or NULL if error */
-
-/* Hope this is OK .... */
-
-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
-{
- X509_STORE_CTX store_ctx;
- STACK_OF(X509) *chn;
- int i = 0;
-
- /* FIXME: Should really check the return status of X509_STORE_CTX_init
- * for an error, but how that fits into the return value of this
- * function is less obvious. */
- X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
- if (X509_verify_cert(&store_ctx) <= 0) {
- i = X509_STORE_CTX_get_error (&store_ctx);
- if (i == 0)
- /* avoid returning 0 if X509_verify_cert() did not
- * set an appropriate error value in the context */
- i = -1;
- chn = NULL;
- goto err;
- } else
- chn = X509_STORE_CTX_get1_chain(&store_ctx);
-err:
- X509_STORE_CTX_cleanup(&store_ctx);
- *chain = chn;
-
- return i;
-}
-
-int alg_print (BIO *x, X509_ALGOR *alg)
-{
- PBEPARAM *pbe;
- const unsigned char *p;
- p = alg->parameter->value.sequence->data;
- pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
- if (!pbe)
- return 1;
- BIO_printf (bio_err, "%s, Iteration %ld\n",
- OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
- ASN1_INTEGER_get(pbe->iter));
- PBEPARAM_free (pbe);
- return 1;
-}
-
-/* Load all certificates from a given file */
-
-int cert_load(BIO *in, STACK_OF(X509) *sk)
-{
- int ret;
- X509 *cert;
- ret = 0;
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("cert_load(): reading one cert");
-#endif
- while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
- ret = 1;
- sk_X509_push(sk, cert);
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("cert_load(): reading one cert");
-#endif
- }
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
- if(ret) ERR_clear_error();
- return ret;
-}
-
-/* Generalised attribute print: handle PKCS#8 and bag attributes */
-
-int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
-{
- X509_ATTRIBUTE *attr;
- ASN1_TYPE *av;
- char *value;
- int i, attr_nid;
- if(!attrlst) {
- BIO_printf(out, "%s: <No Attributes>\n", name);
- return 1;
- }
- if(!sk_X509_ATTRIBUTE_num(attrlst)) {
- BIO_printf(out, "%s: <Empty Attributes>\n", name);
- return 1;
- }
- BIO_printf(out, "%s\n", name);
- for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
- attr = sk_X509_ATTRIBUTE_value(attrlst, i);
- attr_nid = OBJ_obj2nid(attr->object);
- BIO_printf(out, " ");
- if(attr_nid == NID_undef) {
- i2a_ASN1_OBJECT (out, attr->object);
- BIO_printf(out, ": ");
- } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
-
- if(sk_ASN1_TYPE_num(attr->value.set)) {
- av = sk_ASN1_TYPE_value(attr->value.set, 0);
- switch(av->type) {
- case V_ASN1_BMPSTRING:
- value = uni2asc(av->value.bmpstring->data,
- av->value.bmpstring->length);
- BIO_printf(out, "%s\n", value);
- OPENSSL_free(value);
- break;
-
- case V_ASN1_OCTET_STRING:
- hex_prin(out, av->value.octet_string->data,
- av->value.octet_string->length);
- BIO_printf(out, "\n");
- break;
-
- case V_ASN1_BIT_STRING:
- hex_prin(out, av->value.bit_string->data,
- av->value.bit_string->length);
- BIO_printf(out, "\n");
- break;
-
- default:
- BIO_printf(out, "<Unsupported tag %d>\n", av->type);
- break;
- }
- } else BIO_printf(out, "<No Values>\n");
- }
- return 1;
-}
-
-void hex_prin(BIO *out, unsigned char *buf, int len)
-{
- int i;
- for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
-}
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/pkcs12.c (from rev 6976, vendor-crypto/openssl/dist/apps/pkcs12.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/pkcs12.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/pkcs12.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1060 @@
+/* pkcs12.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include "apps.h"
+# include <openssl/crypto.h>
+# include <openssl/err.h>
+# include <openssl/pem.h>
+# include <openssl/pkcs12.h>
+
+# ifdef OPENSSL_SYS_NETWARE
+/* Rename these functions to avoid name clashes on NetWare OS */
+# define uni2asc OPENSSL_uni2asc
+# define asc2uni OPENSSL_asc2uni
+# endif
+
+# define PROG pkcs12_main
+
+const EVP_CIPHER *enc;
+
+# define NOKEYS 0x1
+# define NOCERTS 0x2
+# define INFO 0x4
+# define CLCERTS 0x8
+# define CACERTS 0x10
+
+int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
+ int options, char *pempass);
+int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
+ char *pass, int passlen, int options,
+ char *pempass);
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
+ int passlen, int options, char *pempass);
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
+ const char *name);
+void hex_prin(BIO *out, unsigned char *buf, int len);
+int alg_print(BIO *x, X509_ALGOR *alg);
+int cert_load(BIO *in, STACK_OF(X509) *sk);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ char *infile = NULL, *outfile = NULL, *keyname = NULL;
+ char *certfile = NULL;
+ BIO *in = NULL, *out = NULL;
+ char **args;
+ char *name = NULL;
+ char *csp_name = NULL;
+ int add_lmk = 0;
+ PKCS12 *p12 = NULL;
+ char pass[50], macpass[50];
+ int export_cert = 0;
+ int options = 0;
+ int chain = 0;
+ int badarg = 0;
+ int iter = PKCS12_DEFAULT_ITER;
+ int maciter = PKCS12_DEFAULT_ITER;
+ int twopass = 0;
+ int keytype = 0;
+ int cert_pbe;
+ int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ int ret = 1;
+ int macver = 1;
+ int noprompt = 0;
+ STACK *canames = NULL;
+ char *cpass = NULL, *mpass = NULL;
+ char *passargin = NULL, *passargout = NULL, *passarg = NULL;
+ char *passin = NULL, *passout = NULL;
+ char *inrand = NULL;
+ char *CApath = NULL, *CAfile = NULL;
+# ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+# endif
+
+ apps_startup();
+
+# ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+# endif
+ cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
+ enc = EVP_des_ede3_cbc();
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ args = argv + 1;
+
+ while (*args) {
+ if (*args[0] == '-') {
+ if (!strcmp(*args, "-nokeys"))
+ options |= NOKEYS;
+ else if (!strcmp(*args, "-keyex"))
+ keytype = KEY_EX;
+ else if (!strcmp(*args, "-keysig"))
+ keytype = KEY_SIG;
+ else if (!strcmp(*args, "-nocerts"))
+ options |= NOCERTS;
+ else if (!strcmp(*args, "-clcerts"))
+ options |= CLCERTS;
+ else if (!strcmp(*args, "-cacerts"))
+ options |= CACERTS;
+ else if (!strcmp(*args, "-noout"))
+ options |= (NOKEYS | NOCERTS);
+ else if (!strcmp(*args, "-info"))
+ options |= INFO;
+ else if (!strcmp(*args, "-chain"))
+ chain = 1;
+ else if (!strcmp(*args, "-twopass"))
+ twopass = 1;
+ else if (!strcmp(*args, "-nomacver"))
+ macver = 0;
+ else if (!strcmp(*args, "-descert"))
+ cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else if (!strcmp(*args, "-export"))
+ export_cert = 1;
+ else if (!strcmp(*args, "-des"))
+ enc = EVP_des_cbc();
+ else if (!strcmp(*args, "-des3"))
+ enc = EVP_des_ede3_cbc();
+# ifndef OPENSSL_NO_IDEA
+ else if (!strcmp(*args, "-idea"))
+ enc = EVP_idea_cbc();
+# endif
+# ifndef OPENSSL_NO_SEED
+ else if (!strcmp(*args, "-seed"))
+ enc = EVP_seed_cbc();
+# endif
+# ifndef OPENSSL_NO_AES
+ else if (!strcmp(*args, "-aes128"))
+ enc = EVP_aes_128_cbc();
+ else if (!strcmp(*args, "-aes192"))
+ enc = EVP_aes_192_cbc();
+ else if (!strcmp(*args, "-aes256"))
+ enc = EVP_aes_256_cbc();
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ else if (!strcmp(*args, "-camellia128"))
+ enc = EVP_camellia_128_cbc();
+ else if (!strcmp(*args, "-camellia192"))
+ enc = EVP_camellia_192_cbc();
+ else if (!strcmp(*args, "-camellia256"))
+ enc = EVP_camellia_256_cbc();
+# endif
+ else if (!strcmp(*args, "-noiter"))
+ iter = 1;
+ else if (!strcmp(*args, "-maciter"))
+ maciter = PKCS12_DEFAULT_ITER;
+ else if (!strcmp(*args, "-nomaciter"))
+ maciter = 1;
+ else if (!strcmp(*args, "-nomac"))
+ maciter = -1;
+ else if (!strcmp(*args, "-nodes"))
+ enc = NULL;
+ else if (!strcmp(*args, "-certpbe")) {
+ if (args[1]) {
+ args++;
+ if (!strcmp(*args, "NONE"))
+ cert_pbe = -1;
+ else
+ cert_pbe = OBJ_txt2nid(*args);
+ if (cert_pbe == NID_undef) {
+ BIO_printf(bio_err,
+ "Unknown PBE algorithm %s\n", *args);
+ badarg = 1;
+ }
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-keypbe")) {
+ if (args[1]) {
+ args++;
+ if (!strcmp(*args, "NONE"))
+ key_pbe = -1;
+ else
+ key_pbe = OBJ_txt2nid(*args);
+ if (key_pbe == NID_undef) {
+ BIO_printf(bio_err,
+ "Unknown PBE algorithm %s\n", *args);
+ badarg = 1;
+ }
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-rand")) {
+ if (args[1]) {
+ args++;
+ inrand = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-inkey")) {
+ if (args[1]) {
+ args++;
+ keyname = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-certfile")) {
+ if (args[1]) {
+ args++;
+ certfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-name")) {
+ if (args[1]) {
+ args++;
+ name = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-LMK"))
+ add_lmk = 1;
+ else if (!strcmp(*args, "-CSP")) {
+ if (args[1]) {
+ args++;
+ csp_name = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-caname")) {
+ if (args[1]) {
+ args++;
+ if (!canames)
+ canames = sk_new_null();
+ sk_push(canames, *args);
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-in")) {
+ if (args[1]) {
+ args++;
+ infile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-out")) {
+ if (args[1]) {
+ args++;
+ outfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-passin")) {
+ if (args[1]) {
+ args++;
+ passargin = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-passout")) {
+ if (args[1]) {
+ args++;
+ passargout = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-password")) {
+ if (args[1]) {
+ args++;
+ passarg = *args;
+ noprompt = 1;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CApath")) {
+ if (args[1]) {
+ args++;
+ CApath = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CAfile")) {
+ if (args[1]) {
+ args++;
+ CAfile = *args;
+ } else
+ badarg = 1;
+# ifndef OPENSSL_NO_ENGINE
+ } else if (!strcmp(*args, "-engine")) {
+ if (args[1]) {
+ args++;
+ engine = *args;
+ } else
+ badarg = 1;
+# endif
+ } else
+ badarg = 1;
+
+ } else
+ badarg = 1;
+ args++;
+ }
+
+ if (badarg) {
+ BIO_printf(bio_err, "Usage: pkcs12 [options]\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-export output PKCS12 file\n");
+ BIO_printf(bio_err, "-chain add certificate chain\n");
+ BIO_printf(bio_err, "-inkey file private key if not infile\n");
+ BIO_printf(bio_err, "-certfile f add all certs in f\n");
+ BIO_printf(bio_err, "-CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err, "-CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err, "-name \"name\" use name as friendly name\n");
+ BIO_printf(bio_err,
+ "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
+ BIO_printf(bio_err, "-in infile input filename\n");
+ BIO_printf(bio_err, "-out outfile output filename\n");
+ BIO_printf(bio_err,
+ "-noout don't output anything, just verify.\n");
+ BIO_printf(bio_err, "-nomacver don't verify MAC.\n");
+ BIO_printf(bio_err, "-nocerts don't output certificates.\n");
+ BIO_printf(bio_err,
+ "-clcerts only output client certificates.\n");
+ BIO_printf(bio_err, "-cacerts only output CA certificates.\n");
+ BIO_printf(bio_err, "-nokeys don't output private keys.\n");
+ BIO_printf(bio_err,
+ "-info give info about PKCS#12 structure.\n");
+ BIO_printf(bio_err, "-des encrypt private keys with DES\n");
+ BIO_printf(bio_err,
+ "-des3 encrypt private keys with triple DES (default)\n");
+# ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err, "-idea encrypt private keys with idea\n");
+# endif
+# ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err, "-seed encrypt private keys with seed\n");
+# endif
+# ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc aes\n");
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc camellia\n");
+# endif
+ BIO_printf(bio_err, "-nodes don't encrypt private keys\n");
+ BIO_printf(bio_err, "-noiter don't use encryption iteration\n");
+ BIO_printf(bio_err, "-maciter use MAC iteration\n");
+ BIO_printf(bio_err,
+ "-twopass separate MAC, encryption passwords\n");
+ BIO_printf(bio_err,
+ "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+ BIO_printf(bio_err,
+ "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
+ BIO_printf(bio_err,
+ "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
+ BIO_printf(bio_err, "-keyex set MS key exchange type\n");
+ BIO_printf(bio_err, "-keysig set MS key signature type\n");
+ BIO_printf(bio_err,
+ "-password p set import/export password source\n");
+ BIO_printf(bio_err, "-passin p input file pass phrase source\n");
+ BIO_printf(bio_err, "-passout p output file pass phrase source\n");
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ "-engine e use engine e, possibly a hardware device.\n");
+# endif
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+ LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err,
+ " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err, "-CSP name Microsoft CSP name\n");
+ BIO_printf(bio_err,
+ "-LMK Add local machine keyset attribute to private key\n");
+ goto end;
+ }
+# ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+# endif
+
+ if (passarg) {
+ if (export_cert)
+ passargout = passarg;
+ else
+ passargin = passarg;
+ }
+
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
+ if (!cpass) {
+ if (export_cert)
+ cpass = passout;
+ else
+ cpass = passin;
+ }
+
+ if (cpass) {
+ mpass = cpass;
+ noprompt = 1;
+ } else {
+ cpass = pass;
+ mpass = macpass;
+ }
+
+ if (export_cert || inrand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+ ERR_load_crypto_strings();
+
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read files");
+# endif
+
+ if (!infile)
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+ else
+ in = BIO_new_file(infile, "rb");
+ if (!in) {
+ BIO_printf(bio_err, "Error opening input file %s\n",
+ infile ? infile : "<stdin>");
+ perror(infile);
+ goto end;
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("write files");
+# endif
+
+ if (!outfile) {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ } else
+ out = BIO_new_file(outfile, "wb");
+ if (!out) {
+ BIO_printf(bio_err, "Error opening output file %s\n",
+ outfile ? outfile : "<stdout>");
+ perror(outfile);
+ goto end;
+ }
+ if (twopass) {
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read MAC password");
+# endif
+ if (EVP_read_pw_string
+ (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
+ BIO_printf(bio_err, "Can't read Password\n");
+ goto end;
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+# endif
+ }
+
+ if (export_cert) {
+ EVP_PKEY *key = NULL;
+ X509 *ucert = NULL, *x = NULL;
+ STACK_OF(X509) *certs = NULL;
+ unsigned char *catmp = NULL;
+ int i;
+
+ if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
+ BIO_printf(bio_err, "Nothing to do!\n");
+ goto export_end;
+ }
+
+ if (options & NOCERTS)
+ chain = 0;
+
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("process -export_cert");
+ CRYPTO_push_info("reading private key");
+# endif
+ if (!(options & NOKEYS)) {
+ key = load_key(bio_err, keyname ? keyname : infile,
+ FORMAT_PEM, 1, passin, e, "private key");
+ if (!key)
+ goto export_end;
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading certs from input");
+# endif
+
+ /* Load in all certs in input file */
+ if (!(options & NOCERTS)) {
+ certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
+ "certificates");
+ if (!certs)
+ goto export_end;
+
+ if (key) {
+ /* Look for matching private key */
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ if (X509_check_private_key(x, key)) {
+ ucert = x;
+ /* Zero keyid and alias */
+ X509_keyid_set1(ucert, NULL, 0);
+ X509_alias_set1(ucert, NULL, 0);
+ /* Remove from list */
+ (void)sk_X509_delete(certs, i);
+ break;
+ }
+ }
+ if (!ucert) {
+ BIO_printf(bio_err,
+ "No certificate matches private key\n");
+ goto export_end;
+ }
+ }
+
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading certs from input 2");
+# endif
+
+ /* Add any more certificates asked for */
+ if (certfile) {
+ STACK_OF(X509) *morecerts = NULL;
+ if (!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+ NULL, e,
+ "certificates from certfile")))
+ goto export_end;
+ while (sk_X509_num(morecerts) > 0)
+ sk_X509_push(certs, sk_X509_shift(morecerts));
+ sk_X509_free(morecerts);
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading certs from certfile");
+# endif
+
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("building chain");
+# endif
+
+ /* If chaining get chain from user cert */
+ if (chain) {
+ int vret;
+ STACK_OF(X509) *chain2;
+ X509_STORE *store = X509_STORE_new();
+ if (!store) {
+ BIO_printf(bio_err, "Memory allocation error\n");
+ goto export_end;
+ }
+ if (!X509_STORE_load_locations(store, CAfile, CApath))
+ X509_STORE_set_default_paths(store);
+
+ vret = get_cert_chain(ucert, store, &chain2);
+ X509_STORE_free(store);
+
+ if (!vret) {
+ /* Exclude verified certificate */
+ for (i = 1; i < sk_X509_num(chain2); i++)
+ sk_X509_push(certs, sk_X509_value(chain2, i));
+ /* Free first certificate */
+ X509_free(sk_X509_value(chain2, 0));
+ sk_X509_free(chain2);
+ } else {
+ if (vret >= 0)
+ BIO_printf(bio_err, "Error %s getting chain.\n",
+ X509_verify_cert_error_string(vret));
+ else
+ ERR_print_errors(bio_err);
+ goto export_end;
+ }
+ }
+
+ /* Add any CA names */
+
+ for (i = 0; i < sk_num(canames); i++) {
+ catmp = (unsigned char *)sk_value(canames, i);
+ X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
+ }
+
+ if (csp_name && key)
+ EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
+ MBSTRING_ASC, (unsigned char *)csp_name,
+ -1);
+
+ if (add_lmk && key)
+ EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
+
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("reading password");
+# endif
+
+ if (!noprompt &&
+ EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
+ 1)) {
+ BIO_printf(bio_err, "Can't read Password\n");
+ goto export_end;
+ }
+ if (!twopass)
+ BUF_strlcpy(macpass, pass, sizeof macpass);
+
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("creating PKCS#12 structure");
+# endif
+
+ p12 = PKCS12_create(cpass, name, key, ucert, certs,
+ key_pbe, cert_pbe, iter, -1, keytype);
+
+ if (!p12) {
+ ERR_print_errors(bio_err);
+ goto export_end;
+ }
+
+ if (maciter != -1)
+ PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL);
+
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_push_info("writing pkcs12");
+# endif
+
+ i2d_PKCS12_bio(out, p12);
+
+ ret = 0;
+
+ export_end:
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+ CRYPTO_pop_info();
+ CRYPTO_push_info("process -export_cert: freeing");
+# endif
+
+ if (key)
+ EVP_PKEY_free(key);
+ if (certs)
+ sk_X509_pop_free(certs, X509_free);
+ if (ucert)
+ X509_free(ucert);
+
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+# endif
+ goto end;
+
+ }
+
+ if (!(p12 = d2i_PKCS12_bio(in, NULL))) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("read import password");
+# endif
+ if (!noprompt
+ && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
+ 0)) {
+ BIO_printf(bio_err, "Can't read Password\n");
+ goto end;
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+# endif
+
+ if (!twopass)
+ BUF_strlcpy(macpass, pass, sizeof macpass);
+
+ if ((options & INFO) && p12->mac)
+ BIO_printf(bio_err, "MAC Iteration %ld\n",
+ p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1);
+ if (macver) {
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("verify MAC");
+# endif
+ /* If we enter empty password try no password first */
+ if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+ /* If mac and crypto pass the same set it to NULL too */
+ if (!twopass)
+ cpass = NULL;
+ } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
+ BIO_printf(bio_err, "Mac verify error: invalid password?\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(bio_err, "MAC verified OK\n");
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+# endif
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("output keys and certificates");
+# endif
+ if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout)) {
+ BIO_printf(bio_err, "Error outputting keys and certificates\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+# endif
+ ret = 0;
+ end:
+ if (p12)
+ PKCS12_free(p12);
+ if (export_cert || inrand)
+ app_RAND_write_file(NULL, bio_err);
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_remove_all_info();
+# endif
+ BIO_free(in);
+ BIO_free_all(out);
+ if (canames)
+ sk_free(canames);
+ if (passin)
+ OPENSSL_free(passin);
+ if (passout)
+ OPENSSL_free(passout);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
+ int passlen, int options, char *pempass)
+{
+ STACK_OF(PKCS7) *asafes = NULL;
+ STACK_OF(PKCS12_SAFEBAG) *bags;
+ int i, bagnid;
+ int ret = 0;
+ PKCS7 *p7;
+
+ if (!(asafes = PKCS12_unpack_authsafes(p12)))
+ return 0;
+ for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+ p7 = sk_PKCS7_value(asafes, i);
+ bagnid = OBJ_obj2nid(p7->type);
+ if (bagnid == NID_pkcs7_data) {
+ bags = PKCS12_unpack_p7data(p7);
+ if (options & INFO)
+ BIO_printf(bio_err, "PKCS7 Data\n");
+ } else if (bagnid == NID_pkcs7_encrypted) {
+ if (options & INFO) {
+ BIO_printf(bio_err, "PKCS7 Encrypted data: ");
+ alg_print(bio_err, p7->d.encrypted->enc_data->algorithm);
+ }
+ bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+ } else
+ continue;
+ if (!bags)
+ goto err;
+ if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
+ options, pempass)) {
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ goto err;
+ }
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ bags = NULL;
+ }
+ ret = 1;
+
+ err:
+
+ if (asafes)
+ sk_PKCS7_pop_free(asafes, PKCS7_free);
+ return ret;
+}
+
+int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
+ char *pass, int passlen, int options, char *pempass)
+{
+ int i;
+ for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+ if (!dump_certs_pkeys_bag(out,
+ sk_PKCS12_SAFEBAG_value(bags, i),
+ pass, passlen, options, pempass))
+ return 0;
+ }
+ return 1;
+}
+
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
+ int passlen, int options, char *pempass)
+{
+ EVP_PKEY *pkey;
+ PKCS8_PRIV_KEY_INFO *p8;
+ X509 *x509;
+
+ switch (M_PKCS12_bag_type(bag)) {
+ case NID_keyBag:
+ if (options & INFO)
+ BIO_printf(bio_err, "Key bag\n");
+ if (options & NOKEYS)
+ return 1;
+ print_attribs(out, bag->attrib, "Bag Attributes");
+ p8 = bag->value.keybag;
+ if (!(pkey = EVP_PKCS82PKEY(p8)))
+ return 0;
+ print_attribs(out, p8->attributes, "Key Attributes");
+ PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
+ EVP_PKEY_free(pkey);
+ break;
+
+ case NID_pkcs8ShroudedKeyBag:
+ if (options & INFO) {
+ BIO_printf(bio_err, "Shrouded Keybag: ");
+ alg_print(bio_err, bag->value.shkeybag->algor);
+ }
+ if (options & NOKEYS)
+ return 1;
+ print_attribs(out, bag->attrib, "Bag Attributes");
+ if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
+ return 0;
+ if (!(pkey = EVP_PKCS82PKEY(p8))) {
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ return 0;
+ }
+ print_attribs(out, p8->attributes, "Key Attributes");
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
+ EVP_PKEY_free(pkey);
+ break;
+
+ case NID_certBag:
+ if (options & INFO)
+ BIO_printf(bio_err, "Certificate bag\n");
+ if (options & NOCERTS)
+ return 1;
+ if (PKCS12_get_attr(bag, NID_localKeyID)) {
+ if (options & CACERTS)
+ return 1;
+ } else if (options & CLCERTS)
+ return 1;
+ print_attribs(out, bag->attrib, "Bag Attributes");
+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+ return 1;
+ if (!(x509 = PKCS12_certbag2x509(bag)))
+ return 0;
+ dump_cert_text(out, x509);
+ PEM_write_bio_X509(out, x509);
+ X509_free(x509);
+ break;
+
+ case NID_safeContentsBag:
+ if (options & INFO)
+ BIO_printf(bio_err, "Safe Contents bag\n");
+ print_attribs(out, bag->attrib, "Bag Attributes");
+ return dump_certs_pkeys_bags(out, bag->value.safes, pass,
+ passlen, options, pempass);
+
+ default:
+ BIO_printf(bio_err, "Warning unsupported bag type: ");
+ i2a_ASN1_OBJECT(bio_err, bag->type);
+ BIO_printf(bio_err, "\n");
+ return 1;
+ break;
+ }
+ return 1;
+}
+
+/* Given a single certificate return a verified chain or NULL if error */
+
+/* Hope this is OK .... */
+
+int get_cert_chain(X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
+{
+ X509_STORE_CTX store_ctx;
+ STACK_OF(X509) *chn;
+ int i = 0;
+
+ /*
+ * FIXME: Should really check the return status of X509_STORE_CTX_init
+ * for an error, but how that fits into the return value of this function
+ * is less obvious.
+ */
+ X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
+ if (X509_verify_cert(&store_ctx) <= 0) {
+ i = X509_STORE_CTX_get_error(&store_ctx);
+ if (i == 0)
+ /*
+ * avoid returning 0 if X509_verify_cert() did not set an
+ * appropriate error value in the context
+ */
+ i = -1;
+ chn = NULL;
+ goto err;
+ } else
+ chn = X509_STORE_CTX_get1_chain(&store_ctx);
+ err:
+ X509_STORE_CTX_cleanup(&store_ctx);
+ *chain = chn;
+
+ return i;
+}
+
+int alg_print(BIO *x, X509_ALGOR *alg)
+{
+ PBEPARAM *pbe;
+ const unsigned char *p;
+ p = alg->parameter->value.sequence->data;
+ pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+ if (!pbe)
+ return 1;
+ BIO_printf(bio_err, "%s, Iteration %ld\n",
+ OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
+ ASN1_INTEGER_get(pbe->iter));
+ PBEPARAM_free(pbe);
+ return 1;
+}
+
+/* Load all certificates from a given file */
+
+int cert_load(BIO *in, STACK_OF(X509) *sk)
+{
+ int ret;
+ X509 *cert;
+ ret = 0;
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("cert_load(): reading one cert");
+# endif
+ while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+# endif
+ ret = 1;
+ sk_X509_push(sk, cert);
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_push_info("cert_load(): reading one cert");
+# endif
+ }
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_pop_info();
+# endif
+ if (ret)
+ ERR_clear_error();
+ return ret;
+}
+
+/* Generalised attribute print: handle PKCS#8 and bag attributes */
+
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
+ const char *name)
+{
+ X509_ATTRIBUTE *attr;
+ ASN1_TYPE *av;
+ char *value;
+ int i, attr_nid;
+ if (!attrlst) {
+ BIO_printf(out, "%s: <No Attributes>\n", name);
+ return 1;
+ }
+ if (!sk_X509_ATTRIBUTE_num(attrlst)) {
+ BIO_printf(out, "%s: <Empty Attributes>\n", name);
+ return 1;
+ }
+ BIO_printf(out, "%s\n", name);
+ for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
+ attr = sk_X509_ATTRIBUTE_value(attrlst, i);
+ attr_nid = OBJ_obj2nid(attr->object);
+ BIO_printf(out, " ");
+ if (attr_nid == NID_undef) {
+ i2a_ASN1_OBJECT(out, attr->object);
+ BIO_printf(out, ": ");
+ } else
+ BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+
+ if (sk_ASN1_TYPE_num(attr->value.set)) {
+ av = sk_ASN1_TYPE_value(attr->value.set, 0);
+ switch (av->type) {
+ case V_ASN1_BMPSTRING:
+ value = uni2asc(av->value.bmpstring->data,
+ av->value.bmpstring->length);
+ BIO_printf(out, "%s\n", value);
+ OPENSSL_free(value);
+ break;
+
+ case V_ASN1_OCTET_STRING:
+ hex_prin(out, av->value.octet_string->data,
+ av->value.octet_string->length);
+ BIO_printf(out, "\n");
+ break;
+
+ case V_ASN1_BIT_STRING:
+ hex_prin(out, av->value.bit_string->data,
+ av->value.bit_string->length);
+ BIO_printf(out, "\n");
+ break;
+
+ default:
+ BIO_printf(out, "<Unsupported tag %d>\n", av->type);
+ break;
+ }
+ } else
+ BIO_printf(out, "<No Values>\n");
+ }
+ return 1;
+}
+
+void hex_prin(BIO *out, unsigned char *buf, int len)
+{
+ int i;
+ for (i = 0; i < len; i++)
+ BIO_printf(out, "%02X ", buf[i]);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/pkcs7.c
===================================================================
--- vendor-crypto/openssl/dist/apps/pkcs7.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/pkcs7.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,315 +0,0 @@
-/* apps/pkcs7.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG pkcs7_main
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -print_certs
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- PKCS7 *p7=NULL;
- int i,badops=0;
- BIO *in=NULL,*out=NULL;
- int informat,outformat;
- char *infile,*outfile,*prog;
- int print_certs=0,text=0,noout=0;
- int ret=1;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-print_certs") == 0)
- print_certs=1;
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
- BIO_printf(bio_err," -text print full details of certificates\n");
- BIO_printf(bio_err," -noout don't output encoded data\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- ret = 1;
- goto end;
- }
-
- ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- if (in == NULL)
- {
- perror(infile);
- goto end;
- }
- }
-
- if (informat == FORMAT_ASN1)
- p7=d2i_PKCS7_bio(in,NULL);
- else if (informat == FORMAT_PEM)
- p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
- else
- {
- BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
- goto end;
- }
- if (p7 == NULL)
- {
- BIO_printf(bio_err,"unable to load PKCS7 object\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (print_certs)
- {
- STACK_OF(X509) *certs=NULL;
- STACK_OF(X509_CRL) *crls=NULL;
-
- i=OBJ_obj2nid(p7->type);
- switch (i)
- {
- case NID_pkcs7_signed:
- certs=p7->d.sign->cert;
- crls=p7->d.sign->crl;
- break;
- case NID_pkcs7_signedAndEnveloped:
- certs=p7->d.signed_and_enveloped->cert;
- crls=p7->d.signed_and_enveloped->crl;
- break;
- default:
- break;
- }
-
- if (certs != NULL)
- {
- X509 *x;
-
- for (i=0; i<sk_X509_num(certs); i++)
- {
- x=sk_X509_value(certs,i);
- if(text) X509_print(out, x);
- else dump_cert_text(out, x);
-
- if(!noout) PEM_write_bio_X509(out,x);
- BIO_puts(out,"\n");
- }
- }
- if (crls != NULL)
- {
- X509_CRL *crl;
-
- for (i=0; i<sk_X509_CRL_num(crls); i++)
- {
- crl=sk_X509_CRL_value(crls,i);
-
- X509_CRL_print(out, crl);
-
- if(!noout)PEM_write_bio_X509_CRL(out,crl);
- BIO_puts(out,"\n");
- }
- }
-
- ret=0;
- goto end;
- }
-
- if(!noout) {
- if (outformat == FORMAT_ASN1)
- i=i2d_PKCS7_bio(out,p7);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_PKCS7(out,p7);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
-
- if (!i)
- {
- BIO_printf(bio_err,"unable to write pkcs7 object\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- ret=0;
-end:
- if (p7 != NULL) PKCS7_free(p7);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/pkcs7.c (from rev 6976, vendor-crypto/openssl/dist/apps/pkcs7.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/pkcs7.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/pkcs7.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,303 @@
+/* apps/pkcs7.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG pkcs7_main
+
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -print_certs
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ PKCS7 *p7 = NULL;
+ int i, badops = 0;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat;
+ char *infile, *outfile, *prog;
+ int print_certs = 0, text = 0, noout = 0;
+ int ret = 1;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-print_certs") == 0)
+ print_certs = 1;
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+#endif
+ else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err,
+ " -print_certs print any certs or crl in the input\n");
+ BIO_printf(bio_err,
+ " -text print full details of certificates\n");
+ BIO_printf(bio_err, " -noout don't output encoded data\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine e use engine e, possibly a hardware device.\n");
+#endif
+ ret = 1;
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0)
+ if (in == NULL) {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ p7 = d2i_PKCS7_bio(in, NULL);
+ else if (informat == FORMAT_PEM)
+ p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+ else {
+ BIO_printf(bio_err, "bad input format specified for pkcs7 object\n");
+ goto end;
+ }
+ if (p7 == NULL) {
+ BIO_printf(bio_err, "unable to load PKCS7 object\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (print_certs) {
+ STACK_OF(X509) *certs = NULL;
+ STACK_OF(X509_CRL) *crls = NULL;
+
+ i = OBJ_obj2nid(p7->type);
+ switch (i) {
+ case NID_pkcs7_signed:
+ certs = p7->d.sign->cert;
+ crls = p7->d.sign->crl;
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ certs = p7->d.signed_and_enveloped->cert;
+ crls = p7->d.signed_and_enveloped->crl;
+ break;
+ default:
+ break;
+ }
+
+ if (certs != NULL) {
+ X509 *x;
+
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ if (text)
+ X509_print(out, x);
+ else
+ dump_cert_text(out, x);
+
+ if (!noout)
+ PEM_write_bio_X509(out, x);
+ BIO_puts(out, "\n");
+ }
+ }
+ if (crls != NULL) {
+ X509_CRL *crl;
+
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+ crl = sk_X509_CRL_value(crls, i);
+
+ X509_CRL_print(out, crl);
+
+ if (!noout)
+ PEM_write_bio_X509_CRL(out, crl);
+ BIO_puts(out, "\n");
+ }
+ }
+
+ ret = 0;
+ goto end;
+ }
+
+ if (!noout) {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_PKCS7_bio(out, p7);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_PKCS7(out, p7);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+
+ if (!i) {
+ BIO_printf(bio_err, "unable to write pkcs7 object\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ ret = 0;
+ end:
+ if (p7 != NULL)
+ PKCS7_free(p7);
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free_all(out);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/pkcs8.c
===================================================================
--- vendor-crypto/openssl/dist/apps/pkcs8.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/pkcs8.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,460 +0,0 @@
-/* pkcs8.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999-2004.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pkcs12.h>
-
-#define PROG pkcs8_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- char **args, *infile = NULL, *outfile = NULL;
- char *passargin = NULL, *passargout = NULL;
- BIO *in = NULL, *out = NULL;
- int topk8 = 0;
- int pbe_nid = -1;
- const EVP_CIPHER *cipher = NULL;
- int iter = PKCS12_DEFAULT_ITER;
- int informat, outformat;
- int p8_broken = PKCS8_OK;
- int nocrypt = 0;
- X509_SIG *p8;
- PKCS8_PRIV_KEY_INFO *p8inf;
- EVP_PKEY *pkey=NULL;
- char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
- int badarg = 0;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
- args = argv + 1;
- while (!badarg && *args && *args[0] == '-')
- {
- if (!strcmp(*args,"-v2"))
- {
- if (args[1])
- {
- args++;
- cipher=EVP_get_cipherbyname(*args);
- if (!cipher)
- {
- BIO_printf(bio_err,
- "Unknown cipher %s\n", *args);
- badarg = 1;
- }
- }
- else
- badarg = 1;
- }
- else if (!strcmp(*args,"-v1"))
- {
- if (args[1])
- {
- args++;
- pbe_nid=OBJ_txt2nid(*args);
- if (pbe_nid == NID_undef)
- {
- BIO_printf(bio_err,
- "Unknown PBE algorithm %s\n", *args);
- badarg = 1;
- }
- }
- else
- badarg = 1;
- }
- else if (!strcmp(*args,"-inform"))
- {
- if (args[1])
- {
- args++;
- informat=str2fmt(*args);
- }
- else badarg = 1;
- }
- else if (!strcmp(*args,"-outform"))
- {
- if (args[1])
- {
- args++;
- outformat=str2fmt(*args);
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-topk8"))
- topk8 = 1;
- else if (!strcmp (*args, "-noiter"))
- iter = 1;
- else if (!strcmp (*args, "-nocrypt"))
- nocrypt = 1;
- else if (!strcmp (*args, "-nooct"))
- p8_broken = PKCS8_NO_OCTET;
- else if (!strcmp (*args, "-nsdb"))
- p8_broken = PKCS8_NS_DB;
- else if (!strcmp (*args, "-embed"))
- p8_broken = PKCS8_EMBEDDED_PARAM;
- else if (!strcmp(*args,"-passin"))
- {
- if (!args[1]) goto bad;
- passargin= *(++args);
- }
- else if (!strcmp(*args,"-passout"))
- {
- if (!args[1]) goto bad;
- passargout= *(++args);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*args,"-engine") == 0)
- {
- if (!args[1]) goto bad;
- engine= *(++args);
- }
-#endif
- else if (!strcmp (*args, "-in"))
- {
- if (args[1])
- {
- args++;
- infile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-out"))
- {
- if (args[1])
- {
- args++;
- outfile = *args;
- }
- else badarg = 1;
- }
- else badarg = 1;
- args++;
- }
-
- if (badarg)
- {
- bad:
- BIO_printf(bio_err, "Usage pkcs8 [options]\n");
- BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, "-in file input file\n");
- BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
- BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
- BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
- BIO_printf(bio_err, "-out file output file\n");
- BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
- BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
- BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n");
- BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n");
- BIO_printf(bio_err, "-nsdb use (nonstandard) DSA Netscape DB format\n");
- BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
- BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
- BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
- BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- return 1;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
- {
- BIO_printf(bio_err, "Error getting passwords\n");
- return 1;
- }
-
- if ((pbe_nid == -1) && !cipher)
- pbe_nid = NID_pbeWithMD5AndDES_CBC;
-
- if (infile)
- {
- if (!(in = BIO_new_file(infile, "rb")))
- {
- BIO_printf(bio_err,
- "Can't open input file %s\n", infile);
- return (1);
- }
- }
- else
- in = BIO_new_fp (stdin, BIO_NOCLOSE);
-
- if (outfile)
- {
- if (!(out = BIO_new_file (outfile, "wb")))
- {
- BIO_printf(bio_err,
- "Can't open output file %s\n", outfile);
- return (1);
- }
- }
- else
- {
- out = BIO_new_fp (stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- if (topk8)
- {
- BIO_free(in); /* Not needed in this section */
- pkey = load_key(bio_err, infile, informat, 1,
- passin, e, "key");
- if (!pkey)
- {
- BIO_free_all(out);
- return 1;
- }
- if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
- {
- BIO_printf(bio_err, "Error converting key\n");
- ERR_print_errors(bio_err);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return 1;
- }
- if (nocrypt)
- {
- if (outformat == FORMAT_PEM)
- PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
- else if (outformat == FORMAT_ASN1)
- i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
- else
- {
- BIO_printf(bio_err, "Bad format specified for key\n");
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return (1);
- }
- }
- else
- {
- if (passout)
- p8pass = passout;
- else
- {
- p8pass = pass;
- if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
- {
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return (1);
- }
- }
- app_RAND_load_file(NULL, bio_err, 0);
- if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
- p8pass, strlen(p8pass),
- NULL, 0, iter, p8inf)))
- {
- BIO_printf(bio_err, "Error encrypting key\n");
- ERR_print_errors(bio_err);
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return (1);
- }
- app_RAND_write_file(NULL, bio_err);
- if (outformat == FORMAT_PEM)
- PEM_write_bio_PKCS8(out, p8);
- else if (outformat == FORMAT_ASN1)
- i2d_PKCS8_bio(out, p8);
- else
- {
- BIO_printf(bio_err, "Bad format specified for key\n");
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return (1);
- }
- X509_SIG_free(p8);
- }
-
- PKCS8_PRIV_KEY_INFO_free (p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- if (passin)
- OPENSSL_free(passin);
- if (passout)
- OPENSSL_free(passout);
- return (0);
- }
-
- if (nocrypt)
- {
- if (informat == FORMAT_PEM)
- p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
- else if (informat == FORMAT_ASN1)
- p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
- else
- {
- BIO_printf(bio_err, "Bad format specified for key\n");
- return (1);
- }
- }
- else
- {
- if (informat == FORMAT_PEM)
- p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
- else if (informat == FORMAT_ASN1)
- p8 = d2i_PKCS8_bio(in, NULL);
- else
- {
- BIO_printf(bio_err, "Bad format specified for key\n");
- return (1);
- }
-
- if (!p8)
- {
- BIO_printf (bio_err, "Error reading key\n");
- ERR_print_errors(bio_err);
- return (1);
- }
- if (passin)
- p8pass = passin;
- else
- {
- p8pass = pass;
- EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
- }
- p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
- X509_SIG_free(p8);
- }
-
- if (!p8inf)
- {
- BIO_printf(bio_err, "Error decrypting key\n");
- ERR_print_errors(bio_err);
- return (1);
- }
-
- if (!(pkey = EVP_PKCS82PKEY(p8inf)))
- {
- BIO_printf(bio_err, "Error converting key\n");
- ERR_print_errors(bio_err);
- return (1);
- }
-
- if (p8inf->broken)
- {
- BIO_printf(bio_err, "Warning: broken key encoding: ");
- switch (p8inf->broken)
- {
- case PKCS8_NO_OCTET:
- BIO_printf(bio_err, "No Octet String in PrivateKey\n");
- break;
-
- case PKCS8_EMBEDDED_PARAM:
- BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
- break;
-
- case PKCS8_NS_DB:
- BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
- break;
-
- default:
- BIO_printf(bio_err, "Unknown broken type\n");
- break;
- }
- }
-
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- if (outformat == FORMAT_PEM)
- PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
- else if (outformat == FORMAT_ASN1)
- i2d_PrivateKey_bio(out, pkey);
- else
- {
- BIO_printf(bio_err, "Bad format specified for key\n");
- return (1);
- }
-
- end:
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- BIO_free(in);
- if (passin)
- OPENSSL_free(passin);
- if (passout)
- OPENSSL_free(passout);
-
- return (0);
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/pkcs8.c (from rev 6976, vendor-crypto/openssl/dist/apps/pkcs8.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/pkcs8.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/pkcs8.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,411 @@
+/* pkcs8.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999-2004.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+
+#define PROG pkcs8_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ char **args, *infile = NULL, *outfile = NULL;
+ char *passargin = NULL, *passargout = NULL;
+ BIO *in = NULL, *out = NULL;
+ int topk8 = 0;
+ int pbe_nid = -1;
+ const EVP_CIPHER *cipher = NULL;
+ int iter = PKCS12_DEFAULT_ITER;
+ int informat, outformat;
+ int p8_broken = PKCS8_OK;
+ int nocrypt = 0;
+ X509_SIG *p8;
+ PKCS8_PRIV_KEY_INFO *p8inf;
+ EVP_PKEY *pkey = NULL;
+ char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
+ int badarg = 0;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ args = argv + 1;
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp(*args, "-v2")) {
+ if (args[1]) {
+ args++;
+ cipher = EVP_get_cipherbyname(*args);
+ if (!cipher) {
+ BIO_printf(bio_err, "Unknown cipher %s\n", *args);
+ badarg = 1;
+ }
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-v1")) {
+ if (args[1]) {
+ args++;
+ pbe_nid = OBJ_txt2nid(*args);
+ if (pbe_nid == NID_undef) {
+ BIO_printf(bio_err, "Unknown PBE algorithm %s\n", *args);
+ badarg = 1;
+ }
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-inform")) {
+ if (args[1]) {
+ args++;
+ informat = str2fmt(*args);
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-outform")) {
+ if (args[1]) {
+ args++;
+ outformat = str2fmt(*args);
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-topk8"))
+ topk8 = 1;
+ else if (!strcmp(*args, "-noiter"))
+ iter = 1;
+ else if (!strcmp(*args, "-nocrypt"))
+ nocrypt = 1;
+ else if (!strcmp(*args, "-nooct"))
+ p8_broken = PKCS8_NO_OCTET;
+ else if (!strcmp(*args, "-nsdb"))
+ p8_broken = PKCS8_NS_DB;
+ else if (!strcmp(*args, "-embed"))
+ p8_broken = PKCS8_EMBEDDED_PARAM;
+ else if (!strcmp(*args, "-passin")) {
+ if (!args[1])
+ goto bad;
+ passargin = *(++args);
+ } else if (!strcmp(*args, "-passout")) {
+ if (!args[1])
+ goto bad;
+ passargout = *(++args);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*args, "-engine") == 0) {
+ if (!args[1])
+ goto bad;
+ engine = *(++args);
+ }
+#endif
+ else if (!strcmp(*args, "-in")) {
+ if (args[1]) {
+ args++;
+ infile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-out")) {
+ if (args[1]) {
+ args++;
+ outfile = *args;
+ } else
+ badarg = 1;
+ } else
+ badarg = 1;
+ args++;
+ }
+
+ if (badarg) {
+ bad:
+ BIO_printf(bio_err, "Usage pkcs8 [options]\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
+ BIO_printf(bio_err,
+ "-passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err,
+ "-passout arg output file pass phrase source\n");
+ BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
+ BIO_printf(bio_err,
+ "-nooct use (nonstandard) no octet format\n");
+ BIO_printf(bio_err,
+ "-embed use (nonstandard) embedded DSA parameters format\n");
+ BIO_printf(bio_err,
+ "-nsdb use (nonstandard) DSA Netscape DB format\n");
+ BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
+ BIO_printf(bio_err,
+ "-nocrypt use or expect unencrypted private key\n");
+ BIO_printf(bio_err,
+ "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
+ BIO_printf(bio_err,
+ "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine e use engine e, possibly a hardware device.\n");
+#endif
+ return 1;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ return 1;
+ }
+
+ if ((pbe_nid == -1) && !cipher)
+ pbe_nid = NID_pbeWithMD5AndDES_CBC;
+
+ if (infile) {
+ if (!(in = BIO_new_file(infile, "rb"))) {
+ BIO_printf(bio_err, "Can't open input file %s\n", infile);
+ return (1);
+ }
+ } else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, "wb"))) {
+ BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+ return (1);
+ }
+ } else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ if (topk8) {
+ BIO_free(in); /* Not needed in this section */
+ pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
+ if (!pkey) {
+ BIO_free_all(out);
+ return 1;
+ }
+ if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
+ BIO_printf(bio_err, "Error converting key\n");
+ ERR_print_errors(bio_err);
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ return 1;
+ }
+ if (nocrypt) {
+ if (outformat == FORMAT_PEM)
+ PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
+ else if (outformat == FORMAT_ASN1)
+ i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
+ else {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ return (1);
+ }
+ } else {
+ if (passout)
+ p8pass = passout;
+ else {
+ p8pass = pass;
+ if (EVP_read_pw_string
+ (pass, sizeof pass, "Enter Encryption Password:", 1)) {
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ return (1);
+ }
+ }
+ app_RAND_load_file(NULL, bio_err, 0);
+ if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+ p8pass, strlen(p8pass),
+ NULL, 0, iter, p8inf))) {
+ BIO_printf(bio_err, "Error encrypting key\n");
+ ERR_print_errors(bio_err);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ return (1);
+ }
+ app_RAND_write_file(NULL, bio_err);
+ if (outformat == FORMAT_PEM)
+ PEM_write_bio_PKCS8(out, p8);
+ else if (outformat == FORMAT_ASN1)
+ i2d_PKCS8_bio(out, p8);
+ else {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ return (1);
+ }
+ X509_SIG_free(p8);
+ }
+
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ if (passin)
+ OPENSSL_free(passin);
+ if (passout)
+ OPENSSL_free(passout);
+ return (0);
+ }
+
+ if (nocrypt) {
+ if (informat == FORMAT_PEM)
+ p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
+ else if (informat == FORMAT_ASN1)
+ p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
+ else {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ return (1);
+ }
+ } else {
+ if (informat == FORMAT_PEM)
+ p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
+ else if (informat == FORMAT_ASN1)
+ p8 = d2i_PKCS8_bio(in, NULL);
+ else {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ return (1);
+ }
+
+ if (!p8) {
+ BIO_printf(bio_err, "Error reading key\n");
+ ERR_print_errors(bio_err);
+ return (1);
+ }
+ if (passin)
+ p8pass = passin;
+ else {
+ p8pass = pass;
+ EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
+ }
+ p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
+ X509_SIG_free(p8);
+ }
+
+ if (!p8inf) {
+ BIO_printf(bio_err, "Error decrypting key\n");
+ ERR_print_errors(bio_err);
+ return (1);
+ }
+
+ if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
+ BIO_printf(bio_err, "Error converting key\n");
+ ERR_print_errors(bio_err);
+ return (1);
+ }
+
+ if (p8inf->broken) {
+ BIO_printf(bio_err, "Warning: broken key encoding: ");
+ switch (p8inf->broken) {
+ case PKCS8_NO_OCTET:
+ BIO_printf(bio_err, "No Octet String in PrivateKey\n");
+ break;
+
+ case PKCS8_EMBEDDED_PARAM:
+ BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
+ break;
+
+ case PKCS8_NS_DB:
+ BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
+ break;
+
+ default:
+ BIO_printf(bio_err, "Unknown broken type\n");
+ break;
+ }
+ }
+
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ if (outformat == FORMAT_PEM)
+ PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
+ else if (outformat == FORMAT_ASN1)
+ i2d_PrivateKey_bio(out, pkey);
+ else {
+ BIO_printf(bio_err, "Bad format specified for key\n");
+ return (1);
+ }
+
+ end:
+ EVP_PKEY_free(pkey);
+ BIO_free_all(out);
+ BIO_free(in);
+ if (passin)
+ OPENSSL_free(passin);
+ if (passout)
+ OPENSSL_free(passout);
+
+ return (0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/prime.c
===================================================================
--- vendor-crypto/openssl/dist/apps/prime.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/prime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,130 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-
-#include "apps.h"
-#include <openssl/bn.h>
-
-
-#undef PROG
-#define PROG prime_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int hex=0;
- int checks=20;
- BIGNUM *bn=NULL;
- BIO *bio_out;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- --argc;
- ++argv;
- while (argc >= 1 && **argv == '-')
- {
- if(!strcmp(*argv,"-hex"))
- hex=1;
- else if(!strcmp(*argv,"-checks"))
- if(--argc < 1)
- goto bad;
- else
- checks=atoi(*++argv);
- else
- {
- BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
- goto bad;
- }
- --argc;
- ++argv;
- }
-
- if (argv[0] == NULL)
- {
- BIO_printf(bio_err,"No prime specified\n");
- goto bad;
- }
-
- if ((bio_out=BIO_new(BIO_s_file())) != NULL)
- {
- BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- bio_out = BIO_push(tmpbio, bio_out);
- }
-#endif
- }
-
- if(hex)
- BN_hex2bn(&bn,argv[0]);
- else
- BN_dec2bn(&bn,argv[0]);
-
- BN_print(bio_out,bn);
- BIO_printf(bio_out," is %sprime\n",
- BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
-
- BN_free(bn);
- BIO_free_all(bio_out);
-
- return 0;
-
- bad:
- BIO_printf(bio_err,"options are\n");
- BIO_printf(bio_err,"%-14s hex\n","-hex");
- BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/prime.c (from rev 6976, vendor-crypto/openssl/dist/apps/prime.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/prime.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/prime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,125 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+
+#include "apps.h"
+#include <openssl/bn.h>
+
+#undef PROG
+#define PROG prime_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int hex = 0;
+ int checks = 20;
+ BIGNUM *bn = NULL;
+ BIO *bio_out;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ --argc;
+ ++argv;
+ while (argc >= 1 && **argv == '-') {
+ if (!strcmp(*argv, "-hex"))
+ hex = 1;
+ else if (!strcmp(*argv, "-checks"))
+ if (--argc < 1)
+ goto bad;
+ else
+ checks = atoi(*++argv);
+ else {
+ BIO_printf(bio_err, "Unknown option '%s'\n", *argv);
+ goto bad;
+ }
+ --argc;
+ ++argv;
+ }
+
+ if (argv[0] == NULL) {
+ BIO_printf(bio_err, "No prime specified\n");
+ goto bad;
+ }
+
+ if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
+ BIO_set_fp(bio_out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ bio_out = BIO_push(tmpbio, bio_out);
+ }
+#endif
+ }
+
+ if (hex)
+ BN_hex2bn(&bn, argv[0]);
+ else
+ BN_dec2bn(&bn, argv[0]);
+
+ BN_print(bio_out, bn);
+ BIO_printf(bio_out, " is %sprime\n",
+ BN_is_prime_ex(bn, checks, NULL, NULL) ? "" : "not ");
+
+ BN_free(bn);
+ BIO_free_all(bio_out);
+
+ return 0;
+
+ bad:
+ BIO_printf(bio_err, "options are\n");
+ BIO_printf(bio_err, "%-14s hex\n", "-hex");
+ BIO_printf(bio_err, "%-14s number of checks\n", "-checks <n>");
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/progs.h
===================================================================
--- vendor-crypto/openssl/dist/apps/progs.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/progs.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,343 +0,0 @@
-/* apps/progs.h */
-/* automatically generated by progs.pl for openssl.c */
-
-extern int verify_main(int argc,char *argv[]);
-extern int asn1parse_main(int argc,char *argv[]);
-extern int req_main(int argc,char *argv[]);
-extern int dgst_main(int argc,char *argv[]);
-extern int dh_main(int argc,char *argv[]);
-extern int dhparam_main(int argc,char *argv[]);
-extern int enc_main(int argc,char *argv[]);
-extern int passwd_main(int argc,char *argv[]);
-extern int gendh_main(int argc,char *argv[]);
-extern int errstr_main(int argc,char *argv[]);
-extern int ca_main(int argc,char *argv[]);
-extern int crl_main(int argc,char *argv[]);
-extern int rsa_main(int argc,char *argv[]);
-extern int rsautl_main(int argc,char *argv[]);
-extern int dsa_main(int argc,char *argv[]);
-extern int dsaparam_main(int argc,char *argv[]);
-extern int ec_main(int argc,char *argv[]);
-extern int ecparam_main(int argc,char *argv[]);
-extern int x509_main(int argc,char *argv[]);
-extern int genrsa_main(int argc,char *argv[]);
-extern int gendsa_main(int argc,char *argv[]);
-extern int s_server_main(int argc,char *argv[]);
-extern int s_client_main(int argc,char *argv[]);
-extern int speed_main(int argc,char *argv[]);
-extern int s_time_main(int argc,char *argv[]);
-extern int version_main(int argc,char *argv[]);
-extern int pkcs7_main(int argc,char *argv[]);
-extern int cms_main(int argc,char *argv[]);
-extern int crl2pkcs7_main(int argc,char *argv[]);
-extern int sess_id_main(int argc,char *argv[]);
-extern int ciphers_main(int argc,char *argv[]);
-extern int nseq_main(int argc,char *argv[]);
-extern int pkcs12_main(int argc,char *argv[]);
-extern int pkcs8_main(int argc,char *argv[]);
-extern int spkac_main(int argc,char *argv[]);
-extern int smime_main(int argc,char *argv[]);
-extern int rand_main(int argc,char *argv[]);
-extern int engine_main(int argc,char *argv[]);
-extern int ocsp_main(int argc,char *argv[]);
-extern int prime_main(int argc,char *argv[]);
-
-#define FUNC_TYPE_GENERAL 1
-#define FUNC_TYPE_MD 2
-#define FUNC_TYPE_CIPHER 3
-
-typedef struct {
- int type;
- const char *name;
- int (*func)(int argc,char *argv[]);
- } FUNCTION;
-
-FUNCTION functions[] = {
- {FUNC_TYPE_GENERAL,"verify",verify_main},
- {FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
- {FUNC_TYPE_GENERAL,"req",req_main},
- {FUNC_TYPE_GENERAL,"dgst",dgst_main},
-#ifndef OPENSSL_NO_DH
- {FUNC_TYPE_GENERAL,"dh",dh_main},
-#endif
-#ifndef OPENSSL_NO_DH
- {FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
-#endif
- {FUNC_TYPE_GENERAL,"enc",enc_main},
- {FUNC_TYPE_GENERAL,"passwd",passwd_main},
-#ifndef OPENSSL_NO_DH
- {FUNC_TYPE_GENERAL,"gendh",gendh_main},
-#endif
- {FUNC_TYPE_GENERAL,"errstr",errstr_main},
- {FUNC_TYPE_GENERAL,"ca",ca_main},
- {FUNC_TYPE_GENERAL,"crl",crl_main},
-#ifndef OPENSSL_NO_RSA
- {FUNC_TYPE_GENERAL,"rsa",rsa_main},
-#endif
-#ifndef OPENSSL_NO_RSA
- {FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
-#endif
-#ifndef OPENSSL_NO_DSA
- {FUNC_TYPE_GENERAL,"dsa",dsa_main},
-#endif
-#ifndef OPENSSL_NO_DSA
- {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
-#endif
-#ifndef OPENSSL_NO_EC
- {FUNC_TYPE_GENERAL,"ec",ec_main},
-#endif
-#ifndef OPENSSL_NO_EC
- {FUNC_TYPE_GENERAL,"ecparam",ecparam_main},
-#endif
- {FUNC_TYPE_GENERAL,"x509",x509_main},
-#ifndef OPENSSL_NO_RSA
- {FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
-#endif
-#ifndef OPENSSL_NO_DSA
- {FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
-#endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
- {FUNC_TYPE_GENERAL,"s_server",s_server_main},
-#endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
- {FUNC_TYPE_GENERAL,"s_client",s_client_main},
-#endif
-#ifndef OPENSSL_NO_SPEED
- {FUNC_TYPE_GENERAL,"speed",speed_main},
-#endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
- {FUNC_TYPE_GENERAL,"s_time",s_time_main},
-#endif
- {FUNC_TYPE_GENERAL,"version",version_main},
- {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
-#ifndef OPENSSL_NO_CMS
- {FUNC_TYPE_GENERAL,"cms",cms_main},
-#endif
- {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
- {FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
- {FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
-#endif
- {FUNC_TYPE_GENERAL,"nseq",nseq_main},
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
- {FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
-#endif
- {FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
- {FUNC_TYPE_GENERAL,"spkac",spkac_main},
- {FUNC_TYPE_GENERAL,"smime",smime_main},
- {FUNC_TYPE_GENERAL,"rand",rand_main},
-#ifndef OPENSSL_NO_ENGINE
- {FUNC_TYPE_GENERAL,"engine",engine_main},
-#endif
- {FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
- {FUNC_TYPE_GENERAL,"prime",prime_main},
-#ifndef OPENSSL_NO_MD2
- {FUNC_TYPE_MD,"md2",dgst_main},
-#endif
-#ifndef OPENSSL_NO_MD4
- {FUNC_TYPE_MD,"md4",dgst_main},
-#endif
-#ifndef OPENSSL_NO_MD5
- {FUNC_TYPE_MD,"md5",dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA
- {FUNC_TYPE_MD,"sha",dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA1
- {FUNC_TYPE_MD,"sha1",dgst_main},
-#endif
-#ifndef OPENSSL_NO_MDC2
- {FUNC_TYPE_MD,"mdc2",dgst_main},
-#endif
-#ifndef OPENSSL_NO_RMD160
- {FUNC_TYPE_MD,"rmd160",dgst_main},
-#endif
-#ifndef OPENSSL_NO_AES
- {FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
- {FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
- {FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
- {FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
- {FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
- {FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- {FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- {FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- {FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- {FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- {FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- {FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},
-#endif
- {FUNC_TYPE_CIPHER,"base64",enc_main},
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des3",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"desx",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
- {FUNC_TYPE_CIPHER,"idea",enc_main},
-#endif
-#ifndef OPENSSL_NO_SEED
- {FUNC_TYPE_CIPHER,"seed",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC4
- {FUNC_TYPE_CIPHER,"rc4",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC4
- {FUNC_TYPE_CIPHER,"rc4-40",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
- {FUNC_TYPE_CIPHER,"bf",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
- {FUNC_TYPE_CIPHER,"cast",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
- {FUNC_TYPE_CIPHER,"rc5",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede3",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
- {FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
- {FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
- {FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
- {FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_SEED
- {FUNC_TYPE_CIPHER,"seed-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_SEED
- {FUNC_TYPE_CIPHER,"seed-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_SEED
- {FUNC_TYPE_CIPHER,"seed-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_SEED
- {FUNC_TYPE_CIPHER,"seed-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
- {FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
- {FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
- {FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
- {FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
- {FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
- {FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
- {FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
- {FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
- {FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
- {FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
- {FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
- {FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
- {FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
-#endif
- {0,NULL,NULL}
- };
Copied: vendor-crypto/openssl/0.9.8zf/apps/progs.h (from rev 6976, vendor-crypto/openssl/dist/apps/progs.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/progs.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/progs.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,343 @@
+/* apps/progs.h */
+/* automatically generated by progs.pl for openssl.c */
+
+extern int verify_main(int argc, char *argv[]);
+extern int asn1parse_main(int argc, char *argv[]);
+extern int req_main(int argc, char *argv[]);
+extern int dgst_main(int argc, char *argv[]);
+extern int dh_main(int argc, char *argv[]);
+extern int dhparam_main(int argc, char *argv[]);
+extern int enc_main(int argc, char *argv[]);
+extern int passwd_main(int argc, char *argv[]);
+extern int gendh_main(int argc, char *argv[]);
+extern int errstr_main(int argc, char *argv[]);
+extern int ca_main(int argc, char *argv[]);
+extern int crl_main(int argc, char *argv[]);
+extern int rsa_main(int argc, char *argv[]);
+extern int rsautl_main(int argc, char *argv[]);
+extern int dsa_main(int argc, char *argv[]);
+extern int dsaparam_main(int argc, char *argv[]);
+extern int ec_main(int argc, char *argv[]);
+extern int ecparam_main(int argc, char *argv[]);
+extern int x509_main(int argc, char *argv[]);
+extern int genrsa_main(int argc, char *argv[]);
+extern int gendsa_main(int argc, char *argv[]);
+extern int s_server_main(int argc, char *argv[]);
+extern int s_client_main(int argc, char *argv[]);
+extern int speed_main(int argc, char *argv[]);
+extern int s_time_main(int argc, char *argv[]);
+extern int version_main(int argc, char *argv[]);
+extern int pkcs7_main(int argc, char *argv[]);
+extern int cms_main(int argc, char *argv[]);
+extern int crl2pkcs7_main(int argc, char *argv[]);
+extern int sess_id_main(int argc, char *argv[]);
+extern int ciphers_main(int argc, char *argv[]);
+extern int nseq_main(int argc, char *argv[]);
+extern int pkcs12_main(int argc, char *argv[]);
+extern int pkcs8_main(int argc, char *argv[]);
+extern int spkac_main(int argc, char *argv[]);
+extern int smime_main(int argc, char *argv[]);
+extern int rand_main(int argc, char *argv[]);
+extern int engine_main(int argc, char *argv[]);
+extern int ocsp_main(int argc, char *argv[]);
+extern int prime_main(int argc, char *argv[]);
+
+#define FUNC_TYPE_GENERAL 1
+#define FUNC_TYPE_MD 2
+#define FUNC_TYPE_CIPHER 3
+
+typedef struct {
+ int type;
+ const char *name;
+ int (*func) (int argc, char *argv[]);
+} FUNCTION;
+
+FUNCTION functions[] = {
+ {FUNC_TYPE_GENERAL, "verify", verify_main},
+ {FUNC_TYPE_GENERAL, "asn1parse", asn1parse_main},
+ {FUNC_TYPE_GENERAL, "req", req_main},
+ {FUNC_TYPE_GENERAL, "dgst", dgst_main},
+#ifndef OPENSSL_NO_DH
+ {FUNC_TYPE_GENERAL, "dh", dh_main},
+#endif
+#ifndef OPENSSL_NO_DH
+ {FUNC_TYPE_GENERAL, "dhparam", dhparam_main},
+#endif
+ {FUNC_TYPE_GENERAL, "enc", enc_main},
+ {FUNC_TYPE_GENERAL, "passwd", passwd_main},
+#ifndef OPENSSL_NO_DH
+ {FUNC_TYPE_GENERAL, "gendh", gendh_main},
+#endif
+ {FUNC_TYPE_GENERAL, "errstr", errstr_main},
+ {FUNC_TYPE_GENERAL, "ca", ca_main},
+ {FUNC_TYPE_GENERAL, "crl", crl_main},
+#ifndef OPENSSL_NO_RSA
+ {FUNC_TYPE_GENERAL, "rsa", rsa_main},
+#endif
+#ifndef OPENSSL_NO_RSA
+ {FUNC_TYPE_GENERAL, "rsautl", rsautl_main},
+#endif
+#ifndef OPENSSL_NO_DSA
+ {FUNC_TYPE_GENERAL, "dsa", dsa_main},
+#endif
+#ifndef OPENSSL_NO_DSA
+ {FUNC_TYPE_GENERAL, "dsaparam", dsaparam_main},
+#endif
+#ifndef OPENSSL_NO_EC
+ {FUNC_TYPE_GENERAL, "ec", ec_main},
+#endif
+#ifndef OPENSSL_NO_EC
+ {FUNC_TYPE_GENERAL, "ecparam", ecparam_main},
+#endif
+ {FUNC_TYPE_GENERAL, "x509", x509_main},
+#ifndef OPENSSL_NO_RSA
+ {FUNC_TYPE_GENERAL, "genrsa", genrsa_main},
+#endif
+#ifndef OPENSSL_NO_DSA
+ {FUNC_TYPE_GENERAL, "gendsa", gendsa_main},
+#endif
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+ {FUNC_TYPE_GENERAL, "s_server", s_server_main},
+#endif
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+ {FUNC_TYPE_GENERAL, "s_client", s_client_main},
+#endif
+#ifndef OPENSSL_NO_SPEED
+ {FUNC_TYPE_GENERAL, "speed", speed_main},
+#endif
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+ {FUNC_TYPE_GENERAL, "s_time", s_time_main},
+#endif
+ {FUNC_TYPE_GENERAL, "version", version_main},
+ {FUNC_TYPE_GENERAL, "pkcs7", pkcs7_main},
+#ifndef OPENSSL_NO_CMS
+ {FUNC_TYPE_GENERAL, "cms", cms_main},
+#endif
+ {FUNC_TYPE_GENERAL, "crl2pkcs7", crl2pkcs7_main},
+ {FUNC_TYPE_GENERAL, "sess_id", sess_id_main},
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+ {FUNC_TYPE_GENERAL, "ciphers", ciphers_main},
+#endif
+ {FUNC_TYPE_GENERAL, "nseq", nseq_main},
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+ {FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main},
+#endif
+ {FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main},
+ {FUNC_TYPE_GENERAL, "spkac", spkac_main},
+ {FUNC_TYPE_GENERAL, "smime", smime_main},
+ {FUNC_TYPE_GENERAL, "rand", rand_main},
+#ifndef OPENSSL_NO_ENGINE
+ {FUNC_TYPE_GENERAL, "engine", engine_main},
+#endif
+ {FUNC_TYPE_GENERAL, "ocsp", ocsp_main},
+ {FUNC_TYPE_GENERAL, "prime", prime_main},
+#ifndef OPENSSL_NO_MD2
+ {FUNC_TYPE_MD, "md2", dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD4
+ {FUNC_TYPE_MD, "md4", dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD5
+ {FUNC_TYPE_MD, "md5", dgst_main},
+#endif
+#ifndef OPENSSL_NO_SHA
+ {FUNC_TYPE_MD, "sha", dgst_main},
+#endif
+#ifndef OPENSSL_NO_SHA1
+ {FUNC_TYPE_MD, "sha1", dgst_main},
+#endif
+#ifndef OPENSSL_NO_MDC2
+ {FUNC_TYPE_MD, "mdc2", dgst_main},
+#endif
+#ifndef OPENSSL_NO_RMD160
+ {FUNC_TYPE_MD, "rmd160", dgst_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER, "aes-128-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER, "aes-192-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER, "aes-192-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER, "aes-256-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+ {FUNC_TYPE_CIPHER, "aes-256-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ {FUNC_TYPE_CIPHER, "camellia-128-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ {FUNC_TYPE_CIPHER, "camellia-128-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ {FUNC_TYPE_CIPHER, "camellia-192-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ {FUNC_TYPE_CIPHER, "camellia-192-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ {FUNC_TYPE_CIPHER, "camellia-256-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ {FUNC_TYPE_CIPHER, "camellia-256-ecb", enc_main},
+#endif
+ {FUNC_TYPE_CIPHER, "base64", enc_main},
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des3", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "desx", enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+ {FUNC_TYPE_CIPHER, "idea", enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER, "seed", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC4
+ {FUNC_TYPE_CIPHER, "rc4", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC4
+ {FUNC_TYPE_CIPHER, "rc4-40", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER, "rc2", enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+ {FUNC_TYPE_CIPHER, "bf", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+ {FUNC_TYPE_CIPHER, "cast", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+ {FUNC_TYPE_CIPHER, "rc5", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des-ede", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des-ede3", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des-ede-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des-ede3-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des-ede-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des-ede3-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des-ede-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_DES
+ {FUNC_TYPE_CIPHER, "des-ede3-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+ {FUNC_TYPE_CIPHER, "idea-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+ {FUNC_TYPE_CIPHER, "idea-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+ {FUNC_TYPE_CIPHER, "idea-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_IDEA
+ {FUNC_TYPE_CIPHER, "idea-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER, "seed-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER, "seed-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER, "seed-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_SEED
+ {FUNC_TYPE_CIPHER, "seed-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER, "rc2-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER, "rc2-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER, "rc2-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER, "rc2-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER, "rc2-64-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+ {FUNC_TYPE_CIPHER, "rc2-40-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+ {FUNC_TYPE_CIPHER, "bf-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+ {FUNC_TYPE_CIPHER, "bf-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+ {FUNC_TYPE_CIPHER, "bf-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
+ {FUNC_TYPE_CIPHER, "bf-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+ {FUNC_TYPE_CIPHER, "cast5-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+ {FUNC_TYPE_CIPHER, "cast5-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+ {FUNC_TYPE_CIPHER, "cast5-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+ {FUNC_TYPE_CIPHER, "cast5-ofb", enc_main},
+#endif
+#ifndef OPENSSL_NO_CAST
+ {FUNC_TYPE_CIPHER, "cast-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+ {FUNC_TYPE_CIPHER, "rc5-cbc", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+ {FUNC_TYPE_CIPHER, "rc5-ecb", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+ {FUNC_TYPE_CIPHER, "rc5-cfb", enc_main},
+#endif
+#ifndef OPENSSL_NO_RC5
+ {FUNC_TYPE_CIPHER, "rc5-ofb", enc_main},
+#endif
+ {0, NULL, NULL}
+};
Deleted: vendor-crypto/openssl/0.9.8zf/apps/rand.c
===================================================================
--- vendor-crypto/openssl/dist/apps/rand.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/rand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,245 +0,0 @@
-/* apps/rand.c */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "apps.h"
-
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-#undef PROG
-#define PROG rand_main
-
-/* -out file - write to file
- * -rand file:file - PRNG seed files
- * -base64 - base64 encode output
- * -hex - hex encode output
- * num - write 'num' bytes
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int i, r, ret = 1;
- int badopt;
- char *outfile = NULL;
- char *inrand = NULL;
- int base64 = 0;
- int hex = 0;
- BIO *out = NULL;
- int num = -1;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto err;
-
- badopt = 0;
- i = 0;
- while (!badopt && argv[++i] != NULL)
- {
- if (strcmp(argv[i], "-out") == 0)
- {
- if ((argv[i+1] != NULL) && (outfile == NULL))
- outfile = argv[++i];
- else
- badopt = 1;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(argv[i], "-engine") == 0)
- {
- if ((argv[i+1] != NULL) && (engine == NULL))
- engine = argv[++i];
- else
- badopt = 1;
- }
-#endif
- else if (strcmp(argv[i], "-rand") == 0)
- {
- if ((argv[i+1] != NULL) && (inrand == NULL))
- inrand = argv[++i];
- else
- badopt = 1;
- }
- else if (strcmp(argv[i], "-base64") == 0)
- {
- if (!base64)
- base64 = 1;
- else
- badopt = 1;
- }
- else if (strcmp(argv[i], "-hex") == 0)
- {
- if (!hex)
- hex = 1;
- else
- badopt = 1;
- }
- else if (isdigit((unsigned char)argv[i][0]))
- {
- if (num < 0)
- {
- r = sscanf(argv[i], "%d", &num);
- if (r == 0 || num < 0)
- badopt = 1;
- }
- else
- badopt = 1;
- }
- else
- badopt = 1;
- }
-
- if (hex && base64)
- badopt = 1;
-
- if (num < 0)
- badopt = 1;
-
- if (badopt)
- {
- BIO_printf(bio_err, "Usage: rand [options] num\n");
- BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, "-out file - write to file\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, "-base64 - base64 encode output\n");
- BIO_printf(bio_err, "-hex - hex encode output\n");
- goto err;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- setup_engine(bio_err, engine, 0);
-#endif
-
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- out = BIO_new(BIO_s_file());
- if (out == NULL)
- goto err;
- if (outfile != NULL)
- r = BIO_write_filename(out, outfile);
- else
- {
- r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- if (r <= 0)
- goto err;
-
- if (base64)
- {
- BIO *b64 = BIO_new(BIO_f_base64());
- if (b64 == NULL)
- goto err;
- out = BIO_push(b64, out);
- }
-
- while (num > 0)
- {
- unsigned char buf[4096];
- int chunk;
-
- chunk = num;
- if (chunk > (int)sizeof(buf))
- chunk = sizeof buf;
- r = RAND_bytes(buf, chunk);
- if (r <= 0)
- goto err;
- if (!hex)
- BIO_write(out, buf, chunk);
- else
- {
- for (i = 0; i < chunk; i++)
- BIO_printf(out, "%02x", buf[i]);
- }
- num -= chunk;
- }
- if (hex)
- BIO_puts(out, "\n");
- (void)BIO_flush(out);
-
- app_RAND_write_file(NULL, bio_err);
- ret = 0;
-
-err:
- ERR_print_errors(bio_err);
- if (out)
- BIO_free_all(out);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/rand.c (from rev 6976, vendor-crypto/openssl/dist/apps/rand.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/rand.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/rand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,229 @@
+/* apps/rand.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "apps.h"
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#undef PROG
+#define PROG rand_main
+
+/*-
+ * -out file - write to file
+ * -rand file:file - PRNG seed files
+ * -base64 - base64 encode output
+ * -hex - hex encode output
+ * num - write 'num' bytes
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int i, r, ret = 1;
+ int badopt;
+ char *outfile = NULL;
+ char *inrand = NULL;
+ int base64 = 0;
+ int hex = 0;
+ BIO *out = NULL;
+ int num = -1;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto err;
+
+ badopt = 0;
+ i = 0;
+ while (!badopt && argv[++i] != NULL) {
+ if (strcmp(argv[i], "-out") == 0) {
+ if ((argv[i + 1] != NULL) && (outfile == NULL))
+ outfile = argv[++i];
+ else
+ badopt = 1;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(argv[i], "-engine") == 0) {
+ if ((argv[i + 1] != NULL) && (engine == NULL))
+ engine = argv[++i];
+ else
+ badopt = 1;
+ }
+#endif
+ else if (strcmp(argv[i], "-rand") == 0) {
+ if ((argv[i + 1] != NULL) && (inrand == NULL))
+ inrand = argv[++i];
+ else
+ badopt = 1;
+ } else if (strcmp(argv[i], "-base64") == 0) {
+ if (!base64)
+ base64 = 1;
+ else
+ badopt = 1;
+ } else if (strcmp(argv[i], "-hex") == 0) {
+ if (!hex)
+ hex = 1;
+ else
+ badopt = 1;
+ } else if (isdigit((unsigned char)argv[i][0])) {
+ if (num < 0) {
+ r = sscanf(argv[i], "%d", &num);
+ if (r == 0 || num < 0)
+ badopt = 1;
+ } else
+ badopt = 1;
+ } else
+ badopt = 1;
+ }
+
+ if (hex && base64)
+ badopt = 1;
+
+ if (num < 0)
+ badopt = 1;
+
+ if (badopt) {
+ BIO_printf(bio_err, "Usage: rand [options] num\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-out file - write to file\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ "-engine e - use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n",
+ LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, "-base64 - base64 encode output\n");
+ BIO_printf(bio_err, "-hex - hex encode output\n");
+ goto err;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ setup_engine(bio_err, engine, 0);
+#endif
+
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ goto err;
+ if (outfile != NULL)
+ r = BIO_write_filename(out, outfile);
+ else {
+ r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+ if (r <= 0)
+ goto err;
+
+ if (base64) {
+ BIO *b64 = BIO_new(BIO_f_base64());
+ if (b64 == NULL)
+ goto err;
+ out = BIO_push(b64, out);
+ }
+
+ while (num > 0) {
+ unsigned char buf[4096];
+ int chunk;
+
+ chunk = num;
+ if (chunk > (int)sizeof(buf))
+ chunk = sizeof buf;
+ r = RAND_bytes(buf, chunk);
+ if (r <= 0)
+ goto err;
+ if (!hex)
+ BIO_write(out, buf, chunk);
+ else {
+ for (i = 0; i < chunk; i++)
+ BIO_printf(out, "%02x", buf[i]);
+ }
+ num -= chunk;
+ }
+ if (hex)
+ BIO_puts(out, "\n");
+ (void)BIO_flush(out);
+
+ app_RAND_write_file(NULL, bio_err);
+ ret = 0;
+
+ err:
+ ERR_print_errors(bio_err);
+ if (out)
+ BIO_free_all(out);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/req.c
===================================================================
--- vendor-crypto/openssl/dist/apps/req.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/req.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1704 +0,0 @@
-/* apps/req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-#include <openssl/pem.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#define SECTION "req"
-
-#define BITS "default_bits"
-#define KEYFILE "default_keyfile"
-#define PROMPT "prompt"
-#define DISTINGUISHED_NAME "distinguished_name"
-#define ATTRIBUTES "attributes"
-#define V3_EXTENSIONS "x509_extensions"
-#define REQ_EXTENSIONS "req_extensions"
-#define STRING_MASK "string_mask"
-#define UTF8_IN "utf8"
-
-#define DEFAULT_KEY_LENGTH 512
-#define MIN_KEY_LENGTH 384
-
-#undef PROG
-#define PROG req_main
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -verify - check request signature
- * -noout - don't print stuff out.
- * -text - print out human readable text.
- * -nodes - no des encryption
- * -config file - Load configuration file.
- * -key file - make a request using key in file (or use it for verification).
- * -keyform arg - key file format.
- * -rand file(s) - load the file(s) into the PRNG.
- * -newkey - make a key and a request.
- * -modulus - print RSA modulus.
- * -pubkey - output Public Key.
- * -x509 - output a self signed X509 structure instead.
- * -asn1-kludge - output new certificate request in a format that some CA's
- * require. This format is wrong
- */
-
-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn,
- int attribs,unsigned long chtype);
-static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,
- int multirdn);
-static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
- unsigned long chtype);
-static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
- STACK_OF(CONF_VALUE) *attr, int attribs,
- unsigned long chtype);
-static int add_attribute_object(X509_REQ *req, char *text, const char *def,
- char *value, int nid, int n_min,
- int n_max, unsigned long chtype);
-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
- int nid,int n_min,int n_max, unsigned long chtype, int mval);
-#ifndef OPENSSL_NO_RSA
-static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb);
-#endif
-static int req_check_len(int len,int n_min,int n_max);
-static int check_end(const char *str, const char *end);
-#ifndef MONOLITH
-static char *default_config_file=NULL;
-#endif
-static CONF *req_conf=NULL;
-static int batch=0;
-
-#define TYPE_RSA 1
-#define TYPE_DSA 2
-#define TYPE_DH 3
-#define TYPE_EC 4
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
-#ifndef OPENSSL_NO_DSA
- DSA *dsa_params=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDSA
- EC_KEY *ec_params = NULL;
-#endif
- unsigned long nmflag = 0, reqflag = 0;
- int ex=1,x509=0,days=30;
- X509 *x509ss=NULL;
- X509_REQ *req=NULL;
- EVP_PKEY *pkey=NULL;
- int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
- long newkey = -1;
- BIO *in=NULL,*out=NULL;
- int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
- int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
- char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- char *extensions = NULL;
- char *req_exts = NULL;
- const EVP_CIPHER *cipher=NULL;
- ASN1_INTEGER *serial = NULL;
- int modulus=0;
- char *inrand=NULL;
- char *passargin = NULL, *passargout = NULL;
- char *passin = NULL, *passout = NULL;
- char *p;
- char *subj = NULL;
- int multirdn = 0;
- const EVP_MD *md_alg=NULL,*digest=EVP_sha1();
- unsigned long chtype = MBSTRING_ASC;
-#ifndef MONOLITH
- char *to_free;
- long errline;
-#endif
-
- req_conf = NULL;
-#ifndef OPENSSL_NO_DES
- cipher=EVP_des_ede3_cbc();
-#endif
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- keyfile= *(++argv);
- }
- else if (strcmp(*argv,"-pubkey") == 0)
- {
- pubkey=1;
- }
- else if (strcmp(*argv,"-new") == 0)
- {
- newreq=1;
- }
- else if (strcmp(*argv,"-config") == 0)
- {
- if (--argc < 1) goto bad;
- template= *(++argv);
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- keyform=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-keyout") == 0)
- {
- if (--argc < 1) goto bad;
- keyout= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
- else if (strcmp(*argv,"-newkey") == 0)
- {
- int is_numeric;
-
- if (--argc < 1) goto bad;
- p= *(++argv);
- is_numeric = p[0] >= '0' && p[0] <= '9';
- if (strncmp("rsa:",p,4) == 0 || is_numeric)
- {
- pkey_type=TYPE_RSA;
- if(!is_numeric)
- p+=4;
- newkey= atoi(p);
- }
- else
-#ifndef OPENSSL_NO_DSA
- if (strncmp("dsa:",p,4) == 0)
- {
- X509 *xtmp=NULL;
- EVP_PKEY *dtmp;
-
- pkey_type=TYPE_DSA;
- p+=4;
- if ((in=BIO_new_file(p,"r")) == NULL)
- {
- perror(p);
- goto end;
- }
- if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
- {
- ERR_clear_error();
- (void)BIO_reset(in);
- if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
- {
- BIO_printf(bio_err,"unable to load DSA parameters from file\n");
- goto end;
- }
-
- if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
- if (dtmp->type == EVP_PKEY_DSA)
- dsa_params=DSAparams_dup(dtmp->pkey.dsa);
- EVP_PKEY_free(dtmp);
- X509_free(xtmp);
- if (dsa_params == NULL)
- {
- BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");
- goto end;
- }
- }
- BIO_free(in);
- in=NULL;
- newkey=BN_num_bits(dsa_params->p);
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (strncmp("ec:",p,3) == 0)
- {
- X509 *xtmp=NULL;
- EVP_PKEY *dtmp;
- EC_GROUP *group;
-
- pkey_type=TYPE_EC;
- p+=3;
- if ((in=BIO_new_file(p,"r")) == NULL)
- {
- perror(p);
- goto end;
- }
- if ((ec_params = EC_KEY_new()) == NULL)
- goto end;
- group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
- if (group == NULL)
- {
- EC_KEY_free(ec_params);
- ERR_clear_error();
- (void)BIO_reset(in);
- if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
- {
- BIO_printf(bio_err,"unable to load EC parameters from file\n");
- goto end;
- }
-
- if ((dtmp=X509_get_pubkey(xtmp))==NULL)
- goto end;
- if (dtmp->type == EVP_PKEY_EC)
- ec_params = EC_KEY_dup(dtmp->pkey.ec);
- EVP_PKEY_free(dtmp);
- X509_free(xtmp);
- if (ec_params == NULL)
- {
- BIO_printf(bio_err,"Certificate does not contain EC parameters\n");
- goto end;
- }
- }
- else
- {
- if (EC_KEY_set_group(ec_params, group) == 0)
- goto end;
- EC_GROUP_free(group);
- }
-
- BIO_free(in);
- in=NULL;
- newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params));
- }
- else
-#endif
-#ifndef OPENSSL_NO_DH
- if (strncmp("dh:",p,4) == 0)
- {
- pkey_type=TYPE_DH;
- p+=3;
- }
- else
-#endif
- {
- goto bad;
- }
-
- newreq=1;
- }
- else if (strcmp(*argv,"-batch") == 0)
- batch=1;
- else if (strcmp(*argv,"-newhdr") == 0)
- newhdr=1;
- else if (strcmp(*argv,"-modulus") == 0)
- modulus=1;
- else if (strcmp(*argv,"-verify") == 0)
- verify=1;
- else if (strcmp(*argv,"-nodes") == 0)
- nodes=1;
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-verbose") == 0)
- verbose=1;
- else if (strcmp(*argv,"-utf8") == 0)
- chtype = MBSTRING_UTF8;
- else if (strcmp(*argv,"-nameopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_name_ex(&nmflag, *(++argv))) goto bad;
- }
- else if (strcmp(*argv,"-reqopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
- }
- else if (strcmp(*argv,"-subject") == 0)
- subject=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-x509") == 0)
- x509=1;
- else if (strcmp(*argv,"-asn1-kludge") == 0)
- kludge=1;
- else if (strcmp(*argv,"-no-asn1-kludge") == 0)
- kludge=0;
- else if (strcmp(*argv,"-subj") == 0)
- {
- if (--argc < 1) goto bad;
- subj= *(++argv);
- }
- else if (strcmp(*argv,"-multivalue-rdn") == 0)
- multirdn=1;
- else if (strcmp(*argv,"-days") == 0)
- {
- if (--argc < 1) goto bad;
- days= atoi(*(++argv));
- if (days == 0) days=30;
- }
- else if (strcmp(*argv,"-set_serial") == 0)
- {
- if (--argc < 1) goto bad;
- serial = s2i_ASN1_INTEGER(NULL, *(++argv));
- if (!serial) goto bad;
- }
- else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
- {
- /* ok */
- digest=md_alg;
- }
- else if (strcmp(*argv,"-extensions") == 0)
- {
- if (--argc < 1) goto bad;
- extensions = *(++argv);
- }
- else if (strcmp(*argv,"-reqexts") == 0)
- {
- if (--argc < 1) goto bad;
- req_exts = *(++argv);
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -text text form of request\n");
- BIO_printf(bio_err," -pubkey output public key\n");
- BIO_printf(bio_err," -noout do not output REQ\n");
- BIO_printf(bio_err," -verify verify signature on REQ\n");
- BIO_printf(bio_err," -modulus RSA modulus\n");
- BIO_printf(bio_err," -nodes don't encrypt the output key\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n");
-#endif
- BIO_printf(bio_err," -subject output the request's subject\n");
- BIO_printf(bio_err," -passin private key password source\n");
- BIO_printf(bio_err," -key file use the private key contained in file\n");
- BIO_printf(bio_err," -keyform arg key file format\n");
- BIO_printf(bio_err," -keyout arg file to send the key to\n");
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
- BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-#ifndef OPENSSL_NO_ECDSA
- BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
-#endif
- BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
- BIO_printf(bio_err," -config file request template file.\n");
- BIO_printf(bio_err," -subj arg set or modify request subject\n");
- BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
- BIO_printf(bio_err," -new new request.\n");
- BIO_printf(bio_err," -batch do not ask anything during request generation\n");
- BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
- BIO_printf(bio_err," -days number of days a certificate generated by -x509 is valid for.\n");
- BIO_printf(bio_err," -set_serial serial number to use for a certificate generated by -x509.\n");
- BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n");
- BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
- BIO_printf(bio_err," have been reported as requiring\n");
- BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
- BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
- BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n");
- BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
- BIO_printf(bio_err," -reqopt arg - various request text options\n\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
- BIO_printf(bio_err, "Error getting passwords\n");
- goto end;
- }
-
-#ifndef MONOLITH /* else this has happened in openssl.c (global `config') */
- /* Lets load up our environment a little */
- p=getenv("OPENSSL_CONF");
- if (p == NULL)
- p=getenv("SSLEAY_CONF");
- if (p == NULL)
- p=to_free=make_config_name();
- default_config_file=p;
- config=NCONF_new(NULL);
- i=NCONF_load(config, p, &errline);
-#endif
-
- if (template != NULL)
- {
- long errline = -1;
-
- if( verbose )
- BIO_printf(bio_err,"Using configuration from %s\n",template);
- req_conf=NCONF_new(NULL);
- i=NCONF_load(req_conf,template,&errline);
- if (i == 0)
- {
- BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
- goto end;
- }
- }
- else
- {
- req_conf=config;
-
- if (req_conf == NULL)
- {
- BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file);
- if (newreq)
- goto end;
- }
- else if( verbose )
- BIO_printf(bio_err,"Using configuration from %s\n",
- default_config_file);
- }
-
- if (req_conf != NULL)
- {
- if (!load_config(bio_err, req_conf))
- goto end;
- p=NCONF_get_string(req_conf,NULL,"oid_file");
- if (p == NULL)
- ERR_clear_error();
- if (p != NULL)
- {
- BIO *oid_bio;
-
- oid_bio=BIO_new_file(p,"r");
- if (oid_bio == NULL)
- {
- /*
- BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
- ERR_print_errors(bio_err);
- */
- }
- else
- {
- OBJ_create_objects(oid_bio);
- BIO_free(oid_bio);
- }
- }
- }
- if(!add_oid_section(bio_err, req_conf)) goto end;
-
- if (md_alg == NULL)
- {
- p=NCONF_get_string(req_conf,SECTION,"default_md");
- if (p == NULL)
- ERR_clear_error();
- if (p != NULL)
- {
- if ((md_alg=EVP_get_digestbyname(p)) != NULL)
- digest=md_alg;
- }
- }
-
- if (!extensions)
- {
- extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
- if (!extensions)
- ERR_clear_error();
- }
- if (extensions) {
- /* Check syntax of file */
- X509V3_CTX ctx;
- X509V3_set_ctx_test(&ctx);
- X509V3_set_nconf(&ctx, req_conf);
- if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n", extensions);
- goto end;
- }
- }
-
- if(!passin)
- {
- passin = NCONF_get_string(req_conf, SECTION, "input_password");
- if (!passin)
- ERR_clear_error();
- }
-
- if(!passout)
- {
- passout = NCONF_get_string(req_conf, SECTION, "output_password");
- if (!passout)
- ERR_clear_error();
- }
-
- p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
- if (!p)
- ERR_clear_error();
-
- if(p && !ASN1_STRING_set_default_mask_asc(p)) {
- BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
- goto end;
- }
-
- if (chtype != MBSTRING_UTF8)
- {
- p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
- if (!p)
- ERR_clear_error();
- else if (!strcmp(p, "yes"))
- chtype = MBSTRING_UTF8;
- }
-
-
- if(!req_exts)
- {
- req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
- if (!req_exts)
- ERR_clear_error();
- }
- if(req_exts) {
- /* Check syntax of file */
- X509V3_CTX ctx;
- X509V3_set_ctx_test(&ctx);
- X509V3_set_nconf(&ctx, req_conf);
- if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
- BIO_printf(bio_err,
- "Error Loading request extension section %s\n",
- req_exts);
- goto end;
- }
- }
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- goto end;
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (keyfile != NULL)
- {
- pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
- "Private Key");
- if (!pkey)
- {
- /* load_key() has already printed an appropriate
- message */
- goto end;
- }
- else
- {
- char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, bio_err, 0);
- }
- }
-
- if (newreq && (pkey == NULL))
- {
-#ifndef OPENSSL_NO_RSA
- BN_GENCB cb;
-#endif
- char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, bio_err, 0);
- if (inrand)
- app_RAND_load_files(inrand);
-
- if (newkey <= 0)
- {
- if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
- newkey=DEFAULT_KEY_LENGTH;
- }
-
- if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA))
- {
- BIO_printf(bio_err,"private key length is too short,\n");
- BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey);
- goto end;
- }
- BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
- newkey,(pkey_type == TYPE_RSA)?"RSA":
- (pkey_type == TYPE_DSA)?"DSA":"EC");
-
- if ((pkey=EVP_PKEY_new()) == NULL) goto end;
-
-#ifndef OPENSSL_NO_RSA
- BN_GENCB_set(&cb, req_cb, bio_err);
- if (pkey_type == TYPE_RSA)
- {
- RSA *rsa = RSA_new();
- BIGNUM *bn = BN_new();
- if(!bn || !rsa || !BN_set_word(bn, 0x10001) ||
- !RSA_generate_key_ex(rsa, newkey, bn, &cb) ||
- !EVP_PKEY_assign_RSA(pkey, rsa))
- {
- if(bn) BN_free(bn);
- if(rsa) RSA_free(rsa);
- goto end;
- }
- BN_free(bn);
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey_type == TYPE_DSA)
- {
- if (!DSA_generate_key(dsa_params)) goto end;
- if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end;
- dsa_params=NULL;
- }
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey_type == TYPE_EC)
- {
- if (!EC_KEY_generate_key(ec_params)) goto end;
- if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params))
- goto end;
- ec_params = NULL;
- }
-#endif
-
- app_RAND_write_file(randfile, bio_err);
-
- if (pkey == NULL) goto end;
-
- if (keyout == NULL)
- {
- keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
- if (keyout == NULL)
- ERR_clear_error();
- }
-
- if (keyout == NULL)
- {
- BIO_printf(bio_err,"writing new private key to stdout\n");
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- BIO_printf(bio_err,"writing new private key to '%s'\n",keyout);
- if (BIO_write_filename(out,keyout) <= 0)
- {
- perror(keyout);
- goto end;
- }
- }
-
- p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
- if (p == NULL)
- {
- ERR_clear_error();
- p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
- if (p == NULL)
- ERR_clear_error();
- }
- if ((p != NULL) && (strcmp(p,"no") == 0))
- cipher=NULL;
- if (nodes) cipher=NULL;
-
- i=0;
-loop:
- if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
- NULL,0,NULL,passout))
- {
- if ((ERR_GET_REASON(ERR_peek_error()) ==
- PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
- {
- ERR_clear_error();
- i++;
- goto loop;
- }
- goto end;
- }
- BIO_printf(bio_err,"-----\n");
- }
-
- if (!newreq)
- {
- /* Since we are using a pre-existing certificate
- * request, the kludge 'format' info should not be
- * changed. */
- kludge= -1;
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
- if (informat == FORMAT_ASN1)
- req=d2i_X509_REQ_bio(in,NULL);
- else if (informat == FORMAT_PEM)
- req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
- else
- {
- BIO_printf(bio_err,"bad input format specified for X509 request\n");
- goto end;
- }
- if (req == NULL)
- {
- BIO_printf(bio_err,"unable to load X509 request\n");
- goto end;
- }
- }
-
- if (newreq || x509)
- {
- if (pkey == NULL)
- {
- BIO_printf(bio_err,"you need to specify a private key\n");
- goto end;
- }
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- digest=EVP_ecdsa();
-#endif
- if (req == NULL)
- {
- req=X509_REQ_new();
- if (req == NULL)
- {
- goto end;
- }
-
- i=make_REQ(req,pkey,subj,multirdn,!x509, chtype);
- subj=NULL; /* done processing '-subj' option */
- if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
- {
- sk_X509_ATTRIBUTE_free(req->req_info->attributes);
- req->req_info->attributes = NULL;
- }
- if (!i)
- {
- BIO_printf(bio_err,"problems making Certificate Request\n");
- goto end;
- }
- }
- if (x509)
- {
- EVP_PKEY *tmppkey;
- X509V3_CTX ext_ctx;
- if ((x509ss=X509_new()) == NULL) goto end;
-
- /* Set version to V3 */
- if(extensions && !X509_set_version(x509ss, 2)) goto end;
- if (serial)
- {
- if (!X509_set_serialNumber(x509ss, serial)) goto end;
- }
- else
- {
- if (!rand_serial(NULL,
- X509_get_serialNumber(x509ss)))
- goto end;
- }
-
- if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
- if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
- if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
- if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
- tmppkey = X509_REQ_get_pubkey(req);
- if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
- EVP_PKEY_free(tmppkey);
-
- /* Set up V3 context struct */
-
- X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
- X509V3_set_nconf(&ext_ctx, req_conf);
-
- /* Add extensions */
- if(extensions && !X509V3_EXT_add_nconf(req_conf,
- &ext_ctx, extensions, x509ss))
- {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- extensions);
- goto end;
- }
-
- if (!(i=X509_sign(x509ss,pkey,digest)))
- goto end;
- }
- else
- {
- X509V3_CTX ext_ctx;
-
- /* Set up V3 context struct */
-
- X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
- X509V3_set_nconf(&ext_ctx, req_conf);
-
- /* Add extensions */
- if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
- &ext_ctx, req_exts, req))
- {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- req_exts);
- goto end;
- }
- if (!(i=X509_REQ_sign(req,pkey,digest)))
- goto end;
- }
- }
-
- if (subj && x509)
- {
- BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
- goto end;
- }
-
- if (subj && !x509)
- {
- if (verbose)
- {
- BIO_printf(bio_err, "Modifying Request's Subject\n");
- print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
- }
-
- if (build_subject(req, subj, chtype, multirdn) == 0)
- {
- BIO_printf(bio_err, "ERROR: cannot modify subject\n");
- ex=1;
- goto end;
- }
-
- req->req_info->enc.modified = 1;
-
- if (verbose)
- {
- print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
- }
- }
-
- if (verify && !x509)
- {
- int tmp=0;
-
- if (pkey == NULL)
- {
- pkey=X509_REQ_get_pubkey(req);
- tmp=1;
- if (pkey == NULL) goto end;
- }
-
- i=X509_REQ_verify(req,pkey);
- if (tmp) {
- EVP_PKEY_free(pkey);
- pkey=NULL;
- }
-
- if (i < 0)
- {
- goto end;
- }
- else if (i == 0)
- {
- BIO_printf(bio_err,"verify failure\n");
- ERR_print_errors(bio_err);
- }
- else /* if (i > 0) */
- BIO_printf(bio_err,"verify OK\n");
- }
-
- if (noout && !text && !modulus && !subject && !pubkey)
- {
- ex=0;
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
- i=(int)BIO_append_filename(out,outfile);
- else
- i=(int)BIO_write_filename(out,outfile);
- if (!i)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (pubkey)
- {
- EVP_PKEY *tpubkey;
- tpubkey=X509_REQ_get_pubkey(req);
- if (tpubkey == NULL)
- {
- BIO_printf(bio_err,"Error getting public key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- PEM_write_bio_PUBKEY(out, tpubkey);
- EVP_PKEY_free(tpubkey);
- }
-
- if (text)
- {
- if (x509)
- X509_print_ex(out, x509ss, nmflag, reqflag);
- else
- X509_REQ_print_ex(out, req, nmflag, reqflag);
- }
-
- if(subject)
- {
- if(x509)
- print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
- else
- print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
- }
-
- if (modulus)
- {
- EVP_PKEY *tpubkey;
-
- if (x509)
- tpubkey=X509_get_pubkey(x509ss);
- else
- tpubkey=X509_REQ_get_pubkey(req);
- if (tpubkey == NULL)
- {
- fprintf(stdout,"Modulus=unavailable\n");
- goto end;
- }
- fprintf(stdout,"Modulus=");
-#ifndef OPENSSL_NO_RSA
- if (tpubkey->type == EVP_PKEY_RSA)
- BN_print(out,tpubkey->pkey.rsa->n);
- else
-#endif
- fprintf(stdout,"Wrong Algorithm type");
- EVP_PKEY_free(tpubkey);
- fprintf(stdout,"\n");
- }
-
- if (!noout && !x509)
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_X509_REQ_bio(out,req);
- else if (outformat == FORMAT_PEM) {
- if(newhdr) i=PEM_write_bio_X509_REQ_NEW(out,req);
- else i=PEM_write_bio_X509_REQ(out,req);
- } else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write X509 request\n");
- goto end;
- }
- }
- if (!noout && x509 && (x509ss != NULL))
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_X509_bio(out,x509ss);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_X509(out,x509ss);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write X509 certificate\n");
- goto end;
- }
- }
- ex=0;
-end:
-#ifndef MONOLITH
- if(to_free)
- OPENSSL_free(to_free);
-#endif
- if (ex)
- {
- ERR_print_errors(bio_err);
- }
- if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
- BIO_free(in);
- BIO_free_all(out);
- EVP_PKEY_free(pkey);
- X509_REQ_free(req);
- X509_free(x509ss);
- ASN1_INTEGER_free(serial);
- if(passargin && passin) OPENSSL_free(passin);
- if(passargout && passout) OPENSSL_free(passout);
- OBJ_cleanup();
-#ifndef OPENSSL_NO_DSA
- if (dsa_params != NULL) DSA_free(dsa_params);
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (ec_params != NULL) EC_KEY_free(ec_params);
-#endif
- apps_shutdown();
- OPENSSL_EXIT(ex);
- }
-
-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
- int attribs, unsigned long chtype)
- {
- int ret=0,i;
- char no_prompt = 0;
- STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
- char *tmp, *dn_sect,*attr_sect;
-
- tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
- if (tmp == NULL)
- ERR_clear_error();
- if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
-
- dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
- if (dn_sect == NULL)
- {
- BIO_printf(bio_err,"unable to find '%s' in config\n",
- DISTINGUISHED_NAME);
- goto err;
- }
- dn_sk=NCONF_get_section(req_conf,dn_sect);
- if (dn_sk == NULL)
- {
- BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
- goto err;
- }
-
- attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
- if (attr_sect == NULL)
- {
- ERR_clear_error();
- attr_sk=NULL;
- }
- else
- {
- attr_sk=NCONF_get_section(req_conf,attr_sect);
- if (attr_sk == NULL)
- {
- BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
- goto err;
- }
- }
-
- /* setup version number */
- if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
-
- if (no_prompt)
- i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
- else
- {
- if (subj)
- i = build_subject(req, subj, chtype, multirdn);
- else
- i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
- }
- if(!i) goto err;
-
- if (!X509_REQ_set_pubkey(req,pkey)) goto err;
-
- ret=1;
-err:
- return(ret);
- }
-
-/*
- * subject is expected to be in the format /type0=value0/type1=value1/type2=...
- * where characters may be escaped by \
- */
-static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn)
- {
- X509_NAME *n;
-
- if (!(n = parse_name(subject, chtype, multirdn)))
- return 0;
-
- if (!X509_REQ_set_subject_name(req, n))
- {
- X509_NAME_free(n);
- return 0;
- }
- X509_NAME_free(n);
- return 1;
-}
-
-
-static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
- unsigned long chtype)
- {
- int i;
- char *p,*q;
- char buf[100];
- int nid, mval;
- long n_min,n_max;
- char *type, *value;
- const char *def;
- CONF_VALUE *v;
- X509_NAME *subj;
- subj = X509_REQ_get_subject_name(req);
-
- if(!batch)
- {
- BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
- BIO_printf(bio_err,"into your certificate request.\n");
- BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
- BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
- BIO_printf(bio_err,"For some fields there will be a default value,\n");
- BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
- BIO_printf(bio_err,"-----\n");
- }
-
-
- if (sk_CONF_VALUE_num(dn_sk))
- {
- i= -1;
-start: for (;;)
- {
- i++;
- if (sk_CONF_VALUE_num(dn_sk) <= i) break;
-
- v=sk_CONF_VALUE_value(dn_sk,i);
- p=q=NULL;
- type=v->name;
- if(!check_end(type,"_min") || !check_end(type,"_max") ||
- !check_end(type,"_default") ||
- !check_end(type,"_value")) continue;
- /* Skip past any leading X. X: X, etc to allow for
- * multiple instances
- */
- for(p = v->name; *p ; p++)
- if ((*p == ':') || (*p == ',') ||
- (*p == '.')) {
- p++;
- if(*p) type = p;
- break;
- }
- if (*type == '+')
- {
- mval = -1;
- type++;
- }
- else
- mval = 0;
- /* If OBJ not recognised ignore it */
- if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
- if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
- >= (int)sizeof(buf))
- {
- BIO_printf(bio_err,"Name '%s' too long\n",v->name);
- return 0;
- }
-
- if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
- {
- ERR_clear_error();
- def="";
- }
-
- BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
- if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
- {
- ERR_clear_error();
- value=NULL;
- }
-
- BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
- if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
- {
- ERR_clear_error();
- n_min = -1;
- }
-
- BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
- if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
- {
- ERR_clear_error();
- n_max = -1;
- }
-
- if (!add_DN_object(subj,v->value,def,value,nid,
- n_min,n_max, chtype, mval))
- return 0;
- }
- if (X509_NAME_entry_count(subj) == 0)
- {
- BIO_printf(bio_err,"error, no objects specified in config file\n");
- return 0;
- }
-
- if (attribs)
- {
- if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
- {
- BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
- BIO_printf(bio_err,"to be sent with your certificate request\n");
- }
-
- i= -1;
-start2: for (;;)
- {
- i++;
- if ((attr_sk == NULL) ||
- (sk_CONF_VALUE_num(attr_sk) <= i))
- break;
-
- v=sk_CONF_VALUE_value(attr_sk,i);
- type=v->name;
- if ((nid=OBJ_txt2nid(type)) == NID_undef)
- goto start2;
-
- if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
- >= (int)sizeof(buf))
- {
- BIO_printf(bio_err,"Name '%s' too long\n",v->name);
- return 0;
- }
-
- if ((def=NCONF_get_string(req_conf,attr_sect,buf))
- == NULL)
- {
- ERR_clear_error();
- def="";
- }
-
-
- BIO_snprintf(buf,sizeof buf,"%s_value",type);
- if ((value=NCONF_get_string(req_conf,attr_sect,buf))
- == NULL)
- {
- ERR_clear_error();
- value=NULL;
- }
-
- BIO_snprintf(buf,sizeof buf,"%s_min",type);
- if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
- {
- ERR_clear_error();
- n_min = -1;
- }
-
- BIO_snprintf(buf,sizeof buf,"%s_max",type);
- if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
- {
- ERR_clear_error();
- n_max = -1;
- }
-
- if (!add_attribute_object(req,
- v->value,def,value,nid,n_min,n_max, chtype))
- return 0;
- }
- }
- }
- else
- {
- BIO_printf(bio_err,"No template, please set one up.\n");
- return 0;
- }
-
- return 1;
-
- }
-
-static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
- STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype)
- {
- int i;
- char *p,*q;
- char *type;
- CONF_VALUE *v;
- X509_NAME *subj;
-
- subj = X509_REQ_get_subject_name(req);
-
- for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
- {
- int mval;
- v=sk_CONF_VALUE_value(dn_sk,i);
- p=q=NULL;
- type=v->name;
- /* Skip past any leading X. X: X, etc to allow for
- * multiple instances
- */
- for(p = v->name; *p ; p++)
-#ifndef CHARSET_EBCDIC
- if ((*p == ':') || (*p == ',') || (*p == '.')) {
-#else
- if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) {
-#endif
- p++;
- if(*p) type = p;
- break;
- }
-#ifndef CHARSET_EBCDIC
- if (*p == '+')
-#else
- if (*p == os_toascii['+'])
-#endif
- {
- p++;
- mval = -1;
- }
- else
- mval = 0;
- if (!X509_NAME_add_entry_by_txt(subj,type, chtype,
- (unsigned char *) v->value,-1,-1,mval)) return 0;
-
- }
-
- if (!X509_NAME_entry_count(subj))
- {
- BIO_printf(bio_err,"error, no objects specified in config file\n");
- return 0;
- }
- if (attribs)
- {
- for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
- {
- v=sk_CONF_VALUE_value(attr_sk,i);
- if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
- (unsigned char *)v->value, -1)) return 0;
- }
- }
- return 1;
- }
-
-
-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
- int nid, int n_min, int n_max, unsigned long chtype, int mval)
- {
- int i,ret=0;
- MS_STATIC char buf[1024];
-start:
- if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
- (void)BIO_flush(bio_err);
- if(value != NULL)
- {
- BUF_strlcpy(buf,value,sizeof buf);
- BUF_strlcat(buf,"\n",sizeof buf);
- BIO_printf(bio_err,"%s\n",value);
- }
- else
- {
- buf[0]='\0';
- if (!batch)
- {
- if (!fgets(buf,sizeof buf,stdin))
- return 0;
- }
- else
- {
- buf[0] = '\n';
- buf[1] = '\0';
- }
- }
-
- if (buf[0] == '\0') return(0);
- else if (buf[0] == '\n')
- {
- if ((def == NULL) || (def[0] == '\0'))
- return(1);
- BUF_strlcpy(buf,def,sizeof buf);
- BUF_strlcat(buf,"\n",sizeof buf);
- }
- else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
-
- i=strlen(buf);
- if (buf[i-1] != '\n')
- {
- BIO_printf(bio_err,"weird input :-(\n");
- return(0);
- }
- buf[--i]='\0';
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(buf, buf, i);
-#endif
- if(!req_check_len(i, n_min, n_max))
- {
- if (batch || value)
- return 0;
- goto start;
- }
-
- if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
- (unsigned char *) buf, -1,-1,mval)) goto err;
- ret=1;
-err:
- return(ret);
- }
-
-static int add_attribute_object(X509_REQ *req, char *text, const char *def,
- char *value, int nid, int n_min,
- int n_max, unsigned long chtype)
- {
- int i;
- static char buf[1024];
-
-start:
- if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
- (void)BIO_flush(bio_err);
- if (value != NULL)
- {
- BUF_strlcpy(buf,value,sizeof buf);
- BUF_strlcat(buf,"\n",sizeof buf);
- BIO_printf(bio_err,"%s\n",value);
- }
- else
- {
- buf[0]='\0';
- if (!batch)
- {
- if (!fgets(buf,sizeof buf,stdin))
- return 0;
- }
- else
- {
- buf[0] = '\n';
- buf[1] = '\0';
- }
- }
-
- if (buf[0] == '\0') return(0);
- else if (buf[0] == '\n')
- {
- if ((def == NULL) || (def[0] == '\0'))
- return(1);
- BUF_strlcpy(buf,def,sizeof buf);
- BUF_strlcat(buf,"\n",sizeof buf);
- }
- else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
-
- i=strlen(buf);
- if (buf[i-1] != '\n')
- {
- BIO_printf(bio_err,"weird input :-(\n");
- return(0);
- }
- buf[--i]='\0';
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(buf, buf, i);
-#endif
- if(!req_check_len(i, n_min, n_max))
- {
- if (batch || value)
- return 0;
- goto start;
- }
-
- if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
- (unsigned char *)buf, -1)) {
- BIO_printf(bio_err, "Error adding attribute\n");
- ERR_print_errors(bio_err);
- goto err;
- }
-
- return(1);
-err:
- return(0);
- }
-
-#ifndef OPENSSL_NO_RSA
-static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(cb->arg,&c,1);
- (void)BIO_flush(cb->arg);
-#ifdef LINT
- p=n;
-#endif
- return 1;
- }
-#endif
-
-static int req_check_len(int len, int n_min, int n_max)
- {
- if ((n_min > 0) && (len < n_min))
- {
- BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
- return(0);
- }
- if ((n_max >= 0) && (len > n_max))
- {
- BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
- return(0);
- }
- return(1);
- }
-
-/* Check if the end of a string matches 'end' */
-static int check_end(const char *str, const char *end)
-{
- int elen, slen;
- const char *tmp;
- elen = strlen(end);
- slen = strlen(str);
- if(elen > slen) return 1;
- tmp = str + slen - elen;
- return strcmp(tmp, end);
-}
Copied: vendor-crypto/openssl/0.9.8zf/apps/req.c (from rev 6976, vendor-crypto/openssl/dist/apps/req.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/req.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/req.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1633 @@
+/* apps/req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#define SECTION "req"
+
+#define BITS "default_bits"
+#define KEYFILE "default_keyfile"
+#define PROMPT "prompt"
+#define DISTINGUISHED_NAME "distinguished_name"
+#define ATTRIBUTES "attributes"
+#define V3_EXTENSIONS "x509_extensions"
+#define REQ_EXTENSIONS "req_extensions"
+#define STRING_MASK "string_mask"
+#define UTF8_IN "utf8"
+
+#define DEFAULT_KEY_LENGTH 512
+#define MIN_KEY_LENGTH 384
+
+#undef PROG
+#define PROG req_main
+
+/*-
+ * -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -verify - check request signature
+ * -noout - don't print stuff out.
+ * -text - print out human readable text.
+ * -nodes - no des encryption
+ * -config file - Load configuration file.
+ * -key file - make a request using key in file (or use it for verification).
+ * -keyform arg - key file format.
+ * -rand file(s) - load the file(s) into the PRNG.
+ * -newkey - make a key and a request.
+ * -modulus - print RSA modulus.
+ * -pubkey - output Public Key.
+ * -x509 - output a self signed X509 structure instead.
+ * -asn1-kludge - output new certificate request in a format that some CA's
+ * require. This format is wrong
+ */
+
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn,
+ int attribs, unsigned long chtype);
+static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,
+ int multirdn);
+static int prompt_info(X509_REQ *req,
+ STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect,
+ int attribs, unsigned long chtype);
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
+ STACK_OF(CONF_VALUE) *attr, int attribs,
+ unsigned long chtype);
+static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+ char *value, int nid, int n_min, int n_max,
+ unsigned long chtype);
+static int add_DN_object(X509_NAME *n, char *text, const char *def,
+ char *value, int nid, int n_min, int n_max,
+ unsigned long chtype, int mval);
+#ifndef OPENSSL_NO_RSA
+static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb);
+#endif
+static int req_check_len(int len, int n_min, int n_max);
+static int check_end(const char *str, const char *end);
+#ifndef MONOLITH
+static char *default_config_file = NULL;
+#endif
+static CONF *req_conf = NULL;
+static int batch = 0;
+
+#define TYPE_RSA 1
+#define TYPE_DSA 2
+#define TYPE_DH 3
+#define TYPE_EC 4
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+#ifndef OPENSSL_NO_DSA
+ DSA *dsa_params = NULL;
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ EC_KEY *ec_params = NULL;
+#endif
+ unsigned long nmflag = 0, reqflag = 0;
+ int ex = 1, x509 = 0, days = 30;
+ X509 *x509ss = NULL;
+ X509_REQ *req = NULL;
+ EVP_PKEY *pkey = NULL;
+ int i = 0, badops = 0, newreq = 0, verbose = 0, pkey_type = TYPE_RSA;
+ long newkey = -1;
+ BIO *in = NULL, *out = NULL;
+ int informat, outformat, verify = 0, noout = 0, text = 0, keyform =
+ FORMAT_PEM;
+ int nodes = 0, kludge = 0, newhdr = 0, subject = 0, pubkey = 0;
+ char *infile, *outfile, *prog, *keyfile = NULL, *template =
+ NULL, *keyout = NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+ char *extensions = NULL;
+ char *req_exts = NULL;
+ const EVP_CIPHER *cipher = NULL;
+ ASN1_INTEGER *serial = NULL;
+ int modulus = 0;
+ char *inrand = NULL;
+ char *passargin = NULL, *passargout = NULL;
+ char *passin = NULL, *passout = NULL;
+ char *p;
+ char *subj = NULL;
+ int multirdn = 0;
+ const EVP_MD *md_alg = NULL, *digest = EVP_sha1();
+ unsigned long chtype = MBSTRING_ASC;
+#ifndef MONOLITH
+ char *to_free;
+ long errline;
+#endif
+
+ req_conf = NULL;
+#ifndef OPENSSL_NO_DES
+ cipher = EVP_des_ede3_cbc();
+#endif
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv, "-key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyfile = *(++argv);
+ } else if (strcmp(*argv, "-pubkey") == 0) {
+ pubkey = 1;
+ } else if (strcmp(*argv, "-new") == 0) {
+ newreq = 1;
+ } else if (strcmp(*argv, "-config") == 0) {
+ if (--argc < 1)
+ goto bad;
+ template = *(++argv);
+ } else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyform = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-keyout") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyout = *(++argv);
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-passout") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargout = *(++argv);
+ } else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ } else if (strcmp(*argv, "-newkey") == 0) {
+ int is_numeric;
+
+ if (--argc < 1)
+ goto bad;
+ p = *(++argv);
+ is_numeric = p[0] >= '0' && p[0] <= '9';
+ if (strncmp("rsa:", p, 4) == 0 || is_numeric) {
+ pkey_type = TYPE_RSA;
+ if (!is_numeric)
+ p += 4;
+ newkey = atoi(p);
+ } else
+#ifndef OPENSSL_NO_DSA
+ if (strncmp("dsa:", p, 4) == 0) {
+ X509 *xtmp = NULL;
+ EVP_PKEY *dtmp;
+
+ pkey_type = TYPE_DSA;
+ p += 4;
+ if ((in = BIO_new_file(p, "r")) == NULL) {
+ perror(p);
+ goto end;
+ }
+ if ((dsa_params =
+ PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
+ ERR_clear_error();
+ (void)BIO_reset(in);
+ if ((xtmp =
+ PEM_read_bio_X509(in, NULL, NULL, NULL)) == NULL) {
+ BIO_printf(bio_err,
+ "unable to load DSA parameters from file\n");
+ goto end;
+ }
+
+ if ((dtmp = X509_get_pubkey(xtmp)) == NULL)
+ goto end;
+ if (dtmp->type == EVP_PKEY_DSA)
+ dsa_params = DSAparams_dup(dtmp->pkey.dsa);
+ EVP_PKEY_free(dtmp);
+ X509_free(xtmp);
+ if (dsa_params == NULL) {
+ BIO_printf(bio_err,
+ "Certificate does not contain DSA parameters\n");
+ goto end;
+ }
+ }
+ BIO_free(in);
+ in = NULL;
+ newkey = BN_num_bits(dsa_params->p);
+ } else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (strncmp("ec:", p, 3) == 0) {
+ X509 *xtmp = NULL;
+ EVP_PKEY *dtmp;
+ EC_GROUP *group;
+
+ pkey_type = TYPE_EC;
+ p += 3;
+ if ((in = BIO_new_file(p, "r")) == NULL) {
+ perror(p);
+ goto end;
+ }
+ if ((ec_params = EC_KEY_new()) == NULL)
+ goto end;
+ group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
+ if (group == NULL) {
+ EC_KEY_free(ec_params);
+ ERR_clear_error();
+ (void)BIO_reset(in);
+ if ((xtmp =
+ PEM_read_bio_X509(in, NULL, NULL, NULL)) == NULL) {
+ BIO_printf(bio_err,
+ "unable to load EC parameters from file\n");
+ goto end;
+ }
+
+ if ((dtmp = X509_get_pubkey(xtmp)) == NULL)
+ goto end;
+ if (dtmp->type == EVP_PKEY_EC)
+ ec_params = EC_KEY_dup(dtmp->pkey.ec);
+ EVP_PKEY_free(dtmp);
+ X509_free(xtmp);
+ if (ec_params == NULL) {
+ BIO_printf(bio_err,
+ "Certificate does not contain EC parameters\n");
+ goto end;
+ }
+ } else {
+ if (EC_KEY_set_group(ec_params, group) == 0)
+ goto end;
+ EC_GROUP_free(group);
+ }
+
+ BIO_free(in);
+ in = NULL;
+ newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params));
+ } else
+#endif
+#ifndef OPENSSL_NO_DH
+ if (strncmp("dh:", p, 4) == 0) {
+ pkey_type = TYPE_DH;
+ p += 3;
+ } else
+#endif
+ {
+ goto bad;
+ }
+
+ newreq = 1;
+ } else if (strcmp(*argv, "-batch") == 0)
+ batch = 1;
+ else if (strcmp(*argv, "-newhdr") == 0)
+ newhdr = 1;
+ else if (strcmp(*argv, "-modulus") == 0)
+ modulus = 1;
+ else if (strcmp(*argv, "-verify") == 0)
+ verify = 1;
+ else if (strcmp(*argv, "-nodes") == 0)
+ nodes = 1;
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-verbose") == 0)
+ verbose = 1;
+ else if (strcmp(*argv, "-utf8") == 0)
+ chtype = MBSTRING_UTF8;
+ else if (strcmp(*argv, "-nameopt") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!set_name_ex(&nmflag, *(++argv)))
+ goto bad;
+ } else if (strcmp(*argv, "-reqopt") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!set_cert_ex(&reqflag, *(++argv)))
+ goto bad;
+ } else if (strcmp(*argv, "-subject") == 0)
+ subject = 1;
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-x509") == 0)
+ x509 = 1;
+ else if (strcmp(*argv, "-asn1-kludge") == 0)
+ kludge = 1;
+ else if (strcmp(*argv, "-no-asn1-kludge") == 0)
+ kludge = 0;
+ else if (strcmp(*argv, "-subj") == 0) {
+ if (--argc < 1)
+ goto bad;
+ subj = *(++argv);
+ } else if (strcmp(*argv, "-multivalue-rdn") == 0)
+ multirdn = 1;
+ else if (strcmp(*argv, "-days") == 0) {
+ if (--argc < 1)
+ goto bad;
+ days = atoi(*(++argv));
+ if (days == 0)
+ days = 30;
+ } else if (strcmp(*argv, "-set_serial") == 0) {
+ if (--argc < 1)
+ goto bad;
+ serial = s2i_ASN1_INTEGER(NULL, *(++argv));
+ if (!serial)
+ goto bad;
+ } else if ((md_alg = EVP_get_digestbyname(&((*argv)[1]))) != NULL) {
+ /* ok */
+ digest = md_alg;
+ } else if (strcmp(*argv, "-extensions") == 0) {
+ if (--argc < 1)
+ goto bad;
+ extensions = *(++argv);
+ } else if (strcmp(*argv, "-reqexts") == 0) {
+ if (--argc < 1)
+ goto bad;
+ req_exts = *(++argv);
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err, " -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err, " -text text form of request\n");
+ BIO_printf(bio_err, " -pubkey output public key\n");
+ BIO_printf(bio_err, " -noout do not output REQ\n");
+ BIO_printf(bio_err, " -verify verify signature on REQ\n");
+ BIO_printf(bio_err, " -modulus RSA modulus\n");
+ BIO_printf(bio_err, " -nodes don't encrypt the output key\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine e use engine e, possibly a hardware device\n");
+#endif
+ BIO_printf(bio_err, " -subject output the request's subject\n");
+ BIO_printf(bio_err, " -passin private key password source\n");
+ BIO_printf(bio_err,
+ " -key file use the private key contained in file\n");
+ BIO_printf(bio_err, " -keyform arg key file format\n");
+ BIO_printf(bio_err, " -keyout arg file to send the key to\n");
+ BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+ LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err,
+ " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err,
+ " -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
+ BIO_printf(bio_err,
+ " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
+#ifndef OPENSSL_NO_ECDSA
+ BIO_printf(bio_err,
+ " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
+#endif
+ BIO_printf(bio_err,
+ " -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
+ BIO_printf(bio_err, " -config file request template file.\n");
+ BIO_printf(bio_err,
+ " -subj arg set or modify request subject\n");
+ BIO_printf(bio_err,
+ " -multivalue-rdn enable support for multivalued RDNs\n");
+ BIO_printf(bio_err, " -new new request.\n");
+ BIO_printf(bio_err,
+ " -batch do not ask anything during request generation\n");
+ BIO_printf(bio_err,
+ " -x509 output a x509 structure instead of a cert. req.\n");
+ BIO_printf(bio_err,
+ " -days number of days a certificate generated by -x509 is valid for.\n");
+ BIO_printf(bio_err,
+ " -set_serial serial number to use for a certificate generated by -x509.\n");
+ BIO_printf(bio_err,
+ " -newhdr output \"NEW\" in the header lines\n");
+ BIO_printf(bio_err,
+ " -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
+ BIO_printf(bio_err,
+ " have been reported as requiring\n");
+ BIO_printf(bio_err,
+ " -extensions .. specify certificate extension section (override value in config file)\n");
+ BIO_printf(bio_err,
+ " -reqexts .. specify request extension section (override value in config file)\n");
+ BIO_printf(bio_err,
+ " -utf8 input characters are UTF8 (default ASCII)\n");
+ BIO_printf(bio_err,
+ " -nameopt arg - various certificate name options\n");
+ BIO_printf(bio_err,
+ " -reqopt arg - various request text options\n\n");
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+#ifndef MONOLITH /* else this has happened in openssl.c
+ * (global `config') */
+ /* Lets load up our environment a little */
+ p = getenv("OPENSSL_CONF");
+ if (p == NULL)
+ p = getenv("SSLEAY_CONF");
+ if (p == NULL)
+ p = to_free = make_config_name();
+ default_config_file = p;
+ config = NCONF_new(NULL);
+ i = NCONF_load(config, p, &errline);
+#endif
+
+ if (template != NULL) {
+ long errline = -1;
+
+ if (verbose)
+ BIO_printf(bio_err, "Using configuration from %s\n", template);
+ req_conf = NCONF_new(NULL);
+ i = NCONF_load(req_conf, template, &errline);
+ if (i == 0) {
+ BIO_printf(bio_err, "error on line %ld of %s\n", errline,
+ template);
+ goto end;
+ }
+ } else {
+ req_conf = config;
+
+ if (req_conf == NULL) {
+ BIO_printf(bio_err, "Unable to load config info from %s\n",
+ default_config_file);
+ if (newreq)
+ goto end;
+ } else if (verbose)
+ BIO_printf(bio_err, "Using configuration from %s\n",
+ default_config_file);
+ }
+
+ if (req_conf != NULL) {
+ if (!load_config(bio_err, req_conf))
+ goto end;
+ p = NCONF_get_string(req_conf, NULL, "oid_file");
+ if (p == NULL)
+ ERR_clear_error();
+ if (p != NULL) {
+ BIO *oid_bio;
+
+ oid_bio = BIO_new_file(p, "r");
+ if (oid_bio == NULL) {
+ /*-
+ BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+ ERR_print_errors(bio_err);
+ */
+ } else {
+ OBJ_create_objects(oid_bio);
+ BIO_free(oid_bio);
+ }
+ }
+ }
+ if (!add_oid_section(bio_err, req_conf))
+ goto end;
+
+ if (md_alg == NULL) {
+ p = NCONF_get_string(req_conf, SECTION, "default_md");
+ if (p == NULL)
+ ERR_clear_error();
+ if (p != NULL) {
+ if ((md_alg = EVP_get_digestbyname(p)) != NULL)
+ digest = md_alg;
+ }
+ }
+
+ if (!extensions) {
+ extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+ if (!extensions)
+ ERR_clear_error();
+ }
+ if (extensions) {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_nconf(&ctx, req_conf);
+ if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n", extensions);
+ goto end;
+ }
+ }
+
+ if (!passin) {
+ passin = NCONF_get_string(req_conf, SECTION, "input_password");
+ if (!passin)
+ ERR_clear_error();
+ }
+
+ if (!passout) {
+ passout = NCONF_get_string(req_conf, SECTION, "output_password");
+ if (!passout)
+ ERR_clear_error();
+ }
+
+ p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
+ if (!p)
+ ERR_clear_error();
+
+ if (p && !ASN1_STRING_set_default_mask_asc(p)) {
+ BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
+ goto end;
+ }
+
+ if (chtype != MBSTRING_UTF8) {
+ p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
+ if (!p)
+ ERR_clear_error();
+ else if (!strcmp(p, "yes"))
+ chtype = MBSTRING_UTF8;
+ }
+
+ if (!req_exts) {
+ req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+ if (!req_exts)
+ ERR_clear_error();
+ }
+ if (req_exts) {
+ /* Check syntax of file */
+ X509V3_CTX ctx;
+ X509V3_set_ctx_test(&ctx);
+ X509V3_set_nconf(&ctx, req_conf);
+ if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
+ BIO_printf(bio_err,
+ "Error Loading request extension section %s\n",
+ req_exts);
+ goto end;
+ }
+ }
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL))
+ goto end;
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (keyfile != NULL) {
+ pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "Private Key");
+ if (!pkey) {
+ /*
+ * load_key() has already printed an appropriate message
+ */
+ goto end;
+ } else {
+ char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
+ if (randfile == NULL)
+ ERR_clear_error();
+ app_RAND_load_file(randfile, bio_err, 0);
+ }
+ }
+
+ if (newreq && (pkey == NULL)) {
+#ifndef OPENSSL_NO_RSA
+ BN_GENCB cb;
+#endif
+ char *randfile = NCONF_get_string(req_conf, SECTION, "RANDFILE");
+ if (randfile == NULL)
+ ERR_clear_error();
+ app_RAND_load_file(randfile, bio_err, 0);
+ if (inrand)
+ app_RAND_load_files(inrand);
+
+ if (newkey <= 0) {
+ if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey))
+ newkey = DEFAULT_KEY_LENGTH;
+ }
+
+ if (newkey < MIN_KEY_LENGTH
+ && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA)) {
+ BIO_printf(bio_err, "private key length is too short,\n");
+ BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n",
+ MIN_KEY_LENGTH, newkey);
+ goto end;
+ }
+ BIO_printf(bio_err, "Generating a %ld bit %s private key\n",
+ newkey, (pkey_type == TYPE_RSA) ? "RSA" :
+ (pkey_type == TYPE_DSA) ? "DSA" : "EC");
+
+ if ((pkey = EVP_PKEY_new()) == NULL)
+ goto end;
+
+#ifndef OPENSSL_NO_RSA
+ BN_GENCB_set(&cb, req_cb, bio_err);
+ if (pkey_type == TYPE_RSA) {
+ RSA *rsa = RSA_new();
+ BIGNUM *bn = BN_new();
+ if (!bn || !rsa || !BN_set_word(bn, 0x10001) ||
+ !RSA_generate_key_ex(rsa, newkey, bn, &cb) ||
+ !EVP_PKEY_assign_RSA(pkey, rsa)) {
+ if (bn)
+ BN_free(bn);
+ if (rsa)
+ RSA_free(rsa);
+ goto end;
+ }
+ BN_free(bn);
+ } else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey_type == TYPE_DSA) {
+ if (!DSA_generate_key(dsa_params))
+ goto end;
+ if (!EVP_PKEY_assign_DSA(pkey, dsa_params))
+ goto end;
+ dsa_params = NULL;
+ }
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey_type == TYPE_EC) {
+ if (!EC_KEY_generate_key(ec_params))
+ goto end;
+ if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params))
+ goto end;
+ ec_params = NULL;
+ }
+#endif
+
+ app_RAND_write_file(randfile, bio_err);
+
+ if (pkey == NULL)
+ goto end;
+
+ if (keyout == NULL) {
+ keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
+ if (keyout == NULL)
+ ERR_clear_error();
+ }
+
+ if (keyout == NULL) {
+ BIO_printf(bio_err, "writing new private key to stdout\n");
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ } else {
+ BIO_printf(bio_err, "writing new private key to '%s'\n", keyout);
+ if (BIO_write_filename(out, keyout) <= 0) {
+ perror(keyout);
+ goto end;
+ }
+ }
+
+ p = NCONF_get_string(req_conf, SECTION, "encrypt_rsa_key");
+ if (p == NULL) {
+ ERR_clear_error();
+ p = NCONF_get_string(req_conf, SECTION, "encrypt_key");
+ if (p == NULL)
+ ERR_clear_error();
+ }
+ if ((p != NULL) && (strcmp(p, "no") == 0))
+ cipher = NULL;
+ if (nodes)
+ cipher = NULL;
+
+ i = 0;
+ loop:
+ if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
+ NULL, 0, NULL, passout)) {
+ if ((ERR_GET_REASON(ERR_peek_error()) ==
+ PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) {
+ ERR_clear_error();
+ i++;
+ goto loop;
+ }
+ goto end;
+ }
+ BIO_printf(bio_err, "-----\n");
+ }
+
+ if (!newreq) {
+ /*
+ * Since we are using a pre-existing certificate request, the kludge
+ * 'format' info should not be changed.
+ */
+ kludge = -1;
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto end;
+ }
+ }
+
+ if (informat == FORMAT_ASN1)
+ req = d2i_X509_REQ_bio(in, NULL);
+ else if (informat == FORMAT_PEM)
+ req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
+ else {
+ BIO_printf(bio_err,
+ "bad input format specified for X509 request\n");
+ goto end;
+ }
+ if (req == NULL) {
+ BIO_printf(bio_err, "unable to load X509 request\n");
+ goto end;
+ }
+ }
+
+ if (newreq || x509) {
+ if (pkey == NULL) {
+ BIO_printf(bio_err, "you need to specify a private key\n");
+ goto end;
+ }
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ digest = EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ digest = EVP_ecdsa();
+#endif
+ if (req == NULL) {
+ req = X509_REQ_new();
+ if (req == NULL) {
+ goto end;
+ }
+
+ i = make_REQ(req, pkey, subj, multirdn, !x509, chtype);
+ subj = NULL; /* done processing '-subj' option */
+ if ((kludge > 0)
+ && !sk_X509_ATTRIBUTE_num(req->req_info->attributes)) {
+ sk_X509_ATTRIBUTE_free(req->req_info->attributes);
+ req->req_info->attributes = NULL;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "problems making Certificate Request\n");
+ goto end;
+ }
+ }
+ if (x509) {
+ EVP_PKEY *tmppkey;
+ X509V3_CTX ext_ctx;
+ if ((x509ss = X509_new()) == NULL)
+ goto end;
+
+ /* Set version to V3 */
+ if (extensions && !X509_set_version(x509ss, 2))
+ goto end;
+ if (serial) {
+ if (!X509_set_serialNumber(x509ss, serial))
+ goto end;
+ } else {
+ if (!rand_serial(NULL, X509_get_serialNumber(x509ss)))
+ goto end;
+ }
+
+ if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
+ goto end;
+ if (!X509_gmtime_adj(X509_get_notBefore(x509ss), 0))
+ goto end;
+ if (!X509_gmtime_adj
+ (X509_get_notAfter(x509ss), (long)60 * 60 * 24 * days))
+ goto end;
+ if (!X509_set_subject_name
+ (x509ss, X509_REQ_get_subject_name(req)))
+ goto end;
+ tmppkey = X509_REQ_get_pubkey(req);
+ if (!tmppkey || !X509_set_pubkey(x509ss, tmppkey))
+ goto end;
+ EVP_PKEY_free(tmppkey);
+
+ /* Set up V3 context struct */
+
+ X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
+ X509V3_set_nconf(&ext_ctx, req_conf);
+
+ /* Add extensions */
+ if (extensions && !X509V3_EXT_add_nconf(req_conf,
+ &ext_ctx, extensions,
+ x509ss)) {
+ BIO_printf(bio_err, "Error Loading extension section %s\n",
+ extensions);
+ goto end;
+ }
+
+ if (!(i = X509_sign(x509ss, pkey, digest)))
+ goto end;
+ } else {
+ X509V3_CTX ext_ctx;
+
+ /* Set up V3 context struct */
+
+ X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
+ X509V3_set_nconf(&ext_ctx, req_conf);
+
+ /* Add extensions */
+ if (req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
+ &ext_ctx, req_exts,
+ req)) {
+ BIO_printf(bio_err, "Error Loading extension section %s\n",
+ req_exts);
+ goto end;
+ }
+ if (!(i = X509_REQ_sign(req, pkey, digest)))
+ goto end;
+ }
+ }
+
+ if (subj && x509) {
+ BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
+ goto end;
+ }
+
+ if (subj && !x509) {
+ if (verbose) {
+ BIO_printf(bio_err, "Modifying Request's Subject\n");
+ print_name(bio_err, "old subject=",
+ X509_REQ_get_subject_name(req), nmflag);
+ }
+
+ if (build_subject(req, subj, chtype, multirdn) == 0) {
+ BIO_printf(bio_err, "ERROR: cannot modify subject\n");
+ ex = 1;
+ goto end;
+ }
+
+ req->req_info->enc.modified = 1;
+
+ if (verbose) {
+ print_name(bio_err, "new subject=",
+ X509_REQ_get_subject_name(req), nmflag);
+ }
+ }
+
+ if (verify && !x509) {
+ int tmp = 0;
+
+ if (pkey == NULL) {
+ pkey = X509_REQ_get_pubkey(req);
+ tmp = 1;
+ if (pkey == NULL)
+ goto end;
+ }
+
+ i = X509_REQ_verify(req, pkey);
+ if (tmp) {
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ }
+
+ if (i < 0) {
+ goto end;
+ } else if (i == 0) {
+ BIO_printf(bio_err, "verify failure\n");
+ ERR_print_errors(bio_err);
+ } else /* if (i > 0) */
+ BIO_printf(bio_err, "verify OK\n");
+ }
+
+ if (noout && !text && !modulus && !subject && !pubkey) {
+ ex = 0;
+ goto end;
+ }
+
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ } else {
+ if ((keyout != NULL) && (strcmp(outfile, keyout) == 0))
+ i = (int)BIO_append_filename(out, outfile);
+ else
+ i = (int)BIO_write_filename(out, outfile);
+ if (!i) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (pubkey) {
+ EVP_PKEY *tpubkey;
+ tpubkey = X509_REQ_get_pubkey(req);
+ if (tpubkey == NULL) {
+ BIO_printf(bio_err, "Error getting public key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ PEM_write_bio_PUBKEY(out, tpubkey);
+ EVP_PKEY_free(tpubkey);
+ }
+
+ if (text) {
+ if (x509)
+ X509_print_ex(out, x509ss, nmflag, reqflag);
+ else
+ X509_REQ_print_ex(out, req, nmflag, reqflag);
+ }
+
+ if (subject) {
+ if (x509)
+ print_name(out, "subject=", X509_get_subject_name(x509ss),
+ nmflag);
+ else
+ print_name(out, "subject=", X509_REQ_get_subject_name(req),
+ nmflag);
+ }
+
+ if (modulus) {
+ EVP_PKEY *tpubkey;
+
+ if (x509)
+ tpubkey = X509_get_pubkey(x509ss);
+ else
+ tpubkey = X509_REQ_get_pubkey(req);
+ if (tpubkey == NULL) {
+ fprintf(stdout, "Modulus=unavailable\n");
+ goto end;
+ }
+ fprintf(stdout, "Modulus=");
+#ifndef OPENSSL_NO_RSA
+ if (tpubkey->type == EVP_PKEY_RSA)
+ BN_print(out, tpubkey->pkey.rsa->n);
+ else
+#endif
+ fprintf(stdout, "Wrong Algorithm type");
+ EVP_PKEY_free(tpubkey);
+ fprintf(stdout, "\n");
+ }
+
+ if (!noout && !x509) {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_X509_REQ_bio(out, req);
+ else if (outformat == FORMAT_PEM) {
+ if (newhdr)
+ i = PEM_write_bio_X509_REQ_NEW(out, req);
+ else
+ i = PEM_write_bio_X509_REQ(out, req);
+ } else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write X509 request\n");
+ goto end;
+ }
+ }
+ if (!noout && x509 && (x509ss != NULL)) {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_X509_bio(out, x509ss);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_X509(out, x509ss);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write X509 certificate\n");
+ goto end;
+ }
+ }
+ ex = 0;
+ end:
+#ifndef MONOLITH
+ if (to_free)
+ OPENSSL_free(to_free);
+#endif
+ if (ex) {
+ ERR_print_errors(bio_err);
+ }
+ if ((req_conf != NULL) && (req_conf != config))
+ NCONF_free(req_conf);
+ BIO_free(in);
+ BIO_free_all(out);
+ EVP_PKEY_free(pkey);
+ X509_REQ_free(req);
+ X509_free(x509ss);
+ ASN1_INTEGER_free(serial);
+ if (passargin && passin)
+ OPENSSL_free(passin);
+ if (passargout && passout)
+ OPENSSL_free(passout);
+ OBJ_cleanup();
+#ifndef OPENSSL_NO_DSA
+ if (dsa_params != NULL)
+ DSA_free(dsa_params);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (ec_params != NULL)
+ EC_KEY_free(ec_params);
+#endif
+ apps_shutdown();
+ OPENSSL_EXIT(ex);
+}
+
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
+ int attribs, unsigned long chtype)
+{
+ int ret = 0, i;
+ char no_prompt = 0;
+ STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
+ char *tmp, *dn_sect, *attr_sect;
+
+ tmp = NCONF_get_string(req_conf, SECTION, PROMPT);
+ if (tmp == NULL)
+ ERR_clear_error();
+ if ((tmp != NULL) && !strcmp(tmp, "no"))
+ no_prompt = 1;
+
+ dn_sect = NCONF_get_string(req_conf, SECTION, DISTINGUISHED_NAME);
+ if (dn_sect == NULL) {
+ BIO_printf(bio_err, "unable to find '%s' in config\n",
+ DISTINGUISHED_NAME);
+ goto err;
+ }
+ dn_sk = NCONF_get_section(req_conf, dn_sect);
+ if (dn_sk == NULL) {
+ BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect);
+ goto err;
+ }
+
+ attr_sect = NCONF_get_string(req_conf, SECTION, ATTRIBUTES);
+ if (attr_sect == NULL) {
+ ERR_clear_error();
+ attr_sk = NULL;
+ } else {
+ attr_sk = NCONF_get_section(req_conf, attr_sect);
+ if (attr_sk == NULL) {
+ BIO_printf(bio_err, "unable to get '%s' section\n", attr_sect);
+ goto err;
+ }
+ }
+
+ /* setup version number */
+ if (!X509_REQ_set_version(req, 0L))
+ goto err; /* version 1 */
+
+ if (no_prompt)
+ i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
+ else {
+ if (subj)
+ i = build_subject(req, subj, chtype, multirdn);
+ else
+ i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs,
+ chtype);
+ }
+ if (!i)
+ goto err;
+
+ if (!X509_REQ_set_pubkey(req, pkey))
+ goto err;
+
+ ret = 1;
+ err:
+ return (ret);
+}
+
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+static int build_subject(X509_REQ *req, char *subject, unsigned long chtype,
+ int multirdn)
+{
+ X509_NAME *n;
+
+ if (!(n = parse_name(subject, chtype, multirdn)))
+ return 0;
+
+ if (!X509_REQ_set_subject_name(req, n)) {
+ X509_NAME_free(n);
+ return 0;
+ }
+ X509_NAME_free(n);
+ return 1;
+}
+
+static int prompt_info(X509_REQ *req,
+ STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
+ STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect,
+ int attribs, unsigned long chtype)
+{
+ int i;
+ char *p, *q;
+ char buf[100];
+ int nid, mval;
+ long n_min, n_max;
+ char *type, *value;
+ const char *def;
+ CONF_VALUE *v;
+ X509_NAME *subj;
+ subj = X509_REQ_get_subject_name(req);
+
+ if (!batch) {
+ BIO_printf(bio_err,
+ "You are about to be asked to enter information that will be incorporated\n");
+ BIO_printf(bio_err, "into your certificate request.\n");
+ BIO_printf(bio_err,
+ "What you are about to enter is what is called a Distinguished Name or a DN.\n");
+ BIO_printf(bio_err,
+ "There are quite a few fields but you can leave some blank\n");
+ BIO_printf(bio_err,
+ "For some fields there will be a default value,\n");
+ BIO_printf(bio_err,
+ "If you enter '.', the field will be left blank.\n");
+ BIO_printf(bio_err, "-----\n");
+ }
+
+ if (sk_CONF_VALUE_num(dn_sk)) {
+ i = -1;
+ start:for (;;) {
+ i++;
+ if (sk_CONF_VALUE_num(dn_sk) <= i)
+ break;
+
+ v = sk_CONF_VALUE_value(dn_sk, i);
+ p = q = NULL;
+ type = v->name;
+ if (!check_end(type, "_min") || !check_end(type, "_max") ||
+ !check_end(type, "_default") || !check_end(type, "_value"))
+ continue;
+ /*
+ * Skip past any leading X. X: X, etc to allow for multiple
+ * instances
+ */
+ for (p = v->name; *p; p++)
+ if ((*p == ':') || (*p == ',') || (*p == '.')) {
+ p++;
+ if (*p)
+ type = p;
+ break;
+ }
+ if (*type == '+') {
+ mval = -1;
+ type++;
+ } else
+ mval = 0;
+ /* If OBJ not recognised ignore it */
+ if ((nid = OBJ_txt2nid(type)) == NID_undef)
+ goto start;
+ if (BIO_snprintf(buf, sizeof buf, "%s_default", v->name)
+ >= (int)sizeof(buf)) {
+ BIO_printf(bio_err, "Name '%s' too long\n", v->name);
+ return 0;
+ }
+
+ if ((def = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
+ ERR_clear_error();
+ def = "";
+ }
+
+ BIO_snprintf(buf, sizeof buf, "%s_value", v->name);
+ if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
+ ERR_clear_error();
+ value = NULL;
+ }
+
+ BIO_snprintf(buf, sizeof buf, "%s_min", v->name);
+ if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
+ ERR_clear_error();
+ n_min = -1;
+ }
+
+ BIO_snprintf(buf, sizeof buf, "%s_max", v->name);
+ if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
+ ERR_clear_error();
+ n_max = -1;
+ }
+
+ if (!add_DN_object(subj, v->value, def, value, nid,
+ n_min, n_max, chtype, mval))
+ return 0;
+ }
+ if (X509_NAME_entry_count(subj) == 0) {
+ BIO_printf(bio_err,
+ "error, no objects specified in config file\n");
+ return 0;
+ }
+
+ if (attribs) {
+ if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0)
+ && (!batch)) {
+ BIO_printf(bio_err,
+ "\nPlease enter the following 'extra' attributes\n");
+ BIO_printf(bio_err,
+ "to be sent with your certificate request\n");
+ }
+
+ i = -1;
+ start2: for (;;) {
+ i++;
+ if ((attr_sk == NULL) || (sk_CONF_VALUE_num(attr_sk) <= i))
+ break;
+
+ v = sk_CONF_VALUE_value(attr_sk, i);
+ type = v->name;
+ if ((nid = OBJ_txt2nid(type)) == NID_undef)
+ goto start2;
+
+ if (BIO_snprintf(buf, sizeof buf, "%s_default", type)
+ >= (int)sizeof(buf)) {
+ BIO_printf(bio_err, "Name '%s' too long\n", v->name);
+ return 0;
+ }
+
+ if ((def = NCONF_get_string(req_conf, attr_sect, buf))
+ == NULL) {
+ ERR_clear_error();
+ def = "";
+ }
+
+ BIO_snprintf(buf, sizeof buf, "%s_value", type);
+ if ((value = NCONF_get_string(req_conf, attr_sect, buf))
+ == NULL) {
+ ERR_clear_error();
+ value = NULL;
+ }
+
+ BIO_snprintf(buf, sizeof buf, "%s_min", type);
+ if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
+ ERR_clear_error();
+ n_min = -1;
+ }
+
+ BIO_snprintf(buf, sizeof buf, "%s_max", type);
+ if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
+ ERR_clear_error();
+ n_max = -1;
+ }
+
+ if (!add_attribute_object(req,
+ v->value, def, value, nid, n_min,
+ n_max, chtype))
+ return 0;
+ }
+ }
+ } else {
+ BIO_printf(bio_err, "No template, please set one up.\n");
+ return 0;
+ }
+
+ return 1;
+
+}
+
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
+ STACK_OF(CONF_VALUE) *attr_sk, int attribs,
+ unsigned long chtype)
+{
+ int i;
+ char *p, *q;
+ char *type;
+ CONF_VALUE *v;
+ X509_NAME *subj;
+
+ subj = X509_REQ_get_subject_name(req);
+
+ for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
+ int mval;
+ v = sk_CONF_VALUE_value(dn_sk, i);
+ p = q = NULL;
+ type = v->name;
+ /*
+ * Skip past any leading X. X: X, etc to allow for multiple instances
+ */
+ for (p = v->name; *p; p++)
+#ifndef CHARSET_EBCDIC
+ if ((*p == ':') || (*p == ',') || (*p == '.')) {
+#else
+ if ((*p == os_toascii[':']) || (*p == os_toascii[','])
+ || (*p == os_toascii['.'])) {
+#endif
+ p++;
+ if (*p)
+ type = p;
+ break;
+ }
+#ifndef CHARSET_EBCDIC
+ if (*p == '+')
+#else
+ if (*p == os_toascii['+'])
+#endif
+ {
+ p++;
+ mval = -1;
+ } else
+ mval = 0;
+ if (!X509_NAME_add_entry_by_txt(subj, type, chtype,
+ (unsigned char *)v->value, -1, -1,
+ mval))
+ return 0;
+
+ }
+
+ if (!X509_NAME_entry_count(subj)) {
+ BIO_printf(bio_err, "error, no objects specified in config file\n");
+ return 0;
+ }
+ if (attribs) {
+ for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) {
+ v = sk_CONF_VALUE_value(attr_sk, i);
+ if (!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
+ (unsigned char *)v->value, -1))
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static int add_DN_object(X509_NAME *n, char *text, const char *def,
+ char *value, int nid, int n_min, int n_max,
+ unsigned long chtype, int mval)
+{
+ int i, ret = 0;
+ MS_STATIC char buf[1024];
+ start:
+ if (!batch)
+ BIO_printf(bio_err, "%s [%s]:", text, def);
+ (void)BIO_flush(bio_err);
+ if (value != NULL) {
+ BUF_strlcpy(buf, value, sizeof buf);
+ BUF_strlcat(buf, "\n", sizeof buf);
+ BIO_printf(bio_err, "%s\n", value);
+ } else {
+ buf[0] = '\0';
+ if (!batch) {
+ if (!fgets(buf, sizeof buf, stdin))
+ return 0;
+ } else {
+ buf[0] = '\n';
+ buf[1] = '\0';
+ }
+ }
+
+ if (buf[0] == '\0')
+ return (0);
+ else if (buf[0] == '\n') {
+ if ((def == NULL) || (def[0] == '\0'))
+ return (1);
+ BUF_strlcpy(buf, def, sizeof buf);
+ BUF_strlcat(buf, "\n", sizeof buf);
+ } else if ((buf[0] == '.') && (buf[1] == '\n'))
+ return (1);
+
+ i = strlen(buf);
+ if (buf[i - 1] != '\n') {
+ BIO_printf(bio_err, "weird input :-(\n");
+ return (0);
+ }
+ buf[--i] = '\0';
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(buf, buf, i);
+#endif
+ if (!req_check_len(i, n_min, n_max)) {
+ if (batch || value)
+ return 0;
+ goto start;
+ }
+
+ if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+ (unsigned char *)buf, -1, -1, mval))
+ goto err;
+ ret = 1;
+ err:
+ return (ret);
+}
+
+static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+ char *value, int nid, int n_min,
+ int n_max, unsigned long chtype)
+{
+ int i;
+ static char buf[1024];
+
+ start:
+ if (!batch)
+ BIO_printf(bio_err, "%s [%s]:", text, def);
+ (void)BIO_flush(bio_err);
+ if (value != NULL) {
+ BUF_strlcpy(buf, value, sizeof buf);
+ BUF_strlcat(buf, "\n", sizeof buf);
+ BIO_printf(bio_err, "%s\n", value);
+ } else {
+ buf[0] = '\0';
+ if (!batch) {
+ if (!fgets(buf, sizeof buf, stdin))
+ return 0;
+ } else {
+ buf[0] = '\n';
+ buf[1] = '\0';
+ }
+ }
+
+ if (buf[0] == '\0')
+ return (0);
+ else if (buf[0] == '\n') {
+ if ((def == NULL) || (def[0] == '\0'))
+ return (1);
+ BUF_strlcpy(buf, def, sizeof buf);
+ BUF_strlcat(buf, "\n", sizeof buf);
+ } else if ((buf[0] == '.') && (buf[1] == '\n'))
+ return (1);
+
+ i = strlen(buf);
+ if (buf[i - 1] != '\n') {
+ BIO_printf(bio_err, "weird input :-(\n");
+ return (0);
+ }
+ buf[--i] = '\0';
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(buf, buf, i);
+#endif
+ if (!req_check_len(i, n_min, n_max)) {
+ if (batch || value)
+ return 0;
+ goto start;
+ }
+
+ if (!X509_REQ_add1_attr_by_NID(req, nid, chtype,
+ (unsigned char *)buf, -1)) {
+ BIO_printf(bio_err, "Error adding attribute\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ return (1);
+ err:
+ return (0);
+}
+
+#ifndef OPENSSL_NO_RSA
+static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb)
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ BIO_write(cb->arg, &c, 1);
+ (void)BIO_flush(cb->arg);
+# ifdef LINT
+ p = n;
+# endif
+ return 1;
+}
+#endif
+
+static int req_check_len(int len, int n_min, int n_max)
+{
+ if ((n_min > 0) && (len < n_min)) {
+ BIO_printf(bio_err,
+ "string is too short, it needs to be at least %d bytes long\n",
+ n_min);
+ return (0);
+ }
+ if ((n_max >= 0) && (len > n_max)) {
+ BIO_printf(bio_err,
+ "string is too long, it needs to be less than %d bytes long\n",
+ n_max);
+ return (0);
+ }
+ return (1);
+}
+
+/* Check if the end of a string matches 'end' */
+static int check_end(const char *str, const char *end)
+{
+ int elen, slen;
+ const char *tmp;
+ elen = strlen(end);
+ slen = strlen(str);
+ if (elen > slen)
+ return 1;
+ tmp = str + slen - elen;
+ return strcmp(tmp, end);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/rsa.c
===================================================================
--- vendor-crypto/openssl/dist/apps/rsa.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/rsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,401 +0,0 @@
-/* apps/rsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_RSA
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/bn.h>
-
-#undef PROG
-#define PROG rsa_main
-
-/* -inform arg - input format - default PEM (one of DER, NET or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -des - encrypt output if PEM format with DES in cbc mode
- * -des3 - encrypt output if PEM format
- * -idea - encrypt output if PEM format
- * -seed - encrypt output if PEM format
- * -aes128 - encrypt output if PEM format
- * -aes192 - encrypt output if PEM format
- * -aes256 - encrypt output if PEM format
- * -camellia128 - encrypt output if PEM format
- * -camellia192 - encrypt output if PEM format
- * -camellia256 - encrypt output if PEM format
- * -text - print a text version
- * -modulus - print the RSA key modulus
- * -check - verify key consistency
- * -pubin - Expect a public key in input file.
- * -pubout - Output a public key.
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- int ret=1;
- RSA *rsa=NULL;
- int i,badops=0, sgckey=0;
- const EVP_CIPHER *enc=NULL;
- BIO *out=NULL;
- int informat,outformat,text=0,check=0,noout=0;
- int pubin = 0, pubout = 0;
- char *infile,*outfile,*prog;
- char *passargin = NULL, *passargout = NULL;
- char *passin = NULL, *passout = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- int modulus=0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-sgckey") == 0)
- sgckey=1;
- else if (strcmp(*argv,"-pubin") == 0)
- pubin=1;
- else if (strcmp(*argv,"-pubout") == 0)
- pubout=1;
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-modulus") == 0)
- modulus=1;
- else if (strcmp(*argv,"-check") == 0)
- check=1;
- else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -sgckey Use IIS SGC key format\n");
- BIO_printf(bio_err," -passin arg input file pass phrase source\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -passout arg output file pass phrase source\n");
- BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
- BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
-#endif
-#ifndef OPENSSL_NO_SEED
- BIO_printf(bio_err," -seed encrypt PEM output with cbc seed\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
-#endif
- BIO_printf(bio_err," -text print the key in text\n");
- BIO_printf(bio_err," -noout don't print key out\n");
- BIO_printf(bio_err," -modulus print the RSA key modulus\n");
- BIO_printf(bio_err," -check verify key consistency\n");
- BIO_printf(bio_err," -pubin expect a public key in input file\n");
- BIO_printf(bio_err," -pubout output a public key\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- goto end;
- }
-
- ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
- BIO_printf(bio_err, "Error getting passwords\n");
- goto end;
- }
-
- if(check && pubin) {
- BIO_printf(bio_err, "Only private keys can be checked\n");
- goto end;
- }
-
- out=BIO_new(BIO_s_file());
-
- {
- EVP_PKEY *pkey;
-
- if (pubin)
- pkey = load_pubkey(bio_err, infile,
- (informat == FORMAT_NETSCAPE && sgckey ?
- FORMAT_IISSGC : informat), 1,
- passin, e, "Public Key");
- else
- pkey = load_key(bio_err, infile,
- (informat == FORMAT_NETSCAPE && sgckey ?
- FORMAT_IISSGC : informat), 1,
- passin, e, "Private Key");
-
- if (pkey != NULL)
- rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
- EVP_PKEY_free(pkey);
- }
-
- if (rsa == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (text)
- if (!RSA_print(out,rsa,0))
- {
- perror(outfile);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (modulus)
- {
- BIO_printf(out,"Modulus=");
- BN_print(out,rsa->n);
- BIO_printf(out,"\n");
- }
-
- if (check)
- {
- int r = RSA_check_key(rsa);
-
- if (r == 1)
- BIO_printf(out,"RSA key ok\n");
- else if (r == 0)
- {
- unsigned long err;
-
- while ((err = ERR_peek_error()) != 0 &&
- ERR_GET_LIB(err) == ERR_LIB_RSA &&
- ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
- ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
- {
- BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
- ERR_get_error(); /* remove e from error stack */
- }
- }
-
- if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (noout)
- {
- ret = 0;
- goto end;
- }
- BIO_printf(bio_err,"writing RSA key\n");
- if (outformat == FORMAT_ASN1) {
- if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
- else i=i2d_RSAPrivateKey_bio(out,rsa);
- }
-#ifndef OPENSSL_NO_RC4
- else if (outformat == FORMAT_NETSCAPE)
- {
- unsigned char *p,*pp;
- int size;
-
- i=1;
- size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
- if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto end;
- }
- pp=p;
- i2d_RSA_NET(rsa,&p,NULL, sgckey);
- BIO_write(out,(char *)pp,size);
- OPENSSL_free(pp);
- }
-#endif
- else if (outformat == FORMAT_PEM) {
- if(pubout || pubin)
- i=PEM_write_bio_RSA_PUBKEY(out,rsa);
- else i=PEM_write_bio_RSAPrivateKey(out,rsa,
- enc,NULL,0,NULL,passout);
- } else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write key\n");
- ERR_print_errors(bio_err);
- }
- else
- ret=0;
-end:
- if(out != NULL) BIO_free_all(out);
- if(rsa != NULL) RSA_free(rsa);
- if(passin) OPENSSL_free(passin);
- if(passout) OPENSSL_free(passout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/rsa.c (from rev 6976, vendor-crypto/openssl/dist/apps/rsa.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/rsa.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/rsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,399 @@
+/* apps/rsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_RSA
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <time.h>
+# include "apps.h"
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/rsa.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/bn.h>
+
+# undef PROG
+# define PROG rsa_main
+
+/*-
+ * -inform arg - input format - default PEM (one of DER, NET or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ * -des - encrypt output if PEM format with DES in cbc mode
+ * -des3 - encrypt output if PEM format
+ * -idea - encrypt output if PEM format
+ * -seed - encrypt output if PEM format
+ * -aes128 - encrypt output if PEM format
+ * -aes192 - encrypt output if PEM format
+ * -aes256 - encrypt output if PEM format
+ * -camellia128 - encrypt output if PEM format
+ * -camellia192 - encrypt output if PEM format
+ * -camellia256 - encrypt output if PEM format
+ * -text - print a text version
+ * -modulus - print the RSA key modulus
+ * -check - verify key consistency
+ * -pubin - Expect a public key in input file.
+ * -pubout - Output a public key.
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ int ret = 1;
+ RSA *rsa = NULL;
+ int i, badops = 0, sgckey = 0;
+ const EVP_CIPHER *enc = NULL;
+ BIO *out = NULL;
+ int informat, outformat, text = 0, check = 0, noout = 0;
+ int pubin = 0, pubout = 0;
+ char *infile, *outfile, *prog;
+ char *passargin = NULL, *passargout = NULL;
+ char *passin = NULL, *passout = NULL;
+# ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+# endif
+ int modulus = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ infile = NULL;
+ outfile = NULL;
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-passout") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargout = *(++argv);
+ }
+# ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+# endif
+ else if (strcmp(*argv, "-sgckey") == 0)
+ sgckey = 1;
+ else if (strcmp(*argv, "-pubin") == 0)
+ pubin = 1;
+ else if (strcmp(*argv, "-pubout") == 0)
+ pubout = 1;
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-text") == 0)
+ text = 1;
+ else if (strcmp(*argv, "-modulus") == 0)
+ modulus = 1;
+ else if (strcmp(*argv, "-check") == 0)
+ check = 1;
+ else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err,
+ " -inform arg input format - one of DER NET PEM\n");
+ BIO_printf(bio_err,
+ " -outform arg output format - one of DER NET PEM\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -sgckey Use IIS SGC key format\n");
+ BIO_printf(bio_err,
+ " -passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err,
+ " -passout arg output file pass phrase source\n");
+ BIO_printf(bio_err,
+ " -des encrypt PEM output with cbc des\n");
+ BIO_printf(bio_err,
+ " -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
+# ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err,
+ " -idea encrypt PEM output with cbc idea\n");
+# endif
+# ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err,
+ " -seed encrypt PEM output with cbc seed\n");
+# endif
+# ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc aes\n");
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc camellia\n");
+# endif
+ BIO_printf(bio_err, " -text print the key in text\n");
+ BIO_printf(bio_err, " -noout don't print key out\n");
+ BIO_printf(bio_err, " -modulus print the RSA key modulus\n");
+ BIO_printf(bio_err, " -check verify key consistency\n");
+ BIO_printf(bio_err,
+ " -pubin expect a public key in input file\n");
+ BIO_printf(bio_err, " -pubout output a public key\n");
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine e use engine e, possibly a hardware device.\n");
+# endif
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+
+# ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+# endif
+
+ if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+ BIO_printf(bio_err, "Error getting passwords\n");
+ goto end;
+ }
+
+ if (check && pubin) {
+ BIO_printf(bio_err, "Only private keys can be checked\n");
+ goto end;
+ }
+
+ out = BIO_new(BIO_s_file());
+
+ {
+ EVP_PKEY *pkey;
+
+ if (pubin)
+ pkey = load_pubkey(bio_err, infile,
+ (informat == FORMAT_NETSCAPE && sgckey ?
+ FORMAT_IISSGC : informat), 1,
+ passin, e, "Public Key");
+ else
+ pkey = load_key(bio_err, infile,
+ (informat == FORMAT_NETSCAPE && sgckey ?
+ FORMAT_IISSGC : informat), 1,
+ passin, e, "Private Key");
+
+ if (pkey != NULL)
+ rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
+ EVP_PKEY_free(pkey);
+ }
+
+ if (rsa == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+
+ if (text)
+ if (!RSA_print(out, rsa, 0)) {
+ perror(outfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (modulus) {
+ BIO_printf(out, "Modulus=");
+ BN_print(out, rsa->n);
+ BIO_printf(out, "\n");
+ }
+
+ if (check) {
+ int r = RSA_check_key(rsa);
+
+ if (r == 1)
+ BIO_printf(out, "RSA key ok\n");
+ else if (r == 0) {
+ unsigned long err;
+
+ while ((err = ERR_peek_error()) != 0 &&
+ ERR_GET_LIB(err) == ERR_LIB_RSA &&
+ ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
+ ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
+ BIO_printf(out, "RSA key error: %s\n",
+ ERR_reason_error_string(err));
+ ERR_get_error(); /* remove e from error stack */
+ }
+ }
+
+ if (r == -1 || ERR_peek_error() != 0) { /* should happen only if r ==
+ * -1 */
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (noout) {
+ ret = 0;
+ goto end;
+ }
+ BIO_printf(bio_err, "writing RSA key\n");
+ if (outformat == FORMAT_ASN1) {
+ if (pubout || pubin)
+ i = i2d_RSA_PUBKEY_bio(out, rsa);
+ else
+ i = i2d_RSAPrivateKey_bio(out, rsa);
+ }
+# ifndef OPENSSL_NO_RC4
+ else if (outformat == FORMAT_NETSCAPE) {
+ unsigned char *p, *pp;
+ int size;
+
+ i = 1;
+ size = i2d_RSA_NET(rsa, NULL, NULL, sgckey);
+ if ((p = (unsigned char *)OPENSSL_malloc(size)) == NULL) {
+ BIO_printf(bio_err, "Memory allocation failure\n");
+ goto end;
+ }
+ pp = p;
+ i2d_RSA_NET(rsa, &p, NULL, sgckey);
+ BIO_write(out, (char *)pp, size);
+ OPENSSL_free(pp);
+ }
+# endif
+ else if (outformat == FORMAT_PEM) {
+ if (pubout || pubin)
+ i = PEM_write_bio_RSA_PUBKEY(out, rsa);
+ else
+ i = PEM_write_bio_RSAPrivateKey(out, rsa,
+ enc, NULL, 0, NULL, passout);
+ } else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write key\n");
+ ERR_print_errors(bio_err);
+ } else
+ ret = 0;
+ end:
+ if (out != NULL)
+ BIO_free_all(out);
+ if (rsa != NULL)
+ RSA_free(rsa);
+ if (passin)
+ OPENSSL_free(passin);
+ if (passout)
+ OPENSSL_free(passout);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+#else /* !OPENSSL_NO_RSA */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/rsautl.c
===================================================================
--- vendor-crypto/openssl/dist/apps/rsautl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/rsautl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,345 +0,0 @@
-/* rsautl.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_RSA
-
-#include "apps.h"
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/rsa.h>
-
-#define RSA_SIGN 1
-#define RSA_VERIFY 2
-#define RSA_ENCRYPT 3
-#define RSA_DECRYPT 4
-
-#define KEY_PRIVKEY 1
-#define KEY_PUBKEY 2
-#define KEY_CERT 3
-
-static void usage(void);
-
-#undef PROG
-
-#define PROG rsautl_main
-
-int MAIN(int argc, char **);
-
-int MAIN(int argc, char **argv)
-{
- ENGINE *e = NULL;
- BIO *in = NULL, *out = NULL;
- char *infile = NULL, *outfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine = NULL;
-#endif
- char *keyfile = NULL;
- char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
- int keyform = FORMAT_PEM;
- char need_priv = 0, badarg = 0, rev = 0;
- char hexdump = 0, asn1parse = 0;
- X509 *x;
- EVP_PKEY *pkey = NULL;
- RSA *rsa = NULL;
- unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
- char *passargin = NULL, *passin = NULL;
- int rsa_inlen, rsa_outlen = 0;
- int keysize;
-
- int ret = 1;
-
- argc--;
- argv++;
-
- if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
- pad = RSA_PKCS1_PADDING;
-
- while(argc >= 1)
- {
- if (!strcmp(*argv,"-in")) {
- if (--argc < 1)
- badarg = 1;
- else
- infile= *(++argv);
- } else if (!strcmp(*argv,"-out")) {
- if (--argc < 1)
- badarg = 1;
- else
- outfile= *(++argv);
- } else if(!strcmp(*argv, "-inkey")) {
- if (--argc < 1)
- badarg = 1;
- else
- keyfile = *(++argv);
- } else if (!strcmp(*argv,"-passin")) {
- if (--argc < 1)
- badarg = 1;
- else
- passargin= *(++argv);
- } else if (strcmp(*argv,"-keyform") == 0) {
- if (--argc < 1)
- badarg = 1;
- else
- keyform=str2fmt(*(++argv));
-#ifndef OPENSSL_NO_ENGINE
- } else if(!strcmp(*argv, "-engine")) {
- if (--argc < 1)
- badarg = 1;
- else
- engine = *(++argv);
-#endif
- } else if(!strcmp(*argv, "-pubin")) {
- key_type = KEY_PUBKEY;
- } else if(!strcmp(*argv, "-certin")) {
- key_type = KEY_CERT;
- }
- else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
- else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
- else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
- else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
- else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
- else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
- else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
- else if(!strcmp(*argv, "-sign")) {
- rsa_mode = RSA_SIGN;
- need_priv = 1;
- } else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
- else if(!strcmp(*argv, "-rev")) rev = 1;
- else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
- else if(!strcmp(*argv, "-decrypt")) {
- rsa_mode = RSA_DECRYPT;
- need_priv = 1;
- } else badarg = 1;
- if(badarg) {
- usage();
- goto end;
- }
- argc--;
- argv++;
- }
-
- if(need_priv && (key_type != KEY_PRIVKEY)) {
- BIO_printf(bio_err, "A private key is needed for this operation\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
- if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
-/* FIXME: seed PRNG only if needed */
- app_RAND_load_file(NULL, bio_err, 0);
-
- switch(key_type) {
- case KEY_PRIVKEY:
- pkey = load_key(bio_err, keyfile, keyform, 0,
- passin, e, "Private Key");
- break;
-
- case KEY_PUBKEY:
- pkey = load_pubkey(bio_err, keyfile, keyform, 0,
- NULL, e, "Public Key");
- break;
-
- case KEY_CERT:
- x = load_cert(bio_err, keyfile, keyform,
- NULL, e, "Certificate");
- if(x) {
- pkey = X509_get_pubkey(x);
- X509_free(x);
- }
- break;
- }
-
- if(!pkey) {
- return 1;
- }
-
- rsa = EVP_PKEY_get1_RSA(pkey);
- EVP_PKEY_free(pkey);
-
- if(!rsa) {
- BIO_printf(bio_err, "Error getting RSA key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
-
- if(infile) {
- if(!(in = BIO_new_file(infile, "rb"))) {
- BIO_printf(bio_err, "Error Reading Input File\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- } else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
- if(outfile) {
- if(!(out = BIO_new_file(outfile, "wb"))) {
- BIO_printf(bio_err, "Error Reading Output File\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- } else {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
-
- keysize = RSA_size(rsa);
-
- rsa_in = OPENSSL_malloc(keysize * 2);
- rsa_out = OPENSSL_malloc(keysize);
-
- /* Read the input data */
- rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
- if(rsa_inlen <= 0) {
- BIO_printf(bio_err, "Error reading input Data\n");
- exit(1);
- }
- if(rev) {
- int i;
- unsigned char ctmp;
- for(i = 0; i < rsa_inlen/2; i++) {
- ctmp = rsa_in[i];
- rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
- rsa_in[rsa_inlen - 1 - i] = ctmp;
- }
- }
- switch(rsa_mode) {
-
- case RSA_VERIFY:
- rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
- break;
-
- case RSA_SIGN:
- rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
- break;
-
- case RSA_ENCRYPT:
- rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
- break;
-
- case RSA_DECRYPT:
- rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
- break;
-
- }
-
- if(rsa_outlen <= 0) {
- BIO_printf(bio_err, "RSA operation error\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- ret = 0;
- if(asn1parse) {
- if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
- ERR_print_errors(bio_err);
- }
- } else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
- else BIO_write(out, rsa_out, rsa_outlen);
- end:
- RSA_free(rsa);
- BIO_free(in);
- BIO_free_all(out);
- if(rsa_in) OPENSSL_free(rsa_in);
- if(rsa_out) OPENSSL_free(rsa_out);
- if(passin) OPENSSL_free(passin);
- return ret;
-}
-
-static void usage()
-{
- BIO_printf(bio_err, "Usage: rsautl [options]\n");
- BIO_printf(bio_err, "-in file input file\n");
- BIO_printf(bio_err, "-out file output file\n");
- BIO_printf(bio_err, "-inkey file input key\n");
- BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
- BIO_printf(bio_err, "-pubin input is an RSA public\n");
- BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
- BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
- BIO_printf(bio_err, "-raw use no padding\n");
- BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n");
- BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");
- BIO_printf(bio_err, "-sign sign with private key\n");
- BIO_printf(bio_err, "-verify verify with public key\n");
- BIO_printf(bio_err, "-encrypt encrypt with public key\n");
- BIO_printf(bio_err, "-decrypt decrypt with private key\n");
- BIO_printf(bio_err, "-hexdump hex dump output\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
- BIO_printf (bio_err, "-passin arg pass phrase source\n");
-#endif
-
-}
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/rsautl.c (from rev 6976, vendor-crypto/openssl/dist/apps/rsautl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/rsautl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/rsautl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,364 @@
+/* rsautl.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_RSA
+
+# include "apps.h"
+# include <string.h>
+# include <openssl/err.h>
+# include <openssl/pem.h>
+# include <openssl/rsa.h>
+
+# define RSA_SIGN 1
+# define RSA_VERIFY 2
+# define RSA_ENCRYPT 3
+# define RSA_DECRYPT 4
+
+# define KEY_PRIVKEY 1
+# define KEY_PUBKEY 2
+# define KEY_CERT 3
+
+static void usage(void);
+
+# undef PROG
+
+# define PROG rsautl_main
+
+int MAIN(int argc, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ BIO *in = NULL, *out = NULL;
+ char *infile = NULL, *outfile = NULL;
+# ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+# endif
+ char *keyfile = NULL;
+ char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
+ int keyform = FORMAT_PEM;
+ char need_priv = 0, badarg = 0, rev = 0;
+ char hexdump = 0, asn1parse = 0;
+ X509 *x;
+ EVP_PKEY *pkey = NULL;
+ RSA *rsa = NULL;
+ unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
+ char *passargin = NULL, *passin = NULL;
+ int rsa_inlen, rsa_outlen = 0;
+ int keysize;
+
+ int ret = 1;
+
+ argc--;
+ argv++;
+
+ if (!bio_err)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ pad = RSA_PKCS1_PADDING;
+
+ while (argc >= 1) {
+ if (!strcmp(*argv, "-in")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ infile = *(++argv);
+ } else if (!strcmp(*argv, "-out")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ outfile = *(++argv);
+ } else if (!strcmp(*argv, "-inkey")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ keyfile = *(++argv);
+ } else if (!strcmp(*argv, "-passin")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ keyform = str2fmt(*(++argv));
+# ifndef OPENSSL_NO_ENGINE
+ } else if (!strcmp(*argv, "-engine")) {
+ if (--argc < 1)
+ badarg = 1;
+ else
+ engine = *(++argv);
+# endif
+ } else if (!strcmp(*argv, "-pubin")) {
+ key_type = KEY_PUBKEY;
+ } else if (!strcmp(*argv, "-certin")) {
+ key_type = KEY_CERT;
+ } else if (!strcmp(*argv, "-asn1parse"))
+ asn1parse = 1;
+ else if (!strcmp(*argv, "-hexdump"))
+ hexdump = 1;
+ else if (!strcmp(*argv, "-raw"))
+ pad = RSA_NO_PADDING;
+ else if (!strcmp(*argv, "-oaep"))
+ pad = RSA_PKCS1_OAEP_PADDING;
+ else if (!strcmp(*argv, "-ssl"))
+ pad = RSA_SSLV23_PADDING;
+ else if (!strcmp(*argv, "-pkcs"))
+ pad = RSA_PKCS1_PADDING;
+ else if (!strcmp(*argv, "-x931"))
+ pad = RSA_X931_PADDING;
+ else if (!strcmp(*argv, "-sign")) {
+ rsa_mode = RSA_SIGN;
+ need_priv = 1;
+ } else if (!strcmp(*argv, "-verify"))
+ rsa_mode = RSA_VERIFY;
+ else if (!strcmp(*argv, "-rev"))
+ rev = 1;
+ else if (!strcmp(*argv, "-encrypt"))
+ rsa_mode = RSA_ENCRYPT;
+ else if (!strcmp(*argv, "-decrypt")) {
+ rsa_mode = RSA_DECRYPT;
+ need_priv = 1;
+ } else
+ badarg = 1;
+ if (badarg) {
+ usage();
+ goto end;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (need_priv && (key_type != KEY_PRIVKEY)) {
+ BIO_printf(bio_err, "A private key is needed for this operation\n");
+ goto end;
+ }
+# ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+# endif
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+/* FIXME: seed PRNG only if needed */
+ app_RAND_load_file(NULL, bio_err, 0);
+
+ switch (key_type) {
+ case KEY_PRIVKEY:
+ pkey = load_key(bio_err, keyfile, keyform, 0,
+ passin, e, "Private Key");
+ break;
+
+ case KEY_PUBKEY:
+ pkey = load_pubkey(bio_err, keyfile, keyform, 0,
+ NULL, e, "Public Key");
+ break;
+
+ case KEY_CERT:
+ x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
+ if (x) {
+ pkey = X509_get_pubkey(x);
+ X509_free(x);
+ }
+ break;
+ }
+
+ if (!pkey) {
+ return 1;
+ }
+
+ rsa = EVP_PKEY_get1_RSA(pkey);
+ EVP_PKEY_free(pkey);
+
+ if (!rsa) {
+ BIO_printf(bio_err, "Error getting RSA key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile) {
+ if (!(in = BIO_new_file(infile, "rb"))) {
+ BIO_printf(bio_err, "Error Reading Input File\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, "wb"))) {
+ BIO_printf(bio_err, "Error Reading Output File\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+# ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+# endif
+ }
+
+ keysize = RSA_size(rsa);
+
+ rsa_in = OPENSSL_malloc(keysize * 2);
+ rsa_out = OPENSSL_malloc(keysize);
+
+ /* Read the input data */
+ rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
+ if (rsa_inlen <= 0) {
+ BIO_printf(bio_err, "Error reading input Data\n");
+ exit(1);
+ }
+ if (rev) {
+ int i;
+ unsigned char ctmp;
+ for (i = 0; i < rsa_inlen / 2; i++) {
+ ctmp = rsa_in[i];
+ rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
+ rsa_in[rsa_inlen - 1 - i] = ctmp;
+ }
+ }
+ switch (rsa_mode) {
+
+ case RSA_VERIFY:
+ rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ break;
+
+ case RSA_SIGN:
+ rsa_outlen =
+ RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ break;
+
+ case RSA_ENCRYPT:
+ rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ break;
+
+ case RSA_DECRYPT:
+ rsa_outlen =
+ RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+ break;
+
+ }
+
+ if (rsa_outlen <= 0) {
+ BIO_printf(bio_err, "RSA operation error\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret = 0;
+ if (asn1parse) {
+ if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
+ ERR_print_errors(bio_err);
+ }
+ } else if (hexdump)
+ BIO_dump(out, (char *)rsa_out, rsa_outlen);
+ else
+ BIO_write(out, rsa_out, rsa_outlen);
+ end:
+ RSA_free(rsa);
+ BIO_free(in);
+ BIO_free_all(out);
+ if (rsa_in)
+ OPENSSL_free(rsa_in);
+ if (rsa_out)
+ OPENSSL_free(rsa_out);
+ if (passin)
+ OPENSSL_free(passin);
+ return ret;
+}
+
+static void usage()
+{
+ BIO_printf(bio_err, "Usage: rsautl [options]\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err, "-inkey file input key\n");
+ BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
+ BIO_printf(bio_err, "-pubin input is an RSA public\n");
+ BIO_printf(bio_err,
+ "-certin input is a certificate carrying an RSA public key\n");
+ BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
+ BIO_printf(bio_err, "-raw use no padding\n");
+ BIO_printf(bio_err,
+ "-pkcs use PKCS#1 v1.5 padding (default)\n");
+ BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");
+ BIO_printf(bio_err, "-sign sign with private key\n");
+ BIO_printf(bio_err, "-verify verify with public key\n");
+ BIO_printf(bio_err, "-encrypt encrypt with public key\n");
+ BIO_printf(bio_err, "-decrypt decrypt with private key\n");
+ BIO_printf(bio_err, "-hexdump hex dump output\n");
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ "-engine e use engine e, possibly a hardware device.\n");
+ BIO_printf(bio_err, "-passin arg pass phrase source\n");
+# endif
+
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/s_apps.h
===================================================================
--- vendor-crypto/openssl/dist/apps/s_apps.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/s_apps.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,176 +0,0 @@
-/* apps/s_apps.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
-#include <sys/types.h>
-#endif
-#include <openssl/opensslconf.h>
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-#include <conio.h>
-#endif
-
-#ifdef OPENSSL_SYS_MSDOS
-#define _kbhit kbhit
-#endif
-
-#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
-/* VAX C does not defined fd_set and friends, but it's actually quite simple */
-/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
-#define MAX_NOFILE 32
-#define NBBY 8 /* number of bits in a byte */
-
-#ifndef FD_SETSIZE
-#define FD_SETSIZE MAX_NOFILE
-#endif /* FD_SETSIZE */
-
-/* How many things we'll allow select to use. 0 if unlimited */
-#define MAXSELFD MAX_NOFILE
-typedef int fd_mask; /* int here! VMS prototypes int, not long */
-#define NFDBITS (sizeof(fd_mask) * NBBY) /* bits per mask (power of 2!)*/
-#define NFDSHIFT 5 /* Shift based on above */
-
-typedef fd_mask fd_set;
-#define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS)))
-#define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS)))
-#define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS)))
-#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p)))
-#endif
-
-#define PORT 4433
-#define PORT_STR "4433"
-#define PROTOCOL "tcp"
-
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
-#ifdef HEADER_X509_H
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#endif
-#ifdef HEADER_SSL_H
-int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
-#endif
-int init_client(int *sock, char *server, int port, int type);
-int should_retry(int i);
-int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
-
-long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
- int argi, long argl, long ret);
-
-#ifdef HEADER_SSL_H
-void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
-void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
-void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
- unsigned char *data, int len,
- void *arg);
-#endif
-
-int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
-int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);
Copied: vendor-crypto/openssl/0.9.8zf/apps/s_apps.h (from rev 6976, vendor-crypto/openssl/dist/apps/s_apps.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/s_apps.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/s_apps.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,184 @@
+/* apps/s_apps.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* conflicts with winsock2 stuff on netware */
+#if !defined(OPENSSL_SYS_NETWARE)
+# include <sys/types.h>
+#endif
+#include <openssl/opensslconf.h>
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+# include <conio.h>
+#endif
+
+#ifdef OPENSSL_SYS_MSDOS
+# define _kbhit kbhit
+#endif
+
+#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
+/*
+ * VAX C does not defined fd_set and friends, but it's actually quite simple
+ */
+/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
+# define MAX_NOFILE 32
+# define NBBY 8 /* number of bits in a byte */
+
+# ifndef FD_SETSIZE
+# define FD_SETSIZE MAX_NOFILE
+# endif /* FD_SETSIZE */
+
+/* How many things we'll allow select to use. 0 if unlimited */
+# define MAXSELFD MAX_NOFILE
+typedef int fd_mask; /* int here! VMS prototypes int, not long */
+# define NFDBITS (sizeof(fd_mask) * NBBY)/* bits per mask (power of 2!) */
+# define NFDSHIFT 5 /* Shift based on above */
+
+typedef fd_mask fd_set;
+# define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS)))
+# define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS)))
+# define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS)))
+# define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p)))
+#endif
+
+#define PORT 4433
+#define PORT_STR "4433"
+#define PROTOCOL "tcp"
+
+int do_server(int port, int type, int *ret,
+ int (*cb) (char *hostname, int s, unsigned char *context),
+ unsigned char *context);
+#ifdef HEADER_X509_H
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+#endif
+#ifdef HEADER_SSL_H
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+#endif
+int init_client(int *sock, char *server, int port, int type);
+int should_retry(int i);
+int extract_port(char *str, short *port_ptr);
+int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+ short *p);
+
+long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
+ int argi, long argl, long ret);
+
+#ifdef HEADER_SSL_H
+void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg);
+void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
+ unsigned char *data, int len, void *arg);
+#endif
+
+int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len);
+int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
+ unsigned int cookie_len);
Deleted: vendor-crypto/openssl/0.9.8zf/apps/s_cb.c
===================================================================
--- vendor-crypto/openssl/dist/apps/s_cb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/s_cb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,757 +0,0 @@
-/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#define USE_SOCKETS
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
-#undef USE_SOCKETS
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include "s_apps.h"
-
-#define COOKIE_SECRET_LENGTH 16
-
-int verify_depth=0;
-int verify_error=X509_V_OK;
-unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
-int cookie_initialized=0;
-
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- char buf[256];
- X509 *err_cert;
- int err,depth;
-
- err_cert=X509_STORE_CTX_get_current_cert(ctx);
- err= X509_STORE_CTX_get_error(ctx);
- depth= X509_STORE_CTX_get_error_depth(ctx);
-
- X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
- BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
- if (!ok)
- {
- BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
- X509_verify_cert_error_string(err));
- if (verify_depth >= depth)
- {
- ok=1;
- verify_error=X509_V_OK;
- }
- else
- {
- ok=0;
- verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
- }
- }
- switch (ctx->error)
- {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
- BIO_printf(bio_err,"issuer= %s\n",buf);
- break;
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- BIO_printf(bio_err,"notBefore=");
- ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
- BIO_printf(bio_err,"\n");
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- BIO_printf(bio_err,"notAfter=");
- ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
- BIO_printf(bio_err,"\n");
- break;
- }
- BIO_printf(bio_err,"verify return:%d\n",ok);
- return(ok);
- }
-
-int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
- {
- if (cert_file != NULL)
- {
- /*
- SSL *ssl;
- X509 *x509;
- */
-
- if (SSL_CTX_use_certificate_file(ctx,cert_file,
- SSL_FILETYPE_PEM) <= 0)
- {
- BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
- ERR_print_errors(bio_err);
- return(0);
- }
- if (key_file == NULL) key_file=cert_file;
- if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
- SSL_FILETYPE_PEM) <= 0)
- {
- BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
- ERR_print_errors(bio_err);
- return(0);
- }
-
- /*
- In theory this is no longer needed
- ssl=SSL_new(ctx);
- x509=SSL_get_certificate(ssl);
-
- if (x509 != NULL) {
- EVP_PKEY *pktmp;
- pktmp = X509_get_pubkey(x509);
- EVP_PKEY_copy_parameters(pktmp,
- SSL_get_privatekey(ssl));
- EVP_PKEY_free(pktmp);
- }
- SSL_free(ssl);
- */
-
- /* If we are using DSA, we can copy the parameters from
- * the private key */
-
-
- /* Now we know that a key and cert have been set against
- * the SSL context */
- if (!SSL_CTX_check_private_key(ctx))
- {
- BIO_printf(bio_err,"Private key does not match the certificate public key\n");
- return(0);
- }
- }
- return(1);
- }
-
-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
- {
- if (cert == NULL)
- return 1;
- if (SSL_CTX_use_certificate(ctx,cert) <= 0)
- {
- BIO_printf(bio_err,"error setting certificate\n");
- ERR_print_errors(bio_err);
- return 0;
- }
- if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
- {
- BIO_printf(bio_err,"error setting private key\n");
- ERR_print_errors(bio_err);
- return 0;
- }
-
-
- /* Now we know that a key and cert have been set against
- * the SSL context */
- if (!SSL_CTX_check_private_key(ctx))
- {
- BIO_printf(bio_err,"Private key does not match the certificate public key\n");
- return 0;
- }
- return 1;
- }
-
-long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
- int argi, long argl, long ret)
- {
- BIO *out;
-
- out=(BIO *)BIO_get_callback_arg(bio);
- if (out == NULL) return(ret);
-
- if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
- {
- BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n",
- (void *)bio,argp,argi,ret,ret);
- BIO_dump(out,argp,(int)ret);
- return(ret);
- }
- else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
- {
- BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n",
- (void *)bio,argp,argi,ret,ret);
- BIO_dump(out,argp,(int)ret);
- }
- return(ret);
- }
-
-void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
- {
- const char *str;
- int w;
-
- w=where& ~SSL_ST_MASK;
-
- if (w & SSL_ST_CONNECT) str="SSL_connect";
- else if (w & SSL_ST_ACCEPT) str="SSL_accept";
- else str="undefined";
-
- if (where & SSL_CB_LOOP)
- {
- BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
- }
- else if (where & SSL_CB_ALERT)
- {
- str=(where & SSL_CB_READ)?"read":"write";
- BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
- str,
- SSL_alert_type_string_long(ret),
- SSL_alert_desc_string_long(ret));
- }
- else if (where & SSL_CB_EXIT)
- {
- if (ret == 0)
- BIO_printf(bio_err,"%s:failed in %s\n",
- str,SSL_state_string_long(s));
- else if (ret < 0)
- {
- BIO_printf(bio_err,"%s:error in %s\n",
- str,SSL_state_string_long(s));
- }
- }
- }
-
-
-void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
- {
- BIO *bio = arg;
- const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
-
- str_write_p = write_p ? ">>>" : "<<<";
-
- switch (version)
- {
- case SSL2_VERSION:
- str_version = "SSL 2.0";
- break;
- case SSL3_VERSION:
- str_version = "SSL 3.0 ";
- break;
- case TLS1_VERSION:
- str_version = "TLS 1.0 ";
- break;
- default:
- str_version = "???";
- case DTLS1_VERSION:
- str_version = "DTLS 1.0 ";
- break;
- case DTLS1_BAD_VER:
- str_version = "DTLS 1.0 (bad) ";
- break;
- }
-
- if (version == SSL2_VERSION)
- {
- str_details1 = "???";
-
- if (len > 0)
- {
- switch (((const unsigned char*)buf)[0])
- {
- case 0:
- str_details1 = ", ERROR:";
- str_details2 = " ???";
- if (len >= 3)
- {
- unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
-
- switch (err)
- {
- case 0x0001:
- str_details2 = " NO-CIPHER-ERROR";
- break;
- case 0x0002:
- str_details2 = " NO-CERTIFICATE-ERROR";
- break;
- case 0x0004:
- str_details2 = " BAD-CERTIFICATE-ERROR";
- break;
- case 0x0006:
- str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
- break;
- }
- }
-
- break;
- case 1:
- str_details1 = ", CLIENT-HELLO";
- break;
- case 2:
- str_details1 = ", CLIENT-MASTER-KEY";
- break;
- case 3:
- str_details1 = ", CLIENT-FINISHED";
- break;
- case 4:
- str_details1 = ", SERVER-HELLO";
- break;
- case 5:
- str_details1 = ", SERVER-VERIFY";
- break;
- case 6:
- str_details1 = ", SERVER-FINISHED";
- break;
- case 7:
- str_details1 = ", REQUEST-CERTIFICATE";
- break;
- case 8:
- str_details1 = ", CLIENT-CERTIFICATE";
- break;
- }
- }
- }
-
- if (version == SSL3_VERSION ||
- version == TLS1_VERSION ||
- version == DTLS1_VERSION ||
- version == DTLS1_BAD_VER)
- {
- switch (content_type)
- {
- case 20:
- str_content_type = "ChangeCipherSpec";
- break;
- case 21:
- str_content_type = "Alert";
- break;
- case 22:
- str_content_type = "Handshake";
- break;
- }
-
- if (content_type == 21) /* Alert */
- {
- str_details1 = ", ???";
-
- if (len == 2)
- {
- switch (((const unsigned char*)buf)[0])
- {
- case 1:
- str_details1 = ", warning";
- break;
- case 2:
- str_details1 = ", fatal";
- break;
- }
-
- str_details2 = " ???";
- switch (((const unsigned char*)buf)[1])
- {
- case 0:
- str_details2 = " close_notify";
- break;
- case 10:
- str_details2 = " unexpected_message";
- break;
- case 20:
- str_details2 = " bad_record_mac";
- break;
- case 21:
- str_details2 = " decryption_failed";
- break;
- case 22:
- str_details2 = " record_overflow";
- break;
- case 30:
- str_details2 = " decompression_failure";
- break;
- case 40:
- str_details2 = " handshake_failure";
- break;
- case 42:
- str_details2 = " bad_certificate";
- break;
- case 43:
- str_details2 = " unsupported_certificate";
- break;
- case 44:
- str_details2 = " certificate_revoked";
- break;
- case 45:
- str_details2 = " certificate_expired";
- break;
- case 46:
- str_details2 = " certificate_unknown";
- break;
- case 47:
- str_details2 = " illegal_parameter";
- break;
- case 48:
- str_details2 = " unknown_ca";
- break;
- case 49:
- str_details2 = " access_denied";
- break;
- case 50:
- str_details2 = " decode_error";
- break;
- case 51:
- str_details2 = " decrypt_error";
- break;
- case 60:
- str_details2 = " export_restriction";
- break;
- case 70:
- str_details2 = " protocol_version";
- break;
- case 71:
- str_details2 = " insufficient_security";
- break;
- case 80:
- str_details2 = " internal_error";
- break;
- case 90:
- str_details2 = " user_canceled";
- break;
- case 100:
- str_details2 = " no_renegotiation";
- break;
- case 110:
- str_details2 = " unsupported_extension";
- break;
- case 111:
- str_details2 = " certificate_unobtainable";
- break;
- case 112:
- str_details2 = " unrecognized_name";
- break;
- case 113:
- str_details2 = " bad_certificate_status_response";
- break;
- case 114:
- str_details2 = " bad_certificate_hash_value";
- break;
- case 115:
- str_details2 = " unknown_psk_identity";
- break;
- }
- }
- }
-
- if (content_type == 22) /* Handshake */
- {
- str_details1 = "???";
-
- if (len > 0)
- {
- switch (((const unsigned char*)buf)[0])
- {
- case 0:
- str_details1 = ", HelloRequest";
- break;
- case 1:
- str_details1 = ", ClientHello";
- break;
- case 2:
- str_details1 = ", ServerHello";
- break;
- case 11:
- str_details1 = ", Certificate";
- break;
- case 12:
- str_details1 = ", ServerKeyExchange";
- break;
- case 13:
- str_details1 = ", CertificateRequest";
- break;
- case 14:
- str_details1 = ", ServerHelloDone";
- break;
- case 15:
- str_details1 = ", CertificateVerify";
- break;
- case 3:
- str_details1 = ", HelloVerifyRequest";
- break;
- case 16:
- str_details1 = ", ClientKeyExchange";
- break;
- case 20:
- str_details1 = ", Finished";
- break;
- }
- }
- }
- }
-
- BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
-
- if (len > 0)
- {
- size_t num, i;
-
- BIO_printf(bio, " ");
- num = len;
-#if 0
- if (num > 16)
- num = 16;
-#endif
- for (i = 0; i < num; i++)
- {
- if (i % 16 == 0 && i > 0)
- BIO_printf(bio, "\n ");
- BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
- }
- if (i < len)
- BIO_printf(bio, " ...");
- BIO_printf(bio, "\n");
- }
- (void)BIO_flush(bio);
- }
-
-void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
- unsigned char *data, int len,
- void *arg)
- {
- BIO *bio = arg;
- char *extname;
-
- switch(type)
- {
- case TLSEXT_TYPE_server_name:
- extname = "server name";
- break;
-
- case TLSEXT_TYPE_max_fragment_length:
- extname = "max fragment length";
- break;
-
- case TLSEXT_TYPE_client_certificate_url:
- extname = "client certificate URL";
- break;
-
- case TLSEXT_TYPE_trusted_ca_keys:
- extname = "trusted CA keys";
- break;
-
- case TLSEXT_TYPE_truncated_hmac:
- extname = "truncated HMAC";
- break;
-
- case TLSEXT_TYPE_status_request:
- extname = "status request";
- break;
-
- case TLSEXT_TYPE_elliptic_curves:
- extname = "elliptic curves";
- break;
-
- case TLSEXT_TYPE_ec_point_formats:
- extname = "EC point formats";
- break;
-
- case TLSEXT_TYPE_session_ticket:
- extname = "server ticket";
- break;
-
- case TLSEXT_TYPE_renegotiate:
- extname = "renegotiate";
- break;
-
- default:
- extname = "unknown";
- break;
-
- }
-
- BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
- client_server ? "server": "client",
- extname, type, len);
- BIO_dump(bio, (char *)data, len);
- (void)BIO_flush(bio);
- }
-
-int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
- {
- unsigned char *buffer, result[EVP_MAX_MD_SIZE];
- unsigned int length, resultlength;
- struct sockaddr_in peer;
-
- /* Initialize a random secret */
- if (!cookie_initialized)
- {
- if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
- {
- BIO_printf(bio_err,"error setting random cookie secret\n");
- return 0;
- }
- cookie_initialized = 1;
- }
-
- /* Read peer information */
- (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
-
- /* Create buffer with peer's address and port */
- length = sizeof(peer.sin_addr);
- length += sizeof(peer.sin_port);
- buffer = OPENSSL_malloc(length);
-
- if (buffer == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
- return 0;
- }
-
- memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr));
- memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_port));
-
- /* Calculate HMAC of buffer using the secret */
- HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
- buffer, length, result, &resultlength);
- OPENSSL_free(buffer);
-
- memcpy(cookie, result, resultlength);
- *cookie_len = resultlength;
-
- return 1;
- }
-
-int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
- {
- unsigned char *buffer, result[EVP_MAX_MD_SIZE];
- unsigned int length, resultlength;
- struct sockaddr_in peer;
-
- /* If secret isn't initialized yet, the cookie can't be valid */
- if (!cookie_initialized)
- return 0;
-
- /* Read peer information */
- (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
-
- /* Create buffer with peer's address and port */
- length = sizeof(peer.sin_addr);
- length += sizeof(peer.sin_port);
- buffer = (unsigned char*) OPENSSL_malloc(length);
-
- if (buffer == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
- return 0;
- }
-
- memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr));
- memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port, sizeof(peer.sin_port));
-
- /* Calculate HMAC of buffer using the secret */
- HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
- buffer, length, result, &resultlength);
- OPENSSL_free(buffer);
-
- if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
- return 1;
-
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/s_cb.c (from rev 6976, vendor-crypto/openssl/dist/apps/s_cb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/s_cb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/s_cb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,733 @@
+/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#define USE_SOCKETS
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+#undef USE_SOCKETS
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include "s_apps.h"
+
+#define COOKIE_SECRET_LENGTH 16
+
+int verify_depth = 0;
+int verify_error = X509_V_OK;
+unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
+int cookie_initialized = 0;
+
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+ char buf[256];
+ X509 *err_cert;
+ int err, depth;
+
+ err_cert = X509_STORE_CTX_get_current_cert(ctx);
+ err = X509_STORE_CTX_get_error(ctx);
+ depth = X509_STORE_CTX_get_error_depth(ctx);
+
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf);
+ BIO_printf(bio_err, "depth=%d %s\n", depth, buf);
+ if (!ok) {
+ BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
+ X509_verify_cert_error_string(err));
+ if (verify_depth >= depth) {
+ ok = 1;
+ verify_error = X509_V_OK;
+ } else {
+ ok = 0;
+ verify_error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+ }
+ }
+ switch (ctx->error) {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+ X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf,
+ sizeof buf);
+ BIO_printf(bio_err, "issuer= %s\n", buf);
+ break;
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+ BIO_printf(bio_err, "notBefore=");
+ ASN1_TIME_print(bio_err, X509_get_notBefore(ctx->current_cert));
+ BIO_printf(bio_err, "\n");
+ break;
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+ BIO_printf(bio_err, "notAfter=");
+ ASN1_TIME_print(bio_err, X509_get_notAfter(ctx->current_cert));
+ BIO_printf(bio_err, "\n");
+ break;
+ }
+ BIO_printf(bio_err, "verify return:%d\n", ok);
+ return (ok);
+}
+
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
+{
+ if (cert_file != NULL) {
+ /*-
+ SSL *ssl;
+ X509 *x509;
+ */
+
+ if (SSL_CTX_use_certificate_file(ctx, cert_file,
+ SSL_FILETYPE_PEM) <= 0) {
+ BIO_printf(bio_err, "unable to get certificate from '%s'\n",
+ cert_file);
+ ERR_print_errors(bio_err);
+ return (0);
+ }
+ if (key_file == NULL)
+ key_file = cert_file;
+ if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
+ BIO_printf(bio_err, "unable to get private key from '%s'\n",
+ key_file);
+ ERR_print_errors(bio_err);
+ return (0);
+ }
+
+ /*-
+ In theory this is no longer needed
+ ssl=SSL_new(ctx);
+ x509=SSL_get_certificate(ssl);
+
+ if (x509 != NULL) {
+ EVP_PKEY *pktmp;
+ pktmp = X509_get_pubkey(x509);
+ EVP_PKEY_copy_parameters(pktmp,
+ SSL_get_privatekey(ssl));
+ EVP_PKEY_free(pktmp);
+ }
+ SSL_free(ssl);
+ */
+
+ /*
+ * If we are using DSA, we can copy the parameters from the private
+ * key
+ */
+
+ /*
+ * Now we know that a key and cert have been set against the SSL
+ * context
+ */
+ if (!SSL_CTX_check_private_key(ctx)) {
+ BIO_printf(bio_err,
+ "Private key does not match the certificate public key\n");
+ return (0);
+ }
+ }
+ return (1);
+}
+
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
+{
+ if (cert == NULL)
+ return 1;
+ if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
+ BIO_printf(bio_err, "error setting certificate\n");
+ ERR_print_errors(bio_err);
+ return 0;
+ }
+ if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
+ BIO_printf(bio_err, "error setting private key\n");
+ ERR_print_errors(bio_err);
+ return 0;
+ }
+
+ /*
+ * Now we know that a key and cert have been set against the SSL context
+ */
+ if (!SSL_CTX_check_private_key(ctx)) {
+ BIO_printf(bio_err,
+ "Private key does not match the certificate public key\n");
+ return 0;
+ }
+ return 1;
+}
+
+long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
+ int argi, long argl, long ret)
+{
+ BIO *out;
+
+ out = (BIO *)BIO_get_callback_arg(bio);
+ if (out == NULL)
+ return (ret);
+
+ if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
+ BIO_printf(out, "read from %p [%p] (%d bytes => %ld (0x%lX))\n",
+ (void *)bio, argp, argi, ret, ret);
+ BIO_dump(out, argp, (int)ret);
+ return (ret);
+ } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
+ BIO_printf(out, "write to %p [%p] (%d bytes => %ld (0x%lX))\n",
+ (void *)bio, argp, argi, ret, ret);
+ BIO_dump(out, argp, (int)ret);
+ }
+ return (ret);
+}
+
+void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
+{
+ const char *str;
+ int w;
+
+ w = where & ~SSL_ST_MASK;
+
+ if (w & SSL_ST_CONNECT)
+ str = "SSL_connect";
+ else if (w & SSL_ST_ACCEPT)
+ str = "SSL_accept";
+ else
+ str = "undefined";
+
+ if (where & SSL_CB_LOOP) {
+ BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
+ } else if (where & SSL_CB_ALERT) {
+ str = (where & SSL_CB_READ) ? "read" : "write";
+ BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
+ str,
+ SSL_alert_type_string_long(ret),
+ SSL_alert_desc_string_long(ret));
+ } else if (where & SSL_CB_EXIT) {
+ if (ret == 0)
+ BIO_printf(bio_err, "%s:failed in %s\n",
+ str, SSL_state_string_long(s));
+ else if (ret < 0) {
+ BIO_printf(bio_err, "%s:error in %s\n",
+ str, SSL_state_string_long(s));
+ }
+ }
+}
+
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg)
+{
+ BIO *bio = arg;
+ const char *str_write_p, *str_version, *str_content_type =
+ "", *str_details1 = "", *str_details2 = "";
+
+ str_write_p = write_p ? ">>>" : "<<<";
+
+ switch (version) {
+ case SSL2_VERSION:
+ str_version = "SSL 2.0";
+ break;
+ case SSL3_VERSION:
+ str_version = "SSL 3.0 ";
+ break;
+ case TLS1_VERSION:
+ str_version = "TLS 1.0 ";
+ break;
+ default:
+ str_version = "???";
+ case DTLS1_VERSION:
+ str_version = "DTLS 1.0 ";
+ break;
+ case DTLS1_BAD_VER:
+ str_version = "DTLS 1.0 (bad) ";
+ break;
+ }
+
+ if (version == SSL2_VERSION) {
+ str_details1 = "???";
+
+ if (len > 0) {
+ switch (((const unsigned char *)buf)[0]) {
+ case 0:
+ str_details1 = ", ERROR:";
+ str_details2 = " ???";
+ if (len >= 3) {
+ unsigned err =
+ (((const unsigned char *)buf)[1] << 8) +
+ ((const unsigned char *)buf)[2];
+
+ switch (err) {
+ case 0x0001:
+ str_details2 = " NO-CIPHER-ERROR";
+ break;
+ case 0x0002:
+ str_details2 = " NO-CERTIFICATE-ERROR";
+ break;
+ case 0x0004:
+ str_details2 = " BAD-CERTIFICATE-ERROR";
+ break;
+ case 0x0006:
+ str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
+ break;
+ }
+ }
+
+ break;
+ case 1:
+ str_details1 = ", CLIENT-HELLO";
+ break;
+ case 2:
+ str_details1 = ", CLIENT-MASTER-KEY";
+ break;
+ case 3:
+ str_details1 = ", CLIENT-FINISHED";
+ break;
+ case 4:
+ str_details1 = ", SERVER-HELLO";
+ break;
+ case 5:
+ str_details1 = ", SERVER-VERIFY";
+ break;
+ case 6:
+ str_details1 = ", SERVER-FINISHED";
+ break;
+ case 7:
+ str_details1 = ", REQUEST-CERTIFICATE";
+ break;
+ case 8:
+ str_details1 = ", CLIENT-CERTIFICATE";
+ break;
+ }
+ }
+ }
+
+ if (version == SSL3_VERSION ||
+ version == TLS1_VERSION ||
+ version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
+ switch (content_type) {
+ case 20:
+ str_content_type = "ChangeCipherSpec";
+ break;
+ case 21:
+ str_content_type = "Alert";
+ break;
+ case 22:
+ str_content_type = "Handshake";
+ break;
+ }
+
+ if (content_type == 21) { /* Alert */
+ str_details1 = ", ???";
+
+ if (len == 2) {
+ switch (((const unsigned char *)buf)[0]) {
+ case 1:
+ str_details1 = ", warning";
+ break;
+ case 2:
+ str_details1 = ", fatal";
+ break;
+ }
+
+ str_details2 = " ???";
+ switch (((const unsigned char *)buf)[1]) {
+ case 0:
+ str_details2 = " close_notify";
+ break;
+ case 10:
+ str_details2 = " unexpected_message";
+ break;
+ case 20:
+ str_details2 = " bad_record_mac";
+ break;
+ case 21:
+ str_details2 = " decryption_failed";
+ break;
+ case 22:
+ str_details2 = " record_overflow";
+ break;
+ case 30:
+ str_details2 = " decompression_failure";
+ break;
+ case 40:
+ str_details2 = " handshake_failure";
+ break;
+ case 42:
+ str_details2 = " bad_certificate";
+ break;
+ case 43:
+ str_details2 = " unsupported_certificate";
+ break;
+ case 44:
+ str_details2 = " certificate_revoked";
+ break;
+ case 45:
+ str_details2 = " certificate_expired";
+ break;
+ case 46:
+ str_details2 = " certificate_unknown";
+ break;
+ case 47:
+ str_details2 = " illegal_parameter";
+ break;
+ case 48:
+ str_details2 = " unknown_ca";
+ break;
+ case 49:
+ str_details2 = " access_denied";
+ break;
+ case 50:
+ str_details2 = " decode_error";
+ break;
+ case 51:
+ str_details2 = " decrypt_error";
+ break;
+ case 60:
+ str_details2 = " export_restriction";
+ break;
+ case 70:
+ str_details2 = " protocol_version";
+ break;
+ case 71:
+ str_details2 = " insufficient_security";
+ break;
+ case 80:
+ str_details2 = " internal_error";
+ break;
+ case 90:
+ str_details2 = " user_canceled";
+ break;
+ case 100:
+ str_details2 = " no_renegotiation";
+ break;
+ case 110:
+ str_details2 = " unsupported_extension";
+ break;
+ case 111:
+ str_details2 = " certificate_unobtainable";
+ break;
+ case 112:
+ str_details2 = " unrecognized_name";
+ break;
+ case 113:
+ str_details2 = " bad_certificate_status_response";
+ break;
+ case 114:
+ str_details2 = " bad_certificate_hash_value";
+ break;
+ case 115:
+ str_details2 = " unknown_psk_identity";
+ break;
+ }
+ }
+ }
+
+ if (content_type == 22) { /* Handshake */
+ str_details1 = "???";
+
+ if (len > 0) {
+ switch (((const unsigned char *)buf)[0]) {
+ case 0:
+ str_details1 = ", HelloRequest";
+ break;
+ case 1:
+ str_details1 = ", ClientHello";
+ break;
+ case 2:
+ str_details1 = ", ServerHello";
+ break;
+ case 11:
+ str_details1 = ", Certificate";
+ break;
+ case 12:
+ str_details1 = ", ServerKeyExchange";
+ break;
+ case 13:
+ str_details1 = ", CertificateRequest";
+ break;
+ case 14:
+ str_details1 = ", ServerHelloDone";
+ break;
+ case 15:
+ str_details1 = ", CertificateVerify";
+ break;
+ case 3:
+ str_details1 = ", HelloVerifyRequest";
+ break;
+ case 16:
+ str_details1 = ", ClientKeyExchange";
+ break;
+ case 20:
+ str_details1 = ", Finished";
+ break;
+ }
+ }
+ }
+ }
+
+ BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version,
+ str_content_type, (unsigned long)len, str_details1,
+ str_details2);
+
+ if (len > 0) {
+ size_t num, i;
+
+ BIO_printf(bio, " ");
+ num = len;
+#if 0
+ if (num > 16)
+ num = 16;
+#endif
+ for (i = 0; i < num; i++) {
+ if (i % 16 == 0 && i > 0)
+ BIO_printf(bio, "\n ");
+ BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]);
+ }
+ if (i < len)
+ BIO_printf(bio, " ...");
+ BIO_printf(bio, "\n");
+ }
+ (void)BIO_flush(bio);
+}
+
+void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
+ unsigned char *data, int len, void *arg)
+{
+ BIO *bio = arg;
+ char *extname;
+
+ switch (type) {
+ case TLSEXT_TYPE_server_name:
+ extname = "server name";
+ break;
+
+ case TLSEXT_TYPE_max_fragment_length:
+ extname = "max fragment length";
+ break;
+
+ case TLSEXT_TYPE_client_certificate_url:
+ extname = "client certificate URL";
+ break;
+
+ case TLSEXT_TYPE_trusted_ca_keys:
+ extname = "trusted CA keys";
+ break;
+
+ case TLSEXT_TYPE_truncated_hmac:
+ extname = "truncated HMAC";
+ break;
+
+ case TLSEXT_TYPE_status_request:
+ extname = "status request";
+ break;
+
+ case TLSEXT_TYPE_elliptic_curves:
+ extname = "elliptic curves";
+ break;
+
+ case TLSEXT_TYPE_ec_point_formats:
+ extname = "EC point formats";
+ break;
+
+ case TLSEXT_TYPE_session_ticket:
+ extname = "server ticket";
+ break;
+
+ case TLSEXT_TYPE_renegotiate:
+ extname = "renegotiate";
+ break;
+
+ default:
+ extname = "unknown";
+ break;
+
+ }
+
+ BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
+ client_server ? "server" : "client", extname, type, len);
+ BIO_dump(bio, (char *)data, len);
+ (void)BIO_flush(bio);
+}
+
+int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len)
+{
+ unsigned char *buffer, result[EVP_MAX_MD_SIZE];
+ unsigned int length, resultlength;
+ struct sockaddr_in peer;
+
+ /* Initialize a random secret */
+ if (!cookie_initialized) {
+ if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH)) {
+ BIO_printf(bio_err, "error setting random cookie secret\n");
+ return 0;
+ }
+ cookie_initialized = 1;
+ }
+
+ /* Read peer information */
+ (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
+
+ /* Create buffer with peer's address and port */
+ length = sizeof(peer.sin_addr);
+ length += sizeof(peer.sin_port);
+ buffer = OPENSSL_malloc(length);
+
+ if (buffer == NULL) {
+ BIO_printf(bio_err, "out of memory\n");
+ return 0;
+ }
+
+ memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr));
+ memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port,
+ sizeof(peer.sin_port));
+
+ /* Calculate HMAC of buffer using the secret */
+ HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
+ buffer, length, result, &resultlength);
+ OPENSSL_free(buffer);
+
+ memcpy(cookie, result, resultlength);
+ *cookie_len = resultlength;
+
+ return 1;
+}
+
+int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
+ unsigned int cookie_len)
+{
+ unsigned char *buffer, result[EVP_MAX_MD_SIZE];
+ unsigned int length, resultlength;
+ struct sockaddr_in peer;
+
+ /* If secret isn't initialized yet, the cookie can't be valid */
+ if (!cookie_initialized)
+ return 0;
+
+ /* Read peer information */
+ (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), &peer);
+
+ /* Create buffer with peer's address and port */
+ length = sizeof(peer.sin_addr);
+ length += sizeof(peer.sin_port);
+ buffer = (unsigned char *)OPENSSL_malloc(length);
+
+ if (buffer == NULL) {
+ BIO_printf(bio_err, "out of memory\n");
+ return 0;
+ }
+
+ memcpy(buffer, &peer.sin_addr, sizeof(peer.sin_addr));
+ memcpy(buffer + sizeof(peer.sin_addr), &peer.sin_port,
+ sizeof(peer.sin_port));
+
+ /* Calculate HMAC of buffer using the secret */
+ HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
+ buffer, length, result, &resultlength);
+ OPENSSL_free(buffer);
+
+ if (cookie_len == resultlength
+ && memcmp(result, cookie, resultlength) == 0)
+ return 1;
+
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/s_client.c
===================================================================
--- vendor-crypto/openssl/dist/apps/s_client.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/s_client.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1584 +0,0 @@
-/* apps/s_client.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/e_os2.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-
-/* With IPv6, it looks like Digital has mixed up the proper order of
- recursive header file inclusion, resulting in the compiler complaining
- that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
- is needed to have fileno() declared correctly... So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-#define __U_INT
-typedef unsigned int u_int;
-#endif
-
-#define USE_SOCKETS
-#include "apps.h"
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#include <openssl/ocsp.h>
-#include "s_apps.h"
-#include "timeouts.h"
-
-#ifdef OPENSSL_SYS_WINCE
-/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
-#ifdef fileno
-#undef fileno
-#endif
-#define fileno(a) (int)_fileno(a)
-#endif
-
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-
-#undef PROG
-#define PROG s_client_main
-
-/*#define SSL_HOST_NAME "www.netscape.com" */
-/*#define SSL_HOST_NAME "193.118.187.102" */
-#define SSL_HOST_NAME "localhost"
-
-/*#define TEST_CERT "client.pem" */ /* no default cert. */
-
-#undef BUFSIZZ
-#define BUFSIZZ 1024*8
-
-extern int verify_depth;
-extern int verify_error;
-
-#ifdef FIONBIO
-static int c_nbio=0;
-#endif
-static int c_Pause=0;
-static int c_debug=0;
-#ifndef OPENSSL_NO_TLSEXT
-static int c_tlsextdebug=0;
-static int c_status_req=0;
-#endif
-static int c_msg=0;
-static int c_showcerts=0;
-
-static void sc_usage(void);
-static void print_stuff(BIO *berr,SSL *con,int full);
-#ifndef OPENSSL_NO_TLSEXT
-static int ocsp_resp_cb(SSL *s, void *arg);
-#endif
-static BIO *bio_c_out=NULL;
-static int c_quiet=0;
-static int c_ign_eof=0;
-
-static void sc_usage(void)
- {
- BIO_printf(bio_err,"usage: s_client args\n");
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err," -host host - use -connect instead\n");
- BIO_printf(bio_err," -port port - use -connect instead\n");
- BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-
- BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
- BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
- BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
- BIO_printf(bio_err," not specified but cert file is.\n");
- BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
- BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
- BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
- BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
- BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
- BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
- BIO_printf(bio_err," -debug - extra output\n");
-#ifdef WATT32
- BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
-#endif
- BIO_printf(bio_err," -msg - Show protocol messages\n");
- BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
- BIO_printf(bio_err," -state - print the 'ssl' states\n");
-#ifdef FIONBIO
- BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
-#endif
- BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
- BIO_printf(bio_err," -quiet - no s_client output\n");
- BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
- BIO_printf(bio_err," -no_ign_eof - don't ignore input eof\n");
- BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
- BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
- BIO_printf(bio_err," -tls1 - just use TLSv1\n");
- BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
- BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n");
- BIO_printf(bio_err," -mtu - set the link layer MTU\n");
- BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
- BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
- BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
- BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
- BIO_printf(bio_err," command to see what is available\n");
- BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
- BIO_printf(bio_err," for those protocols that support it, where\n");
- BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
- BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
- BIO_printf(bio_err," are supported.\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
-#endif
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," -sess_out arg - file to write SSL session to\n");
- BIO_printf(bio_err," -sess_in arg - file to read SSL session from\n");
-#ifndef OPENSSL_NO_TLSEXT
- BIO_printf(bio_err," -servername host - Set TLS extension servername in ClientHello\n");
- BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
- BIO_printf(bio_err," -status - request certificate status from server\n");
- BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
-#endif
- BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
- }
-
-#ifndef OPENSSL_NO_TLSEXT
-
-/* This is a context that we pass to callbacks */
-typedef struct tlsextctx_st {
- BIO * biodebug;
- int ack;
-} tlsextctx;
-
-
-static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
- {
- tlsextctx * p = (tlsextctx *) arg;
- const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
- if (SSL_get_servername_type(s) != -1)
- p->ack = !SSL_session_reused(s) && hn != NULL;
- else
- BIO_printf(bio_err,"Can't use SSL_get_servername\n");
-
- return SSL_TLSEXT_ERR_OK;
- }
-#endif
-enum
-{
- PROTO_OFF = 0,
- PROTO_SMTP,
- PROTO_POP3,
- PROTO_IMAP,
- PROTO_FTP,
- PROTO_XMPP
-};
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int off=0, clr = 0;
- SSL *con=NULL,*con2=NULL;
- X509_STORE *store = NULL;
- int s,k,width,state=0;
- char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
- int cbuf_len,cbuf_off;
- int sbuf_len,sbuf_off;
- fd_set readfds,writefds;
- short port=PORT;
- int full_log=1;
- char *host=SSL_HOST_NAME;
- char *cert_file=NULL,*key_file=NULL;
- int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
- char *passarg = NULL, *pass = NULL;
- X509 *cert = NULL;
- EVP_PKEY *key = NULL;
- char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
- int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
- int crlf=0;
- int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
- SSL_CTX *ctx=NULL;
- int ret=1,in_init=1,i,nbio_test=0;
- int starttls_proto = PROTO_OFF;
- int prexit = 0, vflags = 0;
- SSL_METHOD *meth=NULL;
-#ifdef sock_type
-#undef sock_type
-#endif
- int sock_type=SOCK_STREAM;
- BIO *sbio;
- char *inrand=NULL;
- int mbuf_len=0;
- struct timeval timeout, *timeoutp;
-#ifndef OPENSSL_NO_ENGINE
- char *engine_id=NULL;
- char *ssl_client_engine_id=NULL;
- ENGINE *ssl_client_engine=NULL;
-#endif
- ENGINE *e=NULL;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
- struct timeval tv;
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
- char *servername = NULL;
- tlsextctx tlsextcbp =
- {NULL,0};
-#endif
- char *sess_in = NULL;
- char *sess_out = NULL;
- struct sockaddr peer;
- int peerlen = sizeof(peer);
- int fallback_scsv = 0;
- int enable_timeouts = 0 ;
- long socket_mtu = 0;
-#ifndef OPENSSL_NO_JPAKE
- char *jpake_secret = NULL;
-#endif
-
- meth=SSLv23_client_method();
-
- apps_startup();
- c_Pause=0;
- c_quiet=0;
- c_ign_eof=0;
- c_debug=0;
- c_msg=0;
- c_showcerts=0;
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
- ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
- ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
- {
- BIO_printf(bio_err,"out of memory\n");
- goto end;
- }
-
- verify_depth=0;
- verify_error=X509_V_OK;
-#ifdef FIONBIO
- c_nbio=0;
-#endif
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-host") == 0)
- {
- if (--argc < 1) goto bad;
- host= *(++argv);
- }
- else if (strcmp(*argv,"-port") == 0)
- {
- if (--argc < 1) goto bad;
- port=atoi(*(++argv));
- if (port == 0) goto bad;
- }
- else if (strcmp(*argv,"-connect") == 0)
- {
- if (--argc < 1) goto bad;
- if (!extract_host_port(*(++argv),&host,NULL,&port))
- goto bad;
- }
- else if (strcmp(*argv,"-verify") == 0)
- {
- verify=SSL_VERIFY_PEER;
- if (--argc < 1) goto bad;
- verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- cert_file= *(++argv);
- }
- else if (strcmp(*argv,"-sess_out") == 0)
- {
- if (--argc < 1) goto bad;
- sess_out = *(++argv);
- }
- else if (strcmp(*argv,"-sess_in") == 0)
- {
- if (--argc < 1) goto bad;
- sess_in = *(++argv);
- }
- else if (strcmp(*argv,"-certform") == 0)
- {
- if (--argc < 1) goto bad;
- cert_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-crl_check") == 0)
- vflags |= X509_V_FLAG_CRL_CHECK;
- else if (strcmp(*argv,"-crl_check_all") == 0)
- vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
- else if (strcmp(*argv,"-prexit") == 0)
- prexit=1;
- else if (strcmp(*argv,"-crlf") == 0)
- crlf=1;
- else if (strcmp(*argv,"-quiet") == 0)
- {
- c_quiet=1;
- c_ign_eof=1;
- }
- else if (strcmp(*argv,"-ign_eof") == 0)
- c_ign_eof=1;
- else if (strcmp(*argv,"-no_ign_eof") == 0)
- c_ign_eof=0;
- else if (strcmp(*argv,"-pause") == 0)
- c_Pause=1;
- else if (strcmp(*argv,"-debug") == 0)
- c_debug=1;
-#ifndef OPENSSL_NO_TLSEXT
- else if (strcmp(*argv,"-tlsextdebug") == 0)
- c_tlsextdebug=1;
- else if (strcmp(*argv,"-status") == 0)
- c_status_req=1;
-#endif
-#ifdef WATT32
- else if (strcmp(*argv,"-wdebug") == 0)
- dbug_init();
-#endif
- else if (strcmp(*argv,"-msg") == 0)
- c_msg=1;
- else if (strcmp(*argv,"-showcerts") == 0)
- c_showcerts=1;
- else if (strcmp(*argv,"-nbio_test") == 0)
- nbio_test=1;
- else if (strcmp(*argv,"-state") == 0)
- state=1;
-#ifndef OPENSSL_NO_SSL2
- else if (strcmp(*argv,"-ssl2") == 0)
- meth=SSLv2_client_method();
-#endif
-#ifndef OPENSSL_NO_SSL3
- else if (strcmp(*argv,"-ssl3") == 0)
- meth=SSLv3_client_method();
-#endif
-#ifndef OPENSSL_NO_TLS1
- else if (strcmp(*argv,"-tls1") == 0)
- meth=TLSv1_client_method();
-#endif
-#ifndef OPENSSL_NO_DTLS1
- else if (strcmp(*argv,"-dtls1") == 0)
- {
- meth=DTLSv1_client_method();
- sock_type=SOCK_DGRAM;
- }
- else if (strcmp(*argv,"-timeout") == 0)
- enable_timeouts=1;
- else if (strcmp(*argv,"-mtu") == 0)
- {
- if (--argc < 1) goto bad;
- socket_mtu = atol(*(++argv));
- }
-#endif
- else if (strcmp(*argv,"-fallback_scsv") == 0)
- {
- fallback_scsv = 1;
- }
- else if (strcmp(*argv,"-bugs") == 0)
- bugs=1;
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- key_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-pass") == 0)
- {
- if (--argc < 1) goto bad;
- passarg = *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- key_file= *(++argv);
- }
- else if (strcmp(*argv,"-reconnect") == 0)
- {
- reconnect=5;
- }
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- }
- else if (strcmp(*argv,"-no_tls1") == 0)
- off|=SSL_OP_NO_TLSv1;
- else if (strcmp(*argv,"-no_ssl3") == 0)
- off|=SSL_OP_NO_SSLv3;
- else if (strcmp(*argv,"-no_ssl2") == 0)
- off|=SSL_OP_NO_SSLv2;
-#ifndef OPENSSL_NO_TLSEXT
- else if (strcmp(*argv,"-no_ticket") == 0)
- { off|=SSL_OP_NO_TICKET; }
-#endif
- else if (strcmp(*argv,"-serverpref") == 0)
- off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
- else if (strcmp(*argv,"-legacy_renegotiation") == 0)
- off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
- else if (strcmp(*argv,"-legacy_server_connect") == 0)
- { off|=SSL_OP_LEGACY_SERVER_CONNECT; }
- else if (strcmp(*argv,"-no_legacy_server_connect") == 0)
- { clr|=SSL_OP_LEGACY_SERVER_CONNECT; }
- else if (strcmp(*argv,"-cipher") == 0)
- {
- if (--argc < 1) goto bad;
- cipher= *(++argv);
- }
-#ifdef FIONBIO
- else if (strcmp(*argv,"-nbio") == 0)
- { c_nbio=1; }
-#endif
- else if (strcmp(*argv,"-starttls") == 0)
- {
- if (--argc < 1) goto bad;
- ++argv;
- if (strcmp(*argv,"smtp") == 0)
- starttls_proto = PROTO_SMTP;
- else if (strcmp(*argv,"pop3") == 0)
- starttls_proto = PROTO_POP3;
- else if (strcmp(*argv,"imap") == 0)
- starttls_proto = PROTO_IMAP;
- else if (strcmp(*argv,"ftp") == 0)
- starttls_proto = PROTO_FTP;
- else if (strcmp(*argv, "xmpp") == 0)
- starttls_proto = PROTO_XMPP;
- else
- goto bad;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine_id = *(++argv);
- }
- else if (strcmp(*argv,"-ssl_client_engine") == 0)
- {
- if (--argc < 1) goto bad;
- ssl_client_engine_id = *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
-#ifndef OPENSSL_NO_TLSEXT
- else if (strcmp(*argv,"-servername") == 0)
- {
- if (--argc < 1) goto bad;
- servername= *(++argv);
- /* meth=TLSv1_client_method(); */
- }
-#endif
-#ifndef OPENSSL_NO_JPAKE
- else if (strcmp(*argv,"-jpake") == 0)
- {
- if (--argc < 1) goto bad;
- jpake_secret = *++argv;
- }
-#endif
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badop=1;
- break;
- }
- argc--;
- argv++;
- }
- if (badop)
- {
-bad:
- sc_usage();
- goto end;
- }
-
- OpenSSL_add_ssl_algorithms();
- SSL_load_error_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine_id, 1);
- if (ssl_client_engine_id)
- {
- ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
- if (!ssl_client_engine)
- {
- BIO_printf(bio_err,
- "Error getting client auth engine\n");
- goto end;
- }
- }
-#endif
- if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
- {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
- if (key_file == NULL)
- key_file = cert_file;
-
-
- if (key_file)
-
- {
-
- key = load_key(bio_err, key_file, key_format, 0, pass, e,
- "client certificate private key file");
- if (!key)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- }
-
- if (cert_file)
-
- {
- cert = load_cert(bio_err,cert_file,cert_format,
- NULL, e, "client certificate file");
-
- if (!cert)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
- && !RAND_status())
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- if (bio_c_out == NULL)
- {
- if (c_quiet && !c_debug && !c_msg)
- {
- bio_c_out=BIO_new(BIO_s_null());
- }
- else
- {
- if (bio_c_out == NULL)
- bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
- }
- }
-
- ctx=SSL_CTX_new(meth);
- if (ctx == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- if (ssl_client_engine)
- {
- if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine))
- {
- BIO_puts(bio_err, "Error setting client auth engine\n");
- ERR_print_errors(bio_err);
- ENGINE_free(ssl_client_engine);
- goto end;
- }
- ENGINE_free(ssl_client_engine);
- }
-#endif
-
- if (bugs)
- SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
- else
- SSL_CTX_set_options(ctx,off);
-
- if (clr)
- SSL_CTX_clear_options(ctx, clr);
- /* DTLS: partial reads end up discarding unread UDP bytes :-(
- * Setting read ahead solves this problem.
- */
- if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
-
- if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
- if (cipher != NULL)
- if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
- BIO_printf(bio_err,"error setting cipher list\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-#if 0
- else
- SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
-#endif
-
- SSL_CTX_set_verify(ctx,verify,verify_callback);
- if (!set_cert_key_stuff(ctx,cert,key))
- goto end;
-
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
- {
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
- }
-
- store = SSL_CTX_get_cert_store(ctx);
- X509_STORE_set_flags(store, vflags);
-#ifndef OPENSSL_NO_TLSEXT
- if (servername != NULL)
- {
- tlsextcbp.biodebug = bio_err;
- SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
- SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
- }
-#endif
-
- con=SSL_new(ctx);
- if (sess_in)
- {
- SSL_SESSION *sess;
- BIO *stmp = BIO_new_file(sess_in, "r");
- if (!stmp)
- {
- BIO_printf(bio_err, "Can't open session file %s\n",
- sess_in);
- ERR_print_errors(bio_err);
- goto end;
- }
- sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
- BIO_free(stmp);
- if (!sess)
- {
- BIO_printf(bio_err, "Can't open session file %s\n",
- sess_in);
- ERR_print_errors(bio_err);
- goto end;
- }
- SSL_set_session(con, sess);
- SSL_SESSION_free(sess);
- }
-
- if (fallback_scsv)
- SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
-
-#ifndef OPENSSL_NO_TLSEXT
- if (servername != NULL)
- {
- if (!SSL_set_tlsext_host_name(con,servername))
- {
- BIO_printf(bio_err,"Unable to set TLS servername extension.\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_KRB5
- if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
- {
- kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
- }
-#endif /* OPENSSL_NO_KRB5 */
-/* SSL_set_cipher_list(con,"RC4-MD5"); */
-
-re_start:
-
- if (init_client(&s,host,port,sock_type) == 0)
- {
- BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
- SHUTDOWN(s);
- goto end;
- }
- BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
-
-#ifdef FIONBIO
- if (c_nbio)
- {
- unsigned long l=1;
- BIO_printf(bio_c_out,"turning on non blocking io\n");
- if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-#endif
- if (c_Pause & 0x01) con->debug=1;
-
- if ( SSL_version(con) == DTLS1_VERSION)
- {
-
- sbio=BIO_new_dgram(s,BIO_NOCLOSE);
- if (getsockname(s, &peer, (void *)&peerlen) < 0)
- {
- BIO_printf(bio_err, "getsockname:errno=%d\n",
- get_last_socket_error());
- SHUTDOWN(s);
- goto end;
- }
-
- (void)BIO_ctrl_set_connected(sbio, 1, &peer);
-
- if ( enable_timeouts)
- {
- timeout.tv_sec = 0;
- timeout.tv_usec = DGRAM_RCV_TIMEOUT;
- BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
-
- timeout.tv_sec = 0;
- timeout.tv_usec = DGRAM_SND_TIMEOUT;
- BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
- }
-
- if (socket_mtu > 28)
- {
- SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, socket_mtu - 28);
- }
- else
- /* want to do MTU discovery */
- BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
- }
- else
- sbio=BIO_new_socket(s,BIO_NOCLOSE);
-
- if (nbio_test)
- {
- BIO *test;
-
- test=BIO_new(BIO_f_nbio_test());
- sbio=BIO_push(test,sbio);
- }
-
- if (c_debug)
- {
- con->debug=1;
- BIO_set_callback(sbio,bio_dump_callback);
- BIO_set_callback_arg(sbio,(char *)bio_c_out);
- }
- if (c_msg)
- {
- SSL_set_msg_callback(con, msg_cb);
- SSL_set_msg_callback_arg(con, bio_c_out);
- }
-#ifndef OPENSSL_NO_TLSEXT
- if (c_tlsextdebug)
- {
- SSL_set_tlsext_debug_callback(con, tlsext_cb);
- SSL_set_tlsext_debug_arg(con, bio_c_out);
- }
- if (c_status_req)
- {
- SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
- SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
- SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
-#if 0
-{
-STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
-OCSP_RESPID *id = OCSP_RESPID_new();
-id->value.byKey = ASN1_OCTET_STRING_new();
-id->type = V_OCSP_RESPID_KEY;
-ASN1_STRING_set(id->value.byKey, "Hello World", -1);
-sk_OCSP_RESPID_push(ids, id);
-SSL_set_tlsext_status_ids(con, ids);
-}
-#endif
- }
-#endif
-#ifndef OPENSSL_NO_JPAKE
- if (jpake_secret)
- jpake_client_auth(bio_c_out, sbio, jpake_secret);
-#endif
-
- SSL_set_bio(con,sbio,sbio);
- SSL_set_connect_state(con);
-
- /* ok, lets connect */
- width=SSL_get_fd(con)+1;
-
- read_tty=1;
- write_tty=0;
- tty_on=0;
- read_ssl=1;
- write_ssl=1;
-
- cbuf_len=0;
- cbuf_off=0;
- sbuf_len=0;
- sbuf_off=0;
-
- /* This is an ugly hack that does a lot of assumptions */
- /* We do have to handle multi-line responses which may come
- in a single packet or not. We therefore have to use
- BIO_gets() which does need a buffering BIO. So during
- the initial chitchat we do push a buffering BIO into the
- chain that is removed again later on to not disturb the
- rest of the s_client operation. */
- if (starttls_proto == PROTO_SMTP)
- {
- int foundit=0;
- BIO *fbio = BIO_new(BIO_f_buffer());
- BIO_push(fbio, sbio);
- /* wait for multi-line response to end from SMTP */
- do
- {
- mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
- }
- while (mbuf_len>3 && mbuf[3]=='-');
- /* STARTTLS command requires EHLO... */
- BIO_printf(fbio,"EHLO openssl.client.net\r\n");
- (void)BIO_flush(fbio);
- /* wait for multi-line response to end EHLO SMTP response */
- do
- {
- mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
- if (strstr(mbuf,"STARTTLS"))
- foundit=1;
- }
- while (mbuf_len>3 && mbuf[3]=='-');
- (void)BIO_flush(fbio);
- BIO_pop(fbio);
- BIO_free(fbio);
- if (!foundit)
- BIO_printf(bio_err,
- "didn't found starttls in server response,"
- " try anyway...\n");
- BIO_printf(sbio,"STARTTLS\r\n");
- BIO_read(sbio,sbuf,BUFSIZZ);
- }
- else if (starttls_proto == PROTO_POP3)
- {
- BIO_read(sbio,mbuf,BUFSIZZ);
- BIO_printf(sbio,"STLS\r\n");
- BIO_read(sbio,sbuf,BUFSIZZ);
- }
- else if (starttls_proto == PROTO_IMAP)
- {
- int foundit=0;
- BIO *fbio = BIO_new(BIO_f_buffer());
- BIO_push(fbio, sbio);
- BIO_gets(fbio,mbuf,BUFSIZZ);
- /* STARTTLS command requires CAPABILITY... */
- BIO_printf(fbio,". CAPABILITY\r\n");
- (void)BIO_flush(fbio);
- /* wait for multi-line CAPABILITY response */
- do
- {
- mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
- if (strstr(mbuf,"STARTTLS"))
- foundit=1;
- }
- while (mbuf_len>3 && mbuf[0]!='.');
- (void)BIO_flush(fbio);
- BIO_pop(fbio);
- BIO_free(fbio);
- if (!foundit)
- BIO_printf(bio_err,
- "didn't found STARTTLS in server response,"
- " try anyway...\n");
- BIO_printf(sbio,". STARTTLS\r\n");
- BIO_read(sbio,sbuf,BUFSIZZ);
- }
- else if (starttls_proto == PROTO_FTP)
- {
- BIO *fbio = BIO_new(BIO_f_buffer());
- BIO_push(fbio, sbio);
- /* wait for multi-line response to end from FTP */
- do
- {
- mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
- }
- while (mbuf_len>3 && mbuf[3]=='-');
- (void)BIO_flush(fbio);
- BIO_pop(fbio);
- BIO_free(fbio);
- BIO_printf(sbio,"AUTH TLS\r\n");
- BIO_read(sbio,sbuf,BUFSIZZ);
- }
- if (starttls_proto == PROTO_XMPP)
- {
- int seen = 0;
- BIO_printf(sbio,"<stream:stream "
- "xmlns:stream='http://etherx.jabber.org/streams' "
- "xmlns='jabber:client' to='%s' version='1.0'>", host);
- seen = BIO_read(sbio,mbuf,BUFSIZZ);
- mbuf[seen] = 0;
- while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'"))
- {
- if (strstr(mbuf, "/stream:features>"))
- goto shut;
- seen = BIO_read(sbio,mbuf,BUFSIZZ);
- mbuf[seen] = 0;
- }
- BIO_printf(sbio, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
- seen = BIO_read(sbio,sbuf,BUFSIZZ);
- sbuf[seen] = 0;
- if (!strstr(sbuf, "<proceed"))
- goto shut;
- mbuf[0] = 0;
- }
-
- for (;;)
- {
- FD_ZERO(&readfds);
- FD_ZERO(&writefds);
-
- if ((SSL_version(con) == DTLS1_VERSION) &&
- DTLSv1_get_timeout(con, &timeout))
- timeoutp = &timeout;
- else
- timeoutp = NULL;
-
- if (SSL_in_init(con) && !SSL_total_renegotiations(con))
- {
- in_init=1;
- tty_on=0;
- }
- else
- {
- tty_on=1;
- if (in_init)
- {
- in_init=0;
- if (sess_out)
- {
- BIO *stmp = BIO_new_file(sess_out, "w");
- if (stmp)
- {
- PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
- BIO_free(stmp);
- }
- else
- BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
- }
- print_stuff(bio_c_out,con,full_log);
- if (full_log > 0) full_log--;
-
- if (starttls_proto)
- {
- BIO_printf(bio_err,"%s",mbuf);
- /* We don't need to know any more */
- starttls_proto = PROTO_OFF;
- }
-
- if (reconnect)
- {
- reconnect--;
- BIO_printf(bio_c_out,"drop connection and then reconnect\n");
- SSL_shutdown(con);
- SSL_set_connect_state(con);
- SHUTDOWN(SSL_get_fd(con));
- goto re_start;
- }
- }
- }
-
- ssl_pending = read_ssl && SSL_pending(con);
-
- if (!ssl_pending)
- {
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
- if (tty_on)
- {
- if (read_tty) FD_SET(fileno(stdin),&readfds);
- if (write_tty) FD_SET(fileno(stdout),&writefds);
- }
- if (read_ssl)
- FD_SET(SSL_get_fd(con),&readfds);
- if (write_ssl)
- FD_SET(SSL_get_fd(con),&writefds);
-#else
- if(!tty_on || !write_tty) {
- if (read_ssl)
- FD_SET(SSL_get_fd(con),&readfds);
- if (write_ssl)
- FD_SET(SSL_get_fd(con),&writefds);
- }
-#endif
-/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
- tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
-
- /* Note: under VMS with SOCKETSHR the second parameter
- * is currently of type (int *) whereas under other
- * systems it is (void *) if you don't have a cast it
- * will choke the compiler: if you do have a cast then
- * you can either go for (int *) or (void *).
- */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
- /* Under Windows/DOS we make the assumption that we can
- * always write to the tty: therefore if we need to
- * write to the tty we just fall through. Otherwise
- * we timeout the select every second and see if there
- * are any keypresses. Note: this is a hack, in a proper
- * Windows application we wouldn't do this.
- */
- i=0;
- if(!write_tty) {
- if(read_tty) {
- tv.tv_sec = 1;
- tv.tv_usec = 0;
- i=select(width,(void *)&readfds,(void *)&writefds,
- NULL,&tv);
-#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
- if(!i && (!_kbhit() || !read_tty) ) continue;
-#else
- if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
-#endif
- } else i=select(width,(void *)&readfds,(void *)&writefds,
- NULL,timeoutp);
- }
-#elif defined(OPENSSL_SYS_NETWARE)
- if(!write_tty) {
- if(read_tty) {
- tv.tv_sec = 1;
- tv.tv_usec = 0;
- i=select(width,(void *)&readfds,(void *)&writefds,
- NULL,&tv);
- } else i=select(width,(void *)&readfds,(void *)&writefds,
- NULL,timeoutp);
- }
-#else
- i=select(width,(void *)&readfds,(void *)&writefds,
- NULL,timeoutp);
-#endif
- if ( i < 0)
- {
- BIO_printf(bio_err,"bad select %d\n",
- get_last_socket_error());
- goto shut;
- /* goto end; */
- }
- }
-
- if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
- {
- BIO_printf(bio_err,"TIMEOUT occured\n");
- }
-
- if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
- {
- k=SSL_write(con,&(cbuf[cbuf_off]),
- (unsigned int)cbuf_len);
- switch (SSL_get_error(con,k))
- {
- case SSL_ERROR_NONE:
- cbuf_off+=k;
- cbuf_len-=k;
- if (k <= 0) goto end;
- /* we have done a write(con,NULL,0); */
- if (cbuf_len <= 0)
- {
- read_tty=1;
- write_ssl=0;
- }
- else /* if (cbuf_len > 0) */
- {
- read_tty=0;
- write_ssl=1;
- }
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_printf(bio_c_out,"write W BLOCK\n");
- write_ssl=1;
- read_tty=0;
- break;
- case SSL_ERROR_WANT_READ:
- BIO_printf(bio_c_out,"write R BLOCK\n");
- write_tty=0;
- read_ssl=1;
- write_ssl=0;
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_printf(bio_c_out,"write X BLOCK\n");
- break;
- case SSL_ERROR_ZERO_RETURN:
- if (cbuf_len != 0)
- {
- BIO_printf(bio_c_out,"shutdown\n");
- goto shut;
- }
- else
- {
- read_tty=1;
- write_ssl=0;
- break;
- }
-
- case SSL_ERROR_SYSCALL:
- if ((k != 0) || (cbuf_len != 0))
- {
- BIO_printf(bio_err,"write:errno=%d\n",
- get_last_socket_error());
- goto shut;
- }
- else
- {
- read_tty=1;
- write_ssl=0;
- }
- break;
- case SSL_ERROR_SSL:
- ERR_print_errors(bio_err);
- goto shut;
- }
- }
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
- /* Assume Windows/DOS can always write */
- else if (!ssl_pending && write_tty)
-#else
- else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
-#endif
- {
-#ifdef CHARSET_EBCDIC
- ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
-#endif
- i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
-
- if (i <= 0)
- {
- BIO_printf(bio_c_out,"DONE\n");
- goto shut;
- /* goto end; */
- }
-
- sbuf_len-=i;;
- sbuf_off+=i;
- if (sbuf_len <= 0)
- {
- read_ssl=1;
- write_tty=0;
- }
- }
- else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
- {
-#ifdef RENEG
-{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
-#endif
-#if 1
- k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
-#else
-/* Demo for pending and peek :-) */
- k=SSL_read(con,sbuf,16);
-{ char zbuf[10240];
-printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
-}
-#endif
-
- switch (SSL_get_error(con,k))
- {
- case SSL_ERROR_NONE:
- if (k <= 0)
- goto end;
- sbuf_off=0;
- sbuf_len=k;
-
- read_ssl=0;
- write_tty=1;
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_printf(bio_c_out,"read W BLOCK\n");
- write_ssl=1;
- read_tty=0;
- break;
- case SSL_ERROR_WANT_READ:
- BIO_printf(bio_c_out,"read R BLOCK\n");
- write_tty=0;
- read_ssl=1;
- if ((read_tty == 0) && (write_ssl == 0))
- write_ssl=1;
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_printf(bio_c_out,"read X BLOCK\n");
- break;
- case SSL_ERROR_SYSCALL:
- BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
- goto shut;
- case SSL_ERROR_ZERO_RETURN:
- BIO_printf(bio_c_out,"closed\n");
- goto shut;
- case SSL_ERROR_SSL:
- ERR_print_errors(bio_err);
- goto shut;
- /* break; */
- }
- }
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
- else if (_kbhit())
-#else
- else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
-#endif
-#elif defined (OPENSSL_SYS_NETWARE)
- else if (_kbhit())
-#else
- else if (FD_ISSET(fileno(stdin),&readfds))
-#endif
- {
- if (crlf)
- {
- int j, lf_num;
-
- i=read(fileno(stdin),cbuf,BUFSIZZ/2);
- lf_num = 0;
- /* both loops are skipped when i <= 0 */
- for (j = 0; j < i; j++)
- if (cbuf[j] == '\n')
- lf_num++;
- for (j = i-1; j >= 0; j--)
- {
- cbuf[j+lf_num] = cbuf[j];
- if (cbuf[j] == '\n')
- {
- lf_num--;
- i++;
- cbuf[j+lf_num] = '\r';
- }
- }
- assert(lf_num == 0);
- }
- else
- i=read(fileno(stdin),cbuf,BUFSIZZ);
-
- if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
- {
- BIO_printf(bio_err,"DONE\n");
- goto shut;
- }
-
- if ((!c_ign_eof) && (cbuf[0] == 'R'))
- {
- BIO_printf(bio_err,"RENEGOTIATING\n");
- SSL_renegotiate(con);
- cbuf_len=0;
- }
- else
- {
- cbuf_len=i;
- cbuf_off=0;
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(cbuf, cbuf, i);
-#endif
- }
-
- write_ssl=1;
- read_tty=0;
- }
- }
-shut:
- SSL_shutdown(con);
- SHUTDOWN(SSL_get_fd(con));
- ret=0;
-end:
- if(prexit) print_stuff(bio_c_out,con,1);
- if (con != NULL) SSL_free(con);
- if (con2 != NULL) SSL_free(con2);
- if (ctx != NULL) SSL_CTX_free(ctx);
- if (cert)
- X509_free(cert);
- if (key)
- EVP_PKEY_free(key);
- if (pass)
- OPENSSL_free(pass);
- if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
- if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
- if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
- if (bio_c_out != NULL)
- {
- BIO_free(bio_c_out);
- bio_c_out=NULL;
- }
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-
-static void print_stuff(BIO *bio, SSL *s, int full)
- {
- X509 *peer=NULL;
- char *p;
- static const char *space=" ";
- char buf[BUFSIZ];
- STACK_OF(X509) *sk;
- STACK_OF(X509_NAME) *sk2;
- SSL_CIPHER *c;
- X509_NAME *xn;
- int j,i;
-#ifndef OPENSSL_NO_COMP
- const COMP_METHOD *comp, *expansion;
-#endif
-
- if (full)
- {
- int got_a_chain = 0;
-
- sk=SSL_get_peer_cert_chain(s);
- if (sk != NULL)
- {
- got_a_chain = 1; /* we don't have it for SSL2 (yet) */
-
- BIO_printf(bio,"---\nCertificate chain\n");
- for (i=0; i<sk_X509_num(sk); i++)
- {
- X509_NAME_oneline(X509_get_subject_name(
- sk_X509_value(sk,i)),buf,sizeof buf);
- BIO_printf(bio,"%2d s:%s\n",i,buf);
- X509_NAME_oneline(X509_get_issuer_name(
- sk_X509_value(sk,i)),buf,sizeof buf);
- BIO_printf(bio," i:%s\n",buf);
- if (c_showcerts)
- PEM_write_bio_X509(bio,sk_X509_value(sk,i));
- }
- }
-
- BIO_printf(bio,"---\n");
- peer=SSL_get_peer_certificate(s);
- if (peer != NULL)
- {
- BIO_printf(bio,"Server certificate\n");
- if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
- PEM_write_bio_X509(bio,peer);
- X509_NAME_oneline(X509_get_subject_name(peer),
- buf,sizeof buf);
- BIO_printf(bio,"subject=%s\n",buf);
- X509_NAME_oneline(X509_get_issuer_name(peer),
- buf,sizeof buf);
- BIO_printf(bio,"issuer=%s\n",buf);
- }
- else
- BIO_printf(bio,"no peer certificate available\n");
-
- sk2=SSL_get_client_CA_list(s);
- if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
- {
- BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
- for (i=0; i<sk_X509_NAME_num(sk2); i++)
- {
- xn=sk_X509_NAME_value(sk2,i);
- X509_NAME_oneline(xn,buf,sizeof(buf));
- BIO_write(bio,buf,strlen(buf));
- BIO_write(bio,"\n",1);
- }
- }
- else
- {
- BIO_printf(bio,"---\nNo client certificate CA names sent\n");
- }
- p=SSL_get_shared_ciphers(s,buf,sizeof buf);
- if (p != NULL)
- {
- /* This works only for SSL 2. In later protocol
- * versions, the client does not know what other
- * ciphers (in addition to the one to be used
- * in the current connection) the server supports. */
-
- BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
- j=i=0;
- while (*p)
- {
- if (*p == ':')
- {
- BIO_write(bio,space,15-j%25);
- i++;
- j=0;
- BIO_write(bio,((i%3)?" ":"\n"),1);
- }
- else
- {
- BIO_write(bio,p,1);
- j++;
- }
- p++;
- }
- BIO_write(bio,"\n",1);
- }
-
- BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
- BIO_number_read(SSL_get_rbio(s)),
- BIO_number_written(SSL_get_wbio(s)));
- }
- BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
- c=SSL_get_current_cipher(s);
- BIO_printf(bio,"%s, Cipher is %s\n",
- SSL_CIPHER_get_version(c),
- SSL_CIPHER_get_name(c));
- if (peer != NULL) {
- EVP_PKEY *pktmp;
- pktmp = X509_get_pubkey(peer);
- BIO_printf(bio,"Server public key is %d bit\n",
- EVP_PKEY_bits(pktmp));
- EVP_PKEY_free(pktmp);
- }
- BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
- SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
-#ifndef OPENSSL_NO_COMP
- comp=SSL_get_current_compression(s);
- expansion=SSL_get_current_expansion(s);
- BIO_printf(bio,"Compression: %s\n",
- comp ? SSL_COMP_get_name(comp) : "NONE");
- BIO_printf(bio,"Expansion: %s\n",
- expansion ? SSL_COMP_get_name(expansion) : "NONE");
-#endif
- SSL_SESSION_print(bio,SSL_get_session(s));
- BIO_printf(bio,"---\n");
- if (peer != NULL)
- X509_free(peer);
- /* flush, or debugging output gets mixed with http response */
- (void)BIO_flush(bio);
- }
-
-#ifndef OPENSSL_NO_TLSEXT
-
-static int ocsp_resp_cb(SSL *s, void *arg)
- {
- const unsigned char *p;
- int len;
- OCSP_RESPONSE *rsp;
- len = SSL_get_tlsext_status_ocsp_resp(s, &p);
- BIO_puts(arg, "OCSP response: ");
- if (!p)
- {
- BIO_puts(arg, "no response sent\n");
- return 1;
- }
- rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
- if (!rsp)
- {
- BIO_puts(arg, "response parse error\n");
- BIO_dump_indent(arg, (char *)p, len, 4);
- return 0;
- }
- BIO_puts(arg, "\n======================================\n");
- OCSP_RESPONSE_print(arg, rsp, 0);
- BIO_puts(arg, "======================================\n");
- OCSP_RESPONSE_free(rsp);
- return 1;
- }
-#endif /* ndef OPENSSL_NO_TLSEXT */
Copied: vendor-crypto/openssl/0.9.8zf/apps/s_client.c (from rev 6976, vendor-crypto/openssl/dist/apps/s_client.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/s_client.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/s_client.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1537 @@
+/* apps/s_client.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly... So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#define USE_SOCKETS
+#include "apps.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#include "s_apps.h"
+#include "timeouts.h"
+
+#ifdef OPENSSL_SYS_WINCE
+/*
+ * Windows CE incorrectly defines fileno as returning void*, so to avoid
+ * problems below...
+ */
+# ifdef fileno
+# undef fileno
+# endif
+# define fileno(a) (int)_fileno(a)
+#endif
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+# undef FIONBIO
+#endif
+
+#undef PROG
+#define PROG s_client_main
+
+/*
+ * #define SSL_HOST_NAME "www.netscape.com"
+ */
+/*
+ * #define SSL_HOST_NAME "193.118.187.102"
+ */
+#define SSL_HOST_NAME "localhost"
+
+/* no default cert. */
+/*
+ * #define TEST_CERT "client.pem"
+ */
+
+#undef BUFSIZZ
+#define BUFSIZZ 1024*8
+
+extern int verify_depth;
+extern int verify_error;
+
+#ifdef FIONBIO
+static int c_nbio = 0;
+#endif
+static int c_Pause = 0;
+static int c_debug = 0;
+#ifndef OPENSSL_NO_TLSEXT
+static int c_tlsextdebug = 0;
+static int c_status_req = 0;
+#endif
+static int c_msg = 0;
+static int c_showcerts = 0;
+
+static void sc_usage(void);
+static void print_stuff(BIO *berr, SSL *con, int full);
+#ifndef OPENSSL_NO_TLSEXT
+static int ocsp_resp_cb(SSL *s, void *arg);
+#endif
+static BIO *bio_c_out = NULL;
+static int c_quiet = 0;
+static int c_ign_eof = 0;
+
+static void sc_usage(void)
+{
+ BIO_printf(bio_err, "usage: s_client args\n");
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, " -host host - use -connect instead\n");
+ BIO_printf(bio_err, " -port port - use -connect instead\n");
+ BIO_printf(bio_err,
+ " -connect host:port - who to connect to (default is %s:%s)\n",
+ SSL_HOST_NAME, PORT_STR);
+
+ BIO_printf(bio_err,
+ " -verify depth - turn on peer certificate verification\n");
+ BIO_printf(bio_err,
+ " -cert arg - certificate file to use, PEM format assumed\n");
+ BIO_printf(bio_err,
+ " -certform arg - certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err,
+ " -key arg - Private key file to use, in cert file if\n");
+ BIO_printf(bio_err, " not specified but cert file is.\n");
+ BIO_printf(bio_err,
+ " -keyform arg - key format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err,
+ " -pass arg - private key file pass phrase source\n");
+ BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err,
+ " -reconnect - Drop and re-make the connection with the same Session-ID\n");
+ BIO_printf(bio_err,
+ " -pause - sleep(1) after each read(2) and write(2) system call\n");
+ BIO_printf(bio_err,
+ " -showcerts - show all certificates in the chain\n");
+ BIO_printf(bio_err, " -debug - extra output\n");
+#ifdef WATT32
+ BIO_printf(bio_err, " -wdebug - WATT-32 tcp debugging\n");
+#endif
+ BIO_printf(bio_err, " -msg - Show protocol messages\n");
+ BIO_printf(bio_err, " -nbio_test - more ssl protocol testing\n");
+ BIO_printf(bio_err, " -state - print the 'ssl' states\n");
+#ifdef FIONBIO
+ BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n");
+#endif
+ BIO_printf(bio_err,
+ " -crlf - convert LF from terminal into CRLF\n");
+ BIO_printf(bio_err, " -quiet - no s_client output\n");
+ BIO_printf(bio_err,
+ " -ign_eof - ignore input eof (default when -quiet)\n");
+ BIO_printf(bio_err, " -no_ign_eof - don't ignore input eof\n");
+ BIO_printf(bio_err, " -ssl2 - just use SSLv2\n");
+ BIO_printf(bio_err, " -ssl3 - just use SSLv3\n");
+ BIO_printf(bio_err, " -tls1 - just use TLSv1\n");
+ BIO_printf(bio_err, " -dtls1 - just use DTLSv1\n");
+ BIO_printf(bio_err, " -fallback_scsv - send TLS_FALLBACK_SCSV\n");
+ BIO_printf(bio_err, " -mtu - set the link layer MTU\n");
+ BIO_printf(bio_err,
+ " -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
+ BIO_printf(bio_err,
+ " -bugs - Switch on all SSL implementation bug workarounds\n");
+ BIO_printf(bio_err,
+ " -serverpref - Use server's cipher preferences (only SSLv2)\n");
+ BIO_printf(bio_err,
+ " -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
+ BIO_printf(bio_err,
+ " command to see what is available\n");
+ BIO_printf(bio_err,
+ " -starttls prot - use the STARTTLS command before starting TLS\n");
+ BIO_printf(bio_err,
+ " for those protocols that support it, where\n");
+ BIO_printf(bio_err,
+ " 'prot' defines which one to assume. Currently,\n");
+ BIO_printf(bio_err,
+ " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
+ BIO_printf(bio_err, " are supported.\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine id - Initialise and use the specified engine\n");
+#endif
+ BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+ LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err, " -sess_out arg - file to write SSL session to\n");
+ BIO_printf(bio_err, " -sess_in arg - file to read SSL session from\n");
+#ifndef OPENSSL_NO_TLSEXT
+ BIO_printf(bio_err,
+ " -servername host - Set TLS extension servername in ClientHello\n");
+ BIO_printf(bio_err,
+ " -tlsextdebug - hex dump of all TLS extensions received\n");
+ BIO_printf(bio_err,
+ " -status - request certificate status from server\n");
+ BIO_printf(bio_err,
+ " -no_ticket - disable use of RFC4507bis session tickets\n");
+#endif
+ BIO_printf(bio_err,
+ " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+}
+
+#ifndef OPENSSL_NO_TLSEXT
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+ BIO *biodebug;
+ int ack;
+} tlsextctx;
+
+static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
+{
+ tlsextctx *p = (tlsextctx *) arg;
+ const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+ if (SSL_get_servername_type(s) != -1)
+ p->ack = !SSL_session_reused(s) && hn != NULL;
+ else
+ BIO_printf(bio_err, "Can't use SSL_get_servername\n");
+
+ return SSL_TLSEXT_ERR_OK;
+}
+#endif
+enum {
+ PROTO_OFF = 0,
+ PROTO_SMTP,
+ PROTO_POP3,
+ PROTO_IMAP,
+ PROTO_FTP,
+ PROTO_XMPP
+};
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int off = 0, clr = 0;
+ SSL *con = NULL, *con2 = NULL;
+ X509_STORE *store = NULL;
+ int s, k, width, state = 0;
+ char *cbuf = NULL, *sbuf = NULL, *mbuf = NULL;
+ int cbuf_len, cbuf_off;
+ int sbuf_len, sbuf_off;
+ fd_set readfds, writefds;
+ short port = PORT;
+ int full_log = 1;
+ char *host = SSL_HOST_NAME;
+ char *cert_file = NULL, *key_file = NULL;
+ int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
+ char *passarg = NULL, *pass = NULL;
+ X509 *cert = NULL;
+ EVP_PKEY *key = NULL;
+ char *CApath = NULL, *CAfile = NULL, *cipher = NULL;
+ int reconnect = 0, badop = 0, verify = SSL_VERIFY_NONE, bugs = 0;
+ int crlf = 0;
+ int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
+ SSL_CTX *ctx = NULL;
+ int ret = 1, in_init = 1, i, nbio_test = 0;
+ int starttls_proto = PROTO_OFF;
+ int prexit = 0, vflags = 0;
+ SSL_METHOD *meth = NULL;
+#ifdef sock_type
+# undef sock_type
+#endif
+ int sock_type = SOCK_STREAM;
+ BIO *sbio;
+ char *inrand = NULL;
+ int mbuf_len = 0;
+ struct timeval timeout, *timeoutp;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine_id = NULL;
+ char *ssl_client_engine_id = NULL;
+ ENGINE *ssl_client_engine = NULL;
+#endif
+ ENGINE *e = NULL;
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+ struct timeval tv;
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+ char *servername = NULL;
+ tlsextctx tlsextcbp = { NULL, 0 };
+#endif
+ char *sess_in = NULL;
+ char *sess_out = NULL;
+ struct sockaddr peer;
+ int peerlen = sizeof(peer);
+ int fallback_scsv = 0;
+ int enable_timeouts = 0;
+ long socket_mtu = 0;
+#ifndef OPENSSL_NO_JPAKE
+ char *jpake_secret = NULL;
+#endif
+
+ meth = SSLv23_client_method();
+
+ apps_startup();
+ c_Pause = 0;
+ c_quiet = 0;
+ c_ign_eof = 0;
+ c_debug = 0;
+ c_msg = 0;
+ c_showcerts = 0;
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ if (((cbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) ||
+ ((sbuf = OPENSSL_malloc(BUFSIZZ)) == NULL) ||
+ ((mbuf = OPENSSL_malloc(BUFSIZZ)) == NULL)) {
+ BIO_printf(bio_err, "out of memory\n");
+ goto end;
+ }
+
+ verify_depth = 0;
+ verify_error = X509_V_OK;
+#ifdef FIONBIO
+ c_nbio = 0;
+#endif
+
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-host") == 0) {
+ if (--argc < 1)
+ goto bad;
+ host = *(++argv);
+ } else if (strcmp(*argv, "-port") == 0) {
+ if (--argc < 1)
+ goto bad;
+ port = atoi(*(++argv));
+ if (port == 0)
+ goto bad;
+ } else if (strcmp(*argv, "-connect") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!extract_host_port(*(++argv), &host, NULL, &port))
+ goto bad;
+ } else if (strcmp(*argv, "-verify") == 0) {
+ verify = SSL_VERIFY_PEER;
+ if (--argc < 1)
+ goto bad;
+ verify_depth = atoi(*(++argv));
+ BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+ } else if (strcmp(*argv, "-cert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ cert_file = *(++argv);
+ } else if (strcmp(*argv, "-sess_out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ sess_out = *(++argv);
+ } else if (strcmp(*argv, "-sess_in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ sess_in = *(++argv);
+ } else if (strcmp(*argv, "-certform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ cert_format = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-crl_check") == 0)
+ vflags |= X509_V_FLAG_CRL_CHECK;
+ else if (strcmp(*argv, "-crl_check_all") == 0)
+ vflags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
+ else if (strcmp(*argv, "-prexit") == 0)
+ prexit = 1;
+ else if (strcmp(*argv, "-crlf") == 0)
+ crlf = 1;
+ else if (strcmp(*argv, "-quiet") == 0) {
+ c_quiet = 1;
+ c_ign_eof = 1;
+ } else if (strcmp(*argv, "-ign_eof") == 0)
+ c_ign_eof = 1;
+ else if (strcmp(*argv, "-no_ign_eof") == 0)
+ c_ign_eof = 0;
+ else if (strcmp(*argv, "-pause") == 0)
+ c_Pause = 1;
+ else if (strcmp(*argv, "-debug") == 0)
+ c_debug = 1;
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv, "-tlsextdebug") == 0)
+ c_tlsextdebug = 1;
+ else if (strcmp(*argv, "-status") == 0)
+ c_status_req = 1;
+#endif
+#ifdef WATT32
+ else if (strcmp(*argv, "-wdebug") == 0)
+ dbug_init();
+#endif
+ else if (strcmp(*argv, "-msg") == 0)
+ c_msg = 1;
+ else if (strcmp(*argv, "-showcerts") == 0)
+ c_showcerts = 1;
+ else if (strcmp(*argv, "-nbio_test") == 0)
+ nbio_test = 1;
+ else if (strcmp(*argv, "-state") == 0)
+ state = 1;
+#ifndef OPENSSL_NO_SSL2
+ else if (strcmp(*argv, "-ssl2") == 0)
+ meth = SSLv2_client_method();
+#endif
+#ifndef OPENSSL_NO_SSL3
+ else if (strcmp(*argv, "-ssl3") == 0)
+ meth = SSLv3_client_method();
+#endif
+#ifndef OPENSSL_NO_TLS1
+ else if (strcmp(*argv, "-tls1") == 0)
+ meth = TLSv1_client_method();
+#endif
+#ifndef OPENSSL_NO_DTLS1
+ else if (strcmp(*argv, "-dtls1") == 0) {
+ meth = DTLSv1_client_method();
+ sock_type = SOCK_DGRAM;
+ } else if (strcmp(*argv, "-timeout") == 0)
+ enable_timeouts = 1;
+ else if (strcmp(*argv, "-mtu") == 0) {
+ if (--argc < 1)
+ goto bad;
+ socket_mtu = atol(*(++argv));
+ }
+#endif
+ else if (strcmp(*argv, "-fallback_scsv") == 0) {
+ fallback_scsv = 1;
+ } else if (strcmp(*argv, "-bugs") == 0)
+ bugs = 1;
+ else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ key_format = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-pass") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passarg = *(++argv);
+ } else if (strcmp(*argv, "-key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ key_file = *(++argv);
+ } else if (strcmp(*argv, "-reconnect") == 0) {
+ reconnect = 5;
+ } else if (strcmp(*argv, "-CApath") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CApath = *(++argv);
+ } else if (strcmp(*argv, "-CAfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAfile = *(++argv);
+ } else if (strcmp(*argv, "-no_tls1") == 0)
+ off |= SSL_OP_NO_TLSv1;
+ else if (strcmp(*argv, "-no_ssl3") == 0)
+ off |= SSL_OP_NO_SSLv3;
+ else if (strcmp(*argv, "-no_ssl2") == 0)
+ off |= SSL_OP_NO_SSLv2;
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv, "-no_ticket") == 0) {
+ off |= SSL_OP_NO_TICKET;
+ }
+#endif
+ else if (strcmp(*argv, "-serverpref") == 0)
+ off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+ else if (strcmp(*argv, "-legacy_renegotiation") == 0)
+ off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+ else if (strcmp(*argv, "-legacy_server_connect") == 0) {
+ off |= SSL_OP_LEGACY_SERVER_CONNECT;
+ } else if (strcmp(*argv, "-no_legacy_server_connect") == 0) {
+ clr |= SSL_OP_LEGACY_SERVER_CONNECT;
+ } else if (strcmp(*argv, "-cipher") == 0) {
+ if (--argc < 1)
+ goto bad;
+ cipher = *(++argv);
+ }
+#ifdef FIONBIO
+ else if (strcmp(*argv, "-nbio") == 0) {
+ c_nbio = 1;
+ }
+#endif
+ else if (strcmp(*argv, "-starttls") == 0) {
+ if (--argc < 1)
+ goto bad;
+ ++argv;
+ if (strcmp(*argv, "smtp") == 0)
+ starttls_proto = PROTO_SMTP;
+ else if (strcmp(*argv, "pop3") == 0)
+ starttls_proto = PROTO_POP3;
+ else if (strcmp(*argv, "imap") == 0)
+ starttls_proto = PROTO_IMAP;
+ else if (strcmp(*argv, "ftp") == 0)
+ starttls_proto = PROTO_FTP;
+ else if (strcmp(*argv, "xmpp") == 0)
+ starttls_proto = PROTO_XMPP;
+ else
+ goto bad;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine_id = *(++argv);
+ } else if (strcmp(*argv, "-ssl_client_engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ ssl_client_engine_id = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv, "-servername") == 0) {
+ if (--argc < 1)
+ goto bad;
+ servername = *(++argv);
+ /* meth=TLSv1_client_method(); */
+ }
+#endif
+#ifndef OPENSSL_NO_JPAKE
+ else if (strcmp(*argv, "-jpake") == 0) {
+ if (--argc < 1)
+ goto bad;
+ jpake_secret = *++argv;
+ }
+#endif
+ else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badop = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+ if (badop) {
+ bad:
+ sc_usage();
+ goto end;
+ }
+
+ OpenSSL_add_ssl_algorithms();
+ SSL_load_error_strings();
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine_id, 1);
+ if (ssl_client_engine_id) {
+ ssl_client_engine = ENGINE_by_id(ssl_client_engine_id);
+ if (!ssl_client_engine) {
+ BIO_printf(bio_err, "Error getting client auth engine\n");
+ goto end;
+ }
+ }
+#endif
+ if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (key_file == NULL)
+ key_file = cert_file;
+
+ if (key_file) {
+
+ key = load_key(bio_err, key_file, key_format, 0, pass, e,
+ "client certificate private key file");
+ if (!key) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ }
+
+ if (cert_file) {
+ cert = load_cert(bio_err, cert_file, cert_format,
+ NULL, e, "client certificate file");
+
+ if (!cert) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+ && !RAND_status()) {
+ BIO_printf(bio_err,
+ "warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ if (bio_c_out == NULL) {
+ if (c_quiet && !c_debug && !c_msg) {
+ bio_c_out = BIO_new(BIO_s_null());
+ } else {
+ if (bio_c_out == NULL)
+ bio_c_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ }
+ }
+
+ ctx = SSL_CTX_new(meth);
+ if (ctx == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ if (ssl_client_engine) {
+ if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) {
+ BIO_puts(bio_err, "Error setting client auth engine\n");
+ ERR_print_errors(bio_err);
+ ENGINE_free(ssl_client_engine);
+ goto end;
+ }
+ ENGINE_free(ssl_client_engine);
+ }
+#endif
+
+ if (bugs)
+ SSL_CTX_set_options(ctx, SSL_OP_ALL | off);
+ else
+ SSL_CTX_set_options(ctx, off);
+
+ if (clr)
+ SSL_CTX_clear_options(ctx, clr);
+ /*
+ * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
+ * read ahead solves this problem.
+ */
+ if (sock_type == SOCK_DGRAM)
+ SSL_CTX_set_read_ahead(ctx, 1);
+
+ if (state)
+ SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
+ if (cipher != NULL)
+ if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
+ BIO_printf(bio_err, "error setting cipher list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+#if 0
+ else
+ SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER"));
+#endif
+
+ SSL_CTX_set_verify(ctx, verify, verify_callback);
+ if (!set_cert_key_stuff(ctx, cert, key))
+ goto end;
+
+ if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(ctx))) {
+ /*
+ * BIO_printf(bio_err,"error setting default verify locations\n");
+ */
+ ERR_print_errors(bio_err);
+ /* goto end; */
+ }
+
+ store = SSL_CTX_get_cert_store(ctx);
+ X509_STORE_set_flags(store, vflags);
+#ifndef OPENSSL_NO_TLSEXT
+ if (servername != NULL) {
+ tlsextcbp.biodebug = bio_err;
+ SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+ }
+#endif
+
+ con = SSL_new(ctx);
+ if (sess_in) {
+ SSL_SESSION *sess;
+ BIO *stmp = BIO_new_file(sess_in, "r");
+ if (!stmp) {
+ BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
+ BIO_free(stmp);
+ if (!sess) {
+ BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ SSL_set_session(con, sess);
+ SSL_SESSION_free(sess);
+ }
+
+ if (fallback_scsv)
+ SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
+
+#ifndef OPENSSL_NO_TLSEXT
+ if (servername != NULL) {
+ if (!SSL_set_tlsext_host_name(con, servername)) {
+ BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+#endif
+
+#ifndef OPENSSL_NO_KRB5
+ if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL) {
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
+ }
+#endif /* OPENSSL_NO_KRB5 */
+/* SSL_set_cipher_list(con,"RC4-MD5"); */
+
+ re_start:
+
+ if (init_client(&s, host, port, sock_type) == 0) {
+ BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
+ SHUTDOWN(s);
+ goto end;
+ }
+ BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s);
+
+#ifdef FIONBIO
+ if (c_nbio) {
+ unsigned long l = 1;
+ BIO_printf(bio_c_out, "turning on non blocking io\n");
+ if (BIO_socket_ioctl(s, FIONBIO, &l) < 0) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+#endif
+ if (c_Pause & 0x01)
+ con->debug = 1;
+
+ if (SSL_version(con) == DTLS1_VERSION) {
+
+ sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+ if (getsockname(s, &peer, (void *)&peerlen) < 0) {
+ BIO_printf(bio_err, "getsockname:errno=%d\n",
+ get_last_socket_error());
+ SHUTDOWN(s);
+ goto end;
+ }
+
+ (void)BIO_ctrl_set_connected(sbio, 1, &peer);
+
+ if (enable_timeouts) {
+ timeout.tv_sec = 0;
+ timeout.tv_usec = DGRAM_RCV_TIMEOUT;
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+
+ timeout.tv_sec = 0;
+ timeout.tv_usec = DGRAM_SND_TIMEOUT;
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
+ }
+
+ if (socket_mtu > 28) {
+ SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
+ SSL_set_mtu(con, socket_mtu - 28);
+ } else
+ /* want to do MTU discovery */
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+ } else
+ sbio = BIO_new_socket(s, BIO_NOCLOSE);
+
+ if (nbio_test) {
+ BIO *test;
+
+ test = BIO_new(BIO_f_nbio_test());
+ sbio = BIO_push(test, sbio);
+ }
+
+ if (c_debug) {
+ con->debug = 1;
+ BIO_set_callback(sbio, bio_dump_callback);
+ BIO_set_callback_arg(sbio, (char *)bio_c_out);
+ }
+ if (c_msg) {
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_c_out);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ if (c_tlsextdebug) {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_c_out);
+ }
+ if (c_status_req) {
+ SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
+ SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
+ SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
+# if 0
+ {
+ STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null();
+ OCSP_RESPID *id = OCSP_RESPID_new();
+ id->value.byKey = ASN1_OCTET_STRING_new();
+ id->type = V_OCSP_RESPID_KEY;
+ ASN1_STRING_set(id->value.byKey, "Hello World", -1);
+ sk_OCSP_RESPID_push(ids, id);
+ SSL_set_tlsext_status_ids(con, ids);
+ }
+# endif
+ }
+#endif
+#ifndef OPENSSL_NO_JPAKE
+ if (jpake_secret)
+ jpake_client_auth(bio_c_out, sbio, jpake_secret);
+#endif
+
+ SSL_set_bio(con, sbio, sbio);
+ SSL_set_connect_state(con);
+
+ /* ok, lets connect */
+ width = SSL_get_fd(con) + 1;
+
+ read_tty = 1;
+ write_tty = 0;
+ tty_on = 0;
+ read_ssl = 1;
+ write_ssl = 1;
+
+ cbuf_len = 0;
+ cbuf_off = 0;
+ sbuf_len = 0;
+ sbuf_off = 0;
+
+ /* This is an ugly hack that does a lot of assumptions */
+ /*
+ * We do have to handle multi-line responses which may come in a single
+ * packet or not. We therefore have to use BIO_gets() which does need a
+ * buffering BIO. So during the initial chitchat we do push a buffering
+ * BIO into the chain that is removed again later on to not disturb the
+ * rest of the s_client operation.
+ */
+ if (starttls_proto == PROTO_SMTP) {
+ int foundit = 0;
+ BIO *fbio = BIO_new(BIO_f_buffer());
+ BIO_push(fbio, sbio);
+ /* wait for multi-line response to end from SMTP */
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ }
+ while (mbuf_len > 3 && mbuf[3] == '-');
+ /* STARTTLS command requires EHLO... */
+ BIO_printf(fbio, "EHLO openssl.client.net\r\n");
+ (void)BIO_flush(fbio);
+ /* wait for multi-line response to end EHLO SMTP response */
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ if (strstr(mbuf, "STARTTLS"))
+ foundit = 1;
+ }
+ while (mbuf_len > 3 && mbuf[3] == '-');
+ (void)BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
+ if (!foundit)
+ BIO_printf(bio_err,
+ "didn't found starttls in server response,"
+ " try anyway...\n");
+ BIO_printf(sbio, "STARTTLS\r\n");
+ BIO_read(sbio, sbuf, BUFSIZZ);
+ } else if (starttls_proto == PROTO_POP3) {
+ BIO_read(sbio, mbuf, BUFSIZZ);
+ BIO_printf(sbio, "STLS\r\n");
+ BIO_read(sbio, sbuf, BUFSIZZ);
+ } else if (starttls_proto == PROTO_IMAP) {
+ int foundit = 0;
+ BIO *fbio = BIO_new(BIO_f_buffer());
+ BIO_push(fbio, sbio);
+ BIO_gets(fbio, mbuf, BUFSIZZ);
+ /* STARTTLS command requires CAPABILITY... */
+ BIO_printf(fbio, ". CAPABILITY\r\n");
+ (void)BIO_flush(fbio);
+ /* wait for multi-line CAPABILITY response */
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ if (strstr(mbuf, "STARTTLS"))
+ foundit = 1;
+ }
+ while (mbuf_len > 3 && mbuf[0] != '.');
+ (void)BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
+ if (!foundit)
+ BIO_printf(bio_err,
+ "didn't found STARTTLS in server response,"
+ " try anyway...\n");
+ BIO_printf(sbio, ". STARTTLS\r\n");
+ BIO_read(sbio, sbuf, BUFSIZZ);
+ } else if (starttls_proto == PROTO_FTP) {
+ BIO *fbio = BIO_new(BIO_f_buffer());
+ BIO_push(fbio, sbio);
+ /* wait for multi-line response to end from FTP */
+ do {
+ mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+ }
+ while (mbuf_len > 3 && mbuf[3] == '-');
+ (void)BIO_flush(fbio);
+ BIO_pop(fbio);
+ BIO_free(fbio);
+ BIO_printf(sbio, "AUTH TLS\r\n");
+ BIO_read(sbio, sbuf, BUFSIZZ);
+ }
+ if (starttls_proto == PROTO_XMPP) {
+ int seen = 0;
+ BIO_printf(sbio, "<stream:stream "
+ "xmlns:stream='http://etherx.jabber.org/streams' "
+ "xmlns='jabber:client' to='%s' version='1.0'>", host);
+ seen = BIO_read(sbio, mbuf, BUFSIZZ);
+ mbuf[seen] = 0;
+ while (!strstr
+ (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) {
+ if (strstr(mbuf, "/stream:features>"))
+ goto shut;
+ seen = BIO_read(sbio, mbuf, BUFSIZZ);
+ mbuf[seen] = 0;
+ }
+ BIO_printf(sbio,
+ "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
+ seen = BIO_read(sbio, sbuf, BUFSIZZ);
+ sbuf[seen] = 0;
+ if (!strstr(sbuf, "<proceed"))
+ goto shut;
+ mbuf[0] = 0;
+ }
+
+ for (;;) {
+ FD_ZERO(&readfds);
+ FD_ZERO(&writefds);
+
+ if ((SSL_version(con) == DTLS1_VERSION) &&
+ DTLSv1_get_timeout(con, &timeout))
+ timeoutp = &timeout;
+ else
+ timeoutp = NULL;
+
+ if (SSL_in_init(con) && !SSL_total_renegotiations(con)) {
+ in_init = 1;
+ tty_on = 0;
+ } else {
+ tty_on = 1;
+ if (in_init) {
+ in_init = 0;
+ if (sess_out) {
+ BIO *stmp = BIO_new_file(sess_out, "w");
+ if (stmp) {
+ PEM_write_bio_SSL_SESSION(stmp, SSL_get_session(con));
+ BIO_free(stmp);
+ } else
+ BIO_printf(bio_err, "Error writing session file %s\n",
+ sess_out);
+ }
+ print_stuff(bio_c_out, con, full_log);
+ if (full_log > 0)
+ full_log--;
+
+ if (starttls_proto) {
+ BIO_printf(bio_err, "%s", mbuf);
+ /* We don't need to know any more */
+ starttls_proto = PROTO_OFF;
+ }
+
+ if (reconnect) {
+ reconnect--;
+ BIO_printf(bio_c_out,
+ "drop connection and then reconnect\n");
+ SSL_shutdown(con);
+ SSL_set_connect_state(con);
+ SHUTDOWN(SSL_get_fd(con));
+ goto re_start;
+ }
+ }
+ }
+
+ ssl_pending = read_ssl && SSL_pending(con);
+
+ if (!ssl_pending) {
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
+ if (tty_on) {
+ if (read_tty)
+ FD_SET(fileno(stdin), &readfds);
+ if (write_tty)
+ FD_SET(fileno(stdout), &writefds);
+ }
+ if (read_ssl)
+ FD_SET(SSL_get_fd(con), &readfds);
+ if (write_ssl)
+ FD_SET(SSL_get_fd(con), &writefds);
+#else
+ if (!tty_on || !write_tty) {
+ if (read_ssl)
+ FD_SET(SSL_get_fd(con), &readfds);
+ if (write_ssl)
+ FD_SET(SSL_get_fd(con), &writefds);
+ }
+#endif
+/*- printf("mode tty(%d %d%d) ssl(%d%d)\n",
+ tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
+
+ /*
+ * Note: under VMS with SOCKETSHR the second parameter is
+ * currently of type (int *) whereas under other systems it is
+ * (void *) if you don't have a cast it will choke the compiler:
+ * if you do have a cast then you can either go for (int *) or
+ * (void *).
+ */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+ /*
+ * Under Windows/DOS we make the assumption that we can always
+ * write to the tty: therefore if we need to write to the tty we
+ * just fall through. Otherwise we timeout the select every
+ * second and see if there are any keypresses. Note: this is a
+ * hack, in a proper Windows application we wouldn't do this.
+ */
+ i = 0;
+ if (!write_tty) {
+ if (read_tty) {
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ i = select(width, (void *)&readfds, (void *)&writefds,
+ NULL, &tv);
+# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
+ if (!i && (!_kbhit() || !read_tty))
+ continue;
+# else
+ if (!i && (!((_kbhit())
+ || (WAIT_OBJECT_0 ==
+ WaitForSingleObject(GetStdHandle
+ (STD_INPUT_HANDLE),
+ 0)))
+ || !read_tty))
+ continue;
+# endif
+ } else
+ i = select(width, (void *)&readfds, (void *)&writefds,
+ NULL, timeoutp);
+ }
+#elif defined(OPENSSL_SYS_NETWARE)
+ if (!write_tty) {
+ if (read_tty) {
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ i = select(width, (void *)&readfds, (void *)&writefds,
+ NULL, &tv);
+ } else
+ i = select(width, (void *)&readfds, (void *)&writefds,
+ NULL, timeoutp);
+ }
+#else
+ i = select(width, (void *)&readfds, (void *)&writefds,
+ NULL, timeoutp);
+#endif
+ if (i < 0) {
+ BIO_printf(bio_err, "bad select %d\n",
+ get_last_socket_error());
+ goto shut;
+ /* goto end; */
+ }
+ }
+
+ if ((SSL_version(con) == DTLS1_VERSION)
+ && DTLSv1_handle_timeout(con) > 0) {
+ BIO_printf(bio_err, "TIMEOUT occured\n");
+ }
+
+ if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) {
+ k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len);
+ switch (SSL_get_error(con, k)) {
+ case SSL_ERROR_NONE:
+ cbuf_off += k;
+ cbuf_len -= k;
+ if (k <= 0)
+ goto end;
+ /* we have done a write(con,NULL,0); */
+ if (cbuf_len <= 0) {
+ read_tty = 1;
+ write_ssl = 0;
+ } else { /* if (cbuf_len > 0) */
+
+ read_tty = 0;
+ write_ssl = 1;
+ }
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ BIO_printf(bio_c_out, "write W BLOCK\n");
+ write_ssl = 1;
+ read_tty = 0;
+ break;
+ case SSL_ERROR_WANT_READ:
+ BIO_printf(bio_c_out, "write R BLOCK\n");
+ write_tty = 0;
+ read_ssl = 1;
+ write_ssl = 0;
+ break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_printf(bio_c_out, "write X BLOCK\n");
+ break;
+ case SSL_ERROR_ZERO_RETURN:
+ if (cbuf_len != 0) {
+ BIO_printf(bio_c_out, "shutdown\n");
+ goto shut;
+ } else {
+ read_tty = 1;
+ write_ssl = 0;
+ break;
+ }
+
+ case SSL_ERROR_SYSCALL:
+ if ((k != 0) || (cbuf_len != 0)) {
+ BIO_printf(bio_err, "write:errno=%d\n",
+ get_last_socket_error());
+ goto shut;
+ } else {
+ read_tty = 1;
+ write_ssl = 0;
+ }
+ break;
+ case SSL_ERROR_SSL:
+ ERR_print_errors(bio_err);
+ goto shut;
+ }
+ }
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+ /* Assume Windows/DOS can always write */
+ else if (!ssl_pending && write_tty)
+#else
+ else if (!ssl_pending && FD_ISSET(fileno(stdout), &writefds))
+#endif
+ {
+#ifdef CHARSET_EBCDIC
+ ascii2ebcdic(&(sbuf[sbuf_off]), &(sbuf[sbuf_off]), sbuf_len);
+#endif
+ i = write(fileno(stdout), &(sbuf[sbuf_off]), sbuf_len);
+
+ if (i <= 0) {
+ BIO_printf(bio_c_out, "DONE\n");
+ goto shut;
+ /* goto end; */
+ }
+
+ sbuf_len -= i;;
+ sbuf_off += i;
+ if (sbuf_len <= 0) {
+ read_ssl = 1;
+ write_tty = 0;
+ }
+ } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) {
+#ifdef RENEG
+ {
+ static int iiii;
+ if (++iiii == 52) {
+ SSL_renegotiate(con);
+ iiii = 0;
+ }
+ }
+#endif
+#if 1
+ k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
+#else
+/* Demo for pending and peek :-) */
+ k = SSL_read(con, sbuf, 16);
+ {
+ char zbuf[10240];
+ printf("read=%d pending=%d peek=%d\n", k, SSL_pending(con),
+ SSL_peek(con, zbuf, 10240));
+ }
+#endif
+
+ switch (SSL_get_error(con, k)) {
+ case SSL_ERROR_NONE:
+ if (k <= 0)
+ goto end;
+ sbuf_off = 0;
+ sbuf_len = k;
+
+ read_ssl = 0;
+ write_tty = 1;
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ BIO_printf(bio_c_out, "read W BLOCK\n");
+ write_ssl = 1;
+ read_tty = 0;
+ break;
+ case SSL_ERROR_WANT_READ:
+ BIO_printf(bio_c_out, "read R BLOCK\n");
+ write_tty = 0;
+ read_ssl = 1;
+ if ((read_tty == 0) && (write_ssl == 0))
+ write_ssl = 1;
+ break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_printf(bio_c_out, "read X BLOCK\n");
+ break;
+ case SSL_ERROR_SYSCALL:
+ BIO_printf(bio_err, "read:errno=%d\n",
+ get_last_socket_error());
+ goto shut;
+ case SSL_ERROR_ZERO_RETURN:
+ BIO_printf(bio_c_out, "closed\n");
+ goto shut;
+ case SSL_ERROR_SSL:
+ ERR_print_errors(bio_err);
+ goto shut;
+ /* break; */
+ }
+ }
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
+ else if (_kbhit())
+# else
+ else if ((_kbhit())
+ || (WAIT_OBJECT_0 ==
+ WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
+# endif
+#elif defined (OPENSSL_SYS_NETWARE)
+ else if (_kbhit())
+#else
+ else if (FD_ISSET(fileno(stdin), &readfds))
+#endif
+ {
+ if (crlf) {
+ int j, lf_num;
+
+ i = read(fileno(stdin), cbuf, BUFSIZZ / 2);
+ lf_num = 0;
+ /* both loops are skipped when i <= 0 */
+ for (j = 0; j < i; j++)
+ if (cbuf[j] == '\n')
+ lf_num++;
+ for (j = i - 1; j >= 0; j--) {
+ cbuf[j + lf_num] = cbuf[j];
+ if (cbuf[j] == '\n') {
+ lf_num--;
+ i++;
+ cbuf[j + lf_num] = '\r';
+ }
+ }
+ assert(lf_num == 0);
+ } else
+ i = read(fileno(stdin), cbuf, BUFSIZZ);
+
+ if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q'))) {
+ BIO_printf(bio_err, "DONE\n");
+ goto shut;
+ }
+
+ if ((!c_ign_eof) && (cbuf[0] == 'R')) {
+ BIO_printf(bio_err, "RENEGOTIATING\n");
+ SSL_renegotiate(con);
+ cbuf_len = 0;
+ } else {
+ cbuf_len = i;
+ cbuf_off = 0;
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(cbuf, cbuf, i);
+#endif
+ }
+
+ write_ssl = 1;
+ read_tty = 0;
+ }
+ }
+ shut:
+ SSL_shutdown(con);
+ SHUTDOWN(SSL_get_fd(con));
+ ret = 0;
+ end:
+ if (prexit)
+ print_stuff(bio_c_out, con, 1);
+ if (con != NULL)
+ SSL_free(con);
+ if (con2 != NULL)
+ SSL_free(con2);
+ if (ctx != NULL)
+ SSL_CTX_free(ctx);
+ if (cert)
+ X509_free(cert);
+ if (key)
+ EVP_PKEY_free(key);
+ if (pass)
+ OPENSSL_free(pass);
+ if (cbuf != NULL) {
+ OPENSSL_cleanse(cbuf, BUFSIZZ);
+ OPENSSL_free(cbuf);
+ }
+ if (sbuf != NULL) {
+ OPENSSL_cleanse(sbuf, BUFSIZZ);
+ OPENSSL_free(sbuf);
+ }
+ if (mbuf != NULL) {
+ OPENSSL_cleanse(mbuf, BUFSIZZ);
+ OPENSSL_free(mbuf);
+ }
+ if (bio_c_out != NULL) {
+ BIO_free(bio_c_out);
+ bio_c_out = NULL;
+ }
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static void print_stuff(BIO *bio, SSL *s, int full)
+{
+ X509 *peer = NULL;
+ char *p;
+ static const char *space = " ";
+ char buf[BUFSIZ];
+ STACK_OF(X509) *sk;
+ STACK_OF(X509_NAME) *sk2;
+ SSL_CIPHER *c;
+ X509_NAME *xn;
+ int j, i;
+#ifndef OPENSSL_NO_COMP
+ const COMP_METHOD *comp, *expansion;
+#endif
+
+ if (full) {
+ int got_a_chain = 0;
+
+ sk = SSL_get_peer_cert_chain(s);
+ if (sk != NULL) {
+ got_a_chain = 1; /* we don't have it for SSL2 (yet) */
+
+ BIO_printf(bio, "---\nCertificate chain\n");
+ for (i = 0; i < sk_X509_num(sk); i++) {
+ X509_NAME_oneline(X509_get_subject_name(sk_X509_value(sk, i)),
+ buf, sizeof buf);
+ BIO_printf(bio, "%2d s:%s\n", i, buf);
+ X509_NAME_oneline(X509_get_issuer_name(sk_X509_value(sk, i)),
+ buf, sizeof buf);
+ BIO_printf(bio, " i:%s\n", buf);
+ if (c_showcerts)
+ PEM_write_bio_X509(bio, sk_X509_value(sk, i));
+ }
+ }
+
+ BIO_printf(bio, "---\n");
+ peer = SSL_get_peer_certificate(s);
+ if (peer != NULL) {
+ BIO_printf(bio, "Server certificate\n");
+
+ /* Redundant if we showed the whole chain */
+ if (!(c_showcerts && got_a_chain))
+ PEM_write_bio_X509(bio, peer);
+ X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
+ BIO_printf(bio, "subject=%s\n", buf);
+ X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
+ BIO_printf(bio, "issuer=%s\n", buf);
+ } else
+ BIO_printf(bio, "no peer certificate available\n");
+
+ sk2 = SSL_get_client_CA_list(s);
+ if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0)) {
+ BIO_printf(bio, "---\nAcceptable client certificate CA names\n");
+ for (i = 0; i < sk_X509_NAME_num(sk2); i++) {
+ xn = sk_X509_NAME_value(sk2, i);
+ X509_NAME_oneline(xn, buf, sizeof(buf));
+ BIO_write(bio, buf, strlen(buf));
+ BIO_write(bio, "\n", 1);
+ }
+ } else {
+ BIO_printf(bio, "---\nNo client certificate CA names sent\n");
+ }
+ p = SSL_get_shared_ciphers(s, buf, sizeof buf);
+ if (p != NULL) {
+ /*
+ * This works only for SSL 2. In later protocol versions, the
+ * client does not know what other ciphers (in addition to the
+ * one to be used in the current connection) the server supports.
+ */
+
+ BIO_printf(bio,
+ "---\nCiphers common between both SSL endpoints:\n");
+ j = i = 0;
+ while (*p) {
+ if (*p == ':') {
+ BIO_write(bio, space, 15 - j % 25);
+ i++;
+ j = 0;
+ BIO_write(bio, ((i % 3) ? " " : "\n"), 1);
+ } else {
+ BIO_write(bio, p, 1);
+ j++;
+ }
+ p++;
+ }
+ BIO_write(bio, "\n", 1);
+ }
+
+ BIO_printf(bio,
+ "---\nSSL handshake has read %ld bytes and written %ld bytes\n",
+ BIO_number_read(SSL_get_rbio(s)),
+ BIO_number_written(SSL_get_wbio(s)));
+ }
+ BIO_printf(bio, ((s->hit) ? "---\nReused, " : "---\nNew, "));
+ c = SSL_get_current_cipher(s);
+ BIO_printf(bio, "%s, Cipher is %s\n",
+ SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+ if (peer != NULL) {
+ EVP_PKEY *pktmp;
+ pktmp = X509_get_pubkey(peer);
+ BIO_printf(bio, "Server public key is %d bit\n",
+ EVP_PKEY_bits(pktmp));
+ EVP_PKEY_free(pktmp);
+ }
+ BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
+ SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
+#ifndef OPENSSL_NO_COMP
+ comp = SSL_get_current_compression(s);
+ expansion = SSL_get_current_expansion(s);
+ BIO_printf(bio, "Compression: %s\n",
+ comp ? SSL_COMP_get_name(comp) : "NONE");
+ BIO_printf(bio, "Expansion: %s\n",
+ expansion ? SSL_COMP_get_name(expansion) : "NONE");
+#endif
+ SSL_SESSION_print(bio, SSL_get_session(s));
+ BIO_printf(bio, "---\n");
+ if (peer != NULL)
+ X509_free(peer);
+ /* flush, or debugging output gets mixed with http response */
+ (void)BIO_flush(bio);
+}
+
+#ifndef OPENSSL_NO_TLSEXT
+
+static int ocsp_resp_cb(SSL *s, void *arg)
+{
+ const unsigned char *p;
+ int len;
+ OCSP_RESPONSE *rsp;
+ len = SSL_get_tlsext_status_ocsp_resp(s, &p);
+ BIO_puts(arg, "OCSP response: ");
+ if (!p) {
+ BIO_puts(arg, "no response sent\n");
+ return 1;
+ }
+ rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
+ if (!rsp) {
+ BIO_puts(arg, "response parse error\n");
+ BIO_dump_indent(arg, (char *)p, len, 4);
+ return 0;
+ }
+ BIO_puts(arg, "\n======================================\n");
+ OCSP_RESPONSE_print(arg, rsp, 0);
+ BIO_puts(arg, "======================================\n");
+ OCSP_RESPONSE_free(rsp);
+ return 1;
+}
+#endif /* ndef OPENSSL_NO_TLSEXT */
Deleted: vendor-crypto/openssl/0.9.8zf/apps/s_server.c
===================================================================
--- vendor-crypto/openssl/dist/apps/s_server.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/s_server.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2533 +0,0 @@
-/* apps/s_server.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <sys/stat.h>
-#include <openssl/e_os2.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-
-#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
-#include <sys/types.h>
-#endif
-
-/* With IPv6, it looks like Digital has mixed up the proper order of
- recursive header file inclusion, resulting in the compiler complaining
- that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
- is needed to have fileno() declared correctly... So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-#define __U_INT
-typedef unsigned int u_int;
-#endif
-
-#include <openssl/lhash.h>
-#include <openssl/bn.h>
-#define USE_SOCKETS
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/rand.h>
-#include <openssl/ocsp.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include "s_apps.h"
-#include "timeouts.h"
-
-#ifdef OPENSSL_SYS_WINCE
-/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
-#ifdef fileno
-#undef fileno
-#endif
-#define fileno(a) (int)_fileno(a)
-#endif
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
-#endif
-static int sv_body(char *hostname, int s, unsigned char *context);
-static int www_body(char *hostname, int s, unsigned char *context);
-static void close_accept_socket(void );
-static void sv_usage(void);
-static int init_ssl_connection(SSL *s);
-static void print_stats(BIO *bp,SSL_CTX *ctx);
-static int generate_session_id(const SSL *ssl, unsigned char *id,
- unsigned int *id_len);
-#ifndef OPENSSL_NO_DH
-static DH *load_dh_param(const char *dhfile);
-static DH *get_dh512(void);
-#endif
-
-#ifdef MONOLITH
-static void s_server_init(void);
-#endif
-
-#ifndef S_ISDIR
-# if defined(_S_IFMT) && defined(_S_IFDIR)
-# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
-# else
-# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
-# endif
-#endif
-
-#ifndef OPENSSL_NO_DH
-static unsigned char dh512_p[]={
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
- 0x47,0x74,0xE8,0x33,
- };
-static unsigned char dh512_g[]={
- 0x02,
- };
-
-static DH *get_dh512(void)
- {
- DH *dh=NULL;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- return(NULL);
- return(dh);
- }
-#endif
-
-
-/* static int load_CA(SSL_CTX *ctx, char *file);*/
-
-#undef BUFSIZZ
-#define BUFSIZZ 16*1024
-static int bufsize=BUFSIZZ;
-static int accept_socket= -1;
-
-#define TEST_CERT "server.pem"
-#ifndef OPENSSL_NO_TLSEXT
-#define TEST_CERT2 "server2.pem"
-#endif
-#undef PROG
-#define PROG s_server_main
-
-extern int verify_depth;
-
-static char *cipher=NULL;
-static int s_server_verify=SSL_VERIFY_NONE;
-static int s_server_session_id_context = 1; /* anything will do */
-static const char *s_cert_file=TEST_CERT,*s_key_file=NULL;
-#ifndef OPENSSL_NO_TLSEXT
-static const char *s_cert_file2=TEST_CERT2,*s_key_file2=NULL;
-#endif
-static char *s_dcert_file=NULL,*s_dkey_file=NULL;
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-static int s_nbio_test=0;
-int s_crlf=0;
-static SSL_CTX *ctx=NULL;
-#ifndef OPENSSL_NO_TLSEXT
-static SSL_CTX *ctx2=NULL;
-#endif
-static int www=0;
-
-static BIO *bio_s_out=NULL;
-static int s_debug=0;
-#ifndef OPENSSL_NO_TLSEXT
-static int s_tlsextdebug=0;
-static int s_tlsextstatus=0;
-static int cert_status_cb(SSL *s, void *arg);
-#endif
-static int s_msg=0;
-static int s_quiet=0;
-
-static int hack=0;
-#ifndef OPENSSL_NO_ENGINE
-static char *engine_id=NULL;
-#endif
-static const char *session_id_prefix=NULL;
-
-static int enable_timeouts = 0;
-static long socket_mtu;
-#ifndef OPENSSL_NO_DTLS1
-static int cert_chain = 0;
-#endif
-
-
-#ifdef MONOLITH
-static void s_server_init(void)
- {
- accept_socket=-1;
- cipher=NULL;
- s_server_verify=SSL_VERIFY_NONE;
- s_dcert_file=NULL;
- s_dkey_file=NULL;
- s_cert_file=TEST_CERT;
- s_key_file=NULL;
-#ifndef OPENSSL_NO_TLSEXT
- s_cert_file2=TEST_CERT2;
- s_key_file2=NULL;
- ctx2=NULL;
-#endif
-#ifdef FIONBIO
- s_nbio=0;
-#endif
- s_nbio_test=0;
- ctx=NULL;
- www=0;
-
- bio_s_out=NULL;
- s_debug=0;
- s_msg=0;
- s_quiet=0;
- hack=0;
-#ifndef OPENSSL_NO_ENGINE
- engine_id=NULL;
-#endif
- }
-#endif
-
-static void sv_usage(void)
- {
- BIO_printf(bio_err,"usage: s_server [args ...]\n");
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
- BIO_printf(bio_err," -context arg - set session ID context\n");
- BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
- BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
- BIO_printf(bio_err," -cert arg - certificate file to use\n");
- BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
- BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \
- " The CRL(s) are appended to the certificate file\n");
- BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \
- " or any other CRL in the CA chain. CRL(s) are appened to the\n" \
- " the certificate file.\n");
- BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n");
- BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
- BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
- BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
- BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n");
- BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
- BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
- BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n");
- BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n");
- BIO_printf(bio_err," or a default set of parameters is used\n");
-#ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
- " Use \"openssl ecparam -list_curves\" for all names\n" \
- " (default is sect163r2).\n");
-#endif
-#ifdef FIONBIO
- BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
-#endif
- BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
- BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
- BIO_printf(bio_err," -debug - Print more output\n");
- BIO_printf(bio_err," -msg - Show protocol messages\n");
- BIO_printf(bio_err," -state - Print the SSL states\n");
- BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
- BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
- BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
- BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
- BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
- BIO_printf(bio_err," -quiet - No server output\n");
- BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
- BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
- BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
- BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
- BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
- BIO_printf(bio_err," -timeout - Enable timeouts\n");
- BIO_printf(bio_err," -mtu - Set link layer MTU\n");
- BIO_printf(bio_err," -chain - Read a certificate chain\n");
- BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
- BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
- BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
-#ifndef OPENSSL_NO_DH
- BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n");
-#endif
- BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
- BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
- BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
- BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
- BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
-#endif
- BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-#ifndef OPENSSL_NO_TLSEXT
- BIO_printf(bio_err," -servername host - servername for HostName TLS extension\n");
- BIO_printf(bio_err," -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
- BIO_printf(bio_err," -cert2 arg - certificate file to use for servername\n");
- BIO_printf(bio_err," (default is %s)\n",TEST_CERT2);
- BIO_printf(bio_err," -key2 arg - Private Key file to use for servername, in cert file if\n");
- BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT2);
- BIO_printf(bio_err," -tlsextdebug - hex dump of all TLS extensions received\n");
- BIO_printf(bio_err," -no_ticket - disable use of RFC4507bis session tickets\n");
- BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
-#endif
- }
-
-static int local_argc=0;
-static char **local_argv;
-
-#ifdef CHARSET_EBCDIC
-static int ebcdic_new(BIO *bi);
-static int ebcdic_free(BIO *a);
-static int ebcdic_read(BIO *b, char *out, int outl);
-static int ebcdic_write(BIO *b, const char *in, int inl);
-static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
-static int ebcdic_gets(BIO *bp, char *buf, int size);
-static int ebcdic_puts(BIO *bp, const char *str);
-
-#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
-static BIO_METHOD methods_ebcdic=
- {
- BIO_TYPE_EBCDIC_FILTER,
- "EBCDIC/ASCII filter",
- ebcdic_write,
- ebcdic_read,
- ebcdic_puts,
- ebcdic_gets,
- ebcdic_ctrl,
- ebcdic_new,
- ebcdic_free,
- };
-
-typedef struct
-{
- size_t alloced;
- char buff[1];
-} EBCDIC_OUTBUFF;
-
-BIO_METHOD *BIO_f_ebcdic_filter()
-{
- return(&methods_ebcdic);
-}
-
-static int ebcdic_new(BIO *bi)
-{
- EBCDIC_OUTBUFF *wbuf;
-
- wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
- wbuf->alloced = 1024;
- wbuf->buff[0] = '\0';
-
- bi->ptr=(char *)wbuf;
- bi->init=1;
- bi->flags=0;
- return(1);
-}
-
-static int ebcdic_free(BIO *a)
-{
- if (a == NULL) return(0);
- if (a->ptr != NULL)
- OPENSSL_free(a->ptr);
- a->ptr=NULL;
- a->init=0;
- a->flags=0;
- return(1);
-}
-
-static int ebcdic_read(BIO *b, char *out, int outl)
-{
- int ret=0;
-
- if (out == NULL || outl == 0) return(0);
- if (b->next_bio == NULL) return(0);
-
- ret=BIO_read(b->next_bio,out,outl);
- if (ret > 0)
- ascii2ebcdic(out,out,ret);
- return(ret);
-}
-
-static int ebcdic_write(BIO *b, const char *in, int inl)
-{
- EBCDIC_OUTBUFF *wbuf;
- int ret=0;
- int num;
- unsigned char n;
-
- if ((in == NULL) || (inl <= 0)) return(0);
- if (b->next_bio == NULL) return(0);
-
- wbuf=(EBCDIC_OUTBUFF *)b->ptr;
-
- if (inl > (num = wbuf->alloced))
- {
- num = num + num; /* double the size */
- if (num < inl)
- num = inl;
- OPENSSL_free(wbuf);
- wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
-
- wbuf->alloced = num;
- wbuf->buff[0] = '\0';
-
- b->ptr=(char *)wbuf;
- }
-
- ebcdic2ascii(wbuf->buff, in, inl);
-
- ret=BIO_write(b->next_bio, wbuf->buff, inl);
-
- return(ret);
-}
-
-static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
-{
- long ret;
-
- if (b->next_bio == NULL) return(0);
- switch (cmd)
- {
- case BIO_CTRL_DUP:
- ret=0L;
- break;
- default:
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- }
- return(ret);
-}
-
-static int ebcdic_gets(BIO *bp, char *buf, int size)
-{
- int i, ret=0;
- if (bp->next_bio == NULL) return(0);
-/* return(BIO_gets(bp->next_bio,buf,size));*/
- for (i=0; i<size-1; ++i)
- {
- ret = ebcdic_read(bp,&buf[i],1);
- if (ret <= 0)
- break;
- else if (buf[i] == '\n')
- {
- ++i;
- break;
- }
- }
- if (i < size)
- buf[i] = '\0';
- return (ret < 0 && i == 0) ? ret : i;
-}
-
-static int ebcdic_puts(BIO *bp, const char *str)
-{
- if (bp->next_bio == NULL) return(0);
- return ebcdic_write(bp, str, strlen(str));
-}
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-
-/* This is a context that we pass to callbacks */
-typedef struct tlsextctx_st {
- char * servername;
- BIO * biodebug;
- int extension_error;
-} tlsextctx;
-
-
-static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
- {
- tlsextctx * p = (tlsextctx *) arg;
- const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
- if (servername && p->biodebug)
- BIO_printf(p->biodebug,"Hostname in TLS extension: \"%s\"\n",servername);
-
- if (!p->servername)
- return SSL_TLSEXT_ERR_NOACK;
-
- if (servername)
- {
- if (strcasecmp(servername,p->servername))
- return p->extension_error;
- if (ctx2)
- {
- BIO_printf(p->biodebug,"Swiching server context.\n");
- SSL_set_SSL_CTX(s,ctx2);
- }
- }
- return SSL_TLSEXT_ERR_OK;
-}
-
-/* Structure passed to cert status callback */
-
-typedef struct tlsextstatusctx_st {
- /* Default responder to use */
- char *host, *path, *port;
- int use_ssl;
- int timeout;
- BIO *err;
- int verbose;
-} tlsextstatusctx;
-
-static tlsextstatusctx tlscstatp = {NULL, NULL, NULL, 0, -1, NULL, 0};
-
-/* Certificate Status callback. This is called when a client includes a
- * certificate status request extension.
- *
- * This is a simplified version. It examines certificates each time and
- * makes one OCSP responder query for each request.
- *
- * A full version would store details such as the OCSP certificate IDs and
- * minimise the number of OCSP responses by caching them until they were
- * considered "expired".
- */
-
-static int cert_status_cb(SSL *s, void *arg)
- {
- tlsextstatusctx *srctx = arg;
- BIO *err = srctx->err;
- char *host, *port, *path;
- int use_ssl;
- unsigned char *rspder = NULL;
- int rspderlen;
- STACK *aia = NULL;
- X509 *x = NULL;
- X509_STORE_CTX inctx;
- X509_OBJECT obj;
- OCSP_REQUEST *req = NULL;
- OCSP_RESPONSE *resp = NULL;
- OCSP_CERTID *id = NULL;
- STACK_OF(X509_EXTENSION) *exts;
- int ret = SSL_TLSEXT_ERR_NOACK;
- int i;
-#if 0
-STACK_OF(OCSP_RESPID) *ids;
-SSL_get_tlsext_status_ids(s, &ids);
-BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids));
-#endif
- if (srctx->verbose)
- BIO_puts(err, "cert_status: callback called\n");
- /* Build up OCSP query from server certificate */
- x = SSL_get_certificate(s);
- aia = X509_get1_ocsp(x);
- if (aia)
- {
- if (!OCSP_parse_url(sk_value(aia, 0),
- &host, &port, &path, &use_ssl))
- {
- BIO_puts(err, "cert_status: can't parse AIA URL\n");
- goto err;
- }
- if (srctx->verbose)
- BIO_printf(err, "cert_status: AIA URL: %s\n",
- sk_value(aia, 0));
- }
- else
- {
- if (!srctx->host)
- {
- BIO_puts(srctx->err, "cert_status: no AIA and no default responder URL\n");
- goto done;
- }
- host = srctx->host;
- path = srctx->path;
- port = srctx->port;
- use_ssl = srctx->use_ssl;
- }
-
- if (!X509_STORE_CTX_init(&inctx,
- SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
- NULL, NULL))
- goto err;
- if (X509_STORE_get_by_subject(&inctx,X509_LU_X509,
- X509_get_issuer_name(x),&obj) <= 0)
- {
- BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
- X509_STORE_CTX_cleanup(&inctx);
- goto done;
- }
- req = OCSP_REQUEST_new();
- if (!req)
- goto err;
- id = OCSP_cert_to_id(NULL, x, obj.data.x509);
- X509_free(obj.data.x509);
- X509_STORE_CTX_cleanup(&inctx);
- if (!id)
- goto err;
- if (!OCSP_request_add0_id(req, id))
- goto err;
- id = NULL;
- /* Add any extensions to the request */
- SSL_get_tlsext_status_exts(s, &exts);
- for (i = 0; i < sk_X509_EXTENSION_num(exts); i++)
- {
- X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
- if (!OCSP_REQUEST_add_ext(req, ext, -1))
- goto err;
- }
- resp = process_responder(err, req, host, path, port, use_ssl,
- srctx->timeout);
- if (!resp)
- {
- BIO_puts(err, "cert_status: error querying responder\n");
- goto done;
- }
- rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
- if (rspderlen <= 0)
- goto err;
- SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
- if (srctx->verbose)
- {
- BIO_puts(err, "cert_status: ocsp response sent:\n");
- OCSP_RESPONSE_print(err, resp, 2);
- }
- ret = SSL_TLSEXT_ERR_OK;
- done:
- if (ret != SSL_TLSEXT_ERR_OK)
- ERR_print_errors(err);
- if (aia)
- {
- OPENSSL_free(host);
- OPENSSL_free(path);
- OPENSSL_free(port);
- X509_email_free(aia);
- }
- if (id)
- OCSP_CERTID_free(id);
- if (req)
- OCSP_REQUEST_free(req);
- if (resp)
- OCSP_RESPONSE_free(resp);
- return ret;
- err:
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- goto done;
- }
-#endif
-int MAIN(int, char **);
-
-#ifndef OPENSSL_NO_JPAKE
-static char *jpake_secret = NULL;
-#endif
-
-int MAIN(int argc, char *argv[])
- {
- X509_STORE *store = NULL;
- int vflags = 0;
- short port=PORT;
- char *CApath=NULL,*CAfile=NULL;
- unsigned char *context = NULL;
- char *dhfile = NULL;
-#ifndef OPENSSL_NO_ECDH
- char *named_curve = NULL;
-#endif
- int badop=0,bugs=0;
- int ret=1;
- int off=0;
- int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
- int state=0;
- SSL_METHOD *meth=NULL;
- int socket_type=SOCK_STREAM;
- ENGINE *e=NULL;
- char *inrand=NULL;
- int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
- char *passarg = NULL, *pass = NULL;
- char *dpassarg = NULL, *dpass = NULL;
- int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
- X509 *s_cert = NULL, *s_dcert = NULL;
- EVP_PKEY *s_key = NULL, *s_dkey = NULL;
- int no_cache = 0;
-#ifndef OPENSSL_NO_TLSEXT
- EVP_PKEY *s_key2 = NULL;
- X509 *s_cert2 = NULL;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
- tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
-#endif
-
- meth=SSLv23_server_method();
-
- local_argc=argc;
- local_argv=argv;
-
- apps_startup();
-#ifdef MONOLITH
- s_server_init();
-#endif
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- verify_depth=0;
-#ifdef FIONBIO
- s_nbio=0;
-#endif
- s_nbio_test=0;
-
- argc--;
- argv++;
-
- while (argc >= 1)
- {
- if ((strcmp(*argv,"-port") == 0) ||
- (strcmp(*argv,"-accept") == 0))
- {
- if (--argc < 1) goto bad;
- if (!extract_port(*(++argv),&port))
- goto bad;
- }
- else if (strcmp(*argv,"-verify") == 0)
- {
- s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
- if (--argc < 1) goto bad;
- verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
- }
- else if (strcmp(*argv,"-Verify") == 0)
- {
- s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
- SSL_VERIFY_CLIENT_ONCE;
- if (--argc < 1) goto bad;
- verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
- }
- else if (strcmp(*argv,"-context") == 0)
- {
- if (--argc < 1) goto bad;
- context= (unsigned char *)*(++argv);
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- s_cert_file= *(++argv);
- }
- else if (strcmp(*argv,"-certform") == 0)
- {
- if (--argc < 1) goto bad;
- s_cert_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- s_key_file= *(++argv);
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- s_key_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-pass") == 0)
- {
- if (--argc < 1) goto bad;
- passarg = *(++argv);
- }
- else if (strcmp(*argv,"-dhparam") == 0)
- {
- if (--argc < 1) goto bad;
- dhfile = *(++argv);
- }
-#ifndef OPENSSL_NO_ECDH
- else if (strcmp(*argv,"-named_curve") == 0)
- {
- if (--argc < 1) goto bad;
- named_curve = *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-dcertform") == 0)
- {
- if (--argc < 1) goto bad;
- s_dcert_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-dcert") == 0)
- {
- if (--argc < 1) goto bad;
- s_dcert_file= *(++argv);
- }
- else if (strcmp(*argv,"-dkeyform") == 0)
- {
- if (--argc < 1) goto bad;
- s_dkey_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-dpass") == 0)
- {
- if (--argc < 1) goto bad;
- dpassarg = *(++argv);
- }
- else if (strcmp(*argv,"-dkey") == 0)
- {
- if (--argc < 1) goto bad;
- s_dkey_file= *(++argv);
- }
- else if (strcmp(*argv,"-nocert") == 0)
- {
- nocert=1;
- }
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-no_cache") == 0)
- no_cache = 1;
- else if (strcmp(*argv,"-crl_check") == 0)
- {
- vflags |= X509_V_FLAG_CRL_CHECK;
- }
- else if (strcmp(*argv,"-crl_check_all") == 0)
- {
- vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
- }
- else if (strcmp(*argv,"-serverpref") == 0)
- { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
- else if (strcmp(*argv,"-legacy_renegotiation") == 0)
- off|=SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
- else if (strcmp(*argv,"-cipher") == 0)
- {
- if (--argc < 1) goto bad;
- cipher= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- }
-#ifdef FIONBIO
- else if (strcmp(*argv,"-nbio") == 0)
- { s_nbio=1; }
-#endif
- else if (strcmp(*argv,"-nbio_test") == 0)
- {
-#ifdef FIONBIO
- s_nbio=1;
-#endif
- s_nbio_test=1;
- }
- else if (strcmp(*argv,"-debug") == 0)
- { s_debug=1; }
-#ifndef OPENSSL_NO_TLSEXT
- else if (strcmp(*argv,"-tlsextdebug") == 0)
- s_tlsextdebug=1;
- else if (strcmp(*argv,"-status") == 0)
- s_tlsextstatus=1;
- else if (strcmp(*argv,"-status_verbose") == 0)
- {
- s_tlsextstatus=1;
- tlscstatp.verbose = 1;
- }
- else if (!strcmp(*argv, "-status_timeout"))
- {
- s_tlsextstatus=1;
- if (--argc < 1) goto bad;
- tlscstatp.timeout = atoi(*(++argv));
- }
- else if (!strcmp(*argv, "-status_url"))
- {
- s_tlsextstatus=1;
- if (--argc < 1) goto bad;
- if (!OCSP_parse_url(*(++argv),
- &tlscstatp.host,
- &tlscstatp.port,
- &tlscstatp.path,
- &tlscstatp.use_ssl))
- {
- BIO_printf(bio_err, "Error parsing URL\n");
- goto bad;
- }
- }
-#endif
- else if (strcmp(*argv,"-msg") == 0)
- { s_msg=1; }
- else if (strcmp(*argv,"-hack") == 0)
- { hack=1; }
- else if (strcmp(*argv,"-state") == 0)
- { state=1; }
- else if (strcmp(*argv,"-crlf") == 0)
- { s_crlf=1; }
- else if (strcmp(*argv,"-quiet") == 0)
- { s_quiet=1; }
- else if (strcmp(*argv,"-bugs") == 0)
- { bugs=1; }
- else if (strcmp(*argv,"-no_tmp_rsa") == 0)
- { no_tmp_rsa=1; }
- else if (strcmp(*argv,"-no_dhe") == 0)
- { no_dhe=1; }
- else if (strcmp(*argv,"-no_ecdhe") == 0)
- { no_ecdhe=1; }
- else if (strcmp(*argv,"-www") == 0)
- { www=1; }
- else if (strcmp(*argv,"-WWW") == 0)
- { www=2; }
- else if (strcmp(*argv,"-HTTP") == 0)
- { www=3; }
- else if (strcmp(*argv,"-no_ssl2") == 0)
- { off|=SSL_OP_NO_SSLv2; }
- else if (strcmp(*argv,"-no_ssl3") == 0)
- { off|=SSL_OP_NO_SSLv3; }
- else if (strcmp(*argv,"-no_tls1") == 0)
- { off|=SSL_OP_NO_TLSv1; }
-#ifndef OPENSSL_NO_TLSEXT
- else if (strcmp(*argv,"-no_ticket") == 0)
- { off|=SSL_OP_NO_TICKET; }
-#endif
-#ifndef OPENSSL_NO_SSL2
- else if (strcmp(*argv,"-ssl2") == 0)
- { meth=SSLv2_server_method(); }
-#endif
-#ifndef OPENSSL_NO_SSL3
- else if (strcmp(*argv,"-ssl3") == 0)
- { meth=SSLv3_server_method(); }
-#endif
-#ifndef OPENSSL_NO_TLS1
- else if (strcmp(*argv,"-tls1") == 0)
- { meth=TLSv1_server_method(); }
-#endif
-#ifndef OPENSSL_NO_DTLS1
- else if (strcmp(*argv,"-dtls1") == 0)
- {
- meth=DTLSv1_server_method();
- socket_type = SOCK_DGRAM;
- }
- else if (strcmp(*argv,"-timeout") == 0)
- enable_timeouts = 1;
- else if (strcmp(*argv,"-mtu") == 0)
- {
- if (--argc < 1) goto bad;
- socket_mtu = atol(*(++argv));
- }
- else if (strcmp(*argv, "-chain") == 0)
- cert_chain = 1;
-#endif
- else if (strcmp(*argv, "-id_prefix") == 0)
- {
- if (--argc < 1) goto bad;
- session_id_prefix = *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine_id= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
-#ifndef OPENSSL_NO_TLSEXT
- else if (strcmp(*argv,"-servername") == 0)
- {
- if (--argc < 1) goto bad;
- tlsextcbp.servername= *(++argv);
- }
- else if (strcmp(*argv,"-servername_fatal") == 0)
- { tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; }
- else if (strcmp(*argv,"-cert2") == 0)
- {
- if (--argc < 1) goto bad;
- s_cert_file2= *(++argv);
- }
- else if (strcmp(*argv,"-key2") == 0)
- {
- if (--argc < 1) goto bad;
- s_key_file2= *(++argv);
- }
-
-#endif
-#ifndef OPENSSL_NO_JPAKE
- else if (strcmp(*argv,"-jpake") == 0)
- {
- if (--argc < 1) goto bad;
- jpake_secret = *(++argv);
- }
-#endif
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badop=1;
- break;
- }
- argc--;
- argv++;
- }
- if (badop)
- {
-bad:
- sv_usage();
- goto end;
- }
-#ifndef OPENSSL_NO_DTLS1
- if (www && socket_type == SOCK_DGRAM)
- {
- BIO_printf(bio_err,
- "Can't use -HTTP, -www or -WWW with DTLS\n");
- goto end;
- }
-#endif
-
- SSL_load_error_strings();
- OpenSSL_add_ssl_algorithms();
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine_id, 1);
-#endif
-
- if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))
- {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
-
- if (s_key_file == NULL)
- s_key_file = s_cert_file;
-#ifndef OPENSSL_NO_TLSEXT
- if (s_key_file2 == NULL)
- s_key_file2 = s_cert_file2;
-#endif
-
- if (nocert == 0)
- {
- s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
- "server certificate private key file");
- if (!s_key)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
- NULL, e, "server certificate file");
-
- if (!s_cert)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
-#ifndef OPENSSL_NO_TLSEXT
- if (tlsextcbp.servername)
- {
- s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
- "second server certificate private key file");
- if (!s_key2)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- s_cert2 = load_cert(bio_err,s_cert_file2,s_cert_format,
- NULL, e, "second server certificate file");
-
- if (!s_cert2)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-#endif
- }
- if (s_dcert_file)
- {
-
- if (s_dkey_file == NULL)
- s_dkey_file = s_dcert_file;
-
- s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
- 0, dpass, e,
- "second certificate private key file");
- if (!s_dkey)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format,
- NULL, e, "second server certificate file");
-
- if (!s_dcert)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- }
-
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
- && !RAND_status())
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- if (bio_s_out == NULL)
- {
- if (s_quiet && !s_debug && !s_msg)
- {
- bio_s_out=BIO_new(BIO_s_null());
- }
- else
- {
- if (bio_s_out == NULL)
- bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE);
- }
- }
-
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
- if (nocert)
-#endif
- {
- s_cert_file=NULL;
- s_key_file=NULL;
- s_dcert_file=NULL;
- s_dkey_file=NULL;
-#ifndef OPENSSL_NO_TLSEXT
- s_cert_file2=NULL;
- s_key_file2=NULL;
-#endif
- }
-
- ctx=SSL_CTX_new(meth);
- if (ctx == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (session_id_prefix)
- {
- if(strlen(session_id_prefix) >= 32)
- BIO_printf(bio_err,
-"warning: id_prefix is too long, only one new session will be possible\n");
- else if(strlen(session_id_prefix) >= 16)
- BIO_printf(bio_err,
-"warning: id_prefix is too long if you use SSLv2\n");
- if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
- {
- BIO_printf(bio_err,"error setting 'id_prefix'\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
- }
- SSL_CTX_set_quiet_shutdown(ctx,1);
- if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
- if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
- SSL_CTX_set_options(ctx,off);
- /* DTLS: partial reads end up discarding unread UDP bytes :-(
- * Setting read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
-
- if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
- if (no_cache)
- SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
- else
- SSL_CTX_sess_set_cache_size(ctx,128);
-
-#if 0
- if (cipher == NULL) cipher=getenv("SSL_CIPHER");
-#endif
-
-#if 0
- if (s_cert_file == NULL)
- {
- BIO_printf(bio_err,"You must specify a certificate file for the server to use\n");
- goto end;
- }
-#endif
-
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
- {
- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
- }
- store = SSL_CTX_get_cert_store(ctx);
- X509_STORE_set_flags(store, vflags);
-#ifndef OPENSSL_NO_TLSEXT
- if (s_cert2)
- {
- ctx2=SSL_CTX_new(meth);
- if (ctx2 == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (ctx2)
- {
- BIO_printf(bio_s_out,"Setting secondary ctx parameters\n");
-
- if (session_id_prefix)
- {
- if(strlen(session_id_prefix) >= 32)
- BIO_printf(bio_err,
- "warning: id_prefix is too long, only one new session will be possible\n");
- else if(strlen(session_id_prefix) >= 16)
- BIO_printf(bio_err,
- "warning: id_prefix is too long if you use SSLv2\n");
- if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id))
- {
- BIO_printf(bio_err,"error setting 'id_prefix'\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
- }
- SSL_CTX_set_quiet_shutdown(ctx2,1);
- if (bugs) SSL_CTX_set_options(ctx2,SSL_OP_ALL);
- if (hack) SSL_CTX_set_options(ctx2,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
- SSL_CTX_set_options(ctx2,off);
-
- /* DTLS: partial reads end up discarding unread UDP bytes :-(
- * Setting read ahead solves this problem.
- */
- if (socket_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx2, 1);
-
-
- if (state) SSL_CTX_set_info_callback(ctx2,apps_ssl_info_callback);
-
- if (no_cache)
- SSL_CTX_set_session_cache_mode(ctx2,SSL_SESS_CACHE_OFF);
- else
- SSL_CTX_sess_set_cache_size(ctx2,128);
-
- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx2)))
- {
- ERR_print_errors(bio_err);
- }
- store = SSL_CTX_get_cert_store(ctx2);
- X509_STORE_set_flags(store, vflags);
- }
-#endif
-
-
-#ifndef OPENSSL_NO_DH
- if (!no_dhe)
- {
- DH *dh=NULL;
-
- if (dhfile)
- dh = load_dh_param(dhfile);
- else if (s_cert_file)
- dh = load_dh_param(s_cert_file);
-
- if (dh != NULL)
- {
- BIO_printf(bio_s_out,"Setting temp DH parameters\n");
- }
- else
- {
- BIO_printf(bio_s_out,"Using default temp DH parameters\n");
- dh=get_dh512();
- }
- (void)BIO_flush(bio_s_out);
-
- SSL_CTX_set_tmp_dh(ctx,dh);
-#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- {
- if (!dhfile)
- {
- DH *dh2=load_dh_param(s_cert_file2);
- if (dh2 != NULL)
- {
- BIO_printf(bio_s_out,"Setting temp DH parameters\n");
- (void)BIO_flush(bio_s_out);
-
- DH_free(dh);
- dh = dh2;
- }
- }
- SSL_CTX_set_tmp_dh(ctx2,dh);
- }
-#endif
- DH_free(dh);
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- if (!no_ecdhe)
- {
- EC_KEY *ecdh=NULL;
-
- if (named_curve)
- {
- int nid = OBJ_sn2nid(named_curve);
-
- if (nid == 0)
- {
- BIO_printf(bio_err, "unknown curve name (%s)\n",
- named_curve);
- goto end;
- }
- ecdh = EC_KEY_new_by_curve_name(nid);
- if (ecdh == NULL)
- {
- BIO_printf(bio_err, "unable to create curve (%s)\n",
- named_curve);
- goto end;
- }
- }
-
- if (ecdh != NULL)
- {
- BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
- }
- else
- {
- BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
- ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);
- if (ecdh == NULL)
- {
- BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
- goto end;
- }
- }
- (void)BIO_flush(bio_s_out);
-
- SSL_CTX_set_tmp_ecdh(ctx,ecdh);
-#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- SSL_CTX_set_tmp_ecdh(ctx2,ecdh);
-#endif
- EC_KEY_free(ecdh);
- }
-#endif
-
- if (!set_cert_key_stuff(ctx,s_cert,s_key))
- goto end;
-#ifndef OPENSSL_NO_TLSEXT
- if (ctx2 && !set_cert_key_stuff(ctx2,s_cert2,s_key2))
- goto end;
-#endif
- if (s_dcert != NULL)
- {
- if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
- goto end;
- }
-
-#ifndef OPENSSL_NO_RSA
-#if 1
- if (!no_tmp_rsa)
- {
- SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
-#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- SSL_CTX_set_tmp_rsa_callback(ctx2,tmp_rsa_cb);
-#endif
- }
-#else
- if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
- {
- RSA *rsa;
-
- BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key...");
- BIO_flush(bio_s_out);
-
- rsa=RSA_generate_key(512,RSA_F4,NULL);
-
- if (!SSL_CTX_set_tmp_rsa(ctx,rsa))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- {
- if (!SSL_CTX_set_tmp_rsa(ctx2,rsa))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-#endif
- RSA_free(rsa);
- BIO_printf(bio_s_out,"\n");
- }
-#endif
-#endif
-
- if (cipher != NULL)
- if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
- BIO_printf(bio_err,"error setting cipher list\n");
- ERR_print_errors(bio_err);
- goto end;
-#ifndef OPENSSL_NO_TLSEXT
- if (ctx2 && !SSL_CTX_set_cipher_list(ctx2,cipher))
- {
- BIO_printf(bio_err,"error setting cipher list\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-#endif
- }
- SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
- SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
- sizeof s_server_session_id_context);
-
- /* Set DTLS cookie generation and verification callbacks */
- SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
- SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
-
-#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- {
- SSL_CTX_set_verify(ctx2,s_server_verify,verify_callback);
- SSL_CTX_set_session_id_context(ctx2,(void*)&s_server_session_id_context,
- sizeof s_server_session_id_context);
-
- tlsextcbp.biodebug = bio_s_out;
- SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
- SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
- SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
- SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
- }
-#endif
- if (CAfile != NULL)
- {
- SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
-#ifndef OPENSSL_NO_TLSEXT
- if (ctx2)
- SSL_CTX_set_client_CA_list(ctx2,SSL_load_client_CA_file(CAfile));
-#endif
- }
- BIO_printf(bio_s_out,"ACCEPT\n");
- if (www)
- do_server(port,socket_type,&accept_socket,www_body, context);
- else
- do_server(port,socket_type,&accept_socket,sv_body, context);
- print_stats(bio_s_out,ctx);
- ret=0;
-end:
- if (ctx != NULL) SSL_CTX_free(ctx);
- if (s_cert)
- X509_free(s_cert);
- if (s_dcert)
- X509_free(s_dcert);
- if (s_key)
- EVP_PKEY_free(s_key);
- if (s_dkey)
- EVP_PKEY_free(s_dkey);
- if (pass)
- OPENSSL_free(pass);
- if (dpass)
- OPENSSL_free(dpass);
-#ifndef OPENSSL_NO_TLSEXT
- if (tlscstatp.host)
- OPENSSL_free(tlscstatp.host);
- if (tlscstatp.port)
- OPENSSL_free(tlscstatp.port);
- if (tlscstatp.path)
- OPENSSL_free(tlscstatp.path);
- if (ctx2 != NULL) SSL_CTX_free(ctx2);
- if (s_cert2)
- X509_free(s_cert2);
- if (s_key2)
- EVP_PKEY_free(s_key2);
-#endif
- if (bio_s_out != NULL)
- {
- BIO_free(bio_s_out);
- bio_s_out=NULL;
- }
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
- {
- BIO_printf(bio,"%4ld items in the session cache\n",
- SSL_CTX_sess_number(ssl_ctx));
- BIO_printf(bio,"%4ld client connects (SSL_connect())\n",
- SSL_CTX_sess_connect(ssl_ctx));
- BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n",
- SSL_CTX_sess_connect_renegotiate(ssl_ctx));
- BIO_printf(bio,"%4ld client connects that finished\n",
- SSL_CTX_sess_connect_good(ssl_ctx));
- BIO_printf(bio,"%4ld server accepts (SSL_accept())\n",
- SSL_CTX_sess_accept(ssl_ctx));
- BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n",
- SSL_CTX_sess_accept_renegotiate(ssl_ctx));
- BIO_printf(bio,"%4ld server accepts that finished\n",
- SSL_CTX_sess_accept_good(ssl_ctx));
- BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
- BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
- BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
- BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
- BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n",
- SSL_CTX_sess_cache_full(ssl_ctx),
- SSL_CTX_sess_get_cache_size(ssl_ctx));
- }
-
-static int sv_body(char *hostname, int s, unsigned char *context)
- {
- char *buf=NULL;
- fd_set readfds;
- int ret=1,width;
- int k,i;
- unsigned long l;
- SSL *con=NULL;
- BIO *sbio;
- struct timeval timeout;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
- struct timeval tv;
-#else
- struct timeval *timeoutp;
-#endif
-
- if ((buf=OPENSSL_malloc(bufsize)) == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
- goto err;
- }
-#ifdef FIONBIO
- if (s_nbio)
- {
- unsigned long sl=1;
-
- if (!s_quiet)
- BIO_printf(bio_err,"turning on non blocking io\n");
- if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
- ERR_print_errors(bio_err);
- }
-#endif
-
- if (con == NULL) {
- con=SSL_new(ctx);
-#ifndef OPENSSL_NO_TLSEXT
- if (s_tlsextdebug)
- {
- SSL_set_tlsext_debug_callback(con, tlsext_cb);
- SSL_set_tlsext_debug_arg(con, bio_s_out);
- }
- if (s_tlsextstatus)
- {
- SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
- tlscstatp.err = bio_err;
- SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
- }
-#endif
-#ifndef OPENSSL_NO_KRB5
- if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
- {
- kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
- KRB5SVC);
- kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
- KRB5KEYTAB);
- }
-#endif /* OPENSSL_NO_KRB5 */
- if(context)
- SSL_set_session_id_context(con, context,
- strlen((char *)context));
- }
- SSL_clear(con);
-
- if (SSL_version(con) == DTLS1_VERSION)
- {
-
- sbio=BIO_new_dgram(s,BIO_NOCLOSE);
-
- if ( enable_timeouts)
- {
- timeout.tv_sec = 0;
- timeout.tv_usec = DGRAM_RCV_TIMEOUT;
- BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
-
- timeout.tv_sec = 0;
- timeout.tv_usec = DGRAM_SND_TIMEOUT;
- BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
- }
-
-
- if (socket_mtu > 28)
- {
- SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, socket_mtu - 28);
- }
- else
- /* want to do MTU discovery */
- BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
-
- /* turn on cookie exchange */
- SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
- }
- else
- sbio=BIO_new_socket(s,BIO_NOCLOSE);
-
- if (s_nbio_test)
- {
- BIO *test;
-
- test=BIO_new(BIO_f_nbio_test());
- sbio=BIO_push(test,sbio);
- }
-#ifndef OPENSSL_NO_JPAKE
- if(jpake_secret)
- jpake_server_auth(bio_s_out, sbio, jpake_secret);
-#endif
-
- SSL_set_bio(con,sbio,sbio);
- SSL_set_accept_state(con);
- /* SSL_set_fd(con,s); */
-
- if (s_debug)
- {
- con->debug=1;
- BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
- BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
- }
- if (s_msg)
- {
- SSL_set_msg_callback(con, msg_cb);
- SSL_set_msg_callback_arg(con, bio_s_out);
- }
-#ifndef OPENSSL_NO_TLSEXT
- if (s_tlsextdebug)
- {
- SSL_set_tlsext_debug_callback(con, tlsext_cb);
- SSL_set_tlsext_debug_arg(con, bio_s_out);
- }
-#endif
-
- width=s+1;
- for (;;)
- {
- int read_from_terminal;
- int read_from_sslcon;
-
- read_from_terminal = 0;
- read_from_sslcon = SSL_pending(con);
-
- if (!read_from_sslcon)
- {
- FD_ZERO(&readfds);
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
- FD_SET(fileno(stdin),&readfds);
-#endif
- FD_SET(s,&readfds);
- /* Note: under VMS with SOCKETSHR the second parameter is
- * currently of type (int *) whereas under other systems
- * it is (void *) if you don't have a cast it will choke
- * the compiler: if you do have a cast then you can either
- * go for (int *) or (void *).
- */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
- /* Under DOS (non-djgpp) and Windows we can't select on stdin: only
- * on sockets. As a workaround we timeout the select every
- * second and check for any keypress. In a proper Windows
- * application we wouldn't do this because it is inefficient.
- */
- tv.tv_sec = 1;
- tv.tv_usec = 0;
- i=select(width,(void *)&readfds,NULL,NULL,&tv);
- if((i < 0) || (!i && !_kbhit() ) )continue;
- if(_kbhit())
- read_from_terminal = 1;
-#else
- if ((SSL_version(con) == DTLS1_VERSION) &&
- DTLSv1_get_timeout(con, &timeout))
- timeoutp = &timeout;
- else
- timeoutp = NULL;
-
- i=select(width,(void *)&readfds,NULL,NULL,timeoutp);
-
- if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
- {
- BIO_printf(bio_err,"TIMEOUT occured\n");
- }
-
- if (i <= 0) continue;
- if (FD_ISSET(fileno(stdin),&readfds))
- read_from_terminal = 1;
-#endif
- if (FD_ISSET(s,&readfds))
- read_from_sslcon = 1;
- }
- if (read_from_terminal)
- {
- if (s_crlf)
- {
- int j, lf_num;
-
- i=read(fileno(stdin), buf, bufsize/2);
- lf_num = 0;
- /* both loops are skipped when i <= 0 */
- for (j = 0; j < i; j++)
- if (buf[j] == '\n')
- lf_num++;
- for (j = i-1; j >= 0; j--)
- {
- buf[j+lf_num] = buf[j];
- if (buf[j] == '\n')
- {
- lf_num--;
- i++;
- buf[j+lf_num] = '\r';
- }
- }
- assert(lf_num == 0);
- }
- else
- i=read(fileno(stdin),buf,bufsize);
- if (!s_quiet)
- {
- if ((i <= 0) || (buf[0] == 'Q'))
- {
- BIO_printf(bio_s_out,"DONE\n");
- SHUTDOWN(s);
- close_accept_socket();
- ret= -11;
- goto err;
- }
- if ((i <= 0) || (buf[0] == 'q'))
- {
- BIO_printf(bio_s_out,"DONE\n");
- if (SSL_version(con) != DTLS1_VERSION)
- SHUTDOWN(s);
- /* close_accept_socket();
- ret= -11;*/
- goto err;
- }
- if ((buf[0] == 'r') &&
- ((buf[1] == '\n') || (buf[1] == '\r')))
- {
- SSL_renegotiate(con);
- i=SSL_do_handshake(con);
- printf("SSL_do_handshake -> %d\n",i);
- i=0; /*13; */
- continue;
- /* strcpy(buf,"server side RE-NEGOTIATE\n"); */
- }
- if ((buf[0] == 'R') &&
- ((buf[1] == '\n') || (buf[1] == '\r')))
- {
- SSL_set_verify(con,
- SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
- SSL_renegotiate(con);
- i=SSL_do_handshake(con);
- printf("SSL_do_handshake -> %d\n",i);
- i=0; /* 13; */
- continue;
- /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */
- }
- if (buf[0] == 'P')
- {
- static const char *str="Lets print some clear text\n";
- BIO_write(SSL_get_wbio(con),str,strlen(str));
- }
- if (buf[0] == 'S')
- {
- print_stats(bio_s_out,SSL_get_SSL_CTX(con));
- }
- }
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(buf,buf,i);
-#endif
- l=k=0;
- for (;;)
- {
- /* should do a select for the write */
-#ifdef RENEG
-{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
-#endif
- k=SSL_write(con,&(buf[l]),(unsigned int)i);
- switch (SSL_get_error(con,k))
- {
- case SSL_ERROR_NONE:
- break;
- case SSL_ERROR_WANT_WRITE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_printf(bio_s_out,"Write BLOCK\n");
- break;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- BIO_printf(bio_s_out,"ERROR\n");
- ERR_print_errors(bio_err);
- ret=1;
- goto err;
- /* break; */
- case SSL_ERROR_ZERO_RETURN:
- BIO_printf(bio_s_out,"DONE\n");
- ret=1;
- goto err;
- }
- l+=k;
- i-=k;
- if (i <= 0) break;
- }
- }
- if (read_from_sslcon)
- {
- if (!SSL_is_init_finished(con))
- {
- i=init_ssl_connection(con);
-
- if (i < 0)
- {
- ret=0;
- goto err;
- }
- else if (i == 0)
- {
- ret=1;
- goto err;
- }
- }
- else
- {
-again:
- i=SSL_read(con,(char *)buf,bufsize);
- switch (SSL_get_error(con,i))
- {
- case SSL_ERROR_NONE:
-#ifdef CHARSET_EBCDIC
- ascii2ebcdic(buf,buf,i);
-#endif
- if (write(fileno(stdout),buf,
- (unsigned int)i) != i)
- goto err;
-
- if (SSL_pending(con)) goto again;
- break;
- case SSL_ERROR_WANT_WRITE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_printf(bio_s_out,"Read BLOCK\n");
- break;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- BIO_printf(bio_s_out,"ERROR\n");
- ERR_print_errors(bio_err);
- ret=1;
- goto err;
- case SSL_ERROR_ZERO_RETURN:
- BIO_printf(bio_s_out,"DONE\n");
- ret=1;
- goto err;
- }
- }
- }
- }
-err:
- BIO_printf(bio_s_out,"shutting down SSL\n");
-#if 1
- SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
- SSL_shutdown(con);
-#endif
- if (con != NULL) SSL_free(con);
- BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,bufsize);
- OPENSSL_free(buf);
- }
- if (ret >= 0)
- BIO_printf(bio_s_out,"ACCEPT\n");
- return(ret);
- }
-
-static void close_accept_socket(void)
- {
- BIO_printf(bio_err,"shutdown accept socket\n");
- if (accept_socket >= 0)
- {
- SHUTDOWN2(accept_socket);
- }
- }
-
-static int init_ssl_connection(SSL *con)
- {
- int i;
- const char *str;
- X509 *peer;
- long verify_error;
- MS_STATIC char buf[BUFSIZ];
-
- if ((i=SSL_accept(con)) <= 0)
- {
- if (BIO_sock_should_retry(i))
- {
- BIO_printf(bio_s_out,"DELAY\n");
- return(1);
- }
-
- BIO_printf(bio_err,"ERROR\n");
- verify_error=SSL_get_verify_result(con);
- if (verify_error != X509_V_OK)
- {
- BIO_printf(bio_err,"verify error:%s\n",
- X509_verify_cert_error_string(verify_error));
- }
- else
- ERR_print_errors(bio_err);
- return(0);
- }
-
- PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));
-
- peer=SSL_get_peer_certificate(con);
- if (peer != NULL)
- {
- BIO_printf(bio_s_out,"Client certificate\n");
- PEM_write_bio_X509(bio_s_out,peer);
- X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
- BIO_printf(bio_s_out,"subject=%s\n",buf);
- X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
- BIO_printf(bio_s_out,"issuer=%s\n",buf);
- X509_free(peer);
- }
-
- if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
- BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
- str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
- BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
- if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
- if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
- TLS1_FLAGS_TLS_PADDING_BUG)
- BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
-#ifndef OPENSSL_NO_KRB5
- if (con->kssl_ctx->client_princ != NULL)
- {
- BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
- con->kssl_ctx->client_princ);
- }
-#endif /* OPENSSL_NO_KRB5 */
- BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
- SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
- return(1);
- }
-
-#ifndef OPENSSL_NO_DH
-static DH *load_dh_param(const char *dhfile)
- {
- DH *ret=NULL;
- BIO *bio;
-
- if ((bio=BIO_new_file(dhfile,"r")) == NULL)
- goto err;
- ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
-err:
- if (bio != NULL) BIO_free(bio);
- return(ret);
- }
-#endif
-
-#if 0
-static int load_CA(SSL_CTX *ctx, char *file)
- {
- FILE *in;
- X509 *x=NULL;
-
- if ((in=fopen(file,"r")) == NULL)
- return(0);
-
- for (;;)
- {
- if (PEM_read_X509(in,&x,NULL) == NULL)
- break;
- SSL_CTX_add_client_CA(ctx,x);
- }
- if (x != NULL) X509_free(x);
- fclose(in);
- return(1);
- }
-#endif
-
-static int www_body(char *hostname, int s, unsigned char *context)
- {
- char *buf=NULL;
- int ret=1;
- int i,j,k,dot;
- struct stat st_buf;
- SSL *con;
- SSL_CIPHER *c;
- BIO *io,*ssl_bio,*sbio;
-#ifdef RENEG
- long total_bytes;
-#endif
-
- buf=OPENSSL_malloc(bufsize);
- if (buf == NULL) return(0);
- io=BIO_new(BIO_f_buffer());
- ssl_bio=BIO_new(BIO_f_ssl());
- if ((io == NULL) || (ssl_bio == NULL)) goto err;
-
-#ifdef FIONBIO
- if (s_nbio)
- {
- unsigned long sl=1;
-
- if (!s_quiet)
- BIO_printf(bio_err,"turning on non blocking io\n");
- if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
- ERR_print_errors(bio_err);
- }
-#endif
-
- /* lets make the output buffer a reasonable size */
- if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
-
- if ((con=SSL_new(ctx)) == NULL) goto err;
-#ifndef OPENSSL_NO_TLSEXT
- if (s_tlsextdebug)
- {
- SSL_set_tlsext_debug_callback(con, tlsext_cb);
- SSL_set_tlsext_debug_arg(con, bio_s_out);
- }
-#endif
-#ifndef OPENSSL_NO_KRB5
- if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
- {
- kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
- kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
- }
-#endif /* OPENSSL_NO_KRB5 */
- if(context) SSL_set_session_id_context(con, context,
- strlen((char *)context));
-
- sbio=BIO_new_socket(s,BIO_NOCLOSE);
- if (s_nbio_test)
- {
- BIO *test;
-
- test=BIO_new(BIO_f_nbio_test());
- sbio=BIO_push(test,sbio);
- }
- SSL_set_bio(con,sbio,sbio);
- SSL_set_accept_state(con);
-
- /* SSL_set_fd(con,s); */
- BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
- BIO_push(io,ssl_bio);
-#ifdef CHARSET_EBCDIC
- io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io);
-#endif
-
- if (s_debug)
- {
- con->debug=1;
- BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
- BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
- }
- if (s_msg)
- {
- SSL_set_msg_callback(con, msg_cb);
- SSL_set_msg_callback_arg(con, bio_s_out);
- }
-
- for (;;)
- {
- if (hack)
- {
- i=SSL_accept(con);
-
- switch (SSL_get_error(con,i))
- {
- case SSL_ERROR_NONE:
- break;
- case SSL_ERROR_WANT_WRITE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_X509_LOOKUP:
- continue;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- case SSL_ERROR_ZERO_RETURN:
- ret=1;
- goto err;
- /* break; */
- }
-
- SSL_renegotiate(con);
- SSL_write(con,NULL,0);
- }
-
- i=BIO_gets(io,buf,bufsize-1);
- if (i < 0) /* error */
- {
- if (!BIO_should_retry(io))
- {
- if (!s_quiet)
- ERR_print_errors(bio_err);
- goto err;
- }
- else
- {
- BIO_printf(bio_s_out,"read R BLOCK\n");
-#if defined(OPENSSL_SYS_NETWARE)
- delay(1000);
-#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
- sleep(1);
-#endif
- continue;
- }
- }
- else if (i == 0) /* end of input */
- {
- ret=1;
- goto end;
- }
-
- /* else we have data */
- if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
- ((www == 2) && (strncmp("GET /stats ",buf,10) == 0)))
- {
- char *p;
- X509 *peer;
- STACK_OF(SSL_CIPHER) *sk;
- static const char *space=" ";
-
- BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
- BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
- BIO_puts(io,"<pre>\n");
-/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
- BIO_puts(io,"\n");
- for (i=0; i<local_argc; i++)
- {
- BIO_puts(io,local_argv[i]);
- BIO_write(io," ",1);
- }
- BIO_puts(io,"\n");
-
- /* The following is evil and should not really
- * be done */
- BIO_printf(io,"Ciphers supported in s_server binary\n");
- sk=SSL_get_ciphers(con);
- j=sk_SSL_CIPHER_num(sk);
- for (i=0; i<j; i++)
- {
- c=sk_SSL_CIPHER_value(sk,i);
- BIO_printf(io,"%-11s:%-25s",
- SSL_CIPHER_get_version(c),
- SSL_CIPHER_get_name(c));
- if ((((i+1)%2) == 0) && (i+1 != j))
- BIO_puts(io,"\n");
- }
- BIO_puts(io,"\n");
- p=SSL_get_shared_ciphers(con,buf,bufsize);
- if (p != NULL)
- {
- BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
- j=i=0;
- while (*p)
- {
- if (*p == ':')
- {
- BIO_write(io,space,26-j);
- i++;
- j=0;
- BIO_write(io,((i%3)?" ":"\n"),1);
- }
- else
- {
- BIO_write(io,p,1);
- j++;
- }
- p++;
- }
- BIO_puts(io,"\n");
- }
- BIO_printf(io,((con->hit)
- ?"---\nReused, "
- :"---\nNew, "));
- c=SSL_get_current_cipher(con);
- BIO_printf(io,"%s, Cipher is %s\n",
- SSL_CIPHER_get_version(c),
- SSL_CIPHER_get_name(c));
- SSL_SESSION_print(io,SSL_get_session(con));
- BIO_printf(io,"---\n");
- print_stats(io,SSL_get_SSL_CTX(con));
- BIO_printf(io,"---\n");
- peer=SSL_get_peer_certificate(con);
- if (peer != NULL)
- {
- BIO_printf(io,"Client certificate\n");
- X509_print(io,peer);
- PEM_write_bio_X509(io,peer);
- }
- else
- BIO_puts(io,"no client certificate available\n");
- BIO_puts(io,"</BODY></HTML>\r\n\r\n");
- break;
- }
- else if ((www == 2 || www == 3)
- && (strncmp("GET /",buf,5) == 0))
- {
- BIO *file;
- char *p,*e;
- static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
-
- /* skip the '/' */
- p= &(buf[5]);
-
- dot = 1;
- for (e=p; *e != '\0'; e++)
- {
- if (e[0] == ' ')
- break;
-
- switch (dot)
- {
- case 1:
- dot = (e[0] == '.') ? 2 : 0;
- break;
- case 2:
- dot = (e[0] == '.') ? 3 : 0;
- break;
- case 3:
- dot = (e[0] == '/') ? -1 : 0;
- break;
- }
- if (dot == 0)
- dot = (e[0] == '/') ? 1 : 0;
- }
- dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
-
- if (*e == '\0')
- {
- BIO_puts(io,text);
- BIO_printf(io,"'%s' is an invalid file name\r\n",p);
- break;
- }
- *e='\0';
-
- if (dot)
- {
- BIO_puts(io,text);
- BIO_printf(io,"'%s' contains '..' reference\r\n",p);
- break;
- }
-
- if (*p == '/')
- {
- BIO_puts(io,text);
- BIO_printf(io,"'%s' is an invalid path\r\n",p);
- break;
- }
-
-#if 0
- /* append if a directory lookup */
- if (e[-1] == '/')
- strcat(p,"index.html");
-#endif
-
- /* if a directory, do the index thang */
- if (stat(p,&st_buf) < 0)
- {
- BIO_puts(io,text);
- BIO_printf(io,"Error accessing '%s'\r\n",p);
- ERR_print_errors(io);
- break;
- }
- if (S_ISDIR(st_buf.st_mode))
- {
-#if 0 /* must check buffer size */
- strcat(p,"/index.html");
-#else
- BIO_puts(io,text);
- BIO_printf(io,"'%s' is a directory\r\n",p);
- break;
-#endif
- }
-
- if ((file=BIO_new_file(p,"r")) == NULL)
- {
- BIO_puts(io,text);
- BIO_printf(io,"Error opening '%s'\r\n",p);
- ERR_print_errors(io);
- break;
- }
-
- if (!s_quiet)
- BIO_printf(bio_err,"FILE:%s\n",p);
-
- if (www == 2)
- {
- i=strlen(p);
- if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
- ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
- ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
- BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
- else
- BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
- }
- /* send the file */
-#ifdef RENEG
- total_bytes=0;
-#endif
- for (;;)
- {
- i=BIO_read(file,buf,bufsize);
- if (i <= 0) break;
-
-#ifdef RENEG
- total_bytes+=i;
- fprintf(stderr,"%d\n",i);
- if (total_bytes > 3*1024)
- {
- total_bytes=0;
- fprintf(stderr,"RENEGOTIATE\n");
- SSL_renegotiate(con);
- }
-#endif
-
- for (j=0; j<i; )
- {
-#ifdef RENEG
-{ static count=0; if (++count == 13) { SSL_renegotiate(con); } }
-#endif
- k=BIO_write(io,&(buf[j]),i-j);
- if (k <= 0)
- {
- if (!BIO_should_retry(io))
- goto write_error;
- else
- {
- BIO_printf(bio_s_out,"rwrite W BLOCK\n");
- }
- }
- else
- {
- j+=k;
- }
- }
- }
-write_error:
- BIO_free(file);
- break;
- }
- }
-
- for (;;)
- {
- i=(int)BIO_flush(io);
- if (i <= 0)
- {
- if (!BIO_should_retry(io))
- break;
- }
- else
- break;
- }
-end:
-#if 1
- /* make sure we re-use sessions */
- SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
- /* This kills performance */
-/* SSL_shutdown(con); A shutdown gets sent in the
- * BIO_free_all(io) procession */
-#endif
-
-err:
-
- if (ret >= 0)
- BIO_printf(bio_s_out,"ACCEPT\n");
-
- if (buf != NULL) OPENSSL_free(buf);
- if (io != NULL) BIO_free_all(io);
-/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
- return(ret);
- }
-
-#ifndef OPENSSL_NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
- {
- BIGNUM *bn = NULL;
- static RSA *rsa_tmp=NULL;
-
- if (!rsa_tmp && ((bn = BN_new()) == NULL))
- BIO_printf(bio_err,"Allocation error in generating RSA key\n");
- if (!rsa_tmp && bn)
- {
- if (!s_quiet)
- {
- BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
- (void)BIO_flush(bio_err);
- }
- if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
- !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
- {
- if(rsa_tmp) RSA_free(rsa_tmp);
- rsa_tmp = NULL;
- }
- if (!s_quiet)
- {
- BIO_printf(bio_err,"\n");
- (void)BIO_flush(bio_err);
- }
- BN_free(bn);
- }
- return(rsa_tmp);
- }
-#endif
-
-#define MAX_SESSION_ID_ATTEMPTS 10
-static int generate_session_id(const SSL *ssl, unsigned char *id,
- unsigned int *id_len)
- {
- unsigned int count = 0;
- do {
- RAND_pseudo_bytes(id, *id_len);
- /* Prefix the session_id with the required prefix. NB: If our
- * prefix is too long, clip it - but there will be worse effects
- * anyway, eg. the server could only possibly create 1 session
- * ID (ie. the prefix!) so all future session negotiations will
- * fail due to conflicts. */
- memcpy(id, session_id_prefix,
- (strlen(session_id_prefix) < *id_len) ?
- strlen(session_id_prefix) : *id_len);
- }
- while(SSL_has_matching_session_id(ssl, id, *id_len) &&
- (++count < MAX_SESSION_ID_ATTEMPTS));
- if(count >= MAX_SESSION_ID_ATTEMPTS)
- return 0;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/s_server.c (from rev 6976, vendor-crypto/openssl/dist/apps/s_server.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/s_server.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/s_server.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2436 @@
+/* apps/s_server.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <sys/stat.h>
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
+
+/* conflicts with winsock2 stuff on netware */
+#if !defined(OPENSSL_SYS_NETWARE)
+# include <sys/types.h>
+#endif
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly... So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
+#define USE_SOCKETS
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#include "s_apps.h"
+#include "timeouts.h"
+
+#ifdef OPENSSL_SYS_WINCE
+/*
+ * Windows CE incorrectly defines fileno as returning void*, so to avoid
+ * problems below...
+ */
+# ifdef fileno
+# undef fileno
+# endif
+# define fileno(a) (int)_fileno(a)
+#endif
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+# undef FIONBIO
+#endif
+
+#ifndef OPENSSL_NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
+#endif
+static int sv_body(char *hostname, int s, unsigned char *context);
+static int www_body(char *hostname, int s, unsigned char *context);
+static void close_accept_socket(void);
+static void sv_usage(void);
+static int init_ssl_connection(SSL *s);
+static void print_stats(BIO *bp, SSL_CTX *ctx);
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+ unsigned int *id_len);
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(const char *dhfile);
+static DH *get_dh512(void);
+#endif
+
+#ifdef MONOLITH
+static void s_server_init(void);
+#endif
+
+#ifndef S_ISDIR
+# if defined(_S_IFMT) && defined(_S_IFDIR)
+# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
+# else
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+# endif
+#endif
+
+#ifndef OPENSSL_NO_DH
+static unsigned char dh512_p[] = {
+ 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
+ 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
+ 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
+ 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
+ 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
+ 0x47, 0x74, 0xE8, 0x33,
+};
+
+static unsigned char dh512_g[] = {
+ 0x02,
+};
+
+static DH *get_dh512(void)
+{
+ DH *dh = NULL;
+
+ if ((dh = DH_new()) == NULL)
+ return (NULL);
+ dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+ dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+ if ((dh->p == NULL) || (dh->g == NULL))
+ return (NULL);
+ return (dh);
+}
+#endif
+
+/* static int load_CA(SSL_CTX *ctx, char *file);*/
+
+#undef BUFSIZZ
+#define BUFSIZZ 16*1024
+static int bufsize = BUFSIZZ;
+static int accept_socket = -1;
+
+#define TEST_CERT "server.pem"
+#ifndef OPENSSL_NO_TLSEXT
+# define TEST_CERT2 "server2.pem"
+#endif
+#undef PROG
+#define PROG s_server_main
+
+extern int verify_depth;
+
+static char *cipher = NULL;
+static int s_server_verify = SSL_VERIFY_NONE;
+static int s_server_session_id_context = 1; /* anything will do */
+static const char *s_cert_file = TEST_CERT, *s_key_file = NULL;
+#ifndef OPENSSL_NO_TLSEXT
+static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
+#endif
+static char *s_dcert_file = NULL, *s_dkey_file = NULL;
+#ifdef FIONBIO
+static int s_nbio = 0;
+#endif
+static int s_nbio_test = 0;
+int s_crlf = 0;
+static SSL_CTX *ctx = NULL;
+#ifndef OPENSSL_NO_TLSEXT
+static SSL_CTX *ctx2 = NULL;
+#endif
+static int www = 0;
+
+static BIO *bio_s_out = NULL;
+static int s_debug = 0;
+#ifndef OPENSSL_NO_TLSEXT
+static int s_tlsextdebug = 0;
+static int s_tlsextstatus = 0;
+static int cert_status_cb(SSL *s, void *arg);
+#endif
+static int s_msg = 0;
+static int s_quiet = 0;
+
+static int hack = 0;
+#ifndef OPENSSL_NO_ENGINE
+static char *engine_id = NULL;
+#endif
+static const char *session_id_prefix = NULL;
+
+static int enable_timeouts = 0;
+static long socket_mtu;
+#ifndef OPENSSL_NO_DTLS1
+static int cert_chain = 0;
+#endif
+
+#ifdef MONOLITH
+static void s_server_init(void)
+{
+ accept_socket = -1;
+ cipher = NULL;
+ s_server_verify = SSL_VERIFY_NONE;
+ s_dcert_file = NULL;
+ s_dkey_file = NULL;
+ s_cert_file = TEST_CERT;
+ s_key_file = NULL;
+# ifndef OPENSSL_NO_TLSEXT
+ s_cert_file2 = TEST_CERT2;
+ s_key_file2 = NULL;
+ ctx2 = NULL;
+# endif
+# ifdef FIONBIO
+ s_nbio = 0;
+# endif
+ s_nbio_test = 0;
+ ctx = NULL;
+ www = 0;
+
+ bio_s_out = NULL;
+ s_debug = 0;
+ s_msg = 0;
+ s_quiet = 0;
+ hack = 0;
+# ifndef OPENSSL_NO_ENGINE
+ engine_id = NULL;
+# endif
+}
+#endif
+
+static void sv_usage(void)
+{
+ BIO_printf(bio_err, "usage: s_server [args ...]\n");
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err,
+ " -accept arg - port to accept on (default is %d)\n", PORT);
+ BIO_printf(bio_err, " -context arg - set session ID context\n");
+ BIO_printf(bio_err,
+ " -verify arg - turn on peer certificate verification\n");
+ BIO_printf(bio_err,
+ " -Verify arg - turn on peer certificate verification, must have a cert.\n");
+ BIO_printf(bio_err, " -cert arg - certificate file to use\n");
+ BIO_printf(bio_err, " (default is %s)\n", TEST_CERT);
+ BIO_printf(bio_err,
+ " -crl_check - check the peer certificate has not been revoked by its CA.\n"
+ " The CRL(s) are appended to the certificate file\n");
+ BIO_printf(bio_err,
+ " -crl_check_all - check the peer certificate has not been revoked by its CA\n"
+ " or any other CRL in the CA chain. CRL(s) are appened to the\n"
+ " the certificate file.\n");
+ BIO_printf(bio_err,
+ " -certform arg - certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err,
+ " -key arg - Private Key file to use, in cert file if\n");
+ BIO_printf(bio_err, " not specified (default is %s)\n",
+ TEST_CERT);
+ BIO_printf(bio_err,
+ " -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
+ BIO_printf(bio_err,
+ " -pass arg - private key file pass phrase source\n");
+ BIO_printf(bio_err,
+ " -dcert arg - second certificate file to use (usually for DSA)\n");
+ BIO_printf(bio_err,
+ " -dcertform x - second certificate format (PEM or DER) PEM default\n");
+ BIO_printf(bio_err,
+ " -dkey arg - second private key file to use (usually for DSA)\n");
+ BIO_printf(bio_err,
+ " -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
+ BIO_printf(bio_err,
+ " -dpass arg - second private key file pass phrase source\n");
+ BIO_printf(bio_err,
+ " -dhparam arg - DH parameter file to use, in cert file if not specified\n");
+ BIO_printf(bio_err,
+ " or a default set of parameters is used\n");
+#ifndef OPENSSL_NO_ECDH
+ BIO_printf(bio_err,
+ " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
+ " Use \"openssl ecparam -list_curves\" for all names\n"
+ " (default is sect163r2).\n");
+#endif
+#ifdef FIONBIO
+ BIO_printf(bio_err, " -nbio - Run with non-blocking IO\n");
+#endif
+ BIO_printf(bio_err,
+ " -nbio_test - test with the non-blocking test bio\n");
+ BIO_printf(bio_err,
+ " -crlf - convert LF from terminal into CRLF\n");
+ BIO_printf(bio_err, " -debug - Print more output\n");
+ BIO_printf(bio_err, " -msg - Show protocol messages\n");
+ BIO_printf(bio_err, " -state - Print the SSL states\n");
+ BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n");
+ BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n");
+ BIO_printf(bio_err,
+ " -nocert - Don't use any certificates (Anon-DH)\n");
+ BIO_printf(bio_err,
+ " -cipher arg - play with 'openssl ciphers' to see what goes here\n");
+ BIO_printf(bio_err, " -serverpref - Use server's cipher preferences\n");
+ BIO_printf(bio_err, " -quiet - No server output\n");
+ BIO_printf(bio_err, " -no_tmp_rsa - Do not generate a tmp RSA key\n");
+ BIO_printf(bio_err, " -ssl2 - Just talk SSLv2\n");
+ BIO_printf(bio_err, " -ssl3 - Just talk SSLv3\n");
+ BIO_printf(bio_err, " -tls1 - Just talk TLSv1\n");
+ BIO_printf(bio_err, " -dtls1 - Just talk DTLSv1\n");
+ BIO_printf(bio_err, " -timeout - Enable timeouts\n");
+ BIO_printf(bio_err, " -mtu - Set link layer MTU\n");
+ BIO_printf(bio_err, " -chain - Read a certificate chain\n");
+ BIO_printf(bio_err, " -no_ssl2 - Just disable SSLv2\n");
+ BIO_printf(bio_err, " -no_ssl3 - Just disable SSLv3\n");
+ BIO_printf(bio_err, " -no_tls1 - Just disable TLSv1\n");
+#ifndef OPENSSL_NO_DH
+ BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n");
+#endif
+#ifndef OPENSSL_NO_ECDH
+ BIO_printf(bio_err, " -no_ecdhe - Disable ephemeral ECDH\n");
+#endif
+ BIO_printf(bio_err, " -bugs - Turn on SSL bug compatibility\n");
+ BIO_printf(bio_err,
+ " -www - Respond to a 'GET /' with a status page\n");
+ BIO_printf(bio_err,
+ " -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err,
+ " -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+ BIO_printf(bio_err,
+ " with the assumption it contains a complete HTTP response.\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine id - Initialise and use the specified engine\n");
+#endif
+ BIO_printf(bio_err,
+ " -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
+ BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+ LIST_SEPARATOR_CHAR);
+#ifndef OPENSSL_NO_TLSEXT
+ BIO_printf(bio_err,
+ " -servername host - servername for HostName TLS extension\n");
+ BIO_printf(bio_err,
+ " -servername_fatal - on mismatch send fatal alert (default warning alert)\n");
+ BIO_printf(bio_err,
+ " -cert2 arg - certificate file to use for servername\n");
+ BIO_printf(bio_err, " (default is %s)\n", TEST_CERT2);
+ BIO_printf(bio_err,
+ " -key2 arg - Private Key file to use for servername, in cert file if\n");
+ BIO_printf(bio_err, " not specified (default is %s)\n",
+ TEST_CERT2);
+ BIO_printf(bio_err,
+ " -tlsextdebug - hex dump of all TLS extensions received\n");
+ BIO_printf(bio_err,
+ " -no_ticket - disable use of RFC4507bis session tickets\n");
+ BIO_printf(bio_err,
+ " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
+#endif
+}
+
+static int local_argc = 0;
+static char **local_argv;
+
+#ifdef CHARSET_EBCDIC
+static int ebcdic_new(BIO *bi);
+static int ebcdic_free(BIO *a);
+static int ebcdic_read(BIO *b, char *out, int outl);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
+static int ebcdic_gets(BIO *bp, char *buf, int size);
+static int ebcdic_puts(BIO *bp, const char *str);
+
+# define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
+static BIO_METHOD methods_ebcdic = {
+ BIO_TYPE_EBCDIC_FILTER,
+ "EBCDIC/ASCII filter",
+ ebcdic_write,
+ ebcdic_read,
+ ebcdic_puts,
+ ebcdic_gets,
+ ebcdic_ctrl,
+ ebcdic_new,
+ ebcdic_free,
+};
+
+typedef struct {
+ size_t alloced;
+ char buff[1];
+} EBCDIC_OUTBUFF;
+
+BIO_METHOD *BIO_f_ebcdic_filter()
+{
+ return (&methods_ebcdic);
+}
+
+static int ebcdic_new(BIO *bi)
+{
+ EBCDIC_OUTBUFF *wbuf;
+
+ wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+ wbuf->alloced = 1024;
+ wbuf->buff[0] = '\0';
+
+ bi->ptr = (char *)wbuf;
+ bi->init = 1;
+ bi->flags = 0;
+ return (1);
+}
+
+static int ebcdic_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ if (a->ptr != NULL)
+ OPENSSL_free(a->ptr);
+ a->ptr = NULL;
+ a->init = 0;
+ a->flags = 0;
+ return (1);
+}
+
+static int ebcdic_read(BIO *b, char *out, int outl)
+{
+ int ret = 0;
+
+ if (out == NULL || outl == 0)
+ return (0);
+ if (b->next_bio == NULL)
+ return (0);
+
+ ret = BIO_read(b->next_bio, out, outl);
+ if (ret > 0)
+ ascii2ebcdic(out, out, ret);
+ return (ret);
+}
+
+static int ebcdic_write(BIO *b, const char *in, int inl)
+{
+ EBCDIC_OUTBUFF *wbuf;
+ int ret = 0;
+ int num;
+ unsigned char n;
+
+ if ((in == NULL) || (inl <= 0))
+ return (0);
+ if (b->next_bio == NULL)
+ return (0);
+
+ wbuf = (EBCDIC_OUTBUFF *) b->ptr;
+
+ if (inl > (num = wbuf->alloced)) {
+ num = num + num; /* double the size */
+ if (num < inl)
+ num = inl;
+ OPENSSL_free(wbuf);
+ wbuf =
+ (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
+
+ wbuf->alloced = num;
+ wbuf->buff[0] = '\0';
+
+ b->ptr = (char *)wbuf;
+ }
+
+ ebcdic2ascii(wbuf->buff, in, inl);
+
+ ret = BIO_write(b->next_bio, wbuf->buff, inl);
+
+ return (ret);
+}
+
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ long ret;
+
+ if (b->next_bio == NULL)
+ return (0);
+ switch (cmd) {
+ case BIO_CTRL_DUP:
+ ret = 0L;
+ break;
+ default:
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ }
+ return (ret);
+}
+
+static int ebcdic_gets(BIO *bp, char *buf, int size)
+{
+ int i, ret = 0;
+ if (bp->next_bio == NULL)
+ return (0);
+/* return(BIO_gets(bp->next_bio,buf,size));*/
+ for (i = 0; i < size - 1; ++i) {
+ ret = ebcdic_read(bp, &buf[i], 1);
+ if (ret <= 0)
+ break;
+ else if (buf[i] == '\n') {
+ ++i;
+ break;
+ }
+ }
+ if (i < size)
+ buf[i] = '\0';
+ return (ret < 0 && i == 0) ? ret : i;
+}
+
+static int ebcdic_puts(BIO *bp, const char *str)
+{
+ if (bp->next_bio == NULL)
+ return (0);
+ return ebcdic_write(bp, str, strlen(str));
+}
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+ char *servername;
+ BIO *biodebug;
+ int extension_error;
+} tlsextctx;
+
+static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg)
+{
+ tlsextctx *p = (tlsextctx *) arg;
+ const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+ if (servername && p->biodebug)
+ BIO_printf(p->biodebug, "Hostname in TLS extension: \"%s\"\n",
+ servername);
+
+ if (!p->servername)
+ return SSL_TLSEXT_ERR_NOACK;
+
+ if (servername) {
+ if (strcasecmp(servername, p->servername))
+ return p->extension_error;
+ if (ctx2) {
+ BIO_printf(p->biodebug, "Swiching server context.\n");
+ SSL_set_SSL_CTX(s, ctx2);
+ }
+ }
+ return SSL_TLSEXT_ERR_OK;
+}
+
+/* Structure passed to cert status callback */
+
+typedef struct tlsextstatusctx_st {
+ /* Default responder to use */
+ char *host, *path, *port;
+ int use_ssl;
+ int timeout;
+ BIO *err;
+ int verbose;
+} tlsextstatusctx;
+
+static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, NULL, 0 };
+
+/*
+ * Certificate Status callback. This is called when a client includes a
+ * certificate status request extension. This is a simplified version. It
+ * examines certificates each time and makes one OCSP responder query for
+ * each request. A full version would store details such as the OCSP
+ * certificate IDs and minimise the number of OCSP responses by caching them
+ * until they were considered "expired".
+ */
+
+static int cert_status_cb(SSL *s, void *arg)
+{
+ tlsextstatusctx *srctx = arg;
+ BIO *err = srctx->err;
+ char *host, *port, *path;
+ int use_ssl;
+ unsigned char *rspder = NULL;
+ int rspderlen;
+ STACK *aia = NULL;
+ X509 *x = NULL;
+ X509_STORE_CTX inctx;
+ X509_OBJECT obj;
+ OCSP_REQUEST *req = NULL;
+ OCSP_RESPONSE *resp = NULL;
+ OCSP_CERTID *id = NULL;
+ STACK_OF(X509_EXTENSION) *exts;
+ int ret = SSL_TLSEXT_ERR_NOACK;
+ int i;
+# if 0
+ STACK_OF(OCSP_RESPID) *ids;
+ SSL_get_tlsext_status_ids(s, &ids);
+ BIO_printf(err, "cert_status: received %d ids\n",
+ sk_OCSP_RESPID_num(ids));
+# endif
+ if (srctx->verbose)
+ BIO_puts(err, "cert_status: callback called\n");
+ /* Build up OCSP query from server certificate */
+ x = SSL_get_certificate(s);
+ aia = X509_get1_ocsp(x);
+ if (aia) {
+ if (!OCSP_parse_url(sk_value(aia, 0), &host, &port, &path, &use_ssl)) {
+ BIO_puts(err, "cert_status: can't parse AIA URL\n");
+ goto err;
+ }
+ if (srctx->verbose)
+ BIO_printf(err, "cert_status: AIA URL: %s\n", sk_value(aia, 0));
+ } else {
+ if (!srctx->host) {
+ BIO_puts(srctx->err,
+ "cert_status: no AIA and no default responder URL\n");
+ goto done;
+ }
+ host = srctx->host;
+ path = srctx->path;
+ port = srctx->port;
+ use_ssl = srctx->use_ssl;
+ }
+
+ if (!X509_STORE_CTX_init(&inctx,
+ SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
+ NULL, NULL))
+ goto err;
+ if (X509_STORE_get_by_subject(&inctx, X509_LU_X509,
+ X509_get_issuer_name(x), &obj) <= 0) {
+ BIO_puts(err, "cert_status: Can't retrieve issuer certificate.\n");
+ X509_STORE_CTX_cleanup(&inctx);
+ goto done;
+ }
+ req = OCSP_REQUEST_new();
+ if (!req)
+ goto err;
+ id = OCSP_cert_to_id(NULL, x, obj.data.x509);
+ X509_free(obj.data.x509);
+ X509_STORE_CTX_cleanup(&inctx);
+ if (!id)
+ goto err;
+ if (!OCSP_request_add0_id(req, id))
+ goto err;
+ id = NULL;
+ /* Add any extensions to the request */
+ SSL_get_tlsext_status_exts(s, &exts);
+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+ X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+ if (!OCSP_REQUEST_add_ext(req, ext, -1))
+ goto err;
+ }
+ resp = process_responder(err, req, host, path, port, use_ssl,
+ srctx->timeout);
+ if (!resp) {
+ BIO_puts(err, "cert_status: error querying responder\n");
+ goto done;
+ }
+ rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
+ if (rspderlen <= 0)
+ goto err;
+ SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
+ if (srctx->verbose) {
+ BIO_puts(err, "cert_status: ocsp response sent:\n");
+ OCSP_RESPONSE_print(err, resp, 2);
+ }
+ ret = SSL_TLSEXT_ERR_OK;
+ done:
+ if (ret != SSL_TLSEXT_ERR_OK)
+ ERR_print_errors(err);
+ if (aia) {
+ OPENSSL_free(host);
+ OPENSSL_free(path);
+ OPENSSL_free(port);
+ X509_email_free(aia);
+ }
+ if (id)
+ OCSP_CERTID_free(id);
+ if (req)
+ OCSP_REQUEST_free(req);
+ if (resp)
+ OCSP_RESPONSE_free(resp);
+ return ret;
+ err:
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ goto done;
+}
+#endif
+int MAIN(int, char **);
+
+#ifndef OPENSSL_NO_JPAKE
+static char *jpake_secret = NULL;
+#endif
+
+int MAIN(int argc, char *argv[])
+{
+ X509_STORE *store = NULL;
+ int vflags = 0;
+ short port = PORT;
+ char *CApath = NULL, *CAfile = NULL;
+ unsigned char *context = NULL;
+ char *dhfile = NULL;
+#ifndef OPENSSL_NO_ECDH
+ char *named_curve = NULL;
+#endif
+ int badop = 0, bugs = 0;
+ int ret = 1;
+ int off = 0;
+ int no_tmp_rsa = 0, no_dhe = 0, no_ecdhe = 0, nocert = 0;
+ int state = 0;
+ SSL_METHOD *meth = NULL;
+ int socket_type = SOCK_STREAM;
+ ENGINE *e = NULL;
+ char *inrand = NULL;
+ int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+ char *passarg = NULL, *pass = NULL;
+ char *dpassarg = NULL, *dpass = NULL;
+ int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
+ X509 *s_cert = NULL, *s_dcert = NULL;
+ EVP_PKEY *s_key = NULL, *s_dkey = NULL;
+ int no_cache = 0;
+#ifndef OPENSSL_NO_TLSEXT
+ EVP_PKEY *s_key2 = NULL;
+ X509 *s_cert2 = NULL;
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+ tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
+#endif
+
+ meth = SSLv23_server_method();
+
+ local_argc = argc;
+ local_argv = argv;
+
+ apps_startup();
+#ifdef MONOLITH
+ s_server_init();
+#endif
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ verify_depth = 0;
+#ifdef FIONBIO
+ s_nbio = 0;
+#endif
+ s_nbio_test = 0;
+
+ argc--;
+ argv++;
+
+ while (argc >= 1) {
+ if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) {
+ if (--argc < 1)
+ goto bad;
+ if (!extract_port(*(++argv), &port))
+ goto bad;
+ } else if (strcmp(*argv, "-verify") == 0) {
+ s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+ if (--argc < 1)
+ goto bad;
+ verify_depth = atoi(*(++argv));
+ BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+ } else if (strcmp(*argv, "-Verify") == 0) {
+ s_server_verify =
+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
+ SSL_VERIFY_CLIENT_ONCE;
+ if (--argc < 1)
+ goto bad;
+ verify_depth = atoi(*(++argv));
+ BIO_printf(bio_err,
+ "verify depth is %d, must return a certificate\n",
+ verify_depth);
+ } else if (strcmp(*argv, "-context") == 0) {
+ if (--argc < 1)
+ goto bad;
+ context = (unsigned char *)*(++argv);
+ } else if (strcmp(*argv, "-cert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_cert_file = *(++argv);
+ } else if (strcmp(*argv, "-certform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_cert_format = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_key_file = *(++argv);
+ } else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_key_format = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-pass") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passarg = *(++argv);
+ } else if (strcmp(*argv, "-dhparam") == 0) {
+ if (--argc < 1)
+ goto bad;
+ dhfile = *(++argv);
+ }
+#ifndef OPENSSL_NO_ECDH
+ else if (strcmp(*argv, "-named_curve") == 0) {
+ if (--argc < 1)
+ goto bad;
+ named_curve = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv, "-dcertform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_dcert_format = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-dcert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_dcert_file = *(++argv);
+ } else if (strcmp(*argv, "-dkeyform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_dkey_format = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-dpass") == 0) {
+ if (--argc < 1)
+ goto bad;
+ dpassarg = *(++argv);
+ } else if (strcmp(*argv, "-dkey") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_dkey_file = *(++argv);
+ } else if (strcmp(*argv, "-nocert") == 0) {
+ nocert = 1;
+ } else if (strcmp(*argv, "-CApath") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CApath = *(++argv);
+ } else if (strcmp(*argv, "-no_cache") == 0)
+ no_cache = 1;
+ else if (strcmp(*argv, "-crl_check") == 0) {
+ vflags |= X509_V_FLAG_CRL_CHECK;
+ } else if (strcmp(*argv, "-crl_check_all") == 0) {
+ vflags |= X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL;
+ } else if (strcmp(*argv, "-serverpref") == 0) {
+ off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
+ } else if (strcmp(*argv, "-legacy_renegotiation") == 0)
+ off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+ else if (strcmp(*argv, "-cipher") == 0) {
+ if (--argc < 1)
+ goto bad;
+ cipher = *(++argv);
+ } else if (strcmp(*argv, "-CAfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAfile = *(++argv);
+ }
+#ifdef FIONBIO
+ else if (strcmp(*argv, "-nbio") == 0) {
+ s_nbio = 1;
+ }
+#endif
+ else if (strcmp(*argv, "-nbio_test") == 0) {
+#ifdef FIONBIO
+ s_nbio = 1;
+#endif
+ s_nbio_test = 1;
+ } else if (strcmp(*argv, "-debug") == 0) {
+ s_debug = 1;
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv, "-tlsextdebug") == 0)
+ s_tlsextdebug = 1;
+ else if (strcmp(*argv, "-status") == 0)
+ s_tlsextstatus = 1;
+ else if (strcmp(*argv, "-status_verbose") == 0) {
+ s_tlsextstatus = 1;
+ tlscstatp.verbose = 1;
+ } else if (!strcmp(*argv, "-status_timeout")) {
+ s_tlsextstatus = 1;
+ if (--argc < 1)
+ goto bad;
+ tlscstatp.timeout = atoi(*(++argv));
+ } else if (!strcmp(*argv, "-status_url")) {
+ s_tlsextstatus = 1;
+ if (--argc < 1)
+ goto bad;
+ if (!OCSP_parse_url(*(++argv),
+ &tlscstatp.host,
+ &tlscstatp.port,
+ &tlscstatp.path, &tlscstatp.use_ssl)) {
+ BIO_printf(bio_err, "Error parsing URL\n");
+ goto bad;
+ }
+ }
+#endif
+ else if (strcmp(*argv, "-msg") == 0) {
+ s_msg = 1;
+ } else if (strcmp(*argv, "-hack") == 0) {
+ hack = 1;
+ } else if (strcmp(*argv, "-state") == 0) {
+ state = 1;
+ } else if (strcmp(*argv, "-crlf") == 0) {
+ s_crlf = 1;
+ } else if (strcmp(*argv, "-quiet") == 0) {
+ s_quiet = 1;
+ } else if (strcmp(*argv, "-bugs") == 0) {
+ bugs = 1;
+ } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
+ no_tmp_rsa = 1;
+ } else if (strcmp(*argv, "-no_dhe") == 0) {
+ no_dhe = 1;
+ } else if (strcmp(*argv, "-no_ecdhe") == 0) {
+ no_ecdhe = 1;
+ } else if (strcmp(*argv, "-www") == 0) {
+ www = 1;
+ } else if (strcmp(*argv, "-WWW") == 0) {
+ www = 2;
+ } else if (strcmp(*argv, "-HTTP") == 0) {
+ www = 3;
+ } else if (strcmp(*argv, "-no_ssl2") == 0) {
+ off |= SSL_OP_NO_SSLv2;
+ } else if (strcmp(*argv, "-no_ssl3") == 0) {
+ off |= SSL_OP_NO_SSLv3;
+ } else if (strcmp(*argv, "-no_tls1") == 0) {
+ off |= SSL_OP_NO_TLSv1;
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv, "-no_ticket") == 0) {
+ off |= SSL_OP_NO_TICKET;
+ }
+#endif
+#ifndef OPENSSL_NO_SSL2
+ else if (strcmp(*argv, "-ssl2") == 0) {
+ meth = SSLv2_server_method();
+ }
+#endif
+#ifndef OPENSSL_NO_SSL3
+ else if (strcmp(*argv, "-ssl3") == 0) {
+ meth = SSLv3_server_method();
+ }
+#endif
+#ifndef OPENSSL_NO_TLS1
+ else if (strcmp(*argv, "-tls1") == 0) {
+ meth = TLSv1_server_method();
+ }
+#endif
+#ifndef OPENSSL_NO_DTLS1
+ else if (strcmp(*argv, "-dtls1") == 0) {
+ meth = DTLSv1_server_method();
+ socket_type = SOCK_DGRAM;
+ } else if (strcmp(*argv, "-timeout") == 0)
+ enable_timeouts = 1;
+ else if (strcmp(*argv, "-mtu") == 0) {
+ if (--argc < 1)
+ goto bad;
+ socket_mtu = atol(*(++argv));
+ } else if (strcmp(*argv, "-chain") == 0)
+ cert_chain = 1;
+#endif
+ else if (strcmp(*argv, "-id_prefix") == 0) {
+ if (--argc < 1)
+ goto bad;
+ session_id_prefix = *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine_id = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv, "-rand") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inrand = *(++argv);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ else if (strcmp(*argv, "-servername") == 0) {
+ if (--argc < 1)
+ goto bad;
+ tlsextcbp.servername = *(++argv);
+ } else if (strcmp(*argv, "-servername_fatal") == 0) {
+ tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
+ } else if (strcmp(*argv, "-cert2") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_cert_file2 = *(++argv);
+ } else if (strcmp(*argv, "-key2") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_key_file2 = *(++argv);
+ }
+#endif
+#ifndef OPENSSL_NO_JPAKE
+ else if (strcmp(*argv, "-jpake") == 0) {
+ if (--argc < 1)
+ goto bad;
+ jpake_secret = *(++argv);
+ }
+#endif
+ else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badop = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+ if (badop) {
+ bad:
+ sv_usage();
+ goto end;
+ }
+#ifndef OPENSSL_NO_DTLS1
+ if (www && socket_type == SOCK_DGRAM) {
+ BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n");
+ goto end;
+ }
+#endif
+
+ SSL_load_error_strings();
+ OpenSSL_add_ssl_algorithms();
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine_id, 1);
+#endif
+
+ if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (s_key_file == NULL)
+ s_key_file = s_cert_file;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_key_file2 == NULL)
+ s_key_file2 = s_cert_file2;
+#endif
+
+ if (nocert == 0) {
+ s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
+ "server certificate private key file");
+ if (!s_key) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ s_cert = load_cert(bio_err, s_cert_file, s_cert_format,
+ NULL, e, "server certificate file");
+
+ if (!s_cert) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ if (tlsextcbp.servername) {
+ s_key2 = load_key(bio_err, s_key_file2, s_key_format, 0, pass, e,
+ "second server certificate private key file");
+ if (!s_key2) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ s_cert2 = load_cert(bio_err, s_cert_file2, s_cert_format,
+ NULL, e, "second server certificate file");
+
+ if (!s_cert2) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+#endif
+ }
+ if (s_dcert_file) {
+
+ if (s_dkey_file == NULL)
+ s_dkey_file = s_dcert_file;
+
+ s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
+ 0, dpass, e, "second certificate private key file");
+ if (!s_dkey) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ s_dcert = load_cert(bio_err, s_dcert_file, s_dcert_format,
+ NULL, e, "second server certificate file");
+
+ if (!s_dcert) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ }
+
+ if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+ && !RAND_status()) {
+ BIO_printf(bio_err,
+ "warning, not much extra random data, consider using the -rand option\n");
+ }
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+
+ if (bio_s_out == NULL) {
+ if (s_quiet && !s_debug && !s_msg) {
+ bio_s_out = BIO_new(BIO_s_null());
+ } else {
+ if (bio_s_out == NULL)
+ bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ }
+ }
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+ if (nocert)
+#endif
+ {
+ s_cert_file = NULL;
+ s_key_file = NULL;
+ s_dcert_file = NULL;
+ s_dkey_file = NULL;
+#ifndef OPENSSL_NO_TLSEXT
+ s_cert_file2 = NULL;
+ s_key_file2 = NULL;
+#endif
+ }
+
+ ctx = SSL_CTX_new(meth);
+ if (ctx == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (session_id_prefix) {
+ if (strlen(session_id_prefix) >= 32)
+ BIO_printf(bio_err,
+ "warning: id_prefix is too long, only one new session will be possible\n");
+ else if (strlen(session_id_prefix) >= 16)
+ BIO_printf(bio_err,
+ "warning: id_prefix is too long if you use SSLv2\n");
+ if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
+ BIO_printf(bio_err, "error setting 'id_prefix'\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
+ }
+ SSL_CTX_set_quiet_shutdown(ctx, 1);
+ if (bugs)
+ SSL_CTX_set_options(ctx, SSL_OP_ALL);
+ if (hack)
+ SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+ SSL_CTX_set_options(ctx, off);
+ /*
+ * DTLS: partial reads end up discarding unread UDP bytes :-( Setting
+ * read ahead solves this problem.
+ */
+ if (socket_type == SOCK_DGRAM)
+ SSL_CTX_set_read_ahead(ctx, 1);
+
+ if (state)
+ SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
+ if (no_cache)
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+ else
+ SSL_CTX_sess_set_cache_size(ctx, 128);
+
+#if 0
+ if (cipher == NULL)
+ cipher = getenv("SSL_CIPHER");
+#endif
+
+#if 0
+ if (s_cert_file == NULL) {
+ BIO_printf(bio_err,
+ "You must specify a certificate file for the server to use\n");
+ goto end;
+ }
+#endif
+
+ if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(ctx))) {
+ /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
+ ERR_print_errors(bio_err);
+ /* goto end; */
+ }
+ store = SSL_CTX_get_cert_store(ctx);
+ X509_STORE_set_flags(store, vflags);
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_cert2) {
+ ctx2 = SSL_CTX_new(meth);
+ if (ctx2 == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (ctx2) {
+ BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
+
+ if (session_id_prefix) {
+ if (strlen(session_id_prefix) >= 32)
+ BIO_printf(bio_err,
+ "warning: id_prefix is too long, only one new session will be possible\n");
+ else if (strlen(session_id_prefix) >= 16)
+ BIO_printf(bio_err,
+ "warning: id_prefix is too long if you use SSLv2\n");
+ if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
+ BIO_printf(bio_err, "error setting 'id_prefix'\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
+ }
+ SSL_CTX_set_quiet_shutdown(ctx2, 1);
+ if (bugs)
+ SSL_CTX_set_options(ctx2, SSL_OP_ALL);
+ if (hack)
+ SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
+ SSL_CTX_set_options(ctx2, off);
+
+ /*
+ * DTLS: partial reads end up discarding unread UDP bytes :-(
+ * Setting read ahead solves this problem.
+ */
+ if (socket_type == SOCK_DGRAM)
+ SSL_CTX_set_read_ahead(ctx2, 1);
+
+ if (state)
+ SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
+
+ if (no_cache)
+ SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
+ else
+ SSL_CTX_sess_set_cache_size(ctx2, 128);
+
+ if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(ctx2))) {
+ ERR_print_errors(bio_err);
+ }
+ store = SSL_CTX_get_cert_store(ctx2);
+ X509_STORE_set_flags(store, vflags);
+ }
+#endif
+
+#ifndef OPENSSL_NO_DH
+ if (!no_dhe) {
+ DH *dh = NULL;
+
+ if (dhfile)
+ dh = load_dh_param(dhfile);
+ else if (s_cert_file)
+ dh = load_dh_param(s_cert_file);
+
+ if (dh != NULL) {
+ BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+ } else {
+ BIO_printf(bio_s_out, "Using default temp DH parameters\n");
+ dh = get_dh512();
+ }
+ (void)BIO_flush(bio_s_out);
+
+ SSL_CTX_set_tmp_dh(ctx, dh);
+# ifndef OPENSSL_NO_TLSEXT
+ if (ctx2) {
+ if (!dhfile) {
+ DH *dh2 = load_dh_param(s_cert_file2);
+ if (dh2 != NULL) {
+ BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+ (void)BIO_flush(bio_s_out);
+
+ DH_free(dh);
+ dh = dh2;
+ }
+ }
+ SSL_CTX_set_tmp_dh(ctx2, dh);
+ }
+# endif
+ DH_free(dh);
+ }
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+ if (!no_ecdhe) {
+ EC_KEY *ecdh = NULL;
+
+ if (named_curve) {
+ int nid = OBJ_sn2nid(named_curve);
+
+ if (nid == 0) {
+ BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
+ goto end;
+ }
+ ecdh = EC_KEY_new_by_curve_name(nid);
+ if (ecdh == NULL) {
+ BIO_printf(bio_err, "unable to create curve (%s)\n",
+ named_curve);
+ goto end;
+ }
+ }
+
+ if (ecdh != NULL) {
+ BIO_printf(bio_s_out, "Setting temp ECDH parameters\n");
+ } else {
+ BIO_printf(bio_s_out, "Using default temp ECDH parameters\n");
+ ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);
+ if (ecdh == NULL) {
+ BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
+ goto end;
+ }
+ }
+ (void)BIO_flush(bio_s_out);
+
+ SSL_CTX_set_tmp_ecdh(ctx, ecdh);
+# ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ SSL_CTX_set_tmp_ecdh(ctx2, ecdh);
+# endif
+ EC_KEY_free(ecdh);
+ }
+#endif
+
+ if (!set_cert_key_stuff(ctx, s_cert, s_key))
+ goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2))
+ goto end;
+#endif
+ if (s_dcert != NULL) {
+ if (!set_cert_key_stuff(ctx, s_dcert, s_dkey))
+ goto end;
+ }
+#ifndef OPENSSL_NO_RSA
+# if 1
+ if (!no_tmp_rsa) {
+ SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
+# ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb);
+# endif
+ }
+# else
+ if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx)) {
+ RSA *rsa;
+
+ BIO_printf(bio_s_out, "Generating temp (512 bit) RSA key...");
+ BIO_flush(bio_s_out);
+
+ rsa = RSA_generate_key(512, RSA_F4, NULL);
+
+ if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+# ifndef OPENSSL_NO_TLSEXT
+ if (ctx2) {
+ if (!SSL_CTX_set_tmp_rsa(ctx2, rsa)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+# endif
+ RSA_free(rsa);
+ BIO_printf(bio_s_out, "\n");
+ }
+# endif
+#endif
+
+ if (cipher != NULL)
+ if (!SSL_CTX_set_cipher_list(ctx, cipher)) {
+ BIO_printf(bio_err, "error setting cipher list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2 && !SSL_CTX_set_cipher_list(ctx2, cipher)) {
+ BIO_printf(bio_err, "error setting cipher list\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+#endif
+ }
+ SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
+ SSL_CTX_set_session_id_context(ctx, (void *)&s_server_session_id_context,
+ sizeof s_server_session_id_context);
+
+ /* Set DTLS cookie generation and verification callbacks */
+ SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
+ SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
+
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2) {
+ SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
+ SSL_CTX_set_session_id_context(ctx2,
+ (void *)&s_server_session_id_context,
+ sizeof s_server_session_id_context);
+
+ tlsextcbp.biodebug = bio_s_out;
+ SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
+ SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+ SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+ }
+#endif
+ if (CAfile != NULL) {
+ SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx2)
+ SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
+#endif
+ }
+ BIO_printf(bio_s_out, "ACCEPT\n");
+ if (www)
+ do_server(port, socket_type, &accept_socket, www_body, context);
+ else
+ do_server(port, socket_type, &accept_socket, sv_body, context);
+ print_stats(bio_s_out, ctx);
+ ret = 0;
+ end:
+ if (ctx != NULL)
+ SSL_CTX_free(ctx);
+ if (s_cert)
+ X509_free(s_cert);
+ if (s_dcert)
+ X509_free(s_dcert);
+ if (s_key)
+ EVP_PKEY_free(s_key);
+ if (s_dkey)
+ EVP_PKEY_free(s_dkey);
+ if (pass)
+ OPENSSL_free(pass);
+ if (dpass)
+ OPENSSL_free(dpass);
+#ifndef OPENSSL_NO_TLSEXT
+ if (tlscstatp.host)
+ OPENSSL_free(tlscstatp.host);
+ if (tlscstatp.port)
+ OPENSSL_free(tlscstatp.port);
+ if (tlscstatp.path)
+ OPENSSL_free(tlscstatp.path);
+ if (ctx2 != NULL)
+ SSL_CTX_free(ctx2);
+ if (s_cert2)
+ X509_free(s_cert2);
+ if (s_key2)
+ EVP_PKEY_free(s_key2);
+#endif
+ if (bio_s_out != NULL) {
+ BIO_free(bio_s_out);
+ bio_s_out = NULL;
+ }
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+{
+ BIO_printf(bio, "%4ld items in the session cache\n",
+ SSL_CTX_sess_number(ssl_ctx));
+ BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
+ SSL_CTX_sess_connect(ssl_ctx));
+ BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
+ SSL_CTX_sess_connect_renegotiate(ssl_ctx));
+ BIO_printf(bio, "%4ld client connects that finished\n",
+ SSL_CTX_sess_connect_good(ssl_ctx));
+ BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
+ SSL_CTX_sess_accept(ssl_ctx));
+ BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
+ SSL_CTX_sess_accept_renegotiate(ssl_ctx));
+ BIO_printf(bio, "%4ld server accepts that finished\n",
+ SSL_CTX_sess_accept_good(ssl_ctx));
+ BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
+ BIO_printf(bio, "%4ld session cache misses\n",
+ SSL_CTX_sess_misses(ssl_ctx));
+ BIO_printf(bio, "%4ld session cache timeouts\n",
+ SSL_CTX_sess_timeouts(ssl_ctx));
+ BIO_printf(bio, "%4ld callback cache hits\n",
+ SSL_CTX_sess_cb_hits(ssl_ctx));
+ BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
+ SSL_CTX_sess_cache_full(ssl_ctx),
+ SSL_CTX_sess_get_cache_size(ssl_ctx));
+}
+
+static int sv_body(char *hostname, int s, unsigned char *context)
+{
+ char *buf = NULL;
+ fd_set readfds;
+ int ret = 1, width;
+ int k, i;
+ unsigned long l;
+ SSL *con = NULL;
+ BIO *sbio;
+ struct timeval timeout;
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+ struct timeval tv;
+#else
+ struct timeval *timeoutp;
+#endif
+
+ if ((buf = OPENSSL_malloc(bufsize)) == NULL) {
+ BIO_printf(bio_err, "out of memory\n");
+ goto err;
+ }
+#ifdef FIONBIO
+ if (s_nbio) {
+ unsigned long sl = 1;
+
+ if (!s_quiet)
+ BIO_printf(bio_err, "turning on non blocking io\n");
+ if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
+ ERR_print_errors(bio_err);
+ }
+#endif
+
+ if (con == NULL) {
+ con = SSL_new(ctx);
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_tlsextdebug) {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
+ }
+ if (s_tlsextstatus) {
+ SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
+ tlscstatp.err = bio_err;
+ SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
+ }
+#endif
+#ifndef OPENSSL_NO_KRB5
+ if ((con->kssl_ctx = kssl_ctx_new()) != NULL) {
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+ }
+#endif /* OPENSSL_NO_KRB5 */
+ if (context)
+ SSL_set_session_id_context(con, context, strlen((char *)context));
+ }
+ SSL_clear(con);
+
+ if (SSL_version(con) == DTLS1_VERSION) {
+
+ sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+
+ if (enable_timeouts) {
+ timeout.tv_sec = 0;
+ timeout.tv_usec = DGRAM_RCV_TIMEOUT;
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+
+ timeout.tv_sec = 0;
+ timeout.tv_usec = DGRAM_SND_TIMEOUT;
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
+ }
+
+ if (socket_mtu > 28) {
+ SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
+ SSL_set_mtu(con, socket_mtu - 28);
+ } else
+ /* want to do MTU discovery */
+ BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+
+ /* turn on cookie exchange */
+ SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
+ } else
+ sbio = BIO_new_socket(s, BIO_NOCLOSE);
+
+ if (s_nbio_test) {
+ BIO *test;
+
+ test = BIO_new(BIO_f_nbio_test());
+ sbio = BIO_push(test, sbio);
+ }
+#ifndef OPENSSL_NO_JPAKE
+ if (jpake_secret)
+ jpake_server_auth(bio_s_out, sbio, jpake_secret);
+#endif
+
+ SSL_set_bio(con, sbio, sbio);
+ SSL_set_accept_state(con);
+ /* SSL_set_fd(con,s); */
+
+ if (s_debug) {
+ con->debug = 1;
+ BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+ BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
+ }
+ if (s_msg) {
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_s_out);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_tlsextdebug) {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
+ }
+#endif
+
+ width = s + 1;
+ for (;;) {
+ int read_from_terminal;
+ int read_from_sslcon;
+
+ read_from_terminal = 0;
+ read_from_sslcon = SSL_pending(con);
+
+ if (!read_from_sslcon) {
+ FD_ZERO(&readfds);
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
+ FD_SET(fileno(stdin), &readfds);
+#endif
+ FD_SET(s, &readfds);
+ /*
+ * Note: under VMS with SOCKETSHR the second parameter is
+ * currently of type (int *) whereas under other systems it is
+ * (void *) if you don't have a cast it will choke the compiler:
+ * if you do have a cast then you can either go for (int *) or
+ * (void *).
+ */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
+ /*
+ * Under DOS (non-djgpp) and Windows we can't select on stdin:
+ * only on sockets. As a workaround we timeout the select every
+ * second and check for any keypress. In a proper Windows
+ * application we wouldn't do this because it is inefficient.
+ */
+ tv.tv_sec = 1;
+ tv.tv_usec = 0;
+ i = select(width, (void *)&readfds, NULL, NULL, &tv);
+ if ((i < 0) || (!i && !_kbhit()))
+ continue;
+ if (_kbhit())
+ read_from_terminal = 1;
+#else
+ if ((SSL_version(con) == DTLS1_VERSION) &&
+ DTLSv1_get_timeout(con, &timeout))
+ timeoutp = &timeout;
+ else
+ timeoutp = NULL;
+
+ i = select(width, (void *)&readfds, NULL, NULL, timeoutp);
+
+ if ((SSL_version(con) == DTLS1_VERSION)
+ && DTLSv1_handle_timeout(con) > 0) {
+ BIO_printf(bio_err, "TIMEOUT occured\n");
+ }
+
+ if (i <= 0)
+ continue;
+ if (FD_ISSET(fileno(stdin), &readfds))
+ read_from_terminal = 1;
+#endif
+ if (FD_ISSET(s, &readfds))
+ read_from_sslcon = 1;
+ }
+ if (read_from_terminal) {
+ if (s_crlf) {
+ int j, lf_num;
+
+ i = read(fileno(stdin), buf, bufsize / 2);
+ lf_num = 0;
+ /* both loops are skipped when i <= 0 */
+ for (j = 0; j < i; j++)
+ if (buf[j] == '\n')
+ lf_num++;
+ for (j = i - 1; j >= 0; j--) {
+ buf[j + lf_num] = buf[j];
+ if (buf[j] == '\n') {
+ lf_num--;
+ i++;
+ buf[j + lf_num] = '\r';
+ }
+ }
+ assert(lf_num == 0);
+ } else
+ i = read(fileno(stdin), buf, bufsize);
+ if (!s_quiet) {
+ if ((i <= 0) || (buf[0] == 'Q')) {
+ BIO_printf(bio_s_out, "DONE\n");
+ SHUTDOWN(s);
+ close_accept_socket();
+ ret = -11;
+ goto err;
+ }
+ if ((i <= 0) || (buf[0] == 'q')) {
+ BIO_printf(bio_s_out, "DONE\n");
+ if (SSL_version(con) != DTLS1_VERSION)
+ SHUTDOWN(s);
+ /*
+ * close_accept_socket(); ret= -11;
+ */
+ goto err;
+ }
+ if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+ SSL_renegotiate(con);
+ i = SSL_do_handshake(con);
+ printf("SSL_do_handshake -> %d\n", i);
+ i = 0; /* 13; */
+ continue;
+ /*
+ * strcpy(buf,"server side RE-NEGOTIATE\n");
+ */
+ }
+ if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+ SSL_set_verify(con,
+ SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+ NULL);
+ SSL_renegotiate(con);
+ i = SSL_do_handshake(con);
+ printf("SSL_do_handshake -> %d\n", i);
+ i = 0; /* 13; */
+ continue;
+ /*
+ * strcpy(buf,"server side RE-NEGOTIATE asking for client
+ * cert\n");
+ */
+ }
+ if (buf[0] == 'P') {
+ static const char *str = "Lets print some clear text\n";
+ BIO_write(SSL_get_wbio(con), str, strlen(str));
+ }
+ if (buf[0] == 'S') {
+ print_stats(bio_s_out, SSL_get_SSL_CTX(con));
+ }
+ }
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(buf, buf, i);
+#endif
+ l = k = 0;
+ for (;;) {
+ /* should do a select for the write */
+#ifdef RENEG
+ {
+ static count = 0;
+ if (++count == 100) {
+ count = 0;
+ SSL_renegotiate(con);
+ }
+ }
+#endif
+ k = SSL_write(con, &(buf[l]), (unsigned int)i);
+ switch (SSL_get_error(con, k)) {
+ case SSL_ERROR_NONE:
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_printf(bio_s_out, "Write BLOCK\n");
+ break;
+ case SSL_ERROR_SYSCALL:
+ case SSL_ERROR_SSL:
+ BIO_printf(bio_s_out, "ERROR\n");
+ ERR_print_errors(bio_err);
+ ret = 1;
+ goto err;
+ /* break; */
+ case SSL_ERROR_ZERO_RETURN:
+ BIO_printf(bio_s_out, "DONE\n");
+ ret = 1;
+ goto err;
+ }
+ l += k;
+ i -= k;
+ if (i <= 0)
+ break;
+ }
+ }
+ if (read_from_sslcon) {
+ if (!SSL_is_init_finished(con)) {
+ i = init_ssl_connection(con);
+
+ if (i < 0) {
+ ret = 0;
+ goto err;
+ } else if (i == 0) {
+ ret = 1;
+ goto err;
+ }
+ } else {
+ again:
+ i = SSL_read(con, (char *)buf, bufsize);
+ switch (SSL_get_error(con, i)) {
+ case SSL_ERROR_NONE:
+#ifdef CHARSET_EBCDIC
+ ascii2ebcdic(buf, buf, i);
+#endif
+ if (write(fileno(stdout), buf, (unsigned int)i) != i)
+ goto err;
+
+ if (SSL_pending(con))
+ goto again;
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_printf(bio_s_out, "Read BLOCK\n");
+ break;
+ case SSL_ERROR_SYSCALL:
+ case SSL_ERROR_SSL:
+ BIO_printf(bio_s_out, "ERROR\n");
+ ERR_print_errors(bio_err);
+ ret = 1;
+ goto err;
+ case SSL_ERROR_ZERO_RETURN:
+ BIO_printf(bio_s_out, "DONE\n");
+ ret = 1;
+ goto err;
+ }
+ }
+ }
+ }
+ err:
+ BIO_printf(bio_s_out, "shutting down SSL\n");
+#if 1
+ SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+#else
+ SSL_shutdown(con);
+#endif
+ if (con != NULL)
+ SSL_free(con);
+ BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, bufsize);
+ OPENSSL_free(buf);
+ }
+ if (ret >= 0)
+ BIO_printf(bio_s_out, "ACCEPT\n");
+ return (ret);
+}
+
+static void close_accept_socket(void)
+{
+ BIO_printf(bio_err, "shutdown accept socket\n");
+ if (accept_socket >= 0) {
+ SHUTDOWN2(accept_socket);
+ }
+}
+
+static int init_ssl_connection(SSL *con)
+{
+ int i;
+ const char *str;
+ X509 *peer;
+ long verify_error;
+ MS_STATIC char buf[BUFSIZ];
+
+ if ((i = SSL_accept(con)) <= 0) {
+ if (BIO_sock_should_retry(i)) {
+ BIO_printf(bio_s_out, "DELAY\n");
+ return (1);
+ }
+
+ BIO_printf(bio_err, "ERROR\n");
+ verify_error = SSL_get_verify_result(con);
+ if (verify_error != X509_V_OK) {
+ BIO_printf(bio_err, "verify error:%s\n",
+ X509_verify_cert_error_string(verify_error));
+ } else
+ ERR_print_errors(bio_err);
+ return (0);
+ }
+
+ PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
+
+ peer = SSL_get_peer_certificate(con);
+ if (peer != NULL) {
+ BIO_printf(bio_s_out, "Client certificate\n");
+ PEM_write_bio_X509(bio_s_out, peer);
+ X509_NAME_oneline(X509_get_subject_name(peer), buf, sizeof buf);
+ BIO_printf(bio_s_out, "subject=%s\n", buf);
+ X509_NAME_oneline(X509_get_issuer_name(peer), buf, sizeof buf);
+ BIO_printf(bio_s_out, "issuer=%s\n", buf);
+ X509_free(peer);
+ }
+
+ if (SSL_get_shared_ciphers(con, buf, sizeof buf) != NULL)
+ BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
+ str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+ BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
+ if (con->hit)
+ BIO_printf(bio_s_out, "Reused session-id\n");
+ if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) &
+ TLS1_FLAGS_TLS_PADDING_BUG)
+ BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n");
+#ifndef OPENSSL_NO_KRB5
+ if (con->kssl_ctx->client_princ != NULL) {
+ BIO_printf(bio_s_out, "Kerberos peer principal is %s\n",
+ con->kssl_ctx->client_princ);
+ }
+#endif /* OPENSSL_NO_KRB5 */
+ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
+ SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
+ return (1);
+}
+
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(const char *dhfile)
+{
+ DH *ret = NULL;
+ BIO *bio;
+
+ if ((bio = BIO_new_file(dhfile, "r")) == NULL)
+ goto err;
+ ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+ err:
+ if (bio != NULL)
+ BIO_free(bio);
+ return (ret);
+}
+#endif
+
+#if 0
+static int load_CA(SSL_CTX *ctx, char *file)
+{
+ FILE *in;
+ X509 *x = NULL;
+
+ if ((in = fopen(file, "r")) == NULL)
+ return (0);
+
+ for (;;) {
+ if (PEM_read_X509(in, &x, NULL) == NULL)
+ break;
+ SSL_CTX_add_client_CA(ctx, x);
+ }
+ if (x != NULL)
+ X509_free(x);
+ fclose(in);
+ return (1);
+}
+#endif
+
+static int www_body(char *hostname, int s, unsigned char *context)
+{
+ char *buf = NULL;
+ int ret = 1;
+ int i, j, k, dot;
+ struct stat st_buf;
+ SSL *con;
+ SSL_CIPHER *c;
+ BIO *io, *ssl_bio, *sbio;
+#ifdef RENEG
+ long total_bytes;
+#endif
+
+ buf = OPENSSL_malloc(bufsize);
+ if (buf == NULL)
+ return (0);
+ io = BIO_new(BIO_f_buffer());
+ ssl_bio = BIO_new(BIO_f_ssl());
+ if ((io == NULL) || (ssl_bio == NULL))
+ goto err;
+
+#ifdef FIONBIO
+ if (s_nbio) {
+ unsigned long sl = 1;
+
+ if (!s_quiet)
+ BIO_printf(bio_err, "turning on non blocking io\n");
+ if (BIO_socket_ioctl(s, FIONBIO, &sl) < 0)
+ ERR_print_errors(bio_err);
+ }
+#endif
+
+ /* lets make the output buffer a reasonable size */
+ if (!BIO_set_write_buffer_size(io, bufsize))
+ goto err;
+
+ if ((con = SSL_new(ctx)) == NULL)
+ goto err;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s_tlsextdebug) {
+ SSL_set_tlsext_debug_callback(con, tlsext_cb);
+ SSL_set_tlsext_debug_arg(con, bio_s_out);
+ }
+#endif
+#ifndef OPENSSL_NO_KRB5
+ if ((con->kssl_ctx = kssl_ctx_new()) != NULL) {
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
+ kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+ }
+#endif /* OPENSSL_NO_KRB5 */
+ if (context)
+ SSL_set_session_id_context(con, context, strlen((char *)context));
+
+ sbio = BIO_new_socket(s, BIO_NOCLOSE);
+ if (s_nbio_test) {
+ BIO *test;
+
+ test = BIO_new(BIO_f_nbio_test());
+ sbio = BIO_push(test, sbio);
+ }
+ SSL_set_bio(con, sbio, sbio);
+ SSL_set_accept_state(con);
+
+ /* SSL_set_fd(con,s); */
+ BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
+ BIO_push(io, ssl_bio);
+#ifdef CHARSET_EBCDIC
+ io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+#endif
+
+ if (s_debug) {
+ con->debug = 1;
+ BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+ BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
+ }
+ if (s_msg) {
+ SSL_set_msg_callback(con, msg_cb);
+ SSL_set_msg_callback_arg(con, bio_s_out);
+ }
+
+ for (;;) {
+ if (hack) {
+ i = SSL_accept(con);
+
+ switch (SSL_get_error(con, i)) {
+ case SSL_ERROR_NONE:
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ continue;
+ case SSL_ERROR_SYSCALL:
+ case SSL_ERROR_SSL:
+ case SSL_ERROR_ZERO_RETURN:
+ ret = 1;
+ goto err;
+ /* break; */
+ }
+
+ SSL_renegotiate(con);
+ SSL_write(con, NULL, 0);
+ }
+
+ i = BIO_gets(io, buf, bufsize - 1);
+ if (i < 0) { /* error */
+ if (!BIO_should_retry(io)) {
+ if (!s_quiet)
+ ERR_print_errors(bio_err);
+ goto err;
+ } else {
+ BIO_printf(bio_s_out, "read R BLOCK\n");
+#if defined(OPENSSL_SYS_NETWARE)
+ delay(1000);
+#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
+ sleep(1);
+#endif
+ continue;
+ }
+ } else if (i == 0) { /* end of input */
+ ret = 1;
+ goto end;
+ }
+
+ /* else we have data */
+ if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
+ ((www == 2) && (strncmp("GET /stats ", buf, 10) == 0))) {
+ char *p;
+ X509 *peer;
+ STACK_OF(SSL_CIPHER) *sk;
+ static const char *space = " ";
+
+ BIO_puts(io,
+ "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+ BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
+ BIO_puts(io, "<pre>\n");
+/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
+ BIO_puts(io, "\n");
+ for (i = 0; i < local_argc; i++) {
+ BIO_puts(io, local_argv[i]);
+ BIO_write(io, " ", 1);
+ }
+ BIO_puts(io, "\n");
+
+ /*
+ * The following is evil and should not really be done
+ */
+ BIO_printf(io, "Ciphers supported in s_server binary\n");
+ sk = SSL_get_ciphers(con);
+ j = sk_SSL_CIPHER_num(sk);
+ for (i = 0; i < j; i++) {
+ c = sk_SSL_CIPHER_value(sk, i);
+ BIO_printf(io, "%-11s:%-25s",
+ SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+ if ((((i + 1) % 2) == 0) && (i + 1 != j))
+ BIO_puts(io, "\n");
+ }
+ BIO_puts(io, "\n");
+ p = SSL_get_shared_ciphers(con, buf, bufsize);
+ if (p != NULL) {
+ BIO_printf(io,
+ "---\nCiphers common between both SSL end points:\n");
+ j = i = 0;
+ while (*p) {
+ if (*p == ':') {
+ BIO_write(io, space, 26 - j);
+ i++;
+ j = 0;
+ BIO_write(io, ((i % 3) ? " " : "\n"), 1);
+ } else {
+ BIO_write(io, p, 1);
+ j++;
+ }
+ p++;
+ }
+ BIO_puts(io, "\n");
+ }
+ BIO_printf(io, ((con->hit)
+ ? "---\nReused, " : "---\nNew, "));
+ c = SSL_get_current_cipher(con);
+ BIO_printf(io, "%s, Cipher is %s\n",
+ SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+ SSL_SESSION_print(io, SSL_get_session(con));
+ BIO_printf(io, "---\n");
+ print_stats(io, SSL_get_SSL_CTX(con));
+ BIO_printf(io, "---\n");
+ peer = SSL_get_peer_certificate(con);
+ if (peer != NULL) {
+ BIO_printf(io, "Client certificate\n");
+ X509_print(io, peer);
+ PEM_write_bio_X509(io, peer);
+ } else
+ BIO_puts(io, "no client certificate available\n");
+ BIO_puts(io, "</BODY></HTML>\r\n\r\n");
+ break;
+ } else if ((www == 2 || www == 3)
+ && (strncmp("GET /", buf, 5) == 0)) {
+ BIO *file;
+ char *p, *e;
+ static const char *text =
+ "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+
+ /* skip the '/' */
+ p = &(buf[5]);
+
+ dot = 1;
+ for (e = p; *e != '\0'; e++) {
+ if (e[0] == ' ')
+ break;
+
+ switch (dot) {
+ case 1:
+ dot = (e[0] == '.') ? 2 : 0;
+ break;
+ case 2:
+ dot = (e[0] == '.') ? 3 : 0;
+ break;
+ case 3:
+ dot = (e[0] == '/') ? -1 : 0;
+ break;
+ }
+ if (dot == 0)
+ dot = (e[0] == '/') ? 1 : 0;
+ }
+ dot = (dot == 3) || (dot == -1); /* filename contains ".."
+ * component */
+
+ if (*e == '\0') {
+ BIO_puts(io, text);
+ BIO_printf(io, "'%s' is an invalid file name\r\n", p);
+ break;
+ }
+ *e = '\0';
+
+ if (dot) {
+ BIO_puts(io, text);
+ BIO_printf(io, "'%s' contains '..' reference\r\n", p);
+ break;
+ }
+
+ if (*p == '/') {
+ BIO_puts(io, text);
+ BIO_printf(io, "'%s' is an invalid path\r\n", p);
+ break;
+ }
+#if 0
+ /* append if a directory lookup */
+ if (e[-1] == '/')
+ strcat(p, "index.html");
+#endif
+
+ /* if a directory, do the index thang */
+ if (stat(p, &st_buf) < 0) {
+ BIO_puts(io, text);
+ BIO_printf(io, "Error accessing '%s'\r\n", p);
+ ERR_print_errors(io);
+ break;
+ }
+ if (S_ISDIR(st_buf.st_mode)) {
+#if 0 /* must check buffer size */
+ strcat(p, "/index.html");
+#else
+ BIO_puts(io, text);
+ BIO_printf(io, "'%s' is a directory\r\n", p);
+ break;
+#endif
+ }
+
+ if ((file = BIO_new_file(p, "r")) == NULL) {
+ BIO_puts(io, text);
+ BIO_printf(io, "Error opening '%s'\r\n", p);
+ ERR_print_errors(io);
+ break;
+ }
+
+ if (!s_quiet)
+ BIO_printf(bio_err, "FILE:%s\n", p);
+
+ if (www == 2) {
+ i = strlen(p);
+ if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
+ ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
+ ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
+ BIO_puts(io,
+ "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+ else
+ BIO_puts(io,
+ "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+ }
+ /* send the file */
+#ifdef RENEG
+ total_bytes = 0;
+#endif
+ for (;;) {
+ i = BIO_read(file, buf, bufsize);
+ if (i <= 0)
+ break;
+
+#ifdef RENEG
+ total_bytes += i;
+ fprintf(stderr, "%d\n", i);
+ if (total_bytes > 3 * 1024) {
+ total_bytes = 0;
+ fprintf(stderr, "RENEGOTIATE\n");
+ SSL_renegotiate(con);
+ }
+#endif
+
+ for (j = 0; j < i;) {
+#ifdef RENEG
+ {
+ static count = 0;
+ if (++count == 13) {
+ SSL_renegotiate(con);
+ }
+ }
+#endif
+ k = BIO_write(io, &(buf[j]), i - j);
+ if (k <= 0) {
+ if (!BIO_should_retry(io))
+ goto write_error;
+ else {
+ BIO_printf(bio_s_out, "rwrite W BLOCK\n");
+ }
+ } else {
+ j += k;
+ }
+ }
+ }
+ write_error:
+ BIO_free(file);
+ break;
+ }
+ }
+
+ for (;;) {
+ i = (int)BIO_flush(io);
+ if (i <= 0) {
+ if (!BIO_should_retry(io))
+ break;
+ } else
+ break;
+ }
+ end:
+#if 1
+ /* make sure we re-use sessions */
+ SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+#else
+ /* This kills performance */
+ /*
+ * SSL_shutdown(con); A shutdown gets sent in the BIO_free_all(io)
+ * procession
+ */
+#endif
+
+ err:
+
+ if (ret >= 0)
+ BIO_printf(bio_s_out, "ACCEPT\n");
+
+ if (buf != NULL)
+ OPENSSL_free(buf);
+ if (io != NULL)
+ BIO_free_all(io);
+/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
+ return (ret);
+}
+
+#ifndef OPENSSL_NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
+{
+ BIGNUM *bn = NULL;
+ static RSA *rsa_tmp = NULL;
+
+ if (!rsa_tmp && ((bn = BN_new()) == NULL))
+ BIO_printf(bio_err, "Allocation error in generating RSA key\n");
+ if (!rsa_tmp && bn) {
+ if (!s_quiet) {
+ BIO_printf(bio_err, "Generating temp (%d bit) RSA key...",
+ keylength);
+ (void)BIO_flush(bio_err);
+ }
+ if (!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
+ !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
+ if (rsa_tmp)
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
+ if (!s_quiet) {
+ BIO_printf(bio_err, "\n");
+ (void)BIO_flush(bio_err);
+ }
+ BN_free(bn);
+ }
+ return (rsa_tmp);
+}
+#endif
+
+#define MAX_SESSION_ID_ATTEMPTS 10
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+ unsigned int *id_len)
+{
+ unsigned int count = 0;
+ do {
+ RAND_pseudo_bytes(id, *id_len);
+ /*
+ * Prefix the session_id with the required prefix. NB: If our prefix
+ * is too long, clip it - but there will be worse effects anyway, eg.
+ * the server could only possibly create 1 session ID (ie. the
+ * prefix!) so all future session negotiations will fail due to
+ * conflicts.
+ */
+ memcpy(id, session_id_prefix,
+ (strlen(session_id_prefix) < *id_len) ?
+ strlen(session_id_prefix) : *id_len);
+ }
+ while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+ (++count < MAX_SESSION_ID_ATTEMPTS));
+ if (count >= MAX_SESSION_ID_ATTEMPTS)
+ return 0;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/s_socket.c
===================================================================
--- vendor-crypto/openssl/dist/apps/s_socket.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/s_socket.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,622 +0,0 @@
-/* apps/s_socket.c - socket-related functions used by s_client and s_server */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <signal.h>
-
-#ifdef FLAT_INC
-#include "e_os2.h"
-#else
-#include "../e_os2.h"
-#endif
-
-/* With IPv6, it looks like Digital has mixed up the proper order of
- recursive header file inclusion, resulting in the compiler complaining
- that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
- is needed to have fileno() declared correctly... So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-#define __U_INT
-typedef unsigned int u_int;
-#endif
-
-#define USE_SOCKETS
-#define NON_MAIN
-#include "apps.h"
-#undef USE_SOCKETS
-#undef NON_MAIN
-#include "s_apps.h"
-#include <openssl/ssl.h>
-
-#ifdef FLAT_INC
-#include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
-
-#ifndef OPENSSL_NO_SOCK
-
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
-#include "netdb.h"
-#endif
-
-static struct hostent *GetHostByName(char *name);
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
-static void ssl_sock_cleanup(void);
-#endif
-static int ssl_sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port,char *ip, int type);
-static int do_accept(int acc_sock, int *sock, char **host);
-static int host_ip(char *str, unsigned char ip[4]);
-
-#ifdef OPENSSL_SYS_WIN16
-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-#else
-#define SOCKET_PROTOCOL IPPROTO_TCP
-#endif
-
-#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-static int wsa_init_done=0;
-#endif
-
-#ifdef OPENSSL_SYS_WINDOWS
-static struct WSAData wsa_state;
-static int wsa_init_done=0;
-
-#ifdef OPENSSL_SYS_WIN16
-static HWND topWnd=0;
-static FARPROC lpTopWndProc=NULL;
-static FARPROC lpTopHookProc=NULL;
-extern HINSTANCE _hInstance; /* nice global CRT provides */
-
-static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
- LPARAM lParam)
- {
- if (hwnd == topWnd)
- {
- switch(message)
- {
- case WM_DESTROY:
- case WM_CLOSE:
- SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
- ssl_sock_cleanup();
- break;
- }
- }
- return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam);
- }
-
-static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
- {
- topWnd=hwnd;
- return(FALSE);
- }
-
-#endif /* OPENSSL_SYS_WIN32 */
-#endif /* OPENSSL_SYS_WINDOWS */
-
-#ifdef OPENSSL_SYS_WINDOWS
-static void ssl_sock_cleanup(void)
- {
- if (wsa_init_done)
- {
- wsa_init_done=0;
-#ifndef OPENSSL_SYS_WINCE
- WSACancelBlockingCall();
-#endif
- WSACleanup();
- }
- }
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-static void sock_cleanup(void)
- {
- if (wsa_init_done)
- {
- wsa_init_done=0;
- WSACleanup();
- }
- }
-#endif
-
-static int ssl_sock_init(void)
- {
-#ifdef WATT32
- extern int _watt_do_exit;
- _watt_do_exit = 0;
- if (sock_init())
- return (0);
-#elif defined(OPENSSL_SYS_WINDOWS)
- if (!wsa_init_done)
- {
- int err;
-
-#ifdef SIGINT
- signal(SIGINT,(void (*)(int))ssl_sock_cleanup);
-#endif
- wsa_init_done=1;
- memset(&wsa_state,0,sizeof(wsa_state));
- if (WSAStartup(0x0101,&wsa_state)!=0)
- {
- err=WSAGetLastError();
- BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);
- return(0);
- }
-
-#ifdef OPENSSL_SYS_WIN16
- EnumTaskWindows(GetCurrentTask(),enumproc,0L);
- lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
- lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
-
- SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
-#endif /* OPENSSL_SYS_WIN16 */
- }
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
- WORD wVerReq;
- WSADATA wsaData;
- int err;
-
- if (!wsa_init_done)
- {
-
-# ifdef SIGINT
- signal(SIGINT,(void (*)(int))sock_cleanup);
-# endif
-
- wsa_init_done=1;
- wVerReq = MAKEWORD( 2, 0 );
- err = WSAStartup(wVerReq,&wsaData);
- if (err != 0)
- {
- BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err);
- return(0);
- }
- }
-#endif /* OPENSSL_SYS_WINDOWS */
- return(1);
- }
-
-int init_client(int *sock, char *host, int port, int type)
- {
- unsigned char ip[4];
- short p=0;
-
- if (!host_ip(host,&(ip[0])))
- {
- return(0);
- }
- if (p != 0) port=p;
- return(init_client_ip(sock,ip,port,type));
- }
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
- {
- unsigned long addr;
- struct sockaddr_in them;
- int s,i;
-
- if (!ssl_sock_init()) return(0);
-
- memset((char *)&them,0,sizeof(them));
- them.sin_family=AF_INET;
- them.sin_port=htons((unsigned short)port);
- addr=(unsigned long)
- ((unsigned long)ip[0]<<24L)|
- ((unsigned long)ip[1]<<16L)|
- ((unsigned long)ip[2]<< 8L)|
- ((unsigned long)ip[3]);
- them.sin_addr.s_addr=htonl(addr);
-
- if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* ( type == SOCK_DGRAM) */
- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-
- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-
-#ifndef OPENSSL_SYS_MPE
- if (type == SOCK_STREAM)
- {
- i=0;
- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { perror("keepalive"); return(0); }
- }
-#endif
-
- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
- { close(s); perror("connect"); return(0); }
- *sock=s;
- return(1);
- }
-
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
- {
- int sock;
- char *name = NULL;
- int accept_socket;
- int i;
-
- if (!init_server(&accept_socket,port,type)) return(0);
-
- if (ret != NULL)
- {
- *ret=accept_socket;
- /* return(1);*/
- }
- for (;;)
- {
- if (type==SOCK_STREAM)
- {
- if (do_accept(accept_socket,&sock,&name) == 0)
- {
- SHUTDOWN(accept_socket);
- return(0);
- }
- }
- else
- sock = accept_socket;
- i=(*cb)(name,sock, context);
- if (name != NULL) OPENSSL_free(name);
- if (type==SOCK_STREAM)
- SHUTDOWN2(sock);
- if (i < 0)
- {
- SHUTDOWN2(accept_socket);
- return(i);
- }
- }
- }
-
-static int init_server_long(int *sock, int port, char *ip, int type)
- {
- int ret=0;
- struct sockaddr_in server;
- int s= -1;
-
- if (!ssl_sock_init()) return(0);
-
- memset((char *)&server,0,sizeof(server));
- server.sin_family=AF_INET;
- server.sin_port=htons((unsigned short)port);
- if (ip == NULL)
- server.sin_addr.s_addr=INADDR_ANY;
- else
-/* Added for T3E, address-of fails on bit field (beckman at acl.lanl.gov) */
-#ifndef BIT_FIELD_LIMITS
- memcpy(&server.sin_addr.s_addr,ip,4);
-#else
- memcpy(&server.sin_addr,ip,4);
-#endif
-
- if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* type == SOCK_DGRAM */
- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-
- if (s == INVALID_SOCKET) goto err;
-#if defined SOL_SOCKET && defined SO_REUSEADDR
- {
- int j = 1;
- setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
- (void *) &j, sizeof j);
- }
-#endif
- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
- {
-#ifndef OPENSSL_SYS_WINDOWS
- perror("bind");
-#endif
- goto err;
- }
- /* Make it 128 for linux */
- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
- *sock=s;
- ret=1;
-err:
- if ((ret == 0) && (s != -1))
- {
- SHUTDOWN(s);
- }
- return(ret);
- }
-
-static int init_server(int *sock, int port, int type)
- {
- return(init_server_long(sock, port, NULL, type));
- }
-
-static int do_accept(int acc_sock, int *sock, char **host)
- {
- int ret;
- struct hostent *h1,*h2;
- static struct sockaddr_in from;
- int len;
-/* struct linger ling; */
-
- if (!ssl_sock_init()) return(0);
-
-#ifndef OPENSSL_SYS_WINDOWS
-redoit:
-#endif
-
- memset((char *)&from,0,sizeof(from));
- len=sizeof(from);
- /* Note: under VMS with SOCKETSHR the fourth parameter is currently
- * of type (int *) whereas under other systems it is (void *) if
- * you don't have a cast it will choke the compiler: if you do
- * have a cast then you can either go for (int *) or (void *).
- */
- ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
- if (ret == INVALID_SOCKET)
- {
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
- int i;
- i=WSAGetLastError();
- BIO_printf(bio_err,"accept error %d\n",i);
-#else
- if (errno == EINTR)
- {
- /*check_timeout(); */
- goto redoit;
- }
- fprintf(stderr,"errno=%d ",errno);
- perror("accept");
-#endif
- return(0);
- }
-
-/*
- ling.l_onoff=1;
- ling.l_linger=0;
- i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
- if (i < 0) { perror("linger"); return(0); }
- i=0;
- i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { perror("keepalive"); return(0); }
-*/
-
- if (host == NULL) goto end;
-#ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
- sizeof(from.sin_addr.s_addr),AF_INET);
-#else
- h1=gethostbyaddr((char *)&from.sin_addr,
- sizeof(struct in_addr),AF_INET);
-#endif
- if (h1 == NULL)
- {
- BIO_printf(bio_err,"bad gethostbyaddr\n");
- *host=NULL;
- /* return(0); */
- }
- else
- {
- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
- {
- perror("OPENSSL_malloc");
- return(0);
- }
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
-
- h2=GetHostByName(*host);
- if (h2 == NULL)
- {
- BIO_printf(bio_err,"gethostbyname failure\n");
- return(0);
- }
- if (h2->h_addrtype != AF_INET)
- {
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
- return(0);
- }
- }
-end:
- *sock=ret;
- return(1);
- }
-
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
- short *port_ptr)
- {
- char *h,*p;
-
- h=str;
- p=strchr(str,':');
- if (p == NULL)
- {
- BIO_printf(bio_err,"no port defined\n");
- return(0);
- }
- *(p++)='\0';
-
- if ((ip != NULL) && !host_ip(str,ip))
- goto err;
- if (host_ptr != NULL) *host_ptr=h;
-
- if (!extract_port(p,port_ptr))
- goto err;
- return(1);
-err:
- return(0);
- }
-
-static int host_ip(char *str, unsigned char ip[4])
- {
- unsigned int in[4];
- int i;
-
- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
- {
- for (i=0; i<4; i++)
- if (in[i] > 255)
- {
- BIO_printf(bio_err,"invalid IP address\n");
- goto err;
- }
- ip[0]=in[0];
- ip[1]=in[1];
- ip[2]=in[2];
- ip[3]=in[3];
- }
- else
- { /* do a gethostbyname */
- struct hostent *he;
-
- if (!ssl_sock_init()) return(0);
-
- he=GetHostByName(str);
- if (he == NULL)
- {
- BIO_printf(bio_err,"gethostbyname failure\n");
- goto err;
- }
- /* cast to short because of win16 winsock definition */
- if ((short)he->h_addrtype != AF_INET)
- {
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
- return(0);
- }
- ip[0]=he->h_addr_list[0][0];
- ip[1]=he->h_addr_list[0][1];
- ip[2]=he->h_addr_list[0][2];
- ip[3]=he->h_addr_list[0][3];
- }
- return(1);
-err:
- return(0);
- }
-
-int extract_port(char *str, short *port_ptr)
- {
- int i;
- struct servent *s;
-
- i=atoi(str);
- if (i != 0)
- *port_ptr=(unsigned short)i;
- else
- {
- s=getservbyname(str,"tcp");
- if (s == NULL)
- {
- BIO_printf(bio_err,"getservbyname failure for %s\n",str);
- return(0);
- }
- *port_ptr=ntohs((unsigned short)s->s_port);
- }
- return(1);
- }
-
-#define GHBN_NUM 4
-static struct ghbn_cache_st
- {
- char name[128];
- struct hostent ent;
- unsigned long order;
- } ghbn_cache[GHBN_NUM];
-
-static unsigned long ghbn_hits=0L;
-static unsigned long ghbn_miss=0L;
-
-static struct hostent *GetHostByName(char *name)
- {
- struct hostent *ret;
- int i,lowi=0;
- unsigned long low= (unsigned long)-1;
-
- for (i=0; i<GHBN_NUM; i++)
- {
- if (low > ghbn_cache[i].order)
- {
- low=ghbn_cache[i].order;
- lowi=i;
- }
- if (ghbn_cache[i].order > 0)
- {
- if (strncmp(name,ghbn_cache[i].name,128) == 0)
- break;
- }
- }
- if (i == GHBN_NUM) /* no hit*/
- {
- ghbn_miss++;
- ret=gethostbyname(name);
- if (ret == NULL) return(NULL);
- /* else add to cache */
- if(strlen(name) < sizeof ghbn_cache[0].name)
- {
- strcpy(ghbn_cache[lowi].name,name);
- memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
- ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
- }
- return(ret);
- }
- else
- {
- ghbn_hits++;
- ret= &(ghbn_cache[i].ent);
- ghbn_cache[i].order=ghbn_miss+ghbn_hits;
- return(ret);
- }
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/s_socket.c (from rev 6976, vendor-crypto/openssl/dist/apps/s_socket.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/s_socket.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/s_socket.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,609 @@
+/*
+ * apps/s_socket.c - socket-related functions used by s_client and s_server
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <signal.h>
+
+#ifdef FLAT_INC
+# include "e_os2.h"
+#else
+# include "../e_os2.h"
+#endif
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly... So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#define USE_SOCKETS
+#define NON_MAIN
+#include "apps.h"
+#undef USE_SOCKETS
+#undef NON_MAIN
+#include "s_apps.h"
+#include <openssl/ssl.h>
+
+#ifdef FLAT_INC
+# include "e_os.h"
+#else
+# include "../e_os.h"
+#endif
+
+#ifndef OPENSSL_NO_SOCK
+
+# if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
+# include "netdb.h"
+# endif
+
+static struct hostent *GetHostByName(char *name);
+# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+static void ssl_sock_cleanup(void);
+# endif
+static int ssl_sock_init(void);
+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
+static int init_server(int *sock, int port, int type);
+static int init_server_long(int *sock, int port, char *ip, int type);
+static int do_accept(int acc_sock, int *sock, char **host);
+static int host_ip(char *str, unsigned char ip[4]);
+
+# ifdef OPENSSL_SYS_WIN16
+# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+# else
+# define SOCKET_PROTOCOL IPPROTO_TCP
+# endif
+
+# if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+static int wsa_init_done = 0;
+# endif
+
+# ifdef OPENSSL_SYS_WINDOWS
+static struct WSAData wsa_state;
+static int wsa_init_done = 0;
+
+# ifdef OPENSSL_SYS_WIN16
+static HWND topWnd = 0;
+static FARPROC lpTopWndProc = NULL;
+static FARPROC lpTopHookProc = NULL;
+extern HINSTANCE _hInstance; /* nice global CRT provides */
+
+static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
+ LPARAM lParam)
+{
+ if (hwnd == topWnd) {
+ switch (message) {
+ case WM_DESTROY:
+ case WM_CLOSE:
+ SetWindowLong(topWnd, GWL_WNDPROC, (LONG) lpTopWndProc);
+ ssl_sock_cleanup();
+ break;
+ }
+ }
+ return CallWindowProc(lpTopWndProc, hwnd, message, wParam, lParam);
+}
+
+static BOOL CALLBACK enumproc(HWND hwnd, LPARAM lParam)
+{
+ topWnd = hwnd;
+ return (FALSE);
+}
+
+# endif /* OPENSSL_SYS_WIN32 */
+# endif /* OPENSSL_SYS_WINDOWS */
+
+# ifdef OPENSSL_SYS_WINDOWS
+static void ssl_sock_cleanup(void)
+{
+ if (wsa_init_done) {
+ wsa_init_done = 0;
+# ifndef OPENSSL_SYS_WINCE
+ WSACancelBlockingCall();
+# endif
+ WSACleanup();
+ }
+}
+# elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+static void sock_cleanup(void)
+{
+ if (wsa_init_done) {
+ wsa_init_done = 0;
+ WSACleanup();
+ }
+}
+# endif
+
+static int ssl_sock_init(void)
+{
+# ifdef WATT32
+ extern int _watt_do_exit;
+ _watt_do_exit = 0;
+ if (sock_init())
+ return (0);
+# elif defined(OPENSSL_SYS_WINDOWS)
+ if (!wsa_init_done) {
+ int err;
+
+# ifdef SIGINT
+ signal(SIGINT, (void (*)(int))ssl_sock_cleanup);
+# endif
+ wsa_init_done = 1;
+ memset(&wsa_state, 0, sizeof(wsa_state));
+ if (WSAStartup(0x0101, &wsa_state) != 0) {
+ err = WSAGetLastError();
+ BIO_printf(bio_err, "unable to start WINSOCK, error code=%d\n",
+ err);
+ return (0);
+ }
+# ifdef OPENSSL_SYS_WIN16
+ EnumTaskWindows(GetCurrentTask(), enumproc, 0L);
+ lpTopWndProc = (FARPROC) GetWindowLong(topWnd, GWL_WNDPROC);
+ lpTopHookProc = MakeProcInstance((FARPROC) topHookProc, _hInstance);
+
+ SetWindowLong(topWnd, GWL_WNDPROC, (LONG) lpTopHookProc);
+# endif /* OPENSSL_SYS_WIN16 */
+ }
+# elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+ WORD wVerReq;
+ WSADATA wsaData;
+ int err;
+
+ if (!wsa_init_done) {
+
+# ifdef SIGINT
+ signal(SIGINT, (void (*)(int))sock_cleanup);
+# endif
+
+ wsa_init_done = 1;
+ wVerReq = MAKEWORD(2, 0);
+ err = WSAStartup(wVerReq, &wsaData);
+ if (err != 0) {
+ BIO_printf(bio_err, "unable to start WINSOCK2, error code=%d\n",
+ err);
+ return (0);
+ }
+ }
+# endif /* OPENSSL_SYS_WINDOWS */
+ return (1);
+}
+
+int init_client(int *sock, char *host, int port, int type)
+{
+ unsigned char ip[4];
+ short p = 0;
+
+ if (!host_ip(host, &(ip[0]))) {
+ return (0);
+ }
+ if (p != 0)
+ port = p;
+ return (init_client_ip(sock, ip, port, type));
+}
+
+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+{
+ unsigned long addr;
+ struct sockaddr_in them;
+ int s, i;
+
+ if (!ssl_sock_init())
+ return (0);
+
+ memset((char *)&them, 0, sizeof(them));
+ them.sin_family = AF_INET;
+ them.sin_port = htons((unsigned short)port);
+ addr = (unsigned long)
+ ((unsigned long)ip[0] << 24L) |
+ ((unsigned long)ip[1] << 16L) |
+ ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
+ them.sin_addr.s_addr = htonl(addr);
+
+ if (type == SOCK_STREAM)
+ s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+ else /* ( type == SOCK_DGRAM) */
+ s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+
+ if (s == INVALID_SOCKET) {
+ perror("socket");
+ return (0);
+ }
+# ifndef OPENSSL_SYS_MPE
+ if (type == SOCK_STREAM) {
+ i = 0;
+ i = setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, sizeof(i));
+ if (i < 0) {
+ perror("keepalive");
+ return (0);
+ }
+ }
+# endif
+
+ if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
+ close(s);
+ perror("connect");
+ return (0);
+ }
+ *sock = s;
+ return (1);
+}
+
+int do_server(int port, int type, int *ret,
+ int (*cb) (char *hostname, int s, unsigned char *context),
+ unsigned char *context)
+{
+ int sock;
+ char *name = NULL;
+ int accept_socket;
+ int i;
+
+ if (!init_server(&accept_socket, port, type))
+ return (0);
+
+ if (ret != NULL) {
+ *ret = accept_socket;
+ /* return(1); */
+ }
+ for (;;) {
+ if (type == SOCK_STREAM) {
+ if (do_accept(accept_socket, &sock, &name) == 0) {
+ SHUTDOWN(accept_socket);
+ return (0);
+ }
+ } else
+ sock = accept_socket;
+ i = (*cb) (name, sock, context);
+ if (name != NULL)
+ OPENSSL_free(name);
+ if (type == SOCK_STREAM)
+ SHUTDOWN2(sock);
+ if (i < 0) {
+ SHUTDOWN2(accept_socket);
+ return (i);
+ }
+ }
+}
+
+static int init_server_long(int *sock, int port, char *ip, int type)
+{
+ int ret = 0;
+ struct sockaddr_in server;
+ int s = -1;
+
+ if (!ssl_sock_init())
+ return (0);
+
+ memset((char *)&server, 0, sizeof(server));
+ server.sin_family = AF_INET;
+ server.sin_port = htons((unsigned short)port);
+ if (ip == NULL)
+ server.sin_addr.s_addr = INADDR_ANY;
+ else
+/* Added for T3E, address-of fails on bit field (beckman at acl.lanl.gov) */
+# ifndef BIT_FIELD_LIMITS
+ memcpy(&server.sin_addr.s_addr, ip, 4);
+# else
+ memcpy(&server.sin_addr, ip, 4);
+# endif
+
+ if (type == SOCK_STREAM)
+ s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+ else /* type == SOCK_DGRAM */
+ s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+
+ if (s == INVALID_SOCKET)
+ goto err;
+# if defined SOL_SOCKET && defined SO_REUSEADDR
+ {
+ int j = 1;
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+ }
+# endif
+ if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
+# ifndef OPENSSL_SYS_WINDOWS
+ perror("bind");
+# endif
+ goto err;
+ }
+ /* Make it 128 for linux */
+ if (type == SOCK_STREAM && listen(s, 128) == -1)
+ goto err;
+ *sock = s;
+ ret = 1;
+ err:
+ if ((ret == 0) && (s != -1)) {
+ SHUTDOWN(s);
+ }
+ return (ret);
+}
+
+static int init_server(int *sock, int port, int type)
+{
+ return (init_server_long(sock, port, NULL, type));
+}
+
+static int do_accept(int acc_sock, int *sock, char **host)
+{
+ int ret;
+ struct hostent *h1, *h2;
+ static struct sockaddr_in from;
+ int len;
+/* struct linger ling; */
+
+ if (!ssl_sock_init())
+ return (0);
+
+# ifndef OPENSSL_SYS_WINDOWS
+ redoit:
+# endif
+
+ memset((char *)&from, 0, sizeof(from));
+ len = sizeof(from);
+ /*
+ * Note: under VMS with SOCKETSHR the fourth parameter is currently of
+ * type (int *) whereas under other systems it is (void *) if you don't
+ * have a cast it will choke the compiler: if you do have a cast then you
+ * can either go for (int *) or (void *).
+ */
+ ret = accept(acc_sock, (struct sockaddr *)&from, (void *)&len);
+ if (ret == INVALID_SOCKET) {
+# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+ int i;
+ i = WSAGetLastError();
+ BIO_printf(bio_err, "accept error %d\n", i);
+# else
+ if (errno == EINTR) {
+ /*
+ * check_timeout();
+ */
+ goto redoit;
+ }
+ fprintf(stderr, "errno=%d ", errno);
+ perror("accept");
+# endif
+ return (0);
+ }
+
+/*-
+ ling.l_onoff=1;
+ ling.l_linger=0;
+ i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
+ if (i < 0) { perror("linger"); return(0); }
+ i=0;
+ i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
+ if (i < 0) { perror("keepalive"); return(0); }
+*/
+
+ if (host == NULL)
+ goto end;
+# ifndef BIT_FIELD_LIMITS
+ /* I should use WSAAsyncGetHostByName() under windows */
+ h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
+ sizeof(from.sin_addr.s_addr), AF_INET);
+# else
+ h1 = gethostbyaddr((char *)&from.sin_addr,
+ sizeof(struct in_addr), AF_INET);
+# endif
+ if (h1 == NULL) {
+ BIO_printf(bio_err, "bad gethostbyaddr\n");
+ *host = NULL;
+ /* return(0); */
+ } else {
+ if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
+ perror("OPENSSL_malloc");
+ return (0);
+ }
+ BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
+
+ h2 = GetHostByName(*host);
+ if (h2 == NULL) {
+ BIO_printf(bio_err, "gethostbyname failure\n");
+ return (0);
+ }
+ if (h2->h_addrtype != AF_INET) {
+ BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
+ return (0);
+ }
+ }
+ end:
+ *sock = ret;
+ return (1);
+}
+
+int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+ short *port_ptr)
+{
+ char *h, *p;
+
+ h = str;
+ p = strchr(str, ':');
+ if (p == NULL) {
+ BIO_printf(bio_err, "no port defined\n");
+ return (0);
+ }
+ *(p++) = '\0';
+
+ if ((ip != NULL) && !host_ip(str, ip))
+ goto err;
+ if (host_ptr != NULL)
+ *host_ptr = h;
+
+ if (!extract_port(p, port_ptr))
+ goto err;
+ return (1);
+ err:
+ return (0);
+}
+
+static int host_ip(char *str, unsigned char ip[4])
+{
+ unsigned int in[4];
+ int i;
+
+ if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
+ 4) {
+ for (i = 0; i < 4; i++)
+ if (in[i] > 255) {
+ BIO_printf(bio_err, "invalid IP address\n");
+ goto err;
+ }
+ ip[0] = in[0];
+ ip[1] = in[1];
+ ip[2] = in[2];
+ ip[3] = in[3];
+ } else { /* do a gethostbyname */
+ struct hostent *he;
+
+ if (!ssl_sock_init())
+ return (0);
+
+ he = GetHostByName(str);
+ if (he == NULL) {
+ BIO_printf(bio_err, "gethostbyname failure\n");
+ goto err;
+ }
+ /* cast to short because of win16 winsock definition */
+ if ((short)he->h_addrtype != AF_INET) {
+ BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
+ return (0);
+ }
+ ip[0] = he->h_addr_list[0][0];
+ ip[1] = he->h_addr_list[0][1];
+ ip[2] = he->h_addr_list[0][2];
+ ip[3] = he->h_addr_list[0][3];
+ }
+ return (1);
+ err:
+ return (0);
+}
+
+int extract_port(char *str, short *port_ptr)
+{
+ int i;
+ struct servent *s;
+
+ i = atoi(str);
+ if (i != 0)
+ *port_ptr = (unsigned short)i;
+ else {
+ s = getservbyname(str, "tcp");
+ if (s == NULL) {
+ BIO_printf(bio_err, "getservbyname failure for %s\n", str);
+ return (0);
+ }
+ *port_ptr = ntohs((unsigned short)s->s_port);
+ }
+ return (1);
+}
+
+# define GHBN_NUM 4
+static struct ghbn_cache_st {
+ char name[128];
+ struct hostent ent;
+ unsigned long order;
+} ghbn_cache[GHBN_NUM];
+
+static unsigned long ghbn_hits = 0L;
+static unsigned long ghbn_miss = 0L;
+
+static struct hostent *GetHostByName(char *name)
+{
+ struct hostent *ret;
+ int i, lowi = 0;
+ unsigned long low = (unsigned long)-1;
+
+ for (i = 0; i < GHBN_NUM; i++) {
+ if (low > ghbn_cache[i].order) {
+ low = ghbn_cache[i].order;
+ lowi = i;
+ }
+ if (ghbn_cache[i].order > 0) {
+ if (strncmp(name, ghbn_cache[i].name, 128) == 0)
+ break;
+ }
+ }
+ if (i == GHBN_NUM) { /* no hit */
+ ghbn_miss++;
+ ret = gethostbyname(name);
+ if (ret == NULL)
+ return (NULL);
+ /* else add to cache */
+ if (strlen(name) < sizeof ghbn_cache[0].name) {
+ strcpy(ghbn_cache[lowi].name, name);
+ memcpy((char *)&(ghbn_cache[lowi].ent), ret,
+ sizeof(struct hostent));
+ ghbn_cache[lowi].order = ghbn_miss + ghbn_hits;
+ }
+ return (ret);
+ } else {
+ ghbn_hits++;
+ ret = &(ghbn_cache[i].ent);
+ ghbn_cache[i].order = ghbn_miss + ghbn_hits;
+ return (ret);
+ }
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/s_time.c
===================================================================
--- vendor-crypto/openssl/dist/apps/s_time.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/s_time.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,735 +0,0 @@
-/* apps/s_time.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define NO_SHUTDOWN
-
-/*-----------------------------------------
- s_time - SSL client connection timer program
- Written and donated by Larry Streepy <streepy at healthcare.com>
- -----------------------------------------*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define USE_SOCKETS
-#include "apps.h"
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/pem.h>
-#include "s_apps.h"
-#include <openssl/err.h>
-#ifdef WIN32_STUFF
-#include "winmain.h"
-#include "wintext.h"
-#endif
-#if !defined(OPENSSL_SYS_MSDOS)
-#include OPENSSL_UNISTD
-#endif
-
-#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
-#define TIMES
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-/* The following if from times(3) man page. It may need to be changed
-*/
-#ifndef HZ
-# ifdef _SC_CLK_TCK
-# define HZ ((double)sysconf(_SC_CLK_TCK))
-# else
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-# endif
-#endif
-
-#undef PROG
-#define PROG s_time_main
-
-#undef ioctl
-#define ioctl ioctlsocket
-
-#define SSL_CONNECT_NAME "localhost:4433"
-
-/*#define TEST_CERT "client.pem" */ /* no default cert. */
-
-#undef BUFSIZZ
-#define BUFSIZZ 1024*10
-
-#define MYBUFSIZ 1024*8
-
-#undef min
-#undef max
-#define min(a,b) (((a) < (b)) ? (a) : (b))
-#define max(a,b) (((a) > (b)) ? (a) : (b))
-
-#undef SECONDS
-#define SECONDS 30
-extern int verify_depth;
-extern int verify_error;
-
-static void s_time_usage(void);
-static int parseArgs( int argc, char **argv );
-static SSL *doConnection( SSL *scon );
-static void s_time_init(void);
-
-/***********************************************************************
- * Static data declarations
- */
-
-/* static char *port=PORT_STR;*/
-static char *host=SSL_CONNECT_NAME;
-static char *t_cert_file=NULL;
-static char *t_key_file=NULL;
-static char *CApath=NULL;
-static char *CAfile=NULL;
-static char *tm_cipher=NULL;
-static int tm_verify = SSL_VERIFY_NONE;
-static int maxTime = SECONDS;
-static SSL_CTX *tm_ctx=NULL;
-static SSL_METHOD *s_time_meth=NULL;
-static char *s_www_path=NULL;
-static long bytes_read=0;
-static int st_bugs=0;
-static int perform=0;
-#ifdef FIONBIO
-static int t_nbio=0;
-#endif
-#ifdef OPENSSL_SYS_WIN32
-static int exitNow = 0; /* Set when it's time to exit main */
-#endif
-
-static void s_time_init(void)
- {
- host=SSL_CONNECT_NAME;
- t_cert_file=NULL;
- t_key_file=NULL;
- CApath=NULL;
- CAfile=NULL;
- tm_cipher=NULL;
- tm_verify = SSL_VERIFY_NONE;
- maxTime = SECONDS;
- tm_ctx=NULL;
- s_time_meth=NULL;
- s_www_path=NULL;
- bytes_read=0;
- st_bugs=0;
- perform=0;
-
-#ifdef FIONBIO
- t_nbio=0;
-#endif
-#ifdef OPENSSL_SYS_WIN32
- exitNow = 0; /* Set when it's time to exit main */
-#endif
- }
-
-/***********************************************************************
- * usage - display usage message
- */
-static void s_time_usage(void)
-{
- static char umsg[] = "\
--time arg - max number of seconds to collect data, default %d\n\
--verify arg - turn on peer certificate verification, arg == depth\n\
--cert arg - certificate file to use, PEM format assumed\n\
--key arg - RSA file to use, PEM format assumed, key is in cert file\n\
- file if not specified by this option\n\
--CApath arg - PEM format directory of CA's\n\
--CAfile arg - PEM format file of CA's\n\
--cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
-
- printf( "usage: s_time <args>\n\n" );
-
- printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
-#ifdef FIONBIO
- printf("-nbio - Run with non-blocking IO\n");
- printf("-ssl2 - Just use SSLv2\n");
- printf("-ssl3 - Just use SSLv3\n");
- printf("-bugs - Turn on SSL bug compatibility\n");
- printf("-new - Just time new connections\n");
- printf("-reuse - Just time connection reuse\n");
- printf("-www page - Retrieve 'page' from the site\n");
-#endif
- printf( umsg,SECONDS );
-}
-
-/***********************************************************************
- * parseArgs - Parse command line arguments and initialize data
- *
- * Returns 0 if ok, -1 on bad args
- */
-static int parseArgs(int argc, char **argv)
-{
- int badop = 0;
-
- verify_depth=0;
- verify_error=X509_V_OK;
-
- argc--;
- argv++;
-
- while (argc >= 1) {
- if (strcmp(*argv,"-connect") == 0)
- {
- if (--argc < 1) goto bad;
- host= *(++argv);
- }
-#if 0
- else if( strcmp(*argv,"-host") == 0)
- {
- if (--argc < 1) goto bad;
- host= *(++argv);
- }
- else if( strcmp(*argv,"-port") == 0)
- {
- if (--argc < 1) goto bad;
- port= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-reuse") == 0)
- perform=2;
- else if (strcmp(*argv,"-new") == 0)
- perform=1;
- else if( strcmp(*argv,"-verify") == 0) {
-
- tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
- if (--argc < 1) goto bad;
- verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
-
- } else if( strcmp(*argv,"-cert") == 0) {
-
- if (--argc < 1) goto bad;
- t_cert_file= *(++argv);
-
- } else if( strcmp(*argv,"-key") == 0) {
-
- if (--argc < 1) goto bad;
- t_key_file= *(++argv);
-
- } else if( strcmp(*argv,"-CApath") == 0) {
-
- if (--argc < 1) goto bad;
- CApath= *(++argv);
-
- } else if( strcmp(*argv,"-CAfile") == 0) {
-
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
-
- } else if( strcmp(*argv,"-cipher") == 0) {
-
- if (--argc < 1) goto bad;
- tm_cipher= *(++argv);
- }
-#ifdef FIONBIO
- else if(strcmp(*argv,"-nbio") == 0) {
- t_nbio=1;
- }
-#endif
- else if(strcmp(*argv,"-www") == 0)
- {
- if (--argc < 1) goto bad;
- s_www_path= *(++argv);
- if(strlen(s_www_path) > MYBUFSIZ-100)
- {
- BIO_printf(bio_err,"-www option too long\n");
- badop=1;
- }
- }
- else if(strcmp(*argv,"-bugs") == 0)
- st_bugs=1;
-#ifndef OPENSSL_NO_SSL2
- else if(strcmp(*argv,"-ssl2") == 0)
- s_time_meth=SSLv2_client_method();
-#endif
-#ifndef OPENSSL_NO_SSL3
- else if(strcmp(*argv,"-ssl3") == 0)
- s_time_meth=SSLv3_client_method();
-#endif
- else if( strcmp(*argv,"-time") == 0) {
-
- if (--argc < 1) goto bad;
- maxTime= atoi(*(++argv));
- }
- else {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badop=1;
- break;
- }
-
- argc--;
- argv++;
- }
-
- if (perform == 0) perform=3;
-
- if(badop) {
-bad:
- s_time_usage();
- return -1;
- }
-
- return 0; /* Valid args */
-}
-
-/***********************************************************************
- * TIME - time functions
- */
-#define START 0
-#define STOP 1
-
-static double tm_Time_F(int s)
- {
- static double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if(s == START) {
- times(&tstart);
- return(0);
- } else {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#elif defined(OPENSSL_SYS_NETWARE)
- static clock_t tstart,tend;
-
- if (s == START)
- {
- tstart=clock();
- return(0);
- }
- else
- {
- tend=clock();
- ret=(double)((double)(tend)-(double)(tstart));
- return((ret < 0.001)?0.001:ret);
- }
-#elif defined(OPENSSL_SYS_VXWORKS)
- {
- static unsigned long tick_start, tick_end;
-
- if( s == START )
- {
- tick_start = tickGet();
- return 0;
- }
- else
- {
- tick_end = tickGet();
- ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
- return((ret == 0.0)?1e-6:ret);
- }
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if(s == START) {
- ftime(&tstart);
- return(0);
- } else {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
-}
-
-/***********************************************************************
- * MAIN - main processing area for client
- * real name depends on MONOLITH
- */
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- double totalTime = 0.0;
- int nConn = 0;
- SSL *scon=NULL;
- long finishtime=0;
- int ret=1,i;
- MS_STATIC char buf[1024*8];
- int ver;
-
- apps_startup();
- s_time_init();
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- s_time_meth=SSLv23_client_method();
-#elif !defined(OPENSSL_NO_SSL3)
- s_time_meth=SSLv3_client_method();
-#elif !defined(OPENSSL_NO_SSL2)
- s_time_meth=SSLv2_client_method();
-#endif
-
- /* parse the command line arguments */
- if( parseArgs( argc, argv ) < 0 )
- goto end;
-
- OpenSSL_add_ssl_algorithms();
- if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
-
- SSL_CTX_set_quiet_shutdown(tm_ctx,1);
-
- if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
- SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
- if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file))
- goto end;
-
- SSL_load_error_strings();
-
- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
- {
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
- }
-
- if (tm_cipher == NULL)
- tm_cipher = getenv("SSL_CIPHER");
-
- if (tm_cipher == NULL ) {
- fprintf( stderr, "No CIPHER specified\n" );
- }
-
- if (!(perform & 1)) goto next;
- printf( "Collecting connection statistics for %d seconds\n", maxTime );
-
- /* Loop and time how long it takes to make connections */
-
- bytes_read=0;
- finishtime=(long)time(NULL)+maxTime;
- tm_Time_F(START);
- for (;;)
- {
- if (finishtime < (long)time(NULL)) break;
-#ifdef WIN32_STUFF
-
- if( flushWinMsgs(0) == -1 )
- goto end;
-
- if( waitingToDie || exitNow ) /* we're dead */
- goto end;
-#endif
-
- if( (scon = doConnection( NULL )) == NULL )
- goto end;
-
- if (s_www_path != NULL)
- {
- BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
- SSL_write(scon,buf,strlen(buf));
- while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
- bytes_read+=i;
- }
-
-#ifdef NO_SHUTDOWN
- SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
- SSL_shutdown(scon);
-#endif
- SHUTDOWN2(SSL_get_fd(scon));
-
- nConn += 1;
- if (SSL_session_reused(scon))
- ver='r';
- else
- {
- ver=SSL_version(scon);
- if (ver == TLS1_VERSION)
- ver='t';
- else if (ver == SSL3_VERSION)
- ver='3';
- else if (ver == SSL2_VERSION)
- ver='2';
- else
- ver='*';
- }
- fputc(ver,stdout);
- fflush(stdout);
-
- SSL_free( scon );
- scon=NULL;
- }
- totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
-
- i=(int)((long)time(NULL)-finishtime+maxTime);
- printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
- printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
-
- /* Now loop and time connections using the same session id over and over */
-
-next:
- if (!(perform & 2)) goto end;
- printf( "\n\nNow timing with session id reuse.\n" );
-
- /* Get an SSL object so we can reuse the session id */
- if( (scon = doConnection( NULL )) == NULL )
- {
- fprintf( stderr, "Unable to get connection\n" );
- goto end;
- }
-
- if (s_www_path != NULL)
- {
- BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
- SSL_write(scon,buf,strlen(buf));
- while (SSL_read(scon,buf,sizeof(buf)) > 0)
- ;
- }
-#ifdef NO_SHUTDOWN
- SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
- SSL_shutdown(scon);
-#endif
- SHUTDOWN2(SSL_get_fd(scon));
-
- nConn = 0;
- totalTime = 0.0;
-
- finishtime=(long)time(NULL)+maxTime;
-
- printf( "starting\n" );
- bytes_read=0;
- tm_Time_F(START);
-
- for (;;)
- {
- if (finishtime < (long)time(NULL)) break;
-
-#ifdef WIN32_STUFF
- if( flushWinMsgs(0) == -1 )
- goto end;
-
- if( waitingToDie || exitNow ) /* we're dead */
- goto end;
-#endif
-
- if( (doConnection( scon )) == NULL )
- goto end;
-
- if (s_www_path)
- {
- BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
- SSL_write(scon,buf,strlen(buf));
- while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
- bytes_read+=i;
- }
-
-#ifdef NO_SHUTDOWN
- SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
- SSL_shutdown(scon);
-#endif
- SHUTDOWN2(SSL_get_fd(scon));
-
- nConn += 1;
- if (SSL_session_reused(scon))
- ver='r';
- else
- {
- ver=SSL_version(scon);
- if (ver == TLS1_VERSION)
- ver='t';
- else if (ver == SSL3_VERSION)
- ver='3';
- else if (ver == SSL2_VERSION)
- ver='2';
- else
- ver='*';
- }
- fputc(ver,stdout);
- fflush(stdout);
- }
- totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
-
-
- printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
- printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
-
- ret=0;
-end:
- if (scon != NULL) SSL_free(scon);
-
- if (tm_ctx != NULL)
- {
- SSL_CTX_free(tm_ctx);
- tm_ctx=NULL;
- }
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-/***********************************************************************
- * doConnection - make a connection
- * Args:
- * scon = earlier ssl connection for session id, or NULL
- * Returns:
- * SSL * = the connection pointer.
- */
-static SSL *doConnection(SSL *scon)
- {
- BIO *conn;
- SSL *serverCon;
- int width, i;
- fd_set readfds;
-
- if ((conn=BIO_new(BIO_s_connect())) == NULL)
- return(NULL);
-
-/* BIO_set_conn_port(conn,port);*/
- BIO_set_conn_hostname(conn,host);
-
- if (scon == NULL)
- serverCon=SSL_new(tm_ctx);
- else
- {
- serverCon=scon;
- SSL_set_connect_state(serverCon);
- }
-
- SSL_set_bio(serverCon,conn,conn);
-
-#if 0
- if( scon != NULL )
- SSL_set_session(serverCon,SSL_get_session(scon));
-#endif
-
- /* ok, lets connect */
- for(;;) {
- i=SSL_connect(serverCon);
- if (BIO_sock_should_retry(i))
- {
- BIO_printf(bio_err,"DELAY\n");
-
- i=SSL_get_fd(serverCon);
- width=i+1;
- FD_ZERO(&readfds);
- FD_SET(i,&readfds);
- /* Note: under VMS with SOCKETSHR the 2nd parameter
- * is currently of type (int *) whereas under other
- * systems it is (void *) if you don't have a cast it
- * will choke the compiler: if you do have a cast then
- * you can either go for (int *) or (void *).
- */
- select(width,(void *)&readfds,NULL,NULL,NULL);
- continue;
- }
- break;
- }
- if(i <= 0)
- {
- BIO_printf(bio_err,"ERROR\n");
- if (verify_error != X509_V_OK)
- BIO_printf(bio_err,"verify error:%s\n",
- X509_verify_cert_error_string(verify_error));
- else
- ERR_print_errors(bio_err);
- if (scon == NULL)
- SSL_free(serverCon);
- return NULL;
- }
-
- return serverCon;
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/apps/s_time.c (from rev 6976, vendor-crypto/openssl/dist/apps/s_time.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/s_time.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/s_time.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,742 @@
+/* apps/s_time.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define NO_SHUTDOWN
+
+/* ----------------------------------------
+ s_time - SSL client connection timer program
+ Written and donated by Larry Streepy <streepy at healthcare.com>
+ -----------------------------------------*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define USE_SOCKETS
+#include "apps.h"
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/pem.h>
+#include "s_apps.h"
+#include <openssl/err.h>
+#ifdef WIN32_STUFF
+# include "winmain.h"
+# include "wintext.h"
+#endif
+#if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+#endif
+
+#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
+# define TIMES
+#endif
+
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+
+/*
+ * Depending on the VMS version, the tms structure is perhaps defined. The
+ * __TMS macro will show if it was. If it wasn't defined, we should undefine
+ * TIMES, since that tells the rest of the program how things should be
+ * handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+
+#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
+# include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+
+/*
+ * The following if from times(3) man page. It may need to be changed
+ */
+#ifndef HZ
+# ifdef _SC_CLK_TCK
+# define HZ ((double)sysconf(_SC_CLK_TCK))
+# else
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+# endif
+#endif
+
+#undef PROG
+#define PROG s_time_main
+
+#undef ioctl
+#define ioctl ioctlsocket
+
+#define SSL_CONNECT_NAME "localhost:4433"
+
+/* no default cert. */
+/*
+ * #define TEST_CERT "client.pem"
+ */
+
+#undef BUFSIZZ
+#define BUFSIZZ 1024*10
+
+#define MYBUFSIZ 1024*8
+
+#undef min
+#undef max
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+#define max(a,b) (((a) > (b)) ? (a) : (b))
+
+#undef SECONDS
+#define SECONDS 30
+extern int verify_depth;
+extern int verify_error;
+
+static void s_time_usage(void);
+static int parseArgs(int argc, char **argv);
+static SSL *doConnection(SSL *scon);
+static void s_time_init(void);
+
+/***********************************************************************
+ * Static data declarations
+ */
+
+/* static char *port=PORT_STR;*/
+static char *host = SSL_CONNECT_NAME;
+static char *t_cert_file = NULL;
+static char *t_key_file = NULL;
+static char *CApath = NULL;
+static char *CAfile = NULL;
+static char *tm_cipher = NULL;
+static int tm_verify = SSL_VERIFY_NONE;
+static int maxTime = SECONDS;
+static SSL_CTX *tm_ctx = NULL;
+static SSL_METHOD *s_time_meth = NULL;
+static char *s_www_path = NULL;
+static long bytes_read = 0;
+static int st_bugs = 0;
+static int perform = 0;
+#ifdef FIONBIO
+static int t_nbio = 0;
+#endif
+#ifdef OPENSSL_SYS_WIN32
+static int exitNow = 0; /* Set when it's time to exit main */
+#endif
+
+static void s_time_init(void)
+{
+ host = SSL_CONNECT_NAME;
+ t_cert_file = NULL;
+ t_key_file = NULL;
+ CApath = NULL;
+ CAfile = NULL;
+ tm_cipher = NULL;
+ tm_verify = SSL_VERIFY_NONE;
+ maxTime = SECONDS;
+ tm_ctx = NULL;
+ s_time_meth = NULL;
+ s_www_path = NULL;
+ bytes_read = 0;
+ st_bugs = 0;
+ perform = 0;
+
+#ifdef FIONBIO
+ t_nbio = 0;
+#endif
+#ifdef OPENSSL_SYS_WIN32
+ exitNow = 0; /* Set when it's time to exit main */
+#endif
+}
+
+/***********************************************************************
+ * usage - display usage message
+ */
+static void s_time_usage(void)
+{
+ static char umsg[] = "\
+-time arg - max number of seconds to collect data, default %d\n\
+-verify arg - turn on peer certificate verification, arg == depth\n\
+-cert arg - certificate file to use, PEM format assumed\n\
+-key arg - RSA file to use, PEM format assumed, key is in cert file\n\
+ file if not specified by this option\n\
+-CApath arg - PEM format directory of CA's\n\
+-CAfile arg - PEM format file of CA's\n\
+-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
+
+ printf("usage: s_time <args>\n\n");
+
+ printf("-connect host:port - host:port to connect to (default is %s)\n",
+ SSL_CONNECT_NAME);
+#ifdef FIONBIO
+ printf("-nbio - Run with non-blocking IO\n");
+ printf("-ssl2 - Just use SSLv2\n");
+ printf("-ssl3 - Just use SSLv3\n");
+ printf("-bugs - Turn on SSL bug compatibility\n");
+ printf("-new - Just time new connections\n");
+ printf("-reuse - Just time connection reuse\n");
+ printf("-www page - Retrieve 'page' from the site\n");
+#endif
+ printf(umsg, SECONDS);
+}
+
+/***********************************************************************
+ * parseArgs - Parse command line arguments and initialize data
+ *
+ * Returns 0 if ok, -1 on bad args
+ */
+static int parseArgs(int argc, char **argv)
+{
+ int badop = 0;
+
+ verify_depth = 0;
+ verify_error = X509_V_OK;
+
+ argc--;
+ argv++;
+
+ while (argc >= 1) {
+ if (strcmp(*argv, "-connect") == 0) {
+ if (--argc < 1)
+ goto bad;
+ host = *(++argv);
+ }
+#if 0
+ else if (strcmp(*argv, "-host") == 0) {
+ if (--argc < 1)
+ goto bad;
+ host = *(++argv);
+ } else if (strcmp(*argv, "-port") == 0) {
+ if (--argc < 1)
+ goto bad;
+ port = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv, "-reuse") == 0)
+ perform = 2;
+ else if (strcmp(*argv, "-new") == 0)
+ perform = 1;
+ else if (strcmp(*argv, "-verify") == 0) {
+
+ tm_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+ if (--argc < 1)
+ goto bad;
+ verify_depth = atoi(*(++argv));
+ BIO_printf(bio_err, "verify depth is %d\n", verify_depth);
+
+ } else if (strcmp(*argv, "-cert") == 0) {
+
+ if (--argc < 1)
+ goto bad;
+ t_cert_file = *(++argv);
+
+ } else if (strcmp(*argv, "-key") == 0) {
+
+ if (--argc < 1)
+ goto bad;
+ t_key_file = *(++argv);
+
+ } else if (strcmp(*argv, "-CApath") == 0) {
+
+ if (--argc < 1)
+ goto bad;
+ CApath = *(++argv);
+
+ } else if (strcmp(*argv, "-CAfile") == 0) {
+
+ if (--argc < 1)
+ goto bad;
+ CAfile = *(++argv);
+
+ } else if (strcmp(*argv, "-cipher") == 0) {
+
+ if (--argc < 1)
+ goto bad;
+ tm_cipher = *(++argv);
+ }
+#ifdef FIONBIO
+ else if (strcmp(*argv, "-nbio") == 0) {
+ t_nbio = 1;
+ }
+#endif
+ else if (strcmp(*argv, "-www") == 0) {
+ if (--argc < 1)
+ goto bad;
+ s_www_path = *(++argv);
+ if (strlen(s_www_path) > MYBUFSIZ - 100) {
+ BIO_printf(bio_err, "-www option too long\n");
+ badop = 1;
+ }
+ } else if (strcmp(*argv, "-bugs") == 0)
+ st_bugs = 1;
+#ifndef OPENSSL_NO_SSL2
+ else if (strcmp(*argv, "-ssl2") == 0)
+ s_time_meth = SSLv2_client_method();
+#endif
+#ifndef OPENSSL_NO_SSL3
+ else if (strcmp(*argv, "-ssl3") == 0)
+ s_time_meth = SSLv3_client_method();
+#endif
+ else if (strcmp(*argv, "-time") == 0) {
+
+ if (--argc < 1)
+ goto bad;
+ maxTime = atoi(*(++argv));
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badop = 1;
+ break;
+ }
+
+ argc--;
+ argv++;
+ }
+
+ if (perform == 0)
+ perform = 3;
+
+ if (badop) {
+ bad:
+ s_time_usage();
+ return -1;
+ }
+
+ return 0; /* Valid args */
+}
+
+/***********************************************************************
+ * TIME - time functions
+ */
+#define START 0
+#define STOP 1
+
+static double tm_Time_F(int s)
+{
+ static double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#elif defined(OPENSSL_SYS_NETWARE)
+ static clock_t tstart, tend;
+
+ if (s == START) {
+ tstart = clock();
+ return (0);
+ } else {
+ tend = clock();
+ ret = (double)((double)(tend) - (double)(tstart));
+ return ((ret < 0.001) ? 0.001 : ret);
+ }
+#elif defined(OPENSSL_SYS_VXWORKS)
+ {
+ static unsigned long tick_start, tick_end;
+
+ if (s == START) {
+ tick_start = tickGet();
+ return 0;
+ } else {
+ tick_end = tickGet();
+ ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#endif
+}
+
+/***********************************************************************
+ * MAIN - main processing area for client
+ * real name depends on MONOLITH
+ */
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ double totalTime = 0.0;
+ int nConn = 0;
+ SSL *scon = NULL;
+ long finishtime = 0;
+ int ret = 1, i;
+ MS_STATIC char buf[1024 * 8];
+ int ver;
+
+ apps_startup();
+ s_time_init();
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ s_time_meth = SSLv23_client_method();
+#elif !defined(OPENSSL_NO_SSL3)
+ s_time_meth = SSLv3_client_method();
+#elif !defined(OPENSSL_NO_SSL2)
+ s_time_meth = SSLv2_client_method();
+#endif
+
+ /* parse the command line arguments */
+ if (parseArgs(argc, argv) < 0)
+ goto end;
+
+ OpenSSL_add_ssl_algorithms();
+ if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
+ return (1);
+
+ SSL_CTX_set_quiet_shutdown(tm_ctx, 1);
+
+ if (st_bugs)
+ SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
+ SSL_CTX_set_cipher_list(tm_ctx, tm_cipher);
+ if (!set_cert_stuff(tm_ctx, t_cert_file, t_key_file))
+ goto end;
+
+ SSL_load_error_strings();
+
+ if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
+ /*
+ * BIO_printf(bio_err,"error setting default verify locations\n");
+ */
+ ERR_print_errors(bio_err);
+ /* goto end; */
+ }
+
+ if (tm_cipher == NULL)
+ tm_cipher = getenv("SSL_CIPHER");
+
+ if (tm_cipher == NULL) {
+ fprintf(stderr, "No CIPHER specified\n");
+ }
+
+ if (!(perform & 1))
+ goto next;
+ printf("Collecting connection statistics for %d seconds\n", maxTime);
+
+ /* Loop and time how long it takes to make connections */
+
+ bytes_read = 0;
+ finishtime = (long)time(NULL) + maxTime;
+ tm_Time_F(START);
+ for (;;) {
+ if (finishtime < (long)time(NULL))
+ break;
+#ifdef WIN32_STUFF
+
+ if (flushWinMsgs(0) == -1)
+ goto end;
+
+ if (waitingToDie || exitNow) /* we're dead */
+ goto end;
+#endif
+
+ if ((scon = doConnection(NULL)) == NULL)
+ goto end;
+
+ if (s_www_path != NULL) {
+ BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
+ s_www_path);
+ SSL_write(scon, buf, strlen(buf));
+ while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+ bytes_read += i;
+ }
+#ifdef NO_SHUTDOWN
+ SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+#else
+ SSL_shutdown(scon);
+#endif
+ SHUTDOWN2(SSL_get_fd(scon));
+
+ nConn += 1;
+ if (SSL_session_reused(scon))
+ ver = 'r';
+ else {
+ ver = SSL_version(scon);
+ if (ver == TLS1_VERSION)
+ ver = 't';
+ else if (ver == SSL3_VERSION)
+ ver = '3';
+ else if (ver == SSL2_VERSION)
+ ver = '2';
+ else
+ ver = '*';
+ }
+ fputc(ver, stdout);
+ fflush(stdout);
+
+ SSL_free(scon);
+ scon = NULL;
+ }
+ totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+
+ i = (int)((long)time(NULL) - finishtime + maxTime);
+ printf
+ ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
+ nConn, totalTime, ((double)nConn / totalTime), bytes_read);
+ printf
+ ("%d connections in %ld real seconds, %ld bytes read per connection\n",
+ nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
+
+ /*
+ * Now loop and time connections using the same session id over and over
+ */
+
+ next:
+ if (!(perform & 2))
+ goto end;
+ printf("\n\nNow timing with session id reuse.\n");
+
+ /* Get an SSL object so we can reuse the session id */
+ if ((scon = doConnection(NULL)) == NULL) {
+ fprintf(stderr, "Unable to get connection\n");
+ goto end;
+ }
+
+ if (s_www_path != NULL) {
+ BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n", s_www_path);
+ SSL_write(scon, buf, strlen(buf));
+ while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
+ }
+#ifdef NO_SHUTDOWN
+ SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+#else
+ SSL_shutdown(scon);
+#endif
+ SHUTDOWN2(SSL_get_fd(scon));
+
+ nConn = 0;
+ totalTime = 0.0;
+
+ finishtime = (long)time(NULL) + maxTime;
+
+ printf("starting\n");
+ bytes_read = 0;
+ tm_Time_F(START);
+
+ for (;;) {
+ if (finishtime < (long)time(NULL))
+ break;
+
+#ifdef WIN32_STUFF
+ if (flushWinMsgs(0) == -1)
+ goto end;
+
+ if (waitingToDie || exitNow) /* we're dead */
+ goto end;
+#endif
+
+ if ((doConnection(scon)) == NULL)
+ goto end;
+
+ if (s_www_path) {
+ BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
+ s_www_path);
+ SSL_write(scon, buf, strlen(buf));
+ while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+ bytes_read += i;
+ }
+#ifdef NO_SHUTDOWN
+ SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+#else
+ SSL_shutdown(scon);
+#endif
+ SHUTDOWN2(SSL_get_fd(scon));
+
+ nConn += 1;
+ if (SSL_session_reused(scon))
+ ver = 'r';
+ else {
+ ver = SSL_version(scon);
+ if (ver == TLS1_VERSION)
+ ver = 't';
+ else if (ver == SSL3_VERSION)
+ ver = '3';
+ else if (ver == SSL2_VERSION)
+ ver = '2';
+ else
+ ver = '*';
+ }
+ fputc(ver, stdout);
+ fflush(stdout);
+ }
+ totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+
+ printf
+ ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
+ nConn, totalTime, ((double)nConn / totalTime), bytes_read);
+ printf
+ ("%d connections in %ld real seconds, %ld bytes read per connection\n",
+ nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
+
+ ret = 0;
+ end:
+ if (scon != NULL)
+ SSL_free(scon);
+
+ if (tm_ctx != NULL) {
+ SSL_CTX_free(tm_ctx);
+ tm_ctx = NULL;
+ }
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+/*-
+ * doConnection - make a connection
+ * Args:
+ * scon = earlier ssl connection for session id, or NULL
+ * Returns:
+ * SSL * = the connection pointer.
+ */
+static SSL *doConnection(SSL *scon)
+{
+ BIO *conn;
+ SSL *serverCon;
+ int width, i;
+ fd_set readfds;
+
+ if ((conn = BIO_new(BIO_s_connect())) == NULL)
+ return (NULL);
+
+/* BIO_set_conn_port(conn,port);*/
+ BIO_set_conn_hostname(conn, host);
+
+ if (scon == NULL)
+ serverCon = SSL_new(tm_ctx);
+ else {
+ serverCon = scon;
+ SSL_set_connect_state(serverCon);
+ }
+
+ SSL_set_bio(serverCon, conn, conn);
+
+#if 0
+ if (scon != NULL)
+ SSL_set_session(serverCon, SSL_get_session(scon));
+#endif
+
+ /* ok, lets connect */
+ for (;;) {
+ i = SSL_connect(serverCon);
+ if (BIO_sock_should_retry(i)) {
+ BIO_printf(bio_err, "DELAY\n");
+
+ i = SSL_get_fd(serverCon);
+ width = i + 1;
+ FD_ZERO(&readfds);
+ FD_SET(i, &readfds);
+ /*
+ * Note: under VMS with SOCKETSHR the 2nd parameter is currently
+ * of type (int *) whereas under other systems it is (void *) if
+ * you don't have a cast it will choke the compiler: if you do
+ * have a cast then you can either go for (int *) or (void *).
+ */
+ select(width, (void *)&readfds, NULL, NULL, NULL);
+ continue;
+ }
+ break;
+ }
+ if (i <= 0) {
+ BIO_printf(bio_err, "ERROR\n");
+ if (verify_error != X509_V_OK)
+ BIO_printf(bio_err, "verify error:%s\n",
+ X509_verify_cert_error_string(verify_error));
+ else
+ ERR_print_errors(bio_err);
+ if (scon == NULL)
+ SSL_free(serverCon);
+ return NULL;
+ }
+
+ return serverCon;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/sess_id.c
===================================================================
--- vendor-crypto/openssl/dist/apps/sess_id.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/sess_id.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,320 +0,0 @@
-/* apps/sess_id.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG sess_id_main
-
-static const char *sess_id_usage[]={
-"usage: sess_id args\n",
-"\n",
-" -inform arg - input format - default PEM (DER or PEM)\n",
-" -outform arg - output format - default PEM\n",
-" -in arg - input file - default stdin\n",
-" -out arg - output file - default stdout\n",
-" -text - print ssl session id details\n",
-" -cert - output certificate \n",
-" -noout - no CRL output\n",
-" -context arg - set the session ID context\n",
-NULL
-};
-
-static SSL_SESSION *load_sess_id(char *file, int format);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- SSL_SESSION *x=NULL;
- int ret=1,i,num,badops=0;
- BIO *out=NULL;
- int informat,outformat;
- char *infile=NULL,*outfile=NULL,*context=NULL;
- int cert=0,noout=0,text=0;
- const char **pp;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- argc--;
- argv++;
- num=0;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-text") == 0)
- text= ++num;
- else if (strcmp(*argv,"-cert") == 0)
- cert= ++num;
- else if (strcmp(*argv,"-noout") == 0)
- noout= ++num;
- else if (strcmp(*argv,"-context") == 0)
- {
- if(--argc < 1) goto bad;
- context=*++argv;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- for (pp=sess_id_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
- goto end;
- }
-
- ERR_load_crypto_strings();
- x=load_sess_id(infile,informat);
- if (x == NULL) { goto end; }
-
- if(context)
- {
- x->sid_ctx_length=strlen(context);
- if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
- {
- BIO_printf(bio_err,"Context too long\n");
- goto end;
- }
- memcpy(x->sid_ctx,context,x->sid_ctx_length);
- }
-
-#ifdef undef
- /* just testing for memory leaks :-) */
- {
- SSL_SESSION *s;
- char buf[1024*10],*p;
- int i;
-
- s=SSL_SESSION_new();
-
- p= &buf;
- i=i2d_SSL_SESSION(x,&p);
- p= &buf;
- d2i_SSL_SESSION(&s,&p,(long)i);
- p= &buf;
- d2i_SSL_SESSION(&s,&p,(long)i);
- p= &buf;
- d2i_SSL_SESSION(&s,&p,(long)i);
- SSL_SESSION_free(s);
- }
-#endif
-
- if (!noout || text)
- {
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
- }
-
- if (text)
- {
- SSL_SESSION_print(out,x);
-
- if (cert)
- {
- if (x->peer == NULL)
- BIO_puts(out,"No certificate present\n");
- else
- X509_print(out,x->peer);
- }
- }
-
- if (!noout && !cert)
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_SSL_SESSION_bio(out,x);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_SSL_SESSION(out,x);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i) {
- BIO_printf(bio_err,"unable to write SSL_SESSION\n");
- goto end;
- }
- }
- else if (!noout && (x->peer != NULL)) /* just print the certificate */
- {
- if (outformat == FORMAT_ASN1)
- i=(int)i2d_X509_bio(out,x->peer);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_X509(out,x->peer);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i) {
- BIO_printf(bio_err,"unable to write X509\n");
- goto end;
- }
- }
- ret=0;
-end:
- if (out != NULL) BIO_free_all(out);
- if (x != NULL) SSL_SESSION_free(x);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static SSL_SESSION *load_sess_id(char *infile, int format)
- {
- SSL_SESSION *x=NULL;
- BIO *in=NULL;
-
- in=BIO_new(BIO_s_file());
- if (in == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
- if (format == FORMAT_ASN1)
- x=d2i_SSL_SESSION_bio(in,NULL);
- else if (format == FORMAT_PEM)
- x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);
- else {
- BIO_printf(bio_err,"bad input format specified for input crl\n");
- goto end;
- }
- if (x == NULL)
- {
- BIO_printf(bio_err,"unable to load SSL_SESSION\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
-end:
- if (in != NULL) BIO_free(in);
- return(x);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/apps/sess_id.c (from rev 6976, vendor-crypto/openssl/dist/apps/sess_id.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/sess_id.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/sess_id.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,298 @@
+/* apps/sess_id.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+
+#undef PROG
+#define PROG sess_id_main
+
+static const char *sess_id_usage[] = {
+ "usage: sess_id args\n",
+ "\n",
+ " -inform arg - input format - default PEM (DER or PEM)\n",
+ " -outform arg - output format - default PEM\n",
+ " -in arg - input file - default stdin\n",
+ " -out arg - output file - default stdout\n",
+ " -text - print ssl session id details\n",
+ " -cert - output certificate \n",
+ " -noout - no CRL output\n",
+ " -context arg - set the session ID context\n",
+ NULL
+};
+
+static SSL_SESSION *load_sess_id(char *file, int format);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ SSL_SESSION *x = NULL;
+ int ret = 1, i, num, badops = 0;
+ BIO *out = NULL;
+ int informat, outformat;
+ char *infile = NULL, *outfile = NULL, *context = NULL;
+ int cert = 0, noout = 0, text = 0;
+ const char **pp;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+
+ argc--;
+ argv++;
+ num = 0;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-text") == 0)
+ text = ++num;
+ else if (strcmp(*argv, "-cert") == 0)
+ cert = ++num;
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = ++num;
+ else if (strcmp(*argv, "-context") == 0) {
+ if (--argc < 1)
+ goto bad;
+ context = *++argv;
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ for (pp = sess_id_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err, "%s", *pp);
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+ x = load_sess_id(infile, informat);
+ if (x == NULL) {
+ goto end;
+ }
+
+ if (context) {
+ x->sid_ctx_length = strlen(context);
+ if (x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH) {
+ BIO_printf(bio_err, "Context too long\n");
+ goto end;
+ }
+ memcpy(x->sid_ctx, context, x->sid_ctx_length);
+ }
+#ifdef undef
+ /* just testing for memory leaks :-) */
+ {
+ SSL_SESSION *s;
+ char buf[1024 * 10], *p;
+ int i;
+
+ s = SSL_SESSION_new();
+
+ p = &buf;
+ i = i2d_SSL_SESSION(x, &p);
+ p = &buf;
+ d2i_SSL_SESSION(&s, &p, (long)i);
+ p = &buf;
+ d2i_SSL_SESSION(&s, &p, (long)i);
+ p = &buf;
+ d2i_SSL_SESSION(&s, &p, (long)i);
+ SSL_SESSION_free(s);
+ }
+#endif
+
+ if (!noout || text) {
+ out = BIO_new(BIO_s_file());
+ if (out == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+ }
+
+ if (text) {
+ SSL_SESSION_print(out, x);
+
+ if (cert) {
+ if (x->peer == NULL)
+ BIO_puts(out, "No certificate present\n");
+ else
+ X509_print(out, x->peer);
+ }
+ }
+
+ if (!noout && !cert) {
+ if (outformat == FORMAT_ASN1)
+ i = i2d_SSL_SESSION_bio(out, x);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_SSL_SESSION(out, x);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write SSL_SESSION\n");
+ goto end;
+ }
+ } else if (!noout && (x->peer != NULL)) { /* just print the certificate */
+ if (outformat == FORMAT_ASN1)
+ i = (int)i2d_X509_bio(out, x->peer);
+ else if (outformat == FORMAT_PEM)
+ i = PEM_write_bio_X509(out, x->peer);
+ else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write X509\n");
+ goto end;
+ }
+ }
+ ret = 0;
+ end:
+ if (out != NULL)
+ BIO_free_all(out);
+ if (x != NULL)
+ SSL_SESSION_free(x);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static SSL_SESSION *load_sess_id(char *infile, int format)
+{
+ SSL_SESSION *x = NULL;
+ BIO *in = NULL;
+
+ in = BIO_new(BIO_s_file());
+ if (in == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ goto end;
+ }
+ }
+ if (format == FORMAT_ASN1)
+ x = d2i_SSL_SESSION_bio(in, NULL);
+ else if (format == FORMAT_PEM)
+ x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
+ else {
+ BIO_printf(bio_err, "bad input format specified for input crl\n");
+ goto end;
+ }
+ if (x == NULL) {
+ BIO_printf(bio_err, "unable to load SSL_SESSION\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ end:
+ if (in != NULL)
+ BIO_free(in);
+ return (x);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/smime.c
===================================================================
--- vendor-crypto/openssl/dist/apps/smime.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/smime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,801 +0,0 @@
-/* smime.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* S/MIME utility function */
-
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/crypto.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/x509_vfy.h>
-#include <openssl/x509v3.h>
-
-#undef PROG
-#define PROG smime_main
-static int save_certs(char *signerfile, STACK_OF(X509) *signers);
-static int smime_cb(int ok, X509_STORE_CTX *ctx);
-
-#define SMIME_OP 0x10
-#define SMIME_ENCRYPT (1 | SMIME_OP)
-#define SMIME_DECRYPT 2
-#define SMIME_SIGN (3 | SMIME_OP)
-#define SMIME_VERIFY 4
-#define SMIME_PK7OUT 5
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- int operation = 0;
- int ret = 0;
- char **args;
- const char *inmode = "r", *outmode = "w";
- char *infile = NULL, *outfile = NULL;
- char *signerfile = NULL, *recipfile = NULL;
- char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
- const EVP_CIPHER *cipher = NULL;
- PKCS7 *p7 = NULL;
- X509_STORE *store = NULL;
- X509 *cert = NULL, *recip = NULL, *signer = NULL;
- EVP_PKEY *key = NULL;
- STACK_OF(X509) *encerts = NULL, *other = NULL;
- BIO *in = NULL, *out = NULL, *indata = NULL;
- int badarg = 0;
- int flags = PKCS7_DETACHED;
- char *to = NULL, *from = NULL, *subject = NULL;
- char *CAfile = NULL, *CApath = NULL;
- char *passargin = NULL, *passin = NULL;
- char *inrand = NULL;
- int need_rand = 0;
- int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
- int keyform = FORMAT_PEM;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- X509_VERIFY_PARAM *vpm = NULL;
-
- args = argv + 1;
- ret = 1;
-
- apps_startup();
-
- if (bio_err == NULL)
- {
- if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
- }
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- while (!badarg && *args && *args[0] == '-')
- {
- if (!strcmp (*args, "-encrypt"))
- operation = SMIME_ENCRYPT;
- else if (!strcmp (*args, "-decrypt"))
- operation = SMIME_DECRYPT;
- else if (!strcmp (*args, "-sign"))
- operation = SMIME_SIGN;
- else if (!strcmp (*args, "-verify"))
- operation = SMIME_VERIFY;
- else if (!strcmp (*args, "-pk7out"))
- operation = SMIME_PK7OUT;
-#ifndef OPENSSL_NO_DES
- else if (!strcmp (*args, "-des3"))
- cipher = EVP_des_ede3_cbc();
- else if (!strcmp (*args, "-des"))
- cipher = EVP_des_cbc();
-#endif
-#ifndef OPENSSL_NO_SEED
- else if (!strcmp (*args, "-seed"))
- cipher = EVP_seed_cbc();
-#endif
-#ifndef OPENSSL_NO_RC2
- else if (!strcmp (*args, "-rc2-40"))
- cipher = EVP_rc2_40_cbc();
- else if (!strcmp (*args, "-rc2-128"))
- cipher = EVP_rc2_cbc();
- else if (!strcmp (*args, "-rc2-64"))
- cipher = EVP_rc2_64_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
- else if (!strcmp(*args,"-aes128"))
- cipher = EVP_aes_128_cbc();
- else if (!strcmp(*args,"-aes192"))
- cipher = EVP_aes_192_cbc();
- else if (!strcmp(*args,"-aes256"))
- cipher = EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- else if (!strcmp(*args,"-camellia128"))
- cipher = EVP_camellia_128_cbc();
- else if (!strcmp(*args,"-camellia192"))
- cipher = EVP_camellia_192_cbc();
- else if (!strcmp(*args,"-camellia256"))
- cipher = EVP_camellia_256_cbc();
-#endif
- else if (!strcmp (*args, "-text"))
- flags |= PKCS7_TEXT;
- else if (!strcmp (*args, "-nointern"))
- flags |= PKCS7_NOINTERN;
- else if (!strcmp (*args, "-noverify"))
- flags |= PKCS7_NOVERIFY;
- else if (!strcmp (*args, "-nochain"))
- flags |= PKCS7_NOCHAIN;
- else if (!strcmp (*args, "-nocerts"))
- flags |= PKCS7_NOCERTS;
- else if (!strcmp (*args, "-noattr"))
- flags |= PKCS7_NOATTR;
- else if (!strcmp (*args, "-nodetach"))
- flags &= ~PKCS7_DETACHED;
- else if (!strcmp (*args, "-nosmimecap"))
- flags |= PKCS7_NOSMIMECAP;
- else if (!strcmp (*args, "-binary"))
- flags |= PKCS7_BINARY;
- else if (!strcmp (*args, "-nosigs"))
- flags |= PKCS7_NOSIGS;
- else if (!strcmp (*args, "-nooldmime"))
- flags |= PKCS7_NOOLDMIMETYPE;
- else if (!strcmp (*args, "-crlfeol"))
- flags |= PKCS7_CRLFEOL;
- else if (!strcmp(*args,"-rand"))
- {
- if (args[1])
- {
- args++;
- inrand = *args;
- }
- else
- badarg = 1;
- need_rand = 1;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (!strcmp(*args,"-engine"))
- {
- if (args[1])
- {
- args++;
- engine = *args;
- }
- else badarg = 1;
- }
-#endif
- else if (!strcmp(*args,"-passin"))
- {
- if (args[1])
- {
- args++;
- passargin = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-to"))
- {
- if (args[1])
- {
- args++;
- to = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-from"))
- {
- if (args[1])
- {
- args++;
- from = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-subject"))
- {
- if (args[1])
- {
- args++;
- subject = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-signer"))
- {
- if (args[1])
- {
- args++;
- signerfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-recip"))
- {
- if (args[1])
- {
- args++;
- recipfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-inkey"))
- {
- if (args[1])
- {
- args++;
- keyfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-keyform"))
- {
- if (args[1])
- {
- args++;
- keyform = str2fmt(*args);
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-certfile"))
- {
- if (args[1])
- {
- args++;
- certfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-CAfile"))
- {
- if (args[1])
- {
- args++;
- CAfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-CApath"))
- {
- if (args[1])
- {
- args++;
- CApath = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-in"))
- {
- if (args[1])
- {
- args++;
- infile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-inform"))
- {
- if (args[1])
- {
- args++;
- informat = str2fmt(*args);
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-outform"))
- {
- if (args[1])
- {
- args++;
- outformat = str2fmt(*args);
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-out"))
- {
- if (args[1])
- {
- args++;
- outfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-content"))
- {
- if (args[1])
- {
- args++;
- contfile = *args;
- }
- else
- badarg = 1;
- }
- else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
- continue;
- else
- badarg = 1;
- args++;
- }
-
-
- if (operation == SMIME_SIGN)
- {
- if (!signerfile)
- {
- BIO_printf(bio_err, "No signer certificate specified\n");
- badarg = 1;
- }
- need_rand = 1;
- }
- else if (operation == SMIME_DECRYPT)
- {
- if (!recipfile && !keyfile)
- {
- BIO_printf(bio_err, "No recipient certificate or key specified\n");
- badarg = 1;
- }
- }
- else if (operation == SMIME_ENCRYPT)
- {
- if (!*args)
- {
- BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
- badarg = 1;
- }
- need_rand = 1;
- }
- else if (!operation)
- badarg = 1;
-
- if (badarg)
- {
- BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-encrypt encrypt message\n");
- BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
- BIO_printf (bio_err, "-sign sign message\n");
- BIO_printf (bio_err, "-verify verify signed message\n");
- BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
-#ifndef OPENSSL_NO_DES
- BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
- BIO_printf (bio_err, "-des encrypt with DES\n");
-#endif
-#ifndef OPENSSL_NO_SEED
- BIO_printf (bio_err, "-seed encrypt with SEED\n");
-#endif
-#ifndef OPENSSL_NO_RC2
- BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
- BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
- BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
-#endif
- BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
- BIO_printf (bio_err, "-nosigs don't verify message signature\n");
- BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
- BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
- BIO_printf (bio_err, "-nodetach use opaque signing\n");
- BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
- BIO_printf (bio_err, "-binary don't translate message to text\n");
- BIO_printf (bio_err, "-certfile file other certificates file\n");
- BIO_printf (bio_err, "-signer file signer certificate file\n");
- BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
- BIO_printf (bio_err, "-in file input file\n");
- BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
- BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
- BIO_printf (bio_err, "-out file output file\n");
- BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
- BIO_printf (bio_err, "-to addr to address\n");
- BIO_printf (bio_err, "-from ad from address\n");
- BIO_printf (bio_err, "-subject s subject\n");
- BIO_printf (bio_err, "-text include or delete text MIME headers\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
- BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
- BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
- BIO_printf(bio_err, " the random number generator\n");
- BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
- {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
- if (need_rand)
- {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
- ret = 2;
-
- if (operation != SMIME_SIGN)
- flags &= ~PKCS7_DETACHED;
-
- if (operation & SMIME_OP)
- {
- if (flags & PKCS7_BINARY)
- inmode = "rb";
- if (outformat == FORMAT_ASN1)
- outmode = "wb";
- }
- else
- {
- if (flags & PKCS7_BINARY)
- outmode = "wb";
- if (informat == FORMAT_ASN1)
- inmode = "rb";
- }
-
- if (operation == SMIME_ENCRYPT)
- {
- if (!cipher)
- {
-#ifndef OPENSSL_NO_DES
- cipher = EVP_des_ede3_cbc();
-#else
- BIO_printf(bio_err, "No cipher selected\n");
- goto end;
-#endif
- }
- encerts = sk_X509_new_null();
- while (*args)
- {
- if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
- NULL, e, "recipient certificate file")))
- {
-#if 0 /* An appropriate message is already printed */
- BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
-#endif
- goto end;
- }
- sk_X509_push(encerts, cert);
- cert = NULL;
- args++;
- }
- }
-
- if (signerfile && (operation == SMIME_SIGN))
- {
- if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
- e, "signer certificate")))
- {
-#if 0 /* An appropri message has already been printed */
- BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
-#endif
- goto end;
- }
- }
-
- if (certfile)
- {
- if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
- e, "certificate file")))
- {
-#if 0 /* An appropriate message has already been printed */
- BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
-#endif
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (recipfile && (operation == SMIME_DECRYPT))
- {
- if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
- e, "recipient certificate file")))
- {
-#if 0 /* An appropriate message has alrady been printed */
- BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
-#endif
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (operation == SMIME_DECRYPT)
- {
- if (!keyfile)
- keyfile = recipfile;
- }
- else if (operation == SMIME_SIGN)
- {
- if (!keyfile)
- keyfile = signerfile;
- }
- else keyfile = NULL;
-
- if (keyfile)
- {
- key = load_key(bio_err, keyfile, keyform, 0, passin, e,
- "signing key file");
- if (!key)
- goto end;
- }
-
- if (infile)
- {
- if (!(in = BIO_new_file(infile, inmode)))
- {
- BIO_printf (bio_err,
- "Can't open input file %s\n", infile);
- goto end;
- }
- }
- else
- in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
- if (outfile)
- {
- if (!(out = BIO_new_file(outfile, outmode)))
- {
- BIO_printf (bio_err,
- "Can't open output file %s\n", outfile);
- goto end;
- }
- }
- else
- {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
-
- if (operation == SMIME_VERIFY)
- {
- if (!(store = setup_verify(bio_err, CAfile, CApath)))
- goto end;
- X509_STORE_set_verify_cb_func(store, smime_cb);
- if (vpm)
- X509_STORE_set1_param(store, vpm);
- }
-
-
- ret = 3;
-
- if (operation == SMIME_ENCRYPT)
- p7 = PKCS7_encrypt(encerts, in, cipher, flags);
- else if (operation == SMIME_SIGN)
- {
- /* If detached data and SMIME output enable partial
- * signing.
- */
- if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
- flags |= PKCS7_STREAM;
- p7 = PKCS7_sign(signer, key, other, in, flags);
- }
- else
- {
- if (informat == FORMAT_SMIME)
- p7 = SMIME_read_PKCS7(in, &indata);
- else if (informat == FORMAT_PEM)
- p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
- else if (informat == FORMAT_ASN1)
- p7 = d2i_PKCS7_bio(in, NULL);
- else
- {
- BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
- goto end;
- }
-
- if (!p7)
- {
- BIO_printf(bio_err, "Error reading S/MIME message\n");
- goto end;
- }
- if (contfile)
- {
- BIO_free(indata);
- if (!(indata = BIO_new_file(contfile, "rb")))
- {
- BIO_printf(bio_err, "Can't read content file %s\n", contfile);
- goto end;
- }
- }
- }
-
- if (!p7)
- {
- BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
- goto end;
- }
-
- ret = 4;
- if (operation == SMIME_DECRYPT)
- {
- if (!PKCS7_decrypt(p7, key, recip, out, flags))
- {
- BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
- goto end;
- }
- }
- else if (operation == SMIME_VERIFY)
- {
- STACK_OF(X509) *signers;
- if (PKCS7_verify(p7, other, store, indata, out, flags))
- BIO_printf(bio_err, "Verification successful\n");
- else
- {
- BIO_printf(bio_err, "Verification failure\n");
- goto end;
- }
- signers = PKCS7_get0_signers(p7, other, flags);
- if (!save_certs(signerfile, signers))
- {
- BIO_printf(bio_err, "Error writing signers to %s\n",
- signerfile);
- ret = 5;
- goto end;
- }
- sk_X509_free(signers);
- }
- else if (operation == SMIME_PK7OUT)
- PEM_write_bio_PKCS7(out, p7);
- else
- {
- if (to)
- BIO_printf(out, "To: %s\n", to);
- if (from)
- BIO_printf(out, "From: %s\n", from);
- if (subject)
- BIO_printf(out, "Subject: %s\n", subject);
- if (outformat == FORMAT_SMIME)
- SMIME_write_PKCS7(out, p7, in, flags);
- else if (outformat == FORMAT_PEM)
- PEM_write_bio_PKCS7(out,p7);
- else if (outformat == FORMAT_ASN1)
- i2d_PKCS7_bio(out,p7);
- else
- {
- BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
- goto end;
- }
- }
- ret = 0;
-end:
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
- if (ret) ERR_print_errors(bio_err);
- sk_X509_pop_free(encerts, X509_free);
- sk_X509_pop_free(other, X509_free);
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
- X509_STORE_free(store);
- X509_free(cert);
- X509_free(recip);
- X509_free(signer);
- EVP_PKEY_free(key);
- PKCS7_free(p7);
- BIO_free(in);
- BIO_free(indata);
- BIO_free_all(out);
- if (passin) OPENSSL_free(passin);
- return (ret);
-}
-
-static int save_certs(char *signerfile, STACK_OF(X509) *signers)
- {
- int i;
- BIO *tmp;
- if (!signerfile)
- return 1;
- tmp = BIO_new_file(signerfile, "w");
- if (!tmp) return 0;
- for(i = 0; i < sk_X509_num(signers); i++)
- PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
- BIO_free(tmp);
- return 1;
- }
-
-
-/* Minimal callback just to output policy info (if any) */
-
-static int smime_cb(int ok, X509_STORE_CTX *ctx)
- {
- int error;
-
- error = X509_STORE_CTX_get_error(ctx);
-
- if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
- && ((error != X509_V_OK) || (ok != 2)))
- return ok;
-
- policies_print(NULL, ctx);
-
- return ok;
-
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/smime.c (from rev 6976, vendor-crypto/openssl/dist/apps/smime.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/smime.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/smime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,705 @@
+/* smime.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* S/MIME utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+
+#undef PROG
+#define PROG smime_main
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int smime_cb(int ok, X509_STORE_CTX *ctx);
+
+#define SMIME_OP 0x10
+#define SMIME_ENCRYPT (1 | SMIME_OP)
+#define SMIME_DECRYPT 2
+#define SMIME_SIGN (3 | SMIME_OP)
+#define SMIME_VERIFY 4
+#define SMIME_PK7OUT 5
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ int operation = 0;
+ int ret = 0;
+ char **args;
+ const char *inmode = "r", *outmode = "w";
+ char *infile = NULL, *outfile = NULL;
+ char *signerfile = NULL, *recipfile = NULL;
+ char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
+ const EVP_CIPHER *cipher = NULL;
+ PKCS7 *p7 = NULL;
+ X509_STORE *store = NULL;
+ X509 *cert = NULL, *recip = NULL, *signer = NULL;
+ EVP_PKEY *key = NULL;
+ STACK_OF(X509) *encerts = NULL, *other = NULL;
+ BIO *in = NULL, *out = NULL, *indata = NULL;
+ int badarg = 0;
+ int flags = PKCS7_DETACHED;
+ char *to = NULL, *from = NULL, *subject = NULL;
+ char *CAfile = NULL, *CApath = NULL;
+ char *passargin = NULL, *passin = NULL;
+ char *inrand = NULL;
+ int need_rand = 0;
+ int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+ int keyform = FORMAT_PEM;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+
+ X509_VERIFY_PARAM *vpm = NULL;
+
+ args = argv + 1;
+ ret = 1;
+
+ apps_startup();
+
+ if (bio_err == NULL) {
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ }
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp(*args, "-encrypt"))
+ operation = SMIME_ENCRYPT;
+ else if (!strcmp(*args, "-decrypt"))
+ operation = SMIME_DECRYPT;
+ else if (!strcmp(*args, "-sign"))
+ operation = SMIME_SIGN;
+ else if (!strcmp(*args, "-verify"))
+ operation = SMIME_VERIFY;
+ else if (!strcmp(*args, "-pk7out"))
+ operation = SMIME_PK7OUT;
+#ifndef OPENSSL_NO_DES
+ else if (!strcmp(*args, "-des3"))
+ cipher = EVP_des_ede3_cbc();
+ else if (!strcmp(*args, "-des"))
+ cipher = EVP_des_cbc();
+#endif
+#ifndef OPENSSL_NO_SEED
+ else if (!strcmp(*args, "-seed"))
+ cipher = EVP_seed_cbc();
+#endif
+#ifndef OPENSSL_NO_RC2
+ else if (!strcmp(*args, "-rc2-40"))
+ cipher = EVP_rc2_40_cbc();
+ else if (!strcmp(*args, "-rc2-128"))
+ cipher = EVP_rc2_cbc();
+ else if (!strcmp(*args, "-rc2-64"))
+ cipher = EVP_rc2_64_cbc();
+#endif
+#ifndef OPENSSL_NO_AES
+ else if (!strcmp(*args, "-aes128"))
+ cipher = EVP_aes_128_cbc();
+ else if (!strcmp(*args, "-aes192"))
+ cipher = EVP_aes_192_cbc();
+ else if (!strcmp(*args, "-aes256"))
+ cipher = EVP_aes_256_cbc();
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ else if (!strcmp(*args, "-camellia128"))
+ cipher = EVP_camellia_128_cbc();
+ else if (!strcmp(*args, "-camellia192"))
+ cipher = EVP_camellia_192_cbc();
+ else if (!strcmp(*args, "-camellia256"))
+ cipher = EVP_camellia_256_cbc();
+#endif
+ else if (!strcmp(*args, "-text"))
+ flags |= PKCS7_TEXT;
+ else if (!strcmp(*args, "-nointern"))
+ flags |= PKCS7_NOINTERN;
+ else if (!strcmp(*args, "-noverify"))
+ flags |= PKCS7_NOVERIFY;
+ else if (!strcmp(*args, "-nochain"))
+ flags |= PKCS7_NOCHAIN;
+ else if (!strcmp(*args, "-nocerts"))
+ flags |= PKCS7_NOCERTS;
+ else if (!strcmp(*args, "-noattr"))
+ flags |= PKCS7_NOATTR;
+ else if (!strcmp(*args, "-nodetach"))
+ flags &= ~PKCS7_DETACHED;
+ else if (!strcmp(*args, "-nosmimecap"))
+ flags |= PKCS7_NOSMIMECAP;
+ else if (!strcmp(*args, "-binary"))
+ flags |= PKCS7_BINARY;
+ else if (!strcmp(*args, "-nosigs"))
+ flags |= PKCS7_NOSIGS;
+ else if (!strcmp(*args, "-nooldmime"))
+ flags |= PKCS7_NOOLDMIMETYPE;
+ else if (!strcmp(*args, "-crlfeol"))
+ flags |= PKCS7_CRLFEOL;
+ else if (!strcmp(*args, "-rand")) {
+ if (args[1]) {
+ args++;
+ inrand = *args;
+ } else
+ badarg = 1;
+ need_rand = 1;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (!strcmp(*args, "-engine")) {
+ if (args[1]) {
+ args++;
+ engine = *args;
+ } else
+ badarg = 1;
+ }
+#endif
+ else if (!strcmp(*args, "-passin")) {
+ if (args[1]) {
+ args++;
+ passargin = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-to")) {
+ if (args[1]) {
+ args++;
+ to = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-from")) {
+ if (args[1]) {
+ args++;
+ from = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-subject")) {
+ if (args[1]) {
+ args++;
+ subject = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-signer")) {
+ if (args[1]) {
+ args++;
+ signerfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-recip")) {
+ if (args[1]) {
+ args++;
+ recipfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-inkey")) {
+ if (args[1]) {
+ args++;
+ keyfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-keyform")) {
+ if (args[1]) {
+ args++;
+ keyform = str2fmt(*args);
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-certfile")) {
+ if (args[1]) {
+ args++;
+ certfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CAfile")) {
+ if (args[1]) {
+ args++;
+ CAfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-CApath")) {
+ if (args[1]) {
+ args++;
+ CApath = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-in")) {
+ if (args[1]) {
+ args++;
+ infile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-inform")) {
+ if (args[1]) {
+ args++;
+ informat = str2fmt(*args);
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-outform")) {
+ if (args[1]) {
+ args++;
+ outformat = str2fmt(*args);
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-out")) {
+ if (args[1]) {
+ args++;
+ outfile = *args;
+ } else
+ badarg = 1;
+ } else if (!strcmp(*args, "-content")) {
+ if (args[1]) {
+ args++;
+ contfile = *args;
+ } else
+ badarg = 1;
+ } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+ continue;
+ else
+ badarg = 1;
+ args++;
+ }
+
+ if (operation == SMIME_SIGN) {
+ if (!signerfile) {
+ BIO_printf(bio_err, "No signer certificate specified\n");
+ badarg = 1;
+ }
+ need_rand = 1;
+ } else if (operation == SMIME_DECRYPT) {
+ if (!recipfile && !keyfile) {
+ BIO_printf(bio_err,
+ "No recipient certificate or key specified\n");
+ badarg = 1;
+ }
+ } else if (operation == SMIME_ENCRYPT) {
+ if (!*args) {
+ BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+ badarg = 1;
+ }
+ need_rand = 1;
+ } else if (!operation)
+ badarg = 1;
+
+ if (badarg) {
+ BIO_printf(bio_err, "Usage smime [options] cert.pem ...\n");
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, "-encrypt encrypt message\n");
+ BIO_printf(bio_err, "-decrypt decrypt encrypted message\n");
+ BIO_printf(bio_err, "-sign sign message\n");
+ BIO_printf(bio_err, "-verify verify signed message\n");
+ BIO_printf(bio_err, "-pk7out output PKCS#7 structure\n");
+#ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err, "-des3 encrypt with triple DES\n");
+ BIO_printf(bio_err, "-des encrypt with DES\n");
+#endif
+#ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err, "-seed encrypt with SEED\n");
+#endif
+#ifndef OPENSSL_NO_RC2
+ BIO_printf(bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
+ BIO_printf(bio_err, "-rc2-64 encrypt with RC2-64\n");
+ BIO_printf(bio_err, "-rc2-128 encrypt with RC2-128\n");
+#endif
+#ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err, "-aes128, -aes192, -aes256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc aes\n");
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err, "-camellia128, -camellia192, -camellia256\n");
+ BIO_printf(bio_err,
+ " encrypt PEM output with cbc camellia\n");
+#endif
+ BIO_printf(bio_err,
+ "-nointern don't search certificates in message for signer\n");
+ BIO_printf(bio_err,
+ "-nosigs don't verify message signature\n");
+ BIO_printf(bio_err,
+ "-noverify don't verify signers certificate\n");
+ BIO_printf(bio_err,
+ "-nocerts don't include signers certificate when signing\n");
+ BIO_printf(bio_err, "-nodetach use opaque signing\n");
+ BIO_printf(bio_err,
+ "-noattr don't include any signed attributes\n");
+ BIO_printf(bio_err,
+ "-binary don't translate message to text\n");
+ BIO_printf(bio_err, "-certfile file other certificates file\n");
+ BIO_printf(bio_err, "-signer file signer certificate file\n");
+ BIO_printf(bio_err,
+ "-recip file recipient certificate file for decryption\n");
+ BIO_printf(bio_err, "-in file input file\n");
+ BIO_printf(bio_err,
+ "-inform arg input format SMIME (default), PEM or DER\n");
+ BIO_printf(bio_err,
+ "-inkey file input private key (if not signer or recipient)\n");
+ BIO_printf(bio_err,
+ "-keyform arg input private key format (PEM or ENGINE)\n");
+ BIO_printf(bio_err, "-out file output file\n");
+ BIO_printf(bio_err,
+ "-outform arg output format SMIME (default), PEM or DER\n");
+ BIO_printf(bio_err,
+ "-content file supply or override content for detached signature\n");
+ BIO_printf(bio_err, "-to addr to address\n");
+ BIO_printf(bio_err, "-from ad from address\n");
+ BIO_printf(bio_err, "-subject s subject\n");
+ BIO_printf(bio_err,
+ "-text include or delete text MIME headers\n");
+ BIO_printf(bio_err,
+ "-CApath dir trusted certificates directory\n");
+ BIO_printf(bio_err, "-CAfile file trusted certificates file\n");
+ BIO_printf(bio_err,
+ "-crl_check check revocation status of signer's certificate using CRLs\n");
+ BIO_printf(bio_err,
+ "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ "-engine e use engine e, possibly a hardware device.\n");
+#endif
+ BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
+ LIST_SEPARATOR_CHAR);
+ BIO_printf(bio_err,
+ " load the file (or the files in the directory) into\n");
+ BIO_printf(bio_err, " the random number generator\n");
+ BIO_printf(bio_err,
+ "cert.pem recipient certificate(s) for encryption\n");
+ goto end;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (need_rand) {
+ app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+ if (inrand != NULL)
+ BIO_printf(bio_err, "%ld semi-random bytes loaded\n",
+ app_RAND_load_files(inrand));
+ }
+
+ ret = 2;
+
+ if (operation != SMIME_SIGN)
+ flags &= ~PKCS7_DETACHED;
+
+ if (operation & SMIME_OP) {
+ if (flags & PKCS7_BINARY)
+ inmode = "rb";
+ if (outformat == FORMAT_ASN1)
+ outmode = "wb";
+ } else {
+ if (flags & PKCS7_BINARY)
+ outmode = "wb";
+ if (informat == FORMAT_ASN1)
+ inmode = "rb";
+ }
+
+ if (operation == SMIME_ENCRYPT) {
+ if (!cipher) {
+#ifndef OPENSSL_NO_DES
+ cipher = EVP_des_ede3_cbc();
+#else
+ BIO_printf(bio_err, "No cipher selected\n");
+ goto end;
+#endif
+ }
+ encerts = sk_X509_new_null();
+ while (*args) {
+ if (!(cert = load_cert(bio_err, *args, FORMAT_PEM,
+ NULL, e, "recipient certificate file"))) {
+#if 0 /* An appropriate message is already printed */
+ BIO_printf(bio_err,
+ "Can't read recipient certificate file %s\n",
+ *args);
+#endif
+ goto end;
+ }
+ sk_X509_push(encerts, cert);
+ cert = NULL;
+ args++;
+ }
+ }
+
+ if (signerfile && (operation == SMIME_SIGN)) {
+ if (!(signer = load_cert(bio_err, signerfile, FORMAT_PEM, NULL,
+ e, "signer certificate"))) {
+#if 0 /* An appropri message has already been
+ * printed */
+ BIO_printf(bio_err, "Can't read signer certificate file %s\n",
+ signerfile);
+#endif
+ goto end;
+ }
+ }
+
+ if (certfile) {
+ if (!(other = load_certs(bio_err, certfile, FORMAT_PEM, NULL,
+ e, "certificate file"))) {
+#if 0 /* An appropriate message has already been
+ * printed */
+ BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
+#endif
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (recipfile && (operation == SMIME_DECRYPT)) {
+ if (!(recip = load_cert(bio_err, recipfile, FORMAT_PEM, NULL,
+ e, "recipient certificate file"))) {
+#if 0 /* An appropriate message has alrady been
+ * printed */
+ BIO_printf(bio_err, "Can't read recipient certificate file %s\n",
+ recipfile);
+#endif
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (operation == SMIME_DECRYPT) {
+ if (!keyfile)
+ keyfile = recipfile;
+ } else if (operation == SMIME_SIGN) {
+ if (!keyfile)
+ keyfile = signerfile;
+ } else
+ keyfile = NULL;
+
+ if (keyfile) {
+ key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+ "signing key file");
+ if (!key)
+ goto end;
+ }
+
+ if (infile) {
+ if (!(in = BIO_new_file(infile, inmode))) {
+ BIO_printf(bio_err, "Can't open input file %s\n", infile);
+ goto end;
+ }
+ } else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, outmode))) {
+ BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ } else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if (operation == SMIME_VERIFY) {
+ if (!(store = setup_verify(bio_err, CAfile, CApath)))
+ goto end;
+ X509_STORE_set_verify_cb_func(store, smime_cb);
+ if (vpm)
+ X509_STORE_set1_param(store, vpm);
+ }
+
+ ret = 3;
+
+ if (operation == SMIME_ENCRYPT)
+ p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+ else if (operation == SMIME_SIGN) {
+ /*
+ * If detached data and SMIME output enable partial signing.
+ */
+ if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
+ flags |= PKCS7_STREAM;
+ p7 = PKCS7_sign(signer, key, other, in, flags);
+ } else {
+ if (informat == FORMAT_SMIME)
+ p7 = SMIME_read_PKCS7(in, &indata);
+ else if (informat == FORMAT_PEM)
+ p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+ else if (informat == FORMAT_ASN1)
+ p7 = d2i_PKCS7_bio(in, NULL);
+ else {
+ BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
+ goto end;
+ }
+
+ if (!p7) {
+ BIO_printf(bio_err, "Error reading S/MIME message\n");
+ goto end;
+ }
+ if (contfile) {
+ BIO_free(indata);
+ if (!(indata = BIO_new_file(contfile, "rb"))) {
+ BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+ goto end;
+ }
+ }
+ }
+
+ if (!p7) {
+ BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
+ goto end;
+ }
+
+ ret = 4;
+ if (operation == SMIME_DECRYPT) {
+ if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
+ BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
+ goto end;
+ }
+ } else if (operation == SMIME_VERIFY) {
+ STACK_OF(X509) *signers;
+ if (PKCS7_verify(p7, other, store, indata, out, flags))
+ BIO_printf(bio_err, "Verification successful\n");
+ else {
+ BIO_printf(bio_err, "Verification failure\n");
+ goto end;
+ }
+ signers = PKCS7_get0_signers(p7, other, flags);
+ if (!save_certs(signerfile, signers)) {
+ BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);
+ ret = 5;
+ goto end;
+ }
+ sk_X509_free(signers);
+ } else if (operation == SMIME_PK7OUT)
+ PEM_write_bio_PKCS7(out, p7);
+ else {
+ if (to)
+ BIO_printf(out, "To: %s\n", to);
+ if (from)
+ BIO_printf(out, "From: %s\n", from);
+ if (subject)
+ BIO_printf(out, "Subject: %s\n", subject);
+ if (outformat == FORMAT_SMIME)
+ SMIME_write_PKCS7(out, p7, in, flags);
+ else if (outformat == FORMAT_PEM)
+ PEM_write_bio_PKCS7(out, p7);
+ else if (outformat == FORMAT_ASN1)
+ i2d_PKCS7_bio(out, p7);
+ else {
+ BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
+ goto end;
+ }
+ }
+ ret = 0;
+ end:
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+ if (ret)
+ ERR_print_errors(bio_err);
+ sk_X509_pop_free(encerts, X509_free);
+ sk_X509_pop_free(other, X509_free);
+ if (vpm)
+ X509_VERIFY_PARAM_free(vpm);
+ X509_STORE_free(store);
+ X509_free(cert);
+ X509_free(recip);
+ X509_free(signer);
+ EVP_PKEY_free(key);
+ PKCS7_free(p7);
+ BIO_free(in);
+ BIO_free(indata);
+ BIO_free_all(out);
+ if (passin)
+ OPENSSL_free(passin);
+ return (ret);
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+{
+ int i;
+ BIO *tmp;
+ if (!signerfile)
+ return 1;
+ tmp = BIO_new_file(signerfile, "w");
+ if (!tmp)
+ return 0;
+ for (i = 0; i < sk_X509_num(signers); i++)
+ PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+ BIO_free(tmp);
+ return 1;
+}
+
+/* Minimal callback just to output policy info (if any) */
+
+static int smime_cb(int ok, X509_STORE_CTX *ctx)
+{
+ int error;
+
+ error = X509_STORE_CTX_get_error(ctx);
+
+ if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+ && ((error != X509_V_OK) || (ok != 2)))
+ return ok;
+
+ policies_print(NULL, ctx);
+
+ return ok;
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/speed.c
===================================================================
--- vendor-crypto/openssl/dist/apps/speed.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/speed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2946 +0,0 @@
-/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The ECDH and ECDSA speed test software is originally written by
- * Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#ifndef OPENSSL_NO_SPEED
-
-#undef SECONDS
-#define SECONDS 3
-#define RSA_SECONDS 10
-#define DSA_SECONDS 10
-#define ECDSA_SECONDS 10
-#define ECDH_SECONDS 10
-
-/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
-
-#undef PROG
-#define PROG speed_main
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <string.h>
-#include <math.h>
-#include "apps.h"
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#if !defined(OPENSSL_SYS_MSDOS)
-#include OPENSSL_UNISTD
-#endif
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX)
-# define USE_TOD
-#elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
-# define TIMES
-#endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) /* FIXME */
-# define TIMEB
-#endif
-
-#if defined(OPENSSL_SYS_NETWARE)
-#undef TIMES
-#undef TIMEB
-#include <time.h>
-#endif
-
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-#ifdef USE_TOD
-# include <sys/time.h>
-# include <sys/resource.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifdef TIMEB
-#include <sys/timeb.h>
-#endif
-
-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
-#error "It seems neither struct tms nor struct timeb is supported in this platform!"
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DES
-#include <openssl/des.h>
-#endif
-#ifndef OPENSSL_NO_AES
-#include <openssl/aes.h>
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-#include <openssl/camellia.h>
-#endif
-#ifndef OPENSSL_NO_MD2
-#include <openssl/md2.h>
-#endif
-#ifndef OPENSSL_NO_MDC2
-#include <openssl/mdc2.h>
-#endif
-#ifndef OPENSSL_NO_MD4
-#include <openssl/md4.h>
-#endif
-#ifndef OPENSSL_NO_MD5
-#include <openssl/md5.h>
-#endif
-#ifndef OPENSSL_NO_HMAC
-#include <openssl/hmac.h>
-#endif
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_SHA
-#include <openssl/sha.h>
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-#include <openssl/ripemd.h>
-#endif
-#ifndef OPENSSL_NO_RC4
-#include <openssl/rc4.h>
-#endif
-#ifndef OPENSSL_NO_RC5
-#include <openssl/rc5.h>
-#endif
-#ifndef OPENSSL_NO_RC2
-#include <openssl/rc2.h>
-#endif
-#ifndef OPENSSL_NO_IDEA
-#include <openssl/idea.h>
-#endif
-#ifndef OPENSSL_NO_SEED
-#include <openssl/seed.h>
-#endif
-#ifndef OPENSSL_NO_BF
-#include <openssl/blowfish.h>
-#endif
-#ifndef OPENSSL_NO_CAST
-#include <openssl/cast.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#include "./testrsa.h"
-#endif
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#include "./testdsa.h"
-#endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-
-/*
- * The following "HZ" timing stuff should be sync'd up with the code in
- * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think
- * this code is more up to date than libcrypto's so there may be features to
- * migrate over first. This is used in two places further down AFAICS.
- * The point is that nothing in openssl actually *uses* that tmdiff stuff, so
- * either speed.c should be using it or it should go because it's obviously not
- * useful enough. Anyone want to do a janitorial job on this?
- */
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# if defined(_SC_CLK_TCK) \
- && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
-# define HZ sysconf(_SC_CLK_TCK)
-# else
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-# endif
-#endif
-
-#ifndef HAVE_FORK
-# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
-# define HAVE_FORK 0
-# else
-# define HAVE_FORK 1
-# endif
-#endif
-
-#if HAVE_FORK
-# undef NO_FORK
-#else
-# define NO_FORK
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE ((long)1024*8+1)
-int run=0;
-
-static char ftime_used = 0, times_used = 0, gettimeofday_used = 0, getrusage_used = 0;
-static int mr=0;
-static int usertime=1;
-
-static double Time_F(int s);
-static void print_message(const char *s,long num,int length);
-static void pkey_print_message(const char *str, const char *str2,
- long num, int bits, int sec);
-static void print_result(int alg,int run_no,int count,double time_used);
-#ifndef NO_FORK
-static int do_multi(int multi);
-#endif
-
-#define ALGOR_NUM 28
-#define SIZE_NUM 5
-#define RSA_NUM 4
-#define DSA_NUM 3
-
-#define EC_NUM 16
-#define MAX_ECDH_SIZE 256
-
-static const char *names[ALGOR_NUM]={
- "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
- "des cbc","des ede3","idea cbc","seed cbc",
- "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
- "aes-128 cbc","aes-192 cbc","aes-256 cbc",
- "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
- "evp","sha256","sha512",
- "aes-128 ige","aes-192 ige","aes-256 ige"};
-static double results[ALGOR_NUM][SIZE_NUM];
-static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
-#ifndef OPENSSL_NO_RSA
-static double rsa_results[RSA_NUM][2];
-#endif
-#ifndef OPENSSL_NO_DSA
-static double dsa_results[DSA_NUM][2];
-#endif
-#ifndef OPENSSL_NO_ECDSA
-static double ecdsa_results[EC_NUM][2];
-#endif
-#ifndef OPENSSL_NO_ECDH
-static double ecdh_results[EC_NUM][1];
-#endif
-
-#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-static int rnd_fake = 0;
-#endif
-
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-static SIGRETTYPE sig_done(int sig);
-static SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-#if defined(OPENSSL_SYS_NETWARE)
-
- /* for NetWare the best we can do is use clock() which returns the
- * time, in hundredths of a second, since the NLM began executing
- */
-static double Time_F(int s)
- {
- double ret;
-
- static clock_t tstart,tend;
-
- if (s == START)
- {
- tstart=clock();
- return(0);
- }
- else
- {
- tend=clock();
- ret=(double)((double)(tend)-(double)(tstart));
- return((ret < 0.001)?0.001:ret);
- }
- }
-
-#else
-
-static double Time_F(int s)
- {
- double ret;
-
-#ifdef USE_TOD
- if(usertime)
- {
- static struct rusage tstart,tend;
-
- getrusage_used = 1;
- if (s == START)
- {
- getrusage(RUSAGE_SELF,&tstart);
- return(0);
- }
- else
- {
- long i;
-
- getrusage(RUSAGE_SELF,&tend);
- i=(long)tend.ru_utime.tv_usec-(long)tstart.ru_utime.tv_usec;
- ret=((double)(tend.ru_utime.tv_sec-tstart.ru_utime.tv_sec))
- +((double)i)/1000000.0;
- return((ret < 0.001)?0.001:ret);
- }
- }
- else
- {
- static struct timeval tstart,tend;
- long i;
-
- gettimeofday_used = 1;
- if (s == START)
- {
- gettimeofday(&tstart,NULL);
- return(0);
- }
- else
- {
- gettimeofday(&tend,NULL);
- i=(long)tend.tv_usec-(long)tstart.tv_usec;
- ret=((double)(tend.tv_sec-tstart.tv_sec))+((double)i)/1000000.0;
- return((ret < 0.001)?0.001:ret);
- }
- }
-#else /* ndef USE_TOD */
-
-# ifdef TIMES
- if (usertime)
- {
- static struct tms tstart,tend;
-
- times_used = 1;
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret = HZ;
- ret=(double)(tend.tms_utime-tstart.tms_utime) / ret;
- return((ret < 1e-3)?1e-3:ret);
- }
- }
-# endif /* times() */
-# if defined(TIMES) && defined(TIMEB)
- else
-# endif
-# ifdef OPENSSL_SYS_VXWORKS
- {
- static unsigned long tick_start, tick_end;
-
- if( s == START )
- {
- tick_start = tickGet();
- return 0;
- }
- else
- {
- tick_end = tickGet();
- ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
- return((ret < 0.001)?0.001:ret);
- }
- }
-# elif defined(TIMEB)
- {
- static struct timeb tstart,tend;
- long i;
-
- ftime_used = 1;
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
- return((ret < 0.001)?0.001:ret);
- }
- }
-# endif
-#endif
- }
-#endif /* if defined(OPENSSL_SYS_NETWARE) */
-
-
-#ifndef OPENSSL_NO_ECDH
-static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
- {
-#ifndef OPENSSL_NO_SHA
- if (*outlen < SHA_DIGEST_LENGTH)
- return NULL;
- else
- *outlen = SHA_DIGEST_LENGTH;
- return SHA1(in, inlen, out);
-#else
- return NULL;
-#endif /* OPENSSL_NO_SHA */
- }
-#endif /* OPENSSL_NO_ECDH */
-
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- unsigned char *buf=NULL,*buf2=NULL;
- int mret=1;
- long count=0,save_count=0;
- int i,j,k;
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
- long rsa_count;
-#endif
-#ifndef OPENSSL_NO_RSA
- unsigned rsa_num;
-#endif
- unsigned char md[EVP_MAX_MD_SIZE];
-#ifndef OPENSSL_NO_MD2
- unsigned char md2[MD2_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_MDC2
- unsigned char mdc2[MDC2_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_MD4
- unsigned char md4[MD4_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_MD5
- unsigned char md5[MD5_DIGEST_LENGTH];
- unsigned char hmac[MD5_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_SHA
- unsigned char sha[SHA_DIGEST_LENGTH];
-#ifndef OPENSSL_NO_SHA256
- unsigned char sha256[SHA256_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_SHA512
- unsigned char sha512[SHA512_DIGEST_LENGTH];
-#endif
-#endif
-#ifndef OPENSSL_NO_RIPEMD
- unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_RC4
- RC4_KEY rc4_ks;
-#endif
-#ifndef OPENSSL_NO_RC5
- RC5_32_KEY rc5_ks;
-#endif
-#ifndef OPENSSL_NO_RC2
- RC2_KEY rc2_ks;
-#endif
-#ifndef OPENSSL_NO_IDEA
- IDEA_KEY_SCHEDULE idea_ks;
-#endif
-#ifndef OPENSSL_NO_SEED
- SEED_KEY_SCHEDULE seed_ks;
-#endif
-#ifndef OPENSSL_NO_BF
- BF_KEY bf_ks;
-#endif
-#ifndef OPENSSL_NO_CAST
- CAST_KEY cast_ks;
-#endif
- static const unsigned char key16[16]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-#ifndef OPENSSL_NO_AES
- static const unsigned char key24[24]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
- 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- static const unsigned char key32[32]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
- 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
- 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- static const unsigned char ckey24[24]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
- 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- static const unsigned char ckey32[32]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
- 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
- 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
-#endif
-#ifndef OPENSSL_NO_AES
-#define MAX_BLOCK_SIZE 128
-#else
-#define MAX_BLOCK_SIZE 64
-#endif
- unsigned char DES_iv[8];
- unsigned char iv[2*MAX_BLOCK_SIZE/8];
-#ifndef OPENSSL_NO_DES
- static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
- static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
- static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- DES_key_schedule sch;
- DES_key_schedule sch2;
- DES_key_schedule sch3;
-#endif
-#ifndef OPENSSL_NO_AES
- AES_KEY aes_ks1, aes_ks2, aes_ks3;
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
-#endif
-#define D_MD2 0
-#define D_MDC2 1
-#define D_MD4 2
-#define D_MD5 3
-#define D_HMAC 4
-#define D_SHA1 5
-#define D_RMD160 6
-#define D_RC4 7
-#define D_CBC_DES 8
-#define D_EDE3_DES 9
-#define D_CBC_IDEA 10
-#define D_CBC_SEED 11
-#define D_CBC_RC2 12
-#define D_CBC_RC5 13
-#define D_CBC_BF 14
-#define D_CBC_CAST 15
-#define D_CBC_128_AES 16
-#define D_CBC_192_AES 17
-#define D_CBC_256_AES 18
-#define D_CBC_128_CML 19
-#define D_CBC_192_CML 20
-#define D_CBC_256_CML 21
-#define D_EVP 22
-#define D_SHA256 23
-#define D_SHA512 24
-#define D_IGE_128_AES 25
-#define D_IGE_192_AES 26
-#define D_IGE_256_AES 27
- double d=0.0;
- long c[ALGOR_NUM][SIZE_NUM];
-#define R_DSA_512 0
-#define R_DSA_1024 1
-#define R_DSA_2048 2
-#define R_RSA_512 0
-#define R_RSA_1024 1
-#define R_RSA_2048 2
-#define R_RSA_4096 3
-
-#define R_EC_P160 0
-#define R_EC_P192 1
-#define R_EC_P224 2
-#define R_EC_P256 3
-#define R_EC_P384 4
-#define R_EC_P521 5
-#define R_EC_K163 6
-#define R_EC_K233 7
-#define R_EC_K283 8
-#define R_EC_K409 9
-#define R_EC_K571 10
-#define R_EC_B163 11
-#define R_EC_B233 12
-#define R_EC_B283 13
-#define R_EC_B409 14
-#define R_EC_B571 15
-
-#ifndef OPENSSL_NO_RSA
- RSA *rsa_key[RSA_NUM];
- long rsa_c[RSA_NUM][2];
- static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
- static unsigned char *rsa_data[RSA_NUM]=
- {test512,test1024,test2048,test4096};
- static int rsa_data_length[RSA_NUM]={
- sizeof(test512),sizeof(test1024),
- sizeof(test2048),sizeof(test4096)};
-#endif
-#ifndef OPENSSL_NO_DSA
- DSA *dsa_key[DSA_NUM];
- long dsa_c[DSA_NUM][2];
- static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
-#endif
-#ifndef OPENSSL_NO_EC
- /* We only test over the following curves as they are representative,
- * To add tests over more curves, simply add the curve NID
- * and curve name to the following arrays and increase the
- * EC_NUM value accordingly.
- */
- static unsigned int test_curves[EC_NUM] =
- {
- /* Prime Curves */
- NID_secp160r1,
- NID_X9_62_prime192v1,
- NID_secp224r1,
- NID_X9_62_prime256v1,
- NID_secp384r1,
- NID_secp521r1,
- /* Binary Curves */
- NID_sect163k1,
- NID_sect233k1,
- NID_sect283k1,
- NID_sect409k1,
- NID_sect571k1,
- NID_sect163r2,
- NID_sect233r1,
- NID_sect283r1,
- NID_sect409r1,
- NID_sect571r1
- };
- static const char * test_curves_names[EC_NUM] =
- {
- /* Prime Curves */
- "secp160r1",
- "nistp192",
- "nistp224",
- "nistp256",
- "nistp384",
- "nistp521",
- /* Binary Curves */
- "nistk163",
- "nistk233",
- "nistk283",
- "nistk409",
- "nistk571",
- "nistb163",
- "nistb233",
- "nistb283",
- "nistb409",
- "nistb571"
- };
- static int test_curves_bits[EC_NUM] =
- {
- 160, 192, 224, 256, 384, 521,
- 163, 233, 283, 409, 571,
- 163, 233, 283, 409, 571
- };
-
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
- unsigned char ecdsasig[256];
- unsigned int ecdsasiglen;
- EC_KEY *ecdsa[EC_NUM];
- long ecdsa_c[EC_NUM][2];
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
- unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
- int secret_size_a, secret_size_b;
- int ecdh_checks = 0;
- int secret_idx = 0;
- long ecdh_c[EC_NUM][2];
-#endif
-
- int rsa_doit[RSA_NUM];
- int dsa_doit[DSA_NUM];
-#ifndef OPENSSL_NO_ECDSA
- int ecdsa_doit[EC_NUM];
-#endif
-#ifndef OPENSSL_NO_ECDH
- int ecdh_doit[EC_NUM];
-#endif
- int doit[ALGOR_NUM];
- int pr_header=0;
- const EVP_CIPHER *evp_cipher=NULL;
- const EVP_MD *evp_md=NULL;
- int decrypt=0;
-#ifndef NO_FORK
- int multi=0;
-#endif
-
-#ifndef TIMES
- usertime=-1;
-#endif
-
- apps_startup();
- memset(results, 0, sizeof(results));
-#ifndef OPENSSL_NO_DSA
- memset(dsa_key,0,sizeof(dsa_key));
-#endif
-#ifndef OPENSSL_NO_ECDSA
- for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
- for (i=0; i<EC_NUM; i++)
- {
- ecdh_a[i] = NULL;
- ecdh_b[i] = NULL;
- }
-#endif
-
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
-#ifndef OPENSSL_NO_RSA
- memset(rsa_key,0,sizeof(rsa_key));
- for (i=0; i<RSA_NUM; i++)
- rsa_key[i]=NULL;
-#endif
-
- if ((buf=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
- goto end;
- }
- if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
- goto end;
- }
-
- memset(c,0,sizeof(c));
- memset(DES_iv,0,sizeof(DES_iv));
- memset(iv,0,sizeof(iv));
-
- for (i=0; i<ALGOR_NUM; i++)
- doit[i]=0;
- for (i=0; i<RSA_NUM; i++)
- rsa_doit[i]=0;
- for (i=0; i<DSA_NUM; i++)
- dsa_doit[i]=0;
-#ifndef OPENSSL_NO_ECDSA
- for (i=0; i<EC_NUM; i++)
- ecdsa_doit[i]=0;
-#endif
-#ifndef OPENSSL_NO_ECDH
- for (i=0; i<EC_NUM; i++)
- ecdh_doit[i]=0;
-#endif
-
-
- j=0;
- argc--;
- argv++;
- while (argc)
- {
- if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
- {
- usertime = 0;
- j--; /* Otherwise, -elapsed gets confused with
- an algorithm. */
- }
- else if ((argc > 0) && (strcmp(*argv,"-evp") == 0))
- {
- argc--;
- argv++;
- if(argc == 0)
- {
- BIO_printf(bio_err,"no EVP given\n");
- goto end;
- }
- evp_cipher=EVP_get_cipherbyname(*argv);
- if(!evp_cipher)
- {
- evp_md=EVP_get_digestbyname(*argv);
- }
- if(!evp_cipher && !evp_md)
- {
- BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv);
- goto end;
- }
- doit[D_EVP]=1;
- }
- else if (argc > 0 && !strcmp(*argv,"-decrypt"))
- {
- decrypt=1;
- j--; /* Otherwise, -elapsed gets confused with
- an algorithm. */
- }
-#ifndef OPENSSL_NO_ENGINE
- else if ((argc > 0) && (strcmp(*argv,"-engine") == 0))
- {
- argc--;
- argv++;
- if(argc == 0)
- {
- BIO_printf(bio_err,"no engine given\n");
- goto end;
- }
- setup_engine(bio_err, *argv, 0);
- /* j will be increased again further down. We just
- don't want speed to confuse an engine with an
- algorithm, especially when none is given (which
- means all of them should be run) */
- j--;
- }
-#endif
-#ifndef NO_FORK
- else if ((argc > 0) && (strcmp(*argv,"-multi") == 0))
- {
- argc--;
- argv++;
- if(argc == 0)
- {
- BIO_printf(bio_err,"no multi count given\n");
- goto end;
- }
- multi=atoi(argv[0]);
- if(multi <= 0)
- {
- BIO_printf(bio_err,"bad multi count\n");
- goto end;
- }
- j--; /* Otherwise, -mr gets confused with
- an algorithm. */
- }
-#endif
- else if (argc > 0 && !strcmp(*argv,"-mr"))
- {
- mr=1;
- j--; /* Otherwise, -mr gets confused with
- an algorithm. */
- }
- else
-#ifndef OPENSSL_NO_MD2
- if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
- else
-#endif
-#ifndef OPENSSL_NO_MDC2
- if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
- else
-#endif
-#ifndef OPENSSL_NO_MD4
- if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
- else
-#endif
-#ifndef OPENSSL_NO_MD5
- if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
- else
-#endif
-#ifndef OPENSSL_NO_MD5
- if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
- else
-#endif
-#ifndef OPENSSL_NO_SHA
- if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
- else
- if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1,
- doit[D_SHA256]=1,
- doit[D_SHA512]=1;
- else
-#ifndef OPENSSL_NO_SHA256
- if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
- else
-#endif
-#ifndef OPENSSL_NO_SHA512
- if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1;
- else
-#endif
-#endif
-#ifndef OPENSSL_NO_RIPEMD
- if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
- else
- if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
- else
- if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
- else
-#endif
-#ifndef OPENSSL_NO_RC4
- if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
- else
-#endif
-#ifndef OPENSSL_NO_DES
- if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
- else if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
- else
-#endif
-#ifndef OPENSSL_NO_AES
- if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1;
- else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1;
- else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
- else if (strcmp(*argv,"aes-128-ige") == 0) doit[D_IGE_128_AES]=1;
- else if (strcmp(*argv,"aes-192-ige") == 0) doit[D_IGE_192_AES]=1;
- else if (strcmp(*argv,"aes-256-ige") == 0) doit[D_IGE_256_AES]=1;
- else
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1;
- else if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1;
- else if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1;
- else
-#endif
-#ifndef OPENSSL_NO_RSA
-#if 0 /* was: #ifdef RSAref */
- if (strcmp(*argv,"rsaref") == 0)
- {
- RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
- j--;
- }
- else
-#endif
-#ifndef RSA_NULL
- if (strcmp(*argv,"openssl") == 0)
- {
- RSA_set_default_method(RSA_PKCS1_SSLeay());
- j--;
- }
- else
-#endif
-#endif /* !OPENSSL_NO_RSA */
- if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
- else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
- else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
- else if (strcmp(*argv,"rsa512") == 0) rsa_doit[R_RSA_512]=2;
- else if (strcmp(*argv,"rsa1024") == 0) rsa_doit[R_RSA_1024]=2;
- else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
- else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
- else
-#ifndef OPENSSL_NO_RC2
- if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
- else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
- else
-#endif
-#ifndef OPENSSL_NO_RC5
- if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
- else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
- else
-#endif
-#ifndef OPENSSL_NO_IDEA
- if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
- else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
- else
-#endif
-#ifndef OPENSSL_NO_SEED
- if (strcmp(*argv,"seed-cbc") == 0) doit[D_CBC_SEED]=1;
- else if (strcmp(*argv,"seed") == 0) doit[D_CBC_SEED]=1;
- else
-#endif
-#ifndef OPENSSL_NO_BF
- if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
- else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
- else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
- else
-#endif
-#ifndef OPENSSL_NO_CAST
- if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
- else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
- else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
- else
-#endif
-#ifndef OPENSSL_NO_DES
- if (strcmp(*argv,"des") == 0)
- {
- doit[D_CBC_DES]=1;
- doit[D_EDE3_DES]=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_AES
- if (strcmp(*argv,"aes") == 0)
- {
- doit[D_CBC_128_AES]=1;
- doit[D_CBC_192_AES]=1;
- doit[D_CBC_256_AES]=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- if (strcmp(*argv,"camellia") == 0)
- {
- doit[D_CBC_128_CML]=1;
- doit[D_CBC_192_CML]=1;
- doit[D_CBC_256_CML]=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_RSA
- if (strcmp(*argv,"rsa") == 0)
- {
- rsa_doit[R_RSA_512]=1;
- rsa_doit[R_RSA_1024]=1;
- rsa_doit[R_RSA_2048]=1;
- rsa_doit[R_RSA_4096]=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (strcmp(*argv,"dsa") == 0)
- {
- dsa_doit[R_DSA_512]=1;
- dsa_doit[R_DSA_1024]=1;
- dsa_doit[R_DSA_2048]=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
- else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;
- else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
- else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
- else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
- else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
- else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
- else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
- else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
- else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
- else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
- else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
- else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
- else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
- else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
- else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
- else if (strcmp(*argv,"ecdsa") == 0)
- {
- for (i=0; i < EC_NUM; i++)
- ecdsa_doit[i]=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
- else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;
- else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
- else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
- else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
- else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
- else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
- else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
- else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
- else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
- else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
- else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
- else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
- else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
- else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
- else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
- else if (strcmp(*argv,"ecdh") == 0)
- {
- for (i=0; i < EC_NUM; i++)
- ecdh_doit[i]=1;
- }
- else
-#endif
- {
- BIO_printf(bio_err,"Error: bad option or value\n");
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err,"Available values:\n");
-#ifndef OPENSSL_NO_MD2
- BIO_printf(bio_err,"md2 ");
-#endif
-#ifndef OPENSSL_NO_MDC2
- BIO_printf(bio_err,"mdc2 ");
-#endif
-#ifndef OPENSSL_NO_MD4
- BIO_printf(bio_err,"md4 ");
-#endif
-#ifndef OPENSSL_NO_MD5
- BIO_printf(bio_err,"md5 ");
-#ifndef OPENSSL_NO_HMAC
- BIO_printf(bio_err,"hmac ");
-#endif
-#endif
-#ifndef OPENSSL_NO_SHA1
- BIO_printf(bio_err,"sha1 ");
-#endif
-#ifndef OPENSSL_NO_SHA256
- BIO_printf(bio_err,"sha256 ");
-#endif
-#ifndef OPENSSL_NO_SHA512
- BIO_printf(bio_err,"sha512 ");
-#endif
-#ifndef OPENSSL_NO_RIPEMD160
- BIO_printf(bio_err,"rmd160");
-#endif
-#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
- !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
- !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160)
- BIO_printf(bio_err,"\n");
-#endif
-
-#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err,"idea-cbc ");
-#endif
-#ifndef OPENSSL_NO_SEED
- BIO_printf(bio_err,"seed-cbc ");
-#endif
-#ifndef OPENSSL_NO_RC2
- BIO_printf(bio_err,"rc2-cbc ");
-#endif
-#ifndef OPENSSL_NO_RC5
- BIO_printf(bio_err,"rc5-cbc ");
-#endif
-#ifndef OPENSSL_NO_BF
- BIO_printf(bio_err,"bf-cbc");
-#endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
- !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
- BIO_printf(bio_err,"\n");
-#endif
-#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err,"des-cbc des-ede3 ");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
- BIO_printf(bio_err,"aes-128-ige aes-192-ige aes-256-ige ");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
-#endif
-#ifndef OPENSSL_NO_RC4
- BIO_printf(bio_err,"rc4");
-#endif
- BIO_printf(bio_err,"\n");
-
-#ifndef OPENSSL_NO_RSA
- BIO_printf(bio_err,"rsa512 rsa1024 rsa2048 rsa4096\n");
-#endif
-
-#ifndef OPENSSL_NO_DSA
- BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n");
-#endif
-#ifndef OPENSSL_NO_ECDSA
- BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
- BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
- BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
- BIO_printf(bio_err,"ecdsa\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err,"ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n");
- BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
- BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
- BIO_printf(bio_err,"ecdh\n");
-#endif
-
-#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err,"idea ");
-#endif
-#ifndef OPENSSL_NO_SEED
- BIO_printf(bio_err,"seed ");
-#endif
-#ifndef OPENSSL_NO_RC2
- BIO_printf(bio_err,"rc2 ");
-#endif
-#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err,"des ");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err,"aes ");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err,"camellia ");
-#endif
-#ifndef OPENSSL_NO_RSA
- BIO_printf(bio_err,"rsa ");
-#endif
-#ifndef OPENSSL_NO_BF
- BIO_printf(bio_err,"blowfish");
-#endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
- !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \
- !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \
- !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)
- BIO_printf(bio_err,"\n");
-#endif
-
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err,"Available options:\n");
-#if defined(TIMES) || defined(USE_TOD)
- BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
-#endif
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err,"-evp e use EVP e.\n");
- BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n");
- BIO_printf(bio_err,"-mr produce machine readable output.\n");
-#ifndef NO_FORK
- BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
-#endif
- goto end;
- }
- argc--;
- argv++;
- j++;
- }
-
-#ifndef NO_FORK
- if(multi && do_multi(multi))
- goto show_res;
-#endif
-
- if (j == 0)
- {
- for (i=0; i<ALGOR_NUM; i++)
- {
- if (i != D_EVP)
- doit[i]=1;
- }
- for (i=0; i<RSA_NUM; i++)
- rsa_doit[i]=1;
- for (i=0; i<DSA_NUM; i++)
- dsa_doit[i]=1;
- }
- for (i=0; i<ALGOR_NUM; i++)
- if (doit[i]) pr_header++;
-
- if (usertime == 0 && !mr)
- BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
- if (usertime <= 0 && !mr)
- {
- BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
- BIO_printf(bio_err,"program when this computer is idle.\n");
- }
-
-#ifndef OPENSSL_NO_RSA
- for (i=0; i<RSA_NUM; i++)
- {
- const unsigned char *p;
-
- p=rsa_data[i];
- rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
- if (rsa_key[i] == NULL)
- {
- BIO_printf(bio_err,"internal error loading RSA key number %d\n",i);
- goto end;
- }
-#if 0
- else
- {
- BIO_printf(bio_err,mr ? "+RK:%d:"
- : "Loaded RSA key, %d bit modulus and e= 0x",
- BN_num_bits(rsa_key[i]->n));
- BN_print(bio_err,rsa_key[i]->e);
- BIO_printf(bio_err,"\n");
- }
-#endif
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
- dsa_key[0]=get_dsa512();
- dsa_key[1]=get_dsa1024();
- dsa_key[2]=get_dsa2048();
-#endif
-
-#ifndef OPENSSL_NO_DES
- DES_set_key_unchecked(&key,&sch);
- DES_set_key_unchecked(&key2,&sch2);
- DES_set_key_unchecked(&key3,&sch3);
-#endif
-#ifndef OPENSSL_NO_AES
- AES_set_encrypt_key(key16,128,&aes_ks1);
- AES_set_encrypt_key(key24,192,&aes_ks2);
- AES_set_encrypt_key(key32,256,&aes_ks3);
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- Camellia_set_key(key16,128,&camellia_ks1);
- Camellia_set_key(ckey24,192,&camellia_ks2);
- Camellia_set_key(ckey32,256,&camellia_ks3);
-#endif
-#ifndef OPENSSL_NO_IDEA
- idea_set_encrypt_key(key16,&idea_ks);
-#endif
-#ifndef OPENSSL_NO_SEED
- SEED_set_key(key16,&seed_ks);
-#endif
-#ifndef OPENSSL_NO_RC4
- RC4_set_key(&rc4_ks,16,key16);
-#endif
-#ifndef OPENSSL_NO_RC2
- RC2_set_key(&rc2_ks,16,key16,128);
-#endif
-#ifndef OPENSSL_NO_RC5
- RC5_32_set_key(&rc5_ks,16,key16,12);
-#endif
-#ifndef OPENSSL_NO_BF
- BF_set_key(&bf_ks,16,key16);
-#endif
-#ifndef OPENSSL_NO_CAST
- CAST_set_key(&cast_ks,16,key16);
-#endif
-#ifndef OPENSSL_NO_RSA
- memset(rsa_c,0,sizeof(rsa_c));
-#endif
-#ifndef SIGALRM
-#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
- count=10;
- do {
- long it;
- count*=2;
- Time_F(START);
- for (it=count; it; it--)
- DES_ecb_encrypt((DES_cblock *)buf,
- (DES_cblock *)buf,
- &sch,DES_ENCRYPT);
- d=Time_F(STOP);
- } while (d <3);
- save_count=count;
- c[D_MD2][0]=count/10;
- c[D_MDC2][0]=count/10;
- c[D_MD4][0]=count;
- c[D_MD5][0]=count;
- c[D_HMAC][0]=count;
- c[D_SHA1][0]=count;
- c[D_RMD160][0]=count;
- c[D_RC4][0]=count*5;
- c[D_CBC_DES][0]=count;
- c[D_EDE3_DES][0]=count/3;
- c[D_CBC_IDEA][0]=count;
- c[D_CBC_SEED][0]=count;
- c[D_CBC_RC2][0]=count;
- c[D_CBC_RC5][0]=count;
- c[D_CBC_BF][0]=count;
- c[D_CBC_CAST][0]=count;
- c[D_CBC_128_AES][0]=count;
- c[D_CBC_192_AES][0]=count;
- c[D_CBC_256_AES][0]=count;
- c[D_CBC_128_CML][0]=count;
- c[D_CBC_192_CML][0]=count;
- c[D_CBC_256_CML][0]=count;
- c[D_SHA256][0]=count;
- c[D_SHA512][0]=count;
- c[D_IGE_128_AES][0]=count;
- c[D_IGE_192_AES][0]=count;
- c[D_IGE_256_AES][0]=count;
-
- for (i=1; i<SIZE_NUM; i++)
- {
- c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
- c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
- c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i];
- c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
- c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
- c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
- c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
- c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];
- c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];
- }
- for (i=1; i<SIZE_NUM; i++)
- {
- long l0,l1;
-
- l0=(long)lengths[i-1];
- l1=(long)lengths[i];
- c[D_RC4][i]=c[D_RC4][i-1]*l0/l1;
- c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1;
- c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;
- c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;
- c[D_CBC_SEED][i]=c[D_CBC_SEED][i-1]*l0/l1;
- c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;
- c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
- c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
- c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
- c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
- c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
- c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
- c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1;
- c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1;
- c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1;
- c[D_IGE_128_AES][i]=c[D_IGE_128_AES][i-1]*l0/l1;
- c[D_IGE_192_AES][i]=c[D_IGE_192_AES][i-1]*l0/l1;
- c[D_IGE_256_AES][i]=c[D_IGE_256_AES][i-1]*l0/l1;
- }
-#ifndef OPENSSL_NO_RSA
- rsa_c[R_RSA_512][0]=count/2000;
- rsa_c[R_RSA_512][1]=count/400;
- for (i=1; i<RSA_NUM; i++)
- {
- rsa_c[i][0]=rsa_c[i-1][0]/8;
- rsa_c[i][1]=rsa_c[i-1][1]/4;
- if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
- rsa_doit[i]=0;
- else
- {
- if (rsa_c[i][0] == 0)
- {
- rsa_c[i][0]=1;
- rsa_c[i][1]=20;
- }
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
- dsa_c[R_DSA_512][0]=count/1000;
- dsa_c[R_DSA_512][1]=count/1000/2;
- for (i=1; i<DSA_NUM; i++)
- {
- dsa_c[i][0]=dsa_c[i-1][0]/4;
- dsa_c[i][1]=dsa_c[i-1][1]/4;
- if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
- dsa_doit[i]=0;
- else
- {
- if (dsa_c[i] == 0)
- {
- dsa_c[i][0]=1;
- dsa_c[i][1]=1;
- }
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
- ecdsa_c[R_EC_P160][0]=count/1000;
- ecdsa_c[R_EC_P160][1]=count/1000/2;
- for (i=R_EC_P192; i<=R_EC_P521; i++)
- {
- ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
- ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
- if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
- ecdsa_doit[i]=0;
- else
- {
- if (ecdsa_c[i] == 0)
- {
- ecdsa_c[i][0]=1;
- ecdsa_c[i][1]=1;
- }
- }
- }
- ecdsa_c[R_EC_K163][0]=count/1000;
- ecdsa_c[R_EC_K163][1]=count/1000/2;
- for (i=R_EC_K233; i<=R_EC_K571; i++)
- {
- ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
- ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
- if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
- ecdsa_doit[i]=0;
- else
- {
- if (ecdsa_c[i] == 0)
- {
- ecdsa_c[i][0]=1;
- ecdsa_c[i][1]=1;
- }
- }
- }
- ecdsa_c[R_EC_B163][0]=count/1000;
- ecdsa_c[R_EC_B163][1]=count/1000/2;
- for (i=R_EC_B233; i<=R_EC_B571; i++)
- {
- ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
- ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
- if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
- ecdsa_doit[i]=0;
- else
- {
- if (ecdsa_c[i] == 0)
- {
- ecdsa_c[i][0]=1;
- ecdsa_c[i][1]=1;
- }
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- ecdh_c[R_EC_P160][0]=count/1000;
- ecdh_c[R_EC_P160][1]=count/1000;
- for (i=R_EC_P192; i<=R_EC_P521; i++)
- {
- ecdh_c[i][0]=ecdh_c[i-1][0]/2;
- ecdh_c[i][1]=ecdh_c[i-1][1]/2;
- if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
- ecdh_doit[i]=0;
- else
- {
- if (ecdh_c[i] == 0)
- {
- ecdh_c[i][0]=1;
- ecdh_c[i][1]=1;
- }
- }
- }
- ecdh_c[R_EC_K163][0]=count/1000;
- ecdh_c[R_EC_K163][1]=count/1000;
- for (i=R_EC_K233; i<=R_EC_K571; i++)
- {
- ecdh_c[i][0]=ecdh_c[i-1][0]/2;
- ecdh_c[i][1]=ecdh_c[i-1][1]/2;
- if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
- ecdh_doit[i]=0;
- else
- {
- if (ecdh_c[i] == 0)
- {
- ecdh_c[i][0]=1;
- ecdh_c[i][1]=1;
- }
- }
- }
- ecdh_c[R_EC_B163][0]=count/1000;
- ecdh_c[R_EC_B163][1]=count/1000;
- for (i=R_EC_B233; i<=R_EC_B571; i++)
- {
- ecdh_c[i][0]=ecdh_c[i-1][0]/2;
- ecdh_c[i][1]=ecdh_c[i-1][1]/2;
- if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
- ecdh_doit[i]=0;
- else
- {
- if (ecdh_c[i] == 0)
- {
- ecdh_c[i][0]=1;
- ecdh_c[i][1]=1;
- }
- }
- }
-#endif
-
-#define COND(d) (count < (d))
-#define COUNT(d) (d)
-#else
-/* not worth fixing */
-# error "You cannot disable DES on systems without SIGALRM."
-#endif /* OPENSSL_NO_DES */
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
-#endif /* SIGALRM */
-
-#ifndef OPENSSL_NO_MD2
- if (doit[D_MD2])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_MD2][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL);
- d=Time_F(STOP);
- print_result(D_MD2,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_MDC2
- if (doit[D_MDC2])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_MDC2][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL);
- d=Time_F(STOP);
- print_result(D_MDC2,j,count,d);
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_MD4
- if (doit[D_MD4])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_MD4][j]); count++)
- EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL);
- d=Time_F(STOP);
- print_result(D_MD4,j,count,d);
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_MD5
- if (doit[D_MD5])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_MD5][j]); count++)
- EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);
- d=Time_F(STOP);
- print_result(D_MD5,j,count,d);
- }
- }
-#endif
-
-#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
- if (doit[D_HMAC])
- {
- HMAC_CTX hctx;
-
- HMAC_CTX_init(&hctx);
- HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
- 16,EVP_md5(), NULL);
-
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_HMAC][j]); count++)
- {
- HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
- HMAC_Update(&hctx,buf,lengths[j]);
- HMAC_Final(&hctx,&(hmac[0]),NULL);
- }
- d=Time_F(STOP);
- print_result(D_HMAC,j,count,d);
- }
- HMAC_CTX_cleanup(&hctx);
- }
-#endif
-#ifndef OPENSSL_NO_SHA
- if (doit[D_SHA1])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_SHA1][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);
- d=Time_F(STOP);
- print_result(D_SHA1,j,count,d);
- }
- }
-
-#ifndef OPENSSL_NO_SHA256
- if (doit[D_SHA256])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_SHA256][j]); count++)
- SHA256(buf,lengths[j],sha256);
- d=Time_F(STOP);
- print_result(D_SHA256,j,count,d);
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_SHA512
- if (doit[D_SHA512])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_SHA512][j]); count++)
- SHA512(buf,lengths[j],sha512);
- d=Time_F(STOP);
- print_result(D_SHA512,j,count,d);
- }
- }
-#endif
-
-#endif
-#ifndef OPENSSL_NO_RIPEMD
- if (doit[D_RMD160])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_RMD160][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL);
- d=Time_F(STOP);
- print_result(D_RMD160,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_RC4
- if (doit[D_RC4])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_RC4][j]); count++)
- RC4(&rc4_ks,(unsigned int)lengths[j],
- buf,buf);
- d=Time_F(STOP);
- print_result(D_RC4,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_DES
- if (doit[D_CBC_DES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
- DES_ncbc_encrypt(buf,buf,lengths[j],&sch,
- &DES_iv,DES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_DES,j,count,d);
- }
- }
-
- if (doit[D_EDE3_DES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
- DES_ede3_cbc_encrypt(buf,buf,lengths[j],
- &sch,&sch2,&sch3,
- &DES_iv,DES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_EDE3_DES,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_AES
- if (doit[D_CBC_128_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_128_AES],c[D_CBC_128_AES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_128_AES][j]); count++)
- AES_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&aes_ks1,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_128_AES,j,count,d);
- }
- }
- if (doit[D_CBC_192_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_192_AES],c[D_CBC_192_AES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_192_AES][j]); count++)
- AES_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&aes_ks2,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_192_AES,j,count,d);
- }
- }
- if (doit[D_CBC_256_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_256_AES],c[D_CBC_256_AES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_256_AES][j]); count++)
- AES_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&aes_ks3,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_256_AES,j,count,d);
- }
- }
-
- if (doit[D_IGE_128_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_IGE_128_AES],c[D_IGE_128_AES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_IGE_128_AES][j]); count++)
- AES_ige_encrypt(buf,buf2,
- (unsigned long)lengths[j],&aes_ks1,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_IGE_128_AES,j,count,d);
- }
- }
- if (doit[D_IGE_192_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_IGE_192_AES],c[D_IGE_192_AES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_IGE_192_AES][j]); count++)
- AES_ige_encrypt(buf,buf2,
- (unsigned long)lengths[j],&aes_ks2,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_IGE_192_AES,j,count,d);
- }
- }
- if (doit[D_IGE_256_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_IGE_256_AES],c[D_IGE_256_AES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_IGE_256_AES][j]); count++)
- AES_ige_encrypt(buf,buf2,
- (unsigned long)lengths[j],&aes_ks3,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_IGE_256_AES,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- if (doit[D_CBC_128_CML])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_128_CML],c[D_CBC_128_CML][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_128_CML][j]); count++)
- Camellia_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&camellia_ks1,
- iv,CAMELLIA_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_128_CML,j,count,d);
- }
- }
- if (doit[D_CBC_192_CML])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_192_CML],c[D_CBC_192_CML][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_192_CML][j]); count++)
- Camellia_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&camellia_ks2,
- iv,CAMELLIA_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_192_CML,j,count,d);
- }
- }
- if (doit[D_CBC_256_CML])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_256_CML],c[D_CBC_256_CML][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_256_CML][j]); count++)
- Camellia_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&camellia_ks3,
- iv,CAMELLIA_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_256_CML,j,count,d);
- }
- }
-
-#endif
-#ifndef OPENSSL_NO_IDEA
- if (doit[D_CBC_IDEA])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
- idea_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&idea_ks,
- iv,IDEA_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_IDEA,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_SEED
- if (doit[D_CBC_SEED])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_SEED],c[D_CBC_SEED][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_SEED][j]); count++)
- SEED_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&seed_ks,iv,1);
- d=Time_F(STOP);
- print_result(D_CBC_SEED,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_RC2
- if (doit[D_CBC_RC2])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
- RC2_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&rc2_ks,
- iv,RC2_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_RC2,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_RC5
- if (doit[D_CBC_RC5])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
- RC5_32_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&rc5_ks,
- iv,RC5_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_RC5,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_BF
- if (doit[D_CBC_BF])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
- BF_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&bf_ks,
- iv,BF_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_BF,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_CAST
- if (doit[D_CBC_CAST])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
- CAST_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&cast_ks,
- iv,CAST_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_CAST,j,count,d);
- }
- }
-#endif
-
- if (doit[D_EVP])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- if (evp_cipher)
- {
- EVP_CIPHER_CTX ctx;
- int outl;
-
- names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
- /* -O3 -fschedule-insns messes up an
- * optimization here! names[D_EVP]
- * somehow becomes NULL */
- print_message(names[D_EVP],save_count,
- lengths[j]);
-
- EVP_CIPHER_CTX_init(&ctx);
- if(decrypt)
- EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
- else
- EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
-
- Time_F(START);
- if(decrypt)
- for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
- EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
- else
- for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
- EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
- if(decrypt)
- EVP_DecryptFinal_ex(&ctx,buf,&outl);
- else
- EVP_EncryptFinal_ex(&ctx,buf,&outl);
- d=Time_F(STOP);
- EVP_CIPHER_CTX_cleanup(&ctx);
- }
- if (evp_md)
- {
- names[D_EVP]=OBJ_nid2ln(evp_md->type);
- print_message(names[D_EVP],save_count,
- lengths[j]);
-
- Time_F(START);
- for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
- EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL);
-
- d=Time_F(STOP);
- }
- print_result(D_EVP,j,count,d);
- }
- }
-
- RAND_pseudo_bytes(buf,36);
-#ifndef OPENSSL_NO_RSA
- for (j=0; j<RSA_NUM; j++)
- {
- int ret;
- if (!rsa_doit[j]) continue;
- ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,"RSA sign failure. No RSA sign will be done.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- pkey_print_message("private","rsa",
- rsa_c[j][0],rsa_bits[j],
- RSA_SECONDS);
-/* RSA_blinding_on(rsa_key[j],NULL); */
- Time_F(START);
- for (count=0,run=1; COND(rsa_c[j][0]); count++)
- {
- ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
- &rsa_num, rsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,
- "RSA sign failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
- : "%ld %d bit private RSA's in %.2fs\n",
- count,rsa_bits[j],d);
- rsa_results[j][0]=d/(double)count;
- rsa_count=count;
- }
-
-#if 1
- ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
- if (ret <= 0)
- {
- BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n");
- ERR_print_errors(bio_err);
- rsa_doit[j] = 0;
- }
- else
- {
- pkey_print_message("public","rsa",
- rsa_c[j][1],rsa_bits[j],
- RSA_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(rsa_c[j][1]); count++)
- {
- ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
- rsa_num, rsa_key[j]);
- if (ret <= 0)
- {
- BIO_printf(bio_err,
- "RSA verify failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
- : "%ld %d bit public RSA's in %.2fs\n",
- count,rsa_bits[j],d);
- rsa_results[j][1]=d/(double)count;
- }
-#endif
-
- if (rsa_count <= 1)
- {
- /* if longer than 10s, don't do any more */
- for (j++; j<RSA_NUM; j++)
- rsa_doit[j]=0;
- }
- }
-#endif
-
- RAND_pseudo_bytes(buf,20);
-#ifndef OPENSSL_NO_DSA
- if (RAND_status() != 1)
- {
- RAND_seed(rnd_seed, sizeof rnd_seed);
- rnd_fake = 1;
- }
- for (j=0; j<DSA_NUM; j++)
- {
- unsigned int kk;
- int ret;
-
- if (!dsa_doit[j]) continue;
-/* DSA_generate_key(dsa_key[j]); */
-/* DSA_sign_setup(dsa_key[j],NULL); */
- ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
- &kk,dsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,"DSA sign failure. No DSA sign will be done.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- pkey_print_message("sign","dsa",
- dsa_c[j][0],dsa_bits[j],
- DSA_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(dsa_c[j][0]); count++)
- {
- ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
- &kk,dsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,
- "DSA sign failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
- : "%ld %d bit DSA signs in %.2fs\n",
- count,dsa_bits[j],d);
- dsa_results[j][0]=d/(double)count;
- rsa_count=count;
- }
-
- ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
- kk,dsa_key[j]);
- if (ret <= 0)
- {
- BIO_printf(bio_err,"DSA verify failure. No DSA verify will be done.\n");
- ERR_print_errors(bio_err);
- dsa_doit[j] = 0;
- }
- else
- {
- pkey_print_message("verify","dsa",
- dsa_c[j][1],dsa_bits[j],
- DSA_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(dsa_c[j][1]); count++)
- {
- ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
- kk,dsa_key[j]);
- if (ret <= 0)
- {
- BIO_printf(bio_err,
- "DSA verify failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
- : "%ld %d bit DSA verify in %.2fs\n",
- count,dsa_bits[j],d);
- dsa_results[j][1]=d/(double)count;
- }
-
- if (rsa_count <= 1)
- {
- /* if longer than 10s, don't do any more */
- for (j++; j<DSA_NUM; j++)
- dsa_doit[j]=0;
- }
- }
- if (rnd_fake) RAND_cleanup();
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
- if (RAND_status() != 1)
- {
- RAND_seed(rnd_seed, sizeof rnd_seed);
- rnd_fake = 1;
- }
- for (j=0; j<EC_NUM; j++)
- {
- int ret;
-
- if (!ecdsa_doit[j]) continue; /* Ignore Curve */
- ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
- if (ecdsa[j] == NULL)
- {
- BIO_printf(bio_err,"ECDSA failure.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
-#if 1
- EC_KEY_precompute_mult(ecdsa[j], NULL);
-#endif
- /* Perform ECDSA signature test */
- EC_KEY_generate_key(ecdsa[j]);
- ret = ECDSA_sign(0, buf, 20, ecdsasig,
- &ecdsasiglen, ecdsa[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- pkey_print_message("sign","ecdsa",
- ecdsa_c[j][0],
- test_curves_bits[j],
- ECDSA_SECONDS);
-
- Time_F(START);
- for (count=0,run=1; COND(ecdsa_c[j][0]);
- count++)
- {
- ret=ECDSA_sign(0, buf, 20,
- ecdsasig, &ecdsasiglen,
- ecdsa[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err, "ECDSA sign failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
-
- BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
- "%ld %d bit ECDSA signs in %.2fs \n",
- count, test_curves_bits[j], d);
- ecdsa_results[j][0]=d/(double)count;
- rsa_count=count;
- }
-
- /* Perform ECDSA verification test */
- ret=ECDSA_verify(0, buf, 20, ecdsasig,
- ecdsasiglen, ecdsa[j]);
- if (ret != 1)
- {
- BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n");
- ERR_print_errors(bio_err);
- ecdsa_doit[j] = 0;
- }
- else
- {
- pkey_print_message("verify","ecdsa",
- ecdsa_c[j][1],
- test_curves_bits[j],
- ECDSA_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(ecdsa_c[j][1]); count++)
- {
- ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
- if (ret != 1)
- {
- BIO_printf(bio_err, "ECDSA verify failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
- : "%ld %d bit ECDSA verify in %.2fs\n",
- count, test_curves_bits[j], d);
- ecdsa_results[j][1]=d/(double)count;
- }
-
- if (rsa_count <= 1)
- {
- /* if longer than 10s, don't do any more */
- for (j++; j<EC_NUM; j++)
- ecdsa_doit[j]=0;
- }
- }
- }
- if (rnd_fake) RAND_cleanup();
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- if (RAND_status() != 1)
- {
- RAND_seed(rnd_seed, sizeof rnd_seed);
- rnd_fake = 1;
- }
- for (j=0; j<EC_NUM; j++)
- {
- if (!ecdh_doit[j]) continue;
- ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
- ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
- if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
- {
- BIO_printf(bio_err,"ECDH failure.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- /* generate two ECDH key pairs */
- if (!EC_KEY_generate_key(ecdh_a[j]) ||
- !EC_KEY_generate_key(ecdh_b[j]))
- {
- BIO_printf(bio_err,"ECDH key generation failure.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- /* If field size is not more than 24 octets, then use SHA-1 hash of result;
- * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
- */
- int field_size, outlen;
- void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);
- field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
- if (field_size <= 24 * 8)
- {
- outlen = KDF1_SHA1_len;
- kdf = KDF1_SHA1;
- }
- else
- {
- outlen = (field_size+7)/8;
- kdf = NULL;
- }
- secret_size_a = ECDH_compute_key(secret_a, outlen,
- EC_KEY_get0_public_key(ecdh_b[j]),
- ecdh_a[j], kdf);
- secret_size_b = ECDH_compute_key(secret_b, outlen,
- EC_KEY_get0_public_key(ecdh_a[j]),
- ecdh_b[j], kdf);
- if (secret_size_a != secret_size_b)
- ecdh_checks = 0;
- else
- ecdh_checks = 1;
-
- for (secret_idx = 0;
- (secret_idx < secret_size_a)
- && (ecdh_checks == 1);
- secret_idx++)
- {
- if (secret_a[secret_idx] != secret_b[secret_idx])
- ecdh_checks = 0;
- }
-
- if (ecdh_checks == 0)
- {
- BIO_printf(bio_err,"ECDH computations don't match.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
-
- pkey_print_message("","ecdh",
- ecdh_c[j][0],
- test_curves_bits[j],
- ECDH_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(ecdh_c[j][0]); count++)
- {
- ECDH_compute_key(secret_a, outlen,
- EC_KEY_get0_public_key(ecdh_b[j]),
- ecdh_a[j], kdf);
- }
- d=Time_F(STOP);
- BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
- count, test_curves_bits[j], d);
- ecdh_results[j][0]=d/(double)count;
- rsa_count=count;
- }
- }
-
-
- if (rsa_count <= 1)
- {
- /* if longer than 10s, don't do any more */
- for (j++; j<EC_NUM; j++)
- ecdh_doit[j]=0;
- }
- }
- if (rnd_fake) RAND_cleanup();
-#endif
-#ifndef NO_FORK
-show_res:
-#endif
- if(!mr)
- {
- fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
- fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
- printf("options:");
- printf("%s ",BN_options());
-#ifndef OPENSSL_NO_MD2
- printf("%s ",MD2_options());
-#endif
-#ifndef OPENSSL_NO_RC4
- printf("%s ",RC4_options());
-#endif
-#ifndef OPENSSL_NO_DES
- printf("%s ",DES_options());
-#endif
-#ifndef OPENSSL_NO_AES
- printf("%s ",AES_options());
-#endif
-#ifndef OPENSSL_NO_IDEA
- printf("%s ",idea_options());
-#endif
-#ifndef OPENSSL_NO_BF
- printf("%s ",BF_options());
-#endif
- fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
- printf("available timing options: ");
-#ifdef TIMES
- printf("TIMES ");
-#endif
-#ifdef TIMEB
- printf("TIMEB ");
-#endif
-#ifdef USE_TOD
- printf("USE_TOD ");
-#endif
-#ifdef HZ
-#define as_string(s) (#s)
- {
- double dbl = HZ;
- printf("HZ=%g", dbl);
- }
-# ifdef _SC_CLK_TCK
- printf(" [sysconf value]");
-# endif
-#endif
- printf("\n");
- printf("timing function used: %s%s%s%s%s%s%s\n",
- (ftime_used ? "ftime" : ""),
- (ftime_used + times_used > 1 ? "," : ""),
- (times_used ? "times" : ""),
- (ftime_used + times_used + gettimeofday_used > 1 ? "," : ""),
- (gettimeofday_used ? "gettimeofday" : ""),
- (ftime_used + times_used + gettimeofday_used + getrusage_used > 1 ? "," : ""),
- (getrusage_used ? "getrusage" : ""));
- }
-
- if (pr_header)
- {
- if(mr)
- fprintf(stdout,"+H");
- else
- {
- fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
- fprintf(stdout,"type ");
- }
- for (j=0; j<SIZE_NUM; j++)
- fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
- fprintf(stdout,"\n");
- }
-
- for (k=0; k<ALGOR_NUM; k++)
- {
- if (!doit[k]) continue;
- if(mr)
- fprintf(stdout,"+F:%d:%s",k,names[k]);
- else
- fprintf(stdout,"%-13s",names[k]);
- for (j=0; j<SIZE_NUM; j++)
- {
- if (results[k][j] > 10000 && !mr)
- fprintf(stdout," %11.2fk",results[k][j]/1e3);
- else
- fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
- }
- fprintf(stdout,"\n");
- }
-#ifndef OPENSSL_NO_RSA
- j=1;
- for (k=0; k<RSA_NUM; k++)
- {
- if (!rsa_doit[k]) continue;
- if (j && !mr)
- {
- printf("%18ssign verify sign/s verify/s\n"," ");
- j=0;
- }
- if(mr)
- fprintf(stdout,"+F2:%u:%u:%f:%f\n",
- k,rsa_bits[k],rsa_results[k][0],
- rsa_results[k][1]);
- else
- fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
- rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
- 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
- }
-#endif
-#ifndef OPENSSL_NO_DSA
- j=1;
- for (k=0; k<DSA_NUM; k++)
- {
- if (!dsa_doit[k]) continue;
- if (j && !mr)
- {
- printf("%18ssign verify sign/s verify/s\n"," ");
- j=0;
- }
- if(mr)
- fprintf(stdout,"+F3:%u:%u:%f:%f\n",
- k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
- else
- fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
- dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
- 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
- }
-#endif
-#ifndef OPENSSL_NO_ECDSA
- j=1;
- for (k=0; k<EC_NUM; k++)
- {
- if (!ecdsa_doit[k]) continue;
- if (j && !mr)
- {
- printf("%30ssign verify sign/s verify/s\n"," ");
- j=0;
- }
-
- if (mr)
- fprintf(stdout,"+F4:%u:%u:%f:%f\n",
- k, test_curves_bits[k],
- ecdsa_results[k][0],ecdsa_results[k][1]);
- else
- fprintf(stdout,
- "%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
- test_curves_bits[k],
- test_curves_names[k],
- ecdsa_results[k][0],ecdsa_results[k][1],
- 1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]);
- }
-#endif
-
-
-#ifndef OPENSSL_NO_ECDH
- j=1;
- for (k=0; k<EC_NUM; k++)
- {
- if (!ecdh_doit[k]) continue;
- if (j && !mr)
- {
- printf("%30sop op/s\n"," ");
- j=0;
- }
- if (mr)
- fprintf(stdout,"+F5:%u:%u:%f:%f\n",
- k, test_curves_bits[k],
- ecdh_results[k][0], 1.0/ecdh_results[k][0]);
-
- else
- fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n",
- test_curves_bits[k],
- test_curves_names[k],
- ecdh_results[k][0], 1.0/ecdh_results[k][0]);
- }
-#endif
-
- mret=0;
-
-end:
- ERR_print_errors(bio_err);
- if (buf != NULL) OPENSSL_free(buf);
- if (buf2 != NULL) OPENSSL_free(buf2);
-#ifndef OPENSSL_NO_RSA
- for (i=0; i<RSA_NUM; i++)
- if (rsa_key[i] != NULL)
- RSA_free(rsa_key[i]);
-#endif
-#ifndef OPENSSL_NO_DSA
- for (i=0; i<DSA_NUM; i++)
- if (dsa_key[i] != NULL)
- DSA_free(dsa_key[i]);
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
- for (i=0; i<EC_NUM; i++)
- if (ecdsa[i] != NULL)
- EC_KEY_free(ecdsa[i]);
-#endif
-#ifndef OPENSSL_NO_ECDH
- for (i=0; i<EC_NUM; i++)
- {
- if (ecdh_a[i] != NULL)
- EC_KEY_free(ecdh_a[i]);
- if (ecdh_b[i] != NULL)
- EC_KEY_free(ecdh_b[i]);
- }
-#endif
-
- apps_shutdown();
- OPENSSL_EXIT(mret);
- }
-
-static void print_message(const char *s, long num, int length)
- {
-#ifdef SIGALRM
- BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n"
- : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
- (void)BIO_flush(bio_err);
- alarm(SECONDS);
-#else
- BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n"
- : "Doing %s %ld times on %d size blocks: ",s,num,length);
- (void)BIO_flush(bio_err);
-#endif
-#ifdef LINT
- num=num;
-#endif
- }
-
-static void pkey_print_message(const char *str, const char *str2, long num,
- int bits, int tm)
- {
-#ifdef SIGALRM
- BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"
- : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
- (void)BIO_flush(bio_err);
- alarm(RSA_SECONDS);
-#else
- BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n"
- : "Doing %ld %d bit %s %s's: ",num,bits,str,str2);
- (void)BIO_flush(bio_err);
-#endif
-#ifdef LINT
- num=num;
-#endif
- }
-
-static void print_result(int alg,int run_no,int count,double time_used)
- {
- BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"
- : "%d %s's in %.2fs\n",count,names[alg],time_used);
- results[alg][run_no]=((double)count)/time_used*lengths[run_no];
- }
-
-#ifndef NO_FORK
-static char *sstrsep(char **string, const char *delim)
- {
- char isdelim[256];
- char *token = *string;
-
- if (**string == 0)
- return NULL;
-
- memset(isdelim, 0, sizeof isdelim);
- isdelim[0] = 1;
-
- while (*delim)
- {
- isdelim[(unsigned char)(*delim)] = 1;
- delim++;
- }
-
- while (!isdelim[(unsigned char)(**string)])
- {
- (*string)++;
- }
-
- if (**string)
- {
- **string = 0;
- (*string)++;
- }
-
- return token;
- }
-
-static int do_multi(int multi)
- {
- int n;
- int fd[2];
- int *fds;
- static char sep[]=":";
-
- fds=malloc(multi*sizeof *fds);
- for(n=0 ; n < multi ; ++n)
- {
- if (pipe(fd) == -1)
- {
- fprintf(stderr, "pipe failure\n");
- exit(1);
- }
- fflush(stdout);
- fflush(stderr);
- if(fork())
- {
- close(fd[1]);
- fds[n]=fd[0];
- }
- else
- {
- close(fd[0]);
- close(1);
- if (dup(fd[1]) == -1)
- {
- fprintf(stderr, "dup failed\n");
- exit(1);
- }
- close(fd[1]);
- mr=1;
- usertime=0;
- return 0;
- }
- printf("Forked child %d\n",n);
- }
-
- /* for now, assume the pipe is long enough to take all the output */
- for(n=0 ; n < multi ; ++n)
- {
- FILE *f;
- char buf[1024];
- char *p;
-
- f=fdopen(fds[n],"r");
- while(fgets(buf,sizeof buf,f))
- {
- p=strchr(buf,'\n');
- if(p)
- *p='\0';
- if(buf[0] != '+')
- {
- fprintf(stderr,"Don't understand line '%s' from child %d\n",
- buf,n);
- continue;
- }
- printf("Got: %s from %d\n",buf,n);
- if(!strncmp(buf,"+F:",3))
- {
- int alg;
- int j;
-
- p=buf+3;
- alg=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
- for(j=0 ; j < SIZE_NUM ; ++j)
- results[alg][j]+=atof(sstrsep(&p,sep));
- }
- else if(!strncmp(buf,"+F2:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
- else
- rsa_results[k][0]=d;
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
- else
- rsa_results[k][1]=d;
- }
- else if(!strncmp(buf,"+F2:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
- else
- rsa_results[k][0]=d;
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
- else
- rsa_results[k][1]=d;
- }
- else if(!strncmp(buf,"+F3:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
- else
- dsa_results[k][0]=d;
-
- d=atof(sstrsep(&p,sep));
- if(n)
- dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
- else
- dsa_results[k][1]=d;
- }
-#ifndef OPENSSL_NO_ECDSA
- else if(!strncmp(buf,"+F4:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d);
- else
- ecdsa_results[k][0]=d;
-
- d=atof(sstrsep(&p,sep));
- if(n)
- ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d);
- else
- ecdsa_results[k][1]=d;
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- else if(!strncmp(buf,"+F5:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d);
- else
- ecdh_results[k][0]=d;
-
- }
-#endif
-
- else if(!strncmp(buf,"+H:",3))
- {
- }
- else
- fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n);
- }
- }
- return 1;
- }
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/apps/speed.c (from rev 6976, vendor-crypto/openssl/dist/apps/speed.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/speed.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/speed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2851 @@
+/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The ECDH and ECDSA speed test software is originally written by
+ * Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#ifndef OPENSSL_NO_SPEED
+
+# undef SECONDS
+# define SECONDS 3
+# define RSA_SECONDS 10
+# define DSA_SECONDS 10
+# define ECDSA_SECONDS 10
+# define ECDH_SECONDS 10
+
+/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
+
+# undef PROG
+# define PROG speed_main
+
+# include <stdio.h>
+# include <stdlib.h>
+
+# include <string.h>
+# include <math.h>
+# include "apps.h"
+# ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+# endif
+# include <openssl/crypto.h>
+# include <openssl/rand.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+# endif
+
+# ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+# endif
+
+# if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX)
+# define USE_TOD
+# elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
+# define TIMES
+# endif
+/* FIXME */
+# if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS)
+# define TIMEB
+# endif
+
+# if defined(OPENSSL_SYS_NETWARE)
+# undef TIMES
+# undef TIMEB
+# include <time.h>
+# endif
+
+# ifndef _IRIX
+# include <time.h>
+# endif
+# ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+# endif
+# ifdef USE_TOD
+# include <sys/time.h>
+# include <sys/resource.h>
+# endif
+
+/*
+ * Depending on the VMS version, the tms structure is perhaps defined. The
+ * __TMS macro will show if it was. If it wasn't defined, we should undefine
+ * TIMES, since that tells the rest of the program how things should be
+ * handled. -- Richard Levitte
+ */
+# if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+# endif
+
+# ifdef TIMEB
+# include <sys/timeb.h>
+# endif
+
+# if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
+# error "It seems neither struct tms nor struct timeb is supported in this platform!"
+# endif
+
+# if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+# endif
+
+# include <openssl/bn.h>
+# ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+# endif
+# ifndef OPENSSL_NO_AES
+# include <openssl/aes.h>
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+# include <openssl/camellia.h>
+# endif
+# ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+# endif
+# ifndef OPENSSL_NO_MDC2
+# include <openssl/mdc2.h>
+# endif
+# ifndef OPENSSL_NO_MD4
+# include <openssl/md4.h>
+# endif
+# ifndef OPENSSL_NO_MD5
+# include <openssl/md5.h>
+# endif
+# ifndef OPENSSL_NO_HMAC
+# include <openssl/hmac.h>
+# endif
+# include <openssl/evp.h>
+# ifndef OPENSSL_NO_SHA
+# include <openssl/sha.h>
+# endif
+# ifndef OPENSSL_NO_RIPEMD
+# include <openssl/ripemd.h>
+# endif
+# ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+# endif
+# ifndef OPENSSL_NO_RC5
+# include <openssl/rc5.h>
+# endif
+# ifndef OPENSSL_NO_RC2
+# include <openssl/rc2.h>
+# endif
+# ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+# endif
+# ifndef OPENSSL_NO_SEED
+# include <openssl/seed.h>
+# endif
+# ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+# endif
+# ifndef OPENSSL_NO_CAST
+# include <openssl/cast.h>
+# endif
+# ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# include "./testrsa.h"
+# endif
+# include <openssl/x509.h>
+# ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+# include "./testdsa.h"
+# endif
+# ifndef OPENSSL_NO_ECDSA
+# include <openssl/ecdsa.h>
+# endif
+# ifndef OPENSSL_NO_ECDH
+# include <openssl/ecdh.h>
+# endif
+
+/*
+ * The following "HZ" timing stuff should be sync'd up with the code in
+ * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think
+ * this code is more up to date than libcrypto's so there may be features to
+ * migrate over first. This is used in two places further down AFAICS.
+ * The point is that nothing in openssl actually *uses* that tmdiff stuff, so
+ * either speed.c should be using it or it should go because it's obviously not
+ * useful enough. Anyone want to do a janitorial job on this?
+ */
+
+/* The following if from times(3) man page. It may need to be changed */
+# ifndef HZ
+# if defined(_SC_CLK_TCK) \
+ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
+# define HZ sysconf(_SC_CLK_TCK)
+# else
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+# endif
+# endif
+
+# ifndef HAVE_FORK
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE)
+# define HAVE_FORK 0
+# else
+# define HAVE_FORK 1
+# endif
+# endif
+
+# if HAVE_FORK
+# undef NO_FORK
+# else
+# define NO_FORK
+# endif
+
+# undef BUFSIZE
+# define BUFSIZE ((long)1024*8+1)
+int run = 0;
+
+static char ftime_used = 0, times_used = 0, gettimeofday_used =
+ 0, getrusage_used = 0;
+static int mr = 0;
+static int usertime = 1;
+
+static double Time_F(int s);
+static void print_message(const char *s, long num, int length);
+static void pkey_print_message(const char *str, const char *str2,
+ long num, int bits, int sec);
+static void print_result(int alg, int run_no, int count, double time_used);
+# ifndef NO_FORK
+static int do_multi(int multi);
+# endif
+
+# define ALGOR_NUM 28
+# define SIZE_NUM 5
+# define RSA_NUM 4
+# define DSA_NUM 3
+
+# define EC_NUM 16
+# define MAX_ECDH_SIZE 256
+
+static const char *names[ALGOR_NUM] = {
+ "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
+ "des cbc", "des ede3", "idea cbc", "seed cbc",
+ "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
+ "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
+ "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
+ "evp", "sha256", "sha512",
+ "aes-128 ige", "aes-192 ige", "aes-256 ige"
+};
+
+static double results[ALGOR_NUM][SIZE_NUM];
+static int lengths[SIZE_NUM] = { 16, 64, 256, 1024, 8 * 1024 };
+
+# ifndef OPENSSL_NO_RSA
+static double rsa_results[RSA_NUM][2];
+# endif
+# ifndef OPENSSL_NO_DSA
+static double dsa_results[DSA_NUM][2];
+# endif
+# ifndef OPENSSL_NO_ECDSA
+static double ecdsa_results[EC_NUM][2];
+# endif
+# ifndef OPENSSL_NO_ECDH
+static double ecdh_results[EC_NUM][1];
+# endif
+
+# if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+static int rnd_fake = 0;
+# endif
+
+# ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi) || defined(_AIX)
+# define SIGRETTYPE void
+# else
+# define SIGRETTYPE int
+# endif
+
+static SIGRETTYPE sig_done(int sig);
+static SIGRETTYPE sig_done(int sig)
+{
+ signal(SIGALRM, sig_done);
+ run = 0;
+# ifdef LINT
+ sig = sig;
+# endif
+}
+# endif
+
+# define START 0
+# define STOP 1
+
+# if defined(OPENSSL_SYS_NETWARE)
+
+ /*
+ * for NetWare the best we can do is use clock() which returns the time,
+ * in hundredths of a second, since the NLM began executing
+ */
+static double Time_F(int s)
+{
+ double ret;
+
+ static clock_t tstart, tend;
+
+ if (s == START) {
+ tstart = clock();
+ return (0);
+ } else {
+ tend = clock();
+ ret = (double)((double)(tend) - (double)(tstart));
+ return ((ret < 0.001) ? 0.001 : ret);
+ }
+}
+
+# else
+
+static double Time_F(int s)
+{
+ double ret;
+
+# ifdef USE_TOD
+ if (usertime) {
+ static struct rusage tstart, tend;
+
+ getrusage_used = 1;
+ if (s == START) {
+ getrusage(RUSAGE_SELF, &tstart);
+ return (0);
+ } else {
+ long i;
+
+ getrusage(RUSAGE_SELF, &tend);
+ i = (long)tend.ru_utime.tv_usec - (long)tstart.ru_utime.tv_usec;
+ ret = ((double)(tend.ru_utime.tv_sec - tstart.ru_utime.tv_sec))
+ + ((double)i) / 1000000.0;
+ return ((ret < 0.001) ? 0.001 : ret);
+ }
+ } else {
+ static struct timeval tstart, tend;
+ long i;
+
+ gettimeofday_used = 1;
+ if (s == START) {
+ gettimeofday(&tstart, NULL);
+ return (0);
+ } else {
+ gettimeofday(&tend, NULL);
+ i = (long)tend.tv_usec - (long)tstart.tv_usec;
+ ret =
+ ((double)(tend.tv_sec - tstart.tv_sec)) +
+ ((double)i) / 1000000.0;
+ return ((ret < 0.001) ? 0.001 : ret);
+ }
+ }
+# else /* ndef USE_TOD */
+
+# ifdef TIMES
+ if (usertime) {
+ static struct tms tstart, tend;
+
+ times_used = 1;
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = HZ;
+ ret = (double)(tend.tms_utime - tstart.tms_utime) / ret;
+ return ((ret < 1e-3) ? 1e-3 : ret);
+ }
+ }
+# endif /* times() */
+# if defined(TIMES) && defined(TIMEB)
+ else
+# endif
+# ifdef OPENSSL_SYS_VXWORKS
+ {
+ static unsigned long tick_start, tick_end;
+
+ if (s == START) {
+ tick_start = tickGet();
+ return 0;
+ } else {
+ tick_end = tickGet();
+ ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
+ return ((ret < 0.001) ? 0.001 : ret);
+ }
+ }
+# elif defined(TIMEB)
+ {
+ static struct timeb tstart, tend;
+ long i;
+
+ ftime_used = 1;
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
+ return ((ret < 0.001) ? 0.001 : ret);
+ }
+ }
+# endif
+# endif
+}
+# endif /* if defined(OPENSSL_SYS_NETWARE) */
+
+# ifndef OPENSSL_NO_ECDH
+static const int KDF1_SHA1_len = 20;
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
+ size_t *outlen)
+{
+# ifndef OPENSSL_NO_SHA
+ if (*outlen < SHA_DIGEST_LENGTH)
+ return NULL;
+ else
+ *outlen = SHA_DIGEST_LENGTH;
+ return SHA1(in, inlen, out);
+# else
+ return NULL;
+# endif /* OPENSSL_NO_SHA */
+}
+# endif /* OPENSSL_NO_ECDH */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ unsigned char *buf = NULL, *buf2 = NULL;
+ int mret = 1;
+ long count = 0, save_count = 0;
+ int i, j, k;
+# if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
+ long rsa_count;
+# endif
+# ifndef OPENSSL_NO_RSA
+ unsigned rsa_num;
+# endif
+ unsigned char md[EVP_MAX_MD_SIZE];
+# ifndef OPENSSL_NO_MD2
+ unsigned char md2[MD2_DIGEST_LENGTH];
+# endif
+# ifndef OPENSSL_NO_MDC2
+ unsigned char mdc2[MDC2_DIGEST_LENGTH];
+# endif
+# ifndef OPENSSL_NO_MD4
+ unsigned char md4[MD4_DIGEST_LENGTH];
+# endif
+# ifndef OPENSSL_NO_MD5
+ unsigned char md5[MD5_DIGEST_LENGTH];
+ unsigned char hmac[MD5_DIGEST_LENGTH];
+# endif
+# ifndef OPENSSL_NO_SHA
+ unsigned char sha[SHA_DIGEST_LENGTH];
+# ifndef OPENSSL_NO_SHA256
+ unsigned char sha256[SHA256_DIGEST_LENGTH];
+# endif
+# ifndef OPENSSL_NO_SHA512
+ unsigned char sha512[SHA512_DIGEST_LENGTH];
+# endif
+# endif
+# ifndef OPENSSL_NO_RIPEMD
+ unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+# endif
+# ifndef OPENSSL_NO_RC4
+ RC4_KEY rc4_ks;
+# endif
+# ifndef OPENSSL_NO_RC5
+ RC5_32_KEY rc5_ks;
+# endif
+# ifndef OPENSSL_NO_RC2
+ RC2_KEY rc2_ks;
+# endif
+# ifndef OPENSSL_NO_IDEA
+ IDEA_KEY_SCHEDULE idea_ks;
+# endif
+# ifndef OPENSSL_NO_SEED
+ SEED_KEY_SCHEDULE seed_ks;
+# endif
+# ifndef OPENSSL_NO_BF
+ BF_KEY bf_ks;
+# endif
+# ifndef OPENSSL_NO_CAST
+ CAST_KEY cast_ks;
+# endif
+ static const unsigned char key16[16] = {
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
+ };
+# ifndef OPENSSL_NO_AES
+ static const unsigned char key24[24] = {
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+ 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+ };
+ static const unsigned char key32[32] = {
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+ 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+ 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
+ };
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ static const unsigned char ckey24[24] = {
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+ 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+ };
+ static const unsigned char ckey32[32] = {
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+ 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+ 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
+ };
+# endif
+# ifndef OPENSSL_NO_AES
+# define MAX_BLOCK_SIZE 128
+# else
+# define MAX_BLOCK_SIZE 64
+# endif
+ unsigned char DES_iv[8];
+ unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
+# ifndef OPENSSL_NO_DES
+ static DES_cblock key =
+ { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0 };
+ static DES_cblock key2 =
+ { 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12 };
+ static DES_cblock key3 =
+ { 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 };
+ DES_key_schedule sch;
+ DES_key_schedule sch2;
+ DES_key_schedule sch3;
+# endif
+# ifndef OPENSSL_NO_AES
+ AES_KEY aes_ks1, aes_ks2, aes_ks3;
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
+# endif
+# define D_MD2 0
+# define D_MDC2 1
+# define D_MD4 2
+# define D_MD5 3
+# define D_HMAC 4
+# define D_SHA1 5
+# define D_RMD160 6
+# define D_RC4 7
+# define D_CBC_DES 8
+# define D_EDE3_DES 9
+# define D_CBC_IDEA 10
+# define D_CBC_SEED 11
+# define D_CBC_RC2 12
+# define D_CBC_RC5 13
+# define D_CBC_BF 14
+# define D_CBC_CAST 15
+# define D_CBC_128_AES 16
+# define D_CBC_192_AES 17
+# define D_CBC_256_AES 18
+# define D_CBC_128_CML 19
+# define D_CBC_192_CML 20
+# define D_CBC_256_CML 21
+# define D_EVP 22
+# define D_SHA256 23
+# define D_SHA512 24
+# define D_IGE_128_AES 25
+# define D_IGE_192_AES 26
+# define D_IGE_256_AES 27
+ double d = 0.0;
+ long c[ALGOR_NUM][SIZE_NUM];
+# define R_DSA_512 0
+# define R_DSA_1024 1
+# define R_DSA_2048 2
+# define R_RSA_512 0
+# define R_RSA_1024 1
+# define R_RSA_2048 2
+# define R_RSA_4096 3
+
+# define R_EC_P160 0
+# define R_EC_P192 1
+# define R_EC_P224 2
+# define R_EC_P256 3
+# define R_EC_P384 4
+# define R_EC_P521 5
+# define R_EC_K163 6
+# define R_EC_K233 7
+# define R_EC_K283 8
+# define R_EC_K409 9
+# define R_EC_K571 10
+# define R_EC_B163 11
+# define R_EC_B233 12
+# define R_EC_B283 13
+# define R_EC_B409 14
+# define R_EC_B571 15
+
+# ifndef OPENSSL_NO_RSA
+ RSA *rsa_key[RSA_NUM];
+ long rsa_c[RSA_NUM][2];
+ static unsigned int rsa_bits[RSA_NUM] = {
+ 512, 1024, 2048, 4096
+ };
+ static unsigned char *rsa_data[RSA_NUM] = {
+ test512, test1024, test2048, test4096
+ };
+ static int rsa_data_length[RSA_NUM] = {
+ sizeof(test512), sizeof(test1024),
+ sizeof(test2048), sizeof(test4096)
+ };
+# endif
+# ifndef OPENSSL_NO_DSA
+ DSA *dsa_key[DSA_NUM];
+ long dsa_c[DSA_NUM][2];
+ static unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
+# endif
+# ifndef OPENSSL_NO_EC
+ /*
+ * We only test over the following curves as they are representative, To
+ * add tests over more curves, simply add the curve NID and curve name to
+ * the following arrays and increase the EC_NUM value accordingly.
+ */
+ static unsigned int test_curves[EC_NUM] = {
+ /* Prime Curves */
+ NID_secp160r1,
+ NID_X9_62_prime192v1,
+ NID_secp224r1,
+ NID_X9_62_prime256v1,
+ NID_secp384r1,
+ NID_secp521r1,
+ /* Binary Curves */
+ NID_sect163k1,
+ NID_sect233k1,
+ NID_sect283k1,
+ NID_sect409k1,
+ NID_sect571k1,
+ NID_sect163r2,
+ NID_sect233r1,
+ NID_sect283r1,
+ NID_sect409r1,
+ NID_sect571r1
+ };
+ static const char *test_curves_names[EC_NUM] = {
+ /* Prime Curves */
+ "secp160r1",
+ "nistp192",
+ "nistp224",
+ "nistp256",
+ "nistp384",
+ "nistp521",
+ /* Binary Curves */
+ "nistk163",
+ "nistk233",
+ "nistk283",
+ "nistk409",
+ "nistk571",
+ "nistb163",
+ "nistb233",
+ "nistb283",
+ "nistb409",
+ "nistb571"
+ };
+ static int test_curves_bits[EC_NUM] = {
+ 160, 192, 224, 256, 384, 521,
+ 163, 233, 283, 409, 571,
+ 163, 233, 283, 409, 571
+ };
+
+# endif
+
+# ifndef OPENSSL_NO_ECDSA
+ unsigned char ecdsasig[256];
+ unsigned int ecdsasiglen;
+ EC_KEY *ecdsa[EC_NUM];
+ long ecdsa_c[EC_NUM][2];
+# endif
+
+# ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
+ unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
+ int secret_size_a, secret_size_b;
+ int ecdh_checks = 0;
+ int secret_idx = 0;
+ long ecdh_c[EC_NUM][2];
+# endif
+
+ int rsa_doit[RSA_NUM];
+ int dsa_doit[DSA_NUM];
+# ifndef OPENSSL_NO_ECDSA
+ int ecdsa_doit[EC_NUM];
+# endif
+# ifndef OPENSSL_NO_ECDH
+ int ecdh_doit[EC_NUM];
+# endif
+ int doit[ALGOR_NUM];
+ int pr_header = 0;
+ const EVP_CIPHER *evp_cipher = NULL;
+ const EVP_MD *evp_md = NULL;
+ int decrypt = 0;
+# ifndef NO_FORK
+ int multi = 0;
+# endif
+
+# ifndef TIMES
+ usertime = -1;
+# endif
+
+ apps_startup();
+ memset(results, 0, sizeof(results));
+# ifndef OPENSSL_NO_DSA
+ memset(dsa_key, 0, sizeof(dsa_key));
+# endif
+# ifndef OPENSSL_NO_ECDSA
+ for (i = 0; i < EC_NUM; i++)
+ ecdsa[i] = NULL;
+# endif
+# ifndef OPENSSL_NO_ECDH
+ for (i = 0; i < EC_NUM; i++) {
+ ecdh_a[i] = NULL;
+ ecdh_b[i] = NULL;
+ }
+# endif
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+# ifndef OPENSSL_NO_RSA
+ memset(rsa_key, 0, sizeof(rsa_key));
+ for (i = 0; i < RSA_NUM; i++)
+ rsa_key[i] = NULL;
+# endif
+
+ if ((buf = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
+ BIO_printf(bio_err, "out of memory\n");
+ goto end;
+ }
+ if ((buf2 = (unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL) {
+ BIO_printf(bio_err, "out of memory\n");
+ goto end;
+ }
+
+ memset(c, 0, sizeof(c));
+ memset(DES_iv, 0, sizeof(DES_iv));
+ memset(iv, 0, sizeof(iv));
+
+ for (i = 0; i < ALGOR_NUM; i++)
+ doit[i] = 0;
+ for (i = 0; i < RSA_NUM; i++)
+ rsa_doit[i] = 0;
+ for (i = 0; i < DSA_NUM; i++)
+ dsa_doit[i] = 0;
+# ifndef OPENSSL_NO_ECDSA
+ for (i = 0; i < EC_NUM; i++)
+ ecdsa_doit[i] = 0;
+# endif
+# ifndef OPENSSL_NO_ECDH
+ for (i = 0; i < EC_NUM; i++)
+ ecdh_doit[i] = 0;
+# endif
+
+ j = 0;
+ argc--;
+ argv++;
+ while (argc) {
+ if ((argc > 0) && (strcmp(*argv, "-elapsed") == 0)) {
+ usertime = 0;
+ j--; /* Otherwise, -elapsed gets confused with an
+ * algorithm. */
+ } else if ((argc > 0) && (strcmp(*argv, "-evp") == 0)) {
+ argc--;
+ argv++;
+ if (argc == 0) {
+ BIO_printf(bio_err, "no EVP given\n");
+ goto end;
+ }
+ evp_cipher = EVP_get_cipherbyname(*argv);
+ if (!evp_cipher) {
+ evp_md = EVP_get_digestbyname(*argv);
+ }
+ if (!evp_cipher && !evp_md) {
+ BIO_printf(bio_err, "%s is an unknown cipher or digest\n",
+ *argv);
+ goto end;
+ }
+ doit[D_EVP] = 1;
+ } else if (argc > 0 && !strcmp(*argv, "-decrypt")) {
+ decrypt = 1;
+ j--; /* Otherwise, -elapsed gets confused with an
+ * algorithm. */
+ }
+# ifndef OPENSSL_NO_ENGINE
+ else if ((argc > 0) && (strcmp(*argv, "-engine") == 0)) {
+ argc--;
+ argv++;
+ if (argc == 0) {
+ BIO_printf(bio_err, "no engine given\n");
+ goto end;
+ }
+ setup_engine(bio_err, *argv, 0);
+ /*
+ * j will be increased again further down. We just don't want
+ * speed to confuse an engine with an algorithm, especially when
+ * none is given (which means all of them should be run)
+ */
+ j--;
+ }
+# endif
+# ifndef NO_FORK
+ else if ((argc > 0) && (strcmp(*argv, "-multi") == 0)) {
+ argc--;
+ argv++;
+ if (argc == 0) {
+ BIO_printf(bio_err, "no multi count given\n");
+ goto end;
+ }
+ multi = atoi(argv[0]);
+ if (multi <= 0) {
+ BIO_printf(bio_err, "bad multi count\n");
+ goto end;
+ }
+ j--; /* Otherwise, -mr gets confused with an
+ * algorithm. */
+ }
+# endif
+ else if (argc > 0 && !strcmp(*argv, "-mr")) {
+ mr = 1;
+ j--; /* Otherwise, -mr gets confused with an
+ * algorithm. */
+ } else
+# ifndef OPENSSL_NO_MD2
+ if (strcmp(*argv, "md2") == 0)
+ doit[D_MD2] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_MDC2
+ if (strcmp(*argv, "mdc2") == 0)
+ doit[D_MDC2] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_MD4
+ if (strcmp(*argv, "md4") == 0)
+ doit[D_MD4] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_MD5
+ if (strcmp(*argv, "md5") == 0)
+ doit[D_MD5] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_MD5
+ if (strcmp(*argv, "hmac") == 0)
+ doit[D_HMAC] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_SHA
+ if (strcmp(*argv, "sha1") == 0)
+ doit[D_SHA1] = 1;
+ else if (strcmp(*argv, "sha") == 0)
+ doit[D_SHA1] = 1, doit[D_SHA256] = 1, doit[D_SHA512] = 1;
+ else
+# ifndef OPENSSL_NO_SHA256
+ if (strcmp(*argv, "sha256") == 0)
+ doit[D_SHA256] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_SHA512
+ if (strcmp(*argv, "sha512") == 0)
+ doit[D_SHA512] = 1;
+ else
+# endif
+# endif
+# ifndef OPENSSL_NO_RIPEMD
+ if (strcmp(*argv, "ripemd") == 0)
+ doit[D_RMD160] = 1;
+ else if (strcmp(*argv, "rmd160") == 0)
+ doit[D_RMD160] = 1;
+ else if (strcmp(*argv, "ripemd160") == 0)
+ doit[D_RMD160] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_RC4
+ if (strcmp(*argv, "rc4") == 0)
+ doit[D_RC4] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_DES
+ if (strcmp(*argv, "des-cbc") == 0)
+ doit[D_CBC_DES] = 1;
+ else if (strcmp(*argv, "des-ede3") == 0)
+ doit[D_EDE3_DES] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_AES
+ if (strcmp(*argv, "aes-128-cbc") == 0)
+ doit[D_CBC_128_AES] = 1;
+ else if (strcmp(*argv, "aes-192-cbc") == 0)
+ doit[D_CBC_192_AES] = 1;
+ else if (strcmp(*argv, "aes-256-cbc") == 0)
+ doit[D_CBC_256_AES] = 1;
+ else if (strcmp(*argv, "aes-128-ige") == 0)
+ doit[D_IGE_128_AES] = 1;
+ else if (strcmp(*argv, "aes-192-ige") == 0)
+ doit[D_IGE_192_AES] = 1;
+ else if (strcmp(*argv, "aes-256-ige") == 0)
+ doit[D_IGE_256_AES] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ if (strcmp(*argv, "camellia-128-cbc") == 0)
+ doit[D_CBC_128_CML] = 1;
+ else if (strcmp(*argv, "camellia-192-cbc") == 0)
+ doit[D_CBC_192_CML] = 1;
+ else if (strcmp(*argv, "camellia-256-cbc") == 0)
+ doit[D_CBC_256_CML] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_RSA
+# if 0 /* was: #ifdef RSAref */
+ if (strcmp(*argv, "rsaref") == 0) {
+ RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
+ j--;
+ } else
+# endif
+# ifndef RSA_NULL
+ if (strcmp(*argv, "openssl") == 0) {
+ RSA_set_default_method(RSA_PKCS1_SSLeay());
+ j--;
+ } else
+# endif
+# endif /* !OPENSSL_NO_RSA */
+ if (strcmp(*argv, "dsa512") == 0)
+ dsa_doit[R_DSA_512] = 2;
+ else if (strcmp(*argv, "dsa1024") == 0)
+ dsa_doit[R_DSA_1024] = 2;
+ else if (strcmp(*argv, "dsa2048") == 0)
+ dsa_doit[R_DSA_2048] = 2;
+ else if (strcmp(*argv, "rsa512") == 0)
+ rsa_doit[R_RSA_512] = 2;
+ else if (strcmp(*argv, "rsa1024") == 0)
+ rsa_doit[R_RSA_1024] = 2;
+ else if (strcmp(*argv, "rsa2048") == 0)
+ rsa_doit[R_RSA_2048] = 2;
+ else if (strcmp(*argv, "rsa4096") == 0)
+ rsa_doit[R_RSA_4096] = 2;
+ else
+# ifndef OPENSSL_NO_RC2
+ if (strcmp(*argv, "rc2-cbc") == 0)
+ doit[D_CBC_RC2] = 1;
+ else if (strcmp(*argv, "rc2") == 0)
+ doit[D_CBC_RC2] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_RC5
+ if (strcmp(*argv, "rc5-cbc") == 0)
+ doit[D_CBC_RC5] = 1;
+ else if (strcmp(*argv, "rc5") == 0)
+ doit[D_CBC_RC5] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_IDEA
+ if (strcmp(*argv, "idea-cbc") == 0)
+ doit[D_CBC_IDEA] = 1;
+ else if (strcmp(*argv, "idea") == 0)
+ doit[D_CBC_IDEA] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_SEED
+ if (strcmp(*argv, "seed-cbc") == 0)
+ doit[D_CBC_SEED] = 1;
+ else if (strcmp(*argv, "seed") == 0)
+ doit[D_CBC_SEED] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_BF
+ if (strcmp(*argv, "bf-cbc") == 0)
+ doit[D_CBC_BF] = 1;
+ else if (strcmp(*argv, "blowfish") == 0)
+ doit[D_CBC_BF] = 1;
+ else if (strcmp(*argv, "bf") == 0)
+ doit[D_CBC_BF] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_CAST
+ if (strcmp(*argv, "cast-cbc") == 0)
+ doit[D_CBC_CAST] = 1;
+ else if (strcmp(*argv, "cast") == 0)
+ doit[D_CBC_CAST] = 1;
+ else if (strcmp(*argv, "cast5") == 0)
+ doit[D_CBC_CAST] = 1;
+ else
+# endif
+# ifndef OPENSSL_NO_DES
+ if (strcmp(*argv, "des") == 0) {
+ doit[D_CBC_DES] = 1;
+ doit[D_EDE3_DES] = 1;
+ } else
+# endif
+# ifndef OPENSSL_NO_AES
+ if (strcmp(*argv, "aes") == 0) {
+ doit[D_CBC_128_AES] = 1;
+ doit[D_CBC_192_AES] = 1;
+ doit[D_CBC_256_AES] = 1;
+ } else
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ if (strcmp(*argv, "camellia") == 0) {
+ doit[D_CBC_128_CML] = 1;
+ doit[D_CBC_192_CML] = 1;
+ doit[D_CBC_256_CML] = 1;
+ } else
+# endif
+# ifndef OPENSSL_NO_RSA
+ if (strcmp(*argv, "rsa") == 0) {
+ rsa_doit[R_RSA_512] = 1;
+ rsa_doit[R_RSA_1024] = 1;
+ rsa_doit[R_RSA_2048] = 1;
+ rsa_doit[R_RSA_4096] = 1;
+ } else
+# endif
+# ifndef OPENSSL_NO_DSA
+ if (strcmp(*argv, "dsa") == 0) {
+ dsa_doit[R_DSA_512] = 1;
+ dsa_doit[R_DSA_1024] = 1;
+ dsa_doit[R_DSA_2048] = 1;
+ } else
+# endif
+# ifndef OPENSSL_NO_ECDSA
+ if (strcmp(*argv, "ecdsap160") == 0)
+ ecdsa_doit[R_EC_P160] = 2;
+ else if (strcmp(*argv, "ecdsap192") == 0)
+ ecdsa_doit[R_EC_P192] = 2;
+ else if (strcmp(*argv, "ecdsap224") == 0)
+ ecdsa_doit[R_EC_P224] = 2;
+ else if (strcmp(*argv, "ecdsap256") == 0)
+ ecdsa_doit[R_EC_P256] = 2;
+ else if (strcmp(*argv, "ecdsap384") == 0)
+ ecdsa_doit[R_EC_P384] = 2;
+ else if (strcmp(*argv, "ecdsap521") == 0)
+ ecdsa_doit[R_EC_P521] = 2;
+ else if (strcmp(*argv, "ecdsak163") == 0)
+ ecdsa_doit[R_EC_K163] = 2;
+ else if (strcmp(*argv, "ecdsak233") == 0)
+ ecdsa_doit[R_EC_K233] = 2;
+ else if (strcmp(*argv, "ecdsak283") == 0)
+ ecdsa_doit[R_EC_K283] = 2;
+ else if (strcmp(*argv, "ecdsak409") == 0)
+ ecdsa_doit[R_EC_K409] = 2;
+ else if (strcmp(*argv, "ecdsak571") == 0)
+ ecdsa_doit[R_EC_K571] = 2;
+ else if (strcmp(*argv, "ecdsab163") == 0)
+ ecdsa_doit[R_EC_B163] = 2;
+ else if (strcmp(*argv, "ecdsab233") == 0)
+ ecdsa_doit[R_EC_B233] = 2;
+ else if (strcmp(*argv, "ecdsab283") == 0)
+ ecdsa_doit[R_EC_B283] = 2;
+ else if (strcmp(*argv, "ecdsab409") == 0)
+ ecdsa_doit[R_EC_B409] = 2;
+ else if (strcmp(*argv, "ecdsab571") == 0)
+ ecdsa_doit[R_EC_B571] = 2;
+ else if (strcmp(*argv, "ecdsa") == 0) {
+ for (i = 0; i < EC_NUM; i++)
+ ecdsa_doit[i] = 1;
+ } else
+# endif
+# ifndef OPENSSL_NO_ECDH
+ if (strcmp(*argv, "ecdhp160") == 0)
+ ecdh_doit[R_EC_P160] = 2;
+ else if (strcmp(*argv, "ecdhp192") == 0)
+ ecdh_doit[R_EC_P192] = 2;
+ else if (strcmp(*argv, "ecdhp224") == 0)
+ ecdh_doit[R_EC_P224] = 2;
+ else if (strcmp(*argv, "ecdhp256") == 0)
+ ecdh_doit[R_EC_P256] = 2;
+ else if (strcmp(*argv, "ecdhp384") == 0)
+ ecdh_doit[R_EC_P384] = 2;
+ else if (strcmp(*argv, "ecdhp521") == 0)
+ ecdh_doit[R_EC_P521] = 2;
+ else if (strcmp(*argv, "ecdhk163") == 0)
+ ecdh_doit[R_EC_K163] = 2;
+ else if (strcmp(*argv, "ecdhk233") == 0)
+ ecdh_doit[R_EC_K233] = 2;
+ else if (strcmp(*argv, "ecdhk283") == 0)
+ ecdh_doit[R_EC_K283] = 2;
+ else if (strcmp(*argv, "ecdhk409") == 0)
+ ecdh_doit[R_EC_K409] = 2;
+ else if (strcmp(*argv, "ecdhk571") == 0)
+ ecdh_doit[R_EC_K571] = 2;
+ else if (strcmp(*argv, "ecdhb163") == 0)
+ ecdh_doit[R_EC_B163] = 2;
+ else if (strcmp(*argv, "ecdhb233") == 0)
+ ecdh_doit[R_EC_B233] = 2;
+ else if (strcmp(*argv, "ecdhb283") == 0)
+ ecdh_doit[R_EC_B283] = 2;
+ else if (strcmp(*argv, "ecdhb409") == 0)
+ ecdh_doit[R_EC_B409] = 2;
+ else if (strcmp(*argv, "ecdhb571") == 0)
+ ecdh_doit[R_EC_B571] = 2;
+ else if (strcmp(*argv, "ecdh") == 0) {
+ for (i = 0; i < EC_NUM; i++)
+ ecdh_doit[i] = 1;
+ } else
+# endif
+ {
+ BIO_printf(bio_err, "Error: bad option or value\n");
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, "Available values:\n");
+# ifndef OPENSSL_NO_MD2
+ BIO_printf(bio_err, "md2 ");
+# endif
+# ifndef OPENSSL_NO_MDC2
+ BIO_printf(bio_err, "mdc2 ");
+# endif
+# ifndef OPENSSL_NO_MD4
+ BIO_printf(bio_err, "md4 ");
+# endif
+# ifndef OPENSSL_NO_MD5
+ BIO_printf(bio_err, "md5 ");
+# ifndef OPENSSL_NO_HMAC
+ BIO_printf(bio_err, "hmac ");
+# endif
+# endif
+# ifndef OPENSSL_NO_SHA1
+ BIO_printf(bio_err, "sha1 ");
+# endif
+# ifndef OPENSSL_NO_SHA256
+ BIO_printf(bio_err, "sha256 ");
+# endif
+# ifndef OPENSSL_NO_SHA512
+ BIO_printf(bio_err, "sha512 ");
+# endif
+# ifndef OPENSSL_NO_RIPEMD160
+ BIO_printf(bio_err, "rmd160");
+# endif
+# if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
+ !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
+ !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160)
+ BIO_printf(bio_err, "\n");
+# endif
+
+# ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err, "idea-cbc ");
+# endif
+# ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err, "seed-cbc ");
+# endif
+# ifndef OPENSSL_NO_RC2
+ BIO_printf(bio_err, "rc2-cbc ");
+# endif
+# ifndef OPENSSL_NO_RC5
+ BIO_printf(bio_err, "rc5-cbc ");
+# endif
+# ifndef OPENSSL_NO_BF
+ BIO_printf(bio_err, "bf-cbc");
+# endif
+# if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \
+ !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
+ BIO_printf(bio_err, "\n");
+# endif
+# ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err, "des-cbc des-ede3 ");
+# endif
+# ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err, "aes-128-cbc aes-192-cbc aes-256-cbc ");
+ BIO_printf(bio_err, "aes-128-ige aes-192-ige aes-256-ige ");
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err,
+ "camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
+# endif
+# ifndef OPENSSL_NO_RC4
+ BIO_printf(bio_err, "rc4");
+# endif
+ BIO_printf(bio_err, "\n");
+
+# ifndef OPENSSL_NO_RSA
+ BIO_printf(bio_err, "rsa512 rsa1024 rsa2048 rsa4096\n");
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n");
+# endif
+# ifndef OPENSSL_NO_ECDSA
+ BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
+ "ecdsap256 ecdsap384 ecdsap521\n");
+ BIO_printf(bio_err,
+ "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
+ BIO_printf(bio_err,
+ "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
+ BIO_printf(bio_err, "ecdsa\n");
+# endif
+# ifndef OPENSSL_NO_ECDH
+ BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 "
+ "ecdhp256 ecdhp384 ecdhp521\n");
+ BIO_printf(bio_err,
+ "ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
+ BIO_printf(bio_err,
+ "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
+ BIO_printf(bio_err, "ecdh\n");
+# endif
+
+# ifndef OPENSSL_NO_IDEA
+ BIO_printf(bio_err, "idea ");
+# endif
+# ifndef OPENSSL_NO_SEED
+ BIO_printf(bio_err, "seed ");
+# endif
+# ifndef OPENSSL_NO_RC2
+ BIO_printf(bio_err, "rc2 ");
+# endif
+# ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err, "des ");
+# endif
+# ifndef OPENSSL_NO_AES
+ BIO_printf(bio_err, "aes ");
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ BIO_printf(bio_err, "camellia ");
+# endif
+# ifndef OPENSSL_NO_RSA
+ BIO_printf(bio_err, "rsa ");
+# endif
+# ifndef OPENSSL_NO_BF
+ BIO_printf(bio_err, "blowfish");
+# endif
+# if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \
+ !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \
+ !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \
+ !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA)
+ BIO_printf(bio_err, "\n");
+# endif
+
+ BIO_printf(bio_err, "\n");
+ BIO_printf(bio_err, "Available options:\n");
+# if defined(TIMES) || defined(USE_TOD)
+ BIO_printf(bio_err, "-elapsed "
+ "measure time in real time instead of CPU user time.\n");
+# endif
+# ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ "-engine e "
+ "use engine e, possibly a hardware device.\n");
+# endif
+ BIO_printf(bio_err, "-evp e " "use EVP e.\n");
+ BIO_printf(bio_err,
+ "-decrypt "
+ "time decryption instead of encryption (only EVP).\n");
+ BIO_printf(bio_err,
+ "-mr "
+ "produce machine readable output.\n");
+# ifndef NO_FORK
+ BIO_printf(bio_err,
+ "-multi n " "run n benchmarks in parallel.\n");
+# endif
+ goto end;
+ }
+ argc--;
+ argv++;
+ j++;
+ }
+
+# ifndef NO_FORK
+ if (multi && do_multi(multi))
+ goto show_res;
+# endif
+
+ if (j == 0) {
+ for (i = 0; i < ALGOR_NUM; i++) {
+ if (i != D_EVP)
+ doit[i] = 1;
+ }
+ for (i = 0; i < RSA_NUM; i++)
+ rsa_doit[i] = 1;
+ for (i = 0; i < DSA_NUM; i++)
+ dsa_doit[i] = 1;
+ }
+ for (i = 0; i < ALGOR_NUM; i++)
+ if (doit[i])
+ pr_header++;
+
+ if (usertime == 0 && !mr)
+ BIO_printf(bio_err,
+ "You have chosen to measure elapsed time "
+ "instead of user CPU time.\n");
+ if (usertime <= 0 && !mr) {
+ BIO_printf(bio_err,
+ "To get the most accurate results, try to run this\n");
+ BIO_printf(bio_err, "program when this computer is idle.\n");
+ }
+# ifndef OPENSSL_NO_RSA
+ for (i = 0; i < RSA_NUM; i++) {
+ const unsigned char *p;
+
+ p = rsa_data[i];
+ rsa_key[i] = d2i_RSAPrivateKey(NULL, &p, rsa_data_length[i]);
+ if (rsa_key[i] == NULL) {
+ BIO_printf(bio_err, "internal error loading RSA key number %d\n",
+ i);
+ goto end;
+ }
+# if 0
+ else {
+ BIO_printf(bio_err,
+ mr ? "+RK:%d:"
+ : "Loaded RSA key, %d bit modulus and e= 0x",
+ BN_num_bits(rsa_key[i]->n));
+ BN_print(bio_err, rsa_key[i]->e);
+ BIO_printf(bio_err, "\n");
+ }
+# endif
+ }
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ dsa_key[0] = get_dsa512();
+ dsa_key[1] = get_dsa1024();
+ dsa_key[2] = get_dsa2048();
+# endif
+
+# ifndef OPENSSL_NO_DES
+ DES_set_key_unchecked(&key, &sch);
+ DES_set_key_unchecked(&key2, &sch2);
+ DES_set_key_unchecked(&key3, &sch3);
+# endif
+# ifndef OPENSSL_NO_AES
+ AES_set_encrypt_key(key16, 128, &aes_ks1);
+ AES_set_encrypt_key(key24, 192, &aes_ks2);
+ AES_set_encrypt_key(key32, 256, &aes_ks3);
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ Camellia_set_key(key16, 128, &camellia_ks1);
+ Camellia_set_key(ckey24, 192, &camellia_ks2);
+ Camellia_set_key(ckey32, 256, &camellia_ks3);
+# endif
+# ifndef OPENSSL_NO_IDEA
+ idea_set_encrypt_key(key16, &idea_ks);
+# endif
+# ifndef OPENSSL_NO_SEED
+ SEED_set_key(key16, &seed_ks);
+# endif
+# ifndef OPENSSL_NO_RC4
+ RC4_set_key(&rc4_ks, 16, key16);
+# endif
+# ifndef OPENSSL_NO_RC2
+ RC2_set_key(&rc2_ks, 16, key16, 128);
+# endif
+# ifndef OPENSSL_NO_RC5
+ RC5_32_set_key(&rc5_ks, 16, key16, 12);
+# endif
+# ifndef OPENSSL_NO_BF
+ BF_set_key(&bf_ks, 16, key16);
+# endif
+# ifndef OPENSSL_NO_CAST
+ CAST_set_key(&cast_ks, 16, key16);
+# endif
+# ifndef OPENSSL_NO_RSA
+ memset(rsa_c, 0, sizeof(rsa_c));
+# endif
+# ifndef SIGALRM
+# ifndef OPENSSL_NO_DES
+ BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
+ count = 10;
+ do {
+ long it;
+ count *= 2;
+ Time_F(START);
+ for (it = count; it; it--)
+ DES_ecb_encrypt((DES_cblock *)buf,
+ (DES_cblock *)buf, &sch, DES_ENCRYPT);
+ d = Time_F(STOP);
+ } while (d < 3);
+ save_count = count;
+ c[D_MD2][0] = count / 10;
+ c[D_MDC2][0] = count / 10;
+ c[D_MD4][0] = count;
+ c[D_MD5][0] = count;
+ c[D_HMAC][0] = count;
+ c[D_SHA1][0] = count;
+ c[D_RMD160][0] = count;
+ c[D_RC4][0] = count * 5;
+ c[D_CBC_DES][0] = count;
+ c[D_EDE3_DES][0] = count / 3;
+ c[D_CBC_IDEA][0] = count;
+ c[D_CBC_SEED][0] = count;
+ c[D_CBC_RC2][0] = count;
+ c[D_CBC_RC5][0] = count;
+ c[D_CBC_BF][0] = count;
+ c[D_CBC_CAST][0] = count;
+ c[D_CBC_128_AES][0] = count;
+ c[D_CBC_192_AES][0] = count;
+ c[D_CBC_256_AES][0] = count;
+ c[D_CBC_128_CML][0] = count;
+ c[D_CBC_192_CML][0] = count;
+ c[D_CBC_256_CML][0] = count;
+ c[D_SHA256][0] = count;
+ c[D_SHA512][0] = count;
+ c[D_IGE_128_AES][0] = count;
+ c[D_IGE_192_AES][0] = count;
+ c[D_IGE_256_AES][0] = count;
+
+ for (i = 1; i < SIZE_NUM; i++) {
+ c[D_MD2][i] = c[D_MD2][0] * 4 * lengths[0] / lengths[i];
+ c[D_MDC2][i] = c[D_MDC2][0] * 4 * lengths[0] / lengths[i];
+ c[D_MD4][i] = c[D_MD4][0] * 4 * lengths[0] / lengths[i];
+ c[D_MD5][i] = c[D_MD5][0] * 4 * lengths[0] / lengths[i];
+ c[D_HMAC][i] = c[D_HMAC][0] * 4 * lengths[0] / lengths[i];
+ c[D_SHA1][i] = c[D_SHA1][0] * 4 * lengths[0] / lengths[i];
+ c[D_RMD160][i] = c[D_RMD160][0] * 4 * lengths[0] / lengths[i];
+ c[D_SHA256][i] = c[D_SHA256][0] * 4 * lengths[0] / lengths[i];
+ c[D_SHA512][i] = c[D_SHA512][0] * 4 * lengths[0] / lengths[i];
+ }
+ for (i = 1; i < SIZE_NUM; i++) {
+ long l0, l1;
+
+ l0 = (long)lengths[i - 1];
+ l1 = (long)lengths[i];
+ c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1;
+ c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1;
+ c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1;
+ c[D_CBC_IDEA][i] = c[D_CBC_IDEA][i - 1] * l0 / l1;
+ c[D_CBC_SEED][i] = c[D_CBC_SEED][i - 1] * l0 / l1;
+ c[D_CBC_RC2][i] = c[D_CBC_RC2][i - 1] * l0 / l1;
+ c[D_CBC_RC5][i] = c[D_CBC_RC5][i - 1] * l0 / l1;
+ c[D_CBC_BF][i] = c[D_CBC_BF][i - 1] * l0 / l1;
+ c[D_CBC_CAST][i] = c[D_CBC_CAST][i - 1] * l0 / l1;
+ c[D_CBC_128_AES][i] = c[D_CBC_128_AES][i - 1] * l0 / l1;
+ c[D_CBC_192_AES][i] = c[D_CBC_192_AES][i - 1] * l0 / l1;
+ c[D_CBC_256_AES][i] = c[D_CBC_256_AES][i - 1] * l0 / l1;
+ c[D_CBC_128_CML][i] = c[D_CBC_128_CML][i - 1] * l0 / l1;
+ c[D_CBC_192_CML][i] = c[D_CBC_192_CML][i - 1] * l0 / l1;
+ c[D_CBC_256_CML][i] = c[D_CBC_256_CML][i - 1] * l0 / l1;
+ c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1;
+ c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1;
+ c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
+ }
+# ifndef OPENSSL_NO_RSA
+ rsa_c[R_RSA_512][0] = count / 2000;
+ rsa_c[R_RSA_512][1] = count / 400;
+ for (i = 1; i < RSA_NUM; i++) {
+ rsa_c[i][0] = rsa_c[i - 1][0] / 8;
+ rsa_c[i][1] = rsa_c[i - 1][1] / 4;
+ if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
+ rsa_doit[i] = 0;
+ else {
+ if (rsa_c[i][0] == 0) {
+ rsa_c[i][0] = 1;
+ rsa_c[i][1] = 20;
+ }
+ }
+ }
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ dsa_c[R_DSA_512][0] = count / 1000;
+ dsa_c[R_DSA_512][1] = count / 1000 / 2;
+ for (i = 1; i < DSA_NUM; i++) {
+ dsa_c[i][0] = dsa_c[i - 1][0] / 4;
+ dsa_c[i][1] = dsa_c[i - 1][1] / 4;
+ if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
+ dsa_doit[i] = 0;
+ else {
+ if (dsa_c[i] == 0) {
+ dsa_c[i][0] = 1;
+ dsa_c[i][1] = 1;
+ }
+ }
+ }
+# endif
+
+# ifndef OPENSSL_NO_ECDSA
+ ecdsa_c[R_EC_P160][0] = count / 1000;
+ ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
+ for (i = R_EC_P192; i <= R_EC_P521; i++) {
+ ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+ ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+ if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
+ ecdsa_doit[i] = 0;
+ else {
+ if (ecdsa_c[i] == 0) {
+ ecdsa_c[i][0] = 1;
+ ecdsa_c[i][1] = 1;
+ }
+ }
+ }
+ ecdsa_c[R_EC_K163][0] = count / 1000;
+ ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
+ for (i = R_EC_K233; i <= R_EC_K571; i++) {
+ ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+ ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+ if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
+ ecdsa_doit[i] = 0;
+ else {
+ if (ecdsa_c[i] == 0) {
+ ecdsa_c[i][0] = 1;
+ ecdsa_c[i][1] = 1;
+ }
+ }
+ }
+ ecdsa_c[R_EC_B163][0] = count / 1000;
+ ecdsa_c[R_EC_B163][1] = count / 1000 / 2;
+ for (i = R_EC_B233; i <= R_EC_B571; i++) {
+ ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+ ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+ if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
+ ecdsa_doit[i] = 0;
+ else {
+ if (ecdsa_c[i] == 0) {
+ ecdsa_c[i][0] = 1;
+ ecdsa_c[i][1] = 1;
+ }
+ }
+ }
+# endif
+
+# ifndef OPENSSL_NO_ECDH
+ ecdh_c[R_EC_P160][0] = count / 1000;
+ ecdh_c[R_EC_P160][1] = count / 1000;
+ for (i = R_EC_P192; i <= R_EC_P521; i++) {
+ ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+ ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
+ if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
+ ecdh_doit[i] = 0;
+ else {
+ if (ecdh_c[i] == 0) {
+ ecdh_c[i][0] = 1;
+ ecdh_c[i][1] = 1;
+ }
+ }
+ }
+ ecdh_c[R_EC_K163][0] = count / 1000;
+ ecdh_c[R_EC_K163][1] = count / 1000;
+ for (i = R_EC_K233; i <= R_EC_K571; i++) {
+ ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+ ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
+ if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
+ ecdh_doit[i] = 0;
+ else {
+ if (ecdh_c[i] == 0) {
+ ecdh_c[i][0] = 1;
+ ecdh_c[i][1] = 1;
+ }
+ }
+ }
+ ecdh_c[R_EC_B163][0] = count / 1000;
+ ecdh_c[R_EC_B163][1] = count / 1000;
+ for (i = R_EC_B233; i <= R_EC_B571; i++) {
+ ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+ ecdh_c[i][1] = ecdh_c[i - 1][1] / 2;
+ if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
+ ecdh_doit[i] = 0;
+ else {
+ if (ecdh_c[i] == 0) {
+ ecdh_c[i][0] = 1;
+ ecdh_c[i][1] = 1;
+ }
+ }
+ }
+# endif
+
+# define COND(d) (count < (d))
+# define COUNT(d) (d)
+# else
+/* not worth fixing */
+# error "You cannot disable DES on systems without SIGALRM."
+# endif /* OPENSSL_NO_DES */
+# else
+# define COND(c) (run)
+# define COUNT(d) (count)
+ signal(SIGALRM, sig_done);
+# endif /* SIGALRM */
+
+# ifndef OPENSSL_NO_MD2
+ if (doit[D_MD2]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_MD2], c[D_MD2][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_MD2][j]); count++)
+ EVP_Digest(buf, (unsigned long)lengths[j], &(md2[0]), NULL,
+ EVP_md2(), NULL);
+ d = Time_F(STOP);
+ print_result(D_MD2, j, count, d);
+ }
+ }
+# endif
+# ifndef OPENSSL_NO_MDC2
+ if (doit[D_MDC2]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_MDC2], c[D_MDC2][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_MDC2][j]); count++)
+ EVP_Digest(buf, (unsigned long)lengths[j], &(mdc2[0]), NULL,
+ EVP_mdc2(), NULL);
+ d = Time_F(STOP);
+ print_result(D_MDC2, j, count, d);
+ }
+ }
+# endif
+
+# ifndef OPENSSL_NO_MD4
+ if (doit[D_MD4]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_MD4], c[D_MD4][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_MD4][j]); count++)
+ EVP_Digest(&(buf[0]), (unsigned long)lengths[j], &(md4[0]),
+ NULL, EVP_md4(), NULL);
+ d = Time_F(STOP);
+ print_result(D_MD4, j, count, d);
+ }
+ }
+# endif
+
+# ifndef OPENSSL_NO_MD5
+ if (doit[D_MD5]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_MD5], c[D_MD5][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_MD5][j]); count++)
+ EVP_Digest(&(buf[0]), (unsigned long)lengths[j], &(md5[0]),
+ NULL, EVP_get_digestbyname("md5"), NULL);
+ d = Time_F(STOP);
+ print_result(D_MD5, j, count, d);
+ }
+ }
+# endif
+
+# if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
+ if (doit[D_HMAC]) {
+ HMAC_CTX hctx;
+
+ HMAC_CTX_init(&hctx);
+ HMAC_Init_ex(&hctx, (unsigned char *)"This is a key...",
+ 16, EVP_md5(), NULL);
+
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_HMAC], c[D_HMAC][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_HMAC][j]); count++) {
+ HMAC_Init_ex(&hctx, NULL, 0, NULL, NULL);
+ HMAC_Update(&hctx, buf, lengths[j]);
+ HMAC_Final(&hctx, &(hmac[0]), NULL);
+ }
+ d = Time_F(STOP);
+ print_result(D_HMAC, j, count, d);
+ }
+ HMAC_CTX_cleanup(&hctx);
+ }
+# endif
+# ifndef OPENSSL_NO_SHA
+ if (doit[D_SHA1]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_SHA1][j]); count++)
+ EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL,
+ EVP_sha1(), NULL);
+ d = Time_F(STOP);
+ print_result(D_SHA1, j, count, d);
+ }
+ }
+# ifndef OPENSSL_NO_SHA256
+ if (doit[D_SHA256]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_SHA256][j]); count++)
+ SHA256(buf, lengths[j], sha256);
+ d = Time_F(STOP);
+ print_result(D_SHA256, j, count, d);
+ }
+ }
+# endif
+
+# ifndef OPENSSL_NO_SHA512
+ if (doit[D_SHA512]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_SHA512][j]); count++)
+ SHA512(buf, lengths[j], sha512);
+ d = Time_F(STOP);
+ print_result(D_SHA512, j, count, d);
+ }
+ }
+# endif
+
+# endif
+# ifndef OPENSSL_NO_RIPEMD
+ if (doit[D_RMD160]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_RMD160], c[D_RMD160][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_RMD160][j]); count++)
+ EVP_Digest(buf, (unsigned long)lengths[j], &(rmd160[0]), NULL,
+ EVP_ripemd160(), NULL);
+ d = Time_F(STOP);
+ print_result(D_RMD160, j, count, d);
+ }
+ }
+# endif
+# ifndef OPENSSL_NO_RC4
+ if (doit[D_RC4]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_RC4], c[D_RC4][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_RC4][j]); count++)
+ RC4(&rc4_ks, (unsigned int)lengths[j], buf, buf);
+ d = Time_F(STOP);
+ print_result(D_RC4, j, count, d);
+ }
+ }
+# endif
+# ifndef OPENSSL_NO_DES
+ if (doit[D_CBC_DES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_DES], c[D_CBC_DES][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_DES][j]); count++)
+ DES_ncbc_encrypt(buf, buf, lengths[j], &sch,
+ &DES_iv, DES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_DES, j, count, d);
+ }
+ }
+
+ if (doit[D_EDE3_DES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_EDE3_DES], c[D_EDE3_DES][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_EDE3_DES][j]); count++)
+ DES_ede3_cbc_encrypt(buf, buf, lengths[j],
+ &sch, &sch2, &sch3,
+ &DES_iv, DES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_EDE3_DES, j, count, d);
+ }
+ }
+# endif
+# ifndef OPENSSL_NO_AES
+ if (doit[D_CBC_128_AES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][j],
+ lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_128_AES][j]); count++)
+ AES_cbc_encrypt(buf, buf,
+ (unsigned long)lengths[j], &aes_ks1,
+ iv, AES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_128_AES, j, count, d);
+ }
+ }
+ if (doit[D_CBC_192_AES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][j],
+ lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_192_AES][j]); count++)
+ AES_cbc_encrypt(buf, buf,
+ (unsigned long)lengths[j], &aes_ks2,
+ iv, AES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_192_AES, j, count, d);
+ }
+ }
+ if (doit[D_CBC_256_AES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][j],
+ lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_256_AES][j]); count++)
+ AES_cbc_encrypt(buf, buf,
+ (unsigned long)lengths[j], &aes_ks3,
+ iv, AES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_256_AES, j, count, d);
+ }
+ }
+
+ if (doit[D_IGE_128_AES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][j],
+ lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_IGE_128_AES][j]); count++)
+ AES_ige_encrypt(buf, buf2,
+ (unsigned long)lengths[j], &aes_ks1,
+ iv, AES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_IGE_128_AES, j, count, d);
+ }
+ }
+ if (doit[D_IGE_192_AES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][j],
+ lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_IGE_192_AES][j]); count++)
+ AES_ige_encrypt(buf, buf2,
+ (unsigned long)lengths[j], &aes_ks2,
+ iv, AES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_IGE_192_AES, j, count, d);
+ }
+ }
+ if (doit[D_IGE_256_AES]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][j],
+ lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_IGE_256_AES][j]); count++)
+ AES_ige_encrypt(buf, buf2,
+ (unsigned long)lengths[j], &aes_ks3,
+ iv, AES_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_IGE_256_AES, j, count, d);
+ }
+ }
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+ if (doit[D_CBC_128_CML]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][j],
+ lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_128_CML][j]); count++)
+ Camellia_cbc_encrypt(buf, buf,
+ (unsigned long)lengths[j], &camellia_ks1,
+ iv, CAMELLIA_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_128_CML, j, count, d);
+ }
+ }
+ if (doit[D_CBC_192_CML]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][j],
+ lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_192_CML][j]); count++)
+ Camellia_cbc_encrypt(buf, buf,
+ (unsigned long)lengths[j], &camellia_ks2,
+ iv, CAMELLIA_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_192_CML, j, count, d);
+ }
+ }
+ if (doit[D_CBC_256_CML]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][j],
+ lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_256_CML][j]); count++)
+ Camellia_cbc_encrypt(buf, buf,
+ (unsigned long)lengths[j], &camellia_ks3,
+ iv, CAMELLIA_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_256_CML, j, count, d);
+ }
+ }
+# endif
+# ifndef OPENSSL_NO_IDEA
+ if (doit[D_CBC_IDEA]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_IDEA][j]); count++)
+ idea_cbc_encrypt(buf, buf,
+ (unsigned long)lengths[j], &idea_ks,
+ iv, IDEA_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_IDEA, j, count, d);
+ }
+ }
+# endif
+# ifndef OPENSSL_NO_SEED
+ if (doit[D_CBC_SEED]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_SEED], c[D_CBC_SEED][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_SEED][j]); count++)
+ SEED_cbc_encrypt(buf, buf,
+ (unsigned long)lengths[j], &seed_ks, iv, 1);
+ d = Time_F(STOP);
+ print_result(D_CBC_SEED, j, count, d);
+ }
+ }
+# endif
+# ifndef OPENSSL_NO_RC2
+ if (doit[D_CBC_RC2]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_RC2], c[D_CBC_RC2][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_RC2][j]); count++)
+ RC2_cbc_encrypt(buf, buf,
+ (unsigned long)lengths[j], &rc2_ks,
+ iv, RC2_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_RC2, j, count, d);
+ }
+ }
+# endif
+# ifndef OPENSSL_NO_RC5
+ if (doit[D_CBC_RC5]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_RC5], c[D_CBC_RC5][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_RC5][j]); count++)
+ RC5_32_cbc_encrypt(buf, buf,
+ (unsigned long)lengths[j], &rc5_ks,
+ iv, RC5_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_RC5, j, count, d);
+ }
+ }
+# endif
+# ifndef OPENSSL_NO_BF
+ if (doit[D_CBC_BF]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_BF], c[D_CBC_BF][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_BF][j]); count++)
+ BF_cbc_encrypt(buf, buf,
+ (unsigned long)lengths[j], &bf_ks,
+ iv, BF_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_BF, j, count, d);
+ }
+ }
+# endif
+# ifndef OPENSSL_NO_CAST
+ if (doit[D_CBC_CAST]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ print_message(names[D_CBC_CAST], c[D_CBC_CAST][j], lengths[j]);
+ Time_F(START);
+ for (count = 0, run = 1; COND(c[D_CBC_CAST][j]); count++)
+ CAST_cbc_encrypt(buf, buf,
+ (unsigned long)lengths[j], &cast_ks,
+ iv, CAST_ENCRYPT);
+ d = Time_F(STOP);
+ print_result(D_CBC_CAST, j, count, d);
+ }
+ }
+# endif
+
+ if (doit[D_EVP]) {
+ for (j = 0; j < SIZE_NUM; j++) {
+ if (evp_cipher) {
+ EVP_CIPHER_CTX ctx;
+ int outl;
+
+ names[D_EVP] = OBJ_nid2ln(evp_cipher->nid);
+ /*
+ * -O3 -fschedule-insns messes up an optimization here!
+ * names[D_EVP] somehow becomes NULL
+ */
+ print_message(names[D_EVP], save_count, lengths[j]);
+
+ EVP_CIPHER_CTX_init(&ctx);
+ if (decrypt)
+ EVP_DecryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
+ else
+ EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, key16, iv);
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+
+ Time_F(START);
+ if (decrypt)
+ for (count = 0, run = 1;
+ COND(save_count * 4 * lengths[0] / lengths[j]);
+ count++)
+ EVP_DecryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
+ else
+ for (count = 0, run = 1;
+ COND(save_count * 4 * lengths[0] / lengths[j]);
+ count++)
+ EVP_EncryptUpdate(&ctx, buf, &outl, buf, lengths[j]);
+ if (decrypt)
+ EVP_DecryptFinal_ex(&ctx, buf, &outl);
+ else
+ EVP_EncryptFinal_ex(&ctx, buf, &outl);
+ d = Time_F(STOP);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ }
+ if (evp_md) {
+ names[D_EVP] = OBJ_nid2ln(evp_md->type);
+ print_message(names[D_EVP], save_count, lengths[j]);
+
+ Time_F(START);
+ for (count = 0, run = 1;
+ COND(save_count * 4 * lengths[0] / lengths[j]); count++)
+ EVP_Digest(buf, lengths[j], &(md[0]), NULL, evp_md, NULL);
+
+ d = Time_F(STOP);
+ }
+ print_result(D_EVP, j, count, d);
+ }
+ }
+
+ RAND_pseudo_bytes(buf, 36);
+# ifndef OPENSSL_NO_RSA
+ for (j = 0; j < RSA_NUM; j++) {
+ int ret;
+ if (!rsa_doit[j])
+ continue;
+ ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, &rsa_num, rsa_key[j]);
+ if (ret == 0) {
+ BIO_printf(bio_err,
+ "RSA sign failure. No RSA sign will be done.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ } else {
+ pkey_print_message("private", "rsa",
+ rsa_c[j][0], rsa_bits[j], RSA_SECONDS);
+ /* RSA_blinding_on(rsa_key[j],NULL); */
+ Time_F(START);
+ for (count = 0, run = 1; COND(rsa_c[j][0]); count++) {
+ ret = RSA_sign(NID_md5_sha1, buf, 36, buf2,
+ &rsa_num, rsa_key[j]);
+ if (ret == 0) {
+ BIO_printf(bio_err, "RSA sign failure\n");
+ ERR_print_errors(bio_err);
+ count = 1;
+ break;
+ }
+ }
+ d = Time_F(STOP);
+ BIO_printf(bio_err,
+ mr ? "+R1:%ld:%d:%.2f\n"
+ : "%ld %d bit private RSA's in %.2fs\n",
+ count, rsa_bits[j], d);
+ rsa_results[j][0] = d / (double)count;
+ rsa_count = count;
+ }
+
+# if 1
+ ret = RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[j]);
+ if (ret <= 0) {
+ BIO_printf(bio_err,
+ "RSA verify failure. No RSA verify will be done.\n");
+ ERR_print_errors(bio_err);
+ rsa_doit[j] = 0;
+ } else {
+ pkey_print_message("public", "rsa",
+ rsa_c[j][1], rsa_bits[j], RSA_SECONDS);
+ Time_F(START);
+ for (count = 0, run = 1; COND(rsa_c[j][1]); count++) {
+ ret = RSA_verify(NID_md5_sha1, buf, 36, buf2,
+ rsa_num, rsa_key[j]);
+ if (ret <= 0) {
+ BIO_printf(bio_err, "RSA verify failure\n");
+ ERR_print_errors(bio_err);
+ count = 1;
+ break;
+ }
+ }
+ d = Time_F(STOP);
+ BIO_printf(bio_err,
+ mr ? "+R2:%ld:%d:%.2f\n"
+ : "%ld %d bit public RSA's in %.2fs\n",
+ count, rsa_bits[j], d);
+ rsa_results[j][1] = d / (double)count;
+ }
+# endif
+
+ if (rsa_count <= 1) {
+ /* if longer than 10s, don't do any more */
+ for (j++; j < RSA_NUM; j++)
+ rsa_doit[j] = 0;
+ }
+ }
+# endif
+
+ RAND_pseudo_bytes(buf, 20);
+# ifndef OPENSSL_NO_DSA
+ if (RAND_status() != 1) {
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+ rnd_fake = 1;
+ }
+ for (j = 0; j < DSA_NUM; j++) {
+ unsigned int kk;
+ int ret;
+
+ if (!dsa_doit[j])
+ continue;
+
+ /* DSA_generate_key(dsa_key[j]); */
+ /* DSA_sign_setup(dsa_key[j],NULL); */
+ ret = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]);
+ if (ret == 0) {
+ BIO_printf(bio_err,
+ "DSA sign failure. No DSA sign will be done.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ } else {
+ pkey_print_message("sign", "dsa",
+ dsa_c[j][0], dsa_bits[j], DSA_SECONDS);
+ Time_F(START);
+ for (count = 0, run = 1; COND(dsa_c[j][0]); count++) {
+ ret = DSA_sign(EVP_PKEY_DSA, buf, 20, buf2, &kk, dsa_key[j]);
+ if (ret == 0) {
+ BIO_printf(bio_err, "DSA sign failure\n");
+ ERR_print_errors(bio_err);
+ count = 1;
+ break;
+ }
+ }
+ d = Time_F(STOP);
+ BIO_printf(bio_err,
+ mr ? "+R3:%ld:%d:%.2f\n"
+ : "%ld %d bit DSA signs in %.2fs\n",
+ count, dsa_bits[j], d);
+ dsa_results[j][0] = d / (double)count;
+ rsa_count = count;
+ }
+
+ ret = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]);
+ if (ret <= 0) {
+ BIO_printf(bio_err,
+ "DSA verify failure. No DSA verify will be done.\n");
+ ERR_print_errors(bio_err);
+ dsa_doit[j] = 0;
+ } else {
+ pkey_print_message("verify", "dsa",
+ dsa_c[j][1], dsa_bits[j], DSA_SECONDS);
+ Time_F(START);
+ for (count = 0, run = 1; COND(dsa_c[j][1]); count++) {
+ ret = DSA_verify(EVP_PKEY_DSA, buf, 20, buf2, kk, dsa_key[j]);
+ if (ret <= 0) {
+ BIO_printf(bio_err, "DSA verify failure\n");
+ ERR_print_errors(bio_err);
+ count = 1;
+ break;
+ }
+ }
+ d = Time_F(STOP);
+ BIO_printf(bio_err,
+ mr ? "+R4:%ld:%d:%.2f\n"
+ : "%ld %d bit DSA verify in %.2fs\n",
+ count, dsa_bits[j], d);
+ dsa_results[j][1] = d / (double)count;
+ }
+
+ if (rsa_count <= 1) {
+ /* if longer than 10s, don't do any more */
+ for (j++; j < DSA_NUM; j++)
+ dsa_doit[j] = 0;
+ }
+ }
+ if (rnd_fake)
+ RAND_cleanup();
+# endif
+
+# ifndef OPENSSL_NO_ECDSA
+ if (RAND_status() != 1) {
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+ rnd_fake = 1;
+ }
+ for (j = 0; j < EC_NUM; j++) {
+ int ret;
+
+ if (!ecdsa_doit[j])
+ continue; /* Ignore Curve */
+ ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+ if (ecdsa[j] == NULL) {
+ BIO_printf(bio_err, "ECDSA failure.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ } else {
+# if 1
+ EC_KEY_precompute_mult(ecdsa[j], NULL);
+# endif
+ /* Perform ECDSA signature test */
+ EC_KEY_generate_key(ecdsa[j]);
+ ret = ECDSA_sign(0, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]);
+ if (ret == 0) {
+ BIO_printf(bio_err,
+ "ECDSA sign failure. No ECDSA sign will be done.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ } else {
+ pkey_print_message("sign", "ecdsa",
+ ecdsa_c[j][0],
+ test_curves_bits[j], ECDSA_SECONDS);
+
+ Time_F(START);
+ for (count = 0, run = 1; COND(ecdsa_c[j][0]); count++) {
+ ret = ECDSA_sign(0, buf, 20,
+ ecdsasig, &ecdsasiglen, ecdsa[j]);
+ if (ret == 0) {
+ BIO_printf(bio_err, "ECDSA sign failure\n");
+ ERR_print_errors(bio_err);
+ count = 1;
+ break;
+ }
+ }
+ d = Time_F(STOP);
+
+ BIO_printf(bio_err,
+ mr ? "+R5:%ld:%d:%.2f\n" :
+ "%ld %d bit ECDSA signs in %.2fs \n",
+ count, test_curves_bits[j], d);
+ ecdsa_results[j][0] = d / (double)count;
+ rsa_count = count;
+ }
+
+ /* Perform ECDSA verification test */
+ ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
+ if (ret != 1) {
+ BIO_printf(bio_err,
+ "ECDSA verify failure. No ECDSA verify will be done.\n");
+ ERR_print_errors(bio_err);
+ ecdsa_doit[j] = 0;
+ } else {
+ pkey_print_message("verify", "ecdsa",
+ ecdsa_c[j][1],
+ test_curves_bits[j], ECDSA_SECONDS);
+ Time_F(START);
+ for (count = 0, run = 1; COND(ecdsa_c[j][1]); count++) {
+ ret =
+ ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen,
+ ecdsa[j]);
+ if (ret != 1) {
+ BIO_printf(bio_err, "ECDSA verify failure\n");
+ ERR_print_errors(bio_err);
+ count = 1;
+ break;
+ }
+ }
+ d = Time_F(STOP);
+ BIO_printf(bio_err,
+ mr ? "+R6:%ld:%d:%.2f\n"
+ : "%ld %d bit ECDSA verify in %.2fs\n",
+ count, test_curves_bits[j], d);
+ ecdsa_results[j][1] = d / (double)count;
+ }
+
+ if (rsa_count <= 1) {
+ /* if longer than 10s, don't do any more */
+ for (j++; j < EC_NUM; j++)
+ ecdsa_doit[j] = 0;
+ }
+ }
+ }
+ if (rnd_fake)
+ RAND_cleanup();
+# endif
+
+# ifndef OPENSSL_NO_ECDH
+ if (RAND_status() != 1) {
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+ rnd_fake = 1;
+ }
+ for (j = 0; j < EC_NUM; j++) {
+ if (!ecdh_doit[j])
+ continue;
+ ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+ ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
+ if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL)) {
+ BIO_printf(bio_err, "ECDH failure.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ } else {
+ /* generate two ECDH key pairs */
+ if (!EC_KEY_generate_key(ecdh_a[j]) ||
+ !EC_KEY_generate_key(ecdh_b[j])) {
+ BIO_printf(bio_err, "ECDH key generation failure.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ } else {
+ /*
+ * If field size is not more than 24 octets, then use SHA-1
+ * hash of result; otherwise, use result (see section 4.8 of
+ * draft-ietf-tls-ecc-03.txt).
+ */
+ int field_size, outlen;
+ void *(*kdf) (const void *in, size_t inlen, void *out,
+ size_t *xoutlen);
+ field_size =
+ EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
+ if (field_size <= 24 * 8) {
+ outlen = KDF1_SHA1_len;
+ kdf = KDF1_SHA1;
+ } else {
+ outlen = (field_size + 7) / 8;
+ kdf = NULL;
+ }
+ secret_size_a =
+ ECDH_compute_key(secret_a, outlen,
+ EC_KEY_get0_public_key(ecdh_b[j]),
+ ecdh_a[j], kdf);
+ secret_size_b =
+ ECDH_compute_key(secret_b, outlen,
+ EC_KEY_get0_public_key(ecdh_a[j]),
+ ecdh_b[j], kdf);
+ if (secret_size_a != secret_size_b)
+ ecdh_checks = 0;
+ else
+ ecdh_checks = 1;
+
+ for (secret_idx = 0; (secret_idx < secret_size_a)
+ && (ecdh_checks == 1); secret_idx++) {
+ if (secret_a[secret_idx] != secret_b[secret_idx])
+ ecdh_checks = 0;
+ }
+
+ if (ecdh_checks == 0) {
+ BIO_printf(bio_err, "ECDH computations don't match.\n");
+ ERR_print_errors(bio_err);
+ rsa_count = 1;
+ }
+
+ pkey_print_message("", "ecdh",
+ ecdh_c[j][0],
+ test_curves_bits[j], ECDH_SECONDS);
+ Time_F(START);
+ for (count = 0, run = 1; COND(ecdh_c[j][0]); count++) {
+ ECDH_compute_key(secret_a, outlen,
+ EC_KEY_get0_public_key(ecdh_b[j]),
+ ecdh_a[j], kdf);
+ }
+ d = Time_F(STOP);
+ BIO_printf(bio_err,
+ mr ? "+R7:%ld:%d:%.2f\n" :
+ "%ld %d-bit ECDH ops in %.2fs\n", count,
+ test_curves_bits[j], d);
+ ecdh_results[j][0] = d / (double)count;
+ rsa_count = count;
+ }
+ }
+
+ if (rsa_count <= 1) {
+ /* if longer than 10s, don't do any more */
+ for (j++; j < EC_NUM; j++)
+ ecdh_doit[j] = 0;
+ }
+ }
+ if (rnd_fake)
+ RAND_cleanup();
+# endif
+# ifndef NO_FORK
+ show_res:
+# endif
+ if (!mr) {
+ fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_VERSION));
+ fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_BUILT_ON));
+ printf("options:");
+ printf("%s ", BN_options());
+# ifndef OPENSSL_NO_MD2
+ printf("%s ", MD2_options());
+# endif
+# ifndef OPENSSL_NO_RC4
+ printf("%s ", RC4_options());
+# endif
+# ifndef OPENSSL_NO_DES
+ printf("%s ", DES_options());
+# endif
+# ifndef OPENSSL_NO_AES
+ printf("%s ", AES_options());
+# endif
+# ifndef OPENSSL_NO_IDEA
+ printf("%s ", idea_options());
+# endif
+# ifndef OPENSSL_NO_BF
+ printf("%s ", BF_options());
+# endif
+ fprintf(stdout, "\n%s\n", SSLeay_version(SSLEAY_CFLAGS));
+ printf("available timing options: ");
+# ifdef TIMES
+ printf("TIMES ");
+# endif
+# ifdef TIMEB
+ printf("TIMEB ");
+# endif
+# ifdef USE_TOD
+ printf("USE_TOD ");
+# endif
+# ifdef HZ
+# define as_string(s) (#s)
+ {
+ double dbl = HZ;
+ printf("HZ=%g", dbl);
+ }
+# ifdef _SC_CLK_TCK
+ printf(" [sysconf value]");
+# endif
+# endif
+ printf("\n");
+ printf("timing function used: %s%s%s%s%s%s%s\n",
+ (ftime_used ? "ftime" : ""),
+ (ftime_used + times_used > 1 ? "," : ""),
+ (times_used ? "times" : ""),
+ (ftime_used + times_used + gettimeofday_used > 1 ? "," : ""),
+ (gettimeofday_used ? "gettimeofday" : ""),
+ (ftime_used + times_used + gettimeofday_used + getrusage_used >
+ 1 ? "," : ""), (getrusage_used ? "getrusage" : ""));
+ }
+
+ if (pr_header) {
+ if (mr)
+ fprintf(stdout, "+H");
+ else {
+ fprintf(stdout,
+ "The 'numbers' are in 1000s of bytes per second processed.\n");
+ fprintf(stdout, "type ");
+ }
+ for (j = 0; j < SIZE_NUM; j++)
+ fprintf(stdout, mr ? ":%d" : "%7d bytes", lengths[j]);
+ fprintf(stdout, "\n");
+ }
+
+ for (k = 0; k < ALGOR_NUM; k++) {
+ if (!doit[k])
+ continue;
+ if (mr)
+ fprintf(stdout, "+F:%d:%s", k, names[k]);
+ else
+ fprintf(stdout, "%-13s", names[k]);
+ for (j = 0; j < SIZE_NUM; j++) {
+ if (results[k][j] > 10000 && !mr)
+ fprintf(stdout, " %11.2fk", results[k][j] / 1e3);
+ else
+ fprintf(stdout, mr ? ":%.2f" : " %11.2f ", results[k][j]);
+ }
+ fprintf(stdout, "\n");
+ }
+# ifndef OPENSSL_NO_RSA
+ j = 1;
+ for (k = 0; k < RSA_NUM; k++) {
+ if (!rsa_doit[k])
+ continue;
+ if (j && !mr) {
+ printf("%18ssign verify sign/s verify/s\n", " ");
+ j = 0;
+ }
+ if (mr)
+ fprintf(stdout, "+F2:%u:%u:%f:%f\n",
+ k, rsa_bits[k], rsa_results[k][0], rsa_results[k][1]);
+ else
+ fprintf(stdout, "rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+ rsa_bits[k], rsa_results[k][0], rsa_results[k][1],
+ 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1]);
+ }
+# endif
+# ifndef OPENSSL_NO_DSA
+ j = 1;
+ for (k = 0; k < DSA_NUM; k++) {
+ if (!dsa_doit[k])
+ continue;
+ if (j && !mr) {
+ printf("%18ssign verify sign/s verify/s\n", " ");
+ j = 0;
+ }
+ if (mr)
+ fprintf(stdout, "+F3:%u:%u:%f:%f\n",
+ k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
+ else
+ fprintf(stdout, "dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+ dsa_bits[k], dsa_results[k][0], dsa_results[k][1],
+ 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]);
+ }
+# endif
+# ifndef OPENSSL_NO_ECDSA
+ j = 1;
+ for (k = 0; k < EC_NUM; k++) {
+ if (!ecdsa_doit[k])
+ continue;
+ if (j && !mr) {
+ printf("%30ssign verify sign/s verify/s\n", " ");
+ j = 0;
+ }
+
+ if (mr)
+ fprintf(stdout, "+F4:%u:%u:%f:%f\n",
+ k, test_curves_bits[k],
+ ecdsa_results[k][0], ecdsa_results[k][1]);
+ else
+ fprintf(stdout,
+ "%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
+ test_curves_bits[k],
+ test_curves_names[k],
+ ecdsa_results[k][0], ecdsa_results[k][1],
+ 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]);
+ }
+# endif
+
+# ifndef OPENSSL_NO_ECDH
+ j = 1;
+ for (k = 0; k < EC_NUM; k++) {
+ if (!ecdh_doit[k])
+ continue;
+ if (j && !mr) {
+ printf("%30sop op/s\n", " ");
+ j = 0;
+ }
+ if (mr)
+ fprintf(stdout, "+F5:%u:%u:%f:%f\n",
+ k, test_curves_bits[k],
+ ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
+
+ else
+ fprintf(stdout, "%4u bit ecdh (%s) %8.4fs %8.1f\n",
+ test_curves_bits[k],
+ test_curves_names[k],
+ ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
+ }
+# endif
+
+ mret = 0;
+
+ end:
+ ERR_print_errors(bio_err);
+ if (buf != NULL)
+ OPENSSL_free(buf);
+ if (buf2 != NULL)
+ OPENSSL_free(buf2);
+# ifndef OPENSSL_NO_RSA
+ for (i = 0; i < RSA_NUM; i++)
+ if (rsa_key[i] != NULL)
+ RSA_free(rsa_key[i]);
+# endif
+# ifndef OPENSSL_NO_DSA
+ for (i = 0; i < DSA_NUM; i++)
+ if (dsa_key[i] != NULL)
+ DSA_free(dsa_key[i]);
+# endif
+
+# ifndef OPENSSL_NO_ECDSA
+ for (i = 0; i < EC_NUM; i++)
+ if (ecdsa[i] != NULL)
+ EC_KEY_free(ecdsa[i]);
+# endif
+# ifndef OPENSSL_NO_ECDH
+ for (i = 0; i < EC_NUM; i++) {
+ if (ecdh_a[i] != NULL)
+ EC_KEY_free(ecdh_a[i]);
+ if (ecdh_b[i] != NULL)
+ EC_KEY_free(ecdh_b[i]);
+ }
+# endif
+
+ apps_shutdown();
+ OPENSSL_EXIT(mret);
+}
+
+static void print_message(const char *s, long num, int length)
+{
+# ifdef SIGALRM
+ BIO_printf(bio_err,
+ mr ? "+DT:%s:%d:%d\n"
+ : "Doing %s for %ds on %d size blocks: ", s, SECONDS, length);
+ (void)BIO_flush(bio_err);
+ alarm(SECONDS);
+# else
+ BIO_printf(bio_err,
+ mr ? "+DN:%s:%ld:%d\n"
+ : "Doing %s %ld times on %d size blocks: ", s, num, length);
+ (void)BIO_flush(bio_err);
+# endif
+# ifdef LINT
+ num = num;
+# endif
+}
+
+static void pkey_print_message(const char *str, const char *str2, long num,
+ int bits, int tm)
+{
+# ifdef SIGALRM
+ BIO_printf(bio_err,
+ mr ? "+DTP:%d:%s:%s:%d\n"
+ : "Doing %d bit %s %s's for %ds: ", bits, str, str2, tm);
+ (void)BIO_flush(bio_err);
+ alarm(RSA_SECONDS);
+# else
+ BIO_printf(bio_err,
+ mr ? "+DNP:%ld:%d:%s:%s\n"
+ : "Doing %ld %d bit %s %s's: ", num, bits, str, str2);
+ (void)BIO_flush(bio_err);
+# endif
+# ifdef LINT
+ num = num;
+# endif
+}
+
+static void print_result(int alg, int run_no, int count, double time_used)
+{
+ BIO_printf(bio_err,
+ mr ? "+R:%d:%s:%f\n"
+ : "%d %s's in %.2fs\n", count, names[alg], time_used);
+ results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
+}
+
+# ifndef NO_FORK
+static char *sstrsep(char **string, const char *delim)
+{
+ char isdelim[256];
+ char *token = *string;
+
+ if (**string == 0)
+ return NULL;
+
+ memset(isdelim, 0, sizeof isdelim);
+ isdelim[0] = 1;
+
+ while (*delim) {
+ isdelim[(unsigned char)(*delim)] = 1;
+ delim++;
+ }
+
+ while (!isdelim[(unsigned char)(**string)]) {
+ (*string)++;
+ }
+
+ if (**string) {
+ **string = 0;
+ (*string)++;
+ }
+
+ return token;
+}
+
+static int do_multi(int multi)
+{
+ int n;
+ int fd[2];
+ int *fds;
+ static char sep[] = ":";
+
+ fds = malloc(multi * sizeof *fds);
+ for (n = 0; n < multi; ++n) {
+ if (pipe(fd) == -1) {
+ fprintf(stderr, "pipe failure\n");
+ exit(1);
+ }
+ fflush(stdout);
+ fflush(stderr);
+ if (fork()) {
+ close(fd[1]);
+ fds[n] = fd[0];
+ } else {
+ close(fd[0]);
+ close(1);
+ if (dup(fd[1]) == -1) {
+ fprintf(stderr, "dup failed\n");
+ exit(1);
+ }
+ close(fd[1]);
+ mr = 1;
+ usertime = 0;
+ return 0;
+ }
+ printf("Forked child %d\n", n);
+ }
+
+ /* for now, assume the pipe is long enough to take all the output */
+ for (n = 0; n < multi; ++n) {
+ FILE *f;
+ char buf[1024];
+ char *p;
+
+ f = fdopen(fds[n], "r");
+ while (fgets(buf, sizeof buf, f)) {
+ p = strchr(buf, '\n');
+ if (p)
+ *p = '\0';
+ if (buf[0] != '+') {
+ fprintf(stderr, "Don't understand line '%s' from child %d\n",
+ buf, n);
+ continue;
+ }
+ printf("Got: %s from %d\n", buf, n);
+ if (!strncmp(buf, "+F:", 3)) {
+ int alg;
+ int j;
+
+ p = buf + 3;
+ alg = atoi(sstrsep(&p, sep));
+ sstrsep(&p, sep);
+ for (j = 0; j < SIZE_NUM; ++j)
+ results[alg][j] += atof(sstrsep(&p, sep));
+ } else if (!strncmp(buf, "+F2:", 4)) {
+ int k;
+ double d;
+
+ p = buf + 4;
+ k = atoi(sstrsep(&p, sep));
+ sstrsep(&p, sep);
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d);
+ else
+ rsa_results[k][0] = d;
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d);
+ else
+ rsa_results[k][1] = d;
+ } else if (!strncmp(buf, "+F2:", 4)) {
+ int k;
+ double d;
+
+ p = buf + 4;
+ k = atoi(sstrsep(&p, sep));
+ sstrsep(&p, sep);
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ rsa_results[k][0] = 1 / (1 / rsa_results[k][0] + 1 / d);
+ else
+ rsa_results[k][0] = d;
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ rsa_results[k][1] = 1 / (1 / rsa_results[k][1] + 1 / d);
+ else
+ rsa_results[k][1] = d;
+ } else if (!strncmp(buf, "+F3:", 4)) {
+ int k;
+ double d;
+
+ p = buf + 4;
+ k = atoi(sstrsep(&p, sep));
+ sstrsep(&p, sep);
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ dsa_results[k][0] = 1 / (1 / dsa_results[k][0] + 1 / d);
+ else
+ dsa_results[k][0] = d;
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ dsa_results[k][1] = 1 / (1 / dsa_results[k][1] + 1 / d);
+ else
+ dsa_results[k][1] = d;
+ }
+# ifndef OPENSSL_NO_ECDSA
+ else if (!strncmp(buf, "+F4:", 4)) {
+ int k;
+ double d;
+
+ p = buf + 4;
+ k = atoi(sstrsep(&p, sep));
+ sstrsep(&p, sep);
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ ecdsa_results[k][0] =
+ 1 / (1 / ecdsa_results[k][0] + 1 / d);
+ else
+ ecdsa_results[k][0] = d;
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ ecdsa_results[k][1] =
+ 1 / (1 / ecdsa_results[k][1] + 1 / d);
+ else
+ ecdsa_results[k][1] = d;
+ }
+# endif
+
+# ifndef OPENSSL_NO_ECDH
+ else if (!strncmp(buf, "+F5:", 4)) {
+ int k;
+ double d;
+
+ p = buf + 4;
+ k = atoi(sstrsep(&p, sep));
+ sstrsep(&p, sep);
+
+ d = atof(sstrsep(&p, sep));
+ if (n)
+ ecdh_results[k][0] = 1 / (1 / ecdh_results[k][0] + 1 / d);
+ else
+ ecdh_results[k][0] = d;
+
+ }
+# endif
+
+ else if (!strncmp(buf, "+H:", 3)) {
+ } else
+ fprintf(stderr, "Unknown type '%s' from child %d\n", buf, n);
+ }
+ }
+ return 1;
+}
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/apps/spkac.c
===================================================================
--- vendor-crypto/openssl/dist/apps/spkac.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/spkac.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,308 +0,0 @@
-/* apps/spkac.c */
-
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999. Based on an original idea by Massimiliano Pala
- * (madwolf at openca.org).
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/lhash.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG spkac_main
-
-/* -in arg - input file - default stdin
- * -out arg - output file - default stdout
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- int i,badops=0, ret = 1;
- BIO *in = NULL,*out = NULL;
- int verify=0,noout=0,pubkey=0;
- char *infile = NULL,*outfile = NULL,*prog;
- char *passargin = NULL, *passin = NULL;
- const char *spkac = "SPKAC", *spksect = "default";
- char *spkstr = NULL;
- char *challenge = NULL, *keyfile = NULL;
- CONF *conf = NULL;
- NETSCAPE_SPKI *spki = NULL;
- EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- apps_startup();
-
- if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- keyfile= *(++argv);
- }
- else if (strcmp(*argv,"-challenge") == 0)
- {
- if (--argc < 1) goto bad;
- challenge= *(++argv);
- }
- else if (strcmp(*argv,"-spkac") == 0)
- {
- if (--argc < 1) goto bad;
- spkac= *(++argv);
- }
- else if (strcmp(*argv,"-spksect") == 0)
- {
- if (--argc < 1) goto bad;
- spksect= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-pubkey") == 0)
- pubkey=1;
- else if (strcmp(*argv,"-verify") == 0)
- verify=1;
- else badops = 1;
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options]\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -key arg create SPKAC using private key\n");
- BIO_printf(bio_err," -passin arg input file pass phrase source\n");
- BIO_printf(bio_err," -challenge arg challenge string\n");
- BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
- BIO_printf(bio_err," -noout don't print SPKAC\n");
- BIO_printf(bio_err," -pubkey output public key\n");
- BIO_printf(bio_err," -verify verify SPKAC signature\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- goto end;
- }
-
- ERR_load_crypto_strings();
- if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if(keyfile) {
- pkey = load_key(bio_err,
- strcmp(keyfile, "-") ? keyfile : NULL,
- FORMAT_PEM, 1, passin, e, "private key");
- if(!pkey) {
- goto end;
- }
- spki = NETSCAPE_SPKI_new();
- if(challenge) ASN1_STRING_set(spki->spkac->challenge,
- challenge, (int)strlen(challenge));
- NETSCAPE_SPKI_set_pubkey(spki, pkey);
- NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
- spkstr = NETSCAPE_SPKI_b64_encode(spki);
-
- if (outfile) out = BIO_new_file(outfile, "w");
- else {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
-
- if(!out) {
- BIO_printf(bio_err, "Error opening output file\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_printf(out, "SPKAC=%s\n", spkstr);
- OPENSSL_free(spkstr);
- ret = 0;
- goto end;
- }
-
-
-
- if (infile) in = BIO_new_file(infile, "r");
- else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
- if(!in) {
- BIO_printf(bio_err, "Error opening input file\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- conf = NCONF_new(NULL);
- i = NCONF_load_bio(conf, in, NULL);
-
- if(!i) {
- BIO_printf(bio_err, "Error parsing config file\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- spkstr = NCONF_get_string(conf, spksect, spkac);
-
- if(!spkstr) {
- BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
-
- if(!spki) {
- BIO_printf(bio_err, "Error loading SPKAC\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile) out = BIO_new_file(outfile, "w");
- else {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
-
- if(!out) {
- BIO_printf(bio_err, "Error opening output file\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if(!noout) NETSCAPE_SPKI_print(out, spki);
- pkey = NETSCAPE_SPKI_get_pubkey(spki);
- if(verify) {
- i = NETSCAPE_SPKI_verify(spki, pkey);
- if (i > 0) BIO_printf(bio_err, "Signature OK\n");
- else {
- BIO_printf(bio_err, "Signature Failure\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
-
- ret = 0;
-
-end:
- NCONF_free(conf);
- NETSCAPE_SPKI_free(spki);
- BIO_free(in);
- BIO_free_all(out);
- EVP_PKEY_free(pkey);
- if(passin) OPENSSL_free(passin);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/spkac.c (from rev 6976, vendor-crypto/openssl/dist/apps/spkac.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/spkac.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/spkac.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,312 @@
+/* apps/spkac.c */
+
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999. Based on an original idea by Massimiliano Pala (madwolf at openca.org).
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG spkac_main
+
+/*-
+ * -in arg - input file - default stdin
+ * -out arg - output file - default stdout
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ int i, badops = 0, ret = 1;
+ BIO *in = NULL, *out = NULL;
+ int verify = 0, noout = 0, pubkey = 0;
+ char *infile = NULL, *outfile = NULL, *prog;
+ char *passargin = NULL, *passin = NULL;
+ const char *spkac = "SPKAC", *spksect = "default";
+ char *spkstr = NULL;
+ char *challenge = NULL, *keyfile = NULL;
+ CONF *conf = NULL;
+ NETSCAPE_SPKI *spki = NULL;
+ EVP_PKEY *pkey = NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+
+ apps_startup();
+
+ if (!bio_err)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ prog = argv[0];
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyfile = *(++argv);
+ } else if (strcmp(*argv, "-challenge") == 0) {
+ if (--argc < 1)
+ goto bad;
+ challenge = *(++argv);
+ } else if (strcmp(*argv, "-spkac") == 0) {
+ if (--argc < 1)
+ goto bad;
+ spkac = *(++argv);
+ } else if (strcmp(*argv, "-spksect") == 0) {
+ if (--argc < 1)
+ goto bad;
+ spksect = *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv, "-noout") == 0)
+ noout = 1;
+ else if (strcmp(*argv, "-pubkey") == 0)
+ pubkey = 1;
+ else if (strcmp(*argv, "-verify") == 0)
+ verify = 1;
+ else
+ badops = 1;
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ BIO_printf(bio_err, "%s [options]\n", prog);
+ BIO_printf(bio_err, "where options are\n");
+ BIO_printf(bio_err, " -in arg input file\n");
+ BIO_printf(bio_err, " -out arg output file\n");
+ BIO_printf(bio_err,
+ " -key arg create SPKAC using private key\n");
+ BIO_printf(bio_err,
+ " -passin arg input file pass phrase source\n");
+ BIO_printf(bio_err, " -challenge arg challenge string\n");
+ BIO_printf(bio_err, " -spkac arg alternative SPKAC name\n");
+ BIO_printf(bio_err, " -noout don't print SPKAC\n");
+ BIO_printf(bio_err, " -pubkey output public key\n");
+ BIO_printf(bio_err, " -verify verify SPKAC signature\n");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+ " -engine e use engine e, possibly a hardware device.\n");
+#endif
+ goto end;
+ }
+
+ ERR_load_crypto_strings();
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (keyfile) {
+ pkey = load_key(bio_err,
+ strcmp(keyfile, "-") ? keyfile : NULL,
+ FORMAT_PEM, 1, passin, e, "private key");
+ if (!pkey) {
+ goto end;
+ }
+ spki = NETSCAPE_SPKI_new();
+ if (challenge)
+ ASN1_STRING_set(spki->spkac->challenge,
+ challenge, (int)strlen(challenge));
+ NETSCAPE_SPKI_set_pubkey(spki, pkey);
+ NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+ spkstr = NETSCAPE_SPKI_b64_encode(spki);
+
+ if (outfile)
+ out = BIO_new_file(outfile, "w");
+ else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if (!out) {
+ BIO_printf(bio_err, "Error opening output file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(out, "SPKAC=%s\n", spkstr);
+ OPENSSL_free(spkstr);
+ ret = 0;
+ goto end;
+ }
+
+ if (infile)
+ in = BIO_new_file(infile, "r");
+ else
+ in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if (!in) {
+ BIO_printf(bio_err, "Error opening input file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ conf = NCONF_new(NULL);
+ i = NCONF_load_bio(conf, in, NULL);
+
+ if (!i) {
+ BIO_printf(bio_err, "Error parsing config file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ spkstr = NCONF_get_string(conf, spksect, spkac);
+
+ if (!spkstr) {
+ BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
+
+ if (!spki) {
+ BIO_printf(bio_err, "Error loading SPKAC\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (outfile)
+ out = BIO_new_file(outfile, "w");
+ else {
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ }
+
+ if (!out) {
+ BIO_printf(bio_err, "Error opening output file\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (!noout)
+ NETSCAPE_SPKI_print(out, spki);
+ pkey = NETSCAPE_SPKI_get_pubkey(spki);
+ if (verify) {
+ i = NETSCAPE_SPKI_verify(spki, pkey);
+ if (i > 0)
+ BIO_printf(bio_err, "Signature OK\n");
+ else {
+ BIO_printf(bio_err, "Signature Failure\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+ if (pubkey)
+ PEM_write_bio_PUBKEY(out, pkey);
+
+ ret = 0;
+
+ end:
+ NCONF_free(conf);
+ NETSCAPE_SPKI_free(spki);
+ BIO_free(in);
+ BIO_free_all(out);
+ EVP_PKEY_free(pkey);
+ if (passin)
+ OPENSSL_free(passin);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/testdsa.h
===================================================================
--- vendor-crypto/openssl/dist/apps/testdsa.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/testdsa.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,217 +0,0 @@
-/* NOCW */
-/* used by apps/speed.c */
-DSA *get_dsa512(void );
-DSA *get_dsa1024(void );
-DSA *get_dsa2048(void );
-static unsigned char dsa512_priv[] = {
- 0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,
- 0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,
- };
-static unsigned char dsa512_pub[] = {
- 0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,
- 0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,
- 0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e,
- 0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12,
- 0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,
- 0xbe,0xba,0x0a,0x6b,0xc8,
- };
-static unsigned char dsa512_p[]={
- 0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
- 0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
- 0x62,0x50,0x33,0x4B,0x02,0x3C,0x52,0x30,0x03,0x8B,0x3B,0xF9,
- 0x5F,0xD1,0x24,0x06,0x4F,0x7B,0x4C,0xBA,0xAA,0x40,0x9B,0xFD,
- 0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66,
- 0xA2,0x76,0x7D,0x31,
- };
-static unsigned char dsa512_q[]={
- 0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,
- 0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F,
- };
-static unsigned char dsa512_g[]={
- 0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49,
- 0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,
- 0xBE,0x5B,0x5F,0xB7,0x10,0xD7,0x89,0xB7,0x8E,0x74,0xFB,0xCF,
- 0x29,0x1E,0xEB,0xA8,0x2C,0x54,0x51,0xB8,0x10,0xDE,0xA0,0xCE,
- 0x2F,0xCC,0x24,0x6B,0x90,0x77,0xDE,0xA2,0x68,0xA6,0x52,0x12,
- 0xA2,0x03,0x9D,0x20,
- };
-
-DSA *get_dsa512()
- {
- DSA *dsa;
-
- if ((dsa=DSA_new()) == NULL) return(NULL);
- dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);
- dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);
- dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
- dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
- dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
- if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
- (dsa->q == NULL) || (dsa->g == NULL))
- return(NULL);
- return(dsa);
- }
-
-static unsigned char dsa1024_priv[]={
- 0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,
- 0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,
- };
-static unsigned char dsa1024_pub[]={
- 0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,
- 0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,
- 0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e,
- 0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5,
- 0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68,
- 0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82,
- 0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04,
- 0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28,
- 0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e,
- 0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,
- 0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b
- };
-static unsigned char dsa1024_p[]={
- 0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
- 0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
- 0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73,
- 0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9,
- 0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5,
- 0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E,
- 0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7,
- 0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95,
- 0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE,
- 0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,
- 0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,
- };
-static unsigned char dsa1024_q[]={
- 0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,
- 0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,
- };
-static unsigned char dsa1024_g[]={
- 0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,
- 0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,
- 0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88,
- 0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18,
- 0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61,
- 0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F,
- 0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16,
- 0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6,
- 0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5,
- 0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5,
- 0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8,
- };
-
-DSA *get_dsa1024()
- {
- DSA *dsa;
-
- if ((dsa=DSA_new()) == NULL) return(NULL);
- dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);
- dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);
- dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
- dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
- dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
- if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
- (dsa->q == NULL) || (dsa->g == NULL))
- return(NULL);
- return(dsa);
- }
-
-static unsigned char dsa2048_priv[]={
- 0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,
- 0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,
- };
-static unsigned char dsa2048_pub[]={
- 0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,
- 0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,
- 0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47,
- 0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53,
- 0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f,
- 0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50,
- 0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9,
- 0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a,
- 0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d,
- 0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24,
- 0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03,
- 0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36,
- 0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34,
- 0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14,
- 0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04,
- 0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8,
- 0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9,
- 0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51,
- 0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d,
- 0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18,
- 0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,
- 0x8b,0x33,0xb7,0xce,
- };
-static unsigned char dsa2048_p[]={
- 0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
- 0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
- 0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2,
- 0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E,
- 0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19,
- 0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58,
- 0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B,
- 0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C,
- 0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF,
- 0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56,
- 0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51,
- 0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62,
- 0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18,
- 0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72,
- 0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C,
- 0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5,
- 0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4,
- 0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8,
- 0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F,
- 0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A,
- 0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,
- 0xF8,0x68,0xCF,0x9B,
- };
-static unsigned char dsa2048_q[]={
- 0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,
- 0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,
- };
-static unsigned char dsa2048_g[]={
- 0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,
- 0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,
- 0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C,
- 0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E,
- 0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29,
- 0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8,
- 0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D,
- 0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A,
- 0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F,
- 0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B,
- 0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E,
- 0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7,
- 0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40,
- 0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6,
- 0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5,
- 0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5,
- 0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72,
- 0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64,
- 0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01,
- 0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99,
- 0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E,
- 0xF8,0xB2,0xE5,0x38,
- };
-
-DSA *get_dsa2048()
- {
- DSA *dsa;
-
- if ((dsa=DSA_new()) == NULL) return(NULL);
- dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);
- dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);
- dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
- dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
- dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
- if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
- (dsa->q == NULL) || (dsa->g == NULL))
- return(NULL);
- return(dsa);
- }
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-static int rnd_fake = 0;
Copied: vendor-crypto/openssl/0.9.8zf/apps/testdsa.h (from rev 6976, vendor-crypto/openssl/dist/apps/testdsa.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/testdsa.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/testdsa.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,233 @@
+/* NOCW */
+/* used by apps/speed.c */
+DSA *get_dsa512(void);
+DSA *get_dsa1024(void);
+DSA *get_dsa2048(void);
+static unsigned char dsa512_priv[] = {
+ 0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c,
+ 0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2,
+};
+
+static unsigned char dsa512_pub[] = {
+ 0x00, 0x95, 0xa7, 0x0d, 0xec, 0x93, 0x68, 0xba, 0x5f, 0xf7, 0x5f, 0x07,
+ 0xf2, 0x3b, 0xad, 0x6b, 0x01, 0xdc, 0xbe, 0xec, 0xde, 0x04, 0x7a, 0x3a,
+ 0x27, 0xb3, 0xec, 0x49, 0xfd, 0x08, 0x43, 0x3d, 0x7e, 0xa8, 0x2c, 0x5e,
+ 0x7b, 0xbb, 0xfc, 0xf4, 0x6e, 0xeb, 0x6c, 0xb0, 0x6e, 0xf8, 0x02, 0x12,
+ 0x8c, 0x38, 0x5d, 0x83, 0x56, 0x7d, 0xee, 0x53, 0x05, 0x3e, 0x24, 0x84,
+ 0xbe, 0xba, 0x0a, 0x6b, 0xc8,
+};
+
+static unsigned char dsa512_p[] = {
+ 0x9D, 0x1B, 0x69, 0x8E, 0x26, 0xDB, 0xF2, 0x2B, 0x11, 0x70, 0x19, 0x86,
+ 0xF6, 0x19, 0xC8, 0xF8, 0x19, 0xF2, 0x18, 0x53, 0x94, 0x46, 0x06, 0xD0,
+ 0x62, 0x50, 0x33, 0x4B, 0x02, 0x3C, 0x52, 0x30, 0x03, 0x8B, 0x3B, 0xF9,
+ 0x5F, 0xD1, 0x24, 0x06, 0x4F, 0x7B, 0x4C, 0xBA, 0xAA, 0x40, 0x9B, 0xFD,
+ 0x96, 0xE4, 0x37, 0x33, 0xBB, 0x2D, 0x5A, 0xD7, 0x5A, 0x11, 0x40, 0x66,
+ 0xA2, 0x76, 0x7D, 0x31,
+};
+
+static unsigned char dsa512_q[] = {
+ 0xFB, 0x53, 0xEF, 0x50, 0xB4, 0x40, 0x92, 0x31, 0x56, 0x86, 0x53, 0x7A,
+ 0xE8, 0x8B, 0x22, 0x9A, 0x49, 0xFB, 0x71, 0x8F,
+};
+
+static unsigned char dsa512_g[] = {
+ 0x83, 0x3E, 0x88, 0xE5, 0xC5, 0x89, 0x73, 0xCE, 0x3B, 0x6C, 0x01, 0x49,
+ 0xBF, 0xB3, 0xC7, 0x9F, 0x0A, 0xEA, 0x44, 0x91, 0xE5, 0x30, 0xAA, 0xD9,
+ 0xBE, 0x5B, 0x5F, 0xB7, 0x10, 0xD7, 0x89, 0xB7, 0x8E, 0x74, 0xFB, 0xCF,
+ 0x29, 0x1E, 0xEB, 0xA8, 0x2C, 0x54, 0x51, 0xB8, 0x10, 0xDE, 0xA0, 0xCE,
+ 0x2F, 0xCC, 0x24, 0x6B, 0x90, 0x77, 0xDE, 0xA2, 0x68, 0xA6, 0x52, 0x12,
+ 0xA2, 0x03, 0x9D, 0x20,
+};
+
+DSA *get_dsa512()
+{
+ DSA *dsa;
+
+ if ((dsa = DSA_new()) == NULL)
+ return (NULL);
+ dsa->priv_key = BN_bin2bn(dsa512_priv, sizeof(dsa512_priv), NULL);
+ dsa->pub_key = BN_bin2bn(dsa512_pub, sizeof(dsa512_pub), NULL);
+ dsa->p = BN_bin2bn(dsa512_p, sizeof(dsa512_p), NULL);
+ dsa->q = BN_bin2bn(dsa512_q, sizeof(dsa512_q), NULL);
+ dsa->g = BN_bin2bn(dsa512_g, sizeof(dsa512_g), NULL);
+ if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
+ || (dsa->q == NULL) || (dsa->g == NULL))
+ return (NULL);
+ return (dsa);
+}
+
+static unsigned char dsa1024_priv[] = {
+ 0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8,
+ 0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18,
+};
+
+static unsigned char dsa1024_pub[] = {
+ 0x3c, 0x4e, 0x9c, 0x2a, 0x7f, 0x16, 0xc1, 0x25, 0xeb, 0xac, 0x78, 0x63,
+ 0x90, 0x14, 0x8c, 0x8b, 0xf4, 0x68, 0x43, 0x3c, 0x2d, 0xee, 0x65, 0x50,
+ 0x7d, 0x9c, 0x8f, 0x8c, 0x8a, 0x51, 0xd6, 0x11, 0x2b, 0x99, 0xaf, 0x1e,
+ 0x90, 0x97, 0xb5, 0xd3, 0xa6, 0x20, 0x25, 0xd6, 0xfe, 0x43, 0x02, 0xd5,
+ 0x91, 0x7d, 0xa7, 0x8c, 0xdb, 0xc9, 0x85, 0xa3, 0x36, 0x48, 0xf7, 0x68,
+ 0xaa, 0x60, 0xb1, 0xf7, 0x05, 0x68, 0x3a, 0xa3, 0x3f, 0xd3, 0x19, 0x82,
+ 0xd8, 0x82, 0x7a, 0x77, 0xfb, 0xef, 0xf4, 0x15, 0x0a, 0xeb, 0x06, 0x04,
+ 0x7f, 0x53, 0x07, 0x0c, 0xbc, 0xcb, 0x2d, 0x83, 0xdb, 0x3e, 0xd1, 0x28,
+ 0xa5, 0xa1, 0x31, 0xe0, 0x67, 0xfa, 0x50, 0xde, 0x9b, 0x07, 0x83, 0x7e,
+ 0x2c, 0x0b, 0xc3, 0x13, 0x50, 0x61, 0xe5, 0xad, 0xbd, 0x36, 0xb8, 0x97,
+ 0x4e, 0x40, 0x7d, 0xe8, 0x83, 0x0d, 0xbc, 0x4b
+};
+
+static unsigned char dsa1024_p[] = {
+ 0xA7, 0x3F, 0x6E, 0x85, 0xBF, 0x41, 0x6A, 0x29, 0x7D, 0xF0, 0x9F, 0x47,
+ 0x19, 0x30, 0x90, 0x9A, 0x09, 0x1D, 0xDA, 0x6A, 0x33, 0x1E, 0xC5, 0x3D,
+ 0x86, 0x96, 0xB3, 0x15, 0xE0, 0x53, 0x2E, 0x8F, 0xE0, 0x59, 0x82, 0x73,
+ 0x90, 0x3E, 0x75, 0x31, 0x99, 0x47, 0x7A, 0x52, 0xFB, 0x85, 0xE4, 0xD9,
+ 0xA6, 0x7B, 0x38, 0x9B, 0x68, 0x8A, 0x84, 0x9B, 0x87, 0xC6, 0x1E, 0xB5,
+ 0x7E, 0x86, 0x4B, 0x53, 0x5B, 0x59, 0xCF, 0x71, 0x65, 0x19, 0x88, 0x6E,
+ 0xCE, 0x66, 0xAE, 0x6B, 0x88, 0x36, 0xFB, 0xEC, 0x28, 0xDC, 0xC2, 0xD7,
+ 0xA5, 0xBB, 0xE5, 0x2C, 0x39, 0x26, 0x4B, 0xDA, 0x9A, 0x70, 0x18, 0x95,
+ 0x37, 0x95, 0x10, 0x56, 0x23, 0xF6, 0x15, 0xED, 0xBA, 0x04, 0x5E, 0xDE,
+ 0x39, 0x4F, 0xFD, 0xB7, 0x43, 0x1F, 0xB5, 0xA4, 0x65, 0x6F, 0xCD, 0x80,
+ 0x11, 0xE4, 0x70, 0x95, 0x5B, 0x50, 0xCD, 0x49,
+};
+
+static unsigned char dsa1024_q[] = {
+ 0xF7, 0x07, 0x31, 0xED, 0xFA, 0x6C, 0x06, 0x03, 0xD5, 0x85, 0x8A, 0x1C,
+ 0xAC, 0x9C, 0x65, 0xE7, 0x50, 0x66, 0x65, 0x6F,
+};
+
+static unsigned char dsa1024_g[] = {
+ 0x4D, 0xDF, 0x4C, 0x03, 0xA6, 0x91, 0x8A, 0xF5, 0x19, 0x6F, 0x50, 0x46,
+ 0x25, 0x99, 0xE5, 0x68, 0x6F, 0x30, 0xE3, 0x69, 0xE1, 0xE5, 0xB3, 0x5D,
+ 0x98, 0xBB, 0x28, 0x86, 0x48, 0xFC, 0xDE, 0x99, 0x04, 0x3F, 0x5F, 0x88,
+ 0x0C, 0x9C, 0x73, 0x24, 0x0D, 0x20, 0x5D, 0xB9, 0x2A, 0x9A, 0x3F, 0x18,
+ 0x96, 0x27, 0xE4, 0x62, 0x87, 0xC1, 0x7B, 0x74, 0x62, 0x53, 0xFC, 0x61,
+ 0x27, 0xA8, 0x7A, 0x91, 0x09, 0x9D, 0xB6, 0xF1, 0x4D, 0x9C, 0x54, 0x0F,
+ 0x58, 0x06, 0xEE, 0x49, 0x74, 0x07, 0xCE, 0x55, 0x7E, 0x23, 0xCE, 0x16,
+ 0xF6, 0xCA, 0xDC, 0x5A, 0x61, 0x01, 0x7E, 0xC9, 0x71, 0xB5, 0x4D, 0xF6,
+ 0xDC, 0x34, 0x29, 0x87, 0x68, 0xF6, 0x5E, 0x20, 0x93, 0xB3, 0xDB, 0xF5,
+ 0xE4, 0x09, 0x6C, 0x41, 0x17, 0x95, 0x92, 0xEB, 0x01, 0xB5, 0x73, 0xA5,
+ 0x6A, 0x7E, 0xD8, 0x32, 0xED, 0x0E, 0x02, 0xB8,
+};
+
+DSA *get_dsa1024()
+{
+ DSA *dsa;
+
+ if ((dsa = DSA_new()) == NULL)
+ return (NULL);
+ dsa->priv_key = BN_bin2bn(dsa1024_priv, sizeof(dsa1024_priv), NULL);
+ dsa->pub_key = BN_bin2bn(dsa1024_pub, sizeof(dsa1024_pub), NULL);
+ dsa->p = BN_bin2bn(dsa1024_p, sizeof(dsa1024_p), NULL);
+ dsa->q = BN_bin2bn(dsa1024_q, sizeof(dsa1024_q), NULL);
+ dsa->g = BN_bin2bn(dsa1024_g, sizeof(dsa1024_g), NULL);
+ if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
+ || (dsa->q == NULL) || (dsa->g == NULL))
+ return (NULL);
+ return (dsa);
+}
+
+static unsigned char dsa2048_priv[] = {
+ 0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45,
+ 0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7,
+};
+
+static unsigned char dsa2048_pub[] = {
+ 0x17, 0x8f, 0xa8, 0x11, 0x84, 0x92, 0xec, 0x83, 0x47, 0xc7, 0x6a, 0xb0,
+ 0x92, 0xaf, 0x5a, 0x20, 0x37, 0xa3, 0x64, 0x79, 0xd2, 0xd0, 0x3d, 0xcd,
+ 0xe0, 0x61, 0x88, 0x88, 0x21, 0xcc, 0x74, 0x5d, 0xce, 0x4c, 0x51, 0x47,
+ 0xf0, 0xc5, 0x5c, 0x4c, 0x82, 0x7a, 0xaf, 0x72, 0xad, 0xb9, 0xe0, 0x53,
+ 0xf2, 0x78, 0xb7, 0xf0, 0xb5, 0x48, 0x7f, 0x8a, 0x3a, 0x18, 0xd1, 0x9f,
+ 0x8b, 0x7d, 0xa5, 0x47, 0xb7, 0x95, 0xab, 0x98, 0xf8, 0x7b, 0x74, 0x50,
+ 0x56, 0x8e, 0x57, 0xf0, 0xee, 0xf5, 0xb7, 0xba, 0xab, 0x85, 0x86, 0xf9,
+ 0x2b, 0xef, 0x41, 0x56, 0xa0, 0xa4, 0x9f, 0xb7, 0x38, 0x00, 0x46, 0x0a,
+ 0xa6, 0xf1, 0xfc, 0x1f, 0xd8, 0x4e, 0x85, 0x44, 0x92, 0x43, 0x21, 0x5d,
+ 0x6e, 0xcc, 0xc2, 0xcb, 0x26, 0x31, 0x0d, 0x21, 0xc4, 0xbd, 0x8d, 0x24,
+ 0xbc, 0xd9, 0x18, 0x19, 0xd7, 0xdc, 0xf1, 0xe7, 0x93, 0x50, 0x48, 0x03,
+ 0x2c, 0xae, 0x2e, 0xe7, 0x49, 0x88, 0x5f, 0x93, 0x57, 0x27, 0x99, 0x36,
+ 0xb4, 0x20, 0xab, 0xfc, 0xa7, 0x2b, 0xf2, 0xd9, 0x98, 0xd7, 0xd4, 0x34,
+ 0x9d, 0x96, 0x50, 0x58, 0x9a, 0xea, 0x54, 0xf3, 0xee, 0xf5, 0x63, 0x14,
+ 0xee, 0x85, 0x83, 0x74, 0x76, 0xe1, 0x52, 0x95, 0xc3, 0xf7, 0xeb, 0x04,
+ 0x04, 0x7b, 0xa7, 0x28, 0x1b, 0xcc, 0xea, 0x4a, 0x4e, 0x84, 0xda, 0xd8,
+ 0x9c, 0x79, 0xd8, 0x9b, 0x66, 0x89, 0x2f, 0xcf, 0xac, 0xd7, 0x79, 0xf9,
+ 0xa9, 0xd8, 0x45, 0x13, 0x78, 0xb9, 0x00, 0x14, 0xc9, 0x7e, 0x22, 0x51,
+ 0x86, 0x67, 0xb0, 0x9f, 0x26, 0x11, 0x23, 0xc8, 0x38, 0xd7, 0x70, 0x1d,
+ 0x15, 0x8e, 0x4d, 0x4f, 0x95, 0x97, 0x40, 0xa1, 0xc2, 0x7e, 0x01, 0x18,
+ 0x72, 0xf4, 0x10, 0xe6, 0x8d, 0x52, 0x16, 0x7f, 0xf2, 0xc9, 0xf8, 0x33,
+ 0x8b, 0x33, 0xb7, 0xce,
+};
+
+static unsigned char dsa2048_p[] = {
+ 0xA0, 0x25, 0xFA, 0xAD, 0xF4, 0x8E, 0xB9, 0xE5, 0x99, 0xF3, 0x5D, 0x6F,
+ 0x4F, 0x83, 0x34, 0xE2, 0x7E, 0xCF, 0x6F, 0xBF, 0x30, 0xAF, 0x6F, 0x81,
+ 0xEB, 0xF8, 0xC4, 0x13, 0xD9, 0xA0, 0x5D, 0x8B, 0x5C, 0x8E, 0xDC, 0xC2,
+ 0x1D, 0x0B, 0x41, 0x32, 0xB0, 0x1F, 0xFE, 0xEF, 0x0C, 0xC2, 0xA2, 0x7E,
+ 0x68, 0x5C, 0x28, 0x21, 0xE9, 0xF5, 0xB1, 0x58, 0x12, 0x63, 0x4C, 0x19,
+ 0x4E, 0xFF, 0x02, 0x4B, 0x92, 0xED, 0xD2, 0x07, 0x11, 0x4D, 0x8C, 0x58,
+ 0x16, 0x5C, 0x55, 0x8E, 0xAD, 0xA3, 0x67, 0x7D, 0xB9, 0x86, 0x6E, 0x0B,
+ 0xE6, 0x54, 0x6F, 0x40, 0xAE, 0x0E, 0x67, 0x4C, 0xF9, 0x12, 0x5B, 0x3C,
+ 0x08, 0x7A, 0xF7, 0xFC, 0x67, 0x86, 0x69, 0xE7, 0x0A, 0x94, 0x40, 0xBF,
+ 0x8B, 0x76, 0xFE, 0x26, 0xD1, 0xF2, 0xA1, 0x1A, 0x84, 0xA1, 0x43, 0x56,
+ 0x28, 0xBC, 0x9A, 0x5F, 0xD7, 0x3B, 0x69, 0x89, 0x8A, 0x36, 0x2C, 0x51,
+ 0xDF, 0x12, 0x77, 0x2F, 0x57, 0x7B, 0xA0, 0xAA, 0xDD, 0x7F, 0xA1, 0x62,
+ 0x3B, 0x40, 0x7B, 0x68, 0x1A, 0x8F, 0x0D, 0x38, 0xBB, 0x21, 0x5D, 0x18,
+ 0xFC, 0x0F, 0x46, 0xF7, 0xA3, 0xB0, 0x1D, 0x23, 0xC3, 0xD2, 0xC7, 0x72,
+ 0x51, 0x18, 0xDF, 0x46, 0x95, 0x79, 0xD9, 0xBD, 0xB5, 0x19, 0x02, 0x2C,
+ 0x87, 0xDC, 0xE7, 0x57, 0x82, 0x7E, 0xF1, 0x8B, 0x06, 0x3D, 0x00, 0xA5,
+ 0x7B, 0x6B, 0x26, 0x27, 0x91, 0x0F, 0x6A, 0x77, 0xE4, 0xD5, 0x04, 0xE4,
+ 0x12, 0x2C, 0x42, 0xFF, 0xD2, 0x88, 0xBB, 0xD3, 0x92, 0xA0, 0xF9, 0xC8,
+ 0x51, 0x64, 0x14, 0x5C, 0xD8, 0xF9, 0x6C, 0x47, 0x82, 0xB4, 0x1C, 0x7F,
+ 0x09, 0xB8, 0xF0, 0x25, 0x83, 0x1D, 0x3F, 0x3F, 0x05, 0xB3, 0x21, 0x0A,
+ 0x5D, 0xA7, 0xD8, 0x54, 0xC3, 0x65, 0x7D, 0xC3, 0xB0, 0x1D, 0xBF, 0xAE,
+ 0xF8, 0x68, 0xCF, 0x9B,
+};
+
+static unsigned char dsa2048_q[] = {
+ 0x97, 0xE7, 0x33, 0x4D, 0xD3, 0x94, 0x3E, 0x0B, 0xDB, 0x62, 0x74, 0xC6,
+ 0xA1, 0x08, 0xDD, 0x19, 0xA3, 0x75, 0x17, 0x1B,
+};
+
+static unsigned char dsa2048_g[] = {
+ 0x2C, 0x78, 0x16, 0x59, 0x34, 0x63, 0xF4, 0xF3, 0x92, 0xFC, 0xB5, 0xA5,
+ 0x4F, 0x13, 0xDE, 0x2F, 0x1C, 0xA4, 0x3C, 0xAE, 0xAD, 0x38, 0x3F, 0x7E,
+ 0x90, 0xBF, 0x96, 0xA6, 0xAE, 0x25, 0x90, 0x72, 0xF5, 0x8E, 0x80, 0x0C,
+ 0x39, 0x1C, 0xD9, 0xEC, 0xBA, 0x90, 0x5B, 0x3A, 0xE8, 0x58, 0x6C, 0x9E,
+ 0x30, 0x42, 0x37, 0x02, 0x31, 0x82, 0xBC, 0x6A, 0xDF, 0x6A, 0x09, 0x29,
+ 0xE3, 0xC0, 0x46, 0xD1, 0xCB, 0x85, 0xEC, 0x0C, 0x30, 0x5E, 0xEA, 0xC8,
+ 0x39, 0x8E, 0x22, 0x9F, 0x22, 0x10, 0xD2, 0x34, 0x61, 0x68, 0x37, 0x3D,
+ 0x2E, 0x4A, 0x5B, 0x9A, 0xF5, 0xC1, 0x48, 0xC6, 0xF6, 0xDC, 0x63, 0x1A,
+ 0xD3, 0x96, 0x64, 0xBA, 0x34, 0xC9, 0xD1, 0xA0, 0xD1, 0xAE, 0x6C, 0x2F,
+ 0x48, 0x17, 0x93, 0x14, 0x43, 0xED, 0xF0, 0x21, 0x30, 0x19, 0xC3, 0x1B,
+ 0x5F, 0xDE, 0xA3, 0xF0, 0x70, 0x78, 0x18, 0xE1, 0xA8, 0xE4, 0xEE, 0x2E,
+ 0x00, 0xA5, 0xE4, 0xB3, 0x17, 0xC8, 0x0C, 0x7D, 0x6E, 0x42, 0xDC, 0xB7,
+ 0x46, 0x00, 0x36, 0x4D, 0xD4, 0x46, 0xAA, 0x3D, 0x3C, 0x46, 0x89, 0x40,
+ 0xBF, 0x1D, 0x84, 0x77, 0x0A, 0x75, 0xF3, 0x87, 0x1D, 0x08, 0x4C, 0xA6,
+ 0xD1, 0xA9, 0x1C, 0x1E, 0x12, 0x1E, 0xE1, 0xC7, 0x30, 0x28, 0x76, 0xA5,
+ 0x7F, 0x6C, 0x85, 0x96, 0x2B, 0x6F, 0xDB, 0x80, 0x66, 0x26, 0xAE, 0xF5,
+ 0x93, 0xC7, 0x8E, 0xAE, 0x9A, 0xED, 0xE4, 0xCA, 0x04, 0xEA, 0x3B, 0x72,
+ 0xEF, 0xDC, 0x87, 0xED, 0x0D, 0xA5, 0x4C, 0x4A, 0xDD, 0x71, 0x22, 0x64,
+ 0x59, 0x69, 0x4E, 0x8E, 0xBF, 0x43, 0xDC, 0xAB, 0x8E, 0x66, 0xBB, 0x01,
+ 0xB6, 0xF4, 0xE7, 0xFD, 0xD2, 0xAD, 0x9F, 0x36, 0xC1, 0xA0, 0x29, 0x99,
+ 0xD1, 0x96, 0x70, 0x59, 0x06, 0x78, 0x35, 0xBD, 0x65, 0x55, 0x52, 0x9E,
+ 0xF8, 0xB2, 0xE5, 0x38,
+};
+
+DSA *get_dsa2048()
+{
+ DSA *dsa;
+
+ if ((dsa = DSA_new()) == NULL)
+ return (NULL);
+ dsa->priv_key = BN_bin2bn(dsa2048_priv, sizeof(dsa2048_priv), NULL);
+ dsa->pub_key = BN_bin2bn(dsa2048_pub, sizeof(dsa2048_pub), NULL);
+ dsa->p = BN_bin2bn(dsa2048_p, sizeof(dsa2048_p), NULL);
+ dsa->q = BN_bin2bn(dsa2048_q, sizeof(dsa2048_q), NULL);
+ dsa->g = BN_bin2bn(dsa2048_g, sizeof(dsa2048_g), NULL);
+ if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
+ || (dsa->q == NULL) || (dsa->g == NULL))
+ return (NULL);
+ return (dsa);
+}
+
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+static int rnd_fake = 0;
Deleted: vendor-crypto/openssl/0.9.8zf/apps/testrsa.h
===================================================================
--- vendor-crypto/openssl/dist/apps/testrsa.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/testrsa.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,518 +0,0 @@
-/* apps/testrsa.h */
-/* used by apps/speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-static unsigned char test512[]={
- 0x30,0x82,0x01,0x3a,0x02,0x01,0x00,0x02,0x41,0x00,
- 0xd6,0x33,0xb9,0xc8,0xfb,0x4f,0x3c,0x7d,0xc0,0x01,
- 0x86,0xd0,0xe7,0xa0,0x55,0xf2,0x95,0x93,0xcc,0x4f,
- 0xb7,0x5b,0x67,0x5b,0x94,0x68,0xc9,0x34,0x15,0xde,
- 0xa5,0x2e,0x1c,0x33,0xc2,0x6e,0xfc,0x34,0x5e,0x71,
- 0x13,0xb7,0xd6,0xee,0xd8,0xa5,0x65,0x05,0x72,0x87,
- 0xa8,0xb0,0x77,0xfe,0x57,0xf5,0xfc,0x5f,0x55,0x83,
- 0x87,0xdd,0x57,0x49,0x02,0x03,0x01,0x00,0x01,0x02,
- 0x41,0x00,0xa7,0xf7,0x91,0xc5,0x0f,0x84,0x57,0xdc,
- 0x07,0xf7,0x6a,0x7f,0x60,0x52,0xb3,0x72,0xf1,0x66,
- 0x1f,0x7d,0x97,0x3b,0x9e,0xb6,0x0a,0x8f,0x8c,0xcf,
- 0x42,0x23,0x00,0x04,0xd4,0x28,0x0e,0x1c,0x90,0xc4,
- 0x11,0x25,0x25,0xa5,0x93,0xa5,0x2f,0x70,0x02,0xdf,
- 0x81,0x9c,0x49,0x03,0xa0,0xf8,0x6d,0x54,0x2e,0x26,
- 0xde,0xaa,0x85,0x59,0xa8,0x31,0x02,0x21,0x00,0xeb,
- 0x47,0xd7,0x3b,0xf6,0xc3,0xdd,0x5a,0x46,0xc5,0xb9,
- 0x2b,0x9a,0xa0,0x09,0x8f,0xa6,0xfb,0xf3,0x78,0x7a,
- 0x33,0x70,0x9d,0x0f,0x42,0x6b,0x13,0x68,0x24,0xd3,
- 0x15,0x02,0x21,0x00,0xe9,0x10,0xb0,0xb3,0x0d,0xe2,
- 0x82,0x68,0x77,0x8a,0x6e,0x7c,0xda,0xbc,0x3e,0x53,
- 0x83,0xfb,0xd6,0x22,0xe7,0xb5,0xae,0x6e,0x80,0xda,
- 0x00,0x55,0x97,0xc1,0xd0,0x65,0x02,0x20,0x4c,0xf8,
- 0x73,0xb1,0x6a,0x49,0x29,0x61,0x1f,0x46,0x10,0x0d,
- 0xf3,0xc7,0xe7,0x58,0xd7,0x88,0x15,0x5e,0x94,0x9b,
- 0xbf,0x7b,0xa2,0x42,0x58,0x45,0x41,0x0c,0xcb,0x01,
- 0x02,0x20,0x12,0x11,0xba,0x31,0x57,0x9d,0x3d,0x11,
- 0x0e,0x5b,0x8c,0x2f,0x5f,0xe2,0x02,0x4f,0x05,0x47,
- 0x8c,0x15,0x8e,0xb3,0x56,0x3f,0xb8,0xfb,0xad,0xd4,
- 0xf4,0xfc,0x10,0xc5,0x02,0x20,0x18,0xa1,0x29,0x99,
- 0x5b,0xd9,0xc8,0xd4,0xfc,0x49,0x7a,0x2a,0x21,0x2c,
- 0x49,0xe4,0x4f,0xeb,0xef,0x51,0xf1,0xab,0x6d,0xfb,
- 0x4b,0x14,0xe9,0x4b,0x52,0xb5,0x82,0x2c,
- };
-
-static unsigned char test1024[]={
- 0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,
- 0x00,0xdc,0x98,0x43,0xe8,0x3d,0x43,0x5b,0xe4,0x05,
- 0xcd,0xd0,0xa9,0x3e,0xcb,0x83,0x75,0xf6,0xb5,0xa5,
- 0x9f,0x6b,0xe9,0x34,0x41,0x29,0x18,0xfa,0x6a,0x55,
- 0x4d,0x70,0xfc,0xec,0xae,0x87,0x38,0x0a,0x20,0xa9,
- 0xc0,0x45,0x77,0x6e,0x57,0x60,0x57,0xf4,0xed,0x96,
- 0x22,0xcb,0x8f,0xe1,0x33,0x3a,0x17,0x1f,0xed,0x37,
- 0xa5,0x6f,0xeb,0xa6,0xbc,0x12,0x80,0x1d,0x53,0xbd,
- 0x70,0xeb,0x21,0x76,0x3e,0xc9,0x2f,0x1a,0x45,0x24,
- 0x82,0xff,0xcd,0x59,0x32,0x06,0x2e,0x12,0x3b,0x23,
- 0x78,0xed,0x12,0x3d,0xe0,0x8d,0xf9,0x67,0x4f,0x37,
- 0x4e,0x47,0x02,0x4c,0x2d,0xc0,0x4f,0x1f,0xb3,0x94,
- 0xe1,0x41,0x2e,0x2d,0x90,0x10,0xfc,0x82,0x91,0x8b,
- 0x0f,0x22,0xd4,0xf2,0xfc,0x2c,0xab,0x53,0x55,0x02,
- 0x03,0x01,0x00,0x01,0x02,0x81,0x80,0x2b,0xcc,0x3f,
- 0x8f,0x58,0xba,0x8b,0x00,0x16,0xf6,0xea,0x3a,0xf0,
- 0x30,0xd0,0x05,0x17,0xda,0xb0,0xeb,0x9a,0x2d,0x4f,
- 0x26,0xb0,0xd6,0x38,0xc1,0xeb,0xf5,0xd8,0x3d,0x1f,
- 0x70,0xf7,0x7f,0xf4,0xe2,0xcf,0x51,0x51,0x79,0x88,
- 0xfa,0xe8,0x32,0x0e,0x7b,0x2d,0x97,0xf2,0xfa,0xba,
- 0x27,0xc5,0x9c,0xd9,0xc5,0xeb,0x8a,0x79,0x52,0x3c,
- 0x64,0x34,0x7d,0xc2,0xcf,0x28,0xc7,0x4e,0xd5,0x43,
- 0x0b,0xd1,0xa6,0xca,0x6d,0x03,0x2d,0x72,0x23,0xbc,
- 0x6d,0x05,0xfa,0x16,0x09,0x2f,0x2e,0x5c,0xb6,0xee,
- 0x74,0xdd,0xd2,0x48,0x8e,0x36,0x0c,0x06,0x3d,0x4d,
- 0xe5,0x10,0x82,0xeb,0x6a,0xf3,0x4b,0x9f,0xd6,0xed,
- 0x11,0xb1,0x6e,0xec,0xf4,0xfe,0x8e,0x75,0x94,0x20,
- 0x2f,0xcb,0xac,0x46,0xf1,0x02,0x41,0x00,0xf9,0x8c,
- 0xa3,0x85,0xb1,0xdd,0x29,0xaf,0x65,0xc1,0x33,0xf3,
- 0x95,0xc5,0x52,0x68,0x0b,0xd4,0xf1,0xe5,0x0e,0x02,
- 0x9f,0x4f,0xfa,0x77,0xdc,0x46,0x9e,0xc7,0xa6,0xe4,
- 0x16,0x29,0xda,0xb0,0x07,0xcf,0x5b,0xa9,0x12,0x8a,
- 0xdd,0x63,0x0a,0xde,0x2e,0x8c,0x66,0x8b,0x8c,0xdc,
- 0x19,0xa3,0x7e,0xf4,0x3b,0xd0,0x1a,0x8c,0xa4,0xc2,
- 0xe1,0xd3,0x02,0x41,0x00,0xe2,0x4c,0x05,0xf2,0x04,
- 0x86,0x4e,0x61,0x43,0xdb,0xb0,0xb9,0x96,0x86,0x52,
- 0x2c,0xca,0x8d,0x7b,0xab,0x0b,0x13,0x0d,0x7e,0x38,
- 0x5b,0xe2,0x2e,0x7b,0x0e,0xe7,0x19,0x99,0x38,0xe7,
- 0xf2,0x21,0xbd,0x85,0x85,0xe3,0xfd,0x28,0x77,0x20,
- 0x31,0x71,0x2c,0xd0,0xff,0xfb,0x2e,0xaf,0x85,0xb4,
- 0x86,0xca,0xf3,0xbb,0xca,0xaa,0x0f,0x95,0x37,0x02,
- 0x40,0x0e,0x41,0x9a,0x95,0xe8,0xb3,0x59,0xce,0x4b,
- 0x61,0xde,0x35,0xec,0x38,0x79,0x9c,0xb8,0x10,0x52,
- 0x41,0x63,0xab,0x82,0xae,0x6f,0x00,0xa9,0xf4,0xde,
- 0xdd,0x49,0x0b,0x7e,0xb8,0xa5,0x65,0xa9,0x0c,0x8f,
- 0x8f,0xf9,0x1f,0x35,0xc6,0x92,0xb8,0x5e,0xb0,0x66,
- 0xab,0x52,0x40,0xc0,0xb6,0x36,0x6a,0x7d,0x80,0x46,
- 0x04,0x02,0xe5,0x9f,0x41,0x02,0x41,0x00,0xc0,0xad,
- 0xcc,0x4e,0x21,0xee,0x1d,0x24,0x91,0xfb,0xa7,0x80,
- 0x8d,0x9a,0xb6,0xb3,0x2e,0x8f,0xc2,0xe1,0x82,0xdf,
- 0x69,0x18,0xb4,0x71,0xff,0xa6,0x65,0xde,0xed,0x84,
- 0x8d,0x42,0xb7,0xb3,0x21,0x69,0x56,0x1c,0x07,0x60,
- 0x51,0x29,0x04,0xff,0x34,0x06,0xdd,0xb9,0x67,0x2c,
- 0x7c,0x04,0x93,0x0e,0x46,0x15,0xbb,0x2a,0xb7,0x1b,
- 0xe7,0x87,0x02,0x40,0x78,0xda,0x5d,0x07,0x51,0x0c,
- 0x16,0x7a,0x9f,0x29,0x20,0x84,0x0d,0x42,0xfa,0xd7,
- 0x00,0xd8,0x77,0x7e,0xb0,0xb0,0x6b,0xd6,0x5b,0x53,
- 0xb8,0x9b,0x7a,0xcd,0xc7,0x2b,0xb8,0x6a,0x63,0xa9,
- 0xfb,0x6f,0xa4,0x72,0xbf,0x4c,0x5d,0x00,0x14,0xba,
- 0xfa,0x59,0x88,0xed,0xe4,0xe0,0x8c,0xa2,0xec,0x14,
- 0x7e,0x2d,0xe2,0xf0,0x46,0x49,0x95,0x45,
- };
-
-static unsigned char test2048[]={
- 0x30,0x82,0x04,0xa3,0x02,0x01,0x00,0x02,0x82,0x01,
- 0x01,0x00,0xc0,0xc0,0xce,0x3e,0x3c,0x53,0x67,0x3f,
- 0x4f,0xc5,0x2f,0xa4,0xc2,0x5a,0x2f,0x58,0xfd,0x27,
- 0x52,0x6a,0xe8,0xcf,0x4a,0x73,0x47,0x8d,0x25,0x0f,
- 0x5f,0x03,0x26,0x78,0xef,0xf0,0x22,0x12,0xd3,0xde,
- 0x47,0xb2,0x1c,0x0b,0x38,0x63,0x1a,0x6c,0x85,0x7a,
- 0x80,0xc6,0x8f,0xa0,0x41,0xaf,0x62,0xc4,0x67,0x32,
- 0x88,0xf8,0xa6,0x9c,0xf5,0x23,0x1d,0xe4,0xac,0x3f,
- 0x29,0xf9,0xec,0xe1,0x8b,0x26,0x03,0x2c,0xb2,0xab,
- 0xf3,0x7d,0xb5,0xca,0x49,0xc0,0x8f,0x1c,0xdf,0x33,
- 0x3a,0x60,0xda,0x3c,0xb0,0x16,0xf8,0xa9,0x12,0x8f,
- 0x64,0xac,0x23,0x0c,0x69,0x64,0x97,0x5d,0x99,0xd4,
- 0x09,0x83,0x9b,0x61,0xd3,0xac,0xf0,0xde,0xdd,0x5e,
- 0x9f,0x44,0x94,0xdb,0x3a,0x4d,0x97,0xe8,0x52,0x29,
- 0xf7,0xdb,0x94,0x07,0x45,0x90,0x78,0x1e,0x31,0x0b,
- 0x80,0xf7,0x57,0xad,0x1c,0x79,0xc5,0xcb,0x32,0xb0,
- 0xce,0xcd,0x74,0xb3,0xe2,0x94,0xc5,0x78,0x2f,0x34,
- 0x1a,0x45,0xf7,0x8c,0x52,0xa5,0xbc,0x8d,0xec,0xd1,
- 0x2f,0x31,0x3b,0xf0,0x49,0x59,0x5e,0x88,0x9d,0x15,
- 0x92,0x35,0x32,0xc1,0xe7,0x61,0xec,0x50,0x48,0x7c,
- 0xba,0x05,0xf9,0xf8,0xf8,0xa7,0x8c,0x83,0xe8,0x66,
- 0x5b,0xeb,0xfe,0xd8,0x4f,0xdd,0x6d,0x36,0xc0,0xb2,
- 0x90,0x0f,0xb8,0x52,0xf9,0x04,0x9b,0x40,0x2c,0x27,
- 0xd6,0x36,0x8e,0xc2,0x1b,0x44,0xf3,0x92,0xd5,0x15,
- 0x9e,0x9a,0xbc,0xf3,0x7d,0x03,0xd7,0x02,0x14,0x20,
- 0xe9,0x10,0x92,0xfd,0xf9,0xfc,0x8f,0xe5,0x18,0xe1,
- 0x95,0xcc,0x9e,0x60,0xa6,0xfa,0x38,0x4d,0x02,0x03,
- 0x01,0x00,0x01,0x02,0x82,0x01,0x00,0x00,0xc3,0xc3,
- 0x0d,0xb4,0x27,0x90,0x8d,0x4b,0xbf,0xb8,0x84,0xaa,
- 0xd0,0xb8,0xc7,0x5d,0x99,0xbe,0x55,0xf6,0x3e,0x7c,
- 0x49,0x20,0xcb,0x8a,0x8e,0x19,0x0e,0x66,0x24,0xac,
- 0xaf,0x03,0x33,0x97,0xeb,0x95,0xd5,0x3b,0x0f,0x40,
- 0x56,0x04,0x50,0xd1,0xe6,0xbe,0x84,0x0b,0x25,0xd3,
- 0x9c,0xe2,0x83,0x6c,0xf5,0x62,0x5d,0xba,0x2b,0x7d,
- 0x3d,0x7a,0x6c,0xe1,0xd2,0x0e,0x54,0x93,0x80,0x01,
- 0x91,0x51,0x09,0xe8,0x5b,0x8e,0x47,0xbd,0x64,0xe4,
- 0x0e,0x03,0x83,0x55,0xcf,0x5a,0x37,0xf0,0x25,0xb5,
- 0x7d,0x21,0xd7,0x69,0xdf,0x6f,0xc2,0xcf,0x10,0xc9,
- 0x8a,0x40,0x9f,0x7a,0x70,0xc0,0xe8,0xe8,0xc0,0xe6,
- 0x9a,0x15,0x0a,0x8d,0x4e,0x46,0xcb,0x7a,0xdb,0xb3,
- 0xcb,0x83,0x02,0xc4,0xf0,0xab,0xeb,0x02,0x01,0x0e,
- 0x23,0xfc,0x1d,0xc4,0xbd,0xd4,0xaa,0x5d,0x31,0x46,
- 0x99,0xce,0x9e,0xf8,0x04,0x75,0x10,0x67,0xc4,0x53,
- 0x47,0x44,0xfa,0xc2,0x25,0x73,0x7e,0xd0,0x8e,0x59,
- 0xd1,0xb2,0x5a,0xf4,0xc7,0x18,0x92,0x2f,0x39,0xab,
- 0xcd,0xa3,0xb5,0xc2,0xb9,0xc7,0xb9,0x1b,0x9f,0x48,
- 0xfa,0x13,0xc6,0x98,0x4d,0xca,0x84,0x9c,0x06,0xca,
- 0xe7,0x89,0x01,0x04,0xc4,0x6c,0xfd,0x29,0x59,0x35,
- 0xe7,0xf3,0xdd,0xce,0x64,0x59,0xbf,0x21,0x13,0xa9,
- 0x9f,0x0e,0xc5,0xff,0xbd,0x33,0x00,0xec,0xac,0x6b,
- 0x11,0xef,0x51,0x5e,0xad,0x07,0x15,0xde,0xb8,0x5f,
- 0xc6,0xb9,0xa3,0x22,0x65,0x46,0x83,0x14,0xdf,0xd0,
- 0xf1,0x44,0x8a,0xe1,0x9c,0x23,0x33,0xb4,0x97,0x33,
- 0xe6,0x6b,0x81,0x02,0x81,0x81,0x00,0xec,0x12,0xa7,
- 0x59,0x74,0x6a,0xde,0x3e,0xad,0xd8,0x36,0x80,0x50,
- 0xa2,0xd5,0x21,0x81,0x07,0xf1,0xd0,0x91,0xf2,0x6c,
- 0x12,0x2f,0x9d,0x1a,0x26,0xf8,0x30,0x65,0xdf,0xe8,
- 0xc0,0x9b,0x6a,0x30,0x98,0x82,0x87,0xec,0xa2,0x56,
- 0x87,0x62,0x6f,0xe7,0x9f,0xf6,0x56,0xe6,0x71,0x8f,
- 0x49,0x86,0x93,0x5a,0x4d,0x34,0x58,0xfe,0xd9,0x04,
- 0x13,0xaf,0x79,0xb7,0xad,0x11,0xd1,0x30,0x9a,0x14,
- 0x06,0xa0,0xfa,0xb7,0x55,0xdc,0x6c,0x5a,0x4c,0x2c,
- 0x59,0x56,0xf6,0xe8,0x9d,0xaf,0x0a,0x78,0x99,0x06,
- 0x06,0x9e,0xe7,0x9c,0x51,0x55,0x43,0xfc,0x3b,0x6c,
- 0x0b,0xbf,0x2d,0x41,0xa7,0xaf,0xb7,0xe0,0xe8,0x28,
- 0x18,0xb4,0x13,0xd1,0xe6,0x97,0xd0,0x9f,0x6a,0x80,
- 0xca,0xdd,0x1a,0x7e,0x15,0x02,0x81,0x81,0x00,0xd1,
- 0x06,0x0c,0x1f,0xe3,0xd0,0xab,0xd6,0xca,0x7c,0xbc,
- 0x7d,0x13,0x35,0xce,0x27,0xcd,0xd8,0x49,0x51,0x63,
- 0x64,0x0f,0xca,0x06,0x12,0xfc,0x07,0x3e,0xaf,0x61,
- 0x6d,0xe2,0x53,0x39,0x27,0xae,0xc3,0x11,0x9e,0x94,
- 0x01,0x4f,0xe3,0xf3,0x67,0xf9,0x77,0xf9,0xe7,0x95,
- 0x3a,0x6f,0xe2,0x20,0x73,0x3e,0xa4,0x7a,0x28,0xd4,
- 0x61,0x97,0xf6,0x17,0xa0,0x23,0x10,0x2b,0xce,0x84,
- 0x57,0x7e,0x25,0x1f,0xf4,0xa8,0x54,0xd2,0x65,0x94,
- 0xcc,0x95,0x0a,0xab,0x30,0xc1,0x59,0x1f,0x61,0x8e,
- 0xb9,0x6b,0xd7,0x4e,0xb9,0x83,0x43,0x79,0x85,0x11,
- 0xbc,0x0f,0xae,0x25,0x20,0x05,0xbc,0xd2,0x48,0xa1,
- 0x68,0x09,0x84,0xf6,0x12,0x9a,0x66,0xb9,0x2b,0xbb,
- 0x76,0x03,0x17,0x46,0x4e,0x97,0x59,0x02,0x81,0x80,
- 0x09,0x4c,0xfa,0xd6,0xe5,0x65,0x48,0x78,0x43,0xb5,
- 0x1f,0x00,0x93,0x2c,0xb7,0x24,0xe8,0xc6,0x7d,0x5a,
- 0x70,0x45,0x92,0xc8,0x6c,0xa3,0xcd,0xe1,0xf7,0x29,
- 0x40,0xfa,0x3f,0x5b,0x47,0x44,0x39,0xc1,0xe8,0x72,
- 0x9e,0x7a,0x0e,0xda,0xaa,0xa0,0x2a,0x09,0xfd,0x54,
- 0x93,0x23,0xaa,0x37,0x85,0x5b,0xcc,0xd4,0xf9,0xd8,
- 0xff,0xc1,0x61,0x0d,0xbd,0x7e,0x18,0x24,0x73,0x6d,
- 0x40,0x72,0xf1,0x93,0x09,0x48,0x97,0x6c,0x84,0x90,
- 0xa8,0x46,0x14,0x01,0x39,0x11,0xe5,0x3c,0x41,0x27,
- 0x32,0x75,0x24,0xed,0xa1,0xd9,0x12,0x29,0x8a,0x28,
- 0x71,0x89,0x8d,0xca,0x30,0xb0,0x01,0xc4,0x2f,0x82,
- 0x19,0x14,0x4c,0x70,0x1c,0xb8,0x23,0x2e,0xe8,0x90,
- 0x49,0x97,0x92,0x97,0x6b,0x7a,0x9d,0xb9,0x02,0x81,
- 0x80,0x0f,0x0e,0xa1,0x76,0xf6,0xa1,0x44,0x8f,0xaf,
- 0x7c,0x76,0xd3,0x87,0xbb,0xbb,0x83,0x10,0x88,0x01,
- 0x18,0x14,0xd1,0xd3,0x75,0x59,0x24,0xaa,0xf5,0x16,
- 0xa5,0xe9,0x9d,0xd1,0xcc,0xee,0xf4,0x15,0xd9,0xc5,
- 0x7e,0x27,0xe9,0x44,0x49,0x06,0x72,0xb9,0xfc,0xd3,
- 0x8a,0xc4,0x2c,0x36,0x7d,0x12,0x9b,0x5a,0xaa,0xdc,
- 0x85,0xee,0x6e,0xad,0x54,0xb3,0xf4,0xfc,0x31,0xa1,
- 0x06,0x3a,0x70,0x57,0x0c,0xf3,0x95,0x5b,0x3e,0xe8,
- 0xfd,0x1a,0x4f,0xf6,0x78,0x93,0x46,0x6a,0xd7,0x31,
- 0xb4,0x84,0x64,0x85,0x09,0x38,0x89,0x92,0x94,0x1c,
- 0xbf,0xe2,0x3c,0x2a,0xe0,0xff,0x99,0xa3,0xf0,0x2b,
- 0x31,0xc2,0x36,0xcd,0x60,0xbf,0x9d,0x2d,0x74,0x32,
- 0xe8,0x9c,0x93,0x6e,0xbb,0x91,0x7b,0xfd,0xd9,0x02,
- 0x81,0x81,0x00,0xa2,0x71,0x25,0x38,0xeb,0x2a,0xe9,
- 0x37,0xcd,0xfe,0x44,0xce,0x90,0x3f,0x52,0x87,0x84,
- 0x52,0x1b,0xae,0x8d,0x22,0x94,0xce,0x38,0xe6,0x04,
- 0x88,0x76,0x85,0x9a,0xd3,0x14,0x09,0xe5,0x69,0x9a,
- 0xff,0x58,0x92,0x02,0x6a,0x7d,0x7c,0x1e,0x2c,0xfd,
- 0xa8,0xca,0x32,0x14,0x4f,0x0d,0x84,0x0d,0x37,0x43,
- 0xbf,0xe4,0x5d,0x12,0xc8,0x24,0x91,0x27,0x8d,0x46,
- 0xd9,0x54,0x53,0xe7,0x62,0x71,0xa8,0x2b,0x71,0x41,
- 0x8d,0x75,0xf8,0x3a,0xa0,0x61,0x29,0x46,0xa6,0xe5,
- 0x82,0xfa,0x3a,0xd9,0x08,0xfa,0xfc,0x63,0xfd,0x6b,
- 0x30,0xbc,0xf4,0x4e,0x9e,0x8c,0x25,0x0c,0xb6,0x55,
- 0xe7,0x3c,0xd4,0x4e,0x0b,0xfd,0x8b,0xc3,0x0e,0x1d,
- 0x9c,0x44,0x57,0x8f,0x1f,0x86,0xf7,0xd5,0x1b,0xe4,
- 0x95,
- };
-
-static unsigned char test4096[]={
- 0x30,0x82,0x09,0x29,0x02,0x01,0x00,0x02,0x82,0x02,
- 0x01,0x00,0xc0,0x71,0xac,0x1a,0x13,0x88,0x82,0x43,
- 0x3b,0x51,0x57,0x71,0x8d,0xb6,0x2b,0x82,0x65,0x21,
- 0x53,0x5f,0x28,0x29,0x4f,0x8d,0x7c,0x8a,0xb9,0x44,
- 0xb3,0x28,0x41,0x4f,0xd3,0xfa,0x6a,0xf8,0xb9,0x28,
- 0x50,0x39,0x67,0x53,0x2c,0x3c,0xd7,0xcb,0x96,0x41,
- 0x40,0x32,0xbb,0xeb,0x70,0xae,0x1f,0xb0,0x65,0xf7,
- 0x3a,0xd9,0x22,0xfd,0x10,0xae,0xbd,0x02,0xe2,0xdd,
- 0xf3,0xc2,0x79,0x3c,0xc6,0xfc,0x75,0xbb,0xaf,0x4e,
- 0x3a,0x36,0xc2,0x4f,0xea,0x25,0xdf,0x13,0x16,0x4b,
- 0x20,0xfe,0x4b,0x69,0x16,0xc4,0x7f,0x1a,0x43,0xa6,
- 0x17,0x1b,0xb9,0x0a,0xf3,0x09,0x86,0x28,0x89,0xcf,
- 0x2c,0xd0,0xd4,0x81,0xaf,0xc6,0x6d,0xe6,0x21,0x8d,
- 0xee,0xef,0xea,0xdc,0xb7,0xc6,0x3b,0x63,0x9f,0x0e,
- 0xad,0x89,0x78,0x23,0x18,0xbf,0x70,0x7e,0x84,0xe0,
- 0x37,0xec,0xdb,0x8e,0x9c,0x3e,0x6a,0x19,0xcc,0x99,
- 0x72,0xe6,0xb5,0x7d,0x6d,0xfa,0xe5,0xd3,0xe4,0x90,
- 0xb5,0xb2,0xb2,0x12,0x70,0x4e,0xca,0xf8,0x10,0xf8,
- 0xa3,0x14,0xc2,0x48,0x19,0xeb,0x60,0x99,0xbb,0x2a,
- 0x1f,0xb1,0x7a,0xb1,0x3d,0x24,0xfb,0xa0,0x29,0xda,
- 0xbd,0x1b,0xd7,0xa4,0xbf,0xef,0x60,0x2d,0x22,0xca,
- 0x65,0x98,0xf1,0xc4,0xe1,0xc9,0x02,0x6b,0x16,0x28,
- 0x2f,0xa1,0xaa,0x79,0x00,0xda,0xdc,0x7c,0x43,0xf7,
- 0x42,0x3c,0xa0,0xef,0x68,0xf7,0xdf,0xb9,0x69,0xfb,
- 0x8e,0x01,0xed,0x01,0x42,0xb5,0x4e,0x57,0xa6,0x26,
- 0xb8,0xd0,0x7b,0x56,0x6d,0x03,0xc6,0x40,0x8c,0x8c,
- 0x2a,0x55,0xd7,0x9c,0x35,0x00,0x94,0x93,0xec,0x03,
- 0xeb,0x22,0xef,0x77,0xbb,0x79,0x13,0x3f,0x15,0xa1,
- 0x8f,0xca,0xdf,0xfd,0xd3,0xb8,0xe1,0xd4,0xcc,0x09,
- 0x3f,0x3c,0x2c,0xdb,0xd1,0x49,0x7f,0x38,0x07,0x83,
- 0x6d,0xeb,0x08,0x66,0xe9,0x06,0x44,0x12,0xac,0x95,
- 0x22,0x90,0x23,0x67,0xd4,0x08,0xcc,0xf4,0xb7,0xdc,
- 0xcc,0x87,0xd4,0xac,0x69,0x35,0x4c,0xb5,0x39,0x36,
- 0xcd,0xa4,0xd2,0x95,0xca,0x0d,0xc5,0xda,0xc2,0xc5,
- 0x22,0x32,0x28,0x08,0xe3,0xd2,0x8b,0x38,0x30,0xdc,
- 0x8c,0x75,0x4f,0x6a,0xec,0x7a,0xac,0x16,0x3e,0xa8,
- 0xd4,0x6a,0x45,0xe1,0xa8,0x4f,0x2e,0x80,0x34,0xaa,
- 0x54,0x1b,0x02,0x95,0x7d,0x8a,0x6d,0xcc,0x79,0xca,
- 0xf2,0xa4,0x2e,0x8d,0xfb,0xfe,0x15,0x51,0x10,0x0e,
- 0x4d,0x88,0xb1,0xc7,0xf4,0x79,0xdb,0xf0,0xb4,0x56,
- 0x44,0x37,0xca,0x5a,0xc1,0x8c,0x48,0xac,0xae,0x48,
- 0x80,0x83,0x01,0x3f,0xde,0xd9,0xd3,0x2c,0x51,0x46,
- 0xb1,0x41,0xb6,0xc6,0x91,0x72,0xf9,0x83,0x55,0x1b,
- 0x8c,0xba,0xf3,0x73,0xe5,0x2c,0x74,0x50,0x3a,0xbe,
- 0xc5,0x2f,0xa7,0xb2,0x6d,0x8c,0x9e,0x13,0x77,0xa3,
- 0x13,0xcd,0x6d,0x8c,0x45,0xe1,0xfc,0x0b,0xb7,0x69,
- 0xe9,0x27,0xbc,0x65,0xc3,0xfa,0x9b,0xd0,0xef,0xfe,
- 0xe8,0x1f,0xb3,0x5e,0x34,0xf4,0x8c,0xea,0xfc,0xd3,
- 0x81,0xbf,0x3d,0x30,0xb2,0xb4,0x01,0xe8,0x43,0x0f,
- 0xba,0x02,0x23,0x42,0x76,0x82,0x31,0x73,0x91,0xed,
- 0x07,0x46,0x61,0x0d,0x39,0x83,0x40,0xce,0x7a,0xd4,
- 0xdb,0x80,0x2c,0x1f,0x0d,0xd1,0x34,0xd4,0x92,0xe3,
- 0xd4,0xf1,0xc2,0x01,0x02,0x03,0x01,0x00,0x01,0x02,
- 0x82,0x02,0x01,0x00,0x97,0x6c,0xda,0x6e,0xea,0x4f,
- 0xcf,0xaf,0xf7,0x4c,0xd9,0xf1,0x90,0x00,0x77,0xdb,
- 0xf2,0x97,0x76,0x72,0xb9,0xb7,0x47,0xd1,0x9c,0xdd,
- 0xcb,0x4a,0x33,0x6e,0xc9,0x75,0x76,0xe6,0xe4,0xa5,
- 0x31,0x8c,0x77,0x13,0xb4,0x29,0xcd,0xf5,0x52,0x17,
- 0xef,0xf3,0x08,0x00,0xe3,0xbd,0x2e,0xbc,0xd4,0x52,
- 0x88,0xe9,0x30,0x75,0x0b,0x02,0xf5,0xcd,0x89,0x0c,
- 0x6c,0x57,0x19,0x27,0x3d,0x1e,0x85,0xb4,0xc1,0x2f,
- 0x1d,0x92,0x00,0x5c,0x76,0x29,0x4b,0xa4,0xe1,0x12,
- 0xb3,0xc8,0x09,0xfe,0x0e,0x78,0x72,0x61,0xcb,0x61,
- 0x6f,0x39,0x91,0x95,0x4e,0xd5,0x3e,0xc7,0x8f,0xb8,
- 0xf6,0x36,0xfe,0x9c,0x93,0x9a,0x38,0x25,0x7a,0xf4,
- 0x4a,0x12,0xd4,0xa0,0x13,0xbd,0xf9,0x1d,0x12,0x3e,
- 0x21,0x39,0xfb,0x72,0xe0,0x05,0x3d,0xc3,0xe5,0x50,
- 0xa8,0x5d,0x85,0xa3,0xea,0x5f,0x1c,0xb2,0x3f,0xea,
- 0x6d,0x03,0x91,0x55,0xd8,0x19,0x0a,0x21,0x12,0x16,
- 0xd9,0x12,0xc4,0xe6,0x07,0x18,0x5b,0x26,0xa4,0xae,
- 0xed,0x2b,0xb7,0xa6,0xed,0xf8,0xad,0xec,0x77,0xe6,
- 0x7f,0x4f,0x76,0x00,0xc0,0xfa,0x15,0x92,0xb4,0x2c,
- 0x22,0xc2,0xeb,0x6a,0xad,0x14,0x05,0xb2,0xe5,0x8a,
- 0x9e,0x85,0x83,0xcc,0x04,0xf1,0x56,0x78,0x44,0x5e,
- 0xde,0xe0,0x60,0x1a,0x65,0x79,0x31,0x23,0x05,0xbb,
- 0x01,0xff,0xdd,0x2e,0xb7,0xb3,0xaa,0x74,0xe0,0xa5,
- 0x94,0xaf,0x4b,0xde,0x58,0x0f,0x55,0xde,0x33,0xf6,
- 0xe3,0xd6,0x34,0x36,0x57,0xd6,0x79,0x91,0x2e,0xbe,
- 0x3b,0xd9,0x4e,0xb6,0x9d,0x21,0x5c,0xd3,0x48,0x14,
- 0x7f,0x4a,0xc4,0x60,0xa9,0x29,0xf8,0x53,0x7f,0x88,
- 0x11,0x2d,0xb5,0xc5,0x2d,0x6f,0xee,0x85,0x0b,0xf7,
- 0x8d,0x9a,0xbe,0xb0,0x42,0xf2,0x2e,0x71,0xaf,0x19,
- 0x31,0x6d,0xec,0xcd,0x6f,0x2b,0x23,0xdf,0xb4,0x40,
- 0xaf,0x2c,0x0a,0xc3,0x1b,0x7d,0x7d,0x03,0x1d,0x4b,
- 0xf3,0xb5,0xe0,0x85,0xd8,0xdf,0x91,0x6b,0x0a,0x69,
- 0xf7,0xf2,0x69,0x66,0x5b,0xf1,0xcf,0x46,0x7d,0xe9,
- 0x70,0xfa,0x6d,0x7e,0x75,0x4e,0xa9,0x77,0xe6,0x8c,
- 0x02,0xf7,0x14,0x4d,0xa5,0x41,0x8f,0x3f,0xc1,0x62,
- 0x1e,0x71,0x5e,0x38,0xb4,0xd6,0xe6,0xe1,0x4b,0xc2,
- 0x2c,0x30,0x83,0x81,0x6f,0x49,0x2e,0x96,0xe6,0xc9,
- 0x9a,0xf7,0x5d,0x09,0xa0,0x55,0x02,0xa5,0x3a,0x25,
- 0x23,0xd0,0x92,0xc3,0xa3,0xe3,0x0e,0x12,0x2f,0x4d,
- 0xef,0xf3,0x55,0x5a,0xbe,0xe6,0x19,0x86,0x31,0xab,
- 0x75,0x9a,0xd3,0xf0,0x2c,0xc5,0x41,0x92,0xd9,0x1f,
- 0x5f,0x11,0x8c,0x75,0x1c,0x63,0xd0,0x02,0x80,0x2c,
- 0x68,0xcb,0x93,0xfb,0x51,0x73,0x49,0xb4,0x60,0xda,
- 0xe2,0x26,0xaf,0xa9,0x46,0x12,0xb8,0xec,0x50,0xdd,
- 0x12,0x06,0x5f,0xce,0x59,0xe6,0xf6,0x1c,0xe0,0x54,
- 0x10,0xad,0xf6,0xcd,0x98,0xcc,0x0f,0xfb,0xcb,0x41,
- 0x14,0x9d,0xed,0xe4,0xb4,0x74,0x5f,0x09,0x60,0xc7,
- 0x12,0xf6,0x7b,0x3c,0x8f,0xa7,0x20,0xbc,0xe4,0xb1,
- 0xef,0xeb,0xa4,0x93,0xc5,0x06,0xca,0x9a,0x27,0x9d,
- 0x87,0xf3,0xde,0xca,0xe5,0xe7,0xf6,0x1c,0x01,0x65,
- 0x5b,0xfb,0x19,0x79,0x6e,0x08,0x26,0xc5,0xc8,0x28,
- 0x0e,0xb6,0x3b,0x07,0x08,0xc1,0x02,0x82,0x01,0x01,
- 0x00,0xe8,0x1c,0x73,0xa6,0xb8,0xe0,0x0e,0x6d,0x8d,
- 0x1b,0xb9,0x53,0xed,0x58,0x94,0xe6,0x1d,0x60,0x14,
- 0x5c,0x76,0x43,0xc4,0x58,0x19,0xc4,0x24,0xe8,0xbc,
- 0x1b,0x3b,0x0b,0x13,0x24,0x45,0x54,0x0e,0xcc,0x37,
- 0xf0,0xe0,0x63,0x7d,0xc3,0xf7,0xfb,0x81,0x74,0x81,
- 0xc4,0x0f,0x1a,0x21,0x48,0xaf,0xce,0xc1,0xc4,0x94,
- 0x18,0x06,0x44,0x8d,0xd3,0xd2,0x22,0x2d,0x2d,0x3e,
- 0x5a,0x31,0xdc,0x95,0x8e,0xf4,0x41,0xfc,0x58,0xc9,
- 0x40,0x92,0x17,0x5f,0xe3,0xda,0xac,0x9e,0x3f,0x1c,
- 0x2a,0x6b,0x58,0x5f,0x48,0x78,0x20,0xb1,0xaf,0x24,
- 0x9b,0x3c,0x20,0x8b,0x93,0x25,0x9e,0xe6,0x6b,0xbc,
- 0x13,0x42,0x14,0x6c,0x36,0x31,0xff,0x7a,0xd1,0xc1,
- 0x1a,0x26,0x14,0x7f,0xa9,0x76,0xa7,0x0c,0xf8,0xcc,
- 0xed,0x07,0x6a,0xd2,0xdf,0x62,0xee,0x0a,0x7c,0x84,
- 0xcb,0x49,0x90,0xb2,0x03,0x0d,0xa2,0x82,0x06,0x77,
- 0xf1,0xcd,0x67,0xf2,0x47,0x21,0x02,0x3f,0x43,0x21,
- 0xf0,0x46,0x30,0x62,0x51,0x72,0xb1,0xe7,0x48,0xc6,
- 0x67,0x12,0xcd,0x9e,0xd6,0x15,0xe5,0x21,0xed,0xfa,
- 0x8f,0x30,0xa6,0x41,0xfe,0xb6,0xfa,0x8f,0x34,0x14,
- 0x19,0xe8,0x11,0xf7,0xa5,0x77,0x3e,0xb7,0xf9,0x39,
- 0x07,0x8c,0x67,0x2a,0xab,0x7b,0x08,0xf8,0xb0,0x06,
- 0xa8,0xea,0x2f,0x8f,0xfa,0xcc,0xcc,0x40,0xce,0xf3,
- 0x70,0x4f,0x3f,0x7f,0xe2,0x0c,0xea,0x76,0x4a,0x35,
- 0x4e,0x47,0xad,0x2b,0xa7,0x97,0x5d,0x74,0x43,0x97,
- 0x90,0xd2,0xfb,0xd9,0xf9,0x96,0x01,0x33,0x05,0xed,
- 0x7b,0x03,0x05,0xad,0xf8,0x49,0x03,0x02,0x82,0x01,
- 0x01,0x00,0xd4,0x40,0x17,0x66,0x10,0x92,0x95,0xc8,
- 0xec,0x62,0xa9,0x7a,0xcb,0x93,0x8e,0xe6,0x53,0xd4,
- 0x80,0x48,0x27,0x4b,0x41,0xce,0x61,0xdf,0xbf,0x94,
- 0xa4,0x3d,0x71,0x03,0x0b,0xed,0x25,0x71,0x98,0xa4,
- 0xd6,0xd5,0x4a,0x57,0xf5,0x6c,0x1b,0xda,0x21,0x7d,
- 0x35,0x45,0xb3,0xf3,0x6a,0xd9,0xd3,0x43,0xe8,0x5c,
- 0x54,0x1c,0x83,0x1b,0xb4,0x5f,0xf2,0x97,0x24,0x2e,
- 0xdc,0x40,0xde,0x92,0x23,0x59,0x8e,0xbc,0xd2,0xa1,
- 0xf2,0xe0,0x4c,0xdd,0x0b,0xd1,0xe7,0xae,0x65,0xbc,
- 0xb5,0xf5,0x5b,0x98,0xe9,0xd7,0xc2,0xb7,0x0e,0x55,
- 0x71,0x0e,0x3c,0x0a,0x24,0x6b,0xa6,0xe6,0x14,0x61,
- 0x11,0xfd,0x33,0x42,0x99,0x2b,0x84,0x77,0x74,0x92,
- 0x91,0xf5,0x79,0x79,0xcf,0xad,0x8e,0x04,0xef,0x80,
- 0x1e,0x57,0xf4,0x14,0xf5,0x35,0x09,0x74,0xb2,0x13,
- 0x71,0x58,0x6b,0xea,0x32,0x5d,0xf3,0xd3,0x76,0x48,
- 0x39,0x10,0x23,0x84,0x9d,0xbe,0x92,0x77,0x4a,0xed,
- 0x70,0x3e,0x1a,0xa2,0x6c,0xb3,0x81,0x00,0xc3,0xc9,
- 0xe4,0x52,0xc8,0x24,0x88,0x0c,0x41,0xad,0x87,0x5a,
- 0xea,0xa3,0x7a,0x85,0x1c,0x5e,0x31,0x7f,0xc3,0x35,
- 0xc6,0xfa,0x10,0xc8,0x75,0x10,0xc4,0x96,0x99,0xe7,
- 0xfe,0x01,0xb4,0x74,0xdb,0xb4,0x11,0xc3,0xc8,0x8c,
- 0xf6,0xf7,0x3b,0x66,0x50,0xfc,0xdb,0xeb,0xca,0x47,
- 0x85,0x89,0xe1,0x65,0xd9,0x62,0x34,0x3c,0x70,0xd8,
- 0x2e,0xb4,0x2f,0x65,0x3c,0x4a,0xa6,0x2a,0xe7,0xc7,
- 0xd8,0x41,0x8f,0x8a,0x43,0xbf,0x42,0xf2,0x4d,0xbc,
- 0xfc,0x9e,0x27,0x95,0xfb,0x75,0xff,0xab,0x02,0x82,
- 0x01,0x00,0x41,0x2f,0x44,0x57,0x6d,0x12,0x17,0x5b,
- 0x32,0xc6,0xb7,0x6c,0x57,0x7a,0x8a,0x0e,0x79,0xef,
- 0x72,0xa8,0x68,0xda,0x2d,0x38,0xe4,0xbb,0x8d,0xf6,
- 0x02,0x65,0xcf,0x56,0x13,0xe1,0x1a,0xcb,0x39,0x80,
- 0xa6,0xb1,0x32,0x03,0x1e,0xdd,0xbb,0x35,0xd9,0xac,
- 0x43,0x89,0x31,0x08,0x90,0x92,0x5e,0x35,0x3d,0x7b,
- 0x9c,0x6f,0x86,0xcb,0x17,0xdd,0x85,0xe4,0xed,0x35,
- 0x08,0x8e,0xc1,0xf4,0x05,0xd8,0x68,0xc6,0x63,0x3c,
- 0xf7,0xff,0xf7,0x47,0x33,0x39,0xc5,0x3e,0xb7,0x0e,
- 0x58,0x35,0x9d,0x81,0xea,0xf8,0x6a,0x2c,0x1c,0x5a,
- 0x68,0x78,0x64,0x11,0x6b,0xc1,0x3e,0x4e,0x7a,0xbd,
- 0x84,0xcb,0x0f,0xc2,0xb6,0x85,0x1d,0xd3,0x76,0xc5,
- 0x93,0x6a,0x69,0x89,0x56,0x34,0xdc,0x4a,0x9b,0xbc,
- 0xff,0xa8,0x0d,0x6e,0x35,0x9c,0x60,0xa7,0x23,0x30,
- 0xc7,0x06,0x64,0x39,0x8b,0x94,0x89,0xee,0xba,0x7f,
- 0x60,0x8d,0xfa,0xb6,0x97,0x76,0xdc,0x51,0x4a,0x3c,
- 0xeb,0x3a,0x14,0x2c,0x20,0x60,0x69,0x4a,0x86,0xfe,
- 0x8c,0x21,0x84,0x49,0x54,0xb3,0x20,0xe1,0x01,0x7f,
- 0x58,0xdf,0x7f,0xb5,0x21,0x51,0x8c,0x47,0x9f,0x91,
- 0xeb,0x97,0x3e,0xf2,0x54,0xcf,0x16,0x46,0xf9,0xd9,
- 0xb6,0xe7,0x64,0xc9,0xd0,0x54,0xea,0x2f,0xa1,0xcf,
- 0xa5,0x7f,0x28,0x8d,0x84,0xec,0xd5,0x39,0x03,0x76,
- 0x5b,0x2d,0x8e,0x43,0xf2,0x01,0x24,0xc9,0x6f,0xc0,
- 0xf5,0x69,0x6f,0x7d,0xb5,0x85,0xd2,0x5f,0x7f,0x78,
- 0x40,0x07,0x7f,0x09,0x15,0xb5,0x1f,0x28,0x65,0x10,
- 0xe4,0x19,0xa8,0xc6,0x9e,0x8d,0xdc,0xcb,0x02,0x82,
- 0x01,0x00,0x13,0x01,0xee,0x56,0x80,0x93,0x70,0x00,
- 0x7f,0x52,0xd2,0x94,0xa1,0x98,0x84,0x4a,0x92,0x25,
- 0x4c,0x9b,0xa9,0x91,0x2e,0xc2,0x79,0xb7,0x5c,0xe3,
- 0xc5,0xd5,0x8e,0xc2,0x54,0x16,0x17,0xad,0x55,0x9b,
- 0x25,0x76,0x12,0x63,0x50,0x22,0x2f,0x58,0x58,0x79,
- 0x6b,0x04,0xe3,0xf9,0x9f,0x8f,0x04,0x41,0x67,0x94,
- 0xa5,0x1f,0xac,0x8a,0x15,0x9c,0x26,0x10,0x6c,0xf8,
- 0x19,0x57,0x61,0xd7,0x3a,0x7d,0x31,0xb0,0x2d,0x38,
- 0xbd,0x94,0x62,0xad,0xc4,0xfa,0x36,0x42,0x42,0xf0,
- 0x24,0x67,0x65,0x9d,0x8b,0x0b,0x7c,0x6f,0x82,0x44,
- 0x1a,0x8c,0xc8,0xc9,0xab,0xbb,0x4c,0x45,0xfc,0x7b,
- 0x38,0xee,0x30,0xe1,0xfc,0xef,0x8d,0xbc,0x58,0xdf,
- 0x2b,0x5d,0x0d,0x54,0xe0,0x49,0x4d,0x97,0x99,0x8f,
- 0x22,0xa8,0x83,0xbe,0x40,0xbb,0x50,0x2e,0x78,0x28,
- 0x0f,0x95,0x78,0x8c,0x8f,0x98,0x24,0x56,0xc2,0x97,
- 0xf3,0x2c,0x43,0xd2,0x03,0x82,0x66,0x81,0x72,0x5f,
- 0x53,0x16,0xec,0xb1,0xb1,0x04,0x5e,0x40,0x20,0x48,
- 0x7b,0x3f,0x02,0x97,0x6a,0xeb,0x96,0x12,0x21,0x35,
- 0xfe,0x1f,0x47,0xc0,0x95,0xea,0xc5,0x8a,0x08,0x84,
- 0x4f,0x5e,0x63,0x94,0x60,0x0f,0x71,0x5b,0x7f,0x4a,
- 0xec,0x4f,0x60,0xc6,0xba,0x4a,0x24,0xf1,0x20,0x8b,
- 0xa7,0x2e,0x3a,0xce,0x8d,0xe0,0x27,0x1d,0xb5,0x8e,
- 0xb4,0x21,0xc5,0xe2,0xa6,0x16,0x0a,0x51,0x83,0x55,
- 0x88,0xd1,0x30,0x11,0x63,0xd5,0xd7,0x8d,0xae,0x16,
- 0x12,0x82,0xc4,0x85,0x00,0x4e,0x27,0x83,0xa5,0x7c,
- 0x90,0x2e,0xe5,0xa2,0xa3,0xd3,0x4c,0x63,0x02,0x82,
- 0x01,0x01,0x00,0x86,0x08,0x98,0x98,0xa5,0x00,0x05,
- 0x39,0x77,0xd9,0x66,0xb3,0xcf,0xca,0xa0,0x71,0xb3,
- 0x50,0xce,0x3d,0xb1,0x93,0x95,0x35,0xc4,0xd4,0x2e,
- 0x90,0xdf,0x0f,0xfc,0x60,0xc1,0x94,0x68,0x61,0x43,
- 0xca,0x9a,0x23,0x4a,0x1e,0x45,0x72,0x99,0xb5,0x1e,
- 0x61,0x8d,0x77,0x0f,0xa0,0xbb,0xd7,0x77,0xb4,0x2a,
- 0x15,0x11,0x88,0x2d,0xb3,0x56,0x61,0x5e,0x6a,0xed,
- 0xa4,0x46,0x4a,0x3f,0x50,0x11,0xd6,0xba,0xb6,0xd7,
- 0x95,0x65,0x53,0xc3,0xa1,0x8f,0xe0,0xa3,0xf5,0x1c,
- 0xfd,0xaf,0x6e,0x43,0xd7,0x17,0xa7,0xd3,0x81,0x1b,
- 0xa4,0xdf,0xe0,0x97,0x8a,0x46,0x03,0xd3,0x46,0x0e,
- 0x83,0x48,0x4e,0xd2,0x02,0xcb,0xc0,0xad,0x79,0x95,
- 0x8c,0x96,0xba,0x40,0x34,0x11,0x71,0x5e,0xe9,0x11,
- 0xf9,0xc5,0x4a,0x5e,0x91,0x9d,0xf5,0x92,0x4f,0xeb,
- 0xc6,0x70,0x02,0x2d,0x3d,0x04,0xaa,0xe9,0x3a,0x8e,
- 0xd5,0xa8,0xad,0xf7,0xce,0x0d,0x16,0xb2,0xec,0x0a,
- 0x9c,0xf5,0x94,0x39,0xb9,0x8a,0xfc,0x1e,0xf9,0xcc,
- 0xf2,0x5f,0x21,0x31,0x74,0x72,0x6b,0x64,0xae,0x35,
- 0x61,0x8d,0x0d,0xcb,0xe7,0xda,0x39,0xca,0xf3,0x21,
- 0x66,0x0b,0x95,0xd7,0x0a,0x7c,0xca,0xa1,0xa9,0x5a,
- 0xe8,0xac,0xe0,0x71,0x54,0xaf,0x28,0xcf,0xd5,0x70,
- 0x89,0xe0,0xf3,0x9e,0x43,0x6c,0x8d,0x7b,0x99,0x01,
- 0x68,0x4d,0xa1,0x45,0x46,0x0c,0x43,0xbc,0xcc,0x2c,
- 0xdd,0xc5,0x46,0xc8,0x4e,0x0e,0xbe,0xed,0xb9,0x26,
- 0xab,0x2e,0xdb,0xeb,0x8f,0xff,0xdb,0xb0,0xc6,0x55,
- 0xaf,0xf8,0x2a,0x91,0x9d,0x50,0x44,0x21,0x17,
- };
Copied: vendor-crypto/openssl/0.9.8zf/apps/testrsa.h (from rev 6976, vendor-crypto/openssl/dist/apps/testrsa.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/testrsa.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/testrsa.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,518 @@
+/* apps/testrsa.h */
+/* used by apps/speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static unsigned char test512[] = {
+ 0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
+ 0xd6, 0x33, 0xb9, 0xc8, 0xfb, 0x4f, 0x3c, 0x7d, 0xc0, 0x01,
+ 0x86, 0xd0, 0xe7, 0xa0, 0x55, 0xf2, 0x95, 0x93, 0xcc, 0x4f,
+ 0xb7, 0x5b, 0x67, 0x5b, 0x94, 0x68, 0xc9, 0x34, 0x15, 0xde,
+ 0xa5, 0x2e, 0x1c, 0x33, 0xc2, 0x6e, 0xfc, 0x34, 0x5e, 0x71,
+ 0x13, 0xb7, 0xd6, 0xee, 0xd8, 0xa5, 0x65, 0x05, 0x72, 0x87,
+ 0xa8, 0xb0, 0x77, 0xfe, 0x57, 0xf5, 0xfc, 0x5f, 0x55, 0x83,
+ 0x87, 0xdd, 0x57, 0x49, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+ 0x41, 0x00, 0xa7, 0xf7, 0x91, 0xc5, 0x0f, 0x84, 0x57, 0xdc,
+ 0x07, 0xf7, 0x6a, 0x7f, 0x60, 0x52, 0xb3, 0x72, 0xf1, 0x66,
+ 0x1f, 0x7d, 0x97, 0x3b, 0x9e, 0xb6, 0x0a, 0x8f, 0x8c, 0xcf,
+ 0x42, 0x23, 0x00, 0x04, 0xd4, 0x28, 0x0e, 0x1c, 0x90, 0xc4,
+ 0x11, 0x25, 0x25, 0xa5, 0x93, 0xa5, 0x2f, 0x70, 0x02, 0xdf,
+ 0x81, 0x9c, 0x49, 0x03, 0xa0, 0xf8, 0x6d, 0x54, 0x2e, 0x26,
+ 0xde, 0xaa, 0x85, 0x59, 0xa8, 0x31, 0x02, 0x21, 0x00, 0xeb,
+ 0x47, 0xd7, 0x3b, 0xf6, 0xc3, 0xdd, 0x5a, 0x46, 0xc5, 0xb9,
+ 0x2b, 0x9a, 0xa0, 0x09, 0x8f, 0xa6, 0xfb, 0xf3, 0x78, 0x7a,
+ 0x33, 0x70, 0x9d, 0x0f, 0x42, 0x6b, 0x13, 0x68, 0x24, 0xd3,
+ 0x15, 0x02, 0x21, 0x00, 0xe9, 0x10, 0xb0, 0xb3, 0x0d, 0xe2,
+ 0x82, 0x68, 0x77, 0x8a, 0x6e, 0x7c, 0xda, 0xbc, 0x3e, 0x53,
+ 0x83, 0xfb, 0xd6, 0x22, 0xe7, 0xb5, 0xae, 0x6e, 0x80, 0xda,
+ 0x00, 0x55, 0x97, 0xc1, 0xd0, 0x65, 0x02, 0x20, 0x4c, 0xf8,
+ 0x73, 0xb1, 0x6a, 0x49, 0x29, 0x61, 0x1f, 0x46, 0x10, 0x0d,
+ 0xf3, 0xc7, 0xe7, 0x58, 0xd7, 0x88, 0x15, 0x5e, 0x94, 0x9b,
+ 0xbf, 0x7b, 0xa2, 0x42, 0x58, 0x45, 0x41, 0x0c, 0xcb, 0x01,
+ 0x02, 0x20, 0x12, 0x11, 0xba, 0x31, 0x57, 0x9d, 0x3d, 0x11,
+ 0x0e, 0x5b, 0x8c, 0x2f, 0x5f, 0xe2, 0x02, 0x4f, 0x05, 0x47,
+ 0x8c, 0x15, 0x8e, 0xb3, 0x56, 0x3f, 0xb8, 0xfb, 0xad, 0xd4,
+ 0xf4, 0xfc, 0x10, 0xc5, 0x02, 0x20, 0x18, 0xa1, 0x29, 0x99,
+ 0x5b, 0xd9, 0xc8, 0xd4, 0xfc, 0x49, 0x7a, 0x2a, 0x21, 0x2c,
+ 0x49, 0xe4, 0x4f, 0xeb, 0xef, 0x51, 0xf1, 0xab, 0x6d, 0xfb,
+ 0x4b, 0x14, 0xe9, 0x4b, 0x52, 0xb5, 0x82, 0x2c,
+};
+
+static unsigned char test1024[] = {
+ 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+ 0x00, 0xdc, 0x98, 0x43, 0xe8, 0x3d, 0x43, 0x5b, 0xe4, 0x05,
+ 0xcd, 0xd0, 0xa9, 0x3e, 0xcb, 0x83, 0x75, 0xf6, 0xb5, 0xa5,
+ 0x9f, 0x6b, 0xe9, 0x34, 0x41, 0x29, 0x18, 0xfa, 0x6a, 0x55,
+ 0x4d, 0x70, 0xfc, 0xec, 0xae, 0x87, 0x38, 0x0a, 0x20, 0xa9,
+ 0xc0, 0x45, 0x77, 0x6e, 0x57, 0x60, 0x57, 0xf4, 0xed, 0x96,
+ 0x22, 0xcb, 0x8f, 0xe1, 0x33, 0x3a, 0x17, 0x1f, 0xed, 0x37,
+ 0xa5, 0x6f, 0xeb, 0xa6, 0xbc, 0x12, 0x80, 0x1d, 0x53, 0xbd,
+ 0x70, 0xeb, 0x21, 0x76, 0x3e, 0xc9, 0x2f, 0x1a, 0x45, 0x24,
+ 0x82, 0xff, 0xcd, 0x59, 0x32, 0x06, 0x2e, 0x12, 0x3b, 0x23,
+ 0x78, 0xed, 0x12, 0x3d, 0xe0, 0x8d, 0xf9, 0x67, 0x4f, 0x37,
+ 0x4e, 0x47, 0x02, 0x4c, 0x2d, 0xc0, 0x4f, 0x1f, 0xb3, 0x94,
+ 0xe1, 0x41, 0x2e, 0x2d, 0x90, 0x10, 0xfc, 0x82, 0x91, 0x8b,
+ 0x0f, 0x22, 0xd4, 0xf2, 0xfc, 0x2c, 0xab, 0x53, 0x55, 0x02,
+ 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x2b, 0xcc, 0x3f,
+ 0x8f, 0x58, 0xba, 0x8b, 0x00, 0x16, 0xf6, 0xea, 0x3a, 0xf0,
+ 0x30, 0xd0, 0x05, 0x17, 0xda, 0xb0, 0xeb, 0x9a, 0x2d, 0x4f,
+ 0x26, 0xb0, 0xd6, 0x38, 0xc1, 0xeb, 0xf5, 0xd8, 0x3d, 0x1f,
+ 0x70, 0xf7, 0x7f, 0xf4, 0xe2, 0xcf, 0x51, 0x51, 0x79, 0x88,
+ 0xfa, 0xe8, 0x32, 0x0e, 0x7b, 0x2d, 0x97, 0xf2, 0xfa, 0xba,
+ 0x27, 0xc5, 0x9c, 0xd9, 0xc5, 0xeb, 0x8a, 0x79, 0x52, 0x3c,
+ 0x64, 0x34, 0x7d, 0xc2, 0xcf, 0x28, 0xc7, 0x4e, 0xd5, 0x43,
+ 0x0b, 0xd1, 0xa6, 0xca, 0x6d, 0x03, 0x2d, 0x72, 0x23, 0xbc,
+ 0x6d, 0x05, 0xfa, 0x16, 0x09, 0x2f, 0x2e, 0x5c, 0xb6, 0xee,
+ 0x74, 0xdd, 0xd2, 0x48, 0x8e, 0x36, 0x0c, 0x06, 0x3d, 0x4d,
+ 0xe5, 0x10, 0x82, 0xeb, 0x6a, 0xf3, 0x4b, 0x9f, 0xd6, 0xed,
+ 0x11, 0xb1, 0x6e, 0xec, 0xf4, 0xfe, 0x8e, 0x75, 0x94, 0x20,
+ 0x2f, 0xcb, 0xac, 0x46, 0xf1, 0x02, 0x41, 0x00, 0xf9, 0x8c,
+ 0xa3, 0x85, 0xb1, 0xdd, 0x29, 0xaf, 0x65, 0xc1, 0x33, 0xf3,
+ 0x95, 0xc5, 0x52, 0x68, 0x0b, 0xd4, 0xf1, 0xe5, 0x0e, 0x02,
+ 0x9f, 0x4f, 0xfa, 0x77, 0xdc, 0x46, 0x9e, 0xc7, 0xa6, 0xe4,
+ 0x16, 0x29, 0xda, 0xb0, 0x07, 0xcf, 0x5b, 0xa9, 0x12, 0x8a,
+ 0xdd, 0x63, 0x0a, 0xde, 0x2e, 0x8c, 0x66, 0x8b, 0x8c, 0xdc,
+ 0x19, 0xa3, 0x7e, 0xf4, 0x3b, 0xd0, 0x1a, 0x8c, 0xa4, 0xc2,
+ 0xe1, 0xd3, 0x02, 0x41, 0x00, 0xe2, 0x4c, 0x05, 0xf2, 0x04,
+ 0x86, 0x4e, 0x61, 0x43, 0xdb, 0xb0, 0xb9, 0x96, 0x86, 0x52,
+ 0x2c, 0xca, 0x8d, 0x7b, 0xab, 0x0b, 0x13, 0x0d, 0x7e, 0x38,
+ 0x5b, 0xe2, 0x2e, 0x7b, 0x0e, 0xe7, 0x19, 0x99, 0x38, 0xe7,
+ 0xf2, 0x21, 0xbd, 0x85, 0x85, 0xe3, 0xfd, 0x28, 0x77, 0x20,
+ 0x31, 0x71, 0x2c, 0xd0, 0xff, 0xfb, 0x2e, 0xaf, 0x85, 0xb4,
+ 0x86, 0xca, 0xf3, 0xbb, 0xca, 0xaa, 0x0f, 0x95, 0x37, 0x02,
+ 0x40, 0x0e, 0x41, 0x9a, 0x95, 0xe8, 0xb3, 0x59, 0xce, 0x4b,
+ 0x61, 0xde, 0x35, 0xec, 0x38, 0x79, 0x9c, 0xb8, 0x10, 0x52,
+ 0x41, 0x63, 0xab, 0x82, 0xae, 0x6f, 0x00, 0xa9, 0xf4, 0xde,
+ 0xdd, 0x49, 0x0b, 0x7e, 0xb8, 0xa5, 0x65, 0xa9, 0x0c, 0x8f,
+ 0x8f, 0xf9, 0x1f, 0x35, 0xc6, 0x92, 0xb8, 0x5e, 0xb0, 0x66,
+ 0xab, 0x52, 0x40, 0xc0, 0xb6, 0x36, 0x6a, 0x7d, 0x80, 0x46,
+ 0x04, 0x02, 0xe5, 0x9f, 0x41, 0x02, 0x41, 0x00, 0xc0, 0xad,
+ 0xcc, 0x4e, 0x21, 0xee, 0x1d, 0x24, 0x91, 0xfb, 0xa7, 0x80,
+ 0x8d, 0x9a, 0xb6, 0xb3, 0x2e, 0x8f, 0xc2, 0xe1, 0x82, 0xdf,
+ 0x69, 0x18, 0xb4, 0x71, 0xff, 0xa6, 0x65, 0xde, 0xed, 0x84,
+ 0x8d, 0x42, 0xb7, 0xb3, 0x21, 0x69, 0x56, 0x1c, 0x07, 0x60,
+ 0x51, 0x29, 0x04, 0xff, 0x34, 0x06, 0xdd, 0xb9, 0x67, 0x2c,
+ 0x7c, 0x04, 0x93, 0x0e, 0x46, 0x15, 0xbb, 0x2a, 0xb7, 0x1b,
+ 0xe7, 0x87, 0x02, 0x40, 0x78, 0xda, 0x5d, 0x07, 0x51, 0x0c,
+ 0x16, 0x7a, 0x9f, 0x29, 0x20, 0x84, 0x0d, 0x42, 0xfa, 0xd7,
+ 0x00, 0xd8, 0x77, 0x7e, 0xb0, 0xb0, 0x6b, 0xd6, 0x5b, 0x53,
+ 0xb8, 0x9b, 0x7a, 0xcd, 0xc7, 0x2b, 0xb8, 0x6a, 0x63, 0xa9,
+ 0xfb, 0x6f, 0xa4, 0x72, 0xbf, 0x4c, 0x5d, 0x00, 0x14, 0xba,
+ 0xfa, 0x59, 0x88, 0xed, 0xe4, 0xe0, 0x8c, 0xa2, 0xec, 0x14,
+ 0x7e, 0x2d, 0xe2, 0xf0, 0x46, 0x49, 0x95, 0x45,
+};
+
+static unsigned char test2048[] = {
+ 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xc0, 0xc0, 0xce, 0x3e, 0x3c, 0x53, 0x67, 0x3f,
+ 0x4f, 0xc5, 0x2f, 0xa4, 0xc2, 0x5a, 0x2f, 0x58, 0xfd, 0x27,
+ 0x52, 0x6a, 0xe8, 0xcf, 0x4a, 0x73, 0x47, 0x8d, 0x25, 0x0f,
+ 0x5f, 0x03, 0x26, 0x78, 0xef, 0xf0, 0x22, 0x12, 0xd3, 0xde,
+ 0x47, 0xb2, 0x1c, 0x0b, 0x38, 0x63, 0x1a, 0x6c, 0x85, 0x7a,
+ 0x80, 0xc6, 0x8f, 0xa0, 0x41, 0xaf, 0x62, 0xc4, 0x67, 0x32,
+ 0x88, 0xf8, 0xa6, 0x9c, 0xf5, 0x23, 0x1d, 0xe4, 0xac, 0x3f,
+ 0x29, 0xf9, 0xec, 0xe1, 0x8b, 0x26, 0x03, 0x2c, 0xb2, 0xab,
+ 0xf3, 0x7d, 0xb5, 0xca, 0x49, 0xc0, 0x8f, 0x1c, 0xdf, 0x33,
+ 0x3a, 0x60, 0xda, 0x3c, 0xb0, 0x16, 0xf8, 0xa9, 0x12, 0x8f,
+ 0x64, 0xac, 0x23, 0x0c, 0x69, 0x64, 0x97, 0x5d, 0x99, 0xd4,
+ 0x09, 0x83, 0x9b, 0x61, 0xd3, 0xac, 0xf0, 0xde, 0xdd, 0x5e,
+ 0x9f, 0x44, 0x94, 0xdb, 0x3a, 0x4d, 0x97, 0xe8, 0x52, 0x29,
+ 0xf7, 0xdb, 0x94, 0x07, 0x45, 0x90, 0x78, 0x1e, 0x31, 0x0b,
+ 0x80, 0xf7, 0x57, 0xad, 0x1c, 0x79, 0xc5, 0xcb, 0x32, 0xb0,
+ 0xce, 0xcd, 0x74, 0xb3, 0xe2, 0x94, 0xc5, 0x78, 0x2f, 0x34,
+ 0x1a, 0x45, 0xf7, 0x8c, 0x52, 0xa5, 0xbc, 0x8d, 0xec, 0xd1,
+ 0x2f, 0x31, 0x3b, 0xf0, 0x49, 0x59, 0x5e, 0x88, 0x9d, 0x15,
+ 0x92, 0x35, 0x32, 0xc1, 0xe7, 0x61, 0xec, 0x50, 0x48, 0x7c,
+ 0xba, 0x05, 0xf9, 0xf8, 0xf8, 0xa7, 0x8c, 0x83, 0xe8, 0x66,
+ 0x5b, 0xeb, 0xfe, 0xd8, 0x4f, 0xdd, 0x6d, 0x36, 0xc0, 0xb2,
+ 0x90, 0x0f, 0xb8, 0x52, 0xf9, 0x04, 0x9b, 0x40, 0x2c, 0x27,
+ 0xd6, 0x36, 0x8e, 0xc2, 0x1b, 0x44, 0xf3, 0x92, 0xd5, 0x15,
+ 0x9e, 0x9a, 0xbc, 0xf3, 0x7d, 0x03, 0xd7, 0x02, 0x14, 0x20,
+ 0xe9, 0x10, 0x92, 0xfd, 0xf9, 0xfc, 0x8f, 0xe5, 0x18, 0xe1,
+ 0x95, 0xcc, 0x9e, 0x60, 0xa6, 0xfa, 0x38, 0x4d, 0x02, 0x03,
+ 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x00, 0xc3, 0xc3,
+ 0x0d, 0xb4, 0x27, 0x90, 0x8d, 0x4b, 0xbf, 0xb8, 0x84, 0xaa,
+ 0xd0, 0xb8, 0xc7, 0x5d, 0x99, 0xbe, 0x55, 0xf6, 0x3e, 0x7c,
+ 0x49, 0x20, 0xcb, 0x8a, 0x8e, 0x19, 0x0e, 0x66, 0x24, 0xac,
+ 0xaf, 0x03, 0x33, 0x97, 0xeb, 0x95, 0xd5, 0x3b, 0x0f, 0x40,
+ 0x56, 0x04, 0x50, 0xd1, 0xe6, 0xbe, 0x84, 0x0b, 0x25, 0xd3,
+ 0x9c, 0xe2, 0x83, 0x6c, 0xf5, 0x62, 0x5d, 0xba, 0x2b, 0x7d,
+ 0x3d, 0x7a, 0x6c, 0xe1, 0xd2, 0x0e, 0x54, 0x93, 0x80, 0x01,
+ 0x91, 0x51, 0x09, 0xe8, 0x5b, 0x8e, 0x47, 0xbd, 0x64, 0xe4,
+ 0x0e, 0x03, 0x83, 0x55, 0xcf, 0x5a, 0x37, 0xf0, 0x25, 0xb5,
+ 0x7d, 0x21, 0xd7, 0x69, 0xdf, 0x6f, 0xc2, 0xcf, 0x10, 0xc9,
+ 0x8a, 0x40, 0x9f, 0x7a, 0x70, 0xc0, 0xe8, 0xe8, 0xc0, 0xe6,
+ 0x9a, 0x15, 0x0a, 0x8d, 0x4e, 0x46, 0xcb, 0x7a, 0xdb, 0xb3,
+ 0xcb, 0x83, 0x02, 0xc4, 0xf0, 0xab, 0xeb, 0x02, 0x01, 0x0e,
+ 0x23, 0xfc, 0x1d, 0xc4, 0xbd, 0xd4, 0xaa, 0x5d, 0x31, 0x46,
+ 0x99, 0xce, 0x9e, 0xf8, 0x04, 0x75, 0x10, 0x67, 0xc4, 0x53,
+ 0x47, 0x44, 0xfa, 0xc2, 0x25, 0x73, 0x7e, 0xd0, 0x8e, 0x59,
+ 0xd1, 0xb2, 0x5a, 0xf4, 0xc7, 0x18, 0x92, 0x2f, 0x39, 0xab,
+ 0xcd, 0xa3, 0xb5, 0xc2, 0xb9, 0xc7, 0xb9, 0x1b, 0x9f, 0x48,
+ 0xfa, 0x13, 0xc6, 0x98, 0x4d, 0xca, 0x84, 0x9c, 0x06, 0xca,
+ 0xe7, 0x89, 0x01, 0x04, 0xc4, 0x6c, 0xfd, 0x29, 0x59, 0x35,
+ 0xe7, 0xf3, 0xdd, 0xce, 0x64, 0x59, 0xbf, 0x21, 0x13, 0xa9,
+ 0x9f, 0x0e, 0xc5, 0xff, 0xbd, 0x33, 0x00, 0xec, 0xac, 0x6b,
+ 0x11, 0xef, 0x51, 0x5e, 0xad, 0x07, 0x15, 0xde, 0xb8, 0x5f,
+ 0xc6, 0xb9, 0xa3, 0x22, 0x65, 0x46, 0x83, 0x14, 0xdf, 0xd0,
+ 0xf1, 0x44, 0x8a, 0xe1, 0x9c, 0x23, 0x33, 0xb4, 0x97, 0x33,
+ 0xe6, 0x6b, 0x81, 0x02, 0x81, 0x81, 0x00, 0xec, 0x12, 0xa7,
+ 0x59, 0x74, 0x6a, 0xde, 0x3e, 0xad, 0xd8, 0x36, 0x80, 0x50,
+ 0xa2, 0xd5, 0x21, 0x81, 0x07, 0xf1, 0xd0, 0x91, 0xf2, 0x6c,
+ 0x12, 0x2f, 0x9d, 0x1a, 0x26, 0xf8, 0x30, 0x65, 0xdf, 0xe8,
+ 0xc0, 0x9b, 0x6a, 0x30, 0x98, 0x82, 0x87, 0xec, 0xa2, 0x56,
+ 0x87, 0x62, 0x6f, 0xe7, 0x9f, 0xf6, 0x56, 0xe6, 0x71, 0x8f,
+ 0x49, 0x86, 0x93, 0x5a, 0x4d, 0x34, 0x58, 0xfe, 0xd9, 0x04,
+ 0x13, 0xaf, 0x79, 0xb7, 0xad, 0x11, 0xd1, 0x30, 0x9a, 0x14,
+ 0x06, 0xa0, 0xfa, 0xb7, 0x55, 0xdc, 0x6c, 0x5a, 0x4c, 0x2c,
+ 0x59, 0x56, 0xf6, 0xe8, 0x9d, 0xaf, 0x0a, 0x78, 0x99, 0x06,
+ 0x06, 0x9e, 0xe7, 0x9c, 0x51, 0x55, 0x43, 0xfc, 0x3b, 0x6c,
+ 0x0b, 0xbf, 0x2d, 0x41, 0xa7, 0xaf, 0xb7, 0xe0, 0xe8, 0x28,
+ 0x18, 0xb4, 0x13, 0xd1, 0xe6, 0x97, 0xd0, 0x9f, 0x6a, 0x80,
+ 0xca, 0xdd, 0x1a, 0x7e, 0x15, 0x02, 0x81, 0x81, 0x00, 0xd1,
+ 0x06, 0x0c, 0x1f, 0xe3, 0xd0, 0xab, 0xd6, 0xca, 0x7c, 0xbc,
+ 0x7d, 0x13, 0x35, 0xce, 0x27, 0xcd, 0xd8, 0x49, 0x51, 0x63,
+ 0x64, 0x0f, 0xca, 0x06, 0x12, 0xfc, 0x07, 0x3e, 0xaf, 0x61,
+ 0x6d, 0xe2, 0x53, 0x39, 0x27, 0xae, 0xc3, 0x11, 0x9e, 0x94,
+ 0x01, 0x4f, 0xe3, 0xf3, 0x67, 0xf9, 0x77, 0xf9, 0xe7, 0x95,
+ 0x3a, 0x6f, 0xe2, 0x20, 0x73, 0x3e, 0xa4, 0x7a, 0x28, 0xd4,
+ 0x61, 0x97, 0xf6, 0x17, 0xa0, 0x23, 0x10, 0x2b, 0xce, 0x84,
+ 0x57, 0x7e, 0x25, 0x1f, 0xf4, 0xa8, 0x54, 0xd2, 0x65, 0x94,
+ 0xcc, 0x95, 0x0a, 0xab, 0x30, 0xc1, 0x59, 0x1f, 0x61, 0x8e,
+ 0xb9, 0x6b, 0xd7, 0x4e, 0xb9, 0x83, 0x43, 0x79, 0x85, 0x11,
+ 0xbc, 0x0f, 0xae, 0x25, 0x20, 0x05, 0xbc, 0xd2, 0x48, 0xa1,
+ 0x68, 0x09, 0x84, 0xf6, 0x12, 0x9a, 0x66, 0xb9, 0x2b, 0xbb,
+ 0x76, 0x03, 0x17, 0x46, 0x4e, 0x97, 0x59, 0x02, 0x81, 0x80,
+ 0x09, 0x4c, 0xfa, 0xd6, 0xe5, 0x65, 0x48, 0x78, 0x43, 0xb5,
+ 0x1f, 0x00, 0x93, 0x2c, 0xb7, 0x24, 0xe8, 0xc6, 0x7d, 0x5a,
+ 0x70, 0x45, 0x92, 0xc8, 0x6c, 0xa3, 0xcd, 0xe1, 0xf7, 0x29,
+ 0x40, 0xfa, 0x3f, 0x5b, 0x47, 0x44, 0x39, 0xc1, 0xe8, 0x72,
+ 0x9e, 0x7a, 0x0e, 0xda, 0xaa, 0xa0, 0x2a, 0x09, 0xfd, 0x54,
+ 0x93, 0x23, 0xaa, 0x37, 0x85, 0x5b, 0xcc, 0xd4, 0xf9, 0xd8,
+ 0xff, 0xc1, 0x61, 0x0d, 0xbd, 0x7e, 0x18, 0x24, 0x73, 0x6d,
+ 0x40, 0x72, 0xf1, 0x93, 0x09, 0x48, 0x97, 0x6c, 0x84, 0x90,
+ 0xa8, 0x46, 0x14, 0x01, 0x39, 0x11, 0xe5, 0x3c, 0x41, 0x27,
+ 0x32, 0x75, 0x24, 0xed, 0xa1, 0xd9, 0x12, 0x29, 0x8a, 0x28,
+ 0x71, 0x89, 0x8d, 0xca, 0x30, 0xb0, 0x01, 0xc4, 0x2f, 0x82,
+ 0x19, 0x14, 0x4c, 0x70, 0x1c, 0xb8, 0x23, 0x2e, 0xe8, 0x90,
+ 0x49, 0x97, 0x92, 0x97, 0x6b, 0x7a, 0x9d, 0xb9, 0x02, 0x81,
+ 0x80, 0x0f, 0x0e, 0xa1, 0x76, 0xf6, 0xa1, 0x44, 0x8f, 0xaf,
+ 0x7c, 0x76, 0xd3, 0x87, 0xbb, 0xbb, 0x83, 0x10, 0x88, 0x01,
+ 0x18, 0x14, 0xd1, 0xd3, 0x75, 0x59, 0x24, 0xaa, 0xf5, 0x16,
+ 0xa5, 0xe9, 0x9d, 0xd1, 0xcc, 0xee, 0xf4, 0x15, 0xd9, 0xc5,
+ 0x7e, 0x27, 0xe9, 0x44, 0x49, 0x06, 0x72, 0xb9, 0xfc, 0xd3,
+ 0x8a, 0xc4, 0x2c, 0x36, 0x7d, 0x12, 0x9b, 0x5a, 0xaa, 0xdc,
+ 0x85, 0xee, 0x6e, 0xad, 0x54, 0xb3, 0xf4, 0xfc, 0x31, 0xa1,
+ 0x06, 0x3a, 0x70, 0x57, 0x0c, 0xf3, 0x95, 0x5b, 0x3e, 0xe8,
+ 0xfd, 0x1a, 0x4f, 0xf6, 0x78, 0x93, 0x46, 0x6a, 0xd7, 0x31,
+ 0xb4, 0x84, 0x64, 0x85, 0x09, 0x38, 0x89, 0x92, 0x94, 0x1c,
+ 0xbf, 0xe2, 0x3c, 0x2a, 0xe0, 0xff, 0x99, 0xa3, 0xf0, 0x2b,
+ 0x31, 0xc2, 0x36, 0xcd, 0x60, 0xbf, 0x9d, 0x2d, 0x74, 0x32,
+ 0xe8, 0x9c, 0x93, 0x6e, 0xbb, 0x91, 0x7b, 0xfd, 0xd9, 0x02,
+ 0x81, 0x81, 0x00, 0xa2, 0x71, 0x25, 0x38, 0xeb, 0x2a, 0xe9,
+ 0x37, 0xcd, 0xfe, 0x44, 0xce, 0x90, 0x3f, 0x52, 0x87, 0x84,
+ 0x52, 0x1b, 0xae, 0x8d, 0x22, 0x94, 0xce, 0x38, 0xe6, 0x04,
+ 0x88, 0x76, 0x85, 0x9a, 0xd3, 0x14, 0x09, 0xe5, 0x69, 0x9a,
+ 0xff, 0x58, 0x92, 0x02, 0x6a, 0x7d, 0x7c, 0x1e, 0x2c, 0xfd,
+ 0xa8, 0xca, 0x32, 0x14, 0x4f, 0x0d, 0x84, 0x0d, 0x37, 0x43,
+ 0xbf, 0xe4, 0x5d, 0x12, 0xc8, 0x24, 0x91, 0x27, 0x8d, 0x46,
+ 0xd9, 0x54, 0x53, 0xe7, 0x62, 0x71, 0xa8, 0x2b, 0x71, 0x41,
+ 0x8d, 0x75, 0xf8, 0x3a, 0xa0, 0x61, 0x29, 0x46, 0xa6, 0xe5,
+ 0x82, 0xfa, 0x3a, 0xd9, 0x08, 0xfa, 0xfc, 0x63, 0xfd, 0x6b,
+ 0x30, 0xbc, 0xf4, 0x4e, 0x9e, 0x8c, 0x25, 0x0c, 0xb6, 0x55,
+ 0xe7, 0x3c, 0xd4, 0x4e, 0x0b, 0xfd, 0x8b, 0xc3, 0x0e, 0x1d,
+ 0x9c, 0x44, 0x57, 0x8f, 0x1f, 0x86, 0xf7, 0xd5, 0x1b, 0xe4,
+ 0x95,
+};
+
+static unsigned char test4096[] = {
+ 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02,
+ 0x01, 0x00, 0xc0, 0x71, 0xac, 0x1a, 0x13, 0x88, 0x82, 0x43,
+ 0x3b, 0x51, 0x57, 0x71, 0x8d, 0xb6, 0x2b, 0x82, 0x65, 0x21,
+ 0x53, 0x5f, 0x28, 0x29, 0x4f, 0x8d, 0x7c, 0x8a, 0xb9, 0x44,
+ 0xb3, 0x28, 0x41, 0x4f, 0xd3, 0xfa, 0x6a, 0xf8, 0xb9, 0x28,
+ 0x50, 0x39, 0x67, 0x53, 0x2c, 0x3c, 0xd7, 0xcb, 0x96, 0x41,
+ 0x40, 0x32, 0xbb, 0xeb, 0x70, 0xae, 0x1f, 0xb0, 0x65, 0xf7,
+ 0x3a, 0xd9, 0x22, 0xfd, 0x10, 0xae, 0xbd, 0x02, 0xe2, 0xdd,
+ 0xf3, 0xc2, 0x79, 0x3c, 0xc6, 0xfc, 0x75, 0xbb, 0xaf, 0x4e,
+ 0x3a, 0x36, 0xc2, 0x4f, 0xea, 0x25, 0xdf, 0x13, 0x16, 0x4b,
+ 0x20, 0xfe, 0x4b, 0x69, 0x16, 0xc4, 0x7f, 0x1a, 0x43, 0xa6,
+ 0x17, 0x1b, 0xb9, 0x0a, 0xf3, 0x09, 0x86, 0x28, 0x89, 0xcf,
+ 0x2c, 0xd0, 0xd4, 0x81, 0xaf, 0xc6, 0x6d, 0xe6, 0x21, 0x8d,
+ 0xee, 0xef, 0xea, 0xdc, 0xb7, 0xc6, 0x3b, 0x63, 0x9f, 0x0e,
+ 0xad, 0x89, 0x78, 0x23, 0x18, 0xbf, 0x70, 0x7e, 0x84, 0xe0,
+ 0x37, 0xec, 0xdb, 0x8e, 0x9c, 0x3e, 0x6a, 0x19, 0xcc, 0x99,
+ 0x72, 0xe6, 0xb5, 0x7d, 0x6d, 0xfa, 0xe5, 0xd3, 0xe4, 0x90,
+ 0xb5, 0xb2, 0xb2, 0x12, 0x70, 0x4e, 0xca, 0xf8, 0x10, 0xf8,
+ 0xa3, 0x14, 0xc2, 0x48, 0x19, 0xeb, 0x60, 0x99, 0xbb, 0x2a,
+ 0x1f, 0xb1, 0x7a, 0xb1, 0x3d, 0x24, 0xfb, 0xa0, 0x29, 0xda,
+ 0xbd, 0x1b, 0xd7, 0xa4, 0xbf, 0xef, 0x60, 0x2d, 0x22, 0xca,
+ 0x65, 0x98, 0xf1, 0xc4, 0xe1, 0xc9, 0x02, 0x6b, 0x16, 0x28,
+ 0x2f, 0xa1, 0xaa, 0x79, 0x00, 0xda, 0xdc, 0x7c, 0x43, 0xf7,
+ 0x42, 0x3c, 0xa0, 0xef, 0x68, 0xf7, 0xdf, 0xb9, 0x69, 0xfb,
+ 0x8e, 0x01, 0xed, 0x01, 0x42, 0xb5, 0x4e, 0x57, 0xa6, 0x26,
+ 0xb8, 0xd0, 0x7b, 0x56, 0x6d, 0x03, 0xc6, 0x40, 0x8c, 0x8c,
+ 0x2a, 0x55, 0xd7, 0x9c, 0x35, 0x00, 0x94, 0x93, 0xec, 0x03,
+ 0xeb, 0x22, 0xef, 0x77, 0xbb, 0x79, 0x13, 0x3f, 0x15, 0xa1,
+ 0x8f, 0xca, 0xdf, 0xfd, 0xd3, 0xb8, 0xe1, 0xd4, 0xcc, 0x09,
+ 0x3f, 0x3c, 0x2c, 0xdb, 0xd1, 0x49, 0x7f, 0x38, 0x07, 0x83,
+ 0x6d, 0xeb, 0x08, 0x66, 0xe9, 0x06, 0x44, 0x12, 0xac, 0x95,
+ 0x22, 0x90, 0x23, 0x67, 0xd4, 0x08, 0xcc, 0xf4, 0xb7, 0xdc,
+ 0xcc, 0x87, 0xd4, 0xac, 0x69, 0x35, 0x4c, 0xb5, 0x39, 0x36,
+ 0xcd, 0xa4, 0xd2, 0x95, 0xca, 0x0d, 0xc5, 0xda, 0xc2, 0xc5,
+ 0x22, 0x32, 0x28, 0x08, 0xe3, 0xd2, 0x8b, 0x38, 0x30, 0xdc,
+ 0x8c, 0x75, 0x4f, 0x6a, 0xec, 0x7a, 0xac, 0x16, 0x3e, 0xa8,
+ 0xd4, 0x6a, 0x45, 0xe1, 0xa8, 0x4f, 0x2e, 0x80, 0x34, 0xaa,
+ 0x54, 0x1b, 0x02, 0x95, 0x7d, 0x8a, 0x6d, 0xcc, 0x79, 0xca,
+ 0xf2, 0xa4, 0x2e, 0x8d, 0xfb, 0xfe, 0x15, 0x51, 0x10, 0x0e,
+ 0x4d, 0x88, 0xb1, 0xc7, 0xf4, 0x79, 0xdb, 0xf0, 0xb4, 0x56,
+ 0x44, 0x37, 0xca, 0x5a, 0xc1, 0x8c, 0x48, 0xac, 0xae, 0x48,
+ 0x80, 0x83, 0x01, 0x3f, 0xde, 0xd9, 0xd3, 0x2c, 0x51, 0x46,
+ 0xb1, 0x41, 0xb6, 0xc6, 0x91, 0x72, 0xf9, 0x83, 0x55, 0x1b,
+ 0x8c, 0xba, 0xf3, 0x73, 0xe5, 0x2c, 0x74, 0x50, 0x3a, 0xbe,
+ 0xc5, 0x2f, 0xa7, 0xb2, 0x6d, 0x8c, 0x9e, 0x13, 0x77, 0xa3,
+ 0x13, 0xcd, 0x6d, 0x8c, 0x45, 0xe1, 0xfc, 0x0b, 0xb7, 0x69,
+ 0xe9, 0x27, 0xbc, 0x65, 0xc3, 0xfa, 0x9b, 0xd0, 0xef, 0xfe,
+ 0xe8, 0x1f, 0xb3, 0x5e, 0x34, 0xf4, 0x8c, 0xea, 0xfc, 0xd3,
+ 0x81, 0xbf, 0x3d, 0x30, 0xb2, 0xb4, 0x01, 0xe8, 0x43, 0x0f,
+ 0xba, 0x02, 0x23, 0x42, 0x76, 0x82, 0x31, 0x73, 0x91, 0xed,
+ 0x07, 0x46, 0x61, 0x0d, 0x39, 0x83, 0x40, 0xce, 0x7a, 0xd4,
+ 0xdb, 0x80, 0x2c, 0x1f, 0x0d, 0xd1, 0x34, 0xd4, 0x92, 0xe3,
+ 0xd4, 0xf1, 0xc2, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+ 0x82, 0x02, 0x01, 0x00, 0x97, 0x6c, 0xda, 0x6e, 0xea, 0x4f,
+ 0xcf, 0xaf, 0xf7, 0x4c, 0xd9, 0xf1, 0x90, 0x00, 0x77, 0xdb,
+ 0xf2, 0x97, 0x76, 0x72, 0xb9, 0xb7, 0x47, 0xd1, 0x9c, 0xdd,
+ 0xcb, 0x4a, 0x33, 0x6e, 0xc9, 0x75, 0x76, 0xe6, 0xe4, 0xa5,
+ 0x31, 0x8c, 0x77, 0x13, 0xb4, 0x29, 0xcd, 0xf5, 0x52, 0x17,
+ 0xef, 0xf3, 0x08, 0x00, 0xe3, 0xbd, 0x2e, 0xbc, 0xd4, 0x52,
+ 0x88, 0xe9, 0x30, 0x75, 0x0b, 0x02, 0xf5, 0xcd, 0x89, 0x0c,
+ 0x6c, 0x57, 0x19, 0x27, 0x3d, 0x1e, 0x85, 0xb4, 0xc1, 0x2f,
+ 0x1d, 0x92, 0x00, 0x5c, 0x76, 0x29, 0x4b, 0xa4, 0xe1, 0x12,
+ 0xb3, 0xc8, 0x09, 0xfe, 0x0e, 0x78, 0x72, 0x61, 0xcb, 0x61,
+ 0x6f, 0x39, 0x91, 0x95, 0x4e, 0xd5, 0x3e, 0xc7, 0x8f, 0xb8,
+ 0xf6, 0x36, 0xfe, 0x9c, 0x93, 0x9a, 0x38, 0x25, 0x7a, 0xf4,
+ 0x4a, 0x12, 0xd4, 0xa0, 0x13, 0xbd, 0xf9, 0x1d, 0x12, 0x3e,
+ 0x21, 0x39, 0xfb, 0x72, 0xe0, 0x05, 0x3d, 0xc3, 0xe5, 0x50,
+ 0xa8, 0x5d, 0x85, 0xa3, 0xea, 0x5f, 0x1c, 0xb2, 0x3f, 0xea,
+ 0x6d, 0x03, 0x91, 0x55, 0xd8, 0x19, 0x0a, 0x21, 0x12, 0x16,
+ 0xd9, 0x12, 0xc4, 0xe6, 0x07, 0x18, 0x5b, 0x26, 0xa4, 0xae,
+ 0xed, 0x2b, 0xb7, 0xa6, 0xed, 0xf8, 0xad, 0xec, 0x77, 0xe6,
+ 0x7f, 0x4f, 0x76, 0x00, 0xc0, 0xfa, 0x15, 0x92, 0xb4, 0x2c,
+ 0x22, 0xc2, 0xeb, 0x6a, 0xad, 0x14, 0x05, 0xb2, 0xe5, 0x8a,
+ 0x9e, 0x85, 0x83, 0xcc, 0x04, 0xf1, 0x56, 0x78, 0x44, 0x5e,
+ 0xde, 0xe0, 0x60, 0x1a, 0x65, 0x79, 0x31, 0x23, 0x05, 0xbb,
+ 0x01, 0xff, 0xdd, 0x2e, 0xb7, 0xb3, 0xaa, 0x74, 0xe0, 0xa5,
+ 0x94, 0xaf, 0x4b, 0xde, 0x58, 0x0f, 0x55, 0xde, 0x33, 0xf6,
+ 0xe3, 0xd6, 0x34, 0x36, 0x57, 0xd6, 0x79, 0x91, 0x2e, 0xbe,
+ 0x3b, 0xd9, 0x4e, 0xb6, 0x9d, 0x21, 0x5c, 0xd3, 0x48, 0x14,
+ 0x7f, 0x4a, 0xc4, 0x60, 0xa9, 0x29, 0xf8, 0x53, 0x7f, 0x88,
+ 0x11, 0x2d, 0xb5, 0xc5, 0x2d, 0x6f, 0xee, 0x85, 0x0b, 0xf7,
+ 0x8d, 0x9a, 0xbe, 0xb0, 0x42, 0xf2, 0x2e, 0x71, 0xaf, 0x19,
+ 0x31, 0x6d, 0xec, 0xcd, 0x6f, 0x2b, 0x23, 0xdf, 0xb4, 0x40,
+ 0xaf, 0x2c, 0x0a, 0xc3, 0x1b, 0x7d, 0x7d, 0x03, 0x1d, 0x4b,
+ 0xf3, 0xb5, 0xe0, 0x85, 0xd8, 0xdf, 0x91, 0x6b, 0x0a, 0x69,
+ 0xf7, 0xf2, 0x69, 0x66, 0x5b, 0xf1, 0xcf, 0x46, 0x7d, 0xe9,
+ 0x70, 0xfa, 0x6d, 0x7e, 0x75, 0x4e, 0xa9, 0x77, 0xe6, 0x8c,
+ 0x02, 0xf7, 0x14, 0x4d, 0xa5, 0x41, 0x8f, 0x3f, 0xc1, 0x62,
+ 0x1e, 0x71, 0x5e, 0x38, 0xb4, 0xd6, 0xe6, 0xe1, 0x4b, 0xc2,
+ 0x2c, 0x30, 0x83, 0x81, 0x6f, 0x49, 0x2e, 0x96, 0xe6, 0xc9,
+ 0x9a, 0xf7, 0x5d, 0x09, 0xa0, 0x55, 0x02, 0xa5, 0x3a, 0x25,
+ 0x23, 0xd0, 0x92, 0xc3, 0xa3, 0xe3, 0x0e, 0x12, 0x2f, 0x4d,
+ 0xef, 0xf3, 0x55, 0x5a, 0xbe, 0xe6, 0x19, 0x86, 0x31, 0xab,
+ 0x75, 0x9a, 0xd3, 0xf0, 0x2c, 0xc5, 0x41, 0x92, 0xd9, 0x1f,
+ 0x5f, 0x11, 0x8c, 0x75, 0x1c, 0x63, 0xd0, 0x02, 0x80, 0x2c,
+ 0x68, 0xcb, 0x93, 0xfb, 0x51, 0x73, 0x49, 0xb4, 0x60, 0xda,
+ 0xe2, 0x26, 0xaf, 0xa9, 0x46, 0x12, 0xb8, 0xec, 0x50, 0xdd,
+ 0x12, 0x06, 0x5f, 0xce, 0x59, 0xe6, 0xf6, 0x1c, 0xe0, 0x54,
+ 0x10, 0xad, 0xf6, 0xcd, 0x98, 0xcc, 0x0f, 0xfb, 0xcb, 0x41,
+ 0x14, 0x9d, 0xed, 0xe4, 0xb4, 0x74, 0x5f, 0x09, 0x60, 0xc7,
+ 0x12, 0xf6, 0x7b, 0x3c, 0x8f, 0xa7, 0x20, 0xbc, 0xe4, 0xb1,
+ 0xef, 0xeb, 0xa4, 0x93, 0xc5, 0x06, 0xca, 0x9a, 0x27, 0x9d,
+ 0x87, 0xf3, 0xde, 0xca, 0xe5, 0xe7, 0xf6, 0x1c, 0x01, 0x65,
+ 0x5b, 0xfb, 0x19, 0x79, 0x6e, 0x08, 0x26, 0xc5, 0xc8, 0x28,
+ 0x0e, 0xb6, 0x3b, 0x07, 0x08, 0xc1, 0x02, 0x82, 0x01, 0x01,
+ 0x00, 0xe8, 0x1c, 0x73, 0xa6, 0xb8, 0xe0, 0x0e, 0x6d, 0x8d,
+ 0x1b, 0xb9, 0x53, 0xed, 0x58, 0x94, 0xe6, 0x1d, 0x60, 0x14,
+ 0x5c, 0x76, 0x43, 0xc4, 0x58, 0x19, 0xc4, 0x24, 0xe8, 0xbc,
+ 0x1b, 0x3b, 0x0b, 0x13, 0x24, 0x45, 0x54, 0x0e, 0xcc, 0x37,
+ 0xf0, 0xe0, 0x63, 0x7d, 0xc3, 0xf7, 0xfb, 0x81, 0x74, 0x81,
+ 0xc4, 0x0f, 0x1a, 0x21, 0x48, 0xaf, 0xce, 0xc1, 0xc4, 0x94,
+ 0x18, 0x06, 0x44, 0x8d, 0xd3, 0xd2, 0x22, 0x2d, 0x2d, 0x3e,
+ 0x5a, 0x31, 0xdc, 0x95, 0x8e, 0xf4, 0x41, 0xfc, 0x58, 0xc9,
+ 0x40, 0x92, 0x17, 0x5f, 0xe3, 0xda, 0xac, 0x9e, 0x3f, 0x1c,
+ 0x2a, 0x6b, 0x58, 0x5f, 0x48, 0x78, 0x20, 0xb1, 0xaf, 0x24,
+ 0x9b, 0x3c, 0x20, 0x8b, 0x93, 0x25, 0x9e, 0xe6, 0x6b, 0xbc,
+ 0x13, 0x42, 0x14, 0x6c, 0x36, 0x31, 0xff, 0x7a, 0xd1, 0xc1,
+ 0x1a, 0x26, 0x14, 0x7f, 0xa9, 0x76, 0xa7, 0x0c, 0xf8, 0xcc,
+ 0xed, 0x07, 0x6a, 0xd2, 0xdf, 0x62, 0xee, 0x0a, 0x7c, 0x84,
+ 0xcb, 0x49, 0x90, 0xb2, 0x03, 0x0d, 0xa2, 0x82, 0x06, 0x77,
+ 0xf1, 0xcd, 0x67, 0xf2, 0x47, 0x21, 0x02, 0x3f, 0x43, 0x21,
+ 0xf0, 0x46, 0x30, 0x62, 0x51, 0x72, 0xb1, 0xe7, 0x48, 0xc6,
+ 0x67, 0x12, 0xcd, 0x9e, 0xd6, 0x15, 0xe5, 0x21, 0xed, 0xfa,
+ 0x8f, 0x30, 0xa6, 0x41, 0xfe, 0xb6, 0xfa, 0x8f, 0x34, 0x14,
+ 0x19, 0xe8, 0x11, 0xf7, 0xa5, 0x77, 0x3e, 0xb7, 0xf9, 0x39,
+ 0x07, 0x8c, 0x67, 0x2a, 0xab, 0x7b, 0x08, 0xf8, 0xb0, 0x06,
+ 0xa8, 0xea, 0x2f, 0x8f, 0xfa, 0xcc, 0xcc, 0x40, 0xce, 0xf3,
+ 0x70, 0x4f, 0x3f, 0x7f, 0xe2, 0x0c, 0xea, 0x76, 0x4a, 0x35,
+ 0x4e, 0x47, 0xad, 0x2b, 0xa7, 0x97, 0x5d, 0x74, 0x43, 0x97,
+ 0x90, 0xd2, 0xfb, 0xd9, 0xf9, 0x96, 0x01, 0x33, 0x05, 0xed,
+ 0x7b, 0x03, 0x05, 0xad, 0xf8, 0x49, 0x03, 0x02, 0x82, 0x01,
+ 0x01, 0x00, 0xd4, 0x40, 0x17, 0x66, 0x10, 0x92, 0x95, 0xc8,
+ 0xec, 0x62, 0xa9, 0x7a, 0xcb, 0x93, 0x8e, 0xe6, 0x53, 0xd4,
+ 0x80, 0x48, 0x27, 0x4b, 0x41, 0xce, 0x61, 0xdf, 0xbf, 0x94,
+ 0xa4, 0x3d, 0x71, 0x03, 0x0b, 0xed, 0x25, 0x71, 0x98, 0xa4,
+ 0xd6, 0xd5, 0x4a, 0x57, 0xf5, 0x6c, 0x1b, 0xda, 0x21, 0x7d,
+ 0x35, 0x45, 0xb3, 0xf3, 0x6a, 0xd9, 0xd3, 0x43, 0xe8, 0x5c,
+ 0x54, 0x1c, 0x83, 0x1b, 0xb4, 0x5f, 0xf2, 0x97, 0x24, 0x2e,
+ 0xdc, 0x40, 0xde, 0x92, 0x23, 0x59, 0x8e, 0xbc, 0xd2, 0xa1,
+ 0xf2, 0xe0, 0x4c, 0xdd, 0x0b, 0xd1, 0xe7, 0xae, 0x65, 0xbc,
+ 0xb5, 0xf5, 0x5b, 0x98, 0xe9, 0xd7, 0xc2, 0xb7, 0x0e, 0x55,
+ 0x71, 0x0e, 0x3c, 0x0a, 0x24, 0x6b, 0xa6, 0xe6, 0x14, 0x61,
+ 0x11, 0xfd, 0x33, 0x42, 0x99, 0x2b, 0x84, 0x77, 0x74, 0x92,
+ 0x91, 0xf5, 0x79, 0x79, 0xcf, 0xad, 0x8e, 0x04, 0xef, 0x80,
+ 0x1e, 0x57, 0xf4, 0x14, 0xf5, 0x35, 0x09, 0x74, 0xb2, 0x13,
+ 0x71, 0x58, 0x6b, 0xea, 0x32, 0x5d, 0xf3, 0xd3, 0x76, 0x48,
+ 0x39, 0x10, 0x23, 0x84, 0x9d, 0xbe, 0x92, 0x77, 0x4a, 0xed,
+ 0x70, 0x3e, 0x1a, 0xa2, 0x6c, 0xb3, 0x81, 0x00, 0xc3, 0xc9,
+ 0xe4, 0x52, 0xc8, 0x24, 0x88, 0x0c, 0x41, 0xad, 0x87, 0x5a,
+ 0xea, 0xa3, 0x7a, 0x85, 0x1c, 0x5e, 0x31, 0x7f, 0xc3, 0x35,
+ 0xc6, 0xfa, 0x10, 0xc8, 0x75, 0x10, 0xc4, 0x96, 0x99, 0xe7,
+ 0xfe, 0x01, 0xb4, 0x74, 0xdb, 0xb4, 0x11, 0xc3, 0xc8, 0x8c,
+ 0xf6, 0xf7, 0x3b, 0x66, 0x50, 0xfc, 0xdb, 0xeb, 0xca, 0x47,
+ 0x85, 0x89, 0xe1, 0x65, 0xd9, 0x62, 0x34, 0x3c, 0x70, 0xd8,
+ 0x2e, 0xb4, 0x2f, 0x65, 0x3c, 0x4a, 0xa6, 0x2a, 0xe7, 0xc7,
+ 0xd8, 0x41, 0x8f, 0x8a, 0x43, 0xbf, 0x42, 0xf2, 0x4d, 0xbc,
+ 0xfc, 0x9e, 0x27, 0x95, 0xfb, 0x75, 0xff, 0xab, 0x02, 0x82,
+ 0x01, 0x00, 0x41, 0x2f, 0x44, 0x57, 0x6d, 0x12, 0x17, 0x5b,
+ 0x32, 0xc6, 0xb7, 0x6c, 0x57, 0x7a, 0x8a, 0x0e, 0x79, 0xef,
+ 0x72, 0xa8, 0x68, 0xda, 0x2d, 0x38, 0xe4, 0xbb, 0x8d, 0xf6,
+ 0x02, 0x65, 0xcf, 0x56, 0x13, 0xe1, 0x1a, 0xcb, 0x39, 0x80,
+ 0xa6, 0xb1, 0x32, 0x03, 0x1e, 0xdd, 0xbb, 0x35, 0xd9, 0xac,
+ 0x43, 0x89, 0x31, 0x08, 0x90, 0x92, 0x5e, 0x35, 0x3d, 0x7b,
+ 0x9c, 0x6f, 0x86, 0xcb, 0x17, 0xdd, 0x85, 0xe4, 0xed, 0x35,
+ 0x08, 0x8e, 0xc1, 0xf4, 0x05, 0xd8, 0x68, 0xc6, 0x63, 0x3c,
+ 0xf7, 0xff, 0xf7, 0x47, 0x33, 0x39, 0xc5, 0x3e, 0xb7, 0x0e,
+ 0x58, 0x35, 0x9d, 0x81, 0xea, 0xf8, 0x6a, 0x2c, 0x1c, 0x5a,
+ 0x68, 0x78, 0x64, 0x11, 0x6b, 0xc1, 0x3e, 0x4e, 0x7a, 0xbd,
+ 0x84, 0xcb, 0x0f, 0xc2, 0xb6, 0x85, 0x1d, 0xd3, 0x76, 0xc5,
+ 0x93, 0x6a, 0x69, 0x89, 0x56, 0x34, 0xdc, 0x4a, 0x9b, 0xbc,
+ 0xff, 0xa8, 0x0d, 0x6e, 0x35, 0x9c, 0x60, 0xa7, 0x23, 0x30,
+ 0xc7, 0x06, 0x64, 0x39, 0x8b, 0x94, 0x89, 0xee, 0xba, 0x7f,
+ 0x60, 0x8d, 0xfa, 0xb6, 0x97, 0x76, 0xdc, 0x51, 0x4a, 0x3c,
+ 0xeb, 0x3a, 0x14, 0x2c, 0x20, 0x60, 0x69, 0x4a, 0x86, 0xfe,
+ 0x8c, 0x21, 0x84, 0x49, 0x54, 0xb3, 0x20, 0xe1, 0x01, 0x7f,
+ 0x58, 0xdf, 0x7f, 0xb5, 0x21, 0x51, 0x8c, 0x47, 0x9f, 0x91,
+ 0xeb, 0x97, 0x3e, 0xf2, 0x54, 0xcf, 0x16, 0x46, 0xf9, 0xd9,
+ 0xb6, 0xe7, 0x64, 0xc9, 0xd0, 0x54, 0xea, 0x2f, 0xa1, 0xcf,
+ 0xa5, 0x7f, 0x28, 0x8d, 0x84, 0xec, 0xd5, 0x39, 0x03, 0x76,
+ 0x5b, 0x2d, 0x8e, 0x43, 0xf2, 0x01, 0x24, 0xc9, 0x6f, 0xc0,
+ 0xf5, 0x69, 0x6f, 0x7d, 0xb5, 0x85, 0xd2, 0x5f, 0x7f, 0x78,
+ 0x40, 0x07, 0x7f, 0x09, 0x15, 0xb5, 0x1f, 0x28, 0x65, 0x10,
+ 0xe4, 0x19, 0xa8, 0xc6, 0x9e, 0x8d, 0xdc, 0xcb, 0x02, 0x82,
+ 0x01, 0x00, 0x13, 0x01, 0xee, 0x56, 0x80, 0x93, 0x70, 0x00,
+ 0x7f, 0x52, 0xd2, 0x94, 0xa1, 0x98, 0x84, 0x4a, 0x92, 0x25,
+ 0x4c, 0x9b, 0xa9, 0x91, 0x2e, 0xc2, 0x79, 0xb7, 0x5c, 0xe3,
+ 0xc5, 0xd5, 0x8e, 0xc2, 0x54, 0x16, 0x17, 0xad, 0x55, 0x9b,
+ 0x25, 0x76, 0x12, 0x63, 0x50, 0x22, 0x2f, 0x58, 0x58, 0x79,
+ 0x6b, 0x04, 0xe3, 0xf9, 0x9f, 0x8f, 0x04, 0x41, 0x67, 0x94,
+ 0xa5, 0x1f, 0xac, 0x8a, 0x15, 0x9c, 0x26, 0x10, 0x6c, 0xf8,
+ 0x19, 0x57, 0x61, 0xd7, 0x3a, 0x7d, 0x31, 0xb0, 0x2d, 0x38,
+ 0xbd, 0x94, 0x62, 0xad, 0xc4, 0xfa, 0x36, 0x42, 0x42, 0xf0,
+ 0x24, 0x67, 0x65, 0x9d, 0x8b, 0x0b, 0x7c, 0x6f, 0x82, 0x44,
+ 0x1a, 0x8c, 0xc8, 0xc9, 0xab, 0xbb, 0x4c, 0x45, 0xfc, 0x7b,
+ 0x38, 0xee, 0x30, 0xe1, 0xfc, 0xef, 0x8d, 0xbc, 0x58, 0xdf,
+ 0x2b, 0x5d, 0x0d, 0x54, 0xe0, 0x49, 0x4d, 0x97, 0x99, 0x8f,
+ 0x22, 0xa8, 0x83, 0xbe, 0x40, 0xbb, 0x50, 0x2e, 0x78, 0x28,
+ 0x0f, 0x95, 0x78, 0x8c, 0x8f, 0x98, 0x24, 0x56, 0xc2, 0x97,
+ 0xf3, 0x2c, 0x43, 0xd2, 0x03, 0x82, 0x66, 0x81, 0x72, 0x5f,
+ 0x53, 0x16, 0xec, 0xb1, 0xb1, 0x04, 0x5e, 0x40, 0x20, 0x48,
+ 0x7b, 0x3f, 0x02, 0x97, 0x6a, 0xeb, 0x96, 0x12, 0x21, 0x35,
+ 0xfe, 0x1f, 0x47, 0xc0, 0x95, 0xea, 0xc5, 0x8a, 0x08, 0x84,
+ 0x4f, 0x5e, 0x63, 0x94, 0x60, 0x0f, 0x71, 0x5b, 0x7f, 0x4a,
+ 0xec, 0x4f, 0x60, 0xc6, 0xba, 0x4a, 0x24, 0xf1, 0x20, 0x8b,
+ 0xa7, 0x2e, 0x3a, 0xce, 0x8d, 0xe0, 0x27, 0x1d, 0xb5, 0x8e,
+ 0xb4, 0x21, 0xc5, 0xe2, 0xa6, 0x16, 0x0a, 0x51, 0x83, 0x55,
+ 0x88, 0xd1, 0x30, 0x11, 0x63, 0xd5, 0xd7, 0x8d, 0xae, 0x16,
+ 0x12, 0x82, 0xc4, 0x85, 0x00, 0x4e, 0x27, 0x83, 0xa5, 0x7c,
+ 0x90, 0x2e, 0xe5, 0xa2, 0xa3, 0xd3, 0x4c, 0x63, 0x02, 0x82,
+ 0x01, 0x01, 0x00, 0x86, 0x08, 0x98, 0x98, 0xa5, 0x00, 0x05,
+ 0x39, 0x77, 0xd9, 0x66, 0xb3, 0xcf, 0xca, 0xa0, 0x71, 0xb3,
+ 0x50, 0xce, 0x3d, 0xb1, 0x93, 0x95, 0x35, 0xc4, 0xd4, 0x2e,
+ 0x90, 0xdf, 0x0f, 0xfc, 0x60, 0xc1, 0x94, 0x68, 0x61, 0x43,
+ 0xca, 0x9a, 0x23, 0x4a, 0x1e, 0x45, 0x72, 0x99, 0xb5, 0x1e,
+ 0x61, 0x8d, 0x77, 0x0f, 0xa0, 0xbb, 0xd7, 0x77, 0xb4, 0x2a,
+ 0x15, 0x11, 0x88, 0x2d, 0xb3, 0x56, 0x61, 0x5e, 0x6a, 0xed,
+ 0xa4, 0x46, 0x4a, 0x3f, 0x50, 0x11, 0xd6, 0xba, 0xb6, 0xd7,
+ 0x95, 0x65, 0x53, 0xc3, 0xa1, 0x8f, 0xe0, 0xa3, 0xf5, 0x1c,
+ 0xfd, 0xaf, 0x6e, 0x43, 0xd7, 0x17, 0xa7, 0xd3, 0x81, 0x1b,
+ 0xa4, 0xdf, 0xe0, 0x97, 0x8a, 0x46, 0x03, 0xd3, 0x46, 0x0e,
+ 0x83, 0x48, 0x4e, 0xd2, 0x02, 0xcb, 0xc0, 0xad, 0x79, 0x95,
+ 0x8c, 0x96, 0xba, 0x40, 0x34, 0x11, 0x71, 0x5e, 0xe9, 0x11,
+ 0xf9, 0xc5, 0x4a, 0x5e, 0x91, 0x9d, 0xf5, 0x92, 0x4f, 0xeb,
+ 0xc6, 0x70, 0x02, 0x2d, 0x3d, 0x04, 0xaa, 0xe9, 0x3a, 0x8e,
+ 0xd5, 0xa8, 0xad, 0xf7, 0xce, 0x0d, 0x16, 0xb2, 0xec, 0x0a,
+ 0x9c, 0xf5, 0x94, 0x39, 0xb9, 0x8a, 0xfc, 0x1e, 0xf9, 0xcc,
+ 0xf2, 0x5f, 0x21, 0x31, 0x74, 0x72, 0x6b, 0x64, 0xae, 0x35,
+ 0x61, 0x8d, 0x0d, 0xcb, 0xe7, 0xda, 0x39, 0xca, 0xf3, 0x21,
+ 0x66, 0x0b, 0x95, 0xd7, 0x0a, 0x7c, 0xca, 0xa1, 0xa9, 0x5a,
+ 0xe8, 0xac, 0xe0, 0x71, 0x54, 0xaf, 0x28, 0xcf, 0xd5, 0x70,
+ 0x89, 0xe0, 0xf3, 0x9e, 0x43, 0x6c, 0x8d, 0x7b, 0x99, 0x01,
+ 0x68, 0x4d, 0xa1, 0x45, 0x46, 0x0c, 0x43, 0xbc, 0xcc, 0x2c,
+ 0xdd, 0xc5, 0x46, 0xc8, 0x4e, 0x0e, 0xbe, 0xed, 0xb9, 0x26,
+ 0xab, 0x2e, 0xdb, 0xeb, 0x8f, 0xff, 0xdb, 0xb0, 0xc6, 0x55,
+ 0xaf, 0xf8, 0x2a, 0x91, 0x9d, 0x50, 0x44, 0x21, 0x17,
+};
Deleted: vendor-crypto/openssl/0.9.8zf/apps/timeouts.h
===================================================================
--- vendor-crypto/openssl/dist/apps/timeouts.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/timeouts.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,67 +0,0 @@
-/* apps/timeouts.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef INCLUDED_TIMEOUTS_H
-#define INCLUDED_TIMEOUTS_H
-
-/* numbers in us */
-#define DGRAM_RCV_TIMEOUT 250000
-#define DGRAM_SND_TIMEOUT 250000
-
-#endif /* ! INCLUDED_TIMEOUTS_H */
Copied: vendor-crypto/openssl/0.9.8zf/apps/timeouts.h (from rev 6976, vendor-crypto/openssl/dist/apps/timeouts.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/timeouts.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/timeouts.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,67 @@
+/* apps/timeouts.h */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef INCLUDED_TIMEOUTS_H
+# define INCLUDED_TIMEOUTS_H
+
+/* numbers in us */
+# define DGRAM_RCV_TIMEOUT 250000
+# define DGRAM_SND_TIMEOUT 250000
+
+#endif /* ! INCLUDED_TIMEOUTS_H */
Deleted: vendor-crypto/openssl/0.9.8zf/apps/verify.c
===================================================================
--- vendor-crypto/openssl/dist/apps/verify.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/verify.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,369 +0,0 @@
-/* apps/verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG verify_main
-
-static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);
-static STACK_OF(X509) *load_untrusted(char *file);
-static int v_verbose=0, vflags = 0;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- int i,ret=1, badarg = 0;
- int purpose = -1;
- char *CApath=NULL,*CAfile=NULL;
- char *untfile = NULL, *trustfile = NULL;
- STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
- X509_STORE *cert_ctx=NULL;
- X509_LOOKUP *lookup=NULL;
- X509_VERIFY_PARAM *vpm = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- cert_ctx=X509_STORE_new();
- if (cert_ctx == NULL) goto end;
- X509_STORE_set_verify_cb_func(cert_ctx,cb);
-
- ERR_load_crypto_strings();
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- argc--;
- argv++;
- for (;;)
- {
- if (argc >= 1)
- {
- if (strcmp(*argv,"-CApath") == 0)
- {
- if (argc-- < 1) goto end;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (argc-- < 1) goto end;
- CAfile= *(++argv);
- }
- else if (args_verify(&argv, &argc, &badarg, bio_err,
- &vpm))
- {
- if (badarg)
- goto end;
- continue;
- }
- else if (strcmp(*argv,"-untrusted") == 0)
- {
- if (argc-- < 1) goto end;
- untfile= *(++argv);
- }
- else if (strcmp(*argv,"-trusted") == 0)
- {
- if (argc-- < 1) goto end;
- trustfile= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto end;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-help") == 0)
- goto end;
- else if (strcmp(*argv,"-verbose") == 0)
- v_verbose=1;
- else if (argv[0][0] == '-')
- goto end;
- else
- break;
- argc--;
- argv++;
- }
- else
- break;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (vpm)
- X509_STORE_set1_param(cert_ctx, vpm);
-
- lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
- if (lookup == NULL) abort();
- if (CAfile) {
- i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM);
- if(!i) {
- BIO_printf(bio_err, "Error loading file %s\n", CAfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
- if (lookup == NULL) abort();
- if (CApath) {
- i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM);
- if(!i) {
- BIO_printf(bio_err, "Error loading directory %s\n", CApath);
- ERR_print_errors(bio_err);
- goto end;
- }
- } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- ERR_clear_error();
-
- if(untfile) {
- if(!(untrusted = load_untrusted(untfile))) {
- BIO_printf(bio_err, "Error loading untrusted file %s\n", untfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if(trustfile) {
- if(!(trusted = load_untrusted(trustfile))) {
- BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);
- else
- for (i=0; i<argc; i++)
- check(cert_ctx,argv[i], untrusted, trusted, purpose, e);
- ret=0;
-end:
- if (ret == 1) {
- BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," [-engine e]");
-#endif
- BIO_printf(bio_err," cert1 cert2 ...\n");
- BIO_printf(bio_err,"recognized usages:\n");
- for(i = 0; i < X509_PURPOSE_get_count(); i++) {
- X509_PURPOSE *ptmp;
- ptmp = X509_PURPOSE_get0(i);
- BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
- X509_PURPOSE_get0_name(ptmp));
- }
- }
- if (vpm) X509_VERIFY_PARAM_free(vpm);
- if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
- sk_X509_pop_free(untrusted, X509_free);
- sk_X509_pop_free(trusted, X509_free);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
- {
- X509 *x=NULL;
- int i=0,ret=0;
- X509_STORE_CTX *csc;
-
- x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
- if (x == NULL)
- goto end;
- fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
-
- csc = X509_STORE_CTX_new();
- if (csc == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- X509_STORE_set_flags(ctx, vflags);
- if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
- if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
- i=X509_verify_cert(csc);
- X509_STORE_CTX_free(csc);
-
- ret=0;
-end:
- if (i > 0)
- {
- fprintf(stdout,"OK\n");
- ret=1;
- }
- else
- ERR_print_errors(bio_err);
- if (x != NULL) X509_free(x);
-
- return(ret);
- }
-
-static STACK_OF(X509) *load_untrusted(char *certfile)
-{
- STACK_OF(X509_INFO) *sk=NULL;
- STACK_OF(X509) *stack=NULL, *ret=NULL;
- BIO *in=NULL;
- X509_INFO *xi;
-
- if(!(stack = sk_X509_new_null())) {
- BIO_printf(bio_err,"memory allocation failure\n");
- goto end;
- }
-
- if(!(in=BIO_new_file(certfile, "r"))) {
- BIO_printf(bio_err,"error opening the file, %s\n",certfile);
- goto end;
- }
-
- /* This loads from a file, a stack of x509/crl/pkey sets */
- if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) {
- BIO_printf(bio_err,"error reading the file, %s\n",certfile);
- goto end;
- }
-
- /* scan over it and pull out the certs */
- while (sk_X509_INFO_num(sk))
- {
- xi=sk_X509_INFO_shift(sk);
- if (xi->x509 != NULL)
- {
- sk_X509_push(stack,xi->x509);
- xi->x509=NULL;
- }
- X509_INFO_free(xi);
- }
- if(!sk_X509_num(stack)) {
- BIO_printf(bio_err,"no certificates in file, %s\n",certfile);
- sk_X509_free(stack);
- goto end;
- }
- ret=stack;
-end:
- BIO_free(in);
- sk_X509_INFO_free(sk);
- return(ret);
- }
-
-static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
- {
- char buf[256];
-
- if (!ok)
- {
- if (ctx->current_cert)
- {
- X509_NAME_oneline(
- X509_get_subject_name(ctx->current_cert),buf,
- sizeof buf);
- printf("%s\n",buf);
- }
- printf("error %d at %d depth lookup:%s\n",ctx->error,
- ctx->error_depth,
- X509_verify_cert_error_string(ctx->error));
- if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1;
- /* since we are just checking the certificates, it is
- * ok if they are self signed. But we should still warn
- * the user.
- */
- if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
- /* Continue after extension errors too */
- if (ctx->error == X509_V_ERR_INVALID_CA) ok=1;
- if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1;
- if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
- if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
- if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
- if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
- if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
- if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
-
- if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)
- policies_print(NULL, ctx);
- return ok;
-
- }
- if ((ctx->error == X509_V_OK) && (ok == 2))
- policies_print(NULL, ctx);
- if (!v_verbose)
- ERR_clear_error();
- return(ok);
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/verify.c (from rev 6976, vendor-crypto/openssl/dist/apps/verify.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/verify.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/verify.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,376 @@
+/* apps/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG verify_main
+
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain,
+ STACK_OF(X509) *tchain, int purpose, ENGINE *e);
+static STACK_OF(X509) *load_untrusted(char *file);
+static int v_verbose = 0, vflags = 0;
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ int i, ret = 1, badarg = 0;
+ int purpose = -1;
+ char *CApath = NULL, *CAfile = NULL;
+ char *untfile = NULL, *trustfile = NULL;
+ STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
+ X509_STORE *cert_ctx = NULL;
+ X509_LOOKUP *lookup = NULL;
+ X509_VERIFY_PARAM *vpm = NULL;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+
+ cert_ctx = X509_STORE_new();
+ if (cert_ctx == NULL)
+ goto end;
+ X509_STORE_set_verify_cb_func(cert_ctx, cb);
+
+ ERR_load_crypto_strings();
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ argc--;
+ argv++;
+ for (;;) {
+ if (argc >= 1) {
+ if (strcmp(*argv, "-CApath") == 0) {
+ if (argc-- < 1)
+ goto end;
+ CApath = *(++argv);
+ } else if (strcmp(*argv, "-CAfile") == 0) {
+ if (argc-- < 1)
+ goto end;
+ CAfile = *(++argv);
+ } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
+ if (badarg)
+ goto end;
+ continue;
+ } else if (strcmp(*argv, "-untrusted") == 0) {
+ if (argc-- < 1)
+ goto end;
+ untfile = *(++argv);
+ } else if (strcmp(*argv, "-trusted") == 0) {
+ if (argc-- < 1)
+ goto end;
+ trustfile = *(++argv);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto end;
+ engine = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv, "-help") == 0)
+ goto end;
+ else if (strcmp(*argv, "-verbose") == 0)
+ v_verbose = 1;
+ else if (argv[0][0] == '-')
+ goto end;
+ else
+ break;
+ argc--;
+ argv++;
+ } else
+ break;
+ }
+
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (vpm)
+ X509_STORE_set1_param(cert_ctx, vpm);
+
+ lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
+ if (lookup == NULL)
+ abort();
+ if (CAfile) {
+ i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM);
+ if (!i) {
+ BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else
+ X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+ lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
+ abort();
+ if (CApath) {
+ i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
+ if (!i) {
+ BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ } else
+ X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+ ERR_clear_error();
+
+ if (untfile) {
+ if (!(untrusted = load_untrusted(untfile))) {
+ BIO_printf(bio_err, "Error loading untrusted file %s\n", untfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (trustfile) {
+ if (!(trusted = load_untrusted(trustfile))) {
+ BIO_printf(bio_err, "Error loading untrusted file %s\n",
+ trustfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (argc < 1)
+ check(cert_ctx, NULL, untrusted, trusted, purpose, e);
+ else
+ for (i = 0; i < argc; i++)
+ check(cert_ctx, argv[i], untrusted, trusted, purpose, e);
+ ret = 0;
+ end:
+ if (ret == 1) {
+ BIO_printf(bio_err,
+ "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
+#ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err, " [-engine e]");
+#endif
+ BIO_printf(bio_err, " cert1 cert2 ...\n");
+ BIO_printf(bio_err, "recognized usages:\n");
+ for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+ X509_PURPOSE *ptmp;
+ ptmp = X509_PURPOSE_get0(i);
+ BIO_printf(bio_err, "\t%-10s\t%s\n",
+ X509_PURPOSE_get0_sname(ptmp),
+ X509_PURPOSE_get0_name(ptmp));
+ }
+ }
+ if (vpm)
+ X509_VERIFY_PARAM_free(vpm);
+ if (cert_ctx != NULL)
+ X509_STORE_free(cert_ctx);
+ sk_X509_pop_free(untrusted, X509_free);
+ sk_X509_pop_free(trusted, X509_free);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain,
+ STACK_OF(X509) *tchain, int purpose, ENGINE *e)
+{
+ X509 *x = NULL;
+ int i = 0, ret = 0;
+ X509_STORE_CTX *csc;
+
+ x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
+ if (x == NULL)
+ goto end;
+ fprintf(stdout, "%s: ", (file == NULL) ? "stdin" : file);
+
+ csc = X509_STORE_CTX_new();
+ if (csc == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ X509_STORE_set_flags(ctx, vflags);
+ if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (tchain)
+ X509_STORE_CTX_trusted_stack(csc, tchain);
+ if (purpose >= 0)
+ X509_STORE_CTX_set_purpose(csc, purpose);
+ i = X509_verify_cert(csc);
+ X509_STORE_CTX_free(csc);
+
+ ret = 0;
+ end:
+ if (i > 0) {
+ fprintf(stdout, "OK\n");
+ ret = 1;
+ } else
+ ERR_print_errors(bio_err);
+ if (x != NULL)
+ X509_free(x);
+
+ return (ret);
+}
+
+static STACK_OF(X509) *load_untrusted(char *certfile)
+{
+ STACK_OF(X509_INFO) *sk = NULL;
+ STACK_OF(X509) *stack = NULL, *ret = NULL;
+ BIO *in = NULL;
+ X509_INFO *xi;
+
+ if (!(stack = sk_X509_new_null())) {
+ BIO_printf(bio_err, "memory allocation failure\n");
+ goto end;
+ }
+
+ if (!(in = BIO_new_file(certfile, "r"))) {
+ BIO_printf(bio_err, "error opening the file, %s\n", certfile);
+ goto end;
+ }
+
+ /* This loads from a file, a stack of x509/crl/pkey sets */
+ if (!(sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL))) {
+ BIO_printf(bio_err, "error reading the file, %s\n", certfile);
+ goto end;
+ }
+
+ /* scan over it and pull out the certs */
+ while (sk_X509_INFO_num(sk)) {
+ xi = sk_X509_INFO_shift(sk);
+ if (xi->x509 != NULL) {
+ sk_X509_push(stack, xi->x509);
+ xi->x509 = NULL;
+ }
+ X509_INFO_free(xi);
+ }
+ if (!sk_X509_num(stack)) {
+ BIO_printf(bio_err, "no certificates in file, %s\n", certfile);
+ sk_X509_free(stack);
+ goto end;
+ }
+ ret = stack;
+ end:
+ BIO_free(in);
+ sk_X509_INFO_free(sk);
+ return (ret);
+}
+
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
+{
+ char buf[256];
+
+ if (!ok) {
+ if (ctx->current_cert) {
+ X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
+ sizeof buf);
+ printf("%s\n", buf);
+ }
+ printf("error %d at %d depth lookup:%s\n", ctx->error,
+ ctx->error_depth, X509_verify_cert_error_string(ctx->error));
+ if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED)
+ ok = 1;
+ /*
+ * since we are just checking the certificates, it is ok if they are
+ * self signed. But we should still warn the user.
+ */
+ if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+ ok = 1;
+ /* Continue after extension errors too */
+ if (ctx->error == X509_V_ERR_INVALID_CA)
+ ok = 1;
+ if (ctx->error == X509_V_ERR_INVALID_NON_CA)
+ ok = 1;
+ if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED)
+ ok = 1;
+ if (ctx->error == X509_V_ERR_INVALID_PURPOSE)
+ ok = 1;
+ if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+ ok = 1;
+ if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED)
+ ok = 1;
+ if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID)
+ ok = 1;
+ if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION)
+ ok = 1;
+
+ if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)
+ policies_print(NULL, ctx);
+ return ok;
+
+ }
+ if ((ctx->error == X509_V_OK) && (ok == 2))
+ policies_print(NULL, ctx);
+ if (!v_verbose)
+ ERR_clear_error();
+ return (ok);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/version.c
===================================================================
--- vendor-crypto/openssl/dist/apps/version.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/version.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,217 +0,0 @@
-/* apps/version.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/evp.h>
-#include <openssl/crypto.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_MD2
-# include <openssl/md2.h>
-#endif
-#ifndef OPENSSL_NO_RC4
-# include <openssl/rc4.h>
-#endif
-#ifndef OPENSSL_NO_DES
-# include <openssl/des.h>
-#endif
-#ifndef OPENSSL_NO_IDEA
-# include <openssl/idea.h>
-#endif
-#ifndef OPENSSL_NO_BF
-# include <openssl/blowfish.h>
-#endif
-
-#undef PROG
-#define PROG version_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int i,ret=0;
- int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (argc == 1) version=1;
- for (i=1; i<argc; i++)
- {
- if (strcmp(argv[i],"-v") == 0)
- version=1;
- else if (strcmp(argv[i],"-b") == 0)
- date=1;
- else if (strcmp(argv[i],"-f") == 0)
- cflags=1;
- else if (strcmp(argv[i],"-o") == 0)
- options=1;
- else if (strcmp(argv[i],"-p") == 0)
- platform=1;
- else if (strcmp(argv[i],"-d") == 0)
- dir=1;
- else if (strcmp(argv[i],"-a") == 0)
- date=version=cflags=options=platform=dir=1;
- else
- {
- BIO_printf(bio_err,"usage:version -[avbofpd]\n");
- ret=1;
- goto end;
- }
- }
-
- if (version)
- {
- if (SSLeay() == SSLEAY_VERSION_NUMBER)
- {
- printf("%s\n",SSLeay_version(SSLEAY_VERSION));
- }
- else
- {
- printf("%s (Library: %s)\n",
- OPENSSL_VERSION_TEXT,
- SSLeay_version(SSLEAY_VERSION));
- }
- }
- if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
- if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
- if (options)
- {
- printf("options: ");
- printf("%s ",BN_options());
-#ifndef OPENSSL_NO_MD2
- printf("%s ",MD2_options());
-#endif
-#ifndef OPENSSL_NO_RC4
- printf("%s ",RC4_options());
-#endif
-#ifndef OPENSSL_NO_DES
- printf("%s ",DES_options());
-#endif
-#ifndef OPENSSL_NO_IDEA
- printf("%s ",idea_options());
-#endif
-#ifndef OPENSSL_NO_BF
- printf("%s ",BF_options());
-#endif
- printf("\n");
- }
- if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
- if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR));
-end:
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/version.c (from rev 6976, vendor-crypto/openssl/dist/apps/version.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/version.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/version.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,214 @@
+/* apps/version.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+#endif
+
+#undef PROG
+#define PROG version_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ int i, ret = 0;
+ int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+
+ if (argc == 1)
+ version = 1;
+ for (i = 1; i < argc; i++) {
+ if (strcmp(argv[i], "-v") == 0)
+ version = 1;
+ else if (strcmp(argv[i], "-b") == 0)
+ date = 1;
+ else if (strcmp(argv[i], "-f") == 0)
+ cflags = 1;
+ else if (strcmp(argv[i], "-o") == 0)
+ options = 1;
+ else if (strcmp(argv[i], "-p") == 0)
+ platform = 1;
+ else if (strcmp(argv[i], "-d") == 0)
+ dir = 1;
+ else if (strcmp(argv[i], "-a") == 0)
+ date = version = cflags = options = platform = dir = 1;
+ else {
+ BIO_printf(bio_err, "usage:version -[avbofpd]\n");
+ ret = 1;
+ goto end;
+ }
+ }
+
+ if (version) {
+ if (SSLeay() == SSLEAY_VERSION_NUMBER) {
+ printf("%s\n", SSLeay_version(SSLEAY_VERSION));
+ } else {
+ printf("%s (Library: %s)\n",
+ OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION));
+ }
+ }
+ if (date)
+ printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON));
+ if (platform)
+ printf("%s\n", SSLeay_version(SSLEAY_PLATFORM));
+ if (options) {
+ printf("options: ");
+ printf("%s ", BN_options());
+#ifndef OPENSSL_NO_MD2
+ printf("%s ", MD2_options());
+#endif
+#ifndef OPENSSL_NO_RC4
+ printf("%s ", RC4_options());
+#endif
+#ifndef OPENSSL_NO_DES
+ printf("%s ", DES_options());
+#endif
+#ifndef OPENSSL_NO_IDEA
+ printf("%s ", idea_options());
+#endif
+#ifndef OPENSSL_NO_BF
+ printf("%s ", BF_options());
+#endif
+ printf("\n");
+ }
+ if (cflags)
+ printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
+ if (dir)
+ printf("%s\n", SSLeay_version(SSLEAY_DIR));
+ end:
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/winrand.c
===================================================================
--- vendor-crypto/openssl/dist/apps/winrand.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/winrand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,148 +0,0 @@
-/* apps/winrand.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* Usage: winrand [filename]
- *
- * Collects entropy from mouse movements and other events and writes
- * random data to filename or .rnd
- */
-
-#include <windows.h>
-#include <openssl/opensslv.h>
-#include <openssl/rand.h>
-
-LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
-const char *filename;
-
-int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
- PSTR cmdline, int iCmdShow)
- {
- static char appname[] = "OpenSSL";
- HWND hwnd;
- MSG msg;
- WNDCLASSEX wndclass;
- char buffer[200];
-
- if (cmdline[0] == '\0')
- filename = RAND_file_name(buffer, sizeof buffer);
- else
- filename = cmdline;
-
- RAND_load_file(filename, -1);
-
- wndclass.cbSize = sizeof(wndclass);
- wndclass.style = CS_HREDRAW | CS_VREDRAW;
- wndclass.lpfnWndProc = WndProc;
- wndclass.cbClsExtra = 0;
- wndclass.cbWndExtra = 0;
- wndclass.hInstance = hInstance;
- wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
- wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
- wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
- wndclass.lpszMenuName = NULL;
- wndclass.lpszClassName = appname;
- wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
- RegisterClassEx(&wndclass);
-
- hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
- WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
- CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL);
-
- ShowWindow(hwnd, iCmdShow);
- UpdateWindow(hwnd);
-
-
- while (GetMessage(&msg, NULL, 0, 0))
- {
- TranslateMessage(&msg);
- DispatchMessage(&msg);
- }
-
- return msg.wParam;
- }
-
-LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
- {
- HDC hdc;
- PAINTSTRUCT ps;
- RECT rect;
- static int seeded = 0;
-
- switch (iMsg)
- {
- case WM_PAINT:
- hdc = BeginPaint(hwnd, &ps);
- GetClientRect(hwnd, &rect);
- DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
- &rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
- EndPaint(hwnd, &ps);
- return 0;
-
- case WM_DESTROY:
- PostQuitMessage(0);
- return 0;
- }
-
- if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0)
- {
- seeded = 1;
- if (RAND_write_file(filename) <= 0)
- MessageBox(hwnd, "Couldn't write random file!",
- "OpenSSL", MB_OK | MB_ICONERROR);
- PostQuitMessage(0);
- }
-
- return DefWindowProc(hwnd, iMsg, wParam, lParam);
- }
Copied: vendor-crypto/openssl/0.9.8zf/apps/winrand.c (from rev 6976, vendor-crypto/openssl/dist/apps/winrand.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/winrand.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/winrand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,146 @@
+/* apps/winrand.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*-
+ * Usage: winrand [filename]
+ *
+ * Collects entropy from mouse movements and other events and writes
+ * random data to filename or .rnd
+ */
+
+#include <windows.h>
+#include <openssl/opensslv.h>
+#include <openssl/rand.h>
+
+LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
+const char *filename;
+
+int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
+ PSTR cmdline, int iCmdShow)
+{
+ static char appname[] = "OpenSSL";
+ HWND hwnd;
+ MSG msg;
+ WNDCLASSEX wndclass;
+ char buffer[200];
+
+ if (cmdline[0] == '\0')
+ filename = RAND_file_name(buffer, sizeof buffer);
+ else
+ filename = cmdline;
+
+ RAND_load_file(filename, -1);
+
+ wndclass.cbSize = sizeof(wndclass);
+ wndclass.style = CS_HREDRAW | CS_VREDRAW;
+ wndclass.lpfnWndProc = WndProc;
+ wndclass.cbClsExtra = 0;
+ wndclass.cbWndExtra = 0;
+ wndclass.hInstance = hInstance;
+ wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
+ wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
+ wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
+ wndclass.lpszMenuName = NULL;
+ wndclass.lpszClassName = appname;
+ wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
+ RegisterClassEx(&wndclass);
+
+ hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
+ WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
+ CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance,
+ NULL);
+
+ ShowWindow(hwnd, iCmdShow);
+ UpdateWindow(hwnd);
+
+ while (GetMessage(&msg, NULL, 0, 0)) {
+ TranslateMessage(&msg);
+ DispatchMessage(&msg);
+ }
+
+ return msg.wParam;
+}
+
+LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
+{
+ HDC hdc;
+ PAINTSTRUCT ps;
+ RECT rect;
+ static int seeded = 0;
+
+ switch (iMsg) {
+ case WM_PAINT:
+ hdc = BeginPaint(hwnd, &ps);
+ GetClientRect(hwnd, &rect);
+ DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
+ &rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
+ EndPaint(hwnd, &ps);
+ return 0;
+
+ case WM_DESTROY:
+ PostQuitMessage(0);
+ return 0;
+ }
+
+ if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0) {
+ seeded = 1;
+ if (RAND_write_file(filename) <= 0)
+ MessageBox(hwnd, "Couldn't write random file!",
+ "OpenSSL", MB_OK | MB_ICONERROR);
+ PostQuitMessage(0);
+ }
+
+ return DefWindowProc(hwnd, iMsg, wParam, lParam);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/apps/x509.c
===================================================================
--- vendor-crypto/openssl/dist/apps/x509.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/apps/x509.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1284 +0,0 @@
-/* apps/x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-#include <openssl/pem.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#undef PROG
-#define PROG x509_main
-
-#undef POSTFIX
-#define POSTFIX ".srl"
-#define DEF_DAYS 30
-
-static const char *x509_usage[]={
-"usage: x509 args\n",
-" -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
-" -outform arg - output format - default PEM (one of DER, NET or PEM)\n",
-" -keyform arg - private key format - default PEM\n",
-" -CAform arg - CA format - default PEM\n",
-" -CAkeyform arg - CA key format - default PEM\n",
-" -in arg - input file - default stdin\n",
-" -out arg - output file - default stdout\n",
-" -passin arg - private key password source\n",
-" -serial - print serial number value\n",
-" -subject_hash - print subject hash value\n",
-" -issuer_hash - print issuer hash value\n",
-" -hash - synonym for -subject_hash\n",
-" -subject - print subject DN\n",
-" -issuer - print issuer DN\n",
-" -email - print email address(es)\n",
-" -startdate - notBefore field\n",
-" -enddate - notAfter field\n",
-" -purpose - print out certificate purposes\n",
-" -dates - both Before and After dates\n",
-" -modulus - print the RSA key modulus\n",
-" -pubkey - output the public key\n",
-" -fingerprint - print the certificate fingerprint\n",
-" -alias - output certificate alias\n",
-" -noout - no certificate output\n",
-" -ocspid - print OCSP hash values for the subject name and public key\n",
-" -ocsp_uri - print OCSP Responder URL(s)\n",
-" -trustout - output a \"trusted\" certificate\n",
-" -clrtrust - clear all trusted purposes\n",
-" -clrreject - clear all rejected purposes\n",
-" -addtrust arg - trust certificate for a given purpose\n",
-" -addreject arg - reject certificate for a given purpose\n",
-" -setalias arg - set certificate alias\n",
-" -days arg - How long till expiry of a signed certificate - def 30 days\n",
-" -checkend arg - check whether the cert expires in the next arg seconds\n",
-" exit 1 if so, 0 if not\n",
-" -signkey arg - self sign cert with arg\n",
-" -x509toreq - output a certification request object\n",
-" -req - input is a certificate request, sign and output.\n",
-" -CA arg - set the CA certificate, must be PEM format.\n",
-" -CAkey arg - set the CA key, must be PEM format\n",
-" missing, it is assumed to be in the CA file.\n",
-" -CAcreateserial - create serial number file if it does not exist\n",
-" -CAserial arg - serial file\n",
-" -set_serial - serial number to use\n",
-" -text - print the certificate in text form\n",
-" -C - print out C code forms\n",
-" -md2/-md5/-sha1/-mdc2 - digest to use\n",
-" -extfile - configuration file with X509V3 extensions to add\n",
-" -extensions - section from config file with X509V3 extensions to add\n",
-" -clrext - delete extensions before signing and input certificate\n",
-" -nameopt arg - various certificate name options\n",
-#ifndef OPENSSL_NO_ENGINE
-" -engine e - use engine e, possibly a hardware device.\n",
-#endif
-" -certopt arg - various certificate text options\n",
-NULL
-};
-
-static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
-static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
- CONF *conf, char *section);
-static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
- X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
- int create,int days, int clrext, CONF *conf, char *section,
- ASN1_INTEGER *sno);
-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
-static int reqfile=0;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- int ret=1;
- X509_REQ *req=NULL;
- X509 *x=NULL,*xca=NULL;
- ASN1_OBJECT *objtmp;
- EVP_PKEY *Upkey=NULL,*CApkey=NULL;
- ASN1_INTEGER *sno = NULL;
- int i,num,badops=0;
- BIO *out=NULL;
- BIO *STDout=NULL;
- STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
- int informat,outformat,keyformat,CAformat,CAkeyformat;
- char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
- char *CAkeyfile=NULL,*CAserial=NULL;
- char *alias=NULL;
- int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
- int next_serial=0;
- int subject_hash=0,issuer_hash=0,ocspid=0;
- int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
- int ocsp_uri=0;
- int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
- int C=0;
- int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
- int pprint = 0;
- const char **pp;
- X509_STORE *ctx=NULL;
- X509_REQ *rq=NULL;
- int fingerprint=0;
- char buf[256];
- const EVP_MD *md_alg,*digest=EVP_sha1();
- CONF *extconf = NULL;
- char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
- int need_rand = 0;
- int checkend=0,checkoffset=0;
- unsigned long nmflag = 0, certflag = 0;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- reqfile=0;
-
- apps_startup();
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
- STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- STDout = BIO_push(tmpbio, STDout);
- }
-#endif
-
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
- keyformat=FORMAT_PEM;
- CAformat=FORMAT_PEM;
- CAkeyformat=FORMAT_PEM;
-
- ctx=X509_STORE_new();
- if (ctx == NULL) goto end;
- X509_STORE_set_verify_cb_func(ctx,callb);
-
- argc--;
- argv++;
- num=0;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- keyformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-req") == 0)
- {
- reqfile=1;
- need_rand = 1;
- }
- else if (strcmp(*argv,"-CAform") == 0)
- {
- if (--argc < 1) goto bad;
- CAformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-CAkeyform") == 0)
- {
- if (--argc < 1) goto bad;
- CAkeyformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-days") == 0)
- {
- if (--argc < 1) goto bad;
- days=atoi(*(++argv));
- if (days == 0)
- {
- BIO_printf(STDout,"bad number of days\n");
- goto bad;
- }
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-extfile") == 0)
- {
- if (--argc < 1) goto bad;
- extfile= *(++argv);
- }
- else if (strcmp(*argv,"-extensions") == 0)
- {
- if (--argc < 1) goto bad;
- extsect= *(++argv);
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-signkey") == 0)
- {
- if (--argc < 1) goto bad;
- keyfile= *(++argv);
- sign_flag= ++num;
- need_rand = 1;
- }
- else if (strcmp(*argv,"-CA") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- CA_flag= ++num;
- need_rand = 1;
- }
- else if (strcmp(*argv,"-CAkey") == 0)
- {
- if (--argc < 1) goto bad;
- CAkeyfile= *(++argv);
- }
- else if (strcmp(*argv,"-CAserial") == 0)
- {
- if (--argc < 1) goto bad;
- CAserial= *(++argv);
- }
- else if (strcmp(*argv,"-set_serial") == 0)
- {
- if (--argc < 1) goto bad;
- if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
- goto bad;
- }
- else if (strcmp(*argv,"-addtrust") == 0)
- {
- if (--argc < 1) goto bad;
- if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
- {
- BIO_printf(bio_err,
- "Invalid trust object value %s\n", *argv);
- goto bad;
- }
- if (!trust) trust = sk_ASN1_OBJECT_new_null();
- sk_ASN1_OBJECT_push(trust, objtmp);
- trustout = 1;
- }
- else if (strcmp(*argv,"-addreject") == 0)
- {
- if (--argc < 1) goto bad;
- if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
- {
- BIO_printf(bio_err,
- "Invalid reject object value %s\n", *argv);
- goto bad;
- }
- if (!reject) reject = sk_ASN1_OBJECT_new_null();
- sk_ASN1_OBJECT_push(reject, objtmp);
- trustout = 1;
- }
- else if (strcmp(*argv,"-setalias") == 0)
- {
- if (--argc < 1) goto bad;
- alias= *(++argv);
- trustout = 1;
- }
- else if (strcmp(*argv,"-certopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_cert_ex(&certflag, *(++argv))) goto bad;
- }
- else if (strcmp(*argv,"-nameopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_name_ex(&nmflag, *(++argv))) goto bad;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-C") == 0)
- C= ++num;
- else if (strcmp(*argv,"-email") == 0)
- email= ++num;
- else if (strcmp(*argv,"-ocsp_uri") == 0)
- ocsp_uri= ++num;
- else if (strcmp(*argv,"-serial") == 0)
- serial= ++num;
- else if (strcmp(*argv,"-next_serial") == 0)
- next_serial= ++num;
- else if (strcmp(*argv,"-modulus") == 0)
- modulus= ++num;
- else if (strcmp(*argv,"-pubkey") == 0)
- pubkey= ++num;
- else if (strcmp(*argv,"-x509toreq") == 0)
- x509req= ++num;
- else if (strcmp(*argv,"-text") == 0)
- text= ++num;
- else if (strcmp(*argv,"-hash") == 0
- || strcmp(*argv,"-subject_hash") == 0)
- subject_hash= ++num;
- else if (strcmp(*argv,"-issuer_hash") == 0)
- issuer_hash= ++num;
- else if (strcmp(*argv,"-subject") == 0)
- subject= ++num;
- else if (strcmp(*argv,"-issuer") == 0)
- issuer= ++num;
- else if (strcmp(*argv,"-fingerprint") == 0)
- fingerprint= ++num;
- else if (strcmp(*argv,"-dates") == 0)
- {
- startdate= ++num;
- enddate= ++num;
- }
- else if (strcmp(*argv,"-purpose") == 0)
- pprint= ++num;
- else if (strcmp(*argv,"-startdate") == 0)
- startdate= ++num;
- else if (strcmp(*argv,"-enddate") == 0)
- enddate= ++num;
- else if (strcmp(*argv,"-checkend") == 0)
- {
- if (--argc < 1) goto bad;
- checkoffset=atoi(*(++argv));
- checkend=1;
- }
- else if (strcmp(*argv,"-noout") == 0)
- noout= ++num;
- else if (strcmp(*argv,"-trustout") == 0)
- trustout= 1;
- else if (strcmp(*argv,"-clrtrust") == 0)
- clrtrust= ++num;
- else if (strcmp(*argv,"-clrreject") == 0)
- clrreject= ++num;
- else if (strcmp(*argv,"-alias") == 0)
- aliasout= ++num;
- else if (strcmp(*argv,"-CAcreateserial") == 0)
- CA_createserial= ++num;
- else if (strcmp(*argv,"-clrext") == 0)
- clrext = 1;
-#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
- else if (strcmp(*argv,"-crlext") == 0)
- {
- BIO_printf(bio_err,"use -clrext instead of -crlext\n");
- clrext = 1;
- }
-#endif
- else if (strcmp(*argv,"-ocspid") == 0)
- ocspid= ++num;
- else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
- {
- /* ok */
- digest=md_alg;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- for (pp=x509_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (need_rand)
- app_RAND_load_file(NULL, bio_err, 0);
-
- ERR_load_crypto_strings();
-
- if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
- {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
- if (!X509_STORE_set_default_paths(ctx))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
- { CAkeyfile=CAfile; }
- else if ((CA_flag) && (CAkeyfile == NULL))
- {
- BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n");
- goto end;
- }
-
- if (extfile)
- {
- long errorline = -1;
- X509V3_CTX ctx2;
- extconf = NCONF_new(NULL);
- if (!NCONF_load(extconf, extfile,&errorline))
- {
- if (errorline <= 0)
- BIO_printf(bio_err,
- "error loading the config file '%s'\n",
- extfile);
- else
- BIO_printf(bio_err,
- "error on line %ld of config file '%s'\n"
- ,errorline,extfile);
- goto end;
- }
- if (!extsect)
- {
- extsect = NCONF_get_string(extconf, "default", "extensions");
- if (!extsect)
- {
- ERR_clear_error();
- extsect = "default";
- }
- }
- X509V3_set_ctx_test(&ctx2);
- X509V3_set_nconf(&ctx2, extconf);
- if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
- {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- extsect);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
-
- if (reqfile)
- {
- EVP_PKEY *pkey;
- BIO *in;
-
- if (!sign_flag && !CA_flag)
- {
- BIO_printf(bio_err,"We need a private key to sign with\n");
- goto end;
- }
- in=BIO_new(BIO_s_file());
- if (in == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- BIO_free(in);
- goto end;
- }
- }
- req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
- BIO_free(in);
-
- if (req == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if ( (req->req_info == NULL) ||
- (req->req_info->pubkey == NULL) ||
- (req->req_info->pubkey->public_key == NULL) ||
- (req->req_info->pubkey->public_key->data == NULL))
- {
- BIO_printf(bio_err,"The certificate request appears to corrupted\n");
- BIO_printf(bio_err,"It does not contain a public key\n");
- goto end;
- }
- if ((pkey=X509_REQ_get_pubkey(req)) == NULL)
- {
- BIO_printf(bio_err,"error unpacking public key\n");
- goto end;
- }
- i=X509_REQ_verify(req,pkey);
- EVP_PKEY_free(pkey);
- if (i < 0)
- {
- BIO_printf(bio_err,"Signature verification error\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- if (i == 0)
- {
- BIO_printf(bio_err,"Signature did not match the certificate request\n");
- goto end;
- }
- else
- BIO_printf(bio_err,"Signature ok\n");
-
- print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
-
- if ((x=X509_new()) == NULL) goto end;
-
- if (sno == NULL)
- {
- sno = ASN1_INTEGER_new();
- if (!sno || !rand_serial(NULL, sno))
- goto end;
- if (!X509_set_serialNumber(x, sno))
- goto end;
- ASN1_INTEGER_free(sno);
- sno = NULL;
- }
- else if (!X509_set_serialNumber(x, sno))
- goto end;
-
- if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
- if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
-
- X509_gmtime_adj(X509_get_notBefore(x),0);
- X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
-
- pkey = X509_REQ_get_pubkey(req);
- X509_set_pubkey(x,pkey);
- EVP_PKEY_free(pkey);
- }
- else
- x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
-
- if (x == NULL) goto end;
- if (CA_flag)
- {
- xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
- if (xca == NULL) goto end;
- }
-
- if (!noout || text || next_serial)
- {
- OBJ_create("2.99999.3",
- "SET.ex3","SET x509v3 extension 3");
-
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
- }
-
- if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
-
- if (clrtrust) X509_trust_clear(x);
- if (clrreject) X509_reject_clear(x);
-
- if (trust)
- {
- for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
- {
- objtmp = sk_ASN1_OBJECT_value(trust, i);
- X509_add1_trust_object(x, objtmp);
- }
- }
-
- if (reject)
- {
- for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
- {
- objtmp = sk_ASN1_OBJECT_value(reject, i);
- X509_add1_reject_object(x, objtmp);
- }
- }
-
- if (num)
- {
- for (i=1; i<=num; i++)
- {
- if (issuer == i)
- {
- print_name(STDout, "issuer= ",
- X509_get_issuer_name(x), nmflag);
- }
- else if (subject == i)
- {
- print_name(STDout, "subject= ",
- X509_get_subject_name(x), nmflag);
- }
- else if (serial == i)
- {
- BIO_printf(STDout,"serial=");
- i2a_ASN1_INTEGER(STDout,
- X509_get_serialNumber(x));
- BIO_printf(STDout,"\n");
- }
- else if (next_serial == i)
- {
- BIGNUM *bnser;
- ASN1_INTEGER *ser;
- ser = X509_get_serialNumber(x);
- bnser = ASN1_INTEGER_to_BN(ser, NULL);
- if (!bnser)
- goto end;
- if (!BN_add_word(bnser, 1))
- goto end;
- ser = BN_to_ASN1_INTEGER(bnser, NULL);
- if (!ser)
- goto end;
- BN_free(bnser);
- i2a_ASN1_INTEGER(out, ser);
- ASN1_INTEGER_free(ser);
- BIO_puts(out, "\n");
- }
- else if ((email == i) || (ocsp_uri == i))
- {
- int j;
- STACK *emlst;
- if (email == i)
- emlst = X509_get1_email(x);
- else
- emlst = X509_get1_ocsp(x);
- for (j = 0; j < sk_num(emlst); j++)
- BIO_printf(STDout, "%s\n", sk_value(emlst, j));
- X509_email_free(emlst);
- }
- else if (aliasout == i)
- {
- unsigned char *alstr;
- alstr = X509_alias_get0(x, NULL);
- if (alstr) BIO_printf(STDout,"%s\n", alstr);
- else BIO_puts(STDout,"<No Alias>\n");
- }
- else if (subject_hash == i)
- {
- BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
- }
- else if (issuer_hash == i)
- {
- BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
- }
- else if (pprint == i)
- {
- X509_PURPOSE *ptmp;
- int j;
- BIO_printf(STDout, "Certificate purposes:\n");
- for (j = 0; j < X509_PURPOSE_get_count(); j++)
- {
- ptmp = X509_PURPOSE_get0(j);
- purpose_print(STDout, x, ptmp);
- }
- }
- else
- if (modulus == i)
- {
- EVP_PKEY *pkey;
-
- pkey=X509_get_pubkey(x);
- if (pkey == NULL)
- {
- BIO_printf(bio_err,"Modulus=unavailable\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_printf(STDout,"Modulus=");
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- BN_print(STDout,pkey->pkey.rsa->n);
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- BN_print(STDout,pkey->pkey.dsa->pub_key);
- else
-#endif
- BIO_printf(STDout,"Wrong Algorithm type");
- BIO_printf(STDout,"\n");
- EVP_PKEY_free(pkey);
- }
- else
- if (pubkey == i)
- {
- EVP_PKEY *pkey;
-
- pkey=X509_get_pubkey(x);
- if (pkey == NULL)
- {
- BIO_printf(bio_err,"Error getting public key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- PEM_write_bio_PUBKEY(STDout, pkey);
- EVP_PKEY_free(pkey);
- }
- else
- if (C == i)
- {
- unsigned char *d;
- char *m;
- int y,z;
-
- X509_NAME_oneline(X509_get_subject_name(x),
- buf,sizeof buf);
- BIO_printf(STDout,"/* subject:%s */\n",buf);
- m=X509_NAME_oneline(
- X509_get_issuer_name(x),buf,
- sizeof buf);
- BIO_printf(STDout,"/* issuer :%s */\n",buf);
-
- z=i2d_X509(x,NULL);
- m=OPENSSL_malloc(z);
-
- d=(unsigned char *)m;
- z=i2d_X509_NAME(X509_get_subject_name(x),&d);
- BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z);
- d=(unsigned char *)m;
- for (y=0; y<z; y++)
- {
- BIO_printf(STDout,"0x%02X,",d[y]);
- if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n");
- }
- if (y%16 != 0) BIO_printf(STDout,"\n");
- BIO_printf(STDout,"};\n");
-
- z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);
- BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z);
- d=(unsigned char *)m;
- for (y=0; y<z; y++)
- {
- BIO_printf(STDout,"0x%02X,",d[y]);
- if ((y & 0x0f) == 0x0f)
- BIO_printf(STDout,"\n");
- }
- if (y%16 != 0) BIO_printf(STDout,"\n");
- BIO_printf(STDout,"};\n");
-
- z=i2d_X509(x,&d);
- BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z);
- d=(unsigned char *)m;
- for (y=0; y<z; y++)
- {
- BIO_printf(STDout,"0x%02X,",d[y]);
- if ((y & 0x0f) == 0x0f)
- BIO_printf(STDout,"\n");
- }
- if (y%16 != 0) BIO_printf(STDout,"\n");
- BIO_printf(STDout,"};\n");
-
- OPENSSL_free(m);
- }
- else if (text == i)
- {
- X509_print_ex(out,x,nmflag, certflag);
- }
- else if (startdate == i)
- {
- BIO_puts(STDout,"notBefore=");
- ASN1_TIME_print(STDout,X509_get_notBefore(x));
- BIO_puts(STDout,"\n");
- }
- else if (enddate == i)
- {
- BIO_puts(STDout,"notAfter=");
- ASN1_TIME_print(STDout,X509_get_notAfter(x));
- BIO_puts(STDout,"\n");
- }
- else if (fingerprint == i)
- {
- int j;
- unsigned int n;
- unsigned char md[EVP_MAX_MD_SIZE];
-
- if (!X509_digest(x,digest,md,&n))
- {
- BIO_printf(bio_err,"out of memory\n");
- goto end;
- }
- BIO_printf(STDout,"%s Fingerprint=",
- OBJ_nid2sn(EVP_MD_type(digest)));
- for (j=0; j<(int)n; j++)
- {
- BIO_printf(STDout,"%02X%c",md[j],
- (j+1 == (int)n)
- ?'\n':':');
- }
- }
-
- /* should be in the library */
- else if ((sign_flag == i) && (x509req == 0))
- {
- BIO_printf(bio_err,"Getting Private key\n");
- if (Upkey == NULL)
- {
- Upkey=load_key(bio_err,
- keyfile, keyformat, 0,
- passin, e, "Private key");
- if (Upkey == NULL) goto end;
- }
-#ifndef OPENSSL_NO_DSA
- if (Upkey->type == EVP_PKEY_DSA)
- digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (Upkey->type == EVP_PKEY_EC)
- digest=EVP_ecdsa();
-#endif
-
- assert(need_rand);
- if (!sign(x,Upkey,days,clrext,digest,
- extconf, extsect)) goto end;
- }
- else if (CA_flag == i)
- {
- BIO_printf(bio_err,"Getting CA Private Key\n");
- if (CAkeyfile != NULL)
- {
- CApkey=load_key(bio_err,
- CAkeyfile, CAkeyformat,
- 0, passin, e,
- "CA Private Key");
- if (CApkey == NULL) goto end;
- }
-#ifndef OPENSSL_NO_DSA
- if (CApkey->type == EVP_PKEY_DSA)
- digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (CApkey->type == EVP_PKEY_EC)
- digest = EVP_ecdsa();
-#endif
-
- assert(need_rand);
- if (!x509_certify(ctx,CAfile,digest,x,xca,
- CApkey, CAserial,CA_createserial,days, clrext,
- extconf, extsect, sno))
- goto end;
- }
- else if (x509req == i)
- {
- EVP_PKEY *pk;
-
- BIO_printf(bio_err,"Getting request Private Key\n");
- if (keyfile == NULL)
- {
- BIO_printf(bio_err,"no request key file specified\n");
- goto end;
- }
- else
- {
- pk=load_key(bio_err,
- keyfile, keyformat, 0,
- passin, e, "request key");
- if (pk == NULL) goto end;
- }
-
- BIO_printf(bio_err,"Generating certificate request\n");
-
-#ifndef OPENSSL_NO_DSA
- if (pk->type == EVP_PKEY_DSA)
- digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pk->type == EVP_PKEY_EC)
- digest=EVP_ecdsa();
-#endif
-
- rq=X509_to_X509_REQ(x,pk,digest);
- EVP_PKEY_free(pk);
- if (rq == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (!noout)
- {
- X509_REQ_print(out,rq);
- PEM_write_bio_X509_REQ(out,rq);
- }
- noout=1;
- }
- else if (ocspid == i)
- {
- X509_ocspid_print(out, x);
- }
- }
- }
-
- if (checkend)
- {
- time_t tcheck=time(NULL) + checkoffset;
-
- if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0)
- {
- BIO_printf(out,"Certificate will expire\n");
- ret=1;
- }
- else
- {
- BIO_printf(out,"Certificate will not expire\n");
- ret=0;
- }
- goto end;
- }
-
- if (noout)
- {
- ret=0;
- goto end;
- }
-
- if (outformat == FORMAT_ASN1)
- i=i2d_X509_bio(out,x);
- else if (outformat == FORMAT_PEM)
- {
- if (trustout) i=PEM_write_bio_X509_AUX(out,x);
- else i=PEM_write_bio_X509(out,x);
- }
- else if (outformat == FORMAT_NETSCAPE)
- {
- ASN1_HEADER ah;
- ASN1_OCTET_STRING os;
-
- os.data=(unsigned char *)NETSCAPE_CERT_HDR;
- os.length=strlen(NETSCAPE_CERT_HDR);
- ah.header= &os;
- ah.data=(char *)x;
- ah.meth=X509_asn1_meth();
-
- i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah);
- }
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write certificate\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- ret=0;
-end:
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
- OBJ_cleanup();
- NCONF_free(extconf);
- BIO_free_all(out);
- BIO_free_all(STDout);
- X509_STORE_free(ctx);
- X509_REQ_free(req);
- X509_free(x);
- X509_free(xca);
- EVP_PKEY_free(Upkey);
- EVP_PKEY_free(CApkey);
- X509_REQ_free(rq);
- ASN1_INTEGER_free(sno);
- sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
- sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
- if (passin) OPENSSL_free(passin);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
- {
- char *buf = NULL, *p;
- ASN1_INTEGER *bs = NULL;
- BIGNUM *serial = NULL;
- size_t len;
-
- len = ((serialfile == NULL)
- ?(strlen(CAfile)+strlen(POSTFIX)+1)
- :(strlen(serialfile)))+1;
- buf=OPENSSL_malloc(len);
- if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
- if (serialfile == NULL)
- {
- BUF_strlcpy(buf,CAfile,len);
- for (p=buf; *p; p++)
- if (*p == '.')
- {
- *p='\0';
- break;
- }
- BUF_strlcat(buf,POSTFIX,len);
- }
- else
- BUF_strlcpy(buf,serialfile,len);
-
- serial = load_serial(buf, create, NULL);
- if (serial == NULL) goto end;
-
- if (!BN_add_word(serial,1))
- { BIO_printf(bio_err,"add_word failure\n"); goto end; }
-
- if (!save_serial(buf, NULL, serial, &bs)) goto end;
-
- end:
- if (buf) OPENSSL_free(buf);
- BN_free(serial);
- return bs;
- }
-
-static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
- X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
- int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
- {
- int ret=0;
- ASN1_INTEGER *bs=NULL;
- X509_STORE_CTX xsc;
- EVP_PKEY *upkey;
-
- upkey = X509_get_pubkey(xca);
- EVP_PKEY_copy_parameters(upkey,pkey);
- EVP_PKEY_free(upkey);
-
- if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
- {
- BIO_printf(bio_err,"Error initialising X509 store\n");
- goto end;
- }
- if (sno) bs = sno;
- else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
- goto end;
-
-/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
-
- /* NOTE: this certificate can/should be self signed, unless it was
- * a certificate request in which case it is not. */
- X509_STORE_CTX_set_cert(&xsc,x);
- X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
- if (!reqfile && X509_verify_cert(&xsc) <= 0)
- goto end;
-
- if (!X509_check_private_key(xca,pkey))
- {
- BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
- goto end;
- }
-
- if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
- if (!X509_set_serialNumber(x,bs)) goto end;
-
- if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL)
- goto end;
-
- /* hardwired expired */
- if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
- goto end;
-
- if (clrext)
- {
- while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
- }
-
- if (conf)
- {
- X509V3_CTX ctx2;
- X509_set_version(x,2); /* version 3 certificate */
- X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
- X509V3_set_nconf(&ctx2, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
- }
-
- if (!X509_sign(x,pkey,digest)) goto end;
- ret=1;
-end:
- X509_STORE_CTX_cleanup(&xsc);
- if (!ret)
- ERR_print_errors(bio_err);
- if (!sno) ASN1_INTEGER_free(bs);
- return ret;
- }
-
-static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
- {
- int err;
- X509 *err_cert;
-
- /* it is ok to use a self signed certificate
- * This case will catch both the initial ok == 0 and the
- * final ok == 1 calls to this function */
- err=X509_STORE_CTX_get_error(ctx);
- if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
- return 1;
-
- /* BAD we should have gotten an error. Normally if everything
- * worked X509_STORE_CTX_get_error(ctx) will still be set to
- * DEPTH_ZERO_SELF_.... */
- if (ok)
- {
- BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
- return 0;
- }
- else
- {
- err_cert=X509_STORE_CTX_get_current_cert(ctx);
- print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
- BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
- err,X509_STORE_CTX_get_error_depth(ctx),
- X509_verify_cert_error_string(err));
- return 1;
- }
- }
-
-/* self sign */
-static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
- CONF *conf, char *section)
- {
-
- EVP_PKEY *pktmp;
-
- pktmp = X509_get_pubkey(x);
- EVP_PKEY_copy_parameters(pktmp,pkey);
- EVP_PKEY_save_parameters(pktmp,1);
- EVP_PKEY_free(pktmp);
-
- if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
- if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
-
- /* Lets just make it 12:00am GMT, Jan 1 1970 */
- /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
- /* 28 days to be certified */
-
- if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
- goto err;
-
- if (!X509_set_pubkey(x,pkey)) goto err;
- if (clrext)
- {
- while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
- }
- if (conf)
- {
- X509V3_CTX ctx;
- X509_set_version(x,2); /* version 3 certificate */
- X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
- X509V3_set_nconf(&ctx, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
- }
- if (!X509_sign(x,pkey,digest)) goto err;
- return 1;
-err:
- ERR_print_errors(bio_err);
- return 0;
- }
-
-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
-{
- int id, i, idret;
- char *pname;
- id = X509_PURPOSE_get_id(pt);
- pname = X509_PURPOSE_get0_name(pt);
- for (i = 0; i < 2; i++)
- {
- idret = X509_check_purpose(cert, id, i);
- BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
- if (idret == 1) BIO_printf(bio, "Yes\n");
- else if (idret == 0) BIO_printf(bio, "No\n");
- else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
- }
- return 1;
-}
Copied: vendor-crypto/openssl/0.9.8zf/apps/x509.c (from rev 6976, vendor-crypto/openssl/dist/apps/x509.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/apps/x509.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/apps/x509.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1194 @@
+/* apps/x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+# define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#undef PROG
+#define PROG x509_main
+
+#undef POSTFIX
+#define POSTFIX ".srl"
+#define DEF_DAYS 30
+
+static const char *x509_usage[] = {
+ "usage: x509 args\n",
+ " -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
+ " -outform arg - output format - default PEM (one of DER, NET or PEM)\n",
+ " -keyform arg - private key format - default PEM\n",
+ " -CAform arg - CA format - default PEM\n",
+ " -CAkeyform arg - CA key format - default PEM\n",
+ " -in arg - input file - default stdin\n",
+ " -out arg - output file - default stdout\n",
+ " -passin arg - private key password source\n",
+ " -serial - print serial number value\n",
+ " -subject_hash - print subject hash value\n",
+ " -issuer_hash - print issuer hash value\n",
+ " -hash - synonym for -subject_hash\n",
+ " -subject - print subject DN\n",
+ " -issuer - print issuer DN\n",
+ " -email - print email address(es)\n",
+ " -startdate - notBefore field\n",
+ " -enddate - notAfter field\n",
+ " -purpose - print out certificate purposes\n",
+ " -dates - both Before and After dates\n",
+ " -modulus - print the RSA key modulus\n",
+ " -pubkey - output the public key\n",
+ " -fingerprint - print the certificate fingerprint\n",
+ " -alias - output certificate alias\n",
+ " -noout - no certificate output\n",
+ " -ocspid - print OCSP hash values for the subject name and public key\n",
+ " -ocsp_uri - print OCSP Responder URL(s)\n",
+ " -trustout - output a \"trusted\" certificate\n",
+ " -clrtrust - clear all trusted purposes\n",
+ " -clrreject - clear all rejected purposes\n",
+ " -addtrust arg - trust certificate for a given purpose\n",
+ " -addreject arg - reject certificate for a given purpose\n",
+ " -setalias arg - set certificate alias\n",
+ " -days arg - How long till expiry of a signed certificate - def 30 days\n",
+ " -checkend arg - check whether the cert expires in the next arg seconds\n",
+ " exit 1 if so, 0 if not\n",
+ " -signkey arg - self sign cert with arg\n",
+ " -x509toreq - output a certification request object\n",
+ " -req - input is a certificate request, sign and output.\n",
+ " -CA arg - set the CA certificate, must be PEM format.\n",
+ " -CAkey arg - set the CA key, must be PEM format\n",
+ " missing, it is assumed to be in the CA file.\n",
+ " -CAcreateserial - create serial number file if it does not exist\n",
+ " -CAserial arg - serial file\n",
+ " -set_serial - serial number to use\n",
+ " -text - print the certificate in text form\n",
+ " -C - print out C code forms\n",
+ " -md2/-md5/-sha1/-mdc2 - digest to use\n",
+ " -extfile - configuration file with X509V3 extensions to add\n",
+ " -extensions - section from config file with X509V3 extensions to add\n",
+ " -clrext - delete extensions before signing and input certificate\n",
+ " -nameopt arg - various certificate name options\n",
+#ifndef OPENSSL_NO_ENGINE
+ " -engine e - use engine e, possibly a hardware device.\n",
+#endif
+ " -certopt arg - various certificate text options\n",
+ NULL
+};
+
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
+static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+ const EVP_MD *digest, CONF *conf, char *section);
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+ X509 *x, X509 *xca, EVP_PKEY *pkey, char *serial,
+ int create, int days, int clrext, CONF *conf,
+ char *section, ASN1_INTEGER *sno);
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
+static int reqfile = 0;
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+ ENGINE *e = NULL;
+ int ret = 1;
+ X509_REQ *req = NULL;
+ X509 *x = NULL, *xca = NULL;
+ ASN1_OBJECT *objtmp;
+ EVP_PKEY *Upkey = NULL, *CApkey = NULL;
+ ASN1_INTEGER *sno = NULL;
+ int i, num, badops = 0;
+ BIO *out = NULL;
+ BIO *STDout = NULL;
+ STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
+ int informat, outformat, keyformat, CAformat, CAkeyformat;
+ char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
+ char *CAkeyfile = NULL, *CAserial = NULL;
+ char *alias = NULL;
+ int text = 0, serial = 0, subject = 0, issuer = 0, startdate =
+ 0, enddate = 0;
+ int next_serial = 0;
+ int subject_hash = 0, issuer_hash = 0, ocspid = 0;
+ int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0;
+ int ocsp_uri = 0;
+ int trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0, clrext = 0;
+ int C = 0;
+ int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0;
+ int pprint = 0;
+ const char **pp;
+ X509_STORE *ctx = NULL;
+ X509_REQ *rq = NULL;
+ int fingerprint = 0;
+ char buf[256];
+ const EVP_MD *md_alg, *digest = EVP_sha1();
+ CONF *extconf = NULL;
+ char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
+ int need_rand = 0;
+ int checkend = 0, checkoffset = 0;
+ unsigned long nmflag = 0, certflag = 0;
+#ifndef OPENSSL_NO_ENGINE
+ char *engine = NULL;
+#endif
+
+ reqfile = 0;
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+ STDout = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ STDout = BIO_push(tmpbio, STDout);
+ }
+#endif
+
+ informat = FORMAT_PEM;
+ outformat = FORMAT_PEM;
+ keyformat = FORMAT_PEM;
+ CAformat = FORMAT_PEM;
+ CAkeyformat = FORMAT_PEM;
+
+ ctx = X509_STORE_new();
+ if (ctx == NULL)
+ goto end;
+ X509_STORE_set_verify_cb_func(ctx, callb);
+
+ argc--;
+ argv++;
+ num = 0;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-inform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ informat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-outform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-keyform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-req") == 0) {
+ reqfile = 1;
+ need_rand = 1;
+ } else if (strcmp(*argv, "-CAform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-CAkeyform") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAkeyformat = str2fmt(*(++argv));
+ } else if (strcmp(*argv, "-days") == 0) {
+ if (--argc < 1)
+ goto bad;
+ days = atoi(*(++argv));
+ if (days == 0) {
+ BIO_printf(STDout, "bad number of days\n");
+ goto bad;
+ }
+ } else if (strcmp(*argv, "-passin") == 0) {
+ if (--argc < 1)
+ goto bad;
+ passargin = *(++argv);
+ } else if (strcmp(*argv, "-extfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ extfile = *(++argv);
+ } else if (strcmp(*argv, "-extensions") == 0) {
+ if (--argc < 1)
+ goto bad;
+ extsect = *(++argv);
+ } else if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-signkey") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keyfile = *(++argv);
+ sign_flag = ++num;
+ need_rand = 1;
+ } else if (strcmp(*argv, "-CA") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAfile = *(++argv);
+ CA_flag = ++num;
+ need_rand = 1;
+ } else if (strcmp(*argv, "-CAkey") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAkeyfile = *(++argv);
+ } else if (strcmp(*argv, "-CAserial") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAserial = *(++argv);
+ } else if (strcmp(*argv, "-set_serial") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
+ goto bad;
+ } else if (strcmp(*argv, "-addtrust") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
+ BIO_printf(bio_err, "Invalid trust object value %s\n", *argv);
+ goto bad;
+ }
+ if (!trust)
+ trust = sk_ASN1_OBJECT_new_null();
+ sk_ASN1_OBJECT_push(trust, objtmp);
+ trustout = 1;
+ } else if (strcmp(*argv, "-addreject") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!(objtmp = OBJ_txt2obj(*(++argv), 0))) {
+ BIO_printf(bio_err,
+ "Invalid reject object value %s\n", *argv);
+ goto bad;
+ }
+ if (!reject)
+ reject = sk_ASN1_OBJECT_new_null();
+ sk_ASN1_OBJECT_push(reject, objtmp);
+ trustout = 1;
+ } else if (strcmp(*argv, "-setalias") == 0) {
+ if (--argc < 1)
+ goto bad;
+ alias = *(++argv);
+ trustout = 1;
+ } else if (strcmp(*argv, "-certopt") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!set_cert_ex(&certflag, *(++argv)))
+ goto bad;
+ } else if (strcmp(*argv, "-nameopt") == 0) {
+ if (--argc < 1)
+ goto bad;
+ if (!set_name_ex(&nmflag, *(++argv)))
+ goto bad;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ else if (strcmp(*argv, "-engine") == 0) {
+ if (--argc < 1)
+ goto bad;
+ engine = *(++argv);
+ }
+#endif
+ else if (strcmp(*argv, "-C") == 0)
+ C = ++num;
+ else if (strcmp(*argv, "-email") == 0)
+ email = ++num;
+ else if (strcmp(*argv, "-ocsp_uri") == 0)
+ ocsp_uri = ++num;
+ else if (strcmp(*argv, "-serial") == 0)
+ serial = ++num;
+ else if (strcmp(*argv, "-next_serial") == 0)
+ next_serial = ++num;
+ else if (strcmp(*argv, "-modulus") == 0)
+ modulus = ++num;
+ else if (strcmp(*argv, "-pubkey") == 0)
+ pubkey = ++num;
+ else if (strcmp(*argv, "-x509toreq") == 0)
+ x509req = ++num;
+ else if (strcmp(*argv, "-text") == 0)
+ text = ++num;
+ else if (strcmp(*argv, "-hash") == 0
+ || strcmp(*argv, "-subject_hash") == 0)
+ subject_hash = ++num;
+ else if (strcmp(*argv, "-issuer_hash") == 0)
+ issuer_hash = ++num;
+ else if (strcmp(*argv, "-subject") == 0)
+ subject = ++num;
+ else if (strcmp(*argv, "-issuer") == 0)
+ issuer = ++num;
+ else if (strcmp(*argv, "-fingerprint") == 0)
+ fingerprint = ++num;
+ else if (strcmp(*argv, "-dates") == 0) {
+ startdate = ++num;
+ enddate = ++num;
+ } else if (strcmp(*argv, "-purpose") == 0)
+ pprint = ++num;
+ else if (strcmp(*argv, "-startdate") == 0)
+ startdate = ++num;
+ else if (strcmp(*argv, "-enddate") == 0)
+ enddate = ++num;
+ else if (strcmp(*argv, "-checkend") == 0) {
+ if (--argc < 1)
+ goto bad;
+ checkoffset = atoi(*(++argv));
+ checkend = 1;
+ } else if (strcmp(*argv, "-noout") == 0)
+ noout = ++num;
+ else if (strcmp(*argv, "-trustout") == 0)
+ trustout = 1;
+ else if (strcmp(*argv, "-clrtrust") == 0)
+ clrtrust = ++num;
+ else if (strcmp(*argv, "-clrreject") == 0)
+ clrreject = ++num;
+ else if (strcmp(*argv, "-alias") == 0)
+ aliasout = ++num;
+ else if (strcmp(*argv, "-CAcreateserial") == 0)
+ CA_createserial = ++num;
+ else if (strcmp(*argv, "-clrext") == 0)
+ clrext = 1;
+#if 1 /* stay backwards-compatible with 0.9.5; this
+ * should go away soon */
+ else if (strcmp(*argv, "-crlext") == 0) {
+ BIO_printf(bio_err, "use -clrext instead of -crlext\n");
+ clrext = 1;
+ }
+#endif
+ else if (strcmp(*argv, "-ocspid") == 0)
+ ocspid = ++num;
+ else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
+ /* ok */
+ digest = md_alg;
+ } else {
+ BIO_printf(bio_err, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ for (pp = x509_usage; (*pp != NULL); pp++)
+ BIO_printf(bio_err, "%s", *pp);
+ goto end;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ e = setup_engine(bio_err, engine, 0);
+#endif
+
+ if (need_rand)
+ app_RAND_load_file(NULL, bio_err, 0);
+
+ ERR_load_crypto_strings();
+
+ if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+ BIO_printf(bio_err, "Error getting password\n");
+ goto end;
+ }
+
+ if (!X509_STORE_set_default_paths(ctx)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) {
+ CAkeyfile = CAfile;
+ } else if ((CA_flag) && (CAkeyfile == NULL)) {
+ BIO_printf(bio_err,
+ "need to specify a CAkey if using the CA command\n");
+ goto end;
+ }
+
+ if (extfile) {
+ long errorline = -1;
+ X509V3_CTX ctx2;
+ extconf = NCONF_new(NULL);
+ if (!NCONF_load(extconf, extfile, &errorline)) {
+ if (errorline <= 0)
+ BIO_printf(bio_err,
+ "error loading the config file '%s'\n", extfile);
+ else
+ BIO_printf(bio_err,
+ "error on line %ld of config file '%s'\n",
+ errorline, extfile);
+ goto end;
+ }
+ if (!extsect) {
+ extsect = NCONF_get_string(extconf, "default", "extensions");
+ if (!extsect) {
+ ERR_clear_error();
+ extsect = "default";
+ }
+ }
+ X509V3_set_ctx_test(&ctx2);
+ X509V3_set_nconf(&ctx2, extconf);
+ if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) {
+ BIO_printf(bio_err,
+ "Error Loading extension section %s\n", extsect);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (reqfile) {
+ EVP_PKEY *pkey;
+ BIO *in;
+
+ if (!sign_flag && !CA_flag) {
+ BIO_printf(bio_err, "We need a private key to sign with\n");
+ goto end;
+ }
+ in = BIO_new(BIO_s_file());
+ if (in == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (infile == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE | BIO_FP_TEXT);
+ else {
+ if (BIO_read_filename(in, infile) <= 0) {
+ perror(infile);
+ BIO_free(in);
+ goto end;
+ }
+ }
+ req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
+ BIO_free(in);
+
+ if (req == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if ((req->req_info == NULL) ||
+ (req->req_info->pubkey == NULL) ||
+ (req->req_info->pubkey->public_key == NULL) ||
+ (req->req_info->pubkey->public_key->data == NULL)) {
+ BIO_printf(bio_err,
+ "The certificate request appears to corrupted\n");
+ BIO_printf(bio_err, "It does not contain a public key\n");
+ goto end;
+ }
+ if ((pkey = X509_REQ_get_pubkey(req)) == NULL) {
+ BIO_printf(bio_err, "error unpacking public key\n");
+ goto end;
+ }
+ i = X509_REQ_verify(req, pkey);
+ EVP_PKEY_free(pkey);
+ if (i < 0) {
+ BIO_printf(bio_err, "Signature verification error\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (i == 0) {
+ BIO_printf(bio_err,
+ "Signature did not match the certificate request\n");
+ goto end;
+ } else
+ BIO_printf(bio_err, "Signature ok\n");
+
+ print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
+ nmflag);
+
+ if ((x = X509_new()) == NULL)
+ goto end;
+
+ if (sno == NULL) {
+ sno = ASN1_INTEGER_new();
+ if (!sno || !rand_serial(NULL, sno))
+ goto end;
+ if (!X509_set_serialNumber(x, sno))
+ goto end;
+ ASN1_INTEGER_free(sno);
+ sno = NULL;
+ } else if (!X509_set_serialNumber(x, sno))
+ goto end;
+
+ if (!X509_set_issuer_name(x, req->req_info->subject))
+ goto end;
+ if (!X509_set_subject_name(x, req->req_info->subject))
+ goto end;
+
+ X509_gmtime_adj(X509_get_notBefore(x), 0);
+ X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days);
+
+ pkey = X509_REQ_get_pubkey(req);
+ X509_set_pubkey(x, pkey);
+ EVP_PKEY_free(pkey);
+ } else
+ x = load_cert(bio_err, infile, informat, NULL, e, "Certificate");
+
+ if (x == NULL)
+ goto end;
+ if (CA_flag) {
+ xca = load_cert(bio_err, CAfile, CAformat, NULL, e, "CA Certificate");
+ if (xca == NULL)
+ goto end;
+ }
+
+ if (!noout || text || next_serial) {
+ OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+ {
+ BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+ out = BIO_push(tmpbio, out);
+ }
+#endif
+ } else {
+ if (BIO_write_filename(out, outfile) <= 0) {
+ perror(outfile);
+ goto end;
+ }
+ }
+ }
+
+ if (alias)
+ X509_alias_set1(x, (unsigned char *)alias, -1);
+
+ if (clrtrust)
+ X509_trust_clear(x);
+ if (clrreject)
+ X509_reject_clear(x);
+
+ if (trust) {
+ for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+ objtmp = sk_ASN1_OBJECT_value(trust, i);
+ X509_add1_trust_object(x, objtmp);
+ }
+ }
+
+ if (reject) {
+ for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+ objtmp = sk_ASN1_OBJECT_value(reject, i);
+ X509_add1_reject_object(x, objtmp);
+ }
+ }
+
+ if (num) {
+ for (i = 1; i <= num; i++) {
+ if (issuer == i) {
+ print_name(STDout, "issuer= ",
+ X509_get_issuer_name(x), nmflag);
+ } else if (subject == i) {
+ print_name(STDout, "subject= ",
+ X509_get_subject_name(x), nmflag);
+ } else if (serial == i) {
+ BIO_printf(STDout, "serial=");
+ i2a_ASN1_INTEGER(STDout, X509_get_serialNumber(x));
+ BIO_printf(STDout, "\n");
+ } else if (next_serial == i) {
+ BIGNUM *bnser;
+ ASN1_INTEGER *ser;
+ ser = X509_get_serialNumber(x);
+ bnser = ASN1_INTEGER_to_BN(ser, NULL);
+ if (!bnser)
+ goto end;
+ if (!BN_add_word(bnser, 1))
+ goto end;
+ ser = BN_to_ASN1_INTEGER(bnser, NULL);
+ if (!ser)
+ goto end;
+ BN_free(bnser);
+ i2a_ASN1_INTEGER(out, ser);
+ ASN1_INTEGER_free(ser);
+ BIO_puts(out, "\n");
+ } else if ((email == i) || (ocsp_uri == i)) {
+ int j;
+ STACK *emlst;
+ if (email == i)
+ emlst = X509_get1_email(x);
+ else
+ emlst = X509_get1_ocsp(x);
+ for (j = 0; j < sk_num(emlst); j++)
+ BIO_printf(STDout, "%s\n", sk_value(emlst, j));
+ X509_email_free(emlst);
+ } else if (aliasout == i) {
+ unsigned char *alstr;
+ alstr = X509_alias_get0(x, NULL);
+ if (alstr)
+ BIO_printf(STDout, "%s\n", alstr);
+ else
+ BIO_puts(STDout, "<No Alias>\n");
+ } else if (subject_hash == i) {
+ BIO_printf(STDout, "%08lx\n", X509_subject_name_hash(x));
+ } else if (issuer_hash == i) {
+ BIO_printf(STDout, "%08lx\n", X509_issuer_name_hash(x));
+ } else if (pprint == i) {
+ X509_PURPOSE *ptmp;
+ int j;
+ BIO_printf(STDout, "Certificate purposes:\n");
+ for (j = 0; j < X509_PURPOSE_get_count(); j++) {
+ ptmp = X509_PURPOSE_get0(j);
+ purpose_print(STDout, x, ptmp);
+ }
+ } else if (modulus == i) {
+ EVP_PKEY *pkey;
+
+ pkey = X509_get_pubkey(x);
+ if (pkey == NULL) {
+ BIO_printf(bio_err, "Modulus=unavailable\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ BIO_printf(STDout, "Modulus=");
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA)
+ BN_print(STDout, pkey->pkey.rsa->n);
+ else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ BN_print(STDout, pkey->pkey.dsa->pub_key);
+ else
+#endif
+ BIO_printf(STDout, "Wrong Algorithm type");
+ BIO_printf(STDout, "\n");
+ EVP_PKEY_free(pkey);
+ } else if (pubkey == i) {
+ EVP_PKEY *pkey;
+
+ pkey = X509_get_pubkey(x);
+ if (pkey == NULL) {
+ BIO_printf(bio_err, "Error getting public key\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ PEM_write_bio_PUBKEY(STDout, pkey);
+ EVP_PKEY_free(pkey);
+ } else if (C == i) {
+ unsigned char *d;
+ char *m;
+ int y, z;
+
+ X509_NAME_oneline(X509_get_subject_name(x), buf, sizeof buf);
+ BIO_printf(STDout, "/* subject:%s */\n", buf);
+ m = X509_NAME_oneline(X509_get_issuer_name(x), buf,
+ sizeof buf);
+ BIO_printf(STDout, "/* issuer :%s */\n", buf);
+
+ z = i2d_X509(x, NULL);
+ m = OPENSSL_malloc(z);
+
+ d = (unsigned char *)m;
+ z = i2d_X509_NAME(X509_get_subject_name(x), &d);
+ BIO_printf(STDout, "unsigned char XXX_subject_name[%d]={\n",
+ z);
+ d = (unsigned char *)m;
+ for (y = 0; y < z; y++) {
+ BIO_printf(STDout, "0x%02X,", d[y]);
+ if ((y & 0x0f) == 0x0f)
+ BIO_printf(STDout, "\n");
+ }
+ if (y % 16 != 0)
+ BIO_printf(STDout, "\n");
+ BIO_printf(STDout, "};\n");
+
+ z = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d);
+ BIO_printf(STDout, "unsigned char XXX_public_key[%d]={\n", z);
+ d = (unsigned char *)m;
+ for (y = 0; y < z; y++) {
+ BIO_printf(STDout, "0x%02X,", d[y]);
+ if ((y & 0x0f) == 0x0f)
+ BIO_printf(STDout, "\n");
+ }
+ if (y % 16 != 0)
+ BIO_printf(STDout, "\n");
+ BIO_printf(STDout, "};\n");
+
+ z = i2d_X509(x, &d);
+ BIO_printf(STDout, "unsigned char XXX_certificate[%d]={\n",
+ z);
+ d = (unsigned char *)m;
+ for (y = 0; y < z; y++) {
+ BIO_printf(STDout, "0x%02X,", d[y]);
+ if ((y & 0x0f) == 0x0f)
+ BIO_printf(STDout, "\n");
+ }
+ if (y % 16 != 0)
+ BIO_printf(STDout, "\n");
+ BIO_printf(STDout, "};\n");
+
+ OPENSSL_free(m);
+ } else if (text == i) {
+ X509_print_ex(out, x, nmflag, certflag);
+ } else if (startdate == i) {
+ BIO_puts(STDout, "notBefore=");
+ ASN1_TIME_print(STDout, X509_get_notBefore(x));
+ BIO_puts(STDout, "\n");
+ } else if (enddate == i) {
+ BIO_puts(STDout, "notAfter=");
+ ASN1_TIME_print(STDout, X509_get_notAfter(x));
+ BIO_puts(STDout, "\n");
+ } else if (fingerprint == i) {
+ int j;
+ unsigned int n;
+ unsigned char md[EVP_MAX_MD_SIZE];
+
+ if (!X509_digest(x, digest, md, &n)) {
+ BIO_printf(bio_err, "out of memory\n");
+ goto end;
+ }
+ BIO_printf(STDout, "%s Fingerprint=",
+ OBJ_nid2sn(EVP_MD_type(digest)));
+ for (j = 0; j < (int)n; j++) {
+ BIO_printf(STDout, "%02X%c", md[j], (j + 1 == (int)n)
+ ? '\n' : ':');
+ }
+ }
+
+ /* should be in the library */
+ else if ((sign_flag == i) && (x509req == 0)) {
+ BIO_printf(bio_err, "Getting Private key\n");
+ if (Upkey == NULL) {
+ Upkey = load_key(bio_err,
+ keyfile, keyformat, 0,
+ passin, e, "Private key");
+ if (Upkey == NULL)
+ goto end;
+ }
+#ifndef OPENSSL_NO_DSA
+ if (Upkey->type == EVP_PKEY_DSA)
+ digest = EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (Upkey->type == EVP_PKEY_EC)
+ digest = EVP_ecdsa();
+#endif
+
+ assert(need_rand);
+ if (!sign(x, Upkey, days, clrext, digest, extconf, extsect))
+ goto end;
+ } else if (CA_flag == i) {
+ BIO_printf(bio_err, "Getting CA Private Key\n");
+ if (CAkeyfile != NULL) {
+ CApkey = load_key(bio_err,
+ CAkeyfile, CAkeyformat,
+ 0, passin, e, "CA Private Key");
+ if (CApkey == NULL)
+ goto end;
+ }
+#ifndef OPENSSL_NO_DSA
+ if (CApkey->type == EVP_PKEY_DSA)
+ digest = EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (CApkey->type == EVP_PKEY_EC)
+ digest = EVP_ecdsa();
+#endif
+
+ assert(need_rand);
+ if (!x509_certify(ctx, CAfile, digest, x, xca,
+ CApkey, CAserial, CA_createserial, days,
+ clrext, extconf, extsect, sno))
+ goto end;
+ } else if (x509req == i) {
+ EVP_PKEY *pk;
+
+ BIO_printf(bio_err, "Getting request Private Key\n");
+ if (keyfile == NULL) {
+ BIO_printf(bio_err, "no request key file specified\n");
+ goto end;
+ } else {
+ pk = load_key(bio_err,
+ keyfile, keyformat, 0,
+ passin, e, "request key");
+ if (pk == NULL)
+ goto end;
+ }
+
+ BIO_printf(bio_err, "Generating certificate request\n");
+
+#ifndef OPENSSL_NO_DSA
+ if (pk->type == EVP_PKEY_DSA)
+ digest = EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pk->type == EVP_PKEY_EC)
+ digest = EVP_ecdsa();
+#endif
+
+ rq = X509_to_X509_REQ(x, pk, digest);
+ EVP_PKEY_free(pk);
+ if (rq == NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (!noout) {
+ X509_REQ_print(out, rq);
+ PEM_write_bio_X509_REQ(out, rq);
+ }
+ noout = 1;
+ } else if (ocspid == i) {
+ X509_ocspid_print(out, x);
+ }
+ }
+ }
+
+ if (checkend) {
+ time_t tcheck = time(NULL) + checkoffset;
+
+ if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0) {
+ BIO_printf(out, "Certificate will expire\n");
+ ret = 1;
+ } else {
+ BIO_printf(out, "Certificate will not expire\n");
+ ret = 0;
+ }
+ goto end;
+ }
+
+ if (noout) {
+ ret = 0;
+ goto end;
+ }
+
+ if (outformat == FORMAT_ASN1)
+ i = i2d_X509_bio(out, x);
+ else if (outformat == FORMAT_PEM) {
+ if (trustout)
+ i = PEM_write_bio_X509_AUX(out, x);
+ else
+ i = PEM_write_bio_X509(out, x);
+ } else if (outformat == FORMAT_NETSCAPE) {
+ ASN1_HEADER ah;
+ ASN1_OCTET_STRING os;
+
+ os.data = (unsigned char *)NETSCAPE_CERT_HDR;
+ os.length = strlen(NETSCAPE_CERT_HDR);
+ ah.header = &os;
+ ah.data = (char *)x;
+ ah.meth = X509_asn1_meth();
+
+ i = ASN1_i2d_bio_of(ASN1_HEADER, i2d_ASN1_HEADER, out, &ah);
+ } else {
+ BIO_printf(bio_err, "bad output format specified for outfile\n");
+ goto end;
+ }
+ if (!i) {
+ BIO_printf(bio_err, "unable to write certificate\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ ret = 0;
+ end:
+ if (need_rand)
+ app_RAND_write_file(NULL, bio_err);
+ OBJ_cleanup();
+ NCONF_free(extconf);
+ BIO_free_all(out);
+ BIO_free_all(STDout);
+ X509_STORE_free(ctx);
+ X509_REQ_free(req);
+ X509_free(x);
+ X509_free(xca);
+ EVP_PKEY_free(Upkey);
+ EVP_PKEY_free(CApkey);
+ X509_REQ_free(rq);
+ ASN1_INTEGER_free(sno);
+ sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+ sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+ if (passin)
+ OPENSSL_free(passin);
+ apps_shutdown();
+ OPENSSL_EXIT(ret);
+}
+
+static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile,
+ int create)
+{
+ char *buf = NULL, *p;
+ ASN1_INTEGER *bs = NULL;
+ BIGNUM *serial = NULL;
+ size_t len;
+
+ len = ((serialfile == NULL)
+ ? (strlen(CAfile) + strlen(POSTFIX) + 1)
+ : (strlen(serialfile))) + 1;
+ buf = OPENSSL_malloc(len);
+ if (buf == NULL) {
+ BIO_printf(bio_err, "out of mem\n");
+ goto end;
+ }
+ if (serialfile == NULL) {
+ BUF_strlcpy(buf, CAfile, len);
+ for (p = buf; *p; p++)
+ if (*p == '.') {
+ *p = '\0';
+ break;
+ }
+ BUF_strlcat(buf, POSTFIX, len);
+ } else
+ BUF_strlcpy(buf, serialfile, len);
+
+ serial = load_serial(buf, create, NULL);
+ if (serial == NULL)
+ goto end;
+
+ if (!BN_add_word(serial, 1)) {
+ BIO_printf(bio_err, "add_word failure\n");
+ goto end;
+ }
+
+ if (!save_serial(buf, NULL, serial, &bs))
+ goto end;
+
+ end:
+ if (buf)
+ OPENSSL_free(buf);
+ BN_free(serial);
+ return bs;
+}
+
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+ X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile,
+ int create, int days, int clrext, CONF *conf,
+ char *section, ASN1_INTEGER *sno)
+{
+ int ret = 0;
+ ASN1_INTEGER *bs = NULL;
+ X509_STORE_CTX xsc;
+ EVP_PKEY *upkey;
+
+ upkey = X509_get_pubkey(xca);
+ EVP_PKEY_copy_parameters(upkey, pkey);
+ EVP_PKEY_free(upkey);
+
+ if (!X509_STORE_CTX_init(&xsc, ctx, x, NULL)) {
+ BIO_printf(bio_err, "Error initialising X509 store\n");
+ goto end;
+ }
+ if (sno)
+ bs = sno;
+ else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
+ goto end;
+
+/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
+
+ /*
+ * NOTE: this certificate can/should be self signed, unless it was a
+ * certificate request in which case it is not.
+ */
+ X509_STORE_CTX_set_cert(&xsc, x);
+ X509_STORE_CTX_set_flags(&xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
+ if (!reqfile && X509_verify_cert(&xsc) <= 0)
+ goto end;
+
+ if (!X509_check_private_key(xca, pkey)) {
+ BIO_printf(bio_err,
+ "CA certificate and CA private key do not match\n");
+ goto end;
+ }
+
+ if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
+ goto end;
+ if (!X509_set_serialNumber(x, bs))
+ goto end;
+
+ if (X509_gmtime_adj(X509_get_notBefore(x), 0L) == NULL)
+ goto end;
+
+ /* hardwired expired */
+ if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
+ NULL)
+ goto end;
+
+ if (clrext) {
+ while (X509_get_ext_count(x) > 0)
+ X509_delete_ext(x, 0);
+ }
+
+ if (conf) {
+ X509V3_CTX ctx2;
+ X509_set_version(x, 2); /* version 3 certificate */
+ X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
+ X509V3_set_nconf(&ctx2, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
+ goto end;
+ }
+
+ if (!X509_sign(x, pkey, digest))
+ goto end;
+ ret = 1;
+ end:
+ X509_STORE_CTX_cleanup(&xsc);
+ if (!ret)
+ ERR_print_errors(bio_err);
+ if (!sno)
+ ASN1_INTEGER_free(bs);
+ return ret;
+}
+
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
+{
+ int err;
+ X509 *err_cert;
+
+ /*
+ * it is ok to use a self signed certificate This case will catch both
+ * the initial ok == 0 and the final ok == 1 calls to this function
+ */
+ err = X509_STORE_CTX_get_error(ctx);
+ if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+ return 1;
+
+ /*
+ * BAD we should have gotten an error. Normally if everything worked
+ * X509_STORE_CTX_get_error(ctx) will still be set to
+ * DEPTH_ZERO_SELF_....
+ */
+ if (ok) {
+ BIO_printf(bio_err,
+ "error with certificate to be certified - should be self signed\n");
+ return 0;
+ } else {
+ err_cert = X509_STORE_CTX_get_current_cert(ctx);
+ print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0);
+ BIO_printf(bio_err,
+ "error with certificate - error %d at depth %d\n%s\n", err,
+ X509_STORE_CTX_get_error_depth(ctx),
+ X509_verify_cert_error_string(err));
+ return 1;
+ }
+}
+
+/* self sign */
+static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+ const EVP_MD *digest, CONF *conf, char *section)
+{
+
+ EVP_PKEY *pktmp;
+
+ pktmp = X509_get_pubkey(x);
+ EVP_PKEY_copy_parameters(pktmp, pkey);
+ EVP_PKEY_save_parameters(pktmp, 1);
+ EVP_PKEY_free(pktmp);
+
+ if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
+ goto err;
+ if (X509_gmtime_adj(X509_get_notBefore(x), 0) == NULL)
+ goto err;
+
+ /* Lets just make it 12:00am GMT, Jan 1 1970 */
+ /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
+ /* 28 days to be certified */
+
+ if (X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days) ==
+ NULL)
+ goto err;
+
+ if (!X509_set_pubkey(x, pkey))
+ goto err;
+ if (clrext) {
+ while (X509_get_ext_count(x) > 0)
+ X509_delete_ext(x, 0);
+ }
+ if (conf) {
+ X509V3_CTX ctx;
+ X509_set_version(x, 2); /* version 3 certificate */
+ X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
+ X509V3_set_nconf(&ctx, conf);
+ if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
+ goto err;
+ }
+ if (!X509_sign(x, pkey, digest))
+ goto err;
+ return 1;
+ err:
+ ERR_print_errors(bio_err);
+ return 0;
+}
+
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
+{
+ int id, i, idret;
+ char *pname;
+ id = X509_PURPOSE_get_id(pt);
+ pname = X509_PURPOSE_get0_name(pt);
+ for (i = 0; i < 2; i++) {
+ idret = X509_check_purpose(cert, id, i);
+ BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
+ if (idret == 1)
+ BIO_printf(bio, "Yes\n");
+ else if (idret == 0)
+ BIO_printf(bio, "No\n");
+ else
+ BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
+ }
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/bugs/alpha.c
===================================================================
--- vendor-crypto/openssl/dist/bugs/alpha.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/bugs/alpha.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,91 +0,0 @@
-/* bugs/alpha.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* while not exactly a bug (ASN1 C leaves this undefined) it is
- * something to watch out for. This was fine on linux/NT/Solaris but not
- * Alpha */
-
-/* it is basically an example of
- * func(*(a++),*(a++))
- * which parameter is evaluated first? It is not defined in ASN1 C.
- */
-
-#include <stdio.h>
-
-#define TYPE unsigned int
-
-void func(a,b)
-TYPE *a;
-TYPE b;
- {
- printf("%ld -1 == %ld\n",a[0],b);
- }
-
-main()
- {
- TYPE data[5]={1L,2L,3L,4L,5L};
- TYPE *p;
- int i;
-
- p=data;
-
- for (i=0; i<4; i++)
- {
- func(p,*(p++));
- }
- }
Copied: vendor-crypto/openssl/0.9.8zf/bugs/alpha.c (from rev 6976, vendor-crypto/openssl/dist/bugs/alpha.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/bugs/alpha.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/bugs/alpha.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,92 @@
+/* bugs/alpha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * while not exactly a bug (ASN1 C leaves this undefined) it is something to
+ * watch out for. This was fine on linux/NT/Solaris but not Alpha
+ */
+
+/*-
+ * it is basically an example of
+ * func(*(a++),*(a++))
+ * which parameter is evaluated first? It is not defined in ASN1 C.
+ */
+
+#include <stdio.h>
+
+#define TYPE unsigned int
+
+void func(a, b)
+TYPE *a;
+TYPE b;
+{
+ printf("%ld -1 == %ld\n", a[0], b);
+}
+
+main()
+{
+ TYPE data[5] = { 1L, 2L, 3L, 4L, 5L };
+ TYPE *p;
+ int i;
+
+ p = data;
+
+ for (i = 0; i < 4; i++) {
+ func(p, *(p++));
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/bugs/dggccbug.c
===================================================================
--- vendor-crypto/openssl/dist/bugs/dggccbug.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/bugs/dggccbug.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,45 +0,0 @@
-/* NOCW */
-/* dggccbug.c */
-/* bug found by Eric Young (eay at cryptsoft.com) - May 1995 */
-
-#include <stdio.h>
-
-/* There is a bug in
- * gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14 1994)
- * as shipped with DGUX 5.4R3.10 that can be bypassed by defining
- * DG_GCC_BUG in my code.
- * The bug manifests itself by the vaule of a pointer that is
- * used only by reference, not having it's value change when it is used
- * to check for exiting the loop. Probably caused by there being 2
- * copies of the valiable, one in a register and one being an address
- * that is passed. */
-
-/* compare the out put from
- * gcc dggccbug.c; ./a.out
- * and
- * gcc -O dggccbug.c; ./a.out
- * compile with -DFIXBUG to remove the bug when optimising.
- */
-
-void inc(a)
-int *a;
- {
- (*a)++;
- }
-
-main()
- {
- int p=0;
-#ifdef FIXBUG
- int dummy;
-#endif
-
- while (p<3)
- {
- fprintf(stderr,"%08X\n",p);
- inc(&p);
-#ifdef FIXBUG
- dummy+=p;
-#endif
- }
- }
Copied: vendor-crypto/openssl/0.9.8zf/bugs/dggccbug.c (from rev 6976, vendor-crypto/openssl/dist/bugs/dggccbug.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/bugs/dggccbug.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/bugs/dggccbug.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,45 @@
+/* NOCW */
+/* dggccbug.c */
+/* bug found by Eric Young (eay at cryptsoft.com) - May 1995 */
+
+#include <stdio.h>
+
+/*
+ * There is a bug in gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14
+ * 1994) as shipped with DGUX 5.4R3.10 that can be bypassed by defining
+ * DG_GCC_BUG in my code. The bug manifests itself by the vaule of a pointer
+ * that is used only by reference, not having it's value change when it is
+ * used to check for exiting the loop. Probably caused by there being 2
+ * copies of the valiable, one in a register and one being an address that is
+ * passed.
+ */
+
+/*-
+ * compare the out put from
+ * gcc dggccbug.c; ./a.out
+ * and
+ * gcc -O dggccbug.c; ./a.out
+ * compile with -DFIXBUG to remove the bug when optimising.
+ */
+
+void inc(a)
+int *a;
+{
+ (*a)++;
+}
+
+main()
+{
+ int p = 0;
+#ifdef FIXBUG
+ int dummy;
+#endif
+
+ while (p < 3) {
+ fprintf(stderr, "%08X\n", p);
+ inc(&p);
+#ifdef FIXBUG
+ dummy += p;
+#endif
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/bugs/sgiccbug.c
===================================================================
--- vendor-crypto/openssl/dist/bugs/sgiccbug.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/bugs/sgiccbug.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,57 +0,0 @@
-/* NOCW */
-/* sgibug.c */
-/* bug found by Eric Young (eay at mincom.oz.au) May 95 */
-
-#include <stdio.h>
-
-/* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are
- * the only versions of IRIX I have access to.
- * defining FIXBUG removes the bug.
- * (bug is still present in IRIX 6.3 according to
- * Gage <agage at forgetmenot.Mines.EDU>
- */
-
-/* Compare the output from
- * cc sgiccbug.c; ./a.out
- * and
- * cc -O sgiccbug.c; ./a.out
- */
-
-static unsigned long a[4]={0x01234567,0x89ABCDEF,0xFEDCBA98,0x76543210};
-static unsigned long b[4]={0x89ABCDEF,0xFEDCBA98,0x76543210,0x01234567};
-static unsigned long c[4]={0x77777778,0x8ACF1357,0x88888888,0x7530ECA9};
-
-main()
- {
- unsigned long r[4];
- sub(r,a,b);
- fprintf(stderr,"input a= %08X %08X %08X %08X\n",a[3],a[2],a[1],a[0]);
- fprintf(stderr,"input b= %08X %08X %08X %08X\n",b[3],b[2],b[1],b[0]);
- fprintf(stderr,"output = %08X %08X %08X %08X\n",r[3],r[2],r[1],r[0]);
- fprintf(stderr,"correct= %08X %08X %08X %08X\n",c[3],c[2],c[1],c[0]);
- }
-
-int sub(r,a,b)
-unsigned long *r,*a,*b;
- {
- register unsigned long t1,t2,*ap,*bp,*rp;
- int i,carry;
-#ifdef FIXBUG
- unsigned long dummy;
-#endif
-
- ap=a;
- bp=b;
- rp=r;
- carry=0;
- for (i=0; i<4; i++)
- {
- t1= *(ap++);
- t2= *(bp++);
- t1=(t1-t2);
-#ifdef FIXBUG
- dummy=t1;
-#endif
- *(rp++)=t1&0xffffffff;
- }
- }
Copied: vendor-crypto/openssl/0.9.8zf/bugs/sgiccbug.c (from rev 6976, vendor-crypto/openssl/dist/bugs/sgiccbug.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/bugs/sgiccbug.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/bugs/sgiccbug.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,60 @@
+/* NOCW */
+/* sgibug.c */
+/* bug found by Eric Young (eay at mincom.oz.au) May 95 */
+
+#include <stdio.h>
+
+/*
+ * This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are the
+ * only versions of IRIX I have access to. defining FIXBUG removes the bug.
+ * (bug is still present in IRIX 6.3 according to Gage
+ * <agage at forgetmenot.Mines.EDU>
+ */
+
+/*-
+ * Compare the output from
+ * cc sgiccbug.c; ./a.out
+ * and
+ * cc -O sgiccbug.c; ./a.out
+ */
+
+static unsigned long a[4] =
+ { 0x01234567, 0x89ABCDEF, 0xFEDCBA98, 0x76543210 };
+static unsigned long b[4] =
+ { 0x89ABCDEF, 0xFEDCBA98, 0x76543210, 0x01234567 };
+static unsigned long c[4] =
+ { 0x77777778, 0x8ACF1357, 0x88888888, 0x7530ECA9 };
+
+main()
+{
+ unsigned long r[4];
+ sub(r, a, b);
+ fprintf(stderr, "input a= %08X %08X %08X %08X\n", a[3], a[2], a[1], a[0]);
+ fprintf(stderr, "input b= %08X %08X %08X %08X\n", b[3], b[2], b[1], b[0]);
+ fprintf(stderr, "output = %08X %08X %08X %08X\n", r[3], r[2], r[1], r[0]);
+ fprintf(stderr, "correct= %08X %08X %08X %08X\n", c[3], c[2], c[1], c[0]);
+}
+
+int sub(r, a, b)
+unsigned long *r, *a, *b;
+{
+ register unsigned long t1, t2, *ap, *bp, *rp;
+ int i, carry;
+#ifdef FIXBUG
+ unsigned long dummy;
+#endif
+
+ ap = a;
+ bp = b;
+ rp = r;
+ carry = 0;
+ for (i = 0; i < 4; i++) {
+ t1 = *(ap++);
+ t2 = *(bp++);
+ t1 = (t1 - t2);
+#ifdef FIXBUG
+ dummy = t1;
+#endif
+ *(rp++) = t1 & 0xffffffff;
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/bugs/stream.c
===================================================================
--- vendor-crypto/openssl/dist/bugs/stream.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/bugs/stream.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,131 +0,0 @@
-/* bugs/stream.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/rc4.h>
-#ifdef OPENSSL_NO_DES
-#include <des.h>
-#else
-#include <openssl/des.h>
-#endif
-
-/* show how stream ciphers are not very good. The mac has no affect
- * on RC4 while it does for cfb DES
- */
-
-main()
- {
- fprintf(stderr,"rc4\n");
- rc4();
- fprintf(stderr,"cfb des\n");
- des();
- }
-
-int des()
- {
- des_key_schedule ks;
- des_cblock iv,key;
- int num;
- static char *keystr="01234567";
- static char *in1="0123456789ABCEDFdata 12345";
- static char *in2="9876543210abcdefdata 12345";
- unsigned char out[100];
- int i;
-
- des_set_key((des_cblock *)keystr,ks);
-
- num=0;
- memset(iv,0,8);
- des_cfb64_encrypt(in1,out,26,ks,(des_cblock *)iv,&num,1);
- for (i=0; i<26; i++)
- fprintf(stderr,"%02X ",out[i]);
- fprintf(stderr,"\n");
-
- num=0;
- memset(iv,0,8);
- des_cfb64_encrypt(in2,out,26,ks,(des_cblock *)iv,&num,1);
- for (i=0; i<26; i++)
- fprintf(stderr,"%02X ",out[i]);
- fprintf(stderr,"\n");
- }
-
-int rc4()
- {
- static char *keystr="0123456789abcdef";
- RC4_KEY key;
- unsigned char in[100],out[100];
- int i;
-
- RC4_set_key(&key,16,keystr);
- in[0]='\0';
- strcpy(in,"0123456789ABCEDFdata 12345");
- RC4(key,26,in,out);
-
- for (i=0; i<26; i++)
- fprintf(stderr,"%02X ",out[i]);
- fprintf(stderr,"\n");
-
- RC4_set_key(&key,16,keystr);
- in[0]='\0';
- strcpy(in,"9876543210abcdefdata 12345");
- RC4(key,26,in,out);
-
- for (i=0; i<26; i++)
- fprintf(stderr,"%02X ",out[i]);
- fprintf(stderr,"\n");
- }
Copied: vendor-crypto/openssl/0.9.8zf/bugs/stream.c (from rev 6976, vendor-crypto/openssl/dist/bugs/stream.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/bugs/stream.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/bugs/stream.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,132 @@
+/* bugs/stream.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/rc4.h>
+#ifdef OPENSSL_NO_DES
+# include <des.h>
+#else
+# include <openssl/des.h>
+#endif
+
+/*
+ * show how stream ciphers are not very good. The mac has no affect on RC4
+ * while it does for cfb DES
+ */
+
+main()
+{
+ fprintf(stderr, "rc4\n");
+ rc4();
+ fprintf(stderr, "cfb des\n");
+ des();
+}
+
+int des()
+{
+ des_key_schedule ks;
+ des_cblock iv, key;
+ int num;
+ static char *keystr = "01234567";
+ static char *in1 = "0123456789ABCEDFdata 12345";
+ static char *in2 = "9876543210abcdefdata 12345";
+ unsigned char out[100];
+ int i;
+
+ des_set_key((des_cblock *)keystr, ks);
+
+ num = 0;
+ memset(iv, 0, 8);
+ des_cfb64_encrypt(in1, out, 26, ks, (des_cblock *)iv, &num, 1);
+ for (i = 0; i < 26; i++)
+ fprintf(stderr, "%02X ", out[i]);
+ fprintf(stderr, "\n");
+
+ num = 0;
+ memset(iv, 0, 8);
+ des_cfb64_encrypt(in2, out, 26, ks, (des_cblock *)iv, &num, 1);
+ for (i = 0; i < 26; i++)
+ fprintf(stderr, "%02X ", out[i]);
+ fprintf(stderr, "\n");
+}
+
+int rc4()
+{
+ static char *keystr = "0123456789abcdef";
+ RC4_KEY key;
+ unsigned char in[100], out[100];
+ int i;
+
+ RC4_set_key(&key, 16, keystr);
+ in[0] = '\0';
+ strcpy(in, "0123456789ABCEDFdata 12345");
+ RC4(key, 26, in, out);
+
+ for (i = 0; i < 26; i++)
+ fprintf(stderr, "%02X ", out[i]);
+ fprintf(stderr, "\n");
+
+ RC4_set_key(&key, 16, keystr);
+ in[0] = '\0';
+ strcpy(in, "9876543210abcdefdata 12345");
+ RC4(key, 26, in, out);
+
+ for (i = 0; i < 26; i++)
+ fprintf(stderr, "%02X ", out[i]);
+ fprintf(stderr, "\n");
+}
Deleted: vendor-crypto/openssl/0.9.8zf/bugs/ultrixcc.c
===================================================================
--- vendor-crypto/openssl/dist/bugs/ultrixcc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/bugs/ultrixcc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,45 +0,0 @@
-#include <stdio.h>
-
-/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
- * What happens is that the compiler, due to the (a)&7,
- * does
- * i=a&7;
- * i--;
- * i*=4;
- * Then uses i as the offset into a jump table.
- * The problem is that a value of 0 generates an offset of
- * 0xfffffffc.
- */
-
-main()
- {
- f(5);
- f(0);
- }
-
-int f(a)
-int a;
- {
- switch(a&7)
- {
- case 7:
- printf("7\n");
- case 6:
- printf("6\n");
- case 5:
- printf("5\n");
- case 4:
- printf("4\n");
- case 3:
- printf("3\n");
- case 2:
- printf("2\n");
- case 1:
- printf("1\n");
-#ifdef FIX_BUG
- case 0:
- ;
-#endif
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/bugs/ultrixcc.c (from rev 6976, vendor-crypto/openssl/dist/bugs/ultrixcc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/bugs/ultrixcc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/bugs/ultrixcc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,44 @@
+#include <stdio.h>
+
+/*-
+ * This is a cc optimiser bug for ultrix 4.3, mips CPU.
+ * What happens is that the compiler, due to the (a)&7,
+ * does
+ * i=a&7;
+ * i--;
+ * i*=4;
+ * Then uses i as the offset into a jump table.
+ * The problem is that a value of 0 generates an offset of
+ * 0xfffffffc.
+ */
+
+main()
+{
+ f(5);
+ f(0);
+}
+
+int f(a)
+int a;
+{
+ switch (a & 7) {
+ case 7:
+ printf("7\n");
+ case 6:
+ printf("6\n");
+ case 5:
+ printf("5\n");
+ case 4:
+ printf("4\n");
+ case 3:
+ printf("3\n");
+ case 2:
+ printf("2\n");
+ case 1:
+ printf("1\n");
+#ifdef FIX_BUG
+ case 0:
+ ;
+#endif
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/LPdir_nyi.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/LPdir_nyi.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/LPdir_nyi.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,42 +0,0 @@
-/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#ifndef LPDIR_H
-#include "LPdir.h"
-#endif
-
-struct LP_dir_context_st { void *dummy; };
-const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
- {
- errno = EINVAL;
- return 0;
- }
-int LP_find_file_end(LP_DIR_CTX **ctx)
- {
- errno = EINVAL;
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/LPdir_nyi.c (from rev 6976, vendor-crypto/openssl/dist/crypto/LPdir_nyi.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/LPdir_nyi.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/LPdir_nyi.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,47 @@
+/*
+ * $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $
+ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+
+struct LP_dir_context_st {
+ void *dummy;
+};
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+ errno = EINVAL;
+ return 0;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+ errno = EINVAL;
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/LPdir_unix.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/LPdir_unix.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/LPdir_unix.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,127 +0,0 @@
-/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <stddef.h>
-#include <stdlib.h>
-#include <limits.h>
-#include <string.h>
-#include <sys/types.h>
-#include <dirent.h>
-#include <errno.h>
-#ifndef LPDIR_H
-#include "LPdir.h"
-#endif
-
-/* The POSIXly macro for the maximum number of characters in a file path
- is NAME_MAX. However, some operating systems use PATH_MAX instead.
- Therefore, it seems natural to first check for PATH_MAX and use that,
- and if it doesn't exist, use NAME_MAX. */
-#if defined(PATH_MAX)
-# define LP_ENTRY_SIZE PATH_MAX
-#elif defined(NAME_MAX)
-# define LP_ENTRY_SIZE NAME_MAX
-#endif
-
-/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
- exist. It's also possible that NAME_MAX exists but is define to a
- very small value (HP-UX offers 14), so we need to check if we got a
- result, and if it meets a minimum standard, and create or change it
- if not. */
-#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
-# undef LP_ENTRY_SIZE
-# define LP_ENTRY_SIZE 255
-#endif
-
-struct LP_dir_context_st
-{
- DIR *dir;
- char entry_name[LP_ENTRY_SIZE+1];
-};
-
-const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
-{
- struct dirent *direntry = NULL;
-
- if (ctx == NULL || directory == NULL)
- {
- errno = EINVAL;
- return 0;
- }
-
- errno = 0;
- if (*ctx == NULL)
- {
- *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
- if (*ctx == NULL)
- {
- errno = ENOMEM;
- return 0;
- }
- memset(*ctx, '\0', sizeof(LP_DIR_CTX));
-
- (*ctx)->dir = opendir(directory);
- if ((*ctx)->dir == NULL)
- {
- int save_errno = errno; /* Probably not needed, but I'm paranoid */
- free(*ctx);
- *ctx = NULL;
- errno = save_errno;
- return 0;
- }
- }
-
- direntry = readdir((*ctx)->dir);
- if (direntry == NULL)
- {
- return 0;
- }
-
- strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1);
- (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
- return (*ctx)->entry_name;
-}
-
-int LP_find_file_end(LP_DIR_CTX **ctx)
-{
- if (ctx != NULL && *ctx != NULL)
- {
- int ret = closedir((*ctx)->dir);
-
- free(*ctx);
- switch (ret)
- {
- case 0:
- return 1;
- case -1:
- return 0;
- default:
- break;
- }
- }
- errno = EINVAL;
- return 0;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/LPdir_unix.c (from rev 6976, vendor-crypto/openssl/dist/crypto/LPdir_unix.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/LPdir_unix.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/LPdir_unix.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,126 @@
+/*
+ * $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp
+ * $
+ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include <errno.h>
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+
+/*
+ * The POSIXly macro for the maximum number of characters in a file path is
+ * NAME_MAX. However, some operating systems use PATH_MAX instead.
+ * Therefore, it seems natural to first check for PATH_MAX and use that, and
+ * if it doesn't exist, use NAME_MAX.
+ */
+#if defined(PATH_MAX)
+# define LP_ENTRY_SIZE PATH_MAX
+#elif defined(NAME_MAX)
+# define LP_ENTRY_SIZE NAME_MAX
+#endif
+
+/*
+ * Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
+ * exist. It's also possible that NAME_MAX exists but is define to a very
+ * small value (HP-UX offers 14), so we need to check if we got a result, and
+ * if it meets a minimum standard, and create or change it if not.
+ */
+#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
+# undef LP_ENTRY_SIZE
+# define LP_ENTRY_SIZE 255
+#endif
+
+struct LP_dir_context_st {
+ DIR *dir;
+ char entry_name[LP_ENTRY_SIZE + 1];
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+ struct dirent *direntry = NULL;
+
+ if (ctx == NULL || directory == NULL) {
+ errno = EINVAL;
+ return 0;
+ }
+
+ errno = 0;
+ if (*ctx == NULL) {
+ *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+ if (*ctx == NULL) {
+ errno = ENOMEM;
+ return 0;
+ }
+ memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+
+ (*ctx)->dir = opendir(directory);
+ if ((*ctx)->dir == NULL) {
+ int save_errno = errno; /* Probably not needed, but I'm paranoid */
+ free(*ctx);
+ *ctx = NULL;
+ errno = save_errno;
+ return 0;
+ }
+ }
+
+ direntry = readdir((*ctx)->dir);
+ if (direntry == NULL) {
+ return 0;
+ }
+
+ strncpy((*ctx)->entry_name, direntry->d_name,
+ sizeof((*ctx)->entry_name) - 1);
+ (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+ return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+ if (ctx != NULL && *ctx != NULL) {
+ int ret = closedir((*ctx)->dir);
+
+ free(*ctx);
+ switch (ret) {
+ case 0:
+ return 1;
+ case -1:
+ return 0;
+ default:
+ break;
+ }
+ }
+ errno = EINVAL;
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/LPdir_vms.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/LPdir_vms.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/LPdir_vms.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,204 +0,0 @@
-/*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <stddef.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <descrip.h>
-#include <namdef.h>
-#include <rmsdef.h>
-#include <libfildef.h>
-#include <lib$routines.h>
-#include <strdef.h>
-#include <str$routines.h>
-#include <stsdef.h>
-#ifndef LPDIR_H
-#include "LPdir.h"
-#endif
-
-/* Because some compiler options hide this macor */
-#ifndef EVMSERR
-#define EVMSERR 65535 /* error for non-translatable VMS errors */
-#endif
-
-struct LP_dir_context_st
-{
- unsigned long VMS_context;
-#ifdef NAML$C_MAXRSS
- char filespec[NAML$C_MAXRSS+1];
- char result[NAML$C_MAXRSS+1];
-#else
- char filespec[256];
- char result[256];
-#endif
- struct dsc$descriptor_d filespec_dsc;
- struct dsc$descriptor_d result_dsc;
-};
-
-const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
-{
- int status;
- char *p, *r;
- size_t l;
- unsigned long flags = 0;
-#ifdef NAML$C_MAXRSS
- flags |= LIB$M_FIL_LONG_NAMES;
-#endif
-
- if (ctx == NULL || directory == NULL)
- {
- errno = EINVAL;
- return 0;
- }
-
- errno = 0;
- if (*ctx == NULL)
- {
- size_t filespeclen = strlen(directory);
- char *filespec = NULL;
-
- if (filespeclen == 0)
- {
- errno = ENOENT;
- return 0;
- }
-
- /* MUST be a VMS directory specification! Let's estimate if it is. */
- if (directory[filespeclen-1] != ']'
- && directory[filespeclen-1] != '>'
- && directory[filespeclen-1] != ':')
- {
- errno = EINVAL;
- return 0;
- }
-
- filespeclen += 4; /* "*.*;" */
-
- if (filespeclen >
-#ifdef NAML$C_MAXRSS
- NAML$C_MAXRSS
-#else
- 255
-#endif
- )
- {
- errno = ENAMETOOLONG;
- return 0;
- }
-
- *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
- if (*ctx == NULL)
- {
- errno = ENOMEM;
- return 0;
- }
- memset(*ctx, '\0', sizeof(LP_DIR_CTX));
-
- strcpy((*ctx)->filespec,directory);
- strcat((*ctx)->filespec,"*.*;");
- (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
- (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
- (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
- (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec;
- (*ctx)->result_dsc.dsc$w_length = 0;
- (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
- (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
- (*ctx)->result_dsc.dsc$a_pointer = 0;
- }
-
- (*ctx)->result_dsc.dsc$w_length = 0;
- (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
- (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
- (*ctx)->result_dsc.dsc$a_pointer = 0;
-
- status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
- &(*ctx)->VMS_context, 0, 0, 0, &flags);
-
- if (status == RMS$_NMF)
- {
- errno = 0;
- vaxc$errno = status;
- return NULL;
- }
-
- if(!$VMS_STATUS_SUCCESS(status))
- {
- errno = EVMSERR;
- vaxc$errno = status;
- return NULL;
- }
-
- /* Quick, cheap and dirty way to discard any device and directory,
- since we only want file names */
- l = (*ctx)->result_dsc.dsc$w_length;
- p = (*ctx)->result_dsc.dsc$a_pointer;
- r = p;
- for (; *p; p++)
- {
- if (*p == '^' && p[1] != '\0') /* Take care of ODS-5 escapes */
- {
- p++;
- }
- else if (*p == ':' || *p == '>' || *p == ']')
- {
- l -= p + 1 - r;
- r = p + 1;
- }
- else if (*p == ';')
- {
- l = p - r;
- break;
- }
- }
-
- strncpy((*ctx)->result, r, l);
- (*ctx)->result[l] = '\0';
- str$free1_dx(&(*ctx)->result_dsc);
-
- return (*ctx)->result;
-}
-
-int LP_find_file_end(LP_DIR_CTX **ctx)
-{
- if (ctx != NULL && *ctx != NULL)
- {
- int status = lib$find_file_end(&(*ctx)->VMS_context);
-
- free(*ctx);
-
- if(!$VMS_STATUS_SUCCESS(status))
- {
- errno = EVMSERR;
- vaxc$errno = status;
- return 0;
- }
- return 1;
- }
- errno = EINVAL;
- return 0;
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/LPdir_vms.c (from rev 6976, vendor-crypto/openssl/dist/crypto/LPdir_vms.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/LPdir_vms.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/LPdir_vms.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,188 @@
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <descrip.h>
+#include <namdef.h>
+#include <rmsdef.h>
+#include <libfildef.h>
+#include <lib$routines.h>
+#include <strdef.h>
+#include <str$routines.h>
+#include <stsdef.h>
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+
+/* Because some compiler options hide this macor */
+#ifndef EVMSERR
+# define EVMSERR 65535 /* error for non-translatable VMS errors */
+#endif
+
+struct LP_dir_context_st {
+ unsigned long VMS_context;
+#ifdef NAML$C_MAXRSS
+ char filespec[NAML$C_MAXRSS + 1];
+ char result[NAML$C_MAXRSS + 1];
+#else
+ char filespec[256];
+ char result[256];
+#endif
+ struct dsc$descriptor_d filespec_dsc;
+ struct dsc$descriptor_d result_dsc;
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+ int status;
+ char *p, *r;
+ size_t l;
+ unsigned long flags = 0;
+#ifdef NAML$C_MAXRSS
+ flags |= LIB$M_FIL_LONG_NAMES;
+#endif
+
+ if (ctx == NULL || directory == NULL) {
+ errno = EINVAL;
+ return 0;
+ }
+
+ errno = 0;
+ if (*ctx == NULL) {
+ size_t filespeclen = strlen(directory);
+ char *filespec = NULL;
+
+ if (filespeclen == 0) {
+ errno = ENOENT;
+ return 0;
+ }
+
+ /* MUST be a VMS directory specification! Let's estimate if it is. */
+ if (directory[filespeclen - 1] != ']'
+ && directory[filespeclen - 1] != '>'
+ && directory[filespeclen - 1] != ':') {
+ errno = EINVAL;
+ return 0;
+ }
+
+ filespeclen += 4; /* "*.*;" */
+
+ if (filespeclen >
+#ifdef NAML$C_MAXRSS
+ NAML$C_MAXRSS
+#else
+ 255
+#endif
+ ) {
+ errno = ENAMETOOLONG;
+ return 0;
+ }
+
+ *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+ if (*ctx == NULL) {
+ errno = ENOMEM;
+ return 0;
+ }
+ memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+
+ strcpy((*ctx)->filespec, directory);
+ strcat((*ctx)->filespec, "*.*;");
+ (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
+ (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
+ (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec;
+ (*ctx)->result_dsc.dsc$w_length = 0;
+ (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
+ (*ctx)->result_dsc.dsc$a_pointer = 0;
+ }
+
+ (*ctx)->result_dsc.dsc$w_length = 0;
+ (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
+ (*ctx)->result_dsc.dsc$a_pointer = 0;
+
+ status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
+ &(*ctx)->VMS_context, 0, 0, 0, &flags);
+
+ if (status == RMS$_NMF) {
+ errno = 0;
+ vaxc$errno = status;
+ return NULL;
+ }
+
+ if (!$VMS_STATUS_SUCCESS(status)) {
+ errno = EVMSERR;
+ vaxc$errno = status;
+ return NULL;
+ }
+
+ /*
+ * Quick, cheap and dirty way to discard any device and directory, since
+ * we only want file names
+ */
+ l = (*ctx)->result_dsc.dsc$w_length;
+ p = (*ctx)->result_dsc.dsc$a_pointer;
+ r = p;
+ for (; *p; p++) {
+ if (*p == '^' && p[1] != '\0') { /* Take care of ODS-5 escapes */
+ p++;
+ } else if (*p == ':' || *p == '>' || *p == ']') {
+ l -= p + 1 - r;
+ r = p + 1;
+ } else if (*p == ';') {
+ l = p - r;
+ break;
+ }
+ }
+
+ strncpy((*ctx)->result, r, l);
+ (*ctx)->result[l] = '\0';
+ str$free1_dx(&(*ctx)->result_dsc);
+
+ return (*ctx)->result;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+ if (ctx != NULL && *ctx != NULL) {
+ int status = lib$find_file_end(&(*ctx)->VMS_context);
+
+ free(*ctx);
+
+ if (!$VMS_STATUS_SUCCESS(status)) {
+ errno = EVMSERR;
+ vaxc$errno = status;
+ return 0;
+ }
+ return 1;
+ }
+ errno = EINVAL;
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/LPdir_win.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,189 +0,0 @@
-/*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#include <windows.h>
-#include <tchar.h>
-#ifndef LPDIR_H
-#include "LPdir.h"
-#endif
-
-/* We're most likely overcautious here, but let's reserve for
- broken WinCE headers and explicitly opt for UNICODE call.
- Keep in mind that our WinCE builds are compiled with -DUNICODE
- [as well as -D_UNICODE]. */
-#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
-# define FindFirstFile FindFirstFileW
-#endif
-#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
-# define FindNextFile FindNextFileW
-#endif
-
-#ifndef NAME_MAX
-#define NAME_MAX 255
-#endif
-
-struct LP_dir_context_st
-{
- WIN32_FIND_DATA ctx;
- HANDLE handle;
- char entry_name[NAME_MAX+1];
-};
-
-const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
-{
- struct dirent *direntry = NULL;
-
- if (ctx == NULL || directory == NULL)
- {
- errno = EINVAL;
- return 0;
- }
-
- errno = 0;
- if (*ctx == NULL)
- {
- const char *extdir = directory;
- char *extdirbuf = NULL;
- size_t dirlen = strlen (directory);
-
- if (dirlen == 0)
- {
- errno = ENOENT;
- return 0;
- }
-
- *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
- if (*ctx == NULL)
- {
- errno = ENOMEM;
- return 0;
- }
- memset(*ctx, '\0', sizeof(LP_DIR_CTX));
-
- if (directory[dirlen-1] != '*')
- {
- extdirbuf = (char *)malloc(dirlen + 3);
- if (extdirbuf == NULL)
- {
- free(*ctx);
- *ctx = NULL;
- errno = ENOMEM;
- return 0;
- }
- if (directory[dirlen-1] != '/' && directory[dirlen-1] != '\\')
- extdir = strcat(strcpy (extdirbuf,directory),"/*");
- else
- extdir = strcat(strcpy (extdirbuf,directory),"*");
- }
-
- if (sizeof(TCHAR) != sizeof(char))
- {
- TCHAR *wdir = NULL;
- /* len_0 denotes string length *with* trailing 0 */
- size_t index = 0,len_0 = strlen(extdir) + 1;
-
- wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
- if (wdir == NULL)
- {
- if (extdirbuf != NULL)
- {
- free (extdirbuf);
- }
- free(*ctx);
- *ctx = NULL;
- errno = ENOMEM;
- return 0;
- }
-
-#ifdef LP_MULTIBYTE_AVAILABLE
- if (!MultiByteToWideChar(CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
-#endif
- for (index = 0; index < len_0; index++)
- wdir[index] = (TCHAR)extdir[index];
-
- (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
-
- free(wdir);
- }
- else
- {
- (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
- }
- if (extdirbuf != NULL)
- {
- free (extdirbuf);
- }
-
- if ((*ctx)->handle == INVALID_HANDLE_VALUE)
- {
- free(*ctx);
- *ctx = NULL;
- errno = EINVAL;
- return 0;
- }
- }
- else
- {
- if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE)
- {
- return 0;
- }
- }
- if (sizeof(TCHAR) != sizeof(char))
- {
- TCHAR *wdir = (*ctx)->ctx.cFileName;
- size_t index, len_0 = 0;
-
- while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++;
- len_0++;
-
-#ifdef LP_MULTIBYTE_AVAILABLE
- if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
- sizeof((*ctx)->entry_name), NULL, 0))
-#endif
- for (index = 0; index < len_0; index++)
- (*ctx)->entry_name[index] = (char)wdir[index];
- }
- else
- strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
- sizeof((*ctx)->entry_name)-1);
-
- (*ctx)->entry_name[sizeof((*ctx)->entry_name)-1] = '\0';
-
- return (*ctx)->entry_name;
-}
-
-int LP_find_file_end(LP_DIR_CTX **ctx)
-{
- if (ctx != NULL && *ctx != NULL)
- {
- FindClose((*ctx)->handle);
- free(*ctx);
- *ctx = NULL;
- return 1;
- }
- errno = EINVAL;
- return 0;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win.c (from rev 6976, vendor-crypto/openssl/dist/crypto/LPdir_win.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,172 @@
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <windows.h>
+#include <tchar.h>
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+
+/*
+ * We're most likely overcautious here, but let's reserve for broken WinCE
+ * headers and explicitly opt for UNICODE call. Keep in mind that our WinCE
+ * builds are compiled with -DUNICODE [as well as -D_UNICODE].
+ */
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindFirstFile FindFirstFileW
+#endif
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindNextFile FindNextFileW
+#endif
+
+#ifndef NAME_MAX
+# define NAME_MAX 255
+#endif
+
+struct LP_dir_context_st {
+ WIN32_FIND_DATA ctx;
+ HANDLE handle;
+ char entry_name[NAME_MAX + 1];
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+ struct dirent *direntry = NULL;
+
+ if (ctx == NULL || directory == NULL) {
+ errno = EINVAL;
+ return 0;
+ }
+
+ errno = 0;
+ if (*ctx == NULL) {
+ const char *extdir = directory;
+ char *extdirbuf = NULL;
+ size_t dirlen = strlen(directory);
+
+ if (dirlen == 0) {
+ errno = ENOENT;
+ return 0;
+ }
+
+ *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+ if (*ctx == NULL) {
+ errno = ENOMEM;
+ return 0;
+ }
+ memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+
+ if (directory[dirlen - 1] != '*') {
+ extdirbuf = (char *)malloc(dirlen + 3);
+ if (extdirbuf == NULL) {
+ free(*ctx);
+ *ctx = NULL;
+ errno = ENOMEM;
+ return 0;
+ }
+ if (directory[dirlen - 1] != '/' && directory[dirlen - 1] != '\\')
+ extdir = strcat(strcpy(extdirbuf, directory), "/*");
+ else
+ extdir = strcat(strcpy(extdirbuf, directory), "*");
+ }
+
+ if (sizeof(TCHAR) != sizeof(char)) {
+ TCHAR *wdir = NULL;
+ /* len_0 denotes string length *with* trailing 0 */
+ size_t index = 0, len_0 = strlen(extdir) + 1;
+
+ wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
+ if (wdir == NULL) {
+ if (extdirbuf != NULL) {
+ free(extdirbuf);
+ }
+ free(*ctx);
+ *ctx = NULL;
+ errno = ENOMEM;
+ return 0;
+ }
+#ifdef LP_MULTIBYTE_AVAILABLE
+ if (!MultiByteToWideChar
+ (CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
+#endif
+ for (index = 0; index < len_0; index++)
+ wdir[index] = (TCHAR)extdir[index];
+
+ (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
+
+ free(wdir);
+ } else {
+ (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
+ }
+ if (extdirbuf != NULL) {
+ free(extdirbuf);
+ }
+
+ if ((*ctx)->handle == INVALID_HANDLE_VALUE) {
+ free(*ctx);
+ *ctx = NULL;
+ errno = EINVAL;
+ return 0;
+ }
+ } else {
+ if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE) {
+ return 0;
+ }
+ }
+ if (sizeof(TCHAR) != sizeof(char)) {
+ TCHAR *wdir = (*ctx)->ctx.cFileName;
+ size_t index, len_0 = 0;
+
+ while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1))
+ len_0++;
+ len_0++;
+
+#ifdef LP_MULTIBYTE_AVAILABLE
+ if (!WideCharToMultiByte
+ (CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
+ sizeof((*ctx)->entry_name), NULL, 0))
+#endif
+ for (index = 0; index < len_0; index++)
+ (*ctx)->entry_name[index] = (char)wdir[index];
+ } else
+ strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
+ sizeof((*ctx)->entry_name) - 1);
+
+ (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+
+ return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+ if (ctx != NULL && *ctx != NULL) {
+ FindClose((*ctx)->handle);
+ free(*ctx);
+ *ctx = NULL;
+ return 1;
+ }
+ errno = EINVAL;
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win32.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/LPdir_win32.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win32.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,30 +0,0 @@
-/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#define LP_SYS_WIN32
-#define LP_MULTIBYTE_AVAILABLE
-#include "LPdir_win.c"
Copied: vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win32.c (from rev 6976, vendor-crypto/openssl/dist/crypto/LPdir_win32.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win32.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/LPdir_win32.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,33 @@
+/*
+ * $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
+ * $
+ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WIN32
+#define LP_MULTIBYTE_AVAILABLE
+#include "LPdir_win.c"
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/LPdir_wince.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/LPdir_wince.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/LPdir_wince.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,31 +0,0 @@
-/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#define LP_SYS_WINCE
-/* We might want to define LP_MULTIBYTE_AVAILABLE here. It's currently
- under investigation what the exact conditions would be */
-#include "LPdir_win.c"
Copied: vendor-crypto/openssl/0.9.8zf/crypto/LPdir_wince.c (from rev 6976, vendor-crypto/openssl/dist/crypto/LPdir_wince.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/LPdir_wince.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/LPdir_wince.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,36 @@
+/*
+ * $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
+ * $
+ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WINCE
+/*
+ * We might want to define LP_MULTIBYTE_AVAILABLE here. It's currently under
+ * investigation what the exact conditions would be
+ */
+#include "LPdir_win.c"
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/Makefile 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/Makefile 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,225 +0,0 @@
-#
-# OpenSSL/crypto/Makefile
-#
-
-DIR= crypto
-TOP= ..
-CC= cc
-INCLUDE= -I. -I$(TOP) -I../include
-# INCLUDES targets sudbirs!
-INCLUDES= -I.. -I../.. -I../../include
-CFLAG= -g
-MAKEDEPPROG= makedepend
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE= Makefile
-RM= rm -f
-AR= ar r
-
-RECURSIVE_MAKE= [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \
- (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
- $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \
- done;
-
-PEX_LIBS=
-EX_LIBS=
-
-CFLAGS= $(INCLUDE) $(CFLAG)
-ASFLAGS= $(INCLUDE) $(ASFLAG)
-AFLAGS=$(ASFLAGS)
-
-LIBS=
-
-GENERAL=Makefile README crypto-lib.com install.com
-TEST=constant_time_test.c
-
-LIB= $(TOP)/libcrypto.a
-SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC= cryptlib.c dyn_lck.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c o_init.c fips_err.c
-LIBOBJ= cryptlib.o dyn_lck.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_init.o fips_err.o $(CPUID_OBJ)
-
-SRC= $(LIBSRC)
-
-EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
- ossl_typ.h
-HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- @(cd ..; $(MAKE) DIRS=$(DIR) all)
-
-all: lib
-
-buildinf.h: ../Makefile
- ( echo "#ifndef MK1MF_BUILD"; \
- echo ' /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
- echo ' #define CFLAGS "$(CC) $(CFLAG)"'; \
- echo ' #define PLATFORM "$(PLATFORM)"'; \
- echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
- echo '#endif' ) >buildinf.h
-
-x86cpuid-elf.s: x86cpuid.pl perlasm/x86asm.pl
- $(PERL) x86cpuid.pl elf $(CFLAGS) $(PROCESSOR) > $@
-x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl
- $(PERL) x86cpuid.pl coff $(CFLAGS) $(PROCESSOR) > $@
-x86cpuid-out.s: x86cpuid.pl perlasm/x86asm.pl
- $(PERL) x86cpuid.pl a.out $(CFLAGS) $(PROCESSOR) > $@
-
-uplink.o: ../ms/uplink.c
- $(CC) $(CFLAGS) -c -o $@ ../ms/uplink.c
-
-uplink-cof.s: ../ms/uplink.pl
- $(PERL) ../ms/uplink.pl coff > $@
-
-x86_64cpuid.s: x86_64cpuid.pl
- $(PERL) x86_64cpuid.pl $@
-ia64cpuid.s: ia64cpuid.S
- $(CC) $(CFLAGS) -E ia64cpuid.S > $@
-
-testapps:
- [ -z "$(THIS)" ] || ( if echo ${SDIRS} | fgrep ' des '; \
- then cd des && $(MAKE) -e des; fi )
- [ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps );
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
-subdirs:
- @target=all; $(RECURSIVE_MAKE)
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
- @target=files; $(RECURSIVE_MAKE)
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
- @target=links; $(RECURSIVE_MAKE)
-
-# lib: and $(LIB): are splitted to avoid end-less loop
-lib: buildinf.h $(LIB) subdirs
- @touch lib
-$(LIB): $(LIBOBJ)
- $(ARX) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
-
-shared: buildinf.h lib subdirs
- if [ -n "$(SHARED_LIBS)" ]; then \
- (cd ..; $(MAKE) $(SHARED_LIB)); \
- fi
-
-libs:
- @target=lib; $(RECURSIVE_MAKE)
-
-install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
- @target=install; $(RECURSIVE_MAKE)
-
-lint:
- @target=lint; $(RECURSIVE_MAKE)
-
-depend:
- @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
- @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
- @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
- @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
-clean:
- rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
- @target=clean; $(RECURSIVE_MAKE)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
- @target=dclean; $(RECURSIVE_MAKE)
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
-cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-cpt_err.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-cpt_err.o: ../include/openssl/symhacks.h cpt_err.c
-cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
-cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-cryptlib.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.c
-cryptlib.o: cryptlib.h
-cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
-cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
-cversion.o: cryptlib.h cversion.c
-dyn_lck.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-dyn_lck.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-dyn_lck.o: ../include/openssl/err.h ../include/openssl/lhash.h
-dyn_lck.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dyn_lck.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-dyn_lck.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-dyn_lck.o: dyn_lck.c
-ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
-ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
-ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-ex_data.o: ex_data.c
-fips_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
-fips_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-fips_err.o: ../include/openssl/fips.h ../include/openssl/lhash.h
-fips_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-fips_err.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-fips_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips_err.c
-fips_err.o: fips_err.h
-mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
-mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-mem.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-mem.o: mem.c
-mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-mem_clr.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-mem_clr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h mem_clr.c
-mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
-mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-mem_dbg.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
-mem_dbg.o: mem_dbg.c
-o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
-o_dir.o: LPdir_unix.c o_dir.c o_dir.h
-o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
-o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-o_init.o: ../include/openssl/symhacks.h o_init.c
-o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
-o_str.o: o_str.c o_str.h
-o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
-o_time.o: o_time.h
-tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
-tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
-tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-tmdiff.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h tmdiff.c
-uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-uid.o: ../include/openssl/stack.h ../include/openssl/symhacks.h uid.c
Copied: vendor-crypto/openssl/0.9.8zf/crypto/Makefile (from rev 6969, vendor-crypto/openssl/dist/crypto/Makefile)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/Makefile (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/Makefile 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,226 @@
+#
+# OpenSSL/crypto/Makefile
+#
+
+DIR= crypto
+TOP= ..
+CC= cc
+INCLUDE= -I. -I$(TOP) -I../include
+# INCLUDES targets sudbirs!
+INCLUDES= -I.. -I../.. -I../../include
+CFLAG= -g
+MAKEDEPPROG= makedepend
+MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE= Makefile
+RM= rm -f
+AR= ar r
+
+RECURSIVE_MAKE= [ -n "$(SDIRS)" ] && for i in $(SDIRS) ; do \
+ (cd $$i && echo "making $$target in $(DIR)/$$i..." && \
+ $(MAKE) -e TOP=../.. DIR=$$i INCLUDES='${INCLUDES}' $$target ) || exit 1; \
+ done;
+
+PEX_LIBS=
+EX_LIBS=
+
+CFLAGS= $(INCLUDE) $(CFLAG)
+ASFLAGS= $(INCLUDE) $(ASFLAG)
+AFLAGS=$(ASFLAGS)
+
+LIBS=
+
+GENERAL=Makefile README crypto-lib.com install.com
+TEST=constant_time_test.c
+
+LIB= $(TOP)/libcrypto.a
+SHARED_LIB= libcrypto$(SHLIB_EXT)
+LIBSRC= cryptlib.c dyn_lck.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c o_init.c fips_err.c
+LIBOBJ= cryptlib.o dyn_lck.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o o_init.o fips_err.o $(CPUID_OBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
+ ossl_typ.h
+HEADER= cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
+ constant_time_locl.h $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ @(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all: lib
+
+buildinf.h: ../Makefile
+ ( echo "#ifndef MK1MF_BUILD"; \
+ echo ' /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
+ echo ' #define CFLAGS "$(CC) $(CFLAG)"'; \
+ echo ' #define PLATFORM "$(PLATFORM)"'; \
+ echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
+ echo '#endif' ) >buildinf.h
+
+x86cpuid-elf.s: x86cpuid.pl perlasm/x86asm.pl
+ $(PERL) x86cpuid.pl elf $(CFLAGS) $(PROCESSOR) > $@
+x86cpuid-cof.s: x86cpuid.pl perlasm/x86asm.pl
+ $(PERL) x86cpuid.pl coff $(CFLAGS) $(PROCESSOR) > $@
+x86cpuid-out.s: x86cpuid.pl perlasm/x86asm.pl
+ $(PERL) x86cpuid.pl a.out $(CFLAGS) $(PROCESSOR) > $@
+
+uplink.o: ../ms/uplink.c
+ $(CC) $(CFLAGS) -c -o $@ ../ms/uplink.c
+
+uplink-cof.s: ../ms/uplink.pl
+ $(PERL) ../ms/uplink.pl coff > $@
+
+x86_64cpuid.s: x86_64cpuid.pl
+ $(PERL) x86_64cpuid.pl $@
+ia64cpuid.s: ia64cpuid.S
+ $(CC) $(CFLAGS) -E ia64cpuid.S > $@
+
+testapps:
+ [ -z "$(THIS)" ] || ( if echo ${SDIRS} | fgrep ' des '; \
+ then cd des && $(MAKE) -e des; fi )
+ [ -z "$(THIS)" ] || ( cd pkcs7 && $(MAKE) -e testapps );
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+subdirs:
+ @target=all; $(RECURSIVE_MAKE)
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+ @target=files; $(RECURSIVE_MAKE)
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+ @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+ @target=links; $(RECURSIVE_MAKE)
+
+# lib: and $(LIB): are splitted to avoid end-less loop
+lib: buildinf.h $(LIB) subdirs
+ @touch lib
+$(LIB): $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+
+shared: buildinf.h lib subdirs
+ if [ -n "$(SHARED_LIBS)" ]; then \
+ (cd ..; $(MAKE) $(SHARED_LIB)); \
+ fi
+
+libs:
+ @target=lib; $(RECURSIVE_MAKE)
+
+install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+ @target=install; $(RECURSIVE_MAKE)
+
+lint:
+ @target=lint; $(RECURSIVE_MAKE)
+
+depend:
+ @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
+ @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+ @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
+ @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+clean:
+ rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+ @target=clean; $(RECURSIVE_MAKE)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+ @target=dclean; $(RECURSIVE_MAKE)
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+cpt_err.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cpt_err.o: ../include/openssl/symhacks.h cpt_err.c
+cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.c
+cryptlib.o: cryptlib.h
+cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
+cversion.o: cryptlib.h cversion.c
+dyn_lck.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+dyn_lck.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+dyn_lck.o: ../include/openssl/err.h ../include/openssl/lhash.h
+dyn_lck.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dyn_lck.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+dyn_lck.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+dyn_lck.o: dyn_lck.c
+ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
+ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
+ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+ex_data.o: ex_data.c
+fips_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+fips_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+fips_err.o: ../include/openssl/fips.h ../include/openssl/lhash.h
+fips_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+fips_err.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+fips_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h fips_err.c
+fips_err.o: fips_err.h
+mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+mem.o: mem.c
+mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_clr.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+mem_clr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h mem_clr.c
+mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_dbg.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+mem_dbg.o: mem_dbg.c
+o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+o_dir.o: LPdir_unix.c o_dir.c o_dir.h
+o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
+o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+o_init.o: ../include/openssl/symhacks.h o_init.c
+o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
+o_str.o: o_str.c o_str.h
+o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
+o_time.o: o_time.h
+tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
+tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+tmdiff.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h tmdiff.c
+uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+uid.o: ../include/openssl/stack.h ../include/openssl/symhacks.h uid.c
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,148 +0,0 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_AES_H
-#define HEADER_AES_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_AES
-#error AES is disabled.
-#endif
-
-#define AES_ENCRYPT 1
-#define AES_DECRYPT 0
-
-/* Because array size can't be a const in C, the following two are macros.
- Both sizes are in bytes. */
-#define AES_MAXNR 14
-#define AES_BLOCK_SIZE 16
-
-#ifdef OPENSSL_FIPS
-#define FIPS_AES_SIZE_T int
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* This should be a hidden type, but EVP requires that the size be known */
-struct aes_key_st {
-#ifdef AES_LONG
- unsigned long rd_key[4 *(AES_MAXNR + 1)];
-#else
- unsigned int rd_key[4 *(AES_MAXNR + 1)];
-#endif
- int rounds;
-};
-typedef struct aes_key_st AES_KEY;
-
-const char *AES_options(void);
-
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
- AES_KEY *key);
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
- AES_KEY *key);
-
-void AES_encrypt(const unsigned char *in, unsigned char *out,
- const AES_KEY *key);
-void AES_decrypt(const unsigned char *in, unsigned char *out,
- const AES_KEY *key);
-
-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
- const AES_KEY *key, const int enc);
-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, const int enc);
-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, int *num, const int enc);
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, int *num, const int enc);
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, int *num, const int enc);
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
- const int nbits,const AES_KEY *key,
- unsigned char *ivec,const int enc);
-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, int *num);
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char ivec[AES_BLOCK_SIZE],
- unsigned char ecount_buf[AES_BLOCK_SIZE],
- unsigned int *num);
-
-/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */
-/* NB: the IV is _two_ blocks long */
-void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, const int enc);
-/* NB: the IV is _four_ blocks long */
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- const AES_KEY *key2, const unsigned char *ivec,
- const int enc);
-
-int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
- unsigned char *out,
- const unsigned char *in, unsigned int inlen);
-int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
- unsigned char *out,
- const unsigned char *in, unsigned int inlen);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !HEADER_AES_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes.h (from rev 6976, vendor-crypto/openssl/dist/crypto/aes/aes.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/aes/aes.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,150 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_H
+# define HEADER_AES_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_AES
+# error AES is disabled.
+# endif
+
+# define AES_ENCRYPT 1
+# define AES_DECRYPT 0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+# define AES_MAXNR 14
+# define AES_BLOCK_SIZE 16
+
+# ifdef OPENSSL_FIPS
+# define FIPS_AES_SIZE_T int
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+# ifdef AES_LONG
+ unsigned long rd_key[4 * (AES_MAXNR + 1)];
+# else
+ unsigned int rd_key[4 * (AES_MAXNR + 1)];
+# endif
+ int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+const char *AES_options(void);
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key);
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key, const int enc);
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, const int enc);
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc);
+void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
+ const int nbits, const AES_KEY *key,
+ unsigned char *ivec, const int enc);
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num);
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char ivec[AES_BLOCK_SIZE],
+ unsigned char ecount_buf[AES_BLOCK_SIZE],
+ unsigned int *num);
+
+/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */
+/* NB: the IV is _two_ blocks long */
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, const int enc);
+/* NB: the IV is _four_ blocks long */
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ const AES_KEY *key2, const unsigned char *ivec,
+ const int enc);
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !HEADER_AES_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,133 +0,0 @@
-/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-#if !defined(OPENSSL_FIPS_AES_ASM)
-void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, const int enc) {
-
- unsigned long n;
- unsigned long len = length;
- unsigned char tmp[AES_BLOCK_SIZE];
- const unsigned char *iv = ivec;
-
- assert(in && out && key && ivec);
- assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
-
- if (AES_ENCRYPT == enc) {
- while (len >= AES_BLOCK_SIZE) {
- for(n=0; n < AES_BLOCK_SIZE; ++n)
- out[n] = in[n] ^ iv[n];
- AES_encrypt(out, out, key);
- iv = out;
- len -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
- if (len) {
- for(n=0; n < len; ++n)
- out[n] = in[n] ^ iv[n];
- for(n=len; n < AES_BLOCK_SIZE; ++n)
- out[n] = iv[n];
- AES_encrypt(out, out, key);
- iv = out;
- }
- memcpy(ivec,iv,AES_BLOCK_SIZE);
- } else if (in != out) {
- while (len >= AES_BLOCK_SIZE) {
- AES_decrypt(in, out, key);
- for(n=0; n < AES_BLOCK_SIZE; ++n)
- out[n] ^= iv[n];
- iv = in;
- len -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
- if (len) {
- AES_decrypt(in,tmp,key);
- for(n=0; n < len; ++n)
- out[n] = tmp[n] ^ iv[n];
- iv = in;
- }
- memcpy(ivec,iv,AES_BLOCK_SIZE);
- } else {
- while (len >= AES_BLOCK_SIZE) {
- memcpy(tmp, in, AES_BLOCK_SIZE);
- AES_decrypt(in, out, key);
- for(n=0; n < AES_BLOCK_SIZE; ++n)
- out[n] ^= ivec[n];
- memcpy(ivec, tmp, AES_BLOCK_SIZE);
- len -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
- if (len) {
- memcpy(tmp, in, AES_BLOCK_SIZE);
- AES_decrypt(tmp, out, key);
- for(n=0; n < len; ++n)
- out[n] ^= ivec[n];
- for(n=len; n < AES_BLOCK_SIZE; ++n)
- out[n] = tmp[n];
- memcpy(ivec, tmp, AES_BLOCK_SIZE);
- }
- }
-}
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cbc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/aes/aes_cbc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cbc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,134 @@
+/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+#if !defined(OPENSSL_FIPS_AES_ASM)
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, const int enc)
+{
+
+ unsigned long n;
+ unsigned long len = length;
+ unsigned char tmp[AES_BLOCK_SIZE];
+ const unsigned char *iv = ivec;
+
+ assert(in && out && key && ivec);
+ assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+
+ if (AES_ENCRYPT == enc) {
+ while (len >= AES_BLOCK_SIZE) {
+ for (n = 0; n < AES_BLOCK_SIZE; ++n)
+ out[n] = in[n] ^ iv[n];
+ AES_encrypt(out, out, key);
+ iv = out;
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ if (len) {
+ for (n = 0; n < len; ++n)
+ out[n] = in[n] ^ iv[n];
+ for (n = len; n < AES_BLOCK_SIZE; ++n)
+ out[n] = iv[n];
+ AES_encrypt(out, out, key);
+ iv = out;
+ }
+ memcpy(ivec, iv, AES_BLOCK_SIZE);
+ } else if (in != out) {
+ while (len >= AES_BLOCK_SIZE) {
+ AES_decrypt(in, out, key);
+ for (n = 0; n < AES_BLOCK_SIZE; ++n)
+ out[n] ^= iv[n];
+ iv = in;
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ if (len) {
+ AES_decrypt(in, tmp, key);
+ for (n = 0; n < len; ++n)
+ out[n] = tmp[n] ^ iv[n];
+ iv = in;
+ }
+ memcpy(ivec, iv, AES_BLOCK_SIZE);
+ } else {
+ while (len >= AES_BLOCK_SIZE) {
+ memcpy(tmp, in, AES_BLOCK_SIZE);
+ AES_decrypt(in, out, key);
+ for (n = 0; n < AES_BLOCK_SIZE; ++n)
+ out[n] ^= ivec[n];
+ memcpy(ivec, tmp, AES_BLOCK_SIZE);
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ if (len) {
+ memcpy(tmp, in, AES_BLOCK_SIZE);
+ AES_decrypt(tmp, out, key);
+ for (n = 0; n < len; ++n)
+ out[n] ^= ivec[n];
+ for (n = len; n < AES_BLOCK_SIZE; ++n)
+ out[n] = tmp[n];
+ memcpy(ivec, tmp, AES_BLOCK_SIZE);
+ }
+ }
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cfb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cfb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,224 +0,0 @@
-/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-#include "e_os.h"
-
-/* The input and output encrypted as though 128bit cfb mode is being
- * used. The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
-
-void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, int *num, const int enc) {
-
- unsigned int n;
- unsigned long l = length;
- unsigned char c;
-
- assert(in && out && key && ivec && num);
-
- n = *num;
-
- if (enc) {
- while (l--) {
- if (n == 0) {
- AES_encrypt(ivec, ivec, key);
- }
- ivec[n] = *(out++) = *(in++) ^ ivec[n];
- n = (n+1) % AES_BLOCK_SIZE;
- }
- } else {
- while (l--) {
- if (n == 0) {
- AES_encrypt(ivec, ivec, key);
- }
- c = *(in);
- *(out++) = *(in++) ^ ivec[n];
- ivec[n] = c;
- n = (n+1) % AES_BLOCK_SIZE;
- }
- }
-
- *num=n;
-}
-
-/* This expects a single block of size nbits for both in and out. Note that
- it corrupts any extra bits in the last byte of out */
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
- const int nbits,const AES_KEY *key,
- unsigned char *ivec,const int enc)
- {
- int n,rem,num;
- unsigned char ovec[AES_BLOCK_SIZE*2];
-
- if (nbits<=0 || nbits>128) return;
-
- /* fill in the first half of the new IV with the current IV */
- memcpy(ovec,ivec,AES_BLOCK_SIZE);
- /* construct the new IV */
- AES_encrypt(ivec,ivec,key);
- num = (nbits+7)/8;
- if (enc) /* encrypt the input */
- for(n=0 ; n < num ; ++n)
- out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
- else /* decrypt the input */
- for(n=0 ; n < num ; ++n)
- out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
- /* shift ovec left... */
- rem = nbits%8;
- num = nbits/8;
- if(rem==0)
- memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
- else
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
-
- /* it is not necessary to cleanse ovec, since the IV is not secret */
- }
-
-/* N.B. This expects the input to be packed, MS bit first */
-void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, int *num, const int enc)
- {
- unsigned int n;
- unsigned char c[1],d[1];
-
- assert(in && out && key && ivec && num);
- assert(*num == 0);
-
- for(n=0 ; n < length ; ++n)
- {
- c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
- AES_cfbr_encrypt_block(c,d,1,key,ivec,enc);
- out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
- }
- }
-
-void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, int *num, const int enc)
- {
- unsigned int n;
-
- assert(in && out && key && ivec && num);
- assert(*num == 0);
-
- for(n=0 ; n < length ; ++n)
- AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cfb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/aes/aes_cfb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cfb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_cfb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,228 @@
+/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+#include "e_os.h"
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc)
+{
+
+ unsigned int n;
+ unsigned long l = length;
+ unsigned char c;
+
+ assert(in && out && key && ivec && num);
+
+ n = *num;
+
+ if (enc) {
+ while (l--) {
+ if (n == 0) {
+ AES_encrypt(ivec, ivec, key);
+ }
+ ivec[n] = *(out++) = *(in++) ^ ivec[n];
+ n = (n + 1) % AES_BLOCK_SIZE;
+ }
+ } else {
+ while (l--) {
+ if (n == 0) {
+ AES_encrypt(ivec, ivec, key);
+ }
+ c = *(in);
+ *(out++) = *(in++) ^ ivec[n];
+ ivec[n] = c;
+ n = (n + 1) % AES_BLOCK_SIZE;
+ }
+ }
+
+ *num = n;
+}
+
+/*
+ * This expects a single block of size nbits for both in and out. Note that
+ * it corrupts any extra bits in the last byte of out
+ */
+void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
+ const int nbits, const AES_KEY *key,
+ unsigned char *ivec, const int enc)
+{
+ int n, rem, num;
+ unsigned char ovec[AES_BLOCK_SIZE * 2];
+
+ if (nbits <= 0 || nbits > 128)
+ return;
+
+ /* fill in the first half of the new IV with the current IV */
+ memcpy(ovec, ivec, AES_BLOCK_SIZE);
+ /* construct the new IV */
+ AES_encrypt(ivec, ivec, key);
+ num = (nbits + 7) / 8;
+ if (enc) /* encrypt the input */
+ for (n = 0; n < num; ++n)
+ out[n] = (ovec[AES_BLOCK_SIZE + n] = in[n] ^ ivec[n]);
+ else /* decrypt the input */
+ for (n = 0; n < num; ++n)
+ out[n] = (ovec[AES_BLOCK_SIZE + n] = in[n]) ^ ivec[n];
+ /* shift ovec left... */
+ rem = nbits % 8;
+ num = nbits / 8;
+ if (rem == 0)
+ memcpy(ivec, ovec + num, AES_BLOCK_SIZE);
+ else
+ for (n = 0; n < AES_BLOCK_SIZE; ++n)
+ ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem);
+
+ /* it is not necessary to cleanse ovec, since the IV is not secret */
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc)
+{
+ unsigned int n;
+ unsigned char c[1], d[1];
+
+ assert(in && out && key && ivec && num);
+ assert(*num == 0);
+
+ for (n = 0; n < length; ++n) {
+ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+ AES_cfbr_encrypt_block(c, d, 1, key, ivec, enc);
+ out[n / 8] =
+ (out[n / 8] & ~(1 << (7 - n % 8))) | ((d[0] & 0x80) >> (n % 8));
+ }
+}
+
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num, const int enc)
+{
+ unsigned int n;
+
+ assert(in && out && key && ivec && num);
+ assert(*num == 0);
+
+ for (n = 0; n < length; ++n)
+ AES_cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_core.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_core.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_core.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1167 +0,0 @@
-/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
-/**
- * rijndael-alg-fst.c
- *
- * @version 3.0 (December 2000)
- *
- * Optimised ANSI C code for the Rijndael cipher (now AES)
- *
- * @author Vincent Rijmen <vincent.rijmen at esat.kuleuven.ac.be>
- * @author Antoon Bosselaers <antoon.bosselaers at esat.kuleuven.ac.be>
- * @author Paulo Barreto <paulo.barreto at terra.com.br>
- *
- * This code is hereby placed in the public domain.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
- * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
- * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
- * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
- * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/* Note: rewritten a little bit to provide error control and an OpenSSL-
- compatible API */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <stdlib.h>
-#include <openssl/aes.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include "aes_locl.h"
-
-/*
-Te0[x] = S [x].[02, 01, 01, 03];
-Te1[x] = S [x].[03, 02, 01, 01];
-Te2[x] = S [x].[01, 03, 02, 01];
-Te3[x] = S [x].[01, 01, 03, 02];
-
-Td0[x] = Si[x].[0e, 09, 0d, 0b];
-Td1[x] = Si[x].[0b, 0e, 09, 0d];
-Td2[x] = Si[x].[0d, 0b, 0e, 09];
-Td3[x] = Si[x].[09, 0d, 0b, 0e];
-Td4[x] = Si[x].[01];
-*/
-
-static const u32 Te0[256] = {
- 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
- 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
- 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
- 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
- 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
- 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
- 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
- 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
- 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
- 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
- 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
- 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
- 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
- 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
- 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
- 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
- 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
- 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
- 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
- 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
- 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
- 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
- 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
- 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
- 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
- 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
- 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
- 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
- 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
- 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
- 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
- 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
- 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
- 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
- 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
- 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
- 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
- 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
- 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
- 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
- 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
- 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
- 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
- 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
- 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
- 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
- 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
- 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
- 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
- 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
- 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
- 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
- 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
- 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
- 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
- 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
- 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
- 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
- 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
- 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
- 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
- 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
- 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
- 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
-};
-static const u32 Te1[256] = {
- 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
- 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
- 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
- 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
- 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
- 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
- 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
- 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
- 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
- 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
- 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
- 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
- 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
- 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
- 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
- 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
- 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
- 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
- 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
- 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
- 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
- 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
- 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
- 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
- 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
- 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
- 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
- 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
- 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
- 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
- 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
- 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
- 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
- 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
- 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
- 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
- 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
- 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
- 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
- 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
- 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
- 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
- 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
- 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
- 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
- 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
- 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
- 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
- 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
- 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
- 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
- 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
- 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
- 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
- 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
- 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
- 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
- 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
- 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
- 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
- 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
- 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
- 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
- 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
-};
-static const u32 Te2[256] = {
- 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
- 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
- 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
- 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
- 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
- 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
- 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
- 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
- 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
- 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
- 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
- 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
- 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
- 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
- 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
- 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
- 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
- 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
- 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
- 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
- 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
- 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
- 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
- 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
- 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
- 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
- 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
- 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
- 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
- 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
- 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
- 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
- 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
- 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
- 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
- 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
- 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
- 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
- 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
- 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
- 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
- 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
- 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
- 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
- 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
- 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
- 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
- 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
- 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
- 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
- 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
- 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
- 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
- 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
- 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
- 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
- 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
- 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
- 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
- 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
- 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
- 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
- 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
- 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
-};
-static const u32 Te3[256] = {
- 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
- 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
- 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
- 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
- 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
- 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
- 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
- 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
- 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
- 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
- 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
- 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
- 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
- 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
- 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
- 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
- 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
- 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
- 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
- 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
- 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
- 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
- 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
- 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
- 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
- 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
- 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
- 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
- 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
- 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
- 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
- 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
- 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
- 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
- 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
- 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
- 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
- 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
- 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
- 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
- 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
- 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
- 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
- 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
- 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
- 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
- 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
- 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
- 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
- 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
- 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
- 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
- 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
- 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
- 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
- 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
- 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
- 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
- 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
- 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
- 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
- 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
- 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
- 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
-};
-
-static const u32 Td0[256] = {
- 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
- 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
- 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
- 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
- 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
- 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
- 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
- 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
- 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
- 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
- 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
- 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
- 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
- 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
- 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
- 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
- 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
- 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
- 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
- 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
- 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
- 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
- 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
- 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
- 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
- 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
- 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
- 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
- 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
- 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
- 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
- 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
- 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
- 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
- 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
- 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
- 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
- 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
- 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
- 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
- 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
- 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
- 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
- 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
- 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
- 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
- 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
- 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
- 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
- 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
- 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
- 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
- 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
- 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
- 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
- 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
- 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
- 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
- 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
- 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
- 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
- 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
- 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
- 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
-};
-static const u32 Td1[256] = {
- 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
- 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
- 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
- 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
- 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
- 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
- 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
- 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
- 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
- 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
- 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
- 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
- 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
- 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
- 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
- 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
- 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
- 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
- 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
- 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
- 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
- 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
- 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
- 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
- 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
- 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
- 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
- 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
- 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
- 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
- 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
- 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
- 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
- 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
- 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
- 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
- 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
- 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
- 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
- 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
- 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
- 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
- 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
- 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
- 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
- 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
- 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
- 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
- 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
- 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
- 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
- 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
- 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
- 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
- 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
- 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
- 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
- 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
- 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
- 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
- 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
- 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
- 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
- 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
-};
-static const u32 Td2[256] = {
- 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
- 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
- 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
- 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
- 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
- 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
- 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
- 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
- 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
- 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
- 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
- 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
- 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
- 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
- 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
- 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
- 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
- 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
- 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
- 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
- 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
- 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
- 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
- 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
- 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
- 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
- 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
- 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
- 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
- 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
- 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
- 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
- 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
- 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
- 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
- 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
- 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
- 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
- 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
- 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
- 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
- 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
- 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
- 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
- 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
- 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
- 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
- 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
- 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
- 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
- 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
- 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
- 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
- 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
- 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
- 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
- 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
- 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
- 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
- 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
- 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
- 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
- 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
- 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
-};
-static const u32 Td3[256] = {
- 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
- 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
- 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
- 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
- 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
- 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
- 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
- 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
- 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
- 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
- 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
- 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
- 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
- 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
- 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
- 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
- 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
- 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
- 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
- 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
- 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
- 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
- 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
- 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
- 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
- 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
- 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
- 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
- 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
- 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
- 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
- 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
- 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
- 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
- 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
- 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
- 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
- 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
- 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
- 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
- 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
- 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
- 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
- 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
- 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
- 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
- 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
- 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
- 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
- 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
- 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
- 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
- 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
- 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
- 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
- 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
- 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
- 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
- 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
- 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
- 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
- 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
- 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
- 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
-};
-static const u8 Td4[256] = {
- 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
- 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
- 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
- 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
- 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
- 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
- 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
- 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
- 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
- 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
- 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
- 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
- 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
- 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
- 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
- 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
- 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
- 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
- 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
- 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
- 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
- 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
- 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
- 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
- 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
- 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
- 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
- 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
- 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
- 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
- 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
- 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
-};
-static const u32 rcon[] = {
- 0x01000000, 0x02000000, 0x04000000, 0x08000000,
- 0x10000000, 0x20000000, 0x40000000, 0x80000000,
- 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
-};
-
-/**
- * Expand the cipher key into the encryption key schedule.
- */
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
- AES_KEY *key) {
-
- u32 *rk;
- int i = 0;
- u32 temp;
-
-#ifdef OPENSSL_FIPS
- FIPS_selftest_check();
-#endif
-
- if (!userKey || !key)
- return -1;
- if (bits != 128 && bits != 192 && bits != 256)
- return -2;
-
- rk = key->rd_key;
-
- if (bits==128)
- key->rounds = 10;
- else if (bits==192)
- key->rounds = 12;
- else
- key->rounds = 14;
-
- rk[0] = GETU32(userKey );
- rk[1] = GETU32(userKey + 4);
- rk[2] = GETU32(userKey + 8);
- rk[3] = GETU32(userKey + 12);
- if (bits == 128) {
- while (1) {
- temp = rk[3];
- rk[4] = rk[0] ^
- (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
- (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
- (Te0[(temp ) & 0xff] & 0x0000ff00) ^
- (Te1[(temp >> 24) ] & 0x000000ff) ^
- rcon[i];
- rk[5] = rk[1] ^ rk[4];
- rk[6] = rk[2] ^ rk[5];
- rk[7] = rk[3] ^ rk[6];
- if (++i == 10) {
- return 0;
- }
- rk += 4;
- }
- }
- rk[4] = GETU32(userKey + 16);
- rk[5] = GETU32(userKey + 20);
- if (bits == 192) {
- while (1) {
- temp = rk[ 5];
- rk[ 6] = rk[ 0] ^
- (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
- (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
- (Te0[(temp ) & 0xff] & 0x0000ff00) ^
- (Te1[(temp >> 24) ] & 0x000000ff) ^
- rcon[i];
- rk[ 7] = rk[ 1] ^ rk[ 6];
- rk[ 8] = rk[ 2] ^ rk[ 7];
- rk[ 9] = rk[ 3] ^ rk[ 8];
- if (++i == 8) {
- return 0;
- }
- rk[10] = rk[ 4] ^ rk[ 9];
- rk[11] = rk[ 5] ^ rk[10];
- rk += 6;
- }
- }
- rk[6] = GETU32(userKey + 24);
- rk[7] = GETU32(userKey + 28);
- if (bits == 256) {
- while (1) {
- temp = rk[ 7];
- rk[ 8] = rk[ 0] ^
- (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
- (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
- (Te0[(temp ) & 0xff] & 0x0000ff00) ^
- (Te1[(temp >> 24) ] & 0x000000ff) ^
- rcon[i];
- rk[ 9] = rk[ 1] ^ rk[ 8];
- rk[10] = rk[ 2] ^ rk[ 9];
- rk[11] = rk[ 3] ^ rk[10];
- if (++i == 7) {
- return 0;
- }
- temp = rk[11];
- rk[12] = rk[ 4] ^
- (Te2[(temp >> 24) ] & 0xff000000) ^
- (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
- (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^
- (Te1[(temp ) & 0xff] & 0x000000ff);
- rk[13] = rk[ 5] ^ rk[12];
- rk[14] = rk[ 6] ^ rk[13];
- rk[15] = rk[ 7] ^ rk[14];
-
- rk += 8;
- }
- }
- return 0;
-}
-
-/**
- * Expand the cipher key into the decryption key schedule.
- */
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
- AES_KEY *key) {
-
- u32 *rk;
- int i, j, status;
- u32 temp;
-
- /* first, start with an encryption schedule */
- status = AES_set_encrypt_key(userKey, bits, key);
- if (status < 0)
- return status;
-
- rk = key->rd_key;
-
- /* invert the order of the round keys: */
- for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
- temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
- temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
- temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
- temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
- }
- /* apply the inverse MixColumn transform to all round keys but the first and the last: */
- for (i = 1; i < (key->rounds); i++) {
- rk += 4;
- rk[0] =
- Td0[Te1[(rk[0] >> 24) ] & 0xff] ^
- Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
- Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^
- Td3[Te1[(rk[0] ) & 0xff] & 0xff];
- rk[1] =
- Td0[Te1[(rk[1] >> 24) ] & 0xff] ^
- Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
- Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^
- Td3[Te1[(rk[1] ) & 0xff] & 0xff];
- rk[2] =
- Td0[Te1[(rk[2] >> 24) ] & 0xff] ^
- Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
- Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^
- Td3[Te1[(rk[2] ) & 0xff] & 0xff];
- rk[3] =
- Td0[Te1[(rk[3] >> 24) ] & 0xff] ^
- Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
- Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^
- Td3[Te1[(rk[3] ) & 0xff] & 0xff];
- }
- return 0;
-}
-
-#ifndef AES_ASM
-/*
- * Encrypt a single block
- * in and out can overlap
- */
-void AES_encrypt(const unsigned char *in, unsigned char *out,
- const AES_KEY *key) {
-
- const u32 *rk;
- u32 s0, s1, s2, s3, t0, t1, t2, t3;
-#ifndef FULL_UNROLL
- int r;
-#endif /* ?FULL_UNROLL */
-
- assert(in && out && key);
- rk = key->rd_key;
-
- /*
- * map byte array block to cipher state
- * and add initial round key:
- */
- s0 = GETU32(in ) ^ rk[0];
- s1 = GETU32(in + 4) ^ rk[1];
- s2 = GETU32(in + 8) ^ rk[2];
- s3 = GETU32(in + 12) ^ rk[3];
-#ifdef FULL_UNROLL
- /* round 1: */
- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
- /* round 2: */
- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
- /* round 3: */
- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
- /* round 4: */
- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
- /* round 5: */
- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
- /* round 6: */
- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
- /* round 7: */
- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
- /* round 8: */
- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
- /* round 9: */
- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
- if (key->rounds > 10) {
- /* round 10: */
- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
- /* round 11: */
- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
- if (key->rounds > 12) {
- /* round 12: */
- s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
- s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
- s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
- s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
- /* round 13: */
- t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
- t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
- t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
- t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
- }
- }
- rk += key->rounds << 2;
-#else /* !FULL_UNROLL */
- /*
- * Nr - 1 full rounds:
- */
- r = key->rounds >> 1;
- for (;;) {
- t0 =
- Te0[(s0 >> 24) ] ^
- Te1[(s1 >> 16) & 0xff] ^
- Te2[(s2 >> 8) & 0xff] ^
- Te3[(s3 ) & 0xff] ^
- rk[4];
- t1 =
- Te0[(s1 >> 24) ] ^
- Te1[(s2 >> 16) & 0xff] ^
- Te2[(s3 >> 8) & 0xff] ^
- Te3[(s0 ) & 0xff] ^
- rk[5];
- t2 =
- Te0[(s2 >> 24) ] ^
- Te1[(s3 >> 16) & 0xff] ^
- Te2[(s0 >> 8) & 0xff] ^
- Te3[(s1 ) & 0xff] ^
- rk[6];
- t3 =
- Te0[(s3 >> 24) ] ^
- Te1[(s0 >> 16) & 0xff] ^
- Te2[(s1 >> 8) & 0xff] ^
- Te3[(s2 ) & 0xff] ^
- rk[7];
-
- rk += 8;
- if (--r == 0) {
- break;
- }
-
- s0 =
- Te0[(t0 >> 24) ] ^
- Te1[(t1 >> 16) & 0xff] ^
- Te2[(t2 >> 8) & 0xff] ^
- Te3[(t3 ) & 0xff] ^
- rk[0];
- s1 =
- Te0[(t1 >> 24) ] ^
- Te1[(t2 >> 16) & 0xff] ^
- Te2[(t3 >> 8) & 0xff] ^
- Te3[(t0 ) & 0xff] ^
- rk[1];
- s2 =
- Te0[(t2 >> 24) ] ^
- Te1[(t3 >> 16) & 0xff] ^
- Te2[(t0 >> 8) & 0xff] ^
- Te3[(t1 ) & 0xff] ^
- rk[2];
- s3 =
- Te0[(t3 >> 24) ] ^
- Te1[(t0 >> 16) & 0xff] ^
- Te2[(t1 >> 8) & 0xff] ^
- Te3[(t2 ) & 0xff] ^
- rk[3];
- }
-#endif /* ?FULL_UNROLL */
- /*
- * apply last round and
- * map cipher state to byte array block:
- */
- s0 =
- (Te2[(t0 >> 24) ] & 0xff000000) ^
- (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
- (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^
- (Te1[(t3 ) & 0xff] & 0x000000ff) ^
- rk[0];
- PUTU32(out , s0);
- s1 =
- (Te2[(t1 >> 24) ] & 0xff000000) ^
- (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
- (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^
- (Te1[(t0 ) & 0xff] & 0x000000ff) ^
- rk[1];
- PUTU32(out + 4, s1);
- s2 =
- (Te2[(t2 >> 24) ] & 0xff000000) ^
- (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
- (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^
- (Te1[(t1 ) & 0xff] & 0x000000ff) ^
- rk[2];
- PUTU32(out + 8, s2);
- s3 =
- (Te2[(t3 >> 24) ] & 0xff000000) ^
- (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
- (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^
- (Te1[(t2 ) & 0xff] & 0x000000ff) ^
- rk[3];
- PUTU32(out + 12, s3);
-}
-
-/*
- * Decrypt a single block
- * in and out can overlap
- */
-void AES_decrypt(const unsigned char *in, unsigned char *out,
- const AES_KEY *key) {
-
- const u32 *rk;
- u32 s0, s1, s2, s3, t0, t1, t2, t3;
-#ifndef FULL_UNROLL
- int r;
-#endif /* ?FULL_UNROLL */
-
- assert(in && out && key);
- rk = key->rd_key;
-
- /*
- * map byte array block to cipher state
- * and add initial round key:
- */
- s0 = GETU32(in ) ^ rk[0];
- s1 = GETU32(in + 4) ^ rk[1];
- s2 = GETU32(in + 8) ^ rk[2];
- s3 = GETU32(in + 12) ^ rk[3];
-#ifdef FULL_UNROLL
- /* round 1: */
- t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
- t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
- t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
- t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
- /* round 2: */
- s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
- s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
- s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
- s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
- /* round 3: */
- t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
- t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
- t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
- t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
- /* round 4: */
- s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
- s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
- s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
- s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
- /* round 5: */
- t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
- t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
- t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
- t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
- /* round 6: */
- s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
- s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
- s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
- s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
- /* round 7: */
- t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
- t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
- t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
- t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
- /* round 8: */
- s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
- s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
- s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
- s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
- /* round 9: */
- t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
- t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
- t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
- t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
- if (key->rounds > 10) {
- /* round 10: */
- s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
- s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
- s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
- s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
- /* round 11: */
- t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
- t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
- t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
- t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
- if (key->rounds > 12) {
- /* round 12: */
- s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
- s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
- s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
- s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
- /* round 13: */
- t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
- t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
- t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
- t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
- }
- }
- rk += key->rounds << 2;
-#else /* !FULL_UNROLL */
- /*
- * Nr - 1 full rounds:
- */
- r = key->rounds >> 1;
- for (;;) {
- t0 =
- Td0[(s0 >> 24) ] ^
- Td1[(s3 >> 16) & 0xff] ^
- Td2[(s2 >> 8) & 0xff] ^
- Td3[(s1 ) & 0xff] ^
- rk[4];
- t1 =
- Td0[(s1 >> 24) ] ^
- Td1[(s0 >> 16) & 0xff] ^
- Td2[(s3 >> 8) & 0xff] ^
- Td3[(s2 ) & 0xff] ^
- rk[5];
- t2 =
- Td0[(s2 >> 24) ] ^
- Td1[(s1 >> 16) & 0xff] ^
- Td2[(s0 >> 8) & 0xff] ^
- Td3[(s3 ) & 0xff] ^
- rk[6];
- t3 =
- Td0[(s3 >> 24) ] ^
- Td1[(s2 >> 16) & 0xff] ^
- Td2[(s1 >> 8) & 0xff] ^
- Td3[(s0 ) & 0xff] ^
- rk[7];
-
- rk += 8;
- if (--r == 0) {
- break;
- }
-
- s0 =
- Td0[(t0 >> 24) ] ^
- Td1[(t3 >> 16) & 0xff] ^
- Td2[(t2 >> 8) & 0xff] ^
- Td3[(t1 ) & 0xff] ^
- rk[0];
- s1 =
- Td0[(t1 >> 24) ] ^
- Td1[(t0 >> 16) & 0xff] ^
- Td2[(t3 >> 8) & 0xff] ^
- Td3[(t2 ) & 0xff] ^
- rk[1];
- s2 =
- Td0[(t2 >> 24) ] ^
- Td1[(t1 >> 16) & 0xff] ^
- Td2[(t0 >> 8) & 0xff] ^
- Td3[(t3 ) & 0xff] ^
- rk[2];
- s3 =
- Td0[(t3 >> 24) ] ^
- Td1[(t2 >> 16) & 0xff] ^
- Td2[(t1 >> 8) & 0xff] ^
- Td3[(t0 ) & 0xff] ^
- rk[3];
- }
-#endif /* ?FULL_UNROLL */
- /*
- * apply last round and
- * map cipher state to byte array block:
- */
- s0 =
- (Td4[(t0 >> 24) ] << 24) ^
- (Td4[(t3 >> 16) & 0xff] << 16) ^
- (Td4[(t2 >> 8) & 0xff] << 8) ^
- (Td4[(t1 ) & 0xff]) ^
- rk[0];
- PUTU32(out , s0);
- s1 =
- (Td4[(t1 >> 24) ] << 24) ^
- (Td4[(t0 >> 16) & 0xff] << 16) ^
- (Td4[(t3 >> 8) & 0xff] << 8) ^
- (Td4[(t2 ) & 0xff]) ^
- rk[1];
- PUTU32(out + 4, s1);
- s2 =
- (Td4[(t2 >> 24) ] << 24) ^
- (Td4[(t1 >> 16) & 0xff] << 16) ^
- (Td4[(t0 >> 8) & 0xff] << 8) ^
- (Td4[(t3 ) & 0xff]) ^
- rk[2];
- PUTU32(out + 8, s2);
- s3 =
- (Td4[(t3 >> 24) ] << 24) ^
- (Td4[(t2 >> 16) & 0xff] << 16) ^
- (Td4[(t1 >> 8) & 0xff] << 8) ^
- (Td4[(t0 ) & 0xff]) ^
- rk[3];
- PUTU32(out + 12, s3);
-}
-
-#endif /* AES_ASM */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_core.c (from rev 6976, vendor-crypto/openssl/dist/crypto/aes/aes_core.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_core.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_core.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1169 @@
+/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen at esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers at esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto at terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Note: rewritten a little bit to provide error control and an OpenSSL-
+ compatible API */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/aes.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
+#include "aes_locl.h"
+
+/*-
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01];
+*/
+
+static const u32 Te0[256] = {
+ 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+ 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+ 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+ 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+ 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+ 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+ 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+ 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+ 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+ 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+ 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+ 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+ 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+ 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+ 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+ 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+ 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+ 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+ 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+ 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+ 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+ 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+ 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+ 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+ 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+ 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+ 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+ 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+ 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+ 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+ 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+ 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+ 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+ 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+ 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+ 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+ 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+ 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+ 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+ 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+ 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+ 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+ 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+ 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+ 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+ 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+ 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+ 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+ 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+ 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+ 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+ 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+ 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+ 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+ 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+ 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+ 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+ 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+ 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+ 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+ 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+ 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+ 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+ 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+ 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+ 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+ 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+ 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+ 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+ 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+ 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+ 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+ 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+ 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+ 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+ 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+ 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+ 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+ 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+ 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+ 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+ 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+ 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+ 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+ 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+ 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+ 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+ 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+ 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+ 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+ 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+ 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+ 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+ 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+ 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+ 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+ 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+ 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+ 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+ 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+ 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+ 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+ 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+ 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+ 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+ 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+ 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+ 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+ 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+ 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+ 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+ 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+ 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+ 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+ 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+ 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+ 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+ 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+ 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+ 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+ 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+ 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+ 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+ 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+ 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+ 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+ 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+ 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+ 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+ 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+ 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+ 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+ 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+ 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+ 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+ 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+ 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+ 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+ 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+ 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+ 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+ 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+ 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+ 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+ 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+ 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+ 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+ 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+ 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+ 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+ 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+ 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+ 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+ 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+ 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+ 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+ 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+ 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+ 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+ 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+ 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+ 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+ 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+ 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+ 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+ 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+ 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+ 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+ 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+ 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+ 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+ 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+ 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+ 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+ 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+ 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+ 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+ 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+ 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+ 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+ 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+ 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+ 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+ 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+ 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+ 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+ 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+ 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+ 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+ 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+ 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+ 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+ 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+ 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+ 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+ 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+ 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+ 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+ 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+ 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+ 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+ 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+ 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+ 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+ 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+ 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+ 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+ 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+ 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+ 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+ 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+ 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+ 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+ 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+ 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+ 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+ 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+ 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+ 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+ 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+ 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+ 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+ 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+ 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+ 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+ 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+ 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+ 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+ 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+ 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+ 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+ 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+ 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+ 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+ 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+ 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+ 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+ 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+ 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+ 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+ 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+ 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+ 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+ 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+ 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+ 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+ 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+ 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+ 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+ 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+ 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+ 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+ 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+ 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+ 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+ 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+
+static const u32 Td0[256] = {
+ 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+ 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+ 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+ 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+ 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+ 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+ 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+ 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+ 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+ 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+ 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+ 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+ 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+ 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+ 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+ 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+ 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+ 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+ 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+ 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+ 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+ 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+ 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+ 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+ 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+ 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+ 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+ 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+ 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+ 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+ 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+ 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+ 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+ 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+ 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+ 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+ 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+ 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+ 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+ 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+ 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+ 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+ 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+ 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+ 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+ 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+ 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+ 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+ 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+ 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+ 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+ 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+ 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+ 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+ 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+ 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+ 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+ 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+ 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+ 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+ 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+ 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+ 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+ 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+ 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+ 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+ 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+ 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+ 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+ 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+ 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+ 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+ 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+ 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+ 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+ 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+ 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+ 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+ 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+ 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+ 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+ 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+ 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+ 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+ 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+ 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+ 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+ 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+ 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+ 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+ 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+ 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+ 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+ 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+ 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+ 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+ 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+ 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+ 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+ 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+ 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+ 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+ 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+ 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+ 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+ 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+ 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+ 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+ 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+ 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+ 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+ 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+ 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+ 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+ 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+ 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+ 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+ 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+ 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+ 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+ 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+ 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+ 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+ 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+ 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+ 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+ 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+ 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+ 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+ 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+ 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+ 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+ 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+ 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+ 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+ 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+ 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+ 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+ 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+ 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+ 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+ 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+ 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+ 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+ 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+ 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+ 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+ 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+ 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+ 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+ 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+ 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+ 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+ 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+ 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+ 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+ 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+ 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+ 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+ 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+ 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+ 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+ 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+ 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+ 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+ 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+ 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+ 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+ 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+ 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+ 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+ 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+ 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+ 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+ 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+ 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+ 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+ 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+ 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+ 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+ 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+ 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+ 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+ 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+ 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+ 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+ 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+ 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+ 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+ 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+ 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+ 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+ 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+ 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+ 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+ 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+ 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+ 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+ 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+ 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+ 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+ 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+ 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+ 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+ 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+ 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+ 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+ 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+ 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+ 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+ 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+ 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+ 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+ 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+ 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+ 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+ 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+ 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+ 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+ 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+ 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+ 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+ 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+ 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+ 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+ 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+ 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+ 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+ 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+ 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+ 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+ 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+ 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+ 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+ 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+ 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+ 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+ 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+ 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+ 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+ 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+ 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+ 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+ 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+ 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+ 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+ 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+ 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+ 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+ 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+ 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+ 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+ 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+ 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+ 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+ 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u8 Td4[256] = {
+ 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+ 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+ 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+ 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+ 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+ 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+ 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+ 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+ 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+ 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+ 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+ 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+ 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+ 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+ 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+ 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+ 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+ 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+ 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+ 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+ 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+ 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+ 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+ 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+ 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+ 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+ 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+ 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+ 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+ 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+ 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+ 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+};
+static const u32 rcon[] = {
+ 0x01000000, 0x02000000, 0x04000000, 0x08000000,
+ 0x10000000, 0x20000000, 0x40000000, 0x80000000,
+ 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY *key)
+{
+ u32 *rk;
+ int i = 0;
+ u32 temp;
+
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
+
+ if (!userKey || !key)
+ return -1;
+ if (bits != 128 && bits != 192 && bits != 256)
+ return -2;
+
+ rk = key->rd_key;
+
+ if (bits==128)
+ key->rounds = 10;
+ else if (bits==192)
+ key->rounds = 12;
+ else
+ key->rounds = 14;
+
+ rk[0] = GETU32(userKey );
+ rk[1] = GETU32(userKey + 4);
+ rk[2] = GETU32(userKey + 8);
+ rk[3] = GETU32(userKey + 12);
+ if (bits == 128) {
+ while (1) {
+ temp = rk[3];
+ rk[4] = rk[0] ^
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
+ rcon[i];
+ rk[5] = rk[1] ^ rk[4];
+ rk[6] = rk[2] ^ rk[5];
+ rk[7] = rk[3] ^ rk[6];
+ if (++i == 10) {
+ return 0;
+ }
+ rk += 4;
+ }
+ }
+ rk[4] = GETU32(userKey + 16);
+ rk[5] = GETU32(userKey + 20);
+ if (bits == 192) {
+ while (1) {
+ temp = rk[ 5];
+ rk[ 6] = rk[ 0] ^
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
+ rcon[i];
+ rk[ 7] = rk[ 1] ^ rk[ 6];
+ rk[ 8] = rk[ 2] ^ rk[ 7];
+ rk[ 9] = rk[ 3] ^ rk[ 8];
+ if (++i == 8) {
+ return 0;
+ }
+ rk[10] = rk[ 4] ^ rk[ 9];
+ rk[11] = rk[ 5] ^ rk[10];
+ rk += 6;
+ }
+ }
+ rk[6] = GETU32(userKey + 24);
+ rk[7] = GETU32(userKey + 28);
+ if (bits == 256) {
+ while (1) {
+ temp = rk[ 7];
+ rk[ 8] = rk[ 0] ^
+ (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+ (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^
+ (Te0[(temp ) & 0xff] & 0x0000ff00) ^
+ (Te1[(temp >> 24) ] & 0x000000ff) ^
+ rcon[i];
+ rk[ 9] = rk[ 1] ^ rk[ 8];
+ rk[10] = rk[ 2] ^ rk[ 9];
+ rk[11] = rk[ 3] ^ rk[10];
+ if (++i == 7) {
+ return 0;
+ }
+ temp = rk[11];
+ rk[12] = rk[ 4] ^
+ (Te2[(temp >> 24) ] & 0xff000000) ^
+ (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(temp ) & 0xff] & 0x000000ff);
+ rk[13] = rk[ 5] ^ rk[12];
+ rk[14] = rk[ 6] ^ rk[13];
+ rk[15] = rk[ 7] ^ rk[14];
+
+ rk += 8;
+ }
+ }
+ return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+ AES_KEY *key)
+{
+
+ u32 *rk;
+ int i, j, status;
+ u32 temp;
+
+ /* first, start with an encryption schedule */
+ status = AES_set_encrypt_key(userKey, bits, key);
+ if (status < 0)
+ return status;
+
+ rk = key->rd_key;
+
+ /* invert the order of the round keys: */
+ for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+ temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp;
+ temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+ temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+ temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+ }
+ /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+ for (i = 1; i < (key->rounds); i++) {
+ rk += 4;
+ rk[0] =
+ Td0[Te1[(rk[0] >> 24) ] & 0xff] ^
+ Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+ Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^
+ Td3[Te1[(rk[0] ) & 0xff] & 0xff];
+ rk[1] =
+ Td0[Te1[(rk[1] >> 24) ] & 0xff] ^
+ Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+ Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^
+ Td3[Te1[(rk[1] ) & 0xff] & 0xff];
+ rk[2] =
+ Td0[Te1[(rk[2] >> 24) ] & 0xff] ^
+ Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+ Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^
+ Td3[Te1[(rk[2] ) & 0xff] & 0xff];
+ rk[3] =
+ Td0[Te1[(rk[3] >> 24) ] & 0xff] ^
+ Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+ Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^
+ Td3[Te1[(rk[3] ) & 0xff] & 0xff];
+ }
+ return 0;
+}
+
+#ifndef AES_ASM
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key) {
+
+ const u32 *rk;
+ u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+ int r;
+#endif /* ?FULL_UNROLL */
+
+ assert(in && out && key);
+ rk = key->rd_key;
+
+ /*
+ * map byte array block to cipher state
+ * and add initial round key:
+ */
+ s0 = GETU32(in ) ^ rk[0];
+ s1 = GETU32(in + 4) ^ rk[1];
+ s2 = GETU32(in + 8) ^ rk[2];
+ s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+ /* round 1: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+ /* round 2: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+ /* round 3: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+ /* round 4: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+ /* round 5: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+ /* round 6: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+ /* round 7: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+ /* round 8: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+ /* round 9: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+ if (key->rounds > 10) {
+ /* round 10: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+ /* round 11: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+ if (key->rounds > 12) {
+ /* round 12: */
+ s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+ s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+ s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+ s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+ /* round 13: */
+ t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+ t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+ t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+ t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+ }
+ }
+ rk += key->rounds << 2;
+#else /* !FULL_UNROLL */
+ /*
+ * Nr - 1 full rounds:
+ */
+ r = key->rounds >> 1;
+ for (;;) {
+ t0 =
+ Te0[(s0 >> 24) ] ^
+ Te1[(s1 >> 16) & 0xff] ^
+ Te2[(s2 >> 8) & 0xff] ^
+ Te3[(s3 ) & 0xff] ^
+ rk[4];
+ t1 =
+ Te0[(s1 >> 24) ] ^
+ Te1[(s2 >> 16) & 0xff] ^
+ Te2[(s3 >> 8) & 0xff] ^
+ Te3[(s0 ) & 0xff] ^
+ rk[5];
+ t2 =
+ Te0[(s2 >> 24) ] ^
+ Te1[(s3 >> 16) & 0xff] ^
+ Te2[(s0 >> 8) & 0xff] ^
+ Te3[(s1 ) & 0xff] ^
+ rk[6];
+ t3 =
+ Te0[(s3 >> 24) ] ^
+ Te1[(s0 >> 16) & 0xff] ^
+ Te2[(s1 >> 8) & 0xff] ^
+ Te3[(s2 ) & 0xff] ^
+ rk[7];
+
+ rk += 8;
+ if (--r == 0) {
+ break;
+ }
+
+ s0 =
+ Te0[(t0 >> 24) ] ^
+ Te1[(t1 >> 16) & 0xff] ^
+ Te2[(t2 >> 8) & 0xff] ^
+ Te3[(t3 ) & 0xff] ^
+ rk[0];
+ s1 =
+ Te0[(t1 >> 24) ] ^
+ Te1[(t2 >> 16) & 0xff] ^
+ Te2[(t3 >> 8) & 0xff] ^
+ Te3[(t0 ) & 0xff] ^
+ rk[1];
+ s2 =
+ Te0[(t2 >> 24) ] ^
+ Te1[(t3 >> 16) & 0xff] ^
+ Te2[(t0 >> 8) & 0xff] ^
+ Te3[(t1 ) & 0xff] ^
+ rk[2];
+ s3 =
+ Te0[(t3 >> 24) ] ^
+ Te1[(t0 >> 16) & 0xff] ^
+ Te2[(t1 >> 8) & 0xff] ^
+ Te3[(t2 ) & 0xff] ^
+ rk[3];
+ }
+#endif /* ?FULL_UNROLL */
+ /*
+ * apply last round and
+ * map cipher state to byte array block:
+ */
+ s0 =
+ (Te2[(t0 >> 24) ] & 0xff000000) ^
+ (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(t3 ) & 0xff] & 0x000000ff) ^
+ rk[0];
+ PUTU32(out , s0);
+ s1 =
+ (Te2[(t1 >> 24) ] & 0xff000000) ^
+ (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(t0 ) & 0xff] & 0x000000ff) ^
+ rk[1];
+ PUTU32(out + 4, s1);
+ s2 =
+ (Te2[(t2 >> 24) ] & 0xff000000) ^
+ (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(t1 ) & 0xff] & 0x000000ff) ^
+ rk[2];
+ PUTU32(out + 8, s2);
+ s3 =
+ (Te2[(t3 >> 24) ] & 0xff000000) ^
+ (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+ (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^
+ (Te1[(t2 ) & 0xff] & 0x000000ff) ^
+ rk[3];
+ PUTU32(out + 12, s3);
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key)
+{
+
+ const u32 *rk;
+ u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+ int r;
+#endif /* ?FULL_UNROLL */
+
+ assert(in && out && key);
+ rk = key->rd_key;
+
+ /*
+ * map byte array block to cipher state
+ * and add initial round key:
+ */
+ s0 = GETU32(in ) ^ rk[0];
+ s1 = GETU32(in + 4) ^ rk[1];
+ s2 = GETU32(in + 8) ^ rk[2];
+ s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+ /* round 1: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+ /* round 2: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+ /* round 3: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+ /* round 4: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+ /* round 5: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+ /* round 6: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+ /* round 7: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+ /* round 8: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+ /* round 9: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+ if (key->rounds > 10) {
+ /* round 10: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+ /* round 11: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+ if (key->rounds > 12) {
+ /* round 12: */
+ s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+ s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+ s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+ s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+ /* round 13: */
+ t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+ t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+ t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+ t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+ }
+ }
+ rk += key->rounds << 2;
+#else /* !FULL_UNROLL */
+ /*
+ * Nr - 1 full rounds:
+ */
+ r = key->rounds >> 1;
+ for (;;) {
+ t0 =
+ Td0[(s0 >> 24) ] ^
+ Td1[(s3 >> 16) & 0xff] ^
+ Td2[(s2 >> 8) & 0xff] ^
+ Td3[(s1 ) & 0xff] ^
+ rk[4];
+ t1 =
+ Td0[(s1 >> 24) ] ^
+ Td1[(s0 >> 16) & 0xff] ^
+ Td2[(s3 >> 8) & 0xff] ^
+ Td3[(s2 ) & 0xff] ^
+ rk[5];
+ t2 =
+ Td0[(s2 >> 24) ] ^
+ Td1[(s1 >> 16) & 0xff] ^
+ Td2[(s0 >> 8) & 0xff] ^
+ Td3[(s3 ) & 0xff] ^
+ rk[6];
+ t3 =
+ Td0[(s3 >> 24) ] ^
+ Td1[(s2 >> 16) & 0xff] ^
+ Td2[(s1 >> 8) & 0xff] ^
+ Td3[(s0 ) & 0xff] ^
+ rk[7];
+
+ rk += 8;
+ if (--r == 0) {
+ break;
+ }
+
+ s0 =
+ Td0[(t0 >> 24) ] ^
+ Td1[(t3 >> 16) & 0xff] ^
+ Td2[(t2 >> 8) & 0xff] ^
+ Td3[(t1 ) & 0xff] ^
+ rk[0];
+ s1 =
+ Td0[(t1 >> 24) ] ^
+ Td1[(t0 >> 16) & 0xff] ^
+ Td2[(t3 >> 8) & 0xff] ^
+ Td3[(t2 ) & 0xff] ^
+ rk[1];
+ s2 =
+ Td0[(t2 >> 24) ] ^
+ Td1[(t1 >> 16) & 0xff] ^
+ Td2[(t0 >> 8) & 0xff] ^
+ Td3[(t3 ) & 0xff] ^
+ rk[2];
+ s3 =
+ Td0[(t3 >> 24) ] ^
+ Td1[(t2 >> 16) & 0xff] ^
+ Td2[(t1 >> 8) & 0xff] ^
+ Td3[(t0 ) & 0xff] ^
+ rk[3];
+ }
+#endif /* ?FULL_UNROLL */
+ /*
+ * apply last round and
+ * map cipher state to byte array block:
+ */
+ s0 =
+ (Td4[(t0 >> 24) ] << 24) ^
+ (Td4[(t3 >> 16) & 0xff] << 16) ^
+ (Td4[(t2 >> 8) & 0xff] << 8) ^
+ (Td4[(t1 ) & 0xff]) ^
+ rk[0];
+ PUTU32(out , s0);
+ s1 =
+ (Td4[(t1 >> 24) ] << 24) ^
+ (Td4[(t0 >> 16) & 0xff] << 16) ^
+ (Td4[(t3 >> 8) & 0xff] << 8) ^
+ (Td4[(t2 ) & 0xff]) ^
+ rk[1];
+ PUTU32(out + 4, s1);
+ s2 =
+ (Td4[(t2 >> 24) ] << 24) ^
+ (Td4[(t1 >> 16) & 0xff] << 16) ^
+ (Td4[(t0 >> 8) & 0xff] << 8) ^
+ (Td4[(t3 ) & 0xff]) ^
+ rk[2];
+ PUTU32(out + 8, s2);
+ s3 =
+ (Td4[(t3 >> 24) ] << 24) ^
+ (Td4[(t2 >> 16) & 0xff] << 16) ^
+ (Td4[(t1 >> 8) & 0xff] << 8) ^
+ (Td4[(t0 ) & 0xff]) ^
+ rk[3];
+ PUTU32(out + 12, s3);
+}
+
+#endif /* AES_ASM */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ctr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ctr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,139 +0,0 @@
-/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-/* NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code
- * is endian-neutral. */
-
-/* increment counter (128-bit int) by 1 */
-static void AES_ctr128_inc(unsigned char *counter) {
- unsigned long c;
-
- /* Grab bottom dword of counter and increment */
- c = GETU32(counter + 12);
- c++; c &= 0xFFFFFFFF;
- PUTU32(counter + 12, c);
-
- /* if no overflow, we're done */
- if (c)
- return;
-
- /* Grab 1st dword of counter and increment */
- c = GETU32(counter + 8);
- c++; c &= 0xFFFFFFFF;
- PUTU32(counter + 8, c);
-
- /* if no overflow, we're done */
- if (c)
- return;
-
- /* Grab 2nd dword of counter and increment */
- c = GETU32(counter + 4);
- c++; c &= 0xFFFFFFFF;
- PUTU32(counter + 4, c);
-
- /* if no overflow, we're done */
- if (c)
- return;
-
- /* Grab top dword of counter and increment */
- c = GETU32(counter + 0);
- c++; c &= 0xFFFFFFFF;
- PUTU32(counter + 0, c);
-}
-
-/* The input encrypted as though 128bit counter mode is being
- * used. The extra state information to record how much of the
- * 128bit block we have used is contained in *num, and the
- * encrypted counter is kept in ecount_buf. Both *num and
- * ecount_buf must be initialised with zeros before the first
- * call to AES_ctr128_encrypt().
- *
- * This algorithm assumes that the counter is in the x lower bits
- * of the IV (ivec), and that the application has full control over
- * overflow and the rest of the IV. This implementation takes NO
- * responsability for checking that the counter doesn't overflow
- * into the rest of the IV when incremented.
- */
-void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char ivec[AES_BLOCK_SIZE],
- unsigned char ecount_buf[AES_BLOCK_SIZE],
- unsigned int *num) {
-
- unsigned int n;
- unsigned long l=length;
-
- assert(in && out && key && counter && num);
- assert(*num < AES_BLOCK_SIZE);
-
- n = *num;
-
- while (l--) {
- if (n == 0) {
- AES_encrypt(ivec, ecount_buf, key);
- AES_ctr128_inc(ivec);
- }
- *(out++) = *(in++) ^ ecount_buf[n];
- n = (n+1) % AES_BLOCK_SIZE;
- }
-
- *num=n;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ctr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/aes/aes_ctr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ctr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ctr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,145 @@
+/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/*
+ * NOTE: the IV/counter CTR mode is big-endian. The rest of the AES code is
+ * endian-neutral.
+ */
+
+/* increment counter (128-bit int) by 1 */
+static void AES_ctr128_inc(unsigned char *counter)
+{
+ unsigned long c;
+
+ /* Grab bottom dword of counter and increment */
+ c = GETU32(counter + 12);
+ c++;
+ c &= 0xFFFFFFFF;
+ PUTU32(counter + 12, c);
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab 1st dword of counter and increment */
+ c = GETU32(counter + 8);
+ c++;
+ c &= 0xFFFFFFFF;
+ PUTU32(counter + 8, c);
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab 2nd dword of counter and increment */
+ c = GETU32(counter + 4);
+ c++;
+ c &= 0xFFFFFFFF;
+ PUTU32(counter + 4, c);
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab top dword of counter and increment */
+ c = GETU32(counter + 0);
+ c++;
+ c &= 0xFFFFFFFF;
+ PUTU32(counter + 0, c);
+}
+
+/*
+ * The input encrypted as though 128bit counter mode is being used. The
+ * extra state information to record how much of the 128bit block we have
+ * used is contained in *num, and the encrypted counter is kept in
+ * ecount_buf. Both *num and ecount_buf must be initialised with zeros
+ * before the first call to AES_ctr128_encrypt(). This algorithm assumes
+ * that the counter is in the x lower bits of the IV (ivec), and that the
+ * application has full control over overflow and the rest of the IV. This
+ * implementation takes NO responsability for checking that the counter
+ * doesn't overflow into the rest of the IV when incremented.
+ */
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char ivec[AES_BLOCK_SIZE],
+ unsigned char ecount_buf[AES_BLOCK_SIZE],
+ unsigned int *num)
+{
+
+ unsigned int n;
+ unsigned long l = length;
+
+ assert(in && out && key && counter && num);
+ assert(*num < AES_BLOCK_SIZE);
+
+ n = *num;
+
+ while (l--) {
+ if (n == 0) {
+ AES_encrypt(ivec, ecount_buf, key);
+ AES_ctr128_inc(ivec);
+ }
+ *(out++) = *(in++) ^ ecount_buf[n];
+ n = (n + 1) % AES_BLOCK_SIZE;
+ }
+
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ecb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,73 +0,0 @@
-/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
- const AES_KEY *key, const int enc) {
-
- assert(in && out && key);
- assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
-
- if (AES_ENCRYPT == enc)
- AES_encrypt(in, out, key);
- else
- AES_decrypt(in, out, key);
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ecb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/aes/aes_ecb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ecb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,73 @@
+/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const AES_KEY *key, const int enc)
+{
+
+ assert(in && out && key);
+ assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+
+ if (AES_ENCRYPT == enc)
+ AES_encrypt(in, out, key);
+ else
+ AES_decrypt(in, out, key);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ige.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ige.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ige.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,323 +0,0 @@
-/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include "cryptlib.h"
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
-typedef struct {
- unsigned long data[N_WORDS];
-} aes_block_t;
-
-/* XXX: probably some better way to do this */
-#if defined(__i386__) || defined(__x86_64__)
-#define UNALIGNED_MEMOPS_ARE_FAST 1
-#else
-#define UNALIGNED_MEMOPS_ARE_FAST 0
-#endif
-
-#if UNALIGNED_MEMOPS_ARE_FAST
-#define load_block(d, s) (d) = *(const aes_block_t *)(s)
-#define store_block(d, s) *(aes_block_t *)(d) = (s)
-#else
-#define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE)
-#define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE)
-#endif
-
-/* N.B. The IV for this mode is _twice_ the block size */
-
-void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, const int enc)
- {
- unsigned long n;
- unsigned long len;
-
- OPENSSL_assert(in && out && key && ivec);
- OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
- OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
-
- len = length / AES_BLOCK_SIZE;
-
- if (AES_ENCRYPT == enc)
- {
- if (in != out &&
- (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
- {
- aes_block_t *ivp = (aes_block_t *)ivec;
- aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
-
- while (len)
- {
- aes_block_t *inp = (aes_block_t *)in;
- aes_block_t *outp = (aes_block_t *)out;
-
- for(n=0 ; n < N_WORDS; ++n)
- outp->data[n] = inp->data[n] ^ ivp->data[n];
- AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key);
- for(n=0 ; n < N_WORDS; ++n)
- outp->data[n] ^= iv2p->data[n];
- ivp = outp;
- iv2p = inp;
- --len;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
- memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
- memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
- }
- else
- {
- aes_block_t tmp, tmp2;
- aes_block_t iv;
- aes_block_t iv2;
-
- load_block(iv, ivec);
- load_block(iv2, ivec + AES_BLOCK_SIZE);
-
- while (len)
- {
- load_block(tmp, in);
- for(n=0 ; n < N_WORDS; ++n)
- tmp2.data[n] = tmp.data[n] ^ iv.data[n];
- AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key);
- for(n=0 ; n < N_WORDS; ++n)
- tmp2.data[n] ^= iv2.data[n];
- store_block(out, tmp2);
- iv = tmp2;
- iv2 = tmp;
- --len;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
- memcpy(ivec, iv.data, AES_BLOCK_SIZE);
- memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
- }
- }
- else
- {
- if (in != out &&
- (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
- {
- aes_block_t *ivp = (aes_block_t *)ivec;
- aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
-
- while (len)
- {
- aes_block_t tmp;
- aes_block_t *inp = (aes_block_t *)in;
- aes_block_t *outp = (aes_block_t *)out;
-
- for(n=0 ; n < N_WORDS; ++n)
- tmp.data[n] = inp->data[n] ^ iv2p->data[n];
- AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key);
- for(n=0 ; n < N_WORDS; ++n)
- outp->data[n] ^= ivp->data[n];
- ivp = inp;
- iv2p = outp;
- --len;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
- memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
- memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
- }
- else
- {
- aes_block_t tmp, tmp2;
- aes_block_t iv;
- aes_block_t iv2;
-
- load_block(iv, ivec);
- load_block(iv2, ivec + AES_BLOCK_SIZE);
-
- while (len)
- {
- load_block(tmp, in);
- tmp2 = tmp;
- for(n=0 ; n < N_WORDS; ++n)
- tmp.data[n] ^= iv2.data[n];
- AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key);
- for(n=0 ; n < N_WORDS; ++n)
- tmp.data[n] ^= iv.data[n];
- store_block(out, tmp);
- iv = tmp2;
- iv2 = tmp;
- --len;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
- memcpy(ivec, iv.data, AES_BLOCK_SIZE);
- memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
- }
- }
- }
-
-/*
- * Note that its effectively impossible to do biIGE in anything other
- * than a single pass, so no provision is made for chaining.
- */
-
-/* N.B. The IV for this mode is _four times_ the block size */
-
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- const AES_KEY *key2, const unsigned char *ivec,
- const int enc)
- {
- unsigned long n;
- unsigned long len = length;
- unsigned char tmp[AES_BLOCK_SIZE];
- unsigned char tmp2[AES_BLOCK_SIZE];
- unsigned char tmp3[AES_BLOCK_SIZE];
- unsigned char prev[AES_BLOCK_SIZE];
- const unsigned char *iv;
- const unsigned char *iv2;
-
- OPENSSL_assert(in && out && key && ivec);
- OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
- OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
-
- if (AES_ENCRYPT == enc)
- {
- /* XXX: Do a separate case for when in != out (strictly should
- check for overlap, too) */
-
- /* First the forward pass */
- iv = ivec;
- iv2 = ivec + AES_BLOCK_SIZE;
- while (len >= AES_BLOCK_SIZE)
- {
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- out[n] = in[n] ^ iv[n];
- AES_encrypt(out, out, key);
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- out[n] ^= iv2[n];
- iv = out;
- memcpy(prev, in, AES_BLOCK_SIZE);
- iv2 = prev;
- len -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
-
- /* And now backwards */
- iv = ivec + AES_BLOCK_SIZE*2;
- iv2 = ivec + AES_BLOCK_SIZE*3;
- len = length;
- while(len >= AES_BLOCK_SIZE)
- {
- out -= AES_BLOCK_SIZE;
- /* XXX: reduce copies by alternating between buffers */
- memcpy(tmp, out, AES_BLOCK_SIZE);
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- out[n] ^= iv[n];
- /* hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
- AES_encrypt(out, out, key);
- /* hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
- /* hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- out[n] ^= iv2[n];
- /* hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
- iv = out;
- memcpy(prev, tmp, AES_BLOCK_SIZE);
- iv2 = prev;
- len -= AES_BLOCK_SIZE;
- }
- }
- else
- {
- /* First backwards */
- iv = ivec + AES_BLOCK_SIZE*2;
- iv2 = ivec + AES_BLOCK_SIZE*3;
- in += length;
- out += length;
- while (len >= AES_BLOCK_SIZE)
- {
- in -= AES_BLOCK_SIZE;
- out -= AES_BLOCK_SIZE;
- memcpy(tmp, in, AES_BLOCK_SIZE);
- memcpy(tmp2, in, AES_BLOCK_SIZE);
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- tmp[n] ^= iv2[n];
- AES_decrypt(tmp, out, key);
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- out[n] ^= iv[n];
- memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
- iv = tmp3;
- iv2 = out;
- len -= AES_BLOCK_SIZE;
- }
-
- /* And now forwards */
- iv = ivec;
- iv2 = ivec + AES_BLOCK_SIZE;
- len = length;
- while (len >= AES_BLOCK_SIZE)
- {
- memcpy(tmp, out, AES_BLOCK_SIZE);
- memcpy(tmp2, out, AES_BLOCK_SIZE);
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- tmp[n] ^= iv2[n];
- AES_decrypt(tmp, out, key);
- for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
- out[n] ^= iv[n];
- memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
- iv = tmp3;
- iv2 = out;
- len -= AES_BLOCK_SIZE;
- in += AES_BLOCK_SIZE;
- out += AES_BLOCK_SIZE;
- }
- }
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ige.c (from rev 6976, vendor-crypto/openssl/dist/crypto/aes/aes_ige.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ige.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ige.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,323 @@
+/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include "cryptlib.h"
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
+typedef struct {
+ unsigned long data[N_WORDS];
+} aes_block_t;
+
+/* XXX: probably some better way to do this */
+#if defined(__i386__) || defined(__x86_64__)
+# define UNALIGNED_MEMOPS_ARE_FAST 1
+#else
+# define UNALIGNED_MEMOPS_ARE_FAST 0
+#endif
+
+#if UNALIGNED_MEMOPS_ARE_FAST
+# define load_block(d, s) (d) = *(const aes_block_t *)(s)
+# define store_block(d, s) *(aes_block_t *)(d) = (s)
+#else
+# define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE)
+# define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE)
+#endif
+
+/* N.B. The IV for this mode is _twice_ the block size */
+
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, const int enc)
+{
+ unsigned long n;
+ unsigned long len;
+
+ OPENSSL_assert(in && out && key && ivec);
+ OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+ OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
+
+ len = length / AES_BLOCK_SIZE;
+
+ if (AES_ENCRYPT == enc) {
+ if (in != out &&
+ (UNALIGNED_MEMOPS_ARE_FAST
+ || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
+ 0)) {
+ aes_block_t *ivp = (aes_block_t *) ivec;
+ aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
+
+ while (len) {
+ aes_block_t *inp = (aes_block_t *) in;
+ aes_block_t *outp = (aes_block_t *) out;
+
+ for (n = 0; n < N_WORDS; ++n)
+ outp->data[n] = inp->data[n] ^ ivp->data[n];
+ AES_encrypt((unsigned char *)outp->data,
+ (unsigned char *)outp->data, key);
+ for (n = 0; n < N_WORDS; ++n)
+ outp->data[n] ^= iv2p->data[n];
+ ivp = outp;
+ iv2p = inp;
+ --len;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+ memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+ } else {
+ aes_block_t tmp, tmp2;
+ aes_block_t iv;
+ aes_block_t iv2;
+
+ load_block(iv, ivec);
+ load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+ while (len) {
+ load_block(tmp, in);
+ for (n = 0; n < N_WORDS; ++n)
+ tmp2.data[n] = tmp.data[n] ^ iv.data[n];
+ AES_encrypt((unsigned char *)tmp2.data,
+ (unsigned char *)tmp2.data, key);
+ for (n = 0; n < N_WORDS; ++n)
+ tmp2.data[n] ^= iv2.data[n];
+ store_block(out, tmp2);
+ iv = tmp2;
+ iv2 = tmp;
+ --len;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+ }
+ } else {
+ if (in != out &&
+ (UNALIGNED_MEMOPS_ARE_FAST
+ || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
+ 0)) {
+ aes_block_t *ivp = (aes_block_t *) ivec;
+ aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
+
+ while (len) {
+ aes_block_t tmp;
+ aes_block_t *inp = (aes_block_t *) in;
+ aes_block_t *outp = (aes_block_t *) out;
+
+ for (n = 0; n < N_WORDS; ++n)
+ tmp.data[n] = inp->data[n] ^ iv2p->data[n];
+ AES_decrypt((unsigned char *)tmp.data,
+ (unsigned char *)outp->data, key);
+ for (n = 0; n < N_WORDS; ++n)
+ outp->data[n] ^= ivp->data[n];
+ ivp = inp;
+ iv2p = outp;
+ --len;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+ memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+ } else {
+ aes_block_t tmp, tmp2;
+ aes_block_t iv;
+ aes_block_t iv2;
+
+ load_block(iv, ivec);
+ load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+ while (len) {
+ load_block(tmp, in);
+ tmp2 = tmp;
+ for (n = 0; n < N_WORDS; ++n)
+ tmp.data[n] ^= iv2.data[n];
+ AES_decrypt((unsigned char *)tmp.data,
+ (unsigned char *)tmp.data, key);
+ for (n = 0; n < N_WORDS; ++n)
+ tmp.data[n] ^= iv.data[n];
+ store_block(out, tmp);
+ iv = tmp2;
+ iv2 = tmp;
+ --len;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+ memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+ }
+ }
+}
+
+/*
+ * Note that its effectively impossible to do biIGE in anything other
+ * than a single pass, so no provision is made for chaining.
+ */
+
+/* N.B. The IV for this mode is _four times_ the block size */
+
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ const AES_KEY *key2, const unsigned char *ivec,
+ const int enc)
+{
+ unsigned long n;
+ unsigned long len = length;
+ unsigned char tmp[AES_BLOCK_SIZE];
+ unsigned char tmp2[AES_BLOCK_SIZE];
+ unsigned char tmp3[AES_BLOCK_SIZE];
+ unsigned char prev[AES_BLOCK_SIZE];
+ const unsigned char *iv;
+ const unsigned char *iv2;
+
+ OPENSSL_assert(in && out && key && ivec);
+ OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+ OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
+
+ if (AES_ENCRYPT == enc) {
+ /*
+ * XXX: Do a separate case for when in != out (strictly should check
+ * for overlap, too)
+ */
+
+ /* First the forward pass */
+ iv = ivec;
+ iv2 = ivec + AES_BLOCK_SIZE;
+ while (len >= AES_BLOCK_SIZE) {
+ for (n = 0; n < AES_BLOCK_SIZE; ++n)
+ out[n] = in[n] ^ iv[n];
+ AES_encrypt(out, out, key);
+ for (n = 0; n < AES_BLOCK_SIZE; ++n)
+ out[n] ^= iv2[n];
+ iv = out;
+ memcpy(prev, in, AES_BLOCK_SIZE);
+ iv2 = prev;
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+
+ /* And now backwards */
+ iv = ivec + AES_BLOCK_SIZE * 2;
+ iv2 = ivec + AES_BLOCK_SIZE * 3;
+ len = length;
+ while (len >= AES_BLOCK_SIZE) {
+ out -= AES_BLOCK_SIZE;
+ /*
+ * XXX: reduce copies by alternating between buffers
+ */
+ memcpy(tmp, out, AES_BLOCK_SIZE);
+ for (n = 0; n < AES_BLOCK_SIZE; ++n)
+ out[n] ^= iv[n];
+ /*
+ * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE);
+ */
+ AES_encrypt(out, out, key);
+ /*
+ * hexdump(stdout,"enc", out, AES_BLOCK_SIZE);
+ */
+ /*
+ * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE);
+ */
+ for (n = 0; n < AES_BLOCK_SIZE; ++n)
+ out[n] ^= iv2[n];
+ /*
+ * hexdump(stdout,"out", out, AES_BLOCK_SIZE);
+ */
+ iv = out;
+ memcpy(prev, tmp, AES_BLOCK_SIZE);
+ iv2 = prev;
+ len -= AES_BLOCK_SIZE;
+ }
+ } else {
+ /* First backwards */
+ iv = ivec + AES_BLOCK_SIZE * 2;
+ iv2 = ivec + AES_BLOCK_SIZE * 3;
+ in += length;
+ out += length;
+ while (len >= AES_BLOCK_SIZE) {
+ in -= AES_BLOCK_SIZE;
+ out -= AES_BLOCK_SIZE;
+ memcpy(tmp, in, AES_BLOCK_SIZE);
+ memcpy(tmp2, in, AES_BLOCK_SIZE);
+ for (n = 0; n < AES_BLOCK_SIZE; ++n)
+ tmp[n] ^= iv2[n];
+ AES_decrypt(tmp, out, key);
+ for (n = 0; n < AES_BLOCK_SIZE; ++n)
+ out[n] ^= iv[n];
+ memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+ iv = tmp3;
+ iv2 = out;
+ len -= AES_BLOCK_SIZE;
+ }
+
+ /* And now forwards */
+ iv = ivec;
+ iv2 = ivec + AES_BLOCK_SIZE;
+ len = length;
+ while (len >= AES_BLOCK_SIZE) {
+ memcpy(tmp, out, AES_BLOCK_SIZE);
+ memcpy(tmp2, out, AES_BLOCK_SIZE);
+ for (n = 0; n < AES_BLOCK_SIZE; ++n)
+ tmp[n] ^= iv2[n];
+ AES_decrypt(tmp, out, key);
+ for (n = 0; n < AES_BLOCK_SIZE; ++n)
+ out[n] ^= iv[n];
+ memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+ iv = tmp3;
+ iv2 = out;
+ len -= AES_BLOCK_SIZE;
+ in += AES_BLOCK_SIZE;
+ out += AES_BLOCK_SIZE;
+ }
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,89 +0,0 @@
-/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_AES_LOCL_H
-#define HEADER_AES_LOCL_H
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_AES
-#error AES is disabled.
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
-# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
-# define GETU32(p) SWAP(*((u32 *)(p)))
-# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
-#else
-# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
-# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
-#endif
-
-#ifdef AES_LONG
-typedef unsigned long u32;
-#else
-typedef unsigned int u32;
-#endif
-typedef unsigned short u16;
-typedef unsigned char u8;
-
-#define MAXKC (256/32)
-#define MAXKB (256/8)
-#define MAXNR 14
-
-/* This controls loop-unrolling in aes_core.c */
-#undef FULL_UNROLL
-
-#endif /* !HEADER_AES_LOCL_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/aes/aes_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,89 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_LOCL_H
+# define HEADER_AES_LOCL_H
+
+# include <openssl/e_os2.h>
+
+# ifdef OPENSSL_NO_AES
+# error AES is disabled.
+# endif
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+
+# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+# define GETU32(p) SWAP(*((u32 *)(p)))
+# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+# else
+# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3]))
+# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); }
+# endif
+
+# ifdef AES_LONG
+typedef unsigned long u32;
+# else
+typedef unsigned int u32;
+# endif
+typedef unsigned short u16;
+typedef unsigned char u8;
+
+# define MAXKC (256/32)
+# define MAXKB (256/8)
+# define MAXNR 14
+
+/* This controls loop-unrolling in aes_core.c */
+# undef FULL_UNROLL
+
+#endif /* !HEADER_AES_LOCL_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_misc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_misc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_misc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,64 +0,0 @@
-/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslv.h>
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-const char AES_version[]="AES" OPENSSL_VERSION_PTEXT;
-
-const char *AES_options(void) {
-#ifdef FULL_UNROLL
- return "aes(full)";
-#else
- return "aes(partial)";
-#endif
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_misc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/aes/aes_misc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_misc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_misc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,65 @@
+/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT;
+
+const char *AES_options(void)
+{
+#ifdef FULL_UNROLL
+ return "aes(full)";
+#else
+ return "aes(partial)";
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ofb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ofb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,142 +0,0 @@
-/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef AES_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/aes.h>
-#include "aes_locl.h"
-
-/* The input and output encrypted as though 128bit ofb mode is being
- * used. The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
-void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const AES_KEY *key,
- unsigned char *ivec, int *num) {
-
- unsigned int n;
- unsigned long l=length;
-
- assert(in && out && key && ivec && num);
-
- n = *num;
-
- while (l--) {
- if (n == 0) {
- AES_encrypt(ivec, ivec, key);
- }
- *(out++) = *(in++) ^ ivec[n];
- n = (n+1) % AES_BLOCK_SIZE;
- }
-
- *num=n;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ofb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/aes/aes_ofb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ofb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_ofb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,144 @@
+/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/*
+ * The input and output encrypted as though 128bit ofb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const AES_KEY *key,
+ unsigned char *ivec, int *num)
+{
+
+ unsigned int n;
+ unsigned long l = length;
+
+ assert(in && out && key && ivec && num);
+
+ n = *num;
+
+ while (l--) {
+ if (n == 0) {
+ AES_encrypt(ivec, ivec, key);
+ }
+ *(out++) = *(in++) ^ ivec[n];
+ n = (n + 1) % AES_BLOCK_SIZE;
+ }
+
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_wrap.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/aes/aes_wrap.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_wrap.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,259 +0,0 @@
-/* crypto/aes/aes_wrap.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/aes.h>
-#include <openssl/bio.h>
-
-static const unsigned char default_iv[] = {
- 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
-};
-
-int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
- unsigned char *out,
- const unsigned char *in, unsigned int inlen)
- {
- unsigned char *A, B[16], *R;
- unsigned int i, j, t;
- if ((inlen & 0x7) || (inlen < 8))
- return -1;
- A = B;
- t = 1;
- memcpy(out + 8, in, inlen);
- if (!iv)
- iv = default_iv;
-
- memcpy(A, iv, 8);
-
- for (j = 0; j < 6; j++)
- {
- R = out + 8;
- for (i = 0; i < inlen; i += 8, t++, R += 8)
- {
- memcpy(B + 8, R, 8);
- AES_encrypt(B, B, key);
- A[7] ^= (unsigned char)(t & 0xff);
- if (t > 0xff)
- {
- A[6] ^= (unsigned char)((t >> 8) & 0xff);
- A[5] ^= (unsigned char)((t >> 16) & 0xff);
- A[4] ^= (unsigned char)((t >> 24) & 0xff);
- }
- memcpy(R, B + 8, 8);
- }
- }
- memcpy(out, A, 8);
- return inlen + 8;
- }
-
-int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
- unsigned char *out,
- const unsigned char *in, unsigned int inlen)
- {
- unsigned char *A, B[16], *R;
- unsigned int i, j, t;
- inlen -= 8;
- if (inlen & 0x7)
- return -1;
- if (inlen < 8)
- return -1;
- A = B;
- t = 6 * (inlen >> 3);
- memcpy(A, in, 8);
- memcpy(out, in + 8, inlen);
- for (j = 0; j < 6; j++)
- {
- R = out + inlen - 8;
- for (i = 0; i < inlen; i += 8, t--, R -= 8)
- {
- A[7] ^= (unsigned char)(t & 0xff);
- if (t > 0xff)
- {
- A[6] ^= (unsigned char)((t >> 8) & 0xff);
- A[5] ^= (unsigned char)((t >> 16) & 0xff);
- A[4] ^= (unsigned char)((t >> 24) & 0xff);
- }
- memcpy(B + 8, R, 8);
- AES_decrypt(B, B, key);
- memcpy(R, B + 8, 8);
- }
- }
- if (!iv)
- iv = default_iv;
- if (memcmp(A, iv, 8))
- {
- OPENSSL_cleanse(out, inlen);
- return 0;
- }
- return inlen;
- }
-
-#ifdef AES_WRAP_TEST
-
-int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
- const unsigned char *iv,
- const unsigned char *eout,
- const unsigned char *key, int keylen)
- {
- unsigned char *otmp = NULL, *ptmp = NULL;
- int r, ret = 0;
- AES_KEY wctx;
- otmp = OPENSSL_malloc(keylen + 8);
- ptmp = OPENSSL_malloc(keylen);
- if (!otmp || !ptmp)
- return 0;
- if (AES_set_encrypt_key(kek, keybits, &wctx))
- goto err;
- r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
- if (r <= 0)
- goto err;
-
- if (eout && memcmp(eout, otmp, keylen))
- goto err;
-
- if (AES_set_decrypt_key(kek, keybits, &wctx))
- goto err;
- r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
-
- if (memcmp(key, ptmp, keylen))
- goto err;
-
- ret = 1;
-
- err:
- if (otmp)
- OPENSSL_free(otmp);
- if (ptmp)
- OPENSSL_free(ptmp);
-
- return ret;
-
- }
-
-
-
-int main(int argc, char **argv)
-{
-
-static const unsigned char kek[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
-};
-
-static const unsigned char key[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
-};
-
-static const unsigned char e1[] = {
- 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
- 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
- 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
-};
-
-static const unsigned char e2[] = {
- 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
- 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
- 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
-};
-
-static const unsigned char e3[] = {
- 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
- 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
- 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
-};
-
-static const unsigned char e4[] = {
- 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
- 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
- 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
- 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
-};
-
-static const unsigned char e5[] = {
- 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
- 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
- 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
- 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
-};
-
-static const unsigned char e6[] = {
- 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
- 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
- 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
- 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
- 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
-};
-
- AES_KEY wctx, xctx;
- int ret;
- ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
- fprintf(stderr, "Key test result %d\n", ret);
- ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
- fprintf(stderr, "Key test result %d\n", ret);
- ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
- fprintf(stderr, "Key test result %d\n", ret);
- ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
- fprintf(stderr, "Key test result %d\n", ret);
- ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
- fprintf(stderr, "Key test result %d\n", ret);
- ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
- fprintf(stderr, "Key test result %d\n", ret);
-}
-
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_wrap.c (from rev 6976, vendor-crypto/openssl/dist/crypto/aes/aes_wrap.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_wrap.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/aes/aes_wrap.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,250 @@
+/* crypto/aes/aes_wrap.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/aes.h>
+#include <openssl/bio.h>
+
+static const unsigned char default_iv[] = {
+ 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
+};
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen)
+{
+ unsigned char *A, B[16], *R;
+ unsigned int i, j, t;
+ if ((inlen & 0x7) || (inlen < 8))
+ return -1;
+ A = B;
+ t = 1;
+ memcpy(out + 8, in, inlen);
+ if (!iv)
+ iv = default_iv;
+
+ memcpy(A, iv, 8);
+
+ for (j = 0; j < 6; j++) {
+ R = out + 8;
+ for (i = 0; i < inlen; i += 8, t++, R += 8) {
+ memcpy(B + 8, R, 8);
+ AES_encrypt(B, B, key);
+ A[7] ^= (unsigned char)(t & 0xff);
+ if (t > 0xff) {
+ A[6] ^= (unsigned char)((t >> 8) & 0xff);
+ A[5] ^= (unsigned char)((t >> 16) & 0xff);
+ A[4] ^= (unsigned char)((t >> 24) & 0xff);
+ }
+ memcpy(R, B + 8, 8);
+ }
+ }
+ memcpy(out, A, 8);
+ return inlen + 8;
+}
+
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+ unsigned char *out,
+ const unsigned char *in, unsigned int inlen)
+{
+ unsigned char *A, B[16], *R;
+ unsigned int i, j, t;
+ inlen -= 8;
+ if (inlen & 0x7)
+ return -1;
+ if (inlen < 8)
+ return -1;
+ A = B;
+ t = 6 * (inlen >> 3);
+ memcpy(A, in, 8);
+ memcpy(out, in + 8, inlen);
+ for (j = 0; j < 6; j++) {
+ R = out + inlen - 8;
+ for (i = 0; i < inlen; i += 8, t--, R -= 8) {
+ A[7] ^= (unsigned char)(t & 0xff);
+ if (t > 0xff) {
+ A[6] ^= (unsigned char)((t >> 8) & 0xff);
+ A[5] ^= (unsigned char)((t >> 16) & 0xff);
+ A[4] ^= (unsigned char)((t >> 24) & 0xff);
+ }
+ memcpy(B + 8, R, 8);
+ AES_decrypt(B, B, key);
+ memcpy(R, B + 8, 8);
+ }
+ }
+ if (!iv)
+ iv = default_iv;
+ if (memcmp(A, iv, 8)) {
+ OPENSSL_cleanse(out, inlen);
+ return 0;
+ }
+ return inlen;
+}
+
+#ifdef AES_WRAP_TEST
+
+int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
+ const unsigned char *iv,
+ const unsigned char *eout,
+ const unsigned char *key, int keylen)
+{
+ unsigned char *otmp = NULL, *ptmp = NULL;
+ int r, ret = 0;
+ AES_KEY wctx;
+ otmp = OPENSSL_malloc(keylen + 8);
+ ptmp = OPENSSL_malloc(keylen);
+ if (!otmp || !ptmp)
+ return 0;
+ if (AES_set_encrypt_key(kek, keybits, &wctx))
+ goto err;
+ r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
+ if (r <= 0)
+ goto err;
+
+ if (eout && memcmp(eout, otmp, keylen))
+ goto err;
+
+ if (AES_set_decrypt_key(kek, keybits, &wctx))
+ goto err;
+ r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
+
+ if (memcmp(key, ptmp, keylen))
+ goto err;
+
+ ret = 1;
+
+ err:
+ if (otmp)
+ OPENSSL_free(otmp);
+ if (ptmp)
+ OPENSSL_free(ptmp);
+
+ return ret;
+
+}
+
+int main(int argc, char **argv)
+{
+
+ static const unsigned char kek[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+ };
+
+ static const unsigned char key[] = {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+ };
+
+ static const unsigned char e1[] = {
+ 0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
+ 0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
+ 0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
+ };
+
+ static const unsigned char e2[] = {
+ 0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
+ 0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
+ 0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
+ };
+
+ static const unsigned char e3[] = {
+ 0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
+ 0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
+ 0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
+ };
+
+ static const unsigned char e4[] = {
+ 0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
+ 0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
+ 0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
+ 0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
+ };
+
+ static const unsigned char e5[] = {
+ 0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
+ 0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
+ 0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
+ 0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
+ };
+
+ static const unsigned char e6[] = {
+ 0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
+ 0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
+ 0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
+ 0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
+ 0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
+ };
+
+ AES_KEY wctx, xctx;
+ int ret;
+ ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
+ fprintf(stderr, "Key test result %d\n", ret);
+ ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
+ fprintf(stderr, "Key test result %d\n", ret);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bitstr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bitstr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,225 +0,0 @@
-/* crypto/asn1/a_bitstr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
-{ return M_ASN1_BIT_STRING_set(x, d, len); }
-
-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
- {
- int ret,j,bits,len;
- unsigned char *p,*d;
-
- if (a == NULL) return(0);
-
- len=a->length;
-
- if (len > 0)
- {
- if (a->flags & ASN1_STRING_FLAG_BITS_LEFT)
- {
- bits=(int)a->flags&0x07;
- }
- else
- {
- for ( ; len > 0; len--)
- {
- if (a->data[len-1]) break;
- }
- j=a->data[len-1];
- if (j & 0x01) bits=0;
- else if (j & 0x02) bits=1;
- else if (j & 0x04) bits=2;
- else if (j & 0x08) bits=3;
- else if (j & 0x10) bits=4;
- else if (j & 0x20) bits=5;
- else if (j & 0x40) bits=6;
- else if (j & 0x80) bits=7;
- else bits=0; /* should not happen */
- }
- }
- else
- bits=0;
-
- ret=1+len;
- if (pp == NULL) return(ret);
-
- p= *pp;
-
- *(p++)=(unsigned char)bits;
- d=a->data;
- memcpy(p,d,len);
- p+=len;
- if (len > 0) p[-1]&=(0xff<<bits);
- *pp=p;
- return(ret);
- }
-
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
- const unsigned char **pp, long len)
- {
- ASN1_BIT_STRING *ret=NULL;
- const unsigned char *p;
- unsigned char *s;
- int i;
-
- if (len < 1)
- {
- i=ASN1_R_STRING_TOO_SHORT;
- goto err;
- }
-
- if ((a == NULL) || ((*a) == NULL))
- {
- if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
- }
- else
- ret=(*a);
-
- p= *pp;
- i= *(p++);
- /* We do this to preserve the settings. If we modify
- * the settings, via the _set_bit function, we will recalculate
- * on output */
- ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
- ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
-
- if (len-- > 1) /* using one because of the bits left byte */
- {
- s=(unsigned char *)OPENSSL_malloc((int)len);
- if (s == NULL)
- {
- i=ERR_R_MALLOC_FAILURE;
- goto err;
- }
- memcpy(s,p,(int)len);
- s[len-1]&=(0xff<<i);
- p+=len;
- }
- else
- s=NULL;
-
- ret->length=(int)len;
- if (ret->data != NULL) OPENSSL_free(ret->data);
- ret->data=s;
- ret->type=V_ASN1_BIT_STRING;
- if (a != NULL) (*a)=ret;
- *pp=p;
- return(ret);
-err:
- ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i);
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- M_ASN1_BIT_STRING_free(ret);
- return(NULL);
- }
-
-/* These next 2 functions from Goetz Babin-Ebell <babinebell at trustcenter.de>
- */
-int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
- {
- int w,v,iv;
- unsigned char *c;
-
- w=n/8;
- v=1<<(7-(n&0x07));
- iv= ~v;
- if (!value) v=0;
-
- if (a == NULL)
- return 0;
-
- a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
-
- if ((a->length < (w+1)) || (a->data == NULL))
- {
- if (!value) return(1); /* Don't need to set */
- if (a->data == NULL)
- c=(unsigned char *)OPENSSL_malloc(w+1);
- else
- c=(unsigned char *)OPENSSL_realloc_clean(a->data,
- a->length,
- w+1);
- if (c == NULL)
- {
- ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
- a->data=c;
- a->length=w+1;
- }
- a->data[w]=((a->data[w])&iv)|v;
- while ((a->length > 0) && (a->data[a->length-1] == 0))
- a->length--;
- return(1);
- }
-
-int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
- {
- int w,v;
-
- w=n/8;
- v=1<<(7-(n&0x07));
- if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL))
- return(0);
- return((a->data[w]&v) != 0);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bitstr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_bitstr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bitstr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bitstr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,236 @@
+/* crypto/asn1/a_bitstr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
+{
+ return M_ASN1_BIT_STRING_set(x, d, len);
+}
+
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+{
+ int ret, j, bits, len;
+ unsigned char *p, *d;
+
+ if (a == NULL)
+ return (0);
+
+ len = a->length;
+
+ if (len > 0) {
+ if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) {
+ bits = (int)a->flags & 0x07;
+ } else {
+ for (; len > 0; len--) {
+ if (a->data[len - 1])
+ break;
+ }
+ j = a->data[len - 1];
+ if (j & 0x01)
+ bits = 0;
+ else if (j & 0x02)
+ bits = 1;
+ else if (j & 0x04)
+ bits = 2;
+ else if (j & 0x08)
+ bits = 3;
+ else if (j & 0x10)
+ bits = 4;
+ else if (j & 0x20)
+ bits = 5;
+ else if (j & 0x40)
+ bits = 6;
+ else if (j & 0x80)
+ bits = 7;
+ else
+ bits = 0; /* should not happen */
+ }
+ } else
+ bits = 0;
+
+ ret = 1 + len;
+ if (pp == NULL)
+ return (ret);
+
+ p = *pp;
+
+ *(p++) = (unsigned char)bits;
+ d = a->data;
+ memcpy(p, d, len);
+ p += len;
+ if (len > 0)
+ p[-1] &= (0xff << bits);
+ *pp = p;
+ return (ret);
+}
+
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+ const unsigned char **pp, long len)
+{
+ ASN1_BIT_STRING *ret = NULL;
+ const unsigned char *p;
+ unsigned char *s;
+ int i;
+
+ if (len < 1) {
+ i = ASN1_R_STRING_TOO_SHORT;
+ goto err;
+ }
+
+ if ((a == NULL) || ((*a) == NULL)) {
+ if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
+ return (NULL);
+ } else
+ ret = (*a);
+
+ p = *pp;
+ i = *(p++);
+ if (i > 7) {
+ i = ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
+ goto err;
+ }
+ /*
+ * We do this to preserve the settings. If we modify the settings, via
+ * the _set_bit function, we will recalculate on output
+ */
+ ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */
+ ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */
+
+ if (len-- > 1) { /* using one because of the bits left byte */
+ s = (unsigned char *)OPENSSL_malloc((int)len);
+ if (s == NULL) {
+ i = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+ memcpy(s, p, (int)len);
+ s[len - 1] &= (0xff << i);
+ p += len;
+ } else
+ s = NULL;
+
+ ret->length = (int)len;
+ if (ret->data != NULL)
+ OPENSSL_free(ret->data);
+ ret->data = s;
+ ret->type = V_ASN1_BIT_STRING;
+ if (a != NULL)
+ (*a) = ret;
+ *pp = p;
+ return (ret);
+ err:
+ ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ M_ASN1_BIT_STRING_free(ret);
+ return (NULL);
+}
+
+/*
+ * These next 2 functions from Goetz Babin-Ebell <babinebell at trustcenter.de>
+ */
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
+{
+ int w, v, iv;
+ unsigned char *c;
+
+ w = n / 8;
+ v = 1 << (7 - (n & 0x07));
+ iv = ~v;
+ if (!value)
+ v = 0;
+
+ if (a == NULL)
+ return 0;
+
+ a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */
+
+ if ((a->length < (w + 1)) || (a->data == NULL)) {
+ if (!value)
+ return (1); /* Don't need to set */
+ if (a->data == NULL)
+ c = (unsigned char *)OPENSSL_malloc(w + 1);
+ else
+ c = (unsigned char *)OPENSSL_realloc_clean(a->data,
+ a->length, w + 1);
+ if (c == NULL) {
+ ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (w + 1 - a->length > 0)
+ memset(c + a->length, 0, w + 1 - a->length);
+ a->data = c;
+ a->length = w + 1;
+ }
+ a->data[w] = ((a->data[w]) & iv) | v;
+ while ((a->length > 0) && (a->data[a->length - 1] == 0))
+ a->length--;
+ return (1);
+}
+
+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
+{
+ int w, v;
+
+ w = n / 8;
+ v = 1 << (7 - (n & 0x07));
+ if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
+ return (0);
+ return ((a->data[w] & v) != 0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bool.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_bool.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bool.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,114 +0,0 @@
-/* crypto/asn1/a_bool.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-
-int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
- {
- int r;
- unsigned char *p;
-
- r=ASN1_object_size(0,1,V_ASN1_BOOLEAN);
- if (pp == NULL) return(r);
- p= *pp;
-
- ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL);
- *(p++)= (unsigned char)a;
- *pp=p;
- return(r);
- }
-
-int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
- {
- int ret= -1;
- const unsigned char *p;
- long len;
- int inf,tag,xclass;
- int i=0;
-
- p= *pp;
- inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
- if (inf & 0x80)
- {
- i=ASN1_R_BAD_OBJECT_HEADER;
- goto err;
- }
-
- if (tag != V_ASN1_BOOLEAN)
- {
- i=ASN1_R_EXPECTING_A_BOOLEAN;
- goto err;
- }
-
- if (len != 1)
- {
- i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
- goto err;
- }
- ret= (int)*(p++);
- if (a != NULL) (*a)=ret;
- *pp=p;
- return(ret);
-err:
- ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
- return(ret);
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bool.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_bool.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bool.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bool.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,111 @@
+/* crypto/asn1/a_bool.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
+{
+ int r;
+ unsigned char *p;
+
+ r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
+ if (pp == NULL)
+ return (r);
+ p = *pp;
+
+ ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
+ *(p++) = (unsigned char)a;
+ *pp = p;
+ return (r);
+}
+
+int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
+{
+ int ret = -1;
+ const unsigned char *p;
+ long len;
+ int inf, tag, xclass;
+ int i = 0;
+
+ p = *pp;
+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+ if (inf & 0x80) {
+ i = ASN1_R_BAD_OBJECT_HEADER;
+ goto err;
+ }
+
+ if (tag != V_ASN1_BOOLEAN) {
+ i = ASN1_R_EXPECTING_A_BOOLEAN;
+ goto err;
+ }
+
+ if (len != 1) {
+ i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
+ goto err;
+ }
+ ret = (int)*(p++);
+ if (a != NULL)
+ (*a) = ret;
+ *pp = p;
+ return (ret);
+ err:
+ ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bytes.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_bytes.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bytes.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,314 +0,0 @@
-/* crypto/asn1/a_bytes.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
-/* type is a 'bitmap' of acceptable string types.
- */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
- long length, int type)
- {
- ASN1_STRING *ret=NULL;
- const unsigned char *p;
- unsigned char *s;
- long len;
- int inf,tag,xclass;
- int i=0;
-
- p= *pp;
- inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
- if (inf & 0x80) goto err;
-
- if (tag >= 32)
- {
- i=ASN1_R_TAG_VALUE_TOO_HIGH;
- goto err;
- }
- if (!(ASN1_tag2bit(tag) & type))
- {
- i=ASN1_R_WRONG_TYPE;
- goto err;
- }
-
- /* If a bit-string, exit early */
- if (tag == V_ASN1_BIT_STRING)
- return(d2i_ASN1_BIT_STRING(a,pp,length));
-
- if ((a == NULL) || ((*a) == NULL))
- {
- if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
- }
- else
- ret=(*a);
-
- if (len != 0)
- {
- s=(unsigned char *)OPENSSL_malloc((int)len+1);
- if (s == NULL)
- {
- i=ERR_R_MALLOC_FAILURE;
- goto err;
- }
- memcpy(s,p,(int)len);
- s[len]='\0';
- p+=len;
- }
- else
- s=NULL;
-
- if (ret->data != NULL) OPENSSL_free(ret->data);
- ret->length=(int)len;
- ret->data=s;
- ret->type=tag;
- if (a != NULL) (*a)=ret;
- *pp=p;
- return(ret);
-err:
- ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i);
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- ASN1_STRING_free(ret);
- return(NULL);
- }
-
-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
- {
- int ret,r,constructed;
- unsigned char *p;
-
- if (a == NULL) return(0);
-
- if (tag == V_ASN1_BIT_STRING)
- return(i2d_ASN1_BIT_STRING(a,pp));
-
- ret=a->length;
- r=ASN1_object_size(0,ret,tag);
- if (pp == NULL) return(r);
- p= *pp;
-
- if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
- constructed=1;
- else
- constructed=0;
- ASN1_put_object(&p,constructed,ret,tag,xclass);
- memcpy(p,a->data,a->length);
- p+=a->length;
- *pp= p;
- return(r);
- }
-
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
- long length, int Ptag, int Pclass)
- {
- ASN1_STRING *ret=NULL;
- const unsigned char *p;
- unsigned char *s;
- long len;
- int inf,tag,xclass;
- int i=0;
-
- if ((a == NULL) || ((*a) == NULL))
- {
- if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
- }
- else
- ret=(*a);
-
- p= *pp;
- inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
- if (inf & 0x80)
- {
- i=ASN1_R_BAD_OBJECT_HEADER;
- goto err;
- }
-
- if (tag != Ptag)
- {
- i=ASN1_R_WRONG_TAG;
- goto err;
- }
-
- if (inf & V_ASN1_CONSTRUCTED)
- {
- ASN1_const_CTX c;
-
- c.pp=pp;
- c.p=p;
- c.inf=inf;
- c.slen=len;
- c.tag=Ptag;
- c.xclass=Pclass;
- c.max=(length == 0)?0:(p+length);
- if (!asn1_collate_primitive(ret,&c))
- goto err;
- else
- {
- p=c.p;
- }
- }
- else
- {
- if (len != 0)
- {
- if ((ret->length < len) || (ret->data == NULL))
- {
- if (ret->data != NULL) OPENSSL_free(ret->data);
- s=(unsigned char *)OPENSSL_malloc((int)len + 1);
- if (s == NULL)
- {
- i=ERR_R_MALLOC_FAILURE;
- goto err;
- }
- }
- else
- s=ret->data;
- memcpy(s,p,(int)len);
- s[len] = '\0';
- p+=len;
- }
- else
- {
- s=NULL;
- if (ret->data != NULL) OPENSSL_free(ret->data);
- }
-
- ret->length=(int)len;
- ret->data=s;
- ret->type=Ptag;
- }
-
- if (a != NULL) (*a)=ret;
- *pp=p;
- return(ret);
-err:
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- ASN1_STRING_free(ret);
- ASN1err(ASN1_F_D2I_ASN1_BYTES,i);
- return(NULL);
- }
-
-
-/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse
- * them into the one structure that is then returned */
-/* There have been a few bug fixes for this function from
- * Paul Keogh <paul.keogh at sse.ie>, many thanks to him */
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
- {
- ASN1_STRING *os=NULL;
- BUF_MEM b;
- int num;
-
- b.length=0;
- b.max=0;
- b.data=NULL;
-
- if (a == NULL)
- {
- c->error=ERR_R_PASSED_NULL_PARAMETER;
- goto err;
- }
-
- num=0;
- for (;;)
- {
- if (c->inf & 1)
- {
- c->eos=ASN1_const_check_infinite_end(&c->p,
- (long)(c->max-c->p));
- if (c->eos) break;
- }
- else
- {
- if (c->slen <= 0) break;
- }
-
- c->q=c->p;
- if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
- == NULL)
- {
- c->error=ERR_R_ASN1_LIB;
- goto err;
- }
-
- if (!BUF_MEM_grow_clean(&b,num+os->length))
- {
- c->error=ERR_R_BUF_LIB;
- goto err;
- }
- memcpy(&(b.data[num]),os->data,os->length);
- if (!(c->inf & 1))
- c->slen-=(c->p-c->q);
- num+=os->length;
- }
-
- if (!asn1_const_Finish(c)) goto err;
-
- a->length=num;
- if (a->data != NULL) OPENSSL_free(a->data);
- a->data=(unsigned char *)b.data;
- if (os != NULL) ASN1_STRING_free(os);
- return(1);
-err:
- ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
- if (os != NULL) ASN1_STRING_free(os);
- if (b.data != NULL) OPENSSL_free(b.data);
- return(0);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bytes.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_bytes.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bytes.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_bytes.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,306 @@
+/* crypto/asn1/a_bytes.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
+/*
+ * type is a 'bitmap' of acceptable string types.
+ */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
+ long length, int type)
+{
+ ASN1_STRING *ret = NULL;
+ const unsigned char *p;
+ unsigned char *s;
+ long len;
+ int inf, tag, xclass;
+ int i = 0;
+
+ p = *pp;
+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+ if (inf & 0x80)
+ goto err;
+
+ if (tag >= 32) {
+ i = ASN1_R_TAG_VALUE_TOO_HIGH;
+ goto err;
+ }
+ if (!(ASN1_tag2bit(tag) & type)) {
+ i = ASN1_R_WRONG_TYPE;
+ goto err;
+ }
+
+ /* If a bit-string, exit early */
+ if (tag == V_ASN1_BIT_STRING)
+ return (d2i_ASN1_BIT_STRING(a, pp, length));
+
+ if ((a == NULL) || ((*a) == NULL)) {
+ if ((ret = ASN1_STRING_new()) == NULL)
+ return (NULL);
+ } else
+ ret = (*a);
+
+ if (len != 0) {
+ s = (unsigned char *)OPENSSL_malloc((int)len + 1);
+ if (s == NULL) {
+ i = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+ memcpy(s, p, (int)len);
+ s[len] = '\0';
+ p += len;
+ } else
+ s = NULL;
+
+ if (ret->data != NULL)
+ OPENSSL_free(ret->data);
+ ret->length = (int)len;
+ ret->data = s;
+ ret->type = tag;
+ if (a != NULL)
+ (*a) = ret;
+ *pp = p;
+ return (ret);
+ err:
+ ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ ASN1_STRING_free(ret);
+ return (NULL);
+}
+
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
+{
+ int ret, r, constructed;
+ unsigned char *p;
+
+ if (a == NULL)
+ return (0);
+
+ if (tag == V_ASN1_BIT_STRING)
+ return (i2d_ASN1_BIT_STRING(a, pp));
+
+ ret = a->length;
+ r = ASN1_object_size(0, ret, tag);
+ if (pp == NULL)
+ return (r);
+ p = *pp;
+
+ if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
+ constructed = 1;
+ else
+ constructed = 0;
+ ASN1_put_object(&p, constructed, ret, tag, xclass);
+ memcpy(p, a->data, a->length);
+ p += a->length;
+ *pp = p;
+ return (r);
+}
+
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
+ long length, int Ptag, int Pclass)
+{
+ ASN1_STRING *ret = NULL;
+ const unsigned char *p;
+ unsigned char *s;
+ long len;
+ int inf, tag, xclass;
+ int i = 0;
+
+ if ((a == NULL) || ((*a) == NULL)) {
+ if ((ret = ASN1_STRING_new()) == NULL)
+ return (NULL);
+ } else
+ ret = (*a);
+
+ p = *pp;
+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+ if (inf & 0x80) {
+ i = ASN1_R_BAD_OBJECT_HEADER;
+ goto err;
+ }
+
+ if (tag != Ptag) {
+ i = ASN1_R_WRONG_TAG;
+ goto err;
+ }
+
+ if (inf & V_ASN1_CONSTRUCTED) {
+ ASN1_const_CTX c;
+
+ c.pp = pp;
+ c.p = p;
+ c.inf = inf;
+ c.slen = len;
+ c.tag = Ptag;
+ c.xclass = Pclass;
+ c.max = (length == 0) ? 0 : (p + length);
+ if (!asn1_collate_primitive(ret, &c))
+ goto err;
+ else {
+ p = c.p;
+ }
+ } else {
+ if (len != 0) {
+ if ((ret->length < len) || (ret->data == NULL)) {
+ if (ret->data != NULL)
+ OPENSSL_free(ret->data);
+ s = (unsigned char *)OPENSSL_malloc((int)len + 1);
+ if (s == NULL) {
+ i = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+ } else
+ s = ret->data;
+ memcpy(s, p, (int)len);
+ s[len] = '\0';
+ p += len;
+ } else {
+ s = NULL;
+ if (ret->data != NULL)
+ OPENSSL_free(ret->data);
+ }
+
+ ret->length = (int)len;
+ ret->data = s;
+ ret->type = Ptag;
+ }
+
+ if (a != NULL)
+ (*a) = ret;
+ *pp = p;
+ return (ret);
+ err:
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ ASN1_STRING_free(ret);
+ ASN1err(ASN1_F_D2I_ASN1_BYTES, i);
+ return (NULL);
+}
+
+/*
+ * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them
+ * into the one structure that is then returned
+ */
+/*
+ * There have been a few bug fixes for this function from Paul Keogh
+ * <paul.keogh at sse.ie>, many thanks to him
+ */
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
+{
+ ASN1_STRING *os = NULL;
+ BUF_MEM b;
+ int num;
+
+ b.length = 0;
+ b.max = 0;
+ b.data = NULL;
+
+ if (a == NULL) {
+ c->error = ERR_R_PASSED_NULL_PARAMETER;
+ goto err;
+ }
+
+ num = 0;
+ for (;;) {
+ if (c->inf & 1) {
+ c->eos = ASN1_const_check_infinite_end(&c->p,
+ (long)(c->max - c->p));
+ if (c->eos)
+ break;
+ } else {
+ if (c->slen <= 0)
+ break;
+ }
+
+ c->q = c->p;
+ if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass)
+ == NULL) {
+ c->error = ERR_R_ASN1_LIB;
+ goto err;
+ }
+
+ if (!BUF_MEM_grow_clean(&b, num + os->length)) {
+ c->error = ERR_R_BUF_LIB;
+ goto err;
+ }
+ memcpy(&(b.data[num]), os->data, os->length);
+ if (!(c->inf & 1))
+ c->slen -= (c->p - c->q);
+ num += os->length;
+ }
+
+ if (!asn1_const_Finish(c))
+ goto err;
+
+ a->length = num;
+ if (a->data != NULL)
+ OPENSSL_free(a->data);
+ a->data = (unsigned char *)b.data;
+ if (os != NULL)
+ ASN1_STRING_free(os);
+ return (1);
+ err:
+ ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error);
+ if (os != NULL)
+ ASN1_STRING_free(os);
+ if (b.data != NULL)
+ OPENSSL_free(b.data);
+ return (0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_d2i_fp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_d2i_fp.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_d2i_fp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,286 +0,0 @@
-/* crypto/asn1/a_d2i_fp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1_mac.h>
-
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
-
-#ifndef NO_OLD_ASN1
-#ifndef OPENSSL_NO_FP_API
-
-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
- {
- BIO *b;
- void *ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
- return(NULL);
- }
- BIO_set_fp(b,in,BIO_NOCLOSE);
- ret=ASN1_d2i_bio(xnew,d2i,b,x);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
- {
- BUF_MEM *b = NULL;
- const unsigned char *p;
- void *ret=NULL;
- int len;
-
- len = asn1_d2i_read_bio(in, &b);
- if(len < 0) goto err;
-
- p=(unsigned char *)b->data;
- ret=d2i(x,&p,len);
-err:
- if (b != NULL) BUF_MEM_free(b);
- return(ret);
- }
-
-#endif
-
-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
- {
- BUF_MEM *b = NULL;
- const unsigned char *p;
- void *ret=NULL;
- int len;
-
- len = asn1_d2i_read_bio(in, &b);
- if(len < 0) goto err;
-
- p=(const unsigned char *)b->data;
- ret=ASN1_item_d2i(x,&p,len, it);
-err:
- if (b != NULL) BUF_MEM_free(b);
- return(ret);
- }
-
-#ifndef OPENSSL_NO_FP_API
-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
- {
- BIO *b;
- char *ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB);
- return(NULL);
- }
- BIO_set_fp(b,in,BIO_NOCLOSE);
- ret=ASN1_item_d2i_bio(it,b,x);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-#define HEADER_SIZE 8
-static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
- {
- BUF_MEM *b;
- unsigned char *p;
- int i;
- ASN1_const_CTX c;
- size_t want=HEADER_SIZE;
- int eos=0;
- size_t off=0;
- size_t len=0;
-
- b=BUF_MEM_new();
- if (b == NULL)
- {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
- return -1;
- }
-
- ERR_clear_error();
- for (;;)
- {
- if (want >= (len-off))
- {
- want-=(len-off);
-
- if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
- {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- i=BIO_read(in,&(b->data[len]),want);
- if ((i < 0) && ((len-off) == 0))
- {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA);
- goto err;
- }
- if (i > 0)
- {
- if (len+i < len)
- {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
- goto err;
- }
- len+=i;
- }
- }
- /* else data already loaded */
-
- p=(unsigned char *)&(b->data[off]);
- c.p=p;
- c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),
- len-off);
- if (c.inf & 0x80)
- {
- unsigned long e;
-
- e=ERR_GET_REASON(ERR_peek_error());
- if (e != ASN1_R_TOO_LONG)
- goto err;
- else
- ERR_clear_error(); /* clear error */
- }
- i=c.p-p;/* header length */
- off+=i; /* end of data */
-
- if (c.inf & 1)
- {
- /* no data body so go round again */
- eos++;
- if (eos < 0)
- {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG);
- goto err;
- }
- want=HEADER_SIZE;
- }
- else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
- {
- /* eos value, so go back and read another header */
- eos--;
- if (eos <= 0)
- break;
- else
- want=HEADER_SIZE;
- }
- else
- {
- /* suck in c.slen bytes of data */
- want=c.slen;
- if (want > (len-off))
- {
- want-=(len-off);
- if (want > INT_MAX /* BIO_read takes an int length */ ||
- len+want < len)
- {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
- goto err;
- }
- if (!BUF_MEM_grow_clean(b,len+want))
- {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- while (want > 0)
- {
- i=BIO_read(in,&(b->data[len]),want);
- if (i <= 0)
- {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
- ASN1_R_NOT_ENOUGH_DATA);
- goto err;
- }
- /* This can't overflow because
- * |len+want| didn't overflow. */
- len+=i;
- want-=i;
- }
- }
- if (off + c.slen < off)
- {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
- goto err;
- }
- off+=c.slen;
- if (eos <= 0)
- {
- break;
- }
- else
- want=HEADER_SIZE;
- }
- }
-
- if (off > INT_MAX)
- {
- ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
- goto err;
- }
-
- *pb = b;
- return off;
-err:
- if (b != NULL) BUF_MEM_free(b);
- return -1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_d2i_fp.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_d2i_fp.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_d2i_fp.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_d2i_fp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,268 @@
+/* crypto/asn1/a_d2i_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1_mac.h>
+
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+
+#ifndef NO_OLD_ASN1
+# ifndef OPENSSL_NO_FP_API
+
+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
+{
+ BIO *b;
+ void *ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
+ return (NULL);
+ }
+ BIO_set_fp(b, in, BIO_NOCLOSE);
+ ret = ASN1_d2i_bio(xnew, d2i, b, x);
+ BIO_free(b);
+ return (ret);
+}
+# endif
+
+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
+{
+ BUF_MEM *b = NULL;
+ const unsigned char *p;
+ void *ret = NULL;
+ int len;
+
+ len = asn1_d2i_read_bio(in, &b);
+ if (len < 0)
+ goto err;
+
+ p = (unsigned char *)b->data;
+ ret = d2i(x, &p, len);
+ err:
+ if (b != NULL)
+ BUF_MEM_free(b);
+ return (ret);
+}
+
+#endif
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+{
+ BUF_MEM *b = NULL;
+ const unsigned char *p;
+ void *ret = NULL;
+ int len;
+
+ len = asn1_d2i_read_bio(in, &b);
+ if (len < 0)
+ goto err;
+
+ p = (const unsigned char *)b->data;
+ ret = ASN1_item_d2i(x, &p, len, it);
+ err:
+ if (b != NULL)
+ BUF_MEM_free(b);
+ return (ret);
+}
+
+#ifndef OPENSSL_NO_FP_API
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+{
+ BIO *b;
+ char *ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
+ return (NULL);
+ }
+ BIO_set_fp(b, in, BIO_NOCLOSE);
+ ret = ASN1_item_d2i_bio(it, b, x);
+ BIO_free(b);
+ return (ret);
+}
+#endif
+
+#define HEADER_SIZE 8
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+{
+ BUF_MEM *b;
+ unsigned char *p;
+ int i;
+ ASN1_const_CTX c;
+ size_t want = HEADER_SIZE;
+ int eos = 0;
+ size_t off = 0;
+ size_t len = 0;
+
+ b = BUF_MEM_new();
+ if (b == NULL) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+
+ ERR_clear_error();
+ for (;;) {
+ if (want >= (len - off)) {
+ want -= (len - off);
+
+ if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ i = BIO_read(in, &(b->data[len]), want);
+ if ((i < 0) && ((len - off) == 0)) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
+ goto err;
+ }
+ if (i > 0) {
+ if (len + i < len) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+ goto err;
+ }
+ len += i;
+ }
+ }
+ /* else data already loaded */
+
+ p = (unsigned char *)&(b->data[off]);
+ c.p = p;
+ c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass),
+ len - off);
+ if (c.inf & 0x80) {
+ unsigned long e;
+
+ e = ERR_GET_REASON(ERR_peek_error());
+ if (e != ASN1_R_TOO_LONG)
+ goto err;
+ else
+ ERR_clear_error(); /* clear error */
+ }
+ i = c.p - p; /* header length */
+ off += i; /* end of data */
+
+ if (c.inf & 1) {
+ /* no data body so go round again */
+ eos++;
+ if (eos < 0) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
+ goto err;
+ }
+ want = HEADER_SIZE;
+ } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
+ /* eos value, so go back and read another header */
+ eos--;
+ if (eos <= 0)
+ break;
+ else
+ want = HEADER_SIZE;
+ } else {
+ /* suck in c.slen bytes of data */
+ want = c.slen;
+ if (want > (len - off)) {
+ want -= (len - off);
+ if (want > INT_MAX /* BIO_read takes an int length */ ||
+ len + want < len) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+ goto err;
+ }
+ if (!BUF_MEM_grow_clean(b, len + want)) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ while (want > 0) {
+ i = BIO_read(in, &(b->data[len]), want);
+ if (i <= 0) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+ ASN1_R_NOT_ENOUGH_DATA);
+ goto err;
+ }
+ /*
+ * This can't overflow because |len+want| didn't
+ * overflow.
+ */
+ len += i;
+ want -= i;
+ }
+ }
+ if (off + c.slen < off) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+ goto err;
+ }
+ off += c.slen;
+ if (eos <= 0) {
+ break;
+ } else
+ want = HEADER_SIZE;
+ }
+ }
+
+ if (off > INT_MAX) {
+ ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+ goto err;
+ }
+
+ *pb = b;
+ return off;
+ err:
+ if (b != NULL)
+ BUF_MEM_free(b);
+ return -1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_digest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_digest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_digest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,111 +0,0 @@
-/* crypto/asn1/a_digest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include <openssl/x509.h>
-
-#ifndef NO_ASN1_OLD
-
-int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
- unsigned char *md, unsigned int *len)
- {
- int i;
- unsigned char *str,*p;
-
- i=i2d(data,NULL);
- if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL)
- {
- ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- p=str;
- i2d(data,&p);
-
- EVP_Digest(str, i, md, len, type, NULL);
- OPENSSL_free(str);
- return(1);
- }
-
-#endif
-
-
-int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
- unsigned char *md, unsigned int *len)
- {
- int i;
- unsigned char *str = NULL;
-
- i=ASN1_item_i2d(asn,&str, it);
- if (!str) return(0);
-
- EVP_Digest(str, i, md, len, type, NULL);
- OPENSSL_free(str);
- return(1);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_digest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_digest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_digest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_digest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,109 @@
+/* crypto/asn1/a_digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+ unsigned char *md, unsigned int *len)
+{
+ int i;
+ unsigned char *str, *p;
+
+ i = i2d(data, NULL);
+ if ((str = (unsigned char *)OPENSSL_malloc(i)) == NULL) {
+ ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ p = str;
+ i2d(data, &p);
+
+ EVP_Digest(str, i, md, len, type, NULL);
+ OPENSSL_free(str);
+ return (1);
+}
+
+#endif
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
+ unsigned char *md, unsigned int *len)
+{
+ int i;
+ unsigned char *str = NULL;
+
+ i = ASN1_item_i2d(asn, &str, it);
+ if (!str)
+ return (0);
+
+ EVP_Digest(str, i, md, len, type, NULL);
+ OPENSSL_free(str);
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_dup.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_dup.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_dup.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,109 +0,0 @@
-/* crypto/asn1/a_dup.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-#ifndef NO_OLD_ASN1
-
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
- {
- unsigned char *b,*p;
- const unsigned char *p2;
- int i;
- char *ret;
-
- if (x == NULL) return(NULL);
-
- i=i2d(x,NULL);
- b=OPENSSL_malloc(i+10);
- if (b == NULL)
- { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
- p= b;
- i=i2d(x,&p);
- p2= b;
- ret=d2i(NULL,&p2,i);
- OPENSSL_free(b);
- return(ret);
- }
-
-#endif
-
-/* ASN1_ITEM version of dup: this follows the model above except we don't need
- * to allocate the buffer. At some point this could be rewritten to directly dup
- * the underlying structure instead of doing and encode and decode.
- */
-
-void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
- {
- unsigned char *b = NULL;
- const unsigned char *p;
- long i;
- void *ret;
-
- if (x == NULL) return(NULL);
-
- i=ASN1_item_i2d(x,&b,it);
- if (b == NULL)
- { ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
- p= b;
- ret=ASN1_item_d2i(NULL,&p,i, it);
- OPENSSL_free(b);
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_dup.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_dup.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_dup.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_dup.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,117 @@
+/* crypto/asn1/a_dup.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
+{
+ unsigned char *b, *p;
+ const unsigned char *p2;
+ int i;
+ char *ret;
+
+ if (x == NULL)
+ return (NULL);
+
+ i = i2d(x, NULL);
+ b = OPENSSL_malloc(i + 10);
+ if (b == NULL) {
+ ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ p = b;
+ i = i2d(x, &p);
+ p2 = b;
+ ret = d2i(NULL, &p2, i);
+ OPENSSL_free(b);
+ return (ret);
+}
+
+#endif
+
+/*
+ * ASN1_ITEM version of dup: this follows the model above except we don't
+ * need to allocate the buffer. At some point this could be rewritten to
+ * directly dup the underlying structure instead of doing and encode and
+ * decode.
+ */
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
+{
+ unsigned char *b = NULL;
+ const unsigned char *p;
+ long i;
+ void *ret;
+
+ if (x == NULL)
+ return (NULL);
+
+ i = ASN1_item_i2d(x, &b, it);
+ if (b == NULL) {
+ ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ p = b;
+ ret = ASN1_item_d2i(NULL, &p, i, it);
+ OPENSSL_free(b);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_enum.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_enum.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_enum.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,182 +0,0 @@
-/* crypto/asn1/a_enum.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/bn.h>
-
-/*
- * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
- * for comments on encoding see a_int.c
- */
-
-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
- {
- int j,k;
- unsigned int i;
- unsigned char buf[sizeof(long)+1];
- long d;
-
- a->type=V_ASN1_ENUMERATED;
- if (a->length < (int)(sizeof(long)+1))
- {
- if (a->data != NULL)
- OPENSSL_free(a->data);
- if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
- memset((char *)a->data,0,sizeof(long)+1);
- }
- if (a->data == NULL)
- {
- ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- d=v;
- if (d < 0)
- {
- d= -d;
- a->type=V_ASN1_NEG_ENUMERATED;
- }
-
- for (i=0; i<sizeof(long); i++)
- {
- if (d == 0) break;
- buf[i]=(int)d&0xff;
- d>>=8;
- }
- j=0;
- for (k=i-1; k >=0; k--)
- a->data[j++]=buf[k];
- a->length=j;
- return(1);
- }
-
-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
- {
- int neg=0,i;
- long r=0;
-
- if (a == NULL) return(0L);
- i=a->type;
- if (i == V_ASN1_NEG_ENUMERATED)
- neg=1;
- else if (i != V_ASN1_ENUMERATED)
- return -1;
-
- if (a->length > (int)sizeof(long))
- {
- /* hmm... a bit ugly */
- return(0xffffffffL);
- }
- if (a->data == NULL)
- return 0;
-
- for (i=0; i<a->length; i++)
- {
- r<<=8;
- r|=(unsigned char)a->data[i];
- }
- if (neg) r= -r;
- return(r);
- }
-
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
- {
- ASN1_ENUMERATED *ret;
- int len,j;
-
- if (ai == NULL)
- ret=M_ASN1_ENUMERATED_new();
- else
- ret=ai;
- if (ret == NULL)
- {
- ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
- if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
- else ret->type=V_ASN1_ENUMERATED;
- j=BN_num_bits(bn);
- len=((j == 0)?0:((j/8)+1));
- if (ret->length < len+4)
- {
- unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
- if (!new_data)
- {
- ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ret->data=new_data;
- }
-
- ret->length=BN_bn2bin(bn,ret->data);
- return(ret);
-err:
- if (ret != ai) M_ASN1_ENUMERATED_free(ret);
- return(NULL);
- }
-
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
- {
- BIGNUM *ret;
-
- if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
- ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
- else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1);
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_enum.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_enum.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_enum.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_enum.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,181 @@
+/* crypto/asn1/a_enum.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+
+/*
+ * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
+ * for comments on encoding see a_int.c
+ */
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+{
+ int j, k;
+ unsigned int i;
+ unsigned char buf[sizeof(long) + 1];
+ long d;
+
+ a->type = V_ASN1_ENUMERATED;
+ if (a->length < (int)(sizeof(long) + 1)) {
+ if (a->data != NULL)
+ OPENSSL_free(a->data);
+ if ((a->data =
+ (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
+ memset((char *)a->data, 0, sizeof(long) + 1);
+ }
+ if (a->data == NULL) {
+ ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ d = v;
+ if (d < 0) {
+ d = -d;
+ a->type = V_ASN1_NEG_ENUMERATED;
+ }
+
+ for (i = 0; i < sizeof(long); i++) {
+ if (d == 0)
+ break;
+ buf[i] = (int)d & 0xff;
+ d >>= 8;
+ }
+ j = 0;
+ for (k = i - 1; k >= 0; k--)
+ a->data[j++] = buf[k];
+ a->length = j;
+ return (1);
+}
+
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
+{
+ int neg = 0, i;
+ long r = 0;
+
+ if (a == NULL)
+ return (0L);
+ i = a->type;
+ if (i == V_ASN1_NEG_ENUMERATED)
+ neg = 1;
+ else if (i != V_ASN1_ENUMERATED)
+ return -1;
+
+ if (a->length > (int)sizeof(long)) {
+ /* hmm... a bit ugly */
+ return (0xffffffffL);
+ }
+ if (a->data == NULL)
+ return 0;
+
+ for (i = 0; i < a->length; i++) {
+ r <<= 8;
+ r |= (unsigned char)a->data[i];
+ }
+ if (neg)
+ r = -r;
+ return (r);
+}
+
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
+{
+ ASN1_ENUMERATED *ret;
+ int len, j;
+
+ if (ai == NULL)
+ ret = M_ASN1_ENUMERATED_new();
+ else
+ ret = ai;
+ if (ret == NULL) {
+ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ if (BN_is_negative(bn))
+ ret->type = V_ASN1_NEG_ENUMERATED;
+ else
+ ret->type = V_ASN1_ENUMERATED;
+ j = BN_num_bits(bn);
+ len = ((j == 0) ? 0 : ((j / 8) + 1));
+ if (ret->length < len + 4) {
+ unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
+ if (!new_data) {
+ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ret->data = new_data;
+ }
+
+ ret->length = BN_bn2bin(bn, ret->data);
+ return (ret);
+ err:
+ if (ret != ai)
+ M_ASN1_ENUMERATED_free(ret);
+ return (NULL);
+}
+
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
+{
+ BIGNUM *ret;
+
+ if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
+ ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB);
+ else if (ai->type == V_ASN1_NEG_ENUMERATED)
+ BN_set_negative(ret, 1);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_gentm.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_gentm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,246 +0,0 @@
-/* crypto/asn1/a_gentm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "o_time.h"
-#include <openssl/asn1.h>
-
-#if 0
-
-int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
- {
-#ifdef CHARSET_EBCDIC
- /* KLUDGE! We convert to ascii before writing DER */
- int len;
- char tmp[24];
- ASN1_STRING tmpstr = *(ASN1_STRING *)a;
-
- len = tmpstr.length;
- ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
- tmpstr.data = tmp;
-
- a = (ASN1_GENERALIZEDTIME *) &tmpstr;
-#endif
- return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
- V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
- }
-
-
-ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
- unsigned char **pp, long length)
- {
- ASN1_GENERALIZEDTIME *ret=NULL;
-
- ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
- V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL);
- if (ret == NULL)
- {
- ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR);
- return(NULL);
- }
-#ifdef CHARSET_EBCDIC
- ascii2ebcdic(ret->data, ret->data, ret->length);
-#endif
- if (!ASN1_GENERALIZEDTIME_check(ret))
- {
- ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT);
- goto err;
- }
-
- return(ret);
-err:
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- M_ASN1_GENERALIZEDTIME_free(ret);
- return(NULL);
- }
-
-#endif
-
-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
- {
- static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
- static int max[9]={99, 99,12,31,23,59,59,12,59};
- char *a;
- int n,i,l,o;
-
- if (d->type != V_ASN1_GENERALIZEDTIME) return(0);
- l=d->length;
- a=(char *)d->data;
- o=0;
- /* GENERALIZEDTIME is similar to UTCTIME except the year is
- * represented as YYYY. This stuff treats everything as a two digit
- * field so make first two fields 00 to 99
- */
- if (l < 13) goto err;
- for (i=0; i<7; i++)
- {
- if ((i == 6) && ((a[o] == 'Z') ||
- (a[o] == '+') || (a[o] == '-')))
- { i++; break; }
- if ((a[o] < '0') || (a[o] > '9')) goto err;
- n= a[o]-'0';
- if (++o > l) goto err;
-
- if ((a[o] < '0') || (a[o] > '9')) goto err;
- n=(n*10)+ a[o]-'0';
- if (++o > l) goto err;
-
- if ((n < min[i]) || (n > max[i])) goto err;
- }
- /* Optional fractional seconds: decimal point followed by one
- * or more digits.
- */
- if (a[o] == '.')
- {
- if (++o > l) goto err;
- i = o;
- while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
- o++;
- /* Must have at least one digit after decimal point */
- if (i == o) goto err;
- }
-
- if (a[o] == 'Z')
- o++;
- else if ((a[o] == '+') || (a[o] == '-'))
- {
- o++;
- if (o+4 > l) goto err;
- for (i=7; i<9; i++)
- {
- if ((a[o] < '0') || (a[o] > '9')) goto err;
- n= a[o]-'0';
- o++;
- if ((a[o] < '0') || (a[o] > '9')) goto err;
- n=(n*10)+ a[o]-'0';
- if ((n < min[i]) || (n > max[i])) goto err;
- o++;
- }
- }
- return(o == l);
-err:
- return(0);
- }
-
-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
- {
- ASN1_GENERALIZEDTIME t;
-
- t.type=V_ASN1_GENERALIZEDTIME;
- t.length=strlen(str);
- t.data=(unsigned char *)str;
- if (ASN1_GENERALIZEDTIME_check(&t))
- {
- if (s != NULL)
- {
- if (!ASN1_STRING_set((ASN1_STRING *)s,
- (unsigned char *)str,t.length))
- return 0;
- s->type=V_ASN1_GENERALIZEDTIME;
- }
- return(1);
- }
- else
- return(0);
- }
-
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
- time_t t)
- {
- char *p;
- struct tm *ts;
- struct tm data;
- size_t len = 20;
-
- if (s == NULL)
- s=M_ASN1_GENERALIZEDTIME_new();
- if (s == NULL)
- return(NULL);
-
- ts=OPENSSL_gmtime(&t, &data);
- if (ts == NULL)
- return(NULL);
-
- p=(char *)s->data;
- if ((p == NULL) || ((size_t)s->length < len))
- {
- p=OPENSSL_malloc(len);
- if (p == NULL)
- {
- ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- if (s->data != NULL)
- OPENSSL_free(s->data);
- s->data=(unsigned char *)p;
- }
-
- BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
- ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
- s->length=strlen(p);
- s->type=V_ASN1_GENERALIZEDTIME;
-#ifdef CHARSET_EBCDIC_not
- ebcdic2ascii(s->data, s->data, s->length);
-#endif
- return(s);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_gentm.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_gentm.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_gentm.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_gentm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,255 @@
+/* crypto/asn1/a_gentm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1.h>
+
+#if 0
+
+int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
+{
+# ifdef CHARSET_EBCDIC
+ /* KLUDGE! We convert to ascii before writing DER */
+ int len;
+ char tmp[24];
+ ASN1_STRING tmpstr = *(ASN1_STRING *)a;
+
+ len = tmpstr.length;
+ ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+ tmpstr.data = tmp;
+
+ a = (ASN1_GENERALIZEDTIME *)&tmpstr;
+# endif
+ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
+ V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL));
+}
+
+ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
+ unsigned char **pp,
+ long length)
+{
+ ASN1_GENERALIZEDTIME *ret = NULL;
+
+ ret =
+ (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length,
+ V_ASN1_GENERALIZEDTIME,
+ V_ASN1_UNIVERSAL);
+ if (ret == NULL) {
+ ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR);
+ return (NULL);
+ }
+# ifdef CHARSET_EBCDIC
+ ascii2ebcdic(ret->data, ret->data, ret->length);
+# endif
+ if (!ASN1_GENERALIZEDTIME_check(ret)) {
+ ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT);
+ goto err;
+ }
+
+ return (ret);
+ err:
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ M_ASN1_GENERALIZEDTIME_free(ret);
+ return (NULL);
+}
+
+#endif
+
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
+{
+ static int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
+ static int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
+ char *a;
+ int n, i, l, o;
+
+ if (d->type != V_ASN1_GENERALIZEDTIME)
+ return (0);
+ l = d->length;
+ a = (char *)d->data;
+ o = 0;
+ /*
+ * GENERALIZEDTIME is similar to UTCTIME except the year is represented
+ * as YYYY. This stuff treats everything as a two digit field so make
+ * first two fields 00 to 99
+ */
+ if (l < 13)
+ goto err;
+ for (i = 0; i < 7; i++) {
+ if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
+ i++;
+ break;
+ }
+ if ((a[o] < '0') || (a[o] > '9'))
+ goto err;
+ n = a[o] - '0';
+ if (++o > l)
+ goto err;
+
+ if ((a[o] < '0') || (a[o] > '9'))
+ goto err;
+ n = (n * 10) + a[o] - '0';
+ if (++o > l)
+ goto err;
+
+ if ((n < min[i]) || (n > max[i]))
+ goto err;
+ }
+ /*
+ * Optional fractional seconds: decimal point followed by one or more
+ * digits.
+ */
+ if (a[o] == '.') {
+ if (++o > l)
+ goto err;
+ i = o;
+ while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
+ o++;
+ /* Must have at least one digit after decimal point */
+ if (i == o)
+ goto err;
+ }
+
+ if (a[o] == 'Z')
+ o++;
+ else if ((a[o] == '+') || (a[o] == '-')) {
+ o++;
+ if (o + 4 > l)
+ goto err;
+ for (i = 7; i < 9; i++) {
+ if ((a[o] < '0') || (a[o] > '9'))
+ goto err;
+ n = a[o] - '0';
+ o++;
+ if ((a[o] < '0') || (a[o] > '9'))
+ goto err;
+ n = (n * 10) + a[o] - '0';
+ if ((n < min[i]) || (n > max[i]))
+ goto err;
+ o++;
+ }
+ }
+ return (o == l);
+ err:
+ return (0);
+}
+
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
+{
+ ASN1_GENERALIZEDTIME t;
+
+ t.type = V_ASN1_GENERALIZEDTIME;
+ t.length = strlen(str);
+ t.data = (unsigned char *)str;
+ if (ASN1_GENERALIZEDTIME_check(&t)) {
+ if (s != NULL) {
+ if (!ASN1_STRING_set((ASN1_STRING *)s,
+ (unsigned char *)str, t.length))
+ return 0;
+ s->type = V_ASN1_GENERALIZEDTIME;
+ }
+ return (1);
+ } else
+ return (0);
+}
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+ time_t t)
+{
+ char *p;
+ struct tm *ts;
+ struct tm data;
+ size_t len = 20;
+
+ if (s == NULL)
+ s = M_ASN1_GENERALIZEDTIME_new();
+ if (s == NULL)
+ return (NULL);
+
+ ts = OPENSSL_gmtime(&t, &data);
+ if (ts == NULL)
+ return (NULL);
+
+ p = (char *)s->data;
+ if ((p == NULL) || ((size_t)s->length < len)) {
+ p = OPENSSL_malloc(len);
+ if (p == NULL) {
+ ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ if (s->data != NULL)
+ OPENSSL_free(s->data);
+ s->data = (unsigned char *)p;
+ }
+
+ BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
+ ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
+ ts->tm_sec);
+ s->length = strlen(p);
+ s->type = V_ASN1_GENERALIZEDTIME;
+#ifdef CHARSET_EBCDIC_not
+ ebcdic2ascii(s->data, s->data, s->length);
+#endif
+ return (s);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_hdr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_hdr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_hdr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,119 +0,0 @@
-/* crypto/asn1/a_hdr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-#include <openssl/asn1.h>
-
-int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)
- {
- M_ASN1_I2D_vars(a);
-
- M_ASN1_I2D_len(a->header, i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_len(a->data, a->meth->i2d);
-
- M_ASN1_I2D_seq_total();
-
- M_ASN1_I2D_put(a->header, i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_put(a->data, a->meth->i2d);
-
- M_ASN1_I2D_finish();
- }
-
-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp,
- long length)
- {
- M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
-
- M_ASN1_D2I_Init();
- M_ASN1_D2I_start_sequence();
- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->header,d2i_ASN1_OCTET_STRING);
- if (ret->meth != NULL)
- {
- M_ASN1_D2I_get_x(void,ret->data,ret->meth->d2i);
- }
- else
- {
- if (a != NULL) (*a)=ret;
- return(ret);
- }
- M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
- }
-
-ASN1_HEADER *ASN1_HEADER_new(void)
- {
- ASN1_HEADER *ret=NULL;
- ASN1_CTX c;
-
- M_ASN1_New_Malloc(ret,ASN1_HEADER);
- M_ASN1_New(ret->header,M_ASN1_OCTET_STRING_new);
- ret->meth=NULL;
- ret->data=NULL;
- return(ret);
- M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
- }
-
-void ASN1_HEADER_free(ASN1_HEADER *a)
- {
- if (a == NULL) return;
- M_ASN1_OCTET_STRING_free(a->header);
- if (a->meth != NULL)
- a->meth->destroy(a->data);
- OPENSSL_free(a);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_hdr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_hdr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_hdr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_hdr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,118 @@
+/* crypto/asn1/a_hdr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
+
+int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp)
+{
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->header, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_len(a->data, a->meth->i2d);
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put(a->header, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_put(a->data, a->meth->i2d);
+
+ M_ASN1_I2D_finish();
+}
+
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp,
+ long length)
+{
+ M_ASN1_D2I_vars(a, ASN1_HEADER *, ASN1_HEADER_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->header, d2i_ASN1_OCTET_STRING);
+ if (ret->meth != NULL) {
+ M_ASN1_D2I_get_x(void, ret->data, ret->meth->d2i);
+ } else {
+ if (a != NULL)
+ (*a) = ret;
+ return (ret);
+ }
+ M_ASN1_D2I_Finish(a, ASN1_HEADER_free, ASN1_F_D2I_ASN1_HEADER);
+}
+
+ASN1_HEADER *ASN1_HEADER_new(void)
+{
+ ASN1_HEADER *ret = NULL;
+ ASN1_CTX c;
+
+ M_ASN1_New_Malloc(ret, ASN1_HEADER);
+ M_ASN1_New(ret->header, M_ASN1_OCTET_STRING_new);
+ ret->meth = NULL;
+ ret->data = NULL;
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
+}
+
+void ASN1_HEADER_free(ASN1_HEADER * a)
+{
+ if (a == NULL)
+ return;
+ M_ASN1_OCTET_STRING_free(a->header);
+ if (a->meth != NULL)
+ a->meth->destroy(a->data);
+ OPENSSL_free(a);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_i2d_fp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_i2d_fp.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_i2d_fp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,163 +0,0 @@
-/* crypto/asn1/a_i2d_fp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-#ifndef NO_OLD_ASN1
-
-#ifndef OPENSSL_NO_FP_API
-int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,out,BIO_NOCLOSE);
- ret=ASN1_i2d_bio(i2d,b,x);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
- {
- char *b;
- unsigned char *p;
- int i,j=0,n,ret=1;
-
- n=i2d(x,NULL);
- b=(char *)OPENSSL_malloc(n);
- if (b == NULL)
- {
- ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
- p=(unsigned char *)b;
- i2d(x,&p);
-
- for (;;)
- {
- i=BIO_write(out,&(b[j]),n);
- if (i == n) break;
- if (i <= 0)
- {
- ret=0;
- break;
- }
- j+=i;
- n-=i;
- }
- OPENSSL_free(b);
- return(ret);
- }
-
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,out,BIO_NOCLOSE);
- ret=ASN1_item_i2d_bio(it,b,x);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
- {
- unsigned char *b = NULL;
- int i,j=0,n,ret=1;
-
- n = ASN1_item_i2d(x, &b, it);
- if (b == NULL)
- {
- ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
- for (;;)
- {
- i=BIO_write(out,&(b[j]),n);
- if (i == n) break;
- if (i <= 0)
- {
- ret=0;
- break;
- }
- j+=i;
- n-=i;
- }
- OPENSSL_free(b);
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_i2d_fp.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_i2d_fp.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_i2d_fp.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_i2d_fp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,157 @@
+/* crypto/asn1/a_i2d_fp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+# ifndef OPENSSL_NO_FP_API
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, out, BIO_NOCLOSE);
+ ret = ASN1_i2d_bio(i2d, b, x);
+ BIO_free(b);
+ return (ret);
+}
+# endif
+
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
+{
+ char *b;
+ unsigned char *p;
+ int i, j = 0, n, ret = 1;
+
+ n = i2d(x, NULL);
+ b = (char *)OPENSSL_malloc(n);
+ if (b == NULL) {
+ ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+
+ p = (unsigned char *)b;
+ i2d(x, &p);
+
+ for (;;) {
+ i = BIO_write(out, &(b[j]), n);
+ if (i == n)
+ break;
+ if (i <= 0) {
+ ret = 0;
+ break;
+ }
+ j += i;
+ n -= i;
+ }
+ OPENSSL_free(b);
+ return (ret);
+}
+
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, out, BIO_NOCLOSE);
+ ret = ASN1_item_i2d_bio(it, b, x);
+ BIO_free(b);
+ return (ret);
+}
+#endif
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
+{
+ unsigned char *b = NULL;
+ int i, j = 0, n, ret = 1;
+
+ n = ASN1_item_i2d(x, &b, it);
+ if (b == NULL) {
+ ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+
+ for (;;) {
+ i = BIO_write(out, &(b[j]), n);
+ if (i == n)
+ break;
+ if (i <= 0) {
+ ret = 0;
+ break;
+ }
+ j += i;
+ n -= i;
+ }
+ OPENSSL_free(b);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_int.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_int.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_int.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,458 +0,0 @@
-/* crypto/asn1/a_int.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/bn.h>
-
-ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
-{ return M_ASN1_INTEGER_dup(x);}
-
-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
- {
- int neg, ret;
- /* Compare signs */
- neg = x->type & V_ASN1_NEG;
- if (neg != (y->type & V_ASN1_NEG))
- {
- if (neg)
- return -1;
- else
- return 1;
- }
-
- ret = ASN1_STRING_cmp(x, y);
-
- if (neg)
- return -ret;
- else
- return ret;
- }
-
-
-/*
- * This converts an ASN1 INTEGER into its content encoding.
- * The internal representation is an ASN1_STRING whose data is a big endian
- * representation of the value, ignoring the sign. The sign is determined by
- * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
- *
- * Positive integers are no problem: they are almost the same as the DER
- * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
- *
- * Negative integers are a bit trickier...
- * The DER representation of negative integers is in 2s complement form.
- * The internal form is converted by complementing each octet and finally
- * adding one to the result. This can be done less messily with a little trick.
- * If the internal form has trailing zeroes then they will become FF by the
- * complement and 0 by the add one (due to carry) so just copy as many trailing
- * zeros to the destination as there are in the source. The carry will add one
- * to the last none zero octet: so complement this octet and add one and finally
- * complement any left over until you get to the start of the string.
- *
- * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
- * with 0xff. However if the first byte is 0x80 and one of the following bytes
- * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
- * followed by optional zeros isn't padded.
- */
-
-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
- {
- int pad=0,ret,i,neg;
- unsigned char *p,*n,pb=0;
-
- if (a == NULL) return(0);
- neg=a->type & V_ASN1_NEG;
- if (a->length == 0)
- ret=1;
- else
- {
- ret=a->length;
- i=a->data[0];
- if (!neg && (i > 127)) {
- pad=1;
- pb=0;
- } else if(neg) {
- if(i>128) {
- pad=1;
- pb=0xFF;
- } else if(i == 128) {
- /*
- * Special case: if any other bytes non zero we pad:
- * otherwise we don't.
- */
- for(i = 1; i < a->length; i++) if(a->data[i]) {
- pad=1;
- pb=0xFF;
- break;
- }
- }
- }
- ret+=pad;
- }
- if (pp == NULL) return(ret);
- p= *pp;
-
- if (pad) *(p++)=pb;
- if (a->length == 0) *(p++)=0;
- else if (!neg) memcpy(p,a->data,(unsigned int)a->length);
- else {
- /* Begin at the end of the encoding */
- n=a->data + a->length - 1;
- p += a->length - 1;
- i = a->length;
- /* Copy zeros to destination as long as source is zero */
- while(!*n) {
- *(p--) = 0;
- n--;
- i--;
- }
- /* Complement and increment next octet */
- *(p--) = ((*(n--)) ^ 0xff) + 1;
- i--;
- /* Complement any octets left */
- for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
- }
-
- *pp+=ret;
- return(ret);
- }
-
-/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
-
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
- long len)
- {
- ASN1_INTEGER *ret=NULL;
- const unsigned char *p, *pend;
- unsigned char *to,*s;
- int i;
-
- if ((a == NULL) || ((*a) == NULL))
- {
- if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
- ret->type=V_ASN1_INTEGER;
- }
- else
- ret=(*a);
-
- p= *pp;
- pend = p + len;
-
- /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
- * signifies a missing NULL parameter. */
- s=(unsigned char *)OPENSSL_malloc((int)len+1);
- if (s == NULL)
- {
- i=ERR_R_MALLOC_FAILURE;
- goto err;
- }
- to=s;
- if(!len) {
- /* Strictly speaking this is an illegal INTEGER but we
- * tolerate it.
- */
- ret->type=V_ASN1_INTEGER;
- } else if (*p & 0x80) /* a negative number */
- {
- ret->type=V_ASN1_NEG_INTEGER;
- if ((*p == 0xff) && (len != 1)) {
- p++;
- len--;
- }
- i = len;
- p += i - 1;
- to += i - 1;
- while((!*p) && i) {
- *(to--) = 0;
- i--;
- p--;
- }
- /* Special case: if all zeros then the number will be of
- * the form FF followed by n zero bytes: this corresponds to
- * 1 followed by n zero bytes. We've already written n zeros
- * so we just append an extra one and set the first byte to
- * a 1. This is treated separately because it is the only case
- * where the number of bytes is larger than len.
- */
- if(!i) {
- *s = 1;
- s[len] = 0;
- len++;
- } else {
- *(to--) = (*(p--) ^ 0xff) + 1;
- i--;
- for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
- }
- } else {
- ret->type=V_ASN1_INTEGER;
- if ((*p == 0) && (len != 1))
- {
- p++;
- len--;
- }
- memcpy(s,p,(int)len);
- }
-
- if (ret->data != NULL) OPENSSL_free(ret->data);
- ret->data=s;
- ret->length=(int)len;
- if (a != NULL) (*a)=ret;
- *pp=pend;
- return(ret);
-err:
- ASN1err(ASN1_F_C2I_ASN1_INTEGER,i);
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- M_ASN1_INTEGER_free(ret);
- return(NULL);
- }
-
-
-/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
- * ASN1 integers: some broken software can encode a positive INTEGER
- * with its MSB set as negative (it doesn't add a padding zero).
- */
-
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
- long length)
- {
- ASN1_INTEGER *ret=NULL;
- const unsigned char *p;
- unsigned char *s;
- long len;
- int inf,tag,xclass;
- int i;
-
- if ((a == NULL) || ((*a) == NULL))
- {
- if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
- ret->type=V_ASN1_INTEGER;
- }
- else
- ret=(*a);
-
- p= *pp;
- inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
- if (inf & 0x80)
- {
- i=ASN1_R_BAD_OBJECT_HEADER;
- goto err;
- }
-
- if (tag != V_ASN1_INTEGER)
- {
- i=ASN1_R_EXPECTING_AN_INTEGER;
- goto err;
- }
-
- /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
- * signifies a missing NULL parameter. */
- s=(unsigned char *)OPENSSL_malloc((int)len+1);
- if (s == NULL)
- {
- i=ERR_R_MALLOC_FAILURE;
- goto err;
- }
- ret->type=V_ASN1_INTEGER;
- if(len) {
- if ((*p == 0) && (len != 1))
- {
- p++;
- len--;
- }
- memcpy(s,p,(int)len);
- p+=len;
- }
-
- if (ret->data != NULL) OPENSSL_free(ret->data);
- ret->data=s;
- ret->length=(int)len;
- if (a != NULL) (*a)=ret;
- *pp=p;
- return(ret);
-err:
- ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- M_ASN1_INTEGER_free(ret);
- return(NULL);
- }
-
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
- {
- int j,k;
- unsigned int i;
- unsigned char buf[sizeof(long)+1];
- long d;
-
- a->type=V_ASN1_INTEGER;
- if (a->length < (int)(sizeof(long)+1))
- {
- if (a->data != NULL)
- OPENSSL_free(a->data);
- if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
- memset((char *)a->data,0,sizeof(long)+1);
- }
- if (a->data == NULL)
- {
- ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- d=v;
- if (d < 0)
- {
- d= -d;
- a->type=V_ASN1_NEG_INTEGER;
- }
-
- for (i=0; i<sizeof(long); i++)
- {
- if (d == 0) break;
- buf[i]=(int)d&0xff;
- d>>=8;
- }
- j=0;
- for (k=i-1; k >=0; k--)
- a->data[j++]=buf[k];
- a->length=j;
- return(1);
- }
-
-long ASN1_INTEGER_get(ASN1_INTEGER *a)
- {
- int neg=0,i;
- long r=0;
-
- if (a == NULL) return(0L);
- i=a->type;
- if (i == V_ASN1_NEG_INTEGER)
- neg=1;
- else if (i != V_ASN1_INTEGER)
- return -1;
-
- if (a->length > (int)sizeof(long))
- {
- /* hmm... a bit ugly */
- return(0xffffffffL);
- }
- if (a->data == NULL)
- return 0;
-
- for (i=0; i<a->length; i++)
- {
- r<<=8;
- r|=(unsigned char)a->data[i];
- }
- if (neg) r= -r;
- return(r);
- }
-
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
- {
- ASN1_INTEGER *ret;
- int len,j;
-
- if (ai == NULL)
- ret=M_ASN1_INTEGER_new();
- else
- ret=ai;
- if (ret == NULL)
- {
- ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
- if (BN_is_negative(bn))
- ret->type = V_ASN1_NEG_INTEGER;
- else ret->type=V_ASN1_INTEGER;
- j=BN_num_bits(bn);
- len=((j == 0)?0:((j/8)+1));
- if (ret->length < len+4)
- {
- unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
- if (!new_data)
- {
- ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ret->data=new_data;
- }
- ret->length=BN_bn2bin(bn,ret->data);
- /* Correct zero case */
- if(!ret->length)
- {
- ret->data[0] = 0;
- ret->length = 1;
- }
- return(ret);
-err:
- if (ret != ai) M_ASN1_INTEGER_free(ret);
- return(NULL);
- }
-
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
- {
- BIGNUM *ret;
-
- if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
- ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
- else if(ai->type == V_ASN1_NEG_INTEGER)
- BN_set_negative(ret, 1);
- return(ret);
- }
-
-IMPLEMENT_STACK_OF(ASN1_INTEGER)
-IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_int.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_int.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_int.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_int.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,462 @@
+/* crypto/asn1/a_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+
+ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
+{
+ return M_ASN1_INTEGER_dup(x);
+}
+
+int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
+{
+ int neg, ret;
+ /* Compare signs */
+ neg = x->type & V_ASN1_NEG;
+ if (neg != (y->type & V_ASN1_NEG)) {
+ if (neg)
+ return -1;
+ else
+ return 1;
+ }
+
+ ret = ASN1_STRING_cmp(x, y);
+
+ if (neg)
+ return -ret;
+ else
+ return ret;
+}
+
+/*-
+ * This converts an ASN1 INTEGER into its content encoding.
+ * The internal representation is an ASN1_STRING whose data is a big endian
+ * representation of the value, ignoring the sign. The sign is determined by
+ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
+ *
+ * Positive integers are no problem: they are almost the same as the DER
+ * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
+ *
+ * Negative integers are a bit trickier...
+ * The DER representation of negative integers is in 2s complement form.
+ * The internal form is converted by complementing each octet and finally
+ * adding one to the result. This can be done less messily with a little trick.
+ * If the internal form has trailing zeroes then they will become FF by the
+ * complement and 0 by the add one (due to carry) so just copy as many trailing
+ * zeros to the destination as there are in the source. The carry will add one
+ * to the last none zero octet: so complement this octet and add one and finally
+ * complement any left over until you get to the start of the string.
+ *
+ * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
+ * with 0xff. However if the first byte is 0x80 and one of the following bytes
+ * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
+ * followed by optional zeros isn't padded.
+ */
+
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+{
+ int pad = 0, ret, i, neg;
+ unsigned char *p, *n, pb = 0;
+
+ if (a == NULL)
+ return (0);
+ neg = a->type & V_ASN1_NEG;
+ if (a->length == 0)
+ ret = 1;
+ else {
+ ret = a->length;
+ i = a->data[0];
+ if (!neg && (i > 127)) {
+ pad = 1;
+ pb = 0;
+ } else if (neg) {
+ if (i > 128) {
+ pad = 1;
+ pb = 0xFF;
+ } else if (i == 128) {
+ /*
+ * Special case: if any other bytes non zero we pad:
+ * otherwise we don't.
+ */
+ for (i = 1; i < a->length; i++)
+ if (a->data[i]) {
+ pad = 1;
+ pb = 0xFF;
+ break;
+ }
+ }
+ }
+ ret += pad;
+ }
+ if (pp == NULL)
+ return (ret);
+ p = *pp;
+
+ if (pad)
+ *(p++) = pb;
+ if (a->length == 0)
+ *(p++) = 0;
+ else if (!neg)
+ memcpy(p, a->data, (unsigned int)a->length);
+ else {
+ /* Begin at the end of the encoding */
+ n = a->data + a->length - 1;
+ p += a->length - 1;
+ i = a->length;
+ /* Copy zeros to destination as long as source is zero */
+ while (!*n) {
+ *(p--) = 0;
+ n--;
+ i--;
+ }
+ /* Complement and increment next octet */
+ *(p--) = ((*(n--)) ^ 0xff) + 1;
+ i--;
+ /* Complement any octets left */
+ for (; i > 0; i--)
+ *(p--) = *(n--) ^ 0xff;
+ }
+
+ *pp += ret;
+ return (ret);
+}
+
+/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
+
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+ long len)
+{
+ ASN1_INTEGER *ret = NULL;
+ const unsigned char *p, *pend;
+ unsigned char *to, *s;
+ int i;
+
+ if ((a == NULL) || ((*a) == NULL)) {
+ if ((ret = M_ASN1_INTEGER_new()) == NULL)
+ return (NULL);
+ ret->type = V_ASN1_INTEGER;
+ } else
+ ret = (*a);
+
+ p = *pp;
+ pend = p + len;
+
+ /*
+ * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
+ * a missing NULL parameter.
+ */
+ s = (unsigned char *)OPENSSL_malloc((int)len + 1);
+ if (s == NULL) {
+ i = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+ to = s;
+ if (!len) {
+ /*
+ * Strictly speaking this is an illegal INTEGER but we tolerate it.
+ */
+ ret->type = V_ASN1_INTEGER;
+ } else if (*p & 0x80) { /* a negative number */
+ ret->type = V_ASN1_NEG_INTEGER;
+ if ((*p == 0xff) && (len != 1)) {
+ p++;
+ len--;
+ }
+ i = len;
+ p += i - 1;
+ to += i - 1;
+ while ((!*p) && i) {
+ *(to--) = 0;
+ i--;
+ p--;
+ }
+ /*
+ * Special case: if all zeros then the number will be of the form FF
+ * followed by n zero bytes: this corresponds to 1 followed by n zero
+ * bytes. We've already written n zeros so we just append an extra
+ * one and set the first byte to a 1. This is treated separately
+ * because it is the only case where the number of bytes is larger
+ * than len.
+ */
+ if (!i) {
+ *s = 1;
+ s[len] = 0;
+ len++;
+ } else {
+ *(to--) = (*(p--) ^ 0xff) + 1;
+ i--;
+ for (; i > 0; i--)
+ *(to--) = *(p--) ^ 0xff;
+ }
+ } else {
+ ret->type = V_ASN1_INTEGER;
+ if ((*p == 0) && (len != 1)) {
+ p++;
+ len--;
+ }
+ memcpy(s, p, (int)len);
+ }
+
+ if (ret->data != NULL)
+ OPENSSL_free(ret->data);
+ ret->data = s;
+ ret->length = (int)len;
+ if (a != NULL)
+ (*a) = ret;
+ *pp = pend;
+ return (ret);
+ err:
+ ASN1err(ASN1_F_C2I_ASN1_INTEGER, i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ M_ASN1_INTEGER_free(ret);
+ return (NULL);
+}
+
+/*
+ * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
+ * integers: some broken software can encode a positive INTEGER with its MSB
+ * set as negative (it doesn't add a padding zero).
+ */
+
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+ long length)
+{
+ ASN1_INTEGER *ret = NULL;
+ const unsigned char *p;
+ unsigned char *s;
+ long len;
+ int inf, tag, xclass;
+ int i;
+
+ if ((a == NULL) || ((*a) == NULL)) {
+ if ((ret = M_ASN1_INTEGER_new()) == NULL)
+ return (NULL);
+ ret->type = V_ASN1_INTEGER;
+ } else
+ ret = (*a);
+
+ p = *pp;
+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+ if (inf & 0x80) {
+ i = ASN1_R_BAD_OBJECT_HEADER;
+ goto err;
+ }
+
+ if (tag != V_ASN1_INTEGER) {
+ i = ASN1_R_EXPECTING_AN_INTEGER;
+ goto err;
+ }
+
+ /*
+ * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
+ * a missing NULL parameter.
+ */
+ s = (unsigned char *)OPENSSL_malloc((int)len + 1);
+ if (s == NULL) {
+ i = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+ ret->type = V_ASN1_INTEGER;
+ if (len) {
+ if ((*p == 0) && (len != 1)) {
+ p++;
+ len--;
+ }
+ memcpy(s, p, (int)len);
+ p += len;
+ }
+
+ if (ret->data != NULL)
+ OPENSSL_free(ret->data);
+ ret->data = s;
+ ret->length = (int)len;
+ if (a != NULL)
+ (*a) = ret;
+ *pp = p;
+ return (ret);
+ err:
+ ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ M_ASN1_INTEGER_free(ret);
+ return (NULL);
+}
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+{
+ int j, k;
+ unsigned int i;
+ unsigned char buf[sizeof(long) + 1];
+ long d;
+
+ a->type = V_ASN1_INTEGER;
+ if (a->length < (int)(sizeof(long) + 1)) {
+ if (a->data != NULL)
+ OPENSSL_free(a->data);
+ if ((a->data =
+ (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
+ memset((char *)a->data, 0, sizeof(long) + 1);
+ }
+ if (a->data == NULL) {
+ ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ d = v;
+ if (d < 0) {
+ d = -d;
+ a->type = V_ASN1_NEG_INTEGER;
+ }
+
+ for (i = 0; i < sizeof(long); i++) {
+ if (d == 0)
+ break;
+ buf[i] = (int)d & 0xff;
+ d >>= 8;
+ }
+ j = 0;
+ for (k = i - 1; k >= 0; k--)
+ a->data[j++] = buf[k];
+ a->length = j;
+ return (1);
+}
+
+long ASN1_INTEGER_get(ASN1_INTEGER *a)
+{
+ int neg = 0, i;
+ long r = 0;
+
+ if (a == NULL)
+ return (0L);
+ i = a->type;
+ if (i == V_ASN1_NEG_INTEGER)
+ neg = 1;
+ else if (i != V_ASN1_INTEGER)
+ return -1;
+
+ if (a->length > (int)sizeof(long)) {
+ /* hmm... a bit ugly */
+ return (0xffffffffL);
+ }
+ if (a->data == NULL)
+ return 0;
+
+ for (i = 0; i < a->length; i++) {
+ r <<= 8;
+ r |= (unsigned char)a->data[i];
+ }
+ if (neg)
+ r = -r;
+ return (r);
+}
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
+{
+ ASN1_INTEGER *ret;
+ int len, j;
+
+ if (ai == NULL)
+ ret = M_ASN1_INTEGER_new();
+ else
+ ret = ai;
+ if (ret == NULL) {
+ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ if (BN_is_negative(bn))
+ ret->type = V_ASN1_NEG_INTEGER;
+ else
+ ret->type = V_ASN1_INTEGER;
+ j = BN_num_bits(bn);
+ len = ((j == 0) ? 0 : ((j / 8) + 1));
+ if (ret->length < len + 4) {
+ unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
+ if (!new_data) {
+ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ret->data = new_data;
+ }
+ ret->length = BN_bn2bin(bn, ret->data);
+ /* Correct zero case */
+ if (!ret->length) {
+ ret->data[0] = 0;
+ ret->length = 1;
+ }
+ return (ret);
+ err:
+ if (ret != ai)
+ M_ASN1_INTEGER_free(ret);
+ return (NULL);
+}
+
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
+{
+ BIGNUM *ret;
+
+ if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
+ ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB);
+ else if (ai->type == V_ASN1_NEG_INTEGER)
+ BN_set_negative(ret, 1);
+ return (ret);
+}
+
+IMPLEMENT_STACK_OF(ASN1_INTEGER)
+
+IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_mbstr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_mbstr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_mbstr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,400 +0,0 @@
-/* a_mbstr.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-static int traverse_string(const unsigned char *p, int len, int inform,
- int (*rfunc)(unsigned long value, void *in), void *arg);
-static int in_utf8(unsigned long value, void *arg);
-static int out_utf8(unsigned long value, void *arg);
-static int type_str(unsigned long value, void *arg);
-static int cpy_asc(unsigned long value, void *arg);
-static int cpy_bmp(unsigned long value, void *arg);
-static int cpy_univ(unsigned long value, void *arg);
-static int cpy_utf8(unsigned long value, void *arg);
-static int is_printable(unsigned long value);
-
-/* These functions take a string in UTF8, ASCII or multibyte form and
- * a mask of permissible ASN1 string types. It then works out the minimal
- * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8)
- * and creates a string of the correct type with the supplied data.
- * Yes this is horrible: it has to be :-(
- * The 'ncopy' form checks minimum and maximum size limits too.
- */
-
-int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
- int inform, unsigned long mask)
-{
- return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
-}
-
-int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
- int inform, unsigned long mask,
- long minsize, long maxsize)
-{
- int str_type;
- int ret;
- char free_out;
- int outform, outlen = 0;
- ASN1_STRING *dest;
- unsigned char *p;
- int nchar;
- char strbuf[32];
- int (*cpyfunc)(unsigned long,void *) = NULL;
- if(len == -1) len = strlen((const char *)in);
- if(!mask) mask = DIRSTRING_TYPE;
-
- /* First do a string check and work out the number of characters */
- switch(inform) {
-
- case MBSTRING_BMP:
- if(len & 1) {
- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
- ASN1_R_INVALID_BMPSTRING_LENGTH);
- return -1;
- }
- nchar = len >> 1;
- break;
-
- case MBSTRING_UNIV:
- if(len & 3) {
- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
- ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
- return -1;
- }
- nchar = len >> 2;
- break;
-
- case MBSTRING_UTF8:
- nchar = 0;
- /* This counts the characters and does utf8 syntax checking */
- ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
- if(ret < 0) {
- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
- ASN1_R_INVALID_UTF8STRING);
- return -1;
- }
- break;
-
- case MBSTRING_ASC:
- nchar = len;
- break;
-
- default:
- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
- return -1;
- }
-
- if((minsize > 0) && (nchar < minsize)) {
- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
- BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
- ERR_add_error_data(2, "minsize=", strbuf);
- return -1;
- }
-
- if((maxsize > 0) && (nchar > maxsize)) {
- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
- BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
- ERR_add_error_data(2, "maxsize=", strbuf);
- return -1;
- }
-
- /* Now work out minimal type (if any) */
- if(traverse_string(in, len, inform, type_str, &mask) < 0) {
- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
- return -1;
- }
-
-
- /* Now work out output format and string type */
- outform = MBSTRING_ASC;
- if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING;
- else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING;
- else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING;
- else if(mask & B_ASN1_BMPSTRING) {
- str_type = V_ASN1_BMPSTRING;
- outform = MBSTRING_BMP;
- } else if(mask & B_ASN1_UNIVERSALSTRING) {
- str_type = V_ASN1_UNIVERSALSTRING;
- outform = MBSTRING_UNIV;
- } else {
- str_type = V_ASN1_UTF8STRING;
- outform = MBSTRING_UTF8;
- }
- if(!out) return str_type;
- if(*out) {
- free_out = 0;
- dest = *out;
- if(dest->data) {
- dest->length = 0;
- OPENSSL_free(dest->data);
- dest->data = NULL;
- }
- dest->type = str_type;
- } else {
- free_out = 1;
- dest = ASN1_STRING_type_new(str_type);
- if(!dest) {
- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
- ERR_R_MALLOC_FAILURE);
- return -1;
- }
- *out = dest;
- }
- /* If both the same type just copy across */
- if(inform == outform) {
- if(!ASN1_STRING_set(dest, in, len)) {
- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
- return -1;
- }
- return str_type;
- }
-
- /* Work out how much space the destination will need */
- switch(outform) {
- case MBSTRING_ASC:
- outlen = nchar;
- cpyfunc = cpy_asc;
- break;
-
- case MBSTRING_BMP:
- outlen = nchar << 1;
- cpyfunc = cpy_bmp;
- break;
-
- case MBSTRING_UNIV:
- outlen = nchar << 2;
- cpyfunc = cpy_univ;
- break;
-
- case MBSTRING_UTF8:
- outlen = 0;
- traverse_string(in, len, inform, out_utf8, &outlen);
- cpyfunc = cpy_utf8;
- break;
- }
- if(!(p = OPENSSL_malloc(outlen + 1))) {
- if(free_out) ASN1_STRING_free(dest);
- ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
- return -1;
- }
- dest->length = outlen;
- dest->data = p;
- p[outlen] = 0;
- traverse_string(in, len, inform, cpyfunc, &p);
- return str_type;
-}
-
-/* This function traverses a string and passes the value of each character
- * to an optional function along with a void * argument.
- */
-
-static int traverse_string(const unsigned char *p, int len, int inform,
- int (*rfunc)(unsigned long value, void *in), void *arg)
-{
- unsigned long value;
- int ret;
- while(len) {
- if(inform == MBSTRING_ASC) {
- value = *p++;
- len--;
- } else if(inform == MBSTRING_BMP) {
- value = *p++ << 8;
- value |= *p++;
- len -= 2;
- } else if(inform == MBSTRING_UNIV) {
- value = ((unsigned long)*p++) << 24;
- value |= ((unsigned long)*p++) << 16;
- value |= *p++ << 8;
- value |= *p++;
- len -= 4;
- } else {
- ret = UTF8_getc(p, len, &value);
- if(ret < 0) return -1;
- len -= ret;
- p += ret;
- }
- if(rfunc) {
- ret = rfunc(value, arg);
- if(ret <= 0) return ret;
- }
- }
- return 1;
-}
-
-/* Various utility functions for traverse_string */
-
-/* Just count number of characters */
-
-static int in_utf8(unsigned long value, void *arg)
-{
- int *nchar;
- nchar = arg;
- (*nchar)++;
- return 1;
-}
-
-/* Determine size of output as a UTF8 String */
-
-static int out_utf8(unsigned long value, void *arg)
-{
- int *outlen;
- outlen = arg;
- *outlen += UTF8_putc(NULL, -1, value);
- return 1;
-}
-
-/* Determine the "type" of a string: check each character against a
- * supplied "mask".
- */
-
-static int type_str(unsigned long value, void *arg)
-{
- unsigned long types;
- types = *((unsigned long *)arg);
- if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
- types &= ~B_ASN1_PRINTABLESTRING;
- if((types & B_ASN1_IA5STRING) && (value > 127))
- types &= ~B_ASN1_IA5STRING;
- if((types & B_ASN1_T61STRING) && (value > 0xff))
- types &= ~B_ASN1_T61STRING;
- if((types & B_ASN1_BMPSTRING) && (value > 0xffff))
- types &= ~B_ASN1_BMPSTRING;
- if(!types) return -1;
- *((unsigned long *)arg) = types;
- return 1;
-}
-
-/* Copy one byte per character ASCII like strings */
-
-static int cpy_asc(unsigned long value, void *arg)
-{
- unsigned char **p, *q;
- p = arg;
- q = *p;
- *q = (unsigned char) value;
- (*p)++;
- return 1;
-}
-
-/* Copy two byte per character BMPStrings */
-
-static int cpy_bmp(unsigned long value, void *arg)
-{
- unsigned char **p, *q;
- p = arg;
- q = *p;
- *q++ = (unsigned char) ((value >> 8) & 0xff);
- *q = (unsigned char) (value & 0xff);
- *p += 2;
- return 1;
-}
-
-/* Copy four byte per character UniversalStrings */
-
-static int cpy_univ(unsigned long value, void *arg)
-{
- unsigned char **p, *q;
- p = arg;
- q = *p;
- *q++ = (unsigned char) ((value >> 24) & 0xff);
- *q++ = (unsigned char) ((value >> 16) & 0xff);
- *q++ = (unsigned char) ((value >> 8) & 0xff);
- *q = (unsigned char) (value & 0xff);
- *p += 4;
- return 1;
-}
-
-/* Copy to a UTF8String */
-
-static int cpy_utf8(unsigned long value, void *arg)
-{
- unsigned char **p;
- int ret;
- p = arg;
- /* We already know there is enough room so pass 0xff as the length */
- ret = UTF8_putc(*p, 0xff, value);
- *p += ret;
- return 1;
-}
-
-/* Return 1 if the character is permitted in a PrintableString */
-static int is_printable(unsigned long value)
-{
- int ch;
- if(value > 0x7f) return 0;
- ch = (int) value;
- /* Note: we can't use 'isalnum' because certain accented
- * characters may count as alphanumeric in some environments.
- */
-#ifndef CHARSET_EBCDIC
- if((ch >= 'a') && (ch <= 'z')) return 1;
- if((ch >= 'A') && (ch <= 'Z')) return 1;
- if((ch >= '0') && (ch <= '9')) return 1;
- if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
-#else /*CHARSET_EBCDIC*/
- if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;
- if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;
- if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;
- if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;
-#endif /*CHARSET_EBCDIC*/
- return 0;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_mbstr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_mbstr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_mbstr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_mbstr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,423 @@
+/* a_mbstr.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+ int (*rfunc) (unsigned long value, void *in),
+ void *arg);
+static int in_utf8(unsigned long value, void *arg);
+static int out_utf8(unsigned long value, void *arg);
+static int type_str(unsigned long value, void *arg);
+static int cpy_asc(unsigned long value, void *arg);
+static int cpy_bmp(unsigned long value, void *arg);
+static int cpy_univ(unsigned long value, void *arg);
+static int cpy_utf8(unsigned long value, void *arg);
+static int is_printable(unsigned long value);
+
+/*
+ * These functions take a string in UTF8, ASCII or multibyte form and a mask
+ * of permissible ASN1 string types. It then works out the minimal type
+ * (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) and
+ * creates a string of the correct type with the supplied data. Yes this is
+ * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
+ * size limits too.
+ */
+
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask)
+{
+ return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
+}
+
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask,
+ long minsize, long maxsize)
+{
+ int str_type;
+ int ret;
+ char free_out;
+ int outform, outlen = 0;
+ ASN1_STRING *dest;
+ unsigned char *p;
+ int nchar;
+ char strbuf[32];
+ int (*cpyfunc) (unsigned long, void *) = NULL;
+ if (len == -1)
+ len = strlen((const char *)in);
+ if (!mask)
+ mask = DIRSTRING_TYPE;
+
+ /* First do a string check and work out the number of characters */
+ switch (inform) {
+
+ case MBSTRING_BMP:
+ if (len & 1) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+ ASN1_R_INVALID_BMPSTRING_LENGTH);
+ return -1;
+ }
+ nchar = len >> 1;
+ break;
+
+ case MBSTRING_UNIV:
+ if (len & 3) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+ ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+ return -1;
+ }
+ nchar = len >> 2;
+ break;
+
+ case MBSTRING_UTF8:
+ nchar = 0;
+ /* This counts the characters and does utf8 syntax checking */
+ ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
+ if (ret < 0) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING);
+ return -1;
+ }
+ break;
+
+ case MBSTRING_ASC:
+ nchar = len;
+ break;
+
+ default:
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
+ return -1;
+ }
+
+ if ((minsize > 0) && (nchar < minsize)) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
+ BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
+ ERR_add_error_data(2, "minsize=", strbuf);
+ return -1;
+ }
+
+ if ((maxsize > 0) && (nchar > maxsize)) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
+ BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
+ ERR_add_error_data(2, "maxsize=", strbuf);
+ return -1;
+ }
+
+ /* Now work out minimal type (if any) */
+ if (traverse_string(in, len, inform, type_str, &mask) < 0) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
+ return -1;
+ }
+
+ /* Now work out output format and string type */
+ outform = MBSTRING_ASC;
+ if (mask & B_ASN1_PRINTABLESTRING)
+ str_type = V_ASN1_PRINTABLESTRING;
+ else if (mask & B_ASN1_IA5STRING)
+ str_type = V_ASN1_IA5STRING;
+ else if (mask & B_ASN1_T61STRING)
+ str_type = V_ASN1_T61STRING;
+ else if (mask & B_ASN1_BMPSTRING) {
+ str_type = V_ASN1_BMPSTRING;
+ outform = MBSTRING_BMP;
+ } else if (mask & B_ASN1_UNIVERSALSTRING) {
+ str_type = V_ASN1_UNIVERSALSTRING;
+ outform = MBSTRING_UNIV;
+ } else {
+ str_type = V_ASN1_UTF8STRING;
+ outform = MBSTRING_UTF8;
+ }
+ if (!out)
+ return str_type;
+ if (*out) {
+ free_out = 0;
+ dest = *out;
+ if (dest->data) {
+ dest->length = 0;
+ OPENSSL_free(dest->data);
+ dest->data = NULL;
+ }
+ dest->type = str_type;
+ } else {
+ free_out = 1;
+ dest = ASN1_STRING_type_new(str_type);
+ if (!dest) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ *out = dest;
+ }
+ /* If both the same type just copy across */
+ if (inform == outform) {
+ if (!ASN1_STRING_set(dest, in, len)) {
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ return str_type;
+ }
+
+ /* Work out how much space the destination will need */
+ switch (outform) {
+ case MBSTRING_ASC:
+ outlen = nchar;
+ cpyfunc = cpy_asc;
+ break;
+
+ case MBSTRING_BMP:
+ outlen = nchar << 1;
+ cpyfunc = cpy_bmp;
+ break;
+
+ case MBSTRING_UNIV:
+ outlen = nchar << 2;
+ cpyfunc = cpy_univ;
+ break;
+
+ case MBSTRING_UTF8:
+ outlen = 0;
+ traverse_string(in, len, inform, out_utf8, &outlen);
+ cpyfunc = cpy_utf8;
+ break;
+ }
+ if (!(p = OPENSSL_malloc(outlen + 1))) {
+ if (free_out)
+ ASN1_STRING_free(dest);
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ dest->length = outlen;
+ dest->data = p;
+ p[outlen] = 0;
+ traverse_string(in, len, inform, cpyfunc, &p);
+ return str_type;
+}
+
+/*
+ * This function traverses a string and passes the value of each character to
+ * an optional function along with a void * argument.
+ */
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+ int (*rfunc) (unsigned long value, void *in),
+ void *arg)
+{
+ unsigned long value;
+ int ret;
+ while (len) {
+ if (inform == MBSTRING_ASC) {
+ value = *p++;
+ len--;
+ } else if (inform == MBSTRING_BMP) {
+ value = *p++ << 8;
+ value |= *p++;
+ len -= 2;
+ } else if (inform == MBSTRING_UNIV) {
+ value = ((unsigned long)*p++) << 24;
+ value |= ((unsigned long)*p++) << 16;
+ value |= *p++ << 8;
+ value |= *p++;
+ len -= 4;
+ } else {
+ ret = UTF8_getc(p, len, &value);
+ if (ret < 0)
+ return -1;
+ len -= ret;
+ p += ret;
+ }
+ if (rfunc) {
+ ret = rfunc(value, arg);
+ if (ret <= 0)
+ return ret;
+ }
+ }
+ return 1;
+}
+
+/* Various utility functions for traverse_string */
+
+/* Just count number of characters */
+
+static int in_utf8(unsigned long value, void *arg)
+{
+ int *nchar;
+ nchar = arg;
+ (*nchar)++;
+ return 1;
+}
+
+/* Determine size of output as a UTF8 String */
+
+static int out_utf8(unsigned long value, void *arg)
+{
+ int *outlen;
+ outlen = arg;
+ *outlen += UTF8_putc(NULL, -1, value);
+ return 1;
+}
+
+/*
+ * Determine the "type" of a string: check each character against a supplied
+ * "mask".
+ */
+
+static int type_str(unsigned long value, void *arg)
+{
+ unsigned long types;
+ types = *((unsigned long *)arg);
+ if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
+ types &= ~B_ASN1_PRINTABLESTRING;
+ if ((types & B_ASN1_IA5STRING) && (value > 127))
+ types &= ~B_ASN1_IA5STRING;
+ if ((types & B_ASN1_T61STRING) && (value > 0xff))
+ types &= ~B_ASN1_T61STRING;
+ if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
+ types &= ~B_ASN1_BMPSTRING;
+ if (!types)
+ return -1;
+ *((unsigned long *)arg) = types;
+ return 1;
+}
+
+/* Copy one byte per character ASCII like strings */
+
+static int cpy_asc(unsigned long value, void *arg)
+{
+ unsigned char **p, *q;
+ p = arg;
+ q = *p;
+ *q = (unsigned char)value;
+ (*p)++;
+ return 1;
+}
+
+/* Copy two byte per character BMPStrings */
+
+static int cpy_bmp(unsigned long value, void *arg)
+{
+ unsigned char **p, *q;
+ p = arg;
+ q = *p;
+ *q++ = (unsigned char)((value >> 8) & 0xff);
+ *q = (unsigned char)(value & 0xff);
+ *p += 2;
+ return 1;
+}
+
+/* Copy four byte per character UniversalStrings */
+
+static int cpy_univ(unsigned long value, void *arg)
+{
+ unsigned char **p, *q;
+ p = arg;
+ q = *p;
+ *q++ = (unsigned char)((value >> 24) & 0xff);
+ *q++ = (unsigned char)((value >> 16) & 0xff);
+ *q++ = (unsigned char)((value >> 8) & 0xff);
+ *q = (unsigned char)(value & 0xff);
+ *p += 4;
+ return 1;
+}
+
+/* Copy to a UTF8String */
+
+static int cpy_utf8(unsigned long value, void *arg)
+{
+ unsigned char **p;
+ int ret;
+ p = arg;
+ /* We already know there is enough room so pass 0xff as the length */
+ ret = UTF8_putc(*p, 0xff, value);
+ *p += ret;
+ return 1;
+}
+
+/* Return 1 if the character is permitted in a PrintableString */
+static int is_printable(unsigned long value)
+{
+ int ch;
+ if (value > 0x7f)
+ return 0;
+ ch = (int)value;
+ /*
+ * Note: we can't use 'isalnum' because certain accented characters may
+ * count as alphanumeric in some environments.
+ */
+#ifndef CHARSET_EBCDIC
+ if ((ch >= 'a') && (ch <= 'z'))
+ return 1;
+ if ((ch >= 'A') && (ch <= 'Z'))
+ return 1;
+ if ((ch >= '0') && (ch <= '9'))
+ return 1;
+ if ((ch == ' ') || strchr("'()+,-./:=?", ch))
+ return 1;
+#else /* CHARSET_EBCDIC */
+ if ((ch >= os_toascii['a']) && (ch <= os_toascii['z']))
+ return 1;
+ if ((ch >= os_toascii['A']) && (ch <= os_toascii['Z']))
+ return 1;
+ if ((ch >= os_toascii['0']) && (ch <= os_toascii['9']))
+ return 1;
+ if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch]))
+ return 1;
+#endif /* CHARSET_EBCDIC */
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_meth.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_meth.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,84 +0,0 @@
-/* crypto/asn1/a_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-static ASN1_METHOD ia5string_meth={
- (I2D_OF(void)) i2d_ASN1_IA5STRING,
- (D2I_OF(void)) d2i_ASN1_IA5STRING,
- (void *(*)(void))ASN1_STRING_new,
- (void (*)(void *))ASN1_STRING_free};
-
-static ASN1_METHOD bit_string_meth={
- (I2D_OF(void)) i2d_ASN1_BIT_STRING,
- (D2I_OF(void)) d2i_ASN1_BIT_STRING,
- (void *(*)(void))ASN1_STRING_new,
- (void (*)(void *))ASN1_STRING_free};
-
-ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
- {
- return(&ia5string_meth);
- }
-
-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)
- {
- return(&bit_string_meth);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_meth.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_meth.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_meth.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,86 @@
+/* crypto/asn1/a_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+static ASN1_METHOD ia5string_meth = {
+ (I2D_OF(void)) i2d_ASN1_IA5STRING,
+ (D2I_OF(void)) d2i_ASN1_IA5STRING,
+ (void *(*)(void))ASN1_STRING_new,
+ (void (*)(void *))ASN1_STRING_free
+};
+
+static ASN1_METHOD bit_string_meth = {
+ (I2D_OF(void)) i2d_ASN1_BIT_STRING,
+ (D2I_OF(void)) d2i_ASN1_BIT_STRING,
+ (void *(*)(void))ASN1_STRING_new,
+ (void (*)(void *))ASN1_STRING_free
+};
+
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
+{
+ return (&ia5string_meth);
+}
+
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)
+{
+ return (&bit_string_meth);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_object.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_object.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_object.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,409 +0,0 @@
-/* crypto/asn1/a_object.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/bn.h>
-
-int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
- {
- unsigned char *p;
- int objsize;
-
- if ((a == NULL) || (a->data == NULL)) return(0);
-
- objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);
- if (pp == NULL) return objsize;
-
- p= *pp;
- ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
- memcpy(p,a->data,a->length);
- p+=a->length;
-
- *pp=p;
- return(objsize);
- }
-
-int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
- {
- int i,first,len=0,c, use_bn;
- char ftmp[24], *tmp = ftmp;
- int tmpsize = sizeof ftmp;
- const char *p;
- unsigned long l;
- BIGNUM *bl = NULL;
-
- if (num == 0)
- return(0);
- else if (num == -1)
- num=strlen(buf);
-
- p=buf;
- c= *(p++);
- num--;
- if ((c >= '0') && (c <= '2'))
- {
- first= c-'0';
- }
- else
- {
- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);
- goto err;
- }
-
- if (num <= 0)
- {
- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER);
- goto err;
- }
- c= *(p++);
- num--;
- for (;;)
- {
- if (num <= 0) break;
- if ((c != '.') && (c != ' '))
- {
- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR);
- goto err;
- }
- l=0;
- use_bn = 0;
- for (;;)
- {
- if (num <= 0) break;
- num--;
- c= *(p++);
- if ((c == ' ') || (c == '.'))
- break;
- if ((c < '0') || (c > '9'))
- {
- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
- goto err;
- }
- if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
- {
- use_bn = 1;
- if (!bl)
- bl = BN_new();
- if (!bl || !BN_set_word(bl, l))
- goto err;
- }
- if (use_bn)
- {
- if (!BN_mul_word(bl, 10L)
- || !BN_add_word(bl, c-'0'))
- goto err;
- }
- else
- l=l*10L+(long)(c-'0');
- }
- if (len == 0)
- {
- if ((first < 2) && (l >= 40))
- {
- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
- goto err;
- }
- if (use_bn)
- {
- if (!BN_add_word(bl, first * 40))
- goto err;
- }
- else
- l+=(long)first*40;
- }
- i=0;
- if (use_bn)
- {
- int blsize;
- blsize = BN_num_bits(bl);
- blsize = (blsize + 6)/7;
- if (blsize > tmpsize)
- {
- if (tmp != ftmp)
- OPENSSL_free(tmp);
- tmpsize = blsize + 32;
- tmp = OPENSSL_malloc(tmpsize);
- if (!tmp)
- goto err;
- }
- while(blsize--)
- tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
- }
- else
- {
-
- for (;;)
- {
- tmp[i++]=(unsigned char)l&0x7f;
- l>>=7L;
- if (l == 0L) break;
- }
-
- }
- if (out != NULL)
- {
- if (len+i > olen)
- {
- ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL);
- goto err;
- }
- while (--i > 0)
- out[len++]=tmp[i]|0x80;
- out[len++]=tmp[0];
- }
- else
- len+=i;
- }
- if (tmp != ftmp)
- OPENSSL_free(tmp);
- if (bl)
- BN_free(bl);
- return(len);
-err:
- if (tmp != ftmp)
- OPENSSL_free(tmp);
- if (bl)
- BN_free(bl);
- return(0);
- }
-
-int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
-{
- return OBJ_obj2txt(buf, buf_len, a, 0);
-}
-
-int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
- {
- char buf[80], *p = buf;
- int i;
-
- if ((a == NULL) || (a->data == NULL))
- return(BIO_write(bp,"NULL",4));
- i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
- if (i > (int)(sizeof(buf) - 1))
- {
- p = OPENSSL_malloc(i + 1);
- if (!p)
- return -1;
- i2t_ASN1_OBJECT(p,i + 1,a);
- }
- if (i <= 0)
- return BIO_write(bp, "<INVALID>", 9);
- BIO_write(bp,p,i);
- if (p != buf)
- OPENSSL_free(p);
- return(i);
- }
-
-ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
- long length)
-{
- const unsigned char *p;
- long len;
- int tag,xclass;
- int inf,i;
- ASN1_OBJECT *ret = NULL;
- p= *pp;
- inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
- if (inf & 0x80)
- {
- i=ASN1_R_BAD_OBJECT_HEADER;
- goto err;
- }
-
- if (tag != V_ASN1_OBJECT)
- {
- i=ASN1_R_EXPECTING_AN_OBJECT;
- goto err;
- }
- ret = c2i_ASN1_OBJECT(a, &p, len);
- if(ret) *pp = p;
- return ret;
-err:
- ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- ASN1_OBJECT_free(ret);
- return(NULL);
-}
-
-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
- long len)
- {
- ASN1_OBJECT *ret=NULL;
- const unsigned char *p;
- int i, length;
-
- /* Sanity check OID encoding.
- * Need at least one content octet.
- * MSB must be clear in the last octet.
- * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
- */
- if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
- p[len - 1] & 0x80)
- {
- ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
- return NULL;
- }
- /* Now 0 < len <= INT_MAX, so the cast is safe. */
- length = (int)len;
- for (i = 0; i < length; i++, p++)
- {
- if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
- {
- ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
- return NULL;
- }
- }
-
- /* only the ASN1_OBJECTs from the 'table' will have values
- * for ->sn or ->ln */
- if ((a == NULL) || ((*a) == NULL) ||
- !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
- {
- if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
- }
- else ret=(*a);
-
- p= *pp;
- if ((ret->data == NULL) || (ret->length < length))
- {
- if (ret->data != NULL) OPENSSL_free(ret->data);
- ret->data=(unsigned char *)OPENSSL_malloc(length);
- ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
- if (ret->data == NULL)
- { i=ERR_R_MALLOC_FAILURE; goto err; }
- }
- memcpy(ret->data,p,length);
- ret->length=length;
- ret->sn=NULL;
- ret->ln=NULL;
- /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
- p+=length;
-
- if (a != NULL) (*a)=ret;
- *pp=p;
- return(ret);
-err:
- ASN1err(ASN1_F_C2I_ASN1_OBJECT,i);
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- ASN1_OBJECT_free(ret);
- return(NULL);
- }
-
-ASN1_OBJECT *ASN1_OBJECT_new(void)
- {
- ASN1_OBJECT *ret;
-
- ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
- if (ret == NULL)
- {
- ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- ret->length=0;
- ret->data=NULL;
- ret->nid=0;
- ret->sn=NULL;
- ret->ln=NULL;
- ret->flags=ASN1_OBJECT_FLAG_DYNAMIC;
- return(ret);
- }
-
-void ASN1_OBJECT_free(ASN1_OBJECT *a)
- {
- if (a == NULL) return;
- if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
- {
-#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
- if (a->sn != NULL) OPENSSL_free((void *)a->sn);
- if (a->ln != NULL) OPENSSL_free((void *)a->ln);
-#endif
- a->sn=a->ln=NULL;
- }
- if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
- {
- if (a->data != NULL) OPENSSL_free(a->data);
- a->data=NULL;
- a->length=0;
- }
- if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
- OPENSSL_free(a);
- }
-
-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
- const char *sn, const char *ln)
- {
- ASN1_OBJECT o;
-
- o.sn=sn;
- o.ln=ln;
- o.data=data;
- o.nid=nid;
- o.length=len;
- o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
- ASN1_OBJECT_FLAG_DYNAMIC_DATA;
- return(OBJ_dup(&o));
- }
-
-IMPLEMENT_STACK_OF(ASN1_OBJECT)
-IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_object.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_object.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_object.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_object.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,396 @@
+/* crypto/asn1/a_object.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+
+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
+{
+ unsigned char *p;
+ int objsize;
+
+ if ((a == NULL) || (a->data == NULL))
+ return (0);
+
+ objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
+ if (pp == NULL)
+ return objsize;
+
+ p = *pp;
+ ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
+ memcpy(p, a->data, a->length);
+ p += a->length;
+
+ *pp = p;
+ return (objsize);
+}
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
+{
+ int i, first, len = 0, c, use_bn;
+ char ftmp[24], *tmp = ftmp;
+ int tmpsize = sizeof ftmp;
+ const char *p;
+ unsigned long l;
+ BIGNUM *bl = NULL;
+
+ if (num == 0)
+ return (0);
+ else if (num == -1)
+ num = strlen(buf);
+
+ p = buf;
+ c = *(p++);
+ num--;
+ if ((c >= '0') && (c <= '2')) {
+ first = c - '0';
+ } else {
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE);
+ goto err;
+ }
+
+ if (num <= 0) {
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER);
+ goto err;
+ }
+ c = *(p++);
+ num--;
+ for (;;) {
+ if (num <= 0)
+ break;
+ if ((c != '.') && (c != ' ')) {
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR);
+ goto err;
+ }
+ l = 0;
+ use_bn = 0;
+ for (;;) {
+ if (num <= 0)
+ break;
+ num--;
+ c = *(p++);
+ if ((c == ' ') || (c == '.'))
+ break;
+ if ((c < '0') || (c > '9')) {
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT);
+ goto err;
+ }
+ if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
+ use_bn = 1;
+ if (!bl)
+ bl = BN_new();
+ if (!bl || !BN_set_word(bl, l))
+ goto err;
+ }
+ if (use_bn) {
+ if (!BN_mul_word(bl, 10L)
+ || !BN_add_word(bl, c - '0'))
+ goto err;
+ } else
+ l = l * 10L + (long)(c - '0');
+ }
+ if (len == 0) {
+ if ((first < 2) && (l >= 40)) {
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT,
+ ASN1_R_SECOND_NUMBER_TOO_LARGE);
+ goto err;
+ }
+ if (use_bn) {
+ if (!BN_add_word(bl, first * 40))
+ goto err;
+ } else
+ l += (long)first *40;
+ }
+ i = 0;
+ if (use_bn) {
+ int blsize;
+ blsize = BN_num_bits(bl);
+ blsize = (blsize + 6) / 7;
+ if (blsize > tmpsize) {
+ if (tmp != ftmp)
+ OPENSSL_free(tmp);
+ tmpsize = blsize + 32;
+ tmp = OPENSSL_malloc(tmpsize);
+ if (!tmp)
+ goto err;
+ }
+ while (blsize--)
+ tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
+ } else {
+
+ for (;;) {
+ tmp[i++] = (unsigned char)l & 0x7f;
+ l >>= 7L;
+ if (l == 0L)
+ break;
+ }
+
+ }
+ if (out != NULL) {
+ if (len + i > olen) {
+ ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL);
+ goto err;
+ }
+ while (--i > 0)
+ out[len++] = tmp[i] | 0x80;
+ out[len++] = tmp[0];
+ } else
+ len += i;
+ }
+ if (tmp != ftmp)
+ OPENSSL_free(tmp);
+ if (bl)
+ BN_free(bl);
+ return (len);
+ err:
+ if (tmp != ftmp)
+ OPENSSL_free(tmp);
+ if (bl)
+ BN_free(bl);
+ return (0);
+}
+
+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+{
+ return OBJ_obj2txt(buf, buf_len, a, 0);
+}
+
+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
+{
+ char buf[80], *p = buf;
+ int i;
+
+ if ((a == NULL) || (a->data == NULL))
+ return (BIO_write(bp, "NULL", 4));
+ i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
+ if (i > (int)(sizeof(buf) - 1)) {
+ p = OPENSSL_malloc(i + 1);
+ if (!p)
+ return -1;
+ i2t_ASN1_OBJECT(p, i + 1, a);
+ }
+ if (i <= 0)
+ return BIO_write(bp, "<INVALID>", 9);
+ BIO_write(bp, p, i);
+ if (p != buf)
+ OPENSSL_free(p);
+ return (i);
+}
+
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ long length)
+{
+ const unsigned char *p;
+ long len;
+ int tag, xclass;
+ int inf, i;
+ ASN1_OBJECT *ret = NULL;
+ p = *pp;
+ inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+ if (inf & 0x80) {
+ i = ASN1_R_BAD_OBJECT_HEADER;
+ goto err;
+ }
+
+ if (tag != V_ASN1_OBJECT) {
+ i = ASN1_R_EXPECTING_AN_OBJECT;
+ goto err;
+ }
+ ret = c2i_ASN1_OBJECT(a, &p, len);
+ if (ret)
+ *pp = p;
+ return ret;
+ err:
+ ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ ASN1_OBJECT_free(ret);
+ return (NULL);
+}
+
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ long len)
+{
+ ASN1_OBJECT *ret = NULL;
+ const unsigned char *p;
+ int i, length;
+
+ /*
+ * Sanity check OID encoding. Need at least one content octet. MSB must
+ * be clear in the last octet. can't have leading 0x80 in subidentifiers,
+ * see: X.690 8.19.2
+ */
+ if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
+ p[len - 1] & 0x80) {
+ ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+ return NULL;
+ }
+ /* Now 0 < len <= INT_MAX, so the cast is safe. */
+ length = (int)len;
+ for (i = 0; i < length; i++, p++) {
+ if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
+ ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+ return NULL;
+ }
+ }
+
+ /*
+ * only the ASN1_OBJECTs from the 'table' will have values for ->sn or
+ * ->ln
+ */
+ if ((a == NULL) || ((*a) == NULL) ||
+ !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
+ if ((ret = ASN1_OBJECT_new()) == NULL)
+ return (NULL);
+ } else
+ ret = (*a);
+
+ p = *pp;
+ if ((ret->data == NULL) || (ret->length < length)) {
+ if (ret->data != NULL)
+ OPENSSL_free(ret->data);
+ ret->data = (unsigned char *)OPENSSL_malloc(length);
+ ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+ if (ret->data == NULL) {
+ i = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+ }
+ memcpy(ret->data, p, length);
+ ret->length = length;
+ ret->sn = NULL;
+ ret->ln = NULL;
+ /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+ p += length;
+
+ if (a != NULL)
+ (*a) = ret;
+ *pp = p;
+ return (ret);
+ err:
+ ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ ASN1_OBJECT_free(ret);
+ return (NULL);
+}
+
+ASN1_OBJECT *ASN1_OBJECT_new(void)
+{
+ ASN1_OBJECT *ret;
+
+ ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
+ if (ret == NULL) {
+ ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ ret->length = 0;
+ ret->data = NULL;
+ ret->nid = 0;
+ ret->sn = NULL;
+ ret->ln = NULL;
+ ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
+ return (ret);
+}
+
+void ASN1_OBJECT_free(ASN1_OBJECT *a)
+{
+ if (a == NULL)
+ return;
+ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
+#ifndef CONST_STRICT /* disable purely for compile-time strict
+ * const checking. Doing this on a "real"
+ * compile will cause memory leaks */
+ if (a->sn != NULL)
+ OPENSSL_free((void *)a->sn);
+ if (a->ln != NULL)
+ OPENSSL_free((void *)a->ln);
+#endif
+ a->sn = a->ln = NULL;
+ }
+ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
+ if (a->data != NULL)
+ OPENSSL_free(a->data);
+ a->data = NULL;
+ a->length = 0;
+ }
+ if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+ OPENSSL_free(a);
+}
+
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+ const char *sn, const char *ln)
+{
+ ASN1_OBJECT o;
+
+ o.sn = sn;
+ o.ln = ln;
+ o.data = data;
+ o.nid = nid;
+ o.length = len;
+ o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+ ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+ return (OBJ_dup(&o));
+}
+
+IMPLEMENT_STACK_OF(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_octet.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_octet.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_octet.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,71 +0,0 @@
-/* crypto/asn1/a_octet.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
-{ return M_ASN1_OCTET_STRING_dup(x); }
-
-int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
-{ return M_ASN1_OCTET_STRING_cmp(a, b); }
-
-int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)
-{ return M_ASN1_OCTET_STRING_set(x, d, len); }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_octet.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_octet.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_octet.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_octet.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,77 @@
+/* crypto/asn1/a_octet.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
+{
+ return M_ASN1_OCTET_STRING_dup(x);
+}
+
+int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
+{
+ return M_ASN1_OCTET_STRING_cmp(a, b);
+}
+
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d,
+ int len)
+{
+ return M_ASN1_OCTET_STRING_set(x, d, len);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_print.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_print.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_print.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,127 +0,0 @@
-/* crypto/asn1/a_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-int ASN1_PRINTABLE_type(const unsigned char *s, int len)
- {
- int c;
- int ia5=0;
- int t61=0;
-
- if (len <= 0) len= -1;
- if (s == NULL) return(V_ASN1_PRINTABLESTRING);
-
- while ((*s) && (len-- != 0))
- {
- c= *(s++);
-#ifndef CHARSET_EBCDIC
- if (!( ((c >= 'a') && (c <= 'z')) ||
- ((c >= 'A') && (c <= 'Z')) ||
- (c == ' ') ||
- ((c >= '0') && (c <= '9')) ||
- (c == ' ') || (c == '\'') ||
- (c == '(') || (c == ')') ||
- (c == '+') || (c == ',') ||
- (c == '-') || (c == '.') ||
- (c == '/') || (c == ':') ||
- (c == '=') || (c == '?')))
- ia5=1;
- if (c&0x80)
- t61=1;
-#else
- if (!isalnum(c) && (c != ' ') &&
- strchr("'()+,-./:=?", c) == NULL)
- ia5=1;
- if (os_toascii[c] & 0x80)
- t61=1;
-#endif
- }
- if (t61) return(V_ASN1_T61STRING);
- if (ia5) return(V_ASN1_IA5STRING);
- return(V_ASN1_PRINTABLESTRING);
- }
-
-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
- {
- int i;
- unsigned char *p;
-
- if (s->type != V_ASN1_UNIVERSALSTRING) return(0);
- if ((s->length%4) != 0) return(0);
- p=s->data;
- for (i=0; i<s->length; i+=4)
- {
- if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
- break;
- else
- p+=4;
- }
- if (i < s->length) return(0);
- p=s->data;
- for (i=3; i<s->length; i+=4)
- {
- *(p++)=s->data[i];
- }
- *(p)='\0';
- s->length/=4;
- s->type=ASN1_PRINTABLE_type(s->data,s->length);
- return(1);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_print.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_print.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_print.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_print.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,129 @@
+/* crypto/asn1/a_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+int ASN1_PRINTABLE_type(const unsigned char *s, int len)
+{
+ int c;
+ int ia5 = 0;
+ int t61 = 0;
+
+ if (len <= 0)
+ len = -1;
+ if (s == NULL)
+ return (V_ASN1_PRINTABLESTRING);
+
+ while ((*s) && (len-- != 0)) {
+ c = *(s++);
+#ifndef CHARSET_EBCDIC
+ if (!(((c >= 'a') && (c <= 'z')) ||
+ ((c >= 'A') && (c <= 'Z')) ||
+ (c == ' ') ||
+ ((c >= '0') && (c <= '9')) ||
+ (c == ' ') || (c == '\'') ||
+ (c == '(') || (c == ')') ||
+ (c == '+') || (c == ',') ||
+ (c == '-') || (c == '.') ||
+ (c == '/') || (c == ':') || (c == '=') || (c == '?')))
+ ia5 = 1;
+ if (c & 0x80)
+ t61 = 1;
+#else
+ if (!isalnum(c) && (c != ' ') && strchr("'()+,-./:=?", c) == NULL)
+ ia5 = 1;
+ if (os_toascii[c] & 0x80)
+ t61 = 1;
+#endif
+ }
+ if (t61)
+ return (V_ASN1_T61STRING);
+ if (ia5)
+ return (V_ASN1_IA5STRING);
+ return (V_ASN1_PRINTABLESTRING);
+}
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
+{
+ int i;
+ unsigned char *p;
+
+ if (s->type != V_ASN1_UNIVERSALSTRING)
+ return (0);
+ if ((s->length % 4) != 0)
+ return (0);
+ p = s->data;
+ for (i = 0; i < s->length; i += 4) {
+ if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
+ break;
+ else
+ p += 4;
+ }
+ if (i < s->length)
+ return (0);
+ p = s->data;
+ for (i = 3; i < s->length; i += 4) {
+ *(p++) = s->data[i];
+ }
+ *(p) = '\0';
+ s->length /= 4;
+ s->type = ASN1_PRINTABLE_type(s->data, s->length);
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_set.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_set.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_set.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,238 +0,0 @@
-/* crypto/asn1/a_set.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-
-#ifndef NO_ASN1_OLD
-
-typedef struct
- {
- unsigned char *pbData;
- int cbData;
- } MYBLOB;
-
-/* SetBlobCmp
- * This function compares two elements of SET_OF block
- */
-static int SetBlobCmp(const void *elem1, const void *elem2 )
- {
- const MYBLOB *b1 = (const MYBLOB *)elem1;
- const MYBLOB *b2 = (const MYBLOB *)elem2;
- int r;
-
- r = memcmp(b1->pbData, b2->pbData,
- b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
- if(r != 0)
- return r;
- return b1->cbData-b2->cbData;
- }
-
-/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */
-int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
- int ex_class, int is_set)
- {
- int ret=0,r;
- int i;
- unsigned char *p;
- unsigned char *pStart, *pTempMem;
- MYBLOB *rgSetBlob;
- int totSize;
-
- if (a == NULL) return(0);
- for (i=sk_num(a)-1; i>=0; i--)
- ret+=i2d(sk_value(a,i),NULL);
- r=ASN1_object_size(1,ret,ex_tag);
- if (pp == NULL) return(r);
-
- p= *pp;
- ASN1_put_object(&p,1,ret,ex_tag,ex_class);
-
-/* Modified by gp at nsj.co.jp */
- /* And then again by Ben */
- /* And again by Steve */
-
- if(!is_set || (sk_num(a) < 2))
- {
- for (i=0; i<sk_num(a); i++)
- i2d(sk_value(a,i),&p);
-
- *pp=p;
- return(r);
- }
-
- pStart = p; /* Catch the beg of Setblobs*/
- /* In this array we will store the SET blobs */
- rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
- if (rgSetBlob == NULL)
- {
- ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
- for (i=0; i<sk_num(a); i++)
- {
- rgSetBlob[i].pbData = p; /* catch each set encode blob */
- i2d(sk_value(a,i),&p);
- rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
-SetBlob
-*/
- }
- *pp=p;
- totSize = p - pStart; /* This is the total size of all set blobs */
-
- /* Now we have to sort the blobs. I am using a simple algo.
- *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
- qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
- if (!(pTempMem = OPENSSL_malloc(totSize)))
- {
- ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-/* Copy to temp mem */
- p = pTempMem;
- for(i=0; i<sk_num(a); ++i)
- {
- memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
- p += rgSetBlob[i].cbData;
- }
-
-/* Copy back to user mem*/
- memcpy(pStart, pTempMem, totSize);
- OPENSSL_free(pTempMem);
- OPENSSL_free(rgSetBlob);
-
- return(r);
- }
-
-STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
- d2i_of_void *d2i, void (*free_func)(void *), int ex_tag,
- int ex_class)
- {
- ASN1_const_CTX c;
- STACK *ret=NULL;
-
- if ((a == NULL) || ((*a) == NULL))
- {
- if ((ret=sk_new_null()) == NULL)
- {
- ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- else
- ret=(*a);
-
- c.p= *pp;
- c.max=(length == 0)?0:(c.p+length);
-
- c.inf=ASN1_get_object(&c.p,&c.slen,&c.tag,&c.xclass,c.max-c.p);
- if (c.inf & 0x80) goto err;
- if (ex_class != c.xclass)
- {
- ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_CLASS);
- goto err;
- }
- if (ex_tag != c.tag)
- {
- ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_TAG);
- goto err;
- }
- if ((c.slen+c.p) > c.max)
- {
- ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR);
- goto err;
- }
- /* check for infinite constructed - it can be as long
- * as the amount of data passed to us */
- if (c.inf == (V_ASN1_CONSTRUCTED+1))
- c.slen=length+ *pp-c.p;
- c.max=c.p+c.slen;
-
- while (c.p < c.max)
- {
- char *s;
-
- if (M_ASN1_D2I_end_sequence()) break;
- /* XXX: This was called with 4 arguments, incorrectly, it seems
- if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */
- if ((s=d2i(NULL,&c.p,c.slen)) == NULL)
- {
- ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
- asn1_add_error(*pp,(int)(c.q- *pp));
- goto err;
- }
- if (!sk_push(ret,s)) goto err;
- }
- if (a != NULL) (*a)=ret;
- *pp=c.p;
- return(ret);
-err:
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- {
- if (free_func != NULL)
- sk_pop_free(ret,free_func);
- else
- sk_free(ret);
- }
- return(NULL);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_set.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_set.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_set.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_set.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,236 @@
+/* crypto/asn1/a_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+
+#ifndef NO_ASN1_OLD
+
+typedef struct {
+ unsigned char *pbData;
+ int cbData;
+} MYBLOB;
+
+/*
+ * SetBlobCmp This function compares two elements of SET_OF block
+ */
+static int SetBlobCmp(const void *elem1, const void *elem2)
+{
+ const MYBLOB *b1 = (const MYBLOB *)elem1;
+ const MYBLOB *b2 = (const MYBLOB *)elem2;
+ int r;
+
+ r = memcmp(b1->pbData, b2->pbData,
+ b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
+ if (r != 0)
+ return r;
+ return b1->cbData - b2->cbData;
+}
+
+/*
+ * int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)
+ */
+int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
+ int ex_class, int is_set)
+{
+ int ret = 0, r;
+ int i;
+ unsigned char *p;
+ unsigned char *pStart, *pTempMem;
+ MYBLOB *rgSetBlob;
+ int totSize;
+
+ if (a == NULL)
+ return (0);
+ for (i = sk_num(a) - 1; i >= 0; i--)
+ ret += i2d(sk_value(a, i), NULL);
+ r = ASN1_object_size(1, ret, ex_tag);
+ if (pp == NULL)
+ return (r);
+
+ p = *pp;
+ ASN1_put_object(&p, 1, ret, ex_tag, ex_class);
+
+/* Modified by gp at nsj.co.jp */
+ /* And then again by Ben */
+ /* And again by Steve */
+
+ if (!is_set || (sk_num(a) < 2)) {
+ for (i = 0; i < sk_num(a); i++)
+ i2d(sk_value(a, i), &p);
+
+ *pp = p;
+ return (r);
+ }
+
+ pStart = p; /* Catch the beg of Setblobs */
+ /* In this array we will store the SET blobs */
+ rgSetBlob = (MYBLOB *) OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
+ if (rgSetBlob == NULL) {
+ ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+
+ for (i = 0; i < sk_num(a); i++) {
+ rgSetBlob[i].pbData = p; /* catch each set encode blob */
+ i2d(sk_value(a, i), &p);
+ rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
+ * SetBlob */
+ }
+ *pp = p;
+ totSize = p - pStart; /* This is the total size of all set blobs */
+
+ /*
+ * Now we have to sort the blobs. I am using a simple algo. *Sort ptrs
+ * *Copy to temp-mem *Copy from temp-mem to user-mem
+ */
+ qsort(rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+ if (!(pTempMem = OPENSSL_malloc(totSize))) {
+ ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+
+/* Copy to temp mem */
+ p = pTempMem;
+ for (i = 0; i < sk_num(a); ++i) {
+ memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
+ p += rgSetBlob[i].cbData;
+ }
+
+/* Copy back to user mem*/
+ memcpy(pStart, pTempMem, totSize);
+ OPENSSL_free(pTempMem);
+ OPENSSL_free(rgSetBlob);
+
+ return (r);
+}
+
+STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length,
+ d2i_of_void *d2i, void (*free_func) (void *), int ex_tag,
+ int ex_class)
+{
+ ASN1_const_CTX c;
+ STACK *ret = NULL;
+
+ if ((a == NULL) || ((*a) == NULL)) {
+ if ((ret = sk_new_null()) == NULL) {
+ ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ } else
+ ret = (*a);
+
+ c.p = *pp;
+ c.max = (length == 0) ? 0 : (c.p + length);
+
+ c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p);
+ if (c.inf & 0x80)
+ goto err;
+ if (ex_class != c.xclass) {
+ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS);
+ goto err;
+ }
+ if (ex_tag != c.tag) {
+ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG);
+ goto err;
+ }
+ if ((c.slen + c.p) > c.max) {
+ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR);
+ goto err;
+ }
+ /*
+ * check for infinite constructed - it can be as long as the amount of
+ * data passed to us
+ */
+ if (c.inf == (V_ASN1_CONSTRUCTED + 1))
+ c.slen = length + *pp - c.p;
+ c.max = c.p + c.slen;
+
+ while (c.p < c.max) {
+ char *s;
+
+ if (M_ASN1_D2I_end_sequence())
+ break;
+ /*
+ * XXX: This was called with 4 arguments, incorrectly, it seems if
+ * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
+ */
+ if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
+ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT);
+ asn1_add_error(*pp, (int)(c.q - *pp));
+ goto err;
+ }
+ if (!sk_push(ret, s))
+ goto err;
+ }
+ if (a != NULL)
+ (*a) = ret;
+ *pp = c.p;
+ return (ret);
+ err:
+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) {
+ if (free_func != NULL)
+ sk_pop_free(ret, free_func);
+ else
+ sk_free(ret);
+ }
+ return (NULL);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_sign.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_sign.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,300 +0,0 @@
-/* crypto/asn1/a_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-
-#ifndef NO_ASN1_OLD
-
-int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
- ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
- const EVP_MD *type)
- {
- EVP_MD_CTX ctx;
- unsigned char *p,*buf_in=NULL,*buf_out=NULL;
- int i,inl=0,outl=0,outll=0;
- X509_ALGOR *a;
-
- EVP_MD_CTX_init(&ctx);
- for (i=0; i<2; i++)
- {
- if (i == 0)
- a=algor1;
- else
- a=algor2;
- if (a == NULL) continue;
- if (type->pkey_type == NID_dsaWithSHA1)
- {
- /* special case: RFC 2459 tells us to omit 'parameters'
- * with id-dsa-with-sha1 */
- ASN1_TYPE_free(a->parameter);
- a->parameter = NULL;
- }
- else if ((a->parameter == NULL) ||
- (a->parameter->type != V_ASN1_NULL))
- {
- ASN1_TYPE_free(a->parameter);
- if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
- a->parameter->type=V_ASN1_NULL;
- }
- ASN1_OBJECT_free(a->algorithm);
- a->algorithm=OBJ_nid2obj(type->pkey_type);
- if (a->algorithm == NULL)
- {
- ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
- goto err;
- }
- if (a->algorithm->length == 0)
- {
- ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
- goto err;
- }
- }
- inl=i2d(data,NULL);
- buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
- outll=outl=EVP_PKEY_size(pkey);
- buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
- if ((buf_in == NULL) || (buf_out == NULL))
- {
- outl=0;
- ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- p=buf_in;
-
- i2d(data,&p);
- EVP_SignInit_ex(&ctx,type, NULL);
- EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
- if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
- (unsigned int *)&outl,pkey))
- {
- outl=0;
- ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
- goto err;
- }
- if (signature->data != NULL) OPENSSL_free(signature->data);
- signature->data=buf_out;
- buf_out=NULL;
- signature->length=outl;
- /* In the interests of compatibility, I'll make sure that
- * the bit string has a 'not-used bits' value of 0
- */
- signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
- signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-err:
- EVP_MD_CTX_cleanup(&ctx);
- if (buf_in != NULL)
- { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
- if (buf_out != NULL)
- { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
- return(outl);
- }
-
-#endif
-
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
- ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
- const EVP_MD *type)
- {
- EVP_MD_CTX ctx;
- unsigned char *buf_in=NULL,*buf_out=NULL;
- int i,inl=0,outl=0,outll=0;
- X509_ALGOR *a;
-
- EVP_MD_CTX_init(&ctx);
- for (i=0; i<2; i++)
- {
- if (i == 0)
- a=algor1;
- else
- a=algor2;
- if (a == NULL) continue;
- if (type->pkey_type == NID_dsaWithSHA1 ||
- type->pkey_type == NID_ecdsa_with_SHA1)
- {
- /* special case: RFC 3279 tells us to omit 'parameters'
- * with id-dsa-with-sha1 and ecdsa-with-SHA1 */
- ASN1_TYPE_free(a->parameter);
- a->parameter = NULL;
- }
- else if ((a->parameter == NULL) ||
- (a->parameter->type != V_ASN1_NULL))
- {
- ASN1_TYPE_free(a->parameter);
- if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
- a->parameter->type=V_ASN1_NULL;
- }
- ASN1_OBJECT_free(a->algorithm);
- a->algorithm=OBJ_nid2obj(type->pkey_type);
- if (a->algorithm == NULL)
- {
- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
- goto err;
- }
- if (a->algorithm->length == 0)
- {
- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
- goto err;
- }
- }
- inl=ASN1_item_i2d(asn,&buf_in, it);
- outll=outl=EVP_PKEY_size(pkey);
- buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
- if ((buf_in == NULL) || (buf_out == NULL))
- {
- outl=0;
- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!EVP_SignInit_ex(&ctx,type, NULL))
- {
- outl=0;
- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
- goto err;
- }
- EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
- if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
- (unsigned int *)&outl,pkey))
- {
- outl=0;
- ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
- goto err;
- }
- if (signature->data != NULL) OPENSSL_free(signature->data);
- signature->data=buf_out;
- buf_out=NULL;
- signature->length=outl;
- /* In the interests of compatibility, I'll make sure that
- * the bit string has a 'not-used bits' value of 0
- */
- signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
- signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-err:
- EVP_MD_CTX_cleanup(&ctx);
- if (buf_in != NULL)
- { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
- if (buf_out != NULL)
- { OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
- return(outl);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_sign.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_sign.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_sign.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,305 @@
+/* crypto/asn1/a_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
+ ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+ const EVP_MD *type)
+{
+ EVP_MD_CTX ctx;
+ unsigned char *p, *buf_in = NULL, *buf_out = NULL;
+ int i, inl = 0, outl = 0, outll = 0;
+ X509_ALGOR *a;
+
+ EVP_MD_CTX_init(&ctx);
+ for (i = 0; i < 2; i++) {
+ if (i == 0)
+ a = algor1;
+ else
+ a = algor2;
+ if (a == NULL)
+ continue;
+ if (type->pkey_type == NID_dsaWithSHA1) {
+ /*
+ * special case: RFC 2459 tells us to omit 'parameters' with
+ * id-dsa-with-sha1
+ */
+ ASN1_TYPE_free(a->parameter);
+ a->parameter = NULL;
+ } else if ((a->parameter == NULL) ||
+ (a->parameter->type != V_ASN1_NULL)) {
+ ASN1_TYPE_free(a->parameter);
+ if ((a->parameter = ASN1_TYPE_new()) == NULL)
+ goto err;
+ a->parameter->type = V_ASN1_NULL;
+ }
+ ASN1_OBJECT_free(a->algorithm);
+ a->algorithm = OBJ_nid2obj(type->pkey_type);
+ if (a->algorithm == NULL) {
+ ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);
+ goto err;
+ }
+ if (a->algorithm->length == 0) {
+ ASN1err(ASN1_F_ASN1_SIGN,
+ ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+ goto err;
+ }
+ }
+ inl = i2d(data, NULL);
+ buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl);
+ outll = outl = EVP_PKEY_size(pkey);
+ buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl);
+ if ((buf_in == NULL) || (buf_out == NULL)) {
+ outl = 0;
+ ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ p = buf_in;
+
+ i2d(data, &p);
+ EVP_SignInit_ex(&ctx, type, NULL);
+ EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl);
+ if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out,
+ (unsigned int *)&outl, pkey)) {
+ outl = 0;
+ ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
+ goto err;
+ }
+ if (signature->data != NULL)
+ OPENSSL_free(signature->data);
+ signature->data = buf_out;
+ buf_out = NULL;
+ signature->length = outl;
+ /*
+ * In the interests of compatibility, I'll make sure that the bit string
+ * has a 'not-used bits' value of 0
+ */
+ signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+ signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ err:
+ EVP_MD_CTX_cleanup(&ctx);
+ if (buf_in != NULL) {
+ OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
+ OPENSSL_free(buf_in);
+ }
+ if (buf_out != NULL) {
+ OPENSSL_cleanse((char *)buf_out, outll);
+ OPENSSL_free(buf_out);
+ }
+ return (outl);
+}
+
+#endif
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
+ X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
+ EVP_PKEY *pkey, const EVP_MD *type)
+{
+ EVP_MD_CTX ctx;
+ unsigned char *buf_in = NULL, *buf_out = NULL;
+ int i, inl = 0, outl = 0, outll = 0;
+ X509_ALGOR *a;
+
+ EVP_MD_CTX_init(&ctx);
+ for (i = 0; i < 2; i++) {
+ if (i == 0)
+ a = algor1;
+ else
+ a = algor2;
+ if (a == NULL)
+ continue;
+ if (type->pkey_type == NID_dsaWithSHA1 ||
+ type->pkey_type == NID_ecdsa_with_SHA1) {
+ /*
+ * special case: RFC 3279 tells us to omit 'parameters' with
+ * id-dsa-with-sha1 and ecdsa-with-SHA1
+ */
+ ASN1_TYPE_free(a->parameter);
+ a->parameter = NULL;
+ } else if ((a->parameter == NULL) ||
+ (a->parameter->type != V_ASN1_NULL)) {
+ ASN1_TYPE_free(a->parameter);
+ if ((a->parameter = ASN1_TYPE_new()) == NULL)
+ goto err;
+ a->parameter->type = V_ASN1_NULL;
+ }
+ ASN1_OBJECT_free(a->algorithm);
+ a->algorithm = OBJ_nid2obj(type->pkey_type);
+ if (a->algorithm == NULL) {
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);
+ goto err;
+ }
+ if (a->algorithm->length == 0) {
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN,
+ ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+ goto err;
+ }
+ }
+ inl = ASN1_item_i2d(asn, &buf_in, it);
+ outll = outl = EVP_PKEY_size(pkey);
+ buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl);
+ if ((buf_in == NULL) || (buf_out == NULL)) {
+ outl = 0;
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!EVP_SignInit_ex(&ctx, type, NULL)) {
+ outl = 0;
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB);
+ goto err;
+ }
+ EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl);
+ if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out,
+ (unsigned int *)&outl, pkey)) {
+ outl = 0;
+ ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB);
+ goto err;
+ }
+ if (signature->data != NULL)
+ OPENSSL_free(signature->data);
+ signature->data = buf_out;
+ buf_out = NULL;
+ signature->length = outl;
+ /*
+ * In the interests of compatibility, I'll make sure that the bit string
+ * has a 'not-used bits' value of 0
+ */
+ signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+ signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ err:
+ EVP_MD_CTX_cleanup(&ctx);
+ if (buf_in != NULL) {
+ OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
+ OPENSSL_free(buf_in);
+ }
+ if (buf_out != NULL) {
+ OPENSSL_cleanse((char *)buf_out, outll);
+ OPENSSL_free(buf_out);
+ }
+ return (outl);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strex.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_strex.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strex.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,575 +0,0 @@
-/* a_strex.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-
-#include "charmap.h"
-
-/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
- * Enhanced string and name printing routines handling
- * multibyte characters, RFC2253 and a host of other
- * options.
- */
-
-
-#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
-
-#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
- ASN1_STRFLGS_ESC_QUOTE | \
- ASN1_STRFLGS_ESC_CTRL | \
- ASN1_STRFLGS_ESC_MSB)
-
-
-/* Three IO functions for sending data to memory, a BIO and
- * and a FILE pointer.
- */
-#if 0 /* never used */
-static int send_mem_chars(void *arg, const void *buf, int len)
-{
- unsigned char **out = arg;
- if(!out) return 1;
- memcpy(*out, buf, len);
- *out += len;
- return 1;
-}
-#endif
-
-static int send_bio_chars(void *arg, const void *buf, int len)
-{
- if(!arg) return 1;
- if(BIO_write(arg, buf, len) != len) return 0;
- return 1;
-}
-
-static int send_fp_chars(void *arg, const void *buf, int len)
-{
- if(!arg) return 1;
- if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
- return 1;
-}
-
-typedef int char_io(void *arg, const void *buf, int len);
-
-/* This function handles display of
- * strings, one character at a time.
- * It is passed an unsigned long for each
- * character because it could come from 2 or even
- * 4 byte forms.
- */
-
-static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
-{
- unsigned char chflgs, chtmp;
- char tmphex[HEX_SIZE(long)+3];
-
- if(c > 0xffffffffL)
- return -1;
- if(c > 0xffff) {
- BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
- if(!io_ch(arg, tmphex, 10)) return -1;
- return 10;
- }
- if(c > 0xff) {
- BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
- if(!io_ch(arg, tmphex, 6)) return -1;
- return 6;
- }
- chtmp = (unsigned char)c;
- if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB;
- else chflgs = char_type[chtmp] & flags;
- if(chflgs & CHARTYPE_BS_ESC) {
- /* If we don't escape with quotes, signal we need quotes */
- if(chflgs & ASN1_STRFLGS_ESC_QUOTE) {
- if(do_quotes) *do_quotes = 1;
- if(!io_ch(arg, &chtmp, 1)) return -1;
- return 1;
- }
- if(!io_ch(arg, "\\", 1)) return -1;
- if(!io_ch(arg, &chtmp, 1)) return -1;
- return 2;
- }
- if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {
- BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
- if(!io_ch(arg, tmphex, 3)) return -1;
- return 3;
- }
- /* If we get this far and do any escaping at all must escape
- * the escape character itself: backslash.
- */
- if (chtmp == '\\' && flags & ESC_FLAGS) {
- if(!io_ch(arg, "\\\\", 2)) return -1;
- return 2;
- }
- if(!io_ch(arg, &chtmp, 1)) return -1;
- return 1;
-}
-
-#define BUF_TYPE_WIDTH_MASK 0x7
-#define BUF_TYPE_CONVUTF8 0x8
-
-/* This function sends each character in a buffer to
- * do_esc_char(). It interprets the content formats
- * and converts to or from UTF8 as appropriate.
- */
-
-static int do_buf(unsigned char *buf, int buflen,
- int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg)
-{
- int i, outlen, len;
- unsigned char orflags, *p, *q;
- unsigned long c;
- p = buf;
- q = buf + buflen;
- outlen = 0;
- while(p != q) {
- if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253;
- else orflags = 0;
- switch(type & BUF_TYPE_WIDTH_MASK) {
- case 4:
- c = ((unsigned long)*p++) << 24;
- c |= ((unsigned long)*p++) << 16;
- c |= ((unsigned long)*p++) << 8;
- c |= *p++;
- break;
-
- case 2:
- c = ((unsigned long)*p++) << 8;
- c |= *p++;
- break;
-
- case 1:
- c = *p++;
- break;
-
- case 0:
- i = UTF8_getc(p, buflen, &c);
- if(i < 0) return -1; /* Invalid UTF8String */
- p += i;
- break;
- default:
- return -1; /* invalid width */
- }
- if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253;
- if(type & BUF_TYPE_CONVUTF8) {
- unsigned char utfbuf[6];
- int utflen;
- utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
- for(i = 0; i < utflen; i++) {
- /* We don't need to worry about setting orflags correctly
- * because if utflen==1 its value will be correct anyway
- * otherwise each character will be > 0x7f and so the
- * character will never be escaped on first and last.
- */
- len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg);
- if(len < 0) return -1;
- outlen += len;
- }
- } else {
- len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg);
- if(len < 0) return -1;
- outlen += len;
- }
- }
- return outlen;
-}
-
-/* This function hex dumps a buffer of characters */
-
-static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
-{
- static const char hexdig[] = "0123456789ABCDEF";
- unsigned char *p, *q;
- char hextmp[2];
- if(arg) {
- p = buf;
- q = buf + buflen;
- while(p != q) {
- hextmp[0] = hexdig[*p >> 4];
- hextmp[1] = hexdig[*p & 0xf];
- if(!io_ch(arg, hextmp, 2)) return -1;
- p++;
- }
- }
- return buflen << 1;
-}
-
-/* "dump" a string. This is done when the type is unknown,
- * or the flags request it. We can either dump the content
- * octets or the entire DER encoding. This uses the RFC2253
- * #01234 format.
- */
-
-static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
-{
- /* Placing the ASN1_STRING in a temp ASN1_TYPE allows
- * the DER encoding to readily obtained
- */
- ASN1_TYPE t;
- unsigned char *der_buf, *p;
- int outlen, der_len;
-
- if(!io_ch(arg, "#", 1)) return -1;
- /* If we don't dump DER encoding just dump content octets */
- if(!(lflags & ASN1_STRFLGS_DUMP_DER)) {
- outlen = do_hex_dump(io_ch, arg, str->data, str->length);
- if(outlen < 0) return -1;
- return outlen + 1;
- }
- t.type = str->type;
- t.value.ptr = (char *)str;
- der_len = i2d_ASN1_TYPE(&t, NULL);
- der_buf = OPENSSL_malloc(der_len);
- if(!der_buf) return -1;
- p = der_buf;
- i2d_ASN1_TYPE(&t, &p);
- outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
- OPENSSL_free(der_buf);
- if(outlen < 0) return -1;
- return outlen + 1;
-}
-
-/* Lookup table to convert tags to character widths,
- * 0 = UTF8 encoded, -1 is used for non string types
- * otherwise it is the number of bytes per character
- */
-
-static const signed char tag2nbyte[] = {
- -1, -1, -1, -1, -1, /* 0-4 */
- -1, -1, -1, -1, -1, /* 5-9 */
- -1, -1, 0, -1, /* 10-13 */
- -1, -1, -1, -1, /* 15-17 */
- -1, 1, 1, /* 18-20 */
- -1, 1, 1, 1, /* 21-24 */
- -1, 1, -1, /* 25-27 */
- 4, -1, 2 /* 28-30 */
-};
-
-/* This is the main function, print out an
- * ASN1_STRING taking note of various escape
- * and display options. Returns number of
- * characters written or -1 if an error
- * occurred.
- */
-
-static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str)
-{
- int outlen, len;
- int type;
- char quotes;
- unsigned char flags;
- quotes = 0;
- /* Keep a copy of escape flags */
- flags = (unsigned char)(lflags & ESC_FLAGS);
-
- type = str->type;
-
- outlen = 0;
-
-
- if(lflags & ASN1_STRFLGS_SHOW_TYPE) {
- const char *tagname;
- tagname = ASN1_tag2str(type);
- outlen += strlen(tagname);
- if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1;
- outlen++;
- }
-
- /* Decide what to do with type, either dump content or display it */
-
- /* Dump everything */
- if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1;
- /* Ignore the string type */
- else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1;
- else {
- /* Else determine width based on type */
- if((type > 0) && (type < 31)) type = tag2nbyte[type];
- else type = -1;
- if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;
- }
-
- if(type == -1) {
- len = do_dump(lflags, io_ch, arg, str);
- if(len < 0) return -1;
- outlen += len;
- return outlen;
- }
-
- if(lflags & ASN1_STRFLGS_UTF8_CONVERT) {
- /* Note: if string is UTF8 and we want
- * to convert to UTF8 then we just interpret
- * it as 1 byte per character to avoid converting
- * twice.
- */
- if(!type) type = 1;
- else type |= BUF_TYPE_CONVUTF8;
- }
-
- len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL);
- if(len < 0) return -1;
- outlen += len;
- if(quotes) outlen += 2;
- if(!arg) return outlen;
- if(quotes && !io_ch(arg, "\"", 1)) return -1;
- if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
- return -1;
- if(quotes && !io_ch(arg, "\"", 1)) return -1;
- return outlen;
-}
-
-/* Used for line indenting: print 'indent' spaces */
-
-static int do_indent(char_io *io_ch, void *arg, int indent)
-{
- int i;
- for(i = 0; i < indent; i++)
- if(!io_ch(arg, " ", 1)) return 0;
- return 1;
-}
-
-#define FN_WIDTH_LN 25
-#define FN_WIDTH_SN 10
-
-static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
- int indent, unsigned long flags)
-{
- int i, prev = -1, orflags, cnt;
- int fn_opt, fn_nid;
- ASN1_OBJECT *fn;
- ASN1_STRING *val;
- X509_NAME_ENTRY *ent;
- char objtmp[80];
- const char *objbuf;
- int outlen, len;
- char *sep_dn, *sep_mv, *sep_eq;
- int sep_dn_len, sep_mv_len, sep_eq_len;
- if(indent < 0) indent = 0;
- outlen = indent;
- if(!do_indent(io_ch, arg, indent)) return -1;
- switch (flags & XN_FLAG_SEP_MASK)
- {
- case XN_FLAG_SEP_MULTILINE:
- sep_dn = "\n";
- sep_dn_len = 1;
- sep_mv = " + ";
- sep_mv_len = 3;
- break;
-
- case XN_FLAG_SEP_COMMA_PLUS:
- sep_dn = ",";
- sep_dn_len = 1;
- sep_mv = "+";
- sep_mv_len = 1;
- indent = 0;
- break;
-
- case XN_FLAG_SEP_CPLUS_SPC:
- sep_dn = ", ";
- sep_dn_len = 2;
- sep_mv = " + ";
- sep_mv_len = 3;
- indent = 0;
- break;
-
- case XN_FLAG_SEP_SPLUS_SPC:
- sep_dn = "; ";
- sep_dn_len = 2;
- sep_mv = " + ";
- sep_mv_len = 3;
- indent = 0;
- break;
-
- default:
- return -1;
- }
-
- if(flags & XN_FLAG_SPC_EQ) {
- sep_eq = " = ";
- sep_eq_len = 3;
- } else {
- sep_eq = "=";
- sep_eq_len = 1;
- }
-
- fn_opt = flags & XN_FLAG_FN_MASK;
-
- cnt = X509_NAME_entry_count(n);
- for(i = 0; i < cnt; i++) {
- if(flags & XN_FLAG_DN_REV)
- ent = X509_NAME_get_entry(n, cnt - i - 1);
- else ent = X509_NAME_get_entry(n, i);
- if(prev != -1) {
- if(prev == ent->set) {
- if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;
- outlen += sep_mv_len;
- } else {
- if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;
- outlen += sep_dn_len;
- if(!do_indent(io_ch, arg, indent)) return -1;
- outlen += indent;
- }
- }
- prev = ent->set;
- fn = X509_NAME_ENTRY_get_object(ent);
- val = X509_NAME_ENTRY_get_data(ent);
- fn_nid = OBJ_obj2nid(fn);
- if(fn_opt != XN_FLAG_FN_NONE) {
- int objlen, fld_len;
- if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
- OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
- fld_len = 0; /* XXX: what should this be? */
- objbuf = objtmp;
- } else {
- if(fn_opt == XN_FLAG_FN_SN) {
- fld_len = FN_WIDTH_SN;
- objbuf = OBJ_nid2sn(fn_nid);
- } else if(fn_opt == XN_FLAG_FN_LN) {
- fld_len = FN_WIDTH_LN;
- objbuf = OBJ_nid2ln(fn_nid);
- } else {
- fld_len = 0; /* XXX: what should this be? */
- objbuf = "";
- }
- }
- objlen = strlen(objbuf);
- if(!io_ch(arg, objbuf, objlen)) return -1;
- if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
- if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;
- outlen += fld_len - objlen;
- }
- if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
- outlen += objlen + sep_eq_len;
- }
- /* If the field name is unknown then fix up the DER dump
- * flag. We might want to limit this further so it will
- * DER dump on anything other than a few 'standard' fields.
- */
- if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
- orflags = ASN1_STRFLGS_DUMP_ALL;
- else orflags = 0;
-
- len = do_print_ex(io_ch, arg, flags | orflags, val);
- if(len < 0) return -1;
- outlen += len;
- }
- return outlen;
-}
-
-/* Wrappers round the main functions */
-
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
-{
- if(flags == XN_FLAG_COMPAT)
- return X509_NAME_print(out, nm, indent);
- return do_name_ex(send_bio_chars, out, nm, indent, flags);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
-{
- if(flags == XN_FLAG_COMPAT)
- {
- BIO *btmp;
- int ret;
- btmp = BIO_new_fp(fp, BIO_NOCLOSE);
- if(!btmp) return -1;
- ret = X509_NAME_print(btmp, nm, indent);
- BIO_free(btmp);
- return ret;
- }
- return do_name_ex(send_fp_chars, fp, nm, indent, flags);
-}
-#endif
-
-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
-{
- return do_print_ex(send_bio_chars, out, flags, str);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
-{
- return do_print_ex(send_fp_chars, fp, flags, str);
-}
-#endif
-
-/* Utility function: convert any string type to UTF8, returns number of bytes
- * in output string or a negative error code
- */
-
-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
-{
- ASN1_STRING stmp, *str = &stmp;
- int mbflag, type, ret;
- if(!in) return -1;
- type = in->type;
- if((type < 0) || (type > 30)) return -1;
- mbflag = tag2nbyte[type];
- if(mbflag == -1) return -1;
- mbflag |= MBSTRING_FLAG;
- stmp.data = NULL;
- stmp.length = 0;
- ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
- if(ret < 0) return ret;
- *out = stmp.data;
- return stmp.length;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strex.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_strex.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strex.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strex.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,648 @@
+/* a_strex.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+#include "charmap.h"
+
+/*
+ * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name
+ * printing routines handling multibyte characters, RFC2253 and a host of
+ * other options.
+ */
+
+#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+
+#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+ ASN1_STRFLGS_ESC_QUOTE | \
+ ASN1_STRFLGS_ESC_CTRL | \
+ ASN1_STRFLGS_ESC_MSB)
+
+/*
+ * Three IO functions for sending data to memory, a BIO and and a FILE
+ * pointer.
+ */
+#if 0 /* never used */
+static int send_mem_chars(void *arg, const void *buf, int len)
+{
+ unsigned char **out = arg;
+ if (!out)
+ return 1;
+ memcpy(*out, buf, len);
+ *out += len;
+ return 1;
+}
+#endif
+
+static int send_bio_chars(void *arg, const void *buf, int len)
+{
+ if (!arg)
+ return 1;
+ if (BIO_write(arg, buf, len) != len)
+ return 0;
+ return 1;
+}
+
+static int send_fp_chars(void *arg, const void *buf, int len)
+{
+ if (!arg)
+ return 1;
+ if (fwrite(buf, 1, len, arg) != (unsigned int)len)
+ return 0;
+ return 1;
+}
+
+typedef int char_io (void *arg, const void *buf, int len);
+
+/*
+ * This function handles display of strings, one character at a time. It is
+ * passed an unsigned long for each character because it could come from 2 or
+ * even 4 byte forms.
+ */
+
+static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
+ char_io *io_ch, void *arg)
+{
+ unsigned char chflgs, chtmp;
+ char tmphex[HEX_SIZE(long) + 3];
+
+ if (c > 0xffffffffL)
+ return -1;
+ if (c > 0xffff) {
+ BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
+ if (!io_ch(arg, tmphex, 10))
+ return -1;
+ return 10;
+ }
+ if (c > 0xff) {
+ BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
+ if (!io_ch(arg, tmphex, 6))
+ return -1;
+ return 6;
+ }
+ chtmp = (unsigned char)c;
+ if (chtmp > 0x7f)
+ chflgs = flags & ASN1_STRFLGS_ESC_MSB;
+ else
+ chflgs = char_type[chtmp] & flags;
+ if (chflgs & CHARTYPE_BS_ESC) {
+ /* If we don't escape with quotes, signal we need quotes */
+ if (chflgs & ASN1_STRFLGS_ESC_QUOTE) {
+ if (do_quotes)
+ *do_quotes = 1;
+ if (!io_ch(arg, &chtmp, 1))
+ return -1;
+ return 1;
+ }
+ if (!io_ch(arg, "\\", 1))
+ return -1;
+ if (!io_ch(arg, &chtmp, 1))
+ return -1;
+ return 2;
+ }
+ if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) {
+ BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
+ if (!io_ch(arg, tmphex, 3))
+ return -1;
+ return 3;
+ }
+ /*
+ * If we get this far and do any escaping at all must escape the escape
+ * character itself: backslash.
+ */
+ if (chtmp == '\\' && flags & ESC_FLAGS) {
+ if (!io_ch(arg, "\\\\", 2))
+ return -1;
+ return 2;
+ }
+ if (!io_ch(arg, &chtmp, 1))
+ return -1;
+ return 1;
+}
+
+#define BUF_TYPE_WIDTH_MASK 0x7
+#define BUF_TYPE_CONVUTF8 0x8
+
+/*
+ * This function sends each character in a buffer to do_esc_char(). It
+ * interprets the content formats and converts to or from UTF8 as
+ * appropriate.
+ */
+
+static int do_buf(unsigned char *buf, int buflen,
+ int type, unsigned char flags, char *quotes, char_io *io_ch,
+ void *arg)
+{
+ int i, outlen, len;
+ unsigned char orflags, *p, *q;
+ unsigned long c;
+ p = buf;
+ q = buf + buflen;
+ outlen = 0;
+ while (p != q) {
+ if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
+ orflags = CHARTYPE_FIRST_ESC_2253;
+ else
+ orflags = 0;
+ switch (type & BUF_TYPE_WIDTH_MASK) {
+ case 4:
+ c = ((unsigned long)*p++) << 24;
+ c |= ((unsigned long)*p++) << 16;
+ c |= ((unsigned long)*p++) << 8;
+ c |= *p++;
+ break;
+
+ case 2:
+ c = ((unsigned long)*p++) << 8;
+ c |= *p++;
+ break;
+
+ case 1:
+ c = *p++;
+ break;
+
+ case 0:
+ i = UTF8_getc(p, buflen, &c);
+ if (i < 0)
+ return -1; /* Invalid UTF8String */
+ p += i;
+ break;
+ default:
+ return -1; /* invalid width */
+ }
+ if (p == q && flags & ASN1_STRFLGS_ESC_2253)
+ orflags = CHARTYPE_LAST_ESC_2253;
+ if (type & BUF_TYPE_CONVUTF8) {
+ unsigned char utfbuf[6];
+ int utflen;
+ utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
+ for (i = 0; i < utflen; i++) {
+ /*
+ * We don't need to worry about setting orflags correctly
+ * because if utflen==1 its value will be correct anyway
+ * otherwise each character will be > 0x7f and so the
+ * character will never be escaped on first and last.
+ */
+ len =
+ do_esc_char(utfbuf[i], (unsigned char)(flags | orflags),
+ quotes, io_ch, arg);
+ if (len < 0)
+ return -1;
+ outlen += len;
+ }
+ } else {
+ len =
+ do_esc_char(c, (unsigned char)(flags | orflags), quotes,
+ io_ch, arg);
+ if (len < 0)
+ return -1;
+ outlen += len;
+ }
+ }
+ return outlen;
+}
+
+/* This function hex dumps a buffer of characters */
+
+static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
+ int buflen)
+{
+ static const char hexdig[] = "0123456789ABCDEF";
+ unsigned char *p, *q;
+ char hextmp[2];
+ if (arg) {
+ p = buf;
+ q = buf + buflen;
+ while (p != q) {
+ hextmp[0] = hexdig[*p >> 4];
+ hextmp[1] = hexdig[*p & 0xf];
+ if (!io_ch(arg, hextmp, 2))
+ return -1;
+ p++;
+ }
+ }
+ return buflen << 1;
+}
+
+/*
+ * "dump" a string. This is done when the type is unknown, or the flags
+ * request it. We can either dump the content octets or the entire DER
+ * encoding. This uses the RFC2253 #01234 format.
+ */
+
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
+ ASN1_STRING *str)
+{
+ /*
+ * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
+ * readily obtained
+ */
+ ASN1_TYPE t;
+ unsigned char *der_buf, *p;
+ int outlen, der_len;
+
+ if (!io_ch(arg, "#", 1))
+ return -1;
+ /* If we don't dump DER encoding just dump content octets */
+ if (!(lflags & ASN1_STRFLGS_DUMP_DER)) {
+ outlen = do_hex_dump(io_ch, arg, str->data, str->length);
+ if (outlen < 0)
+ return -1;
+ return outlen + 1;
+ }
+ t.type = str->type;
+ t.value.ptr = (char *)str;
+ der_len = i2d_ASN1_TYPE(&t, NULL);
+ der_buf = OPENSSL_malloc(der_len);
+ if (!der_buf)
+ return -1;
+ p = der_buf;
+ i2d_ASN1_TYPE(&t, &p);
+ outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
+ OPENSSL_free(der_buf);
+ if (outlen < 0)
+ return -1;
+ return outlen + 1;
+}
+
+/*
+ * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is
+ * used for non string types otherwise it is the number of bytes per
+ * character
+ */
+
+static const signed char tag2nbyte[] = {
+ -1, -1, -1, -1, -1, /* 0-4 */
+ -1, -1, -1, -1, -1, /* 5-9 */
+ -1, -1, 0, -1, /* 10-13 */
+ -1, -1, -1, -1, /* 15-17 */
+ -1, 1, 1, /* 18-20 */
+ -1, 1, 1, 1, /* 21-24 */
+ -1, 1, -1, /* 25-27 */
+ 4, -1, 2 /* 28-30 */
+};
+
+/*
+ * This is the main function, print out an ASN1_STRING taking note of various
+ * escape and display options. Returns number of characters written or -1 if
+ * an error occurred.
+ */
+
+static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
+ ASN1_STRING *str)
+{
+ int outlen, len;
+ int type;
+ char quotes;
+ unsigned char flags;
+ quotes = 0;
+ /* Keep a copy of escape flags */
+ flags = (unsigned char)(lflags & ESC_FLAGS);
+
+ type = str->type;
+
+ outlen = 0;
+
+ if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
+ const char *tagname;
+ tagname = ASN1_tag2str(type);
+ outlen += strlen(tagname);
+ if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
+ return -1;
+ outlen++;
+ }
+
+ /* Decide what to do with type, either dump content or display it */
+
+ /* Dump everything */
+ if (lflags & ASN1_STRFLGS_DUMP_ALL)
+ type = -1;
+ /* Ignore the string type */
+ else if (lflags & ASN1_STRFLGS_IGNORE_TYPE)
+ type = 1;
+ else {
+ /* Else determine width based on type */
+ if ((type > 0) && (type < 31))
+ type = tag2nbyte[type];
+ else
+ type = -1;
+ if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN))
+ type = 1;
+ }
+
+ if (type == -1) {
+ len = do_dump(lflags, io_ch, arg, str);
+ if (len < 0)
+ return -1;
+ outlen += len;
+ return outlen;
+ }
+
+ if (lflags & ASN1_STRFLGS_UTF8_CONVERT) {
+ /*
+ * Note: if string is UTF8 and we want to convert to UTF8 then we
+ * just interpret it as 1 byte per character to avoid converting
+ * twice.
+ */
+ if (!type)
+ type = 1;
+ else
+ type |= BUF_TYPE_CONVUTF8;
+ }
+
+ len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL);
+ if (len < 0)
+ return -1;
+ outlen += len;
+ if (quotes)
+ outlen += 2;
+ if (!arg)
+ return outlen;
+ if (quotes && !io_ch(arg, "\"", 1))
+ return -1;
+ if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
+ return -1;
+ if (quotes && !io_ch(arg, "\"", 1))
+ return -1;
+ return outlen;
+}
+
+/* Used for line indenting: print 'indent' spaces */
+
+static int do_indent(char_io *io_ch, void *arg, int indent)
+{
+ int i;
+ for (i = 0; i < indent; i++)
+ if (!io_ch(arg, " ", 1))
+ return 0;
+ return 1;
+}
+
+#define FN_WIDTH_LN 25
+#define FN_WIDTH_SN 10
+
+static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
+ int indent, unsigned long flags)
+{
+ int i, prev = -1, orflags, cnt;
+ int fn_opt, fn_nid;
+ ASN1_OBJECT *fn;
+ ASN1_STRING *val;
+ X509_NAME_ENTRY *ent;
+ char objtmp[80];
+ const char *objbuf;
+ int outlen, len;
+ char *sep_dn, *sep_mv, *sep_eq;
+ int sep_dn_len, sep_mv_len, sep_eq_len;
+ if (indent < 0)
+ indent = 0;
+ outlen = indent;
+ if (!do_indent(io_ch, arg, indent))
+ return -1;
+ switch (flags & XN_FLAG_SEP_MASK) {
+ case XN_FLAG_SEP_MULTILINE:
+ sep_dn = "\n";
+ sep_dn_len = 1;
+ sep_mv = " + ";
+ sep_mv_len = 3;
+ break;
+
+ case XN_FLAG_SEP_COMMA_PLUS:
+ sep_dn = ",";
+ sep_dn_len = 1;
+ sep_mv = "+";
+ sep_mv_len = 1;
+ indent = 0;
+ break;
+
+ case XN_FLAG_SEP_CPLUS_SPC:
+ sep_dn = ", ";
+ sep_dn_len = 2;
+ sep_mv = " + ";
+ sep_mv_len = 3;
+ indent = 0;
+ break;
+
+ case XN_FLAG_SEP_SPLUS_SPC:
+ sep_dn = "; ";
+ sep_dn_len = 2;
+ sep_mv = " + ";
+ sep_mv_len = 3;
+ indent = 0;
+ break;
+
+ default:
+ return -1;
+ }
+
+ if (flags & XN_FLAG_SPC_EQ) {
+ sep_eq = " = ";
+ sep_eq_len = 3;
+ } else {
+ sep_eq = "=";
+ sep_eq_len = 1;
+ }
+
+ fn_opt = flags & XN_FLAG_FN_MASK;
+
+ cnt = X509_NAME_entry_count(n);
+ for (i = 0; i < cnt; i++) {
+ if (flags & XN_FLAG_DN_REV)
+ ent = X509_NAME_get_entry(n, cnt - i - 1);
+ else
+ ent = X509_NAME_get_entry(n, i);
+ if (prev != -1) {
+ if (prev == ent->set) {
+ if (!io_ch(arg, sep_mv, sep_mv_len))
+ return -1;
+ outlen += sep_mv_len;
+ } else {
+ if (!io_ch(arg, sep_dn, sep_dn_len))
+ return -1;
+ outlen += sep_dn_len;
+ if (!do_indent(io_ch, arg, indent))
+ return -1;
+ outlen += indent;
+ }
+ }
+ prev = ent->set;
+ fn = X509_NAME_ENTRY_get_object(ent);
+ val = X509_NAME_ENTRY_get_data(ent);
+ fn_nid = OBJ_obj2nid(fn);
+ if (fn_opt != XN_FLAG_FN_NONE) {
+ int objlen, fld_len;
+ if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
+ OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
+ fld_len = 0; /* XXX: what should this be? */
+ objbuf = objtmp;
+ } else {
+ if (fn_opt == XN_FLAG_FN_SN) {
+ fld_len = FN_WIDTH_SN;
+ objbuf = OBJ_nid2sn(fn_nid);
+ } else if (fn_opt == XN_FLAG_FN_LN) {
+ fld_len = FN_WIDTH_LN;
+ objbuf = OBJ_nid2ln(fn_nid);
+ } else {
+ fld_len = 0; /* XXX: what should this be? */
+ objbuf = "";
+ }
+ }
+ objlen = strlen(objbuf);
+ if (!io_ch(arg, objbuf, objlen))
+ return -1;
+ if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
+ if (!do_indent(io_ch, arg, fld_len - objlen))
+ return -1;
+ outlen += fld_len - objlen;
+ }
+ if (!io_ch(arg, sep_eq, sep_eq_len))
+ return -1;
+ outlen += objlen + sep_eq_len;
+ }
+ /*
+ * If the field name is unknown then fix up the DER dump flag. We
+ * might want to limit this further so it will DER dump on anything
+ * other than a few 'standard' fields.
+ */
+ if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
+ orflags = ASN1_STRFLGS_DUMP_ALL;
+ else
+ orflags = 0;
+
+ len = do_print_ex(io_ch, arg, flags | orflags, val);
+ if (len < 0)
+ return -1;
+ outlen += len;
+ }
+ return outlen;
+}
+
+/* Wrappers round the main functions */
+
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
+ unsigned long flags)
+{
+ if (flags == XN_FLAG_COMPAT)
+ return X509_NAME_print(out, nm, indent);
+ return do_name_ex(send_bio_chars, out, nm, indent, flags);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
+ unsigned long flags)
+{
+ if (flags == XN_FLAG_COMPAT) {
+ BIO *btmp;
+ int ret;
+ btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+ if (!btmp)
+ return -1;
+ ret = X509_NAME_print(btmp, nm, indent);
+ BIO_free(btmp);
+ return ret;
+ }
+ return do_name_ex(send_fp_chars, fp, nm, indent, flags);
+}
+#endif
+
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
+{
+ return do_print_ex(send_bio_chars, out, flags, str);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
+{
+ return do_print_ex(send_fp_chars, fp, flags, str);
+}
+#endif
+
+/*
+ * Utility function: convert any string type to UTF8, returns number of bytes
+ * in output string or a negative error code
+ */
+
+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
+{
+ ASN1_STRING stmp, *str = &stmp;
+ int mbflag, type, ret;
+ if (!in)
+ return -1;
+ type = in->type;
+ if ((type < 0) || (type > 30))
+ return -1;
+ mbflag = tag2nbyte[type];
+ if (mbflag == -1)
+ return -1;
+ mbflag |= MBSTRING_FLAG;
+ stmp.data = NULL;
+ stmp.length = 0;
+ ret =
+ ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
+ B_ASN1_UTF8STRING);
+ if (ret < 0)
+ return ret;
+ *out = stmp.data;
+ return stmp.length;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strnid.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_strnid.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strnid.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,290 +0,0 @@
-/* a_strnid.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-
-
-static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
-static void st_free(ASN1_STRING_TABLE *tbl);
-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
- const ASN1_STRING_TABLE * const *b);
-static int table_cmp(const void *a, const void *b);
-
-
-/* This is the global mask for the mbstring functions: this is use to
- * mask out certain types (such as BMPString and UTF8String) because
- * certain software (e.g. Netscape) has problems with them.
- */
-
-static unsigned long global_mask = B_ASN1_UTF8STRING;
-
-void ASN1_STRING_set_default_mask(unsigned long mask)
-{
- global_mask = mask;
-}
-
-unsigned long ASN1_STRING_get_default_mask(void)
-{
- return global_mask;
-}
-
-/* This function sets the default to various "flavours" of configuration.
- * based on an ASCII string. Currently this is:
- * MASK:XXXX : a numerical mask value.
- * nobmp : Don't use BMPStrings (just Printable, T61).
- * pkix : PKIX recommendation in RFC2459.
- * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
- * default: the default value, Printable, T61, BMP.
- */
-
-int ASN1_STRING_set_default_mask_asc(const char *p)
-{
- unsigned long mask;
- char *end;
- if(!strncmp(p, "MASK:", 5)) {
- if(!p[5]) return 0;
- mask = strtoul(p + 5, &end, 0);
- if(*end) return 0;
- } else if(!strcmp(p, "nombstr"))
- mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
- else if(!strcmp(p, "pkix"))
- mask = ~((unsigned long)B_ASN1_T61STRING);
- else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
- else if(!strcmp(p, "default"))
- mask = 0xFFFFFFFFL;
- else return 0;
- ASN1_STRING_set_default_mask(mask);
- return 1;
-}
-
-/* The following function generates an ASN1_STRING based on limits in a table.
- * Frequently the types and length of an ASN1_STRING are restricted by a
- * corresponding OID. For example certificates and certificate requests.
- */
-
-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
- int inlen, int inform, int nid)
-{
- ASN1_STRING_TABLE *tbl;
- ASN1_STRING *str = NULL;
- unsigned long mask;
- int ret;
- if(!out) out = &str;
- tbl = ASN1_STRING_TABLE_get(nid);
- if(tbl) {
- mask = tbl->mask;
- if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
- ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
- tbl->minsize, tbl->maxsize);
- } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
- if(ret <= 0) return NULL;
- return *out;
-}
-
-/* Now the tables and helper functions for the string table:
- */
-
-/* size limits: this stuff is taken straight from RFC3280 */
-
-#define ub_name 32768
-#define ub_common_name 64
-#define ub_locality_name 128
-#define ub_state_name 128
-#define ub_organization_name 64
-#define ub_organization_unit_name 64
-#define ub_title 64
-#define ub_email_address 128
-#define ub_serial_number 64
-
-
-/* This table must be kept in NID order */
-
-static ASN1_STRING_TABLE tbl_standard[] = {
-{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
-{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
-{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
-{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
-{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0},
-{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},
-{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
-{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
-{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
-{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
-{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
-{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
-{NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
-{NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
-{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
-{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
-};
-
-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
- const ASN1_STRING_TABLE * const *b)
-{
- return (*a)->nid - (*b)->nid;
-}
-
-static int table_cmp(const void *a, const void *b)
-{
- const ASN1_STRING_TABLE *sa = a, *sb = b;
- return sa->nid - sb->nid;
-}
-
-ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
-{
- int idx;
- ASN1_STRING_TABLE *ttmp;
- ASN1_STRING_TABLE fnd;
- fnd.nid = nid;
- ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
- (char *)tbl_standard,
- sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
- sizeof(ASN1_STRING_TABLE), table_cmp);
- if(ttmp) return ttmp;
- if(!stable) return NULL;
- idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
- if(idx < 0) return NULL;
- return sk_ASN1_STRING_TABLE_value(stable, idx);
-}
-
-int ASN1_STRING_TABLE_add(int nid,
- long minsize, long maxsize, unsigned long mask,
- unsigned long flags)
-{
- ASN1_STRING_TABLE *tmp;
- char new_nid = 0;
- flags &= ~STABLE_FLAGS_MALLOC;
- if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
- if(!stable) {
- ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
- tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
- if(!tmp) {
- ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- tmp->flags = flags | STABLE_FLAGS_MALLOC;
- tmp->nid = nid;
- new_nid = 1;
- } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
- if(minsize != -1) tmp->minsize = minsize;
- if(maxsize != -1) tmp->maxsize = maxsize;
- tmp->mask = mask;
- if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp);
- return 1;
-}
-
-void ASN1_STRING_TABLE_cleanup(void)
-{
- STACK_OF(ASN1_STRING_TABLE) *tmp;
- tmp = stable;
- if(!tmp) return;
- stable = NULL;
- sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
-}
-
-static void st_free(ASN1_STRING_TABLE *tbl)
-{
- if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
-}
-
-
-IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
-
-#ifdef STRING_TABLE_TEST
-
-main()
-{
- ASN1_STRING_TABLE *tmp;
- int i, last_nid = -1;
-
- for (tmp = tbl_standard, i = 0;
- i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
- {
- if (tmp->nid < last_nid)
- {
- last_nid = 0;
- break;
- }
- last_nid = tmp->nid;
- }
-
- if (last_nid != 0)
- {
- printf("Table order OK\n");
- exit(0);
- }
-
- for (tmp = tbl_standard, i = 0;
- i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
- printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
- OBJ_nid2ln(tmp->nid));
-
-}
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strnid.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_strnid.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strnid.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_strnid.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,314 @@
+/* a_strnid.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
+static void st_free(ASN1_STRING_TABLE *tbl);
+static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
+ const ASN1_STRING_TABLE *const *b);
+static int table_cmp(const void *a, const void *b);
+
+/*
+ * This is the global mask for the mbstring functions: this is use to mask
+ * out certain types (such as BMPString and UTF8String) because certain
+ * software (e.g. Netscape) has problems with them.
+ */
+
+static unsigned long global_mask = B_ASN1_UTF8STRING;
+
+void ASN1_STRING_set_default_mask(unsigned long mask)
+{
+ global_mask = mask;
+}
+
+unsigned long ASN1_STRING_get_default_mask(void)
+{
+ return global_mask;
+}
+
+/*-
+ * This function sets the default to various "flavours" of configuration.
+ * based on an ASCII string. Currently this is:
+ * MASK:XXXX : a numerical mask value.
+ * nobmp : Don't use BMPStrings (just Printable, T61).
+ * pkix : PKIX recommendation in RFC2459.
+ * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
+ * default: the default value, Printable, T61, BMP.
+ */
+
+int ASN1_STRING_set_default_mask_asc(const char *p)
+{
+ unsigned long mask;
+ char *end;
+ if (!strncmp(p, "MASK:", 5)) {
+ if (!p[5])
+ return 0;
+ mask = strtoul(p + 5, &end, 0);
+ if (*end)
+ return 0;
+ } else if (!strcmp(p, "nombstr"))
+ mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING));
+ else if (!strcmp(p, "pkix"))
+ mask = ~((unsigned long)B_ASN1_T61STRING);
+ else if (!strcmp(p, "utf8only"))
+ mask = B_ASN1_UTF8STRING;
+ else if (!strcmp(p, "default"))
+ mask = 0xFFFFFFFFL;
+ else
+ return 0;
+ ASN1_STRING_set_default_mask(mask);
+ return 1;
+}
+
+/*
+ * The following function generates an ASN1_STRING based on limits in a
+ * table. Frequently the types and length of an ASN1_STRING are restricted by
+ * a corresponding OID. For example certificates and certificate requests.
+ */
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+ const unsigned char *in, int inlen,
+ int inform, int nid)
+{
+ ASN1_STRING_TABLE *tbl;
+ ASN1_STRING *str = NULL;
+ unsigned long mask;
+ int ret;
+ if (!out)
+ out = &str;
+ tbl = ASN1_STRING_TABLE_get(nid);
+ if (tbl) {
+ mask = tbl->mask;
+ if (!(tbl->flags & STABLE_NO_MASK))
+ mask &= global_mask;
+ ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
+ tbl->minsize, tbl->maxsize);
+ } else
+ ret =
+ ASN1_mbstring_copy(out, in, inlen, inform,
+ DIRSTRING_TYPE & global_mask);
+ if (ret <= 0)
+ return NULL;
+ return *out;
+}
+
+/*
+ * Now the tables and helper functions for the string table:
+ */
+
+/* size limits: this stuff is taken straight from RFC3280 */
+
+#define ub_name 32768
+#define ub_common_name 64
+#define ub_locality_name 128
+#define ub_state_name 128
+#define ub_organization_name 64
+#define ub_organization_unit_name 64
+#define ub_title 64
+#define ub_email_address 128
+#define ub_serial_number 64
+
+/* This table must be kept in NID order */
+
+static ASN1_STRING_TABLE tbl_standard[] = {
+ {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
+ {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+ {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
+ {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
+ {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
+ {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
+ 0},
+ {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
+ STABLE_NO_MASK},
+ {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
+ {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
+ {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
+ {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
+ {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
+ {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
+ {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
+ STABLE_NO_MASK},
+ {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+ {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
+ {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+ {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
+ {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
+};
+
+static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
+ const ASN1_STRING_TABLE *const *b)
+{
+ return (*a)->nid - (*b)->nid;
+}
+
+static int table_cmp(const void *a, const void *b)
+{
+ const ASN1_STRING_TABLE *sa = a, *sb = b;
+ return sa->nid - sb->nid;
+}
+
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
+{
+ int idx;
+ ASN1_STRING_TABLE *ttmp;
+ ASN1_STRING_TABLE fnd;
+ fnd.nid = nid;
+ ttmp = (ASN1_STRING_TABLE *)OBJ_bsearch((char *)&fnd,
+ (char *)tbl_standard,
+ sizeof(tbl_standard) /
+ sizeof(ASN1_STRING_TABLE),
+ sizeof(ASN1_STRING_TABLE),
+ table_cmp);
+ if (ttmp)
+ return ttmp;
+ if (!stable)
+ return NULL;
+ idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
+ if (idx < 0)
+ return NULL;
+ return sk_ASN1_STRING_TABLE_value(stable, idx);
+}
+
+int ASN1_STRING_TABLE_add(int nid,
+ long minsize, long maxsize, unsigned long mask,
+ unsigned long flags)
+{
+ ASN1_STRING_TABLE *tmp;
+ char new_nid = 0;
+ flags &= ~STABLE_FLAGS_MALLOC;
+ if (!stable)
+ stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
+ if (!stable) {
+ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!(tmp = ASN1_STRING_TABLE_get(nid))) {
+ tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
+ if (!tmp) {
+ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ tmp->flags = flags | STABLE_FLAGS_MALLOC;
+ tmp->nid = nid;
+ new_nid = 1;
+ } else
+ tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
+ if (minsize != -1)
+ tmp->minsize = minsize;
+ if (maxsize != -1)
+ tmp->maxsize = maxsize;
+ tmp->mask = mask;
+ if (new_nid)
+ sk_ASN1_STRING_TABLE_push(stable, tmp);
+ return 1;
+}
+
+void ASN1_STRING_TABLE_cleanup(void)
+{
+ STACK_OF(ASN1_STRING_TABLE) *tmp;
+ tmp = stable;
+ if (!tmp)
+ return;
+ stable = NULL;
+ sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
+}
+
+static void st_free(ASN1_STRING_TABLE *tbl)
+{
+ if (tbl->flags & STABLE_FLAGS_MALLOC)
+ OPENSSL_free(tbl);
+}
+
+
+IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
+
+#ifdef STRING_TABLE_TEST
+
+main()
+{
+ ASN1_STRING_TABLE *tmp;
+ int i, last_nid = -1;
+
+ for (tmp = tbl_standard, i = 0;
+ i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) {
+ if (tmp->nid < last_nid) {
+ last_nid = 0;
+ break;
+ }
+ last_nid = tmp->nid;
+ }
+
+ if (last_nid != 0) {
+ printf("Table order OK\n");
+ exit(0);
+ }
+
+ for (tmp = tbl_standard, i = 0;
+ i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++)
+ printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
+ OBJ_nid2ln(tmp->nid));
+
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_time.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_time.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_time.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,164 +0,0 @@
-/* crypto/asn1/a_time.c */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-/* This is an implementation of the ASN1 Time structure which is:
- * Time ::= CHOICE {
- * utcTime UTCTime,
- * generalTime GeneralizedTime }
- * written by Steve Henson.
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "o_time.h"
-#include <openssl/asn1t.h>
-
-IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
-
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
-
-#if 0
-int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
- {
-#ifdef CHARSET_EBCDIC
- /* KLUDGE! We convert to ascii before writing DER */
- char tmp[24];
- ASN1_STRING tmpstr;
-
- if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
- int len;
-
- tmpstr = *(ASN1_STRING *)a;
- len = tmpstr.length;
- ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
- tmpstr.data = tmp;
- a = (ASN1_GENERALIZEDTIME *) &tmpstr;
- }
-#endif
- if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
- return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
- a->type ,V_ASN1_UNIVERSAL));
- ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
- return -1;
- }
-#endif
-
-
-ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
- {
- struct tm *ts;
- struct tm data;
-
- ts=OPENSSL_gmtime(&t,&data);
- if (ts == NULL)
- {
- ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
- return NULL;
- }
- if((ts->tm_year >= 50) && (ts->tm_year < 150))
- return ASN1_UTCTIME_set(s, t);
- return ASN1_GENERALIZEDTIME_set(s,t);
- }
-
-int ASN1_TIME_check(ASN1_TIME *t)
- {
- if (t->type == V_ASN1_GENERALIZEDTIME)
- return ASN1_GENERALIZEDTIME_check(t);
- else if (t->type == V_ASN1_UTCTIME)
- return ASN1_UTCTIME_check(t);
- return 0;
- }
-
-/* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
- {
- ASN1_GENERALIZEDTIME *ret;
- char *str;
- int newlen;
-
- if (!ASN1_TIME_check(t)) return NULL;
-
- if (!out || !*out)
- {
- if (!(ret = ASN1_GENERALIZEDTIME_new ()))
- return NULL;
- if (out) *out = ret;
- }
- else ret = *out;
-
- /* If already GeneralizedTime just copy across */
- if (t->type == V_ASN1_GENERALIZEDTIME)
- {
- if(!ASN1_STRING_set(ret, t->data, t->length))
- return NULL;
- return ret;
- }
-
- /* grow the string */
- if (!ASN1_STRING_set(ret, NULL, t->length + 2))
- return NULL;
- /* ASN1_STRING_set() allocated 'len + 1' bytes. */
- newlen = t->length + 2 + 1;
- str = (char *)ret->data;
- /* Work out the century and prepend */
- if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
- else BUF_strlcpy(str, "20", newlen);
-
- BUF_strlcat(str, (char *)t->data, newlen);
-
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_time.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_time.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_time.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_time.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,166 @@
+/* crypto/asn1/a_time.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*-
+ * This is an implementation of the ASN1 Time structure which is:
+ * Time ::= CHOICE {
+ * utcTime UTCTime,
+ * generalTime GeneralizedTime }
+ * written by Steve Henson.
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1t.h>
+
+IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
+
+#if 0
+int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
+{
+# ifdef CHARSET_EBCDIC
+ /* KLUDGE! We convert to ascii before writing DER */
+ char tmp[24];
+ ASN1_STRING tmpstr;
+
+ if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
+ int len;
+
+ tmpstr = *(ASN1_STRING *)a;
+ len = tmpstr.length;
+ ebcdic2ascii(tmp, tmpstr.data,
+ (len >= sizeof tmp) ? sizeof tmp : len);
+ tmpstr.data = tmp;
+ a = (ASN1_GENERALIZEDTIME *)&tmpstr;
+ }
+# endif
+ if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
+ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
+ a->type, V_ASN1_UNIVERSAL));
+ ASN1err(ASN1_F_I2D_ASN1_TIME, ASN1_R_EXPECTING_A_TIME);
+ return -1;
+}
+#endif
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+{
+ struct tm *ts;
+ struct tm data;
+
+ ts = OPENSSL_gmtime(&t, &data);
+ if (ts == NULL) {
+ ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
+ return NULL;
+ }
+ if ((ts->tm_year >= 50) && (ts->tm_year < 150))
+ return ASN1_UTCTIME_set(s, t);
+ return ASN1_GENERALIZEDTIME_set(s, t);
+}
+
+int ASN1_TIME_check(ASN1_TIME *t)
+{
+ if (t->type == V_ASN1_GENERALIZEDTIME)
+ return ASN1_GENERALIZEDTIME_check(t);
+ else if (t->type == V_ASN1_UTCTIME)
+ return ASN1_UTCTIME_check(t);
+ return 0;
+}
+
+/* Convert an ASN1_TIME structure to GeneralizedTime */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
+ ASN1_GENERALIZEDTIME **out)
+{
+ ASN1_GENERALIZEDTIME *ret;
+ char *str;
+ int newlen;
+
+ if (!ASN1_TIME_check(t))
+ return NULL;
+
+ if (!out || !*out) {
+ if (!(ret = ASN1_GENERALIZEDTIME_new()))
+ return NULL;
+ if (out)
+ *out = ret;
+ } else
+ ret = *out;
+
+ /* If already GeneralizedTime just copy across */
+ if (t->type == V_ASN1_GENERALIZEDTIME) {
+ if (!ASN1_STRING_set(ret, t->data, t->length))
+ return NULL;
+ return ret;
+ }
+
+ /* grow the string */
+ if (!ASN1_STRING_set(ret, NULL, t->length + 2))
+ return NULL;
+ /* ASN1_STRING_set() allocated 'len + 1' bytes. */
+ newlen = t->length + 2 + 1;
+ str = (char *)ret->data;
+ /* Work out the century and prepend */
+ if (t->data[0] >= '5')
+ BUF_strlcpy(str, "19", newlen);
+ else
+ BUF_strlcpy(str, "20", newlen);
+
+ BUF_strlcat(str, (char *)t->data, newlen);
+
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_type.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_type.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_type.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,110 +0,0 @@
-/* crypto/asn1/a_type.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-int ASN1_TYPE_get(ASN1_TYPE *a)
- {
- if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
- return(a->type);
- else
- return(0);
- }
-
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
- {
- if (a->value.ptr != NULL)
- {
- ASN1_TYPE **tmp_a = &a;
- ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
- }
- a->type=type;
- a->value.ptr=value;
- }
-
-int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
- {
- if (!value || (type == V_ASN1_BOOLEAN))
- {
- void *p = (void *)value;
- ASN1_TYPE_set(a, type, p);
- }
- else if (type == V_ASN1_OBJECT)
- {
- ASN1_OBJECT *odup;
- odup = OBJ_dup(value);
- if (!odup)
- return 0;
- ASN1_TYPE_set(a, type, odup);
- }
- else
- {
- ASN1_STRING *sdup;
- sdup = ASN1_STRING_dup((ASN1_STRING *)value);
- if (!sdup)
- return 0;
- ASN1_TYPE_set(a, type, sdup);
- }
- return 1;
- }
-
-IMPLEMENT_STACK_OF(ASN1_TYPE)
-IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_type.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_type.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_type.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_type.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,154 @@
+/* crypto/asn1/a_type.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+int ASN1_TYPE_get(ASN1_TYPE *a)
+{
+ if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
+ return (a->type);
+ else
+ return (0);
+}
+
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
+{
+ if (a->value.ptr != NULL) {
+ ASN1_TYPE **tmp_a = &a;
+ ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
+ }
+ a->type = type;
+ a->value.ptr = value;
+}
+
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
+{
+ if (!value || (type == V_ASN1_BOOLEAN)) {
+ void *p = (void *)value;
+ ASN1_TYPE_set(a, type, p);
+ } else if (type == V_ASN1_OBJECT) {
+ ASN1_OBJECT *odup;
+ odup = OBJ_dup(value);
+ if (!odup)
+ return 0;
+ ASN1_TYPE_set(a, type, odup);
+ } else {
+ ASN1_STRING *sdup;
+ sdup = ASN1_STRING_dup((ASN1_STRING *)value);
+ if (!sdup)
+ return 0;
+ ASN1_TYPE_set(a, type, sdup);
+ }
+ return 1;
+}
+
+IMPLEMENT_STACK_OF(ASN1_TYPE)
+
+IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
+{
+ int result = -1;
+
+ if (!a || !b || a->type != b->type)
+ return -1;
+
+ switch (a->type) {
+ case V_ASN1_OBJECT:
+ result = OBJ_cmp(a->value.object, b->value.object);
+ break;
+ case V_ASN1_BOOLEAN:
+ result = a->value.boolean - b->value.boolean;
+ break;
+ case V_ASN1_NULL:
+ result = 0; /* They do not have content. */
+ break;
+ case V_ASN1_INTEGER:
+ case V_ASN1_NEG_INTEGER:
+ case V_ASN1_ENUMERATED:
+ case V_ASN1_NEG_ENUMERATED:
+ case V_ASN1_BIT_STRING:
+ case V_ASN1_OCTET_STRING:
+ case V_ASN1_SEQUENCE:
+ case V_ASN1_SET:
+ case V_ASN1_NUMERICSTRING:
+ case V_ASN1_PRINTABLESTRING:
+ case V_ASN1_T61STRING:
+ case V_ASN1_VIDEOTEXSTRING:
+ case V_ASN1_IA5STRING:
+ case V_ASN1_UTCTIME:
+ case V_ASN1_GENERALIZEDTIME:
+ case V_ASN1_GRAPHICSTRING:
+ case V_ASN1_VISIBLESTRING:
+ case V_ASN1_GENERALSTRING:
+ case V_ASN1_UNIVERSALSTRING:
+ case V_ASN1_BMPSTRING:
+ case V_ASN1_UTF8STRING:
+ case V_ASN1_OTHER:
+ default:
+ result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr,
+ (ASN1_STRING *)b->value.ptr);
+ break;
+ }
+
+ return result;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utctm.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utctm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,303 +0,0 @@
-/* crypto/asn1/a_utctm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "o_time.h"
-#include <openssl/asn1.h>
-
-#if 0
-int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
- {
-#ifndef CHARSET_EBCDIC
- return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
- V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
-#else
- /* KLUDGE! We convert to ascii before writing DER */
- int len;
- char tmp[24];
- ASN1_STRING x = *(ASN1_STRING *)a;
-
- len = x.length;
- ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
- x.data = tmp;
- return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
-#endif
- }
-
-
-ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
- long length)
- {
- ASN1_UTCTIME *ret=NULL;
-
- ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
- V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
- if (ret == NULL)
- {
- ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR);
- return(NULL);
- }
-#ifdef CHARSET_EBCDIC
- ascii2ebcdic(ret->data, ret->data, ret->length);
-#endif
- if (!ASN1_UTCTIME_check(ret))
- {
- ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
- goto err;
- }
-
- return(ret);
-err:
- if ((ret != NULL) && ((a == NULL) || (*a != ret)))
- M_ASN1_UTCTIME_free(ret);
- return(NULL);
- }
-
-#endif
-
-int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
- {
- static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
- static int max[8]={99,12,31,23,59,59,12,59};
- char *a;
- int n,i,l,o;
-
- if (d->type != V_ASN1_UTCTIME) return(0);
- l=d->length;
- a=(char *)d->data;
- o=0;
-
- if (l < 11) goto err;
- for (i=0; i<6; i++)
- {
- if ((i == 5) && ((a[o] == 'Z') ||
- (a[o] == '+') || (a[o] == '-')))
- { i++; break; }
- if ((a[o] < '0') || (a[o] > '9')) goto err;
- n= a[o]-'0';
- if (++o > l) goto err;
-
- if ((a[o] < '0') || (a[o] > '9')) goto err;
- n=(n*10)+ a[o]-'0';
- if (++o > l) goto err;
-
- if ((n < min[i]) || (n > max[i])) goto err;
- }
- if (a[o] == 'Z')
- o++;
- else if ((a[o] == '+') || (a[o] == '-'))
- {
- o++;
- if (o+4 > l) goto err;
- for (i=6; i<8; i++)
- {
- if ((a[o] < '0') || (a[o] > '9')) goto err;
- n= a[o]-'0';
- o++;
- if ((a[o] < '0') || (a[o] > '9')) goto err;
- n=(n*10)+ a[o]-'0';
- if ((n < min[i]) || (n > max[i])) goto err;
- o++;
- }
- }
- return(o == l);
-err:
- return(0);
- }
-
-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
- {
- ASN1_UTCTIME t;
-
- t.type=V_ASN1_UTCTIME;
- t.length=strlen(str);
- t.data=(unsigned char *)str;
- if (ASN1_UTCTIME_check(&t))
- {
- if (s != NULL)
- {
- if (!ASN1_STRING_set((ASN1_STRING *)s,
- (unsigned char *)str,t.length))
- return 0;
- s->type = V_ASN1_UTCTIME;
- }
- return(1);
- }
- else
- return(0);
- }
-
-ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
- {
- char *p;
- struct tm *ts;
- struct tm data;
- size_t len = 20;
-
- if (s == NULL)
- s=M_ASN1_UTCTIME_new();
- if (s == NULL)
- return(NULL);
-
- ts=OPENSSL_gmtime(&t, &data);
- if (ts == NULL)
- return(NULL);
-
- p=(char *)s->data;
- if ((p == NULL) || ((size_t)s->length < len))
- {
- p=OPENSSL_malloc(len);
- if (p == NULL)
- {
- ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- if (s->data != NULL)
- OPENSSL_free(s->data);
- s->data=(unsigned char *)p;
- }
-
- BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
- ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
- s->length=strlen(p);
- s->type=V_ASN1_UTCTIME;
-#ifdef CHARSET_EBCDIC_not
- ebcdic2ascii(s->data, s->data, s->length);
-#endif
- return(s);
- }
-
-
-int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
- {
- struct tm *tm;
- struct tm data;
- int offset;
- int year;
-
-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
-
- if (s->data[12] == 'Z')
- offset=0;
- else
- {
- offset = g2(s->data+13)*60+g2(s->data+15);
- if (s->data[12] == '-')
- offset = -offset;
- }
-
- t -= offset*60; /* FIXME: may overflow in extreme cases */
-
- tm = OPENSSL_gmtime(&t, &data);
-
-#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
- year = g2(s->data);
- if (year < 50)
- year += 100;
- return_cmp(year, tm->tm_year);
- return_cmp(g2(s->data+2) - 1, tm->tm_mon);
- return_cmp(g2(s->data+4), tm->tm_mday);
- return_cmp(g2(s->data+6), tm->tm_hour);
- return_cmp(g2(s->data+8), tm->tm_min);
- return_cmp(g2(s->data+10), tm->tm_sec);
-#undef g2
-#undef return_cmp
-
- return 0;
- }
-
-
-#if 0
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
- {
- struct tm tm;
- int offset;
-
- memset(&tm,'\0',sizeof tm);
-
-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
- tm.tm_year=g2(s->data);
- if(tm.tm_year < 50)
- tm.tm_year+=100;
- tm.tm_mon=g2(s->data+2)-1;
- tm.tm_mday=g2(s->data+4);
- tm.tm_hour=g2(s->data+6);
- tm.tm_min=g2(s->data+8);
- tm.tm_sec=g2(s->data+10);
- if(s->data[12] == 'Z')
- offset=0;
- else
- {
- offset=g2(s->data+13)*60+g2(s->data+15);
- if(s->data[12] == '-')
- offset= -offset;
- }
-#undef g2
-
- return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
- * instead of UTC, and unless we rewrite OpenSSL
- * in Lisp we cannot locally change the timezone
- * without possibly interfering with other parts
- * of the program. timegm, which uses UTC, is
- * non-standard.
- * Also time_t is inappropriate for general
- * UTC times because it may a 32 bit type. */
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utctm.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_utctm.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utctm.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utctm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,304 @@
+/* crypto/asn1/a_utctm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1.h>
+
+#if 0
+int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
+{
+# ifndef CHARSET_EBCDIC
+ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
+ V_ASN1_UTCTIME, V_ASN1_UNIVERSAL));
+# else
+ /* KLUDGE! We convert to ascii before writing DER */
+ int len;
+ char tmp[24];
+ ASN1_STRING x = *(ASN1_STRING *)a;
+
+ len = x.length;
+ ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
+ x.data = tmp;
+ return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);
+# endif
+}
+
+ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
+ long length)
+{
+ ASN1_UTCTIME *ret = NULL;
+
+ ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length,
+ V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);
+ if (ret == NULL) {
+ ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR);
+ return (NULL);
+ }
+# ifdef CHARSET_EBCDIC
+ ascii2ebcdic(ret->data, ret->data, ret->length);
+# endif
+ if (!ASN1_UTCTIME_check(ret)) {
+ ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT);
+ goto err;
+ }
+
+ return (ret);
+ err:
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ M_ASN1_UTCTIME_free(ret);
+ return (NULL);
+}
+
+#endif
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
+{
+ static int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 };
+ static int max[8] = { 99, 12, 31, 23, 59, 59, 12, 59 };
+ char *a;
+ int n, i, l, o;
+
+ if (d->type != V_ASN1_UTCTIME)
+ return (0);
+ l = d->length;
+ a = (char *)d->data;
+ o = 0;
+
+ if (l < 11)
+ goto err;
+ for (i = 0; i < 6; i++) {
+ if ((i == 5) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
+ i++;
+ break;
+ }
+ if ((a[o] < '0') || (a[o] > '9'))
+ goto err;
+ n = a[o] - '0';
+ if (++o > l)
+ goto err;
+
+ if ((a[o] < '0') || (a[o] > '9'))
+ goto err;
+ n = (n * 10) + a[o] - '0';
+ if (++o > l)
+ goto err;
+
+ if ((n < min[i]) || (n > max[i]))
+ goto err;
+ }
+ if (a[o] == 'Z')
+ o++;
+ else if ((a[o] == '+') || (a[o] == '-')) {
+ o++;
+ if (o + 4 > l)
+ goto err;
+ for (i = 6; i < 8; i++) {
+ if ((a[o] < '0') || (a[o] > '9'))
+ goto err;
+ n = a[o] - '0';
+ o++;
+ if ((a[o] < '0') || (a[o] > '9'))
+ goto err;
+ n = (n * 10) + a[o] - '0';
+ if ((n < min[i]) || (n > max[i]))
+ goto err;
+ o++;
+ }
+ }
+ return (o == l);
+ err:
+ return (0);
+}
+
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
+{
+ ASN1_UTCTIME t;
+
+ t.type = V_ASN1_UTCTIME;
+ t.length = strlen(str);
+ t.data = (unsigned char *)str;
+ if (ASN1_UTCTIME_check(&t)) {
+ if (s != NULL) {
+ if (!ASN1_STRING_set((ASN1_STRING *)s,
+ (unsigned char *)str, t.length))
+ return 0;
+ s->type = V_ASN1_UTCTIME;
+ }
+ return (1);
+ } else
+ return (0);
+}
+
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
+{
+ char *p;
+ struct tm *ts;
+ struct tm data;
+ size_t len = 20;
+
+ if (s == NULL)
+ s = M_ASN1_UTCTIME_new();
+ if (s == NULL)
+ return (NULL);
+
+ ts = OPENSSL_gmtime(&t, &data);
+ if (ts == NULL)
+ return (NULL);
+
+ p = (char *)s->data;
+ if ((p == NULL) || ((size_t)s->length < len)) {
+ p = OPENSSL_malloc(len);
+ if (p == NULL) {
+ ASN1err(ASN1_F_ASN1_UTCTIME_SET, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ if (s->data != NULL)
+ OPENSSL_free(s->data);
+ s->data = (unsigned char *)p;
+ }
+
+ BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100,
+ ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
+ ts->tm_sec);
+ s->length = strlen(p);
+ s->type = V_ASN1_UTCTIME;
+#ifdef CHARSET_EBCDIC_not
+ ebcdic2ascii(s->data, s->data, s->length);
+#endif
+ return (s);
+}
+
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+{
+ struct tm *tm;
+ struct tm data;
+ int offset;
+ int year;
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+
+ if (s->data[12] == 'Z')
+ offset = 0;
+ else {
+ offset = g2(s->data + 13) * 60 + g2(s->data + 15);
+ if (s->data[12] == '-')
+ offset = -offset;
+ }
+
+ t -= offset * 60; /* FIXME: may overflow in extreme cases */
+
+ tm = OPENSSL_gmtime(&t, &data);
+
+#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
+ year = g2(s->data);
+ if (year < 50)
+ year += 100;
+ return_cmp(year, tm->tm_year);
+ return_cmp(g2(s->data + 2) - 1, tm->tm_mon);
+ return_cmp(g2(s->data + 4), tm->tm_mday);
+ return_cmp(g2(s->data + 6), tm->tm_hour);
+ return_cmp(g2(s->data + 8), tm->tm_min);
+ return_cmp(g2(s->data + 10), tm->tm_sec);
+#undef g2
+#undef return_cmp
+
+ return 0;
+}
+
+#if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
+{
+ struct tm tm;
+ int offset;
+
+ memset(&tm, '\0', sizeof tm);
+
+# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+ tm.tm_year = g2(s->data);
+ if (tm.tm_year < 50)
+ tm.tm_year += 100;
+ tm.tm_mon = g2(s->data + 2) - 1;
+ tm.tm_mday = g2(s->data + 4);
+ tm.tm_hour = g2(s->data + 6);
+ tm.tm_min = g2(s->data + 8);
+ tm.tm_sec = g2(s->data + 10);
+ if (s->data[12] == 'Z')
+ offset = 0;
+ else {
+ offset = g2(s->data + 13) * 60 + g2(s->data + 15);
+ if (s->data[12] == '-')
+ offset = -offset;
+ }
+# undef g2
+
+ /*
+ * FIXME: mktime assumes the current timezone
+ * instead of UTC, and unless we rewrite OpenSSL
+ * in Lisp we cannot locally change the timezone
+ * without possibly interfering with other parts
+ * of the program. timegm, which uses UTC, is
+ * non-standard.
+ * Also time_t is inappropriate for general
+ * UTC times because it may a 32 bit type.
+ */
+ return mktime(&tm) - offset * 60;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utf8.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_utf8.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utf8.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,211 +0,0 @@
-/* crypto/asn1/a_utf8.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-
-/* UTF8 utilities */
-
-/* This parses a UTF8 string one character at a time. It is passed a pointer
- * to the string and the length of the string. It sets 'value' to the value of
- * the current character. It returns the number of characters read or a
- * negative error code:
- * -1 = string too short
- * -2 = illegal character
- * -3 = subsequent characters not of the form 10xxxxxx
- * -4 = character encoded incorrectly (not minimal length).
- */
-
-int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
-{
- const unsigned char *p;
- unsigned long value;
- int ret;
- if(len <= 0) return 0;
- p = str;
-
- /* Check syntax and work out the encoded value (if correct) */
- if((*p & 0x80) == 0) {
- value = *p++ & 0x7f;
- ret = 1;
- } else if((*p & 0xe0) == 0xc0) {
- if(len < 2) return -1;
- if((p[1] & 0xc0) != 0x80) return -3;
- value = (*p++ & 0x1f) << 6;
- value |= *p++ & 0x3f;
- if(value < 0x80) return -4;
- ret = 2;
- } else if((*p & 0xf0) == 0xe0) {
- if(len < 3) return -1;
- if( ((p[1] & 0xc0) != 0x80)
- || ((p[2] & 0xc0) != 0x80) ) return -3;
- value = (*p++ & 0xf) << 12;
- value |= (*p++ & 0x3f) << 6;
- value |= *p++ & 0x3f;
- if(value < 0x800) return -4;
- ret = 3;
- } else if((*p & 0xf8) == 0xf0) {
- if(len < 4) return -1;
- if( ((p[1] & 0xc0) != 0x80)
- || ((p[2] & 0xc0) != 0x80)
- || ((p[3] & 0xc0) != 0x80) ) return -3;
- value = ((unsigned long)(*p++ & 0x7)) << 18;
- value |= (*p++ & 0x3f) << 12;
- value |= (*p++ & 0x3f) << 6;
- value |= *p++ & 0x3f;
- if(value < 0x10000) return -4;
- ret = 4;
- } else if((*p & 0xfc) == 0xf8) {
- if(len < 5) return -1;
- if( ((p[1] & 0xc0) != 0x80)
- || ((p[2] & 0xc0) != 0x80)
- || ((p[3] & 0xc0) != 0x80)
- || ((p[4] & 0xc0) != 0x80) ) return -3;
- value = ((unsigned long)(*p++ & 0x3)) << 24;
- value |= ((unsigned long)(*p++ & 0x3f)) << 18;
- value |= ((unsigned long)(*p++ & 0x3f)) << 12;
- value |= (*p++ & 0x3f) << 6;
- value |= *p++ & 0x3f;
- if(value < 0x200000) return -4;
- ret = 5;
- } else if((*p & 0xfe) == 0xfc) {
- if(len < 6) return -1;
- if( ((p[1] & 0xc0) != 0x80)
- || ((p[2] & 0xc0) != 0x80)
- || ((p[3] & 0xc0) != 0x80)
- || ((p[4] & 0xc0) != 0x80)
- || ((p[5] & 0xc0) != 0x80) ) return -3;
- value = ((unsigned long)(*p++ & 0x1)) << 30;
- value |= ((unsigned long)(*p++ & 0x3f)) << 24;
- value |= ((unsigned long)(*p++ & 0x3f)) << 18;
- value |= ((unsigned long)(*p++ & 0x3f)) << 12;
- value |= (*p++ & 0x3f) << 6;
- value |= *p++ & 0x3f;
- if(value < 0x4000000) return -4;
- ret = 6;
- } else return -2;
- *val = value;
- return ret;
-}
-
-/* This takes a character 'value' and writes the UTF8 encoded value in
- * 'str' where 'str' is a buffer containing 'len' characters. Returns
- * the number of characters written or -1 if 'len' is too small. 'str' can
- * be set to NULL in which case it just returns the number of characters.
- * It will need at most 6 characters.
- */
-
-int UTF8_putc(unsigned char *str, int len, unsigned long value)
-{
- if(!str) len = 6; /* Maximum we will need */
- else if(len <= 0) return -1;
- if(value < 0x80) {
- if(str) *str = (unsigned char)value;
- return 1;
- }
- if(value < 0x800) {
- if(len < 2) return -1;
- if(str) {
- *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
- *str = (unsigned char)((value & 0x3f) | 0x80);
- }
- return 2;
- }
- if(value < 0x10000) {
- if(len < 3) return -1;
- if(str) {
- *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
- *str = (unsigned char)((value & 0x3f) | 0x80);
- }
- return 3;
- }
- if(value < 0x200000) {
- if(len < 4) return -1;
- if(str) {
- *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
- *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
- *str = (unsigned char)((value & 0x3f) | 0x80);
- }
- return 4;
- }
- if(value < 0x4000000) {
- if(len < 5) return -1;
- if(str) {
- *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
- *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
- *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
- *str = (unsigned char)((value & 0x3f) | 0x80);
- }
- return 5;
- }
- if(len < 6) return -1;
- if(str) {
- *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
- *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
- *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
- *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
- *str = (unsigned char)((value & 0x3f) | 0x80);
- }
- return 6;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utf8.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_utf8.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utf8.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_utf8.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,237 @@
+/* crypto/asn1/a_utf8.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+/* UTF8 utilities */
+
+/*-
+ * This parses a UTF8 string one character at a time. It is passed a pointer
+ * to the string and the length of the string. It sets 'value' to the value of
+ * the current character. It returns the number of characters read or a
+ * negative error code:
+ * -1 = string too short
+ * -2 = illegal character
+ * -3 = subsequent characters not of the form 10xxxxxx
+ * -4 = character encoded incorrectly (not minimal length).
+ */
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
+{
+ const unsigned char *p;
+ unsigned long value;
+ int ret;
+ if (len <= 0)
+ return 0;
+ p = str;
+
+ /* Check syntax and work out the encoded value (if correct) */
+ if ((*p & 0x80) == 0) {
+ value = *p++ & 0x7f;
+ ret = 1;
+ } else if ((*p & 0xe0) == 0xc0) {
+ if (len < 2)
+ return -1;
+ if ((p[1] & 0xc0) != 0x80)
+ return -3;
+ value = (*p++ & 0x1f) << 6;
+ value |= *p++ & 0x3f;
+ if (value < 0x80)
+ return -4;
+ ret = 2;
+ } else if ((*p & 0xf0) == 0xe0) {
+ if (len < 3)
+ return -1;
+ if (((p[1] & 0xc0) != 0x80)
+ || ((p[2] & 0xc0) != 0x80))
+ return -3;
+ value = (*p++ & 0xf) << 12;
+ value |= (*p++ & 0x3f) << 6;
+ value |= *p++ & 0x3f;
+ if (value < 0x800)
+ return -4;
+ ret = 3;
+ } else if ((*p & 0xf8) == 0xf0) {
+ if (len < 4)
+ return -1;
+ if (((p[1] & 0xc0) != 0x80)
+ || ((p[2] & 0xc0) != 0x80)
+ || ((p[3] & 0xc0) != 0x80))
+ return -3;
+ value = ((unsigned long)(*p++ & 0x7)) << 18;
+ value |= (*p++ & 0x3f) << 12;
+ value |= (*p++ & 0x3f) << 6;
+ value |= *p++ & 0x3f;
+ if (value < 0x10000)
+ return -4;
+ ret = 4;
+ } else if ((*p & 0xfc) == 0xf8) {
+ if (len < 5)
+ return -1;
+ if (((p[1] & 0xc0) != 0x80)
+ || ((p[2] & 0xc0) != 0x80)
+ || ((p[3] & 0xc0) != 0x80)
+ || ((p[4] & 0xc0) != 0x80))
+ return -3;
+ value = ((unsigned long)(*p++ & 0x3)) << 24;
+ value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+ value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+ value |= (*p++ & 0x3f) << 6;
+ value |= *p++ & 0x3f;
+ if (value < 0x200000)
+ return -4;
+ ret = 5;
+ } else if ((*p & 0xfe) == 0xfc) {
+ if (len < 6)
+ return -1;
+ if (((p[1] & 0xc0) != 0x80)
+ || ((p[2] & 0xc0) != 0x80)
+ || ((p[3] & 0xc0) != 0x80)
+ || ((p[4] & 0xc0) != 0x80)
+ || ((p[5] & 0xc0) != 0x80))
+ return -3;
+ value = ((unsigned long)(*p++ & 0x1)) << 30;
+ value |= ((unsigned long)(*p++ & 0x3f)) << 24;
+ value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+ value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+ value |= (*p++ & 0x3f) << 6;
+ value |= *p++ & 0x3f;
+ if (value < 0x4000000)
+ return -4;
+ ret = 6;
+ } else
+ return -2;
+ *val = value;
+ return ret;
+}
+
+/*
+ * This takes a character 'value' and writes the UTF8 encoded value in 'str'
+ * where 'str' is a buffer containing 'len' characters. Returns the number of
+ * characters written or -1 if 'len' is too small. 'str' can be set to NULL
+ * in which case it just returns the number of characters. It will need at
+ * most 6 characters.
+ */
+
+int UTF8_putc(unsigned char *str, int len, unsigned long value)
+{
+ if (!str)
+ len = 6; /* Maximum we will need */
+ else if (len <= 0)
+ return -1;
+ if (value < 0x80) {
+ if (str)
+ *str = (unsigned char)value;
+ return 1;
+ }
+ if (value < 0x800) {
+ if (len < 2)
+ return -1;
+ if (str) {
+ *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
+ *str = (unsigned char)((value & 0x3f) | 0x80);
+ }
+ return 2;
+ }
+ if (value < 0x10000) {
+ if (len < 3)
+ return -1;
+ if (str) {
+ *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+ *str = (unsigned char)((value & 0x3f) | 0x80);
+ }
+ return 3;
+ }
+ if (value < 0x200000) {
+ if (len < 4)
+ return -1;
+ if (str) {
+ *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
+ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+ *str = (unsigned char)((value & 0x3f) | 0x80);
+ }
+ return 4;
+ }
+ if (value < 0x4000000) {
+ if (len < 5)
+ return -1;
+ if (str) {
+ *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
+ *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+ *str = (unsigned char)((value & 0x3f) | 0x80);
+ }
+ return 5;
+ }
+ if (len < 6)
+ return -1;
+ if (str) {
+ *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
+ *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
+ *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+ *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+ *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+ *str = (unsigned char)((value & 0x3f) | 0x80);
+ }
+ return 6;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_verify.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/a_verify.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_verify.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,192 +0,0 @@
-/* crypto/asn1/a_verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-#ifndef NO_ASN1_OLD
-
-int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
- char *data, EVP_PKEY *pkey)
- {
- EVP_MD_CTX ctx;
- const EVP_MD *type;
- unsigned char *p,*buf_in=NULL;
- int ret= -1,i,inl;
-
- EVP_MD_CTX_init(&ctx);
- i=OBJ_obj2nid(a->algorithm);
- type=EVP_get_digestbyname(OBJ_nid2sn(i));
- if (type == NULL)
- {
- ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
- goto err;
- }
-
- inl=i2d(data,NULL);
- buf_in=OPENSSL_malloc((unsigned int)inl);
- if (buf_in == NULL)
- {
- ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- p=buf_in;
-
- i2d(data,&p);
- if (!EVP_VerifyInit_ex(&ctx,type, NULL))
- {
- ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
- ret=0;
- goto err;
- }
- EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
-
- OPENSSL_cleanse(buf_in,(unsigned int)inl);
- OPENSSL_free(buf_in);
-
- if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
- (unsigned int)signature->length,pkey) <= 0)
- {
- ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
- ret=0;
- goto err;
- }
- /* we don't need to zero the 'ctx' because we just checked
- * public information */
- /* memset(&ctx,0,sizeof(ctx)); */
- ret=1;
-err:
- EVP_MD_CTX_cleanup(&ctx);
- return(ret);
- }
-
-#endif
-
-
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
- void *asn, EVP_PKEY *pkey)
- {
- EVP_MD_CTX ctx;
- const EVP_MD *type;
- unsigned char *buf_in=NULL;
- int ret= -1,i,inl;
-
- if (!pkey)
- {
- ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
- return -1;
- }
-
- EVP_MD_CTX_init(&ctx);
- i=OBJ_obj2nid(a->algorithm);
- type=EVP_get_digestbyname(OBJ_nid2sn(i));
- if (type == NULL)
- {
- ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
- goto err;
- }
-
- if (!EVP_VerifyInit_ex(&ctx,type, NULL))
- {
- ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
- ret=0;
- goto err;
- }
-
- inl = ASN1_item_i2d(asn, &buf_in, it);
-
- if (buf_in == NULL)
- {
- ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
-
- OPENSSL_cleanse(buf_in,(unsigned int)inl);
- OPENSSL_free(buf_in);
-
- if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
- (unsigned int)signature->length,pkey) <= 0)
- {
- ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
- ret=0;
- goto err;
- }
- /* we don't need to zero the 'ctx' because we just checked
- * public information */
- /* memset(&ctx,0,sizeof(ctx)); */
- ret=1;
-err:
- EVP_MD_CTX_cleanup(&ctx);
- return(ret);
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_verify.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/a_verify.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_verify.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/a_verify.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,195 @@
+/* crypto/asn1/a_verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+ char *data, EVP_PKEY *pkey)
+{
+ EVP_MD_CTX ctx;
+ const EVP_MD *type;
+ unsigned char *p, *buf_in = NULL;
+ int ret = -1, i, inl;
+
+ EVP_MD_CTX_init(&ctx);
+ i = OBJ_obj2nid(a->algorithm);
+ type = EVP_get_digestbyname(OBJ_nid2sn(i));
+ if (type == NULL) {
+ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+ goto err;
+ }
+
+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
+ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+ goto err;
+ }
+
+ inl = i2d(data, NULL);
+ buf_in = OPENSSL_malloc((unsigned int)inl);
+ if (buf_in == NULL) {
+ ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ p = buf_in;
+
+ i2d(data, &p);
+ if (!EVP_VerifyInit_ex(&ctx, type, NULL)) {
+ ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
+ ret = 0;
+ goto err;
+ }
+ EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl);
+
+ OPENSSL_cleanse(buf_in, (unsigned int)inl);
+ OPENSSL_free(buf_in);
+
+ if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,
+ (unsigned int)signature->length, pkey) <= 0) {
+ ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
+ ret = 0;
+ goto err;
+ }
+ /*
+ * we don't need to zero the 'ctx' because we just checked public
+ * information
+ */
+ /* memset(&ctx,0,sizeof(ctx)); */
+ ret = 1;
+ err:
+ EVP_MD_CTX_cleanup(&ctx);
+ return (ret);
+}
+
+#endif
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+ ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
+{
+ EVP_MD_CTX ctx;
+ const EVP_MD *type;
+ unsigned char *buf_in = NULL;
+ int ret = -1, i, inl;
+
+ if (!pkey) {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+ return -1;
+ }
+
+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+ return -1;
+ }
+
+ EVP_MD_CTX_init(&ctx);
+ i = OBJ_obj2nid(a->algorithm);
+ type = EVP_get_digestbyname(OBJ_nid2sn(i));
+ if (type == NULL) {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
+ ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+ goto err;
+ }
+
+ if (!EVP_VerifyInit_ex(&ctx, type, NULL)) {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+ ret = 0;
+ goto err;
+ }
+
+ inl = ASN1_item_i2d(asn, &buf_in, it);
+
+ if (buf_in == NULL) {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl);
+
+ OPENSSL_cleanse(buf_in, (unsigned int)inl);
+ OPENSSL_free(buf_in);
+
+ if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,
+ (unsigned int)signature->length, pkey) <= 0) {
+ ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+ ret = 0;
+ goto err;
+ }
+ /*
+ * we don't need to zero the 'ctx' because we just checked public
+ * information
+ */
+ /* memset(&ctx,0,sizeof(ctx)); */
+ ret = 1;
+ err:
+ EVP_MD_CTX_cleanup(&ctx);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1332 +0,0 @@
-/* crypto/asn1/asn1.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ASN1_H
-#define HEADER_ASN1_H
-
-#include <time.h>
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/stack.h>
-#include <openssl/safestack.h>
-
-#include <openssl/symhacks.h>
-
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define V_ASN1_UNIVERSAL 0x00
-#define V_ASN1_APPLICATION 0x40
-#define V_ASN1_CONTEXT_SPECIFIC 0x80
-#define V_ASN1_PRIVATE 0xc0
-
-#define V_ASN1_CONSTRUCTED 0x20
-#define V_ASN1_PRIMITIVE_TAG 0x1f
-#define V_ASN1_PRIMATIVE_TAG 0x1f
-
-#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */
-#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */
-#define V_ASN1_ANY -4 /* used in ASN1 template code */
-
-#define V_ASN1_NEG 0x100 /* negative flag */
-
-#define V_ASN1_UNDEF -1
-#define V_ASN1_EOC 0
-#define V_ASN1_BOOLEAN 1 /**/
-#define V_ASN1_INTEGER 2
-#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG)
-#define V_ASN1_BIT_STRING 3
-#define V_ASN1_OCTET_STRING 4
-#define V_ASN1_NULL 5
-#define V_ASN1_OBJECT 6
-#define V_ASN1_OBJECT_DESCRIPTOR 7
-#define V_ASN1_EXTERNAL 8
-#define V_ASN1_REAL 9
-#define V_ASN1_ENUMERATED 10
-#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG)
-#define V_ASN1_UTF8STRING 12
-#define V_ASN1_SEQUENCE 16
-#define V_ASN1_SET 17
-#define V_ASN1_NUMERICSTRING 18 /**/
-#define V_ASN1_PRINTABLESTRING 19
-#define V_ASN1_T61STRING 20
-#define V_ASN1_TELETEXSTRING 20 /* alias */
-#define V_ASN1_VIDEOTEXSTRING 21 /**/
-#define V_ASN1_IA5STRING 22
-#define V_ASN1_UTCTIME 23
-#define V_ASN1_GENERALIZEDTIME 24 /**/
-#define V_ASN1_GRAPHICSTRING 25 /**/
-#define V_ASN1_ISO64STRING 26 /**/
-#define V_ASN1_VISIBLESTRING 26 /* alias */
-#define V_ASN1_GENERALSTRING 27 /**/
-#define V_ASN1_UNIVERSALSTRING 28 /**/
-#define V_ASN1_BMPSTRING 30
-
-/* For use with d2i_ASN1_type_bytes() */
-#define B_ASN1_NUMERICSTRING 0x0001
-#define B_ASN1_PRINTABLESTRING 0x0002
-#define B_ASN1_T61STRING 0x0004
-#define B_ASN1_TELETEXSTRING 0x0004
-#define B_ASN1_VIDEOTEXSTRING 0x0008
-#define B_ASN1_IA5STRING 0x0010
-#define B_ASN1_GRAPHICSTRING 0x0020
-#define B_ASN1_ISO64STRING 0x0040
-#define B_ASN1_VISIBLESTRING 0x0040
-#define B_ASN1_GENERALSTRING 0x0080
-#define B_ASN1_UNIVERSALSTRING 0x0100
-#define B_ASN1_OCTET_STRING 0x0200
-#define B_ASN1_BIT_STRING 0x0400
-#define B_ASN1_BMPSTRING 0x0800
-#define B_ASN1_UNKNOWN 0x1000
-#define B_ASN1_UTF8STRING 0x2000
-#define B_ASN1_UTCTIME 0x4000
-#define B_ASN1_GENERALIZEDTIME 0x8000
-#define B_ASN1_SEQUENCE 0x10000
-
-/* For use with ASN1_mbstring_copy() */
-#define MBSTRING_FLAG 0x1000
-#define MBSTRING_UTF8 (MBSTRING_FLAG)
-#define MBSTRING_ASC (MBSTRING_FLAG|1)
-#define MBSTRING_BMP (MBSTRING_FLAG|2)
-#define MBSTRING_UNIV (MBSTRING_FLAG|4)
-
-#define SMIME_OLDMIME 0x400
-#define SMIME_CRLFEOL 0x800
-#define SMIME_STREAM 0x1000
-
-struct X509_algor_st;
-DECLARE_STACK_OF(X509_ALGOR)
-
-#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
-#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
-
-/* We MUST make sure that, except for constness, asn1_ctx_st and
- asn1_const_ctx are exactly the same. Fortunately, as soon as
- the old ASN1 parsing macros are gone, we can throw this away
- as well... */
-typedef struct asn1_ctx_st
- {
- unsigned char *p;/* work char pointer */
- int eos; /* end of sequence read for indefinite encoding */
- int error; /* error code to use when returning an error */
- int inf; /* constructed if 0x20, indefinite is 0x21 */
- int tag; /* tag from last 'get object' */
- int xclass; /* class from last 'get object' */
- long slen; /* length of last 'get object' */
- unsigned char *max; /* largest value of p allowed */
- unsigned char *q;/* temporary variable */
- unsigned char **pp;/* variable */
- int line; /* used in error processing */
- } ASN1_CTX;
-
-typedef struct asn1_const_ctx_st
- {
- const unsigned char *p;/* work char pointer */
- int eos; /* end of sequence read for indefinite encoding */
- int error; /* error code to use when returning an error */
- int inf; /* constructed if 0x20, indefinite is 0x21 */
- int tag; /* tag from last 'get object' */
- int xclass; /* class from last 'get object' */
- long slen; /* length of last 'get object' */
- const unsigned char *max; /* largest value of p allowed */
- const unsigned char *q;/* temporary variable */
- const unsigned char **pp;/* variable */
- int line; /* used in error processing */
- } ASN1_const_CTX;
-
-/* These are used internally in the ASN1_OBJECT to keep track of
- * whether the names and data need to be free()ed */
-#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */
-#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */
-#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */
-#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */
-typedef struct asn1_object_st
- {
- const char *sn,*ln;
- int nid;
- int length;
- unsigned char *data;
- int flags; /* Should we free this one */
- } ASN1_OBJECT;
-
-#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
-/* This indicates that the ASN1_STRING is not a real value but just a place
- * holder for the location where indefinite length constructed data should
- * be inserted in the memory buffer
- */
-#define ASN1_STRING_FLAG_NDEF 0x010
-
-/* This flag is used by the CMS code to indicate that a string is not
- * complete and is a place holder for content when it had all been
- * accessed. The flag will be reset when content has been written to it.
- */
-#define ASN1_STRING_FLAG_CONT 0x020
-
-/* This is the base type that holds just about everything :-) */
-typedef struct asn1_string_st
- {
- int length;
- int type;
- unsigned char *data;
- /* The value of the following field depends on the type being
- * held. It is mostly being used for BIT_STRING so if the
- * input data has a non-zero 'unused bits' value, it will be
- * handled correctly */
- long flags;
- } ASN1_STRING;
-
-/* ASN1_ENCODING structure: this is used to save the received
- * encoding of an ASN1 type. This is useful to get round
- * problems with invalid encodings which can break signatures.
- */
-
-typedef struct ASN1_ENCODING_st
- {
- unsigned char *enc; /* DER encoding */
- long len; /* Length of encoding */
- int modified; /* set to 1 if 'enc' is invalid */
- } ASN1_ENCODING;
-
-/* Used with ASN1 LONG type: if a long is set to this it is omitted */
-#define ASN1_LONG_UNDEF 0x7fffffffL
-
-#define STABLE_FLAGS_MALLOC 0x01
-#define STABLE_NO_MASK 0x02
-#define DIRSTRING_TYPE \
- (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
-#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
-
-typedef struct asn1_string_table_st {
- int nid;
- long minsize;
- long maxsize;
- unsigned long mask;
- unsigned long flags;
-} ASN1_STRING_TABLE;
-
-DECLARE_STACK_OF(ASN1_STRING_TABLE)
-
-/* size limits: this stuff is taken straight from RFC2459 */
-
-#define ub_name 32768
-#define ub_common_name 64
-#define ub_locality_name 128
-#define ub_state_name 128
-#define ub_organization_name 64
-#define ub_organization_unit_name 64
-#define ub_title 64
-#define ub_email_address 128
-
-/* Declarations for template structures: for full definitions
- * see asn1t.h
- */
-typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
-typedef struct ASN1_ITEM_st ASN1_ITEM;
-typedef struct ASN1_TLC_st ASN1_TLC;
-/* This is just an opaque pointer */
-typedef struct ASN1_VALUE_st ASN1_VALUE;
-
-/* Declare ASN1 functions: the implement macro in in asn1t.h */
-
-#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
-
-#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
- DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
-
-#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
- DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
- DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
-
-#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
- DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
- DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
-
-#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
- type *d2i_##name(type **a, const unsigned char **in, long len); \
- int i2d_##name(type *a, unsigned char **out); \
- DECLARE_ASN1_ITEM(itname)
-
-#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
- type *d2i_##name(type **a, const unsigned char **in, long len); \
- int i2d_##name(const type *a, unsigned char **out); \
- DECLARE_ASN1_ITEM(name)
-
-#define DECLARE_ASN1_NDEF_FUNCTION(name) \
- int i2d_##name##_NDEF(name *a, unsigned char **out);
-
-#define DECLARE_ASN1_FUNCTIONS_const(name) \
- DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
- DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
-
-#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
- type *name##_new(void); \
- void name##_free(type *a);
-
-#define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
-#define I2D_OF(type) int (*)(type *,unsigned char **)
-#define I2D_OF_const(type) int (*)(const type *,unsigned char **)
-
-#define CHECKED_D2I_OF(type, d2i) \
- ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
-#define CHECKED_I2D_OF(type, i2d) \
- ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
-#define CHECKED_NEW_OF(type, xnew) \
- ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
-#define CHECKED_PTR_OF(type, p) \
- ((void*) (1 ? p : (type*)0))
-#define CHECKED_PPTR_OF(type, p) \
- ((void**) (1 ? p : (type**)0))
-#define CHECKED_PTR_OF_TO_CHAR(type, p) \
- ((char*) (1 ? p : (type*)0))
-
-#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
-#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
-#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
-
-TYPEDEF_D2I2D_OF(void);
-
-/* The following macros and typedefs allow an ASN1_ITEM
- * to be embedded in a structure and referenced. Since
- * the ASN1_ITEM pointers need to be globally accessible
- * (possibly from shared libraries) they may exist in
- * different forms. On platforms that support it the
- * ASN1_ITEM structure itself will be globally exported.
- * Other platforms will export a function that returns
- * an ASN1_ITEM pointer.
- *
- * To handle both cases transparently the macros below
- * should be used instead of hard coding an ASN1_ITEM
- * pointer in a structure.
- *
- * The structure will look like this:
- *
- * typedef struct SOMETHING_st {
- * ...
- * ASN1_ITEM_EXP *iptr;
- * ...
- * } SOMETHING;
- *
- * It would be initialised as e.g.:
- *
- * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
- *
- * and the actual pointer extracted with:
- *
- * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
- *
- * Finally an ASN1_ITEM pointer can be extracted from an
- * appropriate reference with: ASN1_ITEM_rptr(X509). This
- * would be used when a function takes an ASN1_ITEM * argument.
- *
- */
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM ASN1_ITEM_EXP;
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#define ASN1_ITEM_ptr(iptr) (iptr)
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
-
-#define ASN1_ITEM_rptr(ref) (&(ref##_it))
-
-#define DECLARE_ASN1_ITEM(name) \
- OPENSSL_EXTERN const ASN1_ITEM name##_it;
-
-#else
-
-/* Platforms that can't easily handle shared global variables are declared
- * as functions returning ASN1_ITEM pointers.
- */
-
-/* ASN1_ITEM pointer exported type */
-typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
-
-/* Macro to obtain ASN1_ITEM pointer from exported type */
-#define ASN1_ITEM_ptr(iptr) (iptr())
-
-/* Macro to include ASN1_ITEM pointer from base type */
-#define ASN1_ITEM_ref(iptr) (iptr##_it)
-
-#define ASN1_ITEM_rptr(ref) (ref##_it())
-
-#define DECLARE_ASN1_ITEM(name) \
- const ASN1_ITEM * name##_it(void);
-
-#endif
-
-/* Parameters used by ASN1_STRING_print_ex() */
-
-/* These determine which characters to escape:
- * RFC2253 special characters, control characters and
- * MSB set characters
- */
-
-#define ASN1_STRFLGS_ESC_2253 1
-#define ASN1_STRFLGS_ESC_CTRL 2
-#define ASN1_STRFLGS_ESC_MSB 4
-
-
-/* This flag determines how we do escaping: normally
- * RC2253 backslash only, set this to use backslash and
- * quote.
- */
-
-#define ASN1_STRFLGS_ESC_QUOTE 8
-
-
-/* These three flags are internal use only. */
-
-/* Character is a valid PrintableString character */
-#define CHARTYPE_PRINTABLESTRING 0x10
-/* Character needs escaping if it is the first character */
-#define CHARTYPE_FIRST_ESC_2253 0x20
-/* Character needs escaping if it is the last character */
-#define CHARTYPE_LAST_ESC_2253 0x40
-
-/* NB the internal flags are safely reused below by flags
- * handled at the top level.
- */
-
-/* If this is set we convert all character strings
- * to UTF8 first
- */
-
-#define ASN1_STRFLGS_UTF8_CONVERT 0x10
-
-/* If this is set we don't attempt to interpret content:
- * just assume all strings are 1 byte per character. This
- * will produce some pretty odd looking output!
- */
-
-#define ASN1_STRFLGS_IGNORE_TYPE 0x20
-
-/* If this is set we include the string type in the output */
-#define ASN1_STRFLGS_SHOW_TYPE 0x40
-
-/* This determines which strings to display and which to
- * 'dump' (hex dump of content octets or DER encoding). We can
- * only dump non character strings or everything. If we
- * don't dump 'unknown' they are interpreted as character
- * strings with 1 octet per character and are subject to
- * the usual escaping options.
- */
-
-#define ASN1_STRFLGS_DUMP_ALL 0x80
-#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
-
-/* These determine what 'dumping' does, we can dump the
- * content octets or the DER encoding: both use the
- * RFC2253 #XXXXX notation.
- */
-
-#define ASN1_STRFLGS_DUMP_DER 0x200
-
-/* All the string flags consistent with RFC2253,
- * escaping control characters isn't essential in
- * RFC2253 but it is advisable anyway.
- */
-
-#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \
- ASN1_STRFLGS_ESC_CTRL | \
- ASN1_STRFLGS_ESC_MSB | \
- ASN1_STRFLGS_UTF8_CONVERT | \
- ASN1_STRFLGS_DUMP_UNKNOWN | \
- ASN1_STRFLGS_DUMP_DER)
-
-DECLARE_STACK_OF(ASN1_INTEGER)
-DECLARE_ASN1_SET_OF(ASN1_INTEGER)
-
-DECLARE_STACK_OF(ASN1_GENERALSTRING)
-
-typedef struct asn1_type_st
- {
- int type;
- union {
- char *ptr;
- ASN1_BOOLEAN boolean;
- ASN1_STRING * asn1_string;
- ASN1_OBJECT * object;
- ASN1_INTEGER * integer;
- ASN1_ENUMERATED * enumerated;
- ASN1_BIT_STRING * bit_string;
- ASN1_OCTET_STRING * octet_string;
- ASN1_PRINTABLESTRING * printablestring;
- ASN1_T61STRING * t61string;
- ASN1_IA5STRING * ia5string;
- ASN1_GENERALSTRING * generalstring;
- ASN1_BMPSTRING * bmpstring;
- ASN1_UNIVERSALSTRING * universalstring;
- ASN1_UTCTIME * utctime;
- ASN1_GENERALIZEDTIME * generalizedtime;
- ASN1_VISIBLESTRING * visiblestring;
- ASN1_UTF8STRING * utf8string;
- /* set and sequence are left complete and still
- * contain the set or sequence bytes */
- ASN1_STRING * set;
- ASN1_STRING * sequence;
- ASN1_VALUE * asn1_value;
- } value;
- } ASN1_TYPE;
-
-DECLARE_STACK_OF(ASN1_TYPE)
-DECLARE_ASN1_SET_OF(ASN1_TYPE)
-
-typedef struct asn1_method_st
- {
- i2d_of_void *i2d;
- d2i_of_void *d2i;
- void *(*create)(void);
- void (*destroy)(void *);
- } ASN1_METHOD;
-
-/* This is used when parsing some Netscape objects */
-typedef struct asn1_header_st
- {
- ASN1_OCTET_STRING *header;
- void *data;
- ASN1_METHOD *meth;
- } ASN1_HEADER;
-
-/* This is used to contain a list of bit names */
-typedef struct BIT_STRING_BITNAME_st {
- int bitnum;
- const char *lname;
- const char *sname;
-} BIT_STRING_BITNAME;
-
-
-#define M_ASN1_STRING_length(x) ((x)->length)
-#define M_ASN1_STRING_length_set(x, n) ((x)->length = (n))
-#define M_ASN1_STRING_type(x) ((x)->type)
-#define M_ASN1_STRING_data(x) ((x)->data)
-
-/* Macros for string operations */
-#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\
- ASN1_STRING_type_new(V_ASN1_BIT_STRING)
-#define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
- ASN1_STRING_dup((ASN1_STRING *)a)
-#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
- (ASN1_STRING *)a,(ASN1_STRING *)b)
-#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
-
-#define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\
- ASN1_STRING_type_new(V_ASN1_INTEGER)
-#define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
-#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
- (ASN1_STRING *)a,(ASN1_STRING *)b)
-
-#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
- ASN1_STRING_type_new(V_ASN1_ENUMERATED)
-#define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
-#define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\
- (ASN1_STRING *)a,(ASN1_STRING *)b)
-
-#define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\
- ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
-#define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
- ASN1_STRING_dup((ASN1_STRING *)a)
-#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
- (ASN1_STRING *)a,(ASN1_STRING *)b)
-#define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
-#define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b)
-#define M_i2d_ASN1_OCTET_STRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
- V_ASN1_UNIVERSAL)
-
-#define B_ASN1_TIME \
- B_ASN1_UTCTIME | \
- B_ASN1_GENERALIZEDTIME
-
-#define B_ASN1_PRINTABLE \
- B_ASN1_NUMERICSTRING| \
- B_ASN1_PRINTABLESTRING| \
- B_ASN1_T61STRING| \
- B_ASN1_IA5STRING| \
- B_ASN1_BIT_STRING| \
- B_ASN1_UNIVERSALSTRING|\
- B_ASN1_BMPSTRING|\
- B_ASN1_UTF8STRING|\
- B_ASN1_SEQUENCE|\
- B_ASN1_UNKNOWN
-
-#define B_ASN1_DIRECTORYSTRING \
- B_ASN1_PRINTABLESTRING| \
- B_ASN1_TELETEXSTRING|\
- B_ASN1_BMPSTRING|\
- B_ASN1_UNIVERSALSTRING|\
- B_ASN1_UTF8STRING
-
-#define B_ASN1_DISPLAYTEXT \
- B_ASN1_IA5STRING| \
- B_ASN1_VISIBLESTRING| \
- B_ASN1_BMPSTRING|\
- B_ASN1_UTF8STRING
-
-#define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
- pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
- B_ASN1_PRINTABLE)
-
-#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-#define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
- pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_DIRECTORYSTRING(a,pp,l) \
- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
- B_ASN1_DIRECTORYSTRING)
-
-#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
- pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_DISPLAYTEXT(a,pp,l) \
- d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
- B_ASN1_DISPLAYTEXT)
-
-#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
- ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-#define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
- (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
-
-#define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\
- ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_T61STRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_T61STRING(a,pp,l) \
- (ASN1_T61STRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
-
-#define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\
- ASN1_STRING_type_new(V_ASN1_IA5STRING)
-#define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_IA5STRING_dup(a) \
- (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
-#define M_i2d_ASN1_IA5STRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_IA5STRING(a,pp,l) \
- (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
- B_ASN1_IA5STRING)
-
-#define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\
- ASN1_STRING_type_new(V_ASN1_UTCTIME)
-#define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
-
-#define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\
- ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
-#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
- (ASN1_STRING *)a)
-
-#define M_ASN1_TIME_new() (ASN1_TIME *)\
- ASN1_STRING_type_new(V_ASN1_UTCTIME)
-#define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
-
-#define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\
- ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
-#define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_GENERALSTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
- (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
-
-#define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\
- ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
-#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
- (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
-
-#define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\
- ASN1_STRING_type_new(V_ASN1_BMPSTRING)
-#define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_BMPSTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_BMPSTRING(a,pp,l) \
- (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
-
-#define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\
- ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
-#define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_VISIBLESTRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
- (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
-
-#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\
- ASN1_STRING_type_new(V_ASN1_UTF8STRING)
-#define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_UTF8STRING(a,pp) \
- i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
- V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
- (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
- ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
-
- /* for the is_set parameter to i2d_ASN1_SET */
-#define IS_SEQUENCE 0
-#define IS_SET 1
-
-DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
-
-int ASN1_TYPE_get(ASN1_TYPE *a);
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
-int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
-
-ASN1_OBJECT * ASN1_OBJECT_new(void );
-void ASN1_OBJECT_free(ASN1_OBJECT *a);
-int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
-ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
- long length);
-ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
- long length);
-
-DECLARE_ASN1_ITEM(ASN1_OBJECT)
-
-DECLARE_STACK_OF(ASN1_OBJECT)
-DECLARE_ASN1_SET_OF(ASN1_OBJECT)
-
-ASN1_STRING * ASN1_STRING_new(void);
-void ASN1_STRING_free(ASN1_STRING *a);
-ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a);
-ASN1_STRING * ASN1_STRING_type_new(int type );
-int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
- /* Since this is used to store all sorts of things, via macros, for now, make
- its data void * */
-int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
-void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
-int ASN1_STRING_length(ASN1_STRING *x);
-void ASN1_STRING_length_set(ASN1_STRING *x, int n);
-int ASN1_STRING_type(ASN1_STRING *x);
-unsigned char * ASN1_STRING_data(ASN1_STRING *x);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp,
- long length);
-int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
- int length );
-int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
-int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
-
-#ifndef OPENSSL_NO_BIO
-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
- BIT_STRING_BITNAME *tbl, int indent);
-#endif
-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
- BIT_STRING_BITNAME *tbl);
-
-int i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
-int d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
-int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,
- long length);
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp,
- long length);
-ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x);
-int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
-
-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
-ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
-int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
-#if 0
-time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
-#endif
-
-int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
-ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
-int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
-int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);
-
-DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
-DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
-
-int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
-int UTF8_putc(unsigned char *str, int len, unsigned long value);
-
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
-
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
-DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
-DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
-DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
-DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
-
-DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
-
-ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
-int ASN1_TIME_check(ASN1_TIME *t);
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
-
-int i2d_ASN1_SET(STACK *a, unsigned char **pp,
- i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
-STACK * d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
- d2i_of_void *d2i, void (*free_func)(void *),
- int ex_tag, int ex_class);
-
-#ifndef OPENSSL_NO_BIO
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
-int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
-int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);
-int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
-int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
-#endif
-int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
-
-int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
-ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
- const char *sn, const char *ln);
-
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
-long ASN1_INTEGER_get(ASN1_INTEGER *a);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
-
-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
-long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
-BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
-
-/* General */
-/* given a string, return the correct type, max is the maximum length */
-int ASN1_PRINTABLE_type(const unsigned char *s, int max);
-
-int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
- long length, int Ptag, int Pclass);
-unsigned long ASN1_tag2bit(int tag);
-/* type is one or more of the B_ASN1_ values. */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp,
- long length,int type);
-
-/* PARSING */
-int asn1_Finish(ASN1_CTX *c);
-int asn1_const_Finish(ASN1_const_CTX *c);
-
-/* SPECIALS */
-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
- int *pclass, long omax);
-int ASN1_check_infinite_end(unsigned char **p,long len);
-int ASN1_const_check_infinite_end(const unsigned char **p,long len);
-void ASN1_put_object(unsigned char **pp, int constructed, int length,
- int tag, int xclass);
-int ASN1_put_eoc(unsigned char **pp);
-int ASN1_object_size(int constructed, int length, int tag);
-
-/* Used to implement other functions */
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
-
-#define ASN1_dup_of(type,i2d,d2i,x) \
- ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
- CHECKED_D2I_OF(type, d2i), \
- CHECKED_PTR_OF_TO_CHAR(type, x)))
-
-#define ASN1_dup_of_const(type,i2d,d2i,x) \
- ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
- CHECKED_D2I_OF(type, d2i), \
- CHECKED_PTR_OF_TO_CHAR(const type, x)))
-
-void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
-
-/* ASN1 alloc/free macros for when a type is only used internally */
-
-#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
-#define M_ASN1_free_of(x, type) \
- ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
-
-#ifndef OPENSSL_NO_FP_API
-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
-
-#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
- ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
- CHECKED_D2I_OF(type, d2i), \
- in, \
- CHECKED_PPTR_OF(type, x)))
-
-void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
-int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x);
-
-#define ASN1_i2d_fp_of(type,i2d,out,x) \
- (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
- out, \
- CHECKED_PTR_OF(type, x)))
-
-#define ASN1_i2d_fp_of_const(type,i2d,out,x) \
- (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
- out, \
- CHECKED_PTR_OF(const type, x)))
-
-int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
-int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
-#endif
-
-int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
-
-#ifndef OPENSSL_NO_BIO
-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);
-
-#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
- ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
- CHECKED_D2I_OF(type, d2i), \
- in, \
- CHECKED_PPTR_OF(type, x)))
-
-void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
-int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
-
-#define ASN1_i2d_bio_of(type,i2d,out,x) \
- (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
- out, \
- CHECKED_PTR_OF(type, x)))
-
-#define ASN1_i2d_bio_of_const(type,i2d,out,x) \
- (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
- out, \
- CHECKED_PTR_OF(const type, x)))
-
-int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
-int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
-int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
-int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
-int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
-int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
-int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);
-int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);
-#endif
-const char *ASN1_tag2str(int tag);
-
-/* Used to load and write netscape format cert/key */
-int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length);
-ASN1_HEADER *ASN1_HEADER_new(void );
-void ASN1_HEADER_free(ASN1_HEADER *a);
-
-int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
-
-/* Not used that much at this point, except for the first two */
-ASN1_METHOD *X509_asn1_meth(void);
-ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
-ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
-
-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a,
- unsigned char *data, int len);
-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a,
- unsigned char *data, int max_len);
-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
- unsigned char *data, int len);
-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
- unsigned char *data, int max_len);
-
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
- d2i_of_void *d2i, void (*free_func)(void *));
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
- unsigned char **buf, int *len );
-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
- ASN1_OCTET_STRING **oct);
-
-#define ASN1_pack_string_of(type,obj,i2d,oct) \
- (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \
- CHECKED_I2D_OF(type, i2d), \
- oct))
-
-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
-
-void ASN1_STRING_set_default_mask(unsigned long mask);
-int ASN1_STRING_set_default_mask_asc(const char *p);
-unsigned long ASN1_STRING_get_default_mask(void);
-int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
- int inform, unsigned long mask);
-int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
- int inform, unsigned long mask,
- long minsize, long maxsize);
-
-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
- const unsigned char *in, int inlen, int inform, int nid);
-ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
-int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
-void ASN1_STRING_TABLE_cleanup(void);
-
-/* ASN1 template functions */
-
-/* Old API compatible functions */
-ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
-void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
-ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it);
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-
-void ASN1_add_oid_module(void);
-
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-
-typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
- const ASN1_ITEM *it);
-
-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
- int ctype_nid, int econt_nid,
- STACK_OF(X509_ALGOR) *mdalgs,
- asn1_output_data_fn *data_fn,
- const ASN1_ITEM *it);
-ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ASN1_strings(void);
-
-/* Error codes for the ASN1 functions. */
-
-/* Function codes. */
-#define ASN1_F_A2D_ASN1_OBJECT 100
-#define ASN1_F_A2I_ASN1_ENUMERATED 101
-#define ASN1_F_A2I_ASN1_INTEGER 102
-#define ASN1_F_A2I_ASN1_STRING 103
-#define ASN1_F_APPEND_EXP 176
-#define ASN1_F_ASN1_BIT_STRING_SET_BIT 183
-#define ASN1_F_ASN1_CB 177
-#define ASN1_F_ASN1_CHECK_TLEN 104
-#define ASN1_F_ASN1_COLLATE_PRIMITIVE 105
-#define ASN1_F_ASN1_COLLECT 106
-#define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108
-#define ASN1_F_ASN1_D2I_FP 109
-#define ASN1_F_ASN1_D2I_READ_BIO 107
-#define ASN1_F_ASN1_DIGEST 184
-#define ASN1_F_ASN1_DO_ADB 110
-#define ASN1_F_ASN1_DUP 111
-#define ASN1_F_ASN1_ENUMERATED_SET 112
-#define ASN1_F_ASN1_ENUMERATED_TO_BN 113
-#define ASN1_F_ASN1_EX_C2I 204
-#define ASN1_F_ASN1_FIND_END 190
-#define ASN1_F_ASN1_GENERALIZEDTIME_SET 185
-#define ASN1_F_ASN1_GENERATE_V3 178
-#define ASN1_F_ASN1_GET_OBJECT 114
-#define ASN1_F_ASN1_HEADER_NEW 115
-#define ASN1_F_ASN1_I2D_BIO 116
-#define ASN1_F_ASN1_I2D_FP 117
-#define ASN1_F_ASN1_INTEGER_SET 118
-#define ASN1_F_ASN1_INTEGER_TO_BN 119
-#define ASN1_F_ASN1_ITEM_D2I_FP 206
-#define ASN1_F_ASN1_ITEM_DUP 191
-#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
-#define ASN1_F_ASN1_ITEM_EX_D2I 120
-#define ASN1_F_ASN1_ITEM_I2D_BIO 192
-#define ASN1_F_ASN1_ITEM_I2D_FP 193
-#define ASN1_F_ASN1_ITEM_PACK 198
-#define ASN1_F_ASN1_ITEM_SIGN 195
-#define ASN1_F_ASN1_ITEM_UNPACK 199
-#define ASN1_F_ASN1_ITEM_VERIFY 197
-#define ASN1_F_ASN1_MBSTRING_NCOPY 122
-#define ASN1_F_ASN1_OBJECT_NEW 123
-#define ASN1_F_ASN1_OUTPUT_DATA 207
-#define ASN1_F_ASN1_PACK_STRING 124
-#define ASN1_F_ASN1_PCTX_NEW 205
-#define ASN1_F_ASN1_PKCS5_PBE_SET 125
-#define ASN1_F_ASN1_SEQ_PACK 126
-#define ASN1_F_ASN1_SEQ_UNPACK 127
-#define ASN1_F_ASN1_SIGN 128
-#define ASN1_F_ASN1_STR2TYPE 179
-#define ASN1_F_ASN1_STRING_SET 186
-#define ASN1_F_ASN1_STRING_TABLE_ADD 129
-#define ASN1_F_ASN1_STRING_TYPE_NEW 130
-#define ASN1_F_ASN1_TEMPLATE_EX_D2I 132
-#define ASN1_F_ASN1_TEMPLATE_NEW 133
-#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131
-#define ASN1_F_ASN1_TIME_SET 175
-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134
-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135
-#define ASN1_F_ASN1_UNPACK_STRING 136
-#define ASN1_F_ASN1_UTCTIME_SET 187
-#define ASN1_F_ASN1_VERIFY 137
-#define ASN1_F_B64_READ_ASN1 208
-#define ASN1_F_B64_WRITE_ASN1 209
-#define ASN1_F_BITSTR_CB 180
-#define ASN1_F_BN_TO_ASN1_ENUMERATED 138
-#define ASN1_F_BN_TO_ASN1_INTEGER 139
-#define ASN1_F_C2I_ASN1_BIT_STRING 189
-#define ASN1_F_C2I_ASN1_INTEGER 194
-#define ASN1_F_C2I_ASN1_OBJECT 196
-#define ASN1_F_COLLECT_DATA 140
-#define ASN1_F_D2I_ASN1_BIT_STRING 141
-#define ASN1_F_D2I_ASN1_BOOLEAN 142
-#define ASN1_F_D2I_ASN1_BYTES 143
-#define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144
-#define ASN1_F_D2I_ASN1_HEADER 145
-#define ASN1_F_D2I_ASN1_INTEGER 146
-#define ASN1_F_D2I_ASN1_OBJECT 147
-#define ASN1_F_D2I_ASN1_SET 148
-#define ASN1_F_D2I_ASN1_TYPE_BYTES 149
-#define ASN1_F_D2I_ASN1_UINTEGER 150
-#define ASN1_F_D2I_ASN1_UTCTIME 151
-#define ASN1_F_D2I_NETSCAPE_RSA 152
-#define ASN1_F_D2I_NETSCAPE_RSA_2 153
-#define ASN1_F_D2I_PRIVATEKEY 154
-#define ASN1_F_D2I_PUBLICKEY 155
-#define ASN1_F_D2I_RSA_NET 200
-#define ASN1_F_D2I_RSA_NET_2 201
-#define ASN1_F_D2I_X509 156
-#define ASN1_F_D2I_X509_CINF 157
-#define ASN1_F_D2I_X509_PKEY 159
-#define ASN1_F_I2D_ASN1_SET 188
-#define ASN1_F_I2D_ASN1_TIME 160
-#define ASN1_F_I2D_DSA_PUBKEY 161
-#define ASN1_F_I2D_EC_PUBKEY 181
-#define ASN1_F_I2D_PRIVATEKEY 163
-#define ASN1_F_I2D_PUBLICKEY 164
-#define ASN1_F_I2D_RSA_NET 162
-#define ASN1_F_I2D_RSA_PUBKEY 165
-#define ASN1_F_LONG_C2I 166
-#define ASN1_F_OID_MODULE_INIT 174
-#define ASN1_F_PARSE_TAGGING 182
-#define ASN1_F_PKCS5_PBE2_SET 167
-#define ASN1_F_PKCS5_PBE_SET 202
-#define ASN1_F_SMIME_READ_ASN1 210
-#define ASN1_F_SMIME_TEXT 211
-#define ASN1_F_X509_CINF_NEW 168
-#define ASN1_F_X509_CRL_ADD0_REVOKED 169
-#define ASN1_F_X509_INFO_NEW 170
-#define ASN1_F_X509_NAME_ENCODE 203
-#define ASN1_F_X509_NAME_EX_D2I 158
-#define ASN1_F_X509_NAME_EX_NEW 171
-#define ASN1_F_X509_NEW 172
-#define ASN1_F_X509_PKEY_NEW 173
-
-/* Reason codes. */
-#define ASN1_R_ADDING_OBJECT 171
-#define ASN1_R_ASN1_PARSE_ERROR 198
-#define ASN1_R_ASN1_SIG_PARSE_ERROR 199
-#define ASN1_R_AUX_ERROR 100
-#define ASN1_R_BAD_CLASS 101
-#define ASN1_R_BAD_OBJECT_HEADER 102
-#define ASN1_R_BAD_PASSWORD_READ 103
-#define ASN1_R_BAD_TAG 104
-#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
-#define ASN1_R_BN_LIB 105
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
-#define ASN1_R_BUFFER_TOO_SMALL 107
-#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108
-#define ASN1_R_DATA_IS_WRONG 109
-#define ASN1_R_DECODE_ERROR 110
-#define ASN1_R_DECODING_ERROR 111
-#define ASN1_R_DEPTH_EXCEEDED 174
-#define ASN1_R_ENCODE_ERROR 112
-#define ASN1_R_ERROR_GETTING_TIME 173
-#define ASN1_R_ERROR_LOADING_SECTION 172
-#define ASN1_R_ERROR_PARSING_SET_ELEMENT 113
-#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114
-#define ASN1_R_EXPECTING_AN_INTEGER 115
-#define ASN1_R_EXPECTING_AN_OBJECT 116
-#define ASN1_R_EXPECTING_A_BOOLEAN 117
-#define ASN1_R_EXPECTING_A_TIME 118
-#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119
-#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120
-#define ASN1_R_FIELD_MISSING 121
-#define ASN1_R_FIRST_NUM_TOO_LARGE 122
-#define ASN1_R_HEADER_TOO_LONG 123
-#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175
-#define ASN1_R_ILLEGAL_BOOLEAN 176
-#define ASN1_R_ILLEGAL_CHARACTERS 124
-#define ASN1_R_ILLEGAL_FORMAT 177
-#define ASN1_R_ILLEGAL_HEX 178
-#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179
-#define ASN1_R_ILLEGAL_INTEGER 180
-#define ASN1_R_ILLEGAL_NESTED_TAGGING 181
-#define ASN1_R_ILLEGAL_NULL 125
-#define ASN1_R_ILLEGAL_NULL_VALUE 182
-#define ASN1_R_ILLEGAL_OBJECT 183
-#define ASN1_R_ILLEGAL_OPTIONAL_ANY 126
-#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170
-#define ASN1_R_ILLEGAL_TAGGED_ANY 127
-#define ASN1_R_ILLEGAL_TIME_VALUE 184
-#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185
-#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
-#define ASN1_R_INVALID_BMPSTRING_LENGTH 129
-#define ASN1_R_INVALID_DIGIT 130
-#define ASN1_R_INVALID_MIME_TYPE 200
-#define ASN1_R_INVALID_MODIFIER 186
-#define ASN1_R_INVALID_NUMBER 187
-#define ASN1_R_INVALID_OBJECT_ENCODING 212
-#define ASN1_R_INVALID_SEPARATOR 131
-#define ASN1_R_INVALID_TIME_FORMAT 132
-#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133
-#define ASN1_R_INVALID_UTF8STRING 134
-#define ASN1_R_IV_TOO_LARGE 135
-#define ASN1_R_LENGTH_ERROR 136
-#define ASN1_R_LIST_ERROR 188
-#define ASN1_R_MIME_NO_CONTENT_TYPE 201
-#define ASN1_R_MIME_PARSE_ERROR 202
-#define ASN1_R_MIME_SIG_PARSE_ERROR 203
-#define ASN1_R_MISSING_EOC 137
-#define ASN1_R_MISSING_SECOND_NUMBER 138
-#define ASN1_R_MISSING_VALUE 189
-#define ASN1_R_MSTRING_NOT_UNIVERSAL 139
-#define ASN1_R_MSTRING_WRONG_TAG 140
-#define ASN1_R_NESTED_ASN1_STRING 197
-#define ASN1_R_NON_HEX_CHARACTERS 141
-#define ASN1_R_NOT_ASCII_FORMAT 190
-#define ASN1_R_NOT_ENOUGH_DATA 142
-#define ASN1_R_NO_CONTENT_TYPE 204
-#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
-#define ASN1_R_NO_MULTIPART_BODY_FAILURE 205
-#define ASN1_R_NO_MULTIPART_BOUNDARY 206
-#define ASN1_R_NO_SIG_CONTENT_TYPE 207
-#define ASN1_R_NULL_IS_WRONG_LENGTH 144
-#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191
-#define ASN1_R_ODD_NUMBER_OF_CHARS 145
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE 147
-#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148
-#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149
-#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192
-#define ASN1_R_SHORT_LINE 150
-#define ASN1_R_SIG_INVALID_MIME_TYPE 208
-#define ASN1_R_STREAMING_NOT_SUPPORTED 209
-#define ASN1_R_STRING_TOO_LONG 151
-#define ASN1_R_STRING_TOO_SHORT 152
-#define ASN1_R_TAG_VALUE_TOO_HIGH 153
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
-#define ASN1_R_TIME_NOT_ASCII_FORMAT 193
-#define ASN1_R_TOO_LONG 155
-#define ASN1_R_TYPE_NOT_CONSTRUCTED 156
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
-#define ASN1_R_UNEXPECTED_EOC 159
-#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
-#define ASN1_R_UNKNOWN_FORMAT 160
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
-#define ASN1_R_UNKNOWN_OBJECT_TYPE 162
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163
-#define ASN1_R_UNKNOWN_TAG 194
-#define ASN1_R_UNKOWN_FORMAT 195
-#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164
-#define ASN1_R_UNSUPPORTED_CIPHER 165
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167
-#define ASN1_R_UNSUPPORTED_TYPE 196
-#define ASN1_R_WRONG_TAG 168
-#define ASN1_R_WRONG_TYPE 169
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1.h (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/asn1.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1343 @@
+/* crypto/asn1/asn1.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ASN1_H
+# define HEADER_ASN1_H
+
+# include <time.h>
+# include <openssl/e_os2.h>
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+# include <openssl/stack.h>
+# include <openssl/safestack.h>
+
+# include <openssl/symhacks.h>
+
+# include <openssl/ossl_typ.h>
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/bn.h>
+# endif
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define V_ASN1_UNIVERSAL 0x00
+# define V_ASN1_APPLICATION 0x40
+# define V_ASN1_CONTEXT_SPECIFIC 0x80
+# define V_ASN1_PRIVATE 0xc0
+
+# define V_ASN1_CONSTRUCTED 0x20
+# define V_ASN1_PRIMITIVE_TAG 0x1f
+# define V_ASN1_PRIMATIVE_TAG 0x1f
+
+# define V_ASN1_APP_CHOOSE -2/* let the recipient choose */
+# define V_ASN1_OTHER -3/* used in ASN1_TYPE */
+# define V_ASN1_ANY -4/* used in ASN1 template code */
+
+# define V_ASN1_NEG 0x100/* negative flag */
+
+# define V_ASN1_UNDEF -1
+# define V_ASN1_EOC 0
+# define V_ASN1_BOOLEAN 1 /**/
+# define V_ASN1_INTEGER 2
+# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG)
+# define V_ASN1_BIT_STRING 3
+# define V_ASN1_OCTET_STRING 4
+# define V_ASN1_NULL 5
+# define V_ASN1_OBJECT 6
+# define V_ASN1_OBJECT_DESCRIPTOR 7
+# define V_ASN1_EXTERNAL 8
+# define V_ASN1_REAL 9
+# define V_ASN1_ENUMERATED 10
+# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG)
+# define V_ASN1_UTF8STRING 12
+# define V_ASN1_SEQUENCE 16
+# define V_ASN1_SET 17
+# define V_ASN1_NUMERICSTRING 18 /**/
+# define V_ASN1_PRINTABLESTRING 19
+# define V_ASN1_T61STRING 20
+# define V_ASN1_TELETEXSTRING 20/* alias */
+# define V_ASN1_VIDEOTEXSTRING 21 /**/
+# define V_ASN1_IA5STRING 22
+# define V_ASN1_UTCTIME 23
+# define V_ASN1_GENERALIZEDTIME 24 /**/
+# define V_ASN1_GRAPHICSTRING 25 /**/
+# define V_ASN1_ISO64STRING 26 /**/
+# define V_ASN1_VISIBLESTRING 26/* alias */
+# define V_ASN1_GENERALSTRING 27 /**/
+# define V_ASN1_UNIVERSALSTRING 28 /**/
+# define V_ASN1_BMPSTRING 30
+/* For use with d2i_ASN1_type_bytes() */
+# define B_ASN1_NUMERICSTRING 0x0001
+# define B_ASN1_PRINTABLESTRING 0x0002
+# define B_ASN1_T61STRING 0x0004
+# define B_ASN1_TELETEXSTRING 0x0004
+# define B_ASN1_VIDEOTEXSTRING 0x0008
+# define B_ASN1_IA5STRING 0x0010
+# define B_ASN1_GRAPHICSTRING 0x0020
+# define B_ASN1_ISO64STRING 0x0040
+# define B_ASN1_VISIBLESTRING 0x0040
+# define B_ASN1_GENERALSTRING 0x0080
+# define B_ASN1_UNIVERSALSTRING 0x0100
+# define B_ASN1_OCTET_STRING 0x0200
+# define B_ASN1_BIT_STRING 0x0400
+# define B_ASN1_BMPSTRING 0x0800
+# define B_ASN1_UNKNOWN 0x1000
+# define B_ASN1_UTF8STRING 0x2000
+# define B_ASN1_UTCTIME 0x4000
+# define B_ASN1_GENERALIZEDTIME 0x8000
+# define B_ASN1_SEQUENCE 0x10000
+/* For use with ASN1_mbstring_copy() */
+# define MBSTRING_FLAG 0x1000
+# define MBSTRING_UTF8 (MBSTRING_FLAG)
+# define MBSTRING_ASC (MBSTRING_FLAG|1)
+# define MBSTRING_BMP (MBSTRING_FLAG|2)
+# define MBSTRING_UNIV (MBSTRING_FLAG|4)
+# define SMIME_OLDMIME 0x400
+# define SMIME_CRLFEOL 0x800
+# define SMIME_STREAM 0x1000
+ struct X509_algor_st;
+DECLARE_STACK_OF(X509_ALGOR)
+
+# define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */
+# define IMPLEMENT_ASN1_SET_OF(type)/* nothing, no longer needed */
+
+/*
+ * We MUST make sure that, except for constness, asn1_ctx_st and
+ * asn1_const_ctx are exactly the same. Fortunately, as soon as the old ASN1
+ * parsing macros are gone, we can throw this away as well...
+ */
+typedef struct asn1_ctx_st {
+ unsigned char *p; /* work char pointer */
+ int eos; /* end of sequence read for indefinite
+ * encoding */
+ int error; /* error code to use when returning an error */
+ int inf; /* constructed if 0x20, indefinite is 0x21 */
+ int tag; /* tag from last 'get object' */
+ int xclass; /* class from last 'get object' */
+ long slen; /* length of last 'get object' */
+ unsigned char *max; /* largest value of p allowed */
+ unsigned char *q; /* temporary variable */
+ unsigned char **pp; /* variable */
+ int line; /* used in error processing */
+} ASN1_CTX;
+
+typedef struct asn1_const_ctx_st {
+ const unsigned char *p; /* work char pointer */
+ int eos; /* end of sequence read for indefinite
+ * encoding */
+ int error; /* error code to use when returning an error */
+ int inf; /* constructed if 0x20, indefinite is 0x21 */
+ int tag; /* tag from last 'get object' */
+ int xclass; /* class from last 'get object' */
+ long slen; /* length of last 'get object' */
+ const unsigned char *max; /* largest value of p allowed */
+ const unsigned char *q; /* temporary variable */
+ const unsigned char **pp; /* variable */
+ int line; /* used in error processing */
+} ASN1_const_CTX;
+
+/*
+ * These are used internally in the ASN1_OBJECT to keep track of whether the
+ * names and data need to be free()ed
+ */
+# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */
+# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */
+# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
+# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */
+typedef struct asn1_object_st {
+ const char *sn, *ln;
+ int nid;
+ int length;
+ unsigned char *data;
+ int flags; /* Should we free this one */
+} ASN1_OBJECT;
+
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+/*
+ * This indicates that the ASN1_STRING is not a real value but just a place
+ * holder for the location where indefinite length constructed data should be
+ * inserted in the memory buffer
+ */
+# define ASN1_STRING_FLAG_NDEF 0x010
+
+/*
+ * This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been accessed.
+ * The flag will be reset when content has been written to it.
+ */
+# define ASN1_STRING_FLAG_CONT 0x020
+
+/* This is the base type that holds just about everything :-) */
+typedef struct asn1_string_st {
+ int length;
+ int type;
+ unsigned char *data;
+ /*
+ * The value of the following field depends on the type being held. It
+ * is mostly being used for BIT_STRING so if the input data has a
+ * non-zero 'unused bits' value, it will be handled correctly
+ */
+ long flags;
+} ASN1_STRING;
+
+/*
+ * ASN1_ENCODING structure: this is used to save the received encoding of an
+ * ASN1 type. This is useful to get round problems with invalid encodings
+ * which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st {
+ unsigned char *enc; /* DER encoding */
+ long len; /* Length of encoding */
+ int modified; /* set to 1 if 'enc' is invalid */
+} ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+# define ASN1_LONG_UNDEF 0x7fffffffL
+
+# define STABLE_FLAGS_MALLOC 0x01
+# define STABLE_NO_MASK 0x02
+# define DIRSTRING_TYPE \
+ (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
+# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
+
+typedef struct asn1_string_table_st {
+ int nid;
+ long minsize;
+ long maxsize;
+ unsigned long mask;
+ unsigned long flags;
+} ASN1_STRING_TABLE;
+
+DECLARE_STACK_OF(ASN1_STRING_TABLE)
+
+/* size limits: this stuff is taken straight from RFC2459 */
+
+# define ub_name 32768
+# define ub_common_name 64
+# define ub_locality_name 128
+# define ub_state_name 128
+# define ub_organization_name 64
+# define ub_organization_unit_name 64
+# define ub_title 64
+# define ub_email_address 128
+
+/*
+ * Declarations for template structures: for full definitions see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
+
+# define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+ DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+ DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+ DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+ type *d2i_##name(type **a, const unsigned char **in, long len); \
+ int i2d_##name(type *a, unsigned char **out); \
+ DECLARE_ASN1_ITEM(itname)
+
+# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+ type *d2i_##name(type **a, const unsigned char **in, long len); \
+ int i2d_##name(const type *a, unsigned char **out); \
+ DECLARE_ASN1_ITEM(name)
+
+# define DECLARE_ASN1_NDEF_FUNCTION(name) \
+ int i2d_##name##_NDEF(name *a, unsigned char **out);
+
+# define DECLARE_ASN1_FUNCTIONS_const(name) \
+ DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
+ DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
+
+# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+ type *name##_new(void); \
+ void name##_free(type *a);
+
+# define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
+# define I2D_OF(type) int (*)(type *,unsigned char **)
+# define I2D_OF_const(type) int (*)(const type *,unsigned char **)
+
+# define CHECKED_D2I_OF(type, d2i) \
+ ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
+# define CHECKED_I2D_OF(type, i2d) \
+ ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+# define CHECKED_NEW_OF(type, xnew) \
+ ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
+# define CHECKED_PTR_OF(type, p) \
+ ((void*) (1 ? p : (type*)0))
+# define CHECKED_PPTR_OF(type, p) \
+ ((void**) (1 ? p : (type**)0))
+# define CHECKED_PTR_OF_TO_CHAR(type, p) \
+ ((char*) (1 ? p : (type*)0))
+
+# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
+# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
+# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
+
+TYPEDEF_D2I2D_OF(void);
+
+/*-
+ * The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ * ...
+ * ASN1_ITEM_EXP *iptr;
+ * ...
+ * } SOMETHING;
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+# define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+# define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+# define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+# define DECLARE_ASN1_ITEM(name) \
+ OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
+# else
+
+/*
+ * Platforms that can't easily handle shared global variables are declared as
+ * functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+# define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+# define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+# define ASN1_ITEM_rptr(ref) (ref##_it())
+
+# define DECLARE_ASN1_ITEM(name) \
+ const ASN1_ITEM * name##_it(void);
+
+# endif
+
+/* Parameters used by ASN1_STRING_print_ex() */
+
+/*
+ * These determine which characters to escape: RFC2253 special characters,
+ * control characters and MSB set characters
+ */
+
+# define ASN1_STRFLGS_ESC_2253 1
+# define ASN1_STRFLGS_ESC_CTRL 2
+# define ASN1_STRFLGS_ESC_MSB 4
+
+/*
+ * This flag determines how we do escaping: normally RC2253 backslash only,
+ * set this to use backslash and quote.
+ */
+
+# define ASN1_STRFLGS_ESC_QUOTE 8
+
+/* These three flags are internal use only. */
+
+/* Character is a valid PrintableString character */
+# define CHARTYPE_PRINTABLESTRING 0x10
+/* Character needs escaping if it is the first character */
+# define CHARTYPE_FIRST_ESC_2253 0x20
+/* Character needs escaping if it is the last character */
+# define CHARTYPE_LAST_ESC_2253 0x40
+
+/*
+ * NB the internal flags are safely reused below by flags handled at the top
+ * level.
+ */
+
+/*
+ * If this is set we convert all character strings to UTF8 first
+ */
+
+# define ASN1_STRFLGS_UTF8_CONVERT 0x10
+
+/*
+ * If this is set we don't attempt to interpret content: just assume all
+ * strings are 1 byte per character. This will produce some pretty odd
+ * looking output!
+ */
+
+# define ASN1_STRFLGS_IGNORE_TYPE 0x20
+
+/* If this is set we include the string type in the output */
+# define ASN1_STRFLGS_SHOW_TYPE 0x40
+
+/*
+ * This determines which strings to display and which to 'dump' (hex dump of
+ * content octets or DER encoding). We can only dump non character strings or
+ * everything. If we don't dump 'unknown' they are interpreted as character
+ * strings with 1 octet per character and are subject to the usual escaping
+ * options.
+ */
+
+# define ASN1_STRFLGS_DUMP_ALL 0x80
+# define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
+
+/*
+ * These determine what 'dumping' does, we can dump the content octets or the
+ * DER encoding: both use the RFC2253 #XXXXX notation.
+ */
+
+# define ASN1_STRFLGS_DUMP_DER 0x200
+
+/*
+ * All the string flags consistent with RFC2253, escaping control characters
+ * isn't essential in RFC2253 but it is advisable anyway.
+ */
+
+# define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \
+ ASN1_STRFLGS_ESC_CTRL | \
+ ASN1_STRFLGS_ESC_MSB | \
+ ASN1_STRFLGS_UTF8_CONVERT | \
+ ASN1_STRFLGS_DUMP_UNKNOWN | \
+ ASN1_STRFLGS_DUMP_DER)
+
+DECLARE_STACK_OF(ASN1_INTEGER)
+DECLARE_ASN1_SET_OF(ASN1_INTEGER)
+
+DECLARE_STACK_OF(ASN1_GENERALSTRING)
+
+typedef struct asn1_type_st {
+ int type;
+ union {
+ char *ptr;
+ ASN1_BOOLEAN boolean;
+ ASN1_STRING *asn1_string;
+ ASN1_OBJECT *object;
+ ASN1_INTEGER *integer;
+ ASN1_ENUMERATED *enumerated;
+ ASN1_BIT_STRING *bit_string;
+ ASN1_OCTET_STRING *octet_string;
+ ASN1_PRINTABLESTRING *printablestring;
+ ASN1_T61STRING *t61string;
+ ASN1_IA5STRING *ia5string;
+ ASN1_GENERALSTRING *generalstring;
+ ASN1_BMPSTRING *bmpstring;
+ ASN1_UNIVERSALSTRING *universalstring;
+ ASN1_UTCTIME *utctime;
+ ASN1_GENERALIZEDTIME *generalizedtime;
+ ASN1_VISIBLESTRING *visiblestring;
+ ASN1_UTF8STRING *utf8string;
+ /*
+ * set and sequence are left complete and still contain the set or
+ * sequence bytes
+ */
+ ASN1_STRING *set;
+ ASN1_STRING *sequence;
+ ASN1_VALUE *asn1_value;
+ } value;
+} ASN1_TYPE;
+
+DECLARE_STACK_OF(ASN1_TYPE)
+DECLARE_ASN1_SET_OF(ASN1_TYPE)
+
+typedef struct asn1_method_st {
+ i2d_of_void *i2d;
+ d2i_of_void *d2i;
+ void *(*create) (void);
+ void (*destroy) (void *);
+} ASN1_METHOD;
+
+/* This is used when parsing some Netscape objects */
+typedef struct asn1_header_st {
+ ASN1_OCTET_STRING *header;
+ void *data;
+ ASN1_METHOD *meth;
+} ASN1_HEADER;
+
+/* This is used to contain a list of bit names */
+typedef struct BIT_STRING_BITNAME_st {
+ int bitnum;
+ const char *lname;
+ const char *sname;
+} BIT_STRING_BITNAME;
+
+# define M_ASN1_STRING_length(x) ((x)->length)
+# define M_ASN1_STRING_length_set(x, n) ((x)->length = (n))
+# define M_ASN1_STRING_type(x) ((x)->type)
+# define M_ASN1_STRING_data(x) ((x)->data)
+
+/* Macros for string operations */
+# define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\
+ ASN1_STRING_type_new(V_ASN1_BIT_STRING)
+# define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
+ ASN1_STRING_dup((ASN1_STRING *)a)
+# define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
+ (ASN1_STRING *)a,(ASN1_STRING *)b)
+# define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
+
+# define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\
+ ASN1_STRING_type_new(V_ASN1_INTEGER)
+# define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
+# define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\
+ (ASN1_STRING *)a,(ASN1_STRING *)b)
+
+# define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\
+ ASN1_STRING_type_new(V_ASN1_ENUMERATED)
+# define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
+# define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\
+ (ASN1_STRING *)a,(ASN1_STRING *)b)
+
+# define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\
+ ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
+# define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
+ ASN1_STRING_dup((ASN1_STRING *)a)
+# define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
+ (ASN1_STRING *)a,(ASN1_STRING *)b)
+# define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
+# define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b)
+# define M_i2d_ASN1_OCTET_STRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
+ V_ASN1_UNIVERSAL)
+
+# define B_ASN1_TIME \
+ B_ASN1_UTCTIME | \
+ B_ASN1_GENERALIZEDTIME
+
+# define B_ASN1_PRINTABLE \
+ B_ASN1_NUMERICSTRING| \
+ B_ASN1_PRINTABLESTRING| \
+ B_ASN1_T61STRING| \
+ B_ASN1_IA5STRING| \
+ B_ASN1_BIT_STRING| \
+ B_ASN1_UNIVERSALSTRING|\
+ B_ASN1_BMPSTRING|\
+ B_ASN1_UTF8STRING|\
+ B_ASN1_SEQUENCE|\
+ B_ASN1_UNKNOWN
+
+# define B_ASN1_DIRECTORYSTRING \
+ B_ASN1_PRINTABLESTRING| \
+ B_ASN1_TELETEXSTRING|\
+ B_ASN1_BMPSTRING|\
+ B_ASN1_UNIVERSALSTRING|\
+ B_ASN1_UTF8STRING
+
+# define B_ASN1_DISPLAYTEXT \
+ B_ASN1_IA5STRING| \
+ B_ASN1_VISIBLESTRING| \
+ B_ASN1_BMPSTRING|\
+ B_ASN1_UTF8STRING
+
+# define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING)
+# define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+ pp,a->type,V_ASN1_UNIVERSAL)
+# define M_d2i_ASN1_PRINTABLE(a,pp,l) \
+ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+ B_ASN1_PRINTABLE)
+
+# define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+# define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+ pp,a->type,V_ASN1_UNIVERSAL)
+# define M_d2i_DIRECTORYSTRING(a,pp,l) \
+ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+ B_ASN1_DIRECTORYSTRING)
+
+# define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+# define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+ pp,a->type,V_ASN1_UNIVERSAL)
+# define M_d2i_DISPLAYTEXT(a,pp,l) \
+ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+ B_ASN1_DISPLAYTEXT)
+
+# define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
+ ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+# define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
+ V_ASN1_UNIVERSAL)
+# define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \
+ (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
+
+# define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\
+ ASN1_STRING_type_new(V_ASN1_T61STRING)
+# define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_i2d_ASN1_T61STRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
+ V_ASN1_UNIVERSAL)
+# define M_d2i_ASN1_T61STRING(a,pp,l) \
+ (ASN1_T61STRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
+
+# define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\
+ ASN1_STRING_type_new(V_ASN1_IA5STRING)
+# define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_ASN1_IA5STRING_dup(a) \
+ (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
+# define M_i2d_ASN1_IA5STRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
+ V_ASN1_UNIVERSAL)
+# define M_d2i_ASN1_IA5STRING(a,pp,l) \
+ (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
+ B_ASN1_IA5STRING)
+
+# define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\
+ ASN1_STRING_type_new(V_ASN1_UTCTIME)
+# define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+
+# define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\
+ ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
+# define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
+ (ASN1_STRING *)a)
+
+# define M_ASN1_TIME_new() (ASN1_TIME *)\
+ ASN1_STRING_type_new(V_ASN1_UTCTIME)
+# define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+
+# define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\
+ ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
+# define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_i2d_ASN1_GENERALSTRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
+ V_ASN1_UNIVERSAL)
+# define M_d2i_ASN1_GENERALSTRING(a,pp,l) \
+ (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
+
+# define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\
+ ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
+# define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
+ V_ASN1_UNIVERSAL)
+# define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \
+ (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
+
+# define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\
+ ASN1_STRING_type_new(V_ASN1_BMPSTRING)
+# define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_i2d_ASN1_BMPSTRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
+ V_ASN1_UNIVERSAL)
+# define M_d2i_ASN1_BMPSTRING(a,pp,l) \
+ (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
+
+# define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\
+ ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+# define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_i2d_ASN1_VISIBLESTRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
+ V_ASN1_UNIVERSAL)
+# define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
+ (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
+
+# define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\
+ ASN1_STRING_type_new(V_ASN1_UTF8STRING)
+# define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+# define M_i2d_ASN1_UTF8STRING(a,pp) \
+ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
+ V_ASN1_UNIVERSAL)
+# define M_d2i_ASN1_UTF8STRING(a,pp,l) \
+ (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
+ ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
+
+ /* for the is_set parameter to i2d_ASN1_SET */
+# define IS_SEQUENCE 0
+# define IS_SET 1
+
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+int ASN1_TYPE_get(ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
+
+ASN1_OBJECT *ASN1_OBJECT_new(void);
+void ASN1_OBJECT_free(ASN1_OBJECT *a);
+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ long length);
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ long length);
+
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
+DECLARE_STACK_OF(ASN1_OBJECT)
+DECLARE_ASN1_SET_OF(ASN1_OBJECT)
+
+ASN1_STRING *ASN1_STRING_new(void);
+void ASN1_STRING_free(ASN1_STRING *a);
+ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *a);
+ASN1_STRING *ASN1_STRING_type_new(int type);
+int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+ /*
+ * Since this is used to store all sorts of things, via macros, for now,
+ * make its data void *
+ */
+int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
+int ASN1_STRING_length(ASN1_STRING *x);
+void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+int ASN1_STRING_type(ASN1_STRING *x);
+unsigned char *ASN1_STRING_data(ASN1_STRING *x);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+ const unsigned char **pp, long length);
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
+
+# ifndef OPENSSL_NO_BIO
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+ BIT_STRING_BITNAME *tbl, int indent);
+# endif
+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+ BIT_STRING_BITNAME *tbl);
+
+int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);
+int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+ long length);
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+ long length);
+ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x);
+int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+# if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
+# endif
+
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+ time_t t);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
+int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
+ int len);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
+int UTF8_putc(unsigned char *str, int len, unsigned long value);
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
+
+DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+int ASN1_TIME_check(ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME
+ **out);
+
+int i2d_ASN1_SET(STACK * a, unsigned char **pp,
+ i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
+STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length,
+ d2i_of_void *d2i, void (*free_func) (void *),
+ int ex_tag, int ex_class);
+
+# ifndef OPENSSL_NO_BIO
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size);
+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a);
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size);
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
+# endif
+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a);
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+ const char *sn, const char *ln);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn);
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn);
+
+/* General */
+/* given a string, return the correct type, max is the maximum length */
+int ASN1_PRINTABLE_type(const unsigned char *s, int max);
+
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
+ long length, int Ptag, int Pclass);
+unsigned long ASN1_tag2bit(int tag);
+/* type is one or more of the B_ASN1_ values. */
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
+ long length, int type);
+
+/* PARSING */
+int asn1_Finish(ASN1_CTX *c);
+int asn1_const_Finish(ASN1_const_CTX *c);
+
+/* SPECIALS */
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+ int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p, long len);
+int ASN1_const_check_infinite_end(const unsigned char **p, long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+ int tag, int xclass);
+int ASN1_put_eoc(unsigned char **pp);
+int ASN1_object_size(int constructed, int length, int tag);
+
+/* Used to implement other functions */
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
+
+# define ASN1_dup_of(type,i2d,d2i,x) \
+ ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
+ CHECKED_D2I_OF(type, d2i), \
+ CHECKED_PTR_OF_TO_CHAR(type, x)))
+
+# define ASN1_dup_of_const(type,i2d,d2i,x) \
+ ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
+ CHECKED_D2I_OF(type, d2i), \
+ CHECKED_PTR_OF_TO_CHAR(const type, x)))
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+/* ASN1 alloc/free macros for when a type is only used internally */
+
+# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
+# define M_ASN1_free_of(x, type) \
+ ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
+
+# ifndef OPENSSL_NO_FP_API
+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x);
+
+# define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
+ ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
+ CHECKED_D2I_OF(type, d2i), \
+ in, \
+ CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x);
+
+# define ASN1_i2d_fp_of(type,i2d,out,x) \
+ (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
+ out, \
+ CHECKED_PTR_OF(type, x)))
+
+# define ASN1_i2d_fp_of_const(type,i2d,out,x) \
+ (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
+ out, \
+ CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
+# endif
+
+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
+
+# ifndef OPENSSL_NO_BIO
+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x);
+
+# define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
+ ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
+ CHECKED_D2I_OF(type, d2i), \
+ in, \
+ CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x);
+
+# define ASN1_i2d_bio_of(type,i2d,out,x) \
+ (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
+ out, \
+ CHECKED_PTR_OF(type, x)))
+
+# define ASN1_i2d_bio_of_const(type,i2d,out,x) \
+ (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
+ out, \
+ CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
+int ASN1_UTCTIME_print(BIO *fp, ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp, ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp, ASN1_TIME *a);
+int ASN1_STRING_print(BIO *bp, ASN1_STRING *v);
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+ int dump);
+# endif
+const char *ASN1_tag2str(int tag);
+
+/* Used to load and write netscape format cert/key */
+int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp);
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp,
+ long length);
+ASN1_HEADER *ASN1_HEADER_new(void);
+void ASN1_HEADER_free(ASN1_HEADER * a);
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+
+/* Not used that much at this point, except for the first two */
+ASN1_METHOD *X509_asn1_meth(void);
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void);
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void);
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+ unsigned char *data, int len);
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
+ unsigned char *data, int max_len);
+
+STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+ d2i_of_void *d2i, void (*free_func) (void *));
+unsigned char *ASN1_seq_pack(STACK * safes, i2d_of_void *i2d,
+ unsigned char **buf, int *len);
+void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
+ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
+ ASN1_OCTET_STRING **oct);
+
+# define ASN1_pack_string_of(type,obj,i2d,oct) \
+ (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \
+ CHECKED_I2D_OF(type, i2d), \
+ oct))
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
+ ASN1_OCTET_STRING **oct);
+
+void ASN1_STRING_set_default_mask(unsigned long mask);
+int ASN1_STRING_set_default_mask_asc(const char *p);
+unsigned long ASN1_STRING_get_default_mask(void);
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask);
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+ int inform, unsigned long mask,
+ long minsize, long maxsize);
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+ const unsigned char *in, int inlen,
+ int inform, int nid);
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
+int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
+void ASN1_STRING_TABLE_cleanup(void);
+
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
+ long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+ const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+
+ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
+ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
+
+typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val,
+ int flags, const ASN1_ITEM *it);
+
+int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+ int ctype_nid, int econt_nid,
+ STACK_OF(X509_ALGOR) *mdalgs,
+ asn1_output_data_fn * data_fn, const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ASN1_strings(void);
+
+/* Error codes for the ASN1 functions. */
+
+/* Function codes. */
+# define ASN1_F_A2D_ASN1_OBJECT 100
+# define ASN1_F_A2I_ASN1_ENUMERATED 101
+# define ASN1_F_A2I_ASN1_INTEGER 102
+# define ASN1_F_A2I_ASN1_STRING 103
+# define ASN1_F_APPEND_EXP 176
+# define ASN1_F_ASN1_BIT_STRING_SET_BIT 183
+# define ASN1_F_ASN1_CB 177
+# define ASN1_F_ASN1_CHECK_TLEN 104
+# define ASN1_F_ASN1_COLLATE_PRIMITIVE 105
+# define ASN1_F_ASN1_COLLECT 106
+# define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108
+# define ASN1_F_ASN1_D2I_FP 109
+# define ASN1_F_ASN1_D2I_READ_BIO 107
+# define ASN1_F_ASN1_DIGEST 184
+# define ASN1_F_ASN1_DO_ADB 110
+# define ASN1_F_ASN1_DUP 111
+# define ASN1_F_ASN1_ENUMERATED_SET 112
+# define ASN1_F_ASN1_ENUMERATED_TO_BN 113
+# define ASN1_F_ASN1_EX_C2I 204
+# define ASN1_F_ASN1_FIND_END 190
+# define ASN1_F_ASN1_GENERALIZEDTIME_SET 185
+# define ASN1_F_ASN1_GENERATE_V3 178
+# define ASN1_F_ASN1_GET_OBJECT 114
+# define ASN1_F_ASN1_HEADER_NEW 115
+# define ASN1_F_ASN1_I2D_BIO 116
+# define ASN1_F_ASN1_I2D_FP 117
+# define ASN1_F_ASN1_INTEGER_SET 118
+# define ASN1_F_ASN1_INTEGER_TO_BN 119
+# define ASN1_F_ASN1_ITEM_D2I_FP 206
+# define ASN1_F_ASN1_ITEM_DUP 191
+# define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
+# define ASN1_F_ASN1_ITEM_EX_D2I 120
+# define ASN1_F_ASN1_ITEM_I2D_BIO 192
+# define ASN1_F_ASN1_ITEM_I2D_FP 193
+# define ASN1_F_ASN1_ITEM_PACK 198
+# define ASN1_F_ASN1_ITEM_SIGN 195
+# define ASN1_F_ASN1_ITEM_UNPACK 199
+# define ASN1_F_ASN1_ITEM_VERIFY 197
+# define ASN1_F_ASN1_MBSTRING_NCOPY 122
+# define ASN1_F_ASN1_OBJECT_NEW 123
+# define ASN1_F_ASN1_OUTPUT_DATA 207
+# define ASN1_F_ASN1_PACK_STRING 124
+# define ASN1_F_ASN1_PCTX_NEW 205
+# define ASN1_F_ASN1_PKCS5_PBE_SET 125
+# define ASN1_F_ASN1_SEQ_PACK 126
+# define ASN1_F_ASN1_SEQ_UNPACK 127
+# define ASN1_F_ASN1_SIGN 128
+# define ASN1_F_ASN1_STR2TYPE 179
+# define ASN1_F_ASN1_STRING_SET 186
+# define ASN1_F_ASN1_STRING_TABLE_ADD 129
+# define ASN1_F_ASN1_STRING_TYPE_NEW 130
+# define ASN1_F_ASN1_TEMPLATE_EX_D2I 132
+# define ASN1_F_ASN1_TEMPLATE_NEW 133
+# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131
+# define ASN1_F_ASN1_TIME_SET 175
+# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134
+# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135
+# define ASN1_F_ASN1_UNPACK_STRING 136
+# define ASN1_F_ASN1_UTCTIME_SET 187
+# define ASN1_F_ASN1_VERIFY 137
+# define ASN1_F_B64_READ_ASN1 208
+# define ASN1_F_B64_WRITE_ASN1 209
+# define ASN1_F_BITSTR_CB 180
+# define ASN1_F_BN_TO_ASN1_ENUMERATED 138
+# define ASN1_F_BN_TO_ASN1_INTEGER 139
+# define ASN1_F_C2I_ASN1_BIT_STRING 189
+# define ASN1_F_C2I_ASN1_INTEGER 194
+# define ASN1_F_C2I_ASN1_OBJECT 196
+# define ASN1_F_COLLECT_DATA 140
+# define ASN1_F_D2I_ASN1_BIT_STRING 141
+# define ASN1_F_D2I_ASN1_BOOLEAN 142
+# define ASN1_F_D2I_ASN1_BYTES 143
+# define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144
+# define ASN1_F_D2I_ASN1_HEADER 145
+# define ASN1_F_D2I_ASN1_INTEGER 146
+# define ASN1_F_D2I_ASN1_OBJECT 147
+# define ASN1_F_D2I_ASN1_SET 148
+# define ASN1_F_D2I_ASN1_TYPE_BYTES 149
+# define ASN1_F_D2I_ASN1_UINTEGER 150
+# define ASN1_F_D2I_ASN1_UTCTIME 151
+# define ASN1_F_D2I_NETSCAPE_RSA 152
+# define ASN1_F_D2I_NETSCAPE_RSA_2 153
+# define ASN1_F_D2I_PRIVATEKEY 154
+# define ASN1_F_D2I_PUBLICKEY 155
+# define ASN1_F_D2I_RSA_NET 200
+# define ASN1_F_D2I_RSA_NET_2 201
+# define ASN1_F_D2I_X509 156
+# define ASN1_F_D2I_X509_CINF 157
+# define ASN1_F_D2I_X509_PKEY 159
+# define ASN1_F_I2D_ASN1_SET 188
+# define ASN1_F_I2D_ASN1_TIME 160
+# define ASN1_F_I2D_DSA_PUBKEY 161
+# define ASN1_F_I2D_EC_PUBKEY 181
+# define ASN1_F_I2D_PRIVATEKEY 163
+# define ASN1_F_I2D_PUBLICKEY 164
+# define ASN1_F_I2D_RSA_NET 162
+# define ASN1_F_I2D_RSA_PUBKEY 165
+# define ASN1_F_LONG_C2I 166
+# define ASN1_F_OID_MODULE_INIT 174
+# define ASN1_F_PARSE_TAGGING 182
+# define ASN1_F_PKCS5_PBE2_SET 167
+# define ASN1_F_PKCS5_PBE_SET 202
+# define ASN1_F_SMIME_READ_ASN1 210
+# define ASN1_F_SMIME_TEXT 211
+# define ASN1_F_X509_CINF_NEW 168
+# define ASN1_F_X509_CRL_ADD0_REVOKED 169
+# define ASN1_F_X509_INFO_NEW 170
+# define ASN1_F_X509_NAME_ENCODE 203
+# define ASN1_F_X509_NAME_EX_D2I 158
+# define ASN1_F_X509_NAME_EX_NEW 171
+# define ASN1_F_X509_NEW 172
+# define ASN1_F_X509_PKEY_NEW 173
+
+/* Reason codes. */
+# define ASN1_R_ADDING_OBJECT 171
+# define ASN1_R_ASN1_PARSE_ERROR 198
+# define ASN1_R_ASN1_SIG_PARSE_ERROR 199
+# define ASN1_R_AUX_ERROR 100
+# define ASN1_R_BAD_CLASS 101
+# define ASN1_R_BAD_OBJECT_HEADER 102
+# define ASN1_R_BAD_PASSWORD_READ 103
+# define ASN1_R_BAD_TAG 104
+# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 210
+# define ASN1_R_BN_LIB 105
+# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
+# define ASN1_R_BUFFER_TOO_SMALL 107
+# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108
+# define ASN1_R_DATA_IS_WRONG 109
+# define ASN1_R_DECODE_ERROR 110
+# define ASN1_R_DECODING_ERROR 111
+# define ASN1_R_DEPTH_EXCEEDED 174
+# define ASN1_R_ENCODE_ERROR 112
+# define ASN1_R_ERROR_GETTING_TIME 173
+# define ASN1_R_ERROR_LOADING_SECTION 172
+# define ASN1_R_ERROR_PARSING_SET_ELEMENT 113
+# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114
+# define ASN1_R_EXPECTING_AN_INTEGER 115
+# define ASN1_R_EXPECTING_AN_OBJECT 116
+# define ASN1_R_EXPECTING_A_BOOLEAN 117
+# define ASN1_R_EXPECTING_A_TIME 118
+# define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119
+# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120
+# define ASN1_R_FIELD_MISSING 121
+# define ASN1_R_FIRST_NUM_TOO_LARGE 122
+# define ASN1_R_HEADER_TOO_LONG 123
+# define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175
+# define ASN1_R_ILLEGAL_BOOLEAN 176
+# define ASN1_R_ILLEGAL_CHARACTERS 124
+# define ASN1_R_ILLEGAL_FORMAT 177
+# define ASN1_R_ILLEGAL_HEX 178
+# define ASN1_R_ILLEGAL_IMPLICIT_TAG 179
+# define ASN1_R_ILLEGAL_INTEGER 180
+# define ASN1_R_ILLEGAL_NESTED_TAGGING 181
+# define ASN1_R_ILLEGAL_NULL 125
+# define ASN1_R_ILLEGAL_NULL_VALUE 182
+# define ASN1_R_ILLEGAL_OBJECT 183
+# define ASN1_R_ILLEGAL_OPTIONAL_ANY 126
+# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170
+# define ASN1_R_ILLEGAL_TAGGED_ANY 127
+# define ASN1_R_ILLEGAL_TIME_VALUE 184
+# define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185
+# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
+# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220
+# define ASN1_R_INVALID_BMPSTRING_LENGTH 129
+# define ASN1_R_INVALID_DIGIT 130
+# define ASN1_R_INVALID_MIME_TYPE 200
+# define ASN1_R_INVALID_MODIFIER 186
+# define ASN1_R_INVALID_NUMBER 187
+# define ASN1_R_INVALID_OBJECT_ENCODING 212
+# define ASN1_R_INVALID_SEPARATOR 131
+# define ASN1_R_INVALID_TIME_FORMAT 132
+# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133
+# define ASN1_R_INVALID_UTF8STRING 134
+# define ASN1_R_IV_TOO_LARGE 135
+# define ASN1_R_LENGTH_ERROR 136
+# define ASN1_R_LIST_ERROR 188
+# define ASN1_R_MIME_NO_CONTENT_TYPE 201
+# define ASN1_R_MIME_PARSE_ERROR 202
+# define ASN1_R_MIME_SIG_PARSE_ERROR 203
+# define ASN1_R_MISSING_EOC 137
+# define ASN1_R_MISSING_SECOND_NUMBER 138
+# define ASN1_R_MISSING_VALUE 189
+# define ASN1_R_MSTRING_NOT_UNIVERSAL 139
+# define ASN1_R_MSTRING_WRONG_TAG 140
+# define ASN1_R_NESTED_ASN1_STRING 197
+# define ASN1_R_NON_HEX_CHARACTERS 141
+# define ASN1_R_NOT_ASCII_FORMAT 190
+# define ASN1_R_NOT_ENOUGH_DATA 142
+# define ASN1_R_NO_CONTENT_TYPE 204
+# define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
+# define ASN1_R_NO_MULTIPART_BODY_FAILURE 205
+# define ASN1_R_NO_MULTIPART_BOUNDARY 206
+# define ASN1_R_NO_SIG_CONTENT_TYPE 207
+# define ASN1_R_NULL_IS_WRONG_LENGTH 144
+# define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191
+# define ASN1_R_ODD_NUMBER_OF_CHARS 145
+# define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146
+# define ASN1_R_SECOND_NUMBER_TOO_LARGE 147
+# define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148
+# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149
+# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192
+# define ASN1_R_SHORT_LINE 150
+# define ASN1_R_SIG_INVALID_MIME_TYPE 208
+# define ASN1_R_STREAMING_NOT_SUPPORTED 209
+# define ASN1_R_STRING_TOO_LONG 151
+# define ASN1_R_STRING_TOO_SHORT 152
+# define ASN1_R_TAG_VALUE_TOO_HIGH 153
+# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+# define ASN1_R_TIME_NOT_ASCII_FORMAT 193
+# define ASN1_R_TOO_LONG 155
+# define ASN1_R_TYPE_NOT_CONSTRUCTED 156
+# define ASN1_R_TYPE_NOT_PRIMITIVE 218
+# define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
+# define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
+# define ASN1_R_UNEXPECTED_EOC 159
+# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 211
+# define ASN1_R_UNKNOWN_FORMAT 160
+# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
+# define ASN1_R_UNKNOWN_OBJECT_TYPE 162
+# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163
+# define ASN1_R_UNKNOWN_TAG 194
+# define ASN1_R_UNKOWN_FORMAT 195
+# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164
+# define ASN1_R_UNSUPPORTED_CIPHER 165
+# define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166
+# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167
+# define ASN1_R_UNSUPPORTED_TYPE 196
+# define ASN1_R_WRONG_TAG 168
+# define ASN1_R_WRONG_TYPE 169
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,318 +0,0 @@
-/* crypto/asn1/asn1_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/asn1.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
-
-static ERR_STRING_DATA ASN1_str_functs[]=
- {
-{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
-{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
-{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
-{ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"},
-{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
-{ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"},
-{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"},
-{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"},
-{ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"},
-{ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
-{ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"},
-{ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
-{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
-{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
-{ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"},
-{ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"},
-{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"},
-{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
-{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"},
-{ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
-{ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
-{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"},
-{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"},
-{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
-{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
-{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"},
-{ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
-{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"},
-{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"},
-{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"},
-{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
-{ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
-{ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"},
-{ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
-{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
-{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), "ASN1_TYPE_get_int_octetstring"},
-{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
-{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
-{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
-{ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"},
-{ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"},
-{ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"},
-{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
-{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"},
-{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
-{ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"},
-{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"},
-{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
-{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
-{ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
-{ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"},
-{ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"},
-{ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
-{ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
-{ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
-{ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
-{ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
-{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
-{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
-{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
-{ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
-{ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"},
-{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
-{ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
-{ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
-{ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
-{ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
-{ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
-{ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
-{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
-{ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
-{ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"},
-{ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"},
-{ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"},
-{ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"},
-{ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA ASN1_str_reasons[]=
- {
-{ERR_REASON(ASN1_R_ADDING_OBJECT) ,"adding object"},
-{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR) ,"asn1 parse error"},
-{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"},
-{ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"},
-{ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"},
-{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"},
-{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"},
-{ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"},
-{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
-{ERR_REASON(ASN1_R_BN_LIB) ,"bn lib"},
-{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
-{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) ,"buffer too small"},
-{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
-{ERR_REASON(ASN1_R_DATA_IS_WRONG) ,"data is wrong"},
-{ERR_REASON(ASN1_R_DECODE_ERROR) ,"decode error"},
-{ERR_REASON(ASN1_R_DECODING_ERROR) ,"decoding error"},
-{ERR_REASON(ASN1_R_DEPTH_EXCEEDED) ,"depth exceeded"},
-{ERR_REASON(ASN1_R_ENCODE_ERROR) ,"encode error"},
-{ERR_REASON(ASN1_R_ERROR_GETTING_TIME) ,"error getting time"},
-{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
-{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"},
-{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"},
-{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"},
-{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT) ,"expecting an object"},
-{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN) ,"expecting a boolean"},
-{ERR_REASON(ASN1_R_EXPECTING_A_TIME) ,"expecting a time"},
-{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"},
-{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"},
-{ERR_REASON(ASN1_R_FIELD_MISSING) ,"field missing"},
-{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) ,"first num too large"},
-{ERR_REASON(ASN1_R_HEADER_TOO_LONG) ,"header too long"},
-{ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT),"illegal bitstring format"},
-{ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN) ,"illegal boolean"},
-{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) ,"illegal characters"},
-{ERR_REASON(ASN1_R_ILLEGAL_FORMAT) ,"illegal format"},
-{ERR_REASON(ASN1_R_ILLEGAL_HEX) ,"illegal hex"},
-{ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) ,"illegal implicit tag"},
-{ERR_REASON(ASN1_R_ILLEGAL_INTEGER) ,"illegal integer"},
-{ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING),"illegal nested tagging"},
-{ERR_REASON(ASN1_R_ILLEGAL_NULL) ,"illegal null"},
-{ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE) ,"illegal null value"},
-{ERR_REASON(ASN1_R_ILLEGAL_OBJECT) ,"illegal object"},
-{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},
-{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},
-{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) ,"illegal tagged any"},
-{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"},
-{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
-{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
-{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
-{ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"},
-{ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"},
-{ERR_REASON(ASN1_R_INVALID_MODIFIER) ,"invalid modifier"},
-{ERR_REASON(ASN1_R_INVALID_NUMBER) ,"invalid number"},
-{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
-{ERR_REASON(ASN1_R_INVALID_SEPARATOR) ,"invalid separator"},
-{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) ,"invalid time format"},
-{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
-{ERR_REASON(ASN1_R_INVALID_UTF8STRING) ,"invalid utf8string"},
-{ERR_REASON(ASN1_R_IV_TOO_LARGE) ,"iv too large"},
-{ERR_REASON(ASN1_R_LENGTH_ERROR) ,"length error"},
-{ERR_REASON(ASN1_R_LIST_ERROR) ,"list error"},
-{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"},
-{ERR_REASON(ASN1_R_MIME_PARSE_ERROR) ,"mime parse error"},
-{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"},
-{ERR_REASON(ASN1_R_MISSING_EOC) ,"missing eoc"},
-{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
-{ERR_REASON(ASN1_R_MISSING_VALUE) ,"missing value"},
-{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
-{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) ,"mstring wrong tag"},
-{ERR_REASON(ASN1_R_NESTED_ASN1_STRING) ,"nested asn1 string"},
-{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) ,"non hex characters"},
-{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) ,"not ascii format"},
-{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) ,"not enough data"},
-{ERR_REASON(ASN1_R_NO_CONTENT_TYPE) ,"no content type"},
-{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
-{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
-{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
-{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
-{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
-{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"},
-{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) ,"odd number of chars"},
-{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},
-{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},
-{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},
-{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
-{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"},
-{ERR_REASON(ASN1_R_SHORT_LINE) ,"short line"},
-{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
-{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"},
-{ERR_REASON(ASN1_R_STRING_TOO_LONG) ,"string too long"},
-{ERR_REASON(ASN1_R_STRING_TOO_SHORT) ,"string too short"},
-{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) ,"tag value too high"},
-{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
-{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},
-{ERR_REASON(ASN1_R_TOO_LONG) ,"too long"},
-{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
-{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
-{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
-{ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"},
-{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
-{ERR_REASON(ASN1_R_UNKNOWN_FORMAT) ,"unknown format"},
-{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
-{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) ,"unknown object type"},
-{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
-{ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE) ,"unsupported type"},
-{ERR_REASON(ASN1_R_WRONG_TAG) ,"wrong tag"},
-{ERR_REASON(ASN1_R_WRONG_TYPE) ,"wrong type"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_ASN1_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,ASN1_str_functs);
- ERR_load_strings(0,ASN1_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/asn1_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,338 @@
+/* crypto/asn1/asn1_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
+
+static ERR_STRING_DATA ASN1_str_functs[] = {
+ {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
+ {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
+ {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
+ {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
+ {ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"},
+ {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
+ {ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"},
+ {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"},
+ {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"},
+ {ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
+ {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"},
+ {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
+ {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"},
+ {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
+ {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"},
+ {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
+ {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
+ {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
+ {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"},
+ {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"},
+ {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
+ {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"},
+ {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
+ {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"},
+ {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
+ {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
+ {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"},
+ {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"},
+ {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
+ {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
+ {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"},
+ {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
+ {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"},
+ {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"},
+ {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"},
+ {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
+ {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
+ {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"},
+ {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
+ {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
+ {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
+ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
+ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
+ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"},
+ {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
+ {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),
+ "ASN1_TYPE_get_int_octetstring"},
+ {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
+ {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
+ {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
+ {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
+ {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"},
+ {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"},
+ {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"},
+ {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
+ {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
+ {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"},
+ {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
+ {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
+ {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
+ {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
+ {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
+ {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"},
+ {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"},
+ {ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"},
+ {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"},
+ {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
+ {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
+ {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"},
+ {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
+ {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"},
+ {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"},
+ {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
+ {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
+ {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
+ {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"},
+ {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"},
+ {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
+ {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
+ {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
+ {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
+ {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
+ {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
+ {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
+ {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
+ {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
+ {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"},
+ {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
+ {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
+ {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
+ {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"},
+ {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"},
+ {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
+ {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
+ {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
+ {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
+ {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
+ {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
+ {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"},
+ {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"},
+ {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"},
+ {ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"},
+ {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA ASN1_str_reasons[] = {
+ {ERR_REASON(ASN1_R_ADDING_OBJECT), "adding object"},
+ {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"},
+ {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"},
+ {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
+ {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"},
+ {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
+ {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"},
+ {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"},
+ {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
+ "bmpstring is wrong length"},
+ {ERR_REASON(ASN1_R_BN_LIB), "bn lib"},
+ {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"},
+ {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL), "buffer too small"},
+ {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+ "cipher has no object identifier"},
+ {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"},
+ {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"},
+ {ERR_REASON(ASN1_R_DECODING_ERROR), "decoding error"},
+ {ERR_REASON(ASN1_R_DEPTH_EXCEEDED), "depth exceeded"},
+ {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"},
+ {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"},
+ {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"},
+ {ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),
+ "error parsing set element"},
+ {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),
+ "error setting cipher params"},
+ {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"},
+ {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"},
+ {ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN), "expecting a boolean"},
+ {ERR_REASON(ASN1_R_EXPECTING_A_TIME), "expecting a time"},
+ {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"},
+ {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),
+ "explicit tag not constructed"},
+ {ERR_REASON(ASN1_R_FIELD_MISSING), "field missing"},
+ {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE), "first num too large"},
+ {ERR_REASON(ASN1_R_HEADER_TOO_LONG), "header too long"},
+ {ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT), "illegal bitstring format"},
+ {ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"},
+ {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS), "illegal characters"},
+ {ERR_REASON(ASN1_R_ILLEGAL_FORMAT), "illegal format"},
+ {ERR_REASON(ASN1_R_ILLEGAL_HEX), "illegal hex"},
+ {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG), "illegal implicit tag"},
+ {ERR_REASON(ASN1_R_ILLEGAL_INTEGER), "illegal integer"},
+ {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"},
+ {ERR_REASON(ASN1_R_ILLEGAL_NULL), "illegal null"},
+ {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"},
+ {ERR_REASON(ASN1_R_ILLEGAL_OBJECT), "illegal object"},
+ {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"},
+ {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),
+ "illegal options on item template"},
+ {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"},
+ {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"},
+ {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"},
+ {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),
+ "integer too large for long"},
+ {ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),
+ "invalid bit string bits left"},
+ {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH), "invalid bmpstring length"},
+ {ERR_REASON(ASN1_R_INVALID_DIGIT), "invalid digit"},
+ {ERR_REASON(ASN1_R_INVALID_MIME_TYPE), "invalid mime type"},
+ {ERR_REASON(ASN1_R_INVALID_MODIFIER), "invalid modifier"},
+ {ERR_REASON(ASN1_R_INVALID_NUMBER), "invalid number"},
+ {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"},
+ {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"},
+ {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT), "invalid time format"},
+ {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),
+ "invalid universalstring length"},
+ {ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"},
+ {ERR_REASON(ASN1_R_IV_TOO_LARGE), "iv too large"},
+ {ERR_REASON(ASN1_R_LENGTH_ERROR), "length error"},
+ {ERR_REASON(ASN1_R_LIST_ERROR), "list error"},
+ {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
+ {ERR_REASON(ASN1_R_MIME_PARSE_ERROR), "mime parse error"},
+ {ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"},
+ {ERR_REASON(ASN1_R_MISSING_EOC), "missing eoc"},
+ {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER), "missing second number"},
+ {ERR_REASON(ASN1_R_MISSING_VALUE), "missing value"},
+ {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
+ {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
+ {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
+ {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
+ {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
+ {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
+ {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"},
+ {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"},
+ {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),
+ "no multipart body failure"},
+ {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
+ {ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE), "no sig content type"},
+ {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"},
+ {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"},
+ {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"},
+ {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),
+ "private key header missing"},
+ {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"},
+ {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"},
+ {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"},
+ {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),
+ "sequence or set needs config"},
+ {ERR_REASON(ASN1_R_SHORT_LINE), "short line"},
+ {ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
+ {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"},
+ {ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"},
+ {ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"},
+ {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH), "tag value too high"},
+ {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+ "the asn1 object identifier is not known for this md"},
+ {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"},
+ {ERR_REASON(ASN1_R_TOO_LONG), "too long"},
+ {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"},
+ {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"},
+ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"},
+ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),
+ "unable to decode rsa private key"},
+ {ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"},
+ {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),
+ "universalstring is wrong length"},
+ {ERR_REASON(ASN1_R_UNKNOWN_FORMAT), "unknown format"},
+ {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),
+ "unknown message digest algorithm"},
+ {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE), "unknown object type"},
+ {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"},
+ {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"},
+ {ERR_REASON(ASN1_R_UNKOWN_FORMAT), "unkown format"},
+ {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),
+ "unsupported any defined by type"},
+ {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+ {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),
+ "unsupported encryption algorithm"},
+ {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
+ "unsupported public key type"},
+ {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},
+ {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"},
+ {ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_ASN1_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, ASN1_str_functs);
+ ERR_load_strings(0, ASN1_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_gen.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_gen.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,855 +0,0 @@
-/* asn1_gen.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2002.
- */
-/* ====================================================================
- * Copyright (c) 2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/x509v3.h>
-
-#define ASN1_GEN_FLAG 0x10000
-#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1)
-#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2)
-#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3)
-#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4)
-#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5)
-#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6)
-#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7)
-#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8)
-
-#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
-
-#define ASN1_FLAG_EXP_MAX 20
-
-/* Input formats */
-
-/* ASCII: default */
-#define ASN1_GEN_FORMAT_ASCII 1
-/* UTF8 */
-#define ASN1_GEN_FORMAT_UTF8 2
-/* Hex */
-#define ASN1_GEN_FORMAT_HEX 3
-/* List of bits */
-#define ASN1_GEN_FORMAT_BITLIST 4
-
-
-struct tag_name_st
- {
- const char *strnam;
- int len;
- int tag;
- };
-
-typedef struct
- {
- int exp_tag;
- int exp_class;
- int exp_constructed;
- int exp_pad;
- long exp_len;
- } tag_exp_type;
-
-typedef struct
- {
- int imp_tag;
- int imp_class;
- int utype;
- int format;
- const char *str;
- tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
- int exp_count;
- } tag_exp_arg;
-
-static int bitstr_cb(const char *elem, int len, void *bitstr);
-static int asn1_cb(const char *elem, int len, void *bitstr);
-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);
-static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
-static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
-static int asn1_str2tag(const char *tagstr, int len);
-
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
- {
- X509V3_CTX cnf;
-
- if (!nconf)
- return ASN1_generate_v3(str, NULL);
-
- X509V3_set_nconf(&cnf, nconf);
- return ASN1_generate_v3(str, &cnf);
- }
-
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
- {
- ASN1_TYPE *ret;
- tag_exp_arg asn1_tags;
- tag_exp_type *etmp;
-
- int i, len;
-
- unsigned char *orig_der = NULL, *new_der = NULL;
- const unsigned char *cpy_start;
- unsigned char *p;
- const unsigned char *cp;
- int cpy_len;
- long hdr_len;
- int hdr_constructed = 0, hdr_tag, hdr_class;
- int r;
-
- asn1_tags.imp_tag = -1;
- asn1_tags.imp_class = -1;
- asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
- asn1_tags.exp_count = 0;
- if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
- return NULL;
-
- if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))
- {
- if (!cnf)
- {
- ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
- return NULL;
- }
- ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
- }
- else
- ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
-
- if (!ret)
- return NULL;
-
- /* If no tagging return base type */
- if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
- return ret;
-
- /* Generate the encoding */
- cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
- ASN1_TYPE_free(ret);
- ret = NULL;
- /* Set point to start copying for modified encoding */
- cpy_start = orig_der;
-
- /* Do we need IMPLICIT tagging? */
- if (asn1_tags.imp_tag != -1)
- {
- /* If IMPLICIT we will replace the underlying tag */
- /* Skip existing tag+len */
- r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
- if (r & 0x80)
- goto err;
- /* Update copy length */
- cpy_len -= cpy_start - orig_der;
- /* For IMPLICIT tagging the length should match the
- * original length and constructed flag should be
- * consistent.
- */
- if (r & 0x1)
- {
- /* Indefinite length constructed */
- hdr_constructed = 2;
- hdr_len = 0;
- }
- else
- /* Just retain constructed flag */
- hdr_constructed = r & V_ASN1_CONSTRUCTED;
- /* Work out new length with IMPLICIT tag: ignore constructed
- * because it will mess up if indefinite length
- */
- len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
- }
- else
- len = cpy_len;
-
- /* Work out length in any EXPLICIT, starting from end */
-
- for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)
- {
- /* Content length: number of content octets + any padding */
- len += etmp->exp_pad;
- etmp->exp_len = len;
- /* Total object length: length including new header */
- len = ASN1_object_size(0, len, etmp->exp_tag);
- }
-
- /* Allocate buffer for new encoding */
-
- new_der = OPENSSL_malloc(len);
- if (!new_der)
- goto err;
-
- /* Generate tagged encoding */
-
- p = new_der;
-
- /* Output explicit tags first */
-
- for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)
- {
- ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
- etmp->exp_tag, etmp->exp_class);
- if (etmp->exp_pad)
- *p++ = 0;
- }
-
- /* If IMPLICIT, output tag */
-
- if (asn1_tags.imp_tag != -1)
- ASN1_put_object(&p, hdr_constructed, hdr_len,
- asn1_tags.imp_tag, asn1_tags.imp_class);
-
- /* Copy across original encoding */
- memcpy(p, cpy_start, cpy_len);
-
- cp = new_der;
-
- /* Obtain new ASN1_TYPE structure */
- ret = d2i_ASN1_TYPE(NULL, &cp, len);
-
- err:
- if (orig_der)
- OPENSSL_free(orig_der);
- if (new_der)
- OPENSSL_free(new_der);
-
- return ret;
-
- }
-
-static int asn1_cb(const char *elem, int len, void *bitstr)
- {
- tag_exp_arg *arg = bitstr;
- int i;
- int utype;
- int vlen = 0;
- const char *p, *vstart = NULL;
-
- int tmp_tag, tmp_class;
-
- for(i = 0, p = elem; i < len; p++, i++)
- {
- /* Look for the ':' in name value pairs */
- if (*p == ':')
- {
- vstart = p + 1;
- vlen = len - (vstart - elem);
- len = p - elem;
- break;
- }
- }
-
- utype = asn1_str2tag(elem, len);
-
- if (utype == -1)
- {
- ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
- ERR_add_error_data(2, "tag=", elem);
- return -1;
- }
-
- /* If this is not a modifier mark end of string and exit */
- if (!(utype & ASN1_GEN_FLAG))
- {
- arg->utype = utype;
- arg->str = vstart;
- /* If no value and not end of string, error */
- if (!vstart && elem[len])
- {
- ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
- return -1;
- }
- return 0;
- }
-
- switch(utype)
- {
-
- case ASN1_GEN_FLAG_IMP:
- /* Check for illegal multiple IMPLICIT tagging */
- if (arg->imp_tag != -1)
- {
- ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
- return -1;
- }
- if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
- return -1;
- break;
-
- case ASN1_GEN_FLAG_EXP:
-
- if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
- return -1;
- if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
- return -1;
- break;
-
- case ASN1_GEN_FLAG_SEQWRAP:
- if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
- return -1;
- break;
-
- case ASN1_GEN_FLAG_SETWRAP:
- if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
- return -1;
- break;
-
- case ASN1_GEN_FLAG_BITWRAP:
- if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
- return -1;
- break;
-
- case ASN1_GEN_FLAG_OCTWRAP:
- if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
- return -1;
- break;
-
- case ASN1_GEN_FLAG_FORMAT:
- if (!strncmp(vstart, "ASCII", 5))
- arg->format = ASN1_GEN_FORMAT_ASCII;
- else if (!strncmp(vstart, "UTF8", 4))
- arg->format = ASN1_GEN_FORMAT_UTF8;
- else if (!strncmp(vstart, "HEX", 3))
- arg->format = ASN1_GEN_FORMAT_HEX;
- else if (!strncmp(vstart, "BITLIST", 3))
- arg->format = ASN1_GEN_FORMAT_BITLIST;
- else
- {
- ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
- return -1;
- }
- break;
-
- }
-
- return 1;
-
- }
-
-static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
- {
- char erch[2];
- long tag_num;
- char *eptr;
- if (!vstart)
- return 0;
- tag_num = strtoul(vstart, &eptr, 10);
- /* Check we haven't gone past max length: should be impossible */
- if (eptr && *eptr && (eptr > vstart + vlen))
- return 0;
- if (tag_num < 0)
- {
- ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
- return 0;
- }
- *ptag = tag_num;
- /* If we have non numeric characters, parse them */
- if (eptr)
- vlen -= eptr - vstart;
- else
- vlen = 0;
- if (vlen)
- {
- switch (*eptr)
- {
-
- case 'U':
- *pclass = V_ASN1_UNIVERSAL;
- break;
-
- case 'A':
- *pclass = V_ASN1_APPLICATION;
- break;
-
- case 'P':
- *pclass = V_ASN1_PRIVATE;
- break;
-
- case 'C':
- *pclass = V_ASN1_CONTEXT_SPECIFIC;
- break;
-
- default:
- erch[0] = *eptr;
- erch[1] = 0;
- ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
- ERR_add_error_data(2, "Char=", erch);
- return 0;
- break;
-
- }
- }
- else
- *pclass = V_ASN1_CONTEXT_SPECIFIC;
-
- return 1;
-
- }
-
-/* Handle multiple types: SET and SEQUENCE */
-
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
- {
- ASN1_TYPE *ret = NULL, *typ = NULL;
- STACK_OF(ASN1_TYPE) *sk = NULL;
- STACK_OF(CONF_VALUE) *sect = NULL;
- unsigned char *der = NULL, *p;
- int derlen;
- int i, is_set;
- sk = sk_ASN1_TYPE_new_null();
- if (!sk)
- goto bad;
- if (section)
- {
- if (!cnf)
- goto bad;
- sect = X509V3_get_section(cnf, (char *)section);
- if (!sect)
- goto bad;
- for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
- {
- typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
- if (!typ)
- goto bad;
- if (!sk_ASN1_TYPE_push(sk, typ))
- goto bad;
- typ = NULL;
- }
- }
-
- /* Now we has a STACK of the components, convert to the correct form */
-
- if (utype == V_ASN1_SET)
- is_set = 1;
- else
- is_set = 0;
-
-
- derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,
- V_ASN1_UNIVERSAL, is_set);
- der = OPENSSL_malloc(derlen);
- if (!der)
- goto bad;
- p = der;
- i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype,
- V_ASN1_UNIVERSAL, is_set);
-
- if (!(ret = ASN1_TYPE_new()))
- goto bad;
-
- if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
- goto bad;
-
- ret->type = utype;
-
- ret->value.asn1_string->data = der;
- ret->value.asn1_string->length = derlen;
-
- der = NULL;
-
- bad:
-
- if (der)
- OPENSSL_free(der);
-
- if (sk)
- sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
- if (typ)
- ASN1_TYPE_free(typ);
- if (sect)
- X509V3_section_free(cnf, sect);
-
- return ret;
- }
-
-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)
- {
- tag_exp_type *exp_tmp;
- /* Can only have IMPLICIT if permitted */
- if ((arg->imp_tag != -1) && !imp_ok)
- {
- ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
- return 0;
- }
-
- if (arg->exp_count == ASN1_FLAG_EXP_MAX)
- {
- ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
- return 0;
- }
-
- exp_tmp = &arg->exp_list[arg->exp_count++];
-
- /* If IMPLICIT set tag to implicit value then
- * reset implicit tag since it has been used.
- */
- if (arg->imp_tag != -1)
- {
- exp_tmp->exp_tag = arg->imp_tag;
- exp_tmp->exp_class = arg->imp_class;
- arg->imp_tag = -1;
- arg->imp_class = -1;
- }
- else
- {
- exp_tmp->exp_tag = exp_tag;
- exp_tmp->exp_class = exp_class;
- }
- exp_tmp->exp_constructed = exp_constructed;
- exp_tmp->exp_pad = exp_pad;
-
- return 1;
- }
-
-
-static int asn1_str2tag(const char *tagstr, int len)
- {
- unsigned int i;
- static struct tag_name_st *tntmp, tnst [] = {
- ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
- ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
- ASN1_GEN_STR("NULL", V_ASN1_NULL),
- ASN1_GEN_STR("INT", V_ASN1_INTEGER),
- ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
- ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
- ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
- ASN1_GEN_STR("OID", V_ASN1_OBJECT),
- ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
- ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
- ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
- ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
- ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
- ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
- ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
- ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
- ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
- ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
- ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
- ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
- ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
- ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
- ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
- ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
- ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
- ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
- ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
- ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
- ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
- ASN1_GEN_STR("T61", V_ASN1_T61STRING),
- ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
- ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
- ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
- ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
-
- /* Special cases */
- ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
- ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
- ASN1_GEN_STR("SET", V_ASN1_SET),
- /* type modifiers */
- /* Explicit tag */
- ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
- ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
- /* Implicit tag */
- ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
- ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
- /* OCTET STRING wrapper */
- ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
- /* SEQUENCE wrapper */
- ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
- /* SET wrapper */
- ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
- /* BIT STRING wrapper */
- ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
- ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
- ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
- };
-
- if (len == -1)
- len = strlen(tagstr);
-
- tntmp = tnst;
- for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)
- {
- if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
- return tntmp->tag;
- }
-
- return -1;
- }
-
-static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
- {
- ASN1_TYPE *atmp = NULL;
-
- CONF_VALUE vtmp;
-
- unsigned char *rdata;
- long rdlen;
-
- int no_unused = 1;
-
- if (!(atmp = ASN1_TYPE_new()))
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- if (!str)
- str = "";
-
- switch(utype)
- {
-
- case V_ASN1_NULL:
- if (str && *str)
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
- goto bad_form;
- }
- break;
-
- case V_ASN1_BOOLEAN:
- if (format != ASN1_GEN_FORMAT_ASCII)
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
- goto bad_form;
- }
- vtmp.name = NULL;
- vtmp.section = NULL;
- vtmp.value = (char *)str;
- if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
- goto bad_str;
- }
- break;
-
- case V_ASN1_INTEGER:
- case V_ASN1_ENUMERATED:
- if (format != ASN1_GEN_FORMAT_ASCII)
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
- goto bad_form;
- }
- if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
- goto bad_str;
- }
- break;
-
- case V_ASN1_OBJECT:
- if (format != ASN1_GEN_FORMAT_ASCII)
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
- goto bad_form;
- }
- if (!(atmp->value.object = OBJ_txt2obj(str, 0)))
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
- goto bad_str;
- }
- break;
-
- case V_ASN1_UTCTIME:
- case V_ASN1_GENERALIZEDTIME:
- if (format != ASN1_GEN_FORMAT_ASCII)
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
- goto bad_form;
- }
- if (!(atmp->value.asn1_string = ASN1_STRING_new()))
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
- goto bad_str;
- }
- if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
- goto bad_str;
- }
- atmp->value.asn1_string->type = utype;
- if (!ASN1_TIME_check(atmp->value.asn1_string))
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
- goto bad_str;
- }
-
- break;
-
- case V_ASN1_BMPSTRING:
- case V_ASN1_PRINTABLESTRING:
- case V_ASN1_IA5STRING:
- case V_ASN1_T61STRING:
- case V_ASN1_UTF8STRING:
- case V_ASN1_VISIBLESTRING:
- case V_ASN1_UNIVERSALSTRING:
- case V_ASN1_GENERALSTRING:
-
- if (format == ASN1_GEN_FORMAT_ASCII)
- format = MBSTRING_ASC;
- else if (format == ASN1_GEN_FORMAT_UTF8)
- format = MBSTRING_UTF8;
- else
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
- goto bad_form;
- }
-
-
- if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
- -1, format, ASN1_tag2bit(utype)) <= 0)
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
- goto bad_str;
- }
-
-
- break;
-
- case V_ASN1_BIT_STRING:
-
- case V_ASN1_OCTET_STRING:
-
- if (!(atmp->value.asn1_string = ASN1_STRING_new()))
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
- goto bad_form;
- }
-
- if (format == ASN1_GEN_FORMAT_HEX)
- {
-
- if (!(rdata = string_to_hex((char *)str, &rdlen)))
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
- goto bad_str;
- }
-
- atmp->value.asn1_string->data = rdata;
- atmp->value.asn1_string->length = rdlen;
- atmp->value.asn1_string->type = utype;
-
- }
- else if (format == ASN1_GEN_FORMAT_ASCII)
- ASN1_STRING_set(atmp->value.asn1_string, str, -1);
- else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))
- {
- if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
- goto bad_str;
- }
- no_unused = 0;
-
- }
- else
- {
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
- goto bad_form;
- }
-
- if ((utype == V_ASN1_BIT_STRING) && no_unused)
- {
- atmp->value.asn1_string->flags
- &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
- atmp->value.asn1_string->flags
- |= ASN1_STRING_FLAG_BITS_LEFT;
- }
-
-
- break;
-
- default:
- ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
- goto bad_str;
- break;
- }
-
-
- atmp->type = utype;
- return atmp;
-
-
- bad_str:
- ERR_add_error_data(2, "string=", str);
- bad_form:
-
- ASN1_TYPE_free(atmp);
- return NULL;
-
- }
-
-static int bitstr_cb(const char *elem, int len, void *bitstr)
- {
- long bitnum;
- char *eptr;
- if (!elem)
- return 0;
- bitnum = strtoul(elem, &eptr, 10);
- if (eptr && *eptr && (eptr != elem + len))
- return 0;
- if (bitnum < 0)
- {
- ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
- return 0;
- }
- if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))
- {
- ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- return 1;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_gen.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/asn1_gen.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_gen.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,802 @@
+/* asn1_gen.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/x509v3.h>
+
+#define ASN1_GEN_FLAG 0x10000
+#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1)
+#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2)
+#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3)
+#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4)
+#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5)
+#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6)
+#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7)
+#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8)
+
+#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
+
+#define ASN1_FLAG_EXP_MAX 20
+
+/* Input formats */
+
+/* ASCII: default */
+#define ASN1_GEN_FORMAT_ASCII 1
+/* UTF8 */
+#define ASN1_GEN_FORMAT_UTF8 2
+/* Hex */
+#define ASN1_GEN_FORMAT_HEX 3
+/* List of bits */
+#define ASN1_GEN_FORMAT_BITLIST 4
+
+struct tag_name_st {
+ const char *strnam;
+ int len;
+ int tag;
+};
+
+typedef struct {
+ int exp_tag;
+ int exp_class;
+ int exp_constructed;
+ int exp_pad;
+ long exp_len;
+} tag_exp_type;
+
+typedef struct {
+ int imp_tag;
+ int imp_class;
+ int utype;
+ int format;
+ const char *str;
+ tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
+ int exp_count;
+} tag_exp_arg;
+
+static int bitstr_cb(const char *elem, int len, void *bitstr);
+static int asn1_cb(const char *elem, int len, void *bitstr);
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
+ int exp_constructed, int exp_pad, int imp_ok);
+static int parse_tagging(const char *vstart, int vlen, int *ptag,
+ int *pclass);
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
+static int asn1_str2tag(const char *tagstr, int len);
+
+ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
+{
+ X509V3_CTX cnf;
+
+ if (!nconf)
+ return ASN1_generate_v3(str, NULL);
+
+ X509V3_set_nconf(&cnf, nconf);
+ return ASN1_generate_v3(str, &cnf);
+}
+
+ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
+{
+ ASN1_TYPE *ret;
+ tag_exp_arg asn1_tags;
+ tag_exp_type *etmp;
+
+ int i, len;
+
+ unsigned char *orig_der = NULL, *new_der = NULL;
+ const unsigned char *cpy_start;
+ unsigned char *p;
+ const unsigned char *cp;
+ int cpy_len;
+ long hdr_len;
+ int hdr_constructed = 0, hdr_tag, hdr_class;
+ int r;
+
+ asn1_tags.imp_tag = -1;
+ asn1_tags.imp_class = -1;
+ asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
+ asn1_tags.exp_count = 0;
+ if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
+ return NULL;
+
+ if ((asn1_tags.utype == V_ASN1_SEQUENCE)
+ || (asn1_tags.utype == V_ASN1_SET)) {
+ if (!cnf) {
+ ASN1err(ASN1_F_ASN1_GENERATE_V3,
+ ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
+ return NULL;
+ }
+ ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
+ } else
+ ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
+
+ if (!ret)
+ return NULL;
+
+ /* If no tagging return base type */
+ if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
+ return ret;
+
+ /* Generate the encoding */
+ cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
+ ASN1_TYPE_free(ret);
+ ret = NULL;
+ /* Set point to start copying for modified encoding */
+ cpy_start = orig_der;
+
+ /* Do we need IMPLICIT tagging? */
+ if (asn1_tags.imp_tag != -1) {
+ /* If IMPLICIT we will replace the underlying tag */
+ /* Skip existing tag+len */
+ r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class,
+ cpy_len);
+ if (r & 0x80)
+ goto err;
+ /* Update copy length */
+ cpy_len -= cpy_start - orig_der;
+ /*
+ * For IMPLICIT tagging the length should match the original length
+ * and constructed flag should be consistent.
+ */
+ if (r & 0x1) {
+ /* Indefinite length constructed */
+ hdr_constructed = 2;
+ hdr_len = 0;
+ } else
+ /* Just retain constructed flag */
+ hdr_constructed = r & V_ASN1_CONSTRUCTED;
+ /*
+ * Work out new length with IMPLICIT tag: ignore constructed because
+ * it will mess up if indefinite length
+ */
+ len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
+ } else
+ len = cpy_len;
+
+ /* Work out length in any EXPLICIT, starting from end */
+
+ for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1;
+ i < asn1_tags.exp_count; i++, etmp--) {
+ /* Content length: number of content octets + any padding */
+ len += etmp->exp_pad;
+ etmp->exp_len = len;
+ /* Total object length: length including new header */
+ len = ASN1_object_size(0, len, etmp->exp_tag);
+ }
+
+ /* Allocate buffer for new encoding */
+
+ new_der = OPENSSL_malloc(len);
+ if (!new_der)
+ goto err;
+
+ /* Generate tagged encoding */
+
+ p = new_der;
+
+ /* Output explicit tags first */
+
+ for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count;
+ i++, etmp++) {
+ ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
+ etmp->exp_tag, etmp->exp_class);
+ if (etmp->exp_pad)
+ *p++ = 0;
+ }
+
+ /* If IMPLICIT, output tag */
+
+ if (asn1_tags.imp_tag != -1)
+ ASN1_put_object(&p, hdr_constructed, hdr_len,
+ asn1_tags.imp_tag, asn1_tags.imp_class);
+
+ /* Copy across original encoding */
+ memcpy(p, cpy_start, cpy_len);
+
+ cp = new_der;
+
+ /* Obtain new ASN1_TYPE structure */
+ ret = d2i_ASN1_TYPE(NULL, &cp, len);
+
+ err:
+ if (orig_der)
+ OPENSSL_free(orig_der);
+ if (new_der)
+ OPENSSL_free(new_der);
+
+ return ret;
+
+}
+
+static int asn1_cb(const char *elem, int len, void *bitstr)
+{
+ tag_exp_arg *arg = bitstr;
+ int i;
+ int utype;
+ int vlen = 0;
+ const char *p, *vstart = NULL;
+
+ int tmp_tag, tmp_class;
+
+ for (i = 0, p = elem; i < len; p++, i++) {
+ /* Look for the ':' in name value pairs */
+ if (*p == ':') {
+ vstart = p + 1;
+ vlen = len - (vstart - elem);
+ len = p - elem;
+ break;
+ }
+ }
+
+ utype = asn1_str2tag(elem, len);
+
+ if (utype == -1) {
+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
+ ERR_add_error_data(2, "tag=", elem);
+ return -1;
+ }
+
+ /* If this is not a modifier mark end of string and exit */
+ if (!(utype & ASN1_GEN_FLAG)) {
+ arg->utype = utype;
+ arg->str = vstart;
+ /* If no value and not end of string, error */
+ if (!vstart && elem[len]) {
+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
+ return -1;
+ }
+ return 0;
+ }
+
+ switch (utype) {
+
+ case ASN1_GEN_FLAG_IMP:
+ /* Check for illegal multiple IMPLICIT tagging */
+ if (arg->imp_tag != -1) {
+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
+ return -1;
+ }
+ if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
+ return -1;
+ break;
+
+ case ASN1_GEN_FLAG_EXP:
+
+ if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
+ return -1;
+ if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
+ return -1;
+ break;
+
+ case ASN1_GEN_FLAG_SEQWRAP:
+ if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
+ return -1;
+ break;
+
+ case ASN1_GEN_FLAG_SETWRAP:
+ if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
+ return -1;
+ break;
+
+ case ASN1_GEN_FLAG_BITWRAP:
+ if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
+ return -1;
+ break;
+
+ case ASN1_GEN_FLAG_OCTWRAP:
+ if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
+ return -1;
+ break;
+
+ case ASN1_GEN_FLAG_FORMAT:
+ if (!strncmp(vstart, "ASCII", 5))
+ arg->format = ASN1_GEN_FORMAT_ASCII;
+ else if (!strncmp(vstart, "UTF8", 4))
+ arg->format = ASN1_GEN_FORMAT_UTF8;
+ else if (!strncmp(vstart, "HEX", 3))
+ arg->format = ASN1_GEN_FORMAT_HEX;
+ else if (!strncmp(vstart, "BITLIST", 3))
+ arg->format = ASN1_GEN_FORMAT_BITLIST;
+ else {
+ ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
+ return -1;
+ }
+ break;
+
+ }
+
+ return 1;
+
+}
+
+static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
+{
+ char erch[2];
+ long tag_num;
+ char *eptr;
+ if (!vstart)
+ return 0;
+ tag_num = strtoul(vstart, &eptr, 10);
+ /* Check we haven't gone past max length: should be impossible */
+ if (eptr && *eptr && (eptr > vstart + vlen))
+ return 0;
+ if (tag_num < 0) {
+ ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
+ return 0;
+ }
+ *ptag = tag_num;
+ /* If we have non numeric characters, parse them */
+ if (eptr)
+ vlen -= eptr - vstart;
+ else
+ vlen = 0;
+ if (vlen) {
+ switch (*eptr) {
+
+ case 'U':
+ *pclass = V_ASN1_UNIVERSAL;
+ break;
+
+ case 'A':
+ *pclass = V_ASN1_APPLICATION;
+ break;
+
+ case 'P':
+ *pclass = V_ASN1_PRIVATE;
+ break;
+
+ case 'C':
+ *pclass = V_ASN1_CONTEXT_SPECIFIC;
+ break;
+
+ default:
+ erch[0] = *eptr;
+ erch[1] = 0;
+ ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
+ ERR_add_error_data(2, "Char=", erch);
+ return 0;
+ break;
+
+ }
+ } else
+ *pclass = V_ASN1_CONTEXT_SPECIFIC;
+
+ return 1;
+
+}
+
+/* Handle multiple types: SET and SEQUENCE */
+
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
+{
+ ASN1_TYPE *ret = NULL, *typ = NULL;
+ STACK_OF(ASN1_TYPE) *sk = NULL;
+ STACK_OF(CONF_VALUE) *sect = NULL;
+ unsigned char *der = NULL, *p;
+ int derlen;
+ int i, is_set;
+ sk = sk_ASN1_TYPE_new_null();
+ if (!sk)
+ goto bad;
+ if (section) {
+ if (!cnf)
+ goto bad;
+ sect = X509V3_get_section(cnf, (char *)section);
+ if (!sect)
+ goto bad;
+ for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
+ typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
+ if (!typ)
+ goto bad;
+ if (!sk_ASN1_TYPE_push(sk, typ))
+ goto bad;
+ typ = NULL;
+ }
+ }
+
+ /*
+ * Now we has a STACK of the components, convert to the correct form
+ */
+
+ if (utype == V_ASN1_SET)
+ is_set = 1;
+ else
+ is_set = 0;
+
+ derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,
+ V_ASN1_UNIVERSAL, is_set);
+ der = OPENSSL_malloc(derlen);
+ if (!der)
+ goto bad;
+ p = der;
+ i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype,
+ V_ASN1_UNIVERSAL, is_set);
+
+ if (!(ret = ASN1_TYPE_new()))
+ goto bad;
+
+ if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
+ goto bad;
+
+ ret->type = utype;
+
+ ret->value.asn1_string->data = der;
+ ret->value.asn1_string->length = derlen;
+
+ der = NULL;
+
+ bad:
+
+ if (der)
+ OPENSSL_free(der);
+
+ if (sk)
+ sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
+ if (typ)
+ ASN1_TYPE_free(typ);
+ if (sect)
+ X509V3_section_free(cnf, sect);
+
+ return ret;
+}
+
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
+ int exp_constructed, int exp_pad, int imp_ok)
+{
+ tag_exp_type *exp_tmp;
+ /* Can only have IMPLICIT if permitted */
+ if ((arg->imp_tag != -1) && !imp_ok) {
+ ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
+ return 0;
+ }
+
+ if (arg->exp_count == ASN1_FLAG_EXP_MAX) {
+ ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
+ return 0;
+ }
+
+ exp_tmp = &arg->exp_list[arg->exp_count++];
+
+ /*
+ * If IMPLICIT set tag to implicit value then reset implicit tag since it
+ * has been used.
+ */
+ if (arg->imp_tag != -1) {
+ exp_tmp->exp_tag = arg->imp_tag;
+ exp_tmp->exp_class = arg->imp_class;
+ arg->imp_tag = -1;
+ arg->imp_class = -1;
+ } else {
+ exp_tmp->exp_tag = exp_tag;
+ exp_tmp->exp_class = exp_class;
+ }
+ exp_tmp->exp_constructed = exp_constructed;
+ exp_tmp->exp_pad = exp_pad;
+
+ return 1;
+}
+
+static int asn1_str2tag(const char *tagstr, int len)
+{
+ unsigned int i;
+ static struct tag_name_st *tntmp, tnst[] = {
+ ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
+ ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
+ ASN1_GEN_STR("NULL", V_ASN1_NULL),
+ ASN1_GEN_STR("INT", V_ASN1_INTEGER),
+ ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
+ ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
+ ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
+ ASN1_GEN_STR("OID", V_ASN1_OBJECT),
+ ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
+ ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
+ ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
+ ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
+ ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
+ ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
+ ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
+ ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
+ ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
+ ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
+ ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
+ ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
+ ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
+ ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
+ ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
+ ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
+ ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
+ ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
+ ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
+ ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
+ ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
+ ASN1_GEN_STR("T61", V_ASN1_T61STRING),
+ ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
+ ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
+ ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
+ ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
+
+ /* Special cases */
+ ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
+ ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
+ ASN1_GEN_STR("SET", V_ASN1_SET),
+ /* type modifiers */
+ /* Explicit tag */
+ ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
+ ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
+ /* Implicit tag */
+ ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
+ ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
+ /* OCTET STRING wrapper */
+ ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
+ /* SEQUENCE wrapper */
+ ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
+ /* SET wrapper */
+ ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
+ /* BIT STRING wrapper */
+ ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
+ ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
+ ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
+ };
+
+ if (len == -1)
+ len = strlen(tagstr);
+
+ tntmp = tnst;
+ for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) {
+ if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
+ return tntmp->tag;
+ }
+
+ return -1;
+}
+
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
+{
+ ASN1_TYPE *atmp = NULL;
+
+ CONF_VALUE vtmp;
+
+ unsigned char *rdata;
+ long rdlen;
+
+ int no_unused = 1;
+
+ if (!(atmp = ASN1_TYPE_new())) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ if (!str)
+ str = "";
+
+ switch (utype) {
+
+ case V_ASN1_NULL:
+ if (str && *str) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
+ goto bad_form;
+ }
+ break;
+
+ case V_ASN1_BOOLEAN:
+ if (format != ASN1_GEN_FORMAT_ASCII) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
+ goto bad_form;
+ }
+ vtmp.name = NULL;
+ vtmp.section = NULL;
+ vtmp.value = (char *)str;
+ if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
+ goto bad_str;
+ }
+ break;
+
+ case V_ASN1_INTEGER:
+ case V_ASN1_ENUMERATED:
+ if (format != ASN1_GEN_FORMAT_ASCII) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
+ goto bad_form;
+ }
+ if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
+ goto bad_str;
+ }
+ break;
+
+ case V_ASN1_OBJECT:
+ if (format != ASN1_GEN_FORMAT_ASCII) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
+ goto bad_form;
+ }
+ if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
+ goto bad_str;
+ }
+ break;
+
+ case V_ASN1_UTCTIME:
+ case V_ASN1_GENERALIZEDTIME:
+ if (format != ASN1_GEN_FORMAT_ASCII) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
+ goto bad_form;
+ }
+ if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+ goto bad_str;
+ }
+ if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+ goto bad_str;
+ }
+ atmp->value.asn1_string->type = utype;
+ if (!ASN1_TIME_check(atmp->value.asn1_string)) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
+ goto bad_str;
+ }
+
+ break;
+
+ case V_ASN1_BMPSTRING:
+ case V_ASN1_PRINTABLESTRING:
+ case V_ASN1_IA5STRING:
+ case V_ASN1_T61STRING:
+ case V_ASN1_UTF8STRING:
+ case V_ASN1_VISIBLESTRING:
+ case V_ASN1_UNIVERSALSTRING:
+ case V_ASN1_GENERALSTRING:
+
+ if (format == ASN1_GEN_FORMAT_ASCII)
+ format = MBSTRING_ASC;
+ else if (format == ASN1_GEN_FORMAT_UTF8)
+ format = MBSTRING_UTF8;
+ else {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
+ goto bad_form;
+ }
+
+ if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
+ -1, format, ASN1_tag2bit(utype)) <= 0) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+ goto bad_str;
+ }
+
+ break;
+
+ case V_ASN1_BIT_STRING:
+
+ case V_ASN1_OCTET_STRING:
+
+ if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+ goto bad_form;
+ }
+
+ if (format == ASN1_GEN_FORMAT_HEX) {
+
+ if (!(rdata = string_to_hex((char *)str, &rdlen))) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
+ goto bad_str;
+ }
+
+ atmp->value.asn1_string->data = rdata;
+ atmp->value.asn1_string->length = rdlen;
+ atmp->value.asn1_string->type = utype;
+
+ } else if (format == ASN1_GEN_FORMAT_ASCII)
+ ASN1_STRING_set(atmp->value.asn1_string, str, -1);
+ else if ((format == ASN1_GEN_FORMAT_BITLIST)
+ && (utype == V_ASN1_BIT_STRING)) {
+ if (!CONF_parse_list
+ (str, ',', 1, bitstr_cb, atmp->value.bit_string)) {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
+ goto bad_str;
+ }
+ no_unused = 0;
+
+ } else {
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
+ goto bad_form;
+ }
+
+ if ((utype == V_ASN1_BIT_STRING) && no_unused) {
+ atmp->value.asn1_string->flags
+ &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+ atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ }
+
+ break;
+
+ default:
+ ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
+ goto bad_str;
+ break;
+ }
+
+ atmp->type = utype;
+ return atmp;
+
+ bad_str:
+ ERR_add_error_data(2, "string=", str);
+ bad_form:
+
+ ASN1_TYPE_free(atmp);
+ return NULL;
+
+}
+
+static int bitstr_cb(const char *elem, int len, void *bitstr)
+{
+ long bitnum;
+ char *eptr;
+ if (!elem)
+ return 0;
+ bitnum = strtoul(elem, &eptr, 10);
+ if (eptr && *eptr && (eptr != elem + len))
+ return 0;
+ if (bitnum < 0) {
+ ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
+ return 0;
+ }
+ if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {
+ ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,473 +0,0 @@
-/* crypto/asn1/asn1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
-
-static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max);
-static void asn1_put_length(unsigned char **pp, int length);
-const char ASN1_version[]="ASN.1" OPENSSL_VERSION_PTEXT;
-
-static int _asn1_check_infinite_end(const unsigned char **p, long len)
- {
- /* If there is 0 or 1 byte left, the length check should pick
- * things up */
- if (len <= 0)
- return(1);
- else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0))
- {
- (*p)+=2;
- return(1);
- }
- return(0);
- }
-
-int ASN1_check_infinite_end(unsigned char **p, long len)
- {
- return _asn1_check_infinite_end((const unsigned char **)p, len);
- }
-
-int ASN1_const_check_infinite_end(const unsigned char **p, long len)
- {
- return _asn1_check_infinite_end(p, len);
- }
-
-
-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
- int *pclass, long omax)
- {
- int i,ret;
- long l;
- const unsigned char *p= *pp;
- int tag,xclass,inf;
- long max=omax;
-
- if (!max) goto err;
- ret=(*p&V_ASN1_CONSTRUCTED);
- xclass=(*p&V_ASN1_PRIVATE);
- i= *p&V_ASN1_PRIMITIVE_TAG;
- if (i == V_ASN1_PRIMITIVE_TAG)
- { /* high-tag */
- p++;
- if (--max == 0) goto err;
- l=0;
- while (*p&0x80)
- {
- l<<=7L;
- l|= *(p++)&0x7f;
- if (--max == 0) goto err;
- if (l > (INT_MAX >> 7L)) goto err;
- }
- l<<=7L;
- l|= *(p++)&0x7f;
- tag=(int)l;
- if (--max == 0) goto err;
- }
- else
- {
- tag=i;
- p++;
- if (--max == 0) goto err;
- }
- *ptag=tag;
- *pclass=xclass;
- if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
-
- if (inf && !(ret & V_ASN1_CONSTRUCTED))
- goto err;
-
-#if 0
- fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n",
- (int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
- (int)(omax+ *pp));
-
-#endif
- if (*plength > (omax - (p - *pp)))
- {
- ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
- /* Set this so that even if things are not long enough
- * the values are set correctly */
- ret|=0x80;
- }
- *pp=p;
- return(ret|inf);
-err:
- ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG);
- return(0x80);
- }
-
-static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max)
- {
- const unsigned char *p= *pp;
- unsigned long ret=0;
- unsigned int i;
-
- if (max-- < 1) return(0);
- if (*p == 0x80)
- {
- *inf=1;
- ret=0;
- p++;
- }
- else
- {
- *inf=0;
- i= *p&0x7f;
- if (*(p++) & 0x80)
- {
- if (i > sizeof(long))
- return 0;
- if (max-- == 0) return(0);
- while (i-- > 0)
- {
- ret<<=8L;
- ret|= *(p++);
- if (max-- == 0) return(0);
- }
- }
- else
- ret=i;
- }
- if (ret > LONG_MAX)
- return 0;
- *pp=p;
- *rl=(long)ret;
- return(1);
- }
-
-/* class 0 is constructed
- * constructed == 2 for indefinite length constructed */
-void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
- int xclass)
- {
- unsigned char *p= *pp;
- int i, ttag;
-
- i=(constructed)?V_ASN1_CONSTRUCTED:0;
- i|=(xclass&V_ASN1_PRIVATE);
- if (tag < 31)
- *(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG);
- else
- {
- *(p++)=i|V_ASN1_PRIMITIVE_TAG;
- for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;
- ttag = i;
- while(i-- > 0)
- {
- p[i] = tag & 0x7f;
- if(i != (ttag - 1)) p[i] |= 0x80;
- tag >>= 7;
- }
- p += ttag;
- }
- if (constructed == 2)
- *(p++)=0x80;
- else
- asn1_put_length(&p,length);
- *pp=p;
- }
-
-int ASN1_put_eoc(unsigned char **pp)
- {
- unsigned char *p = *pp;
- *p++ = 0;
- *p++ = 0;
- *pp = p;
- return 2;
- }
-
-static void asn1_put_length(unsigned char **pp, int length)
- {
- unsigned char *p= *pp;
- int i,l;
- if (length <= 127)
- *(p++)=(unsigned char)length;
- else
- {
- l=length;
- for (i=0; l > 0; i++)
- l>>=8;
- *(p++)=i|0x80;
- l=i;
- while (i-- > 0)
- {
- p[i]=length&0xff;
- length>>=8;
- }
- p+=l;
- }
- *pp=p;
- }
-
-int ASN1_object_size(int constructed, int length, int tag)
- {
- int ret;
-
- ret=length;
- ret++;
- if (tag >= 31)
- {
- while (tag > 0)
- {
- tag>>=7;
- ret++;
- }
- }
- if (constructed == 2)
- return ret + 3;
- ret++;
- if (length > 127)
- {
- while (length > 0)
- {
- length>>=8;
- ret++;
- }
- }
- return(ret);
- }
-
-static int _asn1_Finish(ASN1_const_CTX *c)
- {
- if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
- {
- if (!ASN1_const_check_infinite_end(&c->p,c->slen))
- {
- c->error=ERR_R_MISSING_ASN1_EOS;
- return(0);
- }
- }
- if ( ((c->slen != 0) && !(c->inf & 1)) ||
- ((c->slen < 0) && (c->inf & 1)))
- {
- c->error=ERR_R_ASN1_LENGTH_MISMATCH;
- return(0);
- }
- return(1);
- }
-
-int asn1_Finish(ASN1_CTX *c)
- {
- return _asn1_Finish((ASN1_const_CTX *)c);
- }
-
-int asn1_const_Finish(ASN1_const_CTX *c)
- {
- return _asn1_Finish(c);
- }
-
-int asn1_GetSequence(ASN1_const_CTX *c, long *length)
- {
- const unsigned char *q;
-
- q=c->p;
- c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),
- *length);
- if (c->inf & 0x80)
- {
- c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL;
- return(0);
- }
- if (c->tag != V_ASN1_SEQUENCE)
- {
- c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
- return(0);
- }
- (*length)-=(c->p-q);
- if (c->max && (*length < 0))
- {
- c->error=ERR_R_ASN1_LENGTH_MISMATCH;
- return(0);
- }
- if (c->inf == (1|V_ASN1_CONSTRUCTED))
- c->slen= *length+ *(c->pp)-c->p;
- c->eos=0;
- return(1);
- }
-
-ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
- {
- ASN1_STRING *ret;
-
- if (str == NULL) return(NULL);
- if ((ret=ASN1_STRING_type_new(str->type)) == NULL)
- return(NULL);
- if (!ASN1_STRING_set(ret,str->data,str->length))
- {
- ASN1_STRING_free(ret);
- return(NULL);
- }
- ret->flags = str->flags;
- return(ret);
- }
-
-int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
- {
- unsigned char *c;
- const char *data=_data;
-
- if (len < 0)
- {
- if (data == NULL)
- return(0);
- else
- len=strlen(data);
- }
- if ((str->length < len) || (str->data == NULL))
- {
- c=str->data;
- if (c == NULL)
- str->data=OPENSSL_malloc(len+1);
- else
- str->data=OPENSSL_realloc(c,len+1);
-
- if (str->data == NULL)
- {
- ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE);
- str->data=c;
- return(0);
- }
- }
- str->length=len;
- if (data != NULL)
- {
- memcpy(str->data,data,len);
- /* an allowance for strings :-) */
- str->data[len]='\0';
- }
- return(1);
- }
-
-void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
- {
- if (str->data)
- OPENSSL_free(str->data);
- str->data = data;
- str->length = len;
- }
-
-ASN1_STRING *ASN1_STRING_new(void)
- {
- return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
- }
-
-
-ASN1_STRING *ASN1_STRING_type_new(int type)
- {
- ASN1_STRING *ret;
-
- ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
- if (ret == NULL)
- {
- ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- ret->length=0;
- ret->type=type;
- ret->data=NULL;
- ret->flags=0;
- return(ret);
- }
-
-void ASN1_STRING_free(ASN1_STRING *a)
- {
- if (a == NULL) return;
- if (a->data != NULL) OPENSSL_free(a->data);
- OPENSSL_free(a);
- }
-
-int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
- {
- int i;
-
- i=(a->length-b->length);
- if (i == 0)
- {
- i=memcmp(a->data,b->data,a->length);
- if (i == 0)
- return(a->type-b->type);
- else
- return(i);
- }
- else
- return(i);
- }
-
-void asn1_add_error(const unsigned char *address, int offset)
- {
- char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
-
- BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
- BIO_snprintf(buf2,sizeof buf2,"%d",offset);
- ERR_add_error_data(4,"address=",buf1," offset=",buf2);
- }
-
-int ASN1_STRING_length(ASN1_STRING *x)
-{ return M_ASN1_STRING_length(x); }
-
-void ASN1_STRING_length_set(ASN1_STRING *x, int len)
-{ M_ASN1_STRING_length_set(x, len); return; }
-
-int ASN1_STRING_type(ASN1_STRING *x)
-{ return M_ASN1_STRING_type(x); }
-
-unsigned char * ASN1_STRING_data(ASN1_STRING *x)
-{ return M_ASN1_STRING_data(x); }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/asn1_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,466 @@
+/* crypto/asn1/asn1_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
+ int max);
+static void asn1_put_length(unsigned char **pp, int length);
+const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
+
+static int _asn1_check_infinite_end(const unsigned char **p, long len)
+{
+ /*
+ * If there is 0 or 1 byte left, the length check should pick things up
+ */
+ if (len <= 0)
+ return (1);
+ else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) {
+ (*p) += 2;
+ return (1);
+ }
+ return (0);
+}
+
+int ASN1_check_infinite_end(unsigned char **p, long len)
+{
+ return _asn1_check_infinite_end((const unsigned char **)p, len);
+}
+
+int ASN1_const_check_infinite_end(const unsigned char **p, long len)
+{
+ return _asn1_check_infinite_end(p, len);
+}
+
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+ int *pclass, long omax)
+{
+ int i, ret;
+ long l;
+ const unsigned char *p = *pp;
+ int tag, xclass, inf;
+ long max = omax;
+
+ if (!max)
+ goto err;
+ ret = (*p & V_ASN1_CONSTRUCTED);
+ xclass = (*p & V_ASN1_PRIVATE);
+ i = *p & V_ASN1_PRIMITIVE_TAG;
+ if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */
+ p++;
+ if (--max == 0)
+ goto err;
+ l = 0;
+ while (*p & 0x80) {
+ l <<= 7L;
+ l |= *(p++) & 0x7f;
+ if (--max == 0)
+ goto err;
+ if (l > (INT_MAX >> 7L))
+ goto err;
+ }
+ l <<= 7L;
+ l |= *(p++) & 0x7f;
+ tag = (int)l;
+ if (--max == 0)
+ goto err;
+ } else {
+ tag = i;
+ p++;
+ if (--max == 0)
+ goto err;
+ }
+ *ptag = tag;
+ *pclass = xclass;
+ if (!asn1_get_length(&p, &inf, plength, (int)max))
+ goto err;
+
+ if (inf && !(ret & V_ASN1_CONSTRUCTED))
+ goto err;
+
+#if 0
+ fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n",
+ (int)p, *plength, omax, (int)*pp, (int)(p + *plength),
+ (int)(omax + *pp));
+
+#endif
+ if (*plength > (omax - (p - *pp))) {
+ ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG);
+ /*
+ * Set this so that even if things are not long enough the values are
+ * set correctly
+ */
+ ret |= 0x80;
+ }
+ *pp = p;
+ return (ret | inf);
+ err:
+ ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG);
+ return (0x80);
+}
+
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
+ int max)
+{
+ const unsigned char *p = *pp;
+ unsigned long ret = 0;
+ unsigned int i;
+
+ if (max-- < 1)
+ return (0);
+ if (*p == 0x80) {
+ *inf = 1;
+ ret = 0;
+ p++;
+ } else {
+ *inf = 0;
+ i = *p & 0x7f;
+ if (*(p++) & 0x80) {
+ if (i > sizeof(long))
+ return 0;
+ if (max-- == 0)
+ return (0);
+ while (i-- > 0) {
+ ret <<= 8L;
+ ret |= *(p++);
+ if (max-- == 0)
+ return (0);
+ }
+ } else
+ ret = i;
+ }
+ if (ret > LONG_MAX)
+ return 0;
+ *pp = p;
+ *rl = (long)ret;
+ return (1);
+}
+
+/*
+ * class 0 is constructed constructed == 2 for indefinite length constructed
+ */
+void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
+ int xclass)
+{
+ unsigned char *p = *pp;
+ int i, ttag;
+
+ i = (constructed) ? V_ASN1_CONSTRUCTED : 0;
+ i |= (xclass & V_ASN1_PRIVATE);
+ if (tag < 31)
+ *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG);
+ else {
+ *(p++) = i | V_ASN1_PRIMITIVE_TAG;
+ for (i = 0, ttag = tag; ttag > 0; i++)
+ ttag >>= 7;
+ ttag = i;
+ while (i-- > 0) {
+ p[i] = tag & 0x7f;
+ if (i != (ttag - 1))
+ p[i] |= 0x80;
+ tag >>= 7;
+ }
+ p += ttag;
+ }
+ if (constructed == 2)
+ *(p++) = 0x80;
+ else
+ asn1_put_length(&p, length);
+ *pp = p;
+}
+
+int ASN1_put_eoc(unsigned char **pp)
+{
+ unsigned char *p = *pp;
+ *p++ = 0;
+ *p++ = 0;
+ *pp = p;
+ return 2;
+}
+
+static void asn1_put_length(unsigned char **pp, int length)
+{
+ unsigned char *p = *pp;
+ int i, l;
+ if (length <= 127)
+ *(p++) = (unsigned char)length;
+ else {
+ l = length;
+ for (i = 0; l > 0; i++)
+ l >>= 8;
+ *(p++) = i | 0x80;
+ l = i;
+ while (i-- > 0) {
+ p[i] = length & 0xff;
+ length >>= 8;
+ }
+ p += l;
+ }
+ *pp = p;
+}
+
+int ASN1_object_size(int constructed, int length, int tag)
+{
+ int ret;
+
+ ret = length;
+ ret++;
+ if (tag >= 31) {
+ while (tag > 0) {
+ tag >>= 7;
+ ret++;
+ }
+ }
+ if (constructed == 2)
+ return ret + 3;
+ ret++;
+ if (length > 127) {
+ while (length > 0) {
+ length >>= 8;
+ ret++;
+ }
+ }
+ return (ret);
+}
+
+static int _asn1_Finish(ASN1_const_CTX *c)
+{
+ if ((c->inf == (1 | V_ASN1_CONSTRUCTED)) && (!c->eos)) {
+ if (!ASN1_const_check_infinite_end(&c->p, c->slen)) {
+ c->error = ERR_R_MISSING_ASN1_EOS;
+ return (0);
+ }
+ }
+ if (((c->slen != 0) && !(c->inf & 1)) || ((c->slen < 0) && (c->inf & 1))) {
+ c->error = ERR_R_ASN1_LENGTH_MISMATCH;
+ return (0);
+ }
+ return (1);
+}
+
+int asn1_Finish(ASN1_CTX *c)
+{
+ return _asn1_Finish((ASN1_const_CTX *)c);
+}
+
+int asn1_const_Finish(ASN1_const_CTX *c)
+{
+ return _asn1_Finish(c);
+}
+
+int asn1_GetSequence(ASN1_const_CTX *c, long *length)
+{
+ const unsigned char *q;
+
+ q = c->p;
+ c->inf = ASN1_get_object(&(c->p), &(c->slen), &(c->tag), &(c->xclass),
+ *length);
+ if (c->inf & 0x80) {
+ c->error = ERR_R_BAD_GET_ASN1_OBJECT_CALL;
+ return (0);
+ }
+ if (c->tag != V_ASN1_SEQUENCE) {
+ c->error = ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
+ return (0);
+ }
+ (*length) -= (c->p - q);
+ if (c->max && (*length < 0)) {
+ c->error = ERR_R_ASN1_LENGTH_MISMATCH;
+ return (0);
+ }
+ if (c->inf == (1 | V_ASN1_CONSTRUCTED))
+ c->slen = *length + *(c->pp) - c->p;
+ c->eos = 0;
+ return (1);
+}
+
+ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
+{
+ ASN1_STRING *ret;
+
+ if (str == NULL)
+ return (NULL);
+ if ((ret = ASN1_STRING_type_new(str->type)) == NULL)
+ return (NULL);
+ if (!ASN1_STRING_set(ret, str->data, str->length)) {
+ ASN1_STRING_free(ret);
+ return (NULL);
+ }
+ ret->flags = str->flags;
+ return (ret);
+}
+
+int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
+{
+ unsigned char *c;
+ const char *data = _data;
+
+ if (len < 0) {
+ if (data == NULL)
+ return (0);
+ else
+ len = strlen(data);
+ }
+ if ((str->length < len) || (str->data == NULL)) {
+ c = str->data;
+ if (c == NULL)
+ str->data = OPENSSL_malloc(len + 1);
+ else
+ str->data = OPENSSL_realloc(c, len + 1);
+
+ if (str->data == NULL) {
+ ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
+ str->data = c;
+ return (0);
+ }
+ }
+ str->length = len;
+ if (data != NULL) {
+ memcpy(str->data, data, len);
+ /* an allowance for strings :-) */
+ str->data[len] = '\0';
+ }
+ return (1);
+}
+
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
+{
+ if (str->data)
+ OPENSSL_free(str->data);
+ str->data = data;
+ str->length = len;
+}
+
+ASN1_STRING *ASN1_STRING_new(void)
+{
+ return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+}
+
+ASN1_STRING *ASN1_STRING_type_new(int type)
+{
+ ASN1_STRING *ret;
+
+ ret = (ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
+ if (ret == NULL) {
+ ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ ret->length = 0;
+ ret->type = type;
+ ret->data = NULL;
+ ret->flags = 0;
+ return (ret);
+}
+
+void ASN1_STRING_free(ASN1_STRING *a)
+{
+ if (a == NULL)
+ return;
+ if (a->data != NULL)
+ OPENSSL_free(a->data);
+ OPENSSL_free(a);
+}
+
+int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
+{
+ int i;
+
+ i = (a->length - b->length);
+ if (i == 0) {
+ i = memcmp(a->data, b->data, a->length);
+ if (i == 0)
+ return (a->type - b->type);
+ else
+ return (i);
+ } else
+ return (i);
+}
+
+void asn1_add_error(const unsigned char *address, int offset)
+{
+ char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1];
+
+ BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address);
+ BIO_snprintf(buf2, sizeof buf2, "%d", offset);
+ ERR_add_error_data(4, "address=", buf1, " offset=", buf2);
+}
+
+int ASN1_STRING_length(ASN1_STRING *x)
+{
+ return M_ASN1_STRING_length(x);
+}
+
+void ASN1_STRING_length_set(ASN1_STRING *x, int len)
+{
+ M_ASN1_STRING_length_set(x, len);
+ return;
+}
+
+int ASN1_STRING_type(ASN1_STRING *x)
+{
+ return M_ASN1_STRING_type(x);
+}
+
+unsigned char *ASN1_STRING_data(ASN1_STRING *x)
+{
+ return M_ASN1_STRING_data(x);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_mac.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_mac.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_mac.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,571 +0,0 @@
-/* crypto/asn1/asn1_mac.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ASN1_MAC_H
-#define HEADER_ASN1_MAC_H
-
-#include <openssl/asn1.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef ASN1_MAC_ERR_LIB
-#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1
-#endif
-
-#define ASN1_MAC_H_err(f,r,line) \
- ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
-
-#define M_ASN1_D2I_vars(a,type,func) \
- ASN1_const_CTX c; \
- type ret=NULL; \
- \
- c.pp=(const unsigned char **)pp; \
- c.q= *(const unsigned char **)pp; \
- c.error=ERR_R_NESTED_ASN1_ERROR; \
- if ((a == NULL) || ((*a) == NULL)) \
- { if ((ret=(type)func()) == NULL) \
- { c.line=__LINE__; goto err; } } \
- else ret=(*a);
-
-#define M_ASN1_D2I_Init() \
- c.p= *(const unsigned char **)pp; \
- c.max=(length == 0)?0:(c.p+length);
-
-#define M_ASN1_D2I_Finish_2(a) \
- if (!asn1_const_Finish(&c)) \
- { c.line=__LINE__; goto err; } \
- *(const unsigned char **)pp=c.p; \
- if (a != NULL) (*a)=ret; \
- return(ret);
-
-#define M_ASN1_D2I_Finish(a,func,e) \
- M_ASN1_D2I_Finish_2(a); \
-err:\
- ASN1_MAC_H_err((e),c.error,c.line); \
- asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \
- if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
- return(NULL)
-
-#define M_ASN1_D2I_start_sequence() \
- if (!asn1_GetSequence(&c,&length)) \
- { c.line=__LINE__; goto err; }
-/* Begin reading ASN1 without a surrounding sequence */
-#define M_ASN1_D2I_begin() \
- c.slen = length;
-
-/* End reading ASN1 with no check on length */
-#define M_ASN1_D2I_Finish_nolen(a, func, e) \
- *pp=c.p; \
- if (a != NULL) (*a)=ret; \
- return(ret); \
-err:\
- ASN1_MAC_H_err((e),c.error,c.line); \
- asn1_add_error(*pp,(int)(c.q- *pp)); \
- if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
- return(NULL)
-
-#define M_ASN1_D2I_end_sequence() \
- (((c.inf&1) == 0)?(c.slen <= 0): \
- (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get(b, func) \
- c.q=c.p; \
- if (func(&(b),&c.p,c.slen) == NULL) \
- {c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get_x(type,b,func) \
- c.q=c.p; \
- if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
- {c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-/* use this instead () */
-#define M_ASN1_D2I_get_int(b,func) \
- c.q=c.p; \
- if (func(&(b),&c.p,c.slen) < 0) \
- {c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_opt(b,func,type) \
- if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
- == (V_ASN1_UNIVERSAL|(type)))) \
- { \
- M_ASN1_D2I_get(b,func); \
- }
-
-#define M_ASN1_D2I_get_imp(b,func, type) \
- M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
- c.q=c.p; \
- if (func(&(b),&c.p,c.slen) == NULL) \
- {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
- c.slen-=(c.p-c.q);\
- M_ASN1_next_prev=_tmp;
-
-#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
- if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
- (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
- { \
- unsigned char _tmp = M_ASN1_next; \
- M_ASN1_D2I_get_imp(b,func, type);\
- }
-
-#define M_ASN1_D2I_get_set(r,func,free_func) \
- M_ASN1_D2I_get_imp_set(r,func,free_func, \
- V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
- V_ASN1_SET,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_set_opt(r,func,free_func) \
- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
- V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
- { M_ASN1_D2I_get_set(r,func,free_func); }
-
-#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
- V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
- { M_ASN1_D2I_get_set_type(type,r,func,free_func); }
-
-#define M_ASN1_I2D_len_SET_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_len_SET(a,f);
-
-#define M_ASN1_I2D_put_SET_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_put_SET(a,f);
-
-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_put_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
-
-#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
- if ((c.slen != 0) && \
- (M_ASN1_next == \
- (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
- { \
- M_ASN1_D2I_get_imp_set(b,func,free_func,\
- tag,V_ASN1_CONTEXT_SPECIFIC); \
- }
-
-#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
- if ((c.slen != 0) && \
- (M_ASN1_next == \
- (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
- { \
- M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
- tag,V_ASN1_CONTEXT_SPECIFIC); \
- }
-
-#define M_ASN1_D2I_get_seq(r,func,free_func) \
- M_ASN1_D2I_get_imp_set(r,func,free_func,\
- V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
- V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
- V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
- { M_ASN1_D2I_get_seq(r,func,free_func); }
-
-#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
- if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
- V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
- { M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
-
-#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
- M_ASN1_D2I_get_imp_set(r,func,free_func,\
- x,V_ASN1_CONTEXT_SPECIFIC);
-
-#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
- M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
- x,V_ASN1_CONTEXT_SPECIFIC);
-
-#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
- c.q=c.p; \
- if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
- (void (*)())free_func,a,b) == NULL) \
- { c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
- c.q=c.p; \
- if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
- free_func,a,b) == NULL) \
- { c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_set_strings(r,func,a,b) \
- c.q=c.p; \
- if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
- { c.line=__LINE__; goto err; } \
- c.slen-=(c.p-c.q);
-
-#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
- if ((c.slen != 0L) && (M_ASN1_next == \
- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
- { \
- int Tinf,Ttag,Tclass; \
- long Tlen; \
- \
- c.q=c.p; \
- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
- if (Tinf & 0x80) \
- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
- c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
- Tlen = c.slen - (c.p - c.q) - 2; \
- if (func(&(r),&c.p,Tlen) == NULL) \
- { c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
- Tlen = c.slen - (c.p - c.q); \
- if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
- { c.error=ERR_R_MISSING_ASN1_EOS; \
- c.line=__LINE__; goto err; } \
- }\
- c.slen-=(c.p-c.q); \
- }
-
-#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \
- if ((c.slen != 0) && (M_ASN1_next == \
- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
- { \
- int Tinf,Ttag,Tclass; \
- long Tlen; \
- \
- c.q=c.p; \
- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
- if (Tinf & 0x80) \
- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
- c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
- Tlen = c.slen - (c.p - c.q) - 2; \
- if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
- (void (*)())free_func, \
- b,V_ASN1_UNIVERSAL) == NULL) \
- { c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
- Tlen = c.slen - (c.p - c.q); \
- if(!ASN1_check_infinite_end(&c.p, Tlen)) \
- { c.error=ERR_R_MISSING_ASN1_EOS; \
- c.line=__LINE__; goto err; } \
- }\
- c.slen-=(c.p-c.q); \
- }
-
-#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
- if ((c.slen != 0) && (M_ASN1_next == \
- (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
- { \
- int Tinf,Ttag,Tclass; \
- long Tlen; \
- \
- c.q=c.p; \
- Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
- if (Tinf & 0x80) \
- { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
- c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
- Tlen = c.slen - (c.p - c.q) - 2; \
- if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
- free_func,b,V_ASN1_UNIVERSAL) == NULL) \
- { c.line=__LINE__; goto err; } \
- if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
- Tlen = c.slen - (c.p - c.q); \
- if(!ASN1_check_infinite_end(&c.p, Tlen)) \
- { c.error=ERR_R_MISSING_ASN1_EOS; \
- c.line=__LINE__; goto err; } \
- }\
- c.slen-=(c.p-c.q); \
- }
-
-/* New macros */
-#define M_ASN1_New_Malloc(ret,type) \
- if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
- { c.line=__LINE__; goto err2; }
-
-#define M_ASN1_New(arg,func) \
- if (((arg)=func()) == NULL) return(NULL)
-
-#define M_ASN1_New_Error(a) \
-/* err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
- return(NULL);*/ \
- err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
- return(NULL)
-
-
-/* BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately,
- some macros that use ASN1_const_CTX still insist on writing in the input
- stream. ARGH! ARGH! ARGH! Let's get rid of this macro package.
- Please? -- Richard Levitte */
-#define M_ASN1_next (*((unsigned char *)(c.p)))
-#define M_ASN1_next_prev (*((unsigned char *)(c.q)))
-
-/*************************************************/
-
-#define M_ASN1_I2D_vars(a) int r=0,ret=0; \
- unsigned char *p; \
- if (a == NULL) return(0)
-
-/* Length Macros */
-#define M_ASN1_I2D_len(a,f) ret+=f(a,NULL)
-#define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f)
-
-#define M_ASN1_I2D_len_SET(a,f) \
- ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
-
-#define M_ASN1_I2D_len_SET_type(type,a,f) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
- V_ASN1_UNIVERSAL,IS_SET);
-
-#define M_ASN1_I2D_len_SEQUENCE(a,f) \
- ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
- IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
- V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_len_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
-
-#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
- V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
- IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
- V_ASN1_CONTEXT_SPECIFIC,IS_SET);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
- IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
- IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
- V_ASN1_CONTEXT_SPECIFIC, \
- IS_SEQUENCE);
-
-#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
- if (a != NULL)\
- { \
- v=f(a,NULL); \
- ret+=ASN1_object_size(1,v,mtag); \
- }
-
-#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_num(a) != 0))\
- { \
- v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
- ret+=ASN1_object_size(1,v,mtag); \
- }
-
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_num(a) != 0))\
- { \
- v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
- IS_SEQUENCE); \
- ret+=ASN1_object_size(1,v,mtag); \
- }
-
-#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_##type##_num(a) != 0))\
- { \
- v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
- V_ASN1_UNIVERSAL, \
- IS_SEQUENCE); \
- ret+=ASN1_object_size(1,v,mtag); \
- }
-
-/* Put Macros */
-#define M_ASN1_I2D_put(a,f) f(a,&p)
-
-#define M_ASN1_I2D_put_IMP_opt(a,f,t) \
- if (a != NULL) \
- { \
- unsigned char *q=p; \
- f(a,&p); \
- *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
- }
-
-#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
- V_ASN1_UNIVERSAL,IS_SET)
-#define M_ASN1_I2D_put_SET_type(type,a,f) \
- i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
-#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
- V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
- i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
-#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
- V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
- V_ASN1_UNIVERSAL,IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
- i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
- IS_SEQUENCE)
-
-#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- M_ASN1_I2D_put_SEQUENCE(a,f);
-
-#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
- IS_SET); }
-
-#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
- V_ASN1_CONTEXT_SPECIFIC, \
- IS_SET); }
-
-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
- IS_SEQUENCE); }
-
-#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
- V_ASN1_CONTEXT_SPECIFIC, \
- IS_SEQUENCE); }
-
-#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
- if (a != NULL) \
- { \
- ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
- f(a,&p); \
- }
-
-#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- { \
- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
- i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
- }
-
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_num(a) != 0)) \
- { \
- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
- i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
- }
-
-#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
- if ((a != NULL) && (sk_##type##_num(a) != 0)) \
- { \
- ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
- i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
- IS_SEQUENCE); \
- }
-
-#define M_ASN1_I2D_seq_total() \
- r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
- if (pp == NULL) return(r); \
- p= *pp; \
- ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
-
-#define M_ASN1_I2D_INF_seq_start(tag,ctx) \
- *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
- *(p++)=0x80
-
-#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
-
-#define M_ASN1_I2D_finish() *pp=p; \
- return(r);
-
-int asn1_GetSequence(ASN1_const_CTX *c, long *length);
-void asn1_add_error(const unsigned char *address,int offset);
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_mac.h (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/asn1_mac.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_mac.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_mac.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,572 @@
+/* crypto/asn1/asn1_mac.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ASN1_MAC_H
+# define HEADER_ASN1_MAC_H
+
+# include <openssl/asn1.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifndef ASN1_MAC_ERR_LIB
+# define ASN1_MAC_ERR_LIB ERR_LIB_ASN1
+# endif
+
+# define ASN1_MAC_H_err(f,r,line) \
+ ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
+
+# define M_ASN1_D2I_vars(a,type,func) \
+ ASN1_const_CTX c; \
+ type ret=NULL; \
+ \
+ c.pp=(const unsigned char **)pp; \
+ c.q= *(const unsigned char **)pp; \
+ c.error=ERR_R_NESTED_ASN1_ERROR; \
+ if ((a == NULL) || ((*a) == NULL)) \
+ { if ((ret=(type)func()) == NULL) \
+ { c.line=__LINE__; goto err; } } \
+ else ret=(*a);
+
+# define M_ASN1_D2I_Init() \
+ c.p= *(const unsigned char **)pp; \
+ c.max=(length == 0)?0:(c.p+length);
+
+# define M_ASN1_D2I_Finish_2(a) \
+ if (!asn1_const_Finish(&c)) \
+ { c.line=__LINE__; goto err; } \
+ *(const unsigned char **)pp=c.p; \
+ if (a != NULL) (*a)=ret; \
+ return(ret);
+
+# define M_ASN1_D2I_Finish(a,func,e) \
+ M_ASN1_D2I_Finish_2(a); \
+err:\
+ ASN1_MAC_H_err((e),c.error,c.line); \
+ asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \
+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
+ return(NULL)
+
+# define M_ASN1_D2I_start_sequence() \
+ if (!asn1_GetSequence(&c,&length)) \
+ { c.line=__LINE__; goto err; }
+/* Begin reading ASN1 without a surrounding sequence */
+# define M_ASN1_D2I_begin() \
+ c.slen = length;
+
+/* End reading ASN1 with no check on length */
+# define M_ASN1_D2I_Finish_nolen(a, func, e) \
+ *pp=c.p; \
+ if (a != NULL) (*a)=ret; \
+ return(ret); \
+err:\
+ ASN1_MAC_H_err((e),c.error,c.line); \
+ asn1_add_error(*pp,(int)(c.q- *pp)); \
+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
+ return(NULL)
+
+# define M_ASN1_D2I_end_sequence() \
+ (((c.inf&1) == 0)?(c.slen <= 0): \
+ (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))
+
+/* Don't use this with d2i_ASN1_BOOLEAN() */
+# define M_ASN1_D2I_get(b, func) \
+ c.q=c.p; \
+ if (func(&(b),&c.p,c.slen) == NULL) \
+ {c.line=__LINE__; goto err; } \
+ c.slen-=(c.p-c.q);
+
+/* Don't use this with d2i_ASN1_BOOLEAN() */
+# define M_ASN1_D2I_get_x(type,b,func) \
+ c.q=c.p; \
+ if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
+ {c.line=__LINE__; goto err; } \
+ c.slen-=(c.p-c.q);
+
+/* use this instead () */
+# define M_ASN1_D2I_get_int(b,func) \
+ c.q=c.p; \
+ if (func(&(b),&c.p,c.slen) < 0) \
+ {c.line=__LINE__; goto err; } \
+ c.slen-=(c.p-c.q);
+
+# define M_ASN1_D2I_get_opt(b,func,type) \
+ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \
+ == (V_ASN1_UNIVERSAL|(type)))) \
+ { \
+ M_ASN1_D2I_get(b,func); \
+ }
+
+# define M_ASN1_D2I_get_imp(b,func, type) \
+ M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
+ c.q=c.p; \
+ if (func(&(b),&c.p,c.slen) == NULL) \
+ {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
+ c.slen-=(c.p-c.q);\
+ M_ASN1_next_prev=_tmp;
+
+# define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
+ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
+ (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
+ { \
+ unsigned char _tmp = M_ASN1_next; \
+ M_ASN1_D2I_get_imp(b,func, type);\
+ }
+
+# define M_ASN1_D2I_get_set(r,func,free_func) \
+ M_ASN1_D2I_get_imp_set(r,func,free_func, \
+ V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+# define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
+ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
+ V_ASN1_SET,V_ASN1_UNIVERSAL);
+
+# define M_ASN1_D2I_get_set_opt(r,func,free_func) \
+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+ { M_ASN1_D2I_get_set(r,func,free_func); }
+
+# define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+ { M_ASN1_D2I_get_set_type(type,r,func,free_func); }
+
+# define M_ASN1_I2D_len_SET_opt(a,f) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ M_ASN1_I2D_len_SET(a,f);
+
+# define M_ASN1_I2D_put_SET_opt(a,f) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ M_ASN1_I2D_put_SET(a,f);
+
+# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ M_ASN1_I2D_put_SEQUENCE(a,f);
+
+# define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
+# define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
+ if ((c.slen != 0) && \
+ (M_ASN1_next == \
+ (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+ { \
+ M_ASN1_D2I_get_imp_set(b,func,free_func,\
+ tag,V_ASN1_CONTEXT_SPECIFIC); \
+ }
+
+# define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
+ if ((c.slen != 0) && \
+ (M_ASN1_next == \
+ (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+ { \
+ M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
+ tag,V_ASN1_CONTEXT_SPECIFIC); \
+ }
+
+# define M_ASN1_D2I_get_seq(r,func,free_func) \
+ M_ASN1_D2I_get_imp_set(r,func,free_func,\
+ V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+
+# define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
+ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+ V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+
+# define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+ V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+ { M_ASN1_D2I_get_seq(r,func,free_func); }
+
+# define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
+ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+ V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+ { M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
+
+# define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
+ M_ASN1_D2I_get_imp_set(r,func,free_func,\
+ x,V_ASN1_CONTEXT_SPECIFIC);
+
+# define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
+ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+ x,V_ASN1_CONTEXT_SPECIFIC);
+
+# define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
+ c.q=c.p; \
+ if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
+ (void (*)())free_func,a,b) == NULL) \
+ { c.line=__LINE__; goto err; } \
+ c.slen-=(c.p-c.q);
+
+# define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
+ c.q=c.p; \
+ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
+ free_func,a,b) == NULL) \
+ { c.line=__LINE__; goto err; } \
+ c.slen-=(c.p-c.q);
+
+# define M_ASN1_D2I_get_set_strings(r,func,a,b) \
+ c.q=c.p; \
+ if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
+ { c.line=__LINE__; goto err; } \
+ c.slen-=(c.p-c.q);
+
+# define M_ASN1_D2I_get_EXP_opt(r,func,tag) \
+ if ((c.slen != 0L) && (M_ASN1_next == \
+ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+ { \
+ int Tinf,Ttag,Tclass; \
+ long Tlen; \
+ \
+ c.q=c.p; \
+ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+ if (Tinf & 0x80) \
+ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+ c.line=__LINE__; goto err; } \
+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+ Tlen = c.slen - (c.p - c.q) - 2; \
+ if (func(&(r),&c.p,Tlen) == NULL) \
+ { c.line=__LINE__; goto err; } \
+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+ Tlen = c.slen - (c.p - c.q); \
+ if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
+ { c.error=ERR_R_MISSING_ASN1_EOS; \
+ c.line=__LINE__; goto err; } \
+ }\
+ c.slen-=(c.p-c.q); \
+ }
+
+# define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \
+ if ((c.slen != 0) && (M_ASN1_next == \
+ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+ { \
+ int Tinf,Ttag,Tclass; \
+ long Tlen; \
+ \
+ c.q=c.p; \
+ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+ if (Tinf & 0x80) \
+ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+ c.line=__LINE__; goto err; } \
+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+ Tlen = c.slen - (c.p - c.q) - 2; \
+ if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
+ (void (*)())free_func, \
+ b,V_ASN1_UNIVERSAL) == NULL) \
+ { c.line=__LINE__; goto err; } \
+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+ Tlen = c.slen - (c.p - c.q); \
+ if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+ { c.error=ERR_R_MISSING_ASN1_EOS; \
+ c.line=__LINE__; goto err; } \
+ }\
+ c.slen-=(c.p-c.q); \
+ }
+
+# define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
+ if ((c.slen != 0) && (M_ASN1_next == \
+ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+ { \
+ int Tinf,Ttag,Tclass; \
+ long Tlen; \
+ \
+ c.q=c.p; \
+ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+ if (Tinf & 0x80) \
+ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+ c.line=__LINE__; goto err; } \
+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+ Tlen = c.slen - (c.p - c.q) - 2; \
+ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
+ free_func,b,V_ASN1_UNIVERSAL) == NULL) \
+ { c.line=__LINE__; goto err; } \
+ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+ Tlen = c.slen - (c.p - c.q); \
+ if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+ { c.error=ERR_R_MISSING_ASN1_EOS; \
+ c.line=__LINE__; goto err; } \
+ }\
+ c.slen-=(c.p-c.q); \
+ }
+
+/* New macros */
+# define M_ASN1_New_Malloc(ret,type) \
+ if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
+ { c.line=__LINE__; goto err2; }
+
+# define M_ASN1_New(arg,func) \
+ if (((arg)=func()) == NULL) return(NULL)
+
+# define M_ASN1_New_Error(a) \
+/*- err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \
+ return(NULL);*/ \
+ err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \
+ return(NULL)
+
+/*
+ * BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, some
+ * macros that use ASN1_const_CTX still insist on writing in the input
+ * stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. Please? --
+ * Richard Levitte
+ */
+# define M_ASN1_next (*((unsigned char *)(c.p)))
+# define M_ASN1_next_prev (*((unsigned char *)(c.q)))
+
+/*************************************************/
+
+# define M_ASN1_I2D_vars(a) int r=0,ret=0; \
+ unsigned char *p; \
+ if (a == NULL) return(0)
+
+/* Length Macros */
+# define M_ASN1_I2D_len(a,f) ret+=f(a,NULL)
+# define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f)
+
+# define M_ASN1_I2D_len_SET(a,f) \
+ ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
+
+# define M_ASN1_I2D_len_SET_type(type,a,f) \
+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
+ V_ASN1_UNIVERSAL,IS_SET);
+
+# define M_ASN1_I2D_len_SEQUENCE(a,f) \
+ ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+ IS_SEQUENCE);
+
+# define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
+ V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+# define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ M_ASN1_I2D_len_SEQUENCE(a,f);
+
+# define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
+
+# define M_ASN1_I2D_len_IMP_SET(a,f,x) \
+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+# define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+ V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+# define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SET);
+
+# define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+ V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+# define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SEQUENCE);
+
+# define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SEQUENCE);
+
+# define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+ V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SEQUENCE);
+
+# define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
+ if (a != NULL)\
+ { \
+ v=f(a,NULL); \
+ ret+=ASN1_object_size(1,v,mtag); \
+ }
+
+# define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
+ if ((a != NULL) && (sk_num(a) != 0))\
+ { \
+ v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+ ret+=ASN1_object_size(1,v,mtag); \
+ }
+
+# define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
+ if ((a != NULL) && (sk_num(a) != 0))\
+ { \
+ v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
+ IS_SEQUENCE); \
+ ret+=ASN1_object_size(1,v,mtag); \
+ }
+
+# define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0))\
+ { \
+ v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+ V_ASN1_UNIVERSAL, \
+ IS_SEQUENCE); \
+ ret+=ASN1_object_size(1,v,mtag); \
+ }
+
+/* Put Macros */
+# define M_ASN1_I2D_put(a,f) f(a,&p)
+
+# define M_ASN1_I2D_put_IMP_opt(a,f,t) \
+ if (a != NULL) \
+ { \
+ unsigned char *q=p; \
+ f(a,&p); \
+ *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\
+ }
+
+# define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
+ V_ASN1_UNIVERSAL,IS_SET)
+# define M_ASN1_I2D_put_SET_type(type,a,f) \
+ i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
+# define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+ V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+# define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
+ i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+# define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+ V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
+
+# define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
+ V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+# define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
+ i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+ IS_SEQUENCE)
+
+# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ M_ASN1_I2D_put_SEQUENCE(a,f);
+
+# define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SET); }
+
+# define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+ V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SET); }
+
+# define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SEQUENCE); }
+
+# define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ { i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+ V_ASN1_CONTEXT_SPECIFIC, \
+ IS_SEQUENCE); }
+
+# define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
+ if (a != NULL) \
+ { \
+ ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \
+ f(a,&p); \
+ }
+
+# define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ { \
+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+ i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+ }
+
+# define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
+ if ((a != NULL) && (sk_num(a) != 0)) \
+ { \
+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+ i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
+ }
+
+# define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+ if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+ { \
+ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+ i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+ IS_SEQUENCE); \
+ }
+
+# define M_ASN1_I2D_seq_total() \
+ r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \
+ if (pp == NULL) return(r); \
+ p= *pp; \
+ ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+
+# define M_ASN1_I2D_INF_seq_start(tag,ctx) \
+ *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \
+ *(p++)=0x80
+
+# define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00
+
+# define M_ASN1_I2D_finish() *pp=p; \
+ return(r);
+
+int asn1_GetSequence(ASN1_const_CTX *c, long *length);
+void asn1_add_error(const unsigned char *address, int offset);
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_par.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_par.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,444 +0,0 @@
-/* crypto/asn1/asn1_par.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/asn1.h>
-
-static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
- int indent);
-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
- int offset, int depth, int indent, int dump);
-static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
- int indent)
- {
- static const char fmt[]="%-18s";
- static const char fmt2[]="%2d %-15s";
- char str[128];
- const char *p,*p2=NULL;
-
- if (constructed & V_ASN1_CONSTRUCTED)
- p="cons: ";
- else
- p="prim: ";
- if (BIO_write(bp,p,6) < 6) goto err;
- BIO_indent(bp,indent,128);
-
- p=str;
- if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
- BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
- else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
- BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
- else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
- BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
- else if (tag > 30)
- BIO_snprintf(str,sizeof str,"<ASN1 %d>",tag);
- else
- p = ASN1_tag2str(tag);
-
- if (p2 != NULL)
- {
- if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
- }
- else
- {
- if (BIO_printf(bp,fmt,p) <= 0) goto err;
- }
- return(1);
-err:
- return(0);
- }
-
-int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
- {
- return(asn1_parse2(bp,&pp,len,0,0,indent,0));
- }
-
-int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump)
- {
- return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
- }
-
-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset,
- int depth, int indent, int dump)
- {
- const unsigned char *p,*ep,*tot,*op,*opp;
- long len;
- int tag,xclass,ret=0;
- int nl,hl,j,r;
- ASN1_OBJECT *o=NULL;
- ASN1_OCTET_STRING *os=NULL;
- /* ASN1_BMPSTRING *bmp=NULL;*/
- int dump_indent;
-
-#if 0
- dump_indent = indent;
-#else
- dump_indent = 6; /* Because we know BIO_dump_indent() */
-#endif
- p= *pp;
- tot=p+length;
- op=p-1;
- while ((p < tot) && (op < p))
- {
- op=p;
- j=ASN1_get_object(&p,&len,&tag,&xclass,length);
-#ifdef LINT
- j=j;
-#endif
- if (j & 0x80)
- {
- if (BIO_write(bp,"Error in encoding\n",18) <= 0)
- goto end;
- ret=0;
- goto end;
- }
- hl=(p-op);
- length-=hl;
- /* if j == 0x21 it is a constructed indefinite length object */
- if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
- <= 0) goto end;
-
- if (j != (V_ASN1_CONSTRUCTED | 1))
- {
- if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
- depth,(long)hl,len) <= 0)
- goto end;
- }
- else
- {
- if (BIO_printf(bp,"d=%-2d hl=%ld l=inf ",
- depth,(long)hl) <= 0)
- goto end;
- }
- if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
- goto end;
- if (j & V_ASN1_CONSTRUCTED)
- {
- ep=p+len;
- if (BIO_write(bp,"\n",1) <= 0) goto end;
- if (len > length)
- {
- BIO_printf(bp,
- "length is greater than %ld\n",length);
- ret=0;
- goto end;
- }
- if ((j == 0x21) && (len == 0))
- {
- for (;;)
- {
- r=asn1_parse2(bp,&p,(long)(tot-p),
- offset+(p - *pp),depth+1,
- indent,dump);
- if (r == 0) { ret=0; goto end; }
- if ((r == 2) || (p >= tot)) break;
- }
- }
- else
- while (p < ep)
- {
- r=asn1_parse2(bp,&p,(long)len,
- offset+(p - *pp),depth+1,
- indent,dump);
- if (r == 0) { ret=0; goto end; }
- }
- }
- else if (xclass != 0)
- {
- p+=len;
- if (BIO_write(bp,"\n",1) <= 0) goto end;
- }
- else
- {
- nl=0;
- if ( (tag == V_ASN1_PRINTABLESTRING) ||
- (tag == V_ASN1_T61STRING) ||
- (tag == V_ASN1_IA5STRING) ||
- (tag == V_ASN1_VISIBLESTRING) ||
- (tag == V_ASN1_NUMERICSTRING) ||
- (tag == V_ASN1_UTF8STRING) ||
- (tag == V_ASN1_UTCTIME) ||
- (tag == V_ASN1_GENERALIZEDTIME))
- {
- if (BIO_write(bp,":",1) <= 0) goto end;
- if ((len > 0) &&
- BIO_write(bp,(const char *)p,(int)len)
- != (int)len)
- goto end;
- }
- else if (tag == V_ASN1_OBJECT)
- {
- opp=op;
- if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
- {
- if (BIO_write(bp,":",1) <= 0) goto end;
- i2a_ASN1_OBJECT(bp,o);
- }
- else
- {
- if (BIO_write(bp,":BAD OBJECT",11) <= 0)
- goto end;
- }
- }
- else if (tag == V_ASN1_BOOLEAN)
- {
- int ii;
-
- opp=op;
- ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
- if (ii < 0)
- {
- if (BIO_write(bp,"Bad boolean\n",12) <= 0)
- goto end;
- }
- BIO_printf(bp,":%d",ii);
- }
- else if (tag == V_ASN1_BMPSTRING)
- {
- /* do the BMP thang */
- }
- else if (tag == V_ASN1_OCTET_STRING)
- {
- int i,printable=1;
-
- opp=op;
- os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
- if (os != NULL && os->length > 0)
- {
- opp = os->data;
- /* testing whether the octet string is
- * printable */
- for (i=0; i<os->length; i++)
- {
- if (( (opp[i] < ' ') &&
- (opp[i] != '\n') &&
- (opp[i] != '\r') &&
- (opp[i] != '\t')) ||
- (opp[i] > '~'))
- {
- printable=0;
- break;
- }
- }
- if (printable)
- /* printable string */
- {
- if (BIO_write(bp,":",1) <= 0)
- goto end;
- if (BIO_write(bp,(const char *)opp,
- os->length) <= 0)
- goto end;
- }
- else if (!dump)
- /* not printable => print octet string
- * as hex dump */
- {
- if (BIO_write(bp,"[HEX DUMP]:",11) <= 0)
- goto end;
- for (i=0; i<os->length; i++)
- {
- if (BIO_printf(bp,"%02X"
- , opp[i]) <= 0)
- goto end;
- }
- }
- else
- /* print the normal dump */
- {
- if (!nl)
- {
- if (BIO_write(bp,"\n",1) <= 0)
- goto end;
- }
- if (BIO_dump_indent(bp,
- (const char *)opp,
- ((dump == -1 || dump >
- os->length)?os->length:dump),
- dump_indent) <= 0)
- goto end;
- nl=1;
- }
- }
- if (os != NULL)
- {
- M_ASN1_OCTET_STRING_free(os);
- os=NULL;
- }
- }
- else if (tag == V_ASN1_INTEGER)
- {
- ASN1_INTEGER *bs;
- int i;
-
- opp=op;
- bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
- if (bs != NULL)
- {
- if (BIO_write(bp,":",1) <= 0) goto end;
- if (bs->type == V_ASN1_NEG_INTEGER)
- if (BIO_write(bp,"-",1) <= 0)
- goto end;
- for (i=0; i<bs->length; i++)
- {
- if (BIO_printf(bp,"%02X",
- bs->data[i]) <= 0)
- goto end;
- }
- if (bs->length == 0)
- {
- if (BIO_write(bp,"00",2) <= 0)
- goto end;
- }
- }
- else
- {
- if (BIO_write(bp,"BAD INTEGER",11) <= 0)
- goto end;
- }
- M_ASN1_INTEGER_free(bs);
- }
- else if (tag == V_ASN1_ENUMERATED)
- {
- ASN1_ENUMERATED *bs;
- int i;
-
- opp=op;
- bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
- if (bs != NULL)
- {
- if (BIO_write(bp,":",1) <= 0) goto end;
- if (bs->type == V_ASN1_NEG_ENUMERATED)
- if (BIO_write(bp,"-",1) <= 0)
- goto end;
- for (i=0; i<bs->length; i++)
- {
- if (BIO_printf(bp,"%02X",
- bs->data[i]) <= 0)
- goto end;
- }
- if (bs->length == 0)
- {
- if (BIO_write(bp,"00",2) <= 0)
- goto end;
- }
- }
- else
- {
- if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)
- goto end;
- }
- M_ASN1_ENUMERATED_free(bs);
- }
- else if (len > 0 && dump)
- {
- if (!nl)
- {
- if (BIO_write(bp,"\n",1) <= 0)
- goto end;
- }
- if (BIO_dump_indent(bp,(const char *)p,
- ((dump == -1 || dump > len)?len:dump),
- dump_indent) <= 0)
- goto end;
- nl=1;
- }
-
- if (!nl)
- {
- if (BIO_write(bp,"\n",1) <= 0) goto end;
- }
- p+=len;
- if ((tag == V_ASN1_EOC) && (xclass == 0))
- {
- ret=2; /* End of sequence */
- goto end;
- }
- }
- length-=len;
- }
- ret=1;
-end:
- if (o != NULL) ASN1_OBJECT_free(o);
- if (os != NULL) M_ASN1_OCTET_STRING_free(os);
- *pp=p;
- return(ret);
- }
-
-const char *ASN1_tag2str(int tag)
-{
- static const char *tag2str[] = {
- "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
- "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
- "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>", /* 10-13 */
- "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET", /* 15-17 */
- "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", /* 18-20 */
- "VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */
- "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", /* 25-27 */
- "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING" /* 28-30 */
- };
-
- if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
- tag &= ~0x100;
-
- if(tag < 0 || tag > 30) return "(unknown)";
- return tag2str[tag];
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_par.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/asn1_par.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_par.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1_par.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,411 @@
+/* crypto/asn1/asn1_par.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+ int indent);
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+ int offset, int depth, int indent, int dump);
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+ int indent)
+{
+ static const char fmt[] = "%-18s";
+ static const char fmt2[] = "%2d %-15s";
+ char str[128];
+ const char *p, *p2 = NULL;
+
+ if (constructed & V_ASN1_CONSTRUCTED)
+ p = "cons: ";
+ else
+ p = "prim: ";
+ if (BIO_write(bp, p, 6) < 6)
+ goto err;
+ BIO_indent(bp, indent, 128);
+
+ p = str;
+ if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
+ BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag);
+ else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
+ BIO_snprintf(str, sizeof str, "cont [ %d ]", tag);
+ else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
+ BIO_snprintf(str, sizeof str, "appl [ %d ]", tag);
+ else if (tag > 30)
+ BIO_snprintf(str, sizeof str, "<ASN1 %d>", tag);
+ else
+ p = ASN1_tag2str(tag);
+
+ if (p2 != NULL) {
+ if (BIO_printf(bp, fmt2, tag, p2) <= 0)
+ goto err;
+ } else {
+ if (BIO_printf(bp, fmt, p) <= 0)
+ goto err;
+ }
+ return (1);
+ err:
+ return (0);
+}
+
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
+{
+ return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0));
+}
+
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+ int dump)
+{
+ return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump));
+}
+
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+ int offset, int depth, int indent, int dump)
+{
+ const unsigned char *p, *ep, *tot, *op, *opp;
+ long len;
+ int tag, xclass, ret = 0;
+ int nl, hl, j, r;
+ ASN1_OBJECT *o = NULL;
+ ASN1_OCTET_STRING *os = NULL;
+ /* ASN1_BMPSTRING *bmp=NULL; */
+ int dump_indent;
+
+#if 0
+ dump_indent = indent;
+#else
+ dump_indent = 6; /* Because we know BIO_dump_indent() */
+#endif
+ p = *pp;
+ tot = p + length;
+ op = p - 1;
+ while ((p < tot) && (op < p)) {
+ op = p;
+ j = ASN1_get_object(&p, &len, &tag, &xclass, length);
+#ifdef LINT
+ j = j;
+#endif
+ if (j & 0x80) {
+ if (BIO_write(bp, "Error in encoding\n", 18) <= 0)
+ goto end;
+ ret = 0;
+ goto end;
+ }
+ hl = (p - op);
+ length -= hl;
+ /*
+ * if j == 0x21 it is a constructed indefinite length object
+ */
+ if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp))
+ <= 0)
+ goto end;
+
+ if (j != (V_ASN1_CONSTRUCTED | 1)) {
+ if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ",
+ depth, (long)hl, len) <= 0)
+ goto end;
+ } else {
+ if (BIO_printf(bp, "d=%-2d hl=%ld l=inf ", depth, (long)hl) <= 0)
+ goto end;
+ }
+ if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
+ goto end;
+ if (j & V_ASN1_CONSTRUCTED) {
+ ep = p + len;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto end;
+ if (len > length) {
+ BIO_printf(bp, "length is greater than %ld\n", length);
+ ret = 0;
+ goto end;
+ }
+ if ((j == 0x21) && (len == 0)) {
+ for (;;) {
+ r = asn1_parse2(bp, &p, (long)(tot - p),
+ offset + (p - *pp), depth + 1,
+ indent, dump);
+ if (r == 0) {
+ ret = 0;
+ goto end;
+ }
+ if ((r == 2) || (p >= tot))
+ break;
+ }
+ } else
+ while (p < ep) {
+ r = asn1_parse2(bp, &p, (long)len,
+ offset + (p - *pp), depth + 1,
+ indent, dump);
+ if (r == 0) {
+ ret = 0;
+ goto end;
+ }
+ }
+ } else if (xclass != 0) {
+ p += len;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto end;
+ } else {
+ nl = 0;
+ if ((tag == V_ASN1_PRINTABLESTRING) ||
+ (tag == V_ASN1_T61STRING) ||
+ (tag == V_ASN1_IA5STRING) ||
+ (tag == V_ASN1_VISIBLESTRING) ||
+ (tag == V_ASN1_NUMERICSTRING) ||
+ (tag == V_ASN1_UTF8STRING) ||
+ (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) {
+ if (BIO_write(bp, ":", 1) <= 0)
+ goto end;
+ if ((len > 0) && BIO_write(bp, (const char *)p, (int)len)
+ != (int)len)
+ goto end;
+ } else if (tag == V_ASN1_OBJECT) {
+ opp = op;
+ if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) {
+ if (BIO_write(bp, ":", 1) <= 0)
+ goto end;
+ i2a_ASN1_OBJECT(bp, o);
+ } else {
+ if (BIO_write(bp, ":BAD OBJECT", 11) <= 0)
+ goto end;
+ }
+ } else if (tag == V_ASN1_BOOLEAN) {
+ int ii;
+
+ opp = op;
+ ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl);
+ if (ii < 0) {
+ if (BIO_write(bp, "Bad boolean\n", 12) <= 0)
+ goto end;
+ }
+ BIO_printf(bp, ":%d", ii);
+ } else if (tag == V_ASN1_BMPSTRING) {
+ /* do the BMP thang */
+ } else if (tag == V_ASN1_OCTET_STRING) {
+ int i, printable = 1;
+
+ opp = op;
+ os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl);
+ if (os != NULL && os->length > 0) {
+ opp = os->data;
+ /*
+ * testing whether the octet string is printable
+ */
+ for (i = 0; i < os->length; i++) {
+ if (((opp[i] < ' ') &&
+ (opp[i] != '\n') &&
+ (opp[i] != '\r') &&
+ (opp[i] != '\t')) || (opp[i] > '~')) {
+ printable = 0;
+ break;
+ }
+ }
+ if (printable)
+ /* printable string */
+ {
+ if (BIO_write(bp, ":", 1) <= 0)
+ goto end;
+ if (BIO_write(bp, (const char *)opp, os->length) <= 0)
+ goto end;
+ } else if (!dump)
+ /*
+ * not printable => print octet string as hex dump
+ */
+ {
+ if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0)
+ goto end;
+ for (i = 0; i < os->length; i++) {
+ if (BIO_printf(bp, "%02X", opp[i]) <= 0)
+ goto end;
+ }
+ } else
+ /* print the normal dump */
+ {
+ if (!nl) {
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto end;
+ }
+ if (BIO_dump_indent(bp,
+ (const char *)opp,
+ ((dump == -1 || dump >
+ os->
+ length) ? os->length : dump),
+ dump_indent) <= 0)
+ goto end;
+ nl = 1;
+ }
+ }
+ if (os != NULL) {
+ M_ASN1_OCTET_STRING_free(os);
+ os = NULL;
+ }
+ } else if (tag == V_ASN1_INTEGER) {
+ ASN1_INTEGER *bs;
+ int i;
+
+ opp = op;
+ bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
+ if (bs != NULL) {
+ if (BIO_write(bp, ":", 1) <= 0)
+ goto end;
+ if (bs->type == V_ASN1_NEG_INTEGER)
+ if (BIO_write(bp, "-", 1) <= 0)
+ goto end;
+ for (i = 0; i < bs->length; i++) {
+ if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
+ goto end;
+ }
+ if (bs->length == 0) {
+ if (BIO_write(bp, "00", 2) <= 0)
+ goto end;
+ }
+ } else {
+ if (BIO_write(bp, "BAD INTEGER", 11) <= 0)
+ goto end;
+ }
+ M_ASN1_INTEGER_free(bs);
+ } else if (tag == V_ASN1_ENUMERATED) {
+ ASN1_ENUMERATED *bs;
+ int i;
+
+ opp = op;
+ bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
+ if (bs != NULL) {
+ if (BIO_write(bp, ":", 1) <= 0)
+ goto end;
+ if (bs->type == V_ASN1_NEG_ENUMERATED)
+ if (BIO_write(bp, "-", 1) <= 0)
+ goto end;
+ for (i = 0; i < bs->length; i++) {
+ if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
+ goto end;
+ }
+ if (bs->length == 0) {
+ if (BIO_write(bp, "00", 2) <= 0)
+ goto end;
+ }
+ } else {
+ if (BIO_write(bp, "BAD ENUMERATED", 11) <= 0)
+ goto end;
+ }
+ M_ASN1_ENUMERATED_free(bs);
+ } else if (len > 0 && dump) {
+ if (!nl) {
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto end;
+ }
+ if (BIO_dump_indent(bp, (const char *)p,
+ ((dump == -1 || dump > len) ? len : dump),
+ dump_indent) <= 0)
+ goto end;
+ nl = 1;
+ }
+
+ if (!nl) {
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto end;
+ }
+ p += len;
+ if ((tag == V_ASN1_EOC) && (xclass == 0)) {
+ ret = 2; /* End of sequence */
+ goto end;
+ }
+ }
+ length -= len;
+ }
+ ret = 1;
+ end:
+ if (o != NULL)
+ ASN1_OBJECT_free(o);
+ if (os != NULL)
+ M_ASN1_OCTET_STRING_free(os);
+ *pp = p;
+ return (ret);
+}
+
+const char *ASN1_tag2str(int tag)
+{
+ static const char *tag2str[] = {
+ /* 0-4 */
+ "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING",
+ /* 5-9 */
+ "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL",
+ /* 10-13 */
+ "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",
+ /* 15-17 */
+ "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET",
+ /* 18-20 */
+ "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",
+ /* 21-24 */
+ "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME",
+ /* 25-27 */
+ "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",
+ /* 28-30 */
+ "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"
+ };
+
+ if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
+ tag &= ~0x100;
+
+ if (tag < 0 || tag > 30)
+ return "(unknown)";
+ return tag2str[tag];
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1t.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn1t.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1t.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,893 +0,0 @@
-/* asn1t.h */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#ifndef HEADER_ASN1T_H
-#define HEADER_ASN1T_H
-
-#include <stddef.h>
-#include <openssl/e_os2.h>
-#include <openssl/asn1.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-/* ASN1 template defines, structures and functions */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
-
-
-/* Macros for start and end of ASN1_ITEM definition */
-
-#define ASN1_ITEM_start(itname) \
- OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
-
-#define ASN1_ITEM_end(itname) \
- };
-
-#else
-
-/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
-#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
-
-
-/* Macros for start and end of ASN1_ITEM definition */
-
-#define ASN1_ITEM_start(itname) \
- const ASN1_ITEM * itname##_it(void) \
- { \
- static const ASN1_ITEM local_it = {
-
-#define ASN1_ITEM_end(itname) \
- }; \
- return &local_it; \
- }
-
-#endif
-
-
-/* Macros to aid ASN1 template writing */
-
-#define ASN1_ITEM_TEMPLATE(tname) \
- static const ASN1_TEMPLATE tname##_item_tt
-
-#define ASN1_ITEM_TEMPLATE_END(tname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_PRIMITIVE,\
- -1,\
- &tname##_item_tt,\
- 0,\
- NULL,\
- 0,\
- #tname \
- ASN1_ITEM_end(tname)
-
-
-/* This is a ASN1 type which just embeds a template */
-
-/* This pair helps declare a SEQUENCE. We can do:
- *
- * ASN1_SEQUENCE(stname) = {
- * ... SEQUENCE components ...
- * } ASN1_SEQUENCE_END(stname)
- *
- * This will produce an ASN1_ITEM called stname_it
- * for a structure called stname.
- *
- * If you want the same structure but a different
- * name then use:
- *
- * ASN1_SEQUENCE(itname) = {
- * ... SEQUENCE components ...
- * } ASN1_SEQUENCE_END_name(stname, itname)
- *
- * This will create an item called itname_it using
- * a structure called stname.
- */
-
-#define ASN1_SEQUENCE(tname) \
- static const ASN1_TEMPLATE tname##_seq_tt[]
-
-#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
-
-#define ASN1_SEQUENCE_END_name(stname, tname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_SEQUENCE,\
- V_ASN1_SEQUENCE,\
- tname##_seq_tt,\
- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
- NULL,\
- sizeof(stname),\
- #stname \
- ASN1_ITEM_end(tname)
-
-#define ASN1_NDEF_SEQUENCE(tname) \
- ASN1_SEQUENCE(tname)
-
-#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
- ASN1_SEQUENCE_cb(tname, cb)
-
-#define ASN1_SEQUENCE_cb(tname, cb) \
- static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
- ASN1_SEQUENCE(tname)
-
-#define ASN1_BROKEN_SEQUENCE(tname) \
- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
- ASN1_SEQUENCE(tname)
-
-#define ASN1_SEQUENCE_ref(tname, cb, lck) \
- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
- ASN1_SEQUENCE(tname)
-
-#define ASN1_SEQUENCE_enc(tname, enc, cb) \
- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
- ASN1_SEQUENCE(tname)
-
-#define ASN1_NDEF_SEQUENCE_END(tname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_NDEF_SEQUENCE,\
- V_ASN1_SEQUENCE,\
- tname##_seq_tt,\
- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
- NULL,\
- sizeof(tname),\
- #tname \
- ASN1_ITEM_end(tname)
-
-#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
-
-#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-
-#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
-
-#define ASN1_SEQUENCE_END_ref(stname, tname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_SEQUENCE,\
- V_ASN1_SEQUENCE,\
- tname##_seq_tt,\
- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
- &tname##_aux,\
- sizeof(stname),\
- #stname \
- ASN1_ITEM_end(tname)
-
-
-/* This pair helps declare a CHOICE type. We can do:
- *
- * ASN1_CHOICE(chname) = {
- * ... CHOICE options ...
- * ASN1_CHOICE_END(chname)
- *
- * This will produce an ASN1_ITEM called chname_it
- * for a structure called chname. The structure
- * definition must look like this:
- * typedef struct {
- * int type;
- * union {
- * ASN1_SOMETHING *opt1;
- * ASN1_SOMEOTHER *opt2;
- * } value;
- * } chname;
- *
- * the name of the selector must be 'type'.
- * to use an alternative selector name use the
- * ASN1_CHOICE_END_selector() version.
- */
-
-#define ASN1_CHOICE(tname) \
- static const ASN1_TEMPLATE tname##_ch_tt[]
-
-#define ASN1_CHOICE_cb(tname, cb) \
- static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
- ASN1_CHOICE(tname)
-
-#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
-
-#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
-
-#define ASN1_CHOICE_END_selector(stname, tname, selname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_CHOICE,\
- offsetof(stname,selname) ,\
- tname##_ch_tt,\
- sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
- NULL,\
- sizeof(stname),\
- #stname \
- ASN1_ITEM_end(tname)
-
-#define ASN1_CHOICE_END_cb(stname, tname, selname) \
- ;\
- ASN1_ITEM_start(tname) \
- ASN1_ITYPE_CHOICE,\
- offsetof(stname,selname) ,\
- tname##_ch_tt,\
- sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
- &tname##_aux,\
- sizeof(stname),\
- #stname \
- ASN1_ITEM_end(tname)
-
-/* This helps with the template wrapper form of ASN1_ITEM */
-
-#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
- (flags), (tag), 0,\
- #name, ASN1_ITEM_ref(type) }
-
-/* These help with SEQUENCE or CHOICE components */
-
-/* used to declare other types */
-
-#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
- (flags), (tag), offsetof(stname, field),\
- #field, ASN1_ITEM_ref(type) }
-
-/* used when the structure is combined with the parent */
-
-#define ASN1_EX_COMBINE(flags, tag, type) { \
- (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
-
-/* implicit and explicit helper macros */
-
-#define ASN1_IMP_EX(stname, field, type, tag, ex) \
- ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
-
-#define ASN1_EXP_EX(stname, field, type, tag, ex) \
- ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
-
-/* Any defined by macros: the field used is in the table itself */
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
-#else
-#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
-#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
-#endif
-/* Plain simple type */
-#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
-
-/* OPTIONAL simple type */
-#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* IMPLICIT tagged simple type */
-#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
-
-/* IMPLICIT tagged OPTIONAL simple type */
-#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
-
-/* Same as above but EXPLICIT */
-
-#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
-#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
-
-/* SEQUENCE OF type */
-#define ASN1_SEQUENCE_OF(stname, field, type) \
- ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
-
-/* OPTIONAL SEQUENCE OF */
-#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
- ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* Same as above but for SET OF */
-
-#define ASN1_SET_OF(stname, field, type) \
- ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
-
-#define ASN1_SET_OF_OPT(stname, field, type) \
- ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
-
-/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
-
-#define ASN1_IMP_SET_OF(stname, field, type, tag) \
- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
-
-#define ASN1_EXP_SET_OF(stname, field, type, tag) \
- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
-
-#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
-
-#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
- ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
-
-#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
-
-#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
-
-/* EXPLICIT using indefinite length constructed form */
-#define ASN1_NDEF_EXP(stname, field, type, tag) \
- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
-
-/* EXPLICIT OPTIONAL using indefinite length constructed form */
-#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
- ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
-
-/* Macros for the ASN1_ADB structure */
-
-#define ASN1_ADB(name) \
- static const ASN1_ADB_TABLE name##_adbtbl[]
-
-#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
- ;\
- static const ASN1_ADB name##_adb = {\
- flags,\
- offsetof(name, field),\
- app_table,\
- name##_adbtbl,\
- sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
- def,\
- none\
- }
-
-#else
-
-#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
- ;\
- static const ASN1_ITEM *name##_adb(void) \
- { \
- static const ASN1_ADB internal_adb = \
- {\
- flags,\
- offsetof(name, field),\
- app_table,\
- name##_adbtbl,\
- sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
- def,\
- none\
- }; \
- return (const ASN1_ITEM *) &internal_adb; \
- } \
- void dummy_function(void)
-
-#endif
-
-#define ADB_ENTRY(val, template) {val, template}
-
-#define ASN1_ADB_TEMPLATE(name) \
- static const ASN1_TEMPLATE name##_tt
-
-/* This is the ASN1 template structure that defines
- * a wrapper round the actual type. It determines the
- * actual position of the field in the value structure,
- * various flags such as OPTIONAL and the field name.
- */
-
-struct ASN1_TEMPLATE_st {
-unsigned long flags; /* Various flags */
-long tag; /* tag, not used if no tagging */
-unsigned long offset; /* Offset of this field in structure */
-#ifndef NO_ASN1_FIELD_NAMES
-const char *field_name; /* Field name */
-#endif
-ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */
-};
-
-/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
-
-#define ASN1_TEMPLATE_item(t) (t->item_ptr)
-#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
-
-typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
-typedef struct ASN1_ADB_st ASN1_ADB;
-
-struct ASN1_ADB_st {
- unsigned long flags; /* Various flags */
- unsigned long offset; /* Offset of selector field */
- STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
- const ASN1_ADB_TABLE *tbl; /* Table of possible types */
- long tblcount; /* Number of entries in tbl */
- const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
- const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
-};
-
-struct ASN1_ADB_TABLE_st {
- long value; /* NID for an object or value for an int */
- const ASN1_TEMPLATE tt; /* item for this value */
-};
-
-/* template flags */
-
-/* Field is optional */
-#define ASN1_TFLG_OPTIONAL (0x1)
-
-/* Field is a SET OF */
-#define ASN1_TFLG_SET_OF (0x1 << 1)
-
-/* Field is a SEQUENCE OF */
-#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1)
-
-/* Special case: this refers to a SET OF that
- * will be sorted into DER order when encoded *and*
- * the corresponding STACK will be modified to match
- * the new order.
- */
-#define ASN1_TFLG_SET_ORDER (0x3 << 1)
-
-/* Mask for SET OF or SEQUENCE OF */
-#define ASN1_TFLG_SK_MASK (0x3 << 1)
-
-/* These flags mean the tag should be taken from the
- * tag field. If EXPLICIT then the underlying type
- * is used for the inner tag.
- */
-
-/* IMPLICIT tagging */
-#define ASN1_TFLG_IMPTAG (0x1 << 3)
-
-
-/* EXPLICIT tagging, inner tag from underlying type */
-#define ASN1_TFLG_EXPTAG (0x2 << 3)
-
-#define ASN1_TFLG_TAG_MASK (0x3 << 3)
-
-/* context specific IMPLICIT */
-#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
-
-/* context specific EXPLICIT */
-#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
-
-/* If tagging is in force these determine the
- * type of tag to use. Otherwise the tag is
- * determined by the underlying type. These
- * values reflect the actual octet format.
- */
-
-/* Universal tag */
-#define ASN1_TFLG_UNIVERSAL (0x0<<6)
-/* Application tag */
-#define ASN1_TFLG_APPLICATION (0x1<<6)
-/* Context specific tag */
-#define ASN1_TFLG_CONTEXT (0x2<<6)
-/* Private tag */
-#define ASN1_TFLG_PRIVATE (0x3<<6)
-
-#define ASN1_TFLG_TAG_CLASS (0x3<<6)
-
-/* These are for ANY DEFINED BY type. In this case
- * the 'item' field points to an ASN1_ADB structure
- * which contains a table of values to decode the
- * relevant type
- */
-
-#define ASN1_TFLG_ADB_MASK (0x3<<8)
-
-#define ASN1_TFLG_ADB_OID (0x1<<8)
-
-#define ASN1_TFLG_ADB_INT (0x1<<9)
-
-/* This flag means a parent structure is passed
- * instead of the field: this is useful is a
- * SEQUENCE is being combined with a CHOICE for
- * example. Since this means the structure and
- * item name will differ we need to use the
- * ASN1_CHOICE_END_name() macro for example.
- */
-
-#define ASN1_TFLG_COMBINE (0x1<<10)
-
-/* This flag when present in a SEQUENCE OF, SET OF
- * or EXPLICIT causes indefinite length constructed
- * encoding to be used if required.
- */
-
-#define ASN1_TFLG_NDEF (0x1<<11)
-
-/* This is the actual ASN1 item itself */
-
-struct ASN1_ITEM_st {
-char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */
-long utype; /* underlying type */
-const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
-long tcount; /* Number of templates if SEQUENCE or CHOICE */
-const void *funcs; /* functions that handle this type */
-long size; /* Structure size (usually)*/
-#ifndef NO_ASN1_FIELD_NAMES
-const char *sname; /* Structure name */
-#endif
-};
-
-/* These are values for the itype field and
- * determine how the type is interpreted.
- *
- * For PRIMITIVE types the underlying type
- * determines the behaviour if items is NULL.
- *
- * Otherwise templates must contain a single
- * template and the type is treated in the
- * same way as the type specified in the template.
- *
- * For SEQUENCE types the templates field points
- * to the members, the size field is the
- * structure size.
- *
- * For CHOICE types the templates field points
- * to each possible member (typically a union)
- * and the 'size' field is the offset of the
- * selector.
- *
- * The 'funcs' field is used for application
- * specific functions.
- *
- * For COMPAT types the funcs field gives a
- * set of functions that handle this type, this
- * supports the old d2i, i2d convention.
- *
- * The EXTERN type uses a new style d2i/i2d.
- * The new style should be used where possible
- * because it avoids things like the d2i IMPLICIT
- * hack.
- *
- * MSTRING is a multiple string type, it is used
- * for a CHOICE of character strings where the
- * actual strings all occupy an ASN1_STRING
- * structure. In this case the 'utype' field
- * has a special meaning, it is used as a mask
- * of acceptable types using the B_ASN1 constants.
- *
- * NDEF_SEQUENCE is the same as SEQUENCE except
- * that it will use indefinite length constructed
- * encoding if requested.
- *
- */
-
-#define ASN1_ITYPE_PRIMITIVE 0x0
-
-#define ASN1_ITYPE_SEQUENCE 0x1
-
-#define ASN1_ITYPE_CHOICE 0x2
-
-#define ASN1_ITYPE_COMPAT 0x3
-
-#define ASN1_ITYPE_EXTERN 0x4
-
-#define ASN1_ITYPE_MSTRING 0x5
-
-#define ASN1_ITYPE_NDEF_SEQUENCE 0x6
-
-/* Cache for ASN1 tag and length, so we
- * don't keep re-reading it for things
- * like CHOICE
- */
-
-struct ASN1_TLC_st{
- char valid; /* Values below are valid */
- int ret; /* return value */
- long plen; /* length */
- int ptag; /* class value */
- int pclass; /* class value */
- int hdrlen; /* header length */
-};
-
-/* Typedefs for ASN1 function pointers */
-
-typedef ASN1_VALUE * ASN1_new_func(void);
-typedef void ASN1_free_func(ASN1_VALUE *a);
-typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);
-typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
-
-typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
- int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
-typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-typedef struct ASN1_COMPAT_FUNCS_st {
- ASN1_new_func *asn1_new;
- ASN1_free_func *asn1_free;
- ASN1_d2i_func *asn1_d2i;
- ASN1_i2d_func *asn1_i2d;
-} ASN1_COMPAT_FUNCS;
-
-typedef struct ASN1_EXTERN_FUNCS_st {
- void *app_data;
- ASN1_ex_new_func *asn1_ex_new;
- ASN1_ex_free_func *asn1_ex_free;
- ASN1_ex_free_func *asn1_ex_clear;
- ASN1_ex_d2i *asn1_ex_d2i;
- ASN1_ex_i2d *asn1_ex_i2d;
-} ASN1_EXTERN_FUNCS;
-
-typedef struct ASN1_PRIMITIVE_FUNCS_st {
- void *app_data;
- unsigned long flags;
- ASN1_ex_new_func *prim_new;
- ASN1_ex_free_func *prim_free;
- ASN1_ex_free_func *prim_clear;
- ASN1_primitive_c2i *prim_c2i;
- ASN1_primitive_i2c *prim_i2c;
-} ASN1_PRIMITIVE_FUNCS;
-
-/* This is the ASN1_AUX structure: it handles various
- * miscellaneous requirements. For example the use of
- * reference counts and an informational callback.
- *
- * The "informational callback" is called at various
- * points during the ASN1 encoding and decoding. It can
- * be used to provide minor customisation of the structures
- * used. This is most useful where the supplied routines
- * *almost* do the right thing but need some extra help
- * at a few points. If the callback returns zero then
- * it is assumed a fatal error has occurred and the
- * main operation should be abandoned.
- *
- * If major changes in the default behaviour are required
- * then an external type is more appropriate.
- */
-
-typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
-
-typedef struct ASN1_AUX_st {
- void *app_data;
- int flags;
- int ref_offset; /* Offset of reference value */
- int ref_lock; /* Lock type to use */
- ASN1_aux_cb *asn1_cb;
- int enc_offset; /* Offset of ASN1_ENCODING structure */
-} ASN1_AUX;
-
-/* Flags in ASN1_AUX */
-
-/* Use a reference count */
-#define ASN1_AFLG_REFCOUNT 1
-/* Save the encoding of structure (useful for signatures) */
-#define ASN1_AFLG_ENCODING 2
-/* The Sequence length is invalid */
-#define ASN1_AFLG_BROKEN 4
-
-/* operation values for asn1_cb */
-
-#define ASN1_OP_NEW_PRE 0
-#define ASN1_OP_NEW_POST 1
-#define ASN1_OP_FREE_PRE 2
-#define ASN1_OP_FREE_POST 3
-#define ASN1_OP_D2I_PRE 4
-#define ASN1_OP_D2I_POST 5
-#define ASN1_OP_I2D_PRE 6
-#define ASN1_OP_I2D_POST 7
-
-/* Macro to implement a primitive type */
-#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
-#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
- ASN1_ITEM_start(itname) \
- ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
- ASN1_ITEM_end(itname)
-
-/* Macro to implement a multi string type */
-#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
- ASN1_ITEM_start(itname) \
- ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
- ASN1_ITEM_end(itname)
-
-/* Macro to implement an ASN1_ITEM in terms of old style funcs */
-
-#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
-
-#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
- static const ASN1_COMPAT_FUNCS sname##_ff = { \
- (ASN1_new_func *)sname##_new, \
- (ASN1_free_func *)sname##_free, \
- (ASN1_d2i_func *)d2i_##sname, \
- (ASN1_i2d_func *)i2d_##sname, \
- }; \
- ASN1_ITEM_start(sname) \
- ASN1_ITYPE_COMPAT, \
- tag, \
- NULL, \
- 0, \
- &sname##_ff, \
- 0, \
- #sname \
- ASN1_ITEM_end(sname)
-
-#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
- ASN1_ITEM_start(sname) \
- ASN1_ITYPE_EXTERN, \
- tag, \
- NULL, \
- 0, \
- &fptrs, \
- 0, \
- #sname \
- ASN1_ITEM_end(sname)
-
-/* Macro to implement standard functions in terms of ASN1_ITEM structures */
-
-#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
- IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
-
-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
-
-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
- stname *fname##_new(void) \
- { \
- return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
- } \
- void fname##_free(stname *a) \
- { \
- ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
- }
-
-#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
-
-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
- stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
- { \
- return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
- } \
- int i2d_##fname(stname *a, unsigned char **out) \
- { \
- return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
- }
-
-#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
- int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
- { \
- return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
- }
-
-/* This includes evil casts to remove const: they will go away when full
- * ASN1 constification is done.
- */
-#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
- stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
- { \
- return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
- } \
- int i2d_##fname(const stname *a, unsigned char **out) \
- { \
- return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
- }
-
-#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
- stname * stname##_dup(stname *x) \
- { \
- return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
- }
-
-#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
- IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
-
-#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
- IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
-
-/* external definitions for primitive types */
-
-DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
-DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
-DECLARE_ASN1_ITEM(CBIGNUM)
-DECLARE_ASN1_ITEM(BIGNUM)
-DECLARE_ASN1_ITEM(LONG)
-DECLARE_ASN1_ITEM(ZLONG)
-
-DECLARE_STACK_OF(ASN1_VALUE)
-
-/* Functions used internally by the ASN1 code */
-
-int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt);
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
- int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
-
-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-
-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
-
-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
-
-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1t.h (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/asn1t.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1t.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn1t.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,904 @@
+/* asn1t.h */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ASN1T_H
+# define HEADER_ASN1T_H
+
+# include <stddef.h>
+# include <openssl/e_os2.h>
+# include <openssl/asn1.h>
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+/* ASN1 template defines, structures and functions */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+# define ASN1_ITEM_start(itname) \
+ OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
+
+# define ASN1_ITEM_end(itname) \
+ };
+
+# else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+# define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+# define ASN1_ITEM_start(itname) \
+ const ASN1_ITEM * itname##_it(void) \
+ { \
+ static const ASN1_ITEM local_it = {
+
+# define ASN1_ITEM_end(itname) \
+ }; \
+ return &local_it; \
+ }
+
+# endif
+
+/* Macros to aid ASN1 template writing */
+
+# define ASN1_ITEM_TEMPLATE(tname) \
+ static const ASN1_TEMPLATE tname##_item_tt
+
+# define ASN1_ITEM_TEMPLATE_END(tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_PRIMITIVE,\
+ -1,\
+ &tname##_item_tt,\
+ 0,\
+ NULL,\
+ 0,\
+ #tname \
+ ASN1_ITEM_end(tname)
+
+/* This is a ASN1 type which just embeds a template */
+
+/*-
+ * This pair helps declare a SEQUENCE. We can do:
+ *
+ * ASN1_SEQUENCE(stname) = {
+ * ... SEQUENCE components ...
+ * } ASN1_SEQUENCE_END(stname)
+ *
+ * This will produce an ASN1_ITEM called stname_it
+ * for a structure called stname.
+ *
+ * If you want the same structure but a different
+ * name then use:
+ *
+ * ASN1_SEQUENCE(itname) = {
+ * ... SEQUENCE components ...
+ * } ASN1_SEQUENCE_END_name(stname, itname)
+ *
+ * This will create an item called itname_it using
+ * a structure called stname.
+ */
+
+# define ASN1_SEQUENCE(tname) \
+ static const ASN1_TEMPLATE tname##_seq_tt[]
+
+# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+
+# define ASN1_SEQUENCE_END_name(stname, tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+# define ASN1_NDEF_SEQUENCE(tname) \
+ ASN1_SEQUENCE(tname)
+
+# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
+ ASN1_SEQUENCE_cb(tname, cb)
+
+# define ASN1_SEQUENCE_cb(tname, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+ ASN1_SEQUENCE(tname)
+
+# define ASN1_BROKEN_SEQUENCE(tname) \
+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+ ASN1_SEQUENCE(tname)
+
+# define ASN1_SEQUENCE_ref(tname, cb, lck) \
+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+ ASN1_SEQUENCE(tname)
+
+# define ASN1_SEQUENCE_enc(tname, enc, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+ ASN1_SEQUENCE(tname)
+
+# define ASN1_NDEF_SEQUENCE_END(tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_NDEF_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(tname),\
+ #tname \
+ ASN1_ITEM_end(tname)
+
+# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+
+# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+# define ASN1_SEQUENCE_END_ref(stname, tname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_SEQUENCE,\
+ V_ASN1_SEQUENCE,\
+ tname##_seq_tt,\
+ sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+ &tname##_aux,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+/*-
+ * This pair helps declare a CHOICE type. We can do:
+ *
+ * ASN1_CHOICE(chname) = {
+ * ... CHOICE options ...
+ * ASN1_CHOICE_END(chname)
+ *
+ * This will produce an ASN1_ITEM called chname_it
+ * for a structure called chname. The structure
+ * definition must look like this:
+ * typedef struct {
+ * int type;
+ * union {
+ * ASN1_SOMETHING *opt1;
+ * ASN1_SOMEOTHER *opt2;
+ * } value;
+ * } chname;
+ *
+ * the name of the selector must be 'type'.
+ * to use an alternative selector name use the
+ * ASN1_CHOICE_END_selector() version.
+ */
+
+# define ASN1_CHOICE(tname) \
+ static const ASN1_TEMPLATE tname##_ch_tt[]
+
+# define ASN1_CHOICE_cb(tname, cb) \
+ static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+ ASN1_CHOICE(tname)
+
+# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+
+# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+
+# define ASN1_CHOICE_END_selector(stname, tname, selname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_CHOICE,\
+ offsetof(stname,selname) ,\
+ tname##_ch_tt,\
+ sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+ NULL,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+# define ASN1_CHOICE_END_cb(stname, tname, selname) \
+ ;\
+ ASN1_ITEM_start(tname) \
+ ASN1_ITYPE_CHOICE,\
+ offsetof(stname,selname) ,\
+ tname##_ch_tt,\
+ sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+ &tname##_aux,\
+ sizeof(stname),\
+ #stname \
+ ASN1_ITEM_end(tname)
+
+/* This helps with the template wrapper form of ASN1_ITEM */
+
+# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
+ (flags), (tag), 0,\
+ #name, ASN1_ITEM_ref(type) }
+
+/* These help with SEQUENCE or CHOICE components */
+
+/* used to declare other types */
+
+# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
+ (flags), (tag), offsetof(stname, field),\
+ #field, ASN1_ITEM_ref(type) }
+
+/* used when the structure is combined with the parent */
+
+# define ASN1_EX_COMBINE(flags, tag, type) { \
+ (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
+
+/* implicit and explicit helper macros */
+
+# define ASN1_IMP_EX(stname, field, type, tag, ex) \
+ ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
+
+# define ASN1_EXP_EX(stname, field, type, tag, ex) \
+ ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
+
+/* Any defined by macros: the field used is in the table itself */
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+# else
+# define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+# define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+# endif
+/* Plain simple type */
+# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+
+/* OPTIONAL simple type */
+# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* IMPLICIT tagged simple type */
+# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+
+/* IMPLICIT tagged OPTIONAL simple type */
+# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* Same as above but EXPLICIT */
+
+# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* SEQUENCE OF type */
+# define ASN1_SEQUENCE_OF(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+
+/* OPTIONAL SEQUENCE OF */
+# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Same as above but for SET OF */
+
+# define ASN1_SET_OF(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+
+# define ASN1_SET_OF_OPT(stname, field, type) \
+ ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
+
+# define ASN1_IMP_SET_OF(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+# define ASN1_EXP_SET_OF(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+ ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+/* EXPLICIT using indefinite length constructed form */
+# define ASN1_NDEF_EXP(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
+
+/* EXPLICIT OPTIONAL using indefinite length constructed form */
+# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
+ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
+
+/* Macros for the ASN1_ADB structure */
+
+# define ASN1_ADB(name) \
+ static const ASN1_ADB_TABLE name##_adbtbl[]
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+# define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+ ;\
+ static const ASN1_ADB name##_adb = {\
+ flags,\
+ offsetof(name, field),\
+ app_table,\
+ name##_adbtbl,\
+ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+ def,\
+ none\
+ }
+
+# else
+
+# define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+ ;\
+ static const ASN1_ITEM *name##_adb(void) \
+ { \
+ static const ASN1_ADB internal_adb = \
+ {\
+ flags,\
+ offsetof(name, field),\
+ app_table,\
+ name##_adbtbl,\
+ sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+ def,\
+ none\
+ }; \
+ return (const ASN1_ITEM *) &internal_adb; \
+ } \
+ void dummy_function(void)
+
+# endif
+
+# define ADB_ENTRY(val, template) {val, template}
+
+# define ASN1_ADB_TEMPLATE(name) \
+ static const ASN1_TEMPLATE name##_tt
+
+/*
+ * This is the ASN1 template structure that defines a wrapper round the
+ * actual type. It determines the actual position of the field in the value
+ * structure, various flags such as OPTIONAL and the field name.
+ */
+
+struct ASN1_TEMPLATE_st {
+ unsigned long flags; /* Various flags */
+ long tag; /* tag, not used if no tagging */
+ unsigned long offset; /* Offset of this field in structure */
+# ifndef NO_ASN1_FIELD_NAMES
+ const char *field_name; /* Field name */
+# endif
+ ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */
+};
+
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+# define ASN1_TEMPLATE_item(t) (t->item_ptr)
+# define ASN1_TEMPLATE_adb(t) (t->item_ptr)
+
+typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
+typedef struct ASN1_ADB_st ASN1_ADB;
+
+struct ASN1_ADB_st {
+ unsigned long flags; /* Various flags */
+ unsigned long offset; /* Offset of selector field */
+ STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
+ const ASN1_ADB_TABLE *tbl; /* Table of possible types */
+ long tblcount; /* Number of entries in tbl */
+ const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
+ const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
+};
+
+struct ASN1_ADB_TABLE_st {
+ long value; /* NID for an object or value for an int */
+ const ASN1_TEMPLATE tt; /* item for this value */
+};
+
+/* template flags */
+
+/* Field is optional */
+# define ASN1_TFLG_OPTIONAL (0x1)
+
+/* Field is a SET OF */
+# define ASN1_TFLG_SET_OF (0x1 << 1)
+
+/* Field is a SEQUENCE OF */
+# define ASN1_TFLG_SEQUENCE_OF (0x2 << 1)
+
+/*
+ * Special case: this refers to a SET OF that will be sorted into DER order
+ * when encoded *and* the corresponding STACK will be modified to match the
+ * new order.
+ */
+# define ASN1_TFLG_SET_ORDER (0x3 << 1)
+
+/* Mask for SET OF or SEQUENCE OF */
+# define ASN1_TFLG_SK_MASK (0x3 << 1)
+
+/*
+ * These flags mean the tag should be taken from the tag field. If EXPLICIT
+ * then the underlying type is used for the inner tag.
+ */
+
+/* IMPLICIT tagging */
+# define ASN1_TFLG_IMPTAG (0x1 << 3)
+
+/* EXPLICIT tagging, inner tag from underlying type */
+# define ASN1_TFLG_EXPTAG (0x2 << 3)
+
+# define ASN1_TFLG_TAG_MASK (0x3 << 3)
+
+/* context specific IMPLICIT */
+# define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
+
+/* context specific EXPLICIT */
+# define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
+
+/*
+ * If tagging is in force these determine the type of tag to use. Otherwise
+ * the tag is determined by the underlying type. These values reflect the
+ * actual octet format.
+ */
+
+/* Universal tag */
+# define ASN1_TFLG_UNIVERSAL (0x0<<6)
+/* Application tag */
+# define ASN1_TFLG_APPLICATION (0x1<<6)
+/* Context specific tag */
+# define ASN1_TFLG_CONTEXT (0x2<<6)
+/* Private tag */
+# define ASN1_TFLG_PRIVATE (0x3<<6)
+
+# define ASN1_TFLG_TAG_CLASS (0x3<<6)
+
+/*
+ * These are for ANY DEFINED BY type. In this case the 'item' field points to
+ * an ASN1_ADB structure which contains a table of values to decode the
+ * relevant type
+ */
+
+# define ASN1_TFLG_ADB_MASK (0x3<<8)
+
+# define ASN1_TFLG_ADB_OID (0x1<<8)
+
+# define ASN1_TFLG_ADB_INT (0x1<<9)
+
+/*
+ * This flag means a parent structure is passed instead of the field: this is
+ * useful is a SEQUENCE is being combined with a CHOICE for example. Since
+ * this means the structure and item name will differ we need to use the
+ * ASN1_CHOICE_END_name() macro for example.
+ */
+
+# define ASN1_TFLG_COMBINE (0x1<<10)
+
+/*
+ * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes
+ * indefinite length constructed encoding to be used if required.
+ */
+
+# define ASN1_TFLG_NDEF (0x1<<11)
+
+/* This is the actual ASN1 item itself */
+
+struct ASN1_ITEM_st {
+ char itype; /* The item type, primitive, SEQUENCE, CHOICE
+ * or extern */
+ long utype; /* underlying type */
+ const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains
+ * the contents */
+ long tcount; /* Number of templates if SEQUENCE or CHOICE */
+ const void *funcs; /* functions that handle this type */
+ long size; /* Structure size (usually) */
+# ifndef NO_ASN1_FIELD_NAMES
+ const char *sname; /* Structure name */
+# endif
+};
+
+/*-
+ * These are values for the itype field and
+ * determine how the type is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application
+ * specific functions.
+ *
+ * For COMPAT types the funcs field gives a
+ * set of functions that handle this type, this
+ * supports the old d2i, i2d convention.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ * NDEF_SEQUENCE is the same as SEQUENCE except
+ * that it will use indefinite length constructed
+ * encoding if requested.
+ *
+ */
+
+# define ASN1_ITYPE_PRIMITIVE 0x0
+
+# define ASN1_ITYPE_SEQUENCE 0x1
+
+# define ASN1_ITYPE_CHOICE 0x2
+
+# define ASN1_ITYPE_COMPAT 0x3
+
+# define ASN1_ITYPE_EXTERN 0x4
+
+# define ASN1_ITYPE_MSTRING 0x5
+
+# define ASN1_ITYPE_NDEF_SEQUENCE 0x6
+
+/*
+ * Cache for ASN1 tag and length, so we don't keep re-reading it for things
+ * like CHOICE
+ */
+
+struct ASN1_TLC_st {
+ char valid; /* Values below are valid */
+ int ret; /* return value */
+ long plen; /* length */
+ int ptag; /* class value */
+ int pclass; /* class value */
+ int hdrlen; /* header length */
+};
+
+/* Typedefs for ASN1 function pointers */
+
+typedef ASN1_VALUE *ASN1_new_func(void);
+typedef void ASN1_free_func(ASN1_VALUE *a);
+typedef ASN1_VALUE *ASN1_d2i_func(ASN1_VALUE **a, const unsigned char **in,
+ long length);
+typedef int ASN1_i2d_func(ASN1_VALUE *a, unsigned char **in);
+
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ const ASN1_ITEM *it, int tag, int aclass, char opt,
+ ASN1_TLC *ctx);
+
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont,
+ int *putype, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont,
+ int len, int utype, char *free_cont,
+ const ASN1_ITEM *it);
+
+typedef struct ASN1_COMPAT_FUNCS_st {
+ ASN1_new_func *asn1_new;
+ ASN1_free_func *asn1_free;
+ ASN1_d2i_func *asn1_d2i;
+ ASN1_i2d_func *asn1_i2d;
+} ASN1_COMPAT_FUNCS;
+
+typedef struct ASN1_EXTERN_FUNCS_st {
+ void *app_data;
+ ASN1_ex_new_func *asn1_ex_new;
+ ASN1_ex_free_func *asn1_ex_free;
+ ASN1_ex_free_func *asn1_ex_clear;
+ ASN1_ex_d2i *asn1_ex_d2i;
+ ASN1_ex_i2d *asn1_ex_i2d;
+} ASN1_EXTERN_FUNCS;
+
+typedef struct ASN1_PRIMITIVE_FUNCS_st {
+ void *app_data;
+ unsigned long flags;
+ ASN1_ex_new_func *prim_new;
+ ASN1_ex_free_func *prim_free;
+ ASN1_ex_free_func *prim_clear;
+ ASN1_primitive_c2i *prim_c2i;
+ ASN1_primitive_i2c *prim_i2c;
+} ASN1_PRIMITIVE_FUNCS;
+
+/*
+ * This is the ASN1_AUX structure: it handles various miscellaneous
+ * requirements. For example the use of reference counts and an informational
+ * callback. The "informational callback" is called at various points during
+ * the ASN1 encoding and decoding. It can be used to provide minor
+ * customisation of the structures used. This is most useful where the
+ * supplied routines *almost* do the right thing but need some extra help at
+ * a few points. If the callback returns zero then it is assumed a fatal
+ * error has occurred and the main operation should be abandoned. If major
+ * changes in the default behaviour are required then an external type is
+ * more appropriate.
+ */
+
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
+
+typedef struct ASN1_AUX_st {
+ void *app_data;
+ int flags;
+ int ref_offset; /* Offset of reference value */
+ int ref_lock; /* Lock type to use */
+ ASN1_aux_cb *asn1_cb;
+ int enc_offset; /* Offset of ASN1_ENCODING structure */
+} ASN1_AUX;
+
+/* Flags in ASN1_AUX */
+
+/* Use a reference count */
+# define ASN1_AFLG_REFCOUNT 1
+/* Save the encoding of structure (useful for signatures) */
+# define ASN1_AFLG_ENCODING 2
+/* The Sequence length is invalid */
+# define ASN1_AFLG_BROKEN 4
+
+/* operation values for asn1_cb */
+
+# define ASN1_OP_NEW_PRE 0
+# define ASN1_OP_NEW_POST 1
+# define ASN1_OP_FREE_PRE 2
+# define ASN1_OP_FREE_POST 3
+# define ASN1_OP_D2I_PRE 4
+# define ASN1_OP_D2I_POST 5
+# define ASN1_OP_I2D_PRE 6
+# define ASN1_OP_I2D_POST 7
+
+/* Macro to implement a primitive type */
+# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
+# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+ ASN1_ITEM_start(itname) \
+ ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+ ASN1_ITEM_end(itname)
+
+/* Macro to implement a multi string type */
+# define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+ ASN1_ITEM_start(itname) \
+ ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+ ASN1_ITEM_end(itname)
+
+/* Macro to implement an ASN1_ITEM in terms of old style funcs */
+
+# define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
+
+# define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
+ static const ASN1_COMPAT_FUNCS sname##_ff = { \
+ (ASN1_new_func *)sname##_new, \
+ (ASN1_free_func *)sname##_free, \
+ (ASN1_d2i_func *)d2i_##sname, \
+ (ASN1_i2d_func *)i2d_##sname, \
+ }; \
+ ASN1_ITEM_start(sname) \
+ ASN1_ITYPE_COMPAT, \
+ tag, \
+ NULL, \
+ 0, \
+ &sname##_ff, \
+ 0, \
+ #sname \
+ ASN1_ITEM_end(sname)
+
+# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+ ASN1_ITEM_start(sname) \
+ ASN1_ITYPE_EXTERN, \
+ tag, \
+ NULL, \
+ 0, \
+ &fptrs, \
+ 0, \
+ #sname \
+ ASN1_ITEM_end(sname)
+
+/* Macro to implement standard functions in terms of ASN1_ITEM structures */
+
+# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
+ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
+ stname *fname##_new(void) \
+ { \
+ return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+ } \
+ void fname##_free(stname *a) \
+ { \
+ ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+ }
+
+# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+ stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+ { \
+ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+ } \
+ int i2d_##fname(stname *a, unsigned char **out) \
+ { \
+ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+ }
+
+# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
+ int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
+ { \
+ return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
+ }
+
+/*
+ * This includes evil casts to remove const: they will go away when full ASN1
+ * constification is done.
+ */
+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+ stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+ { \
+ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+ } \
+ int i2d_##fname(const stname *a, unsigned char **out) \
+ { \
+ return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+ }
+
+# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+ stname * stname##_dup(stname *x) \
+ { \
+ return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+ }
+
+# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
+ IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+/* external definitions for primitive types */
+
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
+
+DECLARE_STACK_OF(ASN1_VALUE)
+
+/* Functions used internally by the ASN1 code */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ const ASN1_TEMPLATE *tt);
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ const ASN1_ITEM *it, int tag, int aclass, char opt,
+ ASN1_TLC *ctx);
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_ITEM *it, int tag, int aclass);
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_TEMPLATE *tt);
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+ const ASN1_ITEM *it);
+int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it);
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+ const ASN1_ITEM *it);
+
+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+ int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+ const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+ const ASN1_ITEM *it);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_mime.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_mime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,881 +0,0 @@
-/* asn_mime.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-/* Generalised MIME like utilities for streaming ASN1. Although many
- * have a PKCS7/CMS like flavour others are more general purpose.
- */
-
-/* MIME format structures
- * Note that all are translated to lower case apart from
- * parameter values. Quotes are stripped off
- */
-
-typedef struct {
-char *param_name; /* Param name e.g. "micalg" */
-char *param_value; /* Param value e.g. "sha1" */
-} MIME_PARAM;
-
-DECLARE_STACK_OF(MIME_PARAM)
-IMPLEMENT_STACK_OF(MIME_PARAM)
-
-typedef struct {
-char *name; /* Name of line e.g. "content-type" */
-char *value; /* Value of line e.g. "text/plain" */
-STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
-} MIME_HEADER;
-
-DECLARE_STACK_OF(MIME_HEADER)
-IMPLEMENT_STACK_OF(MIME_HEADER)
-
-static char * strip_ends(char *name);
-static char * strip_start(char *name);
-static char * strip_end(char *name);
-static MIME_HEADER *mime_hdr_new(char *name, char *value);
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
- const MIME_HEADER * const *b);
-static int mime_param_cmp(const MIME_PARAM * const *a,
- const MIME_PARAM * const *b);
-static void mime_param_free(MIME_PARAM *param);
-static int mime_bound_check(char *line, int linelen, char *bound, int blen);
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
-static int strip_eol(char *linebuf, int *plen);
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
-static void mime_hdr_free(MIME_HEADER *hdr);
-
-#define MAX_SMLEN 1024
-#define mime_debug(x) /* x */
-
-/* Base 64 read and write of ASN1 structure */
-
-static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
- const ASN1_ITEM *it)
- {
- BIO *b64;
- int r;
- b64 = BIO_new(BIO_f_base64());
- if(!b64)
- {
- ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- /* prepend the b64 BIO so all data is base64 encoded.
- */
- out = BIO_push(b64, out);
- r = ASN1_item_i2d_bio(it, out, val);
- (void)BIO_flush(out);
- BIO_pop(out);
- BIO_free(b64);
- return r;
- }
-
-static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
-{
- BIO *b64;
- ASN1_VALUE *val;
- if(!(b64 = BIO_new(BIO_f_base64()))) {
- ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- bio = BIO_push(b64, bio);
- val = ASN1_item_d2i_bio(it, bio, NULL);
- if(!val)
- ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR);
- (void)BIO_flush(bio);
- bio = BIO_pop(bio);
- BIO_free(b64);
- return val;
-}
-
-/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
-
-static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
- {
- int i, have_unknown = 0, write_comma, md_nid;
- have_unknown = 0;
- write_comma = 0;
- for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
- {
- if (write_comma)
- BIO_write(out, ",", 1);
- write_comma = 1;
- md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
- switch(md_nid)
- {
- case NID_sha1:
- BIO_puts(out, "sha1");
- break;
-
- case NID_md5:
- BIO_puts(out, "md5");
- break;
-
- case NID_sha256:
- BIO_puts(out, "sha-256");
- break;
-
- case NID_sha384:
- BIO_puts(out, "sha-384");
- break;
-
- case NID_sha512:
- BIO_puts(out, "sha-512");
- break;
-
- default:
- if (have_unknown)
- write_comma = 0;
- else
- {
- BIO_puts(out, "unknown");
- have_unknown = 1;
- }
- break;
-
- }
- }
-
- return 1;
-
- }
-
-/* SMIME sender */
-
-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
- int ctype_nid, int econt_nid,
- STACK_OF(X509_ALGOR) *mdalgs,
- asn1_output_data_fn *data_fn,
- const ASN1_ITEM *it)
-{
- char bound[33], c;
- int i;
- const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
- const char *msg_type=NULL;
- if (flags & SMIME_OLDMIME)
- mime_prefix = "application/x-pkcs7-";
- else
- mime_prefix = "application/pkcs7-";
-
- if (flags & SMIME_CRLFEOL)
- mime_eol = "\r\n";
- else
- mime_eol = "\n";
- if((flags & SMIME_DETACHED) && data) {
- /* We want multipart/signed */
- /* Generate a random boundary */
- RAND_pseudo_bytes((unsigned char *)bound, 32);
- for(i = 0; i < 32; i++) {
- c = bound[i] & 0xf;
- if(c < 10) c += '0';
- else c += 'A' - 10;
- bound[i] = c;
- }
- bound[32] = 0;
- BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
- BIO_printf(bio, "Content-Type: multipart/signed;");
- BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
- BIO_puts(bio, " micalg=\"");
- asn1_write_micalg(bio, mdalgs);
- BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
- bound, mime_eol, mime_eol);
- BIO_printf(bio, "This is an S/MIME signed message%s%s",
- mime_eol, mime_eol);
- /* Now write out the first part */
- BIO_printf(bio, "------%s%s", bound, mime_eol);
- if (!data_fn(bio, data, val, flags, it))
- return 0;
- BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
-
- /* Headers for signature */
-
- BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
- BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
- BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
- mime_eol);
- BIO_printf(bio, "Content-Disposition: attachment;");
- BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
- mime_eol, mime_eol);
- B64_write_ASN1(bio, val, NULL, 0, it);
- BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
- mime_eol, mime_eol);
- return 1;
- }
-
- /* Determine smime-type header */
-
- if (ctype_nid == NID_pkcs7_enveloped)
- msg_type = "enveloped-data";
- else if (ctype_nid == NID_pkcs7_signed)
- {
- if (econt_nid == NID_id_smime_ct_receipt)
- msg_type = "signed-receipt";
- else if (sk_X509_ALGOR_num(mdalgs) >= 0)
- msg_type = "signed-data";
- else
- msg_type = "certs-only";
- }
- else if (ctype_nid == NID_id_smime_ct_compressedData)
- {
- msg_type = "compressed-data";
- cname = "smime.p7z";
- }
- /* MIME headers */
- BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
- BIO_printf(bio, "Content-Disposition: attachment;");
- BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
- BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
- if (msg_type)
- BIO_printf(bio, " smime-type=%s;", msg_type);
- BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
- BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
- mime_eol, mime_eol);
- if (!B64_write_ASN1(bio, val, data, flags, it))
- return 0;
- BIO_printf(bio, "%s", mime_eol);
- return 1;
-}
-
-#if 0
-
-/* Handle output of ASN1 data */
-
-
-static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
- const ASN1_ITEM *it)
- {
- BIO *tmpbio;
- const ASN1_AUX *aux = it->funcs;
- ASN1_STREAM_ARG sarg;
-
- if (!(flags & SMIME_DETACHED))
- {
- SMIME_crlf_copy(data, out, flags);
- return 1;
- }
-
- if (!aux || !aux->asn1_cb)
- {
- ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
- ASN1_R_STREAMING_NOT_SUPPORTED);
- return 0;
- }
-
- sarg.out = out;
- sarg.ndef_bio = NULL;
- sarg.boundary = NULL;
-
- /* Let ASN1 code prepend any needed BIOs */
-
- if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
- return 0;
-
- /* Copy data across, passing through filter BIOs for processing */
- SMIME_crlf_copy(data, sarg.ndef_bio, flags);
-
- /* Finalize structure */
- if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
- return 0;
-
- /* Now remove any digests prepended to the BIO */
-
- while (sarg.ndef_bio != out)
- {
- tmpbio = BIO_pop(sarg.ndef_bio);
- BIO_free(sarg.ndef_bio);
- sarg.ndef_bio = tmpbio;
- }
-
- return 1;
-
- }
-
-#endif
-
-/* SMIME reader: handle multipart/signed and opaque signing.
- * in multipart case the content is placed in a memory BIO
- * pointed to by "bcont". In opaque this is set to NULL
- */
-
-ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
-{
- BIO *asnin;
- STACK_OF(MIME_HEADER) *headers = NULL;
- STACK_OF(BIO) *parts = NULL;
- MIME_HEADER *hdr;
- MIME_PARAM *prm;
- ASN1_VALUE *val;
- int ret;
-
- if(bcont) *bcont = NULL;
-
- if (!(headers = mime_parse_hdr(bio))) {
- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR);
- return NULL;
- }
-
- if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
- return NULL;
- }
-
- /* Handle multipart/signed */
-
- if(!strcmp(hdr->value, "multipart/signed")) {
- /* Split into two parts */
- prm = mime_param_find(hdr, "boundary");
- if(!prm || !prm->param_value) {
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
- return NULL;
- }
- ret = multi_split(bio, prm->param_value, &parts);
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- if(!ret || (sk_BIO_num(parts) != 2) ) {
- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
- sk_BIO_pop_free(parts, BIO_vfree);
- return NULL;
- }
-
- /* Parse the signature piece */
- asnin = sk_BIO_value(parts, 1);
-
- if (!(headers = mime_parse_hdr(asnin))) {
- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR);
- sk_BIO_pop_free(parts, BIO_vfree);
- return NULL;
- }
-
- /* Get content type */
-
- if(!(hdr = mime_hdr_find(headers, "content-type")) ||
- !hdr->value) {
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
- return NULL;
- }
-
- if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
- strcmp(hdr->value, "application/pkcs7-signature")) {
- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
- ERR_add_error_data(2, "type: ", hdr->value);
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- sk_BIO_pop_free(parts, BIO_vfree);
- return NULL;
- }
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- /* Read in ASN1 */
- if(!(val = b64_read_asn1(asnin, it))) {
- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR);
- sk_BIO_pop_free(parts, BIO_vfree);
- return NULL;
- }
-
- if(bcont) {
- *bcont = sk_BIO_value(parts, 0);
- BIO_free(asnin);
- sk_BIO_free(parts);
- } else sk_BIO_pop_free(parts, BIO_vfree);
- return val;
- }
-
- /* OK, if not multipart/signed try opaque signature */
-
- if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
- strcmp (hdr->value, "application/pkcs7-mime")) {
- ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE);
- ERR_add_error_data(2, "type: ", hdr->value);
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- return NULL;
- }
-
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-
- if(!(val = b64_read_asn1(bio, it))) {
- ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
- return NULL;
- }
- return val;
-
-}
-
-/* Copy text from one BIO to another making the output CRLF at EOL */
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
-{
- BIO *bf;
- char eol;
- int len;
- char linebuf[MAX_SMLEN];
- /* Buffer output so we don't write one line at a time. This is
- * useful when streaming as we don't end up with one OCTET STRING
- * per line.
- */
- bf = BIO_new(BIO_f_buffer());
- if (!bf)
- return 0;
- out = BIO_push(bf, out);
- if(flags & SMIME_BINARY)
- {
- while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
- BIO_write(out, linebuf, len);
- }
- else
- {
- if(flags & SMIME_TEXT)
- BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
- while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0)
- {
- eol = strip_eol(linebuf, &len);
- if (len)
- BIO_write(out, linebuf, len);
- if(eol) BIO_write(out, "\r\n", 2);
- }
- }
- (void)BIO_flush(out);
- BIO_pop(out);
- BIO_free(bf);
- return 1;
-}
-
-/* Strip off headers if they are text/plain */
-int SMIME_text(BIO *in, BIO *out)
-{
- char iobuf[4096];
- int len;
- STACK_OF(MIME_HEADER) *headers;
- MIME_HEADER *hdr;
-
- if (!(headers = mime_parse_hdr(in))) {
- ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR);
- return 0;
- }
- if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
- ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE);
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- return 0;
- }
- if (strcmp (hdr->value, "text/plain")) {
- ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE);
- ERR_add_error_data(2, "type: ", hdr->value);
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- return 0;
- }
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
- while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
- BIO_write(out, iobuf, len);
- if (len < 0)
- return 0;
- return 1;
-}
-
-/* Split a multipart/XXX message body into component parts: result is
- * canonical parts in a STACK of bios
- */
-
-static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
-{
- char linebuf[MAX_SMLEN];
- int len, blen;
- int eol = 0, next_eol = 0;
- BIO *bpart = NULL;
- STACK_OF(BIO) *parts;
- char state, part, first;
-
- blen = strlen(bound);
- part = 0;
- state = 0;
- first = 1;
- parts = sk_BIO_new_null();
- *ret = parts;
- while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
- state = mime_bound_check(linebuf, len, bound, blen);
- if(state == 1) {
- first = 1;
- part++;
- } else if(state == 2) {
- sk_BIO_push(parts, bpart);
- return 1;
- } else if(part) {
- /* Strip CR+LF from linebuf */
- next_eol = strip_eol(linebuf, &len);
- if(first) {
- first = 0;
- if(bpart) sk_BIO_push(parts, bpart);
- bpart = BIO_new(BIO_s_mem());
- BIO_set_mem_eof_return(bpart, 0);
- } else if (eol)
- BIO_write(bpart, "\r\n", 2);
- eol = next_eol;
- if (len)
- BIO_write(bpart, linebuf, len);
- }
- }
- return 0;
-}
-
-/* This is the big one: parse MIME header lines up to message body */
-
-#define MIME_INVALID 0
-#define MIME_START 1
-#define MIME_TYPE 2
-#define MIME_NAME 3
-#define MIME_VALUE 4
-#define MIME_QUOTE 5
-#define MIME_COMMENT 6
-
-
-static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
-{
- char *p, *q, c;
- char *ntmp;
- char linebuf[MAX_SMLEN];
- MIME_HEADER *mhdr = NULL;
- STACK_OF(MIME_HEADER) *headers;
- int len, state, save_state = 0;
-
- headers = sk_MIME_HEADER_new(mime_hdr_cmp);
- if (!headers)
- return NULL;
- while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
- /* If whitespace at line start then continuation line */
- if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
- else state = MIME_START;
- ntmp = NULL;
- /* Go through all characters */
- for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
-
- /* State machine to handle MIME headers
- * if this looks horrible that's because it *is*
- */
-
- switch(state) {
- case MIME_START:
- if(c == ':') {
- state = MIME_TYPE;
- *p = 0;
- ntmp = strip_ends(q);
- q = p + 1;
- }
- break;
-
- case MIME_TYPE:
- if(c == ';') {
- mime_debug("Found End Value\n");
- *p = 0;
- mhdr = mime_hdr_new(ntmp, strip_ends(q));
- sk_MIME_HEADER_push(headers, mhdr);
- ntmp = NULL;
- q = p + 1;
- state = MIME_NAME;
- } else if(c == '(') {
- save_state = state;
- state = MIME_COMMENT;
- }
- break;
-
- case MIME_COMMENT:
- if(c == ')') {
- state = save_state;
- }
- break;
-
- case MIME_NAME:
- if(c == '=') {
- state = MIME_VALUE;
- *p = 0;
- ntmp = strip_ends(q);
- q = p + 1;
- }
- break ;
-
- case MIME_VALUE:
- if(c == ';') {
- state = MIME_NAME;
- *p = 0;
- mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
- ntmp = NULL;
- q = p + 1;
- } else if (c == '"') {
- mime_debug("Found Quote\n");
- state = MIME_QUOTE;
- } else if(c == '(') {
- save_state = state;
- state = MIME_COMMENT;
- }
- break;
-
- case MIME_QUOTE:
- if(c == '"') {
- mime_debug("Found Match Quote\n");
- state = MIME_VALUE;
- }
- break;
- }
- }
-
- if(state == MIME_TYPE) {
- mhdr = mime_hdr_new(ntmp, strip_ends(q));
- sk_MIME_HEADER_push(headers, mhdr);
- } else if(state == MIME_VALUE)
- mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
- if(p == linebuf) break; /* Blank line means end of headers */
-}
-
-return headers;
-
-}
-
-static char *strip_ends(char *name)
-{
- return strip_end(strip_start(name));
-}
-
-/* Strip a parameter of whitespace from start of param */
-static char *strip_start(char *name)
-{
- char *p, c;
- /* Look for first non white space or quote */
- for(p = name; (c = *p) ;p++) {
- if(c == '"') {
- /* Next char is start of string if non null */
- if(p[1]) return p + 1;
- /* Else null string */
- return NULL;
- }
- if(!isspace((unsigned char)c)) return p;
- }
- return NULL;
-}
-
-/* As above but strip from end of string : maybe should handle brackets? */
-static char *strip_end(char *name)
-{
- char *p, c;
- if(!name) return NULL;
- /* Look for first non white space or quote */
- for(p = name + strlen(name) - 1; p >= name ;p--) {
- c = *p;
- if(c == '"') {
- if(p - 1 == name) return NULL;
- *p = 0;
- return name;
- }
- if(isspace((unsigned char)c)) *p = 0;
- else return name;
- }
- return NULL;
-}
-
-static MIME_HEADER *mime_hdr_new(char *name, char *value)
-{
- MIME_HEADER *mhdr;
- char *tmpname, *tmpval, *p;
- int c;
- if(name) {
- if(!(tmpname = BUF_strdup(name))) return NULL;
- for(p = tmpname ; *p; p++) {
- c = *p;
- if(isupper(c)) {
- c = tolower(c);
- *p = c;
- }
- }
- } else tmpname = NULL;
- if(value) {
- if(!(tmpval = BUF_strdup(value))) return NULL;
- for(p = tmpval ; *p; p++) {
- c = *p;
- if(isupper(c)) {
- c = tolower(c);
- *p = c;
- }
- }
- } else tmpval = NULL;
- mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
- if(!mhdr) return NULL;
- mhdr->name = tmpname;
- mhdr->value = tmpval;
- if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
- return mhdr;
-}
-
-static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
-{
- char *tmpname, *tmpval, *p;
- int c;
- MIME_PARAM *mparam;
- if(name) {
- tmpname = BUF_strdup(name);
- if(!tmpname) return 0;
- for(p = tmpname ; *p; p++) {
- c = *p;
- if(isupper(c)) {
- c = tolower(c);
- *p = c;
- }
- }
- } else tmpname = NULL;
- if(value) {
- tmpval = BUF_strdup(value);
- if(!tmpval) return 0;
- } else tmpval = NULL;
- /* Parameter values are case sensitive so leave as is */
- mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
- if(!mparam) return 0;
- mparam->param_name = tmpname;
- mparam->param_value = tmpval;
- sk_MIME_PARAM_push(mhdr->params, mparam);
- return 1;
-}
-
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
- const MIME_HEADER * const *b)
-{
- if (!(*a)->name || !(*b)->name)
- return !!(*a)->name - !!(*b)->name;
-
- return(strcmp((*a)->name, (*b)->name));
-}
-
-static int mime_param_cmp(const MIME_PARAM * const *a,
- const MIME_PARAM * const *b)
-{
- if (!(*a)->param_name || !(*b)->param_name)
- return !!(*a)->param_name - !!(*b)->param_name;
- return(strcmp((*a)->param_name, (*b)->param_name));
-}
-
-/* Find a header with a given name (if possible) */
-
-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
-{
- MIME_HEADER htmp;
- int idx;
- htmp.name = name;
- idx = sk_MIME_HEADER_find(hdrs, &htmp);
- if(idx < 0) return NULL;
- return sk_MIME_HEADER_value(hdrs, idx);
-}
-
-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
-{
- MIME_PARAM param;
- int idx;
- param.param_name = name;
- idx = sk_MIME_PARAM_find(hdr->params, ¶m);
- if(idx < 0) return NULL;
- return sk_MIME_PARAM_value(hdr->params, idx);
-}
-
-static void mime_hdr_free(MIME_HEADER *hdr)
-{
- if(hdr->name) OPENSSL_free(hdr->name);
- if(hdr->value) OPENSSL_free(hdr->value);
- if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
- OPENSSL_free(hdr);
-}
-
-static void mime_param_free(MIME_PARAM *param)
-{
- if(param->param_name) OPENSSL_free(param->param_name);
- if(param->param_value) OPENSSL_free(param->param_value);
- OPENSSL_free(param);
-}
-
-/* Check for a multipart boundary. Returns:
- * 0 : no boundary
- * 1 : part boundary
- * 2 : final boundary
- */
-static int mime_bound_check(char *line, int linelen, char *bound, int blen)
-{
- if(linelen == -1) linelen = strlen(line);
- if(blen == -1) blen = strlen(bound);
- /* Quickly eliminate if line length too short */
- if(blen + 2 > linelen) return 0;
- /* Check for part boundary */
- if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
- if(!strncmp(line + blen + 2, "--", 2)) return 2;
- else return 1;
- }
- return 0;
-}
-
-static int strip_eol(char *linebuf, int *plen)
- {
- int len = *plen;
- char *p, c;
- int is_eol = 0;
- p = linebuf + len - 1;
- for (p = linebuf + len - 1; len > 0; len--, p--)
- {
- c = *p;
- if (c == '\n')
- is_eol = 1;
- else if (c != '\r')
- break;
- }
- *plen = len;
- return is_eol;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_mime.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/asn_mime.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_mime.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_mime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,905 @@
+/* asn_mime.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/*
+ * Generalised MIME like utilities for streaming ASN1. Although many have a
+ * PKCS7/CMS like flavour others are more general purpose.
+ */
+
+/*
+ * MIME format structures Note that all are translated to lower case apart
+ * from parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+ char *param_name; /* Param name e.g. "micalg" */
+ char *param_value; /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+DECLARE_STACK_OF(MIME_PARAM)
+IMPLEMENT_STACK_OF(MIME_PARAM)
+
+typedef struct {
+ char *name; /* Name of line e.g. "content-type" */
+ char *value; /* Value of line e.g. "text/plain" */
+ STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
+} MIME_HEADER;
+
+DECLARE_STACK_OF(MIME_HEADER)
+IMPLEMENT_STACK_OF(MIME_HEADER)
+
+static char *strip_ends(char *name);
+static char *strip_start(char *name);
+static char *strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER *const *a,
+ const MIME_HEADER *const *b);
+static int mime_param_cmp(const MIME_PARAM *const *a,
+ const MIME_PARAM *const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x) /* x */
+
+/* Base 64 read and write of ASN1 structure */
+
+static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+ const ASN1_ITEM *it)
+{
+ BIO *b64;
+ int r;
+ b64 = BIO_new(BIO_f_base64());
+ if (!b64) {
+ ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /*
+ * prepend the b64 BIO so all data is base64 encoded.
+ */
+ out = BIO_push(b64, out);
+ r = ASN1_item_i2d_bio(it, out, val);
+ (void)BIO_flush(out);
+ BIO_pop(out);
+ BIO_free(b64);
+ return r;
+}
+
+static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
+{
+ BIO *b64;
+ ASN1_VALUE *val;
+ if (!(b64 = BIO_new(BIO_f_base64()))) {
+ ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ bio = BIO_push(b64, bio);
+ val = ASN1_item_d2i_bio(it, bio, NULL);
+ if (!val)
+ ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR);
+ (void)BIO_flush(bio);
+ bio = BIO_pop(bio);
+ BIO_free(b64);
+ return val;
+}
+
+/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
+
+static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
+{
+ int i, have_unknown = 0, write_comma, md_nid;
+ have_unknown = 0;
+ write_comma = 0;
+ for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) {
+ if (write_comma)
+ BIO_write(out, ",", 1);
+ write_comma = 1;
+ md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+ switch (md_nid) {
+ case NID_sha1:
+ BIO_puts(out, "sha1");
+ break;
+
+ case NID_md5:
+ BIO_puts(out, "md5");
+ break;
+
+ case NID_sha256:
+ BIO_puts(out, "sha-256");
+ break;
+
+ case NID_sha384:
+ BIO_puts(out, "sha-384");
+ break;
+
+ case NID_sha512:
+ BIO_puts(out, "sha-512");
+ break;
+
+ default:
+ if (have_unknown)
+ write_comma = 0;
+ else {
+ BIO_puts(out, "unknown");
+ have_unknown = 1;
+ }
+ break;
+
+ }
+ }
+
+ return 1;
+
+}
+
+/* SMIME sender */
+
+int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+ int ctype_nid, int econt_nid,
+ STACK_OF(X509_ALGOR) *mdalgs,
+ asn1_output_data_fn * data_fn, const ASN1_ITEM *it)
+{
+ char bound[33], c;
+ int i;
+ const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
+ const char *msg_type = NULL;
+ if (flags & SMIME_OLDMIME)
+ mime_prefix = "application/x-pkcs7-";
+ else
+ mime_prefix = "application/pkcs7-";
+
+ if (flags & SMIME_CRLFEOL)
+ mime_eol = "\r\n";
+ else
+ mime_eol = "\n";
+ if ((flags & SMIME_DETACHED) && data) {
+ /* We want multipart/signed */
+ /* Generate a random boundary */
+ RAND_pseudo_bytes((unsigned char *)bound, 32);
+ for (i = 0; i < 32; i++) {
+ c = bound[i] & 0xf;
+ if (c < 10)
+ c += '0';
+ else
+ c += 'A' - 10;
+ bound[i] = c;
+ }
+ bound[32] = 0;
+ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+ BIO_printf(bio, "Content-Type: multipart/signed;");
+ BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+ BIO_puts(bio, " micalg=\"");
+ asn1_write_micalg(bio, mdalgs);
+ BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
+ bound, mime_eol, mime_eol);
+ BIO_printf(bio, "This is an S/MIME signed message%s%s",
+ mime_eol, mime_eol);
+ /* Now write out the first part */
+ BIO_printf(bio, "------%s%s", bound, mime_eol);
+ if (!data_fn(bio, data, val, flags, it))
+ return 0;
+ BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+
+ /* Headers for signature */
+
+ BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
+ BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+ BIO_printf(bio, "Content-Transfer-Encoding: base64%s", mime_eol);
+ BIO_printf(bio, "Content-Disposition: attachment;");
+ BIO_printf(bio, " filename=\"smime.p7s\"%s%s", mime_eol, mime_eol);
+ B64_write_ASN1(bio, val, NULL, 0, it);
+ BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound,
+ mime_eol, mime_eol);
+ return 1;
+ }
+
+ /* Determine smime-type header */
+
+ if (ctype_nid == NID_pkcs7_enveloped)
+ msg_type = "enveloped-data";
+ else if (ctype_nid == NID_pkcs7_signed) {
+ if (econt_nid == NID_id_smime_ct_receipt)
+ msg_type = "signed-receipt";
+ else if (sk_X509_ALGOR_num(mdalgs) >= 0)
+ msg_type = "signed-data";
+ else
+ msg_type = "certs-only";
+ } else if (ctype_nid == NID_id_smime_ct_compressedData) {
+ msg_type = "compressed-data";
+ cname = "smime.p7z";
+ }
+ /* MIME headers */
+ BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+ BIO_printf(bio, "Content-Disposition: attachment;");
+ BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
+ BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+ if (msg_type)
+ BIO_printf(bio, " smime-type=%s;", msg_type);
+ BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
+ BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+ mime_eol, mime_eol);
+ if (!B64_write_ASN1(bio, val, data, flags, it))
+ return 0;
+ BIO_printf(bio, "%s", mime_eol);
+ return 1;
+}
+
+#if 0
+
+/* Handle output of ASN1 data */
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+ const ASN1_ITEM *it)
+{
+ BIO *tmpbio;
+ const ASN1_AUX *aux = it->funcs;
+ ASN1_STREAM_ARG sarg;
+
+ if (!(flags & SMIME_DETACHED)) {
+ SMIME_crlf_copy(data, out, flags);
+ return 1;
+ }
+
+ if (!aux || !aux->asn1_cb) {
+ ASN1err(ASN1_F_ASN1_OUTPUT_DATA, ASN1_R_STREAMING_NOT_SUPPORTED);
+ return 0;
+ }
+
+ sarg.out = out;
+ sarg.ndef_bio = NULL;
+ sarg.boundary = NULL;
+
+ /* Let ASN1 code prepend any needed BIOs */
+
+ if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
+ return 0;
+
+ /* Copy data across, passing through filter BIOs for processing */
+ SMIME_crlf_copy(data, sarg.ndef_bio, flags);
+
+ /* Finalize structure */
+ if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
+ return 0;
+
+ /* Now remove any digests prepended to the BIO */
+
+ while (sarg.ndef_bio != out) {
+ tmpbio = BIO_pop(sarg.ndef_bio);
+ BIO_free(sarg.ndef_bio);
+ sarg.ndef_bio = tmpbio;
+ }
+
+ return 1;
+
+}
+
+#endif
+
+/*
+ * SMIME reader: handle multipart/signed and opaque signing. in multipart
+ * case the content is placed in a memory BIO pointed to by "bcont". In
+ * opaque this is set to NULL
+ */
+
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
+{
+ BIO *asnin;
+ STACK_OF(MIME_HEADER) *headers = NULL;
+ STACK_OF(BIO) *parts = NULL;
+ MIME_HEADER *hdr;
+ MIME_PARAM *prm;
+ ASN1_VALUE *val;
+ int ret;
+
+ if (bcont)
+ *bcont = NULL;
+
+ if (!(headers = mime_parse_hdr(bio))) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR);
+ return NULL;
+ }
+
+ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
+ return NULL;
+ }
+
+ /* Handle multipart/signed */
+
+ if (!strcmp(hdr->value, "multipart/signed")) {
+ /* Split into two parts */
+ prm = mime_param_find(hdr, "boundary");
+ if (!prm || !prm->param_value) {
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
+ return NULL;
+ }
+ ret = multi_split(bio, prm->param_value, &parts);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ if (!ret || (sk_BIO_num(parts) != 2)) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+
+ /* Parse the signature piece */
+ asnin = sk_BIO_value(parts, 1);
+
+ if (!(headers = mime_parse_hdr(asnin))) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+
+ /* Get content type */
+
+ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
+ return NULL;
+ }
+
+ if (strcmp(hdr->value, "application/x-pkcs7-signature") &&
+ strcmp(hdr->value, "application/pkcs7-signature")) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ /* Read in ASN1 */
+ if (!(val = b64_read_asn1(asnin, it))) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR);
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return NULL;
+ }
+
+ if (bcont) {
+ *bcont = sk_BIO_value(parts, 0);
+ BIO_free(asnin);
+ sk_BIO_free(parts);
+ } else
+ sk_BIO_pop_free(parts, BIO_vfree);
+ return val;
+ }
+
+ /* OK, if not multipart/signed try opaque signature */
+
+ if (strcmp(hdr->value, "application/x-pkcs7-mime") &&
+ strcmp(hdr->value, "application/pkcs7-mime")) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ return NULL;
+ }
+
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+
+ if (!(val = b64_read_asn1(bio, it))) {
+ ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
+ return NULL;
+ }
+ return val;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+ BIO *bf;
+ char eol;
+ int len;
+ char linebuf[MAX_SMLEN];
+ /*
+ * Buffer output so we don't write one line at a time. This is useful
+ * when streaming as we don't end up with one OCTET STRING per line.
+ */
+ bf = BIO_new(BIO_f_buffer());
+ if (!bf)
+ return 0;
+ out = BIO_push(bf, out);
+ if (flags & SMIME_BINARY) {
+ while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+ BIO_write(out, linebuf, len);
+ } else {
+ if (flags & SMIME_TEXT)
+ BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+ while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+ eol = strip_eol(linebuf, &len);
+ if (len)
+ BIO_write(out, linebuf, len);
+ if (eol)
+ BIO_write(out, "\r\n", 2);
+ }
+ }
+ (void)BIO_flush(out);
+ BIO_pop(out);
+ BIO_free(bf);
+ return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+ char iobuf[4096];
+ int len;
+ STACK_OF(MIME_HEADER) *headers;
+ MIME_HEADER *hdr;
+
+ if (!(headers = mime_parse_hdr(in))) {
+ ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR);
+ return 0;
+ }
+ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ return 0;
+ }
+ if (strcmp(hdr->value, "text/plain")) {
+ ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ return 0;
+ }
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+ while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+ BIO_write(out, iobuf, len);
+ if (len < 0)
+ return 0;
+ return 1;
+}
+
+/*
+ * Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
+{
+ char linebuf[MAX_SMLEN];
+ int len, blen;
+ int eol = 0, next_eol = 0;
+ BIO *bpart = NULL;
+ STACK_OF(BIO) *parts;
+ char state, part, first;
+
+ blen = strlen(bound);
+ part = 0;
+ state = 0;
+ first = 1;
+ parts = sk_BIO_new_null();
+ *ret = parts;
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ state = mime_bound_check(linebuf, len, bound, blen);
+ if (state == 1) {
+ first = 1;
+ part++;
+ } else if (state == 2) {
+ sk_BIO_push(parts, bpart);
+ return 1;
+ } else if (part) {
+ /* Strip CR+LF from linebuf */
+ next_eol = strip_eol(linebuf, &len);
+ if (first) {
+ first = 0;
+ if (bpart)
+ sk_BIO_push(parts, bpart);
+ bpart = BIO_new(BIO_s_mem());
+ BIO_set_mem_eof_return(bpart, 0);
+ } else if (eol)
+ BIO_write(bpart, "\r\n", 2);
+ eol = next_eol;
+ if (len)
+ BIO_write(bpart, linebuf, len);
+ }
+ }
+ return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID 0
+#define MIME_START 1
+#define MIME_TYPE 2
+#define MIME_NAME 3
+#define MIME_VALUE 4
+#define MIME_QUOTE 5
+#define MIME_COMMENT 6
+
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+{
+ char *p, *q, c;
+ char *ntmp;
+ char linebuf[MAX_SMLEN];
+ MIME_HEADER *mhdr = NULL;
+ STACK_OF(MIME_HEADER) *headers;
+ int len, state, save_state = 0;
+
+ headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+ if (!headers)
+ return NULL;
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ /* If whitespace at line start then continuation line */
+ if (mhdr && isspace((unsigned char)linebuf[0]))
+ state = MIME_NAME;
+ else
+ state = MIME_START;
+ ntmp = NULL;
+ /* Go through all characters */
+ for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n');
+ p++) {
+
+ /*
+ * State machine to handle MIME headers if this looks horrible
+ * that's because it *is*
+ */
+
+ switch (state) {
+ case MIME_START:
+ if (c == ':') {
+ state = MIME_TYPE;
+ *p = 0;
+ ntmp = strip_ends(q);
+ q = p + 1;
+ }
+ break;
+
+ case MIME_TYPE:
+ if (c == ';') {
+ mime_debug("Found End Value\n");
+ *p = 0;
+ mhdr = mime_hdr_new(ntmp, strip_ends(q));
+ sk_MIME_HEADER_push(headers, mhdr);
+ ntmp = NULL;
+ q = p + 1;
+ state = MIME_NAME;
+ } else if (c == '(') {
+ save_state = state;
+ state = MIME_COMMENT;
+ }
+ break;
+
+ case MIME_COMMENT:
+ if (c == ')') {
+ state = save_state;
+ }
+ break;
+
+ case MIME_NAME:
+ if (c == '=') {
+ state = MIME_VALUE;
+ *p = 0;
+ ntmp = strip_ends(q);
+ q = p + 1;
+ }
+ break;
+
+ case MIME_VALUE:
+ if (c == ';') {
+ state = MIME_NAME;
+ *p = 0;
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ ntmp = NULL;
+ q = p + 1;
+ } else if (c == '"') {
+ mime_debug("Found Quote\n");
+ state = MIME_QUOTE;
+ } else if (c == '(') {
+ save_state = state;
+ state = MIME_COMMENT;
+ }
+ break;
+
+ case MIME_QUOTE:
+ if (c == '"') {
+ mime_debug("Found Match Quote\n");
+ state = MIME_VALUE;
+ }
+ break;
+ }
+ }
+
+ if (state == MIME_TYPE) {
+ mhdr = mime_hdr_new(ntmp, strip_ends(q));
+ sk_MIME_HEADER_push(headers, mhdr);
+ } else if (state == MIME_VALUE)
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ if (p == linebuf)
+ break; /* Blank line means end of headers */
+ }
+
+ return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+ return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+ char *p, c;
+ /* Look for first non white space or quote */
+ for (p = name; (c = *p); p++) {
+ if (c == '"') {
+ /* Next char is start of string if non null */
+ if (p[1])
+ return p + 1;
+ /* Else null string */
+ return NULL;
+ }
+ if (!isspace((unsigned char)c))
+ return p;
+ }
+ return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+ char *p, c;
+ if (!name)
+ return NULL;
+ /* Look for first non white space or quote */
+ for (p = name + strlen(name) - 1; p >= name; p--) {
+ c = *p;
+ if (c == '"') {
+ if (p - 1 == name)
+ return NULL;
+ *p = 0;
+ return name;
+ }
+ if (isspace((unsigned char)c))
+ *p = 0;
+ else
+ return name;
+ }
+ return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+ MIME_HEADER *mhdr;
+ char *tmpname, *tmpval, *p;
+ int c;
+ if (name) {
+ if (!(tmpname = BUF_strdup(name)))
+ return NULL;
+ for (p = tmpname; *p; p++) {
+ c = *p;
+ if (isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else
+ tmpname = NULL;
+ if (value) {
+ if (!(tmpval = BUF_strdup(value)))
+ return NULL;
+ for (p = tmpval; *p; p++) {
+ c = *p;
+ if (isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else
+ tmpval = NULL;
+ mhdr = (MIME_HEADER *)OPENSSL_malloc(sizeof(MIME_HEADER));
+ if (!mhdr)
+ return NULL;
+ mhdr->name = tmpname;
+ mhdr->value = tmpval;
+ if (!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)))
+ return NULL;
+ return mhdr;
+}
+
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+ char *tmpname, *tmpval, *p;
+ int c;
+ MIME_PARAM *mparam;
+ if (name) {
+ tmpname = BUF_strdup(name);
+ if (!tmpname)
+ return 0;
+ for (p = tmpname; *p; p++) {
+ c = *p;
+ if (isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else
+ tmpname = NULL;
+ if (value) {
+ tmpval = BUF_strdup(value);
+ if (!tmpval)
+ return 0;
+ } else
+ tmpval = NULL;
+ /* Parameter values are case sensitive so leave as is */
+ mparam = (MIME_PARAM *)OPENSSL_malloc(sizeof(MIME_PARAM));
+ if (!mparam)
+ return 0;
+ mparam->param_name = tmpname;
+ mparam->param_value = tmpval;
+ sk_MIME_PARAM_push(mhdr->params, mparam);
+ return 1;
+}
+
+static int mime_hdr_cmp(const MIME_HEADER *const *a,
+ const MIME_HEADER *const *b)
+{
+ if (!(*a)->name || !(*b)->name)
+ return ! !(*a)->name - ! !(*b)->name;
+
+ return (strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(const MIME_PARAM *const *a,
+ const MIME_PARAM *const *b)
+{
+ if (!(*a)->param_name || !(*b)->param_name)
+ return ! !(*a)->param_name - ! !(*b)->param_name;
+ return (strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
+{
+ MIME_HEADER htmp;
+ int idx;
+ htmp.name = name;
+ idx = sk_MIME_HEADER_find(hdrs, &htmp);
+ if (idx < 0)
+ return NULL;
+ return sk_MIME_HEADER_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+ MIME_PARAM param;
+ int idx;
+ param.param_name = name;
+ idx = sk_MIME_PARAM_find(hdr->params, ¶m);
+ if (idx < 0)
+ return NULL;
+ return sk_MIME_PARAM_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+ if (hdr->name)
+ OPENSSL_free(hdr->name);
+ if (hdr->value)
+ OPENSSL_free(hdr->value);
+ if (hdr->params)
+ sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+ OPENSSL_free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+ if (param->param_name)
+ OPENSSL_free(param->param_name);
+ if (param->param_value)
+ OPENSSL_free(param->param_value);
+ OPENSSL_free(param);
+}
+
+/*-
+ * Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+ if (linelen == -1)
+ linelen = strlen(line);
+ if (blen == -1)
+ blen = strlen(bound);
+ /* Quickly eliminate if line length too short */
+ if (blen + 2 > linelen)
+ return 0;
+ /* Check for part boundary */
+ if (!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+ if (!strncmp(line + blen + 2, "--", 2))
+ return 2;
+ else
+ return 1;
+ }
+ return 0;
+}
+
+static int strip_eol(char *linebuf, int *plen)
+{
+ int len = *plen;
+ char *p, c;
+ int is_eol = 0;
+ p = linebuf + len - 1;
+ for (p = linebuf + len - 1; len > 0; len--, p--) {
+ c = *p;
+ if (c == '\n')
+ is_eol = 1;
+ else if (c != '\r')
+ break;
+ }
+ *plen = len;
+ return is_eol;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_moid.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn_moid.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_moid.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,160 +0,0 @@
-/* asn_moid.c */
-/* Written by Stephen Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-
-/* Simple ASN1 OID module: add all objects in a given section */
-
-static int do_create(char *value, char *name);
-
-static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
- {
- int i;
- const char *oid_section;
- STACK_OF(CONF_VALUE) *sktmp;
- CONF_VALUE *oval;
- oid_section = CONF_imodule_get_value(md);
- if(!(sktmp = NCONF_get_section(cnf, oid_section)))
- {
- ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
- return 0;
- }
- for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
- {
- oval = sk_CONF_VALUE_value(sktmp, i);
- if(!do_create(oval->value, oval->name))
- {
- ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
- return 0;
- }
- }
- return 1;
- }
-
-static void oid_module_finish(CONF_IMODULE *md)
- {
- OBJ_cleanup();
- }
-
-void ASN1_add_oid_module(void)
- {
- CONF_module_add("oid_section", oid_module_init, oid_module_finish);
- }
-
-/* Create an OID based on a name value pair. Accept two formats.
- * shortname = 1.2.3.4
- * shortname = some long name, 1.2.3.4
- */
-
-
-static int do_create(char *value, char *name)
- {
- int nid;
- ASN1_OBJECT *oid;
- char *ln, *ostr, *p, *lntmp;
- p = strrchr(value, ',');
- if (!p)
- {
- ln = name;
- ostr = value;
- }
- else
- {
- ln = NULL;
- ostr = p + 1;
- if (!*ostr)
- return 0;
- while(isspace((unsigned char)*ostr)) ostr++;
- }
-
- nid = OBJ_create(ostr, name, ln);
-
- if (nid == NID_undef)
- return 0;
-
- if (p)
- {
- ln = value;
- while(isspace((unsigned char)*ln)) ln++;
- p--;
- while(isspace((unsigned char)*p))
- {
- if (p == ln)
- return 0;
- p--;
- }
- p++;
- lntmp = OPENSSL_malloc((p - ln) + 1);
- if (lntmp == NULL)
- return 0;
- memcpy(lntmp, ln, p - ln);
- lntmp[p - ln] = 0;
- oid = OBJ_nid2obj(nid);
- oid->ln = lntmp;
- }
-
- return 1;
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_moid.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/asn_moid.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_moid.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_moid.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,153 @@
+/* asn_moid.c */
+/*
+ * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+/* Simple ASN1 OID module: add all objects in a given section */
+
+static int do_create(char *value, char *name);
+
+static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+ int i;
+ const char *oid_section;
+ STACK_OF(CONF_VALUE) *sktmp;
+ CONF_VALUE *oval;
+ oid_section = CONF_imodule_get_value(md);
+ if (!(sktmp = NCONF_get_section(cnf, oid_section))) {
+ ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+ return 0;
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+ oval = sk_CONF_VALUE_value(sktmp, i);
+ if (!do_create(oval->value, oval->name)) {
+ ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static void oid_module_finish(CONF_IMODULE *md)
+{
+ OBJ_cleanup();
+}
+
+void ASN1_add_oid_module(void)
+{
+ CONF_module_add("oid_section", oid_module_init, oid_module_finish);
+}
+
+/*-
+ * Create an OID based on a name value pair. Accept two formats.
+ * shortname = 1.2.3.4
+ * shortname = some long name, 1.2.3.4
+ */
+
+static int do_create(char *value, char *name)
+{
+ int nid;
+ ASN1_OBJECT *oid;
+ char *ln, *ostr, *p, *lntmp;
+ p = strrchr(value, ',');
+ if (!p) {
+ ln = name;
+ ostr = value;
+ } else {
+ ln = NULL;
+ ostr = p + 1;
+ if (!*ostr)
+ return 0;
+ while (isspace((unsigned char)*ostr))
+ ostr++;
+ }
+
+ nid = OBJ_create(ostr, name, ln);
+
+ if (nid == NID_undef)
+ return 0;
+
+ if (p) {
+ ln = value;
+ while (isspace((unsigned char)*ln))
+ ln++;
+ p--;
+ while (isspace((unsigned char)*p)) {
+ if (p == ln)
+ return 0;
+ p--;
+ }
+ p++;
+ lntmp = OPENSSL_malloc((p - ln) + 1);
+ if (lntmp == NULL)
+ return 0;
+ memcpy(lntmp, ln, p - ln);
+ lntmp[p - ln] = 0;
+ oid = OBJ_nid2obj(nid);
+ oid->ln = lntmp;
+ }
+
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_pack.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_pack.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,199 +0,0 @@
-/* asn_pack.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-
-#ifndef NO_ASN1_OLD
-
-/* ASN1 packing and unpacking functions */
-
-/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
-
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
- d2i_of_void *d2i,void (*free_func)(void *))
-{
- STACK *sk;
- const unsigned char *pbuf;
- pbuf = buf;
- if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
- ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
- return sk;
-}
-
-/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
- * OPENSSL_malloc'ed buffer
- */
-
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
- unsigned char **buf, int *len)
-{
- int safelen;
- unsigned char *safe, *p;
- if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
- V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
- ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
- return NULL;
- }
- if (!(safe = OPENSSL_malloc (safelen))) {
- ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- p = safe;
- i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
- IS_SEQUENCE);
- if (len) *len = safelen;
- if (buf) *buf = safe;
- return safe;
-}
-
-/* Extract an ASN1 object from an ASN1_STRING */
-
-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
-{
- const unsigned char *p;
- char *ret;
-
- p = oct->data;
- if(!(ret = d2i(NULL, &p, oct->length)))
- ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
- return ret;
-}
-
-/* Pack an ASN1 object into an ASN1_STRING */
-
-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
-{
- unsigned char *p;
- ASN1_STRING *octmp;
-
- if (!oct || !*oct) {
- if (!(octmp = ASN1_STRING_new ())) {
- ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- if (oct) *oct = octmp;
- } else octmp = *oct;
-
- if (!(octmp->length = i2d(obj, NULL))) {
- ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
- goto err;
- }
- if (!(p = OPENSSL_malloc (octmp->length))) {
- ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- octmp->data = p;
- i2d (obj, &p);
- return octmp;
- err:
- if (!oct || !*oct)
- {
- ASN1_STRING_free(octmp);
- if (oct)
- *oct = NULL;
- }
- return NULL;
-}
-
-#endif
-
-/* ASN1_ITEM versions of the above */
-
-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
-{
- ASN1_STRING *octmp;
-
- if (!oct || !*oct) {
- if (!(octmp = ASN1_STRING_new ())) {
- ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- if (oct) *oct = octmp;
- } else octmp = *oct;
-
- if(octmp->data) {
- OPENSSL_free(octmp->data);
- octmp->data = NULL;
- }
-
- if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
- ASN1err(ASN1_F_ASN1_ITEM_PACK,ASN1_R_ENCODE_ERROR);
- return NULL;
- }
- if (!octmp->data) {
- ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- return octmp;
-}
-
-/* Extract an ASN1 object from an ASN1_STRING */
-
-void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
-{
- const unsigned char *p;
- void *ret;
-
- p = oct->data;
- if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
- ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR);
- return ret;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_pack.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/asn_pack.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_pack.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/asn_pack.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,206 @@
+/* asn_pack.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+#ifndef NO_ASN1_OLD
+
+/* ASN1 packing and unpacking functions */
+
+/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
+
+STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+ d2i_of_void *d2i, void (*free_func) (void *))
+{
+ STACK *sk;
+ const unsigned char *pbuf;
+ pbuf = buf;
+ if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
+ ASN1err(ASN1_F_ASN1_SEQ_UNPACK, ASN1_R_DECODE_ERROR);
+ return sk;
+}
+
+/*
+ * Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
+ * OPENSSL_malloc'ed buffer
+ */
+
+unsigned char *ASN1_seq_pack(STACK * safes, i2d_of_void *i2d,
+ unsigned char **buf, int *len)
+{
+ int safelen;
+ unsigned char *safe, *p;
+ if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
+ ASN1err(ASN1_F_ASN1_SEQ_PACK, ASN1_R_ENCODE_ERROR);
+ return NULL;
+ }
+ if (!(safe = OPENSSL_malloc(safelen))) {
+ ASN1err(ASN1_F_ASN1_SEQ_PACK, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ p = safe;
+ i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+ IS_SEQUENCE);
+ if (len)
+ *len = safelen;
+ if (buf)
+ *buf = safe;
+ return safe;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
+{
+ const unsigned char *p;
+ char *ret;
+
+ p = oct->data;
+ if (!(ret = d2i(NULL, &p, oct->length)))
+ ASN1err(ASN1_F_ASN1_UNPACK_STRING, ASN1_R_DECODE_ERROR);
+ return ret;
+}
+
+/* Pack an ASN1 object into an ASN1_STRING */
+
+ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
+{
+ unsigned char *p;
+ ASN1_STRING *octmp;
+
+ if (!oct || !*oct) {
+ if (!(octmp = ASN1_STRING_new())) {
+ ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (oct)
+ *oct = octmp;
+ } else
+ octmp = *oct;
+
+ if (!(octmp->length = i2d(obj, NULL))) {
+ ASN1err(ASN1_F_ASN1_PACK_STRING, ASN1_R_ENCODE_ERROR);
+ goto err;
+ }
+ if (!(p = OPENSSL_malloc(octmp->length))) {
+ ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ octmp->data = p;
+ i2d(obj, &p);
+ return octmp;
+ err:
+ if (!oct || !*oct) {
+ ASN1_STRING_free(octmp);
+ if (oct)
+ *oct = NULL;
+ }
+ return NULL;
+}
+
+#endif
+
+/* ASN1_ITEM versions of the above */
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+{
+ ASN1_STRING *octmp;
+
+ if (!oct || !*oct) {
+ if (!(octmp = ASN1_STRING_new())) {
+ ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (oct)
+ *oct = octmp;
+ } else
+ octmp = *oct;
+
+ if (octmp->data) {
+ OPENSSL_free(octmp->data);
+ octmp->data = NULL;
+ }
+
+ if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
+ ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
+ return NULL;
+ }
+ if (!octmp->data) {
+ ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ return octmp;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
+{
+ const unsigned char *p;
+ void *ret;
+
+ p = oct->data;
+ if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
+ ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR);
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/charmap.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/charmap.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/charmap.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,15 +0,0 @@
-/* Auto generated with chartype.pl script.
- * Mask of various character properties
- */
-
-static unsigned char char_type[] = {
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
-120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
-16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16,
- 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
-16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0,
- 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
-16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2
-};
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/charmap.h (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/charmap.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/charmap.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/charmap.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,15 @@
+/*
+ * Auto generated with chartype.pl script. Mask of various character
+ * properties
+ */
+
+static unsigned char char_type[] = {
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16,
+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16,
+ 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0,
+ 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
+ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
+};
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,161 +0,0 @@
-/* crypto/asn1/d2i_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-
-EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
- long length)
- {
- EVP_PKEY *ret;
-
- if ((a == NULL) || (*a == NULL))
- {
- if ((ret=EVP_PKEY_new()) == NULL)
- {
- ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB);
- return(NULL);
- }
- }
- else ret= *a;
-
- ret->save_type=type;
- ret->type=EVP_PKEY_type(type);
- switch (ret->type)
- {
-#ifndef OPENSSL_NO_RSA
- case EVP_PKEY_RSA:
- if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
- (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
- {
- ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
- goto err;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_DSA
- case EVP_PKEY_DSA:
- if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
- (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
- {
- ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
- goto err;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_EC
- case EVP_PKEY_EC:
- if ((ret->pkey.ec = d2i_ECPrivateKey(NULL,
- (const unsigned char **)pp, length)) == NULL)
- {
- ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
- goto err;
- }
- break;
-#endif
- default:
- ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
- goto err;
- /* break; */
- }
- if (a != NULL) (*a)=ret;
- return(ret);
-err:
- if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
- return(NULL);
- }
-
-/* This works like d2i_PrivateKey() except it automatically works out the type */
-
-EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
- long length)
-{
- STACK_OF(ASN1_TYPE) *inkey;
- const unsigned char *p;
- int keytype;
- p = *pp;
- /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
- * by analyzing it we can determine the passed structure: this
- * assumes the input is surrounded by an ASN1 SEQUENCE.
- */
- inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE,
- ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
- /* Since we only need to discern "traditional format" RSA and DSA
- * keys we can just count the elements.
- */
- if(sk_ASN1_TYPE_num(inkey) == 6)
- keytype = EVP_PKEY_DSA;
- else if (sk_ASN1_TYPE_num(inkey) == 4)
- keytype = EVP_PKEY_EC;
- else keytype = EVP_PKEY_RSA;
- sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
- return d2i_PrivateKey(keytype, a, pp, length);
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/d2i_pr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,169 @@
+/* crypto/asn1/d2i_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+# include <openssl/ec.h>
+#endif
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+ long length)
+{
+ EVP_PKEY *ret;
+
+ if ((a == NULL) || (*a == NULL)) {
+ if ((ret = EVP_PKEY_new()) == NULL) {
+ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB);
+ return (NULL);
+ }
+ } else
+ ret = *a;
+
+ ret->save_type = type;
+ ret->type = EVP_PKEY_type(type);
+ switch (ret->type) {
+#ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ /* TMP UGLY CAST */
+ if ((ret->pkey.rsa = d2i_RSAPrivateKey(NULL,
+ (const unsigned char **)pp,
+ length)) == NULL) {
+ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_DSA
+ case EVP_PKEY_DSA:
+ /* TMP UGLY CAST */
+ if ((ret->pkey.dsa = d2i_DSAPrivateKey(NULL,
+ (const unsigned char **)pp,
+ length)) == NULL) {
+ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ if ((ret->pkey.ec = d2i_ECPrivateKey(NULL,
+ (const unsigned char **)pp,
+ length)) == NULL) {
+ ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ break;
+#endif
+ default:
+ ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+ goto err;
+ /* break; */
+ }
+ if (a != NULL)
+ (*a) = ret;
+ return (ret);
+ err:
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ EVP_PKEY_free(ret);
+ return (NULL);
+}
+
+/*
+ * This works like d2i_PrivateKey() except it automatically works out the
+ * type
+ */
+
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+ long length)
+{
+ STACK_OF(ASN1_TYPE) *inkey;
+ const unsigned char *p;
+ int keytype;
+ p = *pp;
+ /*
+ * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
+ * analyzing it we can determine the passed structure: this assumes the
+ * input is surrounded by an ASN1 SEQUENCE.
+ */
+ inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE,
+ ASN1_TYPE_free, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL);
+ /*
+ * Since we only need to discern "traditional format" RSA and DSA keys we
+ * can just count the elements.
+ */
+ if (sk_ASN1_TYPE_num(inkey) == 6)
+ keytype = EVP_PKEY_DSA;
+ else if (sk_ASN1_TYPE_num(inkey) == 4)
+ keytype = EVP_PKEY_EC;
+ else
+ keytype = EVP_PKEY_RSA;
+ sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+ return d2i_PrivateKey(keytype, a, pp, length);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pu.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/d2i_pu.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pu.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,135 +0,0 @@
-/* crypto/asn1/d2i_pu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-
-EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
- long length)
- {
- EVP_PKEY *ret;
-
- if ((a == NULL) || (*a == NULL))
- {
- if ((ret=EVP_PKEY_new()) == NULL)
- {
- ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
- return(NULL);
- }
- }
- else ret= *a;
-
- ret->save_type=type;
- ret->type=EVP_PKEY_type(type);
- switch (ret->type)
- {
-#ifndef OPENSSL_NO_RSA
- case EVP_PKEY_RSA:
- if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
- (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
- {
- ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
- goto err;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_DSA
- case EVP_PKEY_DSA:
- if (!d2i_DSAPublicKey(&(ret->pkey.dsa),
- (const unsigned char **)pp,length)) /* TMP UGLY CAST */
- {
- ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
- goto err;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_EC
- case EVP_PKEY_EC:
- if (!o2i_ECPublicKey(&(ret->pkey.ec),
- (const unsigned char **)pp, length))
- {
- ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
- goto err;
- }
- break;
-#endif
- default:
- ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
- goto err;
- /* break; */
- }
- if (a != NULL) (*a)=ret;
- return(ret);
-err:
- if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
- return(NULL);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pu.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/d2i_pu.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pu.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/d2i_pu.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,133 @@
+/* crypto/asn1/d2i_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+# include <openssl/ec.h>
+#endif
+
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+ long length)
+{
+ EVP_PKEY *ret;
+
+ if ((a == NULL) || (*a == NULL)) {
+ if ((ret = EVP_PKEY_new()) == NULL) {
+ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
+ return (NULL);
+ }
+ } else
+ ret = *a;
+
+ ret->save_type = type;
+ ret->type = EVP_PKEY_type(type);
+ switch (ret->type) {
+#ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ /* TMP UGLY CAST */
+ if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL,
+ (const unsigned char **)pp,
+ length)) == NULL) {
+ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_DSA
+ case EVP_PKEY_DSA:
+ /* TMP UGLY CAST */
+ if (!d2i_DSAPublicKey(&(ret->pkey.dsa),
+ (const unsigned char **)pp, length)) {
+ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ if (!o2i_ECPublicKey(&(ret->pkey.ec),
+ (const unsigned char **)pp, length)) {
+ ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ break;
+#endif
+ default:
+ ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+ goto err;
+ /* break; */
+ }
+ if (a != NULL)
+ (*a) = ret;
+ return (ret);
+ err:
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ EVP_PKEY_free(ret);
+ return (NULL);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/evp_asn1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/evp_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,193 +0,0 @@
-/* crypto/asn1/evp_asn1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1_mac.h>
-
-int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
- {
- ASN1_STRING *os;
-
- if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
- if (!M_ASN1_OCTET_STRING_set(os,data,len))
- {
- M_ASN1_OCTET_STRING_free(os);
- return 0;
- }
- ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
- return(1);
- }
-
-/* int max_len: for returned value */
-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data,
- int max_len)
- {
- int ret,num;
- unsigned char *p;
-
- if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL))
- {
- ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
- return(-1);
- }
- p=M_ASN1_STRING_data(a->value.octet_string);
- ret=M_ASN1_STRING_length(a->value.octet_string);
- if (ret < max_len)
- num=ret;
- else
- num=max_len;
- memcpy(data,p,num);
- return(ret);
- }
-
-int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
- int len)
- {
- int n,size;
- ASN1_OCTET_STRING os,*osp;
- ASN1_INTEGER in;
- unsigned char *p;
- unsigned char buf[32]; /* when they have 256bit longs,
- * I'll be in trouble */
- in.data=buf;
- in.length=32;
- os.data=data;
- os.type=V_ASN1_OCTET_STRING;
- os.length=len;
- ASN1_INTEGER_set(&in,num);
- n = i2d_ASN1_INTEGER(&in,NULL);
- n+=M_i2d_ASN1_OCTET_STRING(&os,NULL);
-
- size=ASN1_object_size(1,n,V_ASN1_SEQUENCE);
-
- if ((osp=ASN1_STRING_new()) == NULL) return(0);
- /* Grow the 'string' */
- if (!ASN1_STRING_set(osp,NULL,size))
- {
- ASN1_STRING_free(osp);
- return(0);
- }
-
- M_ASN1_STRING_length_set(osp, size);
- p=M_ASN1_STRING_data(osp);
-
- ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
- i2d_ASN1_INTEGER(&in,&p);
- M_i2d_ASN1_OCTET_STRING(&os,&p);
-
- ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
- return(1);
- }
-
-/* we return the actual length..., num may be missing, in which
- * case, set it to zero */
-/* int max_len: for returned value */
-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
- int max_len)
- {
- int ret= -1,n;
- ASN1_INTEGER *ai=NULL;
- ASN1_OCTET_STRING *os=NULL;
- const unsigned char *p;
- long length;
- ASN1_const_CTX c;
-
- if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL))
- {
- goto err;
- }
- p=M_ASN1_STRING_data(a->value.sequence);
- length=M_ASN1_STRING_length(a->value.sequence);
-
- c.pp= &p;
- c.p=p;
- c.max=p+length;
- c.error=ASN1_R_DATA_IS_WRONG;
-
- M_ASN1_D2I_start_sequence();
- c.q=c.p;
- if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err;
- c.slen-=(c.p-c.q);
- c.q=c.p;
- if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err;
- c.slen-=(c.p-c.q);
- if (!M_ASN1_D2I_end_sequence()) goto err;
-
- if (num != NULL)
- *num=ASN1_INTEGER_get(ai);
-
- ret=M_ASN1_STRING_length(os);
- if (max_len > ret)
- n=ret;
- else
- n=max_len;
-
- if (data != NULL)
- memcpy(data,M_ASN1_STRING_data(os),n);
- if (0)
- {
-err:
- ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
- }
- if (os != NULL) M_ASN1_OCTET_STRING_free(os);
- if (ai != NULL) M_ASN1_INTEGER_free(ai);
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/evp_asn1.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/evp_asn1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/evp_asn1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/evp_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,195 @@
+/* crypto/asn1/evp_asn1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
+{
+ ASN1_STRING *os;
+
+ if ((os = M_ASN1_OCTET_STRING_new()) == NULL)
+ return (0);
+ if (!M_ASN1_OCTET_STRING_set(os, data, len)) {
+ M_ASN1_OCTET_STRING_free(os);
+ return 0;
+ }
+ ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os);
+ return (1);
+}
+
+/* int max_len: for returned value */
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len)
+{
+ int ret, num;
+ unsigned char *p;
+
+ if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) {
+ ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
+ return (-1);
+ }
+ p = M_ASN1_STRING_data(a->value.octet_string);
+ ret = M_ASN1_STRING_length(a->value.octet_string);
+ if (ret < max_len)
+ num = ret;
+ else
+ num = max_len;
+ memcpy(data, p, num);
+ return (ret);
+}
+
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
+ int len)
+{
+ int n, size;
+ ASN1_OCTET_STRING os, *osp;
+ ASN1_INTEGER in;
+ unsigned char *p;
+ unsigned char buf[32]; /* when they have 256bit longs, I'll be in
+ * trouble */
+ in.data = buf;
+ in.length = 32;
+ os.data = data;
+ os.type = V_ASN1_OCTET_STRING;
+ os.length = len;
+ ASN1_INTEGER_set(&in, num);
+ n = i2d_ASN1_INTEGER(&in, NULL);
+ n += M_i2d_ASN1_OCTET_STRING(&os, NULL);
+
+ size = ASN1_object_size(1, n, V_ASN1_SEQUENCE);
+
+ if ((osp = ASN1_STRING_new()) == NULL)
+ return (0);
+ /* Grow the 'string' */
+ if (!ASN1_STRING_set(osp, NULL, size)) {
+ ASN1_STRING_free(osp);
+ return (0);
+ }
+
+ M_ASN1_STRING_length_set(osp, size);
+ p = M_ASN1_STRING_data(osp);
+
+ ASN1_put_object(&p, 1, n, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+ i2d_ASN1_INTEGER(&in, &p);
+ M_i2d_ASN1_OCTET_STRING(&os, &p);
+
+ ASN1_TYPE_set(a, V_ASN1_SEQUENCE, osp);
+ return (1);
+}
+
+/*
+ * we return the actual length..., num may be missing, in which case, set it
+ * to zero
+ */
+/* int max_len: for returned value */
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
+ unsigned char *data, int max_len)
+{
+ int ret = -1, n;
+ ASN1_INTEGER *ai = NULL;
+ ASN1_OCTET_STRING *os = NULL;
+ const unsigned char *p;
+ long length;
+ ASN1_const_CTX c;
+
+ if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) {
+ goto err;
+ }
+ p = M_ASN1_STRING_data(a->value.sequence);
+ length = M_ASN1_STRING_length(a->value.sequence);
+
+ c.pp = &p;
+ c.p = p;
+ c.max = p + length;
+ c.error = ASN1_R_DATA_IS_WRONG;
+
+ M_ASN1_D2I_start_sequence();
+ c.q = c.p;
+ if ((ai = d2i_ASN1_INTEGER(NULL, &c.p, c.slen)) == NULL)
+ goto err;
+ c.slen -= (c.p - c.q);
+ c.q = c.p;
+ if ((os = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
+ goto err;
+ c.slen -= (c.p - c.q);
+ if (!M_ASN1_D2I_end_sequence())
+ goto err;
+
+ if (num != NULL)
+ *num = ASN1_INTEGER_get(ai);
+
+ ret = M_ASN1_STRING_length(os);
+ if (max_len > ret)
+ n = ret;
+ else
+ n = max_len;
+
+ if (data != NULL)
+ memcpy(data, M_ASN1_STRING_data(os), n);
+ if (0) {
+ err:
+ ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
+ }
+ if (os != NULL)
+ M_ASN1_OCTET_STRING_free(os);
+ if (ai != NULL)
+ M_ASN1_INTEGER_free(ai);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_enum.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/f_enum.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_enum.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,207 +0,0 @@
-/* crypto/asn1/f_enum.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-/* Based on a_int.c: equivalent ENUMERATED functions */
-
-int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
- {
- int i,n=0;
- static const char *h="0123456789ABCDEF";
- char buf[2];
-
- if (a == NULL) return(0);
-
- if (a->length == 0)
- {
- if (BIO_write(bp,"00",2) != 2) goto err;
- n=2;
- }
- else
- {
- for (i=0; i<a->length; i++)
- {
- if ((i != 0) && (i%35 == 0))
- {
- if (BIO_write(bp,"\\\n",2) != 2) goto err;
- n+=2;
- }
- buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
- buf[1]=h[((unsigned char)a->data[i] )&0x0f];
- if (BIO_write(bp,buf,2) != 2) goto err;
- n+=2;
- }
- }
- return(n);
-err:
- return(-1);
- }
-
-int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
- {
- int ret=0;
- int i,j,k,m,n,again,bufsize;
- unsigned char *s=NULL,*sp;
- unsigned char *bufp;
- int num=0,slen=0,first=1;
-
- bs->type=V_ASN1_ENUMERATED;
-
- bufsize=BIO_gets(bp,buf,size);
- for (;;)
- {
- if (bufsize < 1) goto err_sl;
- i=bufsize;
- if (buf[i-1] == '\n') buf[--i]='\0';
- if (i == 0) goto err_sl;
- if (buf[i-1] == '\r') buf[--i]='\0';
- if (i == 0) goto err_sl;
- again=(buf[i-1] == '\\');
-
- for (j=0; j<i; j++)
- {
- if (!( ((buf[j] >= '0') && (buf[j] <= '9')) ||
- ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
- ((buf[j] >= 'A') && (buf[j] <= 'F'))))
- {
- i=j;
- break;
- }
- }
- buf[i]='\0';
- /* We have now cleared all the crap off the end of the
- * line */
- if (i < 2) goto err_sl;
-
- bufp=(unsigned char *)buf;
- if (first)
- {
- first=0;
- if ((bufp[0] == '0') && (buf[1] == '0'))
- {
- bufp+=2;
- i-=2;
- }
- }
- k=0;
- i-=again;
- if (i%2 != 0)
- {
- ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS);
- goto err;
- }
- i/=2;
- if (num+i > slen)
- {
- if (s == NULL)
- sp=(unsigned char *)OPENSSL_malloc(
- (unsigned int)num+i*2);
- else
- sp=(unsigned char *)OPENSSL_realloc(s,
- (unsigned int)num+i*2);
- if (sp == NULL)
- {
- ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
- if (s != NULL) OPENSSL_free(s);
- goto err;
- }
- s=sp;
- slen=num+i*2;
- }
- for (j=0; j<i; j++,k+=2)
- {
- for (n=0; n<2; n++)
- {
- m=bufp[k+n];
- if ((m >= '0') && (m <= '9'))
- m-='0';
- else if ((m >= 'a') && (m <= 'f'))
- m=m-'a'+10;
- else if ((m >= 'A') && (m <= 'F'))
- m=m-'A'+10;
- else
- {
- ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS);
- goto err;
- }
- s[num+j]<<=4;
- s[num+j]|=m;
- }
- }
- num+=i;
- if (again)
- bufsize=BIO_gets(bp,buf,size);
- else
- break;
- }
- bs->length=num;
- bs->data=s;
- ret=1;
-err:
- if (0)
- {
-err_sl:
- ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE);
- }
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_enum.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/f_enum.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_enum.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_enum.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,203 @@
+/* crypto/asn1/f_enum.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+/* Based on a_int.c: equivalent ENUMERATED functions */
+
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
+{
+ int i, n = 0;
+ static const char *h = "0123456789ABCDEF";
+ char buf[2];
+
+ if (a == NULL)
+ return (0);
+
+ if (a->length == 0) {
+ if (BIO_write(bp, "00", 2) != 2)
+ goto err;
+ n = 2;
+ } else {
+ for (i = 0; i < a->length; i++) {
+ if ((i != 0) && (i % 35 == 0)) {
+ if (BIO_write(bp, "\\\n", 2) != 2)
+ goto err;
+ n += 2;
+ }
+ buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+ buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+ if (BIO_write(bp, buf, 2) != 2)
+ goto err;
+ n += 2;
+ }
+ }
+ return (n);
+ err:
+ return (-1);
+}
+
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
+{
+ int ret = 0;
+ int i, j, k, m, n, again, bufsize;
+ unsigned char *s = NULL, *sp;
+ unsigned char *bufp;
+ int num = 0, slen = 0, first = 1;
+
+ bs->type = V_ASN1_ENUMERATED;
+
+ bufsize = BIO_gets(bp, buf, size);
+ for (;;) {
+ if (bufsize < 1)
+ goto err_sl;
+ i = bufsize;
+ if (buf[i - 1] == '\n')
+ buf[--i] = '\0';
+ if (i == 0)
+ goto err_sl;
+ if (buf[i - 1] == '\r')
+ buf[--i] = '\0';
+ if (i == 0)
+ goto err_sl;
+ again = (buf[i - 1] == '\\');
+
+ for (j = 0; j < i; j++) {
+ if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
+ ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+ ((buf[j] >= 'A') && (buf[j] <= 'F')))) {
+ i = j;
+ break;
+ }
+ }
+ buf[i] = '\0';
+ /*
+ * We have now cleared all the crap off the end of the line
+ */
+ if (i < 2)
+ goto err_sl;
+
+ bufp = (unsigned char *)buf;
+ if (first) {
+ first = 0;
+ if ((bufp[0] == '0') && (buf[1] == '0')) {
+ bufp += 2;
+ i -= 2;
+ }
+ }
+ k = 0;
+ i -= again;
+ if (i % 2 != 0) {
+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS);
+ goto err;
+ }
+ i /= 2;
+ if (num + i > slen) {
+ if (s == NULL)
+ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
+ i * 2);
+ else
+ sp = (unsigned char *)OPENSSL_realloc(s,
+ (unsigned int)num +
+ i * 2);
+ if (sp == NULL) {
+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
+ if (s != NULL)
+ OPENSSL_free(s);
+ goto err;
+ }
+ s = sp;
+ slen = num + i * 2;
+ }
+ for (j = 0; j < i; j++, k += 2) {
+ for (n = 0; n < 2; n++) {
+ m = bufp[k + n];
+ if ((m >= '0') && (m <= '9'))
+ m -= '0';
+ else if ((m >= 'a') && (m <= 'f'))
+ m = m - 'a' + 10;
+ else if ((m >= 'A') && (m <= 'F'))
+ m = m - 'A' + 10;
+ else {
+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,
+ ASN1_R_NON_HEX_CHARACTERS);
+ goto err;
+ }
+ s[num + j] <<= 4;
+ s[num + j] |= m;
+ }
+ }
+ num += i;
+ if (again)
+ bufsize = BIO_gets(bp, buf, size);
+ else
+ break;
+ }
+ bs->length = num;
+ bs->data = s;
+ ret = 1;
+ err:
+ if (0) {
+ err_sl:
+ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE);
+ }
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_int.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/f_int.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_int.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,219 +0,0 @@
-/* crypto/asn1/f_int.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
- {
- int i,n=0;
- static const char *h="0123456789ABCDEF";
- char buf[2];
-
- if (a == NULL) return(0);
-
- if (a->type & V_ASN1_NEG)
- {
- if (BIO_write(bp, "-", 1) != 1) goto err;
- n = 1;
- }
-
- if (a->length == 0)
- {
- if (BIO_write(bp,"00",2) != 2) goto err;
- n += 2;
- }
- else
- {
- for (i=0; i<a->length; i++)
- {
- if ((i != 0) && (i%35 == 0))
- {
- if (BIO_write(bp,"\\\n",2) != 2) goto err;
- n+=2;
- }
- buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
- buf[1]=h[((unsigned char)a->data[i] )&0x0f];
- if (BIO_write(bp,buf,2) != 2) goto err;
- n+=2;
- }
- }
- return(n);
-err:
- return(-1);
- }
-
-int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
- {
- int ret=0;
- int i,j,k,m,n,again,bufsize;
- unsigned char *s=NULL,*sp;
- unsigned char *bufp;
- int num=0,slen=0,first=1;
-
- bs->type=V_ASN1_INTEGER;
-
- bufsize=BIO_gets(bp,buf,size);
- for (;;)
- {
- if (bufsize < 1) goto err_sl;
- i=bufsize;
- if (buf[i-1] == '\n') buf[--i]='\0';
- if (i == 0) goto err_sl;
- if (buf[i-1] == '\r') buf[--i]='\0';
- if (i == 0) goto err_sl;
- again=(buf[i-1] == '\\');
-
- for (j=0; j<i; j++)
- {
-#ifndef CHARSET_EBCDIC
- if (!( ((buf[j] >= '0') && (buf[j] <= '9')) ||
- ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
- ((buf[j] >= 'A') && (buf[j] <= 'F'))))
-#else
- /* This #ifdef is not strictly necessary, since
- * the characters A...F a...f 0...9 are contiguous
- * (yes, even in EBCDIC - but not the whole alphabet).
- * Nevertheless, isxdigit() is faster.
- */
- if (!isxdigit(buf[j]))
-#endif
- {
- i=j;
- break;
- }
- }
- buf[i]='\0';
- /* We have now cleared all the crap off the end of the
- * line */
- if (i < 2) goto err_sl;
-
- bufp=(unsigned char *)buf;
- if (first)
- {
- first=0;
- if ((bufp[0] == '0') && (buf[1] == '0'))
- {
- bufp+=2;
- i-=2;
- }
- }
- k=0;
- i-=again;
- if (i%2 != 0)
- {
- ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS);
- goto err;
- }
- i/=2;
- if (num+i > slen)
- {
- if (s == NULL)
- sp=(unsigned char *)OPENSSL_malloc(
- (unsigned int)num+i*2);
- else
- sp=OPENSSL_realloc_clean(s,slen,num+i*2);
- if (sp == NULL)
- {
- ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
- if (s != NULL) OPENSSL_free(s);
- goto err;
- }
- s=sp;
- slen=num+i*2;
- }
- for (j=0; j<i; j++,k+=2)
- {
- for (n=0; n<2; n++)
- {
- m=bufp[k+n];
- if ((m >= '0') && (m <= '9'))
- m-='0';
- else if ((m >= 'a') && (m <= 'f'))
- m=m-'a'+10;
- else if ((m >= 'A') && (m <= 'F'))
- m=m-'A'+10;
- else
- {
- ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS);
- goto err;
- }
- s[num+j]<<=4;
- s[num+j]|=m;
- }
- }
- num+=i;
- if (again)
- bufsize=BIO_gets(bp,buf,size);
- else
- break;
- }
- bs->length=num;
- bs->data=s;
- ret=1;
-err:
- if (0)
- {
-err_sl:
- ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE);
- }
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_int.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/f_int.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_int.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_int.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,215 @@
+/* crypto/asn1/f_int.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
+{
+ int i, n = 0;
+ static const char *h = "0123456789ABCDEF";
+ char buf[2];
+
+ if (a == NULL)
+ return (0);
+
+ if (a->type & V_ASN1_NEG) {
+ if (BIO_write(bp, "-", 1) != 1)
+ goto err;
+ n = 1;
+ }
+
+ if (a->length == 0) {
+ if (BIO_write(bp, "00", 2) != 2)
+ goto err;
+ n += 2;
+ } else {
+ for (i = 0; i < a->length; i++) {
+ if ((i != 0) && (i % 35 == 0)) {
+ if (BIO_write(bp, "\\\n", 2) != 2)
+ goto err;
+ n += 2;
+ }
+ buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+ buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+ if (BIO_write(bp, buf, 2) != 2)
+ goto err;
+ n += 2;
+ }
+ }
+ return (n);
+ err:
+ return (-1);
+}
+
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
+{
+ int ret = 0;
+ int i, j, k, m, n, again, bufsize;
+ unsigned char *s = NULL, *sp;
+ unsigned char *bufp;
+ int num = 0, slen = 0, first = 1;
+
+ bs->type = V_ASN1_INTEGER;
+
+ bufsize = BIO_gets(bp, buf, size);
+ for (;;) {
+ if (bufsize < 1)
+ goto err_sl;
+ i = bufsize;
+ if (buf[i - 1] == '\n')
+ buf[--i] = '\0';
+ if (i == 0)
+ goto err_sl;
+ if (buf[i - 1] == '\r')
+ buf[--i] = '\0';
+ if (i == 0)
+ goto err_sl;
+ again = (buf[i - 1] == '\\');
+
+ for (j = 0; j < i; j++) {
+#ifndef CHARSET_EBCDIC
+ if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
+ ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+ ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+ /*
+ * This #ifdef is not strictly necessary, since the characters
+ * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
+ * not the whole alphabet). Nevertheless, isxdigit() is faster.
+ */
+ if (!isxdigit(buf[j]))
+#endif
+ {
+ i = j;
+ break;
+ }
+ }
+ buf[i] = '\0';
+ /*
+ * We have now cleared all the crap off the end of the line
+ */
+ if (i < 2)
+ goto err_sl;
+
+ bufp = (unsigned char *)buf;
+ if (first) {
+ first = 0;
+ if ((bufp[0] == '0') && (buf[1] == '0')) {
+ bufp += 2;
+ i -= 2;
+ }
+ }
+ k = 0;
+ i -= again;
+ if (i % 2 != 0) {
+ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS);
+ goto err;
+ }
+ i /= 2;
+ if (num + i > slen) {
+ if (s == NULL)
+ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
+ i * 2);
+ else
+ sp = OPENSSL_realloc_clean(s, slen, num + i * 2);
+ if (sp == NULL) {
+ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+ if (s != NULL)
+ OPENSSL_free(s);
+ goto err;
+ }
+ s = sp;
+ slen = num + i * 2;
+ }
+ for (j = 0; j < i; j++, k += 2) {
+ for (n = 0; n < 2; n++) {
+ m = bufp[k + n];
+ if ((m >= '0') && (m <= '9'))
+ m -= '0';
+ else if ((m >= 'a') && (m <= 'f'))
+ m = m - 'a' + 10;
+ else if ((m >= 'A') && (m <= 'F'))
+ m = m - 'A' + 10;
+ else {
+ ASN1err(ASN1_F_A2I_ASN1_INTEGER,
+ ASN1_R_NON_HEX_CHARACTERS);
+ goto err;
+ }
+ s[num + j] <<= 4;
+ s[num + j] |= m;
+ }
+ }
+ num += i;
+ if (again)
+ bufsize = BIO_gets(bp, buf, size);
+ else
+ break;
+ }
+ bs->length = num;
+ bs->data = s;
+ ret = 1;
+ err:
+ if (0) {
+ err_sl:
+ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
+ }
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_string.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/f_string.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_string.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,212 +0,0 @@
-/* crypto/asn1/f_string.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-
-int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
- {
- int i,n=0;
- static const char *h="0123456789ABCDEF";
- char buf[2];
-
- if (a == NULL) return(0);
-
- if (a->length == 0)
- {
- if (BIO_write(bp,"0",1) != 1) goto err;
- n=1;
- }
- else
- {
- for (i=0; i<a->length; i++)
- {
- if ((i != 0) && (i%35 == 0))
- {
- if (BIO_write(bp,"\\\n",2) != 2) goto err;
- n+=2;
- }
- buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
- buf[1]=h[((unsigned char)a->data[i] )&0x0f];
- if (BIO_write(bp,buf,2) != 2) goto err;
- n+=2;
- }
- }
- return(n);
-err:
- return(-1);
- }
-
-int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
- {
- int ret=0;
- int i,j,k,m,n,again,bufsize;
- unsigned char *s=NULL,*sp;
- unsigned char *bufp;
- int num=0,slen=0,first=1;
-
- bufsize=BIO_gets(bp,buf,size);
- for (;;)
- {
- if (bufsize < 1)
- {
- if (first)
- break;
- else
- goto err_sl;
- }
- first=0;
-
- i=bufsize;
- if (buf[i-1] == '\n') buf[--i]='\0';
- if (i == 0) goto err_sl;
- if (buf[i-1] == '\r') buf[--i]='\0';
- if (i == 0) goto err_sl;
- again=(buf[i-1] == '\\');
-
- for (j=i-1; j>0; j--)
- {
-#ifndef CHARSET_EBCDIC
- if (!( ((buf[j] >= '0') && (buf[j] <= '9')) ||
- ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
- ((buf[j] >= 'A') && (buf[j] <= 'F'))))
-#else
- /* This #ifdef is not strictly necessary, since
- * the characters A...F a...f 0...9 are contiguous
- * (yes, even in EBCDIC - but not the whole alphabet).
- * Nevertheless, isxdigit() is faster.
- */
- if (!isxdigit(buf[j]))
-#endif
- {
- i=j;
- break;
- }
- }
- buf[i]='\0';
- /* We have now cleared all the crap off the end of the
- * line */
- if (i < 2) goto err_sl;
-
- bufp=(unsigned char *)buf;
-
- k=0;
- i-=again;
- if (i%2 != 0)
- {
- ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS);
- goto err;
- }
- i/=2;
- if (num+i > slen)
- {
- if (s == NULL)
- sp=(unsigned char *)OPENSSL_malloc(
- (unsigned int)num+i*2);
- else
- sp=(unsigned char *)OPENSSL_realloc(s,
- (unsigned int)num+i*2);
- if (sp == NULL)
- {
- ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
- if (s != NULL) OPENSSL_free(s);
- goto err;
- }
- s=sp;
- slen=num+i*2;
- }
- for (j=0; j<i; j++,k+=2)
- {
- for (n=0; n<2; n++)
- {
- m=bufp[k+n];
- if ((m >= '0') && (m <= '9'))
- m-='0';
- else if ((m >= 'a') && (m <= 'f'))
- m=m-'a'+10;
- else if ((m >= 'A') && (m <= 'F'))
- m=m-'A'+10;
- else
- {
- ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS);
- goto err;
- }
- s[num+j]<<=4;
- s[num+j]|=m;
- }
- }
- num+=i;
- if (again)
- bufsize=BIO_gets(bp,buf,size);
- else
- break;
- }
- bs->length=num;
- bs->data=s;
- ret=1;
-err:
- if (0)
- {
-err_sl:
- ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE);
- }
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_string.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/f_string.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_string.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/f_string.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,209 @@
+/* crypto/asn1/f_string.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
+{
+ int i, n = 0;
+ static const char *h = "0123456789ABCDEF";
+ char buf[2];
+
+ if (a == NULL)
+ return (0);
+
+ if (a->length == 0) {
+ if (BIO_write(bp, "0", 1) != 1)
+ goto err;
+ n = 1;
+ } else {
+ for (i = 0; i < a->length; i++) {
+ if ((i != 0) && (i % 35 == 0)) {
+ if (BIO_write(bp, "\\\n", 2) != 2)
+ goto err;
+ n += 2;
+ }
+ buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+ buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+ if (BIO_write(bp, buf, 2) != 2)
+ goto err;
+ n += 2;
+ }
+ }
+ return (n);
+ err:
+ return (-1);
+}
+
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
+{
+ int ret = 0;
+ int i, j, k, m, n, again, bufsize;
+ unsigned char *s = NULL, *sp;
+ unsigned char *bufp;
+ int num = 0, slen = 0, first = 1;
+
+ bufsize = BIO_gets(bp, buf, size);
+ for (;;) {
+ if (bufsize < 1) {
+ if (first)
+ break;
+ else
+ goto err_sl;
+ }
+ first = 0;
+
+ i = bufsize;
+ if (buf[i - 1] == '\n')
+ buf[--i] = '\0';
+ if (i == 0)
+ goto err_sl;
+ if (buf[i - 1] == '\r')
+ buf[--i] = '\0';
+ if (i == 0)
+ goto err_sl;
+ again = (buf[i - 1] == '\\');
+
+ for (j = i - 1; j > 0; j--) {
+#ifndef CHARSET_EBCDIC
+ if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
+ ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+ ((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+ /*
+ * This #ifdef is not strictly necessary, since the characters
+ * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
+ * not the whole alphabet). Nevertheless, isxdigit() is faster.
+ */
+ if (!isxdigit(buf[j]))
+#endif
+ {
+ i = j;
+ break;
+ }
+ }
+ buf[i] = '\0';
+ /*
+ * We have now cleared all the crap off the end of the line
+ */
+ if (i < 2)
+ goto err_sl;
+
+ bufp = (unsigned char *)buf;
+
+ k = 0;
+ i -= again;
+ if (i % 2 != 0) {
+ ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS);
+ goto err;
+ }
+ i /= 2;
+ if (num + i > slen) {
+ if (s == NULL)
+ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
+ i * 2);
+ else
+ sp = (unsigned char *)OPENSSL_realloc(s,
+ (unsigned int)num +
+ i * 2);
+ if (sp == NULL) {
+ ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE);
+ if (s != NULL)
+ OPENSSL_free(s);
+ goto err;
+ }
+ s = sp;
+ slen = num + i * 2;
+ }
+ for (j = 0; j < i; j++, k += 2) {
+ for (n = 0; n < 2; n++) {
+ m = bufp[k + n];
+ if ((m >= '0') && (m <= '9'))
+ m -= '0';
+ else if ((m >= 'a') && (m <= 'f'))
+ m = m - 'a' + 10;
+ else if ((m >= 'A') && (m <= 'F'))
+ m = m - 'A' + 10;
+ else {
+ ASN1err(ASN1_F_A2I_ASN1_STRING,
+ ASN1_R_NON_HEX_CHARACTERS);
+ goto err;
+ }
+ s[num + j] <<= 4;
+ s[num + j] |= m;
+ }
+ }
+ num += i;
+ if (again)
+ bufsize = BIO_gets(bp, buf, size);
+ else
+ break;
+ }
+ bs->length = num;
+ bs->data = s;
+ ret = 1;
+ err:
+ if (0) {
+ err_sl:
+ ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
+ }
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/i2d_pr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,99 +0,0 @@
-/* crypto/asn1/i2d_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-
-int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
- {
-#ifndef OPENSSL_NO_RSA
- if (a->type == EVP_PKEY_RSA)
- {
- return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (a->type == EVP_PKEY_DSA)
- {
- return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
- }
-#endif
-#ifndef OPENSSL_NO_EC
- if (a->type == EVP_PKEY_EC)
- {
- return(i2d_ECPrivateKey(a->pkey.ec, pp));
- }
-#endif
-
- ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
- return(-1);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/i2d_pr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,94 @@
+/* crypto/asn1/i2d_pr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+# include <openssl/ec.h>
+#endif
+
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
+{
+#ifndef OPENSSL_NO_RSA
+ if (a->type == EVP_PKEY_RSA) {
+ return (i2d_RSAPrivateKey(a->pkey.rsa, pp));
+ } else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (a->type == EVP_PKEY_DSA) {
+ return (i2d_DSAPrivateKey(a->pkey.dsa, pp));
+ }
+#endif
+#ifndef OPENSSL_NO_EC
+ if (a->type == EVP_PKEY_EC) {
+ return (i2d_ECPrivateKey(a->pkey.ec, pp));
+ }
+#endif
+
+ ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+ return (-1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pu.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/i2d_pu.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pu.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,95 +0,0 @@
-/* crypto/asn1/i2d_pu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-
-int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
- {
- switch (a->type)
- {
-#ifndef OPENSSL_NO_RSA
- case EVP_PKEY_RSA:
- return(i2d_RSAPublicKey(a->pkey.rsa,pp));
-#endif
-#ifndef OPENSSL_NO_DSA
- case EVP_PKEY_DSA:
- return(i2d_DSAPublicKey(a->pkey.dsa,pp));
-#endif
-#ifndef OPENSSL_NO_EC
- case EVP_PKEY_EC:
- return(i2o_ECPublicKey(a->pkey.ec, pp));
-#endif
- default:
- ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
- return(-1);
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pu.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/i2d_pu.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pu.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/i2d_pu.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,93 @@
+/* crypto/asn1/i2d_pu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+# include <openssl/ec.h>
+#endif
+
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
+{
+ switch (a->type) {
+#ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ return (i2d_RSAPublicKey(a->pkey.rsa, pp));
+#endif
+#ifndef OPENSSL_NO_DSA
+ case EVP_PKEY_DSA:
+ return (i2d_DSAPublicKey(a->pkey.dsa, pp));
+#endif
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ return (i2o_ECPublicKey(a->pkey.ec, pp));
+#endif
+ default:
+ ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+ return (-1);
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/n_pkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/n_pkey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/n_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,343 +0,0 @@
-/* crypto/asn1/n_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#include <openssl/objects.h>
-#include <openssl/asn1t.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-
-#ifndef OPENSSL_NO_RC4
-
-typedef struct netscape_pkey_st
- {
- long version;
- X509_ALGOR *algor;
- ASN1_OCTET_STRING *private_key;
- } NETSCAPE_PKEY;
-
-typedef struct netscape_encrypted_pkey_st
- {
- ASN1_OCTET_STRING *os;
- /* This is the same structure as DigestInfo so use it:
- * although this isn't really anything to do with
- * digests.
- */
- X509_SIG *enckey;
- } NETSCAPE_ENCRYPTED_PKEY;
-
-
-ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
- ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
- ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
-} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
-
-DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
-IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
-
-ASN1_SEQUENCE(NETSCAPE_PKEY) = {
- ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
- ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
- ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
-
-DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
-IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
-
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
- int (*cb)(char *buf, int len, const char *prompt,
- int verify),
- int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
- int (*cb)(char *buf, int len, const char *prompt,
- int verify))
-{
- return i2d_RSA_NET(a, pp, cb, 0);
-}
-
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
- int (*cb)(char *buf, int len, const char *prompt, int verify),
- int sgckey)
- {
- int i, j, ret = 0;
- int rsalen, pkeylen, olen;
- NETSCAPE_PKEY *pkey = NULL;
- NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
- unsigned char buf[256],*zz;
- unsigned char key[EVP_MAX_KEY_LENGTH];
- EVP_CIPHER_CTX ctx;
-
- if (a == NULL) return(0);
-
- if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
- if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
- pkey->version = 0;
-
- pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
- if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
- pkey->algor->parameter->type=V_ASN1_NULL;
-
- rsalen = i2d_RSAPrivateKey(a, NULL);
-
- /* Fake some octet strings just for the initial length
- * calculation.
- */
-
- pkey->private_key->length=rsalen;
-
- pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
-
- enckey->enckey->digest->length = pkeylen;
-
- enckey->os->length = 11; /* "private-key" */
-
- enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
- if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
- enckey->enckey->algor->parameter->type=V_ASN1_NULL;
-
- if (pp == NULL)
- {
- olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
- NETSCAPE_PKEY_free(pkey);
- NETSCAPE_ENCRYPTED_PKEY_free(enckey);
- return olen;
- }
-
-
- /* Since its RC4 encrypted length is actual length */
- if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
- {
- ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- pkey->private_key->data = zz;
- /* Write out private key encoding */
- i2d_RSAPrivateKey(a,&zz);
-
- if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
- {
- ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!ASN1_STRING_set(enckey->os, "private-key", -1))
- {
- ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- enckey->enckey->digest->data = zz;
- i2d_NETSCAPE_PKEY(pkey,&zz);
-
- /* Wipe the private key encoding */
- OPENSSL_cleanse(pkey->private_key->data, rsalen);
-
- if (cb == NULL)
- cb=EVP_read_pw_string;
- i=cb((char *)buf,256,"Enter Private Key password:",1);
- if (i != 0)
- {
- ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);
- goto err;
- }
- i = strlen((char *)buf);
- /* If the key is used for SGC the algorithm is modified a little. */
- if(sgckey) {
- EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
- memcpy(buf + 16, "SGCKEYSALT", 10);
- i = 26;
- }
-
- EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
- OPENSSL_cleanse(buf,256);
-
- /* Encrypt private key in place */
- zz = enckey->enckey->digest->data;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
- EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
- EVP_EncryptFinal_ex(&ctx,zz + i,&j);
- EVP_CIPHER_CTX_cleanup(&ctx);
-
- ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
-err:
- NETSCAPE_ENCRYPTED_PKEY_free(enckey);
- NETSCAPE_PKEY_free(pkey);
- return(ret);
- }
-
-
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
- int (*cb)(char *buf, int len, const char *prompt,
- int verify))
-{
- return d2i_RSA_NET(a, pp, length, cb, 0);
-}
-
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
- int (*cb)(char *buf, int len, const char *prompt, int verify),
- int sgckey)
- {
- RSA *ret=NULL;
- const unsigned char *p;
- NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-
- p = *pp;
-
- enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
- if(!enckey) {
- ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);
- return NULL;
- }
-
- if ((enckey->os->length != 11) || (strncmp("private-key",
- (char *)enckey->os->data,11) != 0))
- {
- ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
- NETSCAPE_ENCRYPTED_PKEY_free(enckey);
- return NULL;
- }
- if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
- {
- ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
- goto err;
- }
- if (cb == NULL)
- cb=EVP_read_pw_string;
- if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
-
- *pp = p;
-
- err:
- NETSCAPE_ENCRYPTED_PKEY_free(enckey);
- return ret;
-
- }
-
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
- int (*cb)(char *buf, int len, const char *prompt,
- int verify), int sgckey)
- {
- NETSCAPE_PKEY *pkey=NULL;
- RSA *ret=NULL;
- int i,j;
- unsigned char buf[256];
- const unsigned char *zz;
- unsigned char key[EVP_MAX_KEY_LENGTH];
- EVP_CIPHER_CTX ctx;
-
- i=cb((char *)buf,256,"Enter Private Key password:",0);
- if (i != 0)
- {
- ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);
- goto err;
- }
-
- i = strlen((char *)buf);
- if(sgckey){
- EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
- memcpy(buf + 16, "SGCKEYSALT", 10);
- i = 26;
- }
-
- EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
- OPENSSL_cleanse(buf,256);
-
- EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
- EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
- EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
- EVP_CIPHER_CTX_cleanup(&ctx);
- os->length=i+j;
-
- zz=os->data;
-
- if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
- {
- ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
- goto err;
- }
-
- zz=pkey->private_key->data;
- if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
- {
- ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
- goto err;
- }
-err:
- NETSCAPE_PKEY_free(pkey);
- return(ret);
- }
-
-#endif /* OPENSSL_NO_RC4 */
-
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/n_pkey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/n_pkey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/n_pkey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/n_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,335 @@
+/* crypto/asn1/n_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# include <openssl/objects.h>
+# include <openssl/asn1t.h>
+# include <openssl/asn1_mac.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+
+# ifndef OPENSSL_NO_RC4
+
+typedef struct netscape_pkey_st {
+ long version;
+ X509_ALGOR *algor;
+ ASN1_OCTET_STRING *private_key;
+} NETSCAPE_PKEY;
+
+typedef struct netscape_encrypted_pkey_st {
+ ASN1_OCTET_STRING *os;
+ /*
+ * This is the same structure as DigestInfo so use it: although this
+ * isn't really anything to do with digests.
+ */
+ X509_SIG *enckey;
+} NETSCAPE_ENCRYPTED_PKEY;
+
+
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
+ ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+ ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+ ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+ ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify), int sgckey);
+
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify))
+{
+ return i2d_RSA_NET(a, pp, cb, 0);
+}
+
+int i2d_RSA_NET(const RSA *a, unsigned char **pp,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify), int sgckey)
+{
+ int i, j, ret = 0;
+ int rsalen, pkeylen, olen;
+ NETSCAPE_PKEY *pkey = NULL;
+ NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+ unsigned char buf[256], *zz;
+ unsigned char key[EVP_MAX_KEY_LENGTH];
+ EVP_CIPHER_CTX ctx;
+
+ if (a == NULL)
+ return (0);
+
+ if ((pkey = NETSCAPE_PKEY_new()) == NULL)
+ goto err;
+ if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
+ goto err;
+ pkey->version = 0;
+
+ pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+ if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
+ goto err;
+ pkey->algor->parameter->type = V_ASN1_NULL;
+
+ rsalen = i2d_RSAPrivateKey(a, NULL);
+
+ /*
+ * Fake some octet strings just for the initial length calculation.
+ */
+
+ pkey->private_key->length = rsalen;
+
+ pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
+
+ enckey->enckey->digest->length = pkeylen;
+
+ enckey->os->length = 11; /* "private-key" */
+
+ enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
+ if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
+ goto err;
+ enckey->enckey->algor->parameter->type = V_ASN1_NULL;
+
+ if (pp == NULL) {
+ olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
+ NETSCAPE_PKEY_free(pkey);
+ NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+ return olen;
+ }
+
+ /* Since its RC4 encrypted length is actual length */
+ if ((zz = (unsigned char *)OPENSSL_malloc(rsalen)) == NULL) {
+ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pkey->private_key->data = zz;
+ /* Write out private key encoding */
+ i2d_RSAPrivateKey(a, &zz);
+
+ if ((zz = OPENSSL_malloc(pkeylen)) == NULL) {
+ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
+ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ enckey->enckey->digest->data = zz;
+ i2d_NETSCAPE_PKEY(pkey, &zz);
+
+ /* Wipe the private key encoding */
+ OPENSSL_cleanse(pkey->private_key->data, rsalen);
+
+ if (cb == NULL)
+ cb = EVP_read_pw_string;
+ i = cb((char *)buf, 256, "Enter Private Key password:", 1);
+ if (i != 0) {
+ ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
+ goto err;
+ }
+ i = strlen((char *)buf);
+ /* If the key is used for SGC the algorithm is modified a little. */
+ if (sgckey) {
+ EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+ memcpy(buf + 16, "SGCKEYSALT", 10);
+ i = 26;
+ }
+
+ EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL);
+ OPENSSL_cleanse(buf, 256);
+
+ /* Encrypt private key in place */
+ zz = enckey->enckey->digest->data;
+ EVP_CIPHER_CTX_init(&ctx);
+ EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL);
+ EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen);
+ EVP_EncryptFinal_ex(&ctx, zz + i, &j);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
+ err:
+ NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+ NETSCAPE_PKEY_free(pkey);
+ return (ret);
+}
+
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify))
+{
+ return d2i_RSA_NET(a, pp, length, cb, 0);
+}
+
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify), int sgckey)
+{
+ RSA *ret = NULL;
+ const unsigned char *p;
+ NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+
+ p = *pp;
+
+ enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
+ if (!enckey) {
+ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
+ return NULL;
+ }
+
+ if ((enckey->os->length != 11) || (strncmp("private-key",
+ (char *)enckey->os->data,
+ 11) != 0)) {
+ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+ NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+ return NULL;
+ }
+ if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
+ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+ goto err;
+ }
+ if (cb == NULL)
+ cb = EVP_read_pw_string;
+ if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)
+ goto err;
+
+ *pp = p;
+
+ err:
+ NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+ return ret;
+
+}
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify), int sgckey)
+{
+ NETSCAPE_PKEY *pkey = NULL;
+ RSA *ret = NULL;
+ int i, j;
+ unsigned char buf[256];
+ const unsigned char *zz;
+ unsigned char key[EVP_MAX_KEY_LENGTH];
+ EVP_CIPHER_CTX ctx;
+
+ i = cb((char *)buf, 256, "Enter Private Key password:", 0);
+ if (i != 0) {
+ ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
+ goto err;
+ }
+
+ i = strlen((char *)buf);
+ if (sgckey) {
+ EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+ memcpy(buf + 16, "SGCKEYSALT", 10);
+ i = 26;
+ }
+
+ EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL);
+ OPENSSL_cleanse(buf, 256);
+
+ EVP_CIPHER_CTX_init(&ctx);
+ EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL);
+ EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length);
+ EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ os->length = i + j;
+
+ zz = os->data;
+
+ if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
+ ASN1err(ASN1_F_D2I_RSA_NET_2,
+ ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+ goto err;
+ }
+
+ zz = pkey->private_key->data;
+ if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) {
+ ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+ goto err;
+ }
+ err:
+ NETSCAPE_PKEY_free(pkey);
+ return (ret);
+}
+
+# endif /* OPENSSL_NO_RC4 */
+
+#else /* !OPENSSL_NO_RSA */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/nsseq.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/nsseq.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/nsseq.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,82 +0,0 @@
-/* nsseq.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-
-static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- if(operation == ASN1_OP_NEW_POST) {
- NETSCAPE_CERT_SEQUENCE *nsseq;
- nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
- nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
- }
- return 1;
-}
-
-/* Netscape certificate sequence structure */
-
-ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
- ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
- ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
-} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/nsseq.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/nsseq.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/nsseq.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/nsseq.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,83 @@
+/* nsseq.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if (operation == ASN1_OP_NEW_POST) {
+ NETSCAPE_CERT_SEQUENCE *nsseq;
+ nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
+ nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+ }
+ return 1;
+}
+
+/* Netscape certificate sequence structure */
+
+ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
+ ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
+ ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
+} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbe.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/p5_pbe.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbe.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,131 +0,0 @@
-/* p5_pbe.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-
-/* PKCS#5 password based encryption structure */
-
-ASN1_SEQUENCE(PBEPARAM) = {
- ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
- ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(PBEPARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
-
-/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
-
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
- int saltlen)
-{
- PBEPARAM *pbe=NULL;
- ASN1_OBJECT *al;
- X509_ALGOR *algor;
- ASN1_TYPE *astype=NULL;
-
- if (!(pbe = PBEPARAM_new ())) {
- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
- if (!ASN1_INTEGER_set(pbe->iter, iter)) {
- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!saltlen) saltlen = PKCS5_SALT_LEN;
- if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- pbe->salt->length = saltlen;
- if (salt) memcpy (pbe->salt->data, salt, saltlen);
- else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
- goto err;
-
- if (!(astype = ASN1_TYPE_new())) {
- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- astype->type = V_ASN1_SEQUENCE;
- if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM,
- &astype->value.sequence)) {
- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- PBEPARAM_free (pbe);
- pbe = NULL;
-
- al = OBJ_nid2obj(alg); /* never need to free al */
- if (!(algor = X509_ALGOR_new())) {
- ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ASN1_OBJECT_free(algor->algorithm);
- algor->algorithm = al;
- algor->parameter = astype;
-
- return (algor);
-err:
- if (pbe != NULL) PBEPARAM_free(pbe);
- if (astype != NULL) ASN1_TYPE_free(astype);
- return NULL;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbe.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/p5_pbe.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbe.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbe.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,136 @@
+/* p5_pbe.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 password based encryption structure */
+
+ASN1_SEQUENCE(PBEPARAM) = {
+ ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PBEPARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen)
+{
+ PBEPARAM *pbe = NULL;
+ ASN1_OBJECT *al;
+ X509_ALGOR *algor;
+ ASN1_TYPE *astype = NULL;
+
+ if (!(pbe = PBEPARAM_new())) {
+ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (iter <= 0)
+ iter = PKCS5_DEFAULT_ITER;
+ if (!ASN1_INTEGER_set(pbe->iter, iter)) {
+ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!saltlen)
+ saltlen = PKCS5_SALT_LEN;
+ if (!(pbe->salt->data = OPENSSL_malloc(saltlen))) {
+ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ pbe->salt->length = saltlen;
+ if (salt)
+ memcpy(pbe->salt->data, salt, saltlen);
+ else if (RAND_pseudo_bytes(pbe->salt->data, saltlen) < 0)
+ goto err;
+
+ if (!(astype = ASN1_TYPE_new())) {
+ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ astype->type = V_ASN1_SEQUENCE;
+ if (!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM,
+ &astype->value.sequence)) {
+ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ PBEPARAM_free(pbe);
+ pbe = NULL;
+
+ al = OBJ_nid2obj(alg); /* never need to free al */
+ if (!(algor = X509_ALGOR_new())) {
+ ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ASN1_OBJECT_free(algor->algorithm);
+ algor->algorithm = al;
+ algor->parameter = astype;
+
+ return (algor);
+ err:
+ if (pbe != NULL)
+ PBEPARAM_free(pbe);
+ if (astype != NULL)
+ ASN1_TYPE_free(astype);
+ return NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbev2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/p5_pbev2.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbev2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,205 +0,0 @@
-/* p5_pbev2.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999-2004.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-
-/* PKCS#5 v2.0 password based encryption structures */
-
-ASN1_SEQUENCE(PBE2PARAM) = {
- ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
- ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
-} ASN1_SEQUENCE_END(PBE2PARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
-
-ASN1_SEQUENCE(PBKDF2PARAM) = {
- ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
- ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
- ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
- ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
-} ASN1_SEQUENCE_END(PBKDF2PARAM)
-
-IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
-
-/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
- * yes I know this is horrible!
- */
-
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
- unsigned char *salt, int saltlen)
-{
- X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
- int alg_nid;
- EVP_CIPHER_CTX ctx;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- PBKDF2PARAM *kdf = NULL;
- PBE2PARAM *pbe2 = NULL;
- ASN1_OCTET_STRING *osalt = NULL;
- ASN1_OBJECT *obj;
-
- alg_nid = EVP_CIPHER_type(cipher);
- if(alg_nid == NID_undef) {
- ASN1err(ASN1_F_PKCS5_PBE2_SET,
- ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
- goto err;
- }
- obj = OBJ_nid2obj(alg_nid);
-
- if(!(pbe2 = PBE2PARAM_new())) goto merr;
-
- /* Setup the AlgorithmIdentifier for the encryption scheme */
- scheme = pbe2->encryption;
-
- scheme->algorithm = obj;
- if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
-
- /* Create random IV */
- if (EVP_CIPHER_iv_length(cipher) &&
- RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
- goto err;
-
- EVP_CIPHER_CTX_init(&ctx);
-
- /* Dummy cipherinit to just setup the IV */
- EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
- if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
- ASN1err(ASN1_F_PKCS5_PBE2_SET,
- ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
- EVP_CIPHER_CTX_cleanup(&ctx);
- goto err;
- }
- EVP_CIPHER_CTX_cleanup(&ctx);
-
- if(!(kdf = PBKDF2PARAM_new())) goto merr;
- if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;
-
- if (!saltlen) saltlen = PKCS5_SALT_LEN;
- if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;
- osalt->length = saltlen;
- if (salt) memcpy (osalt->data, salt, saltlen);
- else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
-
- if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
- if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
-
- /* Now include salt in kdf structure */
- kdf->salt->value.octet_string = osalt;
- kdf->salt->type = V_ASN1_OCTET_STRING;
- osalt = NULL;
-
- /* If its RC2 then we'd better setup the key length */
-
- if(alg_nid == NID_rc2_cbc) {
- if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;
- if(!ASN1_INTEGER_set (kdf->keylength,
- EVP_CIPHER_key_length(cipher))) goto merr;
- }
-
- /* prf can stay NULL because we are using hmacWithSHA1 */
-
- /* Now setup the PBE2PARAM keyfunc structure */
-
- pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
-
- /* Encode PBKDF2PARAM into parameter of pbe2 */
-
- if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
-
- if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,
- &pbe2->keyfunc->parameter->value.sequence)) goto merr;
- pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
-
- PBKDF2PARAM_free(kdf);
- kdf = NULL;
-
- /* Now set up top level AlgorithmIdentifier */
-
- if(!(ret = X509_ALGOR_new())) goto merr;
- if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
-
- ret->algorithm = OBJ_nid2obj(NID_pbes2);
-
- /* Encode PBE2PARAM into parameter */
-
- if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,
- &ret->parameter->value.sequence)) goto merr;
- ret->parameter->type = V_ASN1_SEQUENCE;
-
- PBE2PARAM_free(pbe2);
- pbe2 = NULL;
-
- return ret;
-
- merr:
- ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
-
- err:
- PBE2PARAM_free(pbe2);
- /* Note 'scheme' is freed as part of pbe2 */
- M_ASN1_OCTET_STRING_free(osalt);
- PBKDF2PARAM_free(kdf);
- X509_ALGOR_free(kalg);
- X509_ALGOR_free(ret);
-
- return NULL;
-
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbev2.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/p5_pbev2.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbev2.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/p5_pbev2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,222 @@
+/* p5_pbev2.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999-2004.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+ASN1_SEQUENCE(PBE2PARAM) = {
+ ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+ ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBE2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
+
+ASN1_SEQUENCE(PBKDF2PARAM) = {
+ ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+ ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+ ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+ ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+/*
+ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know
+ * this is horrible!
+ */
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+ unsigned char *salt, int saltlen)
+{
+ X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
+ int alg_nid;
+ EVP_CIPHER_CTX ctx;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ PBKDF2PARAM *kdf = NULL;
+ PBE2PARAM *pbe2 = NULL;
+ ASN1_OCTET_STRING *osalt = NULL;
+ ASN1_OBJECT *obj;
+
+ alg_nid = EVP_CIPHER_type(cipher);
+ if (alg_nid == NID_undef) {
+ ASN1err(ASN1_F_PKCS5_PBE2_SET,
+ ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+ goto err;
+ }
+ obj = OBJ_nid2obj(alg_nid);
+
+ if (!(pbe2 = PBE2PARAM_new()))
+ goto merr;
+
+ /* Setup the AlgorithmIdentifier for the encryption scheme */
+ scheme = pbe2->encryption;
+
+ scheme->algorithm = obj;
+ if (!(scheme->parameter = ASN1_TYPE_new()))
+ goto merr;
+
+ /* Create random IV */
+ if (EVP_CIPHER_iv_length(cipher) &&
+ RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+ goto err;
+
+ EVP_CIPHER_CTX_init(&ctx);
+
+ /* Dummy cipherinit to just setup the IV */
+ EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
+ if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+ ASN1err(ASN1_F_PKCS5_PBE2_SET, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ goto err;
+ }
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ if (!(kdf = PBKDF2PARAM_new()))
+ goto merr;
+ if (!(osalt = M_ASN1_OCTET_STRING_new()))
+ goto merr;
+
+ if (!saltlen)
+ saltlen = PKCS5_SALT_LEN;
+ if (!(osalt->data = OPENSSL_malloc(saltlen)))
+ goto merr;
+ osalt->length = saltlen;
+ if (salt)
+ memcpy(osalt->data, salt, saltlen);
+ else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0)
+ goto merr;
+
+ if (iter <= 0)
+ iter = PKCS5_DEFAULT_ITER;
+ if (!ASN1_INTEGER_set(kdf->iter, iter))
+ goto merr;
+
+ /* Now include salt in kdf structure */
+ kdf->salt->value.octet_string = osalt;
+ kdf->salt->type = V_ASN1_OCTET_STRING;
+ osalt = NULL;
+
+ /* If its RC2 then we'd better setup the key length */
+
+ if (alg_nid == NID_rc2_cbc) {
+ if (!(kdf->keylength = M_ASN1_INTEGER_new()))
+ goto merr;
+ if (!ASN1_INTEGER_set(kdf->keylength, EVP_CIPHER_key_length(cipher)))
+ goto merr;
+ }
+
+ /* prf can stay NULL because we are using hmacWithSHA1 */
+
+ /* Now setup the PBE2PARAM keyfunc structure */
+
+ pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+ /* Encode PBKDF2PARAM into parameter of pbe2 */
+
+ if (!(pbe2->keyfunc->parameter = ASN1_TYPE_new()))
+ goto merr;
+
+ if (!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,
+ &pbe2->keyfunc->parameter->value.sequence))
+ goto merr;
+ pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
+
+ PBKDF2PARAM_free(kdf);
+ kdf = NULL;
+
+ /* Now set up top level AlgorithmIdentifier */
+
+ if (!(ret = X509_ALGOR_new()))
+ goto merr;
+ if (!(ret->parameter = ASN1_TYPE_new()))
+ goto merr;
+
+ ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+ /* Encode PBE2PARAM into parameter */
+
+ if (!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,
+ &ret->parameter->value.sequence))
+ goto merr;
+ ret->parameter->type = V_ASN1_SEQUENCE;
+
+ PBE2PARAM_free(pbe2);
+ pbe2 = NULL;
+
+ return ret;
+
+ merr:
+ ASN1err(ASN1_F_PKCS5_PBE2_SET, ERR_R_MALLOC_FAILURE);
+
+ err:
+ PBE2PARAM_free(pbe2);
+ /* Note 'scheme' is freed as part of pbe2 */
+ M_ASN1_OCTET_STRING_free(osalt);
+ PBKDF2PARAM_free(kdf);
+ X509_ALGOR_free(kalg);
+ X509_ALGOR_free(ret);
+
+ return NULL;
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_key.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/p8_key.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,131 +0,0 @@
-/* crypto/asn1/p8_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1_mac.h>
-#include <openssl/objects.h>
-
-int i2d_X509_KEY(X509 *a, unsigned char **pp)
- {
- M_ASN1_I2D_vars(a);
-
- M_ASN1_I2D_len(a->cert_info, i2d_X509_CINF);
- M_ASN1_I2D_len(a->sig_alg, i2d_X509_ALGOR);
- M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);
-
- M_ASN1_I2D_seq_total();
-
- M_ASN1_I2D_put(a->cert_info, i2d_X509_CINF);
- M_ASN1_I2D_put(a->sig_alg, i2d_X509_ALGOR);
- M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);
-
- M_ASN1_I2D_finish();
- }
-
-X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)
- {
- M_ASN1_D2I_vars(a,X509 *,X509_new);
-
- M_ASN1_D2I_Init();
- M_ASN1_D2I_start_sequence();
- M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
- M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
- M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
- M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
- }
-
-X509 *X509_KEY_new(void)
- {
- X509_KEY *ret=NULL;
-
- M_ASN1_New_OPENSSL_malloc(ret,X509_KEY);
- ret->references=1;
- ret->type=NID
- M_ASN1_New(ret->cert_info,X509_CINF_new);
- M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
- M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
- return(ret);
- M_ASN1_New_Error(ASN1_F_X509_NEW);
- }
-
-void X509_KEY_free(X509 *a)
- {
- int i;
-
- if (a == NULL) return;
-
- i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY);
-#ifdef REF_PRINT
- REF_PRINT("X509_KEY",a);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"X509_KEY_free, bad reference count\n");
- abort();
- }
-#endif
-
- X509_CINF_free(a->cert_info);
- X509_ALGOR_free(a->sig_alg);
- ASN1_BIT_STRING_free(a->signature);
- OPENSSL_free(a);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_key.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/p8_key.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_key.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,130 @@
+/* crypto/asn1/p8_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/objects.h>
+
+int i2d_X509_KEY(X509 *a, unsigned char **pp)
+{
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->cert_info, i2d_X509_CINF);
+ M_ASN1_I2D_len(a->sig_alg, i2d_X509_ALGOR);
+ M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);
+
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put(a->cert_info, i2d_X509_CINF);
+ M_ASN1_I2D_put(a->sig_alg, i2d_X509_ALGOR);
+ M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);
+
+ M_ASN1_I2D_finish();
+}
+
+X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)
+{
+ M_ASN1_D2I_vars(a, X509 *, X509_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->cert_info, d2i_X509_CINF);
+ M_ASN1_D2I_get(ret->sig_alg, d2i_X509_ALGOR);
+ M_ASN1_D2I_get(ret->signature, d2i_ASN1_BIT_STRING);
+ M_ASN1_D2I_Finish(a, X509_free, ASN1_F_D2I_X509);
+}
+
+X509 *X509_KEY_new(void)
+{
+ X509_KEY *ret = NULL;
+
+ M_ASN1_New_OPENSSL_malloc(ret, X509_KEY);
+ ret->references = 1;
+ ret->type = NID M_ASN1_New(ret->cert_info, X509_CINF_new);
+ M_ASN1_New(ret->sig_alg, X509_ALGOR_new);
+ M_ASN1_New(ret->signature, ASN1_BIT_STRING_new);
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_X509_NEW);
+}
+
+void X509_KEY_free(X509 *a)
+{
+ int i;
+
+ if (a == NULL)
+ return;
+
+ i = CRYPTO_add_lock(&a->references, -1, CRYPTO_LOCK_X509_KEY);
+#ifdef REF_PRINT
+ REF_PRINT("X509_KEY", a);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "X509_KEY_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ X509_CINF_free(a->cert_info);
+ X509_ALGOR_free(a->sig_alg);
+ ASN1_BIT_STRING_free(a->signature);
+ OPENSSL_free(a);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_pkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/p8_pkey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,84 +0,0 @@
-/* p8_pkey.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* Minor tweak to operation: zero private key data */
-static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
- if(operation == ASN1_OP_FREE_PRE) {
- PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
- if (key->pkey->value.octet_string)
- OPENSSL_cleanse(key->pkey->value.octet_string->data,
- key->pkey->value.octet_string->length);
- }
- return 1;
-}
-
-ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
- ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
- ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
- ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
- ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
-} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_pkey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/p8_pkey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_pkey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/p8_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,86 @@
+/* p8_pkey.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* Minor tweak to operation: zero private key data */
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+ if (operation == ASN1_OP_FREE_PRE) {
+ PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
+ if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING
+ && key->pkey->value.octet_string != NULL)
+ OPENSSL_cleanse(key->pkey->value.octet_string->data,
+ key->pkey->value.octet_string->length);
+ }
+ return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
+ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
+ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
+ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
+ ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_bitst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_bitst.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_bitst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,102 +0,0 @@
-/* t_bitst.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
- BIT_STRING_BITNAME *tbl, int indent)
-{
- BIT_STRING_BITNAME *bnam;
- char first = 1;
- BIO_printf(out, "%*s", indent, "");
- for(bnam = tbl; bnam->lname; bnam++) {
- if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
- if(!first) BIO_puts(out, ", ");
- BIO_puts(out, bnam->lname);
- first = 0;
- }
- }
- BIO_puts(out, "\n");
- return 1;
-}
-
-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
- BIT_STRING_BITNAME *tbl)
-{
- int bitnum;
- bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
- if(bitnum < 0) return 0;
- if(bs) {
- if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
- return 0;
- }
- return 1;
-}
-
-int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)
-{
- BIT_STRING_BITNAME *bnam;
- for(bnam = tbl; bnam->lname; bnam++) {
- if(!strcmp(bnam->sname, name) ||
- !strcmp(bnam->lname, name) ) return bnam->bitnum;
- }
- return -1;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_bitst.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/t_bitst.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_bitst.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_bitst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,105 @@
+/* t_bitst.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+ BIT_STRING_BITNAME *tbl, int indent)
+{
+ BIT_STRING_BITNAME *bnam;
+ char first = 1;
+ BIO_printf(out, "%*s", indent, "");
+ for (bnam = tbl; bnam->lname; bnam++) {
+ if (ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
+ if (!first)
+ BIO_puts(out, ", ");
+ BIO_puts(out, bnam->lname);
+ first = 0;
+ }
+ }
+ BIO_puts(out, "\n");
+ return 1;
+}
+
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+ BIT_STRING_BITNAME *tbl)
+{
+ int bitnum;
+ bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
+ if (bitnum < 0)
+ return 0;
+ if (bs) {
+ if (!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
+ return 0;
+ }
+ return 1;
+}
+
+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)
+{
+ BIT_STRING_BITNAME *bnam;
+ for (bnam = tbl; bnam->lname; bnam++) {
+ if (!strcmp(bnam->sname, name) || !strcmp(bnam->lname, name))
+ return bnam->bitnum;
+ }
+ return -1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_crl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_crl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_crl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,133 +0,0 @@
-/* t_crl.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_NO_FP_API
-int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- X509err(X509_F_X509_CRL_PRINT_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=X509_CRL_print(b, x);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int X509_CRL_print(BIO *out, X509_CRL *x)
-{
- STACK_OF(X509_REVOKED) *rev;
- X509_REVOKED *r;
- long l;
- int i;
- char *p;
-
- BIO_printf(out, "Certificate Revocation List (CRL):\n");
- l = X509_CRL_get_version(x);
- BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
- i = OBJ_obj2nid(x->sig_alg->algorithm);
- BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
- (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
- p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
- BIO_printf(out,"%8sIssuer: %s\n","",p);
- OPENSSL_free(p);
- BIO_printf(out,"%8sLast Update: ","");
- ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
- BIO_printf(out,"\n%8sNext Update: ","");
- if (X509_CRL_get_nextUpdate(x))
- ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
- else BIO_printf(out,"NONE");
- BIO_printf(out,"\n");
-
- X509V3_extensions_print(out, "CRL extensions",
- x->crl->extensions, 0, 8);
-
- rev = X509_CRL_get_REVOKED(x);
-
- if(sk_X509_REVOKED_num(rev) > 0)
- BIO_printf(out, "Revoked Certificates:\n");
- else BIO_printf(out, "No Revoked Certificates.\n");
-
- for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
- r = sk_X509_REVOKED_value(rev, i);
- BIO_printf(out," Serial Number: ");
- i2a_ASN1_INTEGER(out,r->serialNumber);
- BIO_printf(out,"\n Revocation Date: ");
- ASN1_TIME_print(out,r->revocationDate);
- BIO_printf(out,"\n");
- X509V3_extensions_print(out, "CRL entry extensions",
- r->extensions, 0, 8);
- }
- X509_signature_print(out, x->sig_alg, x->signature);
-
- return 1;
-
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_crl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/t_crl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_crl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_crl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,134 @@
+/* t_crl.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_FP_API
+int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = X509_CRL_print(b, x);
+ BIO_free(b);
+ return (ret);
+}
+#endif
+
+int X509_CRL_print(BIO *out, X509_CRL *x)
+{
+ STACK_OF(X509_REVOKED) *rev;
+ X509_REVOKED *r;
+ long l;
+ int i;
+ char *p;
+
+ BIO_printf(out, "Certificate Revocation List (CRL):\n");
+ l = X509_CRL_get_version(x);
+ BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l);
+ i = OBJ_obj2nid(x->sig_alg->algorithm);
+ BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
+ (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
+ p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
+ BIO_printf(out, "%8sIssuer: %s\n", "", p);
+ OPENSSL_free(p);
+ BIO_printf(out, "%8sLast Update: ", "");
+ ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x));
+ BIO_printf(out, "\n%8sNext Update: ", "");
+ if (X509_CRL_get_nextUpdate(x))
+ ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x));
+ else
+ BIO_printf(out, "NONE");
+ BIO_printf(out, "\n");
+
+ X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8);
+
+ rev = X509_CRL_get_REVOKED(x);
+
+ if (sk_X509_REVOKED_num(rev) > 0)
+ BIO_printf(out, "Revoked Certificates:\n");
+ else
+ BIO_printf(out, "No Revoked Certificates.\n");
+
+ for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {
+ r = sk_X509_REVOKED_value(rev, i);
+ BIO_printf(out, " Serial Number: ");
+ i2a_ASN1_INTEGER(out, r->serialNumber);
+ BIO_printf(out, "\n Revocation Date: ");
+ ASN1_TIME_print(out, r->revocationDate);
+ BIO_printf(out, "\n");
+ X509V3_extensions_print(out, "CRL entry extensions",
+ r->extensions, 0, 8);
+ }
+ X509_signature_print(out, x->sig_alg, x->signature);
+
+ return 1;
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_pkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_pkey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,834 +0,0 @@
-/* crypto/asn1/t_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-
-static int print(BIO *fp,const char *str, const BIGNUM *num,
- unsigned char *buf,int off);
-#ifndef OPENSSL_NO_EC
-static int print_bin(BIO *fp, const char *str, const unsigned char *num,
- size_t len, int off);
-#endif
-#ifndef OPENSSL_NO_RSA
-#ifndef OPENSSL_NO_FP_API
-int RSA_print_fp(FILE *fp, const RSA *x, int off)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=RSA_print(b,x,off);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int RSA_print(BIO *bp, const RSA *x, int off)
- {
- char str[128];
- const char *s;
- unsigned char *m=NULL;
- int ret=0, mod_len = 0;
- size_t buf_len=0, i;
-
- if (x->n)
- buf_len = (size_t)BN_num_bytes(x->n);
- if (x->e)
- if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
- buf_len = i;
- if (x->d)
- if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
- buf_len = i;
- if (x->p)
- if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
- buf_len = i;
- if (x->q)
- if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
- buf_len = i;
- if (x->dmp1)
- if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
- buf_len = i;
- if (x->dmq1)
- if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
- buf_len = i;
- if (x->iqmp)
- if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
- buf_len = i;
-
- m=(unsigned char *)OPENSSL_malloc(buf_len+10);
- if (m == NULL)
- {
- RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (x->n != NULL)
- mod_len = BN_num_bits(x->n);
-
- if (x->d != NULL)
- {
- if(!BIO_indent(bp,off,128))
- goto err;
- if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
- <= 0) goto err;
- }
-
- if (x->d == NULL)
- BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);
- else
- BUF_strlcpy(str,"modulus:",sizeof str);
- if (!print(bp,str,x->n,m,off)) goto err;
- s=(x->d == NULL)?"Exponent:":"publicExponent:";
- if ((x->e != NULL) && !print(bp,s,x->e,m,off))
- goto err;
- if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))
- goto err;
- if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))
- goto err;
- if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))
- goto err;
- if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))
- goto err;
- if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))
- goto err;
- if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))
- goto err;
- ret=1;
-err:
- if (m != NULL) OPENSSL_free(m);
- return(ret);
- }
-#endif /* OPENSSL_NO_RSA */
-
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-int DSA_print_fp(FILE *fp, const DSA *x, int off)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=DSA_print(b,x,off);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int DSA_print(BIO *bp, const DSA *x, int off)
- {
- unsigned char *m=NULL;
- int ret=0;
- size_t buf_len=0,i;
-
- if (x->p)
- buf_len = (size_t)BN_num_bytes(x->p);
- if (x->q)
- if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
- buf_len = i;
- if (x->g)
- if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
- buf_len = i;
- if (x->priv_key)
- if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
- buf_len = i;
- if (x->pub_key)
- if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
- buf_len = i;
-
- m=(unsigned char *)OPENSSL_malloc(buf_len+10);
- if (m == NULL)
- {
- DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (x->priv_key != NULL)
- {
- if(!BIO_indent(bp,off,128))
- goto err;
- if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
- <= 0) goto err;
- }
-
- if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))
- goto err;
- if ((x->pub_key != NULL) && !print(bp,"pub: ",x->pub_key,m,off))
- goto err;
- if ((x->p != NULL) && !print(bp,"P: ",x->p,m,off)) goto err;
- if ((x->q != NULL) && !print(bp,"Q: ",x->q,m,off)) goto err;
- if ((x->g != NULL) && !print(bp,"G: ",x->g,m,off)) goto err;
- ret=1;
-err:
- if (m != NULL) OPENSSL_free(m);
- return(ret);
- }
-#endif /* !OPENSSL_NO_DSA */
-
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b, fp, BIO_NOCLOSE);
- ret = ECPKParameters_print(b, x, off);
- BIO_free(b);
- return(ret);
- }
-
-int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
- return(0);
- }
- BIO_set_fp(b, fp, BIO_NOCLOSE);
- ret = EC_KEY_print(b, x, off);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
- {
- unsigned char *buffer=NULL;
- size_t buf_len=0, i;
- int ret=0, reason=ERR_R_BIO_LIB;
- BN_CTX *ctx=NULL;
- const EC_POINT *point=NULL;
- BIGNUM *p=NULL, *a=NULL, *b=NULL, *gen=NULL,
- *order=NULL, *cofactor=NULL;
- const unsigned char *seed;
- size_t seed_len=0;
-
- static const char *gen_compressed = "Generator (compressed):";
- static const char *gen_uncompressed = "Generator (uncompressed):";
- static const char *gen_hybrid = "Generator (hybrid):";
-
- if (!x)
- {
- reason = ERR_R_PASSED_NULL_PARAMETER;
- goto err;
- }
-
- if (EC_GROUP_get_asn1_flag(x))
- {
- /* the curve parameter are given by an asn1 OID */
- int nid;
-
- if (!BIO_indent(bp, off, 128))
- goto err;
-
- nid = EC_GROUP_get_curve_name(x);
- if (nid == 0)
- goto err;
-
- if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
- goto err;
- if (BIO_printf(bp, "\n") <= 0)
- goto err;
- }
- else
- {
- /* explicit parameters */
- int is_char_two = 0;
- point_conversion_form_t form;
- int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
-
- if (tmp_nid == NID_X9_62_characteristic_two_field)
- is_char_two = 1;
-
- if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
- (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
- (cofactor = BN_new()) == NULL)
- {
- reason = ERR_R_MALLOC_FAILURE;
- goto err;
- }
-
- if (is_char_two)
- {
- if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
- {
- reason = ERR_R_EC_LIB;
- goto err;
- }
- }
- else /* prime field */
- {
- if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
- {
- reason = ERR_R_EC_LIB;
- goto err;
- }
- }
-
- if ((point = EC_GROUP_get0_generator(x)) == NULL)
- {
- reason = ERR_R_EC_LIB;
- goto err;
- }
- if (!EC_GROUP_get_order(x, order, NULL) ||
- !EC_GROUP_get_cofactor(x, cofactor, NULL))
- {
- reason = ERR_R_EC_LIB;
- goto err;
- }
-
- form = EC_GROUP_get_point_conversion_form(x);
-
- if ((gen = EC_POINT_point2bn(x, point,
- form, NULL, ctx)) == NULL)
- {
- reason = ERR_R_EC_LIB;
- goto err;
- }
-
- buf_len = (size_t)BN_num_bytes(p);
- if (buf_len < (i = (size_t)BN_num_bytes(a)))
- buf_len = i;
- if (buf_len < (i = (size_t)BN_num_bytes(b)))
- buf_len = i;
- if (buf_len < (i = (size_t)BN_num_bytes(gen)))
- buf_len = i;
- if (buf_len < (i = (size_t)BN_num_bytes(order)))
- buf_len = i;
- if (buf_len < (i = (size_t)BN_num_bytes(cofactor)))
- buf_len = i;
-
- if ((seed = EC_GROUP_get0_seed(x)) != NULL)
- seed_len = EC_GROUP_get_seed_len(x);
-
- buf_len += 10;
- if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
- {
- reason = ERR_R_MALLOC_FAILURE;
- goto err;
- }
-
- if (!BIO_indent(bp, off, 128))
- goto err;
-
- /* print the 'short name' of the field type */
- if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
- <= 0)
- goto err;
-
- if (is_char_two)
- {
- /* print the 'short name' of the base type OID */
- int basis_type = EC_GROUP_get_basis_type(x);
- if (basis_type == 0)
- goto err;
-
- if (!BIO_indent(bp, off, 128))
- goto err;
-
- if (BIO_printf(bp, "Basis Type: %s\n",
- OBJ_nid2sn(basis_type)) <= 0)
- goto err;
-
- /* print the polynomial */
- if ((p != NULL) && !print(bp, "Polynomial:", p, buffer,
- off))
- goto err;
- }
- else
- {
- if ((p != NULL) && !print(bp, "Prime:", p, buffer,off))
- goto err;
- }
- if ((a != NULL) && !print(bp, "A: ", a, buffer, off))
- goto err;
- if ((b != NULL) && !print(bp, "B: ", b, buffer, off))
- goto err;
- if (form == POINT_CONVERSION_COMPRESSED)
- {
- if ((gen != NULL) && !print(bp, gen_compressed, gen,
- buffer, off))
- goto err;
- }
- else if (form == POINT_CONVERSION_UNCOMPRESSED)
- {
- if ((gen != NULL) && !print(bp, gen_uncompressed, gen,
- buffer, off))
- goto err;
- }
- else /* form == POINT_CONVERSION_HYBRID */
- {
- if ((gen != NULL) && !print(bp, gen_hybrid, gen,
- buffer, off))
- goto err;
- }
- if ((order != NULL) && !print(bp, "Order: ", order,
- buffer, off)) goto err;
- if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor,
- buffer, off)) goto err;
- if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
- goto err;
- }
- ret=1;
-err:
- if (!ret)
- ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
- if (p)
- BN_free(p);
- if (a)
- BN_free(a);
- if (b)
- BN_free(b);
- if (gen)
- BN_free(gen);
- if (order)
- BN_free(order);
- if (cofactor)
- BN_free(cofactor);
- if (ctx)
- BN_CTX_free(ctx);
- if (buffer != NULL)
- OPENSSL_free(buffer);
- return(ret);
- }
-
-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
- {
- unsigned char *buffer=NULL;
- size_t buf_len=0, i;
- int ret=0, reason=ERR_R_BIO_LIB;
- BIGNUM *pub_key=NULL, *order=NULL;
- BN_CTX *ctx=NULL;
- const EC_GROUP *group;
- const EC_POINT *public_key;
- const BIGNUM *priv_key;
-
- if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
- {
- reason = ERR_R_PASSED_NULL_PARAMETER;
- goto err;
- }
-
- public_key = EC_KEY_get0_public_key(x);
- if ((pub_key = EC_POINT_point2bn(group, public_key,
- EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
- {
- reason = ERR_R_EC_LIB;
- goto err;
- }
-
- buf_len = (size_t)BN_num_bytes(pub_key);
- priv_key = EC_KEY_get0_private_key(x);
- if (priv_key != NULL)
- {
- if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len)
- buf_len = i;
- }
-
- buf_len += 10;
- if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
- {
- reason = ERR_R_MALLOC_FAILURE;
- goto err;
- }
-
- if (priv_key != NULL)
- {
- if (!BIO_indent(bp, off, 128))
- goto err;
- if ((order = BN_new()) == NULL)
- goto err;
- if (!EC_GROUP_get_order(group, order, NULL))
- goto err;
- if (BIO_printf(bp, "Private-Key: (%d bit)\n",
- BN_num_bits(order)) <= 0) goto err;
- }
-
- if ((priv_key != NULL) && !print(bp, "priv:", priv_key,
- buffer, off))
- goto err;
- if ((pub_key != NULL) && !print(bp, "pub: ", pub_key,
- buffer, off))
- goto err;
- if (!ECPKParameters_print(bp, group, off))
- goto err;
- ret=1;
-err:
- if (!ret)
- ECerr(EC_F_EC_KEY_PRINT, reason);
- if (pub_key)
- BN_free(pub_key);
- if (order)
- BN_free(order);
- if (ctx)
- BN_CTX_free(ctx);
- if (buffer != NULL)
- OPENSSL_free(buffer);
- return(ret);
- }
-#endif /* OPENSSL_NO_EC */
-
-static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf,
- int off)
- {
- int n,i;
- const char *neg;
-
- if (num == NULL) return(1);
- neg = (BN_is_negative(num))?"-":"";
- if(!BIO_indent(bp,off,128))
- return 0;
- if (BN_is_zero(num))
- {
- if (BIO_printf(bp, "%s 0\n", number) <= 0)
- return 0;
- return 1;
- }
-
- if (BN_num_bytes(num) <= BN_BYTES)
- {
- if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
- (unsigned long)num->d[0],neg,(unsigned long)num->d[0])
- <= 0) return(0);
- }
- else
- {
- buf[0]=0;
- if (BIO_printf(bp,"%s%s",number,
- (neg[0] == '-')?" (Negative)":"") <= 0)
- return(0);
- n=BN_bn2bin(num,&buf[1]);
-
- if (buf[1] & 0x80)
- n++;
- else buf++;
-
- for (i=0; i<n; i++)
- {
- if ((i%15) == 0)
- {
- if(BIO_puts(bp,"\n") <= 0
- || !BIO_indent(bp,off+4,128))
- return 0;
- }
- if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
- <= 0) return(0);
- }
- if (BIO_write(bp,"\n",1) <= 0) return(0);
- }
- return(1);
- }
-
-#ifndef OPENSSL_NO_EC
-static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
- size_t len, int off)
- {
- size_t i;
- char str[128];
-
- if (buf == NULL)
- return 1;
- if (off)
- {
- if (off > 128)
- off=128;
- memset(str,' ',off);
- if (BIO_write(fp, str, off) <= 0)
- return 0;
- }
-
- if (BIO_printf(fp,"%s", name) <= 0)
- return 0;
-
- for (i=0; i<len; i++)
- {
- if ((i%15) == 0)
- {
- str[0]='\n';
- memset(&(str[1]),' ',off+4);
- if (BIO_write(fp, str, off+1+4) <= 0)
- return 0;
- }
- if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
- return 0;
- }
- if (BIO_write(fp,"\n",1) <= 0)
- return 0;
-
- return 1;
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-#ifndef OPENSSL_NO_FP_API
-int DHparams_print_fp(FILE *fp, const DH *x)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=DHparams_print(b, x);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int DHparams_print(BIO *bp, const DH *x)
- {
- unsigned char *m=NULL;
- int reason=ERR_R_BUF_LIB,ret=0;
- size_t buf_len=0, i;
-
- if (x->p)
- buf_len = (size_t)BN_num_bytes(x->p);
- else
- {
- reason = ERR_R_PASSED_NULL_PARAMETER;
- goto err;
- }
- if (x->g)
- if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
- buf_len = i;
- m=(unsigned char *)OPENSSL_malloc(buf_len+10);
- if (m == NULL)
- {
- reason=ERR_R_MALLOC_FAILURE;
- goto err;
- }
-
- if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",
- BN_num_bits(x->p)) <= 0)
- goto err;
- if (!print(bp,"prime:",x->p,m,4)) goto err;
- if (!print(bp,"generator:",x->g,m,4)) goto err;
- if (x->length != 0)
- {
- if (BIO_printf(bp," recommended-private-length: %d bits\n",
- (int)x->length) <= 0) goto err;
- }
- ret=1;
- if (0)
- {
-err:
- DHerr(DH_F_DHPARAMS_PRINT,reason);
- }
- if (m != NULL) OPENSSL_free(m);
- return(ret);
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-int DSAparams_print_fp(FILE *fp, const DSA *x)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=DSAparams_print(b, x);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int DSAparams_print(BIO *bp, const DSA *x)
- {
- unsigned char *m=NULL;
- int ret=0;
- size_t buf_len=0,i;
-
- if (x->p)
- buf_len = (size_t)BN_num_bytes(x->p);
- else
- {
- DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS);
- goto err;
- }
- if (x->q)
- if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
- buf_len = i;
- if (x->g)
- if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
- buf_len = i;
- m=(unsigned char *)OPENSSL_malloc(buf_len+10);
- if (m == NULL)
- {
- DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",
- BN_num_bits(x->p)) <= 0)
- goto err;
- if (!print(bp,"p:",x->p,m,4)) goto err;
- if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;
- if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;
- ret=1;
-err:
- if (m != NULL) OPENSSL_free(m);
- return(ret);
- }
-
-#endif /* !OPENSSL_NO_DSA */
-
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
- return(0);
- }
- BIO_set_fp(b, fp, BIO_NOCLOSE);
- ret = ECParameters_print(b, x);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int ECParameters_print(BIO *bp, const EC_KEY *x)
- {
- int reason=ERR_R_EC_LIB, ret=0;
- BIGNUM *order=NULL;
- const EC_GROUP *group;
-
- if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
- {
- reason = ERR_R_PASSED_NULL_PARAMETER;;
- goto err;
- }
-
- if ((order = BN_new()) == NULL)
- {
- reason = ERR_R_MALLOC_FAILURE;
- goto err;
- }
-
- if (!EC_GROUP_get_order(group, order, NULL))
- {
- reason = ERR_R_EC_LIB;
- goto err;
- }
-
- if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n",
- BN_num_bits(order)) <= 0)
- goto err;
- if (!ECPKParameters_print(bp, group, 4))
- goto err;
- ret=1;
-err:
- if (order)
- BN_free(order);
- ECerr(EC_F_ECPARAMETERS_PRINT, reason);
- return(ret);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_pkey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/t_pkey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_pkey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,798 @@
+/* crypto/asn1/t_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Binary polynomial ECC support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+# include <openssl/ec.h>
+#endif
+
+static int print(BIO *fp, const char *str, const BIGNUM *num,
+ unsigned char *buf, int off);
+#ifndef OPENSSL_NO_EC
+static int print_bin(BIO *fp, const char *str, const unsigned char *num,
+ size_t len, int off);
+#endif
+#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_FP_API
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = RSA_print(b, x, off);
+ BIO_free(b);
+ return (ret);
+}
+# endif
+
+int RSA_print(BIO *bp, const RSA *x, int off)
+{
+ char str[128];
+ const char *s;
+ unsigned char *m = NULL;
+ int ret = 0, mod_len = 0;
+ size_t buf_len = 0, i;
+
+ if (x->n)
+ buf_len = (size_t)BN_num_bytes(x->n);
+ if (x->e)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
+ buf_len = i;
+ if (x->d)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
+ buf_len = i;
+ if (x->p)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
+ buf_len = i;
+ if (x->q)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+ buf_len = i;
+ if (x->dmp1)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
+ buf_len = i;
+ if (x->dmq1)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
+ buf_len = i;
+ if (x->iqmp)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
+ buf_len = i;
+
+ m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
+ if (m == NULL) {
+ RSAerr(RSA_F_RSA_PRINT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (x->n != NULL)
+ mod_len = BN_num_bits(x->n);
+
+ if (x->d != NULL) {
+ if (!BIO_indent(bp, off, 128))
+ goto err;
+ if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len)
+ <= 0)
+ goto err;
+ }
+
+ if (x->d == NULL)
+ BIO_snprintf(str, sizeof str, "Modulus (%d bit):", mod_len);
+ else
+ BUF_strlcpy(str, "modulus:", sizeof str);
+ if (!print(bp, str, x->n, m, off))
+ goto err;
+ s = (x->d == NULL) ? "Exponent:" : "publicExponent:";
+ if ((x->e != NULL) && !print(bp, s, x->e, m, off))
+ goto err;
+ if ((x->d != NULL) && !print(bp, "privateExponent:", x->d, m, off))
+ goto err;
+ if ((x->p != NULL) && !print(bp, "prime1:", x->p, m, off))
+ goto err;
+ if ((x->q != NULL) && !print(bp, "prime2:", x->q, m, off))
+ goto err;
+ if ((x->dmp1 != NULL) && !print(bp, "exponent1:", x->dmp1, m, off))
+ goto err;
+ if ((x->dmq1 != NULL) && !print(bp, "exponent2:", x->dmq1, m, off))
+ goto err;
+ if ((x->iqmp != NULL) && !print(bp, "coefficient:", x->iqmp, m, off))
+ goto err;
+ ret = 1;
+ err:
+ if (m != NULL)
+ OPENSSL_free(m);
+ return (ret);
+}
+#endif /* OPENSSL_NO_RSA */
+
+#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_FP_API
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = DSA_print(b, x, off);
+ BIO_free(b);
+ return (ret);
+}
+# endif
+
+int DSA_print(BIO *bp, const DSA *x, int off)
+{
+ unsigned char *m = NULL;
+ int ret = 0;
+ size_t buf_len = 0, i;
+
+ if (x->p)
+ buf_len = (size_t)BN_num_bytes(x->p);
+ if (x->q)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+ buf_len = i;
+ if (x->g)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+ buf_len = i;
+ if (x->priv_key)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
+ buf_len = i;
+ if (x->pub_key)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
+ buf_len = i;
+
+ m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
+ if (m == NULL) {
+ DSAerr(DSA_F_DSA_PRINT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (x->priv_key != NULL) {
+ if (!BIO_indent(bp, off, 128))
+ goto err;
+ if (BIO_printf(bp, "Private-Key: (%d bit)\n", BN_num_bits(x->p))
+ <= 0)
+ goto err;
+ }
+
+ if ((x->priv_key != NULL) && !print(bp, "priv:", x->priv_key, m, off))
+ goto err;
+ if ((x->pub_key != NULL) && !print(bp, "pub: ", x->pub_key, m, off))
+ goto err;
+ if ((x->p != NULL) && !print(bp, "P: ", x->p, m, off))
+ goto err;
+ if ((x->q != NULL) && !print(bp, "Q: ", x->q, m, off))
+ goto err;
+ if ((x->g != NULL) && !print(bp, "G: ", x->g, m, off))
+ goto err;
+ ret = 1;
+ err:
+ if (m != NULL)
+ OPENSSL_free(m);
+ return (ret);
+}
+#endif /* !OPENSSL_NO_DSA */
+
+#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_FP_API
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = ECPKParameters_print(b, x, off);
+ BIO_free(b);
+ return (ret);
+}
+
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = EC_KEY_print(b, x, off);
+ BIO_free(b);
+ return (ret);
+}
+# endif
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
+{
+ unsigned char *buffer = NULL;
+ size_t buf_len = 0, i;
+ int ret = 0, reason = ERR_R_BIO_LIB;
+ BN_CTX *ctx = NULL;
+ const EC_POINT *point = NULL;
+ BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL,
+ *order = NULL, *cofactor = NULL;
+ const unsigned char *seed;
+ size_t seed_len = 0;
+
+ static const char *gen_compressed = "Generator (compressed):";
+ static const char *gen_uncompressed = "Generator (uncompressed):";
+ static const char *gen_hybrid = "Generator (hybrid):";
+
+ if (!x) {
+ reason = ERR_R_PASSED_NULL_PARAMETER;
+ goto err;
+ }
+
+ if (EC_GROUP_get_asn1_flag(x)) {
+ /* the curve parameter are given by an asn1 OID */
+ int nid;
+
+ if (!BIO_indent(bp, off, 128))
+ goto err;
+
+ nid = EC_GROUP_get_curve_name(x);
+ if (nid == 0)
+ goto err;
+
+ if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
+ goto err;
+ if (BIO_printf(bp, "\n") <= 0)
+ goto err;
+ } else {
+ /* explicit parameters */
+ int is_char_two = 0;
+ point_conversion_form_t form;
+ int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
+
+ if (tmp_nid == NID_X9_62_characteristic_two_field)
+ is_char_two = 1;
+
+ if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
+ (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
+ (cofactor = BN_new()) == NULL) {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ if (is_char_two) {
+ if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+ } else { /* prime field */
+
+ if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+ }
+
+ if ((point = EC_GROUP_get0_generator(x)) == NULL) {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+ if (!EC_GROUP_get_order(x, order, NULL) ||
+ !EC_GROUP_get_cofactor(x, cofactor, NULL)) {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+
+ form = EC_GROUP_get_point_conversion_form(x);
+
+ if ((gen = EC_POINT_point2bn(x, point, form, NULL, ctx)) == NULL) {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+
+ buf_len = (size_t)BN_num_bytes(p);
+ if (buf_len < (i = (size_t)BN_num_bytes(a)))
+ buf_len = i;
+ if (buf_len < (i = (size_t)BN_num_bytes(b)))
+ buf_len = i;
+ if (buf_len < (i = (size_t)BN_num_bytes(gen)))
+ buf_len = i;
+ if (buf_len < (i = (size_t)BN_num_bytes(order)))
+ buf_len = i;
+ if (buf_len < (i = (size_t)BN_num_bytes(cofactor)))
+ buf_len = i;
+
+ if ((seed = EC_GROUP_get0_seed(x)) != NULL)
+ seed_len = EC_GROUP_get_seed_len(x);
+
+ buf_len += 10;
+ if ((buffer = OPENSSL_malloc(buf_len)) == NULL) {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ if (!BIO_indent(bp, off, 128))
+ goto err;
+
+ /* print the 'short name' of the field type */
+ if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
+ <= 0)
+ goto err;
+
+ if (is_char_two) {
+ /* print the 'short name' of the base type OID */
+ int basis_type = EC_GROUP_get_basis_type(x);
+ if (basis_type == 0)
+ goto err;
+
+ if (!BIO_indent(bp, off, 128))
+ goto err;
+
+ if (BIO_printf(bp, "Basis Type: %s\n",
+ OBJ_nid2sn(basis_type)) <= 0)
+ goto err;
+
+ /* print the polynomial */
+ if ((p != NULL) && !print(bp, "Polynomial:", p, buffer, off))
+ goto err;
+ } else {
+ if ((p != NULL) && !print(bp, "Prime:", p, buffer, off))
+ goto err;
+ }
+ if ((a != NULL) && !print(bp, "A: ", a, buffer, off))
+ goto err;
+ if ((b != NULL) && !print(bp, "B: ", b, buffer, off))
+ goto err;
+ if (form == POINT_CONVERSION_COMPRESSED) {
+ if ((gen != NULL) && !print(bp, gen_compressed, gen, buffer, off))
+ goto err;
+ } else if (form == POINT_CONVERSION_UNCOMPRESSED) {
+ if ((gen != NULL) && !print(bp, gen_uncompressed, gen,
+ buffer, off))
+ goto err;
+ } else { /* form == POINT_CONVERSION_HYBRID */
+
+ if ((gen != NULL) && !print(bp, gen_hybrid, gen, buffer, off))
+ goto err;
+ }
+ if ((order != NULL) && !print(bp, "Order: ", order, buffer, off))
+ goto err;
+ if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor,
+ buffer, off))
+ goto err;
+ if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
+ goto err;
+ }
+ ret = 1;
+ err:
+ if (!ret)
+ ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
+ if (p)
+ BN_free(p);
+ if (a)
+ BN_free(a);
+ if (b)
+ BN_free(b);
+ if (gen)
+ BN_free(gen);
+ if (order)
+ BN_free(order);
+ if (cofactor)
+ BN_free(cofactor);
+ if (ctx)
+ BN_CTX_free(ctx);
+ if (buffer != NULL)
+ OPENSSL_free(buffer);
+ return (ret);
+}
+
+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
+{
+ unsigned char *buffer = NULL;
+ size_t buf_len = 0, i;
+ int ret = 0, reason = ERR_R_BIO_LIB;
+ BIGNUM *pub_key = NULL, *order = NULL;
+ BN_CTX *ctx = NULL;
+ const EC_GROUP *group;
+ const EC_POINT *public_key;
+ const BIGNUM *priv_key;
+
+ if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) {
+ reason = ERR_R_PASSED_NULL_PARAMETER;
+ goto err;
+ }
+
+ public_key = EC_KEY_get0_public_key(x);
+ if ((pub_key = EC_POINT_point2bn(group, public_key,
+ EC_KEY_get_conv_form(x), NULL,
+ ctx)) == NULL) {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+
+ buf_len = (size_t)BN_num_bytes(pub_key);
+ priv_key = EC_KEY_get0_private_key(x);
+ if (priv_key != NULL) {
+ if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len)
+ buf_len = i;
+ }
+
+ buf_len += 10;
+ if ((buffer = OPENSSL_malloc(buf_len)) == NULL) {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ if (priv_key != NULL) {
+ if (!BIO_indent(bp, off, 128))
+ goto err;
+ if ((order = BN_new()) == NULL)
+ goto err;
+ if (!EC_GROUP_get_order(group, order, NULL))
+ goto err;
+ if (BIO_printf(bp, "Private-Key: (%d bit)\n",
+ BN_num_bits(order)) <= 0)
+ goto err;
+ }
+
+ if ((priv_key != NULL) && !print(bp, "priv:", priv_key, buffer, off))
+ goto err;
+ if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, buffer, off))
+ goto err;
+ if (!ECPKParameters_print(bp, group, off))
+ goto err;
+ ret = 1;
+ err:
+ if (!ret)
+ ECerr(EC_F_EC_KEY_PRINT, reason);
+ if (pub_key)
+ BN_free(pub_key);
+ if (order)
+ BN_free(order);
+ if (ctx)
+ BN_CTX_free(ctx);
+ if (buffer != NULL)
+ OPENSSL_free(buffer);
+ return (ret);
+}
+#endif /* OPENSSL_NO_EC */
+
+static int print(BIO *bp, const char *number, const BIGNUM *num,
+ unsigned char *buf, int off)
+{
+ int n, i;
+ const char *neg;
+
+ if (num == NULL)
+ return (1);
+ neg = (BN_is_negative(num)) ? "-" : "";
+ if (!BIO_indent(bp, off, 128))
+ return 0;
+ if (BN_is_zero(num)) {
+ if (BIO_printf(bp, "%s 0\n", number) <= 0)
+ return 0;
+ return 1;
+ }
+
+ if (BN_num_bytes(num) <= BN_BYTES) {
+ if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg,
+ (unsigned long)num->d[0], neg,
+ (unsigned long)num->d[0])
+ <= 0)
+ return (0);
+ } else {
+ buf[0] = 0;
+ if (BIO_printf(bp, "%s%s", number,
+ (neg[0] == '-') ? " (Negative)" : "") <= 0)
+ return (0);
+ n = BN_bn2bin(num, &buf[1]);
+
+ if (buf[1] & 0x80)
+ n++;
+ else
+ buf++;
+
+ for (i = 0; i < n; i++) {
+ if ((i % 15) == 0) {
+ if (BIO_puts(bp, "\n") <= 0 || !BIO_indent(bp, off + 4, 128))
+ return 0;
+ }
+ if (BIO_printf(bp, "%02x%s", buf[i], ((i + 1) == n) ? "" : ":")
+ <= 0)
+ return (0);
+ }
+ if (BIO_write(bp, "\n", 1) <= 0)
+ return (0);
+ }
+ return (1);
+}
+
+#ifndef OPENSSL_NO_EC
+static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
+ size_t len, int off)
+{
+ size_t i;
+ char str[128];
+
+ if (buf == NULL)
+ return 1;
+ if (off) {
+ if (off > 128)
+ off = 128;
+ memset(str, ' ', off);
+ if (BIO_write(fp, str, off) <= 0)
+ return 0;
+ }
+
+ if (BIO_printf(fp, "%s", name) <= 0)
+ return 0;
+
+ for (i = 0; i < len; i++) {
+ if ((i % 15) == 0) {
+ str[0] = '\n';
+ memset(&(str[1]), ' ', off + 4);
+ if (BIO_write(fp, str, off + 1 + 4) <= 0)
+ return 0;
+ }
+ if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <=
+ 0)
+ return 0;
+ }
+ if (BIO_write(fp, "\n", 1) <= 0)
+ return 0;
+
+ return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_FP_API
+int DHparams_print_fp(FILE *fp, const DH *x)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = DHparams_print(b, x);
+ BIO_free(b);
+ return (ret);
+}
+# endif
+
+int DHparams_print(BIO *bp, const DH *x)
+{
+ unsigned char *m = NULL;
+ int reason = ERR_R_BUF_LIB, ret = 0;
+ size_t buf_len = 0, i;
+
+ if (x->p)
+ buf_len = (size_t)BN_num_bytes(x->p);
+ else {
+ reason = ERR_R_PASSED_NULL_PARAMETER;
+ goto err;
+ }
+ if (x->g)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+ buf_len = i;
+ m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
+ if (m == NULL) {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ if (BIO_printf(bp, "Diffie-Hellman-Parameters: (%d bit)\n",
+ BN_num_bits(x->p)) <= 0)
+ goto err;
+ if (!print(bp, "prime:", x->p, m, 4))
+ goto err;
+ if (!print(bp, "generator:", x->g, m, 4))
+ goto err;
+ if (x->length != 0) {
+ if (BIO_printf(bp, " recommended-private-length: %d bits\n",
+ (int)x->length) <= 0)
+ goto err;
+ }
+ ret = 1;
+ if (0) {
+ err:
+ DHerr(DH_F_DHPARAMS_PRINT, reason);
+ }
+ if (m != NULL)
+ OPENSSL_free(m);
+ return (ret);
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_FP_API
+int DSAparams_print_fp(FILE *fp, const DSA *x)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = DSAparams_print(b, x);
+ BIO_free(b);
+ return (ret);
+}
+# endif
+
+int DSAparams_print(BIO *bp, const DSA *x)
+{
+ unsigned char *m = NULL;
+ int ret = 0;
+ size_t buf_len = 0, i;
+
+ if (x->p)
+ buf_len = (size_t)BN_num_bytes(x->p);
+ else {
+ DSAerr(DSA_F_DSAPARAMS_PRINT, DSA_R_MISSING_PARAMETERS);
+ goto err;
+ }
+ if (x->q)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+ buf_len = i;
+ if (x->g)
+ if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+ buf_len = i;
+ m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
+ if (m == NULL) {
+ DSAerr(DSA_F_DSAPARAMS_PRINT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (BIO_printf(bp, "DSA-Parameters: (%d bit)\n", BN_num_bits(x->p)) <= 0)
+ goto err;
+ if (!print(bp, "p:", x->p, m, 4))
+ goto err;
+ if ((x->q != NULL) && !print(bp, "q:", x->q, m, 4))
+ goto err;
+ if ((x->g != NULL) && !print(bp, "g:", x->g, m, 4))
+ goto err;
+ ret = 1;
+ err:
+ if (m != NULL)
+ OPENSSL_free(m);
+ return (ret);
+}
+
+#endif /* !OPENSSL_NO_DSA */
+
+#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_FP_API
+int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = ECParameters_print(b, x);
+ BIO_free(b);
+ return (ret);
+}
+# endif
+
+int ECParameters_print(BIO *bp, const EC_KEY *x)
+{
+ int reason = ERR_R_EC_LIB, ret = 0;
+ BIGNUM *order = NULL;
+ const EC_GROUP *group;
+
+ if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) {
+ reason = ERR_R_PASSED_NULL_PARAMETER;;
+ goto err;
+ }
+
+ if ((order = BN_new()) == NULL) {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ if (!EC_GROUP_get_order(group, order, NULL)) {
+ reason = ERR_R_EC_LIB;
+ goto err;
+ }
+
+ if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n",
+ BN_num_bits(order)) <= 0)
+ goto err;
+ if (!ECPKParameters_print(bp, group, 4))
+ goto err;
+ ret = 1;
+ err:
+ if (order)
+ BN_free(order);
+ ECerr(EC_F_ECPARAMETERS_PRINT, reason);
+ return (ret);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_req.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_req.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_req.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,290 +0,0 @@
-/* crypto/asn1/t_req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=X509_REQ_print(b, x);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
- {
- unsigned long l;
- int i;
- const char *neg;
- X509_REQ_INFO *ri;
- EVP_PKEY *pkey;
- STACK_OF(X509_ATTRIBUTE) *sk;
- STACK_OF(X509_EXTENSION) *exts;
- char mlch = ' ';
- int nmindent = 0;
-
- if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
- mlch = '\n';
- nmindent = 12;
- }
-
- if(nmflags == X509_FLAG_COMPAT)
- nmindent = 16;
-
-
- ri=x->req_info;
- if(!(cflag & X509_FLAG_NO_HEADER))
- {
- if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
- if (BIO_write(bp," Data:\n",10) <= 0) goto err;
- }
- if(!(cflag & X509_FLAG_NO_VERSION))
- {
- neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
- l=0;
- for (i=0; i<ri->version->length; i++)
- { l<<=8; l+=ri->version->data[i]; }
- if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
- l) <= 0)
- goto err;
- }
- if(!(cflag & X509_FLAG_NO_SUBJECT))
- {
- if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
- if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
- if (BIO_write(bp,"\n",1) <= 0) goto err;
- }
- if(!(cflag & X509_FLAG_NO_PUBKEY))
- {
- if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0)
- goto err;
- if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
- goto err;
- if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
- goto err;
- if (BIO_puts(bp, "\n") <= 0)
- goto err;
-
- pkey=X509_REQ_get_pubkey(x);
- if (pkey == NULL)
- {
- BIO_printf(bp,"%12sUnable to load Public Key\n","");
- ERR_print_errors(bp);
- }
- else
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
- BN_num_bits(pkey->pkey.rsa->n));
- RSA_print(bp,pkey->pkey.rsa,16);
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- BIO_printf(bp,"%12sDSA Public Key:\n","");
- DSA_print(bp,pkey->pkey.dsa,16);
- }
- else
-#endif
-#ifndef OPENSSL_NO_EC
- if (pkey->type == EVP_PKEY_EC)
- {
- BIO_printf(bp, "%12sEC Public Key: \n","");
- EC_KEY_print(bp, pkey->pkey.ec, 16);
- }
- else
-#endif
- BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
- EVP_PKEY_free(pkey);
- }
-
- if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
- {
- /* may not be */
- if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
- goto err;
-
- sk=x->req_info->attributes;
- if (sk_X509_ATTRIBUTE_num(sk) == 0)
- {
- if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
- goto err;
- }
- else
- {
- for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
- {
- ASN1_TYPE *at;
- X509_ATTRIBUTE *a;
- ASN1_BIT_STRING *bs=NULL;
- ASN1_TYPE *t;
- int j,type=0,count=1,ii=0;
-
- a=sk_X509_ATTRIBUTE_value(sk,i);
- if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
- continue;
- if(BIO_printf(bp,"%12s","") <= 0)
- goto err;
- if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
- {
- if (a->single)
- {
- t=a->value.single;
- type=t->type;
- bs=t->value.bit_string;
- }
- else
- {
- ii=0;
- count=sk_ASN1_TYPE_num(a->value.set);
-get_next:
- at=sk_ASN1_TYPE_value(a->value.set,ii);
- type=at->type;
- bs=at->value.asn1_string;
- }
- }
- for (j=25-j; j>0; j--)
- if (BIO_write(bp," ",1) != 1) goto err;
- if (BIO_puts(bp,":") <= 0) goto err;
- if ( (type == V_ASN1_PRINTABLESTRING) ||
- (type == V_ASN1_T61STRING) ||
- (type == V_ASN1_IA5STRING))
- {
- if (BIO_write(bp,(char *)bs->data,bs->length)
- != bs->length)
- goto err;
- BIO_puts(bp,"\n");
- }
- else
- {
- BIO_puts(bp,"unable to print attribute\n");
- }
- if (++ii < count) goto get_next;
- }
- }
- }
- if(!(cflag & X509_FLAG_NO_EXTENSIONS))
- {
- exts = X509_REQ_get_extensions(x);
- if(exts)
- {
- BIO_printf(bp,"%8sRequested Extensions:\n","");
- for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
- {
- ASN1_OBJECT *obj;
- X509_EXTENSION *ex;
- int j;
- ex=sk_X509_EXTENSION_value(exts, i);
- if (BIO_printf(bp,"%12s","") <= 0) goto err;
- obj=X509_EXTENSION_get_object(ex);
- i2a_ASN1_OBJECT(bp,obj);
- j=X509_EXTENSION_get_critical(ex);
- if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
- goto err;
- if(!X509V3_EXT_print(bp, ex, cflag, 16))
- {
- BIO_printf(bp, "%16s", "");
- M_ASN1_OCTET_STRING_print(bp,ex->value);
- }
- if (BIO_write(bp,"\n",1) <= 0) goto err;
- }
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
- }
- }
-
- if(!(cflag & X509_FLAG_NO_SIGDUMP))
- {
- if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
- }
-
- return(1);
-err:
- X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB);
- return(0);
- }
-
-int X509_REQ_print(BIO *bp, X509_REQ *x)
- {
- return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_req.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/t_req.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_req.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_req.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,273 @@
+/* crypto/asn1/t_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = X509_REQ_print(b, x);
+ BIO_free(b);
+ return (ret);
+}
+#endif
+
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
+ unsigned long cflag)
+{
+ unsigned long l;
+ int i;
+ const char *neg;
+ X509_REQ_INFO *ri;
+ EVP_PKEY *pkey;
+ STACK_OF(X509_ATTRIBUTE) *sk;
+ STACK_OF(X509_EXTENSION) *exts;
+ char mlch = ' ';
+ int nmindent = 0;
+
+ if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+ mlch = '\n';
+ nmindent = 12;
+ }
+
+ if (nmflags == X509_FLAG_COMPAT)
+ nmindent = 16;
+
+ ri = x->req_info;
+ if (!(cflag & X509_FLAG_NO_HEADER)) {
+ if (BIO_write(bp, "Certificate Request:\n", 21) <= 0)
+ goto err;
+ if (BIO_write(bp, " Data:\n", 10) <= 0)
+ goto err;
+ }
+ if (!(cflag & X509_FLAG_NO_VERSION)) {
+ neg = (ri->version->type == V_ASN1_NEG_INTEGER) ? "-" : "";
+ l = 0;
+ for (i = 0; i < ri->version->length; i++) {
+ l <<= 8;
+ l += ri->version->data[i];
+ }
+ if (BIO_printf(bp, "%8sVersion: %s%lu (%s0x%lx)\n", "", neg, l, neg,
+ l) <= 0)
+ goto err;
+ }
+ if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+ if (BIO_printf(bp, " Subject:%c", mlch) <= 0)
+ goto err;
+ if (X509_NAME_print_ex(bp, ri->subject, nmindent, nmflags) < 0)
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+ if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0)
+ goto err;
+ if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+ goto err;
+ if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
+ goto err;
+ if (BIO_puts(bp, "\n") <= 0)
+ goto err;
+
+ pkey = X509_REQ_get_pubkey(x);
+ if (pkey == NULL) {
+ BIO_printf(bp, "%12sUnable to load Public Key\n", "");
+ ERR_print_errors(bp);
+ } else
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA) {
+ BIO_printf(bp, "%12sRSA Public Key: (%d bit)\n", "",
+ BN_num_bits(pkey->pkey.rsa->n));
+ RSA_print(bp, pkey->pkey.rsa, 16);
+ } else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA) {
+ BIO_printf(bp, "%12sDSA Public Key:\n", "");
+ DSA_print(bp, pkey->pkey.dsa, 16);
+ } else
+#endif
+#ifndef OPENSSL_NO_EC
+ if (pkey->type == EVP_PKEY_EC) {
+ BIO_printf(bp, "%12sEC Public Key: \n", "");
+ EC_KEY_print(bp, pkey->pkey.ec, 16);
+ } else
+#endif
+ BIO_printf(bp, "%12sUnknown Public Key:\n", "");
+
+ EVP_PKEY_free(pkey);
+ }
+
+ if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) {
+ /* may not be */
+ if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0)
+ goto err;
+
+ sk = x->req_info->attributes;
+ if (sk_X509_ATTRIBUTE_num(sk) == 0) {
+ if (BIO_printf(bp, "%12sa0:00\n", "") <= 0)
+ goto err;
+ } else {
+ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+ ASN1_TYPE *at;
+ X509_ATTRIBUTE *a;
+ ASN1_BIT_STRING *bs = NULL;
+ ASN1_TYPE *t;
+ int j, type = 0, count = 1, ii = 0;
+
+ a = sk_X509_ATTRIBUTE_value(sk, i);
+ if (X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+ continue;
+ if (BIO_printf(bp, "%12s", "") <= 0)
+ goto err;
+ if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) {
+ if (a->single) {
+ t = a->value.single;
+ type = t->type;
+ bs = t->value.bit_string;
+ } else {
+ ii = 0;
+ count = sk_ASN1_TYPE_num(a->value.set);
+ get_next:
+ at = sk_ASN1_TYPE_value(a->value.set, ii);
+ type = at->type;
+ bs = at->value.asn1_string;
+ }
+ }
+ for (j = 25 - j; j > 0; j--)
+ if (BIO_write(bp, " ", 1) != 1)
+ goto err;
+ if (BIO_puts(bp, ":") <= 0)
+ goto err;
+ if ((type == V_ASN1_PRINTABLESTRING) ||
+ (type == V_ASN1_T61STRING) ||
+ (type == V_ASN1_IA5STRING)) {
+ if (BIO_write(bp, (char *)bs->data, bs->length)
+ != bs->length)
+ goto err;
+ BIO_puts(bp, "\n");
+ } else {
+ BIO_puts(bp, "unable to print attribute\n");
+ }
+ if (++ii < count)
+ goto get_next;
+ }
+ }
+ }
+ if (!(cflag & X509_FLAG_NO_EXTENSIONS)) {
+ exts = X509_REQ_get_extensions(x);
+ if (exts) {
+ BIO_printf(bp, "%8sRequested Extensions:\n", "");
+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+ ASN1_OBJECT *obj;
+ X509_EXTENSION *ex;
+ int j;
+ ex = sk_X509_EXTENSION_value(exts, i);
+ if (BIO_printf(bp, "%12s", "") <= 0)
+ goto err;
+ obj = X509_EXTENSION_get_object(ex);
+ i2a_ASN1_OBJECT(bp, obj);
+ j = X509_EXTENSION_get_critical(ex);
+ if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0)
+ goto err;
+ if (!X509V3_EXT_print(bp, ex, cflag, 16)) {
+ BIO_printf(bp, "%16s", "");
+ M_ASN1_OCTET_STRING_print(bp, ex->value);
+ }
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+ }
+ }
+
+ if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+ if (!X509_signature_print(bp, x->sig_alg, x->signature))
+ goto err;
+ }
+
+ return (1);
+ err:
+ X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB);
+ return (0);
+}
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+{
+ return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_spki.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_spki.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_spki.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,132 +0,0 @@
-/* t_spki.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/bn.h>
-
-/* Print out an SPKI */
-
-int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
-{
- EVP_PKEY *pkey;
- ASN1_IA5STRING *chal;
- int i, n;
- char *s;
- BIO_printf(out, "Netscape SPKI:\n");
- i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
- BIO_printf(out," Public Key Algorithm: %s\n",
- (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
- pkey = X509_PUBKEY_get(spki->spkac->pubkey);
- if(!pkey) BIO_printf(out, " Unable to load public key\n");
- else {
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- BIO_printf(out," RSA Public Key: (%d bit)\n",
- BN_num_bits(pkey->pkey.rsa->n));
- RSA_print(out,pkey->pkey.rsa,2);
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- BIO_printf(out," DSA Public Key:\n");
- DSA_print(out,pkey->pkey.dsa,2);
- }
- else
-#endif
-#ifndef OPENSSL_NO_EC
- if (pkey->type == EVP_PKEY_EC)
- {
- BIO_printf(out, " EC Public Key:\n");
- EC_KEY_print(out, pkey->pkey.ec,2);
- }
- else
-#endif
-
- BIO_printf(out," Unknown Public Key:\n");
- EVP_PKEY_free(pkey);
- }
- chal = spki->spkac->challenge;
- if(chal->length)
- BIO_printf(out, " Challenge String: %s\n", chal->data);
- i=OBJ_obj2nid(spki->sig_algor->algorithm);
- BIO_printf(out," Signature Algorithm: %s",
- (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-
- n=spki->signature->length;
- s=(char *)spki->signature->data;
- for (i=0; i<n; i++)
- {
- if ((i%18) == 0) BIO_write(out,"\n ",7);
- BIO_printf(out,"%02x%s",(unsigned char)s[i],
- ((i+1) == n)?"":":");
- }
- BIO_write(out,"\n",1);
- return 1;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_spki.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/t_spki.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_spki.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_spki.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,128 @@
+/* t_spki.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#include <openssl/bn.h>
+
+/* Print out an SPKI */
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
+{
+ EVP_PKEY *pkey;
+ ASN1_IA5STRING *chal;
+ int i, n;
+ char *s;
+ BIO_printf(out, "Netscape SPKI:\n");
+ i = OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
+ BIO_printf(out, " Public Key Algorithm: %s\n",
+ (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+ pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+ if (!pkey)
+ BIO_printf(out, " Unable to load public key\n");
+ else {
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA) {
+ BIO_printf(out, " RSA Public Key: (%d bit)\n",
+ BN_num_bits(pkey->pkey.rsa->n));
+ RSA_print(out, pkey->pkey.rsa, 2);
+ } else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA) {
+ BIO_printf(out, " DSA Public Key:\n");
+ DSA_print(out, pkey->pkey.dsa, 2);
+ } else
+#endif
+#ifndef OPENSSL_NO_EC
+ if (pkey->type == EVP_PKEY_EC) {
+ BIO_printf(out, " EC Public Key:\n");
+ EC_KEY_print(out, pkey->pkey.ec, 2);
+ } else
+#endif
+
+ BIO_printf(out, " Unknown Public Key:\n");
+ EVP_PKEY_free(pkey);
+ }
+ chal = spki->spkac->challenge;
+ if (chal->length)
+ BIO_printf(out, " Challenge String: %s\n", chal->data);
+ i = OBJ_obj2nid(spki->sig_algor->algorithm);
+ BIO_printf(out, " Signature Algorithm: %s",
+ (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+
+ n = spki->signature->length;
+ s = (char *)spki->signature->data;
+ for (i = 0; i < n; i++) {
+ if ((i % 18) == 0)
+ BIO_write(out, "\n ", 7);
+ BIO_printf(out, "%02x%s", (unsigned char)s[i],
+ ((i + 1) == n) ? "" : ":");
+ }
+ BIO_write(out, "\n", 1);
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_x509.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,520 +0,0 @@
-/* crypto/asn1/t_x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_NO_FP_API
-int X509_print_fp(FILE *fp, X509 *x)
- {
- return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
- }
-
-int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- X509err(X509_F_X509_PRINT_EX_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=X509_print_ex(b, x, nmflag, cflag);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int X509_print(BIO *bp, X509 *x)
-{
- return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-}
-
-int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
- {
- long l;
- int ret=0,i;
- char *m=NULL,mlch = ' ';
- int nmindent = 0;
- X509_CINF *ci;
- ASN1_INTEGER *bs;
- EVP_PKEY *pkey=NULL;
- const char *neg;
- ASN1_STRING *str=NULL;
-
- if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
- mlch = '\n';
- nmindent = 12;
- }
-
- if(nmflags == X509_FLAG_COMPAT)
- nmindent = 16;
-
- ci=x->cert_info;
- if(!(cflag & X509_FLAG_NO_HEADER))
- {
- if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
- if (BIO_write(bp," Data:\n",10) <= 0) goto err;
- }
- if(!(cflag & X509_FLAG_NO_VERSION))
- {
- l=X509_get_version(x);
- if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
- }
- if(!(cflag & X509_FLAG_NO_SERIAL))
- {
-
- if (BIO_write(bp," Serial Number:",22) <= 0) goto err;
-
- bs=X509_get_serialNumber(x);
- if (bs->length <= 4)
- {
- l=ASN1_INTEGER_get(bs);
- if (l < 0)
- {
- l= -l;
- neg="-";
- }
- else
- neg="";
- if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
- goto err;
- }
- else
- {
- neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
- if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
-
- for (i=0; i<bs->length; i++)
- {
- if (BIO_printf(bp,"%02x%c",bs->data[i],
- ((i+1 == bs->length)?'\n':':')) <= 0)
- goto err;
- }
- }
-
- }
-
- if(!(cflag & X509_FLAG_NO_SIGNAME))
- {
- if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0)
- goto err;
- if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
- goto err;
- if (BIO_puts(bp, "\n") <= 0)
- goto err;
- }
-
- if(!(cflag & X509_FLAG_NO_ISSUER))
- {
- if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err;
- if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
- if (BIO_write(bp,"\n",1) <= 0) goto err;
- }
- if(!(cflag & X509_FLAG_NO_VALIDITY))
- {
- if (BIO_write(bp," Validity\n",17) <= 0) goto err;
- if (BIO_write(bp," Not Before: ",24) <= 0) goto err;
- if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
- if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err;
- if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
- if (BIO_write(bp,"\n",1) <= 0) goto err;
- }
- if(!(cflag & X509_FLAG_NO_SUBJECT))
- {
- if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err;
- if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
- if (BIO_write(bp,"\n",1) <= 0) goto err;
- }
- if(!(cflag & X509_FLAG_NO_PUBKEY))
- {
- if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0)
- goto err;
- if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
- goto err;
- if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
- goto err;
- if (BIO_puts(bp, "\n") <= 0)
- goto err;
-
- pkey=X509_get_pubkey(x);
- if (pkey == NULL)
- {
- BIO_printf(bp,"%12sUnable to load Public Key\n","");
- ERR_print_errors(bp);
- }
- else
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
- BN_num_bits(pkey->pkey.rsa->n));
- RSA_print(bp,pkey->pkey.rsa,16);
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- BIO_printf(bp,"%12sDSA Public Key:\n","");
- DSA_print(bp,pkey->pkey.dsa,16);
- }
- else
-#endif
-#ifndef OPENSSL_NO_EC
- if (pkey->type == EVP_PKEY_EC)
- {
- BIO_printf(bp, "%12sEC Public Key:\n","");
- EC_KEY_print(bp, pkey->pkey.ec, 16);
- }
- else
-#endif
- BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
- EVP_PKEY_free(pkey);
- }
-
- if (!(cflag & X509_FLAG_NO_EXTENSIONS))
- X509V3_extensions_print(bp, "X509v3 extensions",
- ci->extensions, cflag, 8);
-
- if(!(cflag & X509_FLAG_NO_SIGDUMP))
- {
- if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
- }
- if(!(cflag & X509_FLAG_NO_AUX))
- {
- if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
- }
- ret=1;
-err:
- if (str != NULL) ASN1_STRING_free(str);
- if (m != NULL) OPENSSL_free(m);
- return(ret);
- }
-
-int X509_ocspid_print (BIO *bp, X509 *x)
- {
- unsigned char *der=NULL ;
- unsigned char *dertmp;
- int derlen;
- int i;
- unsigned char SHA1md[SHA_DIGEST_LENGTH];
-
- /* display the hash of the subject as it would appear
- in OCSP requests */
- if (BIO_printf(bp," Subject OCSP hash: ") <= 0)
- goto err;
- derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
- if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
- goto err;
- i2d_X509_NAME(x->cert_info->subject, &dertmp);
-
- EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
- for (i=0; i < SHA_DIGEST_LENGTH; i++)
- {
- if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
- }
- OPENSSL_free (der);
- der=NULL;
-
- /* display the hash of the public key as it would appear
- in OCSP requests */
- if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0)
- goto err;
-
- EVP_Digest(x->cert_info->key->public_key->data,
- x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
- for (i=0; i < SHA_DIGEST_LENGTH; i++)
- {
- if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
- goto err;
- }
- BIO_printf(bp,"\n");
-
- return (1);
-err:
- if (der != NULL) OPENSSL_free(der);
- return(0);
- }
-
-int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
-{
- unsigned char *s;
- int i, n;
- if (BIO_puts(bp," Signature Algorithm: ") <= 0) return 0;
- if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
-
- n=sig->length;
- s=sig->data;
- for (i=0; i<n; i++)
- {
- if ((i%18) == 0)
- if (BIO_write(bp,"\n ",9) <= 0) return 0;
- if (BIO_printf(bp,"%02x%s",s[i],
- ((i+1) == n)?"":":") <= 0) return 0;
- }
- if (BIO_write(bp,"\n",1) != 1) return 0;
- return 1;
-}
-
-int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
- {
- int i,n;
- char buf[80],*p;
-
- if (v == NULL) return(0);
- n=0;
- p=(char *)v->data;
- for (i=0; i<v->length; i++)
- {
- if ((p[i] > '~') || ((p[i] < ' ') &&
- (p[i] != '\n') && (p[i] != '\r')))
- buf[n]='.';
- else
- buf[n]=p[i];
- n++;
- if (n >= 80)
- {
- if (BIO_write(bp,buf,n) <= 0)
- return(0);
- n=0;
- }
- }
- if (n > 0)
- if (BIO_write(bp,buf,n) <= 0)
- return(0);
- return(1);
- }
-
-int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
-{
- if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
- if(tm->type == V_ASN1_GENERALIZEDTIME)
- return ASN1_GENERALIZEDTIME_print(bp, tm);
- BIO_write(bp,"Bad time value",14);
- return(0);
-}
-
-static const char *mon[12]=
- {
- "Jan","Feb","Mar","Apr","May","Jun",
- "Jul","Aug","Sep","Oct","Nov","Dec"
- };
-
-int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
- {
- char *v;
- int gmt=0;
- int i;
- int y=0,M=0,d=0,h=0,m=0,s=0;
- char *f = NULL;
- int f_len = 0;
-
- i=tm->length;
- v=(char *)tm->data;
-
- if (i < 12) goto err;
- if (v[i-1] == 'Z') gmt=1;
- for (i=0; i<12; i++)
- if ((v[i] > '9') || (v[i] < '0')) goto err;
- y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
- M= (v[4]-'0')*10+(v[5]-'0');
- if ((M > 12) || (M < 1)) goto err;
- d= (v[6]-'0')*10+(v[7]-'0');
- h= (v[8]-'0')*10+(v[9]-'0');
- m= (v[10]-'0')*10+(v[11]-'0');
- if (tm->length >= 14 &&
- (v[12] >= '0') && (v[12] <= '9') &&
- (v[13] >= '0') && (v[13] <= '9'))
- {
- s= (v[12]-'0')*10+(v[13]-'0');
- /* Check for fractions of seconds. */
- if (tm->length >= 15 && v[14] == '.')
- {
- int l = tm->length;
- f = &v[14]; /* The decimal point. */
- f_len = 1;
- while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
- ++f_len;
- }
- }
-
- if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s",
- mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0)
- return(0);
- else
- return(1);
-err:
- BIO_write(bp,"Bad time value",14);
- return(0);
- }
-
-int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
- {
- char *v;
- int gmt=0;
- int i;
- int y=0,M=0,d=0,h=0,m=0,s=0;
-
- i=tm->length;
- v=(char *)tm->data;
-
- if (i < 10) goto err;
- if (v[i-1] == 'Z') gmt=1;
- for (i=0; i<10; i++)
- if ((v[i] > '9') || (v[i] < '0')) goto err;
- y= (v[0]-'0')*10+(v[1]-'0');
- if (y < 50) y+=100;
- M= (v[2]-'0')*10+(v[3]-'0');
- if ((M > 12) || (M < 1)) goto err;
- d= (v[4]-'0')*10+(v[5]-'0');
- h= (v[6]-'0')*10+(v[7]-'0');
- m= (v[8]-'0')*10+(v[9]-'0');
- if (tm->length >=12 &&
- (v[10] >= '0') && (v[10] <= '9') &&
- (v[11] >= '0') && (v[11] <= '9'))
- s= (v[10]-'0')*10+(v[11]-'0');
-
- if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
- mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0)
- return(0);
- else
- return(1);
-err:
- BIO_write(bp,"Bad time value",14);
- return(0);
- }
-
-int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
- {
- char *s,*c,*b;
- int ret=0,l,i;
-
- l=80-2-obase;
-
- b=X509_NAME_oneline(name,NULL,0);
- if (!b)
- return 0;
- if (!*b)
- {
- OPENSSL_free(b);
- return 1;
- }
- s=b+1; /* skip the first slash */
-
- c=s;
- for (;;)
- {
-#ifndef CHARSET_EBCDIC
- if ( ((*s == '/') &&
- ((s[1] >= 'A') && (s[1] <= 'Z') && (
- (s[2] == '=') ||
- ((s[2] >= 'A') && (s[2] <= 'Z') &&
- (s[3] == '='))
- ))) ||
- (*s == '\0'))
-#else
- if ( ((*s == '/') &&
- (isupper(s[1]) && (
- (s[2] == '=') ||
- (isupper(s[2]) &&
- (s[3] == '='))
- ))) ||
- (*s == '\0'))
-#endif
- {
- i=s-c;
- if (BIO_write(bp,c,i) != i) goto err;
- c=s+1; /* skip following slash */
- if (*s != '\0')
- {
- if (BIO_write(bp,", ",2) != 2) goto err;
- }
- l--;
- }
- if (*s == '\0') break;
- s++;
- l--;
- }
-
- ret=1;
- if (0)
- {
-err:
- X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
- }
- OPENSSL_free(b);
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/t_x509.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,529 @@
+/* crypto/asn1/t_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+# include <openssl/ec.h>
+#endif
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_FP_API
+int X509_print_fp(FILE *fp, X509 *x)
+{
+ return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
+ unsigned long cflag)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = X509_print_ex(b, x, nmflag, cflag);
+ BIO_free(b);
+ return (ret);
+}
+#endif
+
+int X509_print(BIO *bp, X509 *x)
+{
+ return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
+ unsigned long cflag)
+{
+ long l;
+ int ret = 0, i;
+ char *m = NULL, mlch = ' ';
+ int nmindent = 0;
+ X509_CINF *ci;
+ ASN1_INTEGER *bs;
+ EVP_PKEY *pkey = NULL;
+ const char *neg;
+ ASN1_STRING *str = NULL;
+
+ if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+ mlch = '\n';
+ nmindent = 12;
+ }
+
+ if (nmflags == X509_FLAG_COMPAT)
+ nmindent = 16;
+
+ ci = x->cert_info;
+ if (!(cflag & X509_FLAG_NO_HEADER)) {
+ if (BIO_write(bp, "Certificate:\n", 13) <= 0)
+ goto err;
+ if (BIO_write(bp, " Data:\n", 10) <= 0)
+ goto err;
+ }
+ if (!(cflag & X509_FLAG_NO_VERSION)) {
+ l = X509_get_version(x);
+ if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0)
+ goto err;
+ }
+ if (!(cflag & X509_FLAG_NO_SERIAL)) {
+
+ if (BIO_write(bp, " Serial Number:", 22) <= 0)
+ goto err;
+
+ bs = X509_get_serialNumber(x);
+ if (bs->length <= 4) {
+ l = ASN1_INTEGER_get(bs);
+ if (l < 0) {
+ l = -l;
+ neg = "-";
+ } else
+ neg = "";
+ if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0)
+ goto err;
+ } else {
+ neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
+ if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
+ goto err;
+
+ for (i = 0; i < bs->length; i++) {
+ if (BIO_printf(bp, "%02x%c", bs->data[i],
+ ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
+ goto err;
+ }
+ }
+
+ }
+
+ if (!(cflag & X509_FLAG_NO_SIGNAME)) {
+ if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0)
+ goto err;
+ if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
+ goto err;
+ if (BIO_puts(bp, "\n") <= 0)
+ goto err;
+ }
+
+ if (!(cflag & X509_FLAG_NO_ISSUER)) {
+ if (BIO_printf(bp, " Issuer:%c", mlch) <= 0)
+ goto err;
+ if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)
+ < 0)
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ if (!(cflag & X509_FLAG_NO_VALIDITY)) {
+ if (BIO_write(bp, " Validity\n", 17) <= 0)
+ goto err;
+ if (BIO_write(bp, " Not Before: ", 24) <= 0)
+ goto err;
+ if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))
+ goto err;
+ if (BIO_write(bp, "\n Not After : ", 25) <= 0)
+ goto err;
+ if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+ if (BIO_printf(bp, " Subject:%c", mlch) <= 0)
+ goto err;
+ if (X509_NAME_print_ex
+ (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+ if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0)
+ goto err;
+ if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+ goto err;
+ if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+ goto err;
+ if (BIO_puts(bp, "\n") <= 0)
+ goto err;
+
+ pkey = X509_get_pubkey(x);
+ if (pkey == NULL) {
+ BIO_printf(bp, "%12sUnable to load Public Key\n", "");
+ ERR_print_errors(bp);
+ } else
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA) {
+ BIO_printf(bp, "%12sRSA Public Key: (%d bit)\n", "",
+ BN_num_bits(pkey->pkey.rsa->n));
+ RSA_print(bp, pkey->pkey.rsa, 16);
+ } else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA) {
+ BIO_printf(bp, "%12sDSA Public Key:\n", "");
+ DSA_print(bp, pkey->pkey.dsa, 16);
+ } else
+#endif
+#ifndef OPENSSL_NO_EC
+ if (pkey->type == EVP_PKEY_EC) {
+ BIO_printf(bp, "%12sEC Public Key:\n", "");
+ EC_KEY_print(bp, pkey->pkey.ec, 16);
+ } else
+#endif
+ BIO_printf(bp, "%12sUnknown Public Key:\n", "");
+
+ EVP_PKEY_free(pkey);
+ }
+
+ if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+ X509V3_extensions_print(bp, "X509v3 extensions",
+ ci->extensions, cflag, 8);
+
+ if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+ if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)
+ goto err;
+ }
+ if (!(cflag & X509_FLAG_NO_AUX)) {
+ if (!X509_CERT_AUX_print(bp, x->aux, 0))
+ goto err;
+ }
+ ret = 1;
+ err:
+ if (str != NULL)
+ ASN1_STRING_free(str);
+ if (m != NULL)
+ OPENSSL_free(m);
+ return (ret);
+}
+
+int X509_ocspid_print(BIO *bp, X509 *x)
+{
+ unsigned char *der = NULL;
+ unsigned char *dertmp;
+ int derlen;
+ int i;
+ unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+ /*
+ * display the hash of the subject as it would appear in OCSP requests
+ */
+ if (BIO_printf(bp, " Subject OCSP hash: ") <= 0)
+ goto err;
+ derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+ if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL)
+ goto err;
+ i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+ EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
+ for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+ if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+ goto err;
+ }
+ OPENSSL_free(der);
+ der = NULL;
+
+ /*
+ * display the hash of the public key as it would appear in OCSP requests
+ */
+ if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0)
+ goto err;
+
+ EVP_Digest(x->cert_info->key->public_key->data,
+ x->cert_info->key->public_key->length, SHA1md, NULL,
+ EVP_sha1(), NULL);
+ for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+ if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+ goto err;
+ }
+ BIO_printf(bp, "\n");
+
+ return (1);
+ err:
+ if (der != NULL)
+ OPENSSL_free(der);
+ return (0);
+}
+
+int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+{
+ unsigned char *s;
+ int i, n;
+ if (BIO_puts(bp, " Signature Algorithm: ") <= 0)
+ return 0;
+ if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
+ return 0;
+
+ n = sig->length;
+ s = sig->data;
+ for (i = 0; i < n; i++) {
+ if ((i % 18) == 0)
+ if (BIO_write(bp, "\n ", 9) <= 0)
+ return 0;
+ if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0)
+ return 0;
+ }
+ if (BIO_write(bp, "\n", 1) != 1)
+ return 0;
+ return 1;
+}
+
+int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
+{
+ int i, n;
+ char buf[80], *p;
+
+ if (v == NULL)
+ return (0);
+ n = 0;
+ p = (char *)v->data;
+ for (i = 0; i < v->length; i++) {
+ if ((p[i] > '~') || ((p[i] < ' ') &&
+ (p[i] != '\n') && (p[i] != '\r')))
+ buf[n] = '.';
+ else
+ buf[n] = p[i];
+ n++;
+ if (n >= 80) {
+ if (BIO_write(bp, buf, n) <= 0)
+ return (0);
+ n = 0;
+ }
+ }
+ if (n > 0)
+ if (BIO_write(bp, buf, n) <= 0)
+ return (0);
+ return (1);
+}
+
+int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
+{
+ if (tm->type == V_ASN1_UTCTIME)
+ return ASN1_UTCTIME_print(bp, tm);
+ if (tm->type == V_ASN1_GENERALIZEDTIME)
+ return ASN1_GENERALIZEDTIME_print(bp, tm);
+ BIO_write(bp, "Bad time value", 14);
+ return (0);
+}
+
+static const char *mon[12] = {
+ "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+};
+
+int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
+{
+ char *v;
+ int gmt = 0;
+ int i;
+ int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
+ char *f = NULL;
+ int f_len = 0;
+
+ i = tm->length;
+ v = (char *)tm->data;
+
+ if (i < 12)
+ goto err;
+ if (v[i - 1] == 'Z')
+ gmt = 1;
+ for (i = 0; i < 12; i++)
+ if ((v[i] > '9') || (v[i] < '0'))
+ goto err;
+ y = (v[0] - '0') * 1000 + (v[1] - '0') * 100
+ + (v[2] - '0') * 10 + (v[3] - '0');
+ M = (v[4] - '0') * 10 + (v[5] - '0');
+ if ((M > 12) || (M < 1))
+ goto err;
+ d = (v[6] - '0') * 10 + (v[7] - '0');
+ h = (v[8] - '0') * 10 + (v[9] - '0');
+ m = (v[10] - '0') * 10 + (v[11] - '0');
+ if (tm->length >= 14 &&
+ (v[12] >= '0') && (v[12] <= '9') &&
+ (v[13] >= '0') && (v[13] <= '9')) {
+ s = (v[12] - '0') * 10 + (v[13] - '0');
+ /* Check for fractions of seconds. */
+ if (tm->length >= 15 && v[14] == '.') {
+ int l = tm->length;
+ f = &v[14]; /* The decimal point. */
+ f_len = 1;
+ while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
+ ++f_len;
+ }
+ }
+
+ if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
+ mon[M - 1], d, h, m, s, f_len, f, y,
+ (gmt) ? " GMT" : "") <= 0)
+ return (0);
+ else
+ return (1);
+ err:
+ BIO_write(bp, "Bad time value", 14);
+ return (0);
+}
+
+int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
+{
+ char *v;
+ int gmt = 0;
+ int i;
+ int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
+
+ i = tm->length;
+ v = (char *)tm->data;
+
+ if (i < 10)
+ goto err;
+ if (v[i - 1] == 'Z')
+ gmt = 1;
+ for (i = 0; i < 10; i++)
+ if ((v[i] > '9') || (v[i] < '0'))
+ goto err;
+ y = (v[0] - '0') * 10 + (v[1] - '0');
+ if (y < 50)
+ y += 100;
+ M = (v[2] - '0') * 10 + (v[3] - '0');
+ if ((M > 12) || (M < 1))
+ goto err;
+ d = (v[4] - '0') * 10 + (v[5] - '0');
+ h = (v[6] - '0') * 10 + (v[7] - '0');
+ m = (v[8] - '0') * 10 + (v[9] - '0');
+ if (tm->length >= 12 &&
+ (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))
+ s = (v[10] - '0') * 10 + (v[11] - '0');
+
+ if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
+ mon[M - 1], d, h, m, s, y + 1900,
+ (gmt) ? " GMT" : "") <= 0)
+ return (0);
+ else
+ return (1);
+ err:
+ BIO_write(bp, "Bad time value", 14);
+ return (0);
+}
+
+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
+{
+ char *s, *c, *b;
+ int ret = 0, l, i;
+
+ l = 80 - 2 - obase;
+
+ b = X509_NAME_oneline(name, NULL, 0);
+ if (!b)
+ return 0;
+ if (!*b) {
+ OPENSSL_free(b);
+ return 1;
+ }
+ s = b + 1; /* skip the first slash */
+
+ c = s;
+ for (;;) {
+#ifndef CHARSET_EBCDIC
+ if (((*s == '/') &&
+ ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') ||
+ ((s[2] >= 'A')
+ && (s[2] <= 'Z')
+ && (s[3] == '='))
+ ))) || (*s == '\0'))
+#else
+ if (((*s == '/') &&
+ (isupper(s[1]) && ((s[2] == '=') ||
+ (isupper(s[2]) && (s[3] == '='))
+ ))) || (*s == '\0'))
+#endif
+ {
+ i = s - c;
+ if (BIO_write(bp, c, i) != i)
+ goto err;
+ c = s + 1; /* skip following slash */
+ if (*s != '\0') {
+ if (BIO_write(bp, ", ", 2) != 2)
+ goto err;
+ }
+ l--;
+ }
+ if (*s == '\0')
+ break;
+ s++;
+ l--;
+ }
+
+ ret = 1;
+ if (0) {
+ err:
+ X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
+ }
+ OPENSSL_free(b);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509a.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/t_x509a.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509a.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,110 +0,0 @@
-/* t_x509a.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-
-/* X509_CERT_AUX and string set routines
- */
-
-int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
-{
- char oidstr[80], first;
- int i;
- if(!aux) return 1;
- if(aux->trust) {
- first = 1;
- BIO_printf(out, "%*sTrusted Uses:\n%*s",
- indent, "", indent + 2, "");
- for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
- if(!first) BIO_puts(out, ", ");
- else first = 0;
- OBJ_obj2txt(oidstr, sizeof oidstr,
- sk_ASN1_OBJECT_value(aux->trust, i), 0);
- BIO_puts(out, oidstr);
- }
- BIO_puts(out, "\n");
- } else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
- if(aux->reject) {
- first = 1;
- BIO_printf(out, "%*sRejected Uses:\n%*s",
- indent, "", indent + 2, "");
- for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
- if(!first) BIO_puts(out, ", ");
- else first = 0;
- OBJ_obj2txt(oidstr, sizeof oidstr,
- sk_ASN1_OBJECT_value(aux->reject, i), 0);
- BIO_puts(out, oidstr);
- }
- BIO_puts(out, "\n");
- } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
- if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
- aux->alias->data);
- if(aux->keyid) {
- BIO_printf(out, "%*sKey Id: ", indent, "");
- for(i = 0; i < aux->keyid->length; i++)
- BIO_printf(out, "%s%02X",
- i ? ":" : "",
- aux->keyid->data[i]);
- BIO_write(out,"\n",1);
- }
- return 1;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509a.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/t_x509a.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509a.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/t_x509a.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,115 @@
+/* t_x509a.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+/*
+ * X509_CERT_AUX and string set routines
+ */
+
+int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
+{
+ char oidstr[80], first;
+ int i;
+ if (!aux)
+ return 1;
+ if (aux->trust) {
+ first = 1;
+ BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, "");
+ for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
+ if (!first)
+ BIO_puts(out, ", ");
+ else
+ first = 0;
+ OBJ_obj2txt(oidstr, sizeof oidstr,
+ sk_ASN1_OBJECT_value(aux->trust, i), 0);
+ BIO_puts(out, oidstr);
+ }
+ BIO_puts(out, "\n");
+ } else
+ BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+ if (aux->reject) {
+ first = 1;
+ BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, "");
+ for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
+ if (!first)
+ BIO_puts(out, ", ");
+ else
+ first = 0;
+ OBJ_obj2txt(oidstr, sizeof oidstr,
+ sk_ASN1_OBJECT_value(aux->reject, i), 0);
+ BIO_puts(out, oidstr);
+ }
+ BIO_puts(out, "\n");
+ } else
+ BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+ if (aux->alias)
+ BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data);
+ if (aux->keyid) {
+ BIO_printf(out, "%*sKey Id: ", indent, "");
+ for (i = 0; i < aux->keyid->length; i++)
+ BIO_printf(out, "%s%02X", i ? ":" : "", aux->keyid->data[i]);
+ BIO_write(out, "\n", 1);
+ }
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_dec.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_dec.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1343 +0,0 @@
-/* tasn_dec.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <string.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-static int asn1_check_eoc(const unsigned char **in, long len);
-static int asn1_find_end(const unsigned char **in, long len, char inf);
-
-static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
- char inf, int tag, int aclass, int depth);
-
-static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
-
-static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
- char *inf, char *cst,
- const unsigned char **in, long len,
- int exptag, int expclass, char opt,
- ASN1_TLC *ctx);
-
-static int asn1_template_ex_d2i(ASN1_VALUE **pval,
- const unsigned char **in, long len,
- const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx);
-static int asn1_template_noexp_d2i(ASN1_VALUE **val,
- const unsigned char **in, long len,
- const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx);
-static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
- const unsigned char **in, long len,
- const ASN1_ITEM *it,
- int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-/* Table to convert tags to bit values, used for MSTRING type */
-static const unsigned long tag2bit[32] = {
-0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */
-B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */
-B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */
-B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */
-B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */
-B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */
-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
- };
-
-unsigned long ASN1_tag2bit(int tag)
- {
- if ((tag < 0) || (tag > 30)) return 0;
- return tag2bit[tag];
- }
-
-/* Macro to initialize and invalidate the cache */
-
-#define asn1_tlc_clear(c) if (c) (c)->valid = 0
-
-/* Decode an ASN1 item, this currently behaves just
- * like a standard 'd2i' function. 'in' points to
- * a buffer to read the data from, in future we will
- * have more advanced versions that can input data
- * a piece at a time and this will simply be a special
- * case.
- */
-
-ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
- const unsigned char **in, long len, const ASN1_ITEM *it)
- {
- ASN1_TLC c;
- ASN1_VALUE *ptmpval = NULL;
- if (!pval)
- pval = &ptmpval;
- c.valid = 0;
- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
- return *pval;
- return NULL;
- }
-
-int ASN1_template_d2i(ASN1_VALUE **pval,
- const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
- {
- ASN1_TLC c;
- c.valid = 0;
- return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
- }
-
-
-/* Decode an item, taking care of IMPLICIT tagging, if any.
- * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
- */
-
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
- const ASN1_ITEM *it,
- int tag, int aclass, char opt, ASN1_TLC *ctx)
- {
- const ASN1_TEMPLATE *tt, *errtt = NULL;
- const ASN1_COMPAT_FUNCS *cf;
- const ASN1_EXTERN_FUNCS *ef;
- const ASN1_AUX *aux = it->funcs;
- ASN1_aux_cb *asn1_cb;
- const unsigned char *p = NULL, *q;
- unsigned char *wp=NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */
- unsigned char imphack = 0, oclass;
- char seq_eoc, seq_nolen, cst, isopt;
- long tmplen;
- int i;
- int otag;
- int ret = 0;
- ASN1_VALUE **pchptr, *ptmpval;
- if (!pval)
- return 0;
- if (aux && aux->asn1_cb)
- asn1_cb = aux->asn1_cb;
- else asn1_cb = 0;
-
- switch(it->itype)
- {
- case ASN1_ITYPE_PRIMITIVE:
- if (it->templates)
- {
- /* tagging or OPTIONAL is currently illegal on an item
- * template because the flags can't get passed down.
- * In practice this isn't a problem: we include the
- * relevant flags from the item template in the
- * template itself.
- */
- if ((tag != -1) || opt)
- {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
- goto err;
- }
- return asn1_template_ex_d2i(pval, in, len,
- it->templates, opt, ctx);
- }
- return asn1_d2i_ex_primitive(pval, in, len, it,
- tag, aclass, opt, ctx);
- break;
-
- case ASN1_ITYPE_MSTRING:
- p = *in;
- /* Just read in tag and class */
- ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
- &p, len, -1, 0, 1, ctx);
- if (!ret)
- {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
-
- /* Must be UNIVERSAL class */
- if (oclass != V_ASN1_UNIVERSAL)
- {
- /* If OPTIONAL, assume this is OK */
- if (opt) return -1;
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ASN1_R_MSTRING_NOT_UNIVERSAL);
- goto err;
- }
- /* Check tag matches bit map */
- if (!(ASN1_tag2bit(otag) & it->utype))
- {
- /* If OPTIONAL, assume this is OK */
- if (opt)
- return -1;
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ASN1_R_MSTRING_WRONG_TAG);
- goto err;
- }
- return asn1_d2i_ex_primitive(pval, in, len,
- it, otag, 0, 0, ctx);
-
- case ASN1_ITYPE_EXTERN:
- /* Use new style d2i */
- ef = it->funcs;
- return ef->asn1_ex_d2i(pval, in, len,
- it, tag, aclass, opt, ctx);
-
- case ASN1_ITYPE_COMPAT:
- /* we must resort to old style evil hackery */
- cf = it->funcs;
-
- /* If OPTIONAL see if it is there */
- if (opt)
- {
- int exptag;
- p = *in;
- if (tag == -1)
- exptag = it->utype;
- else exptag = tag;
- /* Don't care about anything other than presence
- * of expected tag */
-
- ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
- &p, len, exptag, aclass, 1, ctx);
- if (!ret)
- {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
- if (ret == -1)
- return -1;
- }
-
- /* This is the old style evil hack IMPLICIT handling:
- * since the underlying code is expecting a tag and
- * class other than the one present we change the
- * buffer temporarily then change it back afterwards.
- * This doesn't and never did work for tags > 30.
- *
- * Yes this is *horrible* but it is only needed for
- * old style d2i which will hopefully not be around
- * for much longer.
- * FIXME: should copy the buffer then modify it so
- * the input buffer can be const: we should *always*
- * copy because the old style d2i might modify the
- * buffer.
- */
-
- if (tag != -1)
- {
- wp = *(unsigned char **)in;
- imphack = *wp;
- if (p == NULL)
- {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
- *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
- | it->utype);
- }
-
- ptmpval = cf->asn1_d2i(pval, in, len);
-
- if (tag != -1)
- *wp = imphack;
-
- if (ptmpval)
- return 1;
-
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
- goto err;
-
-
- case ASN1_ITYPE_CHOICE:
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
- goto auxerr;
-
- /* Allocate structure */
- if (!*pval && !ASN1_item_ex_new(pval, it))
- {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
- /* CHOICE type, try each possibility in turn */
- p = *in;
- for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
- {
- pchptr = asn1_get_field_ptr(pval, tt);
- /* We mark field as OPTIONAL so its absence
- * can be recognised.
- */
- ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
- /* If field not present, try the next one */
- if (ret == -1)
- continue;
- /* If positive return, read OK, break loop */
- if (ret > 0)
- break;
- /* Otherwise must be an ASN1 parsing error */
- errtt = tt;
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
-
- /* Did we fall off the end without reading anything? */
- if (i == it->tcount)
- {
- /* If OPTIONAL, this is OK */
- if (opt)
- {
- /* Free and zero it */
- ASN1_item_ex_free(pval, it);
- return -1;
- }
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ASN1_R_NO_MATCHING_CHOICE_TYPE);
- goto err;
- }
-
- asn1_set_choice_selector(pval, i, it);
- *in = p;
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
- goto auxerr;
- return 1;
-
- case ASN1_ITYPE_NDEF_SEQUENCE:
- case ASN1_ITYPE_SEQUENCE:
- p = *in;
- tmplen = len;
-
- /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
- if (tag == -1)
- {
- tag = V_ASN1_SEQUENCE;
- aclass = V_ASN1_UNIVERSAL;
- }
- /* Get SEQUENCE length and update len, p */
- ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
- &p, len, tag, aclass, opt, ctx);
- if (!ret)
- {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
- else if (ret == -1)
- return -1;
- if (aux && (aux->flags & ASN1_AFLG_BROKEN))
- {
- len = tmplen - (p - *in);
- seq_nolen = 1;
- }
- /* If indefinite we don't do a length check */
- else seq_nolen = seq_eoc;
- if (!cst)
- {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
- goto err;
- }
-
- if (!*pval && !ASN1_item_ex_new(pval, it))
- {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
-
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
- goto auxerr;
-
- /* Get each field entry */
- for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
- {
- const ASN1_TEMPLATE *seqtt;
- ASN1_VALUE **pseqval;
- seqtt = asn1_do_adb(pval, tt, 1);
- if (!seqtt)
- goto err;
- pseqval = asn1_get_field_ptr(pval, seqtt);
- /* Have we ran out of data? */
- if (!len)
- break;
- q = p;
- if (asn1_check_eoc(&p, len))
- {
- if (!seq_eoc)
- {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ASN1_R_UNEXPECTED_EOC);
- goto err;
- }
- len -= p - q;
- seq_eoc = 0;
- q = p;
- break;
- }
- /* This determines the OPTIONAL flag value. The field
- * cannot be omitted if it is the last of a SEQUENCE
- * and there is still data to be read. This isn't
- * strictly necessary but it increases efficiency in
- * some cases.
- */
- if (i == (it->tcount - 1))
- isopt = 0;
- else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
- /* attempt to read in field, allowing each to be
- * OPTIONAL */
-
- ret = asn1_template_ex_d2i(pseqval, &p, len,
- seqtt, isopt, ctx);
- if (!ret)
- {
- errtt = seqtt;
- goto err;
- }
- else if (ret == -1)
- {
- /* OPTIONAL component absent.
- * Free and zero the field.
- */
- ASN1_template_free(pseqval, seqtt);
- continue;
- }
- /* Update length */
- len -= p - q;
- }
-
- /* Check for EOC if expecting one */
- if (seq_eoc && !asn1_check_eoc(&p, len))
- {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
- goto err;
- }
- /* Check all data read */
- if (!seq_nolen && len)
- {
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ASN1_R_SEQUENCE_LENGTH_MISMATCH);
- goto err;
- }
-
- /* If we get here we've got no more data in the SEQUENCE,
- * however we may not have read all fields so check all
- * remaining are OPTIONAL and clear any that are.
- */
- for (; i < it->tcount; tt++, i++)
- {
- const ASN1_TEMPLATE *seqtt;
- seqtt = asn1_do_adb(pval, tt, 1);
- if (!seqtt)
- goto err;
- if (seqtt->flags & ASN1_TFLG_OPTIONAL)
- {
- ASN1_VALUE **pseqval;
- pseqval = asn1_get_field_ptr(pval, seqtt);
- ASN1_template_free(pseqval, seqtt);
- }
- else
- {
- errtt = seqtt;
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
- ASN1_R_FIELD_MISSING);
- goto err;
- }
- }
- /* Save encoding */
- if (!asn1_enc_save(pval, *in, p - *in, it))
- goto auxerr;
- *in = p;
- if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
- goto auxerr;
- return 1;
-
- default:
- return 0;
- }
- auxerr:
- ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
- err:
- ASN1_item_ex_free(pval, it);
- if (errtt)
- ERR_add_error_data(4, "Field=", errtt->field_name,
- ", Type=", it->sname);
- else
- ERR_add_error_data(2, "Type=", it->sname);
- return 0;
- }
-
-/* Templates are handled with two separate functions.
- * One handles any EXPLICIT tag and the other handles the rest.
- */
-
-static int asn1_template_ex_d2i(ASN1_VALUE **val,
- const unsigned char **in, long inlen,
- const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx)
- {
- int flags, aclass;
- int ret;
- long len;
- const unsigned char *p, *q;
- char exp_eoc;
- if (!val)
- return 0;
- flags = tt->flags;
- aclass = flags & ASN1_TFLG_TAG_CLASS;
-
- p = *in;
-
- /* Check if EXPLICIT tag expected */
- if (flags & ASN1_TFLG_EXPTAG)
- {
- char cst;
- /* Need to work out amount of data available to the inner
- * content and where it starts: so read in EXPLICIT header to
- * get the info.
- */
- ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
- &p, inlen, tt->tag, aclass, opt, ctx);
- q = p;
- if (!ret)
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- return 0;
- }
- else if (ret == -1)
- return -1;
- if (!cst)
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
- ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
- return 0;
- }
- /* We've found the field so it can't be OPTIONAL now */
- ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
- if (!ret)
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- return 0;
- }
- /* We read the field in OK so update length */
- len -= p - q;
- if (exp_eoc)
- {
- /* If NDEF we must have an EOC here */
- if (!asn1_check_eoc(&p, len))
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
- ASN1_R_MISSING_EOC);
- goto err;
- }
- }
- else
- {
- /* Otherwise we must hit the EXPLICIT tag end or its
- * an error */
- if (len)
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
- ASN1_R_EXPLICIT_LENGTH_MISMATCH);
- goto err;
- }
- }
- }
- else
- return asn1_template_noexp_d2i(val, in, inlen,
- tt, opt, ctx);
-
- *in = p;
- return 1;
-
- err:
- ASN1_template_free(val, tt);
- return 0;
- }
-
-static int asn1_template_noexp_d2i(ASN1_VALUE **val,
- const unsigned char **in, long len,
- const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx)
- {
- int flags, aclass;
- int ret;
- const unsigned char *p, *q;
- if (!val)
- return 0;
- flags = tt->flags;
- aclass = flags & ASN1_TFLG_TAG_CLASS;
-
- p = *in;
- q = p;
-
- if (flags & ASN1_TFLG_SK_MASK)
- {
- /* SET OF, SEQUENCE OF */
- int sktag, skaclass;
- char sk_eoc;
- /* First work out expected inner tag value */
- if (flags & ASN1_TFLG_IMPTAG)
- {
- sktag = tt->tag;
- skaclass = aclass;
- }
- else
- {
- skaclass = V_ASN1_UNIVERSAL;
- if (flags & ASN1_TFLG_SET_OF)
- sktag = V_ASN1_SET;
- else
- sktag = V_ASN1_SEQUENCE;
- }
- /* Get the tag */
- ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
- &p, len, sktag, skaclass, opt, ctx);
- if (!ret)
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- return 0;
- }
- else if (ret == -1)
- return -1;
- if (!*val)
- *val = (ASN1_VALUE *)sk_new_null();
- else
- {
- /* We've got a valid STACK: free up any items present */
- STACK *sktmp = (STACK *)*val;
- ASN1_VALUE *vtmp;
- while(sk_num(sktmp) > 0)
- {
- vtmp = (ASN1_VALUE *)sk_pop(sktmp);
- ASN1_item_ex_free(&vtmp,
- ASN1_ITEM_ptr(tt->item));
- }
- }
-
- if (!*val)
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* Read as many items as we can */
- while(len > 0)
- {
- ASN1_VALUE *skfield;
- q = p;
- /* See if EOC found */
- if (asn1_check_eoc(&p, len))
- {
- if (!sk_eoc)
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
- ASN1_R_UNEXPECTED_EOC);
- goto err;
- }
- len -= p - q;
- sk_eoc = 0;
- break;
- }
- skfield = NULL;
- if (!ASN1_item_ex_d2i(&skfield, &p, len,
- ASN1_ITEM_ptr(tt->item),
- -1, 0, 0, ctx))
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
- len -= p - q;
- if (!sk_push((STACK *)*val, (char *)skfield))
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- if (sk_eoc)
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
- goto err;
- }
- }
- else if (flags & ASN1_TFLG_IMPTAG)
- {
- /* IMPLICIT tagging */
- ret = ASN1_item_ex_d2i(val, &p, len,
- ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
- if (!ret)
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
- else if (ret == -1)
- return -1;
- }
- else
- {
- /* Nothing special */
- ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
- -1, 0, opt, ctx);
- if (!ret)
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
- ERR_R_NESTED_ASN1_ERROR);
- goto err;
- }
- else if (ret == -1)
- return -1;
- }
-
- *in = p;
- return 1;
-
- err:
- ASN1_template_free(val, tt);
- return 0;
- }
-
-static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
- const unsigned char **in, long inlen,
- const ASN1_ITEM *it,
- int tag, int aclass, char opt, ASN1_TLC *ctx)
- {
- int ret = 0, utype;
- long plen;
- char cst, inf, free_cont = 0;
- const unsigned char *p;
- BUF_MEM buf;
- const unsigned char *cont = NULL;
- long len;
- if (!pval)
- {
- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
- return 0; /* Should never happen */
- }
-
- if (it->itype == ASN1_ITYPE_MSTRING)
- {
- utype = tag;
- tag = -1;
- }
- else
- utype = it->utype;
-
- if (utype == V_ASN1_ANY)
- {
- /* If type is ANY need to figure out type from tag */
- unsigned char oclass;
- if (tag >= 0)
- {
- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
- ASN1_R_ILLEGAL_TAGGED_ANY);
- return 0;
- }
- if (opt)
- {
- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
- ASN1_R_ILLEGAL_OPTIONAL_ANY);
- return 0;
- }
- p = *in;
- ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
- &p, inlen, -1, 0, 0, ctx);
- if (!ret)
- {
- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
- ERR_R_NESTED_ASN1_ERROR);
- return 0;
- }
- if (oclass != V_ASN1_UNIVERSAL)
- utype = V_ASN1_OTHER;
- }
- if (tag == -1)
- {
- tag = utype;
- aclass = V_ASN1_UNIVERSAL;
- }
- p = *in;
- /* Check header */
- ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
- &p, inlen, tag, aclass, opt, ctx);
- if (!ret)
- {
- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
- return 0;
- }
- else if (ret == -1)
- return -1;
- ret = 0;
- /* SEQUENCE, SET and "OTHER" are left in encoded form */
- if ((utype == V_ASN1_SEQUENCE)
- || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
- {
- /* Clear context cache for type OTHER because the auto clear
- * when we have a exact match wont work
- */
- if (utype == V_ASN1_OTHER)
- {
- asn1_tlc_clear(ctx);
- }
- /* SEQUENCE and SET must be constructed */
- else if (!cst)
- {
- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
- ASN1_R_TYPE_NOT_CONSTRUCTED);
- return 0;
- }
-
- cont = *in;
- /* If indefinite length constructed find the real end */
- if (inf)
- {
- if (!asn1_find_end(&p, plen, inf))
- goto err;
- len = p - cont;
- }
- else
- {
- len = p - cont + plen;
- p += plen;
- buf.data = NULL;
- }
- }
- else if (cst)
- {
- buf.length = 0;
- buf.max = 0;
- buf.data = NULL;
- /* Should really check the internal tags are correct but
- * some things may get this wrong. The relevant specs
- * say that constructed string types should be OCTET STRINGs
- * internally irrespective of the type. So instead just check
- * for UNIVERSAL class and ignore the tag.
- */
- if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0))
- {
- free_cont = 1;
- goto err;
- }
- len = buf.length;
- /* Append a final null to string */
- if (!BUF_MEM_grow_clean(&buf, len + 1))
- {
- ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- buf.data[len] = 0;
- cont = (const unsigned char *)buf.data;
- free_cont = 1;
- }
- else
- {
- cont = p;
- len = plen;
- p += plen;
- }
-
- /* We now have content length and type: translate into a structure */
- if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
- goto err;
-
- *in = p;
- ret = 1;
- err:
- if (free_cont && buf.data) OPENSSL_free(buf.data);
- return ret;
- }
-
-/* Translate ASN1 content octets into a structure */
-
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
- int utype, char *free_cont, const ASN1_ITEM *it)
- {
- ASN1_VALUE **opval = NULL;
- ASN1_STRING *stmp;
- ASN1_TYPE *typ = NULL;
- int ret = 0;
- const ASN1_PRIMITIVE_FUNCS *pf;
- ASN1_INTEGER **tint;
- pf = it->funcs;
-
- if (pf && pf->prim_c2i)
- return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
- /* If ANY type clear type and set pointer to internal value */
- if (it->utype == V_ASN1_ANY)
- {
- if (!*pval)
- {
- typ = ASN1_TYPE_new();
- if (typ == NULL)
- goto err;
- *pval = (ASN1_VALUE *)typ;
- }
- else
- typ = (ASN1_TYPE *)*pval;
-
- if (utype != typ->type)
- ASN1_TYPE_set(typ, utype, NULL);
- opval = pval;
- pval = &typ->value.asn1_value;
- }
- switch(utype)
- {
- case V_ASN1_OBJECT:
- if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
- goto err;
- break;
-
- case V_ASN1_NULL:
- if (len)
- {
- ASN1err(ASN1_F_ASN1_EX_C2I,
- ASN1_R_NULL_IS_WRONG_LENGTH);
- goto err;
- }
- *pval = (ASN1_VALUE *)1;
- break;
-
- case V_ASN1_BOOLEAN:
- if (len != 1)
- {
- ASN1err(ASN1_F_ASN1_EX_C2I,
- ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
- goto err;
- }
- else
- {
- ASN1_BOOLEAN *tbool;
- tbool = (ASN1_BOOLEAN *)pval;
- *tbool = *cont;
- }
- break;
-
- case V_ASN1_BIT_STRING:
- if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
- goto err;
- break;
-
- case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
- case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
- tint = (ASN1_INTEGER **)pval;
- if (!c2i_ASN1_INTEGER(tint, &cont, len))
- goto err;
- /* Fixup type to match the expected form */
- (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
- break;
-
- case V_ASN1_OCTET_STRING:
- case V_ASN1_NUMERICSTRING:
- case V_ASN1_PRINTABLESTRING:
- case V_ASN1_T61STRING:
- case V_ASN1_VIDEOTEXSTRING:
- case V_ASN1_IA5STRING:
- case V_ASN1_UTCTIME:
- case V_ASN1_GENERALIZEDTIME:
- case V_ASN1_GRAPHICSTRING:
- case V_ASN1_VISIBLESTRING:
- case V_ASN1_GENERALSTRING:
- case V_ASN1_UNIVERSALSTRING:
- case V_ASN1_BMPSTRING:
- case V_ASN1_UTF8STRING:
- case V_ASN1_OTHER:
- case V_ASN1_SET:
- case V_ASN1_SEQUENCE:
- default:
- if (utype == V_ASN1_BMPSTRING && (len & 1))
- {
- ASN1err(ASN1_F_ASN1_EX_C2I,
- ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
- goto err;
- }
- if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
- {
- ASN1err(ASN1_F_ASN1_EX_C2I,
- ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
- goto err;
- }
- /* All based on ASN1_STRING and handled the same */
- if (!*pval)
- {
- stmp = ASN1_STRING_type_new(utype);
- if (!stmp)
- {
- ASN1err(ASN1_F_ASN1_EX_C2I,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- *pval = (ASN1_VALUE *)stmp;
- }
- else
- {
- stmp = (ASN1_STRING *)*pval;
- stmp->type = utype;
- }
- /* If we've already allocated a buffer use it */
- if (*free_cont)
- {
- if (stmp->data)
- OPENSSL_free(stmp->data);
- stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
- stmp->length = len;
- *free_cont = 0;
- }
- else
- {
- if (!ASN1_STRING_set(stmp, cont, len))
- {
- ASN1err(ASN1_F_ASN1_EX_C2I,
- ERR_R_MALLOC_FAILURE);
- ASN1_STRING_free(stmp);
- *pval = NULL;
- goto err;
- }
- }
- break;
- }
- /* If ASN1_ANY and NULL type fix up value */
- if (typ && (utype == V_ASN1_NULL))
- typ->value.ptr = NULL;
-
- ret = 1;
- err:
- if (!ret)
- {
- ASN1_TYPE_free(typ);
- if (opval)
- *opval = NULL;
- }
- return ret;
- }
-
-
-/* This function finds the end of an ASN1 structure when passed its maximum
- * length, whether it is indefinite length and a pointer to the content.
- * This is more efficient than calling asn1_collect because it does not
- * recurse on each indefinite length header.
- */
-
-static int asn1_find_end(const unsigned char **in, long len, char inf)
- {
- int expected_eoc;
- long plen;
- const unsigned char *p = *in, *q;
- /* If not indefinite length constructed just add length */
- if (inf == 0)
- {
- *in += len;
- return 1;
- }
- expected_eoc = 1;
- /* Indefinite length constructed form. Find the end when enough EOCs
- * are found. If more indefinite length constructed headers
- * are encountered increment the expected eoc count otherwise just
- * skip to the end of the data.
- */
- while (len > 0)
- {
- if(asn1_check_eoc(&p, len))
- {
- expected_eoc--;
- if (expected_eoc == 0)
- break;
- len -= 2;
- continue;
- }
- q = p;
- /* Just read in a header: only care about the length */
- if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
- -1, 0, 0, NULL))
- {
- ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
- return 0;
- }
- if (inf)
- expected_eoc++;
- else
- p += plen;
- len -= p - q;
- }
- if (expected_eoc)
- {
- ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
- return 0;
- }
- *in = p;
- return 1;
- }
-/* This function collects the asn1 data from a constructred string
- * type into a buffer. The values of 'in' and 'len' should refer
- * to the contents of the constructed type and 'inf' should be set
- * if it is indefinite length.
- */
-
-#ifndef ASN1_MAX_STRING_NEST
-/* This determines how many levels of recursion are permitted in ASN1
- * string types. If it is not limited stack overflows can occur. If set
- * to zero no recursion is allowed at all. Although zero should be adequate
- * examples exist that require a value of 1. So 5 should be more than enough.
- */
-#define ASN1_MAX_STRING_NEST 5
-#endif
-
-
-static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
- char inf, int tag, int aclass, int depth)
- {
- const unsigned char *p, *q;
- long plen;
- char cst, ininf;
- p = *in;
- inf &= 1;
- /* If no buffer and not indefinite length constructed just pass over
- * the encoded data */
- if (!buf && !inf)
- {
- *in += len;
- return 1;
- }
- while(len > 0)
- {
- q = p;
- /* Check for EOC */
- if (asn1_check_eoc(&p, len))
- {
- /* EOC is illegal outside indefinite length
- * constructed form */
- if (!inf)
- {
- ASN1err(ASN1_F_ASN1_COLLECT,
- ASN1_R_UNEXPECTED_EOC);
- return 0;
- }
- inf = 0;
- break;
- }
-
- if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
- len, tag, aclass, 0, NULL))
- {
- ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
- return 0;
- }
-
- /* If indefinite length constructed update max length */
- if (cst)
- {
- if (depth >= ASN1_MAX_STRING_NEST)
- {
- ASN1err(ASN1_F_ASN1_COLLECT,
- ASN1_R_NESTED_ASN1_STRING);
- return 0;
- }
- if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
- depth + 1))
- return 0;
- }
- else if (plen && !collect_data(buf, &p, plen))
- return 0;
- len -= p - q;
- }
- if (inf)
- {
- ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
- return 0;
- }
- *in = p;
- return 1;
- }
-
-static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
- {
- int len;
- if (buf)
- {
- len = buf->length;
- if (!BUF_MEM_grow_clean(buf, len + plen))
- {
- ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- memcpy(buf->data + len, *p, plen);
- }
- *p += plen;
- return 1;
- }
-
-/* Check for ASN1 EOC and swallow it if found */
-
-static int asn1_check_eoc(const unsigned char **in, long len)
- {
- const unsigned char *p;
- if (len < 2) return 0;
- p = *in;
- if (!p[0] && !p[1])
- {
- *in += 2;
- return 1;
- }
- return 0;
- }
-
-/* Check an ASN1 tag and length: a bit like ASN1_get_object
- * but it sets the length for indefinite length constructed
- * form, we don't know the exact length but we can set an
- * upper bound to the amount of data available minus the
- * header length just read.
- */
-
-static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
- char *inf, char *cst,
- const unsigned char **in, long len,
- int exptag, int expclass, char opt,
- ASN1_TLC *ctx)
- {
- int i;
- int ptag, pclass;
- long plen;
- const unsigned char *p, *q;
- p = *in;
- q = p;
-
- if (ctx && ctx->valid)
- {
- i = ctx->ret;
- plen = ctx->plen;
- pclass = ctx->pclass;
- ptag = ctx->ptag;
- p += ctx->hdrlen;
- }
- else
- {
- i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
- if (ctx)
- {
- ctx->ret = i;
- ctx->plen = plen;
- ctx->pclass = pclass;
- ctx->ptag = ptag;
- ctx->hdrlen = p - q;
- ctx->valid = 1;
- /* If definite length, and no error, length +
- * header can't exceed total amount of data available.
- */
- if (!(i & 0x81) && ((plen + ctx->hdrlen) > len))
- {
- ASN1err(ASN1_F_ASN1_CHECK_TLEN,
- ASN1_R_TOO_LONG);
- asn1_tlc_clear(ctx);
- return 0;
- }
- }
- }
-
- if (i & 0x80)
- {
- ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
- asn1_tlc_clear(ctx);
- return 0;
- }
- if (exptag >= 0)
- {
- if ((exptag != ptag) || (expclass != pclass))
- {
- /* If type is OPTIONAL, not an error:
- * indicate missing type.
- */
- if (opt) return -1;
- asn1_tlc_clear(ctx);
- ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
- return 0;
- }
- /* We have a tag and class match:
- * assume we are going to do something with it */
- asn1_tlc_clear(ctx);
- }
-
- if (i & 1)
- plen = len - (p - q);
-
- if (inf)
- *inf = i & 1;
-
- if (cst)
- *cst = i & V_ASN1_CONSTRUCTED;
-
- if (olen)
- *olen = plen;
-
- if (oclass)
- *oclass = pclass;
-
- if (otag)
- *otag = ptag;
-
- *in = p;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_dec.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/tasn_dec.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_dec.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_dec.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1226 @@
+/* tasn_dec.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static int asn1_check_eoc(const unsigned char **in, long len);
+static int asn1_find_end(const unsigned char **in, long len, char inf);
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+ char inf, int tag, int aclass, int depth);
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+ char *inf, char *cst,
+ const unsigned char **in, long len,
+ int exptag, int expclass, char opt, ASN1_TLC *ctx);
+
+static int asn1_template_ex_d2i(ASN1_VALUE **pval,
+ const unsigned char **in, long len,
+ const ASN1_TEMPLATE *tt, char opt,
+ ASN1_TLC *ctx);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+ const unsigned char **in, long len,
+ const ASN1_TEMPLATE *tt, char opt,
+ ASN1_TLC *ctx);
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+ const unsigned char **in, long len,
+ const ASN1_ITEM *it,
+ int tag, int aclass, char opt,
+ ASN1_TLC *ctx);
+
+/* Table to convert tags to bit values, used for MSTRING type */
+static const unsigned long tag2bit[32] = {
+ /* tags 0 - 3 */
+ 0, 0, 0, B_ASN1_BIT_STRING,
+ /* tags 4- 7 */
+ B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,
+ /* tags 8-11 */
+ B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
+ /* tags 12-15 */
+ B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
+ /* tags 16-19 */
+ B_ASN1_SEQUENCE, 0, B_ASN1_NUMERICSTRING, B_ASN1_PRINTABLESTRING,
+ /* tags 20-22 */
+ B_ASN1_T61STRING, B_ASN1_VIDEOTEXSTRING, B_ASN1_IA5STRING,
+ /* tags 23-24 */
+ B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,
+ /* tags 25-27 */
+ B_ASN1_GRAPHICSTRING, B_ASN1_ISO64STRING, B_ASN1_GENERALSTRING,
+ /* tags 28-31 */
+ B_ASN1_UNIVERSALSTRING, B_ASN1_UNKNOWN, B_ASN1_BMPSTRING, B_ASN1_UNKNOWN,
+};
+
+unsigned long ASN1_tag2bit(int tag)
+{
+ if ((tag < 0) || (tag > 30))
+ return 0;
+ return tag2bit[tag];
+}
+
+/* Macro to initialize and invalidate the cache */
+
+#define asn1_tlc_clear(c) if (c) (c)->valid = 0
+
+/*
+ * Decode an ASN1 item, this currently behaves just like a standard 'd2i'
+ * function. 'in' points to a buffer to read the data from, in future we
+ * will have more advanced versions that can input data a piece at a time and
+ * this will simply be a special case.
+ */
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
+ const unsigned char **in, long len,
+ const ASN1_ITEM *it)
+{
+ ASN1_TLC c;
+ ASN1_VALUE *ptmpval = NULL;
+ if (!pval)
+ pval = &ptmpval;
+ c.valid = 0;
+ if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+ return *pval;
+ return NULL;
+}
+
+int ASN1_template_d2i(ASN1_VALUE **pval,
+ const unsigned char **in, long len,
+ const ASN1_TEMPLATE *tt)
+{
+ ASN1_TLC c;
+ c.valid = 0;
+ return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+}
+
+/*
+ * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
+ * tag mismatch return -1 to handle OPTIONAL
+ */
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ const ASN1_ITEM *it,
+ int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+ const ASN1_TEMPLATE *tt, *errtt = NULL;
+ const ASN1_COMPAT_FUNCS *cf;
+ const ASN1_EXTERN_FUNCS *ef;
+ const ASN1_AUX *aux = it->funcs;
+ ASN1_aux_cb *asn1_cb;
+ const unsigned char *p = NULL, *q;
+ unsigned char *wp = NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */
+ unsigned char imphack = 0, oclass;
+ char seq_eoc, seq_nolen, cst, isopt;
+ long tmplen;
+ int i;
+ int otag;
+ int ret = 0;
+ ASN1_VALUE **pchptr, *ptmpval;
+ if (!pval)
+ return 0;
+ if (aux && aux->asn1_cb)
+ asn1_cb = aux->asn1_cb;
+ else
+ asn1_cb = 0;
+
+ switch (it->itype) {
+ case ASN1_ITYPE_PRIMITIVE:
+ if (it->templates) {
+ /*
+ * tagging or OPTIONAL is currently illegal on an item template
+ * because the flags can't get passed down. In practice this
+ * isn't a problem: we include the relevant flags from the item
+ * template in the template itself.
+ */
+ if ((tag != -1) || opt) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+ goto err;
+ }
+ return asn1_template_ex_d2i(pval, in, len,
+ it->templates, opt, ctx);
+ }
+ return asn1_d2i_ex_primitive(pval, in, len, it,
+ tag, aclass, opt, ctx);
+ break;
+
+ case ASN1_ITYPE_MSTRING:
+ p = *in;
+ /* Just read in tag and class */
+ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+ &p, len, -1, 0, 1, ctx);
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+
+ /* Must be UNIVERSAL class */
+ if (oclass != V_ASN1_UNIVERSAL) {
+ /* If OPTIONAL, assume this is OK */
+ if (opt)
+ return -1;
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+ goto err;
+ }
+ /* Check tag matches bit map */
+ if (!(ASN1_tag2bit(otag) & it->utype)) {
+ /* If OPTIONAL, assume this is OK */
+ if (opt)
+ return -1;
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG);
+ goto err;
+ }
+ return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
+
+ case ASN1_ITYPE_EXTERN:
+ /* Use new style d2i */
+ ef = it->funcs;
+ return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
+
+ case ASN1_ITYPE_COMPAT:
+ /* we must resort to old style evil hackery */
+ cf = it->funcs;
+
+ /* If OPTIONAL see if it is there */
+ if (opt) {
+ int exptag;
+ p = *in;
+ if (tag == -1)
+ exptag = it->utype;
+ else
+ exptag = tag;
+ /*
+ * Don't care about anything other than presence of expected tag
+ */
+
+ ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
+ &p, len, exptag, aclass, 1, ctx);
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ if (ret == -1)
+ return -1;
+ }
+
+ /*
+ * This is the old style evil hack IMPLICIT handling: since the
+ * underlying code is expecting a tag and class other than the one
+ * present we change the buffer temporarily then change it back
+ * afterwards. This doesn't and never did work for tags > 30. Yes
+ * this is *horrible* but it is only needed for old style d2i which
+ * will hopefully not be around for much longer. FIXME: should copy
+ * the buffer then modify it so the input buffer can be const: we
+ * should *always* copy because the old style d2i might modify the
+ * buffer.
+ */
+
+ if (tag != -1) {
+ wp = *(unsigned char **)in;
+ imphack = *wp;
+ if (p == NULL) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
+ | it->utype);
+ }
+
+ ptmpval = cf->asn1_d2i(pval, in, len);
+
+ if (tag != -1)
+ *wp = imphack;
+
+ if (ptmpval)
+ return 1;
+
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+
+ case ASN1_ITYPE_CHOICE:
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+ goto auxerr;
+ if (*pval) {
+ /* Free up and zero CHOICE value if initialised */
+ i = asn1_get_choice_selector(pval, it);
+ if ((i >= 0) && (i < it->tcount)) {
+ tt = it->templates + i;
+ pchptr = asn1_get_field_ptr(pval, tt);
+ ASN1_template_free(pchptr, tt);
+ asn1_set_choice_selector(pval, -1, it);
+ }
+ } else if (!ASN1_item_ex_new(pval, it)) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ /* CHOICE type, try each possibility in turn */
+ p = *in;
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+ pchptr = asn1_get_field_ptr(pval, tt);
+ /*
+ * We mark field as OPTIONAL so its absence can be recognised.
+ */
+ ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+ /* If field not present, try the next one */
+ if (ret == -1)
+ continue;
+ /* If positive return, read OK, break loop */
+ if (ret > 0)
+ break;
+ /* Otherwise must be an ASN1 parsing error */
+ errtt = tt;
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+
+ /* Did we fall off the end without reading anything? */
+ if (i == it->tcount) {
+ /* If OPTIONAL, this is OK */
+ if (opt) {
+ /* Free and zero it */
+ ASN1_item_ex_free(pval, it);
+ return -1;
+ }
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+ goto err;
+ }
+
+ asn1_set_choice_selector(pval, i, it);
+ *in = p;
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+ goto auxerr;
+ return 1;
+
+ case ASN1_ITYPE_NDEF_SEQUENCE:
+ case ASN1_ITYPE_SEQUENCE:
+ p = *in;
+ tmplen = len;
+
+ /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+ if (tag == -1) {
+ tag = V_ASN1_SEQUENCE;
+ aclass = V_ASN1_UNIVERSAL;
+ }
+ /* Get SEQUENCE length and update len, p */
+ ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
+ &p, len, tag, aclass, opt, ctx);
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ } else if (ret == -1)
+ return -1;
+ if (aux && (aux->flags & ASN1_AFLG_BROKEN)) {
+ len = tmplen - (p - *in);
+ seq_nolen = 1;
+ }
+ /* If indefinite we don't do a length check */
+ else
+ seq_nolen = seq_eoc;
+ if (!cst) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+ goto err;
+ }
+
+ if (!*pval && !ASN1_item_ex_new(pval, it)) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+ goto auxerr;
+
+ /* Free up and zero any ADB found */
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+ if (tt->flags & ASN1_TFLG_ADB_MASK) {
+ const ASN1_TEMPLATE *seqtt;
+ ASN1_VALUE **pseqval;
+ seqtt = asn1_do_adb(pval, tt, 1);
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ ASN1_template_free(pseqval, seqtt);
+ }
+ }
+
+ /* Get each field entry */
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+ const ASN1_TEMPLATE *seqtt;
+ ASN1_VALUE **pseqval;
+ seqtt = asn1_do_adb(pval, tt, 1);
+ if (!seqtt)
+ goto err;
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ /* Have we ran out of data? */
+ if (!len)
+ break;
+ q = p;
+ if (asn1_check_eoc(&p, len)) {
+ if (!seq_eoc) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC);
+ goto err;
+ }
+ len -= p - q;
+ seq_eoc = 0;
+ q = p;
+ break;
+ }
+ /*
+ * This determines the OPTIONAL flag value. The field cannot be
+ * omitted if it is the last of a SEQUENCE and there is still
+ * data to be read. This isn't strictly necessary but it
+ * increases efficiency in some cases.
+ */
+ if (i == (it->tcount - 1))
+ isopt = 0;
+ else
+ isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+ /*
+ * attempt to read in field, allowing each to be OPTIONAL
+ */
+
+ ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
+ if (!ret) {
+ errtt = seqtt;
+ goto err;
+ } else if (ret == -1) {
+ /*
+ * OPTIONAL component absent. Free and zero the field.
+ */
+ ASN1_template_free(pseqval, seqtt);
+ continue;
+ }
+ /* Update length */
+ len -= p - q;
+ }
+
+ /* Check for EOC if expecting one */
+ if (seq_eoc && !asn1_check_eoc(&p, len)) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
+ goto err;
+ }
+ /* Check all data read */
+ if (!seq_nolen && len) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ /*
+ * If we get here we've got no more data in the SEQUENCE, however we
+ * may not have read all fields so check all remaining are OPTIONAL
+ * and clear any that are.
+ */
+ for (; i < it->tcount; tt++, i++) {
+ const ASN1_TEMPLATE *seqtt;
+ seqtt = asn1_do_adb(pval, tt, 1);
+ if (!seqtt)
+ goto err;
+ if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
+ ASN1_VALUE **pseqval;
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ ASN1_template_free(pseqval, seqtt);
+ } else {
+ errtt = seqtt;
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
+ goto err;
+ }
+ }
+ /* Save encoding */
+ if (!asn1_enc_save(pval, *in, p - *in, it))
+ goto auxerr;
+ *in = p;
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+ goto auxerr;
+ return 1;
+
+ default:
+ return 0;
+ }
+ auxerr:
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+ err:
+ ASN1_item_ex_free(pval, it);
+ if (errtt)
+ ERR_add_error_data(4, "Field=", errtt->field_name,
+ ", Type=", it->sname);
+ else
+ ERR_add_error_data(2, "Type=", it->sname);
+ return 0;
+}
+
+/*
+ * Templates are handled with two separate functions. One handles any
+ * EXPLICIT tag and the other handles the rest.
+ */
+
+static int asn1_template_ex_d2i(ASN1_VALUE **val,
+ const unsigned char **in, long inlen,
+ const ASN1_TEMPLATE *tt, char opt,
+ ASN1_TLC *ctx)
+{
+ int flags, aclass;
+ int ret;
+ long len;
+ const unsigned char *p, *q;
+ char exp_eoc;
+ if (!val)
+ return 0;
+ flags = tt->flags;
+ aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+ p = *in;
+
+ /* Check if EXPLICIT tag expected */
+ if (flags & ASN1_TFLG_EXPTAG) {
+ char cst;
+ /*
+ * Need to work out amount of data available to the inner content and
+ * where it starts: so read in EXPLICIT header to get the info.
+ */
+ ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
+ &p, inlen, tt->tag, aclass, opt, ctx);
+ q = p;
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ } else if (ret == -1)
+ return -1;
+ if (!cst) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+ ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+ return 0;
+ }
+ /* We've found the field so it can't be OPTIONAL now */
+ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+ /* We read the field in OK so update length */
+ len -= p - q;
+ if (exp_eoc) {
+ /* If NDEF we must have an EOC here */
+ if (!asn1_check_eoc(&p, len)) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_MISSING_EOC);
+ goto err;
+ }
+ } else {
+ /*
+ * Otherwise we must hit the EXPLICIT tag end or its an error
+ */
+ if (len) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+ ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+ goto err;
+ }
+ }
+ } else
+ return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
+
+ *in = p;
+ return 1;
+
+ err:
+ ASN1_template_free(val, tt);
+ return 0;
+}
+
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+ const unsigned char **in, long len,
+ const ASN1_TEMPLATE *tt, char opt,
+ ASN1_TLC *ctx)
+{
+ int flags, aclass;
+ int ret;
+ const unsigned char *p, *q;
+ if (!val)
+ return 0;
+ flags = tt->flags;
+ aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+ p = *in;
+ q = p;
+
+ if (flags & ASN1_TFLG_SK_MASK) {
+ /* SET OF, SEQUENCE OF */
+ int sktag, skaclass;
+ char sk_eoc;
+ /* First work out expected inner tag value */
+ if (flags & ASN1_TFLG_IMPTAG) {
+ sktag = tt->tag;
+ skaclass = aclass;
+ } else {
+ skaclass = V_ASN1_UNIVERSAL;
+ if (flags & ASN1_TFLG_SET_OF)
+ sktag = V_ASN1_SET;
+ else
+ sktag = V_ASN1_SEQUENCE;
+ }
+ /* Get the tag */
+ ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
+ &p, len, sktag, skaclass, opt, ctx);
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ } else if (ret == -1)
+ return -1;
+ if (!*val)
+ *val = (ASN1_VALUE *)sk_new_null();
+ else {
+ /*
+ * We've got a valid STACK: free up any items present
+ */
+ STACK *sktmp = (STACK *) * val;
+ ASN1_VALUE *vtmp;
+ while (sk_num(sktmp) > 0) {
+ vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+ ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
+ }
+ }
+
+ if (!*val) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Read as many items as we can */
+ while (len > 0) {
+ ASN1_VALUE *skfield;
+ q = p;
+ /* See if EOC found */
+ if (asn1_check_eoc(&p, len)) {
+ if (!sk_eoc) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+ ASN1_R_UNEXPECTED_EOC);
+ goto err;
+ }
+ len -= p - q;
+ sk_eoc = 0;
+ break;
+ }
+ skfield = NULL;
+ if (!ASN1_item_ex_d2i(&skfield, &p, len,
+ ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+ len -= p - q;
+ if (!sk_push((STACK *) * val, (char *)skfield)) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ if (sk_eoc) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
+ goto err;
+ }
+ } else if (flags & ASN1_TFLG_IMPTAG) {
+ /* IMPLICIT tagging */
+ ret = ASN1_item_ex_d2i(val, &p, len,
+ ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
+ ctx);
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ } else if (ret == -1)
+ return -1;
+ } else {
+ /* Nothing special */
+ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+ -1, 0, opt, ctx);
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ } else if (ret == -1)
+ return -1;
+ }
+
+ *in = p;
+ return 1;
+
+ err:
+ ASN1_template_free(val, tt);
+ return 0;
+}
+
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+ const unsigned char **in, long inlen,
+ const ASN1_ITEM *it,
+ int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+ int ret = 0, utype;
+ long plen;
+ char cst, inf, free_cont = 0;
+ const unsigned char *p;
+ BUF_MEM buf;
+ const unsigned char *cont = NULL;
+ long len;
+ if (!pval) {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+ return 0; /* Should never happen */
+ }
+
+ if (it->itype == ASN1_ITYPE_MSTRING) {
+ utype = tag;
+ tag = -1;
+ } else
+ utype = it->utype;
+
+ if (utype == V_ASN1_ANY) {
+ /* If type is ANY need to figure out type from tag */
+ unsigned char oclass;
+ if (tag >= 0) {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
+ return 0;
+ }
+ if (opt) {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+ ASN1_R_ILLEGAL_OPTIONAL_ANY);
+ return 0;
+ }
+ p = *in;
+ ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
+ &p, inlen, -1, 0, 0, ctx);
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+ if (oclass != V_ASN1_UNIVERSAL)
+ utype = V_ASN1_OTHER;
+ }
+ if (tag == -1) {
+ tag = utype;
+ aclass = V_ASN1_UNIVERSAL;
+ }
+ p = *in;
+ /* Check header */
+ ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
+ &p, inlen, tag, aclass, opt, ctx);
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ } else if (ret == -1)
+ return -1;
+ ret = 0;
+ /* SEQUENCE, SET and "OTHER" are left in encoded form */
+ if ((utype == V_ASN1_SEQUENCE)
+ || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+ /*
+ * Clear context cache for type OTHER because the auto clear when we
+ * have a exact match wont work
+ */
+ if (utype == V_ASN1_OTHER) {
+ asn1_tlc_clear(ctx);
+ }
+ /* SEQUENCE and SET must be constructed */
+ else if (!cst) {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+ ASN1_R_TYPE_NOT_CONSTRUCTED);
+ return 0;
+ }
+
+ cont = *in;
+ /* If indefinite length constructed find the real end */
+ if (inf) {
+ if (!asn1_find_end(&p, plen, inf))
+ goto err;
+ len = p - cont;
+ } else {
+ len = p - cont + plen;
+ p += plen;
+ buf.data = NULL;
+ }
+ } else if (cst) {
+ if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+ || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+ || utype == V_ASN1_ENUMERATED) {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
+ return 0;
+ }
+ buf.length = 0;
+ buf.max = 0;
+ buf.data = NULL;
+ /*
+ * Should really check the internal tags are correct but some things
+ * may get this wrong. The relevant specs say that constructed string
+ * types should be OCTET STRINGs internally irrespective of the type.
+ * So instead just check for UNIVERSAL class and ignore the tag.
+ */
+ if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
+ free_cont = 1;
+ goto err;
+ }
+ len = buf.length;
+ /* Append a final null to string */
+ if (!BUF_MEM_grow_clean(&buf, len + 1)) {
+ ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ buf.data[len] = 0;
+ cont = (const unsigned char *)buf.data;
+ free_cont = 1;
+ } else {
+ cont = p;
+ len = plen;
+ p += plen;
+ }
+
+ /* We now have content length and type: translate into a structure */
+ if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
+ goto err;
+
+ *in = p;
+ ret = 1;
+ err:
+ if (free_cont && buf.data)
+ OPENSSL_free(buf.data);
+ return ret;
+}
+
+/* Translate ASN1 content octets into a structure */
+
+int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it)
+{
+ ASN1_VALUE **opval = NULL;
+ ASN1_STRING *stmp;
+ ASN1_TYPE *typ = NULL;
+ int ret = 0;
+ const ASN1_PRIMITIVE_FUNCS *pf;
+ ASN1_INTEGER **tint;
+ pf = it->funcs;
+
+ if (pf && pf->prim_c2i)
+ return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+ /* If ANY type clear type and set pointer to internal value */
+ if (it->utype == V_ASN1_ANY) {
+ if (!*pval) {
+ typ = ASN1_TYPE_new();
+ if (typ == NULL)
+ goto err;
+ *pval = (ASN1_VALUE *)typ;
+ } else
+ typ = (ASN1_TYPE *)*pval;
+
+ if (utype != typ->type)
+ ASN1_TYPE_set(typ, utype, NULL);
+ opval = pval;
+ pval = &typ->value.asn1_value;
+ }
+ switch (utype) {
+ case V_ASN1_OBJECT:
+ if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
+ goto err;
+ break;
+
+ case V_ASN1_NULL:
+ if (len) {
+ ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_NULL_IS_WRONG_LENGTH);
+ goto err;
+ }
+ *pval = (ASN1_VALUE *)1;
+ break;
+
+ case V_ASN1_BOOLEAN:
+ if (len != 1) {
+ ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+ goto err;
+ } else {
+ ASN1_BOOLEAN *tbool;
+ tbool = (ASN1_BOOLEAN *)pval;
+ *tbool = *cont;
+ }
+ break;
+
+ case V_ASN1_BIT_STRING:
+ if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
+ goto err;
+ break;
+
+ case V_ASN1_INTEGER:
+ case V_ASN1_NEG_INTEGER:
+ case V_ASN1_ENUMERATED:
+ case V_ASN1_NEG_ENUMERATED:
+ tint = (ASN1_INTEGER **)pval;
+ if (!c2i_ASN1_INTEGER(tint, &cont, len))
+ goto err;
+ /* Fixup type to match the expected form */
+ (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+ break;
+
+ case V_ASN1_OCTET_STRING:
+ case V_ASN1_NUMERICSTRING:
+ case V_ASN1_PRINTABLESTRING:
+ case V_ASN1_T61STRING:
+ case V_ASN1_VIDEOTEXSTRING:
+ case V_ASN1_IA5STRING:
+ case V_ASN1_UTCTIME:
+ case V_ASN1_GENERALIZEDTIME:
+ case V_ASN1_GRAPHICSTRING:
+ case V_ASN1_VISIBLESTRING:
+ case V_ASN1_GENERALSTRING:
+ case V_ASN1_UNIVERSALSTRING:
+ case V_ASN1_BMPSTRING:
+ case V_ASN1_UTF8STRING:
+ case V_ASN1_OTHER:
+ case V_ASN1_SET:
+ case V_ASN1_SEQUENCE:
+ default:
+ if (utype == V_ASN1_BMPSTRING && (len & 1)) {
+ ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+ goto err;
+ }
+ if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) {
+ ASN1err(ASN1_F_ASN1_EX_C2I,
+ ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+ goto err;
+ }
+ /* All based on ASN1_STRING and handled the same */
+ if (!*pval) {
+ stmp = ASN1_STRING_type_new(utype);
+ if (!stmp) {
+ ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ *pval = (ASN1_VALUE *)stmp;
+ } else {
+ stmp = (ASN1_STRING *)*pval;
+ stmp->type = utype;
+ }
+ /* If we've already allocated a buffer use it */
+ if (*free_cont) {
+ if (stmp->data)
+ OPENSSL_free(stmp->data);
+ stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
+ stmp->length = len;
+ *free_cont = 0;
+ } else {
+ if (!ASN1_STRING_set(stmp, cont, len)) {
+ ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
+ ASN1_STRING_free(stmp);
+ *pval = NULL;
+ goto err;
+ }
+ }
+ break;
+ }
+ /* If ASN1_ANY and NULL type fix up value */
+ if (typ && (utype == V_ASN1_NULL))
+ typ->value.ptr = NULL;
+
+ ret = 1;
+ err:
+ if (!ret) {
+ ASN1_TYPE_free(typ);
+ if (opval)
+ *opval = NULL;
+ }
+ return ret;
+}
+
+/*
+ * This function finds the end of an ASN1 structure when passed its maximum
+ * length, whether it is indefinite length and a pointer to the content. This
+ * is more efficient than calling asn1_collect because it does not recurse on
+ * each indefinite length header.
+ */
+
+static int asn1_find_end(const unsigned char **in, long len, char inf)
+{
+ int expected_eoc;
+ long plen;
+ const unsigned char *p = *in, *q;
+ /* If not indefinite length constructed just add length */
+ if (inf == 0) {
+ *in += len;
+ return 1;
+ }
+ expected_eoc = 1;
+ /*
+ * Indefinite length constructed form. Find the end when enough EOCs are
+ * found. If more indefinite length constructed headers are encountered
+ * increment the expected eoc count otherwise just skip to the end of the
+ * data.
+ */
+ while (len > 0) {
+ if (asn1_check_eoc(&p, len)) {
+ expected_eoc--;
+ if (expected_eoc == 0)
+ break;
+ len -= 2;
+ continue;
+ }
+ q = p;
+ /* Just read in a header: only care about the length */
+ if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
+ -1, 0, 0, NULL)) {
+ ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+ if (inf)
+ expected_eoc++;
+ else
+ p += plen;
+ len -= p - q;
+ }
+ if (expected_eoc) {
+ ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
+ return 0;
+ }
+ *in = p;
+ return 1;
+}
+
+/*
+ * This function collects the asn1 data from a constructred string type into
+ * a buffer. The values of 'in' and 'len' should refer to the contents of the
+ * constructed type and 'inf' should be set if it is indefinite length.
+ */
+
+#ifndef ASN1_MAX_STRING_NEST
+/*
+ * This determines how many levels of recursion are permitted in ASN1 string
+ * types. If it is not limited stack overflows can occur. If set to zero no
+ * recursion is allowed at all. Although zero should be adequate examples
+ * exist that require a value of 1. So 5 should be more than enough.
+ */
+# define ASN1_MAX_STRING_NEST 5
+#endif
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+ char inf, int tag, int aclass, int depth)
+{
+ const unsigned char *p, *q;
+ long plen;
+ char cst, ininf;
+ p = *in;
+ inf &= 1;
+ /*
+ * If no buffer and not indefinite length constructed just pass over the
+ * encoded data
+ */
+ if (!buf && !inf) {
+ *in += len;
+ return 1;
+ }
+ while (len > 0) {
+ q = p;
+ /* Check for EOC */
+ if (asn1_check_eoc(&p, len)) {
+ /*
+ * EOC is illegal outside indefinite length constructed form
+ */
+ if (!inf) {
+ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
+ return 0;
+ }
+ inf = 0;
+ break;
+ }
+
+ if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
+ len, tag, aclass, 0, NULL)) {
+ ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+ }
+
+ /* If indefinite length constructed update max length */
+ if (cst) {
+ if (depth >= ASN1_MAX_STRING_NEST) {
+ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
+ return 0;
+ }
+ if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1))
+ return 0;
+ } else if (plen && !collect_data(buf, &p, plen))
+ return 0;
+ len -= p - q;
+ }
+ if (inf) {
+ ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+ return 0;
+ }
+ *in = p;
+ return 1;
+}
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
+{
+ int len;
+ if (buf) {
+ len = buf->length;
+ if (!BUF_MEM_grow_clean(buf, len + plen)) {
+ ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ memcpy(buf->data + len, *p, plen);
+ }
+ *p += plen;
+ return 1;
+}
+
+/* Check for ASN1 EOC and swallow it if found */
+
+static int asn1_check_eoc(const unsigned char **in, long len)
+{
+ const unsigned char *p;
+ if (len < 2)
+ return 0;
+ p = *in;
+ if (!p[0] && !p[1]) {
+ *in += 2;
+ return 1;
+ }
+ return 0;
+}
+
+/*
+ * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the
+ * length for indefinite length constructed form, we don't know the exact
+ * length but we can set an upper bound to the amount of data available minus
+ * the header length just read.
+ */
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+ char *inf, char *cst,
+ const unsigned char **in, long len,
+ int exptag, int expclass, char opt, ASN1_TLC *ctx)
+{
+ int i;
+ int ptag, pclass;
+ long plen;
+ const unsigned char *p, *q;
+ p = *in;
+ q = p;
+
+ if (ctx && ctx->valid) {
+ i = ctx->ret;
+ plen = ctx->plen;
+ pclass = ctx->pclass;
+ ptag = ctx->ptag;
+ p += ctx->hdrlen;
+ } else {
+ i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+ if (ctx) {
+ ctx->ret = i;
+ ctx->plen = plen;
+ ctx->pclass = pclass;
+ ctx->ptag = ptag;
+ ctx->hdrlen = p - q;
+ ctx->valid = 1;
+ /*
+ * If definite length, and no error, length + header can't exceed
+ * total amount of data available.
+ */
+ if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
+ ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
+ asn1_tlc_clear(ctx);
+ return 0;
+ }
+ }
+ }
+
+ if (i & 0x80) {
+ ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+ asn1_tlc_clear(ctx);
+ return 0;
+ }
+ if (exptag >= 0) {
+ if ((exptag != ptag) || (expclass != pclass)) {
+ /*
+ * If type is OPTIONAL, not an error: indicate missing type.
+ */
+ if (opt)
+ return -1;
+ asn1_tlc_clear(ctx);
+ ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+ return 0;
+ }
+ /*
+ * We have a tag and class match: assume we are going to do something
+ * with it
+ */
+ asn1_tlc_clear(ctx);
+ }
+
+ if (i & 1)
+ plen = len - (p - q);
+
+ if (inf)
+ *inf = i & 1;
+
+ if (cst)
+ *cst = i & V_ASN1_CONSTRUCTED;
+
+ if (olen)
+ *olen = plen;
+
+ if (oclass)
+ *oclass = pclass;
+
+ if (otag)
+ *otag = ptag;
+
+ *in = p;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,695 +0,0 @@
-/* tasn_enc.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
- const ASN1_ITEM *it,
- int tag, int aclass);
-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
- int skcontlen, const ASN1_ITEM *item,
- int do_sort, int iclass);
-static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
- const ASN1_TEMPLATE *tt,
- int tag, int aclass);
-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
- const ASN1_ITEM *it, int flags);
-
-/* Top level i2d equivalents: the 'ndef' variant instructs the encoder
- * to use indefinite length constructed encoding, where appropriate
- */
-
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
- const ASN1_ITEM *it)
- {
- return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
- }
-
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
- {
- return asn1_item_flags_i2d(val, out, it, 0);
- }
-
-/* Encode an ASN1 item, this is use by the
- * standard 'i2d' function. 'out' points to
- * a buffer to output the data to.
- *
- * The new i2d has one additional feature. If the output
- * buffer is NULL (i.e. *out == NULL) then a buffer is
- * allocated and populated with the encoding.
- */
-
-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
- const ASN1_ITEM *it, int flags)
- {
- if (out && !*out)
- {
- unsigned char *p, *buf;
- int len;
- len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
- if (len <= 0)
- return len;
- buf = OPENSSL_malloc(len);
- if (!buf)
- return -1;
- p = buf;
- ASN1_item_ex_i2d(&val, &p, it, -1, flags);
- *out = buf;
- return len;
- }
-
- return ASN1_item_ex_i2d(&val, out, it, -1, flags);
- }
-
-/* Encode an item, taking care of IMPLICIT tagging (if any).
- * This function performs the normal item handling: it can be
- * used in external types.
- */
-
-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
- const ASN1_ITEM *it, int tag, int aclass)
- {
- const ASN1_TEMPLATE *tt = NULL;
- unsigned char *p = NULL;
- int i, seqcontlen, seqlen, ndef = 1;
- const ASN1_COMPAT_FUNCS *cf;
- const ASN1_EXTERN_FUNCS *ef;
- const ASN1_AUX *aux = it->funcs;
- ASN1_aux_cb *asn1_cb = 0;
-
- if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
- return 0;
-
- if (aux && aux->asn1_cb)
- asn1_cb = aux->asn1_cb;
-
- switch(it->itype)
- {
-
- case ASN1_ITYPE_PRIMITIVE:
- if (it->templates)
- return asn1_template_ex_i2d(pval, out, it->templates,
- tag, aclass);
- return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
- break;
-
- case ASN1_ITYPE_MSTRING:
- return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
-
- case ASN1_ITYPE_CHOICE:
- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
- return 0;
- i = asn1_get_choice_selector(pval, it);
- if ((i >= 0) && (i < it->tcount))
- {
- ASN1_VALUE **pchval;
- const ASN1_TEMPLATE *chtt;
- chtt = it->templates + i;
- pchval = asn1_get_field_ptr(pval, chtt);
- return asn1_template_ex_i2d(pchval, out, chtt,
- -1, aclass);
- }
- /* Fixme: error condition if selector out of range */
- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
- return 0;
- break;
-
- case ASN1_ITYPE_EXTERN:
- /* If new style i2d it does all the work */
- ef = it->funcs;
- return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
-
- case ASN1_ITYPE_COMPAT:
- /* old style hackery... */
- cf = it->funcs;
- if (out)
- p = *out;
- i = cf->asn1_i2d(*pval, out);
- /* Fixup for IMPLICIT tag: note this messes up for tags > 30,
- * but so did the old code. Tags > 30 are very rare anyway.
- */
- if (out && (tag != -1))
- *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
- return i;
-
- case ASN1_ITYPE_NDEF_SEQUENCE:
- /* Use indefinite length constructed if requested */
- if (aclass & ASN1_TFLG_NDEF) ndef = 2;
- /* fall through */
-
- case ASN1_ITYPE_SEQUENCE:
- i = asn1_enc_restore(&seqcontlen, out, pval, it);
- /* An error occurred */
- if (i < 0)
- return 0;
- /* We have a valid cached encoding... */
- if (i > 0)
- return seqcontlen;
- /* Otherwise carry on */
- seqcontlen = 0;
- /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
- if (tag == -1)
- {
- tag = V_ASN1_SEQUENCE;
- /* Retain any other flags in aclass */
- aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
- | V_ASN1_UNIVERSAL;
- }
- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
- return 0;
- /* First work out sequence content length */
- for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
- {
- const ASN1_TEMPLATE *seqtt;
- ASN1_VALUE **pseqval;
- seqtt = asn1_do_adb(pval, tt, 1);
- if (!seqtt)
- return 0;
- pseqval = asn1_get_field_ptr(pval, seqtt);
- /* FIXME: check for errors in enhanced version */
- seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
- -1, aclass);
- }
-
- seqlen = ASN1_object_size(ndef, seqcontlen, tag);
- if (!out)
- return seqlen;
- /* Output SEQUENCE header */
- ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
- for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
- {
- const ASN1_TEMPLATE *seqtt;
- ASN1_VALUE **pseqval;
- seqtt = asn1_do_adb(pval, tt, 1);
- if (!seqtt)
- return 0;
- pseqval = asn1_get_field_ptr(pval, seqtt);
- /* FIXME: check for errors in enhanced version */
- asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
- }
- if (ndef == 2)
- ASN1_put_eoc(out);
- if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
- return 0;
- return seqlen;
-
- default:
- return 0;
-
- }
- return 0;
- }
-
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
- const ASN1_TEMPLATE *tt)
- {
- return asn1_template_ex_i2d(pval, out, tt, -1, 0);
- }
-
-static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
- const ASN1_TEMPLATE *tt, int tag, int iclass)
- {
- int i, ret, flags, ttag, tclass, ndef;
- flags = tt->flags;
- /* Work out tag and class to use: tagging may come
- * either from the template or the arguments, not both
- * because this would create ambiguity. Additionally
- * the iclass argument may contain some additional flags
- * which should be noted and passed down to other levels.
- */
- if (flags & ASN1_TFLG_TAG_MASK)
- {
- /* Error if argument and template tagging */
- if (tag != -1)
- /* FIXME: error code here */
- return -1;
- /* Get tagging from template */
- ttag = tt->tag;
- tclass = flags & ASN1_TFLG_TAG_CLASS;
- }
- else if (tag != -1)
- {
- /* No template tagging, get from arguments */
- ttag = tag;
- tclass = iclass & ASN1_TFLG_TAG_CLASS;
- }
- else
- {
- ttag = -1;
- tclass = 0;
- }
- /*
- * Remove any class mask from iflag.
- */
- iclass &= ~ASN1_TFLG_TAG_CLASS;
-
- /* At this point 'ttag' contains the outer tag to use,
- * 'tclass' is the class and iclass is any flags passed
- * to this function.
- */
-
- /* if template and arguments require ndef, use it */
- if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
- ndef = 2;
- else ndef = 1;
-
- if (flags & ASN1_TFLG_SK_MASK)
- {
- /* SET OF, SEQUENCE OF */
- STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
- int isset, sktag, skaclass;
- int skcontlen, sklen;
- ASN1_VALUE *skitem;
-
- if (!*pval)
- return 0;
-
- if (flags & ASN1_TFLG_SET_OF)
- {
- isset = 1;
- /* 2 means we reorder */
- if (flags & ASN1_TFLG_SEQUENCE_OF)
- isset = 2;
- }
- else isset = 0;
-
- /* Work out inner tag value: if EXPLICIT
- * or no tagging use underlying type.
- */
- if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG))
- {
- sktag = ttag;
- skaclass = tclass;
- }
- else
- {
- skaclass = V_ASN1_UNIVERSAL;
- if (isset)
- sktag = V_ASN1_SET;
- else sktag = V_ASN1_SEQUENCE;
- }
-
- /* Determine total length of items */
- skcontlen = 0;
- for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
- {
- skitem = sk_ASN1_VALUE_value(sk, i);
- skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
- ASN1_ITEM_ptr(tt->item),
- -1, iclass);
- }
- sklen = ASN1_object_size(ndef, skcontlen, sktag);
- /* If EXPLICIT need length of surrounding tag */
- if (flags & ASN1_TFLG_EXPTAG)
- ret = ASN1_object_size(ndef, sklen, ttag);
- else ret = sklen;
-
- if (!out)
- return ret;
-
- /* Now encode this lot... */
- /* EXPLICIT tag */
- if (flags & ASN1_TFLG_EXPTAG)
- ASN1_put_object(out, ndef, sklen, ttag, tclass);
- /* SET or SEQUENCE and IMPLICIT tag */
- ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
- /* And the stuff itself */
- asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
- isset, iclass);
- if (ndef == 2)
- {
- ASN1_put_eoc(out);
- if (flags & ASN1_TFLG_EXPTAG)
- ASN1_put_eoc(out);
- }
-
- return ret;
- }
-
- if (flags & ASN1_TFLG_EXPTAG)
- {
- /* EXPLICIT tagging */
- /* Find length of tagged item */
- i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item),
- -1, iclass);
- if (!i)
- return 0;
- /* Find length of EXPLICIT tag */
- ret = ASN1_object_size(ndef, i, ttag);
- if (out)
- {
- /* Output tag and item */
- ASN1_put_object(out, ndef, i, ttag, tclass);
- ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
- -1, iclass);
- if (ndef == 2)
- ASN1_put_eoc(out);
- }
- return ret;
- }
-
- /* Either normal or IMPLICIT tagging: combine class and flags */
- return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
- ttag, tclass | iclass);
-
-}
-
-/* Temporary structure used to hold DER encoding of items for SET OF */
-
-typedef struct {
- unsigned char *data;
- int length;
- ASN1_VALUE *field;
-} DER_ENC;
-
-static int der_cmp(const void *a, const void *b)
- {
- const DER_ENC *d1 = a, *d2 = b;
- int cmplen, i;
- cmplen = (d1->length < d2->length) ? d1->length : d2->length;
- i = memcmp(d1->data, d2->data, cmplen);
- if (i)
- return i;
- return d1->length - d2->length;
- }
-
-/* Output the content octets of SET OF or SEQUENCE OF */
-
-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
- int skcontlen, const ASN1_ITEM *item,
- int do_sort, int iclass)
- {
- int i;
- ASN1_VALUE *skitem;
- unsigned char *tmpdat = NULL, *p = NULL;
- DER_ENC *derlst = NULL, *tder;
- if (do_sort)
- {
- /* Don't need to sort less than 2 items */
- if (sk_ASN1_VALUE_num(sk) < 2)
- do_sort = 0;
- else
- {
- derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
- * sizeof(*derlst));
- if (!derlst)
- return 0;
- tmpdat = OPENSSL_malloc(skcontlen);
- if (!tmpdat)
- {
- OPENSSL_free(derlst);
- return 0;
- }
- }
- }
- /* If not sorting just output each item */
- if (!do_sort)
- {
- for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
- {
- skitem = sk_ASN1_VALUE_value(sk, i);
- ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
- }
- return 1;
- }
- p = tmpdat;
-
- /* Doing sort: build up a list of each member's DER encoding */
- for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
- {
- skitem = sk_ASN1_VALUE_value(sk, i);
- tder->data = p;
- tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
- tder->field = skitem;
- }
-
- /* Now sort them */
- qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
- /* Output sorted DER encoding */
- p = *out;
- for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
- {
- memcpy(p, tder->data, tder->length);
- p += tder->length;
- }
- *out = p;
- /* If do_sort is 2 then reorder the STACK */
- if (do_sort == 2)
- {
- for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk);
- i++, tder++)
- (void)sk_ASN1_VALUE_set(sk, i, tder->field);
- }
- OPENSSL_free(derlst);
- OPENSSL_free(tmpdat);
- return 1;
- }
-
-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
- const ASN1_ITEM *it, int tag, int aclass)
- {
- int len;
- int utype;
- int usetag;
- int ndef = 0;
-
- utype = it->utype;
-
- /* Get length of content octets and maybe find
- * out the underlying type.
- */
-
- len = asn1_ex_i2c(pval, NULL, &utype, it);
-
- /* If SEQUENCE, SET or OTHER then header is
- * included in pseudo content octets so don't
- * include tag+length. We need to check here
- * because the call to asn1_ex_i2c() could change
- * utype.
- */
- if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
- (utype == V_ASN1_OTHER))
- usetag = 0;
- else usetag = 1;
-
- /* -1 means omit type */
-
- if (len == -1)
- return 0;
-
- /* -2 return is special meaning use ndef */
- if (len == -2)
- {
- ndef = 2;
- len = 0;
- }
-
- /* If not implicitly tagged get tag from underlying type */
- if (tag == -1) tag = utype;
-
- /* Output tag+length followed by content octets */
- if (out)
- {
- if (usetag)
- ASN1_put_object(out, ndef, len, tag, aclass);
- asn1_ex_i2c(pval, *out, &utype, it);
- if (ndef)
- ASN1_put_eoc(out);
- else
- *out += len;
- }
-
- if (usetag)
- return ASN1_object_size(ndef, len, tag);
- return len;
- }
-
-/* Produce content octets from a structure */
-
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
- const ASN1_ITEM *it)
- {
- ASN1_BOOLEAN *tbool = NULL;
- ASN1_STRING *strtmp;
- ASN1_OBJECT *otmp;
- int utype;
- unsigned char *cont, c;
- int len;
- const ASN1_PRIMITIVE_FUNCS *pf;
- pf = it->funcs;
- if (pf && pf->prim_i2c)
- return pf->prim_i2c(pval, cout, putype, it);
-
- /* Should type be omitted? */
- if ((it->itype != ASN1_ITYPE_PRIMITIVE)
- || (it->utype != V_ASN1_BOOLEAN))
- {
- if (!*pval) return -1;
- }
-
- if (it->itype == ASN1_ITYPE_MSTRING)
- {
- /* If MSTRING type set the underlying type */
- strtmp = (ASN1_STRING *)*pval;
- utype = strtmp->type;
- *putype = utype;
- }
- else if (it->utype == V_ASN1_ANY)
- {
- /* If ANY set type and pointer to value */
- ASN1_TYPE *typ;
- typ = (ASN1_TYPE *)*pval;
- utype = typ->type;
- *putype = utype;
- pval = &typ->value.asn1_value;
- }
- else utype = *putype;
-
- switch(utype)
- {
- case V_ASN1_OBJECT:
- otmp = (ASN1_OBJECT *)*pval;
- cont = otmp->data;
- len = otmp->length;
- break;
-
- case V_ASN1_NULL:
- cont = NULL;
- len = 0;
- break;
-
- case V_ASN1_BOOLEAN:
- tbool = (ASN1_BOOLEAN *)pval;
- if (*tbool == -1)
- return -1;
- if (it->utype != V_ASN1_ANY)
- {
- /* Default handling if value == size field then omit */
- if (*tbool && (it->size > 0))
- return -1;
- if (!*tbool && !it->size)
- return -1;
- }
- c = (unsigned char)*tbool;
- cont = &c;
- len = 1;
- break;
-
- case V_ASN1_BIT_STRING:
- return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
- cout ? &cout : NULL);
- break;
-
- case V_ASN1_INTEGER:
- case V_ASN1_NEG_INTEGER:
- case V_ASN1_ENUMERATED:
- case V_ASN1_NEG_ENUMERATED:
- /* These are all have the same content format
- * as ASN1_INTEGER
- */
- return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval,
- cout ? &cout : NULL);
- break;
-
- case V_ASN1_OCTET_STRING:
- case V_ASN1_NUMERICSTRING:
- case V_ASN1_PRINTABLESTRING:
- case V_ASN1_T61STRING:
- case V_ASN1_VIDEOTEXSTRING:
- case V_ASN1_IA5STRING:
- case V_ASN1_UTCTIME:
- case V_ASN1_GENERALIZEDTIME:
- case V_ASN1_GRAPHICSTRING:
- case V_ASN1_VISIBLESTRING:
- case V_ASN1_GENERALSTRING:
- case V_ASN1_UNIVERSALSTRING:
- case V_ASN1_BMPSTRING:
- case V_ASN1_UTF8STRING:
- case V_ASN1_SEQUENCE:
- case V_ASN1_SET:
- default:
- /* All based on ASN1_STRING and handled the same */
- strtmp = (ASN1_STRING *)*pval;
- /* Special handling for NDEF */
- if ((it->size == ASN1_TFLG_NDEF)
- && (strtmp->flags & ASN1_STRING_FLAG_NDEF))
- {
- if (cout)
- {
- strtmp->data = cout;
- strtmp->length = 0;
- }
- /* Special return code */
- return -2;
- }
- cont = strtmp->data;
- len = strtmp->length;
-
- break;
-
- }
- if (cout && len)
- memcpy(cout, cont, len);
- return len;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/tasn_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,660 @@
+/* tasn_enc.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_ITEM *it, int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+ int skcontlen, const ASN1_ITEM *item,
+ int do_sort, int iclass);
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_TEMPLATE *tt, int tag, int aclass);
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+ const ASN1_ITEM *it, int flags);
+
+/*
+ * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use
+ * indefinite length constructed encoding, where appropriate
+ */
+
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+ const ASN1_ITEM *it)
+{
+ return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
+}
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+{
+ return asn1_item_flags_i2d(val, out, it, 0);
+}
+
+/*
+ * Encode an ASN1 item, this is use by the standard 'i2d' function. 'out'
+ * points to a buffer to output the data to. The new i2d has one additional
+ * feature. If the output buffer is NULL (i.e. *out == NULL) then a buffer is
+ * allocated and populated with the encoding.
+ */
+
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+ const ASN1_ITEM *it, int flags)
+{
+ if (out && !*out) {
+ unsigned char *p, *buf;
+ int len;
+ len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
+ if (len <= 0)
+ return len;
+ buf = OPENSSL_malloc(len);
+ if (!buf)
+ return -1;
+ p = buf;
+ ASN1_item_ex_i2d(&val, &p, it, -1, flags);
+ *out = buf;
+ return len;
+ }
+
+ return ASN1_item_ex_i2d(&val, out, it, -1, flags);
+}
+
+/*
+ * Encode an item, taking care of IMPLICIT tagging (if any). This function
+ * performs the normal item handling: it can be used in external types.
+ */
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_ITEM *it, int tag, int aclass)
+{
+ const ASN1_TEMPLATE *tt = NULL;
+ unsigned char *p = NULL;
+ int i, seqcontlen, seqlen, ndef = 1;
+ const ASN1_COMPAT_FUNCS *cf;
+ const ASN1_EXTERN_FUNCS *ef;
+ const ASN1_AUX *aux = it->funcs;
+ ASN1_aux_cb *asn1_cb = 0;
+
+ if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+ return 0;
+
+ if (aux && aux->asn1_cb)
+ asn1_cb = aux->asn1_cb;
+
+ switch (it->itype) {
+
+ case ASN1_ITYPE_PRIMITIVE:
+ if (it->templates)
+ return asn1_template_ex_i2d(pval, out, it->templates,
+ tag, aclass);
+ return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+ break;
+
+ case ASN1_ITYPE_MSTRING:
+ return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+ case ASN1_ITYPE_CHOICE:
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+ return 0;
+ i = asn1_get_choice_selector(pval, it);
+ if ((i >= 0) && (i < it->tcount)) {
+ ASN1_VALUE **pchval;
+ const ASN1_TEMPLATE *chtt;
+ chtt = it->templates + i;
+ pchval = asn1_get_field_ptr(pval, chtt);
+ return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass);
+ }
+ /* Fixme: error condition if selector out of range */
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+ return 0;
+ break;
+
+ case ASN1_ITYPE_EXTERN:
+ /* If new style i2d it does all the work */
+ ef = it->funcs;
+ return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+ case ASN1_ITYPE_COMPAT:
+ /* old style hackery... */
+ cf = it->funcs;
+ if (out)
+ p = *out;
+ i = cf->asn1_i2d(*pval, out);
+ /*
+ * Fixup for IMPLICIT tag: note this messes up for tags > 30, but so
+ * did the old code. Tags > 30 are very rare anyway.
+ */
+ if (out && (tag != -1))
+ *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
+ return i;
+
+ case ASN1_ITYPE_NDEF_SEQUENCE:
+ /* Use indefinite length constructed if requested */
+ if (aclass & ASN1_TFLG_NDEF)
+ ndef = 2;
+ /* fall through */
+
+ case ASN1_ITYPE_SEQUENCE:
+ i = asn1_enc_restore(&seqcontlen, out, pval, it);
+ /* An error occurred */
+ if (i < 0)
+ return 0;
+ /* We have a valid cached encoding... */
+ if (i > 0)
+ return seqcontlen;
+ /* Otherwise carry on */
+ seqcontlen = 0;
+ /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+ if (tag == -1) {
+ tag = V_ASN1_SEQUENCE;
+ /* Retain any other flags in aclass */
+ aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
+ | V_ASN1_UNIVERSAL;
+ }
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+ return 0;
+ /* First work out sequence content length */
+ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+ const ASN1_TEMPLATE *seqtt;
+ ASN1_VALUE **pseqval;
+ seqtt = asn1_do_adb(pval, tt, 1);
+ if (!seqtt)
+ return 0;
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ /* FIXME: check for errors in enhanced version */
+ seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
+ -1, aclass);
+ }
+
+ seqlen = ASN1_object_size(ndef, seqcontlen, tag);
+ if (!out)
+ return seqlen;
+ /* Output SEQUENCE header */
+ ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
+ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+ const ASN1_TEMPLATE *seqtt;
+ ASN1_VALUE **pseqval;
+ seqtt = asn1_do_adb(pval, tt, 1);
+ if (!seqtt)
+ return 0;
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ /* FIXME: check for errors in enhanced version */
+ asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
+ }
+ if (ndef == 2)
+ ASN1_put_eoc(out);
+ if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+ return 0;
+ return seqlen;
+
+ default:
+ return 0;
+
+ }
+ return 0;
+}
+
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_TEMPLATE *tt)
+{
+ return asn1_template_ex_i2d(pval, out, tt, -1, 0);
+}
+
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_TEMPLATE *tt, int tag, int iclass)
+{
+ int i, ret, flags, ttag, tclass, ndef;
+ flags = tt->flags;
+ /*
+ * Work out tag and class to use: tagging may come either from the
+ * template or the arguments, not both because this would create
+ * ambiguity. Additionally the iclass argument may contain some
+ * additional flags which should be noted and passed down to other
+ * levels.
+ */
+ if (flags & ASN1_TFLG_TAG_MASK) {
+ /* Error if argument and template tagging */
+ if (tag != -1)
+ /* FIXME: error code here */
+ return -1;
+ /* Get tagging from template */
+ ttag = tt->tag;
+ tclass = flags & ASN1_TFLG_TAG_CLASS;
+ } else if (tag != -1) {
+ /* No template tagging, get from arguments */
+ ttag = tag;
+ tclass = iclass & ASN1_TFLG_TAG_CLASS;
+ } else {
+ ttag = -1;
+ tclass = 0;
+ }
+ /*
+ * Remove any class mask from iflag.
+ */
+ iclass &= ~ASN1_TFLG_TAG_CLASS;
+
+ /*
+ * At this point 'ttag' contains the outer tag to use, 'tclass' is the
+ * class and iclass is any flags passed to this function.
+ */
+
+ /* if template and arguments require ndef, use it */
+ if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
+ ndef = 2;
+ else
+ ndef = 1;
+
+ if (flags & ASN1_TFLG_SK_MASK) {
+ /* SET OF, SEQUENCE OF */
+ STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+ int isset, sktag, skaclass;
+ int skcontlen, sklen;
+ ASN1_VALUE *skitem;
+
+ if (!*pval)
+ return 0;
+
+ if (flags & ASN1_TFLG_SET_OF) {
+ isset = 1;
+ /* 2 means we reorder */
+ if (flags & ASN1_TFLG_SEQUENCE_OF)
+ isset = 2;
+ } else
+ isset = 0;
+
+ /*
+ * Work out inner tag value: if EXPLICIT or no tagging use underlying
+ * type.
+ */
+ if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) {
+ sktag = ttag;
+ skaclass = tclass;
+ } else {
+ skaclass = V_ASN1_UNIVERSAL;
+ if (isset)
+ sktag = V_ASN1_SET;
+ else
+ sktag = V_ASN1_SEQUENCE;
+ }
+
+ /* Determine total length of items */
+ skcontlen = 0;
+ for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+ skitem = sk_ASN1_VALUE_value(sk, i);
+ skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
+ ASN1_ITEM_ptr(tt->item),
+ -1, iclass);
+ }
+ sklen = ASN1_object_size(ndef, skcontlen, sktag);
+ /* If EXPLICIT need length of surrounding tag */
+ if (flags & ASN1_TFLG_EXPTAG)
+ ret = ASN1_object_size(ndef, sklen, ttag);
+ else
+ ret = sklen;
+
+ if (!out)
+ return ret;
+
+ /* Now encode this lot... */
+ /* EXPLICIT tag */
+ if (flags & ASN1_TFLG_EXPTAG)
+ ASN1_put_object(out, ndef, sklen, ttag, tclass);
+ /* SET or SEQUENCE and IMPLICIT tag */
+ ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
+ /* And the stuff itself */
+ asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
+ isset, iclass);
+ if (ndef == 2) {
+ ASN1_put_eoc(out);
+ if (flags & ASN1_TFLG_EXPTAG)
+ ASN1_put_eoc(out);
+ }
+
+ return ret;
+ }
+
+ if (flags & ASN1_TFLG_EXPTAG) {
+ /* EXPLICIT tagging */
+ /* Find length of tagged item */
+ i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass);
+ if (!i)
+ return 0;
+ /* Find length of EXPLICIT tag */
+ ret = ASN1_object_size(ndef, i, ttag);
+ if (out) {
+ /* Output tag and item */
+ ASN1_put_object(out, ndef, i, ttag, tclass);
+ ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);
+ if (ndef == 2)
+ ASN1_put_eoc(out);
+ }
+ return ret;
+ }
+
+ /* Either normal or IMPLICIT tagging: combine class and flags */
+ return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+ ttag, tclass | iclass);
+
+}
+
+/* Temporary structure used to hold DER encoding of items for SET OF */
+
+typedef struct {
+ unsigned char *data;
+ int length;
+ ASN1_VALUE *field;
+} DER_ENC;
+
+static int der_cmp(const void *a, const void *b)
+{
+ const DER_ENC *d1 = a, *d2 = b;
+ int cmplen, i;
+ cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+ i = memcmp(d1->data, d2->data, cmplen);
+ if (i)
+ return i;
+ return d1->length - d2->length;
+}
+
+/* Output the content octets of SET OF or SEQUENCE OF */
+
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+ int skcontlen, const ASN1_ITEM *item,
+ int do_sort, int iclass)
+{
+ int i;
+ ASN1_VALUE *skitem;
+ unsigned char *tmpdat = NULL, *p = NULL;
+ DER_ENC *derlst = NULL, *tder;
+ if (do_sort) {
+ /* Don't need to sort less than 2 items */
+ if (sk_ASN1_VALUE_num(sk) < 2)
+ do_sort = 0;
+ else {
+ derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
+ * sizeof(*derlst));
+ if (!derlst)
+ return 0;
+ tmpdat = OPENSSL_malloc(skcontlen);
+ if (!tmpdat) {
+ OPENSSL_free(derlst);
+ return 0;
+ }
+ }
+ }
+ /* If not sorting just output each item */
+ if (!do_sort) {
+ for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+ skitem = sk_ASN1_VALUE_value(sk, i);
+ ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
+ }
+ return 1;
+ }
+ p = tmpdat;
+
+ /* Doing sort: build up a list of each member's DER encoding */
+ for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+ skitem = sk_ASN1_VALUE_value(sk, i);
+ tder->data = p;
+ tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
+ tder->field = skitem;
+ }
+
+ /* Now sort them */
+ qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+ /* Output sorted DER encoding */
+ p = *out;
+ for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+ memcpy(p, tder->data, tder->length);
+ p += tder->length;
+ }
+ *out = p;
+ /* If do_sort is 2 then reorder the STACK */
+ if (do_sort == 2) {
+ for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+ (void)sk_ASN1_VALUE_set(sk, i, tder->field);
+ }
+ OPENSSL_free(derlst);
+ OPENSSL_free(tmpdat);
+ return 1;
+}
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+ const ASN1_ITEM *it, int tag, int aclass)
+{
+ int len;
+ int utype;
+ int usetag;
+ int ndef = 0;
+
+ utype = it->utype;
+
+ /*
+ * Get length of content octets and maybe find out the underlying type.
+ */
+
+ len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+ /*
+ * If SEQUENCE, SET or OTHER then header is included in pseudo content
+ * octets so don't include tag+length. We need to check here because the
+ * call to asn1_ex_i2c() could change utype.
+ */
+ if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+ (utype == V_ASN1_OTHER))
+ usetag = 0;
+ else
+ usetag = 1;
+
+ /* -1 means omit type */
+
+ if (len == -1)
+ return 0;
+
+ /* -2 return is special meaning use ndef */
+ if (len == -2) {
+ ndef = 2;
+ len = 0;
+ }
+
+ /* If not implicitly tagged get tag from underlying type */
+ if (tag == -1)
+ tag = utype;
+
+ /* Output tag+length followed by content octets */
+ if (out) {
+ if (usetag)
+ ASN1_put_object(out, ndef, len, tag, aclass);
+ asn1_ex_i2c(pval, *out, &utype, it);
+ if (ndef)
+ ASN1_put_eoc(out);
+ else
+ *out += len;
+ }
+
+ if (usetag)
+ return ASN1_object_size(ndef, len, tag);
+ return len;
+}
+
+/* Produce content octets from a structure */
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+ const ASN1_ITEM *it)
+{
+ ASN1_BOOLEAN *tbool = NULL;
+ ASN1_STRING *strtmp;
+ ASN1_OBJECT *otmp;
+ int utype;
+ unsigned char *cont, c;
+ int len;
+ const ASN1_PRIMITIVE_FUNCS *pf;
+ pf = it->funcs;
+ if (pf && pf->prim_i2c)
+ return pf->prim_i2c(pval, cout, putype, it);
+
+ /* Should type be omitted? */
+ if ((it->itype != ASN1_ITYPE_PRIMITIVE)
+ || (it->utype != V_ASN1_BOOLEAN)) {
+ if (!*pval)
+ return -1;
+ }
+
+ if (it->itype == ASN1_ITYPE_MSTRING) {
+ /* If MSTRING type set the underlying type */
+ strtmp = (ASN1_STRING *)*pval;
+ utype = strtmp->type;
+ *putype = utype;
+ } else if (it->utype == V_ASN1_ANY) {
+ /* If ANY set type and pointer to value */
+ ASN1_TYPE *typ;
+ typ = (ASN1_TYPE *)*pval;
+ utype = typ->type;
+ *putype = utype;
+ pval = &typ->value.asn1_value;
+ } else
+ utype = *putype;
+
+ switch (utype) {
+ case V_ASN1_OBJECT:
+ otmp = (ASN1_OBJECT *)*pval;
+ cont = otmp->data;
+ len = otmp->length;
+ break;
+
+ case V_ASN1_NULL:
+ cont = NULL;
+ len = 0;
+ break;
+
+ case V_ASN1_BOOLEAN:
+ tbool = (ASN1_BOOLEAN *)pval;
+ if (*tbool == -1)
+ return -1;
+ if (it->utype != V_ASN1_ANY) {
+ /*
+ * Default handling if value == size field then omit
+ */
+ if (*tbool && (it->size > 0))
+ return -1;
+ if (!*tbool && !it->size)
+ return -1;
+ }
+ c = (unsigned char)*tbool;
+ cont = &c;
+ len = 1;
+ break;
+
+ case V_ASN1_BIT_STRING:
+ return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
+ cout ? &cout : NULL);
+ break;
+
+ case V_ASN1_INTEGER:
+ case V_ASN1_NEG_INTEGER:
+ case V_ASN1_ENUMERATED:
+ case V_ASN1_NEG_ENUMERATED:
+ /*
+ * These are all have the same content format as ASN1_INTEGER
+ */
+ return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+ break;
+
+ case V_ASN1_OCTET_STRING:
+ case V_ASN1_NUMERICSTRING:
+ case V_ASN1_PRINTABLESTRING:
+ case V_ASN1_T61STRING:
+ case V_ASN1_VIDEOTEXSTRING:
+ case V_ASN1_IA5STRING:
+ case V_ASN1_UTCTIME:
+ case V_ASN1_GENERALIZEDTIME:
+ case V_ASN1_GRAPHICSTRING:
+ case V_ASN1_VISIBLESTRING:
+ case V_ASN1_GENERALSTRING:
+ case V_ASN1_UNIVERSALSTRING:
+ case V_ASN1_BMPSTRING:
+ case V_ASN1_UTF8STRING:
+ case V_ASN1_SEQUENCE:
+ case V_ASN1_SET:
+ default:
+ /* All based on ASN1_STRING and handled the same */
+ strtmp = (ASN1_STRING *)*pval;
+ /* Special handling for NDEF */
+ if ((it->size == ASN1_TFLG_NDEF)
+ && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) {
+ if (cout) {
+ strtmp->data = cout;
+ strtmp->length = 0;
+ }
+ /* Special return code */
+ return -2;
+ }
+ cont = strtmp->data;
+ len = strtmp->length;
+
+ break;
+
+ }
+ if (cout && len)
+ memcpy(cout, cont, len);
+ return len;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_fre.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_fre.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_fre.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,266 +0,0 @@
-/* tasn_fre.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
-
-/* Free up an ASN1 structure */
-
-void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
- {
- asn1_item_combine_free(&val, it, 0);
- }
-
-void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- asn1_item_combine_free(pval, it, 0);
- }
-
-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
- {
- const ASN1_TEMPLATE *tt = NULL, *seqtt;
- const ASN1_EXTERN_FUNCS *ef;
- const ASN1_COMPAT_FUNCS *cf;
- const ASN1_AUX *aux = it->funcs;
- ASN1_aux_cb *asn1_cb;
- int i;
- if (!pval)
- return;
- if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
- return;
- if (aux && aux->asn1_cb)
- asn1_cb = aux->asn1_cb;
- else
- asn1_cb = 0;
-
- switch(it->itype)
- {
-
- case ASN1_ITYPE_PRIMITIVE:
- if (it->templates)
- ASN1_template_free(pval, it->templates);
- else
- ASN1_primitive_free(pval, it);
- break;
-
- case ASN1_ITYPE_MSTRING:
- ASN1_primitive_free(pval, it);
- break;
-
- case ASN1_ITYPE_CHOICE:
- if (asn1_cb)
- {
- i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
- if (i == 2)
- return;
- }
- i = asn1_get_choice_selector(pval, it);
- if ((i >= 0) && (i < it->tcount))
- {
- ASN1_VALUE **pchval;
- tt = it->templates + i;
- pchval = asn1_get_field_ptr(pval, tt);
- ASN1_template_free(pchval, tt);
- }
- if (asn1_cb)
- asn1_cb(ASN1_OP_FREE_POST, pval, it);
- if (!combine)
- {
- OPENSSL_free(*pval);
- *pval = NULL;
- }
- break;
-
- case ASN1_ITYPE_COMPAT:
- cf = it->funcs;
- if (cf && cf->asn1_free)
- cf->asn1_free(*pval);
- break;
-
- case ASN1_ITYPE_EXTERN:
- ef = it->funcs;
- if (ef && ef->asn1_ex_free)
- ef->asn1_ex_free(pval, it);
- break;
-
- case ASN1_ITYPE_NDEF_SEQUENCE:
- case ASN1_ITYPE_SEQUENCE:
- if (asn1_do_lock(pval, -1, it) > 0)
- return;
- if (asn1_cb)
- {
- i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
- if (i == 2)
- return;
- }
- asn1_enc_free(pval, it);
- /* If we free up as normal we will invalidate any
- * ANY DEFINED BY field and we wont be able to
- * determine the type of the field it defines. So
- * free up in reverse order.
- */
- tt = it->templates + it->tcount - 1;
- for (i = 0; i < it->tcount; tt--, i++)
- {
- ASN1_VALUE **pseqval;
- seqtt = asn1_do_adb(pval, tt, 0);
- if (!seqtt)
- continue;
- pseqval = asn1_get_field_ptr(pval, seqtt);
- ASN1_template_free(pseqval, seqtt);
- }
- if (asn1_cb)
- asn1_cb(ASN1_OP_FREE_POST, pval, it);
- if (!combine)
- {
- OPENSSL_free(*pval);
- *pval = NULL;
- }
- break;
- }
- }
-
-void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
- {
- int i;
- if (tt->flags & ASN1_TFLG_SK_MASK)
- {
- STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
- for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
- {
- ASN1_VALUE *vtmp;
- vtmp = sk_ASN1_VALUE_value(sk, i);
- asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item),
- 0);
- }
- sk_ASN1_VALUE_free(sk);
- *pval = NULL;
- }
- else
- asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
- tt->flags & ASN1_TFLG_COMBINE);
- }
-
-void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- int utype;
- if (it)
- {
- const ASN1_PRIMITIVE_FUNCS *pf;
- pf = it->funcs;
- if (pf && pf->prim_free)
- {
- pf->prim_free(pval, it);
- return;
- }
- }
- /* Special case: if 'it' is NULL free contents of ASN1_TYPE */
- if (!it)
- {
- ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
- utype = typ->type;
- pval = &typ->value.asn1_value;
- if (!*pval)
- return;
- }
- else if (it->itype == ASN1_ITYPE_MSTRING)
- {
- utype = -1;
- if (!*pval)
- return;
- }
- else
- {
- utype = it->utype;
- if ((utype != V_ASN1_BOOLEAN) && !*pval)
- return;
- }
-
- switch(utype)
- {
- case V_ASN1_OBJECT:
- ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
- break;
-
- case V_ASN1_BOOLEAN:
- if (it)
- *(ASN1_BOOLEAN *)pval = it->size;
- else
- *(ASN1_BOOLEAN *)pval = -1;
- return;
-
- case V_ASN1_NULL:
- break;
-
- case V_ASN1_ANY:
- ASN1_primitive_free(pval, NULL);
- OPENSSL_free(*pval);
- break;
-
- default:
- ASN1_STRING_free((ASN1_STRING *)*pval);
- *pval = NULL;
- break;
- }
- *pval = NULL;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_fre.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/tasn_fre.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_fre.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_fre.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,249 @@
+/* tasn_fre.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int combine);
+
+/* Free up an ASN1 structure */
+
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
+{
+ asn1_item_combine_free(&val, it, 0);
+}
+
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ asn1_item_combine_free(pval, it, 0);
+}
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int combine)
+{
+ const ASN1_TEMPLATE *tt = NULL, *seqtt;
+ const ASN1_EXTERN_FUNCS *ef;
+ const ASN1_COMPAT_FUNCS *cf;
+ const ASN1_AUX *aux = it->funcs;
+ ASN1_aux_cb *asn1_cb;
+ int i;
+ if (!pval)
+ return;
+ if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+ return;
+ if (aux && aux->asn1_cb)
+ asn1_cb = aux->asn1_cb;
+ else
+ asn1_cb = 0;
+
+ switch (it->itype) {
+
+ case ASN1_ITYPE_PRIMITIVE:
+ if (it->templates)
+ ASN1_template_free(pval, it->templates);
+ else
+ ASN1_primitive_free(pval, it);
+ break;
+
+ case ASN1_ITYPE_MSTRING:
+ ASN1_primitive_free(pval, it);
+ break;
+
+ case ASN1_ITYPE_CHOICE:
+ if (asn1_cb) {
+ i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+ if (i == 2)
+ return;
+ }
+ i = asn1_get_choice_selector(pval, it);
+ if ((i >= 0) && (i < it->tcount)) {
+ ASN1_VALUE **pchval;
+ tt = it->templates + i;
+ pchval = asn1_get_field_ptr(pval, tt);
+ ASN1_template_free(pchval, tt);
+ }
+ if (asn1_cb)
+ asn1_cb(ASN1_OP_FREE_POST, pval, it);
+ if (!combine) {
+ OPENSSL_free(*pval);
+ *pval = NULL;
+ }
+ break;
+
+ case ASN1_ITYPE_COMPAT:
+ cf = it->funcs;
+ if (cf && cf->asn1_free)
+ cf->asn1_free(*pval);
+ break;
+
+ case ASN1_ITYPE_EXTERN:
+ ef = it->funcs;
+ if (ef && ef->asn1_ex_free)
+ ef->asn1_ex_free(pval, it);
+ break;
+
+ case ASN1_ITYPE_NDEF_SEQUENCE:
+ case ASN1_ITYPE_SEQUENCE:
+ if (asn1_do_lock(pval, -1, it) > 0)
+ return;
+ if (asn1_cb) {
+ i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+ if (i == 2)
+ return;
+ }
+ asn1_enc_free(pval, it);
+ /*
+ * If we free up as normal we will invalidate any ANY DEFINED BY
+ * field and we wont be able to determine the type of the field it
+ * defines. So free up in reverse order.
+ */
+ tt = it->templates + it->tcount - 1;
+ for (i = 0; i < it->tcount; tt--, i++) {
+ ASN1_VALUE **pseqval;
+ seqtt = asn1_do_adb(pval, tt, 0);
+ if (!seqtt)
+ continue;
+ pseqval = asn1_get_field_ptr(pval, seqtt);
+ ASN1_template_free(pseqval, seqtt);
+ }
+ if (asn1_cb)
+ asn1_cb(ASN1_OP_FREE_POST, pval, it);
+ if (!combine) {
+ OPENSSL_free(*pval);
+ *pval = NULL;
+ }
+ break;
+ }
+}
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+ int i;
+ if (tt->flags & ASN1_TFLG_SK_MASK) {
+ STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+ for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+ ASN1_VALUE *vtmp;
+ vtmp = sk_ASN1_VALUE_value(sk, i);
+ asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
+ }
+ sk_ASN1_VALUE_free(sk);
+ *pval = NULL;
+ } else
+ asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
+ tt->flags & ASN1_TFLG_COMBINE);
+}
+
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ int utype;
+ if (it) {
+ const ASN1_PRIMITIVE_FUNCS *pf;
+ pf = it->funcs;
+ if (pf && pf->prim_free) {
+ pf->prim_free(pval, it);
+ return;
+ }
+ }
+ /* Special case: if 'it' is NULL free contents of ASN1_TYPE */
+ if (!it) {
+ ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+ utype = typ->type;
+ pval = &typ->value.asn1_value;
+ if (!*pval)
+ return;
+ } else if (it->itype == ASN1_ITYPE_MSTRING) {
+ utype = -1;
+ if (!*pval)
+ return;
+ } else {
+ utype = it->utype;
+ if ((utype != V_ASN1_BOOLEAN) && !*pval)
+ return;
+ }
+
+ switch (utype) {
+ case V_ASN1_OBJECT:
+ ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
+ break;
+
+ case V_ASN1_BOOLEAN:
+ if (it)
+ *(ASN1_BOOLEAN *)pval = it->size;
+ else
+ *(ASN1_BOOLEAN *)pval = -1;
+ return;
+
+ case V_ASN1_NULL:
+ break;
+
+ case V_ASN1_ANY:
+ ASN1_primitive_free(pval, NULL);
+ OPENSSL_free(*pval);
+ break;
+
+ default:
+ ASN1_STRING_free((ASN1_STRING *)*pval);
+ *pval = NULL;
+ break;
+ }
+ *pval = NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_new.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_new.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,395 +0,0 @@
-/* tasn_new.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/err.h>
-#include <openssl/asn1t.h>
-#include <string.h>
-
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
- int combine);
-static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
-static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
- {
- ASN1_VALUE *ret = NULL;
- if (ASN1_item_ex_new(&ret, it) > 0)
- return ret;
- return NULL;
- }
-
-/* Allocate an ASN1 structure */
-
-int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- return asn1_item_ex_combine_new(pval, it, 0);
- }
-
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
- int combine)
- {
- const ASN1_TEMPLATE *tt = NULL;
- const ASN1_COMPAT_FUNCS *cf;
- const ASN1_EXTERN_FUNCS *ef;
- const ASN1_AUX *aux = it->funcs;
- ASN1_aux_cb *asn1_cb;
- ASN1_VALUE **pseqval;
- int i;
- if (aux && aux->asn1_cb)
- asn1_cb = aux->asn1_cb;
- else
- asn1_cb = 0;
-
- if (!combine) *pval = NULL;
-
-#ifdef CRYPTO_MDEBUG
- if (it->sname)
- CRYPTO_push_info(it->sname);
-#endif
-
- switch(it->itype)
- {
-
- case ASN1_ITYPE_EXTERN:
- ef = it->funcs;
- if (ef && ef->asn1_ex_new)
- {
- if (!ef->asn1_ex_new(pval, it))
- goto memerr;
- }
- break;
-
- case ASN1_ITYPE_COMPAT:
- cf = it->funcs;
- if (cf && cf->asn1_new) {
- *pval = cf->asn1_new();
- if (!*pval)
- goto memerr;
- }
- break;
-
- case ASN1_ITYPE_PRIMITIVE:
- if (it->templates)
- {
- if (!ASN1_template_new(pval, it->templates))
- goto memerr;
- }
- else if (!ASN1_primitive_new(pval, it))
- goto memerr;
- break;
-
- case ASN1_ITYPE_MSTRING:
- if (!ASN1_primitive_new(pval, it))
- goto memerr;
- break;
-
- case ASN1_ITYPE_CHOICE:
- if (asn1_cb)
- {
- i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
- if (!i)
- goto auxerr;
- if (i==2)
- {
-#ifdef CRYPTO_MDEBUG
- if (it->sname)
- CRYPTO_pop_info();
-#endif
- return 1;
- }
- }
- if (!combine)
- {
- *pval = OPENSSL_malloc(it->size);
- if (!*pval)
- goto memerr;
- memset(*pval, 0, it->size);
- }
- asn1_set_choice_selector(pval, -1, it);
- if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
- goto auxerr;
- break;
-
- case ASN1_ITYPE_NDEF_SEQUENCE:
- case ASN1_ITYPE_SEQUENCE:
- if (asn1_cb)
- {
- i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
- if (!i)
- goto auxerr;
- if (i==2)
- {
-#ifdef CRYPTO_MDEBUG
- if (it->sname)
- CRYPTO_pop_info();
-#endif
- return 1;
- }
- }
- if (!combine)
- {
- *pval = OPENSSL_malloc(it->size);
- if (!*pval)
- goto memerr;
- memset(*pval, 0, it->size);
- asn1_do_lock(pval, 0, it);
- asn1_enc_init(pval, it);
- }
- for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
- {
- pseqval = asn1_get_field_ptr(pval, tt);
- if (!ASN1_template_new(pseqval, tt))
- goto memerr;
- }
- if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
- goto auxerr;
- break;
- }
-#ifdef CRYPTO_MDEBUG
- if (it->sname) CRYPTO_pop_info();
-#endif
- return 1;
-
- memerr:
- ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
-#ifdef CRYPTO_MDEBUG
- if (it->sname) CRYPTO_pop_info();
-#endif
- return 0;
-
- auxerr:
- ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
- ASN1_item_ex_free(pval, it);
-#ifdef CRYPTO_MDEBUG
- if (it->sname) CRYPTO_pop_info();
-#endif
- return 0;
-
- }
-
-static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- const ASN1_EXTERN_FUNCS *ef;
-
- switch(it->itype)
- {
-
- case ASN1_ITYPE_EXTERN:
- ef = it->funcs;
- if (ef && ef->asn1_ex_clear)
- ef->asn1_ex_clear(pval, it);
- else *pval = NULL;
- break;
-
-
- case ASN1_ITYPE_PRIMITIVE:
- if (it->templates)
- asn1_template_clear(pval, it->templates);
- else
- asn1_primitive_clear(pval, it);
- break;
-
- case ASN1_ITYPE_MSTRING:
- asn1_primitive_clear(pval, it);
- break;
-
- case ASN1_ITYPE_COMPAT:
- case ASN1_ITYPE_CHOICE:
- case ASN1_ITYPE_SEQUENCE:
- case ASN1_ITYPE_NDEF_SEQUENCE:
- *pval = NULL;
- break;
- }
- }
-
-
-int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
- {
- const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
- int ret;
- if (tt->flags & ASN1_TFLG_OPTIONAL)
- {
- asn1_template_clear(pval, tt);
- return 1;
- }
- /* If ANY DEFINED BY nothing to do */
-
- if (tt->flags & ASN1_TFLG_ADB_MASK)
- {
- *pval = NULL;
- return 1;
- }
-#ifdef CRYPTO_MDEBUG
- if (tt->field_name)
- CRYPTO_push_info(tt->field_name);
-#endif
- /* If SET OF or SEQUENCE OF, its a STACK */
- if (tt->flags & ASN1_TFLG_SK_MASK)
- {
- STACK_OF(ASN1_VALUE) *skval;
- skval = sk_ASN1_VALUE_new_null();
- if (!skval)
- {
- ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
- ret = 0;
- goto done;
- }
- *pval = (ASN1_VALUE *)skval;
- ret = 1;
- goto done;
- }
- /* Otherwise pass it back to the item routine */
- ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
- done:
-#ifdef CRYPTO_MDEBUG
- if (it->sname)
- CRYPTO_pop_info();
-#endif
- return ret;
- }
-
-static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
- {
- /* If ADB or STACK just NULL the field */
- if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK))
- *pval = NULL;
- else
- asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
- }
-
-
-/* NB: could probably combine most of the real XXX_new() behaviour and junk
- * all the old functions.
- */
-
-int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- ASN1_TYPE *typ;
- int utype;
-
- if (it && it->funcs)
- {
- const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
- if (pf->prim_new)
- return pf->prim_new(pval, it);
- }
-
- if (!it || (it->itype == ASN1_ITYPE_MSTRING))
- utype = -1;
- else
- utype = it->utype;
- switch(utype)
- {
- case V_ASN1_OBJECT:
- *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
- return 1;
-
- case V_ASN1_BOOLEAN:
- if (it)
- *(ASN1_BOOLEAN *)pval = it->size;
- else
- *(ASN1_BOOLEAN *)pval = -1;
- return 1;
-
- case V_ASN1_NULL:
- *pval = (ASN1_VALUE *)1;
- return 1;
-
- case V_ASN1_ANY:
- typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
- if (!typ)
- return 0;
- typ->value.ptr = NULL;
- typ->type = -1;
- *pval = (ASN1_VALUE *)typ;
- break;
-
- default:
- *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
- break;
- }
- if (*pval)
- return 1;
- return 0;
- }
-
-void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- int utype;
- if (it && it->funcs)
- {
- const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
- if (pf->prim_clear)
- pf->prim_clear(pval, it);
- else
- *pval = NULL;
- return;
- }
- if (!it || (it->itype == ASN1_ITYPE_MSTRING))
- utype = -1;
- else
- utype = it->utype;
- if (utype == V_ASN1_BOOLEAN)
- *(ASN1_BOOLEAN *)pval = it->size;
- else *pval = NULL;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_new.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/tasn_new.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_new.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_new.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,380 @@
+/* tasn_new.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int combine);
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
+{
+ ASN1_VALUE *ret = NULL;
+ if (ASN1_item_ex_new(&ret, it) > 0)
+ return ret;
+ return NULL;
+}
+
+/* Allocate an ASN1 structure */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ return asn1_item_ex_combine_new(pval, it, 0);
+}
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int combine)
+{
+ const ASN1_TEMPLATE *tt = NULL;
+ const ASN1_COMPAT_FUNCS *cf;
+ const ASN1_EXTERN_FUNCS *ef;
+ const ASN1_AUX *aux = it->funcs;
+ ASN1_aux_cb *asn1_cb;
+ ASN1_VALUE **pseqval;
+ int i;
+ if (aux && aux->asn1_cb)
+ asn1_cb = aux->asn1_cb;
+ else
+ asn1_cb = 0;
+
+ if (!combine)
+ *pval = NULL;
+
+#ifdef CRYPTO_MDEBUG
+ if (it->sname)
+ CRYPTO_push_info(it->sname);
+#endif
+
+ switch (it->itype) {
+
+ case ASN1_ITYPE_EXTERN:
+ ef = it->funcs;
+ if (ef && ef->asn1_ex_new) {
+ if (!ef->asn1_ex_new(pval, it))
+ goto memerr;
+ }
+ break;
+
+ case ASN1_ITYPE_COMPAT:
+ cf = it->funcs;
+ if (cf && cf->asn1_new) {
+ *pval = cf->asn1_new();
+ if (!*pval)
+ goto memerr;
+ }
+ break;
+
+ case ASN1_ITYPE_PRIMITIVE:
+ if (it->templates) {
+ if (!ASN1_template_new(pval, it->templates))
+ goto memerr;
+ } else if (!ASN1_primitive_new(pval, it))
+ goto memerr;
+ break;
+
+ case ASN1_ITYPE_MSTRING:
+ if (!ASN1_primitive_new(pval, it))
+ goto memerr;
+ break;
+
+ case ASN1_ITYPE_CHOICE:
+ if (asn1_cb) {
+ i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+ if (!i)
+ goto auxerr;
+ if (i == 2) {
+#ifdef CRYPTO_MDEBUG
+ if (it->sname)
+ CRYPTO_pop_info();
+#endif
+ return 1;
+ }
+ }
+ if (!combine) {
+ *pval = OPENSSL_malloc(it->size);
+ if (!*pval)
+ goto memerr;
+ memset(*pval, 0, it->size);
+ }
+ asn1_set_choice_selector(pval, -1, it);
+ if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+ goto auxerr;
+ break;
+
+ case ASN1_ITYPE_NDEF_SEQUENCE:
+ case ASN1_ITYPE_SEQUENCE:
+ if (asn1_cb) {
+ i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+ if (!i)
+ goto auxerr;
+ if (i == 2) {
+#ifdef CRYPTO_MDEBUG
+ if (it->sname)
+ CRYPTO_pop_info();
+#endif
+ return 1;
+ }
+ }
+ if (!combine) {
+ *pval = OPENSSL_malloc(it->size);
+ if (!*pval)
+ goto memerr;
+ memset(*pval, 0, it->size);
+ asn1_do_lock(pval, 0, it);
+ asn1_enc_init(pval, it);
+ }
+ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+ pseqval = asn1_get_field_ptr(pval, tt);
+ if (!ASN1_template_new(pseqval, tt))
+ goto memerr;
+ }
+ if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+ goto auxerr;
+ break;
+ }
+#ifdef CRYPTO_MDEBUG
+ if (it->sname)
+ CRYPTO_pop_info();
+#endif
+ return 1;
+
+ memerr:
+ ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
+#ifdef CRYPTO_MDEBUG
+ if (it->sname)
+ CRYPTO_pop_info();
+#endif
+ return 0;
+
+ auxerr:
+ ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
+ ASN1_item_ex_free(pval, it);
+#ifdef CRYPTO_MDEBUG
+ if (it->sname)
+ CRYPTO_pop_info();
+#endif
+ return 0;
+
+}
+
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ const ASN1_EXTERN_FUNCS *ef;
+
+ switch (it->itype) {
+
+ case ASN1_ITYPE_EXTERN:
+ ef = it->funcs;
+ if (ef && ef->asn1_ex_clear)
+ ef->asn1_ex_clear(pval, it);
+ else
+ *pval = NULL;
+ break;
+
+ case ASN1_ITYPE_PRIMITIVE:
+ if (it->templates)
+ asn1_template_clear(pval, it->templates);
+ else
+ asn1_primitive_clear(pval, it);
+ break;
+
+ case ASN1_ITYPE_MSTRING:
+ asn1_primitive_clear(pval, it);
+ break;
+
+ case ASN1_ITYPE_COMPAT:
+ case ASN1_ITYPE_CHOICE:
+ case ASN1_ITYPE_SEQUENCE:
+ case ASN1_ITYPE_NDEF_SEQUENCE:
+ *pval = NULL;
+ break;
+ }
+}
+
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+ const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+ int ret;
+ if (tt->flags & ASN1_TFLG_OPTIONAL) {
+ asn1_template_clear(pval, tt);
+ return 1;
+ }
+ /* If ANY DEFINED BY nothing to do */
+
+ if (tt->flags & ASN1_TFLG_ADB_MASK) {
+ *pval = NULL;
+ return 1;
+ }
+#ifdef CRYPTO_MDEBUG
+ if (tt->field_name)
+ CRYPTO_push_info(tt->field_name);
+#endif
+ /* If SET OF or SEQUENCE OF, its a STACK */
+ if (tt->flags & ASN1_TFLG_SK_MASK) {
+ STACK_OF(ASN1_VALUE) *skval;
+ skval = sk_ASN1_VALUE_new_null();
+ if (!skval) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+ ret = 0;
+ goto done;
+ }
+ *pval = (ASN1_VALUE *)skval;
+ ret = 1;
+ goto done;
+ }
+ /* Otherwise pass it back to the item routine */
+ ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+ done:
+#ifdef CRYPTO_MDEBUG
+ if (it->sname)
+ CRYPTO_pop_info();
+#endif
+ return ret;
+}
+
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+ /* If ADB or STACK just NULL the field */
+ if (tt->flags & (ASN1_TFLG_ADB_MASK | ASN1_TFLG_SK_MASK))
+ *pval = NULL;
+ else
+ asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+}
+
+/*
+ * NB: could probably combine most of the real XXX_new() behaviour and junk
+ * all the old functions.
+ */
+
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ ASN1_TYPE *typ;
+ int utype;
+
+ if (it && it->funcs) {
+ const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+ if (pf->prim_new)
+ return pf->prim_new(pval, it);
+ }
+
+ if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+ utype = -1;
+ else
+ utype = it->utype;
+ switch (utype) {
+ case V_ASN1_OBJECT:
+ *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+ return 1;
+
+ case V_ASN1_BOOLEAN:
+ if (it)
+ *(ASN1_BOOLEAN *)pval = it->size;
+ else
+ *(ASN1_BOOLEAN *)pval = -1;
+ return 1;
+
+ case V_ASN1_NULL:
+ *pval = (ASN1_VALUE *)1;
+ return 1;
+
+ case V_ASN1_ANY:
+ typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
+ if (!typ)
+ return 0;
+ typ->value.ptr = NULL;
+ typ->type = -1;
+ *pval = (ASN1_VALUE *)typ;
+ break;
+
+ default:
+ *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
+ break;
+ }
+ if (*pval)
+ return 1;
+ return 0;
+}
+
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ int utype;
+ if (it && it->funcs) {
+ const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+ if (pf->prim_clear)
+ pf->prim_clear(pval, it);
+ else
+ *pval = NULL;
+ return;
+ }
+ if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+ utype = -1;
+ else
+ utype = it->utype;
+ if (utype == V_ASN1_BOOLEAN)
+ *(ASN1_BOOLEAN *)pval = it->size;
+ else
+ *pval = NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_prn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_prn.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_prn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,198 +0,0 @@
-/* tasn_prn.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-#include <openssl/nasn.h>
-
-/* Print routines. Print out a whole structure from a template.
- */
-
-static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);
-
-int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
-{
- return asn1_item_print_nm(out, fld, indent, it, it->sname);
-}
-
-static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)
-{
- ASN1_STRING *str;
- const ASN1_TEMPLATE *tt;
- void *tmpfld;
- int i;
- if(!fld) {
- BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
- return 1;
- }
- switch(it->itype) {
-
- case ASN1_ITYPE_PRIMITIVE:
- if(it->templates)
- return ASN1_template_print(out, fld, indent, it->templates);
- return asn1_primitive_print(out, fld, it->utype, indent, name);
- break;
-
- case ASN1_ITYPE_MSTRING:
- str = fld;
- return asn1_primitive_print(out, fld, str->type, indent, name);
-
- case ASN1_ITYPE_EXTERN:
- BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
- return 1;
- case ASN1_ITYPE_COMPAT:
- BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
- return 1;
-
-
- case ASN1_ITYPE_CHOICE:
- /* CHOICE type, get selector */
- i = asn1_get_choice_selector(fld, it);
- /* This should never happen... */
- if((i < 0) || (i >= it->tcount)) {
- BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
- return 1;
- }
- tt = it->templates + i;
- tmpfld = asn1_get_field(fld, tt);
- return ASN1_template_print(out, tmpfld, indent, tt);
-
- case ASN1_ITYPE_SEQUENCE:
- BIO_printf(out, "%*s%s {\n", indent, "", name);
- /* Get each field entry */
- for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
- tmpfld = asn1_get_field(fld, tt);
- ASN1_template_print(out, tmpfld, indent + 2, tt);
- }
- BIO_printf(out, "%*s}\n", indent, "");
- return 1;
-
- default:
- return 0;
- }
-}
-
-int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)
-{
- int i, flags;
-#if 0
- if(!fld) return 0;
-#endif
- flags = tt->flags;
- if(flags & ASN1_TFLG_SK_MASK) {
- char *tname;
- void *skitem;
- /* SET OF, SEQUENCE OF */
- if(flags & ASN1_TFLG_SET_OF) tname = "SET";
- else tname = "SEQUENCE";
- if(fld) {
- BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);
- for(i = 0; i < sk_num(fld); i++) {
- skitem = sk_value(fld, i);
- asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
- }
- BIO_printf(out, "%*s}\n", indent, "");
- } else
- BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);
- return 1;
- }
- return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
-}
-
-static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)
-{
- ASN1_STRING *str = fld;
- if(fld) {
- if(utype == V_ASN1_BOOLEAN) {
- int *bool = fld;
-if(*bool == -1) printf("BOOL MISSING\n");
- BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");
- } else if((utype == V_ASN1_INTEGER)
- || (utype == V_ASN1_ENUMERATED)) {
- char *s, *nm;
- s = i2s_ASN1_INTEGER(NULL, fld);
- if(utype == V_ASN1_INTEGER) nm = "INTEGER";
- else nm = "ENUMERATED";
- BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
- OPENSSL_free(s);
- } else if(utype == V_ASN1_NULL) {
- BIO_printf(out, "%*s%s", indent, "", "NULL");
- } else if(utype == V_ASN1_UTCTIME) {
- BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
- ASN1_UTCTIME_print(out, str);
- } else if(utype == V_ASN1_GENERALIZEDTIME) {
- BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
- ASN1_GENERALIZEDTIME_print(out, str);
- } else if(utype == V_ASN1_OBJECT) {
- char objbuf[80], *ln;
- ln = OBJ_nid2ln(OBJ_obj2nid(fld));
- if(!ln) ln = "";
- OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
- BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
- } else {
- BIO_printf(out, "%*s%s:", indent, "", name);
- ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);
- }
- BIO_printf(out, "\n");
- } else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
- return 1;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_prn.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/tasn_prn.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_prn.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_prn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,218 @@
+/* tasn_prn.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/nasn.h>
+
+/*
+ * Print routines. Print out a whole structure from a template.
+ */
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent,
+ const ASN1_ITEM *it, const char *name);
+
+int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
+{
+ return asn1_item_print_nm(out, fld, indent, it, it->sname);
+}
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent,
+ const ASN1_ITEM *it, const char *name)
+{
+ ASN1_STRING *str;
+ const ASN1_TEMPLATE *tt;
+ void *tmpfld;
+ int i;
+ if (!fld) {
+ BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
+ return 1;
+ }
+ switch (it->itype) {
+
+ case ASN1_ITYPE_PRIMITIVE:
+ if (it->templates)
+ return ASN1_template_print(out, fld, indent, it->templates);
+ return asn1_primitive_print(out, fld, it->utype, indent, name);
+ break;
+
+ case ASN1_ITYPE_MSTRING:
+ str = fld;
+ return asn1_primitive_print(out, fld, str->type, indent, name);
+
+ case ASN1_ITYPE_EXTERN:
+ BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name,
+ it->sname, fld ? "" : "ABSENT");
+ return 1;
+ case ASN1_ITYPE_COMPAT:
+ BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name,
+ it->sname, fld ? "" : "ABSENT");
+ return 1;
+
+ case ASN1_ITYPE_CHOICE:
+ /* CHOICE type, get selector */
+ i = asn1_get_choice_selector(fld, it);
+ /* This should never happen... */
+ if ((i < 0) || (i >= it->tcount)) {
+ BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
+ return 1;
+ }
+ tt = it->templates + i;
+ tmpfld = asn1_get_field(fld, tt);
+ return ASN1_template_print(out, tmpfld, indent, tt);
+
+ case ASN1_ITYPE_SEQUENCE:
+ BIO_printf(out, "%*s%s {\n", indent, "", name);
+ /* Get each field entry */
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+ tmpfld = asn1_get_field(fld, tt);
+ ASN1_template_print(out, tmpfld, indent + 2, tt);
+ }
+ BIO_printf(out, "%*s}\n", indent, "");
+ return 1;
+
+ default:
+ return 0;
+ }
+}
+
+int ASN1_template_print(BIO *out, void *fld, int indent,
+ const ASN1_TEMPLATE *tt)
+{
+ int i, flags;
+#if 0
+ if (!fld)
+ return 0;
+#endif
+ flags = tt->flags;
+ if (flags & ASN1_TFLG_SK_MASK) {
+ char *tname;
+ void *skitem;
+ /* SET OF, SEQUENCE OF */
+ if (flags & ASN1_TFLG_SET_OF)
+ tname = "SET";
+ else
+ tname = "SEQUENCE";
+ if (fld) {
+ BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname,
+ tt->field_name);
+ for (i = 0; i < sk_num(fld); i++) {
+ skitem = sk_value(fld, i);
+ asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
+ }
+ BIO_printf(out, "%*s}\n", indent, "");
+ } else
+ BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname,
+ tt->field_name);
+ return 1;
+ }
+ return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
+}
+
+static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent,
+ const char *name)
+{
+ ASN1_STRING *str = fld;
+ if (fld) {
+ if (utype == V_ASN1_BOOLEAN) {
+ int *bool = fld;
+ if (*bool == -1)
+ printf("BOOL MISSING\n");
+ BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN",
+ *bool ? "TRUE" : "FALSE");
+ } else if ((utype == V_ASN1_INTEGER)
+ || (utype == V_ASN1_ENUMERATED)) {
+ char *s, *nm;
+ s = i2s_ASN1_INTEGER(NULL, fld);
+ if (utype == V_ASN1_INTEGER)
+ nm = "INTEGER";
+ else
+ nm = "ENUMERATED";
+ BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
+ OPENSSL_free(s);
+ } else if (utype == V_ASN1_NULL) {
+ BIO_printf(out, "%*s%s", indent, "", "NULL");
+ } else if (utype == V_ASN1_UTCTIME) {
+ BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
+ ASN1_UTCTIME_print(out, str);
+ } else if (utype == V_ASN1_GENERALIZEDTIME) {
+ BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
+ ASN1_GENERALIZEDTIME_print(out, str);
+ } else if (utype == V_ASN1_OBJECT) {
+ char objbuf[80], *ln;
+ ln = OBJ_nid2ln(OBJ_obj2nid(fld));
+ if (!ln)
+ ln = "";
+ OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
+ BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln,
+ objbuf);
+ } else {
+ BIO_printf(out, "%*s%s:", indent, "", name);
+ ASN1_STRING_print_ex(out, str,
+ ASN1_STRFLGS_DUMP_UNKNOWN |
+ ASN1_STRFLGS_SHOW_TYPE);
+ }
+ BIO_printf(out, "\n");
+ } else
+ BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_typ.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_typ.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_typ.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,137 +0,0 @@
-/* tasn_typ.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-/* Declarations for string types */
-
-
-IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)
-
-IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)
-
-IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_NULL)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
-
-IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
-
-IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)
-
-IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
-
-IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)
-
-IMPLEMENT_ASN1_TYPE(ASN1_ANY)
-
-/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
-IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
-
-IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
-
-/* Multistring types */
-
-IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
-IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
-
-IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
-IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
-
-IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
-IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
-
-/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
-IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
-IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
-IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
-
-/* Special, OCTET STRING with indefinite length constructed support */
-
-IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_typ.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/tasn_typ.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_typ.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_typ.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,138 @@
+/* tasn_typ.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Declarations for string types */
+
+
+IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_NULL)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ANY)
+
+/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
+IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+/* Multistring types */
+
+IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+
+IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+
+/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
+IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
+
+/* Special, OCTET STRING with indefinite length constructed support */
+
+IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_utl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/tasn_utl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_utl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,279 +0,0 @@
-/* tasn_utl.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stddef.h>
-#include <string.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-#include <openssl/err.h>
-
-/* Utility functions for manipulating fields and offsets */
-
-/* Add 'offset' to 'addr' */
-#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
-
-/* Given an ASN1_ITEM CHOICE type return
- * the selector value
- */
-
-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- int *sel = offset2ptr(*pval, it->utype);
- return *sel;
- }
-
-/* Given an ASN1_ITEM CHOICE type set
- * the selector value, return old value.
- */
-
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
- {
- int *sel, ret;
- sel = offset2ptr(*pval, it->utype);
- ret = *sel;
- *sel = value;
- return ret;
- }
-
-/* Do reference counting. The value 'op' decides what to do.
- * if it is +1 then the count is incremented. If op is 0 count is
- * set to 1. If op is -1 count is decremented and the return value
- * is the current refrence count or 0 if no reference count exists.
- */
-
-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
- {
- const ASN1_AUX *aux;
- int *lck, ret;
- if ((it->itype != ASN1_ITYPE_SEQUENCE)
- && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
- return 0;
- aux = it->funcs;
- if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
- return 0;
- lck = offset2ptr(*pval, aux->ref_offset);
- if (op == 0)
- {
- *lck = 1;
- return 1;
- }
- ret = CRYPTO_add(lck, op, aux->ref_lock);
-#ifdef REF_PRINT
- fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
-#endif
-#ifdef REF_CHECK
- if (ret < 0)
- fprintf(stderr, "%s, bad reference count\n", it->sname);
-#endif
- return ret;
- }
-
-static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- const ASN1_AUX *aux;
- if (!pval || !*pval)
- return NULL;
- aux = it->funcs;
- if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
- return NULL;
- return offset2ptr(*pval, aux->enc_offset);
- }
-
-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- ASN1_ENCODING *enc;
- enc = asn1_get_enc_ptr(pval, it);
- if (enc)
- {
- enc->enc = NULL;
- enc->len = 0;
- enc->modified = 1;
- }
- }
-
-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- ASN1_ENCODING *enc;
- enc = asn1_get_enc_ptr(pval, it);
- if (enc)
- {
- if (enc->enc)
- OPENSSL_free(enc->enc);
- enc->enc = NULL;
- enc->len = 0;
- enc->modified = 1;
- }
- }
-
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
- const ASN1_ITEM *it)
- {
- ASN1_ENCODING *enc;
- enc = asn1_get_enc_ptr(pval, it);
- if (!enc)
- return 1;
-
- if (enc->enc)
- OPENSSL_free(enc->enc);
- enc->enc = OPENSSL_malloc(inlen);
- if (!enc->enc)
- return 0;
- memcpy(enc->enc, in, inlen);
- enc->len = inlen;
- enc->modified = 0;
-
- return 1;
- }
-
-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
- const ASN1_ITEM *it)
- {
- ASN1_ENCODING *enc;
- enc = asn1_get_enc_ptr(pval, it);
- if (!enc || enc->modified)
- return 0;
- if (out)
- {
- memcpy(*out, enc->enc, enc->len);
- *out += enc->len;
- }
- if (len)
- *len = enc->len;
- return 1;
- }
-
-/* Given an ASN1_TEMPLATE get a pointer to a field */
-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
- {
- ASN1_VALUE **pvaltmp;
- if (tt->flags & ASN1_TFLG_COMBINE)
- return pval;
- pvaltmp = offset2ptr(*pval, tt->offset);
- /* NOTE for BOOLEAN types the field is just a plain
- * int so we can't return int **, so settle for
- * (int *).
- */
- return pvaltmp;
- }
-
-/* Handle ANY DEFINED BY template, find the selector, look up
- * the relevant ASN1_TEMPLATE in the table and return it.
- */
-
-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
- int nullerr)
- {
- const ASN1_ADB *adb;
- const ASN1_ADB_TABLE *atbl;
- long selector;
- ASN1_VALUE **sfld;
- int i;
- if (!(tt->flags & ASN1_TFLG_ADB_MASK))
- return tt;
-
- /* Else ANY DEFINED BY ... get the table */
- adb = ASN1_ADB_ptr(tt->item);
-
- /* Get the selector field */
- sfld = offset2ptr(*pval, adb->offset);
-
- /* Check if NULL */
- if (!sfld)
- {
- if (!adb->null_tt)
- goto err;
- return adb->null_tt;
- }
-
- /* Convert type to a long:
- * NB: don't check for NID_undef here because it
- * might be a legitimate value in the table
- */
- if (tt->flags & ASN1_TFLG_ADB_OID)
- selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
- else
- selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
-
- /* Try to find matching entry in table
- * Maybe should check application types first to
- * allow application override? Might also be useful
- * to have a flag which indicates table is sorted and
- * we can do a binary search. For now stick to a
- * linear search.
- */
-
- for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
- if (atbl->value == selector)
- return &atbl->tt;
-
- /* FIXME: need to search application table too */
-
- /* No match, return default type */
- if (!adb->default_tt)
- goto err;
- return adb->default_tt;
-
- err:
- /* FIXME: should log the value or OID of unsupported type */
- if (nullerr)
- ASN1err(ASN1_F_ASN1_DO_ADB,
- ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
- return NULL;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_utl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/tasn_utl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_utl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/tasn_utl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,275 @@
+/* tasn_utl.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+
+/* Utility functions for manipulating fields and offsets */
+
+/* Add 'offset' to 'addr' */
+#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
+
+/*
+ * Given an ASN1_ITEM CHOICE type return the selector value
+ */
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ int *sel = offset2ptr(*pval, it->utype);
+ return *sel;
+}
+
+/*
+ * Given an ASN1_ITEM CHOICE type set the selector value, return old value.
+ */
+
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+ const ASN1_ITEM *it)
+{
+ int *sel, ret;
+ sel = offset2ptr(*pval, it->utype);
+ ret = *sel;
+ *sel = value;
+ return ret;
+}
+
+/*
+ * Do reference counting. The value 'op' decides what to do. if it is +1
+ * then the count is incremented. If op is 0 count is set to 1. If op is -1
+ * count is decremented and the return value is the current refrence count or
+ * 0 if no reference count exists.
+ */
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+{
+ const ASN1_AUX *aux;
+ int *lck, ret;
+ if ((it->itype != ASN1_ITYPE_SEQUENCE)
+ && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
+ return 0;
+ aux = it->funcs;
+ if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
+ return 0;
+ lck = offset2ptr(*pval, aux->ref_offset);
+ if (op == 0) {
+ *lck = 1;
+ return 1;
+ }
+ ret = CRYPTO_add(lck, op, aux->ref_lock);
+#ifdef REF_PRINT
+ fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
+#endif
+#ifdef REF_CHECK
+ if (ret < 0)
+ fprintf(stderr, "%s, bad reference count\n", it->sname);
+#endif
+ return ret;
+}
+
+static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ const ASN1_AUX *aux;
+ if (!pval || !*pval)
+ return NULL;
+ aux = it->funcs;
+ if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
+ return NULL;
+ return offset2ptr(*pval, aux->enc_offset);
+}
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ ASN1_ENCODING *enc;
+ enc = asn1_get_enc_ptr(pval, it);
+ if (enc) {
+ enc->enc = NULL;
+ enc->len = 0;
+ enc->modified = 1;
+ }
+}
+
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ ASN1_ENCODING *enc;
+ enc = asn1_get_enc_ptr(pval, it);
+ if (enc) {
+ if (enc->enc)
+ OPENSSL_free(enc->enc);
+ enc->enc = NULL;
+ enc->len = 0;
+ enc->modified = 1;
+ }
+}
+
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+ const ASN1_ITEM *it)
+{
+ ASN1_ENCODING *enc;
+ enc = asn1_get_enc_ptr(pval, it);
+ if (!enc)
+ return 1;
+
+ if (enc->enc)
+ OPENSSL_free(enc->enc);
+ enc->enc = OPENSSL_malloc(inlen);
+ if (!enc->enc)
+ return 0;
+ memcpy(enc->enc, in, inlen);
+ enc->len = inlen;
+ enc->modified = 0;
+
+ return 1;
+}
+
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+ const ASN1_ITEM *it)
+{
+ ASN1_ENCODING *enc;
+ enc = asn1_get_enc_ptr(pval, it);
+ if (!enc || enc->modified)
+ return 0;
+ if (out) {
+ memcpy(*out, enc->enc, enc->len);
+ *out += enc->len;
+ }
+ if (len)
+ *len = enc->len;
+ return 1;
+}
+
+/* Given an ASN1_TEMPLATE get a pointer to a field */
+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+ ASN1_VALUE **pvaltmp;
+ if (tt->flags & ASN1_TFLG_COMBINE)
+ return pval;
+ pvaltmp = offset2ptr(*pval, tt->offset);
+ /*
+ * NOTE for BOOLEAN types the field is just a plain int so we can't
+ * return int **, so settle for (int *).
+ */
+ return pvaltmp;
+}
+
+/*
+ * Handle ANY DEFINED BY template, find the selector, look up the relevant
+ * ASN1_TEMPLATE in the table and return it.
+ */
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+ int nullerr)
+{
+ const ASN1_ADB *adb;
+ const ASN1_ADB_TABLE *atbl;
+ long selector;
+ ASN1_VALUE **sfld;
+ int i;
+ if (!(tt->flags & ASN1_TFLG_ADB_MASK))
+ return tt;
+
+ /* Else ANY DEFINED BY ... get the table */
+ adb = ASN1_ADB_ptr(tt->item);
+
+ /* Get the selector field */
+ sfld = offset2ptr(*pval, adb->offset);
+
+ /* Check if NULL */
+ if (!sfld) {
+ if (!adb->null_tt)
+ goto err;
+ return adb->null_tt;
+ }
+
+ /*
+ * Convert type to a long: NB: don't check for NID_undef here because it
+ * might be a legitimate value in the table
+ */
+ if (tt->flags & ASN1_TFLG_ADB_OID)
+ selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+ else
+ selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
+
+ /*
+ * Try to find matching entry in table Maybe should check application
+ * types first to allow application override? Might also be useful to
+ * have a flag which indicates table is sorted and we can do a binary
+ * search. For now stick to a linear search.
+ */
+
+ for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+ if (atbl->value == selector)
+ return &atbl->tt;
+
+ /* FIXME: need to search application table too */
+
+ /* No match, return default type */
+ if (!adb->default_tt)
+ goto err;
+ return adb->default_tt;
+
+ err:
+ /* FIXME: should log the value or OID of unsupported type */
+ if (nullerr)
+ ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+ return NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_algor.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_algor.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_algor.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,130 +0,0 @@
-/* x_algor.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(X509_ALGOR) = {
- ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
- ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
-} ASN1_SEQUENCE_END(X509_ALGOR)
-
-ASN1_ITEM_TEMPLATE(X509_ALGORS) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
-ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
-
-IMPLEMENT_STACK_OF(X509_ALGOR)
-IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
-
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
- {
- if (!alg)
- return 0;
- if (ptype != V_ASN1_UNDEF)
- {
- if (alg->parameter == NULL)
- alg->parameter = ASN1_TYPE_new();
- if (alg->parameter == NULL)
- return 0;
- }
- if (alg)
- {
- if (alg->algorithm)
- ASN1_OBJECT_free(alg->algorithm);
- alg->algorithm = aobj;
- }
- if (ptype == 0)
- return 1;
- if (ptype == V_ASN1_UNDEF)
- {
- if (alg->parameter)
- {
- ASN1_TYPE_free(alg->parameter);
- alg->parameter = NULL;
- }
- }
- else
- ASN1_TYPE_set(alg->parameter, ptype, pval);
- return 1;
- }
-
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
- X509_ALGOR *algor)
- {
- if (paobj)
- *paobj = algor->algorithm;
- if (pptype)
- {
- if (algor->parameter == NULL)
- {
- *pptype = V_ASN1_UNDEF;
- return;
- }
- else
- *pptype = algor->parameter->type;
- if (ppval)
- *ppval = algor->parameter->value.ptr;
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_algor.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_algor.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_algor.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_algor.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,133 @@
+/* x_algor.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(X509_ALGOR) = {
+ ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
+ ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ALGOR)
+
+ASN1_ITEM_TEMPLATE(X509_ALGORS) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
+
+IMPLEMENT_STACK_OF(X509_ALGOR)
+IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
+
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
+{
+ if (!alg)
+ return 0;
+ if (ptype != V_ASN1_UNDEF) {
+ if (alg->parameter == NULL)
+ alg->parameter = ASN1_TYPE_new();
+ if (alg->parameter == NULL)
+ return 0;
+ }
+ if (alg) {
+ if (alg->algorithm)
+ ASN1_OBJECT_free(alg->algorithm);
+ alg->algorithm = aobj;
+ }
+ if (ptype == 0)
+ return 1;
+ if (ptype == V_ASN1_UNDEF) {
+ if (alg->parameter) {
+ ASN1_TYPE_free(alg->parameter);
+ alg->parameter = NULL;
+ }
+ } else
+ ASN1_TYPE_set(alg->parameter, ptype, pval);
+ return 1;
+}
+
+void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+ X509_ALGOR *algor)
+{
+ if (paobj)
+ *paobj = algor->algorithm;
+ if (pptype) {
+ if (algor->parameter == NULL) {
+ *pptype = V_ASN1_UNDEF;
+ return;
+ } else
+ *pptype = algor->parameter->type;
+ if (ppval)
+ *ppval = algor->parameter->value.ptr;
+ }
+}
+
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
+{
+ int rv;
+ rv = OBJ_cmp(a->algorithm, b->algorithm);
+ if (rv)
+ return rv;
+ if (!a->parameter && !b->parameter)
+ return 0;
+ return ASN1_TYPE_cmp(a->parameter, b->parameter);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_attrib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_attrib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_attrib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,118 +0,0 @@
-/* crypto/asn1/x_attrib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* X509_ATTRIBUTE: this has the following form:
- *
- * typedef struct x509_attributes_st
- * {
- * ASN1_OBJECT *object;
- * int single;
- * union {
- * char *ptr;
- * STACK_OF(ASN1_TYPE) *set;
- * ASN1_TYPE *single;
- * } value;
- * } X509_ATTRIBUTE;
- *
- * this needs some extra thought because the CHOICE type is
- * merged with the main structure and because the value can
- * be anything at all we *must* try the SET OF first because
- * the ASN1_ANY type will swallow anything including the whole
- * SET OF structure.
- */
-
-ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
- ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
- ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
-} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
-
-ASN1_SEQUENCE(X509_ATTRIBUTE) = {
- ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
- /* CHOICE type merged with parent */
- ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
-} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
- {
- X509_ATTRIBUTE *ret=NULL;
- ASN1_TYPE *val=NULL;
-
- if ((ret=X509_ATTRIBUTE_new()) == NULL)
- return(NULL);
- ret->object=OBJ_nid2obj(nid);
- ret->single=0;
- if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
- if ((val=ASN1_TYPE_new()) == NULL) goto err;
- if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
-
- ASN1_TYPE_set(val,atrtype,value);
- return(ret);
-err:
- if (ret != NULL) X509_ATTRIBUTE_free(ret);
- if (val != NULL) ASN1_TYPE_free(val);
- return(NULL);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_attrib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_attrib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_attrib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_attrib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,124 @@
+/* crypto/asn1/x_attrib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/*-
+ * X509_ATTRIBUTE: this has the following form:
+ *
+ * typedef struct x509_attributes_st
+ * {
+ * ASN1_OBJECT *object;
+ * int single;
+ * union {
+ * char *ptr;
+ * STACK_OF(ASN1_TYPE) *set;
+ * ASN1_TYPE *single;
+ * } value;
+ * } X509_ATTRIBUTE;
+ *
+ * this needs some extra thought because the CHOICE type is
+ * merged with the main structure and because the value can
+ * be anything at all we *must* try the SET OF first because
+ * the ASN1_ANY type will swallow anything including the whole
+ * SET OF structure.
+ */
+
+ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
+ ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
+ ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
+} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
+
+ASN1_SEQUENCE(X509_ATTRIBUTE) = {
+ ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+ /* CHOICE type merged with parent */
+ ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
+} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+{
+ X509_ATTRIBUTE *ret = NULL;
+ ASN1_TYPE *val = NULL;
+
+ if ((ret = X509_ATTRIBUTE_new()) == NULL)
+ return (NULL);
+ ret->object = OBJ_nid2obj(nid);
+ ret->single = 0;
+ if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
+ goto err;
+ if ((val = ASN1_TYPE_new()) == NULL)
+ goto err;
+ if (!sk_ASN1_TYPE_push(ret->value.set, val))
+ goto err;
+
+ ASN1_TYPE_set(val, atrtype, value);
+ return (ret);
+ err:
+ if (ret != NULL)
+ X509_ATTRIBUTE_free(ret);
+ if (val != NULL)
+ ASN1_TYPE_free(val);
+ return (NULL);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_bignum.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_bignum.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_bignum.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,139 +0,0 @@
-/* x_bignum.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/bn.h>
-
-/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
- * BIGNUM directly. Currently it ignores the sign which isn't a problem since all
- * BIGNUMs used are non negative and anything that looks negative is normally due
- * to an encoding error.
- */
-
-#define BN_SENSITIVE 1
-
-static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-static ASN1_PRIMITIVE_FUNCS bignum_pf = {
- NULL, 0,
- bn_new,
- bn_free,
- 0,
- bn_c2i,
- bn_i2c
-};
-
-ASN1_ITEM_start(BIGNUM)
- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
-ASN1_ITEM_end(BIGNUM)
-
-ASN1_ITEM_start(CBIGNUM)
- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
-ASN1_ITEM_end(CBIGNUM)
-
-static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- *pval = (ASN1_VALUE *)BN_new();
- if(*pval) return 1;
- else return 0;
-}
-
-static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- if(!*pval) return;
- if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
- else BN_free((BIGNUM *)*pval);
- *pval = NULL;
-}
-
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
-{
- BIGNUM *bn;
- int pad;
- if(!*pval) return -1;
- bn = (BIGNUM *)*pval;
- /* If MSB set in an octet we need a padding byte */
- if(BN_num_bits(bn) & 0x7) pad = 0;
- else pad = 1;
- if(cont) {
- if(pad) *cont++ = 0;
- BN_bn2bin(bn, cont);
- }
- return pad + BN_num_bytes(bn);
-}
-
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
- int utype, char *free_cont, const ASN1_ITEM *it)
-{
- BIGNUM *bn;
- if(!*pval) bn_new(pval, it);
- bn = (BIGNUM *)*pval;
- if(!BN_bin2bn(cont, len, bn)) {
- bn_free(pval, it);
- return 0;
- }
- return 1;
-}
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_bignum.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_bignum.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_bignum.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_bignum.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,152 @@
+/* x_bignum.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+
+/*
+ * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER
+ * as a BIGNUM directly. Currently it ignores the sign which isn't a problem
+ * since all BIGNUMs used are non negative and anything that looks negative
+ * is normally due to an encoding error.
+ */
+
+#define BN_SENSITIVE 1
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+ const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+ NULL, 0,
+ bn_new,
+ bn_free,
+ 0,
+ bn_c2i,
+ bn_i2c
+};
+
+ASN1_ITEM_start(BIGNUM)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITEM_end(BIGNUM)
+
+ASN1_ITEM_start(CBIGNUM)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITEM_end(CBIGNUM)
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *pval = (ASN1_VALUE *)BN_new();
+ if (*pval)
+ return 1;
+ else
+ return 0;
+}
+
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if (!*pval)
+ return;
+ if (it->size & BN_SENSITIVE)
+ BN_clear_free((BIGNUM *)*pval);
+ else
+ BN_free((BIGNUM *)*pval);
+ *pval = NULL;
+}
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+ const ASN1_ITEM *it)
+{
+ BIGNUM *bn;
+ int pad;
+ if (!*pval)
+ return -1;
+ bn = (BIGNUM *)*pval;
+ /* If MSB set in an octet we need a padding byte */
+ if (BN_num_bits(bn) & 0x7)
+ pad = 0;
+ else
+ pad = 1;
+ if (cont) {
+ if (pad)
+ *cont++ = 0;
+ BN_bn2bin(bn, cont);
+ }
+ return pad + BN_num_bytes(bn);
+}
+
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it)
+{
+ BIGNUM *bn;
+ if (!*pval)
+ bn_new(pval, it);
+ bn = (BIGNUM *)*pval;
+ if (!BN_bin2bn(cont, len, bn)) {
+ bn_free(pval, it);
+ return 0;
+ }
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_crl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_crl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_crl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,140 +0,0 @@
-/* crypto/asn1/x_crl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
- const X509_REVOKED * const *b);
-
-ASN1_SEQUENCE(X509_REVOKED) = {
- ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
- ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
- ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
-} ASN1_SEQUENCE_END(X509_REVOKED)
-
-/* The X509_CRL_INFO structure needs a bit of customisation.
- * Since we cache the original encoding the signature wont be affected by
- * reordering of the revoked field.
- */
-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
-
- if(!a || !a->revoked) return 1;
- switch(operation) {
- /* Just set cmp function here. We don't sort because that
- * would affect the output of X509_CRL_print().
- */
- case ASN1_OP_D2I_POST:
- (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
- break;
- }
- return 1;
-}
-
-
-ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
- ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
- ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
- ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
- ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
- ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
- ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
- ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
-
-ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
- ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
- ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
- ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
-IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
-IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
-
-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
- const X509_REVOKED * const *b)
- {
- return(ASN1_STRING_cmp(
- (ASN1_STRING *)(*a)->serialNumber,
- (ASN1_STRING *)(*b)->serialNumber));
- }
-
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
-{
- X509_CRL_INFO *inf;
- inf = crl->crl;
- if(!inf->revoked)
- inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
- if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
- ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- inf->enc.modified = 1;
- return 1;
-}
-
-IMPLEMENT_STACK_OF(X509_REVOKED)
-IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
-IMPLEMENT_STACK_OF(X509_CRL)
-IMPLEMENT_ASN1_SET_OF(X509_CRL)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_crl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_crl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_crl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_crl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,148 @@
+/* crypto/asn1/x_crl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
+ const X509_REVOKED *const *b);
+
+ASN1_SEQUENCE(X509_REVOKED) = {
+ ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+ ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+ ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+} ASN1_SEQUENCE_END(X509_REVOKED)
+
+/*
+ * The X509_CRL_INFO structure needs a bit of customisation. Since we cache
+ * the original encoding the signature wont be affected by reordering of the
+ * revoked field.
+ */
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
+
+ if (!a || !a->revoked)
+ return 1;
+ switch (operation) {
+ /*
+ * Just set cmp function here. We don't sort because that would
+ * affect the output of X509_CRL_print().
+ */
+ case ASN1_OP_D2I_POST:
+ (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp);
+ break;
+ }
+ return 1;
+}
+
+
+ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
+ ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+ ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+ ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+ ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+ ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+ ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+ ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
+
+ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
+ ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
+ ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
+ ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
+
+static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
+ const X509_REVOKED *const *b)
+{
+ return (ASN1_STRING_cmp((ASN1_STRING *)(*a)->serialNumber,
+ (ASN1_STRING *)(*b)->serialNumber));
+}
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+ X509_CRL_INFO *inf;
+ inf = crl->crl;
+ if (!inf->revoked)
+ inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+ if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+ ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ inf->enc.modified = 1;
+ return 1;
+}
+
+IMPLEMENT_STACK_OF(X509_REVOKED)
+
+IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
+
+IMPLEMENT_STACK_OF(X509_CRL)
+
+IMPLEMENT_ASN1_SET_OF(X509_CRL)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_exten.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_exten.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_exten.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,76 +0,0 @@
-/* x_exten.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stddef.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(X509_EXTENSION) = {
- ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
- ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
- ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(X509_EXTENSION)
-
-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
-ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_exten.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_exten.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_exten.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_exten.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,77 @@
+/* x_exten.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(X509_EXTENSION) = {
+ ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+ ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+ ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION)
+
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_info.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_info.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_info.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,114 +0,0 @@
-/* crypto/asn1/x_info.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-
-X509_INFO *X509_INFO_new(void)
- {
- X509_INFO *ret=NULL;
-
- ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
- if (ret == NULL)
- {
- ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
- ret->enc_cipher.cipher=NULL;
- ret->enc_len=0;
- ret->enc_data=NULL;
-
- ret->references=1;
- ret->x509=NULL;
- ret->crl=NULL;
- ret->x_pkey=NULL;
- return(ret);
- }
-
-void X509_INFO_free(X509_INFO *x)
- {
- int i;
-
- if (x == NULL) return;
-
- i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
-#ifdef REF_PRINT
- REF_PRINT("X509_INFO",x);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"X509_INFO_free, bad reference count\n");
- abort();
- }
-#endif
-
- if (x->x509 != NULL) X509_free(x->x509);
- if (x->crl != NULL) X509_CRL_free(x->crl);
- if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
- if (x->enc_data != NULL) OPENSSL_free(x->enc_data);
- OPENSSL_free(x);
- }
-
-IMPLEMENT_STACK_OF(X509_INFO)
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_info.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_info.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_info.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_info.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,117 @@
+/* crypto/asn1/x_info.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+X509_INFO *X509_INFO_new(void)
+{
+ X509_INFO *ret = NULL;
+
+ ret = (X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
+ if (ret == NULL) {
+ ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+
+ ret->enc_cipher.cipher = NULL;
+ ret->enc_len = 0;
+ ret->enc_data = NULL;
+
+ ret->references = 1;
+ ret->x509 = NULL;
+ ret->crl = NULL;
+ ret->x_pkey = NULL;
+ return (ret);
+}
+
+void X509_INFO_free(X509_INFO *x)
+{
+ int i;
+
+ if (x == NULL)
+ return;
+
+ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO);
+#ifdef REF_PRINT
+ REF_PRINT("X509_INFO", x);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "X509_INFO_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ if (x->x509 != NULL)
+ X509_free(x->x509);
+ if (x->crl != NULL)
+ X509_CRL_free(x->crl);
+ if (x->x_pkey != NULL)
+ X509_PKEY_free(x->x_pkey);
+ if (x->enc_data != NULL)
+ OPENSSL_free(x->enc_data);
+ OPENSSL_free(x);
+}
+
+IMPLEMENT_STACK_OF(X509_INFO)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_long.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_long.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_long.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,171 +0,0 @@
-/* x_long.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/bn.h>
-
-/* Custom primitive type for long handling. This converts between an ASN1_INTEGER
- * and a long directly.
- */
-
-
-static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
-static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
-
-static ASN1_PRIMITIVE_FUNCS long_pf = {
- NULL, 0,
- long_new,
- long_free,
- long_free, /* Clear should set to initial value */
- long_c2i,
- long_i2c
-};
-
-ASN1_ITEM_start(LONG)
- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
-ASN1_ITEM_end(LONG)
-
-ASN1_ITEM_start(ZLONG)
- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
-ASN1_ITEM_end(ZLONG)
-
-static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- *(long *)pval = it->size;
- return 1;
-}
-
-static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- *(long *)pval = it->size;
-}
-
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
-{
- long ltmp;
- unsigned long utmp;
- int clen, pad, i;
- /* this exists to bypass broken gcc optimization */
- char *cp = (char *)pval;
-
- /* use memcpy, because we may not be long aligned */
- memcpy(<mp, cp, sizeof(long));
-
- if(ltmp == it->size) return -1;
- /* Convert the long to positive: we subtract one if negative so
- * we can cleanly handle the padding if only the MSB of the leading
- * octet is set.
- */
- if(ltmp < 0) utmp = -ltmp - 1;
- else utmp = ltmp;
- clen = BN_num_bits_word(utmp);
- /* If MSB of leading octet set we need to pad */
- if(!(clen & 0x7)) pad = 1;
- else pad = 0;
-
- /* Convert number of bits to number of octets */
- clen = (clen + 7) >> 3;
-
- if(cont) {
- if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
- for(i = clen - 1; i >= 0; i--) {
- cont[i] = (unsigned char)(utmp & 0xff);
- if(ltmp < 0) cont[i] ^= 0xff;
- utmp >>= 8;
- }
- }
- return clen + pad;
-}
-
-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
- int utype, char *free_cont, const ASN1_ITEM *it)
-{
- int neg, i;
- long ltmp;
- unsigned long utmp = 0;
- char *cp = (char *)pval;
- if(len > (int)sizeof(long)) {
- ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
- return 0;
- }
- /* Is it negative? */
- if(len && (cont[0] & 0x80)) neg = 1;
- else neg = 0;
- utmp = 0;
- for(i = 0; i < len; i++) {
- utmp <<= 8;
- if(neg) utmp |= cont[i] ^ 0xff;
- else utmp |= cont[i];
- }
- ltmp = (long)utmp;
- if(neg) {
- ltmp++;
- ltmp = -ltmp;
- }
- if(ltmp == it->size) {
- ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
- return 0;
- }
- memcpy(cp, <mp, sizeof(long));
- return 1;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_long.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_long.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_long.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_long.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,187 @@
+/* x_long.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+
+/*
+ * Custom primitive type for long handling. This converts between an
+ * ASN1_INTEGER and a long directly.
+ */
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+ const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS long_pf = {
+ NULL, 0,
+ long_new,
+ long_free,
+ long_free, /* Clear should set to initial value */
+ long_c2i,
+ long_i2c
+};
+
+ASN1_ITEM_start(LONG)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITEM_end(LONG)
+
+ASN1_ITEM_start(ZLONG)
+ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITEM_end(ZLONG)
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *(long *)pval = it->size;
+ return 1;
+}
+
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ *(long *)pval = it->size;
+}
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+ const ASN1_ITEM *it)
+{
+ long ltmp;
+ unsigned long utmp;
+ int clen, pad, i;
+ /* this exists to bypass broken gcc optimization */
+ char *cp = (char *)pval;
+
+ /* use memcpy, because we may not be long aligned */
+ memcpy(<mp, cp, sizeof(long));
+
+ if (ltmp == it->size)
+ return -1;
+ /*
+ * Convert the long to positive: we subtract one if negative so we can
+ * cleanly handle the padding if only the MSB of the leading octet is
+ * set.
+ */
+ if (ltmp < 0)
+ utmp = -ltmp - 1;
+ else
+ utmp = ltmp;
+ clen = BN_num_bits_word(utmp);
+ /* If MSB of leading octet set we need to pad */
+ if (!(clen & 0x7))
+ pad = 1;
+ else
+ pad = 0;
+
+ /* Convert number of bits to number of octets */
+ clen = (clen + 7) >> 3;
+
+ if (cont) {
+ if (pad)
+ *cont++ = (ltmp < 0) ? 0xff : 0;
+ for (i = clen - 1; i >= 0; i--) {
+ cont[i] = (unsigned char)(utmp & 0xff);
+ if (ltmp < 0)
+ cont[i] ^= 0xff;
+ utmp >>= 8;
+ }
+ }
+ return clen + pad;
+}
+
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+ int utype, char *free_cont, const ASN1_ITEM *it)
+{
+ int neg, i;
+ long ltmp;
+ unsigned long utmp = 0;
+ char *cp = (char *)pval;
+ if (len > (int)sizeof(long)) {
+ ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+ return 0;
+ }
+ /* Is it negative? */
+ if (len && (cont[0] & 0x80))
+ neg = 1;
+ else
+ neg = 0;
+ utmp = 0;
+ for (i = 0; i < len; i++) {
+ utmp <<= 8;
+ if (neg)
+ utmp |= cont[i] ^ 0xff;
+ else
+ utmp |= cont[i];
+ }
+ ltmp = (long)utmp;
+ if (neg) {
+ ltmp++;
+ ltmp = -ltmp;
+ }
+ if (ltmp == it->size) {
+ ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+ return 0;
+ }
+ memcpy(cp, <mp, sizeof(long));
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_name.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_name.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_name.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,277 +0,0 @@
-/* crypto/asn1/x_name.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
- int tag, int aclass, char opt, ASN1_TLC *ctx);
-
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
-static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
-
-static int x509_name_encode(X509_NAME *a);
-
-ASN1_SEQUENCE(X509_NAME_ENTRY) = {
- ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
- ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
-} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
-
-/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
- * so declare two template wrappers for this
- */
-
-ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
-ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
-
-ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
-ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
-
-/* Normally that's where it would end: we'd have two nested STACK structures
- * representing the ASN1. Unfortunately X509_NAME uses a completely different
- * form and caches encodings so we have to process the internal form and convert
- * to the external form.
- */
-
-const ASN1_EXTERN_FUNCS x509_name_ff = {
- NULL,
- x509_name_ex_new,
- x509_name_ex_free,
- 0, /* Default clear behaviour is OK */
- x509_name_ex_d2i,
- x509_name_ex_i2d
-};
-
-IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
-
-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
-{
- X509_NAME *ret = NULL;
- ret = OPENSSL_malloc(sizeof(X509_NAME));
- if(!ret) goto memerr;
- if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
- goto memerr;
- if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
- ret->modified=1;
- *val = (ASN1_VALUE *)ret;
- return 1;
-
- memerr:
- ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
- if (ret)
- {
- if (ret->entries)
- sk_X509_NAME_ENTRY_free(ret->entries);
- OPENSSL_free(ret);
- }
- return 0;
-}
-
-static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- X509_NAME *a;
- if(!pval || !*pval)
- return;
- a = (X509_NAME *)*pval;
-
- BUF_MEM_free(a->bytes);
- sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
- OPENSSL_free(a);
- *pval = NULL;
-}
-
-/* Used with sk_pop_free() to free up the internal representation.
- * NB: we only free the STACK and not its contents because it is
- * already present in the X509_NAME structure.
- */
-
-static void sk_internal_free(void *a)
-{
- sk_free(a);
-}
-
-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
- int tag, int aclass, char opt, ASN1_TLC *ctx)
-{
- const unsigned char *p = *in, *q;
- union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
- union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
- int i, j, ret;
- STACK_OF(X509_NAME_ENTRY) *entries;
- X509_NAME_ENTRY *entry;
- q = p;
-
- /* Get internal representation of Name */
- ret = ASN1_item_ex_d2i(&intname.a,
- &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
- tag, aclass, opt, ctx);
-
- if(ret <= 0) return ret;
-
- if(*val) x509_name_ex_free(val, NULL);
- if(!x509_name_ex_new(&nm.a, NULL)) goto err;
- /* We've decoded it: now cache encoding */
- if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;
- memcpy(nm.x->bytes->data, q, p - q);
-
- /* Convert internal representation to X509_NAME structure */
- for(i = 0; i < sk_num(intname.s); i++) {
- entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
- for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
- entry = sk_X509_NAME_ENTRY_value(entries, j);
- entry->set = i;
- if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
- goto err;
- }
- sk_X509_NAME_ENTRY_free(entries);
- }
- sk_free(intname.s);
- nm.x->modified = 0;
- *val = nm.a;
- *in = p;
- return ret;
-err:
- if (nm.x != NULL)
- X509_NAME_free(nm.x);
- ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
- return 0;
-}
-
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
-{
- int ret;
- X509_NAME *a = (X509_NAME *)*val;
- if(a->modified) {
- ret = x509_name_encode((X509_NAME *)a);
- if(ret < 0) return ret;
- }
- ret = a->bytes->length;
- if(out != NULL) {
- memcpy(*out,a->bytes->data,ret);
- *out+=ret;
- }
- return ret;
-}
-
-static int x509_name_encode(X509_NAME *a)
-{
- union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
- int len;
- unsigned char *p;
- STACK_OF(X509_NAME_ENTRY) *entries = NULL;
- X509_NAME_ENTRY *entry;
- int i, set = -1;
- intname.s = sk_new_null();
- if(!intname.s) goto memerr;
- for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
- entry = sk_X509_NAME_ENTRY_value(a->entries, i);
- if(entry->set != set) {
- entries = sk_X509_NAME_ENTRY_new_null();
- if(!entries) goto memerr;
- if(!sk_push(intname.s, (char *)entries)) goto memerr;
- set = entry->set;
- }
- if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
- }
- len = ASN1_item_ex_i2d(&intname.a, NULL,
- ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
- if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
- p=(unsigned char *)a->bytes->data;
- ASN1_item_ex_i2d(&intname.a,
- &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
- sk_pop_free(intname.s, sk_internal_free);
- a->modified = 0;
- return len;
- memerr:
- sk_pop_free(intname.s, sk_internal_free);
- ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
- return -1;
-}
-
-
-int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
- {
- X509_NAME *in;
-
- if (!xn || !name) return(0);
-
- if (*xn != name)
- {
- in=X509_NAME_dup(name);
- if (in != NULL)
- {
- X509_NAME_free(*xn);
- *xn=in;
- }
- }
- return(*xn != NULL);
- }
-
-IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
-IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_name.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_name.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_name.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_name.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,310 @@
+/* crypto/asn1/x_name.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in,
+ long len, const ASN1_ITEM *it, int tag,
+ int aclass, char opt, ASN1_TLC *ctx);
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+ const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
+
+static int x509_name_encode(X509_NAME *a);
+
+ASN1_SEQUENCE(X509_NAME_ENTRY) = {
+ ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+ ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
+
+/*
+ * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so
+ * declare two template wrappers for this
+ */
+
+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
+
+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
+
+/*
+ * Normally that's where it would end: we'd have two nested STACK structures
+ * representing the ASN1. Unfortunately X509_NAME uses a completely different
+ * form and caches encodings so we have to process the internal form and
+ * convert to the external form.
+ */
+
+const ASN1_EXTERN_FUNCS x509_name_ff = {
+ NULL,
+ x509_name_ex_new,
+ x509_name_ex_free,
+ 0, /* Default clear behaviour is OK */
+ x509_name_ex_d2i,
+ x509_name_ex_i2d
+};
+
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
+
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+{
+ X509_NAME *ret = NULL;
+ ret = OPENSSL_malloc(sizeof(X509_NAME));
+ if (!ret)
+ goto memerr;
+ if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
+ goto memerr;
+ if ((ret->bytes = BUF_MEM_new()) == NULL)
+ goto memerr;
+ ret->modified = 1;
+ *val = (ASN1_VALUE *)ret;
+ return 1;
+
+ memerr:
+ ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
+ if (ret) {
+ if (ret->entries)
+ sk_X509_NAME_ENTRY_free(ret->entries);
+ OPENSSL_free(ret);
+ }
+ return 0;
+}
+
+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ X509_NAME *a;
+ if (!pval || !*pval)
+ return;
+ a = (X509_NAME *)*pval;
+
+ BUF_MEM_free(a->bytes);
+ sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
+ OPENSSL_free(a);
+ *pval = NULL;
+}
+
+/*
+ * Used with sk_pop_free() to free up the internal representation. NB: we
+ * only free the STACK and not its contents because it is already present in
+ * the X509_NAME structure.
+ */
+
+static void sk_internal_free(void *a)
+{
+ sk_free(a);
+}
+
+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in,
+ long len, const ASN1_ITEM *it, int tag,
+ int aclass, char opt, ASN1_TLC *ctx)
+{
+ const unsigned char *p = *in, *q;
+ union {
+ STACK *s;
+ ASN1_VALUE *a;
+ } intname = {
+ NULL
+ };
+ union {
+ X509_NAME *x;
+ ASN1_VALUE *a;
+ } nm = {
+ NULL
+ };
+ int i, j, ret;
+ STACK_OF(X509_NAME_ENTRY) *entries;
+ X509_NAME_ENTRY *entry;
+ q = p;
+
+ /* Get internal representation of Name */
+ ret = ASN1_item_ex_d2i(&intname.a,
+ &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+ tag, aclass, opt, ctx);
+
+ if (ret <= 0)
+ return ret;
+
+ if (*val)
+ x509_name_ex_free(val, NULL);
+ if (!x509_name_ex_new(&nm.a, NULL))
+ goto err;
+ /* We've decoded it: now cache encoding */
+ if (!BUF_MEM_grow(nm.x->bytes, p - q))
+ goto err;
+ memcpy(nm.x->bytes->data, q, p - q);
+
+ /* Convert internal representation to X509_NAME structure */
+ for (i = 0; i < sk_num(intname.s); i++) {
+ entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
+ for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+ entry = sk_X509_NAME_ENTRY_value(entries, j);
+ entry->set = i;
+ if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+ goto err;
+ }
+ sk_X509_NAME_ENTRY_free(entries);
+ }
+ sk_free(intname.s);
+ nm.x->modified = 0;
+ *val = nm.a;
+ *in = p;
+ return ret;
+ err:
+ if (nm.x != NULL)
+ X509_NAME_free(nm.x);
+ ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ return 0;
+}
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+ const ASN1_ITEM *it, int tag, int aclass)
+{
+ int ret;
+ X509_NAME *a = (X509_NAME *)*val;
+ if (a->modified) {
+ ret = x509_name_encode((X509_NAME *)a);
+ if (ret < 0)
+ return ret;
+ }
+ ret = a->bytes->length;
+ if (out != NULL) {
+ memcpy(*out, a->bytes->data, ret);
+ *out += ret;
+ }
+ return ret;
+}
+
+static int x509_name_encode(X509_NAME *a)
+{
+ union {
+ STACK *s;
+ ASN1_VALUE *a;
+ } intname = {
+ NULL
+ };
+ int len;
+ unsigned char *p;
+ STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+ X509_NAME_ENTRY *entry;
+ int i, set = -1;
+ intname.s = sk_new_null();
+ if (!intname.s)
+ goto memerr;
+ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+ entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+ if (entry->set != set) {
+ entries = sk_X509_NAME_ENTRY_new_null();
+ if (!entries)
+ goto memerr;
+ if (!sk_push(intname.s, (char *)entries))
+ goto memerr;
+ set = entry->set;
+ }
+ if (!sk_X509_NAME_ENTRY_push(entries, entry))
+ goto memerr;
+ }
+ len = ASN1_item_ex_i2d(&intname.a, NULL,
+ ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+ if (!BUF_MEM_grow(a->bytes, len))
+ goto memerr;
+ p = (unsigned char *)a->bytes->data;
+ ASN1_item_ex_i2d(&intname.a,
+ &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+ sk_pop_free(intname.s, sk_internal_free);
+ a->modified = 0;
+ return len;
+ memerr:
+ sk_pop_free(intname.s, sk_internal_free);
+ ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
+ return -1;
+}
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+{
+ X509_NAME *in;
+
+ if (!xn || !name)
+ return (0);
+
+ if (*xn != name) {
+ in = X509_NAME_dup(name);
+ if (in != NULL) {
+ X509_NAME_free(*xn);
+ *xn = in;
+ }
+ }
+ return (*xn != NULL);
+}
+
+IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
+
+IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_pkey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,151 +0,0 @@
-/* crypto/asn1/x_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/x509.h>
-
-/* need to implement */
-int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
- {
- return(0);
- }
-
-X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
- {
- int i;
- M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
-
- M_ASN1_D2I_Init();
- M_ASN1_D2I_start_sequence();
- M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR);
- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING);
-
- ret->cipher.cipher=EVP_get_cipherbyname(
- OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
- if (ret->cipher.cipher == NULL)
- {
- c.error=ASN1_R_UNSUPPORTED_CIPHER;
- c.line=__LINE__;
- goto err;
- }
- if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING)
- {
- i=ret->enc_algor->parameter->value.octet_string->length;
- if (i > EVP_MAX_IV_LENGTH)
- {
- c.error=ASN1_R_IV_TOO_LARGE;
- c.line=__LINE__;
- goto err;
- }
- memcpy(ret->cipher.iv,
- ret->enc_algor->parameter->value.octet_string->data,i);
- }
- else
- memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
- M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
- }
-
-X509_PKEY *X509_PKEY_new(void)
- {
- X509_PKEY *ret=NULL;
- ASN1_CTX c;
-
- M_ASN1_New_Malloc(ret,X509_PKEY);
- ret->version=0;
- M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
- M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);
- ret->dec_pkey=NULL;
- ret->key_length=0;
- ret->key_data=NULL;
- ret->key_free=0;
- ret->cipher.cipher=NULL;
- memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
- ret->references=1;
- return(ret);
- M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
- }
-
-void X509_PKEY_free(X509_PKEY *x)
- {
- int i;
-
- if (x == NULL) return;
-
- i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
-#ifdef REF_PRINT
- REF_PRINT("X509_PKEY",x);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"X509_PKEY_free, bad reference count\n");
- abort();
- }
-#endif
-
- if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
- if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
- if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
- if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data);
- OPENSSL_free(x);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pkey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_pkey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pkey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,153 @@
+/* crypto/asn1/x_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+
+/* need to implement */
+int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
+{
+ return (0);
+}
+
+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
+{
+ int i;
+ M_ASN1_D2I_vars(a, X509_PKEY *, X509_PKEY_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get_x(X509_ALGOR, ret->enc_algor, d2i_X509_ALGOR);
+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->enc_pkey, d2i_ASN1_OCTET_STRING);
+
+ ret->cipher.cipher =
+ EVP_get_cipherbyname(OBJ_nid2ln
+ (OBJ_obj2nid(ret->enc_algor->algorithm)));
+ if (ret->cipher.cipher == NULL) {
+ c.error = ASN1_R_UNSUPPORTED_CIPHER;
+ c.line = __LINE__;
+ goto err;
+ }
+ if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) {
+ i = ret->enc_algor->parameter->value.octet_string->length;
+ if (i > EVP_MAX_IV_LENGTH) {
+ c.error = ASN1_R_IV_TOO_LARGE;
+ c.line = __LINE__;
+ goto err;
+ }
+ memcpy(ret->cipher.iv,
+ ret->enc_algor->parameter->value.octet_string->data, i);
+ } else
+ memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
+ M_ASN1_D2I_Finish(a, X509_PKEY_free, ASN1_F_D2I_X509_PKEY);
+}
+
+X509_PKEY *X509_PKEY_new(void)
+{
+ X509_PKEY *ret = NULL;
+ ASN1_CTX c;
+
+ M_ASN1_New_Malloc(ret, X509_PKEY);
+ ret->version = 0;
+ M_ASN1_New(ret->enc_algor, X509_ALGOR_new);
+ M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new);
+ ret->dec_pkey = NULL;
+ ret->key_length = 0;
+ ret->key_data = NULL;
+ ret->key_free = 0;
+ ret->cipher.cipher = NULL;
+ memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
+ ret->references = 1;
+ return (ret);
+ M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
+}
+
+void X509_PKEY_free(X509_PKEY *x)
+{
+ int i;
+
+ if (x == NULL)
+ return;
+
+ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY);
+#ifdef REF_PRINT
+ REF_PRINT("X509_PKEY", x);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "X509_PKEY_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ if (x->enc_algor != NULL)
+ X509_ALGOR_free(x->enc_algor);
+ if (x->enc_pkey != NULL)
+ M_ASN1_OCTET_STRING_free(x->enc_pkey);
+ if (x->dec_pkey != NULL)
+ EVP_PKEY_free(x->dec_pkey);
+ if ((x->key_data != NULL) && (x->key_free))
+ OPENSSL_free(x->key_data);
+ OPENSSL_free(x);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pubkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_pubkey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pubkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,543 +0,0 @@
-/* crypto/asn1/x_pubkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-/* Minor tweak to operation: free up EVP_PKEY */
-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- if (operation == ASN1_OP_FREE_POST)
- {
- X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
- EVP_PKEY_free(pubkey->pkey);
- }
- return 1;
- }
-
-ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
- ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
- ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
-
-int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
- {
- X509_PUBKEY *pk=NULL;
- X509_ALGOR *a;
- ASN1_OBJECT *o;
- unsigned char *s,*p = NULL;
- int i;
-
- if (x == NULL) return(0);
-
- if ((pk=X509_PUBKEY_new()) == NULL) goto err;
- a=pk->algor;
-
- /* set the algorithm id */
- if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
- ASN1_OBJECT_free(a->algorithm);
- a->algorithm=o;
-
- /* Set the parameter list */
- if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
- {
- if ((a->parameter == NULL) ||
- (a->parameter->type != V_ASN1_NULL))
- {
- ASN1_TYPE_free(a->parameter);
- if (!(a->parameter=ASN1_TYPE_new()))
- {
- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- a->parameter->type=V_ASN1_NULL;
- }
- }
-#ifndef OPENSSL_NO_DSA
- else if (pkey->type == EVP_PKEY_DSA)
- {
- unsigned char *pp;
- DSA *dsa;
-
- dsa=pkey->pkey.dsa;
- dsa->write_params=0;
- ASN1_TYPE_free(a->parameter);
- if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
- goto err;
- if (!(p=(unsigned char *)OPENSSL_malloc(i)))
- {
- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- pp=p;
- i2d_DSAparams(dsa,&pp);
- if (!(a->parameter=ASN1_TYPE_new()))
- {
- OPENSSL_free(p);
- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- a->parameter->type=V_ASN1_SEQUENCE;
- if (!(a->parameter->value.sequence=ASN1_STRING_new()))
- {
- OPENSSL_free(p);
- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
- {
- OPENSSL_free(p);
- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- OPENSSL_free(p);
- }
-#endif
-#ifndef OPENSSL_NO_EC
- else if (pkey->type == EVP_PKEY_EC)
- {
- int nid=0;
- unsigned char *pp;
- EC_KEY *ec_key;
- const EC_GROUP *group;
-
- ec_key = pkey->pkey.ec;
- ASN1_TYPE_free(a->parameter);
-
- if ((a->parameter = ASN1_TYPE_new()) == NULL)
- {
- X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
- goto err;
- }
-
- group = EC_KEY_get0_group(ec_key);
- if (EC_GROUP_get_asn1_flag(group)
- && (nid = EC_GROUP_get_curve_name(group)))
- {
- /* just set the OID */
- a->parameter->type = V_ASN1_OBJECT;
- a->parameter->value.object = OBJ_nid2obj(nid);
- }
- else /* explicit parameters */
- {
- if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
- {
- X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
- goto err;
- }
- if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
- {
- X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- pp = p;
- if (!i2d_ECParameters(ec_key, &pp))
- {
- X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
- OPENSSL_free(p);
- goto err;
- }
- a->parameter->type = V_ASN1_SEQUENCE;
- if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
- {
- X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
- OPENSSL_free(p);
- goto err;
- }
- ASN1_STRING_set(a->parameter->value.sequence, p, i);
- OPENSSL_free(p);
- }
- }
-#endif
- else if (1)
- {
- X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
- goto err;
- }
-
- if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
- if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
- {
- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- p=s;
- i2d_PublicKey(pkey,&p);
- if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
- {
- X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- /* Set number of unused bits to zero */
- pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
- pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-
- OPENSSL_free(s);
-
-#if 0
- CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
- pk->pkey=pkey;
-#endif
-
- if (*x != NULL)
- X509_PUBKEY_free(*x);
-
- *x=pk;
-
- return 1;
-err:
- if (pk != NULL) X509_PUBKEY_free(pk);
- return 0;
- }
-
-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
- {
- EVP_PKEY *ret=NULL;
- long j;
- int type;
- const unsigned char *p;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
- const unsigned char *cp;
- X509_ALGOR *a;
-#endif
-
- if (key == NULL) goto err;
-
- if (key->pkey != NULL)
- {
- CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
- return(key->pkey);
- }
-
- if (key->public_key == NULL) goto err;
-
- type=OBJ_obj2nid(key->algor->algorithm);
- if ((ret = EVP_PKEY_new()) == NULL)
- {
- X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ret->type = EVP_PKEY_type(type);
-
- /* the parameters must be extracted before the public key (ECDSA!) */
-
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
- a=key->algor;
-#endif
-
- if (0)
- ;
-#ifndef OPENSSL_NO_DSA
- else if (ret->type == EVP_PKEY_DSA)
- {
- if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
- {
- if ((ret->pkey.dsa = DSA_new()) == NULL)
- {
- X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ret->pkey.dsa->write_params=0;
- cp=p=a->parameter->value.sequence->data;
- j=a->parameter->value.sequence->length;
- if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
- goto err;
- }
- ret->save_parameters=1;
- }
-#endif
-#ifndef OPENSSL_NO_EC
- else if (ret->type == EVP_PKEY_EC)
- {
- if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
- {
- /* type == V_ASN1_SEQUENCE => we have explicit parameters
- * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
- */
- if ((ret->pkey.ec= EC_KEY_new()) == NULL)
- {
- X509err(X509_F_X509_PUBKEY_GET,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- cp = p = a->parameter->value.sequence->data;
- j = a->parameter->value.sequence->length;
- if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))
- {
- X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
- goto err;
- }
- }
- else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
- {
- /* type == V_ASN1_OBJECT => the parameters are given
- * by an asn1 OID
- */
- EC_KEY *ec_key;
- EC_GROUP *group;
-
- if (ret->pkey.ec == NULL)
- ret->pkey.ec = EC_KEY_new();
- ec_key = ret->pkey.ec;
- if (ec_key == NULL)
- goto err;
- group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
- if (group == NULL)
- goto err;
- EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
- if (EC_KEY_set_group(ec_key, group) == 0)
- goto err;
- EC_GROUP_free(group);
- }
- /* the case implicitlyCA is currently not implemented */
- ret->save_parameters = 1;
- }
-#endif
-
- p=key->public_key->data;
- j=key->public_key->length;
- if (!d2i_PublicKey(type, &ret, &p, (long)j))
- {
- X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
- goto err;
- }
-
- /* Check to see if another thread set key->pkey first */
- CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
- if (key->pkey)
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
- EVP_PKEY_free(ret);
- ret = key->pkey;
- }
- else
- {
- key->pkey = ret;
- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
- }
- CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
- return(ret);
-err:
- if (ret != NULL)
- EVP_PKEY_free(ret);
- return(NULL);
- }
-
-/* Now two pseudo ASN1 routines that take an EVP_PKEY structure
- * and encode or decode as X509_PUBKEY
- */
-
-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
- long length)
- {
- X509_PUBKEY *xpk;
- EVP_PKEY *pktmp;
- xpk = d2i_X509_PUBKEY(NULL, pp, length);
- if(!xpk) return NULL;
- pktmp = X509_PUBKEY_get(xpk);
- X509_PUBKEY_free(xpk);
- if(!pktmp) return NULL;
- if(a)
- {
- EVP_PKEY_free(*a);
- *a = pktmp;
- }
- return pktmp;
- }
-
-int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
- {
- X509_PUBKEY *xpk=NULL;
- int ret;
- if(!a) return 0;
- if(!X509_PUBKEY_set(&xpk, a)) return 0;
- ret = i2d_X509_PUBKEY(xpk, pp);
- X509_PUBKEY_free(xpk);
- return ret;
- }
-
-/* The following are equivalents but which return RSA and DSA
- * keys
- */
-#ifndef OPENSSL_NO_RSA
-RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
- long length)
- {
- EVP_PKEY *pkey;
- RSA *key;
- const unsigned char *q;
- q = *pp;
- pkey = d2i_PUBKEY(NULL, &q, length);
- if (!pkey) return NULL;
- key = EVP_PKEY_get1_RSA(pkey);
- EVP_PKEY_free(pkey);
- if (!key) return NULL;
- *pp = q;
- if (a)
- {
- RSA_free(*a);
- *a = key;
- }
- return key;
- }
-
-int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
- {
- EVP_PKEY *pktmp;
- int ret;
- if (!a) return 0;
- pktmp = EVP_PKEY_new();
- if (!pktmp)
- {
- ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- EVP_PKEY_set1_RSA(pktmp, a);
- ret = i2d_PUBKEY(pktmp, pp);
- EVP_PKEY_free(pktmp);
- return ret;
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
- long length)
- {
- EVP_PKEY *pkey;
- DSA *key;
- const unsigned char *q;
- q = *pp;
- pkey = d2i_PUBKEY(NULL, &q, length);
- if (!pkey) return NULL;
- key = EVP_PKEY_get1_DSA(pkey);
- EVP_PKEY_free(pkey);
- if (!key) return NULL;
- *pp = q;
- if (a)
- {
- DSA_free(*a);
- *a = key;
- }
- return key;
- }
-
-int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
- {
- EVP_PKEY *pktmp;
- int ret;
- if(!a) return 0;
- pktmp = EVP_PKEY_new();
- if(!pktmp)
- {
- ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- EVP_PKEY_set1_DSA(pktmp, a);
- ret = i2d_PUBKEY(pktmp, pp);
- EVP_PKEY_free(pktmp);
- return ret;
- }
-#endif
-
-#ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
- {
- EVP_PKEY *pkey;
- EC_KEY *key;
- const unsigned char *q;
- q = *pp;
- pkey = d2i_PUBKEY(NULL, &q, length);
- if (!pkey) return(NULL);
- key = EVP_PKEY_get1_EC_KEY(pkey);
- EVP_PKEY_free(pkey);
- if (!key) return(NULL);
- *pp = q;
- if (a)
- {
- EC_KEY_free(*a);
- *a = key;
- }
- return(key);
- }
-
-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
- {
- EVP_PKEY *pktmp;
- int ret;
- if (!a) return(0);
- if ((pktmp = EVP_PKEY_new()) == NULL)
- {
- ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
- return(0);
- }
- EVP_PKEY_set1_EC_KEY(pktmp, a);
- ret = i2d_PUBKEY(pktmp, pp);
- EVP_PKEY_free(pktmp);
- return(ret);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pubkey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_pubkey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pubkey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_pubkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,522 @@
+/* crypto/asn1/x_pubkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if (operation == ASN1_OP_FREE_POST) {
+ X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+ EVP_PKEY_free(pubkey->pkey);
+ }
+ return 1;
+}
+
+ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
+ ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
+ ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
+{
+ X509_PUBKEY *pk = NULL;
+ X509_ALGOR *a;
+ ASN1_OBJECT *o;
+ unsigned char *s, *p = NULL;
+ int i;
+
+ if (x == NULL)
+ return (0);
+
+ if ((pk = X509_PUBKEY_new()) == NULL)
+ goto err;
+ a = pk->algor;
+
+ /* set the algorithm id */
+ if ((o = OBJ_nid2obj(pkey->type)) == NULL)
+ goto err;
+ ASN1_OBJECT_free(a->algorithm);
+ a->algorithm = o;
+
+ /* Set the parameter list */
+ if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) {
+ if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) {
+ ASN1_TYPE_free(a->parameter);
+ if (!(a->parameter = ASN1_TYPE_new())) {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ a->parameter->type = V_ASN1_NULL;
+ }
+ }
+#ifndef OPENSSL_NO_DSA
+ else if (pkey->type == EVP_PKEY_DSA) {
+ unsigned char *pp;
+ DSA *dsa;
+
+ dsa = pkey->pkey.dsa;
+ dsa->write_params = 0;
+ ASN1_TYPE_free(a->parameter);
+ if ((i = i2d_DSAparams(dsa, NULL)) <= 0)
+ goto err;
+ if (!(p = (unsigned char *)OPENSSL_malloc(i))) {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ pp = p;
+ i2d_DSAparams(dsa, &pp);
+ if (!(a->parameter = ASN1_TYPE_new())) {
+ OPENSSL_free(p);
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ a->parameter->type = V_ASN1_SEQUENCE;
+ if (!(a->parameter->value.sequence = ASN1_STRING_new())) {
+ OPENSSL_free(p);
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!ASN1_STRING_set(a->parameter->value.sequence, p, i)) {
+ OPENSSL_free(p);
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ OPENSSL_free(p);
+ }
+#endif
+#ifndef OPENSSL_NO_EC
+ else if (pkey->type == EVP_PKEY_EC) {
+ int nid = 0;
+ unsigned char *pp;
+ EC_KEY *ec_key;
+ const EC_GROUP *group;
+
+ ec_key = pkey->pkey.ec;
+ ASN1_TYPE_free(a->parameter);
+
+ if ((a->parameter = ASN1_TYPE_new()) == NULL) {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
+ goto err;
+ }
+
+ group = EC_KEY_get0_group(ec_key);
+ if (EC_GROUP_get_asn1_flag(group)
+ && (nid = EC_GROUP_get_curve_name(group))) {
+ /* just set the OID */
+ a->parameter->type = V_ASN1_OBJECT;
+ a->parameter->value.object = OBJ_nid2obj(nid);
+ } else { /* explicit parameters */
+
+ if ((i = i2d_ECParameters(ec_key, NULL)) == 0) {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
+ goto err;
+ }
+ if ((p = (unsigned char *)OPENSSL_malloc(i)) == NULL) {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ pp = p;
+ if (!i2d_ECParameters(ec_key, &pp)) {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
+ OPENSSL_free(p);
+ goto err;
+ }
+ a->parameter->type = V_ASN1_SEQUENCE;
+ if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
+ OPENSSL_free(p);
+ goto err;
+ }
+ ASN1_STRING_set(a->parameter->value.sequence, p, i);
+ OPENSSL_free(p);
+ }
+ }
+#endif
+ else if (1) {
+ X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM);
+ goto err;
+ }
+
+ if ((i = i2d_PublicKey(pkey, NULL)) <= 0)
+ goto err;
+ if ((s = (unsigned char *)OPENSSL_malloc(i + 1)) == NULL) {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ p = s;
+ i2d_PublicKey(pkey, &p);
+ if (!M_ASN1_BIT_STRING_set(pk->public_key, s, i)) {
+ X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ /* Set number of unused bits to zero */
+ pk->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+ pk->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+
+ OPENSSL_free(s);
+
+#if 0
+ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ pk->pkey = pkey;
+#endif
+
+ if (*x != NULL)
+ X509_PUBKEY_free(*x);
+
+ *x = pk;
+
+ return 1;
+ err:
+ if (pk != NULL)
+ X509_PUBKEY_free(pk);
+ return 0;
+}
+
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+{
+ EVP_PKEY *ret = NULL;
+ long j;
+ int type;
+ const unsigned char *p;
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+ const unsigned char *cp;
+ X509_ALGOR *a;
+#endif
+
+ if (key == NULL)
+ goto err;
+
+ if (key->pkey != NULL) {
+ CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ return (key->pkey);
+ }
+
+ if (key->public_key == NULL)
+ goto err;
+
+ type = OBJ_obj2nid(key->algor->algorithm);
+ if ((ret = EVP_PKEY_new()) == NULL) {
+ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ret->type = EVP_PKEY_type(type);
+
+ /* the parameters must be extracted before the public key (ECDSA!) */
+
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+ a = key->algor;
+#endif
+
+ if (0) ;
+#ifndef OPENSSL_NO_DSA
+ else if (ret->type == EVP_PKEY_DSA) {
+ if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) {
+ if ((ret->pkey.dsa = DSA_new()) == NULL) {
+ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ret->pkey.dsa->write_params = 0;
+ cp = p = a->parameter->value.sequence->data;
+ j = a->parameter->value.sequence->length;
+ if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
+ goto err;
+ }
+ ret->save_parameters = 1;
+ }
+#endif
+#ifndef OPENSSL_NO_EC
+ else if (ret->type == EVP_PKEY_EC) {
+ if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) {
+ /*
+ * type == V_ASN1_SEQUENCE => we have explicit parameters (e.g.
+ * parameters in the X9_62_EC_PARAMETERS-structure )
+ */
+ if ((ret->pkey.ec = EC_KEY_new()) == NULL) {
+ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ cp = p = a->parameter->value.sequence->data;
+ j = a->parameter->value.sequence->length;
+ if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) {
+ X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
+ goto err;
+ }
+ } else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) {
+ /*
+ * type == V_ASN1_OBJECT => the parameters are given by an asn1
+ * OID
+ */
+ EC_KEY *ec_key;
+ EC_GROUP *group;
+
+ if (ret->pkey.ec == NULL)
+ ret->pkey.ec = EC_KEY_new();
+ ec_key = ret->pkey.ec;
+ if (ec_key == NULL)
+ goto err;
+ group =
+ EC_GROUP_new_by_curve_name(OBJ_obj2nid
+ (a->parameter->value.object));
+ if (group == NULL)
+ goto err;
+ EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+ if (EC_KEY_set_group(ec_key, group) == 0)
+ goto err;
+ EC_GROUP_free(group);
+ }
+ /*
+ * the case implicitlyCA is currently not implemented
+ */
+ ret->save_parameters = 1;
+ }
+#endif
+
+ p = key->public_key->data;
+ j = key->public_key->length;
+ if (!d2i_PublicKey(type, &ret, &p, (long)j)) {
+ X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
+ goto err;
+ }
+
+ /* Check to see if another thread set key->pkey first */
+ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+ if (key->pkey) {
+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_free(ret);
+ ret = key->pkey;
+ } else {
+ key->pkey = ret;
+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+ }
+ CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ return (ret);
+ err:
+ if (ret != NULL)
+ EVP_PKEY_free(ret);
+ return (NULL);
+}
+
+/*
+ * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or
+ * decode as X509_PUBKEY
+ */
+
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
+{
+ X509_PUBKEY *xpk;
+ EVP_PKEY *pktmp;
+ xpk = d2i_X509_PUBKEY(NULL, pp, length);
+ if (!xpk)
+ return NULL;
+ pktmp = X509_PUBKEY_get(xpk);
+ X509_PUBKEY_free(xpk);
+ if (!pktmp)
+ return NULL;
+ if (a) {
+ EVP_PKEY_free(*a);
+ *a = pktmp;
+ }
+ return pktmp;
+}
+
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+{
+ X509_PUBKEY *xpk = NULL;
+ int ret;
+ if (!a)
+ return 0;
+ if (!X509_PUBKEY_set(&xpk, a))
+ return 0;
+ ret = i2d_X509_PUBKEY(xpk, pp);
+ X509_PUBKEY_free(xpk);
+ return ret;
+}
+
+/*
+ * The following are equivalents but which return RSA and DSA keys
+ */
+#ifndef OPENSSL_NO_RSA
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
+{
+ EVP_PKEY *pkey;
+ RSA *key;
+ const unsigned char *q;
+ q = *pp;
+ pkey = d2i_PUBKEY(NULL, &q, length);
+ if (!pkey)
+ return NULL;
+ key = EVP_PKEY_get1_RSA(pkey);
+ EVP_PKEY_free(pkey);
+ if (!key)
+ return NULL;
+ *pp = q;
+ if (a) {
+ RSA_free(*a);
+ *a = key;
+ }
+ return key;
+}
+
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+{
+ EVP_PKEY *pktmp;
+ int ret;
+ if (!a)
+ return 0;
+ pktmp = EVP_PKEY_new();
+ if (!pktmp) {
+ ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ EVP_PKEY_set1_RSA(pktmp, a);
+ ret = i2d_PUBKEY(pktmp, pp);
+ EVP_PKEY_free(pktmp);
+ return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
+{
+ EVP_PKEY *pkey;
+ DSA *key;
+ const unsigned char *q;
+ q = *pp;
+ pkey = d2i_PUBKEY(NULL, &q, length);
+ if (!pkey)
+ return NULL;
+ key = EVP_PKEY_get1_DSA(pkey);
+ EVP_PKEY_free(pkey);
+ if (!key)
+ return NULL;
+ *pp = q;
+ if (a) {
+ DSA_free(*a);
+ *a = key;
+ }
+ return key;
+}
+
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+{
+ EVP_PKEY *pktmp;
+ int ret;
+ if (!a)
+ return 0;
+ pktmp = EVP_PKEY_new();
+ if (!pktmp) {
+ ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ EVP_PKEY_set1_DSA(pktmp, a);
+ ret = i2d_PUBKEY(pktmp, pp);
+ EVP_PKEY_free(pktmp);
+ return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
+{
+ EVP_PKEY *pkey;
+ EC_KEY *key;
+ const unsigned char *q;
+ q = *pp;
+ pkey = d2i_PUBKEY(NULL, &q, length);
+ if (!pkey)
+ return (NULL);
+ key = EVP_PKEY_get1_EC_KEY(pkey);
+ EVP_PKEY_free(pkey);
+ if (!key)
+ return (NULL);
+ *pp = q;
+ if (a) {
+ EC_KEY_free(*a);
+ *a = key;
+ }
+ return (key);
+}
+
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
+{
+ EVP_PKEY *pktmp;
+ int ret;
+ if (!a)
+ return (0);
+ if ((pktmp = EVP_PKEY_new()) == NULL) {
+ ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ EVP_PKEY_set1_EC_KEY(pktmp, a);
+ ret = i2d_PUBKEY(pktmp, pp);
+ EVP_PKEY_free(pktmp);
+ return (ret);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_req.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_req.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_req.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,112 +0,0 @@
-/* crypto/asn1/x_req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* X509_REQ_INFO is handled in an unusual way to get round
- * invalid encodings. Some broken certificate requests don't
- * encode the attributes field if it is empty. This is in
- * violation of PKCS#10 but we need to tolerate it. We do
- * this by making the attributes field OPTIONAL then using
- * the callback to initialise it to an empty STACK.
- *
- * This means that the field will be correctly encoded unless
- * we NULL out the field.
- *
- * As a result we no longer need the req_kludge field because
- * the information is now contained in the attributes field:
- * 1. If it is NULL then it's the invalid omission.
- * 2. If it is empty it is the correct encoding.
- * 3. If it is not empty then some attributes are present.
- *
- */
-
-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
-
- if(operation == ASN1_OP_NEW_POST) {
- rinf->attributes = sk_X509_ATTRIBUTE_new_null();
- if(!rinf->attributes) return 0;
- }
- return 1;
-}
-
-ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
- ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
- ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
- ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
- /* This isn't really OPTIONAL but it gets round invalid
- * encodings
- */
- ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
-} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
-
-ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
- ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
- ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
- ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_req.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_req.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_req.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_req.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,115 @@
+/* crypto/asn1/x_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/*-
+ * X509_REQ_INFO is handled in an unusual way to get round
+ * invalid encodings. Some broken certificate requests don't
+ * encode the attributes field if it is empty. This is in
+ * violation of PKCS#10 but we need to tolerate it. We do
+ * this by making the attributes field OPTIONAL then using
+ * the callback to initialise it to an empty STACK.
+ *
+ * This means that the field will be correctly encoded unless
+ * we NULL out the field.
+ *
+ * As a result we no longer need the req_kludge field because
+ * the information is now contained in the attributes field:
+ * 1. If it is NULL then it's the invalid omission.
+ * 2. If it is empty it is the correct encoding.
+ * 3. If it is not empty then some attributes are present.
+ *
+ */
+
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
+
+ if (operation == ASN1_OP_NEW_POST) {
+ rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+ if (!rinf->attributes)
+ return 0;
+ }
+ return 1;
+}
+
+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
+ ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+ ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+ ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+ /* This isn't really OPTIONAL but it gets round invalid
+ * encodings
+ */
+ ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
+
+ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
+ ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
+ ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
+ ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_sig.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_sig.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_sig.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,69 +0,0 @@
-/* crypto/asn1/x_sig.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-ASN1_SEQUENCE(X509_SIG) = {
- ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
- ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(X509_SIG)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_sig.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_sig.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_sig.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_sig.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,69 @@
+/* crypto/asn1/x_sig.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+ASN1_SEQUENCE(X509_SIG) = {
+ ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
+ ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_SIG)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_spki.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_spki.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_spki.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,81 +0,0 @@
-/* crypto/asn1/x_spki.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
- /* This module was send to me my Pat Richards <patr at x509.com> who
- * wrote it. It is under my Copyright with his permission
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
- ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
- ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
-
-ASN1_SEQUENCE(NETSCAPE_SPKI) = {
- ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
- ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
- ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
-
-IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_spki.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_spki.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_spki.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_spki.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,82 @@
+/* crypto/asn1/x_spki.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+ /*
+ * This module was send to me my Pat Richards <patr at x509.com> who wrote it.
+ * It is under my Copyright with his permission
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
+ ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
+ ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+
+ASN1_SEQUENCE(NETSCAPE_SPKI) = {
+ ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
+ ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+ ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_val.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_val.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_val.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,69 +0,0 @@
-/* crypto/asn1/x_val.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-ASN1_SEQUENCE(X509_VAL) = {
- ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
- ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
-} ASN1_SEQUENCE_END(X509_VAL)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_val.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_val.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_val.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_val.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,69 @@
+/* crypto/asn1/x_val.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+ASN1_SEQUENCE(X509_VAL) = {
+ ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
+ ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
+} ASN1_SEQUENCE_END(X509_VAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_x509.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,202 +0,0 @@
-/* crypto/asn1/x_x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
- ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
- ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
- ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
- ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
- ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
- ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
- ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
- ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
- ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
- ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
-} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
-/* X509 top level structure needs a bit of customisation */
-
-extern void policy_cache_free(X509_POLICY_CACHE *cache);
-
-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- X509 *ret = (X509 *)*pval;
-
- switch(operation) {
-
- case ASN1_OP_NEW_POST:
- ret->valid=0;
- ret->name = NULL;
- ret->ex_flags = 0;
- ret->ex_pathlen = -1;
- ret->skid = NULL;
- ret->akid = NULL;
-#ifndef OPENSSL_NO_RFC3779
- ret->rfc3779_addr = NULL;
- ret->rfc3779_asid = NULL;
-#endif
- ret->aux = NULL;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
- break;
-
- case ASN1_OP_D2I_POST:
- if (ret->name != NULL) OPENSSL_free(ret->name);
- ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
- break;
-
- case ASN1_OP_FREE_POST:
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
- X509_CERT_AUX_free(ret->aux);
- ASN1_OCTET_STRING_free(ret->skid);
- AUTHORITY_KEYID_free(ret->akid);
- policy_cache_free(ret->policy_cache);
-#ifndef OPENSSL_NO_RFC3779
- sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
- ASIdentifiers_free(ret->rfc3779_asid);
-#endif
-
- if (ret->name != NULL) OPENSSL_free(ret->name);
- break;
-
- }
-
- return 1;
-
-}
-
-ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
- ASN1_SIMPLE(X509, cert_info, X509_CINF),
- ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
- ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END_ref(X509, X509)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509)
-IMPLEMENT_ASN1_DUP_FUNCTION(X509)
-
-static ASN1_METHOD meth=
- {
- (I2D_OF(void)) i2d_X509,
- (D2I_OF(void)) d2i_X509,
- (void *(*)(void))X509_new,
- (void (*)(void *)) X509_free
- };
-
-ASN1_METHOD *X509_asn1_meth(void)
- {
- return(&meth);
- }
-
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int X509_set_ex_data(X509 *r, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
- }
-
-void *X509_get_ex_data(X509 *r, int idx)
- {
- return(CRYPTO_get_ex_data(&r->ex_data,idx));
- }
-
-/* X509_AUX ASN1 routines. X509_AUX is the name given to
- * a certificate with extra info tagged on the end. Since these
- * functions set how a certificate is trusted they should only
- * be used when the certificate comes from a reliable source
- * such as local storage.
- *
- */
-
-X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
-{
- const unsigned char *q;
- X509 *ret;
- /* Save start position */
- q = *pp;
- ret = d2i_X509(a, pp, length);
- /* If certificate unreadable then forget it */
- if(!ret) return NULL;
- /* update length */
- length -= *pp - q;
- if(!length) return ret;
- if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
- return ret;
- err:
- X509_free(ret);
- return NULL;
-}
-
-int i2d_X509_AUX(X509 *a, unsigned char **pp)
-{
- int length;
- length = i2d_X509(a, pp);
- if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
- return length;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_x509.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,217 @@
+/* crypto/asn1/x_x509.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
+ ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+ ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
+ ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
+ ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+ ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
+ ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+ ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+ ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+ ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+ ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
+/* X509 top level structure needs a bit of customisation */
+
+extern void policy_cache_free(X509_POLICY_CACHE *cache);
+
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ X509 *ret = (X509 *)*pval;
+
+ switch (operation) {
+
+ case ASN1_OP_NEW_POST:
+ ret->valid = 0;
+ ret->name = NULL;
+ ret->ex_flags = 0;
+ ret->ex_pathlen = -1;
+ ret->skid = NULL;
+ ret->akid = NULL;
+#ifndef OPENSSL_NO_RFC3779
+ ret->rfc3779_addr = NULL;
+ ret->rfc3779_asid = NULL;
+#endif
+ ret->aux = NULL;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+ break;
+
+ case ASN1_OP_D2I_POST:
+ if (ret->name != NULL)
+ OPENSSL_free(ret->name);
+ ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0);
+ break;
+
+ case ASN1_OP_FREE_POST:
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+ X509_CERT_AUX_free(ret->aux);
+ ASN1_OCTET_STRING_free(ret->skid);
+ AUTHORITY_KEYID_free(ret->akid);
+ policy_cache_free(ret->policy_cache);
+#ifndef OPENSSL_NO_RFC3779
+ sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+ ASIdentifiers_free(ret->rfc3779_asid);
+#endif
+
+ if (ret->name != NULL)
+ OPENSSL_free(ret->name);
+ break;
+
+ }
+
+ return 1;
+
+}
+
+ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
+ ASN1_SIMPLE(X509, cert_info, X509_CINF),
+ ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
+ ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509, X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509)
+
+static ASN1_METHOD meth = {
+ (I2D_OF(void)) i2d_X509,
+ (D2I_OF(void)) d2i_X509,
+ (void *(*)(void))X509_new,
+ (void (*)(void *))X509_free
+};
+
+ASN1_METHOD *X509_asn1_meth(void)
+{
+ return (&meth);
+}
+
+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int X509_set_ex_data(X509 *r, int idx, void *arg)
+{
+ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
+
+void *X509_get_ex_data(X509 *r, int idx)
+{
+ return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
+
+/*
+ * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with
+ * extra info tagged on the end. Since these functions set how a certificate
+ * is trusted they should only be used when the certificate comes from a
+ * reliable source such as local storage.
+ */
+
+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+{
+ const unsigned char *q;
+ X509 *ret;
+ int freeret = 0;
+
+ /* Save start position */
+ q = *pp;
+
+ if(!a || *a == NULL) {
+ freeret = 1;
+ }
+ ret = d2i_X509(a, pp, length);
+ /* If certificate unreadable then forget it */
+ if (!ret)
+ return NULL;
+ /* update length */
+ length -= *pp - q;
+ if (!length)
+ return ret;
+ if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
+ goto err;
+ return ret;
+ err:
+ if(freeret) {
+ X509_free(ret);
+ if (a)
+ *a = NULL;
+ }
+ return NULL;
+}
+
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+ int length;
+ length = i2d_X509(a, pp);
+ if (a)
+ length += i2d_X509_CERT_AUX(a->aux, pp);
+ return length;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509a.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/asn1/x_x509a.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509a.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,180 +0,0 @@
-/* a_x509a.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-
-/* X509_CERT_AUX routines. These are used to encode additional
- * user modifiable data about a certificate. This data is
- * appended to the X509 encoding when the *_X509_AUX routines
- * are used. This means that the "traditional" X509 routines
- * will simply ignore the extra data.
- */
-
-static X509_CERT_AUX *aux_get(X509 *x);
-
-ASN1_SEQUENCE(X509_CERT_AUX) = {
- ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
- ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
- ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
- ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
- ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
-} ASN1_SEQUENCE_END(X509_CERT_AUX)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
-
-static X509_CERT_AUX *aux_get(X509 *x)
-{
- if(!x) return NULL;
- if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
- return x->aux;
-}
-
-int X509_alias_set1(X509 *x, unsigned char *name, int len)
-{
- X509_CERT_AUX *aux;
- if (!name)
- {
- if (!x || !x->aux || !x->aux->alias)
- return 1;
- ASN1_UTF8STRING_free(x->aux->alias);
- x->aux->alias = NULL;
- return 1;
- }
- if(!(aux = aux_get(x))) return 0;
- if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
- return ASN1_STRING_set(aux->alias, name, len);
-}
-
-int X509_keyid_set1(X509 *x, unsigned char *id, int len)
-{
- X509_CERT_AUX *aux;
- if (!id)
- {
- if (!x || !x->aux || !x->aux->keyid)
- return 1;
- ASN1_OCTET_STRING_free(x->aux->keyid);
- x->aux->keyid = NULL;
- return 1;
- }
- if(!(aux = aux_get(x))) return 0;
- if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
- return ASN1_STRING_set(aux->keyid, id, len);
-}
-
-unsigned char *X509_alias_get0(X509 *x, int *len)
-{
- if(!x->aux || !x->aux->alias) return NULL;
- if(len) *len = x->aux->alias->length;
- return x->aux->alias->data;
-}
-
-unsigned char *X509_keyid_get0(X509 *x, int *len)
-{
- if(!x->aux || !x->aux->keyid) return NULL;
- if(len) *len = x->aux->keyid->length;
- return x->aux->keyid->data;
-}
-
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
-{
- X509_CERT_AUX *aux;
- ASN1_OBJECT *objtmp;
- if(!(objtmp = OBJ_dup(obj))) return 0;
- if(!(aux = aux_get(x))) return 0;
- if(!aux->trust
- && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
- return sk_ASN1_OBJECT_push(aux->trust, objtmp);
-}
-
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
-{
- X509_CERT_AUX *aux;
- ASN1_OBJECT *objtmp;
- if(!(objtmp = OBJ_dup(obj))) return 0;
- if(!(aux = aux_get(x))) return 0;
- if(!aux->reject
- && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
- return sk_ASN1_OBJECT_push(aux->reject, objtmp);
-}
-
-void X509_trust_clear(X509 *x)
-{
- if(x->aux && x->aux->trust) {
- sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
- x->aux->trust = NULL;
- }
-}
-
-void X509_reject_clear(X509 *x)
-{
- if(x->aux && x->aux->reject) {
- sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
- x->aux->reject = NULL;
- }
-}
-
-ASN1_SEQUENCE(X509_CERT_PAIR) = {
- ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
- ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
-} ASN1_SEQUENCE_END(X509_CERT_PAIR)
-
-IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509a.c (from rev 6976, vendor-crypto/openssl/dist/crypto/asn1/x_x509a.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509a.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/asn1/x_x509a.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,193 @@
+/* a_x509a.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/*
+ * X509_CERT_AUX routines. These are used to encode additional user
+ * modifiable data about a certificate. This data is appended to the X509
+ * encoding when the *_X509_AUX routines are used. This means that the
+ * "traditional" X509 routines will simply ignore the extra data.
+ */
+
+static X509_CERT_AUX *aux_get(X509 *x);
+
+ASN1_SEQUENCE(X509_CERT_AUX) = {
+ ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+ ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+ ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+ ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+ ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+} ASN1_SEQUENCE_END(X509_CERT_AUX)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+static X509_CERT_AUX *aux_get(X509 *x)
+{
+ if (!x)
+ return NULL;
+ if (!x->aux && !(x->aux = X509_CERT_AUX_new()))
+ return NULL;
+ return x->aux;
+}
+
+int X509_alias_set1(X509 *x, unsigned char *name, int len)
+{
+ X509_CERT_AUX *aux;
+ if (!name) {
+ if (!x || !x->aux || !x->aux->alias)
+ return 1;
+ ASN1_UTF8STRING_free(x->aux->alias);
+ x->aux->alias = NULL;
+ return 1;
+ }
+ if (!(aux = aux_get(x)))
+ return 0;
+ if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new()))
+ return 0;
+ return ASN1_STRING_set(aux->alias, name, len);
+}
+
+int X509_keyid_set1(X509 *x, unsigned char *id, int len)
+{
+ X509_CERT_AUX *aux;
+ if (!id) {
+ if (!x || !x->aux || !x->aux->keyid)
+ return 1;
+ ASN1_OCTET_STRING_free(x->aux->keyid);
+ x->aux->keyid = NULL;
+ return 1;
+ }
+ if (!(aux = aux_get(x)))
+ return 0;
+ if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new()))
+ return 0;
+ return ASN1_STRING_set(aux->keyid, id, len);
+}
+
+unsigned char *X509_alias_get0(X509 *x, int *len)
+{
+ if (!x->aux || !x->aux->alias)
+ return NULL;
+ if (len)
+ *len = x->aux->alias->length;
+ return x->aux->alias->data;
+}
+
+unsigned char *X509_keyid_get0(X509 *x, int *len)
+{
+ if (!x->aux || !x->aux->keyid)
+ return NULL;
+ if (len)
+ *len = x->aux->keyid->length;
+ return x->aux->keyid->data;
+}
+
+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
+{
+ X509_CERT_AUX *aux;
+ ASN1_OBJECT *objtmp;
+ if (!(objtmp = OBJ_dup(obj)))
+ return 0;
+ if (!(aux = aux_get(x)))
+ return 0;
+ if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null()))
+ return 0;
+ return sk_ASN1_OBJECT_push(aux->trust, objtmp);
+}
+
+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
+{
+ X509_CERT_AUX *aux;
+ ASN1_OBJECT *objtmp;
+ if (!(objtmp = OBJ_dup(obj)))
+ return 0;
+ if (!(aux = aux_get(x)))
+ return 0;
+ if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null()))
+ return 0;
+ return sk_ASN1_OBJECT_push(aux->reject, objtmp);
+}
+
+void X509_trust_clear(X509 *x)
+{
+ if (x->aux && x->aux->trust) {
+ sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
+ x->aux->trust = NULL;
+ }
+}
+
+void X509_reject_clear(X509 *x)
+{
+ if (x->aux && x->aux->reject) {
+ sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
+ x->aux->reject = NULL;
+ }
+}
+
+ASN1_SEQUENCE(X509_CERT_PAIR) = {
+ ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
+ ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
+} ASN1_SEQUENCE_END(X509_CERT_PAIR)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_cbc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,143 +0,0 @@
-/* crypto/bf/bf_cbc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- const BF_KEY *schedule, unsigned char *ivec, int encrypt)
- {
- register BF_LONG tin0,tin1;
- register BF_LONG tout0,tout1,xor0,xor1;
- register long l=length;
- BF_LONG tin[2];
-
- if (encrypt)
- {
- n2l(ivec,tout0);
- n2l(ivec,tout1);
- ivec-=8;
- for (l-=8; l>=0; l-=8)
- {
- n2l(in,tin0);
- n2l(in,tin1);
- tin0^=tout0;
- tin1^=tout1;
- tin[0]=tin0;
- tin[1]=tin1;
- BF_encrypt(tin,schedule);
- tout0=tin[0];
- tout1=tin[1];
- l2n(tout0,out);
- l2n(tout1,out);
- }
- if (l != -8)
- {
- n2ln(in,tin0,tin1,l+8);
- tin0^=tout0;
- tin1^=tout1;
- tin[0]=tin0;
- tin[1]=tin1;
- BF_encrypt(tin,schedule);
- tout0=tin[0];
- tout1=tin[1];
- l2n(tout0,out);
- l2n(tout1,out);
- }
- l2n(tout0,ivec);
- l2n(tout1,ivec);
- }
- else
- {
- n2l(ivec,xor0);
- n2l(ivec,xor1);
- ivec-=8;
- for (l-=8; l>=0; l-=8)
- {
- n2l(in,tin0);
- n2l(in,tin1);
- tin[0]=tin0;
- tin[1]=tin1;
- BF_decrypt(tin,schedule);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2n(tout0,out);
- l2n(tout1,out);
- xor0=tin0;
- xor1=tin1;
- }
- if (l != -8)
- {
- n2l(in,tin0);
- n2l(in,tin1);
- tin[0]=tin0;
- tin[1]=tin1;
- BF_decrypt(tin,schedule);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2nn(tout0,tout1,out,l+8);
- xor0=tin0;
- xor1=tin1;
- }
- l2n(xor0,ivec);
- l2n(xor1,ivec);
- }
- tin0=tin1=tout0=tout1=xor0=xor1=0;
- tin[0]=tin[1]=0;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cbc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bf/bf_cbc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cbc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,135 @@
+/* crypto/bf/bf_cbc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+{
+ register BF_LONG tin0, tin1;
+ register BF_LONG tout0, tout1, xor0, xor1;
+ register long l = length;
+ BF_LONG tin[2];
+
+ if (encrypt) {
+ n2l(ivec, tout0);
+ n2l(ivec, tout1);
+ ivec -= 8;
+ for (l -= 8; l >= 0; l -= 8) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ BF_encrypt(tin, schedule);
+ tout0 = tin[0];
+ tout1 = tin[1];
+ l2n(tout0, out);
+ l2n(tout1, out);
+ }
+ if (l != -8) {
+ n2ln(in, tin0, tin1, l + 8);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ BF_encrypt(tin, schedule);
+ tout0 = tin[0];
+ tout1 = tin[1];
+ l2n(tout0, out);
+ l2n(tout1, out);
+ }
+ l2n(tout0, ivec);
+ l2n(tout1, ivec);
+ } else {
+ n2l(ivec, xor0);
+ n2l(ivec, xor1);
+ ivec -= 8;
+ for (l -= 8; l >= 0; l -= 8) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin[0] = tin0;
+ tin[1] = tin1;
+ BF_decrypt(tin, schedule);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2n(tout0, out);
+ l2n(tout1, out);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ if (l != -8) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin[0] = tin0;
+ tin[1] = tin1;
+ BF_decrypt(tin, schedule);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2nn(tout0, tout1, out, l + 8);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ l2n(xor0, ivec);
+ l2n(xor1, ivec);
+ }
+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+ tin[0] = tin[1] = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cfb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_cfb64.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cfb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,121 +0,0 @@
-/* crypto/bf/bf_cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
- const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
- {
- register BF_LONG v0,v1,t;
- register int n= *num;
- register long l=length;
- BF_LONG ti[2];
- unsigned char *iv,c,cc;
-
- iv=(unsigned char *)ivec;
- if (encrypt)
- {
- while (l--)
- {
- if (n == 0)
- {
- n2l(iv,v0); ti[0]=v0;
- n2l(iv,v1); ti[1]=v1;
- BF_encrypt((BF_LONG *)ti,schedule);
- iv=(unsigned char *)ivec;
- t=ti[0]; l2n(t,iv);
- t=ti[1]; l2n(t,iv);
- iv=(unsigned char *)ivec;
- }
- c= *(in++)^iv[n];
- *(out++)=c;
- iv[n]=c;
- n=(n+1)&0x07;
- }
- }
- else
- {
- while (l--)
- {
- if (n == 0)
- {
- n2l(iv,v0); ti[0]=v0;
- n2l(iv,v1); ti[1]=v1;
- BF_encrypt((BF_LONG *)ti,schedule);
- iv=(unsigned char *)ivec;
- t=ti[0]; l2n(t,iv);
- t=ti[1]; l2n(t,iv);
- iv=(unsigned char *)ivec;
- }
- cc= *(in++);
- c=iv[n];
- iv[n]=cc;
- *(out++)=c^cc;
- n=(n+1)&0x07;
- }
- }
- v0=v1=ti[0]=ti[1]=t=c=cc=0;
- *num=n;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cfb64.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bf/bf_cfb64.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cfb64.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_cfb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,123 @@
+/* crypto/bf/bf_cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const BF_KEY *schedule,
+ unsigned char *ivec, int *num, int encrypt)
+{
+ register BF_LONG v0, v1, t;
+ register int n = *num;
+ register long l = length;
+ BF_LONG ti[2];
+ unsigned char *iv, c, cc;
+
+ iv = (unsigned char *)ivec;
+ if (encrypt) {
+ while (l--) {
+ if (n == 0) {
+ n2l(iv, v0);
+ ti[0] = v0;
+ n2l(iv, v1);
+ ti[1] = v1;
+ BF_encrypt((BF_LONG *)ti, schedule);
+ iv = (unsigned char *)ivec;
+ t = ti[0];
+ l2n(t, iv);
+ t = ti[1];
+ l2n(t, iv);
+ iv = (unsigned char *)ivec;
+ }
+ c = *(in++) ^ iv[n];
+ *(out++) = c;
+ iv[n] = c;
+ n = (n + 1) & 0x07;
+ }
+ } else {
+ while (l--) {
+ if (n == 0) {
+ n2l(iv, v0);
+ ti[0] = v0;
+ n2l(iv, v1);
+ ti[1] = v1;
+ BF_encrypt((BF_LONG *)ti, schedule);
+ iv = (unsigned char *)ivec;
+ t = ti[0];
+ l2n(t, iv);
+ t = ti[1];
+ l2n(t, iv);
+ iv = (unsigned char *)ivec;
+ }
+ cc = *(in++);
+ c = iv[n];
+ iv[n] = cc;
+ *(out++) = c ^ cc;
+ n = (n + 1) & 0x07;
+ }
+ }
+ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_ecb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,96 +0,0 @@
-/* crypto/bf/bf_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-#include <openssl/opensslv.h>
-
-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
- */
-
-const char BF_version[]="Blowfish" OPENSSL_VERSION_PTEXT;
-
-const char *BF_options(void)
- {
-#ifdef BF_PTR
- return("blowfish(ptr)");
-#elif defined(BF_PTR2)
- return("blowfish(ptr2)");
-#else
- return("blowfish(idx)");
-#endif
- }
-
-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
- const BF_KEY *key, int encrypt)
- {
- BF_LONG l,d[2];
-
- n2l(in,l); d[0]=l;
- n2l(in,l); d[1]=l;
- if (encrypt)
- BF_encrypt(d,key);
- else
- BF_decrypt(d,key);
- l=d[0]; l2n(l,out);
- l=d[1]; l2n(l,out);
- l=d[0]=d[1]=0;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ecb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bf/bf_ecb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ecb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,100 @@
+/* crypto/bf/bf_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+#include <openssl/opensslv.h>
+
+/*
+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From
+ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE
+ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+const char BF_version[] = "Blowfish" OPENSSL_VERSION_PTEXT;
+
+const char *BF_options(void)
+{
+#ifdef BF_PTR
+ return ("blowfish(ptr)");
+#elif defined(BF_PTR2)
+ return ("blowfish(ptr2)");
+#else
+ return ("blowfish(idx)");
+#endif
+}
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const BF_KEY *key, int encrypt)
+{
+ BF_LONG l, d[2];
+
+ n2l(in, l);
+ d[0] = l;
+ n2l(in, l);
+ d[1] = l;
+ if (encrypt)
+ BF_encrypt(d, key);
+ else
+ BF_decrypt(d, key);
+ l = d[0];
+ l2n(l, out);
+ l = d[1];
+ l2n(l, out);
+ l = d[0] = d[1] = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,306 +0,0 @@
-/* crypto/bf/bf_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-
-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
- */
-
-#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
-#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
-to modify the code.
-#endif
-
-void BF_encrypt(BF_LONG *data, const BF_KEY *key)
- {
-#ifndef BF_PTR2
- register BF_LONG l,r;
- register const BF_LONG *p,*s;
-
- p=key->P;
- s= &(key->S[0]);
- l=data[0];
- r=data[1];
-
- l^=p[0];
- BF_ENC(r,l,s,p[ 1]);
- BF_ENC(l,r,s,p[ 2]);
- BF_ENC(r,l,s,p[ 3]);
- BF_ENC(l,r,s,p[ 4]);
- BF_ENC(r,l,s,p[ 5]);
- BF_ENC(l,r,s,p[ 6]);
- BF_ENC(r,l,s,p[ 7]);
- BF_ENC(l,r,s,p[ 8]);
- BF_ENC(r,l,s,p[ 9]);
- BF_ENC(l,r,s,p[10]);
- BF_ENC(r,l,s,p[11]);
- BF_ENC(l,r,s,p[12]);
- BF_ENC(r,l,s,p[13]);
- BF_ENC(l,r,s,p[14]);
- BF_ENC(r,l,s,p[15]);
- BF_ENC(l,r,s,p[16]);
-#if BF_ROUNDS == 20
- BF_ENC(r,l,s,p[17]);
- BF_ENC(l,r,s,p[18]);
- BF_ENC(r,l,s,p[19]);
- BF_ENC(l,r,s,p[20]);
-#endif
- r^=p[BF_ROUNDS+1];
-
- data[1]=l&0xffffffffL;
- data[0]=r&0xffffffffL;
-#else
- register BF_LONG l,r,t,*k;
-
- l=data[0];
- r=data[1];
- k=(BF_LONG*)key;
-
- l^=k[0];
- BF_ENC(r,l,k, 1);
- BF_ENC(l,r,k, 2);
- BF_ENC(r,l,k, 3);
- BF_ENC(l,r,k, 4);
- BF_ENC(r,l,k, 5);
- BF_ENC(l,r,k, 6);
- BF_ENC(r,l,k, 7);
- BF_ENC(l,r,k, 8);
- BF_ENC(r,l,k, 9);
- BF_ENC(l,r,k,10);
- BF_ENC(r,l,k,11);
- BF_ENC(l,r,k,12);
- BF_ENC(r,l,k,13);
- BF_ENC(l,r,k,14);
- BF_ENC(r,l,k,15);
- BF_ENC(l,r,k,16);
-#if BF_ROUNDS == 20
- BF_ENC(r,l,k,17);
- BF_ENC(l,r,k,18);
- BF_ENC(r,l,k,19);
- BF_ENC(l,r,k,20);
-#endif
- r^=k[BF_ROUNDS+1];
-
- data[1]=l&0xffffffffL;
- data[0]=r&0xffffffffL;
-#endif
- }
-
-#ifndef BF_DEFAULT_OPTIONS
-
-void BF_decrypt(BF_LONG *data, const BF_KEY *key)
- {
-#ifndef BF_PTR2
- register BF_LONG l,r;
- register const BF_LONG *p,*s;
-
- p=key->P;
- s= &(key->S[0]);
- l=data[0];
- r=data[1];
-
- l^=p[BF_ROUNDS+1];
-#if BF_ROUNDS == 20
- BF_ENC(r,l,s,p[20]);
- BF_ENC(l,r,s,p[19]);
- BF_ENC(r,l,s,p[18]);
- BF_ENC(l,r,s,p[17]);
-#endif
- BF_ENC(r,l,s,p[16]);
- BF_ENC(l,r,s,p[15]);
- BF_ENC(r,l,s,p[14]);
- BF_ENC(l,r,s,p[13]);
- BF_ENC(r,l,s,p[12]);
- BF_ENC(l,r,s,p[11]);
- BF_ENC(r,l,s,p[10]);
- BF_ENC(l,r,s,p[ 9]);
- BF_ENC(r,l,s,p[ 8]);
- BF_ENC(l,r,s,p[ 7]);
- BF_ENC(r,l,s,p[ 6]);
- BF_ENC(l,r,s,p[ 5]);
- BF_ENC(r,l,s,p[ 4]);
- BF_ENC(l,r,s,p[ 3]);
- BF_ENC(r,l,s,p[ 2]);
- BF_ENC(l,r,s,p[ 1]);
- r^=p[0];
-
- data[1]=l&0xffffffffL;
- data[0]=r&0xffffffffL;
-#else
- register BF_LONG l,r,t,*k;
-
- l=data[0];
- r=data[1];
- k=(BF_LONG *)key;
-
- l^=k[BF_ROUNDS+1];
-#if BF_ROUNDS == 20
- BF_ENC(r,l,k,20);
- BF_ENC(l,r,k,19);
- BF_ENC(r,l,k,18);
- BF_ENC(l,r,k,17);
-#endif
- BF_ENC(r,l,k,16);
- BF_ENC(l,r,k,15);
- BF_ENC(r,l,k,14);
- BF_ENC(l,r,k,13);
- BF_ENC(r,l,k,12);
- BF_ENC(l,r,k,11);
- BF_ENC(r,l,k,10);
- BF_ENC(l,r,k, 9);
- BF_ENC(r,l,k, 8);
- BF_ENC(l,r,k, 7);
- BF_ENC(r,l,k, 6);
- BF_ENC(l,r,k, 5);
- BF_ENC(r,l,k, 4);
- BF_ENC(l,r,k, 3);
- BF_ENC(r,l,k, 2);
- BF_ENC(l,r,k, 1);
- r^=k[0];
-
- data[1]=l&0xffffffffL;
- data[0]=r&0xffffffffL;
-#endif
- }
-
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- const BF_KEY *schedule, unsigned char *ivec, int encrypt)
- {
- register BF_LONG tin0,tin1;
- register BF_LONG tout0,tout1,xor0,xor1;
- register long l=length;
- BF_LONG tin[2];
-
- if (encrypt)
- {
- n2l(ivec,tout0);
- n2l(ivec,tout1);
- ivec-=8;
- for (l-=8; l>=0; l-=8)
- {
- n2l(in,tin0);
- n2l(in,tin1);
- tin0^=tout0;
- tin1^=tout1;
- tin[0]=tin0;
- tin[1]=tin1;
- BF_encrypt(tin,schedule);
- tout0=tin[0];
- tout1=tin[1];
- l2n(tout0,out);
- l2n(tout1,out);
- }
- if (l != -8)
- {
- n2ln(in,tin0,tin1,l+8);
- tin0^=tout0;
- tin1^=tout1;
- tin[0]=tin0;
- tin[1]=tin1;
- BF_encrypt(tin,schedule);
- tout0=tin[0];
- tout1=tin[1];
- l2n(tout0,out);
- l2n(tout1,out);
- }
- l2n(tout0,ivec);
- l2n(tout1,ivec);
- }
- else
- {
- n2l(ivec,xor0);
- n2l(ivec,xor1);
- ivec-=8;
- for (l-=8; l>=0; l-=8)
- {
- n2l(in,tin0);
- n2l(in,tin1);
- tin[0]=tin0;
- tin[1]=tin1;
- BF_decrypt(tin,schedule);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2n(tout0,out);
- l2n(tout1,out);
- xor0=tin0;
- xor1=tin1;
- }
- if (l != -8)
- {
- n2l(in,tin0);
- n2l(in,tin1);
- tin[0]=tin0;
- tin[1]=tin1;
- BF_decrypt(tin,schedule);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2nn(tout0,tout1,out,l+8);
- xor0=tin0;
- xor1=tin1;
- }
- l2n(xor0,ivec);
- l2n(xor1,ivec);
- }
- tin0=tin1=tout0=tout1=xor0=xor1=0;
- tin[0]=tin[1]=0;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bf/bf_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,300 @@
+/* crypto/bf/bf_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/*
+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From
+ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE
+ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
+# error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
+to modify the code.
+#endif
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key)
+{
+#ifndef BF_PTR2
+ register BF_LONG l, r;
+ register const BF_LONG *p, *s;
+
+ p = key->P;
+ s = &(key->S[0]);
+ l = data[0];
+ r = data[1];
+
+ l ^= p[0];
+ BF_ENC(r, l, s, p[1]);
+ BF_ENC(l, r, s, p[2]);
+ BF_ENC(r, l, s, p[3]);
+ BF_ENC(l, r, s, p[4]);
+ BF_ENC(r, l, s, p[5]);
+ BF_ENC(l, r, s, p[6]);
+ BF_ENC(r, l, s, p[7]);
+ BF_ENC(l, r, s, p[8]);
+ BF_ENC(r, l, s, p[9]);
+ BF_ENC(l, r, s, p[10]);
+ BF_ENC(r, l, s, p[11]);
+ BF_ENC(l, r, s, p[12]);
+ BF_ENC(r, l, s, p[13]);
+ BF_ENC(l, r, s, p[14]);
+ BF_ENC(r, l, s, p[15]);
+ BF_ENC(l, r, s, p[16]);
+# if BF_ROUNDS == 20
+ BF_ENC(r, l, s, p[17]);
+ BF_ENC(l, r, s, p[18]);
+ BF_ENC(r, l, s, p[19]);
+ BF_ENC(l, r, s, p[20]);
+# endif
+ r ^= p[BF_ROUNDS + 1];
+
+ data[1] = l & 0xffffffffL;
+ data[0] = r & 0xffffffffL;
+#else
+ register BF_LONG l, r, t, *k;
+
+ l = data[0];
+ r = data[1];
+ k = (BF_LONG *)key;
+
+ l ^= k[0];
+ BF_ENC(r, l, k, 1);
+ BF_ENC(l, r, k, 2);
+ BF_ENC(r, l, k, 3);
+ BF_ENC(l, r, k, 4);
+ BF_ENC(r, l, k, 5);
+ BF_ENC(l, r, k, 6);
+ BF_ENC(r, l, k, 7);
+ BF_ENC(l, r, k, 8);
+ BF_ENC(r, l, k, 9);
+ BF_ENC(l, r, k, 10);
+ BF_ENC(r, l, k, 11);
+ BF_ENC(l, r, k, 12);
+ BF_ENC(r, l, k, 13);
+ BF_ENC(l, r, k, 14);
+ BF_ENC(r, l, k, 15);
+ BF_ENC(l, r, k, 16);
+# if BF_ROUNDS == 20
+ BF_ENC(r, l, k, 17);
+ BF_ENC(l, r, k, 18);
+ BF_ENC(r, l, k, 19);
+ BF_ENC(l, r, k, 20);
+# endif
+ r ^= k[BF_ROUNDS + 1];
+
+ data[1] = l & 0xffffffffL;
+ data[0] = r & 0xffffffffL;
+#endif
+}
+
+#ifndef BF_DEFAULT_OPTIONS
+
+void BF_decrypt(BF_LONG *data, const BF_KEY *key)
+{
+# ifndef BF_PTR2
+ register BF_LONG l, r;
+ register const BF_LONG *p, *s;
+
+ p = key->P;
+ s = &(key->S[0]);
+ l = data[0];
+ r = data[1];
+
+ l ^= p[BF_ROUNDS + 1];
+# if BF_ROUNDS == 20
+ BF_ENC(r, l, s, p[20]);
+ BF_ENC(l, r, s, p[19]);
+ BF_ENC(r, l, s, p[18]);
+ BF_ENC(l, r, s, p[17]);
+# endif
+ BF_ENC(r, l, s, p[16]);
+ BF_ENC(l, r, s, p[15]);
+ BF_ENC(r, l, s, p[14]);
+ BF_ENC(l, r, s, p[13]);
+ BF_ENC(r, l, s, p[12]);
+ BF_ENC(l, r, s, p[11]);
+ BF_ENC(r, l, s, p[10]);
+ BF_ENC(l, r, s, p[9]);
+ BF_ENC(r, l, s, p[8]);
+ BF_ENC(l, r, s, p[7]);
+ BF_ENC(r, l, s, p[6]);
+ BF_ENC(l, r, s, p[5]);
+ BF_ENC(r, l, s, p[4]);
+ BF_ENC(l, r, s, p[3]);
+ BF_ENC(r, l, s, p[2]);
+ BF_ENC(l, r, s, p[1]);
+ r ^= p[0];
+
+ data[1] = l & 0xffffffffL;
+ data[0] = r & 0xffffffffL;
+# else
+ register BF_LONG l, r, t, *k;
+
+ l = data[0];
+ r = data[1];
+ k = (BF_LONG *)key;
+
+ l ^= k[BF_ROUNDS + 1];
+# if BF_ROUNDS == 20
+ BF_ENC(r, l, k, 20);
+ BF_ENC(l, r, k, 19);
+ BF_ENC(r, l, k, 18);
+ BF_ENC(l, r, k, 17);
+# endif
+ BF_ENC(r, l, k, 16);
+ BF_ENC(l, r, k, 15);
+ BF_ENC(r, l, k, 14);
+ BF_ENC(l, r, k, 13);
+ BF_ENC(r, l, k, 12);
+ BF_ENC(l, r, k, 11);
+ BF_ENC(r, l, k, 10);
+ BF_ENC(l, r, k, 9);
+ BF_ENC(r, l, k, 8);
+ BF_ENC(l, r, k, 7);
+ BF_ENC(r, l, k, 6);
+ BF_ENC(l, r, k, 5);
+ BF_ENC(r, l, k, 4);
+ BF_ENC(l, r, k, 3);
+ BF_ENC(r, l, k, 2);
+ BF_ENC(l, r, k, 1);
+ r ^= k[0];
+
+ data[1] = l & 0xffffffffL;
+ data[0] = r & 0xffffffffL;
+# endif
+}
+
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+{
+ register BF_LONG tin0, tin1;
+ register BF_LONG tout0, tout1, xor0, xor1;
+ register long l = length;
+ BF_LONG tin[2];
+
+ if (encrypt) {
+ n2l(ivec, tout0);
+ n2l(ivec, tout1);
+ ivec -= 8;
+ for (l -= 8; l >= 0; l -= 8) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ BF_encrypt(tin, schedule);
+ tout0 = tin[0];
+ tout1 = tin[1];
+ l2n(tout0, out);
+ l2n(tout1, out);
+ }
+ if (l != -8) {
+ n2ln(in, tin0, tin1, l + 8);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ BF_encrypt(tin, schedule);
+ tout0 = tin[0];
+ tout1 = tin[1];
+ l2n(tout0, out);
+ l2n(tout1, out);
+ }
+ l2n(tout0, ivec);
+ l2n(tout1, ivec);
+ } else {
+ n2l(ivec, xor0);
+ n2l(ivec, xor1);
+ ivec -= 8;
+ for (l -= 8; l >= 0; l -= 8) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin[0] = tin0;
+ tin[1] = tin1;
+ BF_decrypt(tin, schedule);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2n(tout0, out);
+ l2n(tout1, out);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ if (l != -8) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin[0] = tin0;
+ tin[1] = tin1;
+ BF_decrypt(tin, schedule);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2nn(tout0, tout1, out, l + 8);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ l2n(xor0, ivec);
+ l2n(xor1, ivec);
+ }
+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+ tin[0] = tin[1] = 0;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,219 +0,0 @@
-/* crypto/bf/bf_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BF_LOCL_H
-#define HEADER_BF_LOCL_H
-#include <openssl/opensslconf.h> /* BF_PTR, BF_PTR2 */
-
-#undef c2l
-#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
- l|=((unsigned long)(*((c)++)))<< 8L, \
- l|=((unsigned long)(*((c)++)))<<16L, \
- l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#undef c2ln
-#define c2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
- case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
- case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
- case 5: l2|=((unsigned long)(*(--(c)))); \
- case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
- case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
- case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
- case 1: l1|=((unsigned long)(*(--(c)))); \
- } \
- }
-
-#undef l2c
-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
- } \
- }
-
-/* NOTE - c is not incremented as per n2l */
-#define n2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c)))) ; \
- case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
- case 6: l2|=((unsigned long)(*(--(c))))<<16; \
- case 5: l2|=((unsigned long)(*(--(c))))<<24; \
- case 4: l1 =((unsigned long)(*(--(c)))) ; \
- case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
- case 2: l1|=((unsigned long)(*(--(c))))<<16; \
- case 1: l1|=((unsigned long)(*(--(c))))<<24; \
- } \
- }
-
-/* NOTE - c is not incremented as per l2n */
-#define l2nn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
- } \
- }
-
-#undef n2l
-#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
- l|=((unsigned long)(*((c)++)))<<16L, \
- l|=((unsigned long)(*((c)++)))<< 8L, \
- l|=((unsigned long)(*((c)++))))
-
-#undef l2n
-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-/* This is actually a big endian algorithm, the most significant byte
- * is used to lookup array 0 */
-
-#if defined(BF_PTR2)
-
-/*
- * This is basically a special Intel version. Point is that Intel
- * doesn't have many registers, but offers a reach choice of addressing
- * modes. So we spare some registers by directly traversing BF_KEY
- * structure and hiring the most decorated addressing mode. The code
- * generated by EGCS is *perfectly* competitive with assembler
- * implementation!
- */
-#define BF_ENC(LL,R,KEY,Pi) (\
- LL^=KEY[Pi], \
- t= KEY[BF_ROUNDS+2 + 0 + ((R>>24)&0xFF)], \
- t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \
- t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \
- t+= KEY[BF_ROUNDS+2 + 768 + ((R )&0xFF)], \
- LL^=t \
- )
-
-#elif defined(BF_PTR)
-
-#ifndef BF_LONG_LOG2
-#define BF_LONG_LOG2 2 /* default to BF_LONG being 32 bits */
-#endif
-#define BF_M (0xFF<<BF_LONG_LOG2)
-#define BF_0 (24-BF_LONG_LOG2)
-#define BF_1 (16-BF_LONG_LOG2)
-#define BF_2 ( 8-BF_LONG_LOG2)
-#define BF_3 BF_LONG_LOG2 /* left shift */
-
-/*
- * This is normally very good on RISC platforms where normally you
- * have to explicitly "multiply" array index by sizeof(BF_LONG)
- * in order to calculate the effective address. This implementation
- * excuses CPU from this extra work. Power[PC] uses should have most
- * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely
- * rlwinm. So let'em double-check if their compiler does it.
- */
-
-#define BF_ENC(LL,R,S,P) ( \
- LL^=P, \
- LL^= (((*(BF_LONG *)((unsigned char *)&(S[ 0])+((R>>BF_0)&BF_M))+ \
- *(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
- *(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
- *(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M))) \
- )
-#else
-
-/*
- * This is a *generic* version. Seem to perform best on platforms that
- * offer explicit support for extraction of 8-bit nibbles preferably
- * complemented with "multiplying" of array index by sizeof(BF_LONG).
- * For the moment of this writing the list comprises Alpha CPU featuring
- * extbl and s[48]addq instructions.
- */
-
-#define BF_ENC(LL,R,S,P) ( \
- LL^=P, \
- LL^=((( S[ ((int)(R>>24)&0xff)] + \
- S[0x0100+((int)(R>>16)&0xff)])^ \
- S[0x0200+((int)(R>> 8)&0xff)])+ \
- S[0x0300+((int)(R )&0xff)])&0xffffffffL \
- )
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/bf/bf_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,221 @@
+/* crypto/bf/bf_locl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BF_LOCL_H
+# define HEADER_BF_LOCL_H
+# include <openssl/opensslconf.h>/* BF_PTR, BF_PTR2 */
+
+# undef c2l
+# define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+# undef c2ln
+# define c2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+ case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+ case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+ case 5: l2|=((unsigned long)(*(--(c)))); \
+ case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+ case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+ case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+ case 1: l1|=((unsigned long)(*(--(c)))); \
+ } \
+ }
+
+# undef l2c
+# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+# undef l2cn
+# define l2cn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ } \
+ }
+
+/* NOTE - c is not incremented as per n2l */
+# define n2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c)))) ; \
+ case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+ case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+ case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+ case 4: l1 =((unsigned long)(*(--(c)))) ; \
+ case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+ case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+ case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+ } \
+ }
+
+/* NOTE - c is not incremented as per l2n */
+# define l2nn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+ } \
+ }
+
+# undef n2l
+# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++))))
+
+# undef l2n
+# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+/*
+ * This is actually a big endian algorithm, the most significant byte is used
+ * to lookup array 0
+ */
+
+# if defined(BF_PTR2)
+
+/*
+ * This is basically a special Intel version. Point is that Intel
+ * doesn't have many registers, but offers a reach choice of addressing
+ * modes. So we spare some registers by directly traversing BF_KEY
+ * structure and hiring the most decorated addressing mode. The code
+ * generated by EGCS is *perfectly* competitive with assembler
+ * implementation!
+ */
+# define BF_ENC(LL,R,KEY,Pi) (\
+ LL^=KEY[Pi], \
+ t= KEY[BF_ROUNDS+2 + 0 + ((R>>24)&0xFF)], \
+ t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \
+ t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \
+ t+= KEY[BF_ROUNDS+2 + 768 + ((R )&0xFF)], \
+ LL^=t \
+ )
+
+# elif defined(BF_PTR)
+
+# ifndef BF_LONG_LOG2
+# define BF_LONG_LOG2 2 /* default to BF_LONG being 32 bits */
+# endif
+# define BF_M (0xFF<<BF_LONG_LOG2)
+# define BF_0 (24-BF_LONG_LOG2)
+# define BF_1 (16-BF_LONG_LOG2)
+# define BF_2 ( 8-BF_LONG_LOG2)
+# define BF_3 BF_LONG_LOG2 /* left shift */
+
+/*
+ * This is normally very good on RISC platforms where normally you
+ * have to explicitly "multiply" array index by sizeof(BF_LONG)
+ * in order to calculate the effective address. This implementation
+ * excuses CPU from this extra work. Power[PC] uses should have most
+ * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely
+ * rlwinm. So let'em double-check if their compiler does it.
+ */
+
+# define BF_ENC(LL,R,S,P) ( \
+ LL^=P, \
+ LL^= (((*(BF_LONG *)((unsigned char *)&(S[ 0])+((R>>BF_0)&BF_M))+ \
+ *(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
+ *(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
+ *(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M))) \
+ )
+# else
+
+/*
+ * This is a *generic* version. Seem to perform best on platforms that
+ * offer explicit support for extraction of 8-bit nibbles preferably
+ * complemented with "multiplying" of array index by sizeof(BF_LONG).
+ * For the moment of this writing the list comprises Alpha CPU featuring
+ * extbl and s[48]addq instructions.
+ */
+
+# define BF_ENC(LL,R,S,P) ( \
+ LL^=P, \
+ LL^=((( S[ ((int)(R>>24)&0xff)] + \
+ S[0x0100+((int)(R>>16)&0xff)])^ \
+ S[0x0200+((int)(R>> 8)&0xff)])+ \
+ S[0x0300+((int)(R )&0xff)])&0xffffffffL \
+ )
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ofb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_ofb64.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ofb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,110 +0,0 @@
-/* crypto/bf/bf_ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/blowfish.h>
-#include "bf_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
- const BF_KEY *schedule, unsigned char *ivec, int *num)
- {
- register BF_LONG v0,v1,t;
- register int n= *num;
- register long l=length;
- unsigned char d[8];
- register char *dp;
- BF_LONG ti[2];
- unsigned char *iv;
- int save=0;
-
- iv=(unsigned char *)ivec;
- n2l(iv,v0);
- n2l(iv,v1);
- ti[0]=v0;
- ti[1]=v1;
- dp=(char *)d;
- l2n(v0,dp);
- l2n(v1,dp);
- while (l--)
- {
- if (n == 0)
- {
- BF_encrypt((BF_LONG *)ti,schedule);
- dp=(char *)d;
- t=ti[0]; l2n(t,dp);
- t=ti[1]; l2n(t,dp);
- save++;
- }
- *(out++)= *(in++)^d[n];
- n=(n+1)&0x07;
- }
- if (save)
- {
- v0=ti[0];
- v1=ti[1];
- iv=(unsigned char *)ivec;
- l2n(v0,iv);
- l2n(v1,iv);
- }
- t=v0=v1=ti[0]=ti[1]=0;
- *num=n;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ofb64.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bf/bf_ofb64.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ofb64.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_ofb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,110 @@
+/* crypto/bf/bf_ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const BF_KEY *schedule,
+ unsigned char *ivec, int *num)
+{
+ register BF_LONG v0, v1, t;
+ register int n = *num;
+ register long l = length;
+ unsigned char d[8];
+ register char *dp;
+ BF_LONG ti[2];
+ unsigned char *iv;
+ int save = 0;
+
+ iv = (unsigned char *)ivec;
+ n2l(iv, v0);
+ n2l(iv, v1);
+ ti[0] = v0;
+ ti[1] = v1;
+ dp = (char *)d;
+ l2n(v0, dp);
+ l2n(v1, dp);
+ while (l--) {
+ if (n == 0) {
+ BF_encrypt((BF_LONG *)ti, schedule);
+ dp = (char *)d;
+ t = ti[0];
+ l2n(t, dp);
+ t = ti[1];
+ l2n(t, dp);
+ save++;
+ }
+ *(out++) = *(in++) ^ d[n];
+ n = (n + 1) & 0x07;
+ }
+ if (save) {
+ v0 = ti[0];
+ v1 = ti[1];
+ iv = (unsigned char *)ivec;
+ l2n(v0, iv);
+ l2n(v1, iv);
+ }
+ t = v0 = v1 = ti[0] = ti[1] = 0;
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_opts.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_opts.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_opts.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,331 +0,0 @@
-/* crypto/bf/bf_opts.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
- * This is for machines with 64k code segment size restrictions. */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/blowfish.h>
-
-#define BF_DEFAULT_OPTIONS
-
-#undef BF_ENC
-#define BF_encrypt BF_encrypt_normal
-#undef HEADER_BF_LOCL_H
-#include "bf_enc.c"
-
-#define BF_PTR
-#undef BF_PTR2
-#undef BF_ENC
-#undef BF_encrypt
-#define BF_encrypt BF_encrypt_ptr
-#undef HEADER_BF_LOCL_H
-#include "bf_enc.c"
-
-#undef BF_PTR
-#define BF_PTR2
-#undef BF_ENC
-#undef BF_encrypt
-#define BF_encrypt BF_encrypt_ptr2
-#undef HEADER_BF_LOCL_H
-#include "bf_enc.c"
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#define BUFSIZE ((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-double Time_F(int s)
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
- }
-
-#ifdef SIGALRM
-#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
-#else
-#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
-#endif
-
-#define time_it(func,name,index) \
- print_name(name); \
- Time_F(START); \
- for (count=0,run=1; COND(cb); count+=4) \
- { \
- unsigned long d[2]; \
- func(d,&sch); \
- func(d,&sch); \
- func(d,&sch); \
- func(d,&sch); \
- } \
- tm[index]=Time_F(STOP); \
- fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
- tm[index]=((double)COUNT(cb))/tm[index];
-
-#define print_it(name,index) \
- fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
- tm[index]*8,1.0e6/tm[index]);
-
-int main(int argc, char **argv)
- {
- long count;
- static unsigned char buf[BUFSIZE];
- static char key[16]={ 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
- BF_KEY sch;
- double d,tm[16],max=0;
- int rank[16];
- char *str[16];
- int max_idx=0,i,num=0,j;
-#ifndef SIGALARM
- long ca,cb,cc,cd,ce;
-#endif
-
- for (i=0; i<12; i++)
- {
- tm[i]=0.0;
- rank[i]=0;
- }
-
-#ifndef TIMES
- fprintf(stderr,"To get the most accurate results, try to run this\n");
- fprintf(stderr,"program when this computer is idle.\n");
-#endif
-
- BF_set_key(&sch,16,key);
-
-#ifndef SIGALRM
- fprintf(stderr,"First we calculate the approximate speed ...\n");
- count=10;
- do {
- long i;
- unsigned long data[2];
-
- count*=2;
- Time_F(START);
- for (i=count; i; i--)
- BF_encrypt(data,&sch);
- d=Time_F(STOP);
- } while (d < 3.0);
- ca=count;
- cb=count*3;
- cc=count*3*8/BUFSIZE+1;
- cd=count*8/BUFSIZE+1;
-
- ce=count/20+1;
-#define COND(d) (count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
- alarm(10);
-#endif
-
- time_it(BF_encrypt_normal, "BF_encrypt_normal ", 0);
- time_it(BF_encrypt_ptr, "BF_encrypt_ptr ", 1);
- time_it(BF_encrypt_ptr2, "BF_encrypt_ptr2 ", 2);
- num+=3;
-
- str[0]="<nothing>";
- print_it("BF_encrypt_normal ",0);
- max=tm[0];
- max_idx=0;
- str[1]="ptr ";
- print_it("BF_encrypt_ptr ",1);
- if (max < tm[1]) { max=tm[1]; max_idx=1; }
- str[2]="ptr2 ";
- print_it("BF_encrypt_ptr2 ",2);
- if (max < tm[2]) { max=tm[2]; max_idx=2; }
-
- printf("options BF ecb/s\n");
- printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
- d=tm[max_idx];
- tm[max_idx]= -2.0;
- max= -1.0;
- for (;;)
- {
- for (i=0; i<3; i++)
- {
- if (max < tm[i]) { max=tm[i]; j=i; }
- }
- if (max < 0.0) break;
- printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
- tm[j]= -2.0;
- max= -1.0;
- }
-
- switch (max_idx)
- {
- case 0:
- printf("-DBF_DEFAULT_OPTIONS\n");
- break;
- case 1:
- printf("-DBF_PTR\n");
- break;
- case 2:
- printf("-DBF_PTR2\n");
- break;
- }
- exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
- return(0);
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_opts.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bf/bf_opts.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_opts.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_opts.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,324 @@
+/* crypto/bf/bf_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * define PART1, PART2, PART3 or PART4 to build only with a few of the
+ * options. This is for machines with 64k code segment size restrictions.
+ */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+# define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+#endif
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+ /*
+ * Depending on the VMS version, the tms structure is perhaps defined.
+ * The __TMS macro will show if it was. If it wasn't defined, we should
+ * undefine TIMES, since that tells the rest of the program how things
+ * should be handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+#ifndef TIMES
+# include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+#include <openssl/blowfish.h>
+#define BF_DEFAULT_OPTIONS
+#undef BF_ENC
+#define BF_encrypt BF_encrypt_normal
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+#define BF_PTR
+#undef BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt BF_encrypt_ptr
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+#undef BF_PTR
+#define BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt BF_encrypt_ptr2
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run = 0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi)
+# define SIGRETTYPE void
+# else
+# define SIGRETTYPE int
+# endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+{
+ signal(SIGALRM, sig_done);
+ run = 0;
+# ifdef LINT
+ sig = sig;
+# endif
+}
+#endif
+
+#define START 0
+#define STOP 1
+
+double Time_F(int s)
+{
+ double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#endif
+}
+
+#ifdef SIGALRM
+# define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+# define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+
+#define time_it(func,name,index) \
+ print_name(name); \
+ Time_F(START); \
+ for (count=0,run=1; COND(cb); count+=4) \
+ { \
+ unsigned long d[2]; \
+ func(d,&sch); \
+ func(d,&sch); \
+ func(d,&sch); \
+ func(d,&sch); \
+ } \
+ tm[index]=Time_F(STOP); \
+ fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+ tm[index]=((double)COUNT(cb))/tm[index];
+
+#define print_it(name,index) \
+ fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+ tm[index]*8,1.0e6/tm[index]);
+
+int main(int argc, char **argv)
+{
+ long count;
+ static unsigned char buf[BUFSIZE];
+ static char key[16] = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0
+ };
+ BF_KEY sch;
+ double d, tm[16], max = 0;
+ int rank[16];
+ char *str[16];
+ int max_idx = 0, i, num = 0, j;
+#ifndef SIGALARM
+ long ca, cb, cc, cd, ce;
+#endif
+
+ for (i = 0; i < 12; i++) {
+ tm[i] = 0.0;
+ rank[i] = 0;
+ }
+
+#ifndef TIMES
+ fprintf(stderr, "To get the most accurate results, try to run this\n");
+ fprintf(stderr, "program when this computer is idle.\n");
+#endif
+
+ BF_set_key(&sch, 16, key);
+
+#ifndef SIGALRM
+ fprintf(stderr, "First we calculate the approximate speed ...\n");
+ count = 10;
+ do {
+ long i;
+ unsigned long data[2];
+
+ count *= 2;
+ Time_F(START);
+ for (i = count; i; i--)
+ BF_encrypt(data, &sch);
+ d = Time_F(STOP);
+ } while (d < 3.0);
+ ca = count;
+ cb = count * 3;
+ cc = count * 3 * 8 / BUFSIZE + 1;
+ cd = count * 8 / BUFSIZE + 1;
+
+ ce = count / 20 + 1;
+# define COND(d) (count != (d))
+# define COUNT(d) (d)
+#else
+# define COND(c) (run)
+# define COUNT(d) (count)
+ signal(SIGALRM, sig_done);
+ alarm(10);
+#endif
+
+ time_it(BF_encrypt_normal, "BF_encrypt_normal ", 0);
+ time_it(BF_encrypt_ptr, "BF_encrypt_ptr ", 1);
+ time_it(BF_encrypt_ptr2, "BF_encrypt_ptr2 ", 2);
+ num += 3;
+
+ str[0] = "<nothing>";
+ print_it("BF_encrypt_normal ", 0);
+ max = tm[0];
+ max_idx = 0;
+ str[1] = "ptr ";
+ print_it("BF_encrypt_ptr ", 1);
+ if (max < tm[1]) {
+ max = tm[1];
+ max_idx = 1;
+ }
+ str[2] = "ptr2 ";
+ print_it("BF_encrypt_ptr2 ", 2);
+ if (max < tm[2]) {
+ max = tm[2];
+ max_idx = 2;
+ }
+
+ printf("options BF ecb/s\n");
+ printf("%s %12.2f 100.0%%\n", str[max_idx], tm[max_idx]);
+ d = tm[max_idx];
+ tm[max_idx] = -2.0;
+ max = -1.0;
+ for (;;) {
+ for (i = 0; i < 3; i++) {
+ if (max < tm[i]) {
+ max = tm[i];
+ j = i;
+ }
+ }
+ if (max < 0.0)
+ break;
+ printf("%s %12.2f %4.1f%%\n", str[j], tm[j], tm[j] / d * 100.0);
+ tm[j] = -2.0;
+ max = -1.0;
+ }
+
+ switch (max_idx) {
+ case 0:
+ printf("-DBF_DEFAULT_OPTIONS\n");
+ break;
+ case 1:
+ printf("-DBF_PTR\n");
+ break;
+ case 2:
+ printf("-DBF_PTR2\n");
+ break;
+ }
+ exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+ return (0);
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_pi.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_pi.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_pi.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,325 +0,0 @@
-/* crypto/bf/bf_pi.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-static const BF_KEY bf_init= {
- {
- 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
- 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
- 0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
- 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
- 0x9216d5d9L, 0x8979fb1b
- },{
- 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L,
- 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L,
- 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L,
- 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL,
- 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL,
- 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L,
- 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL,
- 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL,
- 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L,
- 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L,
- 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL,
- 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL,
- 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL,
- 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L,
- 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L,
- 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L,
- 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L,
- 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L,
- 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL,
- 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L,
- 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L,
- 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L,
- 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L,
- 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL,
- 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L,
- 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL,
- 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL,
- 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L,
- 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL,
- 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L,
- 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL,
- 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L,
- 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L,
- 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL,
- 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L,
- 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L,
- 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL,
- 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L,
- 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL,
- 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L,
- 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L,
- 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL,
- 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L,
- 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L,
- 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L,
- 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L,
- 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L,
- 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL,
- 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL,
- 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L,
- 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L,
- 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L,
- 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L,
- 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL,
- 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L,
- 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL,
- 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL,
- 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L,
- 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L,
- 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L,
- 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L,
- 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L,
- 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L,
- 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL,
- 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L,
- 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L,
- 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L,
- 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL,
- 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L,
- 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L,
- 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL,
- 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L,
- 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L,
- 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L,
- 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL,
- 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL,
- 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L,
- 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L,
- 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L,
- 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L,
- 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL,
- 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL,
- 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL,
- 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L,
- 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL,
- 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L,
- 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L,
- 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL,
- 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL,
- 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L,
- 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL,
- 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L,
- 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL,
- 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL,
- 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L,
- 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L,
- 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L,
- 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L,
- 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L,
- 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L,
- 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L,
- 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL,
- 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L,
- 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL,
- 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L,
- 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L,
- 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L,
- 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L,
- 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L,
- 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L,
- 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L,
- 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L,
- 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L,
- 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L,
- 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L,
- 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L,
- 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L,
- 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L,
- 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L,
- 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L,
- 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL,
- 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL,
- 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L,
- 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL,
- 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L,
- 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L,
- 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L,
- 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L,
- 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L,
- 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L,
- 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL,
- 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L,
- 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L,
- 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L,
- 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL,
- 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL,
- 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL,
- 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L,
- 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L,
- 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL,
- 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L,
- 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL,
- 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L,
- 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL,
- 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L,
- 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL,
- 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L,
- 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL,
- 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L,
- 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L,
- 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL,
- 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L,
- 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L,
- 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L,
- 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L,
- 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL,
- 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L,
- 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL,
- 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L,
- 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL,
- 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L,
- 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL,
- 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL,
- 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL,
- 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L,
- 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L,
- 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL,
- 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL,
- 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL,
- 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL,
- 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL,
- 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L,
- 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L,
- 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L,
- 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L,
- 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL,
- 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL,
- 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L,
- 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L,
- 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L,
- 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L,
- 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L,
- 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L,
- 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L,
- 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L,
- 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L,
- 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L,
- 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL,
- 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L,
- 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL,
- 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L,
- 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L,
- 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL,
- 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL,
- 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL,
- 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L,
- 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L,
- 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L,
- 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L,
- 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L,
- 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L,
- 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L,
- 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L,
- 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L,
- 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L,
- 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L,
- 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L,
- 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL,
- 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL,
- 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L,
- 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL,
- 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL,
- 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL,
- 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L,
- 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL,
- 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL,
- 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L,
- 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L,
- 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L,
- 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L,
- 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL,
- 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL,
- 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L,
- 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L,
- 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L,
- 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL,
- 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L,
- 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L,
- 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L,
- 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL,
- 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L,
- 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L,
- 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L,
- 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL,
- 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL,
- 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L,
- 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L,
- 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L,
- 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L,
- 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL,
- 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L,
- 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL,
- 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL,
- 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L,
- 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L,
- 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL,
- 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L,
- 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL,
- 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L,
- 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL,
- 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L,
- 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L,
- 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL,
- 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L,
- 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL,
- 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L,
- }
- };
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_pi.h (from rev 6976, vendor-crypto/openssl/dist/crypto/bf/bf_pi.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_pi.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_pi.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,579 @@
+/* crypto/bf/bf_pi.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static const BF_KEY bf_init = {
+ {
+ 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
+ 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
+ 0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
+ 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
+ 0x9216d5d9L, 0x8979fb1b}, {
+ 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL,
+ 0xd01adfb7L,
+ 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L,
+ 0xf12c7f99L,
+ 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L,
+ 0x858efc16L,
+ 0x636920d8L, 0x71574e69L, 0xa458fea3L,
+ 0xf4933d7eL,
+ 0x0d95748fL, 0x728eb658L, 0x718bcd58L,
+ 0x82154aeeL,
+ 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L,
+ 0x2af26013L,
+ 0xc5d1b023L, 0x286085f0L, 0xca417918L,
+ 0xb8db38efL,
+ 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL,
+ 0xb01e8a3eL,
+ 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL,
+ 0x55605c60L,
+ 0xe65525f3L, 0xaa55ab94L, 0x57489862L,
+ 0x63e81440L,
+ 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L,
+ 0x1141e8ceL,
+ 0xa15486afL, 0x7c72e993L, 0xb3ee1411L,
+ 0x636fbc2aL,
+ 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L,
+ 0x9b87931eL,
+ 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L,
+ 0x28958677L,
+ 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL,
+ 0x66282193L,
+ 0x61d809ccL, 0xfb21a991L, 0x487cac60L,
+ 0x5dec8032L,
+ 0xef845d5dL, 0xe98575b1L, 0xdc262302L,
+ 0xeb651b88L,
+ 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L,
+ 0x83f44239L,
+ 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL,
+ 0x9e1f9b5eL,
+ 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L,
+ 0xabd388f0L,
+ 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L,
+ 0xab5133a3L,
+ 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L,
+ 0x7efb2a98L,
+ 0xa1f1651dL, 0x39af0176L, 0x66ca593eL,
+ 0x82430e88L,
+ 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L,
+ 0x3b8b5ebeL,
+ 0xe06f75d8L, 0x85c12073L, 0x401a449fL,
+ 0x56c16aa6L,
+ 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L,
+ 0x429b023dL,
+ 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L,
+ 0x49f1c09bL,
+ 0x075372c9L, 0x80991b7bL, 0x25d479d8L,
+ 0xf6e8def7L,
+ 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL,
+ 0x04c006baL,
+ 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L,
+ 0x196a2463L,
+ 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL,
+ 0x3b52ec6fL,
+ 0x6dfc511fL, 0x9b30952cL, 0xcc814544L,
+ 0xaf5ebd09L,
+ 0xbee3d004L, 0xde334afdL, 0x660f2807L,
+ 0x192e4bb3L,
+ 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L,
+ 0xb9d3fbdbL,
+ 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L,
+ 0x402c7279L,
+ 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L,
+ 0xdb3222f8L,
+ 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L,
+ 0xad0552abL,
+ 0x323db5faL, 0xfd238760L, 0x53317b48L,
+ 0x3e00df82L,
+ 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL,
+ 0xdf1769dbL,
+ 0xd542a8f6L, 0x287effc3L, 0xac6732c6L,
+ 0x8c4f5573L,
+ 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL,
+ 0xb8f011a0L,
+ 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL,
+ 0x2dd1d35bL,
+ 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL,
+ 0x4bfb9790L,
+ 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L,
+ 0xcee4c6e8L,
+ 0xef20cadaL, 0x36774c01L, 0xd07e9efeL,
+ 0x2bf11fb4L,
+ 0x95dbda4dL, 0xae909198L, 0xeaad8e71L,
+ 0x6b93d5a0L,
+ 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL,
+ 0x8e7594b7L,
+ 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L,
+ 0x900df01cL,
+ 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L,
+ 0xb3a8c1adL,
+ 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL,
+ 0x8b021fa1L,
+ 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L,
+ 0xce89e299L,
+ 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L,
+ 0xd2ada8d9L,
+ 0x165fa266L, 0x80957705L, 0x93cc7314L,
+ 0x211a1477L,
+ 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L,
+ 0xfb9d35cfL,
+ 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L,
+ 0xae1e7e49L,
+ 0x00250e2dL, 0x2071b35eL, 0x226800bbL,
+ 0x57b8e0afL,
+ 0x2464369bL, 0xf009b91eL, 0x5563911dL,
+ 0x59dfa6aaL,
+ 0x78c14389L, 0xd95a537fL, 0x207d5ba2L,
+ 0x02e5b9c5L,
+ 0x83260376L, 0x6295cfa9L, 0x11c81968L,
+ 0x4e734a41L,
+ 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L,
+ 0x9a532915L,
+ 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L,
+ 0x81e67400L,
+ 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL,
+ 0x2a0dd915L,
+ 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL,
+ 0xc5855664L,
+ 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L,
+ 0x6e85076aL,
+ 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL,
+ 0xc4192623L,
+ 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L,
+ 0x8fedb266L,
+ 0xecaa8c71L, 0x699a17ffL, 0x5664526cL,
+ 0xc2b19ee1L,
+ 0x193602a5L, 0x75094c29L, 0xa0591340L,
+ 0xe4183a3eL,
+ 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L,
+ 0x99f73fd6L,
+ 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L,
+ 0xf0255dc1L,
+ 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L,
+ 0x021ecc5eL,
+ 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L,
+ 0x6b6a70a1L,
+ 0x687f3584L, 0x52a0e286L, 0xb79c5305L,
+ 0xaa500737L,
+ 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL,
+ 0x5716f2b8L,
+ 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L,
+ 0x0200b3ffL,
+ 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L,
+ 0xdc0921bdL,
+ 0xd19113f9L, 0x7ca92ff6L, 0x94324773L,
+ 0x22f54701L,
+ 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L,
+ 0x9af3dda7L,
+ 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL,
+ 0xa4751e41L,
+ 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L,
+ 0x183eb331L,
+ 0x4e548b38L, 0x4f6db908L, 0x6f420d03L,
+ 0xf60a04bfL,
+ 0x2cb81290L, 0x24977c79L, 0x5679b072L,
+ 0xbcaf89afL,
+ 0xde9a771fL, 0xd9930810L, 0xb38bae12L,
+ 0xdccf3f2eL,
+ 0x5512721fL, 0x2e6b7124L, 0x501adde6L,
+ 0x9f84cd87L,
+ 0x7a584718L, 0x7408da17L, 0xbc9f9abcL,
+ 0xe94b7d8cL,
+ 0xec7aec3aL, 0xdb851dfaL, 0x63094366L,
+ 0xc464c3d2L,
+ 0xef1c1847L, 0x3215d908L, 0xdd433b37L,
+ 0x24c2ba16L,
+ 0x12a14d43L, 0x2a65c451L, 0x50940002L,
+ 0x133ae4ddL,
+ 0x71dff89eL, 0x10314e55L, 0x81ac77d6L,
+ 0x5f11199bL,
+ 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL,
+ 0x5924a509L,
+ 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL,
+ 0x1e153c6eL,
+ 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL,
+ 0x5a3e2ab3L,
+ 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L,
+ 0x99e71d0fL,
+ 0x803e89d6L, 0x5266c825L, 0x2e4cc978L,
+ 0x9c10b36aL,
+ 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L,
+ 0x1e0a2df4L,
+ 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL,
+ 0x19c27960L,
+ 0x5223a708L, 0xf71312b6L, 0xebadfe6eL,
+ 0xeac31f66L,
+ 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L,
+ 0x018cff28L,
+ 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L,
+ 0x68ab9802L,
+ 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL,
+ 0x5b6e2f84L,
+ 0x1521b628L, 0x29076170L, 0xecdd4775L,
+ 0x619f1510L,
+ 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL,
+ 0xaa0363cfL,
+ 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL,
+ 0xcbaade14L,
+ 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL,
+ 0xb2f3846eL,
+ 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L,
+ 0x655abb50L,
+ 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L,
+ 0xc021b8f7L,
+ 0x9b540b19L, 0x875fa099L, 0x95f7997eL,
+ 0x623d7da8L,
+ 0xf837889aL, 0x97e32d77L, 0x11ed935fL,
+ 0x16681281L,
+ 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L,
+ 0x7858ba99L,
+ 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL,
+ 0x1ac24696L,
+ 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L,
+ 0x6dbc3128L,
+ 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L,
+ 0xee7c3c73L,
+ 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L,
+ 0x203e13e0L,
+ 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L,
+ 0xfacb4fd0L,
+ 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL,
+ 0x41cd2105L,
+ 0xd81e799eL, 0x86854dc7L, 0xe44b476aL,
+ 0x3d816250L,
+ 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L,
+ 0xc1c7b6a3L,
+ 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL,
+ 0x5692b285L,
+ 0x095bbf00L, 0xad19489dL, 0x1462b174L,
+ 0x23820e00L,
+ 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL,
+ 0x233f7061L,
+ 0x3372f092L, 0x8d937e41L, 0xd65fecf1L,
+ 0x6c223bdbL,
+ 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L,
+ 0xce77326eL,
+ 0xa6078084L, 0x19f8509eL, 0xe8efd855L,
+ 0x61d99735L,
+ 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL,
+ 0x800bcadcL,
+ 0x9e447a2eL, 0xc3453484L, 0xfdd56705L,
+ 0x0e1e9ec9L,
+ 0xdb73dbd3L, 0x105588cdL, 0x675fda79L,
+ 0xe3674340L,
+ 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL,
+ 0xf16dff20L,
+ 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL,
+ 0xdb83adf7L,
+ 0xe93d5a68L, 0x948140f7L, 0xf64c261cL,
+ 0x94692934L,
+ 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL,
+ 0xd4a20068L,
+ 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L,
+ 0x500061afL,
+ 0x1e39f62eL, 0x97244546L, 0x14214f74L,
+ 0xbf8b8840L,
+ 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L,
+ 0x66a02f45L,
+ 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L,
+ 0x31cb8504L,
+ 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L,
+ 0xabca0a9aL,
+ 0x28507825L, 0x530429f4L, 0x0a2c86daL,
+ 0xe9b66dfbL,
+ 0x68dc1462L, 0xd7486900L, 0x680ec0a4L,
+ 0x27a18deeL,
+ 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L,
+ 0x7af4d6b6L,
+ 0xaace1e7cL, 0xd3375fecL, 0xce78a399L,
+ 0x406b2a42L,
+ 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL,
+ 0x3b124e8bL,
+ 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L,
+ 0xeae397b2L,
+ 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L,
+ 0xca7820fbL,
+ 0xfb0af54eL, 0xd8feb397L, 0x454056acL,
+ 0xba489527L,
+ 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L,
+ 0xd096954bL,
+ 0x55a867bcL, 0xa1159a58L, 0xcca92963L,
+ 0x99e1db33L,
+ 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL,
+ 0x9029317cL,
+ 0xfdf8e802L, 0x04272f70L, 0x80bb155cL,
+ 0x05282ce3L,
+ 0x95c11548L, 0xe4c66d22L, 0x48c1133fL,
+ 0xc70f86dcL,
+ 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L,
+ 0x5d886e17L,
+ 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL,
+ 0x41113564L,
+ 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L,
+ 0x1f636c1bL,
+ 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L,
+ 0xcad18115L,
+ 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L,
+ 0xeebeb922L,
+ 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL,
+ 0x2da2f728L,
+ 0xd0127845L, 0x95b794fdL, 0x647d0862L,
+ 0xe7ccf5f0L,
+ 0x5449a36fL, 0x877d48faL, 0xc39dfd27L,
+ 0xf33e8d1eL,
+ 0x0a476341L, 0x992eff74L, 0x3a6f6eabL,
+ 0xf4f8fd37L,
+ 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL,
+ 0xdb6e6b0dL,
+ 0xc67b5510L, 0x6d672c37L, 0x2765d43bL,
+ 0xdcd0e804L,
+ 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L,
+ 0x690fed0bL,
+ 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL,
+ 0xd9155ea3L,
+ 0xbb132f88L, 0x515bad24L, 0x7b9479bfL,
+ 0x763bd6ebL,
+ 0x37392eb3L, 0xcc115979L, 0x8026e297L,
+ 0xf42e312dL,
+ 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL,
+ 0x782ef11cL,
+ 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L,
+ 0x4bfb6350L,
+ 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L,
+ 0xe2e1c3c9L,
+ 0x44421659L, 0x0a121386L, 0xd90cec6eL,
+ 0xd5abea2aL,
+ 0x64af674eL, 0xda86a85fL, 0xbebfe988L,
+ 0x64e4c3feL,
+ 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L,
+ 0x6003604dL,
+ 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L,
+ 0xd736fcccL,
+ 0x83426b33L, 0xf01eab71L, 0xb0804187L,
+ 0x3c005e5fL,
+ 0x77a057beL, 0xbde8ae24L, 0x55464299L,
+ 0xbf582e61L,
+ 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L,
+ 0x8789bdc2L,
+ 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L,
+ 0x46fcd9b9L,
+ 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L,
+ 0x915f95e2L,
+ 0x466e598eL, 0x20b45770L, 0x8cd55591L,
+ 0xc902de4cL,
+ 0xb90bace1L, 0xbb8205d0L, 0x11a86248L,
+ 0x7574a99eL,
+ 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L,
+ 0xc4324633L,
+ 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L,
+ 0x1d6efe10L,
+ 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL,
+ 0x2868f169L,
+ 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL,
+ 0x4fcd7f52L,
+ 0x50115e01L, 0xa70683faL, 0xa002b5c4L,
+ 0x0de6d027L,
+ 0x9af88c27L, 0x773f8641L, 0xc3604c06L,
+ 0x61a806b5L,
+ 0xf0177a28L, 0xc0f586e0L, 0x006058aaL,
+ 0x30dc7d62L,
+ 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L,
+ 0xc2c21634L,
+ 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L,
+ 0xce591d76L,
+ 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL,
+ 0x7c927c24L,
+ 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L,
+ 0xd39eb8fcL,
+ 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L,
+ 0x4dad0fc4L,
+ 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L,
+ 0x6c51133cL,
+ 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL,
+ 0xddc6c837L,
+ 0xd79a3234L, 0x92638212L, 0x670efa8eL,
+ 0x406000e0L,
+ 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L,
+ 0x5ac52d1bL,
+ 0x5cb0679eL, 0x4fa33742L, 0xd3822740L,
+ 0x99bc9bbeL,
+ 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL,
+ 0xc700c47bL,
+ 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL,
+ 0x6a366eb4L,
+ 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L,
+ 0x6549c2c8L,
+ 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL,
+ 0x4cd04dc6L,
+ 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L,
+ 0xbe5ee304L,
+ 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L,
+ 0x9a86ee22L,
+ 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL,
+ 0x9cf2d0a4L,
+ 0x83c061baL, 0x9be96a4dL, 0x8fe51550L,
+ 0xba645bd6L,
+ 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L,
+ 0xef5562e9L,
+ 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L,
+ 0x77fa0a59L,
+ 0x80e4a915L, 0x87b08601L, 0x9b09e6adL,
+ 0x3b3ee593L,
+ 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L,
+ 0x022b8b51L,
+ 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L,
+ 0x7c7d2d28L,
+ 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L,
+ 0x5a88f54cL,
+ 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL,
+ 0xed93fa9bL,
+ 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L,
+ 0x79132e28L,
+ 0x785f0191L, 0xed756055L, 0xf7960e44L,
+ 0xe3d35e8cL,
+ 0x15056dd4L, 0x88f46dbaL, 0x03a16125L,
+ 0x0564f0bdL,
+ 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL,
+ 0xa93a072aL,
+ 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL,
+ 0x26dcf319L,
+ 0x7533d928L, 0xb155fdf5L, 0x03563482L,
+ 0x8aba3cbbL,
+ 0x28517711L, 0xc20ad9f8L, 0xabcc5167L,
+ 0xccad925fL,
+ 0x4de81751L, 0x3830dc8eL, 0x379d5862L,
+ 0x9320f991L,
+ 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L,
+ 0x774fbe32L,
+ 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L,
+ 0x6413e680L,
+ 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL,
+ 0x09072166L,
+ 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL,
+ 0x1c20c8aeL,
+ 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL,
+ 0x6bb4e3bbL,
+ 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L,
+ 0xbcb4cdd5L,
+ 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL,
+ 0xbf3c6f47L,
+ 0xd29be463L, 0x542f5d9eL, 0xaec2771bL,
+ 0xf64e6370L,
+ 0x740e0d8dL, 0xe75b1357L, 0xf8721671L,
+ 0xaf537d5dL,
+ 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL,
+ 0x0115af84L,
+ 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L,
+ 0xce6ea048L,
+ 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL,
+ 0x277227f8L,
+ 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL,
+ 0x344525bdL,
+ 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L,
+ 0xa01fbac9L,
+ 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L,
+ 0xa1e8aac7L,
+ 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL,
+ 0xd50ada38L,
+ 0x0339c32aL, 0xc6913667L, 0x8df9317cL,
+ 0xe0b12b4fL,
+ 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL,
+ 0x27d9459cL,
+ 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L,
+ 0x9b941525L,
+ 0xfae59361L, 0xceb69cebL, 0xc2a86459L,
+ 0x12baa8d1L,
+ 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L,
+ 0xcb03a442L,
+ 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL,
+ 0x3278e964L,
+ 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL,
+ 0x8971f21eL,
+ 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L,
+ 0xc37632d8L,
+ 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L,
+ 0x0fe3f11dL,
+ 0xe54cda54L, 0x1edad891L, 0xce6279cfL,
+ 0xcd3e7e6fL,
+ 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L,
+ 0xf6fb2299L,
+ 0xf523f357L, 0xa6327623L, 0x93a83531L,
+ 0x56cccd02L,
+ 0xacf08162L, 0x5a75ebb5L, 0x6e163697L,
+ 0x88d273ccL,
+ 0xde966292L, 0x81b949d0L, 0x4c50901bL,
+ 0x71c65614L,
+ 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L,
+ 0xc3f27b9aL,
+ 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L,
+ 0x35bdd2f6L,
+ 0x71126905L, 0xb2040222L, 0xb6cbcf7cL,
+ 0xcd769c2bL,
+ 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L,
+ 0x2547adf0L,
+ 0xba38209cL, 0xf746ce76L, 0x77afa1c5L,
+ 0x20756060L,
+ 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L,
+ 0x4cf9aa7eL,
+ 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L,
+ 0xd6ebe1f9L,
+ 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL,
+ 0xc208e69fL,
+ 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L,
+ 0x3ac372e6L,
+ }
+};
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_skey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bf_skey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,121 +0,0 @@
-/* crypto/bf/bf_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/blowfish.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include "bf_locl.h"
-#include "bf_pi.h"
-
-FIPS_NON_FIPS_VCIPHER_Init(BF)
- {
- int i;
- BF_LONG *p,ri,in[2];
- const unsigned char *d,*end;
-
-
- memcpy(key,&bf_init,sizeof(BF_KEY));
- p=key->P;
-
- if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
-
- d=data;
- end= &(data[len]);
- for (i=0; i<(BF_ROUNDS+2); i++)
- {
- ri= *(d++);
- if (d >= end) d=data;
-
- ri<<=8;
- ri|= *(d++);
- if (d >= end) d=data;
-
- ri<<=8;
- ri|= *(d++);
- if (d >= end) d=data;
-
- ri<<=8;
- ri|= *(d++);
- if (d >= end) d=data;
-
- p[i]^=ri;
- }
-
- in[0]=0L;
- in[1]=0L;
- for (i=0; i<(BF_ROUNDS+2); i+=2)
- {
- BF_encrypt(in,key);
- p[i ]=in[0];
- p[i+1]=in[1];
- }
-
- p=key->S;
- for (i=0; i<4*256; i+=2)
- {
- BF_encrypt(in,key);
- p[i ]=in[0];
- p[i+1]=in[1];
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_skey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bf/bf_skey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_skey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bf_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,121 @@
+/* crypto/bf/bf_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/blowfish.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#include "bf_locl.h"
+#include "bf_pi.h"
+
+FIPS_NON_FIPS_VCIPHER_Init(BF)
+{
+ int i;
+ BF_LONG *p, ri, in[2];
+ const unsigned char *d, *end;
+
+ memcpy(key, &bf_init, sizeof(BF_KEY));
+ p = key->P;
+
+ if (len > ((BF_ROUNDS + 2) * 4))
+ len = (BF_ROUNDS + 2) * 4;
+
+ d = data;
+ end = &(data[len]);
+ for (i = 0; i < (BF_ROUNDS + 2); i++) {
+ ri = *(d++);
+ if (d >= end)
+ d = data;
+
+ ri <<= 8;
+ ri |= *(d++);
+ if (d >= end)
+ d = data;
+
+ ri <<= 8;
+ ri |= *(d++);
+ if (d >= end)
+ d = data;
+
+ ri <<= 8;
+ ri |= *(d++);
+ if (d >= end)
+ d = data;
+
+ p[i] ^= ri;
+ }
+
+ in[0] = 0L;
+ in[1] = 0L;
+ for (i = 0; i < (BF_ROUNDS + 2); i += 2) {
+ BF_encrypt(in, key);
+ p[i] = in[0];
+ p[i + 1] = in[1];
+ }
+
+ p = key->S;
+ for (i = 0; i < 4 * 256; i += 2) {
+ BF_encrypt(in, key);
+ p[i] = in[0];
+ p[i + 1] = in[1];
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bf/bfspeed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bfspeed.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bfspeed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,277 +0,0 @@
-/* crypto/bf/bfspeed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/blowfish.h>
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-#ifndef CLK_TCK
-#define HZ 100.0
-#else /* CLK_TCK */
-#define HZ ((double)CLK_TCK)
-#endif
-#endif
-
-#define BUFSIZE ((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-double Time_F(int s)
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
- }
-
-int main(int argc, char **argv)
- {
- long count;
- static unsigned char buf[BUFSIZE];
- static unsigned char key[] ={
- 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
- };
- BF_KEY sch;
- double a,b,c,d;
-#ifndef SIGALRM
- long ca,cb,cc;
-#endif
-
-#ifndef TIMES
- printf("To get the most accurate results, try to run this\n");
- printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
- printf("First we calculate the approximate speed ...\n");
- BF_set_key(&sch,16,key);
- count=10;
- do {
- long i;
- BF_LONG data[2];
-
- count*=2;
- Time_F(START);
- for (i=count; i; i--)
- BF_encrypt(data,&sch);
- d=Time_F(STOP);
- } while (d < 3.0);
- ca=count/512;
- cb=count;
- cc=count*8/BUFSIZE+1;
- printf("Doing BF_set_key %ld times\n",ca);
-#define COND(d) (count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
- printf("Doing BF_set_key for 10 seconds\n");
- alarm(10);
-#endif
-
- Time_F(START);
- for (count=0,run=1; COND(ca); count+=4)
- {
- BF_set_key(&sch,16,key);
- BF_set_key(&sch,16,key);
- BF_set_key(&sch,16,key);
- BF_set_key(&sch,16,key);
- }
- d=Time_F(STOP);
- printf("%ld BF_set_key's in %.2f seconds\n",count,d);
- a=((double)COUNT(ca))/d;
-
-#ifdef SIGALRM
- printf("Doing BF_encrypt's for 10 seconds\n");
- alarm(10);
-#else
- printf("Doing BF_encrypt %ld times\n",cb);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cb); count+=4)
- {
- BF_LONG data[2];
-
- BF_encrypt(data,&sch);
- BF_encrypt(data,&sch);
- BF_encrypt(data,&sch);
- BF_encrypt(data,&sch);
- }
- d=Time_F(STOP);
- printf("%ld BF_encrypt's in %.2f second\n",count,d);
- b=((double)COUNT(cb)*8)/d;
-
-#ifdef SIGALRM
- printf("Doing BF_cbc_encrypt on %ld byte blocks for 10 seconds\n",
- BUFSIZE);
- alarm(10);
-#else
- printf("Doing BF_cbc_encrypt %ld times on %ld byte blocks\n",cc,
- BUFSIZE);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cc); count++)
- BF_cbc_encrypt(buf,buf,BUFSIZE,&sch,
- &(key[0]),BF_ENCRYPT);
- d=Time_F(STOP);
- printf("%ld BF_cbc_encrypt's of %ld byte blocks in %.2f second\n",
- count,BUFSIZE,d);
- c=((double)COUNT(cc)*BUFSIZE)/d;
-
- printf("Blowfish set_key per sec = %12.3f (%9.3fuS)\n",a,1.0e6/a);
- printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n",b,8.0e6/b);
- printf("Blowfish cbc bytes per sec = %12.3f (%9.3fuS)\n",c,8.0e6/c);
- exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
- return(0);
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bf/bfspeed.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bf/bfspeed.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bf/bfspeed.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bfspeed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,265 @@
+/* crypto/bf/bfspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+# define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+#endif
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+ /*
+ * Depending on the VMS version, the tms structure is perhaps defined.
+ * The __TMS macro will show if it was. If it wasn't defined, we should
+ * undefine TIMES, since that tells the rest of the program how things
+ * should be handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+#ifndef TIMES
+# include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+#include <openssl/blowfish.h>
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# define HZ 100.0
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run = 0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi) || defined(_AIX)
+# define SIGRETTYPE void
+# else
+# define SIGRETTYPE int
+# endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+{
+ signal(SIGALRM, sig_done);
+ run = 0;
+# ifdef LINT
+ sig = sig;
+# endif
+}
+#endif
+
+#define START 0
+#define STOP 1
+
+double Time_F(int s)
+{
+ double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#endif
+}
+
+int main(int argc, char **argv)
+{
+ long count;
+ static unsigned char buf[BUFSIZE];
+ static unsigned char key[] = {
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+ };
+ BF_KEY sch;
+ double a, b, c, d;
+#ifndef SIGALRM
+ long ca, cb, cc;
+#endif
+
+#ifndef TIMES
+ printf("To get the most accurate results, try to run this\n");
+ printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+ printf("First we calculate the approximate speed ...\n");
+ BF_set_key(&sch, 16, key);
+ count = 10;
+ do {
+ long i;
+ BF_LONG data[2];
+
+ count *= 2;
+ Time_F(START);
+ for (i = count; i; i--)
+ BF_encrypt(data, &sch);
+ d = Time_F(STOP);
+ } while (d < 3.0);
+ ca = count / 512;
+ cb = count;
+ cc = count * 8 / BUFSIZE + 1;
+ printf("Doing BF_set_key %ld times\n", ca);
+# define COND(d) (count != (d))
+# define COUNT(d) (d)
+#else
+# define COND(c) (run)
+# define COUNT(d) (count)
+ signal(SIGALRM, sig_done);
+ printf("Doing BF_set_key for 10 seconds\n");
+ alarm(10);
+#endif
+
+ Time_F(START);
+ for (count = 0, run = 1; COND(ca); count += 4) {
+ BF_set_key(&sch, 16, key);
+ BF_set_key(&sch, 16, key);
+ BF_set_key(&sch, 16, key);
+ BF_set_key(&sch, 16, key);
+ }
+ d = Time_F(STOP);
+ printf("%ld BF_set_key's in %.2f seconds\n", count, d);
+ a = ((double)COUNT(ca)) / d;
+
+#ifdef SIGALRM
+ printf("Doing BF_encrypt's for 10 seconds\n");
+ alarm(10);
+#else
+ printf("Doing BF_encrypt %ld times\n", cb);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cb); count += 4) {
+ BF_LONG data[2];
+
+ BF_encrypt(data, &sch);
+ BF_encrypt(data, &sch);
+ BF_encrypt(data, &sch);
+ BF_encrypt(data, &sch);
+ }
+ d = Time_F(STOP);
+ printf("%ld BF_encrypt's in %.2f second\n", count, d);
+ b = ((double)COUNT(cb) * 8) / d;
+
+#ifdef SIGALRM
+ printf("Doing BF_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+ BUFSIZE);
+ alarm(10);
+#else
+ printf("Doing BF_cbc_encrypt %ld times on %ld byte blocks\n", cc,
+ BUFSIZE);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cc); count++)
+ BF_cbc_encrypt(buf, buf, BUFSIZE, &sch, &(key[0]), BF_ENCRYPT);
+ d = Time_F(STOP);
+ printf("%ld BF_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+ count, BUFSIZE, d);
+ c = ((double)COUNT(cc) * BUFSIZE) / d;
+
+ printf("Blowfish set_key per sec = %12.3f (%9.3fuS)\n", a,
+ 1.0e6 / a);
+ printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n", b,
+ 8.0e6 / b);
+ printf("Blowfish cbc bytes per sec = %12.3f (%9.3fuS)\n", c,
+ 8.0e6 / c);
+ exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+ return (0);
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bf/bftest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/bftest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,540 +0,0 @@
-/* crypto/bf/bftest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* This has been a quickly hacked 'ideatest.c'. When I add tests for other
- * RC2 modes, more of the code will be uncommented. */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_BF is defined */
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_BF
-int main(int argc, char *argv[])
-{
- printf("No BF support\n");
- return(0);
-}
-#else
-#include <openssl/blowfish.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-static char *bf_key[2]={
- "abcdefghijklmnopqrstuvwxyz",
- "Who is John Galt?"
- };
-
-/* big endian */
-static BF_LONG bf_plain[2][2]={
- {0x424c4f57L,0x46495348L},
- {0xfedcba98L,0x76543210L}
- };
-
-static BF_LONG bf_cipher[2][2]={
- {0x324ed0feL,0xf413a203L},
- {0xcc91732bL,0x8022f684L}
- };
-/************/
-
-/* Lets use the DES test vectors :-) */
-#define NUM_TESTS 34
-static unsigned char ecb_data[NUM_TESTS][8]={
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
- {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
- {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
- {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
- {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
- {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
- {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
- {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
- {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
- {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
- {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
- {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
- {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
- {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
- {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
- {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
- {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
- {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
- {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
- {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
- {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
- {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
- {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
-
-static unsigned char plain_data[NUM_TESTS][8]={
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
- {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
- {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
- {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
- {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
- {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
- {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
- {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
- {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
- {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
- {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
- {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
- {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
- {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
- {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
- {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
- {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
- {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
- {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
- {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
- {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
-
-static unsigned char cipher_data[NUM_TESTS][8]={
- {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
- {0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A},
- {0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2},
- {0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D},
- {0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96},
- {0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7},
- {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
- {0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D},
- {0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B},
- {0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0},
- {0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4},
- {0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB},
- {0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A},
- {0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18},
- {0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98},
- {0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5},
- {0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79},
- {0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3},
- {0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69},
- {0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B},
- {0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E},
- {0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD},
- {0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19},
- {0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3},
- {0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5},
- {0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78},
- {0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01},
- {0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2},
- {0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE},
- {0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D},
- {0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4},
- {0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC},
- {0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A},
- {0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A},
- };
-
-static unsigned char cbc_key [16]={
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
-static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
-static char cbc_data[40]="7654321 Now is the time for ";
-static unsigned char cbc_ok[32]={
- 0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6,
- 0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93,
- 0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9,
- 0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC};
-
-static unsigned char cfb64_ok[]={
- 0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
- 0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E,
- 0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00,
- 0x51,0x9D,0x57,0xA6,0xC3};
-
-static unsigned char ofb64_ok[]={
- 0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
- 0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73,
- 0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22,
- 0x63,0xC2,0xCF,0x80,0xDA};
-
-#define KEY_TEST_NUM 25
-static unsigned char key_test[KEY_TEST_NUM]={
- 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
- 0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
- 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
- 0x88};
-
-static unsigned char key_data[8]=
- {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};
-
-static unsigned char key_out[KEY_TEST_NUM][8]={
- {0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},
- {0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},
- {0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},
- {0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05},
- {0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E},
- {0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D},
- {0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D},
- {0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82},
- {0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77},
- {0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0},
- {0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6},
- {0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2},
- {0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4},
- {0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68},
- {0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F},
- {0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C},
- {0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B},
- {0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B},
- {0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8},
- {0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F},
- {0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F},
- {0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F},
- {0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD},
- {0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
- };
-
-static int test(void );
-static int print_test_data(void );
-int main(int argc, char *argv[])
- {
- int ret;
-
- if (argc > 1)
- ret=print_test_data();
- else
- ret=test();
-
-#ifdef OPENSSL_SYS_NETWARE
- if (ret) printf("ERROR: %d\n", ret);
-#endif
- EXIT(ret);
- return(0);
- }
-
-static int print_test_data(void)
- {
- unsigned int i,j;
-
- printf("ecb test data\n");
- printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
- for (i=0; i<NUM_TESTS; i++)
- {
- for (j=0; j<8; j++)
- printf("%02X",ecb_data[i][j]);
- printf("\t");
- for (j=0; j<8; j++)
- printf("%02X",plain_data[i][j]);
- printf("\t");
- for (j=0; j<8; j++)
- printf("%02X",cipher_data[i][j]);
- printf("\n");
- }
-
- printf("set_key test data\n");
- printf("data[8]= ");
- for (j=0; j<8; j++)
- printf("%02X",key_data[j]);
- printf("\n");
- for (i=0; i<KEY_TEST_NUM-1; i++)
- {
- printf("c=");
- for (j=0; j<8; j++)
- printf("%02X",key_out[i][j]);
- printf(" k[%2u]=",i+1);
- for (j=0; j<i+1; j++)
- printf("%02X",key_test[j]);
- printf("\n");
- }
-
- printf("\nchaining mode test data\n");
- printf("key[16] = ");
- for (j=0; j<16; j++)
- printf("%02X",cbc_key[j]);
- printf("\niv[8] = ");
- for (j=0; j<8; j++)
- printf("%02X",cbc_iv[j]);
- printf("\ndata[%d] = '%s'",(int)strlen(cbc_data)+1,cbc_data);
- printf("\ndata[%d] = ",(int)strlen(cbc_data)+1);
- for (j=0; j<strlen(cbc_data)+1; j++)
- printf("%02X",cbc_data[j]);
- printf("\n");
- printf("cbc cipher text\n");
- printf("cipher[%d]= ",32);
- for (j=0; j<32; j++)
- printf("%02X",cbc_ok[j]);
- printf("\n");
-
- printf("cfb64 cipher text\n");
- printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
- for (j=0; j<strlen(cbc_data)+1; j++)
- printf("%02X",cfb64_ok[j]);
- printf("\n");
-
- printf("ofb64 cipher text\n");
- printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
- for (j=0; j<strlen(cbc_data)+1; j++)
- printf("%02X",ofb64_ok[j]);
- printf("\n");
- return(0);
- }
-
-static int test(void)
- {
- unsigned char cbc_in[40],cbc_out[40],iv[8];
- int i,n,err=0;
- BF_KEY key;
- BF_LONG data[2];
- unsigned char out[8];
- BF_LONG len;
-
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data));
-#endif
-
- printf("testing blowfish in raw ecb mode\n");
- for (n=0; n<2; n++)
- {
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n]));
-#endif
- BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);
-
- data[0]=bf_plain[n][0];
- data[1]=bf_plain[n][1];
- BF_encrypt(data,&key);
- if (memcmp(&(bf_cipher[n][0]),&(data[0]),8) != 0)
- {
- printf("BF_encrypt error encrypting\n");
- printf("got :");
- for (i=0; i<2; i++)
- printf("%08lX ",(unsigned long)data[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<2; i++)
- printf("%08lX ",(unsigned long)bf_cipher[n][i]);
- err=1;
- printf("\n");
- }
-
- BF_decrypt(&(data[0]),&key);
- if (memcmp(&(bf_plain[n][0]),&(data[0]),8) != 0)
- {
- printf("BF_encrypt error decrypting\n");
- printf("got :");
- for (i=0; i<2; i++)
- printf("%08lX ",(unsigned long)data[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<2; i++)
- printf("%08lX ",(unsigned long)bf_plain[n][i]);
- printf("\n");
- err=1;
- }
- }
-
- printf("testing blowfish in ecb mode\n");
-
- for (n=0; n<NUM_TESTS; n++)
- {
- BF_set_key(&key,8,ecb_data[n]);
-
- BF_ecb_encrypt(&(plain_data[n][0]),out,&key,BF_ENCRYPT);
- if (memcmp(&(cipher_data[n][0]),out,8) != 0)
- {
- printf("BF_ecb_encrypt blowfish error encrypting\n");
- printf("got :");
- for (i=0; i<8; i++)
- printf("%02X ",out[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<8; i++)
- printf("%02X ",cipher_data[n][i]);
- err=1;
- printf("\n");
- }
-
- BF_ecb_encrypt(out,out,&key,BF_DECRYPT);
- if (memcmp(&(plain_data[n][0]),out,8) != 0)
- {
- printf("BF_ecb_encrypt error decrypting\n");
- printf("got :");
- for (i=0; i<8; i++)
- printf("%02X ",out[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<8; i++)
- printf("%02X ",plain_data[n][i]);
- printf("\n");
- err=1;
- }
- }
-
- printf("testing blowfish set_key\n");
- for (n=1; n<KEY_TEST_NUM; n++)
- {
- BF_set_key(&key,n,key_test);
- BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
- /* mips-sgi-irix6.5-gcc vv -mabi=64 bug workaround */
- if (memcmp(out,&(key_out[i=n-1][0]),8) != 0)
- {
- printf("blowfish setkey error\n");
- err=1;
- }
- }
-
- printf("testing blowfish in cbc mode\n");
- len=strlen(cbc_data)+1;
-
- BF_set_key(&key,16,cbc_key);
- memset(cbc_in,0,sizeof cbc_in);
- memset(cbc_out,0,sizeof cbc_out);
- memcpy(iv,cbc_iv,sizeof iv);
- BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
- &key,iv,BF_ENCRYPT);
- if (memcmp(cbc_out,cbc_ok,32) != 0)
- {
- err=1;
- printf("BF_cbc_encrypt encrypt error\n");
- for (i=0; i<32; i++) printf("0x%02X,",cbc_out[i]);
- }
- memcpy(iv,cbc_iv,8);
- BF_cbc_encrypt(cbc_out,cbc_in,len,
- &key,iv,BF_DECRYPT);
- if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
- {
- printf("BF_cbc_encrypt decrypt error\n");
- err=1;
- }
-
- printf("testing blowfish in cfb64 mode\n");
-
- BF_set_key(&key,16,cbc_key);
- memset(cbc_in,0,40);
- memset(cbc_out,0,40);
- memcpy(iv,cbc_iv,8);
- n=0;
- BF_cfb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,
- &key,iv,&n,BF_ENCRYPT);
- BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]),&(cbc_out[13]),len-13,
- &key,iv,&n,BF_ENCRYPT);
- if (memcmp(cbc_out,cfb64_ok,(int)len) != 0)
- {
- err=1;
- printf("BF_cfb64_encrypt encrypt error\n");
- for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
- }
- n=0;
- memcpy(iv,cbc_iv,8);
- BF_cfb64_encrypt(cbc_out,cbc_in,17,
- &key,iv,&n,BF_DECRYPT);
- BF_cfb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,
- &key,iv,&n,BF_DECRYPT);
- if (memcmp(cbc_in,cbc_data,(int)len) != 0)
- {
- printf("BF_cfb64_encrypt decrypt error\n");
- err=1;
- }
-
- printf("testing blowfish in ofb64\n");
-
- BF_set_key(&key,16,cbc_key);
- memset(cbc_in,0,40);
- memset(cbc_out,0,40);
- memcpy(iv,cbc_iv,8);
- n=0;
- BF_ofb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,&key,iv,&n);
- BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]),
- &(cbc_out[13]),len-13,&key,iv,&n);
- if (memcmp(cbc_out,ofb64_ok,(int)len) != 0)
- {
- err=1;
- printf("BF_ofb64_encrypt encrypt error\n");
- for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
- }
- n=0;
- memcpy(iv,cbc_iv,8);
- BF_ofb64_encrypt(cbc_out,cbc_in,17,&key,iv,&n);
- BF_ofb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,&key,iv,&n);
- if (memcmp(cbc_in,cbc_data,(int)len) != 0)
- {
- printf("BF_ofb64_encrypt decrypt error\n");
- err=1;
- }
-
- return(err);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bf/bftest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bf/bftest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bf/bftest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/bftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,538 @@
+/* crypto/bf/bftest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * This has been a quickly hacked 'ideatest.c'. When I add tests for other
+ * RC2 modes, more of the code will be uncommented.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_BF is defined */
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_BF
+int main(int argc, char *argv[])
+{
+ printf("No BF support\n");
+ return (0);
+}
+#else
+# include <openssl/blowfish.h>
+
+# ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+# endif
+
+static char *bf_key[2] = {
+ "abcdefghijklmnopqrstuvwxyz",
+ "Who is John Galt?"
+};
+
+/* big endian */
+static BF_LONG bf_plain[2][2] = {
+ {0x424c4f57L, 0x46495348L},
+ {0xfedcba98L, 0x76543210L}
+};
+
+static BF_LONG bf_cipher[2][2] = {
+ {0x324ed0feL, 0xf413a203L},
+ {0xcc91732bL, 0x8022f684L}
+};
+
+/************/
+
+/* Lets use the DES test vectors :-) */
+# define NUM_TESTS 34
+static unsigned char ecb_data[NUM_TESTS][8] = {
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
+ {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
+ {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
+ {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
+ {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
+ {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
+ {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
+ {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
+ {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
+ {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
+ {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
+ {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
+ {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
+ {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
+ {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
+ {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
+ {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
+ {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
+ {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
+ {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+ {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+ {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}
+};
+
+static unsigned char plain_data[NUM_TESTS][8] = {
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+ {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+ {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42},
+ {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA},
+ {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72},
+ {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A},
+ {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2},
+ {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A},
+ {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2},
+ {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A},
+ {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02},
+ {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A},
+ {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32},
+ {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA},
+ {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62},
+ {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2},
+ {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA},
+ {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92},
+ {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A},
+ {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2},
+ {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}
+};
+
+static unsigned char cipher_data[NUM_TESTS][8] = {
+ {0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78},
+ {0x51, 0x86, 0x6F, 0xD5, 0xB8, 0x5E, 0xCB, 0x8A},
+ {0x7D, 0x85, 0x6F, 0x9A, 0x61, 0x30, 0x63, 0xF2},
+ {0x24, 0x66, 0xDD, 0x87, 0x8B, 0x96, 0x3C, 0x9D},
+ {0x61, 0xF9, 0xC3, 0x80, 0x22, 0x81, 0xB0, 0x96},
+ {0x7D, 0x0C, 0xC6, 0x30, 0xAF, 0xDA, 0x1E, 0xC7},
+ {0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78},
+ {0x0A, 0xCE, 0xAB, 0x0F, 0xC6, 0xA0, 0xA2, 0x8D},
+ {0x59, 0xC6, 0x82, 0x45, 0xEB, 0x05, 0x28, 0x2B},
+ {0xB1, 0xB8, 0xCC, 0x0B, 0x25, 0x0F, 0x09, 0xA0},
+ {0x17, 0x30, 0xE5, 0x77, 0x8B, 0xEA, 0x1D, 0xA4},
+ {0xA2, 0x5E, 0x78, 0x56, 0xCF, 0x26, 0x51, 0xEB},
+ {0x35, 0x38, 0x82, 0xB1, 0x09, 0xCE, 0x8F, 0x1A},
+ {0x48, 0xF4, 0xD0, 0x88, 0x4C, 0x37, 0x99, 0x18},
+ {0x43, 0x21, 0x93, 0xB7, 0x89, 0x51, 0xFC, 0x98},
+ {0x13, 0xF0, 0x41, 0x54, 0xD6, 0x9D, 0x1A, 0xE5},
+ {0x2E, 0xED, 0xDA, 0x93, 0xFF, 0xD3, 0x9C, 0x79},
+ {0xD8, 0x87, 0xE0, 0x39, 0x3C, 0x2D, 0xA6, 0xE3},
+ {0x5F, 0x99, 0xD0, 0x4F, 0x5B, 0x16, 0x39, 0x69},
+ {0x4A, 0x05, 0x7A, 0x3B, 0x24, 0xD3, 0x97, 0x7B},
+ {0x45, 0x20, 0x31, 0xC1, 0xE4, 0xFA, 0xDA, 0x8E},
+ {0x75, 0x55, 0xAE, 0x39, 0xF5, 0x9B, 0x87, 0xBD},
+ {0x53, 0xC5, 0x5F, 0x9C, 0xB4, 0x9F, 0xC0, 0x19},
+ {0x7A, 0x8E, 0x7B, 0xFA, 0x93, 0x7E, 0x89, 0xA3},
+ {0xCF, 0x9C, 0x5D, 0x7A, 0x49, 0x86, 0xAD, 0xB5},
+ {0xD1, 0xAB, 0xB2, 0x90, 0x65, 0x8B, 0xC7, 0x78},
+ {0x55, 0xCB, 0x37, 0x74, 0xD1, 0x3E, 0xF2, 0x01},
+ {0xFA, 0x34, 0xEC, 0x48, 0x47, 0xB2, 0x68, 0xB2},
+ {0xA7, 0x90, 0x79, 0x51, 0x08, 0xEA, 0x3C, 0xAE},
+ {0xC3, 0x9E, 0x07, 0x2D, 0x9F, 0xAC, 0x63, 0x1D},
+ {0x01, 0x49, 0x33, 0xE0, 0xCD, 0xAF, 0xF6, 0xE4},
+ {0xF2, 0x1E, 0x9A, 0x77, 0xB7, 0x1C, 0x49, 0xBC},
+ {0x24, 0x59, 0x46, 0x88, 0x57, 0x54, 0x36, 0x9A},
+ {0x6B, 0x5C, 0x5A, 0x9C, 0x5D, 0x9E, 0x0A, 0x5A},
+};
+
+static unsigned char cbc_key[16] = {
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
+ 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87
+};
+static unsigned char cbc_iv[8] =
+ { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
+static char cbc_data[40] = "7654321 Now is the time for ";
+static unsigned char cbc_ok[32] = {
+ 0x6B, 0x77, 0xB4, 0xD6, 0x30, 0x06, 0xDE, 0xE6,
+ 0x05, 0xB1, 0x56, 0xE2, 0x74, 0x03, 0x97, 0x93,
+ 0x58, 0xDE, 0xB9, 0xE7, 0x15, 0x46, 0x16, 0xD9,
+ 0x59, 0xF1, 0x65, 0x2B, 0xD5, 0xFF, 0x92, 0xCC
+};
+
+static unsigned char cfb64_ok[] = {
+ 0xE7, 0x32, 0x14, 0xA2, 0x82, 0x21, 0x39, 0xCA,
+ 0xF2, 0x6E, 0xCF, 0x6D, 0x2E, 0xB9, 0xE7, 0x6E,
+ 0x3D, 0xA3, 0xDE, 0x04, 0xD1, 0x51, 0x72, 0x00,
+ 0x51, 0x9D, 0x57, 0xA6, 0xC3
+};
+
+static unsigned char ofb64_ok[] = {
+ 0xE7, 0x32, 0x14, 0xA2, 0x82, 0x21, 0x39, 0xCA,
+ 0x62, 0xB3, 0x43, 0xCC, 0x5B, 0x65, 0x58, 0x73,
+ 0x10, 0xDD, 0x90, 0x8D, 0x0C, 0x24, 0x1B, 0x22,
+ 0x63, 0xC2, 0xCF, 0x80, 0xDA
+};
+
+# define KEY_TEST_NUM 25
+static unsigned char key_test[KEY_TEST_NUM] = {
+ 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87,
+ 0x78, 0x69, 0x5a, 0x4b, 0x3c, 0x2d, 0x1e, 0x0f,
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88
+};
+
+static unsigned char key_data[8] =
+ { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 };
+
+static unsigned char key_out[KEY_TEST_NUM][8] = {
+ {0xF9, 0xAD, 0x59, 0x7C, 0x49, 0xDB, 0x00, 0x5E},
+ {0xE9, 0x1D, 0x21, 0xC1, 0xD9, 0x61, 0xA6, 0xD6},
+ {0xE9, 0xC2, 0xB7, 0x0A, 0x1B, 0xC6, 0x5C, 0xF3},
+ {0xBE, 0x1E, 0x63, 0x94, 0x08, 0x64, 0x0F, 0x05},
+ {0xB3, 0x9E, 0x44, 0x48, 0x1B, 0xDB, 0x1E, 0x6E},
+ {0x94, 0x57, 0xAA, 0x83, 0xB1, 0x92, 0x8C, 0x0D},
+ {0x8B, 0xB7, 0x70, 0x32, 0xF9, 0x60, 0x62, 0x9D},
+ {0xE8, 0x7A, 0x24, 0x4E, 0x2C, 0xC8, 0x5E, 0x82},
+ {0x15, 0x75, 0x0E, 0x7A, 0x4F, 0x4E, 0xC5, 0x77},
+ {0x12, 0x2B, 0xA7, 0x0B, 0x3A, 0xB6, 0x4A, 0xE0},
+ {0x3A, 0x83, 0x3C, 0x9A, 0xFF, 0xC5, 0x37, 0xF6},
+ {0x94, 0x09, 0xDA, 0x87, 0xA9, 0x0F, 0x6B, 0xF2},
+ {0x88, 0x4F, 0x80, 0x62, 0x50, 0x60, 0xB8, 0xB4},
+ {0x1F, 0x85, 0x03, 0x1C, 0x19, 0xE1, 0x19, 0x68},
+ {0x79, 0xD9, 0x37, 0x3A, 0x71, 0x4C, 0xA3, 0x4F},
+ {0x93, 0x14, 0x28, 0x87, 0xEE, 0x3B, 0xE1, 0x5C},
+ {0x03, 0x42, 0x9E, 0x83, 0x8C, 0xE2, 0xD1, 0x4B},
+ {0xA4, 0x29, 0x9E, 0x27, 0x46, 0x9F, 0xF6, 0x7B},
+ {0xAF, 0xD5, 0xAE, 0xD1, 0xC1, 0xBC, 0x96, 0xA8},
+ {0x10, 0x85, 0x1C, 0x0E, 0x38, 0x58, 0xDA, 0x9F},
+ {0xE6, 0xF5, 0x1E, 0xD7, 0x9B, 0x9D, 0xB2, 0x1F},
+ {0x64, 0xA6, 0xE1, 0x4A, 0xFD, 0x36, 0xB4, 0x6F},
+ {0x80, 0xC7, 0xD7, 0xD4, 0x5A, 0x54, 0x79, 0xAD},
+ {0x05, 0x04, 0x4B, 0x62, 0xFA, 0x52, 0xD0, 0x80},
+};
+
+static int test(void);
+static int print_test_data(void);
+int main(int argc, char *argv[])
+{
+ int ret;
+
+ if (argc > 1)
+ ret = print_test_data();
+ else
+ ret = test();
+
+# ifdef OPENSSL_SYS_NETWARE
+ if (ret)
+ printf("ERROR: %d\n", ret);
+# endif
+ EXIT(ret);
+ return (0);
+}
+
+static int print_test_data(void)
+{
+ unsigned int i, j;
+
+ printf("ecb test data\n");
+ printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
+ for (i = 0; i < NUM_TESTS; i++) {
+ for (j = 0; j < 8; j++)
+ printf("%02X", ecb_data[i][j]);
+ printf("\t");
+ for (j = 0; j < 8; j++)
+ printf("%02X", plain_data[i][j]);
+ printf("\t");
+ for (j = 0; j < 8; j++)
+ printf("%02X", cipher_data[i][j]);
+ printf("\n");
+ }
+
+ printf("set_key test data\n");
+ printf("data[8]= ");
+ for (j = 0; j < 8; j++)
+ printf("%02X", key_data[j]);
+ printf("\n");
+ for (i = 0; i < KEY_TEST_NUM - 1; i++) {
+ printf("c=");
+ for (j = 0; j < 8; j++)
+ printf("%02X", key_out[i][j]);
+ printf(" k[%2u]=", i + 1);
+ for (j = 0; j < i + 1; j++)
+ printf("%02X", key_test[j]);
+ printf("\n");
+ }
+
+ printf("\nchaining mode test data\n");
+ printf("key[16] = ");
+ for (j = 0; j < 16; j++)
+ printf("%02X", cbc_key[j]);
+ printf("\niv[8] = ");
+ for (j = 0; j < 8; j++)
+ printf("%02X", cbc_iv[j]);
+ printf("\ndata[%d] = '%s'", (int)strlen(cbc_data) + 1, cbc_data);
+ printf("\ndata[%d] = ", (int)strlen(cbc_data) + 1);
+ for (j = 0; j < strlen(cbc_data) + 1; j++)
+ printf("%02X", cbc_data[j]);
+ printf("\n");
+ printf("cbc cipher text\n");
+ printf("cipher[%d]= ", 32);
+ for (j = 0; j < 32; j++)
+ printf("%02X", cbc_ok[j]);
+ printf("\n");
+
+ printf("cfb64 cipher text\n");
+ printf("cipher[%d]= ", (int)strlen(cbc_data) + 1);
+ for (j = 0; j < strlen(cbc_data) + 1; j++)
+ printf("%02X", cfb64_ok[j]);
+ printf("\n");
+
+ printf("ofb64 cipher text\n");
+ printf("cipher[%d]= ", (int)strlen(cbc_data) + 1);
+ for (j = 0; j < strlen(cbc_data) + 1; j++)
+ printf("%02X", ofb64_ok[j]);
+ printf("\n");
+ return (0);
+}
+
+static int test(void)
+{
+ unsigned char cbc_in[40], cbc_out[40], iv[8];
+ int i, n, err = 0;
+ BF_KEY key;
+ BF_LONG data[2];
+ unsigned char out[8];
+ BF_LONG len;
+
+# ifdef CHARSET_EBCDIC
+ ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data));
+# endif
+
+ printf("testing blowfish in raw ecb mode\n");
+ for (n = 0; n < 2; n++) {
+# ifdef CHARSET_EBCDIC
+ ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n]));
+# endif
+ BF_set_key(&key, strlen(bf_key[n]), (unsigned char *)bf_key[n]);
+
+ data[0] = bf_plain[n][0];
+ data[1] = bf_plain[n][1];
+ BF_encrypt(data, &key);
+ if (memcmp(&(bf_cipher[n][0]), &(data[0]), 8) != 0) {
+ printf("BF_encrypt error encrypting\n");
+ printf("got :");
+ for (i = 0; i < 2; i++)
+ printf("%08lX ", (unsigned long)data[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 2; i++)
+ printf("%08lX ", (unsigned long)bf_cipher[n][i]);
+ err = 1;
+ printf("\n");
+ }
+
+ BF_decrypt(&(data[0]), &key);
+ if (memcmp(&(bf_plain[n][0]), &(data[0]), 8) != 0) {
+ printf("BF_encrypt error decrypting\n");
+ printf("got :");
+ for (i = 0; i < 2; i++)
+ printf("%08lX ", (unsigned long)data[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 2; i++)
+ printf("%08lX ", (unsigned long)bf_plain[n][i]);
+ printf("\n");
+ err = 1;
+ }
+ }
+
+ printf("testing blowfish in ecb mode\n");
+
+ for (n = 0; n < NUM_TESTS; n++) {
+ BF_set_key(&key, 8, ecb_data[n]);
+
+ BF_ecb_encrypt(&(plain_data[n][0]), out, &key, BF_ENCRYPT);
+ if (memcmp(&(cipher_data[n][0]), out, 8) != 0) {
+ printf("BF_ecb_encrypt blowfish error encrypting\n");
+ printf("got :");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", cipher_data[n][i]);
+ err = 1;
+ printf("\n");
+ }
+
+ BF_ecb_encrypt(out, out, &key, BF_DECRYPT);
+ if (memcmp(&(plain_data[n][0]), out, 8) != 0) {
+ printf("BF_ecb_encrypt error decrypting\n");
+ printf("got :");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", plain_data[n][i]);
+ printf("\n");
+ err = 1;
+ }
+ }
+
+ printf("testing blowfish set_key\n");
+ for (n = 1; n < KEY_TEST_NUM; n++) {
+ BF_set_key(&key, n, key_test);
+ BF_ecb_encrypt(key_data, out, &key, BF_ENCRYPT);
+ /* mips-sgi-irix6.5-gcc vv -mabi=64 bug workaround */
+ if (memcmp(out, &(key_out[i = n - 1][0]), 8) != 0) {
+ printf("blowfish setkey error\n");
+ err = 1;
+ }
+ }
+
+ printf("testing blowfish in cbc mode\n");
+ len = strlen(cbc_data) + 1;
+
+ BF_set_key(&key, 16, cbc_key);
+ memset(cbc_in, 0, sizeof cbc_in);
+ memset(cbc_out, 0, sizeof cbc_out);
+ memcpy(iv, cbc_iv, sizeof iv);
+ BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len,
+ &key, iv, BF_ENCRYPT);
+ if (memcmp(cbc_out, cbc_ok, 32) != 0) {
+ err = 1;
+ printf("BF_cbc_encrypt encrypt error\n");
+ for (i = 0; i < 32; i++)
+ printf("0x%02X,", cbc_out[i]);
+ }
+ memcpy(iv, cbc_iv, 8);
+ BF_cbc_encrypt(cbc_out, cbc_in, len, &key, iv, BF_DECRYPT);
+ if (memcmp(cbc_in, cbc_data, strlen(cbc_data) + 1) != 0) {
+ printf("BF_cbc_encrypt decrypt error\n");
+ err = 1;
+ }
+
+ printf("testing blowfish in cfb64 mode\n");
+
+ BF_set_key(&key, 16, cbc_key);
+ memset(cbc_in, 0, 40);
+ memset(cbc_out, 0, 40);
+ memcpy(iv, cbc_iv, 8);
+ n = 0;
+ BF_cfb64_encrypt((unsigned char *)cbc_data, cbc_out, (long)13,
+ &key, iv, &n, BF_ENCRYPT);
+ BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]),
+ len - 13, &key, iv, &n, BF_ENCRYPT);
+ if (memcmp(cbc_out, cfb64_ok, (int)len) != 0) {
+ err = 1;
+ printf("BF_cfb64_encrypt encrypt error\n");
+ for (i = 0; i < (int)len; i++)
+ printf("0x%02X,", cbc_out[i]);
+ }
+ n = 0;
+ memcpy(iv, cbc_iv, 8);
+ BF_cfb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n, BF_DECRYPT);
+ BF_cfb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17,
+ &key, iv, &n, BF_DECRYPT);
+ if (memcmp(cbc_in, cbc_data, (int)len) != 0) {
+ printf("BF_cfb64_encrypt decrypt error\n");
+ err = 1;
+ }
+
+ printf("testing blowfish in ofb64\n");
+
+ BF_set_key(&key, 16, cbc_key);
+ memset(cbc_in, 0, 40);
+ memset(cbc_out, 0, 40);
+ memcpy(iv, cbc_iv, 8);
+ n = 0;
+ BF_ofb64_encrypt((unsigned char *)cbc_data, cbc_out, (long)13, &key, iv,
+ &n);
+ BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]), &(cbc_out[13]),
+ len - 13, &key, iv, &n);
+ if (memcmp(cbc_out, ofb64_ok, (int)len) != 0) {
+ err = 1;
+ printf("BF_ofb64_encrypt encrypt error\n");
+ for (i = 0; i < (int)len; i++)
+ printf("0x%02X,", cbc_out[i]);
+ }
+ n = 0;
+ memcpy(iv, cbc_iv, 8);
+ BF_ofb64_encrypt(cbc_out, cbc_in, 17, &key, iv, &n);
+ BF_ofb64_encrypt(&(cbc_out[17]), &(cbc_in[17]), len - 17, &key, iv, &n);
+ if (memcmp(cbc_in, cbc_data, (int)len) != 0) {
+ printf("BF_ofb64_encrypt decrypt error\n");
+ err = 1;
+ }
+
+ return (err);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bf/blowfish.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bf/blowfish.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/blowfish.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,129 +0,0 @@
-/* crypto/bf/blowfish.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BLOWFISH_H
-#define HEADER_BLOWFISH_H
-
-#include <openssl/e_os2.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_BF
-#error BF is disabled.
-#endif
-
-#define BF_ENCRYPT 1
-#define BF_DECRYPT 0
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! BF_LONG_LOG2 has to be defined along. !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
-#define BF_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define BF_LONG unsigned long
-#define BF_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- * <appro at fy.chalmers.se>
- */
-#else
-#define BF_LONG unsigned int
-#endif
-
-#define BF_ROUNDS 16
-#define BF_BLOCK 8
-
-typedef struct bf_key_st
- {
- BF_LONG P[BF_ROUNDS+2];
- BF_LONG S[4*256];
- } BF_KEY;
-
-#ifdef OPENSSL_FIPS
-void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-#endif
-void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-
-void BF_encrypt(BF_LONG *data,const BF_KEY *key);
-void BF_decrypt(BF_LONG *data,const BF_KEY *key);
-
-void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
- const BF_KEY *key, int enc);
-void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- const BF_KEY *schedule, unsigned char *ivec, int enc);
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
- const BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
- const BF_KEY *schedule, unsigned char *ivec, int *num);
-const char *BF_options(void);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bf/blowfish.h (from rev 6976, vendor-crypto/openssl/dist/crypto/bf/blowfish.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bf/blowfish.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bf/blowfish.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,130 @@
+/* crypto/bf/blowfish.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BLOWFISH_H
+# define HEADER_BLOWFISH_H
+
+# include <openssl/e_os2.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifdef OPENSSL_NO_BF
+# error BF is disabled.
+# endif
+
+# define BF_ENCRYPT 1
+# define BF_DECRYPT 0
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! BF_LONG_LOG2 has to be defined along. !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+# define BF_LONG unsigned long
+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+# define BF_LONG unsigned long
+# define BF_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ * <appro at fy.chalmers.se>
+ */
+# else
+# define BF_LONG unsigned int
+# endif
+
+# define BF_ROUNDS 16
+# define BF_BLOCK 8
+
+typedef struct bf_key_st {
+ BF_LONG P[BF_ROUNDS + 2];
+ BF_LONG S[4 * 256];
+} BF_KEY;
+
+# ifdef OPENSSL_FIPS
+void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+# endif
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key);
+void BF_decrypt(BF_LONG *data, const BF_KEY *key);
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const BF_KEY *key, int enc);
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int enc);
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const BF_KEY *schedule,
+ unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const BF_KEY *schedule,
+ unsigned char *ivec, int *num);
+const char *BF_options(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/b_dump.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/b_dump.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/b_dump.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,187 +0,0 @@
-/* crypto/bio/b_dump.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * Stolen from tjh's ssl/ssl_trc.c stuff.
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bio_lcl.h"
-
-#define TRUNCATE
-#define DUMP_WIDTH 16
-#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
-
-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
- void *u, const char *s, int len)
- {
- return BIO_dump_indent_cb(cb, u, s, len, 0);
- }
-
-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
- void *u, const char *s, int len, int indent)
- {
- int ret=0;
- char buf[288+1],tmp[20],str[128+1];
- int i,j,rows,trc;
- unsigned char ch;
- int dump_width;
-
- trc=0;
-
-#ifdef TRUNCATE
- for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--)
- trc++;
-#endif
-
- if (indent < 0)
- indent = 0;
- if (indent)
- {
- if (indent > 128) indent=128;
- memset(str,' ',indent);
- }
- str[indent]='\0';
-
- dump_width=DUMP_WIDTH_LESS_INDENT(indent);
- rows=(len/dump_width);
- if ((rows*dump_width)<len)
- rows++;
- for(i=0;i<rows;i++)
- {
- buf[0]='\0'; /* start with empty string */
- BUF_strlcpy(buf,str,sizeof buf);
- BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
- BUF_strlcat(buf,tmp,sizeof buf);
- for(j=0;j<dump_width;j++)
- {
- if (((i*dump_width)+j)>=len)
- {
- BUF_strlcat(buf," ",sizeof buf);
- }
- else
- {
- ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
- BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
- j==7?'-':' ');
- BUF_strlcat(buf,tmp,sizeof buf);
- }
- }
- BUF_strlcat(buf," ",sizeof buf);
- for(j=0;j<dump_width;j++)
- {
- if (((i*dump_width)+j)>=len)
- break;
- ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
-#ifndef CHARSET_EBCDIC
- BIO_snprintf(tmp,sizeof tmp,"%c",
- ((ch>=' ')&&(ch<='~'))?ch:'.');
-#else
- BIO_snprintf(tmp,sizeof tmp,"%c",
- ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
- ? os_toebcdic[ch]
- : '.');
-#endif
- BUF_strlcat(buf,tmp,sizeof buf);
- }
- BUF_strlcat(buf,"\n",sizeof buf);
- /* if this is the last call then update the ddt_dump thing so
- * that we will move the selection point in the debug window
- */
- ret+=cb((void *)buf,strlen(buf),u);
- }
-#ifdef TRUNCATE
- if (trc > 0)
- {
- BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
- len+trc);
- ret+=cb((void *)buf,strlen(buf),u);
- }
-#endif
- return(ret);
- }
-
-#ifndef OPENSSL_NO_FP_API
-static int write_fp(const void *data, size_t len, void *fp)
- {
- return UP_fwrite(data, len, 1, fp);
- }
-int BIO_dump_fp(FILE *fp, const char *s, int len)
- {
- return BIO_dump_cb(write_fp, fp, s, len);
- }
-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)
- {
- return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
- }
-#endif
-
-static int write_bio(const void *data, size_t len, void *bp)
- {
- return BIO_write((BIO *)bp, (const char *)data, len);
- }
-int BIO_dump(BIO *bp, const char *s, int len)
- {
- return BIO_dump_cb(write_bio, bp, s, len);
- }
-int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
- {
- return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/b_dump.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/b_dump.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/b_dump.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/b_dump.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,184 @@
+/* crypto/bio/b_dump.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bio_lcl.h"
+
+#define TRUNCATE
+#define DUMP_WIDTH 16
+#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
+
+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
+ void *u, const char *s, int len)
+{
+ return BIO_dump_indent_cb(cb, u, s, len, 0);
+}
+
+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
+ void *u, const char *s, int len, int indent)
+{
+ int ret = 0;
+ char buf[288 + 1], tmp[20], str[128 + 1];
+ int i, j, rows, trc;
+ unsigned char ch;
+ int dump_width;
+
+ trc = 0;
+
+#ifdef TRUNCATE
+ for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--)
+ trc++;
+#endif
+
+ if (indent < 0)
+ indent = 0;
+ if (indent) {
+ if (indent > 128)
+ indent = 128;
+ memset(str, ' ', indent);
+ }
+ str[indent] = '\0';
+
+ dump_width = DUMP_WIDTH_LESS_INDENT(indent);
+ rows = (len / dump_width);
+ if ((rows * dump_width) < len)
+ rows++;
+ for (i = 0; i < rows; i++) {
+ buf[0] = '\0'; /* start with empty string */
+ BUF_strlcpy(buf, str, sizeof buf);
+ BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width);
+ BUF_strlcat(buf, tmp, sizeof buf);
+ for (j = 0; j < dump_width; j++) {
+ if (((i * dump_width) + j) >= len) {
+ BUF_strlcat(buf, " ", sizeof buf);
+ } else {
+ ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+ BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch,
+ j == 7 ? '-' : ' ');
+ BUF_strlcat(buf, tmp, sizeof buf);
+ }
+ }
+ BUF_strlcat(buf, " ", sizeof buf);
+ for (j = 0; j < dump_width; j++) {
+ if (((i * dump_width) + j) >= len)
+ break;
+ ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+#ifndef CHARSET_EBCDIC
+ BIO_snprintf(tmp, sizeof tmp, "%c",
+ ((ch >= ' ') && (ch <= '~')) ? ch : '.');
+#else
+ BIO_snprintf(tmp, sizeof tmp, "%c",
+ ((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
+ ? os_toebcdic[ch]
+ : '.');
+#endif
+ BUF_strlcat(buf, tmp, sizeof buf);
+ }
+ BUF_strlcat(buf, "\n", sizeof buf);
+ /*
+ * if this is the last call then update the ddt_dump thing so that we
+ * will move the selection point in the debug window
+ */
+ ret += cb((void *)buf, strlen(buf), u);
+ }
+#ifdef TRUNCATE
+ if (trc > 0) {
+ BIO_snprintf(buf, sizeof buf, "%s%04x - <SPACES/NULS>\n", str,
+ len + trc);
+ ret += cb((void *)buf, strlen(buf), u);
+ }
+#endif
+ return (ret);
+}
+
+#ifndef OPENSSL_NO_FP_API
+static int write_fp(const void *data, size_t len, void *fp)
+{
+ return UP_fwrite(data, len, 1, fp);
+}
+
+int BIO_dump_fp(FILE *fp, const char *s, int len)
+{
+ return BIO_dump_cb(write_fp, fp, s, len);
+}
+
+int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)
+{
+ return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
+}
+#endif
+
+static int write_bio(const void *data, size_t len, void *bp)
+{
+ return BIO_write((BIO *)bp, (const char *)data, len);
+}
+
+int BIO_dump(BIO *bp, const char *s, int len)
+{
+ return BIO_dump_cb(write_bio, bp, s, len);
+}
+
+int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
+{
+ return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/b_print.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/b_print.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/b_print.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,842 +0,0 @@
-/* crypto/bio/b_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* disable assert() unless BIO_DEBUG has been defined */
-#ifndef BIO_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-
-/*
- * Stolen from tjh's ssl/ssl_trc.c stuff.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include <assert.h>
-#include <limits.h>
-#include "cryptlib.h"
-#ifndef NO_SYS_TYPES_H
-#include <sys/types.h>
-#endif
-#include <openssl/bn.h> /* To get BN_LLONG properly defined */
-#include <openssl/bio.h>
-
-#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT)
-# ifndef HAVE_LONG_LONG
-# define HAVE_LONG_LONG 1
-# endif
-#endif
-
-/***************************************************************************/
-
-/*
- * Copyright Patrick Powell 1995
- * This code is based on code written by Patrick Powell <papowell at astart.com>
- * It may be used for any purpose as long as this notice remains intact
- * on all source code distributions.
- */
-
-/*
- * This code contains numerious changes and enhancements which were
- * made by lots of contributors over the last years to Patrick Powell's
- * original code:
- *
- * o Patrick Powell <papowell at astart.com> (1995)
- * o Brandon Long <blong at fiction.net> (1996, for Mutt)
- * o Thomas Roessler <roessler at guug.de> (1998, for Mutt)
- * o Michael Elkins <me at cs.hmc.edu> (1998, for Mutt)
- * o Andrew Tridgell <tridge at samba.org> (1998, for Samba)
- * o Luke Mewburn <lukem at netbsd.org> (1999, for LukemFTP)
- * o Ralf S. Engelschall <rse at engelschall.com> (1999, for Pth)
- * o ... (for OpenSSL)
- */
-
-#ifdef HAVE_LONG_DOUBLE
-#define LDOUBLE long double
-#else
-#define LDOUBLE double
-#endif
-
-#if HAVE_LONG_LONG
-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
-# define LLONG __int64
-# else
-# define LLONG long long
-# endif
-#else
-#define LLONG long
-#endif
-
-static void fmtstr (char **, char **, size_t *, size_t *,
- const char *, int, int, int);
-static void fmtint (char **, char **, size_t *, size_t *,
- LLONG, int, int, int, int);
-static void fmtfp (char **, char **, size_t *, size_t *,
- LDOUBLE, int, int, int);
-static void doapr_outch (char **, char **, size_t *, size_t *, int);
-static void _dopr(char **sbuffer, char **buffer,
- size_t *maxlen, size_t *retlen, int *truncated,
- const char *format, va_list args);
-
-/* format read states */
-#define DP_S_DEFAULT 0
-#define DP_S_FLAGS 1
-#define DP_S_MIN 2
-#define DP_S_DOT 3
-#define DP_S_MAX 4
-#define DP_S_MOD 5
-#define DP_S_CONV 6
-#define DP_S_DONE 7
-
-/* format flags - Bits */
-#define DP_F_MINUS (1 << 0)
-#define DP_F_PLUS (1 << 1)
-#define DP_F_SPACE (1 << 2)
-#define DP_F_NUM (1 << 3)
-#define DP_F_ZERO (1 << 4)
-#define DP_F_UP (1 << 5)
-#define DP_F_UNSIGNED (1 << 6)
-
-/* conversion flags */
-#define DP_C_SHORT 1
-#define DP_C_LONG 2
-#define DP_C_LDOUBLE 3
-#define DP_C_LLONG 4
-
-/* some handy macros */
-#define char_to_int(p) (p - '0')
-#define OSSL_MAX(p,q) ((p >= q) ? p : q)
-
-static void
-_dopr(
- char **sbuffer,
- char **buffer,
- size_t *maxlen,
- size_t *retlen,
- int *truncated,
- const char *format,
- va_list args)
-{
- char ch;
- LLONG value;
- LDOUBLE fvalue;
- char *strvalue;
- int min;
- int max;
- int state;
- int flags;
- int cflags;
- size_t currlen;
-
- state = DP_S_DEFAULT;
- flags = currlen = cflags = min = 0;
- max = -1;
- ch = *format++;
-
- while (state != DP_S_DONE) {
- if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
- state = DP_S_DONE;
-
- switch (state) {
- case DP_S_DEFAULT:
- if (ch == '%')
- state = DP_S_FLAGS;
- else
- doapr_outch(sbuffer,buffer, &currlen, maxlen, ch);
- ch = *format++;
- break;
- case DP_S_FLAGS:
- switch (ch) {
- case '-':
- flags |= DP_F_MINUS;
- ch = *format++;
- break;
- case '+':
- flags |= DP_F_PLUS;
- ch = *format++;
- break;
- case ' ':
- flags |= DP_F_SPACE;
- ch = *format++;
- break;
- case '#':
- flags |= DP_F_NUM;
- ch = *format++;
- break;
- case '0':
- flags |= DP_F_ZERO;
- ch = *format++;
- break;
- default:
- state = DP_S_MIN;
- break;
- }
- break;
- case DP_S_MIN:
- if (isdigit((unsigned char)ch)) {
- min = 10 * min + char_to_int(ch);
- ch = *format++;
- } else if (ch == '*') {
- min = va_arg(args, int);
- ch = *format++;
- state = DP_S_DOT;
- } else
- state = DP_S_DOT;
- break;
- case DP_S_DOT:
- if (ch == '.') {
- state = DP_S_MAX;
- ch = *format++;
- } else
- state = DP_S_MOD;
- break;
- case DP_S_MAX:
- if (isdigit((unsigned char)ch)) {
- if (max < 0)
- max = 0;
- max = 10 * max + char_to_int(ch);
- ch = *format++;
- } else if (ch == '*') {
- max = va_arg(args, int);
- ch = *format++;
- state = DP_S_MOD;
- } else
- state = DP_S_MOD;
- break;
- case DP_S_MOD:
- switch (ch) {
- case 'h':
- cflags = DP_C_SHORT;
- ch = *format++;
- break;
- case 'l':
- if (*format == 'l') {
- cflags = DP_C_LLONG;
- format++;
- } else
- cflags = DP_C_LONG;
- ch = *format++;
- break;
- case 'q':
- cflags = DP_C_LLONG;
- ch = *format++;
- break;
- case 'L':
- cflags = DP_C_LDOUBLE;
- ch = *format++;
- break;
- default:
- break;
- }
- state = DP_S_CONV;
- break;
- case DP_S_CONV:
- switch (ch) {
- case 'd':
- case 'i':
- switch (cflags) {
- case DP_C_SHORT:
- value = (short int)va_arg(args, int);
- break;
- case DP_C_LONG:
- value = va_arg(args, long int);
- break;
- case DP_C_LLONG:
- value = va_arg(args, LLONG);
- break;
- default:
- value = va_arg(args, int);
- break;
- }
- fmtint(sbuffer, buffer, &currlen, maxlen,
- value, 10, min, max, flags);
- break;
- case 'X':
- flags |= DP_F_UP;
- /* FALLTHROUGH */
- case 'x':
- case 'o':
- case 'u':
- flags |= DP_F_UNSIGNED;
- switch (cflags) {
- case DP_C_SHORT:
- value = (unsigned short int)va_arg(args, unsigned int);
- break;
- case DP_C_LONG:
- value = (LLONG) va_arg(args,
- unsigned long int);
- break;
- case DP_C_LLONG:
- value = va_arg(args, unsigned LLONG);
- break;
- default:
- value = (LLONG) va_arg(args,
- unsigned int);
- break;
- }
- fmtint(sbuffer, buffer, &currlen, maxlen, value,
- ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
- min, max, flags);
- break;
- case 'f':
- if (cflags == DP_C_LDOUBLE)
- fvalue = va_arg(args, LDOUBLE);
- else
- fvalue = va_arg(args, double);
- fmtfp(sbuffer, buffer, &currlen, maxlen,
- fvalue, min, max, flags);
- break;
- case 'E':
- flags |= DP_F_UP;
- case 'e':
- if (cflags == DP_C_LDOUBLE)
- fvalue = va_arg(args, LDOUBLE);
- else
- fvalue = va_arg(args, double);
- break;
- case 'G':
- flags |= DP_F_UP;
- case 'g':
- if (cflags == DP_C_LDOUBLE)
- fvalue = va_arg(args, LDOUBLE);
- else
- fvalue = va_arg(args, double);
- break;
- case 'c':
- doapr_outch(sbuffer, buffer, &currlen, maxlen,
- va_arg(args, int));
- break;
- case 's':
- strvalue = va_arg(args, char *);
- if (max < 0) {
- if (buffer)
- max = INT_MAX;
- else
- max = *maxlen;
- }
- fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
- flags, min, max);
- break;
- case 'p':
- value = (long)va_arg(args, void *);
- fmtint(sbuffer, buffer, &currlen, maxlen,
- value, 16, min, max, flags|DP_F_NUM);
- break;
- case 'n': /* XXX */
- if (cflags == DP_C_SHORT) {
- short int *num;
- num = va_arg(args, short int *);
- *num = currlen;
- } else if (cflags == DP_C_LONG) { /* XXX */
- long int *num;
- num = va_arg(args, long int *);
- *num = (long int) currlen;
- } else if (cflags == DP_C_LLONG) { /* XXX */
- LLONG *num;
- num = va_arg(args, LLONG *);
- *num = (LLONG) currlen;
- } else {
- int *num;
- num = va_arg(args, int *);
- *num = currlen;
- }
- break;
- case '%':
- doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
- break;
- case 'w':
- /* not supported yet, treat as next char */
- ch = *format++;
- break;
- default:
- /* unknown, skip */
- break;
- }
- ch = *format++;
- state = DP_S_DEFAULT;
- flags = cflags = min = 0;
- max = -1;
- break;
- case DP_S_DONE:
- break;
- default:
- break;
- }
- }
- *truncated = (currlen > *maxlen - 1);
- if (*truncated)
- currlen = *maxlen - 1;
- doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
- *retlen = currlen - 1;
- return;
-}
-
-static void
-fmtstr(
- char **sbuffer,
- char **buffer,
- size_t *currlen,
- size_t *maxlen,
- const char *value,
- int flags,
- int min,
- int max)
-{
- int padlen, strln;
- int cnt = 0;
-
- if (value == 0)
- value = "<NULL>";
- for (strln = 0; value[strln]; ++strln)
- ;
- padlen = min - strln;
- if (padlen < 0)
- padlen = 0;
- if (flags & DP_F_MINUS)
- padlen = -padlen;
-
- while ((padlen > 0) && (cnt < max)) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
- --padlen;
- ++cnt;
- }
- while (*value && (cnt < max)) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
- ++cnt;
- }
- while ((padlen < 0) && (cnt < max)) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
- ++padlen;
- ++cnt;
- }
-}
-
-static void
-fmtint(
- char **sbuffer,
- char **buffer,
- size_t *currlen,
- size_t *maxlen,
- LLONG value,
- int base,
- int min,
- int max,
- int flags)
-{
- int signvalue = 0;
- const char *prefix = "";
- unsigned LLONG uvalue;
- char convert[DECIMAL_SIZE(value)+3];
- int place = 0;
- int spadlen = 0;
- int zpadlen = 0;
- int caps = 0;
-
- if (max < 0)
- max = 0;
- uvalue = value;
- if (!(flags & DP_F_UNSIGNED)) {
- if (value < 0) {
- signvalue = '-';
- uvalue = -value;
- } else if (flags & DP_F_PLUS)
- signvalue = '+';
- else if (flags & DP_F_SPACE)
- signvalue = ' ';
- }
- if (flags & DP_F_NUM) {
- if (base == 8) prefix = "0";
- if (base == 16) prefix = "0x";
- }
- if (flags & DP_F_UP)
- caps = 1;
- do {
- convert[place++] =
- (caps ? "0123456789ABCDEF" : "0123456789abcdef")
- [uvalue % (unsigned) base];
- uvalue = (uvalue / (unsigned) base);
- } while (uvalue && (place < (int)sizeof(convert)));
- if (place == sizeof(convert))
- place--;
- convert[place] = 0;
-
- zpadlen = max - place;
- spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
- if (zpadlen < 0)
- zpadlen = 0;
- if (spadlen < 0)
- spadlen = 0;
- if (flags & DP_F_ZERO) {
- zpadlen = OSSL_MAX(zpadlen, spadlen);
- spadlen = 0;
- }
- if (flags & DP_F_MINUS)
- spadlen = -spadlen;
-
- /* spaces */
- while (spadlen > 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
- --spadlen;
- }
-
- /* sign */
- if (signvalue)
- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-
- /* prefix */
- while (*prefix) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
- prefix++;
- }
-
- /* zeros */
- if (zpadlen > 0) {
- while (zpadlen > 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
- --zpadlen;
- }
- }
- /* digits */
- while (place > 0)
- doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
-
- /* left justified spaces */
- while (spadlen < 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
- ++spadlen;
- }
- return;
-}
-
-static LDOUBLE
-abs_val(LDOUBLE value)
-{
- LDOUBLE result = value;
- if (value < 0)
- result = -value;
- return result;
-}
-
-static LDOUBLE
-pow_10(int in_exp)
-{
- LDOUBLE result = 1;
- while (in_exp) {
- result *= 10;
- in_exp--;
- }
- return result;
-}
-
-static long
-roundv(LDOUBLE value)
-{
- long intpart;
- intpart = (long) value;
- value = value - intpart;
- if (value >= 0.5)
- intpart++;
- return intpart;
-}
-
-static void
-fmtfp(
- char **sbuffer,
- char **buffer,
- size_t *currlen,
- size_t *maxlen,
- LDOUBLE fvalue,
- int min,
- int max,
- int flags)
-{
- int signvalue = 0;
- LDOUBLE ufvalue;
- char iconvert[20];
- char fconvert[20];
- int iplace = 0;
- int fplace = 0;
- int padlen = 0;
- int zpadlen = 0;
- int caps = 0;
- long intpart;
- long fracpart;
- long max10;
-
- if (max < 0)
- max = 6;
- ufvalue = abs_val(fvalue);
- if (fvalue < 0)
- signvalue = '-';
- else if (flags & DP_F_PLUS)
- signvalue = '+';
- else if (flags & DP_F_SPACE)
- signvalue = ' ';
-
- intpart = (long)ufvalue;
-
- /* sorry, we only support 9 digits past the decimal because of our
- conversion method */
- if (max > 9)
- max = 9;
-
- /* we "cheat" by converting the fractional part to integer by
- multiplying by a factor of 10 */
- max10 = roundv(pow_10(max));
- fracpart = roundv(pow_10(max) * (ufvalue - intpart));
-
- if (fracpart >= max10) {
- intpart++;
- fracpart -= max10;
- }
-
- /* convert integer part */
- do {
- iconvert[iplace++] =
- (caps ? "0123456789ABCDEF"
- : "0123456789abcdef")[intpart % 10];
- intpart = (intpart / 10);
- } while (intpart && (iplace < (int)sizeof(iconvert)));
- if (iplace == sizeof iconvert)
- iplace--;
- iconvert[iplace] = 0;
-
- /* convert fractional part */
- do {
- fconvert[fplace++] =
- (caps ? "0123456789ABCDEF"
- : "0123456789abcdef")[fracpart % 10];
- fracpart = (fracpart / 10);
- } while (fplace < max);
- if (fplace == sizeof fconvert)
- fplace--;
- fconvert[fplace] = 0;
-
- /* -1 for decimal point, another -1 if we are printing a sign */
- padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
- zpadlen = max - fplace;
- if (zpadlen < 0)
- zpadlen = 0;
- if (padlen < 0)
- padlen = 0;
- if (flags & DP_F_MINUS)
- padlen = -padlen;
-
- if ((flags & DP_F_ZERO) && (padlen > 0)) {
- if (signvalue) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
- --padlen;
- signvalue = 0;
- }
- while (padlen > 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
- --padlen;
- }
- }
- while (padlen > 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
- --padlen;
- }
- if (signvalue)
- doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
-
- while (iplace > 0)
- doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
-
- /*
- * Decimal point. This should probably use locale to find the correct
- * char to print out.
- */
- if (max > 0 || (flags & DP_F_NUM)) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
-
- while (fplace > 0)
- doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
- }
- while (zpadlen > 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
- --zpadlen;
- }
-
- while (padlen < 0) {
- doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
- ++padlen;
- }
-}
-
-static void
-doapr_outch(
- char **sbuffer,
- char **buffer,
- size_t *currlen,
- size_t *maxlen,
- int c)
-{
- /* If we haven't at least one buffer, someone has doe a big booboo */
- assert(*sbuffer != NULL || buffer != NULL);
-
- if (buffer) {
- while (*currlen >= *maxlen) {
- if (*buffer == NULL) {
- if (*maxlen == 0)
- *maxlen = 1024;
- *buffer = OPENSSL_malloc(*maxlen);
- if (*currlen > 0) {
- assert(*sbuffer != NULL);
- memcpy(*buffer, *sbuffer, *currlen);
- }
- *sbuffer = NULL;
- } else {
- *maxlen += 1024;
- *buffer = OPENSSL_realloc(*buffer, *maxlen);
- }
- }
- /* What to do if *buffer is NULL? */
- assert(*sbuffer != NULL || *buffer != NULL);
- }
-
- if (*currlen < *maxlen) {
- if (*sbuffer)
- (*sbuffer)[(*currlen)++] = (char)c;
- else
- (*buffer)[(*currlen)++] = (char)c;
- }
-
- return;
-}
-
-/***************************************************************************/
-
-int BIO_printf (BIO *bio, const char *format, ...)
- {
- va_list args;
- int ret;
-
- va_start(args, format);
-
- ret = BIO_vprintf(bio, format, args);
-
- va_end(args);
- return(ret);
- }
-
-int BIO_vprintf (BIO *bio, const char *format, va_list args)
- {
- int ret;
- size_t retlen;
- char hugebuf[1024*2]; /* Was previously 10k, which is unreasonable
- in small-stack environments, like threads
- or DOS programs. */
- char *hugebufp = hugebuf;
- size_t hugebufsize = sizeof(hugebuf);
- char *dynbuf = NULL;
- int ignored;
-
- dynbuf = NULL;
- CRYPTO_push_info("doapr()");
- _dopr(&hugebufp, &dynbuf, &hugebufsize,
- &retlen, &ignored, format, args);
- if (dynbuf)
- {
- ret=BIO_write(bio, dynbuf, (int)retlen);
- OPENSSL_free(dynbuf);
- }
- else
- {
- ret=BIO_write(bio, hugebuf, (int)retlen);
- }
- CRYPTO_pop_info();
- return(ret);
- }
-
-/* As snprintf is not available everywhere, we provide our own implementation.
- * This function has nothing to do with BIOs, but it's closely related
- * to BIO_printf, and we need *some* name prefix ...
- * (XXX the function should be renamed, but to what?) */
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
- {
- va_list args;
- int ret;
-
- va_start(args, format);
-
- ret = BIO_vsnprintf(buf, n, format, args);
-
- va_end(args);
- return(ret);
- }
-
-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
- {
- size_t retlen;
- int truncated;
-
- _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
-
- if (truncated)
- /* In case of truncation, return -1 like traditional snprintf.
- * (Current drafts for ISO/IEC 9899 say snprintf should return
- * the number of characters that would have been written,
- * had the buffer been large enough.) */
- return -1;
- else
- return (retlen <= INT_MAX) ? (int)retlen : -1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/b_print.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/b_print.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/b_print.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/b_print.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,816 @@
+/* crypto/bio/b_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* disable assert() unless BIO_DEBUG has been defined */
+#ifndef BIO_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+
+/*
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <limits.h>
+#include "cryptlib.h"
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#include <openssl/bn.h> /* To get BN_LLONG properly defined */
+#include <openssl/bio.h>
+
+#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT)
+# ifndef HAVE_LONG_LONG
+# define HAVE_LONG_LONG 1
+# endif
+#endif
+
+/***************************************************************************/
+
+/*
+ * Copyright Patrick Powell 1995
+ * This code is based on code written by Patrick Powell <papowell at astart.com>
+ * It may be used for any purpose as long as this notice remains intact
+ * on all source code distributions.
+ */
+
+/*-
+ * This code contains numerious changes and enhancements which were
+ * made by lots of contributors over the last years to Patrick Powell's
+ * original code:
+ *
+ * o Patrick Powell <papowell at astart.com> (1995)
+ * o Brandon Long <blong at fiction.net> (1996, for Mutt)
+ * o Thomas Roessler <roessler at guug.de> (1998, for Mutt)
+ * o Michael Elkins <me at cs.hmc.edu> (1998, for Mutt)
+ * o Andrew Tridgell <tridge at samba.org> (1998, for Samba)
+ * o Luke Mewburn <lukem at netbsd.org> (1999, for LukemFTP)
+ * o Ralf S. Engelschall <rse at engelschall.com> (1999, for Pth)
+ * o ... (for OpenSSL)
+ */
+
+#ifdef HAVE_LONG_DOUBLE
+# define LDOUBLE long double
+#else
+# define LDOUBLE double
+#endif
+
+#if HAVE_LONG_LONG
+# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+# define LLONG __int64
+# else
+# define LLONG long long
+# endif
+#else
+# define LLONG long
+#endif
+
+static void fmtstr(char **, char **, size_t *, size_t *,
+ const char *, int, int, int);
+static void fmtint(char **, char **, size_t *, size_t *,
+ LLONG, int, int, int, int);
+static void fmtfp(char **, char **, size_t *, size_t *,
+ LDOUBLE, int, int, int);
+static void doapr_outch(char **, char **, size_t *, size_t *, int);
+static void _dopr(char **sbuffer, char **buffer,
+ size_t *maxlen, size_t *retlen, int *truncated,
+ const char *format, va_list args);
+
+/* format read states */
+#define DP_S_DEFAULT 0
+#define DP_S_FLAGS 1
+#define DP_S_MIN 2
+#define DP_S_DOT 3
+#define DP_S_MAX 4
+#define DP_S_MOD 5
+#define DP_S_CONV 6
+#define DP_S_DONE 7
+
+/* format flags - Bits */
+#define DP_F_MINUS (1 << 0)
+#define DP_F_PLUS (1 << 1)
+#define DP_F_SPACE (1 << 2)
+#define DP_F_NUM (1 << 3)
+#define DP_F_ZERO (1 << 4)
+#define DP_F_UP (1 << 5)
+#define DP_F_UNSIGNED (1 << 6)
+
+/* conversion flags */
+#define DP_C_SHORT 1
+#define DP_C_LONG 2
+#define DP_C_LDOUBLE 3
+#define DP_C_LLONG 4
+
+/* some handy macros */
+#define char_to_int(p) (p - '0')
+#define OSSL_MAX(p,q) ((p >= q) ? p : q)
+
+static void
+_dopr(char **sbuffer,
+ char **buffer,
+ size_t *maxlen,
+ size_t *retlen, int *truncated, const char *format, va_list args)
+{
+ char ch;
+ LLONG value;
+ LDOUBLE fvalue;
+ char *strvalue;
+ int min;
+ int max;
+ int state;
+ int flags;
+ int cflags;
+ size_t currlen;
+
+ state = DP_S_DEFAULT;
+ flags = currlen = cflags = min = 0;
+ max = -1;
+ ch = *format++;
+
+ while (state != DP_S_DONE) {
+ if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
+ state = DP_S_DONE;
+
+ switch (state) {
+ case DP_S_DEFAULT:
+ if (ch == '%')
+ state = DP_S_FLAGS;
+ else
+ doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+ ch = *format++;
+ break;
+ case DP_S_FLAGS:
+ switch (ch) {
+ case '-':
+ flags |= DP_F_MINUS;
+ ch = *format++;
+ break;
+ case '+':
+ flags |= DP_F_PLUS;
+ ch = *format++;
+ break;
+ case ' ':
+ flags |= DP_F_SPACE;
+ ch = *format++;
+ break;
+ case '#':
+ flags |= DP_F_NUM;
+ ch = *format++;
+ break;
+ case '0':
+ flags |= DP_F_ZERO;
+ ch = *format++;
+ break;
+ default:
+ state = DP_S_MIN;
+ break;
+ }
+ break;
+ case DP_S_MIN:
+ if (isdigit((unsigned char)ch)) {
+ min = 10 * min + char_to_int(ch);
+ ch = *format++;
+ } else if (ch == '*') {
+ min = va_arg(args, int);
+ ch = *format++;
+ state = DP_S_DOT;
+ } else
+ state = DP_S_DOT;
+ break;
+ case DP_S_DOT:
+ if (ch == '.') {
+ state = DP_S_MAX;
+ ch = *format++;
+ } else
+ state = DP_S_MOD;
+ break;
+ case DP_S_MAX:
+ if (isdigit((unsigned char)ch)) {
+ if (max < 0)
+ max = 0;
+ max = 10 * max + char_to_int(ch);
+ ch = *format++;
+ } else if (ch == '*') {
+ max = va_arg(args, int);
+ ch = *format++;
+ state = DP_S_MOD;
+ } else
+ state = DP_S_MOD;
+ break;
+ case DP_S_MOD:
+ switch (ch) {
+ case 'h':
+ cflags = DP_C_SHORT;
+ ch = *format++;
+ break;
+ case 'l':
+ if (*format == 'l') {
+ cflags = DP_C_LLONG;
+ format++;
+ } else
+ cflags = DP_C_LONG;
+ ch = *format++;
+ break;
+ case 'q':
+ cflags = DP_C_LLONG;
+ ch = *format++;
+ break;
+ case 'L':
+ cflags = DP_C_LDOUBLE;
+ ch = *format++;
+ break;
+ default:
+ break;
+ }
+ state = DP_S_CONV;
+ break;
+ case DP_S_CONV:
+ switch (ch) {
+ case 'd':
+ case 'i':
+ switch (cflags) {
+ case DP_C_SHORT:
+ value = (short int)va_arg(args, int);
+ break;
+ case DP_C_LONG:
+ value = va_arg(args, long int);
+ break;
+ case DP_C_LLONG:
+ value = va_arg(args, LLONG);
+ break;
+ default:
+ value = va_arg(args, int);
+ break;
+ }
+ fmtint(sbuffer, buffer, &currlen, maxlen,
+ value, 10, min, max, flags);
+ break;
+ case 'X':
+ flags |= DP_F_UP;
+ /* FALLTHROUGH */
+ case 'x':
+ case 'o':
+ case 'u':
+ flags |= DP_F_UNSIGNED;
+ switch (cflags) {
+ case DP_C_SHORT:
+ value = (unsigned short int)va_arg(args, unsigned int);
+ break;
+ case DP_C_LONG:
+ value = (LLONG) va_arg(args, unsigned long int);
+ break;
+ case DP_C_LLONG:
+ value = va_arg(args, unsigned LLONG);
+ break;
+ default:
+ value = (LLONG) va_arg(args, unsigned int);
+ break;
+ }
+ fmtint(sbuffer, buffer, &currlen, maxlen, value,
+ ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+ min, max, flags);
+ break;
+ case 'f':
+ if (cflags == DP_C_LDOUBLE)
+ fvalue = va_arg(args, LDOUBLE);
+ else
+ fvalue = va_arg(args, double);
+ fmtfp(sbuffer, buffer, &currlen, maxlen,
+ fvalue, min, max, flags);
+ break;
+ case 'E':
+ flags |= DP_F_UP;
+ case 'e':
+ if (cflags == DP_C_LDOUBLE)
+ fvalue = va_arg(args, LDOUBLE);
+ else
+ fvalue = va_arg(args, double);
+ break;
+ case 'G':
+ flags |= DP_F_UP;
+ case 'g':
+ if (cflags == DP_C_LDOUBLE)
+ fvalue = va_arg(args, LDOUBLE);
+ else
+ fvalue = va_arg(args, double);
+ break;
+ case 'c':
+ doapr_outch(sbuffer, buffer, &currlen, maxlen,
+ va_arg(args, int));
+ break;
+ case 's':
+ strvalue = va_arg(args, char *);
+ if (max < 0) {
+ if (buffer)
+ max = INT_MAX;
+ else
+ max = *maxlen;
+ }
+ fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+ flags, min, max);
+ break;
+ case 'p':
+ value = (long)va_arg(args, void *);
+ fmtint(sbuffer, buffer, &currlen, maxlen,
+ value, 16, min, max, flags | DP_F_NUM);
+ break;
+ case 'n': /* XXX */
+ if (cflags == DP_C_SHORT) {
+ short int *num;
+ num = va_arg(args, short int *);
+ *num = currlen;
+ } else if (cflags == DP_C_LONG) { /* XXX */
+ long int *num;
+ num = va_arg(args, long int *);
+ *num = (long int)currlen;
+ } else if (cflags == DP_C_LLONG) { /* XXX */
+ LLONG *num;
+ num = va_arg(args, LLONG *);
+ *num = (LLONG) currlen;
+ } else {
+ int *num;
+ num = va_arg(args, int *);
+ *num = currlen;
+ }
+ break;
+ case '%':
+ doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+ break;
+ case 'w':
+ /* not supported yet, treat as next char */
+ ch = *format++;
+ break;
+ default:
+ /* unknown, skip */
+ break;
+ }
+ ch = *format++;
+ state = DP_S_DEFAULT;
+ flags = cflags = min = 0;
+ max = -1;
+ break;
+ case DP_S_DONE:
+ break;
+ default:
+ break;
+ }
+ }
+ *truncated = (currlen > *maxlen - 1);
+ if (*truncated)
+ currlen = *maxlen - 1;
+ doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
+ *retlen = currlen - 1;
+ return;
+}
+
+static void
+fmtstr(char **sbuffer,
+ char **buffer,
+ size_t *currlen,
+ size_t *maxlen, const char *value, int flags, int min, int max)
+{
+ int padlen, strln;
+ int cnt = 0;
+
+ if (value == 0)
+ value = "<NULL>";
+ for (strln = 0; value[strln]; ++strln) ;
+ padlen = min - strln;
+ if (padlen < 0)
+ padlen = 0;
+ if (flags & DP_F_MINUS)
+ padlen = -padlen;
+
+ while ((padlen > 0) && (cnt < max)) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ --padlen;
+ ++cnt;
+ }
+ while (*value && (cnt < max)) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
+ ++cnt;
+ }
+ while ((padlen < 0) && (cnt < max)) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ ++padlen;
+ ++cnt;
+ }
+}
+
+static void
+fmtint(char **sbuffer,
+ char **buffer,
+ size_t *currlen,
+ size_t *maxlen, LLONG value, int base, int min, int max, int flags)
+{
+ int signvalue = 0;
+ const char *prefix = "";
+ unsigned LLONG uvalue;
+ char convert[DECIMAL_SIZE(value) + 3];
+ int place = 0;
+ int spadlen = 0;
+ int zpadlen = 0;
+ int caps = 0;
+
+ if (max < 0)
+ max = 0;
+ uvalue = value;
+ if (!(flags & DP_F_UNSIGNED)) {
+ if (value < 0) {
+ signvalue = '-';
+ uvalue = -value;
+ } else if (flags & DP_F_PLUS)
+ signvalue = '+';
+ else if (flags & DP_F_SPACE)
+ signvalue = ' ';
+ }
+ if (flags & DP_F_NUM) {
+ if (base == 8)
+ prefix = "0";
+ if (base == 16)
+ prefix = "0x";
+ }
+ if (flags & DP_F_UP)
+ caps = 1;
+ do {
+ convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef")
+ [uvalue % (unsigned)base];
+ uvalue = (uvalue / (unsigned)base);
+ } while (uvalue && (place < (int)sizeof(convert)));
+ if (place == sizeof(convert))
+ place--;
+ convert[place] = 0;
+
+ zpadlen = max - place;
+ spadlen =
+ min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
+ if (zpadlen < 0)
+ zpadlen = 0;
+ if (spadlen < 0)
+ spadlen = 0;
+ if (flags & DP_F_ZERO) {
+ zpadlen = OSSL_MAX(zpadlen, spadlen);
+ spadlen = 0;
+ }
+ if (flags & DP_F_MINUS)
+ spadlen = -spadlen;
+
+ /* spaces */
+ while (spadlen > 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ --spadlen;
+ }
+
+ /* sign */
+ if (signvalue)
+ doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+
+ /* prefix */
+ while (*prefix) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix);
+ prefix++;
+ }
+
+ /* zeros */
+ if (zpadlen > 0) {
+ while (zpadlen > 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+ --zpadlen;
+ }
+ }
+ /* digits */
+ while (place > 0)
+ doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
+
+ /* left justified spaces */
+ while (spadlen < 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ ++spadlen;
+ }
+ return;
+}
+
+static LDOUBLE abs_val(LDOUBLE value)
+{
+ LDOUBLE result = value;
+ if (value < 0)
+ result = -value;
+ return result;
+}
+
+static LDOUBLE pow_10(int in_exp)
+{
+ LDOUBLE result = 1;
+ while (in_exp) {
+ result *= 10;
+ in_exp--;
+ }
+ return result;
+}
+
+static long roundv(LDOUBLE value)
+{
+ long intpart;
+ intpart = (long)value;
+ value = value - intpart;
+ if (value >= 0.5)
+ intpart++;
+ return intpart;
+}
+
+static void
+fmtfp(char **sbuffer,
+ char **buffer,
+ size_t *currlen,
+ size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags)
+{
+ int signvalue = 0;
+ LDOUBLE ufvalue;
+ char iconvert[20];
+ char fconvert[20];
+ int iplace = 0;
+ int fplace = 0;
+ int padlen = 0;
+ int zpadlen = 0;
+ int caps = 0;
+ long intpart;
+ long fracpart;
+ long max10;
+
+ if (max < 0)
+ max = 6;
+ ufvalue = abs_val(fvalue);
+ if (fvalue < 0)
+ signvalue = '-';
+ else if (flags & DP_F_PLUS)
+ signvalue = '+';
+ else if (flags & DP_F_SPACE)
+ signvalue = ' ';
+
+ intpart = (long)ufvalue;
+
+ /*
+ * sorry, we only support 9 digits past the decimal because of our
+ * conversion method
+ */
+ if (max > 9)
+ max = 9;
+
+ /*
+ * we "cheat" by converting the fractional part to integer by multiplying
+ * by a factor of 10
+ */
+ max10 = roundv(pow_10(max));
+ fracpart = roundv(pow_10(max) * (ufvalue - intpart));
+
+ if (fracpart >= max10) {
+ intpart++;
+ fracpart -= max10;
+ }
+
+ /* convert integer part */
+ do {
+ iconvert[iplace++] =
+ (caps ? "0123456789ABCDEF" : "0123456789abcdef")[intpart % 10];
+ intpart = (intpart / 10);
+ } while (intpart && (iplace < (int)sizeof(iconvert)));
+ if (iplace == sizeof iconvert)
+ iplace--;
+ iconvert[iplace] = 0;
+
+ /* convert fractional part */
+ do {
+ fconvert[fplace++] =
+ (caps ? "0123456789ABCDEF" : "0123456789abcdef")[fracpart % 10];
+ fracpart = (fracpart / 10);
+ } while (fplace < max);
+ if (fplace == sizeof fconvert)
+ fplace--;
+ fconvert[fplace] = 0;
+
+ /* -1 for decimal point, another -1 if we are printing a sign */
+ padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
+ zpadlen = max - fplace;
+ if (zpadlen < 0)
+ zpadlen = 0;
+ if (padlen < 0)
+ padlen = 0;
+ if (flags & DP_F_MINUS)
+ padlen = -padlen;
+
+ if ((flags & DP_F_ZERO) && (padlen > 0)) {
+ if (signvalue) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+ --padlen;
+ signvalue = 0;
+ }
+ while (padlen > 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+ --padlen;
+ }
+ }
+ while (padlen > 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ --padlen;
+ }
+ if (signvalue)
+ doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+
+ while (iplace > 0)
+ doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
+
+ /*
+ * Decimal point. This should probably use locale to find the correct
+ * char to print out.
+ */
+ if (max > 0 || (flags & DP_F_NUM)) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
+
+ while (fplace > 0)
+ doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
+ }
+ while (zpadlen > 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+ --zpadlen;
+ }
+
+ while (padlen < 0) {
+ doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+ ++padlen;
+ }
+}
+
+static void
+doapr_outch(char **sbuffer,
+ char **buffer, size_t *currlen, size_t *maxlen, int c)
+{
+ /* If we haven't at least one buffer, someone has doe a big booboo */
+ assert(*sbuffer != NULL || buffer != NULL);
+
+ if (buffer) {
+ while (*currlen >= *maxlen) {
+ if (*buffer == NULL) {
+ if (*maxlen == 0)
+ *maxlen = 1024;
+ *buffer = OPENSSL_malloc(*maxlen);
+ if (*currlen > 0) {
+ assert(*sbuffer != NULL);
+ memcpy(*buffer, *sbuffer, *currlen);
+ }
+ *sbuffer = NULL;
+ } else {
+ *maxlen += 1024;
+ *buffer = OPENSSL_realloc(*buffer, *maxlen);
+ }
+ }
+ /* What to do if *buffer is NULL? */
+ assert(*sbuffer != NULL || *buffer != NULL);
+ }
+
+ if (*currlen < *maxlen) {
+ if (*sbuffer)
+ (*sbuffer)[(*currlen)++] = (char)c;
+ else
+ (*buffer)[(*currlen)++] = (char)c;
+ }
+
+ return;
+}
+
+/***************************************************************************/
+
+int BIO_printf(BIO *bio, const char *format, ...)
+{
+ va_list args;
+ int ret;
+
+ va_start(args, format);
+
+ ret = BIO_vprintf(bio, format, args);
+
+ va_end(args);
+ return (ret);
+}
+
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+{
+ int ret;
+ size_t retlen;
+ char hugebuf[1024 * 2]; /* Was previously 10k, which is unreasonable
+ * in small-stack environments, like threads
+ * or DOS programs. */
+ char *hugebufp = hugebuf;
+ size_t hugebufsize = sizeof(hugebuf);
+ char *dynbuf = NULL;
+ int ignored;
+
+ dynbuf = NULL;
+ CRYPTO_push_info("doapr()");
+ _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args);
+ if (dynbuf) {
+ ret = BIO_write(bio, dynbuf, (int)retlen);
+ OPENSSL_free(dynbuf);
+ } else {
+ ret = BIO_write(bio, hugebuf, (int)retlen);
+ }
+ CRYPTO_pop_info();
+ return (ret);
+}
+
+/*
+ * As snprintf is not available everywhere, we provide our own
+ * implementation. This function has nothing to do with BIOs, but it's
+ * closely related to BIO_printf, and we need *some* name prefix ... (XXX the
+ * function should be renamed, but to what?)
+ */
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+{
+ va_list args;
+ int ret;
+
+ va_start(args, format);
+
+ ret = BIO_vsnprintf(buf, n, format, args);
+
+ va_end(args);
+ return (ret);
+}
+
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+{
+ size_t retlen;
+ int truncated;
+
+ _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
+
+ if (truncated)
+ /*
+ * In case of truncation, return -1 like traditional snprintf.
+ * (Current drafts for ISO/IEC 9899 say snprintf should return the
+ * number of characters that would have been written, had the buffer
+ * been large enough.)
+ */
+ return -1;
+ else
+ return (retlen <= INT_MAX) ? (int)retlen : -1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/b_sock.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/b_sock.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/b_sock.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,793 +0,0 @@
-/* crypto/bio/b_sock.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
-#include <netdb.h>
-#if defined(NETWARE_CLIB)
-#include <sys/ioctl.h>
-NETDB_DEFINE_CONTEXT
-#endif
-#endif
-
-#ifndef OPENSSL_NO_SOCK
-
-#ifdef OPENSSL_SYS_WIN16
-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-#else
-#define SOCKET_PROTOCOL IPPROTO_TCP
-#endif
-
-#ifdef SO_MAXCONN
-#define MAX_LISTEN SO_MAXCONN
-#elif defined(SOMAXCONN)
-#define MAX_LISTEN SOMAXCONN
-#else
-#define MAX_LISTEN 32
-#endif
-
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
-static int wsa_init_done=0;
-#endif
-
-#if 0
-static unsigned long BIO_ghbn_hits=0L;
-static unsigned long BIO_ghbn_miss=0L;
-
-#define GHBN_NUM 4
-static struct ghbn_cache_st
- {
- char name[129];
- struct hostent *ent;
- unsigned long order;
- } ghbn_cache[GHBN_NUM];
-#endif
-
-static int get_ip(const char *str,unsigned char *ip);
-#if 0
-static void ghbn_free(struct hostent *a);
-static struct hostent *ghbn_dup(struct hostent *a);
-#endif
-int BIO_get_host_ip(const char *str, unsigned char *ip)
- {
- int i;
- int err = 1;
- int locked = 0;
- struct hostent *he;
-
- i=get_ip(str,ip);
- if (i < 0)
- {
- BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
- goto err;
- }
-
- /* At this point, we have something that is most probably correct
- in some way, so let's init the socket. */
- if (BIO_sock_init() != 1)
- return 0; /* don't generate another error code here */
-
- /* If the string actually contained an IP address, we need not do
- anything more */
- if (i > 0) return(1);
-
- /* do a gethostbyname */
- CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
- locked = 1;
- he=BIO_gethostbyname(str);
- if (he == NULL)
- {
- BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
- goto err;
- }
-
- /* cast to short because of win16 winsock definition */
- if ((short)he->h_addrtype != AF_INET)
- {
- BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
- goto err;
- }
- for (i=0; i<4; i++)
- ip[i]=he->h_addr_list[0][i];
- err = 0;
-
- err:
- if (locked)
- CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
- if (err)
- {
- ERR_add_error_data(2,"host=",str);
- return 0;
- }
- else
- return 1;
- }
-
-int BIO_get_port(const char *str, unsigned short *port_ptr)
- {
- int i;
- struct servent *s;
-
- if (str == NULL)
- {
- BIOerr(BIO_F_BIO_GET_PORT,BIO_R_NO_PORT_DEFINED);
- return(0);
- }
- i=atoi(str);
- if (i != 0)
- *port_ptr=(unsigned short)i;
- else
- {
- CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);
- /* Note: under VMS with SOCKETSHR, it seems like the first
- * parameter is 'char *', instead of 'const char *'
- */
-#ifndef CONST_STRICT
- s=getservbyname((char *)str,"tcp");
-#else
- s=getservbyname(str,"tcp");
-#endif
- if(s != NULL)
- *port_ptr=ntohs((unsigned short)s->s_port);
- CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
- if(s == NULL)
- {
- if (strcmp(str,"http") == 0)
- *port_ptr=80;
- else if (strcmp(str,"telnet") == 0)
- *port_ptr=23;
- else if (strcmp(str,"socks") == 0)
- *port_ptr=1080;
- else if (strcmp(str,"https") == 0)
- *port_ptr=443;
- else if (strcmp(str,"ssl") == 0)
- *port_ptr=443;
- else if (strcmp(str,"ftp") == 0)
- *port_ptr=21;
- else if (strcmp(str,"gopher") == 0)
- *port_ptr=70;
-#if 0
- else if (strcmp(str,"wais") == 0)
- *port_ptr=21;
-#endif
- else
- {
- SYSerr(SYS_F_GETSERVBYNAME,get_last_socket_error());
- ERR_add_error_data(3,"service='",str,"'");
- return(0);
- }
- }
- }
- return(1);
- }
-
-int BIO_sock_error(int sock)
- {
- int j,i;
- int size;
-
- size=sizeof(int);
- /* Note: under Windows the third parameter is of type (char *)
- * whereas under other systems it is (void *) if you don't have
- * a cast it will choke the compiler: if you do have a cast then
- * you can either go for (char *) or (void *).
- */
- i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(void *)&j,(void *)&size);
- if (i < 0)
- return(1);
- else
- return(j);
- }
-
-#if 0
-long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
- {
- int i;
- char **p;
-
- switch (cmd)
- {
- case BIO_GHBN_CTRL_HITS:
- return(BIO_ghbn_hits);
- /* break; */
- case BIO_GHBN_CTRL_MISSES:
- return(BIO_ghbn_miss);
- /* break; */
- case BIO_GHBN_CTRL_CACHE_SIZE:
- return(GHBN_NUM);
- /* break; */
- case BIO_GHBN_CTRL_GET_ENTRY:
- if ((iarg >= 0) && (iarg <GHBN_NUM) &&
- (ghbn_cache[iarg].order > 0))
- {
- p=(char **)parg;
- if (p == NULL) return(0);
- *p=ghbn_cache[iarg].name;
- ghbn_cache[iarg].name[128]='\0';
- return(1);
- }
- return(0);
- /* break; */
- case BIO_GHBN_CTRL_FLUSH:
- for (i=0; i<GHBN_NUM; i++)
- ghbn_cache[i].order=0;
- break;
- default:
- return(0);
- }
- return(1);
- }
-#endif
-
-#if 0
-static struct hostent *ghbn_dup(struct hostent *a)
- {
- struct hostent *ret;
- int i,j;
-
- MemCheck_off();
- ret=(struct hostent *)OPENSSL_malloc(sizeof(struct hostent));
- if (ret == NULL) return(NULL);
- memset(ret,0,sizeof(struct hostent));
-
- for (i=0; a->h_aliases[i] != NULL; i++)
- ;
- i++;
- ret->h_aliases = (char **)OPENSSL_malloc(i*sizeof(char *));
- if (ret->h_aliases == NULL)
- goto err;
- memset(ret->h_aliases, 0, i*sizeof(char *));
-
- for (i=0; a->h_addr_list[i] != NULL; i++)
- ;
- i++;
- ret->h_addr_list=(char **)OPENSSL_malloc(i*sizeof(char *));
- if (ret->h_addr_list == NULL)
- goto err;
- memset(ret->h_addr_list, 0, i*sizeof(char *));
-
- j=strlen(a->h_name)+1;
- if ((ret->h_name=OPENSSL_malloc(j)) == NULL) goto err;
- memcpy((char *)ret->h_name,a->h_name,j);
- for (i=0; a->h_aliases[i] != NULL; i++)
- {
- j=strlen(a->h_aliases[i])+1;
- if ((ret->h_aliases[i]=OPENSSL_malloc(j)) == NULL) goto err;
- memcpy(ret->h_aliases[i],a->h_aliases[i],j);
- }
- ret->h_length=a->h_length;
- ret->h_addrtype=a->h_addrtype;
- for (i=0; a->h_addr_list[i] != NULL; i++)
- {
- if ((ret->h_addr_list[i]=OPENSSL_malloc(a->h_length)) == NULL)
- goto err;
- memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);
- }
- if (0)
- {
-err:
- if (ret != NULL)
- ghbn_free(ret);
- ret=NULL;
- }
- MemCheck_on();
- return(ret);
- }
-
-static void ghbn_free(struct hostent *a)
- {
- int i;
-
- if(a == NULL)
- return;
-
- if (a->h_aliases != NULL)
- {
- for (i=0; a->h_aliases[i] != NULL; i++)
- OPENSSL_free(a->h_aliases[i]);
- OPENSSL_free(a->h_aliases);
- }
- if (a->h_addr_list != NULL)
- {
- for (i=0; a->h_addr_list[i] != NULL; i++)
- OPENSSL_free(a->h_addr_list[i]);
- OPENSSL_free(a->h_addr_list);
- }
- if (a->h_name != NULL) OPENSSL_free(a->h_name);
- OPENSSL_free(a);
- }
-
-#endif
-
-struct hostent *BIO_gethostbyname(const char *name)
- {
-#if 1
- /* Caching gethostbyname() results forever is wrong,
- * so we have to let the true gethostbyname() worry about this */
-#if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
- return gethostbyname((char*)name);
-#else
- return gethostbyname(name);
-#endif
-#else
- struct hostent *ret;
- int i,lowi=0,j;
- unsigned long low= (unsigned long)-1;
-
-
-# if 0
- /* It doesn't make sense to use locking here: The function interface
- * is not thread-safe, because threads can never be sure when
- * some other thread destroys the data they were given a pointer to.
- */
- CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
-# endif
- j=strlen(name);
- if (j < 128)
- {
- for (i=0; i<GHBN_NUM; i++)
- {
- if (low > ghbn_cache[i].order)
- {
- low=ghbn_cache[i].order;
- lowi=i;
- }
- if (ghbn_cache[i].order > 0)
- {
- if (strncmp(name,ghbn_cache[i].name,128) == 0)
- break;
- }
- }
- }
- else
- i=GHBN_NUM;
-
- if (i == GHBN_NUM) /* no hit*/
- {
- BIO_ghbn_miss++;
- /* Note: under VMS with SOCKETSHR, it seems like the first
- * parameter is 'char *', instead of 'const char *'
- */
-# ifndef CONST_STRICT
- ret=gethostbyname((char *)name);
-# else
- ret=gethostbyname(name);
-# endif
-
- if (ret == NULL)
- goto end;
- if (j > 128) /* too big to cache */
- {
-# if 0
- /* If we were trying to make this function thread-safe (which
- * is bound to fail), we'd have to give up in this case
- * (or allocate more memory). */
- ret = NULL;
-# endif
- goto end;
- }
-
- /* else add to cache */
- if (ghbn_cache[lowi].ent != NULL)
- ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */
- ghbn_cache[lowi].name[0] = '\0';
-
- if((ret=ghbn_cache[lowi].ent=ghbn_dup(ret)) == NULL)
- {
- BIOerr(BIO_F_BIO_GETHOSTBYNAME,ERR_R_MALLOC_FAILURE);
- goto end;
- }
- strncpy(ghbn_cache[lowi].name,name,128);
- ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;
- }
- else
- {
- BIO_ghbn_hits++;
- ret= ghbn_cache[i].ent;
- ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
- }
-end:
-# if 0
- CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
-# endif
- return(ret);
-#endif
- }
-
-
-int BIO_sock_init(void)
- {
-#ifdef OPENSSL_SYS_WINDOWS
- static struct WSAData wsa_state;
-
- if (!wsa_init_done)
- {
- int err;
-
- wsa_init_done=1;
- memset(&wsa_state,0,sizeof(wsa_state));
- if (WSAStartup(0x0101,&wsa_state)!=0)
- {
- err=WSAGetLastError();
- SYSerr(SYS_F_WSASTARTUP,err);
- BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);
- return(-1);
- }
- }
-#endif /* OPENSSL_SYS_WINDOWS */
-#ifdef WATT32
- extern int _watt_do_exit;
- _watt_do_exit = 0; /* don't make sock_init() call exit() */
- if (sock_init())
- return (-1);
-#endif
-
-#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
- WORD wVerReq;
- WSADATA wsaData;
- int err;
-
- if (!wsa_init_done)
- {
- wsa_init_done=1;
- wVerReq = MAKEWORD( 2, 0 );
- err = WSAStartup(wVerReq,&wsaData);
- if (err != 0)
- {
- SYSerr(SYS_F_WSASTARTUP,err);
- BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);
- return(-1);
- }
- }
-#endif
-
- return(1);
- }
-
-void BIO_sock_cleanup(void)
- {
-#ifdef OPENSSL_SYS_WINDOWS
- if (wsa_init_done)
- {
- wsa_init_done=0;
-#ifndef OPENSSL_SYS_WINCE
- WSACancelBlockingCall(); /* Winsock 1.1 specific */
-#endif
- WSACleanup();
- }
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
- if (wsa_init_done)
- {
- wsa_init_done=0;
- WSACleanup();
- }
-#endif
- }
-
-#if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
-
-int BIO_socket_ioctl(int fd, long type, void *arg)
- {
- int i;
-
-#ifdef __DJGPP__
- i=ioctlsocket(fd,type,(char *)arg);
-#else
- i=ioctlsocket(fd,type,arg);
-#endif /* __DJGPP__ */
- if (i < 0)
- SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
- return(i);
- }
-#endif /* __VMS_VER */
-
-/* The reason I have implemented this instead of using sscanf is because
- * Visual C 1.52c gives an unresolved external when linking a DLL :-( */
-static int get_ip(const char *str, unsigned char ip[4])
- {
- unsigned int tmp[4];
- int num=0,c,ok=0;
-
- tmp[0]=tmp[1]=tmp[2]=tmp[3]=0;
-
- for (;;)
- {
- c= *(str++);
- if ((c >= '0') && (c <= '9'))
- {
- ok=1;
- tmp[num]=tmp[num]*10+c-'0';
- if (tmp[num] > 255) return(0);
- }
- else if (c == '.')
- {
- if (!ok) return(-1);
- if (num == 3) return(0);
- num++;
- ok=0;
- }
- else if (c == '\0' && (num == 3) && ok)
- break;
- else
- return(0);
- }
- ip[0]=tmp[0];
- ip[1]=tmp[1];
- ip[2]=tmp[2];
- ip[3]=tmp[3];
- return(1);
- }
-
-int BIO_get_accept_socket(char *host, int bind_mode)
- {
- int ret=0;
- struct sockaddr_in server,client;
- int s=INVALID_SOCKET,cs;
- unsigned char ip[4];
- unsigned short port;
- char *str=NULL,*e;
- const char *h,*p;
- unsigned long l;
- int err_num;
-
- if (BIO_sock_init() != 1) return(INVALID_SOCKET);
-
- if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
-
- h=p=NULL;
- h=str;
- for (e=str; *e; e++)
- {
- if (*e == ':')
- {
- p= &(e[1]);
- *e='\0';
- }
- else if (*e == '/')
- {
- *e='\0';
- break;
- }
- }
-
- if (p == NULL)
- {
- p=h;
- h="*";
- }
-
- if (!BIO_get_port(p,&port)) goto err;
-
- memset((char *)&server,0,sizeof(server));
- server.sin_family=AF_INET;
- server.sin_port=htons(port);
-
- if (strcmp(h,"*") == 0)
- server.sin_addr.s_addr=INADDR_ANY;
- else
- {
- if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
- l=(unsigned long)
- ((unsigned long)ip[0]<<24L)|
- ((unsigned long)ip[1]<<16L)|
- ((unsigned long)ip[2]<< 8L)|
- ((unsigned long)ip[3]);
- server.sin_addr.s_addr=htonl(l);
- }
-
-again:
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- if (s == INVALID_SOCKET)
- {
- SYSerr(SYS_F_SOCKET,get_last_socket_error());
- ERR_add_error_data(3,"port='",host,"'");
- BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET);
- goto err;
- }
-
-#ifdef SO_REUSEADDR
- if (bind_mode == BIO_BIND_REUSEADDR)
- {
- int i=1;
-
- ret=setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char *)&i,sizeof(i));
- bind_mode=BIO_BIND_NORMAL;
- }
-#endif
- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
- {
-#ifdef SO_REUSEADDR
- err_num=get_last_socket_error();
- if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
-#ifdef OPENSSL_SYS_WINDOWS
- /* Some versions of Windows define EADDRINUSE to
- * a dummy value.
- */
- (err_num == WSAEADDRINUSE))
-#else
- (err_num == EADDRINUSE))
-#endif
- {
- memcpy((char *)&client,(char *)&server,sizeof(server));
- if (strcmp(h,"*") == 0)
- client.sin_addr.s_addr=htonl(0x7F000001);
- cs=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- if (cs != INVALID_SOCKET)
- {
- int ii;
- ii=connect(cs,(struct sockaddr *)&client,
- sizeof(client));
- closesocket(cs);
- if (ii == INVALID_SOCKET)
- {
- bind_mode=BIO_BIND_REUSEADDR;
- closesocket(s);
- goto again;
- }
- /* else error */
- }
- /* else error */
- }
-#endif
- SYSerr(SYS_F_BIND,err_num);
- ERR_add_error_data(3,"port='",host,"'");
- BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET);
- goto err;
- }
- if (listen(s,MAX_LISTEN) == -1)
- {
- SYSerr(SYS_F_BIND,get_last_socket_error());
- ERR_add_error_data(3,"port='",host,"'");
- BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_LISTEN_SOCKET);
- goto err;
- }
- ret=1;
-err:
- if (str != NULL) OPENSSL_free(str);
- if ((ret == 0) && (s != INVALID_SOCKET))
- {
- closesocket(s);
- s= INVALID_SOCKET;
- }
- return(s);
- }
-
-int BIO_accept(int sock, char **addr)
- {
- int ret=INVALID_SOCKET;
- static struct sockaddr_in from;
- unsigned long l;
- unsigned short port;
- int len;
- char *p;
-
- memset((char *)&from,0,sizeof(from));
- len=sizeof(from);
- /* Note: under VMS with SOCKETSHR the fourth parameter is currently
- * of type (int *) whereas under other systems it is (void *) if
- * you don't have a cast it will choke the compiler: if you do
- * have a cast then you can either go for (int *) or (void *).
- */
- ret=accept(sock,(struct sockaddr *)&from,(void *)&len);
- if (ret == INVALID_SOCKET)
- {
- if(BIO_sock_should_retry(ret)) return -2;
- SYSerr(SYS_F_ACCEPT,get_last_socket_error());
- BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
- goto end;
- }
-
- if (addr == NULL) goto end;
-
- l=ntohl(from.sin_addr.s_addr);
- port=ntohs(from.sin_port);
- if (*addr == NULL)
- {
- if ((p=OPENSSL_malloc(24)) == NULL)
- {
- BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
- goto end;
- }
- *addr=p;
- }
- BIO_snprintf(*addr,24,"%d.%d.%d.%d:%d",
- (unsigned char)(l>>24L)&0xff,
- (unsigned char)(l>>16L)&0xff,
- (unsigned char)(l>> 8L)&0xff,
- (unsigned char)(l )&0xff,
- port);
-end:
- return(ret);
- }
-
-int BIO_set_tcp_ndelay(int s, int on)
- {
- int ret=0;
-#if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
- int opt;
-
-#ifdef SOL_TCP
- opt=SOL_TCP;
-#else
-#ifdef IPPROTO_TCP
- opt=IPPROTO_TCP;
-#endif
-#endif
-
- ret=setsockopt(s,opt,TCP_NODELAY,(char *)&on,sizeof(on));
-#endif
- return(ret == 0);
- }
-#endif
-
-int BIO_socket_nbio(int s, int mode)
- {
- int ret= -1;
- int l;
-
- l=mode;
-#ifdef FIONBIO
- ret=BIO_socket_ioctl(s,FIONBIO,&l);
-#endif
- return(ret == 0);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/b_sock.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/b_sock.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/b_sock.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/b_sock.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,758 @@
+/* crypto/bio/b_sock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
+# include <netdb.h>
+# if defined(NETWARE_CLIB)
+# include <sys/ioctl.h>
+NETDB_DEFINE_CONTEXT
+# endif
+#endif
+#ifndef OPENSSL_NO_SOCK
+# ifdef OPENSSL_SYS_WIN16
+# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+# else
+# define SOCKET_PROTOCOL IPPROTO_TCP
+# endif
+# ifdef SO_MAXCONN
+# define MAX_LISTEN SO_MAXCONN
+# elif defined(SOMAXCONN)
+# define MAX_LISTEN SOMAXCONN
+# else
+# define MAX_LISTEN 32
+# endif
+# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+static int wsa_init_done = 0;
+# endif
+
+# if 0
+static unsigned long BIO_ghbn_hits = 0L;
+static unsigned long BIO_ghbn_miss = 0L;
+
+# define GHBN_NUM 4
+static struct ghbn_cache_st {
+ char name[129];
+ struct hostent *ent;
+ unsigned long order;
+} ghbn_cache[GHBN_NUM];
+# endif
+
+static int get_ip(const char *str, unsigned char *ip);
+# if 0
+static void ghbn_free(struct hostent *a);
+static struct hostent *ghbn_dup(struct hostent *a);
+# endif
+int BIO_get_host_ip(const char *str, unsigned char *ip)
+{
+ int i;
+ int err = 1;
+ int locked = 0;
+ struct hostent *he;
+
+ i = get_ip(str, ip);
+ if (i < 0) {
+ BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_INVALID_IP_ADDRESS);
+ goto err;
+ }
+
+ /*
+ * At this point, we have something that is most probably correct in some
+ * way, so let's init the socket.
+ */
+ if (BIO_sock_init() != 1)
+ return 0; /* don't generate another error code here */
+
+ /*
+ * If the string actually contained an IP address, we need not do
+ * anything more
+ */
+ if (i > 0)
+ return (1);
+
+ /* do a gethostbyname */
+ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+ locked = 1;
+ he = BIO_gethostbyname(str);
+ if (he == NULL) {
+ BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP);
+ goto err;
+ }
+
+ /* cast to short because of win16 winsock definition */
+ if ((short)he->h_addrtype != AF_INET) {
+ BIOerr(BIO_F_BIO_GET_HOST_IP,
+ BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+ goto err;
+ }
+ for (i = 0; i < 4; i++)
+ ip[i] = he->h_addr_list[0][i];
+ err = 0;
+
+ err:
+ if (locked)
+ CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+ if (err) {
+ ERR_add_error_data(2, "host=", str);
+ return 0;
+ } else
+ return 1;
+}
+
+int BIO_get_port(const char *str, unsigned short *port_ptr)
+{
+ int i;
+ struct servent *s;
+
+ if (str == NULL) {
+ BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_DEFINED);
+ return (0);
+ }
+ i = atoi(str);
+ if (i != 0)
+ *port_ptr = (unsigned short)i;
+ else {
+ CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);
+ /*
+ * Note: under VMS with SOCKETSHR, it seems like the first parameter
+ * is 'char *', instead of 'const char *'
+ */
+# ifndef CONST_STRICT
+ s = getservbyname((char *)str, "tcp");
+# else
+ s = getservbyname(str, "tcp");
+# endif
+ if (s != NULL)
+ *port_ptr = ntohs((unsigned short)s->s_port);
+ CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
+ if (s == NULL) {
+ if (strcmp(str, "http") == 0)
+ *port_ptr = 80;
+ else if (strcmp(str, "telnet") == 0)
+ *port_ptr = 23;
+ else if (strcmp(str, "socks") == 0)
+ *port_ptr = 1080;
+ else if (strcmp(str, "https") == 0)
+ *port_ptr = 443;
+ else if (strcmp(str, "ssl") == 0)
+ *port_ptr = 443;
+ else if (strcmp(str, "ftp") == 0)
+ *port_ptr = 21;
+ else if (strcmp(str, "gopher") == 0)
+ *port_ptr = 70;
+# if 0
+ else if (strcmp(str, "wais") == 0)
+ *port_ptr = 21;
+# endif
+ else {
+ SYSerr(SYS_F_GETSERVBYNAME, get_last_socket_error());
+ ERR_add_error_data(3, "service='", str, "'");
+ return (0);
+ }
+ }
+ }
+ return (1);
+}
+
+int BIO_sock_error(int sock)
+{
+ int j, i;
+ int size;
+
+ size = sizeof(int);
+ /*
+ * Note: under Windows the third parameter is of type (char *) whereas
+ * under other systems it is (void *) if you don't have a cast it will
+ * choke the compiler: if you do have a cast then you can either go for
+ * (char *) or (void *).
+ */
+ i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, (void *)&size);
+ if (i < 0)
+ return (1);
+ else
+ return (j);
+}
+
+# if 0
+long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
+{
+ int i;
+ char **p;
+
+ switch (cmd) {
+ case BIO_GHBN_CTRL_HITS:
+ return (BIO_ghbn_hits);
+ /* break; */
+ case BIO_GHBN_CTRL_MISSES:
+ return (BIO_ghbn_miss);
+ /* break; */
+ case BIO_GHBN_CTRL_CACHE_SIZE:
+ return (GHBN_NUM);
+ /* break; */
+ case BIO_GHBN_CTRL_GET_ENTRY:
+ if ((iarg >= 0) && (iarg < GHBN_NUM) && (ghbn_cache[iarg].order > 0)) {
+ p = (char **)parg;
+ if (p == NULL)
+ return (0);
+ *p = ghbn_cache[iarg].name;
+ ghbn_cache[iarg].name[128] = '\0';
+ return (1);
+ }
+ return (0);
+ /* break; */
+ case BIO_GHBN_CTRL_FLUSH:
+ for (i = 0; i < GHBN_NUM; i++)
+ ghbn_cache[i].order = 0;
+ break;
+ default:
+ return (0);
+ }
+ return (1);
+}
+# endif
+
+# if 0
+static struct hostent *ghbn_dup(struct hostent *a)
+{
+ struct hostent *ret;
+ int i, j;
+
+ MemCheck_off();
+ ret = (struct hostent *)OPENSSL_malloc(sizeof(struct hostent));
+ if (ret == NULL)
+ return (NULL);
+ memset(ret, 0, sizeof(struct hostent));
+
+ for (i = 0; a->h_aliases[i] != NULL; i++) ;
+ i++;
+ ret->h_aliases = (char **)OPENSSL_malloc(i * sizeof(char *));
+ if (ret->h_aliases == NULL)
+ goto err;
+ memset(ret->h_aliases, 0, i * sizeof(char *));
+
+ for (i = 0; a->h_addr_list[i] != NULL; i++) ;
+ i++;
+ ret->h_addr_list = (char **)OPENSSL_malloc(i * sizeof(char *));
+ if (ret->h_addr_list == NULL)
+ goto err;
+ memset(ret->h_addr_list, 0, i * sizeof(char *));
+
+ j = strlen(a->h_name) + 1;
+ if ((ret->h_name = OPENSSL_malloc(j)) == NULL)
+ goto err;
+ memcpy((char *)ret->h_name, a->h_name, j);
+ for (i = 0; a->h_aliases[i] != NULL; i++) {
+ j = strlen(a->h_aliases[i]) + 1;
+ if ((ret->h_aliases[i] = OPENSSL_malloc(j)) == NULL)
+ goto err;
+ memcpy(ret->h_aliases[i], a->h_aliases[i], j);
+ }
+ ret->h_length = a->h_length;
+ ret->h_addrtype = a->h_addrtype;
+ for (i = 0; a->h_addr_list[i] != NULL; i++) {
+ if ((ret->h_addr_list[i] = OPENSSL_malloc(a->h_length)) == NULL)
+ goto err;
+ memcpy(ret->h_addr_list[i], a->h_addr_list[i], a->h_length);
+ }
+ if (0) {
+ err:
+ if (ret != NULL)
+ ghbn_free(ret);
+ ret = NULL;
+ }
+ MemCheck_on();
+ return (ret);
+}
+
+static void ghbn_free(struct hostent *a)
+{
+ int i;
+
+ if (a == NULL)
+ return;
+
+ if (a->h_aliases != NULL) {
+ for (i = 0; a->h_aliases[i] != NULL; i++)
+ OPENSSL_free(a->h_aliases[i]);
+ OPENSSL_free(a->h_aliases);
+ }
+ if (a->h_addr_list != NULL) {
+ for (i = 0; a->h_addr_list[i] != NULL; i++)
+ OPENSSL_free(a->h_addr_list[i]);
+ OPENSSL_free(a->h_addr_list);
+ }
+ if (a->h_name != NULL)
+ OPENSSL_free(a->h_name);
+ OPENSSL_free(a);
+}
+
+# endif
+
+struct hostent *BIO_gethostbyname(const char *name)
+{
+# if 1
+ /*
+ * Caching gethostbyname() results forever is wrong, so we have to let
+ * the true gethostbyname() worry about this
+ */
+# if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
+ return gethostbyname((char *)name);
+# else
+ return gethostbyname(name);
+# endif
+# else
+ struct hostent *ret;
+ int i, lowi = 0, j;
+ unsigned long low = (unsigned long)-1;
+
+# if 0
+ /*
+ * It doesn't make sense to use locking here: The function interface is
+ * not thread-safe, because threads can never be sure when some other
+ * thread destroys the data they were given a pointer to.
+ */
+ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+# endif
+ j = strlen(name);
+ if (j < 128) {
+ for (i = 0; i < GHBN_NUM; i++) {
+ if (low > ghbn_cache[i].order) {
+ low = ghbn_cache[i].order;
+ lowi = i;
+ }
+ if (ghbn_cache[i].order > 0) {
+ if (strncmp(name, ghbn_cache[i].name, 128) == 0)
+ break;
+ }
+ }
+ } else
+ i = GHBN_NUM;
+
+ if (i == GHBN_NUM) { /* no hit */
+ BIO_ghbn_miss++;
+ /*
+ * Note: under VMS with SOCKETSHR, it seems like the first parameter
+ * is 'char *', instead of 'const char *'
+ */
+# ifndef CONST_STRICT
+ ret = gethostbyname((char *)name);
+# else
+ ret = gethostbyname(name);
+# endif
+
+ if (ret == NULL)
+ goto end;
+ if (j > 128) { /* too big to cache */
+# if 0
+ /*
+ * If we were trying to make this function thread-safe (which is
+ * bound to fail), we'd have to give up in this case (or allocate
+ * more memory).
+ */
+ ret = NULL;
+# endif
+ goto end;
+ }
+
+ /* else add to cache */
+ if (ghbn_cache[lowi].ent != NULL)
+ ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */
+ ghbn_cache[lowi].name[0] = '\0';
+
+ if ((ret = ghbn_cache[lowi].ent = ghbn_dup(ret)) == NULL) {
+ BIOerr(BIO_F_BIO_GETHOSTBYNAME, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+ strncpy(ghbn_cache[lowi].name, name, 128);
+ ghbn_cache[lowi].order = BIO_ghbn_miss + BIO_ghbn_hits;
+ } else {
+ BIO_ghbn_hits++;
+ ret = ghbn_cache[i].ent;
+ ghbn_cache[i].order = BIO_ghbn_miss + BIO_ghbn_hits;
+ }
+ end:
+# if 0
+ CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+# endif
+ return (ret);
+# endif
+}
+
+int BIO_sock_init(void)
+{
+# ifdef OPENSSL_SYS_WINDOWS
+ static struct WSAData wsa_state;
+
+ if (!wsa_init_done) {
+ int err;
+
+ wsa_init_done = 1;
+ memset(&wsa_state, 0, sizeof(wsa_state));
+ if (WSAStartup(0x0101, &wsa_state) != 0) {
+ err = WSAGetLastError();
+ SYSerr(SYS_F_WSASTARTUP, err);
+ BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP);
+ return (-1);
+ }
+ }
+# endif /* OPENSSL_SYS_WINDOWS */
+# ifdef WATT32
+ extern int _watt_do_exit;
+ _watt_do_exit = 0; /* don't make sock_init() call exit() */
+ if (sock_init())
+ return (-1);
+# endif
+
+# if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+ WORD wVerReq;
+ WSADATA wsaData;
+ int err;
+
+ if (!wsa_init_done) {
+ wsa_init_done = 1;
+ wVerReq = MAKEWORD(2, 0);
+ err = WSAStartup(wVerReq, &wsaData);
+ if (err != 0) {
+ SYSerr(SYS_F_WSASTARTUP, err);
+ BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP);
+ return (-1);
+ }
+ }
+# endif
+
+ return (1);
+}
+
+void BIO_sock_cleanup(void)
+{
+# ifdef OPENSSL_SYS_WINDOWS
+ if (wsa_init_done) {
+ wsa_init_done = 0;
+# ifndef OPENSSL_SYS_WINCE
+ WSACancelBlockingCall(); /* Winsock 1.1 specific */
+# endif
+ WSACleanup();
+ }
+# elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
+ if (wsa_init_done) {
+ wsa_init_done = 0;
+ WSACleanup();
+ }
+# endif
+}
+
+# if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
+
+int BIO_socket_ioctl(int fd, long type, void *arg)
+{
+ int i;
+
+# ifdef __DJGPP__
+ i = ioctlsocket(fd, type, (char *)arg);
+# else
+ i = ioctlsocket(fd, type, arg);
+# endif /* __DJGPP__ */
+ if (i < 0)
+ SYSerr(SYS_F_IOCTLSOCKET, get_last_socket_error());
+ return (i);
+}
+# endif /* __VMS_VER */
+
+/*
+ * The reason I have implemented this instead of using sscanf is because
+ * Visual C 1.52c gives an unresolved external when linking a DLL :-(
+ */
+static int get_ip(const char *str, unsigned char ip[4])
+{
+ unsigned int tmp[4];
+ int num = 0, c, ok = 0;
+
+ tmp[0] = tmp[1] = tmp[2] = tmp[3] = 0;
+
+ for (;;) {
+ c = *(str++);
+ if ((c >= '0') && (c <= '9')) {
+ ok = 1;
+ tmp[num] = tmp[num] * 10 + c - '0';
+ if (tmp[num] > 255)
+ return (0);
+ } else if (c == '.') {
+ if (!ok)
+ return (-1);
+ if (num == 3)
+ return (0);
+ num++;
+ ok = 0;
+ } else if (c == '\0' && (num == 3) && ok)
+ break;
+ else
+ return (0);
+ }
+ ip[0] = tmp[0];
+ ip[1] = tmp[1];
+ ip[2] = tmp[2];
+ ip[3] = tmp[3];
+ return (1);
+}
+
+int BIO_get_accept_socket(char *host, int bind_mode)
+{
+ int ret = 0;
+ struct sockaddr_in server, client;
+ int s = INVALID_SOCKET, cs;
+ unsigned char ip[4];
+ unsigned short port;
+ char *str = NULL, *e;
+ const char *h, *p;
+ unsigned long l;
+ int err_num;
+
+ if (BIO_sock_init() != 1)
+ return (INVALID_SOCKET);
+
+ if ((str = BUF_strdup(host)) == NULL)
+ return (INVALID_SOCKET);
+
+ h = p = NULL;
+ h = str;
+ for (e = str; *e; e++) {
+ if (*e == ':') {
+ p = &(e[1]);
+ *e = '\0';
+ } else if (*e == '/') {
+ *e = '\0';
+ break;
+ }
+ }
+
+ if (p == NULL) {
+ p = h;
+ h = "*";
+ }
+
+ if (!BIO_get_port(p, &port))
+ goto err;
+
+ memset((char *)&server, 0, sizeof(server));
+ server.sin_family = AF_INET;
+ server.sin_port = htons(port);
+
+ if (strcmp(h, "*") == 0)
+ server.sin_addr.s_addr = INADDR_ANY;
+ else {
+ if (!BIO_get_host_ip(h, &(ip[0])))
+ goto err;
+ l = (unsigned long)
+ ((unsigned long)ip[0] << 24L) |
+ ((unsigned long)ip[1] << 16L) |
+ ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
+ server.sin_addr.s_addr = htonl(l);
+ }
+
+ again:
+ s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+ if (s == INVALID_SOCKET) {
+ SYSerr(SYS_F_SOCKET, get_last_socket_error());
+ ERR_add_error_data(3, "port='", host, "'");
+ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET);
+ goto err;
+ }
+# ifdef SO_REUSEADDR
+ if (bind_mode == BIO_BIND_REUSEADDR) {
+ int i = 1;
+
+ ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&i, sizeof(i));
+ bind_mode = BIO_BIND_NORMAL;
+ }
+# endif
+ if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
+# ifdef SO_REUSEADDR
+ err_num = get_last_socket_error();
+ if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) &&
+# ifdef OPENSSL_SYS_WINDOWS
+ /*
+ * Some versions of Windows define EADDRINUSE to a dummy value.
+ */
+ (err_num == WSAEADDRINUSE))
+# else
+ (err_num == EADDRINUSE))
+# endif
+ {
+ memcpy((char *)&client, (char *)&server, sizeof(server));
+ if (strcmp(h, "*") == 0)
+ client.sin_addr.s_addr = htonl(0x7F000001);
+ cs = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+ if (cs != INVALID_SOCKET) {
+ int ii;
+ ii = connect(cs, (struct sockaddr *)&client, sizeof(client));
+ closesocket(cs);
+ if (ii == INVALID_SOCKET) {
+ bind_mode = BIO_BIND_REUSEADDR;
+ closesocket(s);
+ goto again;
+ }
+ /* else error */
+ }
+ /* else error */
+ }
+# endif
+ SYSerr(SYS_F_BIND, err_num);
+ ERR_add_error_data(3, "port='", host, "'");
+ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_BIND_SOCKET);
+ goto err;
+ }
+ if (listen(s, MAX_LISTEN) == -1) {
+ SYSerr(SYS_F_BIND, get_last_socket_error());
+ ERR_add_error_data(3, "port='", host, "'");
+ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_LISTEN_SOCKET);
+ goto err;
+ }
+ ret = 1;
+ err:
+ if (str != NULL)
+ OPENSSL_free(str);
+ if ((ret == 0) && (s != INVALID_SOCKET)) {
+ closesocket(s);
+ s = INVALID_SOCKET;
+ }
+ return (s);
+}
+
+int BIO_accept(int sock, char **addr)
+{
+ int ret = INVALID_SOCKET;
+ static struct sockaddr_in from;
+ unsigned long l;
+ unsigned short port;
+ int len;
+ char *p;
+
+ memset((char *)&from, 0, sizeof(from));
+ len = sizeof(from);
+ /*
+ * Note: under VMS with SOCKETSHR the fourth parameter is currently of
+ * type (int *) whereas under other systems it is (void *) if you don't
+ * have a cast it will choke the compiler: if you do have a cast then you
+ * can either go for (int *) or (void *).
+ */
+ ret = accept(sock, (struct sockaddr *)&from, (void *)&len);
+ if (ret == INVALID_SOCKET) {
+ if (BIO_sock_should_retry(ret))
+ return -2;
+ SYSerr(SYS_F_ACCEPT, get_last_socket_error());
+ BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR);
+ goto end;
+ }
+
+ if (addr == NULL)
+ goto end;
+
+ l = ntohl(from.sin_addr.s_addr);
+ port = ntohs(from.sin_port);
+ if (*addr == NULL) {
+ if ((p = OPENSSL_malloc(24)) == NULL) {
+ BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+ *addr = p;
+ }
+ BIO_snprintf(*addr, 24, "%d.%d.%d.%d:%d",
+ (unsigned char)(l >> 24L) & 0xff,
+ (unsigned char)(l >> 16L) & 0xff,
+ (unsigned char)(l >> 8L) & 0xff,
+ (unsigned char)(l) & 0xff, port);
+ end:
+ return (ret);
+}
+
+int BIO_set_tcp_ndelay(int s, int on)
+{
+ int ret = 0;
+# if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
+ int opt;
+
+# ifdef SOL_TCP
+ opt = SOL_TCP;
+# else
+# ifdef IPPROTO_TCP
+ opt = IPPROTO_TCP;
+# endif
+# endif
+
+ ret = setsockopt(s, opt, TCP_NODELAY, (char *)&on, sizeof(on));
+# endif
+ return (ret == 0);
+}
+#endif
+
+int BIO_socket_nbio(int s, int mode)
+{
+ int ret = -1;
+ int l;
+
+ l = mode;
+#ifdef FIONBIO
+ ret = BIO_socket_ioctl(s, FIONBIO, &l);
+#endif
+ return (ret == 0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_buff.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bf_buff.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_buff.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,512 +0,0 @@
-/* crypto/bio/bf_buff.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-static int buffer_write(BIO *h, const char *buf,int num);
-static int buffer_read(BIO *h, char *buf, int size);
-static int buffer_puts(BIO *h, const char *str);
-static int buffer_gets(BIO *h, char *str, int size);
-static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int buffer_new(BIO *h);
-static int buffer_free(BIO *data);
-static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-#define DEFAULT_BUFFER_SIZE 4096
-
-static BIO_METHOD methods_buffer=
- {
- BIO_TYPE_BUFFER,
- "buffer",
- buffer_write,
- buffer_read,
- buffer_puts,
- buffer_gets,
- buffer_ctrl,
- buffer_new,
- buffer_free,
- buffer_callback_ctrl,
- };
-
-BIO_METHOD *BIO_f_buffer(void)
- {
- return(&methods_buffer);
- }
-
-static int buffer_new(BIO *bi)
- {
- BIO_F_BUFFER_CTX *ctx;
-
- ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));
- if (ctx == NULL) return(0);
- ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
- if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); }
- ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
- if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); }
- ctx->ibuf_size=DEFAULT_BUFFER_SIZE;
- ctx->obuf_size=DEFAULT_BUFFER_SIZE;
- ctx->ibuf_len=0;
- ctx->ibuf_off=0;
- ctx->obuf_len=0;
- ctx->obuf_off=0;
-
- bi->init=1;
- bi->ptr=(char *)ctx;
- bi->flags=0;
- return(1);
- }
-
-static int buffer_free(BIO *a)
- {
- BIO_F_BUFFER_CTX *b;
-
- if (a == NULL) return(0);
- b=(BIO_F_BUFFER_CTX *)a->ptr;
- if (b->ibuf != NULL) OPENSSL_free(b->ibuf);
- if (b->obuf != NULL) OPENSSL_free(b->obuf);
- OPENSSL_free(a->ptr);
- a->ptr=NULL;
- a->init=0;
- a->flags=0;
- return(1);
- }
-
-static int buffer_read(BIO *b, char *out, int outl)
- {
- int i,num=0;
- BIO_F_BUFFER_CTX *ctx;
-
- if (out == NULL) return(0);
- ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-
- if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
- num=0;
- BIO_clear_retry_flags(b);
-
-start:
- i=ctx->ibuf_len;
- /* If there is stuff left over, grab it */
- if (i != 0)
- {
- if (i > outl) i=outl;
- memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i);
- ctx->ibuf_off+=i;
- ctx->ibuf_len-=i;
- num+=i;
- if (outl == i) return(num);
- outl-=i;
- out+=i;
- }
-
- /* We may have done a partial read. try to do more.
- * We have nothing in the buffer.
- * If we get an error and have read some data, just return it
- * and let them retry to get the error again.
- * copy direct to parent address space */
- if (outl > ctx->ibuf_size)
- {
- for (;;)
- {
- i=BIO_read(b->next_bio,out,outl);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- if (i < 0) return((num > 0)?num:i);
- if (i == 0) return(num);
- }
- num+=i;
- if (outl == i) return(num);
- out+=i;
- outl-=i;
- }
- }
- /* else */
-
- /* we are going to be doing some buffering */
- i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- if (i < 0) return((num > 0)?num:i);
- if (i == 0) return(num);
- }
- ctx->ibuf_off=0;
- ctx->ibuf_len=i;
-
- /* Lets re-read using ourselves :-) */
- goto start;
- }
-
-static int buffer_write(BIO *b, const char *in, int inl)
- {
- int i,num=0;
- BIO_F_BUFFER_CTX *ctx;
-
- if ((in == NULL) || (inl <= 0)) return(0);
- ctx=(BIO_F_BUFFER_CTX *)b->ptr;
- if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
- BIO_clear_retry_flags(b);
-start:
- i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off);
- /* add to buffer and return */
- if (i >= inl)
- {
- memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,inl);
- ctx->obuf_len+=inl;
- return(num+inl);
- }
- /* else */
- /* stuff already in buffer, so add to it first, then flush */
- if (ctx->obuf_len != 0)
- {
- if (i > 0) /* lets fill it up if we can */
- {
- memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,i);
- in+=i;
- inl-=i;
- num+=i;
- ctx->obuf_len+=i;
- }
- /* we now have a full buffer needing flushing */
- for (;;)
- {
- i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]),
- ctx->obuf_len);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
-
- if (i < 0) return((num > 0)?num:i);
- if (i == 0) return(num);
- }
- ctx->obuf_off+=i;
- ctx->obuf_len-=i;
- if (ctx->obuf_len == 0) break;
- }
- }
- /* we only get here if the buffer has been flushed and we
- * still have stuff to write */
- ctx->obuf_off=0;
-
- /* we now have inl bytes to write */
- while (inl >= ctx->obuf_size)
- {
- i=BIO_write(b->next_bio,in,inl);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- if (i < 0) return((num > 0)?num:i);
- if (i == 0) return(num);
- }
- num+=i;
- in+=i;
- inl-=i;
- if (inl == 0) return(num);
- }
-
- /* copy the rest into the buffer since we have only a small
- * amount left */
- goto start;
- }
-
-static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- BIO *dbio;
- BIO_F_BUFFER_CTX *ctx;
- long ret=1;
- char *p1,*p2;
- int r,i,*ip;
- int ibs,obs;
-
- ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- ctx->ibuf_off=0;
- ctx->ibuf_len=0;
- ctx->obuf_off=0;
- ctx->obuf_len=0;
- if (b->next_bio == NULL) return(0);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_INFO:
- ret=(long)ctx->obuf_len;
- break;
- case BIO_C_GET_BUFF_NUM_LINES:
- ret=0;
- p1=ctx->ibuf;
- for (i=0; i<ctx->ibuf_len; i++)
- {
- if (p1[ctx->ibuf_off + i] == '\n') ret++;
- }
- break;
- case BIO_CTRL_WPENDING:
- ret=(long)ctx->obuf_len;
- if (ret == 0)
- {
- if (b->next_bio == NULL) return(0);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- }
- break;
- case BIO_CTRL_PENDING:
- ret=(long)ctx->ibuf_len;
- if (ret == 0)
- {
- if (b->next_bio == NULL) return(0);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- }
- break;
- case BIO_C_SET_BUFF_READ_DATA:
- if (num > ctx->ibuf_size)
- {
- p1=OPENSSL_malloc((int)num);
- if (p1 == NULL) goto malloc_error;
- if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf);
- ctx->ibuf=p1;
- }
- ctx->ibuf_off=0;
- ctx->ibuf_len=(int)num;
- memcpy(ctx->ibuf,ptr,(int)num);
- ret=1;
- break;
- case BIO_C_SET_BUFF_SIZE:
- if (ptr != NULL)
- {
- ip=(int *)ptr;
- if (*ip == 0)
- {
- ibs=(int)num;
- obs=ctx->obuf_size;
- }
- else /* if (*ip == 1) */
- {
- ibs=ctx->ibuf_size;
- obs=(int)num;
- }
- }
- else
- {
- ibs=(int)num;
- obs=(int)num;
- }
- p1=ctx->ibuf;
- p2=ctx->obuf;
- if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))
- {
- p1=(char *)OPENSSL_malloc((int)num);
- if (p1 == NULL) goto malloc_error;
- }
- if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))
- {
- p2=(char *)OPENSSL_malloc((int)num);
- if (p2 == NULL)
- {
- if (p1 != ctx->ibuf) OPENSSL_free(p1);
- goto malloc_error;
- }
- }
- if (ctx->ibuf != p1)
- {
- OPENSSL_free(ctx->ibuf);
- ctx->ibuf=p1;
- ctx->ibuf_off=0;
- ctx->ibuf_len=0;
- ctx->ibuf_size=ibs;
- }
- if (ctx->obuf != p2)
- {
- OPENSSL_free(ctx->obuf);
- ctx->obuf=p2;
- ctx->obuf_off=0;
- ctx->obuf_len=0;
- ctx->obuf_size=obs;
- }
- break;
- case BIO_C_DO_STATE_MACHINE:
- if (b->next_bio == NULL) return(0);
- BIO_clear_retry_flags(b);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- BIO_copy_next_retry(b);
- break;
-
- case BIO_CTRL_FLUSH:
- if (b->next_bio == NULL) return(0);
- if (ctx->obuf_len <= 0)
- {
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- }
-
- for (;;)
- {
- BIO_clear_retry_flags(b);
- if (ctx->obuf_len > 0)
- {
- r=BIO_write(b->next_bio,
- &(ctx->obuf[ctx->obuf_off]),
- ctx->obuf_len);
-#if 0
-fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r);
-#endif
- BIO_copy_next_retry(b);
- if (r <= 0) return((long)r);
- ctx->obuf_off+=r;
- ctx->obuf_len-=r;
- }
- else
- {
- ctx->obuf_len=0;
- ctx->obuf_off=0;
- ret=1;
- break;
- }
- }
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_DUP:
- dbio=(BIO *)ptr;
- if ( !BIO_set_read_buffer_size(dbio,ctx->ibuf_size) ||
- !BIO_set_write_buffer_size(dbio,ctx->obuf_size))
- ret=0;
- break;
- default:
- if (b->next_bio == NULL) return(0);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- }
- return(ret);
-malloc_error:
- BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- long ret=1;
-
- if (b->next_bio == NULL) return(0);
- switch (cmd)
- {
- default:
- ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
- break;
- }
- return(ret);
- }
-
-static int buffer_gets(BIO *b, char *buf, int size)
- {
- BIO_F_BUFFER_CTX *ctx;
- int num=0,i,flag;
- char *p;
-
- ctx=(BIO_F_BUFFER_CTX *)b->ptr;
- size--; /* reserve space for a '\0' */
- BIO_clear_retry_flags(b);
-
- for (;;)
- {
- if (ctx->ibuf_len > 0)
- {
- p= &(ctx->ibuf[ctx->ibuf_off]);
- flag=0;
- for (i=0; (i<ctx->ibuf_len) && (i<size); i++)
- {
- *(buf++)=p[i];
- if (p[i] == '\n')
- {
- flag=1;
- i++;
- break;
- }
- }
- num+=i;
- size-=i;
- ctx->ibuf_len-=i;
- ctx->ibuf_off+=i;
- if (flag || size == 0)
- {
- *buf='\0';
- return(num);
- }
- }
- else /* read another chunk */
- {
- i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- *buf='\0';
- if (i < 0) return((num > 0)?num:i);
- if (i == 0) return(num);
- }
- ctx->ibuf_len=i;
- ctx->ibuf_off=0;
- }
- }
- }
-
-static int buffer_puts(BIO *b, const char *str)
- {
- return(buffer_write(b,str,strlen(str)));
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_buff.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bf_buff.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_buff.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_buff.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,517 @@
+/* crypto/bio/bf_buff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+static int buffer_write(BIO *h, const char *buf, int num);
+static int buffer_read(BIO *h, char *buf, int size);
+static int buffer_puts(BIO *h, const char *str);
+static int buffer_gets(BIO *h, char *str, int size);
+static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int buffer_new(BIO *h);
+static int buffer_free(BIO *data);
+static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+#define DEFAULT_BUFFER_SIZE 4096
+
+static BIO_METHOD methods_buffer = {
+ BIO_TYPE_BUFFER,
+ "buffer",
+ buffer_write,
+ buffer_read,
+ buffer_puts,
+ buffer_gets,
+ buffer_ctrl,
+ buffer_new,
+ buffer_free,
+ buffer_callback_ctrl,
+};
+
+BIO_METHOD *BIO_f_buffer(void)
+{
+ return (&methods_buffer);
+}
+
+static int buffer_new(BIO *bi)
+{
+ BIO_F_BUFFER_CTX *ctx;
+
+ ctx = (BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));
+ if (ctx == NULL)
+ return (0);
+ ctx->ibuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+ if (ctx->ibuf == NULL) {
+ OPENSSL_free(ctx);
+ return (0);
+ }
+ ctx->obuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+ if (ctx->obuf == NULL) {
+ OPENSSL_free(ctx->ibuf);
+ OPENSSL_free(ctx);
+ return (0);
+ }
+ ctx->ibuf_size = DEFAULT_BUFFER_SIZE;
+ ctx->obuf_size = DEFAULT_BUFFER_SIZE;
+ ctx->ibuf_len = 0;
+ ctx->ibuf_off = 0;
+ ctx->obuf_len = 0;
+ ctx->obuf_off = 0;
+
+ bi->init = 1;
+ bi->ptr = (char *)ctx;
+ bi->flags = 0;
+ return (1);
+}
+
+static int buffer_free(BIO *a)
+{
+ BIO_F_BUFFER_CTX *b;
+
+ if (a == NULL)
+ return (0);
+ b = (BIO_F_BUFFER_CTX *)a->ptr;
+ if (b->ibuf != NULL)
+ OPENSSL_free(b->ibuf);
+ if (b->obuf != NULL)
+ OPENSSL_free(b->obuf);
+ OPENSSL_free(a->ptr);
+ a->ptr = NULL;
+ a->init = 0;
+ a->flags = 0;
+ return (1);
+}
+
+static int buffer_read(BIO *b, char *out, int outl)
+{
+ int i, num = 0;
+ BIO_F_BUFFER_CTX *ctx;
+
+ if (out == NULL)
+ return (0);
+ ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+ if ((ctx == NULL) || (b->next_bio == NULL))
+ return (0);
+ num = 0;
+ BIO_clear_retry_flags(b);
+
+ start:
+ i = ctx->ibuf_len;
+ /* If there is stuff left over, grab it */
+ if (i != 0) {
+ if (i > outl)
+ i = outl;
+ memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i);
+ ctx->ibuf_off += i;
+ ctx->ibuf_len -= i;
+ num += i;
+ if (outl == i)
+ return (num);
+ outl -= i;
+ out += i;
+ }
+
+ /*
+ * We may have done a partial read. try to do more. We have nothing in
+ * the buffer. If we get an error and have read some data, just return it
+ * and let them retry to get the error again. copy direct to parent
+ * address space
+ */
+ if (outl > ctx->ibuf_size) {
+ for (;;) {
+ i = BIO_read(b->next_bio, out, outl);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ if (i < 0)
+ return ((num > 0) ? num : i);
+ if (i == 0)
+ return (num);
+ }
+ num += i;
+ if (outl == i)
+ return (num);
+ out += i;
+ outl -= i;
+ }
+ }
+ /* else */
+
+ /* we are going to be doing some buffering */
+ i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ if (i < 0)
+ return ((num > 0) ? num : i);
+ if (i == 0)
+ return (num);
+ }
+ ctx->ibuf_off = 0;
+ ctx->ibuf_len = i;
+
+ /* Lets re-read using ourselves :-) */
+ goto start;
+}
+
+static int buffer_write(BIO *b, const char *in, int inl)
+{
+ int i, num = 0;
+ BIO_F_BUFFER_CTX *ctx;
+
+ if ((in == NULL) || (inl <= 0))
+ return (0);
+ ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+ if ((ctx == NULL) || (b->next_bio == NULL))
+ return (0);
+
+ BIO_clear_retry_flags(b);
+ start:
+ i = ctx->obuf_size - (ctx->obuf_len + ctx->obuf_off);
+ /* add to buffer and return */
+ if (i >= inl) {
+ memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, inl);
+ ctx->obuf_len += inl;
+ return (num + inl);
+ }
+ /* else */
+ /* stuff already in buffer, so add to it first, then flush */
+ if (ctx->obuf_len != 0) {
+ if (i > 0) { /* lets fill it up if we can */
+ memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, i);
+ in += i;
+ inl -= i;
+ num += i;
+ ctx->obuf_len += i;
+ }
+ /* we now have a full buffer needing flushing */
+ for (;;) {
+ i = BIO_write(b->next_bio, &(ctx->obuf[ctx->obuf_off]),
+ ctx->obuf_len);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+
+ if (i < 0)
+ return ((num > 0) ? num : i);
+ if (i == 0)
+ return (num);
+ }
+ ctx->obuf_off += i;
+ ctx->obuf_len -= i;
+ if (ctx->obuf_len == 0)
+ break;
+ }
+ }
+ /*
+ * we only get here if the buffer has been flushed and we still have
+ * stuff to write
+ */
+ ctx->obuf_off = 0;
+
+ /* we now have inl bytes to write */
+ while (inl >= ctx->obuf_size) {
+ i = BIO_write(b->next_bio, in, inl);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ if (i < 0)
+ return ((num > 0) ? num : i);
+ if (i == 0)
+ return (num);
+ }
+ num += i;
+ in += i;
+ inl -= i;
+ if (inl == 0)
+ return (num);
+ }
+
+ /*
+ * copy the rest into the buffer since we have only a small amount left
+ */
+ goto start;
+}
+
+static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ BIO *dbio;
+ BIO_F_BUFFER_CTX *ctx;
+ long ret = 1;
+ char *p1, *p2;
+ int r, i, *ip;
+ int ibs, obs;
+
+ ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ ctx->ibuf_off = 0;
+ ctx->ibuf_len = 0;
+ ctx->obuf_off = 0;
+ ctx->obuf_len = 0;
+ if (b->next_bio == NULL)
+ return (0);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_INFO:
+ ret = (long)ctx->obuf_len;
+ break;
+ case BIO_C_GET_BUFF_NUM_LINES:
+ ret = 0;
+ p1 = ctx->ibuf;
+ for (i = 0; i < ctx->ibuf_len; i++) {
+ if (p1[ctx->ibuf_off + i] == '\n')
+ ret++;
+ }
+ break;
+ case BIO_CTRL_WPENDING:
+ ret = (long)ctx->obuf_len;
+ if (ret == 0) {
+ if (b->next_bio == NULL)
+ return (0);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ }
+ break;
+ case BIO_CTRL_PENDING:
+ ret = (long)ctx->ibuf_len;
+ if (ret == 0) {
+ if (b->next_bio == NULL)
+ return (0);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ }
+ break;
+ case BIO_C_SET_BUFF_READ_DATA:
+ if (num > ctx->ibuf_size) {
+ p1 = OPENSSL_malloc((int)num);
+ if (p1 == NULL)
+ goto malloc_error;
+ if (ctx->ibuf != NULL)
+ OPENSSL_free(ctx->ibuf);
+ ctx->ibuf = p1;
+ }
+ ctx->ibuf_off = 0;
+ ctx->ibuf_len = (int)num;
+ memcpy(ctx->ibuf, ptr, (int)num);
+ ret = 1;
+ break;
+ case BIO_C_SET_BUFF_SIZE:
+ if (ptr != NULL) {
+ ip = (int *)ptr;
+ if (*ip == 0) {
+ ibs = (int)num;
+ obs = ctx->obuf_size;
+ } else { /* if (*ip == 1) */
+
+ ibs = ctx->ibuf_size;
+ obs = (int)num;
+ }
+ } else {
+ ibs = (int)num;
+ obs = (int)num;
+ }
+ p1 = ctx->ibuf;
+ p2 = ctx->obuf;
+ if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) {
+ p1 = (char *)OPENSSL_malloc((int)num);
+ if (p1 == NULL)
+ goto malloc_error;
+ }
+ if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) {
+ p2 = (char *)OPENSSL_malloc((int)num);
+ if (p2 == NULL) {
+ if (p1 != ctx->ibuf)
+ OPENSSL_free(p1);
+ goto malloc_error;
+ }
+ }
+ if (ctx->ibuf != p1) {
+ OPENSSL_free(ctx->ibuf);
+ ctx->ibuf = p1;
+ ctx->ibuf_off = 0;
+ ctx->ibuf_len = 0;
+ ctx->ibuf_size = ibs;
+ }
+ if (ctx->obuf != p2) {
+ OPENSSL_free(ctx->obuf);
+ ctx->obuf = p2;
+ ctx->obuf_off = 0;
+ ctx->obuf_len = 0;
+ ctx->obuf_size = obs;
+ }
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+ if (b->next_bio == NULL)
+ return (0);
+ BIO_clear_retry_flags(b);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ BIO_copy_next_retry(b);
+ break;
+
+ case BIO_CTRL_FLUSH:
+ if (b->next_bio == NULL)
+ return (0);
+ if (ctx->obuf_len <= 0) {
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ }
+
+ for (;;) {
+ BIO_clear_retry_flags(b);
+ if (ctx->obuf_len > 0) {
+ r = BIO_write(b->next_bio,
+ &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len);
+#if 0
+ fprintf(stderr, "FLUSH [%3d] %3d -> %3d\n", ctx->obuf_off,
+ ctx->obuf_len, r);
+#endif
+ BIO_copy_next_retry(b);
+ if (r <= 0)
+ return ((long)r);
+ ctx->obuf_off += r;
+ ctx->obuf_len -= r;
+ } else {
+ ctx->obuf_len = 0;
+ ctx->obuf_off = 0;
+ ret = 1;
+ break;
+ }
+ }
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_DUP:
+ dbio = (BIO *)ptr;
+ if (!BIO_set_read_buffer_size(dbio, ctx->ibuf_size) ||
+ !BIO_set_write_buffer_size(dbio, ctx->obuf_size))
+ ret = 0;
+ break;
+ default:
+ if (b->next_bio == NULL)
+ return (0);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ }
+ return (ret);
+ malloc_error:
+ BIOerr(BIO_F_BUFFER_CTRL, ERR_R_MALLOC_FAILURE);
+ return (0);
+}
+
+static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+ long ret = 1;
+
+ if (b->next_bio == NULL)
+ return (0);
+ switch (cmd) {
+ default:
+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+ break;
+ }
+ return (ret);
+}
+
+static int buffer_gets(BIO *b, char *buf, int size)
+{
+ BIO_F_BUFFER_CTX *ctx;
+ int num = 0, i, flag;
+ char *p;
+
+ ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+ size--; /* reserve space for a '\0' */
+ BIO_clear_retry_flags(b);
+
+ for (;;) {
+ if (ctx->ibuf_len > 0) {
+ p = &(ctx->ibuf[ctx->ibuf_off]);
+ flag = 0;
+ for (i = 0; (i < ctx->ibuf_len) && (i < size); i++) {
+ *(buf++) = p[i];
+ if (p[i] == '\n') {
+ flag = 1;
+ i++;
+ break;
+ }
+ }
+ num += i;
+ size -= i;
+ ctx->ibuf_len -= i;
+ ctx->ibuf_off += i;
+ if (flag || size == 0) {
+ *buf = '\0';
+ return (num);
+ }
+ } else { /* read another chunk */
+
+ i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ *buf = '\0';
+ if (i < 0)
+ return ((num > 0) ? num : i);
+ if (i == 0)
+ return (num);
+ }
+ ctx->ibuf_len = i;
+ ctx->ibuf_off = 0;
+ }
+ }
+}
+
+static int buffer_puts(BIO *b, const char *str)
+{
+ return (buffer_write(b, str, strlen(str)));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_lbuf.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bf_lbuf.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_lbuf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,397 +0,0 @@
-/* crypto/bio/bf_buff.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-
-static int linebuffer_write(BIO *h, const char *buf,int num);
-static int linebuffer_read(BIO *h, char *buf, int size);
-static int linebuffer_puts(BIO *h, const char *str);
-static int linebuffer_gets(BIO *h, char *str, int size);
-static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int linebuffer_new(BIO *h);
-static int linebuffer_free(BIO *data);
-static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-
-/* A 10k maximum should be enough for most purposes */
-#define DEFAULT_LINEBUFFER_SIZE 1024*10
-
-/* #define DEBUG */
-
-static BIO_METHOD methods_linebuffer=
- {
- BIO_TYPE_LINEBUFFER,
- "linebuffer",
- linebuffer_write,
- linebuffer_read,
- linebuffer_puts,
- linebuffer_gets,
- linebuffer_ctrl,
- linebuffer_new,
- linebuffer_free,
- linebuffer_callback_ctrl,
- };
-
-BIO_METHOD *BIO_f_linebuffer(void)
- {
- return(&methods_linebuffer);
- }
-
-typedef struct bio_linebuffer_ctx_struct
- {
- char *obuf; /* the output char array */
- int obuf_size; /* how big is the output buffer */
- int obuf_len; /* how many bytes are in it */
- } BIO_LINEBUFFER_CTX;
-
-static int linebuffer_new(BIO *bi)
- {
- BIO_LINEBUFFER_CTX *ctx;
-
- ctx=(BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX));
- if (ctx == NULL) return(0);
- ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
- if (ctx->obuf == NULL) { OPENSSL_free(ctx); return(0); }
- ctx->obuf_size=DEFAULT_LINEBUFFER_SIZE;
- ctx->obuf_len=0;
-
- bi->init=1;
- bi->ptr=(char *)ctx;
- bi->flags=0;
- return(1);
- }
-
-static int linebuffer_free(BIO *a)
- {
- BIO_LINEBUFFER_CTX *b;
-
- if (a == NULL) return(0);
- b=(BIO_LINEBUFFER_CTX *)a->ptr;
- if (b->obuf != NULL) OPENSSL_free(b->obuf);
- OPENSSL_free(a->ptr);
- a->ptr=NULL;
- a->init=0;
- a->flags=0;
- return(1);
- }
-
-static int linebuffer_read(BIO *b, char *out, int outl)
- {
- int ret=0;
-
- if (out == NULL) return(0);
- if (b->next_bio == NULL) return(0);
- ret=BIO_read(b->next_bio,out,outl);
- BIO_clear_retry_flags(b);
- BIO_copy_next_retry(b);
- return(ret);
- }
-
-static int linebuffer_write(BIO *b, const char *in, int inl)
- {
- int i,num=0,foundnl;
- BIO_LINEBUFFER_CTX *ctx;
-
- if ((in == NULL) || (inl <= 0)) return(0);
- ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
- if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
- BIO_clear_retry_flags(b);
-
- do
- {
- const char *p;
-
- for(p = in; p < in + inl && *p != '\n'; p++)
- ;
- if (*p == '\n')
- {
- p++;
- foundnl = 1;
- }
- else
- foundnl = 0;
-
- /* If a NL was found and we already have text in the save
- buffer, concatenate them and write */
- while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
- && ctx->obuf_len > 0)
- {
- int orig_olen = ctx->obuf_len;
-
- i = ctx->obuf_size - ctx->obuf_len;
- if (p - in > 0)
- {
- if (i >= p - in)
- {
- memcpy(&(ctx->obuf[ctx->obuf_len]),
- in,p - in);
- ctx->obuf_len += p - in;
- inl -= p - in;
- num += p - in;
- in = p;
- }
- else
- {
- memcpy(&(ctx->obuf[ctx->obuf_len]),
- in,i);
- ctx->obuf_len += i;
- inl -= i;
- in += i;
- num += i;
- }
- }
-
-#if 0
-BIO_write(b->next_bio, "<*<", 3);
-#endif
- i=BIO_write(b->next_bio,
- ctx->obuf, ctx->obuf_len);
- if (i <= 0)
- {
- ctx->obuf_len = orig_olen;
- BIO_copy_next_retry(b);
-
-#if 0
-BIO_write(b->next_bio, ">*>", 3);
-#endif
- if (i < 0) return((num > 0)?num:i);
- if (i == 0) return(num);
- }
-#if 0
-BIO_write(b->next_bio, ">*>", 3);
-#endif
- if (i < ctx->obuf_len)
- memmove(ctx->obuf, ctx->obuf + i,
- ctx->obuf_len - i);
- ctx->obuf_len-=i;
- }
-
- /* Now that the save buffer is emptied, let's write the input
- buffer if a NL was found and there is anything to write. */
- if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
- {
-#if 0
-BIO_write(b->next_bio, "<*<", 3);
-#endif
- i=BIO_write(b->next_bio,in,p - in);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
-#if 0
-BIO_write(b->next_bio, ">*>", 3);
-#endif
- if (i < 0) return((num > 0)?num:i);
- if (i == 0) return(num);
- }
-#if 0
-BIO_write(b->next_bio, ">*>", 3);
-#endif
- num+=i;
- in+=i;
- inl-=i;
- }
- }
- while(foundnl && inl > 0);
- /* We've written as much as we can. The rest of the input buffer, if
- any, is text that doesn't and with a NL and therefore needs to be
- saved for the next trip. */
- if (inl > 0)
- {
- memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
- ctx->obuf_len += inl;
- num += inl;
- }
- return num;
- }
-
-static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- BIO *dbio;
- BIO_LINEBUFFER_CTX *ctx;
- long ret=1;
- char *p;
- int r;
- int obs;
-
- ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- ctx->obuf_len=0;
- if (b->next_bio == NULL) return(0);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_INFO:
- ret=(long)ctx->obuf_len;
- break;
- case BIO_CTRL_WPENDING:
- ret=(long)ctx->obuf_len;
- if (ret == 0)
- {
- if (b->next_bio == NULL) return(0);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- }
- break;
- case BIO_C_SET_BUFF_SIZE:
- obs=(int)num;
- p=ctx->obuf;
- if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size))
- {
- p=(char *)OPENSSL_malloc((int)num);
- if (p == NULL)
- goto malloc_error;
- }
- if (ctx->obuf != p)
- {
- if (ctx->obuf_len > obs)
- {
- ctx->obuf_len = obs;
- }
- memcpy(p, ctx->obuf, ctx->obuf_len);
- OPENSSL_free(ctx->obuf);
- ctx->obuf=p;
- ctx->obuf_size=obs;
- }
- break;
- case BIO_C_DO_STATE_MACHINE:
- if (b->next_bio == NULL) return(0);
- BIO_clear_retry_flags(b);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- BIO_copy_next_retry(b);
- break;
-
- case BIO_CTRL_FLUSH:
- if (b->next_bio == NULL) return(0);
- if (ctx->obuf_len <= 0)
- {
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- }
-
- for (;;)
- {
- BIO_clear_retry_flags(b);
- if (ctx->obuf_len > 0)
- {
- r=BIO_write(b->next_bio,
- ctx->obuf, ctx->obuf_len);
-#if 0
-fprintf(stderr,"FLUSH %3d -> %3d\n",ctx->obuf_len,r);
-#endif
- BIO_copy_next_retry(b);
- if (r <= 0) return((long)r);
- if (r < ctx->obuf_len)
- memmove(ctx->obuf, ctx->obuf + r,
- ctx->obuf_len - r);
- ctx->obuf_len-=r;
- }
- else
- {
- ctx->obuf_len=0;
- ret=1;
- break;
- }
- }
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_DUP:
- dbio=(BIO *)ptr;
- if ( !BIO_set_write_buffer_size(dbio,ctx->obuf_size))
- ret=0;
- break;
- default:
- if (b->next_bio == NULL) return(0);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- }
- return(ret);
-malloc_error:
- BIOerr(BIO_F_LINEBUFFER_CTRL,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- long ret=1;
-
- if (b->next_bio == NULL) return(0);
- switch (cmd)
- {
- default:
- ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
- break;
- }
- return(ret);
- }
-
-static int linebuffer_gets(BIO *b, char *buf, int size)
- {
- if (b->next_bio == NULL) return(0);
- return(BIO_gets(b->next_bio,buf,size));
- }
-
-static int linebuffer_puts(BIO *b, const char *str)
- {
- return(linebuffer_write(b,str,strlen(str)));
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_lbuf.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bf_lbuf.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_lbuf.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_lbuf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,391 @@
+/* crypto/bio/bf_buff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+static int linebuffer_write(BIO *h, const char *buf, int num);
+static int linebuffer_read(BIO *h, char *buf, int size);
+static int linebuffer_puts(BIO *h, const char *str);
+static int linebuffer_gets(BIO *h, char *str, int size);
+static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int linebuffer_new(BIO *h);
+static int linebuffer_free(BIO *data);
+static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+
+/* A 10k maximum should be enough for most purposes */
+#define DEFAULT_LINEBUFFER_SIZE 1024*10
+
+/* #define DEBUG */
+
+static BIO_METHOD methods_linebuffer = {
+ BIO_TYPE_LINEBUFFER,
+ "linebuffer",
+ linebuffer_write,
+ linebuffer_read,
+ linebuffer_puts,
+ linebuffer_gets,
+ linebuffer_ctrl,
+ linebuffer_new,
+ linebuffer_free,
+ linebuffer_callback_ctrl,
+};
+
+BIO_METHOD *BIO_f_linebuffer(void)
+{
+ return (&methods_linebuffer);
+}
+
+typedef struct bio_linebuffer_ctx_struct {
+ char *obuf; /* the output char array */
+ int obuf_size; /* how big is the output buffer */
+ int obuf_len; /* how many bytes are in it */
+} BIO_LINEBUFFER_CTX;
+
+static int linebuffer_new(BIO *bi)
+{
+ BIO_LINEBUFFER_CTX *ctx;
+
+ ctx = (BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX));
+ if (ctx == NULL)
+ return (0);
+ ctx->obuf = (char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
+ if (ctx->obuf == NULL) {
+ OPENSSL_free(ctx);
+ return (0);
+ }
+ ctx->obuf_size = DEFAULT_LINEBUFFER_SIZE;
+ ctx->obuf_len = 0;
+
+ bi->init = 1;
+ bi->ptr = (char *)ctx;
+ bi->flags = 0;
+ return (1);
+}
+
+static int linebuffer_free(BIO *a)
+{
+ BIO_LINEBUFFER_CTX *b;
+
+ if (a == NULL)
+ return (0);
+ b = (BIO_LINEBUFFER_CTX *)a->ptr;
+ if (b->obuf != NULL)
+ OPENSSL_free(b->obuf);
+ OPENSSL_free(a->ptr);
+ a->ptr = NULL;
+ a->init = 0;
+ a->flags = 0;
+ return (1);
+}
+
+static int linebuffer_read(BIO *b, char *out, int outl)
+{
+ int ret = 0;
+
+ if (out == NULL)
+ return (0);
+ if (b->next_bio == NULL)
+ return (0);
+ ret = BIO_read(b->next_bio, out, outl);
+ BIO_clear_retry_flags(b);
+ BIO_copy_next_retry(b);
+ return (ret);
+}
+
+static int linebuffer_write(BIO *b, const char *in, int inl)
+{
+ int i, num = 0, foundnl;
+ BIO_LINEBUFFER_CTX *ctx;
+
+ if ((in == NULL) || (inl <= 0))
+ return (0);
+ ctx = (BIO_LINEBUFFER_CTX *)b->ptr;
+ if ((ctx == NULL) || (b->next_bio == NULL))
+ return (0);
+
+ BIO_clear_retry_flags(b);
+
+ do {
+ const char *p;
+
+ for (p = in; p < in + inl && *p != '\n'; p++) ;
+ if (*p == '\n') {
+ p++;
+ foundnl = 1;
+ } else
+ foundnl = 0;
+
+ /*
+ * If a NL was found and we already have text in the save buffer,
+ * concatenate them and write
+ */
+ while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
+ && ctx->obuf_len > 0) {
+ int orig_olen = ctx->obuf_len;
+
+ i = ctx->obuf_size - ctx->obuf_len;
+ if (p - in > 0) {
+ if (i >= p - in) {
+ memcpy(&(ctx->obuf[ctx->obuf_len]), in, p - in);
+ ctx->obuf_len += p - in;
+ inl -= p - in;
+ num += p - in;
+ in = p;
+ } else {
+ memcpy(&(ctx->obuf[ctx->obuf_len]), in, i);
+ ctx->obuf_len += i;
+ inl -= i;
+ in += i;
+ num += i;
+ }
+ }
+#if 0
+ BIO_write(b->next_bio, "<*<", 3);
+#endif
+ i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
+ if (i <= 0) {
+ ctx->obuf_len = orig_olen;
+ BIO_copy_next_retry(b);
+
+#if 0
+ BIO_write(b->next_bio, ">*>", 3);
+#endif
+ if (i < 0)
+ return ((num > 0) ? num : i);
+ if (i == 0)
+ return (num);
+ }
+#if 0
+ BIO_write(b->next_bio, ">*>", 3);
+#endif
+ if (i < ctx->obuf_len)
+ memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
+ ctx->obuf_len -= i;
+ }
+
+ /*
+ * Now that the save buffer is emptied, let's write the input buffer
+ * if a NL was found and there is anything to write.
+ */
+ if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) {
+#if 0
+ BIO_write(b->next_bio, "<*<", 3);
+#endif
+ i = BIO_write(b->next_bio, in, p - in);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+#if 0
+ BIO_write(b->next_bio, ">*>", 3);
+#endif
+ if (i < 0)
+ return ((num > 0) ? num : i);
+ if (i == 0)
+ return (num);
+ }
+#if 0
+ BIO_write(b->next_bio, ">*>", 3);
+#endif
+ num += i;
+ in += i;
+ inl -= i;
+ }
+ }
+ while (foundnl && inl > 0);
+ /*
+ * We've written as much as we can. The rest of the input buffer, if
+ * any, is text that doesn't and with a NL and therefore needs to be
+ * saved for the next trip.
+ */
+ if (inl > 0) {
+ memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
+ ctx->obuf_len += inl;
+ num += inl;
+ }
+ return num;
+}
+
+static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ BIO *dbio;
+ BIO_LINEBUFFER_CTX *ctx;
+ long ret = 1;
+ char *p;
+ int r;
+ int obs;
+
+ ctx = (BIO_LINEBUFFER_CTX *)b->ptr;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ ctx->obuf_len = 0;
+ if (b->next_bio == NULL)
+ return (0);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_INFO:
+ ret = (long)ctx->obuf_len;
+ break;
+ case BIO_CTRL_WPENDING:
+ ret = (long)ctx->obuf_len;
+ if (ret == 0) {
+ if (b->next_bio == NULL)
+ return (0);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ }
+ break;
+ case BIO_C_SET_BUFF_SIZE:
+ obs = (int)num;
+ p = ctx->obuf;
+ if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) {
+ p = (char *)OPENSSL_malloc((int)num);
+ if (p == NULL)
+ goto malloc_error;
+ }
+ if (ctx->obuf != p) {
+ if (ctx->obuf_len > obs) {
+ ctx->obuf_len = obs;
+ }
+ memcpy(p, ctx->obuf, ctx->obuf_len);
+ OPENSSL_free(ctx->obuf);
+ ctx->obuf = p;
+ ctx->obuf_size = obs;
+ }
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+ if (b->next_bio == NULL)
+ return (0);
+ BIO_clear_retry_flags(b);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ BIO_copy_next_retry(b);
+ break;
+
+ case BIO_CTRL_FLUSH:
+ if (b->next_bio == NULL)
+ return (0);
+ if (ctx->obuf_len <= 0) {
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ }
+
+ for (;;) {
+ BIO_clear_retry_flags(b);
+ if (ctx->obuf_len > 0) {
+ r = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
+#if 0
+ fprintf(stderr, "FLUSH %3d -> %3d\n", ctx->obuf_len, r);
+#endif
+ BIO_copy_next_retry(b);
+ if (r <= 0)
+ return ((long)r);
+ if (r < ctx->obuf_len)
+ memmove(ctx->obuf, ctx->obuf + r, ctx->obuf_len - r);
+ ctx->obuf_len -= r;
+ } else {
+ ctx->obuf_len = 0;
+ ret = 1;
+ break;
+ }
+ }
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_DUP:
+ dbio = (BIO *)ptr;
+ if (!BIO_set_write_buffer_size(dbio, ctx->obuf_size))
+ ret = 0;
+ break;
+ default:
+ if (b->next_bio == NULL)
+ return (0);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ }
+ return (ret);
+ malloc_error:
+ BIOerr(BIO_F_LINEBUFFER_CTRL, ERR_R_MALLOC_FAILURE);
+ return (0);
+}
+
+static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+ long ret = 1;
+
+ if (b->next_bio == NULL)
+ return (0);
+ switch (cmd) {
+ default:
+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+ break;
+ }
+ return (ret);
+}
+
+static int linebuffer_gets(BIO *b, char *buf, int size)
+{
+ if (b->next_bio == NULL)
+ return (0);
+ return (BIO_gets(b->next_bio, buf, size));
+}
+
+static int linebuffer_puts(BIO *b, const char *str)
+{
+ return (linebuffer_write(b, str, strlen(str)));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_nbio.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bf_nbio.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_nbio.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,253 +0,0 @@
-/* crypto/bio/bf_nbio.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/bio.h>
-
-/* BIO_put and BIO_get both add to the digest,
- * BIO_gets returns the digest */
-
-static int nbiof_write(BIO *h,const char *buf,int num);
-static int nbiof_read(BIO *h,char *buf,int size);
-static int nbiof_puts(BIO *h,const char *str);
-static int nbiof_gets(BIO *h,char *str,int size);
-static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2);
-static int nbiof_new(BIO *h);
-static int nbiof_free(BIO *data);
-static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
-typedef struct nbio_test_st
- {
- /* only set if we sent a 'should retry' error */
- int lrn;
- int lwn;
- } NBIO_TEST;
-
-static BIO_METHOD methods_nbiof=
- {
- BIO_TYPE_NBIO_TEST,
- "non-blocking IO test filter",
- nbiof_write,
- nbiof_read,
- nbiof_puts,
- nbiof_gets,
- nbiof_ctrl,
- nbiof_new,
- nbiof_free,
- nbiof_callback_ctrl,
- };
-
-BIO_METHOD *BIO_f_nbio_test(void)
- {
- return(&methods_nbiof);
- }
-
-static int nbiof_new(BIO *bi)
- {
- NBIO_TEST *nt;
-
- if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
- nt->lrn= -1;
- nt->lwn= -1;
- bi->ptr=(char *)nt;
- bi->init=1;
- bi->flags=0;
- return(1);
- }
-
-static int nbiof_free(BIO *a)
- {
- if (a == NULL) return(0);
- if (a->ptr != NULL)
- OPENSSL_free(a->ptr);
- a->ptr=NULL;
- a->init=0;
- a->flags=0;
- return(1);
- }
-
-static int nbiof_read(BIO *b, char *out, int outl)
- {
- int ret=0;
-#if 1
- int num;
- unsigned char n;
-#endif
-
- if (out == NULL) return(0);
- if (b->next_bio == NULL) return(0);
-
- BIO_clear_retry_flags(b);
-#if 1
- RAND_pseudo_bytes(&n,1);
- num=(n&0x07);
-
- if (outl > num) outl=num;
-
- if (num == 0)
- {
- ret= -1;
- BIO_set_retry_read(b);
- }
- else
-#endif
- {
- ret=BIO_read(b->next_bio,out,outl);
- if (ret < 0)
- BIO_copy_next_retry(b);
- }
- return(ret);
- }
-
-static int nbiof_write(BIO *b, const char *in, int inl)
- {
- NBIO_TEST *nt;
- int ret=0;
- int num;
- unsigned char n;
-
- if ((in == NULL) || (inl <= 0)) return(0);
- if (b->next_bio == NULL) return(0);
- nt=(NBIO_TEST *)b->ptr;
-
- BIO_clear_retry_flags(b);
-
-#if 1
- if (nt->lwn > 0)
- {
- num=nt->lwn;
- nt->lwn=0;
- }
- else
- {
- RAND_pseudo_bytes(&n,1);
- num=(n&7);
- }
-
- if (inl > num) inl=num;
-
- if (num == 0)
- {
- ret= -1;
- BIO_set_retry_write(b);
- }
- else
-#endif
- {
- ret=BIO_write(b->next_bio,in,inl);
- if (ret < 0)
- {
- BIO_copy_next_retry(b);
- nt->lwn=inl;
- }
- }
- return(ret);
- }
-
-static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- long ret;
-
- if (b->next_bio == NULL) return(0);
- switch (cmd)
- {
- case BIO_C_DO_STATE_MACHINE:
- BIO_clear_retry_flags(b);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- BIO_copy_next_retry(b);
- break;
- case BIO_CTRL_DUP:
- ret=0L;
- break;
- default:
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- }
- return(ret);
- }
-
-static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- long ret=1;
-
- if (b->next_bio == NULL) return(0);
- switch (cmd)
- {
- default:
- ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
- break;
- }
- return(ret);
- }
-
-static int nbiof_gets(BIO *bp, char *buf, int size)
- {
- if (bp->next_bio == NULL) return(0);
- return(BIO_gets(bp->next_bio,buf,size));
- }
-
-
-static int nbiof_puts(BIO *bp, const char *str)
- {
- if (bp->next_bio == NULL) return(0);
- return(BIO_puts(bp->next_bio,str));
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_nbio.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bf_nbio.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_nbio.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_nbio.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,251 @@
+/* crypto/bio/bf_nbio.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int nbiof_write(BIO *h, const char *buf, int num);
+static int nbiof_read(BIO *h, char *buf, int size);
+static int nbiof_puts(BIO *h, const char *str);
+static int nbiof_gets(BIO *h, char *str, int size);
+static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int nbiof_new(BIO *h);
+static int nbiof_free(BIO *data);
+static long nbiof_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+typedef struct nbio_test_st {
+ /* only set if we sent a 'should retry' error */
+ int lrn;
+ int lwn;
+} NBIO_TEST;
+
+static BIO_METHOD methods_nbiof = {
+ BIO_TYPE_NBIO_TEST,
+ "non-blocking IO test filter",
+ nbiof_write,
+ nbiof_read,
+ nbiof_puts,
+ nbiof_gets,
+ nbiof_ctrl,
+ nbiof_new,
+ nbiof_free,
+ nbiof_callback_ctrl,
+};
+
+BIO_METHOD *BIO_f_nbio_test(void)
+{
+ return (&methods_nbiof);
+}
+
+static int nbiof_new(BIO *bi)
+{
+ NBIO_TEST *nt;
+
+ if (!(nt = (NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST))))
+ return (0);
+ nt->lrn = -1;
+ nt->lwn = -1;
+ bi->ptr = (char *)nt;
+ bi->init = 1;
+ bi->flags = 0;
+ return (1);
+}
+
+static int nbiof_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ if (a->ptr != NULL)
+ OPENSSL_free(a->ptr);
+ a->ptr = NULL;
+ a->init = 0;
+ a->flags = 0;
+ return (1);
+}
+
+static int nbiof_read(BIO *b, char *out, int outl)
+{
+ int ret = 0;
+#if 1
+ int num;
+ unsigned char n;
+#endif
+
+ if (out == NULL)
+ return (0);
+ if (b->next_bio == NULL)
+ return (0);
+
+ BIO_clear_retry_flags(b);
+#if 1
+ RAND_pseudo_bytes(&n, 1);
+ num = (n & 0x07);
+
+ if (outl > num)
+ outl = num;
+
+ if (num == 0) {
+ ret = -1;
+ BIO_set_retry_read(b);
+ } else
+#endif
+ {
+ ret = BIO_read(b->next_bio, out, outl);
+ if (ret < 0)
+ BIO_copy_next_retry(b);
+ }
+ return (ret);
+}
+
+static int nbiof_write(BIO *b, const char *in, int inl)
+{
+ NBIO_TEST *nt;
+ int ret = 0;
+ int num;
+ unsigned char n;
+
+ if ((in == NULL) || (inl <= 0))
+ return (0);
+ if (b->next_bio == NULL)
+ return (0);
+ nt = (NBIO_TEST *)b->ptr;
+
+ BIO_clear_retry_flags(b);
+
+#if 1
+ if (nt->lwn > 0) {
+ num = nt->lwn;
+ nt->lwn = 0;
+ } else {
+ RAND_pseudo_bytes(&n, 1);
+ num = (n & 7);
+ }
+
+ if (inl > num)
+ inl = num;
+
+ if (num == 0) {
+ ret = -1;
+ BIO_set_retry_write(b);
+ } else
+#endif
+ {
+ ret = BIO_write(b->next_bio, in, inl);
+ if (ret < 0) {
+ BIO_copy_next_retry(b);
+ nt->lwn = inl;
+ }
+ }
+ return (ret);
+}
+
+static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ long ret;
+
+ if (b->next_bio == NULL)
+ return (0);
+ switch (cmd) {
+ case BIO_C_DO_STATE_MACHINE:
+ BIO_clear_retry_flags(b);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ BIO_copy_next_retry(b);
+ break;
+ case BIO_CTRL_DUP:
+ ret = 0L;
+ break;
+ default:
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ }
+ return (ret);
+}
+
+static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+ long ret = 1;
+
+ if (b->next_bio == NULL)
+ return (0);
+ switch (cmd) {
+ default:
+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+ break;
+ }
+ return (ret);
+}
+
+static int nbiof_gets(BIO *bp, char *buf, int size)
+{
+ if (bp->next_bio == NULL)
+ return (0);
+ return (BIO_gets(bp->next_bio, buf, size));
+}
+
+static int nbiof_puts(BIO *bp, const char *str)
+{
+ if (bp->next_bio == NULL)
+ return (0);
+ return (BIO_puts(bp->next_bio, str));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_null.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bf_null.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_null.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,183 +0,0 @@
-/* crypto/bio/bf_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-/* BIO_put and BIO_get both add to the digest,
- * BIO_gets returns the digest */
-
-static int nullf_write(BIO *h, const char *buf, int num);
-static int nullf_read(BIO *h, char *buf, int size);
-static int nullf_puts(BIO *h, const char *str);
-static int nullf_gets(BIO *h, char *str, int size);
-static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int nullf_new(BIO *h);
-static int nullf_free(BIO *data);
-static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-static BIO_METHOD methods_nullf=
- {
- BIO_TYPE_NULL_FILTER,
- "NULL filter",
- nullf_write,
- nullf_read,
- nullf_puts,
- nullf_gets,
- nullf_ctrl,
- nullf_new,
- nullf_free,
- nullf_callback_ctrl,
- };
-
-BIO_METHOD *BIO_f_null(void)
- {
- return(&methods_nullf);
- }
-
-static int nullf_new(BIO *bi)
- {
- bi->init=1;
- bi->ptr=NULL;
- bi->flags=0;
- return(1);
- }
-
-static int nullf_free(BIO *a)
- {
- if (a == NULL) return(0);
-/* a->ptr=NULL;
- a->init=0;
- a->flags=0;*/
- return(1);
- }
-
-static int nullf_read(BIO *b, char *out, int outl)
- {
- int ret=0;
-
- if (out == NULL) return(0);
- if (b->next_bio == NULL) return(0);
- ret=BIO_read(b->next_bio,out,outl);
- BIO_clear_retry_flags(b);
- BIO_copy_next_retry(b);
- return(ret);
- }
-
-static int nullf_write(BIO *b, const char *in, int inl)
- {
- int ret=0;
-
- if ((in == NULL) || (inl <= 0)) return(0);
- if (b->next_bio == NULL) return(0);
- ret=BIO_write(b->next_bio,in,inl);
- BIO_clear_retry_flags(b);
- BIO_copy_next_retry(b);
- return(ret);
- }
-
-static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- long ret;
-
- if (b->next_bio == NULL) return(0);
- switch(cmd)
- {
- case BIO_C_DO_STATE_MACHINE:
- BIO_clear_retry_flags(b);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- BIO_copy_next_retry(b);
- break;
- case BIO_CTRL_DUP:
- ret=0L;
- break;
- default:
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- }
- return(ret);
- }
-
-static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- long ret=1;
-
- if (b->next_bio == NULL) return(0);
- switch (cmd)
- {
- default:
- ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
- break;
- }
- return(ret);
- }
-
-static int nullf_gets(BIO *bp, char *buf, int size)
- {
- if (bp->next_bio == NULL) return(0);
- return(BIO_gets(bp->next_bio,buf,size));
- }
-
-
-static int nullf_puts(BIO *bp, const char *str)
- {
- if (bp->next_bio == NULL) return(0);
- return(BIO_puts(bp->next_bio,str));
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_null.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bf_null.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_null.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bf_null.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,189 @@
+/* crypto/bio/bf_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int nullf_write(BIO *h, const char *buf, int num);
+static int nullf_read(BIO *h, char *buf, int size);
+static int nullf_puts(BIO *h, const char *str);
+static int nullf_gets(BIO *h, char *str, int size);
+static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int nullf_new(BIO *h);
+static int nullf_free(BIO *data);
+static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static BIO_METHOD methods_nullf = {
+ BIO_TYPE_NULL_FILTER,
+ "NULL filter",
+ nullf_write,
+ nullf_read,
+ nullf_puts,
+ nullf_gets,
+ nullf_ctrl,
+ nullf_new,
+ nullf_free,
+ nullf_callback_ctrl,
+};
+
+BIO_METHOD *BIO_f_null(void)
+{
+ return (&methods_nullf);
+}
+
+static int nullf_new(BIO *bi)
+{
+ bi->init = 1;
+ bi->ptr = NULL;
+ bi->flags = 0;
+ return (1);
+}
+
+static int nullf_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ /*-
+ a->ptr=NULL;
+ a->init=0;
+ a->flags=0;
+ */
+ return (1);
+}
+
+static int nullf_read(BIO *b, char *out, int outl)
+{
+ int ret = 0;
+
+ if (out == NULL)
+ return (0);
+ if (b->next_bio == NULL)
+ return (0);
+ ret = BIO_read(b->next_bio, out, outl);
+ BIO_clear_retry_flags(b);
+ BIO_copy_next_retry(b);
+ return (ret);
+}
+
+static int nullf_write(BIO *b, const char *in, int inl)
+{
+ int ret = 0;
+
+ if ((in == NULL) || (inl <= 0))
+ return (0);
+ if (b->next_bio == NULL)
+ return (0);
+ ret = BIO_write(b->next_bio, in, inl);
+ BIO_clear_retry_flags(b);
+ BIO_copy_next_retry(b);
+ return (ret);
+}
+
+static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ long ret;
+
+ if (b->next_bio == NULL)
+ return (0);
+ switch (cmd) {
+ case BIO_C_DO_STATE_MACHINE:
+ BIO_clear_retry_flags(b);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ BIO_copy_next_retry(b);
+ break;
+ case BIO_CTRL_DUP:
+ ret = 0L;
+ break;
+ default:
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ }
+ return (ret);
+}
+
+static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+ long ret = 1;
+
+ if (b->next_bio == NULL)
+ return (0);
+ switch (cmd) {
+ default:
+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+ break;
+ }
+ return (ret);
+}
+
+static int nullf_gets(BIO *bp, char *buf, int size)
+{
+ if (bp->next_bio == NULL)
+ return (0);
+ return (BIO_gets(bp->next_bio, buf, size));
+}
+
+static int nullf_puts(BIO *bp, const char *str)
+{
+ if (bp->next_bio == NULL)
+ return (0);
+ return (BIO_puts(bp->next_bio, str));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bio.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bio.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bio.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,791 +0,0 @@
-/* crypto/bio/bio.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BIO_H
-#define HEADER_BIO_H
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_FP_API
-# include <stdio.h>
-#endif
-#include <stdarg.h>
-
-#include <openssl/crypto.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* These are the 'types' of BIOs */
-#define BIO_TYPE_NONE 0
-#define BIO_TYPE_MEM (1|0x0400)
-#define BIO_TYPE_FILE (2|0x0400)
-
-#define BIO_TYPE_FD (4|0x0400|0x0100)
-#define BIO_TYPE_SOCKET (5|0x0400|0x0100)
-#define BIO_TYPE_NULL (6|0x0400)
-#define BIO_TYPE_SSL (7|0x0200)
-#define BIO_TYPE_MD (8|0x0200) /* passive filter */
-#define BIO_TYPE_BUFFER (9|0x0200) /* filter */
-#define BIO_TYPE_CIPHER (10|0x0200) /* filter */
-#define BIO_TYPE_BASE64 (11|0x0200) /* filter */
-#define BIO_TYPE_CONNECT (12|0x0400|0x0100) /* socket - connect */
-#define BIO_TYPE_ACCEPT (13|0x0400|0x0100) /* socket for accept */
-#define BIO_TYPE_PROXY_CLIENT (14|0x0200) /* client proxy BIO */
-#define BIO_TYPE_PROXY_SERVER (15|0x0200) /* server proxy BIO */
-#define BIO_TYPE_NBIO_TEST (16|0x0200) /* server proxy BIO */
-#define BIO_TYPE_NULL_FILTER (17|0x0200)
-#define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */
-#define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */
-#define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */
-#define BIO_TYPE_DGRAM (21|0x0400|0x0100)
-#define BIO_TYPE_COMP (23|0x0200) /* filter */
-
-#define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */
-#define BIO_TYPE_FILTER 0x0200
-#define BIO_TYPE_SOURCE_SINK 0x0400
-
-/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
- * BIO_set_fp(in,stdin,BIO_NOCLOSE); */
-#define BIO_NOCLOSE 0x00
-#define BIO_CLOSE 0x01
-
-/* These are used in the following macros and are passed to
- * BIO_ctrl() */
-#define BIO_CTRL_RESET 1 /* opt - rewind/zero etc */
-#define BIO_CTRL_EOF 2 /* opt - are we at the eof */
-#define BIO_CTRL_INFO 3 /* opt - extra tit-bits */
-#define BIO_CTRL_SET 4 /* man - set the 'IO' type */
-#define BIO_CTRL_GET 5 /* man - get the 'IO' type */
-#define BIO_CTRL_PUSH 6 /* opt - internal, used to signify change */
-#define BIO_CTRL_POP 7 /* opt - internal, used to signify change */
-#define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */
-#define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */
-#define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */
-#define BIO_CTRL_FLUSH 11 /* opt - 'flush' buffered output */
-#define BIO_CTRL_DUP 12 /* man - extra stuff for 'duped' BIO */
-#define BIO_CTRL_WPENDING 13 /* opt - number of bytes still to write */
-/* callback is int cb(BIO *bio,state,ret); */
-#define BIO_CTRL_SET_CALLBACK 14 /* opt - set callback function */
-#define BIO_CTRL_GET_CALLBACK 15 /* opt - set callback function */
-
-#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */
-
-/* dgram BIO stuff */
-#define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */
-#define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally
- * connected socket to be
- * passed in */
-#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */
-#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */
-#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */
-#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */
-
-#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */
-#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */
-
-/* #ifdef IP_MTU_DISCOVER */
-#define BIO_CTRL_DGRAM_MTU_DISCOVER 39 /* set DF bit on egress packets */
-/* #endif */
-
-#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */
-#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47
-#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */
-#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for
- * MTU. want to use this
- * if asking the kernel
- * fails */
-
-#define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU
- * was exceed in the
- * previous write
- * operation */
-
-#define BIO_CTRL_DGRAM_GET_PEER 46
-#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */
-
-#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to
- * adjust socket timeouts */
-
-/* modifiers */
-#define BIO_FP_READ 0x02
-#define BIO_FP_WRITE 0x04
-#define BIO_FP_APPEND 0x08
-#define BIO_FP_TEXT 0x10
-
-#define BIO_FLAGS_READ 0x01
-#define BIO_FLAGS_WRITE 0x02
-#define BIO_FLAGS_IO_SPECIAL 0x04
-#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
-#define BIO_FLAGS_SHOULD_RETRY 0x08
-#ifndef BIO_FLAGS_UPLINK
-/* "UPLINK" flag denotes file descriptors provided by application.
- It defaults to 0, as most platforms don't require UPLINK interface. */
-#define BIO_FLAGS_UPLINK 0
-#endif
-
-/* Used in BIO_gethostbyname() */
-#define BIO_GHBN_CTRL_HITS 1
-#define BIO_GHBN_CTRL_MISSES 2
-#define BIO_GHBN_CTRL_CACHE_SIZE 3
-#define BIO_GHBN_CTRL_GET_ENTRY 4
-#define BIO_GHBN_CTRL_FLUSH 5
-
-/* Mostly used in the SSL BIO */
-/* Not used anymore
- * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
- * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
- * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40
- */
-
-#define BIO_FLAGS_BASE64_NO_NL 0x100
-
-/* This is used with memory BIOs: it means we shouldn't free up or change the
- * data in any way.
- */
-#define BIO_FLAGS_MEM_RDONLY 0x200
-
-typedef struct bio_st BIO;
-
-void BIO_set_flags(BIO *b, int flags);
-int BIO_test_flags(const BIO *b, int flags);
-void BIO_clear_flags(BIO *b, int flags);
-
-#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
-#define BIO_set_retry_special(b) \
- BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
-#define BIO_set_retry_read(b) \
- BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
-#define BIO_set_retry_write(b) \
- BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
-
-/* These are normally used internally in BIOs */
-#define BIO_clear_retry_flags(b) \
- BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
-#define BIO_get_retry_flags(b) \
- BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
-
-/* These should be used by the application to tell why we should retry */
-#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ)
-#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE)
-#define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
-#define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS)
-#define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
-
-/* The next three are used in conjunction with the
- * BIO_should_io_special() condition. After this returns true,
- * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO
- * stack and return the 'reason' for the special and the offending BIO.
- * Given a BIO, BIO_get_retry_reason(bio) will return the code. */
-/* Returned from the SSL bio when the certificate retrieval code had an error */
-#define BIO_RR_SSL_X509_LOOKUP 0x01
-/* Returned from the connect BIO when a connect would have blocked */
-#define BIO_RR_CONNECT 0x02
-/* Returned from the accept BIO when an accept would have blocked */
-#define BIO_RR_ACCEPT 0x03
-
-/* These are passed by the BIO callback */
-#define BIO_CB_FREE 0x01
-#define BIO_CB_READ 0x02
-#define BIO_CB_WRITE 0x03
-#define BIO_CB_PUTS 0x04
-#define BIO_CB_GETS 0x05
-#define BIO_CB_CTRL 0x06
-
-/* The callback is called before and after the underling operation,
- * The BIO_CB_RETURN flag indicates if it is after the call */
-#define BIO_CB_RETURN 0x80
-#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
-#define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
-#define BIO_cb_post(a) ((a)&BIO_CB_RETURN)
-
-long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long);
-void BIO_set_callback(BIO *b,
- long (*callback)(struct bio_st *,int,const char *,int, long,long));
-char *BIO_get_callback_arg(const BIO *b);
-void BIO_set_callback_arg(BIO *b, char *arg);
-
-const char * BIO_method_name(const BIO *b);
-int BIO_method_type(const BIO *b);
-
-typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
-
-#ifndef OPENSSL_SYS_WIN16
-typedef struct bio_method_st
- {
- int type;
- const char *name;
- int (*bwrite)(BIO *, const char *, int);
- int (*bread)(BIO *, char *, int);
- int (*bputs)(BIO *, const char *);
- int (*bgets)(BIO *, char *, int);
- long (*ctrl)(BIO *, int, long, void *);
- int (*create)(BIO *);
- int (*destroy)(BIO *);
- long (*callback_ctrl)(BIO *, int, bio_info_cb *);
- } BIO_METHOD;
-#else
-typedef struct bio_method_st
- {
- int type;
- const char *name;
- int (_far *bwrite)();
- int (_far *bread)();
- int (_far *bputs)();
- int (_far *bgets)();
- long (_far *ctrl)();
- int (_far *create)();
- int (_far *destroy)();
- long (_far *callback_ctrl)();
- } BIO_METHOD;
-#endif
-
-struct bio_st
- {
- BIO_METHOD *method;
- /* bio, mode, argp, argi, argl, ret */
- long (*callback)(struct bio_st *,int,const char *,int, long,long);
- char *cb_arg; /* first argument for the callback */
-
- int init;
- int shutdown;
- int flags; /* extra storage */
- int retry_reason;
- int num;
- void *ptr;
- struct bio_st *next_bio; /* used by filter BIOs */
- struct bio_st *prev_bio; /* used by filter BIOs */
- int references;
- unsigned long num_read;
- unsigned long num_write;
-
- CRYPTO_EX_DATA ex_data;
- };
-
-DECLARE_STACK_OF(BIO)
-
-typedef struct bio_f_buffer_ctx_struct
- {
- /* Buffers are setup like this:
- *
- * <---------------------- size ----------------------->
- * +---------------------------------------------------+
- * | consumed | remaining | free space |
- * +---------------------------------------------------+
- * <-- off --><------- len ------->
- */
-
- /* BIO *bio; */ /* this is now in the BIO struct */
- int ibuf_size; /* how big is the input buffer */
- int obuf_size; /* how big is the output buffer */
-
- char *ibuf; /* the char array */
- int ibuf_len; /* how many bytes are in it */
- int ibuf_off; /* write/read offset */
-
- char *obuf; /* the char array */
- int obuf_len; /* how many bytes are in it */
- int obuf_off; /* write/read offset */
- } BIO_F_BUFFER_CTX;
-
-/* connect BIO stuff */
-#define BIO_CONN_S_BEFORE 1
-#define BIO_CONN_S_GET_IP 2
-#define BIO_CONN_S_GET_PORT 3
-#define BIO_CONN_S_CREATE_SOCKET 4
-#define BIO_CONN_S_CONNECT 5
-#define BIO_CONN_S_OK 6
-#define BIO_CONN_S_BLOCKED_CONNECT 7
-#define BIO_CONN_S_NBIO 8
-/*#define BIO_CONN_get_param_hostname BIO_ctrl */
-
-#define BIO_C_SET_CONNECT 100
-#define BIO_C_DO_STATE_MACHINE 101
-#define BIO_C_SET_NBIO 102
-#define BIO_C_SET_PROXY_PARAM 103
-#define BIO_C_SET_FD 104
-#define BIO_C_GET_FD 105
-#define BIO_C_SET_FILE_PTR 106
-#define BIO_C_GET_FILE_PTR 107
-#define BIO_C_SET_FILENAME 108
-#define BIO_C_SET_SSL 109
-#define BIO_C_GET_SSL 110
-#define BIO_C_SET_MD 111
-#define BIO_C_GET_MD 112
-#define BIO_C_GET_CIPHER_STATUS 113
-#define BIO_C_SET_BUF_MEM 114
-#define BIO_C_GET_BUF_MEM_PTR 115
-#define BIO_C_GET_BUFF_NUM_LINES 116
-#define BIO_C_SET_BUFF_SIZE 117
-#define BIO_C_SET_ACCEPT 118
-#define BIO_C_SSL_MODE 119
-#define BIO_C_GET_MD_CTX 120
-#define BIO_C_GET_PROXY_PARAM 121
-#define BIO_C_SET_BUFF_READ_DATA 122 /* data to read first */
-#define BIO_C_GET_CONNECT 123
-#define BIO_C_GET_ACCEPT 124
-#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125
-#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126
-#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127
-#define BIO_C_FILE_SEEK 128
-#define BIO_C_GET_CIPHER_CTX 129
-#define BIO_C_SET_BUF_MEM_EOF_RETURN 130/*return end of input value*/
-#define BIO_C_SET_BIND_MODE 131
-#define BIO_C_GET_BIND_MODE 132
-#define BIO_C_FILE_TELL 133
-#define BIO_C_GET_SOCKS 134
-#define BIO_C_SET_SOCKS 135
-
-#define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */
-#define BIO_C_GET_WRITE_BUF_SIZE 137
-#define BIO_C_MAKE_BIO_PAIR 138
-#define BIO_C_DESTROY_BIO_PAIR 139
-#define BIO_C_GET_WRITE_GUARANTEE 140
-#define BIO_C_GET_READ_REQUEST 141
-#define BIO_C_SHUTDOWN_WR 142
-#define BIO_C_NREAD0 143
-#define BIO_C_NREAD 144
-#define BIO_C_NWRITE0 145
-#define BIO_C_NWRITE 146
-#define BIO_C_RESET_READ_REQUEST 147
-#define BIO_C_SET_MD_CTX 148
-
-
-#define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg)
-#define BIO_get_app_data(s) BIO_get_ex_data(s,0)
-
-/* BIO_s_connect() and BIO_s_socks4a_connect() */
-#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
-#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
-#define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
-#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
-#define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
-#define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
-#define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
-#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
-
-
-#define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
-
-/* BIO_s_accept_socket() */
-#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
-#define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
-/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
-#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL)
-#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
-
-#define BIO_BIND_NORMAL 0
-#define BIO_BIND_REUSEADDR_IF_UNUSED 1
-#define BIO_BIND_REUSEADDR 2
-#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
-#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
-
-#define BIO_do_connect(b) BIO_do_handshake(b)
-#define BIO_do_accept(b) BIO_do_handshake(b)
-#define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
-
-/* BIO_s_proxy_client() */
-#define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
-#define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
-/* BIO_set_nbio(b,n) */
-#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
-/* BIO *BIO_get_filter_bio(BIO *bio); */
-#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))
-#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
-#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
-
-#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
-#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
-#define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
-#define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
-
-#define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
-#define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
-
-#define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
-#define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
-
-#define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
-#define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
-
-/* name is cast to lose const, but might be better to route through a function
- so we can do it safely */
-#ifdef CONST_STRICT
-/* If you are wondering why this isn't defined, its because CONST_STRICT is
- * purely a compile-time kludge to allow const to be checked.
- */
-int BIO_read_filename(BIO *b,const char *name);
-#else
-#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
- BIO_CLOSE|BIO_FP_READ,(char *)name)
-#endif
-#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
- BIO_CLOSE|BIO_FP_WRITE,name)
-#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
- BIO_CLOSE|BIO_FP_APPEND,name)
-#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
- BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
-
-/* WARNING WARNING, this ups the reference count on the read bio of the
- * SSL structure. This is because the ssl read BIO is now pointed to by
- * the next_bio field in the bio. So when you free the BIO, make sure
- * you are doing a BIO_free_all() to catch the underlying BIO. */
-#define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
-#define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
-#define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
-#define BIO_set_ssl_renegotiate_bytes(b,num) \
- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
-#define BIO_get_num_renegotiates(b) \
- BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
-#define BIO_set_ssl_renegotiate_timeout(b,seconds) \
- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
-
-/* defined in evp.h */
-/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
-
-#define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
-#define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
-#define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
-#define BIO_set_mem_eof_return(b,v) \
- BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
-
-/* For the BIO_f_buffer() type */
-#define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
-#define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
-#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
-#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
-#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
-
-/* Don't use the next one unless you know what you are doing :-) */
-#define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
-
-#define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
-#define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
-#define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
-#define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
-#define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
-#define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
-/* ...pending macros have inappropriate return type */
-size_t BIO_ctrl_pending(BIO *b);
-size_t BIO_ctrl_wpending(BIO *b);
-#define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
-#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
- cbp)
-#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
-
-/* For the BIO_f_buffer() type */
-#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
-
-/* For BIO_s_bio() */
-#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
-#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
-#define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
-#define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
-#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
-/* macros with inappropriate type -- but ...pending macros use int too: */
-#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
-#define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
-size_t BIO_ctrl_get_write_guarantee(BIO *b);
-size_t BIO_ctrl_get_read_request(BIO *b);
-int BIO_ctrl_reset_read_request(BIO *b);
-
-/* ctrl macros for dgram */
-#define BIO_ctrl_dgram_connect(b,peer) \
- (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer)
-#define BIO_ctrl_set_connected(b, state, peer) \
- (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer)
-#define BIO_dgram_recv_timedout(b) \
- (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
-#define BIO_dgram_send_timedout(b) \
- (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
-#define BIO_dgram_get_peer(b,peer) \
- (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
-#define BIO_dgram_set_peer(b,peer) \
- (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
-
-/* These two aren't currently implemented */
-/* int BIO_get_ex_num(BIO *bio); */
-/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
-int BIO_set_ex_data(BIO *bio,int idx,void *data);
-void *BIO_get_ex_data(BIO *bio,int idx);
-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-unsigned long BIO_number_read(BIO *bio);
-unsigned long BIO_number_written(BIO *bio);
-
-# ifndef OPENSSL_NO_FP_API
-# if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)
-BIO_METHOD *BIO_s_file_internal(void);
-BIO *BIO_new_file_internal(char *filename, char *mode);
-BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
-# define BIO_s_file BIO_s_file_internal
-# define BIO_new_file BIO_new_file_internal
-# define BIO_new_fp BIO_new_fp_internal
-# else /* FP_API */
-BIO_METHOD *BIO_s_file(void );
-BIO *BIO_new_file(const char *filename, const char *mode);
-BIO *BIO_new_fp(FILE *stream, int close_flag);
-# define BIO_s_file_internal BIO_s_file
-# define BIO_new_file_internal BIO_new_file
-# define BIO_new_fp_internal BIO_s_file
-# endif /* FP_API */
-# endif
-BIO * BIO_new(BIO_METHOD *type);
-int BIO_set(BIO *a,BIO_METHOD *type);
-int BIO_free(BIO *a);
-void BIO_vfree(BIO *a);
-int BIO_read(BIO *b, void *data, int len);
-int BIO_gets(BIO *bp,char *buf, int size);
-int BIO_write(BIO *b, const void *data, int len);
-int BIO_puts(BIO *bp,const char *buf);
-int BIO_indent(BIO *b,int indent,int max);
-long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
-char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
-long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
-BIO * BIO_push(BIO *b,BIO *append);
-BIO * BIO_pop(BIO *b);
-void BIO_free_all(BIO *a);
-BIO * BIO_find_type(BIO *b,int bio_type);
-BIO * BIO_next(BIO *b);
-BIO * BIO_get_retry_BIO(BIO *bio, int *reason);
-int BIO_get_retry_reason(BIO *bio);
-BIO * BIO_dup_chain(BIO *in);
-
-int BIO_nread0(BIO *bio, char **buf);
-int BIO_nread(BIO *bio, char **buf, int num);
-int BIO_nwrite0(BIO *bio, char **buf);
-int BIO_nwrite(BIO *bio, char **buf, int num);
-
-#ifndef OPENSSL_SYS_WIN16
-long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
- long argl,long ret);
-#else
-long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
- long argl,long ret);
-#endif
-
-BIO_METHOD *BIO_s_mem(void);
-BIO *BIO_new_mem_buf(void *buf, int len);
-BIO_METHOD *BIO_s_socket(void);
-BIO_METHOD *BIO_s_connect(void);
-BIO_METHOD *BIO_s_accept(void);
-BIO_METHOD *BIO_s_fd(void);
-#ifndef OPENSSL_SYS_OS2
-BIO_METHOD *BIO_s_log(void);
-#endif
-BIO_METHOD *BIO_s_bio(void);
-BIO_METHOD *BIO_s_null(void);
-BIO_METHOD *BIO_f_null(void);
-BIO_METHOD *BIO_f_buffer(void);
-#ifdef OPENSSL_SYS_VMS
-BIO_METHOD *BIO_f_linebuffer(void);
-#endif
-BIO_METHOD *BIO_f_nbio_test(void);
-#ifndef OPENSSL_NO_DGRAM
-BIO_METHOD *BIO_s_datagram(void);
-#endif
-
-/* BIO_METHOD *BIO_f_ber(void); */
-
-int BIO_sock_should_retry(int i);
-int BIO_sock_non_fatal_error(int error);
-int BIO_dgram_non_fatal_error(int error);
-
-int BIO_fd_should_retry(int i);
-int BIO_fd_non_fatal_error(int error);
-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
- void *u, const char *s, int len);
-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
- void *u, const char *s, int len, int indent);
-int BIO_dump(BIO *b,const char *bytes,int len);
-int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
-#ifndef OPENSSL_NO_FP_API
-int BIO_dump_fp(FILE *fp, const char *s, int len);
-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
-#endif
-struct hostent *BIO_gethostbyname(const char *name);
-/* We might want a thread-safe interface too:
- * struct hostent *BIO_gethostbyname_r(const char *name,
- * struct hostent *result, void *buffer, size_t buflen);
- * or something similar (caller allocates a struct hostent,
- * pointed to by "result", and additional buffer space for the various
- * substructures; if the buffer does not suffice, NULL is returned
- * and an appropriate error code is set).
- */
-int BIO_sock_error(int sock);
-int BIO_socket_ioctl(int fd, long type, void *arg);
-int BIO_socket_nbio(int fd,int mode);
-int BIO_get_port(const char *str, unsigned short *port_ptr);
-int BIO_get_host_ip(const char *str, unsigned char *ip);
-int BIO_get_accept_socket(char *host_port,int mode);
-int BIO_accept(int sock,char **ip_port);
-int BIO_sock_init(void );
-void BIO_sock_cleanup(void);
-int BIO_set_tcp_ndelay(int sock,int turn_on);
-
-BIO *BIO_new_socket(int sock, int close_flag);
-BIO *BIO_new_dgram(int fd, int close_flag);
-BIO *BIO_new_fd(int fd, int close_flag);
-BIO *BIO_new_connect(char *host_port);
-BIO *BIO_new_accept(char *host_port);
-
-int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
- BIO **bio2, size_t writebuf2);
-/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
- * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.
- * Size 0 uses default value.
- */
-
-void BIO_copy_next_retry(BIO *b);
-
-/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
-
-#ifdef __GNUC__
-# define __bio_h__attr__ __attribute__
-#else
-# define __bio_h__attr__(x)
-#endif
-int BIO_printf(BIO *bio, const char *format, ...)
- __bio_h__attr__((__format__(__printf__,2,3)));
-int BIO_vprintf(BIO *bio, const char *format, va_list args)
- __bio_h__attr__((__format__(__printf__,2,0)));
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
- __bio_h__attr__((__format__(__printf__,3,4)));
-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
- __bio_h__attr__((__format__(__printf__,3,0)));
-#undef __bio_h__attr__
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BIO_strings(void);
-
-/* Error codes for the BIO functions. */
-
-/* Function codes. */
-#define BIO_F_ACPT_STATE 100
-#define BIO_F_BIO_ACCEPT 101
-#define BIO_F_BIO_BER_GET_HEADER 102
-#define BIO_F_BIO_CALLBACK_CTRL 131
-#define BIO_F_BIO_CTRL 103
-#define BIO_F_BIO_GETHOSTBYNAME 120
-#define BIO_F_BIO_GETS 104
-#define BIO_F_BIO_GET_ACCEPT_SOCKET 105
-#define BIO_F_BIO_GET_HOST_IP 106
-#define BIO_F_BIO_GET_PORT 107
-#define BIO_F_BIO_MAKE_PAIR 121
-#define BIO_F_BIO_NEW 108
-#define BIO_F_BIO_NEW_FILE 109
-#define BIO_F_BIO_NEW_MEM_BUF 126
-#define BIO_F_BIO_NREAD 123
-#define BIO_F_BIO_NREAD0 124
-#define BIO_F_BIO_NWRITE 125
-#define BIO_F_BIO_NWRITE0 122
-#define BIO_F_BIO_PUTS 110
-#define BIO_F_BIO_READ 111
-#define BIO_F_BIO_SOCK_INIT 112
-#define BIO_F_BIO_WRITE 113
-#define BIO_F_BUFFER_CTRL 114
-#define BIO_F_CONN_CTRL 127
-#define BIO_F_CONN_STATE 115
-#define BIO_F_FILE_CTRL 116
-#define BIO_F_FILE_READ 130
-#define BIO_F_LINEBUFFER_CTRL 129
-#define BIO_F_MEM_READ 128
-#define BIO_F_MEM_WRITE 117
-#define BIO_F_SSL_NEW 118
-#define BIO_F_WSASTARTUP 119
-
-/* Reason codes. */
-#define BIO_R_ACCEPT_ERROR 100
-#define BIO_R_BAD_FOPEN_MODE 101
-#define BIO_R_BAD_HOSTNAME_LOOKUP 102
-#define BIO_R_BROKEN_PIPE 124
-#define BIO_R_CONNECT_ERROR 103
-#define BIO_R_EOF_ON_MEMORY_BIO 127
-#define BIO_R_ERROR_SETTING_NBIO 104
-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105
-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106
-#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107
-#define BIO_R_INVALID_ARGUMENT 125
-#define BIO_R_INVALID_IP_ADDRESS 108
-#define BIO_R_IN_USE 123
-#define BIO_R_KEEPALIVE 109
-#define BIO_R_NBIO_CONNECT_ERROR 110
-#define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111
-#define BIO_R_NO_HOSTNAME_SPECIFIED 112
-#define BIO_R_NO_PORT_DEFINED 113
-#define BIO_R_NO_PORT_SPECIFIED 114
-#define BIO_R_NO_SUCH_FILE 128
-#define BIO_R_NULL_PARAMETER 115
-#define BIO_R_TAG_MISMATCH 116
-#define BIO_R_UNABLE_TO_BIND_SOCKET 117
-#define BIO_R_UNABLE_TO_CREATE_SOCKET 118
-#define BIO_R_UNABLE_TO_LISTEN_SOCKET 119
-#define BIO_R_UNINITIALIZED 120
-#define BIO_R_UNSUPPORTED_METHOD 121
-#define BIO_R_WRITE_TO_READ_ONLY_BIO 126
-#define BIO_R_WSASTARTUP 122
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bio.h (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bio.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bio.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bio.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,811 @@
+/* crypto/bio/bio.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BIO_H
+# define HEADER_BIO_H
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_FP_API
+# include <stdio.h>
+# endif
+# include <stdarg.h>
+
+# include <openssl/crypto.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* These are the 'types' of BIOs */
+# define BIO_TYPE_NONE 0
+# define BIO_TYPE_MEM (1|0x0400)
+# define BIO_TYPE_FILE (2|0x0400)
+
+# define BIO_TYPE_FD (4|0x0400|0x0100)
+# define BIO_TYPE_SOCKET (5|0x0400|0x0100)
+# define BIO_TYPE_NULL (6|0x0400)
+# define BIO_TYPE_SSL (7|0x0200)
+# define BIO_TYPE_MD (8|0x0200)/* passive filter */
+# define BIO_TYPE_BUFFER (9|0x0200)/* filter */
+# define BIO_TYPE_CIPHER (10|0x0200)/* filter */
+# define BIO_TYPE_BASE64 (11|0x0200)/* filter */
+# define BIO_TYPE_CONNECT (12|0x0400|0x0100)/* socket - connect */
+# define BIO_TYPE_ACCEPT (13|0x0400|0x0100)/* socket for accept */
+# define BIO_TYPE_PROXY_CLIENT (14|0x0200)/* client proxy BIO */
+# define BIO_TYPE_PROXY_SERVER (15|0x0200)/* server proxy BIO */
+# define BIO_TYPE_NBIO_TEST (16|0x0200)/* server proxy BIO */
+# define BIO_TYPE_NULL_FILTER (17|0x0200)
+# define BIO_TYPE_BER (18|0x0200)/* BER -> bin filter */
+# define BIO_TYPE_BIO (19|0x0400)/* (half a) BIO pair */
+# define BIO_TYPE_LINEBUFFER (20|0x0200)/* filter */
+# define BIO_TYPE_DGRAM (21|0x0400|0x0100)
+# define BIO_TYPE_COMP (23|0x0200)/* filter */
+
+# define BIO_TYPE_DESCRIPTOR 0x0100/* socket, fd, connect or accept */
+# define BIO_TYPE_FILTER 0x0200
+# define BIO_TYPE_SOURCE_SINK 0x0400
+
+/*
+ * BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
+ * BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ */
+# define BIO_NOCLOSE 0x00
+# define BIO_CLOSE 0x01
+
+/*
+ * These are used in the following macros and are passed to BIO_ctrl()
+ */
+# define BIO_CTRL_RESET 1/* opt - rewind/zero etc */
+# define BIO_CTRL_EOF 2/* opt - are we at the eof */
+# define BIO_CTRL_INFO 3/* opt - extra tit-bits */
+# define BIO_CTRL_SET 4/* man - set the 'IO' type */
+# define BIO_CTRL_GET 5/* man - get the 'IO' type */
+# define BIO_CTRL_PUSH 6/* opt - internal, used to signify change */
+# define BIO_CTRL_POP 7/* opt - internal, used to signify change */
+# define BIO_CTRL_GET_CLOSE 8/* man - set the 'close' on free */
+# define BIO_CTRL_SET_CLOSE 9/* man - set the 'close' on free */
+# define BIO_CTRL_PENDING 10/* opt - is their more data buffered */
+# define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */
+# define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */
+# define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */
+/* callback is int cb(BIO *bio,state,ret); */
+# define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */
+# define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */
+
+# define BIO_CTRL_SET_FILENAME 30/* BIO_s_file special */
+
+/* dgram BIO stuff */
+# define BIO_CTRL_DGRAM_CONNECT 31/* BIO dgram special */
+# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected
+ * socket to be passed in */
+# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */
+# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */
+# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */
+
+# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */
+
+/* #ifdef IP_MTU_DISCOVER */
+# define BIO_CTRL_DGRAM_MTU_DISCOVER 39/* set DF bit on egress packets */
+/* #endif */
+
+# define BIO_CTRL_DGRAM_QUERY_MTU 40/* as kernel for current MTU */
+# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47
+# define BIO_CTRL_DGRAM_GET_MTU 41/* get cached value for MTU */
+# define BIO_CTRL_DGRAM_SET_MTU 42/* set cached value for MTU.
+ * want to use this if asking
+ * the kernel fails */
+
+# define BIO_CTRL_DGRAM_MTU_EXCEEDED 43/* check whether the MTU was
+ * exceed in the previous write
+ * operation */
+
+# define BIO_CTRL_DGRAM_GET_PEER 46
+# define BIO_CTRL_DGRAM_SET_PEER 44/* Destination for the data */
+
+# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45/* Next DTLS handshake timeout
+ * to * adjust socket timeouts */
+
+/* modifiers */
+# define BIO_FP_READ 0x02
+# define BIO_FP_WRITE 0x04
+# define BIO_FP_APPEND 0x08
+# define BIO_FP_TEXT 0x10
+
+# define BIO_FLAGS_READ 0x01
+# define BIO_FLAGS_WRITE 0x02
+# define BIO_FLAGS_IO_SPECIAL 0x04
+# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+# define BIO_FLAGS_SHOULD_RETRY 0x08
+# ifndef BIO_FLAGS_UPLINK
+/*
+ * "UPLINK" flag denotes file descriptors provided by application. It
+ * defaults to 0, as most platforms don't require UPLINK interface.
+ */
+# define BIO_FLAGS_UPLINK 0
+# endif
+
+/* Used in BIO_gethostbyname() */
+# define BIO_GHBN_CTRL_HITS 1
+# define BIO_GHBN_CTRL_MISSES 2
+# define BIO_GHBN_CTRL_CACHE_SIZE 3
+# define BIO_GHBN_CTRL_GET_ENTRY 4
+# define BIO_GHBN_CTRL_FLUSH 5
+
+/* Mostly used in the SSL BIO */
+/*-
+ * Not used anymore
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10
+ * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20
+ * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40
+ */
+
+# define BIO_FLAGS_BASE64_NO_NL 0x100
+
+/*
+ * This is used with memory BIOs: it means we shouldn't free up or change the
+ * data in any way.
+ */
+# define BIO_FLAGS_MEM_RDONLY 0x200
+
+typedef struct bio_st BIO;
+
+void BIO_set_flags(BIO *b, int flags);
+int BIO_test_flags(const BIO *b, int flags);
+void BIO_clear_flags(BIO *b, int flags);
+
+# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
+# define BIO_set_retry_special(b) \
+ BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_set_retry_read(b) \
+ BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_set_retry_write(b) \
+ BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+
+/* These are normally used internally in BIOs */
+# define BIO_clear_retry_flags(b) \
+ BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_get_retry_flags(b) \
+ BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+
+/* These should be used by the application to tell why we should retry */
+# define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ)
+# define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE)
+# define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
+# define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS)
+# define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
+
+/*
+ * The next three are used in conjunction with the BIO_should_io_special()
+ * condition. After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int
+ * *reason); will walk the BIO stack and return the 'reason' for the special
+ * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return
+ * the code.
+ */
+/*
+ * Returned from the SSL bio when the certificate retrieval code had an error
+ */
+# define BIO_RR_SSL_X509_LOOKUP 0x01
+/* Returned from the connect BIO when a connect would have blocked */
+# define BIO_RR_CONNECT 0x02
+/* Returned from the accept BIO when an accept would have blocked */
+# define BIO_RR_ACCEPT 0x03
+
+/* These are passed by the BIO callback */
+# define BIO_CB_FREE 0x01
+# define BIO_CB_READ 0x02
+# define BIO_CB_WRITE 0x03
+# define BIO_CB_PUTS 0x04
+# define BIO_CB_GETS 0x05
+# define BIO_CB_CTRL 0x06
+
+/*
+ * The callback is called before and after the underling operation, The
+ * BIO_CB_RETURN flag indicates if it is after the call
+ */
+# define BIO_CB_RETURN 0x80
+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
+# define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN))
+# define BIO_cb_post(a) ((a)&BIO_CB_RETURN)
+
+long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
+ int, long, long);
+void BIO_set_callback(BIO *b,
+ long (*callback) (struct bio_st *, int, const char *,
+ int, long, long));
+char *BIO_get_callback_arg(const BIO *b);
+void BIO_set_callback_arg(BIO *b, char *arg);
+
+const char *BIO_method_name(const BIO *b);
+int BIO_method_type(const BIO *b);
+
+typedef void bio_info_cb (struct bio_st *, int, const char *, int, long,
+ long);
+
+# ifndef OPENSSL_SYS_WIN16
+typedef struct bio_method_st {
+ int type;
+ const char *name;
+ int (*bwrite) (BIO *, const char *, int);
+ int (*bread) (BIO *, char *, int);
+ int (*bputs) (BIO *, const char *);
+ int (*bgets) (BIO *, char *, int);
+ long (*ctrl) (BIO *, int, long, void *);
+ int (*create) (BIO *);
+ int (*destroy) (BIO *);
+ long (*callback_ctrl) (BIO *, int, bio_info_cb *);
+} BIO_METHOD;
+# else
+typedef struct bio_method_st {
+ int type;
+ const char *name;
+ int (_far * bwrite) ();
+ int (_far * bread) ();
+ int (_far * bputs) ();
+ int (_far * bgets) ();
+ long (_far * ctrl) ();
+ int (_far * create) ();
+ int (_far * destroy) ();
+ long (_far * callback_ctrl) ();
+} BIO_METHOD;
+# endif
+
+struct bio_st {
+ BIO_METHOD *method;
+ /* bio, mode, argp, argi, argl, ret */
+ long (*callback) (struct bio_st *, int, const char *, int, long, long);
+ char *cb_arg; /* first argument for the callback */
+ int init;
+ int shutdown;
+ int flags; /* extra storage */
+ int retry_reason;
+ int num;
+ void *ptr;
+ struct bio_st *next_bio; /* used by filter BIOs */
+ struct bio_st *prev_bio; /* used by filter BIOs */
+ int references;
+ unsigned long num_read;
+ unsigned long num_write;
+ CRYPTO_EX_DATA ex_data;
+};
+
+DECLARE_STACK_OF(BIO)
+
+typedef struct bio_f_buffer_ctx_struct {
+ /*-
+ * Buffers are setup like this:
+ *
+ * <---------------------- size ----------------------->
+ * +---------------------------------------------------+
+ * | consumed | remaining | free space |
+ * +---------------------------------------------------+
+ * <-- off --><------- len ------->
+ */
+ /*- BIO *bio; *//*
+ * this is now in the BIO struct
+ */
+ int ibuf_size; /* how big is the input buffer */
+ int obuf_size; /* how big is the output buffer */
+ char *ibuf; /* the char array */
+ int ibuf_len; /* how many bytes are in it */
+ int ibuf_off; /* write/read offset */
+ char *obuf; /* the char array */
+ int obuf_len; /* how many bytes are in it */
+ int obuf_off; /* write/read offset */
+} BIO_F_BUFFER_CTX;
+
+/* connect BIO stuff */
+# define BIO_CONN_S_BEFORE 1
+# define BIO_CONN_S_GET_IP 2
+# define BIO_CONN_S_GET_PORT 3
+# define BIO_CONN_S_CREATE_SOCKET 4
+# define BIO_CONN_S_CONNECT 5
+# define BIO_CONN_S_OK 6
+# define BIO_CONN_S_BLOCKED_CONNECT 7
+# define BIO_CONN_S_NBIO 8
+/*
+ * #define BIO_CONN_get_param_hostname BIO_ctrl
+ */
+
+# define BIO_C_SET_CONNECT 100
+# define BIO_C_DO_STATE_MACHINE 101
+# define BIO_C_SET_NBIO 102
+# define BIO_C_SET_PROXY_PARAM 103
+# define BIO_C_SET_FD 104
+# define BIO_C_GET_FD 105
+# define BIO_C_SET_FILE_PTR 106
+# define BIO_C_GET_FILE_PTR 107
+# define BIO_C_SET_FILENAME 108
+# define BIO_C_SET_SSL 109
+# define BIO_C_GET_SSL 110
+# define BIO_C_SET_MD 111
+# define BIO_C_GET_MD 112
+# define BIO_C_GET_CIPHER_STATUS 113
+# define BIO_C_SET_BUF_MEM 114
+# define BIO_C_GET_BUF_MEM_PTR 115
+# define BIO_C_GET_BUFF_NUM_LINES 116
+# define BIO_C_SET_BUFF_SIZE 117
+# define BIO_C_SET_ACCEPT 118
+# define BIO_C_SSL_MODE 119
+# define BIO_C_GET_MD_CTX 120
+# define BIO_C_GET_PROXY_PARAM 121
+# define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */
+# define BIO_C_GET_CONNECT 123
+# define BIO_C_GET_ACCEPT 124
+# define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125
+# define BIO_C_GET_SSL_NUM_RENEGOTIATES 126
+# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127
+# define BIO_C_FILE_SEEK 128
+# define BIO_C_GET_CIPHER_CTX 129
+# define BIO_C_SET_BUF_MEM_EOF_RETURN 130/* return end of input
+ * value */
+# define BIO_C_SET_BIND_MODE 131
+# define BIO_C_GET_BIND_MODE 132
+# define BIO_C_FILE_TELL 133
+# define BIO_C_GET_SOCKS 134
+# define BIO_C_SET_SOCKS 135
+
+# define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */
+# define BIO_C_GET_WRITE_BUF_SIZE 137
+# define BIO_C_MAKE_BIO_PAIR 138
+# define BIO_C_DESTROY_BIO_PAIR 139
+# define BIO_C_GET_WRITE_GUARANTEE 140
+# define BIO_C_GET_READ_REQUEST 141
+# define BIO_C_SHUTDOWN_WR 142
+# define BIO_C_NREAD0 143
+# define BIO_C_NREAD 144
+# define BIO_C_NWRITE0 145
+# define BIO_C_NWRITE 146
+# define BIO_C_RESET_READ_REQUEST 147
+# define BIO_C_SET_MD_CTX 148
+
+# define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg)
+# define BIO_get_app_data(s) BIO_get_ex_data(s,0)
+
+/* BIO_s_connect() and BIO_s_socks4a_connect() */
+# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
+# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
+# define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip)
+# define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
+# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
+# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
+# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
+# define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0)
+
+# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
+/* BIO_s_accept_socket() */
+# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name)
+# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)
+/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
+# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL)
+# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio)
+
+# define BIO_BIND_NORMAL 0
+# define BIO_BIND_REUSEADDR_IF_UNUSED 1
+# define BIO_BIND_REUSEADDR 2
+# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
+# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+
+# define BIO_do_connect(b) BIO_do_handshake(b)
+# define BIO_do_accept(b) BIO_do_handshake(b)
+# define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+
+/* BIO_s_proxy_client() */
+# define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url))
+# define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p))
+/* BIO_set_nbio(b,n) */
+# define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
+/* BIO *BIO_get_filter_bio(BIO *bio); */
+# define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))
+# define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
+# define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
+
+# define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp)
+# define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p))
+# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url))
+# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL)
+
+# define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+# define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+
+# define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp)
+# define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp)
+
+# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
+# define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
+
+/*
+ * name is cast to lose const, but might be better to route through a
+ * function so we can do it safely
+ */
+# ifdef CONST_STRICT
+/*
+ * If you are wondering why this isn't defined, its because CONST_STRICT is
+ * purely a compile-time kludge to allow const to be checked.
+ */
+int BIO_read_filename(BIO *b, const char *name);
+# else
+# define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+ BIO_CLOSE|BIO_FP_READ,(char *)name)
+# endif
+# define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+ BIO_CLOSE|BIO_FP_WRITE,name)
+# define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+ BIO_CLOSE|BIO_FP_APPEND,name)
+# define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
+ BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
+
+/*
+ * WARNING WARNING, this ups the reference count on the read bio of the SSL
+ * structure. This is because the ssl read BIO is now pointed to by the
+ * next_bio field in the bio. So when you free the BIO, make sure you are
+ * doing a BIO_free_all() to catch the underlying BIO.
+ */
+# define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
+# define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+# define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+# define BIO_set_ssl_renegotiate_bytes(b,num) \
+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+# define BIO_get_num_renegotiates(b) \
+ BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
+# define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+ BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+
+/* defined in evp.h */
+/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
+
+# define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp)
+# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm)
+# define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp)
+# define BIO_set_mem_eof_return(b,v) \
+ BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
+
+/* For the BIO_f_buffer() type */
+# define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+# define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+
+/* Don't use the next one unless you know what you are doing :-) */
+# define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
+
+# define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
+# define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
+# define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
+# define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
+# define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+# define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+/* ...pending macros have inappropriate return type */
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
+# define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
+# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
+ cbp)
+# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
+
+/* For the BIO_f_buffer() type */
+# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
+
+/* For BIO_s_bio() */
+# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+# define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+# define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+/* macros with inappropriate type -- but ...pending macros use int too: */
+# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+# define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+int BIO_ctrl_reset_read_request(BIO *b);
+
+/* ctrl macros for dgram */
+# define BIO_ctrl_dgram_connect(b,peer) \
+ (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer)
+# define BIO_ctrl_set_connected(b, state, peer) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer)
+# define BIO_dgram_recv_timedout(b) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
+# define BIO_dgram_send_timedout(b) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
+# define BIO_dgram_get_peer(b,peer) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer)
+# define BIO_dgram_set_peer(b,peer) \
+ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
+
+/* These two aren't currently implemented */
+/* int BIO_get_ex_num(BIO *bio); */
+/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
+int BIO_set_ex_data(BIO *bio, int idx, void *data);
+void *BIO_get_ex_data(BIO *bio, int idx);
+int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+unsigned long BIO_number_read(BIO *bio);
+unsigned long BIO_number_written(BIO *bio);
+
+# ifndef OPENSSL_NO_FP_API
+# if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)
+BIO_METHOD *BIO_s_file_internal(void);
+BIO *BIO_new_file_internal(char *filename, char *mode);
+BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
+# define BIO_s_file BIO_s_file_internal
+# define BIO_new_file BIO_new_file_internal
+# define BIO_new_fp BIO_new_fp_internal
+# else /* FP_API */
+BIO_METHOD *BIO_s_file(void);
+BIO *BIO_new_file(const char *filename, const char *mode);
+BIO *BIO_new_fp(FILE *stream, int close_flag);
+# define BIO_s_file_internal BIO_s_file
+# define BIO_new_file_internal BIO_new_file
+# define BIO_new_fp_internal BIO_s_file
+# endif /* FP_API */
+# endif
+BIO *BIO_new(BIO_METHOD *type);
+int BIO_set(BIO *a, BIO_METHOD *type);
+int BIO_free(BIO *a);
+void BIO_vfree(BIO *a);
+int BIO_read(BIO *b, void *data, int len);
+int BIO_gets(BIO *bp, char *buf, int size);
+int BIO_write(BIO *b, const void *data, int len);
+int BIO_puts(BIO *bp, const char *buf);
+int BIO_indent(BIO *b, int indent, int max);
+long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
+long BIO_callback_ctrl(BIO *b, int cmd,
+ void (*fp) (struct bio_st *, int, const char *, int,
+ long, long));
+char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
+BIO *BIO_push(BIO *b, BIO *append);
+BIO *BIO_pop(BIO *b);
+void BIO_free_all(BIO *a);
+BIO *BIO_find_type(BIO *b, int bio_type);
+BIO *BIO_next(BIO *b);
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
+int BIO_get_retry_reason(BIO *bio);
+BIO *BIO_dup_chain(BIO *in);
+
+int BIO_nread0(BIO *bio, char **buf);
+int BIO_nread(BIO *bio, char **buf, int num);
+int BIO_nwrite0(BIO *bio, char **buf);
+int BIO_nwrite(BIO *bio, char **buf, int num);
+
+# ifndef OPENSSL_SYS_WIN16
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
+ long argl, long ret);
+# else
+long _far _loadds BIO_debug_callback(BIO *bio, int cmd, const char *argp,
+ int argi, long argl, long ret);
+# endif
+
+BIO_METHOD *BIO_s_mem(void);
+BIO *BIO_new_mem_buf(void *buf, int len);
+BIO_METHOD *BIO_s_socket(void);
+BIO_METHOD *BIO_s_connect(void);
+BIO_METHOD *BIO_s_accept(void);
+BIO_METHOD *BIO_s_fd(void);
+# ifndef OPENSSL_SYS_OS2
+BIO_METHOD *BIO_s_log(void);
+# endif
+BIO_METHOD *BIO_s_bio(void);
+BIO_METHOD *BIO_s_null(void);
+BIO_METHOD *BIO_f_null(void);
+BIO_METHOD *BIO_f_buffer(void);
+# ifdef OPENSSL_SYS_VMS
+BIO_METHOD *BIO_f_linebuffer(void);
+# endif
+BIO_METHOD *BIO_f_nbio_test(void);
+# ifndef OPENSSL_NO_DGRAM
+BIO_METHOD *BIO_s_datagram(void);
+# endif
+
+/* BIO_METHOD *BIO_f_ber(void); */
+
+int BIO_sock_should_retry(int i);
+int BIO_sock_non_fatal_error(int error);
+int BIO_dgram_non_fatal_error(int error);
+
+int BIO_fd_should_retry(int i);
+int BIO_fd_non_fatal_error(int error);
+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
+ void *u, const char *s, int len);
+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
+ void *u, const char *s, int len, int indent);
+int BIO_dump(BIO *b, const char *bytes, int len);
+int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent);
+# ifndef OPENSSL_NO_FP_API
+int BIO_dump_fp(FILE *fp, const char *s, int len);
+int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
+# endif
+struct hostent *BIO_gethostbyname(const char *name);
+/*-
+ * We might want a thread-safe interface too:
+ * struct hostent *BIO_gethostbyname_r(const char *name,
+ * struct hostent *result, void *buffer, size_t buflen);
+ * or something similar (caller allocates a struct hostent,
+ * pointed to by "result", and additional buffer space for the various
+ * substructures; if the buffer does not suffice, NULL is returned
+ * and an appropriate error code is set).
+ */
+int BIO_sock_error(int sock);
+int BIO_socket_ioctl(int fd, long type, void *arg);
+int BIO_socket_nbio(int fd, int mode);
+int BIO_get_port(const char *str, unsigned short *port_ptr);
+int BIO_get_host_ip(const char *str, unsigned char *ip);
+int BIO_get_accept_socket(char *host_port, int mode);
+int BIO_accept(int sock, char **ip_port);
+int BIO_sock_init(void);
+void BIO_sock_cleanup(void);
+int BIO_set_tcp_ndelay(int sock, int turn_on);
+
+BIO *BIO_new_socket(int sock, int close_flag);
+BIO *BIO_new_dgram(int fd, int close_flag);
+BIO *BIO_new_fd(int fd, int close_flag);
+BIO *BIO_new_connect(char *host_port);
+BIO *BIO_new_accept(char *host_port);
+
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
+ BIO **bio2, size_t writebuf2);
+/*
+ * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
+ * value.
+ */
+
+void BIO_copy_next_retry(BIO *b);
+
+/*
+ * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
+ */
+
+# ifdef __GNUC__
+# define __bio_h__attr__ __attribute__
+# else
+# define __bio_h__attr__(x)
+# endif
+int BIO_printf(BIO *bio, const char *format, ...)
+__bio_h__attr__((__format__(__printf__, 2, 3)));
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+__bio_h__attr__((__format__(__printf__, 2, 0)));
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+__bio_h__attr__((__format__(__printf__, 3, 4)));
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+__bio_h__attr__((__format__(__printf__, 3, 0)));
+# undef __bio_h__attr__
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BIO_strings(void);
+
+/* Error codes for the BIO functions. */
+
+/* Function codes. */
+# define BIO_F_ACPT_STATE 100
+# define BIO_F_BIO_ACCEPT 101
+# define BIO_F_BIO_BER_GET_HEADER 102
+# define BIO_F_BIO_CALLBACK_CTRL 131
+# define BIO_F_BIO_CTRL 103
+# define BIO_F_BIO_GETHOSTBYNAME 120
+# define BIO_F_BIO_GETS 104
+# define BIO_F_BIO_GET_ACCEPT_SOCKET 105
+# define BIO_F_BIO_GET_HOST_IP 106
+# define BIO_F_BIO_GET_PORT 107
+# define BIO_F_BIO_MAKE_PAIR 121
+# define BIO_F_BIO_NEW 108
+# define BIO_F_BIO_NEW_FILE 109
+# define BIO_F_BIO_NEW_MEM_BUF 126
+# define BIO_F_BIO_NREAD 123
+# define BIO_F_BIO_NREAD0 124
+# define BIO_F_BIO_NWRITE 125
+# define BIO_F_BIO_NWRITE0 122
+# define BIO_F_BIO_PUTS 110
+# define BIO_F_BIO_READ 111
+# define BIO_F_BIO_SOCK_INIT 112
+# define BIO_F_BIO_WRITE 113
+# define BIO_F_BUFFER_CTRL 114
+# define BIO_F_CONN_CTRL 127
+# define BIO_F_CONN_STATE 115
+# define BIO_F_FILE_CTRL 116
+# define BIO_F_FILE_READ 130
+# define BIO_F_LINEBUFFER_CTRL 129
+# define BIO_F_MEM_READ 128
+# define BIO_F_MEM_WRITE 117
+# define BIO_F_SSL_NEW 118
+# define BIO_F_WSASTARTUP 119
+
+/* Reason codes. */
+# define BIO_R_ACCEPT_ERROR 100
+# define BIO_R_BAD_FOPEN_MODE 101
+# define BIO_R_BAD_HOSTNAME_LOOKUP 102
+# define BIO_R_BROKEN_PIPE 124
+# define BIO_R_CONNECT_ERROR 103
+# define BIO_R_EOF_ON_MEMORY_BIO 127
+# define BIO_R_ERROR_SETTING_NBIO 104
+# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105
+# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106
+# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107
+# define BIO_R_INVALID_ARGUMENT 125
+# define BIO_R_INVALID_IP_ADDRESS 108
+# define BIO_R_IN_USE 123
+# define BIO_R_KEEPALIVE 109
+# define BIO_R_NBIO_CONNECT_ERROR 110
+# define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111
+# define BIO_R_NO_HOSTNAME_SPECIFIED 112
+# define BIO_R_NO_PORT_DEFINED 113
+# define BIO_R_NO_PORT_SPECIFIED 114
+# define BIO_R_NO_SUCH_FILE 128
+# define BIO_R_NULL_PARAMETER 115
+# define BIO_R_TAG_MISMATCH 116
+# define BIO_R_UNABLE_TO_BIND_SOCKET 117
+# define BIO_R_UNABLE_TO_CREATE_SOCKET 118
+# define BIO_R_UNABLE_TO_LISTEN_SOCKET 119
+# define BIO_R_UNINITIALIZED 120
+# define BIO_R_UNSUPPORTED_METHOD 121
+# define BIO_R_WRITE_TO_READ_ONLY_BIO 126
+# define BIO_R_WSASTARTUP 122
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_cb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bio_cb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_cb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,139 +0,0 @@
-/* crypto/bio/bio_cb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-
-long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
- int argi, long argl, long ret)
- {
- BIO *b;
- MS_STATIC char buf[256];
- char *p;
- long r=1;
- size_t p_maxlen;
-
- if (BIO_CB_RETURN & cmd)
- r=ret;
-
- BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
- p= &(buf[14]);
- p_maxlen = sizeof buf - 14;
- switch (cmd)
- {
- case BIO_CB_FREE:
- BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
- break;
- case BIO_CB_READ:
- if (bio->method->type & BIO_TYPE_DESCRIPTOR)
- BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
- bio->num,argi,bio->method->name,bio->num);
- else
- BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
- bio->num,argi,bio->method->name);
- break;
- case BIO_CB_WRITE:
- if (bio->method->type & BIO_TYPE_DESCRIPTOR)
- BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
- bio->num,argi,bio->method->name,bio->num);
- else
- BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
- bio->num,argi,bio->method->name);
- break;
- case BIO_CB_PUTS:
- BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
- break;
- case BIO_CB_GETS:
- BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
- break;
- case BIO_CB_CTRL:
- BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
- break;
- case BIO_CB_RETURN|BIO_CB_READ:
- BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
- break;
- case BIO_CB_RETURN|BIO_CB_WRITE:
- BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
- break;
- case BIO_CB_RETURN|BIO_CB_GETS:
- BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
- break;
- case BIO_CB_RETURN|BIO_CB_PUTS:
- BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
- break;
- case BIO_CB_RETURN|BIO_CB_CTRL:
- BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
- break;
- default:
- BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
- break;
- }
-
- b=(BIO *)bio->cb_arg;
- if (b != NULL)
- BIO_write(b,buf,strlen(buf));
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
- else
- fputs(buf,stderr);
-#endif
- return(r);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_cb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bio_cb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_cb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_cb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,138 @@
+/* crypto/bio/bio_cb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
+ int argi, long argl, long ret)
+{
+ BIO *b;
+ MS_STATIC char buf[256];
+ char *p;
+ long r = 1;
+ size_t p_maxlen;
+
+ if (BIO_CB_RETURN & cmd)
+ r = ret;
+
+ BIO_snprintf(buf, sizeof buf, "BIO[%08lX]:", (unsigned long)bio);
+ p = &(buf[14]);
+ p_maxlen = sizeof buf - 14;
+ switch (cmd) {
+ case BIO_CB_FREE:
+ BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name);
+ break;
+ case BIO_CB_READ:
+ if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+ BIO_snprintf(p, p_maxlen, "read(%d,%d) - %s fd=%d\n",
+ bio->num, argi, bio->method->name, bio->num);
+ else
+ BIO_snprintf(p, p_maxlen, "read(%d,%d) - %s\n",
+ bio->num, argi, bio->method->name);
+ break;
+ case BIO_CB_WRITE:
+ if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+ BIO_snprintf(p, p_maxlen, "write(%d,%d) - %s fd=%d\n",
+ bio->num, argi, bio->method->name, bio->num);
+ else
+ BIO_snprintf(p, p_maxlen, "write(%d,%d) - %s\n",
+ bio->num, argi, bio->method->name);
+ break;
+ case BIO_CB_PUTS:
+ BIO_snprintf(p, p_maxlen, "puts() - %s\n", bio->method->name);
+ break;
+ case BIO_CB_GETS:
+ BIO_snprintf(p, p_maxlen, "gets(%d) - %s\n", argi, bio->method->name);
+ break;
+ case BIO_CB_CTRL:
+ BIO_snprintf(p, p_maxlen, "ctrl(%d) - %s\n", argi, bio->method->name);
+ break;
+ case BIO_CB_RETURN | BIO_CB_READ:
+ BIO_snprintf(p, p_maxlen, "read return %ld\n", ret);
+ break;
+ case BIO_CB_RETURN | BIO_CB_WRITE:
+ BIO_snprintf(p, p_maxlen, "write return %ld\n", ret);
+ break;
+ case BIO_CB_RETURN | BIO_CB_GETS:
+ BIO_snprintf(p, p_maxlen, "gets return %ld\n", ret);
+ break;
+ case BIO_CB_RETURN | BIO_CB_PUTS:
+ BIO_snprintf(p, p_maxlen, "puts return %ld\n", ret);
+ break;
+ case BIO_CB_RETURN | BIO_CB_CTRL:
+ BIO_snprintf(p, p_maxlen, "ctrl return %ld\n", ret);
+ break;
+ default:
+ BIO_snprintf(p, p_maxlen, "bio callback - unknown type (%d)\n", cmd);
+ break;
+ }
+
+ b = (BIO *)bio->cb_arg;
+ if (b != NULL)
+ BIO_write(b, buf, strlen(buf));
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+ else
+ fputs(buf, stderr);
+#endif
+ return (r);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bio_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,154 +0,0 @@
-/* crypto/bio/bio_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/bio.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
-
-static ERR_STRING_DATA BIO_str_functs[]=
- {
-{ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"},
-{ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
-{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"},
-{ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"},
-{ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"},
-{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"},
-{ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"},
-{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"},
-{ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
-{ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
-{ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"},
-{ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
-{ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
-{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},
-{ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},
-{ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"},
-{ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"},
-{ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"},
-{ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"},
-{ERR_FUNC(BIO_F_BIO_READ), "BIO_read"},
-{ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
-{ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"},
-{ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"},
-{ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"},
-{ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"},
-{ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"},
-{ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"},
-{ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"},
-{ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"},
-{ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"},
-{ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"},
-{ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA BIO_str_reasons[]=
- {
-{ERR_REASON(BIO_R_ACCEPT_ERROR) ,"accept error"},
-{ERR_REASON(BIO_R_BAD_FOPEN_MODE) ,"bad fopen mode"},
-{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP) ,"bad hostname lookup"},
-{ERR_REASON(BIO_R_BROKEN_PIPE) ,"broken pipe"},
-{ERR_REASON(BIO_R_CONNECT_ERROR) ,"connect error"},
-{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO) ,"EOF on memory BIO"},
-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO) ,"error setting nbio"},
-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"},
-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"},
-{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"},
-{ERR_REASON(BIO_R_INVALID_ARGUMENT) ,"invalid argument"},
-{ERR_REASON(BIO_R_INVALID_IP_ADDRESS) ,"invalid ip address"},
-{ERR_REASON(BIO_R_IN_USE) ,"in use"},
-{ERR_REASON(BIO_R_KEEPALIVE) ,"keepalive"},
-{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR) ,"nbio connect error"},
-{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"},
-{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"},
-{ERR_REASON(BIO_R_NO_PORT_DEFINED) ,"no port defined"},
-{ERR_REASON(BIO_R_NO_PORT_SPECIFIED) ,"no port specified"},
-{ERR_REASON(BIO_R_NO_SUCH_FILE) ,"no such file"},
-{ERR_REASON(BIO_R_NULL_PARAMETER) ,"null parameter"},
-{ERR_REASON(BIO_R_TAG_MISMATCH) ,"tag mismatch"},
-{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"},
-{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"},
-{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"},
-{ERR_REASON(BIO_R_UNINITIALIZED) ,"uninitialized"},
-{ERR_REASON(BIO_R_UNSUPPORTED_METHOD) ,"unsupported method"},
-{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"},
-{ERR_REASON(BIO_R_WSASTARTUP) ,"WSAStartup"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_BIO_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(BIO_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,BIO_str_functs);
- ERR_load_strings(0,BIO_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bio_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,155 @@
+/* crypto/bio/bio_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
+
+static ERR_STRING_DATA BIO_str_functs[] = {
+ {ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"},
+ {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
+ {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"},
+ {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"},
+ {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"},
+ {ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"},
+ {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"},
+ {ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"},
+ {ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
+ {ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
+ {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"},
+ {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
+ {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
+ {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},
+ {ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},
+ {ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"},
+ {ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"},
+ {ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"},
+ {ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"},
+ {ERR_FUNC(BIO_F_BIO_READ), "BIO_read"},
+ {ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
+ {ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"},
+ {ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"},
+ {ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"},
+ {ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"},
+ {ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"},
+ {ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"},
+ {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"},
+ {ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"},
+ {ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"},
+ {ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"},
+ {ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA BIO_str_reasons[] = {
+ {ERR_REASON(BIO_R_ACCEPT_ERROR), "accept error"},
+ {ERR_REASON(BIO_R_BAD_FOPEN_MODE), "bad fopen mode"},
+ {ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP), "bad hostname lookup"},
+ {ERR_REASON(BIO_R_BROKEN_PIPE), "broken pipe"},
+ {ERR_REASON(BIO_R_CONNECT_ERROR), "connect error"},
+ {ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO), "EOF on memory BIO"},
+ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO), "error setting nbio"},
+ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),
+ "error setting nbio on accepted socket"},
+ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),
+ "error setting nbio on accept socket"},
+ {ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),
+ "gethostbyname addr is not af inet"},
+ {ERR_REASON(BIO_R_INVALID_ARGUMENT), "invalid argument"},
+ {ERR_REASON(BIO_R_INVALID_IP_ADDRESS), "invalid ip address"},
+ {ERR_REASON(BIO_R_IN_USE), "in use"},
+ {ERR_REASON(BIO_R_KEEPALIVE), "keepalive"},
+ {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"},
+ {ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED), "no accept port specified"},
+ {ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED), "no hostname specified"},
+ {ERR_REASON(BIO_R_NO_PORT_DEFINED), "no port defined"},
+ {ERR_REASON(BIO_R_NO_PORT_SPECIFIED), "no port specified"},
+ {ERR_REASON(BIO_R_NO_SUCH_FILE), "no such file"},
+ {ERR_REASON(BIO_R_NULL_PARAMETER), "null parameter"},
+ {ERR_REASON(BIO_R_TAG_MISMATCH), "tag mismatch"},
+ {ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET), "unable to bind socket"},
+ {ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"},
+ {ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET), "unable to listen socket"},
+ {ERR_REASON(BIO_R_UNINITIALIZED), "uninitialized"},
+ {ERR_REASON(BIO_R_UNSUPPORTED_METHOD), "unsupported method"},
+ {ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO), "write to read only BIO"},
+ {ERR_REASON(BIO_R_WSASTARTUP), "WSAStartup"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_BIO_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, BIO_str_functs);
+ ERR_load_strings(0, BIO_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lcl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bio_lcl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,28 +0,0 @@
-#include <openssl/bio.h>
-
-#if BIO_FLAGS_UPLINK==0
-/* Shortcut UPLINK calls on most platforms... */
-#define UP_stdin stdin
-#define UP_stdout stdout
-#define UP_stderr stderr
-#define UP_fprintf fprintf
-#define UP_fgets fgets
-#define UP_fread fread
-#define UP_fwrite fwrite
-#undef UP_fsetmod
-#define UP_feof feof
-#define UP_fclose fclose
-
-#define UP_fopen fopen
-#define UP_fseek fseek
-#define UP_ftell ftell
-#define UP_fflush fflush
-#define UP_ferror ferror
-#define UP_fileno fileno
-
-#define UP_open open
-#define UP_read read
-#define UP_write write
-#define UP_lseek lseek
-#define UP_close close
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lcl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bio_lcl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lcl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,28 @@
+#include <openssl/bio.h>
+
+#if BIO_FLAGS_UPLINK==0
+/* Shortcut UPLINK calls on most platforms... */
+# define UP_stdin stdin
+# define UP_stdout stdout
+# define UP_stderr stderr
+# define UP_fprintf fprintf
+# define UP_fgets fgets
+# define UP_fread fread
+# define UP_fwrite fwrite
+# undef UP_fsetmod
+# define UP_feof feof
+# define UP_fclose fclose
+
+# define UP_fopen fopen
+# define UP_fseek fseek
+# define UP_ftell ftell
+# define UP_fflush fflush
+# define UP_ferror ferror
+# define UP_fileno fileno
+
+# define UP_open open
+# define UP_read read
+# define UP_write write
+# define UP_lseek lseek
+# define UP_close close
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bio_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,602 +0,0 @@
-/* crypto/bio/bio_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/stack.h>
-
-BIO *BIO_new(BIO_METHOD *method)
- {
- BIO *ret=NULL;
-
- ret=(BIO *)OPENSSL_malloc(sizeof(BIO));
- if (ret == NULL)
- {
- BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- if (!BIO_set(ret,method))
- {
- OPENSSL_free(ret);
- ret=NULL;
- }
- return(ret);
- }
-
-int BIO_set(BIO *bio, BIO_METHOD *method)
- {
- bio->method=method;
- bio->callback=NULL;
- bio->cb_arg=NULL;
- bio->init=0;
- bio->shutdown=1;
- bio->flags=0;
- bio->retry_reason=0;
- bio->num=0;
- bio->ptr=NULL;
- bio->prev_bio=NULL;
- bio->next_bio=NULL;
- bio->references=1;
- bio->num_read=0L;
- bio->num_write=0L;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
- if (method->create != NULL)
- if (!method->create(bio))
- {
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,
- &bio->ex_data);
- return(0);
- }
- return(1);
- }
-
-int BIO_free(BIO *a)
- {
- int i;
-
- if (a == NULL) return(0);
-
- i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO);
-#ifdef REF_PRINT
- REF_PRINT("BIO",a);
-#endif
- if (i > 0) return(1);
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"BIO_free, bad reference count\n");
- abort();
- }
-#endif
- if ((a->callback != NULL) &&
- ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
- return(i);
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
-
- if ((a->method != NULL) && (a->method->destroy != NULL))
- a->method->destroy(a);
- OPENSSL_free(a);
- return(1);
- }
-
-void BIO_vfree(BIO *a)
- { BIO_free(a); }
-
-void BIO_clear_flags(BIO *b, int flags)
- {
- b->flags &= ~flags;
- }
-
-int BIO_test_flags(const BIO *b, int flags)
- {
- return (b->flags & flags);
- }
-
-void BIO_set_flags(BIO *b, int flags)
- {
- b->flags |= flags;
- }
-
-long (*BIO_get_callback(const BIO *b))(struct bio_st *,int,const char *,int, long,long)
- {
- return b->callback;
- }
-
-void BIO_set_callback(BIO *b, long (*cb)(struct bio_st *,int,const char *,int, long,long))
- {
- b->callback = cb;
- }
-
-void BIO_set_callback_arg(BIO *b, char *arg)
- {
- b->cb_arg = arg;
- }
-
-char * BIO_get_callback_arg(const BIO *b)
- {
- return b->cb_arg;
- }
-
-const char * BIO_method_name(const BIO *b)
- {
- return b->method->name;
- }
-
-int BIO_method_type(const BIO *b)
- {
- return b->method->type;
- }
-
-
-int BIO_read(BIO *b, void *out, int outl)
- {
- int i;
- long (*cb)(BIO *,int,const char *,int,long,long);
-
- if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL))
- {
- BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD);
- return(-2);
- }
-
- cb=b->callback;
- if ((cb != NULL) &&
- ((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0))
- return(i);
-
- if (!b->init)
- {
- BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED);
- return(-2);
- }
-
- i=b->method->bread(b,out,outl);
-
- if (i > 0) b->num_read+=(unsigned long)i;
-
- if (cb != NULL)
- i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl,
- 0L,(long)i);
- return(i);
- }
-
-int BIO_write(BIO *b, const void *in, int inl)
- {
- int i;
- long (*cb)(BIO *,int,const char *,int,long,long);
-
- if (b == NULL)
- return(0);
-
- cb=b->callback;
- if ((b->method == NULL) || (b->method->bwrite == NULL))
- {
- BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD);
- return(-2);
- }
-
- if ((cb != NULL) &&
- ((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0))
- return(i);
-
- if (!b->init)
- {
- BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED);
- return(-2);
- }
-
- i=b->method->bwrite(b,in,inl);
-
- if (i > 0) b->num_write+=(unsigned long)i;
-
- if (cb != NULL)
- i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
- 0L,(long)i);
- return(i);
- }
-
-int BIO_puts(BIO *b, const char *in)
- {
- int i;
- long (*cb)(BIO *,int,const char *,int,long,long);
-
- if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL))
- {
- BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD);
- return(-2);
- }
-
- cb=b->callback;
-
- if ((cb != NULL) &&
- ((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0))
- return(i);
-
- if (!b->init)
- {
- BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED);
- return(-2);
- }
-
- i=b->method->bputs(b,in);
-
- if (i > 0) b->num_write+=(unsigned long)i;
-
- if (cb != NULL)
- i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
- 0L,(long)i);
- return(i);
- }
-
-int BIO_gets(BIO *b, char *in, int inl)
- {
- int i;
- long (*cb)(BIO *,int,const char *,int,long,long);
-
- if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL))
- {
- BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD);
- return(-2);
- }
-
- cb=b->callback;
-
- if ((cb != NULL) &&
- ((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0))
- return(i);
-
- if (!b->init)
- {
- BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED);
- return(-2);
- }
-
- i=b->method->bgets(b,in,inl);
-
- if (cb != NULL)
- i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl,
- 0L,(long)i);
- return(i);
- }
-
-int BIO_indent(BIO *b,int indent,int max)
- {
- if(indent < 0)
- indent=0;
- if(indent > max)
- indent=max;
- while(indent--)
- if(BIO_puts(b," ") != 1)
- return 0;
- return 1;
- }
-
-long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
- {
- int i;
-
- i=iarg;
- return(BIO_ctrl(b,cmd,larg,(char *)&i));
- }
-
-char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
- {
- char *p=NULL;
-
- if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0)
- return(NULL);
- else
- return(p);
- }
-
-long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
- {
- long ret;
- long (*cb)(BIO *,int,const char *,int,long,long);
-
- if (b == NULL) return(0);
-
- if ((b->method == NULL) || (b->method->ctrl == NULL))
- {
- BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
- return(-2);
- }
-
- cb=b->callback;
-
- if ((cb != NULL) &&
- ((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
- return(ret);
-
- ret=b->method->ctrl(b,cmd,larg,parg);
-
- if (cb != NULL)
- ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd,
- larg,ret);
- return(ret);
- }
-
-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long))
- {
- long ret;
- long (*cb)(BIO *,int,const char *,int,long,long);
-
- if (b == NULL) return(0);
-
- if ((b->method == NULL) || (b->method->callback_ctrl == NULL))
- {
- BIOerr(BIO_F_BIO_CALLBACK_CTRL,BIO_R_UNSUPPORTED_METHOD);
- return(-2);
- }
-
- cb=b->callback;
-
- if ((cb != NULL) &&
- ((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0))
- return(ret);
-
- ret=b->method->callback_ctrl(b,cmd,fp);
-
- if (cb != NULL)
- ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd,
- 0,ret);
- return(ret);
- }
-
-/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros
- * do; but those macros have inappropriate return type, and for interfacing
- * from other programming languages, C macros aren't much of a help anyway. */
-size_t BIO_ctrl_pending(BIO *bio)
- {
- return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
- }
-
-size_t BIO_ctrl_wpending(BIO *bio)
- {
- return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
- }
-
-
-/* put the 'bio' on the end of b's list of operators */
-BIO *BIO_push(BIO *b, BIO *bio)
- {
- BIO *lb;
-
- if (b == NULL) return(bio);
- lb=b;
- while (lb->next_bio != NULL)
- lb=lb->next_bio;
- lb->next_bio=bio;
- if (bio != NULL)
- bio->prev_bio=lb;
- /* called to do internal processing */
- BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);
- return(b);
- }
-
-/* Remove the first and return the rest */
-BIO *BIO_pop(BIO *b)
- {
- BIO *ret;
-
- if (b == NULL) return(NULL);
- ret=b->next_bio;
-
- BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
-
- if (b->prev_bio != NULL)
- b->prev_bio->next_bio=b->next_bio;
- if (b->next_bio != NULL)
- b->next_bio->prev_bio=b->prev_bio;
-
- b->next_bio=NULL;
- b->prev_bio=NULL;
- return(ret);
- }
-
-BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
- {
- BIO *b,*last;
-
- b=last=bio;
- for (;;)
- {
- if (!BIO_should_retry(b)) break;
- last=b;
- b=b->next_bio;
- if (b == NULL) break;
- }
- if (reason != NULL) *reason=last->retry_reason;
- return(last);
- }
-
-int BIO_get_retry_reason(BIO *bio)
- {
- return(bio->retry_reason);
- }
-
-BIO *BIO_find_type(BIO *bio, int type)
- {
- int mt,mask;
-
- if(!bio) return NULL;
- mask=type&0xff;
- do {
- if (bio->method != NULL)
- {
- mt=bio->method->type;
-
- if (!mask)
- {
- if (mt & type) return(bio);
- }
- else if (mt == type)
- return(bio);
- }
- bio=bio->next_bio;
- } while (bio != NULL);
- return(NULL);
- }
-
-BIO *BIO_next(BIO *b)
- {
- if(!b) return NULL;
- return b->next_bio;
- }
-
-void BIO_free_all(BIO *bio)
- {
- BIO *b;
- int ref;
-
- while (bio != NULL)
- {
- b=bio;
- ref=b->references;
- bio=bio->next_bio;
- BIO_free(b);
- /* Since ref count > 1, don't free anyone else. */
- if (ref > 1) break;
- }
- }
-
-BIO *BIO_dup_chain(BIO *in)
- {
- BIO *ret=NULL,*eoc=NULL,*bio,*new;
-
- for (bio=in; bio != NULL; bio=bio->next_bio)
- {
- if ((new=BIO_new(bio->method)) == NULL) goto err;
- new->callback=bio->callback;
- new->cb_arg=bio->cb_arg;
- new->init=bio->init;
- new->shutdown=bio->shutdown;
- new->flags=bio->flags;
-
- /* This will let SSL_s_sock() work with stdin/stdout */
- new->num=bio->num;
-
- if (!BIO_dup_state(bio,(char *)new))
- {
- BIO_free(new);
- goto err;
- }
-
- /* copy app data */
- if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
- &bio->ex_data))
- goto err;
-
- if (ret == NULL)
- {
- eoc=new;
- ret=eoc;
- }
- else
- {
- BIO_push(eoc,new);
- eoc=new;
- }
- }
- return(ret);
-err:
- if (ret != NULL)
- BIO_free(ret);
- return(NULL);
- }
-
-void BIO_copy_next_retry(BIO *b)
- {
- BIO_set_flags(b,BIO_get_retry_flags(b->next_bio));
- b->retry_reason=b->next_bio->retry_reason;
- }
-
-int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int BIO_set_ex_data(BIO *bio, int idx, void *data)
- {
- return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data));
- }
-
-void *BIO_get_ex_data(BIO *bio, int idx)
- {
- return(CRYPTO_get_ex_data(&(bio->ex_data),idx));
- }
-
-unsigned long BIO_number_read(BIO *bio)
-{
- if(bio) return bio->num_read;
- return 0;
-}
-
-unsigned long BIO_number_written(BIO *bio)
-{
- if(bio) return bio->num_write;
- return 0;
-}
-
-IMPLEMENT_STACK_OF(BIO)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bio_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bio_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,594 @@
+/* crypto/bio/bio_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/stack.h>
+
+BIO *BIO_new(BIO_METHOD *method)
+{
+ BIO *ret = NULL;
+
+ ret = (BIO *)OPENSSL_malloc(sizeof(BIO));
+ if (ret == NULL) {
+ BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ if (!BIO_set(ret, method)) {
+ OPENSSL_free(ret);
+ ret = NULL;
+ }
+ return (ret);
+}
+
+int BIO_set(BIO *bio, BIO_METHOD *method)
+{
+ bio->method = method;
+ bio->callback = NULL;
+ bio->cb_arg = NULL;
+ bio->init = 0;
+ bio->shutdown = 1;
+ bio->flags = 0;
+ bio->retry_reason = 0;
+ bio->num = 0;
+ bio->ptr = NULL;
+ bio->prev_bio = NULL;
+ bio->next_bio = NULL;
+ bio->references = 1;
+ bio->num_read = 0L;
+ bio->num_write = 0L;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+ if (method->create != NULL)
+ if (!method->create(bio)) {
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+ return (0);
+ }
+ return (1);
+}
+
+int BIO_free(BIO *a)
+{
+ int i;
+
+ if (a == NULL)
+ return (0);
+
+ i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO);
+#ifdef REF_PRINT
+ REF_PRINT("BIO", a);
+#endif
+ if (i > 0)
+ return (1);
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "BIO_free, bad reference count\n");
+ abort();
+ }
+#endif
+ if ((a->callback != NULL) &&
+ ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0))
+ return (i);
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
+
+ if ((a->method != NULL) && (a->method->destroy != NULL))
+ a->method->destroy(a);
+ OPENSSL_free(a);
+ return (1);
+}
+
+void BIO_vfree(BIO *a)
+{
+ BIO_free(a);
+}
+
+void BIO_clear_flags(BIO *b, int flags)
+{
+ b->flags &= ~flags;
+}
+
+int BIO_test_flags(const BIO *b, int flags)
+{
+ return (b->flags & flags);
+}
+
+void BIO_set_flags(BIO *b, int flags)
+{
+ b->flags |= flags;
+}
+
+long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
+ int, long, long) {
+ return b->callback;
+}
+
+void BIO_set_callback(BIO *b,
+ long (*cb) (struct bio_st *, int, const char *, int,
+ long, long))
+{
+ b->callback = cb;
+}
+
+void BIO_set_callback_arg(BIO *b, char *arg)
+{
+ b->cb_arg = arg;
+}
+
+char *BIO_get_callback_arg(const BIO *b)
+{
+ return b->cb_arg;
+}
+
+const char *BIO_method_name(const BIO *b)
+{
+ return b->method->name;
+}
+
+int BIO_method_type(const BIO *b)
+{
+ return b->method->type;
+}
+
+int BIO_read(BIO *b, void *out, int outl)
+{
+ int i;
+ long (*cb) (BIO *, int, const char *, int, long, long);
+
+ if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) {
+ BIOerr(BIO_F_BIO_READ, BIO_R_UNSUPPORTED_METHOD);
+ return (-2);
+ }
+
+ cb = b->callback;
+ if ((cb != NULL) &&
+ ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0))
+ return (i);
+
+ if (!b->init) {
+ BIOerr(BIO_F_BIO_READ, BIO_R_UNINITIALIZED);
+ return (-2);
+ }
+
+ i = b->method->bread(b, out, outl);
+
+ if (i > 0)
+ b->num_read += (unsigned long)i;
+
+ if (cb != NULL)
+ i = (int)cb(b, BIO_CB_READ | BIO_CB_RETURN, out, outl, 0L, (long)i);
+ return (i);
+}
+
+int BIO_write(BIO *b, const void *in, int inl)
+{
+ int i;
+ long (*cb) (BIO *, int, const char *, int, long, long);
+
+ if (b == NULL)
+ return (0);
+
+ cb = b->callback;
+ if ((b->method == NULL) || (b->method->bwrite == NULL)) {
+ BIOerr(BIO_F_BIO_WRITE, BIO_R_UNSUPPORTED_METHOD);
+ return (-2);
+ }
+
+ if ((cb != NULL) &&
+ ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0))
+ return (i);
+
+ if (!b->init) {
+ BIOerr(BIO_F_BIO_WRITE, BIO_R_UNINITIALIZED);
+ return (-2);
+ }
+
+ i = b->method->bwrite(b, in, inl);
+
+ if (i > 0)
+ b->num_write += (unsigned long)i;
+
+ if (cb != NULL)
+ i = (int)cb(b, BIO_CB_WRITE | BIO_CB_RETURN, in, inl, 0L, (long)i);
+ return (i);
+}
+
+int BIO_puts(BIO *b, const char *in)
+{
+ int i;
+ long (*cb) (BIO *, int, const char *, int, long, long);
+
+ if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) {
+ BIOerr(BIO_F_BIO_PUTS, BIO_R_UNSUPPORTED_METHOD);
+ return (-2);
+ }
+
+ cb = b->callback;
+
+ if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0))
+ return (i);
+
+ if (!b->init) {
+ BIOerr(BIO_F_BIO_PUTS, BIO_R_UNINITIALIZED);
+ return (-2);
+ }
+
+ i = b->method->bputs(b, in);
+
+ if (i > 0)
+ b->num_write += (unsigned long)i;
+
+ if (cb != NULL)
+ i = (int)cb(b, BIO_CB_PUTS | BIO_CB_RETURN, in, 0, 0L, (long)i);
+ return (i);
+}
+
+int BIO_gets(BIO *b, char *in, int inl)
+{
+ int i;
+ long (*cb) (BIO *, int, const char *, int, long, long);
+
+ if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) {
+ BIOerr(BIO_F_BIO_GETS, BIO_R_UNSUPPORTED_METHOD);
+ return (-2);
+ }
+
+ cb = b->callback;
+
+ if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0))
+ return (i);
+
+ if (!b->init) {
+ BIOerr(BIO_F_BIO_GETS, BIO_R_UNINITIALIZED);
+ return (-2);
+ }
+
+ i = b->method->bgets(b, in, inl);
+
+ if (cb != NULL)
+ i = (int)cb(b, BIO_CB_GETS | BIO_CB_RETURN, in, inl, 0L, (long)i);
+ return (i);
+}
+
+int BIO_indent(BIO *b, int indent, int max)
+{
+ if (indent < 0)
+ indent = 0;
+ if (indent > max)
+ indent = max;
+ while (indent--)
+ if (BIO_puts(b, " ") != 1)
+ return 0;
+ return 1;
+}
+
+long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
+{
+ int i;
+
+ i = iarg;
+ return (BIO_ctrl(b, cmd, larg, (char *)&i));
+}
+
+char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
+{
+ char *p = NULL;
+
+ if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0)
+ return (NULL);
+ else
+ return (p);
+}
+
+long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
+{
+ long ret;
+ long (*cb) (BIO *, int, const char *, int, long, long);
+
+ if (b == NULL)
+ return (0);
+
+ if ((b->method == NULL) || (b->method->ctrl == NULL)) {
+ BIOerr(BIO_F_BIO_CTRL, BIO_R_UNSUPPORTED_METHOD);
+ return (-2);
+ }
+
+ cb = b->callback;
+
+ if ((cb != NULL) &&
+ ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0))
+ return (ret);
+
+ ret = b->method->ctrl(b, cmd, larg, parg);
+
+ if (cb != NULL)
+ ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, cmd, larg, ret);
+ return (ret);
+}
+
+long BIO_callback_ctrl(BIO *b, int cmd,
+ void (*fp) (struct bio_st *, int, const char *, int,
+ long, long))
+{
+ long ret;
+ long (*cb) (BIO *, int, const char *, int, long, long);
+
+ if (b == NULL)
+ return (0);
+
+ if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) {
+ BIOerr(BIO_F_BIO_CALLBACK_CTRL, BIO_R_UNSUPPORTED_METHOD);
+ return (-2);
+ }
+
+ cb = b->callback;
+
+ if ((cb != NULL) &&
+ ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0))
+ return (ret);
+
+ ret = b->method->callback_ctrl(b, cmd, fp);
+
+ if (cb != NULL)
+ ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, cmd, 0, ret);
+ return (ret);
+}
+
+/*
+ * It is unfortunate to duplicate in functions what the BIO_(w)pending macros
+ * do; but those macros have inappropriate return type, and for interfacing
+ * from other programming languages, C macros aren't much of a help anyway.
+ */
+size_t BIO_ctrl_pending(BIO *bio)
+{
+ return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
+}
+
+size_t BIO_ctrl_wpending(BIO *bio)
+{
+ return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
+}
+
+/* put the 'bio' on the end of b's list of operators */
+BIO *BIO_push(BIO *b, BIO *bio)
+{
+ BIO *lb;
+
+ if (b == NULL)
+ return (bio);
+ lb = b;
+ while (lb->next_bio != NULL)
+ lb = lb->next_bio;
+ lb->next_bio = bio;
+ if (bio != NULL)
+ bio->prev_bio = lb;
+ /* called to do internal processing */
+ BIO_ctrl(b, BIO_CTRL_PUSH, 0, NULL);
+ return (b);
+}
+
+/* Remove the first and return the rest */
+BIO *BIO_pop(BIO *b)
+{
+ BIO *ret;
+
+ if (b == NULL)
+ return (NULL);
+ ret = b->next_bio;
+
+ BIO_ctrl(b, BIO_CTRL_POP, 0, NULL);
+
+ if (b->prev_bio != NULL)
+ b->prev_bio->next_bio = b->next_bio;
+ if (b->next_bio != NULL)
+ b->next_bio->prev_bio = b->prev_bio;
+
+ b->next_bio = NULL;
+ b->prev_bio = NULL;
+ return (ret);
+}
+
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
+{
+ BIO *b, *last;
+
+ b = last = bio;
+ for (;;) {
+ if (!BIO_should_retry(b))
+ break;
+ last = b;
+ b = b->next_bio;
+ if (b == NULL)
+ break;
+ }
+ if (reason != NULL)
+ *reason = last->retry_reason;
+ return (last);
+}
+
+int BIO_get_retry_reason(BIO *bio)
+{
+ return (bio->retry_reason);
+}
+
+BIO *BIO_find_type(BIO *bio, int type)
+{
+ int mt, mask;
+
+ if (!bio)
+ return NULL;
+ mask = type & 0xff;
+ do {
+ if (bio->method != NULL) {
+ mt = bio->method->type;
+
+ if (!mask) {
+ if (mt & type)
+ return (bio);
+ } else if (mt == type)
+ return (bio);
+ }
+ bio = bio->next_bio;
+ } while (bio != NULL);
+ return (NULL);
+}
+
+BIO *BIO_next(BIO *b)
+{
+ if (!b)
+ return NULL;
+ return b->next_bio;
+}
+
+void BIO_free_all(BIO *bio)
+{
+ BIO *b;
+ int ref;
+
+ while (bio != NULL) {
+ b = bio;
+ ref = b->references;
+ bio = bio->next_bio;
+ BIO_free(b);
+ /* Since ref count > 1, don't free anyone else. */
+ if (ref > 1)
+ break;
+ }
+}
+
+BIO *BIO_dup_chain(BIO *in)
+{
+ BIO *ret = NULL, *eoc = NULL, *bio, *new;
+
+ for (bio = in; bio != NULL; bio = bio->next_bio) {
+ if ((new = BIO_new(bio->method)) == NULL)
+ goto err;
+ new->callback = bio->callback;
+ new->cb_arg = bio->cb_arg;
+ new->init = bio->init;
+ new->shutdown = bio->shutdown;
+ new->flags = bio->flags;
+
+ /* This will let SSL_s_sock() work with stdin/stdout */
+ new->num = bio->num;
+
+ if (!BIO_dup_state(bio, (char *)new)) {
+ BIO_free(new);
+ goto err;
+ }
+
+ /* copy app data */
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
+ &bio->ex_data))
+ goto err;
+
+ if (ret == NULL) {
+ eoc = new;
+ ret = eoc;
+ } else {
+ BIO_push(eoc, new);
+ eoc = new;
+ }
+ }
+ return (ret);
+ err:
+ if (ret != NULL)
+ BIO_free(ret);
+ return (NULL);
+}
+
+void BIO_copy_next_retry(BIO *b)
+{
+ BIO_set_flags(b, BIO_get_retry_flags(b->next_bio));
+ b->retry_reason = b->next_bio->retry_reason;
+}
+
+int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int BIO_set_ex_data(BIO *bio, int idx, void *data)
+{
+ return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data));
+}
+
+void *BIO_get_ex_data(BIO *bio, int idx)
+{
+ return (CRYPTO_get_ex_data(&(bio->ex_data), idx));
+}
+
+unsigned long BIO_number_read(BIO *bio)
+{
+ if (bio)
+ return bio->num_read;
+ return 0;
+}
+
+unsigned long BIO_number_written(BIO *bio)
+{
+ if (bio)
+ return bio->num_write;
+ return 0;
+}
+
+IMPLEMENT_STACK_OF(BIO)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_acpt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_acpt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,478 +0,0 @@
-/* crypto/bio/bss_acpt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-#ifndef OPENSSL_NO_SOCK
-
-#ifdef OPENSSL_SYS_WIN16
-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-#else
-#define SOCKET_PROTOCOL IPPROTO_TCP
-#endif
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-
-typedef struct bio_accept_st
- {
- int state;
- char *param_addr;
-
- int accept_sock;
- int accept_nbio;
-
- char *addr;
- int nbio;
- /* If 0, it means normal, if 1, do a connect on bind failure,
- * and if there is no-one listening, bind with SO_REUSEADDR.
- * If 2, always use SO_REUSEADDR. */
- int bind_mode;
- BIO *bio_chain;
- } BIO_ACCEPT;
-
-static int acpt_write(BIO *h, const char *buf, int num);
-static int acpt_read(BIO *h, char *buf, int size);
-static int acpt_puts(BIO *h, const char *str);
-static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int acpt_new(BIO *h);
-static int acpt_free(BIO *data);
-static int acpt_state(BIO *b, BIO_ACCEPT *c);
-static void acpt_close_socket(BIO *data);
-BIO_ACCEPT *BIO_ACCEPT_new(void );
-void BIO_ACCEPT_free(BIO_ACCEPT *a);
-
-#define ACPT_S_BEFORE 1
-#define ACPT_S_GET_ACCEPT_SOCKET 2
-#define ACPT_S_OK 3
-
-static BIO_METHOD methods_acceptp=
- {
- BIO_TYPE_ACCEPT,
- "socket accept",
- acpt_write,
- acpt_read,
- acpt_puts,
- NULL, /* connect_gets, */
- acpt_ctrl,
- acpt_new,
- acpt_free,
- NULL,
- };
-
-BIO_METHOD *BIO_s_accept(void)
- {
- return(&methods_acceptp);
- }
-
-static int acpt_new(BIO *bi)
- {
- BIO_ACCEPT *ba;
-
- bi->init=0;
- bi->num=INVALID_SOCKET;
- bi->flags=0;
- if ((ba=BIO_ACCEPT_new()) == NULL)
- return(0);
- bi->ptr=(char *)ba;
- ba->state=ACPT_S_BEFORE;
- bi->shutdown=1;
- return(1);
- }
-
-BIO_ACCEPT *BIO_ACCEPT_new(void)
- {
- BIO_ACCEPT *ret;
-
- if ((ret=(BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL)
- return(NULL);
-
- memset(ret,0,sizeof(BIO_ACCEPT));
- ret->accept_sock=INVALID_SOCKET;
- ret->bind_mode=BIO_BIND_NORMAL;
- return(ret);
- }
-
-void BIO_ACCEPT_free(BIO_ACCEPT *a)
- {
- if(a == NULL)
- return;
-
- if (a->param_addr != NULL) OPENSSL_free(a->param_addr);
- if (a->addr != NULL) OPENSSL_free(a->addr);
- if (a->bio_chain != NULL) BIO_free(a->bio_chain);
- OPENSSL_free(a);
- }
-
-static void acpt_close_socket(BIO *bio)
- {
- BIO_ACCEPT *c;
-
- c=(BIO_ACCEPT *)bio->ptr;
- if (c->accept_sock != INVALID_SOCKET)
- {
- shutdown(c->accept_sock,2);
- closesocket(c->accept_sock);
- c->accept_sock=INVALID_SOCKET;
- bio->num=INVALID_SOCKET;
- }
- }
-
-static int acpt_free(BIO *a)
- {
- BIO_ACCEPT *data;
-
- if (a == NULL) return(0);
- data=(BIO_ACCEPT *)a->ptr;
-
- if (a->shutdown)
- {
- acpt_close_socket(a);
- BIO_ACCEPT_free(data);
- a->ptr=NULL;
- a->flags=0;
- a->init=0;
- }
- return(1);
- }
-
-static int acpt_state(BIO *b, BIO_ACCEPT *c)
- {
- BIO *bio=NULL,*dbio;
- int s= -1;
- int i;
-
-again:
- switch (c->state)
- {
- case ACPT_S_BEFORE:
- if (c->param_addr == NULL)
- {
- BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED);
- return(-1);
- }
- s=BIO_get_accept_socket(c->param_addr,c->bind_mode);
- if (s == INVALID_SOCKET)
- return(-1);
-
- if (c->accept_nbio)
- {
- if (!BIO_socket_nbio(s,1))
- {
- closesocket(s);
- BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
- return(-1);
- }
- }
- c->accept_sock=s;
- b->num=s;
- c->state=ACPT_S_GET_ACCEPT_SOCKET;
- return(1);
- /* break; */
- case ACPT_S_GET_ACCEPT_SOCKET:
- if (b->next_bio != NULL)
- {
- c->state=ACPT_S_OK;
- goto again;
- }
- BIO_clear_retry_flags(b);
- b->retry_reason=0;
- i=BIO_accept(c->accept_sock,&(c->addr));
-
- /* -2 return means we should retry */
- if(i == -2)
- {
- BIO_set_retry_special(b);
- b->retry_reason=BIO_RR_ACCEPT;
- return -1;
- }
-
- if (i < 0) return(i);
-
- bio=BIO_new_socket(i,BIO_CLOSE);
- if (bio == NULL) goto err;
-
- BIO_set_callback(bio,BIO_get_callback(b));
- BIO_set_callback_arg(bio,BIO_get_callback_arg(b));
-
- if (c->nbio)
- {
- if (!BIO_socket_nbio(i,1))
- {
- BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
- goto err;
- }
- }
-
- /* If the accept BIO has an bio_chain, we dup it and
- * put the new socket at the end. */
- if (c->bio_chain != NULL)
- {
- if ((dbio=BIO_dup_chain(c->bio_chain)) == NULL)
- goto err;
- if (!BIO_push(dbio,bio)) goto err;
- bio=dbio;
- }
- if (BIO_push(b,bio) == NULL) goto err;
-
- c->state=ACPT_S_OK;
- return(1);
-err:
- if (bio != NULL)
- BIO_free(bio);
- else if (s >= 0)
- closesocket(s);
- return(0);
- /* break; */
- case ACPT_S_OK:
- if (b->next_bio == NULL)
- {
- c->state=ACPT_S_GET_ACCEPT_SOCKET;
- goto again;
- }
- return(1);
- /* break; */
- default:
- return(0);
- /* break; */
- }
-
- }
-
-static int acpt_read(BIO *b, char *out, int outl)
- {
- int ret=0;
- BIO_ACCEPT *data;
-
- BIO_clear_retry_flags(b);
- data=(BIO_ACCEPT *)b->ptr;
-
- while (b->next_bio == NULL)
- {
- ret=acpt_state(b,data);
- if (ret <= 0) return(ret);
- }
-
- ret=BIO_read(b->next_bio,out,outl);
- BIO_copy_next_retry(b);
- return(ret);
- }
-
-static int acpt_write(BIO *b, const char *in, int inl)
- {
- int ret;
- BIO_ACCEPT *data;
-
- BIO_clear_retry_flags(b);
- data=(BIO_ACCEPT *)b->ptr;
-
- while (b->next_bio == NULL)
- {
- ret=acpt_state(b,data);
- if (ret <= 0) return(ret);
- }
-
- ret=BIO_write(b->next_bio,in,inl);
- BIO_copy_next_retry(b);
- return(ret);
- }
-
-static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- int *ip;
- long ret=1;
- BIO_ACCEPT *data;
- char **pp;
-
- data=(BIO_ACCEPT *)b->ptr;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- ret=0;
- data->state=ACPT_S_BEFORE;
- acpt_close_socket(b);
- b->flags=0;
- break;
- case BIO_C_DO_STATE_MACHINE:
- /* use this one to start the connection */
- ret=(long)acpt_state(b,data);
- break;
- case BIO_C_SET_ACCEPT:
- if (ptr != NULL)
- {
- if (num == 0)
- {
- b->init=1;
- if (data->param_addr != NULL)
- OPENSSL_free(data->param_addr);
- data->param_addr=BUF_strdup(ptr);
- }
- else if (num == 1)
- {
- data->accept_nbio=(ptr != NULL);
- }
- else if (num == 2)
- {
- if (data->bio_chain != NULL)
- BIO_free(data->bio_chain);
- data->bio_chain=(BIO *)ptr;
- }
- }
- break;
- case BIO_C_SET_NBIO:
- data->nbio=(int)num;
- break;
- case BIO_C_SET_FD:
- b->init=1;
- b->num= *((int *)ptr);
- data->accept_sock=b->num;
- data->state=ACPT_S_GET_ACCEPT_SOCKET;
- b->shutdown=(int)num;
- b->init=1;
- break;
- case BIO_C_GET_FD:
- if (b->init)
- {
- ip=(int *)ptr;
- if (ip != NULL)
- *ip=data->accept_sock;
- ret=data->accept_sock;
- }
- else
- ret= -1;
- break;
- case BIO_C_GET_ACCEPT:
- if (b->init)
- {
- if (ptr != NULL)
- {
- pp=(char **)ptr;
- *pp=data->param_addr;
- }
- else
- ret= -1;
- }
- else
- ret= -1;
- break;
- case BIO_CTRL_GET_CLOSE:
- ret=b->shutdown;
- break;
- case BIO_CTRL_SET_CLOSE:
- b->shutdown=(int)num;
- break;
- case BIO_CTRL_PENDING:
- case BIO_CTRL_WPENDING:
- ret=0;
- break;
- case BIO_CTRL_FLUSH:
- break;
- case BIO_C_SET_BIND_MODE:
- data->bind_mode=(int)num;
- break;
- case BIO_C_GET_BIND_MODE:
- ret=(long)data->bind_mode;
- break;
- case BIO_CTRL_DUP:
-/* dbio=(BIO *)ptr;
- if (data->param_port) EAY EAY
- BIO_set_port(dbio,data->param_port);
- if (data->param_hostname)
- BIO_set_hostname(dbio,data->param_hostname);
- BIO_set_nbio(dbio,data->nbio); */
- break;
-
- default:
- ret=0;
- break;
- }
- return(ret);
- }
-
-static int acpt_puts(BIO *bp, const char *str)
- {
- int n,ret;
-
- n=strlen(str);
- ret=acpt_write(bp,str,n);
- return(ret);
- }
-
-BIO *BIO_new_accept(char *str)
- {
- BIO *ret;
-
- ret=BIO_new(BIO_s_accept());
- if (ret == NULL) return(NULL);
- if (BIO_set_accept_port(ret,str))
- return(ret);
- else
- {
- BIO_free(ret);
- return(NULL);
- }
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_acpt.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bss_acpt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_acpt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_acpt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,463 @@
+/* crypto/bio/bss_acpt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+# ifdef OPENSSL_SYS_WIN16
+# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+# else
+# define SOCKET_PROTOCOL IPPROTO_TCP
+# endif
+
+# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+# undef FIONBIO
+# endif
+
+typedef struct bio_accept_st {
+ int state;
+ char *param_addr;
+ int accept_sock;
+ int accept_nbio;
+ char *addr;
+ int nbio;
+ /*
+ * If 0, it means normal, if 1, do a connect on bind failure, and if
+ * there is no-one listening, bind with SO_REUSEADDR. If 2, always use
+ * SO_REUSEADDR.
+ */
+ int bind_mode;
+ BIO *bio_chain;
+} BIO_ACCEPT;
+
+static int acpt_write(BIO *h, const char *buf, int num);
+static int acpt_read(BIO *h, char *buf, int size);
+static int acpt_puts(BIO *h, const char *str);
+static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int acpt_new(BIO *h);
+static int acpt_free(BIO *data);
+static int acpt_state(BIO *b, BIO_ACCEPT *c);
+static void acpt_close_socket(BIO *data);
+BIO_ACCEPT *BIO_ACCEPT_new(void);
+void BIO_ACCEPT_free(BIO_ACCEPT *a);
+
+# define ACPT_S_BEFORE 1
+# define ACPT_S_GET_ACCEPT_SOCKET 2
+# define ACPT_S_OK 3
+
+static BIO_METHOD methods_acceptp = {
+ BIO_TYPE_ACCEPT,
+ "socket accept",
+ acpt_write,
+ acpt_read,
+ acpt_puts,
+ NULL, /* connect_gets, */
+ acpt_ctrl,
+ acpt_new,
+ acpt_free,
+ NULL,
+};
+
+BIO_METHOD *BIO_s_accept(void)
+{
+ return (&methods_acceptp);
+}
+
+static int acpt_new(BIO *bi)
+{
+ BIO_ACCEPT *ba;
+
+ bi->init = 0;
+ bi->num = INVALID_SOCKET;
+ bi->flags = 0;
+ if ((ba = BIO_ACCEPT_new()) == NULL)
+ return (0);
+ bi->ptr = (char *)ba;
+ ba->state = ACPT_S_BEFORE;
+ bi->shutdown = 1;
+ return (1);
+}
+
+BIO_ACCEPT *BIO_ACCEPT_new(void)
+{
+ BIO_ACCEPT *ret;
+
+ if ((ret = (BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL)
+ return (NULL);
+
+ memset(ret, 0, sizeof(BIO_ACCEPT));
+ ret->accept_sock = INVALID_SOCKET;
+ ret->bind_mode = BIO_BIND_NORMAL;
+ return (ret);
+}
+
+void BIO_ACCEPT_free(BIO_ACCEPT *a)
+{
+ if (a == NULL)
+ return;
+
+ if (a->param_addr != NULL)
+ OPENSSL_free(a->param_addr);
+ if (a->addr != NULL)
+ OPENSSL_free(a->addr);
+ if (a->bio_chain != NULL)
+ BIO_free(a->bio_chain);
+ OPENSSL_free(a);
+}
+
+static void acpt_close_socket(BIO *bio)
+{
+ BIO_ACCEPT *c;
+
+ c = (BIO_ACCEPT *)bio->ptr;
+ if (c->accept_sock != INVALID_SOCKET) {
+ shutdown(c->accept_sock, 2);
+ closesocket(c->accept_sock);
+ c->accept_sock = INVALID_SOCKET;
+ bio->num = INVALID_SOCKET;
+ }
+}
+
+static int acpt_free(BIO *a)
+{
+ BIO_ACCEPT *data;
+
+ if (a == NULL)
+ return (0);
+ data = (BIO_ACCEPT *)a->ptr;
+
+ if (a->shutdown) {
+ acpt_close_socket(a);
+ BIO_ACCEPT_free(data);
+ a->ptr = NULL;
+ a->flags = 0;
+ a->init = 0;
+ }
+ return (1);
+}
+
+static int acpt_state(BIO *b, BIO_ACCEPT *c)
+{
+ BIO *bio = NULL, *dbio;
+ int s = -1;
+ int i;
+
+ again:
+ switch (c->state) {
+ case ACPT_S_BEFORE:
+ if (c->param_addr == NULL) {
+ BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_PORT_SPECIFIED);
+ return (-1);
+ }
+ s = BIO_get_accept_socket(c->param_addr, c->bind_mode);
+ if (s == INVALID_SOCKET)
+ return (-1);
+
+ if (c->accept_nbio) {
+ if (!BIO_socket_nbio(s, 1)) {
+ closesocket(s);
+ BIOerr(BIO_F_ACPT_STATE,
+ BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET);
+ return (-1);
+ }
+ }
+ c->accept_sock = s;
+ b->num = s;
+ c->state = ACPT_S_GET_ACCEPT_SOCKET;
+ return (1);
+ /* break; */
+ case ACPT_S_GET_ACCEPT_SOCKET:
+ if (b->next_bio != NULL) {
+ c->state = ACPT_S_OK;
+ goto again;
+ }
+ BIO_clear_retry_flags(b);
+ b->retry_reason = 0;
+ i = BIO_accept(c->accept_sock, &(c->addr));
+
+ /* -2 return means we should retry */
+ if (i == -2) {
+ BIO_set_retry_special(b);
+ b->retry_reason = BIO_RR_ACCEPT;
+ return -1;
+ }
+
+ if (i < 0)
+ return (i);
+
+ bio = BIO_new_socket(i, BIO_CLOSE);
+ if (bio == NULL)
+ goto err;
+
+ BIO_set_callback(bio, BIO_get_callback(b));
+ BIO_set_callback_arg(bio, BIO_get_callback_arg(b));
+
+ if (c->nbio) {
+ if (!BIO_socket_nbio(i, 1)) {
+ BIOerr(BIO_F_ACPT_STATE,
+ BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET);
+ goto err;
+ }
+ }
+
+ /*
+ * If the accept BIO has an bio_chain, we dup it and put the new
+ * socket at the end.
+ */
+ if (c->bio_chain != NULL) {
+ if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL)
+ goto err;
+ if (!BIO_push(dbio, bio))
+ goto err;
+ bio = dbio;
+ }
+ if (BIO_push(b, bio) == NULL)
+ goto err;
+
+ c->state = ACPT_S_OK;
+ return (1);
+ err:
+ if (bio != NULL)
+ BIO_free(bio);
+ else if (s >= 0)
+ closesocket(s);
+ return (0);
+ /* break; */
+ case ACPT_S_OK:
+ if (b->next_bio == NULL) {
+ c->state = ACPT_S_GET_ACCEPT_SOCKET;
+ goto again;
+ }
+ return (1);
+ /* break; */
+ default:
+ return (0);
+ /* break; */
+ }
+
+}
+
+static int acpt_read(BIO *b, char *out, int outl)
+{
+ int ret = 0;
+ BIO_ACCEPT *data;
+
+ BIO_clear_retry_flags(b);
+ data = (BIO_ACCEPT *)b->ptr;
+
+ while (b->next_bio == NULL) {
+ ret = acpt_state(b, data);
+ if (ret <= 0)
+ return (ret);
+ }
+
+ ret = BIO_read(b->next_bio, out, outl);
+ BIO_copy_next_retry(b);
+ return (ret);
+}
+
+static int acpt_write(BIO *b, const char *in, int inl)
+{
+ int ret;
+ BIO_ACCEPT *data;
+
+ BIO_clear_retry_flags(b);
+ data = (BIO_ACCEPT *)b->ptr;
+
+ while (b->next_bio == NULL) {
+ ret = acpt_state(b, data);
+ if (ret <= 0)
+ return (ret);
+ }
+
+ ret = BIO_write(b->next_bio, in, inl);
+ BIO_copy_next_retry(b);
+ return (ret);
+}
+
+static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ int *ip;
+ long ret = 1;
+ BIO_ACCEPT *data;
+ char **pp;
+
+ data = (BIO_ACCEPT *)b->ptr;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ ret = 0;
+ data->state = ACPT_S_BEFORE;
+ acpt_close_socket(b);
+ b->flags = 0;
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+ /* use this one to start the connection */
+ ret = (long)acpt_state(b, data);
+ break;
+ case BIO_C_SET_ACCEPT:
+ if (ptr != NULL) {
+ if (num == 0) {
+ b->init = 1;
+ if (data->param_addr != NULL)
+ OPENSSL_free(data->param_addr);
+ data->param_addr = BUF_strdup(ptr);
+ } else if (num == 1) {
+ data->accept_nbio = (ptr != NULL);
+ } else if (num == 2) {
+ if (data->bio_chain != NULL)
+ BIO_free(data->bio_chain);
+ data->bio_chain = (BIO *)ptr;
+ }
+ }
+ break;
+ case BIO_C_SET_NBIO:
+ data->nbio = (int)num;
+ break;
+ case BIO_C_SET_FD:
+ b->init = 1;
+ b->num = *((int *)ptr);
+ data->accept_sock = b->num;
+ data->state = ACPT_S_GET_ACCEPT_SOCKET;
+ b->shutdown = (int)num;
+ b->init = 1;
+ break;
+ case BIO_C_GET_FD:
+ if (b->init) {
+ ip = (int *)ptr;
+ if (ip != NULL)
+ *ip = data->accept_sock;
+ ret = data->accept_sock;
+ } else
+ ret = -1;
+ break;
+ case BIO_C_GET_ACCEPT:
+ if (b->init) {
+ if (ptr != NULL) {
+ pp = (char **)ptr;
+ *pp = data->param_addr;
+ } else
+ ret = -1;
+ } else
+ ret = -1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret = b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown = (int)num;
+ break;
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_WPENDING:
+ ret = 0;
+ break;
+ case BIO_CTRL_FLUSH:
+ break;
+ case BIO_C_SET_BIND_MODE:
+ data->bind_mode = (int)num;
+ break;
+ case BIO_C_GET_BIND_MODE:
+ ret = (long)data->bind_mode;
+ break;
+ case BIO_CTRL_DUP:
+/*- dbio=(BIO *)ptr;
+ if (data->param_port) EAY EAY
+ BIO_set_port(dbio,data->param_port);
+ if (data->param_hostname)
+ BIO_set_hostname(dbio,data->param_hostname);
+ BIO_set_nbio(dbio,data->nbio); */
+ break;
+
+ default:
+ ret = 0;
+ break;
+ }
+ return (ret);
+}
+
+static int acpt_puts(BIO *bp, const char *str)
+{
+ int n, ret;
+
+ n = strlen(str);
+ ret = acpt_write(bp, str, n);
+ return (ret);
+}
+
+BIO *BIO_new_accept(char *str)
+{
+ BIO *ret;
+
+ ret = BIO_new(BIO_s_accept());
+ if (ret == NULL)
+ return (NULL);
+ if (BIO_set_accept_port(ret, str))
+ return (ret);
+ else {
+ BIO_free(ret);
+ return (NULL);
+ }
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_bio.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_bio.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_bio.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,924 +0,0 @@
-/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* Special method for a BIO where the other endpoint is also a BIO
- * of this kind, handled by the same thread (i.e. the "peer" is actually
- * ourselves, wearing a different hat).
- * Such "BIO pairs" are mainly for using the SSL library with I/O interfaces
- * for which no specific BIO method is available.
- * See ssl/ssltest.c for some hints on how this can be used. */
-
-/* BIO_DEBUG implies BIO_PAIR_DEBUG */
-#ifdef BIO_DEBUG
-# ifndef BIO_PAIR_DEBUG
-# define BIO_PAIR_DEBUG
-# endif
-#endif
-
-/* disable assert() unless BIO_PAIR_DEBUG has been defined */
-#ifndef BIO_PAIR_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-
-#include <assert.h>
-#include <limits.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/crypto.h>
-
-#include "e_os.h"
-
-/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */
-#if defined(OPENSSL_SYS_VXWORKS)
-# undef SSIZE_MAX
-#endif
-#ifndef SSIZE_MAX
-# define SSIZE_MAX INT_MAX
-#endif
-
-static int bio_new(BIO *bio);
-static int bio_free(BIO *bio);
-static int bio_read(BIO *bio, char *buf, int size);
-static int bio_write(BIO *bio, const char *buf, int num);
-static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
-static int bio_puts(BIO *bio, const char *str);
-
-static int bio_make_pair(BIO *bio1, BIO *bio2);
-static void bio_destroy_pair(BIO *bio);
-
-static BIO_METHOD methods_biop =
-{
- BIO_TYPE_BIO,
- "BIO pair",
- bio_write,
- bio_read,
- bio_puts,
- NULL /* no bio_gets */,
- bio_ctrl,
- bio_new,
- bio_free,
- NULL /* no bio_callback_ctrl */
-};
-
-BIO_METHOD *BIO_s_bio(void)
- {
- return &methods_biop;
- }
-
-struct bio_bio_st
-{
- BIO *peer; /* NULL if buf == NULL.
- * If peer != NULL, then peer->ptr is also a bio_bio_st,
- * and its "peer" member points back to us.
- * peer != NULL iff init != 0 in the BIO. */
-
- /* This is for what we write (i.e. reading uses peer's struct): */
- int closed; /* valid iff peer != NULL */
- size_t len; /* valid iff buf != NULL; 0 if peer == NULL */
- size_t offset; /* valid iff buf != NULL; 0 if len == 0 */
- size_t size;
- char *buf; /* "size" elements (if != NULL) */
-
- size_t request; /* valid iff peer != NULL; 0 if len != 0,
- * otherwise set by peer to number of bytes
- * it (unsuccessfully) tried to read,
- * never more than buffer space (size-len) warrants. */
-};
-
-static int bio_new(BIO *bio)
- {
- struct bio_bio_st *b;
-
- b = OPENSSL_malloc(sizeof *b);
- if (b == NULL)
- return 0;
-
- b->peer = NULL;
- b->size = 17*1024; /* enough for one TLS record (just a default) */
- b->buf = NULL;
-
- bio->ptr = b;
- return 1;
- }
-
-
-static int bio_free(BIO *bio)
- {
- struct bio_bio_st *b;
-
- if (bio == NULL)
- return 0;
- b = bio->ptr;
-
- assert(b != NULL);
-
- if (b->peer)
- bio_destroy_pair(bio);
-
- if (b->buf != NULL)
- {
- OPENSSL_free(b->buf);
- }
-
- OPENSSL_free(b);
-
- return 1;
- }
-
-
-
-static int bio_read(BIO *bio, char *buf, int size_)
- {
- size_t size = size_;
- size_t rest;
- struct bio_bio_st *b, *peer_b;
-
- BIO_clear_retry_flags(bio);
-
- if (!bio->init)
- return 0;
-
- b = bio->ptr;
- assert(b != NULL);
- assert(b->peer != NULL);
- peer_b = b->peer->ptr;
- assert(peer_b != NULL);
- assert(peer_b->buf != NULL);
-
- peer_b->request = 0; /* will be set in "retry_read" situation */
-
- if (buf == NULL || size == 0)
- return 0;
-
- if (peer_b->len == 0)
- {
- if (peer_b->closed)
- return 0; /* writer has closed, and no data is left */
- else
- {
- BIO_set_retry_read(bio); /* buffer is empty */
- if (size <= peer_b->size)
- peer_b->request = size;
- else
- /* don't ask for more than the peer can
- * deliver in one write */
- peer_b->request = peer_b->size;
- return -1;
- }
- }
-
- /* we can read */
- if (peer_b->len < size)
- size = peer_b->len;
-
- /* now read "size" bytes */
-
- rest = size;
-
- assert(rest > 0);
- do /* one or two iterations */
- {
- size_t chunk;
-
- assert(rest <= peer_b->len);
- if (peer_b->offset + rest <= peer_b->size)
- chunk = rest;
- else
- /* wrap around ring buffer */
- chunk = peer_b->size - peer_b->offset;
- assert(peer_b->offset + chunk <= peer_b->size);
-
- memcpy(buf, peer_b->buf + peer_b->offset, chunk);
-
- peer_b->len -= chunk;
- if (peer_b->len)
- {
- peer_b->offset += chunk;
- assert(peer_b->offset <= peer_b->size);
- if (peer_b->offset == peer_b->size)
- peer_b->offset = 0;
- buf += chunk;
- }
- else
- {
- /* buffer now empty, no need to advance "buf" */
- assert(chunk == rest);
- peer_b->offset = 0;
- }
- rest -= chunk;
- }
- while (rest);
-
- return size;
- }
-
-/* non-copying interface: provide pointer to available data in buffer
- * bio_nread0: return number of available bytes
- * bio_nread: also advance index
- * (example usage: bio_nread0(), read from buffer, bio_nread()
- * or just bio_nread(), read from buffer)
- */
-/* WARNING: The non-copying interface is largely untested as of yet
- * and may contain bugs. */
-static ssize_t bio_nread0(BIO *bio, char **buf)
- {
- struct bio_bio_st *b, *peer_b;
- ssize_t num;
-
- BIO_clear_retry_flags(bio);
-
- if (!bio->init)
- return 0;
-
- b = bio->ptr;
- assert(b != NULL);
- assert(b->peer != NULL);
- peer_b = b->peer->ptr;
- assert(peer_b != NULL);
- assert(peer_b->buf != NULL);
-
- peer_b->request = 0;
-
- if (peer_b->len == 0)
- {
- char dummy;
-
- /* avoid code duplication -- nothing available for reading */
- return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
- }
-
- num = peer_b->len;
- if (peer_b->size < peer_b->offset + num)
- /* no ring buffer wrap-around for non-copying interface */
- num = peer_b->size - peer_b->offset;
- assert(num > 0);
-
- if (buf != NULL)
- *buf = peer_b->buf + peer_b->offset;
- return num;
- }
-
-static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
- {
- struct bio_bio_st *b, *peer_b;
- ssize_t num, available;
-
- if (num_ > SSIZE_MAX)
- num = SSIZE_MAX;
- else
- num = (ssize_t)num_;
-
- available = bio_nread0(bio, buf);
- if (num > available)
- num = available;
- if (num <= 0)
- return num;
-
- b = bio->ptr;
- peer_b = b->peer->ptr;
-
- peer_b->len -= num;
- if (peer_b->len)
- {
- peer_b->offset += num;
- assert(peer_b->offset <= peer_b->size);
- if (peer_b->offset == peer_b->size)
- peer_b->offset = 0;
- }
- else
- peer_b->offset = 0;
-
- return num;
- }
-
-
-static int bio_write(BIO *bio, const char *buf, int num_)
- {
- size_t num = num_;
- size_t rest;
- struct bio_bio_st *b;
-
- BIO_clear_retry_flags(bio);
-
- if (!bio->init || buf == NULL || num == 0)
- return 0;
-
- b = bio->ptr;
- assert(b != NULL);
- assert(b->peer != NULL);
- assert(b->buf != NULL);
-
- b->request = 0;
- if (b->closed)
- {
- /* we already closed */
- BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
- return -1;
- }
-
- assert(b->len <= b->size);
-
- if (b->len == b->size)
- {
- BIO_set_retry_write(bio); /* buffer is full */
- return -1;
- }
-
- /* we can write */
- if (num > b->size - b->len)
- num = b->size - b->len;
-
- /* now write "num" bytes */
-
- rest = num;
-
- assert(rest > 0);
- do /* one or two iterations */
- {
- size_t write_offset;
- size_t chunk;
-
- assert(b->len + rest <= b->size);
-
- write_offset = b->offset + b->len;
- if (write_offset >= b->size)
- write_offset -= b->size;
- /* b->buf[write_offset] is the first byte we can write to. */
-
- if (write_offset + rest <= b->size)
- chunk = rest;
- else
- /* wrap around ring buffer */
- chunk = b->size - write_offset;
-
- memcpy(b->buf + write_offset, buf, chunk);
-
- b->len += chunk;
-
- assert(b->len <= b->size);
-
- rest -= chunk;
- buf += chunk;
- }
- while (rest);
-
- return num;
- }
-
-/* non-copying interface: provide pointer to region to write to
- * bio_nwrite0: check how much space is available
- * bio_nwrite: also increase length
- * (example usage: bio_nwrite0(), write to buffer, bio_nwrite()
- * or just bio_nwrite(), write to buffer)
- */
-static ssize_t bio_nwrite0(BIO *bio, char **buf)
- {
- struct bio_bio_st *b;
- size_t num;
- size_t write_offset;
-
- BIO_clear_retry_flags(bio);
-
- if (!bio->init)
- return 0;
-
- b = bio->ptr;
- assert(b != NULL);
- assert(b->peer != NULL);
- assert(b->buf != NULL);
-
- b->request = 0;
- if (b->closed)
- {
- BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
- return -1;
- }
-
- assert(b->len <= b->size);
-
- if (b->len == b->size)
- {
- BIO_set_retry_write(bio);
- return -1;
- }
-
- num = b->size - b->len;
- write_offset = b->offset + b->len;
- if (write_offset >= b->size)
- write_offset -= b->size;
- if (write_offset + num > b->size)
- /* no ring buffer wrap-around for non-copying interface
- * (to fulfil the promise by BIO_ctrl_get_write_guarantee,
- * BIO_nwrite may have to be called twice) */
- num = b->size - write_offset;
-
- if (buf != NULL)
- *buf = b->buf + write_offset;
- assert(write_offset + num <= b->size);
-
- return num;
- }
-
-static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
- {
- struct bio_bio_st *b;
- ssize_t num, space;
-
- if (num_ > SSIZE_MAX)
- num = SSIZE_MAX;
- else
- num = (ssize_t)num_;
-
- space = bio_nwrite0(bio, buf);
- if (num > space)
- num = space;
- if (num <= 0)
- return num;
- b = bio->ptr;
- assert(b != NULL);
- b->len += num;
- assert(b->len <= b->size);
-
- return num;
- }
-
-
-static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
- {
- long ret;
- struct bio_bio_st *b = bio->ptr;
-
- assert(b != NULL);
-
- switch (cmd)
- {
- /* specific CTRL codes */
-
- case BIO_C_SET_WRITE_BUF_SIZE:
- if (b->peer)
- {
- BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
- ret = 0;
- }
- else if (num == 0)
- {
- BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
- ret = 0;
- }
- else
- {
- size_t new_size = num;
-
- if (b->size != new_size)
- {
- if (b->buf)
- {
- OPENSSL_free(b->buf);
- b->buf = NULL;
- }
- b->size = new_size;
- }
- ret = 1;
- }
- break;
-
- case BIO_C_GET_WRITE_BUF_SIZE:
- ret = (long) b->size;
- break;
-
- case BIO_C_MAKE_BIO_PAIR:
- {
- BIO *other_bio = ptr;
-
- if (bio_make_pair(bio, other_bio))
- ret = 1;
- else
- ret = 0;
- }
- break;
-
- case BIO_C_DESTROY_BIO_PAIR:
- /* Affects both BIOs in the pair -- call just once!
- * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
- bio_destroy_pair(bio);
- ret = 1;
- break;
-
- case BIO_C_GET_WRITE_GUARANTEE:
- /* How many bytes can the caller feed to the next write
- * without having to keep any? */
- if (b->peer == NULL || b->closed)
- ret = 0;
- else
- ret = (long) b->size - b->len;
- break;
-
- case BIO_C_GET_READ_REQUEST:
- /* If the peer unsuccessfully tried to read, how many bytes
- * were requested? (As with BIO_CTRL_PENDING, that number
- * can usually be treated as boolean.) */
- ret = (long) b->request;
- break;
-
- case BIO_C_RESET_READ_REQUEST:
- /* Reset request. (Can be useful after read attempts
- * at the other side that are meant to be non-blocking,
- * e.g. when probing SSL_read to see if any data is
- * available.) */
- b->request = 0;
- ret = 1;
- break;
-
- case BIO_C_SHUTDOWN_WR:
- /* similar to shutdown(..., SHUT_WR) */
- b->closed = 1;
- ret = 1;
- break;
-
- case BIO_C_NREAD0:
- /* prepare for non-copying read */
- ret = (long) bio_nread0(bio, ptr);
- break;
-
- case BIO_C_NREAD:
- /* non-copying read */
- ret = (long) bio_nread(bio, ptr, (size_t) num);
- break;
-
- case BIO_C_NWRITE0:
- /* prepare for non-copying write */
- ret = (long) bio_nwrite0(bio, ptr);
- break;
-
- case BIO_C_NWRITE:
- /* non-copying write */
- ret = (long) bio_nwrite(bio, ptr, (size_t) num);
- break;
-
-
- /* standard CTRL codes follow */
-
- case BIO_CTRL_RESET:
- if (b->buf != NULL)
- {
- b->len = 0;
- b->offset = 0;
- }
- ret = 0;
- break;
-
- case BIO_CTRL_GET_CLOSE:
- ret = bio->shutdown;
- break;
-
- case BIO_CTRL_SET_CLOSE:
- bio->shutdown = (int) num;
- ret = 1;
- break;
-
- case BIO_CTRL_PENDING:
- if (b->peer != NULL)
- {
- struct bio_bio_st *peer_b = b->peer->ptr;
-
- ret = (long) peer_b->len;
- }
- else
- ret = 0;
- break;
-
- case BIO_CTRL_WPENDING:
- if (b->buf != NULL)
- ret = (long) b->len;
- else
- ret = 0;
- break;
-
- case BIO_CTRL_DUP:
- /* See BIO_dup_chain for circumstances we have to expect. */
- {
- BIO *other_bio = ptr;
- struct bio_bio_st *other_b;
-
- assert(other_bio != NULL);
- other_b = other_bio->ptr;
- assert(other_b != NULL);
-
- assert(other_b->buf == NULL); /* other_bio is always fresh */
-
- other_b->size = b->size;
- }
-
- ret = 1;
- break;
-
- case BIO_CTRL_FLUSH:
- ret = 1;
- break;
-
- case BIO_CTRL_EOF:
- {
- BIO *other_bio = ptr;
-
- if (other_bio)
- {
- struct bio_bio_st *other_b = other_bio->ptr;
-
- assert(other_b != NULL);
- ret = other_b->len == 0 && other_b->closed;
- }
- else
- ret = 1;
- }
- break;
-
- default:
- ret = 0;
- }
- return ret;
- }
-
-static int bio_puts(BIO *bio, const char *str)
- {
- return bio_write(bio, str, strlen(str));
- }
-
-
-static int bio_make_pair(BIO *bio1, BIO *bio2)
- {
- struct bio_bio_st *b1, *b2;
-
- assert(bio1 != NULL);
- assert(bio2 != NULL);
-
- b1 = bio1->ptr;
- b2 = bio2->ptr;
-
- if (b1->peer != NULL || b2->peer != NULL)
- {
- BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
- return 0;
- }
-
- if (b1->buf == NULL)
- {
- b1->buf = OPENSSL_malloc(b1->size);
- if (b1->buf == NULL)
- {
- BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- b1->len = 0;
- b1->offset = 0;
- }
-
- if (b2->buf == NULL)
- {
- b2->buf = OPENSSL_malloc(b2->size);
- if (b2->buf == NULL)
- {
- BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- b2->len = 0;
- b2->offset = 0;
- }
-
- b1->peer = bio2;
- b1->closed = 0;
- b1->request = 0;
- b2->peer = bio1;
- b2->closed = 0;
- b2->request = 0;
-
- bio1->init = 1;
- bio2->init = 1;
-
- return 1;
- }
-
-static void bio_destroy_pair(BIO *bio)
- {
- struct bio_bio_st *b = bio->ptr;
-
- if (b != NULL)
- {
- BIO *peer_bio = b->peer;
-
- if (peer_bio != NULL)
- {
- struct bio_bio_st *peer_b = peer_bio->ptr;
-
- assert(peer_b != NULL);
- assert(peer_b->peer == bio);
-
- peer_b->peer = NULL;
- peer_bio->init = 0;
- assert(peer_b->buf != NULL);
- peer_b->len = 0;
- peer_b->offset = 0;
-
- b->peer = NULL;
- bio->init = 0;
- assert(b->buf != NULL);
- b->len = 0;
- b->offset = 0;
- }
- }
- }
-
-
-/* Exported convenience functions */
-int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
- BIO **bio2_p, size_t writebuf2)
- {
- BIO *bio1 = NULL, *bio2 = NULL;
- long r;
- int ret = 0;
-
- bio1 = BIO_new(BIO_s_bio());
- if (bio1 == NULL)
- goto err;
- bio2 = BIO_new(BIO_s_bio());
- if (bio2 == NULL)
- goto err;
-
- if (writebuf1)
- {
- r = BIO_set_write_buf_size(bio1, writebuf1);
- if (!r)
- goto err;
- }
- if (writebuf2)
- {
- r = BIO_set_write_buf_size(bio2, writebuf2);
- if (!r)
- goto err;
- }
-
- r = BIO_make_bio_pair(bio1, bio2);
- if (!r)
- goto err;
- ret = 1;
-
- err:
- if (ret == 0)
- {
- if (bio1)
- {
- BIO_free(bio1);
- bio1 = NULL;
- }
- if (bio2)
- {
- BIO_free(bio2);
- bio2 = NULL;
- }
- }
-
- *bio1_p = bio1;
- *bio2_p = bio2;
- return ret;
- }
-
-size_t BIO_ctrl_get_write_guarantee(BIO *bio)
- {
- return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
- }
-
-size_t BIO_ctrl_get_read_request(BIO *bio)
- {
- return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
- }
-
-int BIO_ctrl_reset_read_request(BIO *bio)
- {
- return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
- }
-
-
-/* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
- * (conceivably some other BIOs could allow non-copying reads and writes too.)
- */
-int BIO_nread0(BIO *bio, char **buf)
- {
- long ret;
-
- if (!bio->init)
- {
- BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
- return -2;
- }
-
- ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
- if (ret > INT_MAX)
- return INT_MAX;
- else
- return (int) ret;
- }
-
-int BIO_nread(BIO *bio, char **buf, int num)
- {
- int ret;
-
- if (!bio->init)
- {
- BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
- return -2;
- }
-
- ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf);
- if (ret > 0)
- bio->num_read += ret;
- return ret;
- }
-
-int BIO_nwrite0(BIO *bio, char **buf)
- {
- long ret;
-
- if (!bio->init)
- {
- BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
- return -2;
- }
-
- ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
- if (ret > INT_MAX)
- return INT_MAX;
- else
- return (int) ret;
- }
-
-int BIO_nwrite(BIO *bio, char **buf, int num)
- {
- int ret;
-
- if (!bio->init)
- {
- BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
- return -2;
- }
-
- ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
- if (ret > 0)
- bio->num_write += ret;
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_bio.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bss_bio.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_bio.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_bio.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,886 @@
+/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * Special method for a BIO where the other endpoint is also a BIO of this
+ * kind, handled by the same thread (i.e. the "peer" is actually ourselves,
+ * wearing a different hat). Such "BIO pairs" are mainly for using the SSL
+ * library with I/O interfaces for which no specific BIO method is available.
+ * See ssl/ssltest.c for some hints on how this can be used.
+ */
+
+/* BIO_DEBUG implies BIO_PAIR_DEBUG */
+#ifdef BIO_DEBUG
+# ifndef BIO_PAIR_DEBUG
+# define BIO_PAIR_DEBUG
+# endif
+#endif
+
+/* disable assert() unless BIO_PAIR_DEBUG has been defined */
+#ifndef BIO_PAIR_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+#include "e_os.h"
+
+/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */
+#if defined(OPENSSL_SYS_VXWORKS)
+# undef SSIZE_MAX
+#endif
+#ifndef SSIZE_MAX
+# define SSIZE_MAX INT_MAX
+#endif
+
+static int bio_new(BIO *bio);
+static int bio_free(BIO *bio);
+static int bio_read(BIO *bio, char *buf, int size);
+static int bio_write(BIO *bio, const char *buf, int num);
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
+static int bio_puts(BIO *bio, const char *str);
+
+static int bio_make_pair(BIO *bio1, BIO *bio2);
+static void bio_destroy_pair(BIO *bio);
+
+static BIO_METHOD methods_biop = {
+ BIO_TYPE_BIO,
+ "BIO pair",
+ bio_write,
+ bio_read,
+ bio_puts,
+ NULL /* no bio_gets */ ,
+ bio_ctrl,
+ bio_new,
+ bio_free,
+ NULL /* no bio_callback_ctrl */
+};
+
+BIO_METHOD *BIO_s_bio(void)
+{
+ return &methods_biop;
+}
+
+struct bio_bio_st {
+ BIO *peer; /* NULL if buf == NULL. If peer != NULL, then
+ * peer->ptr is also a bio_bio_st, and its
+ * "peer" member points back to us. peer !=
+ * NULL iff init != 0 in the BIO. */
+ /* This is for what we write (i.e. reading uses peer's struct): */
+ int closed; /* valid iff peer != NULL */
+ size_t len; /* valid iff buf != NULL; 0 if peer == NULL */
+ size_t offset; /* valid iff buf != NULL; 0 if len == 0 */
+ size_t size;
+ char *buf; /* "size" elements (if != NULL) */
+ size_t request; /* valid iff peer != NULL; 0 if len != 0,
+ * otherwise set by peer to number of bytes
+ * it (unsuccessfully) tried to read, never
+ * more than buffer space (size-len)
+ * warrants. */
+};
+
+static int bio_new(BIO *bio)
+{
+ struct bio_bio_st *b;
+
+ b = OPENSSL_malloc(sizeof *b);
+ if (b == NULL)
+ return 0;
+
+ b->peer = NULL;
+ /* enough for one TLS record (just a default) */
+ b->size = 17 * 1024;
+ b->buf = NULL;
+
+ bio->ptr = b;
+ return 1;
+}
+
+static int bio_free(BIO *bio)
+{
+ struct bio_bio_st *b;
+
+ if (bio == NULL)
+ return 0;
+ b = bio->ptr;
+
+ assert(b != NULL);
+
+ if (b->peer)
+ bio_destroy_pair(bio);
+
+ if (b->buf != NULL) {
+ OPENSSL_free(b->buf);
+ }
+
+ OPENSSL_free(b);
+
+ return 1;
+}
+
+static int bio_read(BIO *bio, char *buf, int size_)
+{
+ size_t size = size_;
+ size_t rest;
+ struct bio_bio_st *b, *peer_b;
+
+ BIO_clear_retry_flags(bio);
+
+ if (!bio->init)
+ return 0;
+
+ b = bio->ptr;
+ assert(b != NULL);
+ assert(b->peer != NULL);
+ peer_b = b->peer->ptr;
+ assert(peer_b != NULL);
+ assert(peer_b->buf != NULL);
+
+ peer_b->request = 0; /* will be set in "retry_read" situation */
+
+ if (buf == NULL || size == 0)
+ return 0;
+
+ if (peer_b->len == 0) {
+ if (peer_b->closed)
+ return 0; /* writer has closed, and no data is left */
+ else {
+ BIO_set_retry_read(bio); /* buffer is empty */
+ if (size <= peer_b->size)
+ peer_b->request = size;
+ else
+ /*
+ * don't ask for more than the peer can deliver in one write
+ */
+ peer_b->request = peer_b->size;
+ return -1;
+ }
+ }
+
+ /* we can read */
+ if (peer_b->len < size)
+ size = peer_b->len;
+
+ /* now read "size" bytes */
+
+ rest = size;
+
+ assert(rest > 0);
+ do { /* one or two iterations */
+ size_t chunk;
+
+ assert(rest <= peer_b->len);
+ if (peer_b->offset + rest <= peer_b->size)
+ chunk = rest;
+ else
+ /* wrap around ring buffer */
+ chunk = peer_b->size - peer_b->offset;
+ assert(peer_b->offset + chunk <= peer_b->size);
+
+ memcpy(buf, peer_b->buf + peer_b->offset, chunk);
+
+ peer_b->len -= chunk;
+ if (peer_b->len) {
+ peer_b->offset += chunk;
+ assert(peer_b->offset <= peer_b->size);
+ if (peer_b->offset == peer_b->size)
+ peer_b->offset = 0;
+ buf += chunk;
+ } else {
+ /* buffer now empty, no need to advance "buf" */
+ assert(chunk == rest);
+ peer_b->offset = 0;
+ }
+ rest -= chunk;
+ }
+ while (rest);
+
+ return size;
+}
+
+/*-
+ * non-copying interface: provide pointer to available data in buffer
+ * bio_nread0: return number of available bytes
+ * bio_nread: also advance index
+ * (example usage: bio_nread0(), read from buffer, bio_nread()
+ * or just bio_nread(), read from buffer)
+ */
+/*
+ * WARNING: The non-copying interface is largely untested as of yet and may
+ * contain bugs.
+ */
+static ssize_t bio_nread0(BIO *bio, char **buf)
+{
+ struct bio_bio_st *b, *peer_b;
+ ssize_t num;
+
+ BIO_clear_retry_flags(bio);
+
+ if (!bio->init)
+ return 0;
+
+ b = bio->ptr;
+ assert(b != NULL);
+ assert(b->peer != NULL);
+ peer_b = b->peer->ptr;
+ assert(peer_b != NULL);
+ assert(peer_b->buf != NULL);
+
+ peer_b->request = 0;
+
+ if (peer_b->len == 0) {
+ char dummy;
+
+ /* avoid code duplication -- nothing available for reading */
+ return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
+ }
+
+ num = peer_b->len;
+ if (peer_b->size < peer_b->offset + num)
+ /* no ring buffer wrap-around for non-copying interface */
+ num = peer_b->size - peer_b->offset;
+ assert(num > 0);
+
+ if (buf != NULL)
+ *buf = peer_b->buf + peer_b->offset;
+ return num;
+}
+
+static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
+{
+ struct bio_bio_st *b, *peer_b;
+ ssize_t num, available;
+
+ if (num_ > SSIZE_MAX)
+ num = SSIZE_MAX;
+ else
+ num = (ssize_t) num_;
+
+ available = bio_nread0(bio, buf);
+ if (num > available)
+ num = available;
+ if (num <= 0)
+ return num;
+
+ b = bio->ptr;
+ peer_b = b->peer->ptr;
+
+ peer_b->len -= num;
+ if (peer_b->len) {
+ peer_b->offset += num;
+ assert(peer_b->offset <= peer_b->size);
+ if (peer_b->offset == peer_b->size)
+ peer_b->offset = 0;
+ } else
+ peer_b->offset = 0;
+
+ return num;
+}
+
+static int bio_write(BIO *bio, const char *buf, int num_)
+{
+ size_t num = num_;
+ size_t rest;
+ struct bio_bio_st *b;
+
+ BIO_clear_retry_flags(bio);
+
+ if (!bio->init || buf == NULL || num == 0)
+ return 0;
+
+ b = bio->ptr;
+ assert(b != NULL);
+ assert(b->peer != NULL);
+ assert(b->buf != NULL);
+
+ b->request = 0;
+ if (b->closed) {
+ /* we already closed */
+ BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
+ return -1;
+ }
+
+ assert(b->len <= b->size);
+
+ if (b->len == b->size) {
+ BIO_set_retry_write(bio); /* buffer is full */
+ return -1;
+ }
+
+ /* we can write */
+ if (num > b->size - b->len)
+ num = b->size - b->len;
+
+ /* now write "num" bytes */
+
+ rest = num;
+
+ assert(rest > 0);
+ do { /* one or two iterations */
+ size_t write_offset;
+ size_t chunk;
+
+ assert(b->len + rest <= b->size);
+
+ write_offset = b->offset + b->len;
+ if (write_offset >= b->size)
+ write_offset -= b->size;
+ /* b->buf[write_offset] is the first byte we can write to. */
+
+ if (write_offset + rest <= b->size)
+ chunk = rest;
+ else
+ /* wrap around ring buffer */
+ chunk = b->size - write_offset;
+
+ memcpy(b->buf + write_offset, buf, chunk);
+
+ b->len += chunk;
+
+ assert(b->len <= b->size);
+
+ rest -= chunk;
+ buf += chunk;
+ }
+ while (rest);
+
+ return num;
+}
+
+/*-
+ * non-copying interface: provide pointer to region to write to
+ * bio_nwrite0: check how much space is available
+ * bio_nwrite: also increase length
+ * (example usage: bio_nwrite0(), write to buffer, bio_nwrite()
+ * or just bio_nwrite(), write to buffer)
+ */
+static ssize_t bio_nwrite0(BIO *bio, char **buf)
+{
+ struct bio_bio_st *b;
+ size_t num;
+ size_t write_offset;
+
+ BIO_clear_retry_flags(bio);
+
+ if (!bio->init)
+ return 0;
+
+ b = bio->ptr;
+ assert(b != NULL);
+ assert(b->peer != NULL);
+ assert(b->buf != NULL);
+
+ b->request = 0;
+ if (b->closed) {
+ BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
+ return -1;
+ }
+
+ assert(b->len <= b->size);
+
+ if (b->len == b->size) {
+ BIO_set_retry_write(bio);
+ return -1;
+ }
+
+ num = b->size - b->len;
+ write_offset = b->offset + b->len;
+ if (write_offset >= b->size)
+ write_offset -= b->size;
+ if (write_offset + num > b->size)
+ /*
+ * no ring buffer wrap-around for non-copying interface (to fulfil
+ * the promise by BIO_ctrl_get_write_guarantee, BIO_nwrite may have
+ * to be called twice)
+ */
+ num = b->size - write_offset;
+
+ if (buf != NULL)
+ *buf = b->buf + write_offset;
+ assert(write_offset + num <= b->size);
+
+ return num;
+}
+
+static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
+{
+ struct bio_bio_st *b;
+ ssize_t num, space;
+
+ if (num_ > SSIZE_MAX)
+ num = SSIZE_MAX;
+ else
+ num = (ssize_t) num_;
+
+ space = bio_nwrite0(bio, buf);
+ if (num > space)
+ num = space;
+ if (num <= 0)
+ return num;
+ b = bio->ptr;
+ assert(b != NULL);
+ b->len += num;
+ assert(b->len <= b->size);
+
+ return num;
+}
+
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+ long ret;
+ struct bio_bio_st *b = bio->ptr;
+
+ assert(b != NULL);
+
+ switch (cmd) {
+ /* specific CTRL codes */
+
+ case BIO_C_SET_WRITE_BUF_SIZE:
+ if (b->peer) {
+ BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
+ ret = 0;
+ } else if (num == 0) {
+ BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
+ ret = 0;
+ } else {
+ size_t new_size = num;
+
+ if (b->size != new_size) {
+ if (b->buf) {
+ OPENSSL_free(b->buf);
+ b->buf = NULL;
+ }
+ b->size = new_size;
+ }
+ ret = 1;
+ }
+ break;
+
+ case BIO_C_GET_WRITE_BUF_SIZE:
+ ret = (long)b->size;
+ break;
+
+ case BIO_C_MAKE_BIO_PAIR:
+ {
+ BIO *other_bio = ptr;
+
+ if (bio_make_pair(bio, other_bio))
+ ret = 1;
+ else
+ ret = 0;
+ }
+ break;
+
+ case BIO_C_DESTROY_BIO_PAIR:
+ /*
+ * Affects both BIOs in the pair -- call just once! Or let
+ * BIO_free(bio1); BIO_free(bio2); do the job.
+ */
+ bio_destroy_pair(bio);
+ ret = 1;
+ break;
+
+ case BIO_C_GET_WRITE_GUARANTEE:
+ /*
+ * How many bytes can the caller feed to the next write without
+ * having to keep any?
+ */
+ if (b->peer == NULL || b->closed)
+ ret = 0;
+ else
+ ret = (long)b->size - b->len;
+ break;
+
+ case BIO_C_GET_READ_REQUEST:
+ /*
+ * If the peer unsuccessfully tried to read, how many bytes were
+ * requested? (As with BIO_CTRL_PENDING, that number can usually be
+ * treated as boolean.)
+ */
+ ret = (long)b->request;
+ break;
+
+ case BIO_C_RESET_READ_REQUEST:
+ /*
+ * Reset request. (Can be useful after read attempts at the other
+ * side that are meant to be non-blocking, e.g. when probing SSL_read
+ * to see if any data is available.)
+ */
+ b->request = 0;
+ ret = 1;
+ break;
+
+ case BIO_C_SHUTDOWN_WR:
+ /* similar to shutdown(..., SHUT_WR) */
+ b->closed = 1;
+ ret = 1;
+ break;
+
+ case BIO_C_NREAD0:
+ /* prepare for non-copying read */
+ ret = (long)bio_nread0(bio, ptr);
+ break;
+
+ case BIO_C_NREAD:
+ /* non-copying read */
+ ret = (long)bio_nread(bio, ptr, (size_t)num);
+ break;
+
+ case BIO_C_NWRITE0:
+ /* prepare for non-copying write */
+ ret = (long)bio_nwrite0(bio, ptr);
+ break;
+
+ case BIO_C_NWRITE:
+ /* non-copying write */
+ ret = (long)bio_nwrite(bio, ptr, (size_t)num);
+ break;
+
+ /* standard CTRL codes follow */
+
+ case BIO_CTRL_RESET:
+ if (b->buf != NULL) {
+ b->len = 0;
+ b->offset = 0;
+ }
+ ret = 0;
+ break;
+
+ case BIO_CTRL_GET_CLOSE:
+ ret = bio->shutdown;
+ break;
+
+ case BIO_CTRL_SET_CLOSE:
+ bio->shutdown = (int)num;
+ ret = 1;
+ break;
+
+ case BIO_CTRL_PENDING:
+ if (b->peer != NULL) {
+ struct bio_bio_st *peer_b = b->peer->ptr;
+
+ ret = (long)peer_b->len;
+ } else
+ ret = 0;
+ break;
+
+ case BIO_CTRL_WPENDING:
+ if (b->buf != NULL)
+ ret = (long)b->len;
+ else
+ ret = 0;
+ break;
+
+ case BIO_CTRL_DUP:
+ /* See BIO_dup_chain for circumstances we have to expect. */
+ {
+ BIO *other_bio = ptr;
+ struct bio_bio_st *other_b;
+
+ assert(other_bio != NULL);
+ other_b = other_bio->ptr;
+ assert(other_b != NULL);
+
+ assert(other_b->buf == NULL); /* other_bio is always fresh */
+
+ other_b->size = b->size;
+ }
+
+ ret = 1;
+ break;
+
+ case BIO_CTRL_FLUSH:
+ ret = 1;
+ break;
+
+ case BIO_CTRL_EOF:
+ {
+ BIO *other_bio = ptr;
+
+ if (other_bio) {
+ struct bio_bio_st *other_b = other_bio->ptr;
+
+ assert(other_b != NULL);
+ ret = other_b->len == 0 && other_b->closed;
+ } else
+ ret = 1;
+ }
+ break;
+
+ default:
+ ret = 0;
+ }
+ return ret;
+}
+
+static int bio_puts(BIO *bio, const char *str)
+{
+ return bio_write(bio, str, strlen(str));
+}
+
+static int bio_make_pair(BIO *bio1, BIO *bio2)
+{
+ struct bio_bio_st *b1, *b2;
+
+ assert(bio1 != NULL);
+ assert(bio2 != NULL);
+
+ b1 = bio1->ptr;
+ b2 = bio2->ptr;
+
+ if (b1->peer != NULL || b2->peer != NULL) {
+ BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
+ return 0;
+ }
+
+ if (b1->buf == NULL) {
+ b1->buf = OPENSSL_malloc(b1->size);
+ if (b1->buf == NULL) {
+ BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ b1->len = 0;
+ b1->offset = 0;
+ }
+
+ if (b2->buf == NULL) {
+ b2->buf = OPENSSL_malloc(b2->size);
+ if (b2->buf == NULL) {
+ BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ b2->len = 0;
+ b2->offset = 0;
+ }
+
+ b1->peer = bio2;
+ b1->closed = 0;
+ b1->request = 0;
+ b2->peer = bio1;
+ b2->closed = 0;
+ b2->request = 0;
+
+ bio1->init = 1;
+ bio2->init = 1;
+
+ return 1;
+}
+
+static void bio_destroy_pair(BIO *bio)
+{
+ struct bio_bio_st *b = bio->ptr;
+
+ if (b != NULL) {
+ BIO *peer_bio = b->peer;
+
+ if (peer_bio != NULL) {
+ struct bio_bio_st *peer_b = peer_bio->ptr;
+
+ assert(peer_b != NULL);
+ assert(peer_b->peer == bio);
+
+ peer_b->peer = NULL;
+ peer_bio->init = 0;
+ assert(peer_b->buf != NULL);
+ peer_b->len = 0;
+ peer_b->offset = 0;
+
+ b->peer = NULL;
+ bio->init = 0;
+ assert(b->buf != NULL);
+ b->len = 0;
+ b->offset = 0;
+ }
+ }
+}
+
+/* Exported convenience functions */
+int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
+ BIO **bio2_p, size_t writebuf2)
+{
+ BIO *bio1 = NULL, *bio2 = NULL;
+ long r;
+ int ret = 0;
+
+ bio1 = BIO_new(BIO_s_bio());
+ if (bio1 == NULL)
+ goto err;
+ bio2 = BIO_new(BIO_s_bio());
+ if (bio2 == NULL)
+ goto err;
+
+ if (writebuf1) {
+ r = BIO_set_write_buf_size(bio1, writebuf1);
+ if (!r)
+ goto err;
+ }
+ if (writebuf2) {
+ r = BIO_set_write_buf_size(bio2, writebuf2);
+ if (!r)
+ goto err;
+ }
+
+ r = BIO_make_bio_pair(bio1, bio2);
+ if (!r)
+ goto err;
+ ret = 1;
+
+ err:
+ if (ret == 0) {
+ if (bio1) {
+ BIO_free(bio1);
+ bio1 = NULL;
+ }
+ if (bio2) {
+ BIO_free(bio2);
+ bio2 = NULL;
+ }
+ }
+
+ *bio1_p = bio1;
+ *bio2_p = bio2;
+ return ret;
+}
+
+size_t BIO_ctrl_get_write_guarantee(BIO *bio)
+{
+ return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
+}
+
+size_t BIO_ctrl_get_read_request(BIO *bio)
+{
+ return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
+}
+
+int BIO_ctrl_reset_read_request(BIO *bio)
+{
+ return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
+}
+
+/*
+ * BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
+ * (conceivably some other BIOs could allow non-copying reads and writes
+ * too.)
+ */
+int BIO_nread0(BIO *bio, char **buf)
+{
+ long ret;
+
+ if (!bio->init) {
+ BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
+ return -2;
+ }
+
+ ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
+ if (ret > INT_MAX)
+ return INT_MAX;
+ else
+ return (int)ret;
+}
+
+int BIO_nread(BIO *bio, char **buf, int num)
+{
+ int ret;
+
+ if (!bio->init) {
+ BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
+ return -2;
+ }
+
+ ret = (int)BIO_ctrl(bio, BIO_C_NREAD, num, buf);
+ if (ret > 0)
+ bio->num_read += ret;
+ return ret;
+}
+
+int BIO_nwrite0(BIO *bio, char **buf)
+{
+ long ret;
+
+ if (!bio->init) {
+ BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
+ return -2;
+ }
+
+ ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
+ if (ret > INT_MAX)
+ return INT_MAX;
+ else
+ return (int)ret;
+}
+
+int BIO_nwrite(BIO *bio, char **buf, int num)
+{
+ int ret;
+
+ if (!bio->init) {
+ BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
+ return -2;
+ }
+
+ ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
+ if (ret > 0)
+ bio->num_write += ret;
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_conn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_conn.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_conn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,652 +0,0 @@
-/* crypto/bio/bss_conn.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-#ifndef OPENSSL_NO_SOCK
-
-#ifdef OPENSSL_SYS_WIN16
-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-#else
-#define SOCKET_PROTOCOL IPPROTO_TCP
-#endif
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-
-
-typedef struct bio_connect_st
- {
- int state;
-
- char *param_hostname;
- char *param_port;
- int nbio;
-
- unsigned char ip[4];
- unsigned short port;
-
- struct sockaddr_in them;
-
- /* int socket; this will be kept in bio->num so that it is
- * compatible with the bss_sock bio */
-
- /* called when the connection is initially made
- * callback(BIO,state,ret); The callback should return
- * 'ret'. state is for compatibility with the ssl info_callback */
- int (*info_callback)(const BIO *bio,int state,int ret);
- } BIO_CONNECT;
-
-static int conn_write(BIO *h, const char *buf, int num);
-static int conn_read(BIO *h, char *buf, int size);
-static int conn_puts(BIO *h, const char *str);
-static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int conn_new(BIO *h);
-static int conn_free(BIO *data);
-static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *);
-
-static int conn_state(BIO *b, BIO_CONNECT *c);
-static void conn_close_socket(BIO *data);
-BIO_CONNECT *BIO_CONNECT_new(void );
-void BIO_CONNECT_free(BIO_CONNECT *a);
-
-static BIO_METHOD methods_connectp=
- {
- BIO_TYPE_CONNECT,
- "socket connect",
- conn_write,
- conn_read,
- conn_puts,
- NULL, /* connect_gets, */
- conn_ctrl,
- conn_new,
- conn_free,
- conn_callback_ctrl,
- };
-
-static int conn_state(BIO *b, BIO_CONNECT *c)
- {
- int ret= -1,i;
- unsigned long l;
- char *p,*q;
- int (*cb)(const BIO *,int,int)=NULL;
-
- if (c->info_callback != NULL)
- cb=c->info_callback;
-
- for (;;)
- {
- switch (c->state)
- {
- case BIO_CONN_S_BEFORE:
- p=c->param_hostname;
- if (p == NULL)
- {
- BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTNAME_SPECIFIED);
- goto exit_loop;
- }
- for ( ; *p != '\0'; p++)
- {
- if ((*p == ':') || (*p == '/')) break;
- }
-
- i= *p;
- if ((i == ':') || (i == '/'))
- {
-
- *(p++)='\0';
- if (i == ':')
- {
- for (q=p; *q; q++)
- if (*q == '/')
- {
- *q='\0';
- break;
- }
- if (c->param_port != NULL)
- OPENSSL_free(c->param_port);
- c->param_port=BUF_strdup(p);
- }
- }
-
- if (c->param_port == NULL)
- {
- BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED);
- ERR_add_error_data(2,"host=",c->param_hostname);
- goto exit_loop;
- }
- c->state=BIO_CONN_S_GET_IP;
- break;
-
- case BIO_CONN_S_GET_IP:
- if (BIO_get_host_ip(c->param_hostname,&(c->ip[0])) <= 0)
- goto exit_loop;
- c->state=BIO_CONN_S_GET_PORT;
- break;
-
- case BIO_CONN_S_GET_PORT:
- if (c->param_port == NULL)
- {
- /* abort(); */
- goto exit_loop;
- }
- else if (BIO_get_port(c->param_port,&c->port) <= 0)
- goto exit_loop;
- c->state=BIO_CONN_S_CREATE_SOCKET;
- break;
-
- case BIO_CONN_S_CREATE_SOCKET:
- /* now setup address */
- memset((char *)&c->them,0,sizeof(c->them));
- c->them.sin_family=AF_INET;
- c->them.sin_port=htons((unsigned short)c->port);
- l=(unsigned long)
- ((unsigned long)c->ip[0]<<24L)|
- ((unsigned long)c->ip[1]<<16L)|
- ((unsigned long)c->ip[2]<< 8L)|
- ((unsigned long)c->ip[3]);
- c->them.sin_addr.s_addr=htonl(l);
- c->state=BIO_CONN_S_CREATE_SOCKET;
-
- ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- if (ret == INVALID_SOCKET)
- {
- SYSerr(SYS_F_SOCKET,get_last_socket_error());
- ERR_add_error_data(4,"host=",c->param_hostname,
- ":",c->param_port);
- BIOerr(BIO_F_CONN_STATE,BIO_R_UNABLE_TO_CREATE_SOCKET);
- goto exit_loop;
- }
- b->num=ret;
- c->state=BIO_CONN_S_NBIO;
- break;
-
- case BIO_CONN_S_NBIO:
- if (c->nbio)
- {
- if (!BIO_socket_nbio(b->num,1))
- {
- BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO);
- ERR_add_error_data(4,"host=",
- c->param_hostname,
- ":",c->param_port);
- goto exit_loop;
- }
- }
- c->state=BIO_CONN_S_CONNECT;
-
-#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
- i=1;
- i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0)
- {
- SYSerr(SYS_F_SOCKET,get_last_socket_error());
- ERR_add_error_data(4,"host=",c->param_hostname,
- ":",c->param_port);
- BIOerr(BIO_F_CONN_STATE,BIO_R_KEEPALIVE);
- goto exit_loop;
- }
-#endif
- break;
-
- case BIO_CONN_S_CONNECT:
- BIO_clear_retry_flags(b);
- ret=connect(b->num,
- (struct sockaddr *)&c->them,
- sizeof(c->them));
- b->retry_reason=0;
- if (ret < 0)
- {
- if (BIO_sock_should_retry(ret))
- {
- BIO_set_retry_special(b);
- c->state=BIO_CONN_S_BLOCKED_CONNECT;
- b->retry_reason=BIO_RR_CONNECT;
- }
- else
- {
- SYSerr(SYS_F_CONNECT,get_last_socket_error());
- ERR_add_error_data(4,"host=",
- c->param_hostname,
- ":",c->param_port);
- BIOerr(BIO_F_CONN_STATE,BIO_R_CONNECT_ERROR);
- }
- goto exit_loop;
- }
- else
- c->state=BIO_CONN_S_OK;
- break;
-
- case BIO_CONN_S_BLOCKED_CONNECT:
- i=BIO_sock_error(b->num);
- if (i)
- {
- BIO_clear_retry_flags(b);
- SYSerr(SYS_F_CONNECT,i);
- ERR_add_error_data(4,"host=",
- c->param_hostname,
- ":",c->param_port);
- BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR);
- ret=0;
- goto exit_loop;
- }
- else
- c->state=BIO_CONN_S_OK;
- break;
-
- case BIO_CONN_S_OK:
- ret=1;
- goto exit_loop;
- default:
- /* abort(); */
- goto exit_loop;
- }
-
- if (cb != NULL)
- {
- if (!(ret=cb((BIO *)b,c->state,ret)))
- goto end;
- }
- }
-
- /* Loop does not exit */
-exit_loop:
- if (cb != NULL)
- ret=cb((BIO *)b,c->state,ret);
-end:
- return(ret);
- }
-
-BIO_CONNECT *BIO_CONNECT_new(void)
- {
- BIO_CONNECT *ret;
-
- if ((ret=(BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL)
- return(NULL);
- ret->state=BIO_CONN_S_BEFORE;
- ret->param_hostname=NULL;
- ret->param_port=NULL;
- ret->info_callback=NULL;
- ret->nbio=0;
- ret->ip[0]=0;
- ret->ip[1]=0;
- ret->ip[2]=0;
- ret->ip[3]=0;
- ret->port=0;
- memset((char *)&ret->them,0,sizeof(ret->them));
- return(ret);
- }
-
-void BIO_CONNECT_free(BIO_CONNECT *a)
- {
- if(a == NULL)
- return;
-
- if (a->param_hostname != NULL)
- OPENSSL_free(a->param_hostname);
- if (a->param_port != NULL)
- OPENSSL_free(a->param_port);
- OPENSSL_free(a);
- }
-
-BIO_METHOD *BIO_s_connect(void)
- {
- return(&methods_connectp);
- }
-
-static int conn_new(BIO *bi)
- {
- bi->init=0;
- bi->num=INVALID_SOCKET;
- bi->flags=0;
- if ((bi->ptr=(char *)BIO_CONNECT_new()) == NULL)
- return(0);
- else
- return(1);
- }
-
-static void conn_close_socket(BIO *bio)
- {
- BIO_CONNECT *c;
-
- c=(BIO_CONNECT *)bio->ptr;
- if (bio->num != INVALID_SOCKET)
- {
- /* Only do a shutdown if things were established */
- if (c->state == BIO_CONN_S_OK)
- shutdown(bio->num,2);
- closesocket(bio->num);
- bio->num=INVALID_SOCKET;
- }
- }
-
-static int conn_free(BIO *a)
- {
- BIO_CONNECT *data;
-
- if (a == NULL) return(0);
- data=(BIO_CONNECT *)a->ptr;
-
- if (a->shutdown)
- {
- conn_close_socket(a);
- BIO_CONNECT_free(data);
- a->ptr=NULL;
- a->flags=0;
- a->init=0;
- }
- return(1);
- }
-
-static int conn_read(BIO *b, char *out, int outl)
- {
- int ret=0;
- BIO_CONNECT *data;
-
- data=(BIO_CONNECT *)b->ptr;
- if (data->state != BIO_CONN_S_OK)
- {
- ret=conn_state(b,data);
- if (ret <= 0)
- return(ret);
- }
-
- if (out != NULL)
- {
- clear_socket_error();
- ret=readsocket(b->num,out,outl);
- BIO_clear_retry_flags(b);
- if (ret <= 0)
- {
- if (BIO_sock_should_retry(ret))
- BIO_set_retry_read(b);
- }
- }
- return(ret);
- }
-
-static int conn_write(BIO *b, const char *in, int inl)
- {
- int ret;
- BIO_CONNECT *data;
-
- data=(BIO_CONNECT *)b->ptr;
- if (data->state != BIO_CONN_S_OK)
- {
- ret=conn_state(b,data);
- if (ret <= 0) return(ret);
- }
-
- clear_socket_error();
- ret=writesocket(b->num,in,inl);
- BIO_clear_retry_flags(b);
- if (ret <= 0)
- {
- if (BIO_sock_should_retry(ret))
- BIO_set_retry_write(b);
- }
- return(ret);
- }
-
-static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- BIO *dbio;
- int *ip;
- const char **pptr;
- long ret=1;
- BIO_CONNECT *data;
-
- data=(BIO_CONNECT *)b->ptr;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- ret=0;
- data->state=BIO_CONN_S_BEFORE;
- conn_close_socket(b);
- b->flags=0;
- break;
- case BIO_C_DO_STATE_MACHINE:
- /* use this one to start the connection */
- if (data->state != BIO_CONN_S_OK)
- ret=(long)conn_state(b,data);
- else
- ret=1;
- break;
- case BIO_C_GET_CONNECT:
- if (ptr != NULL)
- {
- pptr=(const char **)ptr;
- if (num == 0)
- {
- *pptr=data->param_hostname;
-
- }
- else if (num == 1)
- {
- *pptr=data->param_port;
- }
- else if (num == 2)
- {
- *pptr= (char *)&(data->ip[0]);
- }
- else if (num == 3)
- {
- *((int *)ptr)=data->port;
- }
- if ((!b->init) || (ptr == NULL))
- *pptr="not initialized";
- ret=1;
- }
- break;
- case BIO_C_SET_CONNECT:
- if (ptr != NULL)
- {
- b->init=1;
- if (num == 0)
- {
- if (data->param_hostname != NULL)
- OPENSSL_free(data->param_hostname);
- data->param_hostname=BUF_strdup(ptr);
- }
- else if (num == 1)
- {
- if (data->param_port != NULL)
- OPENSSL_free(data->param_port);
- data->param_port=BUF_strdup(ptr);
- }
- else if (num == 2)
- {
- char buf[16];
- unsigned char *p = ptr;
-
- BIO_snprintf(buf,sizeof buf,"%d.%d.%d.%d",
- p[0],p[1],p[2],p[3]);
- if (data->param_hostname != NULL)
- OPENSSL_free(data->param_hostname);
- data->param_hostname=BUF_strdup(buf);
- memcpy(&(data->ip[0]),ptr,4);
- }
- else if (num == 3)
- {
- char buf[DECIMAL_SIZE(int)+1];
-
- BIO_snprintf(buf,sizeof buf,"%d",*(int *)ptr);
- if (data->param_port != NULL)
- OPENSSL_free(data->param_port);
- data->param_port=BUF_strdup(buf);
- data->port= *(int *)ptr;
- }
- }
- break;
- case BIO_C_SET_NBIO:
- data->nbio=(int)num;
- break;
- case BIO_C_GET_FD:
- if (b->init)
- {
- ip=(int *)ptr;
- if (ip != NULL)
- *ip=b->num;
- ret=b->num;
- }
- else
- ret= -1;
- break;
- case BIO_CTRL_GET_CLOSE:
- ret=b->shutdown;
- break;
- case BIO_CTRL_SET_CLOSE:
- b->shutdown=(int)num;
- break;
- case BIO_CTRL_PENDING:
- case BIO_CTRL_WPENDING:
- ret=0;
- break;
- case BIO_CTRL_FLUSH:
- break;
- case BIO_CTRL_DUP:
- {
- dbio=(BIO *)ptr;
- if (data->param_port)
- BIO_set_conn_port(dbio,data->param_port);
- if (data->param_hostname)
- BIO_set_conn_hostname(dbio,data->param_hostname);
- BIO_set_nbio(dbio,data->nbio);
- /* FIXME: the cast of the function seems unlikely to be a good idea */
- (void)BIO_set_info_callback(dbio,(bio_info_cb *)data->info_callback);
- }
- break;
- case BIO_CTRL_SET_CALLBACK:
- {
-#if 0 /* FIXME: Should this be used? -- Richard Levitte */
- BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- ret = -1;
-#else
- ret=0;
-#endif
- }
- break;
- case BIO_CTRL_GET_CALLBACK:
- {
- int (**fptr)(const BIO *bio,int state,int xret);
-
- fptr=(int (**)(const BIO *bio,int state,int xret))ptr;
- *fptr=data->info_callback;
- }
- break;
- default:
- ret=0;
- break;
- }
- return(ret);
- }
-
-static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- long ret=1;
- BIO_CONNECT *data;
-
- data=(BIO_CONNECT *)b->ptr;
-
- switch (cmd)
- {
- case BIO_CTRL_SET_CALLBACK:
- {
- data->info_callback=(int (*)(const struct bio_st *, int, int))fp;
- }
- break;
- default:
- ret=0;
- break;
- }
- return(ret);
- }
-
-static int conn_puts(BIO *bp, const char *str)
- {
- int n,ret;
-
- n=strlen(str);
- ret=conn_write(bp,str,n);
- return(ret);
- }
-
-BIO *BIO_new_connect(char *str)
- {
- BIO *ret;
-
- ret=BIO_new(BIO_s_connect());
- if (ret == NULL) return(NULL);
- if (BIO_set_conn_hostname(ret,str))
- return(ret);
- else
- {
- BIO_free(ret);
- return(NULL);
- }
- }
-
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_conn.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bss_conn.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_conn.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_conn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,603 @@
+/* crypto/bio/bss_conn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+# ifdef OPENSSL_SYS_WIN16
+# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+# else
+# define SOCKET_PROTOCOL IPPROTO_TCP
+# endif
+
+# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+# undef FIONBIO
+# endif
+
+typedef struct bio_connect_st {
+ int state;
+ char *param_hostname;
+ char *param_port;
+ int nbio;
+ unsigned char ip[4];
+ unsigned short port;
+ struct sockaddr_in them;
+ /*
+ * int socket; this will be kept in bio->num so that it is compatible
+ * with the bss_sock bio
+ */
+ /*
+ * called when the connection is initially made callback(BIO,state,ret);
+ * The callback should return 'ret'. state is for compatibility with the
+ * ssl info_callback
+ */
+ int (*info_callback) (const BIO *bio, int state, int ret);
+} BIO_CONNECT;
+
+static int conn_write(BIO *h, const char *buf, int num);
+static int conn_read(BIO *h, char *buf, int size);
+static int conn_puts(BIO *h, const char *str);
+static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int conn_new(BIO *h);
+static int conn_free(BIO *data);
+static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *);
+
+static int conn_state(BIO *b, BIO_CONNECT *c);
+static void conn_close_socket(BIO *data);
+BIO_CONNECT *BIO_CONNECT_new(void);
+void BIO_CONNECT_free(BIO_CONNECT *a);
+
+static BIO_METHOD methods_connectp = {
+ BIO_TYPE_CONNECT,
+ "socket connect",
+ conn_write,
+ conn_read,
+ conn_puts,
+ NULL, /* connect_gets, */
+ conn_ctrl,
+ conn_new,
+ conn_free,
+ conn_callback_ctrl,
+};
+
+static int conn_state(BIO *b, BIO_CONNECT *c)
+{
+ int ret = -1, i;
+ unsigned long l;
+ char *p, *q;
+ int (*cb) (const BIO *, int, int) = NULL;
+
+ if (c->info_callback != NULL)
+ cb = c->info_callback;
+
+ for (;;) {
+ switch (c->state) {
+ case BIO_CONN_S_BEFORE:
+ p = c->param_hostname;
+ if (p == NULL) {
+ BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_SPECIFIED);
+ goto exit_loop;
+ }
+ for (; *p != '\0'; p++) {
+ if ((*p == ':') || (*p == '/'))
+ break;
+ }
+
+ i = *p;
+ if ((i == ':') || (i == '/')) {
+
+ *(p++) = '\0';
+ if (i == ':') {
+ for (q = p; *q; q++)
+ if (*q == '/') {
+ *q = '\0';
+ break;
+ }
+ if (c->param_port != NULL)
+ OPENSSL_free(c->param_port);
+ c->param_port = BUF_strdup(p);
+ }
+ }
+
+ if (c->param_port == NULL) {
+ BIOerr(BIO_F_CONN_STATE, BIO_R_NO_PORT_SPECIFIED);
+ ERR_add_error_data(2, "host=", c->param_hostname);
+ goto exit_loop;
+ }
+ c->state = BIO_CONN_S_GET_IP;
+ break;
+
+ case BIO_CONN_S_GET_IP:
+ if (BIO_get_host_ip(c->param_hostname, &(c->ip[0])) <= 0)
+ goto exit_loop;
+ c->state = BIO_CONN_S_GET_PORT;
+ break;
+
+ case BIO_CONN_S_GET_PORT:
+ if (c->param_port == NULL) {
+ /* abort(); */
+ goto exit_loop;
+ } else if (BIO_get_port(c->param_port, &c->port) <= 0)
+ goto exit_loop;
+ c->state = BIO_CONN_S_CREATE_SOCKET;
+ break;
+
+ case BIO_CONN_S_CREATE_SOCKET:
+ /* now setup address */
+ memset((char *)&c->them, 0, sizeof(c->them));
+ c->them.sin_family = AF_INET;
+ c->them.sin_port = htons((unsigned short)c->port);
+ l = (unsigned long)
+ ((unsigned long)c->ip[0] << 24L) |
+ ((unsigned long)c->ip[1] << 16L) |
+ ((unsigned long)c->ip[2] << 8L) | ((unsigned long)c->ip[3]);
+ c->them.sin_addr.s_addr = htonl(l);
+ c->state = BIO_CONN_S_CREATE_SOCKET;
+
+ ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+ if (ret == INVALID_SOCKET) {
+ SYSerr(SYS_F_SOCKET, get_last_socket_error());
+ ERR_add_error_data(4, "host=", c->param_hostname,
+ ":", c->param_port);
+ BIOerr(BIO_F_CONN_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET);
+ goto exit_loop;
+ }
+ b->num = ret;
+ c->state = BIO_CONN_S_NBIO;
+ break;
+
+ case BIO_CONN_S_NBIO:
+ if (c->nbio) {
+ if (!BIO_socket_nbio(b->num, 1)) {
+ BIOerr(BIO_F_CONN_STATE, BIO_R_ERROR_SETTING_NBIO);
+ ERR_add_error_data(4, "host=",
+ c->param_hostname, ":", c->param_port);
+ goto exit_loop;
+ }
+ }
+ c->state = BIO_CONN_S_CONNECT;
+
+# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
+ i = 1;
+ i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, (char *)&i,
+ sizeof(i));
+ if (i < 0) {
+ SYSerr(SYS_F_SOCKET, get_last_socket_error());
+ ERR_add_error_data(4, "host=", c->param_hostname,
+ ":", c->param_port);
+ BIOerr(BIO_F_CONN_STATE, BIO_R_KEEPALIVE);
+ goto exit_loop;
+ }
+# endif
+ break;
+
+ case BIO_CONN_S_CONNECT:
+ BIO_clear_retry_flags(b);
+ ret = connect(b->num,
+ (struct sockaddr *)&c->them, sizeof(c->them));
+ b->retry_reason = 0;
+ if (ret < 0) {
+ if (BIO_sock_should_retry(ret)) {
+ BIO_set_retry_special(b);
+ c->state = BIO_CONN_S_BLOCKED_CONNECT;
+ b->retry_reason = BIO_RR_CONNECT;
+ } else {
+ SYSerr(SYS_F_CONNECT, get_last_socket_error());
+ ERR_add_error_data(4, "host=",
+ c->param_hostname, ":", c->param_port);
+ BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR);
+ }
+ goto exit_loop;
+ } else
+ c->state = BIO_CONN_S_OK;
+ break;
+
+ case BIO_CONN_S_BLOCKED_CONNECT:
+ i = BIO_sock_error(b->num);
+ if (i) {
+ BIO_clear_retry_flags(b);
+ SYSerr(SYS_F_CONNECT, i);
+ ERR_add_error_data(4, "host=",
+ c->param_hostname, ":", c->param_port);
+ BIOerr(BIO_F_CONN_STATE, BIO_R_NBIO_CONNECT_ERROR);
+ ret = 0;
+ goto exit_loop;
+ } else
+ c->state = BIO_CONN_S_OK;
+ break;
+
+ case BIO_CONN_S_OK:
+ ret = 1;
+ goto exit_loop;
+ default:
+ /* abort(); */
+ goto exit_loop;
+ }
+
+ if (cb != NULL) {
+ if (!(ret = cb((BIO *)b, c->state, ret)))
+ goto end;
+ }
+ }
+
+ /* Loop does not exit */
+ exit_loop:
+ if (cb != NULL)
+ ret = cb((BIO *)b, c->state, ret);
+ end:
+ return (ret);
+}
+
+BIO_CONNECT *BIO_CONNECT_new(void)
+{
+ BIO_CONNECT *ret;
+
+ if ((ret = (BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL)
+ return (NULL);
+ ret->state = BIO_CONN_S_BEFORE;
+ ret->param_hostname = NULL;
+ ret->param_port = NULL;
+ ret->info_callback = NULL;
+ ret->nbio = 0;
+ ret->ip[0] = 0;
+ ret->ip[1] = 0;
+ ret->ip[2] = 0;
+ ret->ip[3] = 0;
+ ret->port = 0;
+ memset((char *)&ret->them, 0, sizeof(ret->them));
+ return (ret);
+}
+
+void BIO_CONNECT_free(BIO_CONNECT *a)
+{
+ if (a == NULL)
+ return;
+
+ if (a->param_hostname != NULL)
+ OPENSSL_free(a->param_hostname);
+ if (a->param_port != NULL)
+ OPENSSL_free(a->param_port);
+ OPENSSL_free(a);
+}
+
+BIO_METHOD *BIO_s_connect(void)
+{
+ return (&methods_connectp);
+}
+
+static int conn_new(BIO *bi)
+{
+ bi->init = 0;
+ bi->num = INVALID_SOCKET;
+ bi->flags = 0;
+ if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL)
+ return (0);
+ else
+ return (1);
+}
+
+static void conn_close_socket(BIO *bio)
+{
+ BIO_CONNECT *c;
+
+ c = (BIO_CONNECT *)bio->ptr;
+ if (bio->num != INVALID_SOCKET) {
+ /* Only do a shutdown if things were established */
+ if (c->state == BIO_CONN_S_OK)
+ shutdown(bio->num, 2);
+ closesocket(bio->num);
+ bio->num = INVALID_SOCKET;
+ }
+}
+
+static int conn_free(BIO *a)
+{
+ BIO_CONNECT *data;
+
+ if (a == NULL)
+ return (0);
+ data = (BIO_CONNECT *)a->ptr;
+
+ if (a->shutdown) {
+ conn_close_socket(a);
+ BIO_CONNECT_free(data);
+ a->ptr = NULL;
+ a->flags = 0;
+ a->init = 0;
+ }
+ return (1);
+}
+
+static int conn_read(BIO *b, char *out, int outl)
+{
+ int ret = 0;
+ BIO_CONNECT *data;
+
+ data = (BIO_CONNECT *)b->ptr;
+ if (data->state != BIO_CONN_S_OK) {
+ ret = conn_state(b, data);
+ if (ret <= 0)
+ return (ret);
+ }
+
+ if (out != NULL) {
+ clear_socket_error();
+ ret = readsocket(b->num, out, outl);
+ BIO_clear_retry_flags(b);
+ if (ret <= 0) {
+ if (BIO_sock_should_retry(ret))
+ BIO_set_retry_read(b);
+ }
+ }
+ return (ret);
+}
+
+static int conn_write(BIO *b, const char *in, int inl)
+{
+ int ret;
+ BIO_CONNECT *data;
+
+ data = (BIO_CONNECT *)b->ptr;
+ if (data->state != BIO_CONN_S_OK) {
+ ret = conn_state(b, data);
+ if (ret <= 0)
+ return (ret);
+ }
+
+ clear_socket_error();
+ ret = writesocket(b->num, in, inl);
+ BIO_clear_retry_flags(b);
+ if (ret <= 0) {
+ if (BIO_sock_should_retry(ret))
+ BIO_set_retry_write(b);
+ }
+ return (ret);
+}
+
+static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ BIO *dbio;
+ int *ip;
+ const char **pptr;
+ long ret = 1;
+ BIO_CONNECT *data;
+
+ data = (BIO_CONNECT *)b->ptr;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ ret = 0;
+ data->state = BIO_CONN_S_BEFORE;
+ conn_close_socket(b);
+ b->flags = 0;
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+ /* use this one to start the connection */
+ if (data->state != BIO_CONN_S_OK)
+ ret = (long)conn_state(b, data);
+ else
+ ret = 1;
+ break;
+ case BIO_C_GET_CONNECT:
+ if (ptr != NULL) {
+ pptr = (const char **)ptr;
+ if (num == 0) {
+ *pptr = data->param_hostname;
+
+ } else if (num == 1) {
+ *pptr = data->param_port;
+ } else if (num == 2) {
+ *pptr = (char *)&(data->ip[0]);
+ } else if (num == 3) {
+ *((int *)ptr) = data->port;
+ }
+ if ((!b->init) || (ptr == NULL))
+ *pptr = "not initialized";
+ ret = 1;
+ }
+ break;
+ case BIO_C_SET_CONNECT:
+ if (ptr != NULL) {
+ b->init = 1;
+ if (num == 0) {
+ if (data->param_hostname != NULL)
+ OPENSSL_free(data->param_hostname);
+ data->param_hostname = BUF_strdup(ptr);
+ } else if (num == 1) {
+ if (data->param_port != NULL)
+ OPENSSL_free(data->param_port);
+ data->param_port = BUF_strdup(ptr);
+ } else if (num == 2) {
+ char buf[16];
+ unsigned char *p = ptr;
+
+ BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d",
+ p[0], p[1], p[2], p[3]);
+ if (data->param_hostname != NULL)
+ OPENSSL_free(data->param_hostname);
+ data->param_hostname = BUF_strdup(buf);
+ memcpy(&(data->ip[0]), ptr, 4);
+ } else if (num == 3) {
+ char buf[DECIMAL_SIZE(int) + 1];
+
+ BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr);
+ if (data->param_port != NULL)
+ OPENSSL_free(data->param_port);
+ data->param_port = BUF_strdup(buf);
+ data->port = *(int *)ptr;
+ }
+ }
+ break;
+ case BIO_C_SET_NBIO:
+ data->nbio = (int)num;
+ break;
+ case BIO_C_GET_FD:
+ if (b->init) {
+ ip = (int *)ptr;
+ if (ip != NULL)
+ *ip = b->num;
+ ret = b->num;
+ } else
+ ret = -1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret = b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown = (int)num;
+ break;
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_WPENDING:
+ ret = 0;
+ break;
+ case BIO_CTRL_FLUSH:
+ break;
+ case BIO_CTRL_DUP:
+ {
+ dbio = (BIO *)ptr;
+ if (data->param_port)
+ BIO_set_conn_port(dbio, data->param_port);
+ if (data->param_hostname)
+ BIO_set_conn_hostname(dbio, data->param_hostname);
+ BIO_set_nbio(dbio, data->nbio);
+ /*
+ * FIXME: the cast of the function seems unlikely to be a good
+ * idea
+ */
+ (void)BIO_set_info_callback(dbio,
+ (bio_info_cb *)data->info_callback);
+ }
+ break;
+ case BIO_CTRL_SET_CALLBACK:
+ {
+# if 0 /* FIXME: Should this be used? -- Richard
+ * Levitte */
+ BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ ret = -1;
+# else
+ ret = 0;
+# endif
+ }
+ break;
+ case BIO_CTRL_GET_CALLBACK:
+ {
+ int (**fptr) (const BIO *bio, int state, int xret);
+
+ fptr = (int (**)(const BIO *bio, int state, int xret))ptr;
+ *fptr = data->info_callback;
+ }
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+ return (ret);
+}
+
+static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+ long ret = 1;
+ BIO_CONNECT *data;
+
+ data = (BIO_CONNECT *)b->ptr;
+
+ switch (cmd) {
+ case BIO_CTRL_SET_CALLBACK:
+ {
+ data->info_callback =
+ (int (*)(const struct bio_st *, int, int))fp;
+ }
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+ return (ret);
+}
+
+static int conn_puts(BIO *bp, const char *str)
+{
+ int n, ret;
+
+ n = strlen(str);
+ ret = conn_write(bp, str, n);
+ return (ret);
+}
+
+BIO *BIO_new_connect(char *str)
+{
+ BIO *ret;
+
+ ret = BIO_new(BIO_s_connect());
+ if (ret == NULL)
+ return (NULL);
+ if (BIO_set_conn_hostname(ret, str))
+ return (ret);
+ else {
+ BIO_free(ret);
+ return (NULL);
+ }
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_dgram.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_dgram.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,748 +0,0 @@
-/* crypto/bio/bio_dgram.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-
-#include <openssl/bio.h>
-#ifndef OPENSSL_NO_DGRAM
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
-#include <sys/timeb.h>
-#endif
-
-#ifdef OPENSSL_SYS_LINUX
-#define IP_MTU 14 /* linux is lame */
-#endif
-
-#ifdef WATT32
-#define sock_write SockWrite /* Watt-32 uses same names */
-#define sock_read SockRead
-#define sock_puts SockPuts
-#endif
-
-static int dgram_write(BIO *h, const char *buf, int num);
-static int dgram_read(BIO *h, char *buf, int size);
-static int dgram_puts(BIO *h, const char *str);
-static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int dgram_new(BIO *h);
-static int dgram_free(BIO *data);
-static int dgram_clear(BIO *bio);
-
-static int BIO_dgram_should_retry(int s);
-
-static void get_current_time(struct timeval *t);
-
-static BIO_METHOD methods_dgramp=
- {
- BIO_TYPE_DGRAM,
- "datagram socket",
- dgram_write,
- dgram_read,
- dgram_puts,
- NULL, /* dgram_gets, */
- dgram_ctrl,
- dgram_new,
- dgram_free,
- NULL,
- };
-
-typedef struct bio_dgram_data_st
- {
- struct sockaddr peer;
- unsigned int connected;
- unsigned int _errno;
- unsigned int mtu;
- struct timeval next_timeout;
- struct timeval socket_timeout;
- } bio_dgram_data;
-
-BIO_METHOD *BIO_s_datagram(void)
- {
- return(&methods_dgramp);
- }
-
-BIO *BIO_new_dgram(int fd, int close_flag)
- {
- BIO *ret;
-
- ret=BIO_new(BIO_s_datagram());
- if (ret == NULL) return(NULL);
- BIO_set_fd(ret,fd,close_flag);
- return(ret);
- }
-
-static int dgram_new(BIO *bi)
- {
- bio_dgram_data *data = NULL;
-
- bi->init=0;
- bi->num=0;
- data = OPENSSL_malloc(sizeof(bio_dgram_data));
- if (data == NULL)
- return 0;
- memset(data, 0x00, sizeof(bio_dgram_data));
- bi->ptr = data;
-
- bi->flags=0;
- return(1);
- }
-
-static int dgram_free(BIO *a)
- {
- bio_dgram_data *data;
-
- if (a == NULL) return(0);
- if ( ! dgram_clear(a))
- return 0;
-
- data = (bio_dgram_data *)a->ptr;
- if(data != NULL) OPENSSL_free(data);
-
- return(1);
- }
-
-static int dgram_clear(BIO *a)
- {
- if (a == NULL) return(0);
- if (a->shutdown)
- {
- if (a->init)
- {
- SHUTDOWN2(a->num);
- }
- a->init=0;
- a->flags=0;
- }
- return(1);
- }
-
-static void dgram_adjust_rcv_timeout(BIO *b)
- {
-#if defined(SO_RCVTIMEO)
- bio_dgram_data *data = (bio_dgram_data *)b->ptr;
- int sz = sizeof(int);
-
- /* Is a timer active? */
- if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
- {
- struct timeval timenow, timeleft;
-
- /* Read current socket timeout */
-#ifdef OPENSSL_SYS_WINDOWS
- int timeout;
- if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- (void*)&timeout, &sz) < 0)
- { perror("getsockopt"); }
- else
- {
- data->socket_timeout.tv_sec = timeout / 1000;
- data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
- }
-#else
- if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- &(data->socket_timeout), (void *)&sz) < 0)
- { perror("getsockopt"); }
-#endif
-
- /* Get current time */
- get_current_time(&timenow);
-
- /* Calculate time left until timer expires */
- memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
- timeleft.tv_sec -= timenow.tv_sec;
- timeleft.tv_usec -= timenow.tv_usec;
- if (timeleft.tv_usec < 0)
- {
- timeleft.tv_sec--;
- timeleft.tv_usec += 1000000;
- }
-
- if (timeleft.tv_sec < 0)
- {
- timeleft.tv_sec = 0;
- timeleft.tv_usec = 1;
- }
-
- /* Adjust socket timeout if next handhake message timer
- * will expire earlier.
- */
- if ((data->socket_timeout.tv_sec == 0 && data->socket_timeout.tv_usec == 0) ||
- (data->socket_timeout.tv_sec > timeleft.tv_sec) ||
- (data->socket_timeout.tv_sec == timeleft.tv_sec &&
- data->socket_timeout.tv_usec >= timeleft.tv_usec))
- {
-#ifdef OPENSSL_SYS_WINDOWS
- timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
- if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- (void*)&timeout, sizeof(timeout)) < 0)
- { perror("setsockopt"); }
-#else
- if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
- sizeof(struct timeval)) < 0)
- { perror("setsockopt"); }
-#endif
- }
- }
-#endif
- }
-
-static void dgram_reset_rcv_timeout(BIO *b)
- {
-#if defined(SO_RCVTIMEO)
- bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-
- /* Is a timer active? */
- if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
- {
-#ifdef OPENSSL_SYS_WINDOWS
- int timeout = data->socket_timeout.tv_sec * 1000 +
- data->socket_timeout.tv_usec / 1000;
- if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- (void*)&timeout, sizeof(timeout)) < 0)
- { perror("setsockopt"); }
-#else
- if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
- sizeof(struct timeval)) < 0)
- { perror("setsockopt"); }
-#endif
- }
-#endif
- }
-
-static int dgram_read(BIO *b, char *out, int outl)
- {
- int ret=0;
- bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-
- struct sockaddr peer;
- int peerlen = sizeof(peer);
-
- if (out != NULL)
- {
- clear_socket_error();
- memset(&peer, 0x00, peerlen);
- /* Last arg in recvfrom is signed on some platforms and
- * unsigned on others. It is of type socklen_t on some
- * but this is not universal. Cast to (void *) to avoid
- * compiler warnings.
- */
- dgram_adjust_rcv_timeout(b);
- ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
-
- if ( ! data->connected && ret >= 0)
- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
-
- BIO_clear_retry_flags(b);
- if (ret < 0)
- {
- if (BIO_dgram_should_retry(ret))
- {
- BIO_set_retry_read(b);
- data->_errno = get_last_socket_error();
- }
- }
-
- dgram_reset_rcv_timeout(b);
- }
- return(ret);
- }
-
-static int dgram_write(BIO *b, const char *in, int inl)
- {
- int ret;
- bio_dgram_data *data = (bio_dgram_data *)b->ptr;
- clear_socket_error();
-
- if ( data->connected )
- ret=writesocket(b->num,in,inl);
- else
-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
- ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer));
-#else
- ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));
-#endif
-
- BIO_clear_retry_flags(b);
- if (ret <= 0)
- {
- if (BIO_dgram_should_retry(ret))
- {
- BIO_set_retry_write(b);
- data->_errno = get_last_socket_error();
-
-#if 0 /* higher layers are responsible for querying MTU, if necessary */
- if ( data->_errno == EMSGSIZE)
- /* retrieve the new MTU */
- BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-#endif
- }
- }
- return(ret);
- }
-
-static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- long ret=1;
- int *ip;
- struct sockaddr *to = NULL;
- bio_dgram_data *data = NULL;
-#if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
- long sockopt_val = 0;
- unsigned int sockopt_len = 0;
-#endif
-#ifdef OPENSSL_SYS_LINUX
- socklen_t addr_len;
- struct sockaddr_storage addr;
-#endif
-
- data = (bio_dgram_data *)b->ptr;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- num=0;
- case BIO_C_FILE_SEEK:
- ret=0;
- break;
- case BIO_C_FILE_TELL:
- case BIO_CTRL_INFO:
- ret=0;
- break;
- case BIO_C_SET_FD:
- dgram_clear(b);
- b->num= *((int *)ptr);
- b->shutdown=(int)num;
- b->init=1;
- break;
- case BIO_C_GET_FD:
- if (b->init)
- {
- ip=(int *)ptr;
- if (ip != NULL) *ip=b->num;
- ret=b->num;
- }
- else
- ret= -1;
- break;
- case BIO_CTRL_GET_CLOSE:
- ret=b->shutdown;
- break;
- case BIO_CTRL_SET_CLOSE:
- b->shutdown=(int)num;
- break;
- case BIO_CTRL_PENDING:
- case BIO_CTRL_WPENDING:
- ret=0;
- break;
- case BIO_CTRL_DUP:
- case BIO_CTRL_FLUSH:
- ret=1;
- break;
- case BIO_CTRL_DGRAM_CONNECT:
- to = (struct sockaddr *)ptr;
-#if 0
- if (connect(b->num, to, sizeof(struct sockaddr)) < 0)
- { perror("connect"); ret = 0; }
- else
- {
-#endif
- memcpy(&(data->peer),to, sizeof(struct sockaddr));
-#if 0
- }
-#endif
- break;
- /* (Linux)kernel sets DF bit on outgoing IP packets */
- case BIO_CTRL_DGRAM_MTU_DISCOVER:
-#ifdef OPENSSL_SYS_LINUX
- addr_len = (socklen_t)sizeof(struct sockaddr_storage);
- memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
- if (getsockname(b->num, (void *)&addr, &addr_len) < 0)
- {
- ret = 0;
- break;
- }
- sockopt_len = sizeof(sockopt_val);
- switch (addr.ss_family)
- {
- case AF_INET:
- sockopt_val = IP_PMTUDISC_DO;
- if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
- &sockopt_val, sizeof(sockopt_val))) < 0)
- perror("setsockopt");
- break;
- case AF_INET6:
- sockopt_val = IPV6_PMTUDISC_DO;
- if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
- &sockopt_val, sizeof(sockopt_val))) < 0)
- perror("setsockopt");
- break;
- default:
- ret = -1;
- break;
- }
- ret = -1;
-#else
- break;
-#endif
- case BIO_CTRL_DGRAM_QUERY_MTU:
-#ifdef OPENSSL_SYS_LINUX
- addr_len = (socklen_t)sizeof(struct sockaddr_storage);
- memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
- if (getsockname(b->num, (void *)&addr, &addr_len) < 0)
- {
- ret = 0;
- break;
- }
- sockopt_len = sizeof(sockopt_val);
- switch (addr.ss_family)
- {
- case AF_INET:
- if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
- &sockopt_len)) < 0 || sockopt_val < 0)
- {
- ret = 0;
- }
- else
- {
- /* we assume that the transport protocol is UDP and no
- * IP options are used.
- */
- data->mtu = sockopt_val - 8 - 20;
- ret = data->mtu;
- }
- break;
- case AF_INET6:
- if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val,
- &sockopt_len)) < 0 || sockopt_val < 0)
- {
- ret = 0;
- }
- else
- {
- /* we assume that the transport protocol is UDP and no
- * IPV6 options are used.
- */
- data->mtu = sockopt_val - 8 - 40;
- ret = data->mtu;
- }
- break;
- default:
- ret = 0;
- break;
- }
-#else
- ret = 0;
-#endif
- break;
- case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
- ret = 576 - 20 - 8;
- break;
- case BIO_CTRL_DGRAM_GET_MTU:
- return data->mtu;
- break;
- case BIO_CTRL_DGRAM_SET_MTU:
- data->mtu = num;
- ret = num;
- break;
- case BIO_CTRL_DGRAM_SET_CONNECTED:
- to = (struct sockaddr *)ptr;
-
- if ( to != NULL)
- {
- data->connected = 1;
- memcpy(&(data->peer),to, sizeof(struct sockaddr));
- }
- else
- {
- data->connected = 0;
- memset(&(data->peer), 0x00, sizeof(struct sockaddr));
- }
- break;
- case BIO_CTRL_DGRAM_GET_PEER:
- to = (struct sockaddr *) ptr;
-
- memcpy(to, &(data->peer), sizeof(struct sockaddr));
- ret = sizeof(struct sockaddr);
- break;
- case BIO_CTRL_DGRAM_SET_PEER:
- to = (struct sockaddr *) ptr;
-
- memcpy(&(data->peer), to, sizeof(struct sockaddr));
- break;
- case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
- memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
- break;
-#if defined(SO_RCVTIMEO)
- case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
- {
- struct timeval *tv = (struct timeval *)ptr;
- int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000;
- if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- (void*)&timeout, sizeof(timeout)) < 0)
- { perror("setsockopt"); ret = -1; }
- }
-#else
- if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
- sizeof(struct timeval)) < 0)
- { perror("setsockopt"); ret = -1; }
-#endif
- break;
- case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
- {
- int timeout, sz = sizeof(timeout);
- struct timeval *tv = (struct timeval *)ptr;
- if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- (void*)&timeout, &sz) < 0)
- { perror("getsockopt"); ret = -1; }
- else
- {
- tv->tv_sec = timeout / 1000;
- tv->tv_usec = (timeout % 1000) * 1000;
- ret = sizeof(*tv);
- }
- }
-#else
- if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
- ptr, (void *)&ret) < 0)
- { perror("getsockopt"); ret = -1; }
-#endif
- break;
-#endif
-#if defined(SO_SNDTIMEO)
- case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
- {
- struct timeval *tv = (struct timeval *)ptr;
- int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000;
- if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
- (void*)&timeout, sizeof(timeout)) < 0)
- { perror("setsockopt"); ret = -1; }
- }
-#else
- if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
- sizeof(struct timeval)) < 0)
- { perror("setsockopt"); ret = -1; }
-#endif
- break;
- case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
- {
- int timeout, sz = sizeof(timeout);
- struct timeval *tv = (struct timeval *)ptr;
- if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
- (void*)&timeout, &sz) < 0)
- { perror("getsockopt"); ret = -1; }
- else
- {
- tv->tv_sec = timeout / 1000;
- tv->tv_usec = (timeout % 1000) * 1000;
- ret = sizeof(*tv);
- }
- }
-#else
- if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
- ptr, (void *)&ret) < 0)
- { perror("getsockopt"); ret = -1; }
-#endif
- break;
-#endif
- case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
- /* fall-through */
- case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
-#ifdef OPENSSL_SYS_WINDOWS
- if ( data->_errno == WSAETIMEDOUT)
-#else
- if ( data->_errno == EAGAIN)
-#endif
- {
- ret = 1;
- data->_errno = 0;
- }
- else
- ret = 0;
- break;
-#ifdef EMSGSIZE
- case BIO_CTRL_DGRAM_MTU_EXCEEDED:
- if ( data->_errno == EMSGSIZE)
- {
- ret = 1;
- data->_errno = 0;
- }
- else
- ret = 0;
- break;
-#endif
- default:
- ret=0;
- break;
- }
- return(ret);
- }
-
-static int dgram_puts(BIO *bp, const char *str)
- {
- int n,ret;
-
- n=strlen(str);
- ret=dgram_write(bp,str,n);
- return(ret);
- }
-
-static int BIO_dgram_should_retry(int i)
- {
- int err;
-
- if ((i == 0) || (i == -1))
- {
- err=get_last_socket_error();
-
-#if defined(OPENSSL_SYS_WINDOWS)
- /* If the socket return value (i) is -1
- * and err is unexpectedly 0 at this point,
- * the error code was overwritten by
- * another system call before this error
- * handling is called.
- */
-#endif
-
- return(BIO_dgram_non_fatal_error(err));
- }
- return(0);
- }
-
-int BIO_dgram_non_fatal_error(int err)
- {
- switch (err)
- {
-#if defined(OPENSSL_SYS_WINDOWS)
-# if defined(WSAEWOULDBLOCK)
- case WSAEWOULDBLOCK:
-# endif
-
-# if 0 /* This appears to always be an error */
-# if defined(WSAENOTCONN)
- case WSAENOTCONN:
-# endif
-# endif
-#endif
-
-#ifdef EWOULDBLOCK
-# ifdef WSAEWOULDBLOCK
-# if WSAEWOULDBLOCK != EWOULDBLOCK
- case EWOULDBLOCK:
-# endif
-# else
- case EWOULDBLOCK:
-# endif
-#endif
-
-#ifdef EINTR
- case EINTR:
-#endif
-
-#ifdef EAGAIN
-#if EWOULDBLOCK != EAGAIN
- case EAGAIN:
-# endif
-#endif
-
-#ifdef EPROTO
- case EPROTO:
-#endif
-
-#ifdef EINPROGRESS
- case EINPROGRESS:
-#endif
-
-#ifdef EALREADY
- case EALREADY:
-#endif
-
- return(1);
- /* break; */
- default:
- break;
- }
- return(0);
- }
-
-static void get_current_time(struct timeval *t)
- {
-#ifdef OPENSSL_SYS_WIN32
- struct _timeb tb;
- _ftime(&tb);
- t->tv_sec = (long)tb.time;
- t->tv_usec = (long)tb.millitm * 1000;
-#elif defined(OPENSSL_SYS_VMS)
- struct timeb tb;
- ftime(&tb);
- t->tv_sec = (long)tb.time;
- t->tv_usec = (long)tb.millitm * 1000;
-#else
- gettimeofday(t, NULL);
-#endif
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_dgram.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bss_dgram.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_dgram.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_dgram.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,743 @@
+/* crypto/bio/bio_dgram.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+
+#include <openssl/bio.h>
+#ifndef OPENSSL_NO_DGRAM
+
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
+# include <sys/timeb.h>
+# endif
+
+# ifdef OPENSSL_SYS_LINUX
+# define IP_MTU 14 /* linux is lame */
+# endif
+
+# ifdef WATT32
+# define sock_write SockWrite /* Watt-32 uses same names */
+# define sock_read SockRead
+# define sock_puts SockPuts
+# endif
+
+static int dgram_write(BIO *h, const char *buf, int num);
+static int dgram_read(BIO *h, char *buf, int size);
+static int dgram_puts(BIO *h, const char *str);
+static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int dgram_new(BIO *h);
+static int dgram_free(BIO *data);
+static int dgram_clear(BIO *bio);
+
+static int BIO_dgram_should_retry(int s);
+
+static void get_current_time(struct timeval *t);
+
+static BIO_METHOD methods_dgramp = {
+ BIO_TYPE_DGRAM,
+ "datagram socket",
+ dgram_write,
+ dgram_read,
+ dgram_puts,
+ NULL, /* dgram_gets, */
+ dgram_ctrl,
+ dgram_new,
+ dgram_free,
+ NULL,
+};
+
+typedef struct bio_dgram_data_st {
+ struct sockaddr peer;
+ unsigned int connected;
+ unsigned int _errno;
+ unsigned int mtu;
+ struct timeval next_timeout;
+ struct timeval socket_timeout;
+} bio_dgram_data;
+
+BIO_METHOD *BIO_s_datagram(void)
+{
+ return (&methods_dgramp);
+}
+
+BIO *BIO_new_dgram(int fd, int close_flag)
+{
+ BIO *ret;
+
+ ret = BIO_new(BIO_s_datagram());
+ if (ret == NULL)
+ return (NULL);
+ BIO_set_fd(ret, fd, close_flag);
+ return (ret);
+}
+
+static int dgram_new(BIO *bi)
+{
+ bio_dgram_data *data = NULL;
+
+ bi->init = 0;
+ bi->num = 0;
+ data = OPENSSL_malloc(sizeof(bio_dgram_data));
+ if (data == NULL)
+ return 0;
+ memset(data, 0x00, sizeof(bio_dgram_data));
+ bi->ptr = data;
+
+ bi->flags = 0;
+ return (1);
+}
+
+static int dgram_free(BIO *a)
+{
+ bio_dgram_data *data;
+
+ if (a == NULL)
+ return (0);
+ if (!dgram_clear(a))
+ return 0;
+
+ data = (bio_dgram_data *)a->ptr;
+ if (data != NULL)
+ OPENSSL_free(data);
+
+ return (1);
+}
+
+static int dgram_clear(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ if (a->shutdown) {
+ if (a->init) {
+ SHUTDOWN2(a->num);
+ }
+ a->init = 0;
+ a->flags = 0;
+ }
+ return (1);
+}
+
+static void dgram_adjust_rcv_timeout(BIO *b)
+{
+# if defined(SO_RCVTIMEO)
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ int sz = sizeof(int);
+
+ /* Is a timer active? */
+ if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+ struct timeval timenow, timeleft;
+
+ /* Read current socket timeout */
+# ifdef OPENSSL_SYS_WINDOWS
+ int timeout;
+ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ (void *)&timeout, &sz) < 0) {
+ perror("getsockopt");
+ } else {
+ data->socket_timeout.tv_sec = timeout / 1000;
+ data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
+ }
+# else
+ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ &(data->socket_timeout), (void *)&sz) < 0) {
+ perror("getsockopt");
+ }
+# endif
+
+ /* Get current time */
+ get_current_time(&timenow);
+
+ /* Calculate time left until timer expires */
+ memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
+ timeleft.tv_sec -= timenow.tv_sec;
+ timeleft.tv_usec -= timenow.tv_usec;
+ if (timeleft.tv_usec < 0) {
+ timeleft.tv_sec--;
+ timeleft.tv_usec += 1000000;
+ }
+
+ if (timeleft.tv_sec < 0) {
+ timeleft.tv_sec = 0;
+ timeleft.tv_usec = 1;
+ }
+
+ /*
+ * Adjust socket timeout if next handhake message timer will expire
+ * earlier.
+ */
+ if ((data->socket_timeout.tv_sec == 0
+ && data->socket_timeout.tv_usec == 0)
+ || (data->socket_timeout.tv_sec > timeleft.tv_sec)
+ || (data->socket_timeout.tv_sec == timeleft.tv_sec
+ && data->socket_timeout.tv_usec >= timeleft.tv_usec)) {
+# ifdef OPENSSL_SYS_WINDOWS
+ timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ (void *)&timeout, sizeof(timeout)) < 0) {
+ perror("setsockopt");
+ }
+# else
+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
+ sizeof(struct timeval)) < 0) {
+ perror("setsockopt");
+ }
+# endif
+ }
+ }
+# endif
+}
+
+static void dgram_reset_rcv_timeout(BIO *b)
+{
+# if defined(SO_RCVTIMEO)
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+
+ /* Is a timer active? */
+ if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+# ifdef OPENSSL_SYS_WINDOWS
+ int timeout = data->socket_timeout.tv_sec * 1000 +
+ data->socket_timeout.tv_usec / 1000;
+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ (void *)&timeout, sizeof(timeout)) < 0) {
+ perror("setsockopt");
+ }
+# else
+ if (setsockopt
+ (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
+ sizeof(struct timeval)) < 0) {
+ perror("setsockopt");
+ }
+# endif
+ }
+# endif
+}
+
+static int dgram_read(BIO *b, char *out, int outl)
+{
+ int ret = 0;
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+
+ struct sockaddr peer;
+ int peerlen = sizeof(peer);
+
+ if (out != NULL) {
+ clear_socket_error();
+ memset(&peer, 0x00, peerlen);
+ /*
+ * Last arg in recvfrom is signed on some platforms and unsigned on
+ * others. It is of type socklen_t on some but this is not universal.
+ * Cast to (void *) to avoid compiler warnings.
+ */
+ dgram_adjust_rcv_timeout(b);
+ ret = recvfrom(b->num, out, outl, 0, &peer, (void *)&peerlen);
+
+ if (!data->connected && ret >= 0)
+ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
+
+ BIO_clear_retry_flags(b);
+ if (ret < 0) {
+ if (BIO_dgram_should_retry(ret)) {
+ BIO_set_retry_read(b);
+ data->_errno = get_last_socket_error();
+ }
+ }
+
+ dgram_reset_rcv_timeout(b);
+ }
+ return (ret);
+}
+
+static int dgram_write(BIO *b, const char *in, int inl)
+{
+ int ret;
+ bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+ clear_socket_error();
+
+ if (data->connected)
+ ret = writesocket(b->num, in, inl);
+ else
+# if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
+ ret =
+ sendto(b->num, (char *)in, inl, 0, &data->peer,
+ sizeof(data->peer));
+# else
+ ret = sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));
+# endif
+
+ BIO_clear_retry_flags(b);
+ if (ret <= 0) {
+ if (BIO_dgram_should_retry(ret)) {
+ BIO_set_retry_write(b);
+ data->_errno = get_last_socket_error();
+
+# if 0 /* higher layers are responsible for querying
+ * MTU, if necessary */
+ if (data->_errno == EMSGSIZE)
+ /* retrieve the new MTU */
+ BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+# endif
+ }
+ }
+ return (ret);
+}
+
+static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ long ret = 1;
+ int *ip;
+ struct sockaddr *to = NULL;
+ bio_dgram_data *data = NULL;
+# if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
+ long sockopt_val = 0;
+ unsigned int sockopt_len = 0;
+# endif
+# ifdef OPENSSL_SYS_LINUX
+ socklen_t addr_len;
+ struct sockaddr_storage addr;
+# endif
+
+ data = (bio_dgram_data *)b->ptr;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ num = 0;
+ case BIO_C_FILE_SEEK:
+ ret = 0;
+ break;
+ case BIO_C_FILE_TELL:
+ case BIO_CTRL_INFO:
+ ret = 0;
+ break;
+ case BIO_C_SET_FD:
+ dgram_clear(b);
+ b->num = *((int *)ptr);
+ b->shutdown = (int)num;
+ b->init = 1;
+ break;
+ case BIO_C_GET_FD:
+ if (b->init) {
+ ip = (int *)ptr;
+ if (ip != NULL)
+ *ip = b->num;
+ ret = b->num;
+ } else
+ ret = -1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret = b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown = (int)num;
+ break;
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_WPENDING:
+ ret = 0;
+ break;
+ case BIO_CTRL_DUP:
+ case BIO_CTRL_FLUSH:
+ ret = 1;
+ break;
+ case BIO_CTRL_DGRAM_CONNECT:
+ to = (struct sockaddr *)ptr;
+# if 0
+ if (connect(b->num, to, sizeof(struct sockaddr)) < 0) {
+ perror("connect");
+ ret = 0;
+ } else {
+# endif
+ memcpy(&(data->peer), to, sizeof(struct sockaddr));
+# if 0
+ }
+# endif
+ break;
+ /* (Linux)kernel sets DF bit on outgoing IP packets */
+ case BIO_CTRL_DGRAM_MTU_DISCOVER:
+# ifdef OPENSSL_SYS_LINUX
+ addr_len = (socklen_t) sizeof(struct sockaddr_storage);
+ memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
+ if (getsockname(b->num, (void *)&addr, &addr_len) < 0) {
+ ret = 0;
+ break;
+ }
+ sockopt_len = sizeof(sockopt_val);
+ switch (addr.ss_family) {
+ case AF_INET:
+ sockopt_val = IP_PMTUDISC_DO;
+ if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+ &sockopt_val, sizeof(sockopt_val))) < 0)
+ perror("setsockopt");
+ break;
+ case AF_INET6:
+ sockopt_val = IPV6_PMTUDISC_DO;
+ if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+ &sockopt_val, sizeof(sockopt_val))) < 0)
+ perror("setsockopt");
+ break;
+ default:
+ ret = -1;
+ break;
+ }
+ ret = -1;
+# else
+ break;
+# endif
+ case BIO_CTRL_DGRAM_QUERY_MTU:
+# ifdef OPENSSL_SYS_LINUX
+ addr_len = (socklen_t) sizeof(struct sockaddr_storage);
+ memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
+ if (getsockname(b->num, (void *)&addr, &addr_len) < 0) {
+ ret = 0;
+ break;
+ }
+ sockopt_len = sizeof(sockopt_val);
+ switch (addr.ss_family) {
+ case AF_INET:
+ if ((ret =
+ getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
+ &sockopt_len)) < 0 || sockopt_val < 0) {
+ ret = 0;
+ } else {
+ /*
+ * we assume that the transport protocol is UDP and no IP
+ * options are used.
+ */
+ data->mtu = sockopt_val - 8 - 20;
+ ret = data->mtu;
+ }
+ break;
+ case AF_INET6:
+ if ((ret =
+ getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
+ (void *)&sockopt_val, &sockopt_len)) < 0
+ || sockopt_val < 0) {
+ ret = 0;
+ } else {
+ /*
+ * we assume that the transport protocol is UDP and no IPV6
+ * options are used.
+ */
+ data->mtu = sockopt_val - 8 - 40;
+ ret = data->mtu;
+ }
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+# else
+ ret = 0;
+# endif
+ break;
+ case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+ ret = 576 - 20 - 8;
+ break;
+ case BIO_CTRL_DGRAM_GET_MTU:
+ return data->mtu;
+ break;
+ case BIO_CTRL_DGRAM_SET_MTU:
+ data->mtu = num;
+ ret = num;
+ break;
+ case BIO_CTRL_DGRAM_SET_CONNECTED:
+ to = (struct sockaddr *)ptr;
+
+ if (to != NULL) {
+ data->connected = 1;
+ memcpy(&(data->peer), to, sizeof(struct sockaddr));
+ } else {
+ data->connected = 0;
+ memset(&(data->peer), 0x00, sizeof(struct sockaddr));
+ }
+ break;
+ case BIO_CTRL_DGRAM_GET_PEER:
+ to = (struct sockaddr *)ptr;
+
+ memcpy(to, &(data->peer), sizeof(struct sockaddr));
+ ret = sizeof(struct sockaddr);
+ break;
+ case BIO_CTRL_DGRAM_SET_PEER:
+ to = (struct sockaddr *)ptr;
+
+ memcpy(&(data->peer), to, sizeof(struct sockaddr));
+ break;
+ case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+ memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
+ break;
+# if defined(SO_RCVTIMEO)
+ case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
+# ifdef OPENSSL_SYS_WINDOWS
+ {
+ struct timeval *tv = (struct timeval *)ptr;
+ int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ (void *)&timeout, sizeof(timeout)) < 0) {
+ perror("setsockopt");
+ ret = -1;
+ }
+ }
+# else
+ if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
+ sizeof(struct timeval)) < 0) {
+ perror("setsockopt");
+ ret = -1;
+ }
+# endif
+ break;
+ case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
+# ifdef OPENSSL_SYS_WINDOWS
+ {
+ int timeout, sz = sizeof(timeout);
+ struct timeval *tv = (struct timeval *)ptr;
+ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ (void *)&timeout, &sz) < 0) {
+ perror("getsockopt");
+ ret = -1;
+ } else {
+ tv->tv_sec = timeout / 1000;
+ tv->tv_usec = (timeout % 1000) * 1000;
+ ret = sizeof(*tv);
+ }
+ }
+# else
+ if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+ ptr, (void *)&ret) < 0) {
+ perror("getsockopt");
+ ret = -1;
+ }
+# endif
+ break;
+# endif
+# if defined(SO_SNDTIMEO)
+ case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
+# ifdef OPENSSL_SYS_WINDOWS
+ {
+ struct timeval *tv = (struct timeval *)ptr;
+ int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+ if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+ (void *)&timeout, sizeof(timeout)) < 0) {
+ perror("setsockopt");
+ ret = -1;
+ }
+ }
+# else
+ if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
+ sizeof(struct timeval)) < 0) {
+ perror("setsockopt");
+ ret = -1;
+ }
+# endif
+ break;
+ case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
+# ifdef OPENSSL_SYS_WINDOWS
+ {
+ int timeout, sz = sizeof(timeout);
+ struct timeval *tv = (struct timeval *)ptr;
+ if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+ (void *)&timeout, &sz) < 0) {
+ perror("getsockopt");
+ ret = -1;
+ } else {
+ tv->tv_sec = timeout / 1000;
+ tv->tv_usec = (timeout % 1000) * 1000;
+ ret = sizeof(*tv);
+ }
+ }
+# else
+ if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+ ptr, (void *)&ret) < 0) {
+ perror("getsockopt");
+ ret = -1;
+ }
+# endif
+ break;
+# endif
+ case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
+ /* fall-through */
+ case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
+# ifdef OPENSSL_SYS_WINDOWS
+ if (data->_errno == WSAETIMEDOUT)
+# else
+ if (data->_errno == EAGAIN)
+# endif
+ {
+ ret = 1;
+ data->_errno = 0;
+ } else
+ ret = 0;
+ break;
+# ifdef EMSGSIZE
+ case BIO_CTRL_DGRAM_MTU_EXCEEDED:
+ if (data->_errno == EMSGSIZE) {
+ ret = 1;
+ data->_errno = 0;
+ } else
+ ret = 0;
+ break;
+# endif
+ default:
+ ret = 0;
+ break;
+ }
+ return (ret);
+}
+
+static int dgram_puts(BIO *bp, const char *str)
+{
+ int n, ret;
+
+ n = strlen(str);
+ ret = dgram_write(bp, str, n);
+ return (ret);
+}
+
+static int BIO_dgram_should_retry(int i)
+{
+ int err;
+
+ if ((i == 0) || (i == -1)) {
+ err = get_last_socket_error();
+
+# if defined(OPENSSL_SYS_WINDOWS)
+ /*
+ * If the socket return value (i) is -1 and err is unexpectedly 0 at
+ * this point, the error code was overwritten by another system call
+ * before this error handling is called.
+ */
+# endif
+
+ return (BIO_dgram_non_fatal_error(err));
+ }
+ return (0);
+}
+
+int BIO_dgram_non_fatal_error(int err)
+{
+ switch (err) {
+# if defined(OPENSSL_SYS_WINDOWS)
+# if defined(WSAEWOULDBLOCK)
+ case WSAEWOULDBLOCK:
+# endif
+
+# if 0 /* This appears to always be an error */
+# if defined(WSAENOTCONN)
+ case WSAENOTCONN:
+# endif
+# endif
+# endif
+
+# ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+# if WSAEWOULDBLOCK != EWOULDBLOCK
+ case EWOULDBLOCK:
+# endif
+# else
+ case EWOULDBLOCK:
+# endif
+# endif
+
+# ifdef EINTR
+ case EINTR:
+# endif
+
+# ifdef EAGAIN
+# if EWOULDBLOCK != EAGAIN
+ case EAGAIN:
+# endif
+# endif
+
+# ifdef EPROTO
+ case EPROTO:
+# endif
+
+# ifdef EINPROGRESS
+ case EINPROGRESS:
+# endif
+
+# ifdef EALREADY
+ case EALREADY:
+# endif
+
+ return (1);
+ /* break; */
+ default:
+ break;
+ }
+ return (0);
+}
+
+static void get_current_time(struct timeval *t)
+{
+# ifdef OPENSSL_SYS_WIN32
+ struct _timeb tb;
+ _ftime(&tb);
+ t->tv_sec = (long)tb.time;
+ t->tv_usec = (long)tb.millitm * 1000;
+# elif defined(OPENSSL_SYS_VMS)
+ struct timeb tb;
+ ftime(&tb);
+ t->tv_sec = (long)tb.time;
+ t->tv_usec = (long)tb.millitm * 1000;
+# else
+ gettimeofday(t, NULL);
+# endif
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_fd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_fd.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_fd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,294 +0,0 @@
-/* crypto/bio/bss_fd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-/*
- * As for unconditional usage of "UPLINK" interface in this module.
- * Trouble is that unlike Unix file descriptors [which are indexes
- * in kernel-side per-process table], corresponding descriptors on
- * platforms which require "UPLINK" interface seem to be indexes
- * in a user-land, non-global table. Well, in fact they are indexes
- * in stdio _iob[], and recall that _iob[] was the very reason why
- * "UPLINK" interface was introduced in first place. But one way on
- * another. Neither libcrypto or libssl use this BIO meaning that
- * file descriptors can only be provided by application. Therefore
- * "UPLINK" calls are due...
- */
-#include "bio_lcl.h"
-
-static int fd_write(BIO *h, const char *buf, int num);
-static int fd_read(BIO *h, char *buf, int size);
-static int fd_puts(BIO *h, const char *str);
-static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int fd_new(BIO *h);
-static int fd_free(BIO *data);
-int BIO_fd_should_retry(int s);
-
-static BIO_METHOD methods_fdp=
- {
- BIO_TYPE_FD,"file descriptor",
- fd_write,
- fd_read,
- fd_puts,
- NULL, /* fd_gets, */
- fd_ctrl,
- fd_new,
- fd_free,
- NULL,
- };
-
-BIO_METHOD *BIO_s_fd(void)
- {
- return(&methods_fdp);
- }
-
-BIO *BIO_new_fd(int fd,int close_flag)
- {
- BIO *ret;
- ret=BIO_new(BIO_s_fd());
- if (ret == NULL) return(NULL);
- BIO_set_fd(ret,fd,close_flag);
- return(ret);
- }
-
-static int fd_new(BIO *bi)
- {
- bi->init=0;
- bi->num=-1;
- bi->ptr=NULL;
- bi->flags=BIO_FLAGS_UPLINK; /* essentially redundant */
- return(1);
- }
-
-static int fd_free(BIO *a)
- {
- if (a == NULL) return(0);
- if (a->shutdown)
- {
- if (a->init)
- {
- UP_close(a->num);
- }
- a->init=0;
- a->flags=BIO_FLAGS_UPLINK;
- }
- return(1);
- }
-
-static int fd_read(BIO *b, char *out,int outl)
- {
- int ret=0;
-
- if (out != NULL)
- {
- clear_sys_error();
- ret=UP_read(b->num,out,outl);
- BIO_clear_retry_flags(b);
- if (ret <= 0)
- {
- if (BIO_fd_should_retry(ret))
- BIO_set_retry_read(b);
- }
- }
- return(ret);
- }
-
-static int fd_write(BIO *b, const char *in, int inl)
- {
- int ret;
- clear_sys_error();
- ret=UP_write(b->num,in,inl);
- BIO_clear_retry_flags(b);
- if (ret <= 0)
- {
- if (BIO_fd_should_retry(ret))
- BIO_set_retry_write(b);
- }
- return(ret);
- }
-
-static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- long ret=1;
- int *ip;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- num=0;
- case BIO_C_FILE_SEEK:
- ret=(long)UP_lseek(b->num,num,0);
- break;
- case BIO_C_FILE_TELL:
- case BIO_CTRL_INFO:
- ret=(long)UP_lseek(b->num,0,1);
- break;
- case BIO_C_SET_FD:
- fd_free(b);
- b->num= *((int *)ptr);
- b->shutdown=(int)num;
- b->init=1;
- break;
- case BIO_C_GET_FD:
- if (b->init)
- {
- ip=(int *)ptr;
- if (ip != NULL) *ip=b->num;
- ret=b->num;
- }
- else
- ret= -1;
- break;
- case BIO_CTRL_GET_CLOSE:
- ret=b->shutdown;
- break;
- case BIO_CTRL_SET_CLOSE:
- b->shutdown=(int)num;
- break;
- case BIO_CTRL_PENDING:
- case BIO_CTRL_WPENDING:
- ret=0;
- break;
- case BIO_CTRL_DUP:
- case BIO_CTRL_FLUSH:
- ret=1;
- break;
- default:
- ret=0;
- break;
- }
- return(ret);
- }
-
-static int fd_puts(BIO *bp, const char *str)
- {
- int n,ret;
-
- n=strlen(str);
- ret=fd_write(bp,str,n);
- return(ret);
- }
-
-int BIO_fd_should_retry(int i)
- {
- int err;
-
- if ((i == 0) || (i == -1))
- {
- err=get_last_sys_error();
-
-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
- if ((i == -1) && (err == 0))
- return(1);
-#endif
-
- return(BIO_fd_non_fatal_error(err));
- }
- return(0);
- }
-
-int BIO_fd_non_fatal_error(int err)
- {
- switch (err)
- {
-
-#ifdef EWOULDBLOCK
-# ifdef WSAEWOULDBLOCK
-# if WSAEWOULDBLOCK != EWOULDBLOCK
- case EWOULDBLOCK:
-# endif
-# else
- case EWOULDBLOCK:
-# endif
-#endif
-
-#if defined(ENOTCONN)
- case ENOTCONN:
-#endif
-
-#ifdef EINTR
- case EINTR:
-#endif
-
-#ifdef EAGAIN
-#if EWOULDBLOCK != EAGAIN
- case EAGAIN:
-# endif
-#endif
-
-#ifdef EPROTO
- case EPROTO:
-#endif
-
-#ifdef EINPROGRESS
- case EINPROGRESS:
-#endif
-
-#ifdef EALREADY
- case EALREADY:
-#endif
- return(1);
- /* break; */
- default:
- break;
- }
- return(0);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_fd.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bss_fd.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_fd.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_fd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,287 @@
+/* crypto/bio/bss_fd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+/*
+ * As for unconditional usage of "UPLINK" interface in this module.
+ * Trouble is that unlike Unix file descriptors [which are indexes
+ * in kernel-side per-process table], corresponding descriptors on
+ * platforms which require "UPLINK" interface seem to be indexes
+ * in a user-land, non-global table. Well, in fact they are indexes
+ * in stdio _iob[], and recall that _iob[] was the very reason why
+ * "UPLINK" interface was introduced in first place. But one way on
+ * another. Neither libcrypto or libssl use this BIO meaning that
+ * file descriptors can only be provided by application. Therefore
+ * "UPLINK" calls are due...
+ */
+#include "bio_lcl.h"
+
+static int fd_write(BIO *h, const char *buf, int num);
+static int fd_read(BIO *h, char *buf, int size);
+static int fd_puts(BIO *h, const char *str);
+static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int fd_new(BIO *h);
+static int fd_free(BIO *data);
+int BIO_fd_should_retry(int s);
+
+static BIO_METHOD methods_fdp = {
+ BIO_TYPE_FD, "file descriptor",
+ fd_write,
+ fd_read,
+ fd_puts,
+ NULL, /* fd_gets, */
+ fd_ctrl,
+ fd_new,
+ fd_free,
+ NULL,
+};
+
+BIO_METHOD *BIO_s_fd(void)
+{
+ return (&methods_fdp);
+}
+
+BIO *BIO_new_fd(int fd, int close_flag)
+{
+ BIO *ret;
+ ret = BIO_new(BIO_s_fd());
+ if (ret == NULL)
+ return (NULL);
+ BIO_set_fd(ret, fd, close_flag);
+ return (ret);
+}
+
+static int fd_new(BIO *bi)
+{
+ bi->init = 0;
+ bi->num = -1;
+ bi->ptr = NULL;
+ bi->flags = BIO_FLAGS_UPLINK; /* essentially redundant */
+ return (1);
+}
+
+static int fd_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ if (a->shutdown) {
+ if (a->init) {
+ UP_close(a->num);
+ }
+ a->init = 0;
+ a->flags = BIO_FLAGS_UPLINK;
+ }
+ return (1);
+}
+
+static int fd_read(BIO *b, char *out, int outl)
+{
+ int ret = 0;
+
+ if (out != NULL) {
+ clear_sys_error();
+ ret = UP_read(b->num, out, outl);
+ BIO_clear_retry_flags(b);
+ if (ret <= 0) {
+ if (BIO_fd_should_retry(ret))
+ BIO_set_retry_read(b);
+ }
+ }
+ return (ret);
+}
+
+static int fd_write(BIO *b, const char *in, int inl)
+{
+ int ret;
+ clear_sys_error();
+ ret = UP_write(b->num, in, inl);
+ BIO_clear_retry_flags(b);
+ if (ret <= 0) {
+ if (BIO_fd_should_retry(ret))
+ BIO_set_retry_write(b);
+ }
+ return (ret);
+}
+
+static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ long ret = 1;
+ int *ip;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ num = 0;
+ case BIO_C_FILE_SEEK:
+ ret = (long)UP_lseek(b->num, num, 0);
+ break;
+ case BIO_C_FILE_TELL:
+ case BIO_CTRL_INFO:
+ ret = (long)UP_lseek(b->num, 0, 1);
+ break;
+ case BIO_C_SET_FD:
+ fd_free(b);
+ b->num = *((int *)ptr);
+ b->shutdown = (int)num;
+ b->init = 1;
+ break;
+ case BIO_C_GET_FD:
+ if (b->init) {
+ ip = (int *)ptr;
+ if (ip != NULL)
+ *ip = b->num;
+ ret = b->num;
+ } else
+ ret = -1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret = b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown = (int)num;
+ break;
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_WPENDING:
+ ret = 0;
+ break;
+ case BIO_CTRL_DUP:
+ case BIO_CTRL_FLUSH:
+ ret = 1;
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+ return (ret);
+}
+
+static int fd_puts(BIO *bp, const char *str)
+{
+ int n, ret;
+
+ n = strlen(str);
+ ret = fd_write(bp, str, n);
+ return (ret);
+}
+
+int BIO_fd_should_retry(int i)
+{
+ int err;
+
+ if ((i == 0) || (i == -1)) {
+ err = get_last_sys_error();
+
+#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps
+ * not? Ben 4/1/99 */
+ if ((i == -1) && (err == 0))
+ return (1);
+#endif
+
+ return (BIO_fd_non_fatal_error(err));
+ }
+ return (0);
+}
+
+int BIO_fd_non_fatal_error(int err)
+{
+ switch (err) {
+
+#ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+# if WSAEWOULDBLOCK != EWOULDBLOCK
+ case EWOULDBLOCK:
+# endif
+# else
+ case EWOULDBLOCK:
+# endif
+#endif
+
+#if defined(ENOTCONN)
+ case ENOTCONN:
+#endif
+
+#ifdef EINTR
+ case EINTR:
+#endif
+
+#ifdef EAGAIN
+# if EWOULDBLOCK != EAGAIN
+ case EAGAIN:
+# endif
+#endif
+
+#ifdef EPROTO
+ case EPROTO:
+#endif
+
+#ifdef EINPROGRESS
+ case EINPROGRESS:
+#endif
+
+#ifdef EALREADY
+ case EALREADY:
+#endif
+ return (1);
+ /* break; */
+ default:
+ break;
+ }
+ return (0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_file.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_file.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_file.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,435 +0,0 @@
-/* crypto/bio/bss_file.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * 03-Dec-1997 rdenny at dc3.com Fix bug preventing use of stdin/stdout
- * with binary data (e.g. asn1parse -inform DER < xxx) under
- * Windows
- */
-
-#ifndef HEADER_BSS_FILE_C
-#define HEADER_BSS_FILE_C
-
-#if defined(__linux) || defined(__sun) || defined(__hpux)
-/* Following definition aliases fopen to fopen64 on above mentioned
- * platforms. This makes it possible to open and sequentially access
- * files larger than 2GB from 32-bit application. It does not allow to
- * traverse them beyond 2GB with fseek/ftell, but on the other hand *no*
- * 32-bit platform permits that, not with fseek/ftell. Not to mention
- * that breaking 2GB limit for seeking would require surgery to *our*
- * API. But sequential access suffices for practical cases when you
- * can run into large files, such as fingerprinting, so we can let API
- * alone. For reference, the list of 32-bit platforms which allow for
- * sequential access of large files without extra "magic" comprise *BSD,
- * Darwin, IRIX...
- */
-#ifndef _FILE_OFFSET_BITS
-#define _FILE_OFFSET_BITS 64
-#endif
-#endif
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include "bio_lcl.h"
-#include <openssl/err.h>
-
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-#include <nwfileio.h>
-#endif
-
-#if !defined(OPENSSL_NO_STDIO)
-
-static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
-static int MS_CALLBACK file_read(BIO *h, char *buf, int size);
-static int MS_CALLBACK file_puts(BIO *h, const char *str);
-static int MS_CALLBACK file_gets(BIO *h, char *str, int size);
-static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int MS_CALLBACK file_new(BIO *h);
-static int MS_CALLBACK file_free(BIO *data);
-static BIO_METHOD methods_filep=
- {
- BIO_TYPE_FILE,
- "FILE pointer",
- file_write,
- file_read,
- file_puts,
- file_gets,
- file_ctrl,
- file_new,
- file_free,
- NULL,
- };
-
-BIO *BIO_new_file(const char *filename, const char *mode)
- {
- BIO *ret;
- FILE *file;
-
- if ((file=fopen(filename,mode)) == NULL)
- {
- SYSerr(SYS_F_FOPEN,get_last_sys_error());
- ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
- if (errno == ENOENT)
- BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
- else
- BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
- return(NULL);
- }
- if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
- {
- fclose(file);
- return(NULL);
- }
-
- BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
- BIO_set_fp(ret,file,BIO_CLOSE);
- return(ret);
- }
-
-BIO *BIO_new_fp(FILE *stream, int close_flag)
- {
- BIO *ret;
-
- if ((ret=BIO_new(BIO_s_file())) == NULL)
- return(NULL);
-
- BIO_set_flags(ret,BIO_FLAGS_UPLINK); /* redundant, left for documentation puposes */
- BIO_set_fp(ret,stream,close_flag);
- return(ret);
- }
-
-BIO_METHOD *BIO_s_file(void)
- {
- return(&methods_filep);
- }
-
-static int MS_CALLBACK file_new(BIO *bi)
- {
- bi->init=0;
- bi->num=0;
- bi->ptr=NULL;
- bi->flags=BIO_FLAGS_UPLINK; /* default to UPLINK */
- return(1);
- }
-
-static int MS_CALLBACK file_free(BIO *a)
- {
- if (a == NULL) return(0);
- if (a->shutdown)
- {
- if ((a->init) && (a->ptr != NULL))
- {
- if (a->flags&BIO_FLAGS_UPLINK)
- UP_fclose (a->ptr);
- else
- fclose (a->ptr);
- a->ptr=NULL;
- a->flags=BIO_FLAGS_UPLINK;
- }
- a->init=0;
- }
- return(1);
- }
-
-static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
- {
- int ret=0;
-
- if (b->init && (out != NULL))
- {
- if (b->flags&BIO_FLAGS_UPLINK)
- ret=UP_fread(out,1,(int)outl,b->ptr);
- else
- ret=fread(out,1,(int)outl,(FILE *)b->ptr);
- if(ret == 0 && (b->flags&BIO_FLAGS_UPLINK)?UP_ferror((FILE *)b->ptr):ferror((FILE *)b->ptr))
- {
- SYSerr(SYS_F_FREAD,get_last_sys_error());
- BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB);
- ret=-1;
- }
- }
- return(ret);
- }
-
-static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
- {
- int ret=0;
-
- if (b->init && (in != NULL))
- {
- if (b->flags&BIO_FLAGS_UPLINK)
- ret=UP_fwrite(in,(int)inl,1,b->ptr);
- else
- ret=fwrite(in,(int)inl,1,(FILE *)b->ptr);
- if (ret)
- ret=inl;
- /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
- /* according to Tim Hudson <tjh at cryptsoft.com>, the commented
- * out version above can cause 'inl' write calls under
- * some stupid stdio implementations (VMS) */
- }
- return(ret);
- }
-
-static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- long ret=1;
- FILE *fp=(FILE *)b->ptr;
- FILE **fpp;
- char p[4];
-
- switch (cmd)
- {
- case BIO_C_FILE_SEEK:
- case BIO_CTRL_RESET:
- if (b->flags&BIO_FLAGS_UPLINK)
- ret=(long)UP_fseek(b->ptr,num,0);
- else
- ret=(long)fseek(fp,num,0);
- break;
- case BIO_CTRL_EOF:
- if (b->flags&BIO_FLAGS_UPLINK)
- ret=(long)UP_feof(fp);
- else
- ret=(long)feof(fp);
- break;
- case BIO_C_FILE_TELL:
- case BIO_CTRL_INFO:
- if (b->flags&BIO_FLAGS_UPLINK)
- ret=UP_ftell(b->ptr);
- else
- ret=ftell(fp);
- break;
- case BIO_C_SET_FILE_PTR:
- file_free(b);
- b->shutdown=(int)num&BIO_CLOSE;
- b->ptr=ptr;
- b->init=1;
-#if BIO_FLAGS_UPLINK!=0
-#if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
-#define _IOB_ENTRIES 20
-#endif
-#if defined(_IOB_ENTRIES)
- /* Safety net to catch purely internal BIO_set_fp calls */
- if ((size_t)ptr >= (size_t)stdin &&
- (size_t)ptr < (size_t)(stdin+_IOB_ENTRIES))
- BIO_clear_flags(b,BIO_FLAGS_UPLINK);
-#endif
-#endif
-#ifdef UP_fsetmod
- if (b->flags&BIO_FLAGS_UPLINK)
- UP_fsetmod(b->ptr,(char)((num&BIO_FP_TEXT)?'t':'b'));
- else
-#endif
- {
-#if defined(OPENSSL_SYS_WINDOWS)
- int fd = _fileno((FILE*)ptr);
- if (num & BIO_FP_TEXT)
- _setmode(fd,_O_TEXT);
- else
- _setmode(fd,_O_BINARY);
-#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
- int fd = fileno((FILE*)ptr);
- /* Under CLib there are differences in file modes
- */
- if (num & BIO_FP_TEXT)
- setmode(fd,O_TEXT);
- else
- setmode(fd,O_BINARY);
-#elif defined(OPENSSL_SYS_MSDOS)
- int fd = fileno((FILE*)ptr);
- /* Set correct text/binary mode */
- if (num & BIO_FP_TEXT)
- _setmode(fd,_O_TEXT);
- /* Dangerous to set stdin/stdout to raw (unless redirected) */
- else
- {
- if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
- {
- if (isatty(fd) <= 0)
- _setmode(fd,_O_BINARY);
- }
- else
- _setmode(fd,_O_BINARY);
- }
-#elif defined(OPENSSL_SYS_OS2)
- int fd = fileno((FILE*)ptr);
- if (num & BIO_FP_TEXT)
- setmode(fd, O_TEXT);
- else
- setmode(fd, O_BINARY);
-#endif
- }
- break;
- case BIO_C_SET_FILENAME:
- file_free(b);
- b->shutdown=(int)num&BIO_CLOSE;
- if (num & BIO_FP_APPEND)
- {
- if (num & BIO_FP_READ)
- BUF_strlcpy(p,"a+",sizeof p);
- else BUF_strlcpy(p,"a",sizeof p);
- }
- else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
- BUF_strlcpy(p,"r+",sizeof p);
- else if (num & BIO_FP_WRITE)
- BUF_strlcpy(p,"w",sizeof p);
- else if (num & BIO_FP_READ)
- BUF_strlcpy(p,"r",sizeof p);
- else
- {
- BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
- ret=0;
- break;
- }
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
- if (!(num & BIO_FP_TEXT))
- strcat(p,"b");
- else
- strcat(p,"t");
-#endif
-#if defined(OPENSSL_SYS_NETWARE)
- if (!(num & BIO_FP_TEXT))
- strcat(p,"b");
- else
- strcat(p,"t");
-#endif
- fp=fopen(ptr,p);
- if (fp == NULL)
- {
- SYSerr(SYS_F_FOPEN,get_last_sys_error());
- ERR_add_error_data(5,"fopen('",ptr,"','",p,"')");
- BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
- ret=0;
- break;
- }
- b->ptr=fp;
- b->init=1;
- BIO_clear_flags(b,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
- break;
- case BIO_C_GET_FILE_PTR:
- /* the ptr parameter is actually a FILE ** in this case. */
- if (ptr != NULL)
- {
- fpp=(FILE **)ptr;
- *fpp=(FILE *)b->ptr;
- }
- break;
- case BIO_CTRL_GET_CLOSE:
- ret=(long)b->shutdown;
- break;
- case BIO_CTRL_SET_CLOSE:
- b->shutdown=(int)num;
- break;
- case BIO_CTRL_FLUSH:
- if (b->flags&BIO_FLAGS_UPLINK)
- UP_fflush(b->ptr);
- else
- fflush((FILE *)b->ptr);
- break;
- case BIO_CTRL_DUP:
- ret=1;
- break;
-
- case BIO_CTRL_WPENDING:
- case BIO_CTRL_PENDING:
- case BIO_CTRL_PUSH:
- case BIO_CTRL_POP:
- default:
- ret=0;
- break;
- }
- return(ret);
- }
-
-static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
- {
- int ret=0;
-
- buf[0]='\0';
- if (bp->flags&BIO_FLAGS_UPLINK)
- {
- if (!UP_fgets(buf,size,bp->ptr))
- goto err;
- }
- else
- {
- if (!fgets(buf,size,(FILE *)bp->ptr))
- goto err;
- }
- if (buf[0] != '\0')
- ret=strlen(buf);
- err:
- return(ret);
- }
-
-static int MS_CALLBACK file_puts(BIO *bp, const char *str)
- {
- int n,ret;
-
- n=strlen(str);
- ret=file_write(bp,str,n);
- return(ret);
- }
-
-#endif /* OPENSSL_NO_STDIO */
-
-#endif /* HEADER_BSS_FILE_C */
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_file.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bss_file.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_file.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_file.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,423 @@
+/* crypto/bio/bss_file.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*-
+ * 03-Dec-1997 rdenny at dc3.com Fix bug preventing use of stdin/stdout
+ * with binary data (e.g. asn1parse -inform DER < xxx) under
+ * Windows
+ */
+
+#ifndef HEADER_BSS_FILE_C
+# define HEADER_BSS_FILE_C
+
+# if defined(__linux) || defined(__sun) || defined(__hpux)
+/*
+ * Following definition aliases fopen to fopen64 on above mentioned
+ * platforms. This makes it possible to open and sequentially access files
+ * larger than 2GB from 32-bit application. It does not allow to traverse
+ * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit
+ * platform permits that, not with fseek/ftell. Not to mention that breaking
+ * 2GB limit for seeking would require surgery to *our* API. But sequential
+ * access suffices for practical cases when you can run into large files,
+ * such as fingerprinting, so we can let API alone. For reference, the list
+ * of 32-bit platforms which allow for sequential access of large files
+ * without extra "magic" comprise *BSD, Darwin, IRIX...
+ */
+# ifndef _FILE_OFFSET_BITS
+# define _FILE_OFFSET_BITS 64
+# endif
+# endif
+
+# include <stdio.h>
+# include <errno.h>
+# include "cryptlib.h"
+# include "bio_lcl.h"
+# include <openssl/err.h>
+
+# if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
+# include <nwfileio.h>
+# endif
+
+# if !defined(OPENSSL_NO_STDIO)
+
+static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
+static int MS_CALLBACK file_read(BIO *h, char *buf, int size);
+static int MS_CALLBACK file_puts(BIO *h, const char *str);
+static int MS_CALLBACK file_gets(BIO *h, char *str, int size);
+static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int MS_CALLBACK file_new(BIO *h);
+static int MS_CALLBACK file_free(BIO *data);
+static BIO_METHOD methods_filep = {
+ BIO_TYPE_FILE,
+ "FILE pointer",
+ file_write,
+ file_read,
+ file_puts,
+ file_gets,
+ file_ctrl,
+ file_new,
+ file_free,
+ NULL,
+};
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+ BIO *ret;
+ FILE *file;
+
+ if ((file = fopen(filename, mode)) == NULL) {
+ SYSerr(SYS_F_FOPEN, get_last_sys_error());
+ ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
+ if (errno == ENOENT)
+ BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
+ else
+ BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);
+ return (NULL);
+ }
+ if ((ret = BIO_new(BIO_s_file_internal())) == NULL) {
+ fclose(file);
+ return (NULL);
+ }
+
+ BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
+ * UPLINK */
+ BIO_set_fp(ret, file, BIO_CLOSE);
+ return (ret);
+}
+
+BIO *BIO_new_fp(FILE *stream, int close_flag)
+{
+ BIO *ret;
+
+ if ((ret = BIO_new(BIO_s_file())) == NULL)
+ return (NULL);
+
+ BIO_set_flags(ret, BIO_FLAGS_UPLINK); /* redundant, left for
+ * documentation puposes */
+ BIO_set_fp(ret, stream, close_flag);
+ return (ret);
+}
+
+BIO_METHOD *BIO_s_file(void)
+{
+ return (&methods_filep);
+}
+
+static int MS_CALLBACK file_new(BIO *bi)
+{
+ bi->init = 0;
+ bi->num = 0;
+ bi->ptr = NULL;
+ bi->flags = BIO_FLAGS_UPLINK; /* default to UPLINK */
+ return (1);
+}
+
+static int MS_CALLBACK file_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ if (a->shutdown) {
+ if ((a->init) && (a->ptr != NULL)) {
+ if (a->flags & BIO_FLAGS_UPLINK)
+ UP_fclose(a->ptr);
+ else
+ fclose(a->ptr);
+ a->ptr = NULL;
+ a->flags = BIO_FLAGS_UPLINK;
+ }
+ a->init = 0;
+ }
+ return (1);
+}
+
+static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
+{
+ int ret = 0;
+
+ if (b->init && (out != NULL)) {
+ if (b->flags & BIO_FLAGS_UPLINK)
+ ret = UP_fread(out, 1, (int)outl, b->ptr);
+ else
+ ret = fread(out, 1, (int)outl, (FILE *)b->ptr);
+ if (ret == 0
+ && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) :
+ ferror((FILE *)b->ptr)) {
+ SYSerr(SYS_F_FREAD, get_last_sys_error());
+ BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB);
+ ret = -1;
+ }
+ }
+ return (ret);
+}
+
+static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
+{
+ int ret = 0;
+
+ if (b->init && (in != NULL)) {
+ if (b->flags & BIO_FLAGS_UPLINK)
+ ret = UP_fwrite(in, (int)inl, 1, b->ptr);
+ else
+ ret = fwrite(in, (int)inl, 1, (FILE *)b->ptr);
+ if (ret)
+ ret = inl;
+ /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
+ /*
+ * according to Tim Hudson <tjh at cryptsoft.com>, the commented out
+ * version above can cause 'inl' write calls under some stupid stdio
+ * implementations (VMS)
+ */
+ }
+ return (ret);
+}
+
+static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ long ret = 1;
+ FILE *fp = (FILE *)b->ptr;
+ FILE **fpp;
+ char p[4];
+
+ switch (cmd) {
+ case BIO_C_FILE_SEEK:
+ case BIO_CTRL_RESET:
+ if (b->flags & BIO_FLAGS_UPLINK)
+ ret = (long)UP_fseek(b->ptr, num, 0);
+ else
+ ret = (long)fseek(fp, num, 0);
+ break;
+ case BIO_CTRL_EOF:
+ if (b->flags & BIO_FLAGS_UPLINK)
+ ret = (long)UP_feof(fp);
+ else
+ ret = (long)feof(fp);
+ break;
+ case BIO_C_FILE_TELL:
+ case BIO_CTRL_INFO:
+ if (b->flags & BIO_FLAGS_UPLINK)
+ ret = UP_ftell(b->ptr);
+ else
+ ret = ftell(fp);
+ break;
+ case BIO_C_SET_FILE_PTR:
+ file_free(b);
+ b->shutdown = (int)num & BIO_CLOSE;
+ b->ptr = ptr;
+ b->init = 1;
+# if BIO_FLAGS_UPLINK!=0
+# if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
+# define _IOB_ENTRIES 20
+# endif
+# if defined(_IOB_ENTRIES)
+ /* Safety net to catch purely internal BIO_set_fp calls */
+ if ((size_t)ptr >= (size_t)stdin &&
+ (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES))
+ BIO_clear_flags(b, BIO_FLAGS_UPLINK);
+# endif
+# endif
+# ifdef UP_fsetmod
+ if (b->flags & BIO_FLAGS_UPLINK)
+ UP_fsetmod(b->ptr, (char)((num & BIO_FP_TEXT) ? 't' : 'b'));
+ else
+# endif
+ {
+# if defined(OPENSSL_SYS_WINDOWS)
+ int fd = _fileno((FILE *)ptr);
+ if (num & BIO_FP_TEXT)
+ _setmode(fd, _O_TEXT);
+ else
+ _setmode(fd, _O_BINARY);
+# elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
+ int fd = fileno((FILE *)ptr);
+ /*
+ * Under CLib there are differences in file modes
+ */
+ if (num & BIO_FP_TEXT)
+ setmode(fd, O_TEXT);
+ else
+ setmode(fd, O_BINARY);
+# elif defined(OPENSSL_SYS_MSDOS)
+ int fd = fileno((FILE *)ptr);
+ /* Set correct text/binary mode */
+ if (num & BIO_FP_TEXT)
+ _setmode(fd, _O_TEXT);
+ /* Dangerous to set stdin/stdout to raw (unless redirected) */
+ else {
+ if (fd == STDIN_FILENO || fd == STDOUT_FILENO) {
+ if (isatty(fd) <= 0)
+ _setmode(fd, _O_BINARY);
+ } else
+ _setmode(fd, _O_BINARY);
+ }
+# elif defined(OPENSSL_SYS_OS2)
+ int fd = fileno((FILE *)ptr);
+ if (num & BIO_FP_TEXT)
+ setmode(fd, O_TEXT);
+ else
+ setmode(fd, O_BINARY);
+# endif
+ }
+ break;
+ case BIO_C_SET_FILENAME:
+ file_free(b);
+ b->shutdown = (int)num & BIO_CLOSE;
+ if (num & BIO_FP_APPEND) {
+ if (num & BIO_FP_READ)
+ BUF_strlcpy(p, "a+", sizeof p);
+ else
+ BUF_strlcpy(p, "a", sizeof p);
+ } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
+ BUF_strlcpy(p, "r+", sizeof p);
+ else if (num & BIO_FP_WRITE)
+ BUF_strlcpy(p, "w", sizeof p);
+ else if (num & BIO_FP_READ)
+ BUF_strlcpy(p, "r", sizeof p);
+ else {
+ BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE);
+ ret = 0;
+ break;
+ }
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+ if (!(num & BIO_FP_TEXT))
+ strcat(p, "b");
+ else
+ strcat(p, "t");
+# endif
+# if defined(OPENSSL_SYS_NETWARE)
+ if (!(num & BIO_FP_TEXT))
+ strcat(p, "b");
+ else
+ strcat(p, "t");
+# endif
+ fp = fopen(ptr, p);
+ if (fp == NULL) {
+ SYSerr(SYS_F_FOPEN, get_last_sys_error());
+ ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
+ BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB);
+ ret = 0;
+ break;
+ }
+ b->ptr = fp;
+ b->init = 1;
+ BIO_clear_flags(b, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
+ * UPLINK */
+ break;
+ case BIO_C_GET_FILE_PTR:
+ /* the ptr parameter is actually a FILE ** in this case. */
+ if (ptr != NULL) {
+ fpp = (FILE **)ptr;
+ *fpp = (FILE *)b->ptr;
+ }
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret = (long)b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown = (int)num;
+ break;
+ case BIO_CTRL_FLUSH:
+ if (b->flags & BIO_FLAGS_UPLINK)
+ UP_fflush(b->ptr);
+ else
+ fflush((FILE *)b->ptr);
+ break;
+ case BIO_CTRL_DUP:
+ ret = 1;
+ break;
+
+ case BIO_CTRL_WPENDING:
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_PUSH:
+ case BIO_CTRL_POP:
+ default:
+ ret = 0;
+ break;
+ }
+ return (ret);
+}
+
+static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
+{
+ int ret = 0;
+
+ buf[0] = '\0';
+ if (bp->flags & BIO_FLAGS_UPLINK) {
+ if (!UP_fgets(buf, size, bp->ptr))
+ goto err;
+ } else {
+ if (!fgets(buf, size, (FILE *)bp->ptr))
+ goto err;
+ }
+ if (buf[0] != '\0')
+ ret = strlen(buf);
+ err:
+ return (ret);
+}
+
+static int MS_CALLBACK file_puts(BIO *bp, const char *str)
+{
+ int n, ret;
+
+ n = strlen(str);
+ ret = file_write(bp, str, n);
+ return (ret);
+}
+
+# endif /* OPENSSL_NO_STDIO */
+
+#endif /* HEADER_BSS_FILE_C */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_log.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_log.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_log.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,402 +0,0 @@
-/* crypto/bio/bss_log.c */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
- Why BIO_s_log?
-
- BIO_s_log is useful for system daemons (or services under NT).
- It is one-way BIO, it sends all stuff to syslogd (on system that
- commonly use that), or event log (on NT), or OPCOM (on OpenVMS).
-
-*/
-
-
-#include <stdio.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-
-#if defined(OPENSSL_SYS_WINCE)
-#elif defined(OPENSSL_SYS_WIN32)
-# include <process.h>
-#elif defined(OPENSSL_SYS_VMS)
-# include <opcdef.h>
-# include <descrip.h>
-# include <lib$routines.h>
-# include <starlet.h>
-#elif defined(__ultrix)
-# include <sys/syslog.h>
-#elif defined(OPENSSL_SYS_NETWARE)
-# define NO_SYSLOG
-#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
-# include <syslog.h>
-#endif
-
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-#ifndef NO_SYSLOG
-
-#if defined(OPENSSL_SYS_WIN32)
-#define LOG_EMERG 0
-#define LOG_ALERT 1
-#define LOG_CRIT 2
-#define LOG_ERR 3
-#define LOG_WARNING 4
-#define LOG_NOTICE 5
-#define LOG_INFO 6
-#define LOG_DEBUG 7
-
-#define LOG_DAEMON (3<<3)
-#elif defined(OPENSSL_SYS_VMS)
-/* On VMS, we don't really care about these, but we need them to compile */
-#define LOG_EMERG 0
-#define LOG_ALERT 1
-#define LOG_CRIT 2
-#define LOG_ERR 3
-#define LOG_WARNING 4
-#define LOG_NOTICE 5
-#define LOG_INFO 6
-#define LOG_DEBUG 7
-
-#define LOG_DAEMON OPC$M_NM_NTWORK
-#endif
-
-static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num);
-static int MS_CALLBACK slg_puts(BIO *h, const char *str);
-static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int MS_CALLBACK slg_new(BIO *h);
-static int MS_CALLBACK slg_free(BIO *data);
-static void xopenlog(BIO* bp, char* name, int level);
-static void xsyslog(BIO* bp, int priority, const char* string);
-static void xcloselog(BIO* bp);
-#ifdef OPENSSL_SYS_WIN32
-LONG (WINAPI *go_for_advapi)() = RegOpenKeyEx;
-HANDLE (WINAPI *register_event_source)() = NULL;
-BOOL (WINAPI *deregister_event_source)() = NULL;
-BOOL (WINAPI *report_event)() = NULL;
-#define DL_PROC(m,f) (GetProcAddress( m, f ))
-#ifdef UNICODE
-#define DL_PROC_X(m,f) DL_PROC( m, f "W" )
-#else
-#define DL_PROC_X(m,f) DL_PROC( m, f "A" )
-#endif
-#endif
-
-static BIO_METHOD methods_slg=
- {
- BIO_TYPE_MEM,"syslog",
- slg_write,
- NULL,
- slg_puts,
- NULL,
- slg_ctrl,
- slg_new,
- slg_free,
- NULL,
- };
-
-BIO_METHOD *BIO_s_log(void)
- {
- return(&methods_slg);
- }
-
-static int MS_CALLBACK slg_new(BIO *bi)
- {
- bi->init=1;
- bi->num=0;
- bi->ptr=NULL;
- xopenlog(bi, "application", LOG_DAEMON);
- return(1);
- }
-
-static int MS_CALLBACK slg_free(BIO *a)
- {
- if (a == NULL) return(0);
- xcloselog(a);
- return(1);
- }
-
-static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
- {
- int ret= inl;
- char* buf;
- char* pp;
- int priority, i;
- static struct
- {
- int strl;
- char str[10];
- int log_level;
- }
- mapping[] =
- {
- { 6, "PANIC ", LOG_EMERG },
- { 6, "EMERG ", LOG_EMERG },
- { 4, "EMR ", LOG_EMERG },
- { 6, "ALERT ", LOG_ALERT },
- { 4, "ALR ", LOG_ALERT },
- { 5, "CRIT ", LOG_CRIT },
- { 4, "CRI ", LOG_CRIT },
- { 6, "ERROR ", LOG_ERR },
- { 4, "ERR ", LOG_ERR },
- { 8, "WARNING ", LOG_WARNING },
- { 5, "WARN ", LOG_WARNING },
- { 4, "WAR ", LOG_WARNING },
- { 7, "NOTICE ", LOG_NOTICE },
- { 5, "NOTE ", LOG_NOTICE },
- { 4, "NOT ", LOG_NOTICE },
- { 5, "INFO ", LOG_INFO },
- { 4, "INF ", LOG_INFO },
- { 6, "DEBUG ", LOG_DEBUG },
- { 4, "DBG ", LOG_DEBUG },
- { 0, "", LOG_ERR } /* The default */
- };
-
- if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){
- return(0);
- }
- strncpy(buf, in, inl);
- buf[inl]= '\0';
-
- i = 0;
- while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++;
- priority = mapping[i].log_level;
- pp = buf + mapping[i].strl;
-
- xsyslog(b, priority, pp);
-
- OPENSSL_free(buf);
- return(ret);
- }
-
-static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- switch (cmd)
- {
- case BIO_CTRL_SET:
- xcloselog(b);
- xopenlog(b, ptr, num);
- break;
- default:
- break;
- }
- return(0);
- }
-
-static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
- {
- int n,ret;
-
- n=strlen(str);
- ret=slg_write(bp,str,n);
- return(ret);
- }
-
-#if defined(OPENSSL_SYS_WIN32)
-
-static void xopenlog(BIO* bp, char* name, int level)
-{
- if ( !register_event_source )
- {
- HANDLE advapi;
- if ( !(advapi = GetModuleHandle("advapi32")) )
- return;
- register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi,
- "RegisterEventSource" );
- deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi,
- "DeregisterEventSource");
- report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi,
- "ReportEvent" );
- if ( !(register_event_source && deregister_event_source &&
- report_event) )
- {
- register_event_source = NULL;
- deregister_event_source = NULL;
- report_event = NULL;
- return;
- }
- }
- bp->ptr= (char *)register_event_source(NULL, name);
-}
-
-static void xsyslog(BIO *bp, int priority, const char *string)
-{
- LPCSTR lpszStrings[2];
- WORD evtype= EVENTLOG_ERROR_TYPE;
- int pid = _getpid();
- char pidbuf[DECIMAL_SIZE(pid)+4];
-
- switch (priority)
- {
- case LOG_EMERG:
- case LOG_ALERT:
- case LOG_CRIT:
- case LOG_ERR:
- evtype = EVENTLOG_ERROR_TYPE;
- break;
- case LOG_WARNING:
- evtype = EVENTLOG_WARNING_TYPE;
- break;
- case LOG_NOTICE:
- case LOG_INFO:
- case LOG_DEBUG:
- evtype = EVENTLOG_INFORMATION_TYPE;
- break;
- default: /* Should never happen, but set it
- as error anyway. */
- evtype = EVENTLOG_ERROR_TYPE;
- break;
- }
-
- sprintf(pidbuf, "[%d] ", pid);
- lpszStrings[0] = pidbuf;
- lpszStrings[1] = string;
-
- if(report_event && bp->ptr)
- report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
- lpszStrings, NULL);
-}
-
-static void xcloselog(BIO* bp)
-{
- if(deregister_event_source && bp->ptr)
- deregister_event_source((HANDLE)(bp->ptr));
- bp->ptr= NULL;
-}
-
-#elif defined(OPENSSL_SYS_VMS)
-
-static int VMS_OPC_target = LOG_DAEMON;
-
-static void xopenlog(BIO* bp, char* name, int level)
-{
- VMS_OPC_target = level;
-}
-
-static void xsyslog(BIO *bp, int priority, const char *string)
-{
- struct dsc$descriptor_s opc_dsc;
- struct opcdef *opcdef_p;
- char buf[10240];
- unsigned int len;
- struct dsc$descriptor_s buf_dsc;
- $DESCRIPTOR(fao_cmd, "!AZ: !AZ");
- char *priority_tag;
-
- switch (priority)
- {
- case LOG_EMERG: priority_tag = "Emergency"; break;
- case LOG_ALERT: priority_tag = "Alert"; break;
- case LOG_CRIT: priority_tag = "Critical"; break;
- case LOG_ERR: priority_tag = "Error"; break;
- case LOG_WARNING: priority_tag = "Warning"; break;
- case LOG_NOTICE: priority_tag = "Notice"; break;
- case LOG_INFO: priority_tag = "Info"; break;
- case LOG_DEBUG: priority_tag = "DEBUG"; break;
- }
-
- buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
- buf_dsc.dsc$b_class = DSC$K_CLASS_S;
- buf_dsc.dsc$a_pointer = buf;
- buf_dsc.dsc$w_length = sizeof(buf) - 1;
-
- lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
-
- /* we know there's an 8 byte header. That's documented */
- opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len);
- opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
- memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
- opcdef_p->opc$l_ms_rqstid = 0;
- memcpy(&opcdef_p->opc$l_ms_text, buf, len);
-
- opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
- opc_dsc.dsc$b_class = DSC$K_CLASS_S;
- opc_dsc.dsc$a_pointer = (char *)opcdef_p;
- opc_dsc.dsc$w_length = len + 8;
-
- sys$sndopr(opc_dsc, 0);
-
- OPENSSL_free(opcdef_p);
-}
-
-static void xcloselog(BIO* bp)
-{
-}
-
-#else /* Unix/Watt32 */
-
-static void xopenlog(BIO* bp, char* name, int level)
-{
-#ifdef WATT32 /* djgpp/DOS */
- openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level);
-#else
- openlog(name, LOG_PID|LOG_CONS, level);
-#endif
-}
-
-static void xsyslog(BIO *bp, int priority, const char *string)
-{
- syslog(priority, "%s", string);
-}
-
-static void xcloselog(BIO* bp)
-{
- closelog();
-}
-
-#endif /* Unix */
-
-#endif /* NO_SYSLOG */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_log.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bss_log.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_log.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_log.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,452 @@
+/* crypto/bio/bss_log.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * Why BIO_s_log?
+ *
+ * BIO_s_log is useful for system daemons (or services under NT). It is
+ * one-way BIO, it sends all stuff to syslogd (on system that commonly use
+ * that), or event log (on NT), or OPCOM (on OpenVMS).
+ *
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+
+#if defined(OPENSSL_SYS_WINCE)
+#elif defined(OPENSSL_SYS_WIN32)
+# include <process.h>
+#elif defined(OPENSSL_SYS_VMS)
+# include <opcdef.h>
+# include <descrip.h>
+# include <lib$routines.h>
+# include <starlet.h>
+#elif defined(__ultrix)
+# include <sys/syslog.h>
+#elif defined(OPENSSL_SYS_NETWARE)
+# define NO_SYSLOG
+#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
+# include <syslog.h>
+#endif
+
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+#ifndef NO_SYSLOG
+
+# if defined(OPENSSL_SYS_WIN32)
+# define LOG_EMERG 0
+# define LOG_ALERT 1
+# define LOG_CRIT 2
+# define LOG_ERR 3
+# define LOG_WARNING 4
+# define LOG_NOTICE 5
+# define LOG_INFO 6
+# define LOG_DEBUG 7
+
+# define LOG_DAEMON (3<<3)
+# elif defined(OPENSSL_SYS_VMS)
+/* On VMS, we don't really care about these, but we need them to compile */
+# define LOG_EMERG 0
+# define LOG_ALERT 1
+# define LOG_CRIT 2
+# define LOG_ERR 3
+# define LOG_WARNING 4
+# define LOG_NOTICE 5
+# define LOG_INFO 6
+# define LOG_DEBUG 7
+
+# define LOG_DAEMON OPC$M_NM_NTWORK
+# endif
+
+static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num);
+static int MS_CALLBACK slg_puts(BIO *h, const char *str);
+static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int MS_CALLBACK slg_new(BIO *h);
+static int MS_CALLBACK slg_free(BIO *data);
+static void xopenlog(BIO *bp, char *name, int level);
+static void xsyslog(BIO *bp, int priority, const char *string);
+static void xcloselog(BIO *bp);
+# ifdef OPENSSL_SYS_WIN32
+LONG(WINAPI *go_for_advapi) () = RegOpenKeyEx;
+HANDLE(WINAPI *register_event_source) () = NULL;
+BOOL(WINAPI *deregister_event_source) () = NULL;
+BOOL(WINAPI *report_event) () = NULL;
+# define DL_PROC(m,f) (GetProcAddress( m, f ))
+# ifdef UNICODE
+# define DL_PROC_X(m,f) DL_PROC( m, f "W" )
+# else
+# define DL_PROC_X(m,f) DL_PROC( m, f "A" )
+# endif
+# endif
+
+static BIO_METHOD methods_slg = {
+ BIO_TYPE_MEM, "syslog",
+ slg_write,
+ NULL,
+ slg_puts,
+ NULL,
+ slg_ctrl,
+ slg_new,
+ slg_free,
+ NULL,
+};
+
+BIO_METHOD *BIO_s_log(void)
+{
+ return (&methods_slg);
+}
+
+static int MS_CALLBACK slg_new(BIO *bi)
+{
+ bi->init = 1;
+ bi->num = 0;
+ bi->ptr = NULL;
+ xopenlog(bi, "application", LOG_DAEMON);
+ return (1);
+}
+
+static int MS_CALLBACK slg_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ xcloselog(a);
+ return (1);
+}
+
+static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
+{
+ int ret = inl;
+ char *buf;
+ char *pp;
+ int priority, i;
+ static struct {
+ int strl;
+ char str[10];
+ int log_level;
+ } mapping[] = {
+ {
+ 6, "PANIC ", LOG_EMERG
+ },
+ {
+ 6, "EMERG ", LOG_EMERG
+ },
+ {
+ 4, "EMR ", LOG_EMERG
+ },
+ {
+ 6, "ALERT ", LOG_ALERT
+ },
+ {
+ 4, "ALR ", LOG_ALERT
+ },
+ {
+ 5, "CRIT ", LOG_CRIT
+ },
+ {
+ 4, "CRI ", LOG_CRIT
+ },
+ {
+ 6, "ERROR ", LOG_ERR
+ },
+ {
+ 4, "ERR ", LOG_ERR
+ },
+ {
+ 8, "WARNING ", LOG_WARNING
+ },
+ {
+ 5, "WARN ", LOG_WARNING
+ },
+ {
+ 4, "WAR ", LOG_WARNING
+ },
+ {
+ 7, "NOTICE ", LOG_NOTICE
+ },
+ {
+ 5, "NOTE ", LOG_NOTICE
+ },
+ {
+ 4, "NOT ", LOG_NOTICE
+ },
+ {
+ 5, "INFO ", LOG_INFO
+ },
+ {
+ 4, "INF ", LOG_INFO
+ },
+ {
+ 6, "DEBUG ", LOG_DEBUG
+ },
+ {
+ 4, "DBG ", LOG_DEBUG
+ },
+ {
+ 0, "", LOG_ERR
+ }
+ /* The default */
+ };
+
+ if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) {
+ return (0);
+ }
+ strncpy(buf, in, inl);
+ buf[inl] = '\0';
+
+ i = 0;
+ while (strncmp(buf, mapping[i].str, mapping[i].strl) != 0)
+ i++;
+ priority = mapping[i].log_level;
+ pp = buf + mapping[i].strl;
+
+ xsyslog(b, priority, pp);
+
+ OPENSSL_free(buf);
+ return (ret);
+}
+
+static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ switch (cmd) {
+ case BIO_CTRL_SET:
+ xcloselog(b);
+ xopenlog(b, ptr, num);
+ break;
+ default:
+ break;
+ }
+ return (0);
+}
+
+static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
+{
+ int n, ret;
+
+ n = strlen(str);
+ ret = slg_write(bp, str, n);
+ return (ret);
+}
+
+# if defined(OPENSSL_SYS_WIN32)
+
+static void xopenlog(BIO *bp, char *name, int level)
+{
+ if (!register_event_source) {
+ HANDLE advapi;
+ if (!(advapi = GetModuleHandle("advapi32")))
+ return;
+ register_event_source = (HANDLE(WINAPI *)())DL_PROC_X(advapi,
+ "RegisterEventSource");
+ deregister_event_source = (BOOL(WINAPI *)()) DL_PROC(advapi,
+ "DeregisterEventSource");
+ report_event = (BOOL(WINAPI *)()) DL_PROC_X(advapi, "ReportEvent");
+ if (!(register_event_source && deregister_event_source &&
+ report_event)) {
+ register_event_source = NULL;
+ deregister_event_source = NULL;
+ report_event = NULL;
+ return;
+ }
+ }
+ bp->ptr = (char *)register_event_source(NULL, name);
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+ LPCSTR lpszStrings[2];
+ WORD evtype = EVENTLOG_ERROR_TYPE;
+ int pid = _getpid();
+ char pidbuf[DECIMAL_SIZE(pid) + 4];
+
+ switch (priority) {
+ case LOG_EMERG:
+ case LOG_ALERT:
+ case LOG_CRIT:
+ case LOG_ERR:
+ evtype = EVENTLOG_ERROR_TYPE;
+ break;
+ case LOG_WARNING:
+ evtype = EVENTLOG_WARNING_TYPE;
+ break;
+ case LOG_NOTICE:
+ case LOG_INFO:
+ case LOG_DEBUG:
+ evtype = EVENTLOG_INFORMATION_TYPE;
+ break;
+ default:
+ /*
+ * Should never happen, but set it
+ * as error anyway.
+ */
+ evtype = EVENTLOG_ERROR_TYPE;
+ break;
+ }
+
+ sprintf(pidbuf, "[%d] ", pid);
+ lpszStrings[0] = pidbuf;
+ lpszStrings[1] = string;
+
+ if (report_event && bp->ptr)
+ report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL);
+}
+
+static void xcloselog(BIO *bp)
+{
+ if (deregister_event_source && bp->ptr)
+ deregister_event_source((HANDLE) (bp->ptr));
+ bp->ptr = NULL;
+}
+
+# elif defined(OPENSSL_SYS_VMS)
+
+static int VMS_OPC_target = LOG_DAEMON;
+
+static void xopenlog(BIO *bp, char *name, int level)
+{
+ VMS_OPC_target = level;
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+ struct dsc$descriptor_s opc_dsc;
+ struct opcdef *opcdef_p;
+ char buf[10240];
+ unsigned int len;
+ struct dsc$descriptor_s buf_dsc;
+ $DESCRIPTOR(fao_cmd, "!AZ: !AZ");
+ char *priority_tag;
+
+ switch (priority) {
+ case LOG_EMERG:
+ priority_tag = "Emergency";
+ break;
+ case LOG_ALERT:
+ priority_tag = "Alert";
+ break;
+ case LOG_CRIT:
+ priority_tag = "Critical";
+ break;
+ case LOG_ERR:
+ priority_tag = "Error";
+ break;
+ case LOG_WARNING:
+ priority_tag = "Warning";
+ break;
+ case LOG_NOTICE:
+ priority_tag = "Notice";
+ break;
+ case LOG_INFO:
+ priority_tag = "Info";
+ break;
+ case LOG_DEBUG:
+ priority_tag = "DEBUG";
+ break;
+ }
+
+ buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ buf_dsc.dsc$b_class = DSC$K_CLASS_S;
+ buf_dsc.dsc$a_pointer = buf;
+ buf_dsc.dsc$w_length = sizeof(buf) - 1;
+
+ lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
+
+ /* we know there's an 8 byte header. That's documented */
+ opcdef_p = (struct opcdef *)OPENSSL_malloc(8 + len);
+ opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
+ memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
+ opcdef_p->opc$l_ms_rqstid = 0;
+ memcpy(&opcdef_p->opc$l_ms_text, buf, len);
+
+ opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ opc_dsc.dsc$b_class = DSC$K_CLASS_S;
+ opc_dsc.dsc$a_pointer = (char *)opcdef_p;
+ opc_dsc.dsc$w_length = len + 8;
+
+ sys$sndopr(opc_dsc, 0);
+
+ OPENSSL_free(opcdef_p);
+}
+
+static void xcloselog(BIO *bp)
+{
+}
+
+# else /* Unix/Watt32 */
+
+static void xopenlog(BIO *bp, char *name, int level)
+{
+# ifdef WATT32 /* djgpp/DOS */
+ openlog(name, LOG_PID | LOG_CONS | LOG_NDELAY, level);
+# else
+ openlog(name, LOG_PID | LOG_CONS, level);
+# endif
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+ syslog(priority, "%s", string);
+}
+
+static void xcloselog(BIO *bp)
+{
+ closelog();
+}
+
+# endif /* Unix */
+
+#endif /* NO_SYSLOG */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_mem.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_mem.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_mem.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,323 +0,0 @@
-/* crypto/bio/bss_mem.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-static int mem_write(BIO *h, const char *buf, int num);
-static int mem_read(BIO *h, char *buf, int size);
-static int mem_puts(BIO *h, const char *str);
-static int mem_gets(BIO *h, char *str, int size);
-static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int mem_new(BIO *h);
-static int mem_free(BIO *data);
-static BIO_METHOD mem_method=
- {
- BIO_TYPE_MEM,
- "memory buffer",
- mem_write,
- mem_read,
- mem_puts,
- mem_gets,
- mem_ctrl,
- mem_new,
- mem_free,
- NULL,
- };
-
-/* bio->num is used to hold the value to return on 'empty', if it is
- * 0, should_retry is not set */
-
-BIO_METHOD *BIO_s_mem(void)
- {
- return(&mem_method);
- }
-
-BIO *BIO_new_mem_buf(void *buf, int len)
-{
- BIO *ret;
- BUF_MEM *b;
- if (!buf) {
- BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER);
- return NULL;
- }
- if(len == -1) len = strlen(buf);
- if(!(ret = BIO_new(BIO_s_mem())) ) return NULL;
- b = (BUF_MEM *)ret->ptr;
- b->data = buf;
- b->length = len;
- b->max = len;
- ret->flags |= BIO_FLAGS_MEM_RDONLY;
- /* Since this is static data retrying wont help */
- ret->num = 0;
- return ret;
-}
-
-static int mem_new(BIO *bi)
- {
- BUF_MEM *b;
-
- if ((b=BUF_MEM_new()) == NULL)
- return(0);
- bi->shutdown=1;
- bi->init=1;
- bi->num= -1;
- bi->ptr=(char *)b;
- return(1);
- }
-
-static int mem_free(BIO *a)
- {
- if (a == NULL) return(0);
- if (a->shutdown)
- {
- if ((a->init) && (a->ptr != NULL))
- {
- BUF_MEM *b;
- b = (BUF_MEM *)a->ptr;
- if(a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL;
- BUF_MEM_free(b);
- a->ptr=NULL;
- }
- }
- return(1);
- }
-
-static int mem_read(BIO *b, char *out, int outl)
- {
- int ret= -1;
- BUF_MEM *bm;
- int i;
- char *from,*to;
-
- bm=(BUF_MEM *)b->ptr;
- BIO_clear_retry_flags(b);
- ret=(outl > bm->length)?bm->length:outl;
- if ((out != NULL) && (ret > 0)) {
- memcpy(out,bm->data,ret);
- bm->length-=ret;
- /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
- if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret;
- else {
- from=(char *)&(bm->data[ret]);
- to=(char *)&(bm->data[0]);
- for (i=0; i<bm->length; i++)
- to[i]=from[i];
- }
- } else if (bm->length == 0)
- {
- ret = b->num;
- if (ret != 0)
- BIO_set_retry_read(b);
- }
- return(ret);
- }
-
-static int mem_write(BIO *b, const char *in, int inl)
- {
- int ret= -1;
- int blen;
- BUF_MEM *bm;
-
- bm=(BUF_MEM *)b->ptr;
- if (in == NULL)
- {
- BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER);
- goto end;
- }
-
- if(b->flags & BIO_FLAGS_MEM_RDONLY) {
- BIOerr(BIO_F_MEM_WRITE,BIO_R_WRITE_TO_READ_ONLY_BIO);
- goto end;
- }
-
- BIO_clear_retry_flags(b);
- blen=bm->length;
- if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl))
- goto end;
- memcpy(&(bm->data[blen]),in,inl);
- ret=inl;
-end:
- return(ret);
- }
-
-static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- long ret=1;
- char **pptr;
-
- BUF_MEM *bm=(BUF_MEM *)b->ptr;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- if (bm->data != NULL)
- {
- /* For read only case reset to the start again */
- if(b->flags & BIO_FLAGS_MEM_RDONLY)
- {
- bm->data -= bm->max - bm->length;
- bm->length = bm->max;
- }
- else
- {
- memset(bm->data,0,bm->max);
- bm->length=0;
- }
- }
- break;
- case BIO_CTRL_EOF:
- ret=(long)(bm->length == 0);
- break;
- case BIO_C_SET_BUF_MEM_EOF_RETURN:
- b->num=(int)num;
- break;
- case BIO_CTRL_INFO:
- ret=(long)bm->length;
- if (ptr != NULL)
- {
- pptr=(char **)ptr;
- *pptr=(char *)&(bm->data[0]);
- }
- break;
- case BIO_C_SET_BUF_MEM:
- mem_free(b);
- b->shutdown=(int)num;
- b->ptr=ptr;
- break;
- case BIO_C_GET_BUF_MEM_PTR:
- if (ptr != NULL)
- {
- pptr=(char **)ptr;
- *pptr=(char *)bm;
- }
- break;
- case BIO_CTRL_GET_CLOSE:
- ret=(long)b->shutdown;
- break;
- case BIO_CTRL_SET_CLOSE:
- b->shutdown=(int)num;
- break;
-
- case BIO_CTRL_WPENDING:
- ret=0L;
- break;
- case BIO_CTRL_PENDING:
- ret=(long)bm->length;
- break;
- case BIO_CTRL_DUP:
- case BIO_CTRL_FLUSH:
- ret=1;
- break;
- case BIO_CTRL_PUSH:
- case BIO_CTRL_POP:
- default:
- ret=0;
- break;
- }
- return(ret);
- }
-
-static int mem_gets(BIO *bp, char *buf, int size)
- {
- int i,j;
- int ret= -1;
- char *p;
- BUF_MEM *bm=(BUF_MEM *)bp->ptr;
-
- BIO_clear_retry_flags(bp);
- j=bm->length;
- if ((size-1) < j) j=size-1;
- if (j <= 0)
- {
- *buf='\0';
- return 0;
- }
- p=bm->data;
- for (i=0; i<j; i++)
- {
- if (p[i] == '\n')
- {
- i++;
- break;
- }
- }
-
- /*
- * i is now the max num of bytes to copy, either j or up to
- * and including the first newline
- */
-
- i=mem_read(bp,buf,i);
- if (i > 0) buf[i]='\0';
- ret=i;
- return(ret);
- }
-
-static int mem_puts(BIO *bp, const char *str)
- {
- int n,ret;
-
- n=strlen(str);
- ret=mem_write(bp,str,n);
- /* memory semantics is that it will always work */
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_mem.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bss_mem.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_mem.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_mem.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,316 @@
+/* crypto/bio/bss_mem.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+static int mem_write(BIO *h, const char *buf, int num);
+static int mem_read(BIO *h, char *buf, int size);
+static int mem_puts(BIO *h, const char *str);
+static int mem_gets(BIO *h, char *str, int size);
+static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int mem_new(BIO *h);
+static int mem_free(BIO *data);
+static BIO_METHOD mem_method = {
+ BIO_TYPE_MEM,
+ "memory buffer",
+ mem_write,
+ mem_read,
+ mem_puts,
+ mem_gets,
+ mem_ctrl,
+ mem_new,
+ mem_free,
+ NULL,
+};
+
+/*
+ * bio->num is used to hold the value to return on 'empty', if it is 0,
+ * should_retry is not set
+ */
+
+BIO_METHOD *BIO_s_mem(void)
+{
+ return (&mem_method);
+}
+
+BIO *BIO_new_mem_buf(void *buf, int len)
+{
+ BIO *ret;
+ BUF_MEM *b;
+ if (!buf) {
+ BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER);
+ return NULL;
+ }
+ if (len == -1)
+ len = strlen(buf);
+ if (!(ret = BIO_new(BIO_s_mem())))
+ return NULL;
+ b = (BUF_MEM *)ret->ptr;
+ b->data = buf;
+ b->length = len;
+ b->max = len;
+ ret->flags |= BIO_FLAGS_MEM_RDONLY;
+ /* Since this is static data retrying wont help */
+ ret->num = 0;
+ return ret;
+}
+
+static int mem_new(BIO *bi)
+{
+ BUF_MEM *b;
+
+ if ((b = BUF_MEM_new()) == NULL)
+ return (0);
+ bi->shutdown = 1;
+ bi->init = 1;
+ bi->num = -1;
+ bi->ptr = (char *)b;
+ return (1);
+}
+
+static int mem_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ if (a->shutdown) {
+ if ((a->init) && (a->ptr != NULL)) {
+ BUF_MEM *b;
+ b = (BUF_MEM *)a->ptr;
+ if (a->flags & BIO_FLAGS_MEM_RDONLY)
+ b->data = NULL;
+ BUF_MEM_free(b);
+ a->ptr = NULL;
+ }
+ }
+ return (1);
+}
+
+static int mem_read(BIO *b, char *out, int outl)
+{
+ int ret = -1;
+ BUF_MEM *bm;
+ int i;
+ char *from, *to;
+
+ bm = (BUF_MEM *)b->ptr;
+ BIO_clear_retry_flags(b);
+ ret = (outl > bm->length) ? bm->length : outl;
+ if ((out != NULL) && (ret > 0)) {
+ memcpy(out, bm->data, ret);
+ bm->length -= ret;
+ /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
+ if (b->flags & BIO_FLAGS_MEM_RDONLY)
+ bm->data += ret;
+ else {
+ from = (char *)&(bm->data[ret]);
+ to = (char *)&(bm->data[0]);
+ for (i = 0; i < bm->length; i++)
+ to[i] = from[i];
+ }
+ } else if (bm->length == 0) {
+ ret = b->num;
+ if (ret != 0)
+ BIO_set_retry_read(b);
+ }
+ return (ret);
+}
+
+static int mem_write(BIO *b, const char *in, int inl)
+{
+ int ret = -1;
+ int blen;
+ BUF_MEM *bm;
+
+ bm = (BUF_MEM *)b->ptr;
+ if (in == NULL) {
+ BIOerr(BIO_F_MEM_WRITE, BIO_R_NULL_PARAMETER);
+ goto end;
+ }
+
+ if (b->flags & BIO_FLAGS_MEM_RDONLY) {
+ BIOerr(BIO_F_MEM_WRITE, BIO_R_WRITE_TO_READ_ONLY_BIO);
+ goto end;
+ }
+
+ BIO_clear_retry_flags(b);
+ blen = bm->length;
+ if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl))
+ goto end;
+ memcpy(&(bm->data[blen]), in, inl);
+ ret = inl;
+ end:
+ return (ret);
+}
+
+static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ long ret = 1;
+ char **pptr;
+
+ BUF_MEM *bm = (BUF_MEM *)b->ptr;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ if (bm->data != NULL) {
+ /* For read only case reset to the start again */
+ if (b->flags & BIO_FLAGS_MEM_RDONLY) {
+ bm->data -= bm->max - bm->length;
+ bm->length = bm->max;
+ } else {
+ memset(bm->data, 0, bm->max);
+ bm->length = 0;
+ }
+ }
+ break;
+ case BIO_CTRL_EOF:
+ ret = (long)(bm->length == 0);
+ break;
+ case BIO_C_SET_BUF_MEM_EOF_RETURN:
+ b->num = (int)num;
+ break;
+ case BIO_CTRL_INFO:
+ ret = (long)bm->length;
+ if (ptr != NULL) {
+ pptr = (char **)ptr;
+ *pptr = (char *)&(bm->data[0]);
+ }
+ break;
+ case BIO_C_SET_BUF_MEM:
+ mem_free(b);
+ b->shutdown = (int)num;
+ b->ptr = ptr;
+ break;
+ case BIO_C_GET_BUF_MEM_PTR:
+ if (ptr != NULL) {
+ pptr = (char **)ptr;
+ *pptr = (char *)bm;
+ }
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret = (long)b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown = (int)num;
+ break;
+
+ case BIO_CTRL_WPENDING:
+ ret = 0L;
+ break;
+ case BIO_CTRL_PENDING:
+ ret = (long)bm->length;
+ break;
+ case BIO_CTRL_DUP:
+ case BIO_CTRL_FLUSH:
+ ret = 1;
+ break;
+ case BIO_CTRL_PUSH:
+ case BIO_CTRL_POP:
+ default:
+ ret = 0;
+ break;
+ }
+ return (ret);
+}
+
+static int mem_gets(BIO *bp, char *buf, int size)
+{
+ int i, j;
+ int ret = -1;
+ char *p;
+ BUF_MEM *bm = (BUF_MEM *)bp->ptr;
+
+ BIO_clear_retry_flags(bp);
+ j = bm->length;
+ if ((size - 1) < j)
+ j = size - 1;
+ if (j <= 0) {
+ *buf = '\0';
+ return 0;
+ }
+ p = bm->data;
+ for (i = 0; i < j; i++) {
+ if (p[i] == '\n') {
+ i++;
+ break;
+ }
+ }
+
+ /*
+ * i is now the max num of bytes to copy, either j or up to
+ * and including the first newline
+ */
+
+ i = mem_read(bp, buf, i);
+ if (i > 0)
+ buf[i] = '\0';
+ ret = i;
+ return (ret);
+}
+
+static int mem_puts(BIO *bp, const char *str)
+{
+ int n, ret;
+
+ n = strlen(str);
+ ret = mem_write(bp, str, n);
+ /* memory semantics is that it will always work */
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_null.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_null.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_null.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,150 +0,0 @@
-/* crypto/bio/bss_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-static int null_write(BIO *h, const char *buf, int num);
-static int null_read(BIO *h, char *buf, int size);
-static int null_puts(BIO *h, const char *str);
-static int null_gets(BIO *h, char *str, int size);
-static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int null_new(BIO *h);
-static int null_free(BIO *data);
-static BIO_METHOD null_method=
- {
- BIO_TYPE_NULL,
- "NULL",
- null_write,
- null_read,
- null_puts,
- null_gets,
- null_ctrl,
- null_new,
- null_free,
- NULL,
- };
-
-BIO_METHOD *BIO_s_null(void)
- {
- return(&null_method);
- }
-
-static int null_new(BIO *bi)
- {
- bi->init=1;
- bi->num=0;
- bi->ptr=(NULL);
- return(1);
- }
-
-static int null_free(BIO *a)
- {
- if (a == NULL) return(0);
- return(1);
- }
-
-static int null_read(BIO *b, char *out, int outl)
- {
- return(0);
- }
-
-static int null_write(BIO *b, const char *in, int inl)
- {
- return(inl);
- }
-
-static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- long ret=1;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- case BIO_CTRL_EOF:
- case BIO_CTRL_SET:
- case BIO_CTRL_SET_CLOSE:
- case BIO_CTRL_FLUSH:
- case BIO_CTRL_DUP:
- ret=1;
- break;
- case BIO_CTRL_GET_CLOSE:
- case BIO_CTRL_INFO:
- case BIO_CTRL_GET:
- case BIO_CTRL_PENDING:
- case BIO_CTRL_WPENDING:
- default:
- ret=0;
- break;
- }
- return(ret);
- }
-
-static int null_gets(BIO *bp, char *buf, int size)
- {
- return(0);
- }
-
-static int null_puts(BIO *bp, const char *str)
- {
- if (str == NULL) return(0);
- return(strlen(str));
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_null.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bss_null.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_null.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_null.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,149 @@
+/* crypto/bio/bss_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+static int null_write(BIO *h, const char *buf, int num);
+static int null_read(BIO *h, char *buf, int size);
+static int null_puts(BIO *h, const char *str);
+static int null_gets(BIO *h, char *str, int size);
+static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int null_new(BIO *h);
+static int null_free(BIO *data);
+static BIO_METHOD null_method = {
+ BIO_TYPE_NULL,
+ "NULL",
+ null_write,
+ null_read,
+ null_puts,
+ null_gets,
+ null_ctrl,
+ null_new,
+ null_free,
+ NULL,
+};
+
+BIO_METHOD *BIO_s_null(void)
+{
+ return (&null_method);
+}
+
+static int null_new(BIO *bi)
+{
+ bi->init = 1;
+ bi->num = 0;
+ bi->ptr = (NULL);
+ return (1);
+}
+
+static int null_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ return (1);
+}
+
+static int null_read(BIO *b, char *out, int outl)
+{
+ return (0);
+}
+
+static int null_write(BIO *b, const char *in, int inl)
+{
+ return (inl);
+}
+
+static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ long ret = 1;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ case BIO_CTRL_EOF:
+ case BIO_CTRL_SET:
+ case BIO_CTRL_SET_CLOSE:
+ case BIO_CTRL_FLUSH:
+ case BIO_CTRL_DUP:
+ ret = 1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ case BIO_CTRL_INFO:
+ case BIO_CTRL_GET:
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_WPENDING:
+ default:
+ ret = 0;
+ break;
+ }
+ return (ret);
+}
+
+static int null_gets(BIO *bp, char *buf, int size)
+{
+ return (0);
+}
+
+static int null_puts(BIO *bp, const char *str)
+{
+ if (str == NULL)
+ return (0);
+ return (strlen(str));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_rtcp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_rtcp.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_rtcp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,294 +0,0 @@
-/* crypto/bio/bss_rtcp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Written by David L. Jones <jonesd at kcgl1.eng.ohio-state.edu>
- * Date: 22-JUL-1996
- * Revised: 25-SEP-1997 Update for 0.8.1, BIO_CTRL_SET -> BIO_C_SET_FD
- */
-/* VMS */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/bio.h>
-
-#include <iodef.h> /* VMS IO$_ definitions */
-#include <starlet.h>
-
-typedef unsigned short io_channel;
-/*************************************************************************/
-struct io_status { short status, count; long flags; };
-
-struct rpc_msg { /* Should have member alignment inhibited */
- char channel; /* 'A'-app data. 'R'-remote client 'G'-global */
- char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
- unsigned short int length; /* Amount of data returned or max to return */
- char data[4092]; /* variable data */
-};
-#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
-
-struct rpc_ctx {
- int filled, pos;
- struct rpc_msg msg;
-};
-
-static int rtcp_write(BIO *h,const char *buf,int num);
-static int rtcp_read(BIO *h,char *buf,int size);
-static int rtcp_puts(BIO *h,const char *str);
-static int rtcp_gets(BIO *h,char *str,int size);
-static long rtcp_ctrl(BIO *h,int cmd,long arg1,void *arg2);
-static int rtcp_new(BIO *h);
-static int rtcp_free(BIO *data);
-
-static BIO_METHOD rtcp_method=
- {
- BIO_TYPE_FD,
- "RTCP",
- rtcp_write,
- rtcp_read,
- rtcp_puts,
- rtcp_gets,
- rtcp_ctrl,
- rtcp_new,
- rtcp_free,
- NULL,
- };
-
-BIO_METHOD *BIO_s_rtcp(void)
- {
- return(&rtcp_method);
- }
-/*****************************************************************************/
-/* Decnet I/O routines.
- */
-
-#ifdef __DECC
-#pragma message save
-#pragma message disable DOLLARID
-#endif
-
-static int get ( io_channel chan, char *buffer, int maxlen, int *length )
-{
- int status;
- struct io_status iosb;
- status = sys$qiow ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
- buffer, maxlen, 0, 0, 0, 0 );
- if ( (status&1) == 1 ) status = iosb.status;
- if ( (status&1) == 1 ) *length = iosb.count;
- return status;
-}
-
-static int put ( io_channel chan, char *buffer, int length )
-{
- int status;
- struct io_status iosb;
- status = sys$qiow ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
- buffer, length, 0, 0, 0, 0 );
- if ( (status&1) == 1 ) status = iosb.status;
- return status;
-}
-
-#ifdef __DECC
-#pragma message restore
-#endif
-
-/***************************************************************************/
-
-static int rtcp_new(BIO *bi)
-{
- struct rpc_ctx *ctx;
- bi->init=1;
- bi->num=0;
- bi->flags = 0;
- bi->ptr=OPENSSL_malloc(sizeof(struct rpc_ctx));
- ctx = (struct rpc_ctx *) bi->ptr;
- ctx->filled = 0;
- ctx->pos = 0;
- return(1);
-}
-
-static int rtcp_free(BIO *a)
-{
- if (a == NULL) return(0);
- if ( a->ptr ) OPENSSL_free ( a->ptr );
- a->ptr = NULL;
- return(1);
-}
-
-static int rtcp_read(BIO *b, char *out, int outl)
-{
- int status, length;
- struct rpc_ctx *ctx;
- /*
- * read data, return existing.
- */
- ctx = (struct rpc_ctx *) b->ptr;
- if ( ctx->pos < ctx->filled ) {
- length = ctx->filled - ctx->pos;
- if ( length > outl ) length = outl;
- memmove ( out, &ctx->msg.data[ctx->pos], length );
- ctx->pos += length;
- return length;
- }
- /*
- * Requst more data from R channel.
- */
- ctx->msg.channel = 'R';
- ctx->msg.function = 'G';
- ctx->msg.length = sizeof(ctx->msg.data);
- status = put ( b->num, (char *) &ctx->msg, RPC_HDR_SIZE );
- if ( (status&1) == 0 ) {
- return -1;
- }
- /*
- * Read.
- */
- ctx->pos = ctx->filled = 0;
- status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
- if ( (status&1) == 0 ) length = -1;
- if ( ctx->msg.channel != 'R' || ctx->msg.function != 'C' ) {
- length = -1;
- }
- ctx->filled = length - RPC_HDR_SIZE;
-
- if ( ctx->pos < ctx->filled ) {
- length = ctx->filled - ctx->pos;
- if ( length > outl ) length = outl;
- memmove ( out, ctx->msg.data, length );
- ctx->pos += length;
- return length;
- }
-
- return length;
-}
-
-static int rtcp_write(BIO *b, const char *in, int inl)
-{
- int status, i, segment, length;
- struct rpc_ctx *ctx;
- /*
- * Output data, send in chunks no larger that sizeof(ctx->msg.data).
- */
- ctx = (struct rpc_ctx *) b->ptr;
- for ( i = 0; i < inl; i += segment ) {
- segment = inl - i;
- if ( segment > sizeof(ctx->msg.data) ) segment = sizeof(ctx->msg.data);
- ctx->msg.channel = 'R';
- ctx->msg.function = 'P';
- ctx->msg.length = segment;
- memmove ( ctx->msg.data, &in[i], segment );
- status = put ( b->num, (char *) &ctx->msg, segment + RPC_HDR_SIZE );
- if ((status&1) == 0 ) { i = -1; break; }
-
- status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
- if ( ((status&1) == 0) || (length < RPC_HDR_SIZE) ) { i = -1; break; }
- if ( (ctx->msg.channel != 'R') || (ctx->msg.function != 'C') ) {
- printf("unexpected response when confirming put %c %c\n",
- ctx->msg.channel, ctx->msg.function );
-
- }
- }
- return(i);
-}
-
-static long rtcp_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- long ret=1;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- case BIO_CTRL_EOF:
- ret = 1;
- break;
- case BIO_C_SET_FD:
- b->num = num;
- ret = 1;
- break;
- case BIO_CTRL_SET_CLOSE:
- case BIO_CTRL_FLUSH:
- case BIO_CTRL_DUP:
- ret=1;
- break;
- case BIO_CTRL_GET_CLOSE:
- case BIO_CTRL_INFO:
- case BIO_CTRL_GET:
- case BIO_CTRL_PENDING:
- case BIO_CTRL_WPENDING:
- default:
- ret=0;
- break;
- }
- return(ret);
- }
-
-static int rtcp_gets(BIO *bp, char *buf, int size)
- {
- return(0);
- }
-
-static int rtcp_puts(BIO *bp, const char *str)
-{
- int length;
- if (str == NULL) return(0);
- length = strlen ( str );
- if ( length == 0 ) return (0);
- return rtcp_write ( bp,str, length );
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_rtcp.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bss_rtcp.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_rtcp.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_rtcp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,319 @@
+/* crypto/bio/bss_rtcp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*-
+ * Written by David L. Jones <jonesd at kcgl1.eng.ohio-state.edu>
+ * Date: 22-JUL-1996
+ * Revised: 25-SEP-1997 Update for 0.8.1, BIO_CTRL_SET -> BIO_C_SET_FD
+ */
+/* VMS */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+
+#include <iodef.h> /* VMS IO$_ definitions */
+#include <starlet.h>
+
+typedef unsigned short io_channel;
+/*************************************************************************/
+struct io_status {
+ short status, count;
+ long flags;
+};
+
+/* Should have member alignment inhibited */
+struct rpc_msg {
+ /* 'A'-app data. 'R'-remote client 'G'-global */
+ char channel;
+ /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+ char function;
+ /* Amount of data returned or max to return */
+ unsigned short int length;
+ /* variable data */
+ char data[4092];
+};
+#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
+
+struct rpc_ctx {
+ int filled, pos;
+ struct rpc_msg msg;
+};
+
+static int rtcp_write(BIO *h, const char *buf, int num);
+static int rtcp_read(BIO *h, char *buf, int size);
+static int rtcp_puts(BIO *h, const char *str);
+static int rtcp_gets(BIO *h, char *str, int size);
+static long rtcp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int rtcp_new(BIO *h);
+static int rtcp_free(BIO *data);
+
+static BIO_METHOD rtcp_method = {
+ BIO_TYPE_FD,
+ "RTCP",
+ rtcp_write,
+ rtcp_read,
+ rtcp_puts,
+ rtcp_gets,
+ rtcp_ctrl,
+ rtcp_new,
+ rtcp_free,
+ NULL,
+};
+
+BIO_METHOD *BIO_s_rtcp(void)
+{
+ return (&rtcp_method);
+}
+
+/*****************************************************************************/
+/*
+ * Decnet I/O routines.
+ */
+
+#ifdef __DECC
+# pragma message save
+# pragma message disable DOLLARID
+#endif
+
+static int get(io_channel chan, char *buffer, int maxlen, int *length)
+{
+ int status;
+ struct io_status iosb;
+ status = sys$qiow(0, chan, IO$_READVBLK, &iosb, 0, 0,
+ buffer, maxlen, 0, 0, 0, 0);
+ if ((status & 1) == 1)
+ status = iosb.status;
+ if ((status & 1) == 1)
+ *length = iosb.count;
+ return status;
+}
+
+static int put(io_channel chan, char *buffer, int length)
+{
+ int status;
+ struct io_status iosb;
+ status = sys$qiow(0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+ buffer, length, 0, 0, 0, 0);
+ if ((status & 1) == 1)
+ status = iosb.status;
+ return status;
+}
+
+#ifdef __DECC
+# pragma message restore
+#endif
+
+/***************************************************************************/
+
+static int rtcp_new(BIO *bi)
+{
+ struct rpc_ctx *ctx;
+ bi->init = 1;
+ bi->num = 0;
+ bi->flags = 0;
+ bi->ptr = OPENSSL_malloc(sizeof(struct rpc_ctx));
+ ctx = (struct rpc_ctx *)bi->ptr;
+ ctx->filled = 0;
+ ctx->pos = 0;
+ return (1);
+}
+
+static int rtcp_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ if (a->ptr)
+ OPENSSL_free(a->ptr);
+ a->ptr = NULL;
+ return (1);
+}
+
+static int rtcp_read(BIO *b, char *out, int outl)
+{
+ int status, length;
+ struct rpc_ctx *ctx;
+ /*
+ * read data, return existing.
+ */
+ ctx = (struct rpc_ctx *)b->ptr;
+ if (ctx->pos < ctx->filled) {
+ length = ctx->filled - ctx->pos;
+ if (length > outl)
+ length = outl;
+ memmove(out, &ctx->msg.data[ctx->pos], length);
+ ctx->pos += length;
+ return length;
+ }
+ /*
+ * Requst more data from R channel.
+ */
+ ctx->msg.channel = 'R';
+ ctx->msg.function = 'G';
+ ctx->msg.length = sizeof(ctx->msg.data);
+ status = put(b->num, (char *)&ctx->msg, RPC_HDR_SIZE);
+ if ((status & 1) == 0) {
+ return -1;
+ }
+ /*
+ * Read.
+ */
+ ctx->pos = ctx->filled = 0;
+ status = get(b->num, (char *)&ctx->msg, sizeof(ctx->msg), &length);
+ if ((status & 1) == 0)
+ length = -1;
+ if (ctx->msg.channel != 'R' || ctx->msg.function != 'C') {
+ length = -1;
+ }
+ ctx->filled = length - RPC_HDR_SIZE;
+
+ if (ctx->pos < ctx->filled) {
+ length = ctx->filled - ctx->pos;
+ if (length > outl)
+ length = outl;
+ memmove(out, ctx->msg.data, length);
+ ctx->pos += length;
+ return length;
+ }
+
+ return length;
+}
+
+static int rtcp_write(BIO *b, const char *in, int inl)
+{
+ int status, i, segment, length;
+ struct rpc_ctx *ctx;
+ /*
+ * Output data, send in chunks no larger that sizeof(ctx->msg.data).
+ */
+ ctx = (struct rpc_ctx *)b->ptr;
+ for (i = 0; i < inl; i += segment) {
+ segment = inl - i;
+ if (segment > sizeof(ctx->msg.data))
+ segment = sizeof(ctx->msg.data);
+ ctx->msg.channel = 'R';
+ ctx->msg.function = 'P';
+ ctx->msg.length = segment;
+ memmove(ctx->msg.data, &in[i], segment);
+ status = put(b->num, (char *)&ctx->msg, segment + RPC_HDR_SIZE);
+ if ((status & 1) == 0) {
+ i = -1;
+ break;
+ }
+
+ status = get(b->num, (char *)&ctx->msg, sizeof(ctx->msg), &length);
+ if (((status & 1) == 0) || (length < RPC_HDR_SIZE)) {
+ i = -1;
+ break;
+ }
+ if ((ctx->msg.channel != 'R') || (ctx->msg.function != 'C')) {
+ printf("unexpected response when confirming put %c %c\n",
+ ctx->msg.channel, ctx->msg.function);
+
+ }
+ }
+ return (i);
+}
+
+static long rtcp_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ long ret = 1;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ case BIO_CTRL_EOF:
+ ret = 1;
+ break;
+ case BIO_C_SET_FD:
+ b->num = num;
+ ret = 1;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ case BIO_CTRL_FLUSH:
+ case BIO_CTRL_DUP:
+ ret = 1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ case BIO_CTRL_INFO:
+ case BIO_CTRL_GET:
+ case BIO_CTRL_PENDING:
+ case BIO_CTRL_WPENDING:
+ default:
+ ret = 0;
+ break;
+ }
+ return (ret);
+}
+
+static int rtcp_gets(BIO *bp, char *buf, int size)
+{
+ return (0);
+}
+
+static int rtcp_puts(BIO *bp, const char *str)
+{
+ int length;
+ if (str == NULL)
+ return (0);
+ length = strlen(str);
+ if (length == 0)
+ return (0);
+ return rtcp_write(bp, str, length);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_sock.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bio/bss_sock.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_sock.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,294 +0,0 @@
-/* crypto/bio/bss_sock.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_SOCK
-
-#include <openssl/bio.h>
-
-#ifdef WATT32
-#define sock_write SockWrite /* Watt-32 uses same names */
-#define sock_read SockRead
-#define sock_puts SockPuts
-#endif
-
-static int sock_write(BIO *h, const char *buf, int num);
-static int sock_read(BIO *h, char *buf, int size);
-static int sock_puts(BIO *h, const char *str);
-static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int sock_new(BIO *h);
-static int sock_free(BIO *data);
-int BIO_sock_should_retry(int s);
-
-static BIO_METHOD methods_sockp=
- {
- BIO_TYPE_SOCKET,
- "socket",
- sock_write,
- sock_read,
- sock_puts,
- NULL, /* sock_gets, */
- sock_ctrl,
- sock_new,
- sock_free,
- NULL,
- };
-
-BIO_METHOD *BIO_s_socket(void)
- {
- return(&methods_sockp);
- }
-
-BIO *BIO_new_socket(int fd, int close_flag)
- {
- BIO *ret;
-
- ret=BIO_new(BIO_s_socket());
- if (ret == NULL) return(NULL);
- BIO_set_fd(ret,fd,close_flag);
- return(ret);
- }
-
-static int sock_new(BIO *bi)
- {
- bi->init=0;
- bi->num=0;
- bi->ptr=NULL;
- bi->flags=0;
- return(1);
- }
-
-static int sock_free(BIO *a)
- {
- if (a == NULL) return(0);
- if (a->shutdown)
- {
- if (a->init)
- {
- SHUTDOWN2(a->num);
- }
- a->init=0;
- a->flags=0;
- }
- return(1);
- }
-
-static int sock_read(BIO *b, char *out, int outl)
- {
- int ret=0;
-
- if (out != NULL)
- {
- clear_socket_error();
- ret=readsocket(b->num,out,outl);
- BIO_clear_retry_flags(b);
- if (ret <= 0)
- {
- if (BIO_sock_should_retry(ret))
- BIO_set_retry_read(b);
- }
- }
- return(ret);
- }
-
-static int sock_write(BIO *b, const char *in, int inl)
- {
- int ret;
-
- clear_socket_error();
- ret=writesocket(b->num,in,inl);
- BIO_clear_retry_flags(b);
- if (ret <= 0)
- {
- if (BIO_sock_should_retry(ret))
- BIO_set_retry_write(b);
- }
- return(ret);
- }
-
-static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- long ret=1;
- int *ip;
-
- switch (cmd)
- {
- case BIO_C_SET_FD:
- sock_free(b);
- b->num= *((int *)ptr);
- b->shutdown=(int)num;
- b->init=1;
- break;
- case BIO_C_GET_FD:
- if (b->init)
- {
- ip=(int *)ptr;
- if (ip != NULL) *ip=b->num;
- ret=b->num;
- }
- else
- ret= -1;
- break;
- case BIO_CTRL_GET_CLOSE:
- ret=b->shutdown;
- break;
- case BIO_CTRL_SET_CLOSE:
- b->shutdown=(int)num;
- break;
- case BIO_CTRL_DUP:
- case BIO_CTRL_FLUSH:
- ret=1;
- break;
- default:
- ret=0;
- break;
- }
- return(ret);
- }
-
-static int sock_puts(BIO *bp, const char *str)
- {
- int n,ret;
-
- n=strlen(str);
- ret=sock_write(bp,str,n);
- return(ret);
- }
-
-int BIO_sock_should_retry(int i)
- {
- int err;
-
- if ((i == 0) || (i == -1))
- {
- err=get_last_socket_error();
-
-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
- if ((i == -1) && (err == 0))
- return(1);
-#endif
-
- return(BIO_sock_non_fatal_error(err));
- }
- return(0);
- }
-
-int BIO_sock_non_fatal_error(int err)
- {
- switch (err)
- {
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
-# if defined(WSAEWOULDBLOCK)
- case WSAEWOULDBLOCK:
-# endif
-
-# if 0 /* This appears to always be an error */
-# if defined(WSAENOTCONN)
- case WSAENOTCONN:
-# endif
-# endif
-#endif
-
-#ifdef EWOULDBLOCK
-# ifdef WSAEWOULDBLOCK
-# if WSAEWOULDBLOCK != EWOULDBLOCK
- case EWOULDBLOCK:
-# endif
-# else
- case EWOULDBLOCK:
-# endif
-#endif
-
-#if defined(ENOTCONN)
- case ENOTCONN:
-#endif
-
-#ifdef EINTR
- case EINTR:
-#endif
-
-#ifdef EAGAIN
-# if EWOULDBLOCK != EAGAIN
- case EAGAIN:
-# endif
-#endif
-
-#ifdef EPROTO
- case EPROTO:
-#endif
-
-#ifdef EINPROGRESS
- case EINPROGRESS:
-#endif
-
-#ifdef EALREADY
- case EALREADY:
-#endif
- return(1);
- /* break; */
- default:
- break;
- }
- return(0);
- }
-
-#endif /* #ifndef OPENSSL_NO_SOCK */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_sock.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bio/bss_sock.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_sock.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bio/bss_sock.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,287 @@
+/* crypto/bio/bss_sock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_SOCK
+
+# include <openssl/bio.h>
+
+# ifdef WATT32
+# define sock_write SockWrite /* Watt-32 uses same names */
+# define sock_read SockRead
+# define sock_puts SockPuts
+# endif
+
+static int sock_write(BIO *h, const char *buf, int num);
+static int sock_read(BIO *h, char *buf, int size);
+static int sock_puts(BIO *h, const char *str);
+static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int sock_new(BIO *h);
+static int sock_free(BIO *data);
+int BIO_sock_should_retry(int s);
+
+static BIO_METHOD methods_sockp = {
+ BIO_TYPE_SOCKET,
+ "socket",
+ sock_write,
+ sock_read,
+ sock_puts,
+ NULL, /* sock_gets, */
+ sock_ctrl,
+ sock_new,
+ sock_free,
+ NULL,
+};
+
+BIO_METHOD *BIO_s_socket(void)
+{
+ return (&methods_sockp);
+}
+
+BIO *BIO_new_socket(int fd, int close_flag)
+{
+ BIO *ret;
+
+ ret = BIO_new(BIO_s_socket());
+ if (ret == NULL)
+ return (NULL);
+ BIO_set_fd(ret, fd, close_flag);
+ return (ret);
+}
+
+static int sock_new(BIO *bi)
+{
+ bi->init = 0;
+ bi->num = 0;
+ bi->ptr = NULL;
+ bi->flags = 0;
+ return (1);
+}
+
+static int sock_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ if (a->shutdown) {
+ if (a->init) {
+ SHUTDOWN2(a->num);
+ }
+ a->init = 0;
+ a->flags = 0;
+ }
+ return (1);
+}
+
+static int sock_read(BIO *b, char *out, int outl)
+{
+ int ret = 0;
+
+ if (out != NULL) {
+ clear_socket_error();
+ ret = readsocket(b->num, out, outl);
+ BIO_clear_retry_flags(b);
+ if (ret <= 0) {
+ if (BIO_sock_should_retry(ret))
+ BIO_set_retry_read(b);
+ }
+ }
+ return (ret);
+}
+
+static int sock_write(BIO *b, const char *in, int inl)
+{
+ int ret;
+
+ clear_socket_error();
+ ret = writesocket(b->num, in, inl);
+ BIO_clear_retry_flags(b);
+ if (ret <= 0) {
+ if (BIO_sock_should_retry(ret))
+ BIO_set_retry_write(b);
+ }
+ return (ret);
+}
+
+static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ long ret = 1;
+ int *ip;
+
+ switch (cmd) {
+ case BIO_C_SET_FD:
+ sock_free(b);
+ b->num = *((int *)ptr);
+ b->shutdown = (int)num;
+ b->init = 1;
+ break;
+ case BIO_C_GET_FD:
+ if (b->init) {
+ ip = (int *)ptr;
+ if (ip != NULL)
+ *ip = b->num;
+ ret = b->num;
+ } else
+ ret = -1;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret = b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown = (int)num;
+ break;
+ case BIO_CTRL_DUP:
+ case BIO_CTRL_FLUSH:
+ ret = 1;
+ break;
+ default:
+ ret = 0;
+ break;
+ }
+ return (ret);
+}
+
+static int sock_puts(BIO *bp, const char *str)
+{
+ int n, ret;
+
+ n = strlen(str);
+ ret = sock_write(bp, str, n);
+ return (ret);
+}
+
+int BIO_sock_should_retry(int i)
+{
+ int err;
+
+ if ((i == 0) || (i == -1)) {
+ err = get_last_socket_error();
+
+# if defined(OPENSSL_SYS_WINDOWS) && 0/* more microsoft stupidity? perhaps
+ * not? Ben 4/1/99 */
+ if ((i == -1) && (err == 0))
+ return (1);
+# endif
+
+ return (BIO_sock_non_fatal_error(err));
+ }
+ return (0);
+}
+
+int BIO_sock_non_fatal_error(int err)
+{
+ switch (err) {
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
+# if defined(WSAEWOULDBLOCK)
+ case WSAEWOULDBLOCK:
+# endif
+
+# if 0 /* This appears to always be an error */
+# if defined(WSAENOTCONN)
+ case WSAENOTCONN:
+# endif
+# endif
+# endif
+
+# ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+# if WSAEWOULDBLOCK != EWOULDBLOCK
+ case EWOULDBLOCK:
+# endif
+# else
+ case EWOULDBLOCK:
+# endif
+# endif
+
+# if defined(ENOTCONN)
+ case ENOTCONN:
+# endif
+
+# ifdef EINTR
+ case EINTR:
+# endif
+
+# ifdef EAGAIN
+# if EWOULDBLOCK != EAGAIN
+ case EAGAIN:
+# endif
+# endif
+
+# ifdef EPROTO
+ case EPROTO:
+# endif
+
+# ifdef EINPROGRESS
+ case EINPROGRESS:
+# endif
+
+# ifdef EALREADY
+ case EALREADY:
+# endif
+ return (1);
+ /* break; */
+ default:
+ break;
+ }
+ return (0);
+}
+
+#endif /* #ifndef OPENSSL_NO_SOCK */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/mips3.s
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/mips3.s 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/mips3.s 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2201 +0,0 @@
-.rdata
-.asciiz "mips3.s, Version 1.1"
-.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro at fy.chalmers.se>"
-
-/*
- * ====================================================================
- * Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- * ====================================================================
- */
-
-/*
- * This is my modest contributon to the OpenSSL project (see
- * http://www.openssl.org/ for more information about it) and is
- * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c
- * module. For updates see http://fy.chalmers.se/~appro/hpe/.
- *
- * The module is designed to work with either of the "new" MIPS ABI(5),
- * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
- * IRIX 5.x not only because it doesn't support new ABIs but also
- * because 5.x kernels put R4x00 CPU into 32-bit mode and all those
- * 64-bit instructions (daddu, dmultu, etc.) found below gonna only
- * cause illegal instruction exception:-(
- *
- * In addition the code depends on preprocessor flags set up by MIPSpro
- * compiler driver (either as or cc) and therefore (probably?) can't be
- * compiled by the GNU assembler. GNU C driver manages fine though...
- * I mean as long as -mmips-as is specified or is the default option,
- * because then it simply invokes /usr/bin/as which in turn takes
- * perfect care of the preprocessor definitions. Another neat feature
- * offered by the MIPSpro assembler is an optimization pass. This gave
- * me the opportunity to have the code looking more regular as all those
- * architecture dependent instruction rescheduling details were left to
- * the assembler. Cool, huh?
- *
- * Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
- * goes way over 3 times faster!
- *
- * <appro at fy.chalmers.se>
- */
-#include <asm.h>
-#include <regdef.h>
-
-#if _MIPS_ISA>=4
-#define MOVNZ(cond,dst,src) \
- movn dst,src,cond
-#else
-#define MOVNZ(cond,dst,src) \
- .set noreorder; \
- bnezl cond,.+8; \
- move dst,src; \
- .set reorder
-#endif
-
-.text
-
-.set noat
-.set reorder
-
-#define MINUS4 v1
-
-.align 5
-LEAF(bn_mul_add_words)
- .set noreorder
- bgtzl a2,.L_bn_mul_add_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_mul_add_words_proceed:
- li MINUS4,-4
- and ta0,a2,MINUS4
- move v0,zero
- beqz ta0,.L_bn_mul_add_words_tail
-
-.L_bn_mul_add_words_loop:
- dmultu t0,a3
- ld t1,0(a0)
- ld t2,8(a1)
- ld t3,8(a0)
- ld ta0,16(a1)
- ld ta1,16(a0)
- daddu t1,v0
- sltu v0,t1,v0 /* All manuals say it "compares 32-bit
- * values", but it seems to work fine
- * even on 64-bit registers. */
- mflo AT
- mfhi t0
- daddu t1,AT
- daddu v0,t0
- sltu AT,t1,AT
- sd t1,0(a0)
- daddu v0,AT
-
- dmultu t2,a3
- ld ta2,24(a1)
- ld ta3,24(a0)
- daddu t3,v0
- sltu v0,t3,v0
- mflo AT
- mfhi t2
- daddu t3,AT
- daddu v0,t2
- sltu AT,t3,AT
- sd t3,8(a0)
- daddu v0,AT
-
- dmultu ta0,a3
- subu a2,4
- PTR_ADD a0,32
- PTR_ADD a1,32
- daddu ta1,v0
- sltu v0,ta1,v0
- mflo AT
- mfhi ta0
- daddu ta1,AT
- daddu v0,ta0
- sltu AT,ta1,AT
- sd ta1,-16(a0)
- daddu v0,AT
-
-
- dmultu ta2,a3
- and ta0,a2,MINUS4
- daddu ta3,v0
- sltu v0,ta3,v0
- mflo AT
- mfhi ta2
- daddu ta3,AT
- daddu v0,ta2
- sltu AT,ta3,AT
- sd ta3,-8(a0)
- daddu v0,AT
- .set noreorder
- bgtzl ta0,.L_bn_mul_add_words_loop
- ld t0,0(a1)
-
- bnezl a2,.L_bn_mul_add_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_mul_add_words_return:
- jr ra
-
-.L_bn_mul_add_words_tail:
- dmultu t0,a3
- ld t1,0(a0)
- subu a2,1
- daddu t1,v0
- sltu v0,t1,v0
- mflo AT
- mfhi t0
- daddu t1,AT
- daddu v0,t0
- sltu AT,t1,AT
- sd t1,0(a0)
- daddu v0,AT
- beqz a2,.L_bn_mul_add_words_return
-
- ld t0,8(a1)
- dmultu t0,a3
- ld t1,8(a0)
- subu a2,1
- daddu t1,v0
- sltu v0,t1,v0
- mflo AT
- mfhi t0
- daddu t1,AT
- daddu v0,t0
- sltu AT,t1,AT
- sd t1,8(a0)
- daddu v0,AT
- beqz a2,.L_bn_mul_add_words_return
-
- ld t0,16(a1)
- dmultu t0,a3
- ld t1,16(a0)
- daddu t1,v0
- sltu v0,t1,v0
- mflo AT
- mfhi t0
- daddu t1,AT
- daddu v0,t0
- sltu AT,t1,AT
- sd t1,16(a0)
- daddu v0,AT
- jr ra
-END(bn_mul_add_words)
-
-.align 5
-LEAF(bn_mul_words)
- .set noreorder
- bgtzl a2,.L_bn_mul_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_mul_words_proceed:
- li MINUS4,-4
- and ta0,a2,MINUS4
- move v0,zero
- beqz ta0,.L_bn_mul_words_tail
-
-.L_bn_mul_words_loop:
- dmultu t0,a3
- ld t2,8(a1)
- ld ta0,16(a1)
- ld ta2,24(a1)
- mflo AT
- mfhi t0
- daddu v0,AT
- sltu t1,v0,AT
- sd v0,0(a0)
- daddu v0,t1,t0
-
- dmultu t2,a3
- subu a2,4
- PTR_ADD a0,32
- PTR_ADD a1,32
- mflo AT
- mfhi t2
- daddu v0,AT
- sltu t3,v0,AT
- sd v0,-24(a0)
- daddu v0,t3,t2
-
- dmultu ta0,a3
- mflo AT
- mfhi ta0
- daddu v0,AT
- sltu ta1,v0,AT
- sd v0,-16(a0)
- daddu v0,ta1,ta0
-
-
- dmultu ta2,a3
- and ta0,a2,MINUS4
- mflo AT
- mfhi ta2
- daddu v0,AT
- sltu ta3,v0,AT
- sd v0,-8(a0)
- daddu v0,ta3,ta2
- .set noreorder
- bgtzl ta0,.L_bn_mul_words_loop
- ld t0,0(a1)
-
- bnezl a2,.L_bn_mul_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_mul_words_return:
- jr ra
-
-.L_bn_mul_words_tail:
- dmultu t0,a3
- subu a2,1
- mflo AT
- mfhi t0
- daddu v0,AT
- sltu t1,v0,AT
- sd v0,0(a0)
- daddu v0,t1,t0
- beqz a2,.L_bn_mul_words_return
-
- ld t0,8(a1)
- dmultu t0,a3
- subu a2,1
- mflo AT
- mfhi t0
- daddu v0,AT
- sltu t1,v0,AT
- sd v0,8(a0)
- daddu v0,t1,t0
- beqz a2,.L_bn_mul_words_return
-
- ld t0,16(a1)
- dmultu t0,a3
- mflo AT
- mfhi t0
- daddu v0,AT
- sltu t1,v0,AT
- sd v0,16(a0)
- daddu v0,t1,t0
- jr ra
-END(bn_mul_words)
-
-.align 5
-LEAF(bn_sqr_words)
- .set noreorder
- bgtzl a2,.L_bn_sqr_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_sqr_words_proceed:
- li MINUS4,-4
- and ta0,a2,MINUS4
- move v0,zero
- beqz ta0,.L_bn_sqr_words_tail
-
-.L_bn_sqr_words_loop:
- dmultu t0,t0
- ld t2,8(a1)
- ld ta0,16(a1)
- ld ta2,24(a1)
- mflo t1
- mfhi t0
- sd t1,0(a0)
- sd t0,8(a0)
-
- dmultu t2,t2
- subu a2,4
- PTR_ADD a0,64
- PTR_ADD a1,32
- mflo t3
- mfhi t2
- sd t3,-48(a0)
- sd t2,-40(a0)
-
- dmultu ta0,ta0
- mflo ta1
- mfhi ta0
- sd ta1,-32(a0)
- sd ta0,-24(a0)
-
-
- dmultu ta2,ta2
- and ta0,a2,MINUS4
- mflo ta3
- mfhi ta2
- sd ta3,-16(a0)
- sd ta2,-8(a0)
-
- .set noreorder
- bgtzl ta0,.L_bn_sqr_words_loop
- ld t0,0(a1)
-
- bnezl a2,.L_bn_sqr_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_sqr_words_return:
- move v0,zero
- jr ra
-
-.L_bn_sqr_words_tail:
- dmultu t0,t0
- subu a2,1
- mflo t1
- mfhi t0
- sd t1,0(a0)
- sd t0,8(a0)
- beqz a2,.L_bn_sqr_words_return
-
- ld t0,8(a1)
- dmultu t0,t0
- subu a2,1
- mflo t1
- mfhi t0
- sd t1,16(a0)
- sd t0,24(a0)
- beqz a2,.L_bn_sqr_words_return
-
- ld t0,16(a1)
- dmultu t0,t0
- mflo t1
- mfhi t0
- sd t1,32(a0)
- sd t0,40(a0)
- jr ra
-END(bn_sqr_words)
-
-.align 5
-LEAF(bn_add_words)
- .set noreorder
- bgtzl a3,.L_bn_add_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_add_words_proceed:
- li MINUS4,-4
- and AT,a3,MINUS4
- move v0,zero
- beqz AT,.L_bn_add_words_tail
-
-.L_bn_add_words_loop:
- ld ta0,0(a2)
- subu a3,4
- ld t1,8(a1)
- and AT,a3,MINUS4
- ld t2,16(a1)
- PTR_ADD a2,32
- ld t3,24(a1)
- PTR_ADD a0,32
- ld ta1,-24(a2)
- PTR_ADD a1,32
- ld ta2,-16(a2)
- ld ta3,-8(a2)
- daddu ta0,t0
- sltu t8,ta0,t0
- daddu t0,ta0,v0
- sltu v0,t0,ta0
- sd t0,-32(a0)
- daddu v0,t8
-
- daddu ta1,t1
- sltu t9,ta1,t1
- daddu t1,ta1,v0
- sltu v0,t1,ta1
- sd t1,-24(a0)
- daddu v0,t9
-
- daddu ta2,t2
- sltu t8,ta2,t2
- daddu t2,ta2,v0
- sltu v0,t2,ta2
- sd t2,-16(a0)
- daddu v0,t8
-
- daddu ta3,t3
- sltu t9,ta3,t3
- daddu t3,ta3,v0
- sltu v0,t3,ta3
- sd t3,-8(a0)
- daddu v0,t9
-
- .set noreorder
- bgtzl AT,.L_bn_add_words_loop
- ld t0,0(a1)
-
- bnezl a3,.L_bn_add_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_add_words_return:
- jr ra
-
-.L_bn_add_words_tail:
- ld ta0,0(a2)
- daddu ta0,t0
- subu a3,1
- sltu t8,ta0,t0
- daddu t0,ta0,v0
- sltu v0,t0,ta0
- sd t0,0(a0)
- daddu v0,t8
- beqz a3,.L_bn_add_words_return
-
- ld t1,8(a1)
- ld ta1,8(a2)
- daddu ta1,t1
- subu a3,1
- sltu t9,ta1,t1
- daddu t1,ta1,v0
- sltu v0,t1,ta1
- sd t1,8(a0)
- daddu v0,t9
- beqz a3,.L_bn_add_words_return
-
- ld t2,16(a1)
- ld ta2,16(a2)
- daddu ta2,t2
- sltu t8,ta2,t2
- daddu t2,ta2,v0
- sltu v0,t2,ta2
- sd t2,16(a0)
- daddu v0,t8
- jr ra
-END(bn_add_words)
-
-.align 5
-LEAF(bn_sub_words)
- .set noreorder
- bgtzl a3,.L_bn_sub_words_proceed
- ld t0,0(a1)
- jr ra
- move v0,zero
- .set reorder
-
-.L_bn_sub_words_proceed:
- li MINUS4,-4
- and AT,a3,MINUS4
- move v0,zero
- beqz AT,.L_bn_sub_words_tail
-
-.L_bn_sub_words_loop:
- ld ta0,0(a2)
- subu a3,4
- ld t1,8(a1)
- and AT,a3,MINUS4
- ld t2,16(a1)
- PTR_ADD a2,32
- ld t3,24(a1)
- PTR_ADD a0,32
- ld ta1,-24(a2)
- PTR_ADD a1,32
- ld ta2,-16(a2)
- ld ta3,-8(a2)
- sltu t8,t0,ta0
- dsubu t0,ta0
- dsubu ta0,t0,v0
- sd ta0,-32(a0)
- MOVNZ (t0,v0,t8)
-
- sltu t9,t1,ta1
- dsubu t1,ta1
- dsubu ta1,t1,v0
- sd ta1,-24(a0)
- MOVNZ (t1,v0,t9)
-
-
- sltu t8,t2,ta2
- dsubu t2,ta2
- dsubu ta2,t2,v0
- sd ta2,-16(a0)
- MOVNZ (t2,v0,t8)
-
- sltu t9,t3,ta3
- dsubu t3,ta3
- dsubu ta3,t3,v0
- sd ta3,-8(a0)
- MOVNZ (t3,v0,t9)
-
- .set noreorder
- bgtzl AT,.L_bn_sub_words_loop
- ld t0,0(a1)
-
- bnezl a3,.L_bn_sub_words_tail
- ld t0,0(a1)
- .set reorder
-
-.L_bn_sub_words_return:
- jr ra
-
-.L_bn_sub_words_tail:
- ld ta0,0(a2)
- subu a3,1
- sltu t8,t0,ta0
- dsubu t0,ta0
- dsubu ta0,t0,v0
- MOVNZ (t0,v0,t8)
- sd ta0,0(a0)
- beqz a3,.L_bn_sub_words_return
-
- ld t1,8(a1)
- subu a3,1
- ld ta1,8(a2)
- sltu t9,t1,ta1
- dsubu t1,ta1
- dsubu ta1,t1,v0
- MOVNZ (t1,v0,t9)
- sd ta1,8(a0)
- beqz a3,.L_bn_sub_words_return
-
- ld t2,16(a1)
- ld ta2,16(a2)
- sltu t8,t2,ta2
- dsubu t2,ta2
- dsubu ta2,t2,v0
- MOVNZ (t2,v0,t8)
- sd ta2,16(a0)
- jr ra
-END(bn_sub_words)
-
-#undef MINUS4
-
-.align 5
-LEAF(bn_div_3_words)
- .set reorder
- move a3,a0 /* we know that bn_div_words doesn't
- * touch a3, ta2, ta3 and preserves a2
- * so that we can save two arguments
- * and return address in registers
- * instead of stack:-)
- */
- ld a0,(a3)
- move ta2,a1
- ld a1,-8(a3)
- bne a0,a2,.L_bn_div_3_words_proceed
- li v0,-1
- jr ra
-.L_bn_div_3_words_proceed:
- move ta3,ra
- bal bn_div_words
- move ra,ta3
- dmultu ta2,v0
- ld t2,-16(a3)
- move ta0,zero
- mfhi t1
- mflo t0
- sltu t8,t1,v1
-.L_bn_div_3_words_inner_loop:
- bnez t8,.L_bn_div_3_words_inner_loop_done
- sgeu AT,t2,t0
- seq t9,t1,v1
- and AT,t9
- sltu t3,t0,ta2
- daddu v1,a2
- dsubu t1,t3
- dsubu t0,ta2
- sltu t8,t1,v1
- sltu ta0,v1,a2
- or t8,ta0
- .set noreorder
- beqzl AT,.L_bn_div_3_words_inner_loop
- dsubu v0,1
- .set reorder
-.L_bn_div_3_words_inner_loop_done:
- jr ra
-END(bn_div_3_words)
-
-.align 5
-LEAF(bn_div_words)
- .set noreorder
- bnezl a2,.L_bn_div_words_proceed
- move v1,zero
- jr ra
- li v0,-1 /* I'd rather signal div-by-zero
- * which can be done with 'break 7' */
-
-.L_bn_div_words_proceed:
- bltz a2,.L_bn_div_words_body
- move t9,v1
- dsll a2,1
- bgtz a2,.-4
- addu t9,1
-
- .set reorder
- negu t1,t9
- li t2,-1
- dsll t2,t1
- and t2,a0
- dsrl AT,a1,t1
- .set noreorder
- bnezl t2,.+8
- break 6 /* signal overflow */
- .set reorder
- dsll a0,t9
- dsll a1,t9
- or a0,AT
-
-#define QT ta0
-#define HH ta1
-#define DH v1
-.L_bn_div_words_body:
- dsrl DH,a2,32
- sgeu AT,a0,a2
- .set noreorder
- bnezl AT,.+8
- dsubu a0,a2
- .set reorder
-
- li QT,-1
- dsrl HH,a0,32
- dsrl QT,32 /* q=0xffffffff */
- beq DH,HH,.L_bn_div_words_skip_div1
- ddivu zero,a0,DH
- mflo QT
-.L_bn_div_words_skip_div1:
- dmultu a2,QT
- dsll t3,a0,32
- dsrl AT,a1,32
- or t3,AT
- mflo t0
- mfhi t1
-.L_bn_div_words_inner_loop1:
- sltu t2,t3,t0
- seq t8,HH,t1
- sltu AT,HH,t1
- and t2,t8
- sltu v0,t0,a2
- or AT,t2
- .set noreorder
- beqz AT,.L_bn_div_words_inner_loop1_done
- dsubu t1,v0
- dsubu t0,a2
- b .L_bn_div_words_inner_loop1
- dsubu QT,1
- .set reorder
-.L_bn_div_words_inner_loop1_done:
-
- dsll a1,32
- dsubu a0,t3,t0
- dsll v0,QT,32
-
- li QT,-1
- dsrl HH,a0,32
- dsrl QT,32 /* q=0xffffffff */
- beq DH,HH,.L_bn_div_words_skip_div2
- ddivu zero,a0,DH
- mflo QT
-.L_bn_div_words_skip_div2:
-#undef DH
- dmultu a2,QT
- dsll t3,a0,32
- dsrl AT,a1,32
- or t3,AT
- mflo t0
- mfhi t1
-.L_bn_div_words_inner_loop2:
- sltu t2,t3,t0
- seq t8,HH,t1
- sltu AT,HH,t1
- and t2,t8
- sltu v1,t0,a2
- or AT,t2
- .set noreorder
- beqz AT,.L_bn_div_words_inner_loop2_done
- dsubu t1,v1
- dsubu t0,a2
- b .L_bn_div_words_inner_loop2
- dsubu QT,1
- .set reorder
-.L_bn_div_words_inner_loop2_done:
-#undef HH
-
- dsubu a0,t3,t0
- or v0,QT
- dsrl v1,a0,t9 /* v1 contains remainder if anybody wants it */
- dsrl a2,t9 /* restore a2 */
- jr ra
-#undef QT
-END(bn_div_words)
-
-#define a_0 t0
-#define a_1 t1
-#define a_2 t2
-#define a_3 t3
-#define b_0 ta0
-#define b_1 ta1
-#define b_2 ta2
-#define b_3 ta3
-
-#define a_4 s0
-#define a_5 s2
-#define a_6 s4
-#define a_7 a1 /* once we load a[7] we don't need a anymore */
-#define b_4 s1
-#define b_5 s3
-#define b_6 s5
-#define b_7 a2 /* once we load b[7] we don't need b anymore */
-
-#define t_1 t8
-#define t_2 t9
-
-#define c_1 v0
-#define c_2 v1
-#define c_3 a3
-
-#define FRAME_SIZE 48
-
-.align 5
-LEAF(bn_mul_comba8)
- .set noreorder
- PTR_SUB sp,FRAME_SIZE
- .frame sp,64,ra
- .set reorder
- ld a_0,0(a1) /* If compiled with -mips3 option on
- * R5000 box assembler barks on this
- * line with "shouldn't have mult/div
- * as last instruction in bb (R10K
- * bug)" warning. If anybody out there
- * has a clue about how to circumvent
- * this do send me a note.
- * <appro at fy.chalmers.se>
- */
- ld b_0,0(a2)
- ld a_1,8(a1)
- ld a_2,16(a1)
- ld a_3,24(a1)
- ld b_1,8(a2)
- ld b_2,16(a2)
- ld b_3,24(a2)
- dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
- sd s0,0(sp)
- sd s1,8(sp)
- sd s2,16(sp)
- sd s3,24(sp)
- sd s4,32(sp)
- sd s5,40(sp)
- mflo c_1
- mfhi c_2
-
- dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */
- ld a_4,32(a1)
- ld a_5,40(a1)
- ld a_6,48(a1)
- ld a_7,56(a1)
- ld b_4,32(a2)
- ld b_5,40(a2)
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu c_3,t_2,AT
- dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */
- ld b_6,48(a2)
- ld b_7,56(a2)
- sd c_1,0(a0) /* r[0]=c1; */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- sd c_2,8(a0) /* r[1]=c2; */
-
- dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,16(a0) /* r[2]=c3; */
-
- dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,24(a0) /* r[3]=c1; */
-
- dmultu a_4,b_0 /* mul_add_c(a[4],b[0],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_0,b_4 /* mul_add_c(a[0],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,32(a0) /* r[4]=c2; */
-
- dmultu a_0,b_5 /* mul_add_c(a[0],b[5],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_4,b_1 /* mul_add_c(a[4],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_5,b_0 /* mul_add_c(a[5],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,40(a0) /* r[5]=c3; */
-
- dmultu a_6,b_0 /* mul_add_c(a[6],b[0],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_2,b_4 /* mul_add_c(a[2],b[4],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_1,b_5 /* mul_add_c(a[1],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_0,b_6 /* mul_add_c(a[0],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,48(a0) /* r[6]=c1; */
-
- dmultu a_0,b_7 /* mul_add_c(a[0],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_3,b_4 /* mul_add_c(a[3],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_4,b_3 /* mul_add_c(a[4],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_5,b_2 /* mul_add_c(a[5],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_6,b_1 /* mul_add_c(a[6],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_7,b_0 /* mul_add_c(a[7],b[0],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,56(a0) /* r[7]=c2; */
-
- dmultu a_7,b_1 /* mul_add_c(a[7],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_4,b_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_3,b_5 /* mul_add_c(a[3],b[5],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_2,b_6 /* mul_add_c(a[2],b[6],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_1,b_7 /* mul_add_c(a[1],b[7],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,64(a0) /* r[8]=c3; */
-
- dmultu a_2,b_7 /* mul_add_c(a[2],b[7],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_5,b_4 /* mul_add_c(a[5],b[4],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_6,b_3 /* mul_add_c(a[6],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_7,b_2 /* mul_add_c(a[7],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,72(a0) /* r[9]=c1; */
-
- dmultu a_7,b_3 /* mul_add_c(a[7],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_4,b_6 /* mul_add_c(a[4],b[6],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_3,b_7 /* mul_add_c(a[3],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,80(a0) /* r[10]=c2; */
-
- dmultu a_4,b_7 /* mul_add_c(a[4],b[7],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_7,b_4 /* mul_add_c(a[7],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,88(a0) /* r[11]=c3; */
-
- dmultu a_7,b_5 /* mul_add_c(a[7],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,96(a0) /* r[12]=c1; */
-
- dmultu a_6,b_7 /* mul_add_c(a[6],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,104(a0) /* r[13]=c2; */
-
- dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
- ld s0,0(sp)
- ld s1,8(sp)
- ld s2,16(sp)
- ld s3,24(sp)
- ld s4,32(sp)
- ld s5,40(sp)
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sd c_3,112(a0) /* r[14]=c3; */
- sd c_1,120(a0) /* r[15]=c1; */
-
- PTR_ADD sp,FRAME_SIZE
-
- jr ra
-END(bn_mul_comba8)
-
-.align 5
-LEAF(bn_mul_comba4)
- .set reorder
- ld a_0,0(a1)
- ld b_0,0(a2)
- ld a_1,8(a1)
- ld a_2,16(a1)
- dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
- ld a_3,24(a1)
- ld b_1,8(a2)
- ld b_2,16(a2)
- ld b_3,24(a2)
- mflo c_1
- mfhi c_2
- sd c_1,0(a0)
-
- dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu c_3,t_2,AT
- dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- sd c_2,8(a0)
-
- dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,16(a0)
-
- dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu c_3,c_2,t_2
- dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,24(a0)
-
- dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu c_1,c_3,t_2
- dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,32(a0)
-
- dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu c_2,c_1,t_2
- dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,40(a0)
-
- dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sd c_1,48(a0)
- sd c_2,56(a0)
-
- jr ra
-END(bn_mul_comba4)
-
-#undef a_4
-#undef a_5
-#undef a_6
-#undef a_7
-#define a_4 b_0
-#define a_5 b_1
-#define a_6 b_2
-#define a_7 b_3
-
-.align 5
-LEAF(bn_sqr_comba8)
- .set reorder
- ld a_0,0(a1)
- ld a_1,8(a1)
- ld a_2,16(a1)
- ld a_3,24(a1)
-
- dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
- ld a_4,32(a1)
- ld a_5,40(a1)
- ld a_6,48(a1)
- ld a_7,56(a1)
- mflo c_1
- mfhi c_2
- sd c_1,0(a0)
-
- dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu c_3,t_2,AT
- sd c_2,8(a0)
-
- dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,16(a0)
-
- dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,24(a0)
-
- dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,32(a0)
-
- dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,40(a0)
-
- dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,48(a0)
-
- dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,56(a0)
-
- dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,64(a0)
-
- dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,72(a0)
-
- dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_1,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,80(a0)
-
- dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_2,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,88(a0)
-
- dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,96(a0)
-
- dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,104(a0)
-
- dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sd c_3,112(a0)
- sd c_1,120(a0)
-
- jr ra
-END(bn_sqr_comba8)
-
-.align 5
-LEAF(bn_sqr_comba4)
- .set reorder
- ld a_0,0(a1)
- ld a_1,8(a1)
- ld a_2,16(a1)
- ld a_3,24(a1)
- dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
- mflo c_1
- mfhi c_2
- sd c_1,0(a0)
-
- dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu c_3,t_2,AT
- sd c_2,8(a0)
-
- dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,16(a0)
-
- dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt c_3,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- slt AT,t_2,zero
- daddu c_3,AT
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sltu AT,c_2,t_2
- daddu c_3,AT
- sd c_1,24(a0)
-
- dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- slt c_1,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
- mflo t_1
- mfhi t_2
- daddu c_2,t_1
- sltu AT,c_2,t_1
- daddu t_2,AT
- daddu c_3,t_2
- sltu AT,c_3,t_2
- daddu c_1,AT
- sd c_2,32(a0)
-
- dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
- mflo t_1
- mfhi t_2
- slt c_2,t_2,zero
- dsll t_2,1
- slt a2,t_1,zero
- daddu t_2,a2
- dsll t_1,1
- daddu c_3,t_1
- sltu AT,c_3,t_1
- daddu t_2,AT
- daddu c_1,t_2
- sltu AT,c_1,t_2
- daddu c_2,AT
- sd c_3,40(a0)
-
- dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
- mflo t_1
- mfhi t_2
- daddu c_1,t_1
- sltu AT,c_1,t_1
- daddu t_2,AT
- daddu c_2,t_2
- sd c_1,48(a0)
- sd c_2,56(a0)
-
- jr ra
-END(bn_sqr_comba4)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/mips3.s (from rev 6969, vendor-crypto/openssl/dist/crypto/bn/asm/mips3.s)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/mips3.s (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/mips3.s 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2201 @@
+.rdata
+.asciiz "mips3.s, Version 1.1"
+.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro at fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to the OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * The module is designed to work with either of the "new" MIPS ABI(5),
+ * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
+ * IRIX 5.x not only because it doesn't support new ABIs but also
+ * because 5.x kernels put R4x00 CPU into 32-bit mode and all those
+ * 64-bit instructions (daddu, dmultu, etc.) found below gonna only
+ * cause illegal instruction exception:-(
+ *
+ * In addition the code depends on preprocessor flags set up by MIPSpro
+ * compiler driver (either as or cc) and therefore (probably?) can't be
+ * compiled by the GNU assembler. GNU C driver manages fine though...
+ * I mean as long as -mmips-as is specified or is the default option,
+ * because then it simply invokes /usr/bin/as which in turn takes
+ * perfect care of the preprocessor definitions. Another neat feature
+ * offered by the MIPSpro assembler is an optimization pass. This gave
+ * me the opportunity to have the code looking more regular as all those
+ * architecture dependent instruction rescheduling details were left to
+ * the assembler. Cool, huh?
+ *
+ * Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
+ * goes way over 3 times faster!
+ *
+ * <appro at fy.chalmers.se>
+ */
+#include <asm.h>
+#include <regdef.h>
+
+#if _MIPS_ISA>=4
+#define MOVNZ(cond,dst,src) \
+ movn dst,src,cond
+#else
+#define MOVNZ(cond,dst,src) \
+ .set noreorder; \
+ bnezl cond,.+8; \
+ move dst,src; \
+ .set reorder
+#endif
+
+.text
+
+.set noat
+.set reorder
+
+#define MINUS4 v1
+
+.align 5
+LEAF(bn_mul_add_words)
+ .set noreorder
+ bgtzl a2,.L_bn_mul_add_words_proceed
+ ld t0,0(a1)
+ jr ra
+ move v0,zero
+ .set reorder
+
+.L_bn_mul_add_words_proceed:
+ li MINUS4,-4
+ and ta0,a2,MINUS4
+ move v0,zero
+ beqz ta0,.L_bn_mul_add_words_tail
+
+.L_bn_mul_add_words_loop:
+ dmultu t0,a3
+ ld t1,0(a0)
+ ld t2,8(a1)
+ ld t3,8(a0)
+ ld ta0,16(a1)
+ ld ta1,16(a0)
+ daddu t1,v0
+ sltu v0,t1,v0 /* All manuals say it "compares 32-bit
+ * values", but it seems to work fine
+ * even on 64-bit registers. */
+ mflo AT
+ mfhi t0
+ daddu t1,AT
+ daddu v0,t0
+ sltu AT,t1,AT
+ sd t1,0(a0)
+ daddu v0,AT
+
+ dmultu t2,a3
+ ld ta2,24(a1)
+ ld ta3,24(a0)
+ daddu t3,v0
+ sltu v0,t3,v0
+ mflo AT
+ mfhi t2
+ daddu t3,AT
+ daddu v0,t2
+ sltu AT,t3,AT
+ sd t3,8(a0)
+ daddu v0,AT
+
+ dmultu ta0,a3
+ subu a2,4
+ PTR_ADD a0,32
+ PTR_ADD a1,32
+ daddu ta1,v0
+ sltu v0,ta1,v0
+ mflo AT
+ mfhi ta0
+ daddu ta1,AT
+ daddu v0,ta0
+ sltu AT,ta1,AT
+ sd ta1,-16(a0)
+ daddu v0,AT
+
+
+ dmultu ta2,a3
+ and ta0,a2,MINUS4
+ daddu ta3,v0
+ sltu v0,ta3,v0
+ mflo AT
+ mfhi ta2
+ daddu ta3,AT
+ daddu v0,ta2
+ sltu AT,ta3,AT
+ sd ta3,-8(a0)
+ daddu v0,AT
+ .set noreorder
+ bgtzl ta0,.L_bn_mul_add_words_loop
+ ld t0,0(a1)
+
+ bnezl a2,.L_bn_mul_add_words_tail
+ ld t0,0(a1)
+ .set reorder
+
+.L_bn_mul_add_words_return:
+ jr ra
+
+.L_bn_mul_add_words_tail:
+ dmultu t0,a3
+ ld t1,0(a0)
+ subu a2,1
+ daddu t1,v0
+ sltu v0,t1,v0
+ mflo AT
+ mfhi t0
+ daddu t1,AT
+ daddu v0,t0
+ sltu AT,t1,AT
+ sd t1,0(a0)
+ daddu v0,AT
+ beqz a2,.L_bn_mul_add_words_return
+
+ ld t0,8(a1)
+ dmultu t0,a3
+ ld t1,8(a0)
+ subu a2,1
+ daddu t1,v0
+ sltu v0,t1,v0
+ mflo AT
+ mfhi t0
+ daddu t1,AT
+ daddu v0,t0
+ sltu AT,t1,AT
+ sd t1,8(a0)
+ daddu v0,AT
+ beqz a2,.L_bn_mul_add_words_return
+
+ ld t0,16(a1)
+ dmultu t0,a3
+ ld t1,16(a0)
+ daddu t1,v0
+ sltu v0,t1,v0
+ mflo AT
+ mfhi t0
+ daddu t1,AT
+ daddu v0,t0
+ sltu AT,t1,AT
+ sd t1,16(a0)
+ daddu v0,AT
+ jr ra
+END(bn_mul_add_words)
+
+.align 5
+LEAF(bn_mul_words)
+ .set noreorder
+ bgtzl a2,.L_bn_mul_words_proceed
+ ld t0,0(a1)
+ jr ra
+ move v0,zero
+ .set reorder
+
+.L_bn_mul_words_proceed:
+ li MINUS4,-4
+ and ta0,a2,MINUS4
+ move v0,zero
+ beqz ta0,.L_bn_mul_words_tail
+
+.L_bn_mul_words_loop:
+ dmultu t0,a3
+ ld t2,8(a1)
+ ld ta0,16(a1)
+ ld ta2,24(a1)
+ mflo AT
+ mfhi t0
+ daddu v0,AT
+ sltu t1,v0,AT
+ sd v0,0(a0)
+ daddu v0,t1,t0
+
+ dmultu t2,a3
+ subu a2,4
+ PTR_ADD a0,32
+ PTR_ADD a1,32
+ mflo AT
+ mfhi t2
+ daddu v0,AT
+ sltu t3,v0,AT
+ sd v0,-24(a0)
+ daddu v0,t3,t2
+
+ dmultu ta0,a3
+ mflo AT
+ mfhi ta0
+ daddu v0,AT
+ sltu ta1,v0,AT
+ sd v0,-16(a0)
+ daddu v0,ta1,ta0
+
+
+ dmultu ta2,a3
+ and ta0,a2,MINUS4
+ mflo AT
+ mfhi ta2
+ daddu v0,AT
+ sltu ta3,v0,AT
+ sd v0,-8(a0)
+ daddu v0,ta3,ta2
+ .set noreorder
+ bgtzl ta0,.L_bn_mul_words_loop
+ ld t0,0(a1)
+
+ bnezl a2,.L_bn_mul_words_tail
+ ld t0,0(a1)
+ .set reorder
+
+.L_bn_mul_words_return:
+ jr ra
+
+.L_bn_mul_words_tail:
+ dmultu t0,a3
+ subu a2,1
+ mflo AT
+ mfhi t0
+ daddu v0,AT
+ sltu t1,v0,AT
+ sd v0,0(a0)
+ daddu v0,t1,t0
+ beqz a2,.L_bn_mul_words_return
+
+ ld t0,8(a1)
+ dmultu t0,a3
+ subu a2,1
+ mflo AT
+ mfhi t0
+ daddu v0,AT
+ sltu t1,v0,AT
+ sd v0,8(a0)
+ daddu v0,t1,t0
+ beqz a2,.L_bn_mul_words_return
+
+ ld t0,16(a1)
+ dmultu t0,a3
+ mflo AT
+ mfhi t0
+ daddu v0,AT
+ sltu t1,v0,AT
+ sd v0,16(a0)
+ daddu v0,t1,t0
+ jr ra
+END(bn_mul_words)
+
+.align 5
+LEAF(bn_sqr_words)
+ .set noreorder
+ bgtzl a2,.L_bn_sqr_words_proceed
+ ld t0,0(a1)
+ jr ra
+ move v0,zero
+ .set reorder
+
+.L_bn_sqr_words_proceed:
+ li MINUS4,-4
+ and ta0,a2,MINUS4
+ move v0,zero
+ beqz ta0,.L_bn_sqr_words_tail
+
+.L_bn_sqr_words_loop:
+ dmultu t0,t0
+ ld t2,8(a1)
+ ld ta0,16(a1)
+ ld ta2,24(a1)
+ mflo t1
+ mfhi t0
+ sd t1,0(a0)
+ sd t0,8(a0)
+
+ dmultu t2,t2
+ subu a2,4
+ PTR_ADD a0,64
+ PTR_ADD a1,32
+ mflo t3
+ mfhi t2
+ sd t3,-48(a0)
+ sd t2,-40(a0)
+
+ dmultu ta0,ta0
+ mflo ta1
+ mfhi ta0
+ sd ta1,-32(a0)
+ sd ta0,-24(a0)
+
+
+ dmultu ta2,ta2
+ and ta0,a2,MINUS4
+ mflo ta3
+ mfhi ta2
+ sd ta3,-16(a0)
+ sd ta2,-8(a0)
+
+ .set noreorder
+ bgtzl ta0,.L_bn_sqr_words_loop
+ ld t0,0(a1)
+
+ bnezl a2,.L_bn_sqr_words_tail
+ ld t0,0(a1)
+ .set reorder
+
+.L_bn_sqr_words_return:
+ move v0,zero
+ jr ra
+
+.L_bn_sqr_words_tail:
+ dmultu t0,t0
+ subu a2,1
+ mflo t1
+ mfhi t0
+ sd t1,0(a0)
+ sd t0,8(a0)
+ beqz a2,.L_bn_sqr_words_return
+
+ ld t0,8(a1)
+ dmultu t0,t0
+ subu a2,1
+ mflo t1
+ mfhi t0
+ sd t1,16(a0)
+ sd t0,24(a0)
+ beqz a2,.L_bn_sqr_words_return
+
+ ld t0,16(a1)
+ dmultu t0,t0
+ mflo t1
+ mfhi t0
+ sd t1,32(a0)
+ sd t0,40(a0)
+ jr ra
+END(bn_sqr_words)
+
+.align 5
+LEAF(bn_add_words)
+ .set noreorder
+ bgtzl a3,.L_bn_add_words_proceed
+ ld t0,0(a1)
+ jr ra
+ move v0,zero
+ .set reorder
+
+.L_bn_add_words_proceed:
+ li MINUS4,-4
+ and AT,a3,MINUS4
+ move v0,zero
+ beqz AT,.L_bn_add_words_tail
+
+.L_bn_add_words_loop:
+ ld ta0,0(a2)
+ subu a3,4
+ ld t1,8(a1)
+ and AT,a3,MINUS4
+ ld t2,16(a1)
+ PTR_ADD a2,32
+ ld t3,24(a1)
+ PTR_ADD a0,32
+ ld ta1,-24(a2)
+ PTR_ADD a1,32
+ ld ta2,-16(a2)
+ ld ta3,-8(a2)
+ daddu ta0,t0
+ sltu t8,ta0,t0
+ daddu t0,ta0,v0
+ sltu v0,t0,ta0
+ sd t0,-32(a0)
+ daddu v0,t8
+
+ daddu ta1,t1
+ sltu t9,ta1,t1
+ daddu t1,ta1,v0
+ sltu v0,t1,ta1
+ sd t1,-24(a0)
+ daddu v0,t9
+
+ daddu ta2,t2
+ sltu t8,ta2,t2
+ daddu t2,ta2,v0
+ sltu v0,t2,ta2
+ sd t2,-16(a0)
+ daddu v0,t8
+
+ daddu ta3,t3
+ sltu t9,ta3,t3
+ daddu t3,ta3,v0
+ sltu v0,t3,ta3
+ sd t3,-8(a0)
+ daddu v0,t9
+
+ .set noreorder
+ bgtzl AT,.L_bn_add_words_loop
+ ld t0,0(a1)
+
+ bnezl a3,.L_bn_add_words_tail
+ ld t0,0(a1)
+ .set reorder
+
+.L_bn_add_words_return:
+ jr ra
+
+.L_bn_add_words_tail:
+ ld ta0,0(a2)
+ daddu ta0,t0
+ subu a3,1
+ sltu t8,ta0,t0
+ daddu t0,ta0,v0
+ sltu v0,t0,ta0
+ sd t0,0(a0)
+ daddu v0,t8
+ beqz a3,.L_bn_add_words_return
+
+ ld t1,8(a1)
+ ld ta1,8(a2)
+ daddu ta1,t1
+ subu a3,1
+ sltu t9,ta1,t1
+ daddu t1,ta1,v0
+ sltu v0,t1,ta1
+ sd t1,8(a0)
+ daddu v0,t9
+ beqz a3,.L_bn_add_words_return
+
+ ld t2,16(a1)
+ ld ta2,16(a2)
+ daddu ta2,t2
+ sltu t8,ta2,t2
+ daddu t2,ta2,v0
+ sltu v0,t2,ta2
+ sd t2,16(a0)
+ daddu v0,t8
+ jr ra
+END(bn_add_words)
+
+.align 5
+LEAF(bn_sub_words)
+ .set noreorder
+ bgtzl a3,.L_bn_sub_words_proceed
+ ld t0,0(a1)
+ jr ra
+ move v0,zero
+ .set reorder
+
+.L_bn_sub_words_proceed:
+ li MINUS4,-4
+ and AT,a3,MINUS4
+ move v0,zero
+ beqz AT,.L_bn_sub_words_tail
+
+.L_bn_sub_words_loop:
+ ld ta0,0(a2)
+ subu a3,4
+ ld t1,8(a1)
+ and AT,a3,MINUS4
+ ld t2,16(a1)
+ PTR_ADD a2,32
+ ld t3,24(a1)
+ PTR_ADD a0,32
+ ld ta1,-24(a2)
+ PTR_ADD a1,32
+ ld ta2,-16(a2)
+ ld ta3,-8(a2)
+ sltu t8,t0,ta0
+ dsubu t0,ta0
+ dsubu ta0,t0,v0
+ sd ta0,-32(a0)
+ MOVNZ (t0,v0,t8)
+
+ sltu t9,t1,ta1
+ dsubu t1,ta1
+ dsubu ta1,t1,v0
+ sd ta1,-24(a0)
+ MOVNZ (t1,v0,t9)
+
+
+ sltu t8,t2,ta2
+ dsubu t2,ta2
+ dsubu ta2,t2,v0
+ sd ta2,-16(a0)
+ MOVNZ (t2,v0,t8)
+
+ sltu t9,t3,ta3
+ dsubu t3,ta3
+ dsubu ta3,t3,v0
+ sd ta3,-8(a0)
+ MOVNZ (t3,v0,t9)
+
+ .set noreorder
+ bgtzl AT,.L_bn_sub_words_loop
+ ld t0,0(a1)
+
+ bnezl a3,.L_bn_sub_words_tail
+ ld t0,0(a1)
+ .set reorder
+
+.L_bn_sub_words_return:
+ jr ra
+
+.L_bn_sub_words_tail:
+ ld ta0,0(a2)
+ subu a3,1
+ sltu t8,t0,ta0
+ dsubu t0,ta0
+ dsubu ta0,t0,v0
+ MOVNZ (t0,v0,t8)
+ sd ta0,0(a0)
+ beqz a3,.L_bn_sub_words_return
+
+ ld t1,8(a1)
+ subu a3,1
+ ld ta1,8(a2)
+ sltu t9,t1,ta1
+ dsubu t1,ta1
+ dsubu ta1,t1,v0
+ MOVNZ (t1,v0,t9)
+ sd ta1,8(a0)
+ beqz a3,.L_bn_sub_words_return
+
+ ld t2,16(a1)
+ ld ta2,16(a2)
+ sltu t8,t2,ta2
+ dsubu t2,ta2
+ dsubu ta2,t2,v0
+ MOVNZ (t2,v0,t8)
+ sd ta2,16(a0)
+ jr ra
+END(bn_sub_words)
+
+#undef MINUS4
+
+.align 5
+LEAF(bn_div_3_words)
+ .set reorder
+ move a3,a0 /* we know that bn_div_words doesn't
+ * touch a3, ta2, ta3 and preserves a2
+ * so that we can save two arguments
+ * and return address in registers
+ * instead of stack:-)
+ */
+ ld a0,(a3)
+ move ta2,a1
+ ld a1,-8(a3)
+ bne a0,a2,.L_bn_div_3_words_proceed
+ li v0,-1
+ jr ra
+.L_bn_div_3_words_proceed:
+ move ta3,ra
+ bal bn_div_words
+ move ra,ta3
+ dmultu ta2,v0
+ ld t2,-16(a3)
+ move ta0,zero
+ mfhi t1
+ mflo t0
+ sltu t8,t1,v1
+.L_bn_div_3_words_inner_loop:
+ bnez t8,.L_bn_div_3_words_inner_loop_done
+ sgeu AT,t2,t0
+ seq t9,t1,v1
+ and AT,t9
+ sltu t3,t0,ta2
+ daddu v1,a2
+ dsubu t1,t3
+ dsubu t0,ta2
+ sltu t8,t1,v1
+ sltu ta0,v1,a2
+ or t8,ta0
+ .set noreorder
+ beqzl AT,.L_bn_div_3_words_inner_loop
+ dsubu v0,1
+ .set reorder
+.L_bn_div_3_words_inner_loop_done:
+ jr ra
+END(bn_div_3_words)
+
+.align 5
+LEAF(bn_div_words)
+ .set noreorder
+ bnezl a2,.L_bn_div_words_proceed
+ move v1,zero
+ jr ra
+ li v0,-1 /* I'd rather signal div-by-zero
+ * which can be done with 'break 7' */
+
+.L_bn_div_words_proceed:
+ bltz a2,.L_bn_div_words_body
+ move t9,v1
+ dsll a2,1
+ bgtz a2,.-4
+ addu t9,1
+
+ .set reorder
+ negu t1,t9
+ li t2,-1
+ dsll t2,t1
+ and t2,a0
+ dsrl AT,a1,t1
+ .set noreorder
+ bnezl t2,.+8
+ break 6 /* signal overflow */
+ .set reorder
+ dsll a0,t9
+ dsll a1,t9
+ or a0,AT
+
+#define QT ta0
+#define HH ta1
+#define DH v1
+.L_bn_div_words_body:
+ dsrl DH,a2,32
+ sgeu AT,a0,a2
+ .set noreorder
+ bnezl AT,.+8
+ dsubu a0,a2
+ .set reorder
+
+ li QT,-1
+ dsrl HH,a0,32
+ dsrl QT,32 /* q=0xffffffff */
+ beq DH,HH,.L_bn_div_words_skip_div1
+ ddivu zero,a0,DH
+ mflo QT
+.L_bn_div_words_skip_div1:
+ dmultu a2,QT
+ dsll t3,a0,32
+ dsrl AT,a1,32
+ or t3,AT
+ mflo t0
+ mfhi t1
+.L_bn_div_words_inner_loop1:
+ sltu t2,t3,t0
+ seq t8,HH,t1
+ sltu AT,HH,t1
+ and t2,t8
+ sltu v0,t0,a2
+ or AT,t2
+ .set noreorder
+ beqz AT,.L_bn_div_words_inner_loop1_done
+ dsubu t1,v0
+ dsubu t0,a2
+ b .L_bn_div_words_inner_loop1
+ dsubu QT,1
+ .set reorder
+.L_bn_div_words_inner_loop1_done:
+
+ dsll a1,32
+ dsubu a0,t3,t0
+ dsll v0,QT,32
+
+ li QT,-1
+ dsrl HH,a0,32
+ dsrl QT,32 /* q=0xffffffff */
+ beq DH,HH,.L_bn_div_words_skip_div2
+ ddivu zero,a0,DH
+ mflo QT
+.L_bn_div_words_skip_div2:
+#undef DH
+ dmultu a2,QT
+ dsll t3,a0,32
+ dsrl AT,a1,32
+ or t3,AT
+ mflo t0
+ mfhi t1
+.L_bn_div_words_inner_loop2:
+ sltu t2,t3,t0
+ seq t8,HH,t1
+ sltu AT,HH,t1
+ and t2,t8
+ sltu v1,t0,a2
+ or AT,t2
+ .set noreorder
+ beqz AT,.L_bn_div_words_inner_loop2_done
+ dsubu t1,v1
+ dsubu t0,a2
+ b .L_bn_div_words_inner_loop2
+ dsubu QT,1
+ .set reorder
+.L_bn_div_words_inner_loop2_done:
+#undef HH
+
+ dsubu a0,t3,t0
+ or v0,QT
+ dsrl v1,a0,t9 /* v1 contains remainder if anybody wants it */
+ dsrl a2,t9 /* restore a2 */
+ jr ra
+#undef QT
+END(bn_div_words)
+
+#define a_0 t0
+#define a_1 t1
+#define a_2 t2
+#define a_3 t3
+#define b_0 ta0
+#define b_1 ta1
+#define b_2 ta2
+#define b_3 ta3
+
+#define a_4 s0
+#define a_5 s2
+#define a_6 s4
+#define a_7 a1 /* once we load a[7] we don't need a anymore */
+#define b_4 s1
+#define b_5 s3
+#define b_6 s5
+#define b_7 a2 /* once we load b[7] we don't need b anymore */
+
+#define t_1 t8
+#define t_2 t9
+
+#define c_1 v0
+#define c_2 v1
+#define c_3 a3
+
+#define FRAME_SIZE 48
+
+.align 5
+LEAF(bn_mul_comba8)
+ .set noreorder
+ PTR_SUB sp,FRAME_SIZE
+ .frame sp,64,ra
+ .set reorder
+ ld a_0,0(a1) /* If compiled with -mips3 option on
+ * R5000 box assembler barks on this
+ * line with "shouldn't have mult/div
+ * as last instruction in bb (R10K
+ * bug)" warning. If anybody out there
+ * has a clue about how to circumvent
+ * this do send me a note.
+ * <appro at fy.chalmers.se>
+ */
+ ld b_0,0(a2)
+ ld a_1,8(a1)
+ ld a_2,16(a1)
+ ld a_3,24(a1)
+ ld b_1,8(a2)
+ ld b_2,16(a2)
+ ld b_3,24(a2)
+ dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
+ sd s0,0(sp)
+ sd s1,8(sp)
+ sd s2,16(sp)
+ sd s3,24(sp)
+ sd s4,32(sp)
+ sd s5,40(sp)
+ mflo c_1
+ mfhi c_2
+
+ dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */
+ ld a_4,32(a1)
+ ld a_5,40(a1)
+ ld a_6,48(a1)
+ ld a_7,56(a1)
+ ld b_4,32(a2)
+ ld b_5,40(a2)
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_3,t_2,AT
+ dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */
+ ld b_6,48(a2)
+ ld b_7,56(a2)
+ sd c_1,0(a0) /* r[0]=c1; */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ sd c_2,8(a0) /* r[1]=c2; */
+
+ dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu c_2,c_1,t_2
+ dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,16(a0) /* r[2]=c3; */
+
+ dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu c_3,c_2,t_2
+ dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,24(a0) /* r[3]=c1; */
+
+ dmultu a_4,b_0 /* mul_add_c(a[4],b[0],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_0,b_4 /* mul_add_c(a[0],b[4],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,32(a0) /* r[4]=c2; */
+
+ dmultu a_0,b_5 /* mul_add_c(a[0],b[5],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu c_2,c_1,t_2
+ dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_4,b_1 /* mul_add_c(a[4],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_5,b_0 /* mul_add_c(a[5],b[0],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,40(a0) /* r[5]=c3; */
+
+ dmultu a_6,b_0 /* mul_add_c(a[6],b[0],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu c_3,c_2,t_2
+ dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_2,b_4 /* mul_add_c(a[2],b[4],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_1,b_5 /* mul_add_c(a[1],b[5],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_0,b_6 /* mul_add_c(a[0],b[6],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,48(a0) /* r[6]=c1; */
+
+ dmultu a_0,b_7 /* mul_add_c(a[0],b[7],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_3,b_4 /* mul_add_c(a[3],b[4],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_4,b_3 /* mul_add_c(a[4],b[3],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_5,b_2 /* mul_add_c(a[5],b[2],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_6,b_1 /* mul_add_c(a[6],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_7,b_0 /* mul_add_c(a[7],b[0],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,56(a0) /* r[7]=c2; */
+
+ dmultu a_7,b_1 /* mul_add_c(a[7],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu c_2,c_1,t_2
+ dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_4,b_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_3,b_5 /* mul_add_c(a[3],b[5],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_2,b_6 /* mul_add_c(a[2],b[6],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_1,b_7 /* mul_add_c(a[1],b[7],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,64(a0) /* r[8]=c3; */
+
+ dmultu a_2,b_7 /* mul_add_c(a[2],b[7],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu c_3,c_2,t_2
+ dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_5,b_4 /* mul_add_c(a[5],b[4],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_6,b_3 /* mul_add_c(a[6],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_7,b_2 /* mul_add_c(a[7],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,72(a0) /* r[9]=c1; */
+
+ dmultu a_7,b_3 /* mul_add_c(a[7],b[3],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_4,b_6 /* mul_add_c(a[4],b[6],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_3,b_7 /* mul_add_c(a[3],b[7],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,80(a0) /* r[10]=c2; */
+
+ dmultu a_4,b_7 /* mul_add_c(a[4],b[7],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu c_2,c_1,t_2
+ dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ dmultu a_7,b_4 /* mul_add_c(a[7],b[4],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,88(a0) /* r[11]=c3; */
+
+ dmultu a_7,b_5 /* mul_add_c(a[7],b[5],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu c_3,c_2,t_2
+ dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,96(a0) /* r[12]=c1; */
+
+ dmultu a_6,b_7 /* mul_add_c(a[6],b[7],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,104(a0) /* r[13]=c2; */
+
+ dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
+ ld s0,0(sp)
+ ld s1,8(sp)
+ ld s2,16(sp)
+ ld s3,24(sp)
+ ld s4,32(sp)
+ ld s5,40(sp)
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sd c_3,112(a0) /* r[14]=c3; */
+ sd c_1,120(a0) /* r[15]=c1; */
+
+ PTR_ADD sp,FRAME_SIZE
+
+ jr ra
+END(bn_mul_comba8)
+
+.align 5
+LEAF(bn_mul_comba4)
+ .set reorder
+ ld a_0,0(a1)
+ ld b_0,0(a2)
+ ld a_1,8(a1)
+ ld a_2,16(a1)
+ dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
+ ld a_3,24(a1)
+ ld b_1,8(a2)
+ ld b_2,16(a2)
+ ld b_3,24(a2)
+ mflo c_1
+ mfhi c_2
+ sd c_1,0(a0)
+
+ dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_3,t_2,AT
+ dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ sd c_2,8(a0)
+
+ dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu c_2,c_1,t_2
+ dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,16(a0)
+
+ dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu c_3,c_2,t_2
+ dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,24(a0)
+
+ dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu c_1,c_3,t_2
+ dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,32(a0)
+
+ dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu c_2,c_1,t_2
+ dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,40(a0)
+
+ dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sd c_1,48(a0)
+ sd c_2,56(a0)
+
+ jr ra
+END(bn_mul_comba4)
+
+#undef a_4
+#undef a_5
+#undef a_6
+#undef a_7
+#define a_4 b_0
+#define a_5 b_1
+#define a_6 b_2
+#define a_7 b_3
+
+.align 5
+LEAF(bn_sqr_comba8)
+ .set reorder
+ ld a_0,0(a1)
+ ld a_1,8(a1)
+ ld a_2,16(a1)
+ ld a_3,24(a1)
+
+ dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
+ ld a_4,32(a1)
+ ld a_5,40(a1)
+ ld a_6,48(a1)
+ ld a_7,56(a1)
+ mflo c_1
+ mfhi c_2
+ sd c_1,0(a0)
+
+ dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_3,t_2,AT
+ sd c_2,8(a0)
+
+ dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
+ daddu c_1,t_2
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
+ dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,16(a0)
+
+ dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
+ daddu c_2,t_2
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
+ dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
+ daddu c_2,t_2
+ daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
+ sd c_1,24(a0)
+
+ dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
+ daddu c_3,t_2
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
+ dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
+ daddu c_3,t_2
+ daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
+ dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,32(a0)
+
+ dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
+ daddu c_1,t_2
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
+ dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
+ daddu c_1,t_2
+ daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
+ dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
+ daddu c_1,t_2
+ daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
+ sd c_3,40(a0)
+
+ dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
+ daddu c_2,t_2
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
+ dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
+ daddu c_2,t_2
+ daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
+ dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
+ daddu c_2,t_2
+ daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
+ dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,48(a0)
+
+ dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
+ daddu c_3,t_2
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
+ dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
+ daddu c_3,t_2
+ daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
+ dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
+ daddu c_3,t_2
+ daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
+ dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
+ daddu c_3,t_2
+ daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
+ sd c_2,56(a0)
+
+ dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
+ daddu c_1,t_2
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
+ dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
+ daddu c_1,t_2
+ daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
+ dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
+ daddu c_1,t_2
+ daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
+ dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,64(a0)
+
+ dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
+ daddu c_2,t_2
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
+ dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
+ daddu c_2,t_2
+ daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
+ dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
+ daddu c_2,t_2
+ daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
+ sd c_1,72(a0)
+
+ dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
+ daddu c_3,t_2
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
+ dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu AT,c_3,AT
+ daddu c_3,t_2
+ daddu c_1,AT
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
+ dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,80(a0)
+
+ dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
+ daddu c_1,t_2
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
+ dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu AT,c_1,AT
+ daddu c_1,t_2
+ daddu c_2,AT
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
+ sd c_3,88(a0)
+
+ dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
+ daddu c_2,t_2
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
+ dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sltu AT,c_2,t_2
+ daddu c_3,AT
+ sd c_1,96(a0)
+
+ dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
+ daddu c_3,t_2
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
+ sd c_2,104(a0)
+
+ dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sd c_3,112(a0)
+ sd c_1,120(a0)
+
+ jr ra
+END(bn_sqr_comba8)
+
+.align 5
+LEAF(bn_sqr_comba4)
+ .set reorder
+ ld a_0,0(a1)
+ ld a_1,8(a1)
+ dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */
+ ld a_2,16(a1)
+ ld a_3,24(a1)
+ mflo c_1
+ mfhi c_2
+ sd c_1,0(a0)
+
+ dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ slt c_1,t_2,zero
+ dsll t_2,1
+ slt a2,t_1,zero
+ daddu t_2,a2
+ dsll t_1,1
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_3,t_2,AT
+ sd c_2,8(a0)
+
+ dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
+ daddu c_1,t_2
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
+ dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu t_2,AT
+ daddu c_1,t_2
+ sltu AT,c_1,t_2
+ daddu c_2,AT
+ sd c_3,16(a0)
+
+ dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu c_3,c_2,AT
+ daddu c_2,t_2
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
+ dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu c_1,t_1
+ daddu AT,t_2
+ sltu t_1,c_1,t_1
+ daddu c_2,AT
+ daddu t_2,t_1
+ sltu AT,c_2,AT
+ daddu c_2,t_2
+ daddu c_3,AT
+ sltu t_2,c_2,t_2
+ daddu c_3,t_2
+ sd c_1,24(a0)
+
+ dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu c_2,t_1
+ daddu AT,t_2
+ sltu t_1,c_2,t_1
+ daddu c_3,AT
+ daddu t_2,t_1
+ sltu c_1,c_3,AT
+ daddu c_3,t_2
+ sltu t_2,c_3,t_2
+ daddu c_1,t_2
+ dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */
+ mflo t_1
+ mfhi t_2
+ daddu c_2,t_1
+ sltu AT,c_2,t_1
+ daddu t_2,AT
+ daddu c_3,t_2
+ sltu AT,c_3,t_2
+ daddu c_1,AT
+ sd c_2,32(a0)
+
+ dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */
+ mflo t_1
+ mfhi t_2
+ daddu c_3,t_1
+ sltu AT,c_3,t_1
+ daddu c_3,t_1
+ daddu AT,t_2
+ sltu t_1,c_3,t_1
+ daddu c_1,AT
+ daddu t_2,t_1
+ sltu c_2,c_1,AT
+ daddu c_1,t_2
+ sltu t_2,c_1,t_2
+ daddu c_2,t_2
+ sd c_3,40(a0)
+
+ dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */
+ mflo t_1
+ mfhi t_2
+ daddu c_1,t_1
+ sltu AT,c_1,t_1
+ daddu t_2,AT
+ daddu c_2,t_2
+ sd c_1,48(a0)
+ sd c_2,56(a0)
+
+ jr ra
+END(bn_sqr_comba4)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/x86_64-gcc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/x86_64-gcc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,602 +0,0 @@
-#include "../bn_lcl.h"
-#ifdef __SUNPRO_C
-# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
-#else
-/*
- * x86_64 BIGNUM accelerator version 0.1, December 2002.
- *
- * Implemented by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
- * project.
- *
- * Rights for redistribution and usage in source and binary forms are
- * granted according to the OpenSSL license. Warranty of any kind is
- * disclaimed.
- *
- * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
- * versions, like 1.0...
- * A. Well, that's because this code is basically a quick-n-dirty
- * proof-of-concept hack. As you can see it's implemented with
- * inline assembler, which means that you're bound to GCC and that
- * there might be enough room for further improvement.
- *
- * Q. Why inline assembler?
- * A. x86_64 features own ABI which I'm not familiar with. This is
- * why I decided to let the compiler take care of subroutine
- * prologue/epilogue as well as register allocation. For reference.
- * Win64 implements different ABI for AMD64, different from Linux.
- *
- * Q. How much faster does it get?
- * A. 'apps/openssl speed rsa dsa' output with no-asm:
- *
- * sign verify sign/s verify/s
- * rsa 512 bits 0.0006s 0.0001s 1683.8 18456.2
- * rsa 1024 bits 0.0028s 0.0002s 356.0 6407.0
- * rsa 2048 bits 0.0172s 0.0005s 58.0 1957.8
- * rsa 4096 bits 0.1155s 0.0018s 8.7 555.6
- * sign verify sign/s verify/s
- * dsa 512 bits 0.0005s 0.0006s 2100.8 1768.3
- * dsa 1024 bits 0.0014s 0.0018s 692.3 559.2
- * dsa 2048 bits 0.0049s 0.0061s 204.7 165.0
- *
- * 'apps/openssl speed rsa dsa' output with this module:
- *
- * sign verify sign/s verify/s
- * rsa 512 bits 0.0004s 0.0000s 2767.1 33297.9
- * rsa 1024 bits 0.0012s 0.0001s 867.4 14674.7
- * rsa 2048 bits 0.0061s 0.0002s 164.0 5270.0
- * rsa 4096 bits 0.0384s 0.0006s 26.1 1650.8
- * sign verify sign/s verify/s
- * dsa 512 bits 0.0002s 0.0003s 4442.2 3786.3
- * dsa 1024 bits 0.0005s 0.0007s 1835.1 1497.4
- * dsa 2048 bits 0.0016s 0.0020s 620.4 504.6
- *
- * For the reference. IA-32 assembler implementation performs
- * very much like 64-bit code compiled with no-asm on the same
- * machine.
- */
-
-#define BN_ULONG unsigned long
-
-#undef mul
-#undef mul_add
-#undef sqr
-
-/*
- * "m"(a), "+m"(r) is the way to favor DirectPath \xB5-code;
- * "g"(0) let the compiler to decide where does it
- * want to keep the value of zero;
- */
-#define mul_add(r,a,word,carry) do { \
- register BN_ULONG high,low; \
- asm ("mulq %3" \
- : "=a"(low),"=d"(high) \
- : "a"(word),"m"(a) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(carry),"+d"(high)\
- : "a"(low),"g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+m"(r),"+d"(high) \
- : "r"(carry),"g"(0) \
- : "cc"); \
- carry=high; \
- } while (0)
-
-#define mul(r,a,word,carry) do { \
- register BN_ULONG high,low; \
- asm ("mulq %3" \
- : "=a"(low),"=d"(high) \
- : "a"(word),"g"(a) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(carry),"+d"(high)\
- : "a"(low),"g"(0) \
- : "cc"); \
- (r)=carry, carry=high; \
- } while (0)
-
-#define sqr(r0,r1,a) \
- asm ("mulq %2" \
- : "=a"(r0),"=d"(r1) \
- : "a"(a) \
- : "cc");
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG c1=0;
-
- if (num <= 0) return(c1);
-
- while (num&~3)
- {
- mul_add(rp[0],ap[0],w,c1);
- mul_add(rp[1],ap[1],w,c1);
- mul_add(rp[2],ap[2],w,c1);
- mul_add(rp[3],ap[3],w,c1);
- ap+=4; rp+=4; num-=4;
- }
- if (num)
- {
- mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
- mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
- mul_add(rp[2],ap[2],w,c1); return c1;
- }
-
- return(c1);
- }
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG c1=0;
-
- if (num <= 0) return(c1);
-
- while (num&~3)
- {
- mul(rp[0],ap[0],w,c1);
- mul(rp[1],ap[1],w,c1);
- mul(rp[2],ap[2],w,c1);
- mul(rp[3],ap[3],w,c1);
- ap+=4; rp+=4; num-=4;
- }
- if (num)
- {
- mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
- mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
- mul(rp[2],ap[2],w,c1);
- }
- return(c1);
- }
-
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
- {
- if (n <= 0) return;
-
- while (n&~3)
- {
- sqr(r[0],r[1],a[0]);
- sqr(r[2],r[3],a[1]);
- sqr(r[4],r[5],a[2]);
- sqr(r[6],r[7],a[3]);
- a+=4; r+=8; n-=4;
- }
- if (n)
- {
- sqr(r[0],r[1],a[0]); if (--n == 0) return;
- sqr(r[2],r[3],a[1]); if (--n == 0) return;
- sqr(r[4],r[5],a[2]);
- }
- }
-
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-{ BN_ULONG ret,waste;
-
- asm ("divq %4"
- : "=a"(ret),"=d"(waste)
- : "a"(l),"d"(h),"g"(d)
- : "cc");
-
- return ret;
-}
-
-BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
-{ BN_ULONG ret=0,i=0;
-
- if (n <= 0) return 0;
-
- asm volatile (
- " subq %2,%2 \n"
- ".align 16 \n"
- "1: movq (%4,%2,8),%0 \n"
- " adcq (%5,%2,8),%0 \n"
- " movq %0,(%3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n"
- : "=&a"(ret),"+c"(n),"=&r"(i)
- : "r"(rp),"r"(ap),"r"(bp)
- : "cc", "memory"
- );
-
- return ret&1;
-}
-
-#ifndef SIMICS
-BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n)
-{ BN_ULONG ret=0,i=0;
-
- if (n <= 0) return 0;
-
- asm volatile (
- " subq %2,%2 \n"
- ".align 16 \n"
- "1: movq (%4,%2,8),%0 \n"
- " sbbq (%5,%2,8),%0 \n"
- " movq %0,(%3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n"
- : "=&a"(ret),"+c"(n),"=&r"(i)
- : "r"(rp),"r"(ap),"r"(bp)
- : "cc", "memory"
- );
-
- return ret&1;
-}
-#else
-/* Simics 1.4<7 has buggy sbbq:-( */
-#define BN_MASK2 0xffffffffffffffffL
-BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
- {
- BN_ULONG t1,t2;
- int c=0;
-
- if (n <= 0) return((BN_ULONG)0);
-
- for (;;)
- {
- t1=a[0]; t2=b[0];
- r[0]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- if (--n <= 0) break;
-
- t1=a[1]; t2=b[1];
- r[1]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- if (--n <= 0) break;
-
- t1=a[2]; t2=b[2];
- r[2]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- if (--n <= 0) break;
-
- t1=a[3]; t2=b[3];
- r[3]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- if (--n <= 0) break;
-
- a+=4;
- b+=4;
- r+=4;
- }
- return(c);
- }
-#endif
-
-/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */
-/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
-/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
-/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
-
-#if 0
-/* original macros are kept for reference purposes */
-#define mul_add_c(a,b,c0,c1,c2) { \
- BN_ULONG ta=(a),tb=(b); \
- t1 = ta * tb; \
- t2 = BN_UMULT_HIGH(ta,tb); \
- c0 += t1; t2 += (c0<t1)?1:0; \
- c1 += t2; c2 += (c1<t2)?1:0; \
- }
-
-#define mul_add_c2(a,b,c0,c1,c2) { \
- BN_ULONG ta=(a),tb=(b),t0; \
- t1 = BN_UMULT_HIGH(ta,tb); \
- t0 = ta * tb; \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
- c1 += t2; c2 += (c1<t2)?1:0; \
- }
-#else
-#define mul_add_c(a,b,c0,c1,c2) do { \
- asm ("mulq %3" \
- : "=a"(t1),"=d"(t2) \
- : "a"(a),"m"(b) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c0),"+d"(t2) \
- : "a"(t1),"g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c1),"+r"(c2) \
- : "d"(t2),"g"(0) \
- : "cc"); \
- } while (0)
-
-#define sqr_add_c(a,i,c0,c1,c2) do { \
- asm ("mulq %2" \
- : "=a"(t1),"=d"(t2) \
- : "a"(a[i]) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c0),"+d"(t2) \
- : "a"(t1),"g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c1),"+r"(c2) \
- : "d"(t2),"g"(0) \
- : "cc"); \
- } while (0)
-
-#define mul_add_c2(a,b,c0,c1,c2) do { \
- asm ("mulq %3" \
- : "=a"(t1),"=d"(t2) \
- : "a"(a),"m"(b) \
- : "cc"); \
- asm ("addq %0,%0; adcq %2,%1" \
- : "+d"(t2),"+r"(c2) \
- : "g"(0) \
- : "cc"); \
- asm ("addq %0,%0; adcq %2,%1" \
- : "+a"(t1),"+d"(t2) \
- : "g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c0),"+d"(t2) \
- : "a"(t1),"g"(0) \
- : "cc"); \
- asm ("addq %2,%0; adcq %3,%1" \
- : "+r"(c1),"+r"(c2) \
- : "d"(t2),"g"(0) \
- : "cc"); \
- } while (0)
-#endif
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
- mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- mul_add_c(a[0],b[0],c1,c2,c3);
- r[0]=c1;
- c1=0;
- mul_add_c(a[0],b[1],c2,c3,c1);
- mul_add_c(a[1],b[0],c2,c3,c1);
- r[1]=c2;
- c2=0;
- mul_add_c(a[2],b[0],c3,c1,c2);
- mul_add_c(a[1],b[1],c3,c1,c2);
- mul_add_c(a[0],b[2],c3,c1,c2);
- r[2]=c3;
- c3=0;
- mul_add_c(a[0],b[3],c1,c2,c3);
- mul_add_c(a[1],b[2],c1,c2,c3);
- mul_add_c(a[2],b[1],c1,c2,c3);
- mul_add_c(a[3],b[0],c1,c2,c3);
- r[3]=c1;
- c1=0;
- mul_add_c(a[4],b[0],c2,c3,c1);
- mul_add_c(a[3],b[1],c2,c3,c1);
- mul_add_c(a[2],b[2],c2,c3,c1);
- mul_add_c(a[1],b[3],c2,c3,c1);
- mul_add_c(a[0],b[4],c2,c3,c1);
- r[4]=c2;
- c2=0;
- mul_add_c(a[0],b[5],c3,c1,c2);
- mul_add_c(a[1],b[4],c3,c1,c2);
- mul_add_c(a[2],b[3],c3,c1,c2);
- mul_add_c(a[3],b[2],c3,c1,c2);
- mul_add_c(a[4],b[1],c3,c1,c2);
- mul_add_c(a[5],b[0],c3,c1,c2);
- r[5]=c3;
- c3=0;
- mul_add_c(a[6],b[0],c1,c2,c3);
- mul_add_c(a[5],b[1],c1,c2,c3);
- mul_add_c(a[4],b[2],c1,c2,c3);
- mul_add_c(a[3],b[3],c1,c2,c3);
- mul_add_c(a[2],b[4],c1,c2,c3);
- mul_add_c(a[1],b[5],c1,c2,c3);
- mul_add_c(a[0],b[6],c1,c2,c3);
- r[6]=c1;
- c1=0;
- mul_add_c(a[0],b[7],c2,c3,c1);
- mul_add_c(a[1],b[6],c2,c3,c1);
- mul_add_c(a[2],b[5],c2,c3,c1);
- mul_add_c(a[3],b[4],c2,c3,c1);
- mul_add_c(a[4],b[3],c2,c3,c1);
- mul_add_c(a[5],b[2],c2,c3,c1);
- mul_add_c(a[6],b[1],c2,c3,c1);
- mul_add_c(a[7],b[0],c2,c3,c1);
- r[7]=c2;
- c2=0;
- mul_add_c(a[7],b[1],c3,c1,c2);
- mul_add_c(a[6],b[2],c3,c1,c2);
- mul_add_c(a[5],b[3],c3,c1,c2);
- mul_add_c(a[4],b[4],c3,c1,c2);
- mul_add_c(a[3],b[5],c3,c1,c2);
- mul_add_c(a[2],b[6],c3,c1,c2);
- mul_add_c(a[1],b[7],c3,c1,c2);
- r[8]=c3;
- c3=0;
- mul_add_c(a[2],b[7],c1,c2,c3);
- mul_add_c(a[3],b[6],c1,c2,c3);
- mul_add_c(a[4],b[5],c1,c2,c3);
- mul_add_c(a[5],b[4],c1,c2,c3);
- mul_add_c(a[6],b[3],c1,c2,c3);
- mul_add_c(a[7],b[2],c1,c2,c3);
- r[9]=c1;
- c1=0;
- mul_add_c(a[7],b[3],c2,c3,c1);
- mul_add_c(a[6],b[4],c2,c3,c1);
- mul_add_c(a[5],b[5],c2,c3,c1);
- mul_add_c(a[4],b[6],c2,c3,c1);
- mul_add_c(a[3],b[7],c2,c3,c1);
- r[10]=c2;
- c2=0;
- mul_add_c(a[4],b[7],c3,c1,c2);
- mul_add_c(a[5],b[6],c3,c1,c2);
- mul_add_c(a[6],b[5],c3,c1,c2);
- mul_add_c(a[7],b[4],c3,c1,c2);
- r[11]=c3;
- c3=0;
- mul_add_c(a[7],b[5],c1,c2,c3);
- mul_add_c(a[6],b[6],c1,c2,c3);
- mul_add_c(a[5],b[7],c1,c2,c3);
- r[12]=c1;
- c1=0;
- mul_add_c(a[6],b[7],c2,c3,c1);
- mul_add_c(a[7],b[6],c2,c3,c1);
- r[13]=c2;
- c2=0;
- mul_add_c(a[7],b[7],c3,c1,c2);
- r[14]=c3;
- r[15]=c1;
- }
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- mul_add_c(a[0],b[0],c1,c2,c3);
- r[0]=c1;
- c1=0;
- mul_add_c(a[0],b[1],c2,c3,c1);
- mul_add_c(a[1],b[0],c2,c3,c1);
- r[1]=c2;
- c2=0;
- mul_add_c(a[2],b[0],c3,c1,c2);
- mul_add_c(a[1],b[1],c3,c1,c2);
- mul_add_c(a[0],b[2],c3,c1,c2);
- r[2]=c3;
- c3=0;
- mul_add_c(a[0],b[3],c1,c2,c3);
- mul_add_c(a[1],b[2],c1,c2,c3);
- mul_add_c(a[2],b[1],c1,c2,c3);
- mul_add_c(a[3],b[0],c1,c2,c3);
- r[3]=c1;
- c1=0;
- mul_add_c(a[3],b[1],c2,c3,c1);
- mul_add_c(a[2],b[2],c2,c3,c1);
- mul_add_c(a[1],b[3],c2,c3,c1);
- r[4]=c2;
- c2=0;
- mul_add_c(a[2],b[3],c3,c1,c2);
- mul_add_c(a[3],b[2],c3,c1,c2);
- r[5]=c3;
- c3=0;
- mul_add_c(a[3],b[3],c1,c2,c3);
- r[6]=c1;
- r[7]=c2;
- }
-
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
- {
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- sqr_add_c(a,0,c1,c2,c3);
- r[0]=c1;
- c1=0;
- sqr_add_c2(a,1,0,c2,c3,c1);
- r[1]=c2;
- c2=0;
- sqr_add_c(a,1,c3,c1,c2);
- sqr_add_c2(a,2,0,c3,c1,c2);
- r[2]=c3;
- c3=0;
- sqr_add_c2(a,3,0,c1,c2,c3);
- sqr_add_c2(a,2,1,c1,c2,c3);
- r[3]=c1;
- c1=0;
- sqr_add_c(a,2,c2,c3,c1);
- sqr_add_c2(a,3,1,c2,c3,c1);
- sqr_add_c2(a,4,0,c2,c3,c1);
- r[4]=c2;
- c2=0;
- sqr_add_c2(a,5,0,c3,c1,c2);
- sqr_add_c2(a,4,1,c3,c1,c2);
- sqr_add_c2(a,3,2,c3,c1,c2);
- r[5]=c3;
- c3=0;
- sqr_add_c(a,3,c1,c2,c3);
- sqr_add_c2(a,4,2,c1,c2,c3);
- sqr_add_c2(a,5,1,c1,c2,c3);
- sqr_add_c2(a,6,0,c1,c2,c3);
- r[6]=c1;
- c1=0;
- sqr_add_c2(a,7,0,c2,c3,c1);
- sqr_add_c2(a,6,1,c2,c3,c1);
- sqr_add_c2(a,5,2,c2,c3,c1);
- sqr_add_c2(a,4,3,c2,c3,c1);
- r[7]=c2;
- c2=0;
- sqr_add_c(a,4,c3,c1,c2);
- sqr_add_c2(a,5,3,c3,c1,c2);
- sqr_add_c2(a,6,2,c3,c1,c2);
- sqr_add_c2(a,7,1,c3,c1,c2);
- r[8]=c3;
- c3=0;
- sqr_add_c2(a,7,2,c1,c2,c3);
- sqr_add_c2(a,6,3,c1,c2,c3);
- sqr_add_c2(a,5,4,c1,c2,c3);
- r[9]=c1;
- c1=0;
- sqr_add_c(a,5,c2,c3,c1);
- sqr_add_c2(a,6,4,c2,c3,c1);
- sqr_add_c2(a,7,3,c2,c3,c1);
- r[10]=c2;
- c2=0;
- sqr_add_c2(a,7,4,c3,c1,c2);
- sqr_add_c2(a,6,5,c3,c1,c2);
- r[11]=c3;
- c3=0;
- sqr_add_c(a,6,c1,c2,c3);
- sqr_add_c2(a,7,5,c1,c2,c3);
- r[12]=c1;
- c1=0;
- sqr_add_c2(a,7,6,c2,c3,c1);
- r[13]=c2;
- c2=0;
- sqr_add_c(a,7,c3,c1,c2);
- r[14]=c3;
- r[15]=c1;
- }
-
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
- {
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- sqr_add_c(a,0,c1,c2,c3);
- r[0]=c1;
- c1=0;
- sqr_add_c2(a,1,0,c2,c3,c1);
- r[1]=c2;
- c2=0;
- sqr_add_c(a,1,c3,c1,c2);
- sqr_add_c2(a,2,0,c3,c1,c2);
- r[2]=c3;
- c3=0;
- sqr_add_c2(a,3,0,c1,c2,c3);
- sqr_add_c2(a,2,1,c1,c2,c3);
- r[3]=c1;
- c1=0;
- sqr_add_c(a,2,c2,c3,c1);
- sqr_add_c2(a,3,1,c2,c3,c1);
- r[4]=c2;
- c2=0;
- sqr_add_c2(a,3,2,c3,c1,c2);
- r[5]=c3;
- c3=0;
- sqr_add_c(a,3,c1,c2,c3);
- r[6]=c1;
- r[7]=c2;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/x86_64-gcc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/asm/x86_64-gcc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/x86_64-gcc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/asm/x86_64-gcc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,632 @@
+#include "../bn_lcl.h"
+#ifdef __SUNPRO_C
+# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */
+#else
+/*-
+ * x86_64 BIGNUM accelerator version 0.1, December 2002.
+ *
+ * Implemented by Andy Polyakov <appro at fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ *
+ * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
+ * versions, like 1.0...
+ * A. Well, that's because this code is basically a quick-n-dirty
+ * proof-of-concept hack. As you can see it's implemented with
+ * inline assembler, which means that you're bound to GCC and that
+ * there might be enough room for further improvement.
+ *
+ * Q. Why inline assembler?
+ * A. x86_64 features own ABI which I'm not familiar with. This is
+ * why I decided to let the compiler take care of subroutine
+ * prologue/epilogue as well as register allocation. For reference.
+ * Win64 implements different ABI for AMD64, different from Linux.
+ *
+ * Q. How much faster does it get?
+ * A. 'apps/openssl speed rsa dsa' output with no-asm:
+ *
+ * sign verify sign/s verify/s
+ * rsa 512 bits 0.0006s 0.0001s 1683.8 18456.2
+ * rsa 1024 bits 0.0028s 0.0002s 356.0 6407.0
+ * rsa 2048 bits 0.0172s 0.0005s 58.0 1957.8
+ * rsa 4096 bits 0.1155s 0.0018s 8.7 555.6
+ * sign verify sign/s verify/s
+ * dsa 512 bits 0.0005s 0.0006s 2100.8 1768.3
+ * dsa 1024 bits 0.0014s 0.0018s 692.3 559.2
+ * dsa 2048 bits 0.0049s 0.0061s 204.7 165.0
+ *
+ * 'apps/openssl speed rsa dsa' output with this module:
+ *
+ * sign verify sign/s verify/s
+ * rsa 512 bits 0.0004s 0.0000s 2767.1 33297.9
+ * rsa 1024 bits 0.0012s 0.0001s 867.4 14674.7
+ * rsa 2048 bits 0.0061s 0.0002s 164.0 5270.0
+ * rsa 4096 bits 0.0384s 0.0006s 26.1 1650.8
+ * sign verify sign/s verify/s
+ * dsa 512 bits 0.0002s 0.0003s 4442.2 3786.3
+ * dsa 1024 bits 0.0005s 0.0007s 1835.1 1497.4
+ * dsa 2048 bits 0.0016s 0.0020s 620.4 504.6
+ *
+ * For the reference. IA-32 assembler implementation performs
+ * very much like 64-bit code compiled with no-asm on the same
+ * machine.
+ */
+
+# define BN_ULONG unsigned long
+
+# undef mul
+# undef mul_add
+# undef sqr
+
+/*-
+ * "m"(a), "+m"(r) is the way to favor DirectPath \xB5-code;
+ * "g"(0) let the compiler to decide where does it
+ * want to keep the value of zero;
+ */
+# define mul_add(r,a,word,carry) do { \
+ register BN_ULONG high,low; \
+ asm ("mulq %3" \
+ : "=a"(low),"=d"(high) \
+ : "a"(word),"m"(a) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(carry),"+d"(high)\
+ : "a"(low),"g"(0) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+m"(r),"+d"(high) \
+ : "r"(carry),"g"(0) \
+ : "cc"); \
+ carry=high; \
+ } while (0)
+
+# define mul(r,a,word,carry) do { \
+ register BN_ULONG high,low; \
+ asm ("mulq %3" \
+ : "=a"(low),"=d"(high) \
+ : "a"(word),"g"(a) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(carry),"+d"(high)\
+ : "a"(low),"g"(0) \
+ : "cc"); \
+ (r)=carry, carry=high; \
+ } while (0)
+
+# define sqr(r0,r1,a) \
+ asm ("mulq %2" \
+ : "=a"(r0),"=d"(r1) \
+ : "a"(a) \
+ : "cc");
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+ BN_ULONG w)
+{
+ BN_ULONG c1 = 0;
+
+ if (num <= 0)
+ return (c1);
+
+ while (num & ~3) {
+ mul_add(rp[0], ap[0], w, c1);
+ mul_add(rp[1], ap[1], w, c1);
+ mul_add(rp[2], ap[2], w, c1);
+ mul_add(rp[3], ap[3], w, c1);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
+ if (num) {
+ mul_add(rp[0], ap[0], w, c1);
+ if (--num == 0)
+ return c1;
+ mul_add(rp[1], ap[1], w, c1);
+ if (--num == 0)
+ return c1;
+ mul_add(rp[2], ap[2], w, c1);
+ return c1;
+ }
+
+ return (c1);
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+ BN_ULONG c1 = 0;
+
+ if (num <= 0)
+ return (c1);
+
+ while (num & ~3) {
+ mul(rp[0], ap[0], w, c1);
+ mul(rp[1], ap[1], w, c1);
+ mul(rp[2], ap[2], w, c1);
+ mul(rp[3], ap[3], w, c1);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
+ if (num) {
+ mul(rp[0], ap[0], w, c1);
+ if (--num == 0)
+ return c1;
+ mul(rp[1], ap[1], w, c1);
+ if (--num == 0)
+ return c1;
+ mul(rp[2], ap[2], w, c1);
+ }
+ return (c1);
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+ if (n <= 0)
+ return;
+
+ while (n & ~3) {
+ sqr(r[0], r[1], a[0]);
+ sqr(r[2], r[3], a[1]);
+ sqr(r[4], r[5], a[2]);
+ sqr(r[6], r[7], a[3]);
+ a += 4;
+ r += 8;
+ n -= 4;
+ }
+ if (n) {
+ sqr(r[0], r[1], a[0]);
+ if (--n == 0)
+ return;
+ sqr(r[2], r[3], a[1]);
+ if (--n == 0)
+ return;
+ sqr(r[4], r[5], a[2]);
+ }
+}
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+ BN_ULONG ret, waste;
+
+ asm("divq %4":"=a"(ret), "=d"(waste)
+ : "a"(l), "d"(h), "g"(d)
+ : "cc");
+
+ return ret;
+}
+
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int n)
+{
+ BN_ULONG ret = 0, i = 0;
+
+ if (n <= 0)
+ return 0;
+
+ asm volatile (" subq %2,%2 \n"
+ ".align 16 \n"
+ "1: movq (%4,%2,8),%0 \n"
+ " adcq (%5,%2,8),%0 \n"
+ " movq %0,(%3,%2,8) \n"
+ " leaq 1(%2),%2 \n"
+ " loop 1b \n"
+ " sbbq %0,%0 \n":"=&a" (ret), "+c"(n),
+ "=&r"(i)
+ :"r"(rp), "r"(ap), "r"(bp)
+ :"cc", "memory");
+
+ return ret & 1;
+}
+
+# ifndef SIMICS
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int n)
+{
+ BN_ULONG ret = 0, i = 0;
+
+ if (n <= 0)
+ return 0;
+
+ asm volatile (" subq %2,%2 \n"
+ ".align 16 \n"
+ "1: movq (%4,%2,8),%0 \n"
+ " sbbq (%5,%2,8),%0 \n"
+ " movq %0,(%3,%2,8) \n"
+ " leaq 1(%2),%2 \n"
+ " loop 1b \n"
+ " sbbq %0,%0 \n":"=&a" (ret), "+c"(n),
+ "=&r"(i)
+ :"r"(rp), "r"(ap), "r"(bp)
+ :"cc", "memory");
+
+ return ret & 1;
+}
+# else
+/* Simics 1.4<7 has buggy sbbq:-( */
+# define BN_MASK2 0xffffffffffffffffL
+BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+{
+ BN_ULONG t1, t2;
+ int c = 0;
+
+ if (n <= 0)
+ return ((BN_ULONG)0);
+
+ for (;;) {
+ t1 = a[0];
+ t2 = b[0];
+ r[0] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ if (--n <= 0)
+ break;
+
+ t1 = a[1];
+ t2 = b[1];
+ r[1] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ if (--n <= 0)
+ break;
+
+ t1 = a[2];
+ t2 = b[2];
+ r[2] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ if (--n <= 0)
+ break;
+
+ t1 = a[3];
+ t2 = b[3];
+ r[3] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ if (--n <= 0)
+ break;
+
+ a += 4;
+ b += 4;
+ r += 4;
+ }
+ return (c);
+}
+# endif
+
+/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/*
+ * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
+ * c=(c2,c1,c0)
+ */
+
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
+# if 0
+/* original macros are kept for reference purposes */
+# define mul_add_c(a,b,c0,c1,c2) { \
+ BN_ULONG ta=(a),tb=(b); \
+ t1 = ta * tb; \
+ t2 = BN_UMULT_HIGH(ta,tb); \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+
+# define mul_add_c2(a,b,c0,c1,c2) { \
+ BN_ULONG ta=(a),tb=(b),t0; \
+ t1 = BN_UMULT_HIGH(ta,tb); \
+ t0 = ta * tb; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
+ }
+# else
+# define mul_add_c(a,b,c0,c1,c2) do { \
+ asm ("mulq %3" \
+ : "=a"(t1),"=d"(t2) \
+ : "a"(a),"m"(b) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(c0),"+d"(t2) \
+ : "a"(t1),"g"(0) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(c1),"+r"(c2) \
+ : "d"(t2),"g"(0) \
+ : "cc"); \
+ } while (0)
+
+# define sqr_add_c(a,i,c0,c1,c2) do { \
+ asm ("mulq %2" \
+ : "=a"(t1),"=d"(t2) \
+ : "a"(a[i]) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(c0),"+d"(t2) \
+ : "a"(t1),"g"(0) \
+ : "cc"); \
+ asm ("addq %2,%0; adcq %3,%1" \
+ : "+r"(c1),"+r"(c2) \
+ : "d"(t2),"g"(0) \
+ : "cc"); \
+ } while (0)
+
+# define mul_add_c2(a,b,c0,c1,c2) do { \
+ asm ("mulq %3" \
+ : "=a"(t1),"=d"(t2) \
+ : "a"(a),"m"(b) \
+ : "cc"); \
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
+ : "r"(t1),"r"(t2),"g"(0) \
+ : "cc"); \
+ asm ("addq %3,%0; adcq %4,%1; adcq %5,%2" \
+ : "+r"(c0),"+r"(c1),"+r"(c2) \
+ : "r"(t1),"r"(t2),"g"(0) \
+ : "cc"); \
+ } while (0)
+# endif
+
+# define sqr_add_c2(a,i,j,c0,c1,c2) \
+ mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ mul_add_c(a[0], b[0], c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ mul_add_c(a[0], b[1], c2, c3, c1);
+ mul_add_c(a[1], b[0], c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ mul_add_c(a[2], b[0], c3, c1, c2);
+ mul_add_c(a[1], b[1], c3, c1, c2);
+ mul_add_c(a[0], b[2], c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ mul_add_c(a[0], b[3], c1, c2, c3);
+ mul_add_c(a[1], b[2], c1, c2, c3);
+ mul_add_c(a[2], b[1], c1, c2, c3);
+ mul_add_c(a[3], b[0], c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ mul_add_c(a[4], b[0], c2, c3, c1);
+ mul_add_c(a[3], b[1], c2, c3, c1);
+ mul_add_c(a[2], b[2], c2, c3, c1);
+ mul_add_c(a[1], b[3], c2, c3, c1);
+ mul_add_c(a[0], b[4], c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ mul_add_c(a[0], b[5], c3, c1, c2);
+ mul_add_c(a[1], b[4], c3, c1, c2);
+ mul_add_c(a[2], b[3], c3, c1, c2);
+ mul_add_c(a[3], b[2], c3, c1, c2);
+ mul_add_c(a[4], b[1], c3, c1, c2);
+ mul_add_c(a[5], b[0], c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ mul_add_c(a[6], b[0], c1, c2, c3);
+ mul_add_c(a[5], b[1], c1, c2, c3);
+ mul_add_c(a[4], b[2], c1, c2, c3);
+ mul_add_c(a[3], b[3], c1, c2, c3);
+ mul_add_c(a[2], b[4], c1, c2, c3);
+ mul_add_c(a[1], b[5], c1, c2, c3);
+ mul_add_c(a[0], b[6], c1, c2, c3);
+ r[6] = c1;
+ c1 = 0;
+ mul_add_c(a[0], b[7], c2, c3, c1);
+ mul_add_c(a[1], b[6], c2, c3, c1);
+ mul_add_c(a[2], b[5], c2, c3, c1);
+ mul_add_c(a[3], b[4], c2, c3, c1);
+ mul_add_c(a[4], b[3], c2, c3, c1);
+ mul_add_c(a[5], b[2], c2, c3, c1);
+ mul_add_c(a[6], b[1], c2, c3, c1);
+ mul_add_c(a[7], b[0], c2, c3, c1);
+ r[7] = c2;
+ c2 = 0;
+ mul_add_c(a[7], b[1], c3, c1, c2);
+ mul_add_c(a[6], b[2], c3, c1, c2);
+ mul_add_c(a[5], b[3], c3, c1, c2);
+ mul_add_c(a[4], b[4], c3, c1, c2);
+ mul_add_c(a[3], b[5], c3, c1, c2);
+ mul_add_c(a[2], b[6], c3, c1, c2);
+ mul_add_c(a[1], b[7], c3, c1, c2);
+ r[8] = c3;
+ c3 = 0;
+ mul_add_c(a[2], b[7], c1, c2, c3);
+ mul_add_c(a[3], b[6], c1, c2, c3);
+ mul_add_c(a[4], b[5], c1, c2, c3);
+ mul_add_c(a[5], b[4], c1, c2, c3);
+ mul_add_c(a[6], b[3], c1, c2, c3);
+ mul_add_c(a[7], b[2], c1, c2, c3);
+ r[9] = c1;
+ c1 = 0;
+ mul_add_c(a[7], b[3], c2, c3, c1);
+ mul_add_c(a[6], b[4], c2, c3, c1);
+ mul_add_c(a[5], b[5], c2, c3, c1);
+ mul_add_c(a[4], b[6], c2, c3, c1);
+ mul_add_c(a[3], b[7], c2, c3, c1);
+ r[10] = c2;
+ c2 = 0;
+ mul_add_c(a[4], b[7], c3, c1, c2);
+ mul_add_c(a[5], b[6], c3, c1, c2);
+ mul_add_c(a[6], b[5], c3, c1, c2);
+ mul_add_c(a[7], b[4], c3, c1, c2);
+ r[11] = c3;
+ c3 = 0;
+ mul_add_c(a[7], b[5], c1, c2, c3);
+ mul_add_c(a[6], b[6], c1, c2, c3);
+ mul_add_c(a[5], b[7], c1, c2, c3);
+ r[12] = c1;
+ c1 = 0;
+ mul_add_c(a[6], b[7], c2, c3, c1);
+ mul_add_c(a[7], b[6], c2, c3, c1);
+ r[13] = c2;
+ c2 = 0;
+ mul_add_c(a[7], b[7], c3, c1, c2);
+ r[14] = c3;
+ r[15] = c1;
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ mul_add_c(a[0], b[0], c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ mul_add_c(a[0], b[1], c2, c3, c1);
+ mul_add_c(a[1], b[0], c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ mul_add_c(a[2], b[0], c3, c1, c2);
+ mul_add_c(a[1], b[1], c3, c1, c2);
+ mul_add_c(a[0], b[2], c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ mul_add_c(a[0], b[3], c1, c2, c3);
+ mul_add_c(a[1], b[2], c1, c2, c3);
+ mul_add_c(a[2], b[1], c1, c2, c3);
+ mul_add_c(a[3], b[0], c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ mul_add_c(a[3], b[1], c2, c3, c1);
+ mul_add_c(a[2], b[2], c2, c3, c1);
+ mul_add_c(a[1], b[3], c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ mul_add_c(a[2], b[3], c3, c1, c2);
+ mul_add_c(a[3], b[2], c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ mul_add_c(a[3], b[3], c1, c2, c3);
+ r[6] = c1;
+ r[7] = c2;
+}
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ sqr_add_c(a, 0, c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 1, 0, c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ sqr_add_c(a, 1, c3, c1, c2);
+ sqr_add_c2(a, 2, 0, c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ sqr_add_c2(a, 3, 0, c1, c2, c3);
+ sqr_add_c2(a, 2, 1, c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ sqr_add_c(a, 2, c2, c3, c1);
+ sqr_add_c2(a, 3, 1, c2, c3, c1);
+ sqr_add_c2(a, 4, 0, c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ sqr_add_c2(a, 5, 0, c3, c1, c2);
+ sqr_add_c2(a, 4, 1, c3, c1, c2);
+ sqr_add_c2(a, 3, 2, c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ sqr_add_c(a, 3, c1, c2, c3);
+ sqr_add_c2(a, 4, 2, c1, c2, c3);
+ sqr_add_c2(a, 5, 1, c1, c2, c3);
+ sqr_add_c2(a, 6, 0, c1, c2, c3);
+ r[6] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 7, 0, c2, c3, c1);
+ sqr_add_c2(a, 6, 1, c2, c3, c1);
+ sqr_add_c2(a, 5, 2, c2, c3, c1);
+ sqr_add_c2(a, 4, 3, c2, c3, c1);
+ r[7] = c2;
+ c2 = 0;
+ sqr_add_c(a, 4, c3, c1, c2);
+ sqr_add_c2(a, 5, 3, c3, c1, c2);
+ sqr_add_c2(a, 6, 2, c3, c1, c2);
+ sqr_add_c2(a, 7, 1, c3, c1, c2);
+ r[8] = c3;
+ c3 = 0;
+ sqr_add_c2(a, 7, 2, c1, c2, c3);
+ sqr_add_c2(a, 6, 3, c1, c2, c3);
+ sqr_add_c2(a, 5, 4, c1, c2, c3);
+ r[9] = c1;
+ c1 = 0;
+ sqr_add_c(a, 5, c2, c3, c1);
+ sqr_add_c2(a, 6, 4, c2, c3, c1);
+ sqr_add_c2(a, 7, 3, c2, c3, c1);
+ r[10] = c2;
+ c2 = 0;
+ sqr_add_c2(a, 7, 4, c3, c1, c2);
+ sqr_add_c2(a, 6, 5, c3, c1, c2);
+ r[11] = c3;
+ c3 = 0;
+ sqr_add_c(a, 6, c1, c2, c3);
+ sqr_add_c2(a, 7, 5, c1, c2, c3);
+ r[12] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 7, 6, c2, c3, c1);
+ r[13] = c2;
+ c2 = 0;
+ sqr_add_c(a, 7, c3, c1, c2);
+ r[14] = c3;
+ r[15] = c1;
+}
+
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ sqr_add_c(a, 0, c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 1, 0, c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ sqr_add_c(a, 1, c3, c1, c2);
+ sqr_add_c2(a, 2, 0, c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ sqr_add_c2(a, 3, 0, c1, c2, c3);
+ sqr_add_c2(a, 2, 1, c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ sqr_add_c(a, 2, c2, c3, c1);
+ sqr_add_c2(a, 3, 1, c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ sqr_add_c2(a, 3, 2, c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ sqr_add_c(a, 3, c1, c2, c3);
+ r[6] = c1;
+ r[7] = c2;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,866 +0,0 @@
-/* crypto/bn/bn.h */
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the Eric Young open source
- * license provided above.
- *
- * The binary polynomial arithmetic software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#ifndef HEADER_BN_H
-#define HEADER_BN_H
-
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h> /* FILE */
-#endif
-#include <openssl/ossl_typ.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* These preprocessor symbols control various aspects of the bignum headers and
- * library code. They're not defined by any "normal" configuration, as they are
- * intended for development and testing purposes. NB: defining all three can be
- * useful for debugging application code as well as openssl itself.
- *
- * BN_DEBUG - turn on various debugging alterations to the bignum code
- * BN_DEBUG_RAND - uses random poisoning of unused words to trip up
- * mismanagement of bignum internals. You must also define BN_DEBUG.
- */
-/* #define BN_DEBUG */
-/* #define BN_DEBUG_RAND */
-
-#define BN_MUL_COMBA
-#define BN_SQR_COMBA
-#define BN_RECURSION
-
-/* This next option uses the C libraries (2 word)/(1 word) function.
- * If it is not defined, I use my C version (which is slower).
- * The reason for this flag is that when the particular C compiler
- * library routine is used, and the library is linked with a different
- * compiler, the library is missing. This mostly happens when the
- * library is built with gcc and then linked using normal cc. This would
- * be a common occurrence because gcc normally produces code that is
- * 2 times faster than system compilers for the big number stuff.
- * For machines with only one compiler (or shared libraries), this should
- * be on. Again this in only really a problem on machines
- * using "long long's", are 32bit, and are not using my assembler code. */
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
- defined(OPENSSL_SYS_WIN32) || defined(linux)
-# ifndef BN_DIV2W
-# define BN_DIV2W
-# endif
-#endif
-
-/* assuming long is 64bit - this is the DEC Alpha
- * unsigned long long is only 64 bits :-(, don't define
- * BN_LLONG for the DEC Alpha */
-#ifdef SIXTY_FOUR_BIT_LONG
-#define BN_ULLONG unsigned long long
-#define BN_ULONG unsigned long
-#define BN_LONG long
-#define BN_BITS 128
-#define BN_BYTES 8
-#define BN_BITS2 64
-#define BN_BITS4 32
-#define BN_MASK (0xffffffffffffffffffffffffffffffffLL)
-#define BN_MASK2 (0xffffffffffffffffL)
-#define BN_MASK2l (0xffffffffL)
-#define BN_MASK2h (0xffffffff00000000L)
-#define BN_MASK2h1 (0xffffffff80000000L)
-#define BN_TBIT (0x8000000000000000L)
-#define BN_DEC_CONV (10000000000000000000UL)
-#define BN_DEC_FMT1 "%lu"
-#define BN_DEC_FMT2 "%019lu"
-#define BN_DEC_NUM 19
-#endif
-
-/* This is where the long long data type is 64 bits, but long is 32.
- * For machines where there are 64bit registers, this is the mode to use.
- * IRIX, on R4000 and above should use this mode, along with the relevant
- * assembler code :-). Do NOT define BN_LLONG.
- */
-#ifdef SIXTY_FOUR_BIT
-#undef BN_LLONG
-#undef BN_ULLONG
-#define BN_ULONG unsigned long long
-#define BN_LONG long long
-#define BN_BITS 128
-#define BN_BYTES 8
-#define BN_BITS2 64
-#define BN_BITS4 32
-#define BN_MASK2 (0xffffffffffffffffLL)
-#define BN_MASK2l (0xffffffffL)
-#define BN_MASK2h (0xffffffff00000000LL)
-#define BN_MASK2h1 (0xffffffff80000000LL)
-#define BN_TBIT (0x8000000000000000LL)
-#define BN_DEC_CONV (10000000000000000000ULL)
-#define BN_DEC_FMT1 "%llu"
-#define BN_DEC_FMT2 "%019llu"
-#define BN_DEC_NUM 19
-#endif
-
-#ifdef THIRTY_TWO_BIT
-#ifdef BN_LLONG
-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
-# define BN_ULLONG unsigned __int64
-# else
-# define BN_ULLONG unsigned long long
-# endif
-#endif
-#define BN_ULONG unsigned long
-#define BN_LONG long
-#define BN_BITS 64
-#define BN_BYTES 4
-#define BN_BITS2 32
-#define BN_BITS4 16
-#ifdef OPENSSL_SYS_WIN32
-/* VC++ doesn't like the LL suffix */
-#define BN_MASK (0xffffffffffffffffL)
-#else
-#define BN_MASK (0xffffffffffffffffLL)
-#endif
-#define BN_MASK2 (0xffffffffL)
-#define BN_MASK2l (0xffff)
-#define BN_MASK2h1 (0xffff8000L)
-#define BN_MASK2h (0xffff0000L)
-#define BN_TBIT (0x80000000L)
-#define BN_DEC_CONV (1000000000L)
-#define BN_DEC_FMT1 "%lu"
-#define BN_DEC_FMT2 "%09lu"
-#define BN_DEC_NUM 9
-#endif
-
-#ifdef SIXTEEN_BIT
-#ifndef BN_DIV2W
-#define BN_DIV2W
-#endif
-#define BN_ULLONG unsigned long
-#define BN_ULONG unsigned short
-#define BN_LONG short
-#define BN_BITS 32
-#define BN_BYTES 2
-#define BN_BITS2 16
-#define BN_BITS4 8
-#define BN_MASK (0xffffffff)
-#define BN_MASK2 (0xffff)
-#define BN_MASK2l (0xff)
-#define BN_MASK2h1 (0xff80)
-#define BN_MASK2h (0xff00)
-#define BN_TBIT (0x8000)
-#define BN_DEC_CONV (100000)
-#define BN_DEC_FMT1 "%u"
-#define BN_DEC_FMT2 "%05u"
-#define BN_DEC_NUM 5
-#endif
-
-#ifdef EIGHT_BIT
-#ifndef BN_DIV2W
-#define BN_DIV2W
-#endif
-#define BN_ULLONG unsigned short
-#define BN_ULONG unsigned char
-#define BN_LONG char
-#define BN_BITS 16
-#define BN_BYTES 1
-#define BN_BITS2 8
-#define BN_BITS4 4
-#define BN_MASK (0xffff)
-#define BN_MASK2 (0xff)
-#define BN_MASK2l (0xf)
-#define BN_MASK2h1 (0xf8)
-#define BN_MASK2h (0xf0)
-#define BN_TBIT (0x80)
-#define BN_DEC_CONV (100)
-#define BN_DEC_FMT1 "%u"
-#define BN_DEC_FMT2 "%02u"
-#define BN_DEC_NUM 2
-#endif
-
-#define BN_DEFAULT_BITS 1280
-
-#define BN_FLG_MALLOCED 0x01
-#define BN_FLG_STATIC_DATA 0x02
-#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing,
- * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
- * BN_div() will call BN_div_no_branch,
- * BN_mod_inverse() will call BN_mod_inverse_no_branch.
- */
-
-#ifndef OPENSSL_NO_DEPRECATED
-#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */
- /* avoid leaking exponent information through timings
- * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
-#endif
-
-#ifndef OPENSSL_NO_DEPRECATED
-#define BN_FLG_FREE 0x8000 /* used for debuging */
-#endif
-#define BN_set_flags(b,n) ((b)->flags|=(n))
-#define BN_get_flags(b,n) ((b)->flags&(n))
-
-/* get a clone of a BIGNUM with changed flags, for *temporary* use only
- * (the two BIGNUMs cannot not be used in parallel!) */
-#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \
- (dest)->top=(b)->top, \
- (dest)->dmax=(b)->dmax, \
- (dest)->neg=(b)->neg, \
- (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
- | ((b)->flags & ~BN_FLG_MALLOCED) \
- | BN_FLG_STATIC_DATA \
- | (n)))
-
-/* Already declared in ossl_typ.h */
-#if 0
-typedef struct bignum_st BIGNUM;
-/* Used for temp variables (declaration hidden in bn_lcl.h) */
-typedef struct bignum_ctx BN_CTX;
-typedef struct bn_blinding_st BN_BLINDING;
-typedef struct bn_mont_ctx_st BN_MONT_CTX;
-typedef struct bn_recp_ctx_st BN_RECP_CTX;
-typedef struct bn_gencb_st BN_GENCB;
-#endif
-
-struct bignum_st
- {
- BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */
- int top; /* Index of last used d +1. */
- /* The next are internal book keeping for bn_expand. */
- int dmax; /* Size of the d array. */
- int neg; /* one if the number is negative */
- int flags;
- };
-
-/* Used for montgomery multiplication */
-struct bn_mont_ctx_st
- {
- int ri; /* number of bits in R */
- BIGNUM RR; /* used to convert to montgomery form */
- BIGNUM N; /* The modulus */
- BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1
- * (Ni is only stored for bignum algorithm) */
-#if 0
- /* OpenSSL 0.9.9 preview: */
- BN_ULONG n0[2];/* least significant word(s) of Ni */
-#else
- BN_ULONG n0; /* least significant word of Ni */
-#endif
- int flags;
- };
-
-/* Used for reciprocal division/mod functions
- * It cannot be shared between threads
- */
-struct bn_recp_ctx_st
- {
- BIGNUM N; /* the divisor */
- BIGNUM Nr; /* the reciprocal */
- int num_bits;
- int shift;
- int flags;
- };
-
-/* Used for slow "generation" functions. */
-struct bn_gencb_st
- {
- unsigned int ver; /* To handle binary (in)compatibility */
- void *arg; /* callback-specific data */
- union
- {
- /* if(ver==1) - handles old style callbacks */
- void (*cb_1)(int, int, void *);
- /* if(ver==2) - new callback style */
- int (*cb_2)(int, int, BN_GENCB *);
- } cb;
- };
-/* Wrapper function to make using BN_GENCB easier, */
-int BN_GENCB_call(BN_GENCB *cb, int a, int b);
-/* Macro to populate a BN_GENCB structure with an "old"-style callback */
-#define BN_GENCB_set_old(gencb, callback, cb_arg) { \
- BN_GENCB *tmp_gencb = (gencb); \
- tmp_gencb->ver = 1; \
- tmp_gencb->arg = (cb_arg); \
- tmp_gencb->cb.cb_1 = (callback); }
-/* Macro to populate a BN_GENCB structure with a "new"-style callback */
-#define BN_GENCB_set(gencb, callback, cb_arg) { \
- BN_GENCB *tmp_gencb = (gencb); \
- tmp_gencb->ver = 2; \
- tmp_gencb->arg = (cb_arg); \
- tmp_gencb->cb.cb_2 = (callback); }
-
-#define BN_prime_checks 0 /* default: select number of iterations
- based on the size of the number */
-
-/* number of Miller-Rabin iterations for an error rate of less than 2^-80
- * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
- * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
- * original paper: Damgaard, Landrock, Pomerance: Average case error estimates
- * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
-#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \
- (b) >= 850 ? 3 : \
- (b) >= 650 ? 4 : \
- (b) >= 550 ? 5 : \
- (b) >= 450 ? 6 : \
- (b) >= 400 ? 7 : \
- (b) >= 350 ? 8 : \
- (b) >= 300 ? 9 : \
- (b) >= 250 ? 12 : \
- (b) >= 200 ? 15 : \
- (b) >= 150 ? 18 : \
- /* b >= 100 */ 27)
-
-#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
-
-/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
-#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
- (((w) == 0) && ((a)->top == 0)))
-#define BN_is_zero(a) ((a)->top == 0)
-#define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg)
-#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
-#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1))
-
-#define BN_one(a) (BN_set_word((a),1))
-#define BN_zero_ex(a) \
- do { \
- BIGNUM *_tmp_bn = (a); \
- _tmp_bn->top = 0; \
- _tmp_bn->neg = 0; \
- } while(0)
-#ifdef OPENSSL_NO_DEPRECATED
-#define BN_zero(a) BN_zero_ex(a)
-#else
-#define BN_zero(a) (BN_set_word((a),0))
-#endif
-
-const BIGNUM *BN_value_one(void);
-char * BN_options(void);
-BN_CTX *BN_CTX_new(void);
-#ifndef OPENSSL_NO_DEPRECATED
-void BN_CTX_init(BN_CTX *c);
-#endif
-void BN_CTX_free(BN_CTX *c);
-void BN_CTX_start(BN_CTX *ctx);
-BIGNUM *BN_CTX_get(BN_CTX *ctx);
-void BN_CTX_end(BN_CTX *ctx);
-int BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
-int BN_num_bits(const BIGNUM *a);
-int BN_num_bits_word(BN_ULONG);
-BIGNUM *BN_new(void);
-void BN_init(BIGNUM *);
-void BN_clear_free(BIGNUM *a);
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
-void BN_swap(BIGNUM *a, BIGNUM *b);
-BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
-int BN_bn2bin(const BIGNUM *a, unsigned char *to);
-BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);
-int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
-/** BN_set_negative sets sign of a BIGNUM
- * \param b pointer to the BIGNUM object
- * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise
- */
-void BN_set_negative(BIGNUM *b, int n);
-/** BN_is_negative returns 1 if the BIGNUM is negative
- * \param a pointer to the BIGNUM object
- * \return 1 if a < 0 and 0 otherwise
- */
-#define BN_is_negative(a) ((a)->neg != 0)
-
-int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
- BN_CTX *ctx);
-#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
-int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const BIGNUM *m, BN_CTX *ctx);
-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);
-int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
-
-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
-int BN_mul_word(BIGNUM *a, BN_ULONG w);
-int BN_add_word(BIGNUM *a, BN_ULONG w);
-int BN_sub_word(BIGNUM *a, BN_ULONG w);
-int BN_set_word(BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_get_word(const BIGNUM *a);
-
-int BN_cmp(const BIGNUM *a, const BIGNUM *b);
-void BN_free(BIGNUM *a);
-int BN_is_bit_set(const BIGNUM *a, int n);
-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
-int BN_lshift1(BIGNUM *r, const BIGNUM *a);
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
-
-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m,BN_CTX *ctx);
-int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
-int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
- const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
- BN_CTX *ctx,BN_MONT_CTX *m_ctx);
-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m,BN_CTX *ctx);
-
-int BN_mask_bits(BIGNUM *a,int n);
-#ifndef OPENSSL_NO_FP_API
-int BN_print_fp(FILE *fp, const BIGNUM *a);
-#endif
-#ifdef HEADER_BIO_H
-int BN_print(BIO *fp, const BIGNUM *a);
-#else
-int BN_print(void *fp, const BIGNUM *a);
-#endif
-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
-int BN_rshift1(BIGNUM *r, const BIGNUM *a);
-void BN_clear(BIGNUM *a);
-BIGNUM *BN_dup(const BIGNUM *a);
-int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
-int BN_set_bit(BIGNUM *a, int n);
-int BN_clear_bit(BIGNUM *a, int n);
-char * BN_bn2hex(const BIGNUM *a);
-char * BN_bn2dec(const BIGNUM *a);
-int BN_hex2bn(BIGNUM **a, const char *str);
-int BN_dec2bn(BIGNUM **a, const char *str);
-int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
-int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
-BIGNUM *BN_mod_inverse(BIGNUM *ret,
- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-BIGNUM *BN_mod_sqrt(BIGNUM *ret,
- const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-
-void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
-
-/* Deprecated versions */
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
- const BIGNUM *add, const BIGNUM *rem,
- void (*callback)(int,int,void *),void *cb_arg);
-int BN_is_prime(const BIGNUM *p,int nchecks,
- void (*callback)(int,int,void *),
- BN_CTX *ctx,void *cb_arg);
-int BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
- void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
- int do_trial_division);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* Newer versions */
-int BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
- const BIGNUM *rem, BN_GENCB *cb);
-int BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
-int BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
- int do_trial_division, BN_GENCB *cb);
-
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
-
-int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
- const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- BIGNUM *Xp1, BIGNUM *Xp2,
- const BIGNUM *Xp,
- const BIGNUM *e, BN_CTX *ctx,
- BN_GENCB *cb);
-
-BN_MONT_CTX *BN_MONT_CTX_new(void );
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
- BN_MONT_CTX *mont, BN_CTX *ctx);
-#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\
- (r),(a),&((mont)->RR),(mont),(ctx))
-int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
- BN_MONT_CTX *mont, BN_CTX *ctx);
-void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
- const BIGNUM *mod, BN_CTX *ctx);
-
-/* BN_BLINDING flags */
-#define BN_BLINDING_NO_UPDATE 0x00000001
-#define BN_BLINDING_NO_RECREATE 0x00000002
-
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod);
-void BN_BLINDING_free(BN_BLINDING *b);
-int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
-void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
-void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx);
-
-#ifndef OPENSSL_NO_DEPRECATED
-void BN_set_params(int mul,int high,int low,int mont);
-int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
-#endif
-
-void BN_RECP_CTX_init(BN_RECP_CTX *recp);
-BN_RECP_CTX *BN_RECP_CTX_new(void);
-void BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
- BN_RECP_CTX *recp,BN_CTX *ctx);
-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
- BN_RECP_CTX *recp, BN_CTX *ctx);
-
-/* Functions for arithmetic over binary polynomials represented by BIGNUMs.
- *
- * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
- * ignored.
- *
- * Note that input arguments are not const so that their bit arrays can
- * be expanded to the appropriate size if needed.
- */
-
-int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/
-#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
-int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/
-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */
-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- BN_CTX *ctx); /* r = (a * a) mod p */
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
- BN_CTX *ctx); /* r = (1 / b) mod p */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */
-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */
-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- BN_CTX *ctx); /* r = sqrt(a) mod p */
-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- BN_CTX *ctx); /* r^2 + r = a mod p */
-#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/* Some functions allow for representation of the irreducible polynomials
- * as an unsigned int[], say p. The irreducible f(t) is then of the form:
- * t^p[0] + t^p[1] + ... + t^p[k]
- * where m = p[0] > p[1] > ... > p[k] = 0.
- */
-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]);
- /* r = a mod p */
-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */
-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
- BN_CTX *ctx); /* r = (a * a) mod p */
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[],
- BN_CTX *ctx); /* r = (1 / b) mod p */
-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */
-int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
-int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
- const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
- const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
-int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max);
-int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a);
-
-/* faster mod functions for the 'NIST primes'
- * 0 <= a < p^2 */
-int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-
-const BIGNUM *BN_get0_nist_prime_192(void);
-const BIGNUM *BN_get0_nist_prime_224(void);
-const BIGNUM *BN_get0_nist_prime_256(void);
-const BIGNUM *BN_get0_nist_prime_384(void);
-const BIGNUM *BN_get0_nist_prime_521(void);
-
-/* library internal functions */
-
-#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
- (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
-#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
-BIGNUM *bn_expand2(BIGNUM *a, int words);
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
-#endif
-
-/* Bignum consistency macros
- * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
- * bignum data after direct manipulations on the data. There is also an
- * "internal" macro, bn_check_top(), for verifying that there are no leading
- * zeroes. Unfortunately, some auditing is required due to the fact that
- * bn_fix_top() has become an overabused duct-tape because bignum data is
- * occasionally passed around in an inconsistent state. So the following
- * changes have been made to sort this out;
- * - bn_fix_top()s implementation has been moved to bn_correct_top()
- * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
- * bn_check_top() is as before.
- * - if BN_DEBUG *is* defined;
- * - bn_check_top() tries to pollute unused words even if the bignum 'top' is
- * consistent. (ed: only if BN_DEBUG_RAND is defined)
- * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
- * The idea is to have debug builds flag up inconsistent bignums when they
- * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
- * the use of bn_fix_top() was appropriate (ie. it follows directly after code
- * that manipulates the bignum) it is converted to bn_correct_top(), and if it
- * was not appropriate, we convert it permanently to bn_check_top() and track
- * down the cause of the bug. Eventually, no internal code should be using the
- * bn_fix_top() macro. External applications and libraries should try this with
- * their own code too, both in terms of building against the openssl headers
- * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
- * defined. This not only improves external code, it provides more test
- * coverage for openssl's own code.
- */
-
-#ifdef BN_DEBUG
-
-/* We only need assert() when debugging */
-#include <assert.h>
-
-#ifdef BN_DEBUG_RAND
-/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
-#ifndef RAND_pseudo_bytes
-int RAND_pseudo_bytes(unsigned char *buf,int num);
-#define BN_DEBUG_TRIX
-#endif
-#define bn_pollute(a) \
- do { \
- const BIGNUM *_bnum1 = (a); \
- if(_bnum1->top < _bnum1->dmax) { \
- unsigned char _tmp_char; \
- /* We cast away const without the compiler knowing, any \
- * *genuinely* constant variables that aren't mutable \
- * wouldn't be constructed with top!=dmax. */ \
- BN_ULONG *_not_const; \
- memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
- RAND_pseudo_bytes(&_tmp_char, 1); \
- memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
- (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
- } \
- } while(0)
-#ifdef BN_DEBUG_TRIX
-#undef RAND_pseudo_bytes
-#endif
-#else
-#define bn_pollute(a)
-#endif
-#define bn_check_top(a) \
- do { \
- const BIGNUM *_bnum2 = (a); \
- if (_bnum2 != NULL) { \
- assert((_bnum2->top == 0) || \
- (_bnum2->d[_bnum2->top - 1] != 0)); \
- bn_pollute(_bnum2); \
- } \
- } while(0)
-
-#define bn_fix_top(a) bn_check_top(a)
-
-#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
-#define bn_wcheck_size(bn, words) \
- do { \
- const BIGNUM *_bnum2 = (bn); \
- assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
- } while(0)
-
-#else /* !BN_DEBUG */
-
-#define bn_pollute(a)
-#define bn_check_top(a)
-#define bn_fix_top(a) bn_correct_top(a)
-#define bn_check_size(bn, bits)
-#define bn_wcheck_size(bn, words)
-
-#endif
-
-#define bn_correct_top(a) \
- { \
- BN_ULONG *ftl; \
- if ((a)->top > 0) \
- { \
- for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
- if (*(ftl--)) break; \
- } \
- bn_pollute(a); \
- }
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
-void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
-
-/* Primes from RFC 2409 */
-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
-
-/* Primes from RFC 3526 */
-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
-
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BN_strings(void);
-
-/* Error codes for the BN functions. */
-
-/* Function codes. */
-#define BN_F_BNRAND 127
-#define BN_F_BN_BLINDING_CONVERT_EX 100
-#define BN_F_BN_BLINDING_CREATE_PARAM 128
-#define BN_F_BN_BLINDING_INVERT_EX 101
-#define BN_F_BN_BLINDING_NEW 102
-#define BN_F_BN_BLINDING_UPDATE 103
-#define BN_F_BN_BN2DEC 104
-#define BN_F_BN_BN2HEX 105
-#define BN_F_BN_CTX_GET 116
-#define BN_F_BN_CTX_NEW 106
-#define BN_F_BN_CTX_START 129
-#define BN_F_BN_DIV 107
-#define BN_F_BN_DIV_NO_BRANCH 138
-#define BN_F_BN_DIV_RECP 130
-#define BN_F_BN_EXP 123
-#define BN_F_BN_EXPAND2 108
-#define BN_F_BN_EXPAND_INTERNAL 120
-#define BN_F_BN_GF2M_MOD 131
-#define BN_F_BN_GF2M_MOD_EXP 132
-#define BN_F_BN_GF2M_MOD_MUL 133
-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134
-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135
-#define BN_F_BN_GF2M_MOD_SQR 136
-#define BN_F_BN_GF2M_MOD_SQRT 137
-#define BN_F_BN_MOD_EXP2_MONT 118
-#define BN_F_BN_MOD_EXP_MONT 109
-#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
-#define BN_F_BN_MOD_EXP_MONT_WORD 117
-#define BN_F_BN_MOD_EXP_RECP 125
-#define BN_F_BN_MOD_EXP_SIMPLE 126
-#define BN_F_BN_MOD_INVERSE 110
-#define BN_F_BN_MOD_INVERSE_NO_BRANCH 139
-#define BN_F_BN_MOD_LSHIFT_QUICK 119
-#define BN_F_BN_MOD_MUL_RECIPROCAL 111
-#define BN_F_BN_MOD_SQRT 121
-#define BN_F_BN_MPI2BN 112
-#define BN_F_BN_NEW 113
-#define BN_F_BN_RAND 114
-#define BN_F_BN_RAND_RANGE 122
-#define BN_F_BN_USUB 115
-
-/* Reason codes. */
-#define BN_R_ARG2_LT_ARG3 100
-#define BN_R_BAD_RECIPROCAL 101
-#define BN_R_BIGNUM_TOO_LONG 114
-#define BN_R_CALLED_WITH_EVEN_MODULUS 102
-#define BN_R_DIV_BY_ZERO 103
-#define BN_R_ENCODING_ERROR 104
-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105
-#define BN_R_INPUT_NOT_REDUCED 110
-#define BN_R_INVALID_LENGTH 106
-#define BN_R_INVALID_RANGE 115
-#define BN_R_NOT_A_SQUARE 111
-#define BN_R_NOT_INITIALIZED 107
-#define BN_R_NO_INVERSE 108
-#define BN_R_NO_SOLUTION 116
-#define BN_R_P_IS_NOT_PRIME 112
-#define BN_R_TOO_MANY_ITERATIONS 113
-#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn.h (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,913 @@
+/* crypto/bn/bn.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the Eric Young open source
+ * license provided above.
+ *
+ * The binary polynomial arithmetic software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#ifndef HEADER_BN_H
+# define HEADER_BN_H
+
+# include <openssl/e_os2.h>
+# ifndef OPENSSL_NO_FP_API
+# include <stdio.h> /* FILE */
+# endif
+# include <openssl/ossl_typ.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * These preprocessor symbols control various aspects of the bignum headers
+ * and library code. They're not defined by any "normal" configuration, as
+ * they are intended for development and testing purposes. NB: defining all
+ * three can be useful for debugging application code as well as openssl
+ * itself. BN_DEBUG - turn on various debugging alterations to the bignum
+ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up
+ * mismanagement of bignum internals. You must also define BN_DEBUG.
+ */
+/* #define BN_DEBUG */
+/* #define BN_DEBUG_RAND */
+
+# define BN_MUL_COMBA
+# define BN_SQR_COMBA
+# define BN_RECURSION
+
+/*
+ * This next option uses the C libraries (2 word)/(1 word) function. If it is
+ * not defined, I use my C version (which is slower). The reason for this
+ * flag is that when the particular C compiler library routine is used, and
+ * the library is linked with a different compiler, the library is missing.
+ * This mostly happens when the library is built with gcc and then linked
+ * using normal cc. This would be a common occurrence because gcc normally
+ * produces code that is 2 times faster than system compilers for the big
+ * number stuff. For machines with only one compiler (or shared libraries),
+ * this should be on. Again this in only really a problem on machines using
+ * "long long's", are 32bit, and are not using my assembler code.
+ */
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
+ defined(OPENSSL_SYS_WIN32) || defined(linux)
+# ifndef BN_DIV2W
+# define BN_DIV2W
+# endif
+# endif
+
+/*
+ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
+ */
+# ifdef SIXTY_FOUR_BIT_LONG
+# define BN_ULLONG unsigned long long
+# define BN_ULONG unsigned long
+# define BN_LONG long
+# define BN_BITS 128
+# define BN_BYTES 8
+# define BN_BITS2 64
+# define BN_BITS4 32
+# define BN_MASK (0xffffffffffffffffffffffffffffffffLL)
+# define BN_MASK2 (0xffffffffffffffffL)
+# define BN_MASK2l (0xffffffffL)
+# define BN_MASK2h (0xffffffff00000000L)
+# define BN_MASK2h1 (0xffffffff80000000L)
+# define BN_TBIT (0x8000000000000000L)
+# define BN_DEC_CONV (10000000000000000000UL)
+# define BN_DEC_FMT1 "%lu"
+# define BN_DEC_FMT2 "%019lu"
+# define BN_DEC_NUM 19
+# endif
+
+/*
+ * This is where the long long data type is 64 bits, but long is 32. For
+ * machines where there are 64bit registers, this is the mode to use. IRIX,
+ * on R4000 and above should use this mode, along with the relevant assembler
+ * code :-). Do NOT define BN_LLONG.
+ */
+# ifdef SIXTY_FOUR_BIT
+# undef BN_LLONG
+# undef BN_ULLONG
+# define BN_ULONG unsigned long long
+# define BN_LONG long long
+# define BN_BITS 128
+# define BN_BYTES 8
+# define BN_BITS2 64
+# define BN_BITS4 32
+# define BN_MASK2 (0xffffffffffffffffLL)
+# define BN_MASK2l (0xffffffffL)
+# define BN_MASK2h (0xffffffff00000000LL)
+# define BN_MASK2h1 (0xffffffff80000000LL)
+# define BN_TBIT (0x8000000000000000LL)
+# define BN_DEC_CONV (10000000000000000000ULL)
+# define BN_DEC_FMT1 "%llu"
+# define BN_DEC_FMT2 "%019llu"
+# define BN_DEC_NUM 19
+# endif
+
+# ifdef THIRTY_TWO_BIT
+# ifdef BN_LLONG
+# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+# define BN_ULLONG unsigned __int64
+# else
+# define BN_ULLONG unsigned long long
+# endif
+# endif
+# define BN_ULONG unsigned long
+# define BN_LONG long
+# define BN_BITS 64
+# define BN_BYTES 4
+# define BN_BITS2 32
+# define BN_BITS4 16
+# ifdef OPENSSL_SYS_WIN32
+/* VC++ doesn't like the LL suffix */
+# define BN_MASK (0xffffffffffffffffL)
+# else
+# define BN_MASK (0xffffffffffffffffLL)
+# endif
+# define BN_MASK2 (0xffffffffL)
+# define BN_MASK2l (0xffff)
+# define BN_MASK2h1 (0xffff8000L)
+# define BN_MASK2h (0xffff0000L)
+# define BN_TBIT (0x80000000L)
+# define BN_DEC_CONV (1000000000L)
+# define BN_DEC_FMT1 "%lu"
+# define BN_DEC_FMT2 "%09lu"
+# define BN_DEC_NUM 9
+# endif
+
+# ifdef SIXTEEN_BIT
+# ifndef BN_DIV2W
+# define BN_DIV2W
+# endif
+# define BN_ULLONG unsigned long
+# define BN_ULONG unsigned short
+# define BN_LONG short
+# define BN_BITS 32
+# define BN_BYTES 2
+# define BN_BITS2 16
+# define BN_BITS4 8
+# define BN_MASK (0xffffffff)
+# define BN_MASK2 (0xffff)
+# define BN_MASK2l (0xff)
+# define BN_MASK2h1 (0xff80)
+# define BN_MASK2h (0xff00)
+# define BN_TBIT (0x8000)
+# define BN_DEC_CONV (100000)
+# define BN_DEC_FMT1 "%u"
+# define BN_DEC_FMT2 "%05u"
+# define BN_DEC_NUM 5
+# endif
+
+# ifdef EIGHT_BIT
+# ifndef BN_DIV2W
+# define BN_DIV2W
+# endif
+# define BN_ULLONG unsigned short
+# define BN_ULONG unsigned char
+# define BN_LONG char
+# define BN_BITS 16
+# define BN_BYTES 1
+# define BN_BITS2 8
+# define BN_BITS4 4
+# define BN_MASK (0xffff)
+# define BN_MASK2 (0xff)
+# define BN_MASK2l (0xf)
+# define BN_MASK2h1 (0xf8)
+# define BN_MASK2h (0xf0)
+# define BN_TBIT (0x80)
+# define BN_DEC_CONV (100)
+# define BN_DEC_FMT1 "%u"
+# define BN_DEC_FMT2 "%02u"
+# define BN_DEC_NUM 2
+# endif
+
+# define BN_DEFAULT_BITS 1280
+
+# define BN_FLG_MALLOCED 0x01
+# define BN_FLG_STATIC_DATA 0x02
+
+/*
+ * avoid leaking exponent information through timing,
+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
+ * BN_div() will call BN_div_no_branch,
+ * BN_mod_inverse() will call BN_mod_inverse_no_branch.
+ */
+# define BN_FLG_CONSTTIME 0x04
+
+# ifdef OPENSSL_NO_DEPRECATED
+/* deprecated name for the flag */
+# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
+/*
+ * avoid leaking exponent information through timings
+ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime)
+ */
+# endif
+
+# ifndef OPENSSL_NO_DEPRECATED
+# define BN_FLG_FREE 0x8000
+ /* used for debuging */
+# endif
+# define BN_set_flags(b,n) ((b)->flags|=(n))
+# define BN_get_flags(b,n) ((b)->flags&(n))
+
+/*
+ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the
+ * two BIGNUMs cannot not be used in parallel!)
+ */
+# define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \
+ (dest)->top=(b)->top, \
+ (dest)->dmax=(b)->dmax, \
+ (dest)->neg=(b)->neg, \
+ (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \
+ | ((b)->flags & ~BN_FLG_MALLOCED) \
+ | BN_FLG_STATIC_DATA \
+ | (n)))
+
+/* Already declared in ossl_typ.h */
+# if 0
+typedef struct bignum_st BIGNUM;
+/* Used for temp variables (declaration hidden in bn_lcl.h) */
+typedef struct bignum_ctx BN_CTX;
+typedef struct bn_blinding_st BN_BLINDING;
+typedef struct bn_mont_ctx_st BN_MONT_CTX;
+typedef struct bn_recp_ctx_st BN_RECP_CTX;
+typedef struct bn_gencb_st BN_GENCB;
+# endif
+
+struct bignum_st {
+ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit
+ * chunks. */
+ int top; /* Index of last used d +1. */
+ /* The next are internal book keeping for bn_expand. */
+ int dmax; /* Size of the d array. */
+ int neg; /* one if the number is negative */
+ int flags;
+};
+
+/* Used for montgomery multiplication */
+struct bn_mont_ctx_st {
+ int ri; /* number of bits in R */
+ BIGNUM RR; /* used to convert to montgomery form */
+ BIGNUM N; /* The modulus */
+ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only
+ * stored for bignum algorithm) */
+# if 0
+ /* OpenSSL 0.9.9 preview: */
+ BN_ULONG n0[2]; /* least significant word(s) of Ni */
+# else
+ BN_ULONG n0; /* least significant word of Ni */
+# endif
+ int flags;
+};
+
+/*
+ * Used for reciprocal division/mod functions It cannot be shared between
+ * threads
+ */
+struct bn_recp_ctx_st {
+ BIGNUM N; /* the divisor */
+ BIGNUM Nr; /* the reciprocal */
+ int num_bits;
+ int shift;
+ int flags;
+};
+
+/* Used for slow "generation" functions. */
+struct bn_gencb_st {
+ unsigned int ver; /* To handle binary (in)compatibility */
+ void *arg; /* callback-specific data */
+ union {
+ /* if(ver==1) - handles old style callbacks */
+ void (*cb_1) (int, int, void *);
+ /* if(ver==2) - new callback style */
+ int (*cb_2) (int, int, BN_GENCB *);
+ } cb;
+};
+/* Wrapper function to make using BN_GENCB easier, */
+int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+/* Macro to populate a BN_GENCB structure with an "old"-style callback */
+# define BN_GENCB_set_old(gencb, callback, cb_arg) { \
+ BN_GENCB *tmp_gencb = (gencb); \
+ tmp_gencb->ver = 1; \
+ tmp_gencb->arg = (cb_arg); \
+ tmp_gencb->cb.cb_1 = (callback); }
+/* Macro to populate a BN_GENCB structure with a "new"-style callback */
+# define BN_GENCB_set(gencb, callback, cb_arg) { \
+ BN_GENCB *tmp_gencb = (gencb); \
+ tmp_gencb->ver = 2; \
+ tmp_gencb->arg = (cb_arg); \
+ tmp_gencb->cb.cb_2 = (callback); }
+
+# define BN_prime_checks 0 /* default: select number of iterations based
+ * on the size of the number */
+
+/*
+ * number of Miller-Rabin iterations for an error rate of less than 2^-80 for
+ * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of
+ * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
+ * original paper: Damgaard, Landrock, Pomerance: Average case error
+ * estimates for the strong probable prime test. -- Math. Comp. 61 (1993)
+ * 177-194)
+ */
+# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \
+ (b) >= 850 ? 3 : \
+ (b) >= 650 ? 4 : \
+ (b) >= 550 ? 5 : \
+ (b) >= 450 ? 6 : \
+ (b) >= 400 ? 7 : \
+ (b) >= 350 ? 8 : \
+ (b) >= 300 ? 9 : \
+ (b) >= 250 ? 12 : \
+ (b) >= 200 ? 15 : \
+ (b) >= 150 ? 18 : \
+ /* b >= 100 */ 27)
+
+# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
+
+/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
+# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
+ (((w) == 0) && ((a)->top == 0)))
+# define BN_is_zero(a) ((a)->top == 0)
+# define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg)
+# define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
+# define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1))
+
+# define BN_one(a) (BN_set_word((a),1))
+# define BN_zero_ex(a) \
+ do { \
+ BIGNUM *_tmp_bn = (a); \
+ _tmp_bn->top = 0; \
+ _tmp_bn->neg = 0; \
+ } while(0)
+# ifdef OPENSSL_NO_DEPRECATED
+# define BN_zero(a) BN_zero_ex(a)
+# else
+# define BN_zero(a) (BN_set_word((a),0))
+# endif
+
+const BIGNUM *BN_value_one(void);
+char *BN_options(void);
+BN_CTX *BN_CTX_new(void);
+# ifndef OPENSSL_NO_DEPRECATED
+void BN_CTX_init(BN_CTX *c);
+# endif
+void BN_CTX_free(BN_CTX *c);
+void BN_CTX_start(BN_CTX *ctx);
+BIGNUM *BN_CTX_get(BN_CTX *ctx);
+void BN_CTX_end(BN_CTX *ctx);
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_num_bits(const BIGNUM *a);
+int BN_num_bits_word(BN_ULONG);
+BIGNUM *BN_new(void);
+void BN_init(BIGNUM *);
+void BN_clear_free(BIGNUM *a);
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+void BN_swap(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+/** BN_set_negative sets sign of a BIGNUM
+ * \param b pointer to the BIGNUM object
+ * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise
+ */
+void BN_set_negative(BIGNUM *b, int n);
+/** BN_is_negative returns 1 if the BIGNUM is negative
+ * \param a pointer to the BIGNUM object
+ * \return 1 if a < 0 and 0 otherwise
+ */
+# define BN_is_negative(a) ((a)->neg != 0)
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+ BN_CTX *ctx);
+# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx);
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *m);
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx);
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *m);
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx);
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
+ BN_CTX *ctx);
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+int BN_mul_word(BIGNUM *a, BN_ULONG w);
+int BN_add_word(BIGNUM *a, BN_ULONG w);
+int BN_sub_word(BIGNUM *a, BN_ULONG w);
+int BN_set_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_get_word(const BIGNUM *a);
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b);
+void BN_free(BIGNUM *a);
+int BN_is_bit_set(const BIGNUM *a, int n);
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_lshift1(BIGNUM *r, const BIGNUM *a);
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont);
+int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
+ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+int BN_mask_bits(BIGNUM *a, int n);
+# ifndef OPENSSL_NO_FP_API
+int BN_print_fp(FILE *fp, const BIGNUM *a);
+# endif
+# ifdef HEADER_BIO_H
+int BN_print(BIO *fp, const BIGNUM *a);
+# else
+int BN_print(void *fp, const BIGNUM *a);
+# endif
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_rshift1(BIGNUM *r, const BIGNUM *a);
+void BN_clear(BIGNUM *a);
+BIGNUM *BN_dup(const BIGNUM *a);
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
+int BN_set_bit(BIGNUM *a, int n);
+int BN_clear_bit(BIGNUM *a, int n);
+char *BN_bn2hex(const BIGNUM *a);
+char *BN_bn2dec(const BIGNUM *a);
+int BN_hex2bn(BIGNUM **a, const char *str);
+int BN_dec2bn(BIGNUM **a, const char *str);
+int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns
+ * -2 for
+ * error */
+BIGNUM *BN_mod_inverse(BIGNUM *ret,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
+/* Deprecated versions */
+# ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem,
+ void (*callback) (int, int, void *), void *cb_arg);
+int BN_is_prime(const BIGNUM *p, int nchecks,
+ void (*callback) (int, int, void *),
+ BN_CTX *ctx, void *cb_arg);
+int BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
+ void (*callback) (int, int, void *), BN_CTX *ctx,
+ void *cb_arg, int do_trial_division);
+# endif /* !defined(OPENSSL_NO_DEPRECATED) */
+
+/* Newer versions */
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+ const BIGNUM *rem, BN_GENCB *cb);
+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+ int do_trial_division, BN_GENCB *cb);
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ const BIGNUM *Xp, const BIGNUM *Xp1,
+ const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb);
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
+ BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
+ BN_CTX *ctx, BN_GENCB *cb);
+
+BN_MONT_CTX *BN_MONT_CTX_new(void);
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
+# define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\
+ (r),(a),&((mont)->RR),(mont),(ctx))
+int BN_from_montgomery(BIGNUM *r, const BIGNUM *a,
+ BN_MONT_CTX *mont, BN_CTX *ctx);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+ const BIGNUM *mod, BN_CTX *ctx);
+
+/* BN_BLINDING flags */
+# define BN_BLINDING_NO_UPDATE 0x00000001
+# define BN_BLINDING_NO_RECREATE 0x00000002
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+ BN_CTX *);
+unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
+void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+ int (*bn_mod_exp) (BIGNUM *r,
+ const BIGNUM *a,
+ const BIGNUM *p,
+ const BIGNUM *m,
+ BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx),
+ BN_MONT_CTX *m_ctx);
+
+# ifndef OPENSSL_NO_DEPRECATED
+void BN_set_params(int mul, int high, int low, int mont);
+int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
+# endif
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+ BN_RECP_CTX *recp, BN_CTX *ctx);
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+ BN_RECP_CTX *recp, BN_CTX *ctx);
+
+/*
+ * Functions for arithmetic over binary polynomials represented by BIGNUMs.
+ * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
+ * ignored. Note that input arguments are not const so that their bit arrays
+ * can be expanded to the appropriate size if needed.
+ */
+
+/*
+ * r = a + b
+ */
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
+/*
+ * r=a mod p
+ */
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *p, BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *p, BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *p, BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ BN_CTX *ctx);
+# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
+/*-
+ * Some functions allow for representation of the irreducible polynomials
+ * as an unsigned int[], say p. The irreducible f(t) is then of the form:
+ * t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+/* r = a mod p */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const unsigned int p[], BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
+ BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[],
+ BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const unsigned int p[], BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const unsigned int p[], BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
+ const unsigned int p[], BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
+ const unsigned int p[], BN_CTX *ctx);
+int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max);
+int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a);
+
+/*
+ * faster mod functions for the 'NIST primes' 0 <= a < p^2
+ */
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+const BIGNUM *BN_get0_nist_prime_192(void);
+const BIGNUM *BN_get0_nist_prime_224(void);
+const BIGNUM *BN_get0_nist_prime_256(void);
+const BIGNUM *BN_get0_nist_prime_384(void);
+const BIGNUM *BN_get0_nist_prime_521(void);
+
+/* library internal functions */
+
+# define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
+ (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
+# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+# ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
+# endif
+
+/*-
+ * Bignum consistency macros
+ * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
+ * bignum data after direct manipulations on the data. There is also an
+ * "internal" macro, bn_check_top(), for verifying that there are no leading
+ * zeroes. Unfortunately, some auditing is required due to the fact that
+ * bn_fix_top() has become an overabused duct-tape because bignum data is
+ * occasionally passed around in an inconsistent state. So the following
+ * changes have been made to sort this out;
+ * - bn_fix_top()s implementation has been moved to bn_correct_top()
+ * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
+ * bn_check_top() is as before.
+ * - if BN_DEBUG *is* defined;
+ * - bn_check_top() tries to pollute unused words even if the bignum 'top' is
+ * consistent. (ed: only if BN_DEBUG_RAND is defined)
+ * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
+ * The idea is to have debug builds flag up inconsistent bignums when they
+ * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
+ * the use of bn_fix_top() was appropriate (ie. it follows directly after code
+ * that manipulates the bignum) it is converted to bn_correct_top(), and if it
+ * was not appropriate, we convert it permanently to bn_check_top() and track
+ * down the cause of the bug. Eventually, no internal code should be using the
+ * bn_fix_top() macro. External applications and libraries should try this with
+ * their own code too, both in terms of building against the openssl headers
+ * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
+ * defined. This not only improves external code, it provides more test
+ * coverage for openssl's own code.
+ */
+
+# ifdef BN_DEBUG
+
+/* We only need assert() when debugging */
+# include <assert.h>
+
+# ifdef BN_DEBUG_RAND
+/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
+# ifndef RAND_pseudo_bytes
+int RAND_pseudo_bytes(unsigned char *buf, int num);
+# define BN_DEBUG_TRIX
+# endif
+# define bn_pollute(a) \
+ do { \
+ const BIGNUM *_bnum1 = (a); \
+ if(_bnum1->top < _bnum1->dmax) { \
+ unsigned char _tmp_char; \
+ /* We cast away const without the compiler knowing, any \
+ * *genuinely* constant variables that aren't mutable \
+ * wouldn't be constructed with top!=dmax. */ \
+ BN_ULONG *_not_const; \
+ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
+ RAND_pseudo_bytes(&_tmp_char, 1); \
+ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
+ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
+ } \
+ } while(0)
+# ifdef BN_DEBUG_TRIX
+# undef RAND_pseudo_bytes
+# endif
+# else
+# define bn_pollute(a)
+# endif
+# define bn_check_top(a) \
+ do { \
+ const BIGNUM *_bnum2 = (a); \
+ if (_bnum2 != NULL) { \
+ assert((_bnum2->top == 0) || \
+ (_bnum2->d[_bnum2->top - 1] != 0)); \
+ bn_pollute(_bnum2); \
+ } \
+ } while(0)
+
+# define bn_fix_top(a) bn_check_top(a)
+
+# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+# define bn_wcheck_size(bn, words) \
+ do { \
+ const BIGNUM *_bnum2 = (bn); \
+ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
+ } while(0)
+
+# else /* !BN_DEBUG */
+
+# define bn_pollute(a)
+# define bn_check_top(a)
+# define bn_fix_top(a) bn_correct_top(a)
+# define bn_check_size(bn, bits)
+# define bn_wcheck_size(bn, words)
+
+# endif
+
+# define bn_correct_top(a) \
+ { \
+ BN_ULONG *ftl; \
+ if ((a)->top > 0) \
+ { \
+ for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+ if (*(ftl--)) break; \
+ } \
+ bn_pollute(a); \
+ }
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+ BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ int num);
+
+/* Primes from RFC 2409 */
+BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
+BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
+
+/* Primes from RFC 3526 */
+BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
+BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
+
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BN_strings(void);
+
+/* Error codes for the BN functions. */
+
+/* Function codes. */
+# define BN_F_BNRAND 127
+# define BN_F_BN_BLINDING_CONVERT_EX 100
+# define BN_F_BN_BLINDING_CREATE_PARAM 128
+# define BN_F_BN_BLINDING_INVERT_EX 101
+# define BN_F_BN_BLINDING_NEW 102
+# define BN_F_BN_BLINDING_UPDATE 103
+# define BN_F_BN_BN2DEC 104
+# define BN_F_BN_BN2HEX 105
+# define BN_F_BN_CTX_GET 116
+# define BN_F_BN_CTX_NEW 106
+# define BN_F_BN_CTX_START 129
+# define BN_F_BN_DIV 107
+# define BN_F_BN_DIV_NO_BRANCH 138
+# define BN_F_BN_DIV_RECP 130
+# define BN_F_BN_EXP 123
+# define BN_F_BN_EXPAND2 108
+# define BN_F_BN_EXPAND_INTERNAL 120
+# define BN_F_BN_GF2M_MOD 131
+# define BN_F_BN_GF2M_MOD_EXP 132
+# define BN_F_BN_GF2M_MOD_MUL 133
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135
+# define BN_F_BN_GF2M_MOD_SQR 136
+# define BN_F_BN_GF2M_MOD_SQRT 137
+# define BN_F_BN_MOD_EXP2_MONT 118
+# define BN_F_BN_MOD_EXP_MONT 109
+# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124
+# define BN_F_BN_MOD_EXP_MONT_WORD 117
+# define BN_F_BN_MOD_EXP_RECP 125
+# define BN_F_BN_MOD_EXP_SIMPLE 126
+# define BN_F_BN_MOD_INVERSE 110
+# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139
+# define BN_F_BN_MOD_LSHIFT_QUICK 119
+# define BN_F_BN_MOD_MUL_RECIPROCAL 111
+# define BN_F_BN_MOD_SQRT 121
+# define BN_F_BN_MPI2BN 112
+# define BN_F_BN_NEW 113
+# define BN_F_BN_RAND 114
+# define BN_F_BN_RAND_RANGE 122
+# define BN_F_BN_USUB 115
+
+/* Reason codes. */
+# define BN_R_ARG2_LT_ARG3 100
+# define BN_R_BAD_RECIPROCAL 101
+# define BN_R_BIGNUM_TOO_LONG 114
+# define BN_R_CALLED_WITH_EVEN_MODULUS 102
+# define BN_R_DIV_BY_ZERO 103
+# define BN_R_ENCODING_ERROR 104
+# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105
+# define BN_R_INPUT_NOT_REDUCED 110
+# define BN_R_INVALID_LENGTH 106
+# define BN_R_INVALID_RANGE 115
+# define BN_R_NOT_A_SQUARE 111
+# define BN_R_NOT_INITIALIZED 107
+# define BN_R_NO_INVERSE 108
+# define BN_R_NO_SOLUTION 116
+# define BN_R_P_IS_NOT_PRIME 112
+# define BN_R_TOO_MANY_ITERATIONS 113
+# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_add.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_add.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_add.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,313 +0,0 @@
-/* crypto/bn/bn_add.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* r can == a or b */
-int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
- const BIGNUM *tmp;
- int a_neg = a->neg, ret;
-
- bn_check_top(a);
- bn_check_top(b);
-
- /* a + b a+b
- * a + -b a-b
- * -a + b b-a
- * -a + -b -(a+b)
- */
- if (a_neg ^ b->neg)
- {
- /* only one is negative */
- if (a_neg)
- { tmp=a; a=b; b=tmp; }
-
- /* we are now a - b */
-
- if (BN_ucmp(a,b) < 0)
- {
- if (!BN_usub(r,b,a)) return(0);
- r->neg=1;
- }
- else
- {
- if (!BN_usub(r,a,b)) return(0);
- r->neg=0;
- }
- return(1);
- }
-
- ret = BN_uadd(r,a,b);
- r->neg = a_neg;
- bn_check_top(r);
- return ret;
- }
-
-/* unsigned add of b to a */
-int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
- int max,min,dif;
- BN_ULONG *ap,*bp,*rp,carry,t1,t2;
- const BIGNUM *tmp;
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (a->top < b->top)
- { tmp=a; a=b; b=tmp; }
- max = a->top;
- min = b->top;
- dif = max - min;
-
- if (bn_wexpand(r,max+1) == NULL)
- return 0;
-
- r->top=max;
-
-
- ap=a->d;
- bp=b->d;
- rp=r->d;
-
- carry=bn_add_words(rp,ap,bp,min);
- rp+=min;
- ap+=min;
- bp+=min;
-
- if (carry)
- {
- while (dif)
- {
- dif--;
- t1 = *(ap++);
- t2 = (t1+1) & BN_MASK2;
- *(rp++) = t2;
- if (t2)
- {
- carry=0;
- break;
- }
- }
- if (carry)
- {
- /* carry != 0 => dif == 0 */
- *rp = 1;
- r->top++;
- }
- }
- if (dif && rp != ap)
- while (dif--)
- /* copy remaining words if ap != rp */
- *(rp++) = *(ap++);
- r->neg = 0;
- bn_check_top(r);
- return 1;
- }
-
-/* unsigned subtraction of b from a, a must be larger than b. */
-int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
- int max,min,dif;
- register BN_ULONG t1,t2,*ap,*bp,*rp;
- int i,carry;
-#if defined(IRIX_CC_BUG) && !defined(LINT)
- int dummy;
-#endif
-
- bn_check_top(a);
- bn_check_top(b);
-
- max = a->top;
- min = b->top;
- dif = max - min;
-
- if (dif < 0) /* hmm... should not be happening */
- {
- BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3);
- return(0);
- }
-
- if (bn_wexpand(r,max) == NULL) return(0);
-
- ap=a->d;
- bp=b->d;
- rp=r->d;
-
-#if 1
- carry=0;
- for (i = min; i != 0; i--)
- {
- t1= *(ap++);
- t2= *(bp++);
- if (carry)
- {
- carry=(t1 <= t2);
- t1=(t1-t2-1)&BN_MASK2;
- }
- else
- {
- carry=(t1 < t2);
- t1=(t1-t2)&BN_MASK2;
- }
-#if defined(IRIX_CC_BUG) && !defined(LINT)
- dummy=t1;
-#endif
- *(rp++)=t1&BN_MASK2;
- }
-#else
- carry=bn_sub_words(rp,ap,bp,min);
- ap+=min;
- bp+=min;
- rp+=min;
-#endif
- if (carry) /* subtracted */
- {
- if (!dif)
- /* error: a < b */
- return 0;
- while (dif)
- {
- dif--;
- t1 = *(ap++);
- t2 = (t1-1)&BN_MASK2;
- *(rp++) = t2;
- if (t1)
- break;
- }
- }
-#if 0
- memcpy(rp,ap,sizeof(*rp)*(max-i));
-#else
- if (rp != ap)
- {
- for (;;)
- {
- if (!dif--) break;
- rp[0]=ap[0];
- if (!dif--) break;
- rp[1]=ap[1];
- if (!dif--) break;
- rp[2]=ap[2];
- if (!dif--) break;
- rp[3]=ap[3];
- rp+=4;
- ap+=4;
- }
- }
-#endif
-
- r->top=max;
- r->neg=0;
- bn_correct_top(r);
- return(1);
- }
-
-int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
- int max;
- int add=0,neg=0;
- const BIGNUM *tmp;
-
- bn_check_top(a);
- bn_check_top(b);
-
- /* a - b a-b
- * a - -b a+b
- * -a - b -(a+b)
- * -a - -b b-a
- */
- if (a->neg)
- {
- if (b->neg)
- { tmp=a; a=b; b=tmp; }
- else
- { add=1; neg=1; }
- }
- else
- {
- if (b->neg) { add=1; neg=0; }
- }
-
- if (add)
- {
- if (!BN_uadd(r,a,b)) return(0);
- r->neg=neg;
- return(1);
- }
-
- /* We are actually doing a - b :-) */
-
- max=(a->top > b->top)?a->top:b->top;
- if (bn_wexpand(r,max) == NULL) return(0);
- if (BN_ucmp(a,b) < 0)
- {
- if (!BN_usub(r,b,a)) return(0);
- r->neg=1;
- }
- else
- {
- if (!BN_usub(r,a,b)) return(0);
- r->neg=0;
- }
- bn_check_top(r);
- return(1);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_add.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_add.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_add.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_add.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,313 @@
+/* crypto/bn/bn_add.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* r can == a or b */
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+ const BIGNUM *tmp;
+ int a_neg = a->neg, ret;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ /*-
+ * a + b a+b
+ * a + -b a-b
+ * -a + b b-a
+ * -a + -b -(a+b)
+ */
+ if (a_neg ^ b->neg) {
+ /* only one is negative */
+ if (a_neg) {
+ tmp = a;
+ a = b;
+ b = tmp;
+ }
+
+ /* we are now a - b */
+
+ if (BN_ucmp(a, b) < 0) {
+ if (!BN_usub(r, b, a))
+ return (0);
+ r->neg = 1;
+ } else {
+ if (!BN_usub(r, a, b))
+ return (0);
+ r->neg = 0;
+ }
+ return (1);
+ }
+
+ ret = BN_uadd(r, a, b);
+ r->neg = a_neg;
+ bn_check_top(r);
+ return ret;
+}
+
+/* unsigned add of b to a */
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+ int max, min, dif;
+ BN_ULONG *ap, *bp, *rp, carry, t1, t2;
+ const BIGNUM *tmp;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ if (a->top < b->top) {
+ tmp = a;
+ a = b;
+ b = tmp;
+ }
+ max = a->top;
+ min = b->top;
+ dif = max - min;
+
+ if (bn_wexpand(r, max + 1) == NULL)
+ return 0;
+
+ r->top = max;
+
+ ap = a->d;
+ bp = b->d;
+ rp = r->d;
+
+ carry = bn_add_words(rp, ap, bp, min);
+ rp += min;
+ ap += min;
+ bp += min;
+
+ if (carry) {
+ while (dif) {
+ dif--;
+ t1 = *(ap++);
+ t2 = (t1 + 1) & BN_MASK2;
+ *(rp++) = t2;
+ if (t2) {
+ carry = 0;
+ break;
+ }
+ }
+ if (carry) {
+ /* carry != 0 => dif == 0 */
+ *rp = 1;
+ r->top++;
+ }
+ }
+ if (dif && rp != ap)
+ while (dif--)
+ /* copy remaining words if ap != rp */
+ *(rp++) = *(ap++);
+ r->neg = 0;
+ bn_check_top(r);
+ return 1;
+}
+
+/* unsigned subtraction of b from a, a must be larger than b. */
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+ int max, min, dif;
+ register BN_ULONG t1, t2, *ap, *bp, *rp;
+ int i, carry;
+#if defined(IRIX_CC_BUG) && !defined(LINT)
+ int dummy;
+#endif
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ max = a->top;
+ min = b->top;
+ dif = max - min;
+
+ if (dif < 0) { /* hmm... should not be happening */
+ BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
+ return (0);
+ }
+
+ if (bn_wexpand(r, max) == NULL)
+ return (0);
+
+ ap = a->d;
+ bp = b->d;
+ rp = r->d;
+
+#if 1
+ carry = 0;
+ for (i = min; i != 0; i--) {
+ t1 = *(ap++);
+ t2 = *(bp++);
+ if (carry) {
+ carry = (t1 <= t2);
+ t1 = (t1 - t2 - 1) & BN_MASK2;
+ } else {
+ carry = (t1 < t2);
+ t1 = (t1 - t2) & BN_MASK2;
+ }
+# if defined(IRIX_CC_BUG) && !defined(LINT)
+ dummy = t1;
+# endif
+ *(rp++) = t1 & BN_MASK2;
+ }
+#else
+ carry = bn_sub_words(rp, ap, bp, min);
+ ap += min;
+ bp += min;
+ rp += min;
+#endif
+ if (carry) { /* subtracted */
+ if (!dif)
+ /* error: a < b */
+ return 0;
+ while (dif) {
+ dif--;
+ t1 = *(ap++);
+ t2 = (t1 - 1) & BN_MASK2;
+ *(rp++) = t2;
+ if (t1)
+ break;
+ }
+ }
+#if 0
+ memcpy(rp, ap, sizeof(*rp) * (max - i));
+#else
+ if (rp != ap) {
+ for (;;) {
+ if (!dif--)
+ break;
+ rp[0] = ap[0];
+ if (!dif--)
+ break;
+ rp[1] = ap[1];
+ if (!dif--)
+ break;
+ rp[2] = ap[2];
+ if (!dif--)
+ break;
+ rp[3] = ap[3];
+ rp += 4;
+ ap += 4;
+ }
+ }
+#endif
+
+ r->top = max;
+ r->neg = 0;
+ bn_correct_top(r);
+ return (1);
+}
+
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+ int max;
+ int add = 0, neg = 0;
+ const BIGNUM *tmp;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ /*-
+ * a - b a-b
+ * a - -b a+b
+ * -a - b -(a+b)
+ * -a - -b b-a
+ */
+ if (a->neg) {
+ if (b->neg) {
+ tmp = a;
+ a = b;
+ b = tmp;
+ } else {
+ add = 1;
+ neg = 1;
+ }
+ } else {
+ if (b->neg) {
+ add = 1;
+ neg = 0;
+ }
+ }
+
+ if (add) {
+ if (!BN_uadd(r, a, b))
+ return (0);
+ r->neg = neg;
+ return (1);
+ }
+
+ /* We are actually doing a - b :-) */
+
+ max = (a->top > b->top) ? a->top : b->top;
+ if (bn_wexpand(r, max) == NULL)
+ return (0);
+ if (BN_ucmp(a, b) < 0) {
+ if (!BN_usub(r, b, a))
+ return (0);
+ r->neg = 1;
+ } else {
+ if (!BN_usub(r, a, b))
+ return (0);
+ r->neg = 0;
+ }
+ bn_check_top(r);
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_asm.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_asm.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_asm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,860 +0,0 @@
-/* crypto/bn/bn_asm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG c1=0;
-
- assert(num >= 0);
- if (num <= 0) return(c1);
-
- while (num&~3)
- {
- mul_add(rp[0],ap[0],w,c1);
- mul_add(rp[1],ap[1],w,c1);
- mul_add(rp[2],ap[2],w,c1);
- mul_add(rp[3],ap[3],w,c1);
- ap+=4; rp+=4; num-=4;
- }
- if (num)
- {
- mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
- mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
- mul_add(rp[2],ap[2],w,c1); return c1;
- }
-
- return(c1);
- }
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG c1=0;
-
- assert(num >= 0);
- if (num <= 0) return(c1);
-
- while (num&~3)
- {
- mul(rp[0],ap[0],w,c1);
- mul(rp[1],ap[1],w,c1);
- mul(rp[2],ap[2],w,c1);
- mul(rp[3],ap[3],w,c1);
- ap+=4; rp+=4; num-=4;
- }
- if (num)
- {
- mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
- mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
- mul(rp[2],ap[2],w,c1);
- }
- return(c1);
- }
-
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
- {
- assert(n >= 0);
- if (n <= 0) return;
- while (n&~3)
- {
- sqr(r[0],r[1],a[0]);
- sqr(r[2],r[3],a[1]);
- sqr(r[4],r[5],a[2]);
- sqr(r[6],r[7],a[3]);
- a+=4; r+=8; n-=4;
- }
- if (n)
- {
- sqr(r[0],r[1],a[0]); if (--n == 0) return;
- sqr(r[2],r[3],a[1]); if (--n == 0) return;
- sqr(r[4],r[5],a[2]);
- }
- }
-
-#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG c=0;
- BN_ULONG bl,bh;
-
- assert(num >= 0);
- if (num <= 0) return((BN_ULONG)0);
-
- bl=LBITS(w);
- bh=HBITS(w);
-
- for (;;)
- {
- mul_add(rp[0],ap[0],bl,bh,c);
- if (--num == 0) break;
- mul_add(rp[1],ap[1],bl,bh,c);
- if (--num == 0) break;
- mul_add(rp[2],ap[2],bl,bh,c);
- if (--num == 0) break;
- mul_add(rp[3],ap[3],bl,bh,c);
- if (--num == 0) break;
- ap+=4;
- rp+=4;
- }
- return(c);
- }
-
-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
- {
- BN_ULONG carry=0;
- BN_ULONG bl,bh;
-
- assert(num >= 0);
- if (num <= 0) return((BN_ULONG)0);
-
- bl=LBITS(w);
- bh=HBITS(w);
-
- for (;;)
- {
- mul(rp[0],ap[0],bl,bh,carry);
- if (--num == 0) break;
- mul(rp[1],ap[1],bl,bh,carry);
- if (--num == 0) break;
- mul(rp[2],ap[2],bl,bh,carry);
- if (--num == 0) break;
- mul(rp[3],ap[3],bl,bh,carry);
- if (--num == 0) break;
- ap+=4;
- rp+=4;
- }
- return(carry);
- }
-
-void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
- {
- assert(n >= 0);
- if (n <= 0) return;
- for (;;)
- {
- sqr64(r[0],r[1],a[0]);
- if (--n == 0) break;
-
- sqr64(r[2],r[3],a[1]);
- if (--n == 0) break;
-
- sqr64(r[4],r[5],a[2]);
- if (--n == 0) break;
-
- sqr64(r[6],r[7],a[3]);
- if (--n == 0) break;
-
- a+=4;
- r+=8;
- }
- }
-
-#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
-
-#if defined(BN_LLONG) && defined(BN_DIV2W)
-
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
- {
- return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
- }
-
-#else
-
-/* Divide h,l by d and return the result. */
-/* I need to test this some more :-( */
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
- {
- BN_ULONG dh,dl,q,ret=0,th,tl,t;
- int i,count=2;
-
- if (d == 0) return(BN_MASK2);
-
- i=BN_num_bits_word(d);
- assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));
-
- i=BN_BITS2-i;
- if (h >= d) h-=d;
-
- if (i)
- {
- d<<=i;
- h=(h<<i)|(l>>(BN_BITS2-i));
- l<<=i;
- }
- dh=(d&BN_MASK2h)>>BN_BITS4;
- dl=(d&BN_MASK2l);
- for (;;)
- {
- if ((h>>BN_BITS4) == dh)
- q=BN_MASK2l;
- else
- q=h/dh;
-
- th=q*dh;
- tl=dl*q;
- for (;;)
- {
- t=h-th;
- if ((t&BN_MASK2h) ||
- ((tl) <= (
- (t<<BN_BITS4)|
- ((l&BN_MASK2h)>>BN_BITS4))))
- break;
- q--;
- th-=dh;
- tl-=dl;
- }
- t=(tl>>BN_BITS4);
- tl=(tl<<BN_BITS4)&BN_MASK2h;
- th+=t;
-
- if (l < tl) th++;
- l-=tl;
- if (h < th)
- {
- h+=d;
- q--;
- }
- h-=th;
-
- if (--count == 0) break;
-
- ret=q<<BN_BITS4;
- h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
- l=(l&BN_MASK2l)<<BN_BITS4;
- }
- ret|=q;
- return(ret);
- }
-#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
-
-#ifdef BN_LLONG
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
- {
- BN_ULLONG ll=0;
-
- assert(n >= 0);
- if (n <= 0) return((BN_ULONG)0);
-
- for (;;)
- {
- ll+=(BN_ULLONG)a[0]+b[0];
- r[0]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- if (--n <= 0) break;
-
- ll+=(BN_ULLONG)a[1]+b[1];
- r[1]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- if (--n <= 0) break;
-
- ll+=(BN_ULLONG)a[2]+b[2];
- r[2]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- if (--n <= 0) break;
-
- ll+=(BN_ULLONG)a[3]+b[3];
- r[3]=(BN_ULONG)ll&BN_MASK2;
- ll>>=BN_BITS2;
- if (--n <= 0) break;
-
- a+=4;
- b+=4;
- r+=4;
- }
- return((BN_ULONG)ll);
- }
-#else /* !BN_LLONG */
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
- {
- BN_ULONG c,l,t;
-
- assert(n >= 0);
- if (n <= 0) return((BN_ULONG)0);
-
- c=0;
- for (;;)
- {
- t=a[0];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[0])&BN_MASK2;
- c+=(l < t);
- r[0]=l;
- if (--n <= 0) break;
-
- t=a[1];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[1])&BN_MASK2;
- c+=(l < t);
- r[1]=l;
- if (--n <= 0) break;
-
- t=a[2];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[2])&BN_MASK2;
- c+=(l < t);
- r[2]=l;
- if (--n <= 0) break;
-
- t=a[3];
- t=(t+c)&BN_MASK2;
- c=(t < c);
- l=(t+b[3])&BN_MASK2;
- c+=(l < t);
- r[3]=l;
- if (--n <= 0) break;
-
- a+=4;
- b+=4;
- r+=4;
- }
- return((BN_ULONG)c);
- }
-#endif /* !BN_LLONG */
-
-BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
- {
- BN_ULONG t1,t2;
- int c=0;
-
- assert(n >= 0);
- if (n <= 0) return((BN_ULONG)0);
-
- for (;;)
- {
- t1=a[0]; t2=b[0];
- r[0]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- if (--n <= 0) break;
-
- t1=a[1]; t2=b[1];
- r[1]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- if (--n <= 0) break;
-
- t1=a[2]; t2=b[2];
- r[2]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- if (--n <= 0) break;
-
- t1=a[3]; t2=b[3];
- r[3]=(t1-t2-c)&BN_MASK2;
- if (t1 != t2) c=(t1 < t2);
- if (--n <= 0) break;
-
- a+=4;
- b+=4;
- r+=4;
- }
- return(c);
- }
-
-#ifdef BN_MUL_COMBA
-
-#undef bn_mul_comba8
-#undef bn_mul_comba4
-#undef bn_sqr_comba8
-#undef bn_sqr_comba4
-
-/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */
-/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
-/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
-/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
-
-#ifdef BN_LLONG
-#define mul_add_c(a,b,c0,c1,c2) \
- t=(BN_ULLONG)a*b; \
- t1=(BN_ULONG)Lw(t); \
- t2=(BN_ULONG)Hw(t); \
- c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \
- t=(BN_ULLONG)a*b; \
- tt=(t+t)&BN_MASK; \
- if (tt < t) c2++; \
- t1=(BN_ULONG)Lw(tt); \
- t2=(BN_ULONG)Hw(tt); \
- c0=(c0+t1)&BN_MASK2; \
- if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \
- t=(BN_ULLONG)a[i]*a[i]; \
- t1=(BN_ULONG)Lw(t); \
- t2=(BN_ULONG)Hw(t); \
- c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
- mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#elif defined(BN_UMULT_LOHI)
-
-#define mul_add_c(a,b,c0,c1,c2) { \
- BN_ULONG ta=(a),tb=(b); \
- BN_UMULT_LOHI(t1,t2,ta,tb); \
- c0 += t1; t2 += (c0<t1)?1:0; \
- c1 += t2; c2 += (c1<t2)?1:0; \
- }
-
-#define mul_add_c2(a,b,c0,c1,c2) { \
- BN_ULONG ta=(a),tb=(b),t0; \
- BN_UMULT_LOHI(t0,t1,ta,tb); \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
- c1 += t2; c2 += (c1<t2)?1:0; \
- }
-
-#define sqr_add_c(a,i,c0,c1,c2) { \
- BN_ULONG ta=(a)[i]; \
- BN_UMULT_LOHI(t1,t2,ta,ta); \
- c0 += t1; t2 += (c0<t1)?1:0; \
- c1 += t2; c2 += (c1<t2)?1:0; \
- }
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
- mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#elif defined(BN_UMULT_HIGH)
-
-#define mul_add_c(a,b,c0,c1,c2) { \
- BN_ULONG ta=(a),tb=(b); \
- t1 = ta * tb; \
- t2 = BN_UMULT_HIGH(ta,tb); \
- c0 += t1; t2 += (c0<t1)?1:0; \
- c1 += t2; c2 += (c1<t2)?1:0; \
- }
-
-#define mul_add_c2(a,b,c0,c1,c2) { \
- BN_ULONG ta=(a),tb=(b),t0; \
- t1 = BN_UMULT_HIGH(ta,tb); \
- t0 = ta * tb; \
- t2 = t1+t1; c2 += (t2<t1)?1:0; \
- t1 = t0+t0; t2 += (t1<t0)?1:0; \
- c0 += t1; t2 += (c0<t1)?1:0; \
- c1 += t2; c2 += (c1<t2)?1:0; \
- }
-
-#define sqr_add_c(a,i,c0,c1,c2) { \
- BN_ULONG ta=(a)[i]; \
- t1 = ta * ta; \
- t2 = BN_UMULT_HIGH(ta,ta); \
- c0 += t1; t2 += (c0<t1)?1:0; \
- c1 += t2; c2 += (c1<t2)?1:0; \
- }
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
- mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#else /* !BN_LLONG */
-#define mul_add_c(a,b,c0,c1,c2) \
- t1=LBITS(a); t2=HBITS(a); \
- bl=LBITS(b); bh=HBITS(b); \
- mul64(t1,t2,bl,bh); \
- c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \
- t1=LBITS(a); t2=HBITS(a); \
- bl=LBITS(b); bh=HBITS(b); \
- mul64(t1,t2,bl,bh); \
- if (t2 & BN_TBIT) c2++; \
- t2=(t2+t2)&BN_MASK2; \
- if (t1 & BN_TBIT) t2++; \
- t1=(t1+t1)&BN_MASK2; \
- c0=(c0+t1)&BN_MASK2; \
- if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \
- sqr64(t1,t2,(a)[i]); \
- c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
- c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
- mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#endif /* !BN_LLONG */
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
-#ifdef BN_LLONG
- BN_ULLONG t;
-#else
- BN_ULONG bl,bh;
-#endif
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- mul_add_c(a[0],b[0],c1,c2,c3);
- r[0]=c1;
- c1=0;
- mul_add_c(a[0],b[1],c2,c3,c1);
- mul_add_c(a[1],b[0],c2,c3,c1);
- r[1]=c2;
- c2=0;
- mul_add_c(a[2],b[0],c3,c1,c2);
- mul_add_c(a[1],b[1],c3,c1,c2);
- mul_add_c(a[0],b[2],c3,c1,c2);
- r[2]=c3;
- c3=0;
- mul_add_c(a[0],b[3],c1,c2,c3);
- mul_add_c(a[1],b[2],c1,c2,c3);
- mul_add_c(a[2],b[1],c1,c2,c3);
- mul_add_c(a[3],b[0],c1,c2,c3);
- r[3]=c1;
- c1=0;
- mul_add_c(a[4],b[0],c2,c3,c1);
- mul_add_c(a[3],b[1],c2,c3,c1);
- mul_add_c(a[2],b[2],c2,c3,c1);
- mul_add_c(a[1],b[3],c2,c3,c1);
- mul_add_c(a[0],b[4],c2,c3,c1);
- r[4]=c2;
- c2=0;
- mul_add_c(a[0],b[5],c3,c1,c2);
- mul_add_c(a[1],b[4],c3,c1,c2);
- mul_add_c(a[2],b[3],c3,c1,c2);
- mul_add_c(a[3],b[2],c3,c1,c2);
- mul_add_c(a[4],b[1],c3,c1,c2);
- mul_add_c(a[5],b[0],c3,c1,c2);
- r[5]=c3;
- c3=0;
- mul_add_c(a[6],b[0],c1,c2,c3);
- mul_add_c(a[5],b[1],c1,c2,c3);
- mul_add_c(a[4],b[2],c1,c2,c3);
- mul_add_c(a[3],b[3],c1,c2,c3);
- mul_add_c(a[2],b[4],c1,c2,c3);
- mul_add_c(a[1],b[5],c1,c2,c3);
- mul_add_c(a[0],b[6],c1,c2,c3);
- r[6]=c1;
- c1=0;
- mul_add_c(a[0],b[7],c2,c3,c1);
- mul_add_c(a[1],b[6],c2,c3,c1);
- mul_add_c(a[2],b[5],c2,c3,c1);
- mul_add_c(a[3],b[4],c2,c3,c1);
- mul_add_c(a[4],b[3],c2,c3,c1);
- mul_add_c(a[5],b[2],c2,c3,c1);
- mul_add_c(a[6],b[1],c2,c3,c1);
- mul_add_c(a[7],b[0],c2,c3,c1);
- r[7]=c2;
- c2=0;
- mul_add_c(a[7],b[1],c3,c1,c2);
- mul_add_c(a[6],b[2],c3,c1,c2);
- mul_add_c(a[5],b[3],c3,c1,c2);
- mul_add_c(a[4],b[4],c3,c1,c2);
- mul_add_c(a[3],b[5],c3,c1,c2);
- mul_add_c(a[2],b[6],c3,c1,c2);
- mul_add_c(a[1],b[7],c3,c1,c2);
- r[8]=c3;
- c3=0;
- mul_add_c(a[2],b[7],c1,c2,c3);
- mul_add_c(a[3],b[6],c1,c2,c3);
- mul_add_c(a[4],b[5],c1,c2,c3);
- mul_add_c(a[5],b[4],c1,c2,c3);
- mul_add_c(a[6],b[3],c1,c2,c3);
- mul_add_c(a[7],b[2],c1,c2,c3);
- r[9]=c1;
- c1=0;
- mul_add_c(a[7],b[3],c2,c3,c1);
- mul_add_c(a[6],b[4],c2,c3,c1);
- mul_add_c(a[5],b[5],c2,c3,c1);
- mul_add_c(a[4],b[6],c2,c3,c1);
- mul_add_c(a[3],b[7],c2,c3,c1);
- r[10]=c2;
- c2=0;
- mul_add_c(a[4],b[7],c3,c1,c2);
- mul_add_c(a[5],b[6],c3,c1,c2);
- mul_add_c(a[6],b[5],c3,c1,c2);
- mul_add_c(a[7],b[4],c3,c1,c2);
- r[11]=c3;
- c3=0;
- mul_add_c(a[7],b[5],c1,c2,c3);
- mul_add_c(a[6],b[6],c1,c2,c3);
- mul_add_c(a[5],b[7],c1,c2,c3);
- r[12]=c1;
- c1=0;
- mul_add_c(a[6],b[7],c2,c3,c1);
- mul_add_c(a[7],b[6],c2,c3,c1);
- r[13]=c2;
- c2=0;
- mul_add_c(a[7],b[7],c3,c1,c2);
- r[14]=c3;
- r[15]=c1;
- }
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
-#ifdef BN_LLONG
- BN_ULLONG t;
-#else
- BN_ULONG bl,bh;
-#endif
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- mul_add_c(a[0],b[0],c1,c2,c3);
- r[0]=c1;
- c1=0;
- mul_add_c(a[0],b[1],c2,c3,c1);
- mul_add_c(a[1],b[0],c2,c3,c1);
- r[1]=c2;
- c2=0;
- mul_add_c(a[2],b[0],c3,c1,c2);
- mul_add_c(a[1],b[1],c3,c1,c2);
- mul_add_c(a[0],b[2],c3,c1,c2);
- r[2]=c3;
- c3=0;
- mul_add_c(a[0],b[3],c1,c2,c3);
- mul_add_c(a[1],b[2],c1,c2,c3);
- mul_add_c(a[2],b[1],c1,c2,c3);
- mul_add_c(a[3],b[0],c1,c2,c3);
- r[3]=c1;
- c1=0;
- mul_add_c(a[3],b[1],c2,c3,c1);
- mul_add_c(a[2],b[2],c2,c3,c1);
- mul_add_c(a[1],b[3],c2,c3,c1);
- r[4]=c2;
- c2=0;
- mul_add_c(a[2],b[3],c3,c1,c2);
- mul_add_c(a[3],b[2],c3,c1,c2);
- r[5]=c3;
- c3=0;
- mul_add_c(a[3],b[3],c1,c2,c3);
- r[6]=c1;
- r[7]=c2;
- }
-
-void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
- {
-#ifdef BN_LLONG
- BN_ULLONG t,tt;
-#else
- BN_ULONG bl,bh;
-#endif
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- sqr_add_c(a,0,c1,c2,c3);
- r[0]=c1;
- c1=0;
- sqr_add_c2(a,1,0,c2,c3,c1);
- r[1]=c2;
- c2=0;
- sqr_add_c(a,1,c3,c1,c2);
- sqr_add_c2(a,2,0,c3,c1,c2);
- r[2]=c3;
- c3=0;
- sqr_add_c2(a,3,0,c1,c2,c3);
- sqr_add_c2(a,2,1,c1,c2,c3);
- r[3]=c1;
- c1=0;
- sqr_add_c(a,2,c2,c3,c1);
- sqr_add_c2(a,3,1,c2,c3,c1);
- sqr_add_c2(a,4,0,c2,c3,c1);
- r[4]=c2;
- c2=0;
- sqr_add_c2(a,5,0,c3,c1,c2);
- sqr_add_c2(a,4,1,c3,c1,c2);
- sqr_add_c2(a,3,2,c3,c1,c2);
- r[5]=c3;
- c3=0;
- sqr_add_c(a,3,c1,c2,c3);
- sqr_add_c2(a,4,2,c1,c2,c3);
- sqr_add_c2(a,5,1,c1,c2,c3);
- sqr_add_c2(a,6,0,c1,c2,c3);
- r[6]=c1;
- c1=0;
- sqr_add_c2(a,7,0,c2,c3,c1);
- sqr_add_c2(a,6,1,c2,c3,c1);
- sqr_add_c2(a,5,2,c2,c3,c1);
- sqr_add_c2(a,4,3,c2,c3,c1);
- r[7]=c2;
- c2=0;
- sqr_add_c(a,4,c3,c1,c2);
- sqr_add_c2(a,5,3,c3,c1,c2);
- sqr_add_c2(a,6,2,c3,c1,c2);
- sqr_add_c2(a,7,1,c3,c1,c2);
- r[8]=c3;
- c3=0;
- sqr_add_c2(a,7,2,c1,c2,c3);
- sqr_add_c2(a,6,3,c1,c2,c3);
- sqr_add_c2(a,5,4,c1,c2,c3);
- r[9]=c1;
- c1=0;
- sqr_add_c(a,5,c2,c3,c1);
- sqr_add_c2(a,6,4,c2,c3,c1);
- sqr_add_c2(a,7,3,c2,c3,c1);
- r[10]=c2;
- c2=0;
- sqr_add_c2(a,7,4,c3,c1,c2);
- sqr_add_c2(a,6,5,c3,c1,c2);
- r[11]=c3;
- c3=0;
- sqr_add_c(a,6,c1,c2,c3);
- sqr_add_c2(a,7,5,c1,c2,c3);
- r[12]=c1;
- c1=0;
- sqr_add_c2(a,7,6,c2,c3,c1);
- r[13]=c2;
- c2=0;
- sqr_add_c(a,7,c3,c1,c2);
- r[14]=c3;
- r[15]=c1;
- }
-
-void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
- {
-#ifdef BN_LLONG
- BN_ULLONG t,tt;
-#else
- BN_ULONG bl,bh;
-#endif
- BN_ULONG t1,t2;
- BN_ULONG c1,c2,c3;
-
- c1=0;
- c2=0;
- c3=0;
- sqr_add_c(a,0,c1,c2,c3);
- r[0]=c1;
- c1=0;
- sqr_add_c2(a,1,0,c2,c3,c1);
- r[1]=c2;
- c2=0;
- sqr_add_c(a,1,c3,c1,c2);
- sqr_add_c2(a,2,0,c3,c1,c2);
- r[2]=c3;
- c3=0;
- sqr_add_c2(a,3,0,c1,c2,c3);
- sqr_add_c2(a,2,1,c1,c2,c3);
- r[3]=c1;
- c1=0;
- sqr_add_c(a,2,c2,c3,c1);
- sqr_add_c2(a,3,1,c2,c3,c1);
- r[4]=c2;
- c2=0;
- sqr_add_c2(a,3,2,c3,c1,c2);
- r[5]=c3;
- c3=0;
- sqr_add_c(a,3,c1,c2,c3);
- r[6]=c1;
- r[7]=c2;
- }
-#else /* !BN_MUL_COMBA */
-
-/* hmm... is it faster just to do a multiply? */
-#undef bn_sqr_comba4
-void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
- {
- BN_ULONG t[8];
- bn_sqr_normal(r,a,4,t);
- }
-
-#undef bn_sqr_comba8
-void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
- {
- BN_ULONG t[16];
- bn_sqr_normal(r,a,8,t);
- }
-
-void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
- r[4]=bn_mul_words( &(r[0]),a,4,b[0]);
- r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]);
- r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]);
- r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]);
- }
-
-void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
- {
- r[ 8]=bn_mul_words( &(r[0]),a,8,b[0]);
- r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
- r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
- r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
- r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
- r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
- r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
- r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
- }
-
-#endif /* !BN_MUL_COMBA */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_asm.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_asm.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_asm.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_asm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,920 @@
+/* crypto/bn/bn_asm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <stdio.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+ BN_ULONG w)
+{
+ BN_ULONG c1 = 0;
+
+ assert(num >= 0);
+ if (num <= 0)
+ return (c1);
+
+ while (num & ~3) {
+ mul_add(rp[0], ap[0], w, c1);
+ mul_add(rp[1], ap[1], w, c1);
+ mul_add(rp[2], ap[2], w, c1);
+ mul_add(rp[3], ap[3], w, c1);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
+ if (num) {
+ mul_add(rp[0], ap[0], w, c1);
+ if (--num == 0)
+ return c1;
+ mul_add(rp[1], ap[1], w, c1);
+ if (--num == 0)
+ return c1;
+ mul_add(rp[2], ap[2], w, c1);
+ return c1;
+ }
+
+ return (c1);
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+ BN_ULONG c1 = 0;
+
+ assert(num >= 0);
+ if (num <= 0)
+ return (c1);
+
+ while (num & ~3) {
+ mul(rp[0], ap[0], w, c1);
+ mul(rp[1], ap[1], w, c1);
+ mul(rp[2], ap[2], w, c1);
+ mul(rp[3], ap[3], w, c1);
+ ap += 4;
+ rp += 4;
+ num -= 4;
+ }
+ if (num) {
+ mul(rp[0], ap[0], w, c1);
+ if (--num == 0)
+ return c1;
+ mul(rp[1], ap[1], w, c1);
+ if (--num == 0)
+ return c1;
+ mul(rp[2], ap[2], w, c1);
+ }
+ return (c1);
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+ assert(n >= 0);
+ if (n <= 0)
+ return;
+ while (n & ~3) {
+ sqr(r[0], r[1], a[0]);
+ sqr(r[2], r[3], a[1]);
+ sqr(r[4], r[5], a[2]);
+ sqr(r[6], r[7], a[3]);
+ a += 4;
+ r += 8;
+ n -= 4;
+ }
+ if (n) {
+ sqr(r[0], r[1], a[0]);
+ if (--n == 0)
+ return;
+ sqr(r[2], r[3], a[1]);
+ if (--n == 0)
+ return;
+ sqr(r[4], r[5], a[2]);
+ }
+}
+
+#else /* !(defined(BN_LLONG) ||
+ * defined(BN_UMULT_HIGH)) */
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+ BN_ULONG w)
+{
+ BN_ULONG c = 0;
+ BN_ULONG bl, bh;
+
+ assert(num >= 0);
+ if (num <= 0)
+ return ((BN_ULONG)0);
+
+ bl = LBITS(w);
+ bh = HBITS(w);
+
+ for (;;) {
+ mul_add(rp[0], ap[0], bl, bh, c);
+ if (--num == 0)
+ break;
+ mul_add(rp[1], ap[1], bl, bh, c);
+ if (--num == 0)
+ break;
+ mul_add(rp[2], ap[2], bl, bh, c);
+ if (--num == 0)
+ break;
+ mul_add(rp[3], ap[3], bl, bh, c);
+ if (--num == 0)
+ break;
+ ap += 4;
+ rp += 4;
+ }
+ return (c);
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+ BN_ULONG carry = 0;
+ BN_ULONG bl, bh;
+
+ assert(num >= 0);
+ if (num <= 0)
+ return ((BN_ULONG)0);
+
+ bl = LBITS(w);
+ bh = HBITS(w);
+
+ for (;;) {
+ mul(rp[0], ap[0], bl, bh, carry);
+ if (--num == 0)
+ break;
+ mul(rp[1], ap[1], bl, bh, carry);
+ if (--num == 0)
+ break;
+ mul(rp[2], ap[2], bl, bh, carry);
+ if (--num == 0)
+ break;
+ mul(rp[3], ap[3], bl, bh, carry);
+ if (--num == 0)
+ break;
+ ap += 4;
+ rp += 4;
+ }
+ return (carry);
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+ assert(n >= 0);
+ if (n <= 0)
+ return;
+ for (;;) {
+ sqr64(r[0], r[1], a[0]);
+ if (--n == 0)
+ break;
+
+ sqr64(r[2], r[3], a[1]);
+ if (--n == 0)
+ break;
+
+ sqr64(r[4], r[5], a[2]);
+ if (--n == 0)
+ break;
+
+ sqr64(r[6], r[7], a[3]);
+ if (--n == 0)
+ break;
+
+ a += 4;
+ r += 8;
+ }
+}
+
+#endif /* !(defined(BN_LLONG) ||
+ * defined(BN_UMULT_HIGH)) */
+
+#if defined(BN_LLONG) && defined(BN_DIV2W)
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+ return ((BN_ULONG)(((((BN_ULLONG) h) << BN_BITS2) | l) / (BN_ULLONG) d));
+}
+
+#else
+
+/* Divide h,l by d and return the result. */
+/* I need to test this some more :-( */
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+ BN_ULONG dh, dl, q, ret = 0, th, tl, t;
+ int i, count = 2;
+
+ if (d == 0)
+ return (BN_MASK2);
+
+ i = BN_num_bits_word(d);
+ assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
+
+ i = BN_BITS2 - i;
+ if (h >= d)
+ h -= d;
+
+ if (i) {
+ d <<= i;
+ h = (h << i) | (l >> (BN_BITS2 - i));
+ l <<= i;
+ }
+ dh = (d & BN_MASK2h) >> BN_BITS4;
+ dl = (d & BN_MASK2l);
+ for (;;) {
+ if ((h >> BN_BITS4) == dh)
+ q = BN_MASK2l;
+ else
+ q = h / dh;
+
+ th = q * dh;
+ tl = dl * q;
+ for (;;) {
+ t = h - th;
+ if ((t & BN_MASK2h) ||
+ ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4))))
+ break;
+ q--;
+ th -= dh;
+ tl -= dl;
+ }
+ t = (tl >> BN_BITS4);
+ tl = (tl << BN_BITS4) & BN_MASK2h;
+ th += t;
+
+ if (l < tl)
+ th++;
+ l -= tl;
+ if (h < th) {
+ h += d;
+ q--;
+ }
+ h -= th;
+
+ if (--count == 0)
+ break;
+
+ ret = q << BN_BITS4;
+ h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2;
+ l = (l & BN_MASK2l) << BN_BITS4;
+ }
+ ret |= q;
+ return (ret);
+}
+#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
+
+#ifdef BN_LLONG
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+ int n)
+{
+ BN_ULLONG ll = 0;
+
+ assert(n >= 0);
+ if (n <= 0)
+ return ((BN_ULONG)0);
+
+ for (;;) {
+ ll += (BN_ULLONG) a[0] + b[0];
+ r[0] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ if (--n <= 0)
+ break;
+
+ ll += (BN_ULLONG) a[1] + b[1];
+ r[1] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ if (--n <= 0)
+ break;
+
+ ll += (BN_ULLONG) a[2] + b[2];
+ r[2] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ if (--n <= 0)
+ break;
+
+ ll += (BN_ULLONG) a[3] + b[3];
+ r[3] = (BN_ULONG)ll & BN_MASK2;
+ ll >>= BN_BITS2;
+ if (--n <= 0)
+ break;
+
+ a += 4;
+ b += 4;
+ r += 4;
+ }
+ return ((BN_ULONG)ll);
+}
+#else /* !BN_LLONG */
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+ int n)
+{
+ BN_ULONG c, l, t;
+
+ assert(n >= 0);
+ if (n <= 0)
+ return ((BN_ULONG)0);
+
+ c = 0;
+ for (;;) {
+ t = a[0];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[0]) & BN_MASK2;
+ c += (l < t);
+ r[0] = l;
+ if (--n <= 0)
+ break;
+
+ t = a[1];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[1]) & BN_MASK2;
+ c += (l < t);
+ r[1] = l;
+ if (--n <= 0)
+ break;
+
+ t = a[2];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[2]) & BN_MASK2;
+ c += (l < t);
+ r[2] = l;
+ if (--n <= 0)
+ break;
+
+ t = a[3];
+ t = (t + c) & BN_MASK2;
+ c = (t < c);
+ l = (t + b[3]) & BN_MASK2;
+ c += (l < t);
+ r[3] = l;
+ if (--n <= 0)
+ break;
+
+ a += 4;
+ b += 4;
+ r += 4;
+ }
+ return ((BN_ULONG)c);
+}
+#endif /* !BN_LLONG */
+
+BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+ int n)
+{
+ BN_ULONG t1, t2;
+ int c = 0;
+
+ assert(n >= 0);
+ if (n <= 0)
+ return ((BN_ULONG)0);
+
+ for (;;) {
+ t1 = a[0];
+ t2 = b[0];
+ r[0] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ if (--n <= 0)
+ break;
+
+ t1 = a[1];
+ t2 = b[1];
+ r[1] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ if (--n <= 0)
+ break;
+
+ t1 = a[2];
+ t2 = b[2];
+ r[2] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ if (--n <= 0)
+ break;
+
+ t1 = a[3];
+ t2 = b[3];
+ r[3] = (t1 - t2 - c) & BN_MASK2;
+ if (t1 != t2)
+ c = (t1 < t2);
+ if (--n <= 0)
+ break;
+
+ a += 4;
+ b += 4;
+ r += 4;
+ }
+ return (c);
+}
+
+#ifdef BN_MUL_COMBA
+
+# undef bn_mul_comba8
+# undef bn_mul_comba4
+# undef bn_sqr_comba8
+# undef bn_sqr_comba4
+
+/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/*
+ * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
+ * c=(c2,c1,c0)
+ */
+
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
+# ifdef BN_LLONG
+# define mul_add_c(a,b,c0,c1,c2) \
+ t=(BN_ULLONG)a*b; \
+ t1=(BN_ULONG)Lw(t); \
+ t2=(BN_ULONG)Hw(t); \
+ c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+ c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+# define mul_add_c2(a,b,c0,c1,c2) \
+ t=(BN_ULLONG)a*b; \
+ tt=(t+t)&BN_MASK; \
+ if (tt < t) c2++; \
+ t1=(BN_ULONG)Lw(tt); \
+ t2=(BN_ULONG)Hw(tt); \
+ c0=(c0+t1)&BN_MASK2; \
+ if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+ c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+# define sqr_add_c(a,i,c0,c1,c2) \
+ t=(BN_ULLONG)a[i]*a[i]; \
+ t1=(BN_ULONG)Lw(t); \
+ t2=(BN_ULONG)Hw(t); \
+ c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+ c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+# define sqr_add_c2(a,i,j,c0,c1,c2) \
+ mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# elif defined(BN_UMULT_LOHI)
+
+# define mul_add_c(a,b,c0,c1,c2) { \
+ BN_ULONG ta=(a),tb=(b); \
+ BN_UMULT_LOHI(t1,t2,ta,tb); \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+
+# define mul_add_c2(a,b,c0,c1,c2) { \
+ BN_ULONG ta=(a),tb=(b),t0; \
+ BN_UMULT_LOHI(t0,t1,ta,tb); \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
+ }
+
+# define sqr_add_c(a,i,c0,c1,c2) { \
+ BN_ULONG ta=(a)[i]; \
+ BN_UMULT_LOHI(t1,t2,ta,ta); \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+
+# define sqr_add_c2(a,i,j,c0,c1,c2) \
+ mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# elif defined(BN_UMULT_HIGH)
+
+# define mul_add_c(a,b,c0,c1,c2) { \
+ BN_ULONG ta=(a),tb=(b); \
+ t1 = ta * tb; \
+ t2 = BN_UMULT_HIGH(ta,tb); \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+
+# define mul_add_c2(a,b,c0,c1,c2) { \
+ BN_ULONG ta=(a),tb=(b),t0; \
+ t1 = BN_UMULT_HIGH(ta,tb); \
+ t0 = ta * tb; \
+ c0 += t0; t2 = t1+((c0<t0)?1:0);\
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ c0 += t0; t1 += (c0<t0)?1:0; \
+ c1 += t1; c2 += (c1<t1)?1:0; \
+ }
+
+# define sqr_add_c(a,i,c0,c1,c2) { \
+ BN_ULONG ta=(a)[i]; \
+ t1 = ta * ta; \
+ t2 = BN_UMULT_HIGH(ta,ta); \
+ c0 += t1; t2 += (c0<t1)?1:0; \
+ c1 += t2; c2 += (c1<t2)?1:0; \
+ }
+
+# define sqr_add_c2(a,i,j,c0,c1,c2) \
+ mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# else /* !BN_LLONG */
+# define mul_add_c(a,b,c0,c1,c2) \
+ t1=LBITS(a); t2=HBITS(a); \
+ bl=LBITS(b); bh=HBITS(b); \
+ mul64(t1,t2,bl,bh); \
+ c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+ c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+# define mul_add_c2(a,b,c0,c1,c2) \
+ t1=LBITS(a); t2=HBITS(a); \
+ bl=LBITS(b); bh=HBITS(b); \
+ mul64(t1,t2,bl,bh); \
+ if (t2 & BN_TBIT) c2++; \
+ t2=(t2+t2)&BN_MASK2; \
+ if (t1 & BN_TBIT) t2++; \
+ t1=(t1+t1)&BN_MASK2; \
+ c0=(c0+t1)&BN_MASK2; \
+ if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+ c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+# define sqr_add_c(a,i,c0,c1,c2) \
+ sqr64(t1,t2,(a)[i]); \
+ c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+ c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+# define sqr_add_c2(a,i,j,c0,c1,c2) \
+ mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+# endif /* !BN_LLONG */
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+# ifdef BN_LLONG
+ BN_ULLONG t;
+# else
+ BN_ULONG bl, bh;
+# endif
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ mul_add_c(a[0], b[0], c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ mul_add_c(a[0], b[1], c2, c3, c1);
+ mul_add_c(a[1], b[0], c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ mul_add_c(a[2], b[0], c3, c1, c2);
+ mul_add_c(a[1], b[1], c3, c1, c2);
+ mul_add_c(a[0], b[2], c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ mul_add_c(a[0], b[3], c1, c2, c3);
+ mul_add_c(a[1], b[2], c1, c2, c3);
+ mul_add_c(a[2], b[1], c1, c2, c3);
+ mul_add_c(a[3], b[0], c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ mul_add_c(a[4], b[0], c2, c3, c1);
+ mul_add_c(a[3], b[1], c2, c3, c1);
+ mul_add_c(a[2], b[2], c2, c3, c1);
+ mul_add_c(a[1], b[3], c2, c3, c1);
+ mul_add_c(a[0], b[4], c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ mul_add_c(a[0], b[5], c3, c1, c2);
+ mul_add_c(a[1], b[4], c3, c1, c2);
+ mul_add_c(a[2], b[3], c3, c1, c2);
+ mul_add_c(a[3], b[2], c3, c1, c2);
+ mul_add_c(a[4], b[1], c3, c1, c2);
+ mul_add_c(a[5], b[0], c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ mul_add_c(a[6], b[0], c1, c2, c3);
+ mul_add_c(a[5], b[1], c1, c2, c3);
+ mul_add_c(a[4], b[2], c1, c2, c3);
+ mul_add_c(a[3], b[3], c1, c2, c3);
+ mul_add_c(a[2], b[4], c1, c2, c3);
+ mul_add_c(a[1], b[5], c1, c2, c3);
+ mul_add_c(a[0], b[6], c1, c2, c3);
+ r[6] = c1;
+ c1 = 0;
+ mul_add_c(a[0], b[7], c2, c3, c1);
+ mul_add_c(a[1], b[6], c2, c3, c1);
+ mul_add_c(a[2], b[5], c2, c3, c1);
+ mul_add_c(a[3], b[4], c2, c3, c1);
+ mul_add_c(a[4], b[3], c2, c3, c1);
+ mul_add_c(a[5], b[2], c2, c3, c1);
+ mul_add_c(a[6], b[1], c2, c3, c1);
+ mul_add_c(a[7], b[0], c2, c3, c1);
+ r[7] = c2;
+ c2 = 0;
+ mul_add_c(a[7], b[1], c3, c1, c2);
+ mul_add_c(a[6], b[2], c3, c1, c2);
+ mul_add_c(a[5], b[3], c3, c1, c2);
+ mul_add_c(a[4], b[4], c3, c1, c2);
+ mul_add_c(a[3], b[5], c3, c1, c2);
+ mul_add_c(a[2], b[6], c3, c1, c2);
+ mul_add_c(a[1], b[7], c3, c1, c2);
+ r[8] = c3;
+ c3 = 0;
+ mul_add_c(a[2], b[7], c1, c2, c3);
+ mul_add_c(a[3], b[6], c1, c2, c3);
+ mul_add_c(a[4], b[5], c1, c2, c3);
+ mul_add_c(a[5], b[4], c1, c2, c3);
+ mul_add_c(a[6], b[3], c1, c2, c3);
+ mul_add_c(a[7], b[2], c1, c2, c3);
+ r[9] = c1;
+ c1 = 0;
+ mul_add_c(a[7], b[3], c2, c3, c1);
+ mul_add_c(a[6], b[4], c2, c3, c1);
+ mul_add_c(a[5], b[5], c2, c3, c1);
+ mul_add_c(a[4], b[6], c2, c3, c1);
+ mul_add_c(a[3], b[7], c2, c3, c1);
+ r[10] = c2;
+ c2 = 0;
+ mul_add_c(a[4], b[7], c3, c1, c2);
+ mul_add_c(a[5], b[6], c3, c1, c2);
+ mul_add_c(a[6], b[5], c3, c1, c2);
+ mul_add_c(a[7], b[4], c3, c1, c2);
+ r[11] = c3;
+ c3 = 0;
+ mul_add_c(a[7], b[5], c1, c2, c3);
+ mul_add_c(a[6], b[6], c1, c2, c3);
+ mul_add_c(a[5], b[7], c1, c2, c3);
+ r[12] = c1;
+ c1 = 0;
+ mul_add_c(a[6], b[7], c2, c3, c1);
+ mul_add_c(a[7], b[6], c2, c3, c1);
+ r[13] = c2;
+ c2 = 0;
+ mul_add_c(a[7], b[7], c3, c1, c2);
+ r[14] = c3;
+ r[15] = c1;
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+# ifdef BN_LLONG
+ BN_ULLONG t;
+# else
+ BN_ULONG bl, bh;
+# endif
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ mul_add_c(a[0], b[0], c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ mul_add_c(a[0], b[1], c2, c3, c1);
+ mul_add_c(a[1], b[0], c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ mul_add_c(a[2], b[0], c3, c1, c2);
+ mul_add_c(a[1], b[1], c3, c1, c2);
+ mul_add_c(a[0], b[2], c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ mul_add_c(a[0], b[3], c1, c2, c3);
+ mul_add_c(a[1], b[2], c1, c2, c3);
+ mul_add_c(a[2], b[1], c1, c2, c3);
+ mul_add_c(a[3], b[0], c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ mul_add_c(a[3], b[1], c2, c3, c1);
+ mul_add_c(a[2], b[2], c2, c3, c1);
+ mul_add_c(a[1], b[3], c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ mul_add_c(a[2], b[3], c3, c1, c2);
+ mul_add_c(a[3], b[2], c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ mul_add_c(a[3], b[3], c1, c2, c3);
+ r[6] = c1;
+ r[7] = c2;
+}
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
+# ifdef BN_LLONG
+ BN_ULLONG t, tt;
+# else
+ BN_ULONG bl, bh;
+# endif
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ sqr_add_c(a, 0, c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 1, 0, c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ sqr_add_c(a, 1, c3, c1, c2);
+ sqr_add_c2(a, 2, 0, c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ sqr_add_c2(a, 3, 0, c1, c2, c3);
+ sqr_add_c2(a, 2, 1, c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ sqr_add_c(a, 2, c2, c3, c1);
+ sqr_add_c2(a, 3, 1, c2, c3, c1);
+ sqr_add_c2(a, 4, 0, c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ sqr_add_c2(a, 5, 0, c3, c1, c2);
+ sqr_add_c2(a, 4, 1, c3, c1, c2);
+ sqr_add_c2(a, 3, 2, c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ sqr_add_c(a, 3, c1, c2, c3);
+ sqr_add_c2(a, 4, 2, c1, c2, c3);
+ sqr_add_c2(a, 5, 1, c1, c2, c3);
+ sqr_add_c2(a, 6, 0, c1, c2, c3);
+ r[6] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 7, 0, c2, c3, c1);
+ sqr_add_c2(a, 6, 1, c2, c3, c1);
+ sqr_add_c2(a, 5, 2, c2, c3, c1);
+ sqr_add_c2(a, 4, 3, c2, c3, c1);
+ r[7] = c2;
+ c2 = 0;
+ sqr_add_c(a, 4, c3, c1, c2);
+ sqr_add_c2(a, 5, 3, c3, c1, c2);
+ sqr_add_c2(a, 6, 2, c3, c1, c2);
+ sqr_add_c2(a, 7, 1, c3, c1, c2);
+ r[8] = c3;
+ c3 = 0;
+ sqr_add_c2(a, 7, 2, c1, c2, c3);
+ sqr_add_c2(a, 6, 3, c1, c2, c3);
+ sqr_add_c2(a, 5, 4, c1, c2, c3);
+ r[9] = c1;
+ c1 = 0;
+ sqr_add_c(a, 5, c2, c3, c1);
+ sqr_add_c2(a, 6, 4, c2, c3, c1);
+ sqr_add_c2(a, 7, 3, c2, c3, c1);
+ r[10] = c2;
+ c2 = 0;
+ sqr_add_c2(a, 7, 4, c3, c1, c2);
+ sqr_add_c2(a, 6, 5, c3, c1, c2);
+ r[11] = c3;
+ c3 = 0;
+ sqr_add_c(a, 6, c1, c2, c3);
+ sqr_add_c2(a, 7, 5, c1, c2, c3);
+ r[12] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 7, 6, c2, c3, c1);
+ r[13] = c2;
+ c2 = 0;
+ sqr_add_c(a, 7, c3, c1, c2);
+ r[14] = c3;
+ r[15] = c1;
+}
+
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
+# ifdef BN_LLONG
+ BN_ULLONG t, tt;
+# else
+ BN_ULONG bl, bh;
+# endif
+ BN_ULONG t1, t2;
+ BN_ULONG c1, c2, c3;
+
+ c1 = 0;
+ c2 = 0;
+ c3 = 0;
+ sqr_add_c(a, 0, c1, c2, c3);
+ r[0] = c1;
+ c1 = 0;
+ sqr_add_c2(a, 1, 0, c2, c3, c1);
+ r[1] = c2;
+ c2 = 0;
+ sqr_add_c(a, 1, c3, c1, c2);
+ sqr_add_c2(a, 2, 0, c3, c1, c2);
+ r[2] = c3;
+ c3 = 0;
+ sqr_add_c2(a, 3, 0, c1, c2, c3);
+ sqr_add_c2(a, 2, 1, c1, c2, c3);
+ r[3] = c1;
+ c1 = 0;
+ sqr_add_c(a, 2, c2, c3, c1);
+ sqr_add_c2(a, 3, 1, c2, c3, c1);
+ r[4] = c2;
+ c2 = 0;
+ sqr_add_c2(a, 3, 2, c3, c1, c2);
+ r[5] = c3;
+ c3 = 0;
+ sqr_add_c(a, 3, c1, c2, c3);
+ r[6] = c1;
+ r[7] = c2;
+}
+#else /* !BN_MUL_COMBA */
+
+/* hmm... is it faster just to do a multiply? */
+# undef bn_sqr_comba4
+void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+{
+ BN_ULONG t[8];
+ bn_sqr_normal(r, a, 4, t);
+}
+
+# undef bn_sqr_comba8
+void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+{
+ BN_ULONG t[16];
+ bn_sqr_normal(r, a, 8, t);
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+ r[4] = bn_mul_words(&(r[0]), a, 4, b[0]);
+ r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]);
+ r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]);
+ r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]);
+}
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+ r[8] = bn_mul_words(&(r[0]), a, 8, b[0]);
+ r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]);
+ r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]);
+ r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]);
+ r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]);
+ r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]);
+ r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]);
+ r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]);
+}
+
+#endif /* !BN_MUL_COMBA */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_blind.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_blind.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_blind.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,374 +0,0 @@
-/* crypto/bn/bn_blind.c */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define BN_BLINDING_COUNTER 32
-
-struct bn_blinding_st
- {
- BIGNUM *A;
- BIGNUM *Ai;
- BIGNUM *e;
- BIGNUM *mod; /* just a reference */
- unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
- * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
- int counter;
- unsigned long flags;
- BN_MONT_CTX *m_ctx;
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
- };
-
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod)
- {
- BN_BLINDING *ret=NULL;
-
- bn_check_top(mod);
-
- if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL)
- {
- BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- memset(ret,0,sizeof(BN_BLINDING));
- if (A != NULL)
- {
- if ((ret->A = BN_dup(A)) == NULL) goto err;
- }
- if (Ai != NULL)
- {
- if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;
- }
-
- /* save a copy of mod in the BN_BLINDING structure */
- if ((ret->mod = BN_dup(mod)) == NULL) goto err;
- if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
- BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
-
- /* Set the counter to the special value -1
- * to indicate that this is never-used fresh blinding
- * that does not need updating before first use. */
- ret->counter = -1;
- return(ret);
-err:
- if (ret != NULL) BN_BLINDING_free(ret);
- return(NULL);
- }
-
-void BN_BLINDING_free(BN_BLINDING *r)
- {
- if(r == NULL)
- return;
-
- if (r->A != NULL) BN_free(r->A );
- if (r->Ai != NULL) BN_free(r->Ai);
- if (r->e != NULL) BN_free(r->e );
- if (r->mod != NULL) BN_free(r->mod);
- OPENSSL_free(r);
- }
-
-int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
- {
- int ret=0;
-
- if ((b->A == NULL) || (b->Ai == NULL))
- {
- BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
- goto err;
- }
-
- if (b->counter == -1)
- b->counter = 0;
-
- if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
- !(b->flags & BN_BLINDING_NO_RECREATE))
- {
- /* re-create blinding parameters */
- if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
- goto err;
- }
- else if (!(b->flags & BN_BLINDING_NO_UPDATE))
- {
- if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
- if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
- }
-
- ret=1;
-err:
- if (b->counter == BN_BLINDING_COUNTER)
- b->counter = 0;
- return(ret);
- }
-
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
- {
- return BN_BLINDING_convert_ex(n, NULL, b, ctx);
- }
-
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
- {
- int ret = 1;
-
- bn_check_top(n);
-
- if ((b->A == NULL) || (b->Ai == NULL))
- {
- BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED);
- return(0);
- }
-
- if (b->counter == -1)
- /* Fresh blinding, doesn't need updating. */
- b->counter = 0;
- else if (!BN_BLINDING_update(b,ctx))
- return(0);
-
- if (r != NULL)
- {
- if (!BN_copy(r, b->Ai)) ret=0;
- }
-
- if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0;
-
- return ret;
- }
-
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
- {
- return BN_BLINDING_invert_ex(n, NULL, b, ctx);
- }
-
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
- {
- int ret;
-
- bn_check_top(n);
-
- if (r != NULL)
- ret = BN_mod_mul(n, n, r, b->mod, ctx);
- else
- {
- if (b->Ai == NULL)
- {
- BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
- return(0);
- }
- ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
- }
-
- bn_check_top(n);
- return(ret);
- }
-
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
- {
- return b->thread_id;
- }
-
-void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
- {
- b->thread_id = n;
- }
-
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
- {
- return b->flags;
- }
-
-void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
- {
- b->flags = flags;
- }
-
-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx)
-{
- int retry_counter = 32;
- BN_BLINDING *ret = NULL;
-
- if (b == NULL)
- ret = BN_BLINDING_new(NULL, NULL, m);
- else
- ret = b;
-
- if (ret == NULL)
- goto err;
-
- if (ret->A == NULL && (ret->A = BN_new()) == NULL)
- goto err;
- if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
- goto err;
-
- if (e != NULL)
- {
- if (ret->e != NULL)
- BN_free(ret->e);
- ret->e = BN_dup(e);
- }
- if (ret->e == NULL)
- goto err;
-
- if (bn_mod_exp != NULL)
- ret->bn_mod_exp = bn_mod_exp;
- if (m_ctx != NULL)
- ret->m_ctx = m_ctx;
-
- do {
- if (!BN_rand_range(ret->A, ret->mod)) goto err;
- if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL)
- {
- /* this should almost never happen for good RSA keys */
- unsigned long error = ERR_peek_last_error();
- if (ERR_GET_REASON(error) == BN_R_NO_INVERSE)
- {
- if (retry_counter-- == 0)
- {
- BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
- BN_R_TOO_MANY_ITERATIONS);
- goto err;
- }
- ERR_clear_error();
- }
- else
- goto err;
- }
- else
- break;
- } while (1);
-
- if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL)
- {
- if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
- goto err;
- }
- else
- {
- if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
- goto err;
- }
-
- return ret;
-err:
- if (b == NULL && ret != NULL)
- {
- BN_BLINDING_free(ret);
- ret = NULL;
- }
-
- return ret;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_blind.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_blind.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_blind.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_blind.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,374 @@
+/* crypto/bn/bn_blind.c */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define BN_BLINDING_COUNTER 32
+
+struct bn_blinding_st {
+ BIGNUM *A;
+ BIGNUM *Ai;
+ BIGNUM *e;
+ BIGNUM *mod; /* just a reference */
+ unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; used
+ * only by crypto/rsa/rsa_eay.c, rsa_lib.c */
+ int counter;
+ unsigned long flags;
+ BN_MONT_CTX *m_ctx;
+ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+};
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
+{
+ BN_BLINDING *ret = NULL;
+
+ bn_check_top(mod);
+
+ if ((ret = (BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) {
+ BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ memset(ret, 0, sizeof(BN_BLINDING));
+ if (A != NULL) {
+ if ((ret->A = BN_dup(A)) == NULL)
+ goto err;
+ }
+ if (Ai != NULL) {
+ if ((ret->Ai = BN_dup(Ai)) == NULL)
+ goto err;
+ }
+
+ /* save a copy of mod in the BN_BLINDING structure */
+ if ((ret->mod = BN_dup(mod)) == NULL)
+ goto err;
+ if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+ BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
+
+ /*
+ * Set the counter to the special value -1 to indicate that this is
+ * never-used fresh blinding that does not need updating before first
+ * use.
+ */
+ ret->counter = -1;
+ return (ret);
+ err:
+ if (ret != NULL)
+ BN_BLINDING_free(ret);
+ return (NULL);
+}
+
+void BN_BLINDING_free(BN_BLINDING *r)
+{
+ if (r == NULL)
+ return;
+
+ if (r->A != NULL)
+ BN_free(r->A);
+ if (r->Ai != NULL)
+ BN_free(r->Ai);
+ if (r->e != NULL)
+ BN_free(r->e);
+ if (r->mod != NULL)
+ BN_free(r->mod);
+ OPENSSL_free(r);
+}
+
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
+{
+ int ret = 0;
+
+ if ((b->A == NULL) || (b->Ai == NULL)) {
+ BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED);
+ goto err;
+ }
+
+ if (b->counter == -1)
+ b->counter = 0;
+
+ if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
+ !(b->flags & BN_BLINDING_NO_RECREATE)) {
+ /* re-create blinding parameters */
+ if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
+ goto err;
+ } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
+ if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
+ goto err;
+ if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx))
+ goto err;
+ }
+
+ ret = 1;
+ err:
+ if (b->counter == BN_BLINDING_COUNTER)
+ b->counter = 0;
+ return (ret);
+}
+
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+{
+ return BN_BLINDING_convert_ex(n, NULL, b, ctx);
+}
+
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
+{
+ int ret = 1;
+
+ bn_check_top(n);
+
+ if ((b->A == NULL) || (b->Ai == NULL)) {
+ BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
+ return (0);
+ }
+
+ if (b->counter == -1)
+ /* Fresh blinding, doesn't need updating. */
+ b->counter = 0;
+ else if (!BN_BLINDING_update(b, ctx))
+ return (0);
+
+ if (r != NULL) {
+ if (!BN_copy(r, b->Ai))
+ ret = 0;
+ }
+
+ if (!BN_mod_mul(n, n, b->A, b->mod, ctx))
+ ret = 0;
+
+ return ret;
+}
+
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+{
+ return BN_BLINDING_invert_ex(n, NULL, b, ctx);
+}
+
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+ BN_CTX *ctx)
+{
+ int ret;
+
+ bn_check_top(n);
+
+ if (r != NULL)
+ ret = BN_mod_mul(n, n, r, b->mod, ctx);
+ else {
+ if (b->Ai == NULL) {
+ BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
+ return (0);
+ }
+ ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+ }
+
+ bn_check_top(n);
+ return (ret);
+}
+
+unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
+{
+ return b->thread_id;
+}
+
+void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
+{
+ b->thread_id = n;
+}
+
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
+{
+ return b->flags;
+}
+
+void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
+{
+ b->flags = flags;
+}
+
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+ int (*bn_mod_exp) (BIGNUM *r,
+ const BIGNUM *a,
+ const BIGNUM *p,
+ const BIGNUM *m,
+ BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx),
+ BN_MONT_CTX *m_ctx)
+{
+ int retry_counter = 32;
+ BN_BLINDING *ret = NULL;
+
+ if (b == NULL)
+ ret = BN_BLINDING_new(NULL, NULL, m);
+ else
+ ret = b;
+
+ if (ret == NULL)
+ goto err;
+
+ if (ret->A == NULL && (ret->A = BN_new()) == NULL)
+ goto err;
+ if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
+ goto err;
+
+ if (e != NULL) {
+ if (ret->e != NULL)
+ BN_free(ret->e);
+ ret->e = BN_dup(e);
+ }
+ if (ret->e == NULL)
+ goto err;
+
+ if (bn_mod_exp != NULL)
+ ret->bn_mod_exp = bn_mod_exp;
+ if (m_ctx != NULL)
+ ret->m_ctx = m_ctx;
+
+ do {
+ if (!BN_rand_range(ret->A, ret->mod))
+ goto err;
+ if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) {
+ /*
+ * this should almost never happen for good RSA keys
+ */
+ unsigned long error = ERR_peek_last_error();
+ if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+ if (retry_counter-- == 0) {
+ BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
+ BN_R_TOO_MANY_ITERATIONS);
+ goto err;
+ }
+ ERR_clear_error();
+ } else
+ goto err;
+ } else
+ break;
+ } while (1);
+
+ if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
+ if (!ret->bn_mod_exp
+ (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
+ goto err;
+ } else {
+ if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
+ goto err;
+ }
+
+ return ret;
+ err:
+ if (b == NULL && ret != NULL) {
+ BN_BLINDING_free(ret);
+ ret = NULL;
+ }
+
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_const.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_const.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_const.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,402 +0,0 @@
-/* crypto/bn/knownprimes.c */
-/* Insert boilerplate */
-
-#include "bn.h"
-
-/* "First Oakley Default Group" from RFC2409, section 6.1.
- *
- * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
- *
- * RFC2409 specifies a generator of 2.
- * RFC2412 specifies a generator of of 22.
- */
-
-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
- {
- static const unsigned char RFC2409_PRIME_768[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
- }
-
-/* "Second Oakley Default Group" from RFC2409, section 6.2.
- *
- * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
- *
- * RFC2409 specifies a generator of 2.
- * RFC2412 specifies a generator of 22.
- */
-
-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
- {
- static const unsigned char RFC2409_PRIME_1024[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
- }
-
-/* "1536-bit MODP Group" from RFC3526, Section 2.
- *
- * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
- *
- * RFC3526 specifies a generator of 2.
- * RFC2312 specifies a generator of 22.
- */
-
-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_1536[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
- }
-
-/* "2048-bit MODP Group" from RFC3526, Section 3.
- *
- * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_2048[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
- }
-
-/* "3072-bit MODP Group" from RFC3526, Section 4.
- *
- * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_3072[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
- 0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
- }
-
-/* "4096-bit MODP Group" from RFC3526, Section 5.
- *
- * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_4096[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
- }
-
-/* "6144-bit MODP Group" from RFC3526, Section 6.
- *
- * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_6144[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
- 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
- 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
- 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
- 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
- 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
- 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
- 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
- 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
- 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
- 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
- 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
- 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
- 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
- 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
- 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
- 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
- 0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
- }
-
-/* "8192-bit MODP Group" from RFC3526, Section 7.
- *
- * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
- *
- * RFC3526 specifies a generator of 2.
- */
-
-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)
- {
- static const unsigned char RFC3526_PRIME_8192[]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
- 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
- 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
- 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
- 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
- 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
- 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
- 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
- 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
- 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
- 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
- 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
- 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
- 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
- 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
- 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
- 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
- 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
- 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
- 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
- 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
- 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
- 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
- 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
- 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
- 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
- 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
- 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
- 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
- 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
- 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
- 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
- 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
- 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
- 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
- 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
- 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
- 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
- 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
- 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
- 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
- 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
- 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
- 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
- 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
- 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
- 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
- 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
- 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
- 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
- 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
- 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
- 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
- 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
- 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
- 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
- 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
- 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
- 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
- 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
- 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
- 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
- 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
- 0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
- 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,
- 0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,
- 0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93,
- 0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
- 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,
- 0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,
- 0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8,
- 0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
- 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,
- 0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,
- 0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8,
- 0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
- 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,
- 0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,
- 0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3,
- 0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
- 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,
- 0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,
- 0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2,
- 0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
- 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,
- };
- return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_const.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_const.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_const.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_const.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,547 @@
+/* crypto/bn/knownprimes.c */
+/* Insert boilerplate */
+
+#include "bn.h"
+
+/*-
+ * "First Oakley Default Group" from RFC2409, section 6.1.
+ *
+ * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of of 22.
+ */
+
+BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
+{
+ static const unsigned char RFC2409_PRIME_768[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
+}
+
+/*-
+ * "Second Oakley Default Group" from RFC2409, section 6.2.
+ *
+ * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of 22.
+ */
+
+BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
+{
+ static const unsigned char RFC2409_PRIME_1024[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
+}
+
+/*-
+ * "1536-bit MODP Group" from RFC3526, Section 2.
+ *
+ * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
+ *
+ * RFC3526 specifies a generator of 2.
+ * RFC2312 specifies a generator of 22.
+ */
+
+BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_1536[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn);
+}
+
+/*-
+ * "2048-bit MODP Group" from RFC3526, Section 3.
+ *
+ * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_2048[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn);
+}
+
+/*-
+ * "3072-bit MODP Group" from RFC3526, Section 4.
+ *
+ * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_3072[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn);
+}
+
+/*-
+ * "4096-bit MODP Group" from RFC3526, Section 5.
+ *
+ * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_4096[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+ 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+ 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+ 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+ 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+ 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+ 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+ 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+ 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+ 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn);
+}
+
+/*-
+ * "6144-bit MODP Group" from RFC3526, Section 6.
+ *
+ * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_6144[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+ 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+ 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+ 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+ 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+ 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+ 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+ 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+ 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+ 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
+ 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
+ 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
+ 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
+ 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
+ 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
+ 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
+ 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
+ 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
+ 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
+ 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
+ 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
+ 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
+ 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
+ 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
+ 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
+ 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
+ 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
+ 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
+ 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
+ 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
+ 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xCC, 0x40, 0x24,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn);
+}
+
+/*-
+ * "8192-bit MODP Group" from RFC3526, Section 7.
+ *
+ * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)
+{
+ static const unsigned char RFC3526_PRIME_8192[] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+ 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+ 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+ 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+ 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+ 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+ 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+ 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+ 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+ 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+ 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+ 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+ 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+ 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+ 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+ 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+ 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+ 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+ 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+ 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+ 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+ 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+ 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+ 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+ 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+ 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+ 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+ 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+ 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+ 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+ 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+ 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+ 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+ 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+ 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+ 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+ 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+ 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+ 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+ 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+ 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+ 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+ 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+ 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+ 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+ 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+ 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+ 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+ 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+ 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+ 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+ 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+ 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+ 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+ 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+ 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+ 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+ 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+ 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+ 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+ 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+ 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+ 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
+ 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
+ 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+ 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
+ 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
+ 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+ 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
+ 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
+ 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+ 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
+ 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
+ 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+ 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
+ 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
+ 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+ 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
+ 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
+ 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+ 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
+ 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
+ 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+ 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
+ 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
+ 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+ 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
+ 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
+ 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+ 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
+ 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
+ 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+ 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
+ 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59,
+ 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
+ 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C,
+ 0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA,
+ 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
+ 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED,
+ 0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66,
+ 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
+ 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78,
+ 0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D,
+ 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
+ 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07,
+ 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7,
+ 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
+ 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD,
+ 0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8,
+ 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
+ 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6,
+ 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D,
+ 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
+ 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1,
+ 0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D,
+ 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
+ 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73,
+ 0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68,
+ 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
+ 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7,
+ 0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B,
+ 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
+ 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA,
+ 0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF,
+ 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
+ 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ };
+ return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_ctx.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_ctx.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_ctx.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,454 +0,0 @@
-/* crypto/bn/bn_ctx.c */
-/* Written by Ulf Moeller for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
-#ifndef NDEBUG
-#define NDEBUG
-#endif
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* TODO list
- *
- * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
- * check they can be safely removed.
- * - Check +1 and other ugliness in BN_from_montgomery()
- *
- * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an
- * appropriate 'block' size that will be honoured by bn_expand_internal() to
- * prevent piddly little reallocations. OTOH, profiling bignum expansions in
- * BN_CTX doesn't show this to be a big issue.
- */
-
-/* How many bignums are in each "pool item"; */
-#define BN_CTX_POOL_SIZE 16
-/* The stack frame info is resizing, set a first-time expansion size; */
-#define BN_CTX_START_FRAMES 32
-
-/***********/
-/* BN_POOL */
-/***********/
-
-/* A bundle of bignums that can be linked with other bundles */
-typedef struct bignum_pool_item
- {
- /* The bignum values */
- BIGNUM vals[BN_CTX_POOL_SIZE];
- /* Linked-list admin */
- struct bignum_pool_item *prev, *next;
- } BN_POOL_ITEM;
-/* A linked-list of bignums grouped in bundles */
-typedef struct bignum_pool
- {
- /* Linked-list admin */
- BN_POOL_ITEM *head, *current, *tail;
- /* Stack depth and allocation size */
- unsigned used, size;
- } BN_POOL;
-static void BN_POOL_init(BN_POOL *);
-static void BN_POOL_finish(BN_POOL *);
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_POOL_reset(BN_POOL *);
-#endif
-static BIGNUM * BN_POOL_get(BN_POOL *);
-static void BN_POOL_release(BN_POOL *, unsigned int);
-
-/************/
-/* BN_STACK */
-/************/
-
-/* A wrapper to manage the "stack frames" */
-typedef struct bignum_ctx_stack
- {
- /* Array of indexes into the bignum stack */
- unsigned int *indexes;
- /* Number of stack frames, and the size of the allocated array */
- unsigned int depth, size;
- } BN_STACK;
-static void BN_STACK_init(BN_STACK *);
-static void BN_STACK_finish(BN_STACK *);
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_STACK_reset(BN_STACK *);
-#endif
-static int BN_STACK_push(BN_STACK *, unsigned int);
-static unsigned int BN_STACK_pop(BN_STACK *);
-
-/**********/
-/* BN_CTX */
-/**********/
-
-/* The opaque BN_CTX type */
-struct bignum_ctx
- {
- /* The bignum bundles */
- BN_POOL pool;
- /* The "stack frames", if you will */
- BN_STACK stack;
- /* The number of bignums currently assigned */
- unsigned int used;
- /* Depth of stack overflow */
- int err_stack;
- /* Block "gets" until an "end" (compatibility behaviour) */
- int too_many;
- };
-
-/* Enable this to find BN_CTX bugs */
-#ifdef BN_CTX_DEBUG
-static const char *ctxdbg_cur = NULL;
-static void ctxdbg(BN_CTX *ctx)
- {
- unsigned int bnidx = 0, fpidx = 0;
- BN_POOL_ITEM *item = ctx->pool.head;
- BN_STACK *stack = &ctx->stack;
- fprintf(stderr,"(%08x): ", (unsigned int)ctx);
- while(bnidx < ctx->used)
- {
- fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
- if(!(bnidx % BN_CTX_POOL_SIZE))
- item = item->next;
- }
- fprintf(stderr,"\n");
- bnidx = 0;
- fprintf(stderr," : ");
- while(fpidx < stack->depth)
- {
- while(bnidx++ < stack->indexes[fpidx])
- fprintf(stderr," ");
- fprintf(stderr,"^^ ");
- bnidx++;
- fpidx++;
- }
- fprintf(stderr,"\n");
- }
-#define CTXDBG_ENTRY(str, ctx) do { \
- ctxdbg_cur = (str); \
- fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
- ctxdbg(ctx); \
- } while(0)
-#define CTXDBG_EXIT(ctx) do { \
- fprintf(stderr,"Ending %s\n", ctxdbg_cur); \
- ctxdbg(ctx); \
- } while(0)
-#define CTXDBG_RET(ctx,ret)
-#else
-#define CTXDBG_ENTRY(str, ctx)
-#define CTXDBG_EXIT(ctx)
-#define CTXDBG_RET(ctx,ret)
-#endif
-
-/* This function is an evil legacy and should not be used. This implementation
- * is WYSIWYG, though I've done my best. */
-#ifndef OPENSSL_NO_DEPRECATED
-void BN_CTX_init(BN_CTX *ctx)
- {
- /* Assume the caller obtained the context via BN_CTX_new() and so is
- * trying to reset it for use. Nothing else makes sense, least of all
- * binary compatibility from a time when they could declare a static
- * variable. */
- BN_POOL_reset(&ctx->pool);
- BN_STACK_reset(&ctx->stack);
- ctx->used = 0;
- ctx->err_stack = 0;
- ctx->too_many = 0;
- }
-#endif
-
-BN_CTX *BN_CTX_new(void)
- {
- BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));
- if(!ret)
- {
- BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- /* Initialise the structure */
- BN_POOL_init(&ret->pool);
- BN_STACK_init(&ret->stack);
- ret->used = 0;
- ret->err_stack = 0;
- ret->too_many = 0;
- return ret;
- }
-
-void BN_CTX_free(BN_CTX *ctx)
- {
- if (ctx == NULL)
- return;
-#ifdef BN_CTX_DEBUG
- {
- BN_POOL_ITEM *pool = ctx->pool.head;
- fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
- ctx->stack.size, ctx->pool.size);
- fprintf(stderr,"dmaxs: ");
- while(pool) {
- unsigned loop = 0;
- while(loop < BN_CTX_POOL_SIZE)
- fprintf(stderr,"%02x ", pool->vals[loop++].dmax);
- pool = pool->next;
- }
- fprintf(stderr,"\n");
- }
-#endif
- BN_STACK_finish(&ctx->stack);
- BN_POOL_finish(&ctx->pool);
- OPENSSL_free(ctx);
- }
-
-void BN_CTX_start(BN_CTX *ctx)
- {
- CTXDBG_ENTRY("BN_CTX_start", ctx);
- /* If we're already overflowing ... */
- if(ctx->err_stack || ctx->too_many)
- ctx->err_stack++;
- /* (Try to) get a new frame pointer */
- else if(!BN_STACK_push(&ctx->stack, ctx->used))
- {
- BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
- ctx->err_stack++;
- }
- CTXDBG_EXIT(ctx);
- }
-
-void BN_CTX_end(BN_CTX *ctx)
- {
- CTXDBG_ENTRY("BN_CTX_end", ctx);
- if(ctx->err_stack)
- ctx->err_stack--;
- else
- {
- unsigned int fp = BN_STACK_pop(&ctx->stack);
- /* Does this stack frame have anything to release? */
- if(fp < ctx->used)
- BN_POOL_release(&ctx->pool, ctx->used - fp);
- ctx->used = fp;
- /* Unjam "too_many" in case "get" had failed */
- ctx->too_many = 0;
- }
- CTXDBG_EXIT(ctx);
- }
-
-BIGNUM *BN_CTX_get(BN_CTX *ctx)
- {
- BIGNUM *ret;
- CTXDBG_ENTRY("BN_CTX_get", ctx);
- if(ctx->err_stack || ctx->too_many) return NULL;
- if((ret = BN_POOL_get(&ctx->pool)) == NULL)
- {
- /* Setting too_many prevents repeated "get" attempts from
- * cluttering the error stack. */
- ctx->too_many = 1;
- BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
- return NULL;
- }
- /* OK, make sure the returned bignum is "zero" */
- BN_zero(ret);
- ctx->used++;
- CTXDBG_RET(ctx, ret);
- return ret;
- }
-
-/************/
-/* BN_STACK */
-/************/
-
-static void BN_STACK_init(BN_STACK *st)
- {
- st->indexes = NULL;
- st->depth = st->size = 0;
- }
-
-static void BN_STACK_finish(BN_STACK *st)
- {
- if(st->size) OPENSSL_free(st->indexes);
- }
-
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_STACK_reset(BN_STACK *st)
- {
- st->depth = 0;
- }
-#endif
-
-static int BN_STACK_push(BN_STACK *st, unsigned int idx)
- {
- if(st->depth == st->size)
- /* Need to expand */
- {
- unsigned int newsize = (st->size ?
- (st->size * 3 / 2) : BN_CTX_START_FRAMES);
- unsigned int *newitems = OPENSSL_malloc(newsize *
- sizeof(unsigned int));
- if(!newitems) return 0;
- if(st->depth)
- memcpy(newitems, st->indexes, st->depth *
- sizeof(unsigned int));
- if(st->size) OPENSSL_free(st->indexes);
- st->indexes = newitems;
- st->size = newsize;
- }
- st->indexes[(st->depth)++] = idx;
- return 1;
- }
-
-static unsigned int BN_STACK_pop(BN_STACK *st)
- {
- return st->indexes[--(st->depth)];
- }
-
-/***********/
-/* BN_POOL */
-/***********/
-
-static void BN_POOL_init(BN_POOL *p)
- {
- p->head = p->current = p->tail = NULL;
- p->used = p->size = 0;
- }
-
-static void BN_POOL_finish(BN_POOL *p)
- {
- while(p->head)
- {
- unsigned int loop = 0;
- BIGNUM *bn = p->head->vals;
- while(loop++ < BN_CTX_POOL_SIZE)
- {
- if(bn->d) BN_clear_free(bn);
- bn++;
- }
- p->current = p->head->next;
- OPENSSL_free(p->head);
- p->head = p->current;
- }
- }
-
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_POOL_reset(BN_POOL *p)
- {
- BN_POOL_ITEM *item = p->head;
- while(item)
- {
- unsigned int loop = 0;
- BIGNUM *bn = item->vals;
- while(loop++ < BN_CTX_POOL_SIZE)
- {
- if(bn->d) BN_clear(bn);
- bn++;
- }
- item = item->next;
- }
- p->current = p->head;
- p->used = 0;
- }
-#endif
-
-static BIGNUM *BN_POOL_get(BN_POOL *p)
- {
- if(p->used == p->size)
- {
- BIGNUM *bn;
- unsigned int loop = 0;
- BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM));
- if(!item) return NULL;
- /* Initialise the structure */
- bn = item->vals;
- while(loop++ < BN_CTX_POOL_SIZE)
- BN_init(bn++);
- item->prev = p->tail;
- item->next = NULL;
- /* Link it in */
- if(!p->head)
- p->head = p->current = p->tail = item;
- else
- {
- p->tail->next = item;
- p->tail = item;
- p->current = item;
- }
- p->size += BN_CTX_POOL_SIZE;
- p->used++;
- /* Return the first bignum from the new pool */
- return item->vals;
- }
- if(!p->used)
- p->current = p->head;
- else if((p->used % BN_CTX_POOL_SIZE) == 0)
- p->current = p->current->next;
- return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
- }
-
-static void BN_POOL_release(BN_POOL *p, unsigned int num)
- {
- unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
- p->used -= num;
- while(num--)
- {
- bn_check_top(p->current->vals + offset);
- if(!offset)
- {
- offset = BN_CTX_POOL_SIZE - 1;
- p->current = p->current->prev;
- }
- else
- offset--;
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_ctx.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_ctx.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_ctx.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_ctx.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,448 @@
+/* crypto/bn/bn_ctx.c */
+/* Written by Ulf Moeller for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+
+#include <stdio.h>
+#include <assert.h>
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/*-
+ * TODO list
+ *
+ * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
+ * check they can be safely removed.
+ * - Check +1 and other ugliness in BN_from_montgomery()
+ *
+ * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an
+ * appropriate 'block' size that will be honoured by bn_expand_internal() to
+ * prevent piddly little reallocations. OTOH, profiling bignum expansions in
+ * BN_CTX doesn't show this to be a big issue.
+ */
+
+/* How many bignums are in each "pool item"; */
+#define BN_CTX_POOL_SIZE 16
+/* The stack frame info is resizing, set a first-time expansion size; */
+#define BN_CTX_START_FRAMES 32
+
+/***********/
+/* BN_POOL */
+/***********/
+
+/* A bundle of bignums that can be linked with other bundles */
+typedef struct bignum_pool_item {
+ /* The bignum values */
+ BIGNUM vals[BN_CTX_POOL_SIZE];
+ /* Linked-list admin */
+ struct bignum_pool_item *prev, *next;
+} BN_POOL_ITEM;
+/* A linked-list of bignums grouped in bundles */
+typedef struct bignum_pool {
+ /* Linked-list admin */
+ BN_POOL_ITEM *head, *current, *tail;
+ /* Stack depth and allocation size */
+ unsigned used, size;
+} BN_POOL;
+static void BN_POOL_init(BN_POOL *);
+static void BN_POOL_finish(BN_POOL *);
+#ifndef OPENSSL_NO_DEPRECATED
+static void BN_POOL_reset(BN_POOL *);
+#endif
+static BIGNUM *BN_POOL_get(BN_POOL *);
+static void BN_POOL_release(BN_POOL *, unsigned int);
+
+/************/
+/* BN_STACK */
+/************/
+
+/* A wrapper to manage the "stack frames" */
+typedef struct bignum_ctx_stack {
+ /* Array of indexes into the bignum stack */
+ unsigned int *indexes;
+ /* Number of stack frames, and the size of the allocated array */
+ unsigned int depth, size;
+} BN_STACK;
+static void BN_STACK_init(BN_STACK *);
+static void BN_STACK_finish(BN_STACK *);
+#ifndef OPENSSL_NO_DEPRECATED
+static void BN_STACK_reset(BN_STACK *);
+#endif
+static int BN_STACK_push(BN_STACK *, unsigned int);
+static unsigned int BN_STACK_pop(BN_STACK *);
+
+/**********/
+/* BN_CTX */
+/**********/
+
+/* The opaque BN_CTX type */
+struct bignum_ctx {
+ /* The bignum bundles */
+ BN_POOL pool;
+ /* The "stack frames", if you will */
+ BN_STACK stack;
+ /* The number of bignums currently assigned */
+ unsigned int used;
+ /* Depth of stack overflow */
+ int err_stack;
+ /* Block "gets" until an "end" (compatibility behaviour) */
+ int too_many;
+};
+
+/* Enable this to find BN_CTX bugs */
+#ifdef BN_CTX_DEBUG
+static const char *ctxdbg_cur = NULL;
+static void ctxdbg(BN_CTX *ctx)
+{
+ unsigned int bnidx = 0, fpidx = 0;
+ BN_POOL_ITEM *item = ctx->pool.head;
+ BN_STACK *stack = &ctx->stack;
+ fprintf(stderr, "(%08x): ", (unsigned int)ctx);
+ while (bnidx < ctx->used) {
+ fprintf(stderr, "%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
+ if (!(bnidx % BN_CTX_POOL_SIZE))
+ item = item->next;
+ }
+ fprintf(stderr, "\n");
+ bnidx = 0;
+ fprintf(stderr, " : ");
+ while (fpidx < stack->depth) {
+ while (bnidx++ < stack->indexes[fpidx])
+ fprintf(stderr, " ");
+ fprintf(stderr, "^^ ");
+ bnidx++;
+ fpidx++;
+ }
+ fprintf(stderr, "\n");
+}
+
+# define CTXDBG_ENTRY(str, ctx) do { \
+ ctxdbg_cur = (str); \
+ fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
+ ctxdbg(ctx); \
+ } while(0)
+# define CTXDBG_EXIT(ctx) do { \
+ fprintf(stderr,"Ending %s\n", ctxdbg_cur); \
+ ctxdbg(ctx); \
+ } while(0)
+# define CTXDBG_RET(ctx,ret)
+#else
+# define CTXDBG_ENTRY(str, ctx)
+# define CTXDBG_EXIT(ctx)
+# define CTXDBG_RET(ctx,ret)
+#endif
+
+/*
+ * This function is an evil legacy and should not be used. This
+ * implementation is WYSIWYG, though I've done my best.
+ */
+#ifndef OPENSSL_NO_DEPRECATED
+void BN_CTX_init(BN_CTX *ctx)
+{
+ /*
+ * Assume the caller obtained the context via BN_CTX_new() and so is
+ * trying to reset it for use. Nothing else makes sense, least of all
+ * binary compatibility from a time when they could declare a static
+ * variable.
+ */
+ BN_POOL_reset(&ctx->pool);
+ BN_STACK_reset(&ctx->stack);
+ ctx->used = 0;
+ ctx->err_stack = 0;
+ ctx->too_many = 0;
+}
+#endif
+
+BN_CTX *BN_CTX_new(void)
+{
+ BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));
+ if (!ret) {
+ BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ /* Initialise the structure */
+ BN_POOL_init(&ret->pool);
+ BN_STACK_init(&ret->stack);
+ ret->used = 0;
+ ret->err_stack = 0;
+ ret->too_many = 0;
+ return ret;
+}
+
+void BN_CTX_free(BN_CTX *ctx)
+{
+ if (ctx == NULL)
+ return;
+#ifdef BN_CTX_DEBUG
+ {
+ BN_POOL_ITEM *pool = ctx->pool.head;
+ fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
+ ctx->stack.size, ctx->pool.size);
+ fprintf(stderr, "dmaxs: ");
+ while (pool) {
+ unsigned loop = 0;
+ while (loop < BN_CTX_POOL_SIZE)
+ fprintf(stderr, "%02x ", pool->vals[loop++].dmax);
+ pool = pool->next;
+ }
+ fprintf(stderr, "\n");
+ }
+#endif
+ BN_STACK_finish(&ctx->stack);
+ BN_POOL_finish(&ctx->pool);
+ OPENSSL_free(ctx);
+}
+
+void BN_CTX_start(BN_CTX *ctx)
+{
+ CTXDBG_ENTRY("BN_CTX_start", ctx);
+ /* If we're already overflowing ... */
+ if (ctx->err_stack || ctx->too_many)
+ ctx->err_stack++;
+ /* (Try to) get a new frame pointer */
+ else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
+ BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+ ctx->err_stack++;
+ }
+ CTXDBG_EXIT(ctx);
+}
+
+void BN_CTX_end(BN_CTX *ctx)
+{
+ CTXDBG_ENTRY("BN_CTX_end", ctx);
+ if (ctx->err_stack)
+ ctx->err_stack--;
+ else {
+ unsigned int fp = BN_STACK_pop(&ctx->stack);
+ /* Does this stack frame have anything to release? */
+ if (fp < ctx->used)
+ BN_POOL_release(&ctx->pool, ctx->used - fp);
+ ctx->used = fp;
+ /* Unjam "too_many" in case "get" had failed */
+ ctx->too_many = 0;
+ }
+ CTXDBG_EXIT(ctx);
+}
+
+BIGNUM *BN_CTX_get(BN_CTX *ctx)
+{
+ BIGNUM *ret;
+ CTXDBG_ENTRY("BN_CTX_get", ctx);
+ if (ctx->err_stack || ctx->too_many)
+ return NULL;
+ if ((ret = BN_POOL_get(&ctx->pool)) == NULL) {
+ /*
+ * Setting too_many prevents repeated "get" attempts from cluttering
+ * the error stack.
+ */
+ ctx->too_many = 1;
+ BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+ return NULL;
+ }
+ /* OK, make sure the returned bignum is "zero" */
+ BN_zero(ret);
+ ctx->used++;
+ CTXDBG_RET(ctx, ret);
+ return ret;
+}
+
+/************/
+/* BN_STACK */
+/************/
+
+static void BN_STACK_init(BN_STACK *st)
+{
+ st->indexes = NULL;
+ st->depth = st->size = 0;
+}
+
+static void BN_STACK_finish(BN_STACK *st)
+{
+ if (st->size)
+ OPENSSL_free(st->indexes);
+}
+
+#ifndef OPENSSL_NO_DEPRECATED
+static void BN_STACK_reset(BN_STACK *st)
+{
+ st->depth = 0;
+}
+#endif
+
+static int BN_STACK_push(BN_STACK *st, unsigned int idx)
+{
+ if (st->depth == st->size)
+ /* Need to expand */
+ {
+ unsigned int newsize = (st->size ?
+ (st->size * 3 / 2) : BN_CTX_START_FRAMES);
+ unsigned int *newitems = OPENSSL_malloc(newsize *
+ sizeof(unsigned int));
+ if (!newitems)
+ return 0;
+ if (st->depth)
+ memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int));
+ if (st->size)
+ OPENSSL_free(st->indexes);
+ st->indexes = newitems;
+ st->size = newsize;
+ }
+ st->indexes[(st->depth)++] = idx;
+ return 1;
+}
+
+static unsigned int BN_STACK_pop(BN_STACK *st)
+{
+ return st->indexes[--(st->depth)];
+}
+
+/***********/
+/* BN_POOL */
+/***********/
+
+static void BN_POOL_init(BN_POOL *p)
+{
+ p->head = p->current = p->tail = NULL;
+ p->used = p->size = 0;
+}
+
+static void BN_POOL_finish(BN_POOL *p)
+{
+ while (p->head) {
+ unsigned int loop = 0;
+ BIGNUM *bn = p->head->vals;
+ while (loop++ < BN_CTX_POOL_SIZE) {
+ if (bn->d)
+ BN_clear_free(bn);
+ bn++;
+ }
+ p->current = p->head->next;
+ OPENSSL_free(p->head);
+ p->head = p->current;
+ }
+}
+
+#ifndef OPENSSL_NO_DEPRECATED
+static void BN_POOL_reset(BN_POOL *p)
+{
+ BN_POOL_ITEM *item = p->head;
+ while (item) {
+ unsigned int loop = 0;
+ BIGNUM *bn = item->vals;
+ while (loop++ < BN_CTX_POOL_SIZE) {
+ if (bn->d)
+ BN_clear(bn);
+ bn++;
+ }
+ item = item->next;
+ }
+ p->current = p->head;
+ p->used = 0;
+}
+#endif
+
+static BIGNUM *BN_POOL_get(BN_POOL *p)
+{
+ if (p->used == p->size) {
+ BIGNUM *bn;
+ unsigned int loop = 0;
+ BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM));
+ if (!item)
+ return NULL;
+ /* Initialise the structure */
+ bn = item->vals;
+ while (loop++ < BN_CTX_POOL_SIZE)
+ BN_init(bn++);
+ item->prev = p->tail;
+ item->next = NULL;
+ /* Link it in */
+ if (!p->head)
+ p->head = p->current = p->tail = item;
+ else {
+ p->tail->next = item;
+ p->tail = item;
+ p->current = item;
+ }
+ p->size += BN_CTX_POOL_SIZE;
+ p->used++;
+ /* Return the first bignum from the new pool */
+ return item->vals;
+ }
+ if (!p->used)
+ p->current = p->head;
+ else if ((p->used % BN_CTX_POOL_SIZE) == 0)
+ p->current = p->current->next;
+ return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
+}
+
+static void BN_POOL_release(BN_POOL *p, unsigned int num)
+{
+ unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
+ p->used -= num;
+ while (num--) {
+ bn_check_top(p->current->vals + offset);
+ if (!offset) {
+ offset = BN_CTX_POOL_SIZE - 1;
+ p->current = p->current->prev;
+ } else
+ offset--;
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_depr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_depr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_depr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,112 +0,0 @@
-/* crypto/bn/bn_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* Support for deprecated functions goes here - static linkage will only slurp
- * this code if applications are using them directly. */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-
-static void *dummy=&dummy;
-
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem,
- void (*callback)(int,int,void *), void *cb_arg)
- {
- BN_GENCB cb;
- BIGNUM *rnd=NULL;
- int found = 0;
-
- BN_GENCB_set_old(&cb, callback, cb_arg);
-
- if (ret == NULL)
- {
- if ((rnd=BN_new()) == NULL) goto err;
- }
- else
- rnd=ret;
- if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
- goto err;
-
- /* we have a prime :-) */
- found = 1;
-err:
- if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
- return(found ? rnd : NULL);
- }
-
-int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
- BN_CTX *ctx_passed, void *cb_arg)
- {
- BN_GENCB cb;
- BN_GENCB_set_old(&cb, callback, cb_arg);
- return BN_is_prime_ex(a, checks, ctx_passed, &cb);
- }
-
-int BN_is_prime_fasttest(const BIGNUM *a, int checks,
- void (*callback)(int,int,void *),
- BN_CTX *ctx_passed, void *cb_arg,
- int do_trial_division)
- {
- BN_GENCB cb;
- BN_GENCB_set_old(&cb, callback, cb_arg);
- return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
- do_trial_division, &cb);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_depr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_depr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_depr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_depr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,115 @@
+/* crypto/bn/bn_depr.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * Support for deprecated functions goes here - static linkage will only
+ * slurp this code if applications are using them directly.
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/rand.h>
+
+static void *dummy = &dummy;
+
+#ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem,
+ void (*callback) (int, int, void *), void *cb_arg)
+{
+ BN_GENCB cb;
+ BIGNUM *rnd = NULL;
+ int found = 0;
+
+ BN_GENCB_set_old(&cb, callback, cb_arg);
+
+ if (ret == NULL) {
+ if ((rnd = BN_new()) == NULL)
+ goto err;
+ } else
+ rnd = ret;
+ if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
+ goto err;
+
+ /* we have a prime :-) */
+ found = 1;
+ err:
+ if (!found && (ret == NULL) && (rnd != NULL))
+ BN_free(rnd);
+ return (found ? rnd : NULL);
+}
+
+int BN_is_prime(const BIGNUM *a, int checks,
+ void (*callback) (int, int, void *), BN_CTX *ctx_passed,
+ void *cb_arg)
+{
+ BN_GENCB cb;
+ BN_GENCB_set_old(&cb, callback, cb_arg);
+ return BN_is_prime_ex(a, checks, ctx_passed, &cb);
+}
+
+int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+ void (*callback) (int, int, void *),
+ BN_CTX *ctx_passed, void *cb_arg,
+ int do_trial_division)
+{
+ BN_GENCB cb;
+ BN_GENCB_set_old(&cb, callback, cb_arg);
+ return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
+ do_trial_division, &cb);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_div.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_div.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_div.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,650 +0,0 @@
-/* crypto/bn/bn_div.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-
-/* The old slow way */
-#if 0
-int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
- BN_CTX *ctx)
- {
- int i,nm,nd;
- int ret = 0;
- BIGNUM *D;
-
- bn_check_top(m);
- bn_check_top(d);
- if (BN_is_zero(d))
- {
- BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
- return(0);
- }
-
- if (BN_ucmp(m,d) < 0)
- {
- if (rem != NULL)
- { if (BN_copy(rem,m) == NULL) return(0); }
- if (dv != NULL) BN_zero(dv);
- return(1);
- }
-
- BN_CTX_start(ctx);
- D = BN_CTX_get(ctx);
- if (dv == NULL) dv = BN_CTX_get(ctx);
- if (rem == NULL) rem = BN_CTX_get(ctx);
- if (D == NULL || dv == NULL || rem == NULL)
- goto end;
-
- nd=BN_num_bits(d);
- nm=BN_num_bits(m);
- if (BN_copy(D,d) == NULL) goto end;
- if (BN_copy(rem,m) == NULL) goto end;
-
- /* The next 2 are needed so we can do a dv->d[0]|=1 later
- * since BN_lshift1 will only work once there is a value :-) */
- BN_zero(dv);
- if(bn_wexpand(dv,1) == NULL) goto end;
- dv->top=1;
-
- if (!BN_lshift(D,D,nm-nd)) goto end;
- for (i=nm-nd; i>=0; i--)
- {
- if (!BN_lshift1(dv,dv)) goto end;
- if (BN_ucmp(rem,D) >= 0)
- {
- dv->d[0]|=1;
- if (!BN_usub(rem,rem,D)) goto end;
- }
-/* CAN IMPROVE (and have now :=) */
- if (!BN_rshift1(D,D)) goto end;
- }
- rem->neg=BN_is_zero(rem)?0:m->neg;
- dv->neg=m->neg^d->neg;
- ret = 1;
- end:
- BN_CTX_end(ctx);
- return(ret);
- }
-
-#else
-
-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
- && !defined(PEDANTIC) && !defined(BN_DIV3W)
-# if defined(__GNUC__) && __GNUC__>=2
-# if defined(__i386) || defined (__i386__)
- /*
- * There were two reasons for implementing this template:
- * - GNU C generates a call to a function (__udivdi3 to be exact)
- * in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
- * understand why...);
- * - divl doesn't only calculate quotient, but also leaves
- * remainder in %edx which we can definitely use here:-)
- *
- * <appro at fy.chalmers.se>
- */
-# define bn_div_words(n0,n1,d0) \
- ({ asm volatile ( \
- "divl %4" \
- : "=a"(q), "=d"(rem) \
- : "a"(n1), "d"(n0), "g"(d0) \
- : "cc"); \
- q; \
- })
-# define REMAINDER_IS_ALREADY_CALCULATED
-# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
- /*
- * Same story here, but it's 128-bit by 64-bit division. Wow!
- * <appro at fy.chalmers.se>
- */
-# define bn_div_words(n0,n1,d0) \
- ({ asm volatile ( \
- "divq %4" \
- : "=a"(q), "=d"(rem) \
- : "a"(n1), "d"(n0), "g"(d0) \
- : "cc"); \
- q; \
- })
-# define REMAINDER_IS_ALREADY_CALCULATED
-# endif /* __<cpu> */
-# endif /* __GNUC__ */
-#endif /* OPENSSL_NO_ASM */
-
-
-/* BN_div[_no_branch] computes dv := num / divisor, rounding towards
- * zero, and sets up rm such that dv*divisor + rm = num holds.
- * Thus:
- * dv->neg == num->neg ^ divisor->neg (unless the result is zero)
- * rm->neg == num->neg (unless the remainder is zero)
- * If 'dv' or 'rm' is NULL, the respective value is not returned.
- */
-static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
- const BIGNUM *divisor, BN_CTX *ctx);
-int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
- BN_CTX *ctx)
- {
- int norm_shift,i,loop;
- BIGNUM *tmp,wnum,*snum,*sdiv,*res;
- BN_ULONG *resp,*wnump;
- BN_ULONG d0,d1;
- int num_n,div_n;
-
- /* Invalid zero-padding would have particularly bad consequences
- * in the case of 'num', so don't just rely on bn_check_top() for this one
- * (bn_check_top() works only for BN_DEBUG builds) */
- if (num->top > 0 && num->d[num->top - 1] == 0)
- {
- BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED);
- return 0;
- }
-
- bn_check_top(num);
-
- if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
- {
- return BN_div_no_branch(dv, rm, num, divisor, ctx);
- }
-
- bn_check_top(dv);
- bn_check_top(rm);
- /* bn_check_top(num); */ /* 'num' has been checked already */
- bn_check_top(divisor);
-
- if (BN_is_zero(divisor))
- {
- BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
- return(0);
- }
-
- if (BN_ucmp(num,divisor) < 0)
- {
- if (rm != NULL)
- { if (BN_copy(rm,num) == NULL) return(0); }
- if (dv != NULL) BN_zero(dv);
- return(1);
- }
-
- BN_CTX_start(ctx);
- tmp=BN_CTX_get(ctx);
- snum=BN_CTX_get(ctx);
- sdiv=BN_CTX_get(ctx);
- if (dv == NULL)
- res=BN_CTX_get(ctx);
- else res=dv;
- if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
- goto err;
-
- /* First we normalise the numbers */
- norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
- if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
- sdiv->neg=0;
- norm_shift+=BN_BITS2;
- if (!(BN_lshift(snum,num,norm_shift))) goto err;
- snum->neg=0;
- div_n=sdiv->top;
- num_n=snum->top;
- loop=num_n-div_n;
- /* Lets setup a 'window' into snum
- * This is the part that corresponds to the current
- * 'area' being divided */
- wnum.neg = 0;
- wnum.d = &(snum->d[loop]);
- wnum.top = div_n;
- /* only needed when BN_ucmp messes up the values between top and max */
- wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
-
- /* Get the top 2 words of sdiv */
- /* div_n=sdiv->top; */
- d0=sdiv->d[div_n-1];
- d1=(div_n == 1)?0:sdiv->d[div_n-2];
-
- /* pointer to the 'top' of snum */
- wnump= &(snum->d[num_n-1]);
-
- /* Setup to 'res' */
- res->neg= (num->neg^divisor->neg);
- if (!bn_wexpand(res,(loop+1))) goto err;
- res->top=loop;
- resp= &(res->d[loop-1]);
-
- /* space for temp */
- if (!bn_wexpand(tmp,(div_n+1))) goto err;
-
- if (BN_ucmp(&wnum,sdiv) >= 0)
- {
- /* If BN_DEBUG_RAND is defined BN_ucmp changes (via
- * bn_pollute) the const bignum arguments =>
- * clean the values between top and max again */
- bn_clear_top2max(&wnum);
- bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
- *resp=1;
- }
- else
- res->top--;
- /* if res->top == 0 then clear the neg value otherwise decrease
- * the resp pointer */
- if (res->top == 0)
- res->neg = 0;
- else
- resp--;
-
- for (i=0; i<loop-1; i++, wnump--, resp--)
- {
- BN_ULONG q,l0;
- /* the first part of the loop uses the top two words of
- * snum and sdiv to calculate a BN_ULONG q such that
- * | wnum - sdiv * q | < sdiv */
-#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
- BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
- q=bn_div_3_words(wnump,d1,d0);
-#else
- BN_ULONG n0,n1,rem=0;
-
- n0=wnump[0];
- n1=wnump[-1];
- if (n0 == d0)
- q=BN_MASK2;
- else /* n0 < d0 */
- {
-#ifdef BN_LLONG
- BN_ULLONG t2;
-
-#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
- q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
-#else
- q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
- fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
- n0, n1, d0, q);
-#endif
-#endif
-
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
- /*
- * rem doesn't have to be BN_ULLONG. The least we
- * know it's less that d0, isn't it?
- */
- rem=(n1-q*d0)&BN_MASK2;
-#endif
- t2=(BN_ULLONG)d1*q;
-
- for (;;)
- {
- if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
- break;
- q--;
- rem += d0;
- if (rem < d0) break; /* don't let rem overflow */
- t2 -= d1;
- }
-#else /* !BN_LLONG */
- BN_ULONG t2l,t2h;
-#if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
- BN_ULONG ql,qh;
-#endif
-
- q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
- fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
- n0, n1, d0, q);
-#endif
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
- rem=(n1-q*d0)&BN_MASK2;
-#endif
-
-#if defined(BN_UMULT_LOHI)
- BN_UMULT_LOHI(t2l,t2h,d1,q);
-#elif defined(BN_UMULT_HIGH)
- t2l = d1 * q;
- t2h = BN_UMULT_HIGH(d1,q);
-#else
- t2l=LBITS(d1); t2h=HBITS(d1);
- ql =LBITS(q); qh =HBITS(q);
- mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
-#endif
-
- for (;;)
- {
- if ((t2h < rem) ||
- ((t2h == rem) && (t2l <= wnump[-2])))
- break;
- q--;
- rem += d0;
- if (rem < d0) break; /* don't let rem overflow */
- if (t2l < d1) t2h--; t2l -= d1;
- }
-#endif /* !BN_LLONG */
- }
-#endif /* !BN_DIV3W */
-
- l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
- tmp->d[div_n]=l0;
- wnum.d--;
- /* ingore top values of the bignums just sub the two
- * BN_ULONG arrays with bn_sub_words */
- if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
- {
- /* Note: As we have considered only the leading
- * two BN_ULONGs in the calculation of q, sdiv * q
- * might be greater than wnum (but then (q-1) * sdiv
- * is less or equal than wnum)
- */
- q--;
- if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
- /* we can't have an overflow here (assuming
- * that q != 0, but if q == 0 then tmp is
- * zero anyway) */
- (*wnump)++;
- }
- /* store part of the result */
- *resp = q;
- }
- bn_correct_top(snum);
- if (rm != NULL)
- {
- /* Keep a copy of the neg flag in num because if rm==num
- * BN_rshift() will overwrite it.
- */
- int neg = num->neg;
- BN_rshift(rm,snum,norm_shift);
- if (!BN_is_zero(rm))
- rm->neg = neg;
- bn_check_top(rm);
- }
- BN_CTX_end(ctx);
- return(1);
-err:
- bn_check_top(rm);
- BN_CTX_end(ctx);
- return(0);
- }
-
-
-/* BN_div_no_branch is a special version of BN_div. It does not contain
- * branches that may leak sensitive information.
- */
-static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
- const BIGNUM *divisor, BN_CTX *ctx)
- {
- int norm_shift,i,loop;
- BIGNUM *tmp,wnum,*snum,*sdiv,*res;
- BN_ULONG *resp,*wnump;
- BN_ULONG d0,d1;
- int num_n,div_n;
-
- bn_check_top(dv);
- bn_check_top(rm);
- /* bn_check_top(num); */ /* 'num' has been checked in BN_div() */
- bn_check_top(divisor);
-
- if (BN_is_zero(divisor))
- {
- BNerr(BN_F_BN_DIV_NO_BRANCH,BN_R_DIV_BY_ZERO);
- return(0);
- }
-
- BN_CTX_start(ctx);
- tmp=BN_CTX_get(ctx);
- snum=BN_CTX_get(ctx);
- sdiv=BN_CTX_get(ctx);
- if (dv == NULL)
- res=BN_CTX_get(ctx);
- else res=dv;
- if (sdiv == NULL || res == NULL) goto err;
-
- /* First we normalise the numbers */
- norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
- if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
- sdiv->neg=0;
- norm_shift+=BN_BITS2;
- if (!(BN_lshift(snum,num,norm_shift))) goto err;
- snum->neg=0;
-
- /* Since we don't know whether snum is larger than sdiv,
- * we pad snum with enough zeroes without changing its
- * value.
- */
- if (snum->top <= sdiv->top+1)
- {
- if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err;
- for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0;
- snum->top = sdiv->top + 2;
- }
- else
- {
- if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;
- snum->d[snum->top] = 0;
- snum->top ++;
- }
-
- div_n=sdiv->top;
- num_n=snum->top;
- loop=num_n-div_n;
- /* Lets setup a 'window' into snum
- * This is the part that corresponds to the current
- * 'area' being divided */
- wnum.neg = 0;
- wnum.d = &(snum->d[loop]);
- wnum.top = div_n;
- /* only needed when BN_ucmp messes up the values between top and max */
- wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
-
- /* Get the top 2 words of sdiv */
- /* div_n=sdiv->top; */
- d0=sdiv->d[div_n-1];
- d1=(div_n == 1)?0:sdiv->d[div_n-2];
-
- /* pointer to the 'top' of snum */
- wnump= &(snum->d[num_n-1]);
-
- /* Setup to 'res' */
- res->neg= (num->neg^divisor->neg);
- if (!bn_wexpand(res,(loop+1))) goto err;
- res->top=loop-1;
- resp= &(res->d[loop-1]);
-
- /* space for temp */
- if (!bn_wexpand(tmp,(div_n+1))) goto err;
-
- /* if res->top == 0 then clear the neg value otherwise decrease
- * the resp pointer */
- if (res->top == 0)
- res->neg = 0;
- else
- resp--;
-
- for (i=0; i<loop-1; i++, wnump--, resp--)
- {
- BN_ULONG q,l0;
- /* the first part of the loop uses the top two words of
- * snum and sdiv to calculate a BN_ULONG q such that
- * | wnum - sdiv * q | < sdiv */
-#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
- BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
- q=bn_div_3_words(wnump,d1,d0);
-#else
- BN_ULONG n0,n1,rem=0;
-
- n0=wnump[0];
- n1=wnump[-1];
- if (n0 == d0)
- q=BN_MASK2;
- else /* n0 < d0 */
- {
-#ifdef BN_LLONG
- BN_ULLONG t2;
-
-#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
- q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
-#else
- q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
- fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
- n0, n1, d0, q);
-#endif
-#endif
-
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
- /*
- * rem doesn't have to be BN_ULLONG. The least we
- * know it's less that d0, isn't it?
- */
- rem=(n1-q*d0)&BN_MASK2;
-#endif
- t2=(BN_ULLONG)d1*q;
-
- for (;;)
- {
- if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
- break;
- q--;
- rem += d0;
- if (rem < d0) break; /* don't let rem overflow */
- t2 -= d1;
- }
-#else /* !BN_LLONG */
- BN_ULONG t2l,t2h;
-#if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
- BN_ULONG ql,qh;
-#endif
-
- q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
- fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
- n0, n1, d0, q);
-#endif
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
- rem=(n1-q*d0)&BN_MASK2;
-#endif
-
-#if defined(BN_UMULT_LOHI)
- BN_UMULT_LOHI(t2l,t2h,d1,q);
-#elif defined(BN_UMULT_HIGH)
- t2l = d1 * q;
- t2h = BN_UMULT_HIGH(d1,q);
-#else
- t2l=LBITS(d1); t2h=HBITS(d1);
- ql =LBITS(q); qh =HBITS(q);
- mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
-#endif
-
- for (;;)
- {
- if ((t2h < rem) ||
- ((t2h == rem) && (t2l <= wnump[-2])))
- break;
- q--;
- rem += d0;
- if (rem < d0) break; /* don't let rem overflow */
- if (t2l < d1) t2h--; t2l -= d1;
- }
-#endif /* !BN_LLONG */
- }
-#endif /* !BN_DIV3W */
-
- l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
- tmp->d[div_n]=l0;
- wnum.d--;
- /* ingore top values of the bignums just sub the two
- * BN_ULONG arrays with bn_sub_words */
- if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
- {
- /* Note: As we have considered only the leading
- * two BN_ULONGs in the calculation of q, sdiv * q
- * might be greater than wnum (but then (q-1) * sdiv
- * is less or equal than wnum)
- */
- q--;
- if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
- /* we can't have an overflow here (assuming
- * that q != 0, but if q == 0 then tmp is
- * zero anyway) */
- (*wnump)++;
- }
- /* store part of the result */
- *resp = q;
- }
- bn_correct_top(snum);
- if (rm != NULL)
- {
- /* Keep a copy of the neg flag in num because if rm==num
- * BN_rshift() will overwrite it.
- */
- int neg = num->neg;
- BN_rshift(rm,snum,norm_shift);
- if (!BN_is_zero(rm))
- rm->neg = neg;
- bn_check_top(rm);
- }
- bn_correct_top(res);
- BN_CTX_end(ctx);
- return(1);
-err:
- bn_check_top(rm);
- BN_CTX_end(ctx);
- return(0);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_div.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_div.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_div.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_div.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,691 @@
+/* crypto/bn/bn_div.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* The old slow way */
+#if 0
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+ BN_CTX *ctx)
+{
+ int i, nm, nd;
+ int ret = 0;
+ BIGNUM *D;
+
+ bn_check_top(m);
+ bn_check_top(d);
+ if (BN_is_zero(d)) {
+ BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+ return (0);
+ }
+
+ if (BN_ucmp(m, d) < 0) {
+ if (rem != NULL) {
+ if (BN_copy(rem, m) == NULL)
+ return (0);
+ }
+ if (dv != NULL)
+ BN_zero(dv);
+ return (1);
+ }
+
+ BN_CTX_start(ctx);
+ D = BN_CTX_get(ctx);
+ if (dv == NULL)
+ dv = BN_CTX_get(ctx);
+ if (rem == NULL)
+ rem = BN_CTX_get(ctx);
+ if (D == NULL || dv == NULL || rem == NULL)
+ goto end;
+
+ nd = BN_num_bits(d);
+ nm = BN_num_bits(m);
+ if (BN_copy(D, d) == NULL)
+ goto end;
+ if (BN_copy(rem, m) == NULL)
+ goto end;
+
+ /*
+ * The next 2 are needed so we can do a dv->d[0]|=1 later since
+ * BN_lshift1 will only work once there is a value :-)
+ */
+ BN_zero(dv);
+ if (bn_wexpand(dv, 1) == NULL)
+ goto end;
+ dv->top = 1;
+
+ if (!BN_lshift(D, D, nm - nd))
+ goto end;
+ for (i = nm - nd; i >= 0; i--) {
+ if (!BN_lshift1(dv, dv))
+ goto end;
+ if (BN_ucmp(rem, D) >= 0) {
+ dv->d[0] |= 1;
+ if (!BN_usub(rem, rem, D))
+ goto end;
+ }
+/* CAN IMPROVE (and have now :=) */
+ if (!BN_rshift1(D, D))
+ goto end;
+ }
+ rem->neg = BN_is_zero(rem) ? 0 : m->neg;
+ dv->neg = m->neg ^ d->neg;
+ ret = 1;
+ end:
+ BN_CTX_end(ctx);
+ return (ret);
+}
+
+#else
+
+# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
+ && !defined(PEDANTIC) && !defined(BN_DIV3W)
+# if defined(__GNUC__) && __GNUC__>=2
+# if defined(__i386) || defined (__i386__)
+ /*-
+ * There were two reasons for implementing this template:
+ * - GNU C generates a call to a function (__udivdi3 to be exact)
+ * in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
+ * understand why...);
+ * - divl doesn't only calculate quotient, but also leaves
+ * remainder in %edx which we can definitely use here:-)
+ *
+ * <appro at fy.chalmers.se>
+ */
+# define bn_div_words(n0,n1,d0) \
+ ({ asm volatile ( \
+ "divl %4" \
+ : "=a"(q), "=d"(rem) \
+ : "a"(n1), "d"(n0), "g"(d0) \
+ : "cc"); \
+ q; \
+ })
+# define REMAINDER_IS_ALREADY_CALCULATED
+# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+ /*
+ * Same story here, but it's 128-bit by 64-bit division. Wow!
+ * <appro at fy.chalmers.se>
+ */
+# define bn_div_words(n0,n1,d0) \
+ ({ asm volatile ( \
+ "divq %4" \
+ : "=a"(q), "=d"(rem) \
+ : "a"(n1), "d"(n0), "g"(d0) \
+ : "cc"); \
+ q; \
+ })
+# define REMAINDER_IS_ALREADY_CALCULATED
+# endif /* __<cpu> */
+# endif /* __GNUC__ */
+# endif /* OPENSSL_NO_ASM */
+
+/*-
+ * BN_div[_no_branch] computes dv := num / divisor, rounding towards
+ * zero, and sets up rm such that dv*divisor + rm = num holds.
+ * Thus:
+ * dv->neg == num->neg ^ divisor->neg (unless the result is zero)
+ * rm->neg == num->neg (unless the remainder is zero)
+ * If 'dv' or 'rm' is NULL, the respective value is not returned.
+ */
+static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+ const BIGNUM *divisor, BN_CTX *ctx);
+int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+ BN_CTX *ctx)
+{
+ int norm_shift, i, loop;
+ BIGNUM *tmp, wnum, *snum, *sdiv, *res;
+ BN_ULONG *resp, *wnump;
+ BN_ULONG d0, d1;
+ int num_n, div_n;
+
+ /*
+ * Invalid zero-padding would have particularly bad consequences in the
+ * case of 'num', so don't just rely on bn_check_top() for this one
+ * (bn_check_top() works only for BN_DEBUG builds)
+ */
+ if (num->top > 0 && num->d[num->top - 1] == 0) {
+ BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
+ return 0;
+ }
+
+ bn_check_top(num);
+
+ if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0)
+ || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) {
+ return BN_div_no_branch(dv, rm, num, divisor, ctx);
+ }
+
+ bn_check_top(dv);
+ bn_check_top(rm);
+ /*- bn_check_top(num); *//*
+ * 'num' has been checked already
+ */
+ bn_check_top(divisor);
+
+ if (BN_is_zero(divisor)) {
+ BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+ return (0);
+ }
+
+ if (BN_ucmp(num, divisor) < 0) {
+ if (rm != NULL) {
+ if (BN_copy(rm, num) == NULL)
+ return (0);
+ }
+ if (dv != NULL)
+ BN_zero(dv);
+ return (1);
+ }
+
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
+ snum = BN_CTX_get(ctx);
+ sdiv = BN_CTX_get(ctx);
+ if (dv == NULL)
+ res = BN_CTX_get(ctx);
+ else
+ res = dv;
+ if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
+ goto err;
+
+ /* First we normalise the numbers */
+ norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2);
+ if (!(BN_lshift(sdiv, divisor, norm_shift)))
+ goto err;
+ sdiv->neg = 0;
+ norm_shift += BN_BITS2;
+ if (!(BN_lshift(snum, num, norm_shift)))
+ goto err;
+ snum->neg = 0;
+ div_n = sdiv->top;
+ num_n = snum->top;
+ loop = num_n - div_n;
+ /*
+ * Lets setup a 'window' into snum This is the part that corresponds to
+ * the current 'area' being divided
+ */
+ wnum.neg = 0;
+ wnum.d = &(snum->d[loop]);
+ wnum.top = div_n;
+ /*
+ * only needed when BN_ucmp messes up the values between top and max
+ */
+ wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
+
+ /* Get the top 2 words of sdiv */
+ /* div_n=sdiv->top; */
+ d0 = sdiv->d[div_n - 1];
+ d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
+
+ /* pointer to the 'top' of snum */
+ wnump = &(snum->d[num_n - 1]);
+
+ /* Setup to 'res' */
+ res->neg = (num->neg ^ divisor->neg);
+ if (!bn_wexpand(res, (loop + 1)))
+ goto err;
+ res->top = loop;
+ resp = &(res->d[loop - 1]);
+
+ /* space for temp */
+ if (!bn_wexpand(tmp, (div_n + 1)))
+ goto err;
+
+ if (BN_ucmp(&wnum, sdiv) >= 0) {
+ /*
+ * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute) the
+ * const bignum arguments => clean the values between top and max
+ * again
+ */
+ bn_clear_top2max(&wnum);
+ bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
+ *resp = 1;
+ } else
+ res->top--;
+ /*
+ * if res->top == 0 then clear the neg value otherwise decrease the resp
+ * pointer
+ */
+ if (res->top == 0)
+ res->neg = 0;
+ else
+ resp--;
+
+ for (i = 0; i < loop - 1; i++, wnump--, resp--) {
+ BN_ULONG q, l0;
+ /*
+ * the first part of the loop uses the top two words of snum and sdiv
+ * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv
+ */
+# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
+ BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG);
+ q = bn_div_3_words(wnump, d1, d0);
+# else
+ BN_ULONG n0, n1, rem = 0;
+
+ n0 = wnump[0];
+ n1 = wnump[-1];
+ if (n0 == d0)
+ q = BN_MASK2;
+ else { /* n0 < d0 */
+
+# ifdef BN_LLONG
+ BN_ULLONG t2;
+
+# if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+ q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0);
+# else
+ q = bn_div_words(n0, n1, d0);
+# ifdef BN_DEBUG_LEVITTE
+ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n", n0, n1, d0, q);
+# endif
+# endif
+
+# ifndef REMAINDER_IS_ALREADY_CALCULATED
+ /*
+ * rem doesn't have to be BN_ULLONG. The least we
+ * know it's less that d0, isn't it?
+ */
+ rem = (n1 - q * d0) & BN_MASK2;
+# endif
+ t2 = (BN_ULLONG) d1 *q;
+
+ for (;;) {
+ if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2]))
+ break;
+ q--;
+ rem += d0;
+ if (rem < d0)
+ break; /* don't let rem overflow */
+ t2 -= d1;
+ }
+# else /* !BN_LLONG */
+ BN_ULONG t2l, t2h;
+# if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
+ BN_ULONG ql, qh;
+# endif
+
+ q = bn_div_words(n0, n1, d0);
+# ifdef BN_DEBUG_LEVITTE
+ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n", n0, n1, d0, q);
+# endif
+# ifndef REMAINDER_IS_ALREADY_CALCULATED
+ rem = (n1 - q * d0) & BN_MASK2;
+# endif
+
+# if defined(BN_UMULT_LOHI)
+ BN_UMULT_LOHI(t2l, t2h, d1, q);
+# elif defined(BN_UMULT_HIGH)
+ t2l = d1 * q;
+ t2h = BN_UMULT_HIGH(d1, q);
+# else
+ t2l = LBITS(d1);
+ t2h = HBITS(d1);
+ ql = LBITS(q);
+ qh = HBITS(q);
+ mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
+# endif
+
+ for (;;) {
+ if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2])))
+ break;
+ q--;
+ rem += d0;
+ if (rem < d0)
+ break; /* don't let rem overflow */
+ if (t2l < d1)
+ t2h--;
+ t2l -= d1;
+ }
+# endif /* !BN_LLONG */
+ }
+# endif /* !BN_DIV3W */
+
+ l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
+ tmp->d[div_n] = l0;
+ wnum.d--;
+ /*
+ * ingore top values of the bignums just sub the two BN_ULONG arrays
+ * with bn_sub_words
+ */
+ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) {
+ /*
+ * Note: As we have considered only the leading two BN_ULONGs in
+ * the calculation of q, sdiv * q might be greater than wnum (but
+ * then (q-1) * sdiv is less or equal than wnum)
+ */
+ q--;
+ if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
+ /*
+ * we can't have an overflow here (assuming that q != 0, but
+ * if q == 0 then tmp is zero anyway)
+ */
+ (*wnump)++;
+ }
+ /* store part of the result */
+ *resp = q;
+ }
+ bn_correct_top(snum);
+ if (rm != NULL) {
+ /*
+ * Keep a copy of the neg flag in num because if rm==num BN_rshift()
+ * will overwrite it.
+ */
+ int neg = num->neg;
+ BN_rshift(rm, snum, norm_shift);
+ if (!BN_is_zero(rm))
+ rm->neg = neg;
+ bn_check_top(rm);
+ }
+ BN_CTX_end(ctx);
+ return (1);
+ err:
+ bn_check_top(rm);
+ BN_CTX_end(ctx);
+ return (0);
+}
+
+/*
+ * BN_div_no_branch is a special version of BN_div. It does not contain
+ * branches that may leak sensitive information.
+ */
+static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+ const BIGNUM *divisor, BN_CTX *ctx)
+{
+ int norm_shift, i, loop;
+ BIGNUM *tmp, wnum, *snum, *sdiv, *res;
+ BN_ULONG *resp, *wnump;
+ BN_ULONG d0, d1;
+ int num_n, div_n;
+
+ bn_check_top(dv);
+ bn_check_top(rm);
+ /*- bn_check_top(num); *//*
+ * 'num' has been checked in BN_div()
+ */
+ bn_check_top(divisor);
+
+ if (BN_is_zero(divisor)) {
+ BNerr(BN_F_BN_DIV_NO_BRANCH, BN_R_DIV_BY_ZERO);
+ return (0);
+ }
+
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
+ snum = BN_CTX_get(ctx);
+ sdiv = BN_CTX_get(ctx);
+ if (dv == NULL)
+ res = BN_CTX_get(ctx);
+ else
+ res = dv;
+ if (sdiv == NULL || res == NULL)
+ goto err;
+
+ /* First we normalise the numbers */
+ norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2);
+ if (!(BN_lshift(sdiv, divisor, norm_shift)))
+ goto err;
+ sdiv->neg = 0;
+ norm_shift += BN_BITS2;
+ if (!(BN_lshift(snum, num, norm_shift)))
+ goto err;
+ snum->neg = 0;
+
+ /*
+ * Since we don't know whether snum is larger than sdiv, we pad snum with
+ * enough zeroes without changing its value.
+ */
+ if (snum->top <= sdiv->top + 1) {
+ if (bn_wexpand(snum, sdiv->top + 2) == NULL)
+ goto err;
+ for (i = snum->top; i < sdiv->top + 2; i++)
+ snum->d[i] = 0;
+ snum->top = sdiv->top + 2;
+ } else {
+ if (bn_wexpand(snum, snum->top + 1) == NULL)
+ goto err;
+ snum->d[snum->top] = 0;
+ snum->top++;
+ }
+
+ div_n = sdiv->top;
+ num_n = snum->top;
+ loop = num_n - div_n;
+ /*
+ * Lets setup a 'window' into snum This is the part that corresponds to
+ * the current 'area' being divided
+ */
+ wnum.neg = 0;
+ wnum.d = &(snum->d[loop]);
+ wnum.top = div_n;
+ /*
+ * only needed when BN_ucmp messes up the values between top and max
+ */
+ wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
+
+ /* Get the top 2 words of sdiv */
+ /* div_n=sdiv->top; */
+ d0 = sdiv->d[div_n - 1];
+ d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
+
+ /* pointer to the 'top' of snum */
+ wnump = &(snum->d[num_n - 1]);
+
+ /* Setup to 'res' */
+ res->neg = (num->neg ^ divisor->neg);
+ if (!bn_wexpand(res, (loop + 1)))
+ goto err;
+ res->top = loop - 1;
+ resp = &(res->d[loop - 1]);
+
+ /* space for temp */
+ if (!bn_wexpand(tmp, (div_n + 1)))
+ goto err;
+
+ /*
+ * if res->top == 0 then clear the neg value otherwise decrease the resp
+ * pointer
+ */
+ if (res->top == 0)
+ res->neg = 0;
+ else
+ resp--;
+
+ for (i = 0; i < loop - 1; i++, wnump--, resp--) {
+ BN_ULONG q, l0;
+ /*
+ * the first part of the loop uses the top two words of snum and sdiv
+ * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv
+ */
+# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
+ BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG);
+ q = bn_div_3_words(wnump, d1, d0);
+# else
+ BN_ULONG n0, n1, rem = 0;
+
+ n0 = wnump[0];
+ n1 = wnump[-1];
+ if (n0 == d0)
+ q = BN_MASK2;
+ else { /* n0 < d0 */
+
+# ifdef BN_LLONG
+ BN_ULLONG t2;
+
+# if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+ q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0);
+# else
+ q = bn_div_words(n0, n1, d0);
+# ifdef BN_DEBUG_LEVITTE
+ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n", n0, n1, d0, q);
+# endif
+# endif
+
+# ifndef REMAINDER_IS_ALREADY_CALCULATED
+ /*
+ * rem doesn't have to be BN_ULLONG. The least we
+ * know it's less that d0, isn't it?
+ */
+ rem = (n1 - q * d0) & BN_MASK2;
+# endif
+ t2 = (BN_ULLONG) d1 *q;
+
+ for (;;) {
+ if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2]))
+ break;
+ q--;
+ rem += d0;
+ if (rem < d0)
+ break; /* don't let rem overflow */
+ t2 -= d1;
+ }
+# else /* !BN_LLONG */
+ BN_ULONG t2l, t2h;
+# if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
+ BN_ULONG ql, qh;
+# endif
+
+ q = bn_div_words(n0, n1, d0);
+# ifdef BN_DEBUG_LEVITTE
+ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n", n0, n1, d0, q);
+# endif
+# ifndef REMAINDER_IS_ALREADY_CALCULATED
+ rem = (n1 - q * d0) & BN_MASK2;
+# endif
+
+# if defined(BN_UMULT_LOHI)
+ BN_UMULT_LOHI(t2l, t2h, d1, q);
+# elif defined(BN_UMULT_HIGH)
+ t2l = d1 * q;
+ t2h = BN_UMULT_HIGH(d1, q);
+# else
+ t2l = LBITS(d1);
+ t2h = HBITS(d1);
+ ql = LBITS(q);
+ qh = HBITS(q);
+ mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
+# endif
+
+ for (;;) {
+ if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2])))
+ break;
+ q--;
+ rem += d0;
+ if (rem < d0)
+ break; /* don't let rem overflow */
+ if (t2l < d1)
+ t2h--;
+ t2l -= d1;
+ }
+# endif /* !BN_LLONG */
+ }
+# endif /* !BN_DIV3W */
+
+ l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
+ tmp->d[div_n] = l0;
+ wnum.d--;
+ /*
+ * ingore top values of the bignums just sub the two BN_ULONG arrays
+ * with bn_sub_words
+ */
+ if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) {
+ /*
+ * Note: As we have considered only the leading two BN_ULONGs in
+ * the calculation of q, sdiv * q might be greater than wnum (but
+ * then (q-1) * sdiv is less or equal than wnum)
+ */
+ q--;
+ if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
+ /*
+ * we can't have an overflow here (assuming that q != 0, but
+ * if q == 0 then tmp is zero anyway)
+ */
+ (*wnump)++;
+ }
+ /* store part of the result */
+ *resp = q;
+ }
+ bn_correct_top(snum);
+ if (rm != NULL) {
+ /*
+ * Keep a copy of the neg flag in num because if rm==num BN_rshift()
+ * will overwrite it.
+ */
+ int neg = num->neg;
+ BN_rshift(rm, snum, norm_shift);
+ if (!BN_is_zero(rm))
+ rm->neg = neg;
+ bn_check_top(rm);
+ }
+ bn_correct_top(res);
+ BN_CTX_end(ctx);
+ return (1);
+ err:
+ bn_check_top(rm);
+ BN_CTX_end(ctx);
+ return (0);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,150 +0,0 @@
-/* crypto/bn/bn_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
-
-static ERR_STRING_DATA BN_str_functs[]=
- {
-{ERR_FUNC(BN_F_BNRAND), "BNRAND"},
-{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
-{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
-{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
-{ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
-{ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
-{ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
-{ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
-{ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
-{ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
-{ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
-{ERR_FUNC(BN_F_BN_DIV), "BN_div"},
-{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"},
-{ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
-{ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
-{ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
-{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
-{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
-{ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
-{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
-{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
-{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
-{ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
-{ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
-{ERR_FUNC(BN_F_BN_NEW), "BN_new"},
-{ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
-{ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
-{ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA BN_str_reasons[]=
- {
-{ERR_REASON(BN_R_ARG2_LT_ARG3) ,"arg2 lt arg3"},
-{ERR_REASON(BN_R_BAD_RECIPROCAL) ,"bad reciprocal"},
-{ERR_REASON(BN_R_BIGNUM_TOO_LONG) ,"bignum too long"},
-{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},
-{ERR_REASON(BN_R_DIV_BY_ZERO) ,"div by zero"},
-{ERR_REASON(BN_R_ENCODING_ERROR) ,"encoding error"},
-{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"},
-{ERR_REASON(BN_R_INPUT_NOT_REDUCED) ,"input not reduced"},
-{ERR_REASON(BN_R_INVALID_LENGTH) ,"invalid length"},
-{ERR_REASON(BN_R_INVALID_RANGE) ,"invalid range"},
-{ERR_REASON(BN_R_NOT_A_SQUARE) ,"not a square"},
-{ERR_REASON(BN_R_NOT_INITIALIZED) ,"not initialized"},
-{ERR_REASON(BN_R_NO_INVERSE) ,"no inverse"},
-{ERR_REASON(BN_R_NO_SOLUTION) ,"no solution"},
-{ERR_REASON(BN_R_P_IS_NOT_PRIME) ,"p is not prime"},
-{ERR_REASON(BN_R_TOO_MANY_ITERATIONS) ,"too many iterations"},
-{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_BN_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(BN_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,BN_str_functs);
- ERR_load_strings(0,BN_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,150 @@
+/* crypto/bn/bn_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
+
+static ERR_STRING_DATA BN_str_functs[] = {
+ {ERR_FUNC(BN_F_BNRAND), "BNRAND"},
+ {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
+ {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
+ {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
+ {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
+ {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
+ {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
+ {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
+ {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
+ {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
+ {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
+ {ERR_FUNC(BN_F_BN_DIV), "BN_div"},
+ {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"},
+ {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
+ {ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
+ {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
+ {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
+ {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
+ {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
+ {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
+ {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
+ {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
+ {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
+ {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
+ {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
+ {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
+ {ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
+ {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
+ {ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA BN_str_reasons[] = {
+ {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
+ {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
+ {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
+ {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
+ {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
+ {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
+ {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),
+ "expand on static bignum data"},
+ {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
+ {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
+ {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
+ {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
+ {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
+ {ERR_REASON(BN_R_NO_INVERSE), "no inverse"},
+ {ERR_REASON(BN_R_NO_SOLUTION), "no solution"},
+ {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"},
+ {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"},
+ {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),
+ "too many temporary variables"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_BN_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(BN_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, BN_str_functs);
+ ERR_load_strings(0, BN_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_exp.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,998 +0,0 @@
-/* crypto/bn/bn_exp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* maximum precomputation table size for *variable* sliding windows */
-#define TABLE_SIZE 32
-
-/* this one works - simple but works */
-int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
- int i,bits,ret=0;
- BIGNUM *v,*rr;
-
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
- }
-
- BN_CTX_start(ctx);
- if ((r == a) || (r == p))
- rr = BN_CTX_get(ctx);
- else
- rr = r;
- v = BN_CTX_get(ctx);
- if (rr == NULL || v == NULL) goto err;
-
- if (BN_copy(v,a) == NULL) goto err;
- bits=BN_num_bits(p);
-
- if (BN_is_odd(p))
- { if (BN_copy(rr,a) == NULL) goto err; }
- else { if (!BN_one(rr)) goto err; }
-
- for (i=1; i<bits; i++)
- {
- if (!BN_sqr(v,v,ctx)) goto err;
- if (BN_is_bit_set(p,i))
- {
- if (!BN_mul(rr,rr,v,ctx)) goto err;
- }
- }
- ret=1;
-err:
- if (r != rr) BN_copy(r,rr);
- BN_CTX_end(ctx);
- bn_check_top(r);
- return(ret);
- }
-
-
-int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
- BN_CTX *ctx)
- {
- int ret;
-
- bn_check_top(a);
- bn_check_top(p);
- bn_check_top(m);
-
- /* For even modulus m = 2^k*m_odd, it might make sense to compute
- * a^p mod m_odd and a^p mod 2^k separately (with Montgomery
- * exponentiation for the odd part), using appropriate exponent
- * reductions, and combine the results using the CRT.
- *
- * For now, we use Montgomery only if the modulus is odd; otherwise,
- * exponentiation using the reciprocal-based quick remaindering
- * algorithm is used.
- *
- * (Timing obtained with expspeed.c [computations a^p mod m
- * where a, p, m are of the same length: 256, 512, 1024, 2048,
- * 4096, 8192 bits], compared to the running time of the
- * standard algorithm:
- *
- * BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration]
- * 55 .. 77 % [UltraSparc processor, but
- * debug-solaris-sparcv8-gcc conf.]
- *
- * BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration]
- * 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
- *
- * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
- * at 2048 and more bits, but at 512 and 1024 bits, it was
- * slower even than the standard algorithm!
- *
- * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
- * should be obtained when the new Montgomery reduction code
- * has been integrated into OpenSSL.)
- */
-
-#define MONT_MUL_MOD
-#define MONT_EXP_WORD
-#define RECP_MUL_MOD
-
-#ifdef MONT_MUL_MOD
- /* I have finally been able to take out this pre-condition of
- * the top bit being set. It was caused by an error in BN_div
- * with negatives. There was also another problem when for a^b%m
- * a >= m. eay 07-May-97 */
-/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
-
- if (BN_is_odd(m))
- {
-# ifdef MONT_EXP_WORD
- if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0))
- {
- BN_ULONG A = a->d[0];
- ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
- }
- else
-# endif
- ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
- }
- else
-#endif
-#ifdef RECP_MUL_MOD
- { ret=BN_mod_exp_recp(r,a,p,m,ctx); }
-#else
- { ret=BN_mod_exp_simple(r,a,p,m,ctx); }
-#endif
-
- bn_check_top(r);
- return(ret);
- }
-
-
-int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- int i,j,bits,ret=0,wstart,wend,window,wvalue;
- int start=1;
- BIGNUM *aa;
- /* Table of variables obtained from 'ctx' */
- BIGNUM *val[TABLE_SIZE];
- BN_RECP_CTX recp;
-
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
- }
-
- bits=BN_num_bits(p);
-
- if (bits == 0)
- {
- ret = BN_one(r);
- return ret;
- }
-
- BN_CTX_start(ctx);
- aa = BN_CTX_get(ctx);
- val[0] = BN_CTX_get(ctx);
- if(!aa || !val[0]) goto err;
-
- BN_RECP_CTX_init(&recp);
- if (m->neg)
- {
- /* ignore sign of 'm' */
- if (!BN_copy(aa, m)) goto err;
- aa->neg = 0;
- if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err;
- }
- else
- {
- if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
- }
-
- if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */
- if (BN_is_zero(val[0]))
- {
- BN_zero(r);
- ret = 1;
- goto err;
- }
-
- window = BN_window_bits_for_exponent_size(bits);
- if (window > 1)
- {
- if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx))
- goto err; /* 2 */
- j=1<<(window-1);
- for (i=1; i<j; i++)
- {
- if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_reciprocal(val[i],val[i-1],
- aa,&recp,ctx))
- goto err;
- }
- }
-
- start=1; /* This is used to avoid multiplication etc
- * when there is only the value '1' in the
- * buffer. */
- wvalue=0; /* The 'value' of the window */
- wstart=bits-1; /* The top bit of the window */
- wend=0; /* The bottom bit of the window */
-
- if (!BN_one(r)) goto err;
-
- for (;;)
- {
- if (BN_is_bit_set(p,wstart) == 0)
- {
- if (!start)
- if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
- goto err;
- if (wstart == 0) break;
- wstart--;
- continue;
- }
- /* We now have wstart on a 'set' bit, we now need to work out
- * how bit a window to do. To do this we need to scan
- * forward until the last set bit before the end of the
- * window */
- j=wstart;
- wvalue=1;
- wend=0;
- for (i=1; i<window; i++)
- {
- if (wstart-i < 0) break;
- if (BN_is_bit_set(p,wstart-i))
- {
- wvalue<<=(i-wend);
- wvalue|=1;
- wend=i;
- }
- }
-
- /* wend is the size of the current window */
- j=wend+1;
- /* add the 'bytes above' */
- if (!start)
- for (i=0; i<j; i++)
- {
- if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
- goto err;
- }
-
- /* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],&recp,ctx))
- goto err;
-
- /* move the 'window' down further */
- wstart-=wend+1;
- wvalue=0;
- start=0;
- if (wstart < 0) break;
- }
- ret=1;
-err:
- BN_CTX_end(ctx);
- BN_RECP_CTX_free(&recp);
- bn_check_top(r);
- return(ret);
- }
-
-
-int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- int i,j,bits,ret=0,wstart,wend,window,wvalue;
- int start=1;
- BIGNUM *d,*r;
- const BIGNUM *aa;
- /* Table of variables obtained from 'ctx' */
- BIGNUM *val[TABLE_SIZE];
- BN_MONT_CTX *mont=NULL;
-
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
- return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
- }
-
- bn_check_top(a);
- bn_check_top(p);
- bn_check_top(m);
-
- if (!BN_is_odd(m))
- {
- BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
- return(0);
- }
- bits=BN_num_bits(p);
- if (bits == 0)
- {
- ret = BN_one(rr);
- return ret;
- }
-
- BN_CTX_start(ctx);
- d = BN_CTX_get(ctx);
- r = BN_CTX_get(ctx);
- val[0] = BN_CTX_get(ctx);
- if (!d || !r || !val[0]) goto err;
-
- /* If this is not done, things will break in the montgomery
- * part */
-
- if (in_mont != NULL)
- mont=in_mont;
- else
- {
- if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
- }
-
- if (a->neg || BN_ucmp(a,m) >= 0)
- {
- if (!BN_nnmod(val[0],a,m,ctx))
- goto err;
- aa= val[0];
- }
- else
- aa=a;
- if (BN_is_zero(aa))
- {
- BN_zero(rr);
- ret = 1;
- goto err;
- }
- if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */
-
- window = BN_window_bits_for_exponent_size(bits);
- if (window > 1)
- {
- if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */
- j=1<<(window-1);
- for (i=1; i<j; i++)
- {
- if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val[i],val[i-1],
- d,mont,ctx))
- goto err;
- }
- }
-
- start=1; /* This is used to avoid multiplication etc
- * when there is only the value '1' in the
- * buffer. */
- wvalue=0; /* The 'value' of the window */
- wstart=bits-1; /* The top bit of the window */
- wend=0; /* The bottom bit of the window */
-
- if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
- for (;;)
- {
- if (BN_is_bit_set(p,wstart) == 0)
- {
- if (!start)
- {
- if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
- goto err;
- }
- if (wstart == 0) break;
- wstart--;
- continue;
- }
- /* We now have wstart on a 'set' bit, we now need to work out
- * how bit a window to do. To do this we need to scan
- * forward until the last set bit before the end of the
- * window */
- j=wstart;
- wvalue=1;
- wend=0;
- for (i=1; i<window; i++)
- {
- if (wstart-i < 0) break;
- if (BN_is_bit_set(p,wstart-i))
- {
- wvalue<<=(i-wend);
- wvalue|=1;
- wend=i;
- }
- }
-
- /* wend is the size of the current window */
- j=wend+1;
- /* add the 'bytes above' */
- if (!start)
- for (i=0; i<j; i++)
- {
- if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
- goto err;
- }
-
- /* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx))
- goto err;
-
- /* move the 'window' down further */
- wstart-=wend+1;
- wvalue=0;
- start=0;
- if (wstart < 0) break;
- }
- if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
- ret=1;
-err:
- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
- BN_CTX_end(ctx);
- bn_check_top(rr);
- return(ret);
- }
-
-
-/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
- * so that accessing any of these table values shows the same access pattern as far
- * as cache lines are concerned. The following functions are used to transfer a BIGNUM
- * from/to that table. */
-
-static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
- {
- size_t i, j;
-
- if (bn_wexpand(b, top) == NULL)
- return 0;
- while (b->top < top)
- {
- b->d[b->top++] = 0;
- }
-
- for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
- {
- buf[j] = ((unsigned char*)b->d)[i];
- }
-
- bn_correct_top(b);
- return 1;
- }
-
-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
- {
- size_t i, j;
-
- if (bn_wexpand(b, top) == NULL)
- return 0;
-
- for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
- {
- ((unsigned char*)b->d)[i] = buf[j];
- }
-
- b->top = top;
- bn_correct_top(b);
- return 1;
- }
-
-/* Given a pointer value, compute the next address that is a cache line multiple. */
-#define MOD_EXP_CTIME_ALIGN(x_) \
- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-
-/* This variant of BN_mod_exp_mont() uses fixed windows and the special
- * precomputation memory layout to limit data-dependency to a minimum
- * to protect secret exponents (cf. the hyper-threading timing attacks
- * pointed out by Colin Percival,
- * http://www.daemonology.net/hyperthreading-considered-harmful/)
- */
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- int i,bits,ret=0,idx,window,wvalue;
- int top;
- BIGNUM *r;
- const BIGNUM *aa;
- BN_MONT_CTX *mont=NULL;
-
- int numPowers;
- unsigned char *powerbufFree=NULL;
- int powerbufLen = 0;
- unsigned char *powerbuf=NULL;
- BIGNUM *computeTemp=NULL, *am=NULL;
-
- bn_check_top(a);
- bn_check_top(p);
- bn_check_top(m);
-
- top = m->top;
-
- if (!(m->d[0] & 1))
- {
- BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS);
- return(0);
- }
- bits=BN_num_bits(p);
- if (bits == 0)
- {
- ret = BN_one(rr);
- return ret;
- }
-
- /* Initialize BIGNUM context and allocate intermediate result */
- BN_CTX_start(ctx);
- r = BN_CTX_get(ctx);
- if (r == NULL) goto err;
-
- /* Allocate a montgomery context if it was not supplied by the caller.
- * If this is not done, things will break in the montgomery part.
- */
- if (in_mont != NULL)
- mont=in_mont;
- else
- {
- if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
- }
-
- /* Get the window size to use with size of p. */
- window = BN_window_bits_for_ctime_exponent_size(bits);
-
- /* Allocate a buffer large enough to hold all of the pre-computed
- * powers of a.
- */
- numPowers = 1 << window;
- powerbufLen = sizeof(m->d[0])*top*numPowers;
- if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
- goto err;
-
- powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
- memset(powerbuf, 0, powerbufLen);
-
- /* Initialize the intermediate result. Do this early to save double conversion,
- * once each for a^0 and intermediate result.
- */
- if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err;
-
- /* Initialize computeTemp as a^1 with montgomery precalcs */
- computeTemp = BN_CTX_get(ctx);
- am = BN_CTX_get(ctx);
- if (computeTemp==NULL || am==NULL) goto err;
-
- if (a->neg || BN_ucmp(a,m) >= 0)
- {
- if (!BN_mod(am,a,m,ctx))
- goto err;
- aa= am;
- }
- else
- aa=a;
- if (!BN_to_montgomery(am,aa,mont,ctx)) goto err;
- if (!BN_copy(computeTemp, am)) goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err;
-
- /* If the window size is greater than 1, then calculate
- * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
- * (even powers could instead be computed as (a^(i/2))^2
- * to use the slight performance advantage of sqr over mul).
- */
- if (window > 1)
- {
- for (i=2; i<numPowers; i++)
- {
- /* Calculate a^i = a^(i-1) * a */
- if (!BN_mod_mul_montgomery(computeTemp,am,computeTemp,mont,ctx))
- goto err;
- if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i, numPowers)) goto err;
- }
- }
-
- /* Adjust the number of bits up to a multiple of the window size.
- * If the exponent length is not a multiple of the window size, then
- * this pads the most significant bits with zeros to normalize the
- * scanning loop to there's no special cases.
- *
- * * NOTE: Making the window size a power of two less than the native
- * * word size ensures that the padded bits won't go past the last
- * * word in the internal BIGNUM structure. Going past the end will
- * * still produce the correct result, but causes a different branch
- * * to be taken in the BN_is_bit_set function.
- */
- bits = ((bits+window-1)/window)*window;
- idx=bits-1; /* The top bit of the window */
-
- /* Scan the exponent one window at a time starting from the most
- * significant bits.
- */
- while (idx >= 0)
- {
- wvalue=0; /* The 'value' of the window */
-
- /* Scan the window, squaring the result as we go */
- for (i=0; i<window; i++,idx--)
- {
- if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) goto err;
- wvalue = (wvalue<<1)+BN_is_bit_set(p,idx);
- }
-
- /* Fetch the appropriate pre-computed value from the pre-buf */
- if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(computeTemp, top, powerbuf, wvalue, numPowers)) goto err;
-
- /* Multiply the result into the intermediate result */
- if (!BN_mod_mul_montgomery(r,r,computeTemp,mont,ctx)) goto err;
- }
-
- /* Convert the final result from montgomery to standard format */
- if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
- ret=1;
-err:
- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
- if (powerbuf!=NULL)
- {
- OPENSSL_cleanse(powerbuf,powerbufLen);
- OPENSSL_free(powerbufFree);
- }
- if (am!=NULL) BN_clear(am);
- if (computeTemp!=NULL) BN_clear(computeTemp);
- BN_CTX_end(ctx);
- return(ret);
- }
-
-int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BN_MONT_CTX *mont = NULL;
- int b, bits, ret=0;
- int r_is_one;
- BN_ULONG w, next_w;
- BIGNUM *d, *r, *t;
- BIGNUM *swap_tmp;
-#define BN_MOD_MUL_WORD(r, w, m) \
- (BN_mul_word(r, (w)) && \
- (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \
- (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
- /* BN_MOD_MUL_WORD is only used with 'w' large,
- * so the BN_ucmp test is probably more overhead
- * than always using BN_mod (which uses BN_copy if
- * a similar test returns true). */
- /* We can use BN_mod and do not need BN_nnmod because our
- * accumulator is never negative (the result of BN_mod does
- * not depend on the sign of the modulus).
- */
-#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
- (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
-
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
- }
-
- bn_check_top(p);
- bn_check_top(m);
-
- if (!BN_is_odd(m))
- {
- BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
- return(0);
- }
- if (m->top == 1)
- a %= m->d[0]; /* make sure that 'a' is reduced */
-
- bits = BN_num_bits(p);
- if (bits == 0)
- {
- /* x**0 mod 1 is still zero. */
- if (BN_is_one(m))
- {
- ret = 1;
- BN_zero(rr);
- }
- else
- ret = BN_one(rr);
- return ret;
- }
- if (a == 0)
- {
- BN_zero(rr);
- ret = 1;
- return ret;
- }
-
- BN_CTX_start(ctx);
- d = BN_CTX_get(ctx);
- r = BN_CTX_get(ctx);
- t = BN_CTX_get(ctx);
- if (d == NULL || r == NULL || t == NULL) goto err;
-
- if (in_mont != NULL)
- mont=in_mont;
- else
- {
- if ((mont = BN_MONT_CTX_new()) == NULL) goto err;
- if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;
- }
-
- r_is_one = 1; /* except for Montgomery factor */
-
- /* bits-1 >= 0 */
-
- /* The result is accumulated in the product r*w. */
- w = a; /* bit 'bits-1' of 'p' is always set */
- for (b = bits-2; b >= 0; b--)
- {
- /* First, square r*w. */
- next_w = w*w;
- if ((next_w/w) != w) /* overflow */
- {
- if (r_is_one)
- {
- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
- r_is_one = 0;
- }
- else
- {
- if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
- }
- next_w = 1;
- }
- w = next_w;
- if (!r_is_one)
- {
- if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;
- }
-
- /* Second, multiply r*w by 'a' if exponent bit is set. */
- if (BN_is_bit_set(p, b))
- {
- next_w = w*a;
- if ((next_w/a) != w) /* overflow */
- {
- if (r_is_one)
- {
- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
- r_is_one = 0;
- }
- else
- {
- if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
- }
- next_w = a;
- }
- w = next_w;
- }
- }
-
- /* Finally, set r:=r*w. */
- if (w != 1)
- {
- if (r_is_one)
- {
- if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
- r_is_one = 0;
- }
- else
- {
- if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
- }
- }
-
- if (r_is_one) /* can happen only if a == 1*/
- {
- if (!BN_one(rr)) goto err;
- }
- else
- {
- if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;
- }
- ret = 1;
-err:
- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
- BN_CTX_end(ctx);
- bn_check_top(rr);
- return(ret);
- }
-
-
-/* The old fallback, simple version :-) */
-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- int i,j,bits,ret=0,wstart,wend,window,wvalue;
- int start=1;
- BIGNUM *d;
- /* Table of variables obtained from 'ctx' */
- BIGNUM *val[TABLE_SIZE];
-
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
- {
- /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
- BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
- }
-
- bits=BN_num_bits(p);
-
- if (bits == 0)
- {
- ret = BN_one(r);
- return ret;
- }
-
- BN_CTX_start(ctx);
- d = BN_CTX_get(ctx);
- val[0] = BN_CTX_get(ctx);
- if(!d || !val[0]) goto err;
-
- if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */
- if (BN_is_zero(val[0]))
- {
- BN_zero(r);
- ret = 1;
- goto err;
- }
-
- window = BN_window_bits_for_exponent_size(bits);
- if (window > 1)
- {
- if (!BN_mod_mul(d,val[0],val[0],m,ctx))
- goto err; /* 2 */
- j=1<<(window-1);
- for (i=1; i<j; i++)
- {
- if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul(val[i],val[i-1],d,m,ctx))
- goto err;
- }
- }
-
- start=1; /* This is used to avoid multiplication etc
- * when there is only the value '1' in the
- * buffer. */
- wvalue=0; /* The 'value' of the window */
- wstart=bits-1; /* The top bit of the window */
- wend=0; /* The bottom bit of the window */
-
- if (!BN_one(r)) goto err;
-
- for (;;)
- {
- if (BN_is_bit_set(p,wstart) == 0)
- {
- if (!start)
- if (!BN_mod_mul(r,r,r,m,ctx))
- goto err;
- if (wstart == 0) break;
- wstart--;
- continue;
- }
- /* We now have wstart on a 'set' bit, we now need to work out
- * how bit a window to do. To do this we need to scan
- * forward until the last set bit before the end of the
- * window */
- j=wstart;
- wvalue=1;
- wend=0;
- for (i=1; i<window; i++)
- {
- if (wstart-i < 0) break;
- if (BN_is_bit_set(p,wstart-i))
- {
- wvalue<<=(i-wend);
- wvalue|=1;
- wend=i;
- }
- }
-
- /* wend is the size of the current window */
- j=wend+1;
- /* add the 'bytes above' */
- if (!start)
- for (i=0; i<j; i++)
- {
- if (!BN_mod_mul(r,r,r,m,ctx))
- goto err;
- }
-
- /* wvalue will be an odd number < 2^window */
- if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx))
- goto err;
-
- /* move the 'window' down further */
- wstart-=wend+1;
- wvalue=0;
- start=0;
- if (wstart < 0) break;
- }
- ret=1;
-err:
- BN_CTX_end(ctx);
- bn_check_top(r);
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_exp.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1007 @@
+/* crypto/bn/bn_exp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* maximum precomputation table size for *variable* sliding windows */
+#define TABLE_SIZE 32
+
+/* this one works - simple but works */
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+ int i, bits, ret = 0;
+ BIGNUM *v, *rr;
+
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
+ BN_CTX_start(ctx);
+ if ((r == a) || (r == p))
+ rr = BN_CTX_get(ctx);
+ else
+ rr = r;
+ v = BN_CTX_get(ctx);
+ if (rr == NULL || v == NULL)
+ goto err;
+
+ if (BN_copy(v, a) == NULL)
+ goto err;
+ bits = BN_num_bits(p);
+
+ if (BN_is_odd(p)) {
+ if (BN_copy(rr, a) == NULL)
+ goto err;
+ } else {
+ if (!BN_one(rr))
+ goto err;
+ }
+
+ for (i = 1; i < bits; i++) {
+ if (!BN_sqr(v, v, ctx))
+ goto err;
+ if (BN_is_bit_set(p, i)) {
+ if (!BN_mul(rr, rr, v, ctx))
+ goto err;
+ }
+ }
+ ret = 1;
+ err:
+ if (r != rr)
+ BN_copy(r, rr);
+ BN_CTX_end(ctx);
+ bn_check_top(r);
+ return (ret);
+}
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ int ret;
+
+ bn_check_top(a);
+ bn_check_top(p);
+ bn_check_top(m);
+
+ /*-
+ * For even modulus m = 2^k*m_odd, it might make sense to compute
+ * a^p mod m_odd and a^p mod 2^k separately (with Montgomery
+ * exponentiation for the odd part), using appropriate exponent
+ * reductions, and combine the results using the CRT.
+ *
+ * For now, we use Montgomery only if the modulus is odd; otherwise,
+ * exponentiation using the reciprocal-based quick remaindering
+ * algorithm is used.
+ *
+ * (Timing obtained with expspeed.c [computations a^p mod m
+ * where a, p, m are of the same length: 256, 512, 1024, 2048,
+ * 4096, 8192 bits], compared to the running time of the
+ * standard algorithm:
+ *
+ * BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration]
+ * 55 .. 77 % [UltraSparc processor, but
+ * debug-solaris-sparcv8-gcc conf.]
+ *
+ * BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration]
+ * 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
+ *
+ * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
+ * at 2048 and more bits, but at 512 and 1024 bits, it was
+ * slower even than the standard algorithm!
+ *
+ * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
+ * should be obtained when the new Montgomery reduction code
+ * has been integrated into OpenSSL.)
+ */
+
+#define MONT_MUL_MOD
+#define MONT_EXP_WORD
+#define RECP_MUL_MOD
+
+#ifdef MONT_MUL_MOD
+ /*
+ * I have finally been able to take out this pre-condition of the top bit
+ * being set. It was caused by an error in BN_div with negatives. There
+ * was also another problem when for a^b%m a >= m. eay 07-May-97
+ */
+ /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
+
+ if (BN_is_odd(m)) {
+# ifdef MONT_EXP_WORD
+ if (a->top == 1 && !a->neg
+ && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
+ BN_ULONG A = a->d[0];
+ ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
+ } else
+# endif
+ ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL);
+ } else
+#endif
+#ifdef RECP_MUL_MOD
+ {
+ ret = BN_mod_exp_recp(r, a, p, m, ctx);
+ }
+#else
+ {
+ ret = BN_mod_exp_simple(r, a, p, m, ctx);
+ }
+#endif
+
+ bn_check_top(r);
+ return (ret);
+}
+
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+ int start = 1;
+ BIGNUM *aa;
+ /* Table of variables obtained from 'ctx' */
+ BIGNUM *val[TABLE_SIZE];
+ BN_RECP_CTX recp;
+
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
+ bits = BN_num_bits(p);
+
+ if (bits == 0) {
+ ret = BN_one(r);
+ return ret;
+ }
+
+ BN_CTX_start(ctx);
+ aa = BN_CTX_get(ctx);
+ val[0] = BN_CTX_get(ctx);
+ if (!aa || !val[0])
+ goto err;
+
+ BN_RECP_CTX_init(&recp);
+ if (m->neg) {
+ /* ignore sign of 'm' */
+ if (!BN_copy(aa, m))
+ goto err;
+ aa->neg = 0;
+ if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
+ goto err;
+ } else {
+ if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
+ goto err;
+ }
+
+ if (!BN_nnmod(val[0], a, m, ctx))
+ goto err; /* 1 */
+ if (BN_is_zero(val[0])) {
+ BN_zero(r);
+ ret = 1;
+ goto err;
+ }
+
+ window = BN_window_bits_for_exponent_size(bits);
+ if (window > 1) {
+ if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
+ goto err; /* 2 */
+ j = 1 << (window - 1);
+ for (i = 1; i < j; i++) {
+ if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx))
+ goto err;
+ }
+ }
+
+ start = 1; /* This is used to avoid multiplication etc
+ * when there is only the value '1' in the
+ * buffer. */
+ wvalue = 0; /* The 'value' of the window */
+ wstart = bits - 1; /* The top bit of the window */
+ wend = 0; /* The bottom bit of the window */
+
+ if (!BN_one(r))
+ goto err;
+
+ for (;;) {
+ if (BN_is_bit_set(p, wstart) == 0) {
+ if (!start)
+ if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+ goto err;
+ if (wstart == 0)
+ break;
+ wstart--;
+ continue;
+ }
+ /*
+ * We now have wstart on a 'set' bit, we now need to work out how bit
+ * a window to do. To do this we need to scan forward until the last
+ * set bit before the end of the window
+ */
+ j = wstart;
+ wvalue = 1;
+ wend = 0;
+ for (i = 1; i < window; i++) {
+ if (wstart - i < 0)
+ break;
+ if (BN_is_bit_set(p, wstart - i)) {
+ wvalue <<= (i - wend);
+ wvalue |= 1;
+ wend = i;
+ }
+ }
+
+ /* wend is the size of the current window */
+ j = wend + 1;
+ /* add the 'bytes above' */
+ if (!start)
+ for (i = 0; i < j; i++) {
+ if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+ goto err;
+ }
+
+ /* wvalue will be an odd number < 2^window */
+ if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx))
+ goto err;
+
+ /* move the 'window' down further */
+ wstart -= wend + 1;
+ wvalue = 0;
+ start = 0;
+ if (wstart < 0)
+ break;
+ }
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ BN_RECP_CTX_free(&recp);
+ bn_check_top(r);
+ return (ret);
+}
+
+int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+ int start = 1;
+ BIGNUM *d, *r;
+ const BIGNUM *aa;
+ /* Table of variables obtained from 'ctx' */
+ BIGNUM *val[TABLE_SIZE];
+ BN_MONT_CTX *mont = NULL;
+
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+ return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+ }
+
+ bn_check_top(a);
+ bn_check_top(p);
+ bn_check_top(m);
+
+ if (!BN_is_odd(m)) {
+ BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+ return (0);
+ }
+ bits = BN_num_bits(p);
+ if (bits == 0) {
+ ret = BN_one(rr);
+ return ret;
+ }
+
+ BN_CTX_start(ctx);
+ d = BN_CTX_get(ctx);
+ r = BN_CTX_get(ctx);
+ val[0] = BN_CTX_get(ctx);
+ if (!d || !r || !val[0])
+ goto err;
+
+ /*
+ * If this is not done, things will break in the montgomery part
+ */
+
+ if (in_mont != NULL)
+ mont = in_mont;
+ else {
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx))
+ goto err;
+ }
+
+ if (a->neg || BN_ucmp(a, m) >= 0) {
+ if (!BN_nnmod(val[0], a, m, ctx))
+ goto err;
+ aa = val[0];
+ } else
+ aa = a;
+ if (BN_is_zero(aa)) {
+ BN_zero(rr);
+ ret = 1;
+ goto err;
+ }
+ if (!BN_to_montgomery(val[0], aa, mont, ctx))
+ goto err; /* 1 */
+
+ window = BN_window_bits_for_exponent_size(bits);
+ if (window > 1) {
+ if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
+ goto err; /* 2 */
+ j = 1 << (window - 1);
+ for (i = 1; i < j; i++) {
+ if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx))
+ goto err;
+ }
+ }
+
+ start = 1; /* This is used to avoid multiplication etc
+ * when there is only the value '1' in the
+ * buffer. */
+ wvalue = 0; /* The 'value' of the window */
+ wstart = bits - 1; /* The top bit of the window */
+ wend = 0; /* The bottom bit of the window */
+
+ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+ goto err;
+ for (;;) {
+ if (BN_is_bit_set(p, wstart) == 0) {
+ if (!start) {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+ goto err;
+ }
+ if (wstart == 0)
+ break;
+ wstart--;
+ continue;
+ }
+ /*
+ * We now have wstart on a 'set' bit, we now need to work out how bit
+ * a window to do. To do this we need to scan forward until the last
+ * set bit before the end of the window
+ */
+ j = wstart;
+ wvalue = 1;
+ wend = 0;
+ for (i = 1; i < window; i++) {
+ if (wstart - i < 0)
+ break;
+ if (BN_is_bit_set(p, wstart - i)) {
+ wvalue <<= (i - wend);
+ wvalue |= 1;
+ wend = i;
+ }
+ }
+
+ /* wend is the size of the current window */
+ j = wend + 1;
+ /* add the 'bytes above' */
+ if (!start)
+ for (i = 0; i < j; i++) {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+ goto err;
+ }
+
+ /* wvalue will be an odd number < 2^window */
+ if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
+ goto err;
+
+ /* move the 'window' down further */
+ wstart -= wend + 1;
+ wvalue = 0;
+ start = 0;
+ if (wstart < 0)
+ break;
+ }
+ if (!BN_from_montgomery(rr, r, mont, ctx))
+ goto err;
+ ret = 1;
+ err:
+ if ((in_mont == NULL) && (mont != NULL))
+ BN_MONT_CTX_free(mont);
+ BN_CTX_end(ctx);
+ bn_check_top(rr);
+ return (ret);
+}
+
+/*
+ * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
+ * layout so that accessing any of these table values shows the same access
+ * pattern as far as cache lines are concerned. The following functions are
+ * used to transfer a BIGNUM from/to that table.
+ */
+
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top,
+ unsigned char *buf, int idx,
+ int width)
+{
+ size_t i, j;
+
+ if (bn_wexpand(b, top) == NULL)
+ return 0;
+ while (b->top < top) {
+ b->d[b->top++] = 0;
+ }
+
+ for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
+ buf[j] = ((unsigned char *)b->d)[i];
+ }
+
+ bn_correct_top(b);
+ return 1;
+}
+
+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+ unsigned char *buf, int idx,
+ int width)
+{
+ size_t i, j;
+
+ if (bn_wexpand(b, top) == NULL)
+ return 0;
+
+ for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
+ ((unsigned char *)b->d)[i] = buf[j];
+ }
+
+ b->top = top;
+ bn_correct_top(b);
+ return 1;
+}
+
+/*
+ * Given a pointer value, compute the next address that is a cache line
+ * multiple.
+ */
+#define MOD_EXP_CTIME_ALIGN(x_) \
+ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+
+/*
+ * This variant of BN_mod_exp_mont() uses fixed windows and the special
+ * precomputation memory layout to limit data-dependency to a minimum to
+ * protect secret exponents (cf. the hyper-threading timing attacks pointed
+ * out by Colin Percival,
+ * http://www.daemong-consideredperthreading-considered-harmful/)
+ */
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont)
+{
+ int i, bits, ret = 0, idx, window, wvalue;
+ int top;
+ BIGNUM *r;
+ const BIGNUM *aa;
+ BN_MONT_CTX *mont = NULL;
+
+ int numPowers;
+ unsigned char *powerbufFree = NULL;
+ int powerbufLen = 0;
+ unsigned char *powerbuf = NULL;
+ BIGNUM *computeTemp = NULL, *am = NULL;
+
+ bn_check_top(a);
+ bn_check_top(p);
+ bn_check_top(m);
+
+ top = m->top;
+
+ if (!(m->d[0] & 1)) {
+ BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS);
+ return (0);
+ }
+ bits = BN_num_bits(p);
+ if (bits == 0) {
+ ret = BN_one(rr);
+ return ret;
+ }
+
+ /* Initialize BIGNUM context and allocate intermediate result */
+ BN_CTX_start(ctx);
+ r = BN_CTX_get(ctx);
+ if (r == NULL)
+ goto err;
+
+ /*
+ * Allocate a montgomery context if it was not supplied by the caller. If
+ * this is not done, things will break in the montgomery part.
+ */
+ if (in_mont != NULL)
+ mont = in_mont;
+ else {
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx))
+ goto err;
+ }
+
+ /* Get the window size to use with size of p. */
+ window = BN_window_bits_for_ctime_exponent_size(bits);
+
+ /*
+ * Allocate a buffer large enough to hold all of the pre-computed powers
+ * of a.
+ */
+ numPowers = 1 << window;
+ powerbufLen = sizeof(m->d[0]) * top * numPowers;
+ if ((powerbufFree =
+ (unsigned char *)OPENSSL_malloc(powerbufLen +
+ MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH))
+ == NULL)
+ goto err;
+
+ powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
+ memset(powerbuf, 0, powerbufLen);
+
+ /*
+ * Initialize the intermediate result. Do this early to save double
+ * conversion, once each for a^0 and intermediate result.
+ */
+ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers))
+ goto err;
+
+ /* Initialize computeTemp as a^1 with montgomery precalcs */
+ computeTemp = BN_CTX_get(ctx);
+ am = BN_CTX_get(ctx);
+ if (computeTemp == NULL || am == NULL)
+ goto err;
+
+ if (a->neg || BN_ucmp(a, m) >= 0) {
+ if (!BN_mod(am, a, m, ctx))
+ goto err;
+ aa = am;
+ } else
+ aa = a;
+ if (!BN_to_montgomery(am, aa, mont, ctx))
+ goto err;
+ if (!BN_copy(computeTemp, am))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers))
+ goto err;
+
+ /*
+ * If the window size is greater than 1, then calculate
+ * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even powers
+ * could instead be computed as (a^(i/2))^2 to use the slight performance
+ * advantage of sqr over mul).
+ */
+ if (window > 1) {
+ for (i = 2; i < numPowers; i++) {
+ /* Calculate a^i = a^(i-1) * a */
+ if (!BN_mod_mul_montgomery
+ (computeTemp, am, computeTemp, mont, ctx))
+ goto err;
+ if (!MOD_EXP_CTIME_COPY_TO_PREBUF
+ (computeTemp, top, powerbuf, i, numPowers))
+ goto err;
+ }
+ }
+
+ /*
+ * Adjust the number of bits up to a multiple of the window size. If the
+ * exponent length is not a multiple of the window size, then this pads
+ * the most significant bits with zeros to normalize the scanning loop to
+ * there's no special cases. * NOTE: Making the window size a power of
+ * two less than the native * word size ensures that the padded bits
+ * won't go past the last * word in the internal BIGNUM structure. Going
+ * past the end will * still produce the correct result, but causes a
+ * different branch * to be taken in the BN_is_bit_set function.
+ */
+ bits = ((bits + window - 1) / window) * window;
+ idx = bits - 1; /* The top bit of the window */
+
+ /*
+ * Scan the exponent one window at a time starting from the most
+ * significant bits.
+ */
+ while (idx >= 0) {
+ wvalue = 0; /* The 'value' of the window */
+
+ /* Scan the window, squaring the result as we go */
+ for (i = 0; i < window; i++, idx--) {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+ goto err;
+ wvalue = (wvalue << 1) + BN_is_bit_set(p, idx);
+ }
+
+ /*
+ * Fetch the appropriate pre-computed value from the pre-buf
+ */
+ if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
+ (computeTemp, top, powerbuf, wvalue, numPowers))
+ goto err;
+
+ /* Multiply the result into the intermediate result */
+ if (!BN_mod_mul_montgomery(r, r, computeTemp, mont, ctx))
+ goto err;
+ }
+
+ /* Convert the final result from montgomery to standard format */
+ if (!BN_from_montgomery(rr, r, mont, ctx))
+ goto err;
+ ret = 1;
+ err:
+ if ((in_mont == NULL) && (mont != NULL))
+ BN_MONT_CTX_free(mont);
+ if (powerbuf != NULL) {
+ OPENSSL_cleanse(powerbuf, powerbufLen);
+ OPENSSL_free(powerbufFree);
+ }
+ if (am != NULL)
+ BN_clear(am);
+ if (computeTemp != NULL)
+ BN_clear(computeTemp);
+ BN_CTX_end(ctx);
+ return (ret);
+}
+
+int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ BN_MONT_CTX *mont = NULL;
+ int b, bits, ret = 0;
+ int r_is_one;
+ BN_ULONG w, next_w;
+ BIGNUM *d, *r, *t;
+ BIGNUM *swap_tmp;
+#define BN_MOD_MUL_WORD(r, w, m) \
+ (BN_mul_word(r, (w)) && \
+ (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \
+ (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
+ /*
+ * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is
+ * probably more overhead than always using BN_mod (which uses BN_copy if
+ * a similar test returns true).
+ */
+ /*
+ * We can use BN_mod and do not need BN_nnmod because our accumulator is
+ * never negative (the result of BN_mod does not depend on the sign of
+ * the modulus).
+ */
+#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
+ (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
+ bn_check_top(p);
+ bn_check_top(m);
+
+ if (!BN_is_odd(m)) {
+ BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
+ return (0);
+ }
+ if (m->top == 1)
+ a %= m->d[0]; /* make sure that 'a' is reduced */
+
+ bits = BN_num_bits(p);
+ if (bits == 0) {
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m)) {
+ ret = 1;
+ BN_zero(rr);
+ } else
+ ret = BN_one(rr);
+ return ret;
+ }
+ if (a == 0) {
+ BN_zero(rr);
+ ret = 1;
+ return ret;
+ }
+
+ BN_CTX_start(ctx);
+ d = BN_CTX_get(ctx);
+ r = BN_CTX_get(ctx);
+ t = BN_CTX_get(ctx);
+ if (d == NULL || r == NULL || t == NULL)
+ goto err;
+
+ if (in_mont != NULL)
+ mont = in_mont;
+ else {
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx))
+ goto err;
+ }
+
+ r_is_one = 1; /* except for Montgomery factor */
+
+ /* bits-1 >= 0 */
+
+ /* The result is accumulated in the product r*w. */
+ w = a; /* bit 'bits-1' of 'p' is always set */
+ for (b = bits - 2; b >= 0; b--) {
+ /* First, square r*w. */
+ next_w = w * w;
+ if ((next_w / w) != w) { /* overflow */
+ if (r_is_one) {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+ goto err;
+ r_is_one = 0;
+ } else {
+ if (!BN_MOD_MUL_WORD(r, w, m))
+ goto err;
+ }
+ next_w = 1;
+ }
+ w = next_w;
+ if (!r_is_one) {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+ goto err;
+ }
+
+ /* Second, multiply r*w by 'a' if exponent bit is set. */
+ if (BN_is_bit_set(p, b)) {
+ next_w = w * a;
+ if ((next_w / a) != w) { /* overflow */
+ if (r_is_one) {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+ goto err;
+ r_is_one = 0;
+ } else {
+ if (!BN_MOD_MUL_WORD(r, w, m))
+ goto err;
+ }
+ next_w = a;
+ }
+ w = next_w;
+ }
+ }
+
+ /* Finally, set r:=r*w. */
+ if (w != 1) {
+ if (r_is_one) {
+ if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+ goto err;
+ r_is_one = 0;
+ } else {
+ if (!BN_MOD_MUL_WORD(r, w, m))
+ goto err;
+ }
+ }
+
+ if (r_is_one) { /* can happen only if a == 1 */
+ if (!BN_one(rr))
+ goto err;
+ } else {
+ if (!BN_from_montgomery(rr, r, mont, ctx))
+ goto err;
+ }
+ ret = 1;
+ err:
+ if ((in_mont == NULL) && (mont != NULL))
+ BN_MONT_CTX_free(mont);
+ BN_CTX_end(ctx);
+ bn_check_top(rr);
+ return (ret);
+}
+
+/* The old fallback, simple version :-) */
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+ int start = 1;
+ BIGNUM *d;
+ /* Table of variables obtained from 'ctx' */
+ BIGNUM *val[TABLE_SIZE];
+
+ if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+ /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+ BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+
+ bits = BN_num_bits(p);
+
+ if (bits == 0) {
+ ret = BN_one(r);
+ return ret;
+ }
+
+ BN_CTX_start(ctx);
+ d = BN_CTX_get(ctx);
+ val[0] = BN_CTX_get(ctx);
+ if (!d || !val[0])
+ goto err;
+
+ if (!BN_nnmod(val[0], a, m, ctx))
+ goto err; /* 1 */
+ if (BN_is_zero(val[0])) {
+ BN_zero(r);
+ ret = 1;
+ goto err;
+ }
+
+ window = BN_window_bits_for_exponent_size(bits);
+ if (window > 1) {
+ if (!BN_mod_mul(d, val[0], val[0], m, ctx))
+ goto err; /* 2 */
+ j = 1 << (window - 1);
+ for (i = 1; i < j; i++) {
+ if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul(val[i], val[i - 1], d, m, ctx))
+ goto err;
+ }
+ }
+
+ start = 1; /* This is used to avoid multiplication etc
+ * when there is only the value '1' in the
+ * buffer. */
+ wvalue = 0; /* The 'value' of the window */
+ wstart = bits - 1; /* The top bit of the window */
+ wend = 0; /* The bottom bit of the window */
+
+ if (!BN_one(r))
+ goto err;
+
+ for (;;) {
+ if (BN_is_bit_set(p, wstart) == 0) {
+ if (!start)
+ if (!BN_mod_mul(r, r, r, m, ctx))
+ goto err;
+ if (wstart == 0)
+ break;
+ wstart--;
+ continue;
+ }
+ /*
+ * We now have wstart on a 'set' bit, we now need to work out how bit
+ * a window to do. To do this we need to scan forward until the last
+ * set bit before the end of the window
+ */
+ j = wstart;
+ wvalue = 1;
+ wend = 0;
+ for (i = 1; i < window; i++) {
+ if (wstart - i < 0)
+ break;
+ if (BN_is_bit_set(p, wstart - i)) {
+ wvalue <<= (i - wend);
+ wvalue |= 1;
+ wend = i;
+ }
+ }
+
+ /* wend is the size of the current window */
+ j = wend + 1;
+ /* add the 'bytes above' */
+ if (!start)
+ for (i = 0; i < j; i++) {
+ if (!BN_mod_mul(r, r, r, m, ctx))
+ goto err;
+ }
+
+ /* wvalue will be an odd number < 2^window */
+ if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx))
+ goto err;
+
+ /* move the 'window' down further */
+ wstart -= wend + 1;
+ wvalue = 0;
+ start = 0;
+ if (wstart < 0)
+ break;
+ }
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ bn_check_top(r);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_exp2.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,312 +0,0 @@
-/* crypto/bn/bn_exp2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define TABLE_SIZE 32
-
-int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
- const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
- int r_is_one=1;
- BIGNUM *d,*r;
- const BIGNUM *a_mod_m;
- /* Tables of variables obtained from 'ctx' */
- BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
- BN_MONT_CTX *mont=NULL;
-
- bn_check_top(a1);
- bn_check_top(p1);
- bn_check_top(a2);
- bn_check_top(p2);
- bn_check_top(m);
-
- if (!(m->d[0] & 1))
- {
- BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
- return(0);
- }
- bits1=BN_num_bits(p1);
- bits2=BN_num_bits(p2);
- if ((bits1 == 0) && (bits2 == 0))
- {
- ret = BN_one(rr);
- return ret;
- }
-
- bits=(bits1 > bits2)?bits1:bits2;
-
- BN_CTX_start(ctx);
- d = BN_CTX_get(ctx);
- r = BN_CTX_get(ctx);
- val1[0] = BN_CTX_get(ctx);
- val2[0] = BN_CTX_get(ctx);
- if(!d || !r || !val1[0] || !val2[0]) goto err;
-
- if (in_mont != NULL)
- mont=in_mont;
- else
- {
- if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
- if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
- }
-
- window1 = BN_window_bits_for_exponent_size(bits1);
- window2 = BN_window_bits_for_exponent_size(bits2);
-
- /*
- * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1)
- */
- if (a1->neg || BN_ucmp(a1,m) >= 0)
- {
- if (!BN_mod(val1[0],a1,m,ctx))
- goto err;
- a_mod_m = val1[0];
- }
- else
- a_mod_m = a1;
- if (BN_is_zero(a_mod_m))
- {
- BN_zero(rr);
- ret = 1;
- goto err;
- }
-
- if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err;
- if (window1 > 1)
- {
- if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err;
-
- j=1<<(window1-1);
- for (i=1; i<j; i++)
- {
- if(((val1[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val1[i],val1[i-1],
- d,mont,ctx))
- goto err;
- }
- }
-
-
- /*
- * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1)
- */
- if (a2->neg || BN_ucmp(a2,m) >= 0)
- {
- if (!BN_mod(val2[0],a2,m,ctx))
- goto err;
- a_mod_m = val2[0];
- }
- else
- a_mod_m = a2;
- if (BN_is_zero(a_mod_m))
- {
- BN_zero(rr);
- ret = 1;
- goto err;
- }
- if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err;
- if (window2 > 1)
- {
- if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err;
-
- j=1<<(window2-1);
- for (i=1; i<j; i++)
- {
- if(((val2[i] = BN_CTX_get(ctx)) == NULL) ||
- !BN_mod_mul_montgomery(val2[i],val2[i-1],
- d,mont,ctx))
- goto err;
- }
- }
-
-
- /* Now compute the power product, using independent windows. */
- r_is_one=1;
- wvalue1=0; /* The 'value' of the first window */
- wvalue2=0; /* The 'value' of the second window */
- wpos1=0; /* If wvalue1 > 0, the bottom bit of the first window */
- wpos2=0; /* If wvalue2 > 0, the bottom bit of the second window */
-
- if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
- for (b=bits-1; b>=0; b--)
- {
- if (!r_is_one)
- {
- if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
- goto err;
- }
-
- if (!wvalue1)
- if (BN_is_bit_set(p1, b))
- {
- /* consider bits b-window1+1 .. b for this window */
- i = b-window1+1;
- while (!BN_is_bit_set(p1, i)) /* works for i<0 */
- i++;
- wpos1 = i;
- wvalue1 = 1;
- for (i = b-1; i >= wpos1; i--)
- {
- wvalue1 <<= 1;
- if (BN_is_bit_set(p1, i))
- wvalue1++;
- }
- }
-
- if (!wvalue2)
- if (BN_is_bit_set(p2, b))
- {
- /* consider bits b-window2+1 .. b for this window */
- i = b-window2+1;
- while (!BN_is_bit_set(p2, i))
- i++;
- wpos2 = i;
- wvalue2 = 1;
- for (i = b-1; i >= wpos2; i--)
- {
- wvalue2 <<= 1;
- if (BN_is_bit_set(p2, i))
- wvalue2++;
- }
- }
-
- if (wvalue1 && b == wpos1)
- {
- /* wvalue1 is odd and < 2^window1 */
- if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx))
- goto err;
- wvalue1 = 0;
- r_is_one = 0;
- }
-
- if (wvalue2 && b == wpos2)
- {
- /* wvalue2 is odd and < 2^window2 */
- if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx))
- goto err;
- wvalue2 = 0;
- r_is_one = 0;
- }
- }
- if (!BN_from_montgomery(rr,r,mont,ctx))
- goto err;
- ret=1;
-err:
- if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
- BN_CTX_end(ctx);
- bn_check_top(rr);
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp2.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_exp2.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp2.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_exp2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,303 @@
+/* crypto/bn/bn_exp2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define TABLE_SIZE 32
+
+int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
+ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ int i, j, bits, b, bits1, bits2, ret =
+ 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2;
+ int r_is_one = 1;
+ BIGNUM *d, *r;
+ const BIGNUM *a_mod_m;
+ /* Tables of variables obtained from 'ctx' */
+ BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
+ BN_MONT_CTX *mont = NULL;
+
+ bn_check_top(a1);
+ bn_check_top(p1);
+ bn_check_top(a2);
+ bn_check_top(p2);
+ bn_check_top(m);
+
+ if (!(m->d[0] & 1)) {
+ BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+ return (0);
+ }
+ bits1 = BN_num_bits(p1);
+ bits2 = BN_num_bits(p2);
+ if ((bits1 == 0) && (bits2 == 0)) {
+ ret = BN_one(rr);
+ return ret;
+ }
+
+ bits = (bits1 > bits2) ? bits1 : bits2;
+
+ BN_CTX_start(ctx);
+ d = BN_CTX_get(ctx);
+ r = BN_CTX_get(ctx);
+ val1[0] = BN_CTX_get(ctx);
+ val2[0] = BN_CTX_get(ctx);
+ if (!d || !r || !val1[0] || !val2[0])
+ goto err;
+
+ if (in_mont != NULL)
+ mont = in_mont;
+ else {
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, m, ctx))
+ goto err;
+ }
+
+ window1 = BN_window_bits_for_exponent_size(bits1);
+ window2 = BN_window_bits_for_exponent_size(bits2);
+
+ /*
+ * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1)
+ */
+ if (a1->neg || BN_ucmp(a1, m) >= 0) {
+ if (!BN_mod(val1[0], a1, m, ctx))
+ goto err;
+ a_mod_m = val1[0];
+ } else
+ a_mod_m = a1;
+ if (BN_is_zero(a_mod_m)) {
+ BN_zero(rr);
+ ret = 1;
+ goto err;
+ }
+
+ if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx))
+ goto err;
+ if (window1 > 1) {
+ if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx))
+ goto err;
+
+ j = 1 << (window1 - 1);
+ for (i = 1; i < j; i++) {
+ if (((val1[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx))
+ goto err;
+ }
+ }
+
+ /*
+ * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1)
+ */
+ if (a2->neg || BN_ucmp(a2, m) >= 0) {
+ if (!BN_mod(val2[0], a2, m, ctx))
+ goto err;
+ a_mod_m = val2[0];
+ } else
+ a_mod_m = a2;
+ if (BN_is_zero(a_mod_m)) {
+ BN_zero(rr);
+ ret = 1;
+ goto err;
+ }
+ if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx))
+ goto err;
+ if (window2 > 1) {
+ if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx))
+ goto err;
+
+ j = 1 << (window2 - 1);
+ for (i = 1; i < j; i++) {
+ if (((val2[i] = BN_CTX_get(ctx)) == NULL) ||
+ !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx))
+ goto err;
+ }
+ }
+
+ /* Now compute the power product, using independent windows. */
+ r_is_one = 1;
+ wvalue1 = 0; /* The 'value' of the first window */
+ wvalue2 = 0; /* The 'value' of the second window */
+ wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the
+ * first window */
+ wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the
+ * second window */
+
+ if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+ goto err;
+ for (b = bits - 1; b >= 0; b--) {
+ if (!r_is_one) {
+ if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+ goto err;
+ }
+
+ if (!wvalue1)
+ if (BN_is_bit_set(p1, b)) {
+ /*
+ * consider bits b-window1+1 .. b for this window
+ */
+ i = b - window1 + 1;
+ while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+ i++;
+ wpos1 = i;
+ wvalue1 = 1;
+ for (i = b - 1; i >= wpos1; i--) {
+ wvalue1 <<= 1;
+ if (BN_is_bit_set(p1, i))
+ wvalue1++;
+ }
+ }
+
+ if (!wvalue2)
+ if (BN_is_bit_set(p2, b)) {
+ /*
+ * consider bits b-window2+1 .. b for this window
+ */
+ i = b - window2 + 1;
+ while (!BN_is_bit_set(p2, i))
+ i++;
+ wpos2 = i;
+ wvalue2 = 1;
+ for (i = b - 1; i >= wpos2; i--) {
+ wvalue2 <<= 1;
+ if (BN_is_bit_set(p2, i))
+ wvalue2++;
+ }
+ }
+
+ if (wvalue1 && b == wpos1) {
+ /* wvalue1 is odd and < 2^window1 */
+ if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx))
+ goto err;
+ wvalue1 = 0;
+ r_is_one = 0;
+ }
+
+ if (wvalue2 && b == wpos2) {
+ /* wvalue2 is odd and < 2^window2 */
+ if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx))
+ goto err;
+ wvalue2 = 0;
+ r_is_one = 0;
+ }
+ }
+ if (!BN_from_montgomery(rr, r, mont, ctx))
+ goto err;
+ ret = 1;
+ err:
+ if ((in_mont == NULL) && (mont != NULL))
+ BN_MONT_CTX_free(mont);
+ BN_CTX_end(ctx);
+ bn_check_top(rr);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gcd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_gcd.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gcd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,654 +0,0 @@
-/* crypto/bn/bn_gcd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
-
-int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
- {
- BIGNUM *a,*b,*t;
- int ret=0;
-
- bn_check_top(in_a);
- bn_check_top(in_b);
-
- BN_CTX_start(ctx);
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- if (a == NULL || b == NULL) goto err;
-
- if (BN_copy(a,in_a) == NULL) goto err;
- if (BN_copy(b,in_b) == NULL) goto err;
- a->neg = 0;
- b->neg = 0;
-
- if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
- t=euclid(a,b);
- if (t == NULL) goto err;
-
- if (BN_copy(r,t) == NULL) goto err;
- ret=1;
-err:
- BN_CTX_end(ctx);
- bn_check_top(r);
- return(ret);
- }
-
-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
- {
- BIGNUM *t;
- int shifts=0;
-
- bn_check_top(a);
- bn_check_top(b);
-
- /* 0 <= b <= a */
- while (!BN_is_zero(b))
- {
- /* 0 < b <= a */
-
- if (BN_is_odd(a))
- {
- if (BN_is_odd(b))
- {
- if (!BN_sub(a,a,b)) goto err;
- if (!BN_rshift1(a,a)) goto err;
- if (BN_cmp(a,b) < 0)
- { t=a; a=b; b=t; }
- }
- else /* a odd - b even */
- {
- if (!BN_rshift1(b,b)) goto err;
- if (BN_cmp(a,b) < 0)
- { t=a; a=b; b=t; }
- }
- }
- else /* a is even */
- {
- if (BN_is_odd(b))
- {
- if (!BN_rshift1(a,a)) goto err;
- if (BN_cmp(a,b) < 0)
- { t=a; a=b; b=t; }
- }
- else /* a even - b even */
- {
- if (!BN_rshift1(a,a)) goto err;
- if (!BN_rshift1(b,b)) goto err;
- shifts++;
- }
- }
- /* 0 <= b <= a */
- }
-
- if (shifts)
- {
- if (!BN_lshift(a,a,shifts)) goto err;
- }
- bn_check_top(a);
- return(a);
-err:
- return(NULL);
- }
-
-
-/* solves ax == 1 (mod n) */
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
-BIGNUM *BN_mod_inverse(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
- {
- BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
- BIGNUM *ret=NULL;
- int sign;
-
- if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0))
- {
- return BN_mod_inverse_no_branch(in, a, n, ctx);
- }
-
- bn_check_top(a);
- bn_check_top(n);
-
- BN_CTX_start(ctx);
- A = BN_CTX_get(ctx);
- B = BN_CTX_get(ctx);
- X = BN_CTX_get(ctx);
- D = BN_CTX_get(ctx);
- M = BN_CTX_get(ctx);
- Y = BN_CTX_get(ctx);
- T = BN_CTX_get(ctx);
- if (T == NULL) goto err;
-
- if (in == NULL)
- R=BN_new();
- else
- R=in;
- if (R == NULL) goto err;
-
- BN_one(X);
- BN_zero(Y);
- if (BN_copy(B,a) == NULL) goto err;
- if (BN_copy(A,n) == NULL) goto err;
- A->neg = 0;
- if (B->neg || (BN_ucmp(B, A) >= 0))
- {
- if (!BN_nnmod(B, B, A, ctx)) goto err;
- }
- sign = -1;
- /* From B = a mod |n|, A = |n| it follows that
- *
- * 0 <= B < A,
- * -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|).
- */
-
- if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
- {
- /* Binary inversion algorithm; requires odd modulus.
- * This is faster than the general algorithm if the modulus
- * is sufficiently small (about 400 .. 500 bits on 32-bit
- * sytems, but much more on 64-bit systems) */
- int shift;
-
- while (!BN_is_zero(B))
- {
- /*
- * 0 < B < |n|,
- * 0 < A <= |n|,
- * (1) -sign*X*a == B (mod |n|),
- * (2) sign*Y*a == A (mod |n|)
- */
-
- /* Now divide B by the maximum possible power of two in the integers,
- * and divide X by the same value mod |n|.
- * When we're done, (1) still holds. */
- shift = 0;
- while (!BN_is_bit_set(B, shift)) /* note that 0 < B */
- {
- shift++;
-
- if (BN_is_odd(X))
- {
- if (!BN_uadd(X, X, n)) goto err;
- }
- /* now X is even, so we can easily divide it by two */
- if (!BN_rshift1(X, X)) goto err;
- }
- if (shift > 0)
- {
- if (!BN_rshift(B, B, shift)) goto err;
- }
-
-
- /* Same for A and Y. Afterwards, (2) still holds. */
- shift = 0;
- while (!BN_is_bit_set(A, shift)) /* note that 0 < A */
- {
- shift++;
-
- if (BN_is_odd(Y))
- {
- if (!BN_uadd(Y, Y, n)) goto err;
- }
- /* now Y is even */
- if (!BN_rshift1(Y, Y)) goto err;
- }
- if (shift > 0)
- {
- if (!BN_rshift(A, A, shift)) goto err;
- }
-
-
- /* We still have (1) and (2).
- * Both A and B are odd.
- * The following computations ensure that
- *
- * 0 <= B < |n|,
- * 0 < A < |n|,
- * (1) -sign*X*a == B (mod |n|),
- * (2) sign*Y*a == A (mod |n|),
- *
- * and that either A or B is even in the next iteration.
- */
- if (BN_ucmp(B, A) >= 0)
- {
- /* -sign*(X + Y)*a == B - A (mod |n|) */
- if (!BN_uadd(X, X, Y)) goto err;
- /* NB: we could use BN_mod_add_quick(X, X, Y, n), but that
- * actually makes the algorithm slower */
- if (!BN_usub(B, B, A)) goto err;
- }
- else
- {
- /* sign*(X + Y)*a == A - B (mod |n|) */
- if (!BN_uadd(Y, Y, X)) goto err;
- /* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */
- if (!BN_usub(A, A, B)) goto err;
- }
- }
- }
- else
- {
- /* general inversion algorithm */
-
- while (!BN_is_zero(B))
- {
- BIGNUM *tmp;
-
- /*
- * 0 < B < A,
- * (*) -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|)
- */
-
- /* (D, M) := (A/B, A%B) ... */
- if (BN_num_bits(A) == BN_num_bits(B))
- {
- if (!BN_one(D)) goto err;
- if (!BN_sub(M,A,B)) goto err;
- }
- else if (BN_num_bits(A) == BN_num_bits(B) + 1)
- {
- /* A/B is 1, 2, or 3 */
- if (!BN_lshift1(T,B)) goto err;
- if (BN_ucmp(A,T) < 0)
- {
- /* A < 2*B, so D=1 */
- if (!BN_one(D)) goto err;
- if (!BN_sub(M,A,B)) goto err;
- }
- else
- {
- /* A >= 2*B, so D=2 or D=3 */
- if (!BN_sub(M,A,T)) goto err;
- if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */
- if (BN_ucmp(A,D) < 0)
- {
- /* A < 3*B, so D=2 */
- if (!BN_set_word(D,2)) goto err;
- /* M (= A - 2*B) already has the correct value */
- }
- else
- {
- /* only D=3 remains */
- if (!BN_set_word(D,3)) goto err;
- /* currently M = A - 2*B, but we need M = A - 3*B */
- if (!BN_sub(M,M,B)) goto err;
- }
- }
- }
- else
- {
- if (!BN_div(D,M,A,B,ctx)) goto err;
- }
-
- /* Now
- * A = D*B + M;
- * thus we have
- * (**) sign*Y*a == D*B + M (mod |n|).
- */
-
- tmp=A; /* keep the BIGNUM object, the value does not matter */
-
- /* (A, B) := (B, A mod B) ... */
- A=B;
- B=M;
- /* ... so we have 0 <= B < A again */
-
- /* Since the former M is now B and the former B is now A,
- * (**) translates into
- * sign*Y*a == D*A + B (mod |n|),
- * i.e.
- * sign*Y*a - D*A == B (mod |n|).
- * Similarly, (*) translates into
- * -sign*X*a == A (mod |n|).
- *
- * Thus,
- * sign*Y*a + D*sign*X*a == B (mod |n|),
- * i.e.
- * sign*(Y + D*X)*a == B (mod |n|).
- *
- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
- * -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|).
- * Note that X and Y stay non-negative all the time.
- */
-
- /* most of the time D is very small, so we can optimize tmp := D*X+Y */
- if (BN_is_one(D))
- {
- if (!BN_add(tmp,X,Y)) goto err;
- }
- else
- {
- if (BN_is_word(D,2))
- {
- if (!BN_lshift1(tmp,X)) goto err;
- }
- else if (BN_is_word(D,4))
- {
- if (!BN_lshift(tmp,X,2)) goto err;
- }
- else if (D->top == 1)
- {
- if (!BN_copy(tmp,X)) goto err;
- if (!BN_mul_word(tmp,D->d[0])) goto err;
- }
- else
- {
- if (!BN_mul(tmp,D,X,ctx)) goto err;
- }
- if (!BN_add(tmp,tmp,Y)) goto err;
- }
-
- M=Y; /* keep the BIGNUM object, the value does not matter */
- Y=X;
- X=tmp;
- sign = -sign;
- }
- }
-
- /*
- * The while loop (Euclid's algorithm) ends when
- * A == gcd(a,n);
- * we have
- * sign*Y*a == A (mod |n|),
- * where Y is non-negative.
- */
-
- if (sign < 0)
- {
- if (!BN_sub(Y,n,Y)) goto err;
- }
- /* Now Y*a == A (mod |n|). */
-
-
- if (BN_is_one(A))
- {
- /* Y*a == 1 (mod |n|) */
- if (!Y->neg && BN_ucmp(Y,n) < 0)
- {
- if (!BN_copy(R,Y)) goto err;
- }
- else
- {
- if (!BN_nnmod(R,Y,n,ctx)) goto err;
- }
- }
- else
- {
- BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
- goto err;
- }
- ret=R;
-err:
- if ((ret == NULL) && (in == NULL)) BN_free(R);
- BN_CTX_end(ctx);
- bn_check_top(ret);
- return(ret);
- }
-
-
-/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
- * It does not contain branches that may leak sensitive information.
- */
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
- {
- BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
- BIGNUM local_A, local_B;
- BIGNUM *pA, *pB;
- BIGNUM *ret=NULL;
- int sign;
-
- bn_check_top(a);
- bn_check_top(n);
-
- BN_CTX_start(ctx);
- A = BN_CTX_get(ctx);
- B = BN_CTX_get(ctx);
- X = BN_CTX_get(ctx);
- D = BN_CTX_get(ctx);
- M = BN_CTX_get(ctx);
- Y = BN_CTX_get(ctx);
- T = BN_CTX_get(ctx);
- if (T == NULL) goto err;
-
- if (in == NULL)
- R=BN_new();
- else
- R=in;
- if (R == NULL) goto err;
-
- BN_one(X);
- BN_zero(Y);
- if (BN_copy(B,a) == NULL) goto err;
- if (BN_copy(A,n) == NULL) goto err;
- A->neg = 0;
-
- if (B->neg || (BN_ucmp(B, A) >= 0))
- {
- /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
- * BN_div_no_branch will be called eventually.
- */
- pB = &local_B;
- BN_with_flags(pB, B, BN_FLG_CONSTTIME);
- if (!BN_nnmod(B, pB, A, ctx)) goto err;
- }
- sign = -1;
- /* From B = a mod |n|, A = |n| it follows that
- *
- * 0 <= B < A,
- * -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|).
- */
-
- while (!BN_is_zero(B))
- {
- BIGNUM *tmp;
-
- /*
- * 0 < B < A,
- * (*) -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|)
- */
-
- /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
- * BN_div_no_branch will be called eventually.
- */
- pA = &local_A;
- BN_with_flags(pA, A, BN_FLG_CONSTTIME);
-
- /* (D, M) := (A/B, A%B) ... */
- if (!BN_div(D,M,pA,B,ctx)) goto err;
-
- /* Now
- * A = D*B + M;
- * thus we have
- * (**) sign*Y*a == D*B + M (mod |n|).
- */
-
- tmp=A; /* keep the BIGNUM object, the value does not matter */
-
- /* (A, B) := (B, A mod B) ... */
- A=B;
- B=M;
- /* ... so we have 0 <= B < A again */
-
- /* Since the former M is now B and the former B is now A,
- * (**) translates into
- * sign*Y*a == D*A + B (mod |n|),
- * i.e.
- * sign*Y*a - D*A == B (mod |n|).
- * Similarly, (*) translates into
- * -sign*X*a == A (mod |n|).
- *
- * Thus,
- * sign*Y*a + D*sign*X*a == B (mod |n|),
- * i.e.
- * sign*(Y + D*X)*a == B (mod |n|).
- *
- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
- * -sign*X*a == B (mod |n|),
- * sign*Y*a == A (mod |n|).
- * Note that X and Y stay non-negative all the time.
- */
-
- if (!BN_mul(tmp,D,X,ctx)) goto err;
- if (!BN_add(tmp,tmp,Y)) goto err;
-
- M=Y; /* keep the BIGNUM object, the value does not matter */
- Y=X;
- X=tmp;
- sign = -sign;
- }
-
- /*
- * The while loop (Euclid's algorithm) ends when
- * A == gcd(a,n);
- * we have
- * sign*Y*a == A (mod |n|),
- * where Y is non-negative.
- */
-
- if (sign < 0)
- {
- if (!BN_sub(Y,n,Y)) goto err;
- }
- /* Now Y*a == A (mod |n|). */
-
- if (BN_is_one(A))
- {
- /* Y*a == 1 (mod |n|) */
- if (!Y->neg && BN_ucmp(Y,n) < 0)
- {
- if (!BN_copy(R,Y)) goto err;
- }
- else
- {
- if (!BN_nnmod(R,Y,n,ctx)) goto err;
- }
- }
- else
- {
- BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE);
- goto err;
- }
- ret=R;
-err:
- if ((ret == NULL) && (in == NULL)) BN_free(R);
- BN_CTX_end(ctx);
- bn_check_top(ret);
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gcd.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_gcd.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gcd.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gcd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,699 @@
+/* crypto/bn/bn_gcd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
+
+int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
+{
+ BIGNUM *a, *b, *t;
+ int ret = 0;
+
+ bn_check_top(in_a);
+ bn_check_top(in_b);
+
+ BN_CTX_start(ctx);
+ a = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
+ if (a == NULL || b == NULL)
+ goto err;
+
+ if (BN_copy(a, in_a) == NULL)
+ goto err;
+ if (BN_copy(b, in_b) == NULL)
+ goto err;
+ a->neg = 0;
+ b->neg = 0;
+
+ if (BN_cmp(a, b) < 0) {
+ t = a;
+ a = b;
+ b = t;
+ }
+ t = euclid(a, b);
+ if (t == NULL)
+ goto err;
+
+ if (BN_copy(r, t) == NULL)
+ goto err;
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ bn_check_top(r);
+ return (ret);
+}
+
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
+{
+ BIGNUM *t;
+ int shifts = 0;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ /* 0 <= b <= a */
+ while (!BN_is_zero(b)) {
+ /* 0 < b <= a */
+
+ if (BN_is_odd(a)) {
+ if (BN_is_odd(b)) {
+ if (!BN_sub(a, a, b))
+ goto err;
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (BN_cmp(a, b) < 0) {
+ t = a;
+ a = b;
+ b = t;
+ }
+ } else { /* a odd - b even */
+
+ if (!BN_rshift1(b, b))
+ goto err;
+ if (BN_cmp(a, b) < 0) {
+ t = a;
+ a = b;
+ b = t;
+ }
+ }
+ } else { /* a is even */
+
+ if (BN_is_odd(b)) {
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (BN_cmp(a, b) < 0) {
+ t = a;
+ a = b;
+ b = t;
+ }
+ } else { /* a even - b even */
+
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (!BN_rshift1(b, b))
+ goto err;
+ shifts++;
+ }
+ }
+ /* 0 <= b <= a */
+ }
+
+ if (shifts) {
+ if (!BN_lshift(a, a, shifts))
+ goto err;
+ }
+ bn_check_top(a);
+ return (a);
+ err:
+ return (NULL);
+}
+
+/* solves ax == 1 (mod n) */
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+ const BIGNUM *a, const BIGNUM *n,
+ BN_CTX *ctx);
+BIGNUM *BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
+ BN_CTX *ctx)
+{
+ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+ BIGNUM *ret = NULL;
+ int sign;
+
+ if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)
+ || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
+ return BN_mod_inverse_no_branch(in, a, n, ctx);
+ }
+
+ bn_check_top(a);
+ bn_check_top(n);
+
+ BN_CTX_start(ctx);
+ A = BN_CTX_get(ctx);
+ B = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ D = BN_CTX_get(ctx);
+ M = BN_CTX_get(ctx);
+ Y = BN_CTX_get(ctx);
+ T = BN_CTX_get(ctx);
+ if (T == NULL)
+ goto err;
+
+ if (in == NULL)
+ R = BN_new();
+ else
+ R = in;
+ if (R == NULL)
+ goto err;
+
+ BN_one(X);
+ BN_zero(Y);
+ if (BN_copy(B, a) == NULL)
+ goto err;
+ if (BN_copy(A, n) == NULL)
+ goto err;
+ A->neg = 0;
+ if (B->neg || (BN_ucmp(B, A) >= 0)) {
+ if (!BN_nnmod(B, B, A, ctx))
+ goto err;
+ }
+ sign = -1;
+ /*-
+ * From B = a mod |n|, A = |n| it follows that
+ *
+ * 0 <= B < A,
+ * -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|).
+ */
+
+ if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) {
+ /*
+ * Binary inversion algorithm; requires odd modulus. This is faster
+ * than the general algorithm if the modulus is sufficiently small
+ * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit
+ * systems)
+ */
+ int shift;
+
+ while (!BN_is_zero(B)) {
+ /*-
+ * 0 < B < |n|,
+ * 0 < A <= |n|,
+ * (1) -sign*X*a == B (mod |n|),
+ * (2) sign*Y*a == A (mod |n|)
+ */
+
+ /*
+ * Now divide B by the maximum possible power of two in the
+ * integers, and divide X by the same value mod |n|. When we're
+ * done, (1) still holds.
+ */
+ shift = 0;
+ while (!BN_is_bit_set(B, shift)) { /* note that 0 < B */
+ shift++;
+
+ if (BN_is_odd(X)) {
+ if (!BN_uadd(X, X, n))
+ goto err;
+ }
+ /*
+ * now X is even, so we can easily divide it by two
+ */
+ if (!BN_rshift1(X, X))
+ goto err;
+ }
+ if (shift > 0) {
+ if (!BN_rshift(B, B, shift))
+ goto err;
+ }
+
+ /*
+ * Same for A and Y. Afterwards, (2) still holds.
+ */
+ shift = 0;
+ while (!BN_is_bit_set(A, shift)) { /* note that 0 < A */
+ shift++;
+
+ if (BN_is_odd(Y)) {
+ if (!BN_uadd(Y, Y, n))
+ goto err;
+ }
+ /* now Y is even */
+ if (!BN_rshift1(Y, Y))
+ goto err;
+ }
+ if (shift > 0) {
+ if (!BN_rshift(A, A, shift))
+ goto err;
+ }
+
+ /*-
+ * We still have (1) and (2).
+ * Both A and B are odd.
+ * The following computations ensure that
+ *
+ * 0 <= B < |n|,
+ * 0 < A < |n|,
+ * (1) -sign*X*a == B (mod |n|),
+ * (2) sign*Y*a == A (mod |n|),
+ *
+ * and that either A or B is even in the next iteration.
+ */
+ if (BN_ucmp(B, A) >= 0) {
+ /* -sign*(X + Y)*a == B - A (mod |n|) */
+ if (!BN_uadd(X, X, Y))
+ goto err;
+ /*
+ * NB: we could use BN_mod_add_quick(X, X, Y, n), but that
+ * actually makes the algorithm slower
+ */
+ if (!BN_usub(B, B, A))
+ goto err;
+ } else {
+ /* sign*(X + Y)*a == A - B (mod |n|) */
+ if (!BN_uadd(Y, Y, X))
+ goto err;
+ /*
+ * as above, BN_mod_add_quick(Y, Y, X, n) would slow things
+ * down
+ */
+ if (!BN_usub(A, A, B))
+ goto err;
+ }
+ }
+ } else {
+ /* general inversion algorithm */
+
+ while (!BN_is_zero(B)) {
+ BIGNUM *tmp;
+
+ /*-
+ * 0 < B < A,
+ * (*) -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|)
+ */
+
+ /* (D, M) := (A/B, A%B) ... */
+ if (BN_num_bits(A) == BN_num_bits(B)) {
+ if (!BN_one(D))
+ goto err;
+ if (!BN_sub(M, A, B))
+ goto err;
+ } else if (BN_num_bits(A) == BN_num_bits(B) + 1) {
+ /* A/B is 1, 2, or 3 */
+ if (!BN_lshift1(T, B))
+ goto err;
+ if (BN_ucmp(A, T) < 0) {
+ /* A < 2*B, so D=1 */
+ if (!BN_one(D))
+ goto err;
+ if (!BN_sub(M, A, B))
+ goto err;
+ } else {
+ /* A >= 2*B, so D=2 or D=3 */
+ if (!BN_sub(M, A, T))
+ goto err;
+ if (!BN_add(D, T, B))
+ goto err; /* use D (:= 3*B) as temp */
+ if (BN_ucmp(A, D) < 0) {
+ /* A < 3*B, so D=2 */
+ if (!BN_set_word(D, 2))
+ goto err;
+ /*
+ * M (= A - 2*B) already has the correct value
+ */
+ } else {
+ /* only D=3 remains */
+ if (!BN_set_word(D, 3))
+ goto err;
+ /*
+ * currently M = A - 2*B, but we need M = A - 3*B
+ */
+ if (!BN_sub(M, M, B))
+ goto err;
+ }
+ }
+ } else {
+ if (!BN_div(D, M, A, B, ctx))
+ goto err;
+ }
+
+ /*-
+ * Now
+ * A = D*B + M;
+ * thus we have
+ * (**) sign*Y*a == D*B + M (mod |n|).
+ */
+
+ tmp = A; /* keep the BIGNUM object, the value does not
+ * matter */
+
+ /* (A, B) := (B, A mod B) ... */
+ A = B;
+ B = M;
+ /* ... so we have 0 <= B < A again */
+
+ /*-
+ * Since the former M is now B and the former B is now A,
+ * (**) translates into
+ * sign*Y*a == D*A + B (mod |n|),
+ * i.e.
+ * sign*Y*a - D*A == B (mod |n|).
+ * Similarly, (*) translates into
+ * -sign*X*a == A (mod |n|).
+ *
+ * Thus,
+ * sign*Y*a + D*sign*X*a == B (mod |n|),
+ * i.e.
+ * sign*(Y + D*X)*a == B (mod |n|).
+ *
+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
+ * -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|).
+ * Note that X and Y stay non-negative all the time.
+ */
+
+ /*
+ * most of the time D is very small, so we can optimize tmp :=
+ * D*X+Y
+ */
+ if (BN_is_one(D)) {
+ if (!BN_add(tmp, X, Y))
+ goto err;
+ } else {
+ if (BN_is_word(D, 2)) {
+ if (!BN_lshift1(tmp, X))
+ goto err;
+ } else if (BN_is_word(D, 4)) {
+ if (!BN_lshift(tmp, X, 2))
+ goto err;
+ } else if (D->top == 1) {
+ if (!BN_copy(tmp, X))
+ goto err;
+ if (!BN_mul_word(tmp, D->d[0]))
+ goto err;
+ } else {
+ if (!BN_mul(tmp, D, X, ctx))
+ goto err;
+ }
+ if (!BN_add(tmp, tmp, Y))
+ goto err;
+ }
+
+ M = Y; /* keep the BIGNUM object, the value does not
+ * matter */
+ Y = X;
+ X = tmp;
+ sign = -sign;
+ }
+ }
+
+ /*-
+ * The while loop (Euclid's algorithm) ends when
+ * A == gcd(a,n);
+ * we have
+ * sign*Y*a == A (mod |n|),
+ * where Y is non-negative.
+ */
+
+ if (sign < 0) {
+ if (!BN_sub(Y, n, Y))
+ goto err;
+ }
+ /* Now Y*a == A (mod |n|). */
+
+ if (BN_is_one(A)) {
+ /* Y*a == 1 (mod |n|) */
+ if (!Y->neg && BN_ucmp(Y, n) < 0) {
+ if (!BN_copy(R, Y))
+ goto err;
+ } else {
+ if (!BN_nnmod(R, Y, n, ctx))
+ goto err;
+ }
+ } else {
+ BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
+ goto err;
+ }
+ ret = R;
+ err:
+ if ((ret == NULL) && (in == NULL))
+ BN_free(R);
+ BN_CTX_end(ctx);
+ bn_check_top(ret);
+ return (ret);
+}
+
+/*
+ * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does
+ * not contain branches that may leak sensitive information.
+ */
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+ const BIGNUM *a, const BIGNUM *n,
+ BN_CTX *ctx)
+{
+ BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+ BIGNUM local_A, local_B;
+ BIGNUM *pA, *pB;
+ BIGNUM *ret = NULL;
+ int sign;
+
+ bn_check_top(a);
+ bn_check_top(n);
+
+ BN_CTX_start(ctx);
+ A = BN_CTX_get(ctx);
+ B = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ D = BN_CTX_get(ctx);
+ M = BN_CTX_get(ctx);
+ Y = BN_CTX_get(ctx);
+ T = BN_CTX_get(ctx);
+ if (T == NULL)
+ goto err;
+
+ if (in == NULL)
+ R = BN_new();
+ else
+ R = in;
+ if (R == NULL)
+ goto err;
+
+ BN_one(X);
+ BN_zero(Y);
+ if (BN_copy(B, a) == NULL)
+ goto err;
+ if (BN_copy(A, n) == NULL)
+ goto err;
+ A->neg = 0;
+
+ if (B->neg || (BN_ucmp(B, A) >= 0)) {
+ /*
+ * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+ * BN_div_no_branch will be called eventually.
+ */
+ pB = &local_B;
+ BN_with_flags(pB, B, BN_FLG_CONSTTIME);
+ if (!BN_nnmod(B, pB, A, ctx))
+ goto err;
+ }
+ sign = -1;
+ /*-
+ * From B = a mod |n|, A = |n| it follows that
+ *
+ * 0 <= B < A,
+ * -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|).
+ */
+
+ while (!BN_is_zero(B)) {
+ BIGNUM *tmp;
+
+ /*-
+ * 0 < B < A,
+ * (*) -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|)
+ */
+
+ /*
+ * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+ * BN_div_no_branch will be called eventually.
+ */
+ pA = &local_A;
+ BN_with_flags(pA, A, BN_FLG_CONSTTIME);
+
+ /* (D, M) := (A/B, A%B) ... */
+ if (!BN_div(D, M, pA, B, ctx))
+ goto err;
+
+ /*-
+ * Now
+ * A = D*B + M;
+ * thus we have
+ * (**) sign*Y*a == D*B + M (mod |n|).
+ */
+
+ tmp = A; /* keep the BIGNUM object, the value does not
+ * matter */
+
+ /* (A, B) := (B, A mod B) ... */
+ A = B;
+ B = M;
+ /* ... so we have 0 <= B < A again */
+
+ /*-
+ * Since the former M is now B and the former B is now A,
+ * (**) translates into
+ * sign*Y*a == D*A + B (mod |n|),
+ * i.e.
+ * sign*Y*a - D*A == B (mod |n|).
+ * Similarly, (*) translates into
+ * -sign*X*a == A (mod |n|).
+ *
+ * Thus,
+ * sign*Y*a + D*sign*X*a == B (mod |n|),
+ * i.e.
+ * sign*(Y + D*X)*a == B (mod |n|).
+ *
+ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
+ * -sign*X*a == B (mod |n|),
+ * sign*Y*a == A (mod |n|).
+ * Note that X and Y stay non-negative all the time.
+ */
+
+ if (!BN_mul(tmp, D, X, ctx))
+ goto err;
+ if (!BN_add(tmp, tmp, Y))
+ goto err;
+
+ M = Y; /* keep the BIGNUM object, the value does not
+ * matter */
+ Y = X;
+ X = tmp;
+ sign = -sign;
+ }
+
+ /*-
+ * The while loop (Euclid's algorithm) ends when
+ * A == gcd(a,n);
+ * we have
+ * sign*Y*a == A (mod |n|),
+ * where Y is non-negative.
+ */
+
+ if (sign < 0) {
+ if (!BN_sub(Y, n, Y))
+ goto err;
+ }
+ /* Now Y*a == A (mod |n|). */
+
+ if (BN_is_one(A)) {
+ /* Y*a == 1 (mod |n|) */
+ if (!Y->neg && BN_ucmp(Y, n) < 0) {
+ if (!BN_copy(R, Y))
+ goto err;
+ } else {
+ if (!BN_nnmod(R, Y, n, ctx))
+ goto err;
+ }
+ } else {
+ BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
+ goto err;
+ }
+ ret = R;
+ err:
+ if ((ret == NULL) && (in == NULL))
+ BN_free(R);
+ BN_CTX_end(ctx);
+ bn_check_top(ret);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gf2m.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_gf2m.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gf2m.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1148 +0,0 @@
-/* crypto/bn/bn_gf2m.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * In addition, Sun covenants to all licensees who provide a reciprocal
- * covenant with respect to their own patents if any, not to sue under
- * current and future patent claims necessarily infringed by the making,
- * using, practicing, selling, offering for sale and/or otherwise
- * disposing of the ECC Code as delivered hereunder (or portions thereof),
- * provided that such covenant shall not apply:
- * 1) for code that a licensee deletes from the ECC Code;
- * 2) separates from the ECC Code; or
- * 3) for infringements caused by:
- * i) the modification of the ECC Code or
- * ii) the combination of the ECC Code with other software or
- * devices where such combination causes the infringement.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-/* NOTE: This file is licensed pursuant to the OpenSSL license below
- * and may be modified; but after modifications, the above covenant
- * may no longer apply! In such cases, the corresponding paragraph
- * ["In addition, Sun covenants ... causes the infringement."] and
- * this note can be edited out; but please keep the Sun copyright
- * notice and attribution. */
-
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <assert.h>
-#include <limits.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */
-#define MAX_ITERATIONS 50
-
-static const BN_ULONG SQR_tb[16] =
- { 0, 1, 4, 5, 16, 17, 20, 21,
- 64, 65, 68, 69, 80, 81, 84, 85 };
-/* Platform-specific macros to accelerate squaring. */
-#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-#define SQR1(w) \
- SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
- SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
- SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
- SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF]
-#define SQR0(w) \
- SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
- SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
- SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
- SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
-#endif
-#ifdef THIRTY_TWO_BIT
-#define SQR1(w) \
- SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
- SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF]
-#define SQR0(w) \
- SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
- SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
-#endif
-#ifdef SIXTEEN_BIT
-#define SQR1(w) \
- SQR_tb[(w) >> 12 & 0xF] << 8 | SQR_tb[(w) >> 8 & 0xF]
-#define SQR0(w) \
- SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
-#endif
-#ifdef EIGHT_BIT
-#define SQR1(w) \
- SQR_tb[(w) >> 4 & 0xF]
-#define SQR0(w) \
- SQR_tb[(w) & 15]
-#endif
-
-/* Product of two polynomials a, b each with degree < BN_BITS2 - 1,
- * result is a polynomial r with degree < 2 * BN_BITS - 1
- * The caller MUST ensure that the variables have the right amount
- * of space allocated.
- */
-#ifdef EIGHT_BIT
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
- {
- register BN_ULONG h, l, s;
- BN_ULONG tab[4], top1b = a >> 7;
- register BN_ULONG a1, a2;
-
- a1 = a & (0x7F); a2 = a1 << 1;
-
- tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
-
- s = tab[b & 0x3]; l = s;
- s = tab[b >> 2 & 0x3]; l ^= s << 2; h = s >> 6;
- s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 4;
- s = tab[b >> 6 ]; l ^= s << 6; h ^= s >> 2;
-
- /* compensate for the top bit of a */
-
- if (top1b & 01) { l ^= b << 7; h ^= b >> 1; }
-
- *r1 = h; *r0 = l;
- }
-#endif
-#ifdef SIXTEEN_BIT
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
- {
- register BN_ULONG h, l, s;
- BN_ULONG tab[4], top1b = a >> 15;
- register BN_ULONG a1, a2;
-
- a1 = a & (0x7FFF); a2 = a1 << 1;
-
- tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
-
- s = tab[b & 0x3]; l = s;
- s = tab[b >> 2 & 0x3]; l ^= s << 2; h = s >> 14;
- s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 12;
- s = tab[b >> 6 & 0x3]; l ^= s << 6; h ^= s >> 10;
- s = tab[b >> 8 & 0x3]; l ^= s << 8; h ^= s >> 8;
- s = tab[b >>10 & 0x3]; l ^= s << 10; h ^= s >> 6;
- s = tab[b >>12 & 0x3]; l ^= s << 12; h ^= s >> 4;
- s = tab[b >>14 ]; l ^= s << 14; h ^= s >> 2;
-
- /* compensate for the top bit of a */
-
- if (top1b & 01) { l ^= b << 15; h ^= b >> 1; }
-
- *r1 = h; *r0 = l;
- }
-#endif
-#ifdef THIRTY_TWO_BIT
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
- {
- register BN_ULONG h, l, s;
- BN_ULONG tab[8], top2b = a >> 30;
- register BN_ULONG a1, a2, a4;
-
- a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1;
-
- tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
- tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4;
-
- s = tab[b & 0x7]; l = s;
- s = tab[b >> 3 & 0x7]; l ^= s << 3; h = s >> 29;
- s = tab[b >> 6 & 0x7]; l ^= s << 6; h ^= s >> 26;
- s = tab[b >> 9 & 0x7]; l ^= s << 9; h ^= s >> 23;
- s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20;
- s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17;
- s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14;
- s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11;
- s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >> 8;
- s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >> 5;
- s = tab[b >> 30 ]; l ^= s << 30; h ^= s >> 2;
-
- /* compensate for the top two bits of a */
-
- if (top2b & 01) { l ^= b << 30; h ^= b >> 2; }
- if (top2b & 02) { l ^= b << 31; h ^= b >> 1; }
-
- *r1 = h; *r0 = l;
- }
-#endif
-#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
- {
- register BN_ULONG h, l, s;
- BN_ULONG tab[16], top3b = a >> 61;
- register BN_ULONG a1, a2, a4, a8;
-
- a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1;
-
- tab[ 0] = 0; tab[ 1] = a1; tab[ 2] = a2; tab[ 3] = a1^a2;
- tab[ 4] = a4; tab[ 5] = a1^a4; tab[ 6] = a2^a4; tab[ 7] = a1^a2^a4;
- tab[ 8] = a8; tab[ 9] = a1^a8; tab[10] = a2^a8; tab[11] = a1^a2^a8;
- tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8;
-
- s = tab[b & 0xF]; l = s;
- s = tab[b >> 4 & 0xF]; l ^= s << 4; h = s >> 60;
- s = tab[b >> 8 & 0xF]; l ^= s << 8; h ^= s >> 56;
- s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52;
- s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48;
- s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44;
- s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40;
- s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36;
- s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32;
- s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28;
- s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24;
- s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20;
- s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16;
- s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12;
- s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >> 8;
- s = tab[b >> 60 ]; l ^= s << 60; h ^= s >> 4;
-
- /* compensate for the top three bits of a */
-
- if (top3b & 01) { l ^= b << 61; h ^= b >> 3; }
- if (top3b & 02) { l ^= b << 62; h ^= b >> 2; }
- if (top3b & 04) { l ^= b << 63; h ^= b >> 1; }
-
- *r1 = h; *r0 = l;
- }
-#endif
-
-/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
- * result is a polynomial r with degree < 4 * BN_BITS2 - 1
- * The caller MUST ensure that the variables have the right amount
- * of space allocated.
- */
-static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, const BN_ULONG b1, const BN_ULONG b0)
- {
- BN_ULONG m1, m0;
- /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
- bn_GF2m_mul_1x1(r+3, r+2, a1, b1);
- bn_GF2m_mul_1x1(r+1, r, a0, b0);
- bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
- /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
- r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */
- r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
- }
-
-
-/* Add polynomials a and b and store result in r; r could be a or b, a and b
- * could be equal; r is the bitwise XOR of a and b.
- */
-int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
- {
- int i;
- const BIGNUM *at, *bt;
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (a->top < b->top) { at = b; bt = a; }
- else { at = a; bt = b; }
-
- if(bn_wexpand(r, at->top) == NULL)
- return 0;
-
- for (i = 0; i < bt->top; i++)
- {
- r->d[i] = at->d[i] ^ bt->d[i];
- }
- for (; i < at->top; i++)
- {
- r->d[i] = at->d[i];
- }
-
- r->top = at->top;
- bn_correct_top(r);
-
- return 1;
- }
-
-
-/* Some functions allow for representation of the irreducible polynomials
- * as an int[], say p. The irreducible f(t) is then of the form:
- * t^p[0] + t^p[1] + ... + t^p[k]
- * where m = p[0] > p[1] > ... > p[k] = 0.
- */
-
-
-/* Performs modular reduction of a and store result in r. r could be a. */
-int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[])
- {
- int j, k;
- int n, dN, d0, d1;
- BN_ULONG zz, *z;
-
- bn_check_top(a);
-
- if (!p[0])
- {
- /* reduction mod 1 => return 0 */
- BN_zero(r);
- return 1;
- }
-
- /* Since the algorithm does reduction in the r value, if a != r, copy
- * the contents of a into r so we can do reduction in r.
- */
- if (a != r)
- {
- if (!bn_wexpand(r, a->top)) return 0;
- for (j = 0; j < a->top; j++)
- {
- r->d[j] = a->d[j];
- }
- r->top = a->top;
- }
- z = r->d;
-
- /* start reduction */
- dN = p[0] / BN_BITS2;
- for (j = r->top - 1; j > dN;)
- {
- zz = z[j];
- if (z[j] == 0) { j--; continue; }
- z[j] = 0;
-
- for (k = 1; p[k] != 0; k++)
- {
- /* reducing component t^p[k] */
- n = p[0] - p[k];
- d0 = n % BN_BITS2; d1 = BN_BITS2 - d0;
- n /= BN_BITS2;
- z[j-n] ^= (zz>>d0);
- if (d0) z[j-n-1] ^= (zz<<d1);
- }
-
- /* reducing component t^0 */
- n = dN;
- d0 = p[0] % BN_BITS2;
- d1 = BN_BITS2 - d0;
- z[j-n] ^= (zz >> d0);
- if (d0) z[j-n-1] ^= (zz << d1);
- }
-
- /* final round of reduction */
- while (j == dN)
- {
-
- d0 = p[0] % BN_BITS2;
- zz = z[dN] >> d0;
- if (zz == 0) break;
- d1 = BN_BITS2 - d0;
-
- /* clear up the top d1 bits */
- if (d0)
- z[dN] = (z[dN] << d1) >> d1;
- else
- z[dN] = 0;
- z[0] ^= zz; /* reduction t^0 component */
-
- for (k = 1; p[k] != 0; k++)
- {
- BN_ULONG tmp_ulong;
-
- /* reducing component t^p[k]*/
- n = p[k] / BN_BITS2;
- d0 = p[k] % BN_BITS2;
- d1 = BN_BITS2 - d0;
- z[n] ^= (zz << d0);
- tmp_ulong = zz >> d1;
- if (d0 && tmp_ulong)
- z[n+1] ^= tmp_ulong;
- }
-
-
- }
-
- bn_correct_top(r);
- return 1;
- }
-
-/* Performs modular reduction of a by p and store result in r. r could be a.
- *
- * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_arr function.
- */
-int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
- {
- int ret = 0;
- const int max = BN_num_bits(p);
- unsigned int *arr=NULL;
- bn_check_top(a);
- bn_check_top(p);
- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
- ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);
- goto err;
- }
- ret = BN_GF2m_mod_arr(r, a, arr);
- bn_check_top(r);
-err:
- if (arr) OPENSSL_free(arr);
- return ret;
- }
-
-
-/* Compute the product of two polynomials a and b, reduce modulo p, and store
- * the result in r. r could be a or b; a could be b.
- */
-int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx)
- {
- int zlen, i, j, k, ret = 0;
- BIGNUM *s;
- BN_ULONG x1, x0, y1, y0, zz[4];
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (a == b)
- {
- return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
- }
-
- BN_CTX_start(ctx);
- if ((s = BN_CTX_get(ctx)) == NULL) goto err;
-
- zlen = a->top + b->top + 4;
- if (!bn_wexpand(s, zlen)) goto err;
- s->top = zlen;
-
- for (i = 0; i < zlen; i++) s->d[i] = 0;
-
- for (j = 0; j < b->top; j += 2)
- {
- y0 = b->d[j];
- y1 = ((j+1) == b->top) ? 0 : b->d[j+1];
- for (i = 0; i < a->top; i += 2)
- {
- x0 = a->d[i];
- x1 = ((i+1) == a->top) ? 0 : a->d[i+1];
- bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
- for (k = 0; k < 4; k++) s->d[i+j+k] ^= zz[k];
- }
- }
-
- bn_correct_top(s);
- if (BN_GF2m_mod_arr(r, s, p))
- ret = 1;
- bn_check_top(r);
-
-err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-/* Compute the product of two polynomials a and b, reduce modulo p, and store
- * the result in r. r could be a or b; a could equal b.
- *
- * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_mul_arr function.
- */
-int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
- {
- int ret = 0;
- const int max = BN_num_bits(p);
- unsigned int *arr=NULL;
- bn_check_top(a);
- bn_check_top(b);
- bn_check_top(p);
- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
- ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH);
- goto err;
- }
- ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
- bn_check_top(r);
-err:
- if (arr) OPENSSL_free(arr);
- return ret;
- }
-
-
-/* Square a, reduce the result mod p, and store it in a. r could be a. */
-int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx)
- {
- int i, ret = 0;
- BIGNUM *s;
-
- bn_check_top(a);
- BN_CTX_start(ctx);
- if ((s = BN_CTX_get(ctx)) == NULL) return 0;
- if (!bn_wexpand(s, 2 * a->top)) goto err;
-
- for (i = a->top - 1; i >= 0; i--)
- {
- s->d[2*i+1] = SQR1(a->d[i]);
- s->d[2*i ] = SQR0(a->d[i]);
- }
-
- s->top = 2 * a->top;
- bn_correct_top(s);
- if (!BN_GF2m_mod_arr(r, s, p)) goto err;
- bn_check_top(r);
- ret = 1;
-err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-/* Square a, reduce the result mod p, and store it in a. r could be a.
- *
- * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_sqr_arr function.
- */
-int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
- int ret = 0;
- const int max = BN_num_bits(p);
- unsigned int *arr=NULL;
-
- bn_check_top(a);
- bn_check_top(p);
- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
- ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH);
- goto err;
- }
- ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
- bn_check_top(r);
-err:
- if (arr) OPENSSL_free(arr);
- return ret;
- }
-
-
-/* Invert a, reduce modulo p, and store the result in r. r could be a.
- * Uses Modified Almost Inverse Algorithm (Algorithm 10) from
- * Hankerson, D., Hernandez, J.L., and Menezes, A. "Software Implementation
- * of Elliptic Curve Cryptography Over Binary Fields".
- */
-int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
- BIGNUM *b, *c, *u, *v, *tmp;
- int ret = 0;
-
- bn_check_top(a);
- bn_check_top(p);
-
- BN_CTX_start(ctx);
-
- b = BN_CTX_get(ctx);
- c = BN_CTX_get(ctx);
- u = BN_CTX_get(ctx);
- v = BN_CTX_get(ctx);
- if (v == NULL) goto err;
-
- if (!BN_one(b)) goto err;
- if (!BN_GF2m_mod(u, a, p)) goto err;
- if (!BN_copy(v, p)) goto err;
-
- if (BN_is_zero(u)) goto err;
-
- while (1)
- {
- while (!BN_is_odd(u))
- {
- if (BN_is_zero(u)) goto err;
- if (!BN_rshift1(u, u)) goto err;
- if (BN_is_odd(b))
- {
- if (!BN_GF2m_add(b, b, p)) goto err;
- }
- if (!BN_rshift1(b, b)) goto err;
- }
-
- if (BN_abs_is_word(u, 1)) break;
-
- if (BN_num_bits(u) < BN_num_bits(v))
- {
- tmp = u; u = v; v = tmp;
- tmp = b; b = c; c = tmp;
- }
-
- if (!BN_GF2m_add(u, u, v)) goto err;
- if (!BN_GF2m_add(b, b, c)) goto err;
- }
-
-
- if (!BN_copy(r, b)) goto err;
- bn_check_top(r);
- ret = 1;
-
-err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-/* Invert xx, reduce modulo p, and store the result in r. r could be xx.
- *
- * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_inv function.
- */
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx)
- {
- BIGNUM *field;
- int ret = 0;
-
- bn_check_top(xx);
- BN_CTX_start(ctx);
- if ((field = BN_CTX_get(ctx)) == NULL) goto err;
- if (!BN_GF2m_arr2poly(p, field)) goto err;
-
- ret = BN_GF2m_mod_inv(r, xx, field, ctx);
- bn_check_top(r);
-
-err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-
-#ifndef OPENSSL_SUN_GF2M_DIV
-/* Divide y by x, reduce modulo p, and store the result in r. r could be x
- * or y, x could equal y.
- */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
- {
- BIGNUM *xinv = NULL;
- int ret = 0;
-
- bn_check_top(y);
- bn_check_top(x);
- bn_check_top(p);
-
- BN_CTX_start(ctx);
- xinv = BN_CTX_get(ctx);
- if (xinv == NULL) goto err;
-
- if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err;
- if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err;
- bn_check_top(r);
- ret = 1;
-
-err:
- BN_CTX_end(ctx);
- return ret;
- }
-#else
-/* Divide y by x, reduce modulo p, and store the result in r. r could be x
- * or y, x could equal y.
- * Uses algorithm Modular_Division_GF(2^m) from
- * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to
- * the Great Divide".
- */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
- {
- BIGNUM *a, *b, *u, *v;
- int ret = 0;
-
- bn_check_top(y);
- bn_check_top(x);
- bn_check_top(p);
-
- BN_CTX_start(ctx);
-
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- u = BN_CTX_get(ctx);
- v = BN_CTX_get(ctx);
- if (v == NULL) goto err;
-
- /* reduce x and y mod p */
- if (!BN_GF2m_mod(u, y, p)) goto err;
- if (!BN_GF2m_mod(a, x, p)) goto err;
- if (!BN_copy(b, p)) goto err;
-
- while (!BN_is_odd(a))
- {
- if (!BN_rshift1(a, a)) goto err;
- if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
- if (!BN_rshift1(u, u)) goto err;
- }
-
- do
- {
- if (BN_GF2m_cmp(b, a) > 0)
- {
- if (!BN_GF2m_add(b, b, a)) goto err;
- if (!BN_GF2m_add(v, v, u)) goto err;
- do
- {
- if (!BN_rshift1(b, b)) goto err;
- if (BN_is_odd(v)) if (!BN_GF2m_add(v, v, p)) goto err;
- if (!BN_rshift1(v, v)) goto err;
- } while (!BN_is_odd(b));
- }
- else if (BN_abs_is_word(a, 1))
- break;
- else
- {
- if (!BN_GF2m_add(a, a, b)) goto err;
- if (!BN_GF2m_add(u, u, v)) goto err;
- do
- {
- if (!BN_rshift1(a, a)) goto err;
- if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
- if (!BN_rshift1(u, u)) goto err;
- } while (!BN_is_odd(a));
- }
- } while (1);
-
- if (!BN_copy(r, u)) goto err;
- bn_check_top(r);
- ret = 1;
-
-err:
- BN_CTX_end(ctx);
- return ret;
- }
-#endif
-
-/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
- * or yy, xx could equal yy.
- *
- * This function calls down to the BN_GF2m_mod_div implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_div function.
- */
-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx)
- {
- BIGNUM *field;
- int ret = 0;
-
- bn_check_top(yy);
- bn_check_top(xx);
-
- BN_CTX_start(ctx);
- if ((field = BN_CTX_get(ctx)) == NULL) goto err;
- if (!BN_GF2m_arr2poly(p, field)) goto err;
-
- ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
- bn_check_top(r);
-
-err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-
-/* Compute the bth power of a, reduce modulo p, and store
- * the result in r. r could be a.
- * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363.
- */
-int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx)
- {
- int ret = 0, i, n;
- BIGNUM *u;
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (BN_is_zero(b))
- return(BN_one(r));
-
- if (BN_abs_is_word(b, 1))
- return (BN_copy(r, a) != NULL);
-
- BN_CTX_start(ctx);
- if ((u = BN_CTX_get(ctx)) == NULL) goto err;
-
- if (!BN_GF2m_mod_arr(u, a, p)) goto err;
-
- n = BN_num_bits(b) - 1;
- for (i = n - 1; i >= 0; i--)
- {
- if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) goto err;
- if (BN_is_bit_set(b, i))
- {
- if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) goto err;
- }
- }
- if (!BN_copy(r, u)) goto err;
- bn_check_top(r);
- ret = 1;
-err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-/* Compute the bth power of a, reduce modulo p, and store
- * the result in r. r could be a.
- *
- * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_exp_arr function.
- */
-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
- {
- int ret = 0;
- const int max = BN_num_bits(p);
- unsigned int *arr=NULL;
- bn_check_top(a);
- bn_check_top(b);
- bn_check_top(p);
- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
- ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH);
- goto err;
- }
- ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
- bn_check_top(r);
-err:
- if (arr) OPENSSL_free(arr);
- return ret;
- }
-
-/* Compute the square root of a, reduce modulo p, and store
- * the result in r. r could be a.
- * Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
- */
-int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx)
- {
- int ret = 0;
- BIGNUM *u;
-
- bn_check_top(a);
-
- if (!p[0])
- {
- /* reduction mod 1 => return 0 */
- BN_zero(r);
- return 1;
- }
-
- BN_CTX_start(ctx);
- if ((u = BN_CTX_get(ctx)) == NULL) goto err;
-
- if (!BN_set_bit(u, p[0] - 1)) goto err;
- ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
- bn_check_top(r);
-
-err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-/* Compute the square root of a, reduce modulo p, and store
- * the result in r. r could be a.
- *
- * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_sqrt_arr function.
- */
-int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
- int ret = 0;
- const int max = BN_num_bits(p);
- unsigned int *arr=NULL;
- bn_check_top(a);
- bn_check_top(p);
- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
- ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_SQRT,BN_R_INVALID_LENGTH);
- goto err;
- }
- ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
- bn_check_top(r);
-err:
- if (arr) OPENSSL_free(arr);
- return ret;
- }
-
-/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0.
- * Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
- */
-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p[], BN_CTX *ctx)
- {
- int ret = 0, count = 0;
- unsigned int j;
- BIGNUM *a, *z, *rho, *w, *w2, *tmp;
-
- bn_check_top(a_);
-
- if (!p[0])
- {
- /* reduction mod 1 => return 0 */
- BN_zero(r);
- return 1;
- }
-
- BN_CTX_start(ctx);
- a = BN_CTX_get(ctx);
- z = BN_CTX_get(ctx);
- w = BN_CTX_get(ctx);
- if (w == NULL) goto err;
-
- if (!BN_GF2m_mod_arr(a, a_, p)) goto err;
-
- if (BN_is_zero(a))
- {
- BN_zero(r);
- ret = 1;
- goto err;
- }
-
- if (p[0] & 0x1) /* m is odd */
- {
- /* compute half-trace of a */
- if (!BN_copy(z, a)) goto err;
- for (j = 1; j <= (p[0] - 1) / 2; j++)
- {
- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
- if (!BN_GF2m_add(z, z, a)) goto err;
- }
-
- }
- else /* m is even */
- {
- rho = BN_CTX_get(ctx);
- w2 = BN_CTX_get(ctx);
- tmp = BN_CTX_get(ctx);
- if (tmp == NULL) goto err;
- do
- {
- if (!BN_rand(rho, p[0], 0, 0)) goto err;
- if (!BN_GF2m_mod_arr(rho, rho, p)) goto err;
- BN_zero(z);
- if (!BN_copy(w, rho)) goto err;
- for (j = 1; j <= p[0] - 1; j++)
- {
- if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
- if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err;
- if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) goto err;
- if (!BN_GF2m_add(z, z, tmp)) goto err;
- if (!BN_GF2m_add(w, w2, rho)) goto err;
- }
- count++;
- } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
- if (BN_is_zero(w))
- {
- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,BN_R_TOO_MANY_ITERATIONS);
- goto err;
- }
- }
-
- if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err;
- if (!BN_GF2m_add(w, z, w)) goto err;
- if (BN_GF2m_cmp(w, a))
- {
- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
- goto err;
- }
-
- if (!BN_copy(r, z)) goto err;
- bn_check_top(r);
-
- ret = 1;
-
-err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0.
- *
- * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the
- * BN_GF2m_mod_solve_quad_arr function.
- */
-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
- {
- int ret = 0;
- const int max = BN_num_bits(p);
- unsigned int *arr=NULL;
- bn_check_top(a);
- bn_check_top(p);
- if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) *
- max)) == NULL) goto err;
- ret = BN_GF2m_poly2arr(p, arr, max);
- if (!ret || ret > max)
- {
- BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH);
- goto err;
- }
- ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
- bn_check_top(r);
-err:
- if (arr) OPENSSL_free(arr);
- return ret;
- }
-
-/* Convert the bit-string representation of a polynomial
- * ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array
- * of integers corresponding to the bits with non-zero coefficient.
- * Up to max elements of the array will be filled. Return value is total
- * number of coefficients that would be extracted if array was large enough.
- */
-int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max)
- {
- int i, j, k = 0;
- BN_ULONG mask;
-
- if (BN_is_zero(a) || !BN_is_bit_set(a, 0))
- /* a_0 == 0 => return error (the unsigned int array
- * must be terminated by 0)
- */
- return 0;
-
- for (i = a->top - 1; i >= 0; i--)
- {
- if (!a->d[i])
- /* skip word if a->d[i] == 0 */
- continue;
- mask = BN_TBIT;
- for (j = BN_BITS2 - 1; j >= 0; j--)
- {
- if (a->d[i] & mask)
- {
- if (k < max) p[k] = BN_BITS2 * i + j;
- k++;
- }
- mask >>= 1;
- }
- }
-
- return k;
- }
-
-/* Convert the coefficient array representation of a polynomial to a
- * bit-string. The array must be terminated by 0.
- */
-int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a)
- {
- int i;
-
- bn_check_top(a);
- BN_zero(a);
- for (i = 0; p[i] != 0; i++)
- {
- if (BN_set_bit(a, p[i]) == 0)
- return 0;
- }
- BN_set_bit(a, 0);
- bn_check_top(a);
-
- return 1;
- }
-
-/*
- * Constant-time conditional swap of a and b.
- * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
- * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
- * and that no more than nwords are used by either a or b.
- * a and b cannot be the same number
- */
-void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
- {
- BN_ULONG t;
- int i;
-
- bn_wcheck_size(a, nwords);
- bn_wcheck_size(b, nwords);
-
- assert(a != b);
- assert((condition & (condition - 1)) == 0);
- assert(sizeof(BN_ULONG) >= sizeof(int));
-
- condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
-
- t = (a->top^b->top) & condition;
- a->top ^= t;
- b->top ^= t;
-
-#define BN_CONSTTIME_SWAP(ind) \
- do { \
- t = (a->d[ind] ^ b->d[ind]) & condition; \
- a->d[ind] ^= t; \
- b->d[ind] ^= t; \
- } while (0)
-
-
- switch (nwords) {
- default:
- for (i = 10; i < nwords; i++)
- BN_CONSTTIME_SWAP(i);
- /* Fallthrough */
- case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
- case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
- case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
- case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
- case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
- case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
- case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
- case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
- case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
- case 1: BN_CONSTTIME_SWAP(0);
- }
-#undef BN_CONSTTIME_SWAP
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gf2m.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_gf2m.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gf2m.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_gf2m.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1369 @@
+/* crypto/bn/bn_gf2m.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * In addition, Sun covenants to all licensees who provide a reciprocal
+ * covenant with respect to their own patents if any, not to sue under
+ * current and future patent claims necessarily infringed by the making,
+ * using, practicing, selling, offering for sale and/or otherwise
+ * disposing of the ECC Code as delivered hereunder (or portions thereof),
+ * provided that such covenant shall not apply:
+ * 1) for code that a licensee deletes from the ECC Code;
+ * 2) separates from the ECC Code; or
+ * 3) for infringements caused by:
+ * i) the modification of the ECC Code or
+ * ii) the combination of the ECC Code with other software or
+ * devices where such combination causes the infringement.
+ *
+ * The software is originally written by Sheueling Chang Shantz and
+ * Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+/*
+ * NOTE: This file is licensed pursuant to the OpenSSL license below and may
+ * be modified; but after modifications, the above covenant may no longer
+ * apply! In such cases, the corresponding paragraph ["In addition, Sun
+ * covenants ... causes the infringement."] and this note can be edited out;
+ * but please keep the Sun copyright notice and attribution.
+ */
+
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/*
+ * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
+ * fail.
+ */
+#define MAX_ITERATIONS 50
+
+static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21,
+ 64, 65, 68, 69, 80, 81, 84, 85
+};
+
+/* Platform-specific macros to accelerate squaring. */
+#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+# define SQR1(w) \
+ SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
+ SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
+ SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
+ SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF]
+# define SQR0(w) \
+ SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
+ SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
+ SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
+ SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
+#endif
+#ifdef THIRTY_TWO_BIT
+# define SQR1(w) \
+ SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
+ SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF]
+# define SQR0(w) \
+ SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \
+ SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
+#endif
+#ifdef SIXTEEN_BIT
+# define SQR1(w) \
+ SQR_tb[(w) >> 12 & 0xF] << 8 | SQR_tb[(w) >> 8 & 0xF]
+# define SQR0(w) \
+ SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF]
+#endif
+#ifdef EIGHT_BIT
+# define SQR1(w) \
+ SQR_tb[(w) >> 4 & 0xF]
+# define SQR0(w) \
+ SQR_tb[(w) & 15]
+#endif
+
+/*
+ * Product of two polynomials a, b each with degree < BN_BITS2 - 1, result is
+ * a polynomial r with degree < 2 * BN_BITS - 1 The caller MUST ensure that
+ * the variables have the right amount of space allocated.
+ */
+#ifdef EIGHT_BIT
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+ const BN_ULONG b)
+{
+ register BN_ULONG h, l, s;
+ BN_ULONG tab[4], top1b = a >> 7;
+ register BN_ULONG a1, a2;
+
+ a1 = a & (0x7F);
+ a2 = a1 << 1;
+
+ tab[0] = 0;
+ tab[1] = a1;
+ tab[2] = a2;
+ tab[3] = a1 ^ a2;
+
+ s = tab[b & 0x3];
+ l = s;
+ s = tab[b >> 2 & 0x3];
+ l ^= s << 2;
+ h = s >> 6;
+ s = tab[b >> 4 & 0x3];
+ l ^= s << 4;
+ h ^= s >> 4;
+ s = tab[b >> 6];
+ l ^= s << 6;
+ h ^= s >> 2;
+
+ /* compensate for the top bit of a */
+
+ if (top1b & 01) {
+ l ^= b << 7;
+ h ^= b >> 1;
+ }
+
+ *r1 = h;
+ *r0 = l;
+}
+#endif
+#ifdef SIXTEEN_BIT
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+ const BN_ULONG b)
+{
+ register BN_ULONG h, l, s;
+ BN_ULONG tab[4], top1b = a >> 15;
+ register BN_ULONG a1, a2;
+
+ a1 = a & (0x7FFF);
+ a2 = a1 << 1;
+
+ tab[0] = 0;
+ tab[1] = a1;
+ tab[2] = a2;
+ tab[3] = a1 ^ a2;
+
+ s = tab[b & 0x3];
+ l = s;
+ s = tab[b >> 2 & 0x3];
+ l ^= s << 2;
+ h = s >> 14;
+ s = tab[b >> 4 & 0x3];
+ l ^= s << 4;
+ h ^= s >> 12;
+ s = tab[b >> 6 & 0x3];
+ l ^= s << 6;
+ h ^= s >> 10;
+ s = tab[b >> 8 & 0x3];
+ l ^= s << 8;
+ h ^= s >> 8;
+ s = tab[b >> 10 & 0x3];
+ l ^= s << 10;
+ h ^= s >> 6;
+ s = tab[b >> 12 & 0x3];
+ l ^= s << 12;
+ h ^= s >> 4;
+ s = tab[b >> 14];
+ l ^= s << 14;
+ h ^= s >> 2;
+
+ /* compensate for the top bit of a */
+
+ if (top1b & 01) {
+ l ^= b << 15;
+ h ^= b >> 1;
+ }
+
+ *r1 = h;
+ *r0 = l;
+}
+#endif
+#ifdef THIRTY_TWO_BIT
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+ const BN_ULONG b)
+{
+ register BN_ULONG h, l, s;
+ BN_ULONG tab[8], top2b = a >> 30;
+ register BN_ULONG a1, a2, a4;
+
+ a1 = a & (0x3FFFFFFF);
+ a2 = a1 << 1;
+ a4 = a2 << 1;
+
+ tab[0] = 0;
+ tab[1] = a1;
+ tab[2] = a2;
+ tab[3] = a1 ^ a2;
+ tab[4] = a4;
+ tab[5] = a1 ^ a4;
+ tab[6] = a2 ^ a4;
+ tab[7] = a1 ^ a2 ^ a4;
+
+ s = tab[b & 0x7];
+ l = s;
+ s = tab[b >> 3 & 0x7];
+ l ^= s << 3;
+ h = s >> 29;
+ s = tab[b >> 6 & 0x7];
+ l ^= s << 6;
+ h ^= s >> 26;
+ s = tab[b >> 9 & 0x7];
+ l ^= s << 9;
+ h ^= s >> 23;
+ s = tab[b >> 12 & 0x7];
+ l ^= s << 12;
+ h ^= s >> 20;
+ s = tab[b >> 15 & 0x7];
+ l ^= s << 15;
+ h ^= s >> 17;
+ s = tab[b >> 18 & 0x7];
+ l ^= s << 18;
+ h ^= s >> 14;
+ s = tab[b >> 21 & 0x7];
+ l ^= s << 21;
+ h ^= s >> 11;
+ s = tab[b >> 24 & 0x7];
+ l ^= s << 24;
+ h ^= s >> 8;
+ s = tab[b >> 27 & 0x7];
+ l ^= s << 27;
+ h ^= s >> 5;
+ s = tab[b >> 30];
+ l ^= s << 30;
+ h ^= s >> 2;
+
+ /* compensate for the top two bits of a */
+
+ if (top2b & 01) {
+ l ^= b << 30;
+ h ^= b >> 2;
+ }
+ if (top2b & 02) {
+ l ^= b << 31;
+ h ^= b >> 1;
+ }
+
+ *r1 = h;
+ *r0 = l;
+}
+#endif
+#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+ const BN_ULONG b)
+{
+ register BN_ULONG h, l, s;
+ BN_ULONG tab[16], top3b = a >> 61;
+ register BN_ULONG a1, a2, a4, a8;
+
+ a1 = a & (0x1FFFFFFFFFFFFFFFULL);
+ a2 = a1 << 1;
+ a4 = a2 << 1;
+ a8 = a4 << 1;
+
+ tab[0] = 0;
+ tab[1] = a1;
+ tab[2] = a2;
+ tab[3] = a1 ^ a2;
+ tab[4] = a4;
+ tab[5] = a1 ^ a4;
+ tab[6] = a2 ^ a4;
+ tab[7] = a1 ^ a2 ^ a4;
+ tab[8] = a8;
+ tab[9] = a1 ^ a8;
+ tab[10] = a2 ^ a8;
+ tab[11] = a1 ^ a2 ^ a8;
+ tab[12] = a4 ^ a8;
+ tab[13] = a1 ^ a4 ^ a8;
+ tab[14] = a2 ^ a4 ^ a8;
+ tab[15] = a1 ^ a2 ^ a4 ^ a8;
+
+ s = tab[b & 0xF];
+ l = s;
+ s = tab[b >> 4 & 0xF];
+ l ^= s << 4;
+ h = s >> 60;
+ s = tab[b >> 8 & 0xF];
+ l ^= s << 8;
+ h ^= s >> 56;
+ s = tab[b >> 12 & 0xF];
+ l ^= s << 12;
+ h ^= s >> 52;
+ s = tab[b >> 16 & 0xF];
+ l ^= s << 16;
+ h ^= s >> 48;
+ s = tab[b >> 20 & 0xF];
+ l ^= s << 20;
+ h ^= s >> 44;
+ s = tab[b >> 24 & 0xF];
+ l ^= s << 24;
+ h ^= s >> 40;
+ s = tab[b >> 28 & 0xF];
+ l ^= s << 28;
+ h ^= s >> 36;
+ s = tab[b >> 32 & 0xF];
+ l ^= s << 32;
+ h ^= s >> 32;
+ s = tab[b >> 36 & 0xF];
+ l ^= s << 36;
+ h ^= s >> 28;
+ s = tab[b >> 40 & 0xF];
+ l ^= s << 40;
+ h ^= s >> 24;
+ s = tab[b >> 44 & 0xF];
+ l ^= s << 44;
+ h ^= s >> 20;
+ s = tab[b >> 48 & 0xF];
+ l ^= s << 48;
+ h ^= s >> 16;
+ s = tab[b >> 52 & 0xF];
+ l ^= s << 52;
+ h ^= s >> 12;
+ s = tab[b >> 56 & 0xF];
+ l ^= s << 56;
+ h ^= s >> 8;
+ s = tab[b >> 60];
+ l ^= s << 60;
+ h ^= s >> 4;
+
+ /* compensate for the top three bits of a */
+
+ if (top3b & 01) {
+ l ^= b << 61;
+ h ^= b >> 3;
+ }
+ if (top3b & 02) {
+ l ^= b << 62;
+ h ^= b >> 2;
+ }
+ if (top3b & 04) {
+ l ^= b << 63;
+ h ^= b >> 1;
+ }
+
+ *r1 = h;
+ *r0 = l;
+}
+#endif
+
+/*
+ * Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
+ * result is a polynomial r with degree < 4 * BN_BITS2 - 1 The caller MUST
+ * ensure that the variables have the right amount of space allocated.
+ */
+static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0,
+ const BN_ULONG b1, const BN_ULONG b0)
+{
+ BN_ULONG m1, m0;
+ /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
+ bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1);
+ bn_GF2m_mul_1x1(r + 1, r, a0, b0);
+ bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
+ /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
+ r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */
+ r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
+}
+
+/*
+ * Add polynomials a and b and store result in r; r could be a or b, a and b
+ * could be equal; r is the bitwise XOR of a and b.
+ */
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+ int i;
+ const BIGNUM *at, *bt;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ if (a->top < b->top) {
+ at = b;
+ bt = a;
+ } else {
+ at = a;
+ bt = b;
+ }
+
+ if (bn_wexpand(r, at->top) == NULL)
+ return 0;
+
+ for (i = 0; i < bt->top; i++) {
+ r->d[i] = at->d[i] ^ bt->d[i];
+ }
+ for (; i < at->top; i++) {
+ r->d[i] = at->d[i];
+ }
+
+ r->top = at->top;
+ bn_correct_top(r);
+
+ return 1;
+}
+
+/*-
+ * Some functions allow for representation of the irreducible polynomials
+ * as an int[], say p. The irreducible f(t) is then of the form:
+ * t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+
+/* Performs modular reduction of a and store result in r. r could be a. */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[])
+{
+ int j, k;
+ int n, dN, d0, d1;
+ BN_ULONG zz, *z;
+
+ bn_check_top(a);
+
+ if (!p[0]) {
+ /* reduction mod 1 => return 0 */
+ BN_zero(r);
+ return 1;
+ }
+
+ /*
+ * Since the algorithm does reduction in the r value, if a != r, copy the
+ * contents of a into r so we can do reduction in r.
+ */
+ if (a != r) {
+ if (!bn_wexpand(r, a->top))
+ return 0;
+ for (j = 0; j < a->top; j++) {
+ r->d[j] = a->d[j];
+ }
+ r->top = a->top;
+ }
+ z = r->d;
+
+ /* start reduction */
+ dN = p[0] / BN_BITS2;
+ for (j = r->top - 1; j > dN;) {
+ zz = z[j];
+ if (z[j] == 0) {
+ j--;
+ continue;
+ }
+ z[j] = 0;
+
+ for (k = 1; p[k] != 0; k++) {
+ /* reducing component t^p[k] */
+ n = p[0] - p[k];
+ d0 = n % BN_BITS2;
+ d1 = BN_BITS2 - d0;
+ n /= BN_BITS2;
+ z[j - n] ^= (zz >> d0);
+ if (d0)
+ z[j - n - 1] ^= (zz << d1);
+ }
+
+ /* reducing component t^0 */
+ n = dN;
+ d0 = p[0] % BN_BITS2;
+ d1 = BN_BITS2 - d0;
+ z[j - n] ^= (zz >> d0);
+ if (d0)
+ z[j - n - 1] ^= (zz << d1);
+ }
+
+ /* final round of reduction */
+ while (j == dN) {
+
+ d0 = p[0] % BN_BITS2;
+ zz = z[dN] >> d0;
+ if (zz == 0)
+ break;
+ d1 = BN_BITS2 - d0;
+
+ /* clear up the top d1 bits */
+ if (d0)
+ z[dN] = (z[dN] << d1) >> d1;
+ else
+ z[dN] = 0;
+ z[0] ^= zz; /* reduction t^0 component */
+
+ for (k = 1; p[k] != 0; k++) {
+ BN_ULONG tmp_ulong;
+
+ /* reducing component t^p[k] */
+ n = p[k] / BN_BITS2;
+ d0 = p[k] % BN_BITS2;
+ d1 = BN_BITS2 - d0;
+ z[n] ^= (zz << d0);
+ tmp_ulong = zz >> d1;
+ if (d0 && tmp_ulong)
+ z[n + 1] ^= tmp_ulong;
+ }
+
+ }
+
+ bn_correct_top(r);
+ return 1;
+}
+
+/*
+ * Performs modular reduction of a by p and store result in r. r could be a.
+ * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_arr function.
+ */
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
+{
+ int ret = 0;
+ const int max = BN_num_bits(p);
+ unsigned int *arr = NULL;
+ bn_check_top(a);
+ bn_check_top(p);
+ if ((arr =
+ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL)
+ goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH);
+ goto err;
+ }
+ ret = BN_GF2m_mod_arr(r, a, arr);
+ bn_check_top(r);
+ err:
+ if (arr)
+ OPENSSL_free(arr);
+ return ret;
+}
+
+/*
+ * Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r. r could be a or b; a could be b.
+ */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const unsigned int p[], BN_CTX *ctx)
+{
+ int zlen, i, j, k, ret = 0;
+ BIGNUM *s;
+ BN_ULONG x1, x0, y1, y0, zz[4];
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ if (a == b) {
+ return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
+ }
+
+ BN_CTX_start(ctx);
+ if ((s = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
+ zlen = a->top + b->top + 4;
+ if (!bn_wexpand(s, zlen))
+ goto err;
+ s->top = zlen;
+
+ for (i = 0; i < zlen; i++)
+ s->d[i] = 0;
+
+ for (j = 0; j < b->top; j += 2) {
+ y0 = b->d[j];
+ y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1];
+ for (i = 0; i < a->top; i += 2) {
+ x0 = a->d[i];
+ x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1];
+ bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
+ for (k = 0; k < 4; k++)
+ s->d[i + j + k] ^= zz[k];
+ }
+ }
+
+ bn_correct_top(s);
+ if (BN_GF2m_mod_arr(r, s, p))
+ ret = 1;
+ bn_check_top(r);
+
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+/*
+ * Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r. r could be a or b; a could equal b. This function calls
+ * down to the BN_GF2m_mod_mul_arr implementation; this wrapper function is
+ * only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_mul_arr function.
+ */
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *p, BN_CTX *ctx)
+{
+ int ret = 0;
+ const int max = BN_num_bits(p);
+ unsigned int *arr = NULL;
+ bn_check_top(a);
+ bn_check_top(b);
+ bn_check_top(p);
+ if ((arr =
+ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL)
+ goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH);
+ goto err;
+ }
+ ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
+ bn_check_top(r);
+ err:
+ if (arr)
+ OPENSSL_free(arr);
+ return ret;
+}
+
+/* Square a, reduce the result mod p, and store it in a. r could be a. */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
+ BN_CTX *ctx)
+{
+ int i, ret = 0;
+ BIGNUM *s;
+
+ bn_check_top(a);
+ BN_CTX_start(ctx);
+ if ((s = BN_CTX_get(ctx)) == NULL)
+ return 0;
+ if (!bn_wexpand(s, 2 * a->top))
+ goto err;
+
+ for (i = a->top - 1; i >= 0; i--) {
+ s->d[2 * i + 1] = SQR1(a->d[i]);
+ s->d[2 * i] = SQR0(a->d[i]);
+ }
+
+ s->top = 2 * a->top;
+ bn_correct_top(s);
+ if (!BN_GF2m_mod_arr(r, s, p))
+ goto err;
+ bn_check_top(r);
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+/*
+ * Square a, reduce the result mod p, and store it in a. r could be a. This
+ * function calls down to the BN_GF2m_mod_sqr_arr implementation; this
+ * wrapper function is only provided for convenience; for best performance,
+ * use the BN_GF2m_mod_sqr_arr function.
+ */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+ int ret = 0;
+ const int max = BN_num_bits(p);
+ unsigned int *arr = NULL;
+
+ bn_check_top(a);
+ bn_check_top(p);
+ if ((arr =
+ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL)
+ goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH);
+ goto err;
+ }
+ ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
+ bn_check_top(r);
+ err:
+ if (arr)
+ OPENSSL_free(arr);
+ return ret;
+}
+
+/*
+ * Invert a, reduce modulo p, and store the result in r. r could be a. Uses
+ * Modified Almost Inverse Algorithm (Algorithm 10) from Hankerson, D.,
+ * Hernandez, J.L., and Menezes, A. "Software Implementation of Elliptic
+ * Curve Cryptography Over Binary Fields".
+ */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+ BIGNUM *b, *c, *u, *v, *tmp;
+ int ret = 0;
+
+ bn_check_top(a);
+ bn_check_top(p);
+
+ BN_CTX_start(ctx);
+
+ b = BN_CTX_get(ctx);
+ c = BN_CTX_get(ctx);
+ u = BN_CTX_get(ctx);
+ v = BN_CTX_get(ctx);
+ if (v == NULL)
+ goto err;
+
+ if (!BN_one(b))
+ goto err;
+ if (!BN_GF2m_mod(u, a, p))
+ goto err;
+ if (!BN_copy(v, p))
+ goto err;
+
+ if (BN_is_zero(u))
+ goto err;
+
+ while (1) {
+ while (!BN_is_odd(u)) {
+ if (BN_is_zero(u))
+ goto err;
+ if (!BN_rshift1(u, u))
+ goto err;
+ if (BN_is_odd(b)) {
+ if (!BN_GF2m_add(b, b, p))
+ goto err;
+ }
+ if (!BN_rshift1(b, b))
+ goto err;
+ }
+
+ if (BN_abs_is_word(u, 1))
+ break;
+
+ if (BN_num_bits(u) < BN_num_bits(v)) {
+ tmp = u;
+ u = v;
+ v = tmp;
+ tmp = b;
+ b = c;
+ c = tmp;
+ }
+
+ if (!BN_GF2m_add(u, u, v))
+ goto err;
+ if (!BN_GF2m_add(b, b, c))
+ goto err;
+ }
+
+ if (!BN_copy(r, b))
+ goto err;
+ bn_check_top(r);
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+/*
+ * Invert xx, reduce modulo p, and store the result in r. r could be xx.
+ * This function calls down to the BN_GF2m_mod_inv implementation; this
+ * wrapper function is only provided for convenience; for best performance,
+ * use the BN_GF2m_mod_inv function.
+ */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[],
+ BN_CTX *ctx)
+{
+ BIGNUM *field;
+ int ret = 0;
+
+ bn_check_top(xx);
+ BN_CTX_start(ctx);
+ if ((field = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if (!BN_GF2m_arr2poly(p, field))
+ goto err;
+
+ ret = BN_GF2m_mod_inv(r, xx, field, ctx);
+ bn_check_top(r);
+
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+#ifndef OPENSSL_SUN_GF2M_DIV
+/*
+ * Divide y by x, reduce modulo p, and store the result in r. r could be x
+ * or y, x could equal y.
+ */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
+ const BIGNUM *p, BN_CTX *ctx)
+{
+ BIGNUM *xinv = NULL;
+ int ret = 0;
+
+ bn_check_top(y);
+ bn_check_top(x);
+ bn_check_top(p);
+
+ BN_CTX_start(ctx);
+ xinv = BN_CTX_get(ctx);
+ if (xinv == NULL)
+ goto err;
+
+ if (!BN_GF2m_mod_inv(xinv, x, p, ctx))
+ goto err;
+ if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx))
+ goto err;
+ bn_check_top(r);
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+#else
+/*
+ * Divide y by x, reduce modulo p, and store the result in r. r could be x
+ * or y, x could equal y. Uses algorithm Modular_Division_GF(2^m) from
+ * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to the
+ * Great Divide".
+ */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
+ const BIGNUM *p, BN_CTX *ctx)
+{
+ BIGNUM *a, *b, *u, *v;
+ int ret = 0;
+
+ bn_check_top(y);
+ bn_check_top(x);
+ bn_check_top(p);
+
+ BN_CTX_start(ctx);
+
+ a = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
+ u = BN_CTX_get(ctx);
+ v = BN_CTX_get(ctx);
+ if (v == NULL)
+ goto err;
+
+ /* reduce x and y mod p */
+ if (!BN_GF2m_mod(u, y, p))
+ goto err;
+ if (!BN_GF2m_mod(a, x, p))
+ goto err;
+ if (!BN_copy(b, p))
+ goto err;
+
+ while (!BN_is_odd(a)) {
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (BN_is_odd(u))
+ if (!BN_GF2m_add(u, u, p))
+ goto err;
+ if (!BN_rshift1(u, u))
+ goto err;
+ }
+
+ do {
+ if (BN_GF2m_cmp(b, a) > 0) {
+ if (!BN_GF2m_add(b, b, a))
+ goto err;
+ if (!BN_GF2m_add(v, v, u))
+ goto err;
+ do {
+ if (!BN_rshift1(b, b))
+ goto err;
+ if (BN_is_odd(v))
+ if (!BN_GF2m_add(v, v, p))
+ goto err;
+ if (!BN_rshift1(v, v))
+ goto err;
+ } while (!BN_is_odd(b));
+ } else if (BN_abs_is_word(a, 1))
+ break;
+ else {
+ if (!BN_GF2m_add(a, a, b))
+ goto err;
+ if (!BN_GF2m_add(u, u, v))
+ goto err;
+ do {
+ if (!BN_rshift1(a, a))
+ goto err;
+ if (BN_is_odd(u))
+ if (!BN_GF2m_add(u, u, p))
+ goto err;
+ if (!BN_rshift1(u, u))
+ goto err;
+ } while (!BN_is_odd(a));
+ }
+ } while (1);
+
+ if (!BN_copy(r, u))
+ goto err;
+ bn_check_top(r);
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+#endif
+
+/*
+ * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
+ * * or yy, xx could equal yy. This function calls down to the
+ * BN_GF2m_mod_div implementation; this wrapper function is only provided for
+ * convenience; for best performance, use the BN_GF2m_mod_div function.
+ */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx,
+ const unsigned int p[], BN_CTX *ctx)
+{
+ BIGNUM *field;
+ int ret = 0;
+
+ bn_check_top(yy);
+ bn_check_top(xx);
+
+ BN_CTX_start(ctx);
+ if ((field = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if (!BN_GF2m_arr2poly(p, field))
+ goto err;
+
+ ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
+ bn_check_top(r);
+
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+/*
+ * Compute the bth power of a, reduce modulo p, and store the result in r. r
+ * could be a. Uses simple square-and-multiply algorithm A.5.1 from IEEE
+ * P1363.
+ */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const unsigned int p[], BN_CTX *ctx)
+{
+ int ret = 0, i, n;
+ BIGNUM *u;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ if (BN_is_zero(b))
+ return (BN_one(r));
+
+ if (BN_abs_is_word(b, 1))
+ return (BN_copy(r, a) != NULL);
+
+ BN_CTX_start(ctx);
+ if ((u = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
+ if (!BN_GF2m_mod_arr(u, a, p))
+ goto err;
+
+ n = BN_num_bits(b) - 1;
+ for (i = n - 1; i >= 0; i--) {
+ if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx))
+ goto err;
+ if (BN_is_bit_set(b, i)) {
+ if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx))
+ goto err;
+ }
+ }
+ if (!BN_copy(r, u))
+ goto err;
+ bn_check_top(r);
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+/*
+ * Compute the bth power of a, reduce modulo p, and store the result in r. r
+ * could be a. This function calls down to the BN_GF2m_mod_exp_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_exp_arr function.
+ */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *p, BN_CTX *ctx)
+{
+ int ret = 0;
+ const int max = BN_num_bits(p);
+ unsigned int *arr = NULL;
+ bn_check_top(a);
+ bn_check_top(b);
+ bn_check_top(p);
+ if ((arr =
+ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL)
+ goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH);
+ goto err;
+ }
+ ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
+ bn_check_top(r);
+ err:
+ if (arr)
+ OPENSSL_free(arr);
+ return ret;
+}
+
+/*
+ * Compute the square root of a, reduce modulo p, and store the result in r.
+ * r could be a. Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
+ */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
+ BN_CTX *ctx)
+{
+ int ret = 0;
+ BIGNUM *u;
+
+ bn_check_top(a);
+
+ if (!p[0]) {
+ /* reduction mod 1 => return 0 */
+ BN_zero(r);
+ return 1;
+ }
+
+ BN_CTX_start(ctx);
+ if ((u = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
+ if (!BN_set_bit(u, p[0] - 1))
+ goto err;
+ ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
+ bn_check_top(r);
+
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+/*
+ * Compute the square root of a, reduce modulo p, and store the result in r.
+ * r could be a. This function calls down to the BN_GF2m_mod_sqrt_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_sqrt_arr function.
+ */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+ int ret = 0;
+ const int max = BN_num_bits(p);
+ unsigned int *arr = NULL;
+ bn_check_top(a);
+ bn_check_top(p);
+ if ((arr =
+ (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL)
+ goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH);
+ goto err;
+ }
+ ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
+ bn_check_top(r);
+ err:
+ if (arr)
+ OPENSSL_free(arr);
+ return ret;
+}
+
+/*
+ * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns
+ * 0. Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
+ */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_,
+ const unsigned int p[], BN_CTX *ctx)
+{
+ int ret = 0, count = 0;
+ unsigned int j;
+ BIGNUM *a, *z, *rho, *w, *w2, *tmp;
+
+ bn_check_top(a_);
+
+ if (!p[0]) {
+ /* reduction mod 1 => return 0 */
+ BN_zero(r);
+ return 1;
+ }
+
+ BN_CTX_start(ctx);
+ a = BN_CTX_get(ctx);
+ z = BN_CTX_get(ctx);
+ w = BN_CTX_get(ctx);
+ if (w == NULL)
+ goto err;
+
+ if (!BN_GF2m_mod_arr(a, a_, p))
+ goto err;
+
+ if (BN_is_zero(a)) {
+ BN_zero(r);
+ ret = 1;
+ goto err;
+ }
+
+ if (p[0] & 0x1) { /* m is odd */
+ /* compute half-trace of a */
+ if (!BN_copy(z, a))
+ goto err;
+ for (j = 1; j <= (p[0] - 1) / 2; j++) {
+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+ goto err;
+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+ goto err;
+ if (!BN_GF2m_add(z, z, a))
+ goto err;
+ }
+
+ } else { /* m is even */
+
+ rho = BN_CTX_get(ctx);
+ w2 = BN_CTX_get(ctx);
+ tmp = BN_CTX_get(ctx);
+ if (tmp == NULL)
+ goto err;
+ do {
+ if (!BN_rand(rho, p[0], 0, 0))
+ goto err;
+ if (!BN_GF2m_mod_arr(rho, rho, p))
+ goto err;
+ BN_zero(z);
+ if (!BN_copy(w, rho))
+ goto err;
+ for (j = 1; j <= p[0] - 1; j++) {
+ if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+ goto err;
+ if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx))
+ goto err;
+ if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx))
+ goto err;
+ if (!BN_GF2m_add(z, z, tmp))
+ goto err;
+ if (!BN_GF2m_add(w, w2, rho))
+ goto err;
+ }
+ count++;
+ } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
+ if (BN_is_zero(w)) {
+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_TOO_MANY_ITERATIONS);
+ goto err;
+ }
+ }
+
+ if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx))
+ goto err;
+ if (!BN_GF2m_add(w, z, w))
+ goto err;
+ if (BN_GF2m_cmp(w, a)) {
+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
+ goto err;
+ }
+
+ if (!BN_copy(r, z))
+ goto err;
+ bn_check_top(r);
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+/*
+ * Find r such that r^2 + r = a mod p. r could be a. If no r exists returns
+ * 0. This function calls down to the BN_GF2m_mod_solve_quad_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_solve_quad_arr function.
+ */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ BN_CTX *ctx)
+{
+ int ret = 0;
+ const int max = BN_num_bits(p);
+ unsigned int *arr = NULL;
+ bn_check_top(a);
+ bn_check_top(p);
+ if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) *
+ max)) == NULL)
+ goto err;
+ ret = BN_GF2m_poly2arr(p, arr, max);
+ if (!ret || ret > max) {
+ BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH);
+ goto err;
+ }
+ ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
+ bn_check_top(r);
+ err:
+ if (arr)
+ OPENSSL_free(arr);
+ return ret;
+}
+
+/*
+ * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
+ * x^i , where a_0 is *not* zero) into an array of integers corresponding to
+ * the bits with non-zero coefficient. Up to max elements of the array will
+ * be filled. Return value is total number of coefficients that would be
+ * extracted if array was large enough.
+ */
+int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max)
+{
+ int i, j, k = 0;
+ BN_ULONG mask;
+
+ if (BN_is_zero(a) || !BN_is_bit_set(a, 0))
+ /*
+ * a_0 == 0 => return error (the unsigned int array must be
+ * terminated by 0)
+ */
+ return 0;
+
+ for (i = a->top - 1; i >= 0; i--) {
+ if (!a->d[i])
+ /* skip word if a->d[i] == 0 */
+ continue;
+ mask = BN_TBIT;
+ for (j = BN_BITS2 - 1; j >= 0; j--) {
+ if (a->d[i] & mask) {
+ if (k < max)
+ p[k] = BN_BITS2 * i + j;
+ k++;
+ }
+ mask >>= 1;
+ }
+ }
+
+ return k;
+}
+
+/*
+ * Convert the coefficient array representation of a polynomial to a
+ * bit-string. The array must be terminated by 0.
+ */
+int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a)
+{
+ int i;
+
+ bn_check_top(a);
+ BN_zero(a);
+ for (i = 0; p[i] != 0; i++) {
+ if (BN_set_bit(a, p[i]) == 0)
+ return 0;
+ }
+ BN_set_bit(a, 0);
+ bn_check_top(a);
+
+ return 1;
+}
+
+/*
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set.
+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b,
+ * and that no more than nwords are used by either a or b.
+ * a and b cannot be the same number
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+{
+ BN_ULONG t;
+ int i;
+
+ bn_wcheck_size(a, nwords);
+ bn_wcheck_size(b, nwords);
+
+ assert(a != b);
+ assert((condition & (condition - 1)) == 0);
+ assert(sizeof(BN_ULONG) >= sizeof(int));
+
+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+
+ t = (a->top ^ b->top) & condition;
+ a->top ^= t;
+ b->top ^= t;
+
+#define BN_CONSTTIME_SWAP(ind) \
+ do { \
+ t = (a->d[ind] ^ b->d[ind]) & condition; \
+ a->d[ind] ^= t; \
+ b->d[ind] ^= t; \
+ } while (0)
+
+ switch (nwords) {
+ default:
+ for (i = 10; i < nwords; i++)
+ BN_CONSTTIME_SWAP(i);
+ /* Fallthrough */
+ case 10:
+ BN_CONSTTIME_SWAP(9); /* Fallthrough */
+ case 9:
+ BN_CONSTTIME_SWAP(8); /* Fallthrough */
+ case 8:
+ BN_CONSTTIME_SWAP(7); /* Fallthrough */
+ case 7:
+ BN_CONSTTIME_SWAP(6); /* Fallthrough */
+ case 6:
+ BN_CONSTTIME_SWAP(5); /* Fallthrough */
+ case 5:
+ BN_CONSTTIME_SWAP(4); /* Fallthrough */
+ case 4:
+ BN_CONSTTIME_SWAP(3); /* Fallthrough */
+ case 3:
+ BN_CONSTTIME_SWAP(2); /* Fallthrough */
+ case 2:
+ BN_CONSTTIME_SWAP(1); /* Fallthrough */
+ case 1:
+ BN_CONSTTIME_SWAP(0);
+ }
+#undef BN_CONSTTIME_SWAP
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_kron.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_kron.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_kron.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,184 +0,0 @@
-/* crypto/bn/bn_kron.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* least significant word */
-#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
-
-/* Returns -2 for errors because both -1 and 0 are valid results. */
-int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- int i;
- int ret = -2; /* avoid 'uninitialized' warning */
- int err = 0;
- BIGNUM *A, *B, *tmp;
- /* In 'tab', only odd-indexed entries are relevant:
- * For any odd BIGNUM n,
- * tab[BN_lsw(n) & 7]
- * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
- * Note that the sign of n does not matter.
- */
- static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1};
-
- bn_check_top(a);
- bn_check_top(b);
-
- BN_CTX_start(ctx);
- A = BN_CTX_get(ctx);
- B = BN_CTX_get(ctx);
- if (B == NULL) goto end;
-
- err = !BN_copy(A, a);
- if (err) goto end;
- err = !BN_copy(B, b);
- if (err) goto end;
-
- /*
- * Kronecker symbol, imlemented according to Henri Cohen,
- * "A Course in Computational Algebraic Number Theory"
- * (algorithm 1.4.10).
- */
-
- /* Cohen's step 1: */
-
- if (BN_is_zero(B))
- {
- ret = BN_abs_is_word(A, 1);
- goto end;
- }
-
- /* Cohen's step 2: */
-
- if (!BN_is_odd(A) && !BN_is_odd(B))
- {
- ret = 0;
- goto end;
- }
-
- /* now B is non-zero */
- i = 0;
- while (!BN_is_bit_set(B, i))
- i++;
- err = !BN_rshift(B, B, i);
- if (err) goto end;
- if (i & 1)
- {
- /* i is odd */
- /* (thus B was even, thus A must be odd!) */
-
- /* set 'ret' to $(-1)^{(A^2-1)/8}$ */
- ret = tab[BN_lsw(A) & 7];
- }
- else
- {
- /* i is even */
- ret = 1;
- }
-
- if (B->neg)
- {
- B->neg = 0;
- if (A->neg)
- ret = -ret;
- }
-
- /* now B is positive and odd, so what remains to be done is
- * to compute the Jacobi symbol (A/B) and multiply it by 'ret' */
-
- while (1)
- {
- /* Cohen's step 3: */
-
- /* B is positive and odd */
-
- if (BN_is_zero(A))
- {
- ret = BN_is_one(B) ? ret : 0;
- goto end;
- }
-
- /* now A is non-zero */
- i = 0;
- while (!BN_is_bit_set(A, i))
- i++;
- err = !BN_rshift(A, A, i);
- if (err) goto end;
- if (i & 1)
- {
- /* i is odd */
- /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */
- ret = ret * tab[BN_lsw(B) & 7];
- }
-
- /* Cohen's step 4: */
- /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */
- if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
- ret = -ret;
-
- /* (A, B) := (B mod |A|, |A|) */
- err = !BN_nnmod(B, B, A, ctx);
- if (err) goto end;
- tmp = A; A = B; B = tmp;
- tmp->neg = 0;
- }
-end:
- BN_CTX_end(ctx);
- if (err)
- return -2;
- else
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_kron.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_kron.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_kron.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_kron.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,186 @@
+/* crypto/bn/bn_kron.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* least significant word */
+#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
+
+/* Returns -2 for errors because both -1 and 0 are valid results. */
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+ int i;
+ int ret = -2; /* avoid 'uninitialized' warning */
+ int err = 0;
+ BIGNUM *A, *B, *tmp;
+ /*-
+ * In 'tab', only odd-indexed entries are relevant:
+ * For any odd BIGNUM n,
+ * tab[BN_lsw(n) & 7]
+ * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
+ * Note that the sign of n does not matter.
+ */
+ static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 };
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ BN_CTX_start(ctx);
+ A = BN_CTX_get(ctx);
+ B = BN_CTX_get(ctx);
+ if (B == NULL)
+ goto end;
+
+ err = !BN_copy(A, a);
+ if (err)
+ goto end;
+ err = !BN_copy(B, b);
+ if (err)
+ goto end;
+
+ /*
+ * Kronecker symbol, imlemented according to Henri Cohen,
+ * "A Course in Computational Algebraic Number Theory"
+ * (algorithm 1.4.10).
+ */
+
+ /* Cohen's step 1: */
+
+ if (BN_is_zero(B)) {
+ ret = BN_abs_is_word(A, 1);
+ goto end;
+ }
+
+ /* Cohen's step 2: */
+
+ if (!BN_is_odd(A) && !BN_is_odd(B)) {
+ ret = 0;
+ goto end;
+ }
+
+ /* now B is non-zero */
+ i = 0;
+ while (!BN_is_bit_set(B, i))
+ i++;
+ err = !BN_rshift(B, B, i);
+ if (err)
+ goto end;
+ if (i & 1) {
+ /* i is odd */
+ /* (thus B was even, thus A must be odd!) */
+
+ /* set 'ret' to $(-1)^{(A^2-1)/8}$ */
+ ret = tab[BN_lsw(A) & 7];
+ } else {
+ /* i is even */
+ ret = 1;
+ }
+
+ if (B->neg) {
+ B->neg = 0;
+ if (A->neg)
+ ret = -ret;
+ }
+
+ /*
+ * now B is positive and odd, so what remains to be done is to compute
+ * the Jacobi symbol (A/B) and multiply it by 'ret'
+ */
+
+ while (1) {
+ /* Cohen's step 3: */
+
+ /* B is positive and odd */
+
+ if (BN_is_zero(A)) {
+ ret = BN_is_one(B) ? ret : 0;
+ goto end;
+ }
+
+ /* now A is non-zero */
+ i = 0;
+ while (!BN_is_bit_set(A, i))
+ i++;
+ err = !BN_rshift(A, A, i);
+ if (err)
+ goto end;
+ if (i & 1) {
+ /* i is odd */
+ /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */
+ ret = ret * tab[BN_lsw(B) & 7];
+ }
+
+ /* Cohen's step 4: */
+ /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */
+ if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
+ ret = -ret;
+
+ /* (A, B) := (B mod |A|, |A|) */
+ err = !BN_nnmod(B, B, A, ctx);
+ if (err)
+ goto end;
+ tmp = A;
+ A = B;
+ B = tmp;
+ tmp->neg = 0;
+ }
+ end:
+ BN_CTX_end(ctx);
+ if (err)
+ return -2;
+ else
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lcl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_lcl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,490 +0,0 @@
-/* crypto/bn/bn_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_BN_LCL_H
-#define HEADER_BN_LCL_H
-
-#include <openssl/bn.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/*
- * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
- *
- *
- * For window size 'w' (w >= 2) and a random 'b' bits exponent,
- * the number of multiplications is a constant plus on average
- *
- * 2^(w-1) + (b-w)/(w+1);
- *
- * here 2^(w-1) is for precomputing the table (we actually need
- * entries only for windows that have the lowest bit set), and
- * (b-w)/(w+1) is an approximation for the expected number of
- * w-bit windows, not counting the first one.
- *
- * Thus we should use
- *
- * w >= 6 if b > 671
- * w = 5 if 671 > b > 239
- * w = 4 if 239 > b > 79
- * w = 3 if 79 > b > 23
- * w <= 2 if 23 > b
- *
- * (with draws in between). Very small exponents are often selected
- * with low Hamming weight, so we use w = 1 for b <= 23.
- */
-#if 1
-#define BN_window_bits_for_exponent_size(b) \
- ((b) > 671 ? 6 : \
- (b) > 239 ? 5 : \
- (b) > 79 ? 4 : \
- (b) > 23 ? 3 : 1)
-#else
-/* Old SSLeay/OpenSSL table.
- * Maximum window size was 5, so this table differs for b==1024;
- * but it coincides for other interesting values (b==160, b==512).
- */
-#define BN_window_bits_for_exponent_size(b) \
- ((b) > 255 ? 5 : \
- (b) > 127 ? 4 : \
- (b) > 17 ? 3 : 1)
-#endif
-
-
-
-/* BN_mod_exp_mont_conttime is based on the assumption that the
- * L1 data cache line width of the target processor is at least
- * the following value.
- */
-#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 )
-#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
-
-/* Window sizes optimized for fixed window size modular exponentiation
- * algorithm (BN_mod_exp_mont_consttime).
- *
- * To achieve the security goals of BN_mode_exp_mont_consttime, the
- * maximum size of the window must not exceed
- * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH).
- *
- * Window size thresholds are defined for cache line sizes of 32 and 64,
- * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A
- * window size of 7 should only be used on processors that have a 128
- * byte or greater cache line size.
- */
-#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
-
-# define BN_window_bits_for_ctime_exponent_size(b) \
- ((b) > 937 ? 6 : \
- (b) > 306 ? 5 : \
- (b) > 89 ? 4 : \
- (b) > 22 ? 3 : 1)
-# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6)
-
-#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
-
-# define BN_window_bits_for_ctime_exponent_size(b) \
- ((b) > 306 ? 5 : \
- (b) > 89 ? 4 : \
- (b) > 22 ? 3 : 1)
-# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5)
-
-#endif
-
-
-/* Pentium pro 16,16,16,32,64 */
-/* Alpha 16,16,16,16.64 */
-#define BN_MULL_SIZE_NORMAL (16) /* 32 */
-#define BN_MUL_RECURSIVE_SIZE_NORMAL (16) /* 32 less than */
-#define BN_SQR_RECURSIVE_SIZE_NORMAL (16) /* 32 */
-#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) /* 32 */
-#define BN_MONT_CTX_SET_SIZE_WORD (64) /* 32 */
-
-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
-/*
- * BN_UMULT_HIGH section.
- *
- * No, I'm not trying to overwhelm you when stating that the
- * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
- * you to be impressed when I say that if the compiler doesn't
- * support 2*N integer type, then you have to replace every N*N
- * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
- * and additions which unavoidably results in severe performance
- * penalties. Of course provided that the hardware is capable of
- * producing 2*N result... That's when you normally start
- * considering assembler implementation. However! It should be
- * pointed out that some CPUs (most notably Alpha, PowerPC and
- * upcoming IA-64 family:-) provide *separate* instruction
- * calculating the upper half of the product placing the result
- * into a general purpose register. Now *if* the compiler supports
- * inline assembler, then it's not impossible to implement the
- * "bignum" routines (and have the compiler optimize 'em)
- * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
- * macro is about:-)
- *
- * <appro at fy.chalmers.se>
- */
-# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
-# if defined(__DECC)
-# include <c_asm.h>
-# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
-# elif defined(__GNUC__)
-# define BN_UMULT_HIGH(a,b) ({ \
- register BN_ULONG ret; \
- asm ("umulh %1,%2,%0" \
- : "=r"(ret) \
- : "r"(a), "r"(b)); \
- ret; })
-# endif /* compiler */
-# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
-# if defined(__GNUC__)
-# define BN_UMULT_HIGH(a,b) ({ \
- register BN_ULONG ret; \
- asm ("mulhdu %0,%1,%2" \
- : "=r"(ret) \
- : "r"(a), "r"(b)); \
- ret; })
-# endif /* compiler */
-# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
-# if defined(__GNUC__)
-# define BN_UMULT_HIGH(a,b) ({ \
- register BN_ULONG ret,discard; \
- asm ("mulq %3" \
- : "=a"(discard),"=d"(ret) \
- : "a"(a), "g"(b) \
- : "cc"); \
- ret; })
-# define BN_UMULT_LOHI(low,high,a,b) \
- asm ("mulq %3" \
- : "=a"(low),"=d"(high) \
- : "a"(a),"g"(b) \
- : "cc");
-# endif
-# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT)
-# if defined(_MSC_VER) && _MSC_VER>=1400
- unsigned __int64 __umulh (unsigned __int64 a,unsigned __int64 b);
- unsigned __int64 _umul128 (unsigned __int64 a,unsigned __int64 b,
- unsigned __int64 *h);
-# pragma intrinsic(__umulh,_umul128)
-# define BN_UMULT_HIGH(a,b) __umulh((a),(b))
-# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high)))
-# endif
-# endif /* cpu */
-#endif /* OPENSSL_NO_ASM */
-
-/*************************************************************
- * Using the long long type
- */
-#define Lw(t) (((BN_ULONG)(t))&BN_MASK2)
-#define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
-
-#ifdef BN_DEBUG_RAND
-#define bn_clear_top2max(a) \
- { \
- int ind = (a)->dmax - (a)->top; \
- BN_ULONG *ftl = &(a)->d[(a)->top-1]; \
- for (; ind != 0; ind--) \
- *(++ftl) = 0x0; \
- }
-#else
-#define bn_clear_top2max(a)
-#endif
-
-#ifdef BN_LLONG
-#define mul_add(r,a,w,c) { \
- BN_ULLONG t; \
- t=(BN_ULLONG)w * (a) + (r) + (c); \
- (r)= Lw(t); \
- (c)= Hw(t); \
- }
-
-#define mul(r,a,w,c) { \
- BN_ULLONG t; \
- t=(BN_ULLONG)w * (a) + (c); \
- (r)= Lw(t); \
- (c)= Hw(t); \
- }
-
-#define sqr(r0,r1,a) { \
- BN_ULLONG t; \
- t=(BN_ULLONG)(a)*(a); \
- (r0)=Lw(t); \
- (r1)=Hw(t); \
- }
-
-#elif defined(BN_UMULT_LOHI)
-#define mul_add(r,a,w,c) { \
- BN_ULONG high,low,ret,tmp=(a); \
- ret = (r); \
- BN_UMULT_LOHI(low,high,w,tmp); \
- ret += (c); \
- (c) = (ret<(c))?1:0; \
- (c) += high; \
- ret += low; \
- (c) += (ret<low)?1:0; \
- (r) = ret; \
- }
-
-#define mul(r,a,w,c) { \
- BN_ULONG high,low,ret,ta=(a); \
- BN_UMULT_LOHI(low,high,w,ta); \
- ret = low + (c); \
- (c) = high; \
- (c) += (ret<low)?1:0; \
- (r) = ret; \
- }
-
-#define sqr(r0,r1,a) { \
- BN_ULONG tmp=(a); \
- BN_UMULT_LOHI(r0,r1,tmp,tmp); \
- }
-
-#elif defined(BN_UMULT_HIGH)
-#define mul_add(r,a,w,c) { \
- BN_ULONG high,low,ret,tmp=(a); \
- ret = (r); \
- high= BN_UMULT_HIGH(w,tmp); \
- ret += (c); \
- low = (w) * tmp; \
- (c) = (ret<(c))?1:0; \
- (c) += high; \
- ret += low; \
- (c) += (ret<low)?1:0; \
- (r) = ret; \
- }
-
-#define mul(r,a,w,c) { \
- BN_ULONG high,low,ret,ta=(a); \
- low = (w) * ta; \
- high= BN_UMULT_HIGH(w,ta); \
- ret = low + (c); \
- (c) = high; \
- (c) += (ret<low)?1:0; \
- (r) = ret; \
- }
-
-#define sqr(r0,r1,a) { \
- BN_ULONG tmp=(a); \
- (r0) = tmp * tmp; \
- (r1) = BN_UMULT_HIGH(tmp,tmp); \
- }
-
-#else
-/*************************************************************
- * No long long type
- */
-
-#define LBITS(a) ((a)&BN_MASK2l)
-#define HBITS(a) (((a)>>BN_BITS4)&BN_MASK2l)
-#define L2HBITS(a) (((a)<<BN_BITS4)&BN_MASK2)
-
-#define LLBITS(a) ((a)&BN_MASKl)
-#define LHBITS(a) (((a)>>BN_BITS2)&BN_MASKl)
-#define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
-
-#define mul64(l,h,bl,bh) \
- { \
- BN_ULONG m,m1,lt,ht; \
- \
- lt=l; \
- ht=h; \
- m =(bh)*(lt); \
- lt=(bl)*(lt); \
- m1=(bl)*(ht); \
- ht =(bh)*(ht); \
- m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
- ht+=HBITS(m); \
- m1=L2HBITS(m); \
- lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
- (l)=lt; \
- (h)=ht; \
- }
-
-#define sqr64(lo,ho,in) \
- { \
- BN_ULONG l,h,m; \
- \
- h=(in); \
- l=LBITS(h); \
- h=HBITS(h); \
- m =(l)*(h); \
- l*=l; \
- h*=h; \
- h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
- m =(m&BN_MASK2l)<<(BN_BITS4+1); \
- l=(l+m)&BN_MASK2; if (l < m) h++; \
- (lo)=l; \
- (ho)=h; \
- }
-
-#define mul_add(r,a,bl,bh,c) { \
- BN_ULONG l,h; \
- \
- h= (a); \
- l=LBITS(h); \
- h=HBITS(h); \
- mul64(l,h,(bl),(bh)); \
- \
- /* non-multiply part */ \
- l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
- (c)=(r); \
- l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
- (c)=h&BN_MASK2; \
- (r)=l; \
- }
-
-#define mul(r,a,bl,bh,c) { \
- BN_ULONG l,h; \
- \
- h= (a); \
- l=LBITS(h); \
- h=HBITS(h); \
- mul64(l,h,(bl),(bh)); \
- \
- /* non-multiply part */ \
- l+=(c); if ((l&BN_MASK2) < (c)) h++; \
- (c)=h&BN_MASK2; \
- (r)=l&BN_MASK2; \
- }
-#endif /* !BN_LLONG */
-
-void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
-void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
-void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a);
-void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
-int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
-void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
- int dna,int dnb,BN_ULONG *t);
-void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
- int n,int tna,int tnb,BN_ULONG *t);
-void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
-void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
- BN_ULONG *t);
-void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
- BN_ULONG *t);
-BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
-BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl);
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lcl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_lcl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lcl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,484 @@
+/* crypto/bn/bn_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_BN_LCL_H
+# define HEADER_BN_LCL_H
+
+# include <openssl/bn.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
+ *
+ *
+ * For window size 'w' (w >= 2) and a random 'b' bits exponent,
+ * the number of multiplications is a constant plus on average
+ *
+ * 2^(w-1) + (b-w)/(w+1);
+ *
+ * here 2^(w-1) is for precomputing the table (we actually need
+ * entries only for windows that have the lowest bit set), and
+ * (b-w)/(w+1) is an approximation for the expected number of
+ * w-bit windows, not counting the first one.
+ *
+ * Thus we should use
+ *
+ * w >= 6 if b > 671
+ * w = 5 if 671 > b > 239
+ * w = 4 if 239 > b > 79
+ * w = 3 if 79 > b > 23
+ * w <= 2 if 23 > b
+ *
+ * (with draws in between). Very small exponents are often selected
+ * with low Hamming weight, so we use w = 1 for b <= 23.
+ */
+# if 1
+# define BN_window_bits_for_exponent_size(b) \
+ ((b) > 671 ? 6 : \
+ (b) > 239 ? 5 : \
+ (b) > 79 ? 4 : \
+ (b) > 23 ? 3 : 1)
+# else
+/*
+ * Old SSLeay/OpenSSL table. Maximum window size was 5, so this table differs
+ * for b==1024; but it coincides for other interesting values (b==160,
+ * b==512).
+ */
+# define BN_window_bits_for_exponent_size(b) \
+ ((b) > 255 ? 5 : \
+ (b) > 127 ? 4 : \
+ (b) > 17 ? 3 : 1)
+# endif
+
+/*
+ * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache
+ * line width of the target processor is at least the following value.
+ */
+# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 )
+# define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
+
+/*
+ * Window sizes optimized for fixed window size modular exponentiation
+ * algorithm (BN_mod_exp_mont_consttime). To achieve the security goals of
+ * BN_mode_exp_mont_consttime, the maximum size of the window must not exceed
+ * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). Window size thresholds are
+ * defined for cache line sizes of 32 and 64, cache line sizes where
+ * log_2(32)=5 and log_2(64)=6 respectively. A window size of 7 should only be
+ * used on processors that have a 128 byte or greater cache line size.
+ */
+# if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
+
+# define BN_window_bits_for_ctime_exponent_size(b) \
+ ((b) > 937 ? 6 : \
+ (b) > 306 ? 5 : \
+ (b) > 89 ? 4 : \
+ (b) > 22 ? 3 : 1)
+# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6)
+
+# elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
+
+# define BN_window_bits_for_ctime_exponent_size(b) \
+ ((b) > 306 ? 5 : \
+ (b) > 89 ? 4 : \
+ (b) > 22 ? 3 : 1)
+# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5)
+
+# endif
+
+/* Pentium pro 16,16,16,32,64 */
+/* Alpha 16,16,16,16.64 */
+# define BN_MULL_SIZE_NORMAL (16)/* 32 */
+# define BN_MUL_RECURSIVE_SIZE_NORMAL (16)/* 32 less than */
+# define BN_SQR_RECURSIVE_SIZE_NORMAL (16)/* 32 */
+# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32)/* 32 */
+# define BN_MONT_CTX_SET_SIZE_WORD (64)/* 32 */
+
+# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+/*
+ * BN_UMULT_HIGH section.
+ *
+ * No, I'm not trying to overwhelm you when stating that the
+ * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
+ * you to be impressed when I say that if the compiler doesn't
+ * support 2*N integer type, then you have to replace every N*N
+ * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
+ * and additions which unavoidably results in severe performance
+ * penalties. Of course provided that the hardware is capable of
+ * producing 2*N result... That's when you normally start
+ * considering assembler implementation. However! It should be
+ * pointed out that some CPUs (most notably Alpha, PowerPC and
+ * upcoming IA-64 family:-) provide *separate* instruction
+ * calculating the upper half of the product placing the result
+ * into a general purpose register. Now *if* the compiler supports
+ * inline assembler, then it's not impossible to implement the
+ * "bignum" routines (and have the compiler optimize 'em)
+ * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
+ * macro is about:-)
+ *
+ * <appro at fy.chalmers.se>
+ */
+# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
+# if defined(__DECC)
+# include <c_asm.h>
+# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
+# elif defined(__GNUC__)
+# define BN_UMULT_HIGH(a,b) ({ \
+ register BN_ULONG ret; \
+ asm ("umulh %1,%2,%0" \
+ : "=r"(ret) \
+ : "r"(a), "r"(b)); \
+ ret; })
+# endif /* compiler */
+# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
+# if defined(__GNUC__)
+# define BN_UMULT_HIGH(a,b) ({ \
+ register BN_ULONG ret; \
+ asm ("mulhdu %0,%1,%2" \
+ : "=r"(ret) \
+ : "r"(a), "r"(b)); \
+ ret; })
+# endif /* compiler */
+# elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+# if defined(__GNUC__)
+# define BN_UMULT_HIGH(a,b) ({ \
+ register BN_ULONG ret,discard; \
+ asm ("mulq %3" \
+ : "=a"(discard),"=d"(ret) \
+ : "a"(a), "g"(b) \
+ : "cc"); \
+ ret; })
+# define BN_UMULT_LOHI(low,high,a,b) \
+ asm ("mulq %3" \
+ : "=a"(low),"=d"(high) \
+ : "a"(a),"g"(b) \
+ : "cc");
+# endif
+# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT)
+# if defined(_MSC_VER) && _MSC_VER>=1400
+unsigned __int64 __umulh(unsigned __int64 a, unsigned __int64 b);
+unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+ unsigned __int64 *h);
+# pragma intrinsic(__umulh,_umul128)
+# define BN_UMULT_HIGH(a,b) __umulh((a),(b))
+# define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high)))
+# endif
+# endif /* cpu */
+# endif /* OPENSSL_NO_ASM */
+
+/*************************************************************
+ * Using the long long type
+ */
+# define Lw(t) (((BN_ULONG)(t))&BN_MASK2)
+# define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
+
+# ifdef BN_DEBUG_RAND
+# define bn_clear_top2max(a) \
+ { \
+ int ind = (a)->dmax - (a)->top; \
+ BN_ULONG *ftl = &(a)->d[(a)->top-1]; \
+ for (; ind != 0; ind--) \
+ *(++ftl) = 0x0; \
+ }
+# else
+# define bn_clear_top2max(a)
+# endif
+
+# ifdef BN_LLONG
+# define mul_add(r,a,w,c) { \
+ BN_ULLONG t; \
+ t=(BN_ULLONG)w * (a) + (r) + (c); \
+ (r)= Lw(t); \
+ (c)= Hw(t); \
+ }
+
+# define mul(r,a,w,c) { \
+ BN_ULLONG t; \
+ t=(BN_ULLONG)w * (a) + (c); \
+ (r)= Lw(t); \
+ (c)= Hw(t); \
+ }
+
+# define sqr(r0,r1,a) { \
+ BN_ULLONG t; \
+ t=(BN_ULLONG)(a)*(a); \
+ (r0)=Lw(t); \
+ (r1)=Hw(t); \
+ }
+
+# elif defined(BN_UMULT_LOHI)
+# define mul_add(r,a,w,c) { \
+ BN_ULONG high,low,ret,tmp=(a); \
+ ret = (r); \
+ BN_UMULT_LOHI(low,high,w,tmp); \
+ ret += (c); \
+ (c) = (ret<(c))?1:0; \
+ (c) += high; \
+ ret += low; \
+ (c) += (ret<low)?1:0; \
+ (r) = ret; \
+ }
+
+# define mul(r,a,w,c) { \
+ BN_ULONG high,low,ret,ta=(a); \
+ BN_UMULT_LOHI(low,high,w,ta); \
+ ret = low + (c); \
+ (c) = high; \
+ (c) += (ret<low)?1:0; \
+ (r) = ret; \
+ }
+
+# define sqr(r0,r1,a) { \
+ BN_ULONG tmp=(a); \
+ BN_UMULT_LOHI(r0,r1,tmp,tmp); \
+ }
+
+# elif defined(BN_UMULT_HIGH)
+# define mul_add(r,a,w,c) { \
+ BN_ULONG high,low,ret,tmp=(a); \
+ ret = (r); \
+ high= BN_UMULT_HIGH(w,tmp); \
+ ret += (c); \
+ low = (w) * tmp; \
+ (c) = (ret<(c))?1:0; \
+ (c) += high; \
+ ret += low; \
+ (c) += (ret<low)?1:0; \
+ (r) = ret; \
+ }
+
+# define mul(r,a,w,c) { \
+ BN_ULONG high,low,ret,ta=(a); \
+ low = (w) * ta; \
+ high= BN_UMULT_HIGH(w,ta); \
+ ret = low + (c); \
+ (c) = high; \
+ (c) += (ret<low)?1:0; \
+ (r) = ret; \
+ }
+
+# define sqr(r0,r1,a) { \
+ BN_ULONG tmp=(a); \
+ (r0) = tmp * tmp; \
+ (r1) = BN_UMULT_HIGH(tmp,tmp); \
+ }
+
+# else
+/*************************************************************
+ * No long long type
+ */
+
+# define LBITS(a) ((a)&BN_MASK2l)
+# define HBITS(a) (((a)>>BN_BITS4)&BN_MASK2l)
+# define L2HBITS(a) (((a)<<BN_BITS4)&BN_MASK2)
+
+# define LLBITS(a) ((a)&BN_MASKl)
+# define LHBITS(a) (((a)>>BN_BITS2)&BN_MASKl)
+# define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
+
+# define mul64(l,h,bl,bh) \
+ { \
+ BN_ULONG m,m1,lt,ht; \
+ \
+ lt=l; \
+ ht=h; \
+ m =(bh)*(lt); \
+ lt=(bl)*(lt); \
+ m1=(bl)*(ht); \
+ ht =(bh)*(ht); \
+ m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
+ ht+=HBITS(m); \
+ m1=L2HBITS(m); \
+ lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
+ (l)=lt; \
+ (h)=ht; \
+ }
+
+# define sqr64(lo,ho,in) \
+ { \
+ BN_ULONG l,h,m; \
+ \
+ h=(in); \
+ l=LBITS(h); \
+ h=HBITS(h); \
+ m =(l)*(h); \
+ l*=l; \
+ h*=h; \
+ h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
+ m =(m&BN_MASK2l)<<(BN_BITS4+1); \
+ l=(l+m)&BN_MASK2; if (l < m) h++; \
+ (lo)=l; \
+ (ho)=h; \
+ }
+
+# define mul_add(r,a,bl,bh,c) { \
+ BN_ULONG l,h; \
+ \
+ h= (a); \
+ l=LBITS(h); \
+ h=HBITS(h); \
+ mul64(l,h,(bl),(bh)); \
+ \
+ /* non-multiply part */ \
+ l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+ (c)=(r); \
+ l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+ (c)=h&BN_MASK2; \
+ (r)=l; \
+ }
+
+# define mul(r,a,bl,bh,c) { \
+ BN_ULONG l,h; \
+ \
+ h= (a); \
+ l=LBITS(h); \
+ h=HBITS(h); \
+ mul64(l,h,(bl),(bh)); \
+ \
+ /* non-multiply part */ \
+ l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+ (c)=h&BN_MASK2; \
+ (r)=l&BN_MASK2; \
+ }
+# endif /* !BN_LLONG */
+
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n);
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl);
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ int dna, int dnb, BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+ int n, int tna, int tnb, BN_ULONG *t);
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t);
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ BN_ULONG *t);
+void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+ BN_ULONG *t);
+BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+ int cl, int dl);
+BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+ int cl, int dl);
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+ const BN_ULONG *np, const BN_ULONG *n0, int num);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,835 +0,0 @@
-/* crypto/bn/bn_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <assert.h>
-#include <limits.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
-
-/* This stuff appears to be completely unused, so is deprecated */
-#ifndef OPENSSL_NO_DEPRECATED
-/* For a 32 bit machine
- * 2 - 4 == 128
- * 3 - 8 == 256
- * 4 - 16 == 512
- * 5 - 32 == 1024
- * 6 - 64 == 2048
- * 7 - 128 == 4096
- * 8 - 256 == 8192
- */
-static int bn_limit_bits=0;
-static int bn_limit_num=8; /* (1<<bn_limit_bits) */
-static int bn_limit_bits_low=0;
-static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */
-static int bn_limit_bits_high=0;
-static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */
-static int bn_limit_bits_mont=0;
-static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */
-
-void BN_set_params(int mult, int high, int low, int mont)
- {
- if (mult >= 0)
- {
- if (mult > (int)(sizeof(int)*8)-1)
- mult=sizeof(int)*8-1;
- bn_limit_bits=mult;
- bn_limit_num=1<<mult;
- }
- if (high >= 0)
- {
- if (high > (int)(sizeof(int)*8)-1)
- high=sizeof(int)*8-1;
- bn_limit_bits_high=high;
- bn_limit_num_high=1<<high;
- }
- if (low >= 0)
- {
- if (low > (int)(sizeof(int)*8)-1)
- low=sizeof(int)*8-1;
- bn_limit_bits_low=low;
- bn_limit_num_low=1<<low;
- }
- if (mont >= 0)
- {
- if (mont > (int)(sizeof(int)*8)-1)
- mont=sizeof(int)*8-1;
- bn_limit_bits_mont=mont;
- bn_limit_num_mont=1<<mont;
- }
- }
-
-int BN_get_params(int which)
- {
- if (which == 0) return(bn_limit_bits);
- else if (which == 1) return(bn_limit_bits_high);
- else if (which == 2) return(bn_limit_bits_low);
- else if (which == 3) return(bn_limit_bits_mont);
- else return(0);
- }
-#endif
-
-const BIGNUM *BN_value_one(void)
- {
- static BN_ULONG data_one=1L;
- static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA};
-
- return(&const_one);
- }
-
-int BN_num_bits_word(BN_ULONG l)
- {
- static const char bits[256]={
- 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
- 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
- 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
- 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
- 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
- };
-
-#if defined(SIXTY_FOUR_BIT_LONG)
- if (l & 0xffffffff00000000L)
- {
- if (l & 0xffff000000000000L)
- {
- if (l & 0xff00000000000000L)
- {
- return(bits[(int)(l>>56)]+56);
- }
- else return(bits[(int)(l>>48)]+48);
- }
- else
- {
- if (l & 0x0000ff0000000000L)
- {
- return(bits[(int)(l>>40)]+40);
- }
- else return(bits[(int)(l>>32)]+32);
- }
- }
- else
-#else
-#ifdef SIXTY_FOUR_BIT
- if (l & 0xffffffff00000000LL)
- {
- if (l & 0xffff000000000000LL)
- {
- if (l & 0xff00000000000000LL)
- {
- return(bits[(int)(l>>56)]+56);
- }
- else return(bits[(int)(l>>48)]+48);
- }
- else
- {
- if (l & 0x0000ff0000000000LL)
- {
- return(bits[(int)(l>>40)]+40);
- }
- else return(bits[(int)(l>>32)]+32);
- }
- }
- else
-#endif
-#endif
- {
-#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
- if (l & 0xffff0000L)
- {
- if (l & 0xff000000L)
- return(bits[(int)(l>>24L)]+24);
- else return(bits[(int)(l>>16L)]+16);
- }
- else
-#endif
- {
-#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
- if (l & 0xff00L)
- return(bits[(int)(l>>8)]+8);
- else
-#endif
- return(bits[(int)(l )] );
- }
- }
- }
-
-int BN_num_bits(const BIGNUM *a)
- {
- int i = a->top - 1;
- bn_check_top(a);
-
- if (BN_is_zero(a)) return 0;
- return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));
- }
-
-void BN_clear_free(BIGNUM *a)
- {
- int i;
-
- if (a == NULL) return;
- bn_check_top(a);
- if (a->d != NULL)
- {
- OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
- if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
- OPENSSL_free(a->d);
- }
- i=BN_get_flags(a,BN_FLG_MALLOCED);
- OPENSSL_cleanse(a,sizeof(BIGNUM));
- if (i)
- OPENSSL_free(a);
- }
-
-void BN_free(BIGNUM *a)
- {
- if (a == NULL) return;
- bn_check_top(a);
- if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
- OPENSSL_free(a->d);
- if (a->flags & BN_FLG_MALLOCED)
- OPENSSL_free(a);
- else
- {
-#ifndef OPENSSL_NO_DEPRECATED
- a->flags|=BN_FLG_FREE;
-#endif
- a->d = NULL;
- }
- }
-
-void BN_init(BIGNUM *a)
- {
- memset(a,0,sizeof(BIGNUM));
- bn_check_top(a);
- }
-
-BIGNUM *BN_new(void)
- {
- BIGNUM *ret;
-
- if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
- {
- BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- ret->flags=BN_FLG_MALLOCED;
- ret->top=0;
- ret->neg=0;
- ret->dmax=0;
- ret->d=NULL;
- bn_check_top(ret);
- return(ret);
- }
-
-/* This is used both by bn_expand2() and bn_dup_expand() */
-/* The caller MUST check that words > b->dmax before calling this */
-static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
- {
- BN_ULONG *A,*a = NULL;
- const BN_ULONG *B;
- int i;
-
- bn_check_top(b);
-
- if (words > (INT_MAX/(4*BN_BITS2)))
- {
- BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
- return NULL;
- }
- if (BN_get_flags(b,BN_FLG_STATIC_DATA))
- {
- BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
- return(NULL);
- }
- a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words);
- if (A == NULL)
- {
- BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-#ifdef PURIFY
- /* Valgrind complains in BN_consttime_swap because we process the whole
- * array even if it's not initialised yet. This doesn't matter in that
- * function - what's important is constant time operation (we're not
- * actually going to use the data)
- */
- memset(a, 0, sizeof(BN_ULONG)*words);
-#endif
-
-#if 1
- B=b->d;
- /* Check if the previous number needs to be copied */
- if (B != NULL)
- {
- for (i=b->top>>2; i>0; i--,A+=4,B+=4)
- {
- /*
- * The fact that the loop is unrolled
- * 4-wise is a tribute to Intel. It's
- * the one that doesn't have enough
- * registers to accomodate more data.
- * I'd unroll it 8-wise otherwise:-)
- *
- * <appro at fy.chalmers.se>
- */
- BN_ULONG a0,a1,a2,a3;
- a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
- A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
- }
- switch (b->top&3)
- {
- case 3: A[2]=B[2];
- case 2: A[1]=B[1];
- case 1: A[0]=B[0];
- case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
- * the switch table by doing a=top&3; a--; goto jump_table[a];
- * which fails for top== 0 */
- ;
- }
- }
-
-#else
- memset(A,0,sizeof(BN_ULONG)*words);
- memcpy(A,b->d,sizeof(b->d[0])*b->top);
-#endif
-
- return(a);
- }
-
-/* This is an internal function that can be used instead of bn_expand2()
- * when there is a need to copy BIGNUMs instead of only expanding the
- * data part, while still expanding them.
- * Especially useful when needing to expand BIGNUMs that are declared
- * 'const' and should therefore not be changed.
- * The reason to use this instead of a BN_dup() followed by a bn_expand2()
- * is memory allocation overhead. A BN_dup() followed by a bn_expand2()
- * will allocate new memory for the BIGNUM data twice, and free it once,
- * while bn_dup_expand() makes sure allocation is made only once.
- */
-
-#ifndef OPENSSL_NO_DEPRECATED
-BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
- {
- BIGNUM *r = NULL;
-
- bn_check_top(b);
-
- /* This function does not work if
- * words <= b->dmax && top < words
- * because BN_dup() does not preserve 'dmax'!
- * (But bn_dup_expand() is not used anywhere yet.)
- */
-
- if (words > b->dmax)
- {
- BN_ULONG *a = bn_expand_internal(b, words);
-
- if (a)
- {
- r = BN_new();
- if (r)
- {
- r->top = b->top;
- r->dmax = words;
- r->neg = b->neg;
- r->d = a;
- }
- else
- {
- /* r == NULL, BN_new failure */
- OPENSSL_free(a);
- }
- }
- /* If a == NULL, there was an error in allocation in
- bn_expand_internal(), and NULL should be returned */
- }
- else
- {
- r = BN_dup(b);
- }
-
- bn_check_top(r);
- return r;
- }
-#endif
-
-/* This is an internal function that should not be used in applications.
- * It ensures that 'b' has enough room for a 'words' word number
- * and initialises any unused part of b->d with leading zeros.
- * It is mostly used by the various BIGNUM routines. If there is an error,
- * NULL is returned. If not, 'b' is returned. */
-
-BIGNUM *bn_expand2(BIGNUM *b, int words)
- {
- bn_check_top(b);
-
- if (words > b->dmax)
- {
- BN_ULONG *a = bn_expand_internal(b, words);
- if(!a) return NULL;
- if(b->d) OPENSSL_free(b->d);
- b->d=a;
- b->dmax=words;
- }
-
-/* None of this should be necessary because of what b->top means! */
-#if 0
- /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
- if (b->top < b->dmax)
- {
- int i;
- BN_ULONG *A = &(b->d[b->top]);
- for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
- {
- A[0]=0; A[1]=0; A[2]=0; A[3]=0;
- A[4]=0; A[5]=0; A[6]=0; A[7]=0;
- }
- for (i=(b->dmax - b->top)&7; i>0; i--,A++)
- A[0]=0;
- assert(A == &(b->d[b->dmax]));
- }
-#endif
- bn_check_top(b);
- return b;
- }
-
-BIGNUM *BN_dup(const BIGNUM *a)
- {
- BIGNUM *t;
-
- if (a == NULL) return NULL;
- bn_check_top(a);
-
- t = BN_new();
- if (t == NULL) return NULL;
- if(!BN_copy(t, a))
- {
- BN_free(t);
- return NULL;
- }
- bn_check_top(t);
- return t;
- }
-
-BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
- {
- int i;
- BN_ULONG *A;
- const BN_ULONG *B;
-
- bn_check_top(b);
-
- if (a == b) return(a);
- if (bn_wexpand(a,b->top) == NULL) return(NULL);
-
-#if 1
- A=a->d;
- B=b->d;
- for (i=b->top>>2; i>0; i--,A+=4,B+=4)
- {
- BN_ULONG a0,a1,a2,a3;
- a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
- A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
- }
- switch (b->top&3)
- {
- case 3: A[2]=B[2];
- case 2: A[1]=B[1];
- case 1: A[0]=B[0];
- case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
- }
-#else
- memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
-#endif
-
- a->top=b->top;
- a->neg=b->neg;
- bn_check_top(a);
- return(a);
- }
-
-void BN_swap(BIGNUM *a, BIGNUM *b)
- {
- int flags_old_a, flags_old_b;
- BN_ULONG *tmp_d;
- int tmp_top, tmp_dmax, tmp_neg;
-
- bn_check_top(a);
- bn_check_top(b);
-
- flags_old_a = a->flags;
- flags_old_b = b->flags;
-
- tmp_d = a->d;
- tmp_top = a->top;
- tmp_dmax = a->dmax;
- tmp_neg = a->neg;
-
- a->d = b->d;
- a->top = b->top;
- a->dmax = b->dmax;
- a->neg = b->neg;
-
- b->d = tmp_d;
- b->top = tmp_top;
- b->dmax = tmp_dmax;
- b->neg = tmp_neg;
-
- a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
- b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
- bn_check_top(a);
- bn_check_top(b);
- }
-
-void BN_clear(BIGNUM *a)
- {
- bn_check_top(a);
- if (a->d != NULL)
- memset(a->d,0,a->dmax*sizeof(a->d[0]));
- a->top=0;
- a->neg=0;
- }
-
-BN_ULONG BN_get_word(const BIGNUM *a)
- {
- if (a->top > 1)
- return BN_MASK2;
- else if (a->top == 1)
- return a->d[0];
- /* a->top == 0 */
- return 0;
- }
-
-int BN_set_word(BIGNUM *a, BN_ULONG w)
- {
- bn_check_top(a);
- if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);
- a->neg = 0;
- a->d[0] = w;
- a->top = (w ? 1 : 0);
- bn_check_top(a);
- return(1);
- }
-
-BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
- {
- unsigned int i,m;
- unsigned int n;
- BN_ULONG l;
- BIGNUM *bn = NULL;
-
- if (ret == NULL)
- ret = bn = BN_new();
- if (ret == NULL) return(NULL);
- bn_check_top(ret);
- l=0;
- n=len;
- if (n == 0)
- {
- ret->top=0;
- return(ret);
- }
- i=((n-1)/BN_BYTES)+1;
- m=((n-1)%(BN_BYTES));
- if (bn_wexpand(ret, (int)i) == NULL)
- {
- if (bn) BN_free(bn);
- return NULL;
- }
- ret->top=i;
- ret->neg=0;
- while (n--)
- {
- l=(l<<8L)| *(s++);
- if (m-- == 0)
- {
- ret->d[--i]=l;
- l=0;
- m=BN_BYTES-1;
- }
- }
- /* need to call this due to clear byte at top if avoiding
- * having the top bit set (-ve number) */
- bn_correct_top(ret);
- return(ret);
- }
-
-/* ignore negative */
-int BN_bn2bin(const BIGNUM *a, unsigned char *to)
- {
- int n,i;
- BN_ULONG l;
-
- bn_check_top(a);
- n=i=BN_num_bytes(a);
- while (i--)
- {
- l=a->d[i/BN_BYTES];
- *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
- }
- return(n);
- }
-
-int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
- {
- int i;
- BN_ULONG t1,t2,*ap,*bp;
-
- bn_check_top(a);
- bn_check_top(b);
-
- i=a->top-b->top;
- if (i != 0) return(i);
- ap=a->d;
- bp=b->d;
- for (i=a->top-1; i>=0; i--)
- {
- t1= ap[i];
- t2= bp[i];
- if (t1 != t2)
- return((t1 > t2) ? 1 : -1);
- }
- return(0);
- }
-
-int BN_cmp(const BIGNUM *a, const BIGNUM *b)
- {
- int i;
- int gt,lt;
- BN_ULONG t1,t2;
-
- if ((a == NULL) || (b == NULL))
- {
- if (a != NULL)
- return(-1);
- else if (b != NULL)
- return(1);
- else
- return(0);
- }
-
- bn_check_top(a);
- bn_check_top(b);
-
- if (a->neg != b->neg)
- {
- if (a->neg)
- return(-1);
- else return(1);
- }
- if (a->neg == 0)
- { gt=1; lt= -1; }
- else { gt= -1; lt=1; }
-
- if (a->top > b->top) return(gt);
- if (a->top < b->top) return(lt);
- for (i=a->top-1; i>=0; i--)
- {
- t1=a->d[i];
- t2=b->d[i];
- if (t1 > t2) return(gt);
- if (t1 < t2) return(lt);
- }
- return(0);
- }
-
-int BN_set_bit(BIGNUM *a, int n)
- {
- int i,j,k;
-
- if (n < 0)
- return 0;
-
- i=n/BN_BITS2;
- j=n%BN_BITS2;
- if (a->top <= i)
- {
- if (bn_wexpand(a,i+1) == NULL) return(0);
- for(k=a->top; k<i+1; k++)
- a->d[k]=0;
- a->top=i+1;
- }
-
- a->d[i]|=(((BN_ULONG)1)<<j);
- bn_check_top(a);
- return(1);
- }
-
-int BN_clear_bit(BIGNUM *a, int n)
- {
- int i,j;
-
- bn_check_top(a);
- if (n < 0) return 0;
-
- i=n/BN_BITS2;
- j=n%BN_BITS2;
- if (a->top <= i) return(0);
-
- a->d[i]&=(~(((BN_ULONG)1)<<j));
- bn_correct_top(a);
- return(1);
- }
-
-int BN_is_bit_set(const BIGNUM *a, int n)
- {
- int i,j;
-
- bn_check_top(a);
- if (n < 0) return 0;
- i=n/BN_BITS2;
- j=n%BN_BITS2;
- if (a->top <= i) return 0;
- return(((a->d[i])>>j)&((BN_ULONG)1));
- }
-
-int BN_mask_bits(BIGNUM *a, int n)
- {
- int b,w;
-
- bn_check_top(a);
- if (n < 0) return 0;
-
- w=n/BN_BITS2;
- b=n%BN_BITS2;
- if (w >= a->top) return 0;
- if (b == 0)
- a->top=w;
- else
- {
- a->top=w+1;
- a->d[w]&= ~(BN_MASK2<<b);
- }
- bn_correct_top(a);
- return(1);
- }
-
-void BN_set_negative(BIGNUM *a, int b)
- {
- if (b && !BN_is_zero(a))
- a->neg = 1;
- else
- a->neg = 0;
- }
-
-int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
- {
- int i;
- BN_ULONG aa,bb;
-
- aa=a[n-1];
- bb=b[n-1];
- if (aa != bb) return((aa > bb)?1:-1);
- for (i=n-2; i>=0; i--)
- {
- aa=a[i];
- bb=b[i];
- if (aa != bb) return((aa > bb)?1:-1);
- }
- return(0);
- }
-
-/* Here follows a specialised variants of bn_cmp_words(). It has the
- property of performing the operation on arrays of different sizes.
- The sizes of those arrays is expressed through cl, which is the
- common length ( basicall, min(len(a),len(b)) ), and dl, which is the
- delta between the two lengths, calculated as len(a)-len(b).
- All lengths are the number of BN_ULONGs... */
-
-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl)
- {
- int n,i;
- n = cl-1;
-
- if (dl < 0)
- {
- for (i=dl; i<0; i++)
- {
- if (b[n-i] != 0)
- return -1; /* a < b */
- }
- }
- if (dl > 0)
- {
- for (i=dl; i>0; i--)
- {
- if (a[n+i] != 0)
- return 1; /* a > b */
- }
- }
- return bn_cmp_words(a,b,cl);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,854 @@
+/* crypto/bn/bn_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
+
+/* This stuff appears to be completely unused, so is deprecated */
+#ifndef OPENSSL_NO_DEPRECATED
+/*-
+ * For a 32 bit machine
+ * 2 - 4 == 128
+ * 3 - 8 == 256
+ * 4 - 16 == 512
+ * 5 - 32 == 1024
+ * 6 - 64 == 2048
+ * 7 - 128 == 4096
+ * 8 - 256 == 8192
+ */
+static int bn_limit_bits = 0;
+static int bn_limit_num = 8; /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low = 0;
+static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high = 0;
+static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont = 0;
+static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */
+
+void BN_set_params(int mult, int high, int low, int mont)
+{
+ if (mult >= 0) {
+ if (mult > (int)(sizeof(int) * 8) - 1)
+ mult = sizeof(int) * 8 - 1;
+ bn_limit_bits = mult;
+ bn_limit_num = 1 << mult;
+ }
+ if (high >= 0) {
+ if (high > (int)(sizeof(int) * 8) - 1)
+ high = sizeof(int) * 8 - 1;
+ bn_limit_bits_high = high;
+ bn_limit_num_high = 1 << high;
+ }
+ if (low >= 0) {
+ if (low > (int)(sizeof(int) * 8) - 1)
+ low = sizeof(int) * 8 - 1;
+ bn_limit_bits_low = low;
+ bn_limit_num_low = 1 << low;
+ }
+ if (mont >= 0) {
+ if (mont > (int)(sizeof(int) * 8) - 1)
+ mont = sizeof(int) * 8 - 1;
+ bn_limit_bits_mont = mont;
+ bn_limit_num_mont = 1 << mont;
+ }
+}
+
+int BN_get_params(int which)
+{
+ if (which == 0)
+ return (bn_limit_bits);
+ else if (which == 1)
+ return (bn_limit_bits_high);
+ else if (which == 2)
+ return (bn_limit_bits_low);
+ else if (which == 3)
+ return (bn_limit_bits_mont);
+ else
+ return (0);
+}
+#endif
+
+const BIGNUM *BN_value_one(void)
+{
+ static BN_ULONG data_one = 1L;
+ static BIGNUM const_one = { &data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
+
+ return (&const_one);
+}
+
+int BN_num_bits_word(BN_ULONG l)
+{
+ static const char bits[256] = {
+ 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4,
+ 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
+ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+ 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+ };
+
+#if defined(SIXTY_FOUR_BIT_LONG)
+ if (l & 0xffffffff00000000L) {
+ if (l & 0xffff000000000000L) {
+ if (l & 0xff00000000000000L) {
+ return (bits[(int)(l >> 56)] + 56);
+ } else
+ return (bits[(int)(l >> 48)] + 48);
+ } else {
+ if (l & 0x0000ff0000000000L) {
+ return (bits[(int)(l >> 40)] + 40);
+ } else
+ return (bits[(int)(l >> 32)] + 32);
+ }
+ } else
+#else
+# ifdef SIXTY_FOUR_BIT
+ if (l & 0xffffffff00000000LL) {
+ if (l & 0xffff000000000000LL) {
+ if (l & 0xff00000000000000LL) {
+ return (bits[(int)(l >> 56)] + 56);
+ } else
+ return (bits[(int)(l >> 48)] + 48);
+ } else {
+ if (l & 0x0000ff0000000000LL) {
+ return (bits[(int)(l >> 40)] + 40);
+ } else
+ return (bits[(int)(l >> 32)] + 32);
+ }
+ } else
+# endif
+#endif
+ {
+#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+ if (l & 0xffff0000L) {
+ if (l & 0xff000000L)
+ return (bits[(int)(l >> 24L)] + 24);
+ else
+ return (bits[(int)(l >> 16L)] + 16);
+ } else
+#endif
+ {
+#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+ if (l & 0xff00L)
+ return (bits[(int)(l >> 8)] + 8);
+ else
+#endif
+ return (bits[(int)(l)]);
+ }
+ }
+}
+
+int BN_num_bits(const BIGNUM *a)
+{
+ int i = a->top - 1;
+ bn_check_top(a);
+
+ if (BN_is_zero(a))
+ return 0;
+ return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
+}
+
+void BN_clear_free(BIGNUM *a)
+{
+ int i;
+
+ if (a == NULL)
+ return;
+ bn_check_top(a);
+ if (a->d != NULL) {
+ OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
+ if (!(BN_get_flags(a, BN_FLG_STATIC_DATA)))
+ OPENSSL_free(a->d);
+ }
+ i = BN_get_flags(a, BN_FLG_MALLOCED);
+ OPENSSL_cleanse(a, sizeof(BIGNUM));
+ if (i)
+ OPENSSL_free(a);
+}
+
+void BN_free(BIGNUM *a)
+{
+ if (a == NULL)
+ return;
+ bn_check_top(a);
+ if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA)))
+ OPENSSL_free(a->d);
+ if (a->flags & BN_FLG_MALLOCED)
+ OPENSSL_free(a);
+ else {
+#ifndef OPENSSL_NO_DEPRECATED
+ a->flags |= BN_FLG_FREE;
+#endif
+ a->d = NULL;
+ }
+}
+
+void BN_init(BIGNUM *a)
+{
+ memset(a, 0, sizeof(BIGNUM));
+ bn_check_top(a);
+}
+
+BIGNUM *BN_new(void)
+{
+ BIGNUM *ret;
+
+ if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) {
+ BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ ret->flags = BN_FLG_MALLOCED;
+ ret->top = 0;
+ ret->neg = 0;
+ ret->dmax = 0;
+ ret->d = NULL;
+ bn_check_top(ret);
+ return (ret);
+}
+
+/* This is used both by bn_expand2() and bn_dup_expand() */
+/* The caller MUST check that words > b->dmax before calling this */
+static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
+{
+ BN_ULONG *A, *a = NULL;
+ const BN_ULONG *B;
+ int i;
+
+ bn_check_top(b);
+
+ if (words > (INT_MAX / (4 * BN_BITS2))) {
+ BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
+ return NULL;
+ }
+ if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
+ BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+ return (NULL);
+ }
+ a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words);
+ if (A == NULL) {
+ BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+#ifdef PURIFY
+ /*
+ * Valgrind complains in BN_consttime_swap because we process the whole
+ * array even if it's not initialised yet. This doesn't matter in that
+ * function - what's important is constant time operation (we're not
+ * actually going to use the data)
+ */
+ memset(a, 0, sizeof(BN_ULONG) * words);
+#endif
+
+#if 1
+ B = b->d;
+ /* Check if the previous number needs to be copied */
+ if (B != NULL) {
+ for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
+ /*
+ * The fact that the loop is unrolled
+ * 4-wise is a tribute to Intel. It's
+ * the one that doesn't have enough
+ * registers to accomodate more data.
+ * I'd unroll it 8-wise otherwise:-)
+ *
+ * <appro at fy.chalmers.se>
+ */
+ BN_ULONG a0, a1, a2, a3;
+ a0 = B[0];
+ a1 = B[1];
+ a2 = B[2];
+ a3 = B[3];
+ A[0] = a0;
+ A[1] = a1;
+ A[2] = a2;
+ A[3] = a3;
+ }
+ /*
+ * workaround for ultrix cc: without 'case 0', the optimizer does
+ * the switch table by doing a=top&3; a--; goto jump_table[a];
+ * which fails for top== 0
+ */
+ switch (b->top & 3) {
+ case 3:
+ A[2] = B[2];
+ case 2:
+ A[1] = B[1];
+ case 1:
+ A[0] = B[0];
+ case 0:
+ ;
+ }
+ }
+#else
+ memset(A, 0, sizeof(BN_ULONG) * words);
+ memcpy(A, b->d, sizeof(b->d[0]) * b->top);
+#endif
+
+ return (a);
+}
+
+/*
+ * This is an internal function that can be used instead of bn_expand2() when
+ * there is a need to copy BIGNUMs instead of only expanding the data part,
+ * while still expanding them. Especially useful when needing to expand
+ * BIGNUMs that are declared 'const' and should therefore not be changed. The
+ * reason to use this instead of a BN_dup() followed by a bn_expand2() is
+ * memory allocation overhead. A BN_dup() followed by a bn_expand2() will
+ * allocate new memory for the BIGNUM data twice, and free it once, while
+ * bn_dup_expand() makes sure allocation is made only once.
+ */
+
+#ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
+{
+ BIGNUM *r = NULL;
+
+ bn_check_top(b);
+
+ /*
+ * This function does not work if words <= b->dmax && top < words because
+ * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used
+ * anywhere yet.)
+ */
+
+ if (words > b->dmax) {
+ BN_ULONG *a = bn_expand_internal(b, words);
+
+ if (a) {
+ r = BN_new();
+ if (r) {
+ r->top = b->top;
+ r->dmax = words;
+ r->neg = b->neg;
+ r->d = a;
+ } else {
+ /* r == NULL, BN_new failure */
+ OPENSSL_free(a);
+ }
+ }
+ /*
+ * If a == NULL, there was an error in allocation in
+ * bn_expand_internal(), and NULL should be returned
+ */
+ } else {
+ r = BN_dup(b);
+ }
+
+ bn_check_top(r);
+ return r;
+}
+#endif
+
+/*
+ * This is an internal function that should not be used in applications. It
+ * ensures that 'b' has enough room for a 'words' word number and initialises
+ * any unused part of b->d with leading zeros. It is mostly used by the
+ * various BIGNUM routines. If there is an error, NULL is returned. If not,
+ * 'b' is returned.
+ */
+
+BIGNUM *bn_expand2(BIGNUM *b, int words)
+{
+ bn_check_top(b);
+
+ if (words > b->dmax) {
+ BN_ULONG *a = bn_expand_internal(b, words);
+ if (!a)
+ return NULL;
+ if (b->d)
+ OPENSSL_free(b->d);
+ b->d = a;
+ b->dmax = words;
+ }
+
+/* None of this should be necessary because of what b->top means! */
+#if 0
+ /*
+ * NB: bn_wexpand() calls this only if the BIGNUM really has to grow
+ */
+ if (b->top < b->dmax) {
+ int i;
+ BN_ULONG *A = &(b->d[b->top]);
+ for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) {
+ A[0] = 0;
+ A[1] = 0;
+ A[2] = 0;
+ A[3] = 0;
+ A[4] = 0;
+ A[5] = 0;
+ A[6] = 0;
+ A[7] = 0;
+ }
+ for (i = (b->dmax - b->top) & 7; i > 0; i--, A++)
+ A[0] = 0;
+ assert(A == &(b->d[b->dmax]));
+ }
+#endif
+ bn_check_top(b);
+ return b;
+}
+
+BIGNUM *BN_dup(const BIGNUM *a)
+{
+ BIGNUM *t;
+
+ if (a == NULL)
+ return NULL;
+ bn_check_top(a);
+
+ t = BN_new();
+ if (t == NULL)
+ return NULL;
+ if (!BN_copy(t, a)) {
+ BN_free(t);
+ return NULL;
+ }
+ bn_check_top(t);
+ return t;
+}
+
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
+{
+ int i;
+ BN_ULONG *A;
+ const BN_ULONG *B;
+
+ bn_check_top(b);
+
+ if (a == b)
+ return (a);
+ if (bn_wexpand(a, b->top) == NULL)
+ return (NULL);
+
+#if 1
+ A = a->d;
+ B = b->d;
+ for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
+ BN_ULONG a0, a1, a2, a3;
+ a0 = B[0];
+ a1 = B[1];
+ a2 = B[2];
+ a3 = B[3];
+ A[0] = a0;
+ A[1] = a1;
+ A[2] = a2;
+ A[3] = a3;
+ }
+ /* ultrix cc workaround, see comments in bn_expand_internal */
+ switch (b->top & 3) {
+ case 3:
+ A[2] = B[2];
+ case 2:
+ A[1] = B[1];
+ case 1:
+ A[0] = B[0];
+ case 0:;
+ }
+#else
+ memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
+#endif
+
+ a->top = b->top;
+ a->neg = b->neg;
+ bn_check_top(a);
+ return (a);
+}
+
+void BN_swap(BIGNUM *a, BIGNUM *b)
+{
+ int flags_old_a, flags_old_b;
+ BN_ULONG *tmp_d;
+ int tmp_top, tmp_dmax, tmp_neg;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ flags_old_a = a->flags;
+ flags_old_b = b->flags;
+
+ tmp_d = a->d;
+ tmp_top = a->top;
+ tmp_dmax = a->dmax;
+ tmp_neg = a->neg;
+
+ a->d = b->d;
+ a->top = b->top;
+ a->dmax = b->dmax;
+ a->neg = b->neg;
+
+ b->d = tmp_d;
+ b->top = tmp_top;
+ b->dmax = tmp_dmax;
+ b->neg = tmp_neg;
+
+ a->flags =
+ (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
+ b->flags =
+ (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
+ bn_check_top(a);
+ bn_check_top(b);
+}
+
+void BN_clear(BIGNUM *a)
+{
+ bn_check_top(a);
+ if (a->d != NULL)
+ memset(a->d, 0, a->dmax * sizeof(a->d[0]));
+ a->top = 0;
+ a->neg = 0;
+}
+
+BN_ULONG BN_get_word(const BIGNUM *a)
+{
+ if (a->top > 1)
+ return BN_MASK2;
+ else if (a->top == 1)
+ return a->d[0];
+ /* a->top == 0 */
+ return 0;
+}
+
+int BN_set_word(BIGNUM *a, BN_ULONG w)
+{
+ bn_check_top(a);
+ if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
+ return (0);
+ a->neg = 0;
+ a->d[0] = w;
+ a->top = (w ? 1 : 0);
+ bn_check_top(a);
+ return (1);
+}
+
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
+{
+ unsigned int i, m;
+ unsigned int n;
+ BN_ULONG l;
+ BIGNUM *bn = NULL;
+
+ if (ret == NULL)
+ ret = bn = BN_new();
+ if (ret == NULL)
+ return (NULL);
+ bn_check_top(ret);
+ l = 0;
+ n = len;
+ if (n == 0) {
+ ret->top = 0;
+ return (ret);
+ }
+ i = ((n - 1) / BN_BYTES) + 1;
+ m = ((n - 1) % (BN_BYTES));
+ if (bn_wexpand(ret, (int)i) == NULL) {
+ if (bn)
+ BN_free(bn);
+ return NULL;
+ }
+ ret->top = i;
+ ret->neg = 0;
+ while (n--) {
+ l = (l << 8L) | *(s++);
+ if (m-- == 0) {
+ ret->d[--i] = l;
+ l = 0;
+ m = BN_BYTES - 1;
+ }
+ }
+ /*
+ * need to call this due to clear byte at top if avoiding having the top
+ * bit set (-ve number)
+ */
+ bn_correct_top(ret);
+ return (ret);
+}
+
+/* ignore negative */
+int BN_bn2bin(const BIGNUM *a, unsigned char *to)
+{
+ int n, i;
+ BN_ULONG l;
+
+ bn_check_top(a);
+ n = i = BN_num_bytes(a);
+ while (i--) {
+ l = a->d[i / BN_BYTES];
+ *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
+ }
+ return (n);
+}
+
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
+{
+ int i;
+ BN_ULONG t1, t2, *ap, *bp;
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ i = a->top - b->top;
+ if (i != 0)
+ return (i);
+ ap = a->d;
+ bp = b->d;
+ for (i = a->top - 1; i >= 0; i--) {
+ t1 = ap[i];
+ t2 = bp[i];
+ if (t1 != t2)
+ return ((t1 > t2) ? 1 : -1);
+ }
+ return (0);
+}
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b)
+{
+ int i;
+ int gt, lt;
+ BN_ULONG t1, t2;
+
+ if ((a == NULL) || (b == NULL)) {
+ if (a != NULL)
+ return (-1);
+ else if (b != NULL)
+ return (1);
+ else
+ return (0);
+ }
+
+ bn_check_top(a);
+ bn_check_top(b);
+
+ if (a->neg != b->neg) {
+ if (a->neg)
+ return (-1);
+ else
+ return (1);
+ }
+ if (a->neg == 0) {
+ gt = 1;
+ lt = -1;
+ } else {
+ gt = -1;
+ lt = 1;
+ }
+
+ if (a->top > b->top)
+ return (gt);
+ if (a->top < b->top)
+ return (lt);
+ for (i = a->top - 1; i >= 0; i--) {
+ t1 = a->d[i];
+ t2 = b->d[i];
+ if (t1 > t2)
+ return (gt);
+ if (t1 < t2)
+ return (lt);
+ }
+ return (0);
+}
+
+int BN_set_bit(BIGNUM *a, int n)
+{
+ int i, j, k;
+
+ if (n < 0)
+ return 0;
+
+ i = n / BN_BITS2;
+ j = n % BN_BITS2;
+ if (a->top <= i) {
+ if (bn_wexpand(a, i + 1) == NULL)
+ return (0);
+ for (k = a->top; k < i + 1; k++)
+ a->d[k] = 0;
+ a->top = i + 1;
+ }
+
+ a->d[i] |= (((BN_ULONG)1) << j);
+ bn_check_top(a);
+ return (1);
+}
+
+int BN_clear_bit(BIGNUM *a, int n)
+{
+ int i, j;
+
+ bn_check_top(a);
+ if (n < 0)
+ return 0;
+
+ i = n / BN_BITS2;
+ j = n % BN_BITS2;
+ if (a->top <= i)
+ return (0);
+
+ a->d[i] &= (~(((BN_ULONG)1) << j));
+ bn_correct_top(a);
+ return (1);
+}
+
+int BN_is_bit_set(const BIGNUM *a, int n)
+{
+ int i, j;
+
+ bn_check_top(a);
+ if (n < 0)
+ return 0;
+ i = n / BN_BITS2;
+ j = n % BN_BITS2;
+ if (a->top <= i)
+ return 0;
+ return (((a->d[i]) >> j) & ((BN_ULONG)1));
+}
+
+int BN_mask_bits(BIGNUM *a, int n)
+{
+ int b, w;
+
+ bn_check_top(a);
+ if (n < 0)
+ return 0;
+
+ w = n / BN_BITS2;
+ b = n % BN_BITS2;
+ if (w >= a->top)
+ return 0;
+ if (b == 0)
+ a->top = w;
+ else {
+ a->top = w + 1;
+ a->d[w] &= ~(BN_MASK2 << b);
+ }
+ bn_correct_top(a);
+ return (1);
+}
+
+void BN_set_negative(BIGNUM *a, int b)
+{
+ if (b && !BN_is_zero(a))
+ a->neg = 1;
+ else
+ a->neg = 0;
+}
+
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+ int i;
+ BN_ULONG aa, bb;
+
+ aa = a[n - 1];
+ bb = b[n - 1];
+ if (aa != bb)
+ return ((aa > bb) ? 1 : -1);
+ for (i = n - 2; i >= 0; i--) {
+ aa = a[i];
+ bb = b[i];
+ if (aa != bb)
+ return ((aa > bb) ? 1 : -1);
+ }
+ return (0);
+}
+
+/*
+ * Here follows a specialised variants of bn_cmp_words(). It has the
+ * property of performing the operation on arrays of different sizes. The
+ * sizes of those arrays is expressed through cl, which is the common length
+ * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the
+ * two lengths, calculated as len(a)-len(b). All lengths are the number of
+ * BN_ULONGs...
+ */
+
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
+{
+ int n, i;
+ n = cl - 1;
+
+ if (dl < 0) {
+ for (i = dl; i < 0; i++) {
+ if (b[n - i] != 0)
+ return -1; /* a < b */
+ }
+ }
+ if (dl > 0) {
+ for (i = dl; i > 0; i--) {
+ if (a[n + i] != 0)
+ return 1; /* a > b */
+ }
+ }
+ return bn_cmp_words(a, b, cl);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mod.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_mod.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mod.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,301 +0,0 @@
-/* crypto/bn/bn_mod.c */
-/* Includes code written by Lenka Fibikova <fibikova at exp-math.uni-essen.de>
- * for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-
-#if 0 /* now just a #define */
-int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
- {
- return(BN_div(NULL,rem,m,d,ctx));
- /* note that rem->neg == m->neg (unless the remainder is zero) */
- }
-#endif
-
-
-int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
- {
- /* like BN_mod, but returns non-negative remainder
- * (i.e., 0 <= r < |d| always holds) */
-
- if (!(BN_mod(r,m,d,ctx)))
- return 0;
- if (!r->neg)
- return 1;
- /* now -|d| < r < 0, so we have to set r := r + |d| */
- return (d->neg ? BN_sub : BN_add)(r, r, d);
-}
-
-
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
- {
- if (!BN_add(r, a, b)) return 0;
- return BN_nnmod(r, r, m, ctx);
- }
-
-
-/* BN_mod_add variant that may be used if both a and b are non-negative
- * and less than m */
-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
- {
- if (!BN_uadd(r, a, b)) return 0;
- if (BN_ucmp(r, m) >= 0)
- return BN_usub(r, r, m);
- return 1;
- }
-
-
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
- {
- if (!BN_sub(r, a, b)) return 0;
- return BN_nnmod(r, r, m, ctx);
- }
-
-
-/* BN_mod_sub variant that may be used if both a and b are non-negative
- * and less than m */
-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
- {
- if (!BN_sub(r, a, b)) return 0;
- if (r->neg)
- return BN_add(r, r, m);
- return 1;
- }
-
-
-/* slow but works */
-int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx)
- {
- BIGNUM *t;
- int ret=0;
-
- bn_check_top(a);
- bn_check_top(b);
- bn_check_top(m);
-
- BN_CTX_start(ctx);
- if ((t = BN_CTX_get(ctx)) == NULL) goto err;
- if (a == b)
- { if (!BN_sqr(t,a,ctx)) goto err; }
- else
- { if (!BN_mul(t,a,b,ctx)) goto err; }
- if (!BN_nnmod(r,t,m,ctx)) goto err;
- bn_check_top(r);
- ret=1;
-err:
- BN_CTX_end(ctx);
- return(ret);
- }
-
-
-int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
- {
- if (!BN_sqr(r, a, ctx)) return 0;
- /* r->neg == 0, thus we don't need BN_nnmod */
- return BN_mod(r, r, m, ctx);
- }
-
-
-int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
- {
- if (!BN_lshift1(r, a)) return 0;
- bn_check_top(r);
- return BN_nnmod(r, r, m, ctx);
- }
-
-
-/* BN_mod_lshift1 variant that may be used if a is non-negative
- * and less than m */
-int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
- {
- if (!BN_lshift1(r, a)) return 0;
- bn_check_top(r);
- if (BN_cmp(r, m) >= 0)
- return BN_sub(r, r, m);
- return 1;
- }
-
-
-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
- {
- BIGNUM *abs_m = NULL;
- int ret;
-
- if (!BN_nnmod(r, a, m, ctx)) return 0;
-
- if (m->neg)
- {
- abs_m = BN_dup(m);
- if (abs_m == NULL) return 0;
- abs_m->neg = 0;
- }
-
- ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
- bn_check_top(r);
-
- if (abs_m)
- BN_free(abs_m);
- return ret;
- }
-
-
-/* BN_mod_lshift variant that may be used if a is non-negative
- * and less than m */
-int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
- {
- if (r != a)
- {
- if (BN_copy(r, a) == NULL) return 0;
- }
-
- while (n > 0)
- {
- int max_shift;
-
- /* 0 < r < m */
- max_shift = BN_num_bits(m) - BN_num_bits(r);
- /* max_shift >= 0 */
-
- if (max_shift < 0)
- {
- BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
- return 0;
- }
-
- if (max_shift > n)
- max_shift = n;
-
- if (max_shift)
- {
- if (!BN_lshift(r, r, max_shift)) return 0;
- n -= max_shift;
- }
- else
- {
- if (!BN_lshift1(r, r)) return 0;
- --n;
- }
-
- /* BN_num_bits(r) <= BN_num_bits(m) */
-
- if (BN_cmp(r, m) >= 0)
- {
- if (!BN_sub(r, r, m)) return 0;
- }
- }
- bn_check_top(r);
-
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mod.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_mod.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mod.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mod.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,316 @@
+/* crypto/bn/bn_mod.c */
+/*
+ * Includes code written by Lenka Fibikova <fibikova at exp-math.uni-essen.de>
+ * for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#if 0 /* now just a #define */
+int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+{
+ return (BN_div(NULL, rem, m, d, ctx));
+ /* note that rem->neg == m->neg (unless the remainder is zero) */
+}
+#endif
+
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+{
+ /*
+ * like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d|
+ * always holds)
+ */
+
+ if (!(BN_mod(r, m, d, ctx)))
+ return 0;
+ if (!r->neg)
+ return 1;
+ /* now -|d| < r < 0, so we have to set r := r + |d| */
+ return (d->neg ? BN_sub : BN_add) (r, r, d);
+}
+
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ if (!BN_add(r, a, b))
+ return 0;
+ return BN_nnmod(r, r, m, ctx);
+}
+
+/*
+ * BN_mod_add variant that may be used if both a and b are non-negative and
+ * less than m
+ */
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *m)
+{
+ if (!BN_uadd(r, a, b))
+ return 0;
+ if (BN_ucmp(r, m) >= 0)
+ return BN_usub(r, r, m);
+ return 1;
+}
+
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ if (!BN_sub(r, a, b))
+ return 0;
+ return BN_nnmod(r, r, m, ctx);
+}
+
+/*
+ * BN_mod_sub variant that may be used if both a and b are non-negative and
+ * less than m
+ */
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ const BIGNUM *m)
+{
+ if (!BN_sub(r, a, b))
+ return 0;
+ if (r->neg)
+ return BN_add(r, r, m);
+ return 1;
+}
+
+/* slow but works */
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ BIGNUM *t;
+ int ret = 0;
+
+ bn_check_top(a);
+ bn_check_top(b);
+ bn_check_top(m);
+
+ BN_CTX_start(ctx);
+ if ((t = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if (a == b) {
+ if (!BN_sqr(t, a, ctx))
+ goto err;
+ } else {
+ if (!BN_mul(t, a, b, ctx))
+ goto err;
+ }
+ if (!BN_nnmod(r, t, m, ctx))
+ goto err;
+ bn_check_top(r);
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ return (ret);
+}
+
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+ if (!BN_sqr(r, a, ctx))
+ return 0;
+ /* r->neg == 0, thus we don't need BN_nnmod */
+ return BN_mod(r, r, m, ctx);
+}
+
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+ if (!BN_lshift1(r, a))
+ return 0;
+ bn_check_top(r);
+ return BN_nnmod(r, r, m, ctx);
+}
+
+/*
+ * BN_mod_lshift1 variant that may be used if a is non-negative and less than
+ * m
+ */
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
+{
+ if (!BN_lshift1(r, a))
+ return 0;
+ bn_check_top(r);
+ if (BN_cmp(r, m) >= 0)
+ return BN_sub(r, r, m);
+ return 1;
+}
+
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
+ BN_CTX *ctx)
+{
+ BIGNUM *abs_m = NULL;
+ int ret;
+
+ if (!BN_nnmod(r, a, m, ctx))
+ return 0;
+
+ if (m->neg) {
+ abs_m = BN_dup(m);
+ if (abs_m == NULL)
+ return 0;
+ abs_m->neg = 0;
+ }
+
+ ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
+ bn_check_top(r);
+
+ if (abs_m)
+ BN_free(abs_m);
+ return ret;
+}
+
+/*
+ * BN_mod_lshift variant that may be used if a is non-negative and less than
+ * m
+ */
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
+{
+ if (r != a) {
+ if (BN_copy(r, a) == NULL)
+ return 0;
+ }
+
+ while (n > 0) {
+ int max_shift;
+
+ /* 0 < r < m */
+ max_shift = BN_num_bits(m) - BN_num_bits(r);
+ /* max_shift >= 0 */
+
+ if (max_shift < 0) {
+ BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
+ return 0;
+ }
+
+ if (max_shift > n)
+ max_shift = n;
+
+ if (max_shift) {
+ if (!BN_lshift(r, r, max_shift))
+ return 0;
+ n -= max_shift;
+ } else {
+ if (!BN_lshift1(r, r))
+ return 0;
+ --n;
+ }
+
+ /* BN_num_bits(r) <= BN_num_bits(m) */
+
+ if (BN_cmp(r, m) >= 0) {
+ if (!BN_sub(r, r, m))
+ return 0;
+ }
+ }
+ bn_check_top(r);
+
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mont.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_mont.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mont.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,738 +0,0 @@
-/* crypto/bn/bn_mont.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
- * Details about Montgomery multiplication algorithms can be found at
- * http://security.ece.orst.edu/publications.html, e.g.
- * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
- * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define MONT_WORD /* use the faster word-based algorithm */
-
-#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
-/* This condition means we have a specific non-default build:
- * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any
- * BN_BITS2<=32 platform; an explicit "enable-montasm" is required.
- * I.e., if we are here, the user intentionally deviates from the
- * normal stable build to get better Montgomery performance from
- * the 0.9.9-dev backport.
- *
- * In this case only, we also enable BN_from_montgomery_word()
- * (another non-stable feature from 0.9.9-dev).
- */
-#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-#endif
-
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
-#endif
-
-
-
-int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
- BN_MONT_CTX *mont, BN_CTX *ctx)
- {
- BIGNUM *tmp;
- int ret=0;
-#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
- int num = mont->N.top;
-
- if (num>1 && a->top==num && b->top==num)
- {
- if (bn_wexpand(r,num) == NULL) return(0);
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
- if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num))
-#else
- if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num))
-#endif
- {
- r->neg = a->neg^b->neg;
- r->top = num;
- bn_correct_top(r);
- return(1);
- }
- }
-#endif
-
- BN_CTX_start(ctx);
- tmp = BN_CTX_get(ctx);
- if (tmp == NULL) goto err;
-
- bn_check_top(tmp);
- if (a == b)
- {
- if (!BN_sqr(tmp,a,ctx)) goto err;
- }
- else
- {
- if (!BN_mul(tmp,a,b,ctx)) goto err;
- }
- /* reduce from aRR to aR */
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
- if (!BN_from_montgomery_word(r,tmp,mont)) goto err;
-#else
- if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
-#endif
- bn_check_top(r);
- ret=1;
-err:
- BN_CTX_end(ctx);
- return(ret);
- }
-
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
- {
- BIGNUM *n;
- BN_ULONG *ap,*np,*rp,n0,v,*nrp;
- int al,nl,max,i,x,ri;
-
- n= &(mont->N);
- /* mont->ri is the size of mont->N in bits (rounded up
- to the word size) */
- al=ri=mont->ri/BN_BITS2;
-
- nl=n->top;
- if ((al == 0) || (nl == 0)) { ret->top=0; return(1); }
-
- max=(nl+al+1); /* allow for overflow (no?) XXX */
- if (bn_wexpand(r,max) == NULL) return(0);
-
- r->neg^=n->neg;
- np=n->d;
- rp=r->d;
- nrp= &(r->d[nl]);
-
- /* clear the top words of T */
- for (i=r->top; i<max; i++) /* memset? XXX */
- r->d[i]=0;
-
- r->top=max;
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
- n0=mont->n0[0];
-#else
- n0=mont->n0;
-#endif
-
-#ifdef BN_COUNT
- fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl);
-#endif
- for (i=0; i<nl; i++)
- {
-#ifdef __TANDEM
- {
- long long t1;
- long long t2;
- long long t3;
- t1 = rp[0] * (n0 & 0177777);
- t2 = 037777600000l;
- t2 = n0 & t2;
- t3 = rp[0] & 0177777;
- t2 = (t3 * t2) & BN_MASK2;
- t1 = t1 + t2;
- v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
- }
-#else
- v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-#endif
- nrp++;
- rp++;
- if (((nrp[-1]+=v)&BN_MASK2) >= v)
- continue;
- else
- {
- if (((++nrp[0])&BN_MASK2) != 0) continue;
- if (((++nrp[1])&BN_MASK2) != 0) continue;
- for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
- }
- }
- bn_correct_top(r);
-
- /* mont->ri will be a multiple of the word size and below code
- * is kind of BN_rshift(ret,r,mont->ri) equivalent */
- if (r->top <= ri)
- {
- ret->top=0;
- return(1);
- }
- al=r->top-ri;
-
- if (bn_wexpand(ret,ri) == NULL) return(0);
- x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
- ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */
- ret->neg=r->neg;
-
- rp=ret->d;
- ap=&(r->d[ri]);
-
- {
- size_t m1,m2;
-
- v=bn_sub_words(rp,ap,np,ri);
- /* this ----------------^^ works even in al<ri case
- * thanks to zealous zeroing of top of the vector in the
- * beginning. */
-
- /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
- /* in other words if subtraction result is real, then
- * trick unconditional memcpy below to perform in-place
- * "refresh" instead of actual copy. */
- m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */
- m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */
- m1|=m2; /* (al!=ri) */
- m1|=(0-(size_t)v); /* (al!=ri || v) */
- m1&=~m2; /* (al!=ri || v) && !al>ri */
- nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
- }
-
- /* 'i<ri' is chosen to eliminate dependency on input data, even
- * though it results in redundant copy in al<ri case. */
- for (i=0,ri-=4; i<ri; i+=4)
- {
- BN_ULONG t1,t2,t3,t4;
-
- t1=nrp[i+0];
- t2=nrp[i+1];
- t3=nrp[i+2]; ap[i+0]=0;
- t4=nrp[i+3]; ap[i+1]=0;
- rp[i+0]=t1; ap[i+2]=0;
- rp[i+1]=t2; ap[i+3]=0;
- rp[i+2]=t3;
- rp[i+3]=t4;
- }
- for (ri+=4; i<ri; i++)
- rp[i]=nrp[i], ap[i]=0;
- bn_correct_top(r);
- bn_correct_top(ret);
- bn_check_top(ret);
-
- return(1);
- }
-
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx)
- {
- int retn=0;
- BIGNUM *t;
-
- BN_CTX_start(ctx);
- if ((t = BN_CTX_get(ctx)) && BN_copy(t,a))
- retn = BN_from_montgomery_word(ret,t,mont);
- BN_CTX_end(ctx);
- return retn;
- }
-
-#else /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
-
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx)
- {
- int retn=0;
-
-#ifdef MONT_WORD
- BIGNUM *n,*r;
- BN_ULONG *ap,*np,*rp,n0,v,*nrp;
- int al,nl,max,i,x,ri;
-
- BN_CTX_start(ctx);
- if ((r = BN_CTX_get(ctx)) == NULL) goto err;
-
- if (!BN_copy(r,a)) goto err;
- n= &(mont->N);
-
- ap=a->d;
- /* mont->ri is the size of mont->N in bits (rounded up
- to the word size) */
- al=ri=mont->ri/BN_BITS2;
-
- nl=n->top;
- if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
-
- max=(nl+al+1); /* allow for overflow (no?) XXX */
- if (bn_wexpand(r,max) == NULL) goto err;
-
- r->neg=a->neg^n->neg;
- np=n->d;
- rp=r->d;
- nrp= &(r->d[nl]);
-
- /* clear the top words of T */
-#if 1
- for (i=r->top; i<max; i++) /* memset? XXX */
- r->d[i]=0;
-#else
- memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG));
-#endif
-
- r->top=max;
- n0=mont->n0;
-
-#ifdef BN_COUNT
- fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl);
-#endif
- for (i=0; i<nl; i++)
- {
-#ifdef __TANDEM
- {
- long long t1;
- long long t2;
- long long t3;
- t1 = rp[0] * (n0 & 0177777);
- t2 = 037777600000l;
- t2 = n0 & t2;
- t3 = rp[0] & 0177777;
- t2 = (t3 * t2) & BN_MASK2;
- t1 = t1 + t2;
- v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
- }
-#else
- v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-#endif
- nrp++;
- rp++;
- if (((nrp[-1]+=v)&BN_MASK2) >= v)
- continue;
- else
- {
- if (((++nrp[0])&BN_MASK2) != 0) continue;
- if (((++nrp[1])&BN_MASK2) != 0) continue;
- for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
- }
- }
- bn_correct_top(r);
-
- /* mont->ri will be a multiple of the word size and below code
- * is kind of BN_rshift(ret,r,mont->ri) equivalent */
- if (r->top <= ri)
- {
- ret->top=0;
- retn=1;
- goto err;
- }
- al=r->top-ri;
-
-# define BRANCH_FREE 1
-# if BRANCH_FREE
- if (bn_wexpand(ret,ri) == NULL) goto err;
- x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
- ret->top=x=(ri&~x)|(al&x); /* min(ri,al) */
- ret->neg=r->neg;
-
- rp=ret->d;
- ap=&(r->d[ri]);
-
- {
- size_t m1,m2;
-
- v=bn_sub_words(rp,ap,np,ri);
- /* this ----------------^^ works even in al<ri case
- * thanks to zealous zeroing of top of the vector in the
- * beginning. */
-
- /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
- /* in other words if subtraction result is real, then
- * trick unconditional memcpy below to perform in-place
- * "refresh" instead of actual copy. */
- m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1); /* al<ri */
- m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1); /* al>ri */
- m1|=m2; /* (al!=ri) */
- m1|=(0-(size_t)v); /* (al!=ri || v) */
- m1&=~m2; /* (al!=ri || v) && !al>ri */
- nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
- }
-
- /* 'i<ri' is chosen to eliminate dependency on input data, even
- * though it results in redundant copy in al<ri case. */
- for (i=0,ri-=4; i<ri; i+=4)
- {
- BN_ULONG t1,t2,t3,t4;
-
- t1=nrp[i+0];
- t2=nrp[i+1];
- t3=nrp[i+2]; ap[i+0]=0;
- t4=nrp[i+3]; ap[i+1]=0;
- rp[i+0]=t1; ap[i+2]=0;
- rp[i+1]=t2; ap[i+3]=0;
- rp[i+2]=t3;
- rp[i+3]=t4;
- }
- for (ri+=4; i<ri; i++)
- rp[i]=nrp[i], ap[i]=0;
- bn_correct_top(r);
- bn_correct_top(ret);
-# else
- if (bn_wexpand(ret,al) == NULL) goto err;
- ret->top=al;
- ret->neg=r->neg;
-
- rp=ret->d;
- ap=&(r->d[ri]);
- al-=4;
- for (i=0; i<al; i+=4)
- {
- BN_ULONG t1,t2,t3,t4;
-
- t1=ap[i+0];
- t2=ap[i+1];
- t3=ap[i+2];
- t4=ap[i+3];
- rp[i+0]=t1;
- rp[i+1]=t2;
- rp[i+2]=t3;
- rp[i+3]=t4;
- }
- al+=4;
- for (; i<al; i++)
- rp[i]=ap[i];
-# endif
-#else /* !MONT_WORD */
- BIGNUM *t1,*t2;
-
- BN_CTX_start(ctx);
- t1 = BN_CTX_get(ctx);
- t2 = BN_CTX_get(ctx);
- if (t1 == NULL || t2 == NULL) goto err;
-
- if (!BN_copy(t1,a)) goto err;
- BN_mask_bits(t1,mont->ri);
-
- if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err;
- BN_mask_bits(t2,mont->ri);
-
- if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
- if (!BN_add(t2,a,t1)) goto err;
- if (!BN_rshift(ret,t2,mont->ri)) goto err;
-#endif /* MONT_WORD */
-
-#if !defined(BRANCH_FREE) || BRANCH_FREE==0
- if (BN_ucmp(ret, &(mont->N)) >= 0)
- {
- if (!BN_usub(ret,ret,&(mont->N))) goto err;
- }
-#endif
- retn=1;
- bn_check_top(ret);
- err:
- BN_CTX_end(ctx);
- return(retn);
- }
-#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
-
-BN_MONT_CTX *BN_MONT_CTX_new(void)
- {
- BN_MONT_CTX *ret;
-
- if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)
- return(NULL);
-
- BN_MONT_CTX_init(ret);
- ret->flags=BN_FLG_MALLOCED;
- return(ret);
- }
-
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
- {
- ctx->ri=0;
- BN_init(&(ctx->RR));
- BN_init(&(ctx->N));
- BN_init(&(ctx->Ni));
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
- ctx->n0[0] = ctx->n0[1] = 0;
-#else
- ctx->n0 = 0;
-#endif
- ctx->flags=0;
- }
-
-void BN_MONT_CTX_free(BN_MONT_CTX *mont)
- {
- if(mont == NULL)
- return;
-
- BN_free(&(mont->RR));
- BN_free(&(mont->N));
- BN_free(&(mont->Ni));
- if (mont->flags & BN_FLG_MALLOCED)
- OPENSSL_free(mont);
- }
-
-int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
- {
- int ret = 0;
- BIGNUM *Ri,*R;
-
- BN_CTX_start(ctx);
- if((Ri = BN_CTX_get(ctx)) == NULL) goto err;
- R= &(mont->RR); /* grab RR as a temp */
- if (!BN_copy(&(mont->N),mod)) goto err; /* Set N */
- mont->N.neg = 0;
-
-#ifdef MONT_WORD
- {
- BIGNUM tmod;
- BN_ULONG buf[2];
-
- mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
- BN_zero(R);
-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)",
- only certain BN_BITS2<=32 platforms actually need this */
- if (!(BN_set_bit(R,2*BN_BITS2))) goto err; /* R */
-#else
- if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */
-#endif
-
- buf[0]=mod->d[0]; /* tmod = N mod word size */
- buf[1]=0;
-
- BN_init(&tmod);
- tmod.d=buf;
- tmod.top = buf[0] != 0 ? 1 : 0;
- tmod.dmax=2;
- tmod.neg=0;
-
-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)";
- only certain BN_BITS2<=32 platforms actually need this */
- tmod.top=0;
- if ((buf[0] = mod->d[0])) tmod.top=1;
- if ((buf[1] = mod->top>1 ? mod->d[1] : 0)) tmod.top=2;
-
- if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
- goto err;
- if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */
- if (!BN_is_zero(Ri))
- {
- if (!BN_sub_word(Ri,1)) goto err;
- }
- else /* if N mod word size == 1 */
- {
- if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL)
- goto err;
- /* Ri-- (mod double word size) */
- Ri->neg=0;
- Ri->d[0]=BN_MASK2;
- Ri->d[1]=BN_MASK2;
- Ri->top=2;
- }
- if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
- /* Ni = (R*Ri-1)/N,
- * keep only couple of least significant words: */
- mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
- mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
-#else
- /* Ri = R^-1 mod N*/
- if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
- goto err;
- if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */
- if (!BN_is_zero(Ri))
- {
- if (!BN_sub_word(Ri,1)) goto err;
- }
- else /* if N mod word size == 1 */
- {
- if (!BN_set_word(Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */
- }
- if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
- /* Ni = (R*Ri-1)/N,
- * keep only least significant word: */
-# if 0 /* for OpenSSL 0.9.9 mont->n0 */
- mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
- mont->n0[1] = 0;
-# else
- mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0;
-# endif
-#endif
- }
-#else /* !MONT_WORD */
- { /* bignum version */
- mont->ri=BN_num_bits(&mont->N);
- BN_zero(R);
- if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */
- /* Ri = R^-1 mod N*/
- if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL)
- goto err;
- if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */
- if (!BN_sub_word(Ri,1)) goto err;
- /* Ni = (R*Ri-1) / N */
- if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err;
- }
-#endif
-
- /* setup RR for conversions */
- BN_zero(&(mont->RR));
- if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;
- if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;
-
- ret = 1;
-err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
- {
- if (to == from) return(to);
-
- if (!BN_copy(&(to->RR),&(from->RR))) return NULL;
- if (!BN_copy(&(to->N),&(from->N))) return NULL;
- if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
- to->ri=from->ri;
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
- to->n0[0]=from->n0[0];
- to->n0[1]=from->n0[1];
-#else
- to->n0=from->n0;
-#endif
- return(to);
- }
-
-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
- const BIGNUM *mod, BN_CTX *ctx)
- {
- BN_MONT_CTX *ret;
-
- CRYPTO_r_lock(lock);
- ret = *pmont;
- CRYPTO_r_unlock(lock);
- if (ret)
- return ret;
-
- /* We don't want to serialise globally while doing our lazy-init math in
- * BN_MONT_CTX_set. That punishes threads that are doing independent
- * things. Instead, punish the case where more than one thread tries to
- * lazy-init the same 'pmont', by having each do the lazy-init math work
- * independently and only use the one from the thread that wins the race
- * (the losers throw away the work they've done). */
- ret = BN_MONT_CTX_new();
- if (!ret)
- return NULL;
- if (!BN_MONT_CTX_set(ret, mod, ctx))
- {
- BN_MONT_CTX_free(ret);
- return NULL;
- }
-
- /* The locked compare-and-set, after the local work is done. */
- CRYPTO_w_lock(lock);
- if (*pmont)
- {
- BN_MONT_CTX_free(ret);
- ret = *pmont;
- }
- else
- *pmont = ret;
- CRYPTO_w_unlock(lock);
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mont.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_mont.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mont.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mont.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,801 @@
+/* crypto/bn/bn_mont.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * Details about Montgomery multiplication algorithms can be found at
+ * http://security.ece.orst.edu/publications.html, e.g.
+ * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
+ * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#define MONT_WORD /* use the faster word-based algorithm */
+
+#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
+/*
+ * This condition means we have a specific non-default build: In the 0.9.8
+ * branch, OPENSSL_BN_ASM_MONT is normally not set for any BN_BITS2<=32
+ * platform; an explicit "enable-montasm" is required. I.e., if we are here,
+ * the user intentionally deviates from the normal stable build to get better
+ * Montgomery performance from the 0.9.9-dev backport. In this case only, we
+ * also enable BN_from_montgomery_word() (another non-stable feature from
+ * 0.9.9-dev).
+ */
+# define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+#endif
+
+#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
+#endif
+
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+ BN_MONT_CTX *mont, BN_CTX *ctx)
+{
+ BIGNUM *tmp;
+ int ret = 0;
+#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
+ int num = mont->N.top;
+
+ if (num > 1 && a->top == num && b->top == num) {
+ if (bn_wexpand(r, num) == NULL)
+ return (0);
+# if 0 /* for OpenSSL 0.9.9 mont->n0 */
+ if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num))
+# else
+ if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, &mont->n0, num))
+# endif
+ {
+ r->neg = a->neg ^ b->neg;
+ r->top = num;
+ bn_correct_top(r);
+ return (1);
+ }
+ }
+#endif
+
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
+ if (tmp == NULL)
+ goto err;
+
+ bn_check_top(tmp);
+ if (a == b) {
+ if (!BN_sqr(tmp, a, ctx))
+ goto err;
+ } else {
+ if (!BN_mul(tmp, a, b, ctx))
+ goto err;
+ }
+ /* reduce from aRR to aR */
+#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+ if (!BN_from_montgomery_word(r, tmp, mont))
+ goto err;
+#else
+ if (!BN_from_montgomery(r, tmp, mont, ctx))
+ goto err;
+#endif
+ bn_check_top(r);
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ return (ret);
+}
+
+#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
+{
+ BIGNUM *n;
+ BN_ULONG *ap, *np, *rp, n0, v, *nrp;
+ int al, nl, max, i, x, ri;
+
+ n = &(mont->N);
+ /*
+ * mont->ri is the size of mont->N in bits (rounded up to the word size)
+ */
+ al = ri = mont->ri / BN_BITS2;
+
+ nl = n->top;
+ if ((al == 0) || (nl == 0)) {
+ ret->top = 0;
+ return (1);
+ }
+
+ max = (nl + al + 1); /* allow for overflow (no?) XXX */
+ if (bn_wexpand(r, max) == NULL)
+ return (0);
+
+ r->neg ^= n->neg;
+ np = n->d;
+ rp = r->d;
+ nrp = &(r->d[nl]);
+
+ /* clear the top words of T */
+ for (i = r->top; i < max; i++) /* memset? XXX */
+ r->d[i] = 0;
+
+ r->top = max;
+# if 0 /* for OpenSSL 0.9.9 mont->n0 */
+ n0 = mont->n0[0];
+# else
+ n0 = mont->n0;
+# endif
+
+# ifdef BN_COUNT
+ fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl);
+# endif
+ for (i = 0; i < nl; i++) {
+# ifdef __TANDEM
+ {
+ long long t1;
+ long long t2;
+ long long t3;
+ t1 = rp[0] * (n0 & 0177777);
+ t2 = 037777600000l;
+ t2 = n0 & t2;
+ t3 = rp[0] & 0177777;
+ t2 = (t3 * t2) & BN_MASK2;
+ t1 = t1 + t2;
+ v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1);
+ }
+# else
+ v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
+# endif
+ nrp++;
+ rp++;
+ if (((nrp[-1] += v) & BN_MASK2) >= v)
+ continue;
+ else {
+ if (((++nrp[0]) & BN_MASK2) != 0)
+ continue;
+ if (((++nrp[1]) & BN_MASK2) != 0)
+ continue;
+ for (x = 2; (((++nrp[x]) & BN_MASK2) == 0); x++) ;
+ }
+ }
+ bn_correct_top(r);
+
+ /*
+ * mont->ri will be a multiple of the word size and below code is kind of
+ * BN_rshift(ret,r,mont->ri) equivalent
+ */
+ if (r->top <= ri) {
+ ret->top = 0;
+ return (1);
+ }
+ al = r->top - ri;
+
+ if (bn_wexpand(ret, ri) == NULL)
+ return (0);
+ x = 0 - (((al - ri) >> (sizeof(al) * 8 - 1)) & 1);
+ ret->top = x = (ri & ~x) | (al & x); /* min(ri,al) */
+ ret->neg = r->neg;
+
+ rp = ret->d;
+ ap = &(r->d[ri]);
+
+ {
+ size_t m1, m2;
+
+ v = bn_sub_words(rp, ap, np, ri);
+ /*
+ * this ----------------^^ works even in al<ri case thanks to zealous
+ * zeroing of top of the vector in the beginning.
+ */
+
+ /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
+ /*
+ * in other words if subtraction result is real, then trick
+ * unconditional memcpy below to perform in-place "refresh" instead
+ * of actual copy.
+ */
+ m1 = 0 - (size_t)(((al - ri) >> (sizeof(al) * 8 - 1)) & 1); /* al<ri */
+ m2 = 0 - (size_t)(((ri - al) >> (sizeof(al) * 8 - 1)) & 1); /* al>ri */
+ m1 |= m2; /* (al!=ri) */
+ m1 |= (0 - (size_t)v); /* (al!=ri || v) */
+ m1 &= ~m2; /* (al!=ri || v) && !al>ri */
+ nrp = (BN_ULONG *)(((size_t)rp & ~m1) | ((size_t)ap & m1));
+ }
+
+ /*
+ * 'i<ri' is chosen to eliminate dependency on input data, even though it
+ * results in redundant copy in al<ri case.
+ */
+ for (i = 0, ri -= 4; i < ri; i += 4) {
+ BN_ULONG t1, t2, t3, t4;
+
+ t1 = nrp[i + 0];
+ t2 = nrp[i + 1];
+ t3 = nrp[i + 2];
+ ap[i + 0] = 0;
+ t4 = nrp[i + 3];
+ ap[i + 1] = 0;
+ rp[i + 0] = t1;
+ ap[i + 2] = 0;
+ rp[i + 1] = t2;
+ ap[i + 3] = 0;
+ rp[i + 2] = t3;
+ rp[i + 3] = t4;
+ }
+ for (ri += 4; i < ri; i++)
+ rp[i] = nrp[i], ap[i] = 0;
+ bn_correct_top(r);
+ bn_correct_top(ret);
+ bn_check_top(ret);
+
+ return (1);
+}
+
+int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx)
+{
+ int retn = 0;
+ BIGNUM *t;
+
+ BN_CTX_start(ctx);
+ if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
+ retn = BN_from_montgomery_word(ret, t, mont);
+ BN_CTX_end(ctx);
+ return retn;
+}
+
+#else /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
+
+int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+ BN_CTX *ctx)
+{
+ int retn = 0;
+
+# ifdef MONT_WORD
+ BIGNUM *n, *r;
+ BN_ULONG *ap, *np, *rp, n0, v, *nrp;
+ int al, nl, max, i, x, ri;
+
+ BN_CTX_start(ctx);
+ if ((r = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
+ if (!BN_copy(r, a))
+ goto err;
+ n = &(mont->N);
+
+ ap = a->d;
+ /*
+ * mont->ri is the size of mont->N in bits (rounded up to the word size)
+ */
+ al = ri = mont->ri / BN_BITS2;
+
+ nl = n->top;
+ if ((al == 0) || (nl == 0)) {
+ r->top = 0;
+ return (1);
+ }
+
+ max = (nl + al + 1); /* allow for overflow (no?) XXX */
+ if (bn_wexpand(r, max) == NULL)
+ goto err;
+
+ r->neg = a->neg ^ n->neg;
+ np = n->d;
+ rp = r->d;
+ nrp = &(r->d[nl]);
+
+ /* clear the top words of T */
+# if 1
+ for (i = r->top; i < max; i++) /* memset? XXX */
+ r->d[i] = 0;
+# else
+ memset(&(r->d[r->top]), 0, (max - r->top) * sizeof(BN_ULONG));
+# endif
+
+ r->top = max;
+ n0 = mont->n0;
+
+# ifdef BN_COUNT
+ fprintf(stderr, "word BN_from_montgomery %d * %d\n", nl, nl);
+# endif
+ for (i = 0; i < nl; i++) {
+# ifdef __TANDEM
+ {
+ long long t1;
+ long long t2;
+ long long t3;
+ t1 = rp[0] * (n0 & 0177777);
+ t2 = 037777600000l;
+ t2 = n0 & t2;
+ t3 = rp[0] & 0177777;
+ t2 = (t3 * t2) & BN_MASK2;
+ t1 = t1 + t2;
+ v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1);
+ }
+# else
+ v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
+# endif
+ nrp++;
+ rp++;
+ if (((nrp[-1] += v) & BN_MASK2) >= v)
+ continue;
+ else {
+ if (((++nrp[0]) & BN_MASK2) != 0)
+ continue;
+ if (((++nrp[1]) & BN_MASK2) != 0)
+ continue;
+ for (x = 2; (((++nrp[x]) & BN_MASK2) == 0); x++) ;
+ }
+ }
+ bn_correct_top(r);
+
+ /*
+ * mont->ri will be a multiple of the word size and below code is kind of
+ * BN_rshift(ret,r,mont->ri) equivalent
+ */
+ if (r->top <= ri) {
+ ret->top = 0;
+ retn = 1;
+ goto err;
+ }
+ al = r->top - ri;
+
+# define BRANCH_FREE 1
+# if BRANCH_FREE
+ if (bn_wexpand(ret, ri) == NULL)
+ goto err;
+ x = 0 - (((al - ri) >> (sizeof(al) * 8 - 1)) & 1);
+ ret->top = x = (ri & ~x) | (al & x); /* min(ri,al) */
+ ret->neg = r->neg;
+
+ rp = ret->d;
+ ap = &(r->d[ri]);
+
+ {
+ size_t m1, m2;
+
+ v = bn_sub_words(rp, ap, np, ri);
+ /*
+ * this ----------------^^ works even in al<ri case thanks to zealous
+ * zeroing of top of the vector in the beginning.
+ */
+
+ /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
+ /*
+ * in other words if subtraction result is real, then trick
+ * unconditional memcpy below to perform in-place "refresh" instead
+ * of actual copy.
+ */
+ m1 = 0 - (size_t)(((al - ri) >> (sizeof(al) * 8 - 1)) & 1); /* al<ri */
+ m2 = 0 - (size_t)(((ri - al) >> (sizeof(al) * 8 - 1)) & 1); /* al>ri */
+ m1 |= m2; /* (al!=ri) */
+ m1 |= (0 - (size_t)v); /* (al!=ri || v) */
+ m1 &= ~m2; /* (al!=ri || v) && !al>ri */
+ nrp = (BN_ULONG *)(((size_t)rp & ~m1) | ((size_t)ap & m1));
+ }
+
+ /*
+ * 'i<ri' is chosen to eliminate dependency on input data, even though it
+ * results in redundant copy in al<ri case.
+ */
+ for (i = 0, ri -= 4; i < ri; i += 4) {
+ BN_ULONG t1, t2, t3, t4;
+
+ t1 = nrp[i + 0];
+ t2 = nrp[i + 1];
+ t3 = nrp[i + 2];
+ ap[i + 0] = 0;
+ t4 = nrp[i + 3];
+ ap[i + 1] = 0;
+ rp[i + 0] = t1;
+ ap[i + 2] = 0;
+ rp[i + 1] = t2;
+ ap[i + 3] = 0;
+ rp[i + 2] = t3;
+ rp[i + 3] = t4;
+ }
+ for (ri += 4; i < ri; i++)
+ rp[i] = nrp[i], ap[i] = 0;
+ bn_correct_top(r);
+ bn_correct_top(ret);
+# else
+ if (bn_wexpand(ret, al) == NULL)
+ goto err;
+ ret->top = al;
+ ret->neg = r->neg;
+
+ rp = ret->d;
+ ap = &(r->d[ri]);
+ al -= 4;
+ for (i = 0; i < al; i += 4) {
+ BN_ULONG t1, t2, t3, t4;
+
+ t1 = ap[i + 0];
+ t2 = ap[i + 1];
+ t3 = ap[i + 2];
+ t4 = ap[i + 3];
+ rp[i + 0] = t1;
+ rp[i + 1] = t2;
+ rp[i + 2] = t3;
+ rp[i + 3] = t4;
+ }
+ al += 4;
+ for (; i < al; i++)
+ rp[i] = ap[i];
+# endif
+# else /* !MONT_WORD */
+ BIGNUM *t1, *t2;
+
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ t2 = BN_CTX_get(ctx);
+ if (t1 == NULL || t2 == NULL)
+ goto err;
+
+ if (!BN_copy(t1, a))
+ goto err;
+ BN_mask_bits(t1, mont->ri);
+
+ if (!BN_mul(t2, t1, &mont->Ni, ctx))
+ goto err;
+ BN_mask_bits(t2, mont->ri);
+
+ if (!BN_mul(t1, t2, &mont->N, ctx))
+ goto err;
+ if (!BN_add(t2, a, t1))
+ goto err;
+ if (!BN_rshift(ret, t2, mont->ri))
+ goto err;
+# endif /* MONT_WORD */
+
+# if !defined(BRANCH_FREE) || BRANCH_FREE==0
+ if (BN_ucmp(ret, &(mont->N)) >= 0) {
+ if (!BN_usub(ret, ret, &(mont->N)))
+ goto err;
+ }
+# endif
+ retn = 1;
+ bn_check_top(ret);
+ err:
+ BN_CTX_end(ctx);
+ return (retn);
+}
+#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
+
+BN_MONT_CTX *BN_MONT_CTX_new(void)
+{
+ BN_MONT_CTX *ret;
+
+ if ((ret = (BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)
+ return (NULL);
+
+ BN_MONT_CTX_init(ret);
+ ret->flags = BN_FLG_MALLOCED;
+ return (ret);
+}
+
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
+{
+ ctx->ri = 0;
+ BN_init(&(ctx->RR));
+ BN_init(&(ctx->N));
+ BN_init(&(ctx->Ni));
+#if 0 /* for OpenSSL 0.9.9 mont->n0 */
+ ctx->n0[0] = ctx->n0[1] = 0;
+#else
+ ctx->n0 = 0;
+#endif
+ ctx->flags = 0;
+}
+
+void BN_MONT_CTX_free(BN_MONT_CTX *mont)
+{
+ if (mont == NULL)
+ return;
+
+ BN_free(&(mont->RR));
+ BN_free(&(mont->N));
+ BN_free(&(mont->Ni));
+ if (mont->flags & BN_FLG_MALLOCED)
+ OPENSSL_free(mont);
+}
+
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
+{
+ int ret = 0;
+ BIGNUM *Ri, *R;
+
+ BN_CTX_start(ctx);
+ if ((Ri = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ R = &(mont->RR); /* grab RR as a temp */
+ if (!BN_copy(&(mont->N), mod))
+ goto err; /* Set N */
+ mont->N.neg = 0;
+
+#ifdef MONT_WORD
+ {
+ BIGNUM tmod;
+ BN_ULONG buf[2];
+
+ mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
+ BN_zero(R);
+# if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if
+ * defined(OPENSSL_BN_ASM_MONT) &&
+ * (BN_BITS2<=32)", only certain BN_BITS2<=32
+ * platforms actually need this */
+ if (!(BN_set_bit(R, 2 * BN_BITS2)))
+ goto err; /* R */
+# else
+ if (!(BN_set_bit(R, BN_BITS2)))
+ goto err; /* R */
+# endif
+
+ buf[0] = mod->d[0]; /* tmod = N mod word size */
+ buf[1] = 0;
+
+ BN_init(&tmod);
+ tmod.d = buf;
+ tmod.top = buf[0] != 0 ? 1 : 0;
+ tmod.dmax = 2;
+ tmod.neg = 0;
+
+# if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if
+ * defined(OPENSSL_BN_ASM_MONT) &&
+ * (BN_BITS2<=32)"; only certain BN_BITS2<=32
+ * platforms actually need this */
+ tmod.top = 0;
+ if ((buf[0] = mod->d[0]))
+ tmod.top = 1;
+ if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
+ tmod.top = 2;
+
+ if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
+ goto err;
+ if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
+ goto err; /* R*Ri */
+ if (!BN_is_zero(Ri)) {
+ if (!BN_sub_word(Ri, 1))
+ goto err;
+ } else { /* if N mod word size == 1 */
+
+ if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
+ goto err;
+ /* Ri-- (mod double word size) */
+ Ri->neg = 0;
+ Ri->d[0] = BN_MASK2;
+ Ri->d[1] = BN_MASK2;
+ Ri->top = 2;
+ }
+ if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+ goto err;
+ /*
+ * Ni = (R*Ri-1)/N, keep only couple of least significant words:
+ */
+ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+ mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
+# else
+ /* Ri = R^-1 mod N */
+ if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
+ goto err;
+ if (!BN_lshift(Ri, Ri, BN_BITS2))
+ goto err; /* R*Ri */
+ if (!BN_is_zero(Ri)) {
+ if (!BN_sub_word(Ri, 1))
+ goto err;
+ } else { /* if N mod word size == 1 */
+
+ if (!BN_set_word(Ri, BN_MASK2))
+ goto err; /* Ri-- (mod word size) */
+ }
+ if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+ goto err;
+ /*
+ * Ni = (R*Ri-1)/N, keep only least significant word:
+ */
+# if 0 /* for OpenSSL 0.9.9 mont->n0 */
+ mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+ mont->n0[1] = 0;
+# else
+ mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0;
+# endif
+# endif
+ }
+#else /* !MONT_WORD */
+ { /* bignum version */
+ mont->ri = BN_num_bits(&mont->N);
+ BN_zero(R);
+ if (!BN_set_bit(R, mont->ri))
+ goto err; /* R = 2^ri */
+ /* Ri = R^-1 mod N */
+ if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL)
+ goto err;
+ if (!BN_lshift(Ri, Ri, mont->ri))
+ goto err; /* R*Ri */
+ if (!BN_sub_word(Ri, 1))
+ goto err;
+ /*
+ * Ni = (R*Ri-1) / N
+ */
+ if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
+ goto err;
+ }
+#endif
+
+ /* setup RR for conversions */
+ BN_zero(&(mont->RR));
+ if (!BN_set_bit(&(mont->RR), mont->ri * 2))
+ goto err;
+ if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
+ goto err;
+
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
+{
+ if (to == from)
+ return (to);
+
+ if (!BN_copy(&(to->RR), &(from->RR)))
+ return NULL;
+ if (!BN_copy(&(to->N), &(from->N)))
+ return NULL;
+ if (!BN_copy(&(to->Ni), &(from->Ni)))
+ return NULL;
+ to->ri = from->ri;
+#if 0 /* for OpenSSL 0.9.9 mont->n0 */
+ to->n0[0] = from->n0[0];
+ to->n0[1] = from->n0[1];
+#else
+ to->n0 = from->n0;
+#endif
+ return (to);
+}
+
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
+ const BIGNUM *mod, BN_CTX *ctx)
+{
+ BN_MONT_CTX *ret;
+
+ CRYPTO_r_lock(lock);
+ ret = *pmont;
+ CRYPTO_r_unlock(lock);
+ if (ret)
+ return ret;
+
+ /*
+ * We don't want to serialise globally while doing our lazy-init math in
+ * BN_MONT_CTX_set. That punishes threads that are doing independent
+ * things. Instead, punish the case where more than one thread tries to
+ * lazy-init the same 'pmont', by having each do the lazy-init math work
+ * independently and only use the one from the thread that wins the race
+ * (the losers throw away the work they've done).
+ */
+ ret = BN_MONT_CTX_new();
+ if (!ret)
+ return NULL;
+ if (!BN_MONT_CTX_set(ret, mod, ctx)) {
+ BN_MONT_CTX_free(ret);
+ return NULL;
+ }
+
+ /* The locked compare-and-set, after the local work is done. */
+ CRYPTO_w_lock(lock);
+ if (*pmont) {
+ BN_MONT_CTX_free(ret);
+ ret = *pmont;
+ } else
+ *pmont = ret;
+ CRYPTO_w_unlock(lock);
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mpi.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_mpi.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mpi.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,130 +0,0 @@
-/* crypto/bn/bn_mpi.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
- {
- int bits;
- int num=0;
- int ext=0;
- long l;
-
- bits=BN_num_bits(a);
- num=(bits+7)/8;
- if (bits > 0)
- {
- ext=((bits & 0x07) == 0);
- }
- if (d == NULL)
- return(num+4+ext);
-
- l=num+ext;
- d[0]=(unsigned char)(l>>24)&0xff;
- d[1]=(unsigned char)(l>>16)&0xff;
- d[2]=(unsigned char)(l>> 8)&0xff;
- d[3]=(unsigned char)(l )&0xff;
- if (ext) d[4]=0;
- num=BN_bn2bin(a,&(d[4+ext]));
- if (a->neg)
- d[4]|=0x80;
- return(num+4+ext);
- }
-
-BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
- {
- long len;
- int neg=0;
-
- if (n < 4)
- {
- BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH);
- return(NULL);
- }
- len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3];
- if ((len+4) != n)
- {
- BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR);
- return(NULL);
- }
-
- if (a == NULL) a=BN_new();
- if (a == NULL) return(NULL);
-
- if (len == 0)
- {
- a->neg=0;
- a->top=0;
- return(a);
- }
- d+=4;
- if ((*d) & 0x80)
- neg=1;
- if (BN_bin2bn(d,(int)len,a) == NULL)
- return(NULL);
- a->neg=neg;
- if (neg)
- {
- BN_clear_bit(a,BN_num_bits(a)-1);
- }
- bn_check_top(a);
- return(a);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mpi.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_mpi.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mpi.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mpi.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,128 @@
+/* crypto/bn/bn_mpi.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
+{
+ int bits;
+ int num = 0;
+ int ext = 0;
+ long l;
+
+ bits = BN_num_bits(a);
+ num = (bits + 7) / 8;
+ if (bits > 0) {
+ ext = ((bits & 0x07) == 0);
+ }
+ if (d == NULL)
+ return (num + 4 + ext);
+
+ l = num + ext;
+ d[0] = (unsigned char)(l >> 24) & 0xff;
+ d[1] = (unsigned char)(l >> 16) & 0xff;
+ d[2] = (unsigned char)(l >> 8) & 0xff;
+ d[3] = (unsigned char)(l) & 0xff;
+ if (ext)
+ d[4] = 0;
+ num = BN_bn2bin(a, &(d[4 + ext]));
+ if (a->neg)
+ d[4] |= 0x80;
+ return (num + 4 + ext);
+}
+
+BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
+{
+ long len;
+ int neg = 0;
+
+ if (n < 4) {
+ BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
+ return (NULL);
+ }
+ len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int)
+ d[3];
+ if ((len + 4) != n) {
+ BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
+ return (NULL);
+ }
+
+ if (a == NULL)
+ a = BN_new();
+ if (a == NULL)
+ return (NULL);
+
+ if (len == 0) {
+ a->neg = 0;
+ a->top = 0;
+ return (a);
+ }
+ d += 4;
+ if ((*d) & 0x80)
+ neg = 1;
+ if (BN_bin2bn(d, (int)len, a) == NULL)
+ return (NULL);
+ a->neg = neg;
+ if (neg) {
+ BN_clear_bit(a, BN_num_bits(a) - 1);
+ }
+ bn_check_top(a);
+ return (a);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mul.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_mul.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mul.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1166 +0,0 @@
-/* crypto/bn/bn_mul.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <stdio.h>
-#include <assert.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
-/* Here follows specialised variants of bn_add_words() and
- bn_sub_words(). They have the property performing operations on
- arrays of different sizes. The sizes of those arrays is expressed through
- cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl,
- which is the delta between the two lengths, calculated as len(a)-len(b).
- All lengths are the number of BN_ULONGs... For the operations that require
- a result array as parameter, it must have the length cl+abs(dl).
- These functions should probably end up in bn_asm.c as soon as there are
- assembler counterparts for the systems that use assembler files. */
-
-BN_ULONG bn_sub_part_words(BN_ULONG *r,
- const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl)
- {
- BN_ULONG c, t;
-
- assert(cl >= 0);
- c = bn_sub_words(r, a, b, cl);
-
- if (dl == 0)
- return c;
-
- r += cl;
- a += cl;
- b += cl;
-
- if (dl < 0)
- {
-#ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
-#endif
- for (;;)
- {
- t = b[0];
- r[0] = (0-t-c)&BN_MASK2;
- if (t != 0) c=1;
- if (++dl >= 0) break;
-
- t = b[1];
- r[1] = (0-t-c)&BN_MASK2;
- if (t != 0) c=1;
- if (++dl >= 0) break;
-
- t = b[2];
- r[2] = (0-t-c)&BN_MASK2;
- if (t != 0) c=1;
- if (++dl >= 0) break;
-
- t = b[3];
- r[3] = (0-t-c)&BN_MASK2;
- if (t != 0) c=1;
- if (++dl >= 0) break;
-
- b += 4;
- r += 4;
- }
- }
- else
- {
- int save_dl = dl;
-#ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c);
-#endif
- while(c)
- {
- t = a[0];
- r[0] = (t-c)&BN_MASK2;
- if (t != 0) c=0;
- if (--dl <= 0) break;
-
- t = a[1];
- r[1] = (t-c)&BN_MASK2;
- if (t != 0) c=0;
- if (--dl <= 0) break;
-
- t = a[2];
- r[2] = (t-c)&BN_MASK2;
- if (t != 0) c=0;
- if (--dl <= 0) break;
-
- t = a[3];
- r[3] = (t-c)&BN_MASK2;
- if (t != 0) c=0;
- if (--dl <= 0) break;
-
- save_dl = dl;
- a += 4;
- r += 4;
- }
- if (dl > 0)
- {
-#ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
-#endif
- if (save_dl > dl)
- {
- switch (save_dl - dl)
- {
- case 1:
- r[1] = a[1];
- if (--dl <= 0) break;
- case 2:
- r[2] = a[2];
- if (--dl <= 0) break;
- case 3:
- r[3] = a[3];
- if (--dl <= 0) break;
- }
- a += 4;
- r += 4;
- }
- }
- if (dl > 0)
- {
-#ifdef BN_COUNT
- fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl);
-#endif
- for(;;)
- {
- r[0] = a[0];
- if (--dl <= 0) break;
- r[1] = a[1];
- if (--dl <= 0) break;
- r[2] = a[2];
- if (--dl <= 0) break;
- r[3] = a[3];
- if (--dl <= 0) break;
-
- a += 4;
- r += 4;
- }
- }
- }
- return c;
- }
-#endif
-
-BN_ULONG bn_add_part_words(BN_ULONG *r,
- const BN_ULONG *a, const BN_ULONG *b,
- int cl, int dl)
- {
- BN_ULONG c, l, t;
-
- assert(cl >= 0);
- c = bn_add_words(r, a, b, cl);
-
- if (dl == 0)
- return c;
-
- r += cl;
- a += cl;
- b += cl;
-
- if (dl < 0)
- {
- int save_dl = dl;
-#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
-#endif
- while (c)
- {
- l=(c+b[0])&BN_MASK2;
- c=(l < c);
- r[0]=l;
- if (++dl >= 0) break;
-
- l=(c+b[1])&BN_MASK2;
- c=(l < c);
- r[1]=l;
- if (++dl >= 0) break;
-
- l=(c+b[2])&BN_MASK2;
- c=(l < c);
- r[2]=l;
- if (++dl >= 0) break;
-
- l=(c+b[3])&BN_MASK2;
- c=(l < c);
- r[3]=l;
- if (++dl >= 0) break;
-
- save_dl = dl;
- b+=4;
- r+=4;
- }
- if (dl < 0)
- {
-#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl);
-#endif
- if (save_dl < dl)
- {
- switch (dl - save_dl)
- {
- case 1:
- r[1] = b[1];
- if (++dl >= 0) break;
- case 2:
- r[2] = b[2];
- if (++dl >= 0) break;
- case 3:
- r[3] = b[3];
- if (++dl >= 0) break;
- }
- b += 4;
- r += 4;
- }
- }
- if (dl < 0)
- {
-#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl);
-#endif
- for(;;)
- {
- r[0] = b[0];
- if (++dl >= 0) break;
- r[1] = b[1];
- if (++dl >= 0) break;
- r[2] = b[2];
- if (++dl >= 0) break;
- r[3] = b[3];
- if (++dl >= 0) break;
-
- b += 4;
- r += 4;
- }
- }
- }
- else
- {
- int save_dl = dl;
-#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
-#endif
- while (c)
- {
- t=(a[0]+c)&BN_MASK2;
- c=(t < c);
- r[0]=t;
- if (--dl <= 0) break;
-
- t=(a[1]+c)&BN_MASK2;
- c=(t < c);
- r[1]=t;
- if (--dl <= 0) break;
-
- t=(a[2]+c)&BN_MASK2;
- c=(t < c);
- r[2]=t;
- if (--dl <= 0) break;
-
- t=(a[3]+c)&BN_MASK2;
- c=(t < c);
- r[3]=t;
- if (--dl <= 0) break;
-
- save_dl = dl;
- a+=4;
- r+=4;
- }
-#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
-#endif
- if (dl > 0)
- {
- if (save_dl > dl)
- {
- switch (save_dl - dl)
- {
- case 1:
- r[1] = a[1];
- if (--dl <= 0) break;
- case 2:
- r[2] = a[2];
- if (--dl <= 0) break;
- case 3:
- r[3] = a[3];
- if (--dl <= 0) break;
- }
- a += 4;
- r += 4;
- }
- }
- if (dl > 0)
- {
-#ifdef BN_COUNT
- fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl);
-#endif
- for(;;)
- {
- r[0] = a[0];
- if (--dl <= 0) break;
- r[1] = a[1];
- if (--dl <= 0) break;
- r[2] = a[2];
- if (--dl <= 0) break;
- r[3] = a[3];
- if (--dl <= 0) break;
-
- a += 4;
- r += 4;
- }
- }
- }
- return c;
- }
-
-#ifdef BN_RECURSION
-/* Karatsuba recursive multiplication algorithm
- * (cf. Knuth, The Art of Computer Programming, Vol. 2) */
-
-/* r is 2*n2 words in size,
- * a and b are both n2 words in size.
- * n2 must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n2 words in size
- * We calculate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-/* dnX may not be positive, but n2/2+dnX has to be */
-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
- int dna, int dnb, BN_ULONG *t)
- {
- int n=n2/2,c1,c2;
- int tna=n+dna, tnb=n+dnb;
- unsigned int neg,zero;
- BN_ULONG ln,lo,*p;
-
-# ifdef BN_COUNT
- fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
-# endif
-# ifdef BN_MUL_COMBA
-# if 0
- if (n2 == 4)
- {
- bn_mul_comba4(r,a,b);
- return;
- }
-# endif
- /* Only call bn_mul_comba 8 if n2 == 8 and the
- * two arrays are complete [steve]
- */
- if (n2 == 8 && dna == 0 && dnb == 0)
- {
- bn_mul_comba8(r,a,b);
- return;
- }
-# endif /* BN_MUL_COMBA */
- /* Else do normal multiply */
- if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
- {
- bn_mul_normal(r,a,n2+dna,b,n2+dnb);
- if ((dna + dnb) < 0)
- memset(&r[2*n2 + dna + dnb], 0,
- sizeof(BN_ULONG) * -(dna + dnb));
- return;
- }
- /* r=(a[0]-a[1])*(b[1]-b[0]) */
- c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
- c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
- zero=neg=0;
- switch (c1*3+c2)
- {
- case -4:
- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
- break;
- case -3:
- zero=1;
- break;
- case -2:
- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */
- neg=1;
- break;
- case -1:
- case 0:
- case 1:
- zero=1;
- break;
- case 2:
- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
- neg=1;
- break;
- case 3:
- zero=1;
- break;
- case 4:
- bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n);
- break;
- }
-
-# ifdef BN_MUL_COMBA
- if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take
- extra args to do this well */
- {
- if (!zero)
- bn_mul_comba4(&(t[n2]),t,&(t[n]));
- else
- memset(&(t[n2]),0,8*sizeof(BN_ULONG));
-
- bn_mul_comba4(r,a,b);
- bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
- }
- else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could
- take extra args to do this
- well */
- {
- if (!zero)
- bn_mul_comba8(&(t[n2]),t,&(t[n]));
- else
- memset(&(t[n2]),0,16*sizeof(BN_ULONG));
-
- bn_mul_comba8(r,a,b);
- bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
- }
- else
-# endif /* BN_MUL_COMBA */
- {
- p= &(t[n2*2]);
- if (!zero)
- bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
- else
- memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
- bn_mul_recursive(r,a,b,n,0,0,p);
- bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p);
- }
-
- /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
- * r[10] holds (a[0]*b[0])
- * r[32] holds (b[1]*b[1])
- */
-
- c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-
- if (neg) /* if t[32] is negative */
- {
- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
- }
- else
- {
- /* Might have a carry */
- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
- }
-
- /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
- * r[10] holds (a[0]*b[0])
- * r[32] holds (b[1]*b[1])
- * c1 holds the carry bits
- */
- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
- if (c1)
- {
- p= &(r[n+n2]);
- lo= *p;
- ln=(lo+c1)&BN_MASK2;
- *p=ln;
-
- /* The overflow will stop before we over write
- * words we should not overwrite */
- if (ln < (BN_ULONG)c1)
- {
- do {
- p++;
- lo= *p;
- ln=(lo+1)&BN_MASK2;
- *p=ln;
- } while (ln == 0);
- }
- }
- }
-
-/* n+tn is the word length
- * t needs to be n*4 is size, as does r */
-/* tnX may not be negative but less than n */
-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
- int tna, int tnb, BN_ULONG *t)
- {
- int i,j,n2=n*2;
- int c1,c2,neg;
- BN_ULONG ln,lo,*p;
-
-# ifdef BN_COUNT
- fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
- n, tna, n, tnb);
-# endif
- if (n < 8)
- {
- bn_mul_normal(r,a,n+tna,b,n+tnb);
- return;
- }
-
- /* r=(a[0]-a[1])*(b[1]-b[0]) */
- c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
- c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
- neg=0;
- switch (c1*3+c2)
- {
- case -4:
- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
- break;
- case -3:
- /* break; */
- case -2:
- bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */
- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */
- neg=1;
- break;
- case -1:
- case 0:
- case 1:
- /* break; */
- case 2:
- bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */
- bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */
- neg=1;
- break;
- case 3:
- /* break; */
- case 4:
- bn_sub_part_words(t, a, &(a[n]),tna,n-tna);
- bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n);
- break;
- }
- /* The zero case isn't yet implemented here. The speedup
- would probably be negligible. */
-# if 0
- if (n == 4)
- {
- bn_mul_comba4(&(t[n2]),t,&(t[n]));
- bn_mul_comba4(r,a,b);
- bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
- memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
- }
- else
-# endif
- if (n == 8)
- {
- bn_mul_comba8(&(t[n2]),t,&(t[n]));
- bn_mul_comba8(r,a,b);
- bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
- memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb));
- }
- else
- {
- p= &(t[n2*2]);
- bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
- bn_mul_recursive(r,a,b,n,0,0,p);
- i=n/2;
- /* If there is only a bottom half to the number,
- * just do it */
- if (tna > tnb)
- j = tna - i;
- else
- j = tnb - i;
- if (j == 0)
- {
- bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),
- i,tna-i,tnb-i,p);
- memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
- }
- else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
- {
- bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
- i,tna-i,tnb-i,p);
- memset(&(r[n2+tna+tnb]),0,
- sizeof(BN_ULONG)*(n2-tna-tnb));
- }
- else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
- {
- memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
- if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
- && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL)
- {
- bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
- }
- else
- {
- for (;;)
- {
- i/=2;
- /* these simplified conditions work
- * exclusively because difference
- * between tna and tnb is 1 or 0 */
- if (i < tna || i < tnb)
- {
- bn_mul_part_recursive(&(r[n2]),
- &(a[n]),&(b[n]),
- i,tna-i,tnb-i,p);
- break;
- }
- else if (i == tna || i == tnb)
- {
- bn_mul_recursive(&(r[n2]),
- &(a[n]),&(b[n]),
- i,tna-i,tnb-i,p);
- break;
- }
- }
- }
- }
- }
-
- /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
- * r[10] holds (a[0]*b[0])
- * r[32] holds (b[1]*b[1])
- */
-
- c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-
- if (neg) /* if t[32] is negative */
- {
- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
- }
- else
- {
- /* Might have a carry */
- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
- }
-
- /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
- * r[10] holds (a[0]*b[0])
- * r[32] holds (b[1]*b[1])
- * c1 holds the carry bits
- */
- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
- if (c1)
- {
- p= &(r[n+n2]);
- lo= *p;
- ln=(lo+c1)&BN_MASK2;
- *p=ln;
-
- /* The overflow will stop before we over write
- * words we should not overwrite */
- if (ln < (BN_ULONG)c1)
- {
- do {
- p++;
- lo= *p;
- ln=(lo+1)&BN_MASK2;
- *p=ln;
- } while (ln == 0);
- }
- }
- }
-
-/* a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- */
-void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
- BN_ULONG *t)
- {
- int n=n2/2;
-
-# ifdef BN_COUNT
- fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2);
-# endif
-
- bn_mul_recursive(r,a,b,n,0,0,&(t[0]));
- if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
- {
- bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
- bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
- }
- else
- {
- bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
- bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
- bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
- bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
- }
- }
-
-/* a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- * l is the low words of the output.
- * t needs to be n2*3
- */
-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
- BN_ULONG *t)
- {
- int i,n;
- int c1,c2;
- int neg,oneg,zero;
- BN_ULONG ll,lc,*lp,*mp;
-
-# ifdef BN_COUNT
- fprintf(stderr," bn_mul_high %d * %d\n",n2,n2);
-# endif
- n=n2/2;
-
- /* Calculate (al-ah)*(bh-bl) */
- neg=zero=0;
- c1=bn_cmp_words(&(a[0]),&(a[n]),n);
- c2=bn_cmp_words(&(b[n]),&(b[0]),n);
- switch (c1*3+c2)
- {
- case -4:
- bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
- bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
- break;
- case -3:
- zero=1;
- break;
- case -2:
- bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
- bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
- neg=1;
- break;
- case -1:
- case 0:
- case 1:
- zero=1;
- break;
- case 2:
- bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
- bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
- neg=1;
- break;
- case 3:
- zero=1;
- break;
- case 4:
- bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
- bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
- break;
- }
-
- oneg=neg;
- /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
- /* r[10] = (a[1]*b[1]) */
-# ifdef BN_MUL_COMBA
- if (n == 8)
- {
- bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
- bn_mul_comba8(r,&(a[n]),&(b[n]));
- }
- else
-# endif
- {
- bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2]));
- bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2]));
- }
-
- /* s0 == low(al*bl)
- * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
- * We know s0 and s1 so the only unknown is high(al*bl)
- * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
- * high(al*bl) == s1 - (r[0]+l[0]+t[0])
- */
- if (l != NULL)
- {
- lp= &(t[n2+n]);
- c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
- }
- else
- {
- c1=0;
- lp= &(r[0]);
- }
-
- if (neg)
- neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
- else
- {
- bn_add_words(&(t[n2]),lp,&(t[0]),n);
- neg=0;
- }
-
- if (l != NULL)
- {
- bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
- }
- else
- {
- lp= &(t[n2+n]);
- mp= &(t[n2]);
- for (i=0; i<n; i++)
- lp[i]=((~mp[i])+1)&BN_MASK2;
- }
-
- /* s[0] = low(al*bl)
- * t[3] = high(al*bl)
- * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
- * r[10] = (a[1]*b[1])
- */
- /* R[10] = al*bl
- * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
- * R[32] = ah*bh
- */
- /* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
- * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
- * R[3]=r[1]+(carry/borrow)
- */
- if (l != NULL)
- {
- lp= &(t[n2]);
- c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
- }
- else
- {
- lp= &(t[n2+n]);
- c1=0;
- }
- c1+=(int)(bn_add_words(&(t[n2]),lp, &(r[0]),n));
- if (oneg)
- c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));
- else
- c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));
-
- c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));
- c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));
- if (oneg)
- c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));
- else
- c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));
-
- if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
- {
- i=0;
- if (c1 > 0)
- {
- lc=c1;
- do {
- ll=(r[i]+lc)&BN_MASK2;
- r[i++]=ll;
- lc=(lc > ll);
- } while (lc);
- }
- else
- {
- lc= -c1;
- do {
- ll=r[i];
- r[i++]=(ll-lc)&BN_MASK2;
- lc=(lc > ll);
- } while (lc);
- }
- }
- if (c2 != 0) /* Add starting at r[1] */
- {
- i=n;
- if (c2 > 0)
- {
- lc=c2;
- do {
- ll=(r[i]+lc)&BN_MASK2;
- r[i++]=ll;
- lc=(lc > ll);
- } while (lc);
- }
- else
- {
- lc= -c2;
- do {
- ll=r[i];
- r[i++]=(ll-lc)&BN_MASK2;
- lc=(lc > ll);
- } while (lc);
- }
- }
- }
-#endif /* BN_RECURSION */
-
-int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- int ret=0;
- int top,al,bl;
- BIGNUM *rr;
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
- int i;
-#endif
-#ifdef BN_RECURSION
- BIGNUM *t=NULL;
- int j=0,k;
-#endif
-
-#ifdef BN_COUNT
- fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top);
-#endif
-
- bn_check_top(a);
- bn_check_top(b);
- bn_check_top(r);
-
- al=a->top;
- bl=b->top;
-
- if ((al == 0) || (bl == 0))
- {
- BN_zero(r);
- return(1);
- }
- top=al+bl;
-
- BN_CTX_start(ctx);
- if ((r == a) || (r == b))
- {
- if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
- }
- else
- rr = r;
- rr->neg=a->neg^b->neg;
-
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
- i = al-bl;
-#endif
-#ifdef BN_MUL_COMBA
- if (i == 0)
- {
-# if 0
- if (al == 4)
- {
- if (bn_wexpand(rr,8) == NULL) goto err;
- rr->top=8;
- bn_mul_comba4(rr->d,a->d,b->d);
- goto end;
- }
-# endif
- if (al == 8)
- {
- if (bn_wexpand(rr,16) == NULL) goto err;
- rr->top=16;
- bn_mul_comba8(rr->d,a->d,b->d);
- goto end;
- }
- }
-#endif /* BN_MUL_COMBA */
-#ifdef BN_RECURSION
- if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
- {
- if (i >= -1 && i <= 1)
- {
- /* Find out the power of two lower or equal
- to the longest of the two numbers */
- if (i >= 0)
- {
- j = BN_num_bits_word((BN_ULONG)al);
- }
- if (i == -1)
- {
- j = BN_num_bits_word((BN_ULONG)bl);
- }
- j = 1<<(j-1);
- assert(j <= al || j <= bl);
- k = j+j;
- t = BN_CTX_get(ctx);
- if (t == NULL)
- goto err;
- if (al > j || bl > j)
- {
- if (bn_wexpand(t,k*4) == NULL) goto err;
- if (bn_wexpand(rr,k*4) == NULL) goto err;
- bn_mul_part_recursive(rr->d,a->d,b->d,
- j,al-j,bl-j,t->d);
- }
- else /* al <= j || bl <= j */
- {
- if (bn_wexpand(t,k*2) == NULL) goto err;
- if (bn_wexpand(rr,k*2) == NULL) goto err;
- bn_mul_recursive(rr->d,a->d,b->d,
- j,al-j,bl-j,t->d);
- }
- rr->top=top;
- goto end;
- }
-#if 0
- if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
- {
- BIGNUM *tmp_bn = (BIGNUM *)b;
- if (bn_wexpand(tmp_bn,al) == NULL) goto err;
- tmp_bn->d[bl]=0;
- bl++;
- i--;
- }
- else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
- {
- BIGNUM *tmp_bn = (BIGNUM *)a;
- if (bn_wexpand(tmp_bn,bl) == NULL) goto err;
- tmp_bn->d[al]=0;
- al++;
- i++;
- }
- if (i == 0)
- {
- /* symmetric and > 4 */
- /* 16 or larger */
- j=BN_num_bits_word((BN_ULONG)al);
- j=1<<(j-1);
- k=j+j;
- t = BN_CTX_get(ctx);
- if (al == j) /* exact multiple */
- {
- if (bn_wexpand(t,k*2) == NULL) goto err;
- if (bn_wexpand(rr,k*2) == NULL) goto err;
- bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
- }
- else
- {
- if (bn_wexpand(t,k*4) == NULL) goto err;
- if (bn_wexpand(rr,k*4) == NULL) goto err;
- bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
- }
- rr->top=top;
- goto end;
- }
-#endif
- }
-#endif /* BN_RECURSION */
- if (bn_wexpand(rr,top) == NULL) goto err;
- rr->top=top;
- bn_mul_normal(rr->d,a->d,al,b->d,bl);
-
-#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-end:
-#endif
- bn_correct_top(rr);
- if (r != rr) BN_copy(r,rr);
- ret=1;
-err:
- bn_check_top(r);
- BN_CTX_end(ctx);
- return(ret);
- }
-
-void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
- {
- BN_ULONG *rr;
-
-#ifdef BN_COUNT
- fprintf(stderr," bn_mul_normal %d * %d\n",na,nb);
-#endif
-
- if (na < nb)
- {
- int itmp;
- BN_ULONG *ltmp;
-
- itmp=na; na=nb; nb=itmp;
- ltmp=a; a=b; b=ltmp;
-
- }
- rr= &(r[na]);
- if (nb <= 0)
- {
- (void)bn_mul_words(r,a,na,0);
- return;
- }
- else
- rr[0]=bn_mul_words(r,a,na,b[0]);
-
- for (;;)
- {
- if (--nb <= 0) return;
- rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
- if (--nb <= 0) return;
- rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
- if (--nb <= 0) return;
- rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
- if (--nb <= 0) return;
- rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
- rr+=4;
- r+=4;
- b+=4;
- }
- }
-
-void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
- {
-#ifdef BN_COUNT
- fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n);
-#endif
- bn_mul_words(r,a,n,b[0]);
-
- for (;;)
- {
- if (--n <= 0) return;
- bn_mul_add_words(&(r[1]),a,n,b[1]);
- if (--n <= 0) return;
- bn_mul_add_words(&(r[2]),a,n,b[2]);
- if (--n <= 0) return;
- bn_mul_add_words(&(r[3]),a,n,b[3]);
- if (--n <= 0) return;
- bn_mul_add_words(&(r[4]),a,n,b[4]);
- r+=4;
- b+=4;
- }
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mul.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_mul.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mul.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_mul.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1164 @@
+/* crypto/bn/bn_mul.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <stdio.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
+/*
+ * Here follows specialised variants of bn_add_words() and bn_sub_words().
+ * They have the property performing operations on arrays of different sizes.
+ * The sizes of those arrays is expressed through cl, which is the common
+ * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta
+ * between the two lengths, calculated as len(a)-len(b). All lengths are the
+ * number of BN_ULONGs... For the operations that require a result array as
+ * parameter, it must have the length cl+abs(dl). These functions should
+ * probably end up in bn_asm.c as soon as there are assembler counterparts
+ * for the systems that use assembler files.
+ */
+
+BN_ULONG bn_sub_part_words(BN_ULONG *r,
+ const BN_ULONG *a, const BN_ULONG *b,
+ int cl, int dl)
+{
+ BN_ULONG c, t;
+
+ assert(cl >= 0);
+ c = bn_sub_words(r, a, b, cl);
+
+ if (dl == 0)
+ return c;
+
+ r += cl;
+ a += cl;
+ b += cl;
+
+ if (dl < 0) {
+# ifdef BN_COUNT
+ fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl,
+ dl, c);
+# endif
+ for (;;) {
+ t = b[0];
+ r[0] = (0 - t - c) & BN_MASK2;
+ if (t != 0)
+ c = 1;
+ if (++dl >= 0)
+ break;
+
+ t = b[1];
+ r[1] = (0 - t - c) & BN_MASK2;
+ if (t != 0)
+ c = 1;
+ if (++dl >= 0)
+ break;
+
+ t = b[2];
+ r[2] = (0 - t - c) & BN_MASK2;
+ if (t != 0)
+ c = 1;
+ if (++dl >= 0)
+ break;
+
+ t = b[3];
+ r[3] = (0 - t - c) & BN_MASK2;
+ if (t != 0)
+ c = 1;
+ if (++dl >= 0)
+ break;
+
+ b += 4;
+ r += 4;
+ }
+ } else {
+ int save_dl = dl;
+# ifdef BN_COUNT
+ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl,
+ dl, c);
+# endif
+ while (c) {
+ t = a[0];
+ r[0] = (t - c) & BN_MASK2;
+ if (t != 0)
+ c = 0;
+ if (--dl <= 0)
+ break;
+
+ t = a[1];
+ r[1] = (t - c) & BN_MASK2;
+ if (t != 0)
+ c = 0;
+ if (--dl <= 0)
+ break;
+
+ t = a[2];
+ r[2] = (t - c) & BN_MASK2;
+ if (t != 0)
+ c = 0;
+ if (--dl <= 0)
+ break;
+
+ t = a[3];
+ r[3] = (t - c) & BN_MASK2;
+ if (t != 0)
+ c = 0;
+ if (--dl <= 0)
+ break;
+
+ save_dl = dl;
+ a += 4;
+ r += 4;
+ }
+ if (dl > 0) {
+# ifdef BN_COUNT
+ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n",
+ cl, dl);
+# endif
+ if (save_dl > dl) {
+ switch (save_dl - dl) {
+ case 1:
+ r[1] = a[1];
+ if (--dl <= 0)
+ break;
+ case 2:
+ r[2] = a[2];
+ if (--dl <= 0)
+ break;
+ case 3:
+ r[3] = a[3];
+ if (--dl <= 0)
+ break;
+ }
+ a += 4;
+ r += 4;
+ }
+ }
+ if (dl > 0) {
+# ifdef BN_COUNT
+ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n",
+ cl, dl);
+# endif
+ for (;;) {
+ r[0] = a[0];
+ if (--dl <= 0)
+ break;
+ r[1] = a[1];
+ if (--dl <= 0)
+ break;
+ r[2] = a[2];
+ if (--dl <= 0)
+ break;
+ r[3] = a[3];
+ if (--dl <= 0)
+ break;
+
+ a += 4;
+ r += 4;
+ }
+ }
+ }
+ return c;
+}
+#endif
+
+BN_ULONG bn_add_part_words(BN_ULONG *r,
+ const BN_ULONG *a, const BN_ULONG *b,
+ int cl, int dl)
+{
+ BN_ULONG c, l, t;
+
+ assert(cl >= 0);
+ c = bn_add_words(r, a, b, cl);
+
+ if (dl == 0)
+ return c;
+
+ r += cl;
+ a += cl;
+ b += cl;
+
+ if (dl < 0) {
+ int save_dl = dl;
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl,
+ dl, c);
+#endif
+ while (c) {
+ l = (c + b[0]) & BN_MASK2;
+ c = (l < c);
+ r[0] = l;
+ if (++dl >= 0)
+ break;
+
+ l = (c + b[1]) & BN_MASK2;
+ c = (l < c);
+ r[1] = l;
+ if (++dl >= 0)
+ break;
+
+ l = (c + b[2]) & BN_MASK2;
+ c = (l < c);
+ r[2] = l;
+ if (++dl >= 0)
+ break;
+
+ l = (c + b[3]) & BN_MASK2;
+ c = (l < c);
+ r[3] = l;
+ if (++dl >= 0)
+ break;
+
+ save_dl = dl;
+ b += 4;
+ r += 4;
+ }
+ if (dl < 0) {
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n",
+ cl, dl);
+#endif
+ if (save_dl < dl) {
+ switch (dl - save_dl) {
+ case 1:
+ r[1] = b[1];
+ if (++dl >= 0)
+ break;
+ case 2:
+ r[2] = b[2];
+ if (++dl >= 0)
+ break;
+ case 3:
+ r[3] = b[3];
+ if (++dl >= 0)
+ break;
+ }
+ b += 4;
+ r += 4;
+ }
+ }
+ if (dl < 0) {
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n",
+ cl, dl);
+#endif
+ for (;;) {
+ r[0] = b[0];
+ if (++dl >= 0)
+ break;
+ r[1] = b[1];
+ if (++dl >= 0)
+ break;
+ r[2] = b[2];
+ if (++dl >= 0)
+ break;
+ r[3] = b[3];
+ if (++dl >= 0)
+ break;
+
+ b += 4;
+ r += 4;
+ }
+ }
+ } else {
+ int save_dl = dl;
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
+#endif
+ while (c) {
+ t = (a[0] + c) & BN_MASK2;
+ c = (t < c);
+ r[0] = t;
+ if (--dl <= 0)
+ break;
+
+ t = (a[1] + c) & BN_MASK2;
+ c = (t < c);
+ r[1] = t;
+ if (--dl <= 0)
+ break;
+
+ t = (a[2] + c) & BN_MASK2;
+ c = (t < c);
+ r[2] = t;
+ if (--dl <= 0)
+ break;
+
+ t = (a[3] + c) & BN_MASK2;
+ c = (t < c);
+ r[3] = t;
+ if (--dl <= 0)
+ break;
+
+ save_dl = dl;
+ a += 4;
+ r += 4;
+ }
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl,
+ dl);
+#endif
+ if (dl > 0) {
+ if (save_dl > dl) {
+ switch (save_dl - dl) {
+ case 1:
+ r[1] = a[1];
+ if (--dl <= 0)
+ break;
+ case 2:
+ r[2] = a[2];
+ if (--dl <= 0)
+ break;
+ case 3:
+ r[3] = a[3];
+ if (--dl <= 0)
+ break;
+ }
+ a += 4;
+ r += 4;
+ }
+ }
+ if (dl > 0) {
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n",
+ cl, dl);
+#endif
+ for (;;) {
+ r[0] = a[0];
+ if (--dl <= 0)
+ break;
+ r[1] = a[1];
+ if (--dl <= 0)
+ break;
+ r[2] = a[2];
+ if (--dl <= 0)
+ break;
+ r[3] = a[3];
+ if (--dl <= 0)
+ break;
+
+ a += 4;
+ r += 4;
+ }
+ }
+ }
+ return c;
+}
+
+#ifdef BN_RECURSION
+/*
+ * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of
+ * Computer Programming, Vol. 2)
+ */
+
+/*-
+ * r is 2*n2 words in size,
+ * a and b are both n2 words in size.
+ * n2 must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n2 words in size
+ * We calculate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+/* dnX may not be positive, but n2/2+dnX has to be */
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ int dna, int dnb, BN_ULONG *t)
+{
+ int n = n2 / 2, c1, c2;
+ int tna = n + dna, tnb = n + dnb;
+ unsigned int neg, zero;
+ BN_ULONG ln, lo, *p;
+
+# ifdef BN_COUNT
+ fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n", n2, dna, n2, dnb);
+# endif
+# ifdef BN_MUL_COMBA
+# if 0
+ if (n2 == 4) {
+ bn_mul_comba4(r, a, b);
+ return;
+ }
+# endif
+ /*
+ * Only call bn_mul_comba 8 if n2 == 8 and the two arrays are complete
+ * [steve]
+ */
+ if (n2 == 8 && dna == 0 && dnb == 0) {
+ bn_mul_comba8(r, a, b);
+ return;
+ }
+# endif /* BN_MUL_COMBA */
+ /* Else do normal multiply */
+ if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+ bn_mul_normal(r, a, n2 + dna, b, n2 + dnb);
+ if ((dna + dnb) < 0)
+ memset(&r[2 * n2 + dna + dnb], 0,
+ sizeof(BN_ULONG) * -(dna + dnb));
+ return;
+ }
+ /* r=(a[0]-a[1])*(b[1]-b[0]) */
+ c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+ c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
+ zero = neg = 0;
+ switch (c1 * 3 + c2) {
+ case -4:
+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+ break;
+ case -3:
+ zero = 1;
+ break;
+ case -2:
+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+ neg = 1;
+ break;
+ case -1:
+ case 0:
+ case 1:
+ zero = 1;
+ break;
+ case 2:
+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+ neg = 1;
+ break;
+ case 3:
+ zero = 1;
+ break;
+ case 4:
+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
+ break;
+ }
+
+# ifdef BN_MUL_COMBA
+ if (n == 4 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba4 could take
+ * extra args to do this well */
+ if (!zero)
+ bn_mul_comba4(&(t[n2]), t, &(t[n]));
+ else
+ memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG));
+
+ bn_mul_comba4(r, a, b);
+ bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n]));
+ } else if (n == 8 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba8 could
+ * take extra args to do
+ * this well */
+ if (!zero)
+ bn_mul_comba8(&(t[n2]), t, &(t[n]));
+ else
+ memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG));
+
+ bn_mul_comba8(r, a, b);
+ bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n]));
+ } else
+# endif /* BN_MUL_COMBA */
+ {
+ p = &(t[n2 * 2]);
+ if (!zero)
+ bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
+ else
+ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
+ bn_mul_recursive(r, a, b, n, 0, 0, p);
+ bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p);
+ }
+
+ /*-
+ * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+ * r[10] holds (a[0]*b[0])
+ * r[32] holds (b[1]*b[1])
+ */
+
+ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+ if (neg) { /* if t[32] is negative */
+ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+ } else {
+ /* Might have a carry */
+ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+ }
+
+ /*-
+ * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+ * r[10] holds (a[0]*b[0])
+ * r[32] holds (b[1]*b[1])
+ * c1 holds the carry bits
+ */
+ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+ if (c1) {
+ p = &(r[n + n2]);
+ lo = *p;
+ ln = (lo + c1) & BN_MASK2;
+ *p = ln;
+
+ /*
+ * The overflow will stop before we over write words we should not
+ * overwrite
+ */
+ if (ln < (BN_ULONG)c1) {
+ do {
+ p++;
+ lo = *p;
+ ln = (lo + 1) & BN_MASK2;
+ *p = ln;
+ } while (ln == 0);
+ }
+ }
+}
+
+/*
+ * n+tn is the word length t needs to be n*4 is size, as does r
+ */
+/* tnX may not be negative but less than n */
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
+ int tna, int tnb, BN_ULONG *t)
+{
+ int i, j, n2 = n * 2;
+ int c1, c2, neg;
+ BN_ULONG ln, lo, *p;
+
+# ifdef BN_COUNT
+ fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
+ n, tna, n, tnb);
+# endif
+ if (n < 8) {
+ bn_mul_normal(r, a, n + tna, b, n + tnb);
+ return;
+ }
+
+ /* r=(a[0]-a[1])*(b[1]-b[0]) */
+ c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+ c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
+ neg = 0;
+ switch (c1 * 3 + c2) {
+ case -4:
+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+ break;
+ case -3:
+ /* break; */
+ case -2:
+ bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+ neg = 1;
+ break;
+ case -1:
+ case 0:
+ case 1:
+ /* break; */
+ case 2:
+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+ bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+ neg = 1;
+ break;
+ case 3:
+ /* break; */
+ case 4:
+ bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+ bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
+ break;
+ }
+ /*
+ * The zero case isn't yet implemented here. The speedup would probably
+ * be negligible.
+ */
+# if 0
+ if (n == 4) {
+ bn_mul_comba4(&(t[n2]), t, &(t[n]));
+ bn_mul_comba4(r, a, b);
+ bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn);
+ memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2));
+ } else
+# endif
+ if (n == 8) {
+ bn_mul_comba8(&(t[n2]), t, &(t[n]));
+ bn_mul_comba8(r, a, b);
+ bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
+ memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb));
+ } else {
+ p = &(t[n2 * 2]);
+ bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
+ bn_mul_recursive(r, a, b, n, 0, 0, p);
+ i = n / 2;
+ /*
+ * If there is only a bottom half to the number, just do it
+ */
+ if (tna > tnb)
+ j = tna - i;
+ else
+ j = tnb - i;
+ if (j == 0) {
+ bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]),
+ i, tna - i, tnb - i, p);
+ memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2));
+ } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */
+ bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]),
+ i, tna - i, tnb - i, p);
+ memset(&(r[n2 + tna + tnb]), 0,
+ sizeof(BN_ULONG) * (n2 - tna - tnb));
+ } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
+
+ memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2);
+ if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
+ && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+ bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
+ } else {
+ for (;;) {
+ i /= 2;
+ /*
+ * these simplified conditions work exclusively because
+ * difference between tna and tnb is 1 or 0
+ */
+ if (i < tna || i < tnb) {
+ bn_mul_part_recursive(&(r[n2]),
+ &(a[n]), &(b[n]),
+ i, tna - i, tnb - i, p);
+ break;
+ } else if (i == tna || i == tnb) {
+ bn_mul_recursive(&(r[n2]),
+ &(a[n]), &(b[n]),
+ i, tna - i, tnb - i, p);
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ /*-
+ * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+ * r[10] holds (a[0]*b[0])
+ * r[32] holds (b[1]*b[1])
+ */
+
+ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+ if (neg) { /* if t[32] is negative */
+ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+ } else {
+ /* Might have a carry */
+ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+ }
+
+ /*-
+ * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+ * r[10] holds (a[0]*b[0])
+ * r[32] holds (b[1]*b[1])
+ * c1 holds the carry bits
+ */
+ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+ if (c1) {
+ p = &(r[n + n2]);
+ lo = *p;
+ ln = (lo + c1) & BN_MASK2;
+ *p = ln;
+
+ /*
+ * The overflow will stop before we over write words we should not
+ * overwrite
+ */
+ if (ln < (BN_ULONG)c1) {
+ do {
+ p++;
+ lo = *p;
+ ln = (lo + 1) & BN_MASK2;
+ *p = ln;
+ } while (ln == 0);
+ }
+ }
+}
+
+/*-
+ * a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ */
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ BN_ULONG *t)
+{
+ int n = n2 / 2;
+
+# ifdef BN_COUNT
+ fprintf(stderr, " bn_mul_low_recursive %d * %d\n", n2, n2);
+# endif
+
+ bn_mul_recursive(r, a, b, n, 0, 0, &(t[0]));
+ if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) {
+ bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2]));
+ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+ bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2]));
+ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+ } else {
+ bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n);
+ bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n);
+ bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+ bn_add_words(&(r[n]), &(r[n]), &(t[n]), n);
+ }
+}
+
+/*-
+ * a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ * l is the low words of the output.
+ * t needs to be n2*3
+ */
+void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+ BN_ULONG *t)
+{
+ int i, n;
+ int c1, c2;
+ int neg, oneg, zero;
+ BN_ULONG ll, lc, *lp, *mp;
+
+# ifdef BN_COUNT
+ fprintf(stderr, " bn_mul_high %d * %d\n", n2, n2);
+# endif
+ n = n2 / 2;
+
+ /* Calculate (al-ah)*(bh-bl) */
+ neg = zero = 0;
+ c1 = bn_cmp_words(&(a[0]), &(a[n]), n);
+ c2 = bn_cmp_words(&(b[n]), &(b[0]), n);
+ switch (c1 * 3 + c2) {
+ case -4:
+ bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
+ bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
+ break;
+ case -3:
+ zero = 1;
+ break;
+ case -2:
+ bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
+ bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
+ neg = 1;
+ break;
+ case -1:
+ case 0:
+ case 1:
+ zero = 1;
+ break;
+ case 2:
+ bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
+ bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
+ neg = 1;
+ break;
+ case 3:
+ zero = 1;
+ break;
+ case 4:
+ bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
+ bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
+ break;
+ }
+
+ oneg = neg;
+ /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
+ /* r[10] = (a[1]*b[1]) */
+# ifdef BN_MUL_COMBA
+ if (n == 8) {
+ bn_mul_comba8(&(t[0]), &(r[0]), &(r[n]));
+ bn_mul_comba8(r, &(a[n]), &(b[n]));
+ } else
+# endif
+ {
+ bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2]));
+ bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2]));
+ }
+
+ /*-
+ * s0 == low(al*bl)
+ * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+ * We know s0 and s1 so the only unknown is high(al*bl)
+ * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
+ * high(al*bl) == s1 - (r[0]+l[0]+t[0])
+ */
+ if (l != NULL) {
+ lp = &(t[n2 + n]);
+ c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n));
+ } else {
+ c1 = 0;
+ lp = &(r[0]);
+ }
+
+ if (neg)
+ neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n));
+ else {
+ bn_add_words(&(t[n2]), lp, &(t[0]), n);
+ neg = 0;
+ }
+
+ if (l != NULL) {
+ bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n);
+ } else {
+ lp = &(t[n2 + n]);
+ mp = &(t[n2]);
+ for (i = 0; i < n; i++)
+ lp[i] = ((~mp[i]) + 1) & BN_MASK2;
+ }
+
+ /*-
+ * s[0] = low(al*bl)
+ * t[3] = high(al*bl)
+ * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
+ * r[10] = (a[1]*b[1])
+ */
+ /*-
+ * R[10] = al*bl
+ * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
+ * R[32] = ah*bh
+ */
+ /*-
+ * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
+ * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
+ * R[3]=r[1]+(carry/borrow)
+ */
+ if (l != NULL) {
+ lp = &(t[n2]);
+ c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n));
+ } else {
+ lp = &(t[n2 + n]);
+ c1 = 0;
+ }
+ c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n));
+ if (oneg)
+ c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n));
+ else
+ c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n));
+
+ c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n));
+ c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n));
+ if (oneg)
+ c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n));
+ else
+ c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n));
+
+ if (c1 != 0) { /* Add starting at r[0], could be +ve or -ve */
+ i = 0;
+ if (c1 > 0) {
+ lc = c1;
+ do {
+ ll = (r[i] + lc) & BN_MASK2;
+ r[i++] = ll;
+ lc = (lc > ll);
+ } while (lc);
+ } else {
+ lc = -c1;
+ do {
+ ll = r[i];
+ r[i++] = (ll - lc) & BN_MASK2;
+ lc = (lc > ll);
+ } while (lc);
+ }
+ }
+ if (c2 != 0) { /* Add starting at r[1] */
+ i = n;
+ if (c2 > 0) {
+ lc = c2;
+ do {
+ ll = (r[i] + lc) & BN_MASK2;
+ r[i++] = ll;
+ lc = (lc > ll);
+ } while (lc);
+ } else {
+ lc = -c2;
+ do {
+ ll = r[i];
+ r[i++] = (ll - lc) & BN_MASK2;
+ lc = (lc > ll);
+ } while (lc);
+ }
+ }
+}
+#endif /* BN_RECURSION */
+
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+ int ret = 0;
+ int top, al, bl;
+ BIGNUM *rr;
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+ int i;
+#endif
+#ifdef BN_RECURSION
+ BIGNUM *t = NULL;
+ int j = 0, k;
+#endif
+
+#ifdef BN_COUNT
+ fprintf(stderr, "BN_mul %d * %d\n", a->top, b->top);
+#endif
+
+ bn_check_top(a);
+ bn_check_top(b);
+ bn_check_top(r);
+
+ al = a->top;
+ bl = b->top;
+
+ if ((al == 0) || (bl == 0)) {
+ BN_zero(r);
+ return (1);
+ }
+ top = al + bl;
+
+ BN_CTX_start(ctx);
+ if ((r == a) || (r == b)) {
+ if ((rr = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ } else
+ rr = r;
+ rr->neg = a->neg ^ b->neg;
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+ i = al - bl;
+#endif
+#ifdef BN_MUL_COMBA
+ if (i == 0) {
+# if 0
+ if (al == 4) {
+ if (bn_wexpand(rr, 8) == NULL)
+ goto err;
+ rr->top = 8;
+ bn_mul_comba4(rr->d, a->d, b->d);
+ goto end;
+ }
+# endif
+ if (al == 8) {
+ if (bn_wexpand(rr, 16) == NULL)
+ goto err;
+ rr->top = 16;
+ bn_mul_comba8(rr->d, a->d, b->d);
+ goto end;
+ }
+ }
+#endif /* BN_MUL_COMBA */
+#ifdef BN_RECURSION
+ if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) {
+ if (i >= -1 && i <= 1) {
+ /*
+ * Find out the power of two lower or equal to the longest of the
+ * two numbers
+ */
+ if (i >= 0) {
+ j = BN_num_bits_word((BN_ULONG)al);
+ }
+ if (i == -1) {
+ j = BN_num_bits_word((BN_ULONG)bl);
+ }
+ j = 1 << (j - 1);
+ assert(j <= al || j <= bl);
+ k = j + j;
+ t = BN_CTX_get(ctx);
+ if (t == NULL)
+ goto err;
+ if (al > j || bl > j) {
+ if (bn_wexpand(t, k * 4) == NULL)
+ goto err;
+ if (bn_wexpand(rr, k * 4) == NULL)
+ goto err;
+ bn_mul_part_recursive(rr->d, a->d, b->d,
+ j, al - j, bl - j, t->d);
+ } else { /* al <= j || bl <= j */
+
+ if (bn_wexpand(t, k * 2) == NULL)
+ goto err;
+ if (bn_wexpand(rr, k * 2) == NULL)
+ goto err;
+ bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d);
+ }
+ rr->top = top;
+ goto end;
+ }
+# if 0
+ if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) {
+ BIGNUM *tmp_bn = (BIGNUM *)b;
+ if (bn_wexpand(tmp_bn, al) == NULL)
+ goto err;
+ tmp_bn->d[bl] = 0;
+ bl++;
+ i--;
+ } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
+ BIGNUM *tmp_bn = (BIGNUM *)a;
+ if (bn_wexpand(tmp_bn, bl) == NULL)
+ goto err;
+ tmp_bn->d[al] = 0;
+ al++;
+ i++;
+ }
+ if (i == 0) {
+ /* symmetric and > 4 */
+ /* 16 or larger */
+ j = BN_num_bits_word((BN_ULONG)al);
+ j = 1 << (j - 1);
+ k = j + j;
+ t = BN_CTX_get(ctx);
+ if (al == j) { /* exact multiple */
+ if (bn_wexpand(t, k * 2) == NULL)
+ goto err;
+ if (bn_wexpand(rr, k * 2) == NULL)
+ goto err;
+ bn_mul_recursive(rr->d, a->d, b->d, al, t->d);
+ } else {
+ if (bn_wexpand(t, k * 4) == NULL)
+ goto err;
+ if (bn_wexpand(rr, k * 4) == NULL)
+ goto err;
+ bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d);
+ }
+ rr->top = top;
+ goto end;
+ }
+# endif
+ }
+#endif /* BN_RECURSION */
+ if (bn_wexpand(rr, top) == NULL)
+ goto err;
+ rr->top = top;
+ bn_mul_normal(rr->d, a->d, al, b->d, bl);
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+ end:
+#endif
+ bn_correct_top(rr);
+ if (r != rr)
+ BN_copy(r, rr);
+ ret = 1;
+ err:
+ bn_check_top(r);
+ BN_CTX_end(ctx);
+ return (ret);
+}
+
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+{
+ BN_ULONG *rr;
+
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb);
+#endif
+
+ if (na < nb) {
+ int itmp;
+ BN_ULONG *ltmp;
+
+ itmp = na;
+ na = nb;
+ nb = itmp;
+ ltmp = a;
+ a = b;
+ b = ltmp;
+
+ }
+ rr = &(r[na]);
+ if (nb <= 0) {
+ (void)bn_mul_words(r, a, na, 0);
+ return;
+ } else
+ rr[0] = bn_mul_words(r, a, na, b[0]);
+
+ for (;;) {
+ if (--nb <= 0)
+ return;
+ rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]);
+ if (--nb <= 0)
+ return;
+ rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]);
+ if (--nb <= 0)
+ return;
+ rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]);
+ if (--nb <= 0)
+ return;
+ rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]);
+ rr += 4;
+ r += 4;
+ b += 4;
+ }
+}
+
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+{
+#ifdef BN_COUNT
+ fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n);
+#endif
+ bn_mul_words(r, a, n, b[0]);
+
+ for (;;) {
+ if (--n <= 0)
+ return;
+ bn_mul_add_words(&(r[1]), a, n, b[1]);
+ if (--n <= 0)
+ return;
+ bn_mul_add_words(&(r[2]), a, n, b[2]);
+ if (--n <= 0)
+ return;
+ bn_mul_add_words(&(r[3]), a, n, b[3]);
+ if (--n <= 0)
+ return;
+ bn_mul_add_words(&(r[4]), a, n, b[4]);
+ r += 4;
+ b += 4;
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_nist.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_nist.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_nist.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,836 +0,0 @@
-/* crypto/bn/bn_nist.c */
-/*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "bn_lcl.h"
-#include "cryptlib.h"
-
-
-#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2
-
-/* pre-computed tables are "carry-less" values of modulus*(i+1) */
-#if BN_BITS2 == 64
-static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
- {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL},
- {0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL},
- {0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFCULL,0xFFFFFFFFFFFFFFFFULL}
- };
-static const BN_ULONG _nist_p_192_sqr[] = {
- 0x0000000000000001ULL,0x0000000000000002ULL,0x0000000000000001ULL,
- 0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL
- };
-static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
- {0x0000000000000001ULL,0xFFFFFFFF00000000ULL,
- 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL},
- {0x0000000000000002ULL,0xFFFFFFFE00000000ULL,
- 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFFULL} /* this one is "carry-full" */
- };
-static const BN_ULONG _nist_p_224_sqr[] = {
- 0x0000000000000001ULL,0xFFFFFFFE00000000ULL,
- 0xFFFFFFFFFFFFFFFFULL,0x0000000200000000ULL,
- 0x0000000000000000ULL,0xFFFFFFFFFFFFFFFEULL,
- 0xFFFFFFFFFFFFFFFFULL
- };
-static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
- {0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL,
- 0x0000000000000000ULL,0xFFFFFFFF00000001ULL},
- {0xFFFFFFFFFFFFFFFEULL,0x00000001FFFFFFFFULL,
- 0x0000000000000000ULL,0xFFFFFFFE00000002ULL},
- {0xFFFFFFFFFFFFFFFDULL,0x00000002FFFFFFFFULL,
- 0x0000000000000000ULL,0xFFFFFFFD00000003ULL},
- {0xFFFFFFFFFFFFFFFCULL,0x00000003FFFFFFFFULL,
- 0x0000000000000000ULL,0xFFFFFFFC00000004ULL},
- {0xFFFFFFFFFFFFFFFBULL,0x00000004FFFFFFFFULL,
- 0x0000000000000000ULL,0xFFFFFFFB00000005ULL},
- };
-static const BN_ULONG _nist_p_256_sqr[] = {
- 0x0000000000000001ULL,0xFFFFFFFE00000000ULL,
- 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFEULL,
- 0x00000001FFFFFFFEULL,0x00000001FFFFFFFEULL,
- 0xFFFFFFFE00000001ULL,0xFFFFFFFE00000002ULL
- };
-static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
- {0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,0xFFFFFFFFFFFFFFFEULL,
- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
- {0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL,
- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
- {0x00000002FFFFFFFDULL,0xFFFFFFFD00000000ULL,0xFFFFFFFFFFFFFFFCULL,
- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
- {0x00000003FFFFFFFCULL,0xFFFFFFFC00000000ULL,0xFFFFFFFFFFFFFFFBULL,
- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
- {0x00000004FFFFFFFBULL,0xFFFFFFFB00000000ULL,0xFFFFFFFFFFFFFFFAULL,
- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
- };
-static const BN_ULONG _nist_p_384_sqr[] = {
- 0xFFFFFFFE00000001ULL,0x0000000200000000ULL,0xFFFFFFFE00000000ULL,
- 0x0000000200000000ULL,0x0000000000000001ULL,0x0000000000000000ULL,
- 0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL,
- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL
- };
-static const BN_ULONG _nist_p_521[] =
- {0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
- 0x00000000000001FFULL};
-static const BN_ULONG _nist_p_521_sqr[] = {
- 0x0000000000000001ULL,0x0000000000000000ULL,0x0000000000000000ULL,
- 0x0000000000000000ULL,0x0000000000000000ULL,0x0000000000000000ULL,
- 0x0000000000000000ULL,0x0000000000000000ULL,0xFFFFFFFFFFFFFC00ULL,
- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
- 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
- 0xFFFFFFFFFFFFFFFFULL,0x000000000003FFFFULL
- };
-#elif BN_BITS2 == 32
-static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
- {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
- {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
- {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}
- };
-static const BN_ULONG _nist_p_192_sqr[] = {
- 0x00000001,0x00000000,0x00000002,0x00000000,0x00000001,0x00000000,
- 0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
- };
-static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
- {0x00000001,0x00000000,0x00000000,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
- {0x00000002,0x00000000,0x00000000,0xFFFFFFFE,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}
- };
-static const BN_ULONG _nist_p_224_sqr[] = {
- 0x00000001,0x00000000,0x00000000,0xFFFFFFFE,
- 0xFFFFFFFF,0xFFFFFFFF,0x00000000,0x00000002,
- 0x00000000,0x00000000,0xFFFFFFFE,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF
- };
-static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
- {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0x00000000,
- 0x00000000,0x00000000,0x00000001,0xFFFFFFFF},
- {0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0x00000001,
- 0x00000000,0x00000000,0x00000002,0xFFFFFFFE},
- {0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0x00000002,
- 0x00000000,0x00000000,0x00000003,0xFFFFFFFD},
- {0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0x00000003,
- 0x00000000,0x00000000,0x00000004,0xFFFFFFFC},
- {0xFFFFFFFB,0xFFFFFFFF,0xFFFFFFFF,0x00000004,
- 0x00000000,0x00000000,0x00000005,0xFFFFFFFB},
- };
-static const BN_ULONG _nist_p_256_sqr[] = {
- 0x00000001,0x00000000,0x00000000,0xFFFFFFFE,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0x00000001,
- 0xFFFFFFFE,0x00000001,0xFFFFFFFE,0x00000001,
- 0x00000001,0xFFFFFFFE,0x00000002,0xFFFFFFFE
- };
-static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
- {0xFFFFFFFF,0x00000000,0x00000000,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
- {0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
- {0xFFFFFFFD,0x00000002,0x00000000,0xFFFFFFFD,0xFFFFFFFC,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
- {0xFFFFFFFC,0x00000003,0x00000000,0xFFFFFFFC,0xFFFFFFFB,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
- {0xFFFFFFFB,0x00000004,0x00000000,0xFFFFFFFB,0xFFFFFFFA,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
- };
-static const BN_ULONG _nist_p_384_sqr[] = {
- 0x00000001,0xFFFFFFFE,0x00000000,0x00000002,0x00000000,0xFFFFFFFE,
- 0x00000000,0x00000002,0x00000001,0x00000000,0x00000000,0x00000000,
- 0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
- };
-static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
- 0xFFFFFFFF,0x000001FF};
-static const BN_ULONG _nist_p_521_sqr[] = {
- 0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
- 0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
- 0x00000000,0x00000000,0x00000000,0x00000000,0xFFFFFC00,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
- 0xFFFFFFFF,0xFFFFFFFF,0x0003FFFF
- };
-#else
-#error "unsupported BN_BITS2"
-#endif
-
-
-static const BIGNUM _bignum_nist_p_192 =
- {
- (BN_ULONG *)_nist_p_192[0],
- BN_NIST_192_TOP,
- BN_NIST_192_TOP,
- 0,
- BN_FLG_STATIC_DATA
- };
-
-static const BIGNUM _bignum_nist_p_224 =
- {
- (BN_ULONG *)_nist_p_224[0],
- BN_NIST_224_TOP,
- BN_NIST_224_TOP,
- 0,
- BN_FLG_STATIC_DATA
- };
-
-static const BIGNUM _bignum_nist_p_256 =
- {
- (BN_ULONG *)_nist_p_256[0],
- BN_NIST_256_TOP,
- BN_NIST_256_TOP,
- 0,
- BN_FLG_STATIC_DATA
- };
-
-static const BIGNUM _bignum_nist_p_384 =
- {
- (BN_ULONG *)_nist_p_384[0],
- BN_NIST_384_TOP,
- BN_NIST_384_TOP,
- 0,
- BN_FLG_STATIC_DATA
- };
-
-static const BIGNUM _bignum_nist_p_521 =
- {
- (BN_ULONG *)_nist_p_521,
- BN_NIST_521_TOP,
- BN_NIST_521_TOP,
- 0,
- BN_FLG_STATIC_DATA
- };
-
-
-const BIGNUM *BN_get0_nist_prime_192(void)
- {
- return &_bignum_nist_p_192;
- }
-
-const BIGNUM *BN_get0_nist_prime_224(void)
- {
- return &_bignum_nist_p_224;
- }
-
-const BIGNUM *BN_get0_nist_prime_256(void)
- {
- return &_bignum_nist_p_256;
- }
-
-const BIGNUM *BN_get0_nist_prime_384(void)
- {
- return &_bignum_nist_p_384;
- }
-
-const BIGNUM *BN_get0_nist_prime_521(void)
- {
- return &_bignum_nist_p_521;
- }
-
-
-static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
- {
- int i;
- BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
-
-#ifdef BN_DEBUG
- OPENSSL_assert(top <= max);
-#endif
- for (i = (top); i != 0; i--)
- *_tmp1++ = *_tmp2++;
- for (i = (max) - (top); i != 0; i--)
- *_tmp1++ = (BN_ULONG) 0;
- }
-
-static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
- {
- int i;
- BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
- for (i = (top); i != 0; i--)
- *_tmp1++ = *_tmp2++;
- }
-
-#if BN_BITS2 == 64
-#define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;
-#define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0;
-/*
- * two following macros are implemented under assumption that they
- * are called in a sequence with *ascending* n, i.e. as they are...
- */
-#define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\
- :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
-#define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
-#define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
-#else
-#define bn_cp_64(to, n, from, m) \
- { \
- bn_cp_32(to, (n)*2, from, (m)*2); \
- bn_cp_32(to, (n)*2+1, from, (m)*2+1); \
- }
-#define bn_64_set_0(to, n) \
- { \
- bn_32_set_0(to, (n)*2); \
- bn_32_set_0(to, (n)*2+1); \
- }
-#if BN_BITS2 == 32
-#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;
-#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0;
-#endif
-#endif /* BN_BITS2 != 64 */
-
-
-#define nist_set_192(to, from, a1, a2, a3) \
- { \
- bn_cp_64(to, 0, from, (a3) - 3) \
- bn_cp_64(to, 1, from, (a2) - 3) \
- bn_cp_64(to, 2, from, (a1) - 3) \
- }
-
-int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
- BN_CTX *ctx)
- {
- int top = a->top, i;
- int carry;
- register BN_ULONG *r_d, *a_d = a->d;
- BN_ULONG t_d[BN_NIST_192_TOP],
- buf[BN_NIST_192_TOP],
- c_d[BN_NIST_192_TOP],
- *res;
- size_t mask;
- static const BIGNUM _bignum_nist_p_192_sqr = {
- (BN_ULONG *)_nist_p_192_sqr,
- sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
- sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
- 0,BN_FLG_STATIC_DATA };
-
- field = &_bignum_nist_p_192; /* just to make sure */
-
- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0)
- return BN_nnmod(r, a, field, ctx);
-
- i = BN_ucmp(field, a);
- if (i == 0)
- {
- BN_zero(r);
- return 1;
- }
- else if (i > 0)
- return (r == a) ? 1 : (BN_copy(r ,a) != NULL);
-
- if (r != a)
- {
- if (!bn_wexpand(r, BN_NIST_192_TOP))
- return 0;
- r_d = r->d;
- nist_cp_bn(r_d, a_d, BN_NIST_192_TOP);
- }
- else
- r_d = a_d;
-
- nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP);
-
- nist_set_192(t_d, buf, 0, 3, 3);
- carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
- nist_set_192(t_d, buf, 4, 4, 0);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
- nist_set_192(t_d, buf, 5, 5, 5)
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
-
- if (carry > 0)
- carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP);
- else
- carry = 1;
-
- /*
- * we need 'if (carry==0 || result>=modulus) result-=modulus;'
- * as comparison implies subtraction, we can write
- * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
- * this is what happens below, but without explicit if:-) a.
- */
- mask = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
- mask &= 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
- nist_cp_bn(r_d, res, BN_NIST_192_TOP);
- r->top = BN_NIST_192_TOP;
- bn_correct_top(r);
-
- return 1;
- }
-
-typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int);
-
-#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \
- { \
- bn_cp_32(to, 0, from, (a7) - 7) \
- bn_cp_32(to, 1, from, (a6) - 7) \
- bn_cp_32(to, 2, from, (a5) - 7) \
- bn_cp_32(to, 3, from, (a4) - 7) \
- bn_cp_32(to, 4, from, (a3) - 7) \
- bn_cp_32(to, 5, from, (a2) - 7) \
- bn_cp_32(to, 6, from, (a1) - 7) \
- }
-
-int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
- BN_CTX *ctx)
- {
- int top = a->top, i;
- int carry;
- BN_ULONG *r_d, *a_d = a->d;
- BN_ULONG t_d[BN_NIST_224_TOP],
- buf[BN_NIST_224_TOP],
- c_d[BN_NIST_224_TOP],
- *res;
- size_t mask;
- union { bn_addsub_f f; size_t p; } u;
- static const BIGNUM _bignum_nist_p_224_sqr = {
- (BN_ULONG *)_nist_p_224_sqr,
- sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
- sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
- 0,BN_FLG_STATIC_DATA };
-
-
- field = &_bignum_nist_p_224; /* just to make sure */
-
- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0)
- return BN_nnmod(r, a, field, ctx);
-
- i = BN_ucmp(field, a);
- if (i == 0)
- {
- BN_zero(r);
- return 1;
- }
- else if (i > 0)
- return (r == a)? 1 : (BN_copy(r ,a) != NULL);
-
- if (r != a)
- {
- if (!bn_wexpand(r, BN_NIST_224_TOP))
- return 0;
- r_d = r->d;
- nist_cp_bn(r_d, a_d, BN_NIST_224_TOP);
- }
- else
- r_d = a_d;
-
-#if BN_BITS2==64
- /* copy upper 256 bits of 448 bit number ... */
- nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
- /* ... and right shift by 32 to obtain upper 224 bits */
- nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8);
- /* truncate lower part to 224 bits too */
- r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
-#else
- nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
-#endif
- nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
- carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
- nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
- nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
- nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-
-#if BN_BITS2==64
- carry = (int)(r_d[BN_NIST_224_TOP-1]>>32);
-#endif
- u.f = bn_sub_words;
- if (carry > 0)
- {
- carry = (int)bn_sub_words(r_d,r_d,_nist_p_224[carry-1],BN_NIST_224_TOP);
-#if BN_BITS2==64
- carry=(int)(~(r_d[BN_NIST_224_TOP-1]>>32))&1;
-#endif
- }
- else if (carry < 0)
- {
- /* it's a bit more comlicated logic in this case.
- * if bn_add_words yields no carry, then result
- * has to be adjusted by unconditionally *adding*
- * the modulus. but if it does, then result has
- * to be compared to the modulus and conditionally
- * adjusted by *subtracting* the latter. */
- carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP);
- mask = 0-(size_t)carry;
- u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
- }
- else
- carry = 1;
-
- /* otherwise it's effectively same as in BN_nist_mod_192... */
- mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
- mask &= 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
- nist_cp_bn(r_d, res, BN_NIST_224_TOP);
- r->top = BN_NIST_224_TOP;
- bn_correct_top(r);
-
- return 1;
- }
-
-#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \
- { \
- bn_cp_32(to, 0, from, (a8) - 8) \
- bn_cp_32(to, 1, from, (a7) - 8) \
- bn_cp_32(to, 2, from, (a6) - 8) \
- bn_cp_32(to, 3, from, (a5) - 8) \
- bn_cp_32(to, 4, from, (a4) - 8) \
- bn_cp_32(to, 5, from, (a3) - 8) \
- bn_cp_32(to, 6, from, (a2) - 8) \
- bn_cp_32(to, 7, from, (a1) - 8) \
- }
-
-int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
- BN_CTX *ctx)
- {
- int i, top = a->top;
- int carry = 0;
- register BN_ULONG *a_d = a->d, *r_d;
- BN_ULONG t_d[BN_NIST_256_TOP],
- buf[BN_NIST_256_TOP],
- c_d[BN_NIST_256_TOP],
- *res;
- size_t mask;
- union { bn_addsub_f f; size_t p; } u;
- static const BIGNUM _bignum_nist_p_256_sqr = {
- (BN_ULONG *)_nist_p_256_sqr,
- sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
- sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
- 0,BN_FLG_STATIC_DATA };
-
- field = &_bignum_nist_p_256; /* just to make sure */
-
- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0)
- return BN_nnmod(r, a, field, ctx);
-
- i = BN_ucmp(field, a);
- if (i == 0)
- {
- BN_zero(r);
- return 1;
- }
- else if (i > 0)
- return (r == a)? 1 : (BN_copy(r ,a) != NULL);
-
- if (r != a)
- {
- if (!bn_wexpand(r, BN_NIST_256_TOP))
- return 0;
- r_d = r->d;
- nist_cp_bn(r_d, a_d, BN_NIST_256_TOP);
- }
- else
- r_d = a_d;
-
- nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP);
-
- /*S1*/
- nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0);
- /*S2*/
- nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0);
- carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
- /* left shift */
- {
- register BN_ULONG *ap,t,c;
- ap = t_d;
- c=0;
- for (i = BN_NIST_256_TOP; i != 0; --i)
- {
- t= *ap;
- *(ap++)=((t<<1)|c)&BN_MASK2;
- c=(t & BN_TBIT)?1:0;
- }
- carry <<= 1;
- carry |= c;
- }
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- /*S3*/
- nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- /*S4*/
- nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- /*D1*/
- nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- /*D2*/
- nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- /*D3*/
- nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
- /*D4*/
- nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-
- /* see BN_nist_mod_224 for explanation */
- u.f = bn_sub_words;
- if (carry > 0)
- carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_256_TOP);
- else if (carry < 0)
- {
- carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP);
- mask = 0-(size_t)carry;
- u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
- }
- else
- carry = 1;
-
- mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
- mask &= 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
- nist_cp_bn(r_d, res, BN_NIST_256_TOP);
- r->top = BN_NIST_256_TOP;
- bn_correct_top(r);
-
- return 1;
- }
-
-#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
- { \
- bn_cp_32(to, 0, from, (a12) - 12) \
- bn_cp_32(to, 1, from, (a11) - 12) \
- bn_cp_32(to, 2, from, (a10) - 12) \
- bn_cp_32(to, 3, from, (a9) - 12) \
- bn_cp_32(to, 4, from, (a8) - 12) \
- bn_cp_32(to, 5, from, (a7) - 12) \
- bn_cp_32(to, 6, from, (a6) - 12) \
- bn_cp_32(to, 7, from, (a5) - 12) \
- bn_cp_32(to, 8, from, (a4) - 12) \
- bn_cp_32(to, 9, from, (a3) - 12) \
- bn_cp_32(to, 10, from, (a2) - 12) \
- bn_cp_32(to, 11, from, (a1) - 12) \
- }
-
-int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
- BN_CTX *ctx)
- {
- int i, top = a->top;
- int carry = 0;
- register BN_ULONG *r_d, *a_d = a->d;
- BN_ULONG t_d[BN_NIST_384_TOP],
- buf[BN_NIST_384_TOP],
- c_d[BN_NIST_384_TOP],
- *res;
- size_t mask;
- union { bn_addsub_f f; size_t p; } u;
- static const BIGNUM _bignum_nist_p_384_sqr = {
- (BN_ULONG *)_nist_p_384_sqr,
- sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
- sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
- 0,BN_FLG_STATIC_DATA };
-
-
- field = &_bignum_nist_p_384; /* just to make sure */
-
- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0)
- return BN_nnmod(r, a, field, ctx);
-
- i = BN_ucmp(field, a);
- if (i == 0)
- {
- BN_zero(r);
- return 1;
- }
- else if (i > 0)
- return (r == a)? 1 : (BN_copy(r ,a) != NULL);
-
- if (r != a)
- {
- if (!bn_wexpand(r, BN_NIST_384_TOP))
- return 0;
- r_d = r->d;
- nist_cp_bn(r_d, a_d, BN_NIST_384_TOP);
- }
- else
- r_d = a_d;
-
- nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP);
-
- /*S1*/
- nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4);
- /* left shift */
- {
- register BN_ULONG *ap,t,c;
- ap = t_d;
- c=0;
- for (i = 3; i != 0; --i)
- {
- t= *ap;
- *(ap++)=((t<<1)|c)&BN_MASK2;
- c=(t & BN_TBIT)?1:0;
- }
- *ap=c;
- }
- carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2),
- t_d, BN_NIST_256_TOP);
- /*S2 */
- carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP);
- /*S3*/
- nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
- /*S4*/
- nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
- /*S5*/
- nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
- /*S6*/
- nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20);
- carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
- /*D1*/
- nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
- /*D2*/
- nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
- /*D3*/
- nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0);
- carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-
- /* see BN_nist_mod_224 for explanation */
- u.f = bn_sub_words;
- if (carry > 0)
- carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_384_TOP);
- else if (carry < 0)
- {
- carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP);
- mask = 0-(size_t)carry;
- u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
- }
- else
- carry = 1;
-
- mask = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
- mask &= 0-(size_t)carry;
- res = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
- nist_cp_bn(r_d, res, BN_NIST_384_TOP);
- r->top = BN_NIST_384_TOP;
- bn_correct_top(r);
-
- return 1;
- }
-
-#define BN_NIST_521_RSHIFT (521%BN_BITS2)
-#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT)
-#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)
-
-int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
- BN_CTX *ctx)
- {
- int top = a->top, i;
- BN_ULONG *r_d, *a_d = a->d,
- t_d[BN_NIST_521_TOP],
- val,tmp,*res;
- size_t mask;
- static const BIGNUM _bignum_nist_p_521_sqr = {
- (BN_ULONG *)_nist_p_521_sqr,
- sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
- sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
- 0,BN_FLG_STATIC_DATA };
-
- field = &_bignum_nist_p_521; /* just to make sure */
-
- if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0)
- return BN_nnmod(r, a, field, ctx);
-
- i = BN_ucmp(field, a);
- if (i == 0)
- {
- BN_zero(r);
- return 1;
- }
- else if (i > 0)
- return (r == a)? 1 : (BN_copy(r ,a) != NULL);
-
- if (r != a)
- {
- if (!bn_wexpand(r,BN_NIST_521_TOP))
- return 0;
- r_d = r->d;
- nist_cp_bn(r_d,a_d, BN_NIST_521_TOP);
- }
- else
- r_d = a_d;
-
- /* upper 521 bits, copy ... */
- nist_cp_bn_0(t_d,a_d + (BN_NIST_521_TOP-1), top - (BN_NIST_521_TOP-1),BN_NIST_521_TOP);
- /* ... and right shift */
- for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
- {
- tmp = val>>BN_NIST_521_RSHIFT;
- val = t_d[i+1];
- t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2;
- }
- t_d[i] = val>>BN_NIST_521_RSHIFT;
- /* lower 521 bits */
- r_d[i] &= BN_NIST_521_TOP_MASK;
-
- bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
- mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
- res = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask));
- nist_cp_bn(r_d,res,BN_NIST_521_TOP);
- r->top = BN_NIST_521_TOP;
- bn_correct_top(r);
-
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_nist.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_nist.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_nist.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_nist.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,875 @@
+/* crypto/bn/bn_nist.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "bn_lcl.h"
+#include "cryptlib.h"
+
+#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2
+
+/* pre-computed tables are "carry-less" values of modulus*(i+1) */
+#if BN_BITS2 == 64
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+ {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL},
+ {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL},
+ {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL}
+};
+
+static const BN_ULONG _nist_p_192_sqr[] = {
+ 0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL,
+ 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
+ {0x0000000000000001ULL, 0xFFFFFFFF00000000ULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL},
+ {0x0000000000000002ULL, 0xFFFFFFFE00000000ULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL} /* this one is
+ * "carry-full" */
+};
+
+static const BN_ULONG _nist_p_224_sqr[] = {
+ 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL,
+ 0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL,
+ 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
+ {0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL,
+ 0x0000000000000000ULL, 0xFFFFFFFF00000001ULL},
+ {0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL,
+ 0x0000000000000000ULL, 0xFFFFFFFE00000002ULL},
+ {0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL,
+ 0x0000000000000000ULL, 0xFFFFFFFD00000003ULL},
+ {0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL,
+ 0x0000000000000000ULL, 0xFFFFFFFC00000004ULL},
+ {0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL,
+ 0x0000000000000000ULL, 0xFFFFFFFB00000005ULL},
+};
+
+static const BN_ULONG _nist_p_256_sqr[] = {
+ 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL,
+ 0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL,
+ 0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL
+};
+
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+ {0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, 0xFFFFFFFFFFFFFFFEULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+ {0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+ {0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, 0xFFFFFFFFFFFFFFFCULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+ {0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, 0xFFFFFFFFFFFFFFFBULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+ {0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, 0xFFFFFFFFFFFFFFFAULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+};
+
+static const BN_ULONG _nist_p_384_sqr[] = {
+ 0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL,
+ 0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL,
+ 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG _nist_p_521[] =
+ { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+ 0x00000000000001FFULL
+};
+
+static const BN_ULONG _nist_p_521_sqr[] = {
+ 0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
+ 0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
+ 0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+ 0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL
+};
+#elif BN_BITS2 == 32
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+ {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+ {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+ {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
+};
+
+static const BN_ULONG _nist_p_192_sqr[] = {
+ 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000,
+ 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
+ {0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+ {0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
+};
+
+static const BN_ULONG _nist_p_224_sqr[] = {
+ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002,
+ 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
+ {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF},
+ {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001,
+ 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE},
+ {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002,
+ 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD},
+ {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003,
+ 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC},
+ {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004,
+ 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB},
+};
+
+static const BN_ULONG _nist_p_256_sqr[] = {
+ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001,
+ 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001,
+ 0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE
+};
+
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+ {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+ {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+ {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+ {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+ {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+};
+
+static const BN_ULONG _nist_p_384_sqr[] = {
+ 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE,
+ 0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000,
+ 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_521[] = { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0x000001FF
+};
+
+static const BN_ULONG _nist_p_521_sqr[] = {
+ 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF
+};
+#else
+# error "unsupported BN_BITS2"
+#endif
+
+static const BIGNUM _bignum_nist_p_192 = {
+ (BN_ULONG *)_nist_p_192[0],
+ BN_NIST_192_TOP,
+ BN_NIST_192_TOP,
+ 0,
+ BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_224 = {
+ (BN_ULONG *)_nist_p_224[0],
+ BN_NIST_224_TOP,
+ BN_NIST_224_TOP,
+ 0,
+ BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_256 = {
+ (BN_ULONG *)_nist_p_256[0],
+ BN_NIST_256_TOP,
+ BN_NIST_256_TOP,
+ 0,
+ BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_384 = {
+ (BN_ULONG *)_nist_p_384[0],
+ BN_NIST_384_TOP,
+ BN_NIST_384_TOP,
+ 0,
+ BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_521 = {
+ (BN_ULONG *)_nist_p_521,
+ BN_NIST_521_TOP,
+ BN_NIST_521_TOP,
+ 0,
+ BN_FLG_STATIC_DATA
+};
+
+const BIGNUM *BN_get0_nist_prime_192(void)
+{
+ return &_bignum_nist_p_192;
+}
+
+const BIGNUM *BN_get0_nist_prime_224(void)
+{
+ return &_bignum_nist_p_224;
+}
+
+const BIGNUM *BN_get0_nist_prime_256(void)
+{
+ return &_bignum_nist_p_256;
+}
+
+const BIGNUM *BN_get0_nist_prime_384(void)
+{
+ return &_bignum_nist_p_384;
+}
+
+const BIGNUM *BN_get0_nist_prime_521(void)
+{
+ return &_bignum_nist_p_521;
+}
+
+static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
+{
+ int i;
+ BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
+
+#ifdef BN_DEBUG
+ OPENSSL_assert(top <= max);
+#endif
+ for (i = (top); i != 0; i--)
+ *_tmp1++ = *_tmp2++;
+ for (i = (max) - (top); i != 0; i--)
+ *_tmp1++ = (BN_ULONG)0;
+}
+
+static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
+{
+ int i;
+ BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
+ for (i = (top); i != 0; i--)
+ *_tmp1++ = *_tmp2++;
+}
+
+#if BN_BITS2 == 64
+# define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;
+# define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0;
+/*
+ * two following macros are implemented under assumption that they
+ * are called in a sequence with *ascending* n, i.e. as they are...
+ */
+# define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\
+ :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
+# define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
+# define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
+#else
+# define bn_cp_64(to, n, from, m) \
+ { \
+ bn_cp_32(to, (n)*2, from, (m)*2); \
+ bn_cp_32(to, (n)*2+1, from, (m)*2+1); \
+ }
+# define bn_64_set_0(to, n) \
+ { \
+ bn_32_set_0(to, (n)*2); \
+ bn_32_set_0(to, (n)*2+1); \
+ }
+# if BN_BITS2 == 32
+# define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;
+# define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0;
+# endif
+#endif /* BN_BITS2 != 64 */
+
+#define nist_set_192(to, from, a1, a2, a3) \
+ { \
+ bn_cp_64(to, 0, from, (a3) - 3) \
+ bn_cp_64(to, 1, from, (a2) - 3) \
+ bn_cp_64(to, 2, from, (a1) - 3) \
+ }
+
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+ BN_CTX *ctx)
+{
+ int top = a->top, i;
+ int carry;
+ register BN_ULONG *r_d, *a_d = a->d;
+ BN_ULONG t_d[BN_NIST_192_TOP],
+ buf[BN_NIST_192_TOP], c_d[BN_NIST_192_TOP], *res;
+ size_t mask;
+ static const BIGNUM _bignum_nist_p_192_sqr = {
+ (BN_ULONG *)_nist_p_192_sqr,
+ sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]),
+ sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]),
+ 0, BN_FLG_STATIC_DATA
+ };
+
+ field = &_bignum_nist_p_192; /* just to make sure */
+
+ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_192_sqr) >= 0)
+ return BN_nnmod(r, a, field, ctx);
+
+ i = BN_ucmp(field, a);
+ if (i == 0) {
+ BN_zero(r);
+ return 1;
+ } else if (i > 0)
+ return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+ if (r != a) {
+ if (!bn_wexpand(r, BN_NIST_192_TOP))
+ return 0;
+ r_d = r->d;
+ nist_cp_bn(r_d, a_d, BN_NIST_192_TOP);
+ } else
+ r_d = a_d;
+
+ nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP,
+ BN_NIST_192_TOP);
+
+ nist_set_192(t_d, buf, 0, 3, 3);
+ carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+ nist_set_192(t_d, buf, 4, 4, 0);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+ nist_set_192(t_d, buf, 5, 5, 5)
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+
+ if (carry > 0)
+ carry =
+ (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1],
+ BN_NIST_192_TOP);
+ else
+ carry = 1;
+
+ /*
+ * we need 'if (carry==0 || result>=modulus) result-=modulus;'
+ * as comparison implies subtraction, we can write
+ * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
+ * this is what happens below, but without explicit if:-) a.
+ */
+ mask =
+ 0 - (size_t)bn_sub_words(c_d, r_d, _nist_p_192[0], BN_NIST_192_TOP);
+ mask &= 0 - (size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask));
+ nist_cp_bn(r_d, res, BN_NIST_192_TOP);
+ r->top = BN_NIST_192_TOP;
+ bn_correct_top(r);
+
+ return 1;
+}
+
+typedef BN_ULONG (*bn_addsub_f) (BN_ULONG *, const BN_ULONG *,
+ const BN_ULONG *, int);
+
+#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \
+ { \
+ bn_cp_32(to, 0, from, (a7) - 7) \
+ bn_cp_32(to, 1, from, (a6) - 7) \
+ bn_cp_32(to, 2, from, (a5) - 7) \
+ bn_cp_32(to, 3, from, (a4) - 7) \
+ bn_cp_32(to, 4, from, (a3) - 7) \
+ bn_cp_32(to, 5, from, (a2) - 7) \
+ bn_cp_32(to, 6, from, (a1) - 7) \
+ }
+
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+ BN_CTX *ctx)
+{
+ int top = a->top, i;
+ int carry;
+ BN_ULONG *r_d, *a_d = a->d;
+ BN_ULONG t_d[BN_NIST_224_TOP],
+ buf[BN_NIST_224_TOP], c_d[BN_NIST_224_TOP], *res;
+ size_t mask;
+ union {
+ bn_addsub_f f;
+ size_t p;
+ } u;
+ static const BIGNUM _bignum_nist_p_224_sqr = {
+ (BN_ULONG *)_nist_p_224_sqr,
+ sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]),
+ sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]),
+ 0, BN_FLG_STATIC_DATA
+ };
+
+ field = &_bignum_nist_p_224; /* just to make sure */
+
+ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_224_sqr) >= 0)
+ return BN_nnmod(r, a, field, ctx);
+
+ i = BN_ucmp(field, a);
+ if (i == 0) {
+ BN_zero(r);
+ return 1;
+ } else if (i > 0)
+ return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+ if (r != a) {
+ if (!bn_wexpand(r, BN_NIST_224_TOP))
+ return 0;
+ r_d = r->d;
+ nist_cp_bn(r_d, a_d, BN_NIST_224_TOP);
+ } else
+ r_d = a_d;
+
+#if BN_BITS2==64
+ /* copy upper 256 bits of 448 bit number ... */
+ nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP - 1),
+ top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP);
+ /* ... and right shift by 32 to obtain upper 224 bits */
+ nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8);
+ /* truncate lower part to 224 bits too */
+ r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l;
+#else
+ nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP,
+ BN_NIST_224_TOP);
+#endif
+ nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
+ carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+ nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+ nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+ nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+
+#if BN_BITS2==64
+ carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32);
+#endif
+ u.f = bn_sub_words;
+ if (carry > 0) {
+ carry =
+ (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1],
+ BN_NIST_224_TOP);
+#if BN_BITS2==64
+ carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1;
+#endif
+ } else if (carry < 0) {
+ /*
+ * it's a bit more comlicated logic in this case. if bn_add_words
+ * yields no carry, then result has to be adjusted by unconditionally
+ * *adding* the modulus. but if it does, then result has to be
+ * compared to the modulus and conditionally adjusted by
+ * *subtracting* the latter.
+ */
+ carry =
+ (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1],
+ BN_NIST_224_TOP);
+ mask = 0 - (size_t)carry;
+ u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask);
+ } else
+ carry = 1;
+
+ /* otherwise it's effectively same as in BN_nist_mod_192... */
+ mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP);
+ mask &= 0 - (size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask));
+ nist_cp_bn(r_d, res, BN_NIST_224_TOP);
+ r->top = BN_NIST_224_TOP;
+ bn_correct_top(r);
+
+ return 1;
+}
+
+#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \
+ { \
+ bn_cp_32(to, 0, from, (a8) - 8) \
+ bn_cp_32(to, 1, from, (a7) - 8) \
+ bn_cp_32(to, 2, from, (a6) - 8) \
+ bn_cp_32(to, 3, from, (a5) - 8) \
+ bn_cp_32(to, 4, from, (a4) - 8) \
+ bn_cp_32(to, 5, from, (a3) - 8) \
+ bn_cp_32(to, 6, from, (a2) - 8) \
+ bn_cp_32(to, 7, from, (a1) - 8) \
+ }
+
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+ BN_CTX *ctx)
+{
+ int i, top = a->top;
+ int carry = 0;
+ register BN_ULONG *a_d = a->d, *r_d;
+ BN_ULONG t_d[BN_NIST_256_TOP],
+ buf[BN_NIST_256_TOP], c_d[BN_NIST_256_TOP], *res;
+ size_t mask;
+ union {
+ bn_addsub_f f;
+ size_t p;
+ } u;
+ static const BIGNUM _bignum_nist_p_256_sqr = {
+ (BN_ULONG *)_nist_p_256_sqr,
+ sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]),
+ sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]),
+ 0, BN_FLG_STATIC_DATA
+ };
+
+ field = &_bignum_nist_p_256; /* just to make sure */
+
+ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_256_sqr) >= 0)
+ return BN_nnmod(r, a, field, ctx);
+
+ i = BN_ucmp(field, a);
+ if (i == 0) {
+ BN_zero(r);
+ return 1;
+ } else if (i > 0)
+ return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+ if (r != a) {
+ if (!bn_wexpand(r, BN_NIST_256_TOP))
+ return 0;
+ r_d = r->d;
+ nist_cp_bn(r_d, a_d, BN_NIST_256_TOP);
+ } else
+ r_d = a_d;
+
+ nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP,
+ BN_NIST_256_TOP);
+
+ /*
+ * S1
+ */
+ nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0);
+ /*
+ * S2
+ */
+ nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0);
+ carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
+ /* left shift */
+ {
+ register BN_ULONG *ap, t, c;
+ ap = t_d;
+ c = 0;
+ for (i = BN_NIST_256_TOP; i != 0; --i) {
+ t = *ap;
+ *(ap++) = ((t << 1) | c) & BN_MASK2;
+ c = (t & BN_TBIT) ? 1 : 0;
+ }
+ carry <<= 1;
+ carry |= c;
+ }
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+ /*
+ * S3
+ */
+ nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+ /*
+ * S4
+ */
+ nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+ /*
+ * D1
+ */
+ nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+ /*
+ * D2
+ */
+ nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+ /*
+ * D3
+ */
+ nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+ /*
+ * D4
+ */
+ nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+
+ /* see BN_nist_mod_224 for explanation */
+ u.f = bn_sub_words;
+ if (carry > 0)
+ carry =
+ (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1],
+ BN_NIST_256_TOP);
+ else if (carry < 0) {
+ carry =
+ (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1],
+ BN_NIST_256_TOP);
+ mask = 0 - (size_t)carry;
+ u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask);
+ } else
+ carry = 1;
+
+ mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP);
+ mask &= 0 - (size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask));
+ nist_cp_bn(r_d, res, BN_NIST_256_TOP);
+ r->top = BN_NIST_256_TOP;
+ bn_correct_top(r);
+
+ return 1;
+}
+
+#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
+ { \
+ bn_cp_32(to, 0, from, (a12) - 12) \
+ bn_cp_32(to, 1, from, (a11) - 12) \
+ bn_cp_32(to, 2, from, (a10) - 12) \
+ bn_cp_32(to, 3, from, (a9) - 12) \
+ bn_cp_32(to, 4, from, (a8) - 12) \
+ bn_cp_32(to, 5, from, (a7) - 12) \
+ bn_cp_32(to, 6, from, (a6) - 12) \
+ bn_cp_32(to, 7, from, (a5) - 12) \
+ bn_cp_32(to, 8, from, (a4) - 12) \
+ bn_cp_32(to, 9, from, (a3) - 12) \
+ bn_cp_32(to, 10, from, (a2) - 12) \
+ bn_cp_32(to, 11, from, (a1) - 12) \
+ }
+
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+ BN_CTX *ctx)
+{
+ int i, top = a->top;
+ int carry = 0;
+ register BN_ULONG *r_d, *a_d = a->d;
+ BN_ULONG t_d[BN_NIST_384_TOP],
+ buf[BN_NIST_384_TOP], c_d[BN_NIST_384_TOP], *res;
+ size_t mask;
+ union {
+ bn_addsub_f f;
+ size_t p;
+ } u;
+ static const BIGNUM _bignum_nist_p_384_sqr = {
+ (BN_ULONG *)_nist_p_384_sqr,
+ sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]),
+ sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]),
+ 0, BN_FLG_STATIC_DATA
+ };
+
+ field = &_bignum_nist_p_384; /* just to make sure */
+
+ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_384_sqr) >= 0)
+ return BN_nnmod(r, a, field, ctx);
+
+ i = BN_ucmp(field, a);
+ if (i == 0) {
+ BN_zero(r);
+ return 1;
+ } else if (i > 0)
+ return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+ if (r != a) {
+ if (!bn_wexpand(r, BN_NIST_384_TOP))
+ return 0;
+ r_d = r->d;
+ nist_cp_bn(r_d, a_d, BN_NIST_384_TOP);
+ } else
+ r_d = a_d;
+
+ nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP,
+ BN_NIST_384_TOP);
+
+ /*
+ * S1
+ */
+ nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4);
+ /* left shift */
+ {
+ register BN_ULONG *ap, t, c;
+ ap = t_d;
+ c = 0;
+ for (i = 3; i != 0; --i) {
+ t = *ap;
+ *(ap++) = ((t << 1) | c) & BN_MASK2;
+ c = (t & BN_TBIT) ? 1 : 0;
+ }
+ *ap = c;
+ }
+ carry = (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2),
+ t_d, BN_NIST_256_TOP);
+ /*
+ * S2
+ */
+ carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP);
+ /*
+ * S3
+ */
+ nist_set_384(t_d, buf, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22, 21);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /*
+ * S4
+ */
+ nist_set_384(t_d, buf, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23, 0);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /*
+ * S5
+ */
+ nist_set_384(t_d, buf, 0, 0, 0, 0, 23, 22, 21, 20, 0, 0, 0, 0);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /*
+ * S6
+ */
+ nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 23, 22, 21, 0, 0, 20);
+ carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /*
+ * D1
+ */
+ nist_set_384(t_d, buf, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /*
+ * D2
+ */
+ nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 0, 23, 22, 21, 20, 0);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+ /*
+ * D3
+ */
+ nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0);
+ carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+
+ /* see BN_nist_mod_224 for explanation */
+ u.f = bn_sub_words;
+ if (carry > 0)
+ carry =
+ (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1],
+ BN_NIST_384_TOP);
+ else if (carry < 0) {
+ carry =
+ (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1],
+ BN_NIST_384_TOP);
+ mask = 0 - (size_t)carry;
+ u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask);
+ } else
+ carry = 1;
+
+ mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP);
+ mask &= 0 - (size_t)carry;
+ res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask));
+ nist_cp_bn(r_d, res, BN_NIST_384_TOP);
+ r->top = BN_NIST_384_TOP;
+ bn_correct_top(r);
+
+ return 1;
+}
+
+#define BN_NIST_521_RSHIFT (521%BN_BITS2)
+#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT)
+#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)
+
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+ BN_CTX *ctx)
+{
+ int top = a->top, i;
+ BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res;
+ size_t mask;
+ static const BIGNUM _bignum_nist_p_521_sqr = {
+ (BN_ULONG *)_nist_p_521_sqr,
+ sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]),
+ sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]),
+ 0, BN_FLG_STATIC_DATA
+ };
+
+ field = &_bignum_nist_p_521; /* just to make sure */
+
+ if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_521_sqr) >= 0)
+ return BN_nnmod(r, a, field, ctx);
+
+ i = BN_ucmp(field, a);
+ if (i == 0) {
+ BN_zero(r);
+ return 1;
+ } else if (i > 0)
+ return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+ if (r != a) {
+ if (!bn_wexpand(r, BN_NIST_521_TOP))
+ return 0;
+ r_d = r->d;
+ nist_cp_bn(r_d, a_d, BN_NIST_521_TOP);
+ } else
+ r_d = a_d;
+
+ /* upper 521 bits, copy ... */
+ nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1),
+ top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP);
+ /* ... and right shift */
+ for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) {
+ tmp = val >> BN_NIST_521_RSHIFT;
+ val = t_d[i + 1];
+ t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2;
+ }
+ t_d[i] = val >> BN_NIST_521_RSHIFT;
+ /* lower 521 bits */
+ r_d[i] &= BN_NIST_521_TOP_MASK;
+
+ bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP);
+ mask = 0 - (size_t)bn_sub_words(t_d, r_d, _nist_p_521, BN_NIST_521_TOP);
+ res = (BN_ULONG *)(((size_t)t_d & ~mask) | ((size_t)r_d & mask));
+ nist_cp_bn(r_d, res, BN_NIST_521_TOP);
+ r->top = BN_NIST_521_TOP;
+ bn_correct_top(r);
+
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_opt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_opt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_opt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,87 +0,0 @@
-/* crypto/bn/bn_opt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <assert.h>
-#include <limits.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-char *BN_options(void)
- {
- static int init=0;
- static char data[16];
-
- if (!init)
- {
- init++;
-#ifdef BN_LLONG
- BIO_snprintf(data,sizeof data,"bn(%d,%d)",
- (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
-#else
- BIO_snprintf(data,sizeof data,"bn(%d,%d)",
- (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
-#endif
- }
- return(data);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_opt.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_opt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_opt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_opt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,86 @@
+/* crypto/bn/bn_opt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+char *BN_options(void)
+{
+ static int init = 0;
+ static char data[16];
+
+ if (!init) {
+ init++;
+#ifdef BN_LLONG
+ BIO_snprintf(data, sizeof data, "bn(%d,%d)",
+ (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
+#else
+ BIO_snprintf(data, sizeof data, "bn(%d,%d)",
+ (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
+#endif
+ }
+ return (data);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_prime.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,494 +0,0 @@
-/* crypto/bn/bn_prime.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-
-/* NB: these functions have been "upgraded", the deprecated versions (which are
- * compatibility wrappers using these functions) are in bn_depr.c.
- * - Geoff
- */
-
-/* The quick sieve algorithm approach to weeding out primes is
- * Philip Zimmermann's, as implemented in PGP. I have had a read of
- * his comments and implemented my own version.
- */
-#include "bn_prime.h"
-
-static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
- const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
-static int probable_prime(BIGNUM *rnd, int bits);
-static int probable_prime_dh(BIGNUM *rnd, int bits,
- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-
-int BN_GENCB_call(BN_GENCB *cb, int a, int b)
- {
- /* No callback means continue */
- if(!cb) return 1;
- switch(cb->ver)
- {
- case 1:
- /* Deprecated-style callbacks */
- if(!cb->cb.cb_1)
- return 1;
- cb->cb.cb_1(a, b, cb->arg);
- return 1;
- case 2:
- /* New-style callbacks */
- return cb->cb.cb_2(a, b, cb);
- default:
- break;
- }
- /* Unrecognised callback type */
- return 0;
- }
-
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
- const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
- {
- BIGNUM *t;
- int found=0;
- int i,j,c1=0;
- BN_CTX *ctx;
- int checks = BN_prime_checks_for_size(bits);
-
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- t = BN_CTX_get(ctx);
- if(!t) goto err;
-loop:
- /* make a random number and set the top and bottom bits */
- if (add == NULL)
- {
- if (!probable_prime(ret,bits)) goto err;
- }
- else
- {
- if (safe)
- {
- if (!probable_prime_dh_safe(ret,bits,add,rem,ctx))
- goto err;
- }
- else
- {
- if (!probable_prime_dh(ret,bits,add,rem,ctx))
- goto err;
- }
- }
- /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
- if(!BN_GENCB_call(cb, 0, c1++))
- /* aborted */
- goto err;
-
- if (!safe)
- {
- i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb);
- if (i == -1) goto err;
- if (i == 0) goto loop;
- }
- else
- {
- /* for "safe prime" generation,
- * check that (p-1)/2 is prime.
- * Since a prime is odd, We just
- * need to divide by 2 */
- if (!BN_rshift1(t,ret)) goto err;
-
- for (i=0; i<checks; i++)
- {
- j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb);
- if (j == -1) goto err;
- if (j == 0) goto loop;
-
- j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb);
- if (j == -1) goto err;
- if (j == 0) goto loop;
-
- if(!BN_GENCB_call(cb, 2, c1-1))
- goto err;
- /* We have a safe prime test pass */
- }
- }
- /* we have a prime :-) */
- found = 1;
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- bn_check_top(ret);
- return found;
- }
-
-int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
- {
- return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
- }
-
-int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
- int do_trial_division, BN_GENCB *cb)
- {
- int i, j, ret = -1;
- int k;
- BN_CTX *ctx = NULL;
- BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
- BN_MONT_CTX *mont = NULL;
- const BIGNUM *A = NULL;
-
- if (BN_cmp(a, BN_value_one()) <= 0)
- return 0;
-
- if (checks == BN_prime_checks)
- checks = BN_prime_checks_for_size(BN_num_bits(a));
-
- /* first look for small factors */
- if (!BN_is_odd(a))
- /* a is even => a is prime if and only if a == 2 */
- return BN_is_word(a, 2);
- if (do_trial_division)
- {
- for (i = 1; i < NUMPRIMES; i++)
- if (BN_mod_word(a, primes[i]) == 0)
- return 0;
- if(!BN_GENCB_call(cb, 1, -1))
- goto err;
- }
-
- if (ctx_passed != NULL)
- ctx = ctx_passed;
- else
- if ((ctx=BN_CTX_new()) == NULL)
- goto err;
- BN_CTX_start(ctx);
-
- /* A := abs(a) */
- if (a->neg)
- {
- BIGNUM *t;
- if ((t = BN_CTX_get(ctx)) == NULL) goto err;
- BN_copy(t, a);
- t->neg = 0;
- A = t;
- }
- else
- A = a;
- A1 = BN_CTX_get(ctx);
- A1_odd = BN_CTX_get(ctx);
- check = BN_CTX_get(ctx);
- if (check == NULL) goto err;
-
- /* compute A1 := A - 1 */
- if (!BN_copy(A1, A))
- goto err;
- if (!BN_sub_word(A1, 1))
- goto err;
- if (BN_is_zero(A1))
- {
- ret = 0;
- goto err;
- }
-
- /* write A1 as A1_odd * 2^k */
- k = 1;
- while (!BN_is_bit_set(A1, k))
- k++;
- if (!BN_rshift(A1_odd, A1, k))
- goto err;
-
- /* Montgomery setup for computations mod A */
- mont = BN_MONT_CTX_new();
- if (mont == NULL)
- goto err;
- if (!BN_MONT_CTX_set(mont, A, ctx))
- goto err;
-
- for (i = 0; i < checks; i++)
- {
- if (!BN_pseudo_rand_range(check, A1))
- goto err;
- if (!BN_add_word(check, 1))
- goto err;
- /* now 1 <= check < A */
-
- j = witness(check, A, A1, A1_odd, k, ctx, mont);
- if (j == -1) goto err;
- if (j)
- {
- ret=0;
- goto err;
- }
- if(!BN_GENCB_call(cb, 1, i))
- goto err;
- }
- ret=1;
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- if (ctx_passed == NULL)
- BN_CTX_free(ctx);
- }
- if (mont != NULL)
- BN_MONT_CTX_free(mont);
-
- return(ret);
- }
-
-static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
- const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont)
- {
- if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
- return -1;
- if (BN_is_one(w))
- return 0; /* probably prime */
- if (BN_cmp(w, a1) == 0)
- return 0; /* w == -1 (mod a), 'a' is probably prime */
- while (--k)
- {
- if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
- return -1;
- if (BN_is_one(w))
- return 1; /* 'a' is composite, otherwise a previous 'w' would
- * have been == -1 (mod 'a') */
- if (BN_cmp(w, a1) == 0)
- return 0; /* w == -1 (mod a), 'a' is probably prime */
- }
- /* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
- * and it is neither -1 nor +1 -- so 'a' cannot be prime */
- bn_check_top(w);
- return 1;
- }
-
-static int probable_prime(BIGNUM *rnd, int bits)
- {
- int i;
- prime_t mods[NUMPRIMES];
- BN_ULONG delta,maxdelta;
-
-again:
- if (!BN_rand(rnd,bits,1,1)) return(0);
- /* we now have a random number 'rand' to test. */
- for (i=1; i<NUMPRIMES; i++)
- mods[i]=(prime_t)BN_mod_word(rnd,(BN_ULONG)primes[i]);
- maxdelta=BN_MASK2 - primes[NUMPRIMES-1];
- delta=0;
- loop: for (i=1; i<NUMPRIMES; i++)
- {
- /* check that rnd is not a prime and also
- * that gcd(rnd-1,primes) == 1 (except for 2) */
- if (((mods[i]+delta)%primes[i]) <= 1)
- {
- delta+=2;
- if (delta > maxdelta) goto again;
- goto loop;
- }
- }
- if (!BN_add_word(rnd,delta)) return(0);
- bn_check_top(rnd);
- return(1);
- }
-
-static int probable_prime_dh(BIGNUM *rnd, int bits,
- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
- {
- int i,ret=0;
- BIGNUM *t1;
-
- BN_CTX_start(ctx);
- if ((t1 = BN_CTX_get(ctx)) == NULL) goto err;
-
- if (!BN_rand(rnd,bits,0,1)) goto err;
-
- /* we need ((rnd-rem) % add) == 0 */
-
- if (!BN_mod(t1,rnd,add,ctx)) goto err;
- if (!BN_sub(rnd,rnd,t1)) goto err;
- if (rem == NULL)
- { if (!BN_add_word(rnd,1)) goto err; }
- else
- { if (!BN_add(rnd,rnd,rem)) goto err; }
-
- /* we now have a random number 'rand' to test. */
-
- loop: for (i=1; i<NUMPRIMES; i++)
- {
- /* check that rnd is a prime */
- if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1)
- {
- if (!BN_add(rnd,rnd,add)) goto err;
- goto loop;
- }
- }
- ret=1;
-err:
- BN_CTX_end(ctx);
- bn_check_top(rnd);
- return(ret);
- }
-
-static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
- const BIGNUM *rem, BN_CTX *ctx)
- {
- int i,ret=0;
- BIGNUM *t1,*qadd,*q;
-
- bits--;
- BN_CTX_start(ctx);
- t1 = BN_CTX_get(ctx);
- q = BN_CTX_get(ctx);
- qadd = BN_CTX_get(ctx);
- if (qadd == NULL) goto err;
-
- if (!BN_rshift1(qadd,padd)) goto err;
-
- if (!BN_rand(q,bits,0,1)) goto err;
-
- /* we need ((rnd-rem) % add) == 0 */
- if (!BN_mod(t1,q,qadd,ctx)) goto err;
- if (!BN_sub(q,q,t1)) goto err;
- if (rem == NULL)
- { if (!BN_add_word(q,1)) goto err; }
- else
- {
- if (!BN_rshift1(t1,rem)) goto err;
- if (!BN_add(q,q,t1)) goto err;
- }
-
- /* we now have a random number 'rand' to test. */
- if (!BN_lshift1(p,q)) goto err;
- if (!BN_add_word(p,1)) goto err;
-
- loop: for (i=1; i<NUMPRIMES; i++)
- {
- /* check that p and q are prime */
- /* check that for p and q
- * gcd(p-1,primes) == 1 (except for 2) */
- if ( (BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||
- (BN_mod_word(q,(BN_ULONG)primes[i]) == 0))
- {
- if (!BN_add(p,p,padd)) goto err;
- if (!BN_add(q,q,qadd)) goto err;
- goto loop;
- }
- }
- ret=1;
-err:
- BN_CTX_end(ctx);
- bn_check_top(p);
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_prime.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,515 @@
+/* crypto/bn/bn_prime.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/rand.h>
+
+/*
+ * NB: these functions have been "upgraded", the deprecated versions (which
+ * are compatibility wrappers using these functions) are in bn_depr.c. -
+ * Geoff
+ */
+
+/*
+ * The quick sieve algorithm approach to weeding out primes is Philip
+ * Zimmermann's, as implemented in PGP. I have had a read of his comments
+ * and implemented my own version.
+ */
+#include "bn_prime.h"
+
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+ const BIGNUM *a1_odd, int k, BN_CTX *ctx,
+ BN_MONT_CTX *mont);
+static int probable_prime(BIGNUM *rnd, int bits);
+static int probable_prime_dh(BIGNUM *rnd, int bits,
+ const BIGNUM *add, const BIGNUM *rem,
+ BN_CTX *ctx);
+static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add,
+ const BIGNUM *rem, BN_CTX *ctx);
+
+int BN_GENCB_call(BN_GENCB *cb, int a, int b)
+{
+ /* No callback means continue */
+ if (!cb)
+ return 1;
+ switch (cb->ver) {
+ case 1:
+ /* Deprecated-style callbacks */
+ if (!cb->cb.cb_1)
+ return 1;
+ cb->cb.cb_1(a, b, cb->arg);
+ return 1;
+ case 2:
+ /* New-style callbacks */
+ return cb->cb.cb_2(a, b, cb);
+ default:
+ break;
+ }
+ /* Unrecognised callback type */
+ return 0;
+}
+
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
+ const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
+{
+ BIGNUM *t;
+ int found = 0;
+ int i, j, c1 = 0;
+ BN_CTX *ctx;
+ int checks = BN_prime_checks_for_size(bits);
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ t = BN_CTX_get(ctx);
+ if (!t)
+ goto err;
+ loop:
+ /* make a random number and set the top and bottom bits */
+ if (add == NULL) {
+ if (!probable_prime(ret, bits))
+ goto err;
+ } else {
+ if (safe) {
+ if (!probable_prime_dh_safe(ret, bits, add, rem, ctx))
+ goto err;
+ } else {
+ if (!probable_prime_dh(ret, bits, add, rem, ctx))
+ goto err;
+ }
+ }
+ /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
+ if (!BN_GENCB_call(cb, 0, c1++))
+ /* aborted */
+ goto err;
+
+ if (!safe) {
+ i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb);
+ if (i == -1)
+ goto err;
+ if (i == 0)
+ goto loop;
+ } else {
+ /*
+ * for "safe prime" generation, check that (p-1)/2 is prime. Since a
+ * prime is odd, We just need to divide by 2
+ */
+ if (!BN_rshift1(t, ret))
+ goto err;
+
+ for (i = 0; i < checks; i++) {
+ j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb);
+ if (j == -1)
+ goto err;
+ if (j == 0)
+ goto loop;
+
+ j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb);
+ if (j == -1)
+ goto err;
+ if (j == 0)
+ goto loop;
+
+ if (!BN_GENCB_call(cb, 2, c1 - 1))
+ goto err;
+ /* We have a safe prime test pass */
+ }
+ }
+ /* we have a prime :-) */
+ found = 1;
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ bn_check_top(ret);
+ return found;
+}
+
+int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+ BN_GENCB *cb)
+{
+ return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
+}
+
+int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+ int do_trial_division, BN_GENCB *cb)
+{
+ int i, j, ret = -1;
+ int k;
+ BN_CTX *ctx = NULL;
+ BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
+ BN_MONT_CTX *mont = NULL;
+ const BIGNUM *A = NULL;
+
+ if (BN_cmp(a, BN_value_one()) <= 0)
+ return 0;
+
+ if (checks == BN_prime_checks)
+ checks = BN_prime_checks_for_size(BN_num_bits(a));
+
+ /* first look for small factors */
+ if (!BN_is_odd(a))
+ /* a is even => a is prime if and only if a == 2 */
+ return BN_is_word(a, 2);
+ if (do_trial_division) {
+ for (i = 1; i < NUMPRIMES; i++)
+ if (BN_mod_word(a, primes[i]) == 0)
+ return 0;
+ if (!BN_GENCB_call(cb, 1, -1))
+ goto err;
+ }
+
+ if (ctx_passed != NULL)
+ ctx = ctx_passed;
+ else if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+
+ /* A := abs(a) */
+ if (a->neg) {
+ BIGNUM *t;
+ if ((t = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ BN_copy(t, a);
+ t->neg = 0;
+ A = t;
+ } else
+ A = a;
+ A1 = BN_CTX_get(ctx);
+ A1_odd = BN_CTX_get(ctx);
+ check = BN_CTX_get(ctx);
+ if (check == NULL)
+ goto err;
+
+ /* compute A1 := A - 1 */
+ if (!BN_copy(A1, A))
+ goto err;
+ if (!BN_sub_word(A1, 1))
+ goto err;
+ if (BN_is_zero(A1)) {
+ ret = 0;
+ goto err;
+ }
+
+ /* write A1 as A1_odd * 2^k */
+ k = 1;
+ while (!BN_is_bit_set(A1, k))
+ k++;
+ if (!BN_rshift(A1_odd, A1, k))
+ goto err;
+
+ /* Montgomery setup for computations mod A */
+ mont = BN_MONT_CTX_new();
+ if (mont == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, A, ctx))
+ goto err;
+
+ for (i = 0; i < checks; i++) {
+ if (!BN_pseudo_rand_range(check, A1))
+ goto err;
+ if (!BN_add_word(check, 1))
+ goto err;
+ /* now 1 <= check < A */
+
+ j = witness(check, A, A1, A1_odd, k, ctx, mont);
+ if (j == -1)
+ goto err;
+ if (j) {
+ ret = 0;
+ goto err;
+ }
+ if (!BN_GENCB_call(cb, 1, i))
+ goto err;
+ }
+ ret = 1;
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ if (ctx_passed == NULL)
+ BN_CTX_free(ctx);
+ }
+ if (mont != NULL)
+ BN_MONT_CTX_free(mont);
+
+ return (ret);
+}
+
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+ const BIGNUM *a1_odd, int k, BN_CTX *ctx,
+ BN_MONT_CTX *mont)
+{
+ if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
+ return -1;
+ if (BN_is_one(w))
+ return 0; /* probably prime */
+ if (BN_cmp(w, a1) == 0)
+ return 0; /* w == -1 (mod a), 'a' is probably prime */
+ while (--k) {
+ if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
+ return -1;
+ if (BN_is_one(w))
+ return 1; /* 'a' is composite, otherwise a previous 'w'
+ * would have been == -1 (mod 'a') */
+ if (BN_cmp(w, a1) == 0)
+ return 0; /* w == -1 (mod a), 'a' is probably prime */
+ }
+ /*
+ * If we get here, 'w' is the (a-1)/2-th power of the original 'w', and
+ * it is neither -1 nor +1 -- so 'a' cannot be prime
+ */
+ bn_check_top(w);
+ return 1;
+}
+
+static int probable_prime(BIGNUM *rnd, int bits)
+{
+ int i;
+ prime_t mods[NUMPRIMES];
+ BN_ULONG delta, maxdelta;
+
+ again:
+ if (!BN_rand(rnd, bits, 1, 1))
+ return (0);
+ /* we now have a random number 'rand' to test. */
+ for (i = 1; i < NUMPRIMES; i++)
+ mods[i] = (prime_t) BN_mod_word(rnd, (BN_ULONG)primes[i]);
+ maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
+ delta = 0;
+ loop:for (i = 1; i < NUMPRIMES; i++) {
+ /*
+ * check that rnd is not a prime and also that gcd(rnd-1,primes) == 1
+ * (except for 2)
+ */
+ if (((mods[i] + delta) % primes[i]) <= 1) {
+ delta += 2;
+ if (delta > maxdelta)
+ goto again;
+ goto loop;
+ }
+ }
+ if (!BN_add_word(rnd, delta))
+ return (0);
+ bn_check_top(rnd);
+ return (1);
+}
+
+static int probable_prime_dh(BIGNUM *rnd, int bits,
+ const BIGNUM *add, const BIGNUM *rem,
+ BN_CTX *ctx)
+{
+ int i, ret = 0;
+ BIGNUM *t1;
+
+ BN_CTX_start(ctx);
+ if ((t1 = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
+ if (!BN_rand(rnd, bits, 0, 1))
+ goto err;
+
+ /* we need ((rnd-rem) % add) == 0 */
+
+ if (!BN_mod(t1, rnd, add, ctx))
+ goto err;
+ if (!BN_sub(rnd, rnd, t1))
+ goto err;
+ if (rem == NULL) {
+ if (!BN_add_word(rnd, 1))
+ goto err;
+ } else {
+ if (!BN_add(rnd, rnd, rem))
+ goto err;
+ }
+
+ /* we now have a random number 'rand' to test. */
+
+ loop:for (i = 1; i < NUMPRIMES; i++) {
+ /* check that rnd is a prime */
+ if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) {
+ if (!BN_add(rnd, rnd, add))
+ goto err;
+ goto loop;
+ }
+ }
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ bn_check_top(rnd);
+ return (ret);
+}
+
+static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
+ const BIGNUM *rem, BN_CTX *ctx)
+{
+ int i, ret = 0;
+ BIGNUM *t1, *qadd, *q;
+
+ bits--;
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ q = BN_CTX_get(ctx);
+ qadd = BN_CTX_get(ctx);
+ if (qadd == NULL)
+ goto err;
+
+ if (!BN_rshift1(qadd, padd))
+ goto err;
+
+ if (!BN_rand(q, bits, 0, 1))
+ goto err;
+
+ /* we need ((rnd-rem) % add) == 0 */
+ if (!BN_mod(t1, q, qadd, ctx))
+ goto err;
+ if (!BN_sub(q, q, t1))
+ goto err;
+ if (rem == NULL) {
+ if (!BN_add_word(q, 1))
+ goto err;
+ } else {
+ if (!BN_rshift1(t1, rem))
+ goto err;
+ if (!BN_add(q, q, t1))
+ goto err;
+ }
+
+ /* we now have a random number 'rand' to test. */
+ if (!BN_lshift1(p, q))
+ goto err;
+ if (!BN_add_word(p, 1))
+ goto err;
+
+ loop:for (i = 1; i < NUMPRIMES; i++) {
+ /* check that p and q are prime */
+ /*
+ * check that for p and q gcd(p-1,primes) == 1 (except for 2)
+ */
+ if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) ||
+ (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) {
+ if (!BN_add(p, p, padd))
+ goto err;
+ if (!BN_add(q, q, qadd))
+ goto err;
+ goto loop;
+ }
+ }
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ bn_check_top(p);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_prime.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,327 +0,0 @@
-/* Auto generated by bn_prime.pl */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef EIGHT_BIT
-#define NUMPRIMES 2048
-typedef unsigned short prime_t;
-#else
-#define NUMPRIMES 54
-typedef unsigned char prime_t;
-#endif
-static const prime_t primes[NUMPRIMES]=
- {
- 2, 3, 5, 7, 11, 13, 17, 19,
- 23, 29, 31, 37, 41, 43, 47, 53,
- 59, 61, 67, 71, 73, 79, 83, 89,
- 97, 101, 103, 107, 109, 113, 127, 131,
- 137, 139, 149, 151, 157, 163, 167, 173,
- 179, 181, 191, 193, 197, 199, 211, 223,
- 227, 229, 233, 239, 241, 251,
-#ifndef EIGHT_BIT
- 257, 263,
- 269, 271, 277, 281, 283, 293, 307, 311,
- 313, 317, 331, 337, 347, 349, 353, 359,
- 367, 373, 379, 383, 389, 397, 401, 409,
- 419, 421, 431, 433, 439, 443, 449, 457,
- 461, 463, 467, 479, 487, 491, 499, 503,
- 509, 521, 523, 541, 547, 557, 563, 569,
- 571, 577, 587, 593, 599, 601, 607, 613,
- 617, 619, 631, 641, 643, 647, 653, 659,
- 661, 673, 677, 683, 691, 701, 709, 719,
- 727, 733, 739, 743, 751, 757, 761, 769,
- 773, 787, 797, 809, 811, 821, 823, 827,
- 829, 839, 853, 857, 859, 863, 877, 881,
- 883, 887, 907, 911, 919, 929, 937, 941,
- 947, 953, 967, 971, 977, 983, 991, 997,
- 1009,1013,1019,1021,1031,1033,1039,1049,
- 1051,1061,1063,1069,1087,1091,1093,1097,
- 1103,1109,1117,1123,1129,1151,1153,1163,
- 1171,1181,1187,1193,1201,1213,1217,1223,
- 1229,1231,1237,1249,1259,1277,1279,1283,
- 1289,1291,1297,1301,1303,1307,1319,1321,
- 1327,1361,1367,1373,1381,1399,1409,1423,
- 1427,1429,1433,1439,1447,1451,1453,1459,
- 1471,1481,1483,1487,1489,1493,1499,1511,
- 1523,1531,1543,1549,1553,1559,1567,1571,
- 1579,1583,1597,1601,1607,1609,1613,1619,
- 1621,1627,1637,1657,1663,1667,1669,1693,
- 1697,1699,1709,1721,1723,1733,1741,1747,
- 1753,1759,1777,1783,1787,1789,1801,1811,
- 1823,1831,1847,1861,1867,1871,1873,1877,
- 1879,1889,1901,1907,1913,1931,1933,1949,
- 1951,1973,1979,1987,1993,1997,1999,2003,
- 2011,2017,2027,2029,2039,2053,2063,2069,
- 2081,2083,2087,2089,2099,2111,2113,2129,
- 2131,2137,2141,2143,2153,2161,2179,2203,
- 2207,2213,2221,2237,2239,2243,2251,2267,
- 2269,2273,2281,2287,2293,2297,2309,2311,
- 2333,2339,2341,2347,2351,2357,2371,2377,
- 2381,2383,2389,2393,2399,2411,2417,2423,
- 2437,2441,2447,2459,2467,2473,2477,2503,
- 2521,2531,2539,2543,2549,2551,2557,2579,
- 2591,2593,2609,2617,2621,2633,2647,2657,
- 2659,2663,2671,2677,2683,2687,2689,2693,
- 2699,2707,2711,2713,2719,2729,2731,2741,
- 2749,2753,2767,2777,2789,2791,2797,2801,
- 2803,2819,2833,2837,2843,2851,2857,2861,
- 2879,2887,2897,2903,2909,2917,2927,2939,
- 2953,2957,2963,2969,2971,2999,3001,3011,
- 3019,3023,3037,3041,3049,3061,3067,3079,
- 3083,3089,3109,3119,3121,3137,3163,3167,
- 3169,3181,3187,3191,3203,3209,3217,3221,
- 3229,3251,3253,3257,3259,3271,3299,3301,
- 3307,3313,3319,3323,3329,3331,3343,3347,
- 3359,3361,3371,3373,3389,3391,3407,3413,
- 3433,3449,3457,3461,3463,3467,3469,3491,
- 3499,3511,3517,3527,3529,3533,3539,3541,
- 3547,3557,3559,3571,3581,3583,3593,3607,
- 3613,3617,3623,3631,3637,3643,3659,3671,
- 3673,3677,3691,3697,3701,3709,3719,3727,
- 3733,3739,3761,3767,3769,3779,3793,3797,
- 3803,3821,3823,3833,3847,3851,3853,3863,
- 3877,3881,3889,3907,3911,3917,3919,3923,
- 3929,3931,3943,3947,3967,3989,4001,4003,
- 4007,4013,4019,4021,4027,4049,4051,4057,
- 4073,4079,4091,4093,4099,4111,4127,4129,
- 4133,4139,4153,4157,4159,4177,4201,4211,
- 4217,4219,4229,4231,4241,4243,4253,4259,
- 4261,4271,4273,4283,4289,4297,4327,4337,
- 4339,4349,4357,4363,4373,4391,4397,4409,
- 4421,4423,4441,4447,4451,4457,4463,4481,
- 4483,4493,4507,4513,4517,4519,4523,4547,
- 4549,4561,4567,4583,4591,4597,4603,4621,
- 4637,4639,4643,4649,4651,4657,4663,4673,
- 4679,4691,4703,4721,4723,4729,4733,4751,
- 4759,4783,4787,4789,4793,4799,4801,4813,
- 4817,4831,4861,4871,4877,4889,4903,4909,
- 4919,4931,4933,4937,4943,4951,4957,4967,
- 4969,4973,4987,4993,4999,5003,5009,5011,
- 5021,5023,5039,5051,5059,5077,5081,5087,
- 5099,5101,5107,5113,5119,5147,5153,5167,
- 5171,5179,5189,5197,5209,5227,5231,5233,
- 5237,5261,5273,5279,5281,5297,5303,5309,
- 5323,5333,5347,5351,5381,5387,5393,5399,
- 5407,5413,5417,5419,5431,5437,5441,5443,
- 5449,5471,5477,5479,5483,5501,5503,5507,
- 5519,5521,5527,5531,5557,5563,5569,5573,
- 5581,5591,5623,5639,5641,5647,5651,5653,
- 5657,5659,5669,5683,5689,5693,5701,5711,
- 5717,5737,5741,5743,5749,5779,5783,5791,
- 5801,5807,5813,5821,5827,5839,5843,5849,
- 5851,5857,5861,5867,5869,5879,5881,5897,
- 5903,5923,5927,5939,5953,5981,5987,6007,
- 6011,6029,6037,6043,6047,6053,6067,6073,
- 6079,6089,6091,6101,6113,6121,6131,6133,
- 6143,6151,6163,6173,6197,6199,6203,6211,
- 6217,6221,6229,6247,6257,6263,6269,6271,
- 6277,6287,6299,6301,6311,6317,6323,6329,
- 6337,6343,6353,6359,6361,6367,6373,6379,
- 6389,6397,6421,6427,6449,6451,6469,6473,
- 6481,6491,6521,6529,6547,6551,6553,6563,
- 6569,6571,6577,6581,6599,6607,6619,6637,
- 6653,6659,6661,6673,6679,6689,6691,6701,
- 6703,6709,6719,6733,6737,6761,6763,6779,
- 6781,6791,6793,6803,6823,6827,6829,6833,
- 6841,6857,6863,6869,6871,6883,6899,6907,
- 6911,6917,6947,6949,6959,6961,6967,6971,
- 6977,6983,6991,6997,7001,7013,7019,7027,
- 7039,7043,7057,7069,7079,7103,7109,7121,
- 7127,7129,7151,7159,7177,7187,7193,7207,
- 7211,7213,7219,7229,7237,7243,7247,7253,
- 7283,7297,7307,7309,7321,7331,7333,7349,
- 7351,7369,7393,7411,7417,7433,7451,7457,
- 7459,7477,7481,7487,7489,7499,7507,7517,
- 7523,7529,7537,7541,7547,7549,7559,7561,
- 7573,7577,7583,7589,7591,7603,7607,7621,
- 7639,7643,7649,7669,7673,7681,7687,7691,
- 7699,7703,7717,7723,7727,7741,7753,7757,
- 7759,7789,7793,7817,7823,7829,7841,7853,
- 7867,7873,7877,7879,7883,7901,7907,7919,
- 7927,7933,7937,7949,7951,7963,7993,8009,
- 8011,8017,8039,8053,8059,8069,8081,8087,
- 8089,8093,8101,8111,8117,8123,8147,8161,
- 8167,8171,8179,8191,8209,8219,8221,8231,
- 8233,8237,8243,8263,8269,8273,8287,8291,
- 8293,8297,8311,8317,8329,8353,8363,8369,
- 8377,8387,8389,8419,8423,8429,8431,8443,
- 8447,8461,8467,8501,8513,8521,8527,8537,
- 8539,8543,8563,8573,8581,8597,8599,8609,
- 8623,8627,8629,8641,8647,8663,8669,8677,
- 8681,8689,8693,8699,8707,8713,8719,8731,
- 8737,8741,8747,8753,8761,8779,8783,8803,
- 8807,8819,8821,8831,8837,8839,8849,8861,
- 8863,8867,8887,8893,8923,8929,8933,8941,
- 8951,8963,8969,8971,8999,9001,9007,9011,
- 9013,9029,9041,9043,9049,9059,9067,9091,
- 9103,9109,9127,9133,9137,9151,9157,9161,
- 9173,9181,9187,9199,9203,9209,9221,9227,
- 9239,9241,9257,9277,9281,9283,9293,9311,
- 9319,9323,9337,9341,9343,9349,9371,9377,
- 9391,9397,9403,9413,9419,9421,9431,9433,
- 9437,9439,9461,9463,9467,9473,9479,9491,
- 9497,9511,9521,9533,9539,9547,9551,9587,
- 9601,9613,9619,9623,9629,9631,9643,9649,
- 9661,9677,9679,9689,9697,9719,9721,9733,
- 9739,9743,9749,9767,9769,9781,9787,9791,
- 9803,9811,9817,9829,9833,9839,9851,9857,
- 9859,9871,9883,9887,9901,9907,9923,9929,
- 9931,9941,9949,9967,9973,10007,10009,10037,
- 10039,10061,10067,10069,10079,10091,10093,10099,
- 10103,10111,10133,10139,10141,10151,10159,10163,
- 10169,10177,10181,10193,10211,10223,10243,10247,
- 10253,10259,10267,10271,10273,10289,10301,10303,
- 10313,10321,10331,10333,10337,10343,10357,10369,
- 10391,10399,10427,10429,10433,10453,10457,10459,
- 10463,10477,10487,10499,10501,10513,10529,10531,
- 10559,10567,10589,10597,10601,10607,10613,10627,
- 10631,10639,10651,10657,10663,10667,10687,10691,
- 10709,10711,10723,10729,10733,10739,10753,10771,
- 10781,10789,10799,10831,10837,10847,10853,10859,
- 10861,10867,10883,10889,10891,10903,10909,10937,
- 10939,10949,10957,10973,10979,10987,10993,11003,
- 11027,11047,11057,11059,11069,11071,11083,11087,
- 11093,11113,11117,11119,11131,11149,11159,11161,
- 11171,11173,11177,11197,11213,11239,11243,11251,
- 11257,11261,11273,11279,11287,11299,11311,11317,
- 11321,11329,11351,11353,11369,11383,11393,11399,
- 11411,11423,11437,11443,11447,11467,11471,11483,
- 11489,11491,11497,11503,11519,11527,11549,11551,
- 11579,11587,11593,11597,11617,11621,11633,11657,
- 11677,11681,11689,11699,11701,11717,11719,11731,
- 11743,11777,11779,11783,11789,11801,11807,11813,
- 11821,11827,11831,11833,11839,11863,11867,11887,
- 11897,11903,11909,11923,11927,11933,11939,11941,
- 11953,11959,11969,11971,11981,11987,12007,12011,
- 12037,12041,12043,12049,12071,12073,12097,12101,
- 12107,12109,12113,12119,12143,12149,12157,12161,
- 12163,12197,12203,12211,12227,12239,12241,12251,
- 12253,12263,12269,12277,12281,12289,12301,12323,
- 12329,12343,12347,12373,12377,12379,12391,12401,
- 12409,12413,12421,12433,12437,12451,12457,12473,
- 12479,12487,12491,12497,12503,12511,12517,12527,
- 12539,12541,12547,12553,12569,12577,12583,12589,
- 12601,12611,12613,12619,12637,12641,12647,12653,
- 12659,12671,12689,12697,12703,12713,12721,12739,
- 12743,12757,12763,12781,12791,12799,12809,12821,
- 12823,12829,12841,12853,12889,12893,12899,12907,
- 12911,12917,12919,12923,12941,12953,12959,12967,
- 12973,12979,12983,13001,13003,13007,13009,13033,
- 13037,13043,13049,13063,13093,13099,13103,13109,
- 13121,13127,13147,13151,13159,13163,13171,13177,
- 13183,13187,13217,13219,13229,13241,13249,13259,
- 13267,13291,13297,13309,13313,13327,13331,13337,
- 13339,13367,13381,13397,13399,13411,13417,13421,
- 13441,13451,13457,13463,13469,13477,13487,13499,
- 13513,13523,13537,13553,13567,13577,13591,13597,
- 13613,13619,13627,13633,13649,13669,13679,13681,
- 13687,13691,13693,13697,13709,13711,13721,13723,
- 13729,13751,13757,13759,13763,13781,13789,13799,
- 13807,13829,13831,13841,13859,13873,13877,13879,
- 13883,13901,13903,13907,13913,13921,13931,13933,
- 13963,13967,13997,13999,14009,14011,14029,14033,
- 14051,14057,14071,14081,14083,14087,14107,14143,
- 14149,14153,14159,14173,14177,14197,14207,14221,
- 14243,14249,14251,14281,14293,14303,14321,14323,
- 14327,14341,14347,14369,14387,14389,14401,14407,
- 14411,14419,14423,14431,14437,14447,14449,14461,
- 14479,14489,14503,14519,14533,14537,14543,14549,
- 14551,14557,14561,14563,14591,14593,14621,14627,
- 14629,14633,14639,14653,14657,14669,14683,14699,
- 14713,14717,14723,14731,14737,14741,14747,14753,
- 14759,14767,14771,14779,14783,14797,14813,14821,
- 14827,14831,14843,14851,14867,14869,14879,14887,
- 14891,14897,14923,14929,14939,14947,14951,14957,
- 14969,14983,15013,15017,15031,15053,15061,15073,
- 15077,15083,15091,15101,15107,15121,15131,15137,
- 15139,15149,15161,15173,15187,15193,15199,15217,
- 15227,15233,15241,15259,15263,15269,15271,15277,
- 15287,15289,15299,15307,15313,15319,15329,15331,
- 15349,15359,15361,15373,15377,15383,15391,15401,
- 15413,15427,15439,15443,15451,15461,15467,15473,
- 15493,15497,15511,15527,15541,15551,15559,15569,
- 15581,15583,15601,15607,15619,15629,15641,15643,
- 15647,15649,15661,15667,15671,15679,15683,15727,
- 15731,15733,15737,15739,15749,15761,15767,15773,
- 15787,15791,15797,15803,15809,15817,15823,15859,
- 15877,15881,15887,15889,15901,15907,15913,15919,
- 15923,15937,15959,15971,15973,15991,16001,16007,
- 16033,16057,16061,16063,16067,16069,16073,16087,
- 16091,16097,16103,16111,16127,16139,16141,16183,
- 16187,16189,16193,16217,16223,16229,16231,16249,
- 16253,16267,16273,16301,16319,16333,16339,16349,
- 16361,16363,16369,16381,16411,16417,16421,16427,
- 16433,16447,16451,16453,16477,16481,16487,16493,
- 16519,16529,16547,16553,16561,16567,16573,16603,
- 16607,16619,16631,16633,16649,16651,16657,16661,
- 16673,16691,16693,16699,16703,16729,16741,16747,
- 16759,16763,16787,16811,16823,16829,16831,16843,
- 16871,16879,16883,16889,16901,16903,16921,16927,
- 16931,16937,16943,16963,16979,16981,16987,16993,
- 17011,17021,17027,17029,17033,17041,17047,17053,
- 17077,17093,17099,17107,17117,17123,17137,17159,
- 17167,17183,17189,17191,17203,17207,17209,17231,
- 17239,17257,17291,17293,17299,17317,17321,17327,
- 17333,17341,17351,17359,17377,17383,17387,17389,
- 17393,17401,17417,17419,17431,17443,17449,17467,
- 17471,17477,17483,17489,17491,17497,17509,17519,
- 17539,17551,17569,17573,17579,17581,17597,17599,
- 17609,17623,17627,17657,17659,17669,17681,17683,
- 17707,17713,17729,17737,17747,17749,17761,17783,
- 17789,17791,17807,17827,17837,17839,17851,17863,
-#endif
- };
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.h (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_prime.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_prime.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,326 @@
+/* Auto generated by bn_prime.pl */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef EIGHT_BIT
+# define NUMPRIMES 2048
+typedef unsigned short prime_t;
+#else
+# define NUMPRIMES 54
+typedef unsigned char prime_t;
+#endif
+static const prime_t primes[NUMPRIMES] = {
+ 2, 3, 5, 7, 11, 13, 17, 19,
+ 23, 29, 31, 37, 41, 43, 47, 53,
+ 59, 61, 67, 71, 73, 79, 83, 89,
+ 97, 101, 103, 107, 109, 113, 127, 131,
+ 137, 139, 149, 151, 157, 163, 167, 173,
+ 179, 181, 191, 193, 197, 199, 211, 223,
+ 227, 229, 233, 239, 241, 251,
+#ifndef EIGHT_BIT
+ 257, 263,
+ 269, 271, 277, 281, 283, 293, 307, 311,
+ 313, 317, 331, 337, 347, 349, 353, 359,
+ 367, 373, 379, 383, 389, 397, 401, 409,
+ 419, 421, 431, 433, 439, 443, 449, 457,
+ 461, 463, 467, 479, 487, 491, 499, 503,
+ 509, 521, 523, 541, 547, 557, 563, 569,
+ 571, 577, 587, 593, 599, 601, 607, 613,
+ 617, 619, 631, 641, 643, 647, 653, 659,
+ 661, 673, 677, 683, 691, 701, 709, 719,
+ 727, 733, 739, 743, 751, 757, 761, 769,
+ 773, 787, 797, 809, 811, 821, 823, 827,
+ 829, 839, 853, 857, 859, 863, 877, 881,
+ 883, 887, 907, 911, 919, 929, 937, 941,
+ 947, 953, 967, 971, 977, 983, 991, 997,
+ 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049,
+ 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097,
+ 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163,
+ 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223,
+ 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283,
+ 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321,
+ 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423,
+ 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459,
+ 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511,
+ 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571,
+ 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619,
+ 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693,
+ 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747,
+ 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811,
+ 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877,
+ 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949,
+ 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003,
+ 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069,
+ 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129,
+ 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203,
+ 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267,
+ 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311,
+ 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377,
+ 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423,
+ 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503,
+ 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579,
+ 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657,
+ 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693,
+ 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741,
+ 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801,
+ 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861,
+ 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939,
+ 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011,
+ 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079,
+ 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167,
+ 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221,
+ 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301,
+ 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347,
+ 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413,
+ 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491,
+ 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541,
+ 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607,
+ 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671,
+ 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727,
+ 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797,
+ 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863,
+ 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923,
+ 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003,
+ 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057,
+ 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129,
+ 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211,
+ 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259,
+ 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337,
+ 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409,
+ 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481,
+ 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547,
+ 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621,
+ 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673,
+ 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751,
+ 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813,
+ 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909,
+ 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967,
+ 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011,
+ 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087,
+ 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167,
+ 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233,
+ 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309,
+ 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399,
+ 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443,
+ 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507,
+ 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573,
+ 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653,
+ 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711,
+ 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791,
+ 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849,
+ 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897,
+ 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007,
+ 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073,
+ 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133,
+ 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211,
+ 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271,
+ 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329,
+ 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379,
+ 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473,
+ 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563,
+ 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637,
+ 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701,
+ 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779,
+ 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833,
+ 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907,
+ 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971,
+ 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027,
+ 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121,
+ 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207,
+ 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253,
+ 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349,
+ 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457,
+ 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517,
+ 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561,
+ 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621,
+ 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691,
+ 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757,
+ 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853,
+ 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919,
+ 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009,
+ 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087,
+ 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161,
+ 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231,
+ 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291,
+ 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369,
+ 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443,
+ 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537,
+ 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609,
+ 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677,
+ 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731,
+ 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803,
+ 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861,
+ 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941,
+ 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011,
+ 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091,
+ 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161,
+ 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227,
+ 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311,
+ 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377,
+ 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433,
+ 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491,
+ 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587,
+ 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649,
+ 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733,
+ 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791,
+ 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857,
+ 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929,
+ 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037,
+ 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099,
+ 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163,
+ 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247,
+ 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303,
+ 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369,
+ 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459,
+ 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531,
+ 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627,
+ 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691,
+ 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771,
+ 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859,
+ 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937,
+ 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003,
+ 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087,
+ 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161,
+ 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251,
+ 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317,
+ 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399,
+ 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483,
+ 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551,
+ 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657,
+ 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731,
+ 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813,
+ 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887,
+ 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941,
+ 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011,
+ 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101,
+ 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161,
+ 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251,
+ 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323,
+ 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401,
+ 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473,
+ 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527,
+ 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589,
+ 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653,
+ 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739,
+ 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821,
+ 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907,
+ 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967,
+ 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033,
+ 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109,
+ 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177,
+ 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259,
+ 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337,
+ 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421,
+ 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499,
+ 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597,
+ 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681,
+ 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723,
+ 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799,
+ 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879,
+ 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933,
+ 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033,
+ 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143,
+ 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221,
+ 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323,
+ 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407,
+ 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461,
+ 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549,
+ 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627,
+ 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699,
+ 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753,
+ 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821,
+ 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887,
+ 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957,
+ 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073,
+ 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137,
+ 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217,
+ 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277,
+ 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331,
+ 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401,
+ 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473,
+ 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569,
+ 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643,
+ 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727,
+ 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773,
+ 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859,
+ 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919,
+ 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007,
+ 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087,
+ 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183,
+ 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249,
+ 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349,
+ 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427,
+ 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493,
+ 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603,
+ 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661,
+ 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747,
+ 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843,
+ 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927,
+ 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993,
+ 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053,
+ 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159,
+ 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231,
+ 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327,
+ 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389,
+ 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467,
+ 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519,
+ 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599,
+ 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683,
+ 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783,
+ 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863,
+#endif
+};
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_print.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_print.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_print.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,338 +0,0 @@
-/* crypto/bn/bn_print.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include "bn_lcl.h"
-
-static const char Hex[]="0123456789ABCDEF";
-
-/* Must 'OPENSSL_free' the returned data */
-char *BN_bn2hex(const BIGNUM *a)
- {
- int i,j,v,z=0;
- char *buf;
- char *p;
-
- buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
- if (buf == NULL)
- {
- BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- p=buf;
- if (a->neg) *(p++)='-';
- if (BN_is_zero(a)) *(p++)='0';
- for (i=a->top-1; i >=0; i--)
- {
- for (j=BN_BITS2-8; j >= 0; j-=8)
- {
- /* strip leading zeros */
- v=((int)(a->d[i]>>(long)j))&0xff;
- if (z || (v != 0))
- {
- *(p++)=Hex[v>>4];
- *(p++)=Hex[v&0x0f];
- z=1;
- }
- }
- }
- *p='\0';
-err:
- return(buf);
- }
-
-/* Must 'OPENSSL_free' the returned data */
-char *BN_bn2dec(const BIGNUM *a)
- {
- int i=0,num, ok = 0;
- char *buf=NULL;
- char *p;
- BIGNUM *t=NULL;
- BN_ULONG *bn_data=NULL,*lp;
-
- /* get an upper bound for the length of the decimal integer
- * num <= (BN_num_bits(a) + 1) * log(2)
- * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
- * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
- */
- i=BN_num_bits(a)*3;
- num=(i/10+i/1000+1)+1;
- bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
- buf=(char *)OPENSSL_malloc(num+3);
- if ((buf == NULL) || (bn_data == NULL))
- {
- BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if ((t=BN_dup(a)) == NULL) goto err;
-
-#define BUF_REMAIN (num+3 - (size_t)(p - buf))
- p=buf;
- lp=bn_data;
- if (BN_is_zero(t))
- {
- *(p++)='0';
- *(p++)='\0';
- }
- else
- {
- if (BN_is_negative(t))
- *p++ = '-';
-
- i=0;
- while (!BN_is_zero(t))
- {
- *lp=BN_div_word(t,BN_DEC_CONV);
- lp++;
- }
- lp--;
- /* We now have a series of blocks, BN_DEC_NUM chars
- * in length, where the last one needs truncation.
- * The blocks need to be reversed in order. */
- BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
- while (*p) p++;
- while (lp != bn_data)
- {
- lp--;
- BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
- while (*p) p++;
- }
- }
- ok = 1;
-err:
- if (bn_data != NULL) OPENSSL_free(bn_data);
- if (t != NULL) BN_free(t);
- if (!ok && buf)
- {
- OPENSSL_free(buf);
- buf = NULL;
- }
-
- return(buf);
- }
-
-int BN_hex2bn(BIGNUM **bn, const char *a)
- {
- BIGNUM *ret=NULL;
- BN_ULONG l=0;
- int neg=0,h,m,i,j,k,c;
- int num;
-
- if ((a == NULL) || (*a == '\0')) return(0);
-
- if (*a == '-') { neg=1; a++; }
-
- for (i=0; isxdigit((unsigned char) a[i]); i++)
- ;
-
- num=i+neg;
- if (bn == NULL) return(num);
-
- /* a is the start of the hex digits, and it is 'i' long */
- if (*bn == NULL)
- {
- if ((ret=BN_new()) == NULL) return(0);
- }
- else
- {
- ret= *bn;
- BN_zero(ret);
- }
-
- /* i is the number of hex digests; */
- if (bn_expand(ret,i*4) == NULL) goto err;
-
- j=i; /* least significant 'hex' */
- m=0;
- h=0;
- while (j > 0)
- {
- m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;
- l=0;
- for (;;)
- {
- c=a[j-m];
- if ((c >= '0') && (c <= '9')) k=c-'0';
- else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;
- else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;
- else k=0; /* paranoia */
- l=(l<<4)|k;
-
- if (--m <= 0)
- {
- ret->d[h++]=l;
- break;
- }
- }
- j-=(BN_BYTES*2);
- }
- ret->top=h;
- bn_correct_top(ret);
- ret->neg=neg;
-
- *bn=ret;
- bn_check_top(ret);
- return(num);
-err:
- if (*bn == NULL) BN_free(ret);
- return(0);
- }
-
-int BN_dec2bn(BIGNUM **bn, const char *a)
- {
- BIGNUM *ret=NULL;
- BN_ULONG l=0;
- int neg=0,i,j;
- int num;
-
- if ((a == NULL) || (*a == '\0')) return(0);
- if (*a == '-') { neg=1; a++; }
-
- for (i=0; isdigit((unsigned char) a[i]); i++)
- ;
-
- num=i+neg;
- if (bn == NULL) return(num);
-
- /* a is the start of the digits, and it is 'i' long.
- * We chop it into BN_DEC_NUM digits at a time */
- if (*bn == NULL)
- {
- if ((ret=BN_new()) == NULL) return(0);
- }
- else
- {
- ret= *bn;
- BN_zero(ret);
- }
-
- /* i is the number of digests, a bit of an over expand; */
- if (bn_expand(ret,i*4) == NULL) goto err;
-
- j=BN_DEC_NUM-(i%BN_DEC_NUM);
- if (j == BN_DEC_NUM) j=0;
- l=0;
- while (*a)
- {
- l*=10;
- l+= *a-'0';
- a++;
- if (++j == BN_DEC_NUM)
- {
- BN_mul_word(ret,BN_DEC_CONV);
- BN_add_word(ret,l);
- l=0;
- j=0;
- }
- }
- ret->neg=neg;
-
- bn_correct_top(ret);
- *bn=ret;
- bn_check_top(ret);
- return(num);
-err:
- if (*bn == NULL) BN_free(ret);
- return(0);
- }
-
-#ifndef OPENSSL_NO_BIO
-#ifndef OPENSSL_NO_FP_API
-int BN_print_fp(FILE *fp, const BIGNUM *a)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- return(0);
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=BN_print(b,a);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int BN_print(BIO *bp, const BIGNUM *a)
- {
- int i,j,v,z=0;
- int ret=0;
-
- if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
- if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end;
- for (i=a->top-1; i >=0; i--)
- {
- for (j=BN_BITS2-4; j >= 0; j-=4)
- {
- /* strip leading zeros */
- v=((int)(a->d[i]>>(long)j))&0x0f;
- if (z || (v != 0))
- {
- if (BIO_write(bp,&(Hex[v]),1) != 1)
- goto end;
- z=1;
- }
- }
- }
- ret=1;
-end:
- return(ret);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_print.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_print.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_print.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_print.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,347 @@
+/* crypto/bn/bn_print.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include "bn_lcl.h"
+
+static const char Hex[] = "0123456789ABCDEF";
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2hex(const BIGNUM *a)
+{
+ int i, j, v, z = 0;
+ char *buf;
+ char *p;
+
+ buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+ if (buf == NULL) {
+ BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ p = buf;
+ if (a->neg)
+ *(p++) = '-';
+ if (BN_is_zero(a))
+ *(p++) = '0';
+ for (i = a->top - 1; i >= 0; i--) {
+ for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
+ /* strip leading zeros */
+ v = ((int)(a->d[i] >> (long)j)) & 0xff;
+ if (z || (v != 0)) {
+ *(p++) = Hex[v >> 4];
+ *(p++) = Hex[v & 0x0f];
+ z = 1;
+ }
+ }
+ }
+ *p = '\0';
+ err:
+ return (buf);
+}
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2dec(const BIGNUM *a)
+{
+ int i = 0, num, ok = 0;
+ char *buf = NULL;
+ char *p;
+ BIGNUM *t = NULL;
+ BN_ULONG *bn_data = NULL, *lp;
+
+ /*-
+ * get an upper bound for the length of the decimal integer
+ * num <= (BN_num_bits(a) + 1) * log(2)
+ * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error)
+ * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
+ */
+ i = BN_num_bits(a) * 3;
+ num = (i / 10 + i / 1000 + 1) + 1;
+ bn_data =
+ (BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
+ buf = (char *)OPENSSL_malloc(num + 3);
+ if ((buf == NULL) || (bn_data == NULL)) {
+ BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if ((t = BN_dup(a)) == NULL)
+ goto err;
+
+#define BUF_REMAIN (num+3 - (size_t)(p - buf))
+ p = buf;
+ lp = bn_data;
+ if (BN_is_zero(t)) {
+ *(p++) = '0';
+ *(p++) = '\0';
+ } else {
+ if (BN_is_negative(t))
+ *p++ = '-';
+
+ i = 0;
+ while (!BN_is_zero(t)) {
+ *lp = BN_div_word(t, BN_DEC_CONV);
+ lp++;
+ }
+ lp--;
+ /*
+ * We now have a series of blocks, BN_DEC_NUM chars in length, where
+ * the last one needs truncation. The blocks need to be reversed in
+ * order.
+ */
+ BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);
+ while (*p)
+ p++;
+ while (lp != bn_data) {
+ lp--;
+ BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp);
+ while (*p)
+ p++;
+ }
+ }
+ ok = 1;
+ err:
+ if (bn_data != NULL)
+ OPENSSL_free(bn_data);
+ if (t != NULL)
+ BN_free(t);
+ if (!ok && buf) {
+ OPENSSL_free(buf);
+ buf = NULL;
+ }
+
+ return (buf);
+}
+
+int BN_hex2bn(BIGNUM **bn, const char *a)
+{
+ BIGNUM *ret = NULL;
+ BN_ULONG l = 0;
+ int neg = 0, h, m, i, j, k, c;
+ int num;
+
+ if ((a == NULL) || (*a == '\0'))
+ return (0);
+
+ if (*a == '-') {
+ neg = 1;
+ a++;
+ }
+
+ for (i = 0; isxdigit((unsigned char)a[i]); i++) ;
+
+ num = i + neg;
+ if (bn == NULL)
+ return (num);
+
+ /* a is the start of the hex digits, and it is 'i' long */
+ if (*bn == NULL) {
+ if ((ret = BN_new()) == NULL)
+ return (0);
+ } else {
+ ret = *bn;
+ BN_zero(ret);
+ }
+
+ /* i is the number of hex digests; */
+ if (bn_expand(ret, i * 4) == NULL)
+ goto err;
+
+ j = i; /* least significant 'hex' */
+ m = 0;
+ h = 0;
+ while (j > 0) {
+ m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j;
+ l = 0;
+ for (;;) {
+ c = a[j - m];
+ if ((c >= '0') && (c <= '9'))
+ k = c - '0';
+ else if ((c >= 'a') && (c <= 'f'))
+ k = c - 'a' + 10;
+ else if ((c >= 'A') && (c <= 'F'))
+ k = c - 'A' + 10;
+ else
+ k = 0; /* paranoia */
+ l = (l << 4) | k;
+
+ if (--m <= 0) {
+ ret->d[h++] = l;
+ break;
+ }
+ }
+ j -= (BN_BYTES * 2);
+ }
+ ret->top = h;
+ bn_correct_top(ret);
+ ret->neg = neg;
+
+ *bn = ret;
+ bn_check_top(ret);
+ return (num);
+ err:
+ if (*bn == NULL)
+ BN_free(ret);
+ return (0);
+}
+
+int BN_dec2bn(BIGNUM **bn, const char *a)
+{
+ BIGNUM *ret = NULL;
+ BN_ULONG l = 0;
+ int neg = 0, i, j;
+ int num;
+
+ if ((a == NULL) || (*a == '\0'))
+ return (0);
+ if (*a == '-') {
+ neg = 1;
+ a++;
+ }
+
+ for (i = 0; isdigit((unsigned char)a[i]); i++) ;
+
+ num = i + neg;
+ if (bn == NULL)
+ return (num);
+
+ /*
+ * a is the start of the digits, and it is 'i' long. We chop it into
+ * BN_DEC_NUM digits at a time
+ */
+ if (*bn == NULL) {
+ if ((ret = BN_new()) == NULL)
+ return (0);
+ } else {
+ ret = *bn;
+ BN_zero(ret);
+ }
+
+ /* i is the number of digests, a bit of an over expand; */
+ if (bn_expand(ret, i * 4) == NULL)
+ goto err;
+
+ j = BN_DEC_NUM - (i % BN_DEC_NUM);
+ if (j == BN_DEC_NUM)
+ j = 0;
+ l = 0;
+ while (*a) {
+ l *= 10;
+ l += *a - '0';
+ a++;
+ if (++j == BN_DEC_NUM) {
+ BN_mul_word(ret, BN_DEC_CONV);
+ BN_add_word(ret, l);
+ l = 0;
+ j = 0;
+ }
+ }
+ ret->neg = neg;
+
+ bn_correct_top(ret);
+ *bn = ret;
+ bn_check_top(ret);
+ return (num);
+ err:
+ if (*bn == NULL)
+ BN_free(ret);
+ return (0);
+}
+
+#ifndef OPENSSL_NO_BIO
+# ifndef OPENSSL_NO_FP_API
+int BN_print_fp(FILE *fp, const BIGNUM *a)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL)
+ return (0);
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = BN_print(b, a);
+ BIO_free(b);
+ return (ret);
+}
+# endif
+
+int BN_print(BIO *bp, const BIGNUM *a)
+{
+ int i, j, v, z = 0;
+ int ret = 0;
+
+ if ((a->neg) && (BIO_write(bp, "-", 1) != 1))
+ goto end;
+ if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1))
+ goto end;
+ for (i = a->top - 1; i >= 0; i--) {
+ for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
+ /* strip leading zeros */
+ v = ((int)(a->d[i] >> (long)j)) & 0x0f;
+ if (z || (v != 0)) {
+ if (BIO_write(bp, &(Hex[v]), 1) != 1)
+ goto end;
+ z = 1;
+ }
+ }
+ }
+ ret = 1;
+ end:
+ return (ret);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_rand.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_rand.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_rand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,305 +0,0 @@
-/* crypto/bn/bn_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-#include <openssl/rand.h>
-
-static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
- {
- unsigned char *buf=NULL;
- int ret=0,bit,bytes,mask;
- time_t tim;
-
- if (bits == 0)
- {
- BN_zero(rnd);
- return 1;
- }
-
- bytes=(bits+7)/8;
- bit=(bits-1)%8;
- mask=0xff<<(bit+1);
-
- buf=(unsigned char *)OPENSSL_malloc(bytes);
- if (buf == NULL)
- {
- BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* make a random number and set the top and bottom bits */
- time(&tim);
- RAND_add(&tim,sizeof(tim),0.0);
-
- if (pseudorand)
- {
- if (RAND_pseudo_bytes(buf, bytes) == -1)
- goto err;
- }
- else
- {
- if (RAND_bytes(buf, bytes) <= 0)
- goto err;
- }
-
-#if 1
- if (pseudorand == 2)
- {
- /* generate patterns that are more likely to trigger BN
- library bugs */
- int i;
- unsigned char c;
-
- for (i = 0; i < bytes; i++)
- {
- RAND_pseudo_bytes(&c, 1);
- if (c >= 128 && i > 0)
- buf[i] = buf[i-1];
- else if (c < 42)
- buf[i] = 0;
- else if (c < 84)
- buf[i] = 255;
- }
- }
-#endif
-
- if (top != -1)
- {
- if (top)
- {
- if (bit == 0)
- {
- buf[0]=1;
- buf[1]|=0x80;
- }
- else
- {
- buf[0]|=(3<<(bit-1));
- }
- }
- else
- {
- buf[0]|=(1<<bit);
- }
- }
- buf[0] &= ~mask;
- if (bottom) /* set bottom bit if requested */
- buf[bytes-1]|=1;
- if (!BN_bin2bn(buf,bytes,rnd)) goto err;
- ret=1;
-err:
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,bytes);
- OPENSSL_free(buf);
- }
- bn_check_top(rnd);
- return(ret);
- }
-
-int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
- {
- return bnrand(0, rnd, bits, top, bottom);
- }
-
-int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
- {
- return bnrand(1, rnd, bits, top, bottom);
- }
-
-#if 1
-int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
- {
- return bnrand(2, rnd, bits, top, bottom);
- }
-#endif
-
-
-/* random number r: 0 <= r < range */
-static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
- {
- int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
- int n;
- int count = 100;
-
- if (range->neg || BN_is_zero(range))
- {
- BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
- return 0;
- }
-
- n = BN_num_bits(range); /* n > 0 */
-
- /* BN_is_bit_set(range, n - 1) always holds */
-
- if (n == 1)
- BN_zero(r);
- else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
- {
- /* range = 100..._2,
- * so 3*range (= 11..._2) is exactly one bit longer than range */
- do
- {
- if (!bn_rand(r, n + 1, -1, 0)) return 0;
- /* If r < 3*range, use r := r MOD range
- * (which is either r, r - range, or r - 2*range).
- * Otherwise, iterate once more.
- * Since 3*range = 11..._2, each iteration succeeds with
- * probability >= .75. */
- if (BN_cmp(r ,range) >= 0)
- {
- if (!BN_sub(r, r, range)) return 0;
- if (BN_cmp(r, range) >= 0)
- if (!BN_sub(r, r, range)) return 0;
- }
-
- if (!--count)
- {
- BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
- return 0;
- }
-
- }
- while (BN_cmp(r, range) >= 0);
- }
- else
- {
- do
- {
- /* range = 11..._2 or range = 101..._2 */
- if (!bn_rand(r, n, -1, 0)) return 0;
-
- if (!--count)
- {
- BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
- return 0;
- }
- }
- while (BN_cmp(r, range) >= 0);
- }
-
- bn_check_top(r);
- return 1;
- }
-
-
-int BN_rand_range(BIGNUM *r, const BIGNUM *range)
- {
- return bn_rand_range(0, r, range);
- }
-
-int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
- {
- return bn_rand_range(1, r, range);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_rand.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_rand.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_rand.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_rand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,289 @@
+/* crypto/bn/bn_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+#include <openssl/rand.h>
+
+static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
+{
+ unsigned char *buf = NULL;
+ int ret = 0, bit, bytes, mask;
+ time_t tim;
+
+ if (bits == 0) {
+ BN_zero(rnd);
+ return 1;
+ }
+
+ bytes = (bits + 7) / 8;
+ bit = (bits - 1) % 8;
+ mask = 0xff << (bit + 1);
+
+ buf = (unsigned char *)OPENSSL_malloc(bytes);
+ if (buf == NULL) {
+ BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* make a random number and set the top and bottom bits */
+ time(&tim);
+ RAND_add(&tim, sizeof(tim), 0.0);
+
+ if (pseudorand) {
+ if (RAND_pseudo_bytes(buf, bytes) == -1)
+ goto err;
+ } else {
+ if (RAND_bytes(buf, bytes) <= 0)
+ goto err;
+ }
+
+#if 1
+ if (pseudorand == 2) {
+ /*
+ * generate patterns that are more likely to trigger BN library bugs
+ */
+ int i;
+ unsigned char c;
+
+ for (i = 0; i < bytes; i++) {
+ RAND_pseudo_bytes(&c, 1);
+ if (c >= 128 && i > 0)
+ buf[i] = buf[i - 1];
+ else if (c < 42)
+ buf[i] = 0;
+ else if (c < 84)
+ buf[i] = 255;
+ }
+ }
+#endif
+
+ if (top != -1) {
+ if (top) {
+ if (bit == 0) {
+ buf[0] = 1;
+ buf[1] |= 0x80;
+ } else {
+ buf[0] |= (3 << (bit - 1));
+ }
+ } else {
+ buf[0] |= (1 << bit);
+ }
+ }
+ buf[0] &= ~mask;
+ if (bottom) /* set bottom bit if requested */
+ buf[bytes - 1] |= 1;
+ if (!BN_bin2bn(buf, bytes, rnd))
+ goto err;
+ ret = 1;
+ err:
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, bytes);
+ OPENSSL_free(buf);
+ }
+ bn_check_top(rnd);
+ return (ret);
+}
+
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+ return bnrand(0, rnd, bits, top, bottom);
+}
+
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+ return bnrand(1, rnd, bits, top, bottom);
+}
+
+#if 1
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+ return bnrand(2, rnd, bits, top, bottom);
+}
+#endif
+
+/* random number r: 0 <= r < range */
+static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
+{
+ int (*bn_rand) (BIGNUM *, int, int, int) =
+ pseudo ? BN_pseudo_rand : BN_rand;
+ int n;
+ int count = 100;
+
+ if (range->neg || BN_is_zero(range)) {
+ BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+ return 0;
+ }
+
+ n = BN_num_bits(range); /* n > 0 */
+
+ /* BN_is_bit_set(range, n - 1) always holds */
+
+ if (n == 1)
+ BN_zero(r);
+ else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
+ /*
+ * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer
+ * than range
+ */
+ do {
+ if (!bn_rand(r, n + 1, -1, 0))
+ return 0;
+ /*
+ * If r < 3*range, use r := r MOD range (which is either r, r -
+ * range, or r - 2*range). Otherwise, iterate once more. Since
+ * 3*range = 11..._2, each iteration succeeds with probability >=
+ * .75.
+ */
+ if (BN_cmp(r, range) >= 0) {
+ if (!BN_sub(r, r, range))
+ return 0;
+ if (BN_cmp(r, range) >= 0)
+ if (!BN_sub(r, r, range))
+ return 0;
+ }
+
+ if (!--count) {
+ BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+ return 0;
+ }
+
+ }
+ while (BN_cmp(r, range) >= 0);
+ } else {
+ do {
+ /* range = 11..._2 or range = 101..._2 */
+ if (!bn_rand(r, n, -1, 0))
+ return 0;
+
+ if (!--count) {
+ BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+ return 0;
+ }
+ }
+ while (BN_cmp(r, range) >= 0);
+ }
+
+ bn_check_top(r);
+ return 1;
+}
+
+int BN_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+ return bn_rand_range(0, r, range);
+}
+
+int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+ return bn_rand_range(1, r, range);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_recp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_recp.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_recp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,234 +0,0 @@
-/* crypto/bn/bn_recp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-void BN_RECP_CTX_init(BN_RECP_CTX *recp)
- {
- BN_init(&(recp->N));
- BN_init(&(recp->Nr));
- recp->num_bits=0;
- recp->flags=0;
- }
-
-BN_RECP_CTX *BN_RECP_CTX_new(void)
- {
- BN_RECP_CTX *ret;
-
- if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
- return(NULL);
-
- BN_RECP_CTX_init(ret);
- ret->flags=BN_FLG_MALLOCED;
- return(ret);
- }
-
-void BN_RECP_CTX_free(BN_RECP_CTX *recp)
- {
- if(recp == NULL)
- return;
-
- BN_free(&(recp->N));
- BN_free(&(recp->Nr));
- if (recp->flags & BN_FLG_MALLOCED)
- OPENSSL_free(recp);
- }
-
-int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
- {
- if (!BN_copy(&(recp->N),d)) return 0;
- BN_zero(&(recp->Nr));
- recp->num_bits=BN_num_bits(d);
- recp->shift=0;
- return(1);
- }
-
-int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
- BN_RECP_CTX *recp, BN_CTX *ctx)
- {
- int ret=0;
- BIGNUM *a;
- const BIGNUM *ca;
-
- BN_CTX_start(ctx);
- if ((a = BN_CTX_get(ctx)) == NULL) goto err;
- if (y != NULL)
- {
- if (x == y)
- { if (!BN_sqr(a,x,ctx)) goto err; }
- else
- { if (!BN_mul(a,x,y,ctx)) goto err; }
- ca = a;
- }
- else
- ca=x; /* Just do the mod */
-
- ret = BN_div_recp(NULL,r,ca,recp,ctx);
-err:
- BN_CTX_end(ctx);
- bn_check_top(r);
- return(ret);
- }
-
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
- BN_RECP_CTX *recp, BN_CTX *ctx)
- {
- int i,j,ret=0;
- BIGNUM *a,*b,*d,*r;
-
- BN_CTX_start(ctx);
- a=BN_CTX_get(ctx);
- b=BN_CTX_get(ctx);
- if (dv != NULL)
- d=dv;
- else
- d=BN_CTX_get(ctx);
- if (rem != NULL)
- r=rem;
- else
- r=BN_CTX_get(ctx);
- if (a == NULL || b == NULL || d == NULL || r == NULL) goto err;
-
- if (BN_ucmp(m,&(recp->N)) < 0)
- {
- BN_zero(d);
- if (!BN_copy(r,m)) return 0;
- BN_CTX_end(ctx);
- return(1);
- }
-
- /* We want the remainder
- * Given input of ABCDEF / ab
- * we need multiply ABCDEF by 3 digests of the reciprocal of ab
- *
- */
-
- /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
- i=BN_num_bits(m);
- j=recp->num_bits<<1;
- if (j>i) i=j;
-
- /* Nr := round(2^i / N) */
- if (i != recp->shift)
- recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
- i,ctx); /* BN_reciprocal returns i, or -1 for an error */
- if (recp->shift == -1) goto err;
-
- /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
- * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
- * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
- * = |m/N|
- */
- if (!BN_rshift(a,m,recp->num_bits)) goto err;
- if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
- if (!BN_rshift(d,b,i-recp->num_bits)) goto err;
- d->neg=0;
-
- if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
- if (!BN_usub(r,m,b)) goto err;
- r->neg=0;
-
-#if 1
- j=0;
- while (BN_ucmp(r,&(recp->N)) >= 0)
- {
- if (j++ > 2)
- {
- BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL);
- goto err;
- }
- if (!BN_usub(r,r,&(recp->N))) goto err;
- if (!BN_add_word(d,1)) goto err;
- }
-#endif
-
- r->neg=BN_is_zero(r)?0:m->neg;
- d->neg=m->neg^recp->N.neg;
- ret=1;
-err:
- BN_CTX_end(ctx);
- bn_check_top(dv);
- bn_check_top(rem);
- return(ret);
- }
-
-/* len is the expected size of the result
- * We actually calculate with an extra word of precision, so
- * we can do faster division if the remainder is not required.
- */
-/* r := 2^len / m */
-int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
- {
- int ret= -1;
- BIGNUM *t;
-
- BN_CTX_start(ctx);
- if((t = BN_CTX_get(ctx)) == NULL) goto err;
-
- if (!BN_set_bit(t,len)) goto err;
-
- if (!BN_div(r,NULL,t,m,ctx)) goto err;
-
- ret=len;
-err:
- bn_check_top(r);
- BN_CTX_end(ctx);
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_recp.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_recp.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_recp.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_recp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,249 @@
+/* crypto/bn/bn_recp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp)
+{
+ BN_init(&(recp->N));
+ BN_init(&(recp->Nr));
+ recp->num_bits = 0;
+ recp->flags = 0;
+}
+
+BN_RECP_CTX *BN_RECP_CTX_new(void)
+{
+ BN_RECP_CTX *ret;
+
+ if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
+ return (NULL);
+
+ BN_RECP_CTX_init(ret);
+ ret->flags = BN_FLG_MALLOCED;
+ return (ret);
+}
+
+void BN_RECP_CTX_free(BN_RECP_CTX *recp)
+{
+ if (recp == NULL)
+ return;
+
+ BN_free(&(recp->N));
+ BN_free(&(recp->Nr));
+ if (recp->flags & BN_FLG_MALLOCED)
+ OPENSSL_free(recp);
+}
+
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
+{
+ if (!BN_copy(&(recp->N), d))
+ return 0;
+ BN_zero(&(recp->Nr));
+ recp->num_bits = BN_num_bits(d);
+ recp->shift = 0;
+ return (1);
+}
+
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+ BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+ int ret = 0;
+ BIGNUM *a;
+ const BIGNUM *ca;
+
+ BN_CTX_start(ctx);
+ if ((a = BN_CTX_get(ctx)) == NULL)
+ goto err;
+ if (y != NULL) {
+ if (x == y) {
+ if (!BN_sqr(a, x, ctx))
+ goto err;
+ } else {
+ if (!BN_mul(a, x, y, ctx))
+ goto err;
+ }
+ ca = a;
+ } else
+ ca = x; /* Just do the mod */
+
+ ret = BN_div_recp(NULL, r, ca, recp, ctx);
+ err:
+ BN_CTX_end(ctx);
+ bn_check_top(r);
+ return (ret);
+}
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+ BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+ int i, j, ret = 0;
+ BIGNUM *a, *b, *d, *r;
+
+ BN_CTX_start(ctx);
+ a = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
+ if (dv != NULL)
+ d = dv;
+ else
+ d = BN_CTX_get(ctx);
+ if (rem != NULL)
+ r = rem;
+ else
+ r = BN_CTX_get(ctx);
+ if (a == NULL || b == NULL || d == NULL || r == NULL)
+ goto err;
+
+ if (BN_ucmp(m, &(recp->N)) < 0) {
+ BN_zero(d);
+ if (!BN_copy(r, m))
+ return 0;
+ BN_CTX_end(ctx);
+ return (1);
+ }
+
+ /*
+ * We want the remainder Given input of ABCDEF / ab we need multiply
+ * ABCDEF by 3 digests of the reciprocal of ab
+ */
+
+ /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
+ i = BN_num_bits(m);
+ j = recp->num_bits << 1;
+ if (j > i)
+ i = j;
+
+ /* Nr := round(2^i / N) */
+ if (i != recp->shift)
+ recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx);
+ /* BN_reciprocal could have returned -1 for an error */
+ if (recp->shift == -1)
+ goto err;
+
+ /*-
+ * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
+ * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
+ * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
+ * = |m/N|
+ */
+ if (!BN_rshift(a, m, recp->num_bits))
+ goto err;
+ if (!BN_mul(b, a, &(recp->Nr), ctx))
+ goto err;
+ if (!BN_rshift(d, b, i - recp->num_bits))
+ goto err;
+ d->neg = 0;
+
+ if (!BN_mul(b, &(recp->N), d, ctx))
+ goto err;
+ if (!BN_usub(r, m, b))
+ goto err;
+ r->neg = 0;
+
+#if 1
+ j = 0;
+ while (BN_ucmp(r, &(recp->N)) >= 0) {
+ if (j++ > 2) {
+ BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
+ goto err;
+ }
+ if (!BN_usub(r, r, &(recp->N)))
+ goto err;
+ if (!BN_add_word(d, 1))
+ goto err;
+ }
+#endif
+
+ r->neg = BN_is_zero(r) ? 0 : m->neg;
+ d->neg = m->neg ^ recp->N.neg;
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ bn_check_top(dv);
+ bn_check_top(rem);
+ return (ret);
+}
+
+/*
+ * len is the expected size of the result We actually calculate with an extra
+ * word of precision, so we can do faster division if the remainder is not
+ * required.
+ */
+/* r := 2^len / m */
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
+{
+ int ret = -1;
+ BIGNUM *t;
+
+ BN_CTX_start(ctx);
+ if ((t = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
+ if (!BN_set_bit(t, len))
+ goto err;
+
+ if (!BN_div(r, NULL, t, m, ctx))
+ goto err;
+
+ ret = len;
+ err:
+ bn_check_top(r);
+ BN_CTX_end(ctx);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_shift.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_shift.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_shift.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,220 +0,0 @@
-/* crypto/bn/bn_shift.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-int BN_lshift1(BIGNUM *r, const BIGNUM *a)
- {
- register BN_ULONG *ap,*rp,t,c;
- int i;
-
- bn_check_top(r);
- bn_check_top(a);
-
- if (r != a)
- {
- r->neg=a->neg;
- if (bn_wexpand(r,a->top+1) == NULL) return(0);
- r->top=a->top;
- }
- else
- {
- if (bn_wexpand(r,a->top+1) == NULL) return(0);
- }
- ap=a->d;
- rp=r->d;
- c=0;
- for (i=0; i<a->top; i++)
- {
- t= *(ap++);
- *(rp++)=((t<<1)|c)&BN_MASK2;
- c=(t & BN_TBIT)?1:0;
- }
- if (c)
- {
- *rp=1;
- r->top++;
- }
- bn_check_top(r);
- return(1);
- }
-
-int BN_rshift1(BIGNUM *r, const BIGNUM *a)
- {
- BN_ULONG *ap,*rp,t,c;
- int i;
-
- bn_check_top(r);
- bn_check_top(a);
-
- if (BN_is_zero(a))
- {
- BN_zero(r);
- return(1);
- }
- if (a != r)
- {
- if (bn_wexpand(r,a->top) == NULL) return(0);
- r->top=a->top;
- r->neg=a->neg;
- }
- ap=a->d;
- rp=r->d;
- c=0;
- for (i=a->top-1; i>=0; i--)
- {
- t=ap[i];
- rp[i]=((t>>1)&BN_MASK2)|c;
- c=(t&1)?BN_TBIT:0;
- }
- bn_correct_top(r);
- bn_check_top(r);
- return(1);
- }
-
-int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
- {
- int i,nw,lb,rb;
- BN_ULONG *t,*f;
- BN_ULONG l;
-
- bn_check_top(r);
- bn_check_top(a);
-
- r->neg=a->neg;
- nw=n/BN_BITS2;
- if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);
- lb=n%BN_BITS2;
- rb=BN_BITS2-lb;
- f=a->d;
- t=r->d;
- t[a->top+nw]=0;
- if (lb == 0)
- for (i=a->top-1; i>=0; i--)
- t[nw+i]=f[i];
- else
- for (i=a->top-1; i>=0; i--)
- {
- l=f[i];
- t[nw+i+1]|=(l>>rb)&BN_MASK2;
- t[nw+i]=(l<<lb)&BN_MASK2;
- }
- memset(t,0,nw*sizeof(t[0]));
-/* for (i=0; i<nw; i++)
- t[i]=0;*/
- r->top=a->top+nw+1;
- bn_correct_top(r);
- bn_check_top(r);
- return(1);
- }
-
-int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
- {
- int i,j,nw,lb,rb;
- BN_ULONG *t,*f;
- BN_ULONG l,tmp;
-
- bn_check_top(r);
- bn_check_top(a);
-
- nw=n/BN_BITS2;
- rb=n%BN_BITS2;
- lb=BN_BITS2-rb;
- if (nw >= a->top || a->top == 0)
- {
- BN_zero(r);
- return(1);
- }
- if (r != a)
- {
- r->neg=a->neg;
- if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
- }
- else
- {
- if (n == 0)
- return 1; /* or the copying loop will go berserk */
- }
-
- f= &(a->d[nw]);
- t=r->d;
- j=a->top-nw;
- r->top=j;
-
- if (rb == 0)
- {
- for (i=j; i != 0; i--)
- *(t++)= *(f++);
- }
- else
- {
- l= *(f++);
- for (i=j-1; i != 0; i--)
- {
- tmp =(l>>rb)&BN_MASK2;
- l= *(f++);
- *(t++) =(tmp|(l<<lb))&BN_MASK2;
- }
- *(t++) =(l>>rb)&BN_MASK2;
- }
- bn_correct_top(r);
- bn_check_top(r);
- return(1);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_shift.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_shift.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_shift.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_shift.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,209 @@
+/* crypto/bn/bn_shift.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+int BN_lshift1(BIGNUM *r, const BIGNUM *a)
+{
+ register BN_ULONG *ap, *rp, t, c;
+ int i;
+
+ bn_check_top(r);
+ bn_check_top(a);
+
+ if (r != a) {
+ r->neg = a->neg;
+ if (bn_wexpand(r, a->top + 1) == NULL)
+ return (0);
+ r->top = a->top;
+ } else {
+ if (bn_wexpand(r, a->top + 1) == NULL)
+ return (0);
+ }
+ ap = a->d;
+ rp = r->d;
+ c = 0;
+ for (i = 0; i < a->top; i++) {
+ t = *(ap++);
+ *(rp++) = ((t << 1) | c) & BN_MASK2;
+ c = (t & BN_TBIT) ? 1 : 0;
+ }
+ if (c) {
+ *rp = 1;
+ r->top++;
+ }
+ bn_check_top(r);
+ return (1);
+}
+
+int BN_rshift1(BIGNUM *r, const BIGNUM *a)
+{
+ BN_ULONG *ap, *rp, t, c;
+ int i;
+
+ bn_check_top(r);
+ bn_check_top(a);
+
+ if (BN_is_zero(a)) {
+ BN_zero(r);
+ return (1);
+ }
+ if (a != r) {
+ if (bn_wexpand(r, a->top) == NULL)
+ return (0);
+ r->top = a->top;
+ r->neg = a->neg;
+ }
+ ap = a->d;
+ rp = r->d;
+ c = 0;
+ for (i = a->top - 1; i >= 0; i--) {
+ t = ap[i];
+ rp[i] = ((t >> 1) & BN_MASK2) | c;
+ c = (t & 1) ? BN_TBIT : 0;
+ }
+ bn_correct_top(r);
+ bn_check_top(r);
+ return (1);
+}
+
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
+{
+ int i, nw, lb, rb;
+ BN_ULONG *t, *f;
+ BN_ULONG l;
+
+ bn_check_top(r);
+ bn_check_top(a);
+
+ r->neg = a->neg;
+ nw = n / BN_BITS2;
+ if (bn_wexpand(r, a->top + nw + 1) == NULL)
+ return (0);
+ lb = n % BN_BITS2;
+ rb = BN_BITS2 - lb;
+ f = a->d;
+ t = r->d;
+ t[a->top + nw] = 0;
+ if (lb == 0)
+ for (i = a->top - 1; i >= 0; i--)
+ t[nw + i] = f[i];
+ else
+ for (i = a->top - 1; i >= 0; i--) {
+ l = f[i];
+ t[nw + i + 1] |= (l >> rb) & BN_MASK2;
+ t[nw + i] = (l << lb) & BN_MASK2;
+ }
+ memset(t, 0, nw * sizeof(t[0]));
+ /*
+ * for (i=0; i<nw; i++) t[i]=0;
+ */
+ r->top = a->top + nw + 1;
+ bn_correct_top(r);
+ bn_check_top(r);
+ return (1);
+}
+
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
+{
+ int i, j, nw, lb, rb;
+ BN_ULONG *t, *f;
+ BN_ULONG l, tmp;
+
+ bn_check_top(r);
+ bn_check_top(a);
+
+ nw = n / BN_BITS2;
+ rb = n % BN_BITS2;
+ lb = BN_BITS2 - rb;
+ if (nw >= a->top || a->top == 0) {
+ BN_zero(r);
+ return (1);
+ }
+ if (r != a) {
+ r->neg = a->neg;
+ if (bn_wexpand(r, a->top - nw + 1) == NULL)
+ return (0);
+ } else {
+ if (n == 0)
+ return 1; /* or the copying loop will go berserk */
+ }
+
+ f = &(a->d[nw]);
+ t = r->d;
+ j = a->top - nw;
+ r->top = j;
+
+ if (rb == 0) {
+ for (i = j; i != 0; i--)
+ *(t++) = *(f++);
+ } else {
+ l = *(f++);
+ for (i = j - 1; i != 0; i--) {
+ tmp = (l >> rb) & BN_MASK2;
+ l = *(f++);
+ *(t++) = (tmp | (l << lb)) & BN_MASK2;
+ }
+ *(t++) = (l >> rb) & BN_MASK2;
+ }
+ bn_correct_top(r);
+ bn_check_top(r);
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,295 +0,0 @@
-/* crypto/bn/bn_sqr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-/* r must not be a */
-/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
-int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
- {
- int max,al;
- int ret = 0;
- BIGNUM *tmp,*rr;
-
-#ifdef BN_COUNT
- fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top);
-#endif
- bn_check_top(a);
-
- al=a->top;
- if (al <= 0)
- {
- r->top=0;
- r->neg = 0;
- return 1;
- }
-
- BN_CTX_start(ctx);
- rr=(a != r) ? r : BN_CTX_get(ctx);
- tmp=BN_CTX_get(ctx);
- if (!rr || !tmp) goto err;
-
- max = 2 * al; /* Non-zero (from above) */
- if (bn_wexpand(rr,max) == NULL) goto err;
-
- if (al == 4)
- {
-#ifndef BN_SQR_COMBA
- BN_ULONG t[8];
- bn_sqr_normal(rr->d,a->d,4,t);
-#else
- bn_sqr_comba4(rr->d,a->d);
-#endif
- }
- else if (al == 8)
- {
-#ifndef BN_SQR_COMBA
- BN_ULONG t[16];
- bn_sqr_normal(rr->d,a->d,8,t);
-#else
- bn_sqr_comba8(rr->d,a->d);
-#endif
- }
- else
- {
-#if defined(BN_RECURSION)
- if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)
- {
- BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];
- bn_sqr_normal(rr->d,a->d,al,t);
- }
- else
- {
- int j,k;
-
- j=BN_num_bits_word((BN_ULONG)al);
- j=1<<(j-1);
- k=j+j;
- if (al == j)
- {
- if (bn_wexpand(tmp,k*2) == NULL) goto err;
- bn_sqr_recursive(rr->d,a->d,al,tmp->d);
- }
- else
- {
- if (bn_wexpand(tmp,max) == NULL) goto err;
- bn_sqr_normal(rr->d,a->d,al,tmp->d);
- }
- }
-#else
- if (bn_wexpand(tmp,max) == NULL) goto err;
- bn_sqr_normal(rr->d,a->d,al,tmp->d);
-#endif
- }
-
- rr->neg=0;
- /* If the most-significant half of the top word of 'a' is zero, then
- * the square of 'a' will max-1 words. */
- if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
- rr->top = max - 1;
- else
- rr->top = max;
- if (rr != r) BN_copy(r,rr);
- ret = 1;
- err:
- bn_check_top(rr);
- bn_check_top(tmp);
- BN_CTX_end(ctx);
- return(ret);
- }
-
-/* tmp must have 2*n words */
-void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
- {
- int i,j,max;
- const BN_ULONG *ap;
- BN_ULONG *rp;
-
- max=n*2;
- ap=a;
- rp=r;
- rp[0]=rp[max-1]=0;
- rp++;
- j=n;
-
- if (--j > 0)
- {
- ap++;
- rp[j]=bn_mul_words(rp,ap,j,ap[-1]);
- rp+=2;
- }
-
- for (i=n-2; i>0; i--)
- {
- j--;
- ap++;
- rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);
- rp+=2;
- }
-
- bn_add_words(r,r,r,max);
-
- /* There will not be a carry */
-
- bn_sqr_words(tmp,a,n);
-
- bn_add_words(r,r,tmp,max);
- }
-
-#ifdef BN_RECURSION
-/* r is 2*n words in size,
- * a and b are both n words in size. (There's not actually a 'b' here ...)
- * n must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n words in size
- * We calculate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
- {
- int n=n2/2;
- int zero,c1;
- BN_ULONG ln,lo,*p;
-
-#ifdef BN_COUNT
- fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2);
-#endif
- if (n2 == 4)
- {
-#ifndef BN_SQR_COMBA
- bn_sqr_normal(r,a,4,t);
-#else
- bn_sqr_comba4(r,a);
-#endif
- return;
- }
- else if (n2 == 8)
- {
-#ifndef BN_SQR_COMBA
- bn_sqr_normal(r,a,8,t);
-#else
- bn_sqr_comba8(r,a);
-#endif
- return;
- }
- if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
- {
- bn_sqr_normal(r,a,n2,t);
- return;
- }
- /* r=(a[0]-a[1])*(a[1]-a[0]) */
- c1=bn_cmp_words(a,&(a[n]),n);
- zero=0;
- if (c1 > 0)
- bn_sub_words(t,a,&(a[n]),n);
- else if (c1 < 0)
- bn_sub_words(t,&(a[n]),a,n);
- else
- zero=1;
-
- /* The result will always be negative unless it is zero */
- p= &(t[n2*2]);
-
- if (!zero)
- bn_sqr_recursive(&(t[n2]),t,n,p);
- else
- memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
- bn_sqr_recursive(r,a,n,p);
- bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
-
- /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
- * r[10] holds (a[0]*b[0])
- * r[32] holds (b[1]*b[1])
- */
-
- c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-
- /* t[32] is negative */
- c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
-
- /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
- * r[10] holds (a[0]*a[0])
- * r[32] holds (a[1]*a[1])
- * c1 holds the carry bits
- */
- c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
- if (c1)
- {
- p= &(r[n+n2]);
- lo= *p;
- ln=(lo+c1)&BN_MASK2;
- *p=ln;
-
- /* The overflow will stop before we over write
- * words we should not overwrite */
- if (ln < (BN_ULONG)c1)
- {
- do {
- p++;
- lo= *p;
- ln=(lo+1)&BN_MASK2;
- *p=ln;
- } while (ln == 0);
- }
- }
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_sqr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,290 @@
+/* crypto/bn/bn_sqr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* r must not be a */
+/*
+ * I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96
+ */
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+{
+ int max, al;
+ int ret = 0;
+ BIGNUM *tmp, *rr;
+
+#ifdef BN_COUNT
+ fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top);
+#endif
+ bn_check_top(a);
+
+ al = a->top;
+ if (al <= 0) {
+ r->top = 0;
+ r->neg = 0;
+ return 1;
+ }
+
+ BN_CTX_start(ctx);
+ rr = (a != r) ? r : BN_CTX_get(ctx);
+ tmp = BN_CTX_get(ctx);
+ if (!rr || !tmp)
+ goto err;
+
+ max = 2 * al; /* Non-zero (from above) */
+ if (bn_wexpand(rr, max) == NULL)
+ goto err;
+
+ if (al == 4) {
+#ifndef BN_SQR_COMBA
+ BN_ULONG t[8];
+ bn_sqr_normal(rr->d, a->d, 4, t);
+#else
+ bn_sqr_comba4(rr->d, a->d);
+#endif
+ } else if (al == 8) {
+#ifndef BN_SQR_COMBA
+ BN_ULONG t[16];
+ bn_sqr_normal(rr->d, a->d, 8, t);
+#else
+ bn_sqr_comba8(rr->d, a->d);
+#endif
+ } else {
+#if defined(BN_RECURSION)
+ if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) {
+ BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL * 2];
+ bn_sqr_normal(rr->d, a->d, al, t);
+ } else {
+ int j, k;
+
+ j = BN_num_bits_word((BN_ULONG)al);
+ j = 1 << (j - 1);
+ k = j + j;
+ if (al == j) {
+ if (bn_wexpand(tmp, k * 2) == NULL)
+ goto err;
+ bn_sqr_recursive(rr->d, a->d, al, tmp->d);
+ } else {
+ if (bn_wexpand(tmp, max) == NULL)
+ goto err;
+ bn_sqr_normal(rr->d, a->d, al, tmp->d);
+ }
+ }
+#else
+ if (bn_wexpand(tmp, max) == NULL)
+ goto err;
+ bn_sqr_normal(rr->d, a->d, al, tmp->d);
+#endif
+ }
+
+ rr->neg = 0;
+ /*
+ * If the most-significant half of the top word of 'a' is zero, then the
+ * square of 'a' will max-1 words.
+ */
+ if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
+ rr->top = max - 1;
+ else
+ rr->top = max;
+ if (rr != r)
+ BN_copy(r, rr);
+ ret = 1;
+ err:
+ bn_check_top(rr);
+ bn_check_top(tmp);
+ BN_CTX_end(ctx);
+ return (ret);
+}
+
+/* tmp must have 2*n words */
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
+{
+ int i, j, max;
+ const BN_ULONG *ap;
+ BN_ULONG *rp;
+
+ max = n * 2;
+ ap = a;
+ rp = r;
+ rp[0] = rp[max - 1] = 0;
+ rp++;
+ j = n;
+
+ if (--j > 0) {
+ ap++;
+ rp[j] = bn_mul_words(rp, ap, j, ap[-1]);
+ rp += 2;
+ }
+
+ for (i = n - 2; i > 0; i--) {
+ j--;
+ ap++;
+ rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]);
+ rp += 2;
+ }
+
+ bn_add_words(r, r, r, max);
+
+ /* There will not be a carry */
+
+ bn_sqr_words(tmp, a, n);
+
+ bn_add_words(r, r, tmp, max);
+}
+
+#ifdef BN_RECURSION
+/*-
+ * r is 2*n words in size,
+ * a and b are both n words in size. (There's not actually a 'b' here ...)
+ * n must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n words in size
+ * We calculate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
+{
+ int n = n2 / 2;
+ int zero, c1;
+ BN_ULONG ln, lo, *p;
+
+# ifdef BN_COUNT
+ fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2);
+# endif
+ if (n2 == 4) {
+# ifndef BN_SQR_COMBA
+ bn_sqr_normal(r, a, 4, t);
+# else
+ bn_sqr_comba4(r, a);
+# endif
+ return;
+ } else if (n2 == 8) {
+# ifndef BN_SQR_COMBA
+ bn_sqr_normal(r, a, 8, t);
+# else
+ bn_sqr_comba8(r, a);
+# endif
+ return;
+ }
+ if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) {
+ bn_sqr_normal(r, a, n2, t);
+ return;
+ }
+ /* r=(a[0]-a[1])*(a[1]-a[0]) */
+ c1 = bn_cmp_words(a, &(a[n]), n);
+ zero = 0;
+ if (c1 > 0)
+ bn_sub_words(t, a, &(a[n]), n);
+ else if (c1 < 0)
+ bn_sub_words(t, &(a[n]), a, n);
+ else
+ zero = 1;
+
+ /* The result will always be negative unless it is zero */
+ p = &(t[n2 * 2]);
+
+ if (!zero)
+ bn_sqr_recursive(&(t[n2]), t, n, p);
+ else
+ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
+ bn_sqr_recursive(r, a, n, p);
+ bn_sqr_recursive(&(r[n2]), &(a[n]), n, p);
+
+ /*-
+ * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+ * r[10] holds (a[0]*b[0])
+ * r[32] holds (b[1]*b[1])
+ */
+
+ c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+ /* t[32] is negative */
+ c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+
+ /*-
+ * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+ * r[10] holds (a[0]*a[0])
+ * r[32] holds (a[1]*a[1])
+ * c1 holds the carry bits
+ */
+ c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+ if (c1) {
+ p = &(r[n + n2]);
+ lo = *p;
+ ln = (lo + c1) & BN_MASK2;
+ *p = ln;
+
+ /*
+ * The overflow will stop before we over write words we should not
+ * overwrite
+ */
+ if (ln < (BN_ULONG)c1) {
+ do {
+ p++;
+ lo = *p;
+ ln = (lo + 1) & BN_MASK2;
+ *p = ln;
+ } while (ln == 0);
+ }
+ }
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqrt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_sqrt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqrt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,393 +0,0 @@
-/* crypto/bn/bn_sqrt.c */
-/* Written by Lenka Fibikova <fibikova at exp-math.uni-essen.de>
- * and Bodo Moeller for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-
-BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-/* Returns 'ret' such that
- * ret^2 == a (mod p),
- * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
- * in Algebraic Computational Number Theory", algorithm 1.5.1).
- * 'p' must be prime!
- */
- {
- BIGNUM *ret = in;
- int err = 1;
- int r;
- BIGNUM *A, *b, *q, *t, *x, *y;
- int e, i, j;
-
- if (!BN_is_odd(p) || BN_abs_is_word(p, 1))
- {
- if (BN_abs_is_word(p, 2))
- {
- if (ret == NULL)
- ret = BN_new();
- if (ret == NULL)
- goto end;
- if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
- {
- if (ret != in)
- BN_free(ret);
- return NULL;
- }
- bn_check_top(ret);
- return ret;
- }
-
- BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
- return(NULL);
- }
-
- if (BN_is_zero(a) || BN_is_one(a))
- {
- if (ret == NULL)
- ret = BN_new();
- if (ret == NULL)
- goto end;
- if (!BN_set_word(ret, BN_is_one(a)))
- {
- if (ret != in)
- BN_free(ret);
- return NULL;
- }
- bn_check_top(ret);
- return ret;
- }
-
- BN_CTX_start(ctx);
- A = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- q = BN_CTX_get(ctx);
- t = BN_CTX_get(ctx);
- x = BN_CTX_get(ctx);
- y = BN_CTX_get(ctx);
- if (y == NULL) goto end;
-
- if (ret == NULL)
- ret = BN_new();
- if (ret == NULL) goto end;
-
- /* A = a mod p */
- if (!BN_nnmod(A, a, p, ctx)) goto end;
-
- /* now write |p| - 1 as 2^e*q where q is odd */
- e = 1;
- while (!BN_is_bit_set(p, e))
- e++;
- /* we'll set q later (if needed) */
-
- if (e == 1)
- {
- /* The easy case: (|p|-1)/2 is odd, so 2 has an inverse
- * modulo (|p|-1)/2, and square roots can be computed
- * directly by modular exponentiation.
- * We have
- * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2),
- * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1.
- */
- if (!BN_rshift(q, p, 2)) goto end;
- q->neg = 0;
- if (!BN_add_word(q, 1)) goto end;
- if (!BN_mod_exp(ret, A, q, p, ctx)) goto end;
- err = 0;
- goto vrfy;
- }
-
- if (e == 2)
- {
- /* |p| == 5 (mod 8)
- *
- * In this case 2 is always a non-square since
- * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime.
- * So if a really is a square, then 2*a is a non-square.
- * Thus for
- * b := (2*a)^((|p|-5)/8),
- * i := (2*a)*b^2
- * we have
- * i^2 = (2*a)^((1 + (|p|-5)/4)*2)
- * = (2*a)^((p-1)/2)
- * = -1;
- * so if we set
- * x := a*b*(i-1),
- * then
- * x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
- * = a^2 * b^2 * (-2*i)
- * = a*(-i)*(2*a*b^2)
- * = a*(-i)*i
- * = a.
- *
- * (This is due to A.O.L. Atkin,
- * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
- * November 1992.)
- */
-
- /* t := 2*a */
- if (!BN_mod_lshift1_quick(t, A, p)) goto end;
-
- /* b := (2*a)^((|p|-5)/8) */
- if (!BN_rshift(q, p, 3)) goto end;
- q->neg = 0;
- if (!BN_mod_exp(b, t, q, p, ctx)) goto end;
-
- /* y := b^2 */
- if (!BN_mod_sqr(y, b, p, ctx)) goto end;
-
- /* t := (2*a)*b^2 - 1*/
- if (!BN_mod_mul(t, t, y, p, ctx)) goto end;
- if (!BN_sub_word(t, 1)) goto end;
-
- /* x = a*b*t */
- if (!BN_mod_mul(x, A, b, p, ctx)) goto end;
- if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
-
- if (!BN_copy(ret, x)) goto end;
- err = 0;
- goto vrfy;
- }
-
- /* e > 2, so we really have to use the Tonelli/Shanks algorithm.
- * First, find some y that is not a square. */
- if (!BN_copy(q, p)) goto end; /* use 'q' as temp */
- q->neg = 0;
- i = 2;
- do
- {
- /* For efficiency, try small numbers first;
- * if this fails, try random numbers.
- */
- if (i < 22)
- {
- if (!BN_set_word(y, i)) goto end;
- }
- else
- {
- if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end;
- if (BN_ucmp(y, p) >= 0)
- {
- if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end;
- }
- /* now 0 <= y < |p| */
- if (BN_is_zero(y))
- if (!BN_set_word(y, i)) goto end;
- }
-
- r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
- if (r < -1) goto end;
- if (r == 0)
- {
- /* m divides p */
- BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
- goto end;
- }
- }
- while (r == 1 && ++i < 82);
-
- if (r != -1)
- {
- /* Many rounds and still no non-square -- this is more likely
- * a bug than just bad luck.
- * Even if p is not prime, we should have found some y
- * such that r == -1.
- */
- BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
- goto end;
- }
-
- /* Here's our actual 'q': */
- if (!BN_rshift(q, q, e)) goto end;
-
- /* Now that we have some non-square, we can find an element
- * of order 2^e by computing its q'th power. */
- if (!BN_mod_exp(y, y, q, p, ctx)) goto end;
- if (BN_is_one(y))
- {
- BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
- goto end;
- }
-
- /* Now we know that (if p is indeed prime) there is an integer
- * k, 0 <= k < 2^e, such that
- *
- * a^q * y^k == 1 (mod p).
- *
- * As a^q is a square and y is not, k must be even.
- * q+1 is even, too, so there is an element
- *
- * X := a^((q+1)/2) * y^(k/2),
- *
- * and it satisfies
- *
- * X^2 = a^q * a * y^k
- * = a,
- *
- * so it is the square root that we are looking for.
- */
-
- /* t := (q-1)/2 (note that q is odd) */
- if (!BN_rshift1(t, q)) goto end;
-
- /* x := a^((q-1)/2) */
- if (BN_is_zero(t)) /* special case: p = 2^e + 1 */
- {
- if (!BN_nnmod(t, A, p, ctx)) goto end;
- if (BN_is_zero(t))
- {
- /* special case: a == 0 (mod p) */
- BN_zero(ret);
- err = 0;
- goto end;
- }
- else
- if (!BN_one(x)) goto end;
- }
- else
- {
- if (!BN_mod_exp(x, A, t, p, ctx)) goto end;
- if (BN_is_zero(x))
- {
- /* special case: a == 0 (mod p) */
- BN_zero(ret);
- err = 0;
- goto end;
- }
- }
-
- /* b := a*x^2 (= a^q) */
- if (!BN_mod_sqr(b, x, p, ctx)) goto end;
- if (!BN_mod_mul(b, b, A, p, ctx)) goto end;
-
- /* x := a*x (= a^((q+1)/2)) */
- if (!BN_mod_mul(x, x, A, p, ctx)) goto end;
-
- while (1)
- {
- /* Now b is a^q * y^k for some even k (0 <= k < 2^E
- * where E refers to the original value of e, which we
- * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2).
- *
- * We have a*b = x^2,
- * y^2^(e-1) = -1,
- * b^2^(e-1) = 1.
- */
-
- if (BN_is_one(b))
- {
- if (!BN_copy(ret, x)) goto end;
- err = 0;
- goto vrfy;
- }
-
-
- /* find smallest i such that b^(2^i) = 1 */
- i = 1;
- if (!BN_mod_sqr(t, b, p, ctx)) goto end;
- while (!BN_is_one(t))
- {
- i++;
- if (i == e)
- {
- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
- goto end;
- }
- if (!BN_mod_mul(t, t, t, p, ctx)) goto end;
- }
-
-
- /* t := y^2^(e - i - 1) */
- if (!BN_copy(t, y)) goto end;
- for (j = e - i - 1; j > 0; j--)
- {
- if (!BN_mod_sqr(t, t, p, ctx)) goto end;
- }
- if (!BN_mod_mul(y, t, t, p, ctx)) goto end;
- if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
- if (!BN_mod_mul(b, b, y, p, ctx)) goto end;
- e = i;
- }
-
- vrfy:
- if (!err)
- {
- /* verify the result -- the input might have been not a square
- * (test added in 0.9.8) */
-
- if (!BN_mod_sqr(x, ret, p, ctx))
- err = 1;
-
- if (!err && 0 != BN_cmp(x, A))
- {
- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
- err = 1;
- }
- }
-
- end:
- if (err)
- {
- if (ret != NULL && ret != in)
- {
- BN_clear_free(ret);
- }
- ret = NULL;
- }
- BN_CTX_end(ctx);
- bn_check_top(ret);
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqrt.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_sqrt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqrt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_sqrt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,409 @@
+/* crypto/bn/bn_sqrt.c */
+/*
+ * Written by Lenka Fibikova <fibikova at exp-math.uni-essen.de> and Bodo
+ * Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+/*
+ * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
+ * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
+ * Theory", algorithm 1.5.1). 'p' must be prime!
+ */
+{
+ BIGNUM *ret = in;
+ int err = 1;
+ int r;
+ BIGNUM *A, *b, *q, *t, *x, *y;
+ int e, i, j;
+
+ if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) {
+ if (BN_abs_is_word(p, 2)) {
+ if (ret == NULL)
+ ret = BN_new();
+ if (ret == NULL)
+ goto end;
+ if (!BN_set_word(ret, BN_is_bit_set(a, 0))) {
+ if (ret != in)
+ BN_free(ret);
+ return NULL;
+ }
+ bn_check_top(ret);
+ return ret;
+ }
+
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+ return (NULL);
+ }
+
+ if (BN_is_zero(a) || BN_is_one(a)) {
+ if (ret == NULL)
+ ret = BN_new();
+ if (ret == NULL)
+ goto end;
+ if (!BN_set_word(ret, BN_is_one(a))) {
+ if (ret != in)
+ BN_free(ret);
+ return NULL;
+ }
+ bn_check_top(ret);
+ return ret;
+ }
+
+ BN_CTX_start(ctx);
+ A = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
+ q = BN_CTX_get(ctx);
+ t = BN_CTX_get(ctx);
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ if (y == NULL)
+ goto end;
+
+ if (ret == NULL)
+ ret = BN_new();
+ if (ret == NULL)
+ goto end;
+
+ /* A = a mod p */
+ if (!BN_nnmod(A, a, p, ctx))
+ goto end;
+
+ /* now write |p| - 1 as 2^e*q where q is odd */
+ e = 1;
+ while (!BN_is_bit_set(p, e))
+ e++;
+ /* we'll set q later (if needed) */
+
+ if (e == 1) {
+ /*-
+ * The easy case: (|p|-1)/2 is odd, so 2 has an inverse
+ * modulo (|p|-1)/2, and square roots can be computed
+ * directly by modular exponentiation.
+ * We have
+ * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2),
+ * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1.
+ */
+ if (!BN_rshift(q, p, 2))
+ goto end;
+ q->neg = 0;
+ if (!BN_add_word(q, 1))
+ goto end;
+ if (!BN_mod_exp(ret, A, q, p, ctx))
+ goto end;
+ err = 0;
+ goto vrfy;
+ }
+
+ if (e == 2) {
+ /*-
+ * |p| == 5 (mod 8)
+ *
+ * In this case 2 is always a non-square since
+ * Legendre(2,p) = (-1)^((p^2-1)/8) for any odd prime.
+ * So if a really is a square, then 2*a is a non-square.
+ * Thus for
+ * b := (2*a)^((|p|-5)/8),
+ * i := (2*a)*b^2
+ * we have
+ * i^2 = (2*a)^((1 + (|p|-5)/4)*2)
+ * = (2*a)^((p-1)/2)
+ * = -1;
+ * so if we set
+ * x := a*b*(i-1),
+ * then
+ * x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
+ * = a^2 * b^2 * (-2*i)
+ * = a*(-i)*(2*a*b^2)
+ * = a*(-i)*i
+ * = a.
+ *
+ * (This is due to A.O.L. Atkin,
+ * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
+ * November 1992.)
+ */
+
+ /* t := 2*a */
+ if (!BN_mod_lshift1_quick(t, A, p))
+ goto end;
+
+ /* b := (2*a)^((|p|-5)/8) */
+ if (!BN_rshift(q, p, 3))
+ goto end;
+ q->neg = 0;
+ if (!BN_mod_exp(b, t, q, p, ctx))
+ goto end;
+
+ /* y := b^2 */
+ if (!BN_mod_sqr(y, b, p, ctx))
+ goto end;
+
+ /* t := (2*a)*b^2 - 1 */
+ if (!BN_mod_mul(t, t, y, p, ctx))
+ goto end;
+ if (!BN_sub_word(t, 1))
+ goto end;
+
+ /* x = a*b*t */
+ if (!BN_mod_mul(x, A, b, p, ctx))
+ goto end;
+ if (!BN_mod_mul(x, x, t, p, ctx))
+ goto end;
+
+ if (!BN_copy(ret, x))
+ goto end;
+ err = 0;
+ goto vrfy;
+ }
+
+ /*
+ * e > 2, so we really have to use the Tonelli/Shanks algorithm. First,
+ * find some y that is not a square.
+ */
+ if (!BN_copy(q, p))
+ goto end; /* use 'q' as temp */
+ q->neg = 0;
+ i = 2;
+ do {
+ /*
+ * For efficiency, try small numbers first; if this fails, try random
+ * numbers.
+ */
+ if (i < 22) {
+ if (!BN_set_word(y, i))
+ goto end;
+ } else {
+ if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
+ goto end;
+ if (BN_ucmp(y, p) >= 0) {
+ if (!(p->neg ? BN_add : BN_sub) (y, y, p))
+ goto end;
+ }
+ /* now 0 <= y < |p| */
+ if (BN_is_zero(y))
+ if (!BN_set_word(y, i))
+ goto end;
+ }
+
+ r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
+ if (r < -1)
+ goto end;
+ if (r == 0) {
+ /* m divides p */
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+ goto end;
+ }
+ }
+ while (r == 1 && ++i < 82);
+
+ if (r != -1) {
+ /*
+ * Many rounds and still no non-square -- this is more likely a bug
+ * than just bad luck. Even if p is not prime, we should have found
+ * some y such that r == -1.
+ */
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
+ goto end;
+ }
+
+ /* Here's our actual 'q': */
+ if (!BN_rshift(q, q, e))
+ goto end;
+
+ /*
+ * Now that we have some non-square, we can find an element of order 2^e
+ * by computing its q'th power.
+ */
+ if (!BN_mod_exp(y, y, q, p, ctx))
+ goto end;
+ if (BN_is_one(y)) {
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+ goto end;
+ }
+
+ /*-
+ * Now we know that (if p is indeed prime) there is an integer
+ * k, 0 <= k < 2^e, such that
+ *
+ * a^q * y^k == 1 (mod p).
+ *
+ * As a^q is a square and y is not, k must be even.
+ * q+1 is even, too, so there is an element
+ *
+ * X := a^((q+1)/2) * y^(k/2),
+ *
+ * and it satisfies
+ *
+ * X^2 = a^q * a * y^k
+ * = a,
+ *
+ * so it is the square root that we are looking for.
+ */
+
+ /* t := (q-1)/2 (note that q is odd) */
+ if (!BN_rshift1(t, q))
+ goto end;
+
+ /* x := a^((q-1)/2) */
+ if (BN_is_zero(t)) { /* special case: p = 2^e + 1 */
+ if (!BN_nnmod(t, A, p, ctx))
+ goto end;
+ if (BN_is_zero(t)) {
+ /* special case: a == 0 (mod p) */
+ BN_zero(ret);
+ err = 0;
+ goto end;
+ } else if (!BN_one(x))
+ goto end;
+ } else {
+ if (!BN_mod_exp(x, A, t, p, ctx))
+ goto end;
+ if (BN_is_zero(x)) {
+ /* special case: a == 0 (mod p) */
+ BN_zero(ret);
+ err = 0;
+ goto end;
+ }
+ }
+
+ /* b := a*x^2 (= a^q) */
+ if (!BN_mod_sqr(b, x, p, ctx))
+ goto end;
+ if (!BN_mod_mul(b, b, A, p, ctx))
+ goto end;
+
+ /* x := a*x (= a^((q+1)/2)) */
+ if (!BN_mod_mul(x, x, A, p, ctx))
+ goto end;
+
+ while (1) {
+ /*-
+ * Now b is a^q * y^k for some even k (0 <= k < 2^E
+ * where E refers to the original value of e, which we
+ * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2).
+ *
+ * We have a*b = x^2,
+ * y^2^(e-1) = -1,
+ * b^2^(e-1) = 1.
+ */
+
+ if (BN_is_one(b)) {
+ if (!BN_copy(ret, x))
+ goto end;
+ err = 0;
+ goto vrfy;
+ }
+
+ /* find smallest i such that b^(2^i) = 1 */
+ i = 1;
+ if (!BN_mod_sqr(t, b, p, ctx))
+ goto end;
+ while (!BN_is_one(t)) {
+ i++;
+ if (i == e) {
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+ goto end;
+ }
+ if (!BN_mod_mul(t, t, t, p, ctx))
+ goto end;
+ }
+
+ /* t := y^2^(e - i - 1) */
+ if (!BN_copy(t, y))
+ goto end;
+ for (j = e - i - 1; j > 0; j--) {
+ if (!BN_mod_sqr(t, t, p, ctx))
+ goto end;
+ }
+ if (!BN_mod_mul(y, t, t, p, ctx))
+ goto end;
+ if (!BN_mod_mul(x, x, t, p, ctx))
+ goto end;
+ if (!BN_mod_mul(b, b, y, p, ctx))
+ goto end;
+ e = i;
+ }
+
+ vrfy:
+ if (!err) {
+ /*
+ * verify the result -- the input might have been not a square (test
+ * added in 0.9.8)
+ */
+
+ if (!BN_mod_sqr(x, ret, p, ctx))
+ err = 1;
+
+ if (!err && 0 != BN_cmp(x, A)) {
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+ err = 1;
+ }
+ }
+
+ end:
+ if (err) {
+ if (ret != NULL && ret != in) {
+ BN_clear_free(ret);
+ }
+ ret = NULL;
+ }
+ BN_CTX_end(ctx);
+ bn_check_top(ret);
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_word.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_word.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_word.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,238 +0,0 @@
-/* crypto/bn/bn_word.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
- {
-#ifndef BN_LLONG
- BN_ULONG ret=0;
-#else
- BN_ULLONG ret=0;
-#endif
- int i;
-
- if (w == 0)
- return (BN_ULONG)-1;
-
- bn_check_top(a);
- w&=BN_MASK2;
- for (i=a->top-1; i>=0; i--)
- {
-#ifndef BN_LLONG
- ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w;
- ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w;
-#else
- ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
- (BN_ULLONG)w);
-#endif
- }
- return((BN_ULONG)ret);
- }
-
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
- {
- BN_ULONG ret = 0;
- int i, j;
-
- bn_check_top(a);
- w &= BN_MASK2;
-
- if (!w)
- /* actually this an error (division by zero) */
- return (BN_ULONG)-1;
- if (a->top == 0)
- return 0;
-
- /* normalize input (so bn_div_words doesn't complain) */
- j = BN_BITS2 - BN_num_bits_word(w);
- w <<= j;
- if (!BN_lshift(a, a, j))
- return (BN_ULONG)-1;
-
- for (i=a->top-1; i>=0; i--)
- {
- BN_ULONG l,d;
-
- l=a->d[i];
- d=bn_div_words(ret,l,w);
- ret=(l-((d*w)&BN_MASK2))&BN_MASK2;
- a->d[i]=d;
- }
- if ((a->top > 0) && (a->d[a->top-1] == 0))
- a->top--;
- ret >>= j;
- bn_check_top(a);
- return(ret);
- }
-
-int BN_add_word(BIGNUM *a, BN_ULONG w)
- {
- BN_ULONG l;
- int i;
-
- bn_check_top(a);
- w &= BN_MASK2;
-
- /* degenerate case: w is zero */
- if (!w) return 1;
- /* degenerate case: a is zero */
- if(BN_is_zero(a)) return BN_set_word(a, w);
- /* handle 'a' when negative */
- if (a->neg)
- {
- a->neg=0;
- i=BN_sub_word(a,w);
- if (!BN_is_zero(a))
- a->neg=!(a->neg);
- return(i);
- }
- for (i=0;w!=0 && i<a->top;i++)
- {
- a->d[i] = l = (a->d[i]+w)&BN_MASK2;
- w = (w>l)?1:0;
- }
- if (w && i==a->top)
- {
- if (bn_wexpand(a,a->top+1) == NULL) return 0;
- a->top++;
- a->d[i]=w;
- }
- bn_check_top(a);
- return(1);
- }
-
-int BN_sub_word(BIGNUM *a, BN_ULONG w)
- {
- int i;
-
- bn_check_top(a);
- w &= BN_MASK2;
-
- /* degenerate case: w is zero */
- if (!w) return 1;
- /* degenerate case: a is zero */
- if(BN_is_zero(a))
- {
- i = BN_set_word(a,w);
- if (i != 0)
- BN_set_negative(a, 1);
- return i;
- }
- /* handle 'a' when negative */
- if (a->neg)
- {
- a->neg=0;
- i=BN_add_word(a,w);
- a->neg=1;
- return(i);
- }
-
- if ((a->top == 1) && (a->d[0] < w))
- {
- a->d[0]=w-a->d[0];
- a->neg=1;
- return(1);
- }
- i=0;
- for (;;)
- {
- if (a->d[i] >= w)
- {
- a->d[i]-=w;
- break;
- }
- else
- {
- a->d[i]=(a->d[i]-w)&BN_MASK2;
- i++;
- w=1;
- }
- }
- if ((a->d[i] == 0) && (i == (a->top-1)))
- a->top--;
- bn_check_top(a);
- return(1);
- }
-
-int BN_mul_word(BIGNUM *a, BN_ULONG w)
- {
- BN_ULONG ll;
-
- bn_check_top(a);
- w&=BN_MASK2;
- if (a->top)
- {
- if (w == 0)
- BN_zero(a);
- else
- {
- ll=bn_mul_words(a->d,a->d,a->top,w);
- if (ll)
- {
- if (bn_wexpand(a,a->top+1) == NULL) return(0);
- a->d[a->top++]=ll;
- }
- }
- }
- bn_check_top(a);
- return(1);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_word.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_word.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_word.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_word.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,227 @@
+/* crypto/bn/bn_word.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
+{
+#ifndef BN_LLONG
+ BN_ULONG ret = 0;
+#else
+ BN_ULLONG ret = 0;
+#endif
+ int i;
+
+ if (w == 0)
+ return (BN_ULONG)-1;
+
+ bn_check_top(a);
+ w &= BN_MASK2;
+ for (i = a->top - 1; i >= 0; i--) {
+#ifndef BN_LLONG
+ ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w;
+ ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
+#else
+ ret = (BN_ULLONG) (((ret << (BN_ULLONG) BN_BITS2) | a->d[i]) %
+ (BN_ULLONG) w);
+#endif
+ }
+ return ((BN_ULONG)ret);
+}
+
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
+{
+ BN_ULONG ret = 0;
+ int i, j;
+
+ bn_check_top(a);
+ w &= BN_MASK2;
+
+ if (!w)
+ /* actually this an error (division by zero) */
+ return (BN_ULONG)-1;
+ if (a->top == 0)
+ return 0;
+
+ /* normalize input (so bn_div_words doesn't complain) */
+ j = BN_BITS2 - BN_num_bits_word(w);
+ w <<= j;
+ if (!BN_lshift(a, a, j))
+ return (BN_ULONG)-1;
+
+ for (i = a->top - 1; i >= 0; i--) {
+ BN_ULONG l, d;
+
+ l = a->d[i];
+ d = bn_div_words(ret, l, w);
+ ret = (l - ((d * w) & BN_MASK2)) & BN_MASK2;
+ a->d[i] = d;
+ }
+ if ((a->top > 0) && (a->d[a->top - 1] == 0))
+ a->top--;
+ ret >>= j;
+ bn_check_top(a);
+ return (ret);
+}
+
+int BN_add_word(BIGNUM *a, BN_ULONG w)
+{
+ BN_ULONG l;
+ int i;
+
+ bn_check_top(a);
+ w &= BN_MASK2;
+
+ /* degenerate case: w is zero */
+ if (!w)
+ return 1;
+ /* degenerate case: a is zero */
+ if (BN_is_zero(a))
+ return BN_set_word(a, w);
+ /* handle 'a' when negative */
+ if (a->neg) {
+ a->neg = 0;
+ i = BN_sub_word(a, w);
+ if (!BN_is_zero(a))
+ a->neg = !(a->neg);
+ return (i);
+ }
+ for (i = 0; w != 0 && i < a->top; i++) {
+ a->d[i] = l = (a->d[i] + w) & BN_MASK2;
+ w = (w > l) ? 1 : 0;
+ }
+ if (w && i == a->top) {
+ if (bn_wexpand(a, a->top + 1) == NULL)
+ return 0;
+ a->top++;
+ a->d[i] = w;
+ }
+ bn_check_top(a);
+ return (1);
+}
+
+int BN_sub_word(BIGNUM *a, BN_ULONG w)
+{
+ int i;
+
+ bn_check_top(a);
+ w &= BN_MASK2;
+
+ /* degenerate case: w is zero */
+ if (!w)
+ return 1;
+ /* degenerate case: a is zero */
+ if (BN_is_zero(a)) {
+ i = BN_set_word(a, w);
+ if (i != 0)
+ BN_set_negative(a, 1);
+ return i;
+ }
+ /* handle 'a' when negative */
+ if (a->neg) {
+ a->neg = 0;
+ i = BN_add_word(a, w);
+ a->neg = 1;
+ return (i);
+ }
+
+ if ((a->top == 1) && (a->d[0] < w)) {
+ a->d[0] = w - a->d[0];
+ a->neg = 1;
+ return (1);
+ }
+ i = 0;
+ for (;;) {
+ if (a->d[i] >= w) {
+ a->d[i] -= w;
+ break;
+ } else {
+ a->d[i] = (a->d[i] - w) & BN_MASK2;
+ i++;
+ w = 1;
+ }
+ }
+ if ((a->d[i] == 0) && (i == (a->top - 1)))
+ a->top--;
+ bn_check_top(a);
+ return (1);
+}
+
+int BN_mul_word(BIGNUM *a, BN_ULONG w)
+{
+ BN_ULONG ll;
+
+ bn_check_top(a);
+ w &= BN_MASK2;
+ if (a->top) {
+ if (w == 0)
+ BN_zero(a);
+ else {
+ ll = bn_mul_words(a->d, a->d, a->top, w);
+ if (ll) {
+ if (bn_wexpand(a, a->top + 1) == NULL)
+ return (0);
+ a->d[a->top++] = ll;
+ }
+ }
+ }
+ bn_check_top(a);
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_x931p.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_x931p.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,272 +0,0 @@
-/* bn_x931p.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-
-/* X9.31 routines for prime derivation */
-
-/* X9.31 prime derivation. This is used to generate the primes pi
- * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
- * integers.
- */
-
-static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
- BN_GENCB *cb)
- {
- int i = 0;
- if (!BN_copy(pi, Xpi))
- return 0;
- if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
- return 0;
- for(;;)
- {
- i++;
- BN_GENCB_call(cb, 0, i);
- /* NB 27 MR is specificed in X9.31 */
- if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
- break;
- if (!BN_add_word(pi, 2))
- return 0;
- }
- BN_GENCB_call(cb, 2, i);
- return 1;
- }
-
-/* This is the main X9.31 prime derivation function. From parameters
- * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are
- * not NULL they will be returned too: this is needed for testing.
- */
-
-int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
- const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
- {
- int ret = 0;
-
- BIGNUM *t, *p1p2, *pm1;
-
- /* Only even e supported */
- if (!BN_is_odd(e))
- return 0;
-
- BN_CTX_start(ctx);
- if (!p1)
- p1 = BN_CTX_get(ctx);
-
- if (!p2)
- p2 = BN_CTX_get(ctx);
-
- t = BN_CTX_get(ctx);
-
- p1p2 = BN_CTX_get(ctx);
-
- pm1 = BN_CTX_get(ctx);
-
- if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
- goto err;
-
- if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
- goto err;
-
- if (!BN_mul(p1p2, p1, p2, ctx))
- goto err;
-
- /* First set p to value of Rp */
-
- if (!BN_mod_inverse(p, p2, p1, ctx))
- goto err;
-
- if (!BN_mul(p, p, p2, ctx))
- goto err;
-
- if (!BN_mod_inverse(t, p1, p2, ctx))
- goto err;
-
- if (!BN_mul(t, t, p1, ctx))
- goto err;
-
- if (!BN_sub(p, p, t))
- goto err;
-
- if (p->neg && !BN_add(p, p, p1p2))
- goto err;
-
- /* p now equals Rp */
-
- if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
- goto err;
-
- if (!BN_add(p, p, Xp))
- goto err;
-
- /* p now equals Yp0 */
-
- for (;;)
- {
- int i = 1;
- BN_GENCB_call(cb, 0, i++);
- if (!BN_copy(pm1, p))
- goto err;
- if (!BN_sub_word(pm1, 1))
- goto err;
- if (!BN_gcd(t, pm1, e, ctx))
- goto err;
- if (BN_is_one(t)
- /* X9.31 specifies 8 MR and 1 Lucas test or any prime test
- * offering similar or better guarantees 50 MR is considerably
- * better.
- */
- && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
- break;
- if (!BN_add(p, p, p1p2))
- goto err;
- }
-
- BN_GENCB_call(cb, 3, 0);
-
- ret = 1;
-
- err:
-
- BN_CTX_end(ctx);
-
- return ret;
- }
-
-/* Generate pair of paramters Xp, Xq for X9.31 prime generation.
- * Note: nbits paramter is sum of number of bits in both.
- */
-
-int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
- {
- BIGNUM *t;
- int i;
- /* Number of bits for each prime is of the form
- * 512+128s for s = 0, 1, ...
- */
- if ((nbits < 1024) || (nbits & 0xff))
- return 0;
- nbits >>= 1;
- /* The random value Xp must be between sqrt(2) * 2^(nbits-1) and
- * 2^nbits - 1. By setting the top two bits we ensure that the lower
- * bound is exceeded.
- */
- if (!BN_rand(Xp, nbits, 1, 0))
- return 0;
-
- BN_CTX_start(ctx);
- t = BN_CTX_get(ctx);
-
- for (i = 0; i < 1000; i++)
- {
- if (!BN_rand(Xq, nbits, 1, 0))
- return 0;
- /* Check that |Xp - Xq| > 2^(nbits - 100) */
- BN_sub(t, Xp, Xq);
- if (BN_num_bits(t) > (nbits - 100))
- break;
- }
-
- BN_CTX_end(ctx);
-
- if (i < 1000)
- return 1;
-
- return 0;
-
- }
-
-/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
- * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL
- * the relevant parameter will be stored in it.
- *
- * Due to the fact that |Xp - Xq| > 2^(nbits - 100) must be satisfied Xp and Xq
- * are generated using the previous function and supplied as input.
- */
-
-int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
- BIGNUM *Xp1, BIGNUM *Xp2,
- const BIGNUM *Xp,
- const BIGNUM *e, BN_CTX *ctx,
- BN_GENCB *cb)
- {
- int ret = 0;
-
- BN_CTX_start(ctx);
- if (!Xp1)
- Xp1 = BN_CTX_get(ctx);
- if (!Xp2)
- Xp2 = BN_CTX_get(ctx);
-
- if (!BN_rand(Xp1, 101, 0, 0))
- goto error;
- if (!BN_rand(Xp2, 101, 0, 0))
- goto error;
- if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
- goto error;
-
- ret = 1;
-
- error:
- BN_CTX_end(ctx);
-
- return ret;
-
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_x931p.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bn_x931p.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_x931p.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bn_x931p.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,274 @@
+/* bn_x931p.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+
+/* X9.31 routines for prime derivation */
+
+/*
+ * X9.31 prime derivation. This is used to generate the primes pi (p1, p2,
+ * q1, q2) from a parameter Xpi by checking successive odd integers.
+ */
+
+static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
+ BN_GENCB *cb)
+{
+ int i = 0;
+ if (!BN_copy(pi, Xpi))
+ return 0;
+ if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
+ return 0;
+ for (;;) {
+ i++;
+ BN_GENCB_call(cb, 0, i);
+ /* NB 27 MR is specificed in X9.31 */
+ if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
+ break;
+ if (!BN_add_word(pi, 2))
+ return 0;
+ }
+ BN_GENCB_call(cb, 2, i);
+ return 1;
+}
+
+/*
+ * This is the main X9.31 prime derivation function. From parameters Xp1, Xp2
+ * and Xp derive the prime p. If the parameters p1 or p2 are not NULL they
+ * will be returned too: this is needed for testing.
+ */
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ const BIGNUM *Xp, const BIGNUM *Xp1,
+ const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+ BN_GENCB *cb)
+{
+ int ret = 0;
+
+ BIGNUM *t, *p1p2, *pm1;
+
+ /* Only even e supported */
+ if (!BN_is_odd(e))
+ return 0;
+
+ BN_CTX_start(ctx);
+ if (!p1)
+ p1 = BN_CTX_get(ctx);
+
+ if (!p2)
+ p2 = BN_CTX_get(ctx);
+
+ t = BN_CTX_get(ctx);
+
+ p1p2 = BN_CTX_get(ctx);
+
+ pm1 = BN_CTX_get(ctx);
+
+ if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
+ goto err;
+
+ if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
+ goto err;
+
+ if (!BN_mul(p1p2, p1, p2, ctx))
+ goto err;
+
+ /* First set p to value of Rp */
+
+ if (!BN_mod_inverse(p, p2, p1, ctx))
+ goto err;
+
+ if (!BN_mul(p, p, p2, ctx))
+ goto err;
+
+ if (!BN_mod_inverse(t, p1, p2, ctx))
+ goto err;
+
+ if (!BN_mul(t, t, p1, ctx))
+ goto err;
+
+ if (!BN_sub(p, p, t))
+ goto err;
+
+ if (p->neg && !BN_add(p, p, p1p2))
+ goto err;
+
+ /* p now equals Rp */
+
+ if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
+ goto err;
+
+ if (!BN_add(p, p, Xp))
+ goto err;
+
+ /* p now equals Yp0 */
+
+ for (;;) {
+ int i = 1;
+ BN_GENCB_call(cb, 0, i++);
+ if (!BN_copy(pm1, p))
+ goto err;
+ if (!BN_sub_word(pm1, 1))
+ goto err;
+ if (!BN_gcd(t, pm1, e, ctx))
+ goto err;
+ if (BN_is_one(t)
+ /*
+ * X9.31 specifies 8 MR and 1 Lucas test or any prime test
+ * offering similar or better guarantees 50 MR is considerably
+ * better.
+ */
+ && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
+ break;
+ if (!BN_add(p, p, p1p2))
+ goto err;
+ }
+
+ BN_GENCB_call(cb, 3, 0);
+
+ ret = 1;
+
+ err:
+
+ BN_CTX_end(ctx);
+
+ return ret;
+}
+
+/*
+ * Generate pair of paramters Xp, Xq for X9.31 prime generation. Note: nbits
+ * paramter is sum of number of bits in both.
+ */
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
+{
+ BIGNUM *t;
+ int i;
+ /*
+ * Number of bits for each prime is of the form 512+128s for s = 0, 1,
+ * ...
+ */
+ if ((nbits < 1024) || (nbits & 0xff))
+ return 0;
+ nbits >>= 1;
+ /*
+ * The random value Xp must be between sqrt(2) * 2^(nbits-1) and 2^nbits
+ * - 1. By setting the top two bits we ensure that the lower bound is
+ * exceeded.
+ */
+ if (!BN_rand(Xp, nbits, 1, 0))
+ return 0;
+
+ BN_CTX_start(ctx);
+ t = BN_CTX_get(ctx);
+
+ for (i = 0; i < 1000; i++) {
+ if (!BN_rand(Xq, nbits, 1, 0))
+ return 0;
+ /* Check that |Xp - Xq| > 2^(nbits - 100) */
+ BN_sub(t, Xp, Xq);
+ if (BN_num_bits(t) > (nbits - 100))
+ break;
+ }
+
+ BN_CTX_end(ctx);
+
+ if (i < 1000)
+ return 1;
+
+ return 0;
+
+}
+
+/*
+ * Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 and
+ * Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL the
+ * relevant parameter will be stored in it. Due to the fact that |Xp - Xq| >
+ * 2^(nbits - 100) must be satisfied Xp and Xq are generated using the
+ * previous function and supplied as input.
+ */
+
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+ BIGNUM *Xp1, BIGNUM *Xp2,
+ const BIGNUM *Xp,
+ const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
+{
+ int ret = 0;
+
+ BN_CTX_start(ctx);
+ if (!Xp1)
+ Xp1 = BN_CTX_get(ctx);
+ if (!Xp2)
+ Xp2 = BN_CTX_get(ctx);
+
+ if (!BN_rand(Xp1, 101, 0, 0))
+ goto error;
+ if (!BN_rand(Xp2, 101, 0, 0))
+ goto error;
+ if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
+ goto error;
+
+ ret = 1;
+
+ error:
+ BN_CTX_end(ctx);
+
+ return ret;
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bnspeed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bnspeed.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bnspeed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,233 +0,0 @@
-/* unused */
-
-/* crypto/bn/bnspeed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#define BASENUM 1000000
-#undef PROG
-#define PROG bnspeed_main
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE ((long)1024*8)
-int run=0;
-
-static double Time_F(int s);
-#define START 0
-#define STOP 1
-
-static double Time_F(int s)
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret < 1e-3)?1e-3:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
- return((ret < 0.001)?0.001:ret);
- }
-#endif
- }
-
-#define NUM_SIZES 5
-static int sizes[NUM_SIZES]={128,256,512,1024,2048};
-/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
-
-void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx);
-
-int main(int argc, char **argv)
- {
- BN_CTX *ctx;
- BIGNUM a,b,c;
-
- ctx=BN_CTX_new();
- BN_init(&a);
- BN_init(&b);
- BN_init(&c);
-
- do_mul(&a,&b,&c,ctx);
- }
-
-void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
- {
- int i,j,k;
- double tm;
- long num;
-
- for (i=0; i<NUM_SIZES; i++)
- {
- num=BASENUM;
- if (i) num/=(i*3);
- BN_rand(a,sizes[i],1,0);
- for (j=i; j<NUM_SIZES; j++)
- {
- BN_rand(b,sizes[j],1,0);
- Time_F(START);
- for (k=0; k<num; k++)
- BN_mul(r,b,a,ctx);
- tm=Time_F(STOP);
- printf("mul %4d x %4d -> %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num);
- }
- }
-
- for (i=0; i<NUM_SIZES; i++)
- {
- num=BASENUM;
- if (i) num/=(i*3);
- BN_rand(a,sizes[i],1,0);
- Time_F(START);
- for (k=0; k<num; k++)
- BN_sqr(r,a,ctx);
- tm=Time_F(STOP);
- printf("sqr %4d x %4d -> %8.3fms\n",sizes[i],sizes[i],tm*1000.0/num);
- }
-
- for (i=0; i<NUM_SIZES; i++)
- {
- num=BASENUM/10;
- if (i) num/=(i*3);
- BN_rand(a,sizes[i]-1,1,0);
- for (j=i; j<NUM_SIZES; j++)
- {
- BN_rand(b,sizes[j],1,0);
- Time_F(START);
- for (k=0; k<100000; k++)
- BN_div(r, NULL, b, a,ctx);
- tm=Time_F(STOP);
- printf("div %4d / %4d -> %8.3fms\n",sizes[j],sizes[i]-1,tm*1000.0/num);
- }
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bnspeed.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bnspeed.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bnspeed.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bnspeed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,232 @@
+/* unused */
+
+/* crypto/bn/bnspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#define BASENUM 1000000
+#undef PROG
+#define PROG bnspeed_main
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+# define TIMES
+#endif
+
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+
+/*
+ * Depending on the VMS version, the tms structure is perhaps defined. The
+ * __TMS macro will show if it was. If it wasn't defined, we should undefine
+ * TIMES, since that tells the rest of the program how things should be
+ * handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+
+#ifndef TIMES
+# include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run = 0;
+
+static double Time_F(int s);
+#define START 0
+#define STOP 1
+
+static double Time_F(int s)
+{
+ double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret < 1e-3) ? 1e-3 : ret);
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
+ return ((ret < 0.001) ? 0.001 : ret);
+ }
+#endif
+}
+
+#define NUM_SIZES 5
+static int sizes[NUM_SIZES] = { 128, 256, 512, 1024, 2048 };
+
+/*
+ * static int sizes[NUM_SIZES]={59,179,299,419,539};
+ */
+
+void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+int main(int argc, char **argv)
+{
+ BN_CTX *ctx;
+ BIGNUM a, b, c;
+
+ ctx = BN_CTX_new();
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+
+ do_mul(&a, &b, &c, ctx);
+}
+
+void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+{
+ int i, j, k;
+ double tm;
+ long num;
+
+ for (i = 0; i < NUM_SIZES; i++) {
+ num = BASENUM;
+ if (i)
+ num /= (i * 3);
+ BN_rand(a, sizes[i], 1, 0);
+ for (j = i; j < NUM_SIZES; j++) {
+ BN_rand(b, sizes[j], 1, 0);
+ Time_F(START);
+ for (k = 0; k < num; k++)
+ BN_mul(r, b, a, ctx);
+ tm = Time_F(STOP);
+ printf("mul %4d x %4d -> %8.3fms\n", sizes[i], sizes[j],
+ tm * 1000.0 / num);
+ }
+ }
+
+ for (i = 0; i < NUM_SIZES; i++) {
+ num = BASENUM;
+ if (i)
+ num /= (i * 3);
+ BN_rand(a, sizes[i], 1, 0);
+ Time_F(START);
+ for (k = 0; k < num; k++)
+ BN_sqr(r, a, ctx);
+ tm = Time_F(STOP);
+ printf("sqr %4d x %4d -> %8.3fms\n", sizes[i], sizes[i],
+ tm * 1000.0 / num);
+ }
+
+ for (i = 0; i < NUM_SIZES; i++) {
+ num = BASENUM / 10;
+ if (i)
+ num /= (i * 3);
+ BN_rand(a, sizes[i] - 1, 1, 0);
+ for (j = i; j < NUM_SIZES; j++) {
+ BN_rand(b, sizes[j], 1, 0);
+ Time_F(START);
+ for (k = 0; k < 100000; k++)
+ BN_div(r, NULL, b, a, ctx);
+ tm = Time_F(STOP);
+ printf("div %4d / %4d -> %8.3fms\n", sizes[j], sizes[i] - 1,
+ tm * 1000.0 / num);
+ }
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/bntest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/bntest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bntest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2011 +0,0 @@
-/* crypto/bn/bntest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the Eric Young open source
- * license provided above.
- *
- * The binary polynomial arithmetic software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-
-const int num0 = 100; /* number of tests */
-const int num1 = 50; /* additional tests for some functions */
-const int num2 = 5; /* number of tests for slow functions */
-
-int test_add(BIO *bp);
-int test_sub(BIO *bp);
-int test_lshift1(BIO *bp);
-int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
-int test_rshift1(BIO *bp);
-int test_rshift(BIO *bp,BN_CTX *ctx);
-int test_div(BIO *bp,BN_CTX *ctx);
-int test_div_word(BIO *bp);
-int test_div_recp(BIO *bp,BN_CTX *ctx);
-int test_mul(BIO *bp);
-int test_sqr(BIO *bp,BN_CTX *ctx);
-int test_mont(BIO *bp,BN_CTX *ctx);
-int test_mod(BIO *bp,BN_CTX *ctx);
-int test_mod_mul(BIO *bp,BN_CTX *ctx);
-int test_mod_exp(BIO *bp,BN_CTX *ctx);
-int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
-int test_exp(BIO *bp,BN_CTX *ctx);
-int test_gf2m_add(BIO *bp);
-int test_gf2m_mod(BIO *bp);
-int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);
-int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);
-int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);
-int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);
-int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);
-int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);
-int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);
-int test_kron(BIO *bp,BN_CTX *ctx);
-int test_sqrt(BIO *bp,BN_CTX *ctx);
-int rand_neg(void);
-static int results=0;
-
-static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
-"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-static void message(BIO *out, char *m)
- {
- fprintf(stderr, "test %s\n", m);
- BIO_puts(out, "print \"test ");
- BIO_puts(out, m);
- BIO_puts(out, "\\n\"\n");
- }
-
-int main(int argc, char *argv[])
- {
- BN_CTX *ctx;
- BIO *out;
- char *outfile=NULL;
-
- results = 0;
-
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-results") == 0)
- results=1;
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) break;
- outfile= *(++argv);
- }
- argc--;
- argv++;
- }
-
-
- ctx=BN_CTX_new();
- if (ctx == NULL) EXIT(1);
-
- out=BIO_new(BIO_s_file());
- if (out == NULL) EXIT(1);
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
- }
- else
- {
- if (!BIO_write_filename(out,outfile))
- {
- perror(outfile);
- EXIT(1);
- }
- }
-
- if (!results)
- BIO_puts(out,"obase=16\nibase=16\n");
-
- message(out,"BN_add");
- if (!test_add(out)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_sub");
- if (!test_sub(out)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_lshift1");
- if (!test_lshift1(out)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_lshift (fixed)");
- if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
- goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_lshift");
- if (!test_lshift(out,ctx,NULL)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_rshift1");
- if (!test_rshift1(out)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_rshift");
- if (!test_rshift(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_sqr");
- if (!test_sqr(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_mul");
- if (!test_mul(out)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_div");
- if (!test_div(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_div_word");
- if (!test_div_word(out)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_div_recp");
- if (!test_div_recp(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_mod");
- if (!test_mod(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_mod_mul");
- if (!test_mod_mul(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_mont");
- if (!test_mont(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_mod_exp");
- if (!test_mod_exp(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_mod_exp_mont_consttime");
- if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_exp");
- if (!test_exp(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_kronecker");
- if (!test_kron(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_mod_sqrt");
- if (!test_sqrt(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_GF2m_add");
- if (!test_gf2m_add(out)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_GF2m_mod");
- if (!test_gf2m_mod(out)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_GF2m_mod_mul");
- if (!test_gf2m_mod_mul(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_GF2m_mod_sqr");
- if (!test_gf2m_mod_sqr(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_GF2m_mod_inv");
- if (!test_gf2m_mod_inv(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_GF2m_mod_div");
- if (!test_gf2m_mod_div(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_GF2m_mod_exp");
- if (!test_gf2m_mod_exp(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_GF2m_mod_sqrt");
- if (!test_gf2m_mod_sqrt(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- message(out,"BN_GF2m_mod_solve_quad");
- if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
- (void)BIO_flush(out);
-
- BN_CTX_free(ctx);
- BIO_free(out);
-
-/**/
- EXIT(0);
-err:
- BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
- * the failure, see test_bn in test/Makefile.ssl*/
- (void)BIO_flush(out);
- ERR_load_crypto_strings();
- ERR_print_errors_fp(stderr);
- EXIT(1);
- return(1);
- }
-
-int test_add(BIO *bp)
- {
- BIGNUM a,b,c;
- int i;
-
- BN_init(&a);
- BN_init(&b);
- BN_init(&c);
-
- BN_bntest_rand(&a,512,0,0);
- for (i=0; i<num0; i++)
- {
- BN_bntest_rand(&b,450+i,0,0);
- a.neg=rand_neg();
- b.neg=rand_neg();
- BN_add(&c,&a,&b);
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,&a);
- BIO_puts(bp," + ");
- BN_print(bp,&b);
- BIO_puts(bp," - ");
- }
- BN_print(bp,&c);
- BIO_puts(bp,"\n");
- }
- a.neg=!a.neg;
- b.neg=!b.neg;
- BN_add(&c,&c,&b);
- BN_add(&c,&c,&a);
- if(!BN_is_zero(&c))
- {
- fprintf(stderr,"Add test failed!\n");
- return 0;
- }
- }
- BN_free(&a);
- BN_free(&b);
- BN_free(&c);
- return(1);
- }
-
-int test_sub(BIO *bp)
- {
- BIGNUM a,b,c;
- int i;
-
- BN_init(&a);
- BN_init(&b);
- BN_init(&c);
-
- for (i=0; i<num0+num1; i++)
- {
- if (i < num1)
- {
- BN_bntest_rand(&a,512,0,0);
- BN_copy(&b,&a);
- if (BN_set_bit(&a,i)==0) return(0);
- BN_add_word(&b,i);
- }
- else
- {
- BN_bntest_rand(&b,400+i-num1,0,0);
- a.neg=rand_neg();
- b.neg=rand_neg();
- }
- BN_sub(&c,&a,&b);
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,&a);
- BIO_puts(bp," - ");
- BN_print(bp,&b);
- BIO_puts(bp," - ");
- }
- BN_print(bp,&c);
- BIO_puts(bp,"\n");
- }
- BN_add(&c,&c,&b);
- BN_sub(&c,&c,&a);
- if(!BN_is_zero(&c))
- {
- fprintf(stderr,"Subtract test failed!\n");
- return 0;
- }
- }
- BN_free(&a);
- BN_free(&b);
- BN_free(&c);
- return(1);
- }
-
-int test_div(BIO *bp, BN_CTX *ctx)
- {
- BIGNUM a,b,c,d,e;
- int i;
-
- BN_init(&a);
- BN_init(&b);
- BN_init(&c);
- BN_init(&d);
- BN_init(&e);
-
- for (i=0; i<num0+num1; i++)
- {
- if (i < num1)
- {
- BN_bntest_rand(&a,400,0,0);
- BN_copy(&b,&a);
- BN_lshift(&a,&a,i);
- BN_add_word(&a,i);
- }
- else
- BN_bntest_rand(&b,50+3*(i-num1),0,0);
- a.neg=rand_neg();
- b.neg=rand_neg();
- BN_div(&d,&c,&a,&b,ctx);
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,&a);
- BIO_puts(bp," / ");
- BN_print(bp,&b);
- BIO_puts(bp," - ");
- }
- BN_print(bp,&d);
- BIO_puts(bp,"\n");
-
- if (!results)
- {
- BN_print(bp,&a);
- BIO_puts(bp," % ");
- BN_print(bp,&b);
- BIO_puts(bp," - ");
- }
- BN_print(bp,&c);
- BIO_puts(bp,"\n");
- }
- BN_mul(&e,&d,&b,ctx);
- BN_add(&d,&e,&c);
- BN_sub(&d,&d,&a);
- if(!BN_is_zero(&d))
- {
- fprintf(stderr,"Division test failed!\n");
- return 0;
- }
- }
- BN_free(&a);
- BN_free(&b);
- BN_free(&c);
- BN_free(&d);
- BN_free(&e);
- return(1);
- }
-
-static void print_word(BIO *bp,BN_ULONG w)
- {
-#ifdef SIXTY_FOUR_BIT
- if (sizeof(w) > sizeof(unsigned long))
- {
- unsigned long h=(unsigned long)(w>>32),
- l=(unsigned long)(w);
-
- if (h) BIO_printf(bp,"%lX%08lX",h,l);
- else BIO_printf(bp,"%lX",l);
- return;
- }
-#endif
- BIO_printf(bp,"%lX",w);
- }
-
-int test_div_word(BIO *bp)
- {
- BIGNUM a,b;
- BN_ULONG r,s;
- int i;
-
- BN_init(&a);
- BN_init(&b);
-
- for (i=0; i<num0; i++)
- {
- do {
- BN_bntest_rand(&a,512,-1,0);
- BN_bntest_rand(&b,BN_BITS2,-1,0);
- s = b.d[0];
- } while (!s);
-
- BN_copy(&b, &a);
- r = BN_div_word(&b, s);
-
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,&a);
- BIO_puts(bp," / ");
- print_word(bp,s);
- BIO_puts(bp," - ");
- }
- BN_print(bp,&b);
- BIO_puts(bp,"\n");
-
- if (!results)
- {
- BN_print(bp,&a);
- BIO_puts(bp," % ");
- print_word(bp,s);
- BIO_puts(bp," - ");
- }
- print_word(bp,r);
- BIO_puts(bp,"\n");
- }
- BN_mul_word(&b,s);
- BN_add_word(&b,r);
- BN_sub(&b,&a,&b);
- if(!BN_is_zero(&b))
- {
- fprintf(stderr,"Division (word) test failed!\n");
- return 0;
- }
- }
- BN_free(&a);
- BN_free(&b);
- return(1);
- }
-
-int test_div_recp(BIO *bp, BN_CTX *ctx)
- {
- BIGNUM a,b,c,d,e;
- BN_RECP_CTX recp;
- int i;
-
- BN_RECP_CTX_init(&recp);
- BN_init(&a);
- BN_init(&b);
- BN_init(&c);
- BN_init(&d);
- BN_init(&e);
-
- for (i=0; i<num0+num1; i++)
- {
- if (i < num1)
- {
- BN_bntest_rand(&a,400,0,0);
- BN_copy(&b,&a);
- BN_lshift(&a,&a,i);
- BN_add_word(&a,i);
- }
- else
- BN_bntest_rand(&b,50+3*(i-num1),0,0);
- a.neg=rand_neg();
- b.neg=rand_neg();
- BN_RECP_CTX_set(&recp,&b,ctx);
- BN_div_recp(&d,&c,&a,&recp,ctx);
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,&a);
- BIO_puts(bp," / ");
- BN_print(bp,&b);
- BIO_puts(bp," - ");
- }
- BN_print(bp,&d);
- BIO_puts(bp,"\n");
-
- if (!results)
- {
- BN_print(bp,&a);
- BIO_puts(bp," % ");
- BN_print(bp,&b);
- BIO_puts(bp," - ");
- }
- BN_print(bp,&c);
- BIO_puts(bp,"\n");
- }
- BN_mul(&e,&d,&b,ctx);
- BN_add(&d,&e,&c);
- BN_sub(&d,&d,&a);
- if(!BN_is_zero(&d))
- {
- fprintf(stderr,"Reciprocal division test failed!\n");
- fprintf(stderr,"a=");
- BN_print_fp(stderr,&a);
- fprintf(stderr,"\nb=");
- BN_print_fp(stderr,&b);
- fprintf(stderr,"\n");
- return 0;
- }
- }
- BN_free(&a);
- BN_free(&b);
- BN_free(&c);
- BN_free(&d);
- BN_free(&e);
- BN_RECP_CTX_free(&recp);
- return(1);
- }
-
-int test_mul(BIO *bp)
- {
- BIGNUM a,b,c,d,e;
- int i;
- BN_CTX *ctx;
-
- ctx = BN_CTX_new();
- if (ctx == NULL) EXIT(1);
-
- BN_init(&a);
- BN_init(&b);
- BN_init(&c);
- BN_init(&d);
- BN_init(&e);
-
- for (i=0; i<num0+num1; i++)
- {
- if (i <= num1)
- {
- BN_bntest_rand(&a,100,0,0);
- BN_bntest_rand(&b,100,0,0);
- }
- else
- BN_bntest_rand(&b,i-num1,0,0);
- a.neg=rand_neg();
- b.neg=rand_neg();
- BN_mul(&c,&a,&b,ctx);
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,&a);
- BIO_puts(bp," * ");
- BN_print(bp,&b);
- BIO_puts(bp," - ");
- }
- BN_print(bp,&c);
- BIO_puts(bp,"\n");
- }
- BN_div(&d,&e,&c,&a,ctx);
- BN_sub(&d,&d,&b);
- if(!BN_is_zero(&d) || !BN_is_zero(&e))
- {
- fprintf(stderr,"Multiplication test failed!\n");
- return 0;
- }
- }
- BN_free(&a);
- BN_free(&b);
- BN_free(&c);
- BN_free(&d);
- BN_free(&e);
- BN_CTX_free(ctx);
- return(1);
- }
-
-int test_sqr(BIO *bp, BN_CTX *ctx)
- {
- BIGNUM a,c,d,e;
- int i;
-
- BN_init(&a);
- BN_init(&c);
- BN_init(&d);
- BN_init(&e);
-
- for (i=0; i<num0; i++)
- {
- BN_bntest_rand(&a,40+i*10,0,0);
- a.neg=rand_neg();
- BN_sqr(&c,&a,ctx);
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,&a);
- BIO_puts(bp," * ");
- BN_print(bp,&a);
- BIO_puts(bp," - ");
- }
- BN_print(bp,&c);
- BIO_puts(bp,"\n");
- }
- BN_div(&d,&e,&c,&a,ctx);
- BN_sub(&d,&d,&a);
- if(!BN_is_zero(&d) || !BN_is_zero(&e))
- {
- fprintf(stderr,"Square test failed!\n");
- return 0;
- }
- }
- BN_free(&a);
- BN_free(&c);
- BN_free(&d);
- BN_free(&e);
- return(1);
- }
-
-int test_mont(BIO *bp, BN_CTX *ctx)
- {
- BIGNUM a,b,c,d,A,B;
- BIGNUM n;
- int i;
- BN_MONT_CTX *mont;
-
- BN_init(&a);
- BN_init(&b);
- BN_init(&c);
- BN_init(&d);
- BN_init(&A);
- BN_init(&B);
- BN_init(&n);
-
- mont=BN_MONT_CTX_new();
-
- BN_bntest_rand(&a,100,0,0); /**/
- BN_bntest_rand(&b,100,0,0); /**/
- for (i=0; i<num2; i++)
- {
- int bits = (200*(i+1))/num2;
-
- if (bits == 0)
- continue;
- BN_bntest_rand(&n,bits,0,1);
- BN_MONT_CTX_set(mont,&n,ctx);
-
- BN_nnmod(&a,&a,&n,ctx);
- BN_nnmod(&b,&b,&n,ctx);
-
- BN_to_montgomery(&A,&a,mont,ctx);
- BN_to_montgomery(&B,&b,mont,ctx);
-
- BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
- BN_from_montgomery(&A,&c,mont,ctx);/**/
- if (bp != NULL)
- {
- if (!results)
- {
-#ifdef undef
-fprintf(stderr,"%d * %d %% %d\n",
-BN_num_bits(&a),
-BN_num_bits(&b),
-BN_num_bits(mont->N));
-#endif
- BN_print(bp,&a);
- BIO_puts(bp," * ");
- BN_print(bp,&b);
- BIO_puts(bp," % ");
- BN_print(bp,&(mont->N));
- BIO_puts(bp," - ");
- }
- BN_print(bp,&A);
- BIO_puts(bp,"\n");
- }
- BN_mod_mul(&d,&a,&b,&n,ctx);
- BN_sub(&d,&d,&A);
- if(!BN_is_zero(&d))
- {
- fprintf(stderr,"Montgomery multiplication test failed!\n");
- return 0;
- }
- }
- BN_MONT_CTX_free(mont);
- BN_free(&a);
- BN_free(&b);
- BN_free(&c);
- BN_free(&d);
- BN_free(&A);
- BN_free(&B);
- BN_free(&n);
- return(1);
- }
-
-int test_mod(BIO *bp, BN_CTX *ctx)
- {
- BIGNUM *a,*b,*c,*d,*e;
- int i;
-
- a=BN_new();
- b=BN_new();
- c=BN_new();
- d=BN_new();
- e=BN_new();
-
- BN_bntest_rand(a,1024,0,0); /**/
- for (i=0; i<num0; i++)
- {
- BN_bntest_rand(b,450+i*10,0,0); /**/
- a->neg=rand_neg();
- b->neg=rand_neg();
- BN_mod(c,a,b,ctx);/**/
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp," % ");
- BN_print(bp,b);
- BIO_puts(bp," - ");
- }
- BN_print(bp,c);
- BIO_puts(bp,"\n");
- }
- BN_div(d,e,a,b,ctx);
- BN_sub(e,e,c);
- if(!BN_is_zero(e))
- {
- fprintf(stderr,"Modulo test failed!\n");
- return 0;
- }
- }
- BN_free(a);
- BN_free(b);
- BN_free(c);
- BN_free(d);
- BN_free(e);
- return(1);
- }
-
-int test_mod_mul(BIO *bp, BN_CTX *ctx)
- {
- BIGNUM *a,*b,*c,*d,*e;
- int i,j;
-
- a=BN_new();
- b=BN_new();
- c=BN_new();
- d=BN_new();
- e=BN_new();
-
- for (j=0; j<3; j++) {
- BN_bntest_rand(c,1024,0,0); /**/
- for (i=0; i<num0; i++)
- {
- BN_bntest_rand(a,475+i*10,0,0); /**/
- BN_bntest_rand(b,425+i*11,0,0); /**/
- a->neg=rand_neg();
- b->neg=rand_neg();
- if (!BN_mod_mul(e,a,b,c,ctx))
- {
- unsigned long l;
-
- while ((l=ERR_get_error()))
- fprintf(stderr,"ERROR:%s\n",
- ERR_error_string(l,NULL));
- EXIT(1);
- }
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp," * ");
- BN_print(bp,b);
- BIO_puts(bp," % ");
- BN_print(bp,c);
- if ((a->neg ^ b->neg) && !BN_is_zero(e))
- {
- /* If (a*b) % c is negative, c must be added
- * in order to obtain the normalized remainder
- * (new with OpenSSL 0.9.7, previous versions of
- * BN_mod_mul could generate negative results)
- */
- BIO_puts(bp," + ");
- BN_print(bp,c);
- }
- BIO_puts(bp," - ");
- }
- BN_print(bp,e);
- BIO_puts(bp,"\n");
- }
- BN_mul(d,a,b,ctx);
- BN_sub(d,d,e);
- BN_div(a,b,d,c,ctx);
- if(!BN_is_zero(b))
- {
- fprintf(stderr,"Modulo multiply test failed!\n");
- ERR_print_errors_fp(stderr);
- return 0;
- }
- }
- }
- BN_free(a);
- BN_free(b);
- BN_free(c);
- BN_free(d);
- BN_free(e);
- return(1);
- }
-
-int test_mod_exp(BIO *bp, BN_CTX *ctx)
- {
- BIGNUM *a,*b,*c,*d,*e;
- int i;
-
- a=BN_new();
- b=BN_new();
- c=BN_new();
- d=BN_new();
- e=BN_new();
-
- BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
- for (i=0; i<num2; i++)
- {
- BN_bntest_rand(a,20+i*5,0,0); /**/
- BN_bntest_rand(b,2+i,0,0); /**/
-
- if (!BN_mod_exp(d,a,b,c,ctx))
- return(0);
-
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp," ^ ");
- BN_print(bp,b);
- BIO_puts(bp," % ");
- BN_print(bp,c);
- BIO_puts(bp," - ");
- }
- BN_print(bp,d);
- BIO_puts(bp,"\n");
- }
- BN_exp(e,a,b,ctx);
- BN_sub(e,e,d);
- BN_div(a,b,e,c,ctx);
- if(!BN_is_zero(b))
- {
- fprintf(stderr,"Modulo exponentiation test failed!\n");
- return 0;
- }
- }
- BN_free(a);
- BN_free(b);
- BN_free(c);
- BN_free(d);
- BN_free(e);
- return(1);
- }
-
-int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
- {
- BIGNUM *a,*b,*c,*d,*e;
- int i;
-
- a=BN_new();
- b=BN_new();
- c=BN_new();
- d=BN_new();
- e=BN_new();
-
- BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
- for (i=0; i<num2; i++)
- {
- BN_bntest_rand(a,20+i*5,0,0); /**/
- BN_bntest_rand(b,2+i,0,0); /**/
-
- if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
- return(00);
-
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp," ^ ");
- BN_print(bp,b);
- BIO_puts(bp," % ");
- BN_print(bp,c);
- BIO_puts(bp," - ");
- }
- BN_print(bp,d);
- BIO_puts(bp,"\n");
- }
- BN_exp(e,a,b,ctx);
- BN_sub(e,e,d);
- BN_div(a,b,e,c,ctx);
- if(!BN_is_zero(b))
- {
- fprintf(stderr,"Modulo exponentiation test failed!\n");
- return 0;
- }
- }
- BN_free(a);
- BN_free(b);
- BN_free(c);
- BN_free(d);
- BN_free(e);
- return(1);
- }
-
-int test_exp(BIO *bp, BN_CTX *ctx)
- {
- BIGNUM *a,*b,*d,*e,*one;
- int i;
-
- a=BN_new();
- b=BN_new();
- d=BN_new();
- e=BN_new();
- one=BN_new();
- BN_one(one);
-
- for (i=0; i<num2; i++)
- {
- BN_bntest_rand(a,20+i*5,0,0); /**/
- BN_bntest_rand(b,2+i,0,0); /**/
-
- if (BN_exp(d,a,b,ctx) <= 0)
- return(0);
-
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp," ^ ");
- BN_print(bp,b);
- BIO_puts(bp," - ");
- }
- BN_print(bp,d);
- BIO_puts(bp,"\n");
- }
- BN_one(e);
- for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
- BN_mul(e,e,a,ctx);
- BN_sub(e,e,d);
- if(!BN_is_zero(e))
- {
- fprintf(stderr,"Exponentiation test failed!\n");
- return 0;
- }
- }
- BN_free(a);
- BN_free(b);
- BN_free(d);
- BN_free(e);
- BN_free(one);
- return(1);
- }
-
-int test_gf2m_add(BIO *bp)
- {
- BIGNUM a,b,c;
- int i, ret = 0;
-
- BN_init(&a);
- BN_init(&b);
- BN_init(&c);
-
- for (i=0; i<num0; i++)
- {
- BN_rand(&a,512,0,0);
- BN_copy(&b, BN_value_one());
- a.neg=rand_neg();
- b.neg=rand_neg();
- BN_GF2m_add(&c,&a,&b);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,&a);
- BIO_puts(bp," ^ ");
- BN_print(bp,&b);
- BIO_puts(bp," = ");
- }
- BN_print(bp,&c);
- BIO_puts(bp,"\n");
- }
-#endif
- /* Test that two added values have the correct parity. */
- if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))
- {
- fprintf(stderr,"GF(2^m) addition test (a) failed!\n");
- goto err;
- }
- BN_GF2m_add(&c,&c,&c);
- /* Test that c + c = 0. */
- if(!BN_is_zero(&c))
- {
- fprintf(stderr,"GF(2^m) addition test (b) failed!\n");
- goto err;
- }
- }
- ret = 1;
- err:
- BN_free(&a);
- BN_free(&b);
- BN_free(&c);
- return ret;
- }
-
-int test_gf2m_mod(BIO *bp)
- {
- BIGNUM *a,*b[2],*c,*d,*e;
- int i, j, ret = 0;
- unsigned int p0[] = {163,7,6,3,0};
- unsigned int p1[] = {193,15,0};
-
- a=BN_new();
- b[0]=BN_new();
- b[1]=BN_new();
- c=BN_new();
- d=BN_new();
- e=BN_new();
-
- BN_GF2m_arr2poly(p0, b[0]);
- BN_GF2m_arr2poly(p1, b[1]);
-
- for (i=0; i<num0; i++)
- {
- BN_bntest_rand(a, 1024, 0, 0);
- for (j=0; j < 2; j++)
- {
- BN_GF2m_mod(c, a, b[j]);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp," % ");
- BN_print(bp,b[j]);
- BIO_puts(bp," - ");
- BN_print(bp,c);
- BIO_puts(bp,"\n");
- }
- }
-#endif
- BN_GF2m_add(d, a, c);
- BN_GF2m_mod(e, d, b[j]);
- /* Test that a + (a mod p) mod p == 0. */
- if(!BN_is_zero(e))
- {
- fprintf(stderr,"GF(2^m) modulo test failed!\n");
- goto err;
- }
- }
- }
- ret = 1;
- err:
- BN_free(a);
- BN_free(b[0]);
- BN_free(b[1]);
- BN_free(c);
- BN_free(d);
- BN_free(e);
- return ret;
- }
-
-int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
- {
- BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
- int i, j, ret = 0;
- unsigned int p0[] = {163,7,6,3,0};
- unsigned int p1[] = {193,15,0};
-
- a=BN_new();
- b[0]=BN_new();
- b[1]=BN_new();
- c=BN_new();
- d=BN_new();
- e=BN_new();
- f=BN_new();
- g=BN_new();
- h=BN_new();
-
- BN_GF2m_arr2poly(p0, b[0]);
- BN_GF2m_arr2poly(p1, b[1]);
-
- for (i=0; i<num0; i++)
- {
- BN_bntest_rand(a, 1024, 0, 0);
- BN_bntest_rand(c, 1024, 0, 0);
- BN_bntest_rand(d, 1024, 0, 0);
- for (j=0; j < 2; j++)
- {
- BN_GF2m_mod_mul(e, a, c, b[j], ctx);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp," * ");
- BN_print(bp,c);
- BIO_puts(bp," % ");
- BN_print(bp,b[j]);
- BIO_puts(bp," - ");
- BN_print(bp,e);
- BIO_puts(bp,"\n");
- }
- }
-#endif
- BN_GF2m_add(f, a, d);
- BN_GF2m_mod_mul(g, f, c, b[j], ctx);
- BN_GF2m_mod_mul(h, d, c, b[j], ctx);
- BN_GF2m_add(f, e, g);
- BN_GF2m_add(f, f, h);
- /* Test that (a+d)*c = a*c + d*c. */
- if(!BN_is_zero(f))
- {
- fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");
- goto err;
- }
- }
- }
- ret = 1;
- err:
- BN_free(a);
- BN_free(b[0]);
- BN_free(b[1]);
- BN_free(c);
- BN_free(d);
- BN_free(e);
- BN_free(f);
- BN_free(g);
- BN_free(h);
- return ret;
- }
-
-int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
- {
- BIGNUM *a,*b[2],*c,*d;
- int i, j, ret = 0;
- unsigned int p0[] = {163,7,6,3,0};
- unsigned int p1[] = {193,15,0};
-
- a=BN_new();
- b[0]=BN_new();
- b[1]=BN_new();
- c=BN_new();
- d=BN_new();
-
- BN_GF2m_arr2poly(p0, b[0]);
- BN_GF2m_arr2poly(p1, b[1]);
-
- for (i=0; i<num0; i++)
- {
- BN_bntest_rand(a, 1024, 0, 0);
- for (j=0; j < 2; j++)
- {
- BN_GF2m_mod_sqr(c, a, b[j], ctx);
- BN_copy(d, a);
- BN_GF2m_mod_mul(d, a, d, b[j], ctx);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp," ^ 2 % ");
- BN_print(bp,b[j]);
- BIO_puts(bp, " = ");
- BN_print(bp,c);
- BIO_puts(bp,"; a * a = ");
- BN_print(bp,d);
- BIO_puts(bp,"\n");
- }
- }
-#endif
- BN_GF2m_add(d, c, d);
- /* Test that a*a = a^2. */
- if(!BN_is_zero(d))
- {
- fprintf(stderr,"GF(2^m) modular squaring test failed!\n");
- goto err;
- }
- }
- }
- ret = 1;
- err:
- BN_free(a);
- BN_free(b[0]);
- BN_free(b[1]);
- BN_free(c);
- BN_free(d);
- return ret;
- }
-
-int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
- {
- BIGNUM *a,*b[2],*c,*d;
- int i, j, ret = 0;
- unsigned int p0[] = {163,7,6,3,0};
- unsigned int p1[] = {193,15,0};
-
- a=BN_new();
- b[0]=BN_new();
- b[1]=BN_new();
- c=BN_new();
- d=BN_new();
-
- BN_GF2m_arr2poly(p0, b[0]);
- BN_GF2m_arr2poly(p1, b[1]);
-
- for (i=0; i<num0; i++)
- {
- BN_bntest_rand(a, 512, 0, 0);
- for (j=0; j < 2; j++)
- {
- BN_GF2m_mod_inv(c, a, b[j], ctx);
- BN_GF2m_mod_mul(d, a, c, b[j], ctx);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp, " * ");
- BN_print(bp,c);
- BIO_puts(bp," - 1 % ");
- BN_print(bp,b[j]);
- BIO_puts(bp,"\n");
- }
- }
-#endif
- /* Test that ((1/a)*a) = 1. */
- if(!BN_is_one(d))
- {
- fprintf(stderr,"GF(2^m) modular inversion test failed!\n");
- goto err;
- }
- }
- }
- ret = 1;
- err:
- BN_free(a);
- BN_free(b[0]);
- BN_free(b[1]);
- BN_free(c);
- BN_free(d);
- return ret;
- }
-
-int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
- {
- BIGNUM *a,*b[2],*c,*d,*e,*f;
- int i, j, ret = 0;
- unsigned int p0[] = {163,7,6,3,0};
- unsigned int p1[] = {193,15,0};
-
- a=BN_new();
- b[0]=BN_new();
- b[1]=BN_new();
- c=BN_new();
- d=BN_new();
- e=BN_new();
- f=BN_new();
-
- BN_GF2m_arr2poly(p0, b[0]);
- BN_GF2m_arr2poly(p1, b[1]);
-
- for (i=0; i<num0; i++)
- {
- BN_bntest_rand(a, 512, 0, 0);
- BN_bntest_rand(c, 512, 0, 0);
- for (j=0; j < 2; j++)
- {
- BN_GF2m_mod_div(d, a, c, b[j], ctx);
- BN_GF2m_mod_mul(e, d, c, b[j], ctx);
- BN_GF2m_mod_div(f, a, e, b[j], ctx);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp, " = ");
- BN_print(bp,c);
- BIO_puts(bp," * ");
- BN_print(bp,d);
- BIO_puts(bp, " % ");
- BN_print(bp,b[j]);
- BIO_puts(bp,"\n");
- }
- }
-#endif
- /* Test that ((a/c)*c)/a = 1. */
- if(!BN_is_one(f))
- {
- fprintf(stderr,"GF(2^m) modular division test failed!\n");
- goto err;
- }
- }
- }
- ret = 1;
- err:
- BN_free(a);
- BN_free(b[0]);
- BN_free(b[1]);
- BN_free(c);
- BN_free(d);
- BN_free(e);
- BN_free(f);
- return ret;
- }
-
-int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
- {
- BIGNUM *a,*b[2],*c,*d,*e,*f;
- int i, j, ret = 0;
- unsigned int p0[] = {163,7,6,3,0};
- unsigned int p1[] = {193,15,0};
-
- a=BN_new();
- b[0]=BN_new();
- b[1]=BN_new();
- c=BN_new();
- d=BN_new();
- e=BN_new();
- f=BN_new();
-
- BN_GF2m_arr2poly(p0, b[0]);
- BN_GF2m_arr2poly(p1, b[1]);
-
- for (i=0; i<num0; i++)
- {
- BN_bntest_rand(a, 512, 0, 0);
- BN_bntest_rand(c, 512, 0, 0);
- BN_bntest_rand(d, 512, 0, 0);
- for (j=0; j < 2; j++)
- {
- BN_GF2m_mod_exp(e, a, c, b[j], ctx);
- BN_GF2m_mod_exp(f, a, d, b[j], ctx);
- BN_GF2m_mod_mul(e, e, f, b[j], ctx);
- BN_add(f, c, d);
- BN_GF2m_mod_exp(f, a, f, b[j], ctx);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp, " ^ (");
- BN_print(bp,c);
- BIO_puts(bp," + ");
- BN_print(bp,d);
- BIO_puts(bp, ") = ");
- BN_print(bp,e);
- BIO_puts(bp, "; - ");
- BN_print(bp,f);
- BIO_puts(bp, " % ");
- BN_print(bp,b[j]);
- BIO_puts(bp,"\n");
- }
- }
-#endif
- BN_GF2m_add(f, e, f);
- /* Test that a^(c+d)=a^c*a^d. */
- if(!BN_is_zero(f))
- {
- fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");
- goto err;
- }
- }
- }
- ret = 1;
- err:
- BN_free(a);
- BN_free(b[0]);
- BN_free(b[1]);
- BN_free(c);
- BN_free(d);
- BN_free(e);
- BN_free(f);
- return ret;
- }
-
-int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
- {
- BIGNUM *a,*b[2],*c,*d,*e,*f;
- int i, j, ret = 0;
- unsigned int p0[] = {163,7,6,3,0};
- unsigned int p1[] = {193,15,0};
-
- a=BN_new();
- b[0]=BN_new();
- b[1]=BN_new();
- c=BN_new();
- d=BN_new();
- e=BN_new();
- f=BN_new();
-
- BN_GF2m_arr2poly(p0, b[0]);
- BN_GF2m_arr2poly(p1, b[1]);
-
- for (i=0; i<num0; i++)
- {
- BN_bntest_rand(a, 512, 0, 0);
- for (j=0; j < 2; j++)
- {
- BN_GF2m_mod(c, a, b[j]);
- BN_GF2m_mod_sqrt(d, a, b[j], ctx);
- BN_GF2m_mod_sqr(e, d, b[j], ctx);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,d);
- BIO_puts(bp, " ^ 2 - ");
- BN_print(bp,a);
- BIO_puts(bp,"\n");
- }
- }
-#endif
- BN_GF2m_add(f, c, e);
- /* Test that d^2 = a, where d = sqrt(a). */
- if(!BN_is_zero(f))
- {
- fprintf(stderr,"GF(2^m) modular square root test failed!\n");
- goto err;
- }
- }
- }
- ret = 1;
- err:
- BN_free(a);
- BN_free(b[0]);
- BN_free(b[1]);
- BN_free(c);
- BN_free(d);
- BN_free(e);
- BN_free(f);
- return ret;
- }
-
-int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
- {
- BIGNUM *a,*b[2],*c,*d,*e;
- int i, j, s = 0, t, ret = 0;
- unsigned int p0[] = {163,7,6,3,0};
- unsigned int p1[] = {193,15,0};
-
- a=BN_new();
- b[0]=BN_new();
- b[1]=BN_new();
- c=BN_new();
- d=BN_new();
- e=BN_new();
-
- BN_GF2m_arr2poly(p0, b[0]);
- BN_GF2m_arr2poly(p1, b[1]);
-
- for (i=0; i<num0; i++)
- {
- BN_bntest_rand(a, 512, 0, 0);
- for (j=0; j < 2; j++)
- {
- t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
- if (t)
- {
- s++;
- BN_GF2m_mod_sqr(d, c, b[j], ctx);
- BN_GF2m_add(d, c, d);
- BN_GF2m_mod(e, a, b[j]);
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,c);
- BIO_puts(bp, " is root of z^2 + z = ");
- BN_print(bp,a);
- BIO_puts(bp, " % ");
- BN_print(bp,b[j]);
- BIO_puts(bp, "\n");
- }
- }
-#endif
- BN_GF2m_add(e, e, d);
- /* Test that solution of quadratic c satisfies c^2 + c = a. */
- if(!BN_is_zero(e))
- {
- fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");
- goto err;
- }
-
- }
- else
- {
-#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
- if (bp != NULL)
- {
- if (!results)
- {
- BIO_puts(bp, "There are no roots of z^2 + z = ");
- BN_print(bp,a);
- BIO_puts(bp, " % ");
- BN_print(bp,b[j]);
- BIO_puts(bp, "\n");
- }
- }
-#endif
- }
- }
- }
- if (s == 0)
- {
- fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
- fprintf(stderr,"this is very unlikely and probably indicates an error.\n");
- goto err;
- }
- ret = 1;
- err:
- BN_free(a);
- BN_free(b[0]);
- BN_free(b[1]);
- BN_free(c);
- BN_free(d);
- BN_free(e);
- return ret;
- }
-
-static int genprime_cb(int p, int n, BN_GENCB *arg)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- putc(c, stderr);
- fflush(stderr);
- return 1;
- }
-
-int test_kron(BIO *bp, BN_CTX *ctx)
- {
- BN_GENCB cb;
- BIGNUM *a,*b,*r,*t;
- int i;
- int legendre, kronecker;
- int ret = 0;
-
- a = BN_new();
- b = BN_new();
- r = BN_new();
- t = BN_new();
- if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
-
- BN_GENCB_set(&cb, genprime_cb, NULL);
-
- /* We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol).
- * In this case we know that if b is prime, then BN_kronecker(a, b, ctx)
- * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
- * So we generate a random prime b and compare these values
- * for a number of random a's. (That is, we run the Solovay-Strassen
- * primality test to confirm that b is prime, except that we
- * don't want to test whether b is prime but whether BN_kronecker
- * works.) */
-
- if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb)) goto err;
- b->neg = rand_neg();
- putc('\n', stderr);
-
- for (i = 0; i < num0; i++)
- {
- if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
- a->neg = rand_neg();
-
- /* t := (|b|-1)/2 (note that b is odd) */
- if (!BN_copy(t, b)) goto err;
- t->neg = 0;
- if (!BN_sub_word(t, 1)) goto err;
- if (!BN_rshift1(t, t)) goto err;
- /* r := a^t mod b */
- b->neg=0;
-
- if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
- b->neg=1;
-
- if (BN_is_word(r, 1))
- legendre = 1;
- else if (BN_is_zero(r))
- legendre = 0;
- else
- {
- if (!BN_add_word(r, 1)) goto err;
- if (0 != BN_ucmp(r, b))
- {
- fprintf(stderr, "Legendre symbol computation failed\n");
- goto err;
- }
- legendre = -1;
- }
-
- kronecker = BN_kronecker(a, b, ctx);
- if (kronecker < -1) goto err;
- /* we actually need BN_kronecker(a, |b|) */
- if (a->neg && b->neg)
- kronecker = -kronecker;
-
- if (legendre != kronecker)
- {
- fprintf(stderr, "legendre != kronecker; a = ");
- BN_print_fp(stderr, a);
- fprintf(stderr, ", b = ");
- BN_print_fp(stderr, b);
- fprintf(stderr, "\n");
- goto err;
- }
-
- putc('.', stderr);
- fflush(stderr);
- }
-
- putc('\n', stderr);
- fflush(stderr);
- ret = 1;
- err:
- if (a != NULL) BN_free(a);
- if (b != NULL) BN_free(b);
- if (r != NULL) BN_free(r);
- if (t != NULL) BN_free(t);
- return ret;
- }
-
-int test_sqrt(BIO *bp, BN_CTX *ctx)
- {
- BN_GENCB cb;
- BIGNUM *a,*p,*r;
- int i, j;
- int ret = 0;
-
- a = BN_new();
- p = BN_new();
- r = BN_new();
- if (a == NULL || p == NULL || r == NULL) goto err;
-
- BN_GENCB_set(&cb, genprime_cb, NULL);
-
- for (i = 0; i < 16; i++)
- {
- if (i < 8)
- {
- unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
-
- if (!BN_set_word(p, primes[i])) goto err;
- }
- else
- {
- if (!BN_set_word(a, 32)) goto err;
- if (!BN_set_word(r, 2*i + 1)) goto err;
-
- if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb)) goto err;
- putc('\n', stderr);
- }
- p->neg = rand_neg();
-
- for (j = 0; j < num2; j++)
- {
- /* construct 'a' such that it is a square modulo p,
- * but in general not a proper square and not reduced modulo p */
- if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
- if (!BN_nnmod(r, r, p, ctx)) goto err;
- if (!BN_mod_sqr(r, r, p, ctx)) goto err;
- if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
- if (!BN_nnmod(a, a, p, ctx)) goto err;
- if (!BN_mod_sqr(a, a, p, ctx)) goto err;
- if (!BN_mul(a, a, r, ctx)) goto err;
- if (rand_neg())
- if (!BN_sub(a, a, p)) goto err;
-
- if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
- if (!BN_mod_sqr(r, r, p, ctx)) goto err;
-
- if (!BN_nnmod(a, a, p, ctx)) goto err;
-
- if (BN_cmp(a, r) != 0)
- {
- fprintf(stderr, "BN_mod_sqrt failed: a = ");
- BN_print_fp(stderr, a);
- fprintf(stderr, ", r = ");
- BN_print_fp(stderr, r);
- fprintf(stderr, ", p = ");
- BN_print_fp(stderr, p);
- fprintf(stderr, "\n");
- goto err;
- }
-
- putc('.', stderr);
- fflush(stderr);
- }
-
- putc('\n', stderr);
- fflush(stderr);
- }
- ret = 1;
- err:
- if (a != NULL) BN_free(a);
- if (p != NULL) BN_free(p);
- if (r != NULL) BN_free(r);
- return ret;
- }
-
-int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
- {
- BIGNUM *a,*b,*c,*d;
- int i;
-
- b=BN_new();
- c=BN_new();
- d=BN_new();
- BN_one(c);
-
- if(a_)
- a=a_;
- else
- {
- a=BN_new();
- BN_bntest_rand(a,200,0,0); /**/
- a->neg=rand_neg();
- }
- for (i=0; i<num0; i++)
- {
- BN_lshift(b,a,i+1);
- BN_add(c,c,c);
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp," * ");
- BN_print(bp,c);
- BIO_puts(bp," - ");
- }
- BN_print(bp,b);
- BIO_puts(bp,"\n");
- }
- BN_mul(d,a,c,ctx);
- BN_sub(d,d,b);
- if(!BN_is_zero(d))
- {
- fprintf(stderr,"Left shift test failed!\n");
- fprintf(stderr,"a=");
- BN_print_fp(stderr,a);
- fprintf(stderr,"\nb=");
- BN_print_fp(stderr,b);
- fprintf(stderr,"\nc=");
- BN_print_fp(stderr,c);
- fprintf(stderr,"\nd=");
- BN_print_fp(stderr,d);
- fprintf(stderr,"\n");
- return 0;
- }
- }
- BN_free(a);
- BN_free(b);
- BN_free(c);
- BN_free(d);
- return(1);
- }
-
-int test_lshift1(BIO *bp)
- {
- BIGNUM *a,*b,*c;
- int i;
-
- a=BN_new();
- b=BN_new();
- c=BN_new();
-
- BN_bntest_rand(a,200,0,0); /**/
- a->neg=rand_neg();
- for (i=0; i<num0; i++)
- {
- BN_lshift1(b,a);
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp," * 2");
- BIO_puts(bp," - ");
- }
- BN_print(bp,b);
- BIO_puts(bp,"\n");
- }
- BN_add(c,a,a);
- BN_sub(a,b,c);
- if(!BN_is_zero(a))
- {
- fprintf(stderr,"Left shift one test failed!\n");
- return 0;
- }
-
- BN_copy(a,b);
- }
- BN_free(a);
- BN_free(b);
- BN_free(c);
- return(1);
- }
-
-int test_rshift(BIO *bp,BN_CTX *ctx)
- {
- BIGNUM *a,*b,*c,*d,*e;
- int i;
-
- a=BN_new();
- b=BN_new();
- c=BN_new();
- d=BN_new();
- e=BN_new();
- BN_one(c);
-
- BN_bntest_rand(a,200,0,0); /**/
- a->neg=rand_neg();
- for (i=0; i<num0; i++)
- {
- BN_rshift(b,a,i+1);
- BN_add(c,c,c);
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp," / ");
- BN_print(bp,c);
- BIO_puts(bp," - ");
- }
- BN_print(bp,b);
- BIO_puts(bp,"\n");
- }
- BN_div(d,e,a,c,ctx);
- BN_sub(d,d,b);
- if(!BN_is_zero(d))
- {
- fprintf(stderr,"Right shift test failed!\n");
- return 0;
- }
- }
- BN_free(a);
- BN_free(b);
- BN_free(c);
- BN_free(d);
- BN_free(e);
- return(1);
- }
-
-int test_rshift1(BIO *bp)
- {
- BIGNUM *a,*b,*c;
- int i;
-
- a=BN_new();
- b=BN_new();
- c=BN_new();
-
- BN_bntest_rand(a,200,0,0); /**/
- a->neg=rand_neg();
- for (i=0; i<num0; i++)
- {
- BN_rshift1(b,a);
- if (bp != NULL)
- {
- if (!results)
- {
- BN_print(bp,a);
- BIO_puts(bp," / 2");
- BIO_puts(bp," - ");
- }
- BN_print(bp,b);
- BIO_puts(bp,"\n");
- }
- BN_sub(c,a,b);
- BN_sub(c,c,b);
- if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
- {
- fprintf(stderr,"Right shift one test failed!\n");
- return 0;
- }
- BN_copy(a,b);
- }
- BN_free(a);
- BN_free(b);
- BN_free(c);
- return(1);
- }
-
-int rand_neg(void)
- {
- static unsigned int neg=0;
- static int sign[8]={0,0,0,1,1,0,1,1};
-
- return(sign[(neg++)%8]);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/bntest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/bntest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/bntest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/bntest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2015 @@
+/* crypto/bn/bntest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the Eric Young open source
+ * license provided above.
+ *
+ * The binary polynomial arithmetic software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+const int num0 = 100; /* number of tests */
+const int num1 = 50; /* additional tests for some functions */
+const int num2 = 5; /* number of tests for slow functions */
+
+int test_add(BIO *bp);
+int test_sub(BIO *bp);
+int test_lshift1(BIO *bp);
+int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_);
+int test_rshift1(BIO *bp);
+int test_rshift(BIO *bp, BN_CTX *ctx);
+int test_div(BIO *bp, BN_CTX *ctx);
+int test_div_word(BIO *bp);
+int test_div_recp(BIO *bp, BN_CTX *ctx);
+int test_mul(BIO *bp);
+int test_sqr(BIO *bp, BN_CTX *ctx);
+int test_mont(BIO *bp, BN_CTX *ctx);
+int test_mod(BIO *bp, BN_CTX *ctx);
+int test_mod_mul(BIO *bp, BN_CTX *ctx);
+int test_mod_exp(BIO *bp, BN_CTX *ctx);
+int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx);
+int test_exp(BIO *bp, BN_CTX *ctx);
+int test_gf2m_add(BIO *bp);
+int test_gf2m_mod(BIO *bp);
+int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx);
+int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx);
+int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx);
+int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx);
+int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx);
+int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx);
+int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx);
+int test_kron(BIO *bp, BN_CTX *ctx);
+int test_sqrt(BIO *bp, BN_CTX *ctx);
+int rand_neg(void);
+static int results = 0;
+
+static unsigned char lst[] =
+ "\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
+ "\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
+
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+
+static void message(BIO *out, char *m)
+{
+ fprintf(stderr, "test %s\n", m);
+ BIO_puts(out, "print \"test ");
+ BIO_puts(out, m);
+ BIO_puts(out, "\\n\"\n");
+}
+
+int main(int argc, char *argv[])
+{
+ BN_CTX *ctx;
+ BIO *out;
+ char *outfile = NULL;
+
+ results = 0;
+
+ RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-results") == 0)
+ results = 1;
+ else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ break;
+ outfile = *(++argv);
+ }
+ argc--;
+ argv++;
+ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ EXIT(1);
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ EXIT(1);
+ if (outfile == NULL) {
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+ } else {
+ if (!BIO_write_filename(out, outfile)) {
+ perror(outfile);
+ EXIT(1);
+ }
+ }
+
+ if (!results)
+ BIO_puts(out, "obase=16\nibase=16\n");
+
+ message(out, "BN_add");
+ if (!test_add(out))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_sub");
+ if (!test_sub(out))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_lshift1");
+ if (!test_lshift1(out))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_lshift (fixed)");
+ if (!test_lshift(out, ctx, BN_bin2bn(lst, sizeof(lst) - 1, NULL)))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_lshift");
+ if (!test_lshift(out, ctx, NULL))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_rshift1");
+ if (!test_rshift1(out))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_rshift");
+ if (!test_rshift(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_sqr");
+ if (!test_sqr(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_mul");
+ if (!test_mul(out))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_div");
+ if (!test_div(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_div_word");
+ if (!test_div_word(out))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_div_recp");
+ if (!test_div_recp(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_mod");
+ if (!test_mod(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_mod_mul");
+ if (!test_mod_mul(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_mont");
+ if (!test_mont(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_mod_exp");
+ if (!test_mod_exp(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_mod_exp_mont_consttime");
+ if (!test_mod_exp_mont_consttime(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_exp");
+ if (!test_exp(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_kronecker");
+ if (!test_kron(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_mod_sqrt");
+ if (!test_sqrt(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_GF2m_add");
+ if (!test_gf2m_add(out))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_GF2m_mod");
+ if (!test_gf2m_mod(out))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_GF2m_mod_mul");
+ if (!test_gf2m_mod_mul(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_GF2m_mod_sqr");
+ if (!test_gf2m_mod_sqr(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_GF2m_mod_inv");
+ if (!test_gf2m_mod_inv(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_GF2m_mod_div");
+ if (!test_gf2m_mod_div(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_GF2m_mod_exp");
+ if (!test_gf2m_mod_exp(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_GF2m_mod_sqrt");
+ if (!test_gf2m_mod_sqrt(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ message(out, "BN_GF2m_mod_solve_quad");
+ if (!test_gf2m_mod_solve_quad(out, ctx))
+ goto err;
+ (void)BIO_flush(out);
+
+ BN_CTX_free(ctx);
+ BIO_free(out);
+
+ EXIT(0);
+ err:
+ BIO_puts(out, "1\n"); /* make sure the Perl script fed by bc
+ * notices the failure, see test_bn in
+ * test/Makefile.ssl */
+ (void)BIO_flush(out);
+ ERR_load_crypto_strings();
+ ERR_print_errors_fp(stderr);
+ EXIT(1);
+ return (1);
+}
+
+int test_add(BIO *bp)
+{
+ BIGNUM a, b, c;
+ int i;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+
+ BN_bntest_rand(&a, 512, 0, 0);
+ for (i = 0; i < num0; i++) {
+ BN_bntest_rand(&b, 450 + i, 0, 0);
+ a.neg = rand_neg();
+ b.neg = rand_neg();
+ BN_add(&c, &a, &b);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, &a);
+ BIO_puts(bp, " + ");
+ BN_print(bp, &b);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, &c);
+ BIO_puts(bp, "\n");
+ }
+ a.neg = !a.neg;
+ b.neg = !b.neg;
+ BN_add(&c, &c, &b);
+ BN_add(&c, &c, &a);
+ if (!BN_is_zero(&c)) {
+ fprintf(stderr, "Add test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ return (1);
+}
+
+int test_sub(BIO *bp)
+{
+ BIGNUM a, b, c;
+ int i;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+
+ for (i = 0; i < num0 + num1; i++) {
+ if (i < num1) {
+ BN_bntest_rand(&a, 512, 0, 0);
+ BN_copy(&b, &a);
+ if (BN_set_bit(&a, i) == 0)
+ return (0);
+ BN_add_word(&b, i);
+ } else {
+ BN_bntest_rand(&b, 400 + i - num1, 0, 0);
+ a.neg = rand_neg();
+ b.neg = rand_neg();
+ }
+ BN_sub(&c, &a, &b);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, &a);
+ BIO_puts(bp, " - ");
+ BN_print(bp, &b);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, &c);
+ BIO_puts(bp, "\n");
+ }
+ BN_add(&c, &c, &b);
+ BN_sub(&c, &c, &a);
+ if (!BN_is_zero(&c)) {
+ fprintf(stderr, "Subtract test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ return (1);
+}
+
+int test_div(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM a, b, c, d, e;
+ int i;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&e);
+
+ for (i = 0; i < num0 + num1; i++) {
+ if (i < num1) {
+ BN_bntest_rand(&a, 400, 0, 0);
+ BN_copy(&b, &a);
+ BN_lshift(&a, &a, i);
+ BN_add_word(&a, i);
+ } else
+ BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0);
+ a.neg = rand_neg();
+ b.neg = rand_neg();
+ BN_div(&d, &c, &a, &b, ctx);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, &a);
+ BIO_puts(bp, " / ");
+ BN_print(bp, &b);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, &d);
+ BIO_puts(bp, "\n");
+
+ if (!results) {
+ BN_print(bp, &a);
+ BIO_puts(bp, " % ");
+ BN_print(bp, &b);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, &c);
+ BIO_puts(bp, "\n");
+ }
+ BN_mul(&e, &d, &b, ctx);
+ BN_add(&d, &e, &c);
+ BN_sub(&d, &d, &a);
+ if (!BN_is_zero(&d)) {
+ fprintf(stderr, "Division test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&e);
+ return (1);
+}
+
+static void print_word(BIO *bp, BN_ULONG w)
+{
+#ifdef SIXTY_FOUR_BIT
+ if (sizeof(w) > sizeof(unsigned long)) {
+ unsigned long h = (unsigned long)(w >> 32), l = (unsigned long)(w);
+
+ if (h)
+ BIO_printf(bp, "%lX%08lX", h, l);
+ else
+ BIO_printf(bp, "%lX", l);
+ return;
+ }
+#endif
+ BIO_printf(bp, "%lX", w);
+}
+
+int test_div_word(BIO *bp)
+{
+ BIGNUM a, b;
+ BN_ULONG r, s;
+ int i;
+
+ BN_init(&a);
+ BN_init(&b);
+
+ for (i = 0; i < num0; i++) {
+ do {
+ BN_bntest_rand(&a, 512, -1, 0);
+ BN_bntest_rand(&b, BN_BITS2, -1, 0);
+ s = b.d[0];
+ } while (!s);
+
+ BN_copy(&b, &a);
+ r = BN_div_word(&b, s);
+
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, &a);
+ BIO_puts(bp, " / ");
+ print_word(bp, s);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, &b);
+ BIO_puts(bp, "\n");
+
+ if (!results) {
+ BN_print(bp, &a);
+ BIO_puts(bp, " % ");
+ print_word(bp, s);
+ BIO_puts(bp, " - ");
+ }
+ print_word(bp, r);
+ BIO_puts(bp, "\n");
+ }
+ BN_mul_word(&b, s);
+ BN_add_word(&b, r);
+ BN_sub(&b, &a, &b);
+ if (!BN_is_zero(&b)) {
+ fprintf(stderr, "Division (word) test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ return (1);
+}
+
+int test_div_recp(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM a, b, c, d, e;
+ BN_RECP_CTX recp;
+ int i;
+
+ BN_RECP_CTX_init(&recp);
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&e);
+
+ for (i = 0; i < num0 + num1; i++) {
+ if (i < num1) {
+ BN_bntest_rand(&a, 400, 0, 0);
+ BN_copy(&b, &a);
+ BN_lshift(&a, &a, i);
+ BN_add_word(&a, i);
+ } else
+ BN_bntest_rand(&b, 50 + 3 * (i - num1), 0, 0);
+ a.neg = rand_neg();
+ b.neg = rand_neg();
+ BN_RECP_CTX_set(&recp, &b, ctx);
+ BN_div_recp(&d, &c, &a, &recp, ctx);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, &a);
+ BIO_puts(bp, " / ");
+ BN_print(bp, &b);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, &d);
+ BIO_puts(bp, "\n");
+
+ if (!results) {
+ BN_print(bp, &a);
+ BIO_puts(bp, " % ");
+ BN_print(bp, &b);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, &c);
+ BIO_puts(bp, "\n");
+ }
+ BN_mul(&e, &d, &b, ctx);
+ BN_add(&d, &e, &c);
+ BN_sub(&d, &d, &a);
+ if (!BN_is_zero(&d)) {
+ fprintf(stderr, "Reciprocal division test failed!\n");
+ fprintf(stderr, "a=");
+ BN_print_fp(stderr, &a);
+ fprintf(stderr, "\nb=");
+ BN_print_fp(stderr, &b);
+ fprintf(stderr, "\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&e);
+ BN_RECP_CTX_free(&recp);
+ return (1);
+}
+
+int test_mul(BIO *bp)
+{
+ BIGNUM a, b, c, d, e;
+ int i;
+ BN_CTX *ctx;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ EXIT(1);
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&e);
+
+ for (i = 0; i < num0 + num1; i++) {
+ if (i <= num1) {
+ BN_bntest_rand(&a, 100, 0, 0);
+ BN_bntest_rand(&b, 100, 0, 0);
+ } else
+ BN_bntest_rand(&b, i - num1, 0, 0);
+ a.neg = rand_neg();
+ b.neg = rand_neg();
+ BN_mul(&c, &a, &b, ctx);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, &a);
+ BIO_puts(bp, " * ");
+ BN_print(bp, &b);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, &c);
+ BIO_puts(bp, "\n");
+ }
+ BN_div(&d, &e, &c, &a, ctx);
+ BN_sub(&d, &d, &b);
+ if (!BN_is_zero(&d) || !BN_is_zero(&e)) {
+ fprintf(stderr, "Multiplication test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&e);
+ BN_CTX_free(ctx);
+ return (1);
+}
+
+int test_sqr(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *c, *d, *e;
+ int i, ret = 0;
+
+ a = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+ if (a == NULL || c == NULL || d == NULL || e == NULL) {
+ goto err;
+ }
+
+ for (i = 0; i < num0; i++) {
+ BN_bntest_rand(a, 40 + i * 10, 0, 0);
+ a->neg = rand_neg();
+ BN_sqr(c, a, ctx);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " * ");
+ BN_print(bp, a);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, c);
+ BIO_puts(bp, "\n");
+ }
+ BN_div(d, e, c, a, ctx);
+ BN_sub(d, d, a);
+ if (!BN_is_zero(d) || !BN_is_zero(e)) {
+ fprintf(stderr, "Square test failed!\n");
+ goto err;
+ }
+ }
+
+ /* Regression test for a BN_sqr overflow bug. */
+ BN_hex2bn(&a,
+ "80000000000000008000000000000001"
+ "FFFFFFFFFFFFFFFE0000000000000000");
+ BN_sqr(c, a, ctx);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " * ");
+ BN_print(bp, a);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, c);
+ BIO_puts(bp, "\n");
+ }
+ BN_mul(d, a, a, ctx);
+ if (BN_cmp(c, d)) {
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+ "different results!\n");
+#ifdef OPENSSL_FIPS
+ /*
+ * This test fails if we are linked to the FIPS module. Unfortunately
+ * that can't be fixed so we print out the error but continue anyway.
+ */
+ fprintf(stderr, " FIPS build: ignoring.\n");
+#else
+ goto err;
+#endif
+ }
+
+ /* Regression test for a BN_sqr overflow bug. */
+ BN_hex2bn(&a,
+ "80000000000000000000000080000001"
+ "FFFFFFFE000000000000000000000000");
+ BN_sqr(c, a, ctx);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " * ");
+ BN_print(bp, a);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, c);
+ BIO_puts(bp, "\n");
+ }
+ BN_mul(d, a, a, ctx);
+ if (BN_cmp(c, d)) {
+ fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce "
+ "different results!\n");
+ goto err;
+ }
+ ret = 1;
+ err:
+ if (a != NULL)
+ BN_free(a);
+ if (c != NULL)
+ BN_free(c);
+ if (d != NULL)
+ BN_free(d);
+ if (e != NULL)
+ BN_free(e);
+ return ret;
+}
+
+int test_mont(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM a, b, c, d, A, B;
+ BIGNUM n;
+ int i;
+ BN_MONT_CTX *mont;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&d);
+ BN_init(&A);
+ BN_init(&B);
+ BN_init(&n);
+
+ mont = BN_MONT_CTX_new();
+
+ BN_bntest_rand(&a, 100, 0, 0);
+ BN_bntest_rand(&b, 100, 0, 0);
+ for (i = 0; i < num2; i++) {
+ int bits = (200 * (i + 1)) / num2;
+
+ if (bits == 0)
+ continue;
+ BN_bntest_rand(&n, bits, 0, 1);
+ BN_MONT_CTX_set(mont, &n, ctx);
+
+ BN_nnmod(&a, &a, &n, ctx);
+ BN_nnmod(&b, &b, &n, ctx);
+
+ BN_to_montgomery(&A, &a, mont, ctx);
+ BN_to_montgomery(&B, &b, mont, ctx);
+
+ BN_mod_mul_montgomery(&c, &A, &B, mont, ctx);
+ BN_from_montgomery(&A, &c, mont, ctx);
+ if (bp != NULL) {
+ if (!results) {
+#ifdef undef
+ fprintf(stderr, "%d * %d %% %d\n",
+ BN_num_bits(&a),
+ BN_num_bits(&b), BN_num_bits(mont->N));
+#endif
+ BN_print(bp, &a);
+ BIO_puts(bp, " * ");
+ BN_print(bp, &b);
+ BIO_puts(bp, " % ");
+ BN_print(bp, &(mont->N));
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, &A);
+ BIO_puts(bp, "\n");
+ }
+ BN_mod_mul(&d, &a, &b, &n, ctx);
+ BN_sub(&d, &d, &A);
+ if (!BN_is_zero(&d)) {
+ fprintf(stderr, "Montgomery multiplication test failed!\n");
+ return 0;
+ }
+ }
+ BN_MONT_CTX_free(mont);
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ BN_free(&d);
+ BN_free(&A);
+ BN_free(&B);
+ BN_free(&n);
+ return (1);
+}
+
+int test_mod(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b, *c, *d, *e;
+ int i;
+
+ a = BN_new();
+ b = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+
+ BN_bntest_rand(a, 1024, 0, 0);
+ for (i = 0; i < num0; i++) {
+ BN_bntest_rand(b, 450 + i * 10, 0, 0);
+ a->neg = rand_neg();
+ b->neg = rand_neg();
+ BN_mod(c, a, b, ctx);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " % ");
+ BN_print(bp, b);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, c);
+ BIO_puts(bp, "\n");
+ }
+ BN_div(d, e, a, b, ctx);
+ BN_sub(e, e, c);
+ if (!BN_is_zero(e)) {
+ fprintf(stderr, "Modulo test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return (1);
+}
+
+int test_mod_mul(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b, *c, *d, *e;
+ int i, j;
+
+ a = BN_new();
+ b = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+
+ for (j = 0; j < 3; j++) {
+ BN_bntest_rand(c, 1024, 0, 0);
+ for (i = 0; i < num0; i++) {
+ BN_bntest_rand(a, 475 + i * 10, 0, 0);
+ BN_bntest_rand(b, 425 + i * 11, 0, 0);
+ a->neg = rand_neg();
+ b->neg = rand_neg();
+ if (!BN_mod_mul(e, a, b, c, ctx)) {
+ unsigned long l;
+
+ while ((l = ERR_get_error()))
+ fprintf(stderr, "ERROR:%s\n", ERR_error_string(l, NULL));
+ EXIT(1);
+ }
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " * ");
+ BN_print(bp, b);
+ BIO_puts(bp, " % ");
+ BN_print(bp, c);
+ if ((a->neg ^ b->neg) && !BN_is_zero(e)) {
+ /*
+ * If (a*b) % c is negative, c must be added in order
+ * to obtain the normalized remainder (new with
+ * OpenSSL 0.9.7, previous versions of BN_mod_mul
+ * could generate negative results)
+ */
+ BIO_puts(bp, " + ");
+ BN_print(bp, c);
+ }
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, e);
+ BIO_puts(bp, "\n");
+ }
+ BN_mul(d, a, b, ctx);
+ BN_sub(d, d, e);
+ BN_div(a, b, d, c, ctx);
+ if (!BN_is_zero(b)) {
+ fprintf(stderr, "Modulo multiply test failed!\n");
+ ERR_print_errors_fp(stderr);
+ return 0;
+ }
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return (1);
+}
+
+int test_mod_exp(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b, *c, *d, *e;
+ int i;
+
+ a = BN_new();
+ b = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+
+ BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
+ for (i = 0; i < num2; i++) {
+ BN_bntest_rand(a, 20 + i * 5, 0, 0);
+ BN_bntest_rand(b, 2 + i, 0, 0);
+
+ if (!BN_mod_exp(d, a, b, c, ctx))
+ return (0);
+
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " ^ ");
+ BN_print(bp, b);
+ BIO_puts(bp, " % ");
+ BN_print(bp, c);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, d);
+ BIO_puts(bp, "\n");
+ }
+ BN_exp(e, a, b, ctx);
+ BN_sub(e, e, d);
+ BN_div(a, b, e, c, ctx);
+ if (!BN_is_zero(b)) {
+ fprintf(stderr, "Modulo exponentiation test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return (1);
+}
+
+int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b, *c, *d, *e;
+ int i;
+
+ a = BN_new();
+ b = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+
+ BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
+ for (i = 0; i < num2; i++) {
+ BN_bntest_rand(a, 20 + i * 5, 0, 0);
+ BN_bntest_rand(b, 2 + i, 0, 0);
+
+ if (!BN_mod_exp_mont_consttime(d, a, b, c, ctx, NULL))
+ return (00);
+
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " ^ ");
+ BN_print(bp, b);
+ BIO_puts(bp, " % ");
+ BN_print(bp, c);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, d);
+ BIO_puts(bp, "\n");
+ }
+ BN_exp(e, a, b, ctx);
+ BN_sub(e, e, d);
+ BN_div(a, b, e, c, ctx);
+ if (!BN_is_zero(b)) {
+ fprintf(stderr, "Modulo exponentiation test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return (1);
+}
+
+int test_exp(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b, *d, *e, *one;
+ int i;
+
+ a = BN_new();
+ b = BN_new();
+ d = BN_new();
+ e = BN_new();
+ one = BN_new();
+ BN_one(one);
+
+ for (i = 0; i < num2; i++) {
+ BN_bntest_rand(a, 20 + i * 5, 0, 0);
+ BN_bntest_rand(b, 2 + i, 0, 0);
+
+ if (BN_exp(d, a, b, ctx) <= 0)
+ return (0);
+
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " ^ ");
+ BN_print(bp, b);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, d);
+ BIO_puts(bp, "\n");
+ }
+ BN_one(e);
+ for (; !BN_is_zero(b); BN_sub(b, b, one))
+ BN_mul(e, e, a, ctx);
+ BN_sub(e, e, d);
+ if (!BN_is_zero(e)) {
+ fprintf(stderr, "Exponentiation test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(d);
+ BN_free(e);
+ BN_free(one);
+ return (1);
+}
+
+int test_gf2m_add(BIO *bp)
+{
+ BIGNUM a, b, c;
+ int i, ret = 0;
+
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+
+ for (i = 0; i < num0; i++) {
+ BN_rand(&a, 512, 0, 0);
+ BN_copy(&b, BN_value_one());
+ a.neg = rand_neg();
+ b.neg = rand_neg();
+ BN_GF2m_add(&c, &a, &b);
+#if 0 /* make test uses ouput in bc but bc can't
+ * handle GF(2^m) arithmetic */
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, &a);
+ BIO_puts(bp, " ^ ");
+ BN_print(bp, &b);
+ BIO_puts(bp, " = ");
+ }
+ BN_print(bp, &c);
+ BIO_puts(bp, "\n");
+ }
+#endif
+ /* Test that two added values have the correct parity. */
+ if ((BN_is_odd(&a) && BN_is_odd(&c))
+ || (!BN_is_odd(&a) && !BN_is_odd(&c))) {
+ fprintf(stderr, "GF(2^m) addition test (a) failed!\n");
+ goto err;
+ }
+ BN_GF2m_add(&c, &c, &c);
+ /* Test that c + c = 0. */
+ if (!BN_is_zero(&c)) {
+ fprintf(stderr, "GF(2^m) addition test (b) failed!\n");
+ goto err;
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(&a);
+ BN_free(&b);
+ BN_free(&c);
+ return ret;
+}
+
+int test_gf2m_mod(BIO *bp)
+{
+ BIGNUM *a, *b[2], *c, *d, *e;
+ int i, j, ret = 0;
+ unsigned int p0[] = { 163, 7, 6, 3, 0 };
+ unsigned int p1[] = { 193, 15, 0 };
+
+ a = BN_new();
+ b[0] = BN_new();
+ b[1] = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i = 0; i < num0; i++) {
+ BN_bntest_rand(a, 1024, 0, 0);
+ for (j = 0; j < 2; j++) {
+ BN_GF2m_mod(c, a, b[j]);
+#if 0 /* make test uses ouput in bc but bc can't
+ * handle GF(2^m) arithmetic */
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " % ");
+ BN_print(bp, b[j]);
+ BIO_puts(bp, " - ");
+ BN_print(bp, c);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ BN_GF2m_add(d, a, c);
+ BN_GF2m_mod(e, d, b[j]);
+ /* Test that a + (a mod p) mod p == 0. */
+ if (!BN_is_zero(e)) {
+ fprintf(stderr, "GF(2^m) modulo test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return ret;
+}
+
+int test_gf2m_mod_mul(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b[2], *c, *d, *e, *f, *g, *h;
+ int i, j, ret = 0;
+ unsigned int p0[] = { 163, 7, 6, 3, 0 };
+ unsigned int p1[] = { 193, 15, 0 };
+
+ a = BN_new();
+ b[0] = BN_new();
+ b[1] = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+ f = BN_new();
+ g = BN_new();
+ h = BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i = 0; i < num0; i++) {
+ BN_bntest_rand(a, 1024, 0, 0);
+ BN_bntest_rand(c, 1024, 0, 0);
+ BN_bntest_rand(d, 1024, 0, 0);
+ for (j = 0; j < 2; j++) {
+ BN_GF2m_mod_mul(e, a, c, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't
+ * handle GF(2^m) arithmetic */
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " * ");
+ BN_print(bp, c);
+ BIO_puts(bp, " % ");
+ BN_print(bp, b[j]);
+ BIO_puts(bp, " - ");
+ BN_print(bp, e);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ BN_GF2m_add(f, a, d);
+ BN_GF2m_mod_mul(g, f, c, b[j], ctx);
+ BN_GF2m_mod_mul(h, d, c, b[j], ctx);
+ BN_GF2m_add(f, e, g);
+ BN_GF2m_add(f, f, h);
+ /* Test that (a+d)*c = a*c + d*c. */
+ if (!BN_is_zero(f)) {
+ fprintf(stderr,
+ "GF(2^m) modular multiplication test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ BN_free(f);
+ BN_free(g);
+ BN_free(h);
+ return ret;
+}
+
+int test_gf2m_mod_sqr(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b[2], *c, *d;
+ int i, j, ret = 0;
+ unsigned int p0[] = { 163, 7, 6, 3, 0 };
+ unsigned int p1[] = { 193, 15, 0 };
+
+ a = BN_new();
+ b[0] = BN_new();
+ b[1] = BN_new();
+ c = BN_new();
+ d = BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i = 0; i < num0; i++) {
+ BN_bntest_rand(a, 1024, 0, 0);
+ for (j = 0; j < 2; j++) {
+ BN_GF2m_mod_sqr(c, a, b[j], ctx);
+ BN_copy(d, a);
+ BN_GF2m_mod_mul(d, a, d, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't
+ * handle GF(2^m) arithmetic */
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " ^ 2 % ");
+ BN_print(bp, b[j]);
+ BIO_puts(bp, " = ");
+ BN_print(bp, c);
+ BIO_puts(bp, "; a * a = ");
+ BN_print(bp, d);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ BN_GF2m_add(d, c, d);
+ /* Test that a*a = a^2. */
+ if (!BN_is_zero(d)) {
+ fprintf(stderr, "GF(2^m) modular squaring test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ return ret;
+}
+
+int test_gf2m_mod_inv(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b[2], *c, *d;
+ int i, j, ret = 0;
+ unsigned int p0[] = { 163, 7, 6, 3, 0 };
+ unsigned int p1[] = { 193, 15, 0 };
+
+ a = BN_new();
+ b[0] = BN_new();
+ b[1] = BN_new();
+ c = BN_new();
+ d = BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i = 0; i < num0; i++) {
+ BN_bntest_rand(a, 512, 0, 0);
+ for (j = 0; j < 2; j++) {
+ BN_GF2m_mod_inv(c, a, b[j], ctx);
+ BN_GF2m_mod_mul(d, a, c, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't
+ * handle GF(2^m) arithmetic */
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " * ");
+ BN_print(bp, c);
+ BIO_puts(bp, " - 1 % ");
+ BN_print(bp, b[j]);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ /* Test that ((1/a)*a) = 1. */
+ if (!BN_is_one(d)) {
+ fprintf(stderr, "GF(2^m) modular inversion test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ return ret;
+}
+
+int test_gf2m_mod_div(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b[2], *c, *d, *e, *f;
+ int i, j, ret = 0;
+ unsigned int p0[] = { 163, 7, 6, 3, 0 };
+ unsigned int p1[] = { 193, 15, 0 };
+
+ a = BN_new();
+ b[0] = BN_new();
+ b[1] = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+ f = BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i = 0; i < num0; i++) {
+ BN_bntest_rand(a, 512, 0, 0);
+ BN_bntest_rand(c, 512, 0, 0);
+ for (j = 0; j < 2; j++) {
+ BN_GF2m_mod_div(d, a, c, b[j], ctx);
+ BN_GF2m_mod_mul(e, d, c, b[j], ctx);
+ BN_GF2m_mod_div(f, a, e, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't
+ * handle GF(2^m) arithmetic */
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " = ");
+ BN_print(bp, c);
+ BIO_puts(bp, " * ");
+ BN_print(bp, d);
+ BIO_puts(bp, " % ");
+ BN_print(bp, b[j]);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ /* Test that ((a/c)*c)/a = 1. */
+ if (!BN_is_one(f)) {
+ fprintf(stderr, "GF(2^m) modular division test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ BN_free(f);
+ return ret;
+}
+
+int test_gf2m_mod_exp(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b[2], *c, *d, *e, *f;
+ int i, j, ret = 0;
+ unsigned int p0[] = { 163, 7, 6, 3, 0 };
+ unsigned int p1[] = { 193, 15, 0 };
+
+ a = BN_new();
+ b[0] = BN_new();
+ b[1] = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+ f = BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i = 0; i < num0; i++) {
+ BN_bntest_rand(a, 512, 0, 0);
+ BN_bntest_rand(c, 512, 0, 0);
+ BN_bntest_rand(d, 512, 0, 0);
+ for (j = 0; j < 2; j++) {
+ BN_GF2m_mod_exp(e, a, c, b[j], ctx);
+ BN_GF2m_mod_exp(f, a, d, b[j], ctx);
+ BN_GF2m_mod_mul(e, e, f, b[j], ctx);
+ BN_add(f, c, d);
+ BN_GF2m_mod_exp(f, a, f, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't
+ * handle GF(2^m) arithmetic */
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " ^ (");
+ BN_print(bp, c);
+ BIO_puts(bp, " + ");
+ BN_print(bp, d);
+ BIO_puts(bp, ") = ");
+ BN_print(bp, e);
+ BIO_puts(bp, "; - ");
+ BN_print(bp, f);
+ BIO_puts(bp, " % ");
+ BN_print(bp, b[j]);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ BN_GF2m_add(f, e, f);
+ /* Test that a^(c+d)=a^c*a^d. */
+ if (!BN_is_zero(f)) {
+ fprintf(stderr,
+ "GF(2^m) modular exponentiation test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ BN_free(f);
+ return ret;
+}
+
+int test_gf2m_mod_sqrt(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b[2], *c, *d, *e, *f;
+ int i, j, ret = 0;
+ unsigned int p0[] = { 163, 7, 6, 3, 0 };
+ unsigned int p1[] = { 193, 15, 0 };
+
+ a = BN_new();
+ b[0] = BN_new();
+ b[1] = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+ f = BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i = 0; i < num0; i++) {
+ BN_bntest_rand(a, 512, 0, 0);
+ for (j = 0; j < 2; j++) {
+ BN_GF2m_mod(c, a, b[j]);
+ BN_GF2m_mod_sqrt(d, a, b[j], ctx);
+ BN_GF2m_mod_sqr(e, d, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't
+ * handle GF(2^m) arithmetic */
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, d);
+ BIO_puts(bp, " ^ 2 - ");
+ BN_print(bp, a);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ BN_GF2m_add(f, c, e);
+ /* Test that d^2 = a, where d = sqrt(a). */
+ if (!BN_is_zero(f)) {
+ fprintf(stderr, "GF(2^m) modular square root test failed!\n");
+ goto err;
+ }
+ }
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ BN_free(f);
+ return ret;
+}
+
+int test_gf2m_mod_solve_quad(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b[2], *c, *d, *e;
+ int i, j, s = 0, t, ret = 0;
+ unsigned int p0[] = { 163, 7, 6, 3, 0 };
+ unsigned int p1[] = { 193, 15, 0 };
+
+ a = BN_new();
+ b[0] = BN_new();
+ b[1] = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+
+ BN_GF2m_arr2poly(p0, b[0]);
+ BN_GF2m_arr2poly(p1, b[1]);
+
+ for (i = 0; i < num0; i++) {
+ BN_bntest_rand(a, 512, 0, 0);
+ for (j = 0; j < 2; j++) {
+ t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
+ if (t) {
+ s++;
+ BN_GF2m_mod_sqr(d, c, b[j], ctx);
+ BN_GF2m_add(d, c, d);
+ BN_GF2m_mod(e, a, b[j]);
+#if 0 /* make test uses ouput in bc but bc can't
+ * handle GF(2^m) arithmetic */
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, c);
+ BIO_puts(bp, " is root of z^2 + z = ");
+ BN_print(bp, a);
+ BIO_puts(bp, " % ");
+ BN_print(bp, b[j]);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ BN_GF2m_add(e, e, d);
+ /*
+ * Test that solution of quadratic c satisfies c^2 + c = a.
+ */
+ if (!BN_is_zero(e)) {
+ fprintf(stderr,
+ "GF(2^m) modular solve quadratic test failed!\n");
+ goto err;
+ }
+
+ } else {
+#if 0 /* make test uses ouput in bc but bc can't
+ * handle GF(2^m) arithmetic */
+ if (bp != NULL) {
+ if (!results) {
+ BIO_puts(bp, "There are no roots of z^2 + z = ");
+ BN_print(bp, a);
+ BIO_puts(bp, " % ");
+ BN_print(bp, b[j]);
+ BIO_puts(bp, "\n");
+ }
+ }
+#endif
+ }
+ }
+ }
+ if (s == 0) {
+ fprintf(stderr,
+ "All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n",
+ num0);
+ fprintf(stderr,
+ "this is very unlikely and probably indicates an error.\n");
+ goto err;
+ }
+ ret = 1;
+ err:
+ BN_free(a);
+ BN_free(b[0]);
+ BN_free(b[1]);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return ret;
+}
+
+static int genprime_cb(int p, int n, BN_GENCB *arg)
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ putc(c, stderr);
+ fflush(stderr);
+ return 1;
+}
+
+int test_kron(BIO *bp, BN_CTX *ctx)
+{
+ BN_GENCB cb;
+ BIGNUM *a, *b, *r, *t;
+ int i;
+ int legendre, kronecker;
+ int ret = 0;
+
+ a = BN_new();
+ b = BN_new();
+ r = BN_new();
+ t = BN_new();
+ if (a == NULL || b == NULL || r == NULL || t == NULL)
+ goto err;
+
+ BN_GENCB_set(&cb, genprime_cb, NULL);
+
+ /*
+ * We test BN_kronecker(a, b, ctx) just for b odd (Jacobi symbol). In
+ * this case we know that if b is prime, then BN_kronecker(a, b, ctx) is
+ * congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol). So we
+ * generate a random prime b and compare these values for a number of
+ * random a's. (That is, we run the Solovay-Strassen primality test to
+ * confirm that b is prime, except that we don't want to test whether b
+ * is prime but whether BN_kronecker works.)
+ */
+
+ if (!BN_generate_prime_ex(b, 512, 0, NULL, NULL, &cb))
+ goto err;
+ b->neg = rand_neg();
+ putc('\n', stderr);
+
+ for (i = 0; i < num0; i++) {
+ if (!BN_bntest_rand(a, 512, 0, 0))
+ goto err;
+ a->neg = rand_neg();
+
+ /* t := (|b|-1)/2 (note that b is odd) */
+ if (!BN_copy(t, b))
+ goto err;
+ t->neg = 0;
+ if (!BN_sub_word(t, 1))
+ goto err;
+ if (!BN_rshift1(t, t))
+ goto err;
+ /* r := a^t mod b */
+ b->neg = 0;
+
+ if (!BN_mod_exp_recp(r, a, t, b, ctx))
+ goto err;
+ b->neg = 1;
+
+ if (BN_is_word(r, 1))
+ legendre = 1;
+ else if (BN_is_zero(r))
+ legendre = 0;
+ else {
+ if (!BN_add_word(r, 1))
+ goto err;
+ if (0 != BN_ucmp(r, b)) {
+ fprintf(stderr, "Legendre symbol computation failed\n");
+ goto err;
+ }
+ legendre = -1;
+ }
+
+ kronecker = BN_kronecker(a, b, ctx);
+ if (kronecker < -1)
+ goto err;
+ /* we actually need BN_kronecker(a, |b|) */
+ if (a->neg && b->neg)
+ kronecker = -kronecker;
+
+ if (legendre != kronecker) {
+ fprintf(stderr, "legendre != kronecker; a = ");
+ BN_print_fp(stderr, a);
+ fprintf(stderr, ", b = ");
+ BN_print_fp(stderr, b);
+ fprintf(stderr, "\n");
+ goto err;
+ }
+
+ putc('.', stderr);
+ fflush(stderr);
+ }
+
+ putc('\n', stderr);
+ fflush(stderr);
+ ret = 1;
+ err:
+ if (a != NULL)
+ BN_free(a);
+ if (b != NULL)
+ BN_free(b);
+ if (r != NULL)
+ BN_free(r);
+ if (t != NULL)
+ BN_free(t);
+ return ret;
+}
+
+int test_sqrt(BIO *bp, BN_CTX *ctx)
+{
+ BN_GENCB cb;
+ BIGNUM *a, *p, *r;
+ int i, j;
+ int ret = 0;
+
+ a = BN_new();
+ p = BN_new();
+ r = BN_new();
+ if (a == NULL || p == NULL || r == NULL)
+ goto err;
+
+ BN_GENCB_set(&cb, genprime_cb, NULL);
+
+ for (i = 0; i < 16; i++) {
+ if (i < 8) {
+ unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
+
+ if (!BN_set_word(p, primes[i]))
+ goto err;
+ } else {
+ if (!BN_set_word(a, 32))
+ goto err;
+ if (!BN_set_word(r, 2 * i + 1))
+ goto err;
+
+ if (!BN_generate_prime_ex(p, 256, 0, a, r, &cb))
+ goto err;
+ putc('\n', stderr);
+ }
+ p->neg = rand_neg();
+
+ for (j = 0; j < num2; j++) {
+ /*
+ * construct 'a' such that it is a square modulo p, but in
+ * general not a proper square and not reduced modulo p
+ */
+ if (!BN_bntest_rand(r, 256, 0, 3))
+ goto err;
+ if (!BN_nnmod(r, r, p, ctx))
+ goto err;
+ if (!BN_mod_sqr(r, r, p, ctx))
+ goto err;
+ if (!BN_bntest_rand(a, 256, 0, 3))
+ goto err;
+ if (!BN_nnmod(a, a, p, ctx))
+ goto err;
+ if (!BN_mod_sqr(a, a, p, ctx))
+ goto err;
+ if (!BN_mul(a, a, r, ctx))
+ goto err;
+ if (rand_neg())
+ if (!BN_sub(a, a, p))
+ goto err;
+
+ if (!BN_mod_sqrt(r, a, p, ctx))
+ goto err;
+ if (!BN_mod_sqr(r, r, p, ctx))
+ goto err;
+
+ if (!BN_nnmod(a, a, p, ctx))
+ goto err;
+
+ if (BN_cmp(a, r) != 0) {
+ fprintf(stderr, "BN_mod_sqrt failed: a = ");
+ BN_print_fp(stderr, a);
+ fprintf(stderr, ", r = ");
+ BN_print_fp(stderr, r);
+ fprintf(stderr, ", p = ");
+ BN_print_fp(stderr, p);
+ fprintf(stderr, "\n");
+ goto err;
+ }
+
+ putc('.', stderr);
+ fflush(stderr);
+ }
+
+ putc('\n', stderr);
+ fflush(stderr);
+ }
+ ret = 1;
+ err:
+ if (a != NULL)
+ BN_free(a);
+ if (p != NULL)
+ BN_free(p);
+ if (r != NULL)
+ BN_free(r);
+ return ret;
+}
+
+int test_lshift(BIO *bp, BN_CTX *ctx, BIGNUM *a_)
+{
+ BIGNUM *a, *b, *c, *d;
+ int i;
+
+ b = BN_new();
+ c = BN_new();
+ d = BN_new();
+ BN_one(c);
+
+ if (a_)
+ a = a_;
+ else {
+ a = BN_new();
+ BN_bntest_rand(a, 200, 0, 0);
+ a->neg = rand_neg();
+ }
+ for (i = 0; i < num0; i++) {
+ BN_lshift(b, a, i + 1);
+ BN_add(c, c, c);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " * ");
+ BN_print(bp, c);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, b);
+ BIO_puts(bp, "\n");
+ }
+ BN_mul(d, a, c, ctx);
+ BN_sub(d, d, b);
+ if (!BN_is_zero(d)) {
+ fprintf(stderr, "Left shift test failed!\n");
+ fprintf(stderr, "a=");
+ BN_print_fp(stderr, a);
+ fprintf(stderr, "\nb=");
+ BN_print_fp(stderr, b);
+ fprintf(stderr, "\nc=");
+ BN_print_fp(stderr, c);
+ fprintf(stderr, "\nd=");
+ BN_print_fp(stderr, d);
+ fprintf(stderr, "\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ return (1);
+}
+
+int test_lshift1(BIO *bp)
+{
+ BIGNUM *a, *b, *c;
+ int i;
+
+ a = BN_new();
+ b = BN_new();
+ c = BN_new();
+
+ BN_bntest_rand(a, 200, 0, 0);
+ a->neg = rand_neg();
+ for (i = 0; i < num0; i++) {
+ BN_lshift1(b, a);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " * 2");
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, b);
+ BIO_puts(bp, "\n");
+ }
+ BN_add(c, a, a);
+ BN_sub(a, b, c);
+ if (!BN_is_zero(a)) {
+ fprintf(stderr, "Left shift one test failed!\n");
+ return 0;
+ }
+
+ BN_copy(a, b);
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ return (1);
+}
+
+int test_rshift(BIO *bp, BN_CTX *ctx)
+{
+ BIGNUM *a, *b, *c, *d, *e;
+ int i;
+
+ a = BN_new();
+ b = BN_new();
+ c = BN_new();
+ d = BN_new();
+ e = BN_new();
+ BN_one(c);
+
+ BN_bntest_rand(a, 200, 0, 0);
+ a->neg = rand_neg();
+ for (i = 0; i < num0; i++) {
+ BN_rshift(b, a, i + 1);
+ BN_add(c, c, c);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " / ");
+ BN_print(bp, c);
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, b);
+ BIO_puts(bp, "\n");
+ }
+ BN_div(d, e, a, c, ctx);
+ BN_sub(d, d, b);
+ if (!BN_is_zero(d)) {
+ fprintf(stderr, "Right shift test failed!\n");
+ return 0;
+ }
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(d);
+ BN_free(e);
+ return (1);
+}
+
+int test_rshift1(BIO *bp)
+{
+ BIGNUM *a, *b, *c;
+ int i;
+
+ a = BN_new();
+ b = BN_new();
+ c = BN_new();
+
+ BN_bntest_rand(a, 200, 0, 0);
+ a->neg = rand_neg();
+ for (i = 0; i < num0; i++) {
+ BN_rshift1(b, a);
+ if (bp != NULL) {
+ if (!results) {
+ BN_print(bp, a);
+ BIO_puts(bp, " / 2");
+ BIO_puts(bp, " - ");
+ }
+ BN_print(bp, b);
+ BIO_puts(bp, "\n");
+ }
+ BN_sub(c, a, b);
+ BN_sub(c, c, b);
+ if (!BN_is_zero(c) && !BN_abs_is_word(c, 1)) {
+ fprintf(stderr, "Right shift one test failed!\n");
+ return 0;
+ }
+ BN_copy(a, b);
+ }
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ return (1);
+}
+
+int rand_neg(void)
+{
+ static unsigned int neg = 0;
+ static int sign[8] = { 0, 0, 0, 1, 1, 0, 1, 1 };
+
+ return (sign[(neg++) % 8]);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/divtest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/divtest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/divtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,41 +0,0 @@
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-
-static int Rand(n)
-{
- unsigned char x[2];
- RAND_pseudo_bytes(x,2);
- return (x[0] + 2*x[1]);
-}
-
-static void bug(char *m, BIGNUM *a, BIGNUM *b)
-{
- printf("%s!\na=",m);
- BN_print_fp(stdout, a);
- printf("\nb=");
- BN_print_fp(stdout, b);
- printf("\n");
- fflush(stdout);
-}
-
-main()
-{
- BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(),
- *C=BN_new(), *D=BN_new();
- BN_RECP_CTX *recp=BN_RECP_CTX_new();
- BN_CTX *ctx=BN_CTX_new();
-
- for(;;) {
- BN_pseudo_rand(a,Rand(),0,0);
- BN_pseudo_rand(b,Rand(),0,0);
- if (BN_is_zero(b)) continue;
-
- BN_RECP_CTX_set(recp,b,ctx);
- if (BN_div(C,D,a,b,ctx) != 1)
- bug("BN_div failed",a,b);
- if (BN_div_recp(c,d,a,recp,ctx) != 1)
- bug("BN_div_recp failed",a,b);
- else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0)
- bug("mismatch",a,b);
- }
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/divtest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/divtest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/divtest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/divtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,42 @@
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+
+static int Rand(n)
+{
+ unsigned char x[2];
+ RAND_pseudo_bytes(x, 2);
+ return (x[0] + 2 * x[1]);
+}
+
+static void bug(char *m, BIGNUM *a, BIGNUM *b)
+{
+ printf("%s!\na=", m);
+ BN_print_fp(stdout, a);
+ printf("\nb=");
+ BN_print_fp(stdout, b);
+ printf("\n");
+ fflush(stdout);
+}
+
+main()
+{
+ BIGNUM *a = BN_new(), *b = BN_new(), *c = BN_new(), *d = BN_new(),
+ *C = BN_new(), *D = BN_new();
+ BN_RECP_CTX *recp = BN_RECP_CTX_new();
+ BN_CTX *ctx = BN_CTX_new();
+
+ for (;;) {
+ BN_pseudo_rand(a, Rand(), 0, 0);
+ BN_pseudo_rand(b, Rand(), 0, 0);
+ if (BN_is_zero(b))
+ continue;
+
+ BN_RECP_CTX_set(recp, b, ctx);
+ if (BN_div(C, D, a, b, ctx) != 1)
+ bug("BN_div failed", a, b);
+ if (BN_div_recp(c, d, a, recp, ctx) != 1)
+ bug("BN_div_recp failed", a, b);
+ else if (BN_cmp(c, C) != 0 || BN_cmp(c, C) != 0)
+ bug("mismatch", a, b);
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/exp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/exp.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/exp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,62 +0,0 @@
-/* unused */
-
-#include <stdio.h>
-#include <openssl/tmdiff.h>
-#include "bn_lcl.h"
-
-#define SIZE 256
-#define NUM (8*8*8)
-#define MOD (8*8*8*8*8)
-
-main(argc,argv)
-int argc;
-char *argv[];
- {
- BN_CTX ctx;
- BIGNUM a,b,c,r,rr,t,l;
- int j,i,size=SIZE,num=NUM,mod=MOD;
- char *start,*end;
- BN_MONT_CTX mont;
- double d,md;
-
- BN_MONT_CTX_init(&mont);
- BN_CTX_init(&ctx);
- BN_init(&a);
- BN_init(&b);
- BN_init(&c);
- BN_init(&r);
-
- start=ms_time_new();
- end=ms_time_new();
- while (size <= 1024*8)
- {
- BN_rand(&a,size,0,0);
- BN_rand(&b,size,1,0);
- BN_rand(&c,size,0,1);
-
- BN_mod(&a,&a,&c,&ctx);
-
- ms_time_get(start);
- for (i=0; i<10; i++)
- BN_MONT_CTX_set(&mont,&c,&ctx);
- ms_time_get(end);
- md=ms_time_diff(start,end);
-
- ms_time_get(start);
- for (i=0; i<num; i++)
- {
- /* bn_mull(&r,&a,&b,&ctx); */
- /* BN_sqr(&r,&a,&ctx); */
- BN_mod_exp_mont(&r,&a,&b,&c,&ctx,&mont);
- }
- ms_time_get(end);
- d=ms_time_diff(start,end)/* *50/33 */;
- printf("%5d bit:%6.2f %6d %6.4f %4d m_set(%5.4f)\n",size,
- d,num,d/num,(int)((d/num)*mod),md/10.0);
- num/=8;
- mod/=8;
- if (num <= 0) num=1;
- size*=2;
- }
-
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/exp.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/exp.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/exp.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/exp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,61 @@
+/* unused */
+
+#include <stdio.h>
+#include <openssl/tmdiff.h>
+#include "bn_lcl.h"
+
+#define SIZE 256
+#define NUM (8*8*8)
+#define MOD (8*8*8*8*8)
+
+main(argc, argv)
+int argc;
+char *argv[];
+{
+ BN_CTX ctx;
+ BIGNUM a, b, c, r, rr, t, l;
+ int j, i, size = SIZE, num = NUM, mod = MOD;
+ char *start, *end;
+ BN_MONT_CTX mont;
+ double d, md;
+
+ BN_MONT_CTX_init(&mont);
+ BN_CTX_init(&ctx);
+ BN_init(&a);
+ BN_init(&b);
+ BN_init(&c);
+ BN_init(&r);
+
+ start = ms_time_new();
+ end = ms_time_new();
+ while (size <= 1024 * 8) {
+ BN_rand(&a, size, 0, 0);
+ BN_rand(&b, size, 1, 0);
+ BN_rand(&c, size, 0, 1);
+
+ BN_mod(&a, &a, &c, &ctx);
+
+ ms_time_get(start);
+ for (i = 0; i < 10; i++)
+ BN_MONT_CTX_set(&mont, &c, &ctx);
+ ms_time_get(end);
+ md = ms_time_diff(start, end);
+
+ ms_time_get(start);
+ for (i = 0; i < num; i++) {
+ /* bn_mull(&r,&a,&b,&ctx); */
+ /* BN_sqr(&r,&a,&ctx); */
+ BN_mod_exp_mont(&r, &a, &b, &c, &ctx, &mont);
+ }
+ ms_time_get(end);
+ d = ms_time_diff(start, end) /* *50/33 */ ;
+ printf("%5d bit:%6.2f %6d %6.4f %4d m_set(%5.4f)\n", size,
+ d, num, d / num, (int)((d / num) * mod), md / 10.0);
+ num /= 8;
+ mod /= 8;
+ if (num <= 0)
+ num = 1;
+ size *= 2;
+ }
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/expspeed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/expspeed.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/expspeed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,353 +0,0 @@
-/* unused */
-
-/* crypto/bn/expspeed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#define BASENUM 5000
-#define NUM_START 0
-
-
-/* determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol,
- * modular inverse, or modular square roots */
-#define TEST_EXP
-#undef TEST_MUL
-#undef TEST_SQR
-#undef TEST_GCD
-#undef TEST_KRON
-#undef TEST_INV
-#undef TEST_SQRT
-#define P_MOD_64 9 /* least significant 6 bits for prime to be used for BN_sqrt timings */
-
-#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1
-# error "choose one test"
-#endif
-
-#if defined(TEST_INV) || defined(TEST_SQRT)
-# define C_PRIME
-static void genprime_cb(int p, int n, void *arg);
-#endif
-
-
-
-#undef PROG
-#define PROG bnspeed_main
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE ((long)1024*8)
-int run=0;
-
-static double Time_F(int s);
-#define START 0
-#define STOP 1
-
-static double Time_F(int s)
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret < 1e-3)?1e-3:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
- return((ret < 0.001)?0.001:ret);
- }
-#endif
- }
-
-#define NUM_SIZES 7
-#if NUM_START > NUM_SIZES
-# error "NUM_START > NUM_SIZES"
-#endif
-static int sizes[NUM_SIZES]={128,256,512,1024,2048,4096,8192};
-static int mul_c[NUM_SIZES]={8*8*8*8*8*8,8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
-/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
-
-#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); }
-
-void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx);
-
-int main(int argc, char **argv)
- {
- BN_CTX *ctx;
- BIGNUM *a,*b,*c,*r;
-
-#if 1
- if (!CRYPTO_set_mem_debug_functions(0,0,0,0,0))
- abort();
-#endif
-
- ctx=BN_CTX_new();
- a=BN_new();
- b=BN_new();
- c=BN_new();
- r=BN_new();
-
- while (!RAND_status())
- /* not enough bits */
- RAND_SEED("I demand a manual recount!");
-
- do_mul_exp(r,a,b,c,ctx);
- return 0;
- }
-
-void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
- {
- int i,k;
- double tm;
- long num;
-
- num=BASENUM;
- for (i=NUM_START; i<NUM_SIZES; i++)
- {
-#ifdef C_PRIME
-# ifdef TEST_SQRT
- if (!BN_set_word(a, 64)) goto err;
- if (!BN_set_word(b, P_MOD_64)) goto err;
-# define ADD a
-# define REM b
-# else
-# define ADD NULL
-# define REM NULL
-# endif
- if (!BN_generate_prime(c,sizes[i],0,ADD,REM,genprime_cb,NULL)) goto err;
- putc('\n', stderr);
- fflush(stderr);
-#endif
-
- for (k=0; k<num; k++)
- {
- if (k%50 == 0) /* Average over num/50 different choices of random numbers. */
- {
- if (!BN_pseudo_rand(a,sizes[i],1,0)) goto err;
-
- if (!BN_pseudo_rand(b,sizes[i],1,0)) goto err;
-
-#ifndef C_PRIME
- if (!BN_pseudo_rand(c,sizes[i],1,1)) goto err;
-#endif
-
-#ifdef TEST_SQRT
- if (!BN_mod_sqr(a,a,c,ctx)) goto err;
- if (!BN_mod_sqr(b,b,c,ctx)) goto err;
-#else
- if (!BN_nnmod(a,a,c,ctx)) goto err;
- if (!BN_nnmod(b,b,c,ctx)) goto err;
-#endif
-
- if (k == 0)
- Time_F(START);
- }
-
-#if defined(TEST_EXP)
- if (!BN_mod_exp(r,a,b,c,ctx)) goto err;
-#elif defined(TEST_MUL)
- {
- int i = 0;
- for (i = 0; i < 50; i++)
- if (!BN_mod_mul(r,a,b,c,ctx)) goto err;
- }
-#elif defined(TEST_SQR)
- {
- int i = 0;
- for (i = 0; i < 50; i++)
- {
- if (!BN_mod_sqr(r,a,c,ctx)) goto err;
- if (!BN_mod_sqr(r,b,c,ctx)) goto err;
- }
- }
-#elif defined(TEST_GCD)
- if (!BN_gcd(r,a,b,ctx)) goto err;
- if (!BN_gcd(r,b,c,ctx)) goto err;
- if (!BN_gcd(r,c,a,ctx)) goto err;
-#elif defined(TEST_KRON)
- if (-2 == BN_kronecker(a,b,ctx)) goto err;
- if (-2 == BN_kronecker(b,c,ctx)) goto err;
- if (-2 == BN_kronecker(c,a,ctx)) goto err;
-#elif defined(TEST_INV)
- if (!BN_mod_inverse(r,a,c,ctx)) goto err;
- if (!BN_mod_inverse(r,b,c,ctx)) goto err;
-#else /* TEST_SQRT */
- if (!BN_mod_sqrt(r,a,c,ctx)) goto err;
- if (!BN_mod_sqrt(r,b,c,ctx)) goto err;
-#endif
- }
- tm=Time_F(STOP);
- printf(
-#if defined(TEST_EXP)
- "modexp %4d ^ %4d %% %4d"
-#elif defined(TEST_MUL)
- "50*modmul %4d %4d %4d"
-#elif defined(TEST_SQR)
- "100*modsqr %4d %4d %4d"
-#elif defined(TEST_GCD)
- "3*gcd %4d %4d %4d"
-#elif defined(TEST_KRON)
- "3*kronecker %4d %4d %4d"
-#elif defined(TEST_INV)
- "2*inv %4d %4d mod %4d"
-#else /* TEST_SQRT */
- "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
-#endif
- " -> %8.6fms %5.1f (%ld)\n",
-#ifdef TEST_SQRT
- P_MOD_64,
-#endif
- sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num, num);
- num/=7;
- if (num <= 0) num=1;
- }
- return;
-
- err:
- ERR_print_errors_fp(stderr);
- }
-
-
-#ifdef C_PRIME
-static void genprime_cb(int p, int n, void *arg)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- putc(c, stderr);
- fflush(stderr);
- (void)n;
- (void)arg;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/expspeed.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/expspeed.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/expspeed.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/expspeed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,381 @@
+/* unused */
+
+/* crypto/bn/expspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* most of this code has been pilfered from my libdes speed.c program */
+
+#define BASENUM 5000
+#define NUM_START 0
+
+/*
+ * determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol,
+ * modular inverse, or modular square roots
+ */
+#define TEST_EXP
+#undef TEST_MUL
+#undef TEST_SQR
+#undef TEST_GCD
+#undef TEST_KRON
+#undef TEST_INV
+#undef TEST_SQRT
+#define P_MOD_64 9 /* least significant 6 bits for prime to be
+ * used for BN_sqrt timings */
+
+#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1
+# error "choose one test"
+#endif
+
+#if defined(TEST_INV) || defined(TEST_SQRT)
+# define C_PRIME
+static void genprime_cb(int p, int n, void *arg);
+#endif
+
+#undef PROG
+#define PROG bnspeed_main
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+# define TIMES
+#endif
+
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+
+/*
+ * Depending on the VMS version, the tms structure is perhaps defined. The
+ * __TMS macro will show if it was. If it wasn't defined, we should undefine
+ * TIMES, since that tells the rest of the program how things should be
+ * handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+
+#ifndef TIMES
+# include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run = 0;
+
+static double Time_F(int s);
+#define START 0
+#define STOP 1
+
+static double Time_F(int s)
+{
+ double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret < 1e-3) ? 1e-3 : ret);
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
+ return ((ret < 0.001) ? 0.001 : ret);
+ }
+#endif
+}
+
+#define NUM_SIZES 7
+#if NUM_START > NUM_SIZES
+# error "NUM_START > NUM_SIZES"
+#endif
+static int sizes[NUM_SIZES] = { 128, 256, 512, 1024, 2048, 4096, 8192 };
+
+static int mul_c[NUM_SIZES] =
+ { 8 * 8 * 8 * 8 * 8 * 8, 8 * 8 * 8 * 8 * 8, 8 * 8 * 8 * 8, 8 * 8 * 8,
+ 8 * 8, 8, 1
+};
+
+/*
+ * static int sizes[NUM_SIZES]={59,179,299,419,539};
+ */
+
+#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); }
+
+void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx);
+
+int main(int argc, char **argv)
+{
+ BN_CTX *ctx;
+ BIGNUM *a, *b, *c, *r;
+
+#if 1
+ if (!CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0))
+ abort();
+#endif
+
+ ctx = BN_CTX_new();
+ a = BN_new();
+ b = BN_new();
+ c = BN_new();
+ r = BN_new();
+
+ while (!RAND_status())
+ /* not enough bits */
+ RAND_SEED("I demand a manual recount!");
+
+ do_mul_exp(r, a, b, c, ctx);
+ return 0;
+}
+
+void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
+{
+ int i, k;
+ double tm;
+ long num;
+
+ num = BASENUM;
+ for (i = NUM_START; i < NUM_SIZES; i++) {
+#ifdef C_PRIME
+# ifdef TEST_SQRT
+ if (!BN_set_word(a, 64))
+ goto err;
+ if (!BN_set_word(b, P_MOD_64))
+ goto err;
+# define ADD a
+# define REM b
+# else
+# define ADD NULL
+# define REM NULL
+# endif
+ if (!BN_generate_prime(c, sizes[i], 0, ADD, REM, genprime_cb, NULL))
+ goto err;
+ putc('\n', stderr);
+ fflush(stderr);
+#endif
+
+ for (k = 0; k < num; k++) {
+ if (k % 50 == 0) { /* Average over num/50 different choices of
+ * random numbers. */
+ if (!BN_pseudo_rand(a, sizes[i], 1, 0))
+ goto err;
+
+ if (!BN_pseudo_rand(b, sizes[i], 1, 0))
+ goto err;
+
+#ifndef C_PRIME
+ if (!BN_pseudo_rand(c, sizes[i], 1, 1))
+ goto err;
+#endif
+
+#ifdef TEST_SQRT
+ if (!BN_mod_sqr(a, a, c, ctx))
+ goto err;
+ if (!BN_mod_sqr(b, b, c, ctx))
+ goto err;
+#else
+ if (!BN_nnmod(a, a, c, ctx))
+ goto err;
+ if (!BN_nnmod(b, b, c, ctx))
+ goto err;
+#endif
+
+ if (k == 0)
+ Time_F(START);
+ }
+#if defined(TEST_EXP)
+ if (!BN_mod_exp(r, a, b, c, ctx))
+ goto err;
+#elif defined(TEST_MUL)
+ {
+ int i = 0;
+ for (i = 0; i < 50; i++)
+ if (!BN_mod_mul(r, a, b, c, ctx))
+ goto err;
+ }
+#elif defined(TEST_SQR)
+ {
+ int i = 0;
+ for (i = 0; i < 50; i++) {
+ if (!BN_mod_sqr(r, a, c, ctx))
+ goto err;
+ if (!BN_mod_sqr(r, b, c, ctx))
+ goto err;
+ }
+ }
+#elif defined(TEST_GCD)
+ if (!BN_gcd(r, a, b, ctx))
+ goto err;
+ if (!BN_gcd(r, b, c, ctx))
+ goto err;
+ if (!BN_gcd(r, c, a, ctx))
+ goto err;
+#elif defined(TEST_KRON)
+ if (-2 == BN_kronecker(a, b, ctx))
+ goto err;
+ if (-2 == BN_kronecker(b, c, ctx))
+ goto err;
+ if (-2 == BN_kronecker(c, a, ctx))
+ goto err;
+#elif defined(TEST_INV)
+ if (!BN_mod_inverse(r, a, c, ctx))
+ goto err;
+ if (!BN_mod_inverse(r, b, c, ctx))
+ goto err;
+#else /* TEST_SQRT */
+ if (!BN_mod_sqrt(r, a, c, ctx))
+ goto err;
+ if (!BN_mod_sqrt(r, b, c, ctx))
+ goto err;
+#endif
+ }
+ tm = Time_F(STOP);
+ printf(
+#if defined(TEST_EXP)
+ "modexp %4d ^ %4d %% %4d"
+#elif defined(TEST_MUL)
+ "50*modmul %4d %4d %4d"
+#elif defined(TEST_SQR)
+ "100*modsqr %4d %4d %4d"
+#elif defined(TEST_GCD)
+ "3*gcd %4d %4d %4d"
+#elif defined(TEST_KRON)
+ "3*kronecker %4d %4d %4d"
+#elif defined(TEST_INV)
+ "2*inv %4d %4d mod %4d"
+#else /* TEST_SQRT */
+ "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
+#endif
+ " -> %8.6fms %5.1f (%ld)\n",
+#ifdef TEST_SQRT
+ P_MOD_64,
+#endif
+ sizes[i], sizes[i], sizes[i], tm * 1000.0 / num,
+ tm * mul_c[i] / num, num);
+ num /= 7;
+ if (num <= 0)
+ num = 1;
+ }
+ return;
+
+ err:
+ ERR_print_errors_fp(stderr);
+}
+
+#ifdef C_PRIME
+static void genprime_cb(int p, int n, void *arg)
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ putc(c, stderr);
+ fflush(stderr);
+ (void)n;
+ (void)arg;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/exptest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/exptest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/exptest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,247 +0,0 @@
-/* crypto/bn/exptest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-
-#define NUM_BITS (BN_BITS*2)
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-/* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */
-static int test_exp_mod_zero() {
- BIGNUM a, p, m;
- BIGNUM r;
- BN_CTX *ctx = BN_CTX_new();
- int ret = 1;
-
- BN_init(&m);
- BN_one(&m);
-
- BN_init(&a);
- BN_one(&a);
-
- BN_init(&p);
- BN_zero(&p);
-
- BN_init(&r);
- BN_mod_exp(&r, &a, &p, &m, ctx);
- BN_CTX_free(ctx);
-
- if (BN_is_zero(&r))
- ret = 0;
- else
- {
- printf("1**0 mod 1 = ");
- BN_print_fp(stdout, &r);
- printf(", should be 0\n");
- }
-
- BN_free(&r);
- BN_free(&a);
- BN_free(&p);
- BN_free(&m);
-
- return ret;
-}
-
-int main(int argc, char *argv[])
- {
- BN_CTX *ctx;
- BIO *out=NULL;
- int i,ret;
- unsigned char c;
- BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
-
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
- * even check its return value
- * (which we should) */
-
- ERR_load_BN_strings();
-
- ctx=BN_CTX_new();
- if (ctx == NULL) EXIT(1);
- r_mont=BN_new();
- r_mont_const=BN_new();
- r_recp=BN_new();
- r_simple=BN_new();
- a=BN_new();
- b=BN_new();
- m=BN_new();
- if ( (r_mont == NULL) || (r_recp == NULL) ||
- (a == NULL) || (b == NULL))
- goto err;
-
- out=BIO_new(BIO_s_file());
-
- if (out == NULL) EXIT(1);
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-
- for (i=0; i<200; i++)
- {
- RAND_bytes(&c,1);
- c=(c%BN_BITS)-BN_BITS2;
- BN_rand(a,NUM_BITS+c,0,0);
-
- RAND_bytes(&c,1);
- c=(c%BN_BITS)-BN_BITS2;
- BN_rand(b,NUM_BITS+c,0,0);
-
- RAND_bytes(&c,1);
- c=(c%BN_BITS)-BN_BITS2;
- BN_rand(m,NUM_BITS+c,0,1);
-
- BN_mod(a,a,m,ctx);
- BN_mod(b,b,m,ctx);
-
- ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
- if (ret <= 0)
- {
- printf("BN_mod_exp_mont() problems\n");
- ERR_print_errors(out);
- EXIT(1);
- }
-
- ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
- if (ret <= 0)
- {
- printf("BN_mod_exp_recp() problems\n");
- ERR_print_errors(out);
- EXIT(1);
- }
-
- ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
- if (ret <= 0)
- {
- printf("BN_mod_exp_simple() problems\n");
- ERR_print_errors(out);
- EXIT(1);
- }
-
- ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
- if (ret <= 0)
- {
- printf("BN_mod_exp_mont_consttime() problems\n");
- ERR_print_errors(out);
- EXIT(1);
- }
-
- if (BN_cmp(r_simple, r_mont) == 0
- && BN_cmp(r_simple,r_recp) == 0
- && BN_cmp(r_simple,r_mont_const) == 0)
- {
- printf(".");
- fflush(stdout);
- }
- else
- {
- if (BN_cmp(r_simple,r_mont) != 0)
- printf("\nsimple and mont results differ\n");
- if (BN_cmp(r_simple,r_mont) != 0)
- printf("\nsimple and mont const time results differ\n");
- if (BN_cmp(r_simple,r_recp) != 0)
- printf("\nsimple and recp results differ\n");
-
- printf("a (%3d) = ",BN_num_bits(a)); BN_print(out,a);
- printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
- printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
- printf("\nsimple ="); BN_print(out,r_simple);
- printf("\nrecp ="); BN_print(out,r_recp);
- printf("\nmont ="); BN_print(out,r_mont);
- printf("\nmont_ct ="); BN_print(out,r_mont_const);
- printf("\n");
- EXIT(1);
- }
- }
- BN_free(r_mont);
- BN_free(r_mont_const);
- BN_free(r_recp);
- BN_free(r_simple);
- BN_free(a);
- BN_free(b);
- BN_free(m);
- BN_CTX_free(ctx);
- ERR_remove_state(0);
- CRYPTO_mem_leaks(out);
- BIO_free(out);
- printf("\n");
-
- if (test_exp_mod_zero() != 0)
- goto err;
-
- printf("done\n");
-
- EXIT(0);
-err:
- ERR_load_crypto_strings();
- ERR_print_errors(out);
-#ifdef OPENSSL_SYS_NETWARE
- printf("ERROR\n");
-#endif
- EXIT(1);
- return(1);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/exptest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/exptest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/exptest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/exptest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,254 @@
+/* crypto/bn/exptest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#define NUM_BITS (BN_BITS*2)
+
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+
+/*
+ * Disabled for FIPS capable builds because they use the FIPS BIGNUM library
+ * which will fail this test.
+ */
+#ifndef OPENSSL_FIPS
+/*
+ * test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success.
+ */
+static int test_exp_mod_zero()
+{
+ BIGNUM a, p, m;
+ BIGNUM r;
+ BN_CTX *ctx = BN_CTX_new();
+ int ret = 1;
+
+ BN_init(&m);
+ BN_one(&m);
+
+ BN_init(&a);
+ BN_one(&a);
+
+ BN_init(&p);
+ BN_zero(&p);
+
+ BN_init(&r);
+ BN_mod_exp(&r, &a, &p, &m, ctx);
+ BN_CTX_free(ctx);
+
+ if (BN_is_zero(&r))
+ ret = 0;
+ else {
+ printf("1**0 mod 1 = ");
+ BN_print_fp(stdout, &r);
+ printf(", should be 0\n");
+ }
+
+ BN_free(&r);
+ BN_free(&a);
+ BN_free(&p);
+ BN_free(&m);
+
+ return ret;
+}
+#endif
+int main(int argc, char *argv[])
+{
+ BN_CTX *ctx;
+ BIO *out = NULL;
+ int i, ret;
+ unsigned char c;
+ BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m;
+
+ RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we
+ * don't even check its return
+ * value (which we should) */
+
+ ERR_load_BN_strings();
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ EXIT(1);
+ r_mont = BN_new();
+ r_mont_const = BN_new();
+ r_recp = BN_new();
+ r_simple = BN_new();
+ a = BN_new();
+ b = BN_new();
+ m = BN_new();
+ if ((r_mont == NULL) || (r_recp == NULL) || (a == NULL) || (b == NULL))
+ goto err;
+
+ out = BIO_new(BIO_s_file());
+
+ if (out == NULL)
+ EXIT(1);
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+
+ for (i = 0; i < 200; i++) {
+ RAND_bytes(&c, 1);
+ c = (c % BN_BITS) - BN_BITS2;
+ BN_rand(a, NUM_BITS + c, 0, 0);
+
+ RAND_bytes(&c, 1);
+ c = (c % BN_BITS) - BN_BITS2;
+ BN_rand(b, NUM_BITS + c, 0, 0);
+
+ RAND_bytes(&c, 1);
+ c = (c % BN_BITS) - BN_BITS2;
+ BN_rand(m, NUM_BITS + c, 0, 1);
+
+ BN_mod(a, a, m, ctx);
+ BN_mod(b, b, m, ctx);
+
+ ret = BN_mod_exp_mont(r_mont, a, b, m, ctx, NULL);
+ if (ret <= 0) {
+ printf("BN_mod_exp_mont() problems\n");
+ ERR_print_errors(out);
+ EXIT(1);
+ }
+
+ ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
+ if (ret <= 0) {
+ printf("BN_mod_exp_recp() problems\n");
+ ERR_print_errors(out);
+ EXIT(1);
+ }
+
+ ret = BN_mod_exp_simple(r_simple, a, b, m, ctx);
+ if (ret <= 0) {
+ printf("BN_mod_exp_simple() problems\n");
+ ERR_print_errors(out);
+ EXIT(1);
+ }
+
+ ret = BN_mod_exp_mont_consttime(r_mont_const, a, b, m, ctx, NULL);
+ if (ret <= 0) {
+ printf("BN_mod_exp_mont_consttime() problems\n");
+ ERR_print_errors(out);
+ EXIT(1);
+ }
+
+ if (BN_cmp(r_simple, r_mont) == 0
+ && BN_cmp(r_simple, r_recp) == 0
+ && BN_cmp(r_simple, r_mont_const) == 0) {
+ printf(".");
+ fflush(stdout);
+ } else {
+ if (BN_cmp(r_simple, r_mont) != 0)
+ printf("\nsimple and mont results differ\n");
+ if (BN_cmp(r_simple, r_mont) != 0)
+ printf("\nsimple and mont const time results differ\n");
+ if (BN_cmp(r_simple, r_recp) != 0)
+ printf("\nsimple and recp results differ\n");
+
+ printf("a (%3d) = ", BN_num_bits(a));
+ BN_print(out, a);
+ printf("\nb (%3d) = ", BN_num_bits(b));
+ BN_print(out, b);
+ printf("\nm (%3d) = ", BN_num_bits(m));
+ BN_print(out, m);
+ printf("\nsimple =");
+ BN_print(out, r_simple);
+ printf("\nrecp =");
+ BN_print(out, r_recp);
+ printf("\nmont =");
+ BN_print(out, r_mont);
+ printf("\nmont_ct =");
+ BN_print(out, r_mont_const);
+ printf("\n");
+ EXIT(1);
+ }
+ }
+ BN_free(r_mont);
+ BN_free(r_mont_const);
+ BN_free(r_recp);
+ BN_free(r_simple);
+ BN_free(a);
+ BN_free(b);
+ BN_free(m);
+ BN_CTX_free(ctx);
+ ERR_remove_state(0);
+ CRYPTO_mem_leaks(out);
+ BIO_free(out);
+ printf("\n");
+#ifndef OPENSSL_FIPS
+ if (test_exp_mod_zero() != 0)
+ goto err;
+#endif
+ printf("done\n");
+
+ EXIT(0);
+ err:
+ ERR_load_crypto_strings();
+ ERR_print_errors(out);
+#ifdef OPENSSL_SYS_NETWARE
+ printf("ERROR\n");
+#endif
+ EXIT(1);
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/bn/vms-helper.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/bn/vms-helper.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/vms-helper.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,68 +0,0 @@
-/* vms-helper.c */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-bn_div_words_abort(int i)
-{
-#ifdef BN_DEBUG
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
- fprintf(stderr,"Division would overflow (%d)\n",i);
-#endif
- abort();
-#endif
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/bn/vms-helper.c (from rev 6976, vendor-crypto/openssl/dist/crypto/bn/vms-helper.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/bn/vms-helper.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/bn/vms-helper.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,68 @@
+/* vms-helper.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+bn_div_words_abort(int i)
+{
+#ifdef BN_DEBUG
+# if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+ fprintf(stderr, "Division would overflow (%d)\n", i);
+# endif
+ abort();
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/buffer/buf_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,99 +0,0 @@
-/* crypto/buffer/buf_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/buffer.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
-
-static ERR_STRING_DATA BUF_str_functs[]=
- {
-{ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"},
-{ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"},
-{ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"},
-{ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"},
-{ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"},
-{ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA BUF_str_reasons[]=
- {
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_BUF_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(BUF_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,BUF_str_functs);
- ERR_load_strings(0,BUF_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/buffer/buf_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,97 @@
+/* crypto/buffer/buf_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
+
+static ERR_STRING_DATA BUF_str_functs[] = {
+ {ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"},
+ {ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"},
+ {ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"},
+ {ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"},
+ {ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"},
+ {ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA BUF_str_reasons[] = {
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_BUF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, BUF_str_functs);
+ ERR_load_strings(0, BUF_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_str.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/buffer/buf_str.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_str.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,116 +0,0 @@
-/* crypto/buffer/buf_str.c */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-
-char *BUF_strdup(const char *str)
- {
- if (str == NULL) return(NULL);
- return BUF_strndup(str, strlen(str));
- }
-
-char *BUF_strndup(const char *str, size_t siz)
- {
- char *ret;
-
- if (str == NULL) return(NULL);
-
- ret=OPENSSL_malloc(siz+1);
- if (ret == NULL)
- {
- BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- BUF_strlcpy(ret,str,siz+1);
- return(ret);
- }
-
-void *BUF_memdup(const void *data, size_t siz)
- {
- void *ret;
-
- if (data == NULL) return(NULL);
-
- ret=OPENSSL_malloc(siz);
- if (ret == NULL)
- {
- BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- return memcpy(ret, data, siz);
- }
-
-size_t BUF_strlcpy(char *dst, const char *src, size_t size)
- {
- size_t l = 0;
- for(; size > 1 && *src; size--)
- {
- *dst++ = *src++;
- l++;
- }
- if (size)
- *dst = '\0';
- return l + strlen(src);
- }
-
-size_t BUF_strlcat(char *dst, const char *src, size_t size)
- {
- size_t l = 0;
- for(; size > 0 && *dst; size--, dst++)
- l++;
- return l + BUF_strlcpy(dst, src, size);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_str.c (from rev 6976, vendor-crypto/openssl/dist/crypto/buffer/buf_str.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_str.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/buffer/buf_str.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,116 @@
+/* crypto/buffer/buf_str.c */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+
+char *BUF_strdup(const char *str)
+{
+ if (str == NULL)
+ return (NULL);
+ return BUF_strndup(str, strlen(str));
+}
+
+char *BUF_strndup(const char *str, size_t siz)
+{
+ char *ret;
+
+ if (str == NULL)
+ return (NULL);
+
+ ret = OPENSSL_malloc(siz + 1);
+ if (ret == NULL) {
+ BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ BUF_strlcpy(ret, str, siz + 1);
+ return (ret);
+}
+
+void *BUF_memdup(const void *data, size_t siz)
+{
+ void *ret;
+
+ if (data == NULL)
+ return (NULL);
+
+ ret = OPENSSL_malloc(siz);
+ if (ret == NULL) {
+ BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ return memcpy(ret, data, siz);
+}
+
+size_t BUF_strlcpy(char *dst, const char *src, size_t size)
+{
+ size_t l = 0;
+ for (; size > 1 && *src; size--) {
+ *dst++ = *src++;
+ l++;
+ }
+ if (size)
+ *dst = '\0';
+ return l + strlen(src);
+}
+
+size_t BUF_strlcat(char *dst, const char *src, size_t size)
+{
+ size_t l = 0;
+ for (; size > 0 && *dst; size--, dst++)
+ l++;
+ return l + BUF_strlcpy(dst, src, size);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/buffer/buffer.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,190 +0,0 @@
-/* crypto/buffer/buffer.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-
-/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
- * function is applied in several functions in this file and this limit ensures
- * that the result fits in an int. */
-#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
-
-BUF_MEM *BUF_MEM_new(void)
- {
- BUF_MEM *ret;
-
- ret=OPENSSL_malloc(sizeof(BUF_MEM));
- if (ret == NULL)
- {
- BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- ret->length=0;
- ret->max=0;
- ret->data=NULL;
- return(ret);
- }
-
-void BUF_MEM_free(BUF_MEM *a)
- {
- if(a == NULL)
- return;
-
- if (a->data != NULL)
- {
- memset(a->data,0,(unsigned int)a->max);
- OPENSSL_free(a->data);
- }
- OPENSSL_free(a);
- }
-
-int BUF_MEM_grow(BUF_MEM *str, int len)
- {
- char *ret;
- unsigned int n;
-
- if (len < 0)
- {
- BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if (str->length >= len)
- {
- str->length=len;
- return(len);
- }
- if (str->max >= len)
- {
- memset(&str->data[str->length],0,len-str->length);
- str->length=len;
- return(len);
- }
- /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
- if (len > LIMIT_BEFORE_EXPANSION)
- {
- BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- n=(len+3)/3*4;
- if (str->data == NULL)
- ret=OPENSSL_malloc(n);
- else
- ret=OPENSSL_realloc(str->data,n);
- if (ret == NULL)
- {
- BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
- len=0;
- }
- else
- {
- str->data=ret;
- str->max=n;
- memset(&str->data[str->length],0,len-str->length);
- str->length=len;
- }
- return(len);
- }
-
-int BUF_MEM_grow_clean(BUF_MEM *str, int len)
- {
- char *ret;
- unsigned int n;
-
- if (len < 0)
- {
- BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if (str->length >= len)
- {
- memset(&str->data[len],0,str->length-len);
- str->length=len;
- return(len);
- }
- if (str->max >= len)
- {
- memset(&str->data[str->length],0,len-str->length);
- str->length=len;
- return(len);
- }
- /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
- if (len > LIMIT_BEFORE_EXPANSION)
- {
- BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- n=(len+3)/3*4;
- if (str->data == NULL)
- ret=OPENSSL_malloc(n);
- else
- ret=OPENSSL_realloc_clean(str->data,str->max,n);
- if (ret == NULL)
- {
- BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
- len=0;
- }
- else
- {
- str->data=ret;
- str->max=n;
- memset(&str->data[str->length],0,len-str->length);
- str->length=len;
- }
- return(len);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.c (from rev 6976, vendor-crypto/openssl/dist/crypto/buffer/buffer.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,176 @@
+/* crypto/buffer/buffer.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+
+/*
+ * LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
+ * function is applied in several functions in this file and this limit
+ * ensures that the result fits in an int.
+ */
+#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
+
+BUF_MEM *BUF_MEM_new(void)
+{
+ BUF_MEM *ret;
+
+ ret = OPENSSL_malloc(sizeof(BUF_MEM));
+ if (ret == NULL) {
+ BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ ret->length = 0;
+ ret->max = 0;
+ ret->data = NULL;
+ return (ret);
+}
+
+void BUF_MEM_free(BUF_MEM *a)
+{
+ if (a == NULL)
+ return;
+
+ if (a->data != NULL) {
+ memset(a->data, 0, (unsigned int)a->max);
+ OPENSSL_free(a->data);
+ }
+ OPENSSL_free(a);
+}
+
+int BUF_MEM_grow(BUF_MEM *str, int len)
+{
+ char *ret;
+ unsigned int n;
+
+ if (len < 0) {
+ BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (str->length >= len) {
+ str->length = len;
+ return (len);
+ }
+ if (str->max >= len) {
+ memset(&str->data[str->length], 0, len - str->length);
+ str->length = len;
+ return (len);
+ }
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION) {
+ BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ n = (len + 3) / 3 * 4;
+ if (str->data == NULL)
+ ret = OPENSSL_malloc(n);
+ else
+ ret = OPENSSL_realloc(str->data, n);
+ if (ret == NULL) {
+ BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+ len = 0;
+ } else {
+ str->data = ret;
+ str->max = n;
+ memset(&str->data[str->length], 0, len - str->length);
+ str->length = len;
+ }
+ return (len);
+}
+
+int BUF_MEM_grow_clean(BUF_MEM *str, int len)
+{
+ char *ret;
+ unsigned int n;
+
+ if (len < 0) {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (str->length >= len) {
+ memset(&str->data[len], 0, str->length - len);
+ str->length = len;
+ return (len);
+ }
+ if (str->max >= len) {
+ memset(&str->data[str->length], 0, len - str->length);
+ str->length = len;
+ return (len);
+ }
+ /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ if (len > LIMIT_BEFORE_EXPANSION) {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ n = (len + 3) / 3 * 4;
+ if (str->data == NULL)
+ ret = OPENSSL_malloc(n);
+ else
+ ret = OPENSSL_realloc_clean(str->data, str->max, n);
+ if (ret == NULL) {
+ BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+ len = 0;
+ } else {
+ str->data = ret;
+ str->max = n;
+ memset(&str->data[str->length], 0, len - str->length);
+ str->length = len;
+ }
+ return (len);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/buffer/buffer.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,118 +0,0 @@
-/* crypto/buffer/buffer.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_BUFFER_H
-#define HEADER_BUFFER_H
-
-#include <openssl/ossl_typ.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <stddef.h>
-
-#if !defined(NO_SYS_TYPES_H)
-#include <sys/types.h>
-#endif
-
-/* Already declared in ossl_typ.h */
-/* typedef struct buf_mem_st BUF_MEM; */
-
-struct buf_mem_st
- {
- int length; /* current number of bytes */
- char *data;
- int max; /* size of buffer */
- };
-
-BUF_MEM *BUF_MEM_new(void);
-void BUF_MEM_free(BUF_MEM *a);
-int BUF_MEM_grow(BUF_MEM *str, int len);
-int BUF_MEM_grow_clean(BUF_MEM *str, int len);
-char * BUF_strdup(const char *str);
-char * BUF_strndup(const char *str, size_t siz);
-void * BUF_memdup(const void *data, size_t siz);
-
-/* safe string functions */
-size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
-size_t BUF_strlcat(char *dst,const char *src,size_t siz);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_BUF_strings(void);
-
-/* Error codes for the BUF functions. */
-
-/* Function codes. */
-#define BUF_F_BUF_MEMDUP 103
-#define BUF_F_BUF_MEM_GROW 100
-#define BUF_F_BUF_MEM_GROW_CLEAN 105
-#define BUF_F_BUF_MEM_NEW 101
-#define BUF_F_BUF_STRDUP 102
-#define BUF_F_BUF_STRNDUP 104
-
-/* Reason codes. */
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.h (from rev 6976, vendor-crypto/openssl/dist/crypto/buffer/buffer.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/buffer/buffer.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,117 @@
+/* crypto/buffer/buffer.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BUFFER_H
+# define HEADER_BUFFER_H
+
+# include <openssl/ossl_typ.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# include <stddef.h>
+
+# if !defined(NO_SYS_TYPES_H)
+# include <sys/types.h>
+# endif
+
+/* Already declared in ossl_typ.h */
+/* typedef struct buf_mem_st BUF_MEM; */
+
+struct buf_mem_st {
+ int length; /* current number of bytes */
+ char *data;
+ int max; /* size of buffer */
+};
+
+BUF_MEM *BUF_MEM_new(void);
+void BUF_MEM_free(BUF_MEM *a);
+int BUF_MEM_grow(BUF_MEM *str, int len);
+int BUF_MEM_grow_clean(BUF_MEM *str, int len);
+char *BUF_strdup(const char *str);
+char *BUF_strndup(const char *str, size_t siz);
+void *BUF_memdup(const void *data, size_t siz);
+
+/* safe string functions */
+size_t BUF_strlcpy(char *dst, const char *src, size_t siz);
+size_t BUF_strlcat(char *dst, const char *src, size_t siz);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BUF_strings(void);
+
+/* Error codes for the BUF functions. */
+
+/* Function codes. */
+# define BUF_F_BUF_MEMDUP 103
+# define BUF_F_BUF_MEM_GROW 100
+# define BUF_F_BUF_MEM_GROW_CLEAN 105
+# define BUF_F_BUF_MEM_NEW 101
+# define BUF_F_BUF_STRDUP 102
+# define BUF_F_BUF_STRNDUP 104
+
+/* Reason codes. */
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/camellia.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1624 +0,0 @@
-/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
- * ALL RIGHTS RESERVED.
- *
- * Intellectual Property information for Camellia:
- * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
- *
- * News Release for Announcement of Camellia open source:
- * http://www.ntt.co.jp/news/news06e/0604/060413a.html
- *
- * The Camellia Code included herein is developed by
- * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
- * to the OpenSSL project.
- *
- * The Camellia Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-/* Algorithm Specification
- http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
-*/
-
-
-#include <string.h>
-#include <stdlib.h>
-
-#include "camellia.h"
-#include "cmll_locl.h"
-
-/* key constants */
-#define CAMELLIA_SIGMA1L (0xA09E667FL)
-#define CAMELLIA_SIGMA1R (0x3BCC908BL)
-#define CAMELLIA_SIGMA2L (0xB67AE858L)
-#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
-#define CAMELLIA_SIGMA3L (0xC6EF372FL)
-#define CAMELLIA_SIGMA3R (0xE94F82BEL)
-#define CAMELLIA_SIGMA4L (0x54FF53A5L)
-#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
-#define CAMELLIA_SIGMA5L (0x10E527FAL)
-#define CAMELLIA_SIGMA5R (0xDE682D1DL)
-#define CAMELLIA_SIGMA6L (0xB05688C2L)
-#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
-
-/*
- * macros
- */
-
-/* e is pointer of subkey */
-#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
-#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
-
-/* rotation right shift 1byte */
-#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
-/* rotation left shift 1bit */
-#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
-/* rotation left shift 1byte */
-#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
-
-#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
-do \
- { \
- w0 = ll; \
- ll = (ll << bits) + (lr >> (32 - bits)); \
- lr = (lr << bits) + (rl >> (32 - bits)); \
- rl = (rl << bits) + (rr >> (32 - bits)); \
- rr = (rr << bits) + (w0 >> (32 - bits)); \
- } while(0)
-
-#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
-do \
- { \
- w0 = ll; \
- w1 = lr; \
- ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
- lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
- rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
- rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
- } while(0)
-
-#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
-#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
-#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
-#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
-
-#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
-do \
- { \
- il = xl ^ kl; \
- ir = xr ^ kr; \
- t0 = il >> 16; \
- t1 = ir >> 16; \
- yl = CAMELLIA_SP1110(ir & 0xff) \
- ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
- ^ CAMELLIA_SP3033(t1 & 0xff) \
- ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
- yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
- ^ CAMELLIA_SP0222(t0 & 0xff) \
- ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
- ^ CAMELLIA_SP4404(il & 0xff); \
- yl ^= yr; \
- yr = CAMELLIA_RR8(yr); \
- yr ^= yl; \
- } while(0)
-
-
-/*
- * for speed up
- *
- */
-#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
-do \
- { \
- t0 = kll; \
- t0 &= ll; \
- lr ^= CAMELLIA_RL1(t0); \
- t1 = klr; \
- t1 |= lr; \
- ll ^= t1; \
- \
- t2 = krr; \
- t2 |= rr; \
- rl ^= t2; \
- t3 = krl; \
- t3 &= rl; \
- rr ^= CAMELLIA_RL1(t3); \
- } while(0)
-
-#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
-do \
- { \
- il = xl; \
- ir = xr; \
- t0 = il >> 16; \
- t1 = ir >> 16; \
- ir = CAMELLIA_SP1110(ir & 0xff) \
- ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
- ^ CAMELLIA_SP3033(t1 & 0xff) \
- ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
- il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
- ^ CAMELLIA_SP0222(t0 & 0xff) \
- ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
- ^ CAMELLIA_SP4404(il & 0xff); \
- il ^= kl; \
- ir ^= kr; \
- ir ^= il; \
- il = CAMELLIA_RR8(il); \
- il ^= ir; \
- yl ^= ir; \
- yr ^= il; \
- } while(0)
-
-static const u32 camellia_sp1110[256] =
- {
- 0x70707000,0x82828200,0x2c2c2c00,0xececec00,
- 0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
- 0xe4e4e400,0x85858500,0x57575700,0x35353500,
- 0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
- 0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
- 0x45454500,0x19191900,0xa5a5a500,0x21212100,
- 0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
- 0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
- 0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
- 0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
- 0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
- 0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
- 0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
- 0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
- 0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
- 0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
- 0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
- 0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
- 0x74747400,0x12121200,0x2b2b2b00,0x20202000,
- 0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
- 0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
- 0x34343400,0x7e7e7e00,0x76767600,0x05050500,
- 0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
- 0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
- 0x14141400,0x58585800,0x3a3a3a00,0x61616100,
- 0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
- 0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
- 0x53535300,0x18181800,0xf2f2f200,0x22222200,
- 0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
- 0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
- 0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
- 0x60606000,0xfcfcfc00,0x69696900,0x50505000,
- 0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
- 0xa1a1a100,0x89898900,0x62626200,0x97979700,
- 0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
- 0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
- 0x10101000,0xc4c4c400,0x00000000,0x48484800,
- 0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
- 0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
- 0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
- 0x87878700,0x5c5c5c00,0x83838300,0x02020200,
- 0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
- 0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
- 0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
- 0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
- 0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
- 0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
- 0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
- 0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
- 0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
- 0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
- 0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
- 0x78787800,0x98989800,0x06060600,0x6a6a6a00,
- 0xe7e7e700,0x46464600,0x71717100,0xbababa00,
- 0xd4d4d400,0x25252500,0xababab00,0x42424200,
- 0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
- 0x72727200,0x07070700,0xb9b9b900,0x55555500,
- 0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
- 0x36363600,0x49494900,0x2a2a2a00,0x68686800,
- 0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
- 0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
- 0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
- 0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
- 0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
- };
-
-static const u32 camellia_sp0222[256] =
- {
- 0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
- 0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
- 0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
- 0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
- 0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
- 0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
- 0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
- 0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
- 0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
- 0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
- 0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
- 0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
- 0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
- 0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
- 0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
- 0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
- 0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
- 0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
- 0x00e8e8e8,0x00242424,0x00565656,0x00404040,
- 0x00e1e1e1,0x00636363,0x00090909,0x00333333,
- 0x00bfbfbf,0x00989898,0x00979797,0x00858585,
- 0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
- 0x00dadada,0x006f6f6f,0x00535353,0x00626262,
- 0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
- 0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
- 0x00bdbdbd,0x00363636,0x00222222,0x00383838,
- 0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
- 0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
- 0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
- 0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
- 0x00484848,0x00101010,0x00d1d1d1,0x00515151,
- 0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
- 0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
- 0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
- 0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
- 0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
- 0x00202020,0x00898989,0x00000000,0x00909090,
- 0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
- 0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
- 0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
- 0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
- 0x009b9b9b,0x00949494,0x00212121,0x00666666,
- 0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
- 0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
- 0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
- 0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
- 0x00030303,0x002d2d2d,0x00dedede,0x00969696,
- 0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
- 0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
- 0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
- 0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
- 0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
- 0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
- 0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
- 0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
- 0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
- 0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
- 0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
- 0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
- 0x00787878,0x00707070,0x00e3e3e3,0x00494949,
- 0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
- 0x00777777,0x00939393,0x00868686,0x00838383,
- 0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
- 0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
- };
-
-static const u32 camellia_sp3033[256] =
- {
- 0x38003838,0x41004141,0x16001616,0x76007676,
- 0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
- 0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
- 0x75007575,0x06000606,0x57005757,0xa000a0a0,
- 0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
- 0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
- 0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
- 0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
- 0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
- 0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
- 0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
- 0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
- 0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
- 0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
- 0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
- 0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
- 0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
- 0xfd00fdfd,0x66006666,0x58005858,0x96009696,
- 0x3a003a3a,0x09000909,0x95009595,0x10001010,
- 0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
- 0xef00efef,0x26002626,0xe500e5e5,0x61006161,
- 0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
- 0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
- 0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
- 0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
- 0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
- 0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
- 0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
- 0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
- 0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
- 0x12001212,0x04000404,0x74007474,0x54005454,
- 0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
- 0x55005555,0x68006868,0x50005050,0xbe00bebe,
- 0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
- 0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
- 0x70007070,0xff00ffff,0x32003232,0x69006969,
- 0x08000808,0x62006262,0x00000000,0x24002424,
- 0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
- 0x45004545,0x81008181,0x73007373,0x6d006d6d,
- 0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
- 0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
- 0xe600e6e6,0x25002525,0x48004848,0x99009999,
- 0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
- 0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
- 0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
- 0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
- 0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
- 0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
- 0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
- 0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
- 0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
- 0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
- 0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
- 0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
- 0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
- 0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
- 0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
- 0x7c007c7c,0x77007777,0x56005656,0x05000505,
- 0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
- 0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
- 0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
- 0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
- 0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
- 0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
- };
-
-static const u32 camellia_sp4404[256] =
- {
- 0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
- 0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
- 0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
- 0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
- 0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
- 0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
- 0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
- 0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
- 0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
- 0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
- 0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
- 0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
- 0x14140014,0x3a3a003a,0xdede00de,0x11110011,
- 0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
- 0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
- 0x24240024,0xe8e800e8,0x60600060,0x69690069,
- 0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
- 0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
- 0x10100010,0x00000000,0xa3a300a3,0x75750075,
- 0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
- 0x87870087,0x83830083,0xcdcd00cd,0x90900090,
- 0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
- 0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
- 0x81810081,0x6f6f006f,0x13130013,0x63630063,
- 0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
- 0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
- 0x78780078,0x06060006,0xe7e700e7,0x71710071,
- 0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
- 0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
- 0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
- 0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
- 0x15150015,0xadad00ad,0x77770077,0x80800080,
- 0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
- 0x85850085,0x35350035,0x0c0c000c,0x41410041,
- 0xefef00ef,0x93930093,0x19190019,0x21210021,
- 0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
- 0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
- 0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
- 0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
- 0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
- 0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
- 0x12120012,0x20200020,0xb1b100b1,0x99990099,
- 0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
- 0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
- 0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
- 0x0f0f000f,0x16160016,0x18180018,0x22220022,
- 0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
- 0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
- 0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
- 0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
- 0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
- 0x03030003,0xdada00da,0x3f3f003f,0x94940094,
- 0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
- 0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
- 0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
- 0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
- 0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
- 0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
- 0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
- 0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
- 0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
- 0x49490049,0x68680068,0x38380038,0xa4a400a4,
- 0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
- 0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
- };
-
-/**
- * Stuff related to the Camellia key schedule
- */
-#define subl(x) subL[(x)]
-#define subr(x) subR[(x)]
-
-void camellia_setup128(const u8 *key, u32 *subkey)
- {
- u32 kll, klr, krl, krr;
- u32 il, ir, t0, t1, w0, w1;
- u32 kw4l, kw4r, dw, tl, tr;
- u32 subL[26];
- u32 subR[26];
-
- /**
- * k == kll || klr || krl || krr (|| is concatination)
- */
- kll = GETU32(key );
- klr = GETU32(key + 4);
- krl = GETU32(key + 8);
- krr = GETU32(key + 12);
- /**
- * generate KL dependent subkeys
- */
- /* kw1 */
- subl(0) = kll; subr(0) = klr;
- /* kw2 */
- subl(1) = krl; subr(1) = krr;
- /* rotation left shift 15bit */
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- /* k3 */
- subl(4) = kll; subr(4) = klr;
- /* k4 */
- subl(5) = krl; subr(5) = krr;
- /* rotation left shift 15+30bit */
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
- /* k7 */
- subl(10) = kll; subr(10) = klr;
- /* k8 */
- subl(11) = krl; subr(11) = krr;
- /* rotation left shift 15+30+15bit */
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- /* k10 */
- subl(13) = krl; subr(13) = krr;
- /* rotation left shift 15+30+15+17 bit */
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- /* kl3 */
- subl(16) = kll; subr(16) = klr;
- /* kl4 */
- subl(17) = krl; subr(17) = krr;
- /* rotation left shift 15+30+15+17+17 bit */
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- /* k13 */
- subl(18) = kll; subr(18) = klr;
- /* k14 */
- subl(19) = krl; subr(19) = krr;
- /* rotation left shift 15+30+15+17+17+17 bit */
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- /* k17 */
- subl(22) = kll; subr(22) = klr;
- /* k18 */
- subl(23) = krl; subr(23) = krr;
-
- /* generate KA */
- kll = subl(0); klr = subr(0);
- krl = subl(1); krr = subr(1);
- CAMELLIA_F(kll, klr,
- CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
- w0, w1, il, ir, t0, t1);
- krl ^= w0; krr ^= w1;
- CAMELLIA_F(krl, krr,
- CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
- kll, klr, il, ir, t0, t1);
- /* current status == (kll, klr, w0, w1) */
- CAMELLIA_F(kll, klr,
- CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
- krl, krr, il, ir, t0, t1);
- krl ^= w0; krr ^= w1;
- CAMELLIA_F(krl, krr,
- CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
- w0, w1, il, ir, t0, t1);
- kll ^= w0; klr ^= w1;
-
- /* generate KA dependent subkeys */
- /* k1, k2 */
- subl(2) = kll; subr(2) = klr;
- subl(3) = krl; subr(3) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- /* k5,k6 */
- subl(6) = kll; subr(6) = klr;
- subl(7) = krl; subr(7) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- /* kl1, kl2 */
- subl(8) = kll; subr(8) = klr;
- subl(9) = krl; subr(9) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- /* k9 */
- subl(12) = kll; subr(12) = klr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- /* k11, k12 */
- subl(14) = kll; subr(14) = klr;
- subl(15) = krl; subr(15) = krr;
- CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
- /* k15, k16 */
- subl(20) = kll; subr(20) = klr;
- subl(21) = krl; subr(21) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- /* kw3, kw4 */
- subl(24) = kll; subr(24) = klr;
- subl(25) = krl; subr(25) = krr;
-
-
- /* absorb kw2 to other subkeys */
-/* round 2 */
- subl(3) ^= subl(1); subr(3) ^= subr(1);
-/* round 4 */
- subl(5) ^= subl(1); subr(5) ^= subr(1);
-/* round 6 */
- subl(7) ^= subl(1); subr(7) ^= subr(1);
- subl(1) ^= subr(1) & ~subr(9);
- dw = subl(1) & subl(9),
- subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
-/* round 8 */
- subl(11) ^= subl(1); subr(11) ^= subr(1);
-/* round 10 */
- subl(13) ^= subl(1); subr(13) ^= subr(1);
-/* round 12 */
- subl(15) ^= subl(1); subr(15) ^= subr(1);
- subl(1) ^= subr(1) & ~subr(17);
- dw = subl(1) & subl(17),
- subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
-/* round 14 */
- subl(19) ^= subl(1); subr(19) ^= subr(1);
-/* round 16 */
- subl(21) ^= subl(1); subr(21) ^= subr(1);
-/* round 18 */
- subl(23) ^= subl(1); subr(23) ^= subr(1);
-/* kw3 */
- subl(24) ^= subl(1); subr(24) ^= subr(1);
-
- /* absorb kw4 to other subkeys */
- kw4l = subl(25); kw4r = subr(25);
-/* round 17 */
- subl(22) ^= kw4l; subr(22) ^= kw4r;
-/* round 15 */
- subl(20) ^= kw4l; subr(20) ^= kw4r;
-/* round 13 */
- subl(18) ^= kw4l; subr(18) ^= kw4r;
- kw4l ^= kw4r & ~subr(16);
- dw = kw4l & subl(16),
- kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
-/* round 11 */
- subl(14) ^= kw4l; subr(14) ^= kw4r;
-/* round 9 */
- subl(12) ^= kw4l; subr(12) ^= kw4r;
-/* round 7 */
- subl(10) ^= kw4l; subr(10) ^= kw4r;
- kw4l ^= kw4r & ~subr(8);
- dw = kw4l & subl(8),
- kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
-/* round 5 */
- subl(6) ^= kw4l; subr(6) ^= kw4r;
-/* round 3 */
- subl(4) ^= kw4l; subr(4) ^= kw4r;
-/* round 1 */
- subl(2) ^= kw4l; subr(2) ^= kw4r;
-/* kw1 */
- subl(0) ^= kw4l; subr(0) ^= kw4r;
-
-
- /* key XOR is end of F-function */
- CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
- CamelliaSubkeyR(0) = subr(0) ^ subr(2);
- CamelliaSubkeyL(2) = subl(3); /* round 1 */
- CamelliaSubkeyR(2) = subr(3);
- CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
- CamelliaSubkeyR(3) = subr(2) ^ subr(4);
- CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
- CamelliaSubkeyR(4) = subr(3) ^ subr(5);
- CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
- CamelliaSubkeyR(5) = subr(4) ^ subr(6);
- CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
- CamelliaSubkeyR(6) = subr(5) ^ subr(7);
- tl = subl(10) ^ (subr(10) & ~subr(8));
- dw = tl & subl(8), /* FL(kl1) */
- tr = subr(10) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
- CamelliaSubkeyR(7) = subr(6) ^ tr;
- CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
- CamelliaSubkeyR(8) = subr(8);
- CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
- CamelliaSubkeyR(9) = subr(9);
- tl = subl(7) ^ (subr(7) & ~subr(9));
- dw = tl & subl(9), /* FLinv(kl2) */
- tr = subr(7) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
- CamelliaSubkeyR(10) = tr ^ subr(11);
- CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
- CamelliaSubkeyR(11) = subr(10) ^ subr(12);
- CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
- CamelliaSubkeyR(12) = subr(11) ^ subr(13);
- CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
- CamelliaSubkeyR(13) = subr(12) ^ subr(14);
- CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
- CamelliaSubkeyR(14) = subr(13) ^ subr(15);
- tl = subl(18) ^ (subr(18) & ~subr(16));
- dw = tl & subl(16), /* FL(kl3) */
- tr = subr(18) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
- CamelliaSubkeyR(15) = subr(14) ^ tr;
- CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
- CamelliaSubkeyR(16) = subr(16);
- CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
- CamelliaSubkeyR(17) = subr(17);
- tl = subl(15) ^ (subr(15) & ~subr(17));
- dw = tl & subl(17), /* FLinv(kl4) */
- tr = subr(15) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
- CamelliaSubkeyR(18) = tr ^ subr(19);
- CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
- CamelliaSubkeyR(19) = subr(18) ^ subr(20);
- CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
- CamelliaSubkeyR(20) = subr(19) ^ subr(21);
- CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
- CamelliaSubkeyR(21) = subr(20) ^ subr(22);
- CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
- CamelliaSubkeyR(22) = subr(21) ^ subr(23);
- CamelliaSubkeyL(23) = subl(22); /* round 18 */
- CamelliaSubkeyR(23) = subr(22);
- CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
- CamelliaSubkeyR(24) = subr(24) ^ subr(23);
-
- /* apply the inverse of the last half of P-function */
- dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
- dw = CAMELLIA_RL8(dw);/* round 1 */
- CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
- CamelliaSubkeyL(2) = dw;
- dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
- dw = CAMELLIA_RL8(dw);/* round 2 */
- CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
- CamelliaSubkeyL(3) = dw;
- dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
- dw = CAMELLIA_RL8(dw);/* round 3 */
- CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
- CamelliaSubkeyL(4) = dw;
- dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
- dw = CAMELLIA_RL8(dw);/* round 4 */
- CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
- CamelliaSubkeyL(5) = dw;
- dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
- dw = CAMELLIA_RL8(dw);/* round 5 */
- CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
- CamelliaSubkeyL(6) = dw;
- dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
- dw = CAMELLIA_RL8(dw);/* round 6 */
- CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
- CamelliaSubkeyL(7) = dw;
- dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
- dw = CAMELLIA_RL8(dw);/* round 7 */
- CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
- CamelliaSubkeyL(10) = dw;
- dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
- dw = CAMELLIA_RL8(dw);/* round 8 */
- CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
- CamelliaSubkeyL(11) = dw;
- dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
- dw = CAMELLIA_RL8(dw);/* round 9 */
- CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
- CamelliaSubkeyL(12) = dw;
- dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
- dw = CAMELLIA_RL8(dw);/* round 10 */
- CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
- CamelliaSubkeyL(13) = dw;
- dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
- dw = CAMELLIA_RL8(dw);/* round 11 */
- CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
- CamelliaSubkeyL(14) = dw;
- dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
- dw = CAMELLIA_RL8(dw);/* round 12 */
- CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
- CamelliaSubkeyL(15) = dw;
- dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
- dw = CAMELLIA_RL8(dw);/* round 13 */
- CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
- CamelliaSubkeyL(18) = dw;
- dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
- dw = CAMELLIA_RL8(dw);/* round 14 */
- CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
- CamelliaSubkeyL(19) = dw;
- dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
- dw = CAMELLIA_RL8(dw);/* round 15 */
- CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
- CamelliaSubkeyL(20) = dw;
- dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
- dw = CAMELLIA_RL8(dw);/* round 16 */
- CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
- CamelliaSubkeyL(21) = dw;
- dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
- dw = CAMELLIA_RL8(dw);/* round 17 */
- CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
- CamelliaSubkeyL(22) = dw;
- dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
- dw = CAMELLIA_RL8(dw);/* round 18 */
- CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
- CamelliaSubkeyL(23) = dw;
-
- return;
- }
-
-void camellia_setup256(const u8 *key, u32 *subkey)
- {
- u32 kll,klr,krl,krr; /* left half of key */
- u32 krll,krlr,krrl,krrr; /* right half of key */
- u32 il, ir, t0, t1, w0, w1; /* temporary variables */
- u32 kw4l, kw4r, dw, tl, tr;
- u32 subL[34];
- u32 subR[34];
-
- /**
- * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
- * (|| is concatination)
- */
-
- kll = GETU32(key );
- klr = GETU32(key + 4);
- krl = GETU32(key + 8);
- krr = GETU32(key + 12);
- krll = GETU32(key + 16);
- krlr = GETU32(key + 20);
- krrl = GETU32(key + 24);
- krrr = GETU32(key + 28);
-
- /* generate KL dependent subkeys */
- /* kw1 */
- subl(0) = kll; subr(0) = klr;
- /* kw2 */
- subl(1) = krl; subr(1) = krr;
- CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
- /* k9 */
- subl(12) = kll; subr(12) = klr;
- /* k10 */
- subl(13) = krl; subr(13) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- /* kl3 */
- subl(16) = kll; subr(16) = klr;
- /* kl4 */
- subl(17) = krl; subr(17) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
- /* k17 */
- subl(22) = kll; subr(22) = klr;
- /* k18 */
- subl(23) = krl; subr(23) = krr;
- CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
- /* k23 */
- subl(30) = kll; subr(30) = klr;
- /* k24 */
- subl(31) = krl; subr(31) = krr;
-
- /* generate KR dependent subkeys */
- CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
- /* k3 */
- subl(4) = krll; subr(4) = krlr;
- /* k4 */
- subl(5) = krrl; subr(5) = krrr;
- CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
- /* kl1 */
- subl(8) = krll; subr(8) = krlr;
- /* kl2 */
- subl(9) = krrl; subr(9) = krrr;
- CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
- /* k13 */
- subl(18) = krll; subr(18) = krlr;
- /* k14 */
- subl(19) = krrl; subr(19) = krrr;
- CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
- /* k19 */
- subl(26) = krll; subr(26) = krlr;
- /* k20 */
- subl(27) = krrl; subr(27) = krrr;
- CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
-
- /* generate KA */
- kll = subl(0) ^ krll; klr = subr(0) ^ krlr;
- krl = subl(1) ^ krrl; krr = subr(1) ^ krrr;
- CAMELLIA_F(kll, klr,
- CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R,
- w0, w1, il, ir, t0, t1);
- krl ^= w0; krr ^= w1;
- CAMELLIA_F(krl, krr,
- CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R,
- kll, klr, il, ir, t0, t1);
- kll ^= krll; klr ^= krlr;
- CAMELLIA_F(kll, klr,
- CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R,
- krl, krr, il, ir, t0, t1);
- krl ^= w0 ^ krrl; krr ^= w1 ^ krrr;
- CAMELLIA_F(krl, krr,
- CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R,
- w0, w1, il, ir, t0, t1);
- kll ^= w0; klr ^= w1;
-
- /* generate KB */
- krll ^= kll; krlr ^= klr;
- krrl ^= krl; krrr ^= krr;
- CAMELLIA_F(krll, krlr,
- CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R,
- w0, w1, il, ir, t0, t1);
- krrl ^= w0; krrr ^= w1;
- CAMELLIA_F(krrl, krrr,
- CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R,
- w0, w1, il, ir, t0, t1);
- krll ^= w0; krlr ^= w1;
-
- /* generate KA dependent subkeys */
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
- /* k5 */
- subl(6) = kll; subr(6) = klr;
- /* k6 */
- subl(7) = krl; subr(7) = krr;
- CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
- /* k11 */
- subl(14) = kll; subr(14) = klr;
- /* k12 */
- subl(15) = krl; subr(15) = krr;
- /* rotation left shift 32bit */
- /* kl5 */
- subl(24) = klr; subr(24) = krl;
- /* kl6 */
- subl(25) = krr; subr(25) = kll;
- /* rotation left shift 49 from k11,k12 -> k21,k22 */
- CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
- /* k21 */
- subl(28) = kll; subr(28) = klr;
- /* k22 */
- subl(29) = krl; subr(29) = krr;
-
- /* generate KB dependent subkeys */
- /* k1 */
- subl(2) = krll; subr(2) = krlr;
- /* k2 */
- subl(3) = krrl; subr(3) = krrr;
- CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
- /* k7 */
- subl(10) = krll; subr(10) = krlr;
- /* k8 */
- subl(11) = krrl; subr(11) = krrr;
- CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
- /* k15 */
- subl(20) = krll; subr(20) = krlr;
- /* k16 */
- subl(21) = krrl; subr(21) = krrr;
- CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
- /* kw3 */
- subl(32) = krll; subr(32) = krlr;
- /* kw4 */
- subl(33) = krrl; subr(33) = krrr;
-
- /* absorb kw2 to other subkeys */
-/* round 2 */
- subl(3) ^= subl(1); subr(3) ^= subr(1);
-/* round 4 */
- subl(5) ^= subl(1); subr(5) ^= subr(1);
-/* round 6 */
- subl(7) ^= subl(1); subr(7) ^= subr(1);
- subl(1) ^= subr(1) & ~subr(9);
- dw = subl(1) & subl(9),
- subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl2) */
-/* round 8 */
- subl(11) ^= subl(1); subr(11) ^= subr(1);
-/* round 10 */
- subl(13) ^= subl(1); subr(13) ^= subr(1);
-/* round 12 */
- subl(15) ^= subl(1); subr(15) ^= subr(1);
- subl(1) ^= subr(1) & ~subr(17);
- dw = subl(1) & subl(17),
- subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl4) */
-/* round 14 */
- subl(19) ^= subl(1); subr(19) ^= subr(1);
-/* round 16 */
- subl(21) ^= subl(1); subr(21) ^= subr(1);
-/* round 18 */
- subl(23) ^= subl(1); subr(23) ^= subr(1);
- subl(1) ^= subr(1) & ~subr(25);
- dw = subl(1) & subl(25),
- subr(1) ^= CAMELLIA_RL1(dw); /* modified for FLinv(kl6) */
-/* round 20 */
- subl(27) ^= subl(1); subr(27) ^= subr(1);
-/* round 22 */
- subl(29) ^= subl(1); subr(29) ^= subr(1);
-/* round 24 */
- subl(31) ^= subl(1); subr(31) ^= subr(1);
-/* kw3 */
- subl(32) ^= subl(1); subr(32) ^= subr(1);
-
-
- /* absorb kw4 to other subkeys */
- kw4l = subl(33); kw4r = subr(33);
-/* round 23 */
- subl(30) ^= kw4l; subr(30) ^= kw4r;
-/* round 21 */
- subl(28) ^= kw4l; subr(28) ^= kw4r;
-/* round 19 */
- subl(26) ^= kw4l; subr(26) ^= kw4r;
- kw4l ^= kw4r & ~subr(24);
- dw = kw4l & subl(24),
- kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
-/* round 17 */
- subl(22) ^= kw4l; subr(22) ^= kw4r;
-/* round 15 */
- subl(20) ^= kw4l; subr(20) ^= kw4r;
-/* round 13 */
- subl(18) ^= kw4l; subr(18) ^= kw4r;
- kw4l ^= kw4r & ~subr(16);
- dw = kw4l & subl(16),
- kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
-/* round 11 */
- subl(14) ^= kw4l; subr(14) ^= kw4r;
-/* round 9 */
- subl(12) ^= kw4l; subr(12) ^= kw4r;
-/* round 7 */
- subl(10) ^= kw4l; subr(10) ^= kw4r;
- kw4l ^= kw4r & ~subr(8);
- dw = kw4l & subl(8),
- kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
-/* round 5 */
- subl(6) ^= kw4l; subr(6) ^= kw4r;
-/* round 3 */
- subl(4) ^= kw4l; subr(4) ^= kw4r;
-/* round 1 */
- subl(2) ^= kw4l; subr(2) ^= kw4r;
-/* kw1 */
- subl(0) ^= kw4l; subr(0) ^= kw4r;
-
- /* key XOR is end of F-function */
- CamelliaSubkeyL(0) = subl(0) ^ subl(2);/* kw1 */
- CamelliaSubkeyR(0) = subr(0) ^ subr(2);
- CamelliaSubkeyL(2) = subl(3); /* round 1 */
- CamelliaSubkeyR(2) = subr(3);
- CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
- CamelliaSubkeyR(3) = subr(2) ^ subr(4);
- CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
- CamelliaSubkeyR(4) = subr(3) ^ subr(5);
- CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
- CamelliaSubkeyR(5) = subr(4) ^ subr(6);
- CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
- CamelliaSubkeyR(6) = subr(5) ^ subr(7);
- tl = subl(10) ^ (subr(10) & ~subr(8));
- dw = tl & subl(8), /* FL(kl1) */
- tr = subr(10) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
- CamelliaSubkeyR(7) = subr(6) ^ tr;
- CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
- CamelliaSubkeyR(8) = subr(8);
- CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
- CamelliaSubkeyR(9) = subr(9);
- tl = subl(7) ^ (subr(7) & ~subr(9));
- dw = tl & subl(9), /* FLinv(kl2) */
- tr = subr(7) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
- CamelliaSubkeyR(10) = tr ^ subr(11);
- CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
- CamelliaSubkeyR(11) = subr(10) ^ subr(12);
- CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
- CamelliaSubkeyR(12) = subr(11) ^ subr(13);
- CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
- CamelliaSubkeyR(13) = subr(12) ^ subr(14);
- CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
- CamelliaSubkeyR(14) = subr(13) ^ subr(15);
- tl = subl(18) ^ (subr(18) & ~subr(16));
- dw = tl & subl(16), /* FL(kl3) */
- tr = subr(18) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
- CamelliaSubkeyR(15) = subr(14) ^ tr;
- CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
- CamelliaSubkeyR(16) = subr(16);
- CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
- CamelliaSubkeyR(17) = subr(17);
- tl = subl(15) ^ (subr(15) & ~subr(17));
- dw = tl & subl(17), /* FLinv(kl4) */
- tr = subr(15) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
- CamelliaSubkeyR(18) = tr ^ subr(19);
- CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
- CamelliaSubkeyR(19) = subr(18) ^ subr(20);
- CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
- CamelliaSubkeyR(20) = subr(19) ^ subr(21);
- CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
- CamelliaSubkeyR(21) = subr(20) ^ subr(22);
- CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
- CamelliaSubkeyR(22) = subr(21) ^ subr(23);
- tl = subl(26) ^ (subr(26)
- & ~subr(24));
- dw = tl & subl(24), /* FL(kl5) */
- tr = subr(26) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
- CamelliaSubkeyR(23) = subr(22) ^ tr;
- CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */
- CamelliaSubkeyR(24) = subr(24);
- CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */
- CamelliaSubkeyR(25) = subr(25);
- tl = subl(23) ^ (subr(23) &
- ~subr(25));
- dw = tl & subl(25), /* FLinv(kl6) */
- tr = subr(23) ^ CAMELLIA_RL1(dw);
- CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
- CamelliaSubkeyR(26) = tr ^ subr(27);
- CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
- CamelliaSubkeyR(27) = subr(26) ^ subr(28);
- CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
- CamelliaSubkeyR(28) = subr(27) ^ subr(29);
- CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
- CamelliaSubkeyR(29) = subr(28) ^ subr(30);
- CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
- CamelliaSubkeyR(30) = subr(29) ^ subr(31);
- CamelliaSubkeyL(31) = subl(30); /* round 24 */
- CamelliaSubkeyR(31) = subr(30);
- CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
- CamelliaSubkeyR(32) = subr(32) ^ subr(31);
-
- /* apply the inverse of the last half of P-function */
- dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2),
- dw = CAMELLIA_RL8(dw);/* round 1 */
- CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw,
- CamelliaSubkeyL(2) = dw;
- dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3),
- dw = CAMELLIA_RL8(dw);/* round 2 */
- CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw,
- CamelliaSubkeyL(3) = dw;
- dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4),
- dw = CAMELLIA_RL8(dw);/* round 3 */
- CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw,
- CamelliaSubkeyL(4) = dw;
- dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5),
- dw = CAMELLIA_RL8(dw);/* round 4 */
- CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw,
- CamelliaSubkeyL(5) = dw;
- dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6),
- dw = CAMELLIA_RL8(dw);/* round 5 */
- CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw,
- CamelliaSubkeyL(6) = dw;
- dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7),
- dw = CAMELLIA_RL8(dw);/* round 6 */
- CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw,
- CamelliaSubkeyL(7) = dw;
- dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10),
- dw = CAMELLIA_RL8(dw);/* round 7 */
- CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw,
- CamelliaSubkeyL(10) = dw;
- dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11),
- dw = CAMELLIA_RL8(dw);/* round 8 */
- CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw,
- CamelliaSubkeyL(11) = dw;
- dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12),
- dw = CAMELLIA_RL8(dw);/* round 9 */
- CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw,
- CamelliaSubkeyL(12) = dw;
- dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13),
- dw = CAMELLIA_RL8(dw);/* round 10 */
- CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw,
- CamelliaSubkeyL(13) = dw;
- dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14),
- dw = CAMELLIA_RL8(dw);/* round 11 */
- CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw,
- CamelliaSubkeyL(14) = dw;
- dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15),
- dw = CAMELLIA_RL8(dw);/* round 12 */
- CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw,
- CamelliaSubkeyL(15) = dw;
- dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18),
- dw = CAMELLIA_RL8(dw);/* round 13 */
- CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw,
- CamelliaSubkeyL(18) = dw;
- dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19),
- dw = CAMELLIA_RL8(dw);/* round 14 */
- CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw,
- CamelliaSubkeyL(19) = dw;
- dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20),
- dw = CAMELLIA_RL8(dw);/* round 15 */
- CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw,
- CamelliaSubkeyL(20) = dw;
- dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21),
- dw = CAMELLIA_RL8(dw);/* round 16 */
- CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw,
- CamelliaSubkeyL(21) = dw;
- dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22),
- dw = CAMELLIA_RL8(dw);/* round 17 */
- CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw,
- CamelliaSubkeyL(22) = dw;
- dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23),
- dw = CAMELLIA_RL8(dw);/* round 18 */
- CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw,
- CamelliaSubkeyL(23) = dw;
- dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26),
- dw = CAMELLIA_RL8(dw);/* round 19 */
- CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw,
- CamelliaSubkeyL(26) = dw;
- dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27),
- dw = CAMELLIA_RL8(dw);/* round 20 */
- CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw,
- CamelliaSubkeyL(27) = dw;
- dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28),
- dw = CAMELLIA_RL8(dw);/* round 21 */
- CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw,
- CamelliaSubkeyL(28) = dw;
- dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29),
- dw = CAMELLIA_RL8(dw);/* round 22 */
- CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw,
- CamelliaSubkeyL(29) = dw;
- dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30),
- dw = CAMELLIA_RL8(dw);/* round 23 */
- CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw,
- CamelliaSubkeyL(30) = dw;
- dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31),
- dw = CAMELLIA_RL8(dw);/* round 24 */
- CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw,
- CamelliaSubkeyL(31) = dw;
-
-
- return;
- }
-
-void camellia_setup192(const u8 *key, u32 *subkey)
- {
- u8 kk[32];
- u32 krll, krlr, krrl,krrr;
-
- memcpy(kk, key, 24);
- memcpy((u8 *)&krll, key+16,4);
- memcpy((u8 *)&krlr, key+20,4);
- krrl = ~krll;
- krrr = ~krlr;
- memcpy(kk+24, (u8 *)&krrl, 4);
- memcpy(kk+28, (u8 *)&krrr, 4);
- camellia_setup256(kk, subkey);
- return;
- }
-
-
-/**
- * Stuff related to camellia encryption/decryption
- */
-void camellia_encrypt128(const u32 *subkey, u32 *io)
- {
- u32 il, ir, t0, t1;
-
- /* pre whitening but absorb kw2*/
- io[0] ^= CamelliaSubkeyL(0);
- io[1] ^= CamelliaSubkeyR(0);
- /* main iteration */
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(2),CamelliaSubkeyR(2),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(3),CamelliaSubkeyR(3),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(4),CamelliaSubkeyR(4),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(5),CamelliaSubkeyR(5),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(6),CamelliaSubkeyR(6),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(7),CamelliaSubkeyR(7),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(8),CamelliaSubkeyR(8),
- CamelliaSubkeyL(9),CamelliaSubkeyR(9),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(10),CamelliaSubkeyR(10),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(11),CamelliaSubkeyR(11),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(12),CamelliaSubkeyR(12),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(13),CamelliaSubkeyR(13),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(14),CamelliaSubkeyR(14),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(15),CamelliaSubkeyR(15),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(16),CamelliaSubkeyR(16),
- CamelliaSubkeyL(17),CamelliaSubkeyR(17),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(18),CamelliaSubkeyR(18),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(19),CamelliaSubkeyR(19),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(20),CamelliaSubkeyR(20),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(21),CamelliaSubkeyR(21),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(22),CamelliaSubkeyR(22),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(23),CamelliaSubkeyR(23),
- io[0],io[1],il,ir,t0,t1);
-
- /* post whitening but kw4 */
- io[2] ^= CamelliaSubkeyL(24);
- io[3] ^= CamelliaSubkeyR(24);
-
- t0 = io[0];
- t1 = io[1];
- io[0] = io[2];
- io[1] = io[3];
- io[2] = t0;
- io[3] = t1;
-
- return;
- }
-
-void camellia_decrypt128(const u32 *subkey, u32 *io)
- {
- u32 il,ir,t0,t1; /* temporary valiables */
-
- /* pre whitening but absorb kw2*/
- io[0] ^= CamelliaSubkeyL(24);
- io[1] ^= CamelliaSubkeyR(24);
-
- /* main iteration */
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(23),CamelliaSubkeyR(23),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(22),CamelliaSubkeyR(22),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(21),CamelliaSubkeyR(21),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(20),CamelliaSubkeyR(20),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(19),CamelliaSubkeyR(19),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(18),CamelliaSubkeyR(18),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(17),CamelliaSubkeyR(17),
- CamelliaSubkeyL(16),CamelliaSubkeyR(16),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(15),CamelliaSubkeyR(15),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(14),CamelliaSubkeyR(14),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(13),CamelliaSubkeyR(13),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(12),CamelliaSubkeyR(12),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(11),CamelliaSubkeyR(11),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(10),CamelliaSubkeyR(10),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(9),CamelliaSubkeyR(9),
- CamelliaSubkeyL(8),CamelliaSubkeyR(8),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(7),CamelliaSubkeyR(7),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(6),CamelliaSubkeyR(6),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(5),CamelliaSubkeyR(5),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(4),CamelliaSubkeyR(4),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(3),CamelliaSubkeyR(3),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(2),CamelliaSubkeyR(2),
- io[0],io[1],il,ir,t0,t1);
-
- /* post whitening but kw4 */
- io[2] ^= CamelliaSubkeyL(0);
- io[3] ^= CamelliaSubkeyR(0);
-
- t0 = io[0];
- t1 = io[1];
- io[0] = io[2];
- io[1] = io[3];
- io[2] = t0;
- io[3] = t1;
-
- return;
- }
-
-/**
- * stuff for 192 and 256bit encryption/decryption
- */
-void camellia_encrypt256(const u32 *subkey, u32 *io)
- {
- u32 il,ir,t0,t1; /* temporary valiables */
-
- /* pre whitening but absorb kw2*/
- io[0] ^= CamelliaSubkeyL(0);
- io[1] ^= CamelliaSubkeyR(0);
-
- /* main iteration */
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(2),CamelliaSubkeyR(2),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(3),CamelliaSubkeyR(3),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(4),CamelliaSubkeyR(4),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(5),CamelliaSubkeyR(5),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(6),CamelliaSubkeyR(6),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(7),CamelliaSubkeyR(7),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(8),CamelliaSubkeyR(8),
- CamelliaSubkeyL(9),CamelliaSubkeyR(9),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(10),CamelliaSubkeyR(10),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(11),CamelliaSubkeyR(11),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(12),CamelliaSubkeyR(12),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(13),CamelliaSubkeyR(13),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(14),CamelliaSubkeyR(14),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(15),CamelliaSubkeyR(15),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(16),CamelliaSubkeyR(16),
- CamelliaSubkeyL(17),CamelliaSubkeyR(17),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(18),CamelliaSubkeyR(18),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(19),CamelliaSubkeyR(19),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(20),CamelliaSubkeyR(20),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(21),CamelliaSubkeyR(21),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(22),CamelliaSubkeyR(22),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(23),CamelliaSubkeyR(23),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(24),CamelliaSubkeyR(24),
- CamelliaSubkeyL(25),CamelliaSubkeyR(25),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(26),CamelliaSubkeyR(26),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(27),CamelliaSubkeyR(27),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(28),CamelliaSubkeyR(28),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(29),CamelliaSubkeyR(29),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(30),CamelliaSubkeyR(30),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(31),CamelliaSubkeyR(31),
- io[0],io[1],il,ir,t0,t1);
-
- /* post whitening but kw4 */
- io[2] ^= CamelliaSubkeyL(32);
- io[3] ^= CamelliaSubkeyR(32);
-
- t0 = io[0];
- t1 = io[1];
- io[0] = io[2];
- io[1] = io[3];
- io[2] = t0;
- io[3] = t1;
-
- return;
- }
-
-void camellia_decrypt256(const u32 *subkey, u32 *io)
- {
- u32 il,ir,t0,t1; /* temporary valiables */
-
- /* pre whitening but absorb kw2*/
- io[0] ^= CamelliaSubkeyL(32);
- io[1] ^= CamelliaSubkeyR(32);
-
- /* main iteration */
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(31),CamelliaSubkeyR(31),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(30),CamelliaSubkeyR(30),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(29),CamelliaSubkeyR(29),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(28),CamelliaSubkeyR(28),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(27),CamelliaSubkeyR(27),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(26),CamelliaSubkeyR(26),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(25),CamelliaSubkeyR(25),
- CamelliaSubkeyL(24),CamelliaSubkeyR(24),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(23),CamelliaSubkeyR(23),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(22),CamelliaSubkeyR(22),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(21),CamelliaSubkeyR(21),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(20),CamelliaSubkeyR(20),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(19),CamelliaSubkeyR(19),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(18),CamelliaSubkeyR(18),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(17),CamelliaSubkeyR(17),
- CamelliaSubkeyL(16),CamelliaSubkeyR(16),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(15),CamelliaSubkeyR(15),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(14),CamelliaSubkeyR(14),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(13),CamelliaSubkeyR(13),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(12),CamelliaSubkeyR(12),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(11),CamelliaSubkeyR(11),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(10),CamelliaSubkeyR(10),
- io[0],io[1],il,ir,t0,t1);
-
- CAMELLIA_FLS(io[0],io[1],io[2],io[3],
- CamelliaSubkeyL(9),CamelliaSubkeyR(9),
- CamelliaSubkeyL(8),CamelliaSubkeyR(8),
- t0,t1,il,ir);
-
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(7),CamelliaSubkeyR(7),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(6),CamelliaSubkeyR(6),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(5),CamelliaSubkeyR(5),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(4),CamelliaSubkeyR(4),
- io[0],io[1],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[0],io[1],
- CamelliaSubkeyL(3),CamelliaSubkeyR(3),
- io[2],io[3],il,ir,t0,t1);
- CAMELLIA_ROUNDSM(io[2],io[3],
- CamelliaSubkeyL(2),CamelliaSubkeyR(2),
- io[0],io[1],il,ir,t0,t1);
-
- /* post whitening but kw4 */
- io[2] ^= CamelliaSubkeyL(0);
- io[3] ^= CamelliaSubkeyR(0);
-
- t0 = io[0];
- t1 = io[1];
- io[0] = io[2];
- io[1] = io[3];
- io[2] = t0;
- io[3] = t1;
-
- return;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.c (from rev 6976, vendor-crypto/openssl/dist/crypto/camellia/camellia.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1668 @@
+/* crypto/camellia/camellia.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ * http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ *
+ * The Camellia Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+/*
+ * Algorithm Specification
+ * http://info.isl.llia/specicrypt/eng/camellia/specifications.html
+ */
+
+#include <string.h>
+#include <stdlib.h>
+
+#include "camellia.h"
+#include "cmll_locl.h"
+
+/* key constants */
+#define CAMELLIA_SIGMA1L (0xA09E667FL)
+#define CAMELLIA_SIGMA1R (0x3BCC908BL)
+#define CAMELLIA_SIGMA2L (0xB67AE858L)
+#define CAMELLIA_SIGMA2R (0x4CAA73B2L)
+#define CAMELLIA_SIGMA3L (0xC6EF372FL)
+#define CAMELLIA_SIGMA3R (0xE94F82BEL)
+#define CAMELLIA_SIGMA4L (0x54FF53A5L)
+#define CAMELLIA_SIGMA4R (0xF1D36F1CL)
+#define CAMELLIA_SIGMA5L (0x10E527FAL)
+#define CAMELLIA_SIGMA5R (0xDE682D1DL)
+#define CAMELLIA_SIGMA6L (0xB05688C2L)
+#define CAMELLIA_SIGMA6R (0xB3E6C1FDL)
+
+/*
+ * macros
+ */
+
+/* e is pointer of subkey */
+#define CamelliaSubkeyL(INDEX) (subkey[(INDEX)*2])
+#define CamelliaSubkeyR(INDEX) (subkey[(INDEX)*2 + 1])
+
+/* rotation right shift 1byte */
+#define CAMELLIA_RR8(x) (((x) >> 8) + ((x) << 24))
+/* rotation left shift 1bit */
+#define CAMELLIA_RL1(x) (((x) << 1) + ((x) >> 31))
+/* rotation left shift 1byte */
+#define CAMELLIA_RL8(x) (((x) << 8) + ((x) >> 24))
+
+#define CAMELLIA_ROLDQ(ll, lr, rl, rr, w0, w1, bits) \
+do \
+ { \
+ w0 = ll; \
+ ll = (ll << bits) + (lr >> (32 - bits)); \
+ lr = (lr << bits) + (rl >> (32 - bits)); \
+ rl = (rl << bits) + (rr >> (32 - bits)); \
+ rr = (rr << bits) + (w0 >> (32 - bits)); \
+ } while(0)
+
+#define CAMELLIA_ROLDQo32(ll, lr, rl, rr, w0, w1, bits) \
+do \
+ { \
+ w0 = ll; \
+ w1 = lr; \
+ ll = (lr << (bits - 32)) + (rl >> (64 - bits)); \
+ lr = (rl << (bits - 32)) + (rr >> (64 - bits)); \
+ rl = (rr << (bits - 32)) + (w0 >> (64 - bits)); \
+ rr = (w0 << (bits - 32)) + (w1 >> (64 - bits)); \
+ } while(0)
+
+#define CAMELLIA_SP1110(INDEX) (camellia_sp1110[(INDEX)])
+#define CAMELLIA_SP0222(INDEX) (camellia_sp0222[(INDEX)])
+#define CAMELLIA_SP3033(INDEX) (camellia_sp3033[(INDEX)])
+#define CAMELLIA_SP4404(INDEX) (camellia_sp4404[(INDEX)])
+
+#define CAMELLIA_F(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
+do \
+ { \
+ il = xl ^ kl; \
+ ir = xr ^ kr; \
+ t0 = il >> 16; \
+ t1 = ir >> 16; \
+ yl = CAMELLIA_SP1110(ir & 0xff) \
+ ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
+ ^ CAMELLIA_SP3033(t1 & 0xff) \
+ ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
+ yr = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
+ ^ CAMELLIA_SP0222(t0 & 0xff) \
+ ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
+ ^ CAMELLIA_SP4404(il & 0xff); \
+ yl ^= yr; \
+ yr = CAMELLIA_RR8(yr); \
+ yr ^= yl; \
+ } while(0)
+
+/*
+ * for speed up
+ *
+ */
+#define CAMELLIA_FLS(ll, lr, rl, rr, kll, klr, krl, krr, t0, t1, t2, t3) \
+do \
+ { \
+ t0 = kll; \
+ t0 &= ll; \
+ lr ^= CAMELLIA_RL1(t0); \
+ t1 = klr; \
+ t1 |= lr; \
+ ll ^= t1; \
+ \
+ t2 = krr; \
+ t2 |= rr; \
+ rl ^= t2; \
+ t3 = krl; \
+ t3 &= rl; \
+ rr ^= CAMELLIA_RL1(t3); \
+ } while(0)
+
+#define CAMELLIA_ROUNDSM(xl, xr, kl, kr, yl, yr, il, ir, t0, t1) \
+do \
+ { \
+ il = xl; \
+ ir = xr; \
+ t0 = il >> 16; \
+ t1 = ir >> 16; \
+ ir = CAMELLIA_SP1110(ir & 0xff) \
+ ^ CAMELLIA_SP0222((t1 >> 8) & 0xff) \
+ ^ CAMELLIA_SP3033(t1 & 0xff) \
+ ^ CAMELLIA_SP4404((ir >> 8) & 0xff); \
+ il = CAMELLIA_SP1110((t0 >> 8) & 0xff) \
+ ^ CAMELLIA_SP0222(t0 & 0xff) \
+ ^ CAMELLIA_SP3033((il >> 8) & 0xff) \
+ ^ CAMELLIA_SP4404(il & 0xff); \
+ il ^= kl; \
+ ir ^= kr; \
+ ir ^= il; \
+ il = CAMELLIA_RR8(il); \
+ il ^= ir; \
+ yl ^= ir; \
+ yr ^= il; \
+ } while(0)
+
+static const u32 camellia_sp1110[256] = {
+ 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00,
+ 0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500,
+ 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
+ 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100,
+ 0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300,
+ 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
+ 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00,
+ 0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00,
+ 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
+ 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00,
+ 0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00,
+ 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
+ 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00,
+ 0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00,
+ 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
+ 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00,
+ 0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600,
+ 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
+ 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000,
+ 0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900,
+ 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
+ 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500,
+ 0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100,
+ 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
+ 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100,
+ 0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00,
+ 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
+ 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200,
+ 0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200,
+ 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
+ 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800,
+ 0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000,
+ 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
+ 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700,
+ 0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500,
+ 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
+ 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800,
+ 0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00,
+ 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
+ 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400,
+ 0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200,
+ 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
+ 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300,
+ 0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200,
+ 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
+ 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00,
+ 0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00,
+ 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
+ 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00,
+ 0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00,
+ 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
+ 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900,
+ 0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00,
+ 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
+ 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200,
+ 0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00,
+ 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
+ 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00,
+ 0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800,
+ 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
+ 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00,
+ 0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100,
+ 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
+ 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00,
+};
+
+static const u32 camellia_sp0222[256] = {
+ 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9,
+ 0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb,
+ 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
+ 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282,
+ 0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727,
+ 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
+ 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c,
+ 0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b,
+ 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
+ 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d,
+ 0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe,
+ 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
+ 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595,
+ 0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a,
+ 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
+ 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a,
+ 0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc,
+ 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
+ 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040,
+ 0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333,
+ 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
+ 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a,
+ 0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262,
+ 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
+ 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2,
+ 0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838,
+ 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
+ 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444,
+ 0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565,
+ 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
+ 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151,
+ 0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0,
+ 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
+ 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f,
+ 0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b,
+ 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
+ 0x00202020, 0x00898989, 0x00000000, 0x00909090,
+ 0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7,
+ 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
+ 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929,
+ 0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404,
+ 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
+ 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7,
+ 0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5,
+ 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
+ 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676,
+ 0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696,
+ 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
+ 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919,
+ 0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d,
+ 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
+ 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2,
+ 0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4,
+ 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
+ 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484,
+ 0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5,
+ 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
+ 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414,
+ 0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0,
+ 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
+ 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6,
+ 0x00777777, 0x00939393, 0x00868686, 0x00838383,
+ 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
+ 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d,
+};
+
+static const u32 camellia_sp3033[256] = {
+ 0x38003838, 0x41004141, 0x16001616, 0x76007676,
+ 0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2,
+ 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
+ 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0,
+ 0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9,
+ 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
+ 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727,
+ 0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede,
+ 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
+ 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767,
+ 0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf,
+ 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
+ 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565,
+ 0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e,
+ 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
+ 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6,
+ 0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333,
+ 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
+ 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010,
+ 0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc,
+ 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
+ 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282,
+ 0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898,
+ 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
+ 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0,
+ 0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e,
+ 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
+ 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111,
+ 0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959,
+ 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
+ 0x12001212, 0x04000404, 0x74007474, 0x54005454,
+ 0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828,
+ 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
+ 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb,
+ 0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca,
+ 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
+ 0x08000808, 0x62006262, 0x00000000, 0x24002424,
+ 0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded,
+ 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
+ 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a,
+ 0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101,
+ 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
+ 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9,
+ 0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171,
+ 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
+ 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d,
+ 0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5,
+ 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
+ 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646,
+ 0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747,
+ 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
+ 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac,
+ 0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535,
+ 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
+ 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121,
+ 0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d,
+ 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
+ 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505,
+ 0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434,
+ 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
+ 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd,
+ 0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0,
+ 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
+ 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f,
+};
+
+static const u32 camellia_sp4404[256] = {
+ 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0,
+ 0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae,
+ 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
+ 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092,
+ 0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f,
+ 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
+ 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d,
+ 0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c,
+ 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
+ 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084,
+ 0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076,
+ 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
+ 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011,
+ 0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2,
+ 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
+ 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069,
+ 0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062,
+ 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
+ 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075,
+ 0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd,
+ 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
+ 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf,
+ 0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6,
+ 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
+ 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc,
+ 0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4,
+ 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
+ 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d,
+ 0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac,
+ 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
+ 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043,
+ 0x15150015, 0xadad00ad, 0x77770077, 0x80800080,
+ 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
+ 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041,
+ 0xefef00ef, 0x93930093, 0x19190019, 0x21210021,
+ 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
+ 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce,
+ 0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a,
+ 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
+ 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d,
+ 0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d,
+ 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
+ 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005,
+ 0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7,
+ 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
+ 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022,
+ 0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091,
+ 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
+ 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097,
+ 0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2,
+ 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
+ 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094,
+ 0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033,
+ 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
+ 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b,
+ 0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e,
+ 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
+ 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059,
+ 0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba,
+ 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
+ 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a,
+ 0x49490049, 0x68680068, 0x38380038, 0xa4a400a4,
+ 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
+ 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e,
+};
+
+/**
+ * Stuff related to the Camellia key schedule
+ */
+#define subl(x) subL[(x)]
+#define subr(x) subR[(x)]
+
+void camellia_setup128(const u8 *key, u32 *subkey)
+{
+ u32 kll, klr, krl, krr;
+ u32 il, ir, t0, t1, w0, w1;
+ u32 kw4l, kw4r, dw, tl, tr;
+ u32 subL[26];
+ u32 subR[26];
+
+ /**
+ * k == kll || klr || krl || krr (|| is concatination)
+ */
+ kll = GETU32(key);
+ klr = GETU32(key + 4);
+ krl = GETU32(key + 8);
+ krr = GETU32(key + 12);
+ /**
+ * generate KL dependent subkeys
+ */
+ /* kw1 */
+ subl(0) = kll;
+ subr(0) = klr;
+ /* kw2 */
+ subl(1) = krl;
+ subr(1) = krr;
+ /* rotation left shift 15bit */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* k3 */
+ subl(4) = kll;
+ subr(4) = klr;
+ /* k4 */
+ subl(5) = krl;
+ subr(5) = krr;
+ /* rotation left shift 15+30bit */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+ /* k7 */
+ subl(10) = kll;
+ subr(10) = klr;
+ /* k8 */
+ subl(11) = krl;
+ subr(11) = krr;
+ /* rotation left shift 15+30+15bit */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* k10 */
+ subl(13) = krl;
+ subr(13) = krr;
+ /* rotation left shift 15+30+15+17 bit */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ /* kl3 */
+ subl(16) = kll;
+ subr(16) = klr;
+ /* kl4 */
+ subl(17) = krl;
+ subr(17) = krr;
+ /* rotation left shift 15+30+15+17+17 bit */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ /* k13 */
+ subl(18) = kll;
+ subr(18) = klr;
+ /* k14 */
+ subl(19) = krl;
+ subr(19) = krr;
+ /* rotation left shift 15+30+15+17+17+17 bit */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ /* k17 */
+ subl(22) = kll;
+ subr(22) = klr;
+ /* k18 */
+ subl(23) = krl;
+ subr(23) = krr;
+
+ /* generate KA */
+ kll = subl(0);
+ klr = subr(0);
+ krl = subl(1);
+ krr = subr(1);
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, w0, w1, il, ir, t0, t1);
+ krl ^= w0;
+ krr ^= w1;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, kll, klr, il, ir, t0, t1);
+ /* current status == (kll, klr, w0, w1) */
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, krl, krr, il, ir, t0, t1);
+ krl ^= w0;
+ krr ^= w1;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, w0, w1, il, ir, t0, t1);
+ kll ^= w0;
+ klr ^= w1;
+
+ /* generate KA dependent subkeys */
+ /* k1, k2 */
+ subl(2) = kll;
+ subr(2) = klr;
+ subl(3) = krl;
+ subr(3) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* k5,k6 */
+ subl(6) = kll;
+ subr(6) = klr;
+ subl(7) = krl;
+ subr(7) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* kl1, kl2 */
+ subl(8) = kll;
+ subr(8) = klr;
+ subl(9) = krl;
+ subr(9) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* k9 */
+ subl(12) = kll;
+ subr(12) = klr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* k11, k12 */
+ subl(14) = kll;
+ subr(14) = klr;
+ subl(15) = krl;
+ subr(15) = krr;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+ /* k15, k16 */
+ subl(20) = kll;
+ subr(20) = klr;
+ subl(21) = krl;
+ subr(21) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ /* kw3, kw4 */
+ subl(24) = kll;
+ subr(24) = klr;
+ subl(25) = krl;
+ subr(25) = krr;
+
+ /* absorb kw2 to other subkeys */
+/* round 2 */
+ subl(3) ^= subl(1);
+ subr(3) ^= subr(1);
+/* round 4 */
+ subl(5) ^= subl(1);
+ subr(5) ^= subr(1);
+/* round 6 */
+ subl(7) ^= subl(1);
+ subr(7) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(9);
+ dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); /* modified for
+ * FLinv(kl2) */
+/* round 8 */
+ subl(11) ^= subl(1);
+ subr(11) ^= subr(1);
+/* round 10 */
+ subl(13) ^= subl(1);
+ subr(13) ^= subr(1);
+/* round 12 */
+ subl(15) ^= subl(1);
+ subr(15) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(17);
+ dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); /* modified for
+ * FLinv(kl4) */
+/* round 14 */
+ subl(19) ^= subl(1);
+ subr(19) ^= subr(1);
+/* round 16 */
+ subl(21) ^= subl(1);
+ subr(21) ^= subr(1);
+/* round 18 */
+ subl(23) ^= subl(1);
+ subr(23) ^= subr(1);
+/* kw3 */
+ subl(24) ^= subl(1);
+ subr(24) ^= subr(1);
+
+ /* absorb kw4 to other subkeys */
+ kw4l = subl(25);
+ kw4r = subr(25);
+/* round 17 */
+ subl(22) ^= kw4l;
+ subr(22) ^= kw4r;
+/* round 15 */
+ subl(20) ^= kw4l;
+ subr(20) ^= kw4r;
+/* round 13 */
+ subl(18) ^= kw4l;
+ subr(18) ^= kw4r;
+ kw4l ^= kw4r & ~subr(16);
+ dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
+/* round 11 */
+ subl(14) ^= kw4l;
+ subr(14) ^= kw4r;
+/* round 9 */
+ subl(12) ^= kw4l;
+ subr(12) ^= kw4r;
+/* round 7 */
+ subl(10) ^= kw4l;
+ subr(10) ^= kw4r;
+ kw4l ^= kw4r & ~subr(8);
+ dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
+/* round 5 */
+ subl(6) ^= kw4l;
+ subr(6) ^= kw4r;
+/* round 3 */
+ subl(4) ^= kw4l;
+ subr(4) ^= kw4r;
+/* round 1 */
+ subl(2) ^= kw4l;
+ subr(2) ^= kw4r;
+/* kw1 */
+ subl(0) ^= kw4l;
+ subr(0) ^= kw4r;
+
+ /* key XOR is end of F-function */
+ CamelliaSubkeyL(0) = subl(0) ^ subl(2); /* kw1 */
+ CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+ CamelliaSubkeyL(2) = subl(3); /* round 1 */
+ CamelliaSubkeyR(2) = subr(3);
+ CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
+ CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+ CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
+ CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+ CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
+ CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+ CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
+ CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+ tl = subl(10) ^ (subr(10) & ~subr(8));
+ dw = tl & subl(8), /* FL(kl1) */
+ tr = subr(10) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
+ CamelliaSubkeyR(7) = subr(6) ^ tr;
+ CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
+ CamelliaSubkeyR(8) = subr(8);
+ CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
+ CamelliaSubkeyR(9) = subr(9);
+ tl = subl(7) ^ (subr(7) & ~subr(9));
+ dw = tl & subl(9), /* FLinv(kl2) */
+ tr = subr(7) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
+ CamelliaSubkeyR(10) = tr ^ subr(11);
+ CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
+ CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+ CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
+ CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+ CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
+ CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+ CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
+ CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+ tl = subl(18) ^ (subr(18) & ~subr(16));
+ dw = tl & subl(16), /* FL(kl3) */
+ tr = subr(18) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
+ CamelliaSubkeyR(15) = subr(14) ^ tr;
+ CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
+ CamelliaSubkeyR(16) = subr(16);
+ CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
+ CamelliaSubkeyR(17) = subr(17);
+ tl = subl(15) ^ (subr(15) & ~subr(17));
+ dw = tl & subl(17), /* FLinv(kl4) */
+ tr = subr(15) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
+ CamelliaSubkeyR(18) = tr ^ subr(19);
+ CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
+ CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+ CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
+ CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+ CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
+ CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+ CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
+ CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+ CamelliaSubkeyL(23) = subl(22); /* round 18 */
+ CamelliaSubkeyR(23) = subr(22);
+ CamelliaSubkeyL(24) = subl(24) ^ subl(23); /* kw3 */
+ CamelliaSubkeyR(24) = subr(24) ^ subr(23);
+
+ /* apply the inverse of the last half of P-function */
+ /* round 1 */
+ dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
+ /* round 2 */
+ dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
+ /* round 3 */
+ dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
+ /* round 4 */
+ dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
+ /* round 5 */
+ dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
+ /* round 6 */
+ dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
+ /* round 7 */
+ dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
+ /* round 8 */
+ dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
+ /* round 9 */
+ dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
+ /* round 10 */
+ dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
+ /* round 11 */
+ dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
+ /* round 12 */
+ dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
+ /* round 13 */
+ dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
+ /* round 14 */
+ dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
+ /* round 15 */
+ dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
+ /* round 16 */
+ dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
+ /* round 17 */
+ dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
+ /* round 18 */
+ dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
+
+ return;
+}
+
+void camellia_setup256(const u8 *key, u32 *subkey)
+{
+ u32 kll, klr, krl, krr; /* left half of key */
+ u32 krll, krlr, krrl, krrr; /* right half of key */
+ u32 il, ir, t0, t1, w0, w1; /* temporary variables */
+ u32 kw4l, kw4r, dw, tl, tr;
+ u32 subL[34];
+ u32 subR[34];
+
+ /**
+ * key = (kll || klr || krl || krr || krll || krlr || krrl || krrr)
+ * (|| is concatination)
+ */
+
+ kll = GETU32(key);
+ klr = GETU32(key + 4);
+ krl = GETU32(key + 8);
+ krr = GETU32(key + 12);
+ krll = GETU32(key + 16);
+ krlr = GETU32(key + 20);
+ krrl = GETU32(key + 24);
+ krrr = GETU32(key + 28);
+
+ /* generate KL dependent subkeys */
+ /* kw1 */
+ subl(0) = kll;
+ subr(0) = klr;
+ /* kw2 */
+ subl(1) = krl;
+ subr(1) = krr;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 45);
+ /* k9 */
+ subl(12) = kll;
+ subr(12) = klr;
+ /* k10 */
+ subl(13) = krl;
+ subr(13) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* kl3 */
+ subl(16) = kll;
+ subr(16) = klr;
+ /* kl4 */
+ subl(17) = krl;
+ subr(17) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 17);
+ /* k17 */
+ subl(22) = kll;
+ subr(22) = klr;
+ /* k18 */
+ subl(23) = krl;
+ subr(23) = krr;
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 34);
+ /* k23 */
+ subl(30) = kll;
+ subr(30) = klr;
+ /* k24 */
+ subl(31) = krl;
+ subr(31) = krr;
+
+ /* generate KR dependent subkeys */
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+ /* k3 */
+ subl(4) = krll;
+ subr(4) = krlr;
+ /* k4 */
+ subl(5) = krrl;
+ subr(5) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 15);
+ /* kl1 */
+ subl(8) = krll;
+ subr(8) = krlr;
+ /* kl2 */
+ subl(9) = krrl;
+ subr(9) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+ /* k13 */
+ subl(18) = krll;
+ subr(18) = krlr;
+ /* k14 */
+ subl(19) = krrl;
+ subr(19) = krrr;
+ CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+ /* k19 */
+ subl(26) = krll;
+ subr(26) = krlr;
+ /* k20 */
+ subl(27) = krrl;
+ subr(27) = krrr;
+ CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 34);
+
+ /* generate KA */
+ kll = subl(0) ^ krll;
+ klr = subr(0) ^ krlr;
+ krl = subl(1) ^ krrl;
+ krr = subr(1) ^ krrr;
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA1L, CAMELLIA_SIGMA1R, w0, w1, il, ir, t0, t1);
+ krl ^= w0;
+ krr ^= w1;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA2L, CAMELLIA_SIGMA2R, kll, klr, il, ir, t0, t1);
+ kll ^= krll;
+ klr ^= krlr;
+ CAMELLIA_F(kll, klr,
+ CAMELLIA_SIGMA3L, CAMELLIA_SIGMA3R, krl, krr, il, ir, t0, t1);
+ krl ^= w0 ^ krrl;
+ krr ^= w1 ^ krrr;
+ CAMELLIA_F(krl, krr,
+ CAMELLIA_SIGMA4L, CAMELLIA_SIGMA4R, w0, w1, il, ir, t0, t1);
+ kll ^= w0;
+ klr ^= w1;
+
+ /* generate KB */
+ krll ^= kll;
+ krlr ^= klr;
+ krrl ^= krl;
+ krrr ^= krr;
+ CAMELLIA_F(krll, krlr,
+ CAMELLIA_SIGMA5L, CAMELLIA_SIGMA5R, w0, w1, il, ir, t0, t1);
+ krrl ^= w0;
+ krrr ^= w1;
+ CAMELLIA_F(krrl, krrr,
+ CAMELLIA_SIGMA6L, CAMELLIA_SIGMA6R, w0, w1, il, ir, t0, t1);
+ krll ^= w0;
+ krlr ^= w1;
+
+ /* generate KA dependent subkeys */
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 15);
+ /* k5 */
+ subl(6) = kll;
+ subr(6) = klr;
+ /* k6 */
+ subl(7) = krl;
+ subr(7) = krr;
+ CAMELLIA_ROLDQ(kll, klr, krl, krr, w0, w1, 30);
+ /* k11 */
+ subl(14) = kll;
+ subr(14) = klr;
+ /* k12 */
+ subl(15) = krl;
+ subr(15) = krr;
+ /* rotation left shift 32bit */
+ /* kl5 */
+ subl(24) = klr;
+ subr(24) = krl;
+ /* kl6 */
+ subl(25) = krr;
+ subr(25) = kll;
+ /* rotation left shift 49 from k11,k12 -> k21,k22 */
+ CAMELLIA_ROLDQo32(kll, klr, krl, krr, w0, w1, 49);
+ /* k21 */
+ subl(28) = kll;
+ subr(28) = klr;
+ /* k22 */
+ subl(29) = krl;
+ subr(29) = krr;
+
+ /* generate KB dependent subkeys */
+ /* k1 */
+ subl(2) = krll;
+ subr(2) = krlr;
+ /* k2 */
+ subl(3) = krrl;
+ subr(3) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+ /* k7 */
+ subl(10) = krll;
+ subr(10) = krlr;
+ /* k8 */
+ subl(11) = krrl;
+ subr(11) = krrr;
+ CAMELLIA_ROLDQ(krll, krlr, krrl, krrr, w0, w1, 30);
+ /* k15 */
+ subl(20) = krll;
+ subr(20) = krlr;
+ /* k16 */
+ subl(21) = krrl;
+ subr(21) = krrr;
+ CAMELLIA_ROLDQo32(krll, krlr, krrl, krrr, w0, w1, 51);
+ /* kw3 */
+ subl(32) = krll;
+ subr(32) = krlr;
+ /* kw4 */
+ subl(33) = krrl;
+ subr(33) = krrr;
+
+ /* absorb kw2 to other subkeys */
+/* round 2 */
+ subl(3) ^= subl(1);
+ subr(3) ^= subr(1);
+/* round 4 */
+ subl(5) ^= subl(1);
+ subr(5) ^= subr(1);
+/* round 6 */
+ subl(7) ^= subl(1);
+ subr(7) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(9);
+ dw = subl(1) & subl(9), subr(1) ^= CAMELLIA_RL1(dw); /* modified for
+ * FLinv(kl2) */
+/* round 8 */
+ subl(11) ^= subl(1);
+ subr(11) ^= subr(1);
+/* round 10 */
+ subl(13) ^= subl(1);
+ subr(13) ^= subr(1);
+/* round 12 */
+ subl(15) ^= subl(1);
+ subr(15) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(17);
+ dw = subl(1) & subl(17), subr(1) ^= CAMELLIA_RL1(dw); /* modified for
+ * FLinv(kl4) */
+/* round 14 */
+ subl(19) ^= subl(1);
+ subr(19) ^= subr(1);
+/* round 16 */
+ subl(21) ^= subl(1);
+ subr(21) ^= subr(1);
+/* round 18 */
+ subl(23) ^= subl(1);
+ subr(23) ^= subr(1);
+ subl(1) ^= subr(1) & ~subr(25);
+ dw = subl(1) & subl(25), subr(1) ^= CAMELLIA_RL1(dw); /* modified for
+ * FLinv(kl6) */
+/* round 20 */
+ subl(27) ^= subl(1);
+ subr(27) ^= subr(1);
+/* round 22 */
+ subl(29) ^= subl(1);
+ subr(29) ^= subr(1);
+/* round 24 */
+ subl(31) ^= subl(1);
+ subr(31) ^= subr(1);
+/* kw3 */
+ subl(32) ^= subl(1);
+ subr(32) ^= subr(1);
+
+ /* absorb kw4 to other subkeys */
+ kw4l = subl(33);
+ kw4r = subr(33);
+/* round 23 */
+ subl(30) ^= kw4l;
+ subr(30) ^= kw4r;
+/* round 21 */
+ subl(28) ^= kw4l;
+ subr(28) ^= kw4r;
+/* round 19 */
+ subl(26) ^= kw4l;
+ subr(26) ^= kw4r;
+ kw4l ^= kw4r & ~subr(24);
+ dw = kw4l & subl(24), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl5) */
+/* round 17 */
+ subl(22) ^= kw4l;
+ subr(22) ^= kw4r;
+/* round 15 */
+ subl(20) ^= kw4l;
+ subr(20) ^= kw4r;
+/* round 13 */
+ subl(18) ^= kw4l;
+ subr(18) ^= kw4r;
+ kw4l ^= kw4r & ~subr(16);
+ dw = kw4l & subl(16), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl3) */
+/* round 11 */
+ subl(14) ^= kw4l;
+ subr(14) ^= kw4r;
+/* round 9 */
+ subl(12) ^= kw4l;
+ subr(12) ^= kw4r;
+/* round 7 */
+ subl(10) ^= kw4l;
+ subr(10) ^= kw4r;
+ kw4l ^= kw4r & ~subr(8);
+ dw = kw4l & subl(8), kw4r ^= CAMELLIA_RL1(dw); /* modified for FL(kl1) */
+/* round 5 */
+ subl(6) ^= kw4l;
+ subr(6) ^= kw4r;
+/* round 3 */
+ subl(4) ^= kw4l;
+ subr(4) ^= kw4r;
+/* round 1 */
+ subl(2) ^= kw4l;
+ subr(2) ^= kw4r;
+/* kw1 */
+ subl(0) ^= kw4l;
+ subr(0) ^= kw4r;
+
+ /* key XOR is end of F-function */
+ CamelliaSubkeyL(0) = subl(0) ^ subl(2); /* kw1 */
+ CamelliaSubkeyR(0) = subr(0) ^ subr(2);
+ CamelliaSubkeyL(2) = subl(3); /* round 1 */
+ CamelliaSubkeyR(2) = subr(3);
+ CamelliaSubkeyL(3) = subl(2) ^ subl(4); /* round 2 */
+ CamelliaSubkeyR(3) = subr(2) ^ subr(4);
+ CamelliaSubkeyL(4) = subl(3) ^ subl(5); /* round 3 */
+ CamelliaSubkeyR(4) = subr(3) ^ subr(5);
+ CamelliaSubkeyL(5) = subl(4) ^ subl(6); /* round 4 */
+ CamelliaSubkeyR(5) = subr(4) ^ subr(6);
+ CamelliaSubkeyL(6) = subl(5) ^ subl(7); /* round 5 */
+ CamelliaSubkeyR(6) = subr(5) ^ subr(7);
+ tl = subl(10) ^ (subr(10) & ~subr(8));
+ dw = tl & subl(8), /* FL(kl1) */
+ tr = subr(10) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(7) = subl(6) ^ tl; /* round 6 */
+ CamelliaSubkeyR(7) = subr(6) ^ tr;
+ CamelliaSubkeyL(8) = subl(8); /* FL(kl1) */
+ CamelliaSubkeyR(8) = subr(8);
+ CamelliaSubkeyL(9) = subl(9); /* FLinv(kl2) */
+ CamelliaSubkeyR(9) = subr(9);
+ tl = subl(7) ^ (subr(7) & ~subr(9));
+ dw = tl & subl(9), /* FLinv(kl2) */
+ tr = subr(7) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(10) = tl ^ subl(11); /* round 7 */
+ CamelliaSubkeyR(10) = tr ^ subr(11);
+ CamelliaSubkeyL(11) = subl(10) ^ subl(12); /* round 8 */
+ CamelliaSubkeyR(11) = subr(10) ^ subr(12);
+ CamelliaSubkeyL(12) = subl(11) ^ subl(13); /* round 9 */
+ CamelliaSubkeyR(12) = subr(11) ^ subr(13);
+ CamelliaSubkeyL(13) = subl(12) ^ subl(14); /* round 10 */
+ CamelliaSubkeyR(13) = subr(12) ^ subr(14);
+ CamelliaSubkeyL(14) = subl(13) ^ subl(15); /* round 11 */
+ CamelliaSubkeyR(14) = subr(13) ^ subr(15);
+ tl = subl(18) ^ (subr(18) & ~subr(16));
+ dw = tl & subl(16), /* FL(kl3) */
+ tr = subr(18) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(15) = subl(14) ^ tl; /* round 12 */
+ CamelliaSubkeyR(15) = subr(14) ^ tr;
+ CamelliaSubkeyL(16) = subl(16); /* FL(kl3) */
+ CamelliaSubkeyR(16) = subr(16);
+ CamelliaSubkeyL(17) = subl(17); /* FLinv(kl4) */
+ CamelliaSubkeyR(17) = subr(17);
+ tl = subl(15) ^ (subr(15) & ~subr(17));
+ dw = tl & subl(17), /* FLinv(kl4) */
+ tr = subr(15) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(18) = tl ^ subl(19); /* round 13 */
+ CamelliaSubkeyR(18) = tr ^ subr(19);
+ CamelliaSubkeyL(19) = subl(18) ^ subl(20); /* round 14 */
+ CamelliaSubkeyR(19) = subr(18) ^ subr(20);
+ CamelliaSubkeyL(20) = subl(19) ^ subl(21); /* round 15 */
+ CamelliaSubkeyR(20) = subr(19) ^ subr(21);
+ CamelliaSubkeyL(21) = subl(20) ^ subl(22); /* round 16 */
+ CamelliaSubkeyR(21) = subr(20) ^ subr(22);
+ CamelliaSubkeyL(22) = subl(21) ^ subl(23); /* round 17 */
+ CamelliaSubkeyR(22) = subr(21) ^ subr(23);
+ tl = subl(26) ^ (subr(26)
+ & ~subr(24));
+ dw = tl & subl(24), /* FL(kl5) */
+ tr = subr(26) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(23) = subl(22) ^ tl; /* round 18 */
+ CamelliaSubkeyR(23) = subr(22) ^ tr;
+ CamelliaSubkeyL(24) = subl(24); /* FL(kl5) */
+ CamelliaSubkeyR(24) = subr(24);
+ CamelliaSubkeyL(25) = subl(25); /* FLinv(kl6) */
+ CamelliaSubkeyR(25) = subr(25);
+ tl = subl(23) ^ (subr(23) & ~subr(25));
+ dw = tl & subl(25), /* FLinv(kl6) */
+ tr = subr(23) ^ CAMELLIA_RL1(dw);
+ CamelliaSubkeyL(26) = tl ^ subl(27); /* round 19 */
+ CamelliaSubkeyR(26) = tr ^ subr(27);
+ CamelliaSubkeyL(27) = subl(26) ^ subl(28); /* round 20 */
+ CamelliaSubkeyR(27) = subr(26) ^ subr(28);
+ CamelliaSubkeyL(28) = subl(27) ^ subl(29); /* round 21 */
+ CamelliaSubkeyR(28) = subr(27) ^ subr(29);
+ CamelliaSubkeyL(29) = subl(28) ^ subl(30); /* round 22 */
+ CamelliaSubkeyR(29) = subr(28) ^ subr(30);
+ CamelliaSubkeyL(30) = subl(29) ^ subl(31); /* round 23 */
+ CamelliaSubkeyR(30) = subr(29) ^ subr(31);
+ CamelliaSubkeyL(31) = subl(30); /* round 24 */
+ CamelliaSubkeyR(31) = subr(30);
+ CamelliaSubkeyL(32) = subl(32) ^ subl(31); /* kw3 */
+ CamelliaSubkeyR(32) = subr(32) ^ subr(31);
+
+ /* apply the inverse of the last half of P-function */
+ /* round 1 */
+ dw = CamelliaSubkeyL(2) ^ CamelliaSubkeyR(2), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(2) = CamelliaSubkeyL(2) ^ dw, CamelliaSubkeyL(2) = dw;
+ /* round 2 */
+ dw = CamelliaSubkeyL(3) ^ CamelliaSubkeyR(3), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(3) = CamelliaSubkeyL(3) ^ dw, CamelliaSubkeyL(3) = dw;
+ /* round 3 */
+ dw = CamelliaSubkeyL(4) ^ CamelliaSubkeyR(4), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(4) = CamelliaSubkeyL(4) ^ dw, CamelliaSubkeyL(4) = dw;
+ /* round 4 */
+ dw = CamelliaSubkeyL(5) ^ CamelliaSubkeyR(5), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(5) = CamelliaSubkeyL(5) ^ dw, CamelliaSubkeyL(5) = dw;
+ /* round 5 */
+ dw = CamelliaSubkeyL(6) ^ CamelliaSubkeyR(6), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(6) = CamelliaSubkeyL(6) ^ dw, CamelliaSubkeyL(6) = dw;
+ /* round 6 */
+ dw = CamelliaSubkeyL(7) ^ CamelliaSubkeyR(7), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(7) = CamelliaSubkeyL(7) ^ dw, CamelliaSubkeyL(7) = dw;
+ /* round 7 */
+ dw = CamelliaSubkeyL(10) ^ CamelliaSubkeyR(10), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(10) = CamelliaSubkeyL(10) ^ dw, CamelliaSubkeyL(10) = dw;
+ /* round 8 */
+ dw = CamelliaSubkeyL(11) ^ CamelliaSubkeyR(11), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(11) = CamelliaSubkeyL(11) ^ dw, CamelliaSubkeyL(11) = dw;
+ /* round 9 */
+ dw = CamelliaSubkeyL(12) ^ CamelliaSubkeyR(12), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(12) = CamelliaSubkeyL(12) ^ dw, CamelliaSubkeyL(12) = dw;
+ /* round 10 */
+ dw = CamelliaSubkeyL(13) ^ CamelliaSubkeyR(13), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(13) = CamelliaSubkeyL(13) ^ dw, CamelliaSubkeyL(13) = dw;
+ /* round 11 */
+ dw = CamelliaSubkeyL(14) ^ CamelliaSubkeyR(14), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(14) = CamelliaSubkeyL(14) ^ dw, CamelliaSubkeyL(14) = dw;
+ /* round 12 */
+ dw = CamelliaSubkeyL(15) ^ CamelliaSubkeyR(15), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(15) = CamelliaSubkeyL(15) ^ dw, CamelliaSubkeyL(15) = dw;
+ /* round 13 */
+ dw = CamelliaSubkeyL(18) ^ CamelliaSubkeyR(18), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(18) = CamelliaSubkeyL(18) ^ dw, CamelliaSubkeyL(18) = dw;
+ /* round 14 */
+ dw = CamelliaSubkeyL(19) ^ CamelliaSubkeyR(19), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(19) = CamelliaSubkeyL(19) ^ dw, CamelliaSubkeyL(19) = dw;
+ /* round 15 */
+ dw = CamelliaSubkeyL(20) ^ CamelliaSubkeyR(20), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(20) = CamelliaSubkeyL(20) ^ dw, CamelliaSubkeyL(20) = dw;
+ /* round 16 */
+ dw = CamelliaSubkeyL(21) ^ CamelliaSubkeyR(21), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(21) = CamelliaSubkeyL(21) ^ dw, CamelliaSubkeyL(21) = dw;
+ /* round 17 */
+ dw = CamelliaSubkeyL(22) ^ CamelliaSubkeyR(22), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(22) = CamelliaSubkeyL(22) ^ dw, CamelliaSubkeyL(22) = dw;
+ /* round 18 */
+ dw = CamelliaSubkeyL(23) ^ CamelliaSubkeyR(23), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(23) = CamelliaSubkeyL(23) ^ dw, CamelliaSubkeyL(23) = dw;
+ /* round 19 */
+ dw = CamelliaSubkeyL(26) ^ CamelliaSubkeyR(26), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(26) = CamelliaSubkeyL(26) ^ dw, CamelliaSubkeyL(26) = dw;
+ /* round 20 */
+ dw = CamelliaSubkeyL(27) ^ CamelliaSubkeyR(27), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(27) = CamelliaSubkeyL(27) ^ dw, CamelliaSubkeyL(27) = dw;
+ /* round 21 */
+ dw = CamelliaSubkeyL(28) ^ CamelliaSubkeyR(28), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(28) = CamelliaSubkeyL(28) ^ dw, CamelliaSubkeyL(28) = dw;
+ /* round 22 */
+ dw = CamelliaSubkeyL(29) ^ CamelliaSubkeyR(29), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(29) = CamelliaSubkeyL(29) ^ dw, CamelliaSubkeyL(29) = dw;
+ /* round 23 */
+ dw = CamelliaSubkeyL(30) ^ CamelliaSubkeyR(30), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(30) = CamelliaSubkeyL(30) ^ dw, CamelliaSubkeyL(30) = dw;
+ /* round 24 */
+ dw = CamelliaSubkeyL(31) ^ CamelliaSubkeyR(31), dw = CAMELLIA_RL8(dw);
+ CamelliaSubkeyR(31) = CamelliaSubkeyL(31) ^ dw, CamelliaSubkeyL(31) = dw;
+
+ return;
+}
+
+void camellia_setup192(const u8 *key, u32 *subkey)
+{
+ u8 kk[32];
+ u32 krll, krlr, krrl, krrr;
+
+ memcpy(kk, key, 24);
+ memcpy((u8 *)&krll, key + 16, 4);
+ memcpy((u8 *)&krlr, key + 20, 4);
+ krrl = ~krll;
+ krrr = ~krlr;
+ memcpy(kk + 24, (u8 *)&krrl, 4);
+ memcpy(kk + 28, (u8 *)&krrr, 4);
+ camellia_setup256(kk, subkey);
+ return;
+}
+
+/**
+ * Stuff related to camellia encryption/decryption
+ */
+void camellia_encrypt128(const u32 *subkey, u32 *io)
+{
+ u32 il, ir, t0, t1;
+
+ /* pre whitening but absorb kw2 */
+ io[0] ^= CamelliaSubkeyL(0);
+ io[1] ^= CamelliaSubkeyR(0);
+ /* main iteration */
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(2), CamelliaSubkeyR(2),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(3), CamelliaSubkeyR(3),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(4), CamelliaSubkeyR(4),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(5), CamelliaSubkeyR(5),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(6), CamelliaSubkeyR(6),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(7), CamelliaSubkeyR(7),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(8), CamelliaSubkeyR(8),
+ CamelliaSubkeyL(9), CamelliaSubkeyR(9), t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(10), CamelliaSubkeyR(10),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(11), CamelliaSubkeyR(11),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(12), CamelliaSubkeyR(12),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(13), CamelliaSubkeyR(13),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(14), CamelliaSubkeyR(14),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(15), CamelliaSubkeyR(15),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(16), CamelliaSubkeyR(16),
+ CamelliaSubkeyL(17), CamelliaSubkeyR(17), t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(18), CamelliaSubkeyR(18),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(19), CamelliaSubkeyR(19),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(20), CamelliaSubkeyR(20),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(21), CamelliaSubkeyR(21),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(22), CamelliaSubkeyR(22),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(23), CamelliaSubkeyR(23),
+ io[0], io[1], il, ir, t0, t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(24);
+ io[3] ^= CamelliaSubkeyR(24);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+}
+
+void camellia_decrypt128(const u32 *subkey, u32 *io)
+{
+ u32 il, ir, t0, t1; /* temporary valiables */
+
+ /* pre whitening but absorb kw2 */
+ io[0] ^= CamelliaSubkeyL(24);
+ io[1] ^= CamelliaSubkeyR(24);
+
+ /* main iteration */
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(23), CamelliaSubkeyR(23),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(22), CamelliaSubkeyR(22),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(21), CamelliaSubkeyR(21),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(20), CamelliaSubkeyR(20),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(19), CamelliaSubkeyR(19),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(18), CamelliaSubkeyR(18),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(17), CamelliaSubkeyR(17),
+ CamelliaSubkeyL(16), CamelliaSubkeyR(16), t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(15), CamelliaSubkeyR(15),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(14), CamelliaSubkeyR(14),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(13), CamelliaSubkeyR(13),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(12), CamelliaSubkeyR(12),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(11), CamelliaSubkeyR(11),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(10), CamelliaSubkeyR(10),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(9), CamelliaSubkeyR(9),
+ CamelliaSubkeyL(8), CamelliaSubkeyR(8), t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(7), CamelliaSubkeyR(7),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(6), CamelliaSubkeyR(6),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(5), CamelliaSubkeyR(5),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(4), CamelliaSubkeyR(4),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(3), CamelliaSubkeyR(3),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(2), CamelliaSubkeyR(2),
+ io[0], io[1], il, ir, t0, t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(0);
+ io[3] ^= CamelliaSubkeyR(0);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+}
+
+/**
+ * stuff for 192 and 256bit encryption/decryption
+ */
+void camellia_encrypt256(const u32 *subkey, u32 *io)
+{
+ u32 il, ir, t0, t1; /* temporary valiables */
+
+ /* pre whitening but absorb kw2 */
+ io[0] ^= CamelliaSubkeyL(0);
+ io[1] ^= CamelliaSubkeyR(0);
+
+ /* main iteration */
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(2), CamelliaSubkeyR(2),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(3), CamelliaSubkeyR(3),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(4), CamelliaSubkeyR(4),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(5), CamelliaSubkeyR(5),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(6), CamelliaSubkeyR(6),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(7), CamelliaSubkeyR(7),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(8), CamelliaSubkeyR(8),
+ CamelliaSubkeyL(9), CamelliaSubkeyR(9), t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(10), CamelliaSubkeyR(10),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(11), CamelliaSubkeyR(11),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(12), CamelliaSubkeyR(12),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(13), CamelliaSubkeyR(13),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(14), CamelliaSubkeyR(14),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(15), CamelliaSubkeyR(15),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(16), CamelliaSubkeyR(16),
+ CamelliaSubkeyL(17), CamelliaSubkeyR(17), t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(18), CamelliaSubkeyR(18),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(19), CamelliaSubkeyR(19),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(20), CamelliaSubkeyR(20),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(21), CamelliaSubkeyR(21),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(22), CamelliaSubkeyR(22),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(23), CamelliaSubkeyR(23),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(24), CamelliaSubkeyR(24),
+ CamelliaSubkeyL(25), CamelliaSubkeyR(25), t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(26), CamelliaSubkeyR(26),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(27), CamelliaSubkeyR(27),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(28), CamelliaSubkeyR(28),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(29), CamelliaSubkeyR(29),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(30), CamelliaSubkeyR(30),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(31), CamelliaSubkeyR(31),
+ io[0], io[1], il, ir, t0, t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(32);
+ io[3] ^= CamelliaSubkeyR(32);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+}
+
+void camellia_decrypt256(const u32 *subkey, u32 *io)
+{
+ u32 il, ir, t0, t1; /* temporary valiables */
+
+ /* pre whitening but absorb kw2 */
+ io[0] ^= CamelliaSubkeyL(32);
+ io[1] ^= CamelliaSubkeyR(32);
+
+ /* main iteration */
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(31), CamelliaSubkeyR(31),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(30), CamelliaSubkeyR(30),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(29), CamelliaSubkeyR(29),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(28), CamelliaSubkeyR(28),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(27), CamelliaSubkeyR(27),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(26), CamelliaSubkeyR(26),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(25), CamelliaSubkeyR(25),
+ CamelliaSubkeyL(24), CamelliaSubkeyR(24), t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(23), CamelliaSubkeyR(23),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(22), CamelliaSubkeyR(22),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(21), CamelliaSubkeyR(21),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(20), CamelliaSubkeyR(20),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(19), CamelliaSubkeyR(19),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(18), CamelliaSubkeyR(18),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(17), CamelliaSubkeyR(17),
+ CamelliaSubkeyL(16), CamelliaSubkeyR(16), t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(15), CamelliaSubkeyR(15),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(14), CamelliaSubkeyR(14),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(13), CamelliaSubkeyR(13),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(12), CamelliaSubkeyR(12),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(11), CamelliaSubkeyR(11),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(10), CamelliaSubkeyR(10),
+ io[0], io[1], il, ir, t0, t1);
+
+ CAMELLIA_FLS(io[0], io[1], io[2], io[3],
+ CamelliaSubkeyL(9), CamelliaSubkeyR(9),
+ CamelliaSubkeyL(8), CamelliaSubkeyR(8), t0, t1, il, ir);
+
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(7), CamelliaSubkeyR(7),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(6), CamelliaSubkeyR(6),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(5), CamelliaSubkeyR(5),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(4), CamelliaSubkeyR(4),
+ io[0], io[1], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[0], io[1],
+ CamelliaSubkeyL(3), CamelliaSubkeyR(3),
+ io[2], io[3], il, ir, t0, t1);
+ CAMELLIA_ROUNDSM(io[2], io[3],
+ CamelliaSubkeyL(2), CamelliaSubkeyR(2),
+ io[0], io[1], il, ir, t0, t1);
+
+ /* post whitening but kw4 */
+ io[2] ^= CamelliaSubkeyL(0);
+ io[3] ^= CamelliaSubkeyR(0);
+
+ t0 = io[0];
+ t1 = io[1];
+ io[0] = io[2];
+ io[1] = io[3];
+ io[2] = t0;
+ io[3] = t1;
+
+ return;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/camellia.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,134 +0,0 @@
-/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef HEADER_CAMELLIA_H
-#define HEADER_CAMELLIA_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_CAMELLIA
-#error CAMELLIA is disabled.
-#endif
-
-#define CAMELLIA_ENCRYPT 1
-#define CAMELLIA_DECRYPT 0
-
-/* Because array size can't be a const in C, the following two are macros.
- Both sizes are in bytes. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* This should be a hidden type, but EVP requires that the size be known */
-
-#define CAMELLIA_BLOCK_SIZE 16
-#define CAMELLIA_TABLE_BYTE_LEN 272
-#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
-
- /* to match with WORD */
-typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
-
-struct camellia_key_st
- {
- KEY_TABLE_TYPE rd_key;
- int bitLength;
- void (*enc)(const unsigned int *subkey, unsigned int *io);
- void (*dec)(const unsigned int *subkey, unsigned int *io);
- };
-
-typedef struct camellia_key_st CAMELLIA_KEY;
-
-#ifdef OPENSSL_FIPS
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
- CAMELLIA_KEY *key);
-#endif
-
-int Camellia_set_key(const unsigned char *userKey, const int bits,
- CAMELLIA_KEY *key);
-
-void Camellia_encrypt(const unsigned char *in, unsigned char *out,
- const CAMELLIA_KEY *key);
-void Camellia_decrypt(const unsigned char *in, unsigned char *out,
- const CAMELLIA_KEY *key);
-
-void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
- const CAMELLIA_KEY *key, const int enc);
-void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const CAMELLIA_KEY *key,
- unsigned char *ivec, const int enc);
-void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const CAMELLIA_KEY *key,
- unsigned char *ivec, int *num, const int enc);
-void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const CAMELLIA_KEY *key,
- unsigned char *ivec, int *num, const int enc);
-void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const CAMELLIA_KEY *key,
- unsigned char *ivec, int *num, const int enc);
-void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
- const int nbits,const CAMELLIA_KEY *key,
- unsigned char *ivec,const int enc);
-void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const CAMELLIA_KEY *key,
- unsigned char *ivec, int *num);
-void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const CAMELLIA_KEY *key,
- unsigned char ivec[CAMELLIA_BLOCK_SIZE],
- unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
- unsigned int *num);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* !HEADER_Camellia_H */
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.h (from rev 6976, vendor-crypto/openssl/dist/crypto/camellia/camellia.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/camellia.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,139 @@
+/* crypto/camellia/camellia.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_CAMELLIA_H
+# define HEADER_CAMELLIA_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_CAMELLIA
+# error CAMELLIA is disabled.
+# endif
+
+# define CAMELLIA_ENCRYPT 1
+# define CAMELLIA_DECRYPT 0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This should be a hidden type, but EVP requires that the size be known */
+
+# define CAMELLIA_BLOCK_SIZE 16
+# define CAMELLIA_TABLE_BYTE_LEN 272
+# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+ /* to match with WORD */
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN];
+
+struct camellia_key_st {
+ KEY_TABLE_TYPE rd_key;
+ int bitLength;
+ void (*enc) (const unsigned int *subkey, unsigned int *io);
+ void (*dec) (const unsigned int *subkey, unsigned int *io);
+};
+
+typedef struct camellia_key_st CAMELLIA_KEY;
+
+# ifdef OPENSSL_FIPS
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+ CAMELLIA_KEY *key);
+# endif
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+ CAMELLIA_KEY *key);
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key);
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key);
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key, const int enc);
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, const int enc);
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length,
+ const CAMELLIA_KEY *key, unsigned char *ivec,
+ int *num, const int enc);
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length,
+ const CAMELLIA_KEY *key, unsigned char *ivec,
+ int *num, const int enc);
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length,
+ const CAMELLIA_KEY *key, unsigned char *ivec,
+ int *num, const int enc);
+void Camellia_cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
+ const int nbits, const CAMELLIA_KEY *key,
+ unsigned char *ivec, const int enc);
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length,
+ const CAMELLIA_KEY *key, unsigned char *ivec,
+ int *num);
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length,
+ const CAMELLIA_KEY *key,
+ unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+ unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+ unsigned int *num);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* !HEADER_Camellia_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_cbc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,273 +0,0 @@
-/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/camellia.h>
-#include "cmll_locl.h"
-
-void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const CAMELLIA_KEY *key,
- unsigned char *ivec, const int enc) {
-
- unsigned long n;
- unsigned long len = length;
- const unsigned char *iv = ivec;
- union { u32 t32[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
- u8 t8 [CAMELLIA_BLOCK_SIZE]; } tmp;
- const union { long one; char little; } camellia_endian = {1};
-
-
- assert(in && out && key && ivec);
- assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));
-
- if(((size_t)in|(size_t)out|(size_t)ivec) % sizeof(u32) == 0)
- {
- if (CAMELLIA_ENCRYPT == enc)
- {
- while (len >= CAMELLIA_BLOCK_SIZE)
- {
- XOR4WORD2((u32 *)out,
- (u32 *)in, (u32 *)iv);
- if (camellia_endian.little)
- SWAP4WORD((u32 *)out);
- key->enc(key->rd_key, (u32 *)out);
- if (camellia_endian.little)
- SWAP4WORD((u32 *)out);
- iv = out;
- len -= CAMELLIA_BLOCK_SIZE;
- in += CAMELLIA_BLOCK_SIZE;
- out += CAMELLIA_BLOCK_SIZE;
- }
- if (len)
- {
- for(n=0; n < len; ++n)
- out[n] = in[n] ^ iv[n];
- for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
- out[n] = iv[n];
- if (camellia_endian.little)
- SWAP4WORD((u32 *)out);
- key->enc(key->rd_key, (u32 *)out);
- if (camellia_endian.little)
- SWAP4WORD((u32 *)out);
- iv = out;
- }
- memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
- }
- else if (in != out)
- {
- while (len >= CAMELLIA_BLOCK_SIZE)
- {
- memcpy(out,in,CAMELLIA_BLOCK_SIZE);
- if (camellia_endian.little)
- SWAP4WORD((u32 *)out);
- key->dec(key->rd_key,(u32 *)out);
- if (camellia_endian.little)
- SWAP4WORD((u32 *)out);
- XOR4WORD((u32 *)out, (u32 *)iv);
- iv = in;
- len -= CAMELLIA_BLOCK_SIZE;
- in += CAMELLIA_BLOCK_SIZE;
- out += CAMELLIA_BLOCK_SIZE;
- }
- if (len)
- {
- memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- key->dec(key->rd_key, tmp.t32);
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- for(n=0; n < len; ++n)
- out[n] = tmp.t8[n] ^ iv[n];
- iv = in;
- }
- memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
- }
- else /* in == out */
- {
- while (len >= CAMELLIA_BLOCK_SIZE)
- {
- memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
- if (camellia_endian.little)
- SWAP4WORD((u32 *)out);
- key->dec(key->rd_key, (u32 *)out);
- if (camellia_endian.little)
- SWAP4WORD((u32 *)out);
- XOR4WORD((u32 *)out, (u32 *)ivec);
- memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);
- len -= CAMELLIA_BLOCK_SIZE;
- in += CAMELLIA_BLOCK_SIZE;
- out += CAMELLIA_BLOCK_SIZE;
- }
- if (len)
- {
- memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
- if (camellia_endian.little)
- SWAP4WORD((u32 *)out);
- key->dec(key->rd_key,(u32 *)out);
- if (camellia_endian.little)
- SWAP4WORD((u32 *)out);
- for(n=0; n < len; ++n)
- out[n] ^= ivec[n];
- for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
- out[n] = tmp.t8[n];
- memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);
- }
- }
- }
- else /* no aligned */
- {
- if (CAMELLIA_ENCRYPT == enc)
- {
- while (len >= CAMELLIA_BLOCK_SIZE)
- {
- for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
- tmp.t8[n] = in[n] ^ iv[n];
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- key->enc(key->rd_key, tmp.t32);
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
- iv = out;
- len -= CAMELLIA_BLOCK_SIZE;
- in += CAMELLIA_BLOCK_SIZE;
- out += CAMELLIA_BLOCK_SIZE;
- }
- if (len)
- {
- for(n=0; n < len; ++n)
- tmp.t8[n] = in[n] ^ iv[n];
- for(n=len; n < CAMELLIA_BLOCK_SIZE; ++n)
- tmp.t8[n] = iv[n];
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- key->enc(key->rd_key, tmp.t32);
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
- iv = out;
- }
- memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
- }
- else if (in != out)
- {
- while (len >= CAMELLIA_BLOCK_SIZE)
- {
- memcpy(tmp.t8,in,CAMELLIA_BLOCK_SIZE);
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- key->dec(key->rd_key,tmp.t32);
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
- out[n] = tmp.t8[n] ^ iv[n];
- iv = in;
- len -= CAMELLIA_BLOCK_SIZE;
- in += CAMELLIA_BLOCK_SIZE;
- out += CAMELLIA_BLOCK_SIZE;
- }
- if (len)
- {
- memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- key->dec(key->rd_key, tmp.t32);
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- for(n=0; n < len; ++n)
- out[n] = tmp.t8[n] ^ iv[n];
- iv = in;
- }
- memcpy(ivec,iv,CAMELLIA_BLOCK_SIZE);
- }
- else
- {
- while (len >= CAMELLIA_BLOCK_SIZE)
- {
- memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- key->dec(key->rd_key, tmp.t32);
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- for(n=0; n < CAMELLIA_BLOCK_SIZE; ++n)
- tmp.t8[n] ^= ivec[n];
- memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);
- memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
- len -= CAMELLIA_BLOCK_SIZE;
- in += CAMELLIA_BLOCK_SIZE;
- out += CAMELLIA_BLOCK_SIZE;
- }
- if (len)
- {
- memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- key->dec(key->rd_key,tmp.t32);
- if (camellia_endian.little)
- SWAP4WORD(tmp.t32);
- for(n=0; n < len; ++n)
- tmp.t8[n] ^= ivec[n];
- memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);
- memcpy(out,tmp.t8,len);
- }
- }
- }
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cbc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/camellia/cmll_cbc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cbc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,256 @@
+/* crypto/camellia/camellia_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length, const CAMELLIA_KEY *key,
+ unsigned char *ivec, const int enc)
+{
+
+ unsigned long n;
+ unsigned long len = length;
+ const unsigned char *iv = ivec;
+ union {
+ u32 t32[CAMELLIA_BLOCK_SIZE / sizeof(u32)];
+ u8 t8[CAMELLIA_BLOCK_SIZE];
+ } tmp;
+ const union {
+ long one;
+ char little;
+ } camellia_endian = {
+ 1
+ };
+
+ assert(in && out && key && ivec);
+ assert((CAMELLIA_ENCRYPT == enc) || (CAMELLIA_DECRYPT == enc));
+
+ if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(u32) == 0) {
+ if (CAMELLIA_ENCRYPT == enc) {
+ while (len >= CAMELLIA_BLOCK_SIZE) {
+ XOR4WORD2((u32 *)out, (u32 *)in, (u32 *)iv);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ key->enc(key->rd_key, (u32 *)out);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ iv = out;
+ len -= CAMELLIA_BLOCK_SIZE;
+ in += CAMELLIA_BLOCK_SIZE;
+ out += CAMELLIA_BLOCK_SIZE;
+ }
+ if (len) {
+ for (n = 0; n < len; ++n)
+ out[n] = in[n] ^ iv[n];
+ for (n = len; n < CAMELLIA_BLOCK_SIZE; ++n)
+ out[n] = iv[n];
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ key->enc(key->rd_key, (u32 *)out);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ iv = out;
+ }
+ memcpy(ivec, iv, CAMELLIA_BLOCK_SIZE);
+ } else if (in != out) {
+ while (len >= CAMELLIA_BLOCK_SIZE) {
+ memcpy(out, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ key->dec(key->rd_key, (u32 *)out);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ XOR4WORD((u32 *)out, (u32 *)iv);
+ iv = in;
+ len -= CAMELLIA_BLOCK_SIZE;
+ in += CAMELLIA_BLOCK_SIZE;
+ out += CAMELLIA_BLOCK_SIZE;
+ }
+ if (len) {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->dec(key->rd_key, tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ for (n = 0; n < len; ++n)
+ out[n] = tmp.t8[n] ^ iv[n];
+ iv = in;
+ }
+ memcpy(ivec, iv, CAMELLIA_BLOCK_SIZE);
+ } else { /* in == out */
+
+ while (len >= CAMELLIA_BLOCK_SIZE) {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ key->dec(key->rd_key, (u32 *)out);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ XOR4WORD((u32 *)out, (u32 *)ivec);
+ memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);
+ len -= CAMELLIA_BLOCK_SIZE;
+ in += CAMELLIA_BLOCK_SIZE;
+ out += CAMELLIA_BLOCK_SIZE;
+ }
+ if (len) {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ key->dec(key->rd_key, (u32 *)out);
+ if (camellia_endian.little)
+ SWAP4WORD((u32 *)out);
+ for (n = 0; n < len; ++n)
+ out[n] ^= ivec[n];
+ for (n = len; n < CAMELLIA_BLOCK_SIZE; ++n)
+ out[n] = tmp.t8[n];
+ memcpy(ivec, tmp.t8, CAMELLIA_BLOCK_SIZE);
+ }
+ }
+ } else { /* no aligned */
+
+ if (CAMELLIA_ENCRYPT == enc) {
+ while (len >= CAMELLIA_BLOCK_SIZE) {
+ for (n = 0; n < CAMELLIA_BLOCK_SIZE; ++n)
+ tmp.t8[n] = in[n] ^ iv[n];
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->enc(key->rd_key, tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
+ iv = out;
+ len -= CAMELLIA_BLOCK_SIZE;
+ in += CAMELLIA_BLOCK_SIZE;
+ out += CAMELLIA_BLOCK_SIZE;
+ }
+ if (len) {
+ for (n = 0; n < len; ++n)
+ tmp.t8[n] = in[n] ^ iv[n];
+ for (n = len; n < CAMELLIA_BLOCK_SIZE; ++n)
+ tmp.t8[n] = iv[n];
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->enc(key->rd_key, tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
+ iv = out;
+ }
+ memcpy(ivec, iv, CAMELLIA_BLOCK_SIZE);
+ } else if (in != out) {
+ while (len >= CAMELLIA_BLOCK_SIZE) {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->dec(key->rd_key, tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ for (n = 0; n < CAMELLIA_BLOCK_SIZE; ++n)
+ out[n] = tmp.t8[n] ^ iv[n];
+ iv = in;
+ len -= CAMELLIA_BLOCK_SIZE;
+ in += CAMELLIA_BLOCK_SIZE;
+ out += CAMELLIA_BLOCK_SIZE;
+ }
+ if (len) {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->dec(key->rd_key, tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ for (n = 0; n < len; ++n)
+ out[n] = tmp.t8[n] ^ iv[n];
+ iv = in;
+ }
+ memcpy(ivec, iv, CAMELLIA_BLOCK_SIZE);
+ } else {
+ while (len >= CAMELLIA_BLOCK_SIZE) {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->dec(key->rd_key, tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ for (n = 0; n < CAMELLIA_BLOCK_SIZE; ++n)
+ tmp.t8[n] ^= ivec[n];
+ memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);
+ memcpy(out, tmp.t8, CAMELLIA_BLOCK_SIZE);
+ len -= CAMELLIA_BLOCK_SIZE;
+ in += CAMELLIA_BLOCK_SIZE;
+ out += CAMELLIA_BLOCK_SIZE;
+ }
+ if (len) {
+ memcpy(tmp.t8, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ key->dec(key->rd_key, tmp.t32);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp.t32);
+ for (n = 0; n < len; ++n)
+ tmp.t8[n] ^= ivec[n];
+ memcpy(ivec, in, CAMELLIA_BLOCK_SIZE);
+ memcpy(out, tmp.t8, len);
+ }
+ }
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cfb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_cfb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cfb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,235 +0,0 @@
-/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-#include <string.h>
-
-#include <openssl/camellia.h>
-#include "cmll_locl.h"
-#include "e_os.h"
-
-
-/* The input and output encrypted as though 128bit cfb mode is being
- * used. The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
-
-void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const CAMELLIA_KEY *key,
- unsigned char *ivec, int *num, const int enc)
- {
-
- unsigned int n;
- unsigned long l = length;
- unsigned char c;
-
- assert(in && out && key && ivec && num);
-
- n = *num;
-
- if (enc)
- {
- while (l--)
- {
- if (n == 0)
- {
- Camellia_encrypt(ivec, ivec, key);
- }
- ivec[n] = *(out++) = *(in++) ^ ivec[n];
- n = (n+1) % CAMELLIA_BLOCK_SIZE;
- }
- }
- else
- {
- while (l--)
- {
- if (n == 0)
- {
- Camellia_encrypt(ivec, ivec, key);
- }
- c = *(in);
- *(out++) = *(in++) ^ ivec[n];
- ivec[n] = c;
- n = (n+1) % CAMELLIA_BLOCK_SIZE;
- }
- }
-
- *num=n;
- }
-
-/* This expects a single block of size nbits for both in and out. Note that
- it corrupts any extra bits in the last byte of out */
-void Camellia_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
- const int nbits,const CAMELLIA_KEY *key,
- unsigned char *ivec,const int enc)
- {
- int n,rem,num;
- unsigned char ovec[CAMELLIA_BLOCK_SIZE*2];
-
- if (nbits<=0 || nbits>128) return;
-
- /* fill in the first half of the new IV with the current IV */
- memcpy(ovec,ivec,CAMELLIA_BLOCK_SIZE);
- /* construct the new IV */
- Camellia_encrypt(ivec,ivec,key);
- num = (nbits+7)/8;
- if (enc) /* encrypt the input */
- for(n=0 ; n < num ; ++n)
- out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
- else /* decrypt the input */
- for(n=0 ; n < num ; ++n)
- out[n] = (ovec[CAMELLIA_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
- /* shift ovec left... */
- rem = nbits%8;
- num = nbits/8;
- if(rem==0)
- memcpy(ivec,ovec+num,CAMELLIA_BLOCK_SIZE);
- else
- for(n=0 ; n < CAMELLIA_BLOCK_SIZE ; ++n)
- ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
-
- /* it is not necessary to cleanse ovec, since the IV is not secret */
- }
-
-/* N.B. This expects the input to be packed, MS bit first */
-void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const CAMELLIA_KEY *key,
- unsigned char *ivec, int *num, const int enc)
- {
- unsigned int n;
- unsigned char c[1],d[1];
-
- assert(in && out && key && ivec && num);
- assert(*num == 0);
-
- memset(out,0,(length+7)/8);
- for(n=0 ; n < length ; ++n)
- {
- c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
- Camellia_cfbr_encrypt_block(c,d,1,key,ivec,enc);
- out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
- }
- }
-
-void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const CAMELLIA_KEY *key,
- unsigned char *ivec, int *num, const int enc)
- {
- unsigned int n;
-
- assert(in && out && key && ivec && num);
- assert(*num == 0);
-
- for(n=0 ; n < length ; ++n)
- Camellia_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cfb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/camellia/cmll_cfb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cfb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_cfb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,233 @@
+/* crypto/camellia/camellia_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <string.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+#include "e_os.h"
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length,
+ const CAMELLIA_KEY *key, unsigned char *ivec,
+ int *num, const int enc)
+{
+
+ unsigned int n;
+ unsigned long l = length;
+ unsigned char c;
+
+ assert(in && out && key && ivec && num);
+
+ n = *num;
+
+ if (enc) {
+ while (l--) {
+ if (n == 0) {
+ Camellia_encrypt(ivec, ivec, key);
+ }
+ ivec[n] = *(out++) = *(in++) ^ ivec[n];
+ n = (n + 1) % CAMELLIA_BLOCK_SIZE;
+ }
+ } else {
+ while (l--) {
+ if (n == 0) {
+ Camellia_encrypt(ivec, ivec, key);
+ }
+ c = *(in);
+ *(out++) = *(in++) ^ ivec[n];
+ ivec[n] = c;
+ n = (n + 1) % CAMELLIA_BLOCK_SIZE;
+ }
+ }
+
+ *num = n;
+}
+
+/*
+ * This expects a single block of size nbits for both in and out. Note that
+ * it corrupts any extra bits in the last byte of out
+ */
+void Camellia_cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
+ const int nbits, const CAMELLIA_KEY *key,
+ unsigned char *ivec, const int enc)
+{
+ int n, rem, num;
+ unsigned char ovec[CAMELLIA_BLOCK_SIZE * 2];
+
+ if (nbits <= 0 || nbits > 128)
+ return;
+
+ /* fill in the first half of the new IV with the current IV */
+ memcpy(ovec, ivec, CAMELLIA_BLOCK_SIZE);
+ /* construct the new IV */
+ Camellia_encrypt(ivec, ivec, key);
+ num = (nbits + 7) / 8;
+ if (enc) /* encrypt the input */
+ for (n = 0; n < num; ++n)
+ out[n] = (ovec[CAMELLIA_BLOCK_SIZE + n] = in[n] ^ ivec[n]);
+ else /* decrypt the input */
+ for (n = 0; n < num; ++n)
+ out[n] = (ovec[CAMELLIA_BLOCK_SIZE + n] = in[n]) ^ ivec[n];
+ /* shift ovec left... */
+ rem = nbits % 8;
+ num = nbits / 8;
+ if (rem == 0)
+ memcpy(ivec, ovec + num, CAMELLIA_BLOCK_SIZE);
+ else
+ for (n = 0; n < CAMELLIA_BLOCK_SIZE; ++n)
+ ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem);
+
+ /* it is not necessary to cleanse ovec, since the IV is not secret */
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length,
+ const CAMELLIA_KEY *key, unsigned char *ivec,
+ int *num, const int enc)
+{
+ unsigned int n;
+ unsigned char c[1], d[1];
+
+ assert(in && out && key && ivec && num);
+ assert(*num == 0);
+
+ memset(out, 0, (length + 7) / 8);
+ for (n = 0; n < length; ++n) {
+ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+ Camellia_cfbr_encrypt_block(c, d, 1, key, ivec, enc);
+ out[n / 8] =
+ (out[n / 8] & ~(1 << (7 - n % 8))) | ((d[0] & 0x80) >> (n % 8));
+ }
+}
+
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length,
+ const CAMELLIA_KEY *key, unsigned char *ivec,
+ int *num, const int enc)
+{
+ unsigned int n;
+
+ assert(in && out && key && ivec && num);
+ assert(*num == 0);
+
+ for (n = 0; n < length; ++n)
+ Camellia_cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ctr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_ctr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ctr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,143 +0,0 @@
-/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/camellia.h>
-#include "cmll_locl.h"
-
-/* NOTE: the IV/counter CTR mode is big-endian. The rest of the Camellia code
- * is endian-neutral. */
-/* increment counter (128-bit int) by 1 */
-static void Camellia_ctr128_inc(unsigned char *counter)
- {
- unsigned long c;
-
- /* Grab bottom dword of counter and increment */
- c = GETU32(counter + 12);
- c++; c &= 0xFFFFFFFF;
- PUTU32(counter + 12, c);
-
- /* if no overflow, we're done */
- if (c)
- return;
-
- /* Grab 1st dword of counter and increment */
- c = GETU32(counter + 8);
- c++; c &= 0xFFFFFFFF;
- PUTU32(counter + 8, c);
-
- /* if no overflow, we're done */
- if (c)
- return;
-
- /* Grab 2nd dword of counter and increment */
- c = GETU32(counter + 4);
- c++; c &= 0xFFFFFFFF;
- PUTU32(counter + 4, c);
-
- /* if no overflow, we're done */
- if (c)
- return;
-
- /* Grab top dword of counter and increment */
- c = GETU32(counter + 0);
- c++; c &= 0xFFFFFFFF;
- PUTU32(counter + 0, c);
- }
-
-/* The input encrypted as though 128bit counter mode is being
- * used. The extra state information to record how much of the
- * 128bit block we have used is contained in *num, and the
- * encrypted counter is kept in ecount_buf. Both *num and
- * ecount_buf must be initialised with zeros before the first
- * call to Camellia_ctr128_encrypt().
- *
- * This algorithm assumes that the counter is in the x lower bits
- * of the IV (ivec), and that the application has full control over
- * overflow and the rest of the IV. This implementation takes NO
- * responsability for checking that the counter doesn't overflow
- * into the rest of the IV when incremented.
- */
-void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const CAMELLIA_KEY *key,
- unsigned char ivec[CAMELLIA_BLOCK_SIZE],
- unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
- unsigned int *num)
- {
-
- unsigned int n;
- unsigned long l=length;
-
- assert(in && out && key && counter && num);
- assert(*num < CAMELLIA_BLOCK_SIZE);
-
- n = *num;
-
- while (l--)
- {
- if (n == 0)
- {
- Camellia_encrypt(ivec, ecount_buf, key);
- Camellia_ctr128_inc(ivec);
- }
- *(out++) = *(in++) ^ ecount_buf[n];
- n = (n+1) % CAMELLIA_BLOCK_SIZE;
- }
-
- *num=n;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ctr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/camellia/cmll_ctr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ctr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ctr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,145 @@
+/* crypto/camellia/camellia_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+/*
+ * NOTE: the IV/counter CTR mode is big-endian. The rest of the Camellia
+ * code is endian-neutral.
+ */
+/* increment counter (128-bit int) by 1 */
+static void Camellia_ctr128_inc(unsigned char *counter)
+{
+ unsigned long c;
+
+ /* Grab bottom dword of counter and increment */
+ c = GETU32(counter + 12);
+ c++;
+ c &= 0xFFFFFFFF;
+ PUTU32(counter + 12, c);
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab 1st dword of counter and increment */
+ c = GETU32(counter + 8);
+ c++;
+ c &= 0xFFFFFFFF;
+ PUTU32(counter + 8, c);
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab 2nd dword of counter and increment */
+ c = GETU32(counter + 4);
+ c++;
+ c &= 0xFFFFFFFF;
+ PUTU32(counter + 4, c);
+
+ /* if no overflow, we're done */
+ if (c)
+ return;
+
+ /* Grab top dword of counter and increment */
+ c = GETU32(counter + 0);
+ c++;
+ c &= 0xFFFFFFFF;
+ PUTU32(counter + 0, c);
+}
+
+/*
+ * The input encrypted as though 128bit counter mode is being used. The
+ * extra state information to record how much of the 128bit block we have
+ * used is contained in *num, and the encrypted counter is kept in
+ * ecount_buf. Both *num and ecount_buf must be initialised with zeros
+ * before the first call to Camellia_ctr128_encrypt(). This algorithm
+ * assumes that the counter is in the x lower bits of the IV (ivec), and that
+ * the application has full control over overflow and the rest of the IV.
+ * This implementation takes NO responsability for checking that the counter
+ * doesn't overflow into the rest of the IV when incremented.
+ */
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length,
+ const CAMELLIA_KEY *key,
+ unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+ unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+ unsigned int *num)
+{
+
+ unsigned int n;
+ unsigned long l = length;
+
+ assert(in && out && key && counter && num);
+ assert(*num < CAMELLIA_BLOCK_SIZE);
+
+ n = *num;
+
+ while (l--) {
+ if (n == 0) {
+ Camellia_encrypt(ivec, ecount_buf, key);
+ Camellia_ctr128_inc(ivec);
+ }
+ *(out++) = *(in++) ^ ecount_buf[n];
+ n = (n + 1) % CAMELLIA_BLOCK_SIZE;
+ }
+
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_ecb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,74 +0,0 @@
-/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-
-#include <openssl/camellia.h>
-#include "cmll_locl.h"
-
-void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
- const CAMELLIA_KEY *key, const int enc)
- {
-
- assert(in && out && key);
- assert((CAMELLIA_ENCRYPT == enc)||(CAMELLIA_DECRYPT == enc));
-
- if (CAMELLIA_ENCRYPT == enc)
- Camellia_encrypt(in, out, key);
- else
- Camellia_decrypt(in, out, key);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ecb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/camellia/cmll_ecb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ecb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,73 @@
+/* crypto/camellia/camellia_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key, const int enc)
+{
+
+ assert(in && out && key);
+ assert((CAMELLIA_ENCRYPT == enc) || (CAMELLIA_DECRYPT == enc));
+
+ if (CAMELLIA_ENCRYPT == enc)
+ Camellia_encrypt(in, out, key);
+ else
+ Camellia_decrypt(in, out, key);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,165 +0,0 @@
-/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
- * ALL RIGHTS RESERVED.
- *
- * Intellectual Property information for Camellia:
- * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
- *
- * News Release for Announcement of Camellia open source:
- * http://www.ntt.co.jp/news/news06e/0604/060413a.html
- *
- * The Camellia Code included herein is developed by
- * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
- * to the OpenSSL project.
- *
- * The Camellia Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#ifndef HEADER_CAMELLIA_LOCL_H
-#define HEADER_CAMELLIA_LOCL_H
-
-#include "openssl/e_os2.h"
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-typedef unsigned char u8;
-typedef unsigned int u32;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
-# define SWAP(x) ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00 )
-# define GETU32(p) SWAP(*((u32 *)(p)))
-# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
-# define CAMELLIA_SWAP4(x) (x = ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) )
-
-#else /* not windows */
-# define GETU32(pt) (((u32)(pt)[0] << 24) \
- ^ ((u32)(pt)[1] << 16) \
- ^ ((u32)(pt)[2] << 8) \
- ^ ((u32)(pt)[3]))
-
-# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); \
- (ct)[1] = (u8)((st) >> 16); \
- (ct)[2] = (u8)((st) >> 8); \
- (ct)[3] = (u8)(st); }
-
-#if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64)))
-#define CAMELLIA_SWAP4(x) \
- do{\
- asm("bswap %1" : "+r" (x));\
- }while(0)
-#else
-#define CAMELLIA_SWAP4(x) \
- do{\
- x = ((u32)x << 16) + ((u32)x >> 16);\
- x = (((u32)x & 0xff00ff) << 8) + (((u32)x >> 8) & 0xff00ff);\
- } while(0)
-#endif
-#endif
-
-#define COPY4WORD(dst, src) \
- do \
- { \
- (dst)[0]=(src)[0]; \
- (dst)[1]=(src)[1]; \
- (dst)[2]=(src)[2]; \
- (dst)[3]=(src)[3]; \
- }while(0)
-
-#define SWAP4WORD(word) \
- do \
- { \
- CAMELLIA_SWAP4((word)[0]); \
- CAMELLIA_SWAP4((word)[1]); \
- CAMELLIA_SWAP4((word)[2]); \
- CAMELLIA_SWAP4((word)[3]); \
- }while(0)
-
-#define XOR4WORD(a, b)/* a = a ^ b */ \
- do \
- { \
- (a)[0]^=(b)[0]; \
- (a)[1]^=(b)[1]; \
- (a)[2]^=(b)[2]; \
- (a)[3]^=(b)[3]; \
- }while(0)
-
-#define XOR4WORD2(a, b, c)/* a = b ^ c */ \
- do \
- { \
- (a)[0]=(b)[0]^(c)[0]; \
- (a)[1]=(b)[1]^(c)[1]; \
- (a)[2]=(b)[2]^(c)[2]; \
- (a)[3]=(b)[3]^(c)[3]; \
- }while(0)
-
-
-void camellia_setup128(const u8 *key, u32 *subkey);
-void camellia_setup192(const u8 *key, u32 *subkey);
-void camellia_setup256(const u8 *key, u32 *subkey);
-
-void camellia_encrypt128(const u32 *subkey, u32 *io);
-void camellia_decrypt128(const u32 *subkey, u32 *io);
-void camellia_encrypt256(const u32 *subkey, u32 *io);
-void camellia_decrypt256(const u32 *subkey, u32 *io);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/camellia/cmll_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,163 @@
+/* crypto/camellia/camellia_locl.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ * http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ *
+ * The Camellia Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_CAMELLIA_LOCL_H
+# define HEADER_CAMELLIA_LOCL_H
+
+# include "openssl/e_os2.h"
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+
+typedef unsigned char u8;
+typedef unsigned int u32;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+# define SWAP(x) ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00 )
+# define GETU32(p) SWAP(*((u32 *)(p)))
+# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+# define CAMELLIA_SWAP4(x) (x = ( _lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) )
+
+# else /* not windows */
+# define GETU32(pt) (((u32)(pt)[0] << 24) \
+ ^ ((u32)(pt)[1] << 16) \
+ ^ ((u32)(pt)[2] << 8) \
+ ^ ((u32)(pt)[3]))
+
+# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); \
+ (ct)[1] = (u8)((st) >> 16); \
+ (ct)[2] = (u8)((st) >> 8); \
+ (ct)[3] = (u8)(st); }
+
+# if (defined (__GNUC__) && (defined(__x86_64__) || defined(__x86_64)))
+# define CAMELLIA_SWAP4(x) \
+ do{\
+ asm("bswap %1" : "+r" (x));\
+ }while(0)
+# else
+# define CAMELLIA_SWAP4(x) \
+ do{\
+ x = ((u32)x << 16) + ((u32)x >> 16);\
+ x = (((u32)x & 0xff00ff) << 8) + (((u32)x >> 8) & 0xff00ff);\
+ } while(0)
+# endif
+# endif
+
+# define COPY4WORD(dst, src) \
+ do \
+ { \
+ (dst)[0]=(src)[0]; \
+ (dst)[1]=(src)[1]; \
+ (dst)[2]=(src)[2]; \
+ (dst)[3]=(src)[3]; \
+ }while(0)
+
+# define SWAP4WORD(word) \
+ do \
+ { \
+ CAMELLIA_SWAP4((word)[0]); \
+ CAMELLIA_SWAP4((word)[1]); \
+ CAMELLIA_SWAP4((word)[2]); \
+ CAMELLIA_SWAP4((word)[3]); \
+ }while(0)
+
+# define XOR4WORD(a, b)/* a = a ^ b */ \
+ do \
+ { \
+ (a)[0]^=(b)[0]; \
+ (a)[1]^=(b)[1]; \
+ (a)[2]^=(b)[2]; \
+ (a)[3]^=(b)[3]; \
+ }while(0)
+
+# define XOR4WORD2(a, b, c)/* a = b ^ c */ \
+ do \
+ { \
+ (a)[0]=(b)[0]^(c)[0]; \
+ (a)[1]=(b)[1]^(c)[1]; \
+ (a)[2]=(b)[2]^(c)[2]; \
+ (a)[3]=(b)[3]^(c)[3]; \
+ }while(0)
+
+void camellia_setup128(const u8 *key, u32 *subkey);
+void camellia_setup192(const u8 *key, u32 *subkey);
+void camellia_setup256(const u8 *key, u32 *subkey);
+
+void camellia_encrypt128(const u32 *subkey, u32 *io);
+void camellia_decrypt128(const u32 *subkey, u32 *io);
+void camellia_encrypt256(const u32 *subkey, u32 *io);
+void camellia_decrypt256(const u32 *subkey, u32 *io);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_misc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_misc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_misc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,129 +0,0 @@
-/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslv.h>
-#include <openssl/camellia.h>
-#include "cmll_locl.h"
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT;
-
-int Camellia_set_key(const unsigned char *userKey, const int bits,
- CAMELLIA_KEY *key)
-#ifdef OPENSSL_FIPS
- {
- if (FIPS_mode())
- FIPS_BAD_ABORT(CAMELLIA)
- return private_Camellia_set_key(userKey, bits, key);
- }
-int private_Camellia_set_key(const unsigned char *userKey, const int bits,
- CAMELLIA_KEY *key)
-#endif
- {
- if (!userKey || !key)
- {
- return -1;
- }
-
- switch(bits)
- {
- case 128:
- camellia_setup128(userKey, (unsigned int *)key->rd_key);
- key->enc = camellia_encrypt128;
- key->dec = camellia_decrypt128;
- break;
- case 192:
- camellia_setup192(userKey, (unsigned int *)key->rd_key);
- key->enc = camellia_encrypt256;
- key->dec = camellia_decrypt256;
- break;
- case 256:
- camellia_setup256(userKey, (unsigned int *)key->rd_key);
- key->enc = camellia_encrypt256;
- key->dec = camellia_decrypt256;
- break;
- default:
- return -2;
- }
-
- key->bitLength = bits;
- return 0;
- }
-
-void Camellia_encrypt(const unsigned char *in, unsigned char *out,
- const CAMELLIA_KEY *key)
- {
- u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
- const union { long one; char little; } camellia_endian = {1};
-
- memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
- if (camellia_endian.little) SWAP4WORD(tmp);
- key->enc(key->rd_key, tmp);
- if (camellia_endian.little) SWAP4WORD(tmp);
- memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
- }
-
-void Camellia_decrypt(const unsigned char *in, unsigned char *out,
- const CAMELLIA_KEY *key)
- {
- u32 tmp[CAMELLIA_BLOCK_SIZE/sizeof(u32)];
- const union { long one; char little; } camellia_endian = {1};
-
- memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
- if (camellia_endian.little) SWAP4WORD(tmp);
- key->dec(key->rd_key, tmp);
- if (camellia_endian.little) SWAP4WORD(tmp);
- memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_misc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/camellia/cmll_misc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_misc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_misc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,141 @@
+/* crypto/camellia/camellia_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+const char CAMELLIA_version[] = "CAMELLIA" OPENSSL_VERSION_PTEXT;
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+ CAMELLIA_KEY *key)
+#ifdef OPENSSL_FIPS
+{
+ if (FIPS_mode())
+ FIPS_BAD_ABORT(CAMELLIA)
+ return private_Camellia_set_key(userKey, bits, key);
+}
+
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+ CAMELLIA_KEY *key)
+#endif
+{
+ if (!userKey || !key) {
+ return -1;
+ }
+
+ switch (bits) {
+ case 128:
+ camellia_setup128(userKey, (unsigned int *)key->rd_key);
+ key->enc = camellia_encrypt128;
+ key->dec = camellia_decrypt128;
+ break;
+ case 192:
+ camellia_setup192(userKey, (unsigned int *)key->rd_key);
+ key->enc = camellia_encrypt256;
+ key->dec = camellia_decrypt256;
+ break;
+ case 256:
+ camellia_setup256(userKey, (unsigned int *)key->rd_key);
+ key->enc = camellia_encrypt256;
+ key->dec = camellia_decrypt256;
+ break;
+ default:
+ return -2;
+ }
+
+ key->bitLength = bits;
+ return 0;
+}
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key)
+{
+ u32 tmp[CAMELLIA_BLOCK_SIZE / sizeof(u32)];
+ const union {
+ long one;
+ char little;
+ } camellia_endian = {
+ 1
+ };
+
+ memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp);
+ key->enc(key->rd_key, tmp);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp);
+ memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
+}
+
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+ const CAMELLIA_KEY *key)
+{
+ u32 tmp[CAMELLIA_BLOCK_SIZE / sizeof(u32)];
+ const union {
+ long one;
+ char little;
+ } camellia_endian = {
+ 1
+ };
+
+ memcpy(tmp, in, CAMELLIA_BLOCK_SIZE);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp);
+ key->dec(key->rd_key, tmp);
+ if (camellia_endian.little)
+ SWAP4WORD(tmp);
+ memcpy(out, tmp, CAMELLIA_BLOCK_SIZE);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ofb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/camellia/cmll_ofb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ofb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,141 +0,0 @@
-/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef CAMELLIA_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-#include <assert.h>
-#include <openssl/camellia.h>
-#include "cmll_locl.h"
-
-/* The input and output encrypted as though 128bit ofb mode is being
- * used. The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
- */
-void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
- const unsigned long length, const CAMELLIA_KEY *key,
- unsigned char *ivec, int *num) {
-
- unsigned int n;
- unsigned long l=length;
-
- assert(in && out && key && ivec && num);
-
- n = *num;
-
- while (l--) {
- if (n == 0) {
- Camellia_encrypt(ivec, ivec, key);
- }
- *(out++) = *(in++) ^ ivec[n];
- n = (n+1) % CAMELLIA_BLOCK_SIZE;
- }
-
- *num=n;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ofb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/camellia/cmll_ofb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ofb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/camellia/cmll_ofb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,144 @@
+/* crypto/camellia/camellia_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef CAMELLIA_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <openssl/camellia.h>
+#include "cmll_locl.h"
+
+/*
+ * The input and output encrypted as though 128bit ofb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ const unsigned long length,
+ const CAMELLIA_KEY *key, unsigned char *ivec,
+ int *num)
+{
+
+ unsigned int n;
+ unsigned long l = length;
+
+ assert(in && out && key && ivec && num);
+
+ n = *num;
+
+ while (l--) {
+ if (n == 0) {
+ Camellia_encrypt(ivec, ivec, key);
+ }
+ *(out++) = *(in++) ^ ivec[n];
+ n = (n + 1) % CAMELLIA_BLOCK_SIZE;
+ }
+
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cast/c_cfb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/c_cfb64.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/c_cfb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,121 +0,0 @@
-/* crypto/cast/c_cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/cast.h>
-#include "cast_lcl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, const CAST_KEY *schedule, unsigned char *ivec,
- int *num, int enc)
- {
- register CAST_LONG v0,v1,t;
- register int n= *num;
- register long l=length;
- CAST_LONG ti[2];
- unsigned char *iv,c,cc;
-
- iv=ivec;
- if (enc)
- {
- while (l--)
- {
- if (n == 0)
- {
- n2l(iv,v0); ti[0]=v0;
- n2l(iv,v1); ti[1]=v1;
- CAST_encrypt((CAST_LONG *)ti,schedule);
- iv=ivec;
- t=ti[0]; l2n(t,iv);
- t=ti[1]; l2n(t,iv);
- iv=ivec;
- }
- c= *(in++)^iv[n];
- *(out++)=c;
- iv[n]=c;
- n=(n+1)&0x07;
- }
- }
- else
- {
- while (l--)
- {
- if (n == 0)
- {
- n2l(iv,v0); ti[0]=v0;
- n2l(iv,v1); ti[1]=v1;
- CAST_encrypt((CAST_LONG *)ti,schedule);
- iv=ivec;
- t=ti[0]; l2n(t,iv);
- t=ti[1]; l2n(t,iv);
- iv=ivec;
- }
- cc= *(in++);
- c=iv[n];
- iv[n]=cc;
- *(out++)=c^cc;
- n=(n+1)&0x07;
- }
- }
- v0=v1=ti[0]=ti[1]=t=c=cc=0;
- *num=n;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cast/c_cfb64.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cast/c_cfb64.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cast/c_cfb64.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/c_cfb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,123 @@
+/* crypto/cast/c_cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const CAST_KEY *schedule,
+ unsigned char *ivec, int *num, int enc)
+{
+ register CAST_LONG v0, v1, t;
+ register int n = *num;
+ register long l = length;
+ CAST_LONG ti[2];
+ unsigned char *iv, c, cc;
+
+ iv = ivec;
+ if (enc) {
+ while (l--) {
+ if (n == 0) {
+ n2l(iv, v0);
+ ti[0] = v0;
+ n2l(iv, v1);
+ ti[1] = v1;
+ CAST_encrypt((CAST_LONG *)ti, schedule);
+ iv = ivec;
+ t = ti[0];
+ l2n(t, iv);
+ t = ti[1];
+ l2n(t, iv);
+ iv = ivec;
+ }
+ c = *(in++) ^ iv[n];
+ *(out++) = c;
+ iv[n] = c;
+ n = (n + 1) & 0x07;
+ }
+ } else {
+ while (l--) {
+ if (n == 0) {
+ n2l(iv, v0);
+ ti[0] = v0;
+ n2l(iv, v1);
+ ti[1] = v1;
+ CAST_encrypt((CAST_LONG *)ti, schedule);
+ iv = ivec;
+ t = ti[0];
+ l2n(t, iv);
+ t = ti[1];
+ l2n(t, iv);
+ iv = ivec;
+ }
+ cc = *(in++);
+ c = iv[n];
+ iv[n] = cc;
+ *(out++) = c ^ cc;
+ n = (n + 1) & 0x07;
+ }
+ }
+ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/c_ecb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,79 +0,0 @@
-/* crypto/cast/c_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/cast.h>
-#include "cast_lcl.h"
-#include <openssl/opensslv.h>
-
-const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT;
-
-void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
- const CAST_KEY *ks, int enc)
- {
- CAST_LONG l,d[2];
-
- n2l(in,l); d[0]=l;
- n2l(in,l); d[1]=l;
- if (enc)
- CAST_encrypt(d,ks);
- else
- CAST_decrypt(d,ks);
- l=d[0]; l2n(l,out);
- l=d[1]; l2n(l,out);
- l=d[0]=d[1]=0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ecb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cast/c_ecb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ecb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,83 @@
+/* crypto/cast/c_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+#include <openssl/opensslv.h>
+
+const char CAST_version[] = "CAST" OPENSSL_VERSION_PTEXT;
+
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const CAST_KEY *ks, int enc)
+{
+ CAST_LONG l, d[2];
+
+ n2l(in, l);
+ d[0] = l;
+ n2l(in, l);
+ d[1] = l;
+ if (enc)
+ CAST_encrypt(d, ks);
+ else
+ CAST_decrypt(d, ks);
+ l = d[0];
+ l2n(l, out);
+ l = d[1];
+ l2n(l, out);
+ l = d[0] = d[1] = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cast/c_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/c_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/c_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,208 +0,0 @@
-/* crypto/cast/c_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/cast.h>
-#include "cast_lcl.h"
-
-void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
- {
- register CAST_LONG l,r,t;
- const register CAST_LONG *k;
-
- k= &(key->data[0]);
- l=data[0];
- r=data[1];
-
- E_CAST( 0,k,l,r,+,^,-);
- E_CAST( 1,k,r,l,^,-,+);
- E_CAST( 2,k,l,r,-,+,^);
- E_CAST( 3,k,r,l,+,^,-);
- E_CAST( 4,k,l,r,^,-,+);
- E_CAST( 5,k,r,l,-,+,^);
- E_CAST( 6,k,l,r,+,^,-);
- E_CAST( 7,k,r,l,^,-,+);
- E_CAST( 8,k,l,r,-,+,^);
- E_CAST( 9,k,r,l,+,^,-);
- E_CAST(10,k,l,r,^,-,+);
- E_CAST(11,k,r,l,-,+,^);
- if(!key->short_key)
- {
- E_CAST(12,k,l,r,+,^,-);
- E_CAST(13,k,r,l,^,-,+);
- E_CAST(14,k,l,r,-,+,^);
- E_CAST(15,k,r,l,+,^,-);
- }
-
- data[1]=l&0xffffffffL;
- data[0]=r&0xffffffffL;
- }
-
-void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
- {
- register CAST_LONG l,r,t;
- const register CAST_LONG *k;
-
- k= &(key->data[0]);
- l=data[0];
- r=data[1];
-
- if(!key->short_key)
- {
- E_CAST(15,k,l,r,+,^,-);
- E_CAST(14,k,r,l,-,+,^);
- E_CAST(13,k,l,r,^,-,+);
- E_CAST(12,k,r,l,+,^,-);
- }
- E_CAST(11,k,l,r,-,+,^);
- E_CAST(10,k,r,l,^,-,+);
- E_CAST( 9,k,l,r,+,^,-);
- E_CAST( 8,k,r,l,-,+,^);
- E_CAST( 7,k,l,r,^,-,+);
- E_CAST( 6,k,r,l,+,^,-);
- E_CAST( 5,k,l,r,-,+,^);
- E_CAST( 4,k,r,l,^,-,+);
- E_CAST( 3,k,l,r,+,^,-);
- E_CAST( 2,k,r,l,-,+,^);
- E_CAST( 1,k,l,r,^,-,+);
- E_CAST( 0,k,r,l,+,^,-);
-
- data[1]=l&0xffffffffL;
- data[0]=r&0xffffffffL;
- }
-
-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- const CAST_KEY *ks, unsigned char *iv, int enc)
- {
- register CAST_LONG tin0,tin1;
- register CAST_LONG tout0,tout1,xor0,xor1;
- register long l=length;
- CAST_LONG tin[2];
-
- if (enc)
- {
- n2l(iv,tout0);
- n2l(iv,tout1);
- iv-=8;
- for (l-=8; l>=0; l-=8)
- {
- n2l(in,tin0);
- n2l(in,tin1);
- tin0^=tout0;
- tin1^=tout1;
- tin[0]=tin0;
- tin[1]=tin1;
- CAST_encrypt(tin,ks);
- tout0=tin[0];
- tout1=tin[1];
- l2n(tout0,out);
- l2n(tout1,out);
- }
- if (l != -8)
- {
- n2ln(in,tin0,tin1,l+8);
- tin0^=tout0;
- tin1^=tout1;
- tin[0]=tin0;
- tin[1]=tin1;
- CAST_encrypt(tin,ks);
- tout0=tin[0];
- tout1=tin[1];
- l2n(tout0,out);
- l2n(tout1,out);
- }
- l2n(tout0,iv);
- l2n(tout1,iv);
- }
- else
- {
- n2l(iv,xor0);
- n2l(iv,xor1);
- iv-=8;
- for (l-=8; l>=0; l-=8)
- {
- n2l(in,tin0);
- n2l(in,tin1);
- tin[0]=tin0;
- tin[1]=tin1;
- CAST_decrypt(tin,ks);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2n(tout0,out);
- l2n(tout1,out);
- xor0=tin0;
- xor1=tin1;
- }
- if (l != -8)
- {
- n2l(in,tin0);
- n2l(in,tin1);
- tin[0]=tin0;
- tin[1]=tin1;
- CAST_decrypt(tin,ks);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2nn(tout0,tout1,out,l+8);
- xor0=tin0;
- xor1=tin1;
- }
- l2n(xor0,iv);
- l2n(xor1,iv);
- }
- tin0=tin1=tout0=tout1=xor0=xor1=0;
- tin[0]=tin[1]=0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cast/c_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cast/c_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cast/c_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/c_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,200 @@
+/* crypto/cast/c_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
+{
+ register CAST_LONG l, r, t;
+ const register CAST_LONG *k;
+
+ k = &(key->data[0]);
+ l = data[0];
+ r = data[1];
+
+ E_CAST(0, k, l, r, +, ^, -);
+ E_CAST(1, k, r, l, ^, -, +);
+ E_CAST(2, k, l, r, -, +, ^);
+ E_CAST(3, k, r, l, +, ^, -);
+ E_CAST(4, k, l, r, ^, -, +);
+ E_CAST(5, k, r, l, -, +, ^);
+ E_CAST(6, k, l, r, +, ^, -);
+ E_CAST(7, k, r, l, ^, -, +);
+ E_CAST(8, k, l, r, -, +, ^);
+ E_CAST(9, k, r, l, +, ^, -);
+ E_CAST(10, k, l, r, ^, -, +);
+ E_CAST(11, k, r, l, -, +, ^);
+ if (!key->short_key) {
+ E_CAST(12, k, l, r, +, ^, -);
+ E_CAST(13, k, r, l, ^, -, +);
+ E_CAST(14, k, l, r, -, +, ^);
+ E_CAST(15, k, r, l, +, ^, -);
+ }
+
+ data[1] = l & 0xffffffffL;
+ data[0] = r & 0xffffffffL;
+}
+
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
+{
+ register CAST_LONG l, r, t;
+ const register CAST_LONG *k;
+
+ k = &(key->data[0]);
+ l = data[0];
+ r = data[1];
+
+ if (!key->short_key) {
+ E_CAST(15, k, l, r, +, ^, -);
+ E_CAST(14, k, r, l, -, +, ^);
+ E_CAST(13, k, l, r, ^, -, +);
+ E_CAST(12, k, r, l, +, ^, -);
+ }
+ E_CAST(11, k, l, r, -, +, ^);
+ E_CAST(10, k, r, l, ^, -, +);
+ E_CAST(9, k, l, r, +, ^, -);
+ E_CAST(8, k, r, l, -, +, ^);
+ E_CAST(7, k, l, r, ^, -, +);
+ E_CAST(6, k, r, l, +, ^, -);
+ E_CAST(5, k, l, r, -, +, ^);
+ E_CAST(4, k, r, l, ^, -, +);
+ E_CAST(3, k, l, r, +, ^, -);
+ E_CAST(2, k, r, l, -, +, ^);
+ E_CAST(1, k, l, r, ^, -, +);
+ E_CAST(0, k, r, l, +, ^, -);
+
+ data[1] = l & 0xffffffffL;
+ data[0] = r & 0xffffffffL;
+}
+
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const CAST_KEY *ks, unsigned char *iv,
+ int enc)
+{
+ register CAST_LONG tin0, tin1;
+ register CAST_LONG tout0, tout1, xor0, xor1;
+ register long l = length;
+ CAST_LONG tin[2];
+
+ if (enc) {
+ n2l(iv, tout0);
+ n2l(iv, tout1);
+ iv -= 8;
+ for (l -= 8; l >= 0; l -= 8) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ CAST_encrypt(tin, ks);
+ tout0 = tin[0];
+ tout1 = tin[1];
+ l2n(tout0, out);
+ l2n(tout1, out);
+ }
+ if (l != -8) {
+ n2ln(in, tin0, tin1, l + 8);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ CAST_encrypt(tin, ks);
+ tout0 = tin[0];
+ tout1 = tin[1];
+ l2n(tout0, out);
+ l2n(tout1, out);
+ }
+ l2n(tout0, iv);
+ l2n(tout1, iv);
+ } else {
+ n2l(iv, xor0);
+ n2l(iv, xor1);
+ iv -= 8;
+ for (l -= 8; l >= 0; l -= 8) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin[0] = tin0;
+ tin[1] = tin1;
+ CAST_decrypt(tin, ks);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2n(tout0, out);
+ l2n(tout1, out);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ if (l != -8) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin[0] = tin0;
+ tin[1] = tin1;
+ CAST_decrypt(tin, ks);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2nn(tout0, tout1, out, l + 8);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ l2n(xor0, iv);
+ l2n(xor1, iv);
+ }
+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+ tin[0] = tin[1] = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ofb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/c_ofb64.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ofb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,110 +0,0 @@
-/* crypto/cast/c_ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/cast.h>
-#include "cast_lcl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, const CAST_KEY *schedule, unsigned char *ivec,
- int *num)
- {
- register CAST_LONG v0,v1,t;
- register int n= *num;
- register long l=length;
- unsigned char d[8];
- register char *dp;
- CAST_LONG ti[2];
- unsigned char *iv;
- int save=0;
-
- iv=ivec;
- n2l(iv,v0);
- n2l(iv,v1);
- ti[0]=v0;
- ti[1]=v1;
- dp=(char *)d;
- l2n(v0,dp);
- l2n(v1,dp);
- while (l--)
- {
- if (n == 0)
- {
- CAST_encrypt((CAST_LONG *)ti,schedule);
- dp=(char *)d;
- t=ti[0]; l2n(t,dp);
- t=ti[1]; l2n(t,dp);
- save++;
- }
- *(out++)= *(in++)^d[n];
- n=(n+1)&0x07;
- }
- if (save)
- {
- v0=ti[0];
- v1=ti[1];
- iv=ivec;
- l2n(v0,iv);
- l2n(v1,iv);
- }
- t=v0=v1=ti[0]=ti[1]=0;
- *num=n;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ofb64.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cast/c_ofb64.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ofb64.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/c_ofb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,110 @@
+/* crypto/cast/c_ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/cast.h>
+#include "cast_lcl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const CAST_KEY *schedule,
+ unsigned char *ivec, int *num)
+{
+ register CAST_LONG v0, v1, t;
+ register int n = *num;
+ register long l = length;
+ unsigned char d[8];
+ register char *dp;
+ CAST_LONG ti[2];
+ unsigned char *iv;
+ int save = 0;
+
+ iv = ivec;
+ n2l(iv, v0);
+ n2l(iv, v1);
+ ti[0] = v0;
+ ti[1] = v1;
+ dp = (char *)d;
+ l2n(v0, dp);
+ l2n(v1, dp);
+ while (l--) {
+ if (n == 0) {
+ CAST_encrypt((CAST_LONG *)ti, schedule);
+ dp = (char *)d;
+ t = ti[0];
+ l2n(t, dp);
+ t = ti[1];
+ l2n(t, dp);
+ save++;
+ }
+ *(out++) = *(in++) ^ d[n];
+ n = (n + 1) & 0x07;
+ }
+ if (save) {
+ v0 = ti[0];
+ v1 = ti[1];
+ iv = ivec;
+ l2n(v0, iv);
+ l2n(v1, iv);
+ }
+ t = v0 = v1 = ti[0] = ti[1] = 0;
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cast/c_skey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/c_skey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/c_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,171 +0,0 @@
-/* crypto/cast/c_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/cast.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include "cast_lcl.h"
-#include "cast_s.h"
-
-#define CAST_exp(l,A,a,n) \
- A[n/4]=l; \
- a[n+3]=(l )&0xff; \
- a[n+2]=(l>> 8)&0xff; \
- a[n+1]=(l>>16)&0xff; \
- a[n+0]=(l>>24)&0xff;
-
-#define S4 CAST_S_table4
-#define S5 CAST_S_table5
-#define S6 CAST_S_table6
-#define S7 CAST_S_table7
-
-FIPS_NON_FIPS_VCIPHER_Init(CAST)
- {
- CAST_LONG x[16];
- CAST_LONG z[16];
- CAST_LONG k[32];
- CAST_LONG X[4],Z[4];
- CAST_LONG l,*K;
- int i;
-
- for (i=0; i<16; i++) x[i]=0;
- if (len > 16) len=16;
- for (i=0; i<len; i++)
- x[i]=data[i];
- if(len <= 10)
- key->short_key=1;
- else
- key->short_key=0;
-
- K= &k[0];
- X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
- X[1]=((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL;
- X[2]=((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL;
- X[3]=((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL;
-
- for (;;)
- {
- l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
- CAST_exp(l,Z,z, 0);
- l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
- CAST_exp(l,Z,z, 4);
- l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
- CAST_exp(l,Z,z, 8);
- l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
- CAST_exp(l,Z,z,12);
-
- K[ 0]= S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]];
- K[ 1]= S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]];
- K[ 2]= S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]];
- K[ 3]= S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]];
-
- l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
- CAST_exp(l,X,x, 0);
- l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
- CAST_exp(l,X,x, 4);
- l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
- CAST_exp(l,X,x, 8);
- l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
- CAST_exp(l,X,x,12);
-
- K[ 4]= S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]];
- K[ 5]= S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]];
- K[ 6]= S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]];
- K[ 7]= S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]];
-
- l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
- CAST_exp(l,Z,z, 0);
- l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
- CAST_exp(l,Z,z, 4);
- l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
- CAST_exp(l,Z,z, 8);
- l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
- CAST_exp(l,Z,z,12);
-
- K[ 8]= S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]];
- K[ 9]= S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]];
- K[10]= S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]];
- K[11]= S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]];
-
- l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
- CAST_exp(l,X,x, 0);
- l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
- CAST_exp(l,X,x, 4);
- l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
- CAST_exp(l,X,x, 8);
- l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
- CAST_exp(l,X,x,12);
-
- K[12]= S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]];
- K[13]= S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]];
- K[14]= S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]];
- K[15]= S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]];
- if (K != k) break;
- K+=16;
- }
-
- for (i=0; i<16; i++)
- {
- key->data[i*2]=k[i];
- key->data[i*2+1]=((k[i+16])+16)&0x1f;
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cast/c_skey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cast/c_skey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cast/c_skey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/c_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,172 @@
+/* crypto/cast/c_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/cast.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#include "cast_lcl.h"
+#include "cast_s.h"
+
+#define CAST_exp(l,A,a,n) \
+ A[n/4]=l; \
+ a[n+3]=(l )&0xff; \
+ a[n+2]=(l>> 8)&0xff; \
+ a[n+1]=(l>>16)&0xff; \
+ a[n+0]=(l>>24)&0xff;
+
+#define S4 CAST_S_table4
+#define S5 CAST_S_table5
+#define S6 CAST_S_table6
+#define S7 CAST_S_table7
+
+FIPS_NON_FIPS_VCIPHER_Init(CAST)
+{
+ CAST_LONG x[16];
+ CAST_LONG z[16];
+ CAST_LONG k[32];
+ CAST_LONG X[4], Z[4];
+ CAST_LONG l, *K;
+ int i;
+
+ for (i = 0; i < 16; i++)
+ x[i] = 0;
+ if (len > 16)
+ len = 16;
+ for (i = 0; i < len; i++)
+ x[i] = data[i];
+ if (len <= 10)
+ key->short_key = 1;
+ else
+ key->short_key = 0;
+
+ K = &k[0];
+ X[0] = ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]) & 0xffffffffL;
+ X[1] = ((x[4] << 24) | (x[5] << 16) | (x[6] << 8) | x[7]) & 0xffffffffL;
+ X[2] = ((x[8] << 24) | (x[9] << 16) | (x[10] << 8) | x[11]) & 0xffffffffL;
+ X[3] =
+ ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL;
+
+ for (;;) {
+ l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]];
+ CAST_exp(l, Z, z, 0);
+ l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]];
+ CAST_exp(l, Z, z, 4);
+ l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]];
+ CAST_exp(l, Z, z, 8);
+ l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]];
+ CAST_exp(l, Z, z, 12);
+
+ K[0] = S4[z[8]] ^ S5[z[9]] ^ S6[z[7]] ^ S7[z[6]] ^ S4[z[2]];
+ K[1] = S4[z[10]] ^ S5[z[11]] ^ S6[z[5]] ^ S7[z[4]] ^ S5[z[6]];
+ K[2] = S4[z[12]] ^ S5[z[13]] ^ S6[z[3]] ^ S7[z[2]] ^ S6[z[9]];
+ K[3] = S4[z[14]] ^ S5[z[15]] ^ S6[z[1]] ^ S7[z[0]] ^ S7[z[12]];
+
+ l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]];
+ CAST_exp(l, X, x, 0);
+ l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]];
+ CAST_exp(l, X, x, 4);
+ l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]];
+ CAST_exp(l, X, x, 8);
+ l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]];
+ CAST_exp(l, X, x, 12);
+
+ K[4] = S4[x[3]] ^ S5[x[2]] ^ S6[x[12]] ^ S7[x[13]] ^ S4[x[8]];
+ K[5] = S4[x[1]] ^ S5[x[0]] ^ S6[x[14]] ^ S7[x[15]] ^ S5[x[13]];
+ K[6] = S4[x[7]] ^ S5[x[6]] ^ S6[x[8]] ^ S7[x[9]] ^ S6[x[3]];
+ K[7] = S4[x[5]] ^ S5[x[4]] ^ S6[x[10]] ^ S7[x[11]] ^ S7[x[7]];
+
+ l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]];
+ CAST_exp(l, Z, z, 0);
+ l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]];
+ CAST_exp(l, Z, z, 4);
+ l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]];
+ CAST_exp(l, Z, z, 8);
+ l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]];
+ CAST_exp(l, Z, z, 12);
+
+ K[8] = S4[z[3]] ^ S5[z[2]] ^ S6[z[12]] ^ S7[z[13]] ^ S4[z[9]];
+ K[9] = S4[z[1]] ^ S5[z[0]] ^ S6[z[14]] ^ S7[z[15]] ^ S5[z[12]];
+ K[10] = S4[z[7]] ^ S5[z[6]] ^ S6[z[8]] ^ S7[z[9]] ^ S6[z[2]];
+ K[11] = S4[z[5]] ^ S5[z[4]] ^ S6[z[10]] ^ S7[z[11]] ^ S7[z[6]];
+
+ l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]];
+ CAST_exp(l, X, x, 0);
+ l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]];
+ CAST_exp(l, X, x, 4);
+ l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]];
+ CAST_exp(l, X, x, 8);
+ l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]];
+ CAST_exp(l, X, x, 12);
+
+ K[12] = S4[x[8]] ^ S5[x[9]] ^ S6[x[7]] ^ S7[x[6]] ^ S4[x[3]];
+ K[13] = S4[x[10]] ^ S5[x[11]] ^ S6[x[5]] ^ S7[x[4]] ^ S5[x[7]];
+ K[14] = S4[x[12]] ^ S5[x[13]] ^ S6[x[3]] ^ S7[x[2]] ^ S6[x[8]];
+ K[15] = S4[x[14]] ^ S5[x[15]] ^ S6[x[1]] ^ S7[x[0]] ^ S7[x[13]];
+ if (K != k)
+ break;
+ K += 16;
+ }
+
+ for (i = 0; i < 16; i++) {
+ key->data[i * 2] = k[i];
+ key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f;
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cast/cast.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/cast.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/cast.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,107 +0,0 @@
-/* crypto/cast/cast.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CAST_H
-#define HEADER_CAST_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_CAST
-#error CAST is disabled.
-#endif
-
-#define CAST_ENCRYPT 1
-#define CAST_DECRYPT 0
-
-#define CAST_LONG unsigned long
-
-#define CAST_BLOCK 8
-#define CAST_KEY_LENGTH 16
-
-typedef struct cast_key_st
- {
- CAST_LONG data[32];
- int short_key; /* Use reduced rounds for short key */
- } CAST_KEY;
-
-#ifdef OPENSSL_FIPS
-void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-#endif
-void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
-void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
- int enc);
-void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
-void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- const CAST_KEY *ks, unsigned char *iv, int enc);
-void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, const CAST_KEY *schedule, unsigned char *ivec,
- int *num, int enc);
-void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, const CAST_KEY *schedule, unsigned char *ivec,
- int *num);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cast/cast.h (from rev 6976, vendor-crypto/openssl/dist/crypto/cast/cast.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cast/cast.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/cast.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,107 @@
+/* crypto/cast/cast.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CAST_H
+# define HEADER_CAST_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_CAST
+# error CAST is disabled.
+# endif
+
+# define CAST_ENCRYPT 1
+# define CAST_DECRYPT 0
+
+# define CAST_LONG unsigned long
+
+# define CAST_BLOCK 8
+# define CAST_KEY_LENGTH 16
+
+typedef struct cast_key_st {
+ CAST_LONG data[32];
+ int short_key; /* Use reduced rounds for short key */
+} CAST_KEY;
+
+# ifdef OPENSSL_FIPS
+void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+# endif
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const CAST_KEY *key, int enc);
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const CAST_KEY *ks, unsigned char *iv,
+ int enc);
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const CAST_KEY *schedule,
+ unsigned char *ivec, int *num, int enc);
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, const CAST_KEY *schedule,
+ unsigned char *ivec, int *num);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_lcl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/cast_lcl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,227 +0,0 @@
-/* crypto/cast/cast_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-
-#include "e_os.h"
-
-#ifdef OPENSSL_SYS_WIN32
-#include <stdlib.h>
-#endif
-
-
-#undef c2l
-#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
- l|=((unsigned long)(*((c)++)))<< 8L, \
- l|=((unsigned long)(*((c)++)))<<16L, \
- l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#undef c2ln
-#define c2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
- case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
- case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
- case 5: l2|=((unsigned long)(*(--(c)))); \
- case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
- case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
- case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
- case 1: l1|=((unsigned long)(*(--(c)))); \
- } \
- }
-
-#undef l2c
-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
- } \
- }
-
-/* NOTE - c is not incremented as per n2l */
-#define n2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c)))) ; \
- case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
- case 6: l2|=((unsigned long)(*(--(c))))<<16; \
- case 5: l2|=((unsigned long)(*(--(c))))<<24; \
- case 4: l1 =((unsigned long)(*(--(c)))) ; \
- case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
- case 2: l1|=((unsigned long)(*(--(c))))<<16; \
- case 1: l1|=((unsigned long)(*(--(c))))<<24; \
- } \
- }
-
-/* NOTE - c is not incremented as per l2n */
-#define l2nn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
- } \
- }
-
-#undef n2l
-#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
- l|=((unsigned long)(*((c)++)))<<16L, \
- l|=((unsigned long)(*((c)++)))<< 8L, \
- l|=((unsigned long)(*((c)++))))
-
-#undef l2n
-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
-#define ROTL(a,n) (_lrotl(a,n))
-#else
-#define ROTL(a,n) ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))
-#endif
-
-#define C_M 0x3fc
-#define C_0 22L
-#define C_1 14L
-#define C_2 6L
-#define C_3 2L /* left shift */
-
-/* The rotate has an extra 16 added to it to help the x86 asm */
-#if defined(CAST_PTR)
-#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
- { \
- int i; \
- t=(key[n*2] OP1 R)&0xffffffffL; \
- i=key[n*2+1]; \
- t=ROTL(t,i); \
- L^= (((((*(CAST_LONG *)((unsigned char *) \
- CAST_S_table0+((t>>C_2)&C_M)) OP2 \
- *(CAST_LONG *)((unsigned char *) \
- CAST_S_table1+((t<<C_3)&C_M)))&0xffffffffL) OP3 \
- *(CAST_LONG *)((unsigned char *) \
- CAST_S_table2+((t>>C_0)&C_M)))&0xffffffffL) OP1 \
- *(CAST_LONG *)((unsigned char *) \
- CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \
- }
-#elif defined(CAST_PTR2)
-#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
- { \
- int i; \
- CAST_LONG u,v,w; \
- w=(key[n*2] OP1 R)&0xffffffffL; \
- i=key[n*2+1]; \
- w=ROTL(w,i); \
- u=w>>C_2; \
- v=w<<C_3; \
- u&=C_M; \
- v&=C_M; \
- t= *(CAST_LONG *)((unsigned char *)CAST_S_table0+u); \
- u=w>>C_0; \
- t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\
- v=w>>C_1; \
- u&=C_M; \
- v&=C_M; \
- t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\
- t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\
- L^=(t&0xffffffff); \
- }
-#else
-#define E_CAST(n,key,L,R,OP1,OP2,OP3) \
- { \
- CAST_LONG a,b,c,d; \
- t=(key[n*2] OP1 R)&0xffffffff; \
- t=ROTL(t,(key[n*2+1])); \
- a=CAST_S_table0[(t>> 8)&0xff]; \
- b=CAST_S_table1[(t )&0xff]; \
- c=CAST_S_table2[(t>>24)&0xff]; \
- d=CAST_S_table3[(t>>16)&0xff]; \
- L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \
- }
-#endif
-
-extern const CAST_LONG CAST_S_table0[256];
-extern const CAST_LONG CAST_S_table1[256];
-extern const CAST_LONG CAST_S_table2[256];
-extern const CAST_LONG CAST_S_table3[256];
-extern const CAST_LONG CAST_S_table4[256];
-extern const CAST_LONG CAST_S_table5[256];
-extern const CAST_LONG CAST_S_table6[256];
-extern const CAST_LONG CAST_S_table7[256];
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_lcl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/cast/cast_lcl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_lcl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,225 @@
+/* crypto/cast/cast_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "e_os.h"
+
+#ifdef OPENSSL_SYS_WIN32
+# include <stdlib.h>
+#endif
+
+#undef c2l
+#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+ case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+ case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+ case 5: l2|=((unsigned long)(*(--(c)))); \
+ case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+ case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+ case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+ case 1: l1|=((unsigned long)(*(--(c)))); \
+ } \
+ }
+
+#undef l2c
+#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ } \
+ }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c)))) ; \
+ case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+ case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+ case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+ case 4: l1 =((unsigned long)(*(--(c)))) ; \
+ case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+ case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+ case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+ } \
+ }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+ } \
+ }
+
+#undef n2l
+#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+# define ROTL(a,n) (_lrotl(a,n))
+#else
+# define ROTL(a,n) ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))
+#endif
+
+#define C_M 0x3fc
+#define C_0 22L
+#define C_1 14L
+#define C_2 6L
+#define C_3 2L /* left shift */
+
+/* The rotate has an extra 16 added to it to help the x86 asm */
+#if defined(CAST_PTR)
+# define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+ { \
+ int i; \
+ t=(key[n*2] OP1 R)&0xffffffffL; \
+ i=key[n*2+1]; \
+ t=ROTL(t,i); \
+ L^= (((((*(CAST_LONG *)((unsigned char *) \
+ CAST_S_table0+((t>>C_2)&C_M)) OP2 \
+ *(CAST_LONG *)((unsigned char *) \
+ CAST_S_table1+((t<<C_3)&C_M)))&0xffffffffL) OP3 \
+ *(CAST_LONG *)((unsigned char *) \
+ CAST_S_table2+((t>>C_0)&C_M)))&0xffffffffL) OP1 \
+ *(CAST_LONG *)((unsigned char *) \
+ CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \
+ }
+#elif defined(CAST_PTR2)
+# define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+ { \
+ int i; \
+ CAST_LONG u,v,w; \
+ w=(key[n*2] OP1 R)&0xffffffffL; \
+ i=key[n*2+1]; \
+ w=ROTL(w,i); \
+ u=w>>C_2; \
+ v=w<<C_3; \
+ u&=C_M; \
+ v&=C_M; \
+ t= *(CAST_LONG *)((unsigned char *)CAST_S_table0+u); \
+ u=w>>C_0; \
+ t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\
+ v=w>>C_1; \
+ u&=C_M; \
+ v&=C_M; \
+ t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\
+ t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\
+ L^=(t&0xffffffff); \
+ }
+#else
+# define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+ { \
+ CAST_LONG a,b,c,d; \
+ t=(key[n*2] OP1 R)&0xffffffff; \
+ t=ROTL(t,(key[n*2+1])); \
+ a=CAST_S_table0[(t>> 8)&0xff]; \
+ b=CAST_S_table1[(t )&0xff]; \
+ c=CAST_S_table2[(t>>24)&0xff]; \
+ d=CAST_S_table3[(t>>16)&0xff]; \
+ L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \
+ }
+#endif
+
+extern const CAST_LONG CAST_S_table0[256];
+extern const CAST_LONG CAST_S_table1[256];
+extern const CAST_LONG CAST_S_table2[256];
+extern const CAST_LONG CAST_S_table3[256];
+extern const CAST_LONG CAST_S_table4[256];
+extern const CAST_LONG CAST_S_table5[256];
+extern const CAST_LONG CAST_S_table6[256];
+extern const CAST_LONG CAST_S_table7[256];
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_s.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/cast_s.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_s.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,585 +0,0 @@
-/* crypto/cast/cast_s.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256]={
- 0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a,
- 0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949,
- 0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675,
- 0x6e63a0e0,0x15c361d2,0xc2e7661d,0x22d4ff8e,
- 0x28683b6f,0xc07fd059,0xff2379c8,0x775f50e2,
- 0x43c340d3,0xdf2f8656,0x887ca41a,0xa2d2bd2d,
- 0xa1c9e0d6,0x346c4819,0x61b76d87,0x22540f2f,
- 0x2abe32e1,0xaa54166b,0x22568e3a,0xa2d341d0,
- 0x66db40c8,0xa784392f,0x004dff2f,0x2db9d2de,
- 0x97943fac,0x4a97c1d8,0x527644b7,0xb5f437a7,
- 0xb82cbaef,0xd751d159,0x6ff7f0ed,0x5a097a1f,
- 0x827b68d0,0x90ecf52e,0x22b0c054,0xbc8e5935,
- 0x4b6d2f7f,0x50bb64a2,0xd2664910,0xbee5812d,
- 0xb7332290,0xe93b159f,0xb48ee411,0x4bff345d,
- 0xfd45c240,0xad31973f,0xc4f6d02e,0x55fc8165,
- 0xd5b1caad,0xa1ac2dae,0xa2d4b76d,0xc19b0c50,
- 0x882240f2,0x0c6e4f38,0xa4e4bfd7,0x4f5ba272,
- 0x564c1d2f,0xc59c5319,0xb949e354,0xb04669fe,
- 0xb1b6ab8a,0xc71358dd,0x6385c545,0x110f935d,
- 0x57538ad5,0x6a390493,0xe63d37e0,0x2a54f6b3,
- 0x3a787d5f,0x6276a0b5,0x19a6fcdf,0x7a42206a,
- 0x29f9d4d5,0xf61b1891,0xbb72275e,0xaa508167,
- 0x38901091,0xc6b505eb,0x84c7cb8c,0x2ad75a0f,
- 0x874a1427,0xa2d1936b,0x2ad286af,0xaa56d291,
- 0xd7894360,0x425c750d,0x93b39e26,0x187184c9,
- 0x6c00b32d,0x73e2bb14,0xa0bebc3c,0x54623779,
- 0x64459eab,0x3f328b82,0x7718cf82,0x59a2cea6,
- 0x04ee002e,0x89fe78e6,0x3fab0950,0x325ff6c2,
- 0x81383f05,0x6963c5c8,0x76cb5ad6,0xd49974c9,
- 0xca180dcf,0x380782d5,0xc7fa5cf6,0x8ac31511,
- 0x35e79e13,0x47da91d0,0xf40f9086,0xa7e2419e,
- 0x31366241,0x051ef495,0xaa573b04,0x4a805d8d,
- 0x548300d0,0x00322a3c,0xbf64cddf,0xba57a68e,
- 0x75c6372b,0x50afd341,0xa7c13275,0x915a0bf5,
- 0x6b54bfab,0x2b0b1426,0xab4cc9d7,0x449ccd82,
- 0xf7fbf265,0xab85c5f3,0x1b55db94,0xaad4e324,
- 0xcfa4bd3f,0x2deaa3e2,0x9e204d02,0xc8bd25ac,
- 0xeadf55b3,0xd5bd9e98,0xe31231b2,0x2ad5ad6c,
- 0x954329de,0xadbe4528,0xd8710f69,0xaa51c90f,
- 0xaa786bf6,0x22513f1e,0xaa51a79b,0x2ad344cc,
- 0x7b5a41f0,0xd37cfbad,0x1b069505,0x41ece491,
- 0xb4c332e6,0x032268d4,0xc9600acc,0xce387e6d,
- 0xbf6bb16c,0x6a70fb78,0x0d03d9c9,0xd4df39de,
- 0xe01063da,0x4736f464,0x5ad328d8,0xb347cc96,
- 0x75bb0fc3,0x98511bfb,0x4ffbcc35,0xb58bcf6a,
- 0xe11f0abc,0xbfc5fe4a,0xa70aec10,0xac39570a,
- 0x3f04442f,0x6188b153,0xe0397a2e,0x5727cb79,
- 0x9ceb418f,0x1cacd68d,0x2ad37c96,0x0175cb9d,
- 0xc69dff09,0xc75b65f0,0xd9db40d8,0xec0e7779,
- 0x4744ead4,0xb11c3274,0xdd24cb9e,0x7e1c54bd,
- 0xf01144f9,0xd2240eb1,0x9675b3fd,0xa3ac3755,
- 0xd47c27af,0x51c85f4d,0x56907596,0xa5bb15e6,
- 0x580304f0,0xca042cf1,0x011a37ea,0x8dbfaadb,
- 0x35ba3e4a,0x3526ffa0,0xc37b4d09,0xbc306ed9,
- 0x98a52666,0x5648f725,0xff5e569d,0x0ced63d0,
- 0x7c63b2cf,0x700b45e1,0xd5ea50f1,0x85a92872,
- 0xaf1fbda7,0xd4234870,0xa7870bf3,0x2d3b4d79,
- 0x42e04198,0x0cd0ede7,0x26470db8,0xf881814c,
- 0x474d6ad7,0x7c0c5e5c,0xd1231959,0x381b7298,
- 0xf5d2f4db,0xab838653,0x6e2f1e23,0x83719c9e,
- 0xbd91e046,0x9a56456e,0xdc39200c,0x20c8c571,
- 0x962bda1c,0xe1e696ff,0xb141ab08,0x7cca89b9,
- 0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d,
- 0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf,
- };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256]={
- 0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380,
- 0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651,
- 0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba,
- 0x99c430ef,0x5f0c0794,0x18dcdb7d,0xa1d6eff3,
- 0xa0b52f7b,0x59e83605,0xee15b094,0xe9ffd909,
- 0xdc440086,0xef944459,0xba83ccb3,0xe0c3cdfb,
- 0xd1da4181,0x3b092ab1,0xf997f1c1,0xa5e6cf7b,
- 0x01420ddb,0xe4e7ef5b,0x25a1ff41,0xe180f806,
- 0x1fc41080,0x179bee7a,0xd37ac6a9,0xfe5830a4,
- 0x98de8b7f,0x77e83f4e,0x79929269,0x24fa9f7b,
- 0xe113c85b,0xacc40083,0xd7503525,0xf7ea615f,
- 0x62143154,0x0d554b63,0x5d681121,0xc866c359,
- 0x3d63cf73,0xcee234c0,0xd4d87e87,0x5c672b21,
- 0x071f6181,0x39f7627f,0x361e3084,0xe4eb573b,
- 0x602f64a4,0xd63acd9c,0x1bbc4635,0x9e81032d,
- 0x2701f50c,0x99847ab4,0xa0e3df79,0xba6cf38c,
- 0x10843094,0x2537a95e,0xf46f6ffe,0xa1ff3b1f,
- 0x208cfb6a,0x8f458c74,0xd9e0a227,0x4ec73a34,
- 0xfc884f69,0x3e4de8df,0xef0e0088,0x3559648d,
- 0x8a45388c,0x1d804366,0x721d9bfd,0xa58684bb,
- 0xe8256333,0x844e8212,0x128d8098,0xfed33fb4,
- 0xce280ae1,0x27e19ba5,0xd5a6c252,0xe49754bd,
- 0xc5d655dd,0xeb667064,0x77840b4d,0xa1b6a801,
- 0x84db26a9,0xe0b56714,0x21f043b7,0xe5d05860,
- 0x54f03084,0x066ff472,0xa31aa153,0xdadc4755,
- 0xb5625dbf,0x68561be6,0x83ca6b94,0x2d6ed23b,
- 0xeccf01db,0xa6d3d0ba,0xb6803d5c,0xaf77a709,
- 0x33b4a34c,0x397bc8d6,0x5ee22b95,0x5f0e5304,
- 0x81ed6f61,0x20e74364,0xb45e1378,0xde18639b,
- 0x881ca122,0xb96726d1,0x8049a7e8,0x22b7da7b,
- 0x5e552d25,0x5272d237,0x79d2951c,0xc60d894c,
- 0x488cb402,0x1ba4fe5b,0xa4b09f6b,0x1ca815cf,
- 0xa20c3005,0x8871df63,0xb9de2fcb,0x0cc6c9e9,
- 0x0beeff53,0xe3214517,0xb4542835,0x9f63293c,
- 0xee41e729,0x6e1d2d7c,0x50045286,0x1e6685f3,
- 0xf33401c6,0x30a22c95,0x31a70850,0x60930f13,
- 0x73f98417,0xa1269859,0xec645c44,0x52c877a9,
- 0xcdff33a6,0xa02b1741,0x7cbad9a2,0x2180036f,
- 0x50d99c08,0xcb3f4861,0xc26bd765,0x64a3f6ab,
- 0x80342676,0x25a75e7b,0xe4e6d1fc,0x20c710e6,
- 0xcdf0b680,0x17844d3b,0x31eef84d,0x7e0824e4,
- 0x2ccb49eb,0x846a3bae,0x8ff77888,0xee5d60f6,
- 0x7af75673,0x2fdd5cdb,0xa11631c1,0x30f66f43,
- 0xb3faec54,0x157fd7fa,0xef8579cc,0xd152de58,
- 0xdb2ffd5e,0x8f32ce19,0x306af97a,0x02f03ef8,
- 0x99319ad5,0xc242fa0f,0xa7e3ebb0,0xc68e4906,
- 0xb8da230c,0x80823028,0xdcdef3c8,0xd35fb171,
- 0x088a1bc8,0xbec0c560,0x61a3c9e8,0xbca8f54d,
- 0xc72feffa,0x22822e99,0x82c570b4,0xd8d94e89,
- 0x8b1c34bc,0x301e16e6,0x273be979,0xb0ffeaa6,
- 0x61d9b8c6,0x00b24869,0xb7ffce3f,0x08dc283b,
- 0x43daf65a,0xf7e19798,0x7619b72f,0x8f1c9ba4,
- 0xdc8637a0,0x16a7d3b1,0x9fc393b7,0xa7136eeb,
- 0xc6bcc63e,0x1a513742,0xef6828bc,0x520365d6,
- 0x2d6a77ab,0x3527ed4b,0x821fd216,0x095c6e2e,
- 0xdb92f2fb,0x5eea29cb,0x145892f5,0x91584f7f,
- 0x5483697b,0x2667a8cc,0x85196048,0x8c4bacea,
- 0x833860d4,0x0d23e0f9,0x6c387e8a,0x0ae6d249,
- 0xb284600c,0xd835731d,0xdcb1c647,0xac4c56ea,
- 0x3ebd81b3,0x230eabb0,0x6438bc87,0xf0b5b1fa,
- 0x8f5ea2b3,0xfc184642,0x0a036b7a,0x4fb089bd,
- 0x649da589,0xa345415e,0x5c038323,0x3e5d3bb9,
- 0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef,
- 0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1,
- };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256]={
- 0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907,
- 0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90,
- 0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae,
- 0x920e8806,0xf0ad0548,0xe13c8d83,0x927010d5,
- 0x11107d9f,0x07647db9,0xb2e3e4d4,0x3d4f285e,
- 0xb9afa820,0xfade82e0,0xa067268b,0x8272792e,
- 0x553fb2c0,0x489ae22b,0xd4ef9794,0x125e3fbc,
- 0x21fffcee,0x825b1bfd,0x9255c5ed,0x1257a240,
- 0x4e1a8302,0xbae07fff,0x528246e7,0x8e57140e,
- 0x3373f7bf,0x8c9f8188,0xa6fc4ee8,0xc982b5a5,
- 0xa8c01db7,0x579fc264,0x67094f31,0xf2bd3f5f,
- 0x40fff7c1,0x1fb78dfc,0x8e6bd2c1,0x437be59b,
- 0x99b03dbf,0xb5dbc64b,0x638dc0e6,0x55819d99,
- 0xa197c81c,0x4a012d6e,0xc5884a28,0xccc36f71,
- 0xb843c213,0x6c0743f1,0x8309893c,0x0feddd5f,
- 0x2f7fe850,0xd7c07f7e,0x02507fbf,0x5afb9a04,
- 0xa747d2d0,0x1651192e,0xaf70bf3e,0x58c31380,
- 0x5f98302e,0x727cc3c4,0x0a0fb402,0x0f7fef82,
- 0x8c96fdad,0x5d2c2aae,0x8ee99a49,0x50da88b8,
- 0x8427f4a0,0x1eac5790,0x796fb449,0x8252dc15,
- 0xefbd7d9b,0xa672597d,0xada840d8,0x45f54504,
- 0xfa5d7403,0xe83ec305,0x4f91751a,0x925669c2,
- 0x23efe941,0xa903f12e,0x60270df2,0x0276e4b6,
- 0x94fd6574,0x927985b2,0x8276dbcb,0x02778176,
- 0xf8af918d,0x4e48f79e,0x8f616ddf,0xe29d840e,
- 0x842f7d83,0x340ce5c8,0x96bbb682,0x93b4b148,
- 0xef303cab,0x984faf28,0x779faf9b,0x92dc560d,
- 0x224d1e20,0x8437aa88,0x7d29dc96,0x2756d3dc,
- 0x8b907cee,0xb51fd240,0xe7c07ce3,0xe566b4a1,
- 0xc3e9615e,0x3cf8209d,0x6094d1e3,0xcd9ca341,
- 0x5c76460e,0x00ea983b,0xd4d67881,0xfd47572c,
- 0xf76cedd9,0xbda8229c,0x127dadaa,0x438a074e,
- 0x1f97c090,0x081bdb8a,0x93a07ebe,0xb938ca15,
- 0x97b03cff,0x3dc2c0f8,0x8d1ab2ec,0x64380e51,
- 0x68cc7bfb,0xd90f2788,0x12490181,0x5de5ffd4,
- 0xdd7ef86a,0x76a2e214,0xb9a40368,0x925d958f,
- 0x4b39fffa,0xba39aee9,0xa4ffd30b,0xfaf7933b,
- 0x6d498623,0x193cbcfa,0x27627545,0x825cf47a,
- 0x61bd8ba0,0xd11e42d1,0xcead04f4,0x127ea392,
- 0x10428db7,0x8272a972,0x9270c4a8,0x127de50b,
- 0x285ba1c8,0x3c62f44f,0x35c0eaa5,0xe805d231,
- 0x428929fb,0xb4fcdf82,0x4fb66a53,0x0e7dc15b,
- 0x1f081fab,0x108618ae,0xfcfd086d,0xf9ff2889,
- 0x694bcc11,0x236a5cae,0x12deca4d,0x2c3f8cc5,
- 0xd2d02dfe,0xf8ef5896,0xe4cf52da,0x95155b67,
- 0x494a488c,0xb9b6a80c,0x5c8f82bc,0x89d36b45,
- 0x3a609437,0xec00c9a9,0x44715253,0x0a874b49,
- 0xd773bc40,0x7c34671c,0x02717ef6,0x4feb5536,
- 0xa2d02fff,0xd2bf60c4,0xd43f03c0,0x50b4ef6d,
- 0x07478cd1,0x006e1888,0xa2e53f55,0xb9e6d4bc,
- 0xa2048016,0x97573833,0xd7207d67,0xde0f8f3d,
- 0x72f87b33,0xabcc4f33,0x7688c55d,0x7b00a6b0,
- 0x947b0001,0x570075d2,0xf9bb88f8,0x8942019e,
- 0x4264a5ff,0x856302e0,0x72dbd92b,0xee971b69,
- 0x6ea22fde,0x5f08ae2b,0xaf7a616d,0xe5c98767,
- 0xcf1febd2,0x61efc8c2,0xf1ac2571,0xcc8239c2,
- 0x67214cb8,0xb1e583d1,0xb7dc3e62,0x7f10bdce,
- 0xf90a5c38,0x0ff0443d,0x606e6dc6,0x60543a49,
- 0x5727c148,0x2be98a1d,0x8ab41738,0x20e1be24,
- 0xaf96da0f,0x68458425,0x99833be5,0x600d457d,
- 0x282f9350,0x8334b362,0xd91d1120,0x2b6d8da0,
- 0x642b1e31,0x9c305a00,0x52bce688,0x1b03588a,
- 0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5,
- 0xdfef4636,0xa133c501,0xe9d3531c,0xee353783,
- };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256]={
- 0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298,
- 0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1,
- 0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120,
- 0xfd059d43,0x6497b7b1,0xf3641f63,0x241e4adf,
- 0x28147f5f,0x4fa2b8cd,0xc9430040,0x0cc32220,
- 0xfdd30b30,0xc0a5374f,0x1d2d00d9,0x24147b15,
- 0xee4d111a,0x0fca5167,0x71ff904c,0x2d195ffe,
- 0x1a05645f,0x0c13fefe,0x081b08ca,0x05170121,
- 0x80530100,0xe83e5efe,0xac9af4f8,0x7fe72701,
- 0xd2b8ee5f,0x06df4261,0xbb9e9b8a,0x7293ea25,
- 0xce84ffdf,0xf5718801,0x3dd64b04,0xa26f263b,
- 0x7ed48400,0x547eebe6,0x446d4ca0,0x6cf3d6f5,
- 0x2649abdf,0xaea0c7f5,0x36338cc1,0x503f7e93,
- 0xd3772061,0x11b638e1,0x72500e03,0xf80eb2bb,
- 0xabe0502e,0xec8d77de,0x57971e81,0xe14f6746,
- 0xc9335400,0x6920318f,0x081dbb99,0xffc304a5,
- 0x4d351805,0x7f3d5ce3,0xa6c866c6,0x5d5bcca9,
- 0xdaec6fea,0x9f926f91,0x9f46222f,0x3991467d,
- 0xa5bf6d8e,0x1143c44f,0x43958302,0xd0214eeb,
- 0x022083b8,0x3fb6180c,0x18f8931e,0x281658e6,
- 0x26486e3e,0x8bd78a70,0x7477e4c1,0xb506e07c,
- 0xf32d0a25,0x79098b02,0xe4eabb81,0x28123b23,
- 0x69dead38,0x1574ca16,0xdf871b62,0x211c40b7,
- 0xa51a9ef9,0x0014377b,0x041e8ac8,0x09114003,
- 0xbd59e4d2,0xe3d156d5,0x4fe876d5,0x2f91a340,
- 0x557be8de,0x00eae4a7,0x0ce5c2ec,0x4db4bba6,
- 0xe756bdff,0xdd3369ac,0xec17b035,0x06572327,
- 0x99afc8b0,0x56c8c391,0x6b65811c,0x5e146119,
- 0x6e85cb75,0xbe07c002,0xc2325577,0x893ff4ec,
- 0x5bbfc92d,0xd0ec3b25,0xb7801ab7,0x8d6d3b24,
- 0x20c763ef,0xc366a5fc,0x9c382880,0x0ace3205,
- 0xaac9548a,0xeca1d7c7,0x041afa32,0x1d16625a,
- 0x6701902c,0x9b757a54,0x31d477f7,0x9126b031,
- 0x36cc6fdb,0xc70b8b46,0xd9e66a48,0x56e55a79,
- 0x026a4ceb,0x52437eff,0x2f8f76b4,0x0df980a5,
- 0x8674cde3,0xedda04eb,0x17a9be04,0x2c18f4df,
- 0xb7747f9d,0xab2af7b4,0xefc34d20,0x2e096b7c,
- 0x1741a254,0xe5b6a035,0x213d42f6,0x2c1c7c26,
- 0x61c2f50f,0x6552daf9,0xd2c231f8,0x25130f69,
- 0xd8167fa2,0x0418f2c8,0x001a96a6,0x0d1526ab,
- 0x63315c21,0x5e0a72ec,0x49bafefd,0x187908d9,
- 0x8d0dbd86,0x311170a7,0x3e9b640c,0xcc3e10d7,
- 0xd5cad3b6,0x0caec388,0xf73001e1,0x6c728aff,
- 0x71eae2a1,0x1f9af36e,0xcfcbd12f,0xc1de8417,
- 0xac07be6b,0xcb44a1d8,0x8b9b0f56,0x013988c3,
- 0xb1c52fca,0xb4be31cd,0xd8782806,0x12a3a4e2,
- 0x6f7de532,0x58fd7eb6,0xd01ee900,0x24adffc2,
- 0xf4990fc5,0x9711aac5,0x001d7b95,0x82e5e7d2,
- 0x109873f6,0x00613096,0xc32d9521,0xada121ff,
- 0x29908415,0x7fbb977f,0xaf9eb3db,0x29c9ed2a,
- 0x5ce2a465,0xa730f32c,0xd0aa3fe8,0x8a5cc091,
- 0xd49e2ce7,0x0ce454a9,0xd60acd86,0x015f1919,
- 0x77079103,0xdea03af6,0x78a8565e,0xdee356df,
- 0x21f05cbe,0x8b75e387,0xb3c50651,0xb8a5c3ef,
- 0xd8eeb6d2,0xe523be77,0xc2154529,0x2f69efdf,
- 0xafe67afb,0xf470c4b2,0xf3e0eb5b,0xd6cc9876,
- 0x39e4460c,0x1fda8538,0x1987832f,0xca007367,
- 0xa99144f8,0x296b299e,0x492fc295,0x9266beab,
- 0xb5676e69,0x9bd3ddda,0xdf7e052f,0xdb25701c,
- 0x1b5e51ee,0xf65324e6,0x6afce36c,0x0316cc04,
- 0x8644213e,0xb7dc59d0,0x7965291f,0xccd6fd43,
- 0x41823979,0x932bcdf6,0xb657c34d,0x4edfd282,
- 0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e,
- 0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2,
- };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256]={
- 0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911,
- 0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f,
- 0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00,
- 0x2ab722d8,0x386381cb,0xacf6243a,0x69befd7a,
- 0xe6a2e77f,0xf0c720cd,0xc4494816,0xccf5c180,
- 0x38851640,0x15b0a848,0xe68b18cb,0x4caadeff,
- 0x5f480a01,0x0412b2aa,0x259814fc,0x41d0efe2,
- 0x4e40b48d,0x248eb6fb,0x8dba1cfe,0x41a99b02,
- 0x1a550a04,0xba8f65cb,0x7251f4e7,0x95a51725,
- 0xc106ecd7,0x97a5980a,0xc539b9aa,0x4d79fe6a,
- 0xf2f3f763,0x68af8040,0xed0c9e56,0x11b4958b,
- 0xe1eb5a88,0x8709e6b0,0xd7e07156,0x4e29fea7,
- 0x6366e52d,0x02d1c000,0xc4ac8e05,0x9377f571,
- 0x0c05372a,0x578535f2,0x2261be02,0xd642a0c9,
- 0xdf13a280,0x74b55bd2,0x682199c0,0xd421e5ec,
- 0x53fb3ce8,0xc8adedb3,0x28a87fc9,0x3d959981,
- 0x5c1ff900,0xfe38d399,0x0c4eff0b,0x062407ea,
- 0xaa2f4fb1,0x4fb96976,0x90c79505,0xb0a8a774,
- 0xef55a1ff,0xe59ca2c2,0xa6b62d27,0xe66a4263,
- 0xdf65001f,0x0ec50966,0xdfdd55bc,0x29de0655,
- 0x911e739a,0x17af8975,0x32c7911c,0x89f89468,
- 0x0d01e980,0x524755f4,0x03b63cc9,0x0cc844b2,
- 0xbcf3f0aa,0x87ac36e9,0xe53a7426,0x01b3d82b,
- 0x1a9e7449,0x64ee2d7e,0xcddbb1da,0x01c94910,
- 0xb868bf80,0x0d26f3fd,0x9342ede7,0x04a5c284,
- 0x636737b6,0x50f5b616,0xf24766e3,0x8eca36c1,
- 0x136e05db,0xfef18391,0xfb887a37,0xd6e7f7d4,
- 0xc7fb7dc9,0x3063fcdf,0xb6f589de,0xec2941da,
- 0x26e46695,0xb7566419,0xf654efc5,0xd08d58b7,
- 0x48925401,0xc1bacb7f,0xe5ff550f,0xb6083049,
- 0x5bb5d0e8,0x87d72e5a,0xab6a6ee1,0x223a66ce,
- 0xc62bf3cd,0x9e0885f9,0x68cb3e47,0x086c010f,
- 0xa21de820,0xd18b69de,0xf3f65777,0xfa02c3f6,
- 0x407edac3,0xcbb3d550,0x1793084d,0xb0d70eba,
- 0x0ab378d5,0xd951fb0c,0xded7da56,0x4124bbe4,
- 0x94ca0b56,0x0f5755d1,0xe0e1e56e,0x6184b5be,
- 0x580a249f,0x94f74bc0,0xe327888e,0x9f7b5561,
- 0xc3dc0280,0x05687715,0x646c6bd7,0x44904db3,
- 0x66b4f0a3,0xc0f1648a,0x697ed5af,0x49e92ff6,
- 0x309e374f,0x2cb6356a,0x85808573,0x4991f840,
- 0x76f0ae02,0x083be84d,0x28421c9a,0x44489406,
- 0x736e4cb8,0xc1092910,0x8bc95fc6,0x7d869cf4,
- 0x134f616f,0x2e77118d,0xb31b2be1,0xaa90b472,
- 0x3ca5d717,0x7d161bba,0x9cad9010,0xaf462ba2,
- 0x9fe459d2,0x45d34559,0xd9f2da13,0xdbc65487,
- 0xf3e4f94e,0x176d486f,0x097c13ea,0x631da5c7,
- 0x445f7382,0x175683f4,0xcdc66a97,0x70be0288,
- 0xb3cdcf72,0x6e5dd2f3,0x20936079,0x459b80a5,
- 0xbe60e2db,0xa9c23101,0xeba5315c,0x224e42f2,
- 0x1c5c1572,0xf6721b2c,0x1ad2fff3,0x8c25404e,
- 0x324ed72f,0x4067b7fd,0x0523138e,0x5ca3bc78,
- 0xdc0fd66e,0x75922283,0x784d6b17,0x58ebb16e,
- 0x44094f85,0x3f481d87,0xfcfeae7b,0x77b5ff76,
- 0x8c2302bf,0xaaf47556,0x5f46b02a,0x2b092801,
- 0x3d38f5f7,0x0ca81f36,0x52af4a8a,0x66d5e7c0,
- 0xdf3b0874,0x95055110,0x1b5ad7a8,0xf61ed5ad,
- 0x6cf6e479,0x20758184,0xd0cefa65,0x88f7be58,
- 0x4a046826,0x0ff6f8f3,0xa09c7f70,0x5346aba0,
- 0x5ce96c28,0xe176eda3,0x6bac307f,0x376829d2,
- 0x85360fa9,0x17e3fe2a,0x24b79767,0xf5a96b20,
- 0xd6cd2595,0x68ff1ebf,0x7555442c,0xf19f06be,
- 0xf9e0659a,0xeeb9491d,0x34010718,0xbb30cab8,
- 0xe822fe15,0x88570983,0x750e6249,0xda627e55,
- 0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4,
- };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256]={
- 0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c,
- 0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac,
- 0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9,
- 0x1ab6a6b8,0xde5ebe39,0xf38ff732,0x8989b138,
- 0x33f14961,0xc01937bd,0xf506c6da,0xe4625e7e,
- 0xa308ea99,0x4e23e33c,0x79cbd7cc,0x48a14367,
- 0xa3149619,0xfec94bd5,0xa114174a,0xeaa01866,
- 0xa084db2d,0x09a8486f,0xa888614a,0x2900af98,
- 0x01665991,0xe1992863,0xc8f30c60,0x2e78ef3c,
- 0xd0d51932,0xcf0fec14,0xf7ca07d2,0xd0a82072,
- 0xfd41197e,0x9305a6b0,0xe86be3da,0x74bed3cd,
- 0x372da53c,0x4c7f4448,0xdab5d440,0x6dba0ec3,
- 0x083919a7,0x9fbaeed9,0x49dbcfb0,0x4e670c53,
- 0x5c3d9c01,0x64bdb941,0x2c0e636a,0xba7dd9cd,
- 0xea6f7388,0xe70bc762,0x35f29adb,0x5c4cdd8d,
- 0xf0d48d8c,0xb88153e2,0x08a19866,0x1ae2eac8,
- 0x284caf89,0xaa928223,0x9334be53,0x3b3a21bf,
- 0x16434be3,0x9aea3906,0xefe8c36e,0xf890cdd9,
- 0x80226dae,0xc340a4a3,0xdf7e9c09,0xa694a807,
- 0x5b7c5ecc,0x221db3a6,0x9a69a02f,0x68818a54,
- 0xceb2296f,0x53c0843a,0xfe893655,0x25bfe68a,
- 0xb4628abc,0xcf222ebf,0x25ac6f48,0xa9a99387,
- 0x53bddb65,0xe76ffbe7,0xe967fd78,0x0ba93563,
- 0x8e342bc1,0xe8a11be9,0x4980740d,0xc8087dfc,
- 0x8de4bf99,0xa11101a0,0x7fd37975,0xda5a26c0,
- 0xe81f994f,0x9528cd89,0xfd339fed,0xb87834bf,
- 0x5f04456d,0x22258698,0xc9c4c83b,0x2dc156be,
- 0x4f628daa,0x57f55ec5,0xe2220abe,0xd2916ebf,
- 0x4ec75b95,0x24f2c3c0,0x42d15d99,0xcd0d7fa0,
- 0x7b6e27ff,0xa8dc8af0,0x7345c106,0xf41e232f,
- 0x35162386,0xe6ea8926,0x3333b094,0x157ec6f2,
- 0x372b74af,0x692573e4,0xe9a9d848,0xf3160289,
- 0x3a62ef1d,0xa787e238,0xf3a5f676,0x74364853,
- 0x20951063,0x4576698d,0xb6fad407,0x592af950,
- 0x36f73523,0x4cfb6e87,0x7da4cec0,0x6c152daa,
- 0xcb0396a8,0xc50dfe5d,0xfcd707ab,0x0921c42f,
- 0x89dff0bb,0x5fe2be78,0x448f4f33,0x754613c9,
- 0x2b05d08d,0x48b9d585,0xdc049441,0xc8098f9b,
- 0x7dede786,0xc39a3373,0x42410005,0x6a091751,
- 0x0ef3c8a6,0x890072d6,0x28207682,0xa9a9f7be,
- 0xbf32679d,0xd45b5b75,0xb353fd00,0xcbb0e358,
- 0x830f220a,0x1f8fb214,0xd372cf08,0xcc3c4a13,
- 0x8cf63166,0x061c87be,0x88c98f88,0x6062e397,
- 0x47cf8e7a,0xb6c85283,0x3cc2acfb,0x3fc06976,
- 0x4e8f0252,0x64d8314d,0xda3870e3,0x1e665459,
- 0xc10908f0,0x513021a5,0x6c5b68b7,0x822f8aa0,
- 0x3007cd3e,0x74719eef,0xdc872681,0x073340d4,
- 0x7e432fd9,0x0c5ec241,0x8809286c,0xf592d891,
- 0x08a930f6,0x957ef305,0xb7fbffbd,0xc266e96f,
- 0x6fe4ac98,0xb173ecc0,0xbc60b42a,0x953498da,
- 0xfba1ae12,0x2d4bd736,0x0f25faab,0xa4f3fceb,
- 0xe2969123,0x257f0c3d,0x9348af49,0x361400bc,
- 0xe8816f4a,0x3814f200,0xa3f94043,0x9c7a54c2,
- 0xbc704f57,0xda41e7f9,0xc25ad33a,0x54f4a084,
- 0xb17f5505,0x59357cbe,0xedbd15c8,0x7f97c5ab,
- 0xba5ac7b5,0xb6f6deaf,0x3a479c3a,0x5302da25,
- 0x653d7e6a,0x54268d49,0x51a477ea,0x5017d55b,
- 0xd7d25d88,0x44136c76,0x0404a8c8,0xb8e5a121,
- 0xb81a928a,0x60ed5869,0x97c55b96,0xeaec991b,
- 0x29935913,0x01fdb7f1,0x088e8dfa,0x9ab6f6f5,
- 0x3b4cbf9f,0x4a5de3ab,0xe6051d35,0xa0e1d855,
- 0xd36b4cf1,0xf544edeb,0xb0e93524,0xbebb8fbd,
- 0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454,
- 0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f,
- };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256]={
- 0x85e04019,0x332bf567,0x662dbfff,0xcfc65693,
- 0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f,
- 0x0227bce7,0x4d642916,0x18fac300,0x50f18b82,
- 0x2cb2cb11,0xb232e75c,0x4b3695f2,0xb28707de,
- 0xa05fbcf6,0xcd4181e9,0xe150210c,0xe24ef1bd,
- 0xb168c381,0xfde4e789,0x5c79b0d8,0x1e8bfd43,
- 0x4d495001,0x38be4341,0x913cee1d,0x92a79c3f,
- 0x089766be,0xbaeeadf4,0x1286becf,0xb6eacb19,
- 0x2660c200,0x7565bde4,0x64241f7a,0x8248dca9,
- 0xc3b3ad66,0x28136086,0x0bd8dfa8,0x356d1cf2,
- 0x107789be,0xb3b2e9ce,0x0502aa8f,0x0bc0351e,
- 0x166bf52a,0xeb12ff82,0xe3486911,0xd34d7516,
- 0x4e7b3aff,0x5f43671b,0x9cf6e037,0x4981ac83,
- 0x334266ce,0x8c9341b7,0xd0d854c0,0xcb3a6c88,
- 0x47bc2829,0x4725ba37,0xa66ad22b,0x7ad61f1e,
- 0x0c5cbafa,0x4437f107,0xb6e79962,0x42d2d816,
- 0x0a961288,0xe1a5c06e,0x13749e67,0x72fc081a,
- 0xb1d139f7,0xf9583745,0xcf19df58,0xbec3f756,
- 0xc06eba30,0x07211b24,0x45c28829,0xc95e317f,
- 0xbc8ec511,0x38bc46e9,0xc6e6fa14,0xbae8584a,
- 0xad4ebc46,0x468f508b,0x7829435f,0xf124183b,
- 0x821dba9f,0xaff60ff4,0xea2c4e6d,0x16e39264,
- 0x92544a8b,0x009b4fc3,0xaba68ced,0x9ac96f78,
- 0x06a5b79a,0xb2856e6e,0x1aec3ca9,0xbe838688,
- 0x0e0804e9,0x55f1be56,0xe7e5363b,0xb3a1f25d,
- 0xf7debb85,0x61fe033c,0x16746233,0x3c034c28,
- 0xda6d0c74,0x79aac56c,0x3ce4e1ad,0x51f0c802,
- 0x98f8f35a,0x1626a49f,0xeed82b29,0x1d382fe3,
- 0x0c4fb99a,0xbb325778,0x3ec6d97b,0x6e77a6a9,
- 0xcb658b5c,0xd45230c7,0x2bd1408b,0x60c03eb7,
- 0xb9068d78,0xa33754f4,0xf430c87d,0xc8a71302,
- 0xb96d8c32,0xebd4e7be,0xbe8b9d2d,0x7979fb06,
- 0xe7225308,0x8b75cf77,0x11ef8da4,0xe083c858,
- 0x8d6b786f,0x5a6317a6,0xfa5cf7a0,0x5dda0033,
- 0xf28ebfb0,0xf5b9c310,0xa0eac280,0x08b9767a,
- 0xa3d9d2b0,0x79d34217,0x021a718d,0x9ac6336a,
- 0x2711fd60,0x438050e3,0x069908a8,0x3d7fedc4,
- 0x826d2bef,0x4eeb8476,0x488dcf25,0x36c9d566,
- 0x28e74e41,0xc2610aca,0x3d49a9cf,0xbae3b9df,
- 0xb65f8de6,0x92aeaf64,0x3ac7d5e6,0x9ea80509,
- 0xf22b017d,0xa4173f70,0xdd1e16c3,0x15e0d7f9,
- 0x50b1b887,0x2b9f4fd5,0x625aba82,0x6a017962,
- 0x2ec01b9c,0x15488aa9,0xd716e740,0x40055a2c,
- 0x93d29a22,0xe32dbf9a,0x058745b9,0x3453dc1e,
- 0xd699296e,0x496cff6f,0x1c9f4986,0xdfe2ed07,
- 0xb87242d1,0x19de7eae,0x053e561a,0x15ad6f8c,
- 0x66626c1c,0x7154c24c,0xea082b2a,0x93eb2939,
- 0x17dcb0f0,0x58d4f2ae,0x9ea294fb,0x52cf564c,
- 0x9883fe66,0x2ec40581,0x763953c3,0x01d6692e,
- 0xd3a0c108,0xa1e7160e,0xe4f2dfa6,0x693ed285,
- 0x74904698,0x4c2b0edd,0x4f757656,0x5d393378,
- 0xa132234f,0x3d321c5d,0xc3f5e194,0x4b269301,
- 0xc79f022f,0x3c997e7e,0x5e4f9504,0x3ffafbbd,
- 0x76f7ad0e,0x296693f4,0x3d1fce6f,0xc61e45be,
- 0xd3b5ab34,0xf72bf9b7,0x1b0434c0,0x4e72b567,
- 0x5592a33d,0xb5229301,0xcfd2a87f,0x60aeb767,
- 0x1814386b,0x30bcc33d,0x38a0c07d,0xfd1606f2,
- 0xc363519b,0x589dd390,0x5479f8e6,0x1cb8d647,
- 0x97fd61a9,0xea7759f4,0x2d57539d,0x569a58cf,
- 0xe84e63ad,0x462e1b78,0x6580f87e,0xf3817914,
- 0x91da55f4,0x40a230f3,0xd1988f35,0xb6e318d2,
- 0x3ffa50bc,0x3d40f021,0xc3c0bdae,0x4958c24c,
- 0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada,
- 0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3,
- };
-OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256]={
- 0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095,
- 0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5,
- 0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174,
- 0x2a42931c,0x76e38111,0xb12def3a,0x37ddddfc,
- 0xde9adeb1,0x0a0cc32c,0xbe197029,0x84a00940,
- 0xbb243a0f,0xb4d137cf,0xb44e79f0,0x049eedfd,
- 0x0b15a15d,0x480d3168,0x8bbbde5a,0x669ded42,
- 0xc7ece831,0x3f8f95e7,0x72df191b,0x7580330d,
- 0x94074251,0x5c7dcdfa,0xabbe6d63,0xaa402164,
- 0xb301d40a,0x02e7d1ca,0x53571dae,0x7a3182a2,
- 0x12a8ddec,0xfdaa335d,0x176f43e8,0x71fb46d4,
- 0x38129022,0xce949ad4,0xb84769ad,0x965bd862,
- 0x82f3d055,0x66fb9767,0x15b80b4e,0x1d5b47a0,
- 0x4cfde06f,0xc28ec4b8,0x57e8726e,0x647a78fc,
- 0x99865d44,0x608bd593,0x6c200e03,0x39dc5ff6,
- 0x5d0b00a3,0xae63aff2,0x7e8bd632,0x70108c0c,
- 0xbbd35049,0x2998df04,0x980cf42a,0x9b6df491,
- 0x9e7edd53,0x06918548,0x58cb7e07,0x3b74ef2e,
- 0x522fffb1,0xd24708cc,0x1c7e27cd,0xa4eb215b,
- 0x3cf1d2e2,0x19b47a38,0x424f7618,0x35856039,
- 0x9d17dee7,0x27eb35e6,0xc9aff67b,0x36baf5b8,
- 0x09c467cd,0xc18910b1,0xe11dbf7b,0x06cd1af8,
- 0x7170c608,0x2d5e3354,0xd4de495a,0x64c6d006,
- 0xbcc0c62c,0x3dd00db3,0x708f8f34,0x77d51b42,
- 0x264f620f,0x24b8d2bf,0x15c1b79e,0x46a52564,
- 0xf8d7e54e,0x3e378160,0x7895cda5,0x859c15a5,
- 0xe6459788,0xc37bc75f,0xdb07ba0c,0x0676a3ab,
- 0x7f229b1e,0x31842e7b,0x24259fd7,0xf8bef472,
- 0x835ffcb8,0x6df4c1f2,0x96f5b195,0xfd0af0fc,
- 0xb0fe134c,0xe2506d3d,0x4f9b12ea,0xf215f225,
- 0xa223736f,0x9fb4c428,0x25d04979,0x34c713f8,
- 0xc4618187,0xea7a6e98,0x7cd16efc,0x1436876c,
- 0xf1544107,0xbedeee14,0x56e9af27,0xa04aa441,
- 0x3cf7c899,0x92ecbae6,0xdd67016d,0x151682eb,
- 0xa842eedf,0xfdba60b4,0xf1907b75,0x20e3030f,
- 0x24d8c29e,0xe139673b,0xefa63fb8,0x71873054,
- 0xb6f2cf3b,0x9f326442,0xcb15a4cc,0xb01a4504,
- 0xf1e47d8d,0x844a1be5,0xbae7dfdc,0x42cbda70,
- 0xcd7dae0a,0x57e85b7a,0xd53f5af6,0x20cf4d8c,
- 0xcea4d428,0x79d130a4,0x3486ebfb,0x33d3cddc,
- 0x77853b53,0x37effcb5,0xc5068778,0xe580b3e6,
- 0x4e68b8f4,0xc5c8b37e,0x0d809ea2,0x398feb7c,
- 0x132a4f94,0x43b7950e,0x2fee7d1c,0x223613bd,
- 0xdd06caa2,0x37df932b,0xc4248289,0xacf3ebc3,
- 0x5715f6b7,0xef3478dd,0xf267616f,0xc148cbe4,
- 0x9052815e,0x5e410fab,0xb48a2465,0x2eda7fa4,
- 0xe87b40e4,0xe98ea084,0x5889e9e1,0xefd390fc,
- 0xdd07d35b,0xdb485694,0x38d7e5b2,0x57720101,
- 0x730edebc,0x5b643113,0x94917e4f,0x503c2fba,
- 0x646f1282,0x7523d24a,0xe0779695,0xf9c17a8f,
- 0x7a5b2121,0xd187b896,0x29263a4d,0xba510cdf,
- 0x81f47c9f,0xad1163ed,0xea7b5965,0x1a00726e,
- 0x11403092,0x00da6d77,0x4a0cdd61,0xad1f4603,
- 0x605bdfb0,0x9eedc364,0x22ebe6a8,0xcee7d28a,
- 0xa0e736a0,0x5564a6b9,0x10853209,0xc7eb8f37,
- 0x2de705ca,0x8951570f,0xdf09822b,0xbd691a6c,
- 0xaa12e4f2,0x87451c0f,0xe0f6a27a,0x3ada4819,
- 0x4cf1764f,0x0d771c2b,0x67cdb156,0x350d8384,
- 0x5938fa0f,0x42399ef3,0x36997b07,0x0e84093d,
- 0x4aa93e61,0x8360d87b,0x1fa98b0c,0x1149382c,
- 0xe97625a5,0x0614d1b7,0x0e25244b,0x0c768347,
- 0x589e8d82,0x0d2059d1,0xa466bb1e,0xf8da0a82,
- 0x04f19130,0xba6e4ec0,0x99265164,0x1ee7230d,
- 0x50b2ad80,0xeaee6801,0x8db2a283,0xea8bf59e,
- };
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_s.h (from rev 6976, vendor-crypto/openssl/dist/crypto/cast/cast_s.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_s.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_s.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,592 @@
+/* crypto/cast/cast_s.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256] = {
+ 0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a,
+ 0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
+ 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675,
+ 0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
+ 0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2,
+ 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
+ 0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f,
+ 0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
+ 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de,
+ 0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
+ 0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f,
+ 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
+ 0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d,
+ 0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
+ 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165,
+ 0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
+ 0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272,
+ 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
+ 0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d,
+ 0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
+ 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a,
+ 0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
+ 0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f,
+ 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
+ 0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9,
+ 0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
+ 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6,
+ 0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
+ 0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9,
+ 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
+ 0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e,
+ 0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
+ 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e,
+ 0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
+ 0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82,
+ 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
+ 0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac,
+ 0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
+ 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f,
+ 0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
+ 0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491,
+ 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
+ 0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de,
+ 0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
+ 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a,
+ 0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
+ 0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79,
+ 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
+ 0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779,
+ 0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
+ 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755,
+ 0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
+ 0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb,
+ 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
+ 0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0,
+ 0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
+ 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79,
+ 0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
+ 0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298,
+ 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
+ 0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571,
+ 0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
+ 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d,
+ 0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256] = {
+ 0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380,
+ 0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
+ 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba,
+ 0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
+ 0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909,
+ 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
+ 0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b,
+ 0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
+ 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4,
+ 0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
+ 0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f,
+ 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
+ 0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21,
+ 0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
+ 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d,
+ 0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
+ 0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f,
+ 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
+ 0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d,
+ 0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
+ 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4,
+ 0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
+ 0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801,
+ 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
+ 0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755,
+ 0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
+ 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709,
+ 0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
+ 0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b,
+ 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
+ 0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c,
+ 0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
+ 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9,
+ 0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
+ 0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3,
+ 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
+ 0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9,
+ 0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
+ 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab,
+ 0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
+ 0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4,
+ 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
+ 0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43,
+ 0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
+ 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8,
+ 0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
+ 0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171,
+ 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
+ 0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89,
+ 0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
+ 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b,
+ 0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
+ 0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb,
+ 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
+ 0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e,
+ 0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
+ 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea,
+ 0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
+ 0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea,
+ 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
+ 0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd,
+ 0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
+ 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef,
+ 0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256] = {
+ 0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907,
+ 0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
+ 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae,
+ 0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
+ 0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e,
+ 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
+ 0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc,
+ 0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
+ 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e,
+ 0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
+ 0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f,
+ 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
+ 0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99,
+ 0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
+ 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f,
+ 0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
+ 0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380,
+ 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
+ 0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8,
+ 0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
+ 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504,
+ 0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
+ 0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6,
+ 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
+ 0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e,
+ 0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
+ 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d,
+ 0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
+ 0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1,
+ 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
+ 0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c,
+ 0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
+ 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15,
+ 0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
+ 0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4,
+ 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
+ 0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b,
+ 0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
+ 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392,
+ 0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
+ 0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231,
+ 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
+ 0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889,
+ 0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
+ 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67,
+ 0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
+ 0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49,
+ 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
+ 0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d,
+ 0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
+ 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d,
+ 0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
+ 0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e,
+ 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
+ 0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767,
+ 0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
+ 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce,
+ 0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
+ 0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24,
+ 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
+ 0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0,
+ 0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
+ 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5,
+ 0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256] = {
+ 0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298,
+ 0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
+ 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120,
+ 0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
+ 0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220,
+ 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
+ 0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe,
+ 0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
+ 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701,
+ 0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
+ 0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b,
+ 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
+ 0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93,
+ 0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
+ 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746,
+ 0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
+ 0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9,
+ 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
+ 0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb,
+ 0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
+ 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c,
+ 0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
+ 0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7,
+ 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
+ 0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340,
+ 0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
+ 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327,
+ 0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
+ 0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec,
+ 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
+ 0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205,
+ 0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
+ 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031,
+ 0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
+ 0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5,
+ 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
+ 0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c,
+ 0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
+ 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69,
+ 0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
+ 0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9,
+ 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
+ 0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff,
+ 0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
+ 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3,
+ 0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
+ 0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2,
+ 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
+ 0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff,
+ 0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
+ 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091,
+ 0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
+ 0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df,
+ 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
+ 0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf,
+ 0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
+ 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367,
+ 0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
+ 0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c,
+ 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
+ 0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43,
+ 0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
+ 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e,
+ 0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256] = {
+ 0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911,
+ 0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
+ 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00,
+ 0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
+ 0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180,
+ 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
+ 0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2,
+ 0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
+ 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725,
+ 0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
+ 0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b,
+ 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
+ 0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571,
+ 0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
+ 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec,
+ 0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
+ 0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea,
+ 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
+ 0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263,
+ 0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
+ 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468,
+ 0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
+ 0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b,
+ 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
+ 0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284,
+ 0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
+ 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4,
+ 0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
+ 0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7,
+ 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
+ 0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce,
+ 0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
+ 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6,
+ 0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
+ 0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4,
+ 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
+ 0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561,
+ 0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
+ 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6,
+ 0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
+ 0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406,
+ 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
+ 0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472,
+ 0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
+ 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487,
+ 0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
+ 0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288,
+ 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
+ 0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2,
+ 0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
+ 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78,
+ 0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
+ 0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76,
+ 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
+ 0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0,
+ 0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
+ 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58,
+ 0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
+ 0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2,
+ 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
+ 0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be,
+ 0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
+ 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55,
+ 0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256] = {
+ 0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c,
+ 0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
+ 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9,
+ 0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
+ 0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e,
+ 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
+ 0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866,
+ 0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
+ 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c,
+ 0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
+ 0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd,
+ 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
+ 0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53,
+ 0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
+ 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d,
+ 0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
+ 0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf,
+ 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
+ 0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807,
+ 0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
+ 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a,
+ 0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
+ 0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563,
+ 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
+ 0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0,
+ 0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
+ 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be,
+ 0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
+ 0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0,
+ 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
+ 0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2,
+ 0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
+ 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853,
+ 0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
+ 0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa,
+ 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
+ 0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9,
+ 0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
+ 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751,
+ 0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
+ 0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358,
+ 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
+ 0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397,
+ 0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
+ 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459,
+ 0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
+ 0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4,
+ 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
+ 0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f,
+ 0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
+ 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb,
+ 0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
+ 0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2,
+ 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
+ 0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab,
+ 0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
+ 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b,
+ 0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
+ 0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b,
+ 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
+ 0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855,
+ 0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
+ 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454,
+ 0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256] = {
+ 0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693,
+ 0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
+ 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82,
+ 0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
+ 0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd,
+ 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
+ 0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f,
+ 0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
+ 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9,
+ 0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
+ 0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e,
+ 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
+ 0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83,
+ 0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
+ 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e,
+ 0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
+ 0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a,
+ 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
+ 0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f,
+ 0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
+ 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b,
+ 0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
+ 0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78,
+ 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
+ 0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d,
+ 0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
+ 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802,
+ 0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
+ 0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9,
+ 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
+ 0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302,
+ 0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
+ 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858,
+ 0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
+ 0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a,
+ 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
+ 0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4,
+ 0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
+ 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df,
+ 0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
+ 0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9,
+ 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
+ 0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c,
+ 0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
+ 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07,
+ 0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
+ 0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939,
+ 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
+ 0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e,
+ 0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
+ 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378,
+ 0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
+ 0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd,
+ 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
+ 0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567,
+ 0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
+ 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2,
+ 0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
+ 0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf,
+ 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
+ 0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2,
+ 0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
+ 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada,
+ 0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3,
+};
+
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256] = {
+ 0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095,
+ 0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
+ 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174,
+ 0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
+ 0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940,
+ 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
+ 0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42,
+ 0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
+ 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164,
+ 0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
+ 0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4,
+ 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
+ 0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0,
+ 0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
+ 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6,
+ 0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
+ 0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491,
+ 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
+ 0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b,
+ 0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
+ 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8,
+ 0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
+ 0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006,
+ 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
+ 0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564,
+ 0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
+ 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab,
+ 0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
+ 0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc,
+ 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
+ 0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8,
+ 0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
+ 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441,
+ 0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
+ 0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f,
+ 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
+ 0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504,
+ 0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
+ 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c,
+ 0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
+ 0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6,
+ 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
+ 0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd,
+ 0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
+ 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4,
+ 0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
+ 0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc,
+ 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
+ 0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba,
+ 0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
+ 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf,
+ 0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
+ 0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603,
+ 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
+ 0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37,
+ 0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
+ 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819,
+ 0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
+ 0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d,
+ 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
+ 0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347,
+ 0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
+ 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d,
+ 0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e,
+};
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_spd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/cast_spd.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_spd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,278 +0,0 @@
-/* crypto/cast/cast_spd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/cast.h>
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-#ifndef CLK_TCK
-#define HZ 100.0
-#else /* CLK_TCK */
-#define HZ ((double)CLK_TCK)
-#endif
-#endif
-
-#define BUFSIZE ((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-double Time_F(int s)
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
- }
-
-int main(int argc, char **argv)
- {
- long count;
- static unsigned char buf[BUFSIZE];
- static unsigned char key[] ={
- 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
- };
- CAST_KEY sch;
- double a,b,c,d;
-#ifndef SIGALRM
- long ca,cb,cc;
-#endif
-
-#ifndef TIMES
- printf("To get the most accurate results, try to run this\n");
- printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
- printf("First we calculate the approximate speed ...\n");
- CAST_set_key(&sch,16,key);
- count=10;
- do {
- long i;
- CAST_LONG data[2];
-
- count*=2;
- Time_F(START);
- for (i=count; i; i--)
- CAST_encrypt(data,&sch);
- d=Time_F(STOP);
- } while (d < 3.0);
- ca=count/512;
- cb=count;
- cc=count*8/BUFSIZE+1;
- printf("Doing CAST_set_key %ld times\n",ca);
-#define COND(d) (count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
- printf("Doing CAST_set_key for 10 seconds\n");
- alarm(10);
-#endif
-
- Time_F(START);
- for (count=0,run=1; COND(ca); count+=4)
- {
- CAST_set_key(&sch,16,key);
- CAST_set_key(&sch,16,key);
- CAST_set_key(&sch,16,key);
- CAST_set_key(&sch,16,key);
- }
- d=Time_F(STOP);
- printf("%ld cast set_key's in %.2f seconds\n",count,d);
- a=((double)COUNT(ca))/d;
-
-#ifdef SIGALRM
- printf("Doing CAST_encrypt's for 10 seconds\n");
- alarm(10);
-#else
- printf("Doing CAST_encrypt %ld times\n",cb);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cb); count+=4)
- {
- CAST_LONG data[2];
-
- CAST_encrypt(data,&sch);
- CAST_encrypt(data,&sch);
- CAST_encrypt(data,&sch);
- CAST_encrypt(data,&sch);
- }
- d=Time_F(STOP);
- printf("%ld CAST_encrypt's in %.2f second\n",count,d);
- b=((double)COUNT(cb)*8)/d;
-
-#ifdef SIGALRM
- printf("Doing CAST_cbc_encrypt on %ld byte blocks for 10 seconds\n",
- BUFSIZE);
- alarm(10);
-#else
- printf("Doing CAST_cbc_encrypt %ld times on %ld byte blocks\n",cc,
- BUFSIZE);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cc); count++)
- CAST_cbc_encrypt(buf,buf,BUFSIZE,&sch,
- &(key[0]),CAST_ENCRYPT);
- d=Time_F(STOP);
- printf("%ld CAST_cbc_encrypt's of %ld byte blocks in %.2f second\n",
- count,BUFSIZE,d);
- c=((double)COUNT(cc)*BUFSIZE)/d;
-
- printf("CAST set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
- printf("CAST raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
- printf("CAST cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
- exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
- return(0);
-#endif
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_spd.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cast/cast_spd.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_spd.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/cast_spd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,262 @@
+/* crypto/cast/cast_spd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+# define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+#endif
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+ /*
+ * Depending on the VMS version, the tms structure is perhaps defined.
+ * The __TMS macro will show if it was. If it wasn't defined, we should
+ * undefine TIMES, since that tells the rest of the program how things
+ * should be handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+#ifndef TIMES
+# include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+#include <openssl/cast.h>
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# define HZ 100.0
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run = 0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi) || defined(_AIX)
+# define SIGRETTYPE void
+# else
+# define SIGRETTYPE int
+# endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+{
+ signal(SIGALRM, sig_done);
+ run = 0;
+# ifdef LINT
+ sig = sig;
+# endif
+}
+#endif
+
+#define START 0
+#define STOP 1
+
+double Time_F(int s)
+{
+ double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#endif
+}
+
+int main(int argc, char **argv)
+{
+ long count;
+ static unsigned char buf[BUFSIZE];
+ static unsigned char key[] = {
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+ };
+ CAST_KEY sch;
+ double a, b, c, d;
+#ifndef SIGALRM
+ long ca, cb, cc;
+#endif
+
+#ifndef TIMES
+ printf("To get the most accurate results, try to run this\n");
+ printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+ printf("First we calculate the approximate speed ...\n");
+ CAST_set_key(&sch, 16, key);
+ count = 10;
+ do {
+ long i;
+ CAST_LONG data[2];
+
+ count *= 2;
+ Time_F(START);
+ for (i = count; i; i--)
+ CAST_encrypt(data, &sch);
+ d = Time_F(STOP);
+ } while (d < 3.0);
+ ca = count / 512;
+ cb = count;
+ cc = count * 8 / BUFSIZE + 1;
+ printf("Doing CAST_set_key %ld times\n", ca);
+# define COND(d) (count != (d))
+# define COUNT(d) (d)
+#else
+# define COND(c) (run)
+# define COUNT(d) (count)
+ signal(SIGALRM, sig_done);
+ printf("Doing CAST_set_key for 10 seconds\n");
+ alarm(10);
+#endif
+
+ Time_F(START);
+ for (count = 0, run = 1; COND(ca); count += 4) {
+ CAST_set_key(&sch, 16, key);
+ CAST_set_key(&sch, 16, key);
+ CAST_set_key(&sch, 16, key);
+ CAST_set_key(&sch, 16, key);
+ }
+ d = Time_F(STOP);
+ printf("%ld cast set_key's in %.2f seconds\n", count, d);
+ a = ((double)COUNT(ca)) / d;
+
+#ifdef SIGALRM
+ printf("Doing CAST_encrypt's for 10 seconds\n");
+ alarm(10);
+#else
+ printf("Doing CAST_encrypt %ld times\n", cb);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cb); count += 4) {
+ CAST_LONG data[2];
+
+ CAST_encrypt(data, &sch);
+ CAST_encrypt(data, &sch);
+ CAST_encrypt(data, &sch);
+ CAST_encrypt(data, &sch);
+ }
+ d = Time_F(STOP);
+ printf("%ld CAST_encrypt's in %.2f second\n", count, d);
+ b = ((double)COUNT(cb) * 8) / d;
+
+#ifdef SIGALRM
+ printf("Doing CAST_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+ BUFSIZE);
+ alarm(10);
+#else
+ printf("Doing CAST_cbc_encrypt %ld times on %ld byte blocks\n", cc,
+ BUFSIZE);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cc); count++)
+ CAST_cbc_encrypt(buf, buf, BUFSIZE, &sch, &(key[0]), CAST_ENCRYPT);
+ d = Time_F(STOP);
+ printf("%ld CAST_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+ count, BUFSIZE, d);
+ c = ((double)COUNT(cc) * BUFSIZE) / d;
+
+ printf("CAST set_key per sec = %12.2f (%9.3fuS)\n", a, 1.0e6 / a);
+ printf("CAST raw ecb bytes per sec = %12.2f (%9.3fuS)\n", b, 8.0e6 / b);
+ printf("CAST cbc bytes per sec = %12.2f (%9.3fuS)\n", c, 8.0e6 / c);
+ exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+ return (0);
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cast/castopts.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/castopts.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/castopts.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,342 +0,0 @@
-/* crypto/cast/castopts.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
- * This is for machines with 64k code segment size restrictions. */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
-#define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/cast.h>
-
-#define CAST_DEFAULT_OPTIONS
-
-#undef E_CAST
-#define CAST_encrypt CAST_encrypt_normal
-#define CAST_decrypt CAST_decrypt_normal
-#define CAST_cbc_encrypt CAST_cbc_encrypt_normal
-#undef HEADER_CAST_LOCL_H
-#include "c_enc.c"
-
-#define CAST_PTR
-#undef CAST_PTR2
-#undef E_CAST
-#undef CAST_encrypt
-#undef CAST_decrypt
-#undef CAST_cbc_encrypt
-#define CAST_encrypt CAST_encrypt_ptr
-#define CAST_decrypt CAST_decrypt_ptr
-#define CAST_cbc_encrypt CAST_cbc_encrypt_ptr
-#undef HEADER_CAST_LOCL_H
-#include "c_enc.c"
-
-#undef CAST_PTR
-#define CAST_PTR2
-#undef E_CAST
-#undef CAST_encrypt
-#undef CAST_decrypt
-#undef CAST_cbc_encrypt
-#define CAST_encrypt CAST_encrypt_ptr2
-#define CAST_decrypt CAST_decrypt_ptr2
-#define CAST_cbc_encrypt CAST_cbc_encrypt_ptr2
-#undef HEADER_CAST_LOCL_H
-#include "c_enc.c"
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#define BUFSIZE ((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-double Time_F(int s)
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
- }
-
-#ifdef SIGALRM
-#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
-#else
-#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
-#endif
-
-#define time_it(func,name,index) \
- print_name(name); \
- Time_F(START); \
- for (count=0,run=1; COND(cb); count+=4) \
- { \
- unsigned long d[2]; \
- func(d,&sch); \
- func(d,&sch); \
- func(d,&sch); \
- func(d,&sch); \
- } \
- tm[index]=Time_F(STOP); \
- fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
- tm[index]=((double)COUNT(cb))/tm[index];
-
-#define print_it(name,index) \
- fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
- tm[index]*8,1.0e6/tm[index]);
-
-int main(int argc, char **argv)
- {
- long count;
- static unsigned char buf[BUFSIZE];
- static char key[16]={ 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
- CAST_KEY sch;
- double d,tm[16],max=0;
- int rank[16];
- char *str[16];
- int max_idx=0,i,num=0,j;
-#ifndef SIGALARM
- long ca,cb,cc,cd,ce;
-#endif
-
- for (i=0; i<12; i++)
- {
- tm[i]=0.0;
- rank[i]=0;
- }
-
-#ifndef TIMES
- fprintf(stderr,"To get the most accurate results, try to run this\n");
- fprintf(stderr,"program when this computer is idle.\n");
-#endif
-
- CAST_set_key(&sch,16,key);
-
-#ifndef SIGALRM
- fprintf(stderr,"First we calculate the approximate speed ...\n");
- count=10;
- do {
- long i;
- unsigned long data[2];
-
- count*=2;
- Time_F(START);
- for (i=count; i; i--)
- CAST_encrypt(data,&sch);
- d=Time_F(STOP);
- } while (d < 3.0);
- ca=count;
- cb=count*3;
- cc=count*3*8/BUFSIZE+1;
- cd=count*8/BUFSIZE+1;
-
- ce=count/20+1;
-#define COND(d) (count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
- alarm(10);
-#endif
-
- time_it(CAST_encrypt_normal, "CAST_encrypt_normal ", 0);
- time_it(CAST_encrypt_ptr, "CAST_encrypt_ptr ", 1);
- time_it(CAST_encrypt_ptr2, "CAST_encrypt_ptr2 ", 2);
- num+=3;
-
- str[0]="<nothing>";
- print_it("CAST_encrypt_normal ",0);
- max=tm[0];
- max_idx=0;
- str[1]="ptr ";
- print_it("CAST_encrypt_ptr ",1);
- if (max < tm[1]) { max=tm[1]; max_idx=1; }
- str[2]="ptr2 ";
- print_it("CAST_encrypt_ptr2 ",2);
- if (max < tm[2]) { max=tm[2]; max_idx=2; }
-
- printf("options CAST ecb/s\n");
- printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
- d=tm[max_idx];
- tm[max_idx]= -2.0;
- max= -1.0;
- for (;;)
- {
- for (i=0; i<3; i++)
- {
- if (max < tm[i]) { max=tm[i]; j=i; }
- }
- if (max < 0.0) break;
- printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
- tm[j]= -2.0;
- max= -1.0;
- }
-
- switch (max_idx)
- {
- case 0:
- printf("-DCAST_DEFAULT_OPTIONS\n");
- break;
- case 1:
- printf("-DCAST_PTR\n");
- break;
- case 2:
- printf("-DCAST_PTR2\n");
- break;
- }
- exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
- return(0);
-#endif
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cast/castopts.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cast/castopts.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cast/castopts.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/castopts.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,334 @@
+/* crypto/cast/castopts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * define PART1, PART2, PART3 or PART4 to build only with a few of the
+ * options. This is for machines with 64k code segment size restrictions.
+ */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
+# define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+#endif
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+ /*
+ * Depending on the VMS version, the tms structure is perhaps defined.
+ * The __TMS macro will show if it was. If it wasn't defined, we should
+ * undefine TIMES, since that tells the rest of the program how things
+ * should be handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+#ifndef TIMES
+# include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+#include <openssl/cast.h>
+#define CAST_DEFAULT_OPTIONS
+#undef E_CAST
+#define CAST_encrypt CAST_encrypt_normal
+#define CAST_decrypt CAST_decrypt_normal
+#define CAST_cbc_encrypt CAST_cbc_encrypt_normal
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+#define CAST_PTR
+#undef CAST_PTR2
+#undef E_CAST
+#undef CAST_encrypt
+#undef CAST_decrypt
+#undef CAST_cbc_encrypt
+#define CAST_encrypt CAST_encrypt_ptr
+#define CAST_decrypt CAST_decrypt_ptr
+#define CAST_cbc_encrypt CAST_cbc_encrypt_ptr
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+#undef CAST_PTR
+#define CAST_PTR2
+#undef E_CAST
+#undef CAST_encrypt
+#undef CAST_decrypt
+#undef CAST_cbc_encrypt
+#define CAST_encrypt CAST_encrypt_ptr2
+#define CAST_decrypt CAST_decrypt_ptr2
+#define CAST_cbc_encrypt CAST_cbc_encrypt_ptr2
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run = 0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi)
+# define SIGRETTYPE void
+# else
+# define SIGRETTYPE int
+# endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+{
+ signal(SIGALRM, sig_done);
+ run = 0;
+# ifdef LINT
+ sig = sig;
+# endif
+}
+#endif
+
+#define START 0
+#define STOP 1
+
+double Time_F(int s)
+{
+ double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#endif
+}
+
+#ifdef SIGALRM
+# define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+# define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+
+#define time_it(func,name,index) \
+ print_name(name); \
+ Time_F(START); \
+ for (count=0,run=1; COND(cb); count+=4) \
+ { \
+ unsigned long d[2]; \
+ func(d,&sch); \
+ func(d,&sch); \
+ func(d,&sch); \
+ func(d,&sch); \
+ } \
+ tm[index]=Time_F(STOP); \
+ fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+ tm[index]=((double)COUNT(cb))/tm[index];
+
+#define print_it(name,index) \
+ fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+ tm[index]*8,1.0e6/tm[index]);
+
+int main(int argc, char **argv)
+{
+ long count;
+ static unsigned char buf[BUFSIZE];
+ static char key[16] = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0
+ };
+ CAST_KEY sch;
+ double d, tm[16], max = 0;
+ int rank[16];
+ char *str[16];
+ int max_idx = 0, i, num = 0, j;
+#ifndef SIGALARM
+ long ca, cb, cc, cd, ce;
+#endif
+
+ for (i = 0; i < 12; i++) {
+ tm[i] = 0.0;
+ rank[i] = 0;
+ }
+
+#ifndef TIMES
+ fprintf(stderr, "To get the most accurate results, try to run this\n");
+ fprintf(stderr, "program when this computer is idle.\n");
+#endif
+
+ CAST_set_key(&sch, 16, key);
+
+#ifndef SIGALRM
+ fprintf(stderr, "First we calculate the approximate speed ...\n");
+ count = 10;
+ do {
+ long i;
+ unsigned long data[2];
+
+ count *= 2;
+ Time_F(START);
+ for (i = count; i; i--)
+ CAST_encrypt(data, &sch);
+ d = Time_F(STOP);
+ } while (d < 3.0);
+ ca = count;
+ cb = count * 3;
+ cc = count * 3 * 8 / BUFSIZE + 1;
+ cd = count * 8 / BUFSIZE + 1;
+
+ ce = count / 20 + 1;
+# define COND(d) (count != (d))
+# define COUNT(d) (d)
+#else
+# define COND(c) (run)
+# define COUNT(d) (count)
+ signal(SIGALRM, sig_done);
+ alarm(10);
+#endif
+
+ time_it(CAST_encrypt_normal, "CAST_encrypt_normal ", 0);
+ time_it(CAST_encrypt_ptr, "CAST_encrypt_ptr ", 1);
+ time_it(CAST_encrypt_ptr2, "CAST_encrypt_ptr2 ", 2);
+ num += 3;
+
+ str[0] = "<nothing>";
+ print_it("CAST_encrypt_normal ", 0);
+ max = tm[0];
+ max_idx = 0;
+ str[1] = "ptr ";
+ print_it("CAST_encrypt_ptr ", 1);
+ if (max < tm[1]) {
+ max = tm[1];
+ max_idx = 1;
+ }
+ str[2] = "ptr2 ";
+ print_it("CAST_encrypt_ptr2 ", 2);
+ if (max < tm[2]) {
+ max = tm[2];
+ max_idx = 2;
+ }
+
+ printf("options CAST ecb/s\n");
+ printf("%s %12.2f 100.0%%\n", str[max_idx], tm[max_idx]);
+ d = tm[max_idx];
+ tm[max_idx] = -2.0;
+ max = -1.0;
+ for (;;) {
+ for (i = 0; i < 3; i++) {
+ if (max < tm[i]) {
+ max = tm[i];
+ j = i;
+ }
+ }
+ if (max < 0.0)
+ break;
+ printf("%s %12.2f %4.1f%%\n", str[j], tm[j], tm[j] / d * 100.0);
+ tm[j] = -2.0;
+ max = -1.0;
+ }
+
+ switch (max_idx) {
+ case 0:
+ printf("-DCAST_DEFAULT_OPTIONS\n");
+ break;
+ case 1:
+ printf("-DCAST_PTR\n");
+ break;
+ case 2:
+ printf("-DCAST_PTR2\n");
+ break;
+ }
+ exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+ return (0);
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cast/casttest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cast/casttest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/casttest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,233 +0,0 @@
-/* crypto/cast/casttest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_CAST is defined */
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_CAST
-int main(int argc, char *argv[])
-{
- printf("No CAST support\n");
- return(0);
-}
-#else
-#include <openssl/cast.h>
-
-#define FULL_TEST
-
-static unsigned char k[16]={
- 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
- 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A
- };
-
-static unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
-
-static int k_len[3]={16,10,5};
-static unsigned char c[3][8]={
- {0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
- {0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
- {0x7A,0xC8,0x16,0xD1,0x6E,0x9B,0x30,0x2E},
- };
-static unsigned char out[80];
-
-static unsigned char in_a[16]={
- 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
- 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
-static unsigned char in_b[16]={
- 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
- 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
-
-static unsigned char c_a[16]={
- 0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
- 0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92};
-static unsigned char c_b[16]={
- 0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
- 0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E};
-
-#if 0
-char *text="Hello to all people out there";
-
-static unsigned char cfb_key[16]={
- 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
- 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
- };
-static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
-static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
-#define CFB_TEST_SIZE 24
-static unsigned char plain[CFB_TEST_SIZE]=
- {
- 0x4e,0x6f,0x77,0x20,0x69,0x73,
- 0x20,0x74,0x68,0x65,0x20,0x74,
- 0x69,0x6d,0x65,0x20,0x66,0x6f,
- 0x72,0x20,0x61,0x6c,0x6c,0x20
- };
-static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
- 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
- 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
- 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
-
-/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
- 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
- 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
- };
-#endif
-
-int main(int argc, char *argv[])
- {
-#ifdef FULL_TEST
- long l;
- CAST_KEY key_b;
-#endif
- int i,z,err=0;
- CAST_KEY key;
-
- for (z=0; z<3; z++)
- {
- CAST_set_key(&key,k_len[z],k);
-
- CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
- if (memcmp(out,&(c[z][0]),8) != 0)
- {
- printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8);
- printf("got :");
- for (i=0; i<8; i++)
- printf("%02X ",out[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<8; i++)
- printf("%02X ",c[z][i]);
- err=20;
- printf("\n");
- }
-
- CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
- if (memcmp(out,in,8) != 0)
- {
- printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8);
- printf("got :");
- for (i=0; i<8; i++)
- printf("%02X ",out[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<8; i++)
- printf("%02X ",in[i]);
- printf("\n");
- err=3;
- }
- }
- if (err == 0)
- printf("ecb cast5 ok\n");
-
-#ifdef FULL_TEST
- {
- unsigned char out_a[16],out_b[16];
- static char *hex="0123456789ABCDEF";
-
- printf("This test will take some time....");
- fflush(stdout);
- memcpy(out_a,in_a,sizeof(in_a));
- memcpy(out_b,in_b,sizeof(in_b));
- i=1;
-
- for (l=0; l<1000000L; l++)
- {
- CAST_set_key(&key_b,16,out_b);
- CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
- CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
- CAST_set_key(&key,16,out_a);
- CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
- CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
- if ((l & 0xffff) == 0xffff)
- {
- printf("%c",hex[i&0x0f]);
- fflush(stdout);
- i++;
- }
- }
-
- if ( (memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
- (memcmp(out_b,c_b,sizeof(c_b)) != 0))
- {
- printf("\n");
- printf("Error\n");
-
- printf("A out =");
- for (i=0; i<16; i++) printf("%02X ",out_a[i]);
- printf("\nactual=");
- for (i=0; i<16; i++) printf("%02X ",c_a[i]);
- printf("\n");
-
- printf("B out =");
- for (i=0; i<16; i++) printf("%02X ",out_b[i]);
- printf("\nactual=");
- for (i=0; i<16; i++) printf("%02X ",c_b[i]);
- printf("\n");
- }
- else
- printf(" ok\n");
- }
-#endif
-
- EXIT(err);
- return(err);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cast/casttest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cast/casttest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cast/casttest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cast/casttest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,241 @@
+/* crypto/cast/casttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_CAST is defined */
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_CAST
+int main(int argc, char *argv[])
+{
+ printf("No CAST support\n");
+ return (0);
+}
+#else
+# include <openssl/cast.h>
+
+# define FULL_TEST
+
+static unsigned char k[16] = {
+ 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
+ 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
+};
+
+static unsigned char in[8] =
+ { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF };
+
+static int k_len[3] = { 16, 10, 5 };
+
+static unsigned char c[3][8] = {
+ {0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2},
+ {0xEB, 0x6A, 0x71, 0x1A, 0x2C, 0x02, 0x27, 0x1B},
+ {0x7A, 0xC8, 0x16, 0xD1, 0x6E, 0x9B, 0x30, 0x2E},
+};
+
+static unsigned char out[80];
+
+static unsigned char in_a[16] = {
+ 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
+ 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
+};
+
+static unsigned char in_b[16] = {
+ 0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78,
+ 0x23, 0x45, 0x67, 0x89, 0x34, 0x56, 0x78, 0x9A
+};
+
+static unsigned char c_a[16] = {
+ 0xEE, 0xA9, 0xD0, 0xA2, 0x49, 0xFD, 0x3B, 0xA6,
+ 0xB3, 0x43, 0x6F, 0xB8, 0x9D, 0x6D, 0xCA, 0x92
+};
+
+static unsigned char c_b[16] = {
+ 0xB2, 0xC9, 0x5E, 0xB0, 0x0C, 0x31, 0xAD, 0x71,
+ 0x80, 0xAC, 0x05, 0xB8, 0xE8, 0x3D, 0x69, 0x6E
+};
+
+# if 0
+char *text = "Hello to all people out there";
+
+static unsigned char cfb_key[16] = {
+ 0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96,
+ 0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e,
+};
+static unsigned char cfb_iv[80] =
+ { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd };
+static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
+# define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE] = {
+ 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
+ 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
+ 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
+};
+
+static unsigned char cfb_cipher64[CFB_TEST_SIZE] = {
+ 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
+ 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
+ 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+ 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+ 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+};
+# endif
+
+int main(int argc, char *argv[])
+{
+# ifdef FULL_TEST
+ long l;
+ CAST_KEY key_b;
+# endif
+ int i, z, err = 0;
+ CAST_KEY key;
+
+ for (z = 0; z < 3; z++) {
+ CAST_set_key(&key, k_len[z], k);
+
+ CAST_ecb_encrypt(in, out, &key, CAST_ENCRYPT);
+ if (memcmp(out, &(c[z][0]), 8) != 0) {
+ printf("ecb cast error encrypting for keysize %d\n",
+ k_len[z] * 8);
+ printf("got :");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", c[z][i]);
+ err = 20;
+ printf("\n");
+ }
+
+ CAST_ecb_encrypt(out, out, &key, CAST_DECRYPT);
+ if (memcmp(out, in, 8) != 0) {
+ printf("ecb cast error decrypting for keysize %d\n",
+ k_len[z] * 8);
+ printf("got :");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", in[i]);
+ printf("\n");
+ err = 3;
+ }
+ }
+ if (err == 0)
+ printf("ecb cast5 ok\n");
+
+# ifdef FULL_TEST
+ {
+ unsigned char out_a[16], out_b[16];
+ static char *hex = "0123456789ABCDEF";
+
+ printf("This test will take some time....");
+ fflush(stdout);
+ memcpy(out_a, in_a, sizeof(in_a));
+ memcpy(out_b, in_b, sizeof(in_b));
+ i = 1;
+
+ for (l = 0; l < 1000000L; l++) {
+ CAST_set_key(&key_b, 16, out_b);
+ CAST_ecb_encrypt(&(out_a[0]), &(out_a[0]), &key_b, CAST_ENCRYPT);
+ CAST_ecb_encrypt(&(out_a[8]), &(out_a[8]), &key_b, CAST_ENCRYPT);
+ CAST_set_key(&key, 16, out_a);
+ CAST_ecb_encrypt(&(out_b[0]), &(out_b[0]), &key, CAST_ENCRYPT);
+ CAST_ecb_encrypt(&(out_b[8]), &(out_b[8]), &key, CAST_ENCRYPT);
+ if ((l & 0xffff) == 0xffff) {
+ printf("%c", hex[i & 0x0f]);
+ fflush(stdout);
+ i++;
+ }
+ }
+
+ if ((memcmp(out_a, c_a, sizeof(c_a)) != 0) ||
+ (memcmp(out_b, c_b, sizeof(c_b)) != 0)) {
+ printf("\n");
+ printf("Error\n");
+
+ printf("A out =");
+ for (i = 0; i < 16; i++)
+ printf("%02X ", out_a[i]);
+ printf("\nactual=");
+ for (i = 0; i < 16; i++)
+ printf("%02X ", c_a[i]);
+ printf("\n");
+
+ printf("B out =");
+ for (i = 0; i < 16; i++)
+ printf("%02X ", out_b[i]);
+ printf("\nactual=");
+ for (i = 0; i < 16; i++)
+ printf("%02X ", c_b[i]);
+ printf("\n");
+ } else
+ printf(" ok\n");
+ }
+# endif
+
+ EXIT(err);
+ return (err);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,474 +0,0 @@
-/* crypto/cms/cms.h */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#ifndef HEADER_CMS_H
-#define HEADER_CMS_H
-
-#include <openssl/x509.h>
-
-#ifdef OPENSSL_NO_CMS
-#error CMS is disabled.
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-typedef struct CMS_ContentInfo_st CMS_ContentInfo;
-typedef struct CMS_SignerInfo_st CMS_SignerInfo;
-typedef struct CMS_CertificateChoices CMS_CertificateChoices;
-typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
-typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
-typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
-typedef struct CMS_Receipt_st CMS_Receipt;
-
-DECLARE_STACK_OF(CMS_SignerInfo)
-DECLARE_STACK_OF(GENERAL_NAMES)
-DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo)
-DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
-
-#define CMS_SIGNERINFO_ISSUER_SERIAL 0
-#define CMS_SIGNERINFO_KEYIDENTIFIER 1
-
-#define CMS_RECIPINFO_TRANS 0
-#define CMS_RECIPINFO_AGREE 1
-#define CMS_RECIPINFO_KEK 2
-#define CMS_RECIPINFO_PASS 3
-#define CMS_RECIPINFO_OTHER 4
-
-/* S/MIME related flags */
-
-#define CMS_TEXT 0x1
-#define CMS_NOCERTS 0x2
-#define CMS_NO_CONTENT_VERIFY 0x4
-#define CMS_NO_ATTR_VERIFY 0x8
-#define CMS_NOSIGS \
- (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
-#define CMS_NOINTERN 0x10
-#define CMS_NO_SIGNER_CERT_VERIFY 0x20
-#define CMS_NOVERIFY 0x20
-#define CMS_DETACHED 0x40
-#define CMS_BINARY 0x80
-#define CMS_NOATTR 0x100
-#define CMS_NOSMIMECAP 0x200
-#define CMS_NOOLDMIMETYPE 0x400
-#define CMS_CRLFEOL 0x800
-#define CMS_STREAM 0x1000
-#define CMS_NOCRL 0x2000
-#define CMS_PARTIAL 0x4000
-#define CMS_REUSE_DIGEST 0x8000
-#define CMS_USE_KEYID 0x10000
-#define CMS_DEBUG_DECRYPT 0x20000
-
-const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
-
-BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
-int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
-
-ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
-int CMS_is_detached(CMS_ContentInfo *cms);
-int CMS_set_detached(CMS_ContentInfo *cms, int detached);
-
-#ifdef HEADER_PEM_H
-DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
-#endif
-
-CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
-int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
-
-CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
-int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
-
-int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
-
-CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
- BIO *data, unsigned int flags);
-
-CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
- X509 *signcert, EVP_PKEY *pkey,
- STACK_OF(X509) *certs,
- unsigned int flags);
-
-int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
-CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
-
-int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
- unsigned int flags);
-CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
- unsigned int flags);
-
-int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
- const unsigned char *key, size_t keylen,
- BIO *dcont, BIO *out, unsigned int flags);
-
-CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
- const unsigned char *key, size_t keylen,
- unsigned int flags);
-
-int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
- const unsigned char *key, size_t keylen);
-
-int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
- X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
-
-int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
- STACK_OF(X509) *certs,
- X509_STORE *store, unsigned int flags);
-
-STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
-
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
- const EVP_CIPHER *cipher, unsigned int flags);
-
-int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
- BIO *dcont, BIO *out,
- unsigned int flags);
-
-int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
-int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
- unsigned char *key, size_t keylen,
- unsigned char *id, size_t idlen);
-
-STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
-int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
-CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
-CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
- X509 *recip, unsigned int flags);
-int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
-int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
-int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
- EVP_PKEY **pk, X509 **recip,
- X509_ALGOR **palg);
-int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
- ASN1_OCTET_STRING **keyid,
- X509_NAME **issuer, ASN1_INTEGER **sno);
-
-CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
- unsigned char *key, size_t keylen,
- unsigned char *id, size_t idlen,
- ASN1_GENERALIZEDTIME *date,
- ASN1_OBJECT *otherTypeId,
- ASN1_TYPE *otherType);
-
-int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
- X509_ALGOR **palg,
- ASN1_OCTET_STRING **pid,
- ASN1_GENERALIZEDTIME **pdate,
- ASN1_OBJECT **potherid,
- ASN1_TYPE **pothertype);
-
-int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
- unsigned char *key, size_t keylen);
-
-int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
- const unsigned char *id, size_t idlen);
-
-int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
-
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
- unsigned int flags);
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
-
-int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
-const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
-
-CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
-int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
-int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
-STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
-
-CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
-int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
-STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
-
-int CMS_SignedData_init(CMS_ContentInfo *cms);
-CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
- X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
- unsigned int flags);
-STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
-
-void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
-int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
- ASN1_OCTET_STRING **keyid,
- X509_NAME **issuer, ASN1_INTEGER **sno);
-int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
-int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
- unsigned int flags);
-void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
- X509_ALGOR **pdig, X509_ALGOR **psig);
-int CMS_SignerInfo_sign(CMS_SignerInfo *si);
-int CMS_SignerInfo_verify(CMS_SignerInfo *si);
-int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
-
-int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
-int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
- int algnid, int keysize);
-int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
-
-int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
-int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
- int lastpos);
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
- int lastpos);
-X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
-X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
-int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
-int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
- const ASN1_OBJECT *obj, int type,
- const void *bytes, int len);
-int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
- int nid, int type,
- const void *bytes, int len);
-int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
- const char *attrname, int type,
- const void *bytes, int len);
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
- int lastpos, int type);
-
-int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
-int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
- int lastpos);
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
- int lastpos);
-X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
-X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
-int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
-int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
- const ASN1_OBJECT *obj, int type,
- const void *bytes, int len);
-int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
- int nid, int type,
- const void *bytes, int len);
-int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
- const char *attrname, int type,
- const void *bytes, int len);
-void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
- int lastpos, int type);
-
-#ifdef HEADER_X509V3_H
-
-int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
- int allorfirst,
- STACK_OF(GENERAL_NAMES) *receiptList,
- STACK_OF(GENERAL_NAMES) *receiptsTo);
-int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
-void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
- ASN1_STRING **pcid,
- int *pallorfirst,
- STACK_OF(GENERAL_NAMES) **plist,
- STACK_OF(GENERAL_NAMES) **prto);
-
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CMS_strings(void);
-
-/* Error codes for the CMS functions. */
-
-/* Function codes. */
-#define CMS_F_CHECK_CONTENT 99
-#define CMS_F_CMS_ADD0_CERT 164
-#define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
-#define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
-#define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
-#define CMS_F_CMS_ADD1_SIGNER 102
-#define CMS_F_CMS_ADD1_SIGNINGTIME 103
-#define CMS_F_CMS_COMPRESS 104
-#define CMS_F_CMS_COMPRESSEDDATA_CREATE 105
-#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106
-#define CMS_F_CMS_COPY_CONTENT 107
-#define CMS_F_CMS_COPY_MESSAGEDIGEST 108
-#define CMS_F_CMS_DATA 109
-#define CMS_F_CMS_DATAFINAL 110
-#define CMS_F_CMS_DATAINIT 111
-#define CMS_F_CMS_DECRYPT 112
-#define CMS_F_CMS_DECRYPT_SET1_KEY 113
-#define CMS_F_CMS_DECRYPT_SET1_PKEY 114
-#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
-#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
-#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117
-#define CMS_F_CMS_DIGEST_VERIFY 118
-#define CMS_F_CMS_ENCODE_RECEIPT 161
-#define CMS_F_CMS_ENCRYPT 119
-#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120
-#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121
-#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122
-#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123
-#define CMS_F_CMS_ENVELOPEDDATA_CREATE 124
-#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125
-#define CMS_F_CMS_ENVELOPED_DATA_INIT 126
-#define CMS_F_CMS_FINAL 127
-#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128
-#define CMS_F_CMS_GET0_CONTENT 129
-#define CMS_F_CMS_GET0_ECONTENT_TYPE 130
-#define CMS_F_CMS_GET0_ENVELOPED 131
-#define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
-#define CMS_F_CMS_GET0_SIGNED 133
-#define CMS_F_CMS_MSGSIGDIGEST_ADD1 162
-#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
-#define CMS_F_CMS_RECEIPT_VERIFY 160
-#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137
-#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
-#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
-#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
-#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
-#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
-#define CMS_F_CMS_SET_DETACHED 147
-#define CMS_F_CMS_SIGN 148
-#define CMS_F_CMS_SIGNED_DATA_INIT 149
-#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150
-#define CMS_F_CMS_SIGNERINFO_SIGN 151
-#define CMS_F_CMS_SIGNERINFO_VERIFY 152
-#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153
-#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154
-#define CMS_F_CMS_SIGN_RECEIPT 163
-#define CMS_F_CMS_STREAM 155
-#define CMS_F_CMS_UNCOMPRESS 156
-#define CMS_F_CMS_VERIFY 157
-
-/* Reason codes. */
-#define CMS_R_ADD_SIGNER_ERROR 99
-#define CMS_R_CERTIFICATE_ALREADY_PRESENT 175
-#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160
-#define CMS_R_CERTIFICATE_VERIFY_ERROR 100
-#define CMS_R_CIPHER_INITIALISATION_ERROR 101
-#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102
-#define CMS_R_CMS_DATAFINAL_ERROR 103
-#define CMS_R_CMS_LIB 104
-#define CMS_R_CONTENTIDENTIFIER_MISMATCH 170
-#define CMS_R_CONTENT_NOT_FOUND 105
-#define CMS_R_CONTENT_TYPE_MISMATCH 171
-#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106
-#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107
-#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108
-#define CMS_R_CONTENT_VERIFY_ERROR 109
-#define CMS_R_CTRL_ERROR 110
-#define CMS_R_CTRL_FAILURE 111
-#define CMS_R_DECRYPT_ERROR 112
-#define CMS_R_DIGEST_ERROR 161
-#define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
-#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
-#define CMS_R_ERROR_SETTING_KEY 115
-#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
-#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
-#define CMS_R_INVALID_KEY_LENGTH 118
-#define CMS_R_MD_BIO_INIT_ERROR 119
-#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
-#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121
-#define CMS_R_MSGSIGDIGEST_ERROR 172
-#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162
-#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163
-#define CMS_R_NEED_ONE_SIGNER 164
-#define CMS_R_NOT_A_SIGNED_RECEIPT 165
-#define CMS_R_NOT_ENCRYPTED_DATA 122
-#define CMS_R_NOT_KEK 123
-#define CMS_R_NOT_KEY_TRANSPORT 124
-#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
-#define CMS_R_NO_CIPHER 126
-#define CMS_R_NO_CONTENT 127
-#define CMS_R_NO_CONTENT_TYPE 173
-#define CMS_R_NO_DEFAULT_DIGEST 128
-#define CMS_R_NO_DIGEST_SET 129
-#define CMS_R_NO_KEY 130
-#define CMS_R_NO_KEY_OR_CERT 174
-#define CMS_R_NO_MATCHING_DIGEST 131
-#define CMS_R_NO_MATCHING_RECIPIENT 132
-#define CMS_R_NO_MATCHING_SIGNATURE 166
-#define CMS_R_NO_MSGSIGDIGEST 167
-#define CMS_R_NO_PRIVATE_KEY 133
-#define CMS_R_NO_PUBLIC_KEY 134
-#define CMS_R_NO_RECEIPT_REQUEST 168
-#define CMS_R_NO_SIGNERS 135
-#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136
-#define CMS_R_RECEIPT_DECODE_ERROR 169
-#define CMS_R_RECIPIENT_ERROR 137
-#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138
-#define CMS_R_SIGNFINAL_ERROR 139
-#define CMS_R_SMIME_TEXT_ERROR 140
-#define CMS_R_STORE_INIT_ERROR 141
-#define CMS_R_TYPE_NOT_COMPRESSED_DATA 142
-#define CMS_R_TYPE_NOT_DATA 143
-#define CMS_R_TYPE_NOT_DIGESTED_DATA 144
-#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145
-#define CMS_R_TYPE_NOT_ENVELOPED_DATA 146
-#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147
-#define CMS_R_UNKNOWN_CIPHER 148
-#define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149
-#define CMS_R_UNKNOWN_ID 150
-#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
-#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
-#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
-#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
-#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155
-#define CMS_R_UNSUPPORTED_TYPE 156
-#define CMS_R_UNWRAP_ERROR 157
-#define CMS_R_VERIFICATION_FAILURE 158
-#define CMS_R_WRAP_ERROR 159
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms.h (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,476 @@
+/* crypto/cms/cms.h */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_CMS_H
+# define HEADER_CMS_H
+
+# include <openssl/x509.h>
+
+# ifdef OPENSSL_NO_CMS
+# error CMS is disabled.
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct CMS_ContentInfo_st CMS_ContentInfo;
+typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_CertificateChoices CMS_CertificateChoices;
+typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
+typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
+typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
+typedef struct CMS_Receipt_st CMS_Receipt;
+
+DECLARE_STACK_OF(CMS_SignerInfo)
+DECLARE_STACK_OF(GENERAL_NAMES)
+DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo)
+DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+
+# define CMS_SIGNERINFO_ISSUER_SERIAL 0
+# define CMS_SIGNERINFO_KEYIDENTIFIER 1
+
+# define CMS_RECIPINFO_TRANS 0
+# define CMS_RECIPINFO_AGREE 1
+# define CMS_RECIPINFO_KEK 2
+# define CMS_RECIPINFO_PASS 3
+# define CMS_RECIPINFO_OTHER 4
+
+/* S/MIME related flags */
+
+# define CMS_TEXT 0x1
+# define CMS_NOCERTS 0x2
+# define CMS_NO_CONTENT_VERIFY 0x4
+# define CMS_NO_ATTR_VERIFY 0x8
+# define CMS_NOSIGS \
+ (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
+# define CMS_NOINTERN 0x10
+# define CMS_NO_SIGNER_CERT_VERIFY 0x20
+# define CMS_NOVERIFY 0x20
+# define CMS_DETACHED 0x40
+# define CMS_BINARY 0x80
+# define CMS_NOATTR 0x100
+# define CMS_NOSMIMECAP 0x200
+# define CMS_NOOLDMIMETYPE 0x400
+# define CMS_CRLFEOL 0x800
+# define CMS_STREAM 0x1000
+# define CMS_NOCRL 0x2000
+# define CMS_PARTIAL 0x4000
+# define CMS_REUSE_DIGEST 0x8000
+# define CMS_USE_KEYID 0x10000
+# define CMS_DEBUG_DECRYPT 0x20000
+
+const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
+int CMS_is_detached(CMS_ContentInfo *cms);
+int CMS_set_detached(CMS_ContentInfo *cms, int detached);
+
+# ifdef HEADER_PEM_H
+DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
+# endif
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
+
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
+ unsigned int flags);
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
+ STACK_OF(X509) *certs, BIO *data,
+ unsigned int flags);
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+ X509 *signcert, EVP_PKEY *pkey,
+ STACK_OF(X509) *certs, unsigned int flags);
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags);
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+ unsigned int flags);
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+ const unsigned char *key, size_t keylen,
+ BIO *dcont, BIO *out, unsigned int flags);
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+ const unsigned char *key,
+ size_t keylen, unsigned int flags);
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+ const unsigned char *key, size_t keylen);
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+ X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+ STACK_OF(X509) *certs,
+ X509_STORE *store, unsigned int flags);
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+ const EVP_CIPHER *cipher, unsigned int flags);
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+ BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+ unsigned char *key, size_t keylen,
+ unsigned char *id, size_t idlen);
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+ X509 *recip, unsigned int flags);
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+ EVP_PKEY **pk, X509 **recip,
+ X509_ALGOR **palg);
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer,
+ ASN1_INTEGER **sno);
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+ unsigned char *key, size_t keylen,
+ unsigned char *id, size_t idlen,
+ ASN1_GENERALIZEDTIME *date,
+ ASN1_OBJECT *otherTypeId,
+ ASN1_TYPE *otherType);
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+ X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pid,
+ ASN1_GENERALIZEDTIME **pdate,
+ ASN1_OBJECT **potherid,
+ ASN1_TYPE **pothertype);
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+ unsigned char *key, size_t keylen);
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+ const unsigned char *id, size_t idlen);
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags);
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+
+int CMS_SignedData_init(CMS_ContentInfo *cms);
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+ X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+ unsigned int flags);
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+ unsigned int flags);
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
+ X509 **signer, X509_ALGOR **pdig,
+ X509_ALGOR **psig);
+int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+ int algnid, int keysize);
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+ int lastpos);
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+ int lastpos);
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int type,
+ const void *bytes, int len);
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+ int nid, int type,
+ const void *bytes, int len);
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+ const char *attrname, int type,
+ const void *bytes, int len);
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+ int lastpos, int type);
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+ int lastpos);
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+ int lastpos);
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int type,
+ const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+ int nid, int type,
+ const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+ const char *attrname, int type,
+ const void *bytes, int len);
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+ int lastpos, int type);
+
+# ifdef HEADER_X509V3_H
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+ int allorfirst,
+ STACK_OF(GENERAL_NAMES)
+ *receiptList, STACK_OF(GENERAL_NAMES)
+ *receiptsTo);
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+ ASN1_STRING **pcid,
+ int *pallorfirst,
+ STACK_OF(GENERAL_NAMES) **plist,
+ STACK_OF(GENERAL_NAMES) **prto);
+
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_CMS_strings(void);
+
+/* Error codes for the CMS functions. */
+
+/* Function codes. */
+# define CMS_F_CHECK_CONTENT 99
+# define CMS_F_CMS_ADD0_CERT 164
+# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
+# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
+# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
+# define CMS_F_CMS_ADD1_SIGNER 102
+# define CMS_F_CMS_ADD1_SIGNINGTIME 103
+# define CMS_F_CMS_COMPRESS 104
+# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105
+# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106
+# define CMS_F_CMS_COPY_CONTENT 107
+# define CMS_F_CMS_COPY_MESSAGEDIGEST 108
+# define CMS_F_CMS_DATA 109
+# define CMS_F_CMS_DATAFINAL 110
+# define CMS_F_CMS_DATAINIT 111
+# define CMS_F_CMS_DECRYPT 112
+# define CMS_F_CMS_DECRYPT_SET1_KEY 113
+# define CMS_F_CMS_DECRYPT_SET1_PKEY 114
+# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
+# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
+# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117
+# define CMS_F_CMS_DIGEST_VERIFY 118
+# define CMS_F_CMS_ENCODE_RECEIPT 161
+# define CMS_F_CMS_ENCRYPT 119
+# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120
+# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121
+# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122
+# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123
+# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124
+# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125
+# define CMS_F_CMS_ENVELOPED_DATA_INIT 126
+# define CMS_F_CMS_FINAL 127
+# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128
+# define CMS_F_CMS_GET0_CONTENT 129
+# define CMS_F_CMS_GET0_ECONTENT_TYPE 130
+# define CMS_F_CMS_GET0_ENVELOPED 131
+# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
+# define CMS_F_CMS_GET0_SIGNED 133
+# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162
+# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
+# define CMS_F_CMS_RECEIPT_VERIFY 160
+# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
+# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
+# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136
+# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137
+# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
+# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
+# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
+# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
+# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
+# define CMS_F_CMS_SET_DETACHED 147
+# define CMS_F_CMS_SIGN 148
+# define CMS_F_CMS_SIGNED_DATA_INIT 149
+# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150
+# define CMS_F_CMS_SIGNERINFO_SIGN 151
+# define CMS_F_CMS_SIGNERINFO_VERIFY 152
+# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153
+# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154
+# define CMS_F_CMS_SIGN_RECEIPT 163
+# define CMS_F_CMS_STREAM 155
+# define CMS_F_CMS_UNCOMPRESS 156
+# define CMS_F_CMS_VERIFY 157
+
+/* Reason codes. */
+# define CMS_R_ADD_SIGNER_ERROR 99
+# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175
+# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160
+# define CMS_R_CERTIFICATE_VERIFY_ERROR 100
+# define CMS_R_CIPHER_INITIALISATION_ERROR 101
+# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102
+# define CMS_R_CMS_DATAFINAL_ERROR 103
+# define CMS_R_CMS_LIB 104
+# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170
+# define CMS_R_CONTENT_NOT_FOUND 105
+# define CMS_R_CONTENT_TYPE_MISMATCH 171
+# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106
+# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107
+# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108
+# define CMS_R_CONTENT_VERIFY_ERROR 109
+# define CMS_R_CTRL_ERROR 110
+# define CMS_R_CTRL_FAILURE 111
+# define CMS_R_DECRYPT_ERROR 112
+# define CMS_R_DIGEST_ERROR 161
+# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
+# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
+# define CMS_R_ERROR_SETTING_KEY 115
+# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
+# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
+# define CMS_R_INVALID_KEY_LENGTH 118
+# define CMS_R_MD_BIO_INIT_ERROR 119
+# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
+# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121
+# define CMS_R_MSGSIGDIGEST_ERROR 172
+# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162
+# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163
+# define CMS_R_NEED_ONE_SIGNER 164
+# define CMS_R_NOT_A_SIGNED_RECEIPT 165
+# define CMS_R_NOT_ENCRYPTED_DATA 122
+# define CMS_R_NOT_KEK 123
+# define CMS_R_NOT_KEY_TRANSPORT 124
+# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
+# define CMS_R_NO_CIPHER 126
+# define CMS_R_NO_CONTENT 127
+# define CMS_R_NO_CONTENT_TYPE 173
+# define CMS_R_NO_DEFAULT_DIGEST 128
+# define CMS_R_NO_DIGEST_SET 129
+# define CMS_R_NO_KEY 130
+# define CMS_R_NO_KEY_OR_CERT 174
+# define CMS_R_NO_MATCHING_DIGEST 131
+# define CMS_R_NO_MATCHING_RECIPIENT 132
+# define CMS_R_NO_MATCHING_SIGNATURE 166
+# define CMS_R_NO_MSGSIGDIGEST 167
+# define CMS_R_NO_PRIVATE_KEY 133
+# define CMS_R_NO_PUBLIC_KEY 134
+# define CMS_R_NO_RECEIPT_REQUEST 168
+# define CMS_R_NO_SIGNERS 135
+# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136
+# define CMS_R_RECEIPT_DECODE_ERROR 169
+# define CMS_R_RECIPIENT_ERROR 137
+# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138
+# define CMS_R_SIGNFINAL_ERROR 139
+# define CMS_R_SMIME_TEXT_ERROR 140
+# define CMS_R_STORE_INIT_ERROR 141
+# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142
+# define CMS_R_TYPE_NOT_DATA 143
+# define CMS_R_TYPE_NOT_DIGESTED_DATA 144
+# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145
+# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146
+# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147
+# define CMS_R_UNKNOWN_CIPHER 148
+# define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149
+# define CMS_R_UNKNOWN_ID 150
+# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
+# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
+# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
+# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
+# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155
+# define CMS_R_UNSUPPORTED_TYPE 156
+# define CMS_R_UNWRAP_ERROR 157
+# define CMS_R_VERIFICATION_FAILURE 158
+# define CMS_R_WRAP_ERROR 159
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_asn1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_asn1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,346 +0,0 @@
-/* crypto/cms/cms_asn1.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include "cms.h"
-#include "cms_lcl.h"
-
-
-ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
- ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
- ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
-
-ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
- ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
- ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
-
-ASN1_CHOICE(CMS_CertificateChoices) = {
- ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
- ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
- ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
- ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
- ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
-} ASN1_CHOICE_END(CMS_CertificateChoices)
-
-ASN1_CHOICE(CMS_SignerIdentifier) = {
- ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
- ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
-} ASN1_CHOICE_END(CMS_SignerIdentifier)
-
-ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
- ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
- ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
-
-/* Minor tweak to operation: free up signer key, cert */
-static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- if(operation == ASN1_OP_FREE_POST)
- {
- CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
- if (si->pkey)
- EVP_PKEY_free(si->pkey);
- if (si->signer)
- X509_free(si->signer);
- }
- return 1;
- }
-
-ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
- ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
- ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
- ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
- ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
- ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
- ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
-} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
-
-ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
- ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
- ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
-
-ASN1_CHOICE(CMS_RevocationInfoChoice) = {
- ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
- ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
-} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
-
-ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
- ASN1_SIMPLE(CMS_SignedData, version, LONG),
- ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
- ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
- ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
- ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
- ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
-} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
-
-ASN1_SEQUENCE(CMS_OriginatorInfo) = {
- ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
- ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
-} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
-
-ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
- ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
- ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
- ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
-
-ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
- ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
- ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
- ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
-
-ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
- ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
- ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
-
-ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
- ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
- ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
- ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
-} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
-
-ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
- ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
- ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
-} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
-
-ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
- ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
- ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
-
-ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
- ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
- ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
-
-ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
- ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
- ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
- ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
-} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
-
-ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
- ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
- ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
- ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
- ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
- ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
-} ASN1_SEQUENCE_END(CMS_KeyAgreeRecipientInfo)
-
-ASN1_SEQUENCE(CMS_KEKIdentifier) = {
- ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
- ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
- ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
-} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
-
-ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
- ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
- ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
- ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
-
-ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
- ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
- ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
- ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
-
-ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
- ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
- ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
-
-/* Free up RecipientInfo additional data */
-static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
- {
- if(operation == ASN1_OP_FREE_PRE)
- {
- CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
- if (ri->type == CMS_RECIPINFO_TRANS)
- {
- CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
- if (ktri->pkey)
- EVP_PKEY_free(ktri->pkey);
- if (ktri->recip)
- X509_free(ktri->recip);
- }
- else if (ri->type == CMS_RECIPINFO_KEK)
- {
- CMS_KEKRecipientInfo *kekri = ri->d.kekri;
- if (kekri->key)
- {
- OPENSSL_cleanse(kekri->key, kekri->keylen);
- OPENSSL_free(kekri->key);
- }
- }
- }
- return 1;
- }
-
-ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
- ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
- ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
- ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
- ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
- ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
-} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
-
-ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
- ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
- ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
- ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
- ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
- ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
-} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
-
-ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
- ASN1_SIMPLE(CMS_DigestedData, version, LONG),
- ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
- ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
-} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
-
-ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
- ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
- ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
- ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
-
-ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
- ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
- ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
- ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
- ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
- ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
- ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
- ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
- ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
- ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
-} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
-
-ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
- ASN1_SIMPLE(CMS_CompressedData, version, LONG),
- ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
-
-/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
-
-ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
-
-ASN1_ADB(CMS_ContentInfo) = {
- ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
- ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
- ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
- ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
- ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
- ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
- ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
-} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
-
-ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = {
- ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
- ASN1_ADB_OBJECT(CMS_ContentInfo)
-} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo)
-
-/* Specials for signed attributes */
-
-/* When signing attributes we want to reorder them to match the sorted
- * encoding.
- */
-
-ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
-ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
-
-/* When verifying attributes we need to use the received order. So
- * we use SEQUENCE OF and tag it to SET OF
- */
-
-ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
- V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
-ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
-
-
-
-ASN1_CHOICE(CMS_ReceiptsFrom) = {
- ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
- ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
-} ASN1_CHOICE_END(CMS_ReceiptsFrom)
-
-ASN1_SEQUENCE(CMS_ReceiptRequest) = {
- ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
- ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
- ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
-} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
-
-ASN1_SEQUENCE(CMS_Receipt) = {
- ASN1_SIMPLE(CMS_Receipt, version, LONG),
- ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
- ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
- ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(CMS_Receipt)
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_asn1.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_asn1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_asn1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,342 @@
+/* crypto/cms/cms_asn1.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+
+ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
+ ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
+ ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
+
+ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
+ ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
+ ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
+
+ASN1_CHOICE(CMS_CertificateChoices) = {
+ ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
+ ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
+ ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
+ ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
+ ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
+} ASN1_CHOICE_END(CMS_CertificateChoices)
+
+ASN1_CHOICE(CMS_SignerIdentifier) = {
+ ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+ ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
+} ASN1_CHOICE_END(CMS_SignerIdentifier)
+
+ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
+ ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
+ ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
+
+/* Minor tweak to operation: free up signer key, cert */
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if (operation == ASN1_OP_FREE_POST) {
+ CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
+ if (si->pkey)
+ EVP_PKEY_free(si->pkey);
+ if (si->signer)
+ X509_free(si->signer);
+ }
+ return 1;
+}
+
+ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
+ ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
+ ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
+ ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
+ ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
+ ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
+ ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
+
+ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
+ ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
+ ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
+
+ASN1_CHOICE(CMS_RevocationInfoChoice) = {
+ ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
+ ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
+} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
+
+ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
+ ASN1_SIMPLE(CMS_SignedData, version, LONG),
+ ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
+ ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+ ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+ ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
+ ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
+} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
+
+ASN1_SEQUENCE(CMS_OriginatorInfo) = {
+ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
+} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
+ ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
+ ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
+ ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
+
+ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
+ ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
+ ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
+ ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
+ ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
+ ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
+
+ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
+ ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
+ ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
+ ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
+} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
+
+ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
+ ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+ ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
+} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
+
+ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
+ ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
+ ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
+
+ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
+ ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
+
+ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
+ ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+ ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
+ ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
+} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
+
+ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
+ ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
+ ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
+ ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
+ ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+ ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
+} ASN1_SEQUENCE_END(CMS_KeyAgreeRecipientInfo)
+
+ASN1_SEQUENCE(CMS_KEKIdentifier) = {
+ ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
+ ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
+ ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
+} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
+
+ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
+ ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
+ ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
+ ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
+
+ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
+ ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
+ ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
+ ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
+ ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
+ ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
+
+/* Free up RecipientInfo additional data */
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if (operation == ASN1_OP_FREE_PRE) {
+ CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
+ if (ri->type == CMS_RECIPINFO_TRANS) {
+ CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+ if (ktri->pkey)
+ EVP_PKEY_free(ktri->pkey);
+ if (ktri->recip)
+ X509_free(ktri->recip);
+ } else if (ri->type == CMS_RECIPINFO_KEK) {
+ CMS_KEKRecipientInfo *kekri = ri->d.kekri;
+ if (kekri->key) {
+ OPENSSL_cleanse(kekri->key, kekri->keylen);
+ OPENSSL_free(kekri->key);
+ }
+ }
+ }
+ return 1;
+}
+
+ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
+ ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
+ ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
+ ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
+ ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
+ ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
+} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
+
+ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
+ ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
+ ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
+ ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
+ ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+ ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
+
+ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
+ ASN1_SIMPLE(CMS_DigestedData, version, LONG),
+ ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+ ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
+ ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
+ ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+ ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
+
+ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
+ ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
+ ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
+ ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
+ ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
+ ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
+ ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+ ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
+ ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
+ ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
+} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
+
+ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
+ ASN1_SIMPLE(CMS_CompressedData, version, LONG),
+ ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
+
+/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
+
+ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(CMS_ContentInfo) = {
+ ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+ ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
+ ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
+ ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
+ ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
+ ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
+ ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
+} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
+
+ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = {
+ ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
+ ASN1_ADB_OBJECT(CMS_ContentInfo)
+} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo)
+
+/* Specials for signed attributes */
+
+/*
+ * When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
+
+/*
+ * When verifying attributes we need to use the received order. So we use
+ * SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+ V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
+
+
+
+ASN1_CHOICE(CMS_ReceiptsFrom) = {
+ ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
+ ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
+} ASN1_CHOICE_END(CMS_ReceiptsFrom)
+
+ASN1_SEQUENCE(CMS_ReceiptRequest) = {
+ ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
+ ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
+} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
+
+ASN1_SEQUENCE(CMS_Receipt) = {
+ ASN1_SIMPLE(CMS_Receipt, version, LONG),
+ ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
+ ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_Receipt)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_att.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_att.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_att.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,195 +0,0 @@
-/* crypto/cms/cms_att.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include "cms.h"
-#include "cms_lcl.h"
-
-/* CMS SignedData Attribute utilities */
-
-int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
-{
- return X509at_get_attr_count(si->signedAttrs);
-}
-
-int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
- int lastpos)
-{
- return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
-}
-
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
- int lastpos)
-{
- return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
-}
-
-X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
-{
- return X509at_get_attr(si->signedAttrs, loc);
-}
-
-X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
-{
- return X509at_delete_attr(si->signedAttrs, loc);
-}
-
-int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
-{
- if(X509at_add1_attr(&si->signedAttrs, attr)) return 1;
- return 0;
-}
-
-int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
- const ASN1_OBJECT *obj, int type,
- const void *bytes, int len)
-{
- if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj,
- type, bytes, len)) return 1;
- return 0;
-}
-
-int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
- int nid, int type,
- const void *bytes, int len)
-{
- if(X509at_add1_attr_by_NID(&si->signedAttrs, nid,
- type, bytes, len)) return 1;
- return 0;
-}
-
-int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
- const char *attrname, int type,
- const void *bytes, int len)
-{
- if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname,
- type, bytes, len)) return 1;
- return 0;
-}
-
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
- int lastpos, int type)
-{
- return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
-}
-
-int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
-{
- return X509at_get_attr_count(si->unsignedAttrs);
-}
-
-int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
- int lastpos)
-{
- return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
-}
-
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
- int lastpos)
-{
- return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
-}
-
-X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
-{
- return X509at_get_attr(si->unsignedAttrs, loc);
-}
-
-X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
-{
- return X509at_delete_attr(si->unsignedAttrs, loc);
-}
-
-int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
-{
- if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1;
- return 0;
-}
-
-int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
- const ASN1_OBJECT *obj, int type,
- const void *bytes, int len)
-{
- if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj,
- type, bytes, len)) return 1;
- return 0;
-}
-
-int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
- int nid, int type,
- const void *bytes, int len)
-{
- if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid,
- type, bytes, len)) return 1;
- return 0;
-}
-
-int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
- const char *attrname, int type,
- const void *bytes, int len)
-{
- if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
- type, bytes, len)) return 1;
- return 0;
-}
-
-void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
- int lastpos, int type)
-{
- return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
-}
-
-/* Specific attribute cases */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_att.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_att.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_att.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_att.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,197 @@
+/* crypto/cms/cms_att.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+/* CMS SignedData Attribute utilities */
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
+{
+ return X509at_get_attr_count(si->signedAttrs);
+}
+
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
+{
+ return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
+}
+
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+ int lastpos)
+{
+ return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
+{
+ return X509at_get_attr(si->signedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
+{
+ return X509at_delete_attr(si->signedAttrs, loc);
+}
+
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+ if (X509at_add1_attr(&si->signedAttrs, attr))
+ return 1;
+ return 0;
+}
+
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int type,
+ const void *bytes, int len)
+{
+ if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
+ return 1;
+ return 0;
+}
+
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+ int nid, int type, const void *bytes, int len)
+{
+ if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
+ return 1;
+ return 0;
+}
+
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+ const char *attrname, int type,
+ const void *bytes, int len)
+{
+ if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len))
+ return 1;
+ return 0;
+}
+
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+ int lastpos, int type)
+{
+ return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
+}
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
+{
+ return X509at_get_attr_count(si->unsignedAttrs);
+}
+
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+ int lastpos)
+{
+ return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
+}
+
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+ int lastpos)
+{
+ return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
+{
+ return X509at_get_attr(si->unsignedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
+{
+ return X509at_delete_attr(si->unsignedAttrs, loc);
+}
+
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+ if (X509at_add1_attr(&si->unsignedAttrs, attr))
+ return 1;
+ return 0;
+}
+
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int type,
+ const void *bytes, int len)
+{
+ if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
+ return 1;
+ return 0;
+}
+
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+ int nid, int type,
+ const void *bytes, int len)
+{
+ if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
+ return 1;
+ return 0;
+}
+
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+ const char *attrname, int type,
+ const void *bytes, int len)
+{
+ if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
+ type, bytes, len))
+ return 1;
+ return 0;
+}
+
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+ int lastpos, int type)
+{
+ return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
+}
+
+/* Specific attribute cases */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_cd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_cd.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_cd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,136 +0,0 @@
-/* crypto/cms/cms_cd.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include <openssl/bio.h>
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include "cms_lcl.h"
-
-DECLARE_ASN1_ITEM(CMS_CompressedData)
-
-#ifdef ZLIB
-
-/* CMS CompressedData Utilities */
-
-CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
- {
- CMS_ContentInfo *cms;
- CMS_CompressedData *cd;
- /* Will need something cleverer if there is ever more than one
- * compression algorithm or parameters have some meaning...
- */
- if (comp_nid != NID_zlib_compression)
- {
- CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
- CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- return NULL;
- }
- cms = CMS_ContentInfo_new();
- if (!cms)
- return NULL;
-
- cd = M_ASN1_new_of(CMS_CompressedData);
-
- if (!cd)
- goto err;
-
- cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
- cms->d.compressedData = cd;
-
- cd->version = 0;
-
- X509_ALGOR_set0(cd->compressionAlgorithm,
- OBJ_nid2obj(NID_zlib_compression),
- V_ASN1_UNDEF, NULL);
-
- cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
-
- return cms;
-
- err:
-
- if (cms)
- CMS_ContentInfo_free(cms);
-
- return NULL;
- }
-
-BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
- {
- CMS_CompressedData *cd;
- ASN1_OBJECT *compoid;
- if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData)
- {
- CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
- CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
- return NULL;
- }
- cd = cms->d.compressedData;
- X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
- if (OBJ_obj2nid(compoid) != NID_zlib_compression)
- {
- CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
- CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- return NULL;
- }
- return BIO_new(BIO_f_zlib());
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_cd.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_cd.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_cd.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_cd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,134 @@
+/* crypto/cms/cms_cd.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/bio.h>
+#ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+#endif
+#include "cms_lcl.h"
+
+DECLARE_ASN1_ITEM(CMS_CompressedData)
+
+#ifdef ZLIB
+
+/* CMS CompressedData Utilities */
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
+{
+ CMS_ContentInfo *cms;
+ CMS_CompressedData *cd;
+ /*
+ * Will need something cleverer if there is ever more than one
+ * compression algorithm or parameters have some meaning...
+ */
+ if (comp_nid != NID_zlib_compression) {
+ CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
+ CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+ return NULL;
+ }
+ cms = CMS_ContentInfo_new();
+ if (!cms)
+ return NULL;
+
+ cd = M_ASN1_new_of(CMS_CompressedData);
+
+ if (!cd)
+ goto err;
+
+ cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
+ cms->d.compressedData = cd;
+
+ cd->version = 0;
+
+ X509_ALGOR_set0(cd->compressionAlgorithm,
+ OBJ_nid2obj(NID_zlib_compression), V_ASN1_UNDEF, NULL);
+
+ cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+ return cms;
+
+ err:
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+
+ return NULL;
+}
+
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
+{
+ CMS_CompressedData *cd;
+ ASN1_OBJECT *compoid;
+ if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) {
+ CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+ CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
+ return NULL;
+ }
+ cd = cms->d.compressedData;
+ X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
+ if (OBJ_obj2nid(compoid) != NID_zlib_compression) {
+ CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+ CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+ return NULL;
+ }
+ return BIO_new(BIO_f_zlib());
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_dd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_dd.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_dd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,148 +0,0 @@
-/* crypto/cms/cms_dd.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include "cms_lcl.h"
-
-DECLARE_ASN1_ITEM(CMS_DigestedData)
-
-/* CMS DigestedData Utilities */
-
-CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
- {
- CMS_ContentInfo *cms;
- CMS_DigestedData *dd;
- cms = CMS_ContentInfo_new();
- if (!cms)
- return NULL;
-
- dd = M_ASN1_new_of(CMS_DigestedData);
-
- if (!dd)
- goto err;
-
- cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
- cms->d.digestedData = dd;
-
- dd->version = 0;
- dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
-
- cms_DigestAlgorithm_set(dd->digestAlgorithm, md);
-
- return cms;
-
- err:
-
- if (cms)
- CMS_ContentInfo_free(cms);
-
- return NULL;
- }
-
-BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
- {
- CMS_DigestedData *dd;
- dd = cms->d.digestedData;
- return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
- }
-
-int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
- {
- EVP_MD_CTX mctx;
- unsigned char md[EVP_MAX_MD_SIZE];
- unsigned int mdlen;
- int r = 0;
- CMS_DigestedData *dd;
- EVP_MD_CTX_init(&mctx);
-
- dd = cms->d.digestedData;
-
- if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
- goto err;
-
- if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
- goto err;
-
- if (verify)
- {
- if (mdlen != (unsigned int)dd->digest->length)
- {
- CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
- CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
- goto err;
- }
-
- if (memcmp(md, dd->digest->data, mdlen))
- CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
- CMS_R_VERIFICATION_FAILURE);
- else
- r = 1;
- }
- else
- {
- if (!ASN1_STRING_set(dd->digest, md, mdlen))
- goto err;
- r = 1;
- }
-
- err:
- EVP_MD_CTX_cleanup(&mctx);
-
- return r;
-
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_dd.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_dd.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_dd.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_dd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,145 @@
+/* crypto/cms/cms_dd.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+DECLARE_ASN1_ITEM(CMS_DigestedData)
+
+/* CMS DigestedData Utilities */
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
+{
+ CMS_ContentInfo *cms;
+ CMS_DigestedData *dd;
+ cms = CMS_ContentInfo_new();
+ if (!cms)
+ return NULL;
+
+ dd = M_ASN1_new_of(CMS_DigestedData);
+
+ if (!dd)
+ goto err;
+
+ cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
+ cms->d.digestedData = dd;
+
+ dd->version = 0;
+ dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+ cms_DigestAlgorithm_set(dd->digestAlgorithm, md);
+
+ return cms;
+
+ err:
+
+ if (cms)
+ CMS_ContentInfo_free(cms);
+
+ return NULL;
+}
+
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
+{
+ CMS_DigestedData *dd;
+ dd = cms->d.digestedData;
+ return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
+}
+
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
+{
+ EVP_MD_CTX mctx;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int mdlen;
+ int r = 0;
+ CMS_DigestedData *dd;
+ EVP_MD_CTX_init(&mctx);
+
+ dd = cms->d.digestedData;
+
+ if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
+ goto err;
+
+ if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
+ goto err;
+
+ if (verify) {
+ if (mdlen != (unsigned int)dd->digest->length) {
+ CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+ CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
+ goto err;
+ }
+
+ if (memcmp(md, dd->digest->data, mdlen))
+ CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+ CMS_R_VERIFICATION_FAILURE);
+ else
+ r = 1;
+ } else {
+ if (!ASN1_STRING_set(dd->digest, md, mdlen))
+ goto err;
+ r = 1;
+ }
+
+ err:
+ EVP_MD_CTX_cleanup(&mctx);
+
+ return r;
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,294 +0,0 @@
-/* crypto/cms/cms_enc.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include <openssl/rand.h>
-#include "cms_lcl.h"
-
-/* CMS EncryptedData Utilities */
-
-DECLARE_ASN1_ITEM(CMS_EncryptedData)
-
-/* Return BIO based on EncryptedContentInfo and key */
-
-BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
- {
- BIO *b;
- EVP_CIPHER_CTX *ctx;
- const EVP_CIPHER *ciph;
- X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
- unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
- unsigned char *tkey = NULL;
- size_t tkeylen;
-
- int ok = 0;
-
- int enc, keep_key = 0;
-
- enc = ec->cipher ? 1 : 0;
-
- b = BIO_new(BIO_f_cipher());
- if (!b)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
- ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- BIO_get_cipher_ctx(b, &ctx);
-
- if (enc)
- {
- ciph = ec->cipher;
- /* If not keeping key set cipher to NULL so subsequent calls
- * decrypt.
- */
- if (ec->key)
- ec->cipher = NULL;
- }
- else
- {
- ciph = EVP_get_cipherbyobj(calg->algorithm);
-
- if (!ciph)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
- CMS_R_UNKNOWN_CIPHER);
- goto err;
- }
- }
-
- if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
- CMS_R_CIPHER_INITIALISATION_ERROR);
- goto err;
- }
-
- if (enc)
- {
- int ivlen;
- calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
- /* Generate a random IV if we need one */
- ivlen = EVP_CIPHER_CTX_iv_length(ctx);
- if (ivlen > 0)
- {
- if (RAND_pseudo_bytes(iv, ivlen) <= 0)
- goto err;
- piv = iv;
- }
- }
- else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
- CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
- goto err;
- }
- tkeylen = EVP_CIPHER_CTX_key_length(ctx);
- /* Generate random session key */
- if (!enc || !ec->key)
- {
- tkey = OPENSSL_malloc(tkeylen);
- if (!tkey)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
- goto err;
- }
-
- if (!ec->key)
- {
- ec->key = tkey;
- ec->keylen = tkeylen;
- tkey = NULL;
- if (enc)
- keep_key = 1;
- else
- ERR_clear_error();
-
- }
-
- if (ec->keylen != tkeylen)
- {
- /* If necessary set key length */
- if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
- {
- /* Only reveal failure if debugging so we don't
- * leak information which may be useful in MMA.
- */
- if (enc || ec->debug)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
- CMS_R_INVALID_KEY_LENGTH);
- goto err;
- }
- else
- {
- /* Use random key */
- OPENSSL_cleanse(ec->key, ec->keylen);
- OPENSSL_free(ec->key);
- ec->key = tkey;
- ec->keylen = tkeylen;
- tkey = NULL;
- ERR_clear_error();
- }
- }
- }
-
- if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
- CMS_R_CIPHER_INITIALISATION_ERROR);
- goto err;
- }
-
- if (piv)
- {
- calg->parameter = ASN1_TYPE_new();
- if (!calg->parameter)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
- CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
- goto err;
- }
- }
- ok = 1;
-
- err:
- if (ec->key && !keep_key)
- {
- OPENSSL_cleanse(ec->key, ec->keylen);
- OPENSSL_free(ec->key);
- ec->key = NULL;
- }
- if (tkey)
- {
- OPENSSL_cleanse(tkey, tkeylen);
- OPENSSL_free(tkey);
- }
- if (ok)
- return b;
- BIO_free(b);
- return NULL;
- }
-
-int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
- const EVP_CIPHER *cipher,
- const unsigned char *key, size_t keylen)
- {
- ec->cipher = cipher;
- if (key)
- {
- ec->key = OPENSSL_malloc(keylen);
- if (!ec->key)
- return 0;
- memcpy(ec->key, key, keylen);
- }
- ec->keylen = keylen;
- if (cipher)
- ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
- return 1;
- }
-
-int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
- const unsigned char *key, size_t keylen)
- {
- CMS_EncryptedContentInfo *ec;
- if (!key || !keylen)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
- return 0;
- }
- if (ciph)
- {
- cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
- if (!cms->d.encryptedData)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
- cms->d.encryptedData->version = 0;
- }
- else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
- CMS_R_NOT_ENCRYPTED_DATA);
- return 0;
- }
- ec = cms->d.encryptedData->encryptedContentInfo;
- return cms_EncryptedContent_init(ec, ciph, key, keylen);
- }
-
-BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
- {
- CMS_EncryptedData *enc = cms->d.encryptedData;
- if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
- enc->version = 2;
- return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,260 @@
+/* crypto/cms/cms_enc.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include "cms_lcl.h"
+
+/* CMS EncryptedData Utilities */
+
+DECLARE_ASN1_ITEM(CMS_EncryptedData)
+
+/* Return BIO based on EncryptedContentInfo and key */
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+{
+ BIO *b;
+ EVP_CIPHER_CTX *ctx;
+ const EVP_CIPHER *ciph;
+ X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+ unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
+ unsigned char *tkey = NULL;
+ size_t tkeylen;
+
+ int ok = 0;
+
+ int enc, keep_key = 0;
+
+ enc = ec->cipher ? 1 : 0;
+
+ b = BIO_new(BIO_f_cipher());
+ if (!b) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ BIO_get_cipher_ctx(b, &ctx);
+
+ if (enc) {
+ ciph = ec->cipher;
+ /*
+ * If not keeping key set cipher to NULL so subsequent calls decrypt.
+ */
+ if (ec->key)
+ ec->cipher = NULL;
+ } else {
+ ciph = EVP_get_cipherbyobj(calg->algorithm);
+
+ if (!ciph) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_UNKNOWN_CIPHER);
+ goto err;
+ }
+ }
+
+ if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_CIPHER_INITIALISATION_ERROR);
+ goto err;
+ }
+
+ if (enc) {
+ int ivlen;
+ calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+ /* Generate a random IV if we need one */
+ ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+ if (ivlen > 0) {
+ if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+ goto err;
+ piv = iv;
+ }
+ } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+ goto err;
+ }
+ tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+ /* Generate random session key */
+ if (!enc || !ec->key) {
+ tkey = OPENSSL_malloc(tkeylen);
+ if (!tkey) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
+ goto err;
+ }
+
+ if (!ec->key) {
+ ec->key = tkey;
+ ec->keylen = tkeylen;
+ tkey = NULL;
+ if (enc)
+ keep_key = 1;
+ else
+ ERR_clear_error();
+
+ }
+
+ if (ec->keylen != tkeylen) {
+ /* If necessary set key length */
+ if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) {
+ /*
+ * Only reveal failure if debugging so we don't leak information
+ * which may be useful in MMA.
+ */
+ if (enc || ec->debug) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_INVALID_KEY_LENGTH);
+ goto err;
+ } else {
+ /* Use random key */
+ OPENSSL_cleanse(ec->key, ec->keylen);
+ OPENSSL_free(ec->key);
+ ec->key = tkey;
+ ec->keylen = tkeylen;
+ tkey = NULL;
+ ERR_clear_error();
+ }
+ }
+ }
+
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_CIPHER_INITIALISATION_ERROR);
+ goto err;
+ }
+
+ if (piv) {
+ calg->parameter = ASN1_TYPE_new();
+ if (!calg->parameter) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+ CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+ goto err;
+ }
+ }
+ ok = 1;
+
+ err:
+ if (ec->key && !keep_key) {
+ OPENSSL_cleanse(ec->key, ec->keylen);
+ OPENSSL_free(ec->key);
+ ec->key = NULL;
+ }
+ if (tkey) {
+ OPENSSL_cleanse(tkey, tkeylen);
+ OPENSSL_free(tkey);
+ }
+ if (ok)
+ return b;
+ BIO_free(b);
+ return NULL;
+}
+
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+ const EVP_CIPHER *cipher,
+ const unsigned char *key, size_t keylen)
+{
+ ec->cipher = cipher;
+ if (key) {
+ ec->key = OPENSSL_malloc(keylen);
+ if (!ec->key)
+ return 0;
+ memcpy(ec->key, key, keylen);
+ }
+ ec->keylen = keylen;
+ if (cipher)
+ ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
+ return 1;
+}
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+ const unsigned char *key, size_t keylen)
+{
+ CMS_EncryptedContentInfo *ec;
+ if (!key || !keylen) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
+ return 0;
+ }
+ if (ciph) {
+ cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
+ if (!cms->d.encryptedData) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
+ cms->d.encryptedData->version = 0;
+ } else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NOT_ENCRYPTED_DATA);
+ return 0;
+ }
+ ec = cms->d.encryptedData->encryptedContentInfo;
+ return cms_EncryptedContent_init(ec, ciph, key, keylen);
+}
+
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
+{
+ CMS_EncryptedData *enc = cms->d.encryptedData;
+ if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
+ enc->version = 2;
+ return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_env.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_env.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_env.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,835 +0,0 @@
-/* crypto/cms/cms_env.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include <openssl/rand.h>
-#include <openssl/aes.h>
-#include "cms_lcl.h"
-
-/* CMS EnvelopedData Utilities */
-
-DECLARE_ASN1_ITEM(CMS_EnvelopedData)
-DECLARE_ASN1_ITEM(CMS_RecipientInfo)
-DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
-DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
-DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
-
-DECLARE_STACK_OF(CMS_RecipientInfo)
-
-static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
- {
- if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
- {
- CMSerr(CMS_F_CMS_GET0_ENVELOPED,
- CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
- return NULL;
- }
- return cms->d.envelopedData;
- }
-
-static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
- {
- if (cms->d.other == NULL)
- {
- cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
- if (!cms->d.envelopedData)
- {
- CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
- ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- cms->d.envelopedData->version = 0;
- cms->d.envelopedData->encryptedContentInfo->contentType =
- OBJ_nid2obj(NID_pkcs7_data);
- ASN1_OBJECT_free(cms->contentType);
- cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
- return cms->d.envelopedData;
- }
- return cms_get0_enveloped(cms);
- }
-
-STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
- {
- CMS_EnvelopedData *env;
- env = cms_get0_enveloped(cms);
- if (!env)
- return NULL;
- return env->recipientInfos;
- }
-
-int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
- {
- return ri->type;
- }
-
-CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
- {
- CMS_ContentInfo *cms;
- CMS_EnvelopedData *env;
- cms = CMS_ContentInfo_new();
- if (!cms)
- goto merr;
- env = cms_enveloped_data_init(cms);
- if (!env)
- goto merr;
- if (!cms_EncryptedContent_init(env->encryptedContentInfo,
- cipher, NULL, 0))
- goto merr;
- return cms;
- merr:
- if (cms)
- CMS_ContentInfo_free(cms);
- CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
-/* Key Transport Recipient Info (KTRI) routines */
-
-/* Add a recipient certificate. For now only handle key transport.
- * If we ever handle key agreement will need updating.
- */
-
-CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
- X509 *recip, unsigned int flags)
- {
- CMS_RecipientInfo *ri = NULL;
- CMS_KeyTransRecipientInfo *ktri;
- CMS_EnvelopedData *env;
- EVP_PKEY *pk = NULL;
- int type;
- env = cms_get0_enveloped(cms);
- if (!env)
- goto err;
-
- /* Initialize recipient info */
- ri = M_ASN1_new_of(CMS_RecipientInfo);
- if (!ri)
- goto merr;
-
- /* Initialize and add key transport recipient info */
-
- ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
- if (!ri->d.ktri)
- goto merr;
- ri->type = CMS_RECIPINFO_TRANS;
-
- ktri = ri->d.ktri;
-
- X509_check_purpose(recip, -1, -1);
- pk = X509_get_pubkey(recip);
- if (!pk)
- {
- CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
- CMS_R_ERROR_GETTING_PUBLIC_KEY);
- goto err;
- }
- CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
- ktri->pkey = pk;
- ktri->recip = recip;
-
- if (flags & CMS_USE_KEYID)
- {
- ktri->version = 2;
- if (env->version < 2)
- env->version = 2;
- type = CMS_RECIPINFO_KEYIDENTIFIER;
- }
- else
- {
- ktri->version = 0;
- type = CMS_RECIPINFO_ISSUER_SERIAL;
- }
-
- /* Not a typo: RecipientIdentifier and SignerIdentifier are the
- * same structure.
- */
-
- if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
- goto err;
-
- /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
- * hard code algorithm parameters.
- */
-
- if (pk->type == EVP_PKEY_RSA)
- {
- X509_ALGOR_set0(ktri->keyEncryptionAlgorithm,
- OBJ_nid2obj(NID_rsaEncryption),
- V_ASN1_NULL, 0);
- }
- else
- {
- CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
- CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
- goto err;
- }
-
- if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
- goto merr;
-
- return ri;
-
- merr:
- CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
- err:
- if (ri)
- M_ASN1_free_of(ri, CMS_RecipientInfo);
- return NULL;
-
- }
-
-int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
- EVP_PKEY **pk, X509 **recip,
- X509_ALGOR **palg)
- {
- CMS_KeyTransRecipientInfo *ktri;
- if (ri->type != CMS_RECIPINFO_TRANS)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
- CMS_R_NOT_KEY_TRANSPORT);
- return 0;
- }
-
- ktri = ri->d.ktri;
-
- if (pk)
- *pk = ktri->pkey;
- if (recip)
- *recip = ktri->recip;
- if (palg)
- *palg = ktri->keyEncryptionAlgorithm;
- return 1;
- }
-
-int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
- ASN1_OCTET_STRING **keyid,
- X509_NAME **issuer, ASN1_INTEGER **sno)
- {
- CMS_KeyTransRecipientInfo *ktri;
- if (ri->type != CMS_RECIPINFO_TRANS)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
- CMS_R_NOT_KEY_TRANSPORT);
- return 0;
- }
- ktri = ri->d.ktri;
-
- return cms_SignerIdentifier_get0_signer_id(ktri->rid,
- keyid, issuer, sno);
- }
-
-int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
- {
- if (ri->type != CMS_RECIPINFO_TRANS)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
- CMS_R_NOT_KEY_TRANSPORT);
- return -2;
- }
- return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
- }
-
-int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
- {
- if (ri->type != CMS_RECIPINFO_TRANS)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
- CMS_R_NOT_KEY_TRANSPORT);
- return 0;
- }
- ri->d.ktri->pkey = pkey;
- return 1;
- }
-
-/* Encrypt content key in key transport recipient info */
-
-static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
- CMS_RecipientInfo *ri)
- {
- CMS_KeyTransRecipientInfo *ktri;
- CMS_EncryptedContentInfo *ec;
- unsigned char *ek = NULL;
- int eklen;
-
- int ret = 0;
-
- if (ri->type != CMS_RECIPINFO_TRANS)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
- CMS_R_NOT_KEY_TRANSPORT);
- return 0;
- }
- ktri = ri->d.ktri;
- ec = cms->d.envelopedData->encryptedContentInfo;
-
- eklen = EVP_PKEY_size(ktri->pkey);
-
- ek = OPENSSL_malloc(eklen);
-
- if (ek == NULL)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey);
-
- if (eklen <= 0)
- goto err;
-
- ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
- ek = NULL;
-
- ret = 1;
-
- err:
- if (ek)
- OPENSSL_free(ek);
- return ret;
-
- }
-
-/* Decrypt content key from KTRI */
-
-static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
- CMS_RecipientInfo *ri)
- {
- CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
- unsigned char *ek = NULL;
- int eklen;
- int ret = 0;
- CMS_EncryptedContentInfo *ec;
- ec = cms->d.envelopedData->encryptedContentInfo;
-
- if (ktri->pkey == NULL)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
- CMS_R_NO_PRIVATE_KEY);
- return 0;
- }
-
- eklen = EVP_PKEY_size(ktri->pkey);
-
- ek = OPENSSL_malloc(eklen);
-
- if (ek == NULL)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- eklen = EVP_PKEY_decrypt(ek,
- ktri->encryptedKey->data,
- ktri->encryptedKey->length, ktri->pkey);
- if (eklen <= 0)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
- goto err;
- }
-
- ret = 1;
-
- if (ec->key)
- {
- OPENSSL_cleanse(ec->key, ec->keylen);
- OPENSSL_free(ec->key);
- }
-
- ec->key = ek;
- ec->keylen = eklen;
-
- err:
- if (!ret && ek)
- OPENSSL_free(ek);
-
- return ret;
- }
-
-/* Key Encrypted Key (KEK) RecipientInfo routines */
-
-int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
- const unsigned char *id, size_t idlen)
- {
- ASN1_OCTET_STRING tmp_os;
- CMS_KEKRecipientInfo *kekri;
- if (ri->type != CMS_RECIPINFO_KEK)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
- return -2;
- }
- kekri = ri->d.kekri;
- tmp_os.type = V_ASN1_OCTET_STRING;
- tmp_os.flags = 0;
- tmp_os.data = (unsigned char *)id;
- tmp_os.length = (int)idlen;
- return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
- }
-
-/* For now hard code AES key wrap info */
-
-static size_t aes_wrap_keylen(int nid)
- {
- switch (nid)
- {
- case NID_id_aes128_wrap:
- return 16;
-
- case NID_id_aes192_wrap:
- return 24;
-
- case NID_id_aes256_wrap:
- return 32;
-
- default:
- return 0;
- }
- }
-
-CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
- unsigned char *key, size_t keylen,
- unsigned char *id, size_t idlen,
- ASN1_GENERALIZEDTIME *date,
- ASN1_OBJECT *otherTypeId,
- ASN1_TYPE *otherType)
- {
- CMS_RecipientInfo *ri = NULL;
- CMS_EnvelopedData *env;
- CMS_KEKRecipientInfo *kekri;
- env = cms_get0_enveloped(cms);
- if (!env)
- goto err;
-
- if (nid == NID_undef)
- {
- switch (keylen)
- {
- case 16:
- nid = NID_id_aes128_wrap;
- break;
-
- case 24:
- nid = NID_id_aes192_wrap;
- break;
-
- case 32:
- nid = NID_id_aes256_wrap;
- break;
-
- default:
- CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
- CMS_R_INVALID_KEY_LENGTH);
- goto err;
- }
-
- }
- else
- {
-
- size_t exp_keylen = aes_wrap_keylen(nid);
-
- if (!exp_keylen)
- {
- CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
- CMS_R_UNSUPPORTED_KEK_ALGORITHM);
- goto err;
- }
-
- if (keylen != exp_keylen)
- {
- CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
- CMS_R_INVALID_KEY_LENGTH);
- goto err;
- }
-
- }
-
- /* Initialize recipient info */
- ri = M_ASN1_new_of(CMS_RecipientInfo);
- if (!ri)
- goto merr;
-
- ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
- if (!ri->d.kekri)
- goto merr;
- ri->type = CMS_RECIPINFO_KEK;
-
- kekri = ri->d.kekri;
-
- if (otherTypeId)
- {
- kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
- if (kekri->kekid->other == NULL)
- goto merr;
- }
-
- if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
- goto merr;
-
-
- /* After this point no calls can fail */
-
- kekri->version = 4;
-
- kekri->key = key;
- kekri->keylen = keylen;
-
- ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
-
- kekri->kekid->date = date;
-
- if (kekri->kekid->other)
- {
- kekri->kekid->other->keyAttrId = otherTypeId;
- kekri->kekid->other->keyAttr = otherType;
- }
-
- X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
- OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
-
- return ri;
-
- merr:
- CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
- err:
- if (ri)
- M_ASN1_free_of(ri, CMS_RecipientInfo);
- return NULL;
-
- }
-
-int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
- X509_ALGOR **palg,
- ASN1_OCTET_STRING **pid,
- ASN1_GENERALIZEDTIME **pdate,
- ASN1_OBJECT **potherid,
- ASN1_TYPE **pothertype)
- {
- CMS_KEKIdentifier *rkid;
- if (ri->type != CMS_RECIPINFO_KEK)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
- return 0;
- }
- rkid = ri->d.kekri->kekid;
- if (palg)
- *palg = ri->d.kekri->keyEncryptionAlgorithm;
- if (pid)
- *pid = rkid->keyIdentifier;
- if (pdate)
- *pdate = rkid->date;
- if (potherid)
- {
- if (rkid->other)
- *potherid = rkid->other->keyAttrId;
- else
- *potherid = NULL;
- }
- if (pothertype)
- {
- if (rkid->other)
- *pothertype = rkid->other->keyAttr;
- else
- *pothertype = NULL;
- }
- return 1;
- }
-
-int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
- unsigned char *key, size_t keylen)
- {
- CMS_KEKRecipientInfo *kekri;
- if (ri->type != CMS_RECIPINFO_KEK)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
- return 0;
- }
-
- kekri = ri->d.kekri;
- kekri->key = key;
- kekri->keylen = keylen;
- return 1;
- }
-
-
-/* Encrypt content key in KEK recipient info */
-
-static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
- CMS_RecipientInfo *ri)
- {
- CMS_EncryptedContentInfo *ec;
- CMS_KEKRecipientInfo *kekri;
- AES_KEY actx;
- unsigned char *wkey = NULL;
- int wkeylen;
- int r = 0;
-
- ec = cms->d.envelopedData->encryptedContentInfo;
-
- kekri = ri->d.kekri;
-
- if (!kekri->key)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
- return 0;
- }
-
- if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
- CMS_R_ERROR_SETTING_KEY);
- goto err;
- }
-
- wkey = OPENSSL_malloc(ec->keylen + 8);
-
- if (!wkey)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
-
- if (wkeylen <= 0)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
- goto err;
- }
-
- ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
-
- r = 1;
-
- err:
-
- if (!r && wkey)
- OPENSSL_free(wkey);
- OPENSSL_cleanse(&actx, sizeof(actx));
-
- return r;
-
- }
-
-/* Decrypt content key in KEK recipient info */
-
-static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
- CMS_RecipientInfo *ri)
- {
- CMS_EncryptedContentInfo *ec;
- CMS_KEKRecipientInfo *kekri;
- AES_KEY actx;
- unsigned char *ukey = NULL;
- int ukeylen;
- int r = 0, wrap_nid;
-
- ec = cms->d.envelopedData->encryptedContentInfo;
-
- kekri = ri->d.kekri;
-
- if (!kekri->key)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
- return 0;
- }
-
- wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
- if (aes_wrap_keylen(wrap_nid) != kekri->keylen)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
- CMS_R_INVALID_KEY_LENGTH);
- return 0;
- }
-
- /* If encrypted key length is invalid don't bother */
-
- if (kekri->encryptedKey->length < 16)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
- CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
- goto err;
- }
-
- if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx))
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
- CMS_R_ERROR_SETTING_KEY);
- goto err;
- }
-
- ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
-
- if (!ukey)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- ukeylen = AES_unwrap_key(&actx, NULL, ukey,
- kekri->encryptedKey->data,
- kekri->encryptedKey->length);
-
- if (ukeylen <= 0)
- {
- CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
- CMS_R_UNWRAP_ERROR);
- goto err;
- }
-
- ec->key = ukey;
- ec->keylen = ukeylen;
-
- r = 1;
-
- err:
-
- if (!r && ukey)
- OPENSSL_free(ukey);
- OPENSSL_cleanse(&actx, sizeof(actx));
-
- return r;
-
- }
-
-int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
- {
- switch(ri->type)
- {
- case CMS_RECIPINFO_TRANS:
- return cms_RecipientInfo_ktri_decrypt(cms, ri);
-
- case CMS_RECIPINFO_KEK:
- return cms_RecipientInfo_kekri_decrypt(cms, ri);
-
- default:
- CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
- CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
- return 0;
- }
- }
-
-BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
- {
- CMS_EncryptedContentInfo *ec;
- STACK_OF(CMS_RecipientInfo) *rinfos;
- CMS_RecipientInfo *ri;
- int i, r, ok = 0;
- BIO *ret;
-
- /* Get BIO first to set up key */
-
- ec = cms->d.envelopedData->encryptedContentInfo;
- ret = cms_EncryptedContent_init_bio(ec);
-
- /* If error or no cipher end of processing */
-
- if (!ret || !ec->cipher)
- return ret;
-
- /* Now encrypt content key according to each RecipientInfo type */
-
- rinfos = cms->d.envelopedData->recipientInfos;
-
- for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++)
- {
- ri = sk_CMS_RecipientInfo_value(rinfos, i);
-
- switch (ri->type)
- {
- case CMS_RECIPINFO_TRANS:
- r = cms_RecipientInfo_ktri_encrypt(cms, ri);
- break;
-
- case CMS_RECIPINFO_KEK:
- r = cms_RecipientInfo_kekri_encrypt(cms, ri);
- break;
-
- default:
- CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
- CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
- goto err;
- }
-
- if (r <= 0)
- {
- CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
- CMS_R_ERROR_SETTING_RECIPIENTINFO);
- goto err;
- }
- }
-
- ok = 1;
-
- err:
- ec->cipher = NULL;
- if (ec->key)
- {
- OPENSSL_cleanse(ec->key, ec->keylen);
- OPENSSL_free(ec->key);
- ec->key = NULL;
- ec->keylen = 0;
- }
- if (ok)
- return ret;
- BIO_free(ret);
- return NULL;
-
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_env.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_env.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_env.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_env.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,775 @@
+/* crypto/cms/cms_env.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include <openssl/aes.h>
+#include "cms_lcl.h"
+
+/* CMS EnvelopedData Utilities */
+
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ITEM(CMS_RecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
+
+DECLARE_STACK_OF(CMS_RecipientInfo)
+
+static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
+{
+ if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
+ CMSerr(CMS_F_CMS_GET0_ENVELOPED,
+ CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
+ return NULL;
+ }
+ return cms->d.envelopedData;
+}
+
+static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
+{
+ if (cms->d.other == NULL) {
+ cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
+ if (!cms->d.envelopedData) {
+ CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ cms->d.envelopedData->version = 0;
+ cms->d.envelopedData->encryptedContentInfo->contentType =
+ OBJ_nid2obj(NID_pkcs7_data);
+ ASN1_OBJECT_free(cms->contentType);
+ cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
+ return cms->d.envelopedData;
+ }
+ return cms_get0_enveloped(cms);
+}
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
+{
+ CMS_EnvelopedData *env;
+ env = cms_get0_enveloped(cms);
+ if (!env)
+ return NULL;
+ return env->recipientInfos;
+}
+
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
+{
+ return ri->type;
+}
+
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
+{
+ CMS_ContentInfo *cms;
+ CMS_EnvelopedData *env;
+ cms = CMS_ContentInfo_new();
+ if (!cms)
+ goto merr;
+ env = cms_enveloped_data_init(cms);
+ if (!env)
+ goto merr;
+ if (!cms_EncryptedContent_init(env->encryptedContentInfo,
+ cipher, NULL, 0))
+ goto merr;
+ return cms;
+ merr:
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+}
+
+/* Key Transport Recipient Info (KTRI) routines */
+
+/*
+ * Add a recipient certificate. For now only handle key transport. If we ever
+ * handle key agreement will need updating.
+ */
+
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+ X509 *recip, unsigned int flags)
+{
+ CMS_RecipientInfo *ri = NULL;
+ CMS_KeyTransRecipientInfo *ktri;
+ CMS_EnvelopedData *env;
+ EVP_PKEY *pk = NULL;
+ int type;
+ env = cms_get0_enveloped(cms);
+ if (!env)
+ goto err;
+
+ /* Initialize recipient info */
+ ri = M_ASN1_new_of(CMS_RecipientInfo);
+ if (!ri)
+ goto merr;
+
+ /* Initialize and add key transport recipient info */
+
+ ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
+ if (!ri->d.ktri)
+ goto merr;
+ ri->type = CMS_RECIPINFO_TRANS;
+
+ ktri = ri->d.ktri;
+
+ X509_check_purpose(recip, -1, -1);
+ pk = X509_get_pubkey(recip);
+ if (!pk) {
+ CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
+ goto err;
+ }
+ CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
+ ktri->pkey = pk;
+ ktri->recip = recip;
+
+ if (flags & CMS_USE_KEYID) {
+ ktri->version = 2;
+ if (env->version < 2)
+ env->version = 2;
+ type = CMS_RECIPINFO_KEYIDENTIFIER;
+ } else {
+ ktri->version = 0;
+ type = CMS_RECIPINFO_ISSUER_SERIAL;
+ }
+
+ /*
+ * Not a typo: RecipientIdentifier and SignerIdentifier are the same
+ * structure.
+ */
+
+ if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
+ goto err;
+
+ /*
+ * Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, hard code
+ * algorithm parameters.
+ */
+
+ if (pk->type == EVP_PKEY_RSA) {
+ X509_ALGOR_set0(ktri->keyEncryptionAlgorithm,
+ OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
+ } else {
+ CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+ CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ goto err;
+ }
+
+ if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+ goto merr;
+
+ return ri;
+
+ merr:
+ CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
+ err:
+ if (ri)
+ M_ASN1_free_of(ri, CMS_RecipientInfo);
+ return NULL;
+
+}
+
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+ EVP_PKEY **pk, X509 **recip,
+ X509_ALGOR **palg)
+{
+ CMS_KeyTransRecipientInfo *ktri;
+ if (ri->type != CMS_RECIPINFO_TRANS) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
+ CMS_R_NOT_KEY_TRANSPORT);
+ return 0;
+ }
+
+ ktri = ri->d.ktri;
+
+ if (pk)
+ *pk = ktri->pkey;
+ if (recip)
+ *recip = ktri->recip;
+ if (palg)
+ *palg = ktri->keyEncryptionAlgorithm;
+ return 1;
+}
+
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer,
+ ASN1_INTEGER **sno)
+{
+ CMS_KeyTransRecipientInfo *ktri;
+ if (ri->type != CMS_RECIPINFO_TRANS) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
+ CMS_R_NOT_KEY_TRANSPORT);
+ return 0;
+ }
+ ktri = ri->d.ktri;
+
+ return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno);
+}
+
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
+{
+ if (ri->type != CMS_RECIPINFO_TRANS) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
+ CMS_R_NOT_KEY_TRANSPORT);
+ return -2;
+ }
+ return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
+}
+
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
+{
+ if (ri->type != CMS_RECIPINFO_TRANS) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
+ return 0;
+ }
+ ri->d.ktri->pkey = pkey;
+ return 1;
+}
+
+/* Encrypt content key in key transport recipient info */
+
+static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
+ CMS_RecipientInfo *ri)
+{
+ CMS_KeyTransRecipientInfo *ktri;
+ CMS_EncryptedContentInfo *ec;
+ unsigned char *ek = NULL;
+ int eklen;
+
+ int ret = 0;
+
+ if (ri->type != CMS_RECIPINFO_TRANS) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_NOT_KEY_TRANSPORT);
+ return 0;
+ }
+ ktri = ri->d.ktri;
+ ec = cms->d.envelopedData->encryptedContentInfo;
+
+ eklen = EVP_PKEY_size(ktri->pkey);
+
+ ek = OPENSSL_malloc(eklen);
+
+ if (ek == NULL) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey);
+
+ if (eklen <= 0)
+ goto err;
+
+ ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
+ ek = NULL;
+
+ ret = 1;
+
+ err:
+ if (ek)
+ OPENSSL_free(ek);
+ return ret;
+
+}
+
+/* Decrypt content key from KTRI */
+
+static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
+ CMS_RecipientInfo *ri)
+{
+ CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+ unsigned char *ek = NULL;
+ int eklen;
+ int ret = 0;
+ CMS_EncryptedContentInfo *ec;
+ ec = cms->d.envelopedData->encryptedContentInfo;
+
+ if (ktri->pkey == NULL) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_NO_PRIVATE_KEY);
+ return 0;
+ }
+
+ eklen = EVP_PKEY_size(ktri->pkey);
+
+ ek = OPENSSL_malloc(eklen);
+
+ if (ek == NULL) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ eklen = EVP_PKEY_decrypt(ek,
+ ktri->encryptedKey->data,
+ ktri->encryptedKey->length, ktri->pkey);
+ if (eklen <= 0) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
+ goto err;
+ }
+
+ ret = 1;
+
+ if (ec->key) {
+ OPENSSL_cleanse(ec->key, ec->keylen);
+ OPENSSL_free(ec->key);
+ }
+
+ ec->key = ek;
+ ec->keylen = eklen;
+
+ err:
+ if (!ret && ek)
+ OPENSSL_free(ek);
+
+ return ret;
+}
+
+/* Key Encrypted Key (KEK) RecipientInfo routines */
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+ const unsigned char *id, size_t idlen)
+{
+ ASN1_OCTET_STRING tmp_os;
+ CMS_KEKRecipientInfo *kekri;
+ if (ri->type != CMS_RECIPINFO_KEK) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
+ return -2;
+ }
+ kekri = ri->d.kekri;
+ tmp_os.type = V_ASN1_OCTET_STRING;
+ tmp_os.flags = 0;
+ tmp_os.data = (unsigned char *)id;
+ tmp_os.length = (int)idlen;
+ return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
+}
+
+/* For now hard code AES key wrap info */
+
+static size_t aes_wrap_keylen(int nid)
+{
+ switch (nid) {
+ case NID_id_aes128_wrap:
+ return 16;
+
+ case NID_id_aes192_wrap:
+ return 24;
+
+ case NID_id_aes256_wrap:
+ return 32;
+
+ default:
+ return 0;
+ }
+}
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+ unsigned char *key, size_t keylen,
+ unsigned char *id, size_t idlen,
+ ASN1_GENERALIZEDTIME *date,
+ ASN1_OBJECT *otherTypeId,
+ ASN1_TYPE *otherType)
+{
+ CMS_RecipientInfo *ri = NULL;
+ CMS_EnvelopedData *env;
+ CMS_KEKRecipientInfo *kekri;
+ env = cms_get0_enveloped(cms);
+ if (!env)
+ goto err;
+
+ if (nid == NID_undef) {
+ switch (keylen) {
+ case 16:
+ nid = NID_id_aes128_wrap;
+ break;
+
+ case 24:
+ nid = NID_id_aes192_wrap;
+ break;
+
+ case 32:
+ nid = NID_id_aes256_wrap;
+ break;
+
+ default:
+ CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
+ goto err;
+ }
+
+ } else {
+
+ size_t exp_keylen = aes_wrap_keylen(nid);
+
+ if (!exp_keylen) {
+ CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+ CMS_R_UNSUPPORTED_KEK_ALGORITHM);
+ goto err;
+ }
+
+ if (keylen != exp_keylen) {
+ CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
+ goto err;
+ }
+
+ }
+
+ /* Initialize recipient info */
+ ri = M_ASN1_new_of(CMS_RecipientInfo);
+ if (!ri)
+ goto merr;
+
+ ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
+ if (!ri->d.kekri)
+ goto merr;
+ ri->type = CMS_RECIPINFO_KEK;
+
+ kekri = ri->d.kekri;
+
+ if (otherTypeId) {
+ kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
+ if (kekri->kekid->other == NULL)
+ goto merr;
+ }
+
+ if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+ goto merr;
+
+ /* After this point no calls can fail */
+
+ kekri->version = 4;
+
+ kekri->key = key;
+ kekri->keylen = keylen;
+
+ ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
+
+ kekri->kekid->date = date;
+
+ if (kekri->kekid->other) {
+ kekri->kekid->other->keyAttrId = otherTypeId;
+ kekri->kekid->other->keyAttr = otherType;
+ }
+
+ X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
+ OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
+
+ return ri;
+
+ merr:
+ CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
+ err:
+ if (ri)
+ M_ASN1_free_of(ri, CMS_RecipientInfo);
+ return NULL;
+
+}
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+ X509_ALGOR **palg,
+ ASN1_OCTET_STRING **pid,
+ ASN1_GENERALIZEDTIME **pdate,
+ ASN1_OBJECT **potherid,
+ ASN1_TYPE **pothertype)
+{
+ CMS_KEKIdentifier *rkid;
+ if (ri->type != CMS_RECIPINFO_KEK) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
+ return 0;
+ }
+ rkid = ri->d.kekri->kekid;
+ if (palg)
+ *palg = ri->d.kekri->keyEncryptionAlgorithm;
+ if (pid)
+ *pid = rkid->keyIdentifier;
+ if (pdate)
+ *pdate = rkid->date;
+ if (potherid) {
+ if (rkid->other)
+ *potherid = rkid->other->keyAttrId;
+ else
+ *potherid = NULL;
+ }
+ if (pothertype) {
+ if (rkid->other)
+ *pothertype = rkid->other->keyAttr;
+ else
+ *pothertype = NULL;
+ }
+ return 1;
+}
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+ unsigned char *key, size_t keylen)
+{
+ CMS_KEKRecipientInfo *kekri;
+ if (ri->type != CMS_RECIPINFO_KEK) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
+ return 0;
+ }
+
+ kekri = ri->d.kekri;
+ kekri->key = key;
+ kekri->keylen = keylen;
+ return 1;
+}
+
+/* Encrypt content key in KEK recipient info */
+
+static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
+ CMS_RecipientInfo *ri)
+{
+ CMS_EncryptedContentInfo *ec;
+ CMS_KEKRecipientInfo *kekri;
+ AES_KEY actx;
+ unsigned char *wkey = NULL;
+ int wkeylen;
+ int r = 0;
+
+ ec = cms->d.envelopedData->encryptedContentInfo;
+
+ kekri = ri->d.kekri;
+
+ if (!kekri->key) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
+ return 0;
+ }
+
+ if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
+ CMS_R_ERROR_SETTING_KEY);
+ goto err;
+ }
+
+ wkey = OPENSSL_malloc(ec->keylen + 8);
+
+ if (!wkey) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
+
+ if (wkeylen <= 0) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
+ goto err;
+ }
+
+ ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
+
+ r = 1;
+
+ err:
+
+ if (!r && wkey)
+ OPENSSL_free(wkey);
+ OPENSSL_cleanse(&actx, sizeof(actx));
+
+ return r;
+
+}
+
+/* Decrypt content key in KEK recipient info */
+
+static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
+ CMS_RecipientInfo *ri)
+{
+ CMS_EncryptedContentInfo *ec;
+ CMS_KEKRecipientInfo *kekri;
+ AES_KEY actx;
+ unsigned char *ukey = NULL;
+ int ukeylen;
+ int r = 0, wrap_nid;
+
+ ec = cms->d.envelopedData->encryptedContentInfo;
+
+ kekri = ri->d.kekri;
+
+ if (!kekri->key) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
+ return 0;
+ }
+
+ wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
+ if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+ CMS_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+
+ /* If encrypted key length is invalid don't bother */
+
+ if (kekri->encryptedKey->length < 16) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+ CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
+ goto err;
+ }
+
+ if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+ CMS_R_ERROR_SETTING_KEY);
+ goto err;
+ }
+
+ ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
+
+ if (!ukey) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ ukeylen = AES_unwrap_key(&actx, NULL, ukey,
+ kekri->encryptedKey->data,
+ kekri->encryptedKey->length);
+
+ if (ukeylen <= 0) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_UNWRAP_ERROR);
+ goto err;
+ }
+
+ ec->key = ukey;
+ ec->keylen = ukeylen;
+
+ r = 1;
+
+ err:
+
+ if (!r && ukey)
+ OPENSSL_free(ukey);
+ OPENSSL_cleanse(&actx, sizeof(actx));
+
+ return r;
+
+}
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+{
+ switch (ri->type) {
+ case CMS_RECIPINFO_TRANS:
+ return cms_RecipientInfo_ktri_decrypt(cms, ri);
+
+ case CMS_RECIPINFO_KEK:
+ return cms_RecipientInfo_kekri_decrypt(cms, ri);
+
+ default:
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
+ CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
+ return 0;
+ }
+}
+
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
+{
+ CMS_EncryptedContentInfo *ec;
+ STACK_OF(CMS_RecipientInfo) *rinfos;
+ CMS_RecipientInfo *ri;
+ int i, r, ok = 0;
+ BIO *ret;
+
+ /* Get BIO first to set up key */
+
+ ec = cms->d.envelopedData->encryptedContentInfo;
+ ret = cms_EncryptedContent_init_bio(ec);
+
+ /* If error or no cipher end of processing */
+
+ if (!ret || !ec->cipher)
+ return ret;
+
+ /* Now encrypt content key according to each RecipientInfo type */
+
+ rinfos = cms->d.envelopedData->recipientInfos;
+
+ for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
+ ri = sk_CMS_RecipientInfo_value(rinfos, i);
+
+ switch (ri->type) {
+ case CMS_RECIPINFO_TRANS:
+ r = cms_RecipientInfo_ktri_encrypt(cms, ri);
+ break;
+
+ case CMS_RECIPINFO_KEK:
+ r = cms_RecipientInfo_kekri_encrypt(cms, ri);
+ break;
+
+ default:
+ CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
+ CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
+ goto err;
+ }
+
+ if (r <= 0) {
+ CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
+ CMS_R_ERROR_SETTING_RECIPIENTINFO);
+ goto err;
+ }
+ }
+
+ ok = 1;
+
+ err:
+ ec->cipher = NULL;
+ if (ec->key) {
+ OPENSSL_cleanse(ec->key, ec->keylen);
+ OPENSSL_free(ec->key);
+ ec->key = NULL;
+ ec->keylen = 0;
+ }
+ if (ok)
+ return ret;
+ BIO_free(ret);
+ return NULL;
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,236 +0,0 @@
-/* crypto/cms/cms_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
-
-static ERR_STRING_DATA CMS_str_functs[]=
- {
-{ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
-{ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
-{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
-{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
-{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
-{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
-{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
-{ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
-{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
-{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"},
-{ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"},
-{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"},
-{ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
-{ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
-{ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
-{ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
-{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
-{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
-{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"},
-{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"},
-{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"},
-{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
-{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO), "cms_EncryptedContent_init_bio"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY), "CMS_EncryptedData_set1_key"},
-{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
-{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"},
-{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"},
-{ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
-{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"},
-{ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
-{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"},
-{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "CMS_GET0_ENVELOPED"},
-{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), "CMS_GET0_REVOCATION_CHOICES"},
-{ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
-{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
-{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"},
-{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), "CMS_RecipientInfo_kekri_id_cmp"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), "CMS_RECIPIENTINFO_KTRI_DECRYPT"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), "CMS_RecipientInfo_ktri_get0_signer_id"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY), "CMS_RecipientInfo_set0_key"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"},
-{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
-{ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
-{ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
-{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), "CMS_SIGNERINFO_CONTENT_SIGN"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"},
-{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
-{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_STREAM"},
-{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
-{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CMS_str_reasons[]=
- {
-{ERR_REASON(CMS_R_ADD_SIGNER_ERROR) ,"add signer error"},
-{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"},
-{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"},
-{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"},
-{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"},
-{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR) ,"cms datafinal error"},
-{ERR_REASON(CMS_R_CMS_LIB) ,"cms lib"},
-{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"},
-{ERR_REASON(CMS_R_CONTENT_NOT_FOUND) ,"content not found"},
-{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"},
-{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"},
-{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"},
-{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"},
-{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR) ,"content verify error"},
-{ERR_REASON(CMS_R_CTRL_ERROR) ,"ctrl error"},
-{ERR_REASON(CMS_R_CTRL_FAILURE) ,"ctrl failure"},
-{ERR_REASON(CMS_R_DECRYPT_ERROR) ,"decrypt error"},
-{ERR_REASON(CMS_R_DIGEST_ERROR) ,"digest error"},
-{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"},
-{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"},
-{ERR_REASON(CMS_R_ERROR_SETTING_KEY) ,"error setting key"},
-{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"},
-{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"},
-{ERR_REASON(CMS_R_INVALID_KEY_LENGTH) ,"invalid key length"},
-{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR) ,"md bio init error"},
-{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"},
-{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"},
-{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR) ,"msgsigdigest error"},
-{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"},
-{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"},
-{ERR_REASON(CMS_R_NEED_ONE_SIGNER) ,"need one signer"},
-{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT) ,"not a signed receipt"},
-{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA) ,"not encrypted data"},
-{ERR_REASON(CMS_R_NOT_KEK) ,"not kek"},
-{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT) ,"not key transport"},
-{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"},
-{ERR_REASON(CMS_R_NO_CIPHER) ,"no cipher"},
-{ERR_REASON(CMS_R_NO_CONTENT) ,"no content"},
-{ERR_REASON(CMS_R_NO_CONTENT_TYPE) ,"no content type"},
-{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST) ,"no default digest"},
-{ERR_REASON(CMS_R_NO_DIGEST_SET) ,"no digest set"},
-{ERR_REASON(CMS_R_NO_KEY) ,"no key"},
-{ERR_REASON(CMS_R_NO_KEY_OR_CERT) ,"no key or cert"},
-{ERR_REASON(CMS_R_NO_MATCHING_DIGEST) ,"no matching digest"},
-{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"},
-{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"},
-{ERR_REASON(CMS_R_NO_MSGSIGDIGEST) ,"no msgsigdigest"},
-{ERR_REASON(CMS_R_NO_PRIVATE_KEY) ,"no private key"},
-{ERR_REASON(CMS_R_NO_PUBLIC_KEY) ,"no public key"},
-{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST) ,"no receipt request"},
-{ERR_REASON(CMS_R_NO_SIGNERS) ,"no signers"},
-{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR) ,"receipt decode error"},
-{ERR_REASON(CMS_R_RECIPIENT_ERROR) ,"recipient error"},
-{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(CMS_R_SIGNFINAL_ERROR) ,"signfinal error"},
-{ERR_REASON(CMS_R_SMIME_TEXT_ERROR) ,"smime text error"},
-{ERR_REASON(CMS_R_STORE_INIT_ERROR) ,"store init error"},
-{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"},
-{ERR_REASON(CMS_R_TYPE_NOT_DATA) ,"type not data"},
-{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"},
-{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"},
-{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"},
-{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"},
-{ERR_REASON(CMS_R_UNKNOWN_CIPHER) ,"unknown cipher"},
-{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"},
-{ERR_REASON(CMS_R_UNKNOWN_ID) ,"unknown id"},
-{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
-{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
-{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"},
-{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"},
-{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"},
-{ERR_REASON(CMS_R_UNSUPPORTED_TYPE) ,"unsupported type"},
-{ERR_REASON(CMS_R_UNWRAP_ERROR) ,"unwrap error"},
-{ERR_REASON(CMS_R_VERIFICATION_FAILURE) ,"verification failure"},
-{ERR_REASON(CMS_R_WRAP_ERROR) ,"wrap error"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_CMS_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(CMS_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,CMS_str_functs);
- ERR_load_strings(0,CMS_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,279 @@
+/* crypto/cms/cms_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
+
+static ERR_STRING_DATA CMS_str_functs[] = {
+ {ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
+ {ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
+ {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
+ {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
+ {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
+ {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
+ {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
+ {ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
+ {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
+ {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO),
+ "cms_CompressedData_init_bio"},
+ {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"},
+ {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"},
+ {ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
+ {ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
+ {ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
+ {ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
+ {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
+ {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
+ {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX),
+ "cms_DigestAlgorithm_find_ctx"},
+ {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO),
+ "cms_DigestAlgorithm_init_bio"},
+ {ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"},
+ {ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
+ {ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"},
+ {ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
+ {ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO),
+ "cms_EncryptedContent_init_bio"},
+ {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
+ {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"},
+ {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY),
+ "CMS_EncryptedData_set1_key"},
+ {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
+ {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO),
+ "cms_EnvelopedData_init_bio"},
+ {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"},
+ {ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
+ {ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES),
+ "CMS_GET0_CERTIFICATE_CHOICES"},
+ {ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
+ {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"},
+ {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "CMS_GET0_ENVELOPED"},
+ {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),
+ "CMS_GET0_REVOCATION_CHOICES"},
+ {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
+ {ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
+ {ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0),
+ "CMS_ReceiptRequest_create0"},
+ {ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"},
+ {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
+ {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT),
+ "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
+ {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT),
+ "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
+ {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID),
+ "CMS_RecipientInfo_kekri_get0_id"},
+ {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP),
+ "CMS_RecipientInfo_kekri_id_cmp"},
+ {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP),
+ "CMS_RecipientInfo_ktri_cert_cmp"},
+ {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT),
+ "CMS_RECIPIENTINFO_KTRI_DECRYPT"},
+ {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT),
+ "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
+ {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),
+ "CMS_RecipientInfo_ktri_get0_algs"},
+ {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID),
+ "CMS_RecipientInfo_ktri_get0_signer_id"},
+ {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY),
+ "CMS_RecipientInfo_set0_key"},
+ {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY),
+ "CMS_RecipientInfo_set0_pkey"},
+ {ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
+ {ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
+ {ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
+ {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
+ {ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN),
+ "CMS_SIGNERINFO_CONTENT_SIGN"},
+ {ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
+ {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
+ {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),
+ "CMS_SIGNERINFO_VERIFY_CERT"},
+ {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT),
+ "CMS_SignerInfo_verify_content"},
+ {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
+ {ERR_FUNC(CMS_F_CMS_STREAM), "CMS_STREAM"},
+ {ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
+ {ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA CMS_str_reasons[] = {
+ {ERR_REASON(CMS_R_ADD_SIGNER_ERROR), "add signer error"},
+ {ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),
+ "certificate already present"},
+ {ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID), "certificate has no keyid"},
+ {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
+ {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),
+ "cipher initialisation error"},
+ {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),
+ "cipher parameter initialisation error"},
+ {ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR), "cms datafinal error"},
+ {ERR_REASON(CMS_R_CMS_LIB), "cms lib"},
+ {ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),
+ "contentidentifier mismatch"},
+ {ERR_REASON(CMS_R_CONTENT_NOT_FOUND), "content not found"},
+ {ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH), "content type mismatch"},
+ {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),
+ "content type not compressed data"},
+ {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),
+ "content type not enveloped data"},
+ {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),
+ "content type not signed data"},
+ {ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR), "content verify error"},
+ {ERR_REASON(CMS_R_CTRL_ERROR), "ctrl error"},
+ {ERR_REASON(CMS_R_CTRL_FAILURE), "ctrl failure"},
+ {ERR_REASON(CMS_R_DECRYPT_ERROR), "decrypt error"},
+ {ERR_REASON(CMS_R_DIGEST_ERROR), "digest error"},
+ {ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"},
+ {ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
+ "error reading messagedigest attribute"},
+ {ERR_REASON(CMS_R_ERROR_SETTING_KEY), "error setting key"},
+ {ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),
+ "error setting recipientinfo"},
+ {ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
+ "invalid encrypted key length"},
+ {ERR_REASON(CMS_R_INVALID_KEY_LENGTH), "invalid key length"},
+ {ERR_REASON(CMS_R_MD_BIO_INIT_ERROR), "md bio init error"},
+ {ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),
+ "messagedigest attribute wrong length"},
+ {ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),
+ "messagedigest wrong length"},
+ {ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"},
+ {ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),
+ "msgsigdigest verification failure"},
+ {ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),
+ "msgsigdigest wrong length"},
+ {ERR_REASON(CMS_R_NEED_ONE_SIGNER), "need one signer"},
+ {ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT), "not a signed receipt"},
+ {ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"},
+ {ERR_REASON(CMS_R_NOT_KEK), "not kek"},
+ {ERR_REASON(CMS_R_NOT_KEY_TRANSPORT), "not key transport"},
+ {ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+ "not supported for this key type"},
+ {ERR_REASON(CMS_R_NO_CIPHER), "no cipher"},
+ {ERR_REASON(CMS_R_NO_CONTENT), "no content"},
+ {ERR_REASON(CMS_R_NO_CONTENT_TYPE), "no content type"},
+ {ERR_REASON(CMS_R_NO_DEFAULT_DIGEST), "no default digest"},
+ {ERR_REASON(CMS_R_NO_DIGEST_SET), "no digest set"},
+ {ERR_REASON(CMS_R_NO_KEY), "no key"},
+ {ERR_REASON(CMS_R_NO_KEY_OR_CERT), "no key or cert"},
+ {ERR_REASON(CMS_R_NO_MATCHING_DIGEST), "no matching digest"},
+ {ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT), "no matching recipient"},
+ {ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE), "no matching signature"},
+ {ERR_REASON(CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"},
+ {ERR_REASON(CMS_R_NO_PRIVATE_KEY), "no private key"},
+ {ERR_REASON(CMS_R_NO_PUBLIC_KEY), "no public key"},
+ {ERR_REASON(CMS_R_NO_RECEIPT_REQUEST), "no receipt request"},
+ {ERR_REASON(CMS_R_NO_SIGNERS), "no signers"},
+ {ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+ "private key does not match certificate"},
+ {ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR), "receipt decode error"},
+ {ERR_REASON(CMS_R_RECIPIENT_ERROR), "recipient error"},
+ {ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),
+ "signer certificate not found"},
+ {ERR_REASON(CMS_R_SIGNFINAL_ERROR), "signfinal error"},
+ {ERR_REASON(CMS_R_SMIME_TEXT_ERROR), "smime text error"},
+ {ERR_REASON(CMS_R_STORE_INIT_ERROR), "store init error"},
+ {ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA), "type not compressed data"},
+ {ERR_REASON(CMS_R_TYPE_NOT_DATA), "type not data"},
+ {ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA), "type not digested data"},
+ {ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA), "type not encrypted data"},
+ {ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA), "type not enveloped data"},
+ {ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),
+ "unable to finalize context"},
+ {ERR_REASON(CMS_R_UNKNOWN_CIPHER), "unknown cipher"},
+ {ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM), "unknown digest algorihm"},
+ {ERR_REASON(CMS_R_UNKNOWN_ID), "unknown id"},
+ {ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+ "unsupported compression algorithm"},
+ {ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"},
+ {ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),
+ "unsupported kek algorithm"},
+ {ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
+ "unsupported recipient type"},
+ {ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),
+ "unsupported recpientinfo type"},
+ {ERR_REASON(CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
+ {ERR_REASON(CMS_R_UNWRAP_ERROR), "unwrap error"},
+ {ERR_REASON(CMS_R_VERIFICATION_FAILURE), "verification failure"},
+ {ERR_REASON(CMS_R_WRAP_ERROR), "wrap error"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_CMS_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, CMS_str_functs);
+ ERR_load_strings(0, CMS_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_ess.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_ess.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_ess.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,420 +0,0 @@
-/* crypto/cms/cms_ess.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include "cms_lcl.h"
-
-DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
-DECLARE_ASN1_ITEM(CMS_Receipt)
-
-IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
-
-/* ESS services: for now just Signed Receipt related */
-
-int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
- {
- ASN1_STRING *str;
- CMS_ReceiptRequest *rr = NULL;
- if (prr)
- *prr = NULL;
- str = CMS_signed_get0_data_by_OBJ(si,
- OBJ_nid2obj(NID_id_smime_aa_receiptRequest),
- -3, V_ASN1_SEQUENCE);
- if (!str)
- return 0;
-
- rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
- if (!rr)
- return -1;
- if (prr)
- *prr = rr;
- else
- CMS_ReceiptRequest_free(rr);
- return 1;
- }
-
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
- int allorfirst,
- STACK_OF(GENERAL_NAMES) *receiptList,
- STACK_OF(GENERAL_NAMES) *receiptsTo)
- {
- CMS_ReceiptRequest *rr = NULL;
-
- rr = CMS_ReceiptRequest_new();
- if (!rr)
- goto merr;
- if (id)
- ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
- else
- {
- if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
- goto merr;
- if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
- <= 0)
- goto err;
- }
-
- sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
- rr->receiptsTo = receiptsTo;
-
- if (receiptList)
- {
- rr->receiptsFrom->type = 1;
- rr->receiptsFrom->d.receiptList = receiptList;
- }
- else
- {
- rr->receiptsFrom->type = 0;
- rr->receiptsFrom->d.allOrFirstTier = allorfirst;
- }
-
- return rr;
-
- merr:
- CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
-
- err:
- if (rr)
- CMS_ReceiptRequest_free(rr);
-
- return NULL;
-
- }
-
-int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
- {
- unsigned char *rrder = NULL;
- int rrderlen, r = 0;
-
- rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
- if (rrderlen < 0)
- goto merr;
-
- if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
- V_ASN1_SEQUENCE, rrder, rrderlen))
- goto merr;
-
- r = 1;
-
- merr:
- if (!r)
- CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
-
- if (rrder)
- OPENSSL_free(rrder);
-
- return r;
-
- }
-
-void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
- ASN1_STRING **pcid,
- int *pallorfirst,
- STACK_OF(GENERAL_NAMES) **plist,
- STACK_OF(GENERAL_NAMES) **prto)
- {
- if (pcid)
- *pcid = rr->signedContentIdentifier;
- if (rr->receiptsFrom->type == 0)
- {
- if (pallorfirst)
- *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
- if (plist)
- *plist = NULL;
- }
- else
- {
- if (pallorfirst)
- *pallorfirst = -1;
- if (plist)
- *plist = rr->receiptsFrom->d.receiptList;
- }
- if (prto)
- *prto = rr->receiptsTo;
- }
-
-/* Digest a SignerInfo structure for msgSigDigest attribute processing */
-
-static int cms_msgSigDigest(CMS_SignerInfo *si,
- unsigned char *dig, unsigned int *diglen)
- {
- const EVP_MD *md;
- md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
- if (md == NULL)
- return 0;
- if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
- si->signedAttrs, dig, diglen))
- return 0;
- return 1;
- }
-
-/* Add a msgSigDigest attribute to a SignerInfo */
-
-int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
- {
- unsigned char dig[EVP_MAX_MD_SIZE];
- unsigned int diglen;
- if (!cms_msgSigDigest(src, dig, &diglen))
- {
- CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
- return 0;
- }
- if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
- V_ASN1_OCTET_STRING, dig, diglen))
- {
- CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- return 1;
- }
-
-/* Verify signed receipt after it has already passed normal CMS verify */
-
-int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
- {
- int r = 0, i;
- CMS_ReceiptRequest *rr = NULL;
- CMS_Receipt *rct = NULL;
- STACK_OF(CMS_SignerInfo) *sis, *osis;
- CMS_SignerInfo *si, *osi = NULL;
- ASN1_OCTET_STRING *msig, **pcont;
- ASN1_OBJECT *octype;
- unsigned char dig[EVP_MAX_MD_SIZE];
- unsigned int diglen;
-
- /* Get SignerInfos, also checks SignedData content type */
- osis = CMS_get0_SignerInfos(req_cms);
- sis = CMS_get0_SignerInfos(cms);
- if (!osis || !sis)
- goto err;
-
- if (sk_CMS_SignerInfo_num(sis) != 1)
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
- goto err;
- }
-
- /* Check receipt content type */
- if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt)
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
- goto err;
- }
-
- /* Extract and decode receipt content */
- pcont = CMS_get0_content(cms);
- if (!pcont || !*pcont)
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
- goto err;
- }
-
- rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
-
- if (!rct)
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
- goto err;
- }
-
- /* Locate original request */
-
- for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++)
- {
- osi = sk_CMS_SignerInfo_value(osis, i);
- if (!ASN1_STRING_cmp(osi->signature,
- rct->originatorSignatureValue))
- break;
- }
-
- if (i == sk_CMS_SignerInfo_num(osis))
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
- goto err;
- }
-
- si = sk_CMS_SignerInfo_value(sis, 0);
-
- /* Get msgSigDigest value and compare */
-
- msig = CMS_signed_get0_data_by_OBJ(si,
- OBJ_nid2obj(NID_id_smime_aa_msgSigDigest),
- -3, V_ASN1_OCTET_STRING);
-
- if (!msig)
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
- goto err;
- }
-
- if (!cms_msgSigDigest(osi, dig, &diglen))
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
- goto err;
- }
-
- if (diglen != (unsigned int)msig->length)
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
- CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
- goto err;
- }
-
- if (memcmp(dig, msig->data, diglen))
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
- CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
- goto err;
- }
-
- /* Compare content types */
-
- octype = CMS_signed_get0_data_by_OBJ(osi,
- OBJ_nid2obj(NID_pkcs9_contentType),
- -3, V_ASN1_OBJECT);
- if (!octype)
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
- goto err;
- }
-
- /* Compare details in receipt request */
-
- if (OBJ_cmp(octype, rct->contentType))
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
- goto err;
- }
-
- /* Get original receipt request details */
-
- if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
- goto err;
- }
-
- if (ASN1_STRING_cmp(rr->signedContentIdentifier,
- rct->signedContentIdentifier))
- {
- CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
- CMS_R_CONTENTIDENTIFIER_MISMATCH);
- goto err;
- }
-
- r = 1;
-
- err:
- if (rr)
- CMS_ReceiptRequest_free(rr);
- if (rct)
- M_ASN1_free_of(rct, CMS_Receipt);
-
- return r;
-
- }
-
-/* Encode a Receipt into an OCTET STRING read for including into content of
- * a SignedData ContentInfo.
- */
-
-ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
- {
- CMS_Receipt rct;
- CMS_ReceiptRequest *rr = NULL;
- ASN1_OBJECT *ctype;
- ASN1_OCTET_STRING *os = NULL;
-
- /* Get original receipt request */
-
- /* Get original receipt request details */
-
- if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
- {
- CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
- goto err;
- }
-
- /* Get original content type */
-
- ctype = CMS_signed_get0_data_by_OBJ(si,
- OBJ_nid2obj(NID_pkcs9_contentType),
- -3, V_ASN1_OBJECT);
- if (!ctype)
- {
- CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
- goto err;
- }
-
- rct.version = 1;
- rct.contentType = ctype;
- rct.signedContentIdentifier = rr->signedContentIdentifier;
- rct.originatorSignatureValue = si->signature;
-
- os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
-
- err:
- if (rr)
- CMS_ReceiptRequest_free(rr);
-
- return os;
-
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_ess.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_ess.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_ess.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_ess.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,395 @@
+/* crypto/cms/cms_ess.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
+DECLARE_ASN1_ITEM(CMS_Receipt)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+
+/* ESS services: for now just Signed Receipt related */
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
+{
+ ASN1_STRING *str;
+ CMS_ReceiptRequest *rr = NULL;
+ if (prr)
+ *prr = NULL;
+ str = CMS_signed_get0_data_by_OBJ(si,
+ OBJ_nid2obj
+ (NID_id_smime_aa_receiptRequest), -3,
+ V_ASN1_SEQUENCE);
+ if (!str)
+ return 0;
+
+ rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
+ if (!rr)
+ return -1;
+ if (prr)
+ *prr = rr;
+ else
+ CMS_ReceiptRequest_free(rr);
+ return 1;
+}
+
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+ int allorfirst,
+ STACK_OF(GENERAL_NAMES)
+ *receiptList, STACK_OF(GENERAL_NAMES)
+ *receiptsTo)
+{
+ CMS_ReceiptRequest *rr = NULL;
+
+ rr = CMS_ReceiptRequest_new();
+ if (!rr)
+ goto merr;
+ if (id)
+ ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
+ else {
+ if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
+ goto merr;
+ if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
+ <= 0)
+ goto err;
+ }
+
+ sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
+ rr->receiptsTo = receiptsTo;
+
+ if (receiptList) {
+ rr->receiptsFrom->type = 1;
+ rr->receiptsFrom->d.receiptList = receiptList;
+ } else {
+ rr->receiptsFrom->type = 0;
+ rr->receiptsFrom->d.allOrFirstTier = allorfirst;
+ }
+
+ return rr;
+
+ merr:
+ CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
+
+ err:
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+
+ return NULL;
+
+}
+
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
+{
+ unsigned char *rrder = NULL;
+ int rrderlen, r = 0;
+
+ rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
+ if (rrderlen < 0)
+ goto merr;
+
+ if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
+ V_ASN1_SEQUENCE, rrder, rrderlen))
+ goto merr;
+
+ r = 1;
+
+ merr:
+ if (!r)
+ CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
+
+ if (rrder)
+ OPENSSL_free(rrder);
+
+ return r;
+
+}
+
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+ ASN1_STRING **pcid,
+ int *pallorfirst,
+ STACK_OF(GENERAL_NAMES) **plist,
+ STACK_OF(GENERAL_NAMES) **prto)
+{
+ if (pcid)
+ *pcid = rr->signedContentIdentifier;
+ if (rr->receiptsFrom->type == 0) {
+ if (pallorfirst)
+ *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
+ if (plist)
+ *plist = NULL;
+ } else {
+ if (pallorfirst)
+ *pallorfirst = -1;
+ if (plist)
+ *plist = rr->receiptsFrom->d.receiptList;
+ }
+ if (prto)
+ *prto = rr->receiptsTo;
+}
+
+/* Digest a SignerInfo structure for msgSigDigest attribute processing */
+
+static int cms_msgSigDigest(CMS_SignerInfo *si,
+ unsigned char *dig, unsigned int *diglen)
+{
+ const EVP_MD *md;
+ md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+ if (md == NULL)
+ return 0;
+ if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
+ si->signedAttrs, dig, diglen))
+ return 0;
+ return 1;
+}
+
+/* Add a msgSigDigest attribute to a SignerInfo */
+
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
+{
+ unsigned char dig[EVP_MAX_MD_SIZE];
+ unsigned int diglen;
+ if (!cms_msgSigDigest(src, dig, &diglen)) {
+ CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
+ return 0;
+ }
+ if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
+ V_ASN1_OCTET_STRING, dig, diglen)) {
+ CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return 1;
+}
+
+/* Verify signed receipt after it has already passed normal CMS verify */
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
+{
+ int r = 0, i;
+ CMS_ReceiptRequest *rr = NULL;
+ CMS_Receipt *rct = NULL;
+ STACK_OF(CMS_SignerInfo) *sis, *osis;
+ CMS_SignerInfo *si, *osi = NULL;
+ ASN1_OCTET_STRING *msig, **pcont;
+ ASN1_OBJECT *octype;
+ unsigned char dig[EVP_MAX_MD_SIZE];
+ unsigned int diglen;
+
+ /* Get SignerInfos, also checks SignedData content type */
+ osis = CMS_get0_SignerInfos(req_cms);
+ sis = CMS_get0_SignerInfos(cms);
+ if (!osis || !sis)
+ goto err;
+
+ if (sk_CMS_SignerInfo_num(sis) != 1) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
+ goto err;
+ }
+
+ /* Check receipt content type */
+ if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
+ goto err;
+ }
+
+ /* Extract and decode receipt content */
+ pcont = CMS_get0_content(cms);
+ if (!pcont || !*pcont) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
+ goto err;
+ }
+
+ rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
+
+ if (!rct) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
+ goto err;
+ }
+
+ /* Locate original request */
+
+ for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) {
+ osi = sk_CMS_SignerInfo_value(osis, i);
+ if (!ASN1_STRING_cmp(osi->signature, rct->originatorSignatureValue))
+ break;
+ }
+
+ if (i == sk_CMS_SignerInfo_num(osis)) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
+ goto err;
+ }
+
+ si = sk_CMS_SignerInfo_value(sis, 0);
+
+ /* Get msgSigDigest value and compare */
+
+ msig = CMS_signed_get0_data_by_OBJ(si,
+ OBJ_nid2obj
+ (NID_id_smime_aa_msgSigDigest), -3,
+ V_ASN1_OCTET_STRING);
+
+ if (!msig) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
+ goto err;
+ }
+
+ if (!cms_msgSigDigest(osi, dig, &diglen)) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
+ goto err;
+ }
+
+ if (diglen != (unsigned int)msig->length) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
+ goto err;
+ }
+
+ if (memcmp(dig, msig->data, diglen)) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+ CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
+ goto err;
+ }
+
+ /* Compare content types */
+
+ octype = CMS_signed_get0_data_by_OBJ(osi,
+ OBJ_nid2obj(NID_pkcs9_contentType),
+ -3, V_ASN1_OBJECT);
+ if (!octype) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
+ goto err;
+ }
+
+ /* Compare details in receipt request */
+
+ if (OBJ_cmp(octype, rct->contentType)) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
+ goto err;
+ }
+
+ /* Get original receipt request details */
+
+ if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
+ goto err;
+ }
+
+ if (ASN1_STRING_cmp(rr->signedContentIdentifier,
+ rct->signedContentIdentifier)) {
+ CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENTIDENTIFIER_MISMATCH);
+ goto err;
+ }
+
+ r = 1;
+
+ err:
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+ if (rct)
+ M_ASN1_free_of(rct, CMS_Receipt);
+
+ return r;
+
+}
+
+/*
+ * Encode a Receipt into an OCTET STRING read for including into content of a
+ * SignedData ContentInfo.
+ */
+
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
+{
+ CMS_Receipt rct;
+ CMS_ReceiptRequest *rr = NULL;
+ ASN1_OBJECT *ctype;
+ ASN1_OCTET_STRING *os = NULL;
+
+ /* Get original receipt request */
+
+ /* Get original receipt request details */
+
+ if (CMS_get1_ReceiptRequest(si, &rr) <= 0) {
+ CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
+ goto err;
+ }
+
+ /* Get original content type */
+
+ ctype = CMS_signed_get0_data_by_OBJ(si,
+ OBJ_nid2obj(NID_pkcs9_contentType),
+ -3, V_ASN1_OBJECT);
+ if (!ctype) {
+ CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
+ goto err;
+ }
+
+ rct.version = 1;
+ rct.contentType = ctype;
+ rct.signedContentIdentifier = rr->signedContentIdentifier;
+ rct.originatorSignatureValue = si->signature;
+
+ os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
+
+ err:
+ if (rr)
+ CMS_ReceiptRequest_free(rr);
+
+ return os;
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_io.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_io.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_io.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,140 +0,0 @@
-/* crypto/cms/cms_io.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include "cms.h"
-#include "cms_lcl.h"
-
-CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
- {
- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
- }
-
-int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
- {
- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
- }
-
-IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
-
-/* Callback for int_smime_write_ASN1 */
-
-static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
- const ASN1_ITEM *it)
- {
- CMS_ContentInfo *cms = (CMS_ContentInfo *)val;
- BIO *tmpbio, *cmsbio;
- int r = 0;
-
- if (!(flags & SMIME_DETACHED))
- {
- SMIME_crlf_copy(data, out, flags);
- return 1;
- }
-
- /* Let CMS code prepend any needed BIOs */
-
- cmsbio = CMS_dataInit(cms, out);
-
- if (!cmsbio)
- return 0;
-
- /* Copy data across, passing through filter BIOs for processing */
- SMIME_crlf_copy(data, cmsbio, flags);
-
- /* Finalize structure */
- if (CMS_dataFinal(cms, cmsbio) <= 0)
- goto err;
-
- r = 1;
-
- err:
-
- /* Now remove any digests prepended to the BIO */
-
- while (cmsbio != out)
- {
- tmpbio = BIO_pop(cmsbio);
- BIO_free(cmsbio);
- cmsbio = tmpbio;
- }
-
- return r;
-
- }
-
-
-int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
- {
- STACK_OF(X509_ALGOR) *mdalgs;
- int ctype_nid = OBJ_obj2nid(cms->contentType);
- int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
- if (ctype_nid == NID_pkcs7_signed)
- mdalgs = cms->d.signedData->digestAlgorithms;
- else
- mdalgs = NULL;
-
- return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
- ctype_nid, econt_nid, mdalgs,
- cms_output_data,
- ASN1_ITEM_rptr(CMS_ContentInfo));
- }
-
-CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
- {
- return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
- ASN1_ITEM_rptr(CMS_ContentInfo));
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_io.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_io.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_io.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_io.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,138 @@
+/* crypto/cms/cms_io.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
+{
+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+}
+
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
+{
+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+}
+
+IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
+
+/* Callback for int_smime_write_ASN1 */
+static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+ const ASN1_ITEM *it)
+{
+ CMS_ContentInfo *cms = (CMS_ContentInfo *)val;
+ BIO *tmpbio, *cmsbio;
+ int r = 0;
+
+ if (!(flags & SMIME_DETACHED)) {
+ SMIME_crlf_copy(data, out, flags);
+ return 1;
+ }
+
+ /* Let CMS code prepend any needed BIOs */
+
+ cmsbio = CMS_dataInit(cms, out);
+
+ if (!cmsbio)
+ return 0;
+
+ /* Copy data across, passing through filter BIOs for processing */
+ SMIME_crlf_copy(data, cmsbio, flags);
+
+ /* Finalize structure */
+ if (CMS_dataFinal(cms, cmsbio) <= 0)
+ goto err;
+
+ r = 1;
+
+ err:
+
+ /* Now remove any digests prepended to the BIO */
+
+ while (cmsbio != out) {
+ tmpbio = BIO_pop(cmsbio);
+ BIO_free(cmsbio);
+ cmsbio = tmpbio;
+ }
+
+ return r;
+
+}
+
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
+{
+ STACK_OF(X509_ALGOR) *mdalgs;
+ int ctype_nid = OBJ_obj2nid(cms->contentType);
+ int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
+ if (ctype_nid == NID_pkcs7_signed)
+ mdalgs = cms->d.signedData->digestAlgorithms;
+ else
+ mdalgs = NULL;
+
+ return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
+ ctype_nid, econt_nid, mdalgs,
+ cms_output_data,
+ ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
+{
+ return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
+ ASN1_ITEM_rptr
+ (CMS_ContentInfo));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lcl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_lcl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,462 +0,0 @@
-/* crypto/cms/cms_lcl.h */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#ifndef HEADER_CMS_LCL_H
-#define HEADER_CMS_LCL_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <openssl/x509.h>
-
-/* Cryptographic message syntax (CMS) structures: taken
- * from RFC3852
- */
-
-/* Forward references */
-
-typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
-typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
-typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
-typedef struct CMS_SignedData_st CMS_SignedData;
-typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
-typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
-typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
-typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
-typedef struct CMS_DigestedData_st CMS_DigestedData;
-typedef struct CMS_EncryptedData_st CMS_EncryptedData;
-typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
-typedef struct CMS_CompressedData_st CMS_CompressedData;
-typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
-typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
-typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
-typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
-typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
-typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
-typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
-typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
-typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
-typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
-typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
-typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
-typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
-typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
-
-struct CMS_ContentInfo_st
- {
- ASN1_OBJECT *contentType;
- union {
- ASN1_OCTET_STRING *data;
- CMS_SignedData *signedData;
- CMS_EnvelopedData *envelopedData;
- CMS_DigestedData *digestedData;
- CMS_EncryptedData *encryptedData;
- CMS_AuthenticatedData *authenticatedData;
- CMS_CompressedData *compressedData;
- ASN1_TYPE *other;
- /* Other types ... */
- void *otherData;
- } d;
- };
-
-struct CMS_SignedData_st
- {
- long version;
- STACK_OF(X509_ALGOR) *digestAlgorithms;
- CMS_EncapsulatedContentInfo *encapContentInfo;
- STACK_OF(CMS_CertificateChoices) *certificates;
- STACK_OF(CMS_RevocationInfoChoice) *crls;
- STACK_OF(CMS_SignerInfo) *signerInfos;
- };
-
-struct CMS_EncapsulatedContentInfo_st
- {
- ASN1_OBJECT *eContentType;
- ASN1_OCTET_STRING *eContent;
- /* Set to 1 if incomplete structure only part set up */
- int partial;
- };
-
-struct CMS_SignerInfo_st
- {
- long version;
- CMS_SignerIdentifier *sid;
- X509_ALGOR *digestAlgorithm;
- STACK_OF(X509_ATTRIBUTE) *signedAttrs;
- X509_ALGOR *signatureAlgorithm;
- ASN1_OCTET_STRING *signature;
- STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
- /* Signing certificate and key */
- X509 *signer;
- EVP_PKEY *pkey;
- };
-
-struct CMS_SignerIdentifier_st
- {
- int type;
- union {
- CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
- ASN1_OCTET_STRING *subjectKeyIdentifier;
- } d;
- };
-
-struct CMS_EnvelopedData_st
- {
- long version;
- CMS_OriginatorInfo *originatorInfo;
- STACK_OF(CMS_RecipientInfo) *recipientInfos;
- CMS_EncryptedContentInfo *encryptedContentInfo;
- STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
- };
-
-struct CMS_OriginatorInfo_st
- {
- STACK_OF(CMS_CertificateChoices) *certificates;
- STACK_OF(CMS_RevocationInfoChoice) *crls;
- };
-
-struct CMS_EncryptedContentInfo_st
- {
- ASN1_OBJECT *contentType;
- X509_ALGOR *contentEncryptionAlgorithm;
- ASN1_OCTET_STRING *encryptedContent;
- /* Content encryption algorithm and key */
- const EVP_CIPHER *cipher;
- unsigned char *key;
- size_t keylen;
- /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
- int debug;
- };
-
-struct CMS_RecipientInfo_st
- {
- int type;
- union {
- CMS_KeyTransRecipientInfo *ktri;
- CMS_KeyAgreeRecipientInfo *kari;
- CMS_KEKRecipientInfo *kekri;
- CMS_PasswordRecipientInfo *pwri;
- CMS_OtherRecipientInfo *ori;
- } d;
- };
-
-typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
-
-struct CMS_KeyTransRecipientInfo_st
- {
- long version;
- CMS_RecipientIdentifier *rid;
- X509_ALGOR *keyEncryptionAlgorithm;
- ASN1_OCTET_STRING *encryptedKey;
- /* Recipient Key and cert */
- X509 *recip;
- EVP_PKEY *pkey;
- };
-
-struct CMS_KeyAgreeRecipientInfo_st
- {
- long version;
- CMS_OriginatorIdentifierOrKey *originator;
- ASN1_OCTET_STRING *ukm;
- X509_ALGOR *keyEncryptionAlgorithm;
- STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
- };
-
-struct CMS_OriginatorIdentifierOrKey_st
- {
- int type;
- union {
- CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
- ASN1_OCTET_STRING *subjectKeyIdentifier;
- CMS_OriginatorPublicKey *originatorKey;
- } d;
- };
-
-struct CMS_OriginatorPublicKey_st
- {
- X509_ALGOR *algorithm;
- ASN1_BIT_STRING *publicKey;
- };
-
-struct CMS_RecipientEncryptedKey_st
- {
- CMS_KeyAgreeRecipientIdentifier *rid;
- ASN1_OCTET_STRING *encryptedKey;
- };
-
-struct CMS_KeyAgreeRecipientIdentifier_st
- {
- int type;
- union {
- CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
- CMS_RecipientKeyIdentifier *rKeyId;
- } d;
- };
-
-struct CMS_RecipientKeyIdentifier_st
- {
- ASN1_OCTET_STRING *subjectKeyIdentifier;
- ASN1_GENERALIZEDTIME *date;
- CMS_OtherKeyAttribute *other;
- };
-
-struct CMS_KEKRecipientInfo_st
- {
- long version;
- CMS_KEKIdentifier *kekid;
- X509_ALGOR *keyEncryptionAlgorithm;
- ASN1_OCTET_STRING *encryptedKey;
- /* Extra info: symmetric key to use */
- unsigned char *key;
- size_t keylen;
- };
-
-struct CMS_KEKIdentifier_st
- {
- ASN1_OCTET_STRING *keyIdentifier;
- ASN1_GENERALIZEDTIME *date;
- CMS_OtherKeyAttribute *other;
- };
-
-struct CMS_PasswordRecipientInfo_st
- {
- long version;
- X509_ALGOR *keyDerivationAlgorithm;
- X509_ALGOR *keyEncryptionAlgorithm;
- ASN1_OCTET_STRING *encryptedKey;
- };
-
-struct CMS_OtherRecipientInfo_st
- {
- ASN1_OBJECT *oriType;
- ASN1_TYPE *oriValue;
- };
-
-struct CMS_DigestedData_st
- {
- long version;
- X509_ALGOR *digestAlgorithm;
- CMS_EncapsulatedContentInfo *encapContentInfo;
- ASN1_OCTET_STRING *digest;
- };
-
-struct CMS_EncryptedData_st
- {
- long version;
- CMS_EncryptedContentInfo *encryptedContentInfo;
- STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
- };
-
-struct CMS_AuthenticatedData_st
- {
- long version;
- CMS_OriginatorInfo *originatorInfo;
- STACK_OF(CMS_RecipientInfo) *recipientInfos;
- X509_ALGOR *macAlgorithm;
- X509_ALGOR *digestAlgorithm;
- CMS_EncapsulatedContentInfo *encapContentInfo;
- STACK_OF(X509_ATTRIBUTE) *authAttrs;
- ASN1_OCTET_STRING *mac;
- STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
- };
-
-struct CMS_CompressedData_st
- {
- long version;
- X509_ALGOR *compressionAlgorithm;
- STACK_OF(CMS_RecipientInfo) *recipientInfos;
- CMS_EncapsulatedContentInfo *encapContentInfo;
- };
-
-struct CMS_RevocationInfoChoice_st
- {
- int type;
- union {
- X509_CRL *crl;
- CMS_OtherRevocationInfoFormat *other;
- } d;
- };
-
-#define CMS_REVCHOICE_CRL 0
-#define CMS_REVCHOICE_OTHER 1
-
-struct CMS_OtherRevocationInfoFormat_st
- {
- ASN1_OBJECT *otherRevInfoFormat;
- ASN1_TYPE *otherRevInfo;
- };
-
-struct CMS_CertificateChoices
- {
- int type;
- union {
- X509 *certificate;
- ASN1_STRING *extendedCertificate; /* Obsolete */
- ASN1_STRING *v1AttrCert; /* Left encoded for now */
- ASN1_STRING *v2AttrCert; /* Left encoded for now */
- CMS_OtherCertificateFormat *other;
- } d;
- };
-
-#define CMS_CERTCHOICE_CERT 0
-#define CMS_CERTCHOICE_EXCERT 1
-#define CMS_CERTCHOICE_V1ACERT 2
-#define CMS_CERTCHOICE_V2ACERT 3
-#define CMS_CERTCHOICE_OTHER 4
-
-struct CMS_OtherCertificateFormat_st
- {
- ASN1_OBJECT *otherCertFormat;
- ASN1_TYPE *otherCert;
- };
-
-/* This is also defined in pkcs7.h but we duplicate it
- * to allow the CMS code to be independent of PKCS#7
- */
-
-struct CMS_IssuerAndSerialNumber_st
- {
- X509_NAME *issuer;
- ASN1_INTEGER *serialNumber;
- };
-
-struct CMS_OtherKeyAttribute_st
- {
- ASN1_OBJECT *keyAttrId;
- ASN1_TYPE *keyAttr;
- };
-
-/* ESS structures */
-
-#ifdef HEADER_X509V3_H
-
-struct CMS_ReceiptRequest_st
- {
- ASN1_OCTET_STRING *signedContentIdentifier;
- CMS_ReceiptsFrom *receiptsFrom;
- STACK_OF(GENERAL_NAMES) *receiptsTo;
- };
-
-
-struct CMS_ReceiptsFrom_st
- {
- int type;
- union
- {
- long allOrFirstTier;
- STACK_OF(GENERAL_NAMES) *receiptList;
- } d;
- };
-#endif
-
-struct CMS_Receipt_st
- {
- long version;
- ASN1_OBJECT *contentType;
- ASN1_OCTET_STRING *signedContentIdentifier;
- ASN1_OCTET_STRING *originatorSignatureValue;
- };
-
-DECLARE_ASN1_ITEM(CMS_SignerInfo)
-DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
-DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
-DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
-DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
-
-#define CMS_SIGNERINFO_ISSUER_SERIAL 0
-#define CMS_SIGNERINFO_KEYIDENTIFIER 1
-
-#define CMS_RECIPINFO_ISSUER_SERIAL 0
-#define CMS_RECIPINFO_KEYIDENTIFIER 1
-
-BIO *cms_content_bio(CMS_ContentInfo *cms);
-
-CMS_ContentInfo *cms_Data_create(void);
-
-CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
-BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
-int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
-
-BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
-int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
-int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
-int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
- ASN1_OCTET_STRING **keyid,
- X509_NAME **issuer, ASN1_INTEGER **sno);
-int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
-
-CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
-BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
-
-void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
-BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
-int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
- X509_ALGOR *mdalg);
-
-BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
-BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
-int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
- const EVP_CIPHER *cipher,
- const unsigned char *key, size_t keylen);
-
-int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
-int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
-ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
-
-BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lcl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_lcl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lcl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,432 @@
+/* crypto/cms/cms_lcl.h */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#ifndef HEADER_CMS_LCL_H
+# define HEADER_CMS_LCL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# include <openssl/x509.h>
+
+/*
+ * Cryptographic message syntax (CMS) structures: taken from RFC3852
+ */
+
+/* Forward references */
+
+typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
+typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
+typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
+typedef struct CMS_SignedData_st CMS_SignedData;
+typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
+typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
+typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
+typedef struct CMS_DigestedData_st CMS_DigestedData;
+typedef struct CMS_EncryptedData_st CMS_EncryptedData;
+typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
+typedef struct CMS_CompressedData_st CMS_CompressedData;
+typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
+typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
+typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
+typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
+typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
+typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
+typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
+typedef struct CMS_KeyAgreeRecipientIdentifier_st
+ CMS_KeyAgreeRecipientIdentifier;
+typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
+typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
+typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
+typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
+typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
+typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
+
+struct CMS_ContentInfo_st {
+ ASN1_OBJECT *contentType;
+ union {
+ ASN1_OCTET_STRING *data;
+ CMS_SignedData *signedData;
+ CMS_EnvelopedData *envelopedData;
+ CMS_DigestedData *digestedData;
+ CMS_EncryptedData *encryptedData;
+ CMS_AuthenticatedData *authenticatedData;
+ CMS_CompressedData *compressedData;
+ ASN1_TYPE *other;
+ /* Other types ... */
+ void *otherData;
+ } d;
+};
+
+struct CMS_SignedData_st {
+ long version;
+ STACK_OF(X509_ALGOR) *digestAlgorithms;
+ CMS_EncapsulatedContentInfo *encapContentInfo;
+ STACK_OF(CMS_CertificateChoices) *certificates;
+ STACK_OF(CMS_RevocationInfoChoice) *crls;
+ STACK_OF(CMS_SignerInfo) *signerInfos;
+};
+
+struct CMS_EncapsulatedContentInfo_st {
+ ASN1_OBJECT *eContentType;
+ ASN1_OCTET_STRING *eContent;
+ /* Set to 1 if incomplete structure only part set up */
+ int partial;
+};
+
+struct CMS_SignerInfo_st {
+ long version;
+ CMS_SignerIdentifier *sid;
+ X509_ALGOR *digestAlgorithm;
+ STACK_OF(X509_ATTRIBUTE) *signedAttrs;
+ X509_ALGOR *signatureAlgorithm;
+ ASN1_OCTET_STRING *signature;
+ STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
+ /* Signing certificate and key */
+ X509 *signer;
+ EVP_PKEY *pkey;
+};
+
+struct CMS_SignerIdentifier_st {
+ int type;
+ union {
+ CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+ ASN1_OCTET_STRING *subjectKeyIdentifier;
+ } d;
+};
+
+struct CMS_EnvelopedData_st {
+ long version;
+ CMS_OriginatorInfo *originatorInfo;
+ STACK_OF(CMS_RecipientInfo) *recipientInfos;
+ CMS_EncryptedContentInfo *encryptedContentInfo;
+ STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+};
+
+struct CMS_OriginatorInfo_st {
+ STACK_OF(CMS_CertificateChoices) *certificates;
+ STACK_OF(CMS_RevocationInfoChoice) *crls;
+};
+
+struct CMS_EncryptedContentInfo_st {
+ ASN1_OBJECT *contentType;
+ X509_ALGOR *contentEncryptionAlgorithm;
+ ASN1_OCTET_STRING *encryptedContent;
+ /* Content encryption algorithm and key */
+ const EVP_CIPHER *cipher;
+ unsigned char *key;
+ size_t keylen;
+ /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
+ int debug;
+};
+
+struct CMS_RecipientInfo_st {
+ int type;
+ union {
+ CMS_KeyTransRecipientInfo *ktri;
+ CMS_KeyAgreeRecipientInfo *kari;
+ CMS_KEKRecipientInfo *kekri;
+ CMS_PasswordRecipientInfo *pwri;
+ CMS_OtherRecipientInfo *ori;
+ } d;
+};
+
+typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
+
+struct CMS_KeyTransRecipientInfo_st {
+ long version;
+ CMS_RecipientIdentifier *rid;
+ X509_ALGOR *keyEncryptionAlgorithm;
+ ASN1_OCTET_STRING *encryptedKey;
+ /* Recipient Key and cert */
+ X509 *recip;
+ EVP_PKEY *pkey;
+};
+
+struct CMS_KeyAgreeRecipientInfo_st {
+ long version;
+ CMS_OriginatorIdentifierOrKey *originator;
+ ASN1_OCTET_STRING *ukm;
+ X509_ALGOR *keyEncryptionAlgorithm;
+ STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
+};
+
+struct CMS_OriginatorIdentifierOrKey_st {
+ int type;
+ union {
+ CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+ ASN1_OCTET_STRING *subjectKeyIdentifier;
+ CMS_OriginatorPublicKey *originatorKey;
+ } d;
+};
+
+struct CMS_OriginatorPublicKey_st {
+ X509_ALGOR *algorithm;
+ ASN1_BIT_STRING *publicKey;
+};
+
+struct CMS_RecipientEncryptedKey_st {
+ CMS_KeyAgreeRecipientIdentifier *rid;
+ ASN1_OCTET_STRING *encryptedKey;
+};
+
+struct CMS_KeyAgreeRecipientIdentifier_st {
+ int type;
+ union {
+ CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+ CMS_RecipientKeyIdentifier *rKeyId;
+ } d;
+};
+
+struct CMS_RecipientKeyIdentifier_st {
+ ASN1_OCTET_STRING *subjectKeyIdentifier;
+ ASN1_GENERALIZEDTIME *date;
+ CMS_OtherKeyAttribute *other;
+};
+
+struct CMS_KEKRecipientInfo_st {
+ long version;
+ CMS_KEKIdentifier *kekid;
+ X509_ALGOR *keyEncryptionAlgorithm;
+ ASN1_OCTET_STRING *encryptedKey;
+ /* Extra info: symmetric key to use */
+ unsigned char *key;
+ size_t keylen;
+};
+
+struct CMS_KEKIdentifier_st {
+ ASN1_OCTET_STRING *keyIdentifier;
+ ASN1_GENERALIZEDTIME *date;
+ CMS_OtherKeyAttribute *other;
+};
+
+struct CMS_PasswordRecipientInfo_st {
+ long version;
+ X509_ALGOR *keyDerivationAlgorithm;
+ X509_ALGOR *keyEncryptionAlgorithm;
+ ASN1_OCTET_STRING *encryptedKey;
+};
+
+struct CMS_OtherRecipientInfo_st {
+ ASN1_OBJECT *oriType;
+ ASN1_TYPE *oriValue;
+};
+
+struct CMS_DigestedData_st {
+ long version;
+ X509_ALGOR *digestAlgorithm;
+ CMS_EncapsulatedContentInfo *encapContentInfo;
+ ASN1_OCTET_STRING *digest;
+};
+
+struct CMS_EncryptedData_st {
+ long version;
+ CMS_EncryptedContentInfo *encryptedContentInfo;
+ STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+};
+
+struct CMS_AuthenticatedData_st {
+ long version;
+ CMS_OriginatorInfo *originatorInfo;
+ STACK_OF(CMS_RecipientInfo) *recipientInfos;
+ X509_ALGOR *macAlgorithm;
+ X509_ALGOR *digestAlgorithm;
+ CMS_EncapsulatedContentInfo *encapContentInfo;
+ STACK_OF(X509_ATTRIBUTE) *authAttrs;
+ ASN1_OCTET_STRING *mac;
+ STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
+};
+
+struct CMS_CompressedData_st {
+ long version;
+ X509_ALGOR *compressionAlgorithm;
+ STACK_OF(CMS_RecipientInfo) *recipientInfos;
+ CMS_EncapsulatedContentInfo *encapContentInfo;
+};
+
+struct CMS_RevocationInfoChoice_st {
+ int type;
+ union {
+ X509_CRL *crl;
+ CMS_OtherRevocationInfoFormat *other;
+ } d;
+};
+
+# define CMS_REVCHOICE_CRL 0
+# define CMS_REVCHOICE_OTHER 1
+
+struct CMS_OtherRevocationInfoFormat_st {
+ ASN1_OBJECT *otherRevInfoFormat;
+ ASN1_TYPE *otherRevInfo;
+};
+
+struct CMS_CertificateChoices {
+ int type;
+ union {
+ X509 *certificate;
+ ASN1_STRING *extendedCertificate; /* Obsolete */
+ ASN1_STRING *v1AttrCert; /* Left encoded for now */
+ ASN1_STRING *v2AttrCert; /* Left encoded for now */
+ CMS_OtherCertificateFormat *other;
+ } d;
+};
+
+# define CMS_CERTCHOICE_CERT 0
+# define CMS_CERTCHOICE_EXCERT 1
+# define CMS_CERTCHOICE_V1ACERT 2
+# define CMS_CERTCHOICE_V2ACERT 3
+# define CMS_CERTCHOICE_OTHER 4
+
+struct CMS_OtherCertificateFormat_st {
+ ASN1_OBJECT *otherCertFormat;
+ ASN1_TYPE *otherCert;
+};
+
+/*
+ * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
+ * to be independent of PKCS#7
+ */
+
+struct CMS_IssuerAndSerialNumber_st {
+ X509_NAME *issuer;
+ ASN1_INTEGER *serialNumber;
+};
+
+struct CMS_OtherKeyAttribute_st {
+ ASN1_OBJECT *keyAttrId;
+ ASN1_TYPE *keyAttr;
+};
+
+/* ESS structures */
+
+# ifdef HEADER_X509V3_H
+
+struct CMS_ReceiptRequest_st {
+ ASN1_OCTET_STRING *signedContentIdentifier;
+ CMS_ReceiptsFrom *receiptsFrom;
+ STACK_OF(GENERAL_NAMES) *receiptsTo;
+};
+
+struct CMS_ReceiptsFrom_st {
+ int type;
+ union {
+ long allOrFirstTier;
+ STACK_OF(GENERAL_NAMES) *receiptList;
+ } d;
+};
+# endif
+
+struct CMS_Receipt_st {
+ long version;
+ ASN1_OBJECT *contentType;
+ ASN1_OCTET_STRING *signedContentIdentifier;
+ ASN1_OCTET_STRING *originatorSignatureValue;
+};
+
+DECLARE_ASN1_ITEM(CMS_SignerInfo)
+DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
+DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
+DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
+
+# define CMS_SIGNERINFO_ISSUER_SERIAL 0
+# define CMS_SIGNERINFO_KEYIDENTIFIER 1
+
+# define CMS_RECIPINFO_ISSUER_SERIAL 0
+# define CMS_RECIPINFO_KEYIDENTIFIER 1
+
+BIO *cms_content_bio(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *cms_Data_create(void);
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert,
+ int type);
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer,
+ ASN1_INTEGER **sno);
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
+
+void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+ X509_ALGOR *mdalg);
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+ const EVP_CIPHER *cipher,
+ const unsigned char *key, size_t keylen);
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
+
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,625 +0,0 @@
-/* crypto/cms/cms_lib.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-#include "cms.h"
-#include "cms_lcl.h"
-
-IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo)
-
-DECLARE_ASN1_ITEM(CMS_CertificateChoices)
-DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
-DECLARE_STACK_OF(CMS_CertificateChoices)
-DECLARE_STACK_OF(CMS_RevocationInfoChoice)
-
-const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
- {
- return cms->contentType;
- }
-
-CMS_ContentInfo *cms_Data_create(void)
- {
- CMS_ContentInfo *cms;
- cms = CMS_ContentInfo_new();
- if (cms)
- {
- cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
- /* Never detached */
- CMS_set_detached(cms, 0);
- }
- return cms;
- }
-
-BIO *cms_content_bio(CMS_ContentInfo *cms)
- {
- ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
- if (!pos)
- return NULL;
- /* If content detached data goes nowhere: create NULL BIO */
- if (!*pos)
- return BIO_new(BIO_s_null());
- /* If content not detached and created return memory BIO
- */
- if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
- return BIO_new(BIO_s_mem());
- /* Else content was read in: return read only BIO for it */
- return BIO_new_mem_buf((*pos)->data, (*pos)->length);
- }
-
-BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
- {
- BIO *cmsbio, *cont;
- if (icont)
- cont = icont;
- else
- cont = cms_content_bio(cms);
- if (!cont)
- {
- CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
- return NULL;
- }
- switch (OBJ_obj2nid(cms->contentType))
- {
-
- case NID_pkcs7_data:
- return cont;
-
- case NID_pkcs7_signed:
- cmsbio = cms_SignedData_init_bio(cms);
- break;
-
- case NID_pkcs7_digest:
- cmsbio = cms_DigestedData_init_bio(cms);
- break;
-#ifdef ZLIB
- case NID_id_smime_ct_compressedData:
- cmsbio = cms_CompressedData_init_bio(cms);
- break;
-#endif
-
- case NID_pkcs7_encrypted:
- cmsbio = cms_EncryptedData_init_bio(cms);
- break;
-
- case NID_pkcs7_enveloped:
- cmsbio = cms_EnvelopedData_init_bio(cms);
- break;
-
- default:
- CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
- return NULL;
- }
-
- if (cmsbio)
- return BIO_push(cmsbio, cont);
-
- if (!icont)
- BIO_free(cont);
- return NULL;
-
- }
-
-int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
- {
- ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
- if (!pos)
- return 0;
- /* If ebmedded content find memory BIO and set content */
- if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT))
- {
- BIO *mbio;
- unsigned char *cont;
- long contlen;
- mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
- if (!mbio)
- {
- CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
- return 0;
- }
- contlen = BIO_get_mem_data(mbio, &cont);
- /* Set bio as read only so its content can't be clobbered */
- BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
- BIO_set_mem_eof_return(mbio, 0);
- ASN1_STRING_set0(*pos, cont, contlen);
- (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
- }
-
- switch (OBJ_obj2nid(cms->contentType))
- {
-
- case NID_pkcs7_data:
- case NID_pkcs7_enveloped:
- case NID_pkcs7_encrypted:
- case NID_id_smime_ct_compressedData:
- /* Nothing to do */
- return 1;
-
- case NID_pkcs7_signed:
- return cms_SignedData_final(cms, cmsbio);
-
- case NID_pkcs7_digest:
- return cms_DigestedData_do_final(cms, cmsbio, 0);
-
- default:
- CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
- return 0;
- }
- }
-
-/* Return an OCTET STRING pointer to content. This allows it to
- * be accessed or set later.
- */
-
-ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
- {
- switch (OBJ_obj2nid(cms->contentType))
- {
-
- case NID_pkcs7_data:
- return &cms->d.data;
-
- case NID_pkcs7_signed:
- return &cms->d.signedData->encapContentInfo->eContent;
-
- case NID_pkcs7_enveloped:
- return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
-
- case NID_pkcs7_digest:
- return &cms->d.digestedData->encapContentInfo->eContent;
-
- case NID_pkcs7_encrypted:
- return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
-
- case NID_id_smime_ct_authData:
- return &cms->d.authenticatedData->encapContentInfo->eContent;
-
- case NID_id_smime_ct_compressedData:
- return &cms->d.compressedData->encapContentInfo->eContent;
-
- default:
- if (cms->d.other->type == V_ASN1_OCTET_STRING)
- return &cms->d.other->value.octet_string;
- CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
- return NULL;
-
- }
- }
-
-/* Return an ASN1_OBJECT pointer to content type. This allows it to
- * be accessed or set later.
- */
-
-static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
- {
- switch (OBJ_obj2nid(cms->contentType))
- {
-
- case NID_pkcs7_signed:
- return &cms->d.signedData->encapContentInfo->eContentType;
-
- case NID_pkcs7_enveloped:
- return &cms->d.envelopedData->encryptedContentInfo->contentType;
-
- case NID_pkcs7_digest:
- return &cms->d.digestedData->encapContentInfo->eContentType;
-
- case NID_pkcs7_encrypted:
- return &cms->d.encryptedData->encryptedContentInfo->contentType;
-
- case NID_id_smime_ct_authData:
- return &cms->d.authenticatedData->encapContentInfo->eContentType;
-
- case NID_id_smime_ct_compressedData:
- return &cms->d.compressedData->encapContentInfo->eContentType;
-
- default:
- CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE,
- CMS_R_UNSUPPORTED_CONTENT_TYPE);
- return NULL;
-
- }
- }
-
-const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
- {
- ASN1_OBJECT **petype;
- petype = cms_get0_econtent_type(cms);
- if (petype)
- return *petype;
- return NULL;
- }
-
-int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
- {
- ASN1_OBJECT **petype, *etype;
- petype = cms_get0_econtent_type(cms);
- if (!petype)
- return 0;
- if (!oid)
- return 1;
- etype = OBJ_dup(oid);
- if (!etype)
- return 0;
- ASN1_OBJECT_free(*petype);
- *petype = etype;
- return 1;
- }
-
-int CMS_is_detached(CMS_ContentInfo *cms)
- {
- ASN1_OCTET_STRING **pos;
- pos = CMS_get0_content(cms);
- if (!pos)
- return -1;
- if (*pos)
- return 0;
- return 1;
- }
-
-int CMS_set_detached(CMS_ContentInfo *cms, int detached)
- {
- ASN1_OCTET_STRING **pos;
- pos = CMS_get0_content(cms);
- if (!pos)
- return 0;
- if (detached)
- {
- if (*pos)
- {
- ASN1_OCTET_STRING_free(*pos);
- *pos = NULL;
- }
- return 1;
- }
- if (!*pos)
- *pos = ASN1_OCTET_STRING_new();
- if (*pos)
- {
- /* NB: special flag to show content is created and not
- * read in.
- */
- (*pos)->flags |= ASN1_STRING_FLAG_CONT;
- return 1;
- }
- CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
-/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
-
-void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
- {
- int param_type;
-
- switch (EVP_MD_type(md))
- {
- case NID_sha1:
- case NID_sha224:
- case NID_sha256:
- case NID_sha384:
- case NID_sha512:
- param_type = V_ASN1_UNDEF;
- break;
-
- default:
- param_type = V_ASN1_NULL;
- break;
- }
-
- X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
-
- }
-
-/* Create a digest BIO from an X509_ALGOR structure */
-
-BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
- {
- BIO *mdbio = NULL;
- ASN1_OBJECT *digestoid;
- const EVP_MD *digest;
- X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
- digest = EVP_get_digestbyobj(digestoid);
- if (!digest)
- {
- CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
- CMS_R_UNKNOWN_DIGEST_ALGORIHM);
- goto err;
- }
- mdbio = BIO_new(BIO_f_md());
- if (!mdbio || !BIO_set_md(mdbio, digest))
- {
- CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
- CMS_R_MD_BIO_INIT_ERROR);
- goto err;
- }
- return mdbio;
- err:
- if (mdbio)
- BIO_free(mdbio);
- return NULL;
- }
-
-/* Locate a message digest content from a BIO chain based on SignerInfo */
-
-int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
- X509_ALGOR *mdalg)
- {
- int nid;
- ASN1_OBJECT *mdoid;
- X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
- nid = OBJ_obj2nid(mdoid);
- /* Look for digest type to match signature */
- for (;;)
- {
- EVP_MD_CTX *mtmp;
- chain = BIO_find_type(chain, BIO_TYPE_MD);
- if (chain == NULL)
- {
- CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
- CMS_R_NO_MATCHING_DIGEST);
- return 0;
- }
- BIO_get_md_ctx(chain, &mtmp);
- if (EVP_MD_CTX_type(mtmp) == nid
- /* Workaround for broken implementations that use signature
- * algorithm OID instead of digest.
- */
- || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
- {
- EVP_MD_CTX_copy_ex(mctx, mtmp);
- return 1;
- }
- chain = BIO_next(chain);
- }
- }
-
-static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
- {
- switch (OBJ_obj2nid(cms->contentType))
- {
-
- case NID_pkcs7_signed:
- return &cms->d.signedData->certificates;
-
- case NID_pkcs7_enveloped:
- return &cms->d.envelopedData->originatorInfo->certificates;
-
- default:
- CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
- CMS_R_UNSUPPORTED_CONTENT_TYPE);
- return NULL;
-
- }
- }
-
-CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
- {
- STACK_OF(CMS_CertificateChoices) **pcerts;
- CMS_CertificateChoices *cch;
- pcerts = cms_get0_certificate_choices(cms);
- if (!pcerts)
- return NULL;
- if (!*pcerts)
- *pcerts = sk_CMS_CertificateChoices_new_null();
- if (!*pcerts)
- return NULL;
- cch = M_ASN1_new_of(CMS_CertificateChoices);
- if (!cch)
- return NULL;
- if (!sk_CMS_CertificateChoices_push(*pcerts, cch))
- {
- M_ASN1_free_of(cch, CMS_CertificateChoices);
- return NULL;
- }
- return cch;
- }
-
-int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
- {
- CMS_CertificateChoices *cch;
- STACK_OF(CMS_CertificateChoices) **pcerts;
- int i;
- pcerts = cms_get0_certificate_choices(cms);
- if (!pcerts)
- return 0;
- for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
- {
- cch = sk_CMS_CertificateChoices_value(*pcerts, i);
- if (cch->type == CMS_CERTCHOICE_CERT)
- {
- if (!X509_cmp(cch->d.certificate, cert))
- {
- CMSerr(CMS_F_CMS_ADD0_CERT,
- CMS_R_CERTIFICATE_ALREADY_PRESENT);
- return 0;
- }
- }
- }
- cch = CMS_add0_CertificateChoices(cms);
- if (!cch)
- return 0;
- cch->type = CMS_CERTCHOICE_CERT;
- cch->d.certificate = cert;
- return 1;
- }
-
-int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
- {
- int r;
- r = CMS_add0_cert(cms, cert);
- if (r > 0)
- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
- return r;
- }
-
-static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
- {
- switch (OBJ_obj2nid(cms->contentType))
- {
-
- case NID_pkcs7_signed:
- return &cms->d.signedData->crls;
-
- case NID_pkcs7_enveloped:
- return &cms->d.envelopedData->originatorInfo->crls;
-
- default:
- CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
- CMS_R_UNSUPPORTED_CONTENT_TYPE);
- return NULL;
-
- }
- }
-
-CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
- {
- STACK_OF(CMS_RevocationInfoChoice) **pcrls;
- CMS_RevocationInfoChoice *rch;
- pcrls = cms_get0_revocation_choices(cms);
- if (!pcrls)
- return NULL;
- if (!*pcrls)
- *pcrls = sk_CMS_RevocationInfoChoice_new_null();
- if (!*pcrls)
- return NULL;
- rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
- if (!rch)
- return NULL;
- if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch))
- {
- M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
- return NULL;
- }
- return rch;
- }
-
-int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
- {
- CMS_RevocationInfoChoice *rch;
- rch = CMS_add0_RevocationInfoChoice(cms);
- if (!rch)
- return 0;
- rch->type = CMS_REVCHOICE_CRL;
- rch->d.crl = crl;
- return 1;
- }
-
-STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
- {
- STACK_OF(X509) *certs = NULL;
- CMS_CertificateChoices *cch;
- STACK_OF(CMS_CertificateChoices) **pcerts;
- int i;
- pcerts = cms_get0_certificate_choices(cms);
- if (!pcerts)
- return NULL;
- for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
- {
- cch = sk_CMS_CertificateChoices_value(*pcerts, i);
- if (cch->type == 0)
- {
- if (!certs)
- {
- certs = sk_X509_new_null();
- if (!certs)
- return NULL;
- }
- if (!sk_X509_push(certs, cch->d.certificate))
- {
- sk_X509_pop_free(certs, X509_free);
- return NULL;
- }
- CRYPTO_add(&cch->d.certificate->references,
- 1, CRYPTO_LOCK_X509);
- }
- }
- return certs;
-
- }
-
-STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
- {
- STACK_OF(X509_CRL) *crls = NULL;
- STACK_OF(CMS_RevocationInfoChoice) **pcrls;
- CMS_RevocationInfoChoice *rch;
- int i;
- pcrls = cms_get0_revocation_choices(cms);
- if (!pcrls)
- return NULL;
- for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++)
- {
- rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
- if (rch->type == 0)
- {
- if (!crls)
- {
- crls = sk_X509_CRL_new_null();
- if (!crls)
- return NULL;
- }
- if (!sk_X509_CRL_push(crls, rch->d.crl))
- {
- sk_X509_CRL_pop_free(crls, X509_CRL_free);
- return NULL;
- }
- CRYPTO_add(&rch->d.crl->references,
- 1, CRYPTO_LOCK_X509_CRL);
- }
- }
- return crls;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,596 @@
+/* crypto/cms/cms_lib.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include "cms.h"
+#include "cms_lcl.h"
+
+IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo)
+
+DECLARE_ASN1_ITEM(CMS_CertificateChoices)
+DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
+DECLARE_STACK_OF(CMS_CertificateChoices)
+DECLARE_STACK_OF(CMS_RevocationInfoChoice)
+
+const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
+{
+ return cms->contentType;
+}
+
+CMS_ContentInfo *cms_Data_create(void)
+{
+ CMS_ContentInfo *cms;
+ cms = CMS_ContentInfo_new();
+ if (cms) {
+ cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
+ /* Never detached */
+ CMS_set_detached(cms, 0);
+ }
+ return cms;
+}
+
+BIO *cms_content_bio(CMS_ContentInfo *cms)
+{
+ ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+ if (!pos)
+ return NULL;
+ /* If content detached data goes nowhere: create NULL BIO */
+ if (!*pos)
+ return BIO_new(BIO_s_null());
+ /*
+ * If content not detached and created return memory BIO
+ */
+ if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
+ return BIO_new(BIO_s_mem());
+ /* Else content was read in: return read only BIO for it */
+ return BIO_new_mem_buf((*pos)->data, (*pos)->length);
+}
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
+{
+ BIO *cmsbio, *cont;
+ if (icont)
+ cont = icont;
+ else
+ cont = cms_content_bio(cms);
+ if (!cont) {
+ CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
+ return NULL;
+ }
+ switch (OBJ_obj2nid(cms->contentType)) {
+
+ case NID_pkcs7_data:
+ return cont;
+
+ case NID_pkcs7_signed:
+ cmsbio = cms_SignedData_init_bio(cms);
+ break;
+
+ case NID_pkcs7_digest:
+ cmsbio = cms_DigestedData_init_bio(cms);
+ break;
+#ifdef ZLIB
+ case NID_id_smime_ct_compressedData:
+ cmsbio = cms_CompressedData_init_bio(cms);
+ break;
+#endif
+
+ case NID_pkcs7_encrypted:
+ cmsbio = cms_EncryptedData_init_bio(cms);
+ break;
+
+ case NID_pkcs7_enveloped:
+ cmsbio = cms_EnvelopedData_init_bio(cms);
+ break;
+
+ default:
+ CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
+ return NULL;
+ }
+
+ if (cmsbio)
+ return BIO_push(cmsbio, cont);
+
+ if (!icont)
+ BIO_free(cont);
+ return NULL;
+
+}
+
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
+{
+ ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+ if (!pos)
+ return 0;
+ /* If ebmedded content find memory BIO and set content */
+ if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
+ BIO *mbio;
+ unsigned char *cont;
+ long contlen;
+ mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
+ if (!mbio) {
+ CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
+ return 0;
+ }
+ contlen = BIO_get_mem_data(mbio, &cont);
+ /* Set bio as read only so its content can't be clobbered */
+ BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
+ BIO_set_mem_eof_return(mbio, 0);
+ ASN1_STRING_set0(*pos, cont, contlen);
+ (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+ }
+
+ switch (OBJ_obj2nid(cms->contentType)) {
+
+ case NID_pkcs7_data:
+ case NID_pkcs7_enveloped:
+ case NID_pkcs7_encrypted:
+ case NID_id_smime_ct_compressedData:
+ /* Nothing to do */
+ return 1;
+
+ case NID_pkcs7_signed:
+ return cms_SignedData_final(cms, cmsbio);
+
+ case NID_pkcs7_digest:
+ return cms_DigestedData_do_final(cms, cmsbio, 0);
+
+ default:
+ CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
+ return 0;
+ }
+}
+
+/*
+ * Return an OCTET STRING pointer to content. This allows it to be accessed
+ * or set later.
+ */
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
+{
+ switch (OBJ_obj2nid(cms->contentType)) {
+
+ case NID_pkcs7_data:
+ return &cms->d.data;
+
+ case NID_pkcs7_signed:
+ return &cms->d.signedData->encapContentInfo->eContent;
+
+ case NID_pkcs7_enveloped:
+ return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
+
+ case NID_pkcs7_digest:
+ return &cms->d.digestedData->encapContentInfo->eContent;
+
+ case NID_pkcs7_encrypted:
+ return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
+
+ case NID_id_smime_ct_authData:
+ return &cms->d.authenticatedData->encapContentInfo->eContent;
+
+ case NID_id_smime_ct_compressedData:
+ return &cms->d.compressedData->encapContentInfo->eContent;
+
+ default:
+ if (cms->d.other->type == V_ASN1_OCTET_STRING)
+ return &cms->d.other->value.octet_string;
+ CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+ return NULL;
+
+ }
+}
+
+/*
+ * Return an ASN1_OBJECT pointer to content type. This allows it to be
+ * accessed or set later.
+ */
+
+static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
+{
+ switch (OBJ_obj2nid(cms->contentType)) {
+
+ case NID_pkcs7_signed:
+ return &cms->d.signedData->encapContentInfo->eContentType;
+
+ case NID_pkcs7_enveloped:
+ return &cms->d.envelopedData->encryptedContentInfo->contentType;
+
+ case NID_pkcs7_digest:
+ return &cms->d.digestedData->encapContentInfo->eContentType;
+
+ case NID_pkcs7_encrypted:
+ return &cms->d.encryptedData->encryptedContentInfo->contentType;
+
+ case NID_id_smime_ct_authData:
+ return &cms->d.authenticatedData->encapContentInfo->eContentType;
+
+ case NID_id_smime_ct_compressedData:
+ return &cms->d.compressedData->encapContentInfo->eContentType;
+
+ default:
+ CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+ return NULL;
+
+ }
+}
+
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
+{
+ ASN1_OBJECT **petype;
+ petype = cms_get0_econtent_type(cms);
+ if (petype)
+ return *petype;
+ return NULL;
+}
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
+{
+ ASN1_OBJECT **petype, *etype;
+ petype = cms_get0_econtent_type(cms);
+ if (!petype)
+ return 0;
+ if (!oid)
+ return 1;
+ etype = OBJ_dup(oid);
+ if (!etype)
+ return 0;
+ ASN1_OBJECT_free(*petype);
+ *petype = etype;
+ return 1;
+}
+
+int CMS_is_detached(CMS_ContentInfo *cms)
+{
+ ASN1_OCTET_STRING **pos;
+ pos = CMS_get0_content(cms);
+ if (!pos)
+ return -1;
+ if (*pos)
+ return 0;
+ return 1;
+}
+
+int CMS_set_detached(CMS_ContentInfo *cms, int detached)
+{
+ ASN1_OCTET_STRING **pos;
+ pos = CMS_get0_content(cms);
+ if (!pos)
+ return 0;
+ if (detached) {
+ if (*pos) {
+ ASN1_OCTET_STRING_free(*pos);
+ *pos = NULL;
+ }
+ return 1;
+ }
+ if (!*pos)
+ *pos = ASN1_OCTET_STRING_new();
+ if (*pos) {
+ /*
+ * NB: special flag to show content is created and not read in.
+ */
+ (*pos)->flags |= ASN1_STRING_FLAG_CONT;
+ return 1;
+ }
+ CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
+ return 0;
+}
+
+/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
+
+void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
+{
+ int param_type;
+
+ switch (EVP_MD_type(md)) {
+ case NID_sha1:
+ case NID_sha224:
+ case NID_sha256:
+ case NID_sha384:
+ case NID_sha512:
+ param_type = V_ASN1_UNDEF;
+ break;
+
+ default:
+ param_type = V_ASN1_NULL;
+ break;
+ }
+
+ X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
+
+}
+
+/* Create a digest BIO from an X509_ALGOR structure */
+
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
+{
+ BIO *mdbio = NULL;
+ ASN1_OBJECT *digestoid;
+ const EVP_MD *digest;
+ X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
+ digest = EVP_get_digestbyobj(digestoid);
+ if (!digest) {
+ CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
+ CMS_R_UNKNOWN_DIGEST_ALGORIHM);
+ goto err;
+ }
+ mdbio = BIO_new(BIO_f_md());
+ if (!mdbio || !BIO_set_md(mdbio, digest)) {
+ CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR);
+ goto err;
+ }
+ return mdbio;
+ err:
+ if (mdbio)
+ BIO_free(mdbio);
+ return NULL;
+}
+
+/* Locate a message digest content from a BIO chain based on SignerInfo */
+
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+ X509_ALGOR *mdalg)
+{
+ int nid;
+ ASN1_OBJECT *mdoid;
+ X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
+ nid = OBJ_obj2nid(mdoid);
+ /* Look for digest type to match signature */
+ for (;;) {
+ EVP_MD_CTX *mtmp;
+ chain = BIO_find_type(chain, BIO_TYPE_MD);
+ if (chain == NULL) {
+ CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
+ CMS_R_NO_MATCHING_DIGEST);
+ return 0;
+ }
+ BIO_get_md_ctx(chain, &mtmp);
+ if (EVP_MD_CTX_type(mtmp) == nid
+ /*
+ * Workaround for broken implementations that use signature
+ * algorithm OID instead of digest.
+ */
+ || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid) {
+ EVP_MD_CTX_copy_ex(mctx, mtmp);
+ return 1;
+ }
+ chain = BIO_next(chain);
+ }
+}
+
+static STACK_OF(CMS_CertificateChoices)
+**cms_get0_certificate_choices(CMS_ContentInfo *cms)
+{
+ switch (OBJ_obj2nid(cms->contentType)) {
+
+ case NID_pkcs7_signed:
+ return &cms->d.signedData->certificates;
+
+ case NID_pkcs7_enveloped:
+ return &cms->d.envelopedData->originatorInfo->certificates;
+
+ default:
+ CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
+ CMS_R_UNSUPPORTED_CONTENT_TYPE);
+ return NULL;
+
+ }
+}
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
+{
+ STACK_OF(CMS_CertificateChoices) **pcerts;
+ CMS_CertificateChoices *cch;
+ pcerts = cms_get0_certificate_choices(cms);
+ if (!pcerts)
+ return NULL;
+ if (!*pcerts)
+ *pcerts = sk_CMS_CertificateChoices_new_null();
+ if (!*pcerts)
+ return NULL;
+ cch = M_ASN1_new_of(CMS_CertificateChoices);
+ if (!cch)
+ return NULL;
+ if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
+ M_ASN1_free_of(cch, CMS_CertificateChoices);
+ return NULL;
+ }
+ return cch;
+}
+
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
+{
+ CMS_CertificateChoices *cch;
+ STACK_OF(CMS_CertificateChoices) **pcerts;
+ int i;
+ pcerts = cms_get0_certificate_choices(cms);
+ if (!pcerts)
+ return 0;
+ for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
+ cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+ if (cch->type == CMS_CERTCHOICE_CERT) {
+ if (!X509_cmp(cch->d.certificate, cert)) {
+ CMSerr(CMS_F_CMS_ADD0_CERT,
+ CMS_R_CERTIFICATE_ALREADY_PRESENT);
+ return 0;
+ }
+ }
+ }
+ cch = CMS_add0_CertificateChoices(cms);
+ if (!cch)
+ return 0;
+ cch->type = CMS_CERTCHOICE_CERT;
+ cch->d.certificate = cert;
+ return 1;
+}
+
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
+{
+ int r;
+ r = CMS_add0_cert(cms, cert);
+ if (r > 0)
+ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+ return r;
+}
+
+static STACK_OF(CMS_RevocationInfoChoice)
+**cms_get0_revocation_choices(CMS_ContentInfo *cms)
+{
+ switch (OBJ_obj2nid(cms->contentType)) {
+
+ case NID_pkcs7_signed:
+ return &cms->d.signedData->crls;
+
+ case NID_pkcs7_enveloped:
+ return &cms->d.envelopedData->originatorInfo->crls;
+
+ default:
+ CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
+ CMS_R_UNSUPPORTED_CONTENT_TYPE);
+ return NULL;
+
+ }
+}
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
+{
+ STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+ CMS_RevocationInfoChoice *rch;
+ pcrls = cms_get0_revocation_choices(cms);
+ if (!pcrls)
+ return NULL;
+ if (!*pcrls)
+ *pcrls = sk_CMS_RevocationInfoChoice_new_null();
+ if (!*pcrls)
+ return NULL;
+ rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
+ if (!rch)
+ return NULL;
+ if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
+ M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
+ return NULL;
+ }
+ return rch;
+}
+
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+{
+ CMS_RevocationInfoChoice *rch;
+ rch = CMS_add0_RevocationInfoChoice(cms);
+ if (!rch)
+ return 0;
+ rch->type = CMS_REVCHOICE_CRL;
+ rch->d.crl = crl;
+ return 1;
+}
+
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
+{
+ STACK_OF(X509) *certs = NULL;
+ CMS_CertificateChoices *cch;
+ STACK_OF(CMS_CertificateChoices) **pcerts;
+ int i;
+ pcerts = cms_get0_certificate_choices(cms);
+ if (!pcerts)
+ return NULL;
+ for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
+ cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+ if (cch->type == 0) {
+ if (!certs) {
+ certs = sk_X509_new_null();
+ if (!certs)
+ return NULL;
+ }
+ if (!sk_X509_push(certs, cch->d.certificate)) {
+ sk_X509_pop_free(certs, X509_free);
+ return NULL;
+ }
+ CRYPTO_add(&cch->d.certificate->references, 1, CRYPTO_LOCK_X509);
+ }
+ }
+ return certs;
+
+}
+
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
+{
+ STACK_OF(X509_CRL) *crls = NULL;
+ STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+ CMS_RevocationInfoChoice *rch;
+ int i;
+ pcrls = cms_get0_revocation_choices(cms);
+ if (!pcrls)
+ return NULL;
+ for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
+ rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
+ if (rch->type == 0) {
+ if (!crls) {
+ crls = sk_X509_CRL_new_null();
+ if (!crls)
+ return NULL;
+ }
+ if (!sk_X509_CRL_push(crls, rch->d.crl)) {
+ sk_X509_CRL_pop_free(crls, X509_CRL_free);
+ return NULL;
+ }
+ CRYPTO_add(&rch->d.crl->references, 1, CRYPTO_LOCK_X509_CRL);
+ }
+ }
+ return crls;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_sd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_sd.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_sd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1014 +0,0 @@
-/* crypto/cms/cms_sd.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include "cms_lcl.h"
-
-/* CMS SignedData Utilities */
-
-DECLARE_ASN1_ITEM(CMS_SignedData)
-
-static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
- {
- if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed)
- {
- CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
- return NULL;
- }
- return cms->d.signedData;
- }
-
-static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
- {
- if (cms->d.other == NULL)
- {
- cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
- if (!cms->d.signedData)
- {
- CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- cms->d.signedData->version = 1;
- cms->d.signedData->encapContentInfo->eContentType =
- OBJ_nid2obj(NID_pkcs7_data);
- cms->d.signedData->encapContentInfo->partial = 1;
- ASN1_OBJECT_free(cms->contentType);
- cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
- return cms->d.signedData;
- }
- return cms_get0_signed(cms);
- }
-
-/* Just initialize SignedData e.g. for certs only structure */
-
-int CMS_SignedData_init(CMS_ContentInfo *cms)
- {
- if (cms_signed_data_init(cms))
- return 1;
- else
- return 0;
- }
-
-/* Check structures and fixup version numbers (if necessary) */
-
-static void cms_sd_set_version(CMS_SignedData *sd)
- {
- int i;
- CMS_CertificateChoices *cch;
- CMS_RevocationInfoChoice *rch;
- CMS_SignerInfo *si;
-
- for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++)
- {
- cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
- if (cch->type == CMS_CERTCHOICE_OTHER)
- {
- if (sd->version < 5)
- sd->version = 5;
- }
- else if (cch->type == CMS_CERTCHOICE_V2ACERT)
- {
- if (sd->version < 4)
- sd->version = 4;
- }
- else if (cch->type == CMS_CERTCHOICE_V1ACERT)
- {
- if (sd->version < 3)
- sd->version = 3;
- }
- }
-
- for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++)
- {
- rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
- if (rch->type == CMS_REVCHOICE_OTHER)
- {
- if (sd->version < 5)
- sd->version = 5;
- }
- }
-
- if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
- && (sd->version < 3))
- sd->version = 3;
-
- for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
- {
- si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
- if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
- {
- if (si->version < 3)
- si->version = 3;
- if (sd->version < 3)
- sd->version = 3;
- }
- else if (si->version < 1)
- si->version = 1;
- }
-
- if (sd->version < 1)
- sd->version = 1;
-
- }
-
-/* Copy an existing messageDigest value */
-
-static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
- {
- STACK_OF(CMS_SignerInfo) *sinfos;
- CMS_SignerInfo *sitmp;
- int i;
- sinfos = CMS_get0_SignerInfos(cms);
- for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
- {
- ASN1_OCTET_STRING *messageDigest;
- sitmp = sk_CMS_SignerInfo_value(sinfos, i);
- if (sitmp == si)
- continue;
- if (CMS_signed_get_attr_count(sitmp) < 0)
- continue;
- if (OBJ_cmp(si->digestAlgorithm->algorithm,
- sitmp->digestAlgorithm->algorithm))
- continue;
- messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
- OBJ_nid2obj(NID_pkcs9_messageDigest),
- -3, V_ASN1_OCTET_STRING);
- if (!messageDigest)
- {
- CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
- CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
- return 0;
- }
-
- if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
- V_ASN1_OCTET_STRING,
- messageDigest, -1))
- return 1;
- else
- return 0;
- }
- CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
- return 0;
- }
-
-int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
- {
- switch(type)
- {
- case CMS_SIGNERINFO_ISSUER_SERIAL:
- sid->d.issuerAndSerialNumber =
- M_ASN1_new_of(CMS_IssuerAndSerialNumber);
- if (!sid->d.issuerAndSerialNumber)
- goto merr;
- if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
- X509_get_issuer_name(cert)))
- goto merr;
- ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber);
- sid->d.issuerAndSerialNumber->serialNumber =
- ASN1_STRING_dup(X509_get_serialNumber(cert));
- if(!sid->d.issuerAndSerialNumber->serialNumber)
- goto merr;
- break;
-
- case CMS_SIGNERINFO_KEYIDENTIFIER:
- if (!cert->skid)
- {
- CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
- CMS_R_CERTIFICATE_HAS_NO_KEYID);
- return 0;
- }
- sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
- if (!sid->d.subjectKeyIdentifier)
- goto merr;
- break;
-
- default:
- CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
- return 0;
- }
-
- sid->type = type;
-
- return 1;
-
- merr:
- CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
- return 0;
-
- }
-
-int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
- ASN1_OCTET_STRING **keyid,
- X509_NAME **issuer, ASN1_INTEGER **sno)
- {
- if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
- {
- if (issuer)
- *issuer = sid->d.issuerAndSerialNumber->issuer;
- if (sno)
- *sno = sid->d.issuerAndSerialNumber->serialNumber;
- }
- else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
- {
- if (keyid)
- *keyid = sid->d.subjectKeyIdentifier;
- }
- else
- return 0;
- return 1;
- }
-
-int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
- {
- int ret;
- if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
- {
- ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
- X509_get_issuer_name(cert));
- if (ret)
- return ret;
- return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
- X509_get_serialNumber(cert));
- }
- else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
- {
- X509_check_purpose(cert, -1, -1);
- if (!cert->skid)
- return -1;
- return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier,
- cert->skid);
- }
- else
- return -1;
- }
-
-CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
- X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
- unsigned int flags)
- {
- CMS_SignedData *sd;
- CMS_SignerInfo *si = NULL;
- X509_ALGOR *alg;
- int i, type;
- if(!X509_check_private_key(signer, pk))
- {
- CMSerr(CMS_F_CMS_ADD1_SIGNER,
- CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
- return NULL;
- }
- sd = cms_signed_data_init(cms);
- if (!sd)
- goto err;
- si = M_ASN1_new_of(CMS_SignerInfo);
- if (!si)
- goto merr;
- X509_check_purpose(signer, -1, -1);
-
- CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
- CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
-
- si->pkey = pk;
- si->signer = signer;
-
- if (flags & CMS_USE_KEYID)
- {
- si->version = 3;
- if (sd->version < 3)
- sd->version = 3;
- type = CMS_SIGNERINFO_KEYIDENTIFIER;
- }
- else
- {
- type = CMS_SIGNERINFO_ISSUER_SERIAL;
- si->version = 1;
- }
-
- if (!cms_set1_SignerIdentifier(si->sid, signer, type))
- goto err;
-
- /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */
- if (md == NULL)
- md = EVP_sha1();
-
- /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */
-
- if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1))
- {
- CMSerr(CMS_F_CMS_ADD1_SIGNER,
- CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
- goto err;
- }
-
- cms_DigestAlgorithm_set(si->digestAlgorithm, md);
-
- /* See if digest is present in digestAlgorithms */
- for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
- {
- ASN1_OBJECT *aoid;
- alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
- X509_ALGOR_get0(&aoid, NULL, NULL, alg);
- if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
- break;
- }
-
- if (i == sk_X509_ALGOR_num(sd->digestAlgorithms))
- {
- alg = X509_ALGOR_new();
- if (!alg)
- goto merr;
- cms_DigestAlgorithm_set(alg, md);
- if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg))
- {
- X509_ALGOR_free(alg);
- goto merr;
- }
- }
-
- /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
- * hard code algorithm parameters.
- */
-
- switch (pk->type)
- {
-
- case EVP_PKEY_RSA:
- X509_ALGOR_set0(si->signatureAlgorithm,
- OBJ_nid2obj(NID_rsaEncryption),
- V_ASN1_NULL, 0);
- break;
-
- case EVP_PKEY_DSA:
- X509_ALGOR_set0(si->signatureAlgorithm,
- OBJ_nid2obj(NID_dsaWithSHA1),
- V_ASN1_UNDEF, 0);
- break;
-
-
- case EVP_PKEY_EC:
- X509_ALGOR_set0(si->signatureAlgorithm,
- OBJ_nid2obj(NID_ecdsa_with_SHA1),
- V_ASN1_UNDEF, 0);
- break;
-
- default:
- CMSerr(CMS_F_CMS_ADD1_SIGNER,
- CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
- goto err;
-
- }
-
- if (!(flags & CMS_NOATTR))
- {
- /* Initialialize signed attributes strutucture so other
- * attributes such as signing time etc are added later
- * even if we add none here.
- */
- if (!si->signedAttrs)
- {
- si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
- if (!si->signedAttrs)
- goto merr;
- }
-
- if (!(flags & CMS_NOSMIMECAP))
- {
- STACK_OF(X509_ALGOR) *smcap = NULL;
- i = CMS_add_standard_smimecap(&smcap);
- if (i)
- i = CMS_add_smimecap(si, smcap);
- sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
- if (!i)
- goto merr;
- }
- if (flags & CMS_REUSE_DIGEST)
- {
- if (!cms_copy_messageDigest(cms, si))
- goto err;
- if (!(flags & CMS_PARTIAL) &&
- !CMS_SignerInfo_sign(si))
- goto err;
- }
- }
-
- if (!(flags & CMS_NOCERTS))
- {
- /* NB ignore -1 return for duplicate cert */
- if (!CMS_add1_cert(cms, signer))
- goto merr;
- }
-
- if (!sd->signerInfos)
- sd->signerInfos = sk_CMS_SignerInfo_new_null();
- if (!sd->signerInfos ||
- !sk_CMS_SignerInfo_push(sd->signerInfos, si))
- goto merr;
-
- return si;
-
- merr:
- CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
- err:
- if (si)
- M_ASN1_free_of(si, CMS_SignerInfo);
- return NULL;
-
- }
-
-static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
- {
- ASN1_TIME *tt;
- int r = 0;
- if (t)
- tt = t;
- else
- tt = X509_gmtime_adj(NULL, 0);
-
- if (!tt)
- goto merr;
-
- if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
- tt->type, tt, -1) <= 0)
- goto merr;
-
- r = 1;
-
- merr:
-
- if (!t)
- ASN1_TIME_free(tt);
-
- if (!r)
- CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
-
- return r;
-
- }
-
-STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
- {
- CMS_SignedData *sd;
- sd = cms_get0_signed(cms);
- if (!sd)
- return NULL;
- return sd->signerInfos;
- }
-
-STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
- {
- STACK_OF(X509) *signers = NULL;
- STACK_OF(CMS_SignerInfo) *sinfos;
- CMS_SignerInfo *si;
- int i;
- sinfos = CMS_get0_SignerInfos(cms);
- for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
- {
- si = sk_CMS_SignerInfo_value(sinfos, i);
- if (si->signer)
- {
- if (!signers)
- {
- signers = sk_X509_new_null();
- if (!signers)
- return NULL;
- }
- if (!sk_X509_push(signers, si->signer))
- {
- sk_X509_free(signers);
- return NULL;
- }
- }
- }
- return signers;
- }
-
-void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
- {
- if (signer)
- {
- CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
- if (si->pkey)
- EVP_PKEY_free(si->pkey);
- si->pkey = X509_get_pubkey(signer);
- }
- if (si->signer)
- X509_free(si->signer);
- si->signer = signer;
- }
-
-int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
- ASN1_OCTET_STRING **keyid,
- X509_NAME **issuer, ASN1_INTEGER **sno)
- {
- return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
- }
-
-int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
- {
- return cms_SignerIdentifier_cert_cmp(si->sid, cert);
- }
-
-int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
- unsigned int flags)
- {
- CMS_SignedData *sd;
- CMS_SignerInfo *si;
- CMS_CertificateChoices *cch;
- STACK_OF(CMS_CertificateChoices) *certs;
- X509 *x;
- int i, j;
- int ret = 0;
- sd = cms_get0_signed(cms);
- if (!sd)
- return -1;
- certs = sd->certificates;
- for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
- {
- si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
- if (si->signer)
- continue;
-
- for (j = 0; j < sk_X509_num(scerts); j++)
- {
- x = sk_X509_value(scerts, j);
- if (CMS_SignerInfo_cert_cmp(si, x) == 0)
- {
- CMS_SignerInfo_set1_signer_cert(si, x);
- ret++;
- break;
- }
- }
-
- if (si->signer || (flags & CMS_NOINTERN))
- continue;
-
- for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++)
- {
- cch = sk_CMS_CertificateChoices_value(certs, j);
- if (cch->type != 0)
- continue;
- x = cch->d.certificate;
- if (CMS_SignerInfo_cert_cmp(si, x) == 0)
- {
- CMS_SignerInfo_set1_signer_cert(si, x);
- ret++;
- break;
- }
- }
- }
- return ret;
- }
-
-void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
- X509_ALGOR **pdig, X509_ALGOR **psig)
- {
- if (pk)
- *pk = si->pkey;
- if (signer)
- *signer = si->signer;
- if (pdig)
- *pdig = si->digestAlgorithm;
- if (psig)
- *psig = si->signatureAlgorithm;
- }
-
-/* In OpenSSL 0.9.8 we have the link between digest types and public
- * key types so we need to fixup the digest type if the public key
- * type is not appropriate.
- */
-
-static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey)
- {
- if (EVP_MD_CTX_type(mctx) != NID_sha1)
- return;
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- mctx->digest = EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- mctx->digest = EVP_ecdsa();
-#endif
- }
-
-static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
- CMS_SignerInfo *si, BIO *chain)
- {
- EVP_MD_CTX mctx;
- int r = 0;
- EVP_MD_CTX_init(&mctx);
-
-
- if (!si->pkey)
- {
- CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
- return 0;
- }
-
- if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
- goto err;
-
- /* If any signed attributes calculate and add messageDigest attribute */
-
- if (CMS_signed_get_attr_count(si) >= 0)
- {
- ASN1_OBJECT *ctype =
- cms->d.signedData->encapContentInfo->eContentType;
- unsigned char md[EVP_MAX_MD_SIZE];
- unsigned int mdlen;
- EVP_DigestFinal_ex(&mctx, md, &mdlen);
- if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
- V_ASN1_OCTET_STRING,
- md, mdlen))
- goto err;
- /* Copy content type across */
- if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
- V_ASN1_OBJECT, ctype, -1) <= 0)
- goto err;
- if (!CMS_SignerInfo_sign(si))
- goto err;
- }
- else
- {
- unsigned char *sig;
- unsigned int siglen;
- sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
- if (!sig)
- {
- CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- cms_fixup_mctx(&mctx, si->pkey);
- if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
- {
- CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
- CMS_R_SIGNFINAL_ERROR);
- OPENSSL_free(sig);
- goto err;
- }
- ASN1_STRING_set0(si->signature, sig, siglen);
- }
-
- r = 1;
-
- err:
- EVP_MD_CTX_cleanup(&mctx);
- return r;
-
- }
-
-int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
- {
- STACK_OF(CMS_SignerInfo) *sinfos;
- CMS_SignerInfo *si;
- int i;
- sinfos = CMS_get0_SignerInfos(cms);
- for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
- {
- si = sk_CMS_SignerInfo_value(sinfos, i);
- if (!cms_SignerInfo_content_sign(cms, si, chain))
- return 0;
- }
- cms->d.signedData->encapContentInfo->partial = 0;
- return 1;
- }
-
-int CMS_SignerInfo_sign(CMS_SignerInfo *si)
- {
- EVP_MD_CTX mctx;
- unsigned char *abuf = NULL;
- int alen;
- unsigned int siglen;
- const EVP_MD *md = NULL;
-
- md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
- if (md == NULL)
- return 0;
-
- EVP_MD_CTX_init(&mctx);
-
- if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0)
- {
- if (!cms_add1_signingTime(si, NULL))
- goto err;
- }
-
- if (EVP_SignInit_ex(&mctx, md, NULL) <= 0)
- goto err;
-
-#if 0
- if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
- EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
- {
- CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
- goto err;
- }
-#endif
-
- alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
- ASN1_ITEM_rptr(CMS_Attributes_Sign));
- if(!abuf)
- goto err;
- if (EVP_SignUpdate(&mctx, abuf, alen) <= 0)
- goto err;
- siglen = EVP_PKEY_size(si->pkey);
- OPENSSL_free(abuf);
- abuf = OPENSSL_malloc(siglen);
- if(!abuf)
- goto err;
- cms_fixup_mctx(&mctx, si->pkey);
- if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0)
- goto err;
-#if 0
- if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
- EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
- {
- CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
- goto err;
- }
-#endif
- EVP_MD_CTX_cleanup(&mctx);
-
- ASN1_STRING_set0(si->signature, abuf, siglen);
-
- return 1;
-
- err:
- if (abuf)
- OPENSSL_free(abuf);
- EVP_MD_CTX_cleanup(&mctx);
- return 0;
-
- }
-
-int CMS_SignerInfo_verify(CMS_SignerInfo *si)
- {
- EVP_MD_CTX mctx;
- unsigned char *abuf = NULL;
- int alen, r = -1;
- const EVP_MD *md = NULL;
-
- if (!si->pkey)
- {
- CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
- return -1;
- }
-
- md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
- if (md == NULL)
- return -1;
- EVP_MD_CTX_init(&mctx);
- if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0)
- goto err;
-
- alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
- ASN1_ITEM_rptr(CMS_Attributes_Verify));
- if(!abuf)
- goto err;
- r = EVP_VerifyUpdate(&mctx, abuf, alen);
- OPENSSL_free(abuf);
- if (r <= 0)
- {
- r = -1;
- goto err;
- }
- cms_fixup_mctx(&mctx, si->pkey);
- r = EVP_VerifyFinal(&mctx,
- si->signature->data, si->signature->length, si->pkey);
- if (r <= 0)
- CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
- err:
- EVP_MD_CTX_cleanup(&mctx);
- return r;
- }
-
-/* Create a chain of digest BIOs from a CMS ContentInfo */
-
-BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
- {
- int i;
- CMS_SignedData *sd;
- BIO *chain = NULL;
- sd = cms_get0_signed(cms);
- if (!sd)
- return NULL;
- if (cms->d.signedData->encapContentInfo->partial)
- cms_sd_set_version(sd);
- for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
- {
- X509_ALGOR *digestAlgorithm;
- BIO *mdbio;
- digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
- mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
- if (!mdbio)
- goto err;
- if (chain)
- BIO_push(chain, mdbio);
- else
- chain = mdbio;
- }
- return chain;
- err:
- if (chain)
- BIO_free_all(chain);
- return NULL;
- }
-
-int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
- {
- ASN1_OCTET_STRING *os = NULL;
- EVP_MD_CTX mctx;
- int r = -1;
- EVP_MD_CTX_init(&mctx);
- /* If we have any signed attributes look for messageDigest value */
- if (CMS_signed_get_attr_count(si) >= 0)
- {
- os = CMS_signed_get0_data_by_OBJ(si,
- OBJ_nid2obj(NID_pkcs9_messageDigest),
- -3, V_ASN1_OCTET_STRING);
- if (!os)
- {
- CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
- CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
- goto err;
- }
- }
-
- if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
- goto err;
-
- /* If messageDigest found compare it */
-
- if (os)
- {
- unsigned char mval[EVP_MAX_MD_SIZE];
- unsigned int mlen;
- if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0)
- {
- CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
- CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
- goto err;
- }
- if (mlen != (unsigned int)os->length)
- {
- CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
- CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
- goto err;
- }
-
- if (memcmp(mval, os->data, mlen))
- {
- CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
- CMS_R_VERIFICATION_FAILURE);
- r = 0;
- }
- else
- r = 1;
- }
- else
- {
- cms_fixup_mctx(&mctx, si->pkey);
- r = EVP_VerifyFinal(&mctx, si->signature->data,
- si->signature->length, si->pkey);
- if (r <= 0)
- {
- CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
- CMS_R_VERIFICATION_FAILURE);
- r = 0;
- }
- }
-
- err:
- EVP_MD_CTX_cleanup(&mctx);
- return r;
-
- }
-
-int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
- {
- unsigned char *smder = NULL;
- int smderlen, r;
- smderlen = i2d_X509_ALGORS(algs, &smder);
- if (smderlen <= 0)
- return 0;
- r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
- V_ASN1_SEQUENCE, smder, smderlen);
- OPENSSL_free(smder);
- return r;
- }
-
-int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
- int algnid, int keysize)
- {
- X509_ALGOR *alg;
- ASN1_INTEGER *key = NULL;
- if (keysize > 0)
- {
- key = ASN1_INTEGER_new();
- if (!key || !ASN1_INTEGER_set(key, keysize))
- return 0;
- }
- alg = X509_ALGOR_new();
- if (!alg)
- {
- if (key)
- ASN1_INTEGER_free(key);
- return 0;
- }
-
- X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
- key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
- if (!*algs)
- *algs = sk_X509_ALGOR_new_null();
- if (!*algs || !sk_X509_ALGOR_push(*algs, alg))
- {
- X509_ALGOR_free(alg);
- return 0;
- }
- return 1;
- }
-
-/* Check to see if a cipher exists and if so add S/MIME capabilities */
-
-static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
- {
- if (EVP_get_cipherbynid(nid))
- return CMS_add_simple_smimecap(sk, nid, arg);
- return 1;
- }
-#if 0
-static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
- {
- if (EVP_get_digestbynid(nid))
- return CMS_add_simple_smimecap(sk, nid, arg);
- return 1;
- }
-#endif
-int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
- {
- if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
- || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
- || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
- || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
- || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
- || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
- || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
- || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
- return 0;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_sd.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_sd.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_sd.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_sd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,934 @@
+/* crypto/cms/cms_sd.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+/* CMS SignedData Utilities */
+
+DECLARE_ASN1_ITEM(CMS_SignedData)
+
+static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
+{
+ if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
+ CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
+ return NULL;
+ }
+ return cms->d.signedData;
+}
+
+static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
+{
+ if (cms->d.other == NULL) {
+ cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
+ if (!cms->d.signedData) {
+ CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ cms->d.signedData->version = 1;
+ cms->d.signedData->encapContentInfo->eContentType =
+ OBJ_nid2obj(NID_pkcs7_data);
+ cms->d.signedData->encapContentInfo->partial = 1;
+ ASN1_OBJECT_free(cms->contentType);
+ cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
+ return cms->d.signedData;
+ }
+ return cms_get0_signed(cms);
+}
+
+/* Just initialize SignedData e.g. for certs only structure */
+
+int CMS_SignedData_init(CMS_ContentInfo *cms)
+{
+ if (cms_signed_data_init(cms))
+ return 1;
+ else
+ return 0;
+}
+
+/* Check structures and fixup version numbers (if necessary) */
+
+static void cms_sd_set_version(CMS_SignedData *sd)
+{
+ int i;
+ CMS_CertificateChoices *cch;
+ CMS_RevocationInfoChoice *rch;
+ CMS_SignerInfo *si;
+
+ for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) {
+ cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
+ if (cch->type == CMS_CERTCHOICE_OTHER) {
+ if (sd->version < 5)
+ sd->version = 5;
+ } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
+ if (sd->version < 4)
+ sd->version = 4;
+ } else if (cch->type == CMS_CERTCHOICE_V1ACERT) {
+ if (sd->version < 3)
+ sd->version = 3;
+ }
+ }
+
+ for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) {
+ rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
+ if (rch->type == CMS_REVCHOICE_OTHER) {
+ if (sd->version < 5)
+ sd->version = 5;
+ }
+ }
+
+ if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
+ && (sd->version < 3))
+ sd->version = 3;
+
+ for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
+ si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+ if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
+ if (si->version < 3)
+ si->version = 3;
+ if (sd->version < 3)
+ sd->version = 3;
+ } else if (si->version < 1)
+ si->version = 1;
+ }
+
+ if (sd->version < 1)
+ sd->version = 1;
+
+}
+
+/* Copy an existing messageDigest value */
+
+static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
+{
+ STACK_OF(CMS_SignerInfo) *sinfos;
+ CMS_SignerInfo *sitmp;
+ int i;
+ sinfos = CMS_get0_SignerInfos(cms);
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+ ASN1_OCTET_STRING *messageDigest;
+ sitmp = sk_CMS_SignerInfo_value(sinfos, i);
+ if (sitmp == si)
+ continue;
+ if (CMS_signed_get_attr_count(sitmp) < 0)
+ continue;
+ if (OBJ_cmp(si->digestAlgorithm->algorithm,
+ sitmp->digestAlgorithm->algorithm))
+ continue;
+ messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
+ OBJ_nid2obj
+ (NID_pkcs9_messageDigest),
+ -3, V_ASN1_OCTET_STRING);
+ if (!messageDigest) {
+ CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
+ CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+ return 0;
+ }
+
+ if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+ V_ASN1_OCTET_STRING,
+ messageDigest, -1))
+ return 1;
+ else
+ return 0;
+ }
+ CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
+ return 0;
+}
+
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
+{
+ switch (type) {
+ case CMS_SIGNERINFO_ISSUER_SERIAL:
+ sid->d.issuerAndSerialNumber =
+ M_ASN1_new_of(CMS_IssuerAndSerialNumber);
+ if (!sid->d.issuerAndSerialNumber)
+ goto merr;
+ if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
+ X509_get_issuer_name(cert)))
+ goto merr;
+ ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber);
+ sid->d.issuerAndSerialNumber->serialNumber =
+ ASN1_STRING_dup(X509_get_serialNumber(cert));
+ if (!sid->d.issuerAndSerialNumber->serialNumber)
+ goto merr;
+ break;
+
+ case CMS_SIGNERINFO_KEYIDENTIFIER:
+ if (!cert->skid) {
+ CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
+ CMS_R_CERTIFICATE_HAS_NO_KEYID);
+ return 0;
+ }
+ sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
+ if (!sid->d.subjectKeyIdentifier)
+ goto merr;
+ break;
+
+ default:
+ CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
+ return 0;
+ }
+
+ sid->type = type;
+
+ return 1;
+
+ merr:
+ CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
+ return 0;
+
+}
+
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer,
+ ASN1_INTEGER **sno)
+{
+ if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
+ if (issuer)
+ *issuer = sid->d.issuerAndSerialNumber->issuer;
+ if (sno)
+ *sno = sid->d.issuerAndSerialNumber->serialNumber;
+ } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
+ if (keyid)
+ *keyid = sid->d.subjectKeyIdentifier;
+ } else
+ return 0;
+ return 1;
+}
+
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
+{
+ int ret;
+ if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
+ ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
+ X509_get_issuer_name(cert));
+ if (ret)
+ return ret;
+ return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
+ X509_get_serialNumber(cert));
+ } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
+ X509_check_purpose(cert, -1, -1);
+ if (!cert->skid)
+ return -1;
+ return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier, cert->skid);
+ } else
+ return -1;
+}
+
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+ X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+ unsigned int flags)
+{
+ CMS_SignedData *sd;
+ CMS_SignerInfo *si = NULL;
+ X509_ALGOR *alg;
+ int i, type;
+ if (!X509_check_private_key(signer, pk)) {
+ CMSerr(CMS_F_CMS_ADD1_SIGNER,
+ CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+ return NULL;
+ }
+ sd = cms_signed_data_init(cms);
+ if (!sd)
+ goto err;
+ si = M_ASN1_new_of(CMS_SignerInfo);
+ if (!si)
+ goto merr;
+ X509_check_purpose(signer, -1, -1);
+
+ CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+
+ si->pkey = pk;
+ si->signer = signer;
+
+ if (flags & CMS_USE_KEYID) {
+ si->version = 3;
+ if (sd->version < 3)
+ sd->version = 3;
+ type = CMS_SIGNERINFO_KEYIDENTIFIER;
+ } else {
+ type = CMS_SIGNERINFO_ISSUER_SERIAL;
+ si->version = 1;
+ }
+
+ if (!cms_set1_SignerIdentifier(si->sid, signer, type))
+ goto err;
+
+ /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */
+ if (md == NULL)
+ md = EVP_sha1();
+
+ /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */
+
+ if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1)) {
+ CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ goto err;
+ }
+
+ cms_DigestAlgorithm_set(si->digestAlgorithm, md);
+
+ /* See if digest is present in digestAlgorithms */
+ for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
+ ASN1_OBJECT *aoid;
+ alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+ X509_ALGOR_get0(&aoid, NULL, NULL, alg);
+ if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
+ break;
+ }
+
+ if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
+ alg = X509_ALGOR_new();
+ if (!alg)
+ goto merr;
+ cms_DigestAlgorithm_set(alg, md);
+ if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
+ X509_ALGOR_free(alg);
+ goto merr;
+ }
+ }
+
+ /*
+ * Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8, hard code
+ * algorithm parameters.
+ */
+
+ switch (pk->type) {
+
+ case EVP_PKEY_RSA:
+ X509_ALGOR_set0(si->signatureAlgorithm,
+ OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
+ break;
+
+ case EVP_PKEY_DSA:
+ X509_ALGOR_set0(si->signatureAlgorithm,
+ OBJ_nid2obj(NID_dsaWithSHA1), V_ASN1_UNDEF, 0);
+ break;
+
+ case EVP_PKEY_EC:
+ X509_ALGOR_set0(si->signatureAlgorithm,
+ OBJ_nid2obj(NID_ecdsa_with_SHA1), V_ASN1_UNDEF, 0);
+ break;
+
+ default:
+ CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ goto err;
+
+ }
+
+ if (!(flags & CMS_NOATTR)) {
+ /*
+ * Initialialize signed attributes strutucture so other attributes
+ * such as signing time etc are added later even if we add none here.
+ */
+ if (!si->signedAttrs) {
+ si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
+ if (!si->signedAttrs)
+ goto merr;
+ }
+
+ if (!(flags & CMS_NOSMIMECAP)) {
+ STACK_OF(X509_ALGOR) *smcap = NULL;
+ i = CMS_add_standard_smimecap(&smcap);
+ if (i)
+ i = CMS_add_smimecap(si, smcap);
+ sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+ if (!i)
+ goto merr;
+ }
+ if (flags & CMS_REUSE_DIGEST) {
+ if (!cms_copy_messageDigest(cms, si))
+ goto err;
+ if (!(flags & CMS_PARTIAL) && !CMS_SignerInfo_sign(si))
+ goto err;
+ }
+ }
+
+ if (!(flags & CMS_NOCERTS)) {
+ /* NB ignore -1 return for duplicate cert */
+ if (!CMS_add1_cert(cms, signer))
+ goto merr;
+ }
+
+ if (!sd->signerInfos)
+ sd->signerInfos = sk_CMS_SignerInfo_new_null();
+ if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si))
+ goto merr;
+
+ return si;
+
+ merr:
+ CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+ err:
+ if (si)
+ M_ASN1_free_of(si, CMS_SignerInfo);
+ return NULL;
+
+}
+
+static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
+{
+ ASN1_TIME *tt;
+ int r = 0;
+ if (t)
+ tt = t;
+ else
+ tt = X509_gmtime_adj(NULL, 0);
+
+ if (!tt)
+ goto merr;
+
+ if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
+ tt->type, tt, -1) <= 0)
+ goto merr;
+
+ r = 1;
+
+ merr:
+
+ if (!t)
+ ASN1_TIME_free(tt);
+
+ if (!r)
+ CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
+
+ return r;
+
+}
+
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
+{
+ CMS_SignedData *sd;
+ sd = cms_get0_signed(cms);
+ if (!sd)
+ return NULL;
+ return sd->signerInfos;
+}
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
+{
+ STACK_OF(X509) *signers = NULL;
+ STACK_OF(CMS_SignerInfo) *sinfos;
+ CMS_SignerInfo *si;
+ int i;
+ sinfos = CMS_get0_SignerInfos(cms);
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+ si = sk_CMS_SignerInfo_value(sinfos, i);
+ if (si->signer) {
+ if (!signers) {
+ signers = sk_X509_new_null();
+ if (!signers)
+ return NULL;
+ }
+ if (!sk_X509_push(signers, si->signer)) {
+ sk_X509_free(signers);
+ return NULL;
+ }
+ }
+ }
+ return signers;
+}
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
+{
+ if (signer) {
+ CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+ if (si->pkey)
+ EVP_PKEY_free(si->pkey);
+ si->pkey = X509_get_pubkey(signer);
+ }
+ if (si->signer)
+ X509_free(si->signer);
+ si->signer = signer;
+}
+
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+ ASN1_OCTET_STRING **keyid,
+ X509_NAME **issuer, ASN1_INTEGER **sno)
+{
+ return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
+}
+
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
+{
+ return cms_SignerIdentifier_cert_cmp(si->sid, cert);
+}
+
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
+ unsigned int flags)
+{
+ CMS_SignedData *sd;
+ CMS_SignerInfo *si;
+ CMS_CertificateChoices *cch;
+ STACK_OF(CMS_CertificateChoices) *certs;
+ X509 *x;
+ int i, j;
+ int ret = 0;
+ sd = cms_get0_signed(cms);
+ if (!sd)
+ return -1;
+ certs = sd->certificates;
+ for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
+ si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+ if (si->signer)
+ continue;
+
+ for (j = 0; j < sk_X509_num(scerts); j++) {
+ x = sk_X509_value(scerts, j);
+ if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
+ CMS_SignerInfo_set1_signer_cert(si, x);
+ ret++;
+ break;
+ }
+ }
+
+ if (si->signer || (flags & CMS_NOINTERN))
+ continue;
+
+ for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
+ cch = sk_CMS_CertificateChoices_value(certs, j);
+ if (cch->type != 0)
+ continue;
+ x = cch->d.certificate;
+ if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
+ CMS_SignerInfo_set1_signer_cert(si, x);
+ ret++;
+ break;
+ }
+ }
+ }
+ return ret;
+}
+
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
+ X509 **signer, X509_ALGOR **pdig,
+ X509_ALGOR **psig)
+{
+ if (pk)
+ *pk = si->pkey;
+ if (signer)
+ *signer = si->signer;
+ if (pdig)
+ *pdig = si->digestAlgorithm;
+ if (psig)
+ *psig = si->signatureAlgorithm;
+}
+
+/*
+ * In OpenSSL 0.9.8 we have the link between digest types and public key
+ * types so we need to fixup the digest type if the public key type is not
+ * appropriate.
+ */
+
+static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey)
+{
+ if (EVP_MD_CTX_type(mctx) != NID_sha1)
+ return;
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ mctx->digest = EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ mctx->digest = EVP_ecdsa();
+#endif
+}
+
+static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
+ CMS_SignerInfo *si, BIO *chain)
+{
+ EVP_MD_CTX mctx;
+ int r = 0;
+ EVP_MD_CTX_init(&mctx);
+
+ if (!si->pkey) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
+ return 0;
+ }
+
+ if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
+ goto err;
+
+ /*
+ * If any signed attributes calculate and add messageDigest attribute
+ */
+
+ if (CMS_signed_get_attr_count(si) >= 0) {
+ ASN1_OBJECT *ctype =
+ cms->d.signedData->encapContentInfo->eContentType;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int mdlen;
+ EVP_DigestFinal_ex(&mctx, md, &mdlen);
+ if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+ V_ASN1_OCTET_STRING, md, mdlen))
+ goto err;
+ /* Copy content type across */
+ if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
+ V_ASN1_OBJECT, ctype, -1) <= 0)
+ goto err;
+ if (!CMS_SignerInfo_sign(si))
+ goto err;
+ } else {
+ unsigned char *sig;
+ unsigned int siglen;
+ sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
+ if (!sig) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ cms_fixup_mctx(&mctx, si->pkey);
+ if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
+ OPENSSL_free(sig);
+ goto err;
+ }
+ ASN1_STRING_set0(si->signature, sig, siglen);
+ }
+
+ r = 1;
+
+ err:
+ EVP_MD_CTX_cleanup(&mctx);
+ return r;
+
+}
+
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
+{
+ STACK_OF(CMS_SignerInfo) *sinfos;
+ CMS_SignerInfo *si;
+ int i;
+ sinfos = CMS_get0_SignerInfos(cms);
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+ si = sk_CMS_SignerInfo_value(sinfos, i);
+ if (!cms_SignerInfo_content_sign(cms, si, chain))
+ return 0;
+ }
+ cms->d.signedData->encapContentInfo->partial = 0;
+ return 1;
+}
+
+int CMS_SignerInfo_sign(CMS_SignerInfo *si)
+{
+ EVP_MD_CTX mctx;
+ unsigned char *abuf = NULL;
+ int alen;
+ unsigned int siglen;
+ const EVP_MD *md = NULL;
+
+ md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+ if (md == NULL)
+ return 0;
+
+ EVP_MD_CTX_init(&mctx);
+
+ if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
+ if (!cms_add1_signingTime(si, NULL))
+ goto err;
+ }
+
+ if (EVP_SignInit_ex(&mctx, md, NULL) <= 0)
+ goto err;
+
+#if 0
+ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+ EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
+ goto err;
+ }
+#endif
+
+ alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
+ ASN1_ITEM_rptr(CMS_Attributes_Sign));
+ if (!abuf)
+ goto err;
+ if (EVP_SignUpdate(&mctx, abuf, alen) <= 0)
+ goto err;
+ siglen = EVP_PKEY_size(si->pkey);
+ OPENSSL_free(abuf);
+ abuf = OPENSSL_malloc(siglen);
+ if (!abuf)
+ goto err;
+ cms_fixup_mctx(&mctx, si->pkey);
+ if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0)
+ goto err;
+#if 0
+ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+ EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
+ goto err;
+ }
+#endif
+ EVP_MD_CTX_cleanup(&mctx);
+
+ ASN1_STRING_set0(si->signature, abuf, siglen);
+
+ return 1;
+
+ err:
+ if (abuf)
+ OPENSSL_free(abuf);
+ EVP_MD_CTX_cleanup(&mctx);
+ return 0;
+
+}
+
+int CMS_SignerInfo_verify(CMS_SignerInfo *si)
+{
+ EVP_MD_CTX mctx;
+ unsigned char *abuf = NULL;
+ int alen, r = -1;
+ const EVP_MD *md = NULL;
+
+ if (!si->pkey) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
+ return -1;
+ }
+
+ md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+ if (md == NULL)
+ return -1;
+ EVP_MD_CTX_init(&mctx);
+ if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0)
+ goto err;
+
+ alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
+ ASN1_ITEM_rptr(CMS_Attributes_Verify));
+ if (!abuf)
+ goto err;
+ r = EVP_VerifyUpdate(&mctx, abuf, alen);
+ OPENSSL_free(abuf);
+ if (r <= 0) {
+ r = -1;
+ goto err;
+ }
+ cms_fixup_mctx(&mctx, si->pkey);
+ r = EVP_VerifyFinal(&mctx,
+ si->signature->data, si->signature->length, si->pkey);
+ if (r <= 0)
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
+ err:
+ EVP_MD_CTX_cleanup(&mctx);
+ return r;
+}
+
+/* Create a chain of digest BIOs from a CMS ContentInfo */
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
+{
+ int i;
+ CMS_SignedData *sd;
+ BIO *chain = NULL;
+ sd = cms_get0_signed(cms);
+ if (!sd)
+ return NULL;
+ if (cms->d.signedData->encapContentInfo->partial)
+ cms_sd_set_version(sd);
+ for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
+ X509_ALGOR *digestAlgorithm;
+ BIO *mdbio;
+ digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+ mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
+ if (!mdbio)
+ goto err;
+ if (chain)
+ BIO_push(chain, mdbio);
+ else
+ chain = mdbio;
+ }
+ return chain;
+ err:
+ if (chain)
+ BIO_free_all(chain);
+ return NULL;
+}
+
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
+{
+ ASN1_OCTET_STRING *os = NULL;
+ EVP_MD_CTX mctx;
+ int r = -1;
+ EVP_MD_CTX_init(&mctx);
+ /* If we have any signed attributes look for messageDigest value */
+ if (CMS_signed_get_attr_count(si) >= 0) {
+ os = CMS_signed_get0_data_by_OBJ(si,
+ OBJ_nid2obj(NID_pkcs9_messageDigest),
+ -3, V_ASN1_OCTET_STRING);
+ if (!os) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+ CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+ goto err;
+ }
+ }
+
+ if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
+ goto err;
+
+ /* If messageDigest found compare it */
+
+ if (os) {
+ unsigned char mval[EVP_MAX_MD_SIZE];
+ unsigned int mlen;
+ if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+ CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
+ goto err;
+ }
+ if (mlen != (unsigned int)os->length) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+ CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
+ goto err;
+ }
+
+ if (memcmp(mval, os->data, mlen)) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+ CMS_R_VERIFICATION_FAILURE);
+ r = 0;
+ } else
+ r = 1;
+ } else {
+ cms_fixup_mctx(&mctx, si->pkey);
+ r = EVP_VerifyFinal(&mctx, si->signature->data,
+ si->signature->length, si->pkey);
+ if (r <= 0) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+ CMS_R_VERIFICATION_FAILURE);
+ r = 0;
+ }
+ }
+
+ err:
+ EVP_MD_CTX_cleanup(&mctx);
+ return r;
+
+}
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
+{
+ unsigned char *smder = NULL;
+ int smderlen, r;
+ smderlen = i2d_X509_ALGORS(algs, &smder);
+ if (smderlen <= 0)
+ return 0;
+ r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
+ V_ASN1_SEQUENCE, smder, smderlen);
+ OPENSSL_free(smder);
+ return r;
+}
+
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+ int algnid, int keysize)
+{
+ X509_ALGOR *alg;
+ ASN1_INTEGER *key = NULL;
+ if (keysize > 0) {
+ key = ASN1_INTEGER_new();
+ if (!key || !ASN1_INTEGER_set(key, keysize))
+ return 0;
+ }
+ alg = X509_ALGOR_new();
+ if (!alg) {
+ if (key)
+ ASN1_INTEGER_free(key);
+ return 0;
+ }
+
+ X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
+ key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
+ if (!*algs)
+ *algs = sk_X509_ALGOR_new_null();
+ if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) {
+ X509_ALGOR_free(alg);
+ return 0;
+ }
+ return 1;
+}
+
+/* Check to see if a cipher exists and if so add S/MIME capabilities */
+
+static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+{
+ if (EVP_get_cipherbynid(nid))
+ return CMS_add_simple_smimecap(sk, nid, arg);
+ return 1;
+}
+
+#if 0
+static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+{
+ if (EVP_get_digestbynid(nid))
+ return CMS_add_simple_smimecap(sk, nid, arg);
+ return 1;
+}
+#endif
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
+{
+ if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+ || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
+ || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
+ || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
+ || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
+ || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
+ || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
+ || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
+ return 0;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_smime.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cms/cms_smime.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_smime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,841 +0,0 @@
-/* crypto/cms/cms_smime.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include "cms_lcl.h"
-
-static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
- {
- unsigned char buf[4096];
- int r = 0, i;
- BIO *tmpout = NULL;
-
- if (out == NULL)
- tmpout = BIO_new(BIO_s_null());
- else if (flags & CMS_TEXT)
- {
- tmpout = BIO_new(BIO_s_mem());
- BIO_set_mem_eof_return(tmpout, 0);
- }
- else
- tmpout = out;
-
- if(!tmpout)
- {
- CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* Read all content through chain to process digest, decrypt etc */
- for (;;)
- {
- i=BIO_read(in,buf,sizeof(buf));
- if (i <= 0)
- {
- if (BIO_method_type(in) == BIO_TYPE_CIPHER)
- {
- if (!BIO_get_cipher_status(in))
- goto err;
- }
- if (i < 0)
- goto err;
- break;
- }
-
- if (tmpout && (BIO_write(tmpout, buf, i) != i))
- goto err;
- }
-
- if(flags & CMS_TEXT)
- {
- if(!SMIME_text(tmpout, out))
- {
- CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
- goto err;
- }
- }
-
- r = 1;
-
- err:
- if (tmpout && (tmpout != out))
- BIO_free(tmpout);
- return r;
-
- }
-
-static int check_content(CMS_ContentInfo *cms)
- {
- ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
- if (!pos || !*pos)
- {
- CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
- return 0;
- }
- return 1;
- }
-
-static void do_free_upto(BIO *f, BIO *upto)
- {
- if (upto)
- {
- BIO *tbio;
- do
- {
- tbio = BIO_pop(f);
- BIO_free(f);
- f = tbio;
- }
- while (f != upto);
- }
- else
- BIO_free_all(f);
- }
-
-int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
- {
- BIO *cont;
- int r;
- if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data)
- {
- CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
- return 0;
- }
- cont = CMS_dataInit(cms, NULL);
- if (!cont)
- return 0;
- r = cms_copy_content(out, cont, flags);
- BIO_free_all(cont);
- return r;
- }
-
-CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
- {
- CMS_ContentInfo *cms;
- cms = cms_Data_create();
- if (!cms)
- return NULL;
-
- if (CMS_final(cms, in, NULL, flags))
- return cms;
-
- CMS_ContentInfo_free(cms);
-
- return NULL;
- }
-
-int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
- unsigned int flags)
- {
- BIO *cont;
- int r;
- if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest)
- {
- CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
- return 0;
- }
-
- if (!dcont && !check_content(cms))
- return 0;
-
- cont = CMS_dataInit(cms, dcont);
- if (!cont)
- return 0;
- r = cms_copy_content(out, cont, flags);
- if (r)
- r = cms_DigestedData_do_final(cms, cont, 1);
- do_free_upto(cont, dcont);
- return r;
- }
-
-CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
- unsigned int flags)
- {
- CMS_ContentInfo *cms;
- if (!md)
- md = EVP_sha1();
- cms = cms_DigestedData_create(md);
- if (!cms)
- return NULL;
-
- if(!(flags & CMS_DETACHED))
- {
- flags &= ~CMS_STREAM;
- CMS_set_detached(cms, 0);
- }
-
- if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
- return cms;
-
- CMS_ContentInfo_free(cms);
- return NULL;
- }
-
-int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
- const unsigned char *key, size_t keylen,
- BIO *dcont, BIO *out, unsigned int flags)
- {
- BIO *cont;
- int r;
- if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
- CMS_R_TYPE_NOT_ENCRYPTED_DATA);
- return 0;
- }
-
- if (!dcont && !check_content(cms))
- return 0;
-
- if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
- return 0;
- cont = CMS_dataInit(cms, dcont);
- if (!cont)
- return 0;
- r = cms_copy_content(out, cont, flags);
- do_free_upto(cont, dcont);
- return r;
- }
-
-CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
- const unsigned char *key, size_t keylen,
- unsigned int flags)
- {
- CMS_ContentInfo *cms;
- if (!cipher)
- {
- CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
- return NULL;
- }
- cms = CMS_ContentInfo_new();
- if (!cms)
- return NULL;
- if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
- return NULL;
-
- if(!(flags & CMS_DETACHED))
- {
- flags &= ~CMS_STREAM;
- CMS_set_detached(cms, 0);
- }
-
- if ((flags & (CMS_STREAM|CMS_PARTIAL))
- || CMS_final(cms, in, NULL, flags))
- return cms;
-
- CMS_ContentInfo_free(cms);
- return NULL;
- }
-
-static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
- X509_STORE *store,
- STACK_OF(X509) *certs,
- STACK_OF(X509_CRL) *crls,
- unsigned int flags)
- {
- X509_STORE_CTX ctx;
- X509 *signer;
- int i, j, r = 0;
- CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
- if (!X509_STORE_CTX_init(&ctx, store, signer, certs))
- {
- CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
- CMS_R_STORE_INIT_ERROR);
- goto err;
- }
- X509_STORE_CTX_set_default(&ctx, "smime_sign");
- if (crls)
- X509_STORE_CTX_set0_crls(&ctx, crls);
-
- i = X509_verify_cert(&ctx);
- if (i <= 0)
- {
- j = X509_STORE_CTX_get_error(&ctx);
- CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
- CMS_R_CERTIFICATE_VERIFY_ERROR);
- ERR_add_error_data(2, "Verify error:",
- X509_verify_cert_error_string(j));
- goto err;
- }
- r = 1;
- err:
- X509_STORE_CTX_cleanup(&ctx);
- return r;
-
- }
-
-int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
- X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
- {
- CMS_SignerInfo *si;
- STACK_OF(CMS_SignerInfo) *sinfos;
- STACK_OF(X509) *cms_certs = NULL;
- STACK_OF(X509_CRL) *crls = NULL;
- X509 *signer;
- int i, scount = 0, ret = 0;
- BIO *cmsbio = NULL, *tmpin = NULL;
-
- if (!dcont && !check_content(cms))
- return 0;
-
- /* Attempt to find all signer certificates */
-
- sinfos = CMS_get0_SignerInfos(cms);
-
- if (sk_CMS_SignerInfo_num(sinfos) <= 0)
- {
- CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
- goto err;
- }
-
- for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
- {
- si = sk_CMS_SignerInfo_value(sinfos, i);
- CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
- if (signer)
- scount++;
- }
-
- if (scount != sk_CMS_SignerInfo_num(sinfos))
- scount += CMS_set1_signers_certs(cms, certs, flags);
-
- if (scount != sk_CMS_SignerInfo_num(sinfos))
- {
- CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
- goto err;
- }
-
- /* Attempt to verify all signers certs */
-
- if (!(flags & CMS_NO_SIGNER_CERT_VERIFY))
- {
- cms_certs = CMS_get1_certs(cms);
- if (!(flags & CMS_NOCRL))
- crls = CMS_get1_crls(cms);
- for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
- {
- si = sk_CMS_SignerInfo_value(sinfos, i);
- if (!cms_signerinfo_verify_cert(si, store,
- cms_certs, crls, flags))
- goto err;
- }
- }
-
- /* Attempt to verify all SignerInfo signed attribute signatures */
-
- if (!(flags & CMS_NO_ATTR_VERIFY))
- {
- for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
- {
- si = sk_CMS_SignerInfo_value(sinfos, i);
- if (CMS_signed_get_attr_count(si) < 0)
- continue;
- if (CMS_SignerInfo_verify(si) <= 0)
- goto err;
- }
- }
-
- /* Performance optimization: if the content is a memory BIO then
- * store its contents in a temporary read only memory BIO. This
- * avoids potentially large numbers of slow copies of data which will
- * occur when reading from a read write memory BIO when signatures
- * are calculated.
- */
-
- if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM))
- {
- char *ptr;
- long len;
- len = BIO_get_mem_data(dcont, &ptr);
- tmpin = BIO_new_mem_buf(ptr, len);
- if (tmpin == NULL)
- {
- CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- else
- tmpin = dcont;
-
-
- cmsbio=CMS_dataInit(cms, tmpin);
- if (!cmsbio)
- goto err;
-
- if (!cms_copy_content(out, cmsbio, flags))
- goto err;
-
- if (!(flags & CMS_NO_CONTENT_VERIFY))
- {
- for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
- {
- si = sk_CMS_SignerInfo_value(sinfos, i);
- if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
- {
- CMSerr(CMS_F_CMS_VERIFY,
- CMS_R_CONTENT_VERIFY_ERROR);
- goto err;
- }
- }
- }
-
- ret = 1;
-
- err:
-
- if (dcont && (tmpin == dcont))
- do_free_upto(cmsbio, dcont);
- else
- BIO_free_all(cmsbio);
-
- if (cms_certs)
- sk_X509_pop_free(cms_certs, X509_free);
- if (crls)
- sk_X509_CRL_pop_free(crls, X509_CRL_free);
-
- return ret;
- }
-
-int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
- STACK_OF(X509) *certs,
- X509_STORE *store, unsigned int flags)
- {
- int r;
- r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
- if (r <= 0)
- return r;
- return cms_Receipt_verify(rcms, ocms);
- }
-
-CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
- BIO *data, unsigned int flags)
- {
- CMS_ContentInfo *cms;
- int i;
-
- cms = CMS_ContentInfo_new();
- if (!cms || !CMS_SignedData_init(cms))
- goto merr;
-
- if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
- {
- CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
- goto err;
- }
-
- for (i = 0; i < sk_X509_num(certs); i++)
- {
- X509 *x = sk_X509_value(certs, i);
- if (!CMS_add1_cert(cms, x))
- goto merr;
- }
-
- if(!(flags & CMS_DETACHED))
- {
- flags &= ~CMS_STREAM;
- CMS_set_detached(cms, 0);
- }
-
- if ((flags & (CMS_STREAM|CMS_PARTIAL))
- || CMS_final(cms, data, NULL, flags))
- return cms;
- else
- goto err;
-
- merr:
- CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
-
- err:
- if (cms)
- CMS_ContentInfo_free(cms);
- return NULL;
- }
-
-CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
- X509 *signcert, EVP_PKEY *pkey,
- STACK_OF(X509) *certs,
- unsigned int flags)
- {
- CMS_SignerInfo *rct_si;
- CMS_ContentInfo *cms = NULL;
- ASN1_OCTET_STRING **pos, *os;
- BIO *rct_cont = NULL;
- int r = 0;
-
- flags &= ~CMS_STREAM;
- /* Not really detached but avoids content being allocated */
- flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
- if (!pkey || !signcert)
- {
- CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
- return NULL;
- }
-
- /* Initialize signed data */
-
- cms = CMS_sign(NULL, NULL, certs, NULL, flags);
- if (!cms)
- goto err;
-
- /* Set inner content type to signed receipt */
- if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
- goto err;
-
- rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
- if (!rct_si)
- {
- CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
- goto err;
- }
-
- os = cms_encode_Receipt(si);
-
- if (!os)
- goto err;
-
- /* Set content to digest */
- rct_cont = BIO_new_mem_buf(os->data, os->length);
- if (!rct_cont)
- goto err;
-
- /* Add msgSigDigest attribute */
-
- if (!cms_msgSigDigest_add1(rct_si, si))
- goto err;
-
- /* Finalize structure */
- if (!CMS_final(cms, rct_cont, NULL, flags))
- goto err;
-
- /* Set embedded content */
- pos = CMS_get0_content(cms);
- *pos = os;
-
- r = 1;
-
- err:
- if (rct_cont)
- BIO_free(rct_cont);
- if (r)
- return cms;
- CMS_ContentInfo_free(cms);
- return NULL;
-
- }
-
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
- const EVP_CIPHER *cipher, unsigned int flags)
- {
- CMS_ContentInfo *cms;
- int i;
- X509 *recip;
- cms = CMS_EnvelopedData_create(cipher);
- if (!cms)
- goto merr;
- for (i = 0; i < sk_X509_num(certs); i++)
- {
- recip = sk_X509_value(certs, i);
- if (!CMS_add1_recipient_cert(cms, recip, flags))
- {
- CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
- goto err;
- }
- }
-
- if(!(flags & CMS_DETACHED))
- {
- flags &= ~CMS_STREAM;
- CMS_set_detached(cms, 0);
- }
-
- if ((flags & (CMS_STREAM|CMS_PARTIAL))
- || CMS_final(cms, data, NULL, flags))
- return cms;
- else
- goto err;
-
- merr:
- CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
- err:
- if (cms)
- CMS_ContentInfo_free(cms);
- return NULL;
- }
-
-int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
- {
- STACK_OF(CMS_RecipientInfo) *ris;
- CMS_RecipientInfo *ri;
- int i, r;
- int debug = 0, ri_match = 0;
- ris = CMS_get0_RecipientInfos(cms);
- if (ris)
- debug = cms->d.envelopedData->encryptedContentInfo->debug;
- for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
- {
- ri = sk_CMS_RecipientInfo_value(ris, i);
- if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
- continue;
- ri_match = 1;
- /* If we have a cert try matching RecipientInfo
- * otherwise try them all.
- */
- if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
- {
- CMS_RecipientInfo_set0_pkey(ri, pk);
- r = CMS_RecipientInfo_decrypt(cms, ri);
- CMS_RecipientInfo_set0_pkey(ri, NULL);
- if (cert)
- {
- /* If not debugging clear any error and
- * return success to avoid leaking of
- * information useful to MMA
- */
- if (!debug)
- {
- ERR_clear_error();
- return 1;
- }
- if (r > 0)
- return 1;
- CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
- CMS_R_DECRYPT_ERROR);
- return 0;
- }
- /* If no cert and not debugging don't leave loop
- * after first successful decrypt. Always attempt
- * to decrypt all recipients to avoid leaking timing
- * of a successful decrypt.
- */
- else if (r > 0 && debug)
- return 1;
- }
- }
- /* If no cert and not debugging always return success */
- if (ri_match && !cert && !debug)
- {
- ERR_clear_error();
- return 1;
- }
-
- CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
- return 0;
-
- }
-
-int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
- unsigned char *key, size_t keylen,
- unsigned char *id, size_t idlen)
- {
- STACK_OF(CMS_RecipientInfo) *ris;
- CMS_RecipientInfo *ri;
- int i, r;
- ris = CMS_get0_RecipientInfos(cms);
- for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
- {
- ri = sk_CMS_RecipientInfo_value(ris, i);
- if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
- continue;
-
- /* If we have an id try matching RecipientInfo
- * otherwise try them all.
- */
- if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0))
- {
- CMS_RecipientInfo_set0_key(ri, key, keylen);
- r = CMS_RecipientInfo_decrypt(cms, ri);
- CMS_RecipientInfo_set0_key(ri, NULL, 0);
- if (r > 0)
- return 1;
- if (id)
- {
- CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
- CMS_R_DECRYPT_ERROR);
- return 0;
- }
- ERR_clear_error();
- }
- }
-
- CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
- return 0;
-
- }
-
-int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
- BIO *dcont, BIO *out,
- unsigned int flags)
- {
- int r;
- BIO *cont;
- if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
- {
- CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
- return 0;
- }
- if (!dcont && !check_content(cms))
- return 0;
- if (flags & CMS_DEBUG_DECRYPT)
- cms->d.envelopedData->encryptedContentInfo->debug = 1;
- else
- cms->d.envelopedData->encryptedContentInfo->debug = 0;
- if (!pk && !cert && !dcont && !out)
- return 1;
- if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
- return 0;
- cont = CMS_dataInit(cms, dcont);
- if (!cont)
- return 0;
- r = cms_copy_content(out, cont, flags);
- do_free_upto(cont, dcont);
- return r;
- }
-
-int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
- {
- BIO *cmsbio;
- int ret = 0;
- if (!(cmsbio = CMS_dataInit(cms, dcont)))
- {
- CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- SMIME_crlf_copy(data, cmsbio, flags);
-
- (void)BIO_flush(cmsbio);
-
-
- if (!CMS_dataFinal(cms, cmsbio))
- {
- CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
- goto err;
- }
-
- ret = 1;
-
- err:
- do_free_upto(cmsbio, dcont);
-
- return ret;
-
- }
-
-#ifdef ZLIB
-
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
- unsigned int flags)
- {
- BIO *cont;
- int r;
- if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData)
- {
- CMSerr(CMS_F_CMS_UNCOMPRESS,
- CMS_R_TYPE_NOT_COMPRESSED_DATA);
- return 0;
- }
-
- if (!dcont && !check_content(cms))
- return 0;
-
- cont = CMS_dataInit(cms, dcont);
- if (!cont)
- return 0;
- r = cms_copy_content(out, cont, flags);
- do_free_upto(cont, dcont);
- return r;
- }
-
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
- {
- CMS_ContentInfo *cms;
- if (comp_nid <= 0)
- comp_nid = NID_zlib_compression;
- cms = cms_CompressedData_create(comp_nid);
- if (!cms)
- return NULL;
-
- if(!(flags & CMS_DETACHED))
- {
- flags &= ~CMS_STREAM;
- CMS_set_detached(cms, 0);
- }
-
- if (CMS_final(cms, in, NULL, flags))
- return cms;
-
- CMS_ContentInfo_free(cms);
- return NULL;
- }
-
-#else
-
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
- unsigned int flags)
- {
- CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- return 0;
- }
-
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
- {
- CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- return NULL;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_smime.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cms/cms_smime.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_smime.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cms/cms_smime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,782 @@
+/* crypto/cms/cms_smime.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_lcl.h"
+
+static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
+{
+ unsigned char buf[4096];
+ int r = 0, i;
+ BIO *tmpout = NULL;
+
+ if (out == NULL)
+ tmpout = BIO_new(BIO_s_null());
+ else if (flags & CMS_TEXT) {
+ tmpout = BIO_new(BIO_s_mem());
+ BIO_set_mem_eof_return(tmpout, 0);
+ } else
+ tmpout = out;
+
+ if (!tmpout) {
+ CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Read all content through chain to process digest, decrypt etc */
+ for (;;) {
+ i = BIO_read(in, buf, sizeof(buf));
+ if (i <= 0) {
+ if (BIO_method_type(in) == BIO_TYPE_CIPHER) {
+ if (!BIO_get_cipher_status(in))
+ goto err;
+ }
+ if (i < 0)
+ goto err;
+ break;
+ }
+
+ if (tmpout && (BIO_write(tmpout, buf, i) != i))
+ goto err;
+ }
+
+ if (flags & CMS_TEXT) {
+ if (!SMIME_text(tmpout, out)) {
+ CMSerr(CMS_F_CMS_COPY_CONTENT, CMS_R_SMIME_TEXT_ERROR);
+ goto err;
+ }
+ }
+
+ r = 1;
+
+ err:
+ if (tmpout && (tmpout != out))
+ BIO_free(tmpout);
+ return r;
+
+}
+
+static int check_content(CMS_ContentInfo *cms)
+{
+ ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+ if (!pos || !*pos) {
+ CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
+ return 0;
+ }
+ return 1;
+}
+
+static void do_free_upto(BIO *f, BIO *upto)
+{
+ if (upto) {
+ BIO *tbio;
+ do {
+ tbio = BIO_pop(f);
+ BIO_free(f);
+ f = tbio;
+ }
+ while (f != upto);
+ } else
+ BIO_free_all(f);
+}
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
+{
+ BIO *cont;
+ int r;
+ if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) {
+ CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
+ return 0;
+ }
+ cont = CMS_dataInit(cms, NULL);
+ if (!cont)
+ return 0;
+ r = cms_copy_content(out, cont, flags);
+ BIO_free_all(cont);
+ return r;
+}
+
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
+{
+ CMS_ContentInfo *cms;
+ cms = cms_Data_create();
+ if (!cms)
+ return NULL;
+
+ if (CMS_final(cms, in, NULL, flags))
+ return cms;
+
+ CMS_ContentInfo_free(cms);
+
+ return NULL;
+}
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags)
+{
+ BIO *cont;
+ int r;
+ if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) {
+ CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
+ return 0;
+ }
+
+ if (!dcont && !check_content(cms))
+ return 0;
+
+ cont = CMS_dataInit(cms, dcont);
+ if (!cont)
+ return 0;
+ r = cms_copy_content(out, cont, flags);
+ if (r)
+ r = cms_DigestedData_do_final(cms, cont, 1);
+ do_free_upto(cont, dcont);
+ return r;
+}
+
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+ unsigned int flags)
+{
+ CMS_ContentInfo *cms;
+ if (!md)
+ md = EVP_sha1();
+ cms = cms_DigestedData_create(md);
+ if (!cms)
+ return NULL;
+
+ if (!(flags & CMS_DETACHED)) {
+ flags &= ~CMS_STREAM;
+ CMS_set_detached(cms, 0);
+ }
+
+ if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
+ return cms;
+
+ CMS_ContentInfo_free(cms);
+ return NULL;
+}
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+ const unsigned char *key, size_t keylen,
+ BIO *dcont, BIO *out, unsigned int flags)
+{
+ BIO *cont;
+ int r;
+ if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
+ CMS_R_TYPE_NOT_ENCRYPTED_DATA);
+ return 0;
+ }
+
+ if (!dcont && !check_content(cms))
+ return 0;
+
+ if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
+ return 0;
+ cont = CMS_dataInit(cms, dcont);
+ if (!cont)
+ return 0;
+ r = cms_copy_content(out, cont, flags);
+ do_free_upto(cont, dcont);
+ return r;
+}
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+ const unsigned char *key,
+ size_t keylen, unsigned int flags)
+{
+ CMS_ContentInfo *cms;
+ if (!cipher) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
+ return NULL;
+ }
+ cms = CMS_ContentInfo_new();
+ if (!cms)
+ return NULL;
+ if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
+ return NULL;
+
+ if (!(flags & CMS_DETACHED)) {
+ flags &= ~CMS_STREAM;
+ CMS_set_detached(cms, 0);
+ }
+
+ if ((flags & (CMS_STREAM | CMS_PARTIAL))
+ || CMS_final(cms, in, NULL, flags))
+ return cms;
+
+ CMS_ContentInfo_free(cms);
+ return NULL;
+}
+
+static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
+ X509_STORE *store,
+ STACK_OF(X509) *certs,
+ STACK_OF(X509_CRL) *crls,
+ unsigned int flags)
+{
+ X509_STORE_CTX ctx;
+ X509 *signer;
+ int i, j, r = 0;
+ CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
+ if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, CMS_R_STORE_INIT_ERROR);
+ goto err;
+ }
+ X509_STORE_CTX_set_default(&ctx, "smime_sign");
+ if (crls)
+ X509_STORE_CTX_set0_crls(&ctx, crls);
+
+ i = X509_verify_cert(&ctx);
+ if (i <= 0) {
+ j = X509_STORE_CTX_get_error(&ctx);
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
+ CMS_R_CERTIFICATE_VERIFY_ERROR);
+ ERR_add_error_data(2, "Verify error:",
+ X509_verify_cert_error_string(j));
+ goto err;
+ }
+ r = 1;
+ err:
+ X509_STORE_CTX_cleanup(&ctx);
+ return r;
+
+}
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+ X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
+{
+ CMS_SignerInfo *si;
+ STACK_OF(CMS_SignerInfo) *sinfos;
+ STACK_OF(X509) *cms_certs = NULL;
+ STACK_OF(X509_CRL) *crls = NULL;
+ X509 *signer;
+ int i, scount = 0, ret = 0;
+ BIO *cmsbio = NULL, *tmpin = NULL;
+
+ if (!dcont && !check_content(cms))
+ return 0;
+
+ /* Attempt to find all signer certificates */
+
+ sinfos = CMS_get0_SignerInfos(cms);
+
+ if (sk_CMS_SignerInfo_num(sinfos) <= 0) {
+ CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
+ goto err;
+ }
+
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+ si = sk_CMS_SignerInfo_value(sinfos, i);
+ CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
+ if (signer)
+ scount++;
+ }
+
+ if (scount != sk_CMS_SignerInfo_num(sinfos))
+ scount += CMS_set1_signers_certs(cms, certs, flags);
+
+ if (scount != sk_CMS_SignerInfo_num(sinfos)) {
+ CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
+ goto err;
+ }
+
+ /* Attempt to verify all signers certs */
+
+ if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) {
+ cms_certs = CMS_get1_certs(cms);
+ if (!(flags & CMS_NOCRL))
+ crls = CMS_get1_crls(cms);
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+ si = sk_CMS_SignerInfo_value(sinfos, i);
+ if (!cms_signerinfo_verify_cert(si, store,
+ cms_certs, crls, flags))
+ goto err;
+ }
+ }
+
+ /* Attempt to verify all SignerInfo signed attribute signatures */
+
+ if (!(flags & CMS_NO_ATTR_VERIFY)) {
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+ si = sk_CMS_SignerInfo_value(sinfos, i);
+ if (CMS_signed_get_attr_count(si) < 0)
+ continue;
+ if (CMS_SignerInfo_verify(si) <= 0)
+ goto err;
+ }
+ }
+
+ /*
+ * Performance optimization: if the content is a memory BIO then store
+ * its contents in a temporary read only memory BIO. This avoids
+ * potentially large numbers of slow copies of data which will occur when
+ * reading from a read write memory BIO when signatures are calculated.
+ */
+
+ if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) {
+ char *ptr;
+ long len;
+ len = BIO_get_mem_data(dcont, &ptr);
+ tmpin = BIO_new_mem_buf(ptr, len);
+ if (tmpin == NULL) {
+ CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ } else
+ tmpin = dcont;
+
+ cmsbio = CMS_dataInit(cms, tmpin);
+ if (!cmsbio)
+ goto err;
+
+ if (!cms_copy_content(out, cmsbio, flags))
+ goto err;
+
+ if (!(flags & CMS_NO_CONTENT_VERIFY)) {
+ for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+ si = sk_CMS_SignerInfo_value(sinfos, i);
+ if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) {
+ CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR);
+ goto err;
+ }
+ }
+ }
+
+ ret = 1;
+
+ err:
+
+ if (dcont && (tmpin == dcont))
+ do_free_upto(cmsbio, dcont);
+ else
+ BIO_free_all(cmsbio);
+
+ if (cms_certs)
+ sk_X509_pop_free(cms_certs, X509_free);
+ if (crls)
+ sk_X509_CRL_pop_free(crls, X509_CRL_free);
+
+ return ret;
+}
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+ STACK_OF(X509) *certs,
+ X509_STORE *store, unsigned int flags)
+{
+ int r;
+ r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
+ if (r <= 0)
+ return r;
+ return cms_Receipt_verify(rcms, ocms);
+}
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
+ STACK_OF(X509) *certs, BIO *data,
+ unsigned int flags)
+{
+ CMS_ContentInfo *cms;
+ int i;
+
+ cms = CMS_ContentInfo_new();
+ if (!cms || !CMS_SignedData_init(cms))
+ goto merr;
+
+ if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
+ CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
+ goto err;
+ }
+
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ X509 *x = sk_X509_value(certs, i);
+ if (!CMS_add1_cert(cms, x))
+ goto merr;
+ }
+
+ if (!(flags & CMS_DETACHED)) {
+ flags &= ~CMS_STREAM;
+ CMS_set_detached(cms, 0);
+ }
+
+ if ((flags & (CMS_STREAM | CMS_PARTIAL))
+ || CMS_final(cms, data, NULL, flags))
+ return cms;
+ else
+ goto err;
+
+ merr:
+ CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
+
+ err:
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ return NULL;
+}
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+ X509 *signcert, EVP_PKEY *pkey,
+ STACK_OF(X509) *certs, unsigned int flags)
+{
+ CMS_SignerInfo *rct_si;
+ CMS_ContentInfo *cms = NULL;
+ ASN1_OCTET_STRING **pos, *os;
+ BIO *rct_cont = NULL;
+ int r = 0;
+
+ flags &= ~CMS_STREAM;
+ /* Not really detached but avoids content being allocated */
+ flags |= CMS_PARTIAL | CMS_BINARY | CMS_DETACHED;
+ if (!pkey || !signcert) {
+ CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
+ return NULL;
+ }
+
+ /* Initialize signed data */
+
+ cms = CMS_sign(NULL, NULL, certs, NULL, flags);
+ if (!cms)
+ goto err;
+
+ /* Set inner content type to signed receipt */
+ if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
+ goto err;
+
+ rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
+ if (!rct_si) {
+ CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
+ goto err;
+ }
+
+ os = cms_encode_Receipt(si);
+
+ if (!os)
+ goto err;
+
+ /* Set content to digest */
+ rct_cont = BIO_new_mem_buf(os->data, os->length);
+ if (!rct_cont)
+ goto err;
+
+ /* Add msgSigDigest attribute */
+
+ if (!cms_msgSigDigest_add1(rct_si, si))
+ goto err;
+
+ /* Finalize structure */
+ if (!CMS_final(cms, rct_cont, NULL, flags))
+ goto err;
+
+ /* Set embedded content */
+ pos = CMS_get0_content(cms);
+ *pos = os;
+
+ r = 1;
+
+ err:
+ if (rct_cont)
+ BIO_free(rct_cont);
+ if (r)
+ return cms;
+ CMS_ContentInfo_free(cms);
+ return NULL;
+
+}
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
+ const EVP_CIPHER *cipher, unsigned int flags)
+{
+ CMS_ContentInfo *cms;
+ int i;
+ X509 *recip;
+ cms = CMS_EnvelopedData_create(cipher);
+ if (!cms)
+ goto merr;
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ recip = sk_X509_value(certs, i);
+ if (!CMS_add1_recipient_cert(cms, recip, flags)) {
+ CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
+ goto err;
+ }
+ }
+
+ if (!(flags & CMS_DETACHED)) {
+ flags &= ~CMS_STREAM;
+ CMS_set_detached(cms, 0);
+ }
+
+ if ((flags & (CMS_STREAM | CMS_PARTIAL))
+ || CMS_final(cms, data, NULL, flags))
+ return cms;
+ else
+ goto err;
+
+ merr:
+ CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ err:
+ if (cms)
+ CMS_ContentInfo_free(cms);
+ return NULL;
+}
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
+{
+ STACK_OF(CMS_RecipientInfo) *ris;
+ CMS_RecipientInfo *ri;
+ int i, r;
+ int debug = 0, ri_match = 0;
+ ris = CMS_get0_RecipientInfos(cms);
+ if (ris)
+ debug = cms->d.envelopedData->encryptedContentInfo->debug;
+ for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
+ ri = sk_CMS_RecipientInfo_value(ris, i);
+ if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
+ continue;
+ ri_match = 1;
+ /*
+ * If we have a cert try matching RecipientInfo otherwise try them
+ * all.
+ */
+ if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)) {
+ CMS_RecipientInfo_set0_pkey(ri, pk);
+ r = CMS_RecipientInfo_decrypt(cms, ri);
+ CMS_RecipientInfo_set0_pkey(ri, NULL);
+ if (cert) {
+ /*
+ * If not debugging clear any error and return success to
+ * avoid leaking of information useful to MMA
+ */
+ if (!debug) {
+ ERR_clear_error();
+ return 1;
+ }
+ if (r > 0)
+ return 1;
+ CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_DECRYPT_ERROR);
+ return 0;
+ }
+ /*
+ * If no cert and not debugging don't leave loop after first
+ * successful decrypt. Always attempt to decrypt all recipients
+ * to avoid leaking timing of a successful decrypt.
+ */
+ else if (r > 0 && debug)
+ return 1;
+ }
+ }
+ /* If no cert and not debugging always return success */
+ if (ri_match && !cert && !debug) {
+ ERR_clear_error();
+ return 1;
+ }
+
+ CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
+ return 0;
+
+}
+
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+ unsigned char *key, size_t keylen,
+ unsigned char *id, size_t idlen)
+{
+ STACK_OF(CMS_RecipientInfo) *ris;
+ CMS_RecipientInfo *ri;
+ int i, r;
+ ris = CMS_get0_RecipientInfos(cms);
+ for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
+ ri = sk_CMS_RecipientInfo_value(ris, i);
+ if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
+ continue;
+
+ /*
+ * If we have an id try matching RecipientInfo otherwise try them
+ * all.
+ */
+ if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
+ CMS_RecipientInfo_set0_key(ri, key, keylen);
+ r = CMS_RecipientInfo_decrypt(cms, ri);
+ CMS_RecipientInfo_set0_key(ri, NULL, 0);
+ if (r > 0)
+ return 1;
+ if (id) {
+ CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_DECRYPT_ERROR);
+ return 0;
+ }
+ ERR_clear_error();
+ }
+ }
+
+ CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
+ return 0;
+
+}
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
+ BIO *dcont, BIO *out, unsigned int flags)
+{
+ int r;
+ BIO *cont;
+ if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) {
+ CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
+ return 0;
+ }
+ if (!dcont && !check_content(cms))
+ return 0;
+ if (flags & CMS_DEBUG_DECRYPT)
+ cms->d.envelopedData->encryptedContentInfo->debug = 1;
+ else
+ cms->d.envelopedData->encryptedContentInfo->debug = 0;
+ if (!pk && !cert && !dcont && !out)
+ return 1;
+ if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
+ return 0;
+ cont = CMS_dataInit(cms, dcont);
+ if (!cont)
+ return 0;
+ r = cms_copy_content(out, cont, flags);
+ do_free_upto(cont, dcont);
+ return r;
+}
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
+{
+ BIO *cmsbio;
+ int ret = 0;
+ if (!(cmsbio = CMS_dataInit(cms, dcont))) {
+ CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ SMIME_crlf_copy(data, cmsbio, flags);
+
+ (void)BIO_flush(cmsbio);
+
+ if (!CMS_dataFinal(cms, cmsbio)) {
+ CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_DATAFINAL_ERROR);
+ goto err;
+ }
+
+ ret = 1;
+
+ err:
+ do_free_upto(cmsbio, dcont);
+
+ return ret;
+
+}
+
+#ifdef ZLIB
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags)
+{
+ BIO *cont;
+ int r;
+ if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) {
+ CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_TYPE_NOT_COMPRESSED_DATA);
+ return 0;
+ }
+
+ if (!dcont && !check_content(cms))
+ return 0;
+
+ cont = CMS_dataInit(cms, dcont);
+ if (!cont)
+ return 0;
+ r = cms_copy_content(out, cont, flags);
+ do_free_upto(cont, dcont);
+ return r;
+}
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+{
+ CMS_ContentInfo *cms;
+ if (comp_nid <= 0)
+ comp_nid = NID_zlib_compression;
+ cms = cms_CompressedData_create(comp_nid);
+ if (!cms)
+ return NULL;
+
+ if (!(flags & CMS_DETACHED)) {
+ flags &= ~CMS_STREAM;
+ CMS_set_detached(cms, 0);
+ }
+
+ if (CMS_final(cms, in, NULL, flags))
+ return cms;
+
+ CMS_ContentInfo_free(cms);
+ return NULL;
+}
+
+#else
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+ unsigned int flags)
+{
+ CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+ return 0;
+}
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+{
+ CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+ return NULL;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/comp/c_rle.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/comp/c_rle.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/comp/c_rle.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,61 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-
-static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in, unsigned int ilen);
-static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in, unsigned int ilen);
-
-static COMP_METHOD rle_method={
- NID_rle_compression,
- LN_rle_compression,
- NULL,
- NULL,
- rle_compress_block,
- rle_expand_block,
- NULL,
- NULL,
- };
-
-COMP_METHOD *COMP_rle(void)
- {
- return(&rle_method);
- }
-
-static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in, unsigned int ilen)
- {
- /* int i; */
-
- if (olen < (ilen+1))
- {
- /* ZZZZZZZZZZZZZZZZZZZZZZ */
- return(-1);
- }
-
- *(out++)=0;
- memcpy(out,in,ilen);
- return(ilen+1);
- }
-
-static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in, unsigned int ilen)
- {
- int i;
-
- if (ilen == 0 || olen < (ilen-1))
- {
- /* ZZZZZZZZZZZZZZZZZZZZZZ */
- return(-1);
- }
-
- i= *(in++);
- if (i == 0)
- {
- memcpy(out,in,ilen-1);
- }
- return(ilen-1);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/comp/c_rle.c (from rev 6976, vendor-crypto/openssl/dist/crypto/comp/c_rle.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/comp/c_rle.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/comp/c_rle.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,62 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+
+static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
+ unsigned int olen, unsigned char *in,
+ unsigned int ilen);
+static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
+ unsigned int olen, unsigned char *in,
+ unsigned int ilen);
+
+static COMP_METHOD rle_method = {
+ NID_rle_compression,
+ LN_rle_compression,
+ NULL,
+ NULL,
+ rle_compress_block,
+ rle_expand_block,
+ NULL,
+ NULL,
+};
+
+COMP_METHOD *COMP_rle(void)
+{
+ return (&rle_method);
+}
+
+static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
+ unsigned int olen, unsigned char *in,
+ unsigned int ilen)
+{
+ /* int i; */
+
+ if (olen < (ilen + 1)) {
+ /* ZZZZZZZZZZZZZZZZZZZZZZ */
+ return (-1);
+ }
+
+ *(out++) = 0;
+ memcpy(out, in, ilen);
+ return (ilen + 1);
+}
+
+static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
+ unsigned int olen, unsigned char *in,
+ unsigned int ilen)
+{
+ int i;
+
+ if (ilen == 0 || olen < (ilen - 1)) {
+ /* ZZZZZZZZZZZZZZZZZZZZZZ */
+ return (-1);
+ }
+
+ i = *(in++);
+ if (i == 0) {
+ memcpy(out, in, ilen - 1);
+ }
+ return (ilen - 1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/comp/c_zlib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/comp/c_zlib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/comp/c_zlib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,798 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-#include <openssl/err.h>
-
-COMP_METHOD *COMP_zlib(void );
-
-static COMP_METHOD zlib_method_nozlib={
- NID_undef,
- "(undef)",
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- NULL,
- };
-
-#ifndef ZLIB
-#undef ZLIB_SHARED
-#else
-
-#include <zlib.h>
-
-static int zlib_stateful_init(COMP_CTX *ctx);
-static void zlib_stateful_finish(COMP_CTX *ctx);
-static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in, unsigned int ilen);
-static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in, unsigned int ilen);
-
-
-/* memory allocations functions for zlib intialization */
-static void* zlib_zalloc(void* opaque, unsigned int no, unsigned int size)
-{
- void *p;
-
- p=OPENSSL_malloc(no*size);
- if (p)
- memset(p, 0, no*size);
- return p;
-}
-
-
-static void zlib_zfree(void* opaque, void* address)
-{
- OPENSSL_free(address);
-}
-
-#if 0
-static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in, unsigned int ilen);
-static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in, unsigned int ilen);
-
-static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source,
- uLong sourceLen);
-
-static COMP_METHOD zlib_stateless_method={
- NID_zlib_compression,
- LN_zlib_compression,
- NULL,
- NULL,
- zlib_compress_block,
- zlib_expand_block,
- NULL,
- NULL,
- };
-#endif
-
-static COMP_METHOD zlib_stateful_method={
- NID_zlib_compression,
- LN_zlib_compression,
- zlib_stateful_init,
- zlib_stateful_finish,
- zlib_stateful_compress_block,
- zlib_stateful_expand_block,
- NULL,
- NULL,
- };
-
-/*
- * When OpenSSL is built on Windows, we do not want to require that
- * the ZLIB.DLL be available in order for the OpenSSL DLLs to
- * work. Therefore, all ZLIB routines are loaded at run time
- * and we do not link to a .LIB file when ZLIB_SHARED is set.
- */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-# include <windows.h>
-#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
-
-#ifdef ZLIB_SHARED
-#include <openssl/dso.h>
-
-/* Function pointers */
-typedef int (*compress_ft)(Bytef *dest,uLongf *destLen,
- const Bytef *source, uLong sourceLen);
-typedef int (*inflateEnd_ft)(z_streamp strm);
-typedef int (*inflate_ft)(z_streamp strm, int flush);
-typedef int (*inflateInit__ft)(z_streamp strm,
- const char * version, int stream_size);
-typedef int (*deflateEnd_ft)(z_streamp strm);
-typedef int (*deflate_ft)(z_streamp strm, int flush);
-typedef int (*deflateInit__ft)(z_streamp strm, int level,
- const char * version, int stream_size);
-typedef const char * (*zError__ft)(int err);
-static compress_ft p_compress=NULL;
-static inflateEnd_ft p_inflateEnd=NULL;
-static inflate_ft p_inflate=NULL;
-static inflateInit__ft p_inflateInit_=NULL;
-static deflateEnd_ft p_deflateEnd=NULL;
-static deflate_ft p_deflate=NULL;
-static deflateInit__ft p_deflateInit_=NULL;
-static zError__ft p_zError=NULL;
-
-static int zlib_loaded = 0; /* only attempt to init func pts once */
-static DSO *zlib_dso = NULL;
-
-#define compress p_compress
-#define inflateEnd p_inflateEnd
-#define inflate p_inflate
-#define inflateInit_ p_inflateInit_
-#define deflateEnd p_deflateEnd
-#define deflate p_deflate
-#define deflateInit_ p_deflateInit_
-#define zError p_zError
-#endif /* ZLIB_SHARED */
-
-struct zlib_state
- {
- z_stream istream;
- z_stream ostream;
- };
-
-static int zlib_stateful_ex_idx = -1;
-
-static int zlib_stateful_init(COMP_CTX *ctx)
- {
- int err;
- struct zlib_state *state =
- (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state));
-
- if (state == NULL)
- goto err;
-
- state->istream.zalloc = zlib_zalloc;
- state->istream.zfree = zlib_zfree;
- state->istream.opaque = Z_NULL;
- state->istream.next_in = Z_NULL;
- state->istream.next_out = Z_NULL;
- state->istream.avail_in = 0;
- state->istream.avail_out = 0;
- err = inflateInit_(&state->istream,
- ZLIB_VERSION, sizeof(z_stream));
- if (err != Z_OK)
- goto err;
-
- state->ostream.zalloc = zlib_zalloc;
- state->ostream.zfree = zlib_zfree;
- state->ostream.opaque = Z_NULL;
- state->ostream.next_in = Z_NULL;
- state->ostream.next_out = Z_NULL;
- state->ostream.avail_in = 0;
- state->ostream.avail_out = 0;
- err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION,
- ZLIB_VERSION, sizeof(z_stream));
- if (err != Z_OK)
- goto err;
-
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
- CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state);
- return 1;
- err:
- if (state) OPENSSL_free(state);
- return 0;
- }
-
-static void zlib_stateful_finish(COMP_CTX *ctx)
- {
- struct zlib_state *state =
- (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
- zlib_stateful_ex_idx);
- inflateEnd(&state->istream);
- deflateEnd(&state->ostream);
- OPENSSL_free(state);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
- }
-
-static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in, unsigned int ilen)
- {
- int err = Z_OK;
- struct zlib_state *state =
- (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
- zlib_stateful_ex_idx);
-
- if (state == NULL)
- return -1;
-
- state->ostream.next_in = in;
- state->ostream.avail_in = ilen;
- state->ostream.next_out = out;
- state->ostream.avail_out = olen;
- if (ilen > 0)
- err = deflate(&state->ostream, Z_SYNC_FLUSH);
- if (err != Z_OK)
- return -1;
-#ifdef DEBUG_ZLIB
- fprintf(stderr,"compress(%4d)->%4d %s\n",
- ilen,olen - state->ostream.avail_out,
- (ilen != olen - state->ostream.avail_out)?"zlib":"clear");
-#endif
- return olen - state->ostream.avail_out;
- }
-
-static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in, unsigned int ilen)
- {
- int err = Z_OK;
-
- struct zlib_state *state =
- (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
- zlib_stateful_ex_idx);
-
- if (state == NULL)
- return 0;
-
- state->istream.next_in = in;
- state->istream.avail_in = ilen;
- state->istream.next_out = out;
- state->istream.avail_out = olen;
- if (ilen > 0)
- err = inflate(&state->istream, Z_SYNC_FLUSH);
- if (err != Z_OK)
- return -1;
-#ifdef DEBUG_ZLIB
- fprintf(stderr,"expand(%4d)->%4d %s\n",
- ilen,olen - state->istream.avail_out,
- (ilen != olen - state->istream.avail_out)?"zlib":"clear");
-#endif
- return olen - state->istream.avail_out;
- }
-
-#if 0
-static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in, unsigned int ilen)
- {
- unsigned long l;
- int i;
- int clear=1;
-
- if (ilen > 128)
- {
- out[0]=1;
- l=olen-1;
- i=compress(&(out[1]),&l,in,(unsigned long)ilen);
- if (i != Z_OK)
- return(-1);
- if (ilen > l)
- {
- clear=0;
- l++;
- }
- }
- if (clear)
- {
- out[0]=0;
- memcpy(&(out[1]),in,ilen);
- l=ilen+1;
- }
-#ifdef DEBUG_ZLIB
- fprintf(stderr,"compress(%4d)->%4d %s\n",
- ilen,(int)l,(clear)?"clear":"zlib");
-#endif
- return((int)l);
- }
-
-static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
- unsigned int olen, unsigned char *in, unsigned int ilen)
- {
- unsigned long l;
- int i;
-
- if (in[0])
- {
- l=olen;
- i=zz_uncompress(out,&l,&(in[1]),(unsigned long)ilen-1);
- if (i != Z_OK)
- return(-1);
- }
- else
- {
- memcpy(out,&(in[1]),ilen-1);
- l=ilen-1;
- }
-#ifdef DEBUG_ZLIB
- fprintf(stderr,"expand (%4d)->%4d %s\n",
- ilen,(int)l,in[0]?"zlib":"clear");
-#endif
- return((int)l);
- }
-
-static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source,
- uLong sourceLen)
-{
- z_stream stream;
- int err;
-
- stream.next_in = (Bytef*)source;
- stream.avail_in = (uInt)sourceLen;
- /* Check for source > 64K on 16-bit machine: */
- if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;
-
- stream.next_out = dest;
- stream.avail_out = (uInt)*destLen;
- if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
-
- stream.zalloc = (alloc_func)0;
- stream.zfree = (free_func)0;
-
- err = inflateInit_(&stream,
- ZLIB_VERSION, sizeof(z_stream));
- if (err != Z_OK) return err;
-
- err = inflate(&stream, Z_FINISH);
- if (err != Z_STREAM_END) {
- inflateEnd(&stream);
- return err;
- }
- *destLen = stream.total_out;
-
- err = inflateEnd(&stream);
- return err;
-}
-#endif
-
-#endif
-
-COMP_METHOD *COMP_zlib(void)
- {
- COMP_METHOD *meth = &zlib_method_nozlib;
-
-#ifdef ZLIB_SHARED
- if (!zlib_loaded)
- {
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
- zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
-#else
- zlib_dso = DSO_load(NULL, "z", NULL, 0);
-#endif
- if (zlib_dso != NULL)
- {
- p_compress
- = (compress_ft) DSO_bind_func(zlib_dso,
- "compress");
- p_inflateEnd
- = (inflateEnd_ft) DSO_bind_func(zlib_dso,
- "inflateEnd");
- p_inflate
- = (inflate_ft) DSO_bind_func(zlib_dso,
- "inflate");
- p_inflateInit_
- = (inflateInit__ft) DSO_bind_func(zlib_dso,
- "inflateInit_");
- p_deflateEnd
- = (deflateEnd_ft) DSO_bind_func(zlib_dso,
- "deflateEnd");
- p_deflate
- = (deflate_ft) DSO_bind_func(zlib_dso,
- "deflate");
- p_deflateInit_
- = (deflateInit__ft) DSO_bind_func(zlib_dso,
- "deflateInit_");
- p_zError
- = (zError__ft) DSO_bind_func(zlib_dso,
- "zError");
-
- if (p_compress && p_inflateEnd && p_inflate
- && p_inflateInit_ && p_deflateEnd
- && p_deflate && p_deflateInit_ && p_zError)
- zlib_loaded++;
- }
- }
-
-#endif
-#ifdef ZLIB_SHARED
- if (zlib_loaded)
-#endif
-#if defined(ZLIB) || defined(ZLIB_SHARED)
- {
- /* init zlib_stateful_ex_idx here so that in a multi-process
- * application it's enough to intialize openssl before forking
- * (idx will be inherited in all the children) */
- if (zlib_stateful_ex_idx == -1)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_COMP);
- if (zlib_stateful_ex_idx == -1)
- zlib_stateful_ex_idx =
- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
- 0,NULL,NULL,NULL,NULL);
- CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
- if (zlib_stateful_ex_idx == -1)
- goto err;
- }
-
- meth = &zlib_stateful_method;
- }
-err:
-#endif
-
- return(meth);
- }
-
-void COMP_zlib_cleanup(void)
- {
-#ifdef ZLIB_SHARED
- if (zlib_dso)
- DSO_free(zlib_dso);
-#endif
- }
-
-#ifdef ZLIB
-
-/* Zlib based compression/decompression filter BIO */
-
-typedef struct
- {
- unsigned char *ibuf; /* Input buffer */
- int ibufsize; /* Buffer size */
- z_stream zin; /* Input decompress context */
- unsigned char *obuf; /* Output buffer */
- int obufsize; /* Output buffer size */
- unsigned char *optr; /* Position in output buffer */
- int ocount; /* Amount of data in output buffer */
- int odone; /* deflate EOF */
- int comp_level; /* Compression level to use */
- z_stream zout; /* Output compression context */
- } BIO_ZLIB_CTX;
-
-#define ZLIB_DEFAULT_BUFSIZE 1024
-
-static int bio_zlib_new(BIO *bi);
-static int bio_zlib_free(BIO *bi);
-static int bio_zlib_read(BIO *b, char *out, int outl);
-static int bio_zlib_write(BIO *b, const char *in, int inl);
-static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr);
-static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp);
-
-static BIO_METHOD bio_meth_zlib =
- {
- BIO_TYPE_COMP,
- "zlib",
- bio_zlib_write,
- bio_zlib_read,
- NULL,
- NULL,
- bio_zlib_ctrl,
- bio_zlib_new,
- bio_zlib_free,
- bio_zlib_callback_ctrl
- };
-
-BIO_METHOD *BIO_f_zlib(void)
- {
- return &bio_meth_zlib;
- }
-
-
-static int bio_zlib_new(BIO *bi)
- {
- BIO_ZLIB_CTX *ctx;
-#ifdef ZLIB_SHARED
- (void)COMP_zlib();
- if (!zlib_loaded)
- {
- COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED);
- return 0;
- }
-#endif
- ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX));
- if(!ctx)
- {
- COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- ctx->ibuf = NULL;
- ctx->obuf = NULL;
- ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
- ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
- ctx->zin.zalloc = Z_NULL;
- ctx->zin.zfree = Z_NULL;
- ctx->zin.next_in = NULL;
- ctx->zin.avail_in = 0;
- ctx->zin.next_out = NULL;
- ctx->zin.avail_out = 0;
- ctx->zout.zalloc = Z_NULL;
- ctx->zout.zfree = Z_NULL;
- ctx->zout.next_in = NULL;
- ctx->zout.avail_in = 0;
- ctx->zout.next_out = NULL;
- ctx->zout.avail_out = 0;
- ctx->odone = 0;
- ctx->comp_level = Z_DEFAULT_COMPRESSION;
- bi->init = 1;
- bi->ptr = (char *)ctx;
- bi->flags = 0;
- return 1;
- }
-
-static int bio_zlib_free(BIO *bi)
- {
- BIO_ZLIB_CTX *ctx;
- if(!bi) return 0;
- ctx = (BIO_ZLIB_CTX *)bi->ptr;
- if(ctx->ibuf)
- {
- /* Destroy decompress context */
- inflateEnd(&ctx->zin);
- OPENSSL_free(ctx->ibuf);
- }
- if(ctx->obuf)
- {
- /* Destroy compress context */
- deflateEnd(&ctx->zout);
- OPENSSL_free(ctx->obuf);
- }
- OPENSSL_free(ctx);
- bi->ptr = NULL;
- bi->init = 0;
- bi->flags = 0;
- return 1;
- }
-
-static int bio_zlib_read(BIO *b, char *out, int outl)
- {
- BIO_ZLIB_CTX *ctx;
- int ret;
- z_stream *zin;
- if(!out || !outl) return 0;
- ctx = (BIO_ZLIB_CTX *)b->ptr;
- zin = &ctx->zin;
- BIO_clear_retry_flags(b);
- if(!ctx->ibuf)
- {
- ctx->ibuf = OPENSSL_malloc(ctx->ibufsize);
- if(!ctx->ibuf)
- {
- COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- inflateInit(zin);
- zin->next_in = ctx->ibuf;
- zin->avail_in = 0;
- }
-
- /* Copy output data directly to supplied buffer */
- zin->next_out = (unsigned char *)out;
- zin->avail_out = (unsigned int)outl;
- for(;;)
- {
- /* Decompress while data available */
- while(zin->avail_in)
- {
- ret = inflate(zin, 0);
- if((ret != Z_OK) && (ret != Z_STREAM_END))
- {
- COMPerr(COMP_F_BIO_ZLIB_READ,
- COMP_R_ZLIB_INFLATE_ERROR);
- ERR_add_error_data(2, "zlib error:",
- zError(ret));
- return 0;
- }
- /* If EOF or we've read everything then return */
- if((ret == Z_STREAM_END) || !zin->avail_out)
- return outl - zin->avail_out;
- }
-
- /* No data in input buffer try to read some in,
- * if an error then return the total data read.
- */
- ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize);
- if(ret <= 0)
- {
- /* Total data read */
- int tot = outl - zin->avail_out;
- BIO_copy_next_retry(b);
- if(ret < 0) return (tot > 0) ? tot : ret;
- return tot;
- }
- zin->avail_in = ret;
- zin->next_in = ctx->ibuf;
- }
- }
-
-static int bio_zlib_write(BIO *b, const char *in, int inl)
- {
- BIO_ZLIB_CTX *ctx;
- int ret;
- z_stream *zout;
- if(!in || !inl) return 0;
- ctx = (BIO_ZLIB_CTX *)b->ptr;
- if(ctx->odone) return 0;
- zout = &ctx->zout;
- BIO_clear_retry_flags(b);
- if(!ctx->obuf)
- {
- ctx->obuf = OPENSSL_malloc(ctx->obufsize);
- /* Need error here */
- if(!ctx->obuf)
- {
- COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- ctx->optr = ctx->obuf;
- ctx->ocount = 0;
- deflateInit(zout, ctx->comp_level);
- zout->next_out = ctx->obuf;
- zout->avail_out = ctx->obufsize;
- }
- /* Obtain input data directly from supplied buffer */
- zout->next_in = (void *)in;
- zout->avail_in = inl;
- for(;;)
- {
- /* If data in output buffer write it first */
- while(ctx->ocount) {
- ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
- if(ret <= 0)
- {
- /* Total data written */
- int tot = inl - zout->avail_in;
- BIO_copy_next_retry(b);
- if(ret < 0) return (tot > 0) ? tot : ret;
- return tot;
- }
- ctx->optr += ret;
- ctx->ocount -= ret;
- }
-
- /* Have we consumed all supplied data? */
- if(!zout->avail_in)
- return inl;
-
- /* Compress some more */
-
- /* Reset buffer */
- ctx->optr = ctx->obuf;
- zout->next_out = ctx->obuf;
- zout->avail_out = ctx->obufsize;
- /* Compress some more */
- ret = deflate(zout, 0);
- if(ret != Z_OK)
- {
- COMPerr(COMP_F_BIO_ZLIB_WRITE,
- COMP_R_ZLIB_DEFLATE_ERROR);
- ERR_add_error_data(2, "zlib error:", zError(ret));
- return 0;
- }
- ctx->ocount = ctx->obufsize - zout->avail_out;
- }
- }
-
-static int bio_zlib_flush(BIO *b)
- {
- BIO_ZLIB_CTX *ctx;
- int ret;
- z_stream *zout;
- ctx = (BIO_ZLIB_CTX *)b->ptr;
- /* If no data written or already flush show success */
- if(!ctx->obuf || (ctx->odone && !ctx->ocount)) return 1;
- zout = &ctx->zout;
- BIO_clear_retry_flags(b);
- /* No more input data */
- zout->next_in = NULL;
- zout->avail_in = 0;
- for(;;)
- {
- /* If data in output buffer write it first */
- while(ctx->ocount)
- {
- ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
- if(ret <= 0)
- {
- BIO_copy_next_retry(b);
- return ret;
- }
- ctx->optr += ret;
- ctx->ocount -= ret;
- }
- if(ctx->odone) return 1;
-
- /* Compress some more */
-
- /* Reset buffer */
- ctx->optr = ctx->obuf;
- zout->next_out = ctx->obuf;
- zout->avail_out = ctx->obufsize;
- /* Compress some more */
- ret = deflate(zout, Z_FINISH);
- if(ret == Z_STREAM_END) ctx->odone = 1;
- else if(ret != Z_OK)
- {
- COMPerr(COMP_F_BIO_ZLIB_FLUSH,
- COMP_R_ZLIB_DEFLATE_ERROR);
- ERR_add_error_data(2, "zlib error:", zError(ret));
- return 0;
- }
- ctx->ocount = ctx->obufsize - zout->avail_out;
- }
- }
-
-static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- BIO_ZLIB_CTX *ctx;
- int ret, *ip;
- int ibs, obs;
- if(!b->next_bio) return 0;
- ctx = (BIO_ZLIB_CTX *)b->ptr;
- switch (cmd)
- {
-
- case BIO_CTRL_RESET:
- ctx->ocount = 0;
- ctx->odone = 0;
- ret = 1;
- break;
-
- case BIO_CTRL_FLUSH:
- ret = bio_zlib_flush(b);
- if (ret > 0)
- ret = BIO_flush(b->next_bio);
- break;
-
- case BIO_C_SET_BUFF_SIZE:
- ibs = -1;
- obs = -1;
- if (ptr != NULL)
- {
- ip = ptr;
- if (*ip == 0)
- ibs = (int) num;
- else
- obs = (int) num;
- }
- else
- {
- ibs = (int)num;
- obs = ibs;
- }
-
- if (ibs != -1)
- {
- if (ctx->ibuf)
- {
- OPENSSL_free(ctx->ibuf);
- ctx->ibuf = NULL;
- }
- ctx->ibufsize = ibs;
- }
-
- if (obs != -1)
- {
- if (ctx->obuf)
- {
- OPENSSL_free(ctx->obuf);
- ctx->obuf = NULL;
- }
- ctx->obufsize = obs;
- }
- ret = 1;
- break;
-
- case BIO_C_DO_STATE_MACHINE:
- BIO_clear_retry_flags(b);
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
- BIO_copy_next_retry(b);
- break;
-
- default:
- ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
- break;
- }
-
- return ret;
- }
-
-
-static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- if(!b->next_bio)
- return 0;
- return
- BIO_callback_ctrl(b->next_bio, cmd, fp);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/comp/c_zlib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/comp/c_zlib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/comp/c_zlib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/comp/c_zlib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,761 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+#include <openssl/err.h>
+
+COMP_METHOD *COMP_zlib(void);
+
+static COMP_METHOD zlib_method_nozlib = {
+ NID_undef,
+ "(undef)",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+};
+
+#ifndef ZLIB
+# undef ZLIB_SHARED
+#else
+
+# include <zlib.h>
+
+static int zlib_stateful_init(COMP_CTX *ctx);
+static void zlib_stateful_finish(COMP_CTX *ctx);
+static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
+ unsigned int olen, unsigned char *in,
+ unsigned int ilen);
+static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
+ unsigned int olen, unsigned char *in,
+ unsigned int ilen);
+
+/* memory allocations functions for zlib intialization */
+static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size)
+{
+ void *p;
+
+ p = OPENSSL_malloc(no * size);
+ if (p)
+ memset(p, 0, no * size);
+ return p;
+}
+
+static void zlib_zfree(void *opaque, void *address)
+{
+ OPENSSL_free(address);
+}
+
+# if 0
+static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
+ unsigned int olen, unsigned char *in,
+ unsigned int ilen);
+static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
+ unsigned int olen, unsigned char *in,
+ unsigned int ilen);
+
+static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source,
+ uLong sourceLen);
+
+static COMP_METHOD zlib_stateless_method = {
+ NID_zlib_compression,
+ LN_zlib_compression,
+ NULL,
+ NULL,
+ zlib_compress_block,
+ zlib_expand_block,
+ NULL,
+ NULL,
+};
+# endif
+
+static COMP_METHOD zlib_stateful_method = {
+ NID_zlib_compression,
+ LN_zlib_compression,
+ zlib_stateful_init,
+ zlib_stateful_finish,
+ zlib_stateful_compress_block,
+ zlib_stateful_expand_block,
+ NULL,
+ NULL,
+};
+
+/*
+ * When OpenSSL is built on Windows, we do not want to require that
+ * the ZLIB.DLL be available in order for the OpenSSL DLLs to
+ * work. Therefore, all ZLIB routines are loaded at run time
+ * and we do not link to a .LIB file when ZLIB_SHARED is set.
+ */
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+# include <windows.h>
+# endif /* !(OPENSSL_SYS_WINDOWS ||
+ * OPENSSL_SYS_WIN32) */
+
+# ifdef ZLIB_SHARED
+# include <openssl/dso.h>
+
+/* Function pointers */
+typedef int (*compress_ft) (Bytef *dest, uLongf * destLen,
+ const Bytef *source, uLong sourceLen);
+typedef int (*inflateEnd_ft) (z_streamp strm);
+typedef int (*inflate_ft) (z_streamp strm, int flush);
+typedef int (*inflateInit__ft) (z_streamp strm,
+ const char *version, int stream_size);
+typedef int (*deflateEnd_ft) (z_streamp strm);
+typedef int (*deflate_ft) (z_streamp strm, int flush);
+typedef int (*deflateInit__ft) (z_streamp strm, int level,
+ const char *version, int stream_size);
+typedef const char *(*zError__ft) (int err);
+static compress_ft p_compress = NULL;
+static inflateEnd_ft p_inflateEnd = NULL;
+static inflate_ft p_inflate = NULL;
+static inflateInit__ft p_inflateInit_ = NULL;
+static deflateEnd_ft p_deflateEnd = NULL;
+static deflate_ft p_deflate = NULL;
+static deflateInit__ft p_deflateInit_ = NULL;
+static zError__ft p_zError = NULL;
+
+static int zlib_loaded = 0; /* only attempt to init func pts once */
+static DSO *zlib_dso = NULL;
+
+# define compress p_compress
+# define inflateEnd p_inflateEnd
+# define inflate p_inflate
+# define inflateInit_ p_inflateInit_
+# define deflateEnd p_deflateEnd
+# define deflate p_deflate
+# define deflateInit_ p_deflateInit_
+# define zError p_zError
+# endif /* ZLIB_SHARED */
+
+struct zlib_state {
+ z_stream istream;
+ z_stream ostream;
+};
+
+static int zlib_stateful_ex_idx = -1;
+
+static int zlib_stateful_init(COMP_CTX *ctx)
+{
+ int err;
+ struct zlib_state *state =
+ (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state));
+
+ if (state == NULL)
+ goto err;
+
+ state->istream.zalloc = zlib_zalloc;
+ state->istream.zfree = zlib_zfree;
+ state->istream.opaque = Z_NULL;
+ state->istream.next_in = Z_NULL;
+ state->istream.next_out = Z_NULL;
+ state->istream.avail_in = 0;
+ state->istream.avail_out = 0;
+ err = inflateInit_(&state->istream, ZLIB_VERSION, sizeof(z_stream));
+ if (err != Z_OK)
+ goto err;
+
+ state->ostream.zalloc = zlib_zalloc;
+ state->ostream.zfree = zlib_zfree;
+ state->ostream.opaque = Z_NULL;
+ state->ostream.next_in = Z_NULL;
+ state->ostream.next_out = Z_NULL;
+ state->ostream.avail_in = 0;
+ state->ostream.avail_out = 0;
+ err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION,
+ ZLIB_VERSION, sizeof(z_stream));
+ if (err != Z_OK)
+ goto err;
+
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data);
+ CRYPTO_set_ex_data(&ctx->ex_data, zlib_stateful_ex_idx, state);
+ return 1;
+ err:
+ if (state)
+ OPENSSL_free(state);
+ return 0;
+}
+
+static void zlib_stateful_finish(COMP_CTX *ctx)
+{
+ struct zlib_state *state =
+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+ zlib_stateful_ex_idx);
+ inflateEnd(&state->istream);
+ deflateEnd(&state->ostream);
+ OPENSSL_free(state);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data);
+}
+
+static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
+ unsigned int olen, unsigned char *in,
+ unsigned int ilen)
+{
+ int err = Z_OK;
+ struct zlib_state *state =
+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+ zlib_stateful_ex_idx);
+
+ if (state == NULL)
+ return -1;
+
+ state->ostream.next_in = in;
+ state->ostream.avail_in = ilen;
+ state->ostream.next_out = out;
+ state->ostream.avail_out = olen;
+ if (ilen > 0)
+ err = deflate(&state->ostream, Z_SYNC_FLUSH);
+ if (err != Z_OK)
+ return -1;
+# ifdef DEBUG_ZLIB
+ fprintf(stderr, "compress(%4d)->%4d %s\n",
+ ilen, olen - state->ostream.avail_out,
+ (ilen != olen - state->ostream.avail_out) ? "zlib" : "clear");
+# endif
+ return olen - state->ostream.avail_out;
+}
+
+static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
+ unsigned int olen, unsigned char *in,
+ unsigned int ilen)
+{
+ int err = Z_OK;
+
+ struct zlib_state *state =
+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+ zlib_stateful_ex_idx);
+
+ if (state == NULL)
+ return 0;
+
+ state->istream.next_in = in;
+ state->istream.avail_in = ilen;
+ state->istream.next_out = out;
+ state->istream.avail_out = olen;
+ if (ilen > 0)
+ err = inflate(&state->istream, Z_SYNC_FLUSH);
+ if (err != Z_OK)
+ return -1;
+# ifdef DEBUG_ZLIB
+ fprintf(stderr, "expand(%4d)->%4d %s\n",
+ ilen, olen - state->istream.avail_out,
+ (ilen != olen - state->istream.avail_out) ? "zlib" : "clear");
+# endif
+ return olen - state->istream.avail_out;
+}
+
+# if 0
+static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
+ unsigned int olen, unsigned char *in,
+ unsigned int ilen)
+{
+ unsigned long l;
+ int i;
+ int clear = 1;
+
+ if (ilen > 128) {
+ out[0] = 1;
+ l = olen - 1;
+ i = compress(&(out[1]), &l, in, (unsigned long)ilen);
+ if (i != Z_OK)
+ return (-1);
+ if (ilen > l) {
+ clear = 0;
+ l++;
+ }
+ }
+ if (clear) {
+ out[0] = 0;
+ memcpy(&(out[1]), in, ilen);
+ l = ilen + 1;
+ }
+# ifdef DEBUG_ZLIB
+ fprintf(stderr, "compress(%4d)->%4d %s\n",
+ ilen, (int)l, (clear) ? "clear" : "zlib");
+# endif
+ return ((int)l);
+}
+
+static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
+ unsigned int olen, unsigned char *in,
+ unsigned int ilen)
+{
+ unsigned long l;
+ int i;
+
+ if (in[0]) {
+ l = olen;
+ i = zz_uncompress(out, &l, &(in[1]), (unsigned long)ilen - 1);
+ if (i != Z_OK)
+ return (-1);
+ } else {
+ memcpy(out, &(in[1]), ilen - 1);
+ l = ilen - 1;
+ }
+# ifdef DEBUG_ZLIB
+ fprintf(stderr, "expand (%4d)->%4d %s\n",
+ ilen, (int)l, in[0] ? "zlib" : "clear");
+# endif
+ return ((int)l);
+}
+
+static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source,
+ uLong sourceLen)
+{
+ z_stream stream;
+ int err;
+
+ stream.next_in = (Bytef *)source;
+ stream.avail_in = (uInt) sourceLen;
+ /* Check for source > 64K on 16-bit machine: */
+ if ((uLong) stream.avail_in != sourceLen)
+ return Z_BUF_ERROR;
+
+ stream.next_out = dest;
+ stream.avail_out = (uInt) * destLen;
+ if ((uLong) stream.avail_out != *destLen)
+ return Z_BUF_ERROR;
+
+ stream.zalloc = (alloc_func) 0;
+ stream.zfree = (free_func) 0;
+
+ err = inflateInit_(&stream, ZLIB_VERSION, sizeof(z_stream));
+ if (err != Z_OK)
+ return err;
+
+ err = inflate(&stream, Z_FINISH);
+ if (err != Z_STREAM_END) {
+ inflateEnd(&stream);
+ return err;
+ }
+ *destLen = stream.total_out;
+
+ err = inflateEnd(&stream);
+ return err;
+}
+# endif
+
+#endif
+
+COMP_METHOD *COMP_zlib(void)
+{
+ COMP_METHOD *meth = &zlib_method_nozlib;
+
+#ifdef ZLIB_SHARED
+ if (!zlib_loaded) {
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+ zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
+# else
+ zlib_dso = DSO_load(NULL, "z", NULL, 0);
+# endif
+ if (zlib_dso != NULL) {
+ p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress");
+ p_inflateEnd
+ = (inflateEnd_ft) DSO_bind_func(zlib_dso, "inflateEnd");
+ p_inflate = (inflate_ft) DSO_bind_func(zlib_dso, "inflate");
+ p_inflateInit_
+ = (inflateInit__ft) DSO_bind_func(zlib_dso, "inflateInit_");
+ p_deflateEnd
+ = (deflateEnd_ft) DSO_bind_func(zlib_dso, "deflateEnd");
+ p_deflate = (deflate_ft) DSO_bind_func(zlib_dso, "deflate");
+ p_deflateInit_
+ = (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_");
+ p_zError = (zError__ft) DSO_bind_func(zlib_dso, "zError");
+
+ if (p_compress && p_inflateEnd && p_inflate
+ && p_inflateInit_ && p_deflateEnd
+ && p_deflate && p_deflateInit_ && p_zError)
+ zlib_loaded++;
+ }
+ }
+#endif
+#ifdef ZLIB_SHARED
+ if (zlib_loaded)
+#endif
+#if defined(ZLIB) || defined(ZLIB_SHARED)
+ {
+ /*
+ * init zlib_stateful_ex_idx here so that in a multi-process
+ * application it's enough to intialize openssl before forking (idx
+ * will be inherited in all the children)
+ */
+ if (zlib_stateful_ex_idx == -1) {
+ CRYPTO_w_lock(CRYPTO_LOCK_COMP);
+ if (zlib_stateful_ex_idx == -1)
+ zlib_stateful_ex_idx =
+ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
+ 0, NULL, NULL, NULL, NULL);
+ CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
+ if (zlib_stateful_ex_idx == -1)
+ goto err;
+ }
+
+ meth = &zlib_stateful_method;
+ }
+ err:
+#endif
+
+ return (meth);
+}
+
+void COMP_zlib_cleanup(void)
+{
+#ifdef ZLIB_SHARED
+ if (zlib_dso)
+ DSO_free(zlib_dso);
+#endif
+}
+
+#ifdef ZLIB
+
+/* Zlib based compression/decompression filter BIO */
+
+typedef struct {
+ unsigned char *ibuf; /* Input buffer */
+ int ibufsize; /* Buffer size */
+ z_stream zin; /* Input decompress context */
+ unsigned char *obuf; /* Output buffer */
+ int obufsize; /* Output buffer size */
+ unsigned char *optr; /* Position in output buffer */
+ int ocount; /* Amount of data in output buffer */
+ int odone; /* deflate EOF */
+ int comp_level; /* Compression level to use */
+ z_stream zout; /* Output compression context */
+} BIO_ZLIB_CTX;
+
+# define ZLIB_DEFAULT_BUFSIZE 1024
+
+static int bio_zlib_new(BIO *bi);
+static int bio_zlib_free(BIO *bi);
+static int bio_zlib_read(BIO *b, char *out, int outl);
+static int bio_zlib_write(BIO *b, const char *in, int inl);
+static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr);
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp);
+
+static BIO_METHOD bio_meth_zlib = {
+ BIO_TYPE_COMP,
+ "zlib",
+ bio_zlib_write,
+ bio_zlib_read,
+ NULL,
+ NULL,
+ bio_zlib_ctrl,
+ bio_zlib_new,
+ bio_zlib_free,
+ bio_zlib_callback_ctrl
+};
+
+BIO_METHOD *BIO_f_zlib(void)
+{
+ return &bio_meth_zlib;
+}
+
+static int bio_zlib_new(BIO *bi)
+{
+ BIO_ZLIB_CTX *ctx;
+# ifdef ZLIB_SHARED
+ (void)COMP_zlib();
+ if (!zlib_loaded) {
+ COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED);
+ return 0;
+ }
+# endif
+ ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX));
+ if (!ctx) {
+ COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ctx->ibuf = NULL;
+ ctx->obuf = NULL;
+ ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
+ ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
+ ctx->zin.zalloc = Z_NULL;
+ ctx->zin.zfree = Z_NULL;
+ ctx->zin.next_in = NULL;
+ ctx->zin.avail_in = 0;
+ ctx->zin.next_out = NULL;
+ ctx->zin.avail_out = 0;
+ ctx->zout.zalloc = Z_NULL;
+ ctx->zout.zfree = Z_NULL;
+ ctx->zout.next_in = NULL;
+ ctx->zout.avail_in = 0;
+ ctx->zout.next_out = NULL;
+ ctx->zout.avail_out = 0;
+ ctx->odone = 0;
+ ctx->comp_level = Z_DEFAULT_COMPRESSION;
+ bi->init = 1;
+ bi->ptr = (char *)ctx;
+ bi->flags = 0;
+ return 1;
+}
+
+static int bio_zlib_free(BIO *bi)
+{
+ BIO_ZLIB_CTX *ctx;
+ if (!bi)
+ return 0;
+ ctx = (BIO_ZLIB_CTX *) bi->ptr;
+ if (ctx->ibuf) {
+ /* Destroy decompress context */
+ inflateEnd(&ctx->zin);
+ OPENSSL_free(ctx->ibuf);
+ }
+ if (ctx->obuf) {
+ /* Destroy compress context */
+ deflateEnd(&ctx->zout);
+ OPENSSL_free(ctx->obuf);
+ }
+ OPENSSL_free(ctx);
+ bi->ptr = NULL;
+ bi->init = 0;
+ bi->flags = 0;
+ return 1;
+}
+
+static int bio_zlib_read(BIO *b, char *out, int outl)
+{
+ BIO_ZLIB_CTX *ctx;
+ int ret;
+ z_stream *zin;
+ if (!out || !outl)
+ return 0;
+ ctx = (BIO_ZLIB_CTX *) b->ptr;
+ zin = &ctx->zin;
+ BIO_clear_retry_flags(b);
+ if (!ctx->ibuf) {
+ ctx->ibuf = OPENSSL_malloc(ctx->ibufsize);
+ if (!ctx->ibuf) {
+ COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ inflateInit(zin);
+ zin->next_in = ctx->ibuf;
+ zin->avail_in = 0;
+ }
+
+ /* Copy output data directly to supplied buffer */
+ zin->next_out = (unsigned char *)out;
+ zin->avail_out = (unsigned int)outl;
+ for (;;) {
+ /* Decompress while data available */
+ while (zin->avail_in) {
+ ret = inflate(zin, 0);
+ if ((ret != Z_OK) && (ret != Z_STREAM_END)) {
+ COMPerr(COMP_F_BIO_ZLIB_READ, COMP_R_ZLIB_INFLATE_ERROR);
+ ERR_add_error_data(2, "zlib error:", zError(ret));
+ return 0;
+ }
+ /* If EOF or we've read everything then return */
+ if ((ret == Z_STREAM_END) || !zin->avail_out)
+ return outl - zin->avail_out;
+ }
+
+ /*
+ * No data in input buffer try to read some in, if an error then
+ * return the total data read.
+ */
+ ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize);
+ if (ret <= 0) {
+ /* Total data read */
+ int tot = outl - zin->avail_out;
+ BIO_copy_next_retry(b);
+ if (ret < 0)
+ return (tot > 0) ? tot : ret;
+ return tot;
+ }
+ zin->avail_in = ret;
+ zin->next_in = ctx->ibuf;
+ }
+}
+
+static int bio_zlib_write(BIO *b, const char *in, int inl)
+{
+ BIO_ZLIB_CTX *ctx;
+ int ret;
+ z_stream *zout;
+ if (!in || !inl)
+ return 0;
+ ctx = (BIO_ZLIB_CTX *) b->ptr;
+ if (ctx->odone)
+ return 0;
+ zout = &ctx->zout;
+ BIO_clear_retry_flags(b);
+ if (!ctx->obuf) {
+ ctx->obuf = OPENSSL_malloc(ctx->obufsize);
+ /* Need error here */
+ if (!ctx->obuf) {
+ COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ctx->optr = ctx->obuf;
+ ctx->ocount = 0;
+ deflateInit(zout, ctx->comp_level);
+ zout->next_out = ctx->obuf;
+ zout->avail_out = ctx->obufsize;
+ }
+ /* Obtain input data directly from supplied buffer */
+ zout->next_in = (void *)in;
+ zout->avail_in = inl;
+ for (;;) {
+ /* If data in output buffer write it first */
+ while (ctx->ocount) {
+ ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
+ if (ret <= 0) {
+ /* Total data written */
+ int tot = inl - zout->avail_in;
+ BIO_copy_next_retry(b);
+ if (ret < 0)
+ return (tot > 0) ? tot : ret;
+ return tot;
+ }
+ ctx->optr += ret;
+ ctx->ocount -= ret;
+ }
+
+ /* Have we consumed all supplied data? */
+ if (!zout->avail_in)
+ return inl;
+
+ /* Compress some more */
+
+ /* Reset buffer */
+ ctx->optr = ctx->obuf;
+ zout->next_out = ctx->obuf;
+ zout->avail_out = ctx->obufsize;
+ /* Compress some more */
+ ret = deflate(zout, 0);
+ if (ret != Z_OK) {
+ COMPerr(COMP_F_BIO_ZLIB_WRITE, COMP_R_ZLIB_DEFLATE_ERROR);
+ ERR_add_error_data(2, "zlib error:", zError(ret));
+ return 0;
+ }
+ ctx->ocount = ctx->obufsize - zout->avail_out;
+ }
+}
+
+static int bio_zlib_flush(BIO *b)
+{
+ BIO_ZLIB_CTX *ctx;
+ int ret;
+ z_stream *zout;
+ ctx = (BIO_ZLIB_CTX *) b->ptr;
+ /* If no data written or already flush show success */
+ if (!ctx->obuf || (ctx->odone && !ctx->ocount))
+ return 1;
+ zout = &ctx->zout;
+ BIO_clear_retry_flags(b);
+ /* No more input data */
+ zout->next_in = NULL;
+ zout->avail_in = 0;
+ for (;;) {
+ /* If data in output buffer write it first */
+ while (ctx->ocount) {
+ ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
+ if (ret <= 0) {
+ BIO_copy_next_retry(b);
+ return ret;
+ }
+ ctx->optr += ret;
+ ctx->ocount -= ret;
+ }
+ if (ctx->odone)
+ return 1;
+
+ /* Compress some more */
+
+ /* Reset buffer */
+ ctx->optr = ctx->obuf;
+ zout->next_out = ctx->obuf;
+ zout->avail_out = ctx->obufsize;
+ /* Compress some more */
+ ret = deflate(zout, Z_FINISH);
+ if (ret == Z_STREAM_END)
+ ctx->odone = 1;
+ else if (ret != Z_OK) {
+ COMPerr(COMP_F_BIO_ZLIB_FLUSH, COMP_R_ZLIB_DEFLATE_ERROR);
+ ERR_add_error_data(2, "zlib error:", zError(ret));
+ return 0;
+ }
+ ctx->ocount = ctx->obufsize - zout->avail_out;
+ }
+}
+
+static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ BIO_ZLIB_CTX *ctx;
+ int ret, *ip;
+ int ibs, obs;
+ if (!b->next_bio)
+ return 0;
+ ctx = (BIO_ZLIB_CTX *) b->ptr;
+ switch (cmd) {
+
+ case BIO_CTRL_RESET:
+ ctx->ocount = 0;
+ ctx->odone = 0;
+ ret = 1;
+ break;
+
+ case BIO_CTRL_FLUSH:
+ ret = bio_zlib_flush(b);
+ if (ret > 0)
+ ret = BIO_flush(b->next_bio);
+ break;
+
+ case BIO_C_SET_BUFF_SIZE:
+ ibs = -1;
+ obs = -1;
+ if (ptr != NULL) {
+ ip = ptr;
+ if (*ip == 0)
+ ibs = (int)num;
+ else
+ obs = (int)num;
+ } else {
+ ibs = (int)num;
+ obs = ibs;
+ }
+
+ if (ibs != -1) {
+ if (ctx->ibuf) {
+ OPENSSL_free(ctx->ibuf);
+ ctx->ibuf = NULL;
+ }
+ ctx->ibufsize = ibs;
+ }
+
+ if (obs != -1) {
+ if (ctx->obuf) {
+ OPENSSL_free(ctx->obuf);
+ ctx->obuf = NULL;
+ }
+ ctx->obufsize = obs;
+ }
+ ret = 1;
+ break;
+
+ case BIO_C_DO_STATE_MACHINE:
+ BIO_clear_retry_flags(b);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ BIO_copy_next_retry(b);
+ break;
+
+ default:
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ }
+
+ return ret;
+}
+
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+ if (!b->next_bio)
+ return 0;
+ return BIO_callback_ctrl(b->next_bio, cmd, fp);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/comp/comp.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/comp/comp.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/comp/comp.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,80 +0,0 @@
-
-#ifndef HEADER_COMP_H
-#define HEADER_COMP_H
-
-#include <openssl/crypto.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct comp_ctx_st COMP_CTX;
-
-typedef struct comp_method_st
- {
- int type; /* NID for compression library */
- const char *name; /* A text string to identify the library */
- int (*init)(COMP_CTX *ctx);
- void (*finish)(COMP_CTX *ctx);
- int (*compress)(COMP_CTX *ctx,
- unsigned char *out, unsigned int olen,
- unsigned char *in, unsigned int ilen);
- int (*expand)(COMP_CTX *ctx,
- unsigned char *out, unsigned int olen,
- unsigned char *in, unsigned int ilen);
- /* The following two do NOTHING, but are kept for backward compatibility */
- long (*ctrl)(void);
- long (*callback_ctrl)(void);
- } COMP_METHOD;
-
-struct comp_ctx_st
- {
- COMP_METHOD *meth;
- unsigned long compress_in;
- unsigned long compress_out;
- unsigned long expand_in;
- unsigned long expand_out;
-
- CRYPTO_EX_DATA ex_data;
- };
-
-
-COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
-void COMP_CTX_free(COMP_CTX *ctx);
-int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
- unsigned char *in, int ilen);
-int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
- unsigned char *in, int ilen);
-COMP_METHOD *COMP_rle(void );
-COMP_METHOD *COMP_zlib(void );
-void COMP_zlib_cleanup(void);
-
-#ifdef HEADER_BIO_H
-#ifdef ZLIB
-BIO_METHOD *BIO_f_zlib(void);
-#endif
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_COMP_strings(void);
-
-/* Error codes for the COMP functions. */
-
-/* Function codes. */
-#define COMP_F_BIO_ZLIB_FLUSH 99
-#define COMP_F_BIO_ZLIB_NEW 100
-#define COMP_F_BIO_ZLIB_READ 101
-#define COMP_F_BIO_ZLIB_WRITE 102
-
-/* Reason codes. */
-#define COMP_R_ZLIB_DEFLATE_ERROR 99
-#define COMP_R_ZLIB_INFLATE_ERROR 100
-#define COMP_R_ZLIB_NOT_SUPPORTED 101
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/comp/comp.h (from rev 6976, vendor-crypto/openssl/dist/crypto/comp/comp.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/comp/comp.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/comp/comp.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,79 @@
+
+#ifndef HEADER_COMP_H
+# define HEADER_COMP_H
+
+# include <openssl/crypto.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct comp_ctx_st COMP_CTX;
+
+typedef struct comp_method_st {
+ int type; /* NID for compression library */
+ const char *name; /* A text string to identify the library */
+ int (*init) (COMP_CTX *ctx);
+ void (*finish) (COMP_CTX *ctx);
+ int (*compress) (COMP_CTX *ctx,
+ unsigned char *out, unsigned int olen,
+ unsigned char *in, unsigned int ilen);
+ int (*expand) (COMP_CTX *ctx,
+ unsigned char *out, unsigned int olen,
+ unsigned char *in, unsigned int ilen);
+ /*
+ * The following two do NOTHING, but are kept for backward compatibility
+ */
+ long (*ctrl) (void);
+ long (*callback_ctrl) (void);
+} COMP_METHOD;
+
+struct comp_ctx_st {
+ COMP_METHOD *meth;
+ unsigned long compress_in;
+ unsigned long compress_out;
+ unsigned long expand_in;
+ unsigned long expand_out;
+ CRYPTO_EX_DATA ex_data;
+};
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
+void COMP_CTX_free(COMP_CTX *ctx);
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+ unsigned char *in, int ilen);
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+ unsigned char *in, int ilen);
+COMP_METHOD *COMP_rle(void);
+COMP_METHOD *COMP_zlib(void);
+void COMP_zlib_cleanup(void);
+
+# ifdef HEADER_BIO_H
+# ifdef ZLIB
+BIO_METHOD *BIO_f_zlib(void);
+# endif
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_COMP_strings(void);
+
+/* Error codes for the COMP functions. */
+
+/* Function codes. */
+# define COMP_F_BIO_ZLIB_FLUSH 99
+# define COMP_F_BIO_ZLIB_NEW 100
+# define COMP_F_BIO_ZLIB_READ 101
+# define COMP_F_BIO_ZLIB_WRITE 102
+
+/* Reason codes. */
+# define COMP_R_ZLIB_DEFLATE_ERROR 99
+# define COMP_R_ZLIB_INFLATE_ERROR 100
+# define COMP_R_ZLIB_NOT_SUPPORTED 101
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/comp/comp_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,100 +0,0 @@
-/* crypto/comp/comp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/comp.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)
-
-static ERR_STRING_DATA COMP_str_functs[]=
- {
-{ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"},
-{ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"},
-{ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"},
-{ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA COMP_str_reasons[]=
- {
-{ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR) ,"zlib deflate error"},
-{ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR) ,"zlib inflate error"},
-{ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED) ,"zlib not supported"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_COMP_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(COMP_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,COMP_str_functs);
- ERR_load_strings(0,COMP_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/comp/comp_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,98 @@
+/* crypto/comp/comp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/comp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)
+
+static ERR_STRING_DATA COMP_str_functs[] = {
+ {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"},
+ {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"},
+ {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"},
+ {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA COMP_str_reasons[] = {
+ {ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR), "zlib deflate error"},
+ {ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR), "zlib inflate error"},
+ {ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED), "zlib not supported"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_COMP_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, COMP_str_functs);
+ ERR_load_strings(0, COMP_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/comp/comp_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,72 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-
-COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
- {
- COMP_CTX *ret;
-
- if ((ret=(COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL)
- {
- /* ZZZZZZZZZZZZZZZZ */
- return(NULL);
- }
- memset(ret,0,sizeof(COMP_CTX));
- ret->meth=meth;
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
- {
- OPENSSL_free(ret);
- ret=NULL;
- }
- return(ret);
- }
-
-void COMP_CTX_free(COMP_CTX *ctx)
- {
- if(ctx == NULL)
- return;
-
- if (ctx->meth->finish != NULL)
- ctx->meth->finish(ctx);
-
- OPENSSL_free(ctx);
- }
-
-int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
- unsigned char *in, int ilen)
- {
- int ret;
- if (ctx->meth->compress == NULL)
- {
- /* ZZZZZZZZZZZZZZZZZ */
- return(-1);
- }
- ret=ctx->meth->compress(ctx,out,olen,in,ilen);
- if (ret > 0)
- {
- ctx->compress_in+=ilen;
- ctx->compress_out+=ret;
- }
- return(ret);
- }
-
-int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
- unsigned char *in, int ilen)
- {
- int ret;
-
- if (ctx->meth->expand == NULL)
- {
- /* ZZZZZZZZZZZZZZZZZ */
- return(-1);
- }
- ret=ctx->meth->expand(ctx,out,olen,in,ilen);
- if (ret > 0)
- {
- ctx->expand_in+=ilen;
- ctx->expand_out+=ret;
- }
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/comp/comp_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/comp/comp_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,66 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
+{
+ COMP_CTX *ret;
+
+ if ((ret = (COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) {
+ /* ZZZZZZZZZZZZZZZZ */
+ return (NULL);
+ }
+ memset(ret, 0, sizeof(COMP_CTX));
+ ret->meth = meth;
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+ OPENSSL_free(ret);
+ ret = NULL;
+ }
+ return (ret);
+}
+
+void COMP_CTX_free(COMP_CTX *ctx)
+{
+ if (ctx == NULL)
+ return;
+
+ if (ctx->meth->finish != NULL)
+ ctx->meth->finish(ctx);
+
+ OPENSSL_free(ctx);
+}
+
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+ unsigned char *in, int ilen)
+{
+ int ret;
+ if (ctx->meth->compress == NULL) {
+ /* ZZZZZZZZZZZZZZZZZ */
+ return (-1);
+ }
+ ret = ctx->meth->compress(ctx, out, olen, in, ilen);
+ if (ret > 0) {
+ ctx->compress_in += ilen;
+ ctx->compress_out += ret;
+ }
+ return (ret);
+}
+
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+ unsigned char *in, int ilen)
+{
+ int ret;
+
+ if (ctx->meth->expand == NULL) {
+ /* ZZZZZZZZZZZZZZZZZ */
+ return (-1);
+ }
+ ret = ctx->meth->expand(ctx, out, olen, in, ilen);
+ if (ret > 0) {
+ ctx->expand_in += ilen;
+ ctx->expand_out += ret;
+ }
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/conf/cnf_save.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/conf/cnf_save.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/cnf_save.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,106 +0,0 @@
-/* crypto/conf/cnf_save.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/conf.h>
-
-static void print_conf(CONF_VALUE *cv);
-static IMPLEMENT_LHASH_DOALL_FN(print_conf, CONF_VALUE *);
-
-main()
- {
- LHASH *conf;
- long l;
-
- conf=CONF_load(NULL,"../../apps/openssl.cnf",&l);
- if (conf == NULL)
- {
- fprintf(stderr,"error loading config, line %ld\n",l);
- exit(1);
- }
-
- lh_doall(conf,LHASH_DOALL_FN(print_conf));
- }
-
-
-static void print_conf(CONF_VALUE *cv)
- {
- int i;
- CONF_VALUE *v;
- char *section;
- char *name;
- char *value;
- STACK *s;
-
- /* If it is a single entry, return */
-
- if (cv->name != NULL) return;
-
- printf("[ %s ]\n",cv->section);
- s=(STACK *)cv->value;
-
- for (i=0; i<sk_num(s); i++)
- {
- v=(CONF_VALUE *)sk_value(s,i);
- section=(v->section == NULL)?"None":v->section;
- name=(v->name == NULL)?"None":v->name;
- value=(v->value == NULL)?"None":v->value;
- printf("%s=%s\n",name,value);
- }
- printf("\n");
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/conf/cnf_save.c (from rev 6976, vendor-crypto/openssl/dist/crypto/conf/cnf_save.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/conf/cnf_save.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/cnf_save.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,104 @@
+/* crypto/conf/cnf_save.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/conf.h>
+
+static void print_conf(CONF_VALUE *cv);
+static IMPLEMENT_LHASH_DOALL_FN(print_conf, CONF_VALUE *);
+
+main()
+{
+ LHASH *conf;
+ long l;
+
+ conf = CONF_load(NULL, "../../apps/openssl.cnf", &l);
+ if (conf == NULL) {
+ fprintf(stderr, "error loading config, line %ld\n", l);
+ exit(1);
+ }
+
+ lh_doall(conf, LHASH_DOALL_FN(print_conf));
+}
+
+static void print_conf(CONF_VALUE *cv)
+{
+ int i;
+ CONF_VALUE *v;
+ char *section;
+ char *name;
+ char *value;
+ STACK *s;
+
+ /* If it is a single entry, return */
+
+ if (cv->name != NULL)
+ return;
+
+ printf("[ %s ]\n", cv->section);
+ s = (STACK *) cv->value;
+
+ for (i = 0; i < sk_num(s); i++) {
+ v = (CONF_VALUE *)sk_value(s, i);
+ section = (v->section == NULL) ? "None" : v->section;
+ name = (v->name == NULL) ? "None" : v->name;
+ value = (v->value == NULL) ? "None" : v->value;
+ printf("%s=%s\n", name, value);
+ }
+ printf("\n");
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/conf/conf.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,254 +0,0 @@
-/* crypto/conf/conf.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CONF_H
-#define HEADER_CONF_H
-
-#include <openssl/bio.h>
-#include <openssl/lhash.h>
-#include <openssl/stack.h>
-#include <openssl/safestack.h>
-#include <openssl/e_os2.h>
-
-#include <openssl/ossl_typ.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct
- {
- char *section;
- char *name;
- char *value;
- } CONF_VALUE;
-
-DECLARE_STACK_OF(CONF_VALUE)
-DECLARE_STACK_OF(CONF_MODULE)
-DECLARE_STACK_OF(CONF_IMODULE)
-
-struct conf_st;
-struct conf_method_st;
-typedef struct conf_method_st CONF_METHOD;
-
-struct conf_method_st
- {
- const char *name;
- CONF *(*create)(CONF_METHOD *meth);
- int (*init)(CONF *conf);
- int (*destroy)(CONF *conf);
- int (*destroy_data)(CONF *conf);
- int (*load_bio)(CONF *conf, BIO *bp, long *eline);
- int (*dump)(const CONF *conf, BIO *bp);
- int (*is_number)(const CONF *conf, char c);
- int (*to_int)(const CONF *conf, char c);
- int (*load)(CONF *conf, const char *name, long *eline);
- };
-
-/* Module definitions */
-
-typedef struct conf_imodule_st CONF_IMODULE;
-typedef struct conf_module_st CONF_MODULE;
-
-/* DSO module function typedefs */
-typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf);
-typedef void conf_finish_func(CONF_IMODULE *md);
-
-#define CONF_MFLAGS_IGNORE_ERRORS 0x1
-#define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2
-#define CONF_MFLAGS_SILENT 0x4
-#define CONF_MFLAGS_NO_DSO 0x8
-#define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10
-#define CONF_MFLAGS_DEFAULT_SECTION 0x20
-
-int CONF_set_default_method(CONF_METHOD *meth);
-void CONF_set_nconf(CONF *conf,LHASH *hash);
-LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
-#ifndef OPENSSL_NO_FP_API
-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
-#endif
-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section);
-char *CONF_get_string(LHASH *conf,const char *group,const char *name);
-long CONF_get_number(LHASH *conf,const char *group,const char *name);
-void CONF_free(LHASH *conf);
-int CONF_dump_fp(LHASH *conf, FILE *out);
-int CONF_dump_bio(LHASH *conf, BIO *out);
-
-void OPENSSL_config(const char *config_name);
-void OPENSSL_no_config(void);
-
-/* New conf code. The semantics are different from the functions above.
- If that wasn't the case, the above functions would have been replaced */
-
-struct conf_st
- {
- CONF_METHOD *meth;
- void *meth_data;
- LHASH *data;
- };
-
-CONF *NCONF_new(CONF_METHOD *meth);
-CONF_METHOD *NCONF_default(void);
-CONF_METHOD *NCONF_WIN32(void);
-#if 0 /* Just to give you an idea of what I have in mind */
-CONF_METHOD *NCONF_XML(void);
-#endif
-void NCONF_free(CONF *conf);
-void NCONF_free_data(CONF *conf);
-
-int NCONF_load(CONF *conf,const char *file,long *eline);
-#ifndef OPENSSL_NO_FP_API
-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline);
-#endif
-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline);
-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section);
-char *NCONF_get_string(const CONF *conf,const char *group,const char *name);
-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
- long *result);
-int NCONF_dump_fp(const CONF *conf, FILE *out);
-int NCONF_dump_bio(const CONF *conf, BIO *out);
-
-#if 0 /* The following function has no error checking,
- and should therefore be avoided */
-long NCONF_get_number(CONF *conf,char *group,char *name);
-#else
-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
-#endif
-
-/* Module functions */
-
-int CONF_modules_load(const CONF *cnf, const char *appname,
- unsigned long flags);
-int CONF_modules_load_file(const char *filename, const char *appname,
- unsigned long flags);
-void CONF_modules_unload(int all);
-void CONF_modules_finish(void);
-void CONF_modules_free(void);
-int CONF_module_add(const char *name, conf_init_func *ifunc,
- conf_finish_func *ffunc);
-
-const char *CONF_imodule_get_name(const CONF_IMODULE *md);
-const char *CONF_imodule_get_value(const CONF_IMODULE *md);
-void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
-void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
-CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
-unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
-void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
-void *CONF_module_get_usr_data(CONF_MODULE *pmod);
-void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
-
-char *CONF_get1_default_config_file(void);
-
-int CONF_parse_list(const char *list, int sep, int nospc,
- int (*list_cb)(const char *elem, int len, void *usr), void *arg);
-
-void OPENSSL_load_builtin_modules(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CONF_strings(void);
-
-/* Error codes for the CONF functions. */
-
-/* Function codes. */
-#define CONF_F_CONF_DUMP_FP 104
-#define CONF_F_CONF_LOAD 100
-#define CONF_F_CONF_LOAD_BIO 102
-#define CONF_F_CONF_LOAD_FP 103
-#define CONF_F_CONF_MODULES_LOAD 116
-#define CONF_F_DEF_LOAD 120
-#define CONF_F_DEF_LOAD_BIO 121
-#define CONF_F_MODULE_INIT 115
-#define CONF_F_MODULE_LOAD_DSO 117
-#define CONF_F_MODULE_RUN 118
-#define CONF_F_NCONF_DUMP_BIO 105
-#define CONF_F_NCONF_DUMP_FP 106
-#define CONF_F_NCONF_GET_NUMBER 107
-#define CONF_F_NCONF_GET_NUMBER_E 112
-#define CONF_F_NCONF_GET_SECTION 108
-#define CONF_F_NCONF_GET_STRING 109
-#define CONF_F_NCONF_LOAD 113
-#define CONF_F_NCONF_LOAD_BIO 110
-#define CONF_F_NCONF_LOAD_FP 114
-#define CONF_F_NCONF_NEW 111
-#define CONF_F_STR_COPY 101
-
-/* Reason codes. */
-#define CONF_R_ERROR_LOADING_DSO 110
-#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100
-#define CONF_R_MISSING_EQUAL_SIGN 101
-#define CONF_R_MISSING_FINISH_FUNCTION 111
-#define CONF_R_MISSING_INIT_FUNCTION 112
-#define CONF_R_MODULE_INITIALIZATION_ERROR 109
-#define CONF_R_NO_CLOSE_BRACE 102
-#define CONF_R_NO_CONF 105
-#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106
-#define CONF_R_NO_SECTION 107
-#define CONF_R_NO_SUCH_FILE 114
-#define CONF_R_NO_VALUE 108
-#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103
-#define CONF_R_UNKNOWN_MODULE_NAME 113
-#define CONF_R_VARIABLE_HAS_NO_VALUE 104
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf.h (from rev 6976, vendor-crypto/openssl/dist/crypto/conf/conf.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/conf/conf.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,257 @@
+/* crypto/conf/conf.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CONF_H
+# define HEADER_CONF_H
+
+# include <openssl/bio.h>
+# include <openssl/lhash.h>
+# include <openssl/stack.h>
+# include <openssl/safestack.h>
+# include <openssl/e_os2.h>
+
+# include <openssl/ossl_typ.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct {
+ char *section;
+ char *name;
+ char *value;
+} CONF_VALUE;
+
+DECLARE_STACK_OF(CONF_VALUE)
+DECLARE_STACK_OF(CONF_MODULE)
+DECLARE_STACK_OF(CONF_IMODULE)
+
+struct conf_st;
+struct conf_method_st;
+typedef struct conf_method_st CONF_METHOD;
+
+struct conf_method_st {
+ const char *name;
+ CONF *(*create) (CONF_METHOD *meth);
+ int (*init) (CONF *conf);
+ int (*destroy) (CONF *conf);
+ int (*destroy_data) (CONF *conf);
+ int (*load_bio) (CONF *conf, BIO *bp, long *eline);
+ int (*dump) (const CONF *conf, BIO *bp);
+ int (*is_number) (const CONF *conf, char c);
+ int (*to_int) (const CONF *conf, char c);
+ int (*load) (CONF *conf, const char *name, long *eline);
+};
+
+/* Module definitions */
+
+typedef struct conf_imodule_st CONF_IMODULE;
+typedef struct conf_module_st CONF_MODULE;
+
+/* DSO module function typedefs */
+typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf);
+typedef void conf_finish_func (CONF_IMODULE *md);
+
+# define CONF_MFLAGS_IGNORE_ERRORS 0x1
+# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2
+# define CONF_MFLAGS_SILENT 0x4
+# define CONF_MFLAGS_NO_DSO 0x8
+# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10
+# define CONF_MFLAGS_DEFAULT_SECTION 0x20
+
+int CONF_set_default_method(CONF_METHOD *meth);
+void CONF_set_nconf(CONF *conf, LHASH *hash);
+LHASH *CONF_load(LHASH *conf, const char *file, long *eline);
+# ifndef OPENSSL_NO_FP_API
+LHASH *CONF_load_fp(LHASH *conf, FILE *fp, long *eline);
+# endif
+LHASH *CONF_load_bio(LHASH *conf, BIO *bp, long *eline);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, const char *section);
+char *CONF_get_string(LHASH *conf, const char *group, const char *name);
+long CONF_get_number(LHASH *conf, const char *group, const char *name);
+void CONF_free(LHASH *conf);
+int CONF_dump_fp(LHASH *conf, FILE *out);
+int CONF_dump_bio(LHASH *conf, BIO *out);
+
+void OPENSSL_config(const char *config_name);
+void OPENSSL_no_config(void);
+
+/*
+ * New conf code. The semantics are different from the functions above. If
+ * that wasn't the case, the above functions would have been replaced
+ */
+
+struct conf_st {
+ CONF_METHOD *meth;
+ void *meth_data;
+ LHASH *data;
+};
+
+CONF *NCONF_new(CONF_METHOD *meth);
+CONF_METHOD *NCONF_default(void);
+CONF_METHOD *NCONF_WIN32(void);
+# if 0 /* Just to give you an idea of what I have in
+ * mind */
+CONF_METHOD *NCONF_XML(void);
+# endif
+void NCONF_free(CONF *conf);
+void NCONF_free_data(CONF *conf);
+
+int NCONF_load(CONF *conf, const char *file, long *eline);
+# ifndef OPENSSL_NO_FP_API
+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
+# endif
+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline);
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
+ const char *section);
+char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
+ long *result);
+int NCONF_dump_fp(const CONF *conf, FILE *out);
+int NCONF_dump_bio(const CONF *conf, BIO *out);
+
+# if 0 /* The following function has no error
+ * checking, and should therefore be avoided */
+long NCONF_get_number(CONF *conf, char *group, char *name);
+# else
+# define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
+# endif
+
+/* Module functions */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+ unsigned long flags);
+int CONF_modules_load_file(const char *filename, const char *appname,
+ unsigned long flags);
+void CONF_modules_unload(int all);
+void CONF_modules_finish(void);
+void CONF_modules_free(void);
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+ conf_finish_func *ffunc);
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md);
+const char *CONF_imodule_get_value(const CONF_IMODULE *md);
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
+void *CONF_module_get_usr_data(CONF_MODULE *pmod);
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
+
+char *CONF_get1_default_config_file(void);
+
+int CONF_parse_list(const char *list, int sep, int nospc,
+ int (*list_cb) (const char *elem, int len, void *usr),
+ void *arg);
+
+void OPENSSL_load_builtin_modules(void);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_CONF_strings(void);
+
+/* Error codes for the CONF functions. */
+
+/* Function codes. */
+# define CONF_F_CONF_DUMP_FP 104
+# define CONF_F_CONF_LOAD 100
+# define CONF_F_CONF_LOAD_BIO 102
+# define CONF_F_CONF_LOAD_FP 103
+# define CONF_F_CONF_MODULES_LOAD 116
+# define CONF_F_DEF_LOAD 120
+# define CONF_F_DEF_LOAD_BIO 121
+# define CONF_F_MODULE_INIT 115
+# define CONF_F_MODULE_LOAD_DSO 117
+# define CONF_F_MODULE_RUN 118
+# define CONF_F_NCONF_DUMP_BIO 105
+# define CONF_F_NCONF_DUMP_FP 106
+# define CONF_F_NCONF_GET_NUMBER 107
+# define CONF_F_NCONF_GET_NUMBER_E 112
+# define CONF_F_NCONF_GET_SECTION 108
+# define CONF_F_NCONF_GET_STRING 109
+# define CONF_F_NCONF_LOAD 113
+# define CONF_F_NCONF_LOAD_BIO 110
+# define CONF_F_NCONF_LOAD_FP 114
+# define CONF_F_NCONF_NEW 111
+# define CONF_F_STR_COPY 101
+
+/* Reason codes. */
+# define CONF_R_ERROR_LOADING_DSO 110
+# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100
+# define CONF_R_MISSING_EQUAL_SIGN 101
+# define CONF_R_MISSING_FINISH_FUNCTION 111
+# define CONF_R_MISSING_INIT_FUNCTION 112
+# define CONF_R_MODULE_INITIALIZATION_ERROR 109
+# define CONF_R_NO_CLOSE_BRACE 102
+# define CONF_R_NO_CONF 105
+# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106
+# define CONF_R_NO_SECTION 107
+# define CONF_R_NO_SUCH_FILE 114
+# define CONF_R_NO_VALUE 108
+# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103
+# define CONF_R_UNKNOWN_MODULE_NAME 113
+# define CONF_R_VARIABLE_HAS_NO_VALUE 104
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/conf/conf_api.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,309 +0,0 @@
-/* conf_api.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Part of the code in here was originally in conf.c, which is now removed */
-
-#ifndef CONF_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/conf.h>
-#include <openssl/conf_api.h>
-#include "e_os.h"
-
-static void value_free_hash(CONF_VALUE *a, LHASH *conf);
-static void value_free_stack(CONF_VALUE *a,LHASH *conf);
-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *)
-static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *)
-/* We don't use function pointer casting or wrapper functions - but cast each
- * callback parameter inside the callback functions. */
-/* static unsigned long hash(CONF_VALUE *v); */
-static unsigned long hash(const void *v_void);
-/* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */
-static int cmp_conf(const void *a_void,const void *b_void);
-
-/* Up until OpenSSL 0.9.5a, this was get_section */
-CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
- {
- CONF_VALUE *v,vv;
-
- if ((conf == NULL) || (section == NULL)) return(NULL);
- vv.name=NULL;
- vv.section=(char *)section;
- v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
- return(v);
- }
-
-/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
-STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
- const char *section)
- {
- CONF_VALUE *v;
-
- v=_CONF_get_section(conf,section);
- if (v != NULL)
- return((STACK_OF(CONF_VALUE) *)v->value);
- else
- return(NULL);
- }
-
-int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
- {
- CONF_VALUE *v = NULL;
- STACK_OF(CONF_VALUE) *ts;
-
- ts = (STACK_OF(CONF_VALUE) *)section->value;
-
- value->section=section->section;
- if (!sk_CONF_VALUE_push(ts,value))
- {
- return 0;
- }
-
- v = (CONF_VALUE *)lh_insert(conf->data, value);
- if (v != NULL)
- {
- (void)sk_CONF_VALUE_delete_ptr(ts,v);
- OPENSSL_free(v->name);
- OPENSSL_free(v->value);
- OPENSSL_free(v);
- }
- return 1;
- }
-
-char *_CONF_get_string(const CONF *conf, const char *section, const char *name)
- {
- CONF_VALUE *v,vv;
- char *p;
-
- if (name == NULL) return(NULL);
- if (conf != NULL)
- {
- if (section != NULL)
- {
- vv.name=(char *)name;
- vv.section=(char *)section;
- v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
- if (v != NULL) return(v->value);
- if (strcmp(section,"ENV") == 0)
- {
- p=Getenv(name);
- if (p != NULL) return(p);
- }
- }
- vv.section="default";
- vv.name=(char *)name;
- v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
- if (v != NULL)
- return(v->value);
- else
- return(NULL);
- }
- else
- return(Getenv(name));
- }
-
-#if 0 /* There's no way to provide error checking with this function, so
- force implementors of the higher levels to get a string and read
- the number themselves. */
-long _CONF_get_number(CONF *conf, char *section, char *name)
- {
- char *str;
- long ret=0;
-
- str=_CONF_get_string(conf,section,name);
- if (str == NULL) return(0);
- for (;;)
- {
- if (conf->meth->is_number(conf, *str))
- ret=ret*10+conf->meth->to_int(conf, *str);
- else
- return(ret);
- str++;
- }
- }
-#endif
-
-int _CONF_new_data(CONF *conf)
- {
- if (conf == NULL)
- {
- return 0;
- }
- if (conf->data == NULL)
- if ((conf->data = lh_new(hash, cmp_conf)) == NULL)
- {
- return 0;
- }
- return 1;
- }
-
-void _CONF_free_data(CONF *conf)
- {
- if (conf == NULL || conf->data == NULL) return;
-
- conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()'
- * works as expected */
- lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash),
- conf->data);
-
- /* We now have only 'section' entries in the hash table.
- * Due to problems with */
-
- lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack),
- conf->data);
- lh_free(conf->data);
- }
-
-static void value_free_hash(CONF_VALUE *a, LHASH *conf)
- {
- if (a->name != NULL)
- {
- a=(CONF_VALUE *)lh_delete(conf,a);
- }
- }
-
-static void value_free_stack(CONF_VALUE *a, LHASH *conf)
- {
- CONF_VALUE *vv;
- STACK *sk;
- int i;
-
- if (a->name != NULL) return;
-
- sk=(STACK *)a->value;
- for (i=sk_num(sk)-1; i>=0; i--)
- {
- vv=(CONF_VALUE *)sk_value(sk,i);
- OPENSSL_free(vv->value);
- OPENSSL_free(vv->name);
- OPENSSL_free(vv);
- }
- if (sk != NULL) sk_free(sk);
- OPENSSL_free(a->section);
- OPENSSL_free(a);
- }
-
-/* static unsigned long hash(CONF_VALUE *v) */
-static unsigned long hash(const void *v_void)
- {
- CONF_VALUE *v = (CONF_VALUE *)v_void;
- return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
- }
-
-/* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */
-static int cmp_conf(const void *a_void,const void *b_void)
- {
- int i;
- CONF_VALUE *a = (CONF_VALUE *)a_void;
- CONF_VALUE *b = (CONF_VALUE *)b_void;
-
- if (a->section != b->section)
- {
- i=strcmp(a->section,b->section);
- if (i) return(i);
- }
-
- if ((a->name != NULL) && (b->name != NULL))
- {
- i=strcmp(a->name,b->name);
- return(i);
- }
- else if (a->name == b->name)
- return(0);
- else
- return((a->name == NULL)?-1:1);
- }
-
-/* Up until OpenSSL 0.9.5a, this was new_section */
-CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
- {
- STACK *sk=NULL;
- int ok=0,i;
- CONF_VALUE *v=NULL,*vv;
-
- if ((sk=sk_new_null()) == NULL)
- goto err;
- if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
- goto err;
- i=strlen(section)+1;
- if ((v->section=(char *)OPENSSL_malloc(i)) == NULL)
- goto err;
-
- memcpy(v->section,section,i);
- v->name=NULL;
- v->value=(char *)sk;
-
- vv=(CONF_VALUE *)lh_insert(conf->data,v);
- OPENSSL_assert(vv == NULL);
- ok=1;
-err:
- if (!ok)
- {
- if (sk != NULL) sk_free(sk);
- if (v != NULL) OPENSSL_free(v);
- v=NULL;
- }
- return(v);
- }
-
-IMPLEMENT_STACK_OF(CONF_VALUE)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.c (from rev 6976, vendor-crypto/openssl/dist/crypto/conf/conf_api.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,310 @@
+/* conf_api.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#ifndef CONF_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include "e_os.h"
+
+static void value_free_hash(CONF_VALUE *a, LHASH *conf);
+static void value_free_stack(CONF_VALUE *a, LHASH *conf);
+static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *)
+/*
+ * We don't use function pointer casting or wrapper functions - but cast each
+ * callback parameter inside the callback functions.
+ */
+/* static unsigned long hash(CONF_VALUE *v); */
+static unsigned long hash(const void *v_void);
+/* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */
+static int cmp_conf(const void *a_void, const void *b_void);
+
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
+{
+ CONF_VALUE *v, vv;
+
+ if ((conf == NULL) || (section == NULL))
+ return (NULL);
+ vv.name = NULL;
+ vv.section = (char *)section;
+ v = (CONF_VALUE *)lh_retrieve(conf->data, &vv);
+ return (v);
+}
+
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+ const char *section)
+{
+ CONF_VALUE *v;
+
+ v = _CONF_get_section(conf, section);
+ if (v != NULL)
+ return ((STACK_OF(CONF_VALUE) *)v->value);
+ else
+ return (NULL);
+}
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
+{
+ CONF_VALUE *v = NULL;
+ STACK_OF(CONF_VALUE) *ts;
+
+ ts = (STACK_OF(CONF_VALUE) *)section->value;
+
+ value->section = section->section;
+ if (!sk_CONF_VALUE_push(ts, value)) {
+ return 0;
+ }
+
+ v = (CONF_VALUE *)lh_insert(conf->data, value);
+ if (v != NULL) {
+ (void)sk_CONF_VALUE_delete_ptr(ts, v);
+ OPENSSL_free(v->name);
+ OPENSSL_free(v->value);
+ OPENSSL_free(v);
+ }
+ return 1;
+}
+
+char *_CONF_get_string(const CONF *conf, const char *section,
+ const char *name)
+{
+ CONF_VALUE *v, vv;
+ char *p;
+
+ if (name == NULL)
+ return (NULL);
+ if (conf != NULL) {
+ if (section != NULL) {
+ vv.name = (char *)name;
+ vv.section = (char *)section;
+ v = (CONF_VALUE *)lh_retrieve(conf->data, &vv);
+ if (v != NULL)
+ return (v->value);
+ if (strcmp(section, "ENV") == 0) {
+ p = Getenv(name);
+ if (p != NULL)
+ return (p);
+ }
+ }
+ vv.section = "default";
+ vv.name = (char *)name;
+ v = (CONF_VALUE *)lh_retrieve(conf->data, &vv);
+ if (v != NULL)
+ return (v->value);
+ else
+ return (NULL);
+ } else
+ return (Getenv(name));
+}
+
+#if 0 /* There's no way to provide error checking
+ * with this function, so force implementors
+ * of the higher levels to get a string and
+ * read the number themselves. */
+long _CONF_get_number(CONF *conf, char *section, char *name)
+{
+ char *str;
+ long ret = 0;
+
+ str = _CONF_get_string(conf, section, name);
+ if (str == NULL)
+ return (0);
+ for (;;) {
+ if (conf->meth->is_number(conf, *str))
+ ret = ret * 10 + conf->meth->to_int(conf, *str);
+ else
+ return (ret);
+ str++;
+ }
+}
+#endif
+
+int _CONF_new_data(CONF *conf)
+{
+ if (conf == NULL) {
+ return 0;
+ }
+ if (conf->data == NULL)
+ if ((conf->data = lh_new(hash, cmp_conf)) == NULL) {
+ return 0;
+ }
+ return 1;
+}
+
+void _CONF_free_data(CONF *conf)
+{
+ if (conf == NULL || conf->data == NULL)
+ return;
+
+ conf->data->down_load = 0; /* evil thing to make sure the
+ * 'OPENSSL_free()' works as expected */
+ lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash), conf->data);
+
+ /*
+ * We now have only 'section' entries in the hash table. Due to problems
+ * with
+ */
+
+ lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack),
+ conf->data);
+ lh_free(conf->data);
+}
+
+static void value_free_hash(CONF_VALUE *a, LHASH *conf)
+{
+ if (a->name != NULL) {
+ a = (CONF_VALUE *)lh_delete(conf, a);
+ }
+}
+
+static void value_free_stack(CONF_VALUE *a, LHASH *conf)
+{
+ CONF_VALUE *vv;
+ STACK *sk;
+ int i;
+
+ if (a->name != NULL)
+ return;
+
+ sk = (STACK *) a->value;
+ for (i = sk_num(sk) - 1; i >= 0; i--) {
+ vv = (CONF_VALUE *)sk_value(sk, i);
+ OPENSSL_free(vv->value);
+ OPENSSL_free(vv->name);
+ OPENSSL_free(vv);
+ }
+ if (sk != NULL)
+ sk_free(sk);
+ OPENSSL_free(a->section);
+ OPENSSL_free(a);
+}
+
+/* static unsigned long hash(CONF_VALUE *v) */
+static unsigned long hash(const void *v_void)
+{
+ CONF_VALUE *v = (CONF_VALUE *)v_void;
+ return ((lh_strhash(v->section) << 2) ^ lh_strhash(v->name));
+}
+
+/* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */
+static int cmp_conf(const void *a_void, const void *b_void)
+{
+ int i;
+ CONF_VALUE *a = (CONF_VALUE *)a_void;
+ CONF_VALUE *b = (CONF_VALUE *)b_void;
+
+ if (a->section != b->section) {
+ i = strcmp(a->section, b->section);
+ if (i)
+ return (i);
+ }
+
+ if ((a->name != NULL) && (b->name != NULL)) {
+ i = strcmp(a->name, b->name);
+ return (i);
+ } else if (a->name == b->name)
+ return (0);
+ else
+ return ((a->name == NULL) ? -1 : 1);
+}
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
+{
+ STACK *sk = NULL;
+ int ok = 0, i;
+ CONF_VALUE *v = NULL, *vv;
+
+ if ((sk = sk_new_null()) == NULL)
+ goto err;
+ if ((v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
+ goto err;
+ i = strlen(section) + 1;
+ if ((v->section = (char *)OPENSSL_malloc(i)) == NULL)
+ goto err;
+
+ memcpy(v->section, section, i);
+ v->name = NULL;
+ v->value = (char *)sk;
+
+ vv = (CONF_VALUE *)lh_insert(conf->data, v);
+ OPENSSL_assert(vv == NULL);
+ ok = 1;
+ err:
+ if (!ok) {
+ if (sk != NULL)
+ sk_free(sk);
+ if (v != NULL)
+ OPENSSL_free(v);
+ v = NULL;
+ }
+ return (v);
+}
+
+IMPLEMENT_STACK_OF(CONF_VALUE)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/conf/conf_api.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,89 +0,0 @@
-/* conf_api.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CONF_API_H
-#define HEADER_CONF_API_H
-
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Up until OpenSSL 0.9.5a, this was new_section */
-CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
-/* Up until OpenSSL 0.9.5a, this was get_section */
-CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
-/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
-STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
- const char *section);
-
-int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
-char *_CONF_get_string(const CONF *conf, const char *section,
- const char *name);
-long _CONF_get_number(const CONF *conf, const char *section, const char *name);
-
-int _CONF_new_data(CONF *conf);
-void _CONF_free_data(CONF *conf);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.h (from rev 6976, vendor-crypto/openssl/dist/crypto/conf/conf_api.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_api.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,89 @@
+/* conf_api.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CONF_API_H
+# define HEADER_CONF_API_H
+
+# include <openssl/lhash.h>
+# include <openssl/conf.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+ const char *section);
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
+char *_CONF_get_string(const CONF *conf, const char *section,
+ const char *name);
+long _CONF_get_number(const CONF *conf, const char *section,
+ const char *name);
+
+int _CONF_new_data(CONF *conf);
+void _CONF_free_data(CONF *conf);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/conf/conf_def.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,747 +0,0 @@
-/* crypto/conf/conf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Part of the code in here was originally in conf.c, which is now removed */
-
-#include <stdio.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/stack.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-#include <openssl/conf_api.h>
-#include "conf_def.h"
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-static char *eat_ws(CONF *conf, char *p);
-static char *eat_alpha_numeric(CONF *conf, char *p);
-static void clear_comments(CONF *conf, char *p);
-static int str_copy(CONF *conf,char *section,char **to, char *from);
-static char *scan_quote(CONF *conf, char *p);
-static char *scan_dquote(CONF *conf, char *p);
-#define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
-
-static CONF *def_create(CONF_METHOD *meth);
-static int def_init_default(CONF *conf);
-static int def_init_WIN32(CONF *conf);
-static int def_destroy(CONF *conf);
-static int def_destroy_data(CONF *conf);
-static int def_load(CONF *conf, const char *name, long *eline);
-static int def_load_bio(CONF *conf, BIO *bp, long *eline);
-static int def_dump(const CONF *conf, BIO *bp);
-static int def_is_number(const CONF *conf, char c);
-static int def_to_int(const CONF *conf, char c);
-
-const char CONF_def_version[]="CONF_def" OPENSSL_VERSION_PTEXT;
-
-static CONF_METHOD default_method = {
- "OpenSSL default",
- def_create,
- def_init_default,
- def_destroy,
- def_destroy_data,
- def_load_bio,
- def_dump,
- def_is_number,
- def_to_int,
- def_load
- };
-
-static CONF_METHOD WIN32_method = {
- "WIN32",
- def_create,
- def_init_WIN32,
- def_destroy,
- def_destroy_data,
- def_load_bio,
- def_dump,
- def_is_number,
- def_to_int,
- def_load
- };
-
-CONF_METHOD *NCONF_default()
- {
- return &default_method;
- }
-CONF_METHOD *NCONF_WIN32()
- {
- return &WIN32_method;
- }
-
-static CONF *def_create(CONF_METHOD *meth)
- {
- CONF *ret;
-
- ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
- if (ret)
- if (meth->init(ret) == 0)
- {
- OPENSSL_free(ret);
- ret = NULL;
- }
- return ret;
- }
-
-static int def_init_default(CONF *conf)
- {
- if (conf == NULL)
- return 0;
-
- conf->meth = &default_method;
- conf->meth_data = (void *)CONF_type_default;
- conf->data = NULL;
-
- return 1;
- }
-
-static int def_init_WIN32(CONF *conf)
- {
- if (conf == NULL)
- return 0;
-
- conf->meth = &WIN32_method;
- conf->meth_data = (void *)CONF_type_win32;
- conf->data = NULL;
-
- return 1;
- }
-
-static int def_destroy(CONF *conf)
- {
- if (def_destroy_data(conf))
- {
- OPENSSL_free(conf);
- return 1;
- }
- return 0;
- }
-
-static int def_destroy_data(CONF *conf)
- {
- if (conf == NULL)
- return 0;
- _CONF_free_data(conf);
- return 1;
- }
-
-static int def_load(CONF *conf, const char *name, long *line)
- {
- int ret;
- BIO *in=NULL;
-
-#ifdef OPENSSL_SYS_VMS
- in=BIO_new_file(name, "r");
-#else
- in=BIO_new_file(name, "rb");
-#endif
- if (in == NULL)
- {
- if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
- CONFerr(CONF_F_DEF_LOAD,CONF_R_NO_SUCH_FILE);
- else
- CONFerr(CONF_F_DEF_LOAD,ERR_R_SYS_LIB);
- return 0;
- }
-
- ret = def_load_bio(conf, in, line);
- BIO_free(in);
-
- return ret;
- }
-
-static int def_load_bio(CONF *conf, BIO *in, long *line)
- {
-/* The macro BUFSIZE conflicts with a system macro in VxWorks */
-#define CONFBUFSIZE 512
- int bufnum=0,i,ii;
- BUF_MEM *buff=NULL;
- char *s,*p,*end;
- int again;
- long eline=0;
- char btmp[DECIMAL_SIZE(eline)+1];
- CONF_VALUE *v=NULL,*tv;
- CONF_VALUE *sv=NULL;
- char *section=NULL,*buf;
-/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/
-/* STACK_OF(CONF_VALUE) *ts=NULL;*/
- char *start,*psection,*pname;
- void *h = (void *)(conf->data);
-
- if ((buff=BUF_MEM_new()) == NULL)
- {
- CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);
- goto err;
- }
-
- section=(char *)OPENSSL_malloc(10);
- if (section == NULL)
- {
- CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- BUF_strlcpy(section,"default",10);
-
- if (_CONF_new_data(conf) == 0)
- {
- CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- sv=_CONF_new_section(conf,section);
- if (sv == NULL)
- {
- CONFerr(CONF_F_DEF_LOAD_BIO,
- CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
- goto err;
- }
-/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
-
- bufnum=0;
- again=0;
- for (;;)
- {
- if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE))
- {
- CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);
- goto err;
- }
- p= &(buff->data[bufnum]);
- *p='\0';
- BIO_gets(in, p, CONFBUFSIZE-1);
- p[CONFBUFSIZE-1]='\0';
- ii=i=strlen(p);
- if (i == 0 && !again) break;
- again=0;
- while (i > 0)
- {
- if ((p[i-1] != '\r') && (p[i-1] != '\n'))
- break;
- else
- i--;
- }
- /* we removed some trailing stuff so there is a new
- * line on the end. */
- if (ii && i == ii)
- again=1; /* long line */
- else
- {
- p[i]='\0';
- eline++; /* another input line */
- }
-
- /* we now have a line with trailing \r\n removed */
-
- /* i is the number of bytes */
- bufnum+=i;
-
- v=NULL;
- /* check for line continuation */
- if (bufnum >= 1)
- {
- /* If we have bytes and the last char '\\' and
- * second last char is not '\\' */
- p= &(buff->data[bufnum-1]);
- if (IS_ESC(conf,p[0]) &&
- ((bufnum <= 1) || !IS_ESC(conf,p[-1])))
- {
- bufnum--;
- again=1;
- }
- }
- if (again) continue;
- bufnum=0;
- buf=buff->data;
-
- clear_comments(conf, buf);
- s=eat_ws(conf, buf);
- if (IS_EOF(conf,*s)) continue; /* blank line */
- if (*s == '[')
- {
- char *ss;
-
- s++;
- start=eat_ws(conf, s);
- ss=start;
-again:
- end=eat_alpha_numeric(conf, ss);
- p=eat_ws(conf, end);
- if (*p != ']')
- {
- if (*p != '\0' && ss != p)
- {
- ss=p;
- goto again;
- }
- CONFerr(CONF_F_DEF_LOAD_BIO,
- CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
- goto err;
- }
- *end='\0';
- if (!str_copy(conf,NULL,§ion,start)) goto err;
- if ((sv=_CONF_get_section(conf,section)) == NULL)
- sv=_CONF_new_section(conf,section);
- if (sv == NULL)
- {
- CONFerr(CONF_F_DEF_LOAD_BIO,
- CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
- goto err;
- }
-/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
- continue;
- }
- else
- {
- pname=s;
- psection=NULL;
- end=eat_alpha_numeric(conf, s);
- if ((end[0] == ':') && (end[1] == ':'))
- {
- *end='\0';
- end+=2;
- psection=pname;
- pname=end;
- end=eat_alpha_numeric(conf, end);
- }
- p=eat_ws(conf, end);
- if (*p != '=')
- {
- CONFerr(CONF_F_DEF_LOAD_BIO,
- CONF_R_MISSING_EQUAL_SIGN);
- goto err;
- }
- *end='\0';
- p++;
- start=eat_ws(conf, p);
- while (!IS_EOF(conf,*p))
- p++;
- p--;
- while ((p != start) && (IS_WS(conf,*p)))
- p--;
- p++;
- *p='\0';
-
- if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))
- {
- CONFerr(CONF_F_DEF_LOAD_BIO,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (psection == NULL) psection=section;
- v->name=(char *)OPENSSL_malloc(strlen(pname)+1);
- v->value=NULL;
- if (v->name == NULL)
- {
- CONFerr(CONF_F_DEF_LOAD_BIO,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- BUF_strlcpy(v->name,pname,strlen(pname)+1);
- if (!str_copy(conf,psection,&(v->value),start)) goto err;
-
- if (strcmp(psection,section) != 0)
- {
- if ((tv=_CONF_get_section(conf,psection))
- == NULL)
- tv=_CONF_new_section(conf,psection);
- if (tv == NULL)
- {
- CONFerr(CONF_F_DEF_LOAD_BIO,
- CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
- goto err;
- }
-/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/
- }
- else
- {
- tv=sv;
-/* ts=section_sk;*/
- }
-#if 1
- if (_CONF_add_string(conf, tv, v) == 0)
- {
- CONFerr(CONF_F_DEF_LOAD_BIO,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-#else
- v->section=tv->section;
- if (!sk_CONF_VALUE_push(ts,v))
- {
- CONFerr(CONF_F_DEF_LOAD_BIO,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- vv=(CONF_VALUE *)lh_insert(conf->data,v);
- if (vv != NULL)
- {
- sk_CONF_VALUE_delete_ptr(ts,vv);
- OPENSSL_free(vv->name);
- OPENSSL_free(vv->value);
- OPENSSL_free(vv);
- }
-#endif
- v=NULL;
- }
- }
- if (buff != NULL) BUF_MEM_free(buff);
- if (section != NULL) OPENSSL_free(section);
- return(1);
-err:
- if (buff != NULL) BUF_MEM_free(buff);
- if (section != NULL) OPENSSL_free(section);
- if (line != NULL) *line=eline;
- BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
- ERR_add_error_data(2,"line ",btmp);
- if ((h != conf->data) && (conf->data != NULL))
- {
- CONF_free(conf->data);
- conf->data=NULL;
- }
- if (v != NULL)
- {
- if (v->name != NULL) OPENSSL_free(v->name);
- if (v->value != NULL) OPENSSL_free(v->value);
- if (v != NULL) OPENSSL_free(v);
- }
- return(0);
- }
-
-static void clear_comments(CONF *conf, char *p)
- {
- for (;;)
- {
- if (IS_FCOMMENT(conf,*p))
- {
- *p='\0';
- return;
- }
- if (!IS_WS(conf,*p))
- {
- break;
- }
- p++;
- }
-
- for (;;)
- {
- if (IS_COMMENT(conf,*p))
- {
- *p='\0';
- return;
- }
- if (IS_DQUOTE(conf,*p))
- {
- p=scan_dquote(conf, p);
- continue;
- }
- if (IS_QUOTE(conf,*p))
- {
- p=scan_quote(conf, p);
- continue;
- }
- if (IS_ESC(conf,*p))
- {
- p=scan_esc(conf,p);
- continue;
- }
- if (IS_EOF(conf,*p))
- return;
- else
- p++;
- }
- }
-
-static int str_copy(CONF *conf, char *section, char **pto, char *from)
- {
- int q,r,rr=0,to=0,len=0;
- char *s,*e,*rp,*p,*rrp,*np,*cp,v;
- BUF_MEM *buf;
-
- if ((buf=BUF_MEM_new()) == NULL) return(0);
-
- len=strlen(from)+1;
- if (!BUF_MEM_grow(buf,len)) goto err;
-
- for (;;)
- {
- if (IS_QUOTE(conf,*from))
- {
- q= *from;
- from++;
- while (!IS_EOF(conf,*from) && (*from != q))
- {
- if (IS_ESC(conf,*from))
- {
- from++;
- if (IS_EOF(conf,*from)) break;
- }
- buf->data[to++]= *(from++);
- }
- if (*from == q) from++;
- }
- else if (IS_DQUOTE(conf,*from))
- {
- q= *from;
- from++;
- while (!IS_EOF(conf,*from))
- {
- if (*from == q)
- {
- if (*(from+1) == q)
- {
- from++;
- }
- else
- {
- break;
- }
- }
- buf->data[to++]= *(from++);
- }
- if (*from == q) from++;
- }
- else if (IS_ESC(conf,*from))
- {
- from++;
- v= *(from++);
- if (IS_EOF(conf,v)) break;
- else if (v == 'r') v='\r';
- else if (v == 'n') v='\n';
- else if (v == 'b') v='\b';
- else if (v == 't') v='\t';
- buf->data[to++]= v;
- }
- else if (IS_EOF(conf,*from))
- break;
- else if (*from == '$')
- {
- /* try to expand it */
- rrp=NULL;
- s= &(from[1]);
- if (*s == '{')
- q='}';
- else if (*s == '(')
- q=')';
- else q=0;
-
- if (q) s++;
- cp=section;
- e=np=s;
- while (IS_ALPHA_NUMERIC(conf,*e))
- e++;
- if ((e[0] == ':') && (e[1] == ':'))
- {
- cp=np;
- rrp=e;
- rr= *e;
- *rrp='\0';
- e+=2;
- np=e;
- while (IS_ALPHA_NUMERIC(conf,*e))
- e++;
- }
- r= *e;
- *e='\0';
- rp=e;
- if (q)
- {
- if (r != q)
- {
- CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
- goto err;
- }
- e++;
- }
- /* So at this point we have
- * np which is the start of the name string which is
- * '\0' terminated.
- * cp which is the start of the section string which is
- * '\0' terminated.
- * e is the 'next point after'.
- * r and rr are the chars replaced by the '\0'
- * rp and rrp is where 'r' and 'rr' came from.
- */
- p=_CONF_get_string(conf,cp,np);
- if (rrp != NULL) *rrp=rr;
- *rp=r;
- if (p == NULL)
- {
- CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
- goto err;
- }
- BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from)));
- while (*p)
- buf->data[to++]= *(p++);
-
- /* Since we change the pointer 'from', we also have
- to change the perceived length of the string it
- points at. /RL */
- len -= e-from;
- from=e;
-
- /* In case there were no braces or parenthesis around
- the variable reference, we have to put back the
- character that was replaced with a '\0'. /RL */
- *rp = r;
- }
- else
- buf->data[to++]= *(from++);
- }
- buf->data[to]='\0';
- if (*pto != NULL) OPENSSL_free(*pto);
- *pto=buf->data;
- OPENSSL_free(buf);
- return(1);
-err:
- if (buf != NULL) BUF_MEM_free(buf);
- return(0);
- }
-
-static char *eat_ws(CONF *conf, char *p)
- {
- while (IS_WS(conf,*p) && (!IS_EOF(conf,*p)))
- p++;
- return(p);
- }
-
-static char *eat_alpha_numeric(CONF *conf, char *p)
- {
- for (;;)
- {
- if (IS_ESC(conf,*p))
- {
- p=scan_esc(conf,p);
- continue;
- }
- if (!IS_ALPHA_NUMERIC_PUNCT(conf,*p))
- return(p);
- p++;
- }
- }
-
-static char *scan_quote(CONF *conf, char *p)
- {
- int q= *p;
-
- p++;
- while (!(IS_EOF(conf,*p)) && (*p != q))
- {
- if (IS_ESC(conf,*p))
- {
- p++;
- if (IS_EOF(conf,*p)) return(p);
- }
- p++;
- }
- if (*p == q) p++;
- return(p);
- }
-
-
-static char *scan_dquote(CONF *conf, char *p)
- {
- int q= *p;
-
- p++;
- while (!(IS_EOF(conf,*p)))
- {
- if (*p == q)
- {
- if (*(p+1) == q)
- {
- p++;
- }
- else
- {
- break;
- }
- }
- p++;
- }
- if (*p == q) p++;
- return(p);
- }
-
-static void dump_value(CONF_VALUE *a, BIO *out)
- {
- if (a->name)
- BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
- else
- BIO_printf(out, "[[%s]]\n", a->section);
- }
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *)
-
-static int def_dump(const CONF *conf, BIO *out)
- {
- lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out);
- return 1;
- }
-
-static int def_is_number(const CONF *conf, char c)
- {
- return IS_NUMBER(conf,c);
- }
-
-static int def_to_int(const CONF *conf, char c)
- {
- return c - '0';
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.c (from rev 6976, vendor-crypto/openssl/dist/crypto/conf/conf_def.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,709 @@
+/* crypto/conf/conf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include "conf_def.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static char *eat_ws(CONF *conf, char *p);
+static char *eat_alpha_numeric(CONF *conf, char *p);
+static void clear_comments(CONF *conf, char *p);
+static int str_copy(CONF *conf, char *section, char **to, char *from);
+static char *scan_quote(CONF *conf, char *p);
+static char *scan_dquote(CONF *conf, char *p);
+#define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
+
+static CONF *def_create(CONF_METHOD *meth);
+static int def_init_default(CONF *conf);
+static int def_init_WIN32(CONF *conf);
+static int def_destroy(CONF *conf);
+static int def_destroy_data(CONF *conf);
+static int def_load(CONF *conf, const char *name, long *eline);
+static int def_load_bio(CONF *conf, BIO *bp, long *eline);
+static int def_dump(const CONF *conf, BIO *bp);
+static int def_is_number(const CONF *conf, char c);
+static int def_to_int(const CONF *conf, char c);
+
+const char CONF_def_version[] = "CONF_def" OPENSSL_VERSION_PTEXT;
+
+static CONF_METHOD default_method = {
+ "OpenSSL default",
+ def_create,
+ def_init_default,
+ def_destroy,
+ def_destroy_data,
+ def_load_bio,
+ def_dump,
+ def_is_number,
+ def_to_int,
+ def_load
+};
+
+static CONF_METHOD WIN32_method = {
+ "WIN32",
+ def_create,
+ def_init_WIN32,
+ def_destroy,
+ def_destroy_data,
+ def_load_bio,
+ def_dump,
+ def_is_number,
+ def_to_int,
+ def_load
+};
+
+CONF_METHOD *NCONF_default()
+{
+ return &default_method;
+}
+
+CONF_METHOD *NCONF_WIN32()
+{
+ return &WIN32_method;
+}
+
+static CONF *def_create(CONF_METHOD *meth)
+{
+ CONF *ret;
+
+ ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
+ if (ret)
+ if (meth->init(ret) == 0) {
+ OPENSSL_free(ret);
+ ret = NULL;
+ }
+ return ret;
+}
+
+static int def_init_default(CONF *conf)
+{
+ if (conf == NULL)
+ return 0;
+
+ conf->meth = &default_method;
+ conf->meth_data = (void *)CONF_type_default;
+ conf->data = NULL;
+
+ return 1;
+}
+
+static int def_init_WIN32(CONF *conf)
+{
+ if (conf == NULL)
+ return 0;
+
+ conf->meth = &WIN32_method;
+ conf->meth_data = (void *)CONF_type_win32;
+ conf->data = NULL;
+
+ return 1;
+}
+
+static int def_destroy(CONF *conf)
+{
+ if (def_destroy_data(conf)) {
+ OPENSSL_free(conf);
+ return 1;
+ }
+ return 0;
+}
+
+static int def_destroy_data(CONF *conf)
+{
+ if (conf == NULL)
+ return 0;
+ _CONF_free_data(conf);
+ return 1;
+}
+
+static int def_load(CONF *conf, const char *name, long *line)
+{
+ int ret;
+ BIO *in = NULL;
+
+#ifdef OPENSSL_SYS_VMS
+ in = BIO_new_file(name, "r");
+#else
+ in = BIO_new_file(name, "rb");
+#endif
+ if (in == NULL) {
+ if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
+ CONFerr(CONF_F_DEF_LOAD, CONF_R_NO_SUCH_FILE);
+ else
+ CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
+ return 0;
+ }
+
+ ret = def_load_bio(conf, in, line);
+ BIO_free(in);
+
+ return ret;
+}
+
+static int def_load_bio(CONF *conf, BIO *in, long *line)
+{
+/* The macro BUFSIZE conflicts with a system macro in VxWorks */
+#define CONFBUFSIZE 512
+ int bufnum = 0, i, ii;
+ BUF_MEM *buff = NULL;
+ char *s, *p, *end;
+ int again;
+ long eline = 0;
+ char btmp[DECIMAL_SIZE(eline) + 1];
+ CONF_VALUE *v = NULL, *tv;
+ CONF_VALUE *sv = NULL;
+ char *section = NULL, *buf;
+/* STACK_OF(CONF_VALUE) *section_sk=NULL;*/
+/* STACK_OF(CONF_VALUE) *ts=NULL;*/
+ char *start, *psection, *pname;
+ void *h = (void *)(conf->data);
+
+ if ((buff = BUF_MEM_new()) == NULL) {
+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
+ goto err;
+ }
+
+ section = (char *)OPENSSL_malloc(10);
+ if (section == NULL) {
+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ BUF_strlcpy(section, "default", 10);
+
+ if (_CONF_new_data(conf) == 0) {
+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ sv = _CONF_new_section(conf, section);
+ if (sv == NULL) {
+ CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+ goto err;
+ }
+/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
+
+ bufnum = 0;
+ again = 0;
+ for (;;) {
+ if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {
+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
+ goto err;
+ }
+ p = &(buff->data[bufnum]);
+ *p = '\0';
+ BIO_gets(in, p, CONFBUFSIZE - 1);
+ p[CONFBUFSIZE - 1] = '\0';
+ ii = i = strlen(p);
+ if (i == 0 && !again)
+ break;
+ again = 0;
+ while (i > 0) {
+ if ((p[i - 1] != '\r') && (p[i - 1] != '\n'))
+ break;
+ else
+ i--;
+ }
+ /*
+ * we removed some trailing stuff so there is a new line on the end.
+ */
+ if (ii && i == ii)
+ again = 1; /* long line */
+ else {
+ p[i] = '\0';
+ eline++; /* another input line */
+ }
+
+ /* we now have a line with trailing \r\n removed */
+
+ /* i is the number of bytes */
+ bufnum += i;
+
+ v = NULL;
+ /* check for line continuation */
+ if (bufnum >= 1) {
+ /*
+ * If we have bytes and the last char '\\' and second last char
+ * is not '\\'
+ */
+ p = &(buff->data[bufnum - 1]);
+ if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) {
+ bufnum--;
+ again = 1;
+ }
+ }
+ if (again)
+ continue;
+ bufnum = 0;
+ buf = buff->data;
+
+ clear_comments(conf, buf);
+ s = eat_ws(conf, buf);
+ if (IS_EOF(conf, *s))
+ continue; /* blank line */
+ if (*s == '[') {
+ char *ss;
+
+ s++;
+ start = eat_ws(conf, s);
+ ss = start;
+ again:
+ end = eat_alpha_numeric(conf, ss);
+ p = eat_ws(conf, end);
+ if (*p != ']') {
+ if (*p != '\0' && ss != p) {
+ ss = p;
+ goto again;
+ }
+ CONFerr(CONF_F_DEF_LOAD_BIO,
+ CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+ goto err;
+ }
+ *end = '\0';
+ if (!str_copy(conf, NULL, §ion, start))
+ goto err;
+ if ((sv = _CONF_get_section(conf, section)) == NULL)
+ sv = _CONF_new_section(conf, section);
+ if (sv == NULL) {
+ CONFerr(CONF_F_DEF_LOAD_BIO,
+ CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+ goto err;
+ }
+/* section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
+ continue;
+ } else {
+ pname = s;
+ psection = NULL;
+ end = eat_alpha_numeric(conf, s);
+ if ((end[0] == ':') && (end[1] == ':')) {
+ *end = '\0';
+ end += 2;
+ psection = pname;
+ pname = end;
+ end = eat_alpha_numeric(conf, end);
+ }
+ p = eat_ws(conf, end);
+ if (*p != '=') {
+ CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN);
+ goto err;
+ }
+ *end = '\0';
+ p++;
+ start = eat_ws(conf, p);
+ while (!IS_EOF(conf, *p))
+ p++;
+ p--;
+ while ((p != start) && (IS_WS(conf, *p)))
+ p--;
+ p++;
+ *p = '\0';
+
+ if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) {
+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (psection == NULL)
+ psection = section;
+ v->name = (char *)OPENSSL_malloc(strlen(pname) + 1);
+ v->value = NULL;
+ if (v->name == NULL) {
+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ BUF_strlcpy(v->name, pname, strlen(pname) + 1);
+ if (!str_copy(conf, psection, &(v->value), start))
+ goto err;
+
+ if (strcmp(psection, section) != 0) {
+ if ((tv = _CONF_get_section(conf, psection))
+ == NULL)
+ tv = _CONF_new_section(conf, psection);
+ if (tv == NULL) {
+ CONFerr(CONF_F_DEF_LOAD_BIO,
+ CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+ goto err;
+ }
+/* ts=(STACK_OF(CONF_VALUE) *)tv->value;*/
+ } else {
+ tv = sv;
+/* ts=section_sk;*/
+ }
+#if 1
+ if (_CONF_add_string(conf, tv, v) == 0) {
+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+#else
+ v->section = tv->section;
+ if (!sk_CONF_VALUE_push(ts, v)) {
+ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ vv = (CONF_VALUE *)lh_insert(conf->data, v);
+ if (vv != NULL) {
+ sk_CONF_VALUE_delete_ptr(ts, vv);
+ OPENSSL_free(vv->name);
+ OPENSSL_free(vv->value);
+ OPENSSL_free(vv);
+ }
+#endif
+ v = NULL;
+ }
+ }
+ if (buff != NULL)
+ BUF_MEM_free(buff);
+ if (section != NULL)
+ OPENSSL_free(section);
+ return (1);
+ err:
+ if (buff != NULL)
+ BUF_MEM_free(buff);
+ if (section != NULL)
+ OPENSSL_free(section);
+ if (line != NULL)
+ *line = eline;
+ BIO_snprintf(btmp, sizeof btmp, "%ld", eline);
+ ERR_add_error_data(2, "line ", btmp);
+ if ((h != conf->data) && (conf->data != NULL)) {
+ CONF_free(conf->data);
+ conf->data = NULL;
+ }
+ if (v != NULL) {
+ if (v->name != NULL)
+ OPENSSL_free(v->name);
+ if (v->value != NULL)
+ OPENSSL_free(v->value);
+ if (v != NULL)
+ OPENSSL_free(v);
+ }
+ return (0);
+}
+
+static void clear_comments(CONF *conf, char *p)
+{
+ for (;;) {
+ if (IS_FCOMMENT(conf, *p)) {
+ *p = '\0';
+ return;
+ }
+ if (!IS_WS(conf, *p)) {
+ break;
+ }
+ p++;
+ }
+
+ for (;;) {
+ if (IS_COMMENT(conf, *p)) {
+ *p = '\0';
+ return;
+ }
+ if (IS_DQUOTE(conf, *p)) {
+ p = scan_dquote(conf, p);
+ continue;
+ }
+ if (IS_QUOTE(conf, *p)) {
+ p = scan_quote(conf, p);
+ continue;
+ }
+ if (IS_ESC(conf, *p)) {
+ p = scan_esc(conf, p);
+ continue;
+ }
+ if (IS_EOF(conf, *p))
+ return;
+ else
+ p++;
+ }
+}
+
+static int str_copy(CONF *conf, char *section, char **pto, char *from)
+{
+ int q, r, rr = 0, to = 0, len = 0;
+ char *s, *e, *rp, *p, *rrp, *np, *cp, v;
+ BUF_MEM *buf;
+
+ if ((buf = BUF_MEM_new()) == NULL)
+ return (0);
+
+ len = strlen(from) + 1;
+ if (!BUF_MEM_grow(buf, len))
+ goto err;
+
+ for (;;) {
+ if (IS_QUOTE(conf, *from)) {
+ q = *from;
+ from++;
+ while (!IS_EOF(conf, *from) && (*from != q)) {
+ if (IS_ESC(conf, *from)) {
+ from++;
+ if (IS_EOF(conf, *from))
+ break;
+ }
+ buf->data[to++] = *(from++);
+ }
+ if (*from == q)
+ from++;
+ } else if (IS_DQUOTE(conf, *from)) {
+ q = *from;
+ from++;
+ while (!IS_EOF(conf, *from)) {
+ if (*from == q) {
+ if (*(from + 1) == q) {
+ from++;
+ } else {
+ break;
+ }
+ }
+ buf->data[to++] = *(from++);
+ }
+ if (*from == q)
+ from++;
+ } else if (IS_ESC(conf, *from)) {
+ from++;
+ v = *(from++);
+ if (IS_EOF(conf, v))
+ break;
+ else if (v == 'r')
+ v = '\r';
+ else if (v == 'n')
+ v = '\n';
+ else if (v == 'b')
+ v = '\b';
+ else if (v == 't')
+ v = '\t';
+ buf->data[to++] = v;
+ } else if (IS_EOF(conf, *from))
+ break;
+ else if (*from == '$') {
+ /* try to expand it */
+ rrp = NULL;
+ s = &(from[1]);
+ if (*s == '{')
+ q = '}';
+ else if (*s == '(')
+ q = ')';
+ else
+ q = 0;
+
+ if (q)
+ s++;
+ cp = section;
+ e = np = s;
+ while (IS_ALPHA_NUMERIC(conf, *e))
+ e++;
+ if ((e[0] == ':') && (e[1] == ':')) {
+ cp = np;
+ rrp = e;
+ rr = *e;
+ *rrp = '\0';
+ e += 2;
+ np = e;
+ while (IS_ALPHA_NUMERIC(conf, *e))
+ e++;
+ }
+ r = *e;
+ *e = '\0';
+ rp = e;
+ if (q) {
+ if (r != q) {
+ CONFerr(CONF_F_STR_COPY, CONF_R_NO_CLOSE_BRACE);
+ goto err;
+ }
+ e++;
+ }
+ /*-
+ * So at this point we have
+ * np which is the start of the name string which is
+ * '\0' terminated.
+ * cp which is the start of the section string which is
+ * '\0' terminated.
+ * e is the 'next point after'.
+ * r and rr are the chars replaced by the '\0'
+ * rp and rrp is where 'r' and 'rr' came from.
+ */
+ p = _CONF_get_string(conf, cp, np);
+ if (rrp != NULL)
+ *rrp = rr;
+ *rp = r;
+ if (p == NULL) {
+ CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE);
+ goto err;
+ }
+ BUF_MEM_grow_clean(buf, (strlen(p) + buf->length - (e - from)));
+ while (*p)
+ buf->data[to++] = *(p++);
+
+ /*
+ * Since we change the pointer 'from', we also have to change the
+ * perceived length of the string it points at. /RL
+ */
+ len -= e - from;
+ from = e;
+
+ /*
+ * In case there were no braces or parenthesis around the
+ * variable reference, we have to put back the character that was
+ * replaced with a '\0'. /RL
+ */
+ *rp = r;
+ } else
+ buf->data[to++] = *(from++);
+ }
+ buf->data[to] = '\0';
+ if (*pto != NULL)
+ OPENSSL_free(*pto);
+ *pto = buf->data;
+ OPENSSL_free(buf);
+ return (1);
+ err:
+ if (buf != NULL)
+ BUF_MEM_free(buf);
+ return (0);
+}
+
+static char *eat_ws(CONF *conf, char *p)
+{
+ while (IS_WS(conf, *p) && (!IS_EOF(conf, *p)))
+ p++;
+ return (p);
+}
+
+static char *eat_alpha_numeric(CONF *conf, char *p)
+{
+ for (;;) {
+ if (IS_ESC(conf, *p)) {
+ p = scan_esc(conf, p);
+ continue;
+ }
+ if (!IS_ALPHA_NUMERIC_PUNCT(conf, *p))
+ return (p);
+ p++;
+ }
+}
+
+static char *scan_quote(CONF *conf, char *p)
+{
+ int q = *p;
+
+ p++;
+ while (!(IS_EOF(conf, *p)) && (*p != q)) {
+ if (IS_ESC(conf, *p)) {
+ p++;
+ if (IS_EOF(conf, *p))
+ return (p);
+ }
+ p++;
+ }
+ if (*p == q)
+ p++;
+ return (p);
+}
+
+static char *scan_dquote(CONF *conf, char *p)
+{
+ int q = *p;
+
+ p++;
+ while (!(IS_EOF(conf, *p))) {
+ if (*p == q) {
+ if (*(p + 1) == q) {
+ p++;
+ } else {
+ break;
+ }
+ }
+ p++;
+ }
+ if (*p == q)
+ p++;
+ return (p);
+}
+
+static void dump_value(CONF_VALUE *a, BIO *out)
+{
+ if (a->name)
+ BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
+ else
+ BIO_printf(out, "[[%s]]\n", a->section);
+}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *)
+
+static int def_dump(const CONF *conf, BIO *out)
+{
+ lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out);
+ return 1;
+}
+
+static int def_is_number(const CONF *conf, char c)
+{
+ return IS_NUMBER(conf, c);
+}
+
+static int def_to_int(const CONF *conf, char c)
+{
+ return c - '0';
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/conf/conf_def.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,180 +0,0 @@
-/* crypto/conf/conf_def.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* THIS FILE WAS AUTOMAGICALLY GENERATED!
- Please modify and use keysets.pl to regenerate it. */
-
-#define CONF_NUMBER 1
-#define CONF_UPPER 2
-#define CONF_LOWER 4
-#define CONF_UNDER 256
-#define CONF_PUNCTUATION 512
-#define CONF_WS 16
-#define CONF_ESC 32
-#define CONF_QUOTE 64
-#define CONF_DQUOTE 1024
-#define CONF_COMMENT 128
-#define CONF_FCOMMENT 2048
-#define CONF_EOF 8
-#define CONF_HIGHBIT 4096
-#define CONF_ALPHA (CONF_UPPER|CONF_LOWER)
-#define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
- CONF_PUNCTUATION)
-
-#define KEYTYPES(c) ((unsigned short *)((c)->meth_data))
-#ifndef CHARSET_EBCDIC
-#define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
-#define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
-#define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \
- (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
-
-#else /*CHARSET_EBCDIC*/
-
-#define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
-#define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
-#define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
-#define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
-#define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
-#define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
-#define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(c,a) \
- (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
-#define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
-#define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
-#endif /*CHARSET_EBCDIC*/
-
-static unsigned short CONF_type_default[256]={
- 0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
- 0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
- 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
- 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
- 0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040,
- 0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
- 0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
- 0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200,
- 0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
- 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
- 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
- 0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100,
- 0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
- 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
- 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
- 0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- };
-
-static unsigned short CONF_type_win32[256]={
- 0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
- 0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
- 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
- 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
- 0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000,
- 0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
- 0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
- 0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200,
- 0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
- 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
- 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
- 0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100,
- 0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
- 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
- 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
- 0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
- };
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.h (from rev 6976, vendor-crypto/openssl/dist/crypto/conf/conf_def.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_def.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,181 @@
+/* crypto/conf/conf_def.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * THIS FILE WAS AUTOMAGICALLY GENERATED! Please modify and use keysets.pl to
+ * regenerate it.
+ */
+
+#define CONF_NUMBER 1
+#define CONF_UPPER 2
+#define CONF_LOWER 4
+#define CONF_UNDER 256
+#define CONF_PUNCTUATION 512
+#define CONF_WS 16
+#define CONF_ESC 32
+#define CONF_QUOTE 64
+#define CONF_DQUOTE 1024
+#define CONF_COMMENT 128
+#define CONF_FCOMMENT 2048
+#define CONF_EOF 8
+#define CONF_HIGHBIT 4096
+#define CONF_ALPHA (CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
+ CONF_PUNCTUATION)
+
+#define KEYTYPES(c) ((unsigned short *)((c)->meth_data))
+#ifndef CHARSET_EBCDIC
+# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
+# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
+# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF)
+# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC)
+# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
+# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS)
+# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+# define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+ (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
+# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
+# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+
+#else /* CHARSET_EBCDIC */
+
+# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
+# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
+# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
+# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
+# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
+# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
+# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+# define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+ (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
+# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
+# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+#endif /* CHARSET_EBCDIC */
+
+static unsigned short CONF_type_default[256] = {
+ 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+ 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
+ 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+ 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+ 0x0010, 0x0200, 0x0040, 0x0080, 0x0000, 0x0200, 0x0200, 0x0040,
+ 0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200,
+ 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001,
+ 0x0001, 0x0001, 0x0000, 0x0200, 0x0000, 0x0000, 0x0000, 0x0200,
+ 0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+ 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+ 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+ 0x0002, 0x0002, 0x0002, 0x0000, 0x0020, 0x0000, 0x0200, 0x0100,
+ 0x0040, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+ 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+ 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+ 0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+};
+
+static unsigned short CONF_type_win32[256] = {
+ 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+ 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
+ 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+ 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+ 0x0010, 0x0200, 0x0400, 0x0000, 0x0000, 0x0200, 0x0200, 0x0000,
+ 0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200,
+ 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001,
+ 0x0001, 0x0001, 0x0000, 0x0A00, 0x0000, 0x0000, 0x0000, 0x0200,
+ 0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+ 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+ 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+ 0x0002, 0x0002, 0x0002, 0x0000, 0x0000, 0x0000, 0x0200, 0x0100,
+ 0x0000, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+ 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+ 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+ 0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+ 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000,
+};
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/conf/conf_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,129 +0,0 @@
-/* crypto/conf/conf_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/conf.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
-
-static ERR_STRING_DATA CONF_str_functs[]=
- {
-{ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
-{ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"},
-{ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"},
-{ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
-{ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"},
-{ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"},
-{ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"},
-{ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"},
-{ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"},
-{ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"},
-{ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"},
-{ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"},
-{ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"},
-{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"},
-{ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"},
-{ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"},
-{ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"},
-{ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"},
-{ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"},
-{ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"},
-{ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CONF_str_reasons[]=
- {
-{ERR_REASON(CONF_R_ERROR_LOADING_DSO) ,"error loading dso"},
-{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"},
-{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN) ,"missing equal sign"},
-{ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"},
-{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION),"missing init function"},
-{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),"module initialization error"},
-{ERR_REASON(CONF_R_NO_CLOSE_BRACE) ,"no close brace"},
-{ERR_REASON(CONF_R_NO_CONF) ,"no conf"},
-{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),"no conf or environment variable"},
-{ERR_REASON(CONF_R_NO_SECTION) ,"no section"},
-{ERR_REASON(CONF_R_NO_SUCH_FILE) ,"no such file"},
-{ERR_REASON(CONF_R_NO_VALUE) ,"no value"},
-{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),"unable to create new section"},
-{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME) ,"unknown module name"},
-{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE),"variable has no value"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_CONF_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(CONF_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,CONF_str_functs);
- ERR_load_strings(0,CONF_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/conf/conf_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,131 @@
+/* crypto/conf/conf_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
+
+static ERR_STRING_DATA CONF_str_functs[] = {
+ {ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
+ {ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"},
+ {ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"},
+ {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
+ {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"},
+ {ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"},
+ {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"},
+ {ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"},
+ {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"},
+ {ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"},
+ {ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"},
+ {ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"},
+ {ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"},
+ {ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"},
+ {ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"},
+ {ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"},
+ {ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"},
+ {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"},
+ {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"},
+ {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"},
+ {ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA CONF_str_reasons[] = {
+ {ERR_REASON(CONF_R_ERROR_LOADING_DSO), "error loading dso"},
+ {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),
+ "missing close square bracket"},
+ {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"},
+ {ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION), "missing finish function"},
+ {ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"},
+ {ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),
+ "module initialization error"},
+ {ERR_REASON(CONF_R_NO_CLOSE_BRACE), "no close brace"},
+ {ERR_REASON(CONF_R_NO_CONF), "no conf"},
+ {ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),
+ "no conf or environment variable"},
+ {ERR_REASON(CONF_R_NO_SECTION), "no section"},
+ {ERR_REASON(CONF_R_NO_SUCH_FILE), "no such file"},
+ {ERR_REASON(CONF_R_NO_VALUE), "no value"},
+ {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),
+ "unable to create new section"},
+ {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"},
+ {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_CONF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, CONF_str_functs);
+ ERR_load_strings(0, CONF_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/conf/conf_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,401 +0,0 @@
-/* conf_lib.c */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/conf.h>
-#include <openssl/conf_api.h>
-#include <openssl/lhash.h>
-
-const char CONF_version[]="CONF" OPENSSL_VERSION_PTEXT;
-
-static CONF_METHOD *default_CONF_method=NULL;
-
-/* Init a 'CONF' structure from an old LHASH */
-
-void CONF_set_nconf(CONF *conf, LHASH *hash)
- {
- if (default_CONF_method == NULL)
- default_CONF_method = NCONF_default();
-
- default_CONF_method->init(conf);
- conf->data = hash;
- }
-
-/* The following section contains the "CONF classic" functions,
- rewritten in terms of the new CONF interface. */
-
-int CONF_set_default_method(CONF_METHOD *meth)
- {
- default_CONF_method = meth;
- return 1;
- }
-
-LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
- {
- LHASH *ltmp;
- BIO *in=NULL;
-
-#ifdef OPENSSL_SYS_VMS
- in=BIO_new_file(file, "r");
-#else
- in=BIO_new_file(file, "rb");
-#endif
- if (in == NULL)
- {
- CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
- return NULL;
- }
-
- ltmp = CONF_load_bio(conf, in, eline);
- BIO_free(in);
-
- return ltmp;
- }
-
-#ifndef OPENSSL_NO_FP_API
-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)
- {
- BIO *btmp;
- LHASH *ltmp;
- if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
- CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
- return NULL;
- }
- ltmp = CONF_load_bio(conf, btmp, eline);
- BIO_free(btmp);
- return ltmp;
- }
-#endif
-
-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
- {
- CONF ctmp;
- int ret;
-
- CONF_set_nconf(&ctmp, conf);
-
- ret = NCONF_load_bio(&ctmp, bp, eline);
- if (ret)
- return ctmp.data;
- return NULL;
- }
-
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)
- {
- if (conf == NULL)
- {
- return NULL;
- }
- else
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
- return NCONF_get_section(&ctmp, section);
- }
- }
-
-char *CONF_get_string(LHASH *conf,const char *group,const char *name)
- {
- if (conf == NULL)
- {
- return NCONF_get_string(NULL, group, name);
- }
- else
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
- return NCONF_get_string(&ctmp, group, name);
- }
- }
-
-long CONF_get_number(LHASH *conf,const char *group,const char *name)
- {
- int status;
- long result = 0;
-
- if (conf == NULL)
- {
- status = NCONF_get_number_e(NULL, group, name, &result);
- }
- else
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
- status = NCONF_get_number_e(&ctmp, group, name, &result);
- }
-
- if (status == 0)
- {
- /* This function does not believe in errors... */
- ERR_clear_error();
- }
- return result;
- }
-
-void CONF_free(LHASH *conf)
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
- NCONF_free_data(&ctmp);
- }
-
-#ifndef OPENSSL_NO_FP_API
-int CONF_dump_fp(LHASH *conf, FILE *out)
- {
- BIO *btmp;
- int ret;
-
- if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
- CONFerr(CONF_F_CONF_DUMP_FP,ERR_R_BUF_LIB);
- return 0;
- }
- ret = CONF_dump_bio(conf, btmp);
- BIO_free(btmp);
- return ret;
- }
-#endif
-
-int CONF_dump_bio(LHASH *conf, BIO *out)
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
- return NCONF_dump_bio(&ctmp, out);
- }
-
-/* The following section contains the "New CONF" functions. They are
- completely centralised around a new CONF structure that may contain
- basically anything, but at least a method pointer and a table of data.
- These functions are also written in terms of the bridge functions used
- by the "CONF classic" functions, for consistency. */
-
-CONF *NCONF_new(CONF_METHOD *meth)
- {
- CONF *ret;
-
- if (meth == NULL)
- meth = NCONF_default();
-
- ret = meth->create(meth);
- if (ret == NULL)
- {
- CONFerr(CONF_F_NCONF_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
- return ret;
- }
-
-void NCONF_free(CONF *conf)
- {
- if (conf == NULL)
- return;
- conf->meth->destroy(conf);
- }
-
-void NCONF_free_data(CONF *conf)
- {
- if (conf == NULL)
- return;
- conf->meth->destroy_data(conf);
- }
-
-int NCONF_load(CONF *conf, const char *file, long *eline)
- {
- if (conf == NULL)
- {
- CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF);
- return 0;
- }
-
- return conf->meth->load(conf, file, eline);
- }
-
-#ifndef OPENSSL_NO_FP_API
-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline)
- {
- BIO *btmp;
- int ret;
- if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE)))
- {
- CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB);
- return 0;
- }
- ret = NCONF_load_bio(conf, btmp, eline);
- BIO_free(btmp);
- return ret;
- }
-#endif
-
-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline)
- {
- if (conf == NULL)
- {
- CONFerr(CONF_F_NCONF_LOAD_BIO,CONF_R_NO_CONF);
- return 0;
- }
-
- return conf->meth->load_bio(conf, bp, eline);
- }
-
-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section)
- {
- if (conf == NULL)
- {
- CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_CONF);
- return NULL;
- }
-
- if (section == NULL)
- {
- CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
- return NULL;
- }
-
- return _CONF_get_section_values(conf, section);
- }
-
-char *NCONF_get_string(const CONF *conf,const char *group,const char *name)
- {
- char *s = _CONF_get_string(conf, group, name);
-
- /* Since we may get a value from an environment variable even
- if conf is NULL, let's check the value first */
- if (s) return s;
-
- if (conf == NULL)
- {
- CONFerr(CONF_F_NCONF_GET_STRING,
- CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
- return NULL;
- }
- CONFerr(CONF_F_NCONF_GET_STRING,
- CONF_R_NO_VALUE);
- ERR_add_error_data(4,"group=",group," name=",name);
- return NULL;
- }
-
-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
- long *result)
- {
- char *str;
-
- if (result == NULL)
- {
- CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
- str = NCONF_get_string(conf,group,name);
-
- if (str == NULL)
- return 0;
-
- for (*result = 0;conf->meth->is_number(conf, *str);)
- {
- *result = (*result)*10 + conf->meth->to_int(conf, *str);
- str++;
- }
-
- return 1;
- }
-
-#ifndef OPENSSL_NO_FP_API
-int NCONF_dump_fp(const CONF *conf, FILE *out)
- {
- BIO *btmp;
- int ret;
- if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
- CONFerr(CONF_F_NCONF_DUMP_FP,ERR_R_BUF_LIB);
- return 0;
- }
- ret = NCONF_dump_bio(conf, btmp);
- BIO_free(btmp);
- return ret;
- }
-#endif
-
-int NCONF_dump_bio(const CONF *conf, BIO *out)
- {
- if (conf == NULL)
- {
- CONFerr(CONF_F_NCONF_DUMP_BIO,CONF_R_NO_CONF);
- return 0;
- }
-
- return conf->meth->dump(conf, out);
- }
-
-
-/* This function should be avoided */
-#if 0
-long NCONF_get_number(CONF *conf,char *group,char *name)
- {
- int status;
- long ret=0;
-
- status = NCONF_get_number_e(conf, group, name, &ret);
- if (status == 0)
- {
- /* This function does not believe in errors... */
- ERR_get_error();
- }
- return ret;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/conf/conf_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,385 @@
+/* conf_lib.c */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include <openssl/lhash.h>
+
+const char CONF_version[] = "CONF" OPENSSL_VERSION_PTEXT;
+
+static CONF_METHOD *default_CONF_method = NULL;
+
+/* Init a 'CONF' structure from an old LHASH */
+
+void CONF_set_nconf(CONF *conf, LHASH *hash)
+{
+ if (default_CONF_method == NULL)
+ default_CONF_method = NCONF_default();
+
+ default_CONF_method->init(conf);
+ conf->data = hash;
+}
+
+/*
+ * The following section contains the "CONF classic" functions, rewritten in
+ * terms of the new CONF interface.
+ */
+
+int CONF_set_default_method(CONF_METHOD *meth)
+{
+ default_CONF_method = meth;
+ return 1;
+}
+
+LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
+{
+ LHASH *ltmp;
+ BIO *in = NULL;
+
+#ifdef OPENSSL_SYS_VMS
+ in = BIO_new_file(file, "r");
+#else
+ in = BIO_new_file(file, "rb");
+#endif
+ if (in == NULL) {
+ CONFerr(CONF_F_CONF_LOAD, ERR_R_SYS_LIB);
+ return NULL;
+ }
+
+ ltmp = CONF_load_bio(conf, in, eline);
+ BIO_free(in);
+
+ return ltmp;
+}
+
+#ifndef OPENSSL_NO_FP_API
+LHASH *CONF_load_fp(LHASH *conf, FILE *fp, long *eline)
+{
+ BIO *btmp;
+ LHASH *ltmp;
+ if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+ CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB);
+ return NULL;
+ }
+ ltmp = CONF_load_bio(conf, btmp, eline);
+ BIO_free(btmp);
+ return ltmp;
+}
+#endif
+
+LHASH *CONF_load_bio(LHASH *conf, BIO *bp, long *eline)
+{
+ CONF ctmp;
+ int ret;
+
+ CONF_set_nconf(&ctmp, conf);
+
+ ret = NCONF_load_bio(&ctmp, bp, eline);
+ if (ret)
+ return ctmp.data;
+ return NULL;
+}
+
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, const char *section)
+{
+ if (conf == NULL) {
+ return NULL;
+ } else {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return NCONF_get_section(&ctmp, section);
+ }
+}
+
+char *CONF_get_string(LHASH *conf, const char *group, const char *name)
+{
+ if (conf == NULL) {
+ return NCONF_get_string(NULL, group, name);
+ } else {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return NCONF_get_string(&ctmp, group, name);
+ }
+}
+
+long CONF_get_number(LHASH *conf, const char *group, const char *name)
+{
+ int status;
+ long result = 0;
+
+ if (conf == NULL) {
+ status = NCONF_get_number_e(NULL, group, name, &result);
+ } else {
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ status = NCONF_get_number_e(&ctmp, group, name, &result);
+ }
+
+ if (status == 0) {
+ /* This function does not believe in errors... */
+ ERR_clear_error();
+ }
+ return result;
+}
+
+void CONF_free(LHASH *conf)
+{
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ NCONF_free_data(&ctmp);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int CONF_dump_fp(LHASH *conf, FILE *out)
+{
+ BIO *btmp;
+ int ret;
+
+ if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
+ CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB);
+ return 0;
+ }
+ ret = CONF_dump_bio(conf, btmp);
+ BIO_free(btmp);
+ return ret;
+}
+#endif
+
+int CONF_dump_bio(LHASH *conf, BIO *out)
+{
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return NCONF_dump_bio(&ctmp, out);
+}
+
+/*
+ * The following section contains the "New CONF" functions. They are
+ * completely centralised around a new CONF structure that may contain
+ * basically anything, but at least a method pointer and a table of data.
+ * These functions are also written in terms of the bridge functions used by
+ * the "CONF classic" functions, for consistency.
+ */
+
+CONF *NCONF_new(CONF_METHOD *meth)
+{
+ CONF *ret;
+
+ if (meth == NULL)
+ meth = NCONF_default();
+
+ ret = meth->create(meth);
+ if (ret == NULL) {
+ CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+
+ return ret;
+}
+
+void NCONF_free(CONF *conf)
+{
+ if (conf == NULL)
+ return;
+ conf->meth->destroy(conf);
+}
+
+void NCONF_free_data(CONF *conf)
+{
+ if (conf == NULL)
+ return;
+ conf->meth->destroy_data(conf);
+}
+
+int NCONF_load(CONF *conf, const char *file, long *eline)
+{
+ if (conf == NULL) {
+ CONFerr(CONF_F_NCONF_LOAD, CONF_R_NO_CONF);
+ return 0;
+ }
+
+ return conf->meth->load(conf, file, eline);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
+{
+ BIO *btmp;
+ int ret;
+ if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+ CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB);
+ return 0;
+ }
+ ret = NCONF_load_bio(conf, btmp, eline);
+ BIO_free(btmp);
+ return ret;
+}
+#endif
+
+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline)
+{
+ if (conf == NULL) {
+ CONFerr(CONF_F_NCONF_LOAD_BIO, CONF_R_NO_CONF);
+ return 0;
+ }
+
+ return conf->meth->load_bio(conf, bp, eline);
+}
+
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section)
+{
+ if (conf == NULL) {
+ CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_CONF);
+ return NULL;
+ }
+
+ if (section == NULL) {
+ CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_SECTION);
+ return NULL;
+ }
+
+ return _CONF_get_section_values(conf, section);
+}
+
+char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
+{
+ char *s = _CONF_get_string(conf, group, name);
+
+ /*
+ * Since we may get a value from an environment variable even if conf is
+ * NULL, let's check the value first
+ */
+ if (s)
+ return s;
+
+ if (conf == NULL) {
+ CONFerr(CONF_F_NCONF_GET_STRING,
+ CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
+ return NULL;
+ }
+ CONFerr(CONF_F_NCONF_GET_STRING, CONF_R_NO_VALUE);
+ ERR_add_error_data(4, "group=", group, " name=", name);
+ return NULL;
+}
+
+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
+ long *result)
+{
+ char *str;
+
+ if (result == NULL) {
+ CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ str = NCONF_get_string(conf, group, name);
+
+ if (str == NULL)
+ return 0;
+
+ for (*result = 0; conf->meth->is_number(conf, *str);) {
+ *result = (*result) * 10 + conf->meth->to_int(conf, *str);
+ str++;
+ }
+
+ return 1;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int NCONF_dump_fp(const CONF *conf, FILE *out)
+{
+ BIO *btmp;
+ int ret;
+ if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
+ CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB);
+ return 0;
+ }
+ ret = NCONF_dump_bio(conf, btmp);
+ BIO_free(btmp);
+ return ret;
+}
+#endif
+
+int NCONF_dump_bio(const CONF *conf, BIO *out)
+{
+ if (conf == NULL) {
+ CONFerr(CONF_F_NCONF_DUMP_BIO, CONF_R_NO_CONF);
+ return 0;
+ }
+
+ return conf->meth->dump(conf, out);
+}
+
+/* This function should be avoided */
+#if 0
+long NCONF_get_number(CONF *conf, char *group, char *name)
+{
+ int status;
+ long ret = 0;
+
+ status = NCONF_get_number_e(conf, group, name, &ret);
+ if (status == 0) {
+ /* This function does not believe in errors... */
+ ERR_get_error();
+ }
+ return ret;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mall.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/conf/conf_mall.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mall.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,82 +0,0 @@
-/* conf_mall.c */
-/* Written by Stephen Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-/* Load all OpenSSL builtin modules */
-
-void OPENSSL_load_builtin_modules(void)
- {
- /* Add builtin modules here */
- ASN1_add_oid_module();
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_add_conf_module();
-#endif
- EVP_add_alg_module();
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mall.c (from rev 6976, vendor-crypto/openssl/dist/crypto/conf/conf_mall.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mall.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mall.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,82 @@
+/* conf_mall.c */
+/*
+ * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+/* Load all OpenSSL builtin modules */
+
+void OPENSSL_load_builtin_modules(void)
+{
+ /* Add builtin modules here */
+ ASN1_add_oid_module();
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_add_conf_module();
+#endif
+ EVP_add_alg_module();
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mod.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/conf/conf_mod.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mod.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,617 +0,0 @@
-/* conf_mod.c */
-/* Written by Stephen Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-
-
-#define DSO_mod_init_name "OPENSSL_init"
-#define DSO_mod_finish_name "OPENSSL_finish"
-
-
-/* This structure contains a data about supported modules.
- * entries in this table correspond to either dynamic or
- * static modules.
- */
-
-struct conf_module_st
- {
- /* DSO of this module or NULL if static */
- DSO *dso;
- /* Name of the module */
- char *name;
- /* Init function */
- conf_init_func *init;
- /* Finish function */
- conf_finish_func *finish;
- /* Number of successfully initialized modules */
- int links;
- void *usr_data;
- };
-
-
-/* This structure contains information about modules that have been
- * successfully initialized. There may be more than one entry for a
- * given module.
- */
-
-struct conf_imodule_st
- {
- CONF_MODULE *pmod;
- char *name;
- char *value;
- unsigned long flags;
- void *usr_data;
- };
-
-static STACK_OF(CONF_MODULE) *supported_modules = NULL;
-static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
-
-static void module_free(CONF_MODULE *md);
-static void module_finish(CONF_IMODULE *imod);
-static int module_run(const CONF *cnf, char *name, char *value,
- unsigned long flags);
-static CONF_MODULE *module_add(DSO *dso, const char *name,
- conf_init_func *ifunc, conf_finish_func *ffunc);
-static CONF_MODULE *module_find(char *name);
-static int module_init(CONF_MODULE *pmod, char *name, char *value,
- const CONF *cnf);
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
- unsigned long flags);
-
-/* Main function: load modules from a CONF structure */
-
-int CONF_modules_load(const CONF *cnf, const char *appname,
- unsigned long flags)
- {
- STACK_OF(CONF_VALUE) *values;
- CONF_VALUE *vl;
- char *vsection = NULL;
-
- int ret, i;
-
- if (!cnf)
- return 1;
-
- if (appname)
- vsection = NCONF_get_string(cnf, NULL, appname);
-
- if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
- vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
-
- if (!vsection)
- {
- ERR_clear_error();
- return 1;
- }
-
- values = NCONF_get_section(cnf, vsection);
-
- if (!values)
- return 0;
-
- for (i = 0; i < sk_CONF_VALUE_num(values); i++)
- {
- vl = sk_CONF_VALUE_value(values, i);
- ret = module_run(cnf, vl->name, vl->value, flags);
- if (ret <= 0)
- if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
- return ret;
- }
-
- return 1;
-
- }
-
-int CONF_modules_load_file(const char *filename, const char *appname,
- unsigned long flags)
- {
- char *file = NULL;
- CONF *conf = NULL;
- int ret = 0;
- conf = NCONF_new(NULL);
- if (!conf)
- goto err;
-
- if (filename == NULL)
- {
- file = CONF_get1_default_config_file();
- if (!file)
- goto err;
- }
- else
- file = (char *)filename;
-
- if (NCONF_load(conf, file, NULL) <= 0)
- {
- if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
- (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE))
- {
- ERR_clear_error();
- ret = 1;
- }
- goto err;
- }
-
- ret = CONF_modules_load(conf, appname, flags);
-
- err:
- if (filename == NULL)
- OPENSSL_free(file);
- NCONF_free(conf);
-
- return ret;
- }
-
-static int module_run(const CONF *cnf, char *name, char *value,
- unsigned long flags)
- {
- CONF_MODULE *md;
- int ret;
-
- md = module_find(name);
-
- /* Module not found: try to load DSO */
- if (!md && !(flags & CONF_MFLAGS_NO_DSO))
- md = module_load_dso(cnf, name, value, flags);
-
- if (!md)
- {
- if (!(flags & CONF_MFLAGS_SILENT))
- {
- CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
- ERR_add_error_data(2, "module=", name);
- }
- return -1;
- }
-
- ret = module_init(md, name, value, cnf);
-
- if (ret <= 0)
- {
- if (!(flags & CONF_MFLAGS_SILENT))
- {
- char rcode[DECIMAL_SIZE(ret)+1];
- CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
- BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
- ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
- }
- }
-
- return ret;
- }
-
-/* Load a module from a DSO */
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
- unsigned long flags)
- {
- DSO *dso = NULL;
- conf_init_func *ifunc;
- conf_finish_func *ffunc;
- char *path = NULL;
- int errcode = 0;
- CONF_MODULE *md;
- /* Look for alternative path in module section */
- path = NCONF_get_string(cnf, value, "path");
- if (!path)
- {
- ERR_clear_error();
- path = name;
- }
- dso = DSO_load(NULL, path, NULL, 0);
- if (!dso)
- {
- errcode = CONF_R_ERROR_LOADING_DSO;
- goto err;
- }
- ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
- if (!ifunc)
- {
- errcode = CONF_R_MISSING_INIT_FUNCTION;
- goto err;
- }
- ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
- /* All OK, add module */
- md = module_add(dso, name, ifunc, ffunc);
-
- if (!md)
- goto err;
-
- return md;
-
- err:
- if (dso)
- DSO_free(dso);
- CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
- ERR_add_error_data(4, "module=", name, ", path=", path);
- return NULL;
- }
-
-/* add module to list */
-static CONF_MODULE *module_add(DSO *dso, const char *name,
- conf_init_func *ifunc, conf_finish_func *ffunc)
- {
- CONF_MODULE *tmod = NULL;
- if (supported_modules == NULL)
- supported_modules = sk_CONF_MODULE_new_null();
- if (supported_modules == NULL)
- return NULL;
- tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
- if (tmod == NULL)
- return NULL;
-
- tmod->dso = dso;
- tmod->name = BUF_strdup(name);
- tmod->init = ifunc;
- tmod->finish = ffunc;
- tmod->links = 0;
-
- if (!sk_CONF_MODULE_push(supported_modules, tmod))
- {
- OPENSSL_free(tmod);
- return NULL;
- }
-
- return tmod;
- }
-
-/* Find a module from the list. We allow module names of the
- * form modname.XXXX to just search for modname to allow the
- * same module to be initialized more than once.
- */
-
-static CONF_MODULE *module_find(char *name)
- {
- CONF_MODULE *tmod;
- int i, nchar;
- char *p;
- p = strrchr(name, '.');
-
- if (p)
- nchar = p - name;
- else
- nchar = strlen(name);
-
- for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++)
- {
- tmod = sk_CONF_MODULE_value(supported_modules, i);
- if (!strncmp(tmod->name, name, nchar))
- return tmod;
- }
-
- return NULL;
-
- }
-
-/* initialize a module */
-static int module_init(CONF_MODULE *pmod, char *name, char *value,
- const CONF *cnf)
- {
- int ret = 1;
- int init_called = 0;
- CONF_IMODULE *imod = NULL;
-
- /* Otherwise add initialized module to list */
- imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
- if (!imod)
- goto err;
-
- imod->pmod = pmod;
- imod->name = BUF_strdup(name);
- imod->value = BUF_strdup(value);
- imod->usr_data = NULL;
-
- if (!imod->name || !imod->value)
- goto memerr;
-
- /* Try to initialize module */
- if(pmod->init)
- {
- ret = pmod->init(imod, cnf);
- init_called = 1;
- /* Error occurred, exit */
- if (ret <= 0)
- goto err;
- }
-
- if (initialized_modules == NULL)
- {
- initialized_modules = sk_CONF_IMODULE_new_null();
- if (!initialized_modules)
- {
- CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
-
- if (!sk_CONF_IMODULE_push(initialized_modules, imod))
- {
- CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- pmod->links++;
-
- return ret;
-
- err:
-
- /* We've started the module so we'd better finish it */
- if (pmod->finish && init_called)
- pmod->finish(imod);
-
- memerr:
- if (imod)
- {
- if (imod->name)
- OPENSSL_free(imod->name);
- if (imod->value)
- OPENSSL_free(imod->value);
- OPENSSL_free(imod);
- }
-
- return -1;
-
- }
-
-/* Unload any dynamic modules that have a link count of zero:
- * i.e. have no active initialized modules. If 'all' is set
- * then all modules are unloaded including static ones.
- */
-
-void CONF_modules_unload(int all)
- {
- int i;
- CONF_MODULE *md;
- CONF_modules_finish();
- /* unload modules in reverse order */
- for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
- {
- md = sk_CONF_MODULE_value(supported_modules, i);
- /* If static or in use and 'all' not set ignore it */
- if (((md->links > 0) || !md->dso) && !all)
- continue;
- /* Since we're working in reverse this is OK */
- (void)sk_CONF_MODULE_delete(supported_modules, i);
- module_free(md);
- }
- if (sk_CONF_MODULE_num(supported_modules) == 0)
- {
- sk_CONF_MODULE_free(supported_modules);
- supported_modules = NULL;
- }
- }
-
-/* unload a single module */
-static void module_free(CONF_MODULE *md)
- {
- if (md->dso)
- DSO_free(md->dso);
- OPENSSL_free(md->name);
- OPENSSL_free(md);
- }
-
-/* finish and free up all modules instances */
-
-void CONF_modules_finish(void)
- {
- CONF_IMODULE *imod;
- while (sk_CONF_IMODULE_num(initialized_modules) > 0)
- {
- imod = sk_CONF_IMODULE_pop(initialized_modules);
- module_finish(imod);
- }
- sk_CONF_IMODULE_free(initialized_modules);
- initialized_modules = NULL;
- }
-
-/* finish a module instance */
-
-static void module_finish(CONF_IMODULE *imod)
- {
- if (imod->pmod->finish)
- imod->pmod->finish(imod);
- imod->pmod->links--;
- OPENSSL_free(imod->name);
- OPENSSL_free(imod->value);
- OPENSSL_free(imod);
- }
-
-/* Add a static module to OpenSSL */
-
-int CONF_module_add(const char *name, conf_init_func *ifunc,
- conf_finish_func *ffunc)
- {
- if (module_add(NULL, name, ifunc, ffunc))
- return 1;
- else
- return 0;
- }
-
-void CONF_modules_free(void)
- {
- CONF_modules_finish();
- CONF_modules_unload(1);
- }
-
-/* Utility functions */
-
-const char *CONF_imodule_get_name(const CONF_IMODULE *md)
- {
- return md->name;
- }
-
-const char *CONF_imodule_get_value(const CONF_IMODULE *md)
- {
- return md->value;
- }
-
-void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
- {
- return md->usr_data;
- }
-
-void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
- {
- md->usr_data = usr_data;
- }
-
-CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
- {
- return md->pmod;
- }
-
-unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
- {
- return md->flags;
- }
-
-void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
- {
- md->flags = flags;
- }
-
-void *CONF_module_get_usr_data(CONF_MODULE *pmod)
- {
- return pmod->usr_data;
- }
-
-void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
- {
- pmod->usr_data = usr_data;
- }
-
-/* Return default config file name */
-
-char *CONF_get1_default_config_file(void)
- {
- char *file;
- int len;
-
- file = getenv("OPENSSL_CONF");
- if (file)
- return BUF_strdup(file);
-
- len = strlen(X509_get_default_cert_area());
-#ifndef OPENSSL_SYS_VMS
- len++;
-#endif
- len += strlen(OPENSSL_CONF);
-
- file = OPENSSL_malloc(len + 1);
-
- if (!file)
- return NULL;
- BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
-#ifndef OPENSSL_SYS_VMS
- BUF_strlcat(file,"/",len + 1);
-#endif
- BUF_strlcat(file,OPENSSL_CONF,len + 1);
-
- return file;
- }
-
-/* This function takes a list separated by 'sep' and calls the
- * callback function giving the start and length of each member
- * optionally stripping leading and trailing whitespace. This can
- * be used to parse comma separated lists for example.
- */
-
-int CONF_parse_list(const char *list_, int sep, int nospc,
- int (*list_cb)(const char *elem, int len, void *usr), void *arg)
- {
- int ret;
- const char *lstart, *tmpend, *p;
- lstart = list_;
-
- for(;;)
- {
- if (nospc)
- {
- while(*lstart && isspace((unsigned char)*lstart))
- lstart++;
- }
- p = strchr(lstart, sep);
- if (p == lstart || !*lstart)
- ret = list_cb(NULL, 0, arg);
- else
- {
- if (p)
- tmpend = p - 1;
- else
- tmpend = lstart + strlen(lstart) - 1;
- if (nospc)
- {
- while(isspace((unsigned char)*tmpend))
- tmpend--;
- }
- ret = list_cb(lstart, tmpend - lstart + 1, arg);
- }
- if (ret <= 0)
- return ret;
- if (p == NULL)
- return 1;
- lstart = p + 1;
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mod.c (from rev 6976, vendor-crypto/openssl/dist/crypto/conf/conf_mod.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mod.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_mod.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,592 @@
+/* conf_mod.c */
+/*
+ * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+#define DSO_mod_init_name "OPENSSL_init"
+#define DSO_mod_finish_name "OPENSSL_finish"
+
+/*
+ * This structure contains a data about supported modules. entries in this
+ * table correspond to either dynamic or static modules.
+ */
+
+struct conf_module_st {
+ /* DSO of this module or NULL if static */
+ DSO *dso;
+ /* Name of the module */
+ char *name;
+ /* Init function */
+ conf_init_func *init;
+ /* Finish function */
+ conf_finish_func *finish;
+ /* Number of successfully initialized modules */
+ int links;
+ void *usr_data;
+};
+
+/*
+ * This structure contains information about modules that have been
+ * successfully initialized. There may be more than one entry for a given
+ * module.
+ */
+
+struct conf_imodule_st {
+ CONF_MODULE *pmod;
+ char *name;
+ char *value;
+ unsigned long flags;
+ void *usr_data;
+};
+
+static STACK_OF(CONF_MODULE) *supported_modules = NULL;
+static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
+
+static void module_free(CONF_MODULE *md);
+static void module_finish(CONF_IMODULE *imod);
+static int module_run(const CONF *cnf, char *name, char *value,
+ unsigned long flags);
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+ conf_init_func *ifunc,
+ conf_finish_func *ffunc);
+static CONF_MODULE *module_find(char *name);
+static int module_init(CONF_MODULE *pmod, char *name, char *value,
+ const CONF *cnf);
+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
+ unsigned long flags);
+
+/* Main function: load modules from a CONF structure */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+ unsigned long flags)
+{
+ STACK_OF(CONF_VALUE) *values;
+ CONF_VALUE *vl;
+ char *vsection = NULL;
+
+ int ret, i;
+
+ if (!cnf)
+ return 1;
+
+ if (appname)
+ vsection = NCONF_get_string(cnf, NULL, appname);
+
+ if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
+ vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
+
+ if (!vsection) {
+ ERR_clear_error();
+ return 1;
+ }
+
+ values = NCONF_get_section(cnf, vsection);
+
+ if (!values)
+ return 0;
+
+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+ vl = sk_CONF_VALUE_value(values, i);
+ ret = module_run(cnf, vl->name, vl->value, flags);
+ if (ret <= 0)
+ if (!(flags & CONF_MFLAGS_IGNORE_ERRORS))
+ return ret;
+ }
+
+ return 1;
+
+}
+
+int CONF_modules_load_file(const char *filename, const char *appname,
+ unsigned long flags)
+{
+ char *file = NULL;
+ CONF *conf = NULL;
+ int ret = 0;
+ conf = NCONF_new(NULL);
+ if (!conf)
+ goto err;
+
+ if (filename == NULL) {
+ file = CONF_get1_default_config_file();
+ if (!file)
+ goto err;
+ } else
+ file = (char *)filename;
+
+ if (NCONF_load(conf, file, NULL) <= 0) {
+ if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
+ (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
+ ERR_clear_error();
+ ret = 1;
+ }
+ goto err;
+ }
+
+ ret = CONF_modules_load(conf, appname, flags);
+
+ err:
+ if (filename == NULL)
+ OPENSSL_free(file);
+ NCONF_free(conf);
+
+ return ret;
+}
+
+static int module_run(const CONF *cnf, char *name, char *value,
+ unsigned long flags)
+{
+ CONF_MODULE *md;
+ int ret;
+
+ md = module_find(name);
+
+ /* Module not found: try to load DSO */
+ if (!md && !(flags & CONF_MFLAGS_NO_DSO))
+ md = module_load_dso(cnf, name, value, flags);
+
+ if (!md) {
+ if (!(flags & CONF_MFLAGS_SILENT)) {
+ CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
+ ERR_add_error_data(2, "module=", name);
+ }
+ return -1;
+ }
+
+ ret = module_init(md, name, value, cnf);
+
+ if (ret <= 0) {
+ if (!(flags & CONF_MFLAGS_SILENT)) {
+ char rcode[DECIMAL_SIZE(ret) + 1];
+ CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
+ BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
+ ERR_add_error_data(6, "module=", name, ", value=", value,
+ ", retcode=", rcode);
+ }
+ }
+
+ return ret;
+}
+
+/* Load a module from a DSO */
+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
+ unsigned long flags)
+{
+ DSO *dso = NULL;
+ conf_init_func *ifunc;
+ conf_finish_func *ffunc;
+ char *path = NULL;
+ int errcode = 0;
+ CONF_MODULE *md;
+ /* Look for alternative path in module section */
+ path = NCONF_get_string(cnf, value, "path");
+ if (!path) {
+ ERR_clear_error();
+ path = name;
+ }
+ dso = DSO_load(NULL, path, NULL, 0);
+ if (!dso) {
+ errcode = CONF_R_ERROR_LOADING_DSO;
+ goto err;
+ }
+ ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
+ if (!ifunc) {
+ errcode = CONF_R_MISSING_INIT_FUNCTION;
+ goto err;
+ }
+ ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
+ /* All OK, add module */
+ md = module_add(dso, name, ifunc, ffunc);
+
+ if (!md)
+ goto err;
+
+ return md;
+
+ err:
+ if (dso)
+ DSO_free(dso);
+ CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
+ ERR_add_error_data(4, "module=", name, ", path=", path);
+ return NULL;
+}
+
+/* add module to list */
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+ conf_init_func *ifunc, conf_finish_func *ffunc)
+{
+ CONF_MODULE *tmod = NULL;
+ if (supported_modules == NULL)
+ supported_modules = sk_CONF_MODULE_new_null();
+ if (supported_modules == NULL)
+ return NULL;
+ tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
+ if (tmod == NULL)
+ return NULL;
+
+ tmod->dso = dso;
+ tmod->name = BUF_strdup(name);
+ tmod->init = ifunc;
+ tmod->finish = ffunc;
+ tmod->links = 0;
+
+ if (!sk_CONF_MODULE_push(supported_modules, tmod)) {
+ OPENSSL_free(tmod);
+ return NULL;
+ }
+
+ return tmod;
+}
+
+/*
+ * Find a module from the list. We allow module names of the form
+ * modname.XXXX to just search for modname to allow the same module to be
+ * initialized more than once.
+ */
+
+static CONF_MODULE *module_find(char *name)
+{
+ CONF_MODULE *tmod;
+ int i, nchar;
+ char *p;
+ p = strrchr(name, '.');
+
+ if (p)
+ nchar = p - name;
+ else
+ nchar = strlen(name);
+
+ for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) {
+ tmod = sk_CONF_MODULE_value(supported_modules, i);
+ if (!strncmp(tmod->name, name, nchar))
+ return tmod;
+ }
+
+ return NULL;
+
+}
+
+/* initialize a module */
+static int module_init(CONF_MODULE *pmod, char *name, char *value,
+ const CONF *cnf)
+{
+ int ret = 1;
+ int init_called = 0;
+ CONF_IMODULE *imod = NULL;
+
+ /* Otherwise add initialized module to list */
+ imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
+ if (!imod)
+ goto err;
+
+ imod->pmod = pmod;
+ imod->name = BUF_strdup(name);
+ imod->value = BUF_strdup(value);
+ imod->usr_data = NULL;
+
+ if (!imod->name || !imod->value)
+ goto memerr;
+
+ /* Try to initialize module */
+ if (pmod->init) {
+ ret = pmod->init(imod, cnf);
+ init_called = 1;
+ /* Error occurred, exit */
+ if (ret <= 0)
+ goto err;
+ }
+
+ if (initialized_modules == NULL) {
+ initialized_modules = sk_CONF_IMODULE_new_null();
+ if (!initialized_modules) {
+ CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+
+ if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
+ CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pmod->links++;
+
+ return ret;
+
+ err:
+
+ /* We've started the module so we'd better finish it */
+ if (pmod->finish && init_called)
+ pmod->finish(imod);
+
+ memerr:
+ if (imod) {
+ if (imod->name)
+ OPENSSL_free(imod->name);
+ if (imod->value)
+ OPENSSL_free(imod->value);
+ OPENSSL_free(imod);
+ }
+
+ return -1;
+
+}
+
+/*
+ * Unload any dynamic modules that have a link count of zero: i.e. have no
+ * active initialized modules. If 'all' is set then all modules are unloaded
+ * including static ones.
+ */
+
+void CONF_modules_unload(int all)
+{
+ int i;
+ CONF_MODULE *md;
+ CONF_modules_finish();
+ /* unload modules in reverse order */
+ for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
+ md = sk_CONF_MODULE_value(supported_modules, i);
+ /* If static or in use and 'all' not set ignore it */
+ if (((md->links > 0) || !md->dso) && !all)
+ continue;
+ /* Since we're working in reverse this is OK */
+ (void)sk_CONF_MODULE_delete(supported_modules, i);
+ module_free(md);
+ }
+ if (sk_CONF_MODULE_num(supported_modules) == 0) {
+ sk_CONF_MODULE_free(supported_modules);
+ supported_modules = NULL;
+ }
+}
+
+/* unload a single module */
+static void module_free(CONF_MODULE *md)
+{
+ if (md->dso)
+ DSO_free(md->dso);
+ OPENSSL_free(md->name);
+ OPENSSL_free(md);
+}
+
+/* finish and free up all modules instances */
+
+void CONF_modules_finish(void)
+{
+ CONF_IMODULE *imod;
+ while (sk_CONF_IMODULE_num(initialized_modules) > 0) {
+ imod = sk_CONF_IMODULE_pop(initialized_modules);
+ module_finish(imod);
+ }
+ sk_CONF_IMODULE_free(initialized_modules);
+ initialized_modules = NULL;
+}
+
+/* finish a module instance */
+
+static void module_finish(CONF_IMODULE *imod)
+{
+ if (imod->pmod->finish)
+ imod->pmod->finish(imod);
+ imod->pmod->links--;
+ OPENSSL_free(imod->name);
+ OPENSSL_free(imod->value);
+ OPENSSL_free(imod);
+}
+
+/* Add a static module to OpenSSL */
+
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+ conf_finish_func *ffunc)
+{
+ if (module_add(NULL, name, ifunc, ffunc))
+ return 1;
+ else
+ return 0;
+}
+
+void CONF_modules_free(void)
+{
+ CONF_modules_finish();
+ CONF_modules_unload(1);
+}
+
+/* Utility functions */
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md)
+{
+ return md->name;
+}
+
+const char *CONF_imodule_get_value(const CONF_IMODULE *md)
+{
+ return md->value;
+}
+
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
+{
+ return md->usr_data;
+}
+
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
+{
+ md->usr_data = usr_data;
+}
+
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
+{
+ return md->pmod;
+}
+
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
+{
+ return md->flags;
+}
+
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
+{
+ md->flags = flags;
+}
+
+void *CONF_module_get_usr_data(CONF_MODULE *pmod)
+{
+ return pmod->usr_data;
+}
+
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
+{
+ pmod->usr_data = usr_data;
+}
+
+/* Return default config file name */
+
+char *CONF_get1_default_config_file(void)
+{
+ char *file;
+ int len;
+
+ file = getenv("OPENSSL_CONF");
+ if (file)
+ return BUF_strdup(file);
+
+ len = strlen(X509_get_default_cert_area());
+#ifndef OPENSSL_SYS_VMS
+ len++;
+#endif
+ len += strlen(OPENSSL_CONF);
+
+ file = OPENSSL_malloc(len + 1);
+
+ if (!file)
+ return NULL;
+ BUF_strlcpy(file, X509_get_default_cert_area(), len + 1);
+#ifndef OPENSSL_SYS_VMS
+ BUF_strlcat(file, "/", len + 1);
+#endif
+ BUF_strlcat(file, OPENSSL_CONF, len + 1);
+
+ return file;
+}
+
+/*
+ * This function takes a list separated by 'sep' and calls the callback
+ * function giving the start and length of each member optionally stripping
+ * leading and trailing whitespace. This can be used to parse comma separated
+ * lists for example.
+ */
+
+int CONF_parse_list(const char *list_, int sep, int nospc,
+ int (*list_cb) (const char *elem, int len, void *usr),
+ void *arg)
+{
+ int ret;
+ const char *lstart, *tmpend, *p;
+ lstart = list_;
+
+ for (;;) {
+ if (nospc) {
+ while (*lstart && isspace((unsigned char)*lstart))
+ lstart++;
+ }
+ p = strchr(lstart, sep);
+ if (p == lstart || !*lstart)
+ ret = list_cb(NULL, 0, arg);
+ else {
+ if (p)
+ tmpend = p - 1;
+ else
+ tmpend = lstart + strlen(lstart) - 1;
+ if (nospc) {
+ while (isspace((unsigned char)*tmpend))
+ tmpend--;
+ }
+ ret = list_cb(lstart, tmpend - lstart + 1, arg);
+ }
+ if (ret <= 0)
+ return ret;
+ if (p == NULL)
+ return 1;
+ lstart = p + 1;
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_sap.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/conf/conf_sap.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_sap.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,111 +0,0 @@
-/* conf_sap.c */
-/* Written by Stephen Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-/* This is the automatic configuration loader: it is called automatically by
- * OpenSSL when any of a number of standard initialisation functions are called,
- * unless this is overridden by calling OPENSSL_no_config()
- */
-
-static int openssl_configured = 0;
-
-void OPENSSL_config(const char *config_name)
- {
- if (openssl_configured)
- return;
-
- OPENSSL_load_builtin_modules();
-#ifndef OPENSSL_NO_ENGINE
- /* Need to load ENGINEs */
- ENGINE_load_builtin_engines();
-#endif
- /* Add others here? */
-
-
- ERR_clear_error();
- if (CONF_modules_load_file(NULL, config_name,
- CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
- {
- BIO *bio_err;
- ERR_load_crypto_strings();
- if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
- {
- BIO_printf(bio_err,"Auto configuration failed\n");
- ERR_print_errors(bio_err);
- BIO_free(bio_err);
- }
- exit(1);
- }
-
- return;
- }
-
-void OPENSSL_no_config()
- {
- openssl_configured = 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_sap.c (from rev 6976, vendor-crypto/openssl/dist/crypto/conf/conf_sap.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_sap.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/conf_sap.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,111 @@
+/* conf_sap.c */
+/*
+ * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+/*
+ * This is the automatic configuration loader: it is called automatically by
+ * OpenSSL when any of a number of standard initialisation functions are
+ * called, unless this is overridden by calling OPENSSL_no_config()
+ */
+
+static int openssl_configured = 0;
+
+void OPENSSL_config(const char *config_name)
+{
+ if (openssl_configured)
+ return;
+
+ OPENSSL_load_builtin_modules();
+#ifndef OPENSSL_NO_ENGINE
+ /* Need to load ENGINEs */
+ ENGINE_load_builtin_engines();
+#endif
+ /* Add others here? */
+
+ ERR_clear_error();
+ if (CONF_modules_load_file(NULL, config_name,
+ CONF_MFLAGS_DEFAULT_SECTION |
+ CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+ BIO *bio_err;
+ ERR_load_crypto_strings();
+ if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) {
+ BIO_printf(bio_err, "Auto configuration failed\n");
+ ERR_print_errors(bio_err);
+ BIO_free(bio_err);
+ }
+ exit(1);
+ }
+
+ return;
+}
+
+void OPENSSL_no_config()
+{
+ openssl_configured = 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/conf/test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/conf/test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,98 +0,0 @@
-/* crypto/conf/test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-
-main()
- {
- LHASH *conf;
- long eline;
- char *s,*s2;
-
-#ifdef USE_WIN32
- CONF_set_default_method(CONF_WIN32);
-#endif
- conf=CONF_load(NULL,"ssleay.cnf",&eline);
- if (conf == NULL)
- {
- ERR_load_crypto_strings();
- printf("unable to load configuration, line %ld\n",eline);
- ERR_print_errors_fp(stderr);
- exit(1);
- }
- lh_stats(conf,stdout);
- lh_node_stats(conf,stdout);
- lh_node_usage_stats(conf,stdout);
-
- s=CONF_get_string(conf,NULL,"init2");
- printf("init2=%s\n",(s == NULL)?"NULL":s);
-
- s=CONF_get_string(conf,NULL,"cipher1");
- printf("cipher1=%s\n",(s == NULL)?"NULL":s);
-
- s=CONF_get_string(conf,"s_client","cipher1");
- printf("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);
-
- printf("---------------------------- DUMP ------------------------\n");
- CONF_dump_fp(conf, stdout);
-
- exit(0);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/conf/test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/conf/test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/conf/test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/conf/test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,97 @@
+/* crypto/conf/test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+
+main()
+{
+ LHASH *conf;
+ long eline;
+ char *s, *s2;
+
+#ifdef USE_WIN32
+ CONF_set_default_method(CONF_WIN32);
+#endif
+ conf = CONF_load(NULL, "ssleay.cnf", &eline);
+ if (conf == NULL) {
+ ERR_load_crypto_strings();
+ printf("unable to load configuration, line %ld\n", eline);
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ lh_stats(conf, stdout);
+ lh_node_stats(conf, stdout);
+ lh_node_usage_stats(conf, stdout);
+
+ s = CONF_get_string(conf, NULL, "init2");
+ printf("init2=%s\n", (s == NULL) ? "NULL" : s);
+
+ s = CONF_get_string(conf, NULL, "cipher1");
+ printf("cipher1=%s\n", (s == NULL) ? "NULL" : s);
+
+ s = CONF_get_string(conf, "s_client", "cipher1");
+ printf("s_client:cipher1=%s\n", (s == NULL) ? "NULL" : s);
+
+ printf("---------------------------- DUMP ------------------------\n");
+ CONF_dump_fp(conf, stdout);
+
+ exit(0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/constant_time_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/constant_time_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/constant_time_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,216 +0,0 @@
-/* crypto/constant_time_locl.h */
-/*
- * Utilities for constant-time cryptography.
- *
- * Author: Emilia Kasper (emilia at openssl.org)
- * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
- * (Google).
- * ====================================================================
- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CONSTANT_TIME_LOCL_H
-#define HEADER_CONSTANT_TIME_LOCL_H
-
-#include "e_os.h" /* For 'inline' */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * The boolean methods return a bitmask of all ones (0xff...f) for true
- * and 0 for false. This is useful for choosing a value based on the result
- * of a conditional in constant time. For example,
- *
- * if (a < b) {
- * c = a;
- * } else {
- * c = b;
- * }
- *
- * can be written as
- *
- * unsigned int lt = constant_time_lt(a, b);
- * c = constant_time_select(lt, a, b);
- */
-
-/*
- * Returns the given value with the MSB copied to all the other
- * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
- * However, this is not ensured by the C standard so you may need to
- * replace this with something else on odd CPUs.
- */
-static inline unsigned int constant_time_msb(unsigned int a);
-
-/*
- * Returns 0xff..f if a < b and 0 otherwise.
- */
-static inline unsigned int constant_time_lt(unsigned int a, unsigned int b);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b);
-
-/*
- * Returns 0xff..f if a >= b and 0 otherwise.
- */
-static inline unsigned int constant_time_ge(unsigned int a, unsigned int b);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b);
-
-/*
- * Returns 0xff..f if a == 0 and 0 otherwise.
- */
-static inline unsigned int constant_time_is_zero(unsigned int a);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_is_zero_8(unsigned int a);
-
-
-/*
- * Returns 0xff..f if a == b and 0 otherwise.
- */
-static inline unsigned int constant_time_eq(unsigned int a, unsigned int b);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b);
-/* Signed integers. */
-static inline unsigned int constant_time_eq_int(int a, int b);
-/* Convenience method for getting an 8-bit mask. */
-static inline unsigned char constant_time_eq_int_8(int a, int b);
-
-
-/*
- * Returns (mask & a) | (~mask & b).
- *
- * When |mask| is all 1s or all 0s (as returned by the methods above),
- * the select methods return either |a| (if |mask| is nonzero) or |b|
- * (if |mask| is zero).
- */
-static inline unsigned int constant_time_select(unsigned int mask,
- unsigned int a, unsigned int b);
-/* Convenience method for unsigned chars. */
-static inline unsigned char constant_time_select_8(unsigned char mask,
- unsigned char a, unsigned char b);
-/* Convenience method for signed integers. */
-static inline int constant_time_select_int(unsigned int mask, int a, int b);
-
-static inline unsigned int constant_time_msb(unsigned int a)
- {
- return (unsigned int)((int)(a) >> (sizeof(int) * 8 - 1));
- }
-
-static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
- {
- unsigned int lt;
- /* Case 1: msb(a) == msb(b). a < b iff the MSB of a - b is set.*/
- lt = ~(a ^ b) & (a - b);
- /* Case 2: msb(a) != msb(b). a < b iff the MSB of b is set. */
- lt |= ~a & b;
- return constant_time_msb(lt);
- }
-
-static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
- {
- return (unsigned char)(constant_time_lt(a, b));
- }
-
-static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
- {
- unsigned int ge;
- /* Case 1: msb(a) == msb(b). a >= b iff the MSB of a - b is not set.*/
- ge = ~((a ^ b) | (a - b));
- /* Case 2: msb(a) != msb(b). a >= b iff the MSB of a is set. */
- ge |= a & ~b;
- return constant_time_msb(ge);
- }
-
-static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
- {
- return (unsigned char)(constant_time_ge(a, b));
- }
-
-static inline unsigned int constant_time_is_zero(unsigned int a)
- {
- return constant_time_msb(~a & (a - 1));
- }
-
-static inline unsigned char constant_time_is_zero_8(unsigned int a)
- {
- return (unsigned char)(constant_time_is_zero(a));
- }
-
-static inline unsigned int constant_time_eq(unsigned int a, unsigned int b)
- {
- return constant_time_is_zero(a ^ b);
- }
-
-static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b)
- {
- return (unsigned char)(constant_time_eq(a, b));
- }
-
-static inline unsigned int constant_time_eq_int(int a, int b)
- {
- return constant_time_eq((unsigned)(a), (unsigned)(b));
- }
-
-static inline unsigned char constant_time_eq_int_8(int a, int b)
- {
- return constant_time_eq_8((unsigned)(a), (unsigned)(b));
- }
-
-static inline unsigned int constant_time_select(unsigned int mask,
- unsigned int a, unsigned int b)
- {
- return (mask & a) | (~mask & b);
- }
-
-static inline unsigned char constant_time_select_8(unsigned char mask,
- unsigned char a, unsigned char b)
- {
- return (unsigned char)(constant_time_select(mask, a, b));
- }
-
-inline int constant_time_select_int(unsigned int mask, int a, int b)
- {
- return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
- }
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* HEADER_CONSTANT_TIME_LOCL_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/constant_time_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/constant_time_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/constant_time_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/constant_time_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,211 @@
+/* crypto/constant_time_locl.h */
+/*-
+ * Utilities for constant-time cryptography.
+ *
+ * Author: Emilia Kasper (emilia at openssl.org)
+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
+ * (Google).
+ * ====================================================================
+ * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CONSTANT_TIME_LOCL_H
+# define HEADER_CONSTANT_TIME_LOCL_H
+
+# include "e_os.h" /* For 'inline' */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * The boolean methods return a bitmask of all ones (0xff...f) for true
+ * and 0 for false. This is useful for choosing a value based on the result
+ * of a conditional in constant time. For example,
+ *
+ * if (a < b) {
+ * c = a;
+ * } else {
+ * c = b;
+ * }
+ *
+ * can be written as
+ *
+ * unsigned int lt = constant_time_lt(a, b);
+ * c = constant_time_select(lt, a, b);
+ */
+
+/*
+ * Returns the given value with the MSB copied to all the other
+ * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
+ * However, this is not ensured by the C standard so you may need to
+ * replace this with something else on odd CPUs.
+ */
+static inline unsigned int constant_time_msb(unsigned int a);
+
+/*
+ * Returns 0xff..f if a < b and 0 otherwise.
+ */
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_lt_8(unsigned int a,
+ unsigned int b);
+
+/*
+ * Returns 0xff..f if a >= b and 0 otherwise.
+ */
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_ge_8(unsigned int a,
+ unsigned int b);
+
+/*
+ * Returns 0xff..f if a == 0 and 0 otherwise.
+ */
+static inline unsigned int constant_time_is_zero(unsigned int a);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_is_zero_8(unsigned int a);
+
+/*
+ * Returns 0xff..f if a == b and 0 otherwise.
+ */
+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_eq_8(unsigned int a,
+ unsigned int b);
+/* Signed integers. */
+static inline unsigned int constant_time_eq_int(int a, int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_eq_int_8(int a, int b);
+
+/*-
+ * Returns (mask & a) | (~mask & b).
+ *
+ * When |mask| is all 1s or all 0s (as returned by the methods above),
+ * the select methods return either |a| (if |mask| is nonzero) or |b|
+ * (if |mask| is zero).
+ */
+static inline unsigned int constant_time_select(unsigned int mask,
+ unsigned int a,
+ unsigned int b);
+/* Convenience method for unsigned chars. */
+static inline unsigned char constant_time_select_8(unsigned char mask,
+ unsigned char a,
+ unsigned char b);
+/* Convenience method for signed integers. */
+static inline int constant_time_select_int(unsigned int mask, int a, int b);
+
+static inline unsigned int constant_time_msb(unsigned int a)
+{
+ return 0 - (a >> (sizeof(a) * 8 - 1));
+}
+
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
+{
+ return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+
+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
+{
+ return (unsigned char)(constant_time_lt(a, b));
+}
+
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
+{
+ return ~constant_time_lt(a, b);
+}
+
+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
+{
+ return (unsigned char)(constant_time_ge(a, b));
+}
+
+static inline unsigned int constant_time_is_zero(unsigned int a)
+{
+ return constant_time_msb(~a & (a - 1));
+}
+
+static inline unsigned char constant_time_is_zero_8(unsigned int a)
+{
+ return (unsigned char)(constant_time_is_zero(a));
+}
+
+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b)
+{
+ return constant_time_is_zero(a ^ b);
+}
+
+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b)
+{
+ return (unsigned char)(constant_time_eq(a, b));
+}
+
+static inline unsigned int constant_time_eq_int(int a, int b)
+{
+ return constant_time_eq((unsigned)(a), (unsigned)(b));
+}
+
+static inline unsigned char constant_time_eq_int_8(int a, int b)
+{
+ return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+}
+
+static inline unsigned int constant_time_select(unsigned int mask,
+ unsigned int a,
+ unsigned int b)
+{
+ return (mask & a) | (~mask & b);
+}
+
+static inline unsigned char constant_time_select_8(unsigned char mask,
+ unsigned char a,
+ unsigned char b)
+{
+ return (unsigned char)(constant_time_select(mask, a, b));
+}
+
+static inline int constant_time_select_int(unsigned int mask, int a, int b)
+{
+ return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_CONSTANT_TIME_LOCL_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/constant_time_test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/constant_time_test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/constant_time_test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,330 +0,0 @@
-/* crypto/constant_time_test.c */
-/*
- * Utilities for constant-time cryptography.
- *
- * Author: Emilia Kasper (emilia at openssl.org)
- * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
- * (Google).
- * ====================================================================
- * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "../crypto/constant_time_locl.h"
-
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-static const unsigned int CONSTTIME_TRUE = (unsigned)(~0);
-static const unsigned int CONSTTIME_FALSE = 0;
-static const unsigned char CONSTTIME_TRUE_8 = 0xff;
-static const unsigned char CONSTTIME_FALSE_8 = 0;
-
-static int test_binary_op(unsigned int (*op)(unsigned int a, unsigned int b),
- const char* op_name, unsigned int a, unsigned int b, int is_true)
- {
- unsigned c = op(a, b);
- if (is_true && c != CONSTTIME_TRUE)
- {
- fprintf(stderr, "Test failed for %s(%du, %du): expected %du "
- "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c);
- return 1;
- }
- else if (!is_true && c != CONSTTIME_FALSE)
- {
- fprintf(stderr, "Test failed for %s(%du, %du): expected %du "
- "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE,
- c);
- return 1;
- }
- return 0;
- }
-
-static int test_binary_op_8(unsigned char (*op)(unsigned int a, unsigned int b),
- const char* op_name, unsigned int a, unsigned int b, int is_true)
- {
- unsigned char c = op(a, b);
- if (is_true && c != CONSTTIME_TRUE_8)
- {
- fprintf(stderr, "Test failed for %s(%du, %du): expected %u "
- "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c);
- return 1;
- }
- else if (!is_true && c != CONSTTIME_FALSE_8)
- {
- fprintf(stderr, "Test failed for %s(%du, %du): expected %u "
- "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8,
- c);
- return 1;
- }
- return 0;
- }
-
-static int test_is_zero(unsigned int a)
- {
- unsigned int c = constant_time_is_zero(a);
- if (a == 0 && c != CONSTTIME_TRUE)
- {
- fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
- "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c);
- return 1;
- }
- else if (a != 0 && c != CONSTTIME_FALSE)
- {
- fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
- "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE,
- c);
- return 1;
- }
- return 0;
- }
-
-static int test_is_zero_8(unsigned int a)
- {
- unsigned char c = constant_time_is_zero_8(a);
- if (a == 0 && c != CONSTTIME_TRUE_8)
- {
- fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
- "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c);
- return 1;
- }
- else if (a != 0 && c != CONSTTIME_FALSE)
- {
- fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
- "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8,
- c);
- return 1;
- }
- return 0;
- }
-
-static int test_select(unsigned int a, unsigned int b)
- {
- unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b);
- if (selected != a)
- {
- fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
- "%du): expected %du(first value), got %du\n",
- CONSTTIME_TRUE, a, b, a, selected);
- return 1;
- }
- selected = constant_time_select(CONSTTIME_FALSE, a, b);
- if (selected != b)
- {
- fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
- "%du): expected %du(second value), got %du\n",
- CONSTTIME_FALSE, a, b, b, selected);
- return 1;
- }
- return 0;
- }
-
-static int test_select_8(unsigned char a, unsigned char b)
- {
- unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b);
- if (selected != a)
- {
- fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
- "%u): expected %u(first value), got %u\n",
- CONSTTIME_TRUE, a, b, a, selected);
- return 1;
- }
- selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b);
- if (selected != b)
- {
- fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
- "%u): expected %u(second value), got %u\n",
- CONSTTIME_FALSE, a, b, b, selected);
- return 1;
- }
- return 0;
- }
-
-static int test_select_int(int a, int b)
- {
- int selected = constant_time_select_int(CONSTTIME_TRUE, a, b);
- if (selected != a)
- {
- fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
- "%d): expected %d(first value), got %d\n",
- CONSTTIME_TRUE, a, b, a, selected);
- return 1;
- }
- selected = constant_time_select_int(CONSTTIME_FALSE, a, b);
- if (selected != b)
- {
- fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
- "%d): expected %d(second value), got %d\n",
- CONSTTIME_FALSE, a, b, b, selected);
- return 1;
- }
- return 0;
- }
-
-static int test_eq_int(int a, int b)
- {
- unsigned int equal = constant_time_eq_int(a, b);
- if (a == b && equal != CONSTTIME_TRUE)
- {
- fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
- "expected %du(TRUE), got %du\n",
- a, b, CONSTTIME_TRUE, equal);
- return 1;
- }
- else if (a != b && equal != CONSTTIME_FALSE)
- {
- fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
- "expected %du(FALSE), got %du\n",
- a, b, CONSTTIME_FALSE, equal);
- return 1;
- }
- return 0;
- }
-
-static int test_eq_int_8(int a, int b)
- {
- unsigned char equal = constant_time_eq_int_8(a, b);
- if (a == b && equal != CONSTTIME_TRUE_8)
- {
- fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): "
- "expected %u(TRUE), got %u\n",
- a, b, CONSTTIME_TRUE_8, equal);
- return 1;
- }
- else if (a != b && equal != CONSTTIME_FALSE_8)
- {
- fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): "
- "expected %u(FALSE), got %u\n",
- a, b, CONSTTIME_FALSE_8, equal);
- return 1;
- }
- return 0;
- }
-
-static unsigned int test_values[] = {0, 1, 1024, 12345, 32000, UINT_MAX/2-1,
- UINT_MAX/2, UINT_MAX/2+1, UINT_MAX-1,
- UINT_MAX};
-
-static unsigned char test_values_8[] = {0, 1, 2, 20, 32, 127, 128, 129, 255};
-
-static int signed_test_values[] = {0, 1, -1, 1024, -1024, 12345, -12345,
- 32000, -32000, INT_MAX, INT_MIN, INT_MAX-1,
- INT_MIN+1};
-
-
-int main(int argc, char *argv[])
- {
- unsigned int a, b, i, j;
- int c, d;
- unsigned char e, f;
- int num_failed = 0, num_all = 0;
- fprintf(stdout, "Testing constant time operations...\n");
-
- for (i = 0; i < sizeof(test_values)/sizeof(int); ++i)
- {
- a = test_values[i];
- num_failed += test_is_zero(a);
- num_failed += test_is_zero_8(a);
- num_all += 2;
- for (j = 0; j < sizeof(test_values)/sizeof(int); ++j)
- {
- b = test_values[j];
- num_failed += test_binary_op(&constant_time_lt,
- "constant_time_lt", a, b, a < b);
- num_failed += test_binary_op_8(&constant_time_lt_8,
- "constant_time_lt_8", a, b, a < b);
- num_failed += test_binary_op(&constant_time_lt,
- "constant_time_lt_8", b, a, b < a);
- num_failed += test_binary_op_8(&constant_time_lt_8,
- "constant_time_lt_8", b, a, b < a);
- num_failed += test_binary_op(&constant_time_ge,
- "constant_time_ge", a, b, a >= b);
- num_failed += test_binary_op_8(&constant_time_ge_8,
- "constant_time_ge_8", a, b, a >= b);
- num_failed += test_binary_op(&constant_time_ge,
- "constant_time_ge", b, a, b >= a);
- num_failed += test_binary_op_8(&constant_time_ge_8,
- "constant_time_ge_8", b, a, b >= a);
- num_failed += test_binary_op(&constant_time_eq,
- "constant_time_eq", a, b, a == b);
- num_failed += test_binary_op_8(&constant_time_eq_8,
- "constant_time_eq_8", a, b, a == b);
- num_failed += test_binary_op(&constant_time_eq,
- "constant_time_eq", b, a, b == a);
- num_failed += test_binary_op_8(&constant_time_eq_8,
- "constant_time_eq_8", b, a, b == a);
- num_failed += test_select(a, b);
- num_all += 13;
- }
- }
-
- for (i = 0; i < sizeof(signed_test_values)/sizeof(int); ++i)
- {
- c = signed_test_values[i];
- for (j = 0; j < sizeof(signed_test_values)/sizeof(int); ++j)
- {
- d = signed_test_values[j];
- num_failed += test_select_int(c, d);
- num_failed += test_eq_int(c, d);
- num_failed += test_eq_int_8(c, d);
- num_all += 3;
- }
- }
-
- for (i = 0; i < sizeof(test_values_8); ++i)
- {
- e = test_values_8[i];
- for (j = 0; j < sizeof(test_values_8); ++j)
- {
- f = test_values_8[j];
- num_failed += test_select_8(e, f);
- num_all += 1;
- }
- }
-
- if (!num_failed)
- {
- fprintf(stdout, "ok (ran %d tests)\n", num_all);
- return EXIT_SUCCESS;
- }
- else
- {
- fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all);
- return EXIT_FAILURE;
- }
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/constant_time_test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/constant_time_test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/constant_time_test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/constant_time_test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,304 @@
+/* crypto/constant_time_test.c */
+/*-
+ * Utilities for constant-time cryptography.
+ *
+ * Author: Emilia Kasper (emilia at openssl.org)
+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
+ * (Google).
+ * ====================================================================
+ * Copyright (c) 2014 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "../crypto/constant_time_locl.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+static const unsigned int CONSTTIME_TRUE = (unsigned)(~0);
+static const unsigned int CONSTTIME_FALSE = 0;
+static const unsigned char CONSTTIME_TRUE_8 = 0xff;
+static const unsigned char CONSTTIME_FALSE_8 = 0;
+
+static int test_binary_op(unsigned int (*op) (unsigned int a, unsigned int b),
+ const char *op_name, unsigned int a, unsigned int b,
+ int is_true)
+{
+ unsigned c = op(a, b);
+ if (is_true && c != CONSTTIME_TRUE) {
+ fprintf(stderr, "Test failed for %s(%du, %du): expected %du "
+ "(TRUE), got %du\n", op_name, a, b, CONSTTIME_TRUE, c);
+ return 1;
+ } else if (!is_true && c != CONSTTIME_FALSE) {
+ fprintf(stderr, "Test failed for %s(%du, %du): expected %du "
+ "(FALSE), got %du\n", op_name, a, b, CONSTTIME_FALSE, c);
+ return 1;
+ }
+ return 0;
+}
+
+static int test_binary_op_8(unsigned
+ char (*op) (unsigned int a, unsigned int b),
+ const char *op_name, unsigned int a,
+ unsigned int b, int is_true)
+{
+ unsigned char c = op(a, b);
+ if (is_true && c != CONSTTIME_TRUE_8) {
+ fprintf(stderr, "Test failed for %s(%du, %du): expected %u "
+ "(TRUE), got %u\n", op_name, a, b, CONSTTIME_TRUE_8, c);
+ return 1;
+ } else if (!is_true && c != CONSTTIME_FALSE_8) {
+ fprintf(stderr, "Test failed for %s(%du, %du): expected %u "
+ "(FALSE), got %u\n", op_name, a, b, CONSTTIME_FALSE_8, c);
+ return 1;
+ }
+ return 0;
+}
+
+static int test_is_zero(unsigned int a)
+{
+ unsigned int c = constant_time_is_zero(a);
+ if (a == 0 && c != CONSTTIME_TRUE) {
+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+ "expected %du (TRUE), got %du\n", a, CONSTTIME_TRUE, c);
+ return 1;
+ } else if (a != 0 && c != CONSTTIME_FALSE) {
+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+ "expected %du (FALSE), got %du\n", a, CONSTTIME_FALSE, c);
+ return 1;
+ }
+ return 0;
+}
+
+static int test_is_zero_8(unsigned int a)
+{
+ unsigned char c = constant_time_is_zero_8(a);
+ if (a == 0 && c != CONSTTIME_TRUE_8) {
+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+ "expected %u (TRUE), got %u\n", a, CONSTTIME_TRUE_8, c);
+ return 1;
+ } else if (a != 0 && c != CONSTTIME_FALSE) {
+ fprintf(stderr, "Test failed for constant_time_is_zero(%du): "
+ "expected %u (FALSE), got %u\n", a, CONSTTIME_FALSE_8, c);
+ return 1;
+ }
+ return 0;
+}
+
+static int test_select(unsigned int a, unsigned int b)
+{
+ unsigned int selected = constant_time_select(CONSTTIME_TRUE, a, b);
+ if (selected != a) {
+ fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
+ "%du): expected %du(first value), got %du\n",
+ CONSTTIME_TRUE, a, b, a, selected);
+ return 1;
+ }
+ selected = constant_time_select(CONSTTIME_FALSE, a, b);
+ if (selected != b) {
+ fprintf(stderr, "Test failed for constant_time_select(%du, %du,"
+ "%du): expected %du(second value), got %du\n",
+ CONSTTIME_FALSE, a, b, b, selected);
+ return 1;
+ }
+ return 0;
+}
+
+static int test_select_8(unsigned char a, unsigned char b)
+{
+ unsigned char selected = constant_time_select_8(CONSTTIME_TRUE_8, a, b);
+ if (selected != a) {
+ fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
+ "%u): expected %u(first value), got %u\n",
+ CONSTTIME_TRUE, a, b, a, selected);
+ return 1;
+ }
+ selected = constant_time_select_8(CONSTTIME_FALSE_8, a, b);
+ if (selected != b) {
+ fprintf(stderr, "Test failed for constant_time_select(%u, %u,"
+ "%u): expected %u(second value), got %u\n",
+ CONSTTIME_FALSE, a, b, b, selected);
+ return 1;
+ }
+ return 0;
+}
+
+static int test_select_int(int a, int b)
+{
+ int selected = constant_time_select_int(CONSTTIME_TRUE, a, b);
+ if (selected != a) {
+ fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
+ "%d): expected %d(first value), got %d\n",
+ CONSTTIME_TRUE, a, b, a, selected);
+ return 1;
+ }
+ selected = constant_time_select_int(CONSTTIME_FALSE, a, b);
+ if (selected != b) {
+ fprintf(stderr, "Test failed for constant_time_select(%du, %d,"
+ "%d): expected %d(second value), got %d\n",
+ CONSTTIME_FALSE, a, b, b, selected);
+ return 1;
+ }
+ return 0;
+}
+
+static int test_eq_int(int a, int b)
+{
+ unsigned int equal = constant_time_eq_int(a, b);
+ if (a == b && equal != CONSTTIME_TRUE) {
+ fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
+ "expected %du(TRUE), got %du\n", a, b, CONSTTIME_TRUE, equal);
+ return 1;
+ } else if (a != b && equal != CONSTTIME_FALSE) {
+ fprintf(stderr, "Test failed for constant_time_eq_int(%d, %d): "
+ "expected %du(FALSE), got %du\n",
+ a, b, CONSTTIME_FALSE, equal);
+ return 1;
+ }
+ return 0;
+}
+
+static int test_eq_int_8(int a, int b)
+{
+ unsigned char equal = constant_time_eq_int_8(a, b);
+ if (a == b && equal != CONSTTIME_TRUE_8) {
+ fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): "
+ "expected %u(TRUE), got %u\n", a, b, CONSTTIME_TRUE_8, equal);
+ return 1;
+ } else if (a != b && equal != CONSTTIME_FALSE_8) {
+ fprintf(stderr, "Test failed for constant_time_eq_int_8(%d, %d): "
+ "expected %u(FALSE), got %u\n",
+ a, b, CONSTTIME_FALSE_8, equal);
+ return 1;
+ }
+ return 0;
+}
+
+static unsigned int test_values[] =
+ { 0, 1, 1024, 12345, 32000, UINT_MAX / 2 - 1,
+ UINT_MAX / 2, UINT_MAX / 2 + 1, UINT_MAX - 1,
+ UINT_MAX
+};
+
+static unsigned char test_values_8[] =
+ { 0, 1, 2, 20, 32, 127, 128, 129, 255 };
+
+static int signed_test_values[] = { 0, 1, -1, 1024, -1024, 12345, -12345,
+ 32000, -32000, INT_MAX, INT_MIN, INT_MAX - 1,
+ INT_MIN + 1
+};
+
+int main(int argc, char *argv[])
+{
+ unsigned int a, b, i, j;
+ int c, d;
+ unsigned char e, f;
+ int num_failed = 0, num_all = 0;
+ fprintf(stdout, "Testing constant time operations...\n");
+
+ for (i = 0; i < sizeof(test_values) / sizeof(int); ++i) {
+ a = test_values[i];
+ num_failed += test_is_zero(a);
+ num_failed += test_is_zero_8(a);
+ num_all += 2;
+ for (j = 0; j < sizeof(test_values) / sizeof(int); ++j) {
+ b = test_values[j];
+ num_failed += test_binary_op(&constant_time_lt,
+ "constant_time_lt", a, b, a < b);
+ num_failed += test_binary_op_8(&constant_time_lt_8,
+ "constant_time_lt_8", a, b, a < b);
+ num_failed += test_binary_op(&constant_time_lt,
+ "constant_time_lt_8", b, a, b < a);
+ num_failed += test_binary_op_8(&constant_time_lt_8,
+ "constant_time_lt_8", b, a, b < a);
+ num_failed += test_binary_op(&constant_time_ge,
+ "constant_time_ge", a, b, a >= b);
+ num_failed += test_binary_op_8(&constant_time_ge_8,
+ "constant_time_ge_8", a, b,
+ a >= b);
+ num_failed +=
+ test_binary_op(&constant_time_ge, "constant_time_ge", b, a,
+ b >= a);
+ num_failed +=
+ test_binary_op_8(&constant_time_ge_8, "constant_time_ge_8", b,
+ a, b >= a);
+ num_failed +=
+ test_binary_op(&constant_time_eq, "constant_time_eq", a, b,
+ a == b);
+ num_failed +=
+ test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", a,
+ b, a == b);
+ num_failed +=
+ test_binary_op(&constant_time_eq, "constant_time_eq", b, a,
+ b == a);
+ num_failed +=
+ test_binary_op_8(&constant_time_eq_8, "constant_time_eq_8", b,
+ a, b == a);
+ num_failed += test_select(a, b);
+ num_all += 13;
+ }
+ }
+
+ for (i = 0; i < sizeof(signed_test_values) / sizeof(int); ++i) {
+ c = signed_test_values[i];
+ for (j = 0; j < sizeof(signed_test_values) / sizeof(int); ++j) {
+ d = signed_test_values[j];
+ num_failed += test_select_int(c, d);
+ num_failed += test_eq_int(c, d);
+ num_failed += test_eq_int_8(c, d);
+ num_all += 3;
+ }
+ }
+
+ for (i = 0; i < sizeof(test_values_8); ++i) {
+ e = test_values_8[i];
+ for (j = 0; j < sizeof(test_values_8); ++j) {
+ f = test_values_8[j];
+ num_failed += test_select_8(e, f);
+ num_all += 1;
+ }
+ }
+
+ if (!num_failed) {
+ fprintf(stdout, "ok (ran %d tests)\n", num_all);
+ return EXIT_SUCCESS;
+ } else {
+ fprintf(stdout, "%d of %d tests failed!\n", num_failed, num_all);
+ return EXIT_FAILURE;
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cpt_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cpt_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cpt_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,103 +0,0 @@
-/* crypto/cpt_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/crypto.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
-
-static ERR_STRING_DATA CRYPTO_str_functs[]=
- {
-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"},
-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"},
-{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
-{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"},
-{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"},
-{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"},
-{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"},
-{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CRYPTO_str_reasons[]=
- {
-{ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_CRYPTO_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,CRYPTO_str_functs);
- ERR_load_strings(0,CRYPTO_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cpt_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cpt_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cpt_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cpt_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,102 @@
+/* crypto/cpt_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
+
+static ERR_STRING_DATA CRYPTO_str_functs[] = {
+ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
+ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"},
+ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"},
+ {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
+ {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"},
+ {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"},
+ {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"},
+ {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"},
+ {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA CRYPTO_str_reasons[] = {
+ {ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),
+ "no dynlock create callback"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_CRYPTO_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, CRYPTO_str_functs);
+ ERR_load_strings(0, CRYPTO_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cryptlib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,560 +0,0 @@
-/* crypto/cryptlib.c */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include "cryptlib.h"
-#include <openssl/safestack.h>
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
-#endif
-
-static void (MS_FAR *locking_callback)(int mode,int type,
- const char *file,int line)=NULL;
-static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
- int type,const char *file,int line)=NULL;
-static unsigned long (MS_FAR *id_callback)(void)=NULL;
-
-int CRYPTO_num_locks(void)
- {
- return CRYPTO_NUM_LOCKS;
- }
-
-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
- int line)
- {
- return(locking_callback);
- }
-
-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
- const char *file,int line)
- {
- return(add_lock_callback);
- }
-
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
- const char *file,int line))
- {
- locking_callback=func;
- }
-
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
- const char *file,int line))
- {
- add_lock_callback=func;
- }
-
-unsigned long (*CRYPTO_get_id_callback(void))(void)
- {
- return(id_callback);
- }
-
-void CRYPTO_set_id_callback(unsigned long (*func)(void))
- {
- id_callback=func;
- }
-
-unsigned long CRYPTO_thread_id(void)
- {
- unsigned long ret=0;
-
- if (id_callback == NULL)
- {
-#ifdef OPENSSL_SYS_WIN16
- ret=(unsigned long)GetCurrentTask();
-#elif defined(OPENSSL_SYS_WIN32)
- ret=(unsigned long)GetCurrentThreadId();
-#elif defined(GETPID_IS_MEANINGLESS)
- ret=1L;
-#else
- ret=(unsigned long)getpid();
-#endif
- }
- else
- ret=id_callback();
- return(ret);
- }
-
-static void (*do_dynlock_cb)(int mode, int type, const char *file, int line);
-
-void int_CRYPTO_set_do_dynlock_callback(
- void (*dyn_cb)(int mode, int type, const char *file, int line))
- {
- do_dynlock_cb = dyn_cb;
- }
-
-void CRYPTO_lock(int mode, int type, const char *file, int line)
- {
-#ifdef LOCK_DEBUG
- {
- char *rw_text,*operation_text;
-
- if (mode & CRYPTO_LOCK)
- operation_text="lock ";
- else if (mode & CRYPTO_UNLOCK)
- operation_text="unlock";
- else
- operation_text="ERROR ";
-
- if (mode & CRYPTO_READ)
- rw_text="r";
- else if (mode & CRYPTO_WRITE)
- rw_text="w";
- else
- rw_text="ERROR";
-
- fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n",
- CRYPTO_thread_id(), rw_text, operation_text,
- CRYPTO_get_lock_name(type), file, line);
- }
-#endif
- if (type < 0)
- {
- if (do_dynlock_cb)
- do_dynlock_cb(mode, type, file, line);
- }
- else
- if (locking_callback != NULL)
- locking_callback(mode,type,file,line);
- }
-
-int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
- int line)
- {
- int ret = 0;
-
- if (add_lock_callback != NULL)
- {
-#ifdef LOCK_DEBUG
- int before= *pointer;
-#endif
-
- ret=add_lock_callback(pointer,amount,type,file,line);
-#ifdef LOCK_DEBUG
- fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
- CRYPTO_thread_id(),
- before,amount,ret,
- CRYPTO_get_lock_name(type),
- file,line);
-#endif
- }
- else
- {
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line);
-
- ret= *pointer+amount;
-#ifdef LOCK_DEBUG
- fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
- CRYPTO_thread_id(),
- *pointer,amount,ret,
- CRYPTO_get_lock_name(type),
- file,line);
-#endif
- *pointer=ret;
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line);
- }
- return(ret);
- }
-
-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
- defined(__INTEL__) || \
- defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
-
-unsigned long OPENSSL_ia32cap_P=0;
-unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; }
-
-#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
-#define OPENSSL_CPUID_SETUP
-void OPENSSL_cpuid_setup(void)
-{ static int trigger=0;
- unsigned long OPENSSL_ia32_cpuid(void);
- char *env;
-
- if (trigger) return;
-
- trigger=1;
- if ((env=getenv("OPENSSL_ia32cap")))
- OPENSSL_ia32cap_P = strtoul(env,NULL,0)|(1<<10);
- else
- OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid()|(1<<10);
- /*
- * |(1<<10) sets a reserved bit to signal that variable
- * was initialized already... This is to avoid interference
- * with cpuid snippets in ELF .init segment.
- */
-}
-#endif
-
-#else
-unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; }
-#endif
-int OPENSSL_NONPIC_relocated = 0;
-#if !defined(OPENSSL_CPUID_SETUP)
-void OPENSSL_cpuid_setup(void) {}
-#endif
-
-#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)
-
-#ifdef OPENSSL_FIPS
-
-#include <tlhelp32.h>
-#if defined(__GNUC__) && __GNUC__>=2
-static int DllInit(void) __attribute__((constructor));
-#elif defined(_MSC_VER)
-static int DllInit(void);
-# ifdef _WIN64
-# pragma section(".CRT$XCU",read)
- __declspec(allocate(".CRT$XCU"))
-# else
-# pragma data_seg(".CRT$XCU")
-# endif
- static int (*p)(void) = DllInit;
-# pragma data_seg()
-#endif
-
-static int DllInit(void)
-{
-#if defined(_WIN32_WINNT)
- union { int(*f)(void); BYTE *p; } t = { DllInit };
- HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
- IMAGE_DOS_HEADER *dos_header;
- IMAGE_NT_HEADERS *nt_headers;
- MODULEENTRY32 me32 = {sizeof(me32)};
-
- hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0);
- if (hModuleSnap != INVALID_HANDLE_VALUE &&
- Module32First(hModuleSnap,&me32)) do
- {
- if (t.p >= me32.modBaseAddr &&
- t.p < me32.modBaseAddr+me32.modBaseSize)
- {
- dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr;
- if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
- {
- nt_headers=(IMAGE_NT_HEADERS *)
- ((BYTE *)dos_header+dos_header->e_lfanew);
- if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
- me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase)
- OPENSSL_NONPIC_relocated=1;
- }
- break;
- }
- } while (Module32Next(hModuleSnap,&me32));
-
- if (hModuleSnap != INVALID_HANDLE_VALUE)
- CloseHandle(hModuleSnap);
-#endif
- OPENSSL_cpuid_setup();
- return 0;
-}
-
-#else
-
-#ifdef __CYGWIN__
-/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
-#include <windows.h>
-#endif
-
-/* All we really need to do is remove the 'error' state when a thread
- * detaches */
-
-BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
- LPVOID lpvReserved)
- {
- switch(fdwReason)
- {
- case DLL_PROCESS_ATTACH:
- OPENSSL_cpuid_setup();
-#if defined(_WIN32_WINNT)
- {
- IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL;
- IMAGE_NT_HEADERS *nt_headers;
-
- if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
- {
- nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header
- + dos_header->e_lfanew);
- if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
- hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase))
- OPENSSL_NONPIC_relocated=1;
- }
- }
-#endif
- break;
- case DLL_THREAD_ATTACH:
- break;
- case DLL_THREAD_DETACH:
- break;
- case DLL_PROCESS_DETACH:
- break;
- }
- return(TRUE);
- }
-#endif
-
-#endif
-
-#if defined(_WIN32) && !defined(__CYGWIN__)
-#include <tchar.h>
-
-#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
-int OPENSSL_isservice(void)
-{ HWINSTA h;
- DWORD len;
- WCHAR *name;
-
- (void)GetDesktopWindow(); /* return value is ignored */
-
- h = GetProcessWindowStation();
- if (h==NULL) return -1;
-
- if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) ||
- GetLastError() != ERROR_INSUFFICIENT_BUFFER)
- return -1;
-
- if (len>512) return -1; /* paranoia */
- len++,len&=~1; /* paranoia */
-#ifdef _MSC_VER
- name=(WCHAR *)_alloca(len+sizeof(WCHAR));
-#else
- name=(WCHAR *)alloca(len+sizeof(WCHAR));
-#endif
- if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len))
- return -1;
-
- len++,len&=~1; /* paranoia */
- name[len/sizeof(WCHAR)]=L'\0'; /* paranoia */
-#if 1
- /* This doesn't cover "interactive" services [working with real
- * WinSta0's] nor programs started non-interactively by Task
- * Scheduler [those are working with SAWinSta]. */
- if (wcsstr(name,L"Service-0x")) return 1;
-#else
- /* This covers all non-interactive programs such as services. */
- if (!wcsstr(name,L"WinSta0")) return 1;
-#endif
- else return 0;
-}
-#else
-int OPENSSL_isservice(void) { return 0; }
-#endif
-
-void OPENSSL_showfatal (const char *fmta,...)
-{ va_list ap;
- TCHAR buf[256];
- const TCHAR *fmt;
-#ifdef STD_ERROR_HANDLE /* what a dirty trick! */
- HANDLE h;
-
- if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
- GetFileType(h)!=FILE_TYPE_UNKNOWN)
- { /* must be console application */
- va_start (ap,fmta);
- vfprintf (stderr,fmta,ap);
- va_end (ap);
- return;
- }
-#endif
-
- if (sizeof(TCHAR)==sizeof(char))
- fmt=(const TCHAR *)fmta;
- else do
- { int keepgoing;
- size_t len_0=strlen(fmta)+1,i;
- WCHAR *fmtw;
-
-#ifdef _MSC_VER
- fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
-#else
- fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
-#endif
- if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; }
-
-#ifndef OPENSSL_NO_MULTIBYTE
- if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0))
-#endif
- for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i];
-
- for (i=0;i<len_0;i++)
- { if (fmtw[i]==L'%') do
- { keepgoing=0;
- switch (fmtw[i+1])
- { case L'0': case L'1': case L'2': case L'3': case L'4':
- case L'5': case L'6': case L'7': case L'8': case L'9':
- case L'.': case L'*':
- case L'-': i++; keepgoing=1; break;
- case L's': fmtw[i+1]=L'S'; break;
- case L'S': fmtw[i+1]=L's'; break;
- case L'c': fmtw[i+1]=L'C'; break;
- case L'C': fmtw[i+1]=L'c'; break;
- }
- } while (keepgoing);
- }
- fmt = (const TCHAR *)fmtw;
- } while (0);
-
- va_start (ap,fmta);
- _vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap);
- buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0');
- va_end (ap);
-
-#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
- /* this -------------v--- guards NT-specific calls */
- if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
- { HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
- const TCHAR *pmsg=buf;
- ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
- DeregisterEventSource(h);
- }
- else
-#endif
- MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);
-}
-#else
-void OPENSSL_showfatal (const char *fmta,...)
-{ va_list ap;
-
- va_start (ap,fmta);
- vfprintf (stderr,fmta,ap);
- va_end (ap);
-}
-int OPENSSL_isservice (void) { return 0; }
-#endif
-
-void OpenSSLDie(const char *file,int line,const char *assertion)
- {
- OPENSSL_showfatal(
- "%s(%d): OpenSSL internal error, assertion failed: %s\n",
- file,line,assertion);
- abort();
- }
-
-void *OPENSSL_stderr(void) { return stderr; }
-
-#ifndef OPENSSL_FIPS
-
-int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
- {
- size_t i;
- const unsigned char *a = in_a;
- const unsigned char *b = in_b;
- unsigned char x = 0;
-
- for (i = 0; i < len; i++)
- x |= a[i] ^ b[i];
-
- return x;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cryptlib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,607 @@
+/* crypto/cryptlib.c */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include "cryptlib.h"
+#include <openssl/safestack.h>
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */
+#endif
+
+static void (MS_FAR *locking_callback) (int mode, int type,
+ const char *file, int line) = NULL;
+static int (MS_FAR *add_lock_callback) (int *pointer, int amount,
+ int type, const char *file,
+ int line) = NULL;
+static unsigned long (MS_FAR *id_callback) (void) = NULL;
+
+int CRYPTO_num_locks(void)
+{
+ return CRYPTO_NUM_LOCKS;
+}
+
+void (*CRYPTO_get_locking_callback(void)) (int mode, int type,
+ const char *file, int line) {
+ return (locking_callback);
+}
+
+int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type,
+ const char *file, int line) {
+ return (add_lock_callback);
+}
+
+void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
+ const char *file, int line))
+{
+ locking_callback = func;
+}
+
+void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type,
+ const char *file, int line))
+{
+ add_lock_callback = func;
+}
+
+unsigned long (*CRYPTO_get_id_callback(void)) (void) {
+ return (id_callback);
+}
+
+void CRYPTO_set_id_callback(unsigned long (*func) (void))
+{
+ id_callback = func;
+}
+
+unsigned long CRYPTO_thread_id(void)
+{
+ unsigned long ret = 0;
+
+ if (id_callback == NULL) {
+#ifdef OPENSSL_SYS_WIN16
+ ret = (unsigned long)GetCurrentTask();
+#elif defined(OPENSSL_SYS_WIN32)
+ ret = (unsigned long)GetCurrentThreadId();
+#elif defined(GETPID_IS_MEANINGLESS)
+ ret = 1L;
+#else
+ ret = (unsigned long)getpid();
+#endif
+ } else
+ ret = id_callback();
+ return (ret);
+}
+
+static void (*do_dynlock_cb) (int mode, int type, const char *file, int line);
+
+void int_CRYPTO_set_do_dynlock_callback(void (*dyn_cb)
+ (int mode, int type,
+ const char *file, int line))
+{
+ do_dynlock_cb = dyn_cb;
+}
+
+void CRYPTO_lock(int mode, int type, const char *file, int line)
+{
+#ifdef LOCK_DEBUG
+ {
+ char *rw_text, *operation_text;
+
+ if (mode & CRYPTO_LOCK)
+ operation_text = "lock ";
+ else if (mode & CRYPTO_UNLOCK)
+ operation_text = "unlock";
+ else
+ operation_text = "ERROR ";
+
+ if (mode & CRYPTO_READ)
+ rw_text = "r";
+ else if (mode & CRYPTO_WRITE)
+ rw_text = "w";
+ else
+ rw_text = "ERROR";
+
+ fprintf(stderr, "lock:%08lx:(%s)%s %-18s %s:%d\n",
+ CRYPTO_thread_id(), rw_text, operation_text,
+ CRYPTO_get_lock_name(type), file, line);
+ }
+#endif
+ if (type < 0) {
+ if (do_dynlock_cb)
+ do_dynlock_cb(mode, type, file, line);
+ } else if (locking_callback != NULL)
+ locking_callback(mode, type, file, line);
+}
+
+int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
+ int line)
+{
+ int ret = 0;
+
+ if (add_lock_callback != NULL) {
+#ifdef LOCK_DEBUG
+ int before = *pointer;
+#endif
+
+ ret = add_lock_callback(pointer, amount, type, file, line);
+#ifdef LOCK_DEBUG
+ fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
+ CRYPTO_thread_id(),
+ before, amount, ret, CRYPTO_get_lock_name(type), file, line);
+#endif
+ } else {
+ CRYPTO_lock(CRYPTO_LOCK | CRYPTO_WRITE, type, file, line);
+
+ ret = *pointer + amount;
+#ifdef LOCK_DEBUG
+ fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
+ CRYPTO_thread_id(),
+ *pointer, amount, ret,
+ CRYPTO_get_lock_name(type), file, line);
+#endif
+ *pointer = ret;
+ CRYPTO_lock(CRYPTO_UNLOCK | CRYPTO_WRITE, type, file, line);
+ }
+ return (ret);
+}
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+ defined(__INTEL__) || \
+ defined(__x86_64) || defined(__x86_64__) || \
+ defined(_M_AMD64) || defined(_M_X64)
+
+unsigned long OPENSSL_ia32cap_P = 0;
+unsigned long *OPENSSL_ia32cap_loc(void)
+{
+ return &OPENSSL_ia32cap_P;
+}
+
+# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
+# define OPENSSL_CPUID_SETUP
+void OPENSSL_cpuid_setup(void)
+{
+ static int trigger = 0;
+ unsigned long OPENSSL_ia32_cpuid(void);
+ char *env;
+
+ if (trigger)
+ return;
+
+ trigger = 1;
+ if ((env = getenv("OPENSSL_ia32cap")))
+ OPENSSL_ia32cap_P = strtoul(env, NULL, 0) | (1 << 10);
+ else
+ OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid() | (1 << 10);
+ /*
+ * |(1<<10) sets a reserved bit to signal that variable
+ * was initialized already... This is to avoid interference
+ * with cpuid snippets in ELF .init segment.
+ */
+}
+# endif
+
+#else
+unsigned long *OPENSSL_ia32cap_loc(void)
+{
+ return NULL;
+}
+#endif
+int OPENSSL_NONPIC_relocated = 0;
+#if !defined(OPENSSL_CPUID_SETUP)
+void OPENSSL_cpuid_setup(void)
+{
+}
+#endif
+
+#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)
+
+# ifdef OPENSSL_FIPS
+
+# include <tlhelp32.h>
+# if defined(__GNUC__) && __GNUC__>=2
+static int DllInit(void) __attribute__ ((constructor));
+# elif defined(_MSC_VER)
+static int DllInit(void);
+# ifdef _WIN64
+# pragma section(".CRT$XCU",read)
+__declspec(allocate(".CRT$XCU"))
+# else
+# pragma data_seg(".CRT$XCU")
+# endif
+static int (*p) (void) = DllInit;
+# pragma data_seg()
+# endif
+
+static int DllInit(void)
+{
+# if defined(_WIN32_WINNT)
+ union {
+ int (*f) (void);
+ BYTE *p;
+ } t = {
+ DllInit
+ };
+ HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+ IMAGE_DOS_HEADER *dos_header;
+ IMAGE_NT_HEADERS *nt_headers;
+ MODULEENTRY32 me32 = { sizeof(me32) };
+
+ hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, 0);
+ if (hModuleSnap != INVALID_HANDLE_VALUE &&
+ Module32First(hModuleSnap, &me32))
+ do {
+ if (t.p >= me32.modBaseAddr &&
+ t.p < me32.modBaseAddr + me32.modBaseSize) {
+ dos_header = (IMAGE_DOS_HEADER *) me32.modBaseAddr;
+ if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) {
+ nt_headers = (IMAGE_NT_HEADERS *)
+ ((BYTE *) dos_header + dos_header->e_lfanew);
+ if (nt_headers->Signature == IMAGE_NT_SIGNATURE &&
+ me32.modBaseAddr !=
+ (BYTE *) nt_headers->OptionalHeader.ImageBase)
+ OPENSSL_NONPIC_relocated = 1;
+ }
+ break;
+ }
+ } while (Module32Next(hModuleSnap, &me32));
+
+ if (hModuleSnap != INVALID_HANDLE_VALUE)
+ CloseHandle(hModuleSnap);
+# endif
+ OPENSSL_cpuid_setup();
+ return 0;
+}
+
+# else
+
+# ifdef __CYGWIN__
+/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
+# include <windows.h>
+# endif
+
+/*
+ * All we really need to do is remove the 'error' state when a thread
+ * detaches
+ */
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
+{
+ switch (fdwReason) {
+ case DLL_PROCESS_ATTACH:
+ OPENSSL_cpuid_setup();
+# if defined(_WIN32_WINNT)
+ {
+ IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *) hinstDLL;
+ IMAGE_NT_HEADERS *nt_headers;
+
+ if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) {
+ nt_headers = (IMAGE_NT_HEADERS *) ((char *)dos_header
+ + dos_header->e_lfanew);
+ if (nt_headers->Signature == IMAGE_NT_SIGNATURE &&
+ hinstDLL !=
+ (HINSTANCE) (nt_headers->OptionalHeader.ImageBase))
+ OPENSSL_NONPIC_relocated = 1;
+ }
+ }
+# endif
+ break;
+ case DLL_THREAD_ATTACH:
+ break;
+ case DLL_THREAD_DETACH:
+ break;
+ case DLL_PROCESS_DETACH:
+ break;
+ }
+ return (TRUE);
+}
+# endif
+
+#endif
+
+#if defined(_WIN32) && !defined(__CYGWIN__)
+# include <tchar.h>
+
+# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+int OPENSSL_isservice(void)
+{
+ HWINSTA h;
+ DWORD len;
+ WCHAR *name;
+
+ (void)GetDesktopWindow(); /* return value is ignored */
+
+ h = GetProcessWindowStation();
+ if (h == NULL)
+ return -1;
+
+ if (GetUserObjectInformationW(h, UOI_NAME, NULL, 0, &len) ||
+ GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+ return -1;
+
+ if (len > 512)
+ return -1; /* paranoia */
+ len++, len &= ~1; /* paranoia */
+# ifdef _MSC_VER
+ name = (WCHAR *)_alloca(len + sizeof(WCHAR));
+# else
+ name = (WCHAR *)alloca(len + sizeof(WCHAR));
+# endif
+ if (!GetUserObjectInformationW(h, UOI_NAME, name, len, &len))
+ return -1;
+
+ len++, len &= ~1; /* paranoia */
+ name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */
+# if 1
+ /*
+ * This doesn't cover "interactive" services [working with real
+ * WinSta0's] nor programs started non-interactively by Task Scheduler
+ * [those are working with SAWinSta].
+ */
+ if (wcsstr(name, L"Service-0x"))
+ return 1;
+# else
+ /* This covers all non-interactive programs such as services. */
+ if (!wcsstr(name, L"WinSta0"))
+ return 1;
+# endif
+ else
+ return 0;
+}
+# else
+int OPENSSL_isservice(void)
+{
+ return 0;
+}
+# endif
+
+void OPENSSL_showfatal(const char *fmta, ...)
+{
+ va_list ap;
+ TCHAR buf[256];
+ const TCHAR *fmt;
+# ifdef STD_ERROR_HANDLE /* what a dirty trick! */
+ HANDLE h;
+
+ if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
+ GetFileType(h) != FILE_TYPE_UNKNOWN) {
+ /* must be console application */
+ va_start(ap, fmta);
+ vfprintf(stderr, fmta, ap);
+ va_end(ap);
+ return;
+ }
+# endif
+
+ if (sizeof(TCHAR) == sizeof(char))
+ fmt = (const TCHAR *)fmta;
+ else
+ do {
+ int keepgoing;
+ size_t len_0 = strlen(fmta) + 1, i;
+ WCHAR *fmtw;
+
+# ifdef _MSC_VER
+ fmtw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR));
+# else
+ fmtw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
+# endif
+ if (fmtw == NULL) {
+ fmt = (const TCHAR *)L"no stack?";
+ break;
+ }
+# ifndef OPENSSL_NO_MULTIBYTE
+ if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0))
+# endif
+ for (i = 0; i < len_0; i++)
+ fmtw[i] = (WCHAR)fmta[i];
+
+ for (i = 0; i < len_0; i++) {
+ if (fmtw[i] == L'%')
+ do {
+ keepgoing = 0;
+ switch (fmtw[i + 1]) {
+ case L'0':
+ case L'1':
+ case L'2':
+ case L'3':
+ case L'4':
+ case L'5':
+ case L'6':
+ case L'7':
+ case L'8':
+ case L'9':
+ case L'.':
+ case L'*':
+ case L'-':
+ i++;
+ keepgoing = 1;
+ break;
+ case L's':
+ fmtw[i + 1] = L'S';
+ break;
+ case L'S':
+ fmtw[i + 1] = L's';
+ break;
+ case L'c':
+ fmtw[i + 1] = L'C';
+ break;
+ case L'C':
+ fmtw[i + 1] = L'c';
+ break;
+ }
+ } while (keepgoing);
+ }
+ fmt = (const TCHAR *)fmtw;
+ } while (0);
+
+ va_start(ap, fmta);
+ _vsntprintf(buf, sizeof(buf) / sizeof(TCHAR) - 1, fmt, ap);
+ buf[sizeof(buf) / sizeof(TCHAR) - 1] = _T('\0');
+ va_end(ap);
+
+# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+ /* this -------------v--- guards NT-specific calls */
+ if (check_winnt() && OPENSSL_isservice() > 0) {
+ HANDLE h = RegisterEventSource(0, _T("OPENSSL"));
+ const TCHAR *pmsg = buf;
+ ReportEvent(h, EVENTLOG_ERROR_TYPE, 0, 0, 0, 1, 0, &pmsg, 0);
+ DeregisterEventSource(h);
+ } else
+# endif
+ MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP);
+}
+#else
+void OPENSSL_showfatal(const char *fmta, ...)
+{
+ va_list ap;
+
+ va_start(ap, fmta);
+ vfprintf(stderr, fmta, ap);
+ va_end(ap);
+}
+
+int OPENSSL_isservice(void)
+{
+ return 0;
+}
+#endif
+
+void OpenSSLDie(const char *file, int line, const char *assertion)
+{
+ OPENSSL_showfatal
+ ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line,
+ assertion);
+ abort();
+}
+
+void *OPENSSL_stderr(void)
+{
+ return stderr;
+}
+
+#ifndef OPENSSL_FIPS
+
+int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
+{
+ size_t i;
+ const unsigned char *a = in_a;
+ const unsigned char *b = in_b;
+ unsigned char x = 0;
+
+ for (i = 0; i < len; i++)
+ x |= a[i] ^ b[i];
+
+ return x;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/cryptlib.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,111 +0,0 @@
-/* crypto/cryptlib.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_CRYPTLIB_H
-#define HEADER_CRYPTLIB_H
-
-#include <stdlib.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#ifdef OPENSSL_USE_APPLINK
-#define BIO_FLAGS_UPLINK 0x8000
-#include "ms/uplink.h"
-#endif
-
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/opensslconf.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef OPENSSL_SYS_VMS
-#define X509_CERT_AREA OPENSSLDIR
-#define X509_CERT_DIR OPENSSLDIR "/certs"
-#define X509_CERT_FILE OPENSSLDIR "/cert.pem"
-#define X509_PRIVATE_DIR OPENSSLDIR "/private"
-#else
-#define X509_CERT_AREA "SSLROOT:[000000]"
-#define X509_CERT_DIR "SSLCERTS:"
-#define X509_CERT_FILE "SSLCERTS:cert.pem"
-#define X509_PRIVATE_DIR "SSLPRIVATE:"
-#endif
-
-#define X509_CERT_DIR_EVP "SSL_CERT_DIR"
-#define X509_CERT_FILE_EVP "SSL_CERT_FILE"
-
-/* size of string representations */
-#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
-#define HEX_SIZE(type) (sizeof(type)*2)
-
-void OPENSSL_cpuid_setup(void);
-extern unsigned long OPENSSL_ia32cap_P;
-void OPENSSL_showfatal(const char *,...);
-void *OPENSSL_stderr(void);
-extern int OPENSSL_NONPIC_relocated;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.h (from rev 6976, vendor-crypto/openssl/dist/crypto/cryptlib.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cryptlib.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,111 @@
+/* crypto/cryptlib.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CRYPTLIB_H
+# define HEADER_CRYPTLIB_H
+
+# include <stdlib.h>
+# include <string.h>
+
+# include "e_os.h"
+
+# ifdef OPENSSL_USE_APPLINK
+# define BIO_FLAGS_UPLINK 0x8000
+# include "ms/uplink.h"
+# endif
+
+# include <openssl/crypto.h>
+# include <openssl/buffer.h>
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include <openssl/opensslconf.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifndef OPENSSL_SYS_VMS
+# define X509_CERT_AREA OPENSSLDIR
+# define X509_CERT_DIR OPENSSLDIR "/certs"
+# define X509_CERT_FILE OPENSSLDIR "/cert.pem"
+# define X509_PRIVATE_DIR OPENSSLDIR "/private"
+# else
+# define X509_CERT_AREA "SSLROOT:[000000]"
+# define X509_CERT_DIR "SSLCERTS:"
+# define X509_CERT_FILE "SSLCERTS:cert.pem"
+# define X509_PRIVATE_DIR "SSLPRIVATE:"
+# endif
+
+# define X509_CERT_DIR_EVP "SSL_CERT_DIR"
+# define X509_CERT_FILE_EVP "SSL_CERT_FILE"
+
+/* size of string representations */
+# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+# define HEX_SIZE(type) (sizeof(type)*2)
+
+void OPENSSL_cpuid_setup(void);
+extern unsigned long OPENSSL_ia32cap_P;
+void OPENSSL_showfatal(const char *, ...);
+void *OPENSSL_stderr(void);
+extern int OPENSSL_NONPIC_relocated;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/crypto.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/crypto.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/crypto.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,626 +0,0 @@
-/* crypto/crypto.h */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_CRYPTO_H
-#define HEADER_CRYPTO_H
-
-#include <stdlib.h>
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h>
-#endif
-
-#include <openssl/stack.h>
-#include <openssl/safestack.h>
-#include <openssl/opensslv.h>
-#include <openssl/ossl_typ.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-/* Resolve problems on some operating systems with symbol names that clash
- one way or another */
-#include <openssl/symhacks.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Backward compatibility to SSLeay */
-/* This is more to be used to check the correct DLL is being used
- * in the MS world. */
-#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
-#define SSLEAY_VERSION 0
-/* #define SSLEAY_OPTIONS 1 no longer supported */
-#define SSLEAY_CFLAGS 2
-#define SSLEAY_BUILT_ON 3
-#define SSLEAY_PLATFORM 4
-#define SSLEAY_DIR 5
-
-/* Already declared in ossl_typ.h */
-#if 0
-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
-/* Called when a new object is created */
-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
-/* Called when an object is free()ed */
-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
-/* Called when we need to dup an object */
-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
- int idx, long argl, void *argp);
-#endif
-
-/* A generic structure to pass assorted data in a expandable way */
-typedef struct openssl_item_st
- {
- int code;
- void *value; /* Not used for flag attributes */
- size_t value_size; /* Max size of value for output, length for input */
- size_t *value_length; /* Returned length of value for output */
- } OPENSSL_ITEM;
-
-
-/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
- * names in cryptlib.c
- */
-
-#define CRYPTO_LOCK_ERR 1
-#define CRYPTO_LOCK_EX_DATA 2
-#define CRYPTO_LOCK_X509 3
-#define CRYPTO_LOCK_X509_INFO 4
-#define CRYPTO_LOCK_X509_PKEY 5
-#define CRYPTO_LOCK_X509_CRL 6
-#define CRYPTO_LOCK_X509_REQ 7
-#define CRYPTO_LOCK_DSA 8
-#define CRYPTO_LOCK_RSA 9
-#define CRYPTO_LOCK_EVP_PKEY 10
-#define CRYPTO_LOCK_X509_STORE 11
-#define CRYPTO_LOCK_SSL_CTX 12
-#define CRYPTO_LOCK_SSL_CERT 13
-#define CRYPTO_LOCK_SSL_SESSION 14
-#define CRYPTO_LOCK_SSL_SESS_CERT 15
-#define CRYPTO_LOCK_SSL 16
-#define CRYPTO_LOCK_SSL_METHOD 17
-#define CRYPTO_LOCK_RAND 18
-#define CRYPTO_LOCK_RAND2 19
-#define CRYPTO_LOCK_MALLOC 20
-#define CRYPTO_LOCK_BIO 21
-#define CRYPTO_LOCK_GETHOSTBYNAME 22
-#define CRYPTO_LOCK_GETSERVBYNAME 23
-#define CRYPTO_LOCK_READDIR 24
-#define CRYPTO_LOCK_RSA_BLINDING 25
-#define CRYPTO_LOCK_DH 26
-#define CRYPTO_LOCK_MALLOC2 27
-#define CRYPTO_LOCK_DSO 28
-#define CRYPTO_LOCK_DYNLOCK 29
-#define CRYPTO_LOCK_ENGINE 30
-#define CRYPTO_LOCK_UI 31
-#define CRYPTO_LOCK_ECDSA 32
-#define CRYPTO_LOCK_EC 33
-#define CRYPTO_LOCK_ECDH 34
-#define CRYPTO_LOCK_BN 35
-#define CRYPTO_LOCK_EC_PRE_COMP 36
-#define CRYPTO_LOCK_STORE 37
-#define CRYPTO_LOCK_COMP 38
-#ifndef OPENSSL_FIPS
-#define CRYPTO_NUM_LOCKS 39
-#else
-#define CRYPTO_LOCK_FIPS 39
-#define CRYPTO_LOCK_FIPS2 40
-#define CRYPTO_NUM_LOCKS 41
-#endif
-
-#define CRYPTO_LOCK 1
-#define CRYPTO_UNLOCK 2
-#define CRYPTO_READ 4
-#define CRYPTO_WRITE 8
-
-#ifndef OPENSSL_NO_LOCKING
-#ifndef CRYPTO_w_lock
-#define CRYPTO_w_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-#define CRYPTO_w_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
-#define CRYPTO_r_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-#define CRYPTO_r_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
-#define CRYPTO_add(addr,amount,type) \
- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-#endif
-#else
-#define CRYPTO_w_lock(a)
-#define CRYPTO_w_unlock(a)
-#define CRYPTO_r_lock(a)
-#define CRYPTO_r_unlock(a)
-#define CRYPTO_add(a,b,c) ((*(a))+=(b))
-#endif
-
-/* Some applications as well as some parts of OpenSSL need to allocate
- and deallocate locks in a dynamic fashion. The following typedef
- makes this possible in a type-safe manner. */
-/* struct CRYPTO_dynlock_value has to be defined by the application. */
-typedef struct
- {
- int references;
- struct CRYPTO_dynlock_value *data;
- } CRYPTO_dynlock;
-
-
-/* The following can be used to detect memory leaks in the SSLeay library.
- * It used, it turns on malloc checking */
-
-#define CRYPTO_MEM_CHECK_OFF 0x0 /* an enume */
-#define CRYPTO_MEM_CHECK_ON 0x1 /* a bit */
-#define CRYPTO_MEM_CHECK_ENABLE 0x2 /* a bit */
-#define CRYPTO_MEM_CHECK_DISABLE 0x3 /* an enume */
-
-/* The following are bit values to turn on or off options connected to the
- * malloc checking functionality */
-
-/* Adds time to the memory checking information */
-#define V_CRYPTO_MDEBUG_TIME 0x1 /* a bit */
-/* Adds thread number to the memory checking information */
-#define V_CRYPTO_MDEBUG_THREAD 0x2 /* a bit */
-
-#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD)
-
-
-/* predec of the BIO type */
-typedef struct bio_st BIO_dummy;
-
-struct crypto_ex_data_st
- {
- STACK *sk;
- int dummy; /* gcc is screwing up this data structure :-( */
- };
-
-/* This stuff is basically class callback functions
- * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
-
-typedef struct crypto_ex_data_func_st
- {
- long argl; /* Arbitary long */
- void *argp; /* Arbitary void * */
- CRYPTO_EX_new *new_func;
- CRYPTO_EX_free *free_func;
- CRYPTO_EX_dup *dup_func;
- } CRYPTO_EX_DATA_FUNCS;
-
-DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
-
-/* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
- * entry.
- */
-
-#define CRYPTO_EX_INDEX_BIO 0
-#define CRYPTO_EX_INDEX_SSL 1
-#define CRYPTO_EX_INDEX_SSL_CTX 2
-#define CRYPTO_EX_INDEX_SSL_SESSION 3
-#define CRYPTO_EX_INDEX_X509_STORE 4
-#define CRYPTO_EX_INDEX_X509_STORE_CTX 5
-#define CRYPTO_EX_INDEX_RSA 6
-#define CRYPTO_EX_INDEX_DSA 7
-#define CRYPTO_EX_INDEX_DH 8
-#define CRYPTO_EX_INDEX_ENGINE 9
-#define CRYPTO_EX_INDEX_X509 10
-#define CRYPTO_EX_INDEX_UI 11
-#define CRYPTO_EX_INDEX_ECDSA 12
-#define CRYPTO_EX_INDEX_ECDH 13
-#define CRYPTO_EX_INDEX_COMP 14
-#define CRYPTO_EX_INDEX_STORE 15
-
-/* Dynamically assigned indexes start from this value (don't use directly, use
- * via CRYPTO_ex_data_new_class). */
-#define CRYPTO_EX_INDEX_USER 100
-
-
-/* This is the default callbacks, but we can have others as well:
- * this is needed in Win32 where the application malloc and the
- * library malloc may not be the same.
- */
-#define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\
- malloc, realloc, free)
-
-#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD
-# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */
-# define CRYPTO_MDEBUG
-# endif
-#endif
-
-/* Set standard debugging functions (not done by default
- * unless CRYPTO_MDEBUG is defined) */
-void CRYPTO_malloc_debug_init(void);
-
-int CRYPTO_mem_ctrl(int mode);
-int CRYPTO_is_mem_check_on(void);
-
-/* for applications */
-#define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
-#define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)
-
-/* for library-internal use */
-#define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE)
-#define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
-#define is_MemCheck_on() CRYPTO_is_mem_check_on()
-
-#define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
-#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
-#define OPENSSL_realloc(addr,num) \
- CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-#define OPENSSL_realloc_clean(addr,old_num,num) \
- CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
-#define OPENSSL_remalloc(addr,num) \
- CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-#define OPENSSL_freeFunc CRYPTO_free
-#define OPENSSL_free(addr) CRYPTO_free(addr)
-
-#define OPENSSL_malloc_locked(num) \
- CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
-#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
-
-
-const char *SSLeay_version(int type);
-unsigned long SSLeay(void);
-
-int OPENSSL_issetugid(void);
-
-/* An opaque type representing an implementation of "ex_data" support */
-typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL;
-/* Return an opaque pointer to the current "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
-/* Sets the "ex_data" implementation to be used (if it's not too late) */
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
-/* Get a new "ex_data" class, and return the corresponding "class_index" */
-int CRYPTO_ex_data_new_class(void);
-/* Within a given class, get/register a new index */
-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
-/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given
- * class (invokes whatever per-class callbacks are applicable) */
-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
- CRYPTO_EX_DATA *from);
-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
-/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index
- * (relative to the class type involved) */
-int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx);
-/* This function cleans up all "ex_data" state. It mustn't be called under
- * potential race-conditions. */
-void CRYPTO_cleanup_all_ex_data(void);
-
-int CRYPTO_get_new_lockid(char *name);
-
-int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */
-void CRYPTO_lock(int mode, int type,const char *file,int line);
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
- const char *file,int line));
-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
- int line);
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
- const char *file, int line));
-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
- const char *file,int line);
-void CRYPTO_set_id_callback(unsigned long (*func)(void));
-unsigned long (*CRYPTO_get_id_callback(void))(void);
-unsigned long CRYPTO_thread_id(void);
-const char *CRYPTO_get_lock_name(int type);
-int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
- int line);
-
-void int_CRYPTO_set_do_dynlock_callback(
- void (*do_dynlock_cb)(int mode, int type, const char *file, int line));
-
-int CRYPTO_get_new_dynlockid(void);
-void CRYPTO_destroy_dynlockid(int i);
-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line));
-void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line));
-void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line));
-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line);
-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line);
-void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line);
-
-/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions --
- * call the latter last if you need different functions */
-int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *));
-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *));
-int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int),
- void *(*r)(void *,size_t,const char *,int),
- void (*f)(void *));
-int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int),
- void (*free_func)(void *));
-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
- void (*r)(void *,void *,int,const char *,int,int),
- void (*f)(void *,int),
- void (*so)(long),
- long (*go)(void));
-void CRYPTO_set_mem_info_functions(
- int (*push_info_fn)(const char *info, const char *file, int line),
- int (*pop_info_fn)(void),
- int (*remove_all_info_fn)(void));
-void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));
-void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
-void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),
- void *(**r)(void *, size_t,const char *,int),
- void (**f)(void *));
-void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int),
- void (**f)(void *));
-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
- void (**r)(void *,void *,int,const char *,int,int),
- void (**f)(void *,int),
- void (**so)(long),
- long (**go)(void));
-
-void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *);
-void *CRYPTO_malloc(int num, const char *file, int line);
-char *CRYPTO_strdup(const char *str, const char *file, int line);
-void CRYPTO_free(void *);
-void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
-void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
- int line);
-void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
-
-void OPENSSL_cleanse(void *ptr, size_t len);
-
-void CRYPTO_set_mem_debug_options(long bits);
-long CRYPTO_get_mem_debug_options(void);
-
-#define CRYPTO_push_info(info) \
- CRYPTO_push_info_(info, __FILE__, __LINE__);
-int CRYPTO_push_info_(const char *info, const char *file, int line);
-int CRYPTO_pop_info(void);
-int CRYPTO_remove_all_info(void);
-
-
-/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
- * used as default in CRYPTO_MDEBUG compilations): */
-/* The last argument has the following significance:
- *
- * 0: called before the actual memory allocation has taken place
- * 1: called after the actual memory allocation has taken place
- */
-void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
-void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
-void CRYPTO_dbg_free(void *addr,int before_p);
-/* Tell the debugging code about options. By default, the following values
- * apply:
- *
- * 0: Clear all options.
- * V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option.
- * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option.
- * V_CRYPTO_MDEBUG_ALL (3): 1 + 2
- */
-void CRYPTO_dbg_set_options(long bits);
-long CRYPTO_dbg_get_options(void);
-
-int CRYPTO_dbg_push_info(const char *info, const char *file, int line);
-int CRYPTO_dbg_pop_info(void);
-int CRYPTO_dbg_remove_all_info(void);
-
-#ifndef OPENSSL_NO_FP_API
-void CRYPTO_mem_leaks_fp(FILE *);
-#endif
-void CRYPTO_mem_leaks(struct bio_st *bio);
-/* unsigned long order, char *file, int line, int num_bytes, char *addr */
-typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
-
-/* die if we have to */
-void OpenSSLDie(const char *file,int line,const char *assertion);
-#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
-
-unsigned long *OPENSSL_ia32cap_loc(void);
-#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
-int OPENSSL_isservice(void);
-
-#ifdef OPENSSL_FIPS
-#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
- alg " previous FIPS forbidden algorithm error ignored");
-
-#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
- #alg " Algorithm forbidden in FIPS mode");
-
-#ifdef OPENSSL_FIPS_STRICT
-#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
-#else
-#define FIPS_BAD_ALGORITHM(alg) \
- { \
- FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
- ERR_add_error_data(2, "Algorithm=", #alg); \
- return 0; \
- }
-#endif
-
-/* Low level digest API blocking macro */
-
-#define FIPS_NON_FIPS_MD_Init(alg) \
- int alg##_Init(alg##_CTX *c) \
- { \
- if (FIPS_mode()) \
- FIPS_BAD_ALGORITHM(alg) \
- return private_##alg##_Init(c); \
- } \
- int private_##alg##_Init(alg##_CTX *c)
-
-/* For ciphers the API often varies from cipher to cipher and each needs to
- * be treated as a special case. Variable key length ciphers (Blowfish, RC4,
- * CAST) however are very similar and can use a blocking macro.
- */
-
-#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
- void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
- { \
- if (FIPS_mode()) \
- FIPS_BAD_ABORT(alg) \
- private_##alg##_set_key(key, len, data); \
- } \
- void private_##alg##_set_key(alg##_KEY *key, int len, \
- const unsigned char *data)
-
-#else
-
-#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
- void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
-
-#define FIPS_NON_FIPS_MD_Init(alg) \
- int alg##_Init(alg##_CTX *c)
-
-#endif /* def OPENSSL_FIPS */
-
-#define OPENSSL_HAVE_INIT 1
-void OPENSSL_init(void);
-
-/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
- * takes an amount of time dependent on |len|, but independent of the contents
- * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
- * defined order as the return value when a != b is undefined, other than to be
- * non-zero. */
-int CRYPTO_memcmp(const void *a, const void *b, size_t len);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CRYPTO_strings(void);
-
-/* Error codes for the CRYPTO functions. */
-
-/* Function codes. */
-#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100
-#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103
-#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101
-#define CRYPTO_F_CRYPTO_SET_EX_DATA 102
-#define CRYPTO_F_DEF_ADD_INDEX 104
-#define CRYPTO_F_DEF_GET_CLASS 105
-#define CRYPTO_F_INT_DUP_EX_DATA 106
-#define CRYPTO_F_INT_FREE_EX_DATA 107
-#define CRYPTO_F_INT_NEW_EX_DATA 108
-
-/* Reason codes. */
-#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/crypto.h (from rev 6976, vendor-crypto/openssl/dist/crypto/crypto.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/crypto.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/crypto.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,680 @@
+/* crypto/crypto.h */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_CRYPTO_H
+# define HEADER_CRYPTO_H
+
+# include <stdlib.h>
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_FP_API
+# include <stdio.h>
+# endif
+
+# include <openssl/stack.h>
+# include <openssl/safestack.h>
+# include <openssl/opensslv.h>
+# include <openssl/ossl_typ.h>
+
+# ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+# endif
+
+/*
+ * Resolve problems on some operating systems with symbol names that clash
+ * one way or another
+ */
+# include <openssl/symhacks.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Backward compatibility to SSLeay */
+/*
+ * This is more to be used to check the correct DLL is being used in the MS
+ * world.
+ */
+# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
+# define SSLEAY_VERSION 0
+/* #define SSLEAY_OPTIONS 1 no longer supported */
+# define SSLEAY_CFLAGS 2
+# define SSLEAY_BUILT_ON 3
+# define SSLEAY_PLATFORM 4
+# define SSLEAY_DIR 5
+
+/* Already declared in ossl_typ.h */
+# if 0
+typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
+/* Called when a new object is created */
+typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+/* Called when an object is free()ed */
+typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+/* Called when we need to dup an object */
+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
+ void *from_d, int idx, long argl, void *argp);
+# endif
+
+/* A generic structure to pass assorted data in a expandable way */
+typedef struct openssl_item_st {
+ int code;
+ void *value; /* Not used for flag attributes */
+ size_t value_size; /* Max size of value for output, length for
+ * input */
+ size_t *value_length; /* Returned length of value for output */
+} OPENSSL_ITEM;
+
+/*
+ * When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
+ * names in cryptlib.c
+ */
+
+# define CRYPTO_LOCK_ERR 1
+# define CRYPTO_LOCK_EX_DATA 2
+# define CRYPTO_LOCK_X509 3
+# define CRYPTO_LOCK_X509_INFO 4
+# define CRYPTO_LOCK_X509_PKEY 5
+# define CRYPTO_LOCK_X509_CRL 6
+# define CRYPTO_LOCK_X509_REQ 7
+# define CRYPTO_LOCK_DSA 8
+# define CRYPTO_LOCK_RSA 9
+# define CRYPTO_LOCK_EVP_PKEY 10
+# define CRYPTO_LOCK_X509_STORE 11
+# define CRYPTO_LOCK_SSL_CTX 12
+# define CRYPTO_LOCK_SSL_CERT 13
+# define CRYPTO_LOCK_SSL_SESSION 14
+# define CRYPTO_LOCK_SSL_SESS_CERT 15
+# define CRYPTO_LOCK_SSL 16
+# define CRYPTO_LOCK_SSL_METHOD 17
+# define CRYPTO_LOCK_RAND 18
+# define CRYPTO_LOCK_RAND2 19
+# define CRYPTO_LOCK_MALLOC 20
+# define CRYPTO_LOCK_BIO 21
+# define CRYPTO_LOCK_GETHOSTBYNAME 22
+# define CRYPTO_LOCK_GETSERVBYNAME 23
+# define CRYPTO_LOCK_READDIR 24
+# define CRYPTO_LOCK_RSA_BLINDING 25
+# define CRYPTO_LOCK_DH 26
+# define CRYPTO_LOCK_MALLOC2 27
+# define CRYPTO_LOCK_DSO 28
+# define CRYPTO_LOCK_DYNLOCK 29
+# define CRYPTO_LOCK_ENGINE 30
+# define CRYPTO_LOCK_UI 31
+# define CRYPTO_LOCK_ECDSA 32
+# define CRYPTO_LOCK_EC 33
+# define CRYPTO_LOCK_ECDH 34
+# define CRYPTO_LOCK_BN 35
+# define CRYPTO_LOCK_EC_PRE_COMP 36
+# define CRYPTO_LOCK_STORE 37
+# define CRYPTO_LOCK_COMP 38
+# ifndef OPENSSL_FIPS
+# define CRYPTO_NUM_LOCKS 39
+# else
+# define CRYPTO_LOCK_FIPS 39
+# define CRYPTO_LOCK_FIPS2 40
+# define CRYPTO_NUM_LOCKS 41
+# endif
+
+# define CRYPTO_LOCK 1
+# define CRYPTO_UNLOCK 2
+# define CRYPTO_READ 4
+# define CRYPTO_WRITE 8
+
+# ifndef OPENSSL_NO_LOCKING
+# ifndef CRYPTO_w_lock
+# define CRYPTO_w_lock(type) \
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+# define CRYPTO_w_unlock(type) \
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+# define CRYPTO_r_lock(type) \
+ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+# define CRYPTO_r_unlock(type) \
+ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+# define CRYPTO_add(addr,amount,type) \
+ CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+# endif
+# else
+# define CRYPTO_w_lock(a)
+# define CRYPTO_w_unlock(a)
+# define CRYPTO_r_lock(a)
+# define CRYPTO_r_unlock(a)
+# define CRYPTO_add(a,b,c) ((*(a))+=(b))
+# endif
+
+/*
+ * Some applications as well as some parts of OpenSSL need to allocate and
+ * deallocate locks in a dynamic fashion. The following typedef makes this
+ * possible in a type-safe manner.
+ */
+/* struct CRYPTO_dynlock_value has to be defined by the application. */
+typedef struct {
+ int references;
+ struct CRYPTO_dynlock_value *data;
+} CRYPTO_dynlock;
+
+/*
+ * The following can be used to detect memory leaks in the SSLeay library. It
+ * used, it turns on malloc checking
+ */
+
+# define CRYPTO_MEM_CHECK_OFF 0x0/* an enume */
+# define CRYPTO_MEM_CHECK_ON 0x1/* a bit */
+# define CRYPTO_MEM_CHECK_ENABLE 0x2/* a bit */
+# define CRYPTO_MEM_CHECK_DISABLE 0x3/* an enume */
+
+/*
+ * The following are bit values to turn on or off options connected to the
+ * malloc checking functionality
+ */
+
+/* Adds time to the memory checking information */
+# define V_CRYPTO_MDEBUG_TIME 0x1/* a bit */
+/* Adds thread number to the memory checking information */
+# define V_CRYPTO_MDEBUG_THREAD 0x2/* a bit */
+
+# define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD)
+
+/* predec of the BIO type */
+typedef struct bio_st BIO_dummy;
+
+struct crypto_ex_data_st {
+ STACK *sk;
+ /* gcc is screwing up this data structure :-( */
+ int dummy;
+};
+
+/*
+ * This stuff is basically class callback functions The current classes are
+ * SSL_CTX, SSL, SSL_SESSION, and a few more
+ */
+
+typedef struct crypto_ex_data_func_st {
+ long argl; /* Arbitary long */
+ void *argp; /* Arbitary void * */
+ CRYPTO_EX_new *new_func;
+ CRYPTO_EX_free *free_func;
+ CRYPTO_EX_dup *dup_func;
+} CRYPTO_EX_DATA_FUNCS;
+
+DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
+
+/*
+ * Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
+ * entry.
+ */
+
+# define CRYPTO_EX_INDEX_BIO 0
+# define CRYPTO_EX_INDEX_SSL 1
+# define CRYPTO_EX_INDEX_SSL_CTX 2
+# define CRYPTO_EX_INDEX_SSL_SESSION 3
+# define CRYPTO_EX_INDEX_X509_STORE 4
+# define CRYPTO_EX_INDEX_X509_STORE_CTX 5
+# define CRYPTO_EX_INDEX_RSA 6
+# define CRYPTO_EX_INDEX_DSA 7
+# define CRYPTO_EX_INDEX_DH 8
+# define CRYPTO_EX_INDEX_ENGINE 9
+# define CRYPTO_EX_INDEX_X509 10
+# define CRYPTO_EX_INDEX_UI 11
+# define CRYPTO_EX_INDEX_ECDSA 12
+# define CRYPTO_EX_INDEX_ECDH 13
+# define CRYPTO_EX_INDEX_COMP 14
+# define CRYPTO_EX_INDEX_STORE 15
+
+/*
+ * Dynamically assigned indexes start from this value (don't use directly,
+ * use via CRYPTO_ex_data_new_class).
+ */
+# define CRYPTO_EX_INDEX_USER 100
+
+/*
+ * This is the default callbacks, but we can have others as well: this is
+ * needed in Win32 where the application malloc and the library malloc may
+ * not be the same.
+ */
+# define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\
+ malloc, realloc, free)
+
+# if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD
+# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */
+# define CRYPTO_MDEBUG
+# endif
+# endif
+
+/*
+ * Set standard debugging functions (not done by default unless CRYPTO_MDEBUG
+ * is defined)
+ */
+void CRYPTO_malloc_debug_init(void);
+
+int CRYPTO_mem_ctrl(int mode);
+int CRYPTO_is_mem_check_on(void);
+
+/* for applications */
+# define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
+# define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)
+
+/* for library-internal use */
+# define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE)
+# define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
+# define is_MemCheck_on() CRYPTO_is_mem_check_on()
+
+# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__)
+# define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__)
+# define OPENSSL_realloc(addr,num) \
+ CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+# define OPENSSL_realloc_clean(addr,old_num,num) \
+ CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
+# define OPENSSL_remalloc(addr,num) \
+ CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+# define OPENSSL_freeFunc CRYPTO_free
+# define OPENSSL_free(addr) CRYPTO_free(addr)
+
+# define OPENSSL_malloc_locked(num) \
+ CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
+# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
+
+const char *SSLeay_version(int type);
+unsigned long SSLeay(void);
+
+int OPENSSL_issetugid(void);
+
+/* An opaque type representing an implementation of "ex_data" support */
+typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL;
+/* Return an opaque pointer to the current "ex_data" implementation */
+const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
+/* Sets the "ex_data" implementation to be used (if it's not too late) */
+int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
+/* Get a new "ex_data" class, and return the corresponding "class_index" */
+int CRYPTO_ex_data_new_class(void);
+/* Within a given class, get/register a new index */
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+/*
+ * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a
+ * given class (invokes whatever per-class callbacks are applicable)
+ */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+ CRYPTO_EX_DATA *from);
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+/*
+ * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular
+ * index (relative to the class type involved)
+ */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);
+/*
+ * This function cleans up all "ex_data" state. It mustn't be called under
+ * potential race-conditions.
+ */
+void CRYPTO_cleanup_all_ex_data(void);
+
+int CRYPTO_get_new_lockid(char *name);
+
+int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */
+void CRYPTO_lock(int mode, int type, const char *file, int line);
+void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
+ const char *file, int line));
+void (*CRYPTO_get_locking_callback(void)) (int mode, int type,
+ const char *file, int line);
+void CRYPTO_set_add_lock_callback(int (*func)
+ (int *num, int mount, int type,
+ const char *file, int line));
+int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type,
+ const char *file, int line);
+void CRYPTO_set_id_callback(unsigned long (*func) (void));
+unsigned long (*CRYPTO_get_id_callback(void)) (void);
+unsigned long CRYPTO_thread_id(void);
+const char *CRYPTO_get_lock_name(int type);
+int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
+ int line);
+
+void int_CRYPTO_set_do_dynlock_callback(void (*do_dynlock_cb)
+ (int mode, int type,
+ const char *file, int line));
+
+int CRYPTO_get_new_dynlockid(void);
+void CRYPTO_destroy_dynlockid(int i);
+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value
+ *(*dyn_create_function) (const char
+ *file,
+ int line));
+void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)
+ (int mode,
+ struct CRYPTO_dynlock_value *l,
+ const char *file, int line));
+void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)
+ (struct CRYPTO_dynlock_value *l,
+ const char *file, int line));
+struct CRYPTO_dynlock_value
+*(*CRYPTO_get_dynlock_create_callback(void)) (const char *file, int line);
+void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode,
+ struct CRYPTO_dynlock_value
+ *l, const char *file,
+ int line);
+void (*CRYPTO_get_dynlock_destroy_callback(void)) (struct CRYPTO_dynlock_value
+ *l, const char *file,
+ int line);
+
+/*
+ * CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- call
+ * the latter last if you need different functions
+ */
+int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t),
+ void (*f) (void *));
+int CRYPTO_set_locked_mem_functions(void *(*m) (size_t),
+ void (*free_func) (void *));
+int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
+ void *(*r) (void *, size_t, const char *,
+ int), void (*f) (void *));
+int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int),
+ void (*free_func) (void *));
+int CRYPTO_set_mem_debug_functions(void (*m)
+ (void *, int, const char *, int, int),
+ void (*r) (void *, void *, int,
+ const char *, int, int),
+ void (*f) (void *, int), void (*so) (long),
+ long (*go) (void));
+void CRYPTO_set_mem_info_functions(int (*push_info_fn)
+ (const char *info, const char *file,
+ int line), int (*pop_info_fn) (void),
+ int (*remove_all_info_fn) (void));
+void CRYPTO_get_mem_functions(void *(**m) (size_t),
+ void *(**r) (void *, size_t),
+ void (**f) (void *));
+void CRYPTO_get_locked_mem_functions(void *(**m) (size_t),
+ void (**f) (void *));
+void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int),
+ void *(**r) (void *, size_t, const char *,
+ int), void (**f) (void *));
+void CRYPTO_get_locked_mem_ex_functions(void
+ *(**m) (size_t, const char *, int),
+ void (**f) (void *));
+void CRYPTO_get_mem_debug_functions(void (**m)
+ (void *, int, const char *, int, int),
+ void (**r) (void *, void *, int,
+ const char *, int, int),
+ void (**f) (void *, int),
+ void (**so) (long), long (**go) (void));
+
+void *CRYPTO_malloc_locked(int num, const char *file, int line);
+void CRYPTO_free_locked(void *);
+void *CRYPTO_malloc(int num, const char *file, int line);
+char *CRYPTO_strdup(const char *str, const char *file, int line);
+void CRYPTO_free(void *);
+void *CRYPTO_realloc(void *addr, int num, const char *file, int line);
+void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file,
+ int line);
+void *CRYPTO_remalloc(void *addr, int num, const char *file, int line);
+
+void OPENSSL_cleanse(void *ptr, size_t len);
+
+void CRYPTO_set_mem_debug_options(long bits);
+long CRYPTO_get_mem_debug_options(void);
+
+# define CRYPTO_push_info(info) \
+ CRYPTO_push_info_(info, __FILE__, __LINE__);
+int CRYPTO_push_info_(const char *info, const char *file, int line);
+int CRYPTO_pop_info(void);
+int CRYPTO_remove_all_info(void);
+
+/*
+ * Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
+ * used as default in CRYPTO_MDEBUG compilations):
+ */
+/*-
+ * The last argument has the following significance:
+ *
+ * 0: called before the actual memory allocation has taken place
+ * 1: called after the actual memory allocation has taken place
+ */
+void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
+ int before_p);
+void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, const char *file,
+ int line, int before_p);
+void CRYPTO_dbg_free(void *addr, int before_p);
+/*-
+ * Tell the debugging code about options. By default, the following values
+ * apply:
+ *
+ * 0: Clear all options.
+ * V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option.
+ * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option.
+ * V_CRYPTO_MDEBUG_ALL (3): 1 + 2
+ */
+void CRYPTO_dbg_set_options(long bits);
+long CRYPTO_dbg_get_options(void);
+
+int CRYPTO_dbg_push_info(const char *info, const char *file, int line);
+int CRYPTO_dbg_pop_info(void);
+int CRYPTO_dbg_remove_all_info(void);
+
+# ifndef OPENSSL_NO_FP_API
+void CRYPTO_mem_leaks_fp(FILE *);
+# endif
+void CRYPTO_mem_leaks(struct bio_st *bio);
+/* unsigned long order, char *file, int line, int num_bytes, char *addr */
+typedef void *CRYPTO_MEM_LEAK_CB (unsigned long, const char *, int, int,
+ void *);
+void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
+
+/* die if we have to */
+void OpenSSLDie(const char *file, int line, const char *assertion);
+# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+
+unsigned long *OPENSSL_ia32cap_loc(void);
+# define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
+int OPENSSL_isservice(void);
+
+# ifdef OPENSSL_FIPS
+# define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+ alg " previous FIPS forbidden algorithm error ignored");
+
+# define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
+ #alg " Algorithm forbidden in FIPS mode");
+
+# ifdef OPENSSL_FIPS_STRICT
+# define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
+# else
+# define FIPS_BAD_ALGORITHM(alg) \
+ { \
+ FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
+ ERR_add_error_data(2, "Algorithm=", #alg); \
+ return 0; \
+ }
+# endif
+
+/* Low level digest API blocking macro */
+
+# define FIPS_NON_FIPS_MD_Init(alg) \
+ int alg##_Init(alg##_CTX *c) \
+ { \
+ if (FIPS_mode()) \
+ FIPS_BAD_ALGORITHM(alg) \
+ return private_##alg##_Init(c); \
+ } \
+ int private_##alg##_Init(alg##_CTX *c)
+
+/*
+ * For ciphers the API often varies from cipher to cipher and each needs to
+ * be treated as a special case. Variable key length ciphers (Blowfish, RC4,
+ * CAST) however are very similar and can use a blocking macro.
+ */
+
+# define FIPS_NON_FIPS_VCIPHER_Init(alg) \
+ void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
+ { \
+ if (FIPS_mode()) \
+ FIPS_BAD_ABORT(alg) \
+ private_##alg##_set_key(key, len, data); \
+ } \
+ void private_##alg##_set_key(alg##_KEY *key, int len, \
+ const unsigned char *data)
+
+# else
+
+# define FIPS_NON_FIPS_VCIPHER_Init(alg) \
+ void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
+
+# define FIPS_NON_FIPS_MD_Init(alg) \
+ int alg##_Init(alg##_CTX *c)
+
+# endif /* def OPENSSL_FIPS */
+
+# define OPENSSL_HAVE_INIT 1
+void OPENSSL_init(void);
+
+/*
+ * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal.
+ * It takes an amount of time dependent on |len|, but independent of the
+ * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements
+ * into a defined order as the return value when a != b is undefined, other
+ * than to be non-zero.
+ */
+int CRYPTO_memcmp(const void *a, const void *b, size_t len);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_CRYPTO_strings(void);
+
+/* Error codes for the CRYPTO functions. */
+
+/* Function codes. */
+# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100
+# define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103
+# define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101
+# define CRYPTO_F_CRYPTO_SET_EX_DATA 102
+# define CRYPTO_F_DEF_ADD_INDEX 104
+# define CRYPTO_F_DEF_GET_CLASS 105
+# define CRYPTO_F_INT_DUP_EX_DATA 106
+# define CRYPTO_F_INT_FREE_EX_DATA 107
+# define CRYPTO_F_INT_NEW_EX_DATA 108
+
+/* Reason codes. */
+# define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/cversion.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/cversion.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cversion.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,117 +0,0 @@
-/* crypto/cversion.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "cryptlib.h"
-
-#ifndef NO_WINDOWS_BRAINDEATH
-#include "buildinf.h"
-#endif
-
-const char *SSLeay_version(int t)
- {
- if (t == SSLEAY_VERSION)
- return OPENSSL_VERSION_TEXT;
- if (t == SSLEAY_BUILT_ON)
- {
-#ifdef DATE
- static char buf[sizeof(DATE)+11];
-
- BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
- return(buf);
-#else
- return("built on: date not available");
-#endif
- }
- if (t == SSLEAY_CFLAGS)
- {
-#ifdef CFLAGS
- static char buf[sizeof(CFLAGS)+11];
-
- BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
- return(buf);
-#else
- return("compiler: information not available");
-#endif
- }
- if (t == SSLEAY_PLATFORM)
- {
-#ifdef PLATFORM
- static char buf[sizeof(PLATFORM)+11];
-
- BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
- return(buf);
-#else
- return("platform: information not available");
-#endif
- }
- if (t == SSLEAY_DIR)
- {
-#ifdef OPENSSLDIR
- return "OPENSSLDIR: \"" OPENSSLDIR "\"";
-#else
- return "OPENSSLDIR: N/A";
-#endif
- }
- return("not available");
- }
-
-unsigned long SSLeay(void)
- {
- return(SSLEAY_VERSION_NUMBER);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/cversion.c (from rev 6976, vendor-crypto/openssl/dist/crypto/cversion.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/cversion.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/cversion.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,112 @@
+/* crypto/cversion.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "cryptlib.h"
+
+#ifndef NO_WINDOWS_BRAINDEATH
+# include "buildinf.h"
+#endif
+
+const char *SSLeay_version(int t)
+{
+ if (t == SSLEAY_VERSION)
+ return OPENSSL_VERSION_TEXT;
+ if (t == SSLEAY_BUILT_ON) {
+#ifdef DATE
+ static char buf[sizeof(DATE) + 11];
+
+ BIO_snprintf(buf, sizeof buf, "built on: %s", DATE);
+ return (buf);
+#else
+ return ("built on: date not available");
+#endif
+ }
+ if (t == SSLEAY_CFLAGS) {
+#ifdef CFLAGS
+ static char buf[sizeof(CFLAGS) + 11];
+
+ BIO_snprintf(buf, sizeof buf, "compiler: %s", CFLAGS);
+ return (buf);
+#else
+ return ("compiler: information not available");
+#endif
+ }
+ if (t == SSLEAY_PLATFORM) {
+#ifdef PLATFORM
+ static char buf[sizeof(PLATFORM) + 11];
+
+ BIO_snprintf(buf, sizeof buf, "platform: %s", PLATFORM);
+ return (buf);
+#else
+ return ("platform: information not available");
+#endif
+ }
+ if (t == SSLEAY_DIR) {
+#ifdef OPENSSLDIR
+ return "OPENSSLDIR: \"" OPENSSLDIR "\"";
+#else
+ return "OPENSSLDIR: N/A";
+#endif
+ }
+ return ("not available");
+}
+
+unsigned long SSLeay(void)
+{
+ return (SSLEAY_VERSION_NUMBER);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/cbc3_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/cbc3_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/cbc3_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,99 +0,0 @@
-/* crypto/des/cbc3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* HAS BUGS! DON'T USE - this is only present for use in des.c */
-void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
- DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock *iv1,
- DES_cblock *iv2, int enc)
- {
- int off=((int)length-1)/8;
- long l8=((length+7)/8)*8;
- DES_cblock niv1,niv2;
-
- if (enc == DES_ENCRYPT)
- {
- DES_cbc_encrypt((unsigned char*)input,
- (unsigned char*)output,length,&ks1,iv1,enc);
- if (length >= sizeof(DES_cblock))
- memcpy(niv1,output[off],sizeof(DES_cblock));
- DES_cbc_encrypt((unsigned char*)output,
- (unsigned char*)output,l8,&ks2,iv1,!enc);
- DES_cbc_encrypt((unsigned char*)output,
- (unsigned char*)output,l8,&ks1,iv2,enc);
- if (length >= sizeof(DES_cblock))
- memcpy(niv2,output[off],sizeof(DES_cblock));
- }
- else
- {
- if (length >= sizeof(DES_cblock))
- memcpy(niv2,input[off],sizeof(DES_cblock));
- DES_cbc_encrypt((unsigned char*)input,
- (unsigned char*)output,l8,&ks1,iv2,enc);
- DES_cbc_encrypt((unsigned char*)output,
- (unsigned char*)output,l8,&ks2,iv1,!enc);
- if (length >= sizeof(DES_cblock))
- memcpy(niv1,output[off],sizeof(DES_cblock));
- DES_cbc_encrypt((unsigned char*)output,
- (unsigned char*)output,length,&ks1,iv1,enc);
- }
- memcpy(*iv1,niv1,sizeof(DES_cblock));
- memcpy(*iv2,niv2,sizeof(DES_cblock));
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/cbc3_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/cbc3_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/cbc3_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/cbc3_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,95 @@
+/* crypto/des/cbc3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* HAS BUGS! DON'T USE - this is only present for use in des.c */
+void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
+ DES_key_schedule ks1, DES_key_schedule ks2,
+ DES_cblock *iv1, DES_cblock *iv2, int enc)
+{
+ int off = ((int)length - 1) / 8;
+ long l8 = ((length + 7) / 8) * 8;
+ DES_cblock niv1, niv2;
+
+ if (enc == DES_ENCRYPT) {
+ DES_cbc_encrypt((unsigned char *)input,
+ (unsigned char *)output, length, &ks1, iv1, enc);
+ if (length >= sizeof(DES_cblock))
+ memcpy(niv1, output[off], sizeof(DES_cblock));
+ DES_cbc_encrypt((unsigned char *)output,
+ (unsigned char *)output, l8, &ks2, iv1, !enc);
+ DES_cbc_encrypt((unsigned char *)output,
+ (unsigned char *)output, l8, &ks1, iv2, enc);
+ if (length >= sizeof(DES_cblock))
+ memcpy(niv2, output[off], sizeof(DES_cblock));
+ } else {
+ if (length >= sizeof(DES_cblock))
+ memcpy(niv2, input[off], sizeof(DES_cblock));
+ DES_cbc_encrypt((unsigned char *)input,
+ (unsigned char *)output, l8, &ks1, iv2, enc);
+ DES_cbc_encrypt((unsigned char *)output,
+ (unsigned char *)output, l8, &ks2, iv1, !enc);
+ if (length >= sizeof(DES_cblock))
+ memcpy(niv1, output[off], sizeof(DES_cblock));
+ DES_cbc_encrypt((unsigned char *)output,
+ (unsigned char *)output, length, &ks1, iv1, enc);
+ }
+ memcpy(*iv1, niv1, sizeof(DES_cblock));
+ memcpy(*iv2, niv2, sizeof(DES_cblock));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_cksm.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/cbc_cksm.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_cksm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,106 +0,0 @@
-/* crypto/des/cbc_cksm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
- long length, DES_key_schedule *schedule,
- const_DES_cblock *ivec)
- {
- register DES_LONG tout0,tout1,tin0,tin1;
- register long l=length;
- DES_LONG tin[2];
- unsigned char *out = &(*output)[0];
- const unsigned char *iv = &(*ivec)[0];
-
- c2l(iv,tout0);
- c2l(iv,tout1);
- for (; l>0; l-=8)
- {
- if (l >= 8)
- {
- c2l(in,tin0);
- c2l(in,tin1);
- }
- else
- c2ln(in,tin0,tin1,l);
-
- tin0^=tout0; tin[0]=tin0;
- tin1^=tout1; tin[1]=tin1;
- DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
- /* fix 15/10/91 eay - thanks to keithr at sco.COM */
- tout0=tin[0];
- tout1=tin[1];
- }
- if (out != NULL)
- {
- l2c(tout0,out);
- l2c(tout1,out);
- }
- tout0=tin0=tin1=tin[0]=tin[1]=0;
- /*
- Transform the data in tout1 so that it will
- match the return value that the MIT Kerberos
- mit_des_cbc_cksum API returns.
- */
- tout1 = ((tout1 >> 24L) & 0x000000FF)
- | ((tout1 >> 8L) & 0x0000FF00)
- | ((tout1 << 8L) & 0x00FF0000)
- | ((tout1 << 24L) & 0xFF000000);
- return(tout1);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_cksm.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/cbc_cksm.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_cksm.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_cksm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,103 @@
+/* crypto/des/cbc_cksm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
+ long length, DES_key_schedule *schedule,
+ const_DES_cblock *ivec)
+{
+ register DES_LONG tout0, tout1, tin0, tin1;
+ register long l = length;
+ DES_LONG tin[2];
+ unsigned char *out = &(*output)[0];
+ const unsigned char *iv = &(*ivec)[0];
+
+ c2l(iv, tout0);
+ c2l(iv, tout1);
+ for (; l > 0; l -= 8) {
+ if (l >= 8) {
+ c2l(in, tin0);
+ c2l(in, tin1);
+ } else
+ c2ln(in, tin0, tin1, l);
+
+ tin0 ^= tout0;
+ tin[0] = tin0;
+ tin1 ^= tout1;
+ tin[1] = tin1;
+ DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
+ /* fix 15/10/91 eay - thanks to keithr at sco.COM */
+ tout0 = tin[0];
+ tout1 = tin[1];
+ }
+ if (out != NULL) {
+ l2c(tout0, out);
+ l2c(tout1, out);
+ }
+ tout0 = tin0 = tin1 = tin[0] = tin[1] = 0;
+ /*
+ * Transform the data in tout1 so that it will match the return value
+ * that the MIT Kerberos mit_des_cbc_cksum API returns.
+ */
+ tout1 = ((tout1 >> 24L) & 0x000000FF)
+ | ((tout1 >> 8L) & 0x0000FF00)
+ | ((tout1 << 8L) & 0x00FF0000)
+ | ((tout1 << 24L) & 0xFF000000);
+ return (tout1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/cbc_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,61 +0,0 @@
-/* crypto/des/cbc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define CBC_ENC_C__DONT_UPDATE_IV
-
-#include "ncbc_enc.c" /* des_cbc_encrypt */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/cbc_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/cbc_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,61 @@
+/* crypto/des/cbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define CBC_ENC_C__DONT_UPDATE_IV
+
+#include "ncbc_enc.c" /* des_cbc_encrypt */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64ede.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/cfb64ede.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64ede.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,254 +0,0 @@
-/* crypto/des/cfb64ede.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include "e_os.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3,
- DES_cblock *ivec, int *num, int enc)
- {
- register DES_LONG v0,v1;
- register long l=length;
- register int n= *num;
- DES_LONG ti[2];
- unsigned char *iv,c,cc;
-
- iv=&(*ivec)[0];
- if (enc)
- {
- while (l--)
- {
- if (n == 0)
- {
- c2l(iv,v0);
- c2l(iv,v1);
-
- ti[0]=v0;
- ti[1]=v1;
- DES_encrypt3(ti,ks1,ks2,ks3);
- v0=ti[0];
- v1=ti[1];
-
- iv = &(*ivec)[0];
- l2c(v0,iv);
- l2c(v1,iv);
- iv = &(*ivec)[0];
- }
- c= *(in++)^iv[n];
- *(out++)=c;
- iv[n]=c;
- n=(n+1)&0x07;
- }
- }
- else
- {
- while (l--)
- {
- if (n == 0)
- {
- c2l(iv,v0);
- c2l(iv,v1);
-
- ti[0]=v0;
- ti[1]=v1;
- DES_encrypt3(ti,ks1,ks2,ks3);
- v0=ti[0];
- v1=ti[1];
-
- iv = &(*ivec)[0];
- l2c(v0,iv);
- l2c(v1,iv);
- iv = &(*ivec)[0];
- }
- cc= *(in++);
- c=iv[n];
- iv[n]=cc;
- *(out++)=c^cc;
- n=(n+1)&0x07;
- }
- }
- v0=v1=ti[0]=ti[1]=c=cc=0;
- *num=n;
- }
-
-#ifdef undef /* MACRO */
-void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
- DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock (*ivec),
- int *num, int enc)
- {
- DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
- }
-#endif
-
-/* This is compatible with the single key CFB-r for DES, even thought that's
- * not what EVP needs.
- */
-
-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
- int numbits,long length,DES_key_schedule *ks1,
- DES_key_schedule *ks2,DES_key_schedule *ks3,
- DES_cblock *ivec,int enc)
- {
- register DES_LONG d0,d1,v0,v1;
- register unsigned long l=length,n=((unsigned int)numbits+7)/8;
- register int num=numbits,i;
- DES_LONG ti[2];
- unsigned char *iv;
- unsigned char ovec[16];
-
- if (num > 64) return;
- iv = &(*ivec)[0];
- c2l(iv,v0);
- c2l(iv,v1);
- if (enc)
- {
- while (l >= n)
- {
- l-=n;
- ti[0]=v0;
- ti[1]=v1;
- DES_encrypt3(ti,ks1,ks2,ks3);
- c2ln(in,d0,d1,n);
- in+=n;
- d0^=ti[0];
- d1^=ti[1];
- l2cn(d0,d1,out,n);
- out+=n;
- /* 30-08-94 - eay - changed because l>>32 and
- * l<<32 are bad under gcc :-( */
- if (num == 32)
- { v0=v1; v1=d0; }
- else if (num == 64)
- { v0=d0; v1=d1; }
- else
- {
- iv=&ovec[0];
- l2c(v0,iv);
- l2c(v1,iv);
- l2c(d0,iv);
- l2c(d1,iv);
- /* shift ovec left most of the bits... */
- memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
- /* now the remaining bits */
- if(num%8 != 0)
- for(i=0 ; i < 8 ; ++i)
- {
- ovec[i]<<=num%8;
- ovec[i]|=ovec[i+1]>>(8-num%8);
- }
- iv=&ovec[0];
- c2l(iv,v0);
- c2l(iv,v1);
- }
- }
- }
- else
- {
- while (l >= n)
- {
- l-=n;
- ti[0]=v0;
- ti[1]=v1;
- DES_encrypt3(ti,ks1,ks2,ks3);
- c2ln(in,d0,d1,n);
- in+=n;
- /* 30-08-94 - eay - changed because l>>32 and
- * l<<32 are bad under gcc :-( */
- if (num == 32)
- { v0=v1; v1=d0; }
- else if (num == 64)
- { v0=d0; v1=d1; }
- else
- {
- iv=&ovec[0];
- l2c(v0,iv);
- l2c(v1,iv);
- l2c(d0,iv);
- l2c(d1,iv);
- /* shift ovec left most of the bits... */
- memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
- /* now the remaining bits */
- if(num%8 != 0)
- for(i=0 ; i < 8 ; ++i)
- {
- ovec[i]<<=num%8;
- ovec[i]|=ovec[i+1]>>(8-num%8);
- }
- iv=&ovec[0];
- c2l(iv,v0);
- c2l(iv,v1);
- }
- d0^=ti[0];
- d1^=ti[1];
- l2cn(d0,d1,out,n);
- out+=n;
- }
- }
- iv = &(*ivec)[0];
- l2c(v0,iv);
- l2c(v1,iv);
- v0=v1=d0=d1=ti[0]=ti[1]=0;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64ede.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/cfb64ede.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64ede.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64ede.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,249 @@
+/* crypto/des/cfb64ede.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+#include "e_os.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec, int *num, int enc)
+{
+ register DES_LONG v0, v1;
+ register long l = length;
+ register int n = *num;
+ DES_LONG ti[2];
+ unsigned char *iv, c, cc;
+
+ iv = &(*ivec)[0];
+ if (enc) {
+ while (l--) {
+ if (n == 0) {
+ c2l(iv, v0);
+ c2l(iv, v1);
+
+ ti[0] = v0;
+ ti[1] = v1;
+ DES_encrypt3(ti, ks1, ks2, ks3);
+ v0 = ti[0];
+ v1 = ti[1];
+
+ iv = &(*ivec)[0];
+ l2c(v0, iv);
+ l2c(v1, iv);
+ iv = &(*ivec)[0];
+ }
+ c = *(in++) ^ iv[n];
+ *(out++) = c;
+ iv[n] = c;
+ n = (n + 1) & 0x07;
+ }
+ } else {
+ while (l--) {
+ if (n == 0) {
+ c2l(iv, v0);
+ c2l(iv, v1);
+
+ ti[0] = v0;
+ ti[1] = v1;
+ DES_encrypt3(ti, ks1, ks2, ks3);
+ v0 = ti[0];
+ v1 = ti[1];
+
+ iv = &(*ivec)[0];
+ l2c(v0, iv);
+ l2c(v1, iv);
+ iv = &(*ivec)[0];
+ }
+ cc = *(in++);
+ c = iv[n];
+ iv[n] = cc;
+ *(out++) = c ^ cc;
+ n = (n + 1) & 0x07;
+ }
+ }
+ v0 = v1 = ti[0] = ti[1] = c = cc = 0;
+ *num = n;
+}
+
+#ifdef undef /* MACRO */
+void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule ks1,
+ DES_key_schedule ks2, DES_cblock (*ivec),
+ int *num, int enc)
+{
+ DES_ede3_cfb64_encrypt(in, out, length, ks1, ks2, ks1, ivec, num, enc);
+}
+#endif
+
+/*
+ * This is compatible with the single key CFB-r for DES, even thought that's
+ * not what EVP needs.
+ */
+
+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
+ int numbits, long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec, int enc)
+{
+ register DES_LONG d0, d1, v0, v1;
+ register unsigned long l = length, n = ((unsigned int)numbits + 7) / 8;
+ register int num = numbits, i;
+ DES_LONG ti[2];
+ unsigned char *iv;
+ unsigned char ovec[16];
+
+ if (num > 64)
+ return;
+ iv = &(*ivec)[0];
+ c2l(iv, v0);
+ c2l(iv, v1);
+ if (enc) {
+ while (l >= n) {
+ l -= n;
+ ti[0] = v0;
+ ti[1] = v1;
+ DES_encrypt3(ti, ks1, ks2, ks3);
+ c2ln(in, d0, d1, n);
+ in += n;
+ d0 ^= ti[0];
+ d1 ^= ti[1];
+ l2cn(d0, d1, out, n);
+ out += n;
+ /*
+ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+ * gcc :-(
+ */
+ if (num == 32) {
+ v0 = v1;
+ v1 = d0;
+ } else if (num == 64) {
+ v0 = d0;
+ v1 = d1;
+ } else {
+ iv = &ovec[0];
+ l2c(v0, iv);
+ l2c(v1, iv);
+ l2c(d0, iv);
+ l2c(d1, iv);
+ /* shift ovec left most of the bits... */
+ memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
+ /* now the remaining bits */
+ if (num % 8 != 0)
+ for (i = 0; i < 8; ++i) {
+ ovec[i] <<= num % 8;
+ ovec[i] |= ovec[i + 1] >> (8 - num % 8);
+ }
+ iv = &ovec[0];
+ c2l(iv, v0);
+ c2l(iv, v1);
+ }
+ }
+ } else {
+ while (l >= n) {
+ l -= n;
+ ti[0] = v0;
+ ti[1] = v1;
+ DES_encrypt3(ti, ks1, ks2, ks3);
+ c2ln(in, d0, d1, n);
+ in += n;
+ /*
+ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+ * gcc :-(
+ */
+ if (num == 32) {
+ v0 = v1;
+ v1 = d0;
+ } else if (num == 64) {
+ v0 = d0;
+ v1 = d1;
+ } else {
+ iv = &ovec[0];
+ l2c(v0, iv);
+ l2c(v1, iv);
+ l2c(d0, iv);
+ l2c(d1, iv);
+ /* shift ovec left most of the bits... */
+ memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
+ /* now the remaining bits */
+ if (num % 8 != 0)
+ for (i = 0; i < 8; ++i) {
+ ovec[i] <<= num % 8;
+ ovec[i] |= ovec[i + 1] >> (8 - num % 8);
+ }
+ iv = &ovec[0];
+ c2l(iv, v0);
+ c2l(iv, v1);
+ }
+ d0 ^= ti[0];
+ d1 ^= ti[1];
+ l2cn(d0, d1, out, n);
+ out += n;
+ }
+ }
+ iv = &(*ivec)[0];
+ l2c(v0, iv);
+ l2c(v1, iv);
+ v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/cfb64enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,121 +0,0 @@
-/* crypto/des/cfb64enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec, int *num, int enc)
- {
- register DES_LONG v0,v1;
- register long l=length;
- register int n= *num;
- DES_LONG ti[2];
- unsigned char *iv,c,cc;
-
- iv = &(*ivec)[0];
- if (enc)
- {
- while (l--)
- {
- if (n == 0)
- {
- c2l(iv,v0); ti[0]=v0;
- c2l(iv,v1); ti[1]=v1;
- DES_encrypt1(ti,schedule,DES_ENCRYPT);
- iv = &(*ivec)[0];
- v0=ti[0]; l2c(v0,iv);
- v0=ti[1]; l2c(v0,iv);
- iv = &(*ivec)[0];
- }
- c= *(in++)^iv[n];
- *(out++)=c;
- iv[n]=c;
- n=(n+1)&0x07;
- }
- }
- else
- {
- while (l--)
- {
- if (n == 0)
- {
- c2l(iv,v0); ti[0]=v0;
- c2l(iv,v1); ti[1]=v1;
- DES_encrypt1(ti,schedule,DES_ENCRYPT);
- iv = &(*ivec)[0];
- v0=ti[0]; l2c(v0,iv);
- v0=ti[1]; l2c(v0,iv);
- iv = &(*ivec)[0];
- }
- cc= *(in++);
- c=iv[n];
- iv[n]=cc;
- *(out++)=c^cc;
- n=(n+1)&0x07;
- }
- }
- v0=v1=ti[0]=ti[1]=c=cc=0;
- *num=n;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/cfb64enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/cfb64enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,122 @@
+/* crypto/des/cfb64enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int *num, int enc)
+{
+ register DES_LONG v0, v1;
+ register long l = length;
+ register int n = *num;
+ DES_LONG ti[2];
+ unsigned char *iv, c, cc;
+
+ iv = &(*ivec)[0];
+ if (enc) {
+ while (l--) {
+ if (n == 0) {
+ c2l(iv, v0);
+ ti[0] = v0;
+ c2l(iv, v1);
+ ti[1] = v1;
+ DES_encrypt1(ti, schedule, DES_ENCRYPT);
+ iv = &(*ivec)[0];
+ v0 = ti[0];
+ l2c(v0, iv);
+ v0 = ti[1];
+ l2c(v0, iv);
+ iv = &(*ivec)[0];
+ }
+ c = *(in++) ^ iv[n];
+ *(out++) = c;
+ iv[n] = c;
+ n = (n + 1) & 0x07;
+ }
+ } else {
+ while (l--) {
+ if (n == 0) {
+ c2l(iv, v0);
+ ti[0] = v0;
+ c2l(iv, v1);
+ ti[1] = v1;
+ DES_encrypt1(ti, schedule, DES_ENCRYPT);
+ iv = &(*ivec)[0];
+ v0 = ti[0];
+ l2c(v0, iv);
+ v0 = ti[1];
+ l2c(v0, iv);
+ iv = &(*ivec)[0];
+ }
+ cc = *(in++);
+ c = iv[n];
+ iv[n] = cc;
+ *(out++) = c ^ cc;
+ n = (n + 1) & 0x07;
+ }
+ }
+ v0 = v1 = ti[0] = ti[1] = c = cc = 0;
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/cfb_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/cfb_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/cfb_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,195 +0,0 @@
-/* crypto/des/cfb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "e_os.h"
-#include "des_locl.h"
-#include <assert.h>
-
-/* The input and output are loaded in multiples of 8 bits.
- * What this means is that if you hame numbits=12 and length=2
- * the first 12 bits will be retrieved from the first byte and half
- * the second. The second 12 bits will come from the 3rd and half the 4th
- * byte.
- */
-/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
- * will not be compatible with any encryption prior to that date. Ben. */
-void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
- int enc)
- {
- register DES_LONG d0,d1,v0,v1;
- register unsigned long l=length;
- register int num=numbits/8,n=(numbits+7)/8,i,rem=numbits%8;
- DES_LONG ti[2];
- unsigned char *iv;
-#ifndef L_ENDIAN
- unsigned char ovec[16];
-#else
- unsigned int sh[4];
- unsigned char *ovec=(unsigned char *)sh;
-
- /* I kind of count that compiler optimizes away this assertioni,*/
- assert (sizeof(sh[0])==4); /* as this holds true for all, */
- /* but 16-bit platforms... */
-
-#endif
-
- if (numbits<=0 || numbits > 64) return;
- iv = &(*ivec)[0];
- c2l(iv,v0);
- c2l(iv,v1);
- if (enc)
- {
- while (l >= (unsigned long)n)
- {
- l-=n;
- ti[0]=v0;
- ti[1]=v1;
- DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
- c2ln(in,d0,d1,n);
- in+=n;
- d0^=ti[0];
- d1^=ti[1];
- l2cn(d0,d1,out,n);
- out+=n;
- /* 30-08-94 - eay - changed because l>>32 and
- * l<<32 are bad under gcc :-( */
- if (numbits == 32)
- { v0=v1; v1=d0; }
- else if (numbits == 64)
- { v0=d0; v1=d1; }
- else
- {
-#ifndef L_ENDIAN
- iv=&ovec[0];
- l2c(v0,iv);
- l2c(v1,iv);
- l2c(d0,iv);
- l2c(d1,iv);
-#else
- sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1;
-#endif
- if (rem==0)
- memmove(ovec,ovec+num,8);
- else
- for(i=0 ; i < 8 ; ++i)
- ovec[i]=ovec[i+num]<<rem |
- ovec[i+num+1]>>(8-rem);
-#ifdef L_ENDIAN
- v0=sh[0], v1=sh[1];
-#else
- iv=&ovec[0];
- c2l(iv,v0);
- c2l(iv,v1);
-#endif
- }
- }
- }
- else
- {
- while (l >= (unsigned long)n)
- {
- l-=n;
- ti[0]=v0;
- ti[1]=v1;
- DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
- c2ln(in,d0,d1,n);
- in+=n;
- /* 30-08-94 - eay - changed because l>>32 and
- * l<<32 are bad under gcc :-( */
- if (numbits == 32)
- { v0=v1; v1=d0; }
- else if (numbits == 64)
- { v0=d0; v1=d1; }
- else
- {
-#ifndef L_ENDIAN
- iv=&ovec[0];
- l2c(v0,iv);
- l2c(v1,iv);
- l2c(d0,iv);
- l2c(d1,iv);
-#else
- sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1;
-#endif
- if (rem==0)
- memmove(ovec,ovec+num,8);
- else
- for(i=0 ; i < 8 ; ++i)
- ovec[i]=ovec[i+num]<<rem |
- ovec[i+num+1]>>(8-rem);
-#ifdef L_ENDIAN
- v0=sh[0], v1=sh[1];
-#else
- iv=&ovec[0];
- c2l(iv,v0);
- c2l(iv,v1);
-#endif
- }
- d0^=ti[0];
- d1^=ti[1];
- l2cn(d0,d1,out,n);
- out+=n;
- }
- }
- iv = &(*ivec)[0];
- l2c(v0,iv);
- l2c(v1,iv);
- v0=v1=d0=d1=ti[0]=ti[1]=0;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/cfb_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/cfb_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/cfb_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/cfb_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,199 @@
+/* crypto/des/cfb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "e_os.h"
+#include "des_locl.h"
+#include <assert.h>
+
+/*
+ * The input and output are loaded in multiples of 8 bits. What this means is
+ * that if you hame numbits=12 and length=2 the first 12 bits will be
+ * retrieved from the first byte and half the second. The second 12 bits
+ * will come from the 3rd and half the 4th byte.
+ */
+/*
+ * Until Aug 1 2003 this function did not correctly implement CFB-r, so it
+ * will not be compatible with any encryption prior to that date. Ben.
+ */
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc)
+{
+ register DES_LONG d0, d1, v0, v1;
+ register unsigned long l = length;
+ register int num = numbits / 8, n = (numbits + 7) / 8, i, rem =
+ numbits % 8;
+ DES_LONG ti[2];
+ unsigned char *iv;
+#ifndef L_ENDIAN
+ unsigned char ovec[16];
+#else
+ unsigned int sh[4];
+ unsigned char *ovec = (unsigned char *)sh;
+
+ /* I kind of count that compiler optimizes away this assertioni, */
+ assert(sizeof(sh[0]) == 4); /* as this holds true for all, */
+ /* but 16-bit platforms... */
+
+#endif
+
+ if (numbits <= 0 || numbits > 64)
+ return;
+ iv = &(*ivec)[0];
+ c2l(iv, v0);
+ c2l(iv, v1);
+ if (enc) {
+ while (l >= (unsigned long)n) {
+ l -= n;
+ ti[0] = v0;
+ ti[1] = v1;
+ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+ c2ln(in, d0, d1, n);
+ in += n;
+ d0 ^= ti[0];
+ d1 ^= ti[1];
+ l2cn(d0, d1, out, n);
+ out += n;
+ /*
+ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+ * gcc :-(
+ */
+ if (numbits == 32) {
+ v0 = v1;
+ v1 = d0;
+ } else if (numbits == 64) {
+ v0 = d0;
+ v1 = d1;
+ } else {
+#ifndef L_ENDIAN
+ iv = &ovec[0];
+ l2c(v0, iv);
+ l2c(v1, iv);
+ l2c(d0, iv);
+ l2c(d1, iv);
+#else
+ sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
+#endif
+ if (rem == 0)
+ memmove(ovec, ovec + num, 8);
+ else
+ for (i = 0; i < 8; ++i)
+ ovec[i] = ovec[i + num] << rem |
+ ovec[i + num + 1] >> (8 - rem);
+#ifdef L_ENDIAN
+ v0 = sh[0], v1 = sh[1];
+#else
+ iv = &ovec[0];
+ c2l(iv, v0);
+ c2l(iv, v1);
+#endif
+ }
+ }
+ } else {
+ while (l >= (unsigned long)n) {
+ l -= n;
+ ti[0] = v0;
+ ti[1] = v1;
+ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+ c2ln(in, d0, d1, n);
+ in += n;
+ /*
+ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+ * gcc :-(
+ */
+ if (numbits == 32) {
+ v0 = v1;
+ v1 = d0;
+ } else if (numbits == 64) {
+ v0 = d0;
+ v1 = d1;
+ } else {
+#ifndef L_ENDIAN
+ iv = &ovec[0];
+ l2c(v0, iv);
+ l2c(v1, iv);
+ l2c(d0, iv);
+ l2c(d1, iv);
+#else
+ sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
+#endif
+ if (rem == 0)
+ memmove(ovec, ovec + num, 8);
+ else
+ for (i = 0; i < 8; ++i)
+ ovec[i] = ovec[i + num] << rem |
+ ovec[i + num + 1] >> (8 - rem);
+#ifdef L_ENDIAN
+ v0 = sh[0], v1 = sh[1];
+#else
+ iv = &ovec[0];
+ c2l(iv, v0);
+ c2l(iv, v1);
+#endif
+ }
+ d0 ^= ti[0];
+ d1 ^= ti[1];
+ l2cn(d0, d1, out, n);
+ out += n;
+ }
+ }
+ iv = &(*ivec)[0];
+ l2c(v0, iv);
+ l2c(v1, iv);
+ v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/des.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,932 +0,0 @@
-/* crypto/des/des.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_SYS_MSDOS
-#ifndef OPENSSL_SYS_VMS
-#include OPENSSL_UNISTD
-#else /* OPENSSL_SYS_VMS */
-#ifdef __DECC
-#include <unistd.h>
-#else /* not __DECC */
-#include <math.h>
-#endif /* __DECC */
-#endif /* OPENSSL_SYS_VMS */
-#else /* OPENSSL_SYS_MSDOS */
-#include <io.h>
-#endif
-
-#include <time.h>
-#include "des_ver.h"
-
-#ifdef OPENSSL_SYS_VMS
-#include <types.h>
-#include <stat.h>
-#else
-#ifndef _IRIX
-#include <sys/types.h>
-#endif
-#include <sys/stat.h>
-#endif
-#include <openssl/des.h>
-#include <openssl/rand.h>
-#include <openssl/ui_compat.h>
-
-void usage(void);
-void doencryption(void);
-int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
-void uufwriteEnd(FILE *fp);
-int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
-int uuencode(unsigned char *in,int num,unsigned char *out);
-int uudecode(unsigned char *in,int num,unsigned char *out);
-void DES_3cbc_encrypt(DES_cblock *input,DES_cblock *output,long length,
- DES_key_schedule sk1,DES_key_schedule sk2,
- DES_cblock *ivec1,DES_cblock *ivec2,int enc);
-#ifdef OPENSSL_SYS_VMS
-#define EXIT(a) exit(a&0x10000000L)
-#else
-#define EXIT(a) exit(a)
-#endif
-
-#define BUFSIZE (8*1024)
-#define VERIFY 1
-#define KEYSIZ 8
-#define KEYSIZB 1024 /* should hit tty line limit first :-) */
-char key[KEYSIZB+1];
-int do_encrypt,longk=0;
-FILE *DES_IN,*DES_OUT,*CKSUM_OUT;
-char uuname[200];
-unsigned char uubuf[50];
-int uubufnum=0;
-#define INUUBUFN (45*100)
-#define OUTUUBUF (65*100)
-unsigned char b[OUTUUBUF];
-unsigned char bb[300];
-DES_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
-char cksumname[200]="";
-
-int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
-
-int main(int argc, char **argv)
- {
- int i;
- struct stat ins,outs;
- char *p;
- char *in=NULL,*out=NULL;
-
- vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0;
- error=0;
- memset(key,0,sizeof(key));
-
- for (i=1; i<argc; i++)
- {
- p=argv[i];
- if ((p[0] == '-') && (p[1] != '\0'))
- {
- p++;
- while (*p)
- {
- switch (*(p++))
- {
- case '3':
- flag3=1;
- longk=1;
- break;
- case 'c':
- cflag=1;
- strncpy(cksumname,p,200);
- cksumname[sizeof(cksumname)-1]='\0';
- p+=strlen(cksumname);
- break;
- case 'C':
- cflag=1;
- longk=1;
- strncpy(cksumname,p,200);
- cksumname[sizeof(cksumname)-1]='\0';
- p+=strlen(cksumname);
- break;
- case 'e':
- eflag=1;
- break;
- case 'v':
- vflag=1;
- break;
- case 'E':
- eflag=1;
- longk=1;
- break;
- case 'd':
- dflag=1;
- break;
- case 'D':
- dflag=1;
- longk=1;
- break;
- case 'b':
- bflag=1;
- break;
- case 'f':
- fflag=1;
- break;
- case 's':
- sflag=1;
- break;
- case 'u':
- uflag=1;
- strncpy(uuname,p,200);
- uuname[sizeof(uuname)-1]='\0';
- p+=strlen(uuname);
- break;
- case 'h':
- hflag=1;
- break;
- case 'k':
- kflag=1;
- if ((i+1) == argc)
- {
- fputs("must have a key with the -k option\n",stderr);
- error=1;
- }
- else
- {
- int j;
-
- i++;
- strncpy(key,argv[i],KEYSIZB);
- for (j=strlen(argv[i])-1; j>=0; j--)
- argv[i][j]='\0';
- }
- break;
- default:
- fprintf(stderr,"'%c' unknown flag\n",p[-1]);
- error=1;
- break;
- }
- }
- }
- else
- {
- if (in == NULL)
- in=argv[i];
- else if (out == NULL)
- out=argv[i];
- else
- error=1;
- }
- }
- if (error) usage();
- /* We either
- * do checksum or
- * do encrypt or
- * do decrypt or
- * do decrypt then ckecksum or
- * do checksum then encrypt
- */
- if (((eflag+dflag) == 1) || cflag)
- {
- if (eflag) do_encrypt=DES_ENCRYPT;
- if (dflag) do_encrypt=DES_DECRYPT;
- }
- else
- {
- if (vflag)
- {
-#ifndef _Windows
- fprintf(stderr,"des(1) built with %s\n",libdes_version);
-#endif
- EXIT(1);
- }
- else usage();
- }
-
-#ifndef _Windows
- if (vflag) fprintf(stderr,"des(1) built with %s\n",libdes_version);
-#endif
- if ( (in != NULL) &&
- (out != NULL) &&
-#ifndef OPENSSL_SYS_MSDOS
- (stat(in,&ins) != -1) &&
- (stat(out,&outs) != -1) &&
- (ins.st_dev == outs.st_dev) &&
- (ins.st_ino == outs.st_ino))
-#else /* OPENSSL_SYS_MSDOS */
- (strcmp(in,out) == 0))
-#endif
- {
- fputs("input and output file are the same\n",stderr);
- EXIT(3);
- }
-
- if (!kflag)
- if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0))
- {
- fputs("password error\n",stderr);
- EXIT(2);
- }
-
- if (in == NULL)
- DES_IN=stdin;
- else if ((DES_IN=fopen(in,"r")) == NULL)
- {
- perror("opening input file");
- EXIT(4);
- }
-
- CKSUM_OUT=stdout;
- if (out == NULL)
- {
- DES_OUT=stdout;
- CKSUM_OUT=stderr;
- }
- else if ((DES_OUT=fopen(out,"w")) == NULL)
- {
- perror("opening output file");
- EXIT(5);
- }
-
-#ifdef OPENSSL_SYS_MSDOS
- /* This should set the file to binary mode. */
- {
-#include <fcntl.h>
- if (!(uflag && dflag))
- setmode(fileno(DES_IN),O_BINARY);
- if (!(uflag && eflag))
- setmode(fileno(DES_OUT),O_BINARY);
- }
-#endif
-
- doencryption();
- fclose(DES_IN);
- fclose(DES_OUT);
- EXIT(0);
- }
-
-void usage(void)
- {
- char **u;
- static const char *Usage[]={
-"des <options> [input-file [output-file]]",
-"options:",
-"-v : des(1) version number",
-"-e : encrypt using SunOS compatible user key to DES key conversion.",
-"-E : encrypt ",
-"-d : decrypt using SunOS compatible user key to DES key conversion.",
-"-D : decrypt ",
-"-c[ckname] : generate a cbc_cksum using SunOS compatible user key to",
-" DES key conversion and output to ckname (stdout default,",
-" stderr if data being output on stdout). The checksum is",
-" generated before encryption and after decryption if used",
-" in conjunction with -[eEdD].",
-"-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
-"-k key : use key 'key'",
-"-h : the key that is entered will be a hexadecimal number",
-" that is used directly as the des key",
-"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
-" (uuname is the filename to put in the uuencode header).",
-"-b : encrypt using DES in ecb encryption mode, the default is cbc mode.",
-"-3 : encrypt using triple DES encryption. This uses 2 keys",
-" generated from the input key. If the input key is less",
-" than 8 characters long, this is equivalent to normal",
-" encryption. Default is triple cbc, -b makes it triple ecb.",
-NULL
-};
- for (u=(char **)Usage; *u; u++)
- {
- fputs(*u,stderr);
- fputc('\n',stderr);
- }
-
- EXIT(1);
- }
-
-void doencryption(void)
- {
-#ifdef _LIBC
- extern unsigned long time();
-#endif
-
- register int i;
- DES_key_schedule ks,ks2;
- DES_cblock iv,iv2;
- char *p;
- int num=0,j,k,l,rem,ll,len,last,ex=0;
- DES_cblock kk,k2;
- FILE *O;
- int Exit=0;
-#ifndef OPENSSL_SYS_MSDOS
- static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];
-#else
- static unsigned char *buf=NULL,*obuf=NULL;
-
- if (buf == NULL)
- {
- if ( (( buf=OPENSSL_malloc(BUFSIZE+8)) == NULL) ||
- ((obuf=OPENSSL_malloc(BUFSIZE+8)) == NULL))
- {
- fputs("Not enough memory\n",stderr);
- Exit=10;
- goto problems;
- }
- }
-#endif
-
- if (hflag)
- {
- j=(flag3?16:8);
- p=key;
- for (i=0; i<j; i++)
- {
- k=0;
- if ((*p <= '9') && (*p >= '0'))
- k=(*p-'0')<<4;
- else if ((*p <= 'f') && (*p >= 'a'))
- k=(*p-'a'+10)<<4;
- else if ((*p <= 'F') && (*p >= 'A'))
- k=(*p-'A'+10)<<4;
- else
- {
- fputs("Bad hex key\n",stderr);
- Exit=9;
- goto problems;
- }
- p++;
- if ((*p <= '9') && (*p >= '0'))
- k|=(*p-'0');
- else if ((*p <= 'f') && (*p >= 'a'))
- k|=(*p-'a'+10);
- else if ((*p <= 'F') && (*p >= 'A'))
- k|=(*p-'A'+10);
- else
- {
- fputs("Bad hex key\n",stderr);
- Exit=9;
- goto problems;
- }
- p++;
- if (i < 8)
- kk[i]=k;
- else
- k2[i-8]=k;
- }
- DES_set_key_unchecked(&k2,&ks2);
- OPENSSL_cleanse(k2,sizeof(k2));
- }
- else if (longk || flag3)
- {
- if (flag3)
- {
- DES_string_to_2keys(key,&kk,&k2);
- DES_set_key_unchecked(&k2,&ks2);
- OPENSSL_cleanse(k2,sizeof(k2));
- }
- else
- DES_string_to_key(key,&kk);
- }
- else
- for (i=0; i<KEYSIZ; i++)
- {
- l=0;
- k=key[i];
- for (j=0; j<8; j++)
- {
- if (k&1) l++;
- k>>=1;
- }
- if (l & 1)
- kk[i]=key[i]&0x7f;
- else
- kk[i]=key[i]|0x80;
- }
-
- DES_set_key_unchecked(&kk,&ks);
- OPENSSL_cleanse(key,sizeof(key));
- OPENSSL_cleanse(kk,sizeof(kk));
- /* woops - A bug that does not showup under unix :-( */
- memset(iv,0,sizeof(iv));
- memset(iv2,0,sizeof(iv2));
-
- l=1;
- rem=0;
- /* first read */
- if (eflag || (!dflag && cflag))
- {
- for (;;)
- {
- num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
- l+=rem;
- num+=rem;
- if (l < 0)
- {
- perror("read error");
- Exit=6;
- goto problems;
- }
-
- rem=l%8;
- len=l-rem;
- if (feof(DES_IN))
- {
- for (i=7-rem; i>0; i--)
- RAND_pseudo_bytes(buf + l++, 1);
- buf[l++]=rem;
- ex=1;
- len+=rem;
- }
- else
- l-=rem;
-
- if (cflag)
- {
- DES_cbc_cksum(buf,&cksum,
- (long)len,&ks,&cksum);
- if (!eflag)
- {
- if (feof(DES_IN)) break;
- else continue;
- }
- }
-
- if (bflag && !flag3)
- for (i=0; i<l; i+=8)
- DES_ecb_encrypt(
- (DES_cblock *)&(buf[i]),
- (DES_cblock *)&(obuf[i]),
- &ks,do_encrypt);
- else if (flag3 && bflag)
- for (i=0; i<l; i+=8)
- DES_ecb2_encrypt(
- (DES_cblock *)&(buf[i]),
- (DES_cblock *)&(obuf[i]),
- &ks,&ks2,do_encrypt);
- else if (flag3 && !bflag)
- {
- char tmpbuf[8];
-
- if (rem) memcpy(tmpbuf,&(buf[l]),
- (unsigned int)rem);
- DES_3cbc_encrypt(
- (DES_cblock *)buf,(DES_cblock *)obuf,
- (long)l,ks,ks2,&iv,
- &iv2,do_encrypt);
- if (rem) memcpy(&(buf[l]),tmpbuf,
- (unsigned int)rem);
- }
- else
- {
- DES_cbc_encrypt(
- buf,obuf,
- (long)l,&ks,&iv,do_encrypt);
- if (l >= 8) memcpy(iv,&(obuf[l-8]),8);
- }
- if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
-
- i=0;
- while (i < l)
- {
- if (uflag)
- j=uufwrite(obuf,1,(unsigned int)l-i,
- DES_OUT);
- else
- j=fwrite(obuf,1,(unsigned int)l-i,
- DES_OUT);
- if (j == -1)
- {
- perror("Write error");
- Exit=7;
- goto problems;
- }
- i+=j;
- }
- if (feof(DES_IN))
- {
- if (uflag) uufwriteEnd(DES_OUT);
- break;
- }
- }
- }
- else /* decrypt */
- {
- ex=1;
- for (;;)
- {
- if (ex) {
- if (uflag)
- l=uufread(buf,1,BUFSIZE,DES_IN);
- else
- l=fread(buf,1,BUFSIZE,DES_IN);
- ex=0;
- rem=l%8;
- l-=rem;
- }
- if (l < 0)
- {
- perror("read error");
- Exit=6;
- goto problems;
- }
-
- if (bflag && !flag3)
- for (i=0; i<l; i+=8)
- DES_ecb_encrypt(
- (DES_cblock *)&(buf[i]),
- (DES_cblock *)&(obuf[i]),
- &ks,do_encrypt);
- else if (flag3 && bflag)
- for (i=0; i<l; i+=8)
- DES_ecb2_encrypt(
- (DES_cblock *)&(buf[i]),
- (DES_cblock *)&(obuf[i]),
- &ks,&ks2,do_encrypt);
- else if (flag3 && !bflag)
- {
- DES_3cbc_encrypt(
- (DES_cblock *)buf,(DES_cblock *)obuf,
- (long)l,ks,ks2,&iv,
- &iv2,do_encrypt);
- }
- else
- {
- DES_cbc_encrypt(
- buf,obuf,
- (long)l,&ks,&iv,do_encrypt);
- if (l >= 8) memcpy(iv,&(buf[l-8]),8);
- }
-
- if (uflag)
- ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN);
- else
- ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
- ll+=rem;
- rem=ll%8;
- ll-=rem;
- if (feof(DES_IN) && (ll == 0))
- {
- last=obuf[l-1];
-
- if ((last > 7) || (last < 0))
- {
- fputs("The file was not decrypted correctly.\n",
- stderr);
- Exit=8;
- last=0;
- }
- l=l-8+last;
- }
- i=0;
- if (cflag) DES_cbc_cksum(obuf,
- (DES_cblock *)cksum,(long)l/8*8,&ks,
- (DES_cblock *)cksum);
- while (i != l)
- {
- j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
- if (j == -1)
- {
- perror("Write error");
- Exit=7;
- goto problems;
- }
- i+=j;
- }
- l=ll;
- if ((l == 0) && feof(DES_IN)) break;
- }
- }
- if (cflag)
- {
- l=0;
- if (cksumname[0] != '\0')
- {
- if ((O=fopen(cksumname,"w")) != NULL)
- {
- CKSUM_OUT=O;
- l=1;
- }
- }
- for (i=0; i<8; i++)
- fprintf(CKSUM_OUT,"%02X",cksum[i]);
- fprintf(CKSUM_OUT,"\n");
- if (l) fclose(CKSUM_OUT);
- }
-problems:
- OPENSSL_cleanse(buf,sizeof(buf));
- OPENSSL_cleanse(obuf,sizeof(obuf));
- OPENSSL_cleanse(&ks,sizeof(ks));
- OPENSSL_cleanse(&ks2,sizeof(ks2));
- OPENSSL_cleanse(iv,sizeof(iv));
- OPENSSL_cleanse(iv2,sizeof(iv2));
- OPENSSL_cleanse(kk,sizeof(kk));
- OPENSSL_cleanse(k2,sizeof(k2));
- OPENSSL_cleanse(uubuf,sizeof(uubuf));
- OPENSSL_cleanse(b,sizeof(b));
- OPENSSL_cleanse(bb,sizeof(bb));
- OPENSSL_cleanse(cksum,sizeof(cksum));
- if (Exit) EXIT(Exit);
- }
-
-/* We ignore this parameter but it should be > ~50 I believe */
-int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)
- {
- int i,j,left,rem,ret=num;
- static int start=1;
-
- if (start)
- {
- fprintf(fp,"begin 600 %s\n",
- (uuname[0] == '\0')?"text.d":uuname);
- start=0;
- }
-
- if (uubufnum)
- {
- if (uubufnum+num < 45)
- {
- memcpy(&(uubuf[uubufnum]),data,(unsigned int)num);
- uubufnum+=num;
- return(num);
- }
- else
- {
- i=45-uubufnum;
- memcpy(&(uubuf[uubufnum]),data,(unsigned int)i);
- j=uuencode((unsigned char *)uubuf,45,b);
- fwrite(b,1,(unsigned int)j,fp);
- uubufnum=0;
- data+=i;
- num-=i;
- }
- }
-
- for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN)
- {
- j=uuencode(&(data[i]),INUUBUFN,b);
- fwrite(b,1,(unsigned int)j,fp);
- }
- rem=(num-i)%45;
- left=(num-i-rem);
- if (left)
- {
- j=uuencode(&(data[i]),left,b);
- fwrite(b,1,(unsigned int)j,fp);
- i+=left;
- }
- if (i != num)
- {
- memcpy(uubuf,&(data[i]),(unsigned int)rem);
- uubufnum=rem;
- }
- return(ret);
- }
-
-void uufwriteEnd(FILE *fp)
- {
- int j;
- static const char *end=" \nend\n";
-
- if (uubufnum != 0)
- {
- uubuf[uubufnum]='\0';
- uubuf[uubufnum+1]='\0';
- uubuf[uubufnum+2]='\0';
- j=uuencode(uubuf,uubufnum,b);
- fwrite(b,1,(unsigned int)j,fp);
- }
- fwrite(end,1,strlen(end),fp);
- }
-
-/* int size: should always be > ~ 60; I actually ignore this parameter :-) */
-int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)
- {
- int i,j,tot;
- static int done=0;
- static int valid=0;
- static int start=1;
-
- if (start)
- {
- for (;;)
- {
- b[0]='\0';
- fgets((char *)b,300,fp);
- if (b[0] == '\0')
- {
- fprintf(stderr,"no 'begin' found in uuencoded input\n");
- return(-1);
- }
- if (strncmp((char *)b,"begin ",6) == 0) break;
- }
- start=0;
- }
- if (done) return(0);
- tot=0;
- if (valid)
- {
- memcpy(out,bb,(unsigned int)valid);
- tot=valid;
- valid=0;
- }
- for (;;)
- {
- b[0]='\0';
- fgets((char *)b,300,fp);
- if (b[0] == '\0') break;
- i=strlen((char *)b);
- if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd'))
- {
- done=1;
- while (!feof(fp))
- {
- fgets((char *)b,300,fp);
- }
- break;
- }
- i=uudecode(b,i,bb);
- if (i < 0) break;
- if ((i+tot+8) > num)
- {
- /* num to copy to make it a multiple of 8 */
- j=(num/8*8)-tot-8;
- memcpy(&(out[tot]),bb,(unsigned int)j);
- tot+=j;
- memcpy(bb,&(bb[j]),(unsigned int)i-j);
- valid=i-j;
- break;
- }
- memcpy(&(out[tot]),bb,(unsigned int)i);
- tot+=i;
- }
- return(tot);
- }
-
-#define ccc2l(c,l) (l =((DES_LONG)(*((c)++)))<<16, \
- l|=((DES_LONG)(*((c)++)))<< 8, \
- l|=((DES_LONG)(*((c)++))))
-
-#define l2ccc(l,c) (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-
-int uuencode(unsigned char *in, int num, unsigned char *out)
- {
- int j,i,n,tot=0;
- DES_LONG l;
- register unsigned char *p;
- p=out;
-
- for (j=0; j<num; j+=45)
- {
- if (j+45 > num)
- i=(num-j);
- else i=45;
- *(p++)=i+' ';
- for (n=0; n<i; n+=3)
- {
- ccc2l(in,l);
- *(p++)=((l>>18)&0x3f)+' ';
- *(p++)=((l>>12)&0x3f)+' ';
- *(p++)=((l>> 6)&0x3f)+' ';
- *(p++)=((l )&0x3f)+' ';
- tot+=4;
- }
- *(p++)='\n';
- tot+=2;
- }
- *p='\0';
- l=0;
- return(tot);
- }
-
-int uudecode(unsigned char *in, int num, unsigned char *out)
- {
- int j,i,k;
- unsigned int n=0,space=0;
- DES_LONG l;
- DES_LONG w,x,y,z;
- unsigned int blank=(unsigned int)'\n'-' ';
-
- for (j=0; j<num; )
- {
- n= *(in++)-' ';
- if (n == blank)
- {
- n=0;
- in--;
- }
- if (n > 60)
- {
- fprintf(stderr,"uuencoded line length too long\n");
- return(-1);
- }
- j++;
-
- for (i=0; i<n; j+=4,i+=3)
- {
- /* the following is for cases where spaces are
- * removed from lines.
- */
- if (space)
- {
- w=x=y=z=0;
- }
- else
- {
- w= *(in++)-' ';
- x= *(in++)-' ';
- y= *(in++)-' ';
- z= *(in++)-' ';
- }
- if ((w > 63) || (x > 63) || (y > 63) || (z > 63))
- {
- k=0;
- if (w == blank) k=1;
- if (x == blank) k=2;
- if (y == blank) k=3;
- if (z == blank) k=4;
- space=1;
- switch (k) {
- case 1: w=0; in--;
- case 2: x=0; in--;
- case 3: y=0; in--;
- case 4: z=0; in--;
- break;
- case 0:
- space=0;
- fprintf(stderr,"bad uuencoded data values\n");
- w=x=y=z=0;
- return(-1);
- break;
- }
- }
- l=(w<<18)|(x<<12)|(y<< 6)|(z );
- l2ccc(l,out);
- }
- if (*(in++) != '\n')
- {
- fprintf(stderr,"missing nl in uuencoded line\n");
- w=x=y=z=0;
- return(-1);
- }
- j++;
- }
- *out='\0';
- w=x=y=z=0;
- return(n);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/des.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/des.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/des.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,866 @@
+/* crypto/des/des.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_SYS_MSDOS
+# ifndef OPENSSL_SYS_VMS
+# include OPENSSL_UNISTD
+# else /* OPENSSL_SYS_VMS */
+# ifdef __DECC
+# include <unistd.h>
+# else /* not __DECC */
+# include <math.h>
+# endif /* __DECC */
+# endif /* OPENSSL_SYS_VMS */
+#else /* OPENSSL_SYS_MSDOS */
+# include <io.h>
+#endif
+
+#include <time.h>
+#include "des_ver.h"
+
+#ifdef OPENSSL_SYS_VMS
+# include <types.h>
+# include <stat.h>
+#else
+# ifndef _IRIX
+# include <sys/types.h>
+# endif
+# include <sys/stat.h>
+#endif
+#include <openssl/des.h>
+#include <openssl/rand.h>
+#include <openssl/ui_compat.h>
+
+void usage(void);
+void doencryption(void);
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
+void uufwriteEnd(FILE *fp);
+int uufread(unsigned char *out, int size, unsigned int num, FILE *fp);
+int uuencode(unsigned char *in, int num, unsigned char *out);
+int uudecode(unsigned char *in, int num, unsigned char *out);
+void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
+ DES_key_schedule sk1, DES_key_schedule sk2,
+ DES_cblock *ivec1, DES_cblock *ivec2, int enc);
+#ifdef OPENSSL_SYS_VMS
+# define EXIT(a) exit(a&0x10000000L)
+#else
+# define EXIT(a) exit(a)
+#endif
+
+#define BUFSIZE (8*1024)
+#define VERIFY 1
+#define KEYSIZ 8
+#define KEYSIZB 1024 /* should hit tty line limit first :-) */
+char key[KEYSIZB + 1];
+int do_encrypt, longk = 0;
+FILE *DES_IN, *DES_OUT, *CKSUM_OUT;
+char uuname[200];
+unsigned char uubuf[50];
+int uubufnum = 0;
+#define INUUBUFN (45*100)
+#define OUTUUBUF (65*100)
+unsigned char b[OUTUUBUF];
+unsigned char bb[300];
+DES_cblock cksum = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+
+char cksumname[200] = "";
+
+int vflag, cflag, eflag, dflag, kflag, bflag, fflag, sflag, uflag, flag3,
+ hflag, error;
+
+int main(int argc, char **argv)
+{
+ int i;
+ struct stat ins, outs;
+ char *p;
+ char *in = NULL, *out = NULL;
+
+ vflag = cflag = eflag = dflag = kflag = hflag = bflag = fflag = sflag =
+ uflag = flag3 = 0;
+ error = 0;
+ memset(key, 0, sizeof(key));
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+ if ((p[0] == '-') && (p[1] != '\0')) {
+ p++;
+ while (*p) {
+ switch (*(p++)) {
+ case '3':
+ flag3 = 1;
+ longk = 1;
+ break;
+ case 'c':
+ cflag = 1;
+ strncpy(cksumname, p, 200);
+ cksumname[sizeof(cksumname) - 1] = '\0';
+ p += strlen(cksumname);
+ break;
+ case 'C':
+ cflag = 1;
+ longk = 1;
+ strncpy(cksumname, p, 200);
+ cksumname[sizeof(cksumname) - 1] = '\0';
+ p += strlen(cksumname);
+ break;
+ case 'e':
+ eflag = 1;
+ break;
+ case 'v':
+ vflag = 1;
+ break;
+ case 'E':
+ eflag = 1;
+ longk = 1;
+ break;
+ case 'd':
+ dflag = 1;
+ break;
+ case 'D':
+ dflag = 1;
+ longk = 1;
+ break;
+ case 'b':
+ bflag = 1;
+ break;
+ case 'f':
+ fflag = 1;
+ break;
+ case 's':
+ sflag = 1;
+ break;
+ case 'u':
+ uflag = 1;
+ strncpy(uuname, p, 200);
+ uuname[sizeof(uuname) - 1] = '\0';
+ p += strlen(uuname);
+ break;
+ case 'h':
+ hflag = 1;
+ break;
+ case 'k':
+ kflag = 1;
+ if ((i + 1) == argc) {
+ fputs("must have a key with the -k option\n", stderr);
+ error = 1;
+ } else {
+ int j;
+
+ i++;
+ strncpy(key, argv[i], KEYSIZB);
+ for (j = strlen(argv[i]) - 1; j >= 0; j--)
+ argv[i][j] = '\0';
+ }
+ break;
+ default:
+ fprintf(stderr, "'%c' unknown flag\n", p[-1]);
+ error = 1;
+ break;
+ }
+ }
+ } else {
+ if (in == NULL)
+ in = argv[i];
+ else if (out == NULL)
+ out = argv[i];
+ else
+ error = 1;
+ }
+ }
+ if (error)
+ usage();
+ /*-
+ * We either
+ * do checksum or
+ * do encrypt or
+ * do decrypt or
+ * do decrypt then ckecksum or
+ * do checksum then encrypt
+ */
+ if (((eflag + dflag) == 1) || cflag) {
+ if (eflag)
+ do_encrypt = DES_ENCRYPT;
+ if (dflag)
+ do_encrypt = DES_DECRYPT;
+ } else {
+ if (vflag) {
+#ifndef _Windows
+ fprintf(stderr, "des(1) built with %s\n", libdes_version);
+#endif
+ EXIT(1);
+ } else
+ usage();
+ }
+
+#ifndef _Windows
+ if (vflag)
+ fprintf(stderr, "des(1) built with %s\n", libdes_version);
+#endif
+ if ((in != NULL) && (out != NULL) &&
+#ifndef OPENSSL_SYS_MSDOS
+ (stat(in, &ins) != -1) &&
+ (stat(out, &outs) != -1) &&
+ (ins.st_dev == outs.st_dev) && (ins.st_ino == outs.st_ino))
+#else /* OPENSSL_SYS_MSDOS */
+ (strcmp(in, out) == 0))
+#endif
+ {
+ fputs("input and output file are the same\n", stderr);
+ EXIT(3);
+ }
+
+ if (!kflag)
+ if (des_read_pw_string
+ (key, KEYSIZB + 1, "Enter key:", eflag ? VERIFY : 0)) {
+ fputs("password error\n", stderr);
+ EXIT(2);
+ }
+
+ if (in == NULL)
+ DES_IN = stdin;
+ else if ((DES_IN = fopen(in, "r")) == NULL) {
+ perror("opening input file");
+ EXIT(4);
+ }
+
+ CKSUM_OUT = stdout;
+ if (out == NULL) {
+ DES_OUT = stdout;
+ CKSUM_OUT = stderr;
+ } else if ((DES_OUT = fopen(out, "w")) == NULL) {
+ perror("opening output file");
+ EXIT(5);
+ }
+#ifdef OPENSSL_SYS_MSDOS
+ /* This should set the file to binary mode. */
+ {
+# include <fcntl.h>
+ if (!(uflag && dflag))
+ setmode(fileno(DES_IN), O_BINARY);
+ if (!(uflag && eflag))
+ setmode(fileno(DES_OUT), O_BINARY);
+ }
+#endif
+
+ doencryption();
+ fclose(DES_IN);
+ fclose(DES_OUT);
+ EXIT(0);
+}
+
+void usage(void)
+{
+ char **u;
+ static const char *Usage[] = {
+ "des <options> [input-file [output-file]]",
+ "options:",
+ "-v : des(1) version number",
+ "-e : encrypt using SunOS compatible user key to DES key conversion.",
+ "-E : encrypt ",
+ "-d : decrypt using SunOS compatible user key to DES key conversion.",
+ "-D : decrypt ",
+ "-c[ckname] : generate a cbc_cksum using SunOS compatible user key to",
+ " DES key conversion and output to ckname (stdout default,",
+ " stderr if data being output on stdout). The checksum is",
+ " generated before encryption and after decryption if used",
+ " in conjunction with -[eEdD].",
+ "-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
+ "-k key : use key 'key'",
+ "-h : the key that is entered will be a hexadecimal number",
+ " that is used directly as the des key",
+ "-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
+ " (uuname is the filename to put in the uuencode header).",
+ "-b : encrypt using DES in ecb encryption mode, the default is cbc mode.",
+ "-3 : encrypt using triple DES encryption. This uses 2 keys",
+ " generated from the input key. If the input key is less",
+ " than 8 characters long, this is equivalent to normal",
+ " encryption. Default is triple cbc, -b makes it triple ecb.",
+ NULL
+ };
+ for (u = (char **)Usage; *u; u++) {
+ fputs(*u, stderr);
+ fputc('\n', stderr);
+ }
+
+ EXIT(1);
+}
+
+void doencryption(void)
+{
+#ifdef _LIBC
+ extern unsigned long time();
+#endif
+
+ register int i;
+ DES_key_schedule ks, ks2;
+ DES_cblock iv, iv2;
+ char *p;
+ int num = 0, j, k, l, rem, ll, len, last, ex = 0;
+ DES_cblock kk, k2;
+ FILE *O;
+ int Exit = 0;
+#ifndef OPENSSL_SYS_MSDOS
+ static unsigned char buf[BUFSIZE + 8], obuf[BUFSIZE + 8];
+#else
+ static unsigned char *buf = NULL, *obuf = NULL;
+
+ if (buf == NULL) {
+ if (((buf = OPENSSL_malloc(BUFSIZE + 8)) == NULL) ||
+ ((obuf = OPENSSL_malloc(BUFSIZE + 8)) == NULL)) {
+ fputs("Not enough memory\n", stderr);
+ Exit = 10;
+ goto problems;
+ }
+ }
+#endif
+
+ if (hflag) {
+ j = (flag3 ? 16 : 8);
+ p = key;
+ for (i = 0; i < j; i++) {
+ k = 0;
+ if ((*p <= '9') && (*p >= '0'))
+ k = (*p - '0') << 4;
+ else if ((*p <= 'f') && (*p >= 'a'))
+ k = (*p - 'a' + 10) << 4;
+ else if ((*p <= 'F') && (*p >= 'A'))
+ k = (*p - 'A' + 10) << 4;
+ else {
+ fputs("Bad hex key\n", stderr);
+ Exit = 9;
+ goto problems;
+ }
+ p++;
+ if ((*p <= '9') && (*p >= '0'))
+ k |= (*p - '0');
+ else if ((*p <= 'f') && (*p >= 'a'))
+ k |= (*p - 'a' + 10);
+ else if ((*p <= 'F') && (*p >= 'A'))
+ k |= (*p - 'A' + 10);
+ else {
+ fputs("Bad hex key\n", stderr);
+ Exit = 9;
+ goto problems;
+ }
+ p++;
+ if (i < 8)
+ kk[i] = k;
+ else
+ k2[i - 8] = k;
+ }
+ DES_set_key_unchecked(&k2, &ks2);
+ OPENSSL_cleanse(k2, sizeof(k2));
+ } else if (longk || flag3) {
+ if (flag3) {
+ DES_string_to_2keys(key, &kk, &k2);
+ DES_set_key_unchecked(&k2, &ks2);
+ OPENSSL_cleanse(k2, sizeof(k2));
+ } else
+ DES_string_to_key(key, &kk);
+ } else
+ for (i = 0; i < KEYSIZ; i++) {
+ l = 0;
+ k = key[i];
+ for (j = 0; j < 8; j++) {
+ if (k & 1)
+ l++;
+ k >>= 1;
+ }
+ if (l & 1)
+ kk[i] = key[i] & 0x7f;
+ else
+ kk[i] = key[i] | 0x80;
+ }
+
+ DES_set_key_unchecked(&kk, &ks);
+ OPENSSL_cleanse(key, sizeof(key));
+ OPENSSL_cleanse(kk, sizeof(kk));
+ /* woops - A bug that does not showup under unix :-( */
+ memset(iv, 0, sizeof(iv));
+ memset(iv2, 0, sizeof(iv2));
+
+ l = 1;
+ rem = 0;
+ /* first read */
+ if (eflag || (!dflag && cflag)) {
+ for (;;) {
+ num = l = fread(&(buf[rem]), 1, BUFSIZE, DES_IN);
+ l += rem;
+ num += rem;
+ if (l < 0) {
+ perror("read error");
+ Exit = 6;
+ goto problems;
+ }
+
+ rem = l % 8;
+ len = l - rem;
+ if (feof(DES_IN)) {
+ for (i = 7 - rem; i > 0; i--)
+ RAND_pseudo_bytes(buf + l++, 1);
+ buf[l++] = rem;
+ ex = 1;
+ len += rem;
+ } else
+ l -= rem;
+
+ if (cflag) {
+ DES_cbc_cksum(buf, &cksum, (long)len, &ks, &cksum);
+ if (!eflag) {
+ if (feof(DES_IN))
+ break;
+ else
+ continue;
+ }
+ }
+
+ if (bflag && !flag3)
+ for (i = 0; i < l; i += 8)
+ DES_ecb_encrypt((DES_cblock *)&(buf[i]),
+ (DES_cblock *)&(obuf[i]),
+ &ks, do_encrypt);
+ else if (flag3 && bflag)
+ for (i = 0; i < l; i += 8)
+ DES_ecb2_encrypt((DES_cblock *)&(buf[i]),
+ (DES_cblock *)&(obuf[i]),
+ &ks, &ks2, do_encrypt);
+ else if (flag3 && !bflag) {
+ char tmpbuf[8];
+
+ if (rem)
+ memcpy(tmpbuf, &(buf[l]), (unsigned int)rem);
+ DES_3cbc_encrypt((DES_cblock *)buf, (DES_cblock *)obuf,
+ (long)l, ks, ks2, &iv, &iv2, do_encrypt);
+ if (rem)
+ memcpy(&(buf[l]), tmpbuf, (unsigned int)rem);
+ } else {
+ DES_cbc_encrypt(buf, obuf, (long)l, &ks, &iv, do_encrypt);
+ if (l >= 8)
+ memcpy(iv, &(obuf[l - 8]), 8);
+ }
+ if (rem)
+ memcpy(buf, &(buf[l]), (unsigned int)rem);
+
+ i = 0;
+ while (i < l) {
+ if (uflag)
+ j = uufwrite(obuf, 1, (unsigned int)l - i, DES_OUT);
+ else
+ j = fwrite(obuf, 1, (unsigned int)l - i, DES_OUT);
+ if (j == -1) {
+ perror("Write error");
+ Exit = 7;
+ goto problems;
+ }
+ i += j;
+ }
+ if (feof(DES_IN)) {
+ if (uflag)
+ uufwriteEnd(DES_OUT);
+ break;
+ }
+ }
+ } else { /* decrypt */
+
+ ex = 1;
+ for (;;) {
+ if (ex) {
+ if (uflag)
+ l = uufread(buf, 1, BUFSIZE, DES_IN);
+ else
+ l = fread(buf, 1, BUFSIZE, DES_IN);
+ ex = 0;
+ rem = l % 8;
+ l -= rem;
+ }
+ if (l < 0) {
+ perror("read error");
+ Exit = 6;
+ goto problems;
+ }
+
+ if (bflag && !flag3)
+ for (i = 0; i < l; i += 8)
+ DES_ecb_encrypt((DES_cblock *)&(buf[i]),
+ (DES_cblock *)&(obuf[i]),
+ &ks, do_encrypt);
+ else if (flag3 && bflag)
+ for (i = 0; i < l; i += 8)
+ DES_ecb2_encrypt((DES_cblock *)&(buf[i]),
+ (DES_cblock *)&(obuf[i]),
+ &ks, &ks2, do_encrypt);
+ else if (flag3 && !bflag) {
+ DES_3cbc_encrypt((DES_cblock *)buf, (DES_cblock *)obuf,
+ (long)l, ks, ks2, &iv, &iv2, do_encrypt);
+ } else {
+ DES_cbc_encrypt(buf, obuf, (long)l, &ks, &iv, do_encrypt);
+ if (l >= 8)
+ memcpy(iv, &(buf[l - 8]), 8);
+ }
+
+ if (uflag)
+ ll = uufread(&(buf[rem]), 1, BUFSIZE, DES_IN);
+ else
+ ll = fread(&(buf[rem]), 1, BUFSIZE, DES_IN);
+ ll += rem;
+ rem = ll % 8;
+ ll -= rem;
+ if (feof(DES_IN) && (ll == 0)) {
+ last = obuf[l - 1];
+
+ if ((last > 7) || (last < 0)) {
+ fputs("The file was not decrypted correctly.\n", stderr);
+ Exit = 8;
+ last = 0;
+ }
+ l = l - 8 + last;
+ }
+ i = 0;
+ if (cflag)
+ DES_cbc_cksum(obuf,
+ (DES_cblock *)cksum, (long)l / 8 * 8, &ks,
+ (DES_cblock *)cksum);
+ while (i != l) {
+ j = fwrite(obuf, 1, (unsigned int)l - i, DES_OUT);
+ if (j == -1) {
+ perror("Write error");
+ Exit = 7;
+ goto problems;
+ }
+ i += j;
+ }
+ l = ll;
+ if ((l == 0) && feof(DES_IN))
+ break;
+ }
+ }
+ if (cflag) {
+ l = 0;
+ if (cksumname[0] != '\0') {
+ if ((O = fopen(cksumname, "w")) != NULL) {
+ CKSUM_OUT = O;
+ l = 1;
+ }
+ }
+ for (i = 0; i < 8; i++)
+ fprintf(CKSUM_OUT, "%02X", cksum[i]);
+ fprintf(CKSUM_OUT, "\n");
+ if (l)
+ fclose(CKSUM_OUT);
+ }
+ problems:
+ OPENSSL_cleanse(buf, sizeof(buf));
+ OPENSSL_cleanse(obuf, sizeof(obuf));
+ OPENSSL_cleanse(&ks, sizeof(ks));
+ OPENSSL_cleanse(&ks2, sizeof(ks2));
+ OPENSSL_cleanse(iv, sizeof(iv));
+ OPENSSL_cleanse(iv2, sizeof(iv2));
+ OPENSSL_cleanse(kk, sizeof(kk));
+ OPENSSL_cleanse(k2, sizeof(k2));
+ OPENSSL_cleanse(uubuf, sizeof(uubuf));
+ OPENSSL_cleanse(b, sizeof(b));
+ OPENSSL_cleanse(bb, sizeof(bb));
+ OPENSSL_cleanse(cksum, sizeof(cksum));
+ if (Exit)
+ EXIT(Exit);
+}
+
+/* We ignore this parameter but it should be > ~50 I believe */
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)
+{
+ int i, j, left, rem, ret = num;
+ static int start = 1;
+
+ if (start) {
+ fprintf(fp, "begin 600 %s\n",
+ (uuname[0] == '\0') ? "text.d" : uuname);
+ start = 0;
+ }
+
+ if (uubufnum) {
+ if (uubufnum + num < 45) {
+ memcpy(&(uubuf[uubufnum]), data, (unsigned int)num);
+ uubufnum += num;
+ return (num);
+ } else {
+ i = 45 - uubufnum;
+ memcpy(&(uubuf[uubufnum]), data, (unsigned int)i);
+ j = uuencode((unsigned char *)uubuf, 45, b);
+ fwrite(b, 1, (unsigned int)j, fp);
+ uubufnum = 0;
+ data += i;
+ num -= i;
+ }
+ }
+
+ for (i = 0; i < (((int)num) - INUUBUFN); i += INUUBUFN) {
+ j = uuencode(&(data[i]), INUUBUFN, b);
+ fwrite(b, 1, (unsigned int)j, fp);
+ }
+ rem = (num - i) % 45;
+ left = (num - i - rem);
+ if (left) {
+ j = uuencode(&(data[i]), left, b);
+ fwrite(b, 1, (unsigned int)j, fp);
+ i += left;
+ }
+ if (i != num) {
+ memcpy(uubuf, &(data[i]), (unsigned int)rem);
+ uubufnum = rem;
+ }
+ return (ret);
+}
+
+void uufwriteEnd(FILE *fp)
+{
+ int j;
+ static const char *end = " \nend\n";
+
+ if (uubufnum != 0) {
+ uubuf[uubufnum] = '\0';
+ uubuf[uubufnum + 1] = '\0';
+ uubuf[uubufnum + 2] = '\0';
+ j = uuencode(uubuf, uubufnum, b);
+ fwrite(b, 1, (unsigned int)j, fp);
+ }
+ fwrite(end, 1, strlen(end), fp);
+}
+
+/*
+ * int size: should always be > ~ 60; I actually ignore this parameter :-)
+ */
+int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)
+{
+ int i, j, tot;
+ static int done = 0;
+ static int valid = 0;
+ static int start = 1;
+
+ if (start) {
+ for (;;) {
+ b[0] = '\0';
+ fgets((char *)b, 300, fp);
+ if (b[0] == '\0') {
+ fprintf(stderr, "no 'begin' found in uuencoded input\n");
+ return (-1);
+ }
+ if (strncmp((char *)b, "begin ", 6) == 0)
+ break;
+ }
+ start = 0;
+ }
+ if (done)
+ return (0);
+ tot = 0;
+ if (valid) {
+ memcpy(out, bb, (unsigned int)valid);
+ tot = valid;
+ valid = 0;
+ }
+ for (;;) {
+ b[0] = '\0';
+ fgets((char *)b, 300, fp);
+ if (b[0] == '\0')
+ break;
+ i = strlen((char *)b);
+ if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd')) {
+ done = 1;
+ while (!feof(fp)) {
+ fgets((char *)b, 300, fp);
+ }
+ break;
+ }
+ i = uudecode(b, i, bb);
+ if (i < 0)
+ break;
+ if ((i + tot + 8) > num) {
+ /* num to copy to make it a multiple of 8 */
+ j = (num / 8 * 8) - tot - 8;
+ memcpy(&(out[tot]), bb, (unsigned int)j);
+ tot += j;
+ memcpy(bb, &(bb[j]), (unsigned int)i - j);
+ valid = i - j;
+ break;
+ }
+ memcpy(&(out[tot]), bb, (unsigned int)i);
+ tot += i;
+ }
+ return (tot);
+}
+
+#define ccc2l(c,l) (l =((DES_LONG)(*((c)++)))<<16, \
+ l|=((DES_LONG)(*((c)++)))<< 8, \
+ l|=((DES_LONG)(*((c)++))))
+
+#define l2ccc(l,c) (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+int uuencode(unsigned char *in, int num, unsigned char *out)
+{
+ int j, i, n, tot = 0;
+ DES_LONG l;
+ register unsigned char *p;
+ p = out;
+
+ for (j = 0; j < num; j += 45) {
+ if (j + 45 > num)
+ i = (num - j);
+ else
+ i = 45;
+ *(p++) = i + ' ';
+ for (n = 0; n < i; n += 3) {
+ ccc2l(in, l);
+ *(p++) = ((l >> 18) & 0x3f) + ' ';
+ *(p++) = ((l >> 12) & 0x3f) + ' ';
+ *(p++) = ((l >> 6) & 0x3f) + ' ';
+ *(p++) = ((l) & 0x3f) + ' ';
+ tot += 4;
+ }
+ *(p++) = '\n';
+ tot += 2;
+ }
+ *p = '\0';
+ l = 0;
+ return (tot);
+}
+
+int uudecode(unsigned char *in, int num, unsigned char *out)
+{
+ int j, i, k;
+ unsigned int n = 0, space = 0;
+ DES_LONG l;
+ DES_LONG w, x, y, z;
+ unsigned int blank = (unsigned int)'\n' - ' ';
+
+ for (j = 0; j < num;) {
+ n = *(in++) - ' ';
+ if (n == blank) {
+ n = 0;
+ in--;
+ }
+ if (n > 60) {
+ fprintf(stderr, "uuencoded line length too long\n");
+ return (-1);
+ }
+ j++;
+
+ for (i = 0; i < n; j += 4, i += 3) {
+ /*
+ * the following is for cases where spaces are removed from
+ * lines.
+ */
+ if (space) {
+ w = x = y = z = 0;
+ } else {
+ w = *(in++) - ' ';
+ x = *(in++) - ' ';
+ y = *(in++) - ' ';
+ z = *(in++) - ' ';
+ }
+ if ((w > 63) || (x > 63) || (y > 63) || (z > 63)) {
+ k = 0;
+ if (w == blank)
+ k = 1;
+ if (x == blank)
+ k = 2;
+ if (y == blank)
+ k = 3;
+ if (z == blank)
+ k = 4;
+ space = 1;
+ switch (k) {
+ case 1:
+ w = 0;
+ in--;
+ case 2:
+ x = 0;
+ in--;
+ case 3:
+ y = 0;
+ in--;
+ case 4:
+ z = 0;
+ in--;
+ break;
+ case 0:
+ space = 0;
+ fprintf(stderr, "bad uuencoded data values\n");
+ w = x = y = z = 0;
+ return (-1);
+ break;
+ }
+ }
+ l = (w << 18) | (x << 12) | (y << 6) | (z);
+ l2ccc(l, out);
+ }
+ if (*(in++) != '\n') {
+ fprintf(stderr, "missing nl in uuencoded line\n");
+ w = x = y = z = 0;
+ return (-1);
+ }
+ j++;
+ }
+ *out = '\0';
+ w = x = y = z = 0;
+ return (n);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/des.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,245 +0,0 @@
-/* crypto/des/des.h */
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_NEW_DES_H
-#define HEADER_NEW_DES_H
-
-#include <openssl/e_os2.h> /* OPENSSL_EXTERN, OPENSSL_NO_DES,
- DES_LONG (via openssl/opensslconf.h */
-
-#ifdef OPENSSL_NO_DES
-#error DES is disabled.
-#endif
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef unsigned char DES_cblock[8];
-typedef /* const */ unsigned char const_DES_cblock[8];
-/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock *
- * and const_DES_cblock * are incompatible pointer types. */
-
-typedef struct DES_ks
- {
- union
- {
- DES_cblock cblock;
- /* make sure things are correct size on machines with
- * 8 byte longs */
- DES_LONG deslong[2];
- } ks[16];
- } DES_key_schedule;
-
-#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT
-# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT
-# define OPENSSL_ENABLE_OLD_DES_SUPPORT
-# endif
-#endif
-
-#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT
-# include <openssl/des_old.h>
-#endif
-
-#define DES_KEY_SZ (sizeof(DES_cblock))
-#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
-
-#define DES_ENCRYPT 1
-#define DES_DECRYPT 0
-
-#define DES_CBC_MODE 0
-#define DES_PCBC_MODE 1
-
-#define DES_ecb2_encrypt(i,o,k1,k2,e) \
- DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
- DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
- DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
- DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-OPENSSL_DECLARE_GLOBAL(int,DES_check_key); /* defaults to false */
-#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
-OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */
-#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)
-
-const char *DES_options(void);
-void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks1,DES_key_schedule *ks2,
- DES_key_schedule *ks3, int enc);
-DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,
- long length,DES_key_schedule *schedule,
- const_DES_cblock *ivec);
-/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */
-void DES_cbc_encrypt(const unsigned char *input,unsigned char *output,
- long length,DES_key_schedule *schedule,DES_cblock *ivec,
- int enc);
-void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output,
- long length,DES_key_schedule *schedule,DES_cblock *ivec,
- int enc);
-void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output,
- long length,DES_key_schedule *schedule,DES_cblock *ivec,
- const_DES_cblock *inw,const_DES_cblock *outw,int enc);
-void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
- long length,DES_key_schedule *schedule,DES_cblock *ivec,
- int enc);
-void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output,
- DES_key_schedule *ks,int enc);
-
-/* This is the DES encryption function that gets called by just about
- every other DES routine in the library. You should not use this
- function except to implement 'modes' of DES. I say this because the
- functions that call this routine do the conversion from 'char *' to
- long, and this needs to be done to make sure 'non-aligned' memory
- access do not occur. The characters are loaded 'little endian'.
- Data is a pointer to 2 unsigned long's and ks is the
- DES_key_schedule to use. enc, is non zero specifies encryption,
- zero if decryption. */
-void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc);
-
-/* This functions is the same as DES_encrypt1() except that the DES
- initial permutation (IP) and final permutation (FP) have been left
- out. As for DES_encrypt1(), you should not use this function.
- It is used by the routines in the library that implement triple DES.
- IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same
- as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */
-void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc);
-
-void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3);
-void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3);
-void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output,
- long length,
- DES_key_schedule *ks1,DES_key_schedule *ks2,
- DES_key_schedule *ks3,DES_cblock *ivec,int enc);
-void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
- long length,
- DES_key_schedule *ks1,DES_key_schedule *ks2,
- DES_key_schedule *ks3,
- DES_cblock *ivec1,DES_cblock *ivec2,
- int enc);
-void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
- long length,DES_key_schedule *ks1,
- DES_key_schedule *ks2,DES_key_schedule *ks3,
- DES_cblock *ivec,int *num,int enc);
-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
- int numbits,long length,DES_key_schedule *ks1,
- DES_key_schedule *ks2,DES_key_schedule *ks3,
- DES_cblock *ivec,int enc);
-void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
- long length,DES_key_schedule *ks1,
- DES_key_schedule *ks2,DES_key_schedule *ks3,
- DES_cblock *ivec,int *num);
-#if 0
-void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,
- DES_cblock *out_white);
-#endif
-
-int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,
- DES_cblock *iv);
-int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched,
- DES_cblock *iv);
-char *DES_fcrypt(const char *buf,const char *salt, char *ret);
-char *DES_crypt(const char *buf,const char *salt);
-void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
- long length,DES_key_schedule *schedule,DES_cblock *ivec);
-void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output,
- long length,DES_key_schedule *schedule,DES_cblock *ivec,
- int enc);
-DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[],
- long length,int out_count,DES_cblock *seed);
-int DES_random_key(DES_cblock *ret);
-void DES_set_odd_parity(DES_cblock *key);
-int DES_check_key_parity(const_DES_cblock *key);
-int DES_is_weak_key(const_DES_cblock *key);
-/* DES_set_key (= set_key = DES_key_sched = key_sched) calls
- * DES_set_key_checked if global variable DES_check_key is set,
- * DES_set_key_unchecked otherwise. */
-int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
-int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
-int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
-void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
-void DES_string_to_key(const char *str,DES_cblock *key);
-void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
-void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
- DES_key_schedule *schedule,DES_cblock *ivec,int *num,
- int enc);
-void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
- DES_key_schedule *schedule,DES_cblock *ivec,int *num);
-
-int DES_read_password(DES_cblock *key, const char *prompt, int verify);
-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
- int verify);
-
-#define DES_fixup_key_parity DES_set_odd_parity
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/des.h (from rev 6976, vendor-crypto/openssl/dist/crypto/des/des.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/des.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,253 @@
+/* crypto/des/des.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_NEW_DES_H
+# define HEADER_NEW_DES_H
+
+# include <openssl/e_os2.h> /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG
+ * (via openssl/opensslconf.h */
+
+# ifdef OPENSSL_NO_DES
+# error DES is disabled.
+# endif
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef unsigned char DES_cblock[8];
+typedef /* const */ unsigned char const_DES_cblock[8];
+/*
+ * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and
+ * const_DES_cblock * are incompatible pointer types.
+ */
+
+typedef struct DES_ks {
+ union {
+ DES_cblock cblock;
+ /*
+ * make sure things are correct size on machines with 8 byte longs
+ */
+ DES_LONG deslong[2];
+ } ks[16];
+} DES_key_schedule;
+
+# ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT
+# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT
+# define OPENSSL_ENABLE_OLD_DES_SUPPORT
+# endif
+# endif
+
+# ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT
+# include <openssl/des_old.h>
+# endif
+
+# define DES_KEY_SZ (sizeof(DES_cblock))
+# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
+
+# define DES_ENCRYPT 1
+# define DES_DECRYPT 0
+
+# define DES_CBC_MODE 0
+# define DES_PCBC_MODE 1
+
+# define DES_ecb2_encrypt(i,o,k1,k2,e) \
+ DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+ DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+ DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+ DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */
+# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
+OPENSSL_DECLARE_GLOBAL(int, DES_rw_mode); /* defaults to DES_PCBC_MODE */
+# define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)
+
+const char *DES_options(void);
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+ DES_key_schedule *ks1, DES_key_schedule *ks2,
+ DES_key_schedule *ks3, int enc);
+DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
+ long length, DES_key_schedule *schedule,
+ const_DES_cblock *ivec);
+/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */
+void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
+void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
+void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, const_DES_cblock *inw,
+ const_DES_cblock *outw, int enc);
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+ DES_key_schedule *ks, int enc);
+
+/*
+ * This is the DES encryption function that gets called by just about every
+ * other DES routine in the library. You should not use this function except
+ * to implement 'modes' of DES. I say this because the functions that call
+ * this routine do the conversion from 'char *' to long, and this needs to be
+ * done to make sure 'non-aligned' memory access do not occur. The
+ * characters are loaded 'little endian'. Data is a pointer to 2 unsigned
+ * long's and ks is the DES_key_schedule to use. enc, is non zero specifies
+ * encryption, zero if decryption.
+ */
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc);
+
+/*
+ * This functions is the same as DES_encrypt1() except that the DES initial
+ * permutation (IP) and final permutation (FP) have been left out. As for
+ * DES_encrypt1(), you should not use this function. It is used by the
+ * routines in the library that implement triple DES. IP() DES_encrypt2()
+ * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1()
+ * DES_encrypt1() DES_encrypt1() except faster :-).
+ */
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc);
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length,
+ DES_key_schedule *ks1, DES_key_schedule *ks2,
+ DES_key_schedule *ks3, DES_cblock *ivec, int enc);
+void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
+ long length,
+ DES_key_schedule *ks1, DES_key_schedule *ks2,
+ DES_key_schedule *ks3,
+ DES_cblock *ivec1, DES_cblock *ivec2, int enc);
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec, int *num, int enc);
+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
+ int numbits, long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec, int enc);
+void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec, int *num);
+# if 0
+void DES_xwhite_in2out(const_DES_cblock *DES_key, const_DES_cblock *in_white,
+ DES_cblock *out_white);
+# endif
+
+int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
+ DES_cblock *iv);
+int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched,
+ DES_cblock *iv);
+char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+char *DES_crypt(const char *buf, const char *salt);
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec);
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc);
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+ long length, int out_count, DES_cblock *seed);
+int DES_random_key(DES_cblock *ret);
+void DES_set_odd_parity(DES_cblock *key);
+int DES_check_key_parity(const_DES_cblock *key);
+int DES_is_weak_key(const_DES_cblock *key);
+/*
+ * DES_set_key (= set_key = DES_key_sched = key_sched) calls
+ * DES_set_key_checked if global variable DES_check_key is set,
+ * DES_set_key_unchecked otherwise.
+ */
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
+void DES_string_to_key(const char *str, DES_cblock *key);
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int *num, int enc);
+void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int *num);
+
+int DES_read_password(DES_cblock *key, const char *prompt, int verify);
+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2,
+ const char *prompt, int verify);
+
+# define DES_fixup_key_parity DES_set_odd_parity
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/des_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,411 +0,0 @@
-/* crypto/des/des_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
- {
- register DES_LONG l,r,t,u;
-#ifdef DES_PTR
- register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
-#endif
-#ifndef DES_UNROLL
- register int i;
-#endif
- register DES_LONG *s;
-
- r=data[0];
- l=data[1];
-
- IP(r,l);
- /* Things have been modified so that the initial rotate is
- * done outside the loop. This required the
- * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
- * One perl script later and things have a 5% speed up on a sparc2.
- * Thanks to Richard Outerbridge <71755.204 at CompuServe.COM>
- * for pointing this out. */
- /* clear the top bits on machines with 8byte longs */
- /* shift left by 2 */
- r=ROTATE(r,29)&0xffffffffL;
- l=ROTATE(l,29)&0xffffffffL;
-
- s=ks->ks->deslong;
- /* I don't know if it is worth the effort of loop unrolling the
- * inner loop */
- if (enc)
- {
-#ifdef DES_UNROLL
- D_ENCRYPT(l,r, 0); /* 1 */
- D_ENCRYPT(r,l, 2); /* 2 */
- D_ENCRYPT(l,r, 4); /* 3 */
- D_ENCRYPT(r,l, 6); /* 4 */
- D_ENCRYPT(l,r, 8); /* 5 */
- D_ENCRYPT(r,l,10); /* 6 */
- D_ENCRYPT(l,r,12); /* 7 */
- D_ENCRYPT(r,l,14); /* 8 */
- D_ENCRYPT(l,r,16); /* 9 */
- D_ENCRYPT(r,l,18); /* 10 */
- D_ENCRYPT(l,r,20); /* 11 */
- D_ENCRYPT(r,l,22); /* 12 */
- D_ENCRYPT(l,r,24); /* 13 */
- D_ENCRYPT(r,l,26); /* 14 */
- D_ENCRYPT(l,r,28); /* 15 */
- D_ENCRYPT(r,l,30); /* 16 */
-#else
- for (i=0; i<32; i+=8)
- {
- D_ENCRYPT(l,r,i+0); /* 1 */
- D_ENCRYPT(r,l,i+2); /* 2 */
- D_ENCRYPT(l,r,i+4); /* 3 */
- D_ENCRYPT(r,l,i+6); /* 4 */
- }
-#endif
- }
- else
- {
-#ifdef DES_UNROLL
- D_ENCRYPT(l,r,30); /* 16 */
- D_ENCRYPT(r,l,28); /* 15 */
- D_ENCRYPT(l,r,26); /* 14 */
- D_ENCRYPT(r,l,24); /* 13 */
- D_ENCRYPT(l,r,22); /* 12 */
- D_ENCRYPT(r,l,20); /* 11 */
- D_ENCRYPT(l,r,18); /* 10 */
- D_ENCRYPT(r,l,16); /* 9 */
- D_ENCRYPT(l,r,14); /* 8 */
- D_ENCRYPT(r,l,12); /* 7 */
- D_ENCRYPT(l,r,10); /* 6 */
- D_ENCRYPT(r,l, 8); /* 5 */
- D_ENCRYPT(l,r, 6); /* 4 */
- D_ENCRYPT(r,l, 4); /* 3 */
- D_ENCRYPT(l,r, 2); /* 2 */
- D_ENCRYPT(r,l, 0); /* 1 */
-#else
- for (i=30; i>0; i-=8)
- {
- D_ENCRYPT(l,r,i-0); /* 16 */
- D_ENCRYPT(r,l,i-2); /* 15 */
- D_ENCRYPT(l,r,i-4); /* 14 */
- D_ENCRYPT(r,l,i-6); /* 13 */
- }
-#endif
- }
-
- /* rotate and clear the top bits on machines with 8byte longs */
- l=ROTATE(l,3)&0xffffffffL;
- r=ROTATE(r,3)&0xffffffffL;
-
- FP(r,l);
- data[0]=l;
- data[1]=r;
- l=r=t=u=0;
- }
-
-void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
- {
- register DES_LONG l,r,t,u;
-#ifdef DES_PTR
- register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
-#endif
-#ifndef DES_UNROLL
- register int i;
-#endif
- register DES_LONG *s;
-
- r=data[0];
- l=data[1];
-
- /* Things have been modified so that the initial rotate is
- * done outside the loop. This required the
- * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
- * One perl script later and things have a 5% speed up on a sparc2.
- * Thanks to Richard Outerbridge <71755.204 at CompuServe.COM>
- * for pointing this out. */
- /* clear the top bits on machines with 8byte longs */
- r=ROTATE(r,29)&0xffffffffL;
- l=ROTATE(l,29)&0xffffffffL;
-
- s=ks->ks->deslong;
- /* I don't know if it is worth the effort of loop unrolling the
- * inner loop */
- if (enc)
- {
-#ifdef DES_UNROLL
- D_ENCRYPT(l,r, 0); /* 1 */
- D_ENCRYPT(r,l, 2); /* 2 */
- D_ENCRYPT(l,r, 4); /* 3 */
- D_ENCRYPT(r,l, 6); /* 4 */
- D_ENCRYPT(l,r, 8); /* 5 */
- D_ENCRYPT(r,l,10); /* 6 */
- D_ENCRYPT(l,r,12); /* 7 */
- D_ENCRYPT(r,l,14); /* 8 */
- D_ENCRYPT(l,r,16); /* 9 */
- D_ENCRYPT(r,l,18); /* 10 */
- D_ENCRYPT(l,r,20); /* 11 */
- D_ENCRYPT(r,l,22); /* 12 */
- D_ENCRYPT(l,r,24); /* 13 */
- D_ENCRYPT(r,l,26); /* 14 */
- D_ENCRYPT(l,r,28); /* 15 */
- D_ENCRYPT(r,l,30); /* 16 */
-#else
- for (i=0; i<32; i+=8)
- {
- D_ENCRYPT(l,r,i+0); /* 1 */
- D_ENCRYPT(r,l,i+2); /* 2 */
- D_ENCRYPT(l,r,i+4); /* 3 */
- D_ENCRYPT(r,l,i+6); /* 4 */
- }
-#endif
- }
- else
- {
-#ifdef DES_UNROLL
- D_ENCRYPT(l,r,30); /* 16 */
- D_ENCRYPT(r,l,28); /* 15 */
- D_ENCRYPT(l,r,26); /* 14 */
- D_ENCRYPT(r,l,24); /* 13 */
- D_ENCRYPT(l,r,22); /* 12 */
- D_ENCRYPT(r,l,20); /* 11 */
- D_ENCRYPT(l,r,18); /* 10 */
- D_ENCRYPT(r,l,16); /* 9 */
- D_ENCRYPT(l,r,14); /* 8 */
- D_ENCRYPT(r,l,12); /* 7 */
- D_ENCRYPT(l,r,10); /* 6 */
- D_ENCRYPT(r,l, 8); /* 5 */
- D_ENCRYPT(l,r, 6); /* 4 */
- D_ENCRYPT(r,l, 4); /* 3 */
- D_ENCRYPT(l,r, 2); /* 2 */
- D_ENCRYPT(r,l, 0); /* 1 */
-#else
- for (i=30; i>0; i-=8)
- {
- D_ENCRYPT(l,r,i-0); /* 16 */
- D_ENCRYPT(r,l,i-2); /* 15 */
- D_ENCRYPT(l,r,i-4); /* 14 */
- D_ENCRYPT(r,l,i-6); /* 13 */
- }
-#endif
- }
- /* rotate and clear the top bits on machines with 8byte longs */
- data[0]=ROTATE(l,3)&0xffffffffL;
- data[1]=ROTATE(r,3)&0xffffffffL;
- l=r=t=u=0;
- }
-
-void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3)
- {
- register DES_LONG l,r;
-
- l=data[0];
- r=data[1];
- IP(l,r);
- data[0]=l;
- data[1]=r;
- DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
- DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
- DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
- l=data[0];
- r=data[1];
- FP(r,l);
- data[0]=l;
- data[1]=r;
- }
-
-void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3)
- {
- register DES_LONG l,r;
-
- l=data[0];
- r=data[1];
- IP(l,r);
- data[0]=l;
- data[1]=r;
- DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
- DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
- DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
- l=data[0];
- r=data[1];
- FP(r,l);
- data[0]=l;
- data[1]=r;
- }
-
-#ifndef DES_DEFAULT_OPTIONS
-
-#if !defined(OPENSSL_FIPS_DES_ASM)
-
-#undef CBC_ENC_C__DONT_UPDATE_IV
-#include "ncbc_enc.c" /* DES_ncbc_encrypt */
-
-void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3,
- DES_cblock *ivec, int enc)
- {
- register DES_LONG tin0,tin1;
- register DES_LONG tout0,tout1,xor0,xor1;
- register const unsigned char *in;
- unsigned char *out;
- register long l=length;
- DES_LONG tin[2];
- unsigned char *iv;
-
- in=input;
- out=output;
- iv = &(*ivec)[0];
-
- if (enc)
- {
- c2l(iv,tout0);
- c2l(iv,tout1);
- for (l-=8; l>=0; l-=8)
- {
- c2l(in,tin0);
- c2l(in,tin1);
- tin0^=tout0;
- tin1^=tout1;
-
- tin[0]=tin0;
- tin[1]=tin1;
- DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
- tout0=tin[0];
- tout1=tin[1];
-
- l2c(tout0,out);
- l2c(tout1,out);
- }
- if (l != -8)
- {
- c2ln(in,tin0,tin1,l+8);
- tin0^=tout0;
- tin1^=tout1;
-
- tin[0]=tin0;
- tin[1]=tin1;
- DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
- tout0=tin[0];
- tout1=tin[1];
-
- l2c(tout0,out);
- l2c(tout1,out);
- }
- iv = &(*ivec)[0];
- l2c(tout0,iv);
- l2c(tout1,iv);
- }
- else
- {
- register DES_LONG t0,t1;
-
- c2l(iv,xor0);
- c2l(iv,xor1);
- for (l-=8; l>=0; l-=8)
- {
- c2l(in,tin0);
- c2l(in,tin1);
-
- t0=tin0;
- t1=tin1;
-
- tin[0]=tin0;
- tin[1]=tin1;
- DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
- tout0=tin[0];
- tout1=tin[1];
-
- tout0^=xor0;
- tout1^=xor1;
- l2c(tout0,out);
- l2c(tout1,out);
- xor0=t0;
- xor1=t1;
- }
- if (l != -8)
- {
- c2l(in,tin0);
- c2l(in,tin1);
-
- t0=tin0;
- t1=tin1;
-
- tin[0]=tin0;
- tin[1]=tin1;
- DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
- tout0=tin[0];
- tout1=tin[1];
-
- tout0^=xor0;
- tout1^=xor1;
- l2cn(tout0,tout1,out,l+8);
- xor0=t0;
- xor1=t1;
- }
-
- iv = &(*ivec)[0];
- l2c(xor0,iv);
- l2c(xor1,iv);
- }
- tin0=tin1=tout0=tout1=xor0=xor1=0;
- tin[0]=tin[1]=0;
- }
-
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/des_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/des_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/des_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,400 @@
+/* crypto/des/des_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
+{
+ register DES_LONG l, r, t, u;
+#ifdef DES_PTR
+ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans;
+#endif
+#ifndef DES_UNROLL
+ register int i;
+#endif
+ register DES_LONG *s;
+
+ r = data[0];
+ l = data[1];
+
+ IP(r, l);
+ /*
+ * Things have been modified so that the initial rotate is done outside
+ * the loop. This required the DES_SPtrans values in sp.h to be rotated
+ * 1 bit to the right. One perl script later and things have a 5% speed
+ * up on a sparc2. Thanks to Richard Outerbridge
+ * <71755.204 at CompuServe.COM> for pointing this out.
+ */
+ /* clear the top bits on machines with 8byte longs */
+ /* shift left by 2 */
+ r = ROTATE(r, 29) & 0xffffffffL;
+ l = ROTATE(l, 29) & 0xffffffffL;
+
+ s = ks->ks->deslong;
+ /*
+ * I don't know if it is worth the effort of loop unrolling the inner
+ * loop
+ */
+ if (enc) {
+#ifdef DES_UNROLL
+ D_ENCRYPT(l, r, 0); /* 1 */
+ D_ENCRYPT(r, l, 2); /* 2 */
+ D_ENCRYPT(l, r, 4); /* 3 */
+ D_ENCRYPT(r, l, 6); /* 4 */
+ D_ENCRYPT(l, r, 8); /* 5 */
+ D_ENCRYPT(r, l, 10); /* 6 */
+ D_ENCRYPT(l, r, 12); /* 7 */
+ D_ENCRYPT(r, l, 14); /* 8 */
+ D_ENCRYPT(l, r, 16); /* 9 */
+ D_ENCRYPT(r, l, 18); /* 10 */
+ D_ENCRYPT(l, r, 20); /* 11 */
+ D_ENCRYPT(r, l, 22); /* 12 */
+ D_ENCRYPT(l, r, 24); /* 13 */
+ D_ENCRYPT(r, l, 26); /* 14 */
+ D_ENCRYPT(l, r, 28); /* 15 */
+ D_ENCRYPT(r, l, 30); /* 16 */
+#else
+ for (i = 0; i < 32; i += 8) {
+ D_ENCRYPT(l, r, i + 0); /* 1 */
+ D_ENCRYPT(r, l, i + 2); /* 2 */
+ D_ENCRYPT(l, r, i + 4); /* 3 */
+ D_ENCRYPT(r, l, i + 6); /* 4 */
+ }
+#endif
+ } else {
+#ifdef DES_UNROLL
+ D_ENCRYPT(l, r, 30); /* 16 */
+ D_ENCRYPT(r, l, 28); /* 15 */
+ D_ENCRYPT(l, r, 26); /* 14 */
+ D_ENCRYPT(r, l, 24); /* 13 */
+ D_ENCRYPT(l, r, 22); /* 12 */
+ D_ENCRYPT(r, l, 20); /* 11 */
+ D_ENCRYPT(l, r, 18); /* 10 */
+ D_ENCRYPT(r, l, 16); /* 9 */
+ D_ENCRYPT(l, r, 14); /* 8 */
+ D_ENCRYPT(r, l, 12); /* 7 */
+ D_ENCRYPT(l, r, 10); /* 6 */
+ D_ENCRYPT(r, l, 8); /* 5 */
+ D_ENCRYPT(l, r, 6); /* 4 */
+ D_ENCRYPT(r, l, 4); /* 3 */
+ D_ENCRYPT(l, r, 2); /* 2 */
+ D_ENCRYPT(r, l, 0); /* 1 */
+#else
+ for (i = 30; i > 0; i -= 8) {
+ D_ENCRYPT(l, r, i - 0); /* 16 */
+ D_ENCRYPT(r, l, i - 2); /* 15 */
+ D_ENCRYPT(l, r, i - 4); /* 14 */
+ D_ENCRYPT(r, l, i - 6); /* 13 */
+ }
+#endif
+ }
+
+ /* rotate and clear the top bits on machines with 8byte longs */
+ l = ROTATE(l, 3) & 0xffffffffL;
+ r = ROTATE(r, 3) & 0xffffffffL;
+
+ FP(r, l);
+ data[0] = l;
+ data[1] = r;
+ l = r = t = u = 0;
+}
+
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
+{
+ register DES_LONG l, r, t, u;
+#ifdef DES_PTR
+ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans;
+#endif
+#ifndef DES_UNROLL
+ register int i;
+#endif
+ register DES_LONG *s;
+
+ r = data[0];
+ l = data[1];
+
+ /*
+ * Things have been modified so that the initial rotate is done outside
+ * the loop. This required the DES_SPtrans values in sp.h to be rotated
+ * 1 bit to the right. One perl script later and things have a 5% speed
+ * up on a sparc2. Thanks to Richard Outerbridge
+ * <71755.204 at CompuServe.COM> for pointing this out.
+ */
+ /* clear the top bits on machines with 8byte longs */
+ r = ROTATE(r, 29) & 0xffffffffL;
+ l = ROTATE(l, 29) & 0xffffffffL;
+
+ s = ks->ks->deslong;
+ /*
+ * I don't know if it is worth the effort of loop unrolling the inner
+ * loop
+ */
+ if (enc) {
+#ifdef DES_UNROLL
+ D_ENCRYPT(l, r, 0); /* 1 */
+ D_ENCRYPT(r, l, 2); /* 2 */
+ D_ENCRYPT(l, r, 4); /* 3 */
+ D_ENCRYPT(r, l, 6); /* 4 */
+ D_ENCRYPT(l, r, 8); /* 5 */
+ D_ENCRYPT(r, l, 10); /* 6 */
+ D_ENCRYPT(l, r, 12); /* 7 */
+ D_ENCRYPT(r, l, 14); /* 8 */
+ D_ENCRYPT(l, r, 16); /* 9 */
+ D_ENCRYPT(r, l, 18); /* 10 */
+ D_ENCRYPT(l, r, 20); /* 11 */
+ D_ENCRYPT(r, l, 22); /* 12 */
+ D_ENCRYPT(l, r, 24); /* 13 */
+ D_ENCRYPT(r, l, 26); /* 14 */
+ D_ENCRYPT(l, r, 28); /* 15 */
+ D_ENCRYPT(r, l, 30); /* 16 */
+#else
+ for (i = 0; i < 32; i += 8) {
+ D_ENCRYPT(l, r, i + 0); /* 1 */
+ D_ENCRYPT(r, l, i + 2); /* 2 */
+ D_ENCRYPT(l, r, i + 4); /* 3 */
+ D_ENCRYPT(r, l, i + 6); /* 4 */
+ }
+#endif
+ } else {
+#ifdef DES_UNROLL
+ D_ENCRYPT(l, r, 30); /* 16 */
+ D_ENCRYPT(r, l, 28); /* 15 */
+ D_ENCRYPT(l, r, 26); /* 14 */
+ D_ENCRYPT(r, l, 24); /* 13 */
+ D_ENCRYPT(l, r, 22); /* 12 */
+ D_ENCRYPT(r, l, 20); /* 11 */
+ D_ENCRYPT(l, r, 18); /* 10 */
+ D_ENCRYPT(r, l, 16); /* 9 */
+ D_ENCRYPT(l, r, 14); /* 8 */
+ D_ENCRYPT(r, l, 12); /* 7 */
+ D_ENCRYPT(l, r, 10); /* 6 */
+ D_ENCRYPT(r, l, 8); /* 5 */
+ D_ENCRYPT(l, r, 6); /* 4 */
+ D_ENCRYPT(r, l, 4); /* 3 */
+ D_ENCRYPT(l, r, 2); /* 2 */
+ D_ENCRYPT(r, l, 0); /* 1 */
+#else
+ for (i = 30; i > 0; i -= 8) {
+ D_ENCRYPT(l, r, i - 0); /* 16 */
+ D_ENCRYPT(r, l, i - 2); /* 15 */
+ D_ENCRYPT(l, r, i - 4); /* 14 */
+ D_ENCRYPT(r, l, i - 6); /* 13 */
+ }
+#endif
+ }
+ /* rotate and clear the top bits on machines with 8byte longs */
+ data[0] = ROTATE(l, 3) & 0xffffffffL;
+ data[1] = ROTATE(r, 3) & 0xffffffffL;
+ l = r = t = u = 0;
+}
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3)
+{
+ register DES_LONG l, r;
+
+ l = data[0];
+ r = data[1];
+ IP(l, r);
+ data[0] = l;
+ data[1] = r;
+ DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT);
+ DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT);
+ DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT);
+ l = data[0];
+ r = data[1];
+ FP(r, l);
+ data[0] = l;
+ data[1] = r;
+}
+
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3)
+{
+ register DES_LONG l, r;
+
+ l = data[0];
+ r = data[1];
+ IP(l, r);
+ data[0] = l;
+ data[1] = r;
+ DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT);
+ DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT);
+ DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT);
+ l = data[0];
+ r = data[1];
+ FP(r, l);
+ data[0] = l;
+ data[1] = r;
+}
+
+#ifndef DES_DEFAULT_OPTIONS
+
+# if !defined(OPENSSL_FIPS_DES_ASM)
+
+# undef CBC_ENC_C__DONT_UPDATE_IV
+# include "ncbc_enc.c" /* DES_ncbc_encrypt */
+
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec, int enc)
+{
+ register DES_LONG tin0, tin1;
+ register DES_LONG tout0, tout1, xor0, xor1;
+ register const unsigned char *in;
+ unsigned char *out;
+ register long l = length;
+ DES_LONG tin[2];
+ unsigned char *iv;
+
+ in = input;
+ out = output;
+ iv = &(*ivec)[0];
+
+ if (enc) {
+ c2l(iv, tout0);
+ c2l(iv, tout1);
+ for (l -= 8; l >= 0; l -= 8) {
+ c2l(in, tin0);
+ c2l(in, tin1);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+
+ tin[0] = tin0;
+ tin[1] = tin1;
+ DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+ tout0 = tin[0];
+ tout1 = tin[1];
+
+ l2c(tout0, out);
+ l2c(tout1, out);
+ }
+ if (l != -8) {
+ c2ln(in, tin0, tin1, l + 8);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+
+ tin[0] = tin0;
+ tin[1] = tin1;
+ DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+ tout0 = tin[0];
+ tout1 = tin[1];
+
+ l2c(tout0, out);
+ l2c(tout1, out);
+ }
+ iv = &(*ivec)[0];
+ l2c(tout0, iv);
+ l2c(tout1, iv);
+ } else {
+ register DES_LONG t0, t1;
+
+ c2l(iv, xor0);
+ c2l(iv, xor1);
+ for (l -= 8; l >= 0; l -= 8) {
+ c2l(in, tin0);
+ c2l(in, tin1);
+
+ t0 = tin0;
+ t1 = tin1;
+
+ tin[0] = tin0;
+ tin[1] = tin1;
+ DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+ tout0 = tin[0];
+ tout1 = tin[1];
+
+ tout0 ^= xor0;
+ tout1 ^= xor1;
+ l2c(tout0, out);
+ l2c(tout1, out);
+ xor0 = t0;
+ xor1 = t1;
+ }
+ if (l != -8) {
+ c2l(in, tin0);
+ c2l(in, tin1);
+
+ t0 = tin0;
+ t1 = tin1;
+
+ tin[0] = tin0;
+ tin[1] = tin1;
+ DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+ tout0 = tin[0];
+ tout1 = tin[1];
+
+ tout0 ^= xor0;
+ tout1 ^= xor1;
+ l2cn(tout0, tout1, out, l + 8);
+ xor0 = t0;
+ xor1 = t1;
+ }
+
+ iv = &(*ivec)[0];
+ l2c(xor0, iv);
+ l2c(xor1, iv);
+ }
+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+ tin[0] = tin[1] = 0;
+}
+
+# endif
+
+#endif /* DES_DEFAULT_OPTIONS */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/des_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,106 +0,0 @@
-/* crypto/des/ecb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include "des_ver.h"
-#include <openssl/opensslv.h>
-#include <openssl/bio.h>
-
-OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT;
-OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT;
-
-const char *DES_options(void)
- {
- static int init=1;
- static char buf[32];
-
- if (init)
- {
- const char *ptr,*unroll,*risc,*size;
-
-#ifdef DES_PTR
- ptr="ptr";
-#else
- ptr="idx";
-#endif
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
- risc="risc1";
-#endif
-#ifdef DES_RISC2
- risc="risc2";
-#endif
-#else
- risc="cisc";
-#endif
-#ifdef DES_UNROLL
- unroll="16";
-#else
- unroll="4";
-#endif
- if (sizeof(DES_LONG) != sizeof(long))
- size="int";
- else
- size="long";
- BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
- size);
- init=0;
- }
- return(buf);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/des_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/des_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/des_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,104 @@
+/* crypto/des/ecb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+#include "des_ver.h"
+#include <openssl/opensslv.h>
+#include <openssl/bio.h>
+
+OPENSSL_GLOBAL const char libdes_version[] = "libdes" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char DES_version[] = "DES" OPENSSL_VERSION_PTEXT;
+
+const char *DES_options(void)
+{
+ static int init = 1;
+ static char buf[32];
+
+ if (init) {
+ const char *ptr, *unroll, *risc, *size;
+
+#ifdef DES_PTR
+ ptr = "ptr";
+#else
+ ptr = "idx";
+#endif
+#if defined(DES_RISC1) || defined(DES_RISC2)
+# ifdef DES_RISC1
+ risc = "risc1";
+# endif
+# ifdef DES_RISC2
+ risc = "risc2";
+# endif
+#else
+ risc = "cisc";
+#endif
+#ifdef DES_UNROLL
+ unroll = "16";
+#else
+ unroll = "4";
+#endif
+ if (sizeof(DES_LONG) != sizeof(long))
+ size = "int";
+ else
+ size = "long";
+ BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll,
+ size);
+ init = 0;
+ }
+ return (buf);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/des_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,428 +0,0 @@
-/* crypto/des/des_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DES_LOCL_H
-#define HEADER_DES_LOCL_H
-
-#include <openssl/e_os2.h>
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-#ifndef OPENSSL_SYS_MSDOS
-#define OPENSSL_SYS_MSDOS
-#endif
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#ifndef OPENSSL_SYS_MSDOS
-#if !defined(OPENSSL_SYS_VMS) || defined(__DECC)
-#ifdef OPENSSL_UNISTD
-# include OPENSSL_UNISTD
-#else
-# include <unistd.h>
-#endif
-#include <math.h>
-#endif
-#endif
-#include <openssl/des.h>
-
-#ifdef OPENSSL_SYS_MSDOS /* Visual C++ 2.1 (Windows NT/95) */
-#include <stdlib.h>
-#include <errno.h>
-#include <time.h>
-#include <io.h>
-#endif
-
-#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS)
-#include <string.h>
-#endif
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#define ITERATIONS 16
-#define HALF_ITERATIONS 8
-
-/* used in des_read and des_write */
-#define MAXWRITE (1024*16)
-#define BSIZE (MAXWRITE+4)
-
-#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
- l|=((DES_LONG)(*((c)++)))<< 8L, \
- l|=((DES_LONG)(*((c)++)))<<16L, \
- l|=((DES_LONG)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
- case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
- case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
- case 5: l2|=((DES_LONG)(*(--(c)))); \
- case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
- case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
- case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
- case 1: l1|=((DES_LONG)(*(--(c)))); \
- } \
- }
-
-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* replacements for htonl and ntohl since I have no idea what to do
- * when faced with machines with 8 byte longs. */
-#define HDRSIZE 4
-
-#define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \
- l|=((DES_LONG)(*((c)++)))<<16L, \
- l|=((DES_LONG)(*((c)++)))<< 8L, \
- l|=((DES_LONG)(*((c)++))))
-
-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
- } \
- }
-
-#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC)
-#define ROTATE(a,n) (_lrotr(a,n))
-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-# define ROTATE(a,n) ({ register unsigned int ret; \
- asm ("rorl %1,%0" \
- : "=r"(ret) \
- : "I"(n),"0"(a) \
- : "cc"); \
- ret; \
- })
-# endif
-#endif
-#ifndef ROTATE
-#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n))))
-#endif
-
-/* Don't worry about the LOAD_DATA() stuff, that is used by
- * fcrypt() to add it's little bit to the front */
-
-#ifdef DES_FCRYPT
-
-#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
- { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
-
-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
- t=R^(R>>16L); \
- u=t&E0; t&=E1; \
- tmp=(u<<16); u^=R^s[S ]; u^=tmp; \
- tmp=(t<<16); t^=R^s[S+1]; t^=tmp
-#else
-#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
- u=R^s[S ]; \
- t=R^s[S+1]
-#endif
-
-/* The changes to this macro may help or hinder, depending on the
- * compiler and the architecture. gcc2 always seems to do well :-).
- * Inspired by Dana How <how at isl.stanford.edu>
- * DO NOT use the alternative version on machines with 8 byte longs.
- * It does not seem to work on the Alpha, even when DES_LONG is 4
- * bytes, probably an issue of accessing non-word aligned objects :-( */
-#ifdef DES_PTR
-
-/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
- * is no reason to not xor all the sub items together. This potentially
- * saves a register since things can be xored directly into L */
-
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-#define D_ENCRYPT(LL,R,S) { \
- unsigned int u1,u2,u3; \
- LOAD_DATA(R,S,u,t,E0,E1,u1); \
- u2=(int)u>>8L; \
- u1=(int)u&0xfc; \
- u2&=0xfc; \
- t=ROTATE(t,4); \
- u>>=16L; \
- LL^= *(const DES_LONG *)(des_SP +u1); \
- LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
- u3=(int)(u>>8L); \
- u1=(int)u&0xfc; \
- u3&=0xfc; \
- LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
- LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
- u2=(int)t>>8L; \
- u1=(int)t&0xfc; \
- u2&=0xfc; \
- t>>=16L; \
- LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
- LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
- u3=(int)t>>8L; \
- u1=(int)t&0xfc; \
- u3&=0xfc; \
- LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
- LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
-#endif
-#ifdef DES_RISC2
-#define D_ENCRYPT(LL,R,S) { \
- unsigned int u1,u2,s1,s2; \
- LOAD_DATA(R,S,u,t,E0,E1,u1); \
- u2=(int)u>>8L; \
- u1=(int)u&0xfc; \
- u2&=0xfc; \
- t=ROTATE(t,4); \
- LL^= *(const DES_LONG *)(des_SP +u1); \
- LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
- s1=(int)(u>>16L); \
- s2=(int)(u>>24L); \
- s1&=0xfc; \
- s2&=0xfc; \
- LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
- LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
- u2=(int)t>>8L; \
- u1=(int)t&0xfc; \
- u2&=0xfc; \
- LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
- LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
- s1=(int)(t>>16L); \
- s2=(int)(t>>24L); \
- s1&=0xfc; \
- s2&=0xfc; \
- LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
- LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
-#endif
-#else
-#define D_ENCRYPT(LL,R,S) { \
- LOAD_DATA_tmp(R,S,u,t,E0,E1); \
- t=ROTATE(t,4); \
- LL^= \
- *(const DES_LONG *)(des_SP +((u )&0xfc))^ \
- *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
- *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
- *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
- *(const DES_LONG *)(des_SP+0x100+((t )&0xfc))^ \
- *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
- *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
- *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
-#endif
-
-#else /* original version */
-
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-#define D_ENCRYPT(LL,R,S) {\
- unsigned int u1,u2,u3; \
- LOAD_DATA(R,S,u,t,E0,E1,u1); \
- u>>=2L; \
- t=ROTATE(t,6); \
- u2=(int)u>>8L; \
- u1=(int)u&0x3f; \
- u2&=0x3f; \
- u>>=16L; \
- LL^=DES_SPtrans[0][u1]; \
- LL^=DES_SPtrans[2][u2]; \
- u3=(int)u>>8L; \
- u1=(int)u&0x3f; \
- u3&=0x3f; \
- LL^=DES_SPtrans[4][u1]; \
- LL^=DES_SPtrans[6][u3]; \
- u2=(int)t>>8L; \
- u1=(int)t&0x3f; \
- u2&=0x3f; \
- t>>=16L; \
- LL^=DES_SPtrans[1][u1]; \
- LL^=DES_SPtrans[3][u2]; \
- u3=(int)t>>8L; \
- u1=(int)t&0x3f; \
- u3&=0x3f; \
- LL^=DES_SPtrans[5][u1]; \
- LL^=DES_SPtrans[7][u3]; }
-#endif
-#ifdef DES_RISC2
-#define D_ENCRYPT(LL,R,S) {\
- unsigned int u1,u2,s1,s2; \
- LOAD_DATA(R,S,u,t,E0,E1,u1); \
- u>>=2L; \
- t=ROTATE(t,6); \
- u2=(int)u>>8L; \
- u1=(int)u&0x3f; \
- u2&=0x3f; \
- LL^=DES_SPtrans[0][u1]; \
- LL^=DES_SPtrans[2][u2]; \
- s1=(int)u>>16L; \
- s2=(int)u>>24L; \
- s1&=0x3f; \
- s2&=0x3f; \
- LL^=DES_SPtrans[4][s1]; \
- LL^=DES_SPtrans[6][s2]; \
- u2=(int)t>>8L; \
- u1=(int)t&0x3f; \
- u2&=0x3f; \
- LL^=DES_SPtrans[1][u1]; \
- LL^=DES_SPtrans[3][u2]; \
- s1=(int)t>>16; \
- s2=(int)t>>24L; \
- s1&=0x3f; \
- s2&=0x3f; \
- LL^=DES_SPtrans[5][s1]; \
- LL^=DES_SPtrans[7][s2]; }
-#endif
-
-#else
-
-#define D_ENCRYPT(LL,R,S) {\
- LOAD_DATA_tmp(R,S,u,t,E0,E1); \
- t=ROTATE(t,4); \
- LL^=\
- DES_SPtrans[0][(u>> 2L)&0x3f]^ \
- DES_SPtrans[2][(u>>10L)&0x3f]^ \
- DES_SPtrans[4][(u>>18L)&0x3f]^ \
- DES_SPtrans[6][(u>>26L)&0x3f]^ \
- DES_SPtrans[1][(t>> 2L)&0x3f]^ \
- DES_SPtrans[3][(t>>10L)&0x3f]^ \
- DES_SPtrans[5][(t>>18L)&0x3f]^ \
- DES_SPtrans[7][(t>>26L)&0x3f]; }
-#endif
-#endif
-
- /* IP and FP
- * The problem is more of a geometric problem that random bit fiddling.
- 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
- 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
- 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
- 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
-
- 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
- 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
- 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
- 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
-
- The output has been subject to swaps of the form
- 0 1 -> 3 1 but the odd and even bits have been put into
- 2 3 2 0
- different words. The main trick is to remember that
- t=((l>>size)^r)&(mask);
- r^=t;
- l^=(t<<size);
- can be used to swap and move bits between words.
-
- So l = 0 1 2 3 r = 16 17 18 19
- 4 5 6 7 20 21 22 23
- 8 9 10 11 24 25 26 27
- 12 13 14 15 28 29 30 31
- becomes (for size == 2 and mask == 0x3333)
- t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
- 6^20 7^21 -- -- 4 5 20 21 6 7 22 23
- 10^24 11^25 -- -- 8 9 24 25 10 11 24 25
- 14^28 15^29 -- -- 12 13 28 29 14 15 28 29
-
- Thanks for hints from Richard Outerbridge - he told me IP&FP
- could be done in 15 xor, 10 shifts and 5 ands.
- When I finally started to think of the problem in 2D
- I first got ~42 operations without xors. When I remembered
- how to use xors :-) I got it to its final state.
- */
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
- (b)^=(t),\
- (a)^=((t)<<(n)))
-
-#define IP(l,r) \
- { \
- register DES_LONG tt; \
- PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
- PERM_OP(l,r,tt,16,0x0000ffffL); \
- PERM_OP(r,l,tt, 2,0x33333333L); \
- PERM_OP(l,r,tt, 8,0x00ff00ffL); \
- PERM_OP(r,l,tt, 1,0x55555555L); \
- }
-
-#define FP(l,r) \
- { \
- register DES_LONG tt; \
- PERM_OP(l,r,tt, 1,0x55555555L); \
- PERM_OP(r,l,tt, 8,0x00ff00ffL); \
- PERM_OP(l,r,tt, 2,0x33333333L); \
- PERM_OP(r,l,tt,16,0x0000ffffL); \
- PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
- }
-
-extern const DES_LONG DES_SPtrans[8][64];
-
-void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
- DES_LONG Eswap0, DES_LONG Eswap1);
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/des_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/des/des_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/des_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,437 @@
+/* crypto/des/des_locl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_DES_LOCL_H
+# define HEADER_DES_LOCL_H
+
+# include <openssl/e_os2.h>
+
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+# ifndef OPENSSL_SYS_MSDOS
+# define OPENSSL_SYS_MSDOS
+# endif
+# endif
+
+# include <stdio.h>
+# include <stdlib.h>
+
+# ifndef OPENSSL_SYS_MSDOS
+# if !defined(OPENSSL_SYS_VMS) || defined(__DECC)
+# ifdef OPENSSL_UNISTD
+# include OPENSSL_UNISTD
+# else
+# include <unistd.h>
+# endif
+# include <math.h>
+# endif
+# endif
+# include <openssl/des.h>
+
+# ifdef OPENSSL_SYS_MSDOS /* Visual C++ 2.1 (Windows NT/95) */
+# include <stdlib.h>
+# include <errno.h>
+# include <time.h>
+# include <io.h>
+# endif
+
+# if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS)
+# include <string.h>
+# endif
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+# define ITERATIONS 16
+# define HALF_ITERATIONS 8
+
+/* used in des_read and des_write */
+# define MAXWRITE (1024*16)
+# define BSIZE (MAXWRITE+4)
+
+# define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
+ l|=((DES_LONG)(*((c)++)))<< 8L, \
+ l|=((DES_LONG)(*((c)++)))<<16L, \
+ l|=((DES_LONG)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+# define c2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
+ case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
+ case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
+ case 5: l2|=((DES_LONG)(*(--(c)))); \
+ case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
+ case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
+ case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
+ case 1: l1|=((DES_LONG)(*(--(c)))); \
+ } \
+ }
+
+# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/*
+ * replacements for htonl and ntohl since I have no idea what to do when
+ * faced with machines with 8 byte longs.
+ */
+# define HDRSIZE 4
+
+# define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \
+ l|=((DES_LONG)(*((c)++)))<<16L, \
+ l|=((DES_LONG)(*((c)++)))<< 8L, \
+ l|=((DES_LONG)(*((c)++))))
+
+# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+# define l2cn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ } \
+ }
+
+# if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC)
+# define ROTATE(a,n) (_lrotr(a,n))
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+# define ROTATE(a,n) ({ register unsigned int ret; \
+ asm ("rorl %1,%0" \
+ : "=r"(ret) \
+ : "I"(n),"0"(a) \
+ : "cc"); \
+ ret; \
+ })
+# endif
+# endif
+# ifndef ROTATE
+# define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n))))
+# endif
+
+/*
+ * Don't worry about the LOAD_DATA() stuff, that is used by fcrypt() to add
+ * it's little bit to the front
+ */
+
+# ifdef DES_FCRYPT
+
+# define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
+ { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
+
+# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+ t=R^(R>>16L); \
+ u=t&E0; t&=E1; \
+ tmp=(u<<16); u^=R^s[S ]; u^=tmp; \
+ tmp=(t<<16); t^=R^s[S+1]; t^=tmp
+# else
+# define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+ u=R^s[S ]; \
+ t=R^s[S+1]
+# endif
+
+/*
+ * The changes to this macro may help or hinder, depending on the compiler
+ * and the architecture. gcc2 always seems to do well :-). Inspired by Dana
+ * How <how at isl.stanford.edu> DO NOT use the alternative version on machines
+ * with 8 byte longs. It does not seem to work on the Alpha, even when
+ * DES_LONG is 4 bytes, probably an issue of accessing non-word aligned
+ * objects :-(
+ */
+# ifdef DES_PTR
+
+/*
+ * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason
+ * to not xor all the sub items together. This potentially saves a register
+ * since things can be xored directly into L
+ */
+
+# if defined(DES_RISC1) || defined(DES_RISC2)
+# ifdef DES_RISC1
+# define D_ENCRYPT(LL,R,S) { \
+ unsigned int u1,u2,u3; \
+ LOAD_DATA(R,S,u,t,E0,E1,u1); \
+ u2=(int)u>>8L; \
+ u1=(int)u&0xfc; \
+ u2&=0xfc; \
+ t=ROTATE(t,4); \
+ u>>=16L; \
+ LL^= *(const DES_LONG *)(des_SP +u1); \
+ LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
+ u3=(int)(u>>8L); \
+ u1=(int)u&0xfc; \
+ u3&=0xfc; \
+ LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
+ LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
+ u2=(int)t>>8L; \
+ u1=(int)t&0xfc; \
+ u2&=0xfc; \
+ t>>=16L; \
+ LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+ LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
+ u3=(int)t>>8L; \
+ u1=(int)t&0xfc; \
+ u3&=0xfc; \
+ LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
+ LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
+# endif
+# ifdef DES_RISC2
+# define D_ENCRYPT(LL,R,S) { \
+ unsigned int u1,u2,s1,s2; \
+ LOAD_DATA(R,S,u,t,E0,E1,u1); \
+ u2=(int)u>>8L; \
+ u1=(int)u&0xfc; \
+ u2&=0xfc; \
+ t=ROTATE(t,4); \
+ LL^= *(const DES_LONG *)(des_SP +u1); \
+ LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
+ s1=(int)(u>>16L); \
+ s2=(int)(u>>24L); \
+ s1&=0xfc; \
+ s2&=0xfc; \
+ LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
+ LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
+ u2=(int)t>>8L; \
+ u1=(int)t&0xfc; \
+ u2&=0xfc; \
+ LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+ LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
+ s1=(int)(t>>16L); \
+ s2=(int)(t>>24L); \
+ s1&=0xfc; \
+ s2&=0xfc; \
+ LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
+ LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
+# endif
+# else
+# define D_ENCRYPT(LL,R,S) { \
+ LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+ t=ROTATE(t,4); \
+ LL^= \
+ *(const DES_LONG *)(des_SP +((u )&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x100+((t )&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
+ *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
+# endif
+
+# else /* original version */
+
+# if defined(DES_RISC1) || defined(DES_RISC2)
+# ifdef DES_RISC1
+# define D_ENCRYPT(LL,R,S) {\
+ unsigned int u1,u2,u3; \
+ LOAD_DATA(R,S,u,t,E0,E1,u1); \
+ u>>=2L; \
+ t=ROTATE(t,6); \
+ u2=(int)u>>8L; \
+ u1=(int)u&0x3f; \
+ u2&=0x3f; \
+ u>>=16L; \
+ LL^=DES_SPtrans[0][u1]; \
+ LL^=DES_SPtrans[2][u2]; \
+ u3=(int)u>>8L; \
+ u1=(int)u&0x3f; \
+ u3&=0x3f; \
+ LL^=DES_SPtrans[4][u1]; \
+ LL^=DES_SPtrans[6][u3]; \
+ u2=(int)t>>8L; \
+ u1=(int)t&0x3f; \
+ u2&=0x3f; \
+ t>>=16L; \
+ LL^=DES_SPtrans[1][u1]; \
+ LL^=DES_SPtrans[3][u2]; \
+ u3=(int)t>>8L; \
+ u1=(int)t&0x3f; \
+ u3&=0x3f; \
+ LL^=DES_SPtrans[5][u1]; \
+ LL^=DES_SPtrans[7][u3]; }
+# endif
+# ifdef DES_RISC2
+# define D_ENCRYPT(LL,R,S) {\
+ unsigned int u1,u2,s1,s2; \
+ LOAD_DATA(R,S,u,t,E0,E1,u1); \
+ u>>=2L; \
+ t=ROTATE(t,6); \
+ u2=(int)u>>8L; \
+ u1=(int)u&0x3f; \
+ u2&=0x3f; \
+ LL^=DES_SPtrans[0][u1]; \
+ LL^=DES_SPtrans[2][u2]; \
+ s1=(int)u>>16L; \
+ s2=(int)u>>24L; \
+ s1&=0x3f; \
+ s2&=0x3f; \
+ LL^=DES_SPtrans[4][s1]; \
+ LL^=DES_SPtrans[6][s2]; \
+ u2=(int)t>>8L; \
+ u1=(int)t&0x3f; \
+ u2&=0x3f; \
+ LL^=DES_SPtrans[1][u1]; \
+ LL^=DES_SPtrans[3][u2]; \
+ s1=(int)t>>16; \
+ s2=(int)t>>24L; \
+ s1&=0x3f; \
+ s2&=0x3f; \
+ LL^=DES_SPtrans[5][s1]; \
+ LL^=DES_SPtrans[7][s2]; }
+# endif
+
+# else
+
+# define D_ENCRYPT(LL,R,S) {\
+ LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+ t=ROTATE(t,4); \
+ LL^=\
+ DES_SPtrans[0][(u>> 2L)&0x3f]^ \
+ DES_SPtrans[2][(u>>10L)&0x3f]^ \
+ DES_SPtrans[4][(u>>18L)&0x3f]^ \
+ DES_SPtrans[6][(u>>26L)&0x3f]^ \
+ DES_SPtrans[1][(t>> 2L)&0x3f]^ \
+ DES_SPtrans[3][(t>>10L)&0x3f]^ \
+ DES_SPtrans[5][(t>>18L)&0x3f]^ \
+ DES_SPtrans[7][(t>>26L)&0x3f]; }
+# endif
+# endif
+
+ /*-
+ * IP and FP
+ * The problem is more of a geometric problem that random bit fiddling.
+ 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6
+ 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4
+ 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2
+ 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0
+
+ 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7
+ 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5
+ 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3
+ 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1
+
+ The output has been subject to swaps of the form
+ 0 1 -> 3 1 but the odd and even bits have been put into
+ 2 3 2 0
+ different words. The main trick is to remember that
+ t=((l>>size)^r)&(mask);
+ r^=t;
+ l^=(t<<size);
+ can be used to swap and move bits between words.
+
+ So l = 0 1 2 3 r = 16 17 18 19
+ 4 5 6 7 20 21 22 23
+ 8 9 10 11 24 25 26 27
+ 12 13 14 15 28 29 30 31
+ becomes (for size == 2 and mask == 0x3333)
+ t = 2^16 3^17 -- -- l = 0 1 16 17 r = 2 3 18 19
+ 6^20 7^21 -- -- 4 5 20 21 6 7 22 23
+ 10^24 11^25 -- -- 8 9 24 25 10 11 24 25
+ 14^28 15^29 -- -- 12 13 28 29 14 15 28 29
+
+ Thanks for hints from Richard Outerbridge - he told me IP&FP
+ could be done in 15 xor, 10 shifts and 5 ands.
+ When I finally started to think of the problem in 2D
+ I first got ~42 operations without xors. When I remembered
+ how to use xors :-) I got it to its final state.
+ */
+# define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ (b)^=(t),\
+ (a)^=((t)<<(n)))
+
+# define IP(l,r) \
+ { \
+ register DES_LONG tt; \
+ PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+ PERM_OP(l,r,tt,16,0x0000ffffL); \
+ PERM_OP(r,l,tt, 2,0x33333333L); \
+ PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+ PERM_OP(r,l,tt, 1,0x55555555L); \
+ }
+
+# define FP(l,r) \
+ { \
+ register DES_LONG tt; \
+ PERM_OP(l,r,tt, 1,0x55555555L); \
+ PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+ PERM_OP(l,r,tt, 2,0x33333333L); \
+ PERM_OP(r,l,tt,16,0x0000ffffL); \
+ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+ }
+
+extern const DES_LONG DES_SPtrans[8][64];
+
+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks,
+ DES_LONG Eswap0, DES_LONG Eswap1);
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des_old.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,273 +0,0 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with libdes. OpenSSL now provides
- * functions where "des_" has been replaced with "DES_" in the names,
- * to make it possible to make incompatible changes that are needed
- * for C type security and other stuff.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones. The des_ functions will dissapear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#define OPENSSL_DES_LIBDES_COMPATIBILITY
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-const char *_ossl_old_des_options(void)
- {
- return DES_options();
- }
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
- des_key_schedule ks1,des_key_schedule ks2,
- des_key_schedule ks3, int enc)
- {
- DES_ecb3_encrypt((const_DES_cblock *)input, output,
- (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
- (DES_key_schedule *)ks3, enc);
- }
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
- long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
- {
- return DES_cbc_cksum((unsigned char *)input, output, length,
- (DES_key_schedule *)schedule, ivec);
- }
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
- des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
- {
- DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
- length, (DES_key_schedule *)schedule, ivec, enc);
- }
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
- des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
- {
- DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,
- length, (DES_key_schedule *)schedule, ivec, enc);
- }
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
- des_key_schedule schedule,_ossl_old_des_cblock *ivec,
- _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc)
- {
- DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,
- length, (DES_key_schedule *)schedule, ivec, inw, outw, enc);
- }
-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
- long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
- {
- DES_cfb_encrypt(in, out, numbits, length,
- (DES_key_schedule *)schedule, ivec, enc);
- }
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
- des_key_schedule ks,int enc)
- {
- DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);
- }
-void _ossl_old_des_encrypt(DES_LONG *data,des_key_schedule ks, int enc)
- {
- DES_encrypt1(data, (DES_key_schedule *)ks, enc);
- }
-void _ossl_old_des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc)
- {
- DES_encrypt2(data, (DES_key_schedule *)ks, enc);
- }
-void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1,
- des_key_schedule ks2, des_key_schedule ks3)
- {
- DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
- (DES_key_schedule *)ks3);
- }
-void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1,
- des_key_schedule ks2, des_key_schedule ks3)
- {
- DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
- (DES_key_schedule *)ks3);
- }
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output,
- long length, des_key_schedule ks1, des_key_schedule ks2,
- des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc)
- {
- DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
- length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
- (DES_key_schedule *)ks3, ivec, enc);
- }
-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
- long length, des_key_schedule ks1, des_key_schedule ks2,
- des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc)
- {
- DES_ede3_cfb64_encrypt(in, out, length,
- (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
- (DES_key_schedule *)ks3, ivec, num, enc);
- }
-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
- long length, des_key_schedule ks1, des_key_schedule ks2,
- des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num)
- {
- DES_ede3_ofb64_encrypt(in, out, length,
- (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
- (DES_key_schedule *)ks3, ivec, num);
- }
-
-#if 0 /* broken code, preserved just in case anyone specifically looks for this */
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
- _ossl_old_des_cblock (*out_white))
- {
- DES_xwhite_in2out(des_key, in_white, out_white);
- }
-#endif
-
-int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
- _ossl_old_des_cblock *iv)
- {
- return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);
- }
-int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
- _ossl_old_des_cblock *iv)
- {
- return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);
- }
-char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret)
- {
- return DES_fcrypt(buf, salt, ret);
- }
-char *_ossl_old_des_crypt(const char *buf,const char *salt)
- {
- return DES_crypt(buf, salt);
- }
-char *_ossl_old_crypt(const char *buf,const char *salt)
- {
- return DES_crypt(buf, salt);
- }
-void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
- int numbits,long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
- {
- DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,
- ivec);
- }
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
- des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
- {
- DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,
- length, (DES_key_schedule *)schedule, ivec, enc);
- }
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
- long length,int out_count,_ossl_old_des_cblock *seed)
- {
- return DES_quad_cksum((unsigned char *)input, output, length,
- out_count, seed);
- }
-void _ossl_old_des_random_seed(_ossl_old_des_cblock key)
- {
- RAND_seed(key, sizeof(_ossl_old_des_cblock));
- }
-void _ossl_old_des_random_key(_ossl_old_des_cblock ret)
- {
- DES_random_key((DES_cblock *)ret);
- }
-int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
- int verify)
- {
- return DES_read_password(key, prompt, verify);
- }
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, _ossl_old_des_cblock *key2,
- const char *prompt, int verify)
- {
- return DES_read_2passwords(key1, key2, prompt, verify);
- }
-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key)
- {
- DES_set_odd_parity(key);
- }
-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key)
- {
- return DES_is_weak_key(key);
- }
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,des_key_schedule schedule)
- {
- return DES_set_key(key, (DES_key_schedule *)schedule);
- }
-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,des_key_schedule schedule)
- {
- return DES_key_sched(key, (DES_key_schedule *)schedule);
- }
-void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key)
- {
- DES_string_to_key(str, key);
- }
-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2)
- {
- DES_string_to_2keys(str, key1, key2);
- }
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
- des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc)
- {
- DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
- ivec, num, enc);
- }
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
- des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num)
- {
- DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
- ivec, num);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/des_old.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,345 @@
+/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+
+/*-
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with libdes. OpenSSL now provides
+ * functions where "des_" has been replaced with "DES_" in the names,
+ * to make it possible to make incompatible changes that are needed
+ * for C type security and other stuff.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones. The des_ functions will dissapear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_DES_LIBDES_COMPATIBILITY
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+const char *_ossl_old_des_options(void)
+{
+ return DES_options();
+}
+
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output,
+ des_key_schedule ks1, des_key_schedule ks2,
+ des_key_schedule ks3, int enc)
+{
+ DES_ecb3_encrypt((const_DES_cblock *)input, output,
+ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+ (DES_key_schedule *)ks3, enc);
+}
+
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec)
+{
+ return DES_cbc_cksum((unsigned char *)input, output, length,
+ (DES_key_schedule *)schedule, ivec);
+}
+
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec, int enc)
+{
+ DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+ length, (DES_key_schedule *)schedule, ivec, enc);
+}
+
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec, int enc)
+{
+ DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,
+ length, (DES_key_schedule *)schedule, ivec, enc);
+}
+
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec,
+ _ossl_old_des_cblock *inw,
+ _ossl_old_des_cblock *outw, int enc)
+{
+ DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+ length, (DES_key_schedule *)schedule, ivec, inw, outw,
+ enc);
+}
+
+void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out,
+ int numbits, long length,
+ des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec, int enc)
+{
+ DES_cfb_encrypt(in, out, numbits, length,
+ (DES_key_schedule *)schedule, ivec, enc);
+}
+
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output,
+ des_key_schedule ks, int enc)
+{
+ DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);
+}
+
+void _ossl_old_des_encrypt(DES_LONG *data, des_key_schedule ks, int enc)
+{
+ DES_encrypt1(data, (DES_key_schedule *)ks, enc);
+}
+
+void _ossl_old_des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
+{
+ DES_encrypt2(data, (DES_key_schedule *)ks, enc);
+}
+
+void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+ des_key_schedule ks2, des_key_schedule ks3)
+{
+ DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+ (DES_key_schedule *)ks3);
+}
+
+void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+ des_key_schedule ks2, des_key_schedule ks3)
+{
+ DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+ (DES_key_schedule *)ks3);
+}
+
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ des_key_schedule ks1,
+ des_key_schedule ks2,
+ des_key_schedule ks3,
+ _ossl_old_des_cblock *ivec, int enc)
+{
+ DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+ length, (DES_key_schedule *)ks1,
+ (DES_key_schedule *)ks2, (DES_key_schedule *)ks3,
+ ivec, enc);
+}
+
+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+ long length, des_key_schedule ks1,
+ des_key_schedule ks2,
+ des_key_schedule ks3,
+ _ossl_old_des_cblock *ivec, int *num,
+ int enc)
+{
+ DES_ede3_cfb64_encrypt(in, out, length,
+ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+ (DES_key_schedule *)ks3, ivec, num, enc);
+}
+
+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+ long length, des_key_schedule ks1,
+ des_key_schedule ks2,
+ des_key_schedule ks3,
+ _ossl_old_des_cblock *ivec, int *num)
+{
+ DES_ede3_ofb64_encrypt(in, out, length,
+ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+ (DES_key_schedule *)ks3, ivec, num);
+}
+
+#if 0 /* broken code, preserved just in case anyone
+ * specifically looks for this */
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key),
+ _ossl_old_des_cblock (*in_white),
+ _ossl_old_des_cblock (*out_white))
+{
+ DES_xwhite_in2out(des_key, in_white, out_white);
+}
+#endif
+
+int _ossl_old_des_enc_read(int fd, char *buf, int len, des_key_schedule sched,
+ _ossl_old_des_cblock *iv)
+{
+ return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);
+}
+
+int _ossl_old_des_enc_write(int fd, char *buf, int len,
+ des_key_schedule sched, _ossl_old_des_cblock *iv)
+{
+ return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);
+}
+
+char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret)
+{
+ return DES_fcrypt(buf, salt, ret);
+}
+
+char *_ossl_old_des_crypt(const char *buf, const char *salt)
+{
+ return DES_crypt(buf, salt);
+}
+
+char *_ossl_old_crypt(const char *buf, const char *salt)
+{
+ return DES_crypt(buf, salt);
+}
+
+void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out,
+ int numbits, long length,
+ des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec)
+{
+ DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,
+ ivec);
+}
+
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec, int enc)
+{
+ DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+ length, (DES_key_schedule *)schedule, ivec, enc);
+}
+
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ int out_count, _ossl_old_des_cblock *seed)
+{
+ return DES_quad_cksum((unsigned char *)input, output, length,
+ out_count, seed);
+}
+
+void _ossl_old_des_random_seed(_ossl_old_des_cblock key)
+{
+ RAND_seed(key, sizeof(_ossl_old_des_cblock));
+}
+
+void _ossl_old_des_random_key(_ossl_old_des_cblock ret)
+{
+ DES_random_key((DES_cblock *)ret);
+}
+
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
+ int verify)
+{
+ return DES_read_password(key, prompt, verify);
+}
+
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,
+ _ossl_old_des_cblock *key2,
+ const char *prompt, int verify)
+{
+ return DES_read_2passwords(key1, key2, prompt, verify);
+}
+
+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key)
+{
+ DES_set_odd_parity(key);
+}
+
+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key)
+{
+ return DES_is_weak_key(key);
+}
+
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,
+ des_key_schedule schedule)
+{
+ return DES_set_key(key, (DES_key_schedule *)schedule);
+}
+
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,
+ des_key_schedule schedule)
+{
+ return DES_key_sched(key, (DES_key_schedule *)schedule);
+}
+
+void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key)
+{
+ DES_string_to_key(str, key);
+}
+
+void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1,
+ _ossl_old_des_cblock *key2)
+{
+ DES_string_to_2keys(str, key1, key2);
+}
+
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out,
+ long length, des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec, int *num,
+ int enc)
+{
+ DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+ ivec, num, enc);
+}
+
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out,
+ long length, des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec, int *num)
+{
+ DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+ ivec, num);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des_old.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,446 +0,0 @@
-/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with openssl 0.9.6 and older as
- * well as libdes. OpenSSL now provides functions where "des_" has
- * been replaced with "DES_" in the names, to make it possible to
- * make incompatible changes that are needed for C type security and
- * other stuff.
- *
- * This include files has two compatibility modes:
- *
- * - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
- * that is compatible with libdes and SSLeay.
- * - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
- * API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
- *
- * Note that these modes break earlier snapshots of OpenSSL, where
- * libdes compatibility was the only available mode or (later on) the
- * prefered compatibility mode. However, after much consideration
- * (and more or less violent discussions with external parties), it
- * was concluded that OpenSSL should be compatible with earlier versions
- * of itself before anything else. Also, in all honesty, libdes is
- * an old beast that shouldn't really be used any more.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones. The des_ functions will disappear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
-
-#include <openssl/e_os2.h> /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
-
-#ifdef OPENSSL_NO_DES
-#error DES is disabled.
-#endif
-
-#ifndef HEADER_NEW_DES_H
-#error You must include des.h, not des_old.h directly.
-#endif
-
-#ifdef _KERBEROS_DES_H
-#error <openssl/des_old.h> replaces <kerberos/des.h>.
-#endif
-
-#include <openssl/symhacks.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef _
-#undef _
-#endif
-
-typedef unsigned char _ossl_old_des_cblock[8];
-typedef struct _ossl_old_des_ks_struct
- {
- union {
- _ossl_old_des_cblock _;
- /* make sure things are correct size on machines with
- * 8 byte longs */
- DES_LONG pad[2];
- } ks;
- } _ossl_old_des_key_schedule[16];
-
-#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
-#define des_cblock DES_cblock
-#define const_des_cblock const_DES_cblock
-#define des_key_schedule DES_key_schedule
-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
- DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
- DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
-#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
- DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
- DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
- DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
-#define des_options()\
- DES_options()
-#define des_cbc_cksum(i,o,l,k,iv)\
- DES_cbc_cksum((i),(o),(l),&(k),(iv))
-#define des_cbc_encrypt(i,o,l,k,iv,e)\
- DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#define des_ncbc_encrypt(i,o,l,k,iv,e)\
- DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
- DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
- DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
-#define des_ecb_encrypt(i,o,k,e)\
- DES_ecb_encrypt((i),(o),&(k),(e))
-#define des_encrypt1(d,k,e)\
- DES_encrypt1((d),&(k),(e))
-#define des_encrypt2(d,k,e)\
- DES_encrypt2((d),&(k),(e))
-#define des_encrypt3(d,k1,k2,k3)\
- DES_encrypt3((d),&(k1),&(k2),&(k3))
-#define des_decrypt3(d,k1,k2,k3)\
- DES_decrypt3((d),&(k1),&(k2),&(k3))
-#define des_xwhite_in2out(k,i,o)\
- DES_xwhite_in2out((k),(i),(o))
-#define des_enc_read(f,b,l,k,iv)\
- DES_enc_read((f),(b),(l),&(k),(iv))
-#define des_enc_write(f,b,l,k,iv)\
- DES_enc_write((f),(b),(l),&(k),(iv))
-#define des_fcrypt(b,s,r)\
- DES_fcrypt((b),(s),(r))
-#if 0
-#define des_crypt(b,s)\
- DES_crypt((b),(s))
-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
-#define crypt(b,s)\
- DES_crypt((b),(s))
-#endif
-#endif
-#define des_ofb_encrypt(i,o,n,l,k,iv)\
- DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
-#define des_pcbc_encrypt(i,o,l,k,iv,e)\
- DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
-#define des_quad_cksum(i,o,l,c,s)\
- DES_quad_cksum((i),(o),(l),(c),(s))
-#define des_random_seed(k)\
- _ossl_096_des_random_seed((k))
-#define des_random_key(r)\
- DES_random_key((r))
-#define des_read_password(k,p,v) \
- DES_read_password((k),(p),(v))
-#define des_read_2passwords(k1,k2,p,v) \
- DES_read_2passwords((k1),(k2),(p),(v))
-#define des_set_odd_parity(k)\
- DES_set_odd_parity((k))
-#define des_check_key_parity(k)\
- DES_check_key_parity((k))
-#define des_is_weak_key(k)\
- DES_is_weak_key((k))
-#define des_set_key(k,ks)\
- DES_set_key((k),&(ks))
-#define des_key_sched(k,ks)\
- DES_key_sched((k),&(ks))
-#define des_set_key_checked(k,ks)\
- DES_set_key_checked((k),&(ks))
-#define des_set_key_unchecked(k,ks)\
- DES_set_key_unchecked((k),&(ks))
-#define des_string_to_key(s,k)\
- DES_string_to_key((s),(k))
-#define des_string_to_2keys(s,k1,k2)\
- DES_string_to_2keys((s),(k1),(k2))
-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
- DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
- DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
-
-
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
- des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
- des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
- des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
- des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define des_check_key DES_check_key
-#define des_rw_mode DES_rw_mode
-#else /* libdes compatibility */
-/* Map all symbol names to _ossl_old_des_* form, so we avoid all
- clashes with libdes */
-#define des_cblock _ossl_old_des_cblock
-#define des_key_schedule _ossl_old_des_key_schedule
-#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
- _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
-#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
- _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
-#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
- _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
-#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
- _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
-#define des_options()\
- _ossl_old_des_options()
-#define des_cbc_cksum(i,o,l,k,iv)\
- _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
-#define des_cbc_encrypt(i,o,l,k,iv,e)\
- _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
-#define des_ncbc_encrypt(i,o,l,k,iv,e)\
- _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
-#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
- _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
-#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
- _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
-#define des_ecb_encrypt(i,o,k,e)\
- _ossl_old_des_ecb_encrypt((i),(o),(k),(e))
-#define des_encrypt(d,k,e)\
- _ossl_old_des_encrypt((d),(k),(e))
-#define des_encrypt2(d,k,e)\
- _ossl_old_des_encrypt2((d),(k),(e))
-#define des_encrypt3(d,k1,k2,k3)\
- _ossl_old_des_encrypt3((d),(k1),(k2),(k3))
-#define des_decrypt3(d,k1,k2,k3)\
- _ossl_old_des_decrypt3((d),(k1),(k2),(k3))
-#define des_xwhite_in2out(k,i,o)\
- _ossl_old_des_xwhite_in2out((k),(i),(o))
-#define des_enc_read(f,b,l,k,iv)\
- _ossl_old_des_enc_read((f),(b),(l),(k),(iv))
-#define des_enc_write(f,b,l,k,iv)\
- _ossl_old_des_enc_write((f),(b),(l),(k),(iv))
-#define des_fcrypt(b,s,r)\
- _ossl_old_des_fcrypt((b),(s),(r))
-#define des_crypt(b,s)\
- _ossl_old_des_crypt((b),(s))
-#if 0
-#define crypt(b,s)\
- _ossl_old_crypt((b),(s))
-#endif
-#define des_ofb_encrypt(i,o,n,l,k,iv)\
- _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
-#define des_pcbc_encrypt(i,o,l,k,iv,e)\
- _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
-#define des_quad_cksum(i,o,l,c,s)\
- _ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
-#define des_random_seed(k)\
- _ossl_old_des_random_seed((k))
-#define des_random_key(r)\
- _ossl_old_des_random_key((r))
-#define des_read_password(k,p,v) \
- _ossl_old_des_read_password((k),(p),(v))
-#define des_read_2passwords(k1,k2,p,v) \
- _ossl_old_des_read_2passwords((k1),(k2),(p),(v))
-#define des_set_odd_parity(k)\
- _ossl_old_des_set_odd_parity((k))
-#define des_is_weak_key(k)\
- _ossl_old_des_is_weak_key((k))
-#define des_set_key(k,ks)\
- _ossl_old_des_set_key((k),(ks))
-#define des_key_sched(k,ks)\
- _ossl_old_des_key_sched((k),(ks))
-#define des_string_to_key(s,k)\
- _ossl_old_des_string_to_key((s),(k))
-#define des_string_to_2keys(s,k1,k2)\
- _ossl_old_des_string_to_2keys((s),(k1),(k2))
-#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
- _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
-#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
- _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
-
-
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
- des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
- des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
- des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
- des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define des_check_key DES_check_key
-#define des_rw_mode DES_rw_mode
-#endif
-
-const char *_ossl_old_des_options(void);
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
- _ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2,
- _ossl_old_des_key_schedule ks3, int enc);
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
- long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
- _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
- _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
- _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,
- _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc);
-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
- long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
- _ossl_old_des_key_schedule ks,int enc);
-void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
-void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
-void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
- _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
- _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output,
- long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
- _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc);
-void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
- long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
- _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc);
-void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
- long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
- _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);
-#if 0
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
- _ossl_old_des_cblock (*out_white));
-#endif
-
-int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
- _ossl_old_des_cblock *iv);
-int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
- _ossl_old_des_cblock *iv);
-char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret);
-char *_ossl_old_des_crypt(const char *buf,const char *salt);
-#if !defined(PERL5) && !defined(NeXT)
-char *_ossl_old_crypt(const char *buf,const char *salt);
-#endif
-void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
- int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
- _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
- long length,int out_count,_ossl_old_des_cblock *seed);
-void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
-void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
-int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify);
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2,
- const char *prompt,int verify);
-void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
-int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
-void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key);
-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2);
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
- _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc);
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
- _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num);
-
-void _ossl_096_des_random_seed(des_cblock *key);
-
-/* The following definitions provide compatibility with the MIT Kerberos
- * library. The _ossl_old_des_key_schedule structure is not binary compatible. */
-
-#define _KERBEROS_DES_H
-
-#define KRBDES_ENCRYPT DES_ENCRYPT
-#define KRBDES_DECRYPT DES_DECRYPT
-
-#ifdef KERBEROS
-# define ENCRYPT DES_ENCRYPT
-# define DECRYPT DES_DECRYPT
-#endif
-
-#ifndef NCOMPAT
-# define C_Block des_cblock
-# define Key_schedule des_key_schedule
-# define KEY_SZ DES_KEY_SZ
-# define string_to_key des_string_to_key
-# define read_pw_string des_read_pw_string
-# define random_key des_random_key
-# define pcbc_encrypt des_pcbc_encrypt
-# define set_key des_set_key
-# define key_sched des_key_sched
-# define ecb_encrypt des_ecb_encrypt
-# define cbc_encrypt des_cbc_encrypt
-# define ncbc_encrypt des_ncbc_encrypt
-# define xcbc_encrypt des_xcbc_encrypt
-# define cbc_cksum des_cbc_cksum
-# define quad_cksum des_quad_cksum
-# define check_parity des_check_key_parity
-#endif
-
-#define des_fixup_key_parity DES_fixup_key_parity
-
-#ifdef __cplusplus
-}
-#endif
-
-/* for DES_read_pw_string et al */
-#include <openssl/ui_compat.h>
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.h (from rev 6976, vendor-crypto/openssl/dist/crypto/des/des_old.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_old.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,497 @@
+/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
+
+/*-
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with openssl 0.9.6 and older as
+ * well as libdes. OpenSSL now provides functions where "des_" has
+ * been replaced with "DES_" in the names, to make it possible to
+ * make incompatible changes that are needed for C type security and
+ * other stuff.
+ *
+ * This include files has two compatibility modes:
+ *
+ * - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
+ * that is compatible with libdes and SSLeay.
+ * - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
+ * API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
+ *
+ * Note that these modes break earlier snapshots of OpenSSL, where
+ * libdes compatibility was the only available mode or (later on) the
+ * prefered compatibility mode. However, after much consideration
+ * (and more or less violent discussions with external parties), it
+ * was concluded that OpenSSL should be compatible with earlier versions
+ * of itself before anything else. Also, in all honesty, libdes is
+ * an old beast that shouldn't really be used any more.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones. The des_ functions will disappear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_DES_H
+# define HEADER_DES_H
+
+# include <openssl/e_os2.h> /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */
+
+# ifdef OPENSSL_NO_DES
+# error DES is disabled.
+# endif
+
+# ifndef HEADER_NEW_DES_H
+# error You must include des.h, not des_old.h directly.
+# endif
+
+# ifdef _KERBEROS_DES_H
+# error <openssl/des_old.h> replaces <kerberos/des.h>.
+# endif
+
+# include <openssl/symhacks.h>
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifdef _
+# undef _
+# endif
+
+typedef unsigned char _ossl_old_des_cblock[8];
+typedef struct _ossl_old_des_ks_struct {
+ union {
+ _ossl_old_des_cblock _;
+ /*
+ * make sure things are correct size on machines with 8 byte longs
+ */
+ DES_LONG pad[2];
+ } ks;
+} _ossl_old_des_key_schedule[16];
+
+# ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
+# define des_cblock DES_cblock
+# define const_des_cblock const_DES_cblock
+# define des_key_schedule DES_key_schedule
+# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+ DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
+# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+ DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
+# define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
+ DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
+# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+ DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
+# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+ DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
+# define des_options()\
+ DES_options()
+# define des_cbc_cksum(i,o,l,k,iv)\
+ DES_cbc_cksum((i),(o),(l),&(k),(iv))
+# define des_cbc_encrypt(i,o,l,k,iv,e)\
+ DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
+# define des_ncbc_encrypt(i,o,l,k,iv,e)\
+ DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
+# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+ DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
+# define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+ DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
+# define des_ecb_encrypt(i,o,k,e)\
+ DES_ecb_encrypt((i),(o),&(k),(e))
+# define des_encrypt1(d,k,e)\
+ DES_encrypt1((d),&(k),(e))
+# define des_encrypt2(d,k,e)\
+ DES_encrypt2((d),&(k),(e))
+# define des_encrypt3(d,k1,k2,k3)\
+ DES_encrypt3((d),&(k1),&(k2),&(k3))
+# define des_decrypt3(d,k1,k2,k3)\
+ DES_decrypt3((d),&(k1),&(k2),&(k3))
+# define des_xwhite_in2out(k,i,o)\
+ DES_xwhite_in2out((k),(i),(o))
+# define des_enc_read(f,b,l,k,iv)\
+ DES_enc_read((f),(b),(l),&(k),(iv))
+# define des_enc_write(f,b,l,k,iv)\
+ DES_enc_write((f),(b),(l),&(k),(iv))
+# define des_fcrypt(b,s,r)\
+ DES_fcrypt((b),(s),(r))
+# if 0
+# define des_crypt(b,s)\
+ DES_crypt((b),(s))
+# if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
+# define crypt(b,s)\
+ DES_crypt((b),(s))
+# endif
+# endif
+# define des_ofb_encrypt(i,o,n,l,k,iv)\
+ DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
+# define des_pcbc_encrypt(i,o,l,k,iv,e)\
+ DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
+# define des_quad_cksum(i,o,l,c,s)\
+ DES_quad_cksum((i),(o),(l),(c),(s))
+# define des_random_seed(k)\
+ _ossl_096_des_random_seed((k))
+# define des_random_key(r)\
+ DES_random_key((r))
+# define des_read_password(k,p,v) \
+ DES_read_password((k),(p),(v))
+# define des_read_2passwords(k1,k2,p,v) \
+ DES_read_2passwords((k1),(k2),(p),(v))
+# define des_set_odd_parity(k)\
+ DES_set_odd_parity((k))
+# define des_check_key_parity(k)\
+ DES_check_key_parity((k))
+# define des_is_weak_key(k)\
+ DES_is_weak_key((k))
+# define des_set_key(k,ks)\
+ DES_set_key((k),&(ks))
+# define des_key_sched(k,ks)\
+ DES_key_sched((k),&(ks))
+# define des_set_key_checked(k,ks)\
+ DES_set_key_checked((k),&(ks))
+# define des_set_key_unchecked(k,ks)\
+ DES_set_key_unchecked((k),&(ks))
+# define des_string_to_key(s,k)\
+ DES_string_to_key((s),(k))
+# define des_string_to_2keys(s,k1,k2)\
+ DES_string_to_2keys((s),(k1),(k2))
+# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+ DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
+# define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+ DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
+
+# define des_ecb2_encrypt(i,o,k1,k2,e) \
+ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+# define des_check_key DES_check_key
+# define des_rw_mode DES_rw_mode
+# else /* libdes compatibility */
+/*
+ * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with
+ * libdes
+ */
+# define des_cblock _ossl_old_des_cblock
+# define des_key_schedule _ossl_old_des_key_schedule
+# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+ _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
+# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+ _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
+# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+ _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
+# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+ _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
+# define des_options()\
+ _ossl_old_des_options()
+# define des_cbc_cksum(i,o,l,k,iv)\
+ _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
+# define des_cbc_encrypt(i,o,l,k,iv,e)\
+ _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
+# define des_ncbc_encrypt(i,o,l,k,iv,e)\
+ _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
+# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+ _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
+# define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+ _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
+# define des_ecb_encrypt(i,o,k,e)\
+ _ossl_old_des_ecb_encrypt((i),(o),(k),(e))
+# define des_encrypt(d,k,e)\
+ _ossl_old_des_encrypt((d),(k),(e))
+# define des_encrypt2(d,k,e)\
+ _ossl_old_des_encrypt2((d),(k),(e))
+# define des_encrypt3(d,k1,k2,k3)\
+ _ossl_old_des_encrypt3((d),(k1),(k2),(k3))
+# define des_decrypt3(d,k1,k2,k3)\
+ _ossl_old_des_decrypt3((d),(k1),(k2),(k3))
+# define des_xwhite_in2out(k,i,o)\
+ _ossl_old_des_xwhite_in2out((k),(i),(o))
+# define des_enc_read(f,b,l,k,iv)\
+ _ossl_old_des_enc_read((f),(b),(l),(k),(iv))
+# define des_enc_write(f,b,l,k,iv)\
+ _ossl_old_des_enc_write((f),(b),(l),(k),(iv))
+# define des_fcrypt(b,s,r)\
+ _ossl_old_des_fcrypt((b),(s),(r))
+# define des_crypt(b,s)\
+ _ossl_old_des_crypt((b),(s))
+# if 0
+# define crypt(b,s)\
+ _ossl_old_crypt((b),(s))
+# endif
+# define des_ofb_encrypt(i,o,n,l,k,iv)\
+ _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
+# define des_pcbc_encrypt(i,o,l,k,iv,e)\
+ _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
+# define des_quad_cksum(i,o,l,c,s)\
+ _ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
+# define des_random_seed(k)\
+ _ossl_old_des_random_seed((k))
+# define des_random_key(r)\
+ _ossl_old_des_random_key((r))
+# define des_read_password(k,p,v) \
+ _ossl_old_des_read_password((k),(p),(v))
+# define des_read_2passwords(k1,k2,p,v) \
+ _ossl_old_des_read_2passwords((k1),(k2),(p),(v))
+# define des_set_odd_parity(k)\
+ _ossl_old_des_set_odd_parity((k))
+# define des_is_weak_key(k)\
+ _ossl_old_des_is_weak_key((k))
+# define des_set_key(k,ks)\
+ _ossl_old_des_set_key((k),(ks))
+# define des_key_sched(k,ks)\
+ _ossl_old_des_key_sched((k),(ks))
+# define des_string_to_key(s,k)\
+ _ossl_old_des_string_to_key((s),(k))
+# define des_string_to_2keys(s,k1,k2)\
+ _ossl_old_des_string_to_2keys((s),(k1),(k2))
+# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+ _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
+# define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+ _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
+
+# define des_ecb2_encrypt(i,o,k1,k2,e) \
+ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+# define des_check_key DES_check_key
+# define des_rw_mode DES_rw_mode
+# endif
+
+const char *_ossl_old_des_options(void);
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output,
+ _ossl_old_des_key_schedule ks1,
+ _ossl_old_des_key_schedule ks2,
+ _ossl_old_des_key_schedule ks3, int enc);
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ _ossl_old_des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec);
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ _ossl_old_des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec, int enc);
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ _ossl_old_des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec, int enc);
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ _ossl_old_des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec,
+ _ossl_old_des_cblock *inw,
+ _ossl_old_des_cblock *outw, int enc);
+void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out,
+ int numbits, long length,
+ _ossl_old_des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec, int enc);
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output,
+ _ossl_old_des_key_schedule ks, int enc);
+void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks,
+ int enc);
+void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks,
+ int enc);
+void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
+ _ossl_old_des_key_schedule ks2,
+ _ossl_old_des_key_schedule ks3);
+void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
+ _ossl_old_des_key_schedule ks2,
+ _ossl_old_des_key_schedule ks3);
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ _ossl_old_des_key_schedule ks1,
+ _ossl_old_des_key_schedule ks2,
+ _ossl_old_des_key_schedule ks3,
+ _ossl_old_des_cblock *ivec, int enc);
+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+ long length,
+ _ossl_old_des_key_schedule ks1,
+ _ossl_old_des_key_schedule ks2,
+ _ossl_old_des_key_schedule ks3,
+ _ossl_old_des_cblock *ivec, int *num,
+ int enc);
+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+ long length,
+ _ossl_old_des_key_schedule ks1,
+ _ossl_old_des_key_schedule ks2,
+ _ossl_old_des_key_schedule ks3,
+ _ossl_old_des_cblock *ivec, int *num);
+# if 0
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key),
+ _ossl_old_des_cblock (*in_white),
+ _ossl_old_des_cblock (*out_white));
+# endif
+
+int _ossl_old_des_enc_read(int fd, char *buf, int len,
+ _ossl_old_des_key_schedule sched,
+ _ossl_old_des_cblock *iv);
+int _ossl_old_des_enc_write(int fd, char *buf, int len,
+ _ossl_old_des_key_schedule sched,
+ _ossl_old_des_cblock *iv);
+char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret);
+char *_ossl_old_des_crypt(const char *buf, const char *salt);
+# if !defined(PERL5) && !defined(NeXT)
+char *_ossl_old_crypt(const char *buf, const char *salt);
+# endif
+void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out,
+ int numbits, long length,
+ _ossl_old_des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec);
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ _ossl_old_des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec, int enc);
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,
+ _ossl_old_des_cblock *output, long length,
+ int out_count, _ossl_old_des_cblock *seed);
+void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
+void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
+ int verify);
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,
+ _ossl_old_des_cblock *key2,
+ const char *prompt, int verify);
+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,
+ _ossl_old_des_key_schedule schedule);
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,
+ _ossl_old_des_key_schedule schedule);
+void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key);
+void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1,
+ _ossl_old_des_cblock *key2);
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out,
+ long length,
+ _ossl_old_des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec, int *num,
+ int enc);
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out,
+ long length,
+ _ossl_old_des_key_schedule schedule,
+ _ossl_old_des_cblock *ivec, int *num);
+
+void _ossl_096_des_random_seed(des_cblock *key);
+
+/*
+ * The following definitions provide compatibility with the MIT Kerberos
+ * library. The _ossl_old_des_key_schedule structure is not binary
+ * compatible.
+ */
+
+# define _KERBEROS_DES_H
+
+# define KRBDES_ENCRYPT DES_ENCRYPT
+# define KRBDES_DECRYPT DES_DECRYPT
+
+# ifdef KERBEROS
+# define ENCRYPT DES_ENCRYPT
+# define DECRYPT DES_DECRYPT
+# endif
+
+# ifndef NCOMPAT
+# define C_Block des_cblock
+# define Key_schedule des_key_schedule
+# define KEY_SZ DES_KEY_SZ
+# define string_to_key des_string_to_key
+# define read_pw_string des_read_pw_string
+# define random_key des_random_key
+# define pcbc_encrypt des_pcbc_encrypt
+# define set_key des_set_key
+# define key_sched des_key_sched
+# define ecb_encrypt des_ecb_encrypt
+# define cbc_encrypt des_cbc_encrypt
+# define ncbc_encrypt des_ncbc_encrypt
+# define xcbc_encrypt des_xcbc_encrypt
+# define cbc_cksum des_cbc_cksum
+# define quad_cksum des_quad_cksum
+# define check_parity des_check_key_parity
+# endif
+
+# define des_fixup_key_parity DES_fixup_key_parity
+
+#ifdef __cplusplus
+}
+#endif
+
+/* for DES_read_pw_string et al */
+# include <openssl/ui_compat.h>
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/des_old2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des_old2.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_old2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,82 +0,0 @@
-/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with OpenSSL 0.9.6c. OpenSSL now
- * provides functions where "des_" has been replaced with "DES_" in
- * the names, to make it possible to make incompatible changes that
- * are needed for C type security and other stuff.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones. The des_ functions will dissapear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#undef OPENSSL_DES_LIBDES_COMPATIBILITY
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-void _ossl_096_des_random_seed(DES_cblock *key)
- {
- RAND_seed(key, sizeof(DES_cblock));
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/des_old2.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/des_old2.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/des_old2.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_old2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,80 @@
+/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+
+/*
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The
+ * function names in here are deprecated and are only present to provide an
+ * interface compatible with OpenSSL 0.9.6c. OpenSSL now provides functions
+ * where "des_" has been replaced with "DES_" in the names, to make it
+ * possible to make incompatible changes that are needed for C type security
+ * and other stuff. Please consider starting to use the DES_ functions
+ * rather than the des_ ones. The des_ functions will dissapear completely
+ * before OpenSSL 1.0! WARNING WARNING WARNING WARNING WARNING WARNING
+ * WARNING WARNING
+ */
+
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#undef OPENSSL_DES_LIBDES_COMPATIBILITY
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+void _ossl_096_des_random_seed(DES_cblock *key)
+{
+ RAND_seed(key, sizeof(DES_cblock));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/des_opts.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des_opts.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_opts.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,608 +0,0 @@
-/* crypto/des/des_opts.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
- * This is for machines with 64k code segment size restrictions. */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-#ifndef OPENSSL_SYS_MSDOS
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD
-#else
-#include <io.h>
-extern void exit();
-#endif
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/des.h>
-#include "spr.h"
-
-#define DES_DEFAULT_OPTIONS
-
-#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)
-#define PART1
-#define PART2
-#define PART3
-#define PART4
-#endif
-
-#ifdef PART1
-
-#undef DES_UNROLL
-#undef DES_RISC1
-#undef DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#define DES_encrypt1 des_encrypt_u4_cisc_idx
-#define DES_encrypt2 des_encrypt2_u4_cisc_idx
-#define DES_encrypt3 des_encrypt3_u4_cisc_idx
-#define DES_decrypt3 des_decrypt3_u4_cisc_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#undef DES_RISC1
-#undef DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u16_cisc_idx
-#define DES_encrypt2 des_encrypt2_u16_cisc_idx
-#define DES_encrypt3 des_encrypt3_u16_cisc_idx
-#define DES_decrypt3 des_decrypt3_u16_cisc_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#undef DES_UNROLL
-#define DES_RISC1
-#undef DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u4_risc1_idx
-#define DES_encrypt2 des_encrypt2_u4_risc1_idx
-#define DES_encrypt3 des_encrypt3_u4_risc1_idx
-#define DES_decrypt3 des_decrypt3_u4_risc1_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#endif
-
-#ifdef PART2
-
-#undef DES_UNROLL
-#undef DES_RISC1
-#define DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u4_risc2_idx
-#define DES_encrypt2 des_encrypt2_u4_risc2_idx
-#define DES_encrypt3 des_encrypt3_u4_risc2_idx
-#define DES_decrypt3 des_decrypt3_u4_risc2_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#define DES_RISC1
-#undef DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u16_risc1_idx
-#define DES_encrypt2 des_encrypt2_u16_risc1_idx
-#define DES_encrypt3 des_encrypt3_u16_risc1_idx
-#define DES_decrypt3 des_decrypt3_u16_risc1_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#undef DES_RISC1
-#define DES_RISC2
-#undef DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u16_risc2_idx
-#define DES_encrypt2 des_encrypt2_u16_risc2_idx
-#define DES_encrypt3 des_encrypt3_u16_risc2_idx
-#define DES_decrypt3 des_decrypt3_u16_risc2_idx
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#endif
-
-#ifdef PART3
-
-#undef DES_UNROLL
-#undef DES_RISC1
-#undef DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u4_cisc_ptr
-#define DES_encrypt2 des_encrypt2_u4_cisc_ptr
-#define DES_encrypt3 des_encrypt3_u4_cisc_ptr
-#define DES_decrypt3 des_decrypt3_u4_cisc_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#undef DES_RISC1
-#undef DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u16_cisc_ptr
-#define DES_encrypt2 des_encrypt2_u16_cisc_ptr
-#define DES_encrypt3 des_encrypt3_u16_cisc_ptr
-#define DES_decrypt3 des_decrypt3_u16_cisc_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#undef DES_UNROLL
-#define DES_RISC1
-#undef DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u4_risc1_ptr
-#define DES_encrypt2 des_encrypt2_u4_risc1_ptr
-#define DES_encrypt3 des_encrypt3_u4_risc1_ptr
-#define DES_decrypt3 des_decrypt3_u4_risc1_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#endif
-
-#ifdef PART4
-
-#undef DES_UNROLL
-#undef DES_RISC1
-#define DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u4_risc2_ptr
-#define DES_encrypt2 des_encrypt2_u4_risc2_ptr
-#define DES_encrypt3 des_encrypt3_u4_risc2_ptr
-#define DES_decrypt3 des_decrypt3_u4_risc2_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#define DES_RISC1
-#undef DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u16_risc1_ptr
-#define DES_encrypt2 des_encrypt2_u16_risc1_ptr
-#define DES_encrypt3 des_encrypt3_u16_risc1_ptr
-#define DES_decrypt3 des_decrypt3_u16_risc1_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#define DES_UNROLL
-#undef DES_RISC1
-#define DES_RISC2
-#define DES_PTR
-#undef D_ENCRYPT
-#undef DES_encrypt1
-#undef DES_encrypt2
-#undef DES_encrypt3
-#undef DES_decrypt3
-#define DES_encrypt1 des_encrypt_u16_risc2_ptr
-#define DES_encrypt2 des_encrypt2_u16_risc2_ptr
-#define DES_encrypt3 des_encrypt3_u16_risc2_ptr
-#define DES_decrypt3 des_decrypt3_u16_risc2_ptr
-#undef HEADER_DES_LOCL_H
-#include "des_enc.c"
-
-#endif
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#define BUFSIZE ((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-double Time_F(int s)
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
- }
-
-#ifdef SIGALRM
-#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
-#else
-#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
-#endif
-
-#define time_it(func,name,index) \
- print_name(name); \
- Time_F(START); \
- for (count=0,run=1; COND(cb); count++) \
- { \
- unsigned long d[2]; \
- func(d,&sch,DES_ENCRYPT); \
- } \
- tm[index]=Time_F(STOP); \
- fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
- tm[index]=((double)COUNT(cb))/tm[index];
-
-#define print_it(name,index) \
- fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
- tm[index]*8,1.0e6/tm[index]);
-
-int main(int argc, char **argv)
- {
- long count;
- static unsigned char buf[BUFSIZE];
- static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
- static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
- static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- DES_key_schedule sch,sch2,sch3;
- double d,tm[16],max=0;
- int rank[16];
- char *str[16];
- int max_idx=0,i,num=0,j;
-#ifndef SIGALARM
- long ca,cb,cc,cd,ce;
-#endif
-
- for (i=0; i<12; i++)
- {
- tm[i]=0.0;
- rank[i]=0;
- }
-
-#ifndef TIMES
- fprintf(stderr,"To get the most accurate results, try to run this\n");
- fprintf(stderr,"program when this computer is idle.\n");
-#endif
-
- DES_set_key_unchecked(&key,&sch);
- DES_set_key_unchecked(&key2,&sch2);
- DES_set_key_unchecked(&key3,&sch3);
-
-#ifndef SIGALRM
- fprintf(stderr,"First we calculate the approximate speed ...\n");
- DES_set_key_unchecked(&key,sch);
- count=10;
- do {
- long i;
- unsigned long data[2];
-
- count*=2;
- Time_F(START);
- for (i=count; i; i--)
- DES_encrypt1(data,&(sch[0]),DES_ENCRYPT);
- d=Time_F(STOP);
- } while (d < 3.0);
- ca=count;
- cb=count*3;
- cc=count*3*8/BUFSIZE+1;
- cd=count*8/BUFSIZE+1;
-
- ce=count/20+1;
-#define COND(d) (count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
- alarm(10);
-#endif
-
-#ifdef PART1
- time_it(des_encrypt_u4_cisc_idx, "des_encrypt_u4_cisc_idx ", 0);
- time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);
- time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);
- num+=3;
-#endif
-#ifdef PART2
- time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3);
- time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);
- time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5);
- num+=3;
-#endif
-#ifdef PART3
- time_it(des_encrypt_u4_cisc_ptr, "des_encrypt_u4_cisc_ptr ", 6);
- time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);
- time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);
- num+=3;
-#endif
-#ifdef PART4
- time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9);
- time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10);
- time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11);
- num+=3;
-#endif
-
-#ifdef PART1
- str[0]=" 4 c i";
- print_it("des_encrypt_u4_cisc_idx ",0);
- max=tm[0];
- max_idx=0;
- str[1]="16 c i";
- print_it("des_encrypt_u16_cisc_idx ",1);
- if (max < tm[1]) { max=tm[1]; max_idx=1; }
- str[2]=" 4 r1 i";
- print_it("des_encrypt_u4_risc1_idx ",2);
- if (max < tm[2]) { max=tm[2]; max_idx=2; }
-#endif
-#ifdef PART2
- str[3]="16 r1 i";
- print_it("des_encrypt_u16_risc1_idx",3);
- if (max < tm[3]) { max=tm[3]; max_idx=3; }
- str[4]=" 4 r2 i";
- print_it("des_encrypt_u4_risc2_idx ",4);
- if (max < tm[4]) { max=tm[4]; max_idx=4; }
- str[5]="16 r2 i";
- print_it("des_encrypt_u16_risc2_idx",5);
- if (max < tm[5]) { max=tm[5]; max_idx=5; }
-#endif
-#ifdef PART3
- str[6]=" 4 c p";
- print_it("des_encrypt_u4_cisc_ptr ",6);
- if (max < tm[6]) { max=tm[6]; max_idx=6; }
- str[7]="16 c p";
- print_it("des_encrypt_u16_cisc_ptr ",7);
- if (max < tm[7]) { max=tm[7]; max_idx=7; }
- str[8]=" 4 r1 p";
- print_it("des_encrypt_u4_risc1_ptr ",8);
- if (max < tm[8]) { max=tm[8]; max_idx=8; }
-#endif
-#ifdef PART4
- str[9]="16 r1 p";
- print_it("des_encrypt_u16_risc1_ptr",9);
- if (max < tm[9]) { max=tm[9]; max_idx=9; }
- str[10]=" 4 r2 p";
- print_it("des_encrypt_u4_risc2_ptr ",10);
- if (max < tm[10]) { max=tm[10]; max_idx=10; }
- str[11]="16 r2 p";
- print_it("des_encrypt_u16_risc2_ptr",11);
- if (max < tm[11]) { max=tm[11]; max_idx=11; }
-#endif
- printf("options des ecb/s\n");
- printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
- d=tm[max_idx];
- tm[max_idx]= -2.0;
- max= -1.0;
- for (;;)
- {
- for (i=0; i<12; i++)
- {
- if (max < tm[i]) { max=tm[i]; j=i; }
- }
- if (max < 0.0) break;
- printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
- tm[j]= -2.0;
- max= -1.0;
- }
-
- switch (max_idx)
- {
- case 0:
- printf("-DDES_DEFAULT_OPTIONS\n");
- break;
- case 1:
- printf("-DDES_UNROLL\n");
- break;
- case 2:
- printf("-DDES_RISC1\n");
- break;
- case 3:
- printf("-DDES_UNROLL -DDES_RISC1\n");
- break;
- case 4:
- printf("-DDES_RISC2\n");
- break;
- case 5:
- printf("-DDES_UNROLL -DDES_RISC2\n");
- break;
- case 6:
- printf("-DDES_PTR\n");
- break;
- case 7:
- printf("-DDES_UNROLL -DDES_PTR\n");
- break;
- case 8:
- printf("-DDES_RISC1 -DDES_PTR\n");
- break;
- case 9:
- printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");
- break;
- case 10:
- printf("-DDES_RISC2 -DDES_PTR\n");
- break;
- case 11:
- printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");
- break;
- }
- exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
- return(0);
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/des_opts.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/des_opts.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/des_opts.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_opts.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,641 @@
+/* crypto/des/des_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * define PART1, PART2, PART3 or PART4 to build only with a few of the
+ * options. This is for machines with 64k code segment size restrictions.
+ */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+# define TIMES
+#endif
+
+#include <stdio.h>
+#ifndef OPENSSL_SYS_MSDOS
+# include <openssl/e_os2.h>
+# include OPENSSL_UNISTD
+#else
+# include <io.h>
+extern void exit();
+#endif
+
+#ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+#endif
+
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+
+/*
+ * Depending on the VMS version, the tms structure is perhaps defined. The
+ * __TMS macro will show if it was. If it wasn't defined, we should undefine
+ * TIMES, since that tells the rest of the program how things should be
+ * handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+
+#ifndef TIMES
+# include <sys/timeb.h>
+#endif
+
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+
+#include <openssl/des.h>
+#include "spr.h"
+
+#define DES_DEFAULT_OPTIONS
+
+#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)
+# define PART1
+# define PART2
+# define PART3
+# define PART4
+#endif
+
+#ifdef PART1
+
+# undef DES_UNROLL
+# undef DES_RISC1
+# undef DES_RISC2
+# undef DES_PTR
+# undef D_ENCRYPT
+# define DES_encrypt1 des_encrypt_u4_cisc_idx
+# define DES_encrypt2 des_encrypt2_u4_cisc_idx
+# define DES_encrypt3 des_encrypt3_u4_cisc_idx
+# define DES_decrypt3 des_decrypt3_u4_cisc_idx
+# undef HEADER_DES_LOCL_H
+# include "des_enc.c"
+
+# define DES_UNROLL
+# undef DES_RISC1
+# undef DES_RISC2
+# undef DES_PTR
+# undef D_ENCRYPT
+# undef DES_encrypt1
+# undef DES_encrypt2
+# undef DES_encrypt3
+# undef DES_decrypt3
+# define DES_encrypt1 des_encrypt_u16_cisc_idx
+# define DES_encrypt2 des_encrypt2_u16_cisc_idx
+# define DES_encrypt3 des_encrypt3_u16_cisc_idx
+# define DES_decrypt3 des_decrypt3_u16_cisc_idx
+# undef HEADER_DES_LOCL_H
+# include "des_enc.c"
+
+# undef DES_UNROLL
+# define DES_RISC1
+# undef DES_RISC2
+# undef DES_PTR
+# undef D_ENCRYPT
+# undef DES_encrypt1
+# undef DES_encrypt2
+# undef DES_encrypt3
+# undef DES_decrypt3
+# define DES_encrypt1 des_encrypt_u4_risc1_idx
+# define DES_encrypt2 des_encrypt2_u4_risc1_idx
+# define DES_encrypt3 des_encrypt3_u4_risc1_idx
+# define DES_decrypt3 des_decrypt3_u4_risc1_idx
+# undef HEADER_DES_LOCL_H
+# include "des_enc.c"
+
+#endif
+
+#ifdef PART2
+
+# undef DES_UNROLL
+# undef DES_RISC1
+# define DES_RISC2
+# undef DES_PTR
+# undef D_ENCRYPT
+# undef DES_encrypt1
+# undef DES_encrypt2
+# undef DES_encrypt3
+# undef DES_decrypt3
+# define DES_encrypt1 des_encrypt_u4_risc2_idx
+# define DES_encrypt2 des_encrypt2_u4_risc2_idx
+# define DES_encrypt3 des_encrypt3_u4_risc2_idx
+# define DES_decrypt3 des_decrypt3_u4_risc2_idx
+# undef HEADER_DES_LOCL_H
+# include "des_enc.c"
+
+# define DES_UNROLL
+# define DES_RISC1
+# undef DES_RISC2
+# undef DES_PTR
+# undef D_ENCRYPT
+# undef DES_encrypt1
+# undef DES_encrypt2
+# undef DES_encrypt3
+# undef DES_decrypt3
+# define DES_encrypt1 des_encrypt_u16_risc1_idx
+# define DES_encrypt2 des_encrypt2_u16_risc1_idx
+# define DES_encrypt3 des_encrypt3_u16_risc1_idx
+# define DES_decrypt3 des_decrypt3_u16_risc1_idx
+# undef HEADER_DES_LOCL_H
+# include "des_enc.c"
+
+# define DES_UNROLL
+# undef DES_RISC1
+# define DES_RISC2
+# undef DES_PTR
+# undef D_ENCRYPT
+# undef DES_encrypt1
+# undef DES_encrypt2
+# undef DES_encrypt3
+# undef DES_decrypt3
+# define DES_encrypt1 des_encrypt_u16_risc2_idx
+# define DES_encrypt2 des_encrypt2_u16_risc2_idx
+# define DES_encrypt3 des_encrypt3_u16_risc2_idx
+# define DES_decrypt3 des_decrypt3_u16_risc2_idx
+# undef HEADER_DES_LOCL_H
+# include "des_enc.c"
+
+#endif
+
+#ifdef PART3
+
+# undef DES_UNROLL
+# undef DES_RISC1
+# undef DES_RISC2
+# define DES_PTR
+# undef D_ENCRYPT
+# undef DES_encrypt1
+# undef DES_encrypt2
+# undef DES_encrypt3
+# undef DES_decrypt3
+# define DES_encrypt1 des_encrypt_u4_cisc_ptr
+# define DES_encrypt2 des_encrypt2_u4_cisc_ptr
+# define DES_encrypt3 des_encrypt3_u4_cisc_ptr
+# define DES_decrypt3 des_decrypt3_u4_cisc_ptr
+# undef HEADER_DES_LOCL_H
+# include "des_enc.c"
+
+# define DES_UNROLL
+# undef DES_RISC1
+# undef DES_RISC2
+# define DES_PTR
+# undef D_ENCRYPT
+# undef DES_encrypt1
+# undef DES_encrypt2
+# undef DES_encrypt3
+# undef DES_decrypt3
+# define DES_encrypt1 des_encrypt_u16_cisc_ptr
+# define DES_encrypt2 des_encrypt2_u16_cisc_ptr
+# define DES_encrypt3 des_encrypt3_u16_cisc_ptr
+# define DES_decrypt3 des_decrypt3_u16_cisc_ptr
+# undef HEADER_DES_LOCL_H
+# include "des_enc.c"
+
+# undef DES_UNROLL
+# define DES_RISC1
+# undef DES_RISC2
+# define DES_PTR
+# undef D_ENCRYPT
+# undef DES_encrypt1
+# undef DES_encrypt2
+# undef DES_encrypt3
+# undef DES_decrypt3
+# define DES_encrypt1 des_encrypt_u4_risc1_ptr
+# define DES_encrypt2 des_encrypt2_u4_risc1_ptr
+# define DES_encrypt3 des_encrypt3_u4_risc1_ptr
+# define DES_decrypt3 des_decrypt3_u4_risc1_ptr
+# undef HEADER_DES_LOCL_H
+# include "des_enc.c"
+
+#endif
+
+#ifdef PART4
+
+# undef DES_UNROLL
+# undef DES_RISC1
+# define DES_RISC2
+# define DES_PTR
+# undef D_ENCRYPT
+# undef DES_encrypt1
+# undef DES_encrypt2
+# undef DES_encrypt3
+# undef DES_decrypt3
+# define DES_encrypt1 des_encrypt_u4_risc2_ptr
+# define DES_encrypt2 des_encrypt2_u4_risc2_ptr
+# define DES_encrypt3 des_encrypt3_u4_risc2_ptr
+# define DES_decrypt3 des_decrypt3_u4_risc2_ptr
+# undef HEADER_DES_LOCL_H
+# include "des_enc.c"
+
+# define DES_UNROLL
+# define DES_RISC1
+# undef DES_RISC2
+# define DES_PTR
+# undef D_ENCRYPT
+# undef DES_encrypt1
+# undef DES_encrypt2
+# undef DES_encrypt3
+# undef DES_decrypt3
+# define DES_encrypt1 des_encrypt_u16_risc1_ptr
+# define DES_encrypt2 des_encrypt2_u16_risc1_ptr
+# define DES_encrypt3 des_encrypt3_u16_risc1_ptr
+# define DES_decrypt3 des_decrypt3_u16_risc1_ptr
+# undef HEADER_DES_LOCL_H
+# include "des_enc.c"
+
+# define DES_UNROLL
+# undef DES_RISC1
+# define DES_RISC2
+# define DES_PTR
+# undef D_ENCRYPT
+# undef DES_encrypt1
+# undef DES_encrypt2
+# undef DES_encrypt3
+# undef DES_decrypt3
+# define DES_encrypt1 des_encrypt_u16_risc2_ptr
+# define DES_encrypt2 des_encrypt2_u16_risc2_ptr
+# define DES_encrypt3 des_encrypt3_u16_risc2_ptr
+# define DES_decrypt3 des_decrypt3_u16_risc2_ptr
+# undef HEADER_DES_LOCL_H
+# include "des_enc.c"
+
+#endif
+
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+
+#define BUFSIZE ((long)1024)
+long run = 0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi)
+# define SIGRETTYPE void
+# else
+# define SIGRETTYPE int
+# endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+{
+ signal(SIGALRM, sig_done);
+ run = 0;
+# ifdef LINT
+ sig = sig;
+# endif
+}
+#endif
+
+#define START 0
+#define STOP 1
+
+double Time_F(int s)
+{
+ double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1000.0;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#endif
+}
+
+#ifdef SIGALRM
+# define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+# define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+
+#define time_it(func,name,index) \
+ print_name(name); \
+ Time_F(START); \
+ for (count=0,run=1; COND(cb); count++) \
+ { \
+ unsigned long d[2]; \
+ func(d,&sch,DES_ENCRYPT); \
+ } \
+ tm[index]=Time_F(STOP); \
+ fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+ tm[index]=((double)COUNT(cb))/tm[index];
+
+#define print_it(name,index) \
+ fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+ tm[index]*8,1.0e6/tm[index]);
+
+int main(int argc, char **argv)
+{
+ long count;
+ static unsigned char buf[BUFSIZE];
+ static DES_cblock key =
+ { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0 };
+ static DES_cblock key2 =
+ { 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12 };
+ static DES_cblock key3 =
+ { 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 };
+ DES_key_schedule sch, sch2, sch3;
+ double d, tm[16], max = 0;
+ int rank[16];
+ char *str[16];
+ int max_idx = 0, i, num = 0, j;
+#ifndef SIGALARM
+ long ca, cb, cc, cd, ce;
+#endif
+
+ for (i = 0; i < 12; i++) {
+ tm[i] = 0.0;
+ rank[i] = 0;
+ }
+
+#ifndef TIMES
+ fprintf(stderr, "To get the most accurate results, try to run this\n");
+ fprintf(stderr, "program when this computer is idle.\n");
+#endif
+
+ DES_set_key_unchecked(&key, &sch);
+ DES_set_key_unchecked(&key2, &sch2);
+ DES_set_key_unchecked(&key3, &sch3);
+
+#ifndef SIGALRM
+ fprintf(stderr, "First we calculate the approximate speed ...\n");
+ DES_set_key_unchecked(&key, sch);
+ count = 10;
+ do {
+ long i;
+ unsigned long data[2];
+
+ count *= 2;
+ Time_F(START);
+ for (i = count; i; i--)
+ DES_encrypt1(data, &(sch[0]), DES_ENCRYPT);
+ d = Time_F(STOP);
+ } while (d < 3.0);
+ ca = count;
+ cb = count * 3;
+ cc = count * 3 * 8 / BUFSIZE + 1;
+ cd = count * 8 / BUFSIZE + 1;
+
+ ce = count / 20 + 1;
+# define COND(d) (count != (d))
+# define COUNT(d) (d)
+#else
+# define COND(c) (run)
+# define COUNT(d) (count)
+ signal(SIGALRM, sig_done);
+ alarm(10);
+#endif
+
+#ifdef PART1
+ time_it(des_encrypt_u4_cisc_idx, "des_encrypt_u4_cisc_idx ", 0);
+ time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);
+ time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);
+ num += 3;
+#endif
+#ifdef PART2
+ time_it(des_encrypt_u16_risc1_idx, "des_encrypt_u16_risc1_idx", 3);
+ time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);
+ time_it(des_encrypt_u16_risc2_idx, "des_encrypt_u16_risc2_idx", 5);
+ num += 3;
+#endif
+#ifdef PART3
+ time_it(des_encrypt_u4_cisc_ptr, "des_encrypt_u4_cisc_ptr ", 6);
+ time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);
+ time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);
+ num += 3;
+#endif
+#ifdef PART4
+ time_it(des_encrypt_u16_risc1_ptr, "des_encrypt_u16_risc1_ptr", 9);
+ time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ", 10);
+ time_it(des_encrypt_u16_risc2_ptr, "des_encrypt_u16_risc2_ptr", 11);
+ num += 3;
+#endif
+
+#ifdef PART1
+ str[0] = " 4 c i";
+ print_it("des_encrypt_u4_cisc_idx ", 0);
+ max = tm[0];
+ max_idx = 0;
+ str[1] = "16 c i";
+ print_it("des_encrypt_u16_cisc_idx ", 1);
+ if (max < tm[1]) {
+ max = tm[1];
+ max_idx = 1;
+ }
+ str[2] = " 4 r1 i";
+ print_it("des_encrypt_u4_risc1_idx ", 2);
+ if (max < tm[2]) {
+ max = tm[2];
+ max_idx = 2;
+ }
+#endif
+#ifdef PART2
+ str[3] = "16 r1 i";
+ print_it("des_encrypt_u16_risc1_idx", 3);
+ if (max < tm[3]) {
+ max = tm[3];
+ max_idx = 3;
+ }
+ str[4] = " 4 r2 i";
+ print_it("des_encrypt_u4_risc2_idx ", 4);
+ if (max < tm[4]) {
+ max = tm[4];
+ max_idx = 4;
+ }
+ str[5] = "16 r2 i";
+ print_it("des_encrypt_u16_risc2_idx", 5);
+ if (max < tm[5]) {
+ max = tm[5];
+ max_idx = 5;
+ }
+#endif
+#ifdef PART3
+ str[6] = " 4 c p";
+ print_it("des_encrypt_u4_cisc_ptr ", 6);
+ if (max < tm[6]) {
+ max = tm[6];
+ max_idx = 6;
+ }
+ str[7] = "16 c p";
+ print_it("des_encrypt_u16_cisc_ptr ", 7);
+ if (max < tm[7]) {
+ max = tm[7];
+ max_idx = 7;
+ }
+ str[8] = " 4 r1 p";
+ print_it("des_encrypt_u4_risc1_ptr ", 8);
+ if (max < tm[8]) {
+ max = tm[8];
+ max_idx = 8;
+ }
+#endif
+#ifdef PART4
+ str[9] = "16 r1 p";
+ print_it("des_encrypt_u16_risc1_ptr", 9);
+ if (max < tm[9]) {
+ max = tm[9];
+ max_idx = 9;
+ }
+ str[10] = " 4 r2 p";
+ print_it("des_encrypt_u4_risc2_ptr ", 10);
+ if (max < tm[10]) {
+ max = tm[10];
+ max_idx = 10;
+ }
+ str[11] = "16 r2 p";
+ print_it("des_encrypt_u16_risc2_ptr", 11);
+ if (max < tm[11]) {
+ max = tm[11];
+ max_idx = 11;
+ }
+#endif
+ printf("options des ecb/s\n");
+ printf("%s %12.2f 100.0%%\n", str[max_idx], tm[max_idx]);
+ d = tm[max_idx];
+ tm[max_idx] = -2.0;
+ max = -1.0;
+ for (;;) {
+ for (i = 0; i < 12; i++) {
+ if (max < tm[i]) {
+ max = tm[i];
+ j = i;
+ }
+ }
+ if (max < 0.0)
+ break;
+ printf("%s %12.2f %4.1f%%\n", str[j], tm[j], tm[j] / d * 100.0);
+ tm[j] = -2.0;
+ max = -1.0;
+ }
+
+ switch (max_idx) {
+ case 0:
+ printf("-DDES_DEFAULT_OPTIONS\n");
+ break;
+ case 1:
+ printf("-DDES_UNROLL\n");
+ break;
+ case 2:
+ printf("-DDES_RISC1\n");
+ break;
+ case 3:
+ printf("-DDES_UNROLL -DDES_RISC1\n");
+ break;
+ case 4:
+ printf("-DDES_RISC2\n");
+ break;
+ case 5:
+ printf("-DDES_UNROLL -DDES_RISC2\n");
+ break;
+ case 6:
+ printf("-DDES_PTR\n");
+ break;
+ case 7:
+ printf("-DDES_UNROLL -DDES_PTR\n");
+ break;
+ case 8:
+ printf("-DDES_RISC1 -DDES_PTR\n");
+ break;
+ case 9:
+ printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");
+ break;
+ case 10:
+ printf("-DDES_RISC2 -DDES_PTR\n");
+ break;
+ case 11:
+ printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");
+ break;
+ }
+ exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+ return (0);
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/des_ver.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/des_ver.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_ver.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,71 +0,0 @@
-/* crypto/des/des_ver.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_BUILD_SHLIBCRYPTO
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-/* The following macros make sure the names are different from libdes names */
-#define DES_version OSSL_DES_version
-#define libdes_version OSSL_libdes_version
-
-OPENSSL_EXTERN const char OSSL_DES_version[]; /* SSLeay version string */
-OPENSSL_EXTERN const char OSSL_libdes_version[]; /* old libdes version string */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/des_ver.h (from rev 6976, vendor-crypto/openssl/dist/crypto/des/des_ver.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/des_ver.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/des_ver.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,73 @@
+/* crypto/des/des_ver.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+/* The following macros make sure the names are different from libdes names */
+#define DES_version OSSL_DES_version
+#define libdes_version OSSL_libdes_version
+
+/* SSLeay version string */
+OPENSSL_EXTERN const char OSSL_DES_version[];
+/* old libdes version string */
+OPENSSL_EXTERN const char OSSL_libdes_version[];
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/destest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/destest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/destest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,952 +0,0 @@
-/* crypto/des/destest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <openssl/e_os2.h>
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WINDOWS)
-#ifndef OPENSSL_SYS_MSDOS
-#define OPENSSL_SYS_MSDOS
-#endif
-#endif
-
-#ifndef OPENSSL_SYS_MSDOS
-#if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC)
-#include OPENSSL_UNISTD
-#endif
-#else
-#include <io.h>
-#endif
-#include <string.h>
-
-#ifdef OPENSSL_NO_DES
-int main(int argc, char *argv[])
-{
- printf("No DES support\n");
- return(0);
-}
-#else
-#include <openssl/des.h>
-
-#define crypt(c,s) (DES_crypt((c),(s)))
-
-/* tisk tisk - the test keys don't all have odd parity :-( */
-/* test data */
-#define NUM_TESTS 34
-static unsigned char key_data[NUM_TESTS][8]={
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
- {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
- {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
- {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
- {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
- {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
- {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
- {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
- {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
- {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
- {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
- {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
- {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
- {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
- {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
- {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
- {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
- {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
- {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
- {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
- {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
- {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
- {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
-
-static unsigned char plain_data[NUM_TESTS][8]={
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
- {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
- {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
- {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
- {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
- {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
- {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
- {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
- {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
- {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
- {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
- {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
- {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
- {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
- {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
- {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
- {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
- {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
- {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
- {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
- {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
-
-static unsigned char cipher_data[NUM_TESTS][8]={
- {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
- {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
- {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
- {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
- {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
- {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
- {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
- {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
- {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
- {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
- {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
- {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
- {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
- {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
- {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
- {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
- {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
- {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
- {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
- {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
- {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
- {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
- {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
- {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
- {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
- {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
- {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
- {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
- {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
- {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
- {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
- {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
- {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
- {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
-
-static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
- {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
- {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
- {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
- {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
- {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
- {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
- {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
- {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
- {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
- {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
- {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
- {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
- {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
- {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
- {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
- {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
- {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
- {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
- {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
- {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
- {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
- {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
- {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
- {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
- {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
- {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
- {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
- {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
- {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
- {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
- {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
- {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
- {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
-
-static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static unsigned char cbc2_key[8]={0xf1,0xe0,0xd3,0xc2,0xb5,0xa4,0x97,0x86};
-static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
-static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
-/* Changed the following text constant to binary so it will work on ebcdic
- * machines :-) */
-/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
-static unsigned char cbc_data[40]={
- 0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
- 0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
- 0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- };
-
-static unsigned char cbc_ok[32]={
- 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
- 0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
- 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
- 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
-
-#ifdef SCREW_THE_PARITY
-#error "SCREW_THE_PARITY is not ment to be defined."
-#error "Original vectors are preserved for reference only."
-static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
-static unsigned char xcbc_ok[32]={
- 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
- 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
- 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
- 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
- };
-#else
-static unsigned char xcbc_ok[32]={
- 0x84,0x6B,0x29,0x14,0x85,0x1E,0x9A,0x29,
- 0x54,0x73,0x2F,0x8A,0xA0,0xA6,0x11,0xC1,
- 0x15,0xCD,0xC2,0xD7,0x95,0x1B,0x10,0x53,
- 0xA6,0x3C,0x5E,0x03,0xB2,0x1A,0xA3,0xC4,
- };
-#endif
-
-static unsigned char cbc3_ok[32]={
- 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
- 0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
- 0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
- 0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
-
-static unsigned char pcbc_ok[32]={
- 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
- 0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
- 0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
- 0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
-
-static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
-static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
-static unsigned char plain[24]=
- {
- 0x4e,0x6f,0x77,0x20,0x69,0x73,
- 0x20,0x74,0x68,0x65,0x20,0x74,
- 0x69,0x6d,0x65,0x20,0x66,0x6f,
- 0x72,0x20,0x61,0x6c,0x6c,0x20
- };
-static unsigned char cfb_cipher8[24]= {
- 0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
- 0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
-static unsigned char cfb_cipher16[24]={
- 0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
- 0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
-static unsigned char cfb_cipher32[24]={
- 0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
- 0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
-static unsigned char cfb_cipher48[24]={
- 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
- 0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
-static unsigned char cfb_cipher64[24]={
- 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
- 0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
-
-static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
-static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
-static unsigned char ofb_cipher[24]=
- {
- 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
- 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
- 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
- };
-
-#if 0
-static DES_LONG cbc_cksum_ret=0xB462FEF7L;
-#else
-static DES_LONG cbc_cksum_ret=0xF7FE62B4L;
-#endif
-static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
-
-static char *pt(unsigned char *p);
-static int cfb_test(int bits, unsigned char *cfb_cipher);
-static int cfb64_test(unsigned char *cfb_cipher);
-static int ede_cfb64_test(unsigned char *cfb_cipher);
-int main(int argc, char *argv[])
- {
- int j,err=0;
- unsigned int i;
- des_cblock in,out,outin,iv3,iv2;
- des_key_schedule ks,ks2,ks3;
- unsigned char cbc_in[40];
- unsigned char cbc_out[40];
- DES_LONG cs;
- unsigned char cret[8];
-#ifdef _CRAY
- struct {
- int a:32;
- int b:32;
- } lqret[2];
-#else
- DES_LONG lqret[4];
-#endif
- int num;
- char *str;
-
-#ifndef OPENSSL_NO_DESCBCM
- printf("Doing cbcm\n");
- if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- memset(cbc_out,0,40);
- memset(cbc_in,0,40);
- i=strlen((char *)cbc_data)+1;
- /* i=((i+7)/8)*8; */
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
- memset(iv2,'\0',sizeof iv2);
-
- DES_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2,
- DES_ENCRYPT);
- DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,
- &iv3,&iv2,DES_ENCRYPT);
- /* if (memcmp(cbc_out,cbc3_ok,
- (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
- {
- printf("des_ede3_cbc_encrypt encrypt error\n");
- err=1;
- }
- */
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
- memset(iv2,'\0',sizeof iv2);
- DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT);
- if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
- {
- unsigned int n;
-
- printf("des_ede3_cbcm_encrypt decrypt error\n");
- for(n=0 ; n < i ; ++n)
- printf(" %02x",cbc_data[n]);
- printf("\n");
- for(n=0 ; n < i ; ++n)
- printf(" %02x",cbc_in[n]);
- printf("\n");
- err=1;
- }
-#endif
-
- printf("Doing ecb\n");
- for (i=0; i<NUM_TESTS; i++)
- {
- DES_set_key_unchecked(&key_data[i],&ks);
- memcpy(in,plain_data[i],8);
- memset(out,0,8);
- memset(outin,0,8);
- des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);
- des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);
-
- if (memcmp(out,cipher_data[i],8) != 0)
- {
- printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
- i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
- pt(out));
- err=1;
- }
- if (memcmp(in,outin,8) != 0)
- {
- printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
- i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
- err=1;
- }
- }
-
-#ifndef LIBDES_LIT
- printf("Doing ede ecb\n");
- for (i=0; i<(NUM_TESTS-2); i++)
- {
- DES_set_key_unchecked(&key_data[i],&ks);
- DES_set_key_unchecked(&key_data[i+1],&ks2);
- DES_set_key_unchecked(&key_data[i+2],&ks3);
- memcpy(in,plain_data[i],8);
- memset(out,0,8);
- memset(outin,0,8);
- des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
- des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);
-
- if (memcmp(out,cipher_ecb2[i],8) != 0)
- {
- printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
- i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
- pt(out));
- err=1;
- }
- if (memcmp(in,outin,8) != 0)
- {
- printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
- i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
- err=1;
- }
- }
-#endif
-
- printf("Doing cbc\n");
- if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- memset(cbc_out,0,40);
- memset(cbc_in,0,40);
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
- des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
- &iv3,DES_ENCRYPT);
- if (memcmp(cbc_out,cbc_ok,32) != 0)
- {
- printf("cbc_encrypt encrypt error\n");
- err=1;
- }
-
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
- des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
- &iv3,DES_DECRYPT);
- if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
- {
- printf("cbc_encrypt decrypt error\n");
- err=1;
- }
-
-#ifndef LIBDES_LIT
- printf("Doing desx cbc\n");
- if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- memset(cbc_out,0,40);
- memset(cbc_in,0,40);
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
- des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
- &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
- if (memcmp(cbc_out,xcbc_ok,32) != 0)
- {
- printf("des_xcbc_encrypt encrypt error\n");
- err=1;
- }
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
- des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
- &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
- if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
- {
- printf("des_xcbc_encrypt decrypt error\n");
- err=1;
- }
-#endif
-
- printf("Doing ede cbc\n");
- if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- memset(cbc_out,0,40);
- memset(cbc_in,0,40);
- i=strlen((char *)cbc_data)+1;
- /* i=((i+7)/8)*8; */
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-
- des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,
- DES_ENCRYPT);
- des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,
- &iv3,DES_ENCRYPT);
- if (memcmp(cbc_out,cbc3_ok,
- (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
- {
- unsigned int n;
-
- printf("des_ede3_cbc_encrypt encrypt error\n");
- for(n=0 ; n < i ; ++n)
- printf(" %02x",cbc_out[n]);
- printf("\n");
- for(n=0 ; n < i ; ++n)
- printf(" %02x",cbc3_ok[n]);
- printf("\n");
- err=1;
- }
-
- memcpy(iv3,cbc_iv,sizeof(cbc_iv));
- des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);
- if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
- {
- unsigned int n;
-
- printf("des_ede3_cbc_encrypt decrypt error\n");
- for(n=0 ; n < i ; ++n)
- printf(" %02x",cbc_data[n]);
- printf("\n");
- for(n=0 ; n < i ; ++n)
- printf(" %02x",cbc_in[n]);
- printf("\n");
- err=1;
- }
-
-#ifndef LIBDES_LIT
- printf("Doing pcbc\n");
- if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
- {
- printf("Key error %d\n",j);
- err=1;
- }
- memset(cbc_out,0,40);
- memset(cbc_in,0,40);
- des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
- &cbc_iv,DES_ENCRYPT);
- if (memcmp(cbc_out,pcbc_ok,32) != 0)
- {
- printf("pcbc_encrypt encrypt error\n");
- err=1;
- }
- des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv,
- DES_DECRYPT);
- if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
- {
- printf("pcbc_encrypt decrypt error\n");
- err=1;
- }
-
- printf("Doing ");
- printf("cfb8 ");
- err+=cfb_test(8,cfb_cipher8);
- printf("cfb16 ");
- err+=cfb_test(16,cfb_cipher16);
- printf("cfb32 ");
- err+=cfb_test(32,cfb_cipher32);
- printf("cfb48 ");
- err+=cfb_test(48,cfb_cipher48);
- printf("cfb64 ");
- err+=cfb_test(64,cfb_cipher64);
-
- printf("cfb64() ");
- err+=cfb64_test(cfb_cipher64);
-
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- for (i=0; i<sizeof(plain); i++)
- des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
- 8,1,ks,&cfb_tmp,DES_ENCRYPT);
- if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
- {
- printf("cfb_encrypt small encrypt error\n");
- err=1;
- }
-
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- for (i=0; i<sizeof(plain); i++)
- des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
- 8,1,ks,&cfb_tmp,DES_DECRYPT);
- if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
- {
- printf("cfb_encrypt small decrypt error\n");
- err=1;
- }
-
- printf("ede_cfb64() ");
- err+=ede_cfb64_test(cfb_cipher64);
-
- printf("done\n");
-
- printf("Doing ofb\n");
- DES_set_key_checked(&ofb_key,&ks);
- memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
- des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);
- if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
- {
- printf("ofb_encrypt encrypt error\n");
-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
-ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
-ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
-ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
-ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
- err=1;
- }
- memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
- des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp);
- if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
- {
- printf("ofb_encrypt decrypt error\n");
-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
-ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
-ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
-printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
-plain[8+0], plain[8+1], plain[8+2], plain[8+3],
-plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
- err=1;
- }
-
- printf("Doing ofb64\n");
- DES_set_key_checked(&ofb_key,&ks);
- memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
- memset(ofb_buf1,0,sizeof(ofb_buf1));
- memset(ofb_buf2,0,sizeof(ofb_buf1));
- num=0;
- for (i=0; i<sizeof(plain); i++)
- {
- des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp,
- &num);
- }
- if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
- {
- printf("ofb64_encrypt encrypt error\n");
- err=1;
- }
- memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
- num=0;
- des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,
- &num);
- if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
- {
- printf("ofb64_encrypt decrypt error\n");
- err=1;
- }
-
- printf("Doing ede_ofb64\n");
- DES_set_key_checked(&ofb_key,&ks);
- memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
- memset(ofb_buf1,0,sizeof(ofb_buf1));
- memset(ofb_buf2,0,sizeof(ofb_buf1));
- num=0;
- for (i=0; i<sizeof(plain); i++)
- {
- des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,
- ks,&ofb_tmp,&num);
- }
- if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
- {
- printf("ede_ofb64_encrypt encrypt error\n");
- err=1;
- }
- memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
- num=0;
- des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,ks,ks,
- &ofb_tmp,&num);
- if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
- {
- printf("ede_ofb64_encrypt decrypt error\n");
- err=1;
- }
-
- printf("Doing cbc_cksum\n");
- DES_set_key_checked(&cbc_key,&ks);
- cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);
- if (cs != cbc_cksum_ret)
- {
- printf("bad return value (%08lX), should be %08lX\n",
- (unsigned long)cs,(unsigned long)cbc_cksum_ret);
- err=1;
- }
- if (memcmp(cret,cbc_cksum_data,8) != 0)
- {
- printf("bad cbc_cksum block returned\n");
- err=1;
- }
-
- printf("Doing quad_cksum\n");
- cs=des_quad_cksum(cbc_data,(des_cblock *)lqret,
- (long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv);
- if (cs != 0x70d7a63aL)
- {
- printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
- (unsigned long)cs);
- err=1;
- }
-#ifdef _CRAY
- if (lqret[0].a != 0x327eba8dL)
- {
- printf("quad_cksum error, out[0] %08lx is not %08lx\n",
- (unsigned long)lqret[0].a,0x327eba8dUL);
- err=1;
- }
- if (lqret[0].b != 0x201a49ccL)
- {
- printf("quad_cksum error, out[1] %08lx is not %08lx\n",
- (unsigned long)lqret[0].b,0x201a49ccUL);
- err=1;
- }
- if (lqret[1].a != 0x70d7a63aL)
- {
- printf("quad_cksum error, out[2] %08lx is not %08lx\n",
- (unsigned long)lqret[1].a,0x70d7a63aUL);
- err=1;
- }
- if (lqret[1].b != 0x501c2c26L)
- {
- printf("quad_cksum error, out[3] %08lx is not %08lx\n",
- (unsigned long)lqret[1].b,0x501c2c26UL);
- err=1;
- }
-#else
- if (lqret[0] != 0x327eba8dL)
- {
- printf("quad_cksum error, out[0] %08lx is not %08lx\n",
- (unsigned long)lqret[0],0x327eba8dUL);
- err=1;
- }
- if (lqret[1] != 0x201a49ccL)
- {
- printf("quad_cksum error, out[1] %08lx is not %08lx\n",
- (unsigned long)lqret[1],0x201a49ccUL);
- err=1;
- }
- if (lqret[2] != 0x70d7a63aL)
- {
- printf("quad_cksum error, out[2] %08lx is not %08lx\n",
- (unsigned long)lqret[2],0x70d7a63aUL);
- err=1;
- }
- if (lqret[3] != 0x501c2c26L)
- {
- printf("quad_cksum error, out[3] %08lx is not %08lx\n",
- (unsigned long)lqret[3],0x501c2c26UL);
- err=1;
- }
-#endif
-#endif
-
- printf("input word alignment test");
- for (i=0; i<4; i++)
- {
- printf(" %d",i);
- des_ncbc_encrypt(&(cbc_out[i]),cbc_in,
- strlen((char *)cbc_data)+1,ks,
- &cbc_iv,DES_ENCRYPT);
- }
- printf("\noutput word alignment test");
- for (i=0; i<4; i++)
- {
- printf(" %d",i);
- des_ncbc_encrypt(cbc_out,&(cbc_in[i]),
- strlen((char *)cbc_data)+1,ks,
- &cbc_iv,DES_ENCRYPT);
- }
- printf("\n");
- printf("fast crypt test ");
- str=crypt("testing","ef");
- if (strcmp("efGnQx2725bI2",str) != 0)
- {
- printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
- err=1;
- }
- str=crypt("bca76;23","yA");
- if (strcmp("yA1Rp/1hZXIJk",str) != 0)
- {
- printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
- err=1;
- }
-#ifdef OPENSSL_SYS_NETWARE
- if (err) printf("ERROR: %d\n", err);
-#endif
- printf("\n");
- return(err);
- }
-
-static char *pt(unsigned char *p)
- {
- static char bufs[10][20];
- static int bnum=0;
- char *ret;
- int i;
- static char *f="0123456789ABCDEF";
-
- ret= &(bufs[bnum++][0]);
- bnum%=10;
- for (i=0; i<8; i++)
- {
- ret[i*2]=f[(p[i]>>4)&0xf];
- ret[i*2+1]=f[p[i]&0xf];
- }
- ret[16]='\0';
- return(ret);
- }
-
-#ifndef LIBDES_LIT
-
-static int cfb_test(int bits, unsigned char *cfb_cipher)
- {
- des_key_schedule ks;
- int i,err=0;
-
- DES_set_key_checked(&cfb_key,&ks);
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,
- DES_ENCRYPT);
- if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
- {
- err=1;
- printf("cfb_encrypt encrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf1[i])));
- }
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp,
- DES_DECRYPT);
- if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
- {
- err=1;
- printf("cfb_encrypt decrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf1[i])));
- }
- return(err);
- }
-
-static int cfb64_test(unsigned char *cfb_cipher)
- {
- des_key_schedule ks;
- int err=0,i,n;
-
- DES_set_key_checked(&cfb_key,&ks);
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- n=0;
- des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);
- des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks,
- &cfb_tmp,&n,DES_ENCRYPT);
- if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
- {
- err=1;
- printf("cfb_encrypt encrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf1[i])));
- }
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- n=0;
- des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT);
- des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
- sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT);
- if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
- {
- err=1;
- printf("cfb_encrypt decrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf2[i])));
- }
- return(err);
- }
-
-static int ede_cfb64_test(unsigned char *cfb_cipher)
- {
- des_key_schedule ks;
- int err=0,i,n;
-
- DES_set_key_checked(&cfb_key,&ks);
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- n=0;
- des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,
- DES_ENCRYPT);
- des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
- sizeof(plain)-12,ks,ks,ks,
- &cfb_tmp,&n,DES_ENCRYPT);
- if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
- {
- err=1;
- printf("ede_cfb_encrypt encrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf1[i])));
- }
- memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
- n=0;
- des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
- &cfb_tmp,&n,DES_DECRYPT);
- des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
- sizeof(plain)-17,ks,ks,ks,
- &cfb_tmp,&n,DES_DECRYPT);
- if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
- {
- err=1;
- printf("ede_cfb_encrypt decrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf2[i])));
- }
- return(err);
- }
-
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/destest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/destest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/destest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/destest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,929 @@
+/* crypto/des/destest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <openssl/e_os2.h>
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WINDOWS)
+# ifndef OPENSSL_SYS_MSDOS
+# define OPENSSL_SYS_MSDOS
+# endif
+#endif
+
+#ifndef OPENSSL_SYS_MSDOS
+# if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC)
+# include OPENSSL_UNISTD
+# endif
+#else
+# include <io.h>
+#endif
+#include <string.h>
+
+#ifdef OPENSSL_NO_DES
+int main(int argc, char *argv[])
+{
+ printf("No DES support\n");
+ return (0);
+}
+#else
+# include <openssl/des.h>
+
+# define crypt(c,s) (DES_crypt((c),(s)))
+
+/* tisk tisk - the test keys don't all have odd parity :-( */
+/* test data */
+# define NUM_TESTS 34
+static unsigned char key_data[NUM_TESTS][8] = {
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ {0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10},
+ {0x7C, 0xA1, 0x10, 0x45, 0x4A, 0x1A, 0x6E, 0x57},
+ {0x01, 0x31, 0xD9, 0x61, 0x9D, 0xC1, 0x37, 0x6E},
+ {0x07, 0xA1, 0x13, 0x3E, 0x4A, 0x0B, 0x26, 0x86},
+ {0x38, 0x49, 0x67, 0x4C, 0x26, 0x02, 0x31, 0x9E},
+ {0x04, 0xB9, 0x15, 0xBA, 0x43, 0xFE, 0xB5, 0xB6},
+ {0x01, 0x13, 0xB9, 0x70, 0xFD, 0x34, 0xF2, 0xCE},
+ {0x01, 0x70, 0xF1, 0x75, 0x46, 0x8F, 0xB5, 0xE6},
+ {0x43, 0x29, 0x7F, 0xAD, 0x38, 0xE3, 0x73, 0xFE},
+ {0x07, 0xA7, 0x13, 0x70, 0x45, 0xDA, 0x2A, 0x16},
+ {0x04, 0x68, 0x91, 0x04, 0xC2, 0xFD, 0x3B, 0x2F},
+ {0x37, 0xD0, 0x6B, 0xB5, 0x16, 0xCB, 0x75, 0x46},
+ {0x1F, 0x08, 0x26, 0x0D, 0x1A, 0xC2, 0x46, 0x5E},
+ {0x58, 0x40, 0x23, 0x64, 0x1A, 0xBA, 0x61, 0x76},
+ {0x02, 0x58, 0x16, 0x16, 0x46, 0x29, 0xB0, 0x07},
+ {0x49, 0x79, 0x3E, 0xBC, 0x79, 0xB3, 0x25, 0x8F},
+ {0x4F, 0xB0, 0x5E, 0x15, 0x15, 0xAB, 0x73, 0xA7},
+ {0x49, 0xE9, 0x5D, 0x6D, 0x4C, 0xA2, 0x29, 0xBF},
+ {0x01, 0x83, 0x10, 0xDC, 0x40, 0x9B, 0x26, 0xD6},
+ {0x1C, 0x58, 0x7F, 0x1C, 0x13, 0x92, 0x4F, 0xEF},
+ {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+ {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+ {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10}
+};
+
+static unsigned char plain_data[NUM_TESTS][8] = {
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ {0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+ {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+ {0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0x01, 0xA1, 0xD6, 0xD0, 0x39, 0x77, 0x67, 0x42},
+ {0x5C, 0xD5, 0x4C, 0xA8, 0x3D, 0xEF, 0x57, 0xDA},
+ {0x02, 0x48, 0xD4, 0x38, 0x06, 0xF6, 0x71, 0x72},
+ {0x51, 0x45, 0x4B, 0x58, 0x2D, 0xDF, 0x44, 0x0A},
+ {0x42, 0xFD, 0x44, 0x30, 0x59, 0x57, 0x7F, 0xA2},
+ {0x05, 0x9B, 0x5E, 0x08, 0x51, 0xCF, 0x14, 0x3A},
+ {0x07, 0x56, 0xD8, 0xE0, 0x77, 0x47, 0x61, 0xD2},
+ {0x76, 0x25, 0x14, 0xB8, 0x29, 0xBF, 0x48, 0x6A},
+ {0x3B, 0xDD, 0x11, 0x90, 0x49, 0x37, 0x28, 0x02},
+ {0x26, 0x95, 0x5F, 0x68, 0x35, 0xAF, 0x60, 0x9A},
+ {0x16, 0x4D, 0x5E, 0x40, 0x4F, 0x27, 0x52, 0x32},
+ {0x6B, 0x05, 0x6E, 0x18, 0x75, 0x9F, 0x5C, 0xCA},
+ {0x00, 0x4B, 0xD6, 0xEF, 0x09, 0x17, 0x60, 0x62},
+ {0x48, 0x0D, 0x39, 0x00, 0x6E, 0xE7, 0x62, 0xF2},
+ {0x43, 0x75, 0x40, 0xC8, 0x69, 0x8F, 0x3C, 0xFA},
+ {0x07, 0x2D, 0x43, 0xA0, 0x77, 0x07, 0x52, 0x92},
+ {0x02, 0xFE, 0x55, 0x77, 0x81, 0x17, 0xF1, 0x2A},
+ {0x1D, 0x9D, 0x5C, 0x50, 0x18, 0xF7, 0x28, 0xC2},
+ {0x30, 0x55, 0x32, 0x28, 0x6D, 0x6F, 0x29, 0x5A},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}
+};
+
+static unsigned char cipher_data[NUM_TESTS][8] = {
+ {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
+ {0x73, 0x59, 0xB2, 0x16, 0x3E, 0x4E, 0xDC, 0x58},
+ {0x95, 0x8E, 0x6E, 0x62, 0x7A, 0x05, 0x55, 0x7B},
+ {0xF4, 0x03, 0x79, 0xAB, 0x9E, 0x0E, 0xC5, 0x33},
+ {0x17, 0x66, 0x8D, 0xFC, 0x72, 0x92, 0x53, 0x2D},
+ {0x8A, 0x5A, 0xE1, 0xF8, 0x1A, 0xB8, 0xF2, 0xDD},
+ {0x8C, 0xA6, 0x4D, 0xE9, 0xC1, 0xB1, 0x23, 0xA7},
+ {0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74, 0xBC, 0xC4},
+ {0x69, 0x0F, 0x5B, 0x0D, 0x9A, 0x26, 0x93, 0x9B},
+ {0x7A, 0x38, 0x9D, 0x10, 0x35, 0x4B, 0xD2, 0x71},
+ {0x86, 0x8E, 0xBB, 0x51, 0xCA, 0xB4, 0x59, 0x9A},
+ {0x71, 0x78, 0x87, 0x6E, 0x01, 0xF1, 0x9B, 0x2A},
+ {0xAF, 0x37, 0xFB, 0x42, 0x1F, 0x8C, 0x40, 0x95},
+ {0x86, 0xA5, 0x60, 0xF1, 0x0E, 0xC6, 0xD8, 0x5B},
+ {0x0C, 0xD3, 0xDA, 0x02, 0x00, 0x21, 0xDC, 0x09},
+ {0xEA, 0x67, 0x6B, 0x2C, 0xB7, 0xDB, 0x2B, 0x7A},
+ {0xDF, 0xD6, 0x4A, 0x81, 0x5C, 0xAF, 0x1A, 0x0F},
+ {0x5C, 0x51, 0x3C, 0x9C, 0x48, 0x86, 0xC0, 0x88},
+ {0x0A, 0x2A, 0xEE, 0xAE, 0x3F, 0xF4, 0xAB, 0x77},
+ {0xEF, 0x1B, 0xF0, 0x3E, 0x5D, 0xFA, 0x57, 0x5A},
+ {0x88, 0xBF, 0x0D, 0xB6, 0xD7, 0x0D, 0xEE, 0x56},
+ {0xA1, 0xF9, 0x91, 0x55, 0x41, 0x02, 0x0B, 0x56},
+ {0x6F, 0xBF, 0x1C, 0xAF, 0xCF, 0xFD, 0x05, 0x56},
+ {0x2F, 0x22, 0xE4, 0x9B, 0xAB, 0x7C, 0xA1, 0xAC},
+ {0x5A, 0x6B, 0x61, 0x2C, 0xC2, 0x6C, 0xCE, 0x4A},
+ {0x5F, 0x4C, 0x03, 0x8E, 0xD1, 0x2B, 0x2E, 0x41},
+ {0x63, 0xFA, 0xC0, 0xD0, 0x34, 0xD9, 0xF7, 0x93},
+ {0x61, 0x7B, 0x3A, 0x0C, 0xE8, 0xF0, 0x71, 0x00},
+ {0xDB, 0x95, 0x86, 0x05, 0xF8, 0xC8, 0xC6, 0x06},
+ {0xED, 0xBF, 0xD1, 0xC6, 0x6C, 0x29, 0xCC, 0xC7},
+ {0x35, 0x55, 0x50, 0xB2, 0x15, 0x0E, 0x24, 0x51},
+ {0xCA, 0xAA, 0xAF, 0x4D, 0xEA, 0xF1, 0xDB, 0xAE},
+ {0xD5, 0xD4, 0x4F, 0xF7, 0x20, 0x68, 0x3D, 0x0D},
+ {0x2A, 0x2B, 0xB0, 0x08, 0xDF, 0x97, 0xC2, 0xF2}
+};
+
+static unsigned char cipher_ecb2[NUM_TESTS - 1][8] = {
+ {0x92, 0x95, 0xB5, 0x9B, 0xB3, 0x84, 0x73, 0x6E},
+ {0x19, 0x9E, 0x9D, 0x6D, 0xF3, 0x9A, 0xA8, 0x16},
+ {0x2A, 0x4B, 0x4D, 0x24, 0x52, 0x43, 0x84, 0x27},
+ {0x35, 0x84, 0x3C, 0x01, 0x9D, 0x18, 0xC5, 0xB6},
+ {0x4A, 0x5B, 0x2F, 0x42, 0xAA, 0x77, 0x19, 0x25},
+ {0xA0, 0x6B, 0xA9, 0xB8, 0xCA, 0x5B, 0x17, 0x8A},
+ {0xAB, 0x9D, 0xB7, 0xFB, 0xED, 0x95, 0xF2, 0x74},
+ {0x3D, 0x25, 0x6C, 0x23, 0xA7, 0x25, 0x2F, 0xD6},
+ {0xB7, 0x6F, 0xAB, 0x4F, 0xBD, 0xBD, 0xB7, 0x67},
+ {0x8F, 0x68, 0x27, 0xD6, 0x9C, 0xF4, 0x1A, 0x10},
+ {0x82, 0x57, 0xA1, 0xD6, 0x50, 0x5E, 0x81, 0x85},
+ {0xA2, 0x0F, 0x0A, 0xCD, 0x80, 0x89, 0x7D, 0xFA},
+ {0xCD, 0x2A, 0x53, 0x3A, 0xDB, 0x0D, 0x7E, 0xF3},
+ {0xD2, 0xC2, 0xBE, 0x27, 0xE8, 0x1B, 0x68, 0xE3},
+ {0xE9, 0x24, 0xCF, 0x4F, 0x89, 0x3C, 0x5B, 0x0A},
+ {0xA7, 0x18, 0xC3, 0x9F, 0xFA, 0x9F, 0xD7, 0x69},
+ {0x77, 0x2C, 0x79, 0xB1, 0xD2, 0x31, 0x7E, 0xB1},
+ {0x49, 0xAB, 0x92, 0x7F, 0xD0, 0x22, 0x00, 0xB7},
+ {0xCE, 0x1C, 0x6C, 0x7D, 0x85, 0xE3, 0x4A, 0x6F},
+ {0xBE, 0x91, 0xD6, 0xE1, 0x27, 0xB2, 0xE9, 0x87},
+ {0x70, 0x28, 0xAE, 0x8F, 0xD1, 0xF5, 0x74, 0x1A},
+ {0xAA, 0x37, 0x80, 0xBB, 0xF3, 0x22, 0x1D, 0xDE},
+ {0xA6, 0xC4, 0xD2, 0x5E, 0x28, 0x93, 0xAC, 0xB3},
+ {0x22, 0x07, 0x81, 0x5A, 0xE4, 0xB7, 0x1A, 0xAD},
+ {0xDC, 0xCE, 0x05, 0xE7, 0x07, 0xBD, 0xF5, 0x84},
+ {0x26, 0x1D, 0x39, 0x2C, 0xB3, 0xBA, 0xA5, 0x85},
+ {0xB4, 0xF7, 0x0F, 0x72, 0xFB, 0x04, 0xF0, 0xDC},
+ {0x95, 0xBA, 0xA9, 0x4E, 0x87, 0x36, 0xF2, 0x89},
+ {0xD4, 0x07, 0x3A, 0xF1, 0x5A, 0x17, 0x82, 0x0E},
+ {0xEF, 0x6F, 0xAF, 0xA7, 0x66, 0x1A, 0x7E, 0x89},
+ {0xC1, 0x97, 0xF5, 0x58, 0x74, 0x8A, 0x20, 0xE7},
+ {0x43, 0x34, 0xCF, 0xDA, 0x22, 0xC4, 0x86, 0xC8},
+ {0x08, 0xD7, 0xB4, 0xFB, 0x62, 0x9D, 0x08, 0x85}
+};
+
+static unsigned char cbc_key[8] =
+ { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
+static unsigned char cbc2_key[8] =
+ { 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86 };
+static unsigned char cbc3_key[8] =
+ { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
+static unsigned char cbc_iv[8] =
+ { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
+/*
+ * Changed the following text constant to binary so it will work on ebcdic
+ * machines :-)
+ */
+/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
+static unsigned char cbc_data[40] = {
+ 0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
+ 0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
+ 0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20,
+ 0x66, 0x6F, 0x72, 0x20, 0x00, 0x31, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+};
+
+static unsigned char cbc_ok[32] = {
+ 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
+ 0xac, 0xd8, 0xae, 0xfd, 0xdf, 0xd8, 0xa1, 0xeb,
+ 0x46, 0x8e, 0x91, 0x15, 0x78, 0x88, 0xba, 0x68,
+ 0x1d, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4
+};
+
+# ifdef SCREW_THE_PARITY
+# error "SCREW_THE_PARITY is not ment to be defined."
+# error "Original vectors are preserved for reference only."
+static unsigned char cbc2_key[8] =
+ { 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 };
+static unsigned char xcbc_ok[32] = {
+ 0x86, 0x74, 0x81, 0x0D, 0x61, 0xA4, 0xA5, 0x48,
+ 0xB9, 0x93, 0x03, 0xE1, 0xB8, 0xBB, 0xBD, 0xBD,
+ 0x64, 0x30, 0x0B, 0xB9, 0x06, 0x65, 0x81, 0x76,
+ 0x04, 0x1D, 0x77, 0x62, 0x17, 0xCA, 0x2B, 0xD2,
+};
+# else
+static unsigned char xcbc_ok[32] = {
+ 0x84, 0x6B, 0x29, 0x14, 0x85, 0x1E, 0x9A, 0x29,
+ 0x54, 0x73, 0x2F, 0x8A, 0xA0, 0xA6, 0x11, 0xC1,
+ 0x15, 0xCD, 0xC2, 0xD7, 0x95, 0x1B, 0x10, 0x53,
+ 0xA6, 0x3C, 0x5E, 0x03, 0xB2, 0x1A, 0xA3, 0xC4,
+};
+# endif
+
+static unsigned char cbc3_ok[32] = {
+ 0x3F, 0xE3, 0x01, 0xC9, 0x62, 0xAC, 0x01, 0xD0,
+ 0x22, 0x13, 0x76, 0x3C, 0x1C, 0xBD, 0x4C, 0xDC,
+ 0x79, 0x96, 0x57, 0xC0, 0x64, 0xEC, 0xF5, 0xD4,
+ 0x1C, 0x67, 0x38, 0x12, 0xCF, 0xDE, 0x96, 0x75
+};
+
+static unsigned char pcbc_ok[32] = {
+ 0xcc, 0xd1, 0x73, 0xff, 0xab, 0x20, 0x39, 0xf4,
+ 0x6d, 0xec, 0xb4, 0x70, 0xa0, 0xe5, 0x6b, 0x15,
+ 0xae, 0xa6, 0xbf, 0x61, 0xed, 0x7d, 0x9c, 0x9f,
+ 0xf7, 0x17, 0x46, 0x3b, 0x8a, 0xb3, 0xcc, 0x88
+};
+
+static unsigned char cfb_key[8] =
+ { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
+static unsigned char cfb_iv[8] =
+ { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef };
+static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
+static unsigned char plain[24] = {
+ 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
+ 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
+ 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
+};
+
+static unsigned char cfb_cipher8[24] = {
+ 0xf3, 0x1f, 0xda, 0x07, 0x01, 0x14, 0x62, 0xee, 0x18, 0x7f, 0x43, 0xd8,
+ 0x0a, 0x7c, 0xd9, 0xb5, 0xb0, 0xd2, 0x90, 0xda, 0x6e, 0x5b, 0x9a, 0x87
+};
+
+static unsigned char cfb_cipher16[24] = {
+ 0xF3, 0x09, 0x87, 0x87, 0x7F, 0x57, 0xF7, 0x3C, 0x36, 0xB6, 0xDB, 0x70,
+ 0xD8, 0xD5, 0x34, 0x19, 0xD3, 0x86, 0xB2, 0x23, 0xB7, 0xB2, 0xAD, 0x1B
+};
+
+static unsigned char cfb_cipher32[24] = {
+ 0xF3, 0x09, 0x62, 0x49, 0xA4, 0xDF, 0xA4, 0x9F, 0x33, 0xDC, 0x7B, 0xAD,
+ 0x4C, 0xC8, 0x9F, 0x64, 0xE4, 0x53, 0xE5, 0xEC, 0x67, 0x20, 0xDA, 0xB6
+};
+
+static unsigned char cfb_cipher48[24] = {
+ 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x30, 0xB5, 0x15, 0xEC, 0xBB, 0x85,
+ 0x97, 0x5A, 0x13, 0x8C, 0x68, 0x60, 0xE2, 0x38, 0x34, 0x3C, 0xDC, 0x1F
+};
+
+static unsigned char cfb_cipher64[24] = {
+ 0xF3, 0x09, 0x62, 0x49, 0xC7, 0xF4, 0x6E, 0x51, 0xA6, 0x9E, 0x83, 0x9B,
+ 0x1A, 0x92, 0xF7, 0x84, 0x03, 0x46, 0x71, 0x33, 0x89, 0x8E, 0xA6, 0x22
+};
+
+static unsigned char ofb_key[8] =
+ { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef };
+static unsigned char ofb_iv[8] =
+ { 0x12, 0x34, 0x56, 0x78, 0x90, 0xab, 0xcd, 0xef };
+static unsigned char ofb_buf1[24], ofb_buf2[24], ofb_tmp[8];
+static unsigned char ofb_cipher[24] = {
+ 0xf3, 0x09, 0x62, 0x49, 0xc7, 0xf4, 0x6e, 0x51,
+ 0x35, 0xf2, 0x4a, 0x24, 0x2e, 0xeb, 0x3d, 0x3f,
+ 0x3d, 0x6d, 0x5b, 0xe3, 0x25, 0x5a, 0xf8, 0xc3
+};
+
+# if 0
+static DES_LONG cbc_cksum_ret = 0xB462FEF7L;
+# else
+static DES_LONG cbc_cksum_ret = 0xF7FE62B4L;
+# endif
+static unsigned char cbc_cksum_data[8] =
+ { 0x1D, 0x26, 0x93, 0x97, 0xf7, 0xfe, 0x62, 0xb4 };
+
+static char *pt(unsigned char *p);
+static int cfb_test(int bits, unsigned char *cfb_cipher);
+static int cfb64_test(unsigned char *cfb_cipher);
+static int ede_cfb64_test(unsigned char *cfb_cipher);
+int main(int argc, char *argv[])
+{
+ int j, err = 0;
+ unsigned int i;
+ des_cblock in, out, outin, iv3, iv2;
+ des_key_schedule ks, ks2, ks3;
+ unsigned char cbc_in[40];
+ unsigned char cbc_out[40];
+ DES_LONG cs;
+ unsigned char cret[8];
+# ifdef _CRAY
+ struct {
+ int a:32;
+ int b:32;
+ } lqret[2];
+# else
+ DES_LONG lqret[4];
+# endif
+ int num;
+ char *str;
+
+# ifndef OPENSSL_NO_DESCBCM
+ printf("Doing cbcm\n");
+ if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) {
+ printf("Key error %d\n", j);
+ err = 1;
+ }
+ if ((j = DES_set_key_checked(&cbc2_key, &ks2)) != 0) {
+ printf("Key error %d\n", j);
+ err = 1;
+ }
+ if ((j = DES_set_key_checked(&cbc3_key, &ks3)) != 0) {
+ printf("Key error %d\n", j);
+ err = 1;
+ }
+ memset(cbc_out, 0, 40);
+ memset(cbc_in, 0, 40);
+ i = strlen((char *)cbc_data) + 1;
+ /* i=((i+7)/8)*8; */
+ memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+ memset(iv2, '\0', sizeof iv2);
+
+ DES_ede3_cbcm_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, &iv2,
+ DES_ENCRYPT);
+ DES_ede3_cbcm_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2,
+ &ks3, &iv3, &iv2, DES_ENCRYPT);
+/*- if (memcmp(cbc_out,cbc3_ok,
+ (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+ {
+ printf("des_ede3_cbc_encrypt encrypt error\n");
+ err=1;
+ }
+*/
+ memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+ memset(iv2, '\0', sizeof iv2);
+ DES_ede3_cbcm_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, &iv2,
+ DES_DECRYPT);
+ if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {
+ unsigned int n;
+
+ printf("des_ede3_cbcm_encrypt decrypt error\n");
+ for (n = 0; n < i; ++n)
+ printf(" %02x", cbc_data[n]);
+ printf("\n");
+ for (n = 0; n < i; ++n)
+ printf(" %02x", cbc_in[n]);
+ printf("\n");
+ err = 1;
+ }
+# endif
+
+ printf("Doing ecb\n");
+ for (i = 0; i < NUM_TESTS; i++) {
+ DES_set_key_unchecked(&key_data[i], &ks);
+ memcpy(in, plain_data[i], 8);
+ memset(out, 0, 8);
+ memset(outin, 0, 8);
+ des_ecb_encrypt(&in, &out, ks, DES_ENCRYPT);
+ des_ecb_encrypt(&out, &outin, ks, DES_DECRYPT);
+
+ if (memcmp(out, cipher_data[i], 8) != 0) {
+ printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+ i + 1, pt(key_data[i]), pt(in), pt(cipher_data[i]),
+ pt(out));
+ err = 1;
+ }
+ if (memcmp(in, outin, 8) != 0) {
+ printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+ i + 1, pt(key_data[i]), pt(out), pt(in), pt(outin));
+ err = 1;
+ }
+ }
+
+# ifndef LIBDES_LIT
+ printf("Doing ede ecb\n");
+ for (i = 0; i < (NUM_TESTS - 2); i++) {
+ DES_set_key_unchecked(&key_data[i], &ks);
+ DES_set_key_unchecked(&key_data[i + 1], &ks2);
+ DES_set_key_unchecked(&key_data[i + 2], &ks3);
+ memcpy(in, plain_data[i], 8);
+ memset(out, 0, 8);
+ memset(outin, 0, 8);
+ des_ecb2_encrypt(&in, &out, ks, ks2, DES_ENCRYPT);
+ des_ecb2_encrypt(&out, &outin, ks, ks2, DES_DECRYPT);
+
+ if (memcmp(out, cipher_ecb2[i], 8) != 0) {
+ printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+ i + 1, pt(key_data[i]), pt(in), pt(cipher_ecb2[i]),
+ pt(out));
+ err = 1;
+ }
+ if (memcmp(in, outin, 8) != 0) {
+ printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+ i + 1, pt(key_data[i]), pt(out), pt(in), pt(outin));
+ err = 1;
+ }
+ }
+# endif
+
+ printf("Doing cbc\n");
+ if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) {
+ printf("Key error %d\n", j);
+ err = 1;
+ }
+ memset(cbc_out, 0, 40);
+ memset(cbc_in, 0, 40);
+ memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+ des_ncbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, ks,
+ &iv3, DES_ENCRYPT);
+ if (memcmp(cbc_out, cbc_ok, 32) != 0) {
+ printf("cbc_encrypt encrypt error\n");
+ err = 1;
+ }
+
+ memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+ des_ncbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, ks,
+ &iv3, DES_DECRYPT);
+ if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data)) != 0) {
+ printf("cbc_encrypt decrypt error\n");
+ err = 1;
+ }
+# ifndef LIBDES_LIT
+ printf("Doing desx cbc\n");
+ if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) {
+ printf("Key error %d\n", j);
+ err = 1;
+ }
+ memset(cbc_out, 0, 40);
+ memset(cbc_in, 0, 40);
+ memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+ des_xcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, ks,
+ &iv3, &cbc2_key, &cbc3_key, DES_ENCRYPT);
+ if (memcmp(cbc_out, xcbc_ok, 32) != 0) {
+ printf("des_xcbc_encrypt encrypt error\n");
+ err = 1;
+ }
+ memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+ des_xcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, ks,
+ &iv3, &cbc2_key, &cbc3_key, DES_DECRYPT);
+ if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {
+ printf("des_xcbc_encrypt decrypt error\n");
+ err = 1;
+ }
+# endif
+
+ printf("Doing ede cbc\n");
+ if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) {
+ printf("Key error %d\n", j);
+ err = 1;
+ }
+ if ((j = DES_set_key_checked(&cbc2_key, &ks2)) != 0) {
+ printf("Key error %d\n", j);
+ err = 1;
+ }
+ if ((j = DES_set_key_checked(&cbc3_key, &ks3)) != 0) {
+ printf("Key error %d\n", j);
+ err = 1;
+ }
+ memset(cbc_out, 0, 40);
+ memset(cbc_in, 0, 40);
+ i = strlen((char *)cbc_data) + 1;
+ /* i=((i+7)/8)*8; */
+ memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+
+ des_ede3_cbc_encrypt(cbc_data, cbc_out, 16L, ks, ks2, ks3, &iv3,
+ DES_ENCRYPT);
+ des_ede3_cbc_encrypt(&(cbc_data[16]), &(cbc_out[16]), i - 16, ks, ks2,
+ ks3, &iv3, DES_ENCRYPT);
+ if (memcmp
+ (cbc_out, cbc3_ok,
+ (unsigned int)(strlen((char *)cbc_data) + 1 + 7) / 8 * 8) != 0) {
+ unsigned int n;
+
+ printf("des_ede3_cbc_encrypt encrypt error\n");
+ for (n = 0; n < i; ++n)
+ printf(" %02x", cbc_out[n]);
+ printf("\n");
+ for (n = 0; n < i; ++n)
+ printf(" %02x", cbc3_ok[n]);
+ printf("\n");
+ err = 1;
+ }
+
+ memcpy(iv3, cbc_iv, sizeof(cbc_iv));
+ des_ede3_cbc_encrypt(cbc_out, cbc_in, i, ks, ks2, ks3, &iv3, DES_DECRYPT);
+ if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {
+ unsigned int n;
+
+ printf("des_ede3_cbc_encrypt decrypt error\n");
+ for (n = 0; n < i; ++n)
+ printf(" %02x", cbc_data[n]);
+ printf("\n");
+ for (n = 0; n < i; ++n)
+ printf(" %02x", cbc_in[n]);
+ printf("\n");
+ err = 1;
+ }
+# ifndef LIBDES_LIT
+ printf("Doing pcbc\n");
+ if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) {
+ printf("Key error %d\n", j);
+ err = 1;
+ }
+ memset(cbc_out, 0, 40);
+ memset(cbc_in, 0, 40);
+ des_pcbc_encrypt(cbc_data, cbc_out, strlen((char *)cbc_data) + 1, ks,
+ &cbc_iv, DES_ENCRYPT);
+ if (memcmp(cbc_out, pcbc_ok, 32) != 0) {
+ printf("pcbc_encrypt encrypt error\n");
+ err = 1;
+ }
+ des_pcbc_encrypt(cbc_out, cbc_in, strlen((char *)cbc_data) + 1, ks,
+ &cbc_iv, DES_DECRYPT);
+ if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) {
+ printf("pcbc_encrypt decrypt error\n");
+ err = 1;
+ }
+
+ printf("Doing ");
+ printf("cfb8 ");
+ err += cfb_test(8, cfb_cipher8);
+ printf("cfb16 ");
+ err += cfb_test(16, cfb_cipher16);
+ printf("cfb32 ");
+ err += cfb_test(32, cfb_cipher32);
+ printf("cfb48 ");
+ err += cfb_test(48, cfb_cipher48);
+ printf("cfb64 ");
+ err += cfb_test(64, cfb_cipher64);
+
+ printf("cfb64() ");
+ err += cfb64_test(cfb_cipher64);
+
+ memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+ for (i = 0; i < sizeof(plain); i++)
+ des_cfb_encrypt(&(plain[i]), &(cfb_buf1[i]),
+ 8, 1, ks, &cfb_tmp, DES_ENCRYPT);
+ if (memcmp(cfb_cipher8, cfb_buf1, sizeof(plain)) != 0) {
+ printf("cfb_encrypt small encrypt error\n");
+ err = 1;
+ }
+
+ memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+ for (i = 0; i < sizeof(plain); i++)
+ des_cfb_encrypt(&(cfb_buf1[i]), &(cfb_buf2[i]),
+ 8, 1, ks, &cfb_tmp, DES_DECRYPT);
+ if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) {
+ printf("cfb_encrypt small decrypt error\n");
+ err = 1;
+ }
+
+ printf("ede_cfb64() ");
+ err += ede_cfb64_test(cfb_cipher64);
+
+ printf("done\n");
+
+ printf("Doing ofb\n");
+ DES_set_key_checked(&ofb_key, &ks);
+ memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
+ des_ofb_encrypt(plain, ofb_buf1, 64, sizeof(plain) / 8, ks, &ofb_tmp);
+ if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) {
+ printf("ofb_encrypt encrypt error\n");
+ printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ ofb_buf1[8 + 0], ofb_buf1[8 + 1], ofb_buf1[8 + 2],
+ ofb_buf1[8 + 3], ofb_buf1[8 + 4], ofb_buf1[8 + 5],
+ ofb_buf1[8 + 6], ofb_buf1[8 + 7]);
+ printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", ofb_buf1[8 + 0],
+ ofb_cipher[8 + 1], ofb_cipher[8 + 2], ofb_cipher[8 + 3],
+ ofb_buf1[8 + 4], ofb_cipher[8 + 5], ofb_cipher[8 + 6],
+ ofb_cipher[8 + 7]);
+ err = 1;
+ }
+ memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
+ des_ofb_encrypt(ofb_buf1, ofb_buf2, 64, sizeof(ofb_buf1) / 8, ks,
+ &ofb_tmp);
+ if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) {
+ printf("ofb_encrypt decrypt error\n");
+ printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ ofb_buf2[8 + 0], ofb_buf2[8 + 1], ofb_buf2[8 + 2],
+ ofb_buf2[8 + 3], ofb_buf2[8 + 4], ofb_buf2[8 + 5],
+ ofb_buf2[8 + 6], ofb_buf2[8 + 7]);
+ printf("%02X %02X %02X %02X %02X %02X %02X %02X\n", plain[8 + 0],
+ plain[8 + 1], plain[8 + 2], plain[8 + 3], plain[8 + 4],
+ plain[8 + 5], plain[8 + 6], plain[8 + 7]);
+ err = 1;
+ }
+
+ printf("Doing ofb64\n");
+ DES_set_key_checked(&ofb_key, &ks);
+ memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
+ memset(ofb_buf1, 0, sizeof(ofb_buf1));
+ memset(ofb_buf2, 0, sizeof(ofb_buf1));
+ num = 0;
+ for (i = 0; i < sizeof(plain); i++) {
+ des_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, ks, &ofb_tmp, &num);
+ }
+ if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) {
+ printf("ofb64_encrypt encrypt error\n");
+ err = 1;
+ }
+ memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
+ num = 0;
+ des_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), ks, &ofb_tmp,
+ &num);
+ if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) {
+ printf("ofb64_encrypt decrypt error\n");
+ err = 1;
+ }
+
+ printf("Doing ede_ofb64\n");
+ DES_set_key_checked(&ofb_key, &ks);
+ memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
+ memset(ofb_buf1, 0, sizeof(ofb_buf1));
+ memset(ofb_buf2, 0, sizeof(ofb_buf1));
+ num = 0;
+ for (i = 0; i < sizeof(plain); i++) {
+ des_ede3_ofb64_encrypt(&(plain[i]), &(ofb_buf1[i]), 1, ks, ks,
+ ks, &ofb_tmp, &num);
+ }
+ if (memcmp(ofb_cipher, ofb_buf1, sizeof(ofb_buf1)) != 0) {
+ printf("ede_ofb64_encrypt encrypt error\n");
+ err = 1;
+ }
+ memcpy(ofb_tmp, ofb_iv, sizeof(ofb_iv));
+ num = 0;
+ des_ede3_ofb64_encrypt(ofb_buf1, ofb_buf2, sizeof(ofb_buf1), ks, ks, ks,
+ &ofb_tmp, &num);
+ if (memcmp(plain, ofb_buf2, sizeof(ofb_buf2)) != 0) {
+ printf("ede_ofb64_encrypt decrypt error\n");
+ err = 1;
+ }
+
+ printf("Doing cbc_cksum\n");
+ DES_set_key_checked(&cbc_key, &ks);
+ cs = des_cbc_cksum(cbc_data, &cret, strlen((char *)cbc_data), ks,
+ &cbc_iv);
+ if (cs != cbc_cksum_ret) {
+ printf("bad return value (%08lX), should be %08lX\n",
+ (unsigned long)cs, (unsigned long)cbc_cksum_ret);
+ err = 1;
+ }
+ if (memcmp(cret, cbc_cksum_data, 8) != 0) {
+ printf("bad cbc_cksum block returned\n");
+ err = 1;
+ }
+
+ printf("Doing quad_cksum\n");
+ cs = des_quad_cksum(cbc_data, (des_cblock *)lqret,
+ (long)strlen((char *)cbc_data), 2,
+ (des_cblock *)cbc_iv);
+ if (cs != 0x70d7a63aL) {
+ printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
+ (unsigned long)cs);
+ err = 1;
+ }
+# ifdef _CRAY
+ if (lqret[0].a != 0x327eba8dL) {
+ printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+ (unsigned long)lqret[0].a, 0x327eba8dUL);
+ err = 1;
+ }
+ if (lqret[0].b != 0x201a49ccL) {
+ printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+ (unsigned long)lqret[0].b, 0x201a49ccUL);
+ err = 1;
+ }
+ if (lqret[1].a != 0x70d7a63aL) {
+ printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+ (unsigned long)lqret[1].a, 0x70d7a63aUL);
+ err = 1;
+ }
+ if (lqret[1].b != 0x501c2c26L) {
+ printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+ (unsigned long)lqret[1].b, 0x501c2c26UL);
+ err = 1;
+ }
+# else
+ if (lqret[0] != 0x327eba8dL) {
+ printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+ (unsigned long)lqret[0], 0x327eba8dUL);
+ err = 1;
+ }
+ if (lqret[1] != 0x201a49ccL) {
+ printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+ (unsigned long)lqret[1], 0x201a49ccUL);
+ err = 1;
+ }
+ if (lqret[2] != 0x70d7a63aL) {
+ printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+ (unsigned long)lqret[2], 0x70d7a63aUL);
+ err = 1;
+ }
+ if (lqret[3] != 0x501c2c26L) {
+ printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+ (unsigned long)lqret[3], 0x501c2c26UL);
+ err = 1;
+ }
+# endif
+# endif
+
+ printf("input word alignment test");
+ for (i = 0; i < 4; i++) {
+ printf(" %d", i);
+ des_ncbc_encrypt(&(cbc_out[i]), cbc_in,
+ strlen((char *)cbc_data) + 1, ks,
+ &cbc_iv, DES_ENCRYPT);
+ }
+ printf("\noutput word alignment test");
+ for (i = 0; i < 4; i++) {
+ printf(" %d", i);
+ des_ncbc_encrypt(cbc_out, &(cbc_in[i]),
+ strlen((char *)cbc_data) + 1, ks,
+ &cbc_iv, DES_ENCRYPT);
+ }
+ printf("\n");
+ printf("fast crypt test ");
+ str = crypt("testing", "ef");
+ if (strcmp("efGnQx2725bI2", str) != 0) {
+ printf("fast crypt error, %s should be efGnQx2725bI2\n", str);
+ err = 1;
+ }
+ str = crypt("bca76;23", "yA");
+ if (strcmp("yA1Rp/1hZXIJk", str) != 0) {
+ printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n", str);
+ err = 1;
+ }
+# ifdef OPENSSL_SYS_NETWARE
+ if (err)
+ printf("ERROR: %d\n", err);
+# endif
+ printf("\n");
+ return (err);
+}
+
+static char *pt(unsigned char *p)
+{
+ static char bufs[10][20];
+ static int bnum = 0;
+ char *ret;
+ int i;
+ static char *f = "0123456789ABCDEF";
+
+ ret = &(bufs[bnum++][0]);
+ bnum %= 10;
+ for (i = 0; i < 8; i++) {
+ ret[i * 2] = f[(p[i] >> 4) & 0xf];
+ ret[i * 2 + 1] = f[p[i] & 0xf];
+ }
+ ret[16] = '\0';
+ return (ret);
+}
+
+# ifndef LIBDES_LIT
+
+static int cfb_test(int bits, unsigned char *cfb_cipher)
+{
+ des_key_schedule ks;
+ int i, err = 0;
+
+ DES_set_key_checked(&cfb_key, &ks);
+ memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+ des_cfb_encrypt(plain, cfb_buf1, bits, sizeof(plain), ks, &cfb_tmp,
+ DES_ENCRYPT);
+ if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) {
+ err = 1;
+ printf("cfb_encrypt encrypt error\n");
+ for (i = 0; i < 24; i += 8)
+ printf("%s\n", pt(&(cfb_buf1[i])));
+ }
+ memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+ des_cfb_encrypt(cfb_buf1, cfb_buf2, bits, sizeof(plain), ks, &cfb_tmp,
+ DES_DECRYPT);
+ if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) {
+ err = 1;
+ printf("cfb_encrypt decrypt error\n");
+ for (i = 0; i < 24; i += 8)
+ printf("%s\n", pt(&(cfb_buf1[i])));
+ }
+ return (err);
+}
+
+static int cfb64_test(unsigned char *cfb_cipher)
+{
+ des_key_schedule ks;
+ int err = 0, i, n;
+
+ DES_set_key_checked(&cfb_key, &ks);
+ memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+ n = 0;
+ des_cfb64_encrypt(plain, cfb_buf1, 12, ks, &cfb_tmp, &n, DES_ENCRYPT);
+ des_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), sizeof(plain) - 12, ks,
+ &cfb_tmp, &n, DES_ENCRYPT);
+ if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) {
+ err = 1;
+ printf("cfb_encrypt encrypt error\n");
+ for (i = 0; i < 24; i += 8)
+ printf("%s\n", pt(&(cfb_buf1[i])));
+ }
+ memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+ n = 0;
+ des_cfb64_encrypt(cfb_buf1, cfb_buf2, 17, ks, &cfb_tmp, &n, DES_DECRYPT);
+ des_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]),
+ sizeof(plain) - 17, ks, &cfb_tmp, &n, DES_DECRYPT);
+ if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) {
+ err = 1;
+ printf("cfb_encrypt decrypt error\n");
+ for (i = 0; i < 24; i += 8)
+ printf("%s\n", pt(&(cfb_buf2[i])));
+ }
+ return (err);
+}
+
+static int ede_cfb64_test(unsigned char *cfb_cipher)
+{
+ des_key_schedule ks;
+ int err = 0, i, n;
+
+ DES_set_key_checked(&cfb_key, &ks);
+ memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+ n = 0;
+ des_ede3_cfb64_encrypt(plain, cfb_buf1, 12, ks, ks, ks, &cfb_tmp, &n,
+ DES_ENCRYPT);
+ des_ede3_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]),
+ sizeof(plain) - 12, ks, ks, ks,
+ &cfb_tmp, &n, DES_ENCRYPT);
+ if (memcmp(cfb_cipher, cfb_buf1, sizeof(plain)) != 0) {
+ err = 1;
+ printf("ede_cfb_encrypt encrypt error\n");
+ for (i = 0; i < 24; i += 8)
+ printf("%s\n", pt(&(cfb_buf1[i])));
+ }
+ memcpy(cfb_tmp, cfb_iv, sizeof(cfb_iv));
+ n = 0;
+ des_ede3_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, ks, ks, ks,
+ &cfb_tmp, &n, DES_DECRYPT);
+ des_ede3_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]),
+ sizeof(plain) - 17, ks, ks, ks,
+ &cfb_tmp, &n, DES_DECRYPT);
+ if (memcmp(plain, cfb_buf2, sizeof(plain)) != 0) {
+ err = 1;
+ printf("ede_cfb_encrypt decrypt error\n");
+ for (i = 0; i < 24; i += 8)
+ printf("%s\n", pt(&(cfb_buf2[i])));
+ }
+ return (err);
+}
+
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/ecb3_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/ecb3_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ecb3_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,83 +0,0 @@
-/* crypto/des/ecb3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3,
- int enc)
- {
- register DES_LONG l0,l1;
- DES_LONG ll[2];
- const unsigned char *in = &(*input)[0];
- unsigned char *out = &(*output)[0];
-
- c2l(in,l0);
- c2l(in,l1);
- ll[0]=l0;
- ll[1]=l1;
- if (enc)
- DES_encrypt3(ll,ks1,ks2,ks3);
- else
- DES_decrypt3(ll,ks1,ks2,ks3);
- l0=ll[0];
- l1=ll[1];
- l2c(l0,out);
- l2c(l1,out);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/ecb3_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/ecb3_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/ecb3_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ecb3_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,82 @@
+/* crypto/des/ecb3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+ DES_key_schedule *ks1, DES_key_schedule *ks2,
+ DES_key_schedule *ks3, int enc)
+{
+ register DES_LONG l0, l1;
+ DES_LONG ll[2];
+ const unsigned char *in = &(*input)[0];
+ unsigned char *out = &(*output)[0];
+
+ c2l(in, l0);
+ c2l(in, l1);
+ ll[0] = l0;
+ ll[1] = l1;
+ if (enc)
+ DES_encrypt3(ll, ks1, ks2, ks3);
+ else
+ DES_decrypt3(ll, ks1, ks2, ks3);
+ l0 = ll[0];
+ l1 = ll[1];
+ l2c(l0, out);
+ l2c(l1, out);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/ecb_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/ecb_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ecb_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,76 +0,0 @@
-/* crypto/des/ecb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include "spr.h"
-
-void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks, int enc)
- {
- register DES_LONG l;
- DES_LONG ll[2];
- const unsigned char *in = &(*input)[0];
- unsigned char *out = &(*output)[0];
-
- c2l(in,l); ll[0]=l;
- c2l(in,l); ll[1]=l;
- DES_encrypt1(ll,ks,enc);
- l=ll[0]; l2c(l,out);
- l=ll[1]; l2c(l,out);
- l=ll[0]=ll[1]=0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/ecb_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/ecb_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/ecb_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ecb_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,80 @@
+/* crypto/des/ecb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+#include "spr.h"
+
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+ DES_key_schedule *ks, int enc)
+{
+ register DES_LONG l;
+ DES_LONG ll[2];
+ const unsigned char *in = &(*input)[0];
+ unsigned char *out = &(*output)[0];
+
+ c2l(in, l);
+ ll[0] = l;
+ c2l(in, l);
+ ll[1] = l;
+ DES_encrypt1(ll, ks, enc);
+ l = ll[0];
+ l2c(l, out);
+ l = ll[1];
+ l2c(l, out);
+ l = ll[0] = ll[1] = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/ede_cbcm_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/ede_cbcm_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ede_cbcm_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,199 +0,0 @@
-/* ede_cbcm_enc.c */
-/* Written by Ben Laurie <ben at algroup.co.uk> for the OpenSSL
- * project 13 Feb 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
-
-This is an implementation of Triple DES Cipher Block Chaining with Output
-Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
-
-Note that there is a known attack on this by Biham and Knudsen but it takes
-a lot of work:
-
-http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
-
-*/
-
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_DESCBCM is defined */
-
-#ifndef OPENSSL_NO_DESCBCM
-#include "des_locl.h"
-
-void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
- int enc)
- {
- register DES_LONG tin0,tin1;
- register DES_LONG tout0,tout1,xor0,xor1,m0,m1;
- register long l=length;
- DES_LONG tin[2];
- unsigned char *iv1,*iv2;
-
- iv1 = &(*ivec1)[0];
- iv2 = &(*ivec2)[0];
-
- if (enc)
- {
- c2l(iv1,m0);
- c2l(iv1,m1);
- c2l(iv2,tout0);
- c2l(iv2,tout1);
- for (l-=8; l>=-7; l-=8)
- {
- tin[0]=m0;
- tin[1]=m1;
- DES_encrypt1(tin,ks3,1);
- m0=tin[0];
- m1=tin[1];
-
- if(l < 0)
- {
- c2ln(in,tin0,tin1,l+8);
- }
- else
- {
- c2l(in,tin0);
- c2l(in,tin1);
- }
- tin0^=tout0;
- tin1^=tout1;
-
- tin[0]=tin0;
- tin[1]=tin1;
- DES_encrypt1(tin,ks1,1);
- tin[0]^=m0;
- tin[1]^=m1;
- DES_encrypt1(tin,ks2,0);
- tin[0]^=m0;
- tin[1]^=m1;
- DES_encrypt1(tin,ks1,1);
- tout0=tin[0];
- tout1=tin[1];
-
- l2c(tout0,out);
- l2c(tout1,out);
- }
- iv1=&(*ivec1)[0];
- l2c(m0,iv1);
- l2c(m1,iv1);
-
- iv2=&(*ivec2)[0];
- l2c(tout0,iv2);
- l2c(tout1,iv2);
- }
- else
- {
- register DES_LONG t0,t1;
-
- c2l(iv1,m0);
- c2l(iv1,m1);
- c2l(iv2,xor0);
- c2l(iv2,xor1);
- for (l-=8; l>=-7; l-=8)
- {
- tin[0]=m0;
- tin[1]=m1;
- DES_encrypt1(tin,ks3,1);
- m0=tin[0];
- m1=tin[1];
-
- c2l(in,tin0);
- c2l(in,tin1);
-
- t0=tin0;
- t1=tin1;
-
- tin[0]=tin0;
- tin[1]=tin1;
- DES_encrypt1(tin,ks1,0);
- tin[0]^=m0;
- tin[1]^=m1;
- DES_encrypt1(tin,ks2,1);
- tin[0]^=m0;
- tin[1]^=m1;
- DES_encrypt1(tin,ks1,0);
- tout0=tin[0];
- tout1=tin[1];
-
- tout0^=xor0;
- tout1^=xor1;
- if(l < 0)
- {
- l2cn(tout0,tout1,out,l+8);
- }
- else
- {
- l2c(tout0,out);
- l2c(tout1,out);
- }
- xor0=t0;
- xor1=t1;
- }
-
- iv1=&(*ivec1)[0];
- l2c(m0,iv1);
- l2c(m1,iv1);
-
- iv2=&(*ivec2)[0];
- l2c(xor0,iv2);
- l2c(xor1,iv2);
- }
- tin0=tin1=tout0=tout1=xor0=xor1=0;
- tin[0]=tin[1]=0;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/ede_cbcm_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/ede_cbcm_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/ede_cbcm_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ede_cbcm_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,189 @@
+/* ede_cbcm_enc.c */
+/*
+ * Written by Ben Laurie <ben at algroup.co.uk> for the OpenSSL project 13 Feb
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ *
+ * This is an implementation of Triple DES Cipher Block Chaining with Output
+ * Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
+ *
+ * Note that there is a known attack on this by Biham and Knudsen but it
+ * takes a lot of work:
+ *
+ * http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
+ *
+ */
+
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_DESCBCM is defined */
+
+#ifndef OPENSSL_NO_DESCBCM
+# include "des_locl.h"
+
+void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *ks1,
+ DES_key_schedule *ks2, DES_key_schedule *ks3,
+ DES_cblock *ivec1, DES_cblock *ivec2, int enc)
+{
+ register DES_LONG tin0, tin1;
+ register DES_LONG tout0, tout1, xor0, xor1, m0, m1;
+ register long l = length;
+ DES_LONG tin[2];
+ unsigned char *iv1, *iv2;
+
+ iv1 = &(*ivec1)[0];
+ iv2 = &(*ivec2)[0];
+
+ if (enc) {
+ c2l(iv1, m0);
+ c2l(iv1, m1);
+ c2l(iv2, tout0);
+ c2l(iv2, tout1);
+ for (l -= 8; l >= -7; l -= 8) {
+ tin[0] = m0;
+ tin[1] = m1;
+ DES_encrypt1(tin, ks3, 1);
+ m0 = tin[0];
+ m1 = tin[1];
+
+ if (l < 0) {
+ c2ln(in, tin0, tin1, l + 8);
+ } else {
+ c2l(in, tin0);
+ c2l(in, tin1);
+ }
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+
+ tin[0] = tin0;
+ tin[1] = tin1;
+ DES_encrypt1(tin, ks1, 1);
+ tin[0] ^= m0;
+ tin[1] ^= m1;
+ DES_encrypt1(tin, ks2, 0);
+ tin[0] ^= m0;
+ tin[1] ^= m1;
+ DES_encrypt1(tin, ks1, 1);
+ tout0 = tin[0];
+ tout1 = tin[1];
+
+ l2c(tout0, out);
+ l2c(tout1, out);
+ }
+ iv1 = &(*ivec1)[0];
+ l2c(m0, iv1);
+ l2c(m1, iv1);
+
+ iv2 = &(*ivec2)[0];
+ l2c(tout0, iv2);
+ l2c(tout1, iv2);
+ } else {
+ register DES_LONG t0, t1;
+
+ c2l(iv1, m0);
+ c2l(iv1, m1);
+ c2l(iv2, xor0);
+ c2l(iv2, xor1);
+ for (l -= 8; l >= -7; l -= 8) {
+ tin[0] = m0;
+ tin[1] = m1;
+ DES_encrypt1(tin, ks3, 1);
+ m0 = tin[0];
+ m1 = tin[1];
+
+ c2l(in, tin0);
+ c2l(in, tin1);
+
+ t0 = tin0;
+ t1 = tin1;
+
+ tin[0] = tin0;
+ tin[1] = tin1;
+ DES_encrypt1(tin, ks1, 0);
+ tin[0] ^= m0;
+ tin[1] ^= m1;
+ DES_encrypt1(tin, ks2, 1);
+ tin[0] ^= m0;
+ tin[1] ^= m1;
+ DES_encrypt1(tin, ks1, 0);
+ tout0 = tin[0];
+ tout1 = tin[1];
+
+ tout0 ^= xor0;
+ tout1 ^= xor1;
+ if (l < 0) {
+ l2cn(tout0, tout1, out, l + 8);
+ } else {
+ l2c(tout0, out);
+ l2c(tout1, out);
+ }
+ xor0 = t0;
+ xor1 = t1;
+ }
+
+ iv1 = &(*ivec1)[0];
+ l2c(m0, iv1);
+ l2c(m1, iv1);
+
+ iv2 = &(*ivec2)[0];
+ l2c(xor0, iv2);
+ l2c(xor1, iv2);
+ }
+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+ tin[0] = tin[1] = 0;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/enc_read.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/enc_read.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/enc_read.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,232 +0,0 @@
-/* crypto/des/enc_read.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include "des_locl.h"
-
-/* This has some uglies in it but it works - even over sockets. */
-/*extern int errno;*/
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE;
-
-
-/*
- * WARNINGS:
- *
- * - The data format used by DES_enc_write() and DES_enc_read()
- * has a cryptographic weakness: When asked to write more
- * than MAXWRITE bytes, DES_enc_write will split the data
- * into several chunks that are all encrypted
- * using the same IV. So don't use these functions unless you
- * are sure you know what you do (in which case you might
- * not want to use them anyway).
- *
- * - This code cannot handle non-blocking sockets.
- *
- * - This function uses an internal state and thus cannot be
- * used on multiple files.
- */
-
-
-int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
- DES_cblock *iv)
- {
- /* data to be unencrypted */
- int net_num=0;
- static unsigned char *net=NULL;
- /* extra unencrypted data
- * for when a block of 100 comes in but is des_read one byte at
- * a time. */
- static unsigned char *unnet=NULL;
- static int unnet_start=0;
- static int unnet_left=0;
- static unsigned char *tmpbuf=NULL;
- int i;
- long num=0,rnum;
- unsigned char *p;
-
- if (tmpbuf == NULL)
- {
- tmpbuf=OPENSSL_malloc(BSIZE);
- if (tmpbuf == NULL) return(-1);
- }
- if (net == NULL)
- {
- net=OPENSSL_malloc(BSIZE);
- if (net == NULL) return(-1);
- }
- if (unnet == NULL)
- {
- unnet=OPENSSL_malloc(BSIZE);
- if (unnet == NULL) return(-1);
- }
- /* left over data from last decrypt */
- if (unnet_left != 0)
- {
- if (unnet_left < len)
- {
- /* we still still need more data but will return
- * with the number of bytes we have - should always
- * check the return value */
- memcpy(buf,&(unnet[unnet_start]),
- unnet_left);
- /* eay 26/08/92 I had the next 2 lines
- * reversed :-( */
- i=unnet_left;
- unnet_start=unnet_left=0;
- }
- else
- {
- memcpy(buf,&(unnet[unnet_start]),len);
- unnet_start+=len;
- unnet_left-=len;
- i=len;
- }
- return(i);
- }
-
- /* We need to get more data. */
- if (len > MAXWRITE) len=MAXWRITE;
-
- /* first - get the length */
- while (net_num < HDRSIZE)
- {
-#ifndef _WIN32
- i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
-#else
- i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
-#endif
-#ifdef EINTR
- if ((i == -1) && (errno == EINTR)) continue;
-#endif
- if (i <= 0) return(0);
- net_num+=i;
- }
-
- /* we now have at net_num bytes in net */
- p=net;
- /* num=0; */
- n2l(p,num);
- /* num should be rounded up to the next group of eight
- * we make sure that we have read a multiple of 8 bytes from the net.
- */
- if ((num > MAXWRITE) || (num < 0)) /* error */
- return(-1);
- rnum=(num < 8)?8:((num+7)/8*8);
-
- net_num=0;
- while (net_num < rnum)
- {
- i=read(fd,(void *)&(net[net_num]),rnum-net_num);
-#ifdef EINTR
- if ((i == -1) && (errno == EINTR)) continue;
-#endif
- if (i <= 0) return(0);
- net_num+=i;
- }
-
- /* Check if there will be data left over. */
- if (len < num)
- {
- if (DES_rw_mode & DES_PCBC_MODE)
- DES_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
- else
- DES_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
- memcpy(buf,unnet,len);
- unnet_start=len;
- unnet_left=num-len;
-
- /* The following line is done because we return num
- * as the number of bytes read. */
- num=len;
- }
- else
- {
- /* >output is a multiple of 8 byes, if len < rnum
- * >we must be careful. The user must be aware that this
- * >routine will write more bytes than he asked for.
- * >The length of the buffer must be correct.
- * FIXED - Should be ok now 18-9-90 - eay */
- if (len < rnum)
- {
-
- if (DES_rw_mode & DES_PCBC_MODE)
- DES_pcbc_encrypt(net,tmpbuf,num,sched,iv,
- DES_DECRYPT);
- else
- DES_cbc_encrypt(net,tmpbuf,num,sched,iv,
- DES_DECRYPT);
-
- /* eay 26/08/92 fix a bug that returned more
- * bytes than you asked for (returned len bytes :-( */
- memcpy(buf,tmpbuf,num);
- }
- else
- {
- if (DES_rw_mode & DES_PCBC_MODE)
- DES_pcbc_encrypt(net,buf,num,sched,iv,
- DES_DECRYPT);
- else
- DES_cbc_encrypt(net,buf,num,sched,iv,
- DES_DECRYPT);
- }
- }
- return num;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/enc_read.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/enc_read.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/enc_read.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/enc_read.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,228 @@
+/* crypto/des/enc_read.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include "des_locl.h"
+
+/* This has some uglies in it but it works - even over sockets. */
+/*
+ * extern int errno;
+ */
+OPENSSL_IMPLEMENT_GLOBAL(int, DES_rw_mode) = DES_PCBC_MODE;
+
+/*-
+ * WARNINGS:
+ *
+ * - The data format used by DES_enc_write() and DES_enc_read()
+ * has a cryptographic weakness: When asked to write more
+ * than MAXWRITE bytes, DES_enc_write will split the data
+ * into several chunks that are all encrypted
+ * using the same IV. So don't use these functions unless you
+ * are sure you know what you do (in which case you might
+ * not want to use them anyway).
+ *
+ * - This code cannot handle non-blocking sockets.
+ *
+ * - This function uses an internal state and thus cannot be
+ * used on multiple files.
+ */
+
+int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
+ DES_cblock *iv)
+{
+ /* data to be unencrypted */
+ int net_num = 0;
+ static unsigned char *net = NULL;
+ /*
+ * extra unencrypted data for when a block of 100 comes in but is
+ * des_read one byte at a time.
+ */
+ static unsigned char *unnet = NULL;
+ static int unnet_start = 0;
+ static int unnet_left = 0;
+ static unsigned char *tmpbuf = NULL;
+ int i;
+ long num = 0, rnum;
+ unsigned char *p;
+
+ if (tmpbuf == NULL) {
+ tmpbuf = OPENSSL_malloc(BSIZE);
+ if (tmpbuf == NULL)
+ return (-1);
+ }
+ if (net == NULL) {
+ net = OPENSSL_malloc(BSIZE);
+ if (net == NULL)
+ return (-1);
+ }
+ if (unnet == NULL) {
+ unnet = OPENSSL_malloc(BSIZE);
+ if (unnet == NULL)
+ return (-1);
+ }
+ /* left over data from last decrypt */
+ if (unnet_left != 0) {
+ if (unnet_left < len) {
+ /*
+ * we still still need more data but will return with the number
+ * of bytes we have - should always check the return value
+ */
+ memcpy(buf, &(unnet[unnet_start]), unnet_left);
+ /*
+ * eay 26/08/92 I had the next 2 lines reversed :-(
+ */
+ i = unnet_left;
+ unnet_start = unnet_left = 0;
+ } else {
+ memcpy(buf, &(unnet[unnet_start]), len);
+ unnet_start += len;
+ unnet_left -= len;
+ i = len;
+ }
+ return (i);
+ }
+
+ /* We need to get more data. */
+ if (len > MAXWRITE)
+ len = MAXWRITE;
+
+ /* first - get the length */
+ while (net_num < HDRSIZE) {
+#ifndef _WIN32
+ i = read(fd, (void *)&(net[net_num]), HDRSIZE - net_num);
+#else
+ i = _read(fd, (void *)&(net[net_num]), HDRSIZE - net_num);
+#endif
+#ifdef EINTR
+ if ((i == -1) && (errno == EINTR))
+ continue;
+#endif
+ if (i <= 0)
+ return (0);
+ net_num += i;
+ }
+
+ /* we now have at net_num bytes in net */
+ p = net;
+ /* num=0; */
+ n2l(p, num);
+ /*
+ * num should be rounded up to the next group of eight we make sure that
+ * we have read a multiple of 8 bytes from the net.
+ */
+ if ((num > MAXWRITE) || (num < 0)) /* error */
+ return (-1);
+ rnum = (num < 8) ? 8 : ((num + 7) / 8 * 8);
+
+ net_num = 0;
+ while (net_num < rnum) {
+ i = read(fd, (void *)&(net[net_num]), rnum - net_num);
+#ifdef EINTR
+ if ((i == -1) && (errno == EINTR))
+ continue;
+#endif
+ if (i <= 0)
+ return (0);
+ net_num += i;
+ }
+
+ /* Check if there will be data left over. */
+ if (len < num) {
+ if (DES_rw_mode & DES_PCBC_MODE)
+ DES_pcbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT);
+ else
+ DES_cbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT);
+ memcpy(buf, unnet, len);
+ unnet_start = len;
+ unnet_left = num - len;
+
+ /*
+ * The following line is done because we return num as the number of
+ * bytes read.
+ */
+ num = len;
+ } else {
+ /*-
+ * >output is a multiple of 8 byes, if len < rnum
+ * >we must be careful. The user must be aware that this
+ * >routine will write more bytes than he asked for.
+ * >The length of the buffer must be correct.
+ * FIXED - Should be ok now 18-9-90 - eay */
+ if (len < rnum) {
+
+ if (DES_rw_mode & DES_PCBC_MODE)
+ DES_pcbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT);
+ else
+ DES_cbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT);
+
+ /*
+ * eay 26/08/92 fix a bug that returned more bytes than you asked
+ * for (returned len bytes :-(
+ */
+ memcpy(buf, tmpbuf, num);
+ } else {
+ if (DES_rw_mode & DES_PCBC_MODE)
+ DES_pcbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT);
+ else
+ DES_cbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT);
+ }
+ }
+ return num;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/enc_writ.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/enc_writ.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/enc_writ.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,175 +0,0 @@
-/* crypto/des/enc_writ.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <errno.h>
-#include <time.h>
-#include <stdio.h>
-#include "cryptlib.h"
-#include "des_locl.h"
-#include <openssl/rand.h>
-
-/*
- * WARNINGS:
- *
- * - The data format used by DES_enc_write() and DES_enc_read()
- * has a cryptographic weakness: When asked to write more
- * than MAXWRITE bytes, DES_enc_write will split the data
- * into several chunks that are all encrypted
- * using the same IV. So don't use these functions unless you
- * are sure you know what you do (in which case you might
- * not want to use them anyway).
- *
- * - This code cannot handle non-blocking sockets.
- */
-
-int DES_enc_write(int fd, const void *_buf, int len,
- DES_key_schedule *sched, DES_cblock *iv)
- {
-#ifdef _LIBC
- extern unsigned long time();
- extern int write();
-#endif
- const unsigned char *buf=_buf;
- long rnum;
- int i,j,k,outnum;
- static unsigned char *outbuf=NULL;
- unsigned char shortbuf[8];
- unsigned char *p;
- const unsigned char *cp;
- static int start=1;
-
- if (outbuf == NULL)
- {
- outbuf=OPENSSL_malloc(BSIZE+HDRSIZE);
- if (outbuf == NULL) return(-1);
- }
- /* If we are sending less than 8 bytes, the same char will look
- * the same if we don't pad it out with random bytes */
- if (start)
- {
- start=0;
- }
-
- /* lets recurse if we want to send the data in small chunks */
- if (len > MAXWRITE)
- {
- j=0;
- for (i=0; i<len; i+=k)
- {
- k=DES_enc_write(fd,&(buf[i]),
- ((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
- if (k < 0)
- return(k);
- else
- j+=k;
- }
- return(j);
- }
-
- /* write length first */
- p=outbuf;
- l2n(len,p);
-
- /* pad short strings */
- if (len < 8)
- {
- cp=shortbuf;
- memcpy(shortbuf,buf,len);
- RAND_pseudo_bytes(shortbuf+len, 8-len);
- rnum=8;
- }
- else
- {
- cp=buf;
- rnum=((len+7)/8*8); /* round up to nearest eight */
- }
-
- if (DES_rw_mode & DES_PCBC_MODE)
- DES_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
- DES_ENCRYPT);
- else
- DES_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
- DES_ENCRYPT);
-
- /* output */
- outnum=rnum+HDRSIZE;
-
- for (j=0; j<outnum; j+=i)
- {
- /* eay 26/08/92 I was not doing writing from where we
- * got up to. */
-#ifndef _WIN32
- i=write(fd,(void *)&(outbuf[j]),outnum-j);
-#else
- i=_write(fd,(void *)&(outbuf[j]),outnum-j);
-#endif
- if (i == -1)
- {
-#ifdef EINTR
- if (errno == EINTR)
- i=0;
- else
-#endif
- /* This is really a bad error - very bad
- * It will stuff-up both ends. */
- return(-1);
- }
- }
-
- return(len);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/enc_writ.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/enc_writ.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/enc_writ.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/enc_writ.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,173 @@
+/* crypto/des/enc_writ.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <errno.h>
+#include <time.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "des_locl.h"
+#include <openssl/rand.h>
+
+/*-
+ * WARNINGS:
+ *
+ * - The data format used by DES_enc_write() and DES_enc_read()
+ * has a cryptographic weakness: When asked to write more
+ * than MAXWRITE bytes, DES_enc_write will split the data
+ * into several chunks that are all encrypted
+ * using the same IV. So don't use these functions unless you
+ * are sure you know what you do (in which case you might
+ * not want to use them anyway).
+ *
+ * - This code cannot handle non-blocking sockets.
+ */
+
+int DES_enc_write(int fd, const void *_buf, int len,
+ DES_key_schedule *sched, DES_cblock *iv)
+{
+#ifdef _LIBC
+ extern unsigned long time();
+ extern int write();
+#endif
+ const unsigned char *buf = _buf;
+ long rnum;
+ int i, j, k, outnum;
+ static unsigned char *outbuf = NULL;
+ unsigned char shortbuf[8];
+ unsigned char *p;
+ const unsigned char *cp;
+ static int start = 1;
+
+ if (outbuf == NULL) {
+ outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
+ if (outbuf == NULL)
+ return (-1);
+ }
+ /*
+ * If we are sending less than 8 bytes, the same char will look the same
+ * if we don't pad it out with random bytes
+ */
+ if (start) {
+ start = 0;
+ }
+
+ /* lets recurse if we want to send the data in small chunks */
+ if (len > MAXWRITE) {
+ j = 0;
+ for (i = 0; i < len; i += k) {
+ k = DES_enc_write(fd, &(buf[i]),
+ ((len - i) > MAXWRITE) ? MAXWRITE : (len - i),
+ sched, iv);
+ if (k < 0)
+ return (k);
+ else
+ j += k;
+ }
+ return (j);
+ }
+
+ /* write length first */
+ p = outbuf;
+ l2n(len, p);
+
+ /* pad short strings */
+ if (len < 8) {
+ cp = shortbuf;
+ memcpy(shortbuf, buf, len);
+ RAND_pseudo_bytes(shortbuf + len, 8 - len);
+ rnum = 8;
+ } else {
+ cp = buf;
+ rnum = ((len + 7) / 8 * 8); /* round up to nearest eight */
+ }
+
+ if (DES_rw_mode & DES_PCBC_MODE)
+ DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched,
+ iv, DES_ENCRYPT);
+ else
+ DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched,
+ iv, DES_ENCRYPT);
+
+ /* output */
+ outnum = rnum + HDRSIZE;
+
+ for (j = 0; j < outnum; j += i) {
+ /*
+ * eay 26/08/92 I was not doing writing from where we got up to.
+ */
+#ifndef _WIN32
+ i = write(fd, (void *)&(outbuf[j]), outnum - j);
+#else
+ i = _write(fd, (void *)&(outbuf[j]), outnum - j);
+#endif
+ if (i == -1) {
+#ifdef EINTR
+ if (errno == EINTR)
+ i = 0;
+ else
+#endif
+ /*
+ * This is really a bad error - very bad It will stuff-up
+ * both ends.
+ */
+ return (-1);
+ }
+ }
+
+ return (len);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/fcrypt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,170 +0,0 @@
-/* NOCW */
-#include <stdio.h>
-#ifdef _OSD_POSIX
-#ifndef CHARSET_EBCDIC
-#define CHARSET_EBCDIC 1
-#endif
-#endif
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-/* This version of crypt has been developed from my MIT compatible
- * DES library.
- * Eric Young (eay at cryptsoft.com)
- */
-
-/* Modification by Jens Kupferschmidt (Cu)
- * I have included directive PARA for shared memory computers.
- * I have included a directive LONGCRYPT to using this routine to cipher
- * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
- * definition is the maximum of length of password and can changed. I have
- * defined 24.
- */
-
-#include "des_locl.h"
-
-/* Added more values to handle illegal salt values the way normal
- * crypt() implementations do. The patch was sent by
- * Bjorn Gronvall <bg at sics.se>
- */
-static unsigned const char con_salt[128]={
-0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9,
-0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1,
-0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9,
-0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1,
-0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9,
-0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01,
-0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
-0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
-0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
-0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
-0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
-0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
-0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
-0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
-0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
-0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44,
-};
-
-static unsigned const char cov_2char[64]={
-0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
-0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
-0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
-0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
-0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
-0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
-0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
-0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
-};
-
-char *DES_crypt(const char *buf, const char *salt)
- {
- static char buff[14];
-
-#ifndef CHARSET_EBCDIC
- return(DES_fcrypt(buf,salt,buff));
-#else
- char e_salt[2+1];
- char e_buf[32+1]; /* replace 32 by 8 ? */
- char *ret;
-
- /* Copy at most 2 chars of salt */
- if ((e_salt[0] = salt[0]) != '\0')
- e_salt[1] = salt[1];
-
- /* Copy at most 32 chars of password */
- strncpy (e_buf, buf, sizeof(e_buf));
-
- /* Make sure we have a delimiter */
- e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0';
-
- /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
- ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
-
- /* Convert the cleartext password to ASCII */
- ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
-
- /* Encrypt it (from/to ASCII) */
- ret = DES_fcrypt(e_buf,e_salt,buff);
-
- /* Convert the result back to EBCDIC */
- ascii2ebcdic(ret, ret, strlen(ret));
-
- return ret;
-#endif
- }
-
-
-char *DES_fcrypt(const char *buf, const char *salt, char *ret)
- {
- unsigned int i,j,x,y;
- DES_LONG Eswap0,Eswap1;
- DES_LONG out[2],ll;
- DES_cblock key;
- DES_key_schedule ks;
- unsigned char bb[9];
- unsigned char *b=bb;
- unsigned char c,u;
-
- /* eay 25/08/92
- * If you call crypt("pwd","*") as often happens when you
- * have * as the pwd field in /etc/passwd, the function
- * returns *\0XXXXXXXXX
- * The \0 makes the string look like * so the pwd "*" would
- * crypt to "*". This was found when replacing the crypt in
- * our shared libraries. People found that the disabled
- * accounts effectively had no passwd :-(. */
-#ifndef CHARSET_EBCDIC
- x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
- Eswap0=con_salt[x]<<2;
- x=ret[1]=((salt[1] == '\0')?'A':salt[1]);
- Eswap1=con_salt[x]<<6;
-#else
- x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]);
- Eswap0=con_salt[x]<<2;
- x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]);
- Eswap1=con_salt[x]<<6;
-#endif
-
-/* EAY
-r=strlen(buf);
-r=(r+7)/8;
-*/
- for (i=0; i<8; i++)
- {
- c= *(buf++);
- if (!c) break;
- key[i]=(c<<1);
- }
- for (; i<8; i++)
- key[i]=0;
-
- DES_set_key_unchecked(&key,&ks);
- fcrypt_body(&(out[0]),&ks,Eswap0,Eswap1);
-
- ll=out[0]; l2c(ll,b);
- ll=out[1]; l2c(ll,b);
- y=0;
- u=0x80;
- bb[8]=0;
- for (i=2; i<13; i++)
- {
- c=0;
- for (j=0; j<6; j++)
- {
- c<<=1;
- if (bb[y] & u) c|=1;
- u>>=1;
- if (!u)
- {
- y++;
- u=0x80;
- }
- }
- ret[i]=cov_2char[c];
- }
- ret[13]='\0';
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/fcrypt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,167 @@
+/* NOCW */
+#include <stdio.h>
+#ifdef _OSD_POSIX
+# ifndef CHARSET_EBCDIC
+# define CHARSET_EBCDIC 1
+# endif
+#endif
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+/*
+ * This version of crypt has been developed from my MIT compatible DES
+ * library. Eric Young (eay at cryptsoft.com)
+ */
+
+/*
+ * Modification by Jens Kupferschmidt (Cu) I have included directive PARA for
+ * shared memory computers. I have included a directive LONGCRYPT to using
+ * this routine to cipher passwords with more then 8 bytes like HP-UX 10.x it
+ * used. The MAXPLEN definition is the maximum of length of password and can
+ * changed. I have defined 24.
+ */
+
+#include "des_locl.h"
+
+/*
+ * Added more values to handle illegal salt values the way normal crypt()
+ * implementations do. The patch was sent by Bjorn Gronvall <bg at sics.se>
+ */
+static unsigned const char con_salt[128] = {
+ 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9,
+ 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1,
+ 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9,
+ 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1,
+ 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9,
+ 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01,
+ 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+ 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A,
+ 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12,
+ 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A,
+ 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
+ 0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C,
+ 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44,
+};
+
+static unsigned const char cov_2char[64] = {
+ 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+ 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
+ 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
+ 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
+ 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
+ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
+ 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
+ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
+};
+
+char *DES_crypt(const char *buf, const char *salt)
+{
+ static char buff[14];
+
+#ifndef CHARSET_EBCDIC
+ return (DES_fcrypt(buf, salt, buff));
+#else
+ char e_salt[2 + 1];
+ char e_buf[32 + 1]; /* replace 32 by 8 ? */
+ char *ret;
+
+ /* Copy at most 2 chars of salt */
+ if ((e_salt[0] = salt[0]) != '\0')
+ e_salt[1] = salt[1];
+
+ /* Copy at most 32 chars of password */
+ strncpy(e_buf, buf, sizeof(e_buf));
+
+ /* Make sure we have a delimiter */
+ e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0';
+
+ /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
+ ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
+
+ /* Convert the cleartext password to ASCII */
+ ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
+
+ /* Encrypt it (from/to ASCII) */
+ ret = DES_fcrypt(e_buf, e_salt, buff);
+
+ /* Convert the result back to EBCDIC */
+ ascii2ebcdic(ret, ret, strlen(ret));
+
+ return ret;
+#endif
+}
+
+char *DES_fcrypt(const char *buf, const char *salt, char *ret)
+{
+ unsigned int i, j, x, y;
+ DES_LONG Eswap0, Eswap1;
+ DES_LONG out[2], ll;
+ DES_cblock key;
+ DES_key_schedule ks;
+ unsigned char bb[9];
+ unsigned char *b = bb;
+ unsigned char c, u;
+
+ /*
+ * eay 25/08/92 If you call crypt("pwd","*") as often happens when you
+ * have * as the pwd field in /etc/passwd, the function returns
+ * *\0XXXXXXXXX The \0 makes the string look like * so the pwd "*" would
+ * crypt to "*". This was found when replacing the crypt in our shared
+ * libraries. People found that the disabled accounts effectively had no
+ * passwd :-(.
+ */
+#ifndef CHARSET_EBCDIC
+ x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]);
+ Eswap0 = con_salt[x] << 2;
+ x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]);
+ Eswap1 = con_salt[x] << 6;
+#else
+ x = ret[0] = ((salt[0] == '\0') ? os_toascii['A'] : salt[0]);
+ Eswap0 = con_salt[x] << 2;
+ x = ret[1] = ((salt[1] == '\0') ? os_toascii['A'] : salt[1]);
+ Eswap1 = con_salt[x] << 6;
+#endif
+
+ /*
+ * EAY r=strlen(buf); r=(r+7)/8;
+ */
+ for (i = 0; i < 8; i++) {
+ c = *(buf++);
+ if (!c)
+ break;
+ key[i] = (c << 1);
+ }
+ for (; i < 8; i++)
+ key[i] = 0;
+
+ DES_set_key_unchecked(&key, &ks);
+ fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1);
+
+ ll = out[0];
+ l2c(ll, b);
+ ll = out[1];
+ l2c(ll, b);
+ y = 0;
+ u = 0x80;
+ bb[8] = 0;
+ for (i = 2; i < 13; i++) {
+ c = 0;
+ for (j = 0; j < 6; j++) {
+ c <<= 1;
+ if (bb[y] & u)
+ c |= 1;
+ u >>= 1;
+ if (!u) {
+ y++;
+ u = 0x80;
+ }
+ }
+ ret[i] = cov_2char[c];
+ }
+ ret[13] = '\0';
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt_b.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/fcrypt_b.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt_b.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,145 +0,0 @@
-/* crypto/des/fcrypt_b.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-/* This version of crypt has been developed from my MIT compatible
- * DES library.
- * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
- * Eric Young (eay at cryptsoft.com)
- */
-
-#define DES_FCRYPT
-#include "des_locl.h"
-#undef DES_FCRYPT
-
-#undef PERM_OP
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
- (b)^=(t),\
- (a)^=((t)<<(n)))
-
-#undef HPERM_OP
-#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
- (a)=(a)^(t)^(t>>(16-(n))))\
-
-void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
- DES_LONG Eswap1)
- {
- register DES_LONG l,r,t,u;
-#ifdef DES_PTR
- register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
-#endif
- register DES_LONG *s;
- register int j;
- register DES_LONG E0,E1;
-
- l=0;
- r=0;
-
- s=(DES_LONG *)ks;
- E0=Eswap0;
- E1=Eswap1;
-
- for (j=0; j<25; j++)
- {
-#ifndef DES_UNROLL
- register int i;
-
- for (i=0; i<32; i+=8)
- {
- D_ENCRYPT(l,r,i+0); /* 1 */
- D_ENCRYPT(r,l,i+2); /* 2 */
- D_ENCRYPT(l,r,i+4); /* 1 */
- D_ENCRYPT(r,l,i+6); /* 2 */
- }
-#else
- D_ENCRYPT(l,r, 0); /* 1 */
- D_ENCRYPT(r,l, 2); /* 2 */
- D_ENCRYPT(l,r, 4); /* 3 */
- D_ENCRYPT(r,l, 6); /* 4 */
- D_ENCRYPT(l,r, 8); /* 5 */
- D_ENCRYPT(r,l,10); /* 6 */
- D_ENCRYPT(l,r,12); /* 7 */
- D_ENCRYPT(r,l,14); /* 8 */
- D_ENCRYPT(l,r,16); /* 9 */
- D_ENCRYPT(r,l,18); /* 10 */
- D_ENCRYPT(l,r,20); /* 11 */
- D_ENCRYPT(r,l,22); /* 12 */
- D_ENCRYPT(l,r,24); /* 13 */
- D_ENCRYPT(r,l,26); /* 14 */
- D_ENCRYPT(l,r,28); /* 15 */
- D_ENCRYPT(r,l,30); /* 16 */
-#endif
-
- t=l;
- l=r;
- r=t;
- }
- l=ROTATE(l,3)&0xffffffffL;
- r=ROTATE(r,3)&0xffffffffL;
-
- PERM_OP(l,r,t, 1,0x55555555L);
- PERM_OP(r,l,t, 8,0x00ff00ffL);
- PERM_OP(l,r,t, 2,0x33333333L);
- PERM_OP(r,l,t,16,0x0000ffffL);
- PERM_OP(l,r,t, 4,0x0f0f0f0fL);
-
- out[0]=r;
- out[1]=l;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt_b.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/fcrypt_b.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt_b.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/fcrypt_b.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,142 @@
+/* crypto/des/fcrypt_b.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+
+/*
+ * This version of crypt has been developed from my MIT compatible DES
+ * library. The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
+ * Eric Young (eay at cryptsoft.com)
+ */
+
+#define DES_FCRYPT
+#include "des_locl.h"
+#undef DES_FCRYPT
+
+#undef PERM_OP
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ (b)^=(t),\
+ (a)^=((t)<<(n)))
+
+#undef HPERM_OP
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+ (a)=(a)^(t)^(t>>(16-(n))))\
+
+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
+ DES_LONG Eswap1)
+{
+ register DES_LONG l, r, t, u;
+#ifdef DES_PTR
+ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans;
+#endif
+ register DES_LONG *s;
+ register int j;
+ register DES_LONG E0, E1;
+
+ l = 0;
+ r = 0;
+
+ s = (DES_LONG *)ks;
+ E0 = Eswap0;
+ E1 = Eswap1;
+
+ for (j = 0; j < 25; j++) {
+#ifndef DES_UNROLL
+ register int i;
+
+ for (i = 0; i < 32; i += 8) {
+ D_ENCRYPT(l, r, i + 0); /* 1 */
+ D_ENCRYPT(r, l, i + 2); /* 2 */
+ D_ENCRYPT(l, r, i + 4); /* 1 */
+ D_ENCRYPT(r, l, i + 6); /* 2 */
+ }
+#else
+ D_ENCRYPT(l, r, 0); /* 1 */
+ D_ENCRYPT(r, l, 2); /* 2 */
+ D_ENCRYPT(l, r, 4); /* 3 */
+ D_ENCRYPT(r, l, 6); /* 4 */
+ D_ENCRYPT(l, r, 8); /* 5 */
+ D_ENCRYPT(r, l, 10); /* 6 */
+ D_ENCRYPT(l, r, 12); /* 7 */
+ D_ENCRYPT(r, l, 14); /* 8 */
+ D_ENCRYPT(l, r, 16); /* 9 */
+ D_ENCRYPT(r, l, 18); /* 10 */
+ D_ENCRYPT(l, r, 20); /* 11 */
+ D_ENCRYPT(r, l, 22); /* 12 */
+ D_ENCRYPT(l, r, 24); /* 13 */
+ D_ENCRYPT(r, l, 26); /* 14 */
+ D_ENCRYPT(l, r, 28); /* 15 */
+ D_ENCRYPT(r, l, 30); /* 16 */
+#endif
+
+ t = l;
+ l = r;
+ r = t;
+ }
+ l = ROTATE(l, 3) & 0xffffffffL;
+ r = ROTATE(r, 3) & 0xffffffffL;
+
+ PERM_OP(l, r, t, 1, 0x55555555L);
+ PERM_OP(r, l, t, 8, 0x00ff00ffL);
+ PERM_OP(l, r, t, 2, 0x33333333L);
+ PERM_OP(r, l, t, 16, 0x0000ffffL);
+ PERM_OP(l, r, t, 4, 0x0f0f0f0fL);
+
+ out[0] = r;
+ out[1] = l;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/ncbc_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/ncbc_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ncbc_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,148 +0,0 @@
-/* crypto/des/ncbc_enc.c */
-/*
- * #included by:
- * cbc_enc.c (DES_cbc_encrypt)
- * des_enc.c (DES_ncbc_encrypt)
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-#ifdef CBC_ENC_C__DONT_UPDATE_IV
-void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
-#else
-void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
-#endif
- {
- register DES_LONG tin0,tin1;
- register DES_LONG tout0,tout1,xor0,xor1;
- register long l=length;
- DES_LONG tin[2];
- unsigned char *iv;
-
- iv = &(*ivec)[0];
-
- if (enc)
- {
- c2l(iv,tout0);
- c2l(iv,tout1);
- for (l-=8; l>=0; l-=8)
- {
- c2l(in,tin0);
- c2l(in,tin1);
- tin0^=tout0; tin[0]=tin0;
- tin1^=tout1; tin[1]=tin1;
- DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
- tout0=tin[0]; l2c(tout0,out);
- tout1=tin[1]; l2c(tout1,out);
- }
- if (l != -8)
- {
- c2ln(in,tin0,tin1,l+8);
- tin0^=tout0; tin[0]=tin0;
- tin1^=tout1; tin[1]=tin1;
- DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
- tout0=tin[0]; l2c(tout0,out);
- tout1=tin[1]; l2c(tout1,out);
- }
-#ifndef CBC_ENC_C__DONT_UPDATE_IV
- iv = &(*ivec)[0];
- l2c(tout0,iv);
- l2c(tout1,iv);
-#endif
- }
- else
- {
- c2l(iv,xor0);
- c2l(iv,xor1);
- for (l-=8; l>=0; l-=8)
- {
- c2l(in,tin0); tin[0]=tin0;
- c2l(in,tin1); tin[1]=tin1;
- DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2c(tout0,out);
- l2c(tout1,out);
- xor0=tin0;
- xor1=tin1;
- }
- if (l != -8)
- {
- c2l(in,tin0); tin[0]=tin0;
- c2l(in,tin1); tin[1]=tin1;
- DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2cn(tout0,tout1,out,l+8);
-#ifndef CBC_ENC_C__DONT_UPDATE_IV
- xor0=tin0;
- xor1=tin1;
-#endif
- }
-#ifndef CBC_ENC_C__DONT_UPDATE_IV
- iv = &(*ivec)[0];
- l2c(xor0,iv);
- l2c(xor1,iv);
-#endif
- }
- tin0=tin1=tout0=tout1=xor0=xor1=0;
- tin[0]=tin[1]=0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/ncbc_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/ncbc_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/ncbc_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ncbc_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,154 @@
+/* crypto/des/ncbc_enc.c */
+/*-
+ * #included by:
+ * cbc_enc.c (DES_cbc_encrypt)
+ * des_enc.c (DES_ncbc_encrypt)
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+#ifdef CBC_ENC_C__DONT_UPDATE_IV
+void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
+#else
+void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *_schedule,
+ DES_cblock *ivec, int enc)
+#endif
+{
+ register DES_LONG tin0, tin1;
+ register DES_LONG tout0, tout1, xor0, xor1;
+ register long l = length;
+ DES_LONG tin[2];
+ unsigned char *iv;
+
+ iv = &(*ivec)[0];
+
+ if (enc) {
+ c2l(iv, tout0);
+ c2l(iv, tout1);
+ for (l -= 8; l >= 0; l -= 8) {
+ c2l(in, tin0);
+ c2l(in, tin1);
+ tin0 ^= tout0;
+ tin[0] = tin0;
+ tin1 ^= tout1;
+ tin[1] = tin1;
+ DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
+ tout0 = tin[0];
+ l2c(tout0, out);
+ tout1 = tin[1];
+ l2c(tout1, out);
+ }
+ if (l != -8) {
+ c2ln(in, tin0, tin1, l + 8);
+ tin0 ^= tout0;
+ tin[0] = tin0;
+ tin1 ^= tout1;
+ tin[1] = tin1;
+ DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
+ tout0 = tin[0];
+ l2c(tout0, out);
+ tout1 = tin[1];
+ l2c(tout1, out);
+ }
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+ iv = &(*ivec)[0];
+ l2c(tout0, iv);
+ l2c(tout1, iv);
+#endif
+ } else {
+ c2l(iv, xor0);
+ c2l(iv, xor1);
+ for (l -= 8; l >= 0; l -= 8) {
+ c2l(in, tin0);
+ tin[0] = tin0;
+ c2l(in, tin1);
+ tin[1] = tin1;
+ DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2c(tout0, out);
+ l2c(tout1, out);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ if (l != -8) {
+ c2l(in, tin0);
+ tin[0] = tin0;
+ c2l(in, tin1);
+ tin[1] = tin1;
+ DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2cn(tout0, tout1, out, l + 8);
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+ xor0 = tin0;
+ xor1 = tin1;
+#endif
+ }
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+ iv = &(*ivec)[0];
+ l2c(xor0, iv);
+ l2c(xor1, iv);
+#endif
+ }
+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+ tin[0] = tin[1] = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64ede.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/ofb64ede.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64ede.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,125 +0,0 @@
-/* crypto/des/ofb64ede.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void DES_ede3_ofb64_encrypt(register const unsigned char *in,
- register unsigned char *out, long length,
- DES_key_schedule *k1, DES_key_schedule *k2,
- DES_key_schedule *k3, DES_cblock *ivec,
- int *num)
- {
- register DES_LONG v0,v1;
- register int n= *num;
- register long l=length;
- DES_cblock d;
- register char *dp;
- DES_LONG ti[2];
- unsigned char *iv;
- int save=0;
-
- iv = &(*ivec)[0];
- c2l(iv,v0);
- c2l(iv,v1);
- ti[0]=v0;
- ti[1]=v1;
- dp=(char *)d;
- l2c(v0,dp);
- l2c(v1,dp);
- while (l--)
- {
- if (n == 0)
- {
- /* ti[0]=v0; */
- /* ti[1]=v1; */
- DES_encrypt3(ti,k1,k2,k3);
- v0=ti[0];
- v1=ti[1];
-
- dp=(char *)d;
- l2c(v0,dp);
- l2c(v1,dp);
- save++;
- }
- *(out++)= *(in++)^d[n];
- n=(n+1)&0x07;
- }
- if (save)
- {
-/* v0=ti[0];
- v1=ti[1];*/
- iv = &(*ivec)[0];
- l2c(v0,iv);
- l2c(v1,iv);
- }
- v0=v1=ti[0]=ti[1]=0;
- *num=n;
- }
-
-#ifdef undef /* MACRO */
-void DES_ede2_ofb64_encrypt(register unsigned char *in,
- register unsigned char *out, long length, DES_key_schedule k1,
- DES_key_schedule k2, DES_cblock (*ivec), int *num)
- {
- DES_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64ede.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/ofb64ede.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64ede.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64ede.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,123 @@
+/* crypto/des/ofb64ede.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void DES_ede3_ofb64_encrypt(register const unsigned char *in,
+ register unsigned char *out, long length,
+ DES_key_schedule *k1, DES_key_schedule *k2,
+ DES_key_schedule *k3, DES_cblock *ivec, int *num)
+{
+ register DES_LONG v0, v1;
+ register int n = *num;
+ register long l = length;
+ DES_cblock d;
+ register char *dp;
+ DES_LONG ti[2];
+ unsigned char *iv;
+ int save = 0;
+
+ iv = &(*ivec)[0];
+ c2l(iv, v0);
+ c2l(iv, v1);
+ ti[0] = v0;
+ ti[1] = v1;
+ dp = (char *)d;
+ l2c(v0, dp);
+ l2c(v1, dp);
+ while (l--) {
+ if (n == 0) {
+ /* ti[0]=v0; */
+ /* ti[1]=v1; */
+ DES_encrypt3(ti, k1, k2, k3);
+ v0 = ti[0];
+ v1 = ti[1];
+
+ dp = (char *)d;
+ l2c(v0, dp);
+ l2c(v1, dp);
+ save++;
+ }
+ *(out++) = *(in++) ^ d[n];
+ n = (n + 1) & 0x07;
+ }
+ if (save) {
+/*- v0=ti[0];
+ v1=ti[1];*/
+ iv = &(*ivec)[0];
+ l2c(v0, iv);
+ l2c(v1, iv);
+ }
+ v0 = v1 = ti[0] = ti[1] = 0;
+ *num = n;
+}
+
+#ifdef undef /* MACRO */
+void DES_ede2_ofb64_encrypt(register unsigned char *in,
+ register unsigned char *out, long length,
+ DES_key_schedule k1, DES_key_schedule k2,
+ DES_cblock (*ivec), int *num)
+{
+ DES_ede3_ofb64_encrypt(in, out, length, k1, k2, k1, ivec, num);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/ofb64enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,110 +0,0 @@
-/* crypto/des/ofb64enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void DES_ofb64_encrypt(register const unsigned char *in,
- register unsigned char *out, long length,
- DES_key_schedule *schedule, DES_cblock *ivec, int *num)
- {
- register DES_LONG v0,v1,t;
- register int n= *num;
- register long l=length;
- DES_cblock d;
- register unsigned char *dp;
- DES_LONG ti[2];
- unsigned char *iv;
- int save=0;
-
- iv = &(*ivec)[0];
- c2l(iv,v0);
- c2l(iv,v1);
- ti[0]=v0;
- ti[1]=v1;
- dp=d;
- l2c(v0,dp);
- l2c(v1,dp);
- while (l--)
- {
- if (n == 0)
- {
- DES_encrypt1(ti,schedule,DES_ENCRYPT);
- dp=d;
- t=ti[0]; l2c(t,dp);
- t=ti[1]; l2c(t,dp);
- save++;
- }
- *(out++)= *(in++)^d[n];
- n=(n+1)&0x07;
- }
- if (save)
- {
- v0=ti[0];
- v1=ti[1];
- iv = &(*ivec)[0];
- l2c(v0,iv);
- l2c(v1,iv);
- }
- t=v0=v1=ti[0]=ti[1]=0;
- *num=n;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/ofb64enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ofb64enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,109 @@
+/* crypto/des/ofb64enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void DES_ofb64_encrypt(register const unsigned char *in,
+ register unsigned char *out, long length,
+ DES_key_schedule *schedule, DES_cblock *ivec, int *num)
+{
+ register DES_LONG v0, v1, t;
+ register int n = *num;
+ register long l = length;
+ DES_cblock d;
+ register unsigned char *dp;
+ DES_LONG ti[2];
+ unsigned char *iv;
+ int save = 0;
+
+ iv = &(*ivec)[0];
+ c2l(iv, v0);
+ c2l(iv, v1);
+ ti[0] = v0;
+ ti[1] = v1;
+ dp = d;
+ l2c(v0, dp);
+ l2c(v1, dp);
+ while (l--) {
+ if (n == 0) {
+ DES_encrypt1(ti, schedule, DES_ENCRYPT);
+ dp = d;
+ t = ti[0];
+ l2c(t, dp);
+ t = ti[1];
+ l2c(t, dp);
+ save++;
+ }
+ *(out++) = *(in++) ^ d[n];
+ n = (n + 1) & 0x07;
+ }
+ if (save) {
+ v0 = ti[0];
+ v1 = ti[1];
+ iv = &(*ivec)[0];
+ l2c(v0, iv);
+ l2c(v1, iv);
+ }
+ t = v0 = v1 = ti[0] = ti[1] = 0;
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/ofb_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/ofb_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ofb_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,135 +0,0 @@
-/* crypto/des/ofb_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* The input and output are loaded in multiples of 8 bits.
- * What this means is that if you hame numbits=12 and length=2
- * the first 12 bits will be retrieved from the first byte and half
- * the second. The second 12 bits will come from the 3rd and half the 4th
- * byte.
- */
-void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec)
- {
- register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
- register DES_LONG mask0,mask1;
- register long l=length;
- register int num=numbits;
- DES_LONG ti[2];
- unsigned char *iv;
-
- if (num > 64) return;
- if (num > 32)
- {
- mask0=0xffffffffL;
- if (num >= 64)
- mask1=mask0;
- else
- mask1=(1L<<(num-32))-1;
- }
- else
- {
- if (num == 32)
- mask0=0xffffffffL;
- else
- mask0=(1L<<num)-1;
- mask1=0x00000000L;
- }
-
- iv = &(*ivec)[0];
- c2l(iv,v0);
- c2l(iv,v1);
- ti[0]=v0;
- ti[1]=v1;
- while (l-- > 0)
- {
- ti[0]=v0;
- ti[1]=v1;
- DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
- vv0=ti[0];
- vv1=ti[1];
- c2ln(in,d0,d1,n);
- in+=n;
- d0=(d0^vv0)&mask0;
- d1=(d1^vv1)&mask1;
- l2cn(d0,d1,out,n);
- out+=n;
-
- if (num == 32)
- { v0=v1; v1=vv0; }
- else if (num == 64)
- { v0=vv0; v1=vv1; }
- else if (num > 32) /* && num != 64 */
- {
- v0=((v1>>(num-32))|(vv0<<(64-num)))&0xffffffffL;
- v1=((vv0>>(num-32))|(vv1<<(64-num)))&0xffffffffL;
- }
- else /* num < 32 */
- {
- v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
- v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL;
- }
- }
- iv = &(*ivec)[0];
- l2c(v0,iv);
- l2c(v1,iv);
- v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/ofb_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/ofb_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/ofb_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/ofb_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,131 @@
+/* crypto/des/ofb_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/*
+ * The input and output are loaded in multiples of 8 bits. What this means is
+ * that if you hame numbits=12 and length=2 the first 12 bits will be
+ * retrieved from the first byte and half the second. The second 12 bits
+ * will come from the 3rd and half the 4th byte.
+ */
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec)
+{
+ register DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7) / 8;
+ register DES_LONG mask0, mask1;
+ register long l = length;
+ register int num = numbits;
+ DES_LONG ti[2];
+ unsigned char *iv;
+
+ if (num > 64)
+ return;
+ if (num > 32) {
+ mask0 = 0xffffffffL;
+ if (num >= 64)
+ mask1 = mask0;
+ else
+ mask1 = (1L << (num - 32)) - 1;
+ } else {
+ if (num == 32)
+ mask0 = 0xffffffffL;
+ else
+ mask0 = (1L << num) - 1;
+ mask1 = 0x00000000L;
+ }
+
+ iv = &(*ivec)[0];
+ c2l(iv, v0);
+ c2l(iv, v1);
+ ti[0] = v0;
+ ti[1] = v1;
+ while (l-- > 0) {
+ ti[0] = v0;
+ ti[1] = v1;
+ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+ vv0 = ti[0];
+ vv1 = ti[1];
+ c2ln(in, d0, d1, n);
+ in += n;
+ d0 = (d0 ^ vv0) & mask0;
+ d1 = (d1 ^ vv1) & mask1;
+ l2cn(d0, d1, out, n);
+ out += n;
+
+ if (num == 32) {
+ v0 = v1;
+ v1 = vv0;
+ } else if (num == 64) {
+ v0 = vv0;
+ v1 = vv1;
+ } else if (num > 32) { /* && num != 64 */
+ v0 = ((v1 >> (num - 32)) | (vv0 << (64 - num))) & 0xffffffffL;
+ v1 = ((vv0 >> (num - 32)) | (vv1 << (64 - num))) & 0xffffffffL;
+ } else { /* num < 32 */
+
+ v0 = ((v0 >> num) | (v1 << (32 - num))) & 0xffffffffL;
+ v1 = ((v1 >> num) | (vv0 << (32 - num))) & 0xffffffffL;
+ }
+ }
+ iv = &(*ivec)[0];
+ l2c(v0, iv);
+ l2c(v1, iv);
+ v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/pcbc_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/pcbc_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/pcbc_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,123 +0,0 @@
-/* crypto/des/pcbc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec, int enc)
- {
- register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
- DES_LONG tin[2];
- const unsigned char *in;
- unsigned char *out,*iv;
-
- in=input;
- out=output;
- iv = &(*ivec)[0];
-
- if (enc)
- {
- c2l(iv,xor0);
- c2l(iv,xor1);
- for (; length>0; length-=8)
- {
- if (length >= 8)
- {
- c2l(in,sin0);
- c2l(in,sin1);
- }
- else
- c2ln(in,sin0,sin1,length);
- tin[0]=sin0^xor0;
- tin[1]=sin1^xor1;
- DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
- tout0=tin[0];
- tout1=tin[1];
- xor0=sin0^tout0;
- xor1=sin1^tout1;
- l2c(tout0,out);
- l2c(tout1,out);
- }
- }
- else
- {
- c2l(iv,xor0); c2l(iv,xor1);
- for (; length>0; length-=8)
- {
- c2l(in,sin0);
- c2l(in,sin1);
- tin[0]=sin0;
- tin[1]=sin1;
- DES_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- if (length >= 8)
- {
- l2c(tout0,out);
- l2c(tout1,out);
- }
- else
- l2cn(tout0,tout1,out,length);
- xor0=tout0^sin0;
- xor1=tout1^sin1;
- }
- }
- tin[0]=tin[1]=0;
- sin0=sin1=xor0=xor1=tout0=tout1=0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/pcbc_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/pcbc_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/pcbc_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/pcbc_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,115 @@
+/* crypto/des/pcbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, int enc)
+{
+ register DES_LONG sin0, sin1, xor0, xor1, tout0, tout1;
+ DES_LONG tin[2];
+ const unsigned char *in;
+ unsigned char *out, *iv;
+
+ in = input;
+ out = output;
+ iv = &(*ivec)[0];
+
+ if (enc) {
+ c2l(iv, xor0);
+ c2l(iv, xor1);
+ for (; length > 0; length -= 8) {
+ if (length >= 8) {
+ c2l(in, sin0);
+ c2l(in, sin1);
+ } else
+ c2ln(in, sin0, sin1, length);
+ tin[0] = sin0 ^ xor0;
+ tin[1] = sin1 ^ xor1;
+ DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
+ tout0 = tin[0];
+ tout1 = tin[1];
+ xor0 = sin0 ^ tout0;
+ xor1 = sin1 ^ tout1;
+ l2c(tout0, out);
+ l2c(tout1, out);
+ }
+ } else {
+ c2l(iv, xor0);
+ c2l(iv, xor1);
+ for (; length > 0; length -= 8) {
+ c2l(in, sin0);
+ c2l(in, sin1);
+ tin[0] = sin0;
+ tin[1] = sin1;
+ DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ if (length >= 8) {
+ l2c(tout0, out);
+ l2c(tout1, out);
+ } else
+ l2cn(tout0, tout1, out, length);
+ xor0 = tout0 ^ sin0;
+ xor1 = tout1 ^ sin1;
+ }
+ }
+ tin[0] = tin[1] = 0;
+ sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/qud_cksm.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/qud_cksm.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/qud_cksm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,139 +0,0 @@
-/* crypto/des/qud_cksm.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer
- * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40
- * This module in only based on the code in this paper and is
- * almost definitely not the same as the MIT implementation.
- */
-#include "des_locl.h"
-
-/* bug fix for dos - 7/6/91 - Larry hughes at logos.ucs.indiana.edu */
-#define Q_B0(a) (((DES_LONG)(a)))
-#define Q_B1(a) (((DES_LONG)(a))<<8)
-#define Q_B2(a) (((DES_LONG)(a))<<16)
-#define Q_B3(a) (((DES_LONG)(a))<<24)
-
-/* used to scramble things a bit */
-/* Got the value MIT uses via brute force :-) 2/10/90 eay */
-#define NOISE ((DES_LONG)83653421L)
-
-DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
- long length, int out_count, DES_cblock *seed)
- {
- DES_LONG z0,z1,t0,t1;
- int i;
- long l;
- const unsigned char *cp;
-#ifdef _CRAY
- struct lp_st { int a:32; int b:32; } *lp;
-#else
- DES_LONG *lp;
-#endif
-
- if (out_count < 1) out_count=1;
-#ifdef _CRAY
- lp = (struct lp_st *) &(output[0])[0];
-#else
- lp = (DES_LONG *) &(output[0])[0];
-#endif
-
- z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);
- z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);
-
- for (i=0; ((i<4)&&(i<out_count)); i++)
- {
- cp=input;
- l=length;
- while (l > 0)
- {
- if (l > 1)
- {
- t0= (DES_LONG)(*(cp++));
- t0|=(DES_LONG)Q_B1(*(cp++));
- l--;
- }
- else
- t0= (DES_LONG)(*(cp++));
- l--;
- /* add */
- t0+=z0;
- t0&=0xffffffffL;
- t1=z1;
- /* square, well sort of square */
- z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL))
- &0xffffffffL)%0x7fffffffL;
- z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL;
- }
- if (lp != NULL)
- {
- /* The MIT library assumes that the checksum is
- * composed of 2*out_count 32 bit ints */
-#ifdef _CRAY
- (*lp).a = z0;
- (*lp).b = z1;
- lp++;
-#else
- *lp++ = z0;
- *lp++ = z1;
-#endif
- }
- }
- return(z0);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/qud_cksm.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/qud_cksm.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/qud_cksm.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/qud_cksm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,143 @@
+/* crypto/des/qud_cksm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer IEEE
+ * Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 This module in
+ * only based on the code in this paper and is almost definitely not the same
+ * as the MIT implementation.
+ */
+#include "des_locl.h"
+
+/* bug fix for dos - 7/6/91 - Larry hughes at logos.ucs.indiana.edu */
+#define Q_B0(a) (((DES_LONG)(a)))
+#define Q_B1(a) (((DES_LONG)(a))<<8)
+#define Q_B2(a) (((DES_LONG)(a))<<16)
+#define Q_B3(a) (((DES_LONG)(a))<<24)
+
+/* used to scramble things a bit */
+/* Got the value MIT uses via brute force :-) 2/10/90 eay */
+#define NOISE ((DES_LONG)83653421L)
+
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+ long length, int out_count, DES_cblock *seed)
+{
+ DES_LONG z0, z1, t0, t1;
+ int i;
+ long l;
+ const unsigned char *cp;
+#ifdef _CRAY
+ struct lp_st {
+ int a:32;
+ int b:32;
+ } *lp;
+#else
+ DES_LONG *lp;
+#endif
+
+ if (out_count < 1)
+ out_count = 1;
+#ifdef _CRAY
+ lp = (struct lp_st *)&(output[0])[0];
+#else
+ lp = (DES_LONG *)&(output[0])[0];
+#endif
+
+ z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) |
+ Q_B3((*seed)[3]);
+ z1 = Q_B0((*seed)[4]) | Q_B1((*seed)[5]) | Q_B2((*seed)[6]) |
+ Q_B3((*seed)[7]);
+
+ for (i = 0; ((i < 4) && (i < out_count)); i++) {
+ cp = input;
+ l = length;
+ while (l > 0) {
+ if (l > 1) {
+ t0 = (DES_LONG)(*(cp++));
+ t0 |= (DES_LONG)Q_B1(*(cp++));
+ l--;
+ } else
+ t0 = (DES_LONG)(*(cp++));
+ l--;
+ /* add */
+ t0 += z0;
+ t0 &= 0xffffffffL;
+ t1 = z1;
+ /* square, well sort of square */
+ z0 = ((((t0 * t0) & 0xffffffffL) + ((t1 * t1) & 0xffffffffL))
+ & 0xffffffffL) % 0x7fffffffL;
+ z1 = ((t0 * ((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) %
+ 0x7fffffffL;
+ }
+ if (lp != NULL) {
+ /*
+ * The MIT library assumes that the checksum is composed of
+ * 2*out_count 32 bit ints
+ */
+#ifdef _CRAY
+ (*lp).a = z0;
+ (*lp).b = z1;
+ lp++;
+#else
+ *lp++ = z0;
+ *lp++ = z1;
+#endif
+ }
+ }
+ return (z0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/rand_key.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/rand_key.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/rand_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,68 +0,0 @@
-/* crypto/des/rand_key.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-int DES_random_key(DES_cblock *ret)
- {
- do
- {
- if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
- return (0);
- } while (DES_is_weak_key(ret));
- DES_set_odd_parity(ret);
- return (1);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/rand_key.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/rand_key.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/rand_key.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/rand_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,67 @@
+/* crypto/des/rand_key.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+int DES_random_key(DES_cblock *ret)
+{
+ do {
+ if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
+ return (0);
+ } while (DES_is_weak_key(ret));
+ DES_set_odd_parity(ret);
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/read2pwd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/read2pwd.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/read2pwd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,140 +0,0 @@
-/* crypto/des/read2pwd.c */
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <string.h>
-#include <openssl/des.h>
-#include <openssl/ui.h>
-#include <openssl/crypto.h>
-
-int DES_read_password(DES_cblock *key, const char *prompt, int verify)
- {
- int ok;
- char buf[BUFSIZ],buff[BUFSIZ];
-
- if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
- DES_string_to_key(buf,key);
- OPENSSL_cleanse(buf,BUFSIZ);
- OPENSSL_cleanse(buff,BUFSIZ);
- return(ok);
- }
-
-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
- int verify)
- {
- int ok;
- char buf[BUFSIZ],buff[BUFSIZ];
-
- if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
- DES_string_to_2keys(buf,key1,key2);
- OPENSSL_cleanse(buf,BUFSIZ);
- OPENSSL_cleanse(buff,BUFSIZ);
- return(ok);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/read2pwd.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/read2pwd.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/read2pwd.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/read2pwd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,140 @@
+/* crypto/des/read2pwd.c */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <string.h>
+#include <openssl/des.h>
+#include <openssl/ui.h>
+#include <openssl/crypto.h>
+
+int DES_read_password(DES_cblock *key, const char *prompt, int verify)
+{
+ int ok;
+ char buf[BUFSIZ], buff[BUFSIZ];
+
+ if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0)
+ DES_string_to_key(buf, key);
+ OPENSSL_cleanse(buf, BUFSIZ);
+ OPENSSL_cleanse(buff, BUFSIZ);
+ return (ok);
+}
+
+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2,
+ const char *prompt, int verify)
+{
+ int ok;
+ char buf[BUFSIZ], buff[BUFSIZ];
+
+ if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0)
+ DES_string_to_2keys(buf, key1, key2);
+ OPENSSL_cleanse(buf, BUFSIZ);
+ OPENSSL_cleanse(buff, BUFSIZ);
+ return (ok);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/read_pwd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/read_pwd.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/read_pwd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,521 +0,0 @@
-/* crypto/des/read_pwd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/e_os2.h>
-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WIN32)
-#ifdef OPENSSL_UNISTD
-# include OPENSSL_UNISTD
-#else
-# include <unistd.h>
-#endif
-/* If unistd.h defines _POSIX_VERSION, we conclude that we
- * are on a POSIX system and have sigaction and termios. */
-#if defined(_POSIX_VERSION)
-
-# define SIGACTION
-# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
-# define TERMIOS
-# endif
-
-#endif
-#endif
-
-/* #define SIGACTION */ /* Define this if you have sigaction() */
-
-#ifdef WIN16TTY
-#undef OPENSSL_SYS_WIN16
-#undef _WINDOWS
-#include <graph.h>
-#endif
-
-/* 06-Apr-92 Luke Brennan Support for VMS */
-#include "des_locl.h"
-#include "cryptlib.h"
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <setjmp.h>
-#include <errno.h>
-
-#ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */
-#include <starlet.h>
-#ifdef __DECC
-#pragma message disable DOLLARID
-#endif
-#endif
-
-#ifdef WIN_CONSOLE_BUG
-#include <windows.h>
-#ifndef OPENSSL_SYS_WINCE
-#include <wincon.h>
-#endif
-#endif
-
-
-/* There are 5 types of terminal interface supported,
- * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
- */
-
-#if defined(__sgi) && !defined(TERMIOS)
-#define TERMIOS
-#undef TERMIO
-#undef SGTTY
-#endif
-
-#if defined(linux) && !defined(TERMIO)
-#undef TERMIOS
-#define TERMIO
-#undef SGTTY
-#endif
-
-#ifdef _LIBC
-#undef TERMIOS
-#define TERMIO
-#undef SGTTY
-#endif
-
-#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(MAC_OS_pre_X) && !defined(MAC_OS_GUSI_SOURCE)
-#undef TERMIOS
-#undef TERMIO
-#define SGTTY
-#endif
-
-#if defined(OPENSSL_SYS_VXWORKS)
-#undef TERMIOS
-#undef TERMIO
-#undef SGTTY
-#endif
-
-#ifdef TERMIOS
-#include <termios.h>
-#define TTY_STRUCT struct termios
-#define TTY_FLAGS c_lflag
-#define TTY_get(tty,data) tcgetattr(tty,data)
-#define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data)
-#endif
-
-#ifdef TERMIO
-#include <termio.h>
-#define TTY_STRUCT struct termio
-#define TTY_FLAGS c_lflag
-#define TTY_get(tty,data) ioctl(tty,TCGETA,data)
-#define TTY_set(tty,data) ioctl(tty,TCSETA,data)
-#endif
-
-#ifdef SGTTY
-#include <sgtty.h>
-#define TTY_STRUCT struct sgttyb
-#define TTY_FLAGS sg_flags
-#define TTY_get(tty,data) ioctl(tty,TIOCGETP,data)
-#define TTY_set(tty,data) ioctl(tty,TIOCSETP,data)
-#endif
-
-#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(MAC_OS_pre_X)
-#include <sys/ioctl.h>
-#endif
-
-#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) && !defined(OPENSSL_SYS_WINCE)
-#include <conio.h>
-#define fgets(a,b,c) noecho_fgets(a,b,c)
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-#include <ssdef.h>
-#include <iodef.h>
-#include <ttdef.h>
-#include <descrip.h>
-struct IOSB {
- short iosb$w_value;
- short iosb$w_count;
- long iosb$l_info;
- };
-#endif
-
-#if defined(MAC_OS_pre_X) || defined(MAC_OS_GUSI_SOURCE)
-/*
- * This one needs work. As a matter of fact the code is unoperational
- * and this is only a trick to get it compiled.
- * <appro at fy.chalmers.se>
- */
-#define TTY_STRUCT int
-#endif
-
-#ifndef NX509_SIG
-#define NX509_SIG 32
-#endif
-
-static void read_till_nl(FILE *);
-static void recsig(int);
-static void pushsig(void);
-static void popsig(void);
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
-static int noecho_fgets(char *buf, int size, FILE *tty);
-#endif
-#ifdef SIGACTION
- static struct sigaction savsig[NX509_SIG];
-#else
- static void (*savsig[NX509_SIG])(int );
-#endif
-static jmp_buf save;
-
-int des_read_pw_string(char *buf, int length, const char *prompt,
- int verify)
- {
- char buff[BUFSIZ];
- int ret;
-
- ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
- OPENSSL_cleanse(buff,BUFSIZ);
- return(ret);
- }
-
-#ifdef OPENSSL_SYS_WINCE
-
-int des_read_pw(char *buf, char *buff, int size, const char *prompt, int verify)
- {
- memset(buf,0,size);
- memset(buff,0,size);
- return(0);
- }
-
-#elif defined(OPENSSL_SYS_WIN16)
-
-int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)
- {
- memset(buf,0,size);
- memset(buff,0,size);
- return(0);
- }
-
-#else /* !OPENSSL_SYS_WINCE && !OPENSSL_SYS_WIN16 */
-
-static void read_till_nl(FILE *in)
- {
-#define SIZE 4
- char buf[SIZE+1];
-
- do {
- fgets(buf,SIZE,in);
- } while (strchr(buf,'\n') == NULL);
- }
-
-
-/* return 0 if ok, 1 (or -1) otherwise */
-int des_read_pw(char *buf, char *buff, int size, const char *prompt,
- int verify)
- {
-#ifdef OPENSSL_SYS_VMS
- struct IOSB iosb;
- $DESCRIPTOR(terminal,"TT");
- long tty_orig[3], tty_new[3];
- long status;
- unsigned short channel = 0;
-#else
-#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
- TTY_STRUCT tty_orig,tty_new;
-#endif
-#endif
- int number;
- int ok;
- /* statics are simply to avoid warnings about longjmp clobbering
- things */
- static int ps;
- int is_a_tty;
- static FILE *tty;
- char *p;
-
- if (setjmp(save))
- {
- ok=0;
- goto error;
- }
-
- number=5;
- ok=0;
- ps=0;
- is_a_tty=1;
- tty=NULL;
-
-#ifdef OPENSSL_SYS_MSDOS
- if ((tty=fopen("con","r")) == NULL)
- tty=stdin;
-#elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VXWORKS)
- tty=stdin;
-#else
-#ifndef OPENSSL_SYS_MPE
- if ((tty=fopen("/dev/tty","r")) == NULL)
-#endif
- tty=stdin;
-#endif
-
-#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
- if (TTY_get(fileno(tty),&tty_orig) == -1)
- {
-#ifdef ENOTTY
- if (errno == ENOTTY)
- is_a_tty=0;
- else
-#endif
-#ifdef EINVAL
- /* Ariel Glenn ariel at columbia.edu reports that solaris
- * can return EINVAL instead. This should be ok */
- if (errno == EINVAL)
- is_a_tty=0;
- else
-#endif
- return(-1);
- }
- memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
-#endif
-#ifdef OPENSSL_SYS_VMS
- status = sys$assign(&terminal,&channel,0,0);
- if (status != SS$_NORMAL)
- return(-1);
- status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
- return(-1);
-#endif
-
- pushsig();
- ps=1;
-
-#ifdef TTY_FLAGS
- tty_new.TTY_FLAGS &= ~ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
- if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
-#ifdef OPENSSL_SYS_MPE
- ; /* MPE lies -- echo really has been disabled */
-#else
- return(-1);
-#endif
-#endif
-#ifdef OPENSSL_SYS_VMS
- tty_new[0] = tty_orig[0];
- tty_new[1] = tty_orig[1] | TT$M_NOECHO;
- tty_new[2] = tty_orig[2];
- status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
- return(-1);
-#endif
- ps=2;
-
- while ((!ok) && (number--))
- {
- fputs(prompt,stderr);
- fflush(stderr);
-
- buf[0]='\0';
- fgets(buf,size,tty);
- if (feof(tty)) goto error;
- if (ferror(tty)) goto error;
- if ((p=(char *)strchr(buf,'\n')) != NULL)
- *p='\0';
- else read_till_nl(tty);
- if (verify)
- {
- fprintf(stderr,"\nVerifying password - %s",prompt);
- fflush(stderr);
- buff[0]='\0';
- fgets(buff,size,tty);
- if (feof(tty)) goto error;
- if ((p=(char *)strchr(buff,'\n')) != NULL)
- *p='\0';
- else read_till_nl(tty);
-
- if (strcmp(buf,buff) != 0)
- {
- fprintf(stderr,"\nVerify failure");
- fflush(stderr);
- break;
- /* continue; */
- }
- }
- ok=1;
- }
-
-error:
- fprintf(stderr,"\n");
-#if 0
- perror("fgets(tty)");
-#endif
- /* What can we do if there is an error? */
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
- if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
-#endif
-#ifdef OPENSSL_SYS_VMS
- if (ps >= 2)
- status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0
- ,tty_orig,12,0,0,0,0);
-#endif
-
- if (ps >= 1) popsig();
- if (stdin != tty) fclose(tty);
-#ifdef OPENSSL_SYS_VMS
- status = sys$dassgn(channel);
-#endif
- return(!ok);
- }
-
-static void pushsig(void)
- {
- int i;
-#ifdef SIGACTION
- struct sigaction sa;
-
- memset(&sa,0,sizeof sa);
- sa.sa_handler=recsig;
-#endif
-
- for (i=1; i<NX509_SIG; i++)
- {
-#ifdef SIGUSR1
- if (i == SIGUSR1)
- continue;
-#endif
-#ifdef SIGUSR2
- if (i == SIGUSR2)
- continue;
-#endif
-#ifdef SIGACTION
- sigaction(i,&sa,&savsig[i]);
-#else
- savsig[i]=signal(i,recsig);
-#endif
- }
-
-#ifdef SIGWINCH
- signal(SIGWINCH,SIG_DFL);
-#endif
- }
-
-static void popsig(void)
- {
- int i;
-
- for (i=1; i<NX509_SIG; i++)
- {
-#ifdef SIGUSR1
- if (i == SIGUSR1)
- continue;
-#endif
-#ifdef SIGUSR2
- if (i == SIGUSR2)
- continue;
-#endif
-#ifdef SIGACTION
- sigaction(i,&savsig[i],NULL);
-#else
- signal(i,savsig[i]);
-#endif
- }
- }
-
-static void recsig(int i)
- {
- longjmp(save,1);
-#ifdef LINT
- i=i;
-#endif
- }
-
-#ifdef OPENSSL_SYS_MSDOS
-static int noecho_fgets(char *buf, int size, FILE *tty)
- {
- int i;
- char *p;
-
- p=buf;
- for (;;)
- {
- if (size == 0)
- {
- *p='\0';
- break;
- }
- size--;
-#ifdef WIN16TTY
- i=_inchar();
-#else
- i=getch();
-#endif
- if (i == '\r') i='\n';
- *(p++)=i;
- if (i == '\n')
- {
- *p='\0';
- break;
- }
- }
-#ifdef WIN_CONSOLE_BUG
-/* Win95 has several evil console bugs: one of these is that the
- * last character read using getch() is passed to the next read: this is
- * usually a CR so this can be trouble. No STDIO fix seems to work but
- * flushing the console appears to do the trick.
- */
- {
- HANDLE inh;
- inh = GetStdHandle(STD_INPUT_HANDLE);
- FlushConsoleInputBuffer(inh);
- }
-#endif
- return(strlen(buf));
- }
-#endif
-#endif /* !OPENSSL_SYS_WINCE && !WIN16 */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/read_pwd.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/read_pwd.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/read_pwd.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/read_pwd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,533 @@
+/* crypto/des/read_pwd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/e_os2.h>
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WIN32)
+# ifdef OPENSSL_UNISTD
+# include OPENSSL_UNISTD
+# else
+# include <unistd.h>
+# endif
+/*
+ * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX
+ * system and have sigaction and termios.
+ */
+# if defined(_POSIX_VERSION)
+
+# define SIGACTION
+# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+# define TERMIOS
+# endif
+
+# endif
+#endif
+
+/* Define this if you have sigaction() */
+/* #define SIGACTION */
+
+#ifdef WIN16TTY
+# undef OPENSSL_SYS_WIN16
+# undef _WINDOWS
+# include <graph.h>
+#endif
+
+/* 06-Apr-92 Luke Brennan Support for VMS */
+#include "des_locl.h"
+#include "cryptlib.h"
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <setjmp.h>
+#include <errno.h>
+
+#ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */
+# include <starlet.h>
+# ifdef __DECC
+# pragma message disable DOLLARID
+# endif
+#endif
+
+#ifdef WIN_CONSOLE_BUG
+# include <windows.h>
+# ifndef OPENSSL_SYS_WINCE
+# include <wincon.h>
+# endif
+#endif
+
+/*
+ * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS,
+ * MSDOS and SGTTY
+ */
+
+#if defined(__sgi) && !defined(TERMIOS)
+# define TERMIOS
+# undef TERMIO
+# undef SGTTY
+#endif
+
+#if defined(linux) && !defined(TERMIO)
+# undef TERMIOS
+# define TERMIO
+# undef SGTTY
+#endif
+
+#ifdef _LIBC
+# undef TERMIOS
+# define TERMIO
+# undef SGTTY
+#endif
+
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(MAC_OS_pre_X) && !defined(MAC_OS_GUSI_SOURCE)
+# undef TERMIOS
+# undef TERMIO
+# define SGTTY
+#endif
+
+#if defined(OPENSSL_SYS_VXWORKS)
+# undef TERMIOS
+# undef TERMIO
+# undef SGTTY
+#endif
+
+#ifdef TERMIOS
+# include <termios.h>
+# define TTY_STRUCT struct termios
+# define TTY_FLAGS c_lflag
+# define TTY_get(tty,data) tcgetattr(tty,data)
+# define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data)
+#endif
+
+#ifdef TERMIO
+# include <termio.h>
+# define TTY_STRUCT struct termio
+# define TTY_FLAGS c_lflag
+# define TTY_get(tty,data) ioctl(tty,TCGETA,data)
+# define TTY_set(tty,data) ioctl(tty,TCSETA,data)
+#endif
+
+#ifdef SGTTY
+# include <sgtty.h>
+# define TTY_STRUCT struct sgttyb
+# define TTY_FLAGS sg_flags
+# define TTY_get(tty,data) ioctl(tty,TIOCGETP,data)
+# define TTY_set(tty,data) ioctl(tty,TIOCSETP,data)
+#endif
+
+#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(MAC_OS_pre_X)
+# include <sys/ioctl.h>
+#endif
+
+#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) && !defined(OPENSSL_SYS_WINCE)
+# include <conio.h>
+# define fgets(a,b,c) noecho_fgets(a,b,c)
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+# include <ssdef.h>
+# include <iodef.h>
+# include <ttdef.h>
+# include <descrip.h>
+struct IOSB {
+ short iosb$w_value;
+ short iosb$w_count;
+ long iosb$l_info;
+};
+#endif
+
+#if defined(MAC_OS_pre_X) || defined(MAC_OS_GUSI_SOURCE)
+/*
+ * This one needs work. As a matter of fact the code is unoperational
+ * and this is only a trick to get it compiled.
+ * <appro at fy.chalmers.se>
+ */
+# define TTY_STRUCT int
+#endif
+
+#ifndef NX509_SIG
+# define NX509_SIG 32
+#endif
+
+static void read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+#ifdef SIGACTION
+static struct sigaction savsig[NX509_SIG];
+#else
+static void (*savsig[NX509_SIG]) (int);
+#endif
+static jmp_buf save;
+
+int des_read_pw_string(char *buf, int length, const char *prompt, int verify)
+{
+ char buff[BUFSIZ];
+ int ret;
+
+ ret =
+ des_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, prompt,
+ verify);
+ OPENSSL_cleanse(buff, BUFSIZ);
+ return (ret);
+}
+
+#ifdef OPENSSL_SYS_WINCE
+
+int des_read_pw(char *buf, char *buff, int size, const char *prompt,
+ int verify)
+{
+ memset(buf, 0, size);
+ memset(buff, 0, size);
+ return (0);
+}
+
+#elif defined(OPENSSL_SYS_WIN16)
+
+int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)
+{
+ memset(buf, 0, size);
+ memset(buff, 0, size);
+ return (0);
+}
+
+#else /* !OPENSSL_SYS_WINCE && !OPENSSL_SYS_WIN16 */
+
+static void read_till_nl(FILE *in)
+{
+# define SIZE 4
+ char buf[SIZE + 1];
+
+ do {
+ fgets(buf, SIZE, in);
+ } while (strchr(buf, '\n') == NULL);
+}
+
+/* return 0 if ok, 1 (or -1) otherwise */
+int des_read_pw(char *buf, char *buff, int size, const char *prompt,
+ int verify)
+{
+# ifdef OPENSSL_SYS_VMS
+ struct IOSB iosb;
+ $DESCRIPTOR(terminal, "TT");
+ long tty_orig[3], tty_new[3];
+ long status;
+ unsigned short channel = 0;
+# else
+# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+ TTY_STRUCT tty_orig, tty_new;
+# endif
+# endif
+ int number;
+ int ok;
+ /*
+ * statics are simply to avoid warnings about longjmp clobbering things
+ */
+ static int ps;
+ int is_a_tty;
+ static FILE *tty;
+ char *p;
+
+ if (setjmp(save)) {
+ ok = 0;
+ goto error;
+ }
+
+ number = 5;
+ ok = 0;
+ ps = 0;
+ is_a_tty = 1;
+ tty = NULL;
+
+# ifdef OPENSSL_SYS_MSDOS
+ if ((tty = fopen("con", "r")) == NULL)
+ tty = stdin;
+# elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VXWORKS)
+ tty = stdin;
+# else
+# ifndef OPENSSL_SYS_MPE
+ if ((tty = fopen("/dev/tty", "r")) == NULL)
+# endif
+ tty = stdin;
+# endif
+
+# if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+ if (TTY_get(fileno(tty), &tty_orig) == -1) {
+# ifdef ENOTTY
+ if (errno == ENOTTY)
+ is_a_tty = 0;
+ else
+# endif
+# ifdef EINVAL
+ /*
+ * Ariel Glenn ariel at columbia.edu reports that solaris can return
+ * EINVAL instead. This should be ok
+ */
+ if (errno == EINVAL)
+ is_a_tty = 0;
+ else
+# endif
+ return (-1);
+ }
+ memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
+# endif
+# ifdef OPENSSL_SYS_VMS
+ status = sys$assign(&terminal, &channel, 0, 0);
+ if (status != SS$_NORMAL)
+ return (-1);
+ status =
+ sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, 0, 0,
+ 0, 0);
+ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+ return (-1);
+# endif
+
+ pushsig();
+ ps = 1;
+
+# ifdef TTY_FLAGS
+ tty_new.TTY_FLAGS &= ~ECHO;
+# endif
+
+# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+ if (is_a_tty && (TTY_set(fileno(tty), &tty_new) == -1))
+# ifdef OPENSSL_SYS_MPE
+ ; /* MPE lies -- echo really has been disabled */
+# else
+ return (-1);
+# endif
+# endif
+# ifdef OPENSSL_SYS_VMS
+ tty_new[0] = tty_orig[0];
+ tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+ tty_new[2] = tty_orig[2];
+ status =
+ sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
+ 0);
+ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+ return (-1);
+# endif
+ ps = 2;
+
+ while ((!ok) && (number--)) {
+ fputs(prompt, stderr);
+ fflush(stderr);
+
+ buf[0] = '\0';
+ fgets(buf, size, tty);
+ if (feof(tty))
+ goto error;
+ if (ferror(tty))
+ goto error;
+ if ((p = (char *)strchr(buf, '\n')) != NULL)
+ *p = '\0';
+ else
+ read_till_nl(tty);
+ if (verify) {
+ fprintf(stderr, "\nVerifying password - %s", prompt);
+ fflush(stderr);
+ buff[0] = '\0';
+ fgets(buff, size, tty);
+ if (feof(tty))
+ goto error;
+ if ((p = (char *)strchr(buff, '\n')) != NULL)
+ *p = '\0';
+ else
+ read_till_nl(tty);
+
+ if (strcmp(buf, buff) != 0) {
+ fprintf(stderr, "\nVerify failure");
+ fflush(stderr);
+ break;
+ /* continue; */
+ }
+ }
+ ok = 1;
+ }
+
+ error:
+ fprintf(stderr, "\n");
+# if 0
+ perror("fgets(tty)");
+# endif
+ /* What can we do if there is an error? */
+# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+ if (ps >= 2)
+ TTY_set(fileno(tty), &tty_orig);
+# endif
+# ifdef OPENSSL_SYS_VMS
+ if (ps >= 2)
+ status =
+ sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_orig, 12, 0, 0,
+ 0, 0);
+# endif
+
+ if (ps >= 1)
+ popsig();
+ if (stdin != tty)
+ fclose(tty);
+# ifdef OPENSSL_SYS_VMS
+ status = sys$dassgn(channel);
+# endif
+ return (!ok);
+}
+
+static void pushsig(void)
+{
+ int i;
+# ifdef SIGACTION
+ struct sigaction sa;
+
+ memset(&sa, 0, sizeof sa);
+ sa.sa_handler = recsig;
+# endif
+
+ for (i = 1; i < NX509_SIG; i++) {
+# ifdef SIGUSR1
+ if (i == SIGUSR1)
+ continue;
+# endif
+# ifdef SIGUSR2
+ if (i == SIGUSR2)
+ continue;
+# endif
+# ifdef SIGACTION
+ sigaction(i, &sa, &savsig[i]);
+# else
+ savsig[i] = signal(i, recsig);
+# endif
+ }
+
+# ifdef SIGWINCH
+ signal(SIGWINCH, SIG_DFL);
+# endif
+}
+
+static void popsig(void)
+{
+ int i;
+
+ for (i = 1; i < NX509_SIG; i++) {
+# ifdef SIGUSR1
+ if (i == SIGUSR1)
+ continue;
+# endif
+# ifdef SIGUSR2
+ if (i == SIGUSR2)
+ continue;
+# endif
+# ifdef SIGACTION
+ sigaction(i, &savsig[i], NULL);
+# else
+ signal(i, savsig[i]);
+# endif
+ }
+}
+
+static void recsig(int i)
+{
+ longjmp(save, 1);
+# ifdef LINT
+ i = i;
+# endif
+}
+
+# ifdef OPENSSL_SYS_MSDOS
+static int noecho_fgets(char *buf, int size, FILE *tty)
+{
+ int i;
+ char *p;
+
+ p = buf;
+ for (;;) {
+ if (size == 0) {
+ *p = '\0';
+ break;
+ }
+ size--;
+# ifdef WIN16TTY
+ i = _inchar();
+# else
+ i = getch();
+# endif
+ if (i == '\r')
+ i = '\n';
+ *(p++) = i;
+ if (i == '\n') {
+ *p = '\0';
+ break;
+ }
+ }
+# ifdef WIN_CONSOLE_BUG
+ /*
+ * Win95 has several evil console bugs: one of these is that the last
+ * character read using getch() is passed to the next read: this is
+ * usually a CR so this can be trouble. No STDIO fix seems to work but
+ * flushing the console appears to do the trick.
+ */
+ {
+ HANDLE inh;
+ inh = GetStdHandle(STD_INPUT_HANDLE);
+ FlushConsoleInputBuffer(inh);
+ }
+# endif
+ return (strlen(buf));
+}
+# endif
+#endif /* !OPENSSL_SYS_WINCE && !WIN16 */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_des.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/rpc_des.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_des.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,131 +0,0 @@
-/* crypto/des/rpc_des.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-/*
- * Generic DES driver interface
- * Keep this file hardware independent!
- * Copyright (c) 1986 by Sun Microsystems, Inc.
- */
-
-#define DES_MAXLEN 65536 /* maximum # of bytes to encrypt */
-#define DES_QUICKLEN 16 /* maximum # of bytes to encrypt quickly */
-
-#ifdef HEADER_DES_H
-#undef ENCRYPT
-#undef DECRYPT
-#endif
-
-enum desdir { ENCRYPT, DECRYPT };
-enum desmode { CBC, ECB };
-
-/*
- * parameters to ioctl call
- */
-struct desparams {
- unsigned char des_key[8]; /* key (with low bit parity) */
- enum desdir des_dir; /* direction */
- enum desmode des_mode; /* mode */
- unsigned char des_ivec[8]; /* input vector */
- unsigned des_len; /* number of bytes to crypt */
- union {
- unsigned char UDES_data[DES_QUICKLEN];
- unsigned char *UDES_buf;
- } UDES;
-# define des_data UDES.UDES_data /* direct data here if quick */
-# define des_buf UDES.UDES_buf /* otherwise, pointer to data */
-};
-
-/*
- * Encrypt an arbitrary sized buffer
- */
-#define DESIOCBLOCK _IOWR('d', 6, struct desparams)
-
-/*
- * Encrypt of small amount of data, quickly
- */
-#define DESIOCQUICK _IOWR('d', 7, struct desparams)
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_des.h (from rev 6976, vendor-crypto/openssl/dist/crypto/des/rpc_des.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_des.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_des.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,130 @@
+/* crypto/des/rpc_des.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */
+/*-
+ * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
+ * unrestricted use provided that this legend is included on all tape
+ * media and as a part of the software program in whole or part. Users
+ * may copy or modify Sun RPC without charge, but are not authorized
+ * to license or distribute it to anyone else except as part of a product or
+ * program developed by the user.
+ *
+ * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
+ * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
+ *
+ * Sun RPC is provided with no support and without any obligation on the
+ * part of Sun Microsystems, Inc. to assist in its use, correction,
+ * modification or enhancement.
+ *
+ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
+ * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
+ * OR ANY PART THEREOF.
+ *
+ * In no event will Sun Microsystems, Inc. be liable for any lost revenue
+ * or profits or other special, indirect and consequential damages, even if
+ * Sun has been advised of the possibility of such damages.
+ *
+ * Sun Microsystems, Inc.
+ * 2550 Garcia Avenue
+ * Mountain View, California 94043
+ */
+/*
+ * Generic DES driver interface
+ * Keep this file hardware independent!
+ * Copyright (c) 1986 by Sun Microsystems, Inc.
+ */
+
+#define DES_MAXLEN 65536 /* maximum # of bytes to encrypt */
+#define DES_QUICKLEN 16 /* maximum # of bytes to encrypt quickly */
+
+#ifdef HEADER_DES_H
+# undef ENCRYPT
+# undef DECRYPT
+#endif
+
+enum desdir { ENCRYPT, DECRYPT };
+enum desmode { CBC, ECB };
+
+/*
+ * parameters to ioctl call
+ */
+struct desparams {
+ unsigned char des_key[8]; /* key (with low bit parity) */
+ enum desdir des_dir; /* direction */
+ enum desmode des_mode; /* mode */
+ unsigned char des_ivec[8]; /* input vector */
+ unsigned des_len; /* number of bytes to crypt */
+ union {
+ unsigned char UDES_data[DES_QUICKLEN];
+ unsigned char *UDES_buf;
+ } UDES;
+#define des_data UDES.UDES_data /* direct data here if quick */
+#define des_buf UDES.UDES_buf /* otherwise, pointer to data */
+};
+
+/*
+ * Encrypt an arbitrary sized buffer
+ */
+#define DESIOCBLOCK _IOWR('d', 6, struct desparams)
+
+/*
+ * Encrypt of small amount of data, quickly
+ */
+#define DESIOCQUICK _IOWR('d', 7, struct desparams)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/rpc_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,98 +0,0 @@
-/* crypto/des/rpc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "rpc_des.h"
-#include "des_locl.h"
-#include "des_ver.h"
-
-int _des_crypt(char *buf,int len,struct desparams *desp);
-int _des_crypt(char *buf, int len, struct desparams *desp)
- {
- DES_key_schedule ks;
- int enc;
-
- DES_set_key_unchecked(&desp->des_key,&ks);
- enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
-
- if (desp->des_mode == CBC)
- DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,
- (DES_cblock *)desp->UDES.UDES_buf,&ks,
- enc);
- else
- {
- DES_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,
- len,&ks,&desp->des_ivec,enc);
-#ifdef undef
- /* len will always be %8 if called from common_crypt
- * in secure_rpc.
- * Libdes's cbc encrypt does not copy back the iv,
- * so we have to do it here. */
- /* It does now :-) eay 20/09/95 */
-
- a=(char *)&(desp->UDES.UDES_buf[len-8]);
- b=(char *)&(desp->des_ivec[0]);
-
- *(a++)= *(b++); *(a++)= *(b++);
- *(a++)= *(b++); *(a++)= *(b++);
- *(a++)= *(b++); *(a++)= *(b++);
- *(a++)= *(b++); *(a++)= *(b++);
-#endif
- }
- return(1);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/rpc_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/rpc_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,100 @@
+/* crypto/des/rpc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "rpc_des.h"
+#include "des_locl.h"
+#include "des_ver.h"
+
+int _des_crypt(char *buf, int len, struct desparams *desp);
+int _des_crypt(char *buf, int len, struct desparams *desp)
+{
+ DES_key_schedule ks;
+ int enc;
+
+ DES_set_key_unchecked(&desp->des_key, &ks);
+ enc = (desp->des_dir == ENCRYPT) ? DES_ENCRYPT : DES_DECRYPT;
+
+ if (desp->des_mode == CBC)
+ DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,
+ (DES_cblock *)desp->UDES.UDES_buf, &ks, enc);
+ else {
+ DES_ncbc_encrypt(desp->UDES.UDES_buf, desp->UDES.UDES_buf,
+ len, &ks, &desp->des_ivec, enc);
+#ifdef undef
+ /*
+ * len will always be %8 if called from common_crypt in secure_rpc.
+ * Libdes's cbc encrypt does not copy back the iv, so we have to do
+ * it here.
+ */
+ /* It does now :-) eay 20/09/95 */
+
+ a = (char *)&(desp->UDES.UDES_buf[len - 8]);
+ b = (char *)&(desp->des_ivec[0]);
+
+ *(a++) = *(b++);
+ *(a++) = *(b++);
+ *(a++) = *(b++);
+ *(a++) = *(b++);
+ *(a++) = *(b++);
+ *(a++) = *(b++);
+ *(a++) = *(b++);
+ *(a++) = *(b++);
+#endif
+ }
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/rpw.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/rpw.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/rpw.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,99 +0,0 @@
-/* crypto/des/rpw.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/des.h>
-
-int main(int argc, char *argv[])
- {
- DES_cblock k,k1;
- int i;
-
- printf("read passwd\n");
- if ((i=des_read_password(&k,"Enter password:",0)) == 0)
- {
- printf("password = ");
- for (i=0; i<8; i++)
- printf("%02x ",k[i]);
- }
- else
- printf("error %d\n",i);
- printf("\n");
- printf("read 2passwds and verify\n");
- if ((i=des_read_2passwords(&k,&k1,
- "Enter verified password:",1)) == 0)
- {
- printf("password1 = ");
- for (i=0; i<8; i++)
- printf("%02x ",k[i]);
- printf("\n");
- printf("password2 = ");
- for (i=0; i<8; i++)
- printf("%02x ",k1[i]);
- printf("\n");
- exit(1);
- }
- else
- {
- printf("error %d\n",i);
- exit(0);
- }
-#ifdef LINT
- return(0);
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/rpw.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/rpw.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/rpw.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/rpw.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,94 @@
+/* crypto/des/rpw.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/des.h>
+
+int main(int argc, char *argv[])
+{
+ DES_cblock k, k1;
+ int i;
+
+ printf("read passwd\n");
+ if ((i = des_read_password(&k, "Enter password:", 0)) == 0) {
+ printf("password = ");
+ for (i = 0; i < 8; i++)
+ printf("%02x ", k[i]);
+ } else
+ printf("error %d\n", i);
+ printf("\n");
+ printf("read 2passwds and verify\n");
+ if ((i = des_read_2passwords(&k, &k1,
+ "Enter verified password:", 1)) == 0) {
+ printf("password1 = ");
+ for (i = 0; i < 8; i++)
+ printf("%02x ", k[i]);
+ printf("\n");
+ printf("password2 = ");
+ for (i = 0; i < 8; i++)
+ printf("%02x ", k1[i]);
+ printf("\n");
+ exit(1);
+ } else {
+ printf("error %d\n", i);
+ exit(0);
+ }
+#ifdef LINT
+ return (0);
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/set_key.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/set_key.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/set_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,416 +0,0 @@
-/* crypto/des/set_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* set_key.c v 1.4 eay 24/9/91
- * 1.4 Speed up by 400% :-)
- * 1.3 added register declarations.
- * 1.2 unrolled make_key_sched a bit more
- * 1.1 added norm_expand_bits
- * 1.0 First working version
- */
-#include "des_locl.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */
-
-static const unsigned char odd_parity[256]={
- 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
-112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
-128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
-145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
-161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
-176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
-193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
-208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
-224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
-241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
-
-void DES_set_odd_parity(DES_cblock *key)
- {
- unsigned int i;
-
- for (i=0; i<DES_KEY_SZ; i++)
- (*key)[i]=odd_parity[(*key)[i]];
- }
-
-int DES_check_key_parity(const_DES_cblock *key)
- {
- unsigned int i;
-
- for (i=0; i<DES_KEY_SZ; i++)
- {
- if ((*key)[i] != odd_parity[(*key)[i]])
- return(0);
- }
- return(1);
- }
-
-/* Weak and semi week keys as take from
- * %A D.W. Davies
- * %A W.L. Price
- * %T Security for Computer Networks
- * %I John Wiley & Sons
- * %D 1984
- * Many thanks to smb at ulysses.att.com (Steven Bellovin) for the reference
- * (and actual cblock values).
- */
-#define NUM_WEAK_KEY 16
-static const DES_cblock weak_keys[NUM_WEAK_KEY]={
- /* weak keys */
- {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
- {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
- {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
- {0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
- /* semi-weak keys */
- {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
- {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
- {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
- {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
- {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
- {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
- {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
- {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
- {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
- {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
- {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
- {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
-
-int DES_is_weak_key(const_DES_cblock *key)
- {
- int i;
-
- for (i=0; i<NUM_WEAK_KEY; i++)
- /* Added == 0 to comparison, I obviously don't run
- * this section very often :-(, thanks to
- * engineering at MorningStar.Com for the fix
- * eay 93/06/29
- * Another problem, I was comparing only the first 4
- * bytes, 97/03/18 */
- if (memcmp(weak_keys[i],key,sizeof(DES_cblock)) == 0) return(1);
- return(0);
- }
-
-/* NOW DEFINED IN des_local.h
- * See ecb_encrypt.c for a pseudo description of these macros.
- * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
- * (b)^=(t),\
- * (a)=((a)^((t)<<(n))))
- */
-
-#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
- (a)=(a)^(t)^(t>>(16-(n))))
-
-static const DES_LONG des_skb[8][64]={
- {
- /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
- 0x00000000L,0x00000010L,0x20000000L,0x20000010L,
- 0x00010000L,0x00010010L,0x20010000L,0x20010010L,
- 0x00000800L,0x00000810L,0x20000800L,0x20000810L,
- 0x00010800L,0x00010810L,0x20010800L,0x20010810L,
- 0x00000020L,0x00000030L,0x20000020L,0x20000030L,
- 0x00010020L,0x00010030L,0x20010020L,0x20010030L,
- 0x00000820L,0x00000830L,0x20000820L,0x20000830L,
- 0x00010820L,0x00010830L,0x20010820L,0x20010830L,
- 0x00080000L,0x00080010L,0x20080000L,0x20080010L,
- 0x00090000L,0x00090010L,0x20090000L,0x20090010L,
- 0x00080800L,0x00080810L,0x20080800L,0x20080810L,
- 0x00090800L,0x00090810L,0x20090800L,0x20090810L,
- 0x00080020L,0x00080030L,0x20080020L,0x20080030L,
- 0x00090020L,0x00090030L,0x20090020L,0x20090030L,
- 0x00080820L,0x00080830L,0x20080820L,0x20080830L,
- 0x00090820L,0x00090830L,0x20090820L,0x20090830L,
- },{
- /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
- 0x00000000L,0x02000000L,0x00002000L,0x02002000L,
- 0x00200000L,0x02200000L,0x00202000L,0x02202000L,
- 0x00000004L,0x02000004L,0x00002004L,0x02002004L,
- 0x00200004L,0x02200004L,0x00202004L,0x02202004L,
- 0x00000400L,0x02000400L,0x00002400L,0x02002400L,
- 0x00200400L,0x02200400L,0x00202400L,0x02202400L,
- 0x00000404L,0x02000404L,0x00002404L,0x02002404L,
- 0x00200404L,0x02200404L,0x00202404L,0x02202404L,
- 0x10000000L,0x12000000L,0x10002000L,0x12002000L,
- 0x10200000L,0x12200000L,0x10202000L,0x12202000L,
- 0x10000004L,0x12000004L,0x10002004L,0x12002004L,
- 0x10200004L,0x12200004L,0x10202004L,0x12202004L,
- 0x10000400L,0x12000400L,0x10002400L,0x12002400L,
- 0x10200400L,0x12200400L,0x10202400L,0x12202400L,
- 0x10000404L,0x12000404L,0x10002404L,0x12002404L,
- 0x10200404L,0x12200404L,0x10202404L,0x12202404L,
- },{
- /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
- 0x00000000L,0x00000001L,0x00040000L,0x00040001L,
- 0x01000000L,0x01000001L,0x01040000L,0x01040001L,
- 0x00000002L,0x00000003L,0x00040002L,0x00040003L,
- 0x01000002L,0x01000003L,0x01040002L,0x01040003L,
- 0x00000200L,0x00000201L,0x00040200L,0x00040201L,
- 0x01000200L,0x01000201L,0x01040200L,0x01040201L,
- 0x00000202L,0x00000203L,0x00040202L,0x00040203L,
- 0x01000202L,0x01000203L,0x01040202L,0x01040203L,
- 0x08000000L,0x08000001L,0x08040000L,0x08040001L,
- 0x09000000L,0x09000001L,0x09040000L,0x09040001L,
- 0x08000002L,0x08000003L,0x08040002L,0x08040003L,
- 0x09000002L,0x09000003L,0x09040002L,0x09040003L,
- 0x08000200L,0x08000201L,0x08040200L,0x08040201L,
- 0x09000200L,0x09000201L,0x09040200L,0x09040201L,
- 0x08000202L,0x08000203L,0x08040202L,0x08040203L,
- 0x09000202L,0x09000203L,0x09040202L,0x09040203L,
- },{
- /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
- 0x00000000L,0x00100000L,0x00000100L,0x00100100L,
- 0x00000008L,0x00100008L,0x00000108L,0x00100108L,
- 0x00001000L,0x00101000L,0x00001100L,0x00101100L,
- 0x00001008L,0x00101008L,0x00001108L,0x00101108L,
- 0x04000000L,0x04100000L,0x04000100L,0x04100100L,
- 0x04000008L,0x04100008L,0x04000108L,0x04100108L,
- 0x04001000L,0x04101000L,0x04001100L,0x04101100L,
- 0x04001008L,0x04101008L,0x04001108L,0x04101108L,
- 0x00020000L,0x00120000L,0x00020100L,0x00120100L,
- 0x00020008L,0x00120008L,0x00020108L,0x00120108L,
- 0x00021000L,0x00121000L,0x00021100L,0x00121100L,
- 0x00021008L,0x00121008L,0x00021108L,0x00121108L,
- 0x04020000L,0x04120000L,0x04020100L,0x04120100L,
- 0x04020008L,0x04120008L,0x04020108L,0x04120108L,
- 0x04021000L,0x04121000L,0x04021100L,0x04121100L,
- 0x04021008L,0x04121008L,0x04021108L,0x04121108L,
- },{
- /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
- 0x00000000L,0x10000000L,0x00010000L,0x10010000L,
- 0x00000004L,0x10000004L,0x00010004L,0x10010004L,
- 0x20000000L,0x30000000L,0x20010000L,0x30010000L,
- 0x20000004L,0x30000004L,0x20010004L,0x30010004L,
- 0x00100000L,0x10100000L,0x00110000L,0x10110000L,
- 0x00100004L,0x10100004L,0x00110004L,0x10110004L,
- 0x20100000L,0x30100000L,0x20110000L,0x30110000L,
- 0x20100004L,0x30100004L,0x20110004L,0x30110004L,
- 0x00001000L,0x10001000L,0x00011000L,0x10011000L,
- 0x00001004L,0x10001004L,0x00011004L,0x10011004L,
- 0x20001000L,0x30001000L,0x20011000L,0x30011000L,
- 0x20001004L,0x30001004L,0x20011004L,0x30011004L,
- 0x00101000L,0x10101000L,0x00111000L,0x10111000L,
- 0x00101004L,0x10101004L,0x00111004L,0x10111004L,
- 0x20101000L,0x30101000L,0x20111000L,0x30111000L,
- 0x20101004L,0x30101004L,0x20111004L,0x30111004L,
- },{
- /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
- 0x00000000L,0x08000000L,0x00000008L,0x08000008L,
- 0x00000400L,0x08000400L,0x00000408L,0x08000408L,
- 0x00020000L,0x08020000L,0x00020008L,0x08020008L,
- 0x00020400L,0x08020400L,0x00020408L,0x08020408L,
- 0x00000001L,0x08000001L,0x00000009L,0x08000009L,
- 0x00000401L,0x08000401L,0x00000409L,0x08000409L,
- 0x00020001L,0x08020001L,0x00020009L,0x08020009L,
- 0x00020401L,0x08020401L,0x00020409L,0x08020409L,
- 0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
- 0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
- 0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
- 0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
- 0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
- 0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
- 0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
- 0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
- },{
- /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
- 0x00000000L,0x00000100L,0x00080000L,0x00080100L,
- 0x01000000L,0x01000100L,0x01080000L,0x01080100L,
- 0x00000010L,0x00000110L,0x00080010L,0x00080110L,
- 0x01000010L,0x01000110L,0x01080010L,0x01080110L,
- 0x00200000L,0x00200100L,0x00280000L,0x00280100L,
- 0x01200000L,0x01200100L,0x01280000L,0x01280100L,
- 0x00200010L,0x00200110L,0x00280010L,0x00280110L,
- 0x01200010L,0x01200110L,0x01280010L,0x01280110L,
- 0x00000200L,0x00000300L,0x00080200L,0x00080300L,
- 0x01000200L,0x01000300L,0x01080200L,0x01080300L,
- 0x00000210L,0x00000310L,0x00080210L,0x00080310L,
- 0x01000210L,0x01000310L,0x01080210L,0x01080310L,
- 0x00200200L,0x00200300L,0x00280200L,0x00280300L,
- 0x01200200L,0x01200300L,0x01280200L,0x01280300L,
- 0x00200210L,0x00200310L,0x00280210L,0x00280310L,
- 0x01200210L,0x01200310L,0x01280210L,0x01280310L,
- },{
- /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
- 0x00000000L,0x04000000L,0x00040000L,0x04040000L,
- 0x00000002L,0x04000002L,0x00040002L,0x04040002L,
- 0x00002000L,0x04002000L,0x00042000L,0x04042000L,
- 0x00002002L,0x04002002L,0x00042002L,0x04042002L,
- 0x00000020L,0x04000020L,0x00040020L,0x04040020L,
- 0x00000022L,0x04000022L,0x00040022L,0x04040022L,
- 0x00002020L,0x04002020L,0x00042020L,0x04042020L,
- 0x00002022L,0x04002022L,0x00042022L,0x04042022L,
- 0x00000800L,0x04000800L,0x00040800L,0x04040800L,
- 0x00000802L,0x04000802L,0x00040802L,0x04040802L,
- 0x00002800L,0x04002800L,0x00042800L,0x04042800L,
- 0x00002802L,0x04002802L,0x00042802L,0x04042802L,
- 0x00000820L,0x04000820L,0x00040820L,0x04040820L,
- 0x00000822L,0x04000822L,0x00040822L,0x04040822L,
- 0x00002820L,0x04002820L,0x00042820L,0x04042820L,
- 0x00002822L,0x04002822L,0x00042822L,0x04042822L,
- }};
-
-int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
- {
- if (DES_check_key)
- {
- return DES_set_key_checked(key, schedule);
- }
- else
- {
- DES_set_key_unchecked(key, schedule);
- return 0;
- }
- }
-
-/* return 0 if key parity is odd (correct),
- * return -1 if key parity error,
- * return -2 if illegal weak key.
- */
-int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
- {
- if (!DES_check_key_parity(key))
- return(-1);
- if (DES_is_weak_key(key))
- return(-2);
- DES_set_key_unchecked(key, schedule);
- return 0;
- }
-
-void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
- {
- static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
- register DES_LONG c,d,t,s,t2;
- register const unsigned char *in;
- register DES_LONG *k;
- register int i;
-
-#ifdef OPENBSD_DEV_CRYPTO
- memcpy(schedule->key,key,sizeof schedule->key);
- schedule->session=NULL;
-#endif
- k = &schedule->ks->deslong[0];
- in = &(*key)[0];
-
-#ifdef OPENSSL_FIPS
- FIPS_selftest_check();
-#endif
-
- c2l(in,c);
- c2l(in,d);
-
- /* do PC1 in 47 simple operations :-)
- * Thanks to John Fletcher (john_fletcher at lccmail.ocf.llnl.gov)
- * for the inspiration. :-) */
- PERM_OP (d,c,t,4,0x0f0f0f0fL);
- HPERM_OP(c,t,-2,0xcccc0000L);
- HPERM_OP(d,t,-2,0xcccc0000L);
- PERM_OP (d,c,t,1,0x55555555L);
- PERM_OP (c,d,t,8,0x00ff00ffL);
- PERM_OP (d,c,t,1,0x55555555L);
- d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) |
- ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
- c&=0x0fffffffL;
-
- for (i=0; i<ITERATIONS; i++)
- {
- if (shifts2[i])
- { c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
- else
- { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
- c&=0x0fffffffL;
- d&=0x0fffffffL;
- /* could be a few less shifts but I am to lazy at this
- * point in time to investigate */
- s= des_skb[0][ (c )&0x3f ]|
- des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|
- des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|
- des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |
- ((c>>22L)&0x38)];
- t= des_skb[4][ (d )&0x3f ]|
- des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
- des_skb[6][ (d>>15L)&0x3f ]|
- des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
-
- /* table contained 0213 4657 */
- t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
- *(k++)=ROTATE(t2,30)&0xffffffffL;
-
- t2=((s>>16L)|(t&0xffff0000L));
- *(k++)=ROTATE(t2,26)&0xffffffffL;
- }
- }
-
-int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
- {
- return(DES_set_key(key,schedule));
- }
-/*
-#undef des_fixup_key_parity
-void des_fixup_key_parity(des_cblock *key)
- {
- des_set_odd_parity(key);
- }
-*/
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/set_key.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/set_key.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/set_key.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/set_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,442 @@
+/* crypto/des/set_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*-
+ * set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ */
+#include "des_locl.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key); /* defaults to false */
+
+static const unsigned char odd_parity[256] = {
+ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+ 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110,
+ 110,
+ 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127,
+ 127,
+ 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
+ 143,
+ 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158,
+ 158,
+ 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174,
+ 174,
+ 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191,
+ 191,
+ 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206,
+ 206,
+ 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223,
+ 223,
+ 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239,
+ 239,
+ 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
+ 254
+};
+
+void DES_set_odd_parity(DES_cblock *key)
+{
+ unsigned int i;
+
+ for (i = 0; i < DES_KEY_SZ; i++)
+ (*key)[i] = odd_parity[(*key)[i]];
+}
+
+int DES_check_key_parity(const_DES_cblock *key)
+{
+ unsigned int i;
+
+ for (i = 0; i < DES_KEY_SZ; i++) {
+ if ((*key)[i] != odd_parity[(*key)[i]])
+ return (0);
+ }
+ return (1);
+}
+
+/*-
+ * Weak and semi week keys as take from
+ * %A D.W. Davies
+ * %A W.L. Price
+ * %T Security for Computer Networks
+ * %I John Wiley & Sons
+ * %D 1984
+ * Many thanks to smb at ulysses.att.com (Steven Bellovin) for the reference
+ * (and actual cblock values).
+ */
+#define NUM_WEAK_KEY 16
+static const DES_cblock weak_keys[NUM_WEAK_KEY] = {
+ /* weak keys */
+ {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+ {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
+ {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+ {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
+ /* semi-weak keys */
+ {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
+ {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
+ {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
+ {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
+ {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
+ {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
+ {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
+ {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
+ {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
+ {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
+ {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+ {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}
+};
+
+int DES_is_weak_key(const_DES_cblock *key)
+{
+ int i;
+
+ for (i = 0; i < NUM_WEAK_KEY; i++)
+ /*
+ * Added == 0 to comparison, I obviously don't run this section very
+ * often :-(, thanks to engineering at MorningStar.Com for the fix eay
+ * 93/06/29 Another problem, I was comparing only the first 4 bytes,
+ * 97/03/18
+ */
+ if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
+ return (1);
+ return (0);
+}
+
+/*-
+ * NOW DEFINED IN des_local.h
+ * See ecb_encrypt.c for a pseudo description of these macros.
+ * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ * (b)^=(t),\
+ * (a)=((a)^((t)<<(n))))
+ */
+
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+ (a)=(a)^(t)^(t>>(16-(n))))
+
+static const DES_LONG des_skb[8][64] = {
+ {
+ /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+ 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L,
+ 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L,
+ 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L,
+ 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L,
+ 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
+ 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L,
+ 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L,
+ 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L,
+ 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L,
+ 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
+ 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L,
+ 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L,
+ 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L,
+ 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L,
+ 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
+ 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L,
+ },
+ {
+ /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+ 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L,
+ 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L,
+ 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L,
+ 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L,
+ 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
+ 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L,
+ 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L,
+ 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L,
+ 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L,
+ 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
+ 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L,
+ 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L,
+ 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L,
+ 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L,
+ 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
+ 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L,
+ },
+ {
+ /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+ 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L,
+ 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L,
+ 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L,
+ 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L,
+ 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
+ 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L,
+ 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L,
+ 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L,
+ 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L,
+ 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
+ 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L,
+ 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L,
+ 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L,
+ 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L,
+ 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
+ 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L,
+ },
+ {
+ /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+ 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L,
+ 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L,
+ 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L,
+ 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L,
+ 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
+ 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L,
+ 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L,
+ 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L,
+ 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L,
+ 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
+ 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L,
+ 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L,
+ 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L,
+ 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L,
+ 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
+ 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L,
+ },
+ {
+ /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+ 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L,
+ 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L,
+ 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L,
+ 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L,
+ 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
+ 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L,
+ 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L,
+ 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L,
+ 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L,
+ 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
+ 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L,
+ 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L,
+ 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L,
+ 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L,
+ 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
+ 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L,
+ },
+ {
+ /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+ 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L,
+ 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L,
+ 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L,
+ 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L,
+ 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
+ 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L,
+ 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L,
+ 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L,
+ 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L,
+ 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
+ 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L,
+ 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L,
+ 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L,
+ 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L,
+ 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
+ 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L,
+ },
+ {
+ /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+ 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L,
+ 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L,
+ 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L,
+ 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L,
+ 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
+ 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L,
+ 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L,
+ 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L,
+ 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L,
+ 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
+ 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L,
+ 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L,
+ 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L,
+ 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L,
+ 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
+ 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L,
+ },
+ {
+ /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+ 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L,
+ 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L,
+ 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L,
+ 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L,
+ 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
+ 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L,
+ 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L,
+ 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L,
+ 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L,
+ 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
+ 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L,
+ 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L,
+ 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L,
+ 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L,
+ 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
+ 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L,
+ }
+};
+
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+ if (DES_check_key) {
+ return DES_set_key_checked(key, schedule);
+ } else {
+ DES_set_key_unchecked(key, schedule);
+ return 0;
+ }
+}
+
+/*-
+ * return 0 if key parity is odd (correct),
+ * return -1 if key parity error,
+ * return -2 if illegal weak key.
+ */
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+ if (!DES_check_key_parity(key))
+ return (-1);
+ if (DES_is_weak_key(key))
+ return (-2);
+ DES_set_key_unchecked(key, schedule);
+ return 0;
+}
+
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+ static int shifts2[16] =
+ { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 };
+ register DES_LONG c, d, t, s, t2;
+ register const unsigned char *in;
+ register DES_LONG *k;
+ register int i;
+
+#ifdef OPENBSD_DEV_CRYPTO
+ memcpy(schedule->key, key, sizeof schedule->key);
+ schedule->session = NULL;
+#endif
+ k = &schedule->ks->deslong[0];
+ in = &(*key)[0];
+
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
+
+ c2l(in, c);
+ c2l(in, d);
+
+ /*
+ * do PC1 in 47 simple operations :-) Thanks to John Fletcher
+ * (john_fletcher at lccmail.ocf.llnl.gov) for the inspiration. :-)
+ */
+ PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
+ HPERM_OP(c, t, -2, 0xcccc0000L);
+ HPERM_OP(d, t, -2, 0xcccc0000L);
+ PERM_OP(d, c, t, 1, 0x55555555L);
+ PERM_OP(c, d, t, 8, 0x00ff00ffL);
+ PERM_OP(d, c, t, 1, 0x55555555L);
+ d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
+ ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
+ c &= 0x0fffffffL;
+
+ for (i = 0; i < ITERATIONS; i++) {
+ if (shifts2[i]) {
+ c = ((c >> 2L) | (c << 26L));
+ d = ((d >> 2L) | (d << 26L));
+ } else {
+ c = ((c >> 1L) | (c << 27L));
+ d = ((d >> 1L) | (d << 27L));
+ }
+ c &= 0x0fffffffL;
+ d &= 0x0fffffffL;
+ /*
+ * could be a few less shifts but I am to lazy at this point in time
+ * to investigate
+ */
+ s = des_skb[0][(c) & 0x3f] |
+ des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
+ des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
+ des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
+ ((c >> 22L) & 0x38)];
+ t = des_skb[4][(d) & 0x3f] |
+ des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
+ des_skb[6][(d >> 15L) & 0x3f] |
+ des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
+
+ /* table contained 0213 4657 */
+ t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
+ *(k++) = ROTATE(t2, 30) & 0xffffffffL;
+
+ t2 = ((s >> 16L) | (t & 0xffff0000L));
+ *(k++) = ROTATE(t2, 26) & 0xffffffffL;
+ }
+}
+
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+ return (DES_set_key(key, schedule));
+}
+
+/*-
+#undef des_fixup_key_parity
+void des_fixup_key_parity(des_cblock *key)
+ {
+ des_set_odd_parity(key);
+ }
+*/
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/speed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/speed.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/speed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,314 +0,0 @@
-/* crypto/des/speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#define crypt(c,s) (des_crypt((c),(s)))
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/des.h>
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-#endif
-
-#define BUFSIZE ((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-double Time_F(int s)
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
- }
-
-int main(int argc, char **argv)
- {
- long count;
- static unsigned char buf[BUFSIZE];
- static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
- static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
- static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- DES_key_schedule sch,sch2,sch3;
- double a,b,c,d,e;
-#ifndef SIGALRM
- long ca,cb,cc,cd,ce;
-#endif
-
-#ifndef TIMES
- printf("To get the most accurate results, try to run this\n");
- printf("program when this computer is idle.\n");
-#endif
-
- DES_set_key_unchecked(&key2,&sch2);
- DES_set_key_unchecked(&key3,&sch3);
-
-#ifndef SIGALRM
- printf("First we calculate the approximate speed ...\n");
- DES_set_key_unchecked(&key,&sch);
- count=10;
- do {
- long i;
- DES_LONG data[2];
-
- count*=2;
- Time_F(START);
- for (i=count; i; i--)
- DES_encrypt1(data,&sch,DES_ENCRYPT);
- d=Time_F(STOP);
- } while (d < 3.0);
- ca=count;
- cb=count*3;
- cc=count*3*8/BUFSIZE+1;
- cd=count*8/BUFSIZE+1;
- ce=count/20+1;
- printf("Doing set_key %ld times\n",ca);
-#define COND(d) (count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
- printf("Doing set_key for 10 seconds\n");
- alarm(10);
-#endif
-
- Time_F(START);
- for (count=0,run=1; COND(ca); count++)
- DES_set_key_unchecked(&key,&sch);
- d=Time_F(STOP);
- printf("%ld set_key's in %.2f seconds\n",count,d);
- a=((double)COUNT(ca))/d;
-
-#ifdef SIGALRM
- printf("Doing DES_encrypt's for 10 seconds\n");
- alarm(10);
-#else
- printf("Doing DES_encrypt %ld times\n",cb);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cb); count++)
- {
- DES_LONG data[2];
-
- DES_encrypt1(data,&sch,DES_ENCRYPT);
- }
- d=Time_F(STOP);
- printf("%ld DES_encrypt's in %.2f second\n",count,d);
- b=((double)COUNT(cb)*8)/d;
-
-#ifdef SIGALRM
- printf("Doing DES_cbc_encrypt on %ld byte blocks for 10 seconds\n",
- BUFSIZE);
- alarm(10);
-#else
- printf("Doing DES_cbc_encrypt %ld times on %ld byte blocks\n",cc,
- BUFSIZE);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cc); count++)
- DES_ncbc_encrypt(buf,buf,BUFSIZE,&sch,
- &key,DES_ENCRYPT);
- d=Time_F(STOP);
- printf("%ld DES_cbc_encrypt's of %ld byte blocks in %.2f second\n",
- count,BUFSIZE,d);
- c=((double)COUNT(cc)*BUFSIZE)/d;
-
-#ifdef SIGALRM
- printf("Doing DES_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
- BUFSIZE);
- alarm(10);
-#else
- printf("Doing DES_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
- BUFSIZE);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cd); count++)
- DES_ede3_cbc_encrypt(buf,buf,BUFSIZE,
- &sch,
- &sch2,
- &sch3,
- &key,
- DES_ENCRYPT);
- d=Time_F(STOP);
- printf("%ld DES_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
- count,BUFSIZE,d);
- d=((double)COUNT(cd)*BUFSIZE)/d;
-
-#ifdef SIGALRM
- printf("Doing crypt for 10 seconds\n");
- alarm(10);
-#else
- printf("Doing crypt %ld times\n",ce);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(ce); count++)
- crypt("testing1","ef");
- e=Time_F(STOP);
- printf("%ld crypts in %.2f second\n",count,e);
- e=((double)COUNT(ce))/e;
-
- printf("set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
- printf("DES raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
- printf("DES cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
- printf("DES ede cbc bytes per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
- printf("crypt per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
- exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
- return(0);
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/speed.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/speed.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/speed.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/speed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,299 @@
+/* crypto/des/speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+# define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+# define crypt(c,s) (des_crypt((c),(s)))
+#endif
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+ /*
+ * Depending on the VMS version, the tms structure is perhaps defined.
+ * The __TMS macro will show if it was. If it wasn't defined, we should
+ * undefine TIMES, since that tells the rest of the program how things
+ * should be handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+#ifndef TIMES
+# include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+#include <openssl/des.h>
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run = 0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi) || defined(_AIX)
+# define SIGRETTYPE void
+# else
+# define SIGRETTYPE int
+# endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+{
+ signal(SIGALRM, sig_done);
+ run = 0;
+# ifdef LINT
+ sig = sig;
+# endif
+}
+#endif
+
+#define START 0
+#define STOP 1
+
+double Time_F(int s)
+{
+ double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#endif
+}
+
+int main(int argc, char **argv)
+{
+ long count;
+ static unsigned char buf[BUFSIZE];
+ static DES_cblock key =
+ { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0 };
+ static DES_cblock key2 =
+ { 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12 };
+ static DES_cblock key3 =
+ { 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34 };
+ DES_key_schedule sch, sch2, sch3;
+ double a, b, c, d, e;
+#ifndef SIGALRM
+ long ca, cb, cc, cd, ce;
+#endif
+
+#ifndef TIMES
+ printf("To get the most accurate results, try to run this\n");
+ printf("program when this computer is idle.\n");
+#endif
+
+ DES_set_key_unchecked(&key2, &sch2);
+ DES_set_key_unchecked(&key3, &sch3);
+
+#ifndef SIGALRM
+ printf("First we calculate the approximate speed ...\n");
+ DES_set_key_unchecked(&key, &sch);
+ count = 10;
+ do {
+ long i;
+ DES_LONG data[2];
+
+ count *= 2;
+ Time_F(START);
+ for (i = count; i; i--)
+ DES_encrypt1(data, &sch, DES_ENCRYPT);
+ d = Time_F(STOP);
+ } while (d < 3.0);
+ ca = count;
+ cb = count * 3;
+ cc = count * 3 * 8 / BUFSIZE + 1;
+ cd = count * 8 / BUFSIZE + 1;
+ ce = count / 20 + 1;
+ printf("Doing set_key %ld times\n", ca);
+# define COND(d) (count != (d))
+# define COUNT(d) (d)
+#else
+# define COND(c) (run)
+# define COUNT(d) (count)
+ signal(SIGALRM, sig_done);
+ printf("Doing set_key for 10 seconds\n");
+ alarm(10);
+#endif
+
+ Time_F(START);
+ for (count = 0, run = 1; COND(ca); count++)
+ DES_set_key_unchecked(&key, &sch);
+ d = Time_F(STOP);
+ printf("%ld set_key's in %.2f seconds\n", count, d);
+ a = ((double)COUNT(ca)) / d;
+
+#ifdef SIGALRM
+ printf("Doing DES_encrypt's for 10 seconds\n");
+ alarm(10);
+#else
+ printf("Doing DES_encrypt %ld times\n", cb);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cb); count++) {
+ DES_LONG data[2];
+
+ DES_encrypt1(data, &sch, DES_ENCRYPT);
+ }
+ d = Time_F(STOP);
+ printf("%ld DES_encrypt's in %.2f second\n", count, d);
+ b = ((double)COUNT(cb) * 8) / d;
+
+#ifdef SIGALRM
+ printf("Doing DES_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+ BUFSIZE);
+ alarm(10);
+#else
+ printf("Doing DES_cbc_encrypt %ld times on %ld byte blocks\n", cc,
+ BUFSIZE);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cc); count++)
+ DES_ncbc_encrypt(buf, buf, BUFSIZE, &sch, &key, DES_ENCRYPT);
+ d = Time_F(STOP);
+ printf("%ld DES_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+ count, BUFSIZE, d);
+ c = ((double)COUNT(cc) * BUFSIZE) / d;
+
+#ifdef SIGALRM
+ printf("Doing DES_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+ BUFSIZE);
+ alarm(10);
+#else
+ printf("Doing DES_ede_cbc_encrypt %ld times on %ld byte blocks\n", cd,
+ BUFSIZE);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cd); count++)
+ DES_ede3_cbc_encrypt(buf, buf, BUFSIZE,
+ &sch, &sch2, &sch3, &key, DES_ENCRYPT);
+ d = Time_F(STOP);
+ printf("%ld DES_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+ count, BUFSIZE, d);
+ d = ((double)COUNT(cd) * BUFSIZE) / d;
+
+#ifdef SIGALRM
+ printf("Doing crypt for 10 seconds\n");
+ alarm(10);
+#else
+ printf("Doing crypt %ld times\n", ce);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(ce); count++)
+ crypt("testing1", "ef");
+ e = Time_F(STOP);
+ printf("%ld crypts in %.2f second\n", count, e);
+ e = ((double)COUNT(ce)) / e;
+
+ printf("set_key per sec = %12.2f (%9.3fuS)\n", a, 1.0e6 / a);
+ printf("DES raw ecb bytes per sec = %12.2f (%9.3fuS)\n", b, 8.0e6 / b);
+ printf("DES cbc bytes per sec = %12.2f (%9.3fuS)\n", c, 8.0e6 / c);
+ printf("DES ede cbc bytes per sec = %12.2f (%9.3fuS)\n", d, 8.0e6 / d);
+ printf("crypt per sec = %12.2f (%9.3fuS)\n", e, 1.0e6 / e);
+ exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+ return (0);
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/spr.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/spr.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/spr.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,204 +0,0 @@
-/* crypto/des/spr.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64]={
-{
-/* nibble 0 */
-0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
-0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
-0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
-0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
-0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
-0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
-0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
-0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
-0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
-0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
-0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
-0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
-0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
-0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
-0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
-0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
-},{
-/* nibble 1 */
-0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
-0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
-0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
-0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
-0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
-0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
-0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
-0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
-0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
-0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
-0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
-0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
-0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
-0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
-0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
-0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
-},{
-/* nibble 2 */
-0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
-0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
-0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
-0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
-0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
-0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
-0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
-0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
-0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
-0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
-0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
-0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
-0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
-0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
-0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
-0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
-},{
-/* nibble 3 */
-0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
-0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
-0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
-0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
-0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
-0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
-0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
-0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
-0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
-0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
-0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
-0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
-0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
-0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
-0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
-0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
-},{
-/* nibble 4 */
-0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
-0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
-0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
-0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
-0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
-0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
-0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
-0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
-0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
-0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
-0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
-0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
-0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
-0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
-0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
-0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
-},{
-/* nibble 5 */
-0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
-0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
-0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
-0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
-0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
-0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
-0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
-0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
-0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
-0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
-0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
-0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
-0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
-0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
-0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
-0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
-},{
-/* nibble 6 */
-0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
-0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
-0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
-0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
-0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
-0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
-0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
-0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
-0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
-0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
-0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
-0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
-0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
-0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
-0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
-0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
-},{
-/* nibble 7 */
-0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
-0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
-0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
-0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
-0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
-0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
-0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
-0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
-0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
-0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
-0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
-0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
-0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
-0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
-0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
-0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
-}};
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/spr.h (from rev 6976, vendor-crypto/openssl/dist/crypto/des/spr.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/spr.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/spr.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,212 @@
+/* crypto/des/spr.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = {
+ {
+ /* nibble 0 */
+ 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+ 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+ 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+ 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+ 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+ 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+ 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+ 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+ 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+ 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+ 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+ 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+ 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+ 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+ 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+ 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+ },
+ {
+ /* nibble 1 */
+ 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+ 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+ 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+ 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+ 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+ 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+ 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+ 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+ 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+ 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+ 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+ 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+ 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+ 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+ 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+ 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+ },
+ {
+ /* nibble 2 */
+ 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+ 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+ 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+ 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+ 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+ 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+ 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+ 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+ 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+ 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+ 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+ 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+ 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+ 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+ 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+ 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+ },
+ {
+ /* nibble 3 */
+ 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+ 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+ 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+ 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+ 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+ 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+ 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+ 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+ 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+ 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+ 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+ 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+ 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+ 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+ 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+ 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+ },
+ {
+ /* nibble 4 */
+ 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+ 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+ 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+ 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+ 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+ 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+ 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+ 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+ 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+ 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+ 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+ 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+ 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+ 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+ 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+ 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+ },
+ {
+ /* nibble 5 */
+ 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+ 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+ 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+ 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+ 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+ 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+ 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+ 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+ 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+ 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+ 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+ 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+ 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+ 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+ 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+ 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+ },
+ {
+ /* nibble 6 */
+ 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+ 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+ 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+ 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+ 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+ 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+ 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+ 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+ 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+ 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+ 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+ 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+ 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+ 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+ 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+ 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+ },
+ {
+ /* nibble 7 */
+ 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+ 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+ 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+ 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+ 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+ 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+ 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+ 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+ 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+ 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+ 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+ 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+ 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+ 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+ 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+ 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+ }
+};
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/str2key.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/str2key.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/str2key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,174 +0,0 @@
-/* crypto/des/str2key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-#include <openssl/crypto.h>
-
-void DES_string_to_key(const char *str, DES_cblock *key)
- {
- DES_key_schedule ks;
- int i,length;
- register unsigned char j;
-
- memset(key,0,8);
- length=strlen(str);
-#ifdef OLD_STR_TO_KEY
- for (i=0; i<length; i++)
- (*key)[i%8]^=(str[i]<<1);
-#else /* MIT COMPATIBLE */
- for (i=0; i<length; i++)
- {
- j=str[i];
- if ((i%16) < 8)
- (*key)[i%8]^=(j<<1);
- else
- {
- /* Reverse the bit order 05/05/92 eay */
- j=((j<<4)&0xf0)|((j>>4)&0x0f);
- j=((j<<2)&0xcc)|((j>>2)&0x33);
- j=((j<<1)&0xaa)|((j>>1)&0x55);
- (*key)[7-(i%8)]^=j;
- }
- }
-#endif
- DES_set_odd_parity(key);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
- if(DES_is_weak_key(key))
- (*key)[7] ^= 0xF0;
- DES_set_key(key,&ks);
-#else
- DES_set_key_unchecked(key,&ks);
-#endif
- DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
- OPENSSL_cleanse(&ks,sizeof(ks));
- DES_set_odd_parity(key);
- }
-
-void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
- {
- DES_key_schedule ks;
- int i,length;
- register unsigned char j;
-
- memset(key1,0,8);
- memset(key2,0,8);
- length=strlen(str);
-#ifdef OLD_STR_TO_KEY
- if (length <= 8)
- {
- for (i=0; i<length; i++)
- {
- (*key2)[i]=(*key1)[i]=(str[i]<<1);
- }
- }
- else
- {
- for (i=0; i<length; i++)
- {
- if ((i/8)&1)
- (*key2)[i%8]^=(str[i]<<1);
- else
- (*key1)[i%8]^=(str[i]<<1);
- }
- }
-#else /* MIT COMPATIBLE */
- for (i=0; i<length; i++)
- {
- j=str[i];
- if ((i%32) < 16)
- {
- if ((i%16) < 8)
- (*key1)[i%8]^=(j<<1);
- else
- (*key2)[i%8]^=(j<<1);
- }
- else
- {
- j=((j<<4)&0xf0)|((j>>4)&0x0f);
- j=((j<<2)&0xcc)|((j>>2)&0x33);
- j=((j<<1)&0xaa)|((j>>1)&0x55);
- if ((i%16) < 8)
- (*key1)[7-(i%8)]^=j;
- else
- (*key2)[7-(i%8)]^=j;
- }
- }
- if (length <= 8) memcpy(key2,key1,8);
-#endif
- DES_set_odd_parity(key1);
- DES_set_odd_parity(key2);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
- if(DES_is_weak_key(key1))
- (*key1)[7] ^= 0xF0;
- DES_set_key(key1,&ks);
-#else
- DES_set_key_unchecked(key1,&ks);
-#endif
- DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);
-#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
- if(DES_is_weak_key(key2))
- (*key2)[7] ^= 0xF0;
- DES_set_key(key2,&ks);
-#else
- DES_set_key_unchecked(key2,&ks);
-#endif
- DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
- OPENSSL_cleanse(&ks,sizeof(ks));
- DES_set_odd_parity(key1);
- DES_set_odd_parity(key2);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/str2key.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/str2key.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/str2key.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/str2key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,164 @@
+/* crypto/des/str2key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+#include <openssl/crypto.h>
+
+void DES_string_to_key(const char *str, DES_cblock *key)
+{
+ DES_key_schedule ks;
+ int i, length;
+ register unsigned char j;
+
+ memset(key, 0, 8);
+ length = strlen(str);
+#ifdef OLD_STR_TO_KEY
+ for (i = 0; i < length; i++)
+ (*key)[i % 8] ^= (str[i] << 1);
+#else /* MIT COMPATIBLE */
+ for (i = 0; i < length; i++) {
+ j = str[i];
+ if ((i % 16) < 8)
+ (*key)[i % 8] ^= (j << 1);
+ else {
+ /* Reverse the bit order 05/05/92 eay */
+ j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f);
+ j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33);
+ j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55);
+ (*key)[7 - (i % 8)] ^= j;
+ }
+ }
+#endif
+ DES_set_odd_parity(key);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+ if (DES_is_weak_key(key))
+ (*key)[7] ^= 0xF0;
+ DES_set_key(key, &ks);
+#else
+ DES_set_key_unchecked(key, &ks);
+#endif
+ DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
+ OPENSSL_cleanse(&ks, sizeof(ks));
+ DES_set_odd_parity(key);
+}
+
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
+{
+ DES_key_schedule ks;
+ int i, length;
+ register unsigned char j;
+
+ memset(key1, 0, 8);
+ memset(key2, 0, 8);
+ length = strlen(str);
+#ifdef OLD_STR_TO_KEY
+ if (length <= 8) {
+ for (i = 0; i < length; i++) {
+ (*key2)[i] = (*key1)[i] = (str[i] << 1);
+ }
+ } else {
+ for (i = 0; i < length; i++) {
+ if ((i / 8) & 1)
+ (*key2)[i % 8] ^= (str[i] << 1);
+ else
+ (*key1)[i % 8] ^= (str[i] << 1);
+ }
+ }
+#else /* MIT COMPATIBLE */
+ for (i = 0; i < length; i++) {
+ j = str[i];
+ if ((i % 32) < 16) {
+ if ((i % 16) < 8)
+ (*key1)[i % 8] ^= (j << 1);
+ else
+ (*key2)[i % 8] ^= (j << 1);
+ } else {
+ j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f);
+ j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33);
+ j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55);
+ if ((i % 16) < 8)
+ (*key1)[7 - (i % 8)] ^= j;
+ else
+ (*key2)[7 - (i % 8)] ^= j;
+ }
+ }
+ if (length <= 8)
+ memcpy(key2, key1, 8);
+#endif
+ DES_set_odd_parity(key1);
+ DES_set_odd_parity(key2);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+ if (DES_is_weak_key(key1))
+ (*key1)[7] ^= 0xF0;
+ DES_set_key(key1, &ks);
+#else
+ DES_set_key_unchecked(key1, &ks);
+#endif
+ DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+ if (DES_is_weak_key(key2))
+ (*key2)[7] ^= 0xF0;
+ DES_set_key(key2, &ks);
+#else
+ DES_set_key_unchecked(key2, &ks);
+#endif
+ DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
+ OPENSSL_cleanse(&ks, sizeof(ks));
+ DES_set_odd_parity(key1);
+ DES_set_odd_parity(key2);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/des/xcbc_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/des/xcbc_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/xcbc_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,197 +0,0 @@
-/* crypto/des/xcbc_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-/* RSA's DESX */
-
-#if 0 /* broken code, preserved just in case anyone specifically looks for this */
-static unsigned char desx_white_in2out[256]={
-0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
-0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
-0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36,
-0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C,
-0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60,
-0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA,
-0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E,
-0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF,
-0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6,
-0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3,
-0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C,
-0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2,
-0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5,
-0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5,
-0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F,
-0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,
- };
-
-void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
- DES_cblock *out_white)
- {
- int out0,out1;
- int i;
- const unsigned char *key = &(*des_key)[0];
- const unsigned char *in = &(*in_white)[0];
- unsigned char *out = &(*out_white)[0];
-
- out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0;
- out0=out1=0;
- for (i=0; i<8; i++)
- {
- out[i]=key[i]^desx_white_in2out[out0^out1];
- out0=out1;
- out1=(int)out[i&0x07];
- }
-
- out0=out[0];
- out1=out[i]; /* BUG: out-of-bounds read */
- for (i=0; i<8; i++)
- {
- out[i]=in[i]^desx_white_in2out[out0^out1];
- out0=out1;
- out1=(int)out[i&0x07];
- }
- }
-#endif
-
-void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *schedule,
- DES_cblock *ivec, const_DES_cblock *inw,
- const_DES_cblock *outw, int enc)
- {
- register DES_LONG tin0,tin1;
- register DES_LONG tout0,tout1,xor0,xor1;
- register DES_LONG inW0,inW1,outW0,outW1;
- register const unsigned char *in2;
- register long l=length;
- DES_LONG tin[2];
- unsigned char *iv;
-
- in2 = &(*inw)[0];
- c2l(in2,inW0);
- c2l(in2,inW1);
- in2 = &(*outw)[0];
- c2l(in2,outW0);
- c2l(in2,outW1);
-
- iv = &(*ivec)[0];
-
- if (enc)
- {
- c2l(iv,tout0);
- c2l(iv,tout1);
- for (l-=8; l>=0; l-=8)
- {
- c2l(in,tin0);
- c2l(in,tin1);
- tin0^=tout0^inW0; tin[0]=tin0;
- tin1^=tout1^inW1; tin[1]=tin1;
- DES_encrypt1(tin,schedule,DES_ENCRYPT);
- tout0=tin[0]^outW0; l2c(tout0,out);
- tout1=tin[1]^outW1; l2c(tout1,out);
- }
- if (l != -8)
- {
- c2ln(in,tin0,tin1,l+8);
- tin0^=tout0^inW0; tin[0]=tin0;
- tin1^=tout1^inW1; tin[1]=tin1;
- DES_encrypt1(tin,schedule,DES_ENCRYPT);
- tout0=tin[0]^outW0; l2c(tout0,out);
- tout1=tin[1]^outW1; l2c(tout1,out);
- }
- iv = &(*ivec)[0];
- l2c(tout0,iv);
- l2c(tout1,iv);
- }
- else
- {
- c2l(iv,xor0);
- c2l(iv,xor1);
- for (l-=8; l>0; l-=8)
- {
- c2l(in,tin0); tin[0]=tin0^outW0;
- c2l(in,tin1); tin[1]=tin1^outW1;
- DES_encrypt1(tin,schedule,DES_DECRYPT);
- tout0=tin[0]^xor0^inW0;
- tout1=tin[1]^xor1^inW1;
- l2c(tout0,out);
- l2c(tout1,out);
- xor0=tin0;
- xor1=tin1;
- }
- if (l != -8)
- {
- c2l(in,tin0); tin[0]=tin0^outW0;
- c2l(in,tin1); tin[1]=tin1^outW1;
- DES_encrypt1(tin,schedule,DES_DECRYPT);
- tout0=tin[0]^xor0^inW0;
- tout1=tin[1]^xor1^inW1;
- l2cn(tout0,tout1,out,l+8);
- xor0=tin0;
- xor1=tin1;
- }
-
- iv = &(*ivec)[0];
- l2c(xor0,iv);
- l2c(xor1,iv);
- }
- tin0=tin1=tout0=tout1=xor0=xor1=0;
- inW0=inW1=outW0=outW1=0;
- tin[0]=tin[1]=0;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/des/xcbc_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/des/xcbc_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/des/xcbc_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/des/xcbc_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,216 @@
+/* crypto/des/xcbc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "des_locl.h"
+
+/* RSA's DESX */
+
+#if 0 /* broken code, preserved just in case anyone
+ * specifically looks for this */
+static unsigned char desx_white_in2out[256] = {
+ 0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C,
+ 0x1B, 0x33, 0xFD, 0xD0,
+ 0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B, 0xF7, 0xCB, 0x45, 0x9B,
+ 0x31, 0xBB, 0x21, 0x5A,
+ 0x41, 0x9F, 0xE1, 0xD9, 0x4A, 0x4D, 0x9E, 0xDA, 0xA0, 0x68, 0x2C, 0xC3,
+ 0x27, 0x5F, 0x80, 0x36,
+ 0x3E, 0xEE, 0xFB, 0x95, 0x1A, 0xFE, 0xCE, 0xA8, 0x34, 0xA9, 0x13, 0xF0,
+ 0xA6, 0x3F, 0xD8, 0x0C,
+ 0x78, 0x24, 0xAF, 0x23, 0x52, 0xC1, 0x67, 0x17, 0xF5, 0x66, 0x90, 0xE7,
+ 0xE8, 0x07, 0xB8, 0x60,
+ 0x48, 0xE6, 0x1E, 0x53, 0xF3, 0x92, 0xA4, 0x72, 0x8C, 0x08, 0x15, 0x6E,
+ 0x86, 0x00, 0x84, 0xFA,
+ 0xF4, 0x7F, 0x8A, 0x42, 0x19, 0xF6, 0xDB, 0xCD, 0x14, 0x8D, 0x50, 0x12,
+ 0xBA, 0x3C, 0x06, 0x4E,
+ 0xEC, 0xB3, 0x35, 0x11, 0xA1, 0x88, 0x8E, 0x2B, 0x94, 0x99, 0xB7, 0x71,
+ 0x74, 0xD3, 0xE4, 0xBF,
+ 0x3A, 0xDE, 0x96, 0x0E, 0xBC, 0x0A, 0xED, 0x77, 0xFC, 0x37, 0x6B, 0x03,
+ 0x79, 0x89, 0x62, 0xC6,
+ 0xD7, 0xC0, 0xD2, 0x7C, 0x6A, 0x8B, 0x22, 0xA3, 0x5B, 0x05, 0x5D, 0x02,
+ 0x75, 0xD5, 0x61, 0xE3,
+ 0x18, 0x8F, 0x55, 0x51, 0xAD, 0x1F, 0x0B, 0x5E, 0x85, 0xE5, 0xC2, 0x57,
+ 0x63, 0xCA, 0x3D, 0x6C,
+ 0xB4, 0xC5, 0xCC, 0x70, 0xB2, 0x91, 0x59, 0x0D, 0x47, 0x20, 0xC8, 0x4F,
+ 0x58, 0xE0, 0x01, 0xE2,
+ 0x16, 0x38, 0xC4, 0x6F, 0x3B, 0x0F, 0x65, 0x46, 0xBE, 0x7E, 0x2D, 0x7B,
+ 0x82, 0xF9, 0x40, 0xB5,
+ 0x1D, 0x73, 0xF8, 0xEB, 0x26, 0xC7, 0x87, 0x97, 0x25, 0x54, 0xB1, 0x28,
+ 0xAA, 0x98, 0x9D, 0xA5,
+ 0x64, 0x6D, 0x7A, 0xD4, 0x10, 0x81, 0x44, 0xEF, 0x49, 0xD6, 0xAE, 0x2E,
+ 0xDD, 0x76, 0x5C, 0x2F,
+ 0xA7, 0x1C, 0xC9, 0x09, 0x69, 0x9A, 0x83, 0xCF, 0x29, 0x39, 0xB9, 0xE9,
+ 0x4C, 0xFF, 0x43, 0xAB,
+};
+
+void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
+ DES_cblock *out_white)
+{
+ int out0, out1;
+ int i;
+ const unsigned char *key = &(*des_key)[0];
+ const unsigned char *in = &(*in_white)[0];
+ unsigned char *out = &(*out_white)[0];
+
+ out[0] = out[1] = out[2] = out[3] = out[4] = out[5] = out[6] = out[7] = 0;
+ out0 = out1 = 0;
+ for (i = 0; i < 8; i++) {
+ out[i] = key[i] ^ desx_white_in2out[out0 ^ out1];
+ out0 = out1;
+ out1 = (int)out[i & 0x07];
+ }
+
+ out0 = out[0];
+ out1 = out[i]; /* BUG: out-of-bounds read */
+ for (i = 0; i < 8; i++) {
+ out[i] = in[i] ^ desx_white_in2out[out0 ^ out1];
+ out0 = out1;
+ out1 = (int)out[i & 0x07];
+ }
+}
+#endif
+
+void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
+ long length, DES_key_schedule *schedule,
+ DES_cblock *ivec, const_DES_cblock *inw,
+ const_DES_cblock *outw, int enc)
+{
+ register DES_LONG tin0, tin1;
+ register DES_LONG tout0, tout1, xor0, xor1;
+ register DES_LONG inW0, inW1, outW0, outW1;
+ register const unsigned char *in2;
+ register long l = length;
+ DES_LONG tin[2];
+ unsigned char *iv;
+
+ in2 = &(*inw)[0];
+ c2l(in2, inW0);
+ c2l(in2, inW1);
+ in2 = &(*outw)[0];
+ c2l(in2, outW0);
+ c2l(in2, outW1);
+
+ iv = &(*ivec)[0];
+
+ if (enc) {
+ c2l(iv, tout0);
+ c2l(iv, tout1);
+ for (l -= 8; l >= 0; l -= 8) {
+ c2l(in, tin0);
+ c2l(in, tin1);
+ tin0 ^= tout0 ^ inW0;
+ tin[0] = tin0;
+ tin1 ^= tout1 ^ inW1;
+ tin[1] = tin1;
+ DES_encrypt1(tin, schedule, DES_ENCRYPT);
+ tout0 = tin[0] ^ outW0;
+ l2c(tout0, out);
+ tout1 = tin[1] ^ outW1;
+ l2c(tout1, out);
+ }
+ if (l != -8) {
+ c2ln(in, tin0, tin1, l + 8);
+ tin0 ^= tout0 ^ inW0;
+ tin[0] = tin0;
+ tin1 ^= tout1 ^ inW1;
+ tin[1] = tin1;
+ DES_encrypt1(tin, schedule, DES_ENCRYPT);
+ tout0 = tin[0] ^ outW0;
+ l2c(tout0, out);
+ tout1 = tin[1] ^ outW1;
+ l2c(tout1, out);
+ }
+ iv = &(*ivec)[0];
+ l2c(tout0, iv);
+ l2c(tout1, iv);
+ } else {
+ c2l(iv, xor0);
+ c2l(iv, xor1);
+ for (l -= 8; l > 0; l -= 8) {
+ c2l(in, tin0);
+ tin[0] = tin0 ^ outW0;
+ c2l(in, tin1);
+ tin[1] = tin1 ^ outW1;
+ DES_encrypt1(tin, schedule, DES_DECRYPT);
+ tout0 = tin[0] ^ xor0 ^ inW0;
+ tout1 = tin[1] ^ xor1 ^ inW1;
+ l2c(tout0, out);
+ l2c(tout1, out);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ if (l != -8) {
+ c2l(in, tin0);
+ tin[0] = tin0 ^ outW0;
+ c2l(in, tin1);
+ tin[1] = tin1 ^ outW1;
+ DES_encrypt1(tin, schedule, DES_DECRYPT);
+ tout0 = tin[0] ^ xor0 ^ inW0;
+ tout1 = tin[1] ^ xor1 ^ inW1;
+ l2cn(tout0, tout1, out, l + 8);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+
+ iv = &(*ivec)[0];
+ l2c(xor0, iv);
+ l2c(xor1, iv);
+ }
+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+ inW0 = inW1 = outW0 = outW1 = 0;
+ tin[0] = tin[1] = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/dh/dh.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,245 +0,0 @@
-/* crypto/dh/dh.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_DH_H
-#define HEADER_DH_H
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_DH
-#error DH is disabled.
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifndef OPENSSL_DH_MAX_MODULUS_BITS
-# define OPENSSL_DH_MAX_MODULUS_BITS 10000
-#endif
-
-#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
-
-#define DH_FLAG_CACHE_MONT_P 0x01
-#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
- * implementation now uses constant time
- * modular exponentiation for secret exponents
- * by default. This flag causes the
- * faster variable sliding window method to
- * be used for all exponents.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct dh_st DH; */
-/* typedef struct dh_method DH_METHOD; */
-
-struct dh_method
- {
- const char *name;
- /* Methods here */
- int (*generate_key)(DH *dh);
- int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
- int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx); /* Can be null */
-
- int (*init)(DH *dh);
- int (*finish)(DH *dh);
- int flags;
- char *app_data;
- /* If this is non-NULL, it will be used to generate parameters */
- int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
- };
-
-struct dh_st
- {
- /* This first argument is used to pick up errors when
- * a DH is passed instead of a EVP_PKEY */
- int pad;
- int version;
- BIGNUM *p;
- BIGNUM *g;
- long length; /* optional */
- BIGNUM *pub_key; /* g^x */
- BIGNUM *priv_key; /* x */
-
- int flags;
- BN_MONT_CTX *method_mont_p;
- /* Place holders if we want to do X9.42 DH */
- BIGNUM *q;
- BIGNUM *j;
- unsigned char *seed;
- int seedlen;
- BIGNUM *counter;
-
- int references;
- CRYPTO_EX_DATA ex_data;
- const DH_METHOD *meth;
- ENGINE *engine;
- };
-
-#define DH_GENERATOR_2 2
-/* #define DH_GENERATOR_3 3 */
-#define DH_GENERATOR_5 5
-
-/* DH_check error codes */
-#define DH_CHECK_P_NOT_PRIME 0x01
-#define DH_CHECK_P_NOT_SAFE_PRIME 0x02
-#define DH_UNABLE_TO_CHECK_GENERATOR 0x04
-#define DH_NOT_SUITABLE_GENERATOR 0x08
-
-/* DH_check_pub_key error codes */
-#define DH_CHECK_PUBKEY_TOO_SMALL 0x01
-#define DH_CHECK_PUBKEY_TOO_LARGE 0x02
-
-/* primes p where (p-1)/2 is prime too are called "safe"; we define
- this for backward compatibility: */
-#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
-
-#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x)
-#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
- (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
-#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
- (unsigned char *)(x))
-#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
-
-const DH_METHOD *DH_OpenSSL(void);
-
-#ifdef OPENSSL_FIPS
-DH * FIPS_dh_new(void);
-void FIPS_dh_free(DH *dh);
-#endif
-
-void DH_set_default_method(const DH_METHOD *meth);
-const DH_METHOD *DH_get_default_method(void);
-int DH_set_method(DH *dh, const DH_METHOD *meth);
-DH *DH_new_method(ENGINE *engine);
-
-DH * DH_new(void);
-void DH_free(DH *dh);
-int DH_up_ref(DH *dh);
-int DH_size(const DH *dh);
-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int DH_set_ex_data(DH *d, int idx, void *arg);
-void *DH_get_ex_data(DH *d, int idx);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-DH * DH_generate_parameters(int prime_len,int generator,
- void (*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
-
-int DH_check(const DH *dh,int *codes);
-int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
-int DH_generate_key(DH *dh);
-int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-DH * d2i_DHparams(DH **a,const unsigned char **pp, long length);
-int i2d_DHparams(const DH *a,unsigned char **pp);
-#ifndef OPENSSL_NO_FP_API
-int DHparams_print_fp(FILE *fp, const DH *x);
-#endif
-#ifndef OPENSSL_NO_BIO
-int DHparams_print(BIO *bp, const DH *x);
-#else
-int DHparams_print(char *bp, const DH *x);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DH_strings(void);
-
-/* Error codes for the DH functions. */
-
-/* Function codes. */
-#define DH_F_COMPUTE_KEY 102
-#define DH_F_DHPARAMS_PRINT 100
-#define DH_F_DHPARAMS_PRINT_FP 101
-#define DH_F_DH_BUILTIN_GENPARAMS 106
-#define DH_F_DH_COMPUTE_KEY 107
-#define DH_F_DH_GENERATE_KEY 108
-#define DH_F_DH_GENERATE_PARAMETERS 109
-#define DH_F_DH_NEW_METHOD 105
-#define DH_F_GENERATE_KEY 103
-#define DH_F_GENERATE_PARAMETERS 104
-
-/* Reason codes. */
-#define DH_R_BAD_GENERATOR 101
-#define DH_R_INVALID_PUBKEY 102
-#define DH_R_KEY_SIZE_TOO_SMALL 104
-#define DH_R_MODULUS_TOO_LARGE 103
-#define DH_R_NO_PRIVATE_VALUE 100
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh.h (from rev 6976, vendor-crypto/openssl/dist/crypto/dh/dh.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dh/dh.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,251 @@
+/* crypto/dh/dh.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_DH_H
+# define HEADER_DH_H
+
+# include <openssl/e_os2.h>
+
+# ifdef OPENSSL_NO_DH
+# error DH is disabled.
+# endif
+
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+# include <openssl/ossl_typ.h>
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/bn.h>
+# endif
+
+# ifndef OPENSSL_DH_MAX_MODULUS_BITS
+# define OPENSSL_DH_MAX_MODULUS_BITS 10000
+# endif
+
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+
+# define DH_FLAG_CACHE_MONT_P 0x01
+
+/*
+ * new with 0.9.7h; the built-in DH
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
+# define DH_FLAG_NO_EXP_CONSTTIME 0x02
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dh_st DH; */
+/* typedef struct dh_method DH_METHOD; */
+
+struct dh_method {
+ const char *name;
+ /* Methods here */
+ int (*generate_key) (DH *dh);
+ int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+ /* Can be null */
+ int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+ int (*init) (DH *dh);
+ int (*finish) (DH *dh);
+ int flags;
+ char *app_data;
+ /* If this is non-NULL, it will be used to generate parameters */
+ int (*generate_params) (DH *dh, int prime_len, int generator,
+ BN_GENCB *cb);
+};
+
+struct dh_st {
+ /*
+ * This first argument is used to pick up errors when a DH is passed
+ * instead of a EVP_PKEY
+ */
+ int pad;
+ int version;
+ BIGNUM *p;
+ BIGNUM *g;
+ long length; /* optional */
+ BIGNUM *pub_key; /* g^x */
+ BIGNUM *priv_key; /* x */
+ int flags;
+ BN_MONT_CTX *method_mont_p;
+ /* Place holders if we want to do X9.42 DH */
+ BIGNUM *q;
+ BIGNUM *j;
+ unsigned char *seed;
+ int seedlen;
+ BIGNUM *counter;
+ int references;
+ CRYPTO_EX_DATA ex_data;
+ const DH_METHOD *meth;
+ ENGINE *engine;
+};
+
+# define DH_GENERATOR_2 2
+/* #define DH_GENERATOR_3 3 */
+# define DH_GENERATOR_5 5
+
+/* DH_check error codes */
+# define DH_CHECK_P_NOT_PRIME 0x01
+# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
+# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
+# define DH_NOT_SUITABLE_GENERATOR 0x08
+
+/* DH_check_pub_key error codes */
+# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
+# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
+
+/*
+ * primes p where (p-1)/2 is prime too are called "safe"; we define this for
+ * backward compatibility:
+ */
+# define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME
+
+# define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x)
+# define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+ (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
+# define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
+ (unsigned char *)(x))
+# define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
+# define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
+
+const DH_METHOD *DH_OpenSSL(void);
+
+# ifdef OPENSSL_FIPS
+DH *FIPS_dh_new(void);
+void FIPS_dh_free(DH *dh);
+# endif
+
+void DH_set_default_method(const DH_METHOD *meth);
+const DH_METHOD *DH_get_default_method(void);
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
+
+DH *DH_new(void);
+void DH_free(DH *dh);
+int DH_up_ref(DH *dh);
+int DH_size(const DH *dh);
+int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int DH_set_ex_data(DH *d, int idx, void *arg);
+void *DH_get_ex_data(DH *d, int idx);
+
+/* Deprecated version */
+# ifndef OPENSSL_NO_DEPRECATED
+DH *DH_generate_parameters(int prime_len, int generator,
+ void (*callback) (int, int, void *), void *cb_arg);
+# endif /* !defined(OPENSSL_NO_DEPRECATED) */
+
+/* New version */
+int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
+ BN_GENCB *cb);
+
+int DH_check(const DH *dh, int *codes);
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
+int DH_generate_key(DH *dh);
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHparams(const DH *a, unsigned char **pp);
+# ifndef OPENSSL_NO_FP_API
+int DHparams_print_fp(FILE *fp, const DH *x);
+# endif
+# ifndef OPENSSL_NO_BIO
+int DHparams_print(BIO *bp, const DH *x);
+# else
+int DHparams_print(char *bp, const DH *x);
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_DH_strings(void);
+
+/* Error codes for the DH functions. */
+
+/* Function codes. */
+# define DH_F_COMPUTE_KEY 102
+# define DH_F_DHPARAMS_PRINT 100
+# define DH_F_DHPARAMS_PRINT_FP 101
+# define DH_F_DH_BUILTIN_GENPARAMS 106
+# define DH_F_DH_COMPUTE_KEY 107
+# define DH_F_DH_GENERATE_KEY 108
+# define DH_F_DH_GENERATE_PARAMETERS 109
+# define DH_F_DH_NEW_METHOD 105
+# define DH_F_GENERATE_KEY 103
+# define DH_F_GENERATE_PARAMETERS 104
+
+/* Reason codes. */
+# define DH_R_BAD_GENERATOR 101
+# define DH_R_INVALID_PUBKEY 102
+# define DH_R_KEY_SIZE_TOO_SMALL 104
+# define DH_R_MODULUS_TOO_LARGE 103
+# define DH_R_NO_PRIVATE_VALUE 100
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_asn1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dh/dh_asn1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,87 +0,0 @@
-/* dh_asn1.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/objects.h>
-#include <openssl/asn1t.h>
-
-/* Override the default free and new methods */
-static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- if(operation == ASN1_OP_NEW_PRE) {
- *pval = (ASN1_VALUE *)DH_new();
- if(*pval) return 2;
- return 0;
- } else if(operation == ASN1_OP_FREE_PRE) {
- DH_free((DH *)*pval);
- *pval = NULL;
- return 2;
- }
- return 1;
-}
-
-ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
- ASN1_SIMPLE(DH, p, BIGNUM),
- ASN1_SIMPLE(DH, g, BIGNUM),
- ASN1_OPT(DH, length, ZLONG),
-} ASN1_SEQUENCE_END_cb(DH, DHparams)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_asn1.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dh/dh_asn1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_asn1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,89 @@
+/* dh_asn1.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+
+/* Override the default free and new methods */
+static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if (operation == ASN1_OP_NEW_PRE) {
+ *pval = (ASN1_VALUE *)DH_new();
+ if (*pval)
+ return 2;
+ return 0;
+ } else if (operation == ASN1_OP_FREE_PRE) {
+ DH_free((DH *)*pval);
+ *pval = NULL;
+ return 2;
+ }
+ return 1;
+}
+
+ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
+ ASN1_SIMPLE(DH, p, BIGNUM),
+ ASN1_SIMPLE(DH, g, BIGNUM),
+ ASN1_OPT(DH, length, ZLONG),
+} ASN1_SEQUENCE_END_cb(DH, DHparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_check.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dh/dh_check.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_check.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,146 +0,0 @@
-/* crypto/dh/dh_check.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-/* Check that p is a safe prime and
- * if g is 2, 3 or 5, check that it is a suitable generator
- * where
- * for 2, p mod 24 == 11
- * for 3, p mod 12 == 5
- * for 5, p mod 10 == 3 or 7
- * should hold.
- */
-
-#ifndef OPENSSL_FIPS
-
-int DH_check(const DH *dh, int *ret)
- {
- int ok=0;
- BN_CTX *ctx=NULL;
- BN_ULONG l;
- BIGNUM *q=NULL;
-
- *ret=0;
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
- q=BN_new();
- if (q == NULL) goto err;
-
- if (BN_is_word(dh->g,DH_GENERATOR_2))
- {
- l=BN_mod_word(dh->p,24);
- if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
-#if 0
- else if (BN_is_word(dh->g,DH_GENERATOR_3))
- {
- l=BN_mod_word(dh->p,12);
- if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
-#endif
- else if (BN_is_word(dh->g,DH_GENERATOR_5))
- {
- l=BN_mod_word(dh->p,10);
- if ((l != 3) && (l != 7))
- *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
- else
- *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
-
- if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
- *ret|=DH_CHECK_P_NOT_PRIME;
- else
- {
- if (!BN_rshift1(q,dh->p)) goto err;
- if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
- *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
- }
- ok=1;
-err:
- if (ctx != NULL) BN_CTX_free(ctx);
- if (q != NULL) BN_free(q);
- return(ok);
- }
-
-int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
- {
- int ok=0;
- BIGNUM *q=NULL;
-
- *ret=0;
- q=BN_new();
- if (q == NULL) goto err;
- BN_set_word(q,1);
- if (BN_cmp(pub_key,q) <= 0)
- *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
- BN_copy(q,dh->p);
- BN_sub_word(q,1);
- if (BN_cmp(pub_key,q) >= 0)
- *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
-
- ok = 1;
-err:
- if (q != NULL) BN_free(q);
- return(ok);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_check.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dh/dh_check.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_check.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_check.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,151 @@
+/* crypto/dh/dh_check.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+/*-
+ * Check that p is a safe prime and
+ * if g is 2, 3 or 5, check that it is a suitable generator
+ * where
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5
+ * for 5, p mod 10 == 3 or 7
+ * should hold.
+ */
+
+#ifndef OPENSSL_FIPS
+
+int DH_check(const DH *dh, int *ret)
+{
+ int ok = 0;
+ BN_CTX *ctx = NULL;
+ BN_ULONG l;
+ BIGNUM *q = NULL;
+
+ *ret = 0;
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ q = BN_new();
+ if (q == NULL)
+ goto err;
+
+ if (BN_is_word(dh->g, DH_GENERATOR_2)) {
+ l = BN_mod_word(dh->p, 24);
+ if (l != 11)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ }
+# if 0
+ else if (BN_is_word(dh->g, DH_GENERATOR_3)) {
+ l = BN_mod_word(dh->p, 12);
+ if (l != 5)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ }
+# endif
+ else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
+ l = BN_mod_word(dh->p, 10);
+ if ((l != 3) && (l != 7))
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ } else
+ *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
+
+ if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
+ *ret |= DH_CHECK_P_NOT_PRIME;
+ else {
+ if (!BN_rshift1(q, dh->p))
+ goto err;
+ if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL))
+ *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
+ }
+ ok = 1;
+ err:
+ if (ctx != NULL)
+ BN_CTX_free(ctx);
+ if (q != NULL)
+ BN_free(q);
+ return (ok);
+}
+
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+{
+ int ok = 0;
+ BIGNUM *q = NULL;
+
+ *ret = 0;
+ q = BN_new();
+ if (q == NULL)
+ goto err;
+ BN_set_word(q, 1);
+ if (BN_cmp(pub_key, q) <= 0)
+ *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
+ BN_copy(q, dh->p);
+ BN_sub_word(q, 1);
+ if (BN_cmp(pub_key, q) >= 0)
+ *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
+
+ ok = 1;
+ err:
+ if (q != NULL)
+ BN_free(q);
+ return (ok);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_depr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dh/dh_depr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_depr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,83 +0,0 @@
-/* crypto/dh/dh_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-/* This file contains deprecated functions as wrappers to the new ones */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-static void *dummy=&dummy;
-
-#ifndef OPENSSL_NO_DEPRECATED
-DH *DH_generate_parameters(int prime_len, int generator,
- void (*callback)(int,int,void *), void *cb_arg)
- {
- BN_GENCB cb;
- DH *ret=NULL;
-
- if((ret=DH_new()) == NULL)
- return NULL;
-
- BN_GENCB_set_old(&cb, callback, cb_arg);
-
- if(DH_generate_parameters_ex(ret, prime_len, generator, &cb))
- return ret;
- DH_free(ret);
- return NULL;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_depr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dh/dh_depr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_depr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_depr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,82 @@
+/* crypto/dh/dh_depr.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* This file contains deprecated functions as wrappers to the new ones */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+static void *dummy = &dummy;
+
+#ifndef OPENSSL_NO_DEPRECATED
+DH *DH_generate_parameters(int prime_len, int generator,
+ void (*callback) (int, int, void *), void *cb_arg)
+{
+ BN_GENCB cb;
+ DH *ret = NULL;
+
+ if ((ret = DH_new()) == NULL)
+ return NULL;
+
+ BN_GENCB_set_old(&cb, callback, cb_arg);
+
+ if (DH_generate_parameters_ex(ret, prime_len, generator, &cb))
+ return ret;
+ DH_free(ret);
+ return NULL;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dh/dh_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,108 +0,0 @@
-/* crypto/dh/dh_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/dh.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
-
-static ERR_STRING_DATA DH_str_functs[]=
- {
-{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
-{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
-{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
-{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
-{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
-{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
-{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
-{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA DH_str_reasons[]=
- {
-{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
-{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
-{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
-{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
-{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_DH_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(DH_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,DH_str_functs);
- ERR_load_strings(0,DH_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dh/dh_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,106 @@
+/* crypto/dh/dh_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/dh.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
+
+static ERR_STRING_DATA DH_str_functs[] = {
+ {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
+ {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
+ {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
+ {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
+ {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
+ {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
+ {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
+ {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
+ {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
+ {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA DH_str_reasons[] = {
+ {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"},
+ {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"},
+ {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+ {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+ {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_DH_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(DH_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, DH_str_functs);
+ ERR_load_strings(0, DH_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_gen.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dh/dh_gen.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,179 +0,0 @@
-/* crypto/dh/dh_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* NB: These functions have been upgraded - the previous prototypes are in
- * dh_depr.c as wrappers to these ones.
- * - Geoff
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-#ifndef OPENSSL_FIPS
-
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
-
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
- {
- if(ret->meth->generate_params)
- return ret->meth->generate_params(ret, prime_len, generator, cb);
- return dh_builtin_genparams(ret, prime_len, generator, cb);
- }
-
-/* We generate DH parameters as follows
- * find a prime q which is prime_len/2 bits long.
- * p=(2*q)+1 or (p-1)/2 = q
- * For this case, g is a generator if
- * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
- * Since the factors of p-1 are q and 2, we just need to check
- * g^2 mod p != 1 and g^q mod p != 1.
- *
- * Having said all that,
- * there is another special case method for the generators 2, 3 and 5.
- * for 2, p mod 24 == 11
- * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
- * for 5, p mod 10 == 3 or 7
- *
- * Thanks to Phil Karn <karn at qualcomm.com> for the pointers about the
- * special generators and for answering some of my questions.
- *
- * I've implemented the second simple method :-).
- * Since DH should be using a safe prime (both p and q are prime),
- * this generator function can take a very very long time to run.
- */
-/* Actually there is no reason to insist that 'generator' be a generator.
- * It's just as OK (and in some sense better) to use a generator of the
- * order-q subgroup.
- */
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
- {
- BIGNUM *t1,*t2;
- int g,ok= -1;
- BN_CTX *ctx=NULL;
-
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- t1 = BN_CTX_get(ctx);
- t2 = BN_CTX_get(ctx);
- if (t1 == NULL || t2 == NULL) goto err;
-
- /* Make sure 'ret' has the necessary elements */
- if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
- if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
-
- if (generator <= 1)
- {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
- goto err;
- }
- if (generator == DH_GENERATOR_2)
- {
- if (!BN_set_word(t1,24)) goto err;
- if (!BN_set_word(t2,11)) goto err;
- g=2;
- }
-#if 0 /* does not work for safe primes */
- else if (generator == DH_GENERATOR_3)
- {
- if (!BN_set_word(t1,12)) goto err;
- if (!BN_set_word(t2,5)) goto err;
- g=3;
- }
-#endif
- else if (generator == DH_GENERATOR_5)
- {
- if (!BN_set_word(t1,10)) goto err;
- if (!BN_set_word(t2,3)) goto err;
- /* BN_set_word(t3,7); just have to miss
- * out on these ones :-( */
- g=5;
- }
- else
- {
- /* in the general case, don't worry if 'generator' is a
- * generator or not: since we are using safe primes,
- * it will generate either an order-q or an order-2q group,
- * which both is OK */
- if (!BN_set_word(t1,2)) goto err;
- if (!BN_set_word(t2,1)) goto err;
- g=generator;
- }
-
- if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
- if(!BN_GENCB_call(cb, 3, 0)) goto err;
- if (!BN_set_word(ret->g,g)) goto err;
- ok=1;
-err:
- if (ok == -1)
- {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
- ok=0;
- }
-
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return ok;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_gen.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dh/dh_gen.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_gen.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,193 @@
+/* crypto/dh/dh_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones. - Geoff
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+#ifndef OPENSSL_FIPS
+
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb);
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb)
+{
+ if (ret->meth->generate_params)
+ return ret->meth->generate_params(ret, prime_len, generator, cb);
+ return dh_builtin_genparams(ret, prime_len, generator, cb);
+}
+
+/*-
+ * We generate DH parameters as follows
+ * find a prime q which is prime_len/2 bits long.
+ * p=(2*q)+1 or (p-1)/2 = q
+ * For this case, g is a generator if
+ * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
+ * Since the factors of p-1 are q and 2, we just need to check
+ * g^2 mod p != 1 and g^q mod p != 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
+ * for 5, p mod 10 == 3 or 7
+ *
+ * Thanks to Phil Karn <karn at qualcomm.com> for the pointers about the
+ * special generators and for answering some of my questions.
+ *
+ * I've implemented the second simple method :-).
+ * Since DH should be using a safe prime (both p and q are prime),
+ * this generator function can take a very very long time to run.
+ */
+/*
+ * Actually there is no reason to insist that 'generator' be a generator.
+ * It's just as OK (and in some sense better) to use a generator of the
+ * order-q subgroup.
+ */
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb)
+{
+ BIGNUM *t1, *t2;
+ int g, ok = -1;
+ BN_CTX *ctx = NULL;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ t2 = BN_CTX_get(ctx);
+ if (t1 == NULL || t2 == NULL)
+ goto err;
+
+ /* Make sure 'ret' has the necessary elements */
+ if (!ret->p && ((ret->p = BN_new()) == NULL))
+ goto err;
+ if (!ret->g && ((ret->g = BN_new()) == NULL))
+ goto err;
+
+ if (generator <= 1) {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
+ goto err;
+ }
+ if (generator == DH_GENERATOR_2) {
+ if (!BN_set_word(t1, 24))
+ goto err;
+ if (!BN_set_word(t2, 11))
+ goto err;
+ g = 2;
+ }
+# if 0 /* does not work for safe primes */
+ else if (generator == DH_GENERATOR_3) {
+ if (!BN_set_word(t1, 12))
+ goto err;
+ if (!BN_set_word(t2, 5))
+ goto err;
+ g = 3;
+ }
+# endif
+ else if (generator == DH_GENERATOR_5) {
+ if (!BN_set_word(t1, 10))
+ goto err;
+ if (!BN_set_word(t2, 3))
+ goto err;
+ /*
+ * BN_set_word(t3,7); just have to miss out on these ones :-(
+ */
+ g = 5;
+ } else {
+ /*
+ * in the general case, don't worry if 'generator' is a generator or
+ * not: since we are using safe primes, it will generate either an
+ * order-q or an order-2q group, which both is OK
+ */
+ if (!BN_set_word(t1, 2))
+ goto err;
+ if (!BN_set_word(t2, 1))
+ goto err;
+ g = generator;
+ }
+
+ if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
+ goto err;
+ if (!BN_GENCB_call(cb, 3, 0))
+ goto err;
+ if (!BN_set_word(ret->g, g))
+ goto err;
+ ok = 1;
+ err:
+ if (ok == -1) {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
+ ok = 0;
+ }
+
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return ok;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_key.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dh/dh_key.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,267 +0,0 @@
-/* crypto/dh/dh_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/dh.h>
-
-#ifndef OPENSSL_FIPS
-
-static int generate_key(DH *dh);
-static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-static int dh_init(DH *dh);
-static int dh_finish(DH *dh);
-
-int DH_generate_key(DH *dh)
- {
- return dh->meth->generate_key(dh);
- }
-
-int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- return dh->meth->compute_key(key, pub_key, dh);
- }
-
-static DH_METHOD dh_ossl = {
-"OpenSSL DH Method",
-generate_key,
-compute_key,
-dh_bn_mod_exp,
-dh_init,
-dh_finish,
-0,
-NULL,
-NULL
-};
-
-const DH_METHOD *DH_OpenSSL(void)
-{
- return &dh_ossl;
-}
-
-static int generate_key(DH *dh)
- {
- int ok=0;
- int generate_new_key=0;
- unsigned l;
- BN_CTX *ctx;
- BN_MONT_CTX *mont=NULL;
- BIGNUM *pub_key=NULL,*priv_key=NULL;
-
- ctx = BN_CTX_new();
- if (ctx == NULL) goto err;
-
- if (dh->priv_key == NULL)
- {
- priv_key=BN_new();
- if (priv_key == NULL) goto err;
- generate_new_key=1;
- }
- else
- priv_key=dh->priv_key;
-
- if (dh->pub_key == NULL)
- {
- pub_key=BN_new();
- if (pub_key == NULL) goto err;
- }
- else
- pub_key=dh->pub_key;
-
-
- if (dh->flags & DH_FLAG_CACHE_MONT_P)
- {
- mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
- CRYPTO_LOCK_DH, dh->p, ctx);
- if (!mont)
- goto err;
- }
-
- if (generate_new_key)
- {
- l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
- if (!BN_rand(priv_key, l, 0, 0)) goto err;
- }
-
- {
- BIGNUM local_prk;
- BIGNUM *prk;
-
- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- BN_init(&local_prk);
- prk = &local_prk;
- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
- }
- else
- prk = priv_key;
-
- if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
- }
-
- dh->pub_key=pub_key;
- dh->priv_key=priv_key;
- ok=1;
-err:
- if (ok != 1)
- DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
-
- if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key);
- if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
- BN_CTX_free(ctx);
- return(ok);
- }
-
-static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- BN_CTX *ctx=NULL;
- BN_MONT_CTX *mont=NULL;
- BIGNUM *tmp;
- int ret= -1;
- int check_result;
-
- if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
- {
- DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
- goto err;
- }
-
- ctx = BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- tmp = BN_CTX_get(ctx);
-
- if (dh->priv_key == NULL)
- {
- DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
- goto err;
- }
-
- if (dh->flags & DH_FLAG_CACHE_MONT_P)
- {
- mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
- CRYPTO_LOCK_DH, dh->p, ctx);
- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- /* XXX */
- BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
- }
- if (!mont)
- goto err;
- }
-
- if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
- {
- DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
- goto err;
- }
-
- if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
- {
- DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
- goto err;
- }
-
- ret=BN_bn2bin(tmp,key);
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return(ret);
- }
-
-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- /* If a is only one word long and constant time is false, use the faster
- * exponenentiation function.
- */
- if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
- {
- BN_ULONG A = a->d[0];
- return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
- }
- else
- return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
- }
-
-
-static int dh_init(DH *dh)
- {
- dh->flags |= DH_FLAG_CACHE_MONT_P;
- return(1);
- }
-
-static int dh_finish(DH *dh)
- {
- if(dh->method_mont_p)
- BN_MONT_CTX_free(dh->method_mont_p);
- return(1);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_key.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dh/dh_key.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_key.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,258 @@
+/* crypto/dh/dh_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/dh.h>
+
+#ifndef OPENSSL_FIPS
+
+static int generate_key(DH *dh);
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int dh_init(DH *dh);
+static int dh_finish(DH *dh);
+
+int DH_generate_key(DH *dh)
+{
+ return dh->meth->generate_key(dh);
+}
+
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+ return dh->meth->compute_key(key, pub_key, dh);
+}
+
+static DH_METHOD dh_ossl = {
+ "OpenSSL DH Method",
+ generate_key,
+ compute_key,
+ dh_bn_mod_exp,
+ dh_init,
+ dh_finish,
+ 0,
+ NULL,
+ NULL
+};
+
+const DH_METHOD *DH_OpenSSL(void)
+{
+ return &dh_ossl;
+}
+
+static int generate_key(DH *dh)
+{
+ int ok = 0;
+ int generate_new_key = 0;
+ unsigned l;
+ BN_CTX *ctx;
+ BN_MONT_CTX *mont = NULL;
+ BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+
+ if (dh->priv_key == NULL) {
+ priv_key = BN_new();
+ if (priv_key == NULL)
+ goto err;
+ generate_new_key = 1;
+ } else
+ priv_key = dh->priv_key;
+
+ if (dh->pub_key == NULL) {
+ pub_key = BN_new();
+ if (pub_key == NULL)
+ goto err;
+ } else
+ pub_key = dh->pub_key;
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if (!mont)
+ goto err;
+ }
+
+ if (generate_new_key) {
+ l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; /* secret
+ * exponent
+ * length */
+ if (!BN_rand(priv_key, l, 0, 0))
+ goto err;
+ }
+
+ {
+ BIGNUM local_prk;
+ BIGNUM *prk;
+
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+ BN_init(&local_prk);
+ prk = &local_prk;
+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+ } else
+ prk = priv_key;
+
+ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont))
+ goto err;
+ }
+
+ dh->pub_key = pub_key;
+ dh->priv_key = priv_key;
+ ok = 1;
+ err:
+ if (ok != 1)
+ DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
+
+ if ((pub_key != NULL) && (dh->pub_key == NULL))
+ BN_free(pub_key);
+ if ((priv_key != NULL) && (dh->priv_key == NULL))
+ BN_free(priv_key);
+ BN_CTX_free(ctx);
+ return (ok);
+}
+
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+ BN_CTX *ctx = NULL;
+ BN_MONT_CTX *mont = NULL;
+ BIGNUM *tmp;
+ int ret = -1;
+ int check_result;
+
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
+ goto err;
+ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
+
+ if (dh->priv_key == NULL) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
+ goto err;
+ }
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+ /* XXX */
+ BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+ }
+ if (!mont)
+ goto err;
+ }
+
+ if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
+ goto err;
+ }
+
+ if (!dh->
+ meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) {
+ DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
+ goto err;
+ }
+
+ ret = BN_bn2bin(tmp, key);
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return (ret);
+}
+
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ /*
+ * If a is only one word long and constant time is false, use the faster
+ * exponenentiation function.
+ */
+ if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) {
+ BN_ULONG A = a->d[0];
+ return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
+ } else
+ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+
+static int dh_init(DH *dh)
+{
+ dh->flags |= DH_FLAG_CACHE_MONT_P;
+ return (1);
+}
+
+static int dh_finish(DH *dh)
+{
+ if (dh->method_mont_p)
+ BN_MONT_CTX_free(dh->method_mont_p);
+ return (1);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dh/dh_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,247 +0,0 @@
-/* crypto/dh/dh_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
-
-static const DH_METHOD *default_DH_method = NULL;
-
-void DH_set_default_method(const DH_METHOD *meth)
- {
- default_DH_method = meth;
- }
-
-const DH_METHOD *DH_get_default_method(void)
- {
- if(!default_DH_method)
- default_DH_method = DH_OpenSSL();
- return default_DH_method;
- }
-
-int DH_set_method(DH *dh, const DH_METHOD *meth)
- {
- /* NB: The caller is specifically setting a method, so it's not up to us
- * to deal with which ENGINE it comes from. */
- const DH_METHOD *mtmp;
- mtmp = dh->meth;
- if (mtmp->finish) mtmp->finish(dh);
-#ifndef OPENSSL_NO_ENGINE
- if (dh->engine)
- {
- ENGINE_finish(dh->engine);
- dh->engine = NULL;
- }
-#endif
- dh->meth = meth;
- if (meth->init) meth->init(dh);
- return 1;
- }
-
-DH *DH_new(void)
- {
- return DH_new_method(NULL);
- }
-
-DH *DH_new_method(ENGINE *engine)
- {
- DH *ret;
-
- ret=(DH *)OPENSSL_malloc(sizeof(DH));
- if (ret == NULL)
- {
- DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
- ret->meth = DH_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
- if (engine)
- {
- if (!ENGINE_init(engine))
- {
- DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
- OPENSSL_free(ret);
- return NULL;
- }
- ret->engine = engine;
- }
- else
- ret->engine = ENGINE_get_default_DH();
- if(ret->engine)
- {
- ret->meth = ENGINE_get_DH(ret->engine);
- if(!ret->meth)
- {
- DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
- ENGINE_finish(ret->engine);
- OPENSSL_free(ret);
- return NULL;
- }
- }
-#endif
-
- ret->pad=0;
- ret->version=0;
- ret->p=NULL;
- ret->g=NULL;
- ret->length=0;
- ret->pub_key=NULL;
- ret->priv_key=NULL;
- ret->q=NULL;
- ret->j=NULL;
- ret->seed = NULL;
- ret->seedlen = 0;
- ret->counter = NULL;
- ret->method_mont_p=NULL;
- ret->references = 1;
- ret->flags=ret->meth->flags;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
- {
-#ifndef OPENSSL_NO_ENGINE
- if (ret->engine)
- ENGINE_finish(ret->engine);
-#endif
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
- OPENSSL_free(ret);
- ret=NULL;
- }
- return(ret);
- }
-
-void DH_free(DH *r)
- {
- int i;
- if(r == NULL) return;
- i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
-#ifdef REF_PRINT
- REF_PRINT("DH",r);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"DH_free, bad reference count\n");
- abort();
- }
-#endif
-
- if (r->meth->finish)
- r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
- if (r->engine)
- ENGINE_finish(r->engine);
-#endif
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
-
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->g != NULL) BN_clear_free(r->g);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->j != NULL) BN_clear_free(r->j);
- if (r->seed) OPENSSL_free(r->seed);
- if (r->counter != NULL) BN_clear_free(r->counter);
- if (r->pub_key != NULL) BN_clear_free(r->pub_key);
- if (r->priv_key != NULL) BN_clear_free(r->priv_key);
- OPENSSL_free(r);
- }
-
-int DH_up_ref(DH *r)
- {
- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
-#ifdef REF_PRINT
- REF_PRINT("DH",r);
-#endif
-#ifdef REF_CHECK
- if (i < 2)
- {
- fprintf(stderr, "DH_up, bad reference count\n");
- abort();
- }
-#endif
- return ((i > 1) ? 1 : 0);
- }
-
-int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int DH_set_ex_data(DH *d, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
- }
-
-void *DH_get_ex_data(DH *d, int idx)
- {
- return(CRYPTO_get_ex_data(&d->ex_data,idx));
- }
-
-int DH_size(const DH *dh)
- {
- return(BN_num_bytes(dh->p));
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dh/dh_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dh_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,251 @@
+/* crypto/dh/dh_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+
+static const DH_METHOD *default_DH_method = NULL;
+
+void DH_set_default_method(const DH_METHOD *meth)
+{
+ default_DH_method = meth;
+}
+
+const DH_METHOD *DH_get_default_method(void)
+{
+ if (!default_DH_method)
+ default_DH_method = DH_OpenSSL();
+ return default_DH_method;
+}
+
+int DH_set_method(DH *dh, const DH_METHOD *meth)
+{
+ /*
+ * NB: The caller is specifically setting a method, so it's not up to us
+ * to deal with which ENGINE it comes from.
+ */
+ const DH_METHOD *mtmp;
+ mtmp = dh->meth;
+ if (mtmp->finish)
+ mtmp->finish(dh);
+#ifndef OPENSSL_NO_ENGINE
+ if (dh->engine) {
+ ENGINE_finish(dh->engine);
+ dh->engine = NULL;
+ }
+#endif
+ dh->meth = meth;
+ if (meth->init)
+ meth->init(dh);
+ return 1;
+}
+
+DH *DH_new(void)
+{
+ return DH_new_method(NULL);
+}
+
+DH *DH_new_method(ENGINE *engine)
+{
+ DH *ret;
+
+ ret = (DH *)OPENSSL_malloc(sizeof(DH));
+ if (ret == NULL) {
+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+
+ ret->meth = DH_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+ if (engine) {
+ if (!ENGINE_init(engine)) {
+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ ret->engine = engine;
+ } else
+ ret->engine = ENGINE_get_default_DH();
+ if (ret->engine) {
+ ret->meth = ENGINE_get_DH(ret->engine);
+ if (!ret->meth) {
+ DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
+#endif
+
+ ret->pad = 0;
+ ret->version = 0;
+ ret->p = NULL;
+ ret->g = NULL;
+ ret->length = 0;
+ ret->pub_key = NULL;
+ ret->priv_key = NULL;
+ ret->q = NULL;
+ ret->j = NULL;
+ ret->seed = NULL;
+ ret->seedlen = 0;
+ ret->counter = NULL;
+ ret->method_mont_p = NULL;
+ ret->references = 1;
+ ret->flags = ret->meth->flags;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+#ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+#endif
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+ OPENSSL_free(ret);
+ ret = NULL;
+ }
+ return (ret);
+}
+
+void DH_free(DH *r)
+{
+ int i;
+ if (r == NULL)
+ return;
+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
+#ifdef REF_PRINT
+ REF_PRINT("DH", r);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "DH_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ if (r->meth->finish)
+ r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+ if (r->engine)
+ ENGINE_finish(r->engine);
+#endif
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
+
+ if (r->p != NULL)
+ BN_clear_free(r->p);
+ if (r->g != NULL)
+ BN_clear_free(r->g);
+ if (r->q != NULL)
+ BN_clear_free(r->q);
+ if (r->j != NULL)
+ BN_clear_free(r->j);
+ if (r->seed)
+ OPENSSL_free(r->seed);
+ if (r->counter != NULL)
+ BN_clear_free(r->counter);
+ if (r->pub_key != NULL)
+ BN_clear_free(r->pub_key);
+ if (r->priv_key != NULL)
+ BN_clear_free(r->priv_key);
+ OPENSSL_free(r);
+}
+
+int DH_up_ref(DH *r)
+{
+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
+#ifdef REF_PRINT
+ REF_PRINT("DH", r);
+#endif
+#ifdef REF_CHECK
+ if (i < 2) {
+ fprintf(stderr, "DH_up, bad reference count\n");
+ abort();
+ }
+#endif
+ return ((i > 1) ? 1 : 0);
+}
+
+int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int DH_set_ex_data(DH *d, int idx, void *arg)
+{
+ return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
+}
+
+void *DH_get_ex_data(DH *d, int idx)
+{
+ return (CRYPTO_get_ex_data(&d->ex_data, idx));
+}
+
+int DH_size(const DH *dh)
+{
+ return (BN_num_bytes(dh->p));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dh/dhtest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dh/dhtest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dhtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,226 +0,0 @@
-/* crypto/dh/dhtest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-
-#ifdef OPENSSL_NO_DH
-int main(int argc, char *argv[])
-{
- printf("No DH support\n");
- return(0);
-}
-#else
-#include <openssl/dh.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define MS_CALLBACK _far _loadds
-#else
-#define MS_CALLBACK
-#endif
-
-static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg);
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int main(int argc, char *argv[])
- {
- BN_GENCB _cb;
- DH *a;
- DH *b=NULL;
- char buf[12];
- unsigned char *abuf=NULL,*bbuf=NULL;
- int i,alen,blen,aout,bout,ret=1;
- BIO *out;
-
- CRYPTO_malloc_debug_init();
- CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-#ifdef OPENSSL_SYS_WIN32
- CRYPTO_malloc_init();
-#endif
-
- RAND_seed(rnd_seed, sizeof rnd_seed);
-
- out=BIO_new(BIO_s_file());
- if (out == NULL) EXIT(1);
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-
- BN_GENCB_set(&_cb, &cb, out);
- if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
- DH_GENERATOR_5, &_cb))
- goto err;
-
- if (!DH_check(a, &i)) goto err;
- if (i & DH_CHECK_P_NOT_PRIME)
- BIO_puts(out, "p value is not prime\n");
- if (i & DH_CHECK_P_NOT_SAFE_PRIME)
- BIO_puts(out, "p value is not a safe prime\n");
- if (i & DH_UNABLE_TO_CHECK_GENERATOR)
- BIO_puts(out, "unable to check the generator value\n");
- if (i & DH_NOT_SUITABLE_GENERATOR)
- BIO_puts(out, "the g value is not a generator\n");
-
- BIO_puts(out,"\np =");
- BN_print(out,a->p);
- BIO_puts(out,"\ng =");
- BN_print(out,a->g);
- BIO_puts(out,"\n");
-
- b=DH_new();
- if (b == NULL) goto err;
-
- b->p=BN_dup(a->p);
- b->g=BN_dup(a->g);
- if ((b->p == NULL) || (b->g == NULL)) goto err;
-
- /* Set a to run with normal modexp and b to use constant time */
- a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
- b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
-
- if (!DH_generate_key(a)) goto err;
- BIO_puts(out,"pri 1=");
- BN_print(out,a->priv_key);
- BIO_puts(out,"\npub 1=");
- BN_print(out,a->pub_key);
- BIO_puts(out,"\n");
-
- if (!DH_generate_key(b)) goto err;
- BIO_puts(out,"pri 2=");
- BN_print(out,b->priv_key);
- BIO_puts(out,"\npub 2=");
- BN_print(out,b->pub_key);
- BIO_puts(out,"\n");
-
- alen=DH_size(a);
- abuf=(unsigned char *)OPENSSL_malloc(alen);
- aout=DH_compute_key(abuf,b->pub_key,a);
-
- BIO_puts(out,"key1 =");
- for (i=0; i<aout; i++)
- {
- sprintf(buf,"%02X",abuf[i]);
- BIO_puts(out,buf);
- }
- BIO_puts(out,"\n");
-
- blen=DH_size(b);
- bbuf=(unsigned char *)OPENSSL_malloc(blen);
- bout=DH_compute_key(bbuf,a->pub_key,b);
-
- BIO_puts(out,"key2 =");
- for (i=0; i<bout; i++)
- {
- sprintf(buf,"%02X",bbuf[i]);
- BIO_puts(out,buf);
- }
- BIO_puts(out,"\n");
- if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
- {
- fprintf(stderr,"Error in DH routines\n");
- ret=1;
- }
- else
- ret=0;
-err:
- ERR_print_errors_fp(stderr);
-
- if (abuf != NULL) OPENSSL_free(abuf);
- if (bbuf != NULL) OPENSSL_free(bbuf);
- if(b != NULL) DH_free(b);
- if(a != NULL) DH_free(a);
- BIO_free(out);
-#ifdef OPENSSL_SYS_NETWARE
- if (ret) printf("ERROR: %d\n", ret);
-#endif
- EXIT(ret);
- return(ret);
- }
-
-static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(arg->arg,&c,1);
- (void)BIO_flush(arg->arg);
-#ifdef LINT
- p=n;
-#endif
- return 1;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dh/dhtest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dh/dhtest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dh/dhtest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/dhtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,241 @@
+/* crypto/dh/dhtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_NO_DH
+int main(int argc, char *argv[])
+{
+ printf("No DH support\n");
+ return (0);
+}
+#else
+# include <openssl/dh.h>
+
+# ifdef OPENSSL_SYS_WIN16
+# define MS_CALLBACK _far _loadds
+# else
+# define MS_CALLBACK
+# endif
+
+static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg);
+
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+{
+ BN_GENCB _cb;
+ DH *a;
+ DH *b = NULL;
+ char buf[12];
+ unsigned char *abuf = NULL, *bbuf = NULL;
+ int i, alen, blen, aout, bout, ret = 1;
+ BIO *out;
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+# ifdef OPENSSL_SYS_WIN32
+ CRYPTO_malloc_init();
+# endif
+
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ EXIT(1);
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+
+ BN_GENCB_set(&_cb, &cb, out);
+ if (((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
+ DH_GENERATOR_5,
+ &_cb))
+ goto err;
+
+ if (!DH_check(a, &i))
+ goto err;
+ if (i & DH_CHECK_P_NOT_PRIME)
+ BIO_puts(out, "p value is not prime\n");
+ if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+ BIO_puts(out, "p value is not a safe prime\n");
+ if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+ BIO_puts(out, "unable to check the generator value\n");
+ if (i & DH_NOT_SUITABLE_GENERATOR)
+ BIO_puts(out, "the g value is not a generator\n");
+
+ BIO_puts(out, "\np =");
+ BN_print(out, a->p);
+ BIO_puts(out, "\ng =");
+ BN_print(out, a->g);
+ BIO_puts(out, "\n");
+
+ b = DH_new();
+ if (b == NULL)
+ goto err;
+
+ b->p = BN_dup(a->p);
+ b->g = BN_dup(a->g);
+ if ((b->p == NULL) || (b->g == NULL))
+ goto err;
+
+ /* Set a to run with normal modexp and b to use constant time */
+ a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
+ b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
+
+ if (!DH_generate_key(a))
+ goto err;
+ BIO_puts(out, "pri 1=");
+ BN_print(out, a->priv_key);
+ BIO_puts(out, "\npub 1=");
+ BN_print(out, a->pub_key);
+ BIO_puts(out, "\n");
+
+ if (!DH_generate_key(b))
+ goto err;
+ BIO_puts(out, "pri 2=");
+ BN_print(out, b->priv_key);
+ BIO_puts(out, "\npub 2=");
+ BN_print(out, b->pub_key);
+ BIO_puts(out, "\n");
+
+ alen = DH_size(a);
+ abuf = (unsigned char *)OPENSSL_malloc(alen);
+ aout = DH_compute_key(abuf, b->pub_key, a);
+
+ BIO_puts(out, "key1 =");
+ for (i = 0; i < aout; i++) {
+ sprintf(buf, "%02X", abuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_puts(out, "\n");
+
+ blen = DH_size(b);
+ bbuf = (unsigned char *)OPENSSL_malloc(blen);
+ bout = DH_compute_key(bbuf, a->pub_key, b);
+
+ BIO_puts(out, "key2 =");
+ for (i = 0; i < bout; i++) {
+ sprintf(buf, "%02X", bbuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_puts(out, "\n");
+ if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) {
+ fprintf(stderr, "Error in DH routines\n");
+ ret = 1;
+ } else
+ ret = 0;
+ err:
+ ERR_print_errors_fp(stderr);
+
+ if (abuf != NULL)
+ OPENSSL_free(abuf);
+ if (bbuf != NULL)
+ OPENSSL_free(bbuf);
+ if (b != NULL)
+ DH_free(b);
+ if (a != NULL)
+ DH_free(a);
+ BIO_free(out);
+# ifdef OPENSSL_SYS_NETWARE
+ if (ret)
+ printf("ERROR: %d\n", ret);
+# endif
+ EXIT(ret);
+ return (ret);
+}
+
+static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg)
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ BIO_write(arg->arg, &c, 1);
+ (void)BIO_flush(arg->arg);
+# ifdef LINT
+ p = n;
+# endif
+ return 1;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dh/p1024.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dh/p1024.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/p1024.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,92 +0,0 @@
-/* crypto/dh/p1024.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/asn1.h>
-#include <openssl/dh.h>
-#include <openssl/pem.h>
-
-unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
- 0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
- 0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8,
- 0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF,
- 0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9,
- 0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78,
- 0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E,
- 0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6,
- 0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B,
- 0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89,
- 0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19,
- 0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03,
- 0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B,
- 0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21,
- 0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE,
- 0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB,
- };
-
-main()
- {
- DH *dh;
-
- dh=DH_new();
- dh->p=BN_bin2bn(data,sizeof(data),NULL);
- dh->g=BN_new();
- BN_set_word(dh->g,2);
- PEM_write_DHparams(stdout,dh);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dh/p1024.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dh/p1024.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dh/p1024.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/p1024.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,92 @@
+/* crypto/dh/p1024.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+
+unsigned char data[] = { 0x97, 0xF6, 0x42, 0x61, 0xCA, 0xB5, 0x05, 0xDD,
+ 0x28, 0x28, 0xE1, 0x3F, 0x1D, 0x68, 0xB6, 0xD3,
+ 0xDB, 0xD0, 0xF3, 0x13, 0x04, 0x7F, 0x40, 0xE8,
+ 0x56, 0xDA, 0x58, 0xCB, 0x13, 0xB8, 0xA1, 0xBF,
+ 0x2B, 0x78, 0x3A, 0x4C, 0x6D, 0x59, 0xD5, 0xF9,
+ 0x2A, 0xFC, 0x6C, 0xFF, 0x3D, 0x69, 0x3F, 0x78,
+ 0xB2, 0x3D, 0x4F, 0x31, 0x60, 0xA9, 0x50, 0x2E,
+ 0x3E, 0xFA, 0xF7, 0xAB, 0x5E, 0x1A, 0xD5, 0xA6,
+ 0x5E, 0x55, 0x43, 0x13, 0x82, 0x8D, 0xA8, 0x3B,
+ 0x9F, 0xF2, 0xD9, 0x41, 0xDE, 0xE9, 0x56, 0x89,
+ 0xFA, 0xDA, 0xEA, 0x09, 0x36, 0xAD, 0xDF, 0x19,
+ 0x71, 0xFE, 0x63, 0x5B, 0x20, 0xAF, 0x47, 0x03,
+ 0x64, 0x60, 0x3C, 0x2D, 0xE0, 0x59, 0xF5, 0x4B,
+ 0x65, 0x0A, 0xD8, 0xFA, 0x0C, 0xF7, 0x01, 0x21,
+ 0xC7, 0x47, 0x99, 0xD7, 0x58, 0x71, 0x32, 0xBE,
+ 0x9B, 0x99, 0x9B, 0xB9, 0xB7, 0x87, 0xE8, 0xAB,
+};
+
+main()
+{
+ DH *dh;
+
+ dh = DH_new();
+ dh->p = BN_bin2bn(data, sizeof(data), NULL);
+ dh->g = BN_new();
+ BN_set_word(dh->g, 2);
+ PEM_write_DHparams(stdout, dh);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dh/p192.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dh/p192.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/p192.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,80 +0,0 @@
-/* crypto/dh/p192.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/asn1.h>
-#include <openssl/dh.h>
-#include <openssl/pem.h>
-
-unsigned char data[]={
-0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
-0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76,
-0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B,
- };
-
-main()
- {
- DH *dh;
-
- dh=DH_new();
- dh->p=BN_bin2bn(data,sizeof(data),NULL);
- dh->g=BN_new();
- BN_set_word(dh->g,3);
- PEM_write_DHparams(stdout,dh);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dh/p192.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dh/p192.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dh/p192.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/p192.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,80 @@
+/* crypto/dh/p192.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+
+unsigned char data[] = {
+ 0xD4, 0xA0, 0xBA, 0x02, 0x50, 0xB6, 0xFD, 0x2E,
+ 0xC6, 0x26, 0xE7, 0xEF, 0xD6, 0x37, 0xDF, 0x76,
+ 0xC7, 0x16, 0xE2, 0x2D, 0x09, 0x44, 0xB8, 0x8B,
+};
+
+main()
+{
+ DH *dh;
+
+ dh = DH_new();
+ dh->p = BN_bin2bn(data, sizeof(data), NULL);
+ dh->g = BN_new();
+ BN_set_word(dh->g, 3);
+ PEM_write_DHparams(stdout, dh);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dh/p512.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dh/p512.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/p512.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,85 +0,0 @@
-/* crypto/dh/p512.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/asn1.h>
-#include <openssl/dh.h>
-#include <openssl/pem.h>
-
-unsigned char data[]={
-0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,
-0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92,
-0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
-0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,
-0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29,
-0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
-0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,
-0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33,
- };
-
-main()
- {
- DH *dh;
-
- dh=DH_new();
- dh->p=BN_bin2bn(data,sizeof(data),NULL);
- dh->g=BN_new();
- BN_set_word(dh->g,2);
- PEM_write_DHparams(stdout,dh);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dh/p512.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dh/p512.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dh/p512.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dh/p512.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,85 @@
+/* crypto/dh/p512.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+
+unsigned char data[] = {
+ 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89,
+ 0xD0, 0xE4, 0xAF, 0x75, 0x6F, 0x4C, 0xCA, 0x92,
+ 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
+ 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED,
+ 0x57, 0x46, 0x50, 0xD3, 0x69, 0x99, 0xDB, 0x29,
+ 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
+ 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6,
+ 0xD8, 0x00, 0x3E, 0x7C, 0x47, 0x74, 0xE8, 0x33,
+};
+
+main()
+{
+ DH *dh;
+
+ dh = DH_new();
+ dh->p = BN_bin2bn(data, sizeof(data), NULL);
+ dh->g = BN_new();
+ BN_set_word(dh->g, 2);
+ PEM_write_DHparams(stdout, dh);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,324 +0,0 @@
-/* crypto/dsa/dsa.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- * The DSS routines are based on patches supplied by
- * Steven Schoch <schoch at sheba.arc.nasa.gov>. He basically did the
- * work and I have just tweaked them a little to fit into my
- * stylistic vision for SSLeay :-) */
-
-#ifndef HEADER_DSA_H
-#define HEADER_DSA_H
-
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_DSA
-#error DSA is disabled.
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/crypto.h>
-#include <openssl/ossl_typ.h>
-
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DH
-# include <openssl/dh.h>
-#endif
-#endif
-
-#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
-# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
-#endif
-
-#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
-
-#define DSA_FLAG_CACHE_MONT_P 0x01
-#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
- * implementation now uses constant time
- * modular exponentiation for secret exponents
- * by default. This flag causes the
- * faster variable sliding window method to
- * be used for all exponents.
- */
-
-/* If this flag is set the DSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-
-#define DSA_FLAG_FIPS_METHOD 0x0400
-
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-#define DSA_FLAG_NON_FIPS_ALLOW 0x0400
-
-#ifdef OPENSSL_FIPS
-#define FIPS_DSA_SIZE_T int
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct dsa_st DSA; */
-/* typedef struct dsa_method DSA_METHOD; */
-
-typedef struct DSA_SIG_st
- {
- BIGNUM *r;
- BIGNUM *s;
- } DSA_SIG;
-
-struct dsa_method
- {
- const char *name;
- DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
- int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
- BIGNUM **rp);
- int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
- int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
- BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *in_mont);
- int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx); /* Can be null */
- int (*init)(DSA *dsa);
- int (*finish)(DSA *dsa);
- int flags;
- char *app_data;
- /* If this is non-NULL, it is used to generate DSA parameters */
- int (*dsa_paramgen)(DSA *dsa, int bits,
- unsigned char *seed, int seed_len,
- int *counter_ret, unsigned long *h_ret,
- BN_GENCB *cb);
- /* If this is non-NULL, it is used to generate DSA keys */
- int (*dsa_keygen)(DSA *dsa);
- };
-
-struct dsa_st
- {
- /* This first variable is used to pick up errors where
- * a DSA is passed instead of of a EVP_PKEY */
- int pad;
- long version;
- int write_params;
- BIGNUM *p;
- BIGNUM *q; /* == 20 */
- BIGNUM *g;
-
- BIGNUM *pub_key; /* y public key */
- BIGNUM *priv_key; /* x private key */
-
- BIGNUM *kinv; /* Signing pre-calc */
- BIGNUM *r; /* Signing pre-calc */
-
- int flags;
- /* Normally used to cache montgomery values */
- BN_MONT_CTX *method_mont_p;
- int references;
- CRYPTO_EX_DATA ex_data;
- const DSA_METHOD *meth;
- /* functional reference if 'meth' is ENGINE-provided */
- ENGINE *engine;
- };
-
-#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
-#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
- (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
-#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
- (unsigned char *)(x))
-#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
-#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
-
-
-DSA_SIG * DSA_SIG_new(void);
-void DSA_SIG_free(DSA_SIG *a);
-int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
-DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
-
-DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
-int DSA_do_verify(const unsigned char *dgst,int dgst_len,
- DSA_SIG *sig,DSA *dsa);
-
-const DSA_METHOD *DSA_OpenSSL(void);
-
-void DSA_set_default_method(const DSA_METHOD *);
-const DSA_METHOD *DSA_get_default_method(void);
-int DSA_set_method(DSA *dsa, const DSA_METHOD *);
-
-#ifdef OPENSSL_FIPS
-DSA * FIPS_dsa_new(void);
-void FIPS_dsa_free (DSA *r);
-#endif
-
-DSA * DSA_new(void);
-DSA * DSA_new_method(ENGINE *engine);
-void DSA_free (DSA *r);
-/* "up" the DSA object's reference count */
-int DSA_up_ref(DSA *r);
-int DSA_size(const DSA *);
- /* next 4 return -1 on error */
-int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
-int DSA_sign(int type,const unsigned char *dgst,int dlen,
- unsigned char *sig, unsigned int *siglen, DSA *dsa);
-int DSA_verify(int type,const unsigned char *dgst,int dgst_len,
- const unsigned char *sigbuf, int siglen, DSA *dsa);
-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int DSA_set_ex_data(DSA *d, int idx, void *arg);
-void *DSA_get_ex_data(DSA *d, int idx);
-
-DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
-DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
-DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-DSA * DSA_generate_parameters(int bits,
- unsigned char *seed,int seed_len,
- int *counter_ret, unsigned long *h_ret,void
- (*callback)(int, int, void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int DSA_generate_parameters_ex(DSA *dsa, int bits,
- unsigned char *seed,int seed_len,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-
-int DSA_generate_key(DSA *a);
-int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
-int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
-int i2d_DSAparams(const DSA *a,unsigned char **pp);
-
-#ifndef OPENSSL_NO_BIO
-int DSAparams_print(BIO *bp, const DSA *x);
-int DSA_print(BIO *bp, const DSA *x, int off);
-#endif
-#ifndef OPENSSL_NO_FP_API
-int DSAparams_print_fp(FILE *fp, const DSA *x);
-int DSA_print_fp(FILE *bp, const DSA *x, int off);
-#endif
-
-#define DSS_prime_checks 50
-/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
- * 50 rounds of Rabin-Miller */
-#define DSA_is_prime(n, callback, cb_arg) \
- BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
-
-#ifndef OPENSSL_NO_DH
-/* Convert DSA structure (key or just parameters) into DH structure
- * (be careful to avoid small subgroup attacks when using this!) */
-DH *DSA_dup_DH(const DSA *r);
-#endif
-
-#ifdef OPENSSL_FIPS
-int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig);
-int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DSA_strings(void);
-
-/* Error codes for the DSA functions. */
-
-/* Function codes. */
-#define DSA_F_D2I_DSA_SIG 110
-#define DSA_F_DSAPARAMS_PRINT 100
-#define DSA_F_DSAPARAMS_PRINT_FP 101
-#define DSA_F_DSA_BUILTIN_KEYGEN 119
-#define DSA_F_DSA_BUILTIN_PARAMGEN 118
-#define DSA_F_DSA_DO_SIGN 112
-#define DSA_F_DSA_DO_VERIFY 113
-#define DSA_F_DSA_GENERATE_PARAMETERS 117
-#define DSA_F_DSA_NEW_METHOD 103
-#define DSA_F_DSA_PRINT 104
-#define DSA_F_DSA_PRINT_FP 105
-#define DSA_F_DSA_SET_DEFAULT_METHOD 115
-#define DSA_F_DSA_SET_METHOD 116
-#define DSA_F_DSA_SIGN 106
-#define DSA_F_DSA_SIGN_SETUP 107
-#define DSA_F_DSA_SIG_NEW 109
-#define DSA_F_DSA_VERIFY 108
-#define DSA_F_I2D_DSA_SIG 111
-#define DSA_F_SIG_CB 114
-
-/* Reason codes. */
-#define DSA_R_BAD_Q_VALUE 102
-#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
-#define DSA_R_KEY_SIZE_TOO_SMALL 106
-#define DSA_R_MISSING_PARAMETERS 101
-#define DSA_R_MODULUS_TOO_LARGE 103
-#define DSA_R_NON_FIPS_METHOD 104
-#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa.h (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsa.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,326 @@
+/* crypto/dsa/dsa.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * The DSS routines are based on patches supplied by
+ * Steven Schoch <schoch at sheba.arc.nasa.gov>. He basically did the
+ * work and I have just tweaked them a little to fit into my
+ * stylistic vision for SSLeay :-) */
+
+#ifndef HEADER_DSA_H
+# define HEADER_DSA_H
+
+# include <openssl/e_os2.h>
+
+# ifdef OPENSSL_NO_DSA
+# error DSA is disabled.
+# endif
+
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+# include <openssl/crypto.h>
+# include <openssl/ossl_typ.h>
+
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/bn.h>
+# ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+# endif
+# endif
+
+# ifndef OPENSSL_DSA_MAX_MODULUS_BITS
+# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
+# endif
+
+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+
+# define DSA_FLAG_CACHE_MONT_P 0x01
+/*
+ * new with 0.9.7h; the built-in DSA implementation now uses constant time
+ * modular exponentiation for secret exponents by default. This flag causes
+ * the faster variable sliding window method to be used for all exponents.
+ */
+# define DSA_FLAG_NO_EXP_CONSTTIME 0x02
+
+/*
+ * If this flag is set the DSA method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its reposibility to ensure the
+ * result is compliant.
+ */
+
+# define DSA_FLAG_FIPS_METHOD 0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define DSA_FLAG_NON_FIPS_ALLOW 0x0400
+
+# ifdef OPENSSL_FIPS
+# define FIPS_DSA_SIZE_T int
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dsa_st DSA; */
+/* typedef struct dsa_method DSA_METHOD; */
+
+typedef struct DSA_SIG_st {
+ BIGNUM *r;
+ BIGNUM *s;
+} DSA_SIG;
+
+struct dsa_method {
+ const char *name;
+ DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa);
+ int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp);
+ int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+ int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont);
+ /* Can be null */
+ int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ int (*init) (DSA *dsa);
+ int (*finish) (DSA *dsa);
+ int flags;
+ char *app_data;
+ /* If this is non-NULL, it is used to generate DSA parameters */
+ int (*dsa_paramgen) (DSA *dsa, int bits,
+ unsigned char *seed, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb);
+ /* If this is non-NULL, it is used to generate DSA keys */
+ int (*dsa_keygen) (DSA *dsa);
+};
+
+struct dsa_st {
+ /*
+ * This first variable is used to pick up errors where a DSA is passed
+ * instead of of a EVP_PKEY
+ */
+ int pad;
+ long version;
+ int write_params;
+ BIGNUM *p;
+ BIGNUM *q; /* == 20 */
+ BIGNUM *g;
+ BIGNUM *pub_key; /* y public key */
+ BIGNUM *priv_key; /* x private key */
+ BIGNUM *kinv; /* Signing pre-calc */
+ BIGNUM *r; /* Signing pre-calc */
+ int flags;
+ /* Normally used to cache montgomery values */
+ BN_MONT_CTX *method_mont_p;
+ int references;
+ CRYPTO_EX_DATA ex_data;
+ const DSA_METHOD *meth;
+ /* functional reference if 'meth' is ENGINE-provided */
+ ENGINE *engine;
+};
+
+# define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
+# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+ (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
+# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
+ (unsigned char *)(x))
+# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
+# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
+
+DSA_SIG *DSA_SIG_new(void);
+void DSA_SIG_free(DSA_SIG *a);
+int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
+
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+
+const DSA_METHOD *DSA_OpenSSL(void);
+
+void DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD *DSA_get_default_method(void);
+int DSA_set_method(DSA *dsa, const DSA_METHOD *);
+
+# ifdef OPENSSL_FIPS
+DSA *FIPS_dsa_new(void);
+void FIPS_dsa_free(DSA *r);
+# endif
+
+DSA *DSA_new(void);
+DSA *DSA_new_method(ENGINE *engine);
+void DSA_free(DSA *r);
+/* "up" the DSA object's reference count */
+int DSA_up_ref(DSA *r);
+int DSA_size(const DSA *);
+ /* next 4 return -1 on error */
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+int DSA_sign(int type, const unsigned char *dgst, int dlen,
+ unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+ const unsigned char *sigbuf, int siglen, DSA *dsa);
+int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int DSA_set_ex_data(DSA *d, int idx, void *arg);
+void *DSA_get_ex_data(DSA *d, int idx);
+
+DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+
+/* Deprecated version */
+# ifndef OPENSSL_NO_DEPRECATED
+DSA *DSA_generate_parameters(int bits,
+ unsigned char *seed, int seed_len,
+ int *counter_ret, unsigned long *h_ret, void
+ (*callback) (int, int, void *), void *cb_arg);
+# endif /* !defined(OPENSSL_NO_DEPRECATED) */
+
+/* New version */
+int DSA_generate_parameters_ex(DSA *dsa, int bits,
+ unsigned char *seed, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb);
+
+int DSA_generate_key(DSA *a);
+int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+int i2d_DSAparams(const DSA *a, unsigned char **pp);
+
+# ifndef OPENSSL_NO_BIO
+int DSAparams_print(BIO *bp, const DSA *x);
+int DSA_print(BIO *bp, const DSA *x, int off);
+# endif
+# ifndef OPENSSL_NO_FP_API
+int DSAparams_print_fp(FILE *fp, const DSA *x);
+int DSA_print_fp(FILE *bp, const DSA *x, int off);
+# endif
+
+# define DSS_prime_checks 50
+/*
+ * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of
+ * Rabin-Miller
+ */
+# define DSA_is_prime(n, callback, cb_arg) \
+ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
+
+# ifndef OPENSSL_NO_DH
+/*
+ * Convert DSA structure (key or just parameters) into DH structure (be
+ * careful to avoid small subgroup attacks when using this!)
+ */
+DH *DSA_dup_DH(const DSA *r);
+# endif
+
+# ifdef OPENSSL_FIPS
+int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig);
+int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen);
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_DSA_strings(void);
+
+/* Error codes for the DSA functions. */
+
+/* Function codes. */
+# define DSA_F_D2I_DSA_SIG 110
+# define DSA_F_DSAPARAMS_PRINT 100
+# define DSA_F_DSAPARAMS_PRINT_FP 101
+# define DSA_F_DSA_BUILTIN_KEYGEN 119
+# define DSA_F_DSA_BUILTIN_PARAMGEN 118
+# define DSA_F_DSA_DO_SIGN 112
+# define DSA_F_DSA_DO_VERIFY 113
+# define DSA_F_DSA_GENERATE_PARAMETERS 117
+# define DSA_F_DSA_NEW_METHOD 103
+# define DSA_F_DSA_PRINT 104
+# define DSA_F_DSA_PRINT_FP 105
+# define DSA_F_DSA_SET_DEFAULT_METHOD 115
+# define DSA_F_DSA_SET_METHOD 116
+# define DSA_F_DSA_SIGN 106
+# define DSA_F_DSA_SIGN_SETUP 107
+# define DSA_F_DSA_SIG_NEW 109
+# define DSA_F_DSA_VERIFY 108
+# define DSA_F_I2D_DSA_SIG 111
+# define DSA_F_SIG_CB 114
+
+/* Reason codes. */
+# define DSA_R_BAD_Q_VALUE 102
+# define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
+# define DSA_R_KEY_SIZE_TOO_SMALL 106
+# define DSA_R_MISSING_PARAMETERS 101
+# define DSA_R_MODULUS_TOO_LARGE 103
+# define DSA_R_NON_FIPS_METHOD 104
+# define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_asn1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_asn1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,220 +0,0 @@
-/* dsa_asn1.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dsa.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-/* Override the default new methods */
-static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- if(operation == ASN1_OP_NEW_PRE) {
- DSA_SIG *sig;
- sig = OPENSSL_malloc(sizeof(DSA_SIG));
- sig->r = NULL;
- sig->s = NULL;
- *pval = (ASN1_VALUE *)sig;
- if(sig) return 2;
- DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- return 1;
-}
-
-ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
- ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
- ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
-} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
-
-/* Override the default free and new methods */
-static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- if(operation == ASN1_OP_NEW_PRE) {
- *pval = (ASN1_VALUE *)DSA_new();
- if(*pval) return 2;
- return 0;
- } else if(operation == ASN1_OP_FREE_PRE) {
- DSA_free((DSA *)*pval);
- *pval = NULL;
- return 2;
- }
- return 1;
-}
-
-ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
- ASN1_SIMPLE(DSA, version, LONG),
- ASN1_SIMPLE(DSA, p, BIGNUM),
- ASN1_SIMPLE(DSA, q, BIGNUM),
- ASN1_SIMPLE(DSA, g, BIGNUM),
- ASN1_SIMPLE(DSA, pub_key, BIGNUM),
- ASN1_SIMPLE(DSA, priv_key, BIGNUM)
-} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
-
-ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
- ASN1_SIMPLE(DSA, p, BIGNUM),
- ASN1_SIMPLE(DSA, q, BIGNUM),
- ASN1_SIMPLE(DSA, g, BIGNUM),
-} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
-
-/* DSA public key is a bit trickier... its effectively a CHOICE type
- * decided by a field called write_params which can either write out
- * just the public key as an INTEGER or the parameters and public key
- * in a SEQUENCE
- */
-
-ASN1_SEQUENCE(dsa_pub_internal) = {
- ASN1_SIMPLE(DSA, pub_key, BIGNUM),
- ASN1_SIMPLE(DSA, p, BIGNUM),
- ASN1_SIMPLE(DSA, q, BIGNUM),
- ASN1_SIMPLE(DSA, g, BIGNUM)
-} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
-
-ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
- ASN1_SIMPLE(DSA, pub_key, BIGNUM),
- ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
-} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
-
-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
- unsigned int *siglen, DSA *dsa)
- {
- DSA_SIG *s;
-#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
- {
- DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return 0;
- }
-#endif
- RAND_seed(dgst, dlen);
- s=DSA_do_sign(dgst,dlen,dsa);
- if (s == NULL)
- {
- *siglen=0;
- return(0);
- }
- *siglen=i2d_DSA_SIG(s,&sig);
- DSA_SIG_free(s);
- return(1);
- }
-
-int DSA_size(const DSA *r)
- {
- int ret,i;
- ASN1_INTEGER bs;
- unsigned char buf[4]; /* 4 bytes looks really small.
- However, i2d_ASN1_INTEGER() will not look
- beyond the first byte, as long as the second
- parameter is NULL. */
-
- i=BN_num_bits(r->q);
- bs.length=(i+7)/8;
- bs.data=buf;
- bs.type=V_ASN1_INTEGER;
- /* If the top bit is set the asn1 encoding is 1 larger. */
- buf[0]=0xff;
-
- i=i2d_ASN1_INTEGER(&bs,NULL);
- i+=i; /* r and s */
- ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
- return(ret);
- }
-
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
- * 1: correct signature
- * 0: incorrect signature
- * -1: error
- */
-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
- const unsigned char *sigbuf, int siglen, DSA *dsa)
- {
- DSA_SIG *s;
- int ret=-1;
-#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
- {
- DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return 0;
- }
-#endif
-
- s = DSA_SIG_new();
- if (s == NULL) return(ret);
- if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
- ret=DSA_do_verify(dgst,dgst_len,s,dsa);
-err:
- DSA_SIG_free(s);
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_asn1.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsa_asn1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_asn1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,231 @@
+/* dsa_asn1.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+/* Override the default new methods */
+static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if (operation == ASN1_OP_NEW_PRE) {
+ DSA_SIG *sig;
+ sig = OPENSSL_malloc(sizeof(DSA_SIG));
+ sig->r = NULL;
+ sig->s = NULL;
+ *pval = (ASN1_VALUE *)sig;
+ if (sig)
+ return 2;
+ DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return 1;
+}
+
+ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
+ ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
+ ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
+} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
+
+/* Override the default free and new methods */
+static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if (operation == ASN1_OP_NEW_PRE) {
+ *pval = (ASN1_VALUE *)DSA_new();
+ if (*pval)
+ return 2;
+ return 0;
+ } else if (operation == ASN1_OP_FREE_PRE) {
+ DSA_free((DSA *)*pval);
+ *pval = NULL;
+ return 2;
+ }
+ return 1;
+}
+
+ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
+ ASN1_SIMPLE(DSA, version, LONG),
+ ASN1_SIMPLE(DSA, p, BIGNUM),
+ ASN1_SIMPLE(DSA, q, BIGNUM),
+ ASN1_SIMPLE(DSA, g, BIGNUM),
+ ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+ ASN1_SIMPLE(DSA, priv_key, BIGNUM)
+} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
+
+ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
+ ASN1_SIMPLE(DSA, p, BIGNUM),
+ ASN1_SIMPLE(DSA, q, BIGNUM),
+ ASN1_SIMPLE(DSA, g, BIGNUM),
+} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
+
+/*
+ * DSA public key is a bit trickier... its effectively a CHOICE type decided
+ * by a field called write_params which can either write out just the public
+ * key as an INTEGER or the parameters and public key in a SEQUENCE
+ */
+
+ASN1_SEQUENCE(dsa_pub_internal) = {
+ ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+ ASN1_SIMPLE(DSA, p, BIGNUM),
+ ASN1_SIMPLE(DSA, q, BIGNUM),
+ ASN1_SIMPLE(DSA, g, BIGNUM)
+} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
+
+ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
+ ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+ ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
+} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
+
+int DSA_sign(int type, const unsigned char *dgst, int dlen,
+ unsigned char *sig, unsigned int *siglen, DSA *dsa)
+{
+ DSA_SIG *s;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+ DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
+ RAND_seed(dgst, dlen);
+ s = DSA_do_sign(dgst, dlen, dsa);
+ if (s == NULL) {
+ *siglen = 0;
+ return (0);
+ }
+ *siglen = i2d_DSA_SIG(s, &sig);
+ DSA_SIG_free(s);
+ return (1);
+}
+
+int DSA_size(const DSA *r)
+{
+ int ret, i;
+ ASN1_INTEGER bs;
+ unsigned char buf[4]; /* 4 bytes looks really small. However,
+ * i2d_ASN1_INTEGER() will not look beyond
+ * the first byte, as long as the second
+ * parameter is NULL. */
+
+ i = BN_num_bits(r->q);
+ bs.length = (i + 7) / 8;
+ bs.data = buf;
+ bs.type = V_ASN1_INTEGER;
+ /* If the top bit is set the asn1 encoding is 1 larger. */
+ buf[0] = 0xff;
+
+ i = i2d_ASN1_INTEGER(&bs, NULL);
+ i += i; /* r and s */
+ ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+ return (ret);
+}
+
+/*-
+ * data has already been hashed (probably with SHA or SHA-1). */
+/*
+ * returns 1: correct signature 0: incorrect signature -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+ const unsigned char *sigbuf, int siglen, DSA *dsa)
+{
+ DSA_SIG *s;
+ const unsigned char *p = sigbuf;
+ unsigned char *der = NULL;
+ int derlen = -1;
+ int ret = -1;
+
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+ DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
+
+ s = DSA_SIG_new();
+ if (s == NULL)
+ return (ret);
+ if (d2i_DSA_SIG(&s, &p, siglen) == NULL)
+ goto err;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_DSA_SIG(s, &der);
+ if (derlen != siglen || memcmp(sigbuf, der, derlen))
+ goto err;
+ ret = DSA_do_verify(dgst, dgst_len, s, dsa);
+ err:
+ if (derlen > 0) {
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ }
+ DSA_SIG_free(s);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_depr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_depr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_depr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,106 +0,0 @@
-/* crypto/dsa/dsa_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* This file contains deprecated function(s) that are now wrappers to the new
- * version(s). */
-
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/* Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH EVP_sha()
-#else
-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
- * FIPS PUB 180-1) */
-#define HASH EVP_sha1()
-#endif
-
-static void *dummy=&dummy;
-
-#ifndef OPENSSL_NO_SHA
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-#ifndef OPENSSL_NO_DEPRECATED
-DSA *DSA_generate_parameters(int bits,
- unsigned char *seed_in, int seed_len,
- int *counter_ret, unsigned long *h_ret,
- void (*callback)(int, int, void *),
- void *cb_arg)
- {
- BN_GENCB cb;
- DSA *ret;
-
- if ((ret=DSA_new()) == NULL) return NULL;
-
- BN_GENCB_set_old(&cb, callback, cb_arg);
-
- if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
- counter_ret, h_ret, &cb))
- return ret;
- DSA_free(ret);
- return NULL;
- }
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_depr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsa_depr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_depr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_depr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,113 @@
+/* crypto/dsa/dsa_depr.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * This file contains deprecated function(s) that are now wrappers to the new
+ * version(s).
+ */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+/*
+ * Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
+ */
+# define HASH EVP_sha()
+#else
+/*
+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
+ * 180-1)
+ */
+# define HASH EVP_sha1()
+#endif
+
+static void *dummy = &dummy;
+
+#ifndef OPENSSL_NO_SHA
+
+# include <stdio.h>
+# include <time.h>
+# include "cryptlib.h"
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/rand.h>
+# include <openssl/sha.h>
+
+# ifndef OPENSSL_NO_DEPRECATED
+DSA *DSA_generate_parameters(int bits,
+ unsigned char *seed_in, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ void (*callback) (int, int, void *),
+ void *cb_arg)
+{
+ BN_GENCB cb;
+ DSA *ret;
+
+ if ((ret = DSA_new()) == NULL)
+ return NULL;
+
+ BN_GENCB_set_old(&cb, callback, cb_arg);
+
+ if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
+ counter_ret, h_ret, &cb))
+ return ret;
+ DSA_free(ret);
+ return NULL;
+}
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,119 +0,0 @@
-/* crypto/dsa/dsa_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/dsa.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
-
-static ERR_STRING_DATA DSA_str_functs[]=
- {
-{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
-{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"},
-{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
-{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
-{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
-{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"},
-{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
-{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
-{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
-{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"},
-{ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"},
-{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
-{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
-{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
-{ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
-{ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
-{ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA DSA_str_reasons[]=
- {
-{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
-{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
-{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
-{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
-{ERR_REASON(DSA_R_NON_FIPS_METHOD) ,"non fips method"},
-{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_DSA_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,DSA_str_functs);
- ERR_load_strings(0,DSA_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsa_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,119 @@
+/* crypto/dsa/dsa_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
+
+static ERR_STRING_DATA DSA_str_functs[] = {
+ {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
+ {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
+ {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
+ {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"},
+ {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
+ {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
+ {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
+ {ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"},
+ {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
+ {ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
+ {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
+ {ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"},
+ {ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"},
+ {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
+ {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
+ {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
+ {ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
+ {ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
+ {ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA DSA_str_reasons[] = {
+ {ERR_REASON(DSA_R_BAD_Q_VALUE), "bad q value"},
+ {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
+ "data too large for key size"},
+ {ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+ {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"},
+ {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+ {ERR_REASON(DSA_R_NON_FIPS_METHOD), "non fips method"},
+ {ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),
+ "operation not allowed in fips mode"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_DSA_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, DSA_str_functs);
+ ERR_load_strings(0, DSA_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_gen.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,324 +0,0 @@
-/* crypto/dsa/dsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/* Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH EVP_sha()
-#else
-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
- * FIPS PUB 180-1) */
-#define HASH EVP_sha1()
-#endif
-
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
-
-#ifndef OPENSSL_NO_SHA
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-#ifndef OPENSSL_FIPS
-
-static int dsa_builtin_paramgen(DSA *ret, int bits,
- unsigned char *seed_in, int seed_len,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-
-int DSA_generate_parameters_ex(DSA *ret, int bits,
- unsigned char *seed_in, int seed_len,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
- {
- if(ret->meth->dsa_paramgen)
- return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
- counter_ret, h_ret, cb);
- return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
- counter_ret, h_ret, cb);
- }
-
-static int dsa_builtin_paramgen(DSA *ret, int bits,
- unsigned char *seed_in, int seed_len,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
- {
- int ok=0;
- unsigned char seed[SHA_DIGEST_LENGTH];
- unsigned char md[SHA_DIGEST_LENGTH];
- unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
- BIGNUM *r0,*W,*X,*c,*test;
- BIGNUM *g=NULL,*q=NULL,*p=NULL;
- BN_MONT_CTX *mont=NULL;
- int k,n=0,i,m=0;
- int counter=0;
- int r=0;
- BN_CTX *ctx=NULL;
- unsigned int h=2;
-
- if (bits < 512) bits=512;
- bits=(bits+63)/64*64;
-
- /* NB: seed_len == 0 is special case: copy generated seed to
- * seed_in if it is not NULL.
- */
- if (seed_len && (seed_len < 20))
- seed_in = NULL; /* seed buffer too small -- ignore */
- if (seed_len > 20)
- seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
- * but our internal buffers are restricted to 160 bits*/
- if ((seed_in != NULL) && (seed_len == 20))
- {
- memcpy(seed,seed_in,seed_len);
- /* set seed_in to NULL to avoid it being copied back */
- seed_in = NULL;
- }
-
- if ((ctx=BN_CTX_new()) == NULL) goto err;
-
- if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-
- BN_CTX_start(ctx);
- r0 = BN_CTX_get(ctx);
- g = BN_CTX_get(ctx);
- W = BN_CTX_get(ctx);
- q = BN_CTX_get(ctx);
- X = BN_CTX_get(ctx);
- c = BN_CTX_get(ctx);
- p = BN_CTX_get(ctx);
- test = BN_CTX_get(ctx);
-
- if (!BN_lshift(test,BN_value_one(),bits-1))
- goto err;
-
- for (;;)
- {
- for (;;) /* find q */
- {
- int seed_is_random;
-
- /* step 1 */
- if(!BN_GENCB_call(cb, 0, m++))
- goto err;
-
- if (!seed_len)
- {
- RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
- seed_is_random = 1;
- }
- else
- {
- seed_is_random = 0;
- seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
- }
- memcpy(buf,seed,SHA_DIGEST_LENGTH);
- memcpy(buf2,seed,SHA_DIGEST_LENGTH);
- /* precompute "SEED + 1" for step 7: */
- for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
- {
- buf[i]++;
- if (buf[i] != 0) break;
- }
-
- /* step 2 */
- EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
- EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
- for (i=0; i<SHA_DIGEST_LENGTH; i++)
- md[i]^=buf2[i];
-
- /* step 3 */
- md[0]|=0x80;
- md[SHA_DIGEST_LENGTH-1]|=0x01;
- if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
-
- /* step 4 */
- r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
- seed_is_random, cb);
- if (r > 0)
- break;
- if (r != 0)
- goto err;
-
- /* do a callback call */
- /* step 5 */
- }
-
- if(!BN_GENCB_call(cb, 2, 0)) goto err;
- if(!BN_GENCB_call(cb, 3, 0)) goto err;
-
- /* step 6 */
- counter=0;
- /* "offset = 2" */
-
- n=(bits-1)/160;
-
- for (;;)
- {
- if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
- goto err;
-
- /* step 7 */
- BN_zero(W);
- /* now 'buf' contains "SEED + offset - 1" */
- for (k=0; k<=n; k++)
- {
- /* obtain "SEED + offset + k" by incrementing: */
- for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
- {
- buf[i]++;
- if (buf[i] != 0) break;
- }
-
- EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
-
- /* step 8 */
- if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
- goto err;
- if (!BN_lshift(r0,r0,160*k)) goto err;
- if (!BN_add(W,W,r0)) goto err;
- }
-
- /* more of step 8 */
- if (!BN_mask_bits(W,bits-1)) goto err;
- if (!BN_copy(X,W)) goto err;
- if (!BN_add(X,X,test)) goto err;
-
- /* step 9 */
- if (!BN_lshift1(r0,q)) goto err;
- if (!BN_mod(c,X,r0,ctx)) goto err;
- if (!BN_sub(r0,c,BN_value_one())) goto err;
- if (!BN_sub(p,X,r0)) goto err;
-
- /* step 10 */
- if (BN_cmp(p,test) >= 0)
- {
- /* step 11 */
- r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
- ctx, 1, cb);
- if (r > 0)
- goto end; /* found it */
- if (r != 0)
- goto err;
- }
-
- /* step 13 */
- counter++;
- /* "offset = offset + n + 1" */
-
- /* step 14 */
- if (counter >= 4096) break;
- }
- }
-end:
- if(!BN_GENCB_call(cb, 2, 1))
- goto err;
-
- /* We now need to generate g */
- /* Set r0=(p-1)/q */
- if (!BN_sub(test,p,BN_value_one())) goto err;
- if (!BN_div(r0,NULL,test,q,ctx)) goto err;
-
- if (!BN_set_word(test,h)) goto err;
- if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;
-
- for (;;)
- {
- /* g=test^r0%p */
- if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;
- if (!BN_is_one(g)) break;
- if (!BN_add(test,test,BN_value_one())) goto err;
- h++;
- }
-
- if(!BN_GENCB_call(cb, 3, 1))
- goto err;
-
- ok=1;
-err:
- if (ok)
- {
- if(ret->p) BN_free(ret->p);
- if(ret->q) BN_free(ret->q);
- if(ret->g) BN_free(ret->g);
- ret->p=BN_dup(p);
- ret->q=BN_dup(q);
- ret->g=BN_dup(g);
- if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
- {
- ok=0;
- goto err;
- }
- if (seed_in != NULL) memcpy(seed_in,seed,20);
- if (counter_ret != NULL) *counter_ret=counter;
- if (h_ret != NULL) *h_ret=h;
- }
- if(ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (mont != NULL) BN_MONT_CTX_free(mont);
- return ok;
- }
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_gen.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsa_gen.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_gen.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,352 @@
+/* crypto/dsa/dsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+/*
+ * Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
+ */
+# define HASH EVP_sha()
+#else
+/*
+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
+ * 180-1)
+ */
+# define HASH EVP_sha1()
+#endif
+
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
+
+#ifndef OPENSSL_NO_SHA
+
+# include <stdio.h>
+# include <time.h>
+# include "cryptlib.h"
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/rand.h>
+# include <openssl/sha.h>
+
+# ifndef OPENSSL_FIPS
+
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+ unsigned char *seed_in, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb);
+
+int DSA_generate_parameters_ex(DSA *ret, int bits,
+ unsigned char *seed_in, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb)
+{
+ if (ret->meth->dsa_paramgen)
+ return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+ counter_ret, h_ret, cb);
+ return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
+ counter_ret, h_ret, cb);
+}
+
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+ unsigned char *seed_in, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb)
+{
+ int ok = 0;
+ unsigned char seed[SHA_DIGEST_LENGTH];
+ unsigned char md[SHA_DIGEST_LENGTH];
+ unsigned char buf[SHA_DIGEST_LENGTH], buf2[SHA_DIGEST_LENGTH];
+ BIGNUM *r0, *W, *X, *c, *test;
+ BIGNUM *g = NULL, *q = NULL, *p = NULL;
+ BN_MONT_CTX *mont = NULL;
+ int k, n = 0, i, m = 0;
+ int counter = 0;
+ int r = 0;
+ BN_CTX *ctx = NULL;
+ unsigned int h = 2;
+
+ if (bits < 512)
+ bits = 512;
+ bits = (bits + 63) / 64 * 64;
+
+ /*
+ * NB: seed_len == 0 is special case: copy generated seed to seed_in if
+ * it is not NULL.
+ */
+ if (seed_len && (seed_len < 20))
+ seed_in = NULL; /* seed buffer too small -- ignore */
+ if (seed_len > 20)
+ seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger
+ * SEED, but our internal buffers are
+ * restricted to 160 bits */
+ if ((seed_in != NULL) && (seed_len == 20)) {
+ memcpy(seed, seed_in, seed_len);
+ /* set seed_in to NULL to avoid it being copied back */
+ seed_in = NULL;
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+
+ BN_CTX_start(ctx);
+ r0 = BN_CTX_get(ctx);
+ g = BN_CTX_get(ctx);
+ W = BN_CTX_get(ctx);
+ q = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ c = BN_CTX_get(ctx);
+ p = BN_CTX_get(ctx);
+ test = BN_CTX_get(ctx);
+
+ if (!BN_lshift(test, BN_value_one(), bits - 1))
+ goto err;
+
+ for (;;) {
+ for (;;) { /* find q */
+ int seed_is_random;
+
+ /* step 1 */
+ if (!BN_GENCB_call(cb, 0, m++))
+ goto err;
+
+ if (!seed_len) {
+ RAND_pseudo_bytes(seed, SHA_DIGEST_LENGTH);
+ seed_is_random = 1;
+ } else {
+ seed_is_random = 0;
+ seed_len = 0; /* use random seed if 'seed_in' turns out to
+ * be bad */
+ }
+ memcpy(buf, seed, SHA_DIGEST_LENGTH);
+ memcpy(buf2, seed, SHA_DIGEST_LENGTH);
+ /* precompute "SEED + 1" for step 7: */
+ for (i = SHA_DIGEST_LENGTH - 1; i >= 0; i--) {
+ buf[i]++;
+ if (buf[i] != 0)
+ break;
+ }
+
+ /* step 2 */
+ EVP_Digest(seed, SHA_DIGEST_LENGTH, md, NULL, HASH, NULL);
+ EVP_Digest(buf, SHA_DIGEST_LENGTH, buf2, NULL, HASH, NULL);
+ for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+ md[i] ^= buf2[i];
+
+ /* step 3 */
+ md[0] |= 0x80;
+ md[SHA_DIGEST_LENGTH - 1] |= 0x01;
+ if (!BN_bin2bn(md, SHA_DIGEST_LENGTH, q))
+ goto err;
+
+ /* step 4 */
+ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+ seed_is_random, cb);
+ if (r > 0)
+ break;
+ if (r != 0)
+ goto err;
+
+ /* do a callback call */
+ /* step 5 */
+ }
+
+ if (!BN_GENCB_call(cb, 2, 0))
+ goto err;
+ if (!BN_GENCB_call(cb, 3, 0))
+ goto err;
+
+ /* step 6 */
+ counter = 0;
+ /* "offset = 2" */
+
+ n = (bits - 1) / 160;
+
+ for (;;) {
+ if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+ goto err;
+
+ /* step 7 */
+ BN_zero(W);
+ /* now 'buf' contains "SEED + offset - 1" */
+ for (k = 0; k <= n; k++) {
+ /*
+ * obtain "SEED + offset + k" by incrementing:
+ */
+ for (i = SHA_DIGEST_LENGTH - 1; i >= 0; i--) {
+ buf[i]++;
+ if (buf[i] != 0)
+ break;
+ }
+
+ EVP_Digest(buf, SHA_DIGEST_LENGTH, md, NULL, HASH, NULL);
+
+ /* step 8 */
+ if (!BN_bin2bn(md, SHA_DIGEST_LENGTH, r0))
+ goto err;
+ if (!BN_lshift(r0, r0, 160 * k))
+ goto err;
+ if (!BN_add(W, W, r0))
+ goto err;
+ }
+
+ /* more of step 8 */
+ if (!BN_mask_bits(W, bits - 1))
+ goto err;
+ if (!BN_copy(X, W))
+ goto err;
+ if (!BN_add(X, X, test))
+ goto err;
+
+ /* step 9 */
+ if (!BN_lshift1(r0, q))
+ goto err;
+ if (!BN_mod(c, X, r0, ctx))
+ goto err;
+ if (!BN_sub(r0, c, BN_value_one()))
+ goto err;
+ if (!BN_sub(p, X, r0))
+ goto err;
+
+ /* step 10 */
+ if (BN_cmp(p, test) >= 0) {
+ /* step 11 */
+ r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+ if (r > 0)
+ goto end; /* found it */
+ if (r != 0)
+ goto err;
+ }
+
+ /* step 13 */
+ counter++;
+ /* "offset = offset + n + 1" */
+
+ /* step 14 */
+ if (counter >= 4096)
+ break;
+ }
+ }
+ end:
+ if (!BN_GENCB_call(cb, 2, 1))
+ goto err;
+
+ /* We now need to generate g */
+ /* Set r0=(p-1)/q */
+ if (!BN_sub(test, p, BN_value_one()))
+ goto err;
+ if (!BN_div(r0, NULL, test, q, ctx))
+ goto err;
+
+ if (!BN_set_word(test, h))
+ goto err;
+ if (!BN_MONT_CTX_set(mont, p, ctx))
+ goto err;
+
+ for (;;) {
+ /* g=test^r0%p */
+ if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+ goto err;
+ if (!BN_is_one(g))
+ break;
+ if (!BN_add(test, test, BN_value_one()))
+ goto err;
+ h++;
+ }
+
+ if (!BN_GENCB_call(cb, 3, 1))
+ goto err;
+
+ ok = 1;
+ err:
+ if (ok) {
+ if (ret->p)
+ BN_free(ret->p);
+ if (ret->q)
+ BN_free(ret->q);
+ if (ret->g)
+ BN_free(ret->g);
+ ret->p = BN_dup(p);
+ ret->q = BN_dup(q);
+ ret->g = BN_dup(g);
+ if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+ ok = 0;
+ goto err;
+ }
+ if (seed_in != NULL)
+ memcpy(seed_in, seed, 20);
+ if (counter_ret != NULL)
+ *counter_ret = counter;
+ if (h_ret != NULL)
+ *h_ret = h;
+ }
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (mont != NULL)
+ BN_MONT_CTX_free(mont);
+ return ok;
+}
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_key.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_key.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,132 +0,0 @@
-/* crypto/dsa/dsa_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_SHA
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-
-#ifndef OPENSSL_FIPS
-
-static int dsa_builtin_keygen(DSA *dsa);
-
-int DSA_generate_key(DSA *dsa)
- {
- if(dsa->meth->dsa_keygen)
- return dsa->meth->dsa_keygen(dsa);
- return dsa_builtin_keygen(dsa);
- }
-
-static int dsa_builtin_keygen(DSA *dsa)
- {
- int ok=0;
- BN_CTX *ctx=NULL;
- BIGNUM *pub_key=NULL,*priv_key=NULL;
-
- if ((ctx=BN_CTX_new()) == NULL) goto err;
-
- if (dsa->priv_key == NULL)
- {
- if ((priv_key=BN_new()) == NULL) goto err;
- }
- else
- priv_key=dsa->priv_key;
-
- do
- if (!BN_rand_range(priv_key,dsa->q)) goto err;
- while (BN_is_zero(priv_key));
-
- if (dsa->pub_key == NULL)
- {
- if ((pub_key=BN_new()) == NULL) goto err;
- }
- else
- pub_key=dsa->pub_key;
-
- {
- BIGNUM local_prk;
- BIGNUM *prk;
-
- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- BN_init(&local_prk);
- prk = &local_prk;
- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
- }
- else
- prk = priv_key;
-
- if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
- }
-
- dsa->priv_key=priv_key;
- dsa->pub_key=pub_key;
- ok=1;
-
-err:
- if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
- if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
- if (ctx != NULL) BN_CTX_free(ctx);
- return(ok);
- }
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_key.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsa_key.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_key.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,134 @@
+/* crypto/dsa/dsa_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#ifndef OPENSSL_NO_SHA
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/rand.h>
+
+# ifndef OPENSSL_FIPS
+
+static int dsa_builtin_keygen(DSA *dsa);
+
+int DSA_generate_key(DSA *dsa)
+{
+ if (dsa->meth->dsa_keygen)
+ return dsa->meth->dsa_keygen(dsa);
+ return dsa_builtin_keygen(dsa);
+}
+
+static int dsa_builtin_keygen(DSA *dsa)
+{
+ int ok = 0;
+ BN_CTX *ctx = NULL;
+ BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+
+ if (dsa->priv_key == NULL) {
+ if ((priv_key = BN_new()) == NULL)
+ goto err;
+ } else
+ priv_key = dsa->priv_key;
+
+ do
+ if (!BN_rand_range(priv_key, dsa->q))
+ goto err;
+ while (BN_is_zero(priv_key)) ;
+
+ if (dsa->pub_key == NULL) {
+ if ((pub_key = BN_new()) == NULL)
+ goto err;
+ } else
+ pub_key = dsa->pub_key;
+
+ {
+ BIGNUM local_prk;
+ BIGNUM *prk;
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+ BN_init(&local_prk);
+ prk = &local_prk;
+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+ } else
+ prk = priv_key;
+
+ if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx))
+ goto err;
+ }
+
+ dsa->priv_key = priv_key;
+ dsa->pub_key = pub_key;
+ ok = 1;
+
+ err:
+ if ((pub_key != NULL) && (dsa->pub_key == NULL))
+ BN_free(pub_key);
+ if ((priv_key != NULL) && (dsa->priv_key == NULL))
+ BN_free(priv_key);
+ if (ctx != NULL)
+ BN_CTX_free(ctx);
+ return (ok);
+}
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,316 +0,0 @@
-/* crypto/dsa/dsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
-
-static const DSA_METHOD *default_DSA_method = NULL;
-
-void DSA_set_default_method(const DSA_METHOD *meth)
- {
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
- {
- DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
- return;
- }
-#endif
-
- default_DSA_method = meth;
- }
-
-const DSA_METHOD *DSA_get_default_method(void)
- {
- if(!default_DSA_method)
- default_DSA_method = DSA_OpenSSL();
- return default_DSA_method;
- }
-
-DSA *DSA_new(void)
- {
- return DSA_new_method(NULL);
- }
-
-int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
- {
- /* NB: The caller is specifically setting a method, so it's not up to us
- * to deal with which ENGINE it comes from. */
- const DSA_METHOD *mtmp;
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
- {
- DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
- return 0;
- }
-#endif
- mtmp = dsa->meth;
- if (mtmp->finish) mtmp->finish(dsa);
-#ifndef OPENSSL_NO_ENGINE
- if (dsa->engine)
- {
- ENGINE_finish(dsa->engine);
- dsa->engine = NULL;
- }
-#endif
- dsa->meth = meth;
- if (meth->init) meth->init(dsa);
- return 1;
- }
-
-DSA *DSA_new_method(ENGINE *engine)
- {
- DSA *ret;
-
- ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
- if (ret == NULL)
- {
- DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- ret->meth = DSA_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
- if (engine)
- {
- if (!ENGINE_init(engine))
- {
- DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
- OPENSSL_free(ret);
- return NULL;
- }
- ret->engine = engine;
- }
- else
- ret->engine = ENGINE_get_default_DSA();
- if(ret->engine)
- {
- ret->meth = ENGINE_get_DSA(ret->engine);
- if(!ret->meth)
- {
- DSAerr(DSA_F_DSA_NEW_METHOD,
- ERR_R_ENGINE_LIB);
- ENGINE_finish(ret->engine);
- OPENSSL_free(ret);
- return NULL;
- }
- }
-#endif
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD))
- {
- DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
-#ifndef OPENSSL_NO_ENGINE
- if (ret->engine)
- ENGINE_finish(ret->engine);
-#endif
- OPENSSL_free(ret);
- return NULL;
- }
-#endif
-
- ret->pad=0;
- ret->version=0;
- ret->write_params=1;
- ret->p=NULL;
- ret->q=NULL;
- ret->g=NULL;
-
- ret->pub_key=NULL;
- ret->priv_key=NULL;
-
- ret->kinv=NULL;
- ret->r=NULL;
- ret->method_mont_p=NULL;
-
- ret->references=1;
- ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
- {
-#ifndef OPENSSL_NO_ENGINE
- if (ret->engine)
- ENGINE_finish(ret->engine);
-#endif
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
- OPENSSL_free(ret);
- ret=NULL;
- }
-
- return(ret);
- }
-
-void DSA_free(DSA *r)
- {
- int i;
-
- if (r == NULL) return;
-
- i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
-#ifdef REF_PRINT
- REF_PRINT("DSA",r);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"DSA_free, bad reference count\n");
- abort();
- }
-#endif
-
- if(r->meth->finish)
- r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
- if(r->engine)
- ENGINE_finish(r->engine);
-#endif
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
-
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->g != NULL) BN_clear_free(r->g);
- if (r->pub_key != NULL) BN_clear_free(r->pub_key);
- if (r->priv_key != NULL) BN_clear_free(r->priv_key);
- if (r->kinv != NULL) BN_clear_free(r->kinv);
- if (r->r != NULL) BN_clear_free(r->r);
- OPENSSL_free(r);
- }
-
-int DSA_up_ref(DSA *r)
- {
- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
-#ifdef REF_PRINT
- REF_PRINT("DSA",r);
-#endif
-#ifdef REF_CHECK
- if (i < 2)
- {
- fprintf(stderr, "DSA_up_ref, bad reference count\n");
- abort();
- }
-#endif
- return ((i > 1) ? 1 : 0);
- }
-
-int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int DSA_set_ex_data(DSA *d, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
- }
-
-void *DSA_get_ex_data(DSA *d, int idx)
- {
- return(CRYPTO_get_ex_data(&d->ex_data,idx));
- }
-
-#ifndef OPENSSL_NO_DH
-DH *DSA_dup_DH(const DSA *r)
- {
- /* DSA has p, q, g, optional pub_key, optional priv_key.
- * DH has p, optional length, g, optional pub_key, optional priv_key.
- */
-
- DH *ret = NULL;
-
- if (r == NULL)
- goto err;
- ret = DH_new();
- if (ret == NULL)
- goto err;
- if (r->p != NULL)
- if ((ret->p = BN_dup(r->p)) == NULL)
- goto err;
- if (r->q != NULL)
- ret->length = BN_num_bits(r->q);
- if (r->g != NULL)
- if ((ret->g = BN_dup(r->g)) == NULL)
- goto err;
- if (r->pub_key != NULL)
- if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
- goto err;
- if (r->priv_key != NULL)
- if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
- goto err;
-
- return ret;
-
- err:
- if (ret != NULL)
- DH_free(ret);
- return NULL;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsa_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,316 @@
+/* crypto/dsa/dsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+
+const char DSA_version[] = "DSA" OPENSSL_VERSION_PTEXT;
+
+static const DSA_METHOD *default_DSA_method = NULL;
+
+void DSA_set_default_method(const DSA_METHOD *meth)
+{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) {
+ DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
+ return;
+ }
+#endif
+
+ default_DSA_method = meth;
+}
+
+const DSA_METHOD *DSA_get_default_method(void)
+{
+ if (!default_DSA_method)
+ default_DSA_method = DSA_OpenSSL();
+ return default_DSA_method;
+}
+
+DSA *DSA_new(void)
+{
+ return DSA_new_method(NULL);
+}
+
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
+{
+ /*
+ * NB: The caller is specifically setting a method, so it's not up to us
+ * to deal with which ENGINE it comes from.
+ */
+ const DSA_METHOD *mtmp;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) {
+ DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
+ mtmp = dsa->meth;
+ if (mtmp->finish)
+ mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
+ if (dsa->engine) {
+ ENGINE_finish(dsa->engine);
+ dsa->engine = NULL;
+ }
+#endif
+ dsa->meth = meth;
+ if (meth->init)
+ meth->init(dsa);
+ return 1;
+}
+
+DSA *DSA_new_method(ENGINE *engine)
+{
+ DSA *ret;
+
+ ret = (DSA *)OPENSSL_malloc(sizeof(DSA));
+ if (ret == NULL) {
+ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ ret->meth = DSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+ if (engine) {
+ if (!ENGINE_init(engine)) {
+ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ ret->engine = engine;
+ } else
+ ret->engine = ENGINE_get_default_DSA();
+ if (ret->engine) {
+ ret->meth = ENGINE_get_DSA(ret->engine);
+ if (!ret->meth) {
+ DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
+#endif
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)) {
+ DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
+# ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+# endif
+ OPENSSL_free(ret);
+ return NULL;
+ }
+#endif
+
+ ret->pad = 0;
+ ret->version = 0;
+ ret->write_params = 1;
+ ret->p = NULL;
+ ret->q = NULL;
+ ret->g = NULL;
+
+ ret->pub_key = NULL;
+ ret->priv_key = NULL;
+
+ ret->kinv = NULL;
+ ret->r = NULL;
+ ret->method_mont_p = NULL;
+
+ ret->references = 1;
+ ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+#ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+#endif
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+ OPENSSL_free(ret);
+ ret = NULL;
+ }
+
+ return (ret);
+}
+
+void DSA_free(DSA *r)
+{
+ int i;
+
+ if (r == NULL)
+ return;
+
+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+ REF_PRINT("DSA", r);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "DSA_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ if (r->meth->finish)
+ r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+ if (r->engine)
+ ENGINE_finish(r->engine);
+#endif
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
+
+ if (r->p != NULL)
+ BN_clear_free(r->p);
+ if (r->q != NULL)
+ BN_clear_free(r->q);
+ if (r->g != NULL)
+ BN_clear_free(r->g);
+ if (r->pub_key != NULL)
+ BN_clear_free(r->pub_key);
+ if (r->priv_key != NULL)
+ BN_clear_free(r->priv_key);
+ if (r->kinv != NULL)
+ BN_clear_free(r->kinv);
+ if (r->r != NULL)
+ BN_clear_free(r->r);
+ OPENSSL_free(r);
+}
+
+int DSA_up_ref(DSA *r)
+{
+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+ REF_PRINT("DSA", r);
+#endif
+#ifdef REF_CHECK
+ if (i < 2) {
+ fprintf(stderr, "DSA_up_ref, bad reference count\n");
+ abort();
+ }
+#endif
+ return ((i > 1) ? 1 : 0);
+}
+
+int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int DSA_set_ex_data(DSA *d, int idx, void *arg)
+{
+ return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
+}
+
+void *DSA_get_ex_data(DSA *d, int idx)
+{
+ return (CRYPTO_get_ex_data(&d->ex_data, idx));
+}
+
+#ifndef OPENSSL_NO_DH
+DH *DSA_dup_DH(const DSA *r)
+{
+ /*
+ * DSA has p, q, g, optional pub_key, optional priv_key. DH has p,
+ * optional length, g, optional pub_key, optional priv_key.
+ */
+
+ DH *ret = NULL;
+
+ if (r == NULL)
+ goto err;
+ ret = DH_new();
+ if (ret == NULL)
+ goto err;
+ if (r->p != NULL)
+ if ((ret->p = BN_dup(r->p)) == NULL)
+ goto err;
+ if (r->q != NULL)
+ ret->length = BN_num_bits(r->q);
+ if (r->g != NULL)
+ if ((ret->g = BN_dup(r->g)) == NULL)
+ goto err;
+ if (r->pub_key != NULL)
+ if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
+ goto err;
+ if (r->priv_key != NULL)
+ if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
+ goto err;
+
+ return ret;
+
+ err:
+ if (ret != NULL)
+ DH_free(ret);
+ return NULL;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_ossl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_ossl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,397 +0,0 @@
-/* crypto/dsa/dsa_ossl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-
-#ifndef OPENSSL_FIPS
-
-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
- DSA *dsa);
-static int dsa_init(DSA *dsa);
-static int dsa_finish(DSA *dsa);
-
-static DSA_METHOD openssl_dsa_meth = {
-"OpenSSL DSA method",
-dsa_do_sign,
-dsa_sign_setup,
-dsa_do_verify,
-NULL, /* dsa_mod_exp, */
-NULL, /* dsa_bn_mod_exp, */
-dsa_init,
-dsa_finish,
-0,
-NULL,
-NULL,
-NULL
-};
-
-/* These macro wrappers replace attempts to use the dsa_mod_exp() and
- * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
- * having a the macro work as an expression by bundling an "err_instr". So;
- *
- * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
- * dsa->method_mont_p)) goto err;
- *
- * can be replaced by;
- *
- * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
- * dsa->method_mont_p);
- */
-
-#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
- do { \
- int _tmp_res53; \
- if((dsa)->meth->dsa_mod_exp) \
- _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
- (a2), (p2), (m), (ctx), (in_mont)); \
- else \
- _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
- (m), (ctx), (in_mont)); \
- if(!_tmp_res53) err_instr; \
- } while(0)
-#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
- do { \
- int _tmp_res53; \
- if((dsa)->meth->bn_mod_exp) \
- _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
- (m), (ctx), (m_ctx)); \
- else \
- _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
- if(!_tmp_res53) err_instr; \
- } while(0)
-
-const DSA_METHOD *DSA_OpenSSL(void)
-{
- return &openssl_dsa_meth;
-}
-
-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
- BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
- BIGNUM m;
- BIGNUM xr;
- BN_CTX *ctx=NULL;
- int i,reason=ERR_R_BN_LIB;
- DSA_SIG *ret=NULL;
-
- BN_init(&m);
- BN_init(&xr);
-
- if (!dsa->p || !dsa->q || !dsa->g)
- {
- reason=DSA_R_MISSING_PARAMETERS;
- goto err;
- }
-
- s=BN_new();
- if (s == NULL) goto err;
-
- i=BN_num_bytes(dsa->q); /* should be 20 */
- if ((dlen > i) || (dlen > 50))
- {
- reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
- goto err;
- }
-
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
-
- if ((dsa->kinv == NULL) || (dsa->r == NULL))
- {
- if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
- }
- else
- {
- kinv=dsa->kinv;
- dsa->kinv=NULL;
- r=dsa->r;
- dsa->r=NULL;
- }
-
- if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
-
- /* Compute s = inv(k) (m + xr) mod q */
- if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
- if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
- if (BN_cmp(s,dsa->q) > 0)
- if (!BN_sub(s,s,dsa->q))
- goto err;
- if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
-
- ret=DSA_SIG_new();
- if (ret == NULL) goto err;
- ret->r = r;
- ret->s = s;
-
-err:
- if (!ret)
- {
- DSAerr(DSA_F_DSA_DO_SIGN,reason);
- BN_free(r);
- BN_free(s);
- }
- if (ctx != NULL) BN_CTX_free(ctx);
- BN_clear_free(&m);
- BN_clear_free(&xr);
- if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
- BN_clear_free(kinv);
- return(ret);
- }
-
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
- {
- BN_CTX *ctx;
- BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
- int ret=0;
-
- if (!dsa->p || !dsa->q || !dsa->g)
- {
- DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
- return 0;
- }
-
- BN_init(&k);
- BN_init(&kq);
-
- if (ctx_in == NULL)
- {
- if ((ctx=BN_CTX_new()) == NULL) goto err;
- }
- else
- ctx=ctx_in;
-
- if ((r=BN_new()) == NULL) goto err;
-
- /* Get random k */
- do
- if (!BN_rand_range(&k, dsa->q)) goto err;
- while (BN_is_zero(&k));
- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- BN_set_flags(&k, BN_FLG_CONSTTIME);
- }
-
- if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
- {
- if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
- CRYPTO_LOCK_DSA,
- dsa->p, ctx))
- goto err;
- }
-
- /* Compute r = (g^k mod p) mod q */
-
- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- if (!BN_copy(&kq, &k)) goto err;
-
- /* We do not want timing information to leak the length of k,
- * so we compute g^k using an equivalent exponent of fixed length.
- *
- * (This is a kludge that we need because the BN_mod_exp_mont()
- * does not let us specify the desired timing behaviour.) */
-
- if (!BN_add(&kq, &kq, dsa->q)) goto err;
- if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
- {
- if (!BN_add(&kq, &kq, dsa->q)) goto err;
- }
-
- K = &kq;
- }
- else
- {
- K = &k;
- }
- DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
- dsa->method_mont_p);
- if (!BN_mod(r,r,dsa->q,ctx)) goto err;
-
- /* Compute part of 's = inv(k) (m + xr) mod q' */
- if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
-
- if (*kinvp != NULL) BN_clear_free(*kinvp);
- *kinvp=kinv;
- kinv=NULL;
- if (*rp != NULL) BN_clear_free(*rp);
- *rp=r;
- ret=1;
-err:
- if (!ret)
- {
- DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
- if (kinv != NULL) BN_clear_free(kinv);
- if (r != NULL) BN_clear_free(r);
- }
- if (ctx_in == NULL) BN_CTX_free(ctx);
- if (kinv != NULL) BN_clear_free(kinv);
- BN_clear_free(&k);
- BN_clear_free(&kq);
- return(ret);
- }
-
-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
- DSA *dsa)
- {
- BN_CTX *ctx;
- BIGNUM u1,u2,t1;
- BN_MONT_CTX *mont=NULL;
- int ret = -1;
- if (!dsa->p || !dsa->q || !dsa->g)
- {
- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
- return -1;
- }
-
- if (BN_num_bits(dsa->q) != 160)
- {
- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
- return -1;
- }
-
- if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
- {
- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
- return -1;
- }
-
- BN_init(&u1);
- BN_init(&u2);
- BN_init(&t1);
-
- if ((ctx=BN_CTX_new()) == NULL) goto err;
-
- if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
- BN_ucmp(sig->r, dsa->q) >= 0)
- {
- ret = 0;
- goto err;
- }
- if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
- BN_ucmp(sig->s, dsa->q) >= 0)
- {
- ret = 0;
- goto err;
- }
-
- /* Calculate W = inv(S) mod Q
- * save W in u2 */
- if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
-
- /* save M in u1 */
- if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
-
- /* u1 = M * w mod q */
- if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
-
- /* u2 = r * w mod q */
- if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
-
-
- if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
- {
- mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
- CRYPTO_LOCK_DSA, dsa->p, ctx);
- if (!mont)
- goto err;
- }
-
-
- DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
- /* BN_copy(&u1,&t1); */
- /* let u1 = u1 mod q */
- if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
-
- /* V is now in u1. If the signature is correct, it will be
- * equal to R. */
- ret=(BN_ucmp(&u1, sig->r) == 0);
-
- err:
- /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
- there is no error in BN. Test should be ret == -1 (Ben) */
- if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
- if (ctx != NULL) BN_CTX_free(ctx);
- BN_free(&u1);
- BN_free(&u2);
- BN_free(&t1);
- return(ret);
- }
-
-static int dsa_init(DSA *dsa)
-{
- dsa->flags|=DSA_FLAG_CACHE_MONT_P;
- return(1);
-}
-
-static int dsa_finish(DSA *dsa)
-{
- if(dsa->method_mont_p)
- BN_MONT_CTX_free(dsa->method_mont_p);
- return(1);
-}
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_ossl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsa_ossl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_ossl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_ossl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,412 @@
+/* crypto/dsa/dsa_ossl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+
+#ifndef OPENSSL_FIPS
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp);
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+
+static DSA_METHOD openssl_dsa_meth = {
+ "OpenSSL DSA method",
+ dsa_do_sign,
+ dsa_sign_setup,
+ dsa_do_verify,
+ NULL, /* dsa_mod_exp, */
+ NULL, /* dsa_bn_mod_exp, */
+ dsa_init,
+ dsa_finish,
+ 0,
+ NULL,
+ NULL,
+ NULL
+};
+
+/*-
+ * These macro wrappers replace attempts to use the dsa_mod_exp() and
+ * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
+ * having a the macro work as an expression by bundling an "err_instr". So;
+ *
+ * if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+ * dsa->method_mont_p)) goto err;
+ *
+ * can be replaced by;
+ *
+ * DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
+ * dsa->method_mont_p);
+ */
+
+# define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
+ do { \
+ int _tmp_res53; \
+ if((dsa)->meth->dsa_mod_exp) \
+ _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
+ (a2), (p2), (m), (ctx), (in_mont)); \
+ else \
+ _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
+ (m), (ctx), (in_mont)); \
+ if(!_tmp_res53) err_instr; \
+ } while(0)
+# define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
+ do { \
+ int _tmp_res53; \
+ if((dsa)->meth->bn_mod_exp) \
+ _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
+ (m), (ctx), (m_ctx)); \
+ else \
+ _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
+ if(!_tmp_res53) err_instr; \
+ } while(0)
+
+const DSA_METHOD *DSA_OpenSSL(void)
+{
+ return &openssl_dsa_meth;
+}
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+ BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
+ BIGNUM m;
+ BIGNUM xr;
+ BN_CTX *ctx = NULL;
+ int i, reason = ERR_R_BN_LIB;
+ DSA_SIG *ret = NULL;
+
+ BN_init(&m);
+ BN_init(&xr);
+
+ if (!dsa->p || !dsa->q || !dsa->g) {
+ reason = DSA_R_MISSING_PARAMETERS;
+ goto err;
+ }
+
+ s = BN_new();
+ if (s == NULL)
+ goto err;
+
+ i = BN_num_bytes(dsa->q); /* should be 20 */
+ if ((dlen > i) || (dlen > 50)) {
+ reason = DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+ goto err;
+ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+
+ if ((dsa->kinv == NULL) || (dsa->r == NULL)) {
+ if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
+ goto err;
+ } else {
+ kinv = dsa->kinv;
+ dsa->kinv = NULL;
+ r = dsa->r;
+ dsa->r = NULL;
+ }
+
+ if (BN_bin2bn(dgst, dlen, &m) == NULL)
+ goto err;
+
+ /* Compute s = inv(k) (m + xr) mod q */
+ if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx))
+ goto err; /* s = xr */
+ if (!BN_add(s, &xr, &m))
+ goto err; /* s = m + xr */
+ if (BN_cmp(s, dsa->q) > 0)
+ if (!BN_sub(s, s, dsa->q))
+ goto err;
+ if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
+ goto err;
+
+ ret = DSA_SIG_new();
+ if (ret == NULL)
+ goto err;
+ ret->r = r;
+ ret->s = s;
+
+ err:
+ if (!ret) {
+ DSAerr(DSA_F_DSA_DO_SIGN, reason);
+ BN_free(r);
+ BN_free(s);
+ }
+ if (ctx != NULL)
+ BN_CTX_free(ctx);
+ BN_clear_free(&m);
+ BN_clear_free(&xr);
+ if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
+ BN_clear_free(kinv);
+ return (ret);
+}
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp)
+{
+ BN_CTX *ctx;
+ BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
+ int ret = 0;
+
+ if (!dsa->p || !dsa->q || !dsa->g) {
+ DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
+ return 0;
+ }
+
+ BN_init(&k);
+ BN_init(&kq);
+
+ if (ctx_in == NULL) {
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ } else
+ ctx = ctx_in;
+
+ if ((r = BN_new()) == NULL)
+ goto err;
+
+ /* Get random k */
+ do
+ if (!BN_rand_range(&k, dsa->q))
+ goto err;
+ while (BN_is_zero(&k)) ;
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+ BN_set_flags(&k, BN_FLG_CONSTTIME);
+ }
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+ if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA, dsa->p, ctx))
+ goto err;
+ }
+
+ /* Compute r = (g^k mod p) mod q */
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+ if (!BN_copy(&kq, &k))
+ goto err;
+
+ /*
+ * We do not want timing information to leak the length of k, so we
+ * compute g^k using an equivalent exponent of fixed length. (This
+ * is a kludge that we need because the BN_mod_exp_mont() does not
+ * let us specify the desired timing behaviour.)
+ */
+
+ if (!BN_add(&kq, &kq, dsa->q))
+ goto err;
+ if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
+ if (!BN_add(&kq, &kq, dsa->q))
+ goto err;
+ }
+
+ K = &kq;
+ } else {
+ K = &k;
+ }
+ DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
+ dsa->method_mont_p);
+ if (!BN_mod(r, r, dsa->q, ctx))
+ goto err;
+
+ /* Compute part of 's = inv(k) (m + xr) mod q' */
+ if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL)
+ goto err;
+
+ if (*kinvp != NULL)
+ BN_clear_free(*kinvp);
+ *kinvp = kinv;
+ kinv = NULL;
+ if (*rp != NULL)
+ BN_clear_free(*rp);
+ *rp = r;
+ ret = 1;
+ err:
+ if (!ret) {
+ DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
+ if (kinv != NULL)
+ BN_clear_free(kinv);
+ if (r != NULL)
+ BN_clear_free(r);
+ }
+ if (ctx_in == NULL)
+ BN_CTX_free(ctx);
+ if (kinv != NULL)
+ BN_clear_free(kinv);
+ BN_clear_free(&k);
+ BN_clear_free(&kq);
+ return (ret);
+}
+
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa)
+{
+ BN_CTX *ctx;
+ BIGNUM u1, u2, t1;
+ BN_MONT_CTX *mont = NULL;
+ int ret = -1;
+ if (!dsa->p || !dsa->q || !dsa->g) {
+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
+ return -1;
+ }
+
+ if (BN_num_bits(dsa->q) != 160) {
+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
+ return -1;
+ }
+
+ if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
+ BN_init(&u1);
+ BN_init(&u2);
+ BN_init(&t1);
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+
+ if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+ BN_ucmp(sig->r, dsa->q) >= 0) {
+ ret = 0;
+ goto err;
+ }
+ if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
+ BN_ucmp(sig->s, dsa->q) >= 0) {
+ ret = 0;
+ goto err;
+ }
+
+ /*
+ * Calculate W = inv(S) mod Q save W in u2
+ */
+ if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL)
+ goto err;
+
+ /* save M in u1 */
+ if (BN_bin2bn(dgst, dgst_len, &u1) == NULL)
+ goto err;
+
+ /* u1 = M * w mod q */
+ if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))
+ goto err;
+
+ /* u2 = r * w mod q */
+ if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))
+ goto err;
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA, dsa->p, ctx);
+ if (!mont)
+ goto err;
+ }
+
+ DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p,
+ ctx, mont);
+ /* BN_copy(&u1,&t1); */
+ /* let u1 = u1 mod q */
+ if (!BN_mod(&u1, &t1, dsa->q, ctx))
+ goto err;
+
+ /*
+ * V is now in u1. If the signature is correct, it will be equal to R.
+ */
+ ret = (BN_ucmp(&u1, sig->r) == 0);
+
+ err:
+ /*
+ * XXX: surely this is wrong - if ret is 0, it just didn't verify; there
+ * is no error in BN. Test should be ret == -1 (Ben)
+ */
+ if (ret != 1)
+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
+ if (ctx != NULL)
+ BN_CTX_free(ctx);
+ BN_free(&u1);
+ BN_free(&u2);
+ BN_free(&t1);
+ return (ret);
+}
+
+static int dsa_init(DSA *dsa)
+{
+ dsa->flags |= DSA_FLAG_CACHE_MONT_P;
+ return (1);
+}
+
+static int dsa_finish(DSA *dsa)
+{
+ if (dsa->method_mont_p)
+ BN_MONT_CTX_free(dsa->method_mont_p);
+ return (1);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_sign.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_sign.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,95 +0,0 @@
-/* crypto/dsa/dsa_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
-#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
- {
- DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return NULL;
- }
-#endif
- return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
- }
-
-int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
- {
-#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
- {
- DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return 0;
- }
-#endif
- return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_sign.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsa_sign.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_sign.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,92 @@
+/* crypto/dsa/dsa_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return NULL;
+ }
+#endif
+ return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
+}
+
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+ DSAerr(DSA_F_DSA_SIGN_SETUP,
+ DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
+ return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_utl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_utl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_utl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,95 +0,0 @@
-/* crypto/dsa/dsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/asn1.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-DSA_SIG *DSA_SIG_new(void)
- {
- DSA_SIG *sig;
- sig = OPENSSL_malloc(sizeof(DSA_SIG));
- if (!sig)
- return NULL;
- sig->r = NULL;
- sig->s = NULL;
- return sig;
- }
-
-void DSA_SIG_free(DSA_SIG *sig)
- {
- if (sig)
- {
- if (sig->r)
- BN_free(sig->r);
- if (sig->s)
- BN_free(sig->s);
- OPENSSL_free(sig);
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_utl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsa_utl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_utl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_utl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,93 @@
+/* crypto/dsa/dsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+
+DSA_SIG *DSA_SIG_new(void)
+{
+ DSA_SIG *sig;
+ sig = OPENSSL_malloc(sizeof(DSA_SIG));
+ if (!sig)
+ return NULL;
+ sig->r = NULL;
+ sig->s = NULL;
+ return sig;
+}
+
+void DSA_SIG_free(DSA_SIG *sig)
+{
+ if (sig) {
+ if (sig->r)
+ BN_free(sig->r);
+ if (sig->s)
+ BN_free(sig->s);
+ OPENSSL_free(sig);
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_vrf.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsa_vrf.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_vrf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,84 +0,0 @@
-/* crypto/dsa/dsa_vrf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include <openssl/asn1_mac.h>
-
-int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
- DSA *dsa)
- {
-#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
- {
- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return 0;
- }
-#endif
- return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_vrf.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsa_vrf.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_vrf.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsa_vrf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,83 @@
+/* crypto/dsa/dsa_vrf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#include <openssl/asn1_mac.h>
+
+int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+ DSA *dsa)
+{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
+ return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsagen.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsagen.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsagen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,111 +0,0 @@
-/* crypto/dsa/dsagen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/dsa.h>
-
-#define TEST
-#define GENUINE_DSA
-
-#ifdef GENUINE_DSA
-#define LAST_VALUE 0xbd
-#else
-#define LAST_VALUE 0xd3
-#endif
-
-#ifdef TEST
-unsigned char seed[20]={
- 0xd5,0x01,0x4e,0x4b,
- 0x60,0xef,0x2b,0xa8,
- 0xb6,0x21,0x1b,0x40,
- 0x62,0xba,0x32,0x24,
- 0xe0,0x42,0x7d,LAST_VALUE};
-#endif
-
-int cb(int p, int n)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- printf("%c",c);
- fflush(stdout);
- }
-
-main()
- {
- int i;
- BIGNUM *n;
- BN_CTX *ctx;
- unsigned char seed_buf[20];
- DSA *dsa;
- int counter,h;
- BIO *bio_err=NULL;
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- memcpy(seed_buf,seed,20);
- dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
-
- if (dsa == NULL)
- DSA_print(bio_err,dsa,0);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsagen.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsagen.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsagen.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsagen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,115 @@
+/* crypto/dsa/dsagen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/dsa.h>
+
+#define TEST
+#define GENUINE_DSA
+
+#ifdef GENUINE_DSA
+# define LAST_VALUE 0xbd
+#else
+# define LAST_VALUE 0xd3
+#endif
+
+#ifdef TEST
+unsigned char seed[20] = {
+ 0xd5, 0x01, 0x4e, 0x4b,
+ 0x60, 0xef, 0x2b, 0xa8,
+ 0xb6, 0x21, 0x1b, 0x40,
+ 0x62, 0xba, 0x32, 0x24,
+ 0xe0, 0x42, 0x7d, LAST_VALUE
+};
+#endif
+
+int cb(int p, int n)
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ printf("%c", c);
+ fflush(stdout);
+}
+
+main()
+{
+ int i;
+ BIGNUM *n;
+ BN_CTX *ctx;
+ unsigned char seed_buf[20];
+ DSA *dsa;
+ int counter, h;
+ BIO *bio_err = NULL;
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ memcpy(seed_buf, seed, 20);
+ dsa = DSA_generate_parameters(1024, seed, 20, &counter, &h, cb, bio_err);
+
+ if (dsa == NULL)
+ DSA_print(bio_err, dsa, 0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsatest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dsa/dsatest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsatest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,260 +0,0 @@
-/* crypto/dsa/dsatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include "../e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_NO_DSA
-int main(int argc, char *argv[])
-{
- printf("No DSA support\n");
- return(0);
-}
-#else
-#include <openssl/dsa.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define MS_CALLBACK _far _loadds
-#else
-#define MS_CALLBACK
-#endif
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg);
-
-/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
- * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
-static unsigned char seed[20]={
- 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
- 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
- };
-
-static unsigned char out_p[]={
- 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
- 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
- 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
- 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
- 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
- 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
- 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
- 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
- };
-
-static unsigned char out_q[]={
- 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
- 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
- 0xda,0xce,0x91,0x5f,
- };
-
-static unsigned char out_g[]={
- 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
- 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
- 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
- 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
- 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
- 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
- 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
- 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
- };
-
-static const unsigned char str1[]="12345678901234567890";
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-static BIO *bio_err=NULL;
-
-int main(int argc, char **argv)
- {
- BN_GENCB cb;
- DSA *dsa=NULL;
- int counter,ret=0,i,j;
- unsigned char buf[256];
- unsigned long h;
- unsigned char sig[256];
- unsigned int siglen;
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- CRYPTO_malloc_debug_init();
- CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- ERR_load_crypto_strings();
- RAND_seed(rnd_seed, sizeof rnd_seed);
-
- BIO_printf(bio_err,"test generation of DSA parameters\n");
-
- BN_GENCB_set(&cb, dsa_cb, bio_err);
- if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
- seed, 20, &counter, &h, &cb))
- goto end;
-
- BIO_printf(bio_err,"seed\n");
- for (i=0; i<20; i+=4)
- {
- BIO_printf(bio_err,"%02X%02X%02X%02X ",
- seed[i],seed[i+1],seed[i+2],seed[i+3]);
- }
- BIO_printf(bio_err,"\ncounter=%d h=%ld\n",counter,h);
-
- if (dsa == NULL) goto end;
- DSA_print(bio_err,dsa,0);
- if (counter != 105)
- {
- BIO_printf(bio_err,"counter should be 105\n");
- goto end;
- }
- if (h != 2)
- {
- BIO_printf(bio_err,"h should be 2\n");
- goto end;
- }
-
- i=BN_bn2bin(dsa->q,buf);
- j=sizeof(out_q);
- if ((i != j) || (memcmp(buf,out_q,i) != 0))
- {
- BIO_printf(bio_err,"q value is wrong\n");
- goto end;
- }
-
- i=BN_bn2bin(dsa->p,buf);
- j=sizeof(out_p);
- if ((i != j) || (memcmp(buf,out_p,i) != 0))
- {
- BIO_printf(bio_err,"p value is wrong\n");
- goto end;
- }
-
- i=BN_bn2bin(dsa->g,buf);
- j=sizeof(out_g);
- if ((i != j) || (memcmp(buf,out_g,i) != 0))
- {
- BIO_printf(bio_err,"g value is wrong\n");
- goto end;
- }
-
- dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
- DSA_generate_key(dsa);
- DSA_sign(0, str1, 20, sig, &siglen, dsa);
- if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
- ret=1;
-
- dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
- DSA_generate_key(dsa);
- DSA_sign(0, str1, 20, sig, &siglen, dsa);
- if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
- ret=1;
-
-end:
- if (!ret)
- ERR_print_errors(bio_err);
- if (dsa != NULL) DSA_free(dsa);
- CRYPTO_cleanup_all_ex_data();
- ERR_remove_state(0);
- ERR_free_strings();
- CRYPTO_mem_leaks(bio_err);
- if (bio_err != NULL)
- {
- BIO_free(bio_err);
- bio_err = NULL;
- }
-#ifdef OPENSSL_SYS_NETWARE
- if (!ret) printf("ERROR\n");
-#endif
- EXIT(!ret);
- return(0);
- }
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg)
- {
- char c='*';
- static int ok=0,num=0;
-
- if (p == 0) { c='.'; num++; };
- if (p == 1) c='+';
- if (p == 2) { c='*'; ok++; }
- if (p == 3) c='\n';
- BIO_write(arg->arg,&c,1);
- (void)BIO_flush(arg->arg);
-
- if (!ok && (p == 0) && (num > 1))
- {
- BIO_printf((BIO *)arg,"error in dsatest\n");
- return 0;
- }
- return 1;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsatest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dsa/dsatest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsatest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dsa/dsatest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,270 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code
+ */
+#ifdef OPENSSL_NO_DEPRECATED
+# undef OPENSSL_NO_DEPRECATED
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include "../e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_NO_DSA
+int main(int argc, char *argv[])
+{
+ printf("No DSA support\n");
+ return (0);
+}
+#else
+# include <openssl/dsa.h>
+
+# ifdef OPENSSL_SYS_WIN16
+# define MS_CALLBACK _far _loadds
+# else
+# define MS_CALLBACK
+# endif
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg);
+
+/*
+ * seed, out_p, out_q, out_g are taken from the updated Appendix 5 to FIPS
+ * PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1
+ */
+static unsigned char seed[20] = {
+ 0xd5, 0x01, 0x4e, 0x4b, 0x60, 0xef, 0x2b, 0xa8, 0xb6, 0x21, 0x1b, 0x40,
+ 0x62, 0xba, 0x32, 0x24, 0xe0, 0x42, 0x7d, 0xd3,
+};
+
+static unsigned char out_p[] = {
+ 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, 0xaa,
+ 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, 0xcb,
+ 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, 0xf7,
+ 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, 0xe5,
+ 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, 0xaf,
+ 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, 0xac,
+ 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, 0xc2,
+ 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, 0x91,
+};
+
+static unsigned char out_q[] = {
+ 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, 0xee,
+ 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, 0x8e,
+ 0xda, 0xce, 0x91, 0x5f,
+};
+
+static unsigned char out_g[] = {
+ 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, 0x13,
+ 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, 0x00,
+ 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, 0xcb,
+ 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, 0x2e,
+ 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, 0xbf,
+ 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, 0x9c,
+ 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, 0x8c,
+ 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, 0x02,
+};
+
+static const unsigned char str1[] = "12345678901234567890";
+
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+
+static BIO *bio_err = NULL;
+
+int main(int argc, char **argv)
+{
+ BN_GENCB cb;
+ DSA *dsa = NULL;
+ int counter, ret = 0, i, j;
+ unsigned char buf[256];
+ unsigned long h;
+ unsigned char sig[256];
+ unsigned int siglen;
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ ERR_load_crypto_strings();
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+
+ BIO_printf(bio_err, "test generation of DSA parameters\n");
+
+ BN_GENCB_set(&cb, dsa_cb, bio_err);
+ if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512,
+ seed, 20,
+ &counter,
+ &h, &cb))
+ goto end;
+
+ BIO_printf(bio_err, "seed\n");
+ for (i = 0; i < 20; i += 4) {
+ BIO_printf(bio_err, "%02X%02X%02X%02X ",
+ seed[i], seed[i + 1], seed[i + 2], seed[i + 3]);
+ }
+ BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h);
+
+ if (dsa == NULL)
+ goto end;
+ DSA_print(bio_err, dsa, 0);
+ if (counter != 105) {
+ BIO_printf(bio_err, "counter should be 105\n");
+ goto end;
+ }
+ if (h != 2) {
+ BIO_printf(bio_err, "h should be 2\n");
+ goto end;
+ }
+
+ i = BN_bn2bin(dsa->q, buf);
+ j = sizeof(out_q);
+ if ((i != j) || (memcmp(buf, out_q, i) != 0)) {
+ BIO_printf(bio_err, "q value is wrong\n");
+ goto end;
+ }
+
+ i = BN_bn2bin(dsa->p, buf);
+ j = sizeof(out_p);
+ if ((i != j) || (memcmp(buf, out_p, i) != 0)) {
+ BIO_printf(bio_err, "p value is wrong\n");
+ goto end;
+ }
+
+ i = BN_bn2bin(dsa->g, buf);
+ j = sizeof(out_g);
+ if ((i != j) || (memcmp(buf, out_g, i) != 0)) {
+ BIO_printf(bio_err, "g value is wrong\n");
+ goto end;
+ }
+
+ dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
+ DSA_generate_key(dsa);
+ DSA_sign(0, str1, 20, sig, &siglen, dsa);
+ if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+ ret = 1;
+
+ dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
+ DSA_generate_key(dsa);
+ DSA_sign(0, str1, 20, sig, &siglen, dsa);
+ if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+ ret = 1;
+
+ end:
+ if (!ret)
+ ERR_print_errors(bio_err);
+ if (dsa != NULL)
+ DSA_free(dsa);
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+ ERR_free_strings();
+ CRYPTO_mem_leaks(bio_err);
+ if (bio_err != NULL) {
+ BIO_free(bio_err);
+ bio_err = NULL;
+ }
+# ifdef OPENSSL_SYS_NETWARE
+ if (!ret)
+ printf("ERROR\n");
+# endif
+ EXIT(!ret);
+ return (0);
+}
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg)
+{
+ char c = '*';
+ static int ok = 0, num = 0;
+
+ if (p == 0) {
+ c = '.';
+ num++;
+ };
+ if (p == 1)
+ c = '+';
+ if (p == 2) {
+ c = '*';
+ ok++;
+ }
+ if (p == 3)
+ c = '\n';
+ BIO_write(arg->arg, &c, 1);
+ (void)BIO_flush(arg->arg);
+
+ if (!ok && (p == 0) && (num > 1)) {
+ BIO_printf((BIO *)arg, "error in dsatest\n");
+ return 0;
+ }
+ return 1;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,368 +0,0 @@
-/* dso.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DSO_H
-#define HEADER_DSO_H
-
-#include <openssl/crypto.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* These values are used as commands to DSO_ctrl() */
-#define DSO_CTRL_GET_FLAGS 1
-#define DSO_CTRL_SET_FLAGS 2
-#define DSO_CTRL_OR_FLAGS 3
-
-/* By default, DSO_load() will translate the provided filename into a form
- * typical for the platform (more specifically the DSO_METHOD) using the
- * dso_name_converter function of the method. Eg. win32 will transform "blah"
- * into "blah.dll", and dlfcn will transform it into "libblah.so". The
- * behaviour can be overriden by setting the name_converter callback in the DSO
- * object (using DSO_set_name_converter()). This callback could even utilise
- * the DSO_METHOD's converter too if it only wants to override behaviour for
- * one or two possible DSO methods. However, the following flag can be set in a
- * DSO to prevent *any* native name-translation at all - eg. if the caller has
- * prompted the user for a path to a driver library so the filename should be
- * interpreted as-is. */
-#define DSO_FLAG_NO_NAME_TRANSLATION 0x01
-/* An extra flag to give if only the extension should be added as
- * translation. This is obviously only of importance on Unix and
- * other operating systems where the translation also may prefix
- * the name with something, like 'lib', and ignored everywhere else.
- * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used
- * at the same time. */
-#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02
-
-/* The following flag controls the translation of symbol names to upper
- * case. This is currently only being implemented for OpenVMS.
- */
-#define DSO_FLAG_UPCASE_SYMBOL 0x10
-
-/* This flag loads the library with public symbols.
- * Meaning: The exported symbols of this library are public
- * to all libraries loaded after this library.
- * At the moment only implemented in unix.
- */
-#define DSO_FLAG_GLOBAL_SYMBOLS 0x20
-
-
-typedef void (*DSO_FUNC_TYPE)(void);
-
-typedef struct dso_st DSO;
-
-/* The function prototype used for method functions (or caller-provided
- * callbacks) that transform filenames. They are passed a DSO structure pointer
- * (or NULL if they are to be used independantly of a DSO object) and a
- * filename to transform. They should either return NULL (if there is an error
- * condition) or a newly allocated string containing the transformed form that
- * the caller will need to free with OPENSSL_free() when done. */
-typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
-/* The function prototype used for method functions (or caller-provided
- * callbacks) that merge two file specifications. They are passed a
- * DSO structure pointer (or NULL if they are to be used independantly of
- * a DSO object) and two file specifications to merge. They should
- * either return NULL (if there is an error condition) or a newly allocated
- * string containing the result of merging that the caller will need
- * to free with OPENSSL_free() when done.
- * Here, merging means that bits and pieces are taken from each of the
- * file specifications and added together in whatever fashion that is
- * sensible for the DSO method in question. The only rule that really
- * applies is that if the two specification contain pieces of the same
- * type, the copy from the first string takes priority. One could see
- * it as the first specification is the one given by the user and the
- * second being a bunch of defaults to add on if they're missing in the
- * first. */
-typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
-
-typedef struct dso_meth_st
- {
- const char *name;
- /* Loads a shared library, NB: new DSO_METHODs must ensure that a
- * successful load populates the loaded_filename field, and likewise a
- * successful unload OPENSSL_frees and NULLs it out. */
- int (*dso_load)(DSO *dso);
- /* Unloads a shared library */
- int (*dso_unload)(DSO *dso);
- /* Binds a variable */
- void *(*dso_bind_var)(DSO *dso, const char *symname);
- /* Binds a function - assumes a return type of DSO_FUNC_TYPE.
- * This should be cast to the real function prototype by the
- * caller. Platforms that don't have compatible representations
- * for different prototypes (this is possible within ANSI C)
- * are highly unlikely to have shared libraries at all, let
- * alone a DSO_METHOD implemented for them. */
- DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname);
-
-/* I don't think this would actually be used in any circumstances. */
-#if 0
- /* Unbinds a variable */
- int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr);
- /* Unbinds a function */
- int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-#endif
- /* The generic (yuck) "ctrl()" function. NB: Negative return
- * values (rather than zero) indicate errors. */
- long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg);
- /* The default DSO_METHOD-specific function for converting filenames to
- * a canonical native form. */
- DSO_NAME_CONVERTER_FUNC dso_name_converter;
- /* The default DSO_METHOD-specific function for converting filenames to
- * a canonical native form. */
- DSO_MERGER_FUNC dso_merger;
-
- /* [De]Initialisation handlers. */
- int (*init)(DSO *dso);
- int (*finish)(DSO *dso);
- } DSO_METHOD;
-
-/**********************************************************************/
-/* The low-level handle type used to refer to a loaded shared library */
-
-struct dso_st
- {
- DSO_METHOD *meth;
- /* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS
- * doesn't use anything but will need to cache the filename
- * for use in the dso_bind handler. All in all, let each
- * method control its own destiny. "Handles" and such go in
- * a STACK. */
- STACK *meth_data;
- int references;
- int flags;
- /* For use by applications etc ... use this for your bits'n'pieces,
- * don't touch meth_data! */
- CRYPTO_EX_DATA ex_data;
- /* If this callback function pointer is set to non-NULL, then it will
- * be used in DSO_load() in place of meth->dso_name_converter. NB: This
- * should normally set using DSO_set_name_converter(). */
- DSO_NAME_CONVERTER_FUNC name_converter;
- /* If this callback function pointer is set to non-NULL, then it will
- * be used in DSO_load() in place of meth->dso_merger. NB: This
- * should normally set using DSO_set_merger(). */
- DSO_MERGER_FUNC merger;
- /* This is populated with (a copy of) the platform-independant
- * filename used for this DSO. */
- char *filename;
- /* This is populated with (a copy of) the translated filename by which
- * the DSO was actually loaded. It is NULL iff the DSO is not currently
- * loaded. NB: This is here because the filename translation process
- * may involve a callback being invoked more than once not only to
- * convert to a platform-specific form, but also to try different
- * filenames in the process of trying to perform a load. As such, this
- * variable can be used to indicate (a) whether this DSO structure
- * corresponds to a loaded library or not, and (b) the filename with
- * which it was actually loaded. */
- char *loaded_filename;
- };
-
-
-DSO * DSO_new(void);
-DSO * DSO_new_method(DSO_METHOD *method);
-int DSO_free(DSO *dso);
-int DSO_flags(DSO *dso);
-int DSO_up_ref(DSO *dso);
-long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
-
-/* This function sets the DSO's name_converter callback. If it is non-NULL,
- * then it will be used instead of the associated DSO_METHOD's function. If
- * oldcb is non-NULL then it is set to the function pointer value being
- * replaced. Return value is non-zero for success. */
-int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
- DSO_NAME_CONVERTER_FUNC *oldcb);
-/* These functions can be used to get/set the platform-independant filename
- * used for a DSO. NB: set will fail if the DSO is already loaded. */
-const char *DSO_get_filename(DSO *dso);
-int DSO_set_filename(DSO *dso, const char *filename);
-/* This function will invoke the DSO's name_converter callback to translate a
- * filename, or if the callback isn't set it will instead use the DSO_METHOD's
- * converter. If "filename" is NULL, the "filename" in the DSO itself will be
- * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
- * simply duplicated. NB: This function is usually called from within a
- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that
- * caller-created DSO_METHODs can do the same thing. A non-NULL return value
- * will need to be OPENSSL_free()'d. */
-char *DSO_convert_filename(DSO *dso, const char *filename);
-/* This function will invoke the DSO's merger callback to merge two file
- * specifications, or if the callback isn't set it will instead use the
- * DSO_METHOD's merger. A non-NULL return value will need to be
- * OPENSSL_free()'d. */
-char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
-/* If the DSO is currently loaded, this returns the filename that it was loaded
- * under, otherwise it returns NULL. So it is also useful as a test as to
- * whether the DSO is currently loaded. NB: This will not necessarily return
- * the same value as DSO_convert_filename(dso, dso->filename), because the
- * DSO_METHOD's load function may have tried a variety of filenames (with
- * and/or without the aid of the converters) before settling on the one it
- * actually loaded. */
-const char *DSO_get_loaded_filename(DSO *dso);
-
-void DSO_set_default_method(DSO_METHOD *meth);
-DSO_METHOD *DSO_get_default_method(void);
-DSO_METHOD *DSO_get_method(DSO *dso);
-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
-
-/* The all-singing all-dancing load function, you normally pass NULL
- * for the first and third parameters. Use DSO_up and DSO_free for
- * subsequent reference count handling. Any flags passed in will be set
- * in the constructed DSO after its init() function but before the
- * load operation. If 'dso' is non-NULL, 'flags' is ignored. */
-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
-
-/* This function binds to a variable inside a shared library. */
-void *DSO_bind_var(DSO *dso, const char *symname);
-
-/* This function binds to a function inside a shared library. */
-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
-
-/* This method is the default, but will beg, borrow, or steal whatever
- * method should be the default on any particular platform (including
- * DSO_METH_null() if necessary). */
-DSO_METHOD *DSO_METHOD_openssl(void);
-
-/* This method is defined for all platforms - if a platform has no
- * DSO support then this will be the only method! */
-DSO_METHOD *DSO_METHOD_null(void);
-
-/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions
- * (dlopen, dlclose, dlsym, etc) will be used and incorporated into
- * this method. If not, this method will return NULL. */
-DSO_METHOD *DSO_METHOD_dlfcn(void);
-
-/* If DSO_DL is defined, the standard dl.h-style functions (shl_load,
- * shl_unload, shl_findsym, etc) will be used and incorporated into
- * this method. If not, this method will return NULL. */
-DSO_METHOD *DSO_METHOD_dl(void);
-
-/* If WIN32 is defined, use DLLs. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_win32(void);
-
-/* If VMS is defined, use shared images. If not, return NULL. */
-DSO_METHOD *DSO_METHOD_vms(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_DSO_strings(void);
-
-/* Error codes for the DSO functions. */
-
-/* Function codes. */
-#define DSO_F_DLFCN_BIND_FUNC 100
-#define DSO_F_DLFCN_BIND_VAR 101
-#define DSO_F_DLFCN_LOAD 102
-#define DSO_F_DLFCN_MERGER 130
-#define DSO_F_DLFCN_NAME_CONVERTER 123
-#define DSO_F_DLFCN_UNLOAD 103
-#define DSO_F_DL_BIND_FUNC 104
-#define DSO_F_DL_BIND_VAR 105
-#define DSO_F_DL_LOAD 106
-#define DSO_F_DL_MERGER 131
-#define DSO_F_DL_NAME_CONVERTER 124
-#define DSO_F_DL_UNLOAD 107
-#define DSO_F_DSO_BIND_FUNC 108
-#define DSO_F_DSO_BIND_VAR 109
-#define DSO_F_DSO_CONVERT_FILENAME 126
-#define DSO_F_DSO_CTRL 110
-#define DSO_F_DSO_FREE 111
-#define DSO_F_DSO_GET_FILENAME 127
-#define DSO_F_DSO_GET_LOADED_FILENAME 128
-#define DSO_F_DSO_LOAD 112
-#define DSO_F_DSO_MERGE 132
-#define DSO_F_DSO_NEW_METHOD 113
-#define DSO_F_DSO_SET_FILENAME 129
-#define DSO_F_DSO_SET_NAME_CONVERTER 122
-#define DSO_F_DSO_UP_REF 114
-#define DSO_F_VMS_BIND_SYM 115
-#define DSO_F_VMS_LOAD 116
-#define DSO_F_VMS_MERGER 133
-#define DSO_F_VMS_UNLOAD 117
-#define DSO_F_WIN32_BIND_FUNC 118
-#define DSO_F_WIN32_BIND_VAR 119
-#define DSO_F_WIN32_JOINER 135
-#define DSO_F_WIN32_LOAD 120
-#define DSO_F_WIN32_MERGER 134
-#define DSO_F_WIN32_NAME_CONVERTER 125
-#define DSO_F_WIN32_SPLITTER 136
-#define DSO_F_WIN32_UNLOAD 121
-
-/* Reason codes. */
-#define DSO_R_CTRL_FAILED 100
-#define DSO_R_DSO_ALREADY_LOADED 110
-#define DSO_R_EMPTY_FILE_STRUCTURE 113
-#define DSO_R_FAILURE 114
-#define DSO_R_FILENAME_TOO_BIG 101
-#define DSO_R_FINISH_FAILED 102
-#define DSO_R_INCORRECT_FILE_SYNTAX 115
-#define DSO_R_LOAD_FAILED 103
-#define DSO_R_NAME_TRANSLATION_FAILED 109
-#define DSO_R_NO_FILENAME 111
-#define DSO_R_NO_FILE_SPECIFICATION 116
-#define DSO_R_NULL_HANDLE 104
-#define DSO_R_SET_FILENAME_FAILED 112
-#define DSO_R_STACK_ERROR 105
-#define DSO_R_SYM_FAILURE 106
-#define DSO_R_UNLOAD_FAILED 107
-#define DSO_R_UNSUPPORTED 108
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso.h (from rev 6976, vendor-crypto/openssl/dist/crypto/dso/dso.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dso/dso.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,410 @@
+/* dso.h -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_DSO_H
+# define HEADER_DSO_H
+
+# include <openssl/crypto.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* These values are used as commands to DSO_ctrl() */
+# define DSO_CTRL_GET_FLAGS 1
+# define DSO_CTRL_SET_FLAGS 2
+# define DSO_CTRL_OR_FLAGS 3
+
+/*
+ * By default, DSO_load() will translate the provided filename into a form
+ * typical for the platform (more specifically the DSO_METHOD) using the
+ * dso_name_converter function of the method. Eg. win32 will transform "blah"
+ * into "blah.dll", and dlfcn will transform it into "libblah.so". The
+ * behaviour can be overriden by setting the name_converter callback in the
+ * DSO object (using DSO_set_name_converter()). This callback could even
+ * utilise the DSO_METHOD's converter too if it only wants to override
+ * behaviour for one or two possible DSO methods. However, the following flag
+ * can be set in a DSO to prevent *any* native name-translation at all - eg.
+ * if the caller has prompted the user for a path to a driver library so the
+ * filename should be interpreted as-is.
+ */
+# define DSO_FLAG_NO_NAME_TRANSLATION 0x01
+/*
+ * An extra flag to give if only the extension should be added as
+ * translation. This is obviously only of importance on Unix and other
+ * operating systems where the translation also may prefix the name with
+ * something, like 'lib', and ignored everywhere else. This flag is also
+ * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time.
+ */
+# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02
+
+/*
+ * The following flag controls the translation of symbol names to upper case.
+ * This is currently only being implemented for OpenVMS.
+ */
+# define DSO_FLAG_UPCASE_SYMBOL 0x10
+
+/*
+ * This flag loads the library with public symbols. Meaning: The exported
+ * symbols of this library are public to all libraries loaded after this
+ * library. At the moment only implemented in unix.
+ */
+# define DSO_FLAG_GLOBAL_SYMBOLS 0x20
+
+typedef void (*DSO_FUNC_TYPE) (void);
+
+typedef struct dso_st DSO;
+
+/*
+ * The function prototype used for method functions (or caller-provided
+ * callbacks) that transform filenames. They are passed a DSO structure
+ * pointer (or NULL if they are to be used independantly of a DSO object) and
+ * a filename to transform. They should either return NULL (if there is an
+ * error condition) or a newly allocated string containing the transformed
+ * form that the caller will need to free with OPENSSL_free() when done.
+ */
+typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
+/*
+ * The function prototype used for method functions (or caller-provided
+ * callbacks) that merge two file specifications. They are passed a DSO
+ * structure pointer (or NULL if they are to be used independantly of a DSO
+ * object) and two file specifications to merge. They should either return
+ * NULL (if there is an error condition) or a newly allocated string
+ * containing the result of merging that the caller will need to free with
+ * OPENSSL_free() when done. Here, merging means that bits and pieces are
+ * taken from each of the file specifications and added together in whatever
+ * fashion that is sensible for the DSO method in question. The only rule
+ * that really applies is that if the two specification contain pieces of the
+ * same type, the copy from the first string takes priority. One could see
+ * it as the first specification is the one given by the user and the second
+ * being a bunch of defaults to add on if they're missing in the first.
+ */
+typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
+
+typedef struct dso_meth_st {
+ const char *name;
+ /*
+ * Loads a shared library, NB: new DSO_METHODs must ensure that a
+ * successful load populates the loaded_filename field, and likewise a
+ * successful unload OPENSSL_frees and NULLs it out.
+ */
+ int (*dso_load) (DSO *dso);
+ /* Unloads a shared library */
+ int (*dso_unload) (DSO *dso);
+ /* Binds a variable */
+ void *(*dso_bind_var) (DSO *dso, const char *symname);
+ /*
+ * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should
+ * be cast to the real function prototype by the caller. Platforms that
+ * don't have compatible representations for different prototypes (this
+ * is possible within ANSI C) are highly unlikely to have shared
+ * libraries at all, let alone a DSO_METHOD implemented for them.
+ */
+ DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname);
+/* I don't think this would actually be used in any circumstances. */
+# if 0
+ /* Unbinds a variable */
+ int (*dso_unbind_var) (DSO *dso, char *symname, void *symptr);
+ /* Unbinds a function */
+ int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+# endif
+ /*
+ * The generic (yuck) "ctrl()" function. NB: Negative return values
+ * (rather than zero) indicate errors.
+ */
+ long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg);
+ /*
+ * The default DSO_METHOD-specific function for converting filenames to a
+ * canonical native form.
+ */
+ DSO_NAME_CONVERTER_FUNC dso_name_converter;
+ /*
+ * The default DSO_METHOD-specific function for converting filenames to a
+ * canonical native form.
+ */
+ DSO_MERGER_FUNC dso_merger;
+ /* [De]Initialisation handlers. */
+ int (*init) (DSO *dso);
+ int (*finish) (DSO *dso);
+} DSO_METHOD;
+
+/**********************************************************************/
+/* The low-level handle type used to refer to a loaded shared library */
+
+struct dso_st {
+ DSO_METHOD *meth;
+ /*
+ * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use
+ * anything but will need to cache the filename for use in the dso_bind
+ * handler. All in all, let each method control its own destiny.
+ * "Handles" and such go in a STACK.
+ */
+ STACK *meth_data;
+ int references;
+ int flags;
+ /*
+ * For use by applications etc ... use this for your bits'n'pieces, don't
+ * touch meth_data!
+ */
+ CRYPTO_EX_DATA ex_data;
+ /*
+ * If this callback function pointer is set to non-NULL, then it will be
+ * used in DSO_load() in place of meth->dso_name_converter. NB: This
+ * should normally set using DSO_set_name_converter().
+ */
+ DSO_NAME_CONVERTER_FUNC name_converter;
+ /*
+ * If this callback function pointer is set to non-NULL, then it will be
+ * used in DSO_load() in place of meth->dso_merger. NB: This should
+ * normally set using DSO_set_merger().
+ */
+ DSO_MERGER_FUNC merger;
+ /*
+ * This is populated with (a copy of) the platform-independant filename
+ * used for this DSO.
+ */
+ char *filename;
+ /*
+ * This is populated with (a copy of) the translated filename by which
+ * the DSO was actually loaded. It is NULL iff the DSO is not currently
+ * loaded. NB: This is here because the filename translation process may
+ * involve a callback being invoked more than once not only to convert to
+ * a platform-specific form, but also to try different filenames in the
+ * process of trying to perform a load. As such, this variable can be
+ * used to indicate (a) whether this DSO structure corresponds to a
+ * loaded library or not, and (b) the filename with which it was actually
+ * loaded.
+ */
+ char *loaded_filename;
+};
+
+DSO *DSO_new(void);
+DSO *DSO_new_method(DSO_METHOD *method);
+int DSO_free(DSO *dso);
+int DSO_flags(DSO *dso);
+int DSO_up_ref(DSO *dso);
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+/*
+ * This function sets the DSO's name_converter callback. If it is non-NULL,
+ * then it will be used instead of the associated DSO_METHOD's function. If
+ * oldcb is non-NULL then it is set to the function pointer value being
+ * replaced. Return value is non-zero for success.
+ */
+int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
+ DSO_NAME_CONVERTER_FUNC *oldcb);
+/*
+ * These functions can be used to get/set the platform-independant filename
+ * used for a DSO. NB: set will fail if the DSO is already loaded.
+ */
+const char *DSO_get_filename(DSO *dso);
+int DSO_set_filename(DSO *dso, const char *filename);
+/*
+ * This function will invoke the DSO's name_converter callback to translate a
+ * filename, or if the callback isn't set it will instead use the DSO_METHOD's
+ * converter. If "filename" is NULL, the "filename" in the DSO itself will be
+ * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
+ * simply duplicated. NB: This function is usually called from within a
+ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so
+ * that caller-created DSO_METHODs can do the same thing. A non-NULL return
+ * value will need to be OPENSSL_free()'d.
+ */
+char *DSO_convert_filename(DSO *dso, const char *filename);
+/*
+ * This function will invoke the DSO's merger callback to merge two file
+ * specifications, or if the callback isn't set it will instead use the
+ * DSO_METHOD's merger. A non-NULL return value will need to be
+ * OPENSSL_free()'d.
+ */
+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
+/*
+ * If the DSO is currently loaded, this returns the filename that it was
+ * loaded under, otherwise it returns NULL. So it is also useful as a test as
+ * to whether the DSO is currently loaded. NB: This will not necessarily
+ * return the same value as DSO_convert_filename(dso, dso->filename), because
+ * the DSO_METHOD's load function may have tried a variety of filenames (with
+ * and/or without the aid of the converters) before settling on the one it
+ * actually loaded.
+ */
+const char *DSO_get_loaded_filename(DSO *dso);
+
+void DSO_set_default_method(DSO_METHOD *meth);
+DSO_METHOD *DSO_get_default_method(void);
+DSO_METHOD *DSO_get_method(DSO *dso);
+DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
+
+/*
+ * The all-singing all-dancing load function, you normally pass NULL for the
+ * first and third parameters. Use DSO_up and DSO_free for subsequent
+ * reference count handling. Any flags passed in will be set in the
+ * constructed DSO after its init() function but before the load operation.
+ * If 'dso' is non-NULL, 'flags' is ignored.
+ */
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
+
+/* This function binds to a variable inside a shared library. */
+void *DSO_bind_var(DSO *dso, const char *symname);
+
+/* This function binds to a function inside a shared library. */
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
+
+/*
+ * This method is the default, but will beg, borrow, or steal whatever method
+ * should be the default on any particular platform (including
+ * DSO_METH_null() if necessary).
+ */
+DSO_METHOD *DSO_METHOD_openssl(void);
+
+/*
+ * This method is defined for all platforms - if a platform has no DSO
+ * support then this will be the only method!
+ */
+DSO_METHOD *DSO_METHOD_null(void);
+
+/*
+ * If DSO_DLFCN is defined, the standard dlfcn.h-style functions (dlopen,
+ * dlclose, dlsym, etc) will be used and incorporated into this method. If
+ * not, this method will return NULL.
+ */
+DSO_METHOD *DSO_METHOD_dlfcn(void);
+
+/*
+ * If DSO_DL is defined, the standard dl.h-style functions (shl_load,
+ * shl_unload, shl_findsym, etc) will be used and incorporated into this
+ * method. If not, this method will return NULL.
+ */
+DSO_METHOD *DSO_METHOD_dl(void);
+
+/* If WIN32 is defined, use DLLs. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_win32(void);
+
+/* If VMS is defined, use shared images. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_vms(void);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_DSO_strings(void);
+
+/* Error codes for the DSO functions. */
+
+/* Function codes. */
+# define DSO_F_DLFCN_BIND_FUNC 100
+# define DSO_F_DLFCN_BIND_VAR 101
+# define DSO_F_DLFCN_LOAD 102
+# define DSO_F_DLFCN_MERGER 130
+# define DSO_F_DLFCN_NAME_CONVERTER 123
+# define DSO_F_DLFCN_UNLOAD 103
+# define DSO_F_DL_BIND_FUNC 104
+# define DSO_F_DL_BIND_VAR 105
+# define DSO_F_DL_LOAD 106
+# define DSO_F_DL_MERGER 131
+# define DSO_F_DL_NAME_CONVERTER 124
+# define DSO_F_DL_UNLOAD 107
+# define DSO_F_DSO_BIND_FUNC 108
+# define DSO_F_DSO_BIND_VAR 109
+# define DSO_F_DSO_CONVERT_FILENAME 126
+# define DSO_F_DSO_CTRL 110
+# define DSO_F_DSO_FREE 111
+# define DSO_F_DSO_GET_FILENAME 127
+# define DSO_F_DSO_GET_LOADED_FILENAME 128
+# define DSO_F_DSO_LOAD 112
+# define DSO_F_DSO_MERGE 132
+# define DSO_F_DSO_NEW_METHOD 113
+# define DSO_F_DSO_SET_FILENAME 129
+# define DSO_F_DSO_SET_NAME_CONVERTER 122
+# define DSO_F_DSO_UP_REF 114
+# define DSO_F_VMS_BIND_SYM 115
+# define DSO_F_VMS_LOAD 116
+# define DSO_F_VMS_MERGER 133
+# define DSO_F_VMS_UNLOAD 117
+# define DSO_F_WIN32_BIND_FUNC 118
+# define DSO_F_WIN32_BIND_VAR 119
+# define DSO_F_WIN32_JOINER 135
+# define DSO_F_WIN32_LOAD 120
+# define DSO_F_WIN32_MERGER 134
+# define DSO_F_WIN32_NAME_CONVERTER 125
+# define DSO_F_WIN32_SPLITTER 136
+# define DSO_F_WIN32_UNLOAD 121
+
+/* Reason codes. */
+# define DSO_R_CTRL_FAILED 100
+# define DSO_R_DSO_ALREADY_LOADED 110
+# define DSO_R_EMPTY_FILE_STRUCTURE 113
+# define DSO_R_FAILURE 114
+# define DSO_R_FILENAME_TOO_BIG 101
+# define DSO_R_FINISH_FAILED 102
+# define DSO_R_INCORRECT_FILE_SYNTAX 115
+# define DSO_R_LOAD_FAILED 103
+# define DSO_R_NAME_TRANSLATION_FAILED 109
+# define DSO_R_NO_FILENAME 111
+# define DSO_R_NO_FILE_SPECIFICATION 116
+# define DSO_R_NULL_HANDLE 104
+# define DSO_R_SET_FILENAME_FAILED 112
+# define DSO_R_STACK_ERROR 105
+# define DSO_R_SYM_FAILURE 106
+# define DSO_R_UNLOAD_FAILED 107
+# define DSO_R_UNSUPPORTED 108
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_dl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,353 +0,0 @@
-/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#ifndef DSO_DL
-DSO_METHOD *DSO_METHOD_dl(void)
- {
- return NULL;
- }
-#else
-
-#include <dl.h>
-
-/* Part of the hack in "dl_load" ... */
-#define DSO_MAX_TRANSLATED_SIZE 256
-
-static int dl_load(DSO *dso);
-static int dl_unload(DSO *dso);
-static void *dl_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
-#if 0
-static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
-static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-static int dl_init(DSO *dso);
-static int dl_finish(DSO *dso);
-static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
-#endif
-static char *dl_name_converter(DSO *dso, const char *filename);
-static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2);
-
-static DSO_METHOD dso_meth_dl = {
- "OpenSSL 'dl' shared library method",
- dl_load,
- dl_unload,
- dl_bind_var,
- dl_bind_func,
-/* For now, "unbind" doesn't exist */
-#if 0
- NULL, /* unbind_var */
- NULL, /* unbind_func */
-#endif
- NULL, /* ctrl */
- dl_name_converter,
- dl_merger,
- NULL, /* init */
- NULL /* finish */
- };
-
-DSO_METHOD *DSO_METHOD_dl(void)
- {
- return(&dso_meth_dl);
- }
-
-/* For this DSO_METHOD, our meth_data STACK will contain;
- * (i) the handle (shl_t) returned from shl_load().
- * NB: I checked on HPUX11 and shl_t is itself a pointer
- * type so the cast is safe.
- */
-
-static int dl_load(DSO *dso)
- {
- shl_t ptr = NULL;
- /* We don't do any fancy retries or anything, just take the method's
- * (or DSO's if it has the callback set) best translation of the
- * platform-independant filename and try once with that. */
- char *filename= DSO_convert_filename(dso, NULL);
-
- if(filename == NULL)
- {
- DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
- goto err;
- }
- ptr = shl_load(filename, BIND_IMMEDIATE |
- (dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
- if(ptr == NULL)
- {
- DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
- ERR_add_error_data(4, "filename(", filename, "): ",
- strerror(errno));
- goto err;
- }
- if(!sk_push(dso->meth_data, (char *)ptr))
- {
- DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR);
- goto err;
- }
- /* Success, stick the converted filename we've loaded under into the DSO
- * (it also serves as the indicator that we are currently loaded). */
- dso->loaded_filename = filename;
- return(1);
-err:
- /* Cleanup! */
- if(filename != NULL)
- OPENSSL_free(filename);
- if(ptr != NULL)
- shl_unload(ptr);
- return(0);
- }
-
-static int dl_unload(DSO *dso)
- {
- shl_t ptr;
- if(dso == NULL)
- {
- DSOerr(DSO_F_DL_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if(sk_num(dso->meth_data) < 1)
- return(1);
- /* Is this statement legal? */
- ptr = (shl_t)sk_pop(dso->meth_data);
- if(ptr == NULL)
- {
- DSOerr(DSO_F_DL_UNLOAD,DSO_R_NULL_HANDLE);
- /* Should push the value back onto the stack in
- * case of a retry. */
- sk_push(dso->meth_data, (char *)ptr);
- return(0);
- }
- shl_unload(ptr);
- return(1);
- }
-
-static void *dl_bind_var(DSO *dso, const char *symname)
- {
- shl_t ptr;
- void *sym;
-
- if((dso == NULL) || (symname == NULL))
- {
- DSOerr(DSO_F_DL_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- if(sk_num(dso->meth_data) < 1)
- {
- DSOerr(DSO_F_DL_BIND_VAR,DSO_R_STACK_ERROR);
- return(NULL);
- }
- ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
- if(ptr == NULL)
- {
- DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);
- return(NULL);
- }
- if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
- {
- DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
- ERR_add_error_data(4, "symname(", symname, "): ",
- strerror(errno));
- return(NULL);
- }
- return(sym);
- }
-
-static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
- {
- shl_t ptr;
- void *sym;
-
- if((dso == NULL) || (symname == NULL))
- {
- DSOerr(DSO_F_DL_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- if(sk_num(dso->meth_data) < 1)
- {
- DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_STACK_ERROR);
- return(NULL);
- }
- ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
- if(ptr == NULL)
- {
- DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);
- return(NULL);
- }
- if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
- {
- DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
- ERR_add_error_data(4, "symname(", symname, "): ",
- strerror(errno));
- return(NULL);
- }
- return((DSO_FUNC_TYPE)sym);
- }
-
-static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
- {
- char *merged;
-
- if(!filespec1 && !filespec2)
- {
- DSOerr(DSO_F_DL_MERGER,
- ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- /* If the first file specification is a rooted path, it rules.
- same goes if the second file specification is missing. */
- if (!filespec2 || filespec1[0] == '/')
- {
- merged = OPENSSL_malloc(strlen(filespec1) + 1);
- if(!merged)
- {
- DSOerr(DSO_F_DL_MERGER,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- strcpy(merged, filespec1);
- }
- /* If the first file specification is missing, the second one rules. */
- else if (!filespec1)
- {
- merged = OPENSSL_malloc(strlen(filespec2) + 1);
- if(!merged)
- {
- DSOerr(DSO_F_DL_MERGER,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- strcpy(merged, filespec2);
- }
- else
- /* This part isn't as trivial as it looks. It assumes that
- the second file specification really is a directory, and
- makes no checks whatsoever. Therefore, the result becomes
- the concatenation of filespec2 followed by a slash followed
- by filespec1. */
- {
- int spec2len, len;
-
- spec2len = (filespec2 ? strlen(filespec2) : 0);
- len = spec2len + (filespec1 ? strlen(filespec1) : 0);
-
- if(filespec2 && filespec2[spec2len - 1] == '/')
- {
- spec2len--;
- len--;
- }
- merged = OPENSSL_malloc(len + 2);
- if(!merged)
- {
- DSOerr(DSO_F_DL_MERGER,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- strcpy(merged, filespec2);
- merged[spec2len] = '/';
- strcpy(&merged[spec2len + 1], filespec1);
- }
- return(merged);
- }
-
-/* This function is identical to the one in dso_dlfcn.c, but as it is highly
- * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the
- * same time, there's no great duplicating the code. Figuring out an elegant
- * way to share one copy of the code would be more difficult and would not
- * leave the implementations independant. */
-#if defined(__hpux)
-static const char extension[] = ".sl";
-#else
-static const char extension[] = ".so";
-#endif
-static char *dl_name_converter(DSO *dso, const char *filename)
- {
- char *translated;
- int len, rsize, transform;
-
- len = strlen(filename);
- rsize = len + 1;
- transform = (strstr(filename, "/") == NULL);
- {
- /* We will convert this to "%s.s?" or "lib%s.s?" */
- rsize += strlen(extension);/* The length of ".s?" */
- if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
- rsize += 3; /* The length of "lib" */
- }
- translated = OPENSSL_malloc(rsize);
- if(translated == NULL)
- {
- DSOerr(DSO_F_DL_NAME_CONVERTER,
- DSO_R_NAME_TRANSLATION_FAILED);
- return(NULL);
- }
- if(transform)
- {
- if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
- sprintf(translated, "lib%s%s", filename, extension);
- else
- sprintf(translated, "%s%s", filename, extension);
- }
- else
- sprintf(translated, "%s", filename);
- return(translated);
- }
-
-#endif /* DSO_DL */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dso/dso_dl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,337 @@
+/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef DSO_DL
+DSO_METHOD *DSO_METHOD_dl(void)
+{
+ return NULL;
+}
+#else
+
+# include <dl.h>
+
+/* Part of the hack in "dl_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dl_load(DSO *dso);
+static int dl_unload(DSO *dso);
+static void *dl_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
+# if 0
+static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
+static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int dl_init(DSO *dso);
+static int dl_finish(DSO *dso);
+static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
+# endif
+static char *dl_name_converter(DSO *dso, const char *filename);
+static char *dl_merger(DSO *dso, const char *filespec1,
+ const char *filespec2);
+
+static DSO_METHOD dso_meth_dl = {
+ "OpenSSL 'dl' shared library method",
+ dl_load,
+ dl_unload,
+ dl_bind_var,
+ dl_bind_func,
+/* For now, "unbind" doesn't exist */
+# if 0
+ NULL, /* unbind_var */
+ NULL, /* unbind_func */
+# endif
+ NULL, /* ctrl */
+ dl_name_converter,
+ dl_merger,
+ NULL, /* init */
+ NULL /* finish */
+};
+
+DSO_METHOD *DSO_METHOD_dl(void)
+{
+ return (&dso_meth_dl);
+}
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
+ * (shl_t) returned from shl_load(). NB: I checked on HPUX11 and shl_t is
+ * itself a pointer type so the cast is safe.
+ */
+
+static int dl_load(DSO *dso)
+{
+ shl_t ptr = NULL;
+ /*
+ * We don't do any fancy retries or anything, just take the method's (or
+ * DSO's if it has the callback set) best translation of the
+ * platform-independant filename and try once with that.
+ */
+ char *filename = DSO_convert_filename(dso, NULL);
+
+ if (filename == NULL) {
+ DSOerr(DSO_F_DL_LOAD, DSO_R_NO_FILENAME);
+ goto err;
+ }
+ ptr = shl_load(filename, BIND_IMMEDIATE |
+ (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 :
+ DYNAMIC_PATH), 0L);
+ if (ptr == NULL) {
+ DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED);
+ ERR_add_error_data(4, "filename(", filename, "): ", strerror(errno));
+ goto err;
+ }
+ if (!sk_push(dso->meth_data, (char *)ptr)) {
+ DSOerr(DSO_F_DL_LOAD, DSO_R_STACK_ERROR);
+ goto err;
+ }
+ /*
+ * Success, stick the converted filename we've loaded under into the DSO
+ * (it also serves as the indicator that we are currently loaded).
+ */
+ dso->loaded_filename = filename;
+ return (1);
+ err:
+ /* Cleanup! */
+ if (filename != NULL)
+ OPENSSL_free(filename);
+ if (ptr != NULL)
+ shl_unload(ptr);
+ return (0);
+}
+
+static int dl_unload(DSO *dso)
+{
+ shl_t ptr;
+ if (dso == NULL) {
+ DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (sk_num(dso->meth_data) < 1)
+ return (1);
+ /* Is this statement legal? */
+ ptr = (shl_t) sk_pop(dso->meth_data);
+ if (ptr == NULL) {
+ DSOerr(DSO_F_DL_UNLOAD, DSO_R_NULL_HANDLE);
+ /*
+ * Should push the value back onto the stack in case of a retry.
+ */
+ sk_push(dso->meth_data, (char *)ptr);
+ return (0);
+ }
+ shl_unload(ptr);
+ return (1);
+}
+
+static void *dl_bind_var(DSO *dso, const char *symname)
+{
+ shl_t ptr;
+ void *sym;
+
+ if ((dso == NULL) || (symname == NULL)) {
+ DSOerr(DSO_F_DL_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ if (sk_num(dso->meth_data) < 1) {
+ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_STACK_ERROR);
+ return (NULL);
+ }
+ ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+ if (ptr == NULL) {
+ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_NULL_HANDLE);
+ return (NULL);
+ }
+ if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
+ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_SYM_FAILURE);
+ ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno));
+ return (NULL);
+ }
+ return (sym);
+}
+
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
+{
+ shl_t ptr;
+ void *sym;
+
+ if ((dso == NULL) || (symname == NULL)) {
+ DSOerr(DSO_F_DL_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ if (sk_num(dso->meth_data) < 1) {
+ DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_STACK_ERROR);
+ return (NULL);
+ }
+ ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+ if (ptr == NULL) {
+ DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_NULL_HANDLE);
+ return (NULL);
+ }
+ if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
+ DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE);
+ ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno));
+ return (NULL);
+ }
+ return ((DSO_FUNC_TYPE)sym);
+}
+
+static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
+{
+ char *merged;
+
+ if (!filespec1 && !filespec2) {
+ DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ /*
+ * If the first file specification is a rooted path, it rules. same goes
+ * if the second file specification is missing.
+ */
+ if (!filespec2 || filespec1[0] == '/') {
+ merged = OPENSSL_malloc(strlen(filespec1) + 1);
+ if (!merged) {
+ DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ strcpy(merged, filespec1);
+ }
+ /*
+ * If the first file specification is missing, the second one rules.
+ */
+ else if (!filespec1) {
+ merged = OPENSSL_malloc(strlen(filespec2) + 1);
+ if (!merged) {
+ DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ strcpy(merged, filespec2);
+ } else
+ /*
+ * This part isn't as trivial as it looks. It assumes that the
+ * second file specification really is a directory, and makes no
+ * checks whatsoever. Therefore, the result becomes the
+ * concatenation of filespec2 followed by a slash followed by
+ * filespec1.
+ */
+ {
+ int spec2len, len;
+
+ spec2len = (filespec2 ? strlen(filespec2) : 0);
+ len = spec2len + (filespec1 ? strlen(filespec1) : 0);
+
+ if (filespec2 && filespec2[spec2len - 1] == '/') {
+ spec2len--;
+ len--;
+ }
+ merged = OPENSSL_malloc(len + 2);
+ if (!merged) {
+ DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ strcpy(merged, filespec2);
+ merged[spec2len] = '/';
+ strcpy(&merged[spec2len + 1], filespec1);
+ }
+ return (merged);
+}
+
+/*
+ * This function is identical to the one in dso_dlfcn.c, but as it is highly
+ * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at
+ * the same time, there's no great duplicating the code. Figuring out an
+ * elegant way to share one copy of the code would be more difficult and
+ * would not leave the implementations independant.
+ */
+# if defined(__hpux)
+static const char extension[] = ".sl";
+# else
+static const char extension[] = ".so";
+# endif
+static char *dl_name_converter(DSO *dso, const char *filename)
+{
+ char *translated;
+ int len, rsize, transform;
+
+ len = strlen(filename);
+ rsize = len + 1;
+ transform = (strstr(filename, "/") == NULL);
+ {
+ /* We will convert this to "%s.s?" or "lib%s.s?" */
+ rsize += strlen(extension); /* The length of ".s?" */
+ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+ rsize += 3; /* The length of "lib" */
+ }
+ translated = OPENSSL_malloc(rsize);
+ if (translated == NULL) {
+ DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+ return (NULL);
+ }
+ if (transform) {
+ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+ sprintf(translated, "lib%s%s", filename, extension);
+ else
+ sprintf(translated, "%s%s", filename, extension);
+ } else
+ sprintf(translated, "%s", filename);
+ return (translated);
+}
+
+#endif /* DSO_DL */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dlfcn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_dlfcn.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dlfcn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,381 +0,0 @@
-/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#ifndef DSO_DLFCN
-DSO_METHOD *DSO_METHOD_dlfcn(void)
- {
- return NULL;
- }
-#else
-
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
-
-/* Part of the hack in "dlfcn_load" ... */
-#define DSO_MAX_TRANSLATED_SIZE 256
-
-static int dlfcn_load(DSO *dso);
-static int dlfcn_unload(DSO *dso);
-static void *dlfcn_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
-#if 0
-static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
-static int dlfcn_init(DSO *dso);
-static int dlfcn_finish(DSO *dso);
-static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
-#endif
-static char *dlfcn_name_converter(DSO *dso, const char *filename);
-static char *dlfcn_merger(DSO *dso, const char *filespec1,
- const char *filespec2);
-
-static DSO_METHOD dso_meth_dlfcn = {
- "OpenSSL 'dlfcn' shared library method",
- dlfcn_load,
- dlfcn_unload,
- dlfcn_bind_var,
- dlfcn_bind_func,
-/* For now, "unbind" doesn't exist */
-#if 0
- NULL, /* unbind_var */
- NULL, /* unbind_func */
-#endif
- NULL, /* ctrl */
- dlfcn_name_converter,
- dlfcn_merger,
- NULL, /* init */
- NULL /* finish */
- };
-
-DSO_METHOD *DSO_METHOD_dlfcn(void)
- {
- return(&dso_meth_dlfcn);
- }
-
-/* Prior to using the dlopen() function, we should decide on the flag
- * we send. There's a few different ways of doing this and it's a
- * messy venn-diagram to match up which platforms support what. So
- * as we don't have autoconf yet, I'm implementing a hack that could
- * be hacked further relatively easily to deal with cases as we find
- * them. Initially this is to cope with OpenBSD. */
-#if defined(__OpenBSD__) || defined(__NetBSD__)
-# ifdef DL_LAZY
-# define DLOPEN_FLAG DL_LAZY
-# else
-# ifdef RTLD_NOW
-# define DLOPEN_FLAG RTLD_NOW
-# else
-# define DLOPEN_FLAG 0
-# endif
-# endif
-#else
-# ifdef OPENSSL_SYS_SUNOS
-# define DLOPEN_FLAG 1
-# else
-# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
-# endif
-#endif
-
-/* For this DSO_METHOD, our meth_data STACK will contain;
- * (i) the handle (void*) returned from dlopen().
- */
-
-static int dlfcn_load(DSO *dso)
- {
- void *ptr = NULL;
- /* See applicable comments in dso_dl.c */
- char *filename = DSO_convert_filename(dso, NULL);
- int flags = DLOPEN_FLAG;
-
- if(filename == NULL)
- {
- DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME);
- goto err;
- }
-
-#ifdef RTLD_GLOBAL
- if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
- flags |= RTLD_GLOBAL;
-#endif
- ptr = dlopen(filename, flags);
- if(ptr == NULL)
- {
- DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED);
- ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
- goto err;
- }
- if(!sk_push(dso->meth_data, (char *)ptr))
- {
- DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR);
- goto err;
- }
- /* Success */
- dso->loaded_filename = filename;
- return(1);
-err:
- /* Cleanup! */
- if(filename != NULL)
- OPENSSL_free(filename);
- if(ptr != NULL)
- dlclose(ptr);
- return(0);
-}
-
-static int dlfcn_unload(DSO *dso)
- {
- void *ptr;
- if(dso == NULL)
- {
- DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if(sk_num(dso->meth_data) < 1)
- return(1);
- ptr = (void *)sk_pop(dso->meth_data);
- if(ptr == NULL)
- {
- DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE);
- /* Should push the value back onto the stack in
- * case of a retry. */
- sk_push(dso->meth_data, (char *)ptr);
- return(0);
- }
- /* For now I'm not aware of any errors associated with dlclose() */
- dlclose(ptr);
- return(1);
- }
-
-static void *dlfcn_bind_var(DSO *dso, const char *symname)
- {
- void *ptr, *sym;
-
- if((dso == NULL) || (symname == NULL))
- {
- DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- if(sk_num(dso->meth_data) < 1)
- {
- DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR);
- return(NULL);
- }
- ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
- if(ptr == NULL)
- {
- DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE);
- return(NULL);
- }
- sym = dlsym(ptr, symname);
- if(sym == NULL)
- {
- DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE);
- ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
- return(NULL);
- }
- return(sym);
- }
-
-static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
- {
- void *ptr;
- union {
- DSO_FUNC_TYPE sym;
- void *dlret;
- } u;
-
- if((dso == NULL) || (symname == NULL))
- {
- DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- if(sk_num(dso->meth_data) < 1)
- {
- DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR);
- return(NULL);
- }
- ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
- if(ptr == NULL)
- {
- DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
- return(NULL);
- }
- u.dlret = dlsym(ptr, symname);
- if(u.dlret == NULL)
- {
- DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
- ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
- return(NULL);
- }
- return u.sym;
- }
-
-static char *dlfcn_merger(DSO *dso, const char *filespec1,
- const char *filespec2)
- {
- char *merged;
-
- if(!filespec1 && !filespec2)
- {
- DSOerr(DSO_F_DLFCN_MERGER,
- ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- /* If the first file specification is a rooted path, it rules.
- same goes if the second file specification is missing. */
- if (!filespec2 || filespec1[0] == '/')
- {
- merged = OPENSSL_malloc(strlen(filespec1) + 1);
- if(!merged)
- {
- DSOerr(DSO_F_DLFCN_MERGER,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- strcpy(merged, filespec1);
- }
- /* If the first file specification is missing, the second one rules. */
- else if (!filespec1)
- {
- merged = OPENSSL_malloc(strlen(filespec2) + 1);
- if(!merged)
- {
- DSOerr(DSO_F_DLFCN_MERGER,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- strcpy(merged, filespec2);
- }
- else
- /* This part isn't as trivial as it looks. It assumes that
- the second file specification really is a directory, and
- makes no checks whatsoever. Therefore, the result becomes
- the concatenation of filespec2 followed by a slash followed
- by filespec1. */
- {
- int spec2len, len;
-
- spec2len = (filespec2 ? strlen(filespec2) : 0);
- len = spec2len + (filespec1 ? strlen(filespec1) : 0);
-
- if(filespec2 && filespec2[spec2len - 1] == '/')
- {
- spec2len--;
- len--;
- }
- merged = OPENSSL_malloc(len + 2);
- if(!merged)
- {
- DSOerr(DSO_F_DLFCN_MERGER,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- strcpy(merged, filespec2);
- merged[spec2len] = '/';
- strcpy(&merged[spec2len + 1], filespec1);
- }
- return(merged);
- }
-
-#ifdef OPENSSL_SYS_MACOSX
-#define DSO_ext ".dylib"
-#define DSO_extlen 6
-#else
-#define DSO_ext ".so"
-#define DSO_extlen 3
-#endif
-
-
-static char *dlfcn_name_converter(DSO *dso, const char *filename)
- {
- char *translated;
- int len, rsize, transform;
-
- len = strlen(filename);
- rsize = len + 1;
- transform = (strstr(filename, "/") == NULL);
- if(transform)
- {
- /* We will convert this to "%s.so" or "lib%s.so" etc */
- rsize += DSO_extlen; /* The length of ".so" */
- if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
- rsize += 3; /* The length of "lib" */
- }
- translated = OPENSSL_malloc(rsize);
- if(translated == NULL)
- {
- DSOerr(DSO_F_DLFCN_NAME_CONVERTER,
- DSO_R_NAME_TRANSLATION_FAILED);
- return(NULL);
- }
- if(transform)
- {
- if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
- sprintf(translated, "lib%s" DSO_ext, filename);
- else
- sprintf(translated, "%s" DSO_ext, filename);
- }
- else
- sprintf(translated, "%s", filename);
- return(translated);
- }
-
-#endif /* DSO_DLFCN */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dlfcn.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dso/dso_dlfcn.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dlfcn.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_dlfcn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,360 @@
+/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef DSO_DLFCN
+DSO_METHOD *DSO_METHOD_dlfcn(void)
+{
+ return NULL;
+}
+#else
+
+# ifdef HAVE_DLFCN_H
+# include <dlfcn.h>
+# endif
+
+/* Part of the hack in "dlfcn_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dlfcn_load(DSO *dso);
+static int dlfcn_unload(DSO *dso);
+static void *dlfcn_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
+# if 0
+static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
+static int dlfcn_init(DSO *dso);
+static int dlfcn_finish(DSO *dso);
+static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
+# endif
+static char *dlfcn_name_converter(DSO *dso, const char *filename);
+static char *dlfcn_merger(DSO *dso, const char *filespec1,
+ const char *filespec2);
+
+static DSO_METHOD dso_meth_dlfcn = {
+ "OpenSSL 'dlfcn' shared library method",
+ dlfcn_load,
+ dlfcn_unload,
+ dlfcn_bind_var,
+ dlfcn_bind_func,
+/* For now, "unbind" doesn't exist */
+# if 0
+ NULL, /* unbind_var */
+ NULL, /* unbind_func */
+# endif
+ NULL, /* ctrl */
+ dlfcn_name_converter,
+ dlfcn_merger,
+ NULL, /* init */
+ NULL /* finish */
+};
+
+DSO_METHOD *DSO_METHOD_dlfcn(void)
+{
+ return (&dso_meth_dlfcn);
+}
+
+/*
+ * Prior to using the dlopen() function, we should decide on the flag we
+ * send. There's a few different ways of doing this and it's a messy
+ * venn-diagram to match up which platforms support what. So as we don't have
+ * autoconf yet, I'm implementing a hack that could be hacked further
+ * relatively easily to deal with cases as we find them. Initially this is to
+ * cope with OpenBSD.
+ */
+# if defined(__OpenBSD__) || defined(__NetBSD__)
+# ifdef DL_LAZY
+# define DLOPEN_FLAG DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define DLOPEN_FLAG RTLD_NOW
+# else
+# define DLOPEN_FLAG 0
+# endif
+# endif
+# else
+# ifdef OPENSSL_SYS_SUNOS
+# define DLOPEN_FLAG 1
+# else
+# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
+# endif
+# endif
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
+ * (void*) returned from dlopen().
+ */
+
+static int dlfcn_load(DSO *dso)
+{
+ void *ptr = NULL;
+ /* See applicable comments in dso_dl.c */
+ char *filename = DSO_convert_filename(dso, NULL);
+ int flags = DLOPEN_FLAG;
+
+ if (filename == NULL) {
+ DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME);
+ goto err;
+ }
+# ifdef RTLD_GLOBAL
+ if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
+ flags |= RTLD_GLOBAL;
+# endif
+ ptr = dlopen(filename, flags);
+ if (ptr == NULL) {
+ DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED);
+ ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
+ goto err;
+ }
+ if (!sk_push(dso->meth_data, (char *)ptr)) {
+ DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR);
+ goto err;
+ }
+ /* Success */
+ dso->loaded_filename = filename;
+ return (1);
+ err:
+ /* Cleanup! */
+ if (filename != NULL)
+ OPENSSL_free(filename);
+ if (ptr != NULL)
+ dlclose(ptr);
+ return (0);
+}
+
+static int dlfcn_unload(DSO *dso)
+{
+ void *ptr;
+ if (dso == NULL) {
+ DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (sk_num(dso->meth_data) < 1)
+ return (1);
+ ptr = (void *)sk_pop(dso->meth_data);
+ if (ptr == NULL) {
+ DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE);
+ /*
+ * Should push the value back onto the stack in case of a retry.
+ */
+ sk_push(dso->meth_data, (char *)ptr);
+ return (0);
+ }
+ /* For now I'm not aware of any errors associated with dlclose() */
+ dlclose(ptr);
+ return (1);
+}
+
+static void *dlfcn_bind_var(DSO *dso, const char *symname)
+{
+ void *ptr, *sym;
+
+ if ((dso == NULL) || (symname == NULL)) {
+ DSOerr(DSO_F_DLFCN_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ if (sk_num(dso->meth_data) < 1) {
+ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_STACK_ERROR);
+ return (NULL);
+ }
+ ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+ if (ptr == NULL) {
+ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_NULL_HANDLE);
+ return (NULL);
+ }
+ sym = dlsym(ptr, symname);
+ if (sym == NULL) {
+ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_SYM_FAILURE);
+ ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
+ return (NULL);
+ }
+ return (sym);
+}
+
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
+{
+ void *ptr;
+ union {
+ DSO_FUNC_TYPE sym;
+ void *dlret;
+ } u;
+
+ if ((dso == NULL) || (symname == NULL)) {
+ DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ if (sk_num(dso->meth_data) < 1) {
+ DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR);
+ return (NULL);
+ }
+ ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+ if (ptr == NULL) {
+ DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE);
+ return (NULL);
+ }
+ u.dlret = dlsym(ptr, symname);
+ if (u.dlret == NULL) {
+ DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE);
+ ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
+ return (NULL);
+ }
+ return u.sym;
+}
+
+static char *dlfcn_merger(DSO *dso, const char *filespec1,
+ const char *filespec2)
+{
+ char *merged;
+
+ if (!filespec1 && !filespec2) {
+ DSOerr(DSO_F_DLFCN_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ /*
+ * If the first file specification is a rooted path, it rules. same goes
+ * if the second file specification is missing.
+ */
+ if (!filespec2 || filespec1[0] == '/') {
+ merged = OPENSSL_malloc(strlen(filespec1) + 1);
+ if (!merged) {
+ DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ strcpy(merged, filespec1);
+ }
+ /*
+ * If the first file specification is missing, the second one rules.
+ */
+ else if (!filespec1) {
+ merged = OPENSSL_malloc(strlen(filespec2) + 1);
+ if (!merged) {
+ DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ strcpy(merged, filespec2);
+ } else
+ /*
+ * This part isn't as trivial as it looks. It assumes that the
+ * second file specification really is a directory, and makes no
+ * checks whatsoever. Therefore, the result becomes the
+ * concatenation of filespec2 followed by a slash followed by
+ * filespec1.
+ */
+ {
+ int spec2len, len;
+
+ spec2len = (filespec2 ? strlen(filespec2) : 0);
+ len = spec2len + (filespec1 ? strlen(filespec1) : 0);
+
+ if (filespec2 && filespec2[spec2len - 1] == '/') {
+ spec2len--;
+ len--;
+ }
+ merged = OPENSSL_malloc(len + 2);
+ if (!merged) {
+ DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ strcpy(merged, filespec2);
+ merged[spec2len] = '/';
+ strcpy(&merged[spec2len + 1], filespec1);
+ }
+ return (merged);
+}
+
+# ifdef OPENSSL_SYS_MACOSX
+# define DSO_ext ".dylib"
+# define DSO_extlen 6
+# else
+# define DSO_ext ".so"
+# define DSO_extlen 3
+# endif
+
+static char *dlfcn_name_converter(DSO *dso, const char *filename)
+{
+ char *translated;
+ int len, rsize, transform;
+
+ len = strlen(filename);
+ rsize = len + 1;
+ transform = (strstr(filename, "/") == NULL);
+ if (transform) {
+ /* We will convert this to "%s.so" or "lib%s.so" etc */
+ rsize += DSO_extlen; /* The length of ".so" */
+ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+ rsize += 3; /* The length of "lib" */
+ }
+ translated = OPENSSL_malloc(rsize);
+ if (translated == NULL) {
+ DSOerr(DSO_F_DLFCN_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+ return (NULL);
+ }
+ if (transform) {
+ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+ sprintf(translated, "lib%s" DSO_ext, filename);
+ else
+ sprintf(translated, "%s" DSO_ext, filename);
+ } else
+ sprintf(translated, "%s", filename);
+ return (translated);
+}
+
+#endif /* DSO_DLFCN */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,147 +0,0 @@
-/* crypto/dso/dso_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/dso.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
-
-static ERR_STRING_DATA DSO_str_functs[]=
- {
-{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"},
-{ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"},
-{ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"},
-{ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"},
-{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"},
-{ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"},
-{ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"},
-{ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"},
-{ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"},
-{ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"},
-{ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
-{ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"},
-{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"},
-{ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"},
-{ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"},
-{ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"},
-{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"},
-{ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"},
-{ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"},
-{ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"},
-{ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"},
-{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"},
-{ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"},
-{ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"},
-{ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"},
-{ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"},
-{ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"},
-{ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"},
-{ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"},
-{ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"},
-{ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"},
-{ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"},
-{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"},
-{ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA DSO_str_reasons[]=
- {
-{ERR_REASON(DSO_R_CTRL_FAILED) ,"control command failed"},
-{ERR_REASON(DSO_R_DSO_ALREADY_LOADED) ,"dso already loaded"},
-{ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE) ,"empty file structure"},
-{ERR_REASON(DSO_R_FAILURE) ,"failure"},
-{ERR_REASON(DSO_R_FILENAME_TOO_BIG) ,"filename too big"},
-{ERR_REASON(DSO_R_FINISH_FAILED) ,"cleanup method function failed"},
-{ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX) ,"incorrect file syntax"},
-{ERR_REASON(DSO_R_LOAD_FAILED) ,"could not load the shared library"},
-{ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"},
-{ERR_REASON(DSO_R_NO_FILENAME) ,"no filename"},
-{ERR_REASON(DSO_R_NO_FILE_SPECIFICATION) ,"no file specification"},
-{ERR_REASON(DSO_R_NULL_HANDLE) ,"a null shared library handle was used"},
-{ERR_REASON(DSO_R_SET_FILENAME_FAILED) ,"set filename failed"},
-{ERR_REASON(DSO_R_STACK_ERROR) ,"the meth_data stack is corrupt"},
-{ERR_REASON(DSO_R_SYM_FAILURE) ,"could not bind to the requested symbol name"},
-{ERR_REASON(DSO_R_UNLOAD_FAILED) ,"could not unload the shared library"},
-{ERR_REASON(DSO_R_UNSUPPORTED) ,"functionality not supported"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_DSO_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(DSO_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,DSO_str_functs);
- ERR_load_strings(0,DSO_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dso/dso_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,146 @@
+/* crypto/dso/dso_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/dso.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
+
+static ERR_STRING_DATA DSO_str_functs[] = {
+ {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"},
+ {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"},
+ {ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"},
+ {ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"},
+ {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"},
+ {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"},
+ {ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"},
+ {ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"},
+ {ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"},
+ {ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"},
+ {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"},
+ {ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"},
+ {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
+ {ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"},
+ {ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"},
+ {ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"},
+ {ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"},
+ {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"},
+ {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"},
+ {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"},
+ {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"},
+ {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"},
+ {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"},
+ {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"},
+ {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"},
+ {ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"},
+ {ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"},
+ {ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"},
+ {ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"},
+ {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"},
+ {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"},
+ {ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"},
+ {ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"},
+ {ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"},
+ {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"},
+ {ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"},
+ {ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA DSO_str_reasons[] = {
+ {ERR_REASON(DSO_R_CTRL_FAILED), "control command failed"},
+ {ERR_REASON(DSO_R_DSO_ALREADY_LOADED), "dso already loaded"},
+ {ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE), "empty file structure"},
+ {ERR_REASON(DSO_R_FAILURE), "failure"},
+ {ERR_REASON(DSO_R_FILENAME_TOO_BIG), "filename too big"},
+ {ERR_REASON(DSO_R_FINISH_FAILED), "cleanup method function failed"},
+ {ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX), "incorrect file syntax"},
+ {ERR_REASON(DSO_R_LOAD_FAILED), "could not load the shared library"},
+ {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED), "name translation failed"},
+ {ERR_REASON(DSO_R_NO_FILENAME), "no filename"},
+ {ERR_REASON(DSO_R_NO_FILE_SPECIFICATION), "no file specification"},
+ {ERR_REASON(DSO_R_NULL_HANDLE), "a null shared library handle was used"},
+ {ERR_REASON(DSO_R_SET_FILENAME_FAILED), "set filename failed"},
+ {ERR_REASON(DSO_R_STACK_ERROR), "the meth_data stack is corrupt"},
+ {ERR_REASON(DSO_R_SYM_FAILURE),
+ "could not bind to the requested symbol name"},
+ {ERR_REASON(DSO_R_UNLOAD_FAILED), "could not unload the shared library"},
+ {ERR_REASON(DSO_R_UNSUPPORTED), "functionality not supported"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_DSO_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, DSO_str_functs);
+ ERR_load_strings(0, DSO_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,466 +0,0 @@
-/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-static DSO_METHOD *default_DSO_meth = NULL;
-
-DSO *DSO_new(void)
- {
- return(DSO_new_method(NULL));
- }
-
-void DSO_set_default_method(DSO_METHOD *meth)
- {
- default_DSO_meth = meth;
- }
-
-DSO_METHOD *DSO_get_default_method(void)
- {
- return(default_DSO_meth);
- }
-
-DSO_METHOD *DSO_get_method(DSO *dso)
- {
- return(dso->meth);
- }
-
-DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth)
- {
- DSO_METHOD *mtmp;
- mtmp = dso->meth;
- dso->meth = meth;
- return(mtmp);
- }
-
-DSO *DSO_new_method(DSO_METHOD *meth)
- {
- DSO *ret;
-
- if(default_DSO_meth == NULL)
- /* We default to DSO_METH_openssl() which in turn defaults
- * to stealing the "best available" method. Will fallback
- * to DSO_METH_null() in the worst case. */
- default_DSO_meth = DSO_METHOD_openssl();
- ret = (DSO *)OPENSSL_malloc(sizeof(DSO));
- if(ret == NULL)
- {
- DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- memset(ret, 0, sizeof(DSO));
- ret->meth_data = sk_new_null();
- if(ret->meth_data == NULL)
- {
- /* sk_new doesn't generate any errors so we do */
- DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
- OPENSSL_free(ret);
- return(NULL);
- }
- if(meth == NULL)
- ret->meth = default_DSO_meth;
- else
- ret->meth = meth;
- ret->references = 1;
- if((ret->meth->init != NULL) && !ret->meth->init(ret))
- {
- OPENSSL_free(ret);
- ret=NULL;
- }
- return(ret);
- }
-
-int DSO_free(DSO *dso)
- {
- int i;
-
- if(dso == NULL)
- {
- DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
-
- i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO);
-#ifdef REF_PRINT
- REF_PRINT("DSO",dso);
-#endif
- if(i > 0) return(1);
-#ifdef REF_CHECK
- if(i < 0)
- {
- fprintf(stderr,"DSO_free, bad reference count\n");
- abort();
- }
-#endif
-
- if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso))
- {
- DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED);
- return(0);
- }
-
- if((dso->meth->finish != NULL) && !dso->meth->finish(dso))
- {
- DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED);
- return(0);
- }
-
- sk_free(dso->meth_data);
- if(dso->filename != NULL)
- OPENSSL_free(dso->filename);
- if(dso->loaded_filename != NULL)
- OPENSSL_free(dso->loaded_filename);
-
- OPENSSL_free(dso);
- return(1);
- }
-
-int DSO_flags(DSO *dso)
- {
- return((dso == NULL) ? 0 : dso->flags);
- }
-
-
-int DSO_up_ref(DSO *dso)
- {
- if (dso == NULL)
- {
- DSOerr(DSO_F_DSO_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
-
- CRYPTO_add(&dso->references,1,CRYPTO_LOCK_DSO);
- return(1);
- }
-
-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
- {
- DSO *ret;
- int allocated = 0;
-
- if(dso == NULL)
- {
- ret = DSO_new_method(meth);
- if(ret == NULL)
- {
- DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- allocated = 1;
- /* Pass the provided flags to the new DSO object */
- if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0)
- {
- DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED);
- goto err;
- }
- }
- else
- ret = dso;
- /* Don't load if we're currently already loaded */
- if(ret->filename != NULL)
- {
- DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED);
- goto err;
- }
- /* filename can only be NULL if we were passed a dso that already has
- * one set. */
- if(filename != NULL)
- if(!DSO_set_filename(ret, filename))
- {
- DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED);
- goto err;
- }
- filename = ret->filename;
- if(filename == NULL)
- {
- DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME);
- goto err;
- }
- if(ret->meth->dso_load == NULL)
- {
- DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED);
- goto err;
- }
- if(!ret->meth->dso_load(ret))
- {
- DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED);
- goto err;
- }
- /* Load succeeded */
- return(ret);
-err:
- if(allocated)
- DSO_free(ret);
- return(NULL);
- }
-
-void *DSO_bind_var(DSO *dso, const char *symname)
- {
- void *ret = NULL;
-
- if((dso == NULL) || (symname == NULL))
- {
- DSOerr(DSO_F_DSO_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- if(dso->meth->dso_bind_var == NULL)
- {
- DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_UNSUPPORTED);
- return(NULL);
- }
- if((ret = dso->meth->dso_bind_var(dso, symname)) == NULL)
- {
- DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_SYM_FAILURE);
- return(NULL);
- }
- /* Success */
- return(ret);
- }
-
-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
- {
- DSO_FUNC_TYPE ret = NULL;
-
- if((dso == NULL) || (symname == NULL))
- {
- DSOerr(DSO_F_DSO_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- if(dso->meth->dso_bind_func == NULL)
- {
- DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_UNSUPPORTED);
- return(NULL);
- }
- if((ret = dso->meth->dso_bind_func(dso, symname)) == NULL)
- {
- DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_SYM_FAILURE);
- return(NULL);
- }
- /* Success */
- return(ret);
- }
-
-/* I don't really like these *_ctrl functions very much to be perfectly
- * honest. For one thing, I think I have to return a negative value for
- * any error because possible DSO_ctrl() commands may return values
- * such as "size"s that can legitimately be zero (making the standard
- * "if(DSO_cmd(...))" form that works almost everywhere else fail at
- * odd times. I'd prefer "output" values to be passed by reference and
- * the return value as success/failure like usual ... but we conform
- * when we must... :-) */
-long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
- {
- if(dso == NULL)
- {
- DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return(-1);
- }
- /* We should intercept certain generic commands and only pass control
- * to the method-specific ctrl() function if it's something we don't
- * handle. */
- switch(cmd)
- {
- case DSO_CTRL_GET_FLAGS:
- return dso->flags;
- case DSO_CTRL_SET_FLAGS:
- dso->flags = (int)larg;
- return(0);
- case DSO_CTRL_OR_FLAGS:
- dso->flags |= (int)larg;
- return(0);
- default:
- break;
- }
- if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL))
- {
- DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED);
- return(-1);
- }
- return(dso->meth->dso_ctrl(dso,cmd,larg,parg));
- }
-
-int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
- DSO_NAME_CONVERTER_FUNC *oldcb)
- {
- if(dso == NULL)
- {
- DSOerr(DSO_F_DSO_SET_NAME_CONVERTER,
- ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if(oldcb)
- *oldcb = dso->name_converter;
- dso->name_converter = cb;
- return(1);
- }
-
-const char *DSO_get_filename(DSO *dso)
- {
- if(dso == NULL)
- {
- DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- return(dso->filename);
- }
-
-int DSO_set_filename(DSO *dso, const char *filename)
- {
- char *copied;
-
- if((dso == NULL) || (filename == NULL))
- {
- DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if(dso->loaded_filename)
- {
- DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED);
- return(0);
- }
- /* We'll duplicate filename */
- copied = OPENSSL_malloc(strlen(filename) + 1);
- if(copied == NULL)
- {
- DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- BUF_strlcpy(copied, filename, strlen(filename) + 1);
- if(dso->filename)
- OPENSSL_free(dso->filename);
- dso->filename = copied;
- return(1);
- }
-
-char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
- {
- char *result = NULL;
-
- if(dso == NULL || filespec1 == NULL)
- {
- DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- if(filespec1 == NULL)
- filespec1 = dso->filename;
- if(filespec1 == NULL)
- {
- DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION);
- return(NULL);
- }
- if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
- {
- if(dso->merger != NULL)
- result = dso->merger(dso, filespec1, filespec2);
- else if(dso->meth->dso_merger != NULL)
- result = dso->meth->dso_merger(dso,
- filespec1, filespec2);
- }
- return(result);
- }
-
-char *DSO_convert_filename(DSO *dso, const char *filename)
- {
- char *result = NULL;
-
- if(dso == NULL)
- {
- DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- if(filename == NULL)
- filename = dso->filename;
- if(filename == NULL)
- {
- DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME);
- return(NULL);
- }
- if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
- {
- if(dso->name_converter != NULL)
- result = dso->name_converter(dso, filename);
- else if(dso->meth->dso_name_converter != NULL)
- result = dso->meth->dso_name_converter(dso, filename);
- }
- if(result == NULL)
- {
- result = OPENSSL_malloc(strlen(filename) + 1);
- if(result == NULL)
- {
- DSOerr(DSO_F_DSO_CONVERT_FILENAME,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- BUF_strlcpy(result, filename, strlen(filename) + 1);
- }
- return(result);
- }
-
-const char *DSO_get_loaded_filename(DSO *dso)
- {
- if(dso == NULL)
- {
- DSOerr(DSO_F_DSO_GET_LOADED_FILENAME,
- ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- return(dso->loaded_filename);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dso/dso_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,429 @@
+/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+static DSO_METHOD *default_DSO_meth = NULL;
+
+DSO *DSO_new(void)
+{
+ return (DSO_new_method(NULL));
+}
+
+void DSO_set_default_method(DSO_METHOD *meth)
+{
+ default_DSO_meth = meth;
+}
+
+DSO_METHOD *DSO_get_default_method(void)
+{
+ return (default_DSO_meth);
+}
+
+DSO_METHOD *DSO_get_method(DSO *dso)
+{
+ return (dso->meth);
+}
+
+DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth)
+{
+ DSO_METHOD *mtmp;
+ mtmp = dso->meth;
+ dso->meth = meth;
+ return (mtmp);
+}
+
+DSO *DSO_new_method(DSO_METHOD *meth)
+{
+ DSO *ret;
+
+ if (default_DSO_meth == NULL)
+ /*
+ * We default to DSO_METH_openssl() which in turn defaults to
+ * stealing the "best available" method. Will fallback to
+ * DSO_METH_null() in the worst case.
+ */
+ default_DSO_meth = DSO_METHOD_openssl();
+ ret = (DSO *)OPENSSL_malloc(sizeof(DSO));
+ if (ret == NULL) {
+ DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ memset(ret, 0, sizeof(DSO));
+ ret->meth_data = sk_new_null();
+ if (ret->meth_data == NULL) {
+ /* sk_new doesn't generate any errors so we do */
+ DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(ret);
+ return (NULL);
+ }
+ if (meth == NULL)
+ ret->meth = default_DSO_meth;
+ else
+ ret->meth = meth;
+ ret->references = 1;
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+ OPENSSL_free(ret);
+ ret = NULL;
+ }
+ return (ret);
+}
+
+int DSO_free(DSO *dso)
+{
+ int i;
+
+ if (dso == NULL) {
+ DSOerr(DSO_F_DSO_FREE, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+
+ i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO);
+#ifdef REF_PRINT
+ REF_PRINT("DSO", dso);
+#endif
+ if (i > 0)
+ return (1);
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "DSO_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) {
+ DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED);
+ return (0);
+ }
+
+ if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) {
+ DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED);
+ return (0);
+ }
+
+ sk_free(dso->meth_data);
+ if (dso->filename != NULL)
+ OPENSSL_free(dso->filename);
+ if (dso->loaded_filename != NULL)
+ OPENSSL_free(dso->loaded_filename);
+
+ OPENSSL_free(dso);
+ return (1);
+}
+
+int DSO_flags(DSO *dso)
+{
+ return ((dso == NULL) ? 0 : dso->flags);
+}
+
+int DSO_up_ref(DSO *dso)
+{
+ if (dso == NULL) {
+ DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+
+ CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO);
+ return (1);
+}
+
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
+{
+ DSO *ret;
+ int allocated = 0;
+
+ if (dso == NULL) {
+ ret = DSO_new_method(meth);
+ if (ret == NULL) {
+ DSOerr(DSO_F_DSO_LOAD, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ allocated = 1;
+ /* Pass the provided flags to the new DSO object */
+ if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) {
+ DSOerr(DSO_F_DSO_LOAD, DSO_R_CTRL_FAILED);
+ goto err;
+ }
+ } else
+ ret = dso;
+ /* Don't load if we're currently already loaded */
+ if (ret->filename != NULL) {
+ DSOerr(DSO_F_DSO_LOAD, DSO_R_DSO_ALREADY_LOADED);
+ goto err;
+ }
+ /*
+ * filename can only be NULL if we were passed a dso that already has one
+ * set.
+ */
+ if (filename != NULL)
+ if (!DSO_set_filename(ret, filename)) {
+ DSOerr(DSO_F_DSO_LOAD, DSO_R_SET_FILENAME_FAILED);
+ goto err;
+ }
+ filename = ret->filename;
+ if (filename == NULL) {
+ DSOerr(DSO_F_DSO_LOAD, DSO_R_NO_FILENAME);
+ goto err;
+ }
+ if (ret->meth->dso_load == NULL) {
+ DSOerr(DSO_F_DSO_LOAD, DSO_R_UNSUPPORTED);
+ goto err;
+ }
+ if (!ret->meth->dso_load(ret)) {
+ DSOerr(DSO_F_DSO_LOAD, DSO_R_LOAD_FAILED);
+ goto err;
+ }
+ /* Load succeeded */
+ return (ret);
+ err:
+ if (allocated)
+ DSO_free(ret);
+ return (NULL);
+}
+
+void *DSO_bind_var(DSO *dso, const char *symname)
+{
+ void *ret = NULL;
+
+ if ((dso == NULL) || (symname == NULL)) {
+ DSOerr(DSO_F_DSO_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ if (dso->meth->dso_bind_var == NULL) {
+ DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_UNSUPPORTED);
+ return (NULL);
+ }
+ if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) {
+ DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_SYM_FAILURE);
+ return (NULL);
+ }
+ /* Success */
+ return (ret);
+}
+
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
+{
+ DSO_FUNC_TYPE ret = NULL;
+
+ if ((dso == NULL) || (symname == NULL)) {
+ DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ if (dso->meth->dso_bind_func == NULL) {
+ DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED);
+ return (NULL);
+ }
+ if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) {
+ DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE);
+ return (NULL);
+ }
+ /* Success */
+ return (ret);
+}
+
+/*
+ * I don't really like these *_ctrl functions very much to be perfectly
+ * honest. For one thing, I think I have to return a negative value for any
+ * error because possible DSO_ctrl() commands may return values such as
+ * "size"s that can legitimately be zero (making the standard
+ * "if(DSO_cmd(...))" form that works almost everywhere else fail at odd
+ * times. I'd prefer "output" values to be passed by reference and the return
+ * value as success/failure like usual ... but we conform when we must... :-)
+ */
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
+{
+ if (dso == NULL) {
+ DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return (-1);
+ }
+ /*
+ * We should intercept certain generic commands and only pass control to
+ * the method-specific ctrl() function if it's something we don't handle.
+ */
+ switch (cmd) {
+ case DSO_CTRL_GET_FLAGS:
+ return dso->flags;
+ case DSO_CTRL_SET_FLAGS:
+ dso->flags = (int)larg;
+ return (0);
+ case DSO_CTRL_OR_FLAGS:
+ dso->flags |= (int)larg;
+ return (0);
+ default:
+ break;
+ }
+ if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) {
+ DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED);
+ return (-1);
+ }
+ return (dso->meth->dso_ctrl(dso, cmd, larg, parg));
+}
+
+int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
+ DSO_NAME_CONVERTER_FUNC *oldcb)
+{
+ if (dso == NULL) {
+ DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (oldcb)
+ *oldcb = dso->name_converter;
+ dso->name_converter = cb;
+ return (1);
+}
+
+const char *DSO_get_filename(DSO *dso)
+{
+ if (dso == NULL) {
+ DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ return (dso->filename);
+}
+
+int DSO_set_filename(DSO *dso, const char *filename)
+{
+ char *copied;
+
+ if ((dso == NULL) || (filename == NULL)) {
+ DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (dso->loaded_filename) {
+ DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED);
+ return (0);
+ }
+ /* We'll duplicate filename */
+ copied = OPENSSL_malloc(strlen(filename) + 1);
+ if (copied == NULL) {
+ DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ BUF_strlcpy(copied, filename, strlen(filename) + 1);
+ if (dso->filename)
+ OPENSSL_free(dso->filename);
+ dso->filename = copied;
+ return (1);
+}
+
+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
+{
+ char *result = NULL;
+
+ if (dso == NULL || filespec1 == NULL) {
+ DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ if (filespec1 == NULL)
+ filespec1 = dso->filename;
+ if (filespec1 == NULL) {
+ DSOerr(DSO_F_DSO_MERGE, DSO_R_NO_FILE_SPECIFICATION);
+ return (NULL);
+ }
+ if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+ if (dso->merger != NULL)
+ result = dso->merger(dso, filespec1, filespec2);
+ else if (dso->meth->dso_merger != NULL)
+ result = dso->meth->dso_merger(dso, filespec1, filespec2);
+ }
+ return (result);
+}
+
+char *DSO_convert_filename(DSO *dso, const char *filename)
+{
+ char *result = NULL;
+
+ if (dso == NULL) {
+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ if (filename == NULL)
+ filename = dso->filename;
+ if (filename == NULL) {
+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
+ return (NULL);
+ }
+ if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+ if (dso->name_converter != NULL)
+ result = dso->name_converter(dso, filename);
+ else if (dso->meth->dso_name_converter != NULL)
+ result = dso->meth->dso_name_converter(dso, filename);
+ }
+ if (result == NULL) {
+ result = OPENSSL_malloc(strlen(filename) + 1);
+ if (result == NULL) {
+ DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ BUF_strlcpy(result, filename, strlen(filename) + 1);
+ }
+ return (result);
+}
+
+const char *DSO_get_loaded_filename(DSO *dso)
+{
+ if (dso == NULL) {
+ DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ return (dso->loaded_filename);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_null.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_null.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_null.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,88 +0,0 @@
-/* dso_null.c */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* This "NULL" method is provided as the fallback for systems that have
- * no appropriate support for "shared-libraries". */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-static DSO_METHOD dso_meth_null = {
- "NULL shared library method",
- NULL, /* load */
- NULL, /* unload */
- NULL, /* bind_var */
- NULL, /* bind_func */
-/* For now, "unbind" doesn't exist */
-#if 0
- NULL, /* unbind_var */
- NULL, /* unbind_func */
-#endif
- NULL, /* ctrl */
- NULL, /* dso_name_converter */
- NULL, /* dso_merger */
- NULL, /* init */
- NULL /* finish */
- };
-
-DSO_METHOD *DSO_METHOD_null(void)
- {
- return(&dso_meth_null);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_null.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dso/dso_null.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_null.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_null.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,90 @@
+/* dso_null.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * This "NULL" method is provided as the fallback for systems that have no
+ * appropriate support for "shared-libraries".
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+static DSO_METHOD dso_meth_null = {
+ "NULL shared library method",
+ NULL, /* load */
+ NULL, /* unload */
+ NULL, /* bind_var */
+ NULL, /* bind_func */
+/* For now, "unbind" doesn't exist */
+#if 0
+ NULL, /* unbind_var */
+ NULL, /* unbind_func */
+#endif
+ NULL, /* ctrl */
+ NULL, /* dso_name_converter */
+ NULL, /* dso_merger */
+ NULL, /* init */
+ NULL /* finish */
+};
+
+DSO_METHOD *DSO_METHOD_null(void)
+{
+ return (&dso_meth_null);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_openssl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_openssl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_openssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,81 +0,0 @@
-/* dso_openssl.c */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-/* We just pinch the method from an appropriate "default" method. */
-
-DSO_METHOD *DSO_METHOD_openssl(void)
- {
-#ifdef DEF_DSO_METHOD
- return(DEF_DSO_METHOD());
-#elif defined(DSO_DLFCN)
- return(DSO_METHOD_dlfcn());
-#elif defined(DSO_DL)
- return(DSO_METHOD_dl());
-#elif defined(DSO_WIN32)
- return(DSO_METHOD_win32());
-#elif defined(DSO_VMS)
- return(DSO_METHOD_vms());
-#else
- return(DSO_METHOD_null());
-#endif
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_openssl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dso/dso_openssl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_openssl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_openssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,81 @@
+/* dso_openssl.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+/* We just pinch the method from an appropriate "default" method. */
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+#ifdef DEF_DSO_METHOD
+ return (DEF_DSO_METHOD());
+#elif defined(DSO_DLFCN)
+ return (DSO_METHOD_dlfcn());
+#elif defined(DSO_DL)
+ return (DSO_METHOD_dl());
+#elif defined(DSO_WIN32)
+ return (DSO_METHOD_win32());
+#elif defined(DSO_VMS)
+ return (DSO_METHOD_vms());
+#else
+ return (DSO_METHOD_null());
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_vms.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_vms.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_vms.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,504 +0,0 @@
-/* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-#ifdef OPENSSL_SYS_VMS
-#pragma message disable DOLLARID
-#include <rms.h>
-#include <lib$routines.h>
-#include <stsdef.h>
-#include <descrip.h>
-#include <starlet.h>
-#endif
-
-#ifndef OPENSSL_SYS_VMS
-DSO_METHOD *DSO_METHOD_vms(void)
- {
- return NULL;
- }
-#else
-#pragma message disable DOLLARID
-
-static int vms_load(DSO *dso);
-static int vms_unload(DSO *dso);
-static void *vms_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
-#if 0
-static int vms_unbind_var(DSO *dso, char *symname, void *symptr);
-static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-static int vms_init(DSO *dso);
-static int vms_finish(DSO *dso);
-static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg);
-#endif
-static char *vms_name_converter(DSO *dso, const char *filename);
-static char *vms_merger(DSO *dso, const char *filespec1,
- const char *filespec2);
-
-static DSO_METHOD dso_meth_vms = {
- "OpenSSL 'VMS' shared library method",
- vms_load,
- NULL, /* unload */
- vms_bind_var,
- vms_bind_func,
-/* For now, "unbind" doesn't exist */
-#if 0
- NULL, /* unbind_var */
- NULL, /* unbind_func */
-#endif
- NULL, /* ctrl */
- vms_name_converter,
- vms_merger,
- NULL, /* init */
- NULL /* finish */
- };
-
-/* On VMS, the only "handle" is the file name. LIB$FIND_IMAGE_SYMBOL depends
- * on the reference to the file name being the same for all calls regarding
- * one shared image, so we'll just store it in an instance of the following
- * structure and put a pointer to that instance in the meth_data stack.
- */
-typedef struct dso_internal_st
- {
- /* This should contain the name only, no directory,
- * no extension, nothing but a name. */
- struct dsc$descriptor_s filename_dsc;
- char filename[FILENAME_MAX+1];
- /* This contains whatever is not in filename, if needed.
- * Normally not defined. */
- struct dsc$descriptor_s imagename_dsc;
- char imagename[FILENAME_MAX+1];
- } DSO_VMS_INTERNAL;
-
-
-DSO_METHOD *DSO_METHOD_vms(void)
- {
- return(&dso_meth_vms);
- }
-
-static int vms_load(DSO *dso)
- {
- void *ptr = NULL;
- /* See applicable comments in dso_dl.c */
- char *filename = DSO_convert_filename(dso, NULL);
- DSO_VMS_INTERNAL *p;
- const char *sp1, *sp2; /* Search result */
-
- if(filename == NULL)
- {
- DSOerr(DSO_F_VMS_LOAD,DSO_R_NO_FILENAME);
- goto err;
- }
-
- /* A file specification may look like this:
- *
- * node::dev:[dir-spec]name.type;ver
- *
- * or (for compatibility with TOPS-20):
- *
- * node::dev:<dir-spec>name.type;ver
- *
- * and the dir-spec uses '.' as separator. Also, a dir-spec
- * may consist of several parts, with mixed use of [] and <>:
- *
- * [dir1.]<dir2>
- *
- * We need to split the file specification into the name and
- * the rest (both before and after the name itself).
- */
- /* Start with trying to find the end of a dir-spec, and save the
- position of the byte after in sp1 */
- sp1 = strrchr(filename, ']');
- sp2 = strrchr(filename, '>');
- if (sp1 == NULL) sp1 = sp2;
- if (sp2 != NULL && sp2 > sp1) sp1 = sp2;
- if (sp1 == NULL) sp1 = strrchr(filename, ':');
- if (sp1 == NULL)
- sp1 = filename;
- else
- sp1++; /* The byte after the found character */
- /* Now, let's see if there's a type, and save the position in sp2 */
- sp2 = strchr(sp1, '.');
- /* If we found it, that's where we'll cut. Otherwise, look for a
- version number and save the position in sp2 */
- if (sp2 == NULL) sp2 = strchr(sp1, ';');
- /* If there was still nothing to find, set sp2 to point at the end of
- the string */
- if (sp2 == NULL) sp2 = sp1 + strlen(sp1);
-
- /* Check that we won't get buffer overflows */
- if (sp2 - sp1 > FILENAME_MAX
- || (sp1 - filename) + strlen(sp2) > FILENAME_MAX)
- {
- DSOerr(DSO_F_VMS_LOAD,DSO_R_FILENAME_TOO_BIG);
- goto err;
- }
-
- p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL));
- if(p == NULL)
- {
- DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- strncpy(p->filename, sp1, sp2-sp1);
- p->filename[sp2-sp1] = '\0';
-
- strncpy(p->imagename, filename, sp1-filename);
- p->imagename[sp1-filename] = '\0';
- strcat(p->imagename, sp2);
-
- p->filename_dsc.dsc$w_length = strlen(p->filename);
- p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
- p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
- p->filename_dsc.dsc$a_pointer = p->filename;
- p->imagename_dsc.dsc$w_length = strlen(p->imagename);
- p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
- p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
- p->imagename_dsc.dsc$a_pointer = p->imagename;
-
- if(!sk_push(dso->meth_data, (char *)p))
- {
- DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR);
- goto err;
- }
-
- /* Success (for now, we lie. We actually do not know...) */
- dso->loaded_filename = filename;
- return(1);
-err:
- /* Cleanup! */
- if(p != NULL)
- OPENSSL_free(p);
- if(filename != NULL)
- OPENSSL_free(filename);
- return(0);
- }
-
-/* Note that this doesn't actually unload the shared image, as there is no
- * such thing in VMS. Next time it get loaded again, a new copy will
- * actually be loaded.
- */
-static int vms_unload(DSO *dso)
- {
- DSO_VMS_INTERNAL *p;
- if(dso == NULL)
- {
- DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if(sk_num(dso->meth_data) < 1)
- return(1);
- p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data);
- if(p == NULL)
- {
- DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE);
- return(0);
- }
- /* Cleanup */
- OPENSSL_free(p);
- return(1);
- }
-
-/* We must do this in a separate function because of the way the exception
- handler works (it makes this function return */
-static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
- struct dsc$descriptor_s *symname_dsc, void **sym,
- unsigned long flags)
- {
- /* Make sure that signals are caught and returned instead of
- aborting the program. The exception handler gets unestablished
- automatically on return from this function. */
- lib$establish(lib$sig_to_ret);
-
- if(ptr->imagename_dsc.dsc$w_length)
- return lib$find_image_symbol(&ptr->filename_dsc,
- symname_dsc, sym,
- &ptr->imagename_dsc, flags);
- else
- return lib$find_image_symbol(&ptr->filename_dsc,
- symname_dsc, sym,
- 0, flags);
- }
-
-void vms_bind_sym(DSO *dso, const char *symname, void **sym)
- {
- DSO_VMS_INTERNAL *ptr;
- int status;
-#if 0
- int flags = (1<<4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't
- defined in VMS older than 7.0 or so */
-#else
- int flags = 0;
-#endif
- struct dsc$descriptor_s symname_dsc;
- *sym = NULL;
-
- symname_dsc.dsc$w_length = strlen(symname);
- symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
- symname_dsc.dsc$b_class = DSC$K_CLASS_S;
- symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */
-
- if((dso == NULL) || (symname == NULL))
- {
- DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER);
- return;
- }
- if(sk_num(dso->meth_data) < 1)
- {
- DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR);
- return;
- }
- ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data,
- sk_num(dso->meth_data) - 1);
- if(ptr == NULL)
- {
- DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_NULL_HANDLE);
- return;
- }
-
- if(dso->flags & DSO_FLAG_UPCASE_SYMBOL) flags = 0;
-
- status = do_find_symbol(ptr, &symname_dsc, sym, flags);
-
- if(!$VMS_STATUS_SUCCESS(status))
- {
- unsigned short length;
- char errstring[257];
- struct dsc$descriptor_s errstring_dsc;
-
- errstring_dsc.dsc$w_length = sizeof(errstring);
- errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
- errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
- errstring_dsc.dsc$a_pointer = errstring;
-
- *sym = NULL;
-
- status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
-
- if (!$VMS_STATUS_SUCCESS(status))
- lib$signal(status); /* This is really bad. Abort! */
- else
- {
- errstring[length] = '\0';
-
- DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_SYM_FAILURE);
- if (ptr->imagename_dsc.dsc$w_length)
- ERR_add_error_data(9,
- "Symbol ", symname,
- " in ", ptr->filename,
- " (", ptr->imagename, ")",
- ": ", errstring);
- else
- ERR_add_error_data(6,
- "Symbol ", symname,
- " in ", ptr->filename,
- ": ", errstring);
- }
- return;
- }
- return;
- }
-
-static void *vms_bind_var(DSO *dso, const char *symname)
- {
- void *sym = 0;
- vms_bind_sym(dso, symname, &sym);
- return sym;
- }
-
-static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
- {
- DSO_FUNC_TYPE sym = 0;
- vms_bind_sym(dso, symname, (void **)&sym);
- return sym;
- }
-
-static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2)
- {
- int status;
- int filespec1len, filespec2len;
- struct FAB fab;
-#ifdef NAML$C_MAXRSS
- struct NAML nam;
- char esa[NAML$C_MAXRSS];
-#else
- struct NAM nam;
- char esa[NAM$C_MAXRSS];
-#endif
- char *merged;
-
- if (!filespec1) filespec1 = "";
- if (!filespec2) filespec2 = "";
- filespec1len = strlen(filespec1);
- filespec2len = strlen(filespec2);
-
- fab = cc$rms_fab;
-#ifdef NAML$C_MAXRSS
- nam = cc$rms_naml;
-#else
- nam = cc$rms_nam;
-#endif
-
- fab.fab$l_fna = (char *)filespec1;
- fab.fab$b_fns = filespec1len;
- fab.fab$l_dna = (char *)filespec2;
- fab.fab$b_dns = filespec2len;
-#ifdef NAML$C_MAXRSS
- if (filespec1len > NAM$C_MAXRSS)
- {
- fab.fab$l_fna = 0;
- fab.fab$b_fns = 0;
- nam.naml$l_long_filename = (char *)filespec1;
- nam.naml$l_long_filename_size = filespec1len;
- }
- if (filespec2len > NAM$C_MAXRSS)
- {
- fab.fab$l_dna = 0;
- fab.fab$b_dns = 0;
- nam.naml$l_long_defname = (char *)filespec2;
- nam.naml$l_long_defname_size = filespec2len;
- }
- nam.naml$l_esa = esa;
- nam.naml$b_ess = NAM$C_MAXRSS;
- nam.naml$l_long_expand = esa;
- nam.naml$l_long_expand_alloc = sizeof(esa);
- nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
- nam.naml$v_no_short_upcase = 1;
- fab.fab$l_naml = &nam;
-#else
- nam.nam$l_esa = esa;
- nam.nam$b_ess = NAM$C_MAXRSS;
- nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
- fab.fab$l_nam = &nam;
-#endif
-
- status = sys$parse(&fab, 0, 0);
-
- if(!$VMS_STATUS_SUCCESS(status))
- {
- unsigned short length;
- char errstring[257];
- struct dsc$descriptor_s errstring_dsc;
-
- errstring_dsc.dsc$w_length = sizeof(errstring);
- errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
- errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
- errstring_dsc.dsc$a_pointer = errstring;
-
- status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
-
- if (!$VMS_STATUS_SUCCESS(status))
- lib$signal(status); /* This is really bad. Abort! */
- else
- {
- errstring[length] = '\0';
-
- DSOerr(DSO_F_VMS_MERGER,DSO_R_FAILURE);
- ERR_add_error_data(7,
- "filespec \"", filespec1, "\", ",
- "defaults \"", filespec2, "\": ",
- errstring);
- }
- return(NULL);
- }
-#ifdef NAML$C_MAXRSS
- if (nam.naml$l_long_expand_size)
- {
- merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1);
- if(!merged)
- goto malloc_err;
- strncpy(merged, nam.naml$l_long_expand,
- nam.naml$l_long_expand_size);
- merged[nam.naml$l_long_expand_size] = '\0';
- }
- else
- {
- merged = OPENSSL_malloc(nam.naml$b_esl + 1);
- if(!merged)
- goto malloc_err;
- strncpy(merged, nam.naml$l_esa,
- nam.naml$b_esl);
- merged[nam.naml$b_esl] = '\0';
- }
-#else
- merged = OPENSSL_malloc(nam.nam$b_esl + 1);
- if(!merged)
- goto malloc_err;
- strncpy(merged, nam.nam$l_esa,
- nam.nam$b_esl);
- merged[nam.nam$b_esl] = '\0';
-#endif
- return(merged);
- malloc_err:
- DSOerr(DSO_F_VMS_MERGER,
- ERR_R_MALLOC_FAILURE);
- }
-
-static char *vms_name_converter(DSO *dso, const char *filename)
- {
- int len = strlen(filename);
- char *not_translated = OPENSSL_malloc(len+1);
- strcpy(not_translated,filename);
- return(not_translated);
- }
-
-#endif /* OPENSSL_SYS_VMS */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_vms.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dso/dso_vms.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_vms.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_vms.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,504 @@
+/* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#ifdef OPENSSL_SYS_VMS
+# pragma message disable DOLLARID
+# include <rms.h>
+# include <lib$routines.h>
+# include <stsdef.h>
+# include <descrip.h>
+# include <starlet.h>
+#endif
+
+#ifndef OPENSSL_SYS_VMS
+DSO_METHOD *DSO_METHOD_vms(void)
+{
+ return NULL;
+}
+#else
+# pragma message disable DOLLARID
+
+static int vms_load(DSO *dso);
+static int vms_unload(DSO *dso);
+static void *vms_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
+# if 0
+static int vms_unbind_var(DSO *dso, char *symname, void *symptr);
+static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int vms_init(DSO *dso);
+static int vms_finish(DSO *dso);
+static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg);
+# endif
+static char *vms_name_converter(DSO *dso, const char *filename);
+static char *vms_merger(DSO *dso, const char *filespec1,
+ const char *filespec2);
+
+static DSO_METHOD dso_meth_vms = {
+ "OpenSSL 'VMS' shared library method",
+ vms_load,
+ NULL, /* unload */
+ vms_bind_var,
+ vms_bind_func,
+/* For now, "unbind" doesn't exist */
+# if 0
+ NULL, /* unbind_var */
+ NULL, /* unbind_func */
+# endif
+ NULL, /* ctrl */
+ vms_name_converter,
+ vms_merger,
+ NULL, /* init */
+ NULL /* finish */
+};
+
+/*
+ * On VMS, the only "handle" is the file name. LIB$FIND_IMAGE_SYMBOL depends
+ * on the reference to the file name being the same for all calls regarding
+ * one shared image, so we'll just store it in an instance of the following
+ * structure and put a pointer to that instance in the meth_data stack.
+ */
+typedef struct dso_internal_st {
+ /*
+ * This should contain the name only, no directory, no extension, nothing
+ * but a name.
+ */
+ struct dsc$descriptor_s filename_dsc;
+ char filename[FILENAME_MAX + 1];
+ /*
+ * This contains whatever is not in filename, if needed. Normally not
+ * defined.
+ */
+ struct dsc$descriptor_s imagename_dsc;
+ char imagename[FILENAME_MAX + 1];
+} DSO_VMS_INTERNAL;
+
+DSO_METHOD *DSO_METHOD_vms(void)
+{
+ return (&dso_meth_vms);
+}
+
+static int vms_load(DSO *dso)
+{
+ void *ptr = NULL;
+ /* See applicable comments in dso_dl.c */
+ char *filename = DSO_convert_filename(dso, NULL);
+ DSO_VMS_INTERNAL *p;
+ const char *sp1, *sp2; /* Search result */
+
+ if (filename == NULL) {
+ DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME);
+ goto err;
+ }
+
+ /*-
+ * A file specification may look like this:
+ *
+ * node::dev:[dir-spec]name.type;ver
+ *
+ * or (for compatibility with TOPS-20):
+ *
+ * node::dev:<dir-spec>name.type;ver
+ *
+ * and the dir-spec uses '.' as separator. Also, a dir-spec
+ * may consist of several parts, with mixed use of [] and <>:
+ *
+ * [dir1.]<dir2>
+ *
+ * We need to split the file specification into the name and
+ * the rest (both before and after the name itself).
+ */
+ /*
+ * Start with trying to find the end of a dir-spec, and save the position
+ * of the byte after in sp1
+ */
+ sp1 = strrchr(filename, ']');
+ sp2 = strrchr(filename, '>');
+ if (sp1 == NULL)
+ sp1 = sp2;
+ if (sp2 != NULL && sp2 > sp1)
+ sp1 = sp2;
+ if (sp1 == NULL)
+ sp1 = strrchr(filename, ':');
+ if (sp1 == NULL)
+ sp1 = filename;
+ else
+ sp1++; /* The byte after the found character */
+ /* Now, let's see if there's a type, and save the position in sp2 */
+ sp2 = strchr(sp1, '.');
+ /*
+ * If we found it, that's where we'll cut. Otherwise, look for a version
+ * number and save the position in sp2
+ */
+ if (sp2 == NULL)
+ sp2 = strchr(sp1, ';');
+ /*
+ * If there was still nothing to find, set sp2 to point at the end of the
+ * string
+ */
+ if (sp2 == NULL)
+ sp2 = sp1 + strlen(sp1);
+
+ /* Check that we won't get buffer overflows */
+ if (sp2 - sp1 > FILENAME_MAX
+ || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) {
+ DSOerr(DSO_F_VMS_LOAD, DSO_R_FILENAME_TOO_BIG);
+ goto err;
+ }
+
+ p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL));
+ if (p == NULL) {
+ DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ strncpy(p->filename, sp1, sp2 - sp1);
+ p->filename[sp2 - sp1] = '\0';
+
+ strncpy(p->imagename, filename, sp1 - filename);
+ p->imagename[sp1 - filename] = '\0';
+ strcat(p->imagename, sp2);
+
+ p->filename_dsc.dsc$w_length = strlen(p->filename);
+ p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
+ p->filename_dsc.dsc$a_pointer = p->filename;
+ p->imagename_dsc.dsc$w_length = strlen(p->imagename);
+ p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
+ p->imagename_dsc.dsc$a_pointer = p->imagename;
+
+ if (!sk_push(dso->meth_data, (char *)p)) {
+ DSOerr(DSO_F_VMS_LOAD, DSO_R_STACK_ERROR);
+ goto err;
+ }
+
+ /* Success (for now, we lie. We actually do not know...) */
+ dso->loaded_filename = filename;
+ return (1);
+ err:
+ /* Cleanup! */
+ if (p != NULL)
+ OPENSSL_free(p);
+ if (filename != NULL)
+ OPENSSL_free(filename);
+ return (0);
+}
+
+/*
+ * Note that this doesn't actually unload the shared image, as there is no
+ * such thing in VMS. Next time it get loaded again, a new copy will
+ * actually be loaded.
+ */
+static int vms_unload(DSO *dso)
+{
+ DSO_VMS_INTERNAL *p;
+ if (dso == NULL) {
+ DSOerr(DSO_F_VMS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (sk_num(dso->meth_data) < 1)
+ return (1);
+ p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data);
+ if (p == NULL) {
+ DSOerr(DSO_F_VMS_UNLOAD, DSO_R_NULL_HANDLE);
+ return (0);
+ }
+ /* Cleanup */
+ OPENSSL_free(p);
+ return (1);
+}
+
+/*
+ * We must do this in a separate function because of the way the exception
+ * handler works (it makes this function return
+ */
+static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
+ struct dsc$descriptor_s *symname_dsc, void **sym,
+ unsigned long flags)
+{
+ /*
+ * Make sure that signals are caught and returned instead of aborting the
+ * program. The exception handler gets unestablished automatically on
+ * return from this function.
+ */
+ lib$establish(lib$sig_to_ret);
+
+ if (ptr->imagename_dsc.dsc$w_length)
+ return lib$find_image_symbol(&ptr->filename_dsc,
+ symname_dsc, sym,
+ &ptr->imagename_dsc, flags);
+ else
+ return lib$find_image_symbol(&ptr->filename_dsc,
+ symname_dsc, sym, 0, flags);
+}
+
+void vms_bind_sym(DSO *dso, const char *symname, void **sym)
+{
+ DSO_VMS_INTERNAL *ptr;
+ int status;
+# if 0
+ int flags = (1 << 4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't
+ * defined in VMS older than 7.0 or so */
+# else
+ int flags = 0;
+# endif
+ struct dsc$descriptor_s symname_dsc;
+ *sym = NULL;
+
+ symname_dsc.dsc$w_length = strlen(symname);
+ symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ symname_dsc.dsc$b_class = DSC$K_CLASS_S;
+ symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */
+
+ if ((dso == NULL) || (symname == NULL)) {
+ DSOerr(DSO_F_VMS_BIND_SYM, ERR_R_PASSED_NULL_PARAMETER);
+ return;
+ }
+ if (sk_num(dso->meth_data) < 1) {
+ DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_STACK_ERROR);
+ return;
+ }
+ ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data,
+ sk_num(dso->meth_data) - 1);
+ if (ptr == NULL) {
+ DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_NULL_HANDLE);
+ return;
+ }
+
+ if (dso->flags & DSO_FLAG_UPCASE_SYMBOL)
+ flags = 0;
+
+ status = do_find_symbol(ptr, &symname_dsc, sym, flags);
+
+ if (!$VMS_STATUS_SUCCESS(status)) {
+ unsigned short length;
+ char errstring[257];
+ struct dsc$descriptor_s errstring_dsc;
+
+ errstring_dsc.dsc$w_length = sizeof(errstring);
+ errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+ errstring_dsc.dsc$a_pointer = errstring;
+
+ *sym = NULL;
+
+ status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+ if (!$VMS_STATUS_SUCCESS(status))
+ lib$signal(status); /* This is really bad. Abort! */
+ else {
+ errstring[length] = '\0';
+
+ DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_SYM_FAILURE);
+ if (ptr->imagename_dsc.dsc$w_length)
+ ERR_add_error_data(9,
+ "Symbol ", symname,
+ " in ", ptr->filename,
+ " (", ptr->imagename, ")",
+ ": ", errstring);
+ else
+ ERR_add_error_data(6,
+ "Symbol ", symname,
+ " in ", ptr->filename, ": ", errstring);
+ }
+ return;
+ }
+ return;
+}
+
+static void *vms_bind_var(DSO *dso, const char *symname)
+{
+ void *sym = 0;
+ vms_bind_sym(dso, symname, &sym);
+ return sym;
+}
+
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
+{
+ DSO_FUNC_TYPE sym = 0;
+ vms_bind_sym(dso, symname, (void **)&sym);
+ return sym;
+}
+
+static char *vms_merger(DSO *dso, const char *filespec1,
+ const char *filespec2)
+{
+ int status;
+ int filespec1len, filespec2len;
+ struct FAB fab;
+# ifdef NAML$C_MAXRSS
+ struct NAML nam;
+ char esa[NAML$C_MAXRSS];
+# else
+ struct NAM nam;
+ char esa[NAM$C_MAXRSS];
+# endif
+ char *merged;
+
+ if (!filespec1)
+ filespec1 = "";
+ if (!filespec2)
+ filespec2 = "";
+ filespec1len = strlen(filespec1);
+ filespec2len = strlen(filespec2);
+
+ fab = cc$rms_fab;
+# ifdef NAML$C_MAXRSS
+ nam = cc$rms_naml;
+# else
+ nam = cc$rms_nam;
+# endif
+
+ fab.fab$l_fna = (char *)filespec1;
+ fab.fab$b_fns = filespec1len;
+ fab.fab$l_dna = (char *)filespec2;
+ fab.fab$b_dns = filespec2len;
+# ifdef NAML$C_MAXRSS
+ if (filespec1len > NAM$C_MAXRSS) {
+ fab.fab$l_fna = 0;
+ fab.fab$b_fns = 0;
+ nam.naml$l_long_filename = (char *)filespec1;
+ nam.naml$l_long_filename_size = filespec1len;
+ }
+ if (filespec2len > NAM$C_MAXRSS) {
+ fab.fab$l_dna = 0;
+ fab.fab$b_dns = 0;
+ nam.naml$l_long_defname = (char *)filespec2;
+ nam.naml$l_long_defname_size = filespec2len;
+ }
+ nam.naml$l_esa = esa;
+ nam.naml$b_ess = NAM$C_MAXRSS;
+ nam.naml$l_long_expand = esa;
+ nam.naml$l_long_expand_alloc = sizeof(esa);
+ nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
+ nam.naml$v_no_short_upcase = 1;
+ fab.fab$l_naml = &nam;
+# else
+ nam.nam$l_esa = esa;
+ nam.nam$b_ess = NAM$C_MAXRSS;
+ nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
+ fab.fab$l_nam = &nam;
+# endif
+
+ status = sys$parse(&fab, 0, 0);
+
+ if (!$VMS_STATUS_SUCCESS(status)) {
+ unsigned short length;
+ char errstring[257];
+ struct dsc$descriptor_s errstring_dsc;
+
+ errstring_dsc.dsc$w_length = sizeof(errstring);
+ errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+ errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+ errstring_dsc.dsc$a_pointer = errstring;
+
+ status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+ if (!$VMS_STATUS_SUCCESS(status))
+ lib$signal(status); /* This is really bad. Abort! */
+ else {
+ errstring[length] = '\0';
+
+ DSOerr(DSO_F_VMS_MERGER, DSO_R_FAILURE);
+ ERR_add_error_data(7,
+ "filespec \"", filespec1, "\", ",
+ "defaults \"", filespec2, "\": ", errstring);
+ }
+ return (NULL);
+ }
+# ifdef NAML$C_MAXRSS
+ if (nam.naml$l_long_expand_size) {
+ merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1);
+ if (!merged)
+ goto malloc_err;
+ strncpy(merged, nam.naml$l_long_expand, nam.naml$l_long_expand_size);
+ merged[nam.naml$l_long_expand_size] = '\0';
+ } else {
+ merged = OPENSSL_malloc(nam.naml$b_esl + 1);
+ if (!merged)
+ goto malloc_err;
+ strncpy(merged, nam.naml$l_esa, nam.naml$b_esl);
+ merged[nam.naml$b_esl] = '\0';
+ }
+# else
+ merged = OPENSSL_malloc(nam.nam$b_esl + 1);
+ if (!merged)
+ goto malloc_err;
+ strncpy(merged, nam.nam$l_esa, nam.nam$b_esl);
+ merged[nam.nam$b_esl] = '\0';
+# endif
+ return (merged);
+ malloc_err:
+ DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE);
+}
+
+static char *vms_name_converter(DSO *dso, const char *filename)
+{
+ int len = strlen(filename);
+ char *not_translated = OPENSSL_malloc(len + 1);
+ strcpy(not_translated, filename);
+ return (not_translated);
+}
+
+#endif /* OPENSSL_SYS_VMS */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_win32.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dso/dso_win32.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_win32.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,663 +0,0 @@
-/* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/dso.h>
-
-#if !defined(DSO_WIN32)
-DSO_METHOD *DSO_METHOD_win32(void)
- {
- return NULL;
- }
-#else
-
-#ifdef _WIN32_WCE
-# if _WIN32_WCE < 300
-static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)
- {
- WCHAR lpProcNameW[64];
- int i;
-
- for (i=0;lpProcName[i] && i<64;i++)
- lpProcNameW[i] = (WCHAR)lpProcName[i];
- if (i==64) return NULL;
- lpProcNameW[i] = 0;
-
- return GetProcAddressW(hModule,lpProcNameW);
- }
-# endif
-# undef GetProcAddress
-# define GetProcAddress GetProcAddressA
-
-static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)
- {
- WCHAR *fnamw;
- size_t len_0=strlen(lpLibFileName)+1,i;
-
-#ifdef _MSC_VER
- fnamw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
-#else
- fnamw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
-#endif
- if (fnamw == NULL) return NULL;
-
-#if defined(_WIN32_WCE) && _WIN32_WCE>=101
- if (!MultiByteToWideChar(CP_ACP,0,lpLibFileName,len_0,fnamw,len_0))
-#endif
- for (i=0;i<len_0;i++) fnamw[i]=(WCHAR)lpLibFileName[i];
-
- return LoadLibraryW(fnamw);
- }
-#endif
-
-/* Part of the hack in "win32_load" ... */
-#define DSO_MAX_TRANSLATED_SIZE 256
-
-static int win32_load(DSO *dso);
-static int win32_unload(DSO *dso);
-static void *win32_bind_var(DSO *dso, const char *symname);
-static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
-#if 0
-static int win32_unbind_var(DSO *dso, char *symname, void *symptr);
-static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
-static int win32_init(DSO *dso);
-static int win32_finish(DSO *dso);
-static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);
-#endif
-static char *win32_name_converter(DSO *dso, const char *filename);
-static char *win32_merger(DSO *dso, const char *filespec1,
- const char *filespec2);
-
-static const char *openssl_strnchr(const char *string, int c, size_t len);
-
-static DSO_METHOD dso_meth_win32 = {
- "OpenSSL 'win32' shared library method",
- win32_load,
- win32_unload,
- win32_bind_var,
- win32_bind_func,
-/* For now, "unbind" doesn't exist */
-#if 0
- NULL, /* unbind_var */
- NULL, /* unbind_func */
-#endif
- NULL, /* ctrl */
- win32_name_converter,
- win32_merger,
- NULL, /* init */
- NULL /* finish */
- };
-
-DSO_METHOD *DSO_METHOD_win32(void)
- {
- return(&dso_meth_win32);
- }
-
-/* For this DSO_METHOD, our meth_data STACK will contain;
- * (i) a pointer to the handle (HINSTANCE) returned from
- * LoadLibrary(), and copied.
- */
-
-static int win32_load(DSO *dso)
- {
- HINSTANCE h = NULL, *p = NULL;
- /* See applicable comments from dso_dl.c */
- char *filename = DSO_convert_filename(dso, NULL);
-
- if(filename == NULL)
- {
- DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
- goto err;
- }
- h = LoadLibraryA(filename);
- if(h == NULL)
- {
- DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
- ERR_add_error_data(3, "filename(", filename, ")");
- goto err;
- }
- p = (HINSTANCE *)OPENSSL_malloc(sizeof(HINSTANCE));
- if(p == NULL)
- {
- DSOerr(DSO_F_WIN32_LOAD,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- *p = h;
- if(!sk_push(dso->meth_data, (char *)p))
- {
- DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR);
- goto err;
- }
- /* Success */
- dso->loaded_filename = filename;
- return(1);
-err:
- /* Cleanup !*/
- if(filename != NULL)
- OPENSSL_free(filename);
- if(p != NULL)
- OPENSSL_free(p);
- if(h != NULL)
- FreeLibrary(h);
- return(0);
- }
-
-static int win32_unload(DSO *dso)
- {
- HINSTANCE *p;
- if(dso == NULL)
- {
- DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if(sk_num(dso->meth_data) < 1)
- return(1);
- p = (HINSTANCE *)sk_pop(dso->meth_data);
- if(p == NULL)
- {
- DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE);
- return(0);
- }
- if(!FreeLibrary(*p))
- {
- DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED);
- /* We should push the value back onto the stack in
- * case of a retry. */
- sk_push(dso->meth_data, (char *)p);
- return(0);
- }
- /* Cleanup */
- OPENSSL_free(p);
- return(1);
- }
-
-/* Using GetProcAddress for variables? TODO: Check this out in
- * the Win32 API docs, there's probably a variant for variables. */
-static void *win32_bind_var(DSO *dso, const char *symname)
- {
- HINSTANCE *ptr;
- void *sym;
-
- if((dso == NULL) || (symname == NULL))
- {
- DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- if(sk_num(dso->meth_data) < 1)
- {
- DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR);
- return(NULL);
- }
- ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
- if(ptr == NULL)
- {
- DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE);
- return(NULL);
- }
- sym = GetProcAddress(*ptr, symname);
- if(sym == NULL)
- {
- DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_SYM_FAILURE);
- ERR_add_error_data(3, "symname(", symname, ")");
- return(NULL);
- }
- return(sym);
- }
-
-static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
- {
- HINSTANCE *ptr;
- void *sym;
-
- if((dso == NULL) || (symname == NULL))
- {
- DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- if(sk_num(dso->meth_data) < 1)
- {
- DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR);
- return(NULL);
- }
- ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
- if(ptr == NULL)
- {
- DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE);
- return(NULL);
- }
- sym = GetProcAddress(*ptr, symname);
- if(sym == NULL)
- {
- DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_SYM_FAILURE);
- ERR_add_error_data(3, "symname(", symname, ")");
- return(NULL);
- }
- return((DSO_FUNC_TYPE)sym);
- }
-
-struct file_st
- {
- const char *node; int nodelen;
- const char *device; int devicelen;
- const char *predir; int predirlen;
- const char *dir; int dirlen;
- const char *file; int filelen;
- };
-
-static struct file_st *win32_splitter(DSO *dso, const char *filename,
- int assume_last_is_dir)
- {
- struct file_st *result = NULL;
- enum { IN_NODE, IN_DEVICE, IN_FILE } position;
- const char *start = filename;
- char last;
-
- if (!filename)
- {
- DSOerr(DSO_F_WIN32_SPLITTER,DSO_R_NO_FILENAME);
- /*goto err;*/
- return(NULL);
- }
-
- result = OPENSSL_malloc(sizeof(struct file_st));
- if(result == NULL)
- {
- DSOerr(DSO_F_WIN32_SPLITTER,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
- memset(result, 0, sizeof(struct file_st));
- position = IN_DEVICE;
-
- if((filename[0] == '\\' && filename[1] == '\\')
- || (filename[0] == '/' && filename[1] == '/'))
- {
- position = IN_NODE;
- filename += 2;
- start = filename;
- result->node = start;
- }
-
- do
- {
- last = filename[0];
- switch(last)
- {
- case ':':
- if(position != IN_DEVICE)
- {
- DSOerr(DSO_F_WIN32_SPLITTER,
- DSO_R_INCORRECT_FILE_SYNTAX);
- /*goto err;*/
- OPENSSL_free(result);
- return(NULL);
- }
- result->device = start;
- result->devicelen = filename - start;
- position = IN_FILE;
- start = ++filename;
- result->dir = start;
- break;
- case '\\':
- case '/':
- if(position == IN_NODE)
- {
- result->nodelen = filename - start;
- position = IN_FILE;
- start = ++filename;
- result->dir = start;
- }
- else if(position == IN_DEVICE)
- {
- position = IN_FILE;
- filename++;
- result->dir = start;
- result->dirlen = filename - start;
- start = filename;
- }
- else
- {
- filename++;
- result->dirlen += filename - start;
- start = filename;
- }
- break;
- case '\0':
- if(position == IN_NODE)
- {
- result->nodelen = filename - start;
- }
- else
- {
- if(filename - start > 0)
- {
- if (assume_last_is_dir)
- {
- if (position == IN_DEVICE)
- {
- result->dir = start;
- result->dirlen = 0;
- }
- result->dirlen +=
- filename - start;
- }
- else
- {
- result->file = start;
- result->filelen =
- filename - start;
- }
- }
- }
- break;
- default:
- filename++;
- break;
- }
- }
- while(last);
-
- if(!result->nodelen) result->node = NULL;
- if(!result->devicelen) result->device = NULL;
- if(!result->dirlen) result->dir = NULL;
- if(!result->filelen) result->file = NULL;
-
- return(result);
- }
-
-static char *win32_joiner(DSO *dso, const struct file_st *file_split)
- {
- int len = 0, offset = 0;
- char *result = NULL;
- const char *start;
-
- if(!file_split)
- {
- DSOerr(DSO_F_WIN32_JOINER,
- ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- if(file_split->node)
- {
- len += 2 + file_split->nodelen; /* 2 for starting \\ */
- if(file_split->predir || file_split->dir || file_split->file)
- len++; /* 1 for ending \ */
- }
- else if(file_split->device)
- {
- len += file_split->devicelen + 1; /* 1 for ending : */
- }
- len += file_split->predirlen;
- if(file_split->predir && (file_split->dir || file_split->file))
- {
- len++; /* 1 for ending \ */
- }
- len += file_split->dirlen;
- if(file_split->dir && file_split->file)
- {
- len++; /* 1 for ending \ */
- }
- len += file_split->filelen;
-
- if(!len)
- {
- DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE);
- return(NULL);
- }
-
- result = OPENSSL_malloc(len + 1);
- if (!result)
- {
- DSOerr(DSO_F_WIN32_JOINER,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
- if(file_split->node)
- {
- strcpy(&result[offset], "\\\\"); offset += 2;
- strncpy(&result[offset], file_split->node,
- file_split->nodelen); offset += file_split->nodelen;
- if(file_split->predir || file_split->dir || file_split->file)
- {
- result[offset] = '\\'; offset++;
- }
- }
- else if(file_split->device)
- {
- strncpy(&result[offset], file_split->device,
- file_split->devicelen); offset += file_split->devicelen;
- result[offset] = ':'; offset++;
- }
- start = file_split->predir;
- while(file_split->predirlen > (start - file_split->predir))
- {
- const char *end = openssl_strnchr(start, '/',
- file_split->predirlen - (start - file_split->predir));
- if(!end)
- end = start
- + file_split->predirlen
- - (start - file_split->predir);
- strncpy(&result[offset], start,
- end - start); offset += end - start;
- result[offset] = '\\'; offset++;
- start = end + 1;
- }
-#if 0 /* Not needed, since the directory converter above already appeneded
- a backslash */
- if(file_split->predir && (file_split->dir || file_split->file))
- {
- result[offset] = '\\'; offset++;
- }
-#endif
- start = file_split->dir;
- while(file_split->dirlen > (start - file_split->dir))
- {
- const char *end = openssl_strnchr(start, '/',
- file_split->dirlen - (start - file_split->dir));
- if(!end)
- end = start
- + file_split->dirlen
- - (start - file_split->dir);
- strncpy(&result[offset], start,
- end - start); offset += end - start;
- result[offset] = '\\'; offset++;
- start = end + 1;
- }
-#if 0 /* Not needed, since the directory converter above already appeneded
- a backslash */
- if(file_split->dir && file_split->file)
- {
- result[offset] = '\\'; offset++;
- }
-#endif
- strncpy(&result[offset], file_split->file,
- file_split->filelen); offset += file_split->filelen;
- result[offset] = '\0';
- return(result);
- }
-
-static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2)
- {
- char *merged = NULL;
- struct file_st *filespec1_split = NULL;
- struct file_st *filespec2_split = NULL;
-
- if(!filespec1 && !filespec2)
- {
- DSOerr(DSO_F_WIN32_MERGER,
- ERR_R_PASSED_NULL_PARAMETER);
- return(NULL);
- }
- if (!filespec2)
- {
- merged = OPENSSL_malloc(strlen(filespec1) + 1);
- if(!merged)
- {
- DSOerr(DSO_F_WIN32_MERGER,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- strcpy(merged, filespec1);
- }
- else if (!filespec1)
- {
- merged = OPENSSL_malloc(strlen(filespec2) + 1);
- if(!merged)
- {
- DSOerr(DSO_F_WIN32_MERGER,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- strcpy(merged, filespec2);
- }
- else
- {
- filespec1_split = win32_splitter(dso, filespec1, 0);
- if (!filespec1_split)
- {
- DSOerr(DSO_F_WIN32_MERGER,
- ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- filespec2_split = win32_splitter(dso, filespec2, 1);
- if (!filespec2_split)
- {
- DSOerr(DSO_F_WIN32_MERGER,
- ERR_R_MALLOC_FAILURE);
- OPENSSL_free(filespec1_split);
- return(NULL);
- }
-
- /* Fill in into filespec1_split */
- if (!filespec1_split->node && !filespec1_split->device)
- {
- filespec1_split->node = filespec2_split->node;
- filespec1_split->nodelen = filespec2_split->nodelen;
- filespec1_split->device = filespec2_split->device;
- filespec1_split->devicelen = filespec2_split->devicelen;
- }
- if (!filespec1_split->dir)
- {
- filespec1_split->dir = filespec2_split->dir;
- filespec1_split->dirlen = filespec2_split->dirlen;
- }
- else if (filespec1_split->dir[0] != '\\'
- && filespec1_split->dir[0] != '/')
- {
- filespec1_split->predir = filespec2_split->dir;
- filespec1_split->predirlen = filespec2_split->dirlen;
- }
- if (!filespec1_split->file)
- {
- filespec1_split->file = filespec2_split->file;
- filespec1_split->filelen = filespec2_split->filelen;
- }
-
- merged = win32_joiner(dso, filespec1_split);
- }
- OPENSSL_free(filespec1_split);
- OPENSSL_free(filespec2_split);
- return(merged);
- }
-
-static char *win32_name_converter(DSO *dso, const char *filename)
- {
- char *translated;
- int len, transform;
-
- len = strlen(filename);
- transform = ((strstr(filename, "/") == NULL) &&
- (strstr(filename, "\\") == NULL) &&
- (strstr(filename, ":") == NULL));
- if(transform)
- /* We will convert this to "%s.dll" */
- translated = OPENSSL_malloc(len + 5);
- else
- /* We will simply duplicate filename */
- translated = OPENSSL_malloc(len + 1);
- if(translated == NULL)
- {
- DSOerr(DSO_F_WIN32_NAME_CONVERTER,
- DSO_R_NAME_TRANSLATION_FAILED);
- return(NULL);
- }
- if(transform)
- sprintf(translated, "%s.dll", filename);
- else
- sprintf(translated, "%s", filename);
- return(translated);
- }
-
-static const char *openssl_strnchr(const char *string, int c, size_t len)
- {
- size_t i;
- const char *p;
- for (i = 0, p = string; i < len && *p; i++, p++)
- {
- if (*p == c)
- return p;
- }
- return NULL;
- }
-
-
-#endif /* OPENSSL_SYS_WIN32 */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_win32.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dso/dso_win32.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_win32.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dso/dso_win32.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,609 @@
+/* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#if !defined(DSO_WIN32)
+DSO_METHOD *DSO_METHOD_win32(void)
+{
+ return NULL;
+}
+#else
+
+# ifdef _WIN32_WCE
+# if _WIN32_WCE < 300
+static FARPROC GetProcAddressA(HMODULE hModule, LPCSTR lpProcName)
+{
+ WCHAR lpProcNameW[64];
+ int i;
+
+ for (i = 0; lpProcName[i] && i < 64; i++)
+ lpProcNameW[i] = (WCHAR)lpProcName[i];
+ if (i == 64)
+ return NULL;
+ lpProcNameW[i] = 0;
+
+ return GetProcAddressW(hModule, lpProcNameW);
+}
+# endif
+# undef GetProcAddress
+# define GetProcAddress GetProcAddressA
+
+static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)
+{
+ WCHAR *fnamw;
+ size_t len_0 = strlen(lpLibFileName) + 1, i;
+
+# ifdef _MSC_VER
+ fnamw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR));
+# else
+ fnamw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
+# endif
+ if (fnamw == NULL)
+ return NULL;
+
+# if defined(_WIN32_WCE) && _WIN32_WCE>=101
+ if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0))
+# endif
+ for (i = 0; i < len_0; i++)
+ fnamw[i] = (WCHAR)lpLibFileName[i];
+
+ return LoadLibraryW(fnamw);
+}
+# endif
+
+/* Part of the hack in "win32_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int win32_load(DSO *dso);
+static int win32_unload(DSO *dso);
+static void *win32_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
+# if 0
+static int win32_unbind_var(DSO *dso, char *symname, void *symptr);
+static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int win32_init(DSO *dso);
+static int win32_finish(DSO *dso);
+static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);
+# endif
+static char *win32_name_converter(DSO *dso, const char *filename);
+static char *win32_merger(DSO *dso, const char *filespec1,
+ const char *filespec2);
+
+static const char *openssl_strnchr(const char *string, int c, size_t len);
+
+static DSO_METHOD dso_meth_win32 = {
+ "OpenSSL 'win32' shared library method",
+ win32_load,
+ win32_unload,
+ win32_bind_var,
+ win32_bind_func,
+/* For now, "unbind" doesn't exist */
+# if 0
+ NULL, /* unbind_var */
+ NULL, /* unbind_func */
+# endif
+ NULL, /* ctrl */
+ win32_name_converter,
+ win32_merger,
+ NULL, /* init */
+ NULL /* finish */
+};
+
+DSO_METHOD *DSO_METHOD_win32(void)
+{
+ return (&dso_meth_win32);
+}
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to
+ * the handle (HINSTANCE) returned from LoadLibrary(), and copied.
+ */
+
+static int win32_load(DSO *dso)
+{
+ HINSTANCE h = NULL, *p = NULL;
+ /* See applicable comments from dso_dl.c */
+ char *filename = DSO_convert_filename(dso, NULL);
+
+ if (filename == NULL) {
+ DSOerr(DSO_F_WIN32_LOAD, DSO_R_NO_FILENAME);
+ goto err;
+ }
+ h = LoadLibraryA(filename);
+ if (h == NULL) {
+ DSOerr(DSO_F_WIN32_LOAD, DSO_R_LOAD_FAILED);
+ ERR_add_error_data(3, "filename(", filename, ")");
+ goto err;
+ }
+ p = (HINSTANCE *) OPENSSL_malloc(sizeof(HINSTANCE));
+ if (p == NULL) {
+ DSOerr(DSO_F_WIN32_LOAD, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ *p = h;
+ if (!sk_push(dso->meth_data, (char *)p)) {
+ DSOerr(DSO_F_WIN32_LOAD, DSO_R_STACK_ERROR);
+ goto err;
+ }
+ /* Success */
+ dso->loaded_filename = filename;
+ return (1);
+ err:
+ /* Cleanup ! */
+ if (filename != NULL)
+ OPENSSL_free(filename);
+ if (p != NULL)
+ OPENSSL_free(p);
+ if (h != NULL)
+ FreeLibrary(h);
+ return (0);
+}
+
+static int win32_unload(DSO *dso)
+{
+ HINSTANCE *p;
+ if (dso == NULL) {
+ DSOerr(DSO_F_WIN32_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (sk_num(dso->meth_data) < 1)
+ return (1);
+ p = (HINSTANCE *) sk_pop(dso->meth_data);
+ if (p == NULL) {
+ DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_NULL_HANDLE);
+ return (0);
+ }
+ if (!FreeLibrary(*p)) {
+ DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_UNLOAD_FAILED);
+ /*
+ * We should push the value back onto the stack in case of a retry.
+ */
+ sk_push(dso->meth_data, (char *)p);
+ return (0);
+ }
+ /* Cleanup */
+ OPENSSL_free(p);
+ return (1);
+}
+
+/*
+ * Using GetProcAddress for variables? TODO: Check this out in the Win32 API
+ * docs, there's probably a variant for variables.
+ */
+static void *win32_bind_var(DSO *dso, const char *symname)
+{
+ HINSTANCE *ptr;
+ void *sym;
+
+ if ((dso == NULL) || (symname == NULL)) {
+ DSOerr(DSO_F_WIN32_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ if (sk_num(dso->meth_data) < 1) {
+ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_STACK_ERROR);
+ return (NULL);
+ }
+ ptr = (HINSTANCE *) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+ if (ptr == NULL) {
+ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_NULL_HANDLE);
+ return (NULL);
+ }
+ sym = GetProcAddress(*ptr, symname);
+ if (sym == NULL) {
+ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_SYM_FAILURE);
+ ERR_add_error_data(3, "symname(", symname, ")");
+ return (NULL);
+ }
+ return (sym);
+}
+
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
+{
+ HINSTANCE *ptr;
+ void *sym;
+
+ if ((dso == NULL) || (symname == NULL)) {
+ DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ if (sk_num(dso->meth_data) < 1) {
+ DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_STACK_ERROR);
+ return (NULL);
+ }
+ ptr = (HINSTANCE *) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+ if (ptr == NULL) {
+ DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE);
+ return (NULL);
+ }
+ sym = GetProcAddress(*ptr, symname);
+ if (sym == NULL) {
+ DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE);
+ ERR_add_error_data(3, "symname(", symname, ")");
+ return (NULL);
+ }
+ return ((DSO_FUNC_TYPE)sym);
+}
+
+struct file_st {
+ const char *node;
+ int nodelen;
+ const char *device;
+ int devicelen;
+ const char *predir;
+ int predirlen;
+ const char *dir;
+ int dirlen;
+ const char *file;
+ int filelen;
+};
+
+static struct file_st *win32_splitter(DSO *dso, const char *filename,
+ int assume_last_is_dir)
+{
+ struct file_st *result = NULL;
+ enum { IN_NODE, IN_DEVICE, IN_FILE } position;
+ const char *start = filename;
+ char last;
+
+ if (!filename) {
+ DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_NO_FILENAME);
+ /*
+ * goto err;
+ */
+ return (NULL);
+ }
+
+ result = OPENSSL_malloc(sizeof(struct file_st));
+ if (result == NULL) {
+ DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+
+ memset(result, 0, sizeof(struct file_st));
+ position = IN_DEVICE;
+
+ if ((filename[0] == '\\' && filename[1] == '\\')
+ || (filename[0] == '/' && filename[1] == '/')) {
+ position = IN_NODE;
+ filename += 2;
+ start = filename;
+ result->node = start;
+ }
+
+ do {
+ last = filename[0];
+ switch (last) {
+ case ':':
+ if (position != IN_DEVICE) {
+ DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX);
+ /*
+ * goto err;
+ */
+ OPENSSL_free(result);
+ return (NULL);
+ }
+ result->device = start;
+ result->devicelen = filename - start;
+ position = IN_FILE;
+ start = ++filename;
+ result->dir = start;
+ break;
+ case '\\':
+ case '/':
+ if (position == IN_NODE) {
+ result->nodelen = filename - start;
+ position = IN_FILE;
+ start = ++filename;
+ result->dir = start;
+ } else if (position == IN_DEVICE) {
+ position = IN_FILE;
+ filename++;
+ result->dir = start;
+ result->dirlen = filename - start;
+ start = filename;
+ } else {
+ filename++;
+ result->dirlen += filename - start;
+ start = filename;
+ }
+ break;
+ case '\0':
+ if (position == IN_NODE) {
+ result->nodelen = filename - start;
+ } else {
+ if (filename - start > 0) {
+ if (assume_last_is_dir) {
+ if (position == IN_DEVICE) {
+ result->dir = start;
+ result->dirlen = 0;
+ }
+ result->dirlen += filename - start;
+ } else {
+ result->file = start;
+ result->filelen = filename - start;
+ }
+ }
+ }
+ break;
+ default:
+ filename++;
+ break;
+ }
+ }
+ while (last);
+
+ if (!result->nodelen)
+ result->node = NULL;
+ if (!result->devicelen)
+ result->device = NULL;
+ if (!result->dirlen)
+ result->dir = NULL;
+ if (!result->filelen)
+ result->file = NULL;
+
+ return (result);
+}
+
+static char *win32_joiner(DSO *dso, const struct file_st *file_split)
+{
+ int len = 0, offset = 0;
+ char *result = NULL;
+ const char *start;
+
+ if (!file_split) {
+ DSOerr(DSO_F_WIN32_JOINER, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ if (file_split->node) {
+ len += 2 + file_split->nodelen; /* 2 for starting \\ */
+ if (file_split->predir || file_split->dir || file_split->file)
+ len++; /* 1 for ending \ */
+ } else if (file_split->device) {
+ len += file_split->devicelen + 1; /* 1 for ending : */
+ }
+ len += file_split->predirlen;
+ if (file_split->predir && (file_split->dir || file_split->file)) {
+ len++; /* 1 for ending \ */
+ }
+ len += file_split->dirlen;
+ if (file_split->dir && file_split->file) {
+ len++; /* 1 for ending \ */
+ }
+ len += file_split->filelen;
+
+ if (!len) {
+ DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE);
+ return (NULL);
+ }
+
+ result = OPENSSL_malloc(len + 1);
+ if (!result) {
+ DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+
+ if (file_split->node) {
+ strcpy(&result[offset], "\\\\");
+ offset += 2;
+ strncpy(&result[offset], file_split->node, file_split->nodelen);
+ offset += file_split->nodelen;
+ if (file_split->predir || file_split->dir || file_split->file) {
+ result[offset] = '\\';
+ offset++;
+ }
+ } else if (file_split->device) {
+ strncpy(&result[offset], file_split->device, file_split->devicelen);
+ offset += file_split->devicelen;
+ result[offset] = ':';
+ offset++;
+ }
+ start = file_split->predir;
+ while (file_split->predirlen > (start - file_split->predir)) {
+ const char *end = openssl_strnchr(start, '/',
+ file_split->predirlen - (start -
+ file_split->predir));
+ if (!end)
+ end = start
+ + file_split->predirlen - (start - file_split->predir);
+ strncpy(&result[offset], start, end - start);
+ offset += end - start;
+ result[offset] = '\\';
+ offset++;
+ start = end + 1;
+ }
+# if 0 /* Not needed, since the directory converter
+ * above already appeneded a backslash */
+ if (file_split->predir && (file_split->dir || file_split->file)) {
+ result[offset] = '\\';
+ offset++;
+ }
+# endif
+ start = file_split->dir;
+ while (file_split->dirlen > (start - file_split->dir)) {
+ const char *end = openssl_strnchr(start, '/',
+ file_split->dirlen - (start -
+ file_split->dir));
+ if (!end)
+ end = start + file_split->dirlen - (start - file_split->dir);
+ strncpy(&result[offset], start, end - start);
+ offset += end - start;
+ result[offset] = '\\';
+ offset++;
+ start = end + 1;
+ }
+# if 0 /* Not needed, since the directory converter
+ * above already appeneded a backslash */
+ if (file_split->dir && file_split->file) {
+ result[offset] = '\\';
+ offset++;
+ }
+# endif
+ strncpy(&result[offset], file_split->file, file_split->filelen);
+ offset += file_split->filelen;
+ result[offset] = '\0';
+ return (result);
+}
+
+static char *win32_merger(DSO *dso, const char *filespec1,
+ const char *filespec2)
+{
+ char *merged = NULL;
+ struct file_st *filespec1_split = NULL;
+ struct file_st *filespec2_split = NULL;
+
+ if (!filespec1 && !filespec2) {
+ DSOerr(DSO_F_WIN32_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+ return (NULL);
+ }
+ if (!filespec2) {
+ merged = OPENSSL_malloc(strlen(filespec1) + 1);
+ if (!merged) {
+ DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ strcpy(merged, filespec1);
+ } else if (!filespec1) {
+ merged = OPENSSL_malloc(strlen(filespec2) + 1);
+ if (!merged) {
+ DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ strcpy(merged, filespec2);
+ } else {
+ filespec1_split = win32_splitter(dso, filespec1, 0);
+ if (!filespec1_split) {
+ DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ filespec2_split = win32_splitter(dso, filespec2, 1);
+ if (!filespec2_split) {
+ DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(filespec1_split);
+ return (NULL);
+ }
+
+ /* Fill in into filespec1_split */
+ if (!filespec1_split->node && !filespec1_split->device) {
+ filespec1_split->node = filespec2_split->node;
+ filespec1_split->nodelen = filespec2_split->nodelen;
+ filespec1_split->device = filespec2_split->device;
+ filespec1_split->devicelen = filespec2_split->devicelen;
+ }
+ if (!filespec1_split->dir) {
+ filespec1_split->dir = filespec2_split->dir;
+ filespec1_split->dirlen = filespec2_split->dirlen;
+ } else if (filespec1_split->dir[0] != '\\'
+ && filespec1_split->dir[0] != '/') {
+ filespec1_split->predir = filespec2_split->dir;
+ filespec1_split->predirlen = filespec2_split->dirlen;
+ }
+ if (!filespec1_split->file) {
+ filespec1_split->file = filespec2_split->file;
+ filespec1_split->filelen = filespec2_split->filelen;
+ }
+
+ merged = win32_joiner(dso, filespec1_split);
+ }
+ OPENSSL_free(filespec1_split);
+ OPENSSL_free(filespec2_split);
+ return (merged);
+}
+
+static char *win32_name_converter(DSO *dso, const char *filename)
+{
+ char *translated;
+ int len, transform;
+
+ len = strlen(filename);
+ transform = ((strstr(filename, "/") == NULL) &&
+ (strstr(filename, "\\") == NULL) &&
+ (strstr(filename, ":") == NULL));
+ if (transform)
+ /* We will convert this to "%s.dll" */
+ translated = OPENSSL_malloc(len + 5);
+ else
+ /* We will simply duplicate filename */
+ translated = OPENSSL_malloc(len + 1);
+ if (translated == NULL) {
+ DSOerr(DSO_F_WIN32_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+ return (NULL);
+ }
+ if (transform)
+ sprintf(translated, "%s.dll", filename);
+ else
+ sprintf(translated, "%s", filename);
+ return (translated);
+}
+
+static const char *openssl_strnchr(const char *string, int c, size_t len)
+{
+ size_t i;
+ const char *p;
+ for (i = 0, p = string; i < len && *p; i++, p++) {
+ if (*p == c)
+ return p;
+ }
+ return NULL;
+}
+
+#endif /* OPENSSL_SYS_WIN32 */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/dyn_lck.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/dyn_lck.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dyn_lck.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,428 +0,0 @@
-/* crypto/cryptlib.c */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include "cryptlib.h"
-#include <openssl/safestack.h>
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
-#endif
-
-DECLARE_STACK_OF(CRYPTO_dynlock)
-IMPLEMENT_STACK_OF(CRYPTO_dynlock)
-
-/* real #defines in crypto.h, keep these upto date */
-static const char* const lock_names[CRYPTO_NUM_LOCKS] =
- {
- "<<ERROR>>",
- "err",
- "ex_data",
- "x509",
- "x509_info",
- "x509_pkey",
- "x509_crl",
- "x509_req",
- "dsa",
- "rsa",
- "evp_pkey",
- "x509_store",
- "ssl_ctx",
- "ssl_cert",
- "ssl_session",
- "ssl_sess_cert",
- "ssl",
- "ssl_method",
- "rand",
- "rand2",
- "debug_malloc",
- "BIO",
- "gethostbyname",
- "getservbyname",
- "readdir",
- "RSA_blinding",
- "dh",
- "debug_malloc2",
- "dso",
- "dynlock",
- "engine",
- "ui",
- "ecdsa",
- "ec",
- "ecdh",
- "bn",
- "ec_pre_comp",
- "store",
- "comp",
-#ifndef OPENSSL_FIPS
-# if CRYPTO_NUM_LOCKS != 39
-# error "Inconsistency between crypto.h and cryptlib.c"
-# endif
-#else
- "fips",
- "fips2",
-# if CRYPTO_NUM_LOCKS != 41
-# error "Inconsistency between crypto.h and cryptlib.c"
-# endif
-#endif
- };
-
-/* This is for applications to allocate new type names in the non-dynamic
- array of lock names. These are numbered with positive numbers. */
-static STACK *app_locks=NULL;
-
-/* For applications that want a more dynamic way of handling threads, the
- following stack is used. These are externally numbered with negative
- numbers. */
-static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
-
-
-static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
- (const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_lock_callback)(int mode,
- struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
- const char *file,int line)=NULL;
-
-int CRYPTO_get_new_lockid(char *name)
- {
- char *str;
- int i;
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
- /* A hack to make Visual C++ 5.0 work correctly when linking as
- * a DLL using /MT. Without this, the application cannot use
- * and floating point printf's.
- * It also seems to be needed for Visual C 1.5 (win16) */
- SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
-#endif
-
- if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL))
- {
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- if ((str=BUF_strdup(name)) == NULL)
- {
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- i=sk_push(app_locks,str);
- if (!i)
- OPENSSL_free(str);
- else
- i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
- return(i);
- }
-
-int CRYPTO_get_new_dynlockid(void)
- {
- int i = 0;
- CRYPTO_dynlock *pointer = NULL;
-
- if (dynlock_create_callback == NULL)
- {
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
- return(0);
- }
- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
- if ((dyn_locks == NULL)
- && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
- pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));
- if (pointer == NULL)
- {
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- pointer->references = 1;
- pointer->data = dynlock_create_callback(__FILE__,__LINE__);
- if (pointer->data == NULL)
- {
- OPENSSL_free(pointer);
- CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
- /* First, try to find an existing empty slot */
- i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
- /* If there was none, push, thereby creating a new one */
- if (i == -1)
- /* Since sk_push() returns the number of items on the
- stack, not the location of the pushed item, we need
- to transform the returned number into a position,
- by decreasing it. */
- i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
- else
- /* If we found a place with a NULL pointer, put our pointer
- in it. */
- (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
- if (i == -1)
- {
- dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
- OPENSSL_free(pointer);
- }
- else
- i += 1; /* to avoid 0 */
- return -i;
- }
-
-void CRYPTO_destroy_dynlockid(int i)
- {
- CRYPTO_dynlock *pointer = NULL;
- if (i)
- i = -i-1;
- if (dynlock_destroy_callback == NULL)
- return;
-
- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-
- if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
- return;
- }
- pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
- if (pointer != NULL)
- {
- --pointer->references;
-#ifdef REF_CHECK
- if (pointer->references < 0)
- {
- fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");
- abort();
- }
- else
-#endif
- if (pointer->references <= 0)
- {
- (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
- }
- else
- pointer = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
- if (pointer)
- {
- dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
- OPENSSL_free(pointer);
- }
- }
-
-struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
- {
- CRYPTO_dynlock *pointer = NULL;
- if (i)
- i = -i-1;
-
- CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-
- if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
- pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
- if (pointer)
- pointer->references++;
-
- CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
- if (pointer)
- return pointer->data;
- return NULL;
- }
-
-struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
- (const char *file,int line)
- {
- return(dynlock_create_callback);
- }
-
-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,
- struct CRYPTO_dynlock_value *l, const char *file,int line)
- {
- return(dynlock_lock_callback);
- }
-
-void (*CRYPTO_get_dynlock_destroy_callback(void))
- (struct CRYPTO_dynlock_value *l, const char *file,int line)
- {
- return(dynlock_destroy_callback);
- }
-
-void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
- (const char *file, int line))
- {
- dynlock_create_callback=func;
- }
-
-static void do_dynlock(int mode, int type, const char *file, int line)
- {
- if (dynlock_lock_callback != NULL)
- {
- struct CRYPTO_dynlock_value *pointer
- = CRYPTO_get_dynlock_value(type);
-
- OPENSSL_assert(pointer != NULL);
-
- dynlock_lock_callback(mode, pointer, file, line);
-
- CRYPTO_destroy_dynlockid(type);
- }
- }
-
-void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
- struct CRYPTO_dynlock_value *l, const char *file, int line))
- {
- /* Set callback so CRYPTO_lock() can now handle dynamic locks.
- * This is OK because at this point and application shouldn't be using
- * OpenSSL from multiple threads because it is setting up the locking
- * callbacks.
- */
- static int done = 0;
- if (!done)
- {
- int_CRYPTO_set_do_dynlock_callback(do_dynlock);
- done = 1;
- }
-
- dynlock_lock_callback=func;
- }
-
-void CRYPTO_set_dynlock_destroy_callback(void (*func)
- (struct CRYPTO_dynlock_value *l, const char *file, int line))
- {
- dynlock_destroy_callback=func;
- }
-
-const char *CRYPTO_get_lock_name(int type)
- {
- if (type < 0)
- return("dynamic");
- else if (type < CRYPTO_NUM_LOCKS)
- return(lock_names[type]);
- else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
- return("ERROR");
- else
- return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/dyn_lck.c (from rev 6976, vendor-crypto/openssl/dist/crypto/dyn_lck.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/dyn_lck.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/dyn_lck.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,422 @@
+/* crypto/cryptlib.c */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include "cryptlib.h"
+#include <openssl/safestack.h>
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */
+#endif
+
+DECLARE_STACK_OF(CRYPTO_dynlock)
+IMPLEMENT_STACK_OF(CRYPTO_dynlock)
+
+/* real #defines in crypto.h, keep these upto date */
+static const char *const lock_names[CRYPTO_NUM_LOCKS] = {
+ "<<ERROR>>",
+ "err",
+ "ex_data",
+ "x509",
+ "x509_info",
+ "x509_pkey",
+ "x509_crl",
+ "x509_req",
+ "dsa",
+ "rsa",
+ "evp_pkey",
+ "x509_store",
+ "ssl_ctx",
+ "ssl_cert",
+ "ssl_session",
+ "ssl_sess_cert",
+ "ssl",
+ "ssl_method",
+ "rand",
+ "rand2",
+ "debug_malloc",
+ "BIO",
+ "gethostbyname",
+ "getservbyname",
+ "readdir",
+ "RSA_blinding",
+ "dh",
+ "debug_malloc2",
+ "dso",
+ "dynlock",
+ "engine",
+ "ui",
+ "ecdsa",
+ "ec",
+ "ecdh",
+ "bn",
+ "ec_pre_comp",
+ "store",
+ "comp",
+#ifndef OPENSSL_FIPS
+# if CRYPTO_NUM_LOCKS != 39
+# error "Inconsistency between crypto.h and cryptlib.c"
+# endif
+#else
+ "fips",
+ "fips2",
+# if CRYPTO_NUM_LOCKS != 41
+# error "Inconsistency between crypto.h and cryptlib.c"
+# endif
+#endif
+};
+
+/*
+ * This is for applications to allocate new type names in the non-dynamic
+ * array of lock names. These are numbered with positive numbers.
+ */
+static STACK *app_locks = NULL;
+
+/*
+ * For applications that want a more dynamic way of handling threads, the
+ * following stack is used. These are externally numbered with negative
+ * numbers.
+ */
+static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL;
+
+static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
+ (const char *file, int line) = NULL;
+static void (MS_FAR *dynlock_lock_callback) (int mode,
+ struct CRYPTO_dynlock_value *l,
+ const char *file, int line) =
+ NULL;
+static void (MS_FAR *dynlock_destroy_callback) (struct CRYPTO_dynlock_value
+ *l, const char *file,
+ int line) = NULL;
+
+int CRYPTO_get_new_lockid(char *name)
+{
+ char *str;
+ int i;
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+ /*
+ * A hack to make Visual C++ 5.0 work correctly when linking as a DLL
+ * using /MT. Without this, the application cannot use and floating point
+ * printf's. It also seems to be needed for Visual C 1.5 (win16)
+ */
+ SSLeay_MSVC5_hack = (double)name[0] * (double)name[1];
+#endif
+
+ if ((app_locks == NULL) && ((app_locks = sk_new_null()) == NULL)) {
+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ if ((str = BUF_strdup(name)) == NULL) {
+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ i = sk_push(app_locks, str);
+ if (!i)
+ OPENSSL_free(str);
+ else
+ i += CRYPTO_NUM_LOCKS; /* gap of one :-) */
+ return (i);
+}
+
+int CRYPTO_get_new_dynlockid(void)
+{
+ int i = 0;
+ CRYPTO_dynlock *pointer = NULL;
+
+ if (dynlock_create_callback == NULL) {
+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,
+ CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
+ return (0);
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+ if ((dyn_locks == NULL)
+ && ((dyn_locks = sk_CRYPTO_dynlock_new_null()) == NULL)) {
+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+ pointer = (CRYPTO_dynlock *) OPENSSL_malloc(sizeof(CRYPTO_dynlock));
+ if (pointer == NULL) {
+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ pointer->references = 1;
+ pointer->data = dynlock_create_callback(__FILE__, __LINE__);
+ if (pointer->data == NULL) {
+ OPENSSL_free(pointer);
+ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+
+ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+ /* First, try to find an existing empty slot */
+ i = sk_CRYPTO_dynlock_find(dyn_locks, NULL);
+ /* If there was none, push, thereby creating a new one */
+ if (i == -1)
+ /*
+ * Since sk_push() returns the number of items on the stack, not the
+ * location of the pushed item, we need to transform the returned
+ * number into a position, by decreasing it.
+ */
+ i = sk_CRYPTO_dynlock_push(dyn_locks, pointer) - 1;
+ else
+ /*
+ * If we found a place with a NULL pointer, put our pointer in it.
+ */
+ (void)sk_CRYPTO_dynlock_set(dyn_locks, i, pointer);
+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+ if (i == -1) {
+ dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
+ OPENSSL_free(pointer);
+ } else
+ i += 1; /* to avoid 0 */
+ return -i;
+}
+
+void CRYPTO_destroy_dynlockid(int i)
+{
+ CRYPTO_dynlock *pointer = NULL;
+ if (i)
+ i = -i - 1;
+ if (dynlock_destroy_callback == NULL)
+ return;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+ if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) {
+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+ return;
+ }
+ pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+ if (pointer != NULL) {
+ --pointer->references;
+#ifdef REF_CHECK
+ if (pointer->references < 0) {
+ fprintf(stderr,
+ "CRYPTO_destroy_dynlockid, bad reference count\n");
+ abort();
+ } else
+#endif
+ if (pointer->references <= 0) {
+ (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+ } else
+ pointer = NULL;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+ if (pointer) {
+ dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
+ OPENSSL_free(pointer);
+ }
+}
+
+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
+{
+ CRYPTO_dynlock *pointer = NULL;
+ if (i)
+ i = -i - 1;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+ if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
+ pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+ if (pointer)
+ pointer->references++;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+ if (pointer)
+ return pointer->data;
+ return NULL;
+}
+
+struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
+ (const char *file, int line) {
+ return (dynlock_create_callback);
+}
+
+void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode,
+ struct CRYPTO_dynlock_value
+ *l, const char *file,
+ int line) {
+ return (dynlock_lock_callback);
+}
+
+void (*CRYPTO_get_dynlock_destroy_callback(void))
+ (struct CRYPTO_dynlock_value *l, const char *file, int line) {
+ return (dynlock_destroy_callback);
+}
+
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
+ (const char *file, int line))
+{
+ dynlock_create_callback = func;
+}
+
+static void do_dynlock(int mode, int type, const char *file, int line)
+{
+ if (dynlock_lock_callback != NULL) {
+ struct CRYPTO_dynlock_value *pointer = CRYPTO_get_dynlock_value(type);
+
+ OPENSSL_assert(pointer != NULL);
+
+ dynlock_lock_callback(mode, pointer, file, line);
+
+ CRYPTO_destroy_dynlockid(type);
+ }
+}
+
+void CRYPTO_set_dynlock_lock_callback(void (*func) (int mode,
+ struct
+ CRYPTO_dynlock_value *l,
+ const char *file,
+ int line))
+{
+ /*
+ * Set callback so CRYPTO_lock() can now handle dynamic locks. This is OK
+ * because at this point and application shouldn't be using OpenSSL from
+ * multiple threads because it is setting up the locking callbacks.
+ */
+ static int done = 0;
+ if (!done) {
+ int_CRYPTO_set_do_dynlock_callback(do_dynlock);
+ done = 1;
+ }
+
+ dynlock_lock_callback = func;
+}
+
+void CRYPTO_set_dynlock_destroy_callback(void (*func)
+ (struct CRYPTO_dynlock_value *l,
+ const char *file, int line))
+{
+ dynlock_destroy_callback = func;
+}
+
+const char *CRYPTO_get_lock_name(int type)
+{
+ if (type < 0)
+ return ("dynamic");
+ else if (type < CRYPTO_NUM_LOCKS)
+ return (lock_names[type]);
+ else if (type - CRYPTO_NUM_LOCKS > sk_num(app_locks))
+ return ("ERROR");
+ else
+ return (sk_value(app_locks, type - CRYPTO_NUM_LOCKS));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ebcdic.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,221 +0,0 @@
-/* crypto/ebcdic.c */
-
-#ifndef CHARSET_EBCDIC
-
-#include <openssl/e_os2.h>
-#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
-static void *dummy=&dummy;
-#endif
-
-#else /*CHARSET_EBCDIC*/
-
-#include "ebcdic.h"
-/* Initial Port for Apache-1.3 by <Martin.Kraemer at Mch.SNI.De>
- * Adapted for OpenSSL-0.9.4 by <Martin.Kraemer at Mch.SNI.De>
- */
-
-#ifdef _OSD_POSIX
-/*
- "BS2000 OSD" is a POSIX subsystem on a main frame.
- It is made by Siemens AG, Germany, for their BS2000 mainframe machines.
- Within the POSIX subsystem, the same character set was chosen as in
- "native BS2000", namely EBCDIC. (EDF04)
-
- The name "ASCII" in these routines is misleading: actually, conversion
- is not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1;
- that means that (western european) national characters are preserved.
-
- This table is identical to the one used by rsh/rcp/ftp and other POSIX tools.
-*/
-
-/* Here's the bijective ebcdic-to-ascii table: */
-const unsigned char os_toascii[256] = {
-/*00*/ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,
- 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/
-/*10*/ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,
- 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/
-/*20*/ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,
- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /*................*/
-/*30*/ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
- 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /*................*/
-/*40*/ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,
- 0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+|*/
-/*50*/ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,
- 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /*&.........!$*);.*/
-/*60*/ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,
- 0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/
-/*70*/ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,
- 0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /*..........:#@'="*/
-/*80*/ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
- 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /*.abcdefghi......*/
-/*90*/ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
- 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /*.jklmnopqr......*/
-/*a0*/ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
- 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /*..stuvwxyz......*/
-/*b0*/ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,
- 0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /*...........[\]..*/
-/*c0*/ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
- 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /*.ABCDEFGHI......*/
-/*d0*/ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
- 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /*.JKLMNOPQR......*/
-/*e0*/ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
- 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /*..STUVWXYZ......*/
-/*f0*/ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /*0123456789.{.}.~*/
-};
-
-
-/* The ascii-to-ebcdic table: */
-const unsigned char os_toebcdic[256] = {
-/*00*/ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,
- 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/
-/*10*/ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,
- 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/
-/*20*/ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,
- 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
-/*30*/ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
- 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /*0123456789:;<=>?*/
-/*40*/ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
- 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /*@ABCDEFGHIJKLMNO*/
-/*50*/ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,
- 0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /*PQRSTUVWXYZ[\]^_*/
-/*60*/ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
- 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /*`abcdefghijklmno*/
-/*70*/ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,
- 0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /*pqrstuvwxyz{|}~.*/
-/*80*/ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /*................*/
-/*90*/ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,
- 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /*................*/
-/*a0*/ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,
- 0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /*................*/
-/*b0*/ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,
- 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /*................*/
-/*c0*/ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,
- 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /*................*/
-/*d0*/ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,
- 0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /*................*/
-/*e0*/ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,
- 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /*................*/
-/*f0*/ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,
- 0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /*................*/
-};
-
-#else /*_OSD_POSIX*/
-
-/*
-This code does basic character mapping for IBM's TPF and OS/390 operating systems.
-It is a modified version of the BS2000 table.
-
-Bijective EBCDIC (character set IBM-1047) to US-ASCII table:
-This table is bijective - there are no ambigous or duplicate characters.
-*/
-const unsigned char os_toascii[256] = {
- 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */
- 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
- 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */
- 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */
- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
- 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */
- 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
- 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */
- 0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */
- 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */
- 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */
- 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */
- 0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */
- 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */
- 0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */
- 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */
- 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
- 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */
- 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
- 0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */
- 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */
- 0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */
- 0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */
- 0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */
- 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */
- 0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */
- 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */
- 0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */
- 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */
- 0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */
-};
-
-
-/*
-The US-ASCII to EBCDIC (character set IBM-1047) table:
-This table is bijective (no ambiguous or duplicate characters)
-*/
-const unsigned char os_toebcdic[256] = {
- 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */
- 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
- 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */
- 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
- 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */
- 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */
- 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
- 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */
- 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
- 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */
- 0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */
- 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */
- 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
- 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */
- 0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
- 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */
- 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */
- 0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */
- 0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */
- 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */
- 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
- 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */
- 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
- 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */
- 0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */
- 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */
- 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
- 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */
- 0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */
-};
-#endif /*_OSD_POSIX*/
-
-/* Translate a memory block from EBCDIC (host charset) to ASCII (net charset)
- * dest and srce may be identical, or separate memory blocks, but
- * should not overlap. These functions intentionally have an interface
- * compatible to memcpy(3).
- */
-
-void *
-ebcdic2ascii(void *dest, const void *srce, size_t count)
-{
- unsigned char *udest = dest;
- const unsigned char *usrce = srce;
-
- while (count-- != 0) {
- *udest++ = os_toascii[*usrce++];
- }
-
- return dest;
-}
-
-void *
-ascii2ebcdic(void *dest, const void *srce, size_t count)
-{
- unsigned char *udest = dest;
- const unsigned char *usrce = srce;
-
- while (count-- != 0) {
- *udest++ = os_toebcdic[*usrce++];
- }
-
- return dest;
-}
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ebcdic.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,284 @@
+/* crypto/ebcdic.c */
+
+#ifndef CHARSET_EBCDIC
+
+# include <openssl/e_os2.h>
+# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
+static void *dummy = &dummy;
+# endif
+
+#else /* CHARSET_EBCDIC */
+
+# include "ebcdic.h"
+/*-
+ * Initial Port for Apache-1.3 by <Martin.Kraemer at Mch.SNI.De>
+ * Adapted for OpenSSL-0.9.4 by <Martin.Kraemer at Mch.SNI.De>
+ */
+
+# ifdef _OSD_POSIX
+/*
+ * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens
+ * AG, Germany, for their BS2000 mainframe machines. Within the POSIX
+ * subsystem, the same character set was chosen as in "native BS2000", namely
+ * EBCDIC. (EDF04)
+ *
+ * The name "ASCII" in these routines is misleading: actually, conversion is
+ * not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1; that means
+ * that (western european) national characters are preserved.
+ *
+ * This table is identical to the one used by rsh/rcp/ftp and other POSIX
+ * tools.
+ */
+
+/* Here's the bijective ebcdic-to-ascii table: */
+const unsigned char os_toascii[256] = {
+ /*
+ * 00
+ */ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,
+ 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+ /*
+ * 10
+ */ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,
+ 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+ /*
+ * 20
+ */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+ /*
+ * 30
+ */ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
+ 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+ /*
+ * 40
+ */ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,
+ 0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+| */
+ /*
+ * 50
+ */ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,
+ 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /* &.........!$*);. */
+ /*
+ * 60
+ */ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,
+ 0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/
+ /*
+ * 70
+ */ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,
+ 0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* ..........:#@'=" */
+ /*
+ * 80
+ */ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+ 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+ /*
+ * 90
+ */ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+ 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+ /*
+ * a0
+ */ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+ 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /* ..stuvwxyz...... */
+ /*
+ * b0
+ */ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,
+ 0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /* ...........[\].. */
+ /*
+ * c0
+ */ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+ 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* .ABCDEFGHI...... */
+ /*
+ * d0
+ */ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
+ 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /* .JKLMNOPQR...... */
+ /*
+ * e0
+ */ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
+ 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* ..STUVWXYZ...... */
+ /*
+ * f0
+ */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /* 0123456789.{.}.~ */
+};
+
+/* The ascii-to-ebcdic table: */
+const unsigned char os_toebcdic[256] = {
+ /*
+ * 00
+ */ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,
+ 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+ /*
+ * 10
+ */ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,
+ 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+ /*
+ * 20
+ */ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,
+ 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
+ /*
+ * 30
+ */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+ 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+ /*
+ * 40
+ */ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+ 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+ /*
+ * 50
+ */ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,
+ 0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+ /*
+ * 60
+ */ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+ /*
+ * 70
+ */ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,
+ 0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /* pqrstuvwxyz{|}~. */
+ /*
+ * 80
+ */ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+ /*
+ * 90
+ */ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,
+ 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /* ................ */
+ /*
+ * a0
+ */ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,
+ 0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /* ................ */
+ /*
+ * b0
+ */ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,
+ 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+ /*
+ * c0
+ */ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,
+ 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+ /*
+ * d0
+ */ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,
+ 0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /* ................ */
+ /*
+ * e0
+ */ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,
+ 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+ /*
+ * f0
+ */ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,
+ 0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */
+};
+
+# else /*_OSD_POSIX*/
+
+/*
+ * This code does basic character mapping for IBM's TPF and OS/390 operating
+ * systems. It is a modified version of the BS2000 table.
+ *
+ * Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is
+ * bijective - there are no ambigous or duplicate characters.
+ */
+const unsigned char os_toascii[256] = {
+ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */
+ 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */
+ 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */
+ 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */
+ 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */
+ 0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */
+ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */
+ 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */
+ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */
+ 0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */
+ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */
+ 0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */
+ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */
+ 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */
+ 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+ 0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */
+ 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */
+ 0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */
+ 0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */
+ 0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */
+ 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */
+ 0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */
+ 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */
+ 0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */
+ 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */
+ 0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */
+};
+
+/*
+ * The US-ASCII to EBCDIC (character set IBM-1047) table: This table is
+ * bijective (no ambiguous or duplicate characters)
+ */
+const unsigned char os_toebcdic[256] = {
+ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */
+ 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */
+ 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */
+ 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
+ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */
+ 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */
+ 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */
+ 0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+ 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */
+ 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */
+ 0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */
+ 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */
+ 0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */
+ 0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */
+ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */
+ 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */
+ 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */
+ 0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */
+ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */
+ 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */
+ 0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */
+};
+# endif/*_OSD_POSIX*/
+
+/*
+ * Translate a memory block from EBCDIC (host charset) to ASCII (net charset)
+ * dest and srce may be identical, or separate memory blocks, but should not
+ * overlap. These functions intentionally have an interface compatible to
+ * memcpy(3).
+ */
+
+void *ebcdic2ascii(void *dest, const void *srce, size_t count)
+{
+ unsigned char *udest = dest;
+ const unsigned char *usrce = srce;
+
+ while (count-- != 0) {
+ *udest++ = os_toascii[*usrce++];
+ }
+
+ return dest;
+}
+
+void *ascii2ebcdic(void *dest, const void *srce, size_t count)
+{
+ unsigned char *udest = dest;
+ const unsigned char *usrce = srce;
+
+ while (count-- != 0) {
+ *udest++ = os_toebcdic[*usrce++];
+ }
+
+ return dest;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ebcdic.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,19 +0,0 @@
-/* crypto/ebcdic.h */
-
-#ifndef HEADER_EBCDIC_H
-#define HEADER_EBCDIC_H
-
-#include <sys/types.h>
-
-/* Avoid name clashes with other applications */
-#define os_toascii _openssl_os_toascii
-#define os_toebcdic _openssl_os_toebcdic
-#define ebcdic2ascii _openssl_ebcdic2ascii
-#define ascii2ebcdic _openssl_ascii2ebcdic
-
-extern const unsigned char os_toascii[256];
-extern const unsigned char os_toebcdic[256];
-void *ebcdic2ascii(void *dest, const void *srce, size_t count);
-void *ascii2ebcdic(void *dest, const void *srce, size_t count);
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ebcdic.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ebcdic.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,19 @@
+/* crypto/ebcdic.h */
+
+#ifndef HEADER_EBCDIC_H
+# define HEADER_EBCDIC_H
+
+# include <sys/types.h>
+
+/* Avoid name clashes with other applications */
+# define os_toascii _openssl_os_toascii
+# define os_toebcdic _openssl_os_toebcdic
+# define ebcdic2ascii _openssl_ebcdic2ascii
+# define ascii2ebcdic _openssl_ascii2ebcdic
+
+extern const unsigned char os_toascii[256];
+extern const unsigned char os_toebcdic[256];
+void *ebcdic2ascii(void *dest, const void *srce, size_t count);
+void *ascii2ebcdic(void *dest, const void *srce, size_t count);
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,534 +0,0 @@
-/* crypto/ec/ec.h */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#ifndef HEADER_EC_H
-#define HEADER_EC_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_EC
-#error EC is disabled.
-#endif
-
-#include <openssl/asn1.h>
-#include <openssl/symhacks.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#elif defined(__SUNPRO_C)
-# if __SUNPRO_C >= 0x520
-# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
-# endif
-#endif
-
-
-#ifndef OPENSSL_ECC_MAX_FIELD_BITS
-# define OPENSSL_ECC_MAX_FIELD_BITS 661
-#endif
-
-typedef enum {
- /* values as defined in X9.62 (ECDSA) and elsewhere */
- POINT_CONVERSION_COMPRESSED = 2,
- POINT_CONVERSION_UNCOMPRESSED = 4,
- POINT_CONVERSION_HYBRID = 6
-} point_conversion_form_t;
-
-
-typedef struct ec_method_st EC_METHOD;
-
-typedef struct ec_group_st
- /*
- EC_METHOD *meth;
- -- field definition
- -- curve coefficients
- -- optional generator with associated information (order, cofactor)
- -- optional extra data (precomputed table for fast computation of multiples of generator)
- -- ASN1 stuff
- */
- EC_GROUP;
-
-typedef struct ec_point_st EC_POINT;
-
-
-/* EC_METHODs for curves over GF(p).
- * EC_GFp_simple_method provides the basis for the optimized methods.
- */
-const EC_METHOD *EC_GFp_simple_method(void);
-const EC_METHOD *EC_GFp_mont_method(void);
-const EC_METHOD *EC_GFp_nist_method(void);
-
-/* EC_METHOD for curves over GF(2^m).
- */
-const EC_METHOD *EC_GF2m_simple_method(void);
-
-
-EC_GROUP *EC_GROUP_new(const EC_METHOD *);
-void EC_GROUP_free(EC_GROUP *);
-void EC_GROUP_clear_free(EC_GROUP *);
-int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);
-EC_GROUP *EC_GROUP_dup(const EC_GROUP *);
-
-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
-int EC_METHOD_get_field_type(const EC_METHOD *);
-
-int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
-int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
-int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
-
-void EC_GROUP_set_curve_name(EC_GROUP *, int nid);
-int EC_GROUP_get_curve_name(const EC_GROUP *);
-
-void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag);
-int EC_GROUP_get_asn1_flag(const EC_GROUP *);
-
-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
-
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
-size_t EC_GROUP_get_seed_len(const EC_GROUP *);
-size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
-
-int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-
-/* returns the number of bits needed to represent a field element */
-int EC_GROUP_get_degree(const EC_GROUP *);
-
-/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */
-int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
-/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the
- * elliptic curve is not zero, 0 otherwise */
-int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *);
-
-/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */
-int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *);
-
-/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*()
- * after choosing an appropriate EC_METHOD */
-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-
-/* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure
- * specified by a curve name (in form of a NID) */
-EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
-/* handling of internal curves */
-typedef struct {
- int nid;
- const char *comment;
- } EC_builtin_curve;
-/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number
- * of all available curves or zero if a error occurred.
- * In case r ist not zero nitems EC_builtin_curve structures
- * are filled with the data of the first nitems internal groups */
-size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
-
-
-/* EC_POINT functions */
-
-EC_POINT *EC_POINT_new(const EC_GROUP *);
-void EC_POINT_free(EC_POINT *);
-void EC_POINT_clear_free(EC_POINT *);
-int EC_POINT_copy(EC_POINT *, const EC_POINT *);
-EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *);
-
-const EC_METHOD *EC_POINT_method_of(const EC_POINT *);
-
-int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *);
-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
- BIGNUM *x, BIGNUM *y, BN_CTX *);
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, int y_bit, BN_CTX *);
-
-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *,
- BIGNUM *x, BIGNUM *y, BN_CTX *);
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, int y_bit, BN_CTX *);
-
-size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
- unsigned char *buf, size_t len, BN_CTX *);
-int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *,
- const unsigned char *buf, size_t len, BN_CTX *);
-
-/* other interfaces to point2oct/oct2point: */
-BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
- point_conversion_form_t form, BIGNUM *, BN_CTX *);
-EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
- EC_POINT *, BN_CTX *);
-char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
- point_conversion_form_t form, BN_CTX *);
-EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
- EC_POINT *, BN_CTX *);
-
-int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
-int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
-
-int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *);
-int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
-int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-
-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
-
-
-int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *);
-int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *);
-
-/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */
-int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *);
-/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */
-int EC_GROUP_have_precompute_mult(const EC_GROUP *);
-
-
-
-/* ASN1 stuff */
-
-/* EC_GROUP_get_basis_type() returns the NID of the basis type
- * used to represent the field elements */
-int EC_GROUP_get_basis_type(const EC_GROUP *);
-int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
-int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
- unsigned int *k2, unsigned int *k3);
-
-#define OPENSSL_EC_NAMED_CURVE 0x001
-
-typedef struct ecpk_parameters_st ECPKPARAMETERS;
-
-EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
-int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
-
-#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
-#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
-#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
- (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
-#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
- (unsigned char *)(x))
-
-#ifndef OPENSSL_NO_BIO
-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
-#endif
-#ifndef OPENSSL_NO_FP_API
-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
-#endif
-
-/* the EC_KEY stuff */
-typedef struct ec_key_st EC_KEY;
-
-/* some values for the encoding_flag */
-#define EC_PKEY_NO_PARAMETERS 0x001
-#define EC_PKEY_NO_PUBKEY 0x002
-
-EC_KEY *EC_KEY_new(void);
-EC_KEY *EC_KEY_new_by_curve_name(int nid);
-void EC_KEY_free(EC_KEY *);
-EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);
-EC_KEY *EC_KEY_dup(const EC_KEY *);
-
-int EC_KEY_up_ref(EC_KEY *);
-
-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *);
-int EC_KEY_set_group(EC_KEY *, const EC_GROUP *);
-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *);
-int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *);
-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);
-int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *);
-unsigned EC_KEY_get_enc_flags(const EC_KEY *);
-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
-/* functions to set/get method specific data */
-void *EC_KEY_get_key_method_data(EC_KEY *,
- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-/** Sets the key method data of an EC_KEY object, if none has yet been set.
- * \param key EC_KEY object
- * \param data opaque data to install.
- * \param dup_func a function that duplicates |data|.
- * \param free_func a function that frees |data|.
- * \param clear_free_func a function that wipes and frees |data|.
- * \return the previously set data pointer, or NULL if |data| was inserted.
- */
-void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-/* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *, int);
-int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx);
-
-/* EC_KEY_generate_key() creates a ec private (public) key */
-int EC_KEY_generate_key(EC_KEY *);
-/* EC_KEY_check_key() */
-int EC_KEY_check_key(const EC_KEY *);
-
-/* de- and encoding functions for SEC1 ECPrivateKey */
-EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len);
-int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out);
-/* de- and encoding functions for EC parameters */
-EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len);
-int i2d_ECParameters(EC_KEY *a, unsigned char **out);
-/* de- and encoding functions for EC public key
- * (octet string, not DER -- hence 'o2i' and 'i2o') */
-EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len);
-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out);
-
-#ifndef OPENSSL_NO_BIO
-int ECParameters_print(BIO *bp, const EC_KEY *x);
-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off);
-#endif
-#ifndef OPENSSL_NO_FP_API
-int ECParameters_print_fp(FILE *fp, const EC_KEY *x);
-int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off);
-#endif
-
-#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
-
-#ifndef __cplusplus
-#if defined(__SUNPRO_C)
-# if __SUNPRO_C >= 0x520
-# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
-# endif
-# endif
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_EC_strings(void);
-
-/* Error codes for the EC functions. */
-
-/* Function codes. */
-#define EC_F_COMPUTE_WNAF 143
-#define EC_F_D2I_ECPARAMETERS 144
-#define EC_F_D2I_ECPKPARAMETERS 145
-#define EC_F_D2I_ECPRIVATEKEY 146
-#define EC_F_ECPARAMETERS_PRINT 147
-#define EC_F_ECPARAMETERS_PRINT_FP 148
-#define EC_F_ECPKPARAMETERS_PRINT 149
-#define EC_F_ECPKPARAMETERS_PRINT_FP 150
-#define EC_F_ECP_NIST_MOD_192 203
-#define EC_F_ECP_NIST_MOD_224 204
-#define EC_F_ECP_NIST_MOD_256 205
-#define EC_F_ECP_NIST_MOD_521 206
-#define EC_F_EC_ASN1_GROUP2CURVE 153
-#define EC_F_EC_ASN1_GROUP2FIELDID 154
-#define EC_F_EC_ASN1_GROUP2PARAMETERS 155
-#define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156
-#define EC_F_EC_ASN1_PARAMETERS2GROUP 157
-#define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158
-#define EC_F_EC_EX_DATA_SET_DATA 211
-#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208
-#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159
-#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195
-#define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160
-#define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161
-#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
-#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
-#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164
-#define EC_F_EC_GFP_MONT_FIELD_DECODE 133
-#define EC_F_EC_GFP_MONT_FIELD_ENCODE 134
-#define EC_F_EC_GFP_MONT_FIELD_MUL 131
-#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209
-#define EC_F_EC_GFP_MONT_FIELD_SQR 132
-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189
-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135
-#define EC_F_EC_GFP_NIST_FIELD_MUL 200
-#define EC_F_EC_GFP_NIST_FIELD_SQR 201
-#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202
-#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165
-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166
-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100
-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101
-#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102
-#define EC_F_EC_GFP_SIMPLE_OCT2POINT 103
-#define EC_F_EC_GFP_SIMPLE_POINT2OCT 104
-#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137
-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167
-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168
-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169
-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
-#define EC_F_EC_GROUP_CHECK 170
-#define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171
-#define EC_F_EC_GROUP_COPY 106
-#define EC_F_EC_GROUP_GET0_GENERATOR 139
-#define EC_F_EC_GROUP_GET_COFACTOR 140
-#define EC_F_EC_GROUP_GET_CURVE_GF2M 172
-#define EC_F_EC_GROUP_GET_CURVE_GFP 130
-#define EC_F_EC_GROUP_GET_DEGREE 173
-#define EC_F_EC_GROUP_GET_ORDER 141
-#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193
-#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194
-#define EC_F_EC_GROUP_NEW 108
-#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174
-#define EC_F_EC_GROUP_NEW_FROM_DATA 175
-#define EC_F_EC_GROUP_PRECOMPUTE_MULT 142
-#define EC_F_EC_GROUP_SET_CURVE_GF2M 176
-#define EC_F_EC_GROUP_SET_CURVE_GFP 109
-#define EC_F_EC_GROUP_SET_EXTRA_DATA 110
-#define EC_F_EC_GROUP_SET_GENERATOR 111
-#define EC_F_EC_KEY_CHECK_KEY 177
-#define EC_F_EC_KEY_COPY 178
-#define EC_F_EC_KEY_GENERATE_KEY 179
-#define EC_F_EC_KEY_NEW 182
-#define EC_F_EC_KEY_PRINT 180
-#define EC_F_EC_KEY_PRINT_FP 181
-#define EC_F_EC_POINTS_MAKE_AFFINE 136
-#define EC_F_EC_POINTS_MUL 138
-#define EC_F_EC_POINT_ADD 112
-#define EC_F_EC_POINT_CMP 113
-#define EC_F_EC_POINT_COPY 114
-#define EC_F_EC_POINT_DBL 115
-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183
-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116
-#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117
-#define EC_F_EC_POINT_INVERT 210
-#define EC_F_EC_POINT_IS_AT_INFINITY 118
-#define EC_F_EC_POINT_IS_ON_CURVE 119
-#define EC_F_EC_POINT_MAKE_AFFINE 120
-#define EC_F_EC_POINT_MUL 184
-#define EC_F_EC_POINT_NEW 121
-#define EC_F_EC_POINT_OCT2POINT 122
-#define EC_F_EC_POINT_POINT2OCT 123
-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185
-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124
-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186
-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125
-#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126
-#define EC_F_EC_POINT_SET_TO_INFINITY 127
-#define EC_F_EC_PRE_COMP_DUP 207
-#define EC_F_EC_PRE_COMP_NEW 196
-#define EC_F_EC_WNAF_MUL 187
-#define EC_F_EC_WNAF_PRECOMPUTE_MULT 188
-#define EC_F_I2D_ECPARAMETERS 190
-#define EC_F_I2D_ECPKPARAMETERS 191
-#define EC_F_I2D_ECPRIVATEKEY 192
-#define EC_F_I2O_ECPUBLICKEY 151
-#define EC_F_O2I_ECPUBLICKEY 152
-
-/* Reason codes. */
-#define EC_R_ASN1_ERROR 115
-#define EC_R_ASN1_UNKNOWN_FIELD 116
-#define EC_R_BUFFER_TOO_SMALL 100
-#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
-#define EC_R_DISCRIMINANT_IS_ZERO 118
-#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
-#define EC_R_FIELD_TOO_LARGE 138
-#define EC_R_GROUP2PKPARAMETERS_FAILURE 120
-#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121
-#define EC_R_INCOMPATIBLE_OBJECTS 101
-#define EC_R_INVALID_ARGUMENT 112
-#define EC_R_INVALID_COMPRESSED_POINT 110
-#define EC_R_INVALID_COMPRESSION_BIT 109
-#define EC_R_INVALID_ENCODING 102
-#define EC_R_INVALID_FIELD 103
-#define EC_R_INVALID_FORM 104
-#define EC_R_INVALID_GROUP_ORDER 122
-#define EC_R_INVALID_PENTANOMIAL_BASIS 132
-#define EC_R_INVALID_PRIVATE_KEY 123
-#define EC_R_INVALID_TRINOMIAL_BASIS 137
-#define EC_R_MISSING_PARAMETERS 124
-#define EC_R_MISSING_PRIVATE_KEY 125
-#define EC_R_NOT_A_NIST_PRIME 135
-#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136
-#define EC_R_NOT_IMPLEMENTED 126
-#define EC_R_NOT_INITIALIZED 111
-#define EC_R_NO_FIELD_MOD 133
-#define EC_R_PASSED_NULL_PARAMETER 134
-#define EC_R_PKPARAMETERS2GROUP_FAILURE 127
-#define EC_R_POINT_AT_INFINITY 106
-#define EC_R_POINT_IS_NOT_ON_CURVE 107
-#define EC_R_SLOT_FULL 108
-#define EC_R_UNDEFINED_GENERATOR 113
-#define EC_R_UNDEFINED_ORDER 128
-#define EC_R_UNKNOWN_GROUP 129
-#define EC_R_UNKNOWN_ORDER 114
-#define EC_R_UNSUPPORTED_FIELD 131
-#define EC_R_WRONG_ORDER 130
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,570 @@
+/* crypto/ec/ec.h */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#ifndef HEADER_EC_H
+# define HEADER_EC_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_EC
+# error EC is disabled.
+# endif
+
+# include <openssl/asn1.h>
+# include <openssl/symhacks.h>
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/bn.h>
+# endif
+
+# ifdef __cplusplus
+extern "C" {
+# elif defined(__SUNPRO_C)
+# if __SUNPRO_C >= 0x520
+# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
+# endif
+# endif
+
+# ifndef OPENSSL_ECC_MAX_FIELD_BITS
+# define OPENSSL_ECC_MAX_FIELD_BITS 661
+# endif
+
+typedef enum {
+ /* values as defined in X9.62 (ECDSA) and elsewhere */
+ POINT_CONVERSION_COMPRESSED = 2,
+ POINT_CONVERSION_UNCOMPRESSED = 4,
+ POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+
+typedef struct ec_method_st EC_METHOD;
+
+typedef struct ec_group_st
+ /*-
+ EC_METHOD *meth;
+ -- field definition
+ -- curve coefficients
+ -- optional generator with associated information (order, cofactor)
+ -- optional extra data (precomputed table for fast computation of multiples of generator)
+ -- ASN1 stuff
+ */
+ EC_GROUP;
+
+typedef struct ec_point_st EC_POINT;
+
+/*
+ * EC_METHODs for curves over GF(p). EC_GFp_simple_method provides the basis
+ * for the optimized methods.
+ */
+const EC_METHOD *EC_GFp_simple_method(void);
+const EC_METHOD *EC_GFp_mont_method(void);
+const EC_METHOD *EC_GFp_nist_method(void);
+
+/*
+ * EC_METHOD for curves over GF(2^m).
+ */
+const EC_METHOD *EC_GF2m_simple_method(void);
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *);
+void EC_GROUP_free(EC_GROUP *);
+void EC_GROUP_clear_free(EC_GROUP *);
+int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *);
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
+int EC_METHOD_get_field_type(const EC_METHOD *);
+
+int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator,
+ const BIGNUM *order, const BIGNUM *cofactor);
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
+int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
+
+void EC_GROUP_set_curve_name(EC_GROUP *, int nid);
+int EC_GROUP_get_curve_name(const EC_GROUP *);
+
+void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag);
+int EC_GROUP_get_asn1_flag(const EC_GROUP *);
+
+void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
+
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
+size_t EC_GROUP_get_seed_len(const EC_GROUP *);
+size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
+
+int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+ BN_CTX *);
+int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+ BN_CTX *);
+
+/* returns the number of bits needed to represent a field element */
+int EC_GROUP_get_degree(const EC_GROUP *);
+
+/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */
+int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
+/*
+ * EC_GROUP_check_discriminant() returns 1 if the discriminant of the
+ * elliptic curve is not zero, 0 otherwise
+ */
+int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *);
+
+/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */
+int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *);
+
+/*
+ * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after
+ * choosing an appropriate EC_METHOD
+ */
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+
+/*
+ * EC_GROUP_new_by_curve_name() creates a EC_GROUP structure specified by a
+ * curve name (in form of a NID)
+ */
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
+/* handling of internal curves */
+typedef struct {
+ int nid;
+ const char *comment;
+} EC_builtin_curve;
+/*
+ * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all
+ * available curves or zero if a error occurred. In case r ist not zero
+ * nitems EC_builtin_curve structures are filled with the data of the first
+ * nitems internal groups
+ */
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
+
+/* EC_POINT functions */
+
+EC_POINT *EC_POINT_new(const EC_GROUP *);
+void EC_POINT_free(EC_POINT *);
+void EC_POINT_clear_free(EC_POINT *);
+int EC_POINT_copy(EC_POINT *, const EC_POINT *);
+EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *);
+
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *);
+
+int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+ const BIGNUM *x, const BIGNUM *y,
+ const BIGNUM *z, BN_CTX *);
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *,
+ const EC_POINT *, BIGNUM *x,
+ BIGNUM *y, BIGNUM *z, BN_CTX *);
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+ const BIGNUM *x, const BIGNUM *y,
+ BN_CTX *);
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+ BIGNUM *x, BIGNUM *y, BN_CTX *);
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+ const BIGNUM *x, int y_bit,
+ BN_CTX *);
+
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *,
+ const BIGNUM *x, const BIGNUM *y,
+ BN_CTX *);
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *,
+ BIGNUM *x, BIGNUM *y, BN_CTX *);
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *,
+ const BIGNUM *x, int y_bit,
+ BN_CTX *);
+
+size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *,
+ point_conversion_form_t form, unsigned char *buf,
+ size_t len, BN_CTX *);
+int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, const unsigned char *buf,
+ size_t len, BN_CTX *);
+
+/* other interfaces to point2oct/oct2point: */
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
+ point_conversion_form_t form, BIGNUM *, BN_CTX *);
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
+ EC_POINT *, BN_CTX *);
+char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
+ point_conversion_form_t form, BN_CTX *);
+EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
+ EC_POINT *, BN_CTX *);
+
+int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+ const EC_POINT *b, BN_CTX *);
+int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+
+int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+ BN_CTX *);
+
+int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[],
+ BN_CTX *);
+
+int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num,
+ const EC_POINT *[], const BIGNUM *[], BN_CTX *);
+int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *,
+ const EC_POINT *, const BIGNUM *, BN_CTX *);
+
+/*
+ * EC_GROUP_precompute_mult() stores multiples of generator for faster point
+ * multiplication
+ */
+int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *);
+/*
+ * EC_GROUP_have_precompute_mult() reports whether such precomputation has
+ * been done
+ */
+int EC_GROUP_have_precompute_mult(const EC_GROUP *);
+
+/* ASN1 stuff */
+
+/*
+ * EC_GROUP_get_basis_type() returns the NID of the basis type used to
+ * represent the field elements
+ */
+int EC_GROUP_get_basis_type(const EC_GROUP *);
+int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
+ unsigned int *k2, unsigned int *k3);
+
+# define OPENSSL_EC_NAMED_CURVE 0x001
+
+typedef struct ecpk_parameters_st ECPKPARAMETERS;
+
+EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
+int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
+
+# define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
+# define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
+# define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
+ (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
+# define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
+ (unsigned char *)(x))
+
+# ifndef OPENSSL_NO_BIO
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
+# endif
+# ifndef OPENSSL_NO_FP_API
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
+# endif
+
+/* the EC_KEY stuff */
+typedef struct ec_key_st EC_KEY;
+
+/* some values for the encoding_flag */
+# define EC_PKEY_NO_PARAMETERS 0x001
+# define EC_PKEY_NO_PUBKEY 0x002
+
+EC_KEY *EC_KEY_new(void);
+EC_KEY *EC_KEY_new_by_curve_name(int nid);
+void EC_KEY_free(EC_KEY *);
+EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);
+EC_KEY *EC_KEY_dup(const EC_KEY *);
+
+int EC_KEY_up_ref(EC_KEY *);
+
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *);
+int EC_KEY_set_group(EC_KEY *, const EC_GROUP *);
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *);
+int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *);
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);
+int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *);
+unsigned EC_KEY_get_enc_flags(const EC_KEY *);
+void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
+void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
+/* functions to set/get method specific data */
+void *EC_KEY_get_key_method_data(EC_KEY *,
+ void *(*dup_func) (void *),
+ void (*free_func) (void *),
+ void (*clear_free_func) (void *));
+/** Sets the key method data of an EC_KEY object, if none has yet been set.
+ * \param key EC_KEY object
+ * \param data opaque data to install.
+ * \param dup_func a function that duplicates |data|.
+ * \param free_func a function that frees |data|.
+ * \param clear_free_func a function that wipes and frees |data|.
+ * \return the previously set data pointer, or NULL if |data| was inserted.
+ */
+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
+ void *(*dup_func) (void *),
+ void (*free_func) (void *),
+ void (*clear_free_func) (void *));
+/* wrapper functions for the underlying EC_GROUP object */
+void EC_KEY_set_asn1_flag(EC_KEY *, int);
+int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx);
+
+/* EC_KEY_generate_key() creates a ec private (public) key */
+int EC_KEY_generate_key(EC_KEY *);
+/* EC_KEY_check_key() */
+int EC_KEY_check_key(const EC_KEY *);
+
+/* de- and encoding functions for SEC1 ECPrivateKey */
+EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len);
+int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out);
+/* de- and encoding functions for EC parameters */
+EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len);
+int i2d_ECParameters(EC_KEY *a, unsigned char **out);
+/*
+ * de- and encoding functions for EC public key (octet string, not DER --
+ * hence 'o2i' and 'i2o')
+ */
+EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len);
+int i2o_ECPublicKey(EC_KEY *a, unsigned char **out);
+
+# ifndef OPENSSL_NO_BIO
+int ECParameters_print(BIO *bp, const EC_KEY *x);
+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off);
+# endif
+# ifndef OPENSSL_NO_FP_API
+int ECParameters_print_fp(FILE *fp, const EC_KEY *x);
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off);
+# endif
+
+# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
+
+# ifndef __cplusplus
+# if defined(__SUNPRO_C)
+# if __SUNPRO_C >= 0x520
+# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
+# endif
+# endif
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_EC_strings(void);
+
+/* Error codes for the EC functions. */
+
+/* Function codes. */
+# define EC_F_COMPUTE_WNAF 143
+# define EC_F_D2I_ECPARAMETERS 144
+# define EC_F_D2I_ECPKPARAMETERS 145
+# define EC_F_D2I_ECPRIVATEKEY 146
+# define EC_F_ECPARAMETERS_PRINT 147
+# define EC_F_ECPARAMETERS_PRINT_FP 148
+# define EC_F_ECPKPARAMETERS_PRINT 149
+# define EC_F_ECPKPARAMETERS_PRINT_FP 150
+# define EC_F_ECP_NIST_MOD_192 203
+# define EC_F_ECP_NIST_MOD_224 204
+# define EC_F_ECP_NIST_MOD_256 205
+# define EC_F_ECP_NIST_MOD_521 206
+# define EC_F_EC_ASN1_GROUP2CURVE 153
+# define EC_F_EC_ASN1_GROUP2FIELDID 154
+# define EC_F_EC_ASN1_GROUP2PARAMETERS 155
+# define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156
+# define EC_F_EC_ASN1_PARAMETERS2GROUP 157
+# define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158
+# define EC_F_EC_EX_DATA_SET_DATA 211
+# define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208
+# define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159
+# define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195
+# define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160
+# define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161
+# define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
+# define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
+# define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164
+# define EC_F_EC_GFP_MONT_FIELD_DECODE 133
+# define EC_F_EC_GFP_MONT_FIELD_ENCODE 134
+# define EC_F_EC_GFP_MONT_FIELD_MUL 131
+# define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209
+# define EC_F_EC_GFP_MONT_FIELD_SQR 132
+# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189
+# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135
+# define EC_F_EC_GFP_NIST_FIELD_MUL 200
+# define EC_F_EC_GFP_NIST_FIELD_SQR 201
+# define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202
+# define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165
+# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166
+# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100
+# define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101
+# define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102
+# define EC_F_EC_GFP_SIMPLE_OCT2POINT 103
+# define EC_F_EC_GFP_SIMPLE_POINT2OCT 104
+# define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137
+# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167
+# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
+# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168
+# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
+# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169
+# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
+# define EC_F_EC_GROUP_CHECK 170
+# define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171
+# define EC_F_EC_GROUP_COPY 106
+# define EC_F_EC_GROUP_GET0_GENERATOR 139
+# define EC_F_EC_GROUP_GET_COFACTOR 140
+# define EC_F_EC_GROUP_GET_CURVE_GF2M 172
+# define EC_F_EC_GROUP_GET_CURVE_GFP 130
+# define EC_F_EC_GROUP_GET_DEGREE 173
+# define EC_F_EC_GROUP_GET_ORDER 141
+# define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193
+# define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194
+# define EC_F_EC_GROUP_NEW 108
+# define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174
+# define EC_F_EC_GROUP_NEW_FROM_DATA 175
+# define EC_F_EC_GROUP_PRECOMPUTE_MULT 142
+# define EC_F_EC_GROUP_SET_CURVE_GF2M 176
+# define EC_F_EC_GROUP_SET_CURVE_GFP 109
+# define EC_F_EC_GROUP_SET_EXTRA_DATA 110
+# define EC_F_EC_GROUP_SET_GENERATOR 111
+# define EC_F_EC_KEY_CHECK_KEY 177
+# define EC_F_EC_KEY_COPY 178
+# define EC_F_EC_KEY_GENERATE_KEY 179
+# define EC_F_EC_KEY_NEW 182
+# define EC_F_EC_KEY_PRINT 180
+# define EC_F_EC_KEY_PRINT_FP 181
+# define EC_F_EC_POINTS_MAKE_AFFINE 136
+# define EC_F_EC_POINTS_MUL 138
+# define EC_F_EC_POINT_ADD 112
+# define EC_F_EC_POINT_CMP 113
+# define EC_F_EC_POINT_COPY 114
+# define EC_F_EC_POINT_DBL 115
+# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183
+# define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116
+# define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117
+# define EC_F_EC_POINT_INVERT 210
+# define EC_F_EC_POINT_IS_AT_INFINITY 118
+# define EC_F_EC_POINT_IS_ON_CURVE 119
+# define EC_F_EC_POINT_MAKE_AFFINE 120
+# define EC_F_EC_POINT_MUL 184
+# define EC_F_EC_POINT_NEW 121
+# define EC_F_EC_POINT_OCT2POINT 122
+# define EC_F_EC_POINT_POINT2OCT 123
+# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185
+# define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124
+# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186
+# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125
+# define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126
+# define EC_F_EC_POINT_SET_TO_INFINITY 127
+# define EC_F_EC_PRE_COMP_DUP 207
+# define EC_F_EC_PRE_COMP_NEW 196
+# define EC_F_EC_WNAF_MUL 187
+# define EC_F_EC_WNAF_PRECOMPUTE_MULT 188
+# define EC_F_I2D_ECPARAMETERS 190
+# define EC_F_I2D_ECPKPARAMETERS 191
+# define EC_F_I2D_ECPRIVATEKEY 192
+# define EC_F_I2O_ECPUBLICKEY 151
+# define EC_F_O2I_ECPUBLICKEY 152
+
+/* Reason codes. */
+# define EC_R_ASN1_ERROR 115
+# define EC_R_ASN1_UNKNOWN_FIELD 116
+# define EC_R_BUFFER_TOO_SMALL 100
+# define EC_R_D2I_ECPKPARAMETERS_FAILURE 117
+# define EC_R_DISCRIMINANT_IS_ZERO 118
+# define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119
+# define EC_R_FIELD_TOO_LARGE 138
+# define EC_R_GROUP2PKPARAMETERS_FAILURE 120
+# define EC_R_I2D_ECPKPARAMETERS_FAILURE 121
+# define EC_R_INCOMPATIBLE_OBJECTS 101
+# define EC_R_INVALID_ARGUMENT 112
+# define EC_R_INVALID_COMPRESSED_POINT 110
+# define EC_R_INVALID_COMPRESSION_BIT 109
+# define EC_R_INVALID_ENCODING 102
+# define EC_R_INVALID_FIELD 103
+# define EC_R_INVALID_FORM 104
+# define EC_R_INVALID_GROUP_ORDER 122
+# define EC_R_INVALID_PENTANOMIAL_BASIS 132
+# define EC_R_INVALID_PRIVATE_KEY 123
+# define EC_R_INVALID_TRINOMIAL_BASIS 137
+# define EC_R_MISSING_PARAMETERS 124
+# define EC_R_MISSING_PRIVATE_KEY 125
+# define EC_R_NOT_A_NIST_PRIME 135
+# define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136
+# define EC_R_NOT_IMPLEMENTED 126
+# define EC_R_NOT_INITIALIZED 111
+# define EC_R_NO_FIELD_MOD 133
+# define EC_R_PASSED_NULL_PARAMETER 134
+# define EC_R_PKPARAMETERS2GROUP_FAILURE 127
+# define EC_R_POINT_AT_INFINITY 106
+# define EC_R_POINT_IS_NOT_ON_CURVE 107
+# define EC_R_SLOT_FULL 108
+# define EC_R_UNDEFINED_GENERATOR 113
+# define EC_R_UNDEFINED_ORDER 128
+# define EC_R_UNKNOWN_GROUP 129
+# define EC_R_UNKNOWN_ORDER 114
+# define EC_R_UNSUPPORTED_FIELD 131
+# define EC_R_WRONG_ORDER 130
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_mult.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_mult.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,389 +0,0 @@
-/* crypto/ec/ec2_mult.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/err.h>
-
-#include "ec_lcl.h"
-
-
-/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective
- * coordinates.
- * Uses algorithm Mdouble in appendix of
- * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
- * GF(2^m) without precomputation".
- * modified to not require precomputation of c=b^{2^{m-1}}.
- */
-static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
- {
- BIGNUM *t1;
- int ret = 0;
-
- /* Since Mdouble is static we can guarantee that ctx != NULL. */
- BN_CTX_start(ctx);
- t1 = BN_CTX_get(ctx);
- if (t1 == NULL) goto err;
-
- if (!group->meth->field_sqr(group, x, x, ctx)) goto err;
- if (!group->meth->field_sqr(group, t1, z, ctx)) goto err;
- if (!group->meth->field_mul(group, z, x, t1, ctx)) goto err;
- if (!group->meth->field_sqr(group, x, x, ctx)) goto err;
- if (!group->meth->field_sqr(group, t1, t1, ctx)) goto err;
- if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) goto err;
- if (!BN_GF2m_add(x, x, t1)) goto err;
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery
- * projective coordinates.
- * Uses algorithm Madd in appendix of
- * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over
- * GF(2^m) without precomputation".
- */
-static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1,
- const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx)
- {
- BIGNUM *t1, *t2;
- int ret = 0;
-
- /* Since Madd is static we can guarantee that ctx != NULL. */
- BN_CTX_start(ctx);
- t1 = BN_CTX_get(ctx);
- t2 = BN_CTX_get(ctx);
- if (t2 == NULL) goto err;
-
- if (!BN_copy(t1, x)) goto err;
- if (!group->meth->field_mul(group, x1, x1, z2, ctx)) goto err;
- if (!group->meth->field_mul(group, z1, z1, x2, ctx)) goto err;
- if (!group->meth->field_mul(group, t2, x1, z1, ctx)) goto err;
- if (!BN_GF2m_add(z1, z1, x1)) goto err;
- if (!group->meth->field_sqr(group, z1, z1, ctx)) goto err;
- if (!group->meth->field_mul(group, x1, z1, t1, ctx)) goto err;
- if (!BN_GF2m_add(x1, x1, t2)) goto err;
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
- * using Montgomery point multiplication algorithm Mxy() in appendix of
- * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over
- * GF(2^m) without precomputation".
- * Returns:
- * 0 on error
- * 1 if return value should be the point at infinity
- * 2 otherwise
- */
-static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1,
- BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx)
- {
- BIGNUM *t3, *t4, *t5;
- int ret = 0;
-
- if (BN_is_zero(z1))
- {
- BN_zero(x2);
- BN_zero(z2);
- return 1;
- }
-
- if (BN_is_zero(z2))
- {
- if (!BN_copy(x2, x)) return 0;
- if (!BN_GF2m_add(z2, x, y)) return 0;
- return 2;
- }
-
- /* Since Mxy is static we can guarantee that ctx != NULL. */
- BN_CTX_start(ctx);
- t3 = BN_CTX_get(ctx);
- t4 = BN_CTX_get(ctx);
- t5 = BN_CTX_get(ctx);
- if (t5 == NULL) goto err;
-
- if (!BN_one(t5)) goto err;
-
- if (!group->meth->field_mul(group, t3, z1, z2, ctx)) goto err;
-
- if (!group->meth->field_mul(group, z1, z1, x, ctx)) goto err;
- if (!BN_GF2m_add(z1, z1, x1)) goto err;
- if (!group->meth->field_mul(group, z2, z2, x, ctx)) goto err;
- if (!group->meth->field_mul(group, x1, z2, x1, ctx)) goto err;
- if (!BN_GF2m_add(z2, z2, x2)) goto err;
-
- if (!group->meth->field_mul(group, z2, z2, z1, ctx)) goto err;
- if (!group->meth->field_sqr(group, t4, x, ctx)) goto err;
- if (!BN_GF2m_add(t4, t4, y)) goto err;
- if (!group->meth->field_mul(group, t4, t4, t3, ctx)) goto err;
- if (!BN_GF2m_add(t4, t4, z2)) goto err;
-
- if (!group->meth->field_mul(group, t3, t3, x, ctx)) goto err;
- if (!group->meth->field_div(group, t3, t5, t3, ctx)) goto err;
- if (!group->meth->field_mul(group, t4, t3, t4, ctx)) goto err;
- if (!group->meth->field_mul(group, x2, x1, t3, ctx)) goto err;
- if (!BN_GF2m_add(z2, x2, x)) goto err;
-
- if (!group->meth->field_mul(group, z2, z2, t4, ctx)) goto err;
- if (!BN_GF2m_add(z2, z2, y)) goto err;
-
- ret = 2;
-
- err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-/* Computes scalar*point and stores the result in r.
- * point can not equal r.
- * Uses a modified algorithm 2P of
- * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over
- * GF(2^m) without precomputation".
- *
- * To protect against side-channel attack the function uses constant time
- * swap avoiding conditional branches.
- */
-static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
- const EC_POINT *point, BN_CTX *ctx)
- {
- BIGNUM *x1, *x2, *z1, *z2;
- int ret = 0, i, j;
- BN_ULONG mask;
-
- if (r == point)
- {
- ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT);
- return 0;
- }
-
- /* if result should be point at infinity */
- if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) ||
- EC_POINT_is_at_infinity(group, point))
- {
- return EC_POINT_set_to_infinity(group, r);
- }
-
- /* only support affine coordinates */
- if (!point->Z_is_one) return 0;
-
- /* Since point_multiply is static we can guarantee that ctx != NULL. */
- BN_CTX_start(ctx);
- x1 = BN_CTX_get(ctx);
- z1 = BN_CTX_get(ctx);
- if (z1 == NULL) goto err;
-
- x2 = &r->X;
- z2 = &r->Y;
-
- bn_wexpand(x1, group->field.top);
- bn_wexpand(z1, group->field.top);
- bn_wexpand(x2, group->field.top);
- bn_wexpand(z2, group->field.top);
-
- if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
- if (!BN_one(z1)) goto err; /* z1 = 1 */
- if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
- if (!group->meth->field_sqr(group, x2, z2, ctx)) goto err;
- if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */
-
- /* find top most bit and go one past it */
- i = scalar->top - 1; j = BN_BITS2 - 1;
- mask = BN_TBIT;
- while (!(scalar->d[i] & mask)) { mask >>= 1; j--; }
- mask >>= 1; j--;
- /* if top most bit was at word break, go to next word */
- if (!mask)
- {
- i--; j = BN_BITS2 - 1;
- mask = BN_TBIT;
- }
-
- for (; i >= 0; i--)
- {
- for (; j >= 0; j--)
- {
- BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top);
- BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top);
- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
- BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top);
- BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top);
- mask >>= 1;
- }
- j = BN_BITS2 - 1;
- mask = BN_TBIT;
- }
-
- /* convert out of "projective" coordinates */
- i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx);
- if (i == 0) goto err;
- else if (i == 1)
- {
- if (!EC_POINT_set_to_infinity(group, r)) goto err;
- }
- else
- {
- if (!BN_one(&r->Z)) goto err;
- r->Z_is_one = 1;
- }
-
- /* GF(2^m) field elements should always have BIGNUM::neg = 0 */
- BN_set_negative(&r->X, 0);
- BN_set_negative(&r->Y, 0);
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- return ret;
- }
-
-
-/* Computes the sum
- * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]
- * gracefully ignoring NULL scalar values.
- */
-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
- {
- BN_CTX *new_ctx = NULL;
- int ret = 0;
- size_t i;
- EC_POINT *p=NULL;
- EC_POINT *acc = NULL;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- /* This implementation is more efficient than the wNAF implementation for 2
- * or fewer points. Use the ec_wNAF_mul implementation for 3 or more points,
- * or if we can perform a fast multiplication based on precomputation.
- */
- if ((scalar && (num > 1)) || (num > 2) || (num == 0 && EC_GROUP_have_precompute_mult(group)))
- {
- ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
- goto err;
- }
-
- if ((p = EC_POINT_new(group)) == NULL) goto err;
- if ((acc = EC_POINT_new(group)) == NULL) goto err;
-
- if (!EC_POINT_set_to_infinity(group, acc)) goto err;
-
- if (scalar)
- {
- if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
- if (BN_is_negative(scalar))
- if (!group->meth->invert(group, p, ctx)) goto err;
- if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
- }
-
- for (i = 0; i < num; i++)
- {
- if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
- if (BN_is_negative(scalars[i]))
- if (!group->meth->invert(group, p, ctx)) goto err;
- if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
- }
-
- if (!EC_POINT_copy(r, acc)) goto err;
-
- ret = 1;
-
- err:
- if (p) EC_POINT_free(p);
- if (acc) EC_POINT_free(acc);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-/* Precomputation for point multiplication: fall back to wNAF methods
- * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */
-
-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
- {
- return ec_wNAF_precompute_mult(group, ctx);
- }
-
-int ec_GF2m_have_precompute_mult(const EC_GROUP *group)
- {
- return ec_wNAF_have_precompute_mult(group);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_mult.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec2_mult.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_mult.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_mult.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,463 @@
+/* crypto/ec/ec2_mult.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The software is originally written by Sheueling Chang Shantz and
+ * Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+/*-
+ * Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective
+ * coordinates.
+ * Uses algorithm Mdouble in appendix of
+ * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over
+ * GF(2^m) without precomputation".
+ * modified to not require precomputation of c=b^{2^{m-1}}.
+ */
+static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z,
+ BN_CTX *ctx)
+{
+ BIGNUM *t1;
+ int ret = 0;
+
+ /* Since Mdouble is static we can guarantee that ctx != NULL. */
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ if (t1 == NULL)
+ goto err;
+
+ if (!group->meth->field_sqr(group, x, x, ctx))
+ goto err;
+ if (!group->meth->field_sqr(group, t1, z, ctx))
+ goto err;
+ if (!group->meth->field_mul(group, z, x, t1, ctx))
+ goto err;
+ if (!group->meth->field_sqr(group, x, x, ctx))
+ goto err;
+ if (!group->meth->field_sqr(group, t1, t1, ctx))
+ goto err;
+ if (!group->meth->field_mul(group, t1, &group->b, t1, ctx))
+ goto err;
+ if (!BN_GF2m_add(x, x, t1))
+ goto err;
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+/*-
+ * Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery
+ * projective coordinates.
+ * Uses algorithm Madd in appendix of
+ * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over
+ * GF(2^m) without precomputation".
+ */
+static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1,
+ BIGNUM *z1, const BIGNUM *x2, const BIGNUM *z2,
+ BN_CTX *ctx)
+{
+ BIGNUM *t1, *t2;
+ int ret = 0;
+
+ /* Since Madd is static we can guarantee that ctx != NULL. */
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ t2 = BN_CTX_get(ctx);
+ if (t2 == NULL)
+ goto err;
+
+ if (!BN_copy(t1, x))
+ goto err;
+ if (!group->meth->field_mul(group, x1, x1, z2, ctx))
+ goto err;
+ if (!group->meth->field_mul(group, z1, z1, x2, ctx))
+ goto err;
+ if (!group->meth->field_mul(group, t2, x1, z1, ctx))
+ goto err;
+ if (!BN_GF2m_add(z1, z1, x1))
+ goto err;
+ if (!group->meth->field_sqr(group, z1, z1, ctx))
+ goto err;
+ if (!group->meth->field_mul(group, x1, z1, t1, ctx))
+ goto err;
+ if (!BN_GF2m_add(x1, x1, t2))
+ goto err;
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+/*-
+ * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
+ * using Montgomery point multiplication algorithm Mxy() in appendix of
+ * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over
+ * GF(2^m) without precomputation".
+ * Returns:
+ * 0 on error
+ * 1 if return value should be the point at infinity
+ * 2 otherwise
+ */
+static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y,
+ BIGNUM *x1, BIGNUM *z1, BIGNUM *x2, BIGNUM *z2,
+ BN_CTX *ctx)
+{
+ BIGNUM *t3, *t4, *t5;
+ int ret = 0;
+
+ if (BN_is_zero(z1)) {
+ BN_zero(x2);
+ BN_zero(z2);
+ return 1;
+ }
+
+ if (BN_is_zero(z2)) {
+ if (!BN_copy(x2, x))
+ return 0;
+ if (!BN_GF2m_add(z2, x, y))
+ return 0;
+ return 2;
+ }
+
+ /* Since Mxy is static we can guarantee that ctx != NULL. */
+ BN_CTX_start(ctx);
+ t3 = BN_CTX_get(ctx);
+ t4 = BN_CTX_get(ctx);
+ t5 = BN_CTX_get(ctx);
+ if (t5 == NULL)
+ goto err;
+
+ if (!BN_one(t5))
+ goto err;
+
+ if (!group->meth->field_mul(group, t3, z1, z2, ctx))
+ goto err;
+
+ if (!group->meth->field_mul(group, z1, z1, x, ctx))
+ goto err;
+ if (!BN_GF2m_add(z1, z1, x1))
+ goto err;
+ if (!group->meth->field_mul(group, z2, z2, x, ctx))
+ goto err;
+ if (!group->meth->field_mul(group, x1, z2, x1, ctx))
+ goto err;
+ if (!BN_GF2m_add(z2, z2, x2))
+ goto err;
+
+ if (!group->meth->field_mul(group, z2, z2, z1, ctx))
+ goto err;
+ if (!group->meth->field_sqr(group, t4, x, ctx))
+ goto err;
+ if (!BN_GF2m_add(t4, t4, y))
+ goto err;
+ if (!group->meth->field_mul(group, t4, t4, t3, ctx))
+ goto err;
+ if (!BN_GF2m_add(t4, t4, z2))
+ goto err;
+
+ if (!group->meth->field_mul(group, t3, t3, x, ctx))
+ goto err;
+ if (!group->meth->field_div(group, t3, t5, t3, ctx))
+ goto err;
+ if (!group->meth->field_mul(group, t4, t3, t4, ctx))
+ goto err;
+ if (!group->meth->field_mul(group, x2, x1, t3, ctx))
+ goto err;
+ if (!BN_GF2m_add(z2, x2, x))
+ goto err;
+
+ if (!group->meth->field_mul(group, z2, z2, t4, ctx))
+ goto err;
+ if (!BN_GF2m_add(z2, z2, y))
+ goto err;
+
+ ret = 2;
+
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+/*-
+ * Computes scalar*point and stores the result in r.
+ * point can not equal r.
+ * Uses a modified algorithm 2P of
+ * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over
+ * GF(2^m) without precomputation".
+ *
+ * To protect against side-channel attack the function uses constant time
+ * swap avoiding conditional branches.
+ */
+static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,
+ EC_POINT *r,
+ const BIGNUM *scalar,
+ const EC_POINT *point,
+ BN_CTX *ctx)
+{
+ BIGNUM *x1, *x2, *z1, *z2;
+ int ret = 0, i, j;
+ BN_ULONG mask;
+
+ if (r == point) {
+ ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT);
+ return 0;
+ }
+
+ /* if result should be point at infinity */
+ if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) ||
+ EC_POINT_is_at_infinity(group, point)) {
+ return EC_POINT_set_to_infinity(group, r);
+ }
+
+ /* only support affine coordinates */
+ if (!point->Z_is_one)
+ return 0;
+
+ /*
+ * Since point_multiply is static we can guarantee that ctx != NULL.
+ */
+ BN_CTX_start(ctx);
+ x1 = BN_CTX_get(ctx);
+ z1 = BN_CTX_get(ctx);
+ if (z1 == NULL)
+ goto err;
+
+ x2 = &r->X;
+ z2 = &r->Y;
+
+ bn_wexpand(x1, group->field.top);
+ bn_wexpand(z1, group->field.top);
+ bn_wexpand(x2, group->field.top);
+ bn_wexpand(z2, group->field.top);
+
+ if (!BN_GF2m_mod_arr(x1, &point->X, group->poly))
+ goto err; /* x1 = x */
+ if (!BN_one(z1))
+ goto err; /* z1 = 1 */
+ if (!group->meth->field_sqr(group, z2, x1, ctx))
+ goto err; /* z2 = x1^2 = x^2 */
+ if (!group->meth->field_sqr(group, x2, z2, ctx))
+ goto err;
+ if (!BN_GF2m_add(x2, x2, &group->b))
+ goto err; /* x2 = x^4 + b */
+
+ /* find top most bit and go one past it */
+ i = scalar->top - 1;
+ j = BN_BITS2 - 1;
+ mask = BN_TBIT;
+ while (!(scalar->d[i] & mask)) {
+ mask >>= 1;
+ j--;
+ }
+ mask >>= 1;
+ j--;
+ /* if top most bit was at word break, go to next word */
+ if (!mask) {
+ i--;
+ j = BN_BITS2 - 1;
+ mask = BN_TBIT;
+ }
+
+ for (; i >= 0; i--) {
+ for (; j >= 0; j--) {
+ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top);
+ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top);
+ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx))
+ goto err;
+ if (!gf2m_Mdouble(group, x1, z1, ctx))
+ goto err;
+ BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top);
+ BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top);
+ mask >>= 1;
+ }
+ j = BN_BITS2 - 1;
+ mask = BN_TBIT;
+ }
+
+ /* convert out of "projective" coordinates */
+ i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx);
+ if (i == 0)
+ goto err;
+ else if (i == 1) {
+ if (!EC_POINT_set_to_infinity(group, r))
+ goto err;
+ } else {
+ if (!BN_one(&r->Z))
+ goto err;
+ r->Z_is_one = 1;
+ }
+
+ /* GF(2^m) field elements should always have BIGNUM::neg = 0 */
+ BN_set_negative(&r->X, 0);
+ BN_set_negative(&r->Y, 0);
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+/*-
+ * Computes the sum
+ * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]
+ * gracefully ignoring NULL scalar values.
+ */
+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
+ const BIGNUM *scalar, size_t num,
+ const EC_POINT *points[], const BIGNUM *scalars[],
+ BN_CTX *ctx)
+{
+ BN_CTX *new_ctx = NULL;
+ int ret = 0;
+ size_t i;
+ EC_POINT *p = NULL;
+ EC_POINT *acc = NULL;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ /*
+ * This implementation is more efficient than the wNAF implementation for
+ * 2 or fewer points. Use the ec_wNAF_mul implementation for 3 or more
+ * points, or if we can perform a fast multiplication based on
+ * precomputation.
+ */
+ if ((scalar && (num > 1)) || (num > 2)
+ || (num == 0 && EC_GROUP_have_precompute_mult(group))) {
+ ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+ goto err;
+ }
+
+ if ((p = EC_POINT_new(group)) == NULL)
+ goto err;
+ if ((acc = EC_POINT_new(group)) == NULL)
+ goto err;
+
+ if (!EC_POINT_set_to_infinity(group, acc))
+ goto err;
+
+ if (scalar) {
+ if (!ec_GF2m_montgomery_point_multiply
+ (group, p, scalar, group->generator, ctx))
+ goto err;
+ if (BN_is_negative(scalar))
+ if (!group->meth->invert(group, p, ctx))
+ goto err;
+ if (!group->meth->add(group, acc, acc, p, ctx))
+ goto err;
+ }
+
+ for (i = 0; i < num; i++) {
+ if (!ec_GF2m_montgomery_point_multiply
+ (group, p, scalars[i], points[i], ctx))
+ goto err;
+ if (BN_is_negative(scalars[i]))
+ if (!group->meth->invert(group, p, ctx))
+ goto err;
+ if (!group->meth->add(group, acc, acc, p, ctx))
+ goto err;
+ }
+
+ if (!EC_POINT_copy(r, acc))
+ goto err;
+
+ ret = 1;
+
+ err:
+ if (p)
+ EC_POINT_free(p);
+ if (acc)
+ EC_POINT_free(acc);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+/*
+ * Precomputation for point multiplication: fall back to wNAF methods because
+ * ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate
+ */
+
+int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+ return ec_wNAF_precompute_mult(group, ctx);
+}
+
+int ec_GF2m_have_precompute_mult(const EC_GROUP *group)
+{
+ return ec_wNAF_have_precompute_mult(group);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec2_smpl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,976 +0,0 @@
-/* crypto/ec/ec2_smpl.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The software is originally written by Sheueling Chang Shantz and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/err.h>
-
-#include "ec_lcl.h"
-
-
-const EC_METHOD *EC_GF2m_simple_method(void)
- {
- static const EC_METHOD ret = {
- NID_X9_62_characteristic_two_field,
- ec_GF2m_simple_group_init,
- ec_GF2m_simple_group_finish,
- ec_GF2m_simple_group_clear_finish,
- ec_GF2m_simple_group_copy,
- ec_GF2m_simple_group_set_curve,
- ec_GF2m_simple_group_get_curve,
- ec_GF2m_simple_group_get_degree,
- ec_GF2m_simple_group_check_discriminant,
- ec_GF2m_simple_point_init,
- ec_GF2m_simple_point_finish,
- ec_GF2m_simple_point_clear_finish,
- ec_GF2m_simple_point_copy,
- ec_GF2m_simple_point_set_to_infinity,
- 0 /* set_Jprojective_coordinates_GFp */,
- 0 /* get_Jprojective_coordinates_GFp */,
- ec_GF2m_simple_point_set_affine_coordinates,
- ec_GF2m_simple_point_get_affine_coordinates,
- ec_GF2m_simple_set_compressed_coordinates,
- ec_GF2m_simple_point2oct,
- ec_GF2m_simple_oct2point,
- ec_GF2m_simple_add,
- ec_GF2m_simple_dbl,
- ec_GF2m_simple_invert,
- ec_GF2m_simple_is_at_infinity,
- ec_GF2m_simple_is_on_curve,
- ec_GF2m_simple_cmp,
- ec_GF2m_simple_make_affine,
- ec_GF2m_simple_points_make_affine,
-
- /* the following three method functions are defined in ec2_mult.c */
- ec_GF2m_simple_mul,
- ec_GF2m_precompute_mult,
- ec_GF2m_have_precompute_mult,
-
- ec_GF2m_simple_field_mul,
- ec_GF2m_simple_field_sqr,
- ec_GF2m_simple_field_div,
- 0 /* field_encode */,
- 0 /* field_decode */,
- 0 /* field_set_to_one */ };
-
- return &ret;
- }
-
-
-/* Initialize a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_new.
- */
-int ec_GF2m_simple_group_init(EC_GROUP *group)
- {
- BN_init(&group->field);
- BN_init(&group->a);
- BN_init(&group->b);
- return 1;
- }
-
-
-/* Free a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_free.
- */
-void ec_GF2m_simple_group_finish(EC_GROUP *group)
- {
- BN_free(&group->field);
- BN_free(&group->a);
- BN_free(&group->b);
- }
-
-
-/* Clear and free a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_clear_free.
- */
-void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
- {
- BN_clear_free(&group->field);
- BN_clear_free(&group->a);
- BN_clear_free(&group->b);
- group->poly[0] = 0;
- group->poly[1] = 0;
- group->poly[2] = 0;
- group->poly[3] = 0;
- group->poly[4] = 0;
- }
-
-
-/* Copy a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_copy.
- */
-int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
- {
- int i;
- if (!BN_copy(&dest->field, &src->field)) return 0;
- if (!BN_copy(&dest->a, &src->a)) return 0;
- if (!BN_copy(&dest->b, &src->b)) return 0;
- dest->poly[0] = src->poly[0];
- dest->poly[1] = src->poly[1];
- dest->poly[2] = src->poly[2];
- dest->poly[3] = src->poly[3];
- dest->poly[4] = src->poly[4];
- if(bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL)
- return 0;
- if(bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL)
- return 0;
- for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;
- for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0;
- return 1;
- }
-
-
-/* Set the curve parameters of an EC_GROUP structure. */
-int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
- const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- int ret = 0, i;
-
- /* group->field */
- if (!BN_copy(&group->field, p)) goto err;
- i = BN_GF2m_poly2arr(&group->field, group->poly, 5);
- if ((i != 5) && (i != 3))
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
- goto err;
- }
-
- /* group->a */
- if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err;
- if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
- for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0;
-
- /* group->b */
- if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err;
- if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
- for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0;
-
- ret = 1;
- err:
- return ret;
- }
-
-
-/* Get the curve parameters of an EC_GROUP structure.
- * If p, a, or b are NULL then there values will not be set but the method will return with success.
- */
-int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
- {
- int ret = 0;
-
- if (p != NULL)
- {
- if (!BN_copy(p, &group->field)) return 0;
- }
-
- if (a != NULL)
- {
- if (!BN_copy(a, &group->a)) goto err;
- }
-
- if (b != NULL)
- {
- if (!BN_copy(b, &group->b)) goto err;
- }
-
- ret = 1;
-
- err:
- return ret;
- }
-
-
-/* Gets the degree of the field. For a curve over GF(2^m) this is the value m. */
-int ec_GF2m_simple_group_get_degree(const EC_GROUP *group)
- {
- return BN_num_bits(&group->field)-1;
- }
-
-
-/* Checks the discriminant of the curve.
- * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p)
- */
-int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
- {
- int ret = 0;
- BIGNUM *b;
- BN_CTX *new_ctx = NULL;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- BN_CTX_start(ctx);
- b = BN_CTX_get(ctx);
- if (b == NULL) goto err;
-
- if (!BN_GF2m_mod_arr(b, &group->b, group->poly)) goto err;
-
- /* check the discriminant:
- * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p)
- */
- if (BN_is_zero(b)) goto err;
-
- ret = 1;
-
-err:
- if (ctx != NULL)
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-/* Initializes an EC_POINT. */
-int ec_GF2m_simple_point_init(EC_POINT *point)
- {
- BN_init(&point->X);
- BN_init(&point->Y);
- BN_init(&point->Z);
- return 1;
- }
-
-
-/* Frees an EC_POINT. */
-void ec_GF2m_simple_point_finish(EC_POINT *point)
- {
- BN_free(&point->X);
- BN_free(&point->Y);
- BN_free(&point->Z);
- }
-
-
-/* Clears and frees an EC_POINT. */
-void ec_GF2m_simple_point_clear_finish(EC_POINT *point)
- {
- BN_clear_free(&point->X);
- BN_clear_free(&point->Y);
- BN_clear_free(&point->Z);
- point->Z_is_one = 0;
- }
-
-
-/* Copy the contents of one EC_POINT into another. Assumes dest is initialized. */
-int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
- {
- if (!BN_copy(&dest->X, &src->X)) return 0;
- if (!BN_copy(&dest->Y, &src->Y)) return 0;
- if (!BN_copy(&dest->Z, &src->Z)) return 0;
- dest->Z_is_one = src->Z_is_one;
-
- return 1;
- }
-
-
-/* Set an EC_POINT to the point at infinity.
- * A point at infinity is represented by having Z=0.
- */
-int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
- {
- point->Z_is_one = 0;
- BN_zero(&point->Z);
- return 1;
- }
-
-
-/* Set the coordinates of an EC_POINT using affine coordinates.
- * Note that the simple implementation only uses affine coordinates.
- */
-int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
- {
- int ret = 0;
- if (x == NULL || y == NULL)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
- if (!BN_copy(&point->X, x)) goto err;
- BN_set_negative(&point->X, 0);
- if (!BN_copy(&point->Y, y)) goto err;
- BN_set_negative(&point->Y, 0);
- if (!BN_copy(&point->Z, BN_value_one())) goto err;
- BN_set_negative(&point->Z, 0);
- point->Z_is_one = 1;
- ret = 1;
-
- err:
- return ret;
- }
-
-
-/* Gets the affine coordinates of an EC_POINT.
- * Note that the simple implementation only uses affine coordinates.
- */
-int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
- BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
- {
- int ret = 0;
-
- if (EC_POINT_is_at_infinity(group, point))
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
- return 0;
- }
-
- if (BN_cmp(&point->Z, BN_value_one()))
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (x != NULL)
- {
- if (!BN_copy(x, &point->X)) goto err;
- BN_set_negative(x, 0);
- }
- if (y != NULL)
- {
- if (!BN_copy(y, &point->Y)) goto err;
- BN_set_negative(y, 0);
- }
- ret = 1;
-
- err:
- return ret;
- }
-
-
-/* Include patented algorithms. */
-#include "ec2_smpt.c"
-
-
-/* Converts an EC_POINT to an octet string.
- * If buf is NULL, the encoded length will be returned.
- * If the length len of buf is smaller than required an error will be returned.
- *
- * The point compression section of this function is patented by Certicom Corp.
- * under US Patent 6,141,420. Point compression is disabled by default and can
- * be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at
- * Configure-time.
- */
-size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
- unsigned char *buf, size_t len, BN_CTX *ctx)
- {
- size_t ret;
- BN_CTX *new_ctx = NULL;
- int used_ctx = 0;
- BIGNUM *x, *y, *yxi;
- size_t field_len, i, skip;
-
-#ifndef OPENSSL_EC_BIN_PT_COMP
- if ((form == POINT_CONVERSION_COMPRESSED) || (form == POINT_CONVERSION_HYBRID))
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED);
- goto err;
- }
-#endif
-
- if ((form != POINT_CONVERSION_COMPRESSED)
- && (form != POINT_CONVERSION_UNCOMPRESSED)
- && (form != POINT_CONVERSION_HYBRID))
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
- goto err;
- }
-
- if (EC_POINT_is_at_infinity(group, point))
- {
- /* encodes to a single 0 octet */
- if (buf != NULL)
- {
- if (len < 1)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
- return 0;
- }
- buf[0] = 0;
- }
- return 1;
- }
-
-
- /* ret := required output buffer length */
- field_len = (EC_GROUP_get_degree(group) + 7) / 8;
- ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
- /* if 'buf' is NULL, just return required length */
- if (buf != NULL)
- {
- if (len < ret)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
- goto err;
- }
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- BN_CTX_start(ctx);
- used_ctx = 1;
- x = BN_CTX_get(ctx);
- y = BN_CTX_get(ctx);
- yxi = BN_CTX_get(ctx);
- if (yxi == NULL) goto err;
-
- if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
-
- buf[0] = form;
-#ifdef OPENSSL_EC_BIN_PT_COMP
- if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x))
- {
- if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;
- if (BN_is_odd(yxi)) buf[0]++;
- }
-#endif
-
- i = 1;
-
- skip = field_len - BN_num_bytes(x);
- if (skip > field_len)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- while (skip > 0)
- {
- buf[i++] = 0;
- skip--;
- }
- skip = BN_bn2bin(x, buf + i);
- i += skip;
- if (i != 1 + field_len)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
- {
- skip = field_len - BN_num_bytes(y);
- if (skip > field_len)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- while (skip > 0)
- {
- buf[i++] = 0;
- skip--;
- }
- skip = BN_bn2bin(y, buf + i);
- i += skip;
- }
-
- if (i != ret)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- if (used_ctx)
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
-
- err:
- if (used_ctx)
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return 0;
- }
-
-
-/* Converts an octet string representation to an EC_POINT.
- * Note that the simple implementation only uses affine coordinates.
- */
-int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
- const unsigned char *buf, size_t len, BN_CTX *ctx)
- {
- point_conversion_form_t form;
- int y_bit;
- BN_CTX *new_ctx = NULL;
- BIGNUM *x, *y, *yxi;
- size_t field_len, enc_len;
- int ret = 0;
-
- if (len == 0)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
- return 0;
- }
- form = buf[0];
- y_bit = form & 1;
- form = form & ~1U;
- if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
- && (form != POINT_CONVERSION_UNCOMPRESSED)
- && (form != POINT_CONVERSION_HYBRID))
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- return 0;
- }
- if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- return 0;
- }
-
- if (form == 0)
- {
- if (len != 1)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- return 0;
- }
-
- return EC_POINT_set_to_infinity(group, point);
- }
-
- field_len = (EC_GROUP_get_degree(group) + 7) / 8;
- enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
- if (len != enc_len)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- return 0;
- }
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- BN_CTX_start(ctx);
- x = BN_CTX_get(ctx);
- y = BN_CTX_get(ctx);
- yxi = BN_CTX_get(ctx);
- if (yxi == NULL) goto err;
-
- if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
- if (BN_ucmp(x, &group->field) >= 0)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- goto err;
- }
-
- if (form == POINT_CONVERSION_COMPRESSED)
- {
- if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx)) goto err;
- }
- else
- {
- if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
- if (BN_ucmp(y, &group->field) >= 0)
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- goto err;
- }
- if (form == POINT_CONVERSION_HYBRID)
- {
- if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;
- if (y_bit != BN_is_odd(yxi))
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- goto err;
- }
- }
-
- if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
- }
-
- if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
- {
- ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
- goto err;
- }
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-/* Computes a + b and stores the result in r. r could be a or b, a could be b.
- * Uses algorithm A.10.2 of IEEE P1363.
- */
-int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
- {
- BN_CTX *new_ctx = NULL;
- BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
- int ret = 0;
-
- if (EC_POINT_is_at_infinity(group, a))
- {
- if (!EC_POINT_copy(r, b)) return 0;
- return 1;
- }
-
- if (EC_POINT_is_at_infinity(group, b))
- {
- if (!EC_POINT_copy(r, a)) return 0;
- return 1;
- }
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- BN_CTX_start(ctx);
- x0 = BN_CTX_get(ctx);
- y0 = BN_CTX_get(ctx);
- x1 = BN_CTX_get(ctx);
- y1 = BN_CTX_get(ctx);
- x2 = BN_CTX_get(ctx);
- y2 = BN_CTX_get(ctx);
- s = BN_CTX_get(ctx);
- t = BN_CTX_get(ctx);
- if (t == NULL) goto err;
-
- if (a->Z_is_one)
- {
- if (!BN_copy(x0, &a->X)) goto err;
- if (!BN_copy(y0, &a->Y)) goto err;
- }
- else
- {
- if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) goto err;
- }
- if (b->Z_is_one)
- {
- if (!BN_copy(x1, &b->X)) goto err;
- if (!BN_copy(y1, &b->Y)) goto err;
- }
- else
- {
- if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) goto err;
- }
-
-
- if (BN_GF2m_cmp(x0, x1))
- {
- if (!BN_GF2m_add(t, x0, x1)) goto err;
- if (!BN_GF2m_add(s, y0, y1)) goto err;
- if (!group->meth->field_div(group, s, s, t, ctx)) goto err;
- if (!group->meth->field_sqr(group, x2, s, ctx)) goto err;
- if (!BN_GF2m_add(x2, x2, &group->a)) goto err;
- if (!BN_GF2m_add(x2, x2, s)) goto err;
- if (!BN_GF2m_add(x2, x2, t)) goto err;
- }
- else
- {
- if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1))
- {
- if (!EC_POINT_set_to_infinity(group, r)) goto err;
- ret = 1;
- goto err;
- }
- if (!group->meth->field_div(group, s, y1, x1, ctx)) goto err;
- if (!BN_GF2m_add(s, s, x1)) goto err;
-
- if (!group->meth->field_sqr(group, x2, s, ctx)) goto err;
- if (!BN_GF2m_add(x2, x2, s)) goto err;
- if (!BN_GF2m_add(x2, x2, &group->a)) goto err;
- }
-
- if (!BN_GF2m_add(y2, x1, x2)) goto err;
- if (!group->meth->field_mul(group, y2, y2, s, ctx)) goto err;
- if (!BN_GF2m_add(y2, y2, x2)) goto err;
- if (!BN_GF2m_add(y2, y2, y1)) goto err;
-
- if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) goto err;
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-/* Computes 2 * a and stores the result in r. r could be a.
- * Uses algorithm A.10.2 of IEEE P1363.
- */
-int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
- {
- return ec_GF2m_simple_add(group, r, a, a, ctx);
- }
-
-
-int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
- {
- if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
- /* point is its own inverse */
- return 1;
-
- if (!EC_POINT_make_affine(group, point, ctx)) return 0;
- return BN_GF2m_add(&point->Y, &point->X, &point->Y);
- }
-
-
-/* Indicates whether the given point is the point at infinity. */
-int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
- {
- return BN_is_zero(&point->Z);
- }
-
-
-/* Determines whether the given EC_POINT is an actual point on the curve defined
- * in the EC_GROUP. A point is valid if it satisfies the Weierstrass equation:
- * y^2 + x*y = x^3 + a*x^2 + b.
- */
-int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
- {
- int ret = -1;
- BN_CTX *new_ctx = NULL;
- BIGNUM *lh, *y2;
- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-
- if (EC_POINT_is_at_infinity(group, point))
- return 1;
-
- field_mul = group->meth->field_mul;
- field_sqr = group->meth->field_sqr;
-
- /* only support affine coordinates */
- if (!point->Z_is_one) return -1;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return -1;
- }
-
- BN_CTX_start(ctx);
- y2 = BN_CTX_get(ctx);
- lh = BN_CTX_get(ctx);
- if (lh == NULL) goto err;
-
- /* We have a curve defined by a Weierstrass equation
- * y^2 + x*y = x^3 + a*x^2 + b.
- * <=> x^3 + a*x^2 + x*y + b + y^2 = 0
- * <=> ((x + a) * x + y ) * x + b + y^2 = 0
- */
- if (!BN_GF2m_add(lh, &point->X, &group->a)) goto err;
- if (!field_mul(group, lh, lh, &point->X, ctx)) goto err;
- if (!BN_GF2m_add(lh, lh, &point->Y)) goto err;
- if (!field_mul(group, lh, lh, &point->X, ctx)) goto err;
- if (!BN_GF2m_add(lh, lh, &group->b)) goto err;
- if (!field_sqr(group, y2, &point->Y, ctx)) goto err;
- if (!BN_GF2m_add(lh, lh, y2)) goto err;
- ret = BN_is_zero(lh);
- err:
- if (ctx) BN_CTX_end(ctx);
- if (new_ctx) BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-/* Indicates whether two points are equal.
- * Return values:
- * -1 error
- * 0 equal (in affine coordinates)
- * 1 not equal
- */
-int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
- {
- BIGNUM *aX, *aY, *bX, *bY;
- BN_CTX *new_ctx = NULL;
- int ret = -1;
-
- if (EC_POINT_is_at_infinity(group, a))
- {
- return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
- }
-
- if (EC_POINT_is_at_infinity(group, b))
- return 1;
-
- if (a->Z_is_one && b->Z_is_one)
- {
- return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
- }
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return -1;
- }
-
- BN_CTX_start(ctx);
- aX = BN_CTX_get(ctx);
- aY = BN_CTX_get(ctx);
- bX = BN_CTX_get(ctx);
- bY = BN_CTX_get(ctx);
- if (bY == NULL) goto err;
-
- if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) goto err;
- if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) goto err;
- ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
-
- err:
- if (ctx) BN_CTX_end(ctx);
- if (new_ctx) BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-/* Forces the given EC_POINT to internally use affine coordinates. */
-int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
- {
- BN_CTX *new_ctx = NULL;
- BIGNUM *x, *y;
- int ret = 0;
-
- if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
- return 1;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- BN_CTX_start(ctx);
- x = BN_CTX_get(ctx);
- y = BN_CTX_get(ctx);
- if (y == NULL) goto err;
-
- if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
- if (!BN_copy(&point->X, x)) goto err;
- if (!BN_copy(&point->Y, y)) goto err;
- if (!BN_one(&point->Z)) goto err;
-
- ret = 1;
-
- err:
- if (ctx) BN_CTX_end(ctx);
- if (new_ctx) BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-/* Forces each of the EC_POINTs in the given array to use affine coordinates. */
-int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
- {
- size_t i;
-
- for (i = 0; i < num; i++)
- {
- if (!group->meth->make_affine(group, points[i], ctx)) return 0;
- }
-
- return 1;
- }
-
-
-/* Wrapper to simple binary polynomial field multiplication implementation. */
-int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx);
- }
-
-
-/* Wrapper to simple binary polynomial field squaring implementation. */
-int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
- {
- return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx);
- }
-
-
-/* Wrapper to simple binary polynomial field division implementation. */
-int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- return BN_GF2m_mod_div(r, a, b, &group->field, ctx);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec2_smpl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1035 @@
+/* crypto/ec/ec2_smpl.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The software is originally written by Sheueling Chang Shantz and
+ * Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+const EC_METHOD *EC_GF2m_simple_method(void)
+{
+ static const EC_METHOD ret = {
+ NID_X9_62_characteristic_two_field,
+ ec_GF2m_simple_group_init,
+ ec_GF2m_simple_group_finish,
+ ec_GF2m_simple_group_clear_finish,
+ ec_GF2m_simple_group_copy,
+ ec_GF2m_simple_group_set_curve,
+ ec_GF2m_simple_group_get_curve,
+ ec_GF2m_simple_group_get_degree,
+ ec_GF2m_simple_group_check_discriminant,
+ ec_GF2m_simple_point_init,
+ ec_GF2m_simple_point_finish,
+ ec_GF2m_simple_point_clear_finish,
+ ec_GF2m_simple_point_copy,
+ ec_GF2m_simple_point_set_to_infinity,
+ 0 /* set_Jprojective_coordinates_GFp */ ,
+ 0 /* get_Jprojective_coordinates_GFp */ ,
+ ec_GF2m_simple_point_set_affine_coordinates,
+ ec_GF2m_simple_point_get_affine_coordinates,
+ ec_GF2m_simple_set_compressed_coordinates,
+ ec_GF2m_simple_point2oct,
+ ec_GF2m_simple_oct2point,
+ ec_GF2m_simple_add,
+ ec_GF2m_simple_dbl,
+ ec_GF2m_simple_invert,
+ ec_GF2m_simple_is_at_infinity,
+ ec_GF2m_simple_is_on_curve,
+ ec_GF2m_simple_cmp,
+ ec_GF2m_simple_make_affine,
+ ec_GF2m_simple_points_make_affine,
+
+ /*
+ * the following three method functions are defined in ec2_mult.c
+ */
+ ec_GF2m_simple_mul,
+ ec_GF2m_precompute_mult,
+ ec_GF2m_have_precompute_mult,
+
+ ec_GF2m_simple_field_mul,
+ ec_GF2m_simple_field_sqr,
+ ec_GF2m_simple_field_div,
+ 0 /* field_encode */ ,
+ 0 /* field_decode */ ,
+ 0 /* field_set_to_one */
+ };
+
+ return &ret;
+}
+
+/*
+ * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members
+ * are handled by EC_GROUP_new.
+ */
+int ec_GF2m_simple_group_init(EC_GROUP *group)
+{
+ BN_init(&group->field);
+ BN_init(&group->a);
+ BN_init(&group->b);
+ return 1;
+}
+
+/*
+ * Free a GF(2^m)-based EC_GROUP structure. Note that all other members are
+ * handled by EC_GROUP_free.
+ */
+void ec_GF2m_simple_group_finish(EC_GROUP *group)
+{
+ BN_free(&group->field);
+ BN_free(&group->a);
+ BN_free(&group->b);
+}
+
+/*
+ * Clear and free a GF(2^m)-based EC_GROUP structure. Note that all other
+ * members are handled by EC_GROUP_clear_free.
+ */
+void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
+{
+ BN_clear_free(&group->field);
+ BN_clear_free(&group->a);
+ BN_clear_free(&group->b);
+ group->poly[0] = 0;
+ group->poly[1] = 0;
+ group->poly[2] = 0;
+ group->poly[3] = 0;
+ group->poly[4] = 0;
+}
+
+/*
+ * Copy a GF(2^m)-based EC_GROUP structure. Note that all other members are
+ * handled by EC_GROUP_copy.
+ */
+int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+ int i;
+ if (!BN_copy(&dest->field, &src->field))
+ return 0;
+ if (!BN_copy(&dest->a, &src->a))
+ return 0;
+ if (!BN_copy(&dest->b, &src->b))
+ return 0;
+ dest->poly[0] = src->poly[0];
+ dest->poly[1] = src->poly[1];
+ dest->poly[2] = src->poly[2];
+ dest->poly[3] = src->poly[3];
+ dest->poly[4] = src->poly[4];
+ if (bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+ == NULL)
+ return 0;
+ if (bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+ == NULL)
+ return 0;
+ for (i = dest->a.top; i < dest->a.dmax; i++)
+ dest->a.d[i] = 0;
+ for (i = dest->b.top; i < dest->b.dmax; i++)
+ dest->b.d[i] = 0;
+ return 1;
+}
+
+/* Set the curve parameters of an EC_GROUP structure. */
+int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
+ const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *ctx)
+{
+ int ret = 0, i;
+
+ /* group->field */
+ if (!BN_copy(&group->field, p))
+ goto err;
+ i = BN_GF2m_poly2arr(&group->field, group->poly, 5);
+ if ((i != 5) && (i != 3)) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
+ goto err;
+ }
+
+ /* group->a */
+ if (!BN_GF2m_mod_arr(&group->a, a, group->poly))
+ goto err;
+ if (bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+ == NULL)
+ goto err;
+ for (i = group->a.top; i < group->a.dmax; i++)
+ group->a.d[i] = 0;
+
+ /* group->b */
+ if (!BN_GF2m_mod_arr(&group->b, b, group->poly))
+ goto err;
+ if (bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+ == NULL)
+ goto err;
+ for (i = group->b.top; i < group->b.dmax; i++)
+ group->b.d[i] = 0;
+
+ ret = 1;
+ err:
+ return ret;
+}
+
+/*
+ * Get the curve parameters of an EC_GROUP structure. If p, a, or b are NULL
+ * then there values will not be set but the method will return with success.
+ */
+int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p,
+ BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+{
+ int ret = 0;
+
+ if (p != NULL) {
+ if (!BN_copy(p, &group->field))
+ return 0;
+ }
+
+ if (a != NULL) {
+ if (!BN_copy(a, &group->a))
+ goto err;
+ }
+
+ if (b != NULL) {
+ if (!BN_copy(b, &group->b))
+ goto err;
+ }
+
+ ret = 1;
+
+ err:
+ return ret;
+}
+
+/*
+ * Gets the degree of the field. For a curve over GF(2^m) this is the value
+ * m.
+ */
+int ec_GF2m_simple_group_get_degree(const EC_GROUP *group)
+{
+ return BN_num_bits(&group->field) - 1;
+}
+
+/*
+ * Checks the discriminant of the curve. y^2 + x*y = x^3 + a*x^2 + b is an
+ * elliptic curve <=> b != 0 (mod p)
+ */
+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
+ BN_CTX *ctx)
+{
+ int ret = 0;
+ BIGNUM *b;
+ BN_CTX *new_ctx = NULL;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ BN_CTX_start(ctx);
+ b = BN_CTX_get(ctx);
+ if (b == NULL)
+ goto err;
+
+ if (!BN_GF2m_mod_arr(b, &group->b, group->poly))
+ goto err;
+
+ /*
+ * check the discriminant: y^2 + x*y = x^3 + a*x^2 + b is an elliptic
+ * curve <=> b != 0 (mod p)
+ */
+ if (BN_is_zero(b))
+ goto err;
+
+ ret = 1;
+
+ err:
+ if (ctx != NULL)
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+/* Initializes an EC_POINT. */
+int ec_GF2m_simple_point_init(EC_POINT *point)
+{
+ BN_init(&point->X);
+ BN_init(&point->Y);
+ BN_init(&point->Z);
+ return 1;
+}
+
+/* Frees an EC_POINT. */
+void ec_GF2m_simple_point_finish(EC_POINT *point)
+{
+ BN_free(&point->X);
+ BN_free(&point->Y);
+ BN_free(&point->Z);
+}
+
+/* Clears and frees an EC_POINT. */
+void ec_GF2m_simple_point_clear_finish(EC_POINT *point)
+{
+ BN_clear_free(&point->X);
+ BN_clear_free(&point->Y);
+ BN_clear_free(&point->Z);
+ point->Z_is_one = 0;
+}
+
+/*
+ * Copy the contents of one EC_POINT into another. Assumes dest is
+ * initialized.
+ */
+int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
+{
+ if (!BN_copy(&dest->X, &src->X))
+ return 0;
+ if (!BN_copy(&dest->Y, &src->Y))
+ return 0;
+ if (!BN_copy(&dest->Z, &src->Z))
+ return 0;
+ dest->Z_is_one = src->Z_is_one;
+
+ return 1;
+}
+
+/*
+ * Set an EC_POINT to the point at infinity. A point at infinity is
+ * represented by having Z=0.
+ */
+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group,
+ EC_POINT *point)
+{
+ point->Z_is_one = 0;
+ BN_zero(&point->Z);
+ return 1;
+}
+
+/*
+ * Set the coordinates of an EC_POINT using affine coordinates. Note that
+ * the simple implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group,
+ EC_POINT *point,
+ const BIGNUM *x,
+ const BIGNUM *y, BN_CTX *ctx)
+{
+ int ret = 0;
+ if (x == NULL || y == NULL) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ if (!BN_copy(&point->X, x))
+ goto err;
+ BN_set_negative(&point->X, 0);
+ if (!BN_copy(&point->Y, y))
+ goto err;
+ BN_set_negative(&point->Y, 0);
+ if (!BN_copy(&point->Z, BN_value_one()))
+ goto err;
+ BN_set_negative(&point->Z, 0);
+ point->Z_is_one = 1;
+ ret = 1;
+
+ err:
+ return ret;
+}
+
+/*
+ * Gets the affine coordinates of an EC_POINT. Note that the simple
+ * implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
+ const EC_POINT *point,
+ BIGNUM *x, BIGNUM *y,
+ BN_CTX *ctx)
+{
+ int ret = 0;
+
+ if (EC_POINT_is_at_infinity(group, point)) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+ EC_R_POINT_AT_INFINITY);
+ return 0;
+ }
+
+ if (BN_cmp(&point->Z, BN_value_one())) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (x != NULL) {
+ if (!BN_copy(x, &point->X))
+ goto err;
+ BN_set_negative(x, 0);
+ }
+ if (y != NULL) {
+ if (!BN_copy(y, &point->Y))
+ goto err;
+ BN_set_negative(y, 0);
+ }
+ ret = 1;
+
+ err:
+ return ret;
+}
+
+/* Include patented algorithms. */
+#include "ec2_smpt.c"
+
+/*
+ * Converts an EC_POINT to an octet string. If buf is NULL, the encoded
+ * length will be returned. If the length len of buf is smaller than required
+ * an error will be returned. The point compression section of this function
+ * is patented by Certicom Corp. under US Patent 6,141,420. Point
+ * compression is disabled by default and can be enabled by defining the
+ * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time.
+ */
+size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
+ point_conversion_form_t form,
+ unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+ size_t ret;
+ BN_CTX *new_ctx = NULL;
+ int used_ctx = 0;
+ BIGNUM *x, *y, *yxi;
+ size_t field_len, i, skip;
+
+#ifndef OPENSSL_EC_BIN_PT_COMP
+ if ((form == POINT_CONVERSION_COMPRESSED)
+ || (form == POINT_CONVERSION_HYBRID)) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED);
+ goto err;
+ }
+#endif
+
+ if ((form != POINT_CONVERSION_COMPRESSED)
+ && (form != POINT_CONVERSION_UNCOMPRESSED)
+ && (form != POINT_CONVERSION_HYBRID)) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+ goto err;
+ }
+
+ if (EC_POINT_is_at_infinity(group, point)) {
+ /* encodes to a single 0 octet */
+ if (buf != NULL) {
+ if (len < 1) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+ buf[0] = 0;
+ }
+ return 1;
+ }
+
+ /* ret := required output buffer length */
+ field_len = (EC_GROUP_get_degree(group) + 7) / 8;
+ ret =
+ (form ==
+ POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+ /* if 'buf' is NULL, just return required length */
+ if (buf != NULL) {
+ if (len < ret) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+ goto err;
+ }
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+ used_ctx = 1;
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ yxi = BN_CTX_get(ctx);
+ if (yxi == NULL)
+ goto err;
+
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
+ goto err;
+
+ buf[0] = form;
+#ifdef OPENSSL_EC_BIN_PT_COMP
+ if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) {
+ if (!group->meth->field_div(group, yxi, y, x, ctx))
+ goto err;
+ if (BN_is_odd(yxi))
+ buf[0]++;
+ }
+#endif
+
+ i = 1;
+
+ skip = field_len - BN_num_bytes(x);
+ if (skip > field_len) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ while (skip > 0) {
+ buf[i++] = 0;
+ skip--;
+ }
+ skip = BN_bn2bin(x, buf + i);
+ i += skip;
+ if (i != 1 + field_len) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (form == POINT_CONVERSION_UNCOMPRESSED
+ || form == POINT_CONVERSION_HYBRID) {
+ skip = field_len - BN_num_bytes(y);
+ if (skip > field_len) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ while (skip > 0) {
+ buf[i++] = 0;
+ skip--;
+ }
+ skip = BN_bn2bin(y, buf + i);
+ i += skip;
+ }
+
+ if (i != ret) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (used_ctx)
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+
+ err:
+ if (used_ctx)
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return 0;
+}
+
+/*
+ * Converts an octet string representation to an EC_POINT. Note that the
+ * simple implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+ const unsigned char *buf, size_t len,
+ BN_CTX *ctx)
+{
+ point_conversion_form_t form;
+ int y_bit;
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *x, *y, *yxi;
+ size_t field_len, enc_len;
+ int ret = 0;
+
+ if (len == 0) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+ form = buf[0];
+ y_bit = form & 1;
+ form = form & ~1U;
+ if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
+ && (form != POINT_CONVERSION_UNCOMPRESSED)
+ && (form != POINT_CONVERSION_HYBRID)) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ return 0;
+ }
+ if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ return 0;
+ }
+
+ if (form == 0) {
+ if (len != 1) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ return 0;
+ }
+
+ return EC_POINT_set_to_infinity(group, point);
+ }
+
+ field_len = (EC_GROUP_get_degree(group) + 7) / 8;
+ enc_len =
+ (form ==
+ POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+ if (len != enc_len) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ return 0;
+ }
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ yxi = BN_CTX_get(ctx);
+ if (yxi == NULL)
+ goto err;
+
+ if (!BN_bin2bn(buf + 1, field_len, x))
+ goto err;
+ if (BN_ucmp(x, &group->field) >= 0) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ goto err;
+ }
+
+ if (form == POINT_CONVERSION_COMPRESSED) {
+ if (!EC_POINT_set_compressed_coordinates_GF2m
+ (group, point, x, y_bit, ctx))
+ goto err;
+ } else {
+ if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
+ goto err;
+ if (BN_ucmp(y, &group->field) >= 0) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ goto err;
+ }
+ if (form == POINT_CONVERSION_HYBRID) {
+ if (!group->meth->field_div(group, yxi, y, x, ctx))
+ goto err;
+ if (y_bit != BN_is_odd(yxi)) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ goto err;
+ }
+ }
+
+ if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
+ goto err;
+ }
+
+ /* test required by X9.62 */
+ if (!EC_POINT_is_on_curve(group, point, ctx)) {
+ ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+ goto err;
+ }
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+/*
+ * Computes a + b and stores the result in r. r could be a or b, a could be
+ * b. Uses algorithm A.10.2 of IEEE P1363.
+ */
+int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+ const EC_POINT *b, BN_CTX *ctx)
+{
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
+ int ret = 0;
+
+ if (EC_POINT_is_at_infinity(group, a)) {
+ if (!EC_POINT_copy(r, b))
+ return 0;
+ return 1;
+ }
+
+ if (EC_POINT_is_at_infinity(group, b)) {
+ if (!EC_POINT_copy(r, a))
+ return 0;
+ return 1;
+ }
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+ x0 = BN_CTX_get(ctx);
+ y0 = BN_CTX_get(ctx);
+ x1 = BN_CTX_get(ctx);
+ y1 = BN_CTX_get(ctx);
+ x2 = BN_CTX_get(ctx);
+ y2 = BN_CTX_get(ctx);
+ s = BN_CTX_get(ctx);
+ t = BN_CTX_get(ctx);
+ if (t == NULL)
+ goto err;
+
+ if (a->Z_is_one) {
+ if (!BN_copy(x0, &a->X))
+ goto err;
+ if (!BN_copy(y0, &a->Y))
+ goto err;
+ } else {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx))
+ goto err;
+ }
+ if (b->Z_is_one) {
+ if (!BN_copy(x1, &b->X))
+ goto err;
+ if (!BN_copy(y1, &b->Y))
+ goto err;
+ } else {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx))
+ goto err;
+ }
+
+ if (BN_GF2m_cmp(x0, x1)) {
+ if (!BN_GF2m_add(t, x0, x1))
+ goto err;
+ if (!BN_GF2m_add(s, y0, y1))
+ goto err;
+ if (!group->meth->field_div(group, s, s, t, ctx))
+ goto err;
+ if (!group->meth->field_sqr(group, x2, s, ctx))
+ goto err;
+ if (!BN_GF2m_add(x2, x2, &group->a))
+ goto err;
+ if (!BN_GF2m_add(x2, x2, s))
+ goto err;
+ if (!BN_GF2m_add(x2, x2, t))
+ goto err;
+ } else {
+ if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) {
+ if (!EC_POINT_set_to_infinity(group, r))
+ goto err;
+ ret = 1;
+ goto err;
+ }
+ if (!group->meth->field_div(group, s, y1, x1, ctx))
+ goto err;
+ if (!BN_GF2m_add(s, s, x1))
+ goto err;
+
+ if (!group->meth->field_sqr(group, x2, s, ctx))
+ goto err;
+ if (!BN_GF2m_add(x2, x2, s))
+ goto err;
+ if (!BN_GF2m_add(x2, x2, &group->a))
+ goto err;
+ }
+
+ if (!BN_GF2m_add(y2, x1, x2))
+ goto err;
+ if (!group->meth->field_mul(group, y2, y2, s, ctx))
+ goto err;
+ if (!BN_GF2m_add(y2, y2, x2))
+ goto err;
+ if (!BN_GF2m_add(y2, y2, y1))
+ goto err;
+
+ if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx))
+ goto err;
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+/*
+ * Computes 2 * a and stores the result in r. r could be a. Uses algorithm
+ * A.10.2 of IEEE P1363.
+ */
+int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+ BN_CTX *ctx)
+{
+ return ec_GF2m_simple_add(group, r, a, a, ctx);
+}
+
+int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+{
+ if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
+ /* point is its own inverse */
+ return 1;
+
+ if (!EC_POINT_make_affine(group, point, ctx))
+ return 0;
+ return BN_GF2m_add(&point->Y, &point->X, &point->Y);
+}
+
+/* Indicates whether the given point is the point at infinity. */
+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group,
+ const EC_POINT *point)
+{
+ return BN_is_zero(&point->Z);
+}
+
+/*-
+ * Determines whether the given EC_POINT is an actual point on the curve defined
+ * in the EC_GROUP. A point is valid if it satisfies the Weierstrass equation:
+ * y^2 + x*y = x^3 + a*x^2 + b.
+ */
+int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+ BN_CTX *ctx)
+{
+ int ret = -1;
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *lh, *y2;
+ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *);
+ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+
+ if (EC_POINT_is_at_infinity(group, point))
+ return 1;
+
+ field_mul = group->meth->field_mul;
+ field_sqr = group->meth->field_sqr;
+
+ /* only support affine coordinates */
+ if (!point->Z_is_one)
+ return -1;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return -1;
+ }
+
+ BN_CTX_start(ctx);
+ y2 = BN_CTX_get(ctx);
+ lh = BN_CTX_get(ctx);
+ if (lh == NULL)
+ goto err;
+
+ /*-
+ * We have a curve defined by a Weierstrass equation
+ * y^2 + x*y = x^3 + a*x^2 + b.
+ * <=> x^3 + a*x^2 + x*y + b + y^2 = 0
+ * <=> ((x + a) * x + y ) * x + b + y^2 = 0
+ */
+ if (!BN_GF2m_add(lh, &point->X, &group->a))
+ goto err;
+ if (!field_mul(group, lh, lh, &point->X, ctx))
+ goto err;
+ if (!BN_GF2m_add(lh, lh, &point->Y))
+ goto err;
+ if (!field_mul(group, lh, lh, &point->X, ctx))
+ goto err;
+ if (!BN_GF2m_add(lh, lh, &group->b))
+ goto err;
+ if (!field_sqr(group, y2, &point->Y, ctx))
+ goto err;
+ if (!BN_GF2m_add(lh, lh, y2))
+ goto err;
+ ret = BN_is_zero(lh);
+ err:
+ if (ctx)
+ BN_CTX_end(ctx);
+ if (new_ctx)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+/*-
+ * Indicates whether two points are equal.
+ * Return values:
+ * -1 error
+ * 0 equal (in affine coordinates)
+ * 1 not equal
+ */
+int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
+ const EC_POINT *b, BN_CTX *ctx)
+{
+ BIGNUM *aX, *aY, *bX, *bY;
+ BN_CTX *new_ctx = NULL;
+ int ret = -1;
+
+ if (EC_POINT_is_at_infinity(group, a)) {
+ return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+ }
+
+ if (EC_POINT_is_at_infinity(group, b))
+ return 1;
+
+ if (a->Z_is_one && b->Z_is_one) {
+ return ((BN_cmp(&a->X, &b->X) == 0)
+ && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
+ }
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return -1;
+ }
+
+ BN_CTX_start(ctx);
+ aX = BN_CTX_get(ctx);
+ aY = BN_CTX_get(ctx);
+ bX = BN_CTX_get(ctx);
+ bY = BN_CTX_get(ctx);
+ if (bY == NULL)
+ goto err;
+
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx))
+ goto err;
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx))
+ goto err;
+ ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
+
+ err:
+ if (ctx)
+ BN_CTX_end(ctx);
+ if (new_ctx)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+/* Forces the given EC_POINT to internally use affine coordinates. */
+int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
+ BN_CTX *ctx)
+{
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *x, *y;
+ int ret = 0;
+
+ if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+ return 1;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ if (y == NULL)
+ goto err;
+
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
+ goto err;
+ if (!BN_copy(&point->X, x))
+ goto err;
+ if (!BN_copy(&point->Y, y))
+ goto err;
+ if (!BN_one(&point->Z))
+ goto err;
+
+ ret = 1;
+
+ err:
+ if (ctx)
+ BN_CTX_end(ctx);
+ if (new_ctx)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+/*
+ * Forces each of the EC_POINTs in the given array to use affine coordinates.
+ */
+int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num,
+ EC_POINT *points[], BN_CTX *ctx)
+{
+ size_t i;
+
+ for (i = 0; i < num; i++) {
+ if (!group->meth->make_affine(group, points[i], ctx))
+ return 0;
+ }
+
+ return 1;
+}
+
+/* Wrapper to simple binary polynomial field multiplication implementation. */
+int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+ return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx);
+}
+
+/* Wrapper to simple binary polynomial field squaring implementation. */
+int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r,
+ const BIGNUM *a, BN_CTX *ctx)
+{
+ return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx);
+}
+
+/* Wrapper to simple binary polynomial field division implementation. */
+int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+ return BN_GF2m_mod_div(r, a, b, &group->field, ctx);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec2_smpt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,141 +0,0 @@
-/* crypto/ec/ec2_smpt.c */
-/* This code was originally written by Douglas Stebila
- * <dstebila at student.math.uwaterloo.ca> for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-/* Calaculates and sets the affine coordinates of an EC_POINT from the given
- * compressed coordinates. Uses algorithm 2.3.4 of SEC 1.
- * Note that the simple implementation only uses affine coordinates.
- *
- * This algorithm is patented by Certicom Corp. under US Patent 6,141,420
- * (for licensing information, contact licensing at certicom.com).
- * This function is disabled by default and can be enabled by defining the
- * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time.
- */
-int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
- const BIGNUM *x_, int y_bit, BN_CTX *ctx)
- {
-#ifndef OPENSSL_EC_BIN_PT_COMP
- ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_DISABLED);
- return 0;
-#else
- BN_CTX *new_ctx = NULL;
- BIGNUM *tmp, *x, *y, *z;
- int ret = 0, z0;
-
- /* clear error queue */
- ERR_clear_error();
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- y_bit = (y_bit != 0) ? 1 : 0;
-
- BN_CTX_start(ctx);
- tmp = BN_CTX_get(ctx);
- x = BN_CTX_get(ctx);
- y = BN_CTX_get(ctx);
- z = BN_CTX_get(ctx);
- if (z == NULL) goto err;
-
- if (!BN_GF2m_mod_arr(x, x_, group->poly)) goto err;
- if (BN_is_zero(x))
- {
- if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx)) goto err;
- }
- else
- {
- if (!group->meth->field_sqr(group, tmp, x, ctx)) goto err;
- if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx)) goto err;
- if (!BN_GF2m_add(tmp, &group->a, tmp)) goto err;
- if (!BN_GF2m_add(tmp, x, tmp)) goto err;
- if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx))
- {
- unsigned long err = ERR_peek_last_error();
-
- if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NO_SOLUTION)
- {
- ERR_clear_error();
- ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
- }
- else
- ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
- goto err;
- }
- z0 = (BN_is_odd(z)) ? 1 : 0;
- if (!group->meth->field_mul(group, y, x, z, ctx)) goto err;
- if (z0 != y_bit)
- {
- if (!BN_GF2m_add(y, y, x)) goto err;
- }
- }
-
- if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpt.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec2_smpt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec2_smpt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,148 @@
+/* crypto/ec/ec2_smpt.c */
+/*
+ * This code was originally written by Douglas Stebila
+ * <dstebila at student.math.uwaterloo.ca> for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * Calaculates and sets the affine coordinates of an EC_POINT from the given
+ * compressed coordinates. Uses algorithm 2.3.4 of SEC 1. Note that the
+ * simple implementation only uses affine coordinates. This algorithm is
+ * patented by Certicom Corp. under US Patent 6,141,420 (for licensing
+ * information, contact licensing at certicom.com). This function is disabled by
+ * default and can be enabled by defining the preprocessor macro
+ * OPENSSL_EC_BIN_PT_COMP at Configure-time.
+ */
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
+ EC_POINT *point,
+ const BIGNUM *x_, int y_bit,
+ BN_CTX *ctx)
+{
+#ifndef OPENSSL_EC_BIN_PT_COMP
+ ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_DISABLED);
+ return 0;
+#else
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *tmp, *x, *y, *z;
+ int ret = 0, z0;
+
+ /* clear error queue */
+ ERR_clear_error();
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ y_bit = (y_bit != 0) ? 1 : 0;
+
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ z = BN_CTX_get(ctx);
+ if (z == NULL)
+ goto err;
+
+ if (!BN_GF2m_mod_arr(x, x_, group->poly))
+ goto err;
+ if (BN_is_zero(x)) {
+ if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx))
+ goto err;
+ } else {
+ if (!group->meth->field_sqr(group, tmp, x, ctx))
+ goto err;
+ if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx))
+ goto err;
+ if (!BN_GF2m_add(tmp, &group->a, tmp))
+ goto err;
+ if (!BN_GF2m_add(tmp, x, tmp))
+ goto err;
+ if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
+ unsigned long err = ERR_peek_last_error();
+
+ if (ERR_GET_LIB(err) == ERR_LIB_BN
+ && ERR_GET_REASON(err) == BN_R_NO_SOLUTION) {
+ ERR_clear_error();
+ ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,
+ EC_R_INVALID_COMPRESSED_POINT);
+ } else
+ ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,
+ ERR_R_BN_LIB);
+ goto err;
+ }
+ z0 = (BN_is_odd(z)) ? 1 : 0;
+ if (!group->meth->field_mul(group, y, x, z, ctx))
+ goto err;
+ if (z0 != y_bit) {
+ if (!BN_GF2m_add(y, y, x))
+ goto err;
+ }
+ }
+
+ if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
+ goto err;
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_asn1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec_asn1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1429 +0,0 @@
-/* crypto/ec/ec_asn1.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include "ec_lcl.h"
-#include <openssl/err.h>
-#include <openssl/asn1t.h>
-#include <openssl/objects.h>
-
-
-int EC_GROUP_get_basis_type(const EC_GROUP *group)
- {
- int i=0;
-
- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
- NID_X9_62_characteristic_two_field)
- /* everything else is currently not supported */
- return 0;
-
- while (group->poly[i] != 0)
- i++;
-
- if (i == 4)
- return NID_X9_62_ppBasis;
- else if (i == 2)
- return NID_X9_62_tpBasis;
- else
- /* everything else is currently not supported */
- return 0;
- }
-
-int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
- {
- if (group == NULL)
- return 0;
-
- if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
- || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0)))
- {
- ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
-
- if (k)
- *k = group->poly[1];
-
- return 1;
- }
-
-int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
- unsigned int *k2, unsigned int *k3)
- {
- if (group == NULL)
- return 0;
-
- if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
- || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0)))
- {
- ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
-
- if (k1)
- *k1 = group->poly[3];
- if (k2)
- *k2 = group->poly[2];
- if (k3)
- *k3 = group->poly[1];
-
- return 1;
- }
-
-
-
-/* some structures needed for the asn1 encoding */
-typedef struct x9_62_pentanomial_st {
- long k1;
- long k2;
- long k3;
- } X9_62_PENTANOMIAL;
-
-typedef struct x9_62_characteristic_two_st {
- long m;
- ASN1_OBJECT *type;
- union {
- char *ptr;
- /* NID_X9_62_onBasis */
- ASN1_NULL *onBasis;
- /* NID_X9_62_tpBasis */
- ASN1_INTEGER *tpBasis;
- /* NID_X9_62_ppBasis */
- X9_62_PENTANOMIAL *ppBasis;
- /* anything else */
- ASN1_TYPE *other;
- } p;
- } X9_62_CHARACTERISTIC_TWO;
-
-typedef struct x9_62_fieldid_st {
- ASN1_OBJECT *fieldType;
- union {
- char *ptr;
- /* NID_X9_62_prime_field */
- ASN1_INTEGER *prime;
- /* NID_X9_62_characteristic_two_field */
- X9_62_CHARACTERISTIC_TWO *char_two;
- /* anything else */
- ASN1_TYPE *other;
- } p;
- } X9_62_FIELDID;
-
-typedef struct x9_62_curve_st {
- ASN1_OCTET_STRING *a;
- ASN1_OCTET_STRING *b;
- ASN1_BIT_STRING *seed;
- } X9_62_CURVE;
-
-typedef struct ec_parameters_st {
- long version;
- X9_62_FIELDID *fieldID;
- X9_62_CURVE *curve;
- ASN1_OCTET_STRING *base;
- ASN1_INTEGER *order;
- ASN1_INTEGER *cofactor;
- } ECPARAMETERS;
-
-struct ecpk_parameters_st {
- int type;
- union {
- ASN1_OBJECT *named_curve;
- ECPARAMETERS *parameters;
- ASN1_NULL *implicitlyCA;
- } value;
- }/* ECPKPARAMETERS */;
-
-/* SEC1 ECPrivateKey */
-typedef struct ec_privatekey_st {
- long version;
- ASN1_OCTET_STRING *privateKey;
- ECPKPARAMETERS *parameters;
- ASN1_BIT_STRING *publicKey;
- } EC_PRIVATEKEY;
-
-/* the OpenSSL ASN.1 definitions */
-ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
- ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
- ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
- ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
-} ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
-
-DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
-
-ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
-
-ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
- ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)),
- ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)),
- ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL))
-} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
-
-ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
- ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
- ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
- ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
-} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
-
-DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
-
-ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
-
-ASN1_ADB(X9_62_FIELDID) = {
- ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),
- ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO))
-} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL);
-
-ASN1_SEQUENCE(X9_62_FIELDID) = {
- ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
- ASN1_ADB_OBJECT(X9_62_FIELDID)
-} ASN1_SEQUENCE_END(X9_62_FIELDID)
-
-ASN1_SEQUENCE(X9_62_CURVE) = {
- ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
- ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
- ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(X9_62_CURVE)
-
-ASN1_SEQUENCE(ECPARAMETERS) = {
- ASN1_SIMPLE(ECPARAMETERS, version, LONG),
- ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
- ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
- ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
- ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
- ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(ECPARAMETERS)
-
-DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
-
-ASN1_CHOICE(ECPKPARAMETERS) = {
- ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
- ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
- ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
-} ASN1_CHOICE_END(ECPKPARAMETERS)
-
-DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
-IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
-
-ASN1_SEQUENCE(EC_PRIVATEKEY) = {
- ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
- ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
- ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
- ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
-} ASN1_SEQUENCE_END(EC_PRIVATEKEY)
-
-DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY)
-IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
-
-/* some declarations of internal function */
-
-/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
-static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
-/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
-static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
-/* ec_asn1_parameters2group() creates a EC_GROUP object from a
- * ECPARAMETERS object */
-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *);
-/* ec_asn1_group2parameters() creates a ECPARAMETERS object from a
- * EC_GROUP object */
-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,ECPARAMETERS *);
-/* ec_asn1_pkparameters2group() creates a EC_GROUP object from a
- * ECPKPARAMETERS object */
-static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);
-/* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a
- * EC_GROUP object */
-static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,
- ECPKPARAMETERS *);
-
-
-/* the function definitions */
-
-static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
- {
- int ok=0, nid;
- BIGNUM *tmp = NULL;
-
- if (group == NULL || field == NULL)
- return 0;
-
- /* clear the old values (if necessary) */
- if (field->fieldType != NULL)
- ASN1_OBJECT_free(field->fieldType);
- if (field->p.other != NULL)
- ASN1_TYPE_free(field->p.other);
-
- nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
- /* set OID for the field */
- if ((field->fieldType = OBJ_nid2obj(nid)) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
- goto err;
- }
-
- if (nid == NID_X9_62_prime_field)
- {
- if ((tmp = BN_new()) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- /* the parameters are specified by the prime number p */
- if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL))
- {
- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
- goto err;
- }
- /* set the prime number */
- field->p.prime = BN_to_ASN1_INTEGER(tmp,NULL);
- if (field->p.prime == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
- goto err;
- }
- }
- else /* nid == NID_X9_62_characteristic_two_field */
- {
- int field_type;
- X9_62_CHARACTERISTIC_TWO *char_two;
-
- field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
- char_two = field->p.char_two;
-
- if (char_two == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- char_two->m = (long)EC_GROUP_get_degree(group);
-
- field_type = EC_GROUP_get_basis_type(group);
-
- if (field_type == 0)
- {
- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
- goto err;
- }
- /* set base type OID */
- if ((char_two->type = OBJ_nid2obj(field_type)) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
- goto err;
- }
-
- if (field_type == NID_X9_62_tpBasis)
- {
- unsigned int k;
-
- if (!EC_GROUP_get_trinomial_basis(group, &k))
- goto err;
-
- char_two->p.tpBasis = ASN1_INTEGER_new();
- if (!char_two->p.tpBasis)
- {
- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k))
- {
- ECerr(EC_F_EC_ASN1_GROUP2FIELDID,
- ERR_R_ASN1_LIB);
- goto err;
- }
- }
- else if (field_type == NID_X9_62_ppBasis)
- {
- unsigned int k1, k2, k3;
-
- if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
- goto err;
-
- char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
- if (!char_two->p.ppBasis)
- {
- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* set k? values */
- char_two->p.ppBasis->k1 = (long)k1;
- char_two->p.ppBasis->k2 = (long)k2;
- char_two->p.ppBasis->k3 = (long)k3;
- }
- else /* field_type == NID_X9_62_onBasis */
- {
- /* for ONB the parameters are (asn1) NULL */
- char_two->p.onBasis = ASN1_NULL_new();
- if (!char_two->p.onBasis)
- {
- ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- }
-
- ok = 1;
-
-err : if (tmp)
- BN_free(tmp);
- return(ok);
-}
-
-static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
- {
- int ok=0, nid;
- BIGNUM *tmp_1=NULL, *tmp_2=NULL;
- unsigned char *buffer_1=NULL, *buffer_2=NULL,
- *a_buf=NULL, *b_buf=NULL;
- size_t len_1, len_2;
- unsigned char char_zero = 0;
-
- if (!group || !curve || !curve->a || !curve->b)
- return 0;
-
- if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
-
- /* get a and b */
- if (nid == NID_X9_62_prime_field)
- {
- if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL))
- {
- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
- goto err;
- }
- }
- else /* nid == NID_X9_62_characteristic_two_field */
- {
- if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL))
- {
- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
- goto err;
- }
- }
-
- len_1 = (size_t)BN_num_bytes(tmp_1);
- len_2 = (size_t)BN_num_bytes(tmp_2);
-
- if (len_1 == 0)
- {
- /* len_1 == 0 => a == 0 */
- a_buf = &char_zero;
- len_1 = 1;
- }
- else
- {
- if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2CURVE,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if ( (len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0)
- {
- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
- goto err;
- }
- a_buf = buffer_1;
- }
-
- if (len_2 == 0)
- {
- /* len_2 == 0 => b == 0 */
- b_buf = &char_zero;
- len_2 = 1;
- }
- else
- {
- if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2CURVE,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if ( (len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0)
- {
- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
- goto err;
- }
- b_buf = buffer_2;
- }
-
- /* set a and b */
- if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) ||
- !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2))
- {
- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
- goto err;
- }
-
- /* set the seed (optional) */
- if (group->seed)
- {
- if (!curve->seed)
- if ((curve->seed = ASN1_BIT_STRING_new()) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
- curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
- if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
- (int)group->seed_len))
- {
- ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
- goto err;
- }
- }
- else
- {
- if (curve->seed)
- {
- ASN1_BIT_STRING_free(curve->seed);
- curve->seed = NULL;
- }
- }
-
- ok = 1;
-
-err: if (buffer_1)
- OPENSSL_free(buffer_1);
- if (buffer_2)
- OPENSSL_free(buffer_2);
- if (tmp_1)
- BN_free(tmp_1);
- if (tmp_2)
- BN_free(tmp_2);
- return(ok);
- }
-
-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
- ECPARAMETERS *param)
- {
- int ok=0;
- size_t len=0;
- ECPARAMETERS *ret=NULL;
- BIGNUM *tmp=NULL;
- unsigned char *buffer=NULL;
- const EC_POINT *point=NULL;
- point_conversion_form_t form;
-
- if ((tmp = BN_new()) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (param == NULL)
- {
- if ((ret = ECPARAMETERS_new()) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- else
- ret = param;
-
- /* set the version (always one) */
- ret->version = (long)0x1;
-
- /* set the fieldID */
- if (!ec_asn1_group2fieldid(group, ret->fieldID))
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
- goto err;
- }
-
- /* set the curve */
- if (!ec_asn1_group2curve(group, ret->curve))
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
- goto err;
- }
-
- /* set the base point */
- if ((point = EC_GROUP_get0_generator(group)) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);
- goto err;
- }
-
- form = EC_GROUP_get_point_conversion_form(group);
-
- len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
- if (len == 0)
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
- goto err;
- }
- if ((buffer = OPENSSL_malloc(len)) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL))
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
- goto err;
- }
- if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!ASN1_OCTET_STRING_set(ret->base, buffer, len))
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
- goto err;
- }
-
- /* set the order */
- if (!EC_GROUP_get_order(group, tmp, NULL))
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
- goto err;
- }
- ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
- if (ret->order == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
- goto err;
- }
-
- /* set the cofactor (optional) */
- if (EC_GROUP_get_cofactor(group, tmp, NULL))
- {
- ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
- if (ret->cofactor == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
- goto err;
- }
- }
-
- ok = 1;
-
-err : if(!ok)
- {
- if (ret && !param)
- ECPARAMETERS_free(ret);
- ret = NULL;
- }
- if (tmp)
- BN_free(tmp);
- if (buffer)
- OPENSSL_free(buffer);
- return(ret);
- }
-
-ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,
- ECPKPARAMETERS *params)
- {
- int ok = 1, tmp;
- ECPKPARAMETERS *ret = params;
-
- if (ret == NULL)
- {
- if ((ret = ECPKPARAMETERS_new()) == NULL)
- {
- ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS,
- ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- }
- else
- {
- if (ret->type == 0 && ret->value.named_curve)
- ASN1_OBJECT_free(ret->value.named_curve);
- else if (ret->type == 1 && ret->value.parameters)
- ECPARAMETERS_free(ret->value.parameters);
- }
-
- if (EC_GROUP_get_asn1_flag(group))
- {
- /* use the asn1 OID to describe the
- * the elliptic curve parameters
- */
- tmp = EC_GROUP_get_curve_name(group);
- if (tmp)
- {
- ret->type = 0;
- if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
- ok = 0;
- }
- else
- /* we don't kmow the nid => ERROR */
- ok = 0;
- }
- else
- {
- /* use the ECPARAMETERS structure */
- ret->type = 1;
- if ((ret->value.parameters = ec_asn1_group2parameters(
- group, NULL)) == NULL)
- ok = 0;
- }
-
- if (!ok)
- {
- ECPKPARAMETERS_free(ret);
- return NULL;
- }
- return ret;
- }
-
-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
- {
- int ok = 0, tmp;
- EC_GROUP *ret = NULL;
- BIGNUM *p = NULL, *a = NULL, *b = NULL;
- EC_POINT *point=NULL;
- long field_bits;
-
- if (!params->fieldID || !params->fieldID->fieldType ||
- !params->fieldID->p.ptr)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
- goto err;
- }
-
- /* now extract the curve parameters a and b */
- if (!params->curve || !params->curve->a ||
- !params->curve->a->data || !params->curve->b ||
- !params->curve->b->data)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
- goto err;
- }
- a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
- if (a == NULL)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
- goto err;
- }
- b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
- if (b == NULL)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
- goto err;
- }
-
- /* get the field parameters */
- tmp = OBJ_obj2nid(params->fieldID->fieldType);
-
- if (tmp == NID_X9_62_characteristic_two_field)
- {
- X9_62_CHARACTERISTIC_TWO *char_two;
-
- char_two = params->fieldID->p.char_two;
-
- field_bits = char_two->m;
- if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
- goto err;
- }
-
- if ((p = BN_new()) == NULL)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* get the base type */
- tmp = OBJ_obj2nid(char_two->type);
-
- if (tmp == NID_X9_62_tpBasis)
- {
- long tmp_long;
-
- if (!char_two->p.tpBasis)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
- goto err;
- }
-
- tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
-
- if (!(char_two->m > tmp_long && tmp_long > 0))
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS);
- goto err;
- }
-
- /* create the polynomial */
- if (!BN_set_bit(p, (int)char_two->m))
- goto err;
- if (!BN_set_bit(p, (int)tmp_long))
- goto err;
- if (!BN_set_bit(p, 0))
- goto err;
- }
- else if (tmp == NID_X9_62_ppBasis)
- {
- X9_62_PENTANOMIAL *penta;
-
- penta = char_two->p.ppBasis;
- if (!penta)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
- goto err;
- }
-
- if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0))
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS);
- goto err;
- }
-
- /* create the polynomial */
- if (!BN_set_bit(p, (int)char_two->m)) goto err;
- if (!BN_set_bit(p, (int)penta->k1)) goto err;
- if (!BN_set_bit(p, (int)penta->k2)) goto err;
- if (!BN_set_bit(p, (int)penta->k3)) goto err;
- if (!BN_set_bit(p, 0)) goto err;
- }
- else if (tmp == NID_X9_62_onBasis)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED);
- goto err;
- }
- else /* error */
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
- goto err;
- }
-
- /* create the EC_GROUP structure */
- ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
- }
- else if (tmp == NID_X9_62_prime_field)
- {
- /* we have a curve over a prime field */
- /* extract the prime number */
- if (!params->fieldID->p.prime)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
- goto err;
- }
- p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
- if (p == NULL)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
- goto err;
- }
-
- if (BN_is_negative(p) || BN_is_zero(p))
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
- goto err;
- }
-
- field_bits = BN_num_bits(p);
- if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
- goto err;
- }
-
- /* create the EC_GROUP structure */
- ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
- }
- else
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
- goto err;
- }
-
- if (ret == NULL)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
- goto err;
- }
-
- /* extract seed (optional) */
- if (params->curve->seed != NULL)
- {
- if (ret->seed != NULL)
- OPENSSL_free(ret->seed);
- if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length)))
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- memcpy(ret->seed, params->curve->seed->data,
- params->curve->seed->length);
- ret->seed_len = params->curve->seed->length;
- }
-
- if (!params->order || !params->base || !params->base->data)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
- goto err;
- }
-
- if ((point = EC_POINT_new(ret)) == NULL) goto err;
-
- /* set the point conversion form */
- EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
- (params->base->data[0] & ~0x01));
-
- /* extract the ec point */
- if (!EC_POINT_oct2point(ret, point, params->base->data,
- params->base->length, NULL))
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
- goto err;
- }
-
- /* extract the order */
- if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
- goto err;
- }
- if (BN_is_negative(a) || BN_is_zero(a))
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
- goto err;
- }
- if (BN_num_bits(a) > (int)field_bits + 1) /* Hasse bound */
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
- goto err;
- }
-
- /* extract the cofactor (optional) */
- if (params->cofactor == NULL)
- {
- if (b)
- {
- BN_free(b);
- b = NULL;
- }
- }
- else
- if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL)
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
- goto err;
- }
- /* set the generator, order and cofactor (if present) */
- if (!EC_GROUP_set_generator(ret, point, a, b))
- {
- ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
- goto err;
- }
-
- ok = 1;
-
-err: if (!ok)
- {
- if (ret)
- EC_GROUP_clear_free(ret);
- ret = NULL;
- }
-
- if (p)
- BN_free(p);
- if (a)
- BN_free(a);
- if (b)
- BN_free(b);
- if (point)
- EC_POINT_free(point);
- return(ret);
-}
-
-EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params)
- {
- EC_GROUP *ret=NULL;
- int tmp=0;
-
- if (params == NULL)
- {
- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
- EC_R_MISSING_PARAMETERS);
- return NULL;
- }
-
- if (params->type == 0)
- { /* the curve is given by an OID */
- tmp = OBJ_obj2nid(params->value.named_curve);
- if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL)
- {
- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
- EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
- return NULL;
- }
- EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
- }
- else if (params->type == 1)
- { /* the parameters are given by a ECPARAMETERS
- * structure */
- ret = ec_asn1_parameters2group(params->value.parameters);
- if (!ret)
- {
- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);
- return NULL;
- }
- EC_GROUP_set_asn1_flag(ret, 0x0);
- }
- else if (params->type == 2)
- { /* implicitlyCA */
- return NULL;
- }
- else
- {
- ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR);
- return NULL;
- }
-
- return ret;
- }
-
-/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
-
-EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
- {
- EC_GROUP *group = NULL;
- ECPKPARAMETERS *params = NULL;
-
- if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL)
- {
- ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
- ECPKPARAMETERS_free(params);
- return NULL;
- }
-
- if ((group = ec_asn1_pkparameters2group(params)) == NULL)
- {
- ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
- return NULL;
- }
-
-
- if (a && *a)
- EC_GROUP_clear_free(*a);
- if (a)
- *a = group;
-
- ECPKPARAMETERS_free(params);
- return(group);
- }
-
-int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
- {
- int ret=0;
- ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
- if (tmp == NULL)
- {
- ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
- return 0;
- }
- if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0)
- {
- ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
- ECPKPARAMETERS_free(tmp);
- return 0;
- }
- ECPKPARAMETERS_free(tmp);
- return(ret);
- }
-
-/* some EC_KEY functions */
-
-EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
- {
- int ok=0;
- EC_KEY *ret=NULL;
- EC_PRIVATEKEY *priv_key=NULL;
-
- if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
- {
- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL)
- {
- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
- EC_PRIVATEKEY_free(priv_key);
- return NULL;
- }
-
- if (a == NULL || *a == NULL)
- {
- if ((ret = EC_KEY_new()) == NULL)
- {
- ECerr(EC_F_D2I_ECPRIVATEKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (a)
- *a = ret;
- }
- else
- ret = *a;
-
- if (priv_key->parameters)
- {
- if (ret->group)
- EC_GROUP_clear_free(ret->group);
- ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
- }
-
- if (ret->group == NULL)
- {
- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
- goto err;
- }
-
- ret->version = priv_key->version;
-
- if (priv_key->privateKey)
- {
- ret->priv_key = BN_bin2bn(
- M_ASN1_STRING_data(priv_key->privateKey),
- M_ASN1_STRING_length(priv_key->privateKey),
- ret->priv_key);
- if (ret->priv_key == NULL)
- {
- ECerr(EC_F_D2I_ECPRIVATEKEY,
- ERR_R_BN_LIB);
- goto err;
- }
- }
- else
- {
- ECerr(EC_F_D2I_ECPRIVATEKEY,
- EC_R_MISSING_PRIVATE_KEY);
- goto err;
- }
-
- if (priv_key->publicKey)
- {
- const unsigned char *pub_oct;
- size_t pub_oct_len;
-
- if (ret->pub_key)
- EC_POINT_clear_free(ret->pub_key);
- ret->pub_key = EC_POINT_new(ret->group);
- if (ret->pub_key == NULL)
- {
- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
- goto err;
- }
- pub_oct = M_ASN1_STRING_data(priv_key->publicKey);
- pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
- /* save the point conversion form */
- ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
- if (!EC_POINT_oct2point(ret->group, ret->pub_key,
- pub_oct, pub_oct_len, NULL))
- {
- ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
- goto err;
- }
- }
-
- ok = 1;
-err:
- if (!ok)
- {
- if (ret)
- EC_KEY_free(ret);
- ret = NULL;
- }
-
- if (priv_key)
- EC_PRIVATEKEY_free(priv_key);
-
- return(ret);
- }
-
-int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
- {
- int ret=0, ok=0;
- unsigned char *buffer=NULL;
- size_t buf_len=0, tmp_len;
- EC_PRIVATEKEY *priv_key=NULL;
-
- if (a == NULL || a->group == NULL || a->priv_key == NULL)
- {
- ECerr(EC_F_I2D_ECPRIVATEKEY,
- ERR_R_PASSED_NULL_PARAMETER);
- goto err;
- }
-
- if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
- {
- ECerr(EC_F_I2D_ECPRIVATEKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- priv_key->version = a->version;
-
- buf_len = (size_t)BN_num_bytes(a->priv_key);
- buffer = OPENSSL_malloc(buf_len);
- if (buffer == NULL)
- {
- ECerr(EC_F_I2D_ECPRIVATEKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!BN_bn2bin(a->priv_key, buffer))
- {
- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
- goto err;
- }
-
- if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len))
- {
- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
- goto err;
- }
-
- if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS))
- {
- if ((priv_key->parameters = ec_asn1_group2pkparameters(
- a->group, priv_key->parameters)) == NULL)
- {
- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
- goto err;
- }
- }
-
- if (!(a->enc_flag & EC_PKEY_NO_PUBKEY))
- {
- priv_key->publicKey = M_ASN1_BIT_STRING_new();
- if (priv_key->publicKey == NULL)
- {
- ECerr(EC_F_I2D_ECPRIVATEKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
- a->conv_form, NULL, 0, NULL);
-
- if (tmp_len > buf_len)
- {
- unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len);
- if (!tmp_buffer)
- {
- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- buffer = tmp_buffer;
- buf_len = tmp_len;
- }
-
- if (!EC_POINT_point2oct(a->group, a->pub_key,
- a->conv_form, buffer, buf_len, NULL))
- {
- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
- goto err;
- }
-
- priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
- priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
- if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer,
- buf_len))
- {
- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
- goto err;
- }
- }
-
- if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0)
- {
- ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
- goto err;
- }
- ok=1;
-err:
- if (buffer)
- OPENSSL_free(buffer);
- if (priv_key)
- EC_PRIVATEKEY_free(priv_key);
- return(ok?ret:0);
- }
-
-int i2d_ECParameters(EC_KEY *a, unsigned char **out)
- {
- if (a == NULL)
- {
- ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- return i2d_ECPKParameters(a->group, out);
- }
-
-EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
- {
- EC_KEY *ret;
-
- if (in == NULL || *in == NULL)
- {
- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
-
- if (a == NULL || *a == NULL)
- {
- if ((ret = EC_KEY_new()) == NULL)
- {
- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- if (a)
- *a = ret;
- }
- else
- ret = *a;
-
- if (!d2i_ECPKParameters(&ret->group, in, len))
- {
- ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
- return NULL;
- }
-
- return ret;
- }
-
-EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
- {
- EC_KEY *ret=NULL;
-
- if (a == NULL || (*a) == NULL || (*a)->group == NULL)
- {
- /* sorry, but a EC_GROUP-structur is necessary
- * to set the public key */
- ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- ret = *a;
- if (ret->pub_key == NULL &&
- (ret->pub_key = EC_POINT_new(ret->group)) == NULL)
- {
- ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL))
- {
- ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
- return 0;
- }
- /* save the point conversion form */
- ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01);
- *in += len;
- return ret;
- }
-
-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
- {
- size_t buf_len=0;
- int new_buffer = 0;
-
- if (a == NULL)
- {
- ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
- buf_len = EC_POINT_point2oct(a->group, a->pub_key,
- a->conv_form, NULL, 0, NULL);
-
- if (out == NULL || buf_len == 0)
- /* out == NULL => just return the length of the octet string */
- return buf_len;
-
- if (*out == NULL)
- {
- if ((*out = OPENSSL_malloc(buf_len)) == NULL)
- {
- ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- new_buffer = 1;
- }
- if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
- *out, buf_len, NULL))
- {
- ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
- OPENSSL_free(*out);
- *out = NULL;
- return 0;
- }
- if (!new_buffer)
- *out += buf_len;
- return buf_len;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_asn1.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec_asn1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_asn1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1276 @@
+/* crypto/ec/ec_asn1.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+int EC_GROUP_get_basis_type(const EC_GROUP *group)
+{
+ int i = 0;
+
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+ NID_X9_62_characteristic_two_field)
+ /* everything else is currently not supported */
+ return 0;
+
+ while (group->poly[i] != 0)
+ i++;
+
+ if (i == 4)
+ return NID_X9_62_ppBasis;
+ else if (i == 2)
+ return NID_X9_62_tpBasis;
+ else
+ /* everything else is currently not supported */
+ return 0;
+}
+
+int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
+{
+ if (group == NULL)
+ return 0;
+
+ if (EC_GROUP_method_of(group)->group_set_curve !=
+ ec_GF2m_simple_group_set_curve || !((group->poly[0] != 0)
+ && (group->poly[1] != 0)
+ && (group->poly[2] == 0))) {
+ ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+
+ if (k)
+ *k = group->poly[1];
+
+ return 1;
+}
+
+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
+ unsigned int *k2, unsigned int *k3)
+{
+ if (group == NULL)
+ return 0;
+
+ if (EC_GROUP_method_of(group)->group_set_curve !=
+ ec_GF2m_simple_group_set_curve || !((group->poly[0] != 0)
+ && (group->poly[1] != 0)
+ && (group->poly[2] != 0)
+ && (group->poly[3] != 0)
+ && (group->poly[4] == 0))) {
+ ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+
+ if (k1)
+ *k1 = group->poly[3];
+ if (k2)
+ *k2 = group->poly[2];
+ if (k3)
+ *k3 = group->poly[1];
+
+ return 1;
+}
+
+/* some structures needed for the asn1 encoding */
+typedef struct x9_62_pentanomial_st {
+ long k1;
+ long k2;
+ long k3;
+} X9_62_PENTANOMIAL;
+
+typedef struct x9_62_characteristic_two_st {
+ long m;
+ ASN1_OBJECT *type;
+ union {
+ char *ptr;
+ /* NID_X9_62_onBasis */
+ ASN1_NULL *onBasis;
+ /* NID_X9_62_tpBasis */
+ ASN1_INTEGER *tpBasis;
+ /* NID_X9_62_ppBasis */
+ X9_62_PENTANOMIAL *ppBasis;
+ /* anything else */
+ ASN1_TYPE *other;
+ } p;
+} X9_62_CHARACTERISTIC_TWO;
+
+typedef struct x9_62_fieldid_st {
+ ASN1_OBJECT *fieldType;
+ union {
+ char *ptr;
+ /* NID_X9_62_prime_field */
+ ASN1_INTEGER *prime;
+ /* NID_X9_62_characteristic_two_field */
+ X9_62_CHARACTERISTIC_TWO *char_two;
+ /* anything else */
+ ASN1_TYPE *other;
+ } p;
+} X9_62_FIELDID;
+
+typedef struct x9_62_curve_st {
+ ASN1_OCTET_STRING *a;
+ ASN1_OCTET_STRING *b;
+ ASN1_BIT_STRING *seed;
+} X9_62_CURVE;
+
+typedef struct ec_parameters_st {
+ long version;
+ X9_62_FIELDID *fieldID;
+ X9_62_CURVE *curve;
+ ASN1_OCTET_STRING *base;
+ ASN1_INTEGER *order;
+ ASN1_INTEGER *cofactor;
+} ECPARAMETERS;
+
+struct ecpk_parameters_st {
+ int type;
+ union {
+ ASN1_OBJECT *named_curve;
+ ECPARAMETERS *parameters;
+ ASN1_NULL *implicitlyCA;
+ } value;
+} /* ECPKPARAMETERS */ ;
+
+/* SEC1 ECPrivateKey */
+typedef struct ec_privatekey_st {
+ long version;
+ ASN1_OCTET_STRING *privateKey;
+ ECPKPARAMETERS *parameters;
+ ASN1_BIT_STRING *publicKey;
+} EC_PRIVATEKEY;
+
+/* the OpenSSL ASN.1 definitions */
+ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
+ ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
+ ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
+ ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
+} ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
+
+ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
+
+ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
+ ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)),
+ ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)),
+ ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL))
+} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
+
+ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
+ ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
+ ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
+ ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
+} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
+
+ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
+
+ASN1_ADB(X9_62_FIELDID) = {
+ ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),
+ ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO))
+} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL);
+
+ASN1_SEQUENCE(X9_62_FIELDID) = {
+ ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
+ ASN1_ADB_OBJECT(X9_62_FIELDID)
+} ASN1_SEQUENCE_END(X9_62_FIELDID)
+
+ASN1_SEQUENCE(X9_62_CURVE) = {
+ ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
+ ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(X9_62_CURVE)
+
+ASN1_SEQUENCE(ECPARAMETERS) = {
+ ASN1_SIMPLE(ECPARAMETERS, version, LONG),
+ ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
+ ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
+ ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
+ ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ECPARAMETERS)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
+
+ASN1_CHOICE(ECPKPARAMETERS) = {
+ ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
+ ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
+ ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
+} ASN1_CHOICE_END(ECPKPARAMETERS)
+
+DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
+IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
+
+ASN1_SEQUENCE(EC_PRIVATEKEY) = {
+ ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
+ ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
+ ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
+ ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
+} ASN1_SEQUENCE_END(EC_PRIVATEKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
+
+/* some declarations of internal function */
+
+/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
+static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
+/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
+static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
+/*
+ * ec_asn1_parameters2group() creates a EC_GROUP object from a ECPARAMETERS
+ * object
+ */
+static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *);
+/*
+ * ec_asn1_group2parameters() creates a ECPARAMETERS object from a EC_GROUP
+ * object
+ */
+static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,
+ ECPARAMETERS *);
+/*
+ * ec_asn1_pkparameters2group() creates a EC_GROUP object from a
+ * ECPKPARAMETERS object
+ */
+static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);
+/*
+ * ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a
+ * EC_GROUP object
+ */
+static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,
+ ECPKPARAMETERS *);
+
+/* the function definitions */
+
+static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
+{
+ int ok = 0, nid;
+ BIGNUM *tmp = NULL;
+
+ if (group == NULL || field == NULL)
+ return 0;
+
+ /* clear the old values (if necessary) */
+ if (field->fieldType != NULL)
+ ASN1_OBJECT_free(field->fieldType);
+ if (field->p.other != NULL)
+ ASN1_TYPE_free(field->p.other);
+
+ nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+ /* set OID for the field */
+ if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+ goto err;
+ }
+
+ if (nid == NID_X9_62_prime_field) {
+ if ((tmp = BN_new()) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ /* the parameters are specified by the prime number p */
+ if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+ goto err;
+ }
+ /* set the prime number */
+ field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
+ if (field->p.prime == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ } else { /* nid == NID_X9_62_characteristic_two_field */
+
+ int field_type;
+ X9_62_CHARACTERISTIC_TWO *char_two;
+
+ field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
+ char_two = field->p.char_two;
+
+ if (char_two == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ char_two->m = (long)EC_GROUP_get_degree(group);
+
+ field_type = EC_GROUP_get_basis_type(group);
+
+ if (field_type == 0) {
+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+ goto err;
+ }
+ /* set base type OID */
+ if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+ goto err;
+ }
+
+ if (field_type == NID_X9_62_tpBasis) {
+ unsigned int k;
+
+ if (!EC_GROUP_get_trinomial_basis(group, &k))
+ goto err;
+
+ char_two->p.tpBasis = ASN1_INTEGER_new();
+ if (!char_two->p.tpBasis) {
+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) {
+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ } else if (field_type == NID_X9_62_ppBasis) {
+ unsigned int k1, k2, k3;
+
+ if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
+ goto err;
+
+ char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
+ if (!char_two->p.ppBasis) {
+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* set k? values */
+ char_two->p.ppBasis->k1 = (long)k1;
+ char_two->p.ppBasis->k2 = (long)k2;
+ char_two->p.ppBasis->k3 = (long)k3;
+ } else { /* field_type == NID_X9_62_onBasis */
+
+ /* for ONB the parameters are (asn1) NULL */
+ char_two->p.onBasis = ASN1_NULL_new();
+ if (!char_two->p.onBasis) {
+ ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ }
+
+ ok = 1;
+
+ err:if (tmp)
+ BN_free(tmp);
+ return (ok);
+}
+
+static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
+{
+ int ok = 0, nid;
+ BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
+ unsigned char *buffer_1 = NULL, *buffer_2 = NULL,
+ *a_buf = NULL, *b_buf = NULL;
+ size_t len_1, len_2;
+ unsigned char char_zero = 0;
+
+ if (!group || !curve || !curve->a || !curve->b)
+ return 0;
+
+ if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+
+ /* get a and b */
+ if (nid == NID_X9_62_prime_field) {
+ if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+ goto err;
+ }
+ } else { /* nid == NID_X9_62_characteristic_two_field */
+
+ if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+
+ len_1 = (size_t)BN_num_bytes(tmp_1);
+ len_2 = (size_t)BN_num_bytes(tmp_2);
+
+ if (len_1 == 0) {
+ /* len_1 == 0 => a == 0 */
+ a_buf = &char_zero;
+ len_1 = 1;
+ } else {
+ if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) {
+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+ goto err;
+ }
+ a_buf = buffer_1;
+ }
+
+ if (len_2 == 0) {
+ /* len_2 == 0 => b == 0 */
+ b_buf = &char_zero;
+ len_2 = 1;
+ } else {
+ if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) {
+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+ goto err;
+ }
+ b_buf = buffer_2;
+ }
+
+ /* set a and b */
+ if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) ||
+ !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) {
+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+ goto err;
+ }
+
+ /* set the seed (optional) */
+ if (group->seed) {
+ if (!curve->seed)
+ if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+ curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
+ (int)group->seed_len)) {
+ ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ } else {
+ if (curve->seed) {
+ ASN1_BIT_STRING_free(curve->seed);
+ curve->seed = NULL;
+ }
+ }
+
+ ok = 1;
+
+ err:if (buffer_1)
+ OPENSSL_free(buffer_1);
+ if (buffer_2)
+ OPENSSL_free(buffer_2);
+ if (tmp_1)
+ BN_free(tmp_1);
+ if (tmp_2)
+ BN_free(tmp_2);
+ return (ok);
+}
+
+static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
+ ECPARAMETERS *param)
+{
+ int ok = 0;
+ size_t len = 0;
+ ECPARAMETERS *ret = NULL;
+ BIGNUM *tmp = NULL;
+ unsigned char *buffer = NULL;
+ const EC_POINT *point = NULL;
+ point_conversion_form_t form;
+
+ if ((tmp = BN_new()) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (param == NULL) {
+ if ((ret = ECPARAMETERS_new()) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ } else
+ ret = param;
+
+ /* set the version (always one) */
+ ret->version = (long)0x1;
+
+ /* set the fieldID */
+ if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ /* set the curve */
+ if (!ec_asn1_group2curve(group, ret->curve)) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ /* set the base point */
+ if ((point = EC_GROUP_get0_generator(group)) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);
+ goto err;
+ }
+
+ form = EC_GROUP_get_point_conversion_form(group);
+
+ len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
+ if (len == 0) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+ goto err;
+ }
+ if ((buffer = OPENSSL_malloc(len)) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+ goto err;
+ }
+
+ /* set the order */
+ if (!EC_GROUP_get_order(group, tmp, NULL)) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+ goto err;
+ }
+ ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
+ if (ret->order == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+ goto err;
+ }
+
+ /* set the cofactor (optional) */
+ if (EC_GROUP_get_cofactor(group, tmp, NULL)) {
+ ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
+ if (ret->cofactor == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ }
+
+ ok = 1;
+
+ err:if (!ok) {
+ if (ret && !param)
+ ECPARAMETERS_free(ret);
+ ret = NULL;
+ }
+ if (tmp)
+ BN_free(tmp);
+ if (buffer)
+ OPENSSL_free(buffer);
+ return (ret);
+}
+
+ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,
+ ECPKPARAMETERS *params)
+{
+ int ok = 1, tmp;
+ ECPKPARAMETERS *ret = params;
+
+ if (ret == NULL) {
+ if ((ret = ECPKPARAMETERS_new()) == NULL) {
+ ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ } else {
+ if (ret->type == 0 && ret->value.named_curve)
+ ASN1_OBJECT_free(ret->value.named_curve);
+ else if (ret->type == 1 && ret->value.parameters)
+ ECPARAMETERS_free(ret->value.parameters);
+ }
+
+ if (EC_GROUP_get_asn1_flag(group)) {
+ /*
+ * use the asn1 OID to describe the the elliptic curve parameters
+ */
+ tmp = EC_GROUP_get_curve_name(group);
+ if (tmp) {
+ ret->type = 0;
+ if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
+ ok = 0;
+ } else
+ /* we don't kmow the nid => ERROR */
+ ok = 0;
+ } else {
+ /* use the ECPARAMETERS structure */
+ ret->type = 1;
+ if ((ret->value.parameters =
+ ec_asn1_group2parameters(group, NULL)) == NULL)
+ ok = 0;
+ }
+
+ if (!ok) {
+ ECPKPARAMETERS_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
+{
+ int ok = 0, tmp;
+ EC_GROUP *ret = NULL;
+ BIGNUM *p = NULL, *a = NULL, *b = NULL;
+ EC_POINT *point = NULL;
+ long field_bits;
+
+ if (!params->fieldID || !params->fieldID->fieldType ||
+ !params->fieldID->p.ptr) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+ goto err;
+ }
+
+ /* now extract the curve parameters a and b */
+ if (!params->curve || !params->curve->a ||
+ !params->curve->a->data || !params->curve->b ||
+ !params->curve->b->data) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+ goto err;
+ }
+ a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
+ if (a == NULL) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
+ goto err;
+ }
+ b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
+ if (b == NULL) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
+ goto err;
+ }
+
+ /* get the field parameters */
+ tmp = OBJ_obj2nid(params->fieldID->fieldType);
+
+ if (tmp == NID_X9_62_characteristic_two_field) {
+ X9_62_CHARACTERISTIC_TWO *char_two;
+
+ char_two = params->fieldID->p.char_two;
+
+ field_bits = char_two->m;
+ if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
+ goto err;
+ }
+
+ if ((p = BN_new()) == NULL) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* get the base type */
+ tmp = OBJ_obj2nid(char_two->type);
+
+ if (tmp == NID_X9_62_tpBasis) {
+ long tmp_long;
+
+ if (!char_two->p.tpBasis) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+ goto err;
+ }
+
+ tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
+
+ if (!(char_two->m > tmp_long && tmp_long > 0)) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
+ EC_R_INVALID_TRINOMIAL_BASIS);
+ goto err;
+ }
+
+ /* create the polynomial */
+ if (!BN_set_bit(p, (int)char_two->m))
+ goto err;
+ if (!BN_set_bit(p, (int)tmp_long))
+ goto err;
+ if (!BN_set_bit(p, 0))
+ goto err;
+ } else if (tmp == NID_X9_62_ppBasis) {
+ X9_62_PENTANOMIAL *penta;
+
+ penta = char_two->p.ppBasis;
+ if (!penta) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+ goto err;
+ }
+
+ if (!
+ (char_two->m > penta->k3 && penta->k3 > penta->k2
+ && penta->k2 > penta->k1 && penta->k1 > 0)) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
+ EC_R_INVALID_PENTANOMIAL_BASIS);
+ goto err;
+ }
+
+ /* create the polynomial */
+ if (!BN_set_bit(p, (int)char_two->m))
+ goto err;
+ if (!BN_set_bit(p, (int)penta->k1))
+ goto err;
+ if (!BN_set_bit(p, (int)penta->k2))
+ goto err;
+ if (!BN_set_bit(p, (int)penta->k3))
+ goto err;
+ if (!BN_set_bit(p, 0))
+ goto err;
+ } else if (tmp == NID_X9_62_onBasis) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED);
+ goto err;
+ } else { /* error */
+
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+ goto err;
+ }
+
+ /* create the EC_GROUP structure */
+ ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
+ } else if (tmp == NID_X9_62_prime_field) {
+ /* we have a curve over a prime field */
+ /* extract the prime number */
+ if (!params->fieldID->p.prime) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+ goto err;
+ }
+ p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
+ if (p == NULL) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+ goto err;
+ }
+
+ if (BN_is_negative(p) || BN_is_zero(p)) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
+ goto err;
+ }
+
+ field_bits = BN_num_bits(p);
+ if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
+ goto err;
+ }
+
+ /* create the EC_GROUP structure */
+ ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
+ } else {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
+ goto err;
+ }
+
+ if (ret == NULL) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ /* extract seed (optional) */
+ if (params->curve->seed != NULL) {
+ if (ret->seed != NULL)
+ OPENSSL_free(ret->seed);
+ if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ memcpy(ret->seed, params->curve->seed->data,
+ params->curve->seed->length);
+ ret->seed_len = params->curve->seed->length;
+ }
+
+ if (!params->order || !params->base || !params->base->data) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+ goto err;
+ }
+
+ if ((point = EC_POINT_new(ret)) == NULL)
+ goto err;
+
+ /* set the point conversion form */
+ EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
+ (params->base->data[0] & ~0x01));
+
+ /* extract the ec point */
+ if (!EC_POINT_oct2point(ret, point, params->base->data,
+ params->base->length, NULL)) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ /* extract the order */
+ if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ if (BN_is_negative(a) || BN_is_zero(a)) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
+ goto err;
+ }
+ if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
+ goto err;
+ }
+
+ /* extract the cofactor (optional) */
+ if (params->cofactor == NULL) {
+ if (b) {
+ BN_free(b);
+ b = NULL;
+ }
+ } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ /* set the generator, order and cofactor (if present) */
+ if (!EC_GROUP_set_generator(ret, point, a, b)) {
+ ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ ok = 1;
+
+ err:if (!ok) {
+ if (ret)
+ EC_GROUP_clear_free(ret);
+ ret = NULL;
+ }
+
+ if (p)
+ BN_free(p);
+ if (a)
+ BN_free(a);
+ if (b)
+ BN_free(b);
+ if (point)
+ EC_POINT_free(point);
+ return (ret);
+}
+
+EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params)
+{
+ EC_GROUP *ret = NULL;
+ int tmp = 0;
+
+ if (params == NULL) {
+ ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_MISSING_PARAMETERS);
+ return NULL;
+ }
+
+ if (params->type == 0) { /* the curve is given by an OID */
+ tmp = OBJ_obj2nid(params->value.named_curve);
+ if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
+ ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
+ EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
+ return NULL;
+ }
+ EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
+ } else if (params->type == 1) { /* the parameters are given by a
+ * ECPARAMETERS structure */
+ ret = ec_asn1_parameters2group(params->value.parameters);
+ if (!ret) {
+ ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);
+ return NULL;
+ }
+ EC_GROUP_set_asn1_flag(ret, 0x0);
+ } else if (params->type == 2) { /* implicitlyCA */
+ return NULL;
+ } else {
+ ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR);
+ return NULL;
+ }
+
+ return ret;
+}
+
+/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
+
+EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
+{
+ EC_GROUP *group = NULL;
+ ECPKPARAMETERS *params = NULL;
+
+ if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
+ ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
+ ECPKPARAMETERS_free(params);
+ return NULL;
+ }
+
+ if ((group = ec_asn1_pkparameters2group(params)) == NULL) {
+ ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
+ return NULL;
+ }
+
+ if (a && *a)
+ EC_GROUP_clear_free(*a);
+ if (a)
+ *a = group;
+
+ ECPKPARAMETERS_free(params);
+ return (group);
+}
+
+int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
+{
+ int ret = 0;
+ ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
+ if (tmp == NULL) {
+ ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
+ return 0;
+ }
+ if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
+ ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
+ ECPKPARAMETERS_free(tmp);
+ return 0;
+ }
+ ECPKPARAMETERS_free(tmp);
+ return (ret);
+}
+
+/* some EC_KEY functions */
+
+EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+{
+ int ok = 0;
+ EC_KEY *ret = NULL;
+ EC_PRIVATEKEY *priv_key = NULL;
+
+ if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) {
+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+ EC_PRIVATEKEY_free(priv_key);
+ return NULL;
+ }
+
+ if (a == NULL || *a == NULL) {
+ if ((ret = EC_KEY_new()) == NULL) {
+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ } else
+ ret = *a;
+
+ if (priv_key->parameters) {
+ if (ret->group)
+ EC_GROUP_clear_free(ret->group);
+ ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
+ }
+
+ if (ret->group == NULL) {
+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ ret->version = priv_key->version;
+
+ if (priv_key->privateKey) {
+ ret->priv_key = BN_bin2bn(M_ASN1_STRING_data(priv_key->privateKey),
+ M_ASN1_STRING_length(priv_key->privateKey),
+ ret->priv_key);
+ if (ret->priv_key == NULL) {
+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_BN_LIB);
+ goto err;
+ }
+ } else {
+ ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY);
+ goto err;
+ }
+
+ if (priv_key->publicKey) {
+ const unsigned char *pub_oct;
+ size_t pub_oct_len;
+
+ if (ret->pub_key)
+ EC_POINT_clear_free(ret->pub_key);
+ ret->pub_key = EC_POINT_new(ret->group);
+ if (ret->pub_key == NULL) {
+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+ goto err;
+ }
+ pub_oct = M_ASN1_STRING_data(priv_key->publicKey);
+ pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
+ /* save the point conversion form */
+ ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01);
+ if (!EC_POINT_oct2point(ret->group, ret->pub_key,
+ pub_oct, pub_oct_len, NULL)) {
+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+
+ if (a)
+ *a = ret;
+ ok = 1;
+ err:
+ if (!ok) {
+ if (ret && (a == NULL || *a != ret))
+ EC_KEY_free(ret);
+ ret = NULL;
+ }
+
+ if (priv_key)
+ EC_PRIVATEKEY_free(priv_key);
+
+ return (ret);
+}
+
+int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
+{
+ int ret = 0, ok = 0;
+ unsigned char *buffer = NULL;
+ size_t buf_len = 0, tmp_len;
+ EC_PRIVATEKEY *priv_key = NULL;
+
+ if (a == NULL || a->group == NULL || a->priv_key == NULL) {
+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+ goto err;
+ }
+
+ if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ priv_key->version = a->version;
+
+ buf_len = (size_t)BN_num_bytes(a->priv_key);
+ buffer = OPENSSL_malloc(buf_len);
+ if (buffer == NULL) {
+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!BN_bn2bin(a->priv_key, buffer)) {
+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
+ goto err;
+ }
+
+ if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) {
+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
+ goto err;
+ }
+
+ if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
+ if ((priv_key->parameters =
+ ec_asn1_group2pkparameters(a->group,
+ priv_key->parameters)) == NULL) {
+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+
+ if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) {
+ priv_key->publicKey = M_ASN1_BIT_STRING_new();
+ if (priv_key->publicKey == NULL) {
+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
+ a->conv_form, NULL, 0, NULL);
+
+ if (tmp_len > buf_len) {
+ unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len);
+ if (!tmp_buffer) {
+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ buffer = tmp_buffer;
+ buf_len = tmp_len;
+ }
+
+ if (!EC_POINT_point2oct(a->group, a->pub_key,
+ a->conv_form, buffer, buf_len, NULL)) {
+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+ priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, buf_len)) {
+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ }
+
+ if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
+ ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+ goto err;
+ }
+ ok = 1;
+ err:
+ if (buffer)
+ OPENSSL_free(buffer);
+ if (priv_key)
+ EC_PRIVATEKEY_free(priv_key);
+ return (ok ? ret : 0);
+}
+
+int i2d_ECParameters(EC_KEY *a, unsigned char **out)
+{
+ if (a == NULL) {
+ ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ return i2d_ECPKParameters(a->group, out);
+}
+
+EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
+{
+ EC_KEY *ret;
+
+ if (in == NULL || *in == NULL) {
+ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+
+ if (a == NULL || *a == NULL) {
+ if ((ret = EC_KEY_new()) == NULL) {
+ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ } else
+ ret = *a;
+
+ if (!d2i_ECPKParameters(&ret->group, in, len)) {
+ ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
+ if (a == NULL || *a != ret)
+ EC_KEY_free(ret);
+ return NULL;
+ }
+
+ if (a)
+ *a = ret;
+
+ return ret;
+}
+
+EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
+{
+ EC_KEY *ret = NULL;
+
+ if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
+ /*
+ * sorry, but a EC_GROUP-structur is necessary to set the public key
+ */
+ ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ ret = *a;
+ if (ret->pub_key == NULL &&
+ (ret->pub_key = EC_POINT_new(ret->group)) == NULL) {
+ ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) {
+ ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
+ return 0;
+ }
+ /* save the point conversion form */
+ ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01);
+ *in += len;
+ return ret;
+}
+
+int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
+{
+ size_t buf_len = 0;
+ int new_buffer = 0;
+
+ if (a == NULL) {
+ ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ buf_len = EC_POINT_point2oct(a->group, a->pub_key,
+ a->conv_form, NULL, 0, NULL);
+
+ if (out == NULL || buf_len == 0)
+ /* out == NULL => just return the length of the octet string */
+ return buf_len;
+
+ if (*out == NULL) {
+ if ((*out = OPENSSL_malloc(buf_len)) == NULL) {
+ ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ new_buffer = 1;
+ }
+ if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
+ *out, buf_len, NULL)) {
+ ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
+ OPENSSL_free(*out);
+ *out = NULL;
+ return 0;
+ }
+ if (!new_buffer)
+ *out += buf_len;
+ return buf_len;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_check.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec_check.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_check.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,123 +0,0 @@
-/* crypto/ec/ec_check.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ec_lcl.h"
-#include <openssl/err.h>
-
-int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
- {
- int ret = 0;
- BIGNUM *order;
- BN_CTX *new_ctx = NULL;
- EC_POINT *point = NULL;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- {
- ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- BN_CTX_start(ctx);
- if ((order = BN_CTX_get(ctx)) == NULL) goto err;
-
- /* check the discriminant */
- if (!EC_GROUP_check_discriminant(group, ctx))
- {
- ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);
- goto err;
- }
-
- /* check the generator */
- if (group->generator == NULL)
- {
- ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
- goto err;
- }
- if (!EC_POINT_is_on_curve(group, group->generator, ctx))
- {
- ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
- goto err;
- }
-
- /* check the order of the generator */
- if ((point = EC_POINT_new(group)) == NULL) goto err;
- if (!EC_GROUP_get_order(group, order, ctx)) goto err;
- if (BN_is_zero(order))
- {
- ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
- goto err;
- }
-
- if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err;
- if (!EC_POINT_is_at_infinity(group, point))
- {
- ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);
- goto err;
- }
-
- ret = 1;
-
-err:
- if (ctx != NULL)
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- if (point)
- EC_POINT_free(point);
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_check.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec_check.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_check.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_check.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,120 @@
+/* crypto/ec/ec_check.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ec_lcl.h"
+#include <openssl/err.h>
+
+int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
+{
+ int ret = 0;
+ BIGNUM *order;
+ BN_CTX *new_ctx = NULL;
+ EC_POINT *point = NULL;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ BN_CTX_start(ctx);
+ if ((order = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
+ /* check the discriminant */
+ if (!EC_GROUP_check_discriminant(group, ctx)) {
+ ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);
+ goto err;
+ }
+
+ /* check the generator */
+ if (group->generator == NULL) {
+ ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
+ goto err;
+ }
+ if (!EC_POINT_is_on_curve(group, group->generator, ctx)) {
+ ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
+ goto err;
+ }
+
+ /* check the order of the generator */
+ if ((point = EC_POINT_new(group)) == NULL)
+ goto err;
+ if (!EC_GROUP_get_order(group, order, ctx))
+ goto err;
+ if (BN_is_zero(order)) {
+ ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
+ goto err;
+ }
+
+ if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
+ goto err;
+ if (!EC_POINT_is_at_infinity(group, point)) {
+ ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);
+ goto err;
+ }
+
+ ret = 1;
+
+ err:
+ if (ctx != NULL)
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ if (point)
+ EC_POINT_free(point);
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_curve.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec_curve.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_curve.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1270 +0,0 @@
-/* crypto/ec/ec_curve.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include "ec_lcl.h"
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
-
-typedef struct ec_curve_data_st {
- int field_type; /* either NID_X9_62_prime_field or
- * NID_X9_62_characteristic_two_field */
- const char *p; /* either a prime number or a polynomial */
- const char *a;
- const char *b;
- const char *x; /* the x coordinate of the generator */
- const char *y; /* the y coordinate of the generator */
- const char *order; /* the order of the group generated by the
- * generator */
- const BN_ULONG cofactor;/* the cofactor */
- const unsigned char *seed;/* the seed (optional) */
- size_t seed_len;
- const char *comment; /* a short description of the curve */
-} EC_CURVE_DATA;
-
-/* the nist prime curves */
-static const unsigned char _EC_NIST_PRIME_192_SEED[] = {
- 0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57,
- 0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5};
-static const EC_CURVE_DATA _EC_NIST_PRIME_192 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
- "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
- "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
- "07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
- "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1,
- _EC_NIST_PRIME_192_SEED, 20,
- "NIST/X9.62/SECG curve over a 192 bit prime field"
- };
-
-static const unsigned char _EC_NIST_PRIME_224_SEED[] = {
- 0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45,
- 0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5};
-static const EC_CURVE_DATA _EC_NIST_PRIME_224 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
- "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
- "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
- "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1,
- _EC_NIST_PRIME_224_SEED, 20,
- "NIST/SECG curve over a 224 bit prime field"
- };
-
-static const unsigned char _EC_NIST_PRIME_384_SEED[] = {
- 0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00,
- 0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73};
-static const EC_CURVE_DATA _EC_NIST_PRIME_384 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
- "FFF0000000000000000FFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
- "FFF0000000000000000FFFFFFFC",
- "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563"
- "98D8A2ED19D2A85C8EDD3EC2AEF",
- "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F"
- "25DBF55296C3A545E3872760AB7",
- "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b"
- "1ce1d7e819d7a431d7c90ea0e5f",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0"
- "DB248B0A77AECEC196ACCC52973",1,
- _EC_NIST_PRIME_384_SEED, 20,
- "NIST/SECG curve over a 384 bit prime field"
- };
-
-static const unsigned char _EC_NIST_PRIME_521_SEED[] = {
- 0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,
- 0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA};
-static const EC_CURVE_DATA _EC_NIST_PRIME_521 = {
- NID_X9_62_prime_field,
- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
- "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156"
- "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
- "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14"
- "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
- "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9"
- "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
- "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51"
- "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1,
- _EC_NIST_PRIME_521_SEED, 20,
- "NIST/SECG curve over a 521 bit prime field"
- };
-/* the x9.62 prime curves (minus the nist prime curves) */
-static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = {
- 0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B,
- 0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6};
-static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
- "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
- "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
- "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15",
- "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1,
- _EC_X9_62_PRIME_192V2_SEED, 20,
- "X9.62 curve over a 192 bit prime field"
- };
-
-static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = {
- 0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6,
- 0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E};
-static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
- "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
- "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
- "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0",
- "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1,
- _EC_X9_62_PRIME_192V3_SEED, 20,
- "X9.62 curve over a 192 bit prime field"
- };
-
-static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = {
- 0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0,
- 0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D};
-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = {
- NID_X9_62_prime_field,
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
- "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
- "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
- "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1,
- _EC_X9_62_PRIME_239V1_SEED, 20,
- "X9.62 curve over a 239 bit prime field"
- };
-
-static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = {
- 0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B,
- 0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16};
-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = {
- NID_X9_62_prime_field,
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
- "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
- "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
- "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba",
- "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1,
- _EC_X9_62_PRIME_239V2_SEED, 20,
- "X9.62 curve over a 239 bit prime field"
- };
-
-static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = {
- 0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A,
- 0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF};
-static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = {
- NID_X9_62_prime_field,
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
- "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
- "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
- "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3",
- "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1,
- _EC_X9_62_PRIME_239V3_SEED, 20,
- "X9.62 curve over a 239 bit prime field"
- };
-
-static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = {
- 0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66,
- 0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90};
-static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = {
- NID_X9_62_prime_field,
- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
- "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
- "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
- "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
- "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
- "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1,
- _EC_X9_62_PRIME_256V1_SEED, 20,
- "X9.62/SECG curve over a 256 bit prime field"
- };
-/* the secg prime curves (minus the nist and x9.62 prime curves) */
-static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = {
- 0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68,
- 0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1};
-static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = {
- NID_X9_62_prime_field,
- "DB7C2ABF62E35E668076BEAD208B",
- "DB7C2ABF62E35E668076BEAD2088",
- "659EF8BA043916EEDE8911702B22",
- "09487239995A5EE76B55F9C2F098",
- "a89ce5af8724c0a23e0e0ff77500",
- "DB7C2ABF62E35E7628DFAC6561C5",1,
- _EC_SECG_PRIME_112R1_SEED, 20,
- "SECG/WTLS curve over a 112 bit prime field"
- };
-
-static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = {
- 0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68,
- 0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4};
-static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = {
- NID_X9_62_prime_field,
- "DB7C2ABF62E35E668076BEAD208B",
- "6127C24C05F38A0AAAF65C0EF02C",
- "51DEF1815DB5ED74FCC34C85D709",
- "4BA30AB5E892B4E1649DD0928643",
- "adcd46f5882e3747def36e956e97",
- "36DF0AAFD8B8D7597CA10520D04B",4,
- _EC_SECG_PRIME_112R2_SEED, 20,
- "SECG curve over a 112 bit prime field"
- };
-
-static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = {
- 0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
- 0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79};
-static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = {
- NID_X9_62_prime_field,
- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
- "E87579C11079F43DD824993C2CEE5ED3",
- "161FF7528B899B2D0C28607CA52C5B86",
- "cf5ac8395bafeb13c02da292dded7a83",
- "FFFFFFFE0000000075A30D1B9038A115",1,
- _EC_SECG_PRIME_128R1_SEED, 20,
- "SECG curve over a 128 bit prime field"
- };
-
-static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = {
- 0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,
- 0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4};
-static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = {
- NID_X9_62_prime_field,
- "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
- "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
- "5EEEFCA380D02919DC2C6558BB6D8A5D",
- "7B6AA5D85E572983E6FB32A7CDEBC140",
- "27b6916a894d3aee7106fe805fc34b44",
- "3FFFFFFF7FFFFFFFBE0024720613B5A3",4,
- _EC_SECG_PRIME_128R2_SEED, 20,
- "SECG curve over a 128 bit prime field"
- };
-
-static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
- "0",
- "7",
- "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
- "938cf935318fdced6bc28286531733c3f03c4fee",
- "0100000000000000000001B8FA16DFAB9ACA16B6B3",1,
- NULL, 0,
- "SECG curve over a 160 bit prime field"
- };
-
-static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = {
- 0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76,
- 0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45};
-static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
- "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
- "4A96B5688EF573284664698968C38BB913CBFC82",
- "23a628553168947d59dcc912042351377ac5fb32",
- "0100000000000000000001F4C8F927AED3CA752257",1,
- _EC_SECG_PRIME_160R1_SEED, 20,
- "SECG curve over a 160 bit prime field"
- };
-
-static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = {
- 0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09,
- 0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51};
-static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
- "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
- "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
- "feaffef2e331f296e071fa0df9982cfea7d43f2e",
- "0100000000000000000000351EE786A818F3A1A16B",1,
- _EC_SECG_PRIME_160R2_SEED, 20,
- "SECG/WTLS curve over a 160 bit prime field"
- };
-
-static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
- "0",
- "3",
- "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
- "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d",
- "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1,
- NULL, 20,
- "SECG curve over a 192 bit prime field"
- };
-
-static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
- "0",
- "5",
- "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
- "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5",
- "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1,
- NULL, 20,
- "SECG curve over a 224 bit prime field"
- };
-
-static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
- "0",
- "7",
- "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
- "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1,
- NULL, 20,
- "SECG curve over a 256 bit prime field"
- };
-
-/* some wap/wtls curves */
-static const EC_CURVE_DATA _EC_WTLS_8 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFDE7",
- "0",
- "3",
- "1",
- "2",
- "0100000000000001ECEA551AD837E9",1,
- NULL, 20,
- "WTLS curve over a 112 bit prime field"
- };
-
-static const EC_CURVE_DATA _EC_WTLS_9 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F",
- "0",
- "3",
- "1",
- "2",
- "0100000000000000000001CDC98AE0E2DE574ABF33",1,
- NULL, 20,
- "WTLS curve over a 160 bit prime field"
- };
-
-static const EC_CURVE_DATA _EC_WTLS_12 = {
- NID_X9_62_prime_field,
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
- "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
- "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
- "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1,
- NULL, 0,
- "WTLS curvs over a 224 bit prime field"
- };
-
-/* characteristic two curves */
-static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = {
- 0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87,
- 0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = {
- NID_X9_62_characteristic_two_field,
- "020000000000000000000000000201",
- "003088250CA6E7C7FE649CE85820F7",
- "00E8BEE4D3E2260744188BE0E9C723",
- "009D73616F35F4AB1407D73562C10F",
- "00A52830277958EE84D1315ED31886",
- "0100000000000000D9CCEC8A39E56F", 2,
- _EC_SECG_CHAR2_113R1_SEED, 20,
- "SECG curve over a 113 bit binary field"
- };
-
-static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = {
- 0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
- 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = {
- NID_X9_62_characteristic_two_field,
- "020000000000000000000000000201",
- "00689918DBEC7E5A0DD6DFC0AA55C7",
- "0095E9A9EC9B297BD4BF36E059184F",
- "01A57A6A7B26CA5EF52FCDB8164797",
- "00B3ADC94ED1FE674C06E695BABA1D",
- "010000000000000108789B2496AF93", 2,
- _EC_SECG_CHAR2_113R2_SEED, 20,
- "SECG curve over a 113 bit binary field"
- };
-
-static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = {
- 0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98,
- 0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = {
- NID_X9_62_characteristic_two_field,
- "080000000000000000000000000000010D",
- "07A11B09A76B562144418FF3FF8C2570B8",
- "0217C05610884B63B9C6C7291678F9D341",
- "0081BAF91FDF9833C40F9C181343638399",
- "078C6E7EA38C001F73C8134B1B4EF9E150",
- "0400000000000000023123953A9464B54D", 2,
- _EC_SECG_CHAR2_131R1_SEED, 20,
- "SECG/WTLS curve over a 131 bit binary field"
- };
-
-static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = {
- 0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76,
- 0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = {
- NID_X9_62_characteristic_two_field,
- "080000000000000000000000000000010D",
- "03E5A88919D7CAFCBF415F07C2176573B2",
- "04B8266A46C55657AC734CE38F018F2192",
- "0356DCD8F2F95031AD652D23951BB366A8",
- "0648F06D867940A5366D9E265DE9EB240F",
- "0400000000000000016954A233049BA98F", 2,
- _EC_SECG_CHAR2_131R2_SEED, 20,
- "SECG curve over a 131 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = {
- NID_X9_62_characteristic_two_field,
- "0800000000000000000000000000000000000000C9",
- "1",
- "1",
- "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
- "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
- "04000000000000000000020108A2E0CC0D99F8A5EF", 2,
- NULL, 0,
- "NIST/SECG/WTLS curve over a 163 bit binary field"
- };
-
-static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = {
- 0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67,
- 0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = {
- NID_X9_62_characteristic_two_field,
- "0800000000000000000000000000000000000000C9",
- "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
- "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
- "0369979697AB43897789566789567F787A7876A654",
- "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
- "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2,
-/* The algorithm used to derive the curve parameters from
- * the seed used here is slightly different than the
- * algorithm described in X9.62 .
- */
-#if 0
- _EC_SECG_CHAR2_163R1_SEED, 20,
-#else
- NULL, 0,
-#endif
- "SECG curve over a 163 bit binary field"
- };
-
-static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = {
- 0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12,
- 0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68};
-static const EC_CURVE_DATA _EC_NIST_CHAR2_163B ={
- NID_X9_62_characteristic_two_field,
- "0800000000000000000000000000000000000000C9",
- "1",
- "020A601907B8C953CA1481EB10512F78744A3205FD",
- "03F0EBA16286A2D57EA0991168D4994637E8343E36",
- "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
- "040000000000000000000292FE77E70C12A4234C33", 2,
-/* The seed here was used to created the curve parameters in normal
- * basis representation (and not the polynomial representation used here)
- */
-#if 0
- _EC_NIST_CHAR2_163B_SEED, 20,
-#else
- NULL, 0,
-#endif
- "NIST/SECG curve over a 163 bit binary field"
- };
-
-static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = {
- 0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75,
- 0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = {
- NID_X9_62_characteristic_two_field,
- "02000000000000000000000000000000000000000000008001",
- "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
- "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
- "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
- "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
- "01000000000000000000000000C7F34A778F443ACC920EBA49", 2,
- _EC_SECG_CHAR2_193R1_SEED, 20,
- "SECG curve over a 193 bit binary field"
- };
-
-static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = {
- 0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,
- 0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11};
-static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = {
- NID_X9_62_characteristic_two_field,
- "02000000000000000000000000000000000000000000008001",
- "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
- "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
- "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
- "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
- "010000000000000000000000015AAB561B005413CCD4EE99D5", 2,
- _EC_SECG_CHAR2_193R2_SEED, 20,
- "SECG curve over a 193 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = {
- NID_X9_62_characteristic_two_field,
- "020000000000000000000000000000000000000004000000000000000001",
- "0",
- "1",
- "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
- "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
- "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4,
- NULL, 0,
- "NIST/SECG/WTLS curve over a 233 bit binary field"
- };
-
-static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = {
- 0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1,
- 0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3};
-static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = {
- NID_X9_62_characteristic_two_field,
- "020000000000000000000000000000000000000004000000000000000001",
- "000000000000000000000000000000000000000000000000000000000001",
- "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
- "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
- "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
- "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2,
- _EC_NIST_CHAR2_233B_SEED, 20,
- "NIST/SECG/WTLS curve over a 233 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = {
- NID_X9_62_characteristic_two_field,
- "800000000000000000004000000000000000000000000000000000000001",
- "0",
- "1",
- "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
- "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
- "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4,
- NULL, 0,
- "SECG curve over a 239 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = {
- NID_X9_62_characteristic_two_field,
- "080000000000000000000000000000000000000000000000000000000000000000001"
- "0A1",
- "0",
- "1",
- "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492"
- "836",
- "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2"
- "259",
- "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163"
- "C61", 4,
- NULL, 20,
- "NIST/SECG curve over a 283 bit binary field"
- };
-
-static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = {
- 0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D,
- 0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE};
-static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = {
- NID_X9_62_characteristic_two_field,
- "080000000000000000000000000000000000000000000000000000000000000000001"
- "0A1",
- "000000000000000000000000000000000000000000000000000000000000000000000"
- "001",
- "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A"
- "2F5",
- "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12"
- "053",
- "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811"
- "2F4",
- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB"
- "307", 2,
- _EC_NIST_CHAR2_283B_SEED, 20,
- "NIST/SECG curve over a 283 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = {
- NID_X9_62_characteristic_two_field,
- "020000000000000000000000000000000000000000000000000000000000000000000"
- "00000000000008000000000000000000001",
- "0",
- "1",
- "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601"
- "89EB5AAAA62EE222EB1B35540CFE9023746",
- "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6"
- "C42E9C55215AA9CA27A5863EC48D8E0286B",
- "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400"
- "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4,
- NULL, 0,
- "NIST/SECG curve over a 409 bit binary field"
- };
-
-static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = {
- 0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21,
- 0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B};
-static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = {
- NID_X9_62_characteristic_two_field,
- "020000000000000000000000000000000000000000000000000000000000000000000"
- "00000000000008000000000000000000001",
- "000000000000000000000000000000000000000000000000000000000000000000000"
- "00000000000000000000000000000000001",
- "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19"
- "7B272822F6CD57A55AA4F50AE317B13545F",
- "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255"
- "A868A1180515603AEAB60794E54BB7996A7",
- "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514"
- "F1FDF4B4F40D2181B3681C364BA0273C706",
- "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330"
- "7BE5FA47C3C9E052F838164CD37D9A21173", 2,
- _EC_NIST_CHAR2_409B_SEED, 20,
- "NIST/SECG curve over a 409 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = {
- NID_X9_62_characteristic_two_field,
- "800000000000000000000000000000000000000000000000000000000000000000000"
- "000000000000000000000000000000000000000000000000000000000000000000000"
- "00425",
- "0",
- "1",
- "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709"
- "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0"
- "1C8972",
- "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497"
- "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E"
- "F1C7A3",
- "020000000000000000000000000000000000000000000000000000000000000000000"
- "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63"
- "7C1001", 4,
- NULL, 0,
- "NIST/SECG curve over a 571 bit binary field"
- };
-
-static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = {
- 0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B,
- 0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10};
-static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = {
- NID_X9_62_characteristic_two_field,
- "800000000000000000000000000000000000000000000000000000000000000000000"
- "000000000000000000000000000000000000000000000000000000000000000000000"
- "00425",
- "000000000000000000000000000000000000000000000000000000000000000000000"
- "000000000000000000000000000000000000000000000000000000000000000000000"
- "000001",
- "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA"
- "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29"
- "55727A",
- "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53"
- "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E"
- "EC2D19",
- "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423"
- "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B"
- "8AC15B",
- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F"
- "E84E47", 2,
- _EC_NIST_CHAR2_571B_SEED, 20,
- "NIST/SECG curve over a 571 bit binary field"
- };
-
-static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = {
- 0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
- 0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = {
- NID_X9_62_characteristic_two_field,
- "080000000000000000000000000000000000000107",
- "072546B5435234A422E0789675F432C89435DE5242",
- "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
- "07AF69989546103D79329FCC3D74880F33BBE803CB",
- "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
- "0400000000000000000001E60FC8821CC74DAEAFC1", 2,
- _EC_X9_62_CHAR2_163V1_SEED, 20,
- "X9.62 curve over a 163 bit binary field"
- };
-
-static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = {
- 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76,
- 0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = {
- NID_X9_62_characteristic_two_field,
- "080000000000000000000000000000000000000107",
- "0108B39E77C4B108BED981ED0E890E117C511CF072",
- "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
- "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
- "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
- "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2,
- _EC_X9_62_CHAR2_163V2_SEED, 20,
- "X9.62 curve over a 163 bit binary field"
- };
-
-static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = {
- 0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67,
- 0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = {
- NID_X9_62_characteristic_two_field,
- "080000000000000000000000000000000000000107",
- "07A526C63D3E25A256A007699F5447E32AE456B50E",
- "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
- "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
- "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
- "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2,
- _EC_X9_62_CHAR2_163V3_SEED, 20,
- "X9.62 curve over a 163 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = {
- NID_X9_62_characteristic_two_field,
- "0100000000000000000000000000000000080000000007",
- "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
- "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
- "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
- "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
- "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E,
- NULL, 0,
- "X9.62 curve over a 176 bit binary field"
- };
-
-static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = {
- 0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76,
- 0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = {
- NID_X9_62_characteristic_two_field,
- "800000000000000000000000000000000000000000000201",
- "2866537B676752636A68F56554E12640276B649EF7526267",
- "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
- "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
- "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
- "40000000000000000000000004A20E90C39067C893BBB9A5", 2,
- _EC_X9_62_CHAR2_191V1_SEED, 20,
- "X9.62 curve over a 191 bit binary field"
- };
-
-static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = {
- 0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76,
- 0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = {
- NID_X9_62_characteristic_two_field,
- "800000000000000000000000000000000000000000000201",
- "401028774D7777C7B7666D1366EA432071274F89FF01E718",
- "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
- "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
- "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
- "20000000000000000000000050508CB89F652824E06B8173", 4,
- _EC_X9_62_CHAR2_191V2_SEED, 20,
- "X9.62 curve over a 191 bit binary field"
- };
-
-static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = {
- 0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76,
- 0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = {
- NID_X9_62_characteristic_two_field,
- "800000000000000000000000000000000000000000000201",
- "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
- "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
- "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
- "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
- "155555555555555555555555610C0B196812BFB6288A3EA3", 6,
- _EC_X9_62_CHAR2_191V3_SEED, 20,
- "X9.62 curve over a 191 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = {
- NID_X9_62_characteristic_two_field,
- "010000000000000000000000000000000800000000000000000007",
- "0000000000000000000000000000000000000000000000000000",
- "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
- "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
- "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
- "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48,
- NULL, 0,
- "X9.62 curve over a 208 bit binary field"
- };
-
-static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = {
- 0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
- 0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = {
- NID_X9_62_characteristic_two_field,
- "800000000000000000000000000000000000000000000000001000000001",
- "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
- "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
- "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
- "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
- "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4,
- _EC_X9_62_CHAR2_239V1_SEED, 20,
- "X9.62 curve over a 239 bit binary field"
- };
-
-static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = {
- 0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76,
- 0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = {
- NID_X9_62_characteristic_two_field,
- "800000000000000000000000000000000000000000000000001000000001",
- "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
- "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
- "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
- "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
- "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6,
- _EC_X9_62_CHAR2_239V2_SEED, 20,
- "X9.62 curve over a 239 bit binary field"
- };
-
-static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = {
- 0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
- 0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = {
- NID_X9_62_characteristic_two_field,
- "800000000000000000000000000000000000000000000000001000000001",
- "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
- "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
- "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
- "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
- "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA,
- _EC_X9_62_CHAR2_239V3_SEED, 20,
- "X9.62 curve over a 239 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = {
- NID_X9_62_characteristic_two_field,
- "010000000000000000000000000000000000000000000000000000010000000000000"
- "B",
- "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
- "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
- "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
- "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
- "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
- 0xFF06,
- NULL, 0,
- "X9.62 curve over a 272 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = {
- NID_X9_62_characteristic_two_field,
- "010000000000000000000000000000000000000000000000000000000000000000000"
- "000000807",
- "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039"
- "6C8E681",
- "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558"
- "27340BE",
- "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7"
- "40A2614",
- "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1"
- "B92C03B",
- "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164"
- "443051D", 0xFE2E,
- NULL, 0,
- "X9.62 curve over a 304 bit binary field"
- };
-
-static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = {
- 0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76,
- 0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6};
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = {
- NID_X9_62_characteristic_two_field,
- "800000000000000000000000000000000000000000000000000000000000000000000"
- "000100000000000000001",
- "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05"
- "656FB549016A96656A557",
- "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968"
- "7742B6329E70680231988",
- "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9"
- "8E8E707C07A2239B1B097",
- "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E"
- "4AE2DE211305A407104BD",
- "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9"
- "64FE7719E74F490758D3B", 0x4C,
- _EC_X9_62_CHAR2_359V1_SEED, 20,
- "X9.62 curve over a 359 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = {
- NID_X9_62_characteristic_two_field,
- "010000000000000000000000000000000000000000000000000000000000000000000"
- "0002000000000000000000007",
- "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62"
- "F0AB7519CCD2A1A906AE30D",
- "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112"
- "D84D164F444F8F74786046A",
- "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78"
- "9E927BE216F02E1FB136A5F",
- "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855"
- "ADAA81E2A0750B80FDA2310",
- "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90"
- "9AE40A6F131E9CFCE5BD967", 0xFF70,
- NULL, 0,
- "X9.62 curve over a 368 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = {
- NID_X9_62_characteristic_two_field,
- "800000000000000000000000000000000000000000000000000000000000000000000"
- "000000001000000000000000000000000000001",
- "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E"
- "B9906D0957F6C6FEACD615468DF104DE296CD8F",
- "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6"
- "26D4E50A8DD731B107A9962381FB5D807BF2618",
- "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2"
- "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
- "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6"
- "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
- "0340340340340340340340340340340340340340340340340340340323C313FAB5058"
- "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760,
- NULL, 0,
- "X9.62 curve over a 431 bit binary field"
- };
-
-static const EC_CURVE_DATA _EC_WTLS_1 = {
- NID_X9_62_characteristic_two_field,
- "020000000000000000000000000201",
- "1",
- "1",
- "01667979A40BA497E5D5C270780617",
- "00F44B4AF1ECC2630E08785CEBCC15",
- "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2,
- NULL, 0,
- "WTLS curve over a 113 bit binary field"
- };
-
-/* IPSec curves */
-/* NOTE: The of curves over a extension field of non prime degree
- * is not recommended (Weil-descent).
- * As the group order is not a prime this curve is not suitable
- * for ECDSA.
- */
-static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = {
- NID_X9_62_characteristic_two_field,
- "0800000000000000000000004000000000000001",
- "0",
- "07338f",
- "7b",
- "1c8",
- "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3,
- NULL, 0,
- "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
- "\tNot suitable for ECDSA.\n\tQuestionable extension field!"
- };
-
-/* NOTE: The of curves over a extension field of non prime degree
- * is not recommended (Weil-descent).
- * As the group order is not a prime this curve is not suitable
- * for ECDSA.
- */
-static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = {
- NID_X9_62_characteristic_two_field,
- "020000000000000000000000000000200000000000000001",
- "0",
- "1ee9",
- "18",
- "0d",
- "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2,
- NULL, 0,
- "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
- "\tNot suitable for ECDSA.\n\tQuestionable extension field!"
- };
-
-typedef struct _ec_list_element_st {
- int nid;
- const EC_CURVE_DATA *data;
- } ec_list_element;
-
-static const ec_list_element curve_list[] = {
- /* prime field curves */
- /* secg curves */
- { NID_secp112r1, &_EC_SECG_PRIME_112R1},
- { NID_secp112r2, &_EC_SECG_PRIME_112R2},
- { NID_secp128r1, &_EC_SECG_PRIME_128R1},
- { NID_secp128r2, &_EC_SECG_PRIME_128R2},
- { NID_secp160k1, &_EC_SECG_PRIME_160K1},
- { NID_secp160r1, &_EC_SECG_PRIME_160R1},
- { NID_secp160r2, &_EC_SECG_PRIME_160R2},
- /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
- { NID_secp192k1, &_EC_SECG_PRIME_192K1},
- { NID_secp224k1, &_EC_SECG_PRIME_224K1},
- { NID_secp224r1, &_EC_NIST_PRIME_224},
- { NID_secp256k1, &_EC_SECG_PRIME_256K1},
- /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
- { NID_secp384r1, &_EC_NIST_PRIME_384},
- { NID_secp521r1, &_EC_NIST_PRIME_521},
- /* X9.62 curves */
- { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192},
- { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2},
- { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3},
- { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1},
- { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2},
- { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3},
- { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1},
- /* characteristic two field curves */
- /* NIST/SECG curves */
- { NID_sect113r1, &_EC_SECG_CHAR2_113R1},
- { NID_sect113r2, &_EC_SECG_CHAR2_113R2},
- { NID_sect131r1, &_EC_SECG_CHAR2_131R1},
- { NID_sect131r2, &_EC_SECG_CHAR2_131R2},
- { NID_sect163k1, &_EC_NIST_CHAR2_163K },
- { NID_sect163r1, &_EC_SECG_CHAR2_163R1},
- { NID_sect163r2, &_EC_NIST_CHAR2_163B },
- { NID_sect193r1, &_EC_SECG_CHAR2_193R1},
- { NID_sect193r2, &_EC_SECG_CHAR2_193R2},
- { NID_sect233k1, &_EC_NIST_CHAR2_233K },
- { NID_sect233r1, &_EC_NIST_CHAR2_233B },
- { NID_sect239k1, &_EC_SECG_CHAR2_239K1},
- { NID_sect283k1, &_EC_NIST_CHAR2_283K },
- { NID_sect283r1, &_EC_NIST_CHAR2_283B },
- { NID_sect409k1, &_EC_NIST_CHAR2_409K },
- { NID_sect409r1, &_EC_NIST_CHAR2_409B },
- { NID_sect571k1, &_EC_NIST_CHAR2_571K },
- { NID_sect571r1, &_EC_NIST_CHAR2_571B },
- /* X9.62 curves */
- { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1},
- { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2},
- { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3},
- { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1},
- { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1},
- { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2},
- { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3},
- { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1},
- { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1},
- { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2},
- { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3},
- { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1},
- { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1},
- { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1},
- { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1},
- { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1},
- /* the WAP/WTLS curves
- * [unlike SECG, spec has its own OIDs for curves from X9.62] */
- { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1},
- { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K},
- { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1},
- { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1},
- { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1},
- { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2},
- { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8},
- { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9 },
- { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K},
- { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B},
- { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12},
- /* IPSec curves */
- { NID_ipsec3, &_EC_IPSEC_155_ID3},
- { NID_ipsec4, &_EC_IPSEC_185_ID4},
-};
-
-static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element);
-
-static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
- {
- EC_GROUP *group=NULL;
- EC_POINT *P=NULL;
- BN_CTX *ctx=NULL;
- BIGNUM *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
- int ok=0;
-
- if ((ctx = BN_CTX_new()) == NULL)
- {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
- (b = BN_new()) == NULL || (x = BN_new()) == NULL ||
- (y = BN_new()) == NULL || (order = BN_new()) == NULL)
- {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a)
- || !BN_hex2bn(&b, data->b))
- {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
- goto err;
- }
-
- if (data->field_type == NID_X9_62_prime_field)
- {
- if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL)
- {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- }
- else
- { /* field_type == NID_X9_62_characteristic_two_field */
- if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)
- {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- }
-
- if ((P = EC_POINT_new(group)) == NULL)
- {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
-
- if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y))
- {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
- goto err;
- }
- if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx))
- {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor))
- {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
- goto err;
- }
- if (!EC_GROUP_set_generator(group, P, order, x))
- {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- if (data->seed)
- {
- if (!EC_GROUP_set_seed(group, data->seed, data->seed_len))
- {
- ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
- goto err;
- }
- }
- ok=1;
-err:
- if (!ok)
- {
- EC_GROUP_free(group);
- group = NULL;
- }
- if (P)
- EC_POINT_free(P);
- if (ctx)
- BN_CTX_free(ctx);
- if (p)
- BN_free(p);
- if (a)
- BN_free(a);
- if (b)
- BN_free(b);
- if (order)
- BN_free(order);
- if (x)
- BN_free(x);
- if (y)
- BN_free(y);
- return group;
- }
-
-EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
- {
- size_t i;
- EC_GROUP *ret = NULL;
-
- if (nid <= 0)
- return NULL;
-
- for (i=0; i<curve_list_length; i++)
- if (curve_list[i].nid == nid)
- {
- ret = ec_group_new_from_data(curve_list[i].data);
- break;
- }
-
- if (ret == NULL)
- {
- ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
- return NULL;
- }
-
- EC_GROUP_set_curve_name(ret, nid);
-
- return ret;
- }
-
-size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
- {
- size_t i, min;
-
- if (r == NULL || nitems == 0)
- return curve_list_length;
-
- min = nitems < curve_list_length ? nitems : curve_list_length;
-
- for (i = 0; i < min; i++)
- {
- r[i].nid = curve_list[i].nid;
- r[i].comment = curve_list[i].data->comment;
- }
-
- return curve_list_length;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_curve.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec_curve.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_curve.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_curve.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1335 @@
+/* crypto/ec/ec_curve.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include "ec_lcl.h"
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+
+typedef struct ec_curve_data_st {
+ int field_type; /* either NID_X9_62_prime_field or
+ * NID_X9_62_characteristic_two_field */
+ const char *p; /* either a prime number or a polynomial */
+ const char *a;
+ const char *b;
+ const char *x; /* the x coordinate of the generator */
+ const char *y; /* the y coordinate of the generator */
+ const char *order; /* the order of the group generated by the
+ * generator */
+ const BN_ULONG cofactor; /* the cofactor */
+ const unsigned char *seed; /* the seed (optional) */
+ size_t seed_len;
+ const char *comment; /* a short description of the curve */
+} EC_CURVE_DATA;
+
+/* the nist prime curves */
+static const unsigned char _EC_NIST_PRIME_192_SEED[] = {
+ 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57,
+ 0x95, 0x28, 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5
+};
+
+static const EC_CURVE_DATA _EC_NIST_PRIME_192 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+ "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
+ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
+ "07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
+ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 1,
+ _EC_NIST_PRIME_192_SEED, 20,
+ "NIST/X9.62/SECG curve over a 192 bit prime field"
+};
+
+static const unsigned char _EC_NIST_PRIME_224_SEED[] = {
+ 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45,
+ 0xB5, 0x9F, 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5
+};
+
+static const EC_CURVE_DATA _EC_NIST_PRIME_224 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+ "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1,
+ _EC_NIST_PRIME_224_SEED, 20,
+ "NIST/SECG curve over a 224 bit prime field"
+};
+
+static const unsigned char _EC_NIST_PRIME_384_SEED[] = {
+ 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00,
+ 0x89, 0x6A, 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73
+};
+
+static const EC_CURVE_DATA _EC_NIST_PRIME_384 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
+ "FFF0000000000000000FFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
+ "FFF0000000000000000FFFFFFFC",
+ "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563"
+ "98D8A2ED19D2A85C8EDD3EC2AEF",
+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F"
+ "25DBF55296C3A545E3872760AB7",
+ "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b"
+ "1ce1d7e819d7a431d7c90ea0e5f",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0"
+ "DB248B0A77AECEC196ACCC52973", 1,
+ _EC_NIST_PRIME_384_SEED, 20,
+ "NIST/SECG curve over a 384 bit prime field"
+};
+
+static const unsigned char _EC_NIST_PRIME_521_SEED[] = {
+ 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC,
+ 0x67, 0x17, 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA
+};
+
+static const EC_CURVE_DATA _EC_NIST_PRIME_521 = {
+ NID_X9_62_prime_field,
+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+ "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156"
+ "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+ "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14"
+ "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+ "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9"
+ "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51"
+ "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 1,
+ _EC_NIST_PRIME_521_SEED, 20,
+ "NIST/SECG curve over a 521 bit prime field"
+};
+
+/* the x9.62 prime curves (minus the nist prime curves) */
+static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = {
+ 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B,
+ 0x11, 0x3E, 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6
+};
+
+static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+ "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
+ "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
+ "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15",
+ "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", 1,
+ _EC_X9_62_PRIME_192V2_SEED, 20,
+ "X9.62 curve over a 192 bit prime field"
+};
+
+static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = {
+ 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6,
+ 0x5C, 0xA9, 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E
+};
+
+static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+ "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
+ "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
+ "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0",
+ "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", 1,
+ _EC_X9_62_PRIME_192V3_SEED, 20,
+ "X9.62 curve over a 192 bit prime field"
+};
+
+static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = {
+ 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0,
+ 0x75, 0x79, 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D
+};
+
+static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = {
+ NID_X9_62_prime_field,
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+ "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
+ "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
+ "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae",
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", 1,
+ _EC_X9_62_PRIME_239V1_SEED, 20,
+ "X9.62 curve over a 239 bit prime field"
+};
+
+static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = {
+ 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B,
+ 0x80, 0x99, 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16
+};
+
+static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = {
+ NID_X9_62_prime_field,
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+ "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
+ "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
+ "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba",
+ "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", 1,
+ _EC_X9_62_PRIME_239V2_SEED, 20,
+ "X9.62 curve over a 239 bit prime field"
+};
+
+static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = {
+ 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A,
+ 0x85, 0x76, 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF
+};
+
+static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = {
+ NID_X9_62_prime_field,
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+ "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
+ "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
+ "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3",
+ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", 1,
+ _EC_X9_62_PRIME_239V3_SEED, 20,
+ "X9.62 curve over a 239 bit prime field"
+};
+
+static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = {
+ 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66,
+ 0x78, 0xE1, 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90
+};
+
+static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+ "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
+ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 1,
+ _EC_X9_62_PRIME_256V1_SEED, 20,
+ "X9.62/SECG curve over a 256 bit prime field"
+};
+
+/* the secg prime curves (minus the nist and x9.62 prime curves) */
+static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = {
+ 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68,
+ 0x75, 0x61, 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1
+};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = {
+ NID_X9_62_prime_field,
+ "DB7C2ABF62E35E668076BEAD208B",
+ "DB7C2ABF62E35E668076BEAD2088",
+ "659EF8BA043916EEDE8911702B22",
+ "09487239995A5EE76B55F9C2F098",
+ "a89ce5af8724c0a23e0e0ff77500",
+ "DB7C2ABF62E35E7628DFAC6561C5", 1,
+ _EC_SECG_PRIME_112R1_SEED, 20,
+ "SECG/WTLS curve over a 112 bit prime field"
+};
+
+static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = {
+ 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68,
+ 0x75, 0x61, 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4
+};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = {
+ NID_X9_62_prime_field,
+ "DB7C2ABF62E35E668076BEAD208B",
+ "6127C24C05F38A0AAAF65C0EF02C",
+ "51DEF1815DB5ED74FCC34C85D709",
+ "4BA30AB5E892B4E1649DD0928643",
+ "adcd46f5882e3747def36e956e97",
+ "36DF0AAFD8B8D7597CA10520D04B", 4,
+ _EC_SECG_PRIME_112R2_SEED, 20,
+ "SECG curve over a 112 bit prime field"
+};
+
+static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = {
+ 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+ 0x51, 0x75, 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79
+};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
+ "E87579C11079F43DD824993C2CEE5ED3",
+ "161FF7528B899B2D0C28607CA52C5B86",
+ "cf5ac8395bafeb13c02da292dded7a83",
+ "FFFFFFFE0000000075A30D1B9038A115", 1,
+ _EC_SECG_PRIME_128R1_SEED, 20,
+ "SECG curve over a 128 bit prime field"
+};
+
+static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = {
+ 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
+ 0x12, 0xD8, 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4
+};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+ "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
+ "5EEEFCA380D02919DC2C6558BB6D8A5D",
+ "7B6AA5D85E572983E6FB32A7CDEBC140",
+ "27b6916a894d3aee7106fe805fc34b44",
+ "3FFFFFFF7FFFFFFFBE0024720613B5A3", 4,
+ _EC_SECG_PRIME_128R2_SEED, 20,
+ "SECG curve over a 128 bit prime field"
+};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+ "0",
+ "7",
+ "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
+ "938cf935318fdced6bc28286531733c3f03c4fee",
+ "0100000000000000000001B8FA16DFAB9ACA16B6B3", 1,
+ NULL, 0,
+ "SECG curve over a 160 bit prime field"
+};
+
+static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = {
+ 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76,
+ 0x87, 0x56, 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45
+};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
+ "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
+ "4A96B5688EF573284664698968C38BB913CBFC82",
+ "23a628553168947d59dcc912042351377ac5fb32",
+ "0100000000000000000001F4C8F927AED3CA752257", 1,
+ _EC_SECG_PRIME_160R1_SEED, 20,
+ "SECG curve over a 160 bit prime field"
+};
+
+static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = {
+ 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09,
+ 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51
+};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
+ "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
+ "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
+ "feaffef2e331f296e071fa0df9982cfea7d43f2e",
+ "0100000000000000000000351EE786A818F3A1A16B", 1,
+ _EC_SECG_PRIME_160R2_SEED, 20,
+ "SECG/WTLS curve over a 160 bit prime field"
+};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
+ "0",
+ "3",
+ "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
+ "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d",
+ "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 1,
+ NULL, 20,
+ "SECG curve over a 192 bit prime field"
+};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
+ "0",
+ "5",
+ "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
+ "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5",
+ "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 1,
+ NULL, 20,
+ "SECG curve over a 224 bit prime field"
+};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
+ "0",
+ "7",
+ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
+ "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 1,
+ NULL, 20,
+ "SECG curve over a 256 bit prime field"
+};
+
+/* some wap/wtls curves */
+static const EC_CURVE_DATA _EC_WTLS_8 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFDE7",
+ "0",
+ "3",
+ "1",
+ "2",
+ "0100000000000001ECEA551AD837E9", 1,
+ NULL, 20,
+ "WTLS curve over a 112 bit prime field"
+};
+
+static const EC_CURVE_DATA _EC_WTLS_9 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F",
+ "0",
+ "3",
+ "1",
+ "2",
+ "0100000000000000000001CDC98AE0E2DE574ABF33", 1,
+ NULL, 20,
+ "WTLS curve over a 160 bit prime field"
+};
+
+static const EC_CURVE_DATA _EC_WTLS_12 = {
+ NID_X9_62_prime_field,
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+ "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1,
+ NULL, 0,
+ "WTLS curvs over a 224 bit prime field"
+};
+
+/* characteristic two curves */
+static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = {
+ 0x10, 0xE7, 0x23, 0xAB, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87,
+ 0x56, 0x15, 0x17, 0x56, 0xFE, 0xBF, 0x8F, 0xCB, 0x49, 0xA9
+};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = {
+ NID_X9_62_characteristic_two_field,
+ "020000000000000000000000000201",
+ "003088250CA6E7C7FE649CE85820F7",
+ "00E8BEE4D3E2260744188BE0E9C723",
+ "009D73616F35F4AB1407D73562C10F",
+ "00A52830277958EE84D1315ED31886",
+ "0100000000000000D9CCEC8A39E56F", 2,
+ _EC_SECG_CHAR2_113R1_SEED, 20,
+ "SECG curve over a 113 bit binary field"
+};
+
+static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = {
+ 0x10, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE,
+ 0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D
+};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = {
+ NID_X9_62_characteristic_two_field,
+ "020000000000000000000000000201",
+ "00689918DBEC7E5A0DD6DFC0AA55C7",
+ "0095E9A9EC9B297BD4BF36E059184F",
+ "01A57A6A7B26CA5EF52FCDB8164797",
+ "00B3ADC94ED1FE674C06E695BABA1D",
+ "010000000000000108789B2496AF93", 2,
+ _EC_SECG_CHAR2_113R2_SEED, 20,
+ "SECG curve over a 113 bit binary field"
+};
+
+static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = {
+ 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x98,
+ 0x5B, 0xD3, 0xAD, 0xBA, 0xDA, 0x21, 0xB4, 0x3A, 0x97, 0xE2
+};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = {
+ NID_X9_62_characteristic_two_field,
+ "080000000000000000000000000000010D",
+ "07A11B09A76B562144418FF3FF8C2570B8",
+ "0217C05610884B63B9C6C7291678F9D341",
+ "0081BAF91FDF9833C40F9C181343638399",
+ "078C6E7EA38C001F73C8134B1B4EF9E150",
+ "0400000000000000023123953A9464B54D", 2,
+ _EC_SECG_CHAR2_131R1_SEED, 20,
+ "SECG/WTLS curve over a 131 bit binary field"
+};
+
+static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = {
+ 0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xD4, 0xD6, 0x96, 0xE6, 0x76,
+ 0x87, 0x56, 0x15, 0x17, 0x5A, 0x21, 0xB4, 0x3A, 0x97, 0xE3
+};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = {
+ NID_X9_62_characteristic_two_field,
+ "080000000000000000000000000000010D",
+ "03E5A88919D7CAFCBF415F07C2176573B2",
+ "04B8266A46C55657AC734CE38F018F2192",
+ "0356DCD8F2F95031AD652D23951BB366A8",
+ "0648F06D867940A5366D9E265DE9EB240F",
+ "0400000000000000016954A233049BA98F", 2,
+ _EC_SECG_CHAR2_131R2_SEED, 20,
+ "SECG curve over a 131 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = {
+ NID_X9_62_characteristic_two_field,
+ "0800000000000000000000000000000000000000C9",
+ "1",
+ "1",
+ "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+ "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+ "04000000000000000000020108A2E0CC0D99F8A5EF", 2,
+ NULL, 0,
+ "NIST/SECG/WTLS curve over a 163 bit binary field"
+};
+
+static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = {
+ 0x24, 0xB7, 0xB1, 0x37, 0xC8, 0xA1, 0x4D, 0x69, 0x6E, 0x67,
+ 0x68, 0x75, 0x61, 0x51, 0x75, 0x6F, 0xD0, 0xDA, 0x2E, 0x5C
+};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = {
+ NID_X9_62_characteristic_two_field,
+ "0800000000000000000000000000000000000000C9",
+ "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
+ "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
+ "0369979697AB43897789566789567F787A7876A654",
+ "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
+ "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2,
+ /*
+ * The algorithm used to derive the curve parameters from the seed used
+ * here is slightly different than the algorithm described in X9.62 .
+ */
+#if 0
+ _EC_SECG_CHAR2_163R1_SEED, 20,
+#else
+ NULL, 0,
+#endif
+ "SECG curve over a 163 bit binary field"
+};
+
+static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = {
+ 0x85, 0xE2, 0x5B, 0xFE, 0x5C, 0x86, 0x22, 0x6C, 0xDB, 0x12,
+ 0x01, 0x6F, 0x75, 0x53, 0xF9, 0xD0, 0xE6, 0x93, 0xA2, 0x68
+};
+
+static const EC_CURVE_DATA _EC_NIST_CHAR2_163B = {
+ NID_X9_62_characteristic_two_field,
+ "0800000000000000000000000000000000000000C9",
+ "1",
+ "020A601907B8C953CA1481EB10512F78744A3205FD",
+ "03F0EBA16286A2D57EA0991168D4994637E8343E36",
+ "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+ "040000000000000000000292FE77E70C12A4234C33", 2,
+ /*
+ * The seed here was used to created the curve parameters in normal basis
+ * representation (and not the polynomial representation used here)
+ */
+#if 0
+ _EC_NIST_CHAR2_163B_SEED, 20,
+#else
+ NULL, 0,
+#endif
+ "NIST/SECG curve over a 163 bit binary field"
+};
+
+static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = {
+ 0x10, 0x3F, 0xAE, 0xC7, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75,
+ 0x61, 0x51, 0x75, 0x77, 0x7F, 0xC5, 0xB1, 0x91, 0xEF, 0x30
+};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = {
+ NID_X9_62_characteristic_two_field,
+ "02000000000000000000000000000000000000000000008001",
+ "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
+ "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
+ "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
+ "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
+ "01000000000000000000000000C7F34A778F443ACC920EBA49", 2,
+ _EC_SECG_CHAR2_193R1_SEED, 20,
+ "SECG curve over a 193 bit binary field"
+};
+
+static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = {
+ 0x10, 0xB7, 0xB4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15,
+ 0x17, 0x51, 0x37, 0xC8, 0xA1, 0x6F, 0xD0, 0xDA, 0x22, 0x11
+};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = {
+ NID_X9_62_characteristic_two_field,
+ "02000000000000000000000000000000000000000000008001",
+ "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
+ "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
+ "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
+ "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
+ "010000000000000000000000015AAB561B005413CCD4EE99D5", 2,
+ _EC_SECG_CHAR2_193R2_SEED, 20,
+ "SECG curve over a 193 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = {
+ NID_X9_62_characteristic_two_field,
+ "020000000000000000000000000000000000000004000000000000000001",
+ "0",
+ "1",
+ "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+ "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+ "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4,
+ NULL, 0,
+ "NIST/SECG/WTLS curve over a 233 bit binary field"
+};
+
+static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = {
+ 0x74, 0xD5, 0x9F, 0xF0, 0x7F, 0x6B, 0x41, 0x3D, 0x0E, 0xA1,
+ 0x4B, 0x34, 0x4B, 0x20, 0xA2, 0xDB, 0x04, 0x9B, 0x50, 0xC3
+};
+
+static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = {
+ NID_X9_62_characteristic_two_field,
+ "020000000000000000000000000000000000000004000000000000000001",
+ "000000000000000000000000000000000000000000000000000000000001",
+ "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+ "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+ "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+ "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2,
+ _EC_NIST_CHAR2_233B_SEED, 20,
+ "NIST/SECG/WTLS curve over a 233 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = {
+ NID_X9_62_characteristic_two_field,
+ "800000000000000000004000000000000000000000000000000000000001",
+ "0",
+ "1",
+ "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
+ "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
+ "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4,
+ NULL, 0,
+ "SECG curve over a 239 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = {
+ NID_X9_62_characteristic_two_field,
+ "080000000000000000000000000000000000000000000000000000000000000000001"
+ "0A1",
+ "0",
+ "1",
+ "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492"
+ "836",
+ "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2"
+ "259",
+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163"
+ "C61", 4,
+ NULL, 20,
+ "NIST/SECG curve over a 283 bit binary field"
+};
+
+static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = {
+ 0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D,
+ 0xD5, 0xB6, 0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE
+};
+
+static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = {
+ NID_X9_62_characteristic_two_field,
+ "080000000000000000000000000000000000000000000000000000000000000000001"
+ "0A1",
+ "000000000000000000000000000000000000000000000000000000000000000000000"
+ "001",
+ "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A"
+ "2F5",
+ "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12"
+ "053",
+ "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811"
+ "2F4",
+ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB"
+ "307", 2,
+ _EC_NIST_CHAR2_283B_SEED, 20,
+ "NIST/SECG curve over a 283 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = {
+ NID_X9_62_characteristic_two_field,
+ "020000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000008000000000000000000001",
+ "0",
+ "1",
+ "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601"
+ "89EB5AAAA62EE222EB1B35540CFE9023746",
+ "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6"
+ "C42E9C55215AA9CA27A5863EC48D8E0286B",
+ "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400"
+ "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4,
+ NULL, 0,
+ "NIST/SECG curve over a 409 bit binary field"
+};
+
+static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = {
+ 0x40, 0x99, 0xB5, 0xA4, 0x57, 0xF9, 0xD6, 0x9F, 0x79, 0x21,
+ 0x3D, 0x09, 0x4C, 0x4B, 0xCD, 0x4D, 0x42, 0x62, 0x21, 0x0B
+};
+
+static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = {
+ NID_X9_62_characteristic_two_field,
+ "020000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000008000000000000000000001",
+ "000000000000000000000000000000000000000000000000000000000000000000000"
+ "00000000000000000000000000000000001",
+ "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19"
+ "7B272822F6CD57A55AA4F50AE317B13545F",
+ "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255"
+ "A868A1180515603AEAB60794E54BB7996A7",
+ "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514"
+ "F1FDF4B4F40D2181B3681C364BA0273C706",
+ "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330"
+ "7BE5FA47C3C9E052F838164CD37D9A21173", 2,
+ _EC_NIST_CHAR2_409B_SEED, 20,
+ "NIST/SECG curve over a 409 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = {
+ NID_X9_62_characteristic_two_field,
+ "800000000000000000000000000000000000000000000000000000000000000000000"
+ "000000000000000000000000000000000000000000000000000000000000000000000"
+ "00425",
+ "0",
+ "1",
+ "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709"
+ "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0"
+ "1C8972",
+ "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497"
+ "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E"
+ "F1C7A3",
+ "020000000000000000000000000000000000000000000000000000000000000000000"
+ "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63"
+ "7C1001", 4,
+ NULL, 0,
+ "NIST/SECG curve over a 571 bit binary field"
+};
+
+static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = {
+ 0x2A, 0xA0, 0x58, 0xF7, 0x3A, 0x0E, 0x33, 0xAB, 0x48, 0x6B,
+ 0x0F, 0x61, 0x04, 0x10, 0xC5, 0x3A, 0x7F, 0x13, 0x23, 0x10
+};
+
+static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = {
+ NID_X9_62_characteristic_two_field,
+ "800000000000000000000000000000000000000000000000000000000000000000000"
+ "000000000000000000000000000000000000000000000000000000000000000000000"
+ "00425",
+ "000000000000000000000000000000000000000000000000000000000000000000000"
+ "000000000000000000000000000000000000000000000000000000000000000000000"
+ "000001",
+ "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA"
+ "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29"
+ "55727A",
+ "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53"
+ "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E"
+ "EC2D19",
+ "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423"
+ "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B"
+ "8AC15B",
+ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F"
+ "E84E47", 2,
+ _EC_NIST_CHAR2_571B_SEED, 20,
+ "NIST/SECG curve over a 571 bit binary field"
+};
+
+static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = {
+ 0xD2, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE,
+ 0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x54
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = {
+ NID_X9_62_characteristic_two_field,
+ "080000000000000000000000000000000000000107",
+ "072546B5435234A422E0789675F432C89435DE5242",
+ "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
+ "07AF69989546103D79329FCC3D74880F33BBE803CB",
+ "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
+ "0400000000000000000001E60FC8821CC74DAEAFC1", 2,
+ _EC_X9_62_CHAR2_163V1_SEED, 20,
+ "X9.62 curve over a 163 bit binary field"
+};
+
+static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = {
+ 0x53, 0x81, 0x4C, 0x05, 0x0D, 0x44, 0xD6, 0x96, 0xE6, 0x76,
+ 0x87, 0x56, 0x15, 0x17, 0x58, 0x0C, 0xA4, 0xE2, 0x9F, 0xFD
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = {
+ NID_X9_62_characteristic_two_field,
+ "080000000000000000000000000000000000000107",
+ "0108B39E77C4B108BED981ED0E890E117C511CF072",
+ "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
+ "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
+ "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
+ "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2,
+ _EC_X9_62_CHAR2_163V2_SEED, 20,
+ "X9.62 curve over a 163 bit binary field"
+};
+
+static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = {
+ 0x50, 0xCB, 0xF1, 0xD9, 0x5C, 0xA9, 0x4D, 0x69, 0x6E, 0x67,
+ 0x68, 0x75, 0x61, 0x51, 0x75, 0xF1, 0x6A, 0x36, 0xA3, 0xB8
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = {
+ NID_X9_62_characteristic_two_field,
+ "080000000000000000000000000000000000000107",
+ "07A526C63D3E25A256A007699F5447E32AE456B50E",
+ "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
+ "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
+ "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
+ "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2,
+ _EC_X9_62_CHAR2_163V3_SEED, 20,
+ "X9.62 curve over a 163 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = {
+ NID_X9_62_characteristic_two_field,
+ "0100000000000000000000000000000000080000000007",
+ "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
+ "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
+ "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
+ "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
+ "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E,
+ NULL, 0,
+ "X9.62 curve over a 176 bit binary field"
+};
+
+static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = {
+ 0x4E, 0x13, 0xCA, 0x54, 0x27, 0x44, 0xD6, 0x96, 0xE6, 0x76,
+ 0x87, 0x56, 0x15, 0x17, 0x55, 0x2F, 0x27, 0x9A, 0x8C, 0x84
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = {
+ NID_X9_62_characteristic_two_field,
+ "800000000000000000000000000000000000000000000201",
+ "2866537B676752636A68F56554E12640276B649EF7526267",
+ "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
+ "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
+ "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
+ "40000000000000000000000004A20E90C39067C893BBB9A5", 2,
+ _EC_X9_62_CHAR2_191V1_SEED, 20,
+ "X9.62 curve over a 191 bit binary field"
+};
+
+static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = {
+ 0x08, 0x71, 0xEF, 0x2F, 0xEF, 0x24, 0xD6, 0x96, 0xE6, 0x76,
+ 0x87, 0x56, 0x15, 0x17, 0x58, 0xBE, 0xE0, 0xD9, 0x5C, 0x15
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = {
+ NID_X9_62_characteristic_two_field,
+ "800000000000000000000000000000000000000000000201",
+ "401028774D7777C7B7666D1366EA432071274F89FF01E718",
+ "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
+ "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
+ "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
+ "20000000000000000000000050508CB89F652824E06B8173", 4,
+ _EC_X9_62_CHAR2_191V2_SEED, 20,
+ "X9.62 curve over a 191 bit binary field"
+};
+
+static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = {
+ 0xE0, 0x53, 0x51, 0x2D, 0xC6, 0x84, 0xD6, 0x96, 0xE6, 0x76,
+ 0x87, 0x56, 0x15, 0x17, 0x50, 0x67, 0xAE, 0x78, 0x6D, 0x1F
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = {
+ NID_X9_62_characteristic_two_field,
+ "800000000000000000000000000000000000000000000201",
+ "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
+ "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
+ "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
+ "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
+ "155555555555555555555555610C0B196812BFB6288A3EA3", 6,
+ _EC_X9_62_CHAR2_191V3_SEED, 20,
+ "X9.62 curve over a 191 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = {
+ NID_X9_62_characteristic_two_field,
+ "010000000000000000000000000000000800000000000000000007",
+ "0000000000000000000000000000000000000000000000000000",
+ "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
+ "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
+ "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
+ "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48,
+ NULL, 0,
+ "X9.62 curve over a 208 bit binary field"
+};
+
+static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = {
+ 0xD3, 0x4B, 0x9A, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+ 0x51, 0x75, 0xCA, 0x71, 0xB9, 0x20, 0xBF, 0xEF, 0xB0, 0x5D
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = {
+ NID_X9_62_characteristic_two_field,
+ "800000000000000000000000000000000000000000000000001000000001",
+ "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
+ "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
+ "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
+ "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
+ "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4,
+ _EC_X9_62_CHAR2_239V1_SEED, 20,
+ "X9.62 curve over a 239 bit binary field"
+};
+
+static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = {
+ 0x2A, 0xA6, 0x98, 0x2F, 0xDF, 0xA4, 0xD6, 0x96, 0xE6, 0x76,
+ 0x87, 0x56, 0x15, 0x17, 0x5D, 0x26, 0x67, 0x27, 0x27, 0x7D
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = {
+ NID_X9_62_characteristic_two_field,
+ "800000000000000000000000000000000000000000000000001000000001",
+ "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
+ "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
+ "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
+ "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
+ "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6,
+ _EC_X9_62_CHAR2_239V2_SEED, 20,
+ "X9.62 curve over a 239 bit binary field"
+};
+
+static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = {
+ 0x9E, 0x07, 0x6F, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+ 0x51, 0x75, 0xE1, 0x1E, 0x9F, 0xDD, 0x77, 0xF9, 0x20, 0x41
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = {
+ NID_X9_62_characteristic_two_field,
+ "800000000000000000000000000000000000000000000000001000000001",
+ "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
+ "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
+ "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
+ "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
+ "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA,
+ _EC_X9_62_CHAR2_239V3_SEED, 20,
+ "X9.62 curve over a 239 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = {
+ NID_X9_62_characteristic_two_field,
+ "010000000000000000000000000000000000000000000000000000010000000000000"
+ "B",
+ "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
+ "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
+ "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
+ "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
+ "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
+ 0xFF06,
+ NULL, 0,
+ "X9.62 curve over a 272 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = {
+ NID_X9_62_characteristic_two_field,
+ "010000000000000000000000000000000000000000000000000000000000000000000"
+ "000000807",
+ "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039"
+ "6C8E681",
+ "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558"
+ "27340BE",
+ "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7"
+ "40A2614",
+ "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1"
+ "B92C03B",
+ "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164"
+ "443051D", 0xFE2E,
+ NULL, 0,
+ "X9.62 curve over a 304 bit binary field"
+};
+
+static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = {
+ 0x2B, 0x35, 0x49, 0x20, 0xB7, 0x24, 0xD6, 0x96, 0xE6, 0x76,
+ 0x87, 0x56, 0x15, 0x17, 0x58, 0x5B, 0xA1, 0x33, 0x2D, 0xC6
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = {
+ NID_X9_62_characteristic_two_field,
+ "800000000000000000000000000000000000000000000000000000000000000000000"
+ "000100000000000000001",
+ "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05"
+ "656FB549016A96656A557",
+ "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968"
+ "7742B6329E70680231988",
+ "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9"
+ "8E8E707C07A2239B1B097",
+ "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E"
+ "4AE2DE211305A407104BD",
+ "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9"
+ "64FE7719E74F490758D3B", 0x4C,
+ _EC_X9_62_CHAR2_359V1_SEED, 20,
+ "X9.62 curve over a 359 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = {
+ NID_X9_62_characteristic_two_field,
+ "010000000000000000000000000000000000000000000000000000000000000000000"
+ "0002000000000000000000007",
+ "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62"
+ "F0AB7519CCD2A1A906AE30D",
+ "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112"
+ "D84D164F444F8F74786046A",
+ "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78"
+ "9E927BE216F02E1FB136A5F",
+ "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855"
+ "ADAA81E2A0750B80FDA2310",
+ "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90"
+ "9AE40A6F131E9CFCE5BD967", 0xFF70,
+ NULL, 0,
+ "X9.62 curve over a 368 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = {
+ NID_X9_62_characteristic_two_field,
+ "800000000000000000000000000000000000000000000000000000000000000000000"
+ "000000001000000000000000000000000000001",
+ "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E"
+ "B9906D0957F6C6FEACD615468DF104DE296CD8F",
+ "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6"
+ "26D4E50A8DD731B107A9962381FB5D807BF2618",
+ "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2"
+ "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
+ "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6"
+ "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
+ "0340340340340340340340340340340340340340340340340340340323C313FAB5058"
+ "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760,
+ NULL, 0,
+ "X9.62 curve over a 431 bit binary field"
+};
+
+static const EC_CURVE_DATA _EC_WTLS_1 = {
+ NID_X9_62_characteristic_two_field,
+ "020000000000000000000000000201",
+ "1",
+ "1",
+ "01667979A40BA497E5D5C270780617",
+ "00F44B4AF1ECC2630E08785CEBCC15",
+ "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2,
+ NULL, 0,
+ "WTLS curve over a 113 bit binary field"
+};
+
+/* IPSec curves */
+/*
+ * NOTE: The of curves over a extension field of non prime degree is not
+ * recommended (Weil-descent). As the group order is not a prime this curve
+ * is not suitable for ECDSA.
+ */
+static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = {
+ NID_X9_62_characteristic_two_field,
+ "0800000000000000000000004000000000000001",
+ "0",
+ "07338f",
+ "7b",
+ "1c8",
+ "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C", 3,
+ NULL, 0,
+ "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
+ "\tNot suitable for ECDSA.\n\tQuestionable extension field!"
+};
+
+/*
+ * NOTE: The of curves over a extension field of non prime degree is not
+ * recommended (Weil-descent). As the group order is not a prime this curve
+ * is not suitable for ECDSA.
+ */
+static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = {
+ NID_X9_62_characteristic_two_field,
+ "020000000000000000000000000000200000000000000001",
+ "0",
+ "1ee9",
+ "18",
+ "0d",
+ "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E", 2,
+ NULL, 0,
+ "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
+ "\tNot suitable for ECDSA.\n\tQuestionable extension field!"
+};
+
+typedef struct _ec_list_element_st {
+ int nid;
+ const EC_CURVE_DATA *data;
+} ec_list_element;
+
+static const ec_list_element curve_list[] = {
+ /* prime field curves */
+ /* secg curves */
+ {NID_secp112r1, &_EC_SECG_PRIME_112R1},
+ {NID_secp112r2, &_EC_SECG_PRIME_112R2},
+ {NID_secp128r1, &_EC_SECG_PRIME_128R1},
+ {NID_secp128r2, &_EC_SECG_PRIME_128R2},
+ {NID_secp160k1, &_EC_SECG_PRIME_160K1},
+ {NID_secp160r1, &_EC_SECG_PRIME_160R1},
+ {NID_secp160r2, &_EC_SECG_PRIME_160R2},
+ /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
+ {NID_secp192k1, &_EC_SECG_PRIME_192K1},
+ {NID_secp224k1, &_EC_SECG_PRIME_224K1},
+ {NID_secp224r1, &_EC_NIST_PRIME_224},
+ {NID_secp256k1, &_EC_SECG_PRIME_256K1},
+ /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+ {NID_secp384r1, &_EC_NIST_PRIME_384},
+ {NID_secp521r1, &_EC_NIST_PRIME_521},
+ /* X9.62 curves */
+ {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192},
+ {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2},
+ {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3},
+ {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1},
+ {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2},
+ {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3},
+ {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1},
+ /* characteristic two field curves */
+ /* NIST/SECG curves */
+ {NID_sect113r1, &_EC_SECG_CHAR2_113R1},
+ {NID_sect113r2, &_EC_SECG_CHAR2_113R2},
+ {NID_sect131r1, &_EC_SECG_CHAR2_131R1},
+ {NID_sect131r2, &_EC_SECG_CHAR2_131R2},
+ {NID_sect163k1, &_EC_NIST_CHAR2_163K},
+ {NID_sect163r1, &_EC_SECG_CHAR2_163R1},
+ {NID_sect163r2, &_EC_NIST_CHAR2_163B},
+ {NID_sect193r1, &_EC_SECG_CHAR2_193R1},
+ {NID_sect193r2, &_EC_SECG_CHAR2_193R2},
+ {NID_sect233k1, &_EC_NIST_CHAR2_233K},
+ {NID_sect233r1, &_EC_NIST_CHAR2_233B},
+ {NID_sect239k1, &_EC_SECG_CHAR2_239K1},
+ {NID_sect283k1, &_EC_NIST_CHAR2_283K},
+ {NID_sect283r1, &_EC_NIST_CHAR2_283B},
+ {NID_sect409k1, &_EC_NIST_CHAR2_409K},
+ {NID_sect409r1, &_EC_NIST_CHAR2_409B},
+ {NID_sect571k1, &_EC_NIST_CHAR2_571K},
+ {NID_sect571r1, &_EC_NIST_CHAR2_571B},
+ /* X9.62 curves */
+ {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1},
+ {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2},
+ {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3},
+ {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1},
+ {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1},
+ {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2},
+ {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3},
+ {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1},
+ {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1},
+ {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2},
+ {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3},
+ {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1},
+ {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1},
+ {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1},
+ {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1},
+ {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1},
+ /*
+ * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
+ * from X9.62]
+ */
+ {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1},
+ {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K},
+ {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1},
+ {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1},
+ {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1},
+ {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2},
+ {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8},
+ {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9},
+ {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K},
+ {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B},
+ {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12},
+ /* IPSec curves */
+ {NID_ipsec3, &_EC_IPSEC_155_ID3},
+ {NID_ipsec4, &_EC_IPSEC_185_ID4},
+};
+
+static size_t curve_list_length =
+ sizeof(curve_list) / sizeof(ec_list_element);
+
+static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA * data)
+{
+ EC_GROUP *group = NULL;
+ EC_POINT *P = NULL;
+ BN_CTX *ctx = NULL;
+ BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
+ NULL;
+ int ok = 0;
+
+ if ((ctx = BN_CTX_new()) == NULL) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
+ (b = BN_new()) == NULL || (x = BN_new()) == NULL ||
+ (y = BN_new()) == NULL || (order = BN_new()) == NULL) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a)
+ || !BN_hex2bn(&b, data->b)) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+ goto err;
+ }
+
+ if (data->field_type == NID_X9_62_prime_field) {
+ if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+ } else { /* field_type ==
+ * NID_X9_62_characteristic_two_field */
+ if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+
+ if ((P = EC_POINT_new(group)) == NULL) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y)) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor)) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (!EC_GROUP_set_generator(group, P, order, x)) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (data->seed) {
+ if (!EC_GROUP_set_seed(group, data->seed, data->seed_len)) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+ ok = 1;
+ err:
+ if (!ok) {
+ EC_GROUP_free(group);
+ group = NULL;
+ }
+ if (P)
+ EC_POINT_free(P);
+ if (ctx)
+ BN_CTX_free(ctx);
+ if (p)
+ BN_free(p);
+ if (a)
+ BN_free(a);
+ if (b)
+ BN_free(b);
+ if (order)
+ BN_free(order);
+ if (x)
+ BN_free(x);
+ if (y)
+ BN_free(y);
+ return group;
+}
+
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
+{
+ size_t i;
+ EC_GROUP *ret = NULL;
+
+ if (nid <= 0)
+ return NULL;
+
+ for (i = 0; i < curve_list_length; i++)
+ if (curve_list[i].nid == nid) {
+ ret = ec_group_new_from_data(curve_list[i].data);
+ break;
+ }
+
+ if (ret == NULL) {
+ ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
+ return NULL;
+ }
+
+ EC_GROUP_set_curve_name(ret, nid);
+
+ return ret;
+}
+
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
+{
+ size_t i, min;
+
+ if (r == NULL || nitems == 0)
+ return curve_list_length;
+
+ min = nitems < curve_list_length ? nitems : curve_list_length;
+
+ for (i = 0; i < min; i++) {
+ r[i].nid = curve_list[i].nid;
+ r[i].comment = curve_list[i].data->comment;
+ }
+
+ return curve_list_length;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_cvt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec_cvt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_cvt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,144 +0,0 @@
-/* crypto/ec/ec_cvt.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <openssl/err.h>
-#include "ec_lcl.h"
-
-
-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- const EC_METHOD *meth;
- EC_GROUP *ret;
-
- meth = EC_GFp_nist_method();
-
- ret = EC_GROUP_new(meth);
- if (ret == NULL)
- return NULL;
-
- if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
- {
- unsigned long err;
-
- err = ERR_peek_last_error();
-
- if (!(ERR_GET_LIB(err) == ERR_LIB_EC &&
- ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) ||
- (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME))))
- {
- /* real error */
-
- EC_GROUP_clear_free(ret);
- return NULL;
- }
-
-
- /* not an actual error, we just cannot use EC_GFp_nist_method */
-
- ERR_clear_error();
-
- EC_GROUP_clear_free(ret);
- meth = EC_GFp_mont_method();
-
- ret = EC_GROUP_new(meth);
- if (ret == NULL)
- return NULL;
-
- if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
- {
- EC_GROUP_clear_free(ret);
- return NULL;
- }
- }
-
- return ret;
- }
-
-
-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- const EC_METHOD *meth;
- EC_GROUP *ret;
-
- meth = EC_GF2m_simple_method();
-
- ret = EC_GROUP_new(meth);
- if (ret == NULL)
- return NULL;
-
- if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx))
- {
- EC_GROUP_clear_free(ret);
- return NULL;
- }
-
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_cvt.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec_cvt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_cvt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_cvt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,141 @@
+/* crypto/ec/ec_cvt.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <openssl/err.h>
+#include "ec_lcl.h"
+
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *ctx)
+{
+ const EC_METHOD *meth;
+ EC_GROUP *ret;
+
+ meth = EC_GFp_nist_method();
+
+ ret = EC_GROUP_new(meth);
+ if (ret == NULL)
+ return NULL;
+
+ if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) {
+ unsigned long err;
+
+ err = ERR_peek_last_error();
+
+ if (!(ERR_GET_LIB(err) == ERR_LIB_EC &&
+ ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) ||
+ (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) {
+ /* real error */
+
+ EC_GROUP_clear_free(ret);
+ return NULL;
+ }
+
+ /*
+ * not an actual error, we just cannot use EC_GFp_nist_method
+ */
+
+ ERR_clear_error();
+
+ EC_GROUP_clear_free(ret);
+ meth = EC_GFp_mont_method();
+
+ ret = EC_GROUP_new(meth);
+ if (ret == NULL)
+ return NULL;
+
+ if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) {
+ EC_GROUP_clear_free(ret);
+ return NULL;
+ }
+ }
+
+ return ret;
+}
+
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *ctx)
+{
+ const EC_METHOD *meth;
+ EC_GROUP *ret;
+
+ meth = EC_GF2m_simple_method();
+
+ ret = EC_GROUP_new(meth);
+ if (ret == NULL)
+ return NULL;
+
+ if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) {
+ EC_GROUP_clear_free(ret);
+ return NULL;
+ }
+
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,239 +0,0 @@
-/* crypto/ec/ec_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ec.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
-
-static ERR_STRING_DATA EC_str_functs[]=
- {
-{ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
-{ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
-{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
-{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
-{ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"},
-{ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"},
-{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"},
-{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"},
-{ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"},
-{ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"},
-{ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"},
-{ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY), "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GF2m_simple_group_check_discriminant"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), "ec_GF2m_simple_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GF2m_simple_point_get_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GF2m_simple_point_set_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GF2m_simple_set_compressed_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE), "ec_GFp_mont_field_set_to_one"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE), "ec_GFp_mont_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP), "EC_GFP_MONT_GROUP_SET_CURVE_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"},
-{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"},
-{ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE), "ec_GFp_nist_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GFp_simple_group_check_discriminant"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE), "ec_GFp_simple_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP), "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR), "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE), "ec_GFp_simple_points_make_affine"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES), "ec_GFp_simple_point_get_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES), "ec_GFp_simple_point_set_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES), "ec_GFp_simple_set_compressed_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP), "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},
-{ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"},
-{ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT), "EC_GROUP_check_discriminant"},
-{ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
-{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), "EC_GROUP_get_pentanomial_basis"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS), "EC_GROUP_get_trinomial_basis"},
-{ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
-{ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"},
-{ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"},
-{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
-{ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"},
-{ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"},
-{ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"},
-{ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"},
-{ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"},
-{ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"},
-{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
-{ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"},
-{ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
-{ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
-{ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
-{ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
-{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M), "EC_POINT_get_affine_coordinates_GF2m"},
-{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP), "EC_POINT_get_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_get_Jprojective_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"},
-{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
-{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
-{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
-{ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"},
-{ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
-{ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
-{ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
-{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M), "EC_POINT_set_affine_coordinates_GF2m"},
-{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP), "EC_POINT_set_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M), "EC_POINT_set_compressed_coordinates_GF2m"},
-{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP), "EC_POINT_set_compressed_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP), "EC_POINT_set_Jprojective_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
-{ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"},
-{ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"},
-{ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
-{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
-{ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"},
-{ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"},
-{ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"},
-{ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"},
-{ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA EC_str_reasons[]=
- {
-{ERR_REASON(EC_R_ASN1_ERROR) ,"asn1 error"},
-{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD) ,"asn1 unknown field"},
-{ERR_REASON(EC_R_BUFFER_TOO_SMALL) ,"buffer too small"},
-{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"},
-{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO) ,"discriminant is zero"},
-{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"},
-{ERR_REASON(EC_R_FIELD_TOO_LARGE) ,"field too large"},
-{ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"},
-{ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"},
-{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS) ,"incompatible objects"},
-{ERR_REASON(EC_R_INVALID_ARGUMENT) ,"invalid argument"},
-{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
-{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},
-{ERR_REASON(EC_R_INVALID_ENCODING) ,"invalid encoding"},
-{ERR_REASON(EC_R_INVALID_FIELD) ,"invalid field"},
-{ERR_REASON(EC_R_INVALID_FORM) ,"invalid form"},
-{ERR_REASON(EC_R_INVALID_GROUP_ORDER) ,"invalid group order"},
-{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"},
-{ERR_REASON(EC_R_INVALID_PRIVATE_KEY) ,"invalid private key"},
-{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"},
-{ERR_REASON(EC_R_MISSING_PARAMETERS) ,"missing parameters"},
-{ERR_REASON(EC_R_MISSING_PRIVATE_KEY) ,"missing private key"},
-{ERR_REASON(EC_R_NOT_A_NIST_PRIME) ,"not a NIST prime"},
-{ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),"not a supported NIST prime"},
-{ERR_REASON(EC_R_NOT_IMPLEMENTED) ,"not implemented"},
-{ERR_REASON(EC_R_NOT_INITIALIZED) ,"not initialized"},
-{ERR_REASON(EC_R_NO_FIELD_MOD) ,"no field mod"},
-{ERR_REASON(EC_R_PASSED_NULL_PARAMETER) ,"passed null parameter"},
-{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"},
-{ERR_REASON(EC_R_POINT_AT_INFINITY) ,"point at infinity"},
-{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE) ,"point is not on curve"},
-{ERR_REASON(EC_R_SLOT_FULL) ,"slot full"},
-{ERR_REASON(EC_R_UNDEFINED_GENERATOR) ,"undefined generator"},
-{ERR_REASON(EC_R_UNDEFINED_ORDER) ,"undefined order"},
-{ERR_REASON(EC_R_UNKNOWN_GROUP) ,"unknown group"},
-{ERR_REASON(EC_R_UNKNOWN_ORDER) ,"unknown order"},
-{ERR_REASON(EC_R_UNSUPPORTED_FIELD) ,"unsupported field"},
-{ERR_REASON(EC_R_WRONG_ORDER) ,"wrong order"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_EC_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(EC_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,EC_str_functs);
- ERR_load_strings(0,EC_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,275 @@
+/* crypto/ec/ec_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ec.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
+
+static ERR_STRING_DATA EC_str_functs[] = {
+ {ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
+ {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
+ {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
+ {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
+ {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"},
+ {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"},
+ {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"},
+ {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"},
+ {ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"},
+ {ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"},
+ {ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"},
+ {ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"},
+ {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"},
+ {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"},
+ {ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"},
+ {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"},
+ {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"},
+ {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"},
+ {ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"},
+ {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY),
+ "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"},
+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT),
+ "ec_GF2m_simple_group_check_discriminant"},
+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE),
+ "ec_GF2m_simple_group_set_curve"},
+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"},
+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"},
+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES),
+ "ec_GF2m_simple_point_get_affine_coordinates"},
+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES),
+ "ec_GF2m_simple_point_set_affine_coordinates"},
+ {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES),
+ "ec_GF2m_simple_set_compressed_coordinates"},
+ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
+ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
+ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
+ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE),
+ "ec_GFp_mont_field_set_to_one"},
+ {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
+ {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE),
+ "ec_GFp_mont_group_set_curve"},
+ {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP),
+ "EC_GFP_MONT_GROUP_SET_CURVE_GFP"},
+ {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"},
+ {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"},
+ {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE),
+ "ec_GFp_nist_group_set_curve"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT),
+ "ec_GFp_simple_group_check_discriminant"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE),
+ "ec_GFp_simple_group_set_curve"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP),
+ "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR),
+ "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE),
+ "ec_GFp_simple_points_make_affine"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES),
+ "ec_GFp_simple_point_get_affine_coordinates"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP),
+ "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES),
+ "ec_GFp_simple_point_set_affine_coordinates"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP),
+ "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES),
+ "ec_GFp_simple_set_compressed_coordinates"},
+ {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP),
+ "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},
+ {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"},
+ {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT),
+ "EC_GROUP_check_discriminant"},
+ {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
+ {ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
+ {ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
+ {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"},
+ {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
+ {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"},
+ {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
+ {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS),
+ "EC_GROUP_get_pentanomial_basis"},
+ {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS),
+ "EC_GROUP_get_trinomial_basis"},
+ {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
+ {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"},
+ {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"},
+ {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
+ {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"},
+ {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
+ {ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"},
+ {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
+ {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"},
+ {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"},
+ {ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"},
+ {ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"},
+ {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"},
+ {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"},
+ {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
+ {ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"},
+ {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
+ {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
+ {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
+ {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
+ {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M),
+ "EC_POINT_get_affine_coordinates_GF2m"},
+ {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP),
+ "EC_POINT_get_affine_coordinates_GFp"},
+ {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP),
+ "EC_POINT_get_Jprojective_coordinates_GFp"},
+ {ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"},
+ {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
+ {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
+ {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
+ {ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"},
+ {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
+ {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
+ {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
+ {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M),
+ "EC_POINT_set_affine_coordinates_GF2m"},
+ {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP),
+ "EC_POINT_set_affine_coordinates_GFp"},
+ {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M),
+ "EC_POINT_set_compressed_coordinates_GF2m"},
+ {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP),
+ "EC_POINT_set_compressed_coordinates_GFp"},
+ {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP),
+ "EC_POINT_set_Jprojective_coordinates_GFp"},
+ {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
+ {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"},
+ {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"},
+ {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
+ {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
+ {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"},
+ {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"},
+ {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"},
+ {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"},
+ {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA EC_str_reasons[] = {
+ {ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
+ {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"},
+ {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"},
+ {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),
+ "d2i ecpkparameters failure"},
+ {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"},
+ {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
+ "ec group new by name failure"},
+ {ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"},
+ {ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),
+ "group2pkparameters failure"},
+ {ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),
+ "i2d ecpkparameters failure"},
+ {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS), "incompatible objects"},
+ {ERR_REASON(EC_R_INVALID_ARGUMENT), "invalid argument"},
+ {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT), "invalid compressed point"},
+ {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT), "invalid compression bit"},
+ {ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"},
+ {ERR_REASON(EC_R_INVALID_FIELD), "invalid field"},
+ {ERR_REASON(EC_R_INVALID_FORM), "invalid form"},
+ {ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"},
+ {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
+ {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
+ {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
+ {ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"},
+ {ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"},
+ {ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
+ {ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),
+ "not a supported NIST prime"},
+ {ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"},
+ {ERR_REASON(EC_R_NOT_INITIALIZED), "not initialized"},
+ {ERR_REASON(EC_R_NO_FIELD_MOD), "no field mod"},
+ {ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"},
+ {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),
+ "pkparameters2group failure"},
+ {ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"},
+ {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"},
+ {ERR_REASON(EC_R_SLOT_FULL), "slot full"},
+ {ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"},
+ {ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"},
+ {ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"},
+ {ERR_REASON(EC_R_UNKNOWN_ORDER), "unknown order"},
+ {ERR_REASON(EC_R_UNSUPPORTED_FIELD), "unsupported field"},
+ {ERR_REASON(EC_R_WRONG_ORDER), "wrong order"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_EC_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(EC_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, EC_str_functs);
+ ERR_load_strings(0, EC_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_key.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec_key.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,471 +0,0 @@
-/* crypto/ec/ec_key.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions originally developed by SUN MICROSYSTEMS, INC., and
- * contributed to the OpenSSL project.
- */
-
-#include <string.h>
-#include "ec_lcl.h"
-#include <openssl/err.h>
-
-EC_KEY *EC_KEY_new(void)
- {
- EC_KEY *ret;
-
- ret=(EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));
- if (ret == NULL)
- {
- ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
- ret->version = 1;
- ret->group = NULL;
- ret->pub_key = NULL;
- ret->priv_key= NULL;
- ret->enc_flag= 0;
- ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
- ret->references= 1;
- ret->method_data = NULL;
- return(ret);
- }
-
-EC_KEY *EC_KEY_new_by_curve_name(int nid)
- {
- EC_KEY *ret = EC_KEY_new();
- if (ret == NULL)
- return NULL;
- ret->group = EC_GROUP_new_by_curve_name(nid);
- if (ret->group == NULL)
- {
- EC_KEY_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void EC_KEY_free(EC_KEY *r)
- {
- int i;
-
- if (r == NULL) return;
-
- i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_EC);
-#ifdef REF_PRINT
- REF_PRINT("EC_KEY",r);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"EC_KEY_free, bad reference count\n");
- abort();
- }
-#endif
-
- if (r->group != NULL)
- EC_GROUP_free(r->group);
- if (r->pub_key != NULL)
- EC_POINT_free(r->pub_key);
- if (r->priv_key != NULL)
- BN_clear_free(r->priv_key);
-
- EC_EX_DATA_free_all_data(&r->method_data);
-
- OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
-
- OPENSSL_free(r);
- }
-
-EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
- {
- EC_EXTRA_DATA *d;
-
- if (dest == NULL || src == NULL)
- {
- ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- /* copy the parameters */
- if (src->group)
- {
- const EC_METHOD *meth = EC_GROUP_method_of(src->group);
- /* clear the old group */
- if (dest->group)
- EC_GROUP_free(dest->group);
- dest->group = EC_GROUP_new(meth);
- if (dest->group == NULL)
- return NULL;
- if (!EC_GROUP_copy(dest->group, src->group))
- return NULL;
- }
- /* copy the public key */
- if (src->pub_key && src->group)
- {
- if (dest->pub_key)
- EC_POINT_free(dest->pub_key);
- dest->pub_key = EC_POINT_new(src->group);
- if (dest->pub_key == NULL)
- return NULL;
- if (!EC_POINT_copy(dest->pub_key, src->pub_key))
- return NULL;
- }
- /* copy the private key */
- if (src->priv_key)
- {
- if (dest->priv_key == NULL)
- {
- dest->priv_key = BN_new();
- if (dest->priv_key == NULL)
- return NULL;
- }
- if (!BN_copy(dest->priv_key, src->priv_key))
- return NULL;
- }
- /* copy method/extra data */
- EC_EX_DATA_free_all_data(&dest->method_data);
-
- for (d = src->method_data; d != NULL; d = d->next)
- {
- void *t = d->dup_func(d->data);
-
- if (t == NULL)
- return 0;
- if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func))
- return 0;
- }
-
- /* copy the rest */
- dest->enc_flag = src->enc_flag;
- dest->conv_form = src->conv_form;
- dest->version = src->version;
-
- return dest;
- }
-
-EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
- {
- EC_KEY *ret = EC_KEY_new();
- if (ret == NULL)
- return NULL;
- if (EC_KEY_copy(ret, ec_key) == NULL)
- {
- EC_KEY_free(ret);
- return NULL;
- }
- return ret;
- }
-
-int EC_KEY_up_ref(EC_KEY *r)
- {
- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
-#ifdef REF_PRINT
- REF_PRINT("EC_KEY",r);
-#endif
-#ifdef REF_CHECK
- if (i < 2)
- {
- fprintf(stderr, "EC_KEY_up, bad reference count\n");
- abort();
- }
-#endif
- return ((i > 1) ? 1 : 0);
- }
-
-int EC_KEY_generate_key(EC_KEY *eckey)
- {
- int ok = 0;
- BN_CTX *ctx = NULL;
- BIGNUM *priv_key = NULL, *order = NULL;
- EC_POINT *pub_key = NULL;
-
- if (!eckey || !eckey->group)
- {
- ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
- if ((order = BN_new()) == NULL) goto err;
- if ((ctx = BN_CTX_new()) == NULL) goto err;
-
- if (eckey->priv_key == NULL)
- {
- priv_key = BN_new();
- if (priv_key == NULL)
- goto err;
- }
- else
- priv_key = eckey->priv_key;
-
- if (!EC_GROUP_get_order(eckey->group, order, ctx))
- goto err;
-
- do
- if (!BN_rand_range(priv_key, order))
- goto err;
- while (BN_is_zero(priv_key));
-
- if (eckey->pub_key == NULL)
- {
- pub_key = EC_POINT_new(eckey->group);
- if (pub_key == NULL)
- goto err;
- }
- else
- pub_key = eckey->pub_key;
-
- if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
- goto err;
-
- eckey->priv_key = priv_key;
- eckey->pub_key = pub_key;
-
- ok=1;
-
-err:
- if (order)
- BN_free(order);
- if (pub_key != NULL && eckey->pub_key == NULL)
- EC_POINT_free(pub_key);
- if (priv_key != NULL && eckey->priv_key == NULL)
- BN_free(priv_key);
- if (ctx != NULL)
- BN_CTX_free(ctx);
- return(ok);
- }
-
-int EC_KEY_check_key(const EC_KEY *eckey)
- {
- int ok = 0;
- BN_CTX *ctx = NULL;
- const BIGNUM *order = NULL;
- EC_POINT *point = NULL;
-
- if (!eckey || !eckey->group || !eckey->pub_key)
- {
- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
- if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key))
- {
- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
- goto err;
- }
-
- if ((ctx = BN_CTX_new()) == NULL)
- goto err;
- if ((point = EC_POINT_new(eckey->group)) == NULL)
- goto err;
-
- /* testing whether the pub_key is on the elliptic curve */
- if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx))
- {
- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
- goto err;
- }
- /* testing whether pub_key * order is the point at infinity */
- order = &eckey->group->order;
- if (BN_is_zero(order))
- {
- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
- goto err;
- }
- if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx))
- {
- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
- goto err;
- }
- if (!EC_POINT_is_at_infinity(eckey->group, point))
- {
- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
- goto err;
- }
- /* in case the priv_key is present :
- * check if generator * priv_key == pub_key
- */
- if (eckey->priv_key)
- {
- if (BN_cmp(eckey->priv_key, order) >= 0)
- {
- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
- goto err;
- }
- if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
- NULL, NULL, ctx))
- {
- ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
- goto err;
- }
- if (EC_POINT_cmp(eckey->group, point, eckey->pub_key,
- ctx) != 0)
- {
- ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
- goto err;
- }
- }
- ok = 1;
-err:
- if (ctx != NULL)
- BN_CTX_free(ctx);
- if (point != NULL)
- EC_POINT_free(point);
- return(ok);
- }
-
-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
- {
- return key->group;
- }
-
-int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
- {
- if (key->group != NULL)
- EC_GROUP_free(key->group);
- key->group = EC_GROUP_dup(group);
- return (key->group == NULL) ? 0 : 1;
- }
-
-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
- {
- return key->priv_key;
- }
-
-int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
- {
- if (key->priv_key)
- BN_clear_free(key->priv_key);
- key->priv_key = BN_dup(priv_key);
- return (key->priv_key == NULL) ? 0 : 1;
- }
-
-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
- {
- return key->pub_key;
- }
-
-int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
- {
- if (key->pub_key != NULL)
- EC_POINT_free(key->pub_key);
- key->pub_key = EC_POINT_dup(pub_key, key->group);
- return (key->pub_key == NULL) ? 0 : 1;
- }
-
-unsigned int EC_KEY_get_enc_flags(const EC_KEY *key)
- {
- return key->enc_flag;
- }
-
-void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)
- {
- key->enc_flag = flags;
- }
-
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key)
- {
- return key->conv_form;
- }
-
-void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
- {
- key->conv_form = cform;
- if (key->group != NULL)
- EC_GROUP_set_point_conversion_form(key->group, cform);
- }
-
-void *EC_KEY_get_key_method_data(EC_KEY *key,
- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
- {
- void *ret;
-
- CRYPTO_r_lock(CRYPTO_LOCK_EC);
- ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
- CRYPTO_r_unlock(CRYPTO_LOCK_EC);
-
- return ret;
- }
-
-void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
- {
- EC_EXTRA_DATA *ex_data;
-
- CRYPTO_w_lock(CRYPTO_LOCK_EC);
- ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
- if (ex_data == NULL)
- EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func);
- CRYPTO_w_unlock(CRYPTO_LOCK_EC);
-
- return ex_data;
- }
-
-void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
- {
- if (key->group != NULL)
- EC_GROUP_set_asn1_flag(key->group, flag);
- }
-
-int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
- {
- if (key->group == NULL)
- return 0;
- return EC_GROUP_precompute_mult(key->group, ctx);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_key.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec_key.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_key.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,460 @@
+/* crypto/ec/ec_key.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions originally developed by SUN MICROSYSTEMS, INC., and
+ * contributed to the OpenSSL project.
+ */
+
+#include <string.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+
+EC_KEY *EC_KEY_new(void)
+{
+ EC_KEY *ret;
+
+ ret = (EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));
+ if (ret == NULL) {
+ ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+
+ ret->version = 1;
+ ret->group = NULL;
+ ret->pub_key = NULL;
+ ret->priv_key = NULL;
+ ret->enc_flag = 0;
+ ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
+ ret->references = 1;
+ ret->method_data = NULL;
+ return (ret);
+}
+
+EC_KEY *EC_KEY_new_by_curve_name(int nid)
+{
+ EC_KEY *ret = EC_KEY_new();
+ if (ret == NULL)
+ return NULL;
+ ret->group = EC_GROUP_new_by_curve_name(nid);
+ if (ret->group == NULL) {
+ EC_KEY_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void EC_KEY_free(EC_KEY *r)
+{
+ int i;
+
+ if (r == NULL)
+ return;
+
+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC);
+#ifdef REF_PRINT
+ REF_PRINT("EC_KEY", r);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "EC_KEY_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ if (r->group != NULL)
+ EC_GROUP_free(r->group);
+ if (r->pub_key != NULL)
+ EC_POINT_free(r->pub_key);
+ if (r->priv_key != NULL)
+ BN_clear_free(r->priv_key);
+
+ EC_EX_DATA_free_all_data(&r->method_data);
+
+ OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
+
+ OPENSSL_free(r);
+}
+
+EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
+{
+ EC_EXTRA_DATA *d;
+
+ if (dest == NULL || src == NULL) {
+ ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ /* copy the parameters */
+ if (src->group) {
+ const EC_METHOD *meth = EC_GROUP_method_of(src->group);
+ /* clear the old group */
+ if (dest->group)
+ EC_GROUP_free(dest->group);
+ dest->group = EC_GROUP_new(meth);
+ if (dest->group == NULL)
+ return NULL;
+ if (!EC_GROUP_copy(dest->group, src->group))
+ return NULL;
+ }
+ /* copy the public key */
+ if (src->pub_key && src->group) {
+ if (dest->pub_key)
+ EC_POINT_free(dest->pub_key);
+ dest->pub_key = EC_POINT_new(src->group);
+ if (dest->pub_key == NULL)
+ return NULL;
+ if (!EC_POINT_copy(dest->pub_key, src->pub_key))
+ return NULL;
+ }
+ /* copy the private key */
+ if (src->priv_key) {
+ if (dest->priv_key == NULL) {
+ dest->priv_key = BN_new();
+ if (dest->priv_key == NULL)
+ return NULL;
+ }
+ if (!BN_copy(dest->priv_key, src->priv_key))
+ return NULL;
+ }
+ /* copy method/extra data */
+ EC_EX_DATA_free_all_data(&dest->method_data);
+
+ for (d = src->method_data; d != NULL; d = d->next) {
+ void *t = d->dup_func(d->data);
+
+ if (t == NULL)
+ return 0;
+ if (!EC_EX_DATA_set_data
+ (&dest->method_data, t, d->dup_func, d->free_func,
+ d->clear_free_func))
+ return 0;
+ }
+
+ /* copy the rest */
+ dest->enc_flag = src->enc_flag;
+ dest->conv_form = src->conv_form;
+ dest->version = src->version;
+
+ return dest;
+}
+
+EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
+{
+ EC_KEY *ret = EC_KEY_new();
+ if (ret == NULL)
+ return NULL;
+ if (EC_KEY_copy(ret, ec_key) == NULL) {
+ EC_KEY_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+int EC_KEY_up_ref(EC_KEY *r)
+{
+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
+#ifdef REF_PRINT
+ REF_PRINT("EC_KEY", r);
+#endif
+#ifdef REF_CHECK
+ if (i < 2) {
+ fprintf(stderr, "EC_KEY_up, bad reference count\n");
+ abort();
+ }
+#endif
+ return ((i > 1) ? 1 : 0);
+}
+
+int EC_KEY_generate_key(EC_KEY *eckey)
+{
+ int ok = 0;
+ BN_CTX *ctx = NULL;
+ BIGNUM *priv_key = NULL, *order = NULL;
+ EC_POINT *pub_key = NULL;
+
+ if (!eckey || !eckey->group) {
+ ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ if ((order = BN_new()) == NULL)
+ goto err;
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+
+ if (eckey->priv_key == NULL) {
+ priv_key = BN_new();
+ if (priv_key == NULL)
+ goto err;
+ } else
+ priv_key = eckey->priv_key;
+
+ if (!EC_GROUP_get_order(eckey->group, order, ctx))
+ goto err;
+
+ do
+ if (!BN_rand_range(priv_key, order))
+ goto err;
+ while (BN_is_zero(priv_key)) ;
+
+ if (eckey->pub_key == NULL) {
+ pub_key = EC_POINT_new(eckey->group);
+ if (pub_key == NULL)
+ goto err;
+ } else
+ pub_key = eckey->pub_key;
+
+ if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
+ goto err;
+
+ eckey->priv_key = priv_key;
+ eckey->pub_key = pub_key;
+
+ ok = 1;
+
+ err:
+ if (order)
+ BN_free(order);
+ if (pub_key != NULL && eckey->pub_key == NULL)
+ EC_POINT_free(pub_key);
+ if (priv_key != NULL && eckey->priv_key == NULL)
+ BN_free(priv_key);
+ if (ctx != NULL)
+ BN_CTX_free(ctx);
+ return (ok);
+}
+
+int EC_KEY_check_key(const EC_KEY *eckey)
+{
+ int ok = 0;
+ BN_CTX *ctx = NULL;
+ const BIGNUM *order = NULL;
+ EC_POINT *point = NULL;
+
+ if (!eckey || !eckey->group || !eckey->pub_key) {
+ ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {
+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+ goto err;
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ if ((point = EC_POINT_new(eckey->group)) == NULL)
+ goto err;
+
+ /* testing whether the pub_key is on the elliptic curve */
+ if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {
+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+ goto err;
+ }
+ /* testing whether pub_key * order is the point at infinity */
+ order = &eckey->group->order;
+ if (BN_is_zero(order)) {
+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
+ goto err;
+ }
+ if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
+ ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (!EC_POINT_is_at_infinity(eckey->group, point)) {
+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+ goto err;
+ }
+ /*
+ * in case the priv_key is present : check if generator * priv_key ==
+ * pub_key
+ */
+ if (eckey->priv_key) {
+ if (BN_cmp(eckey->priv_key, order) >= 0) {
+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+ goto err;
+ }
+ if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
+ NULL, NULL, ctx)) {
+ ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
+ ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
+ goto err;
+ }
+ }
+ ok = 1;
+ err:
+ if (ctx != NULL)
+ BN_CTX_free(ctx);
+ if (point != NULL)
+ EC_POINT_free(point);
+ return (ok);
+}
+
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
+{
+ return key->group;
+}
+
+int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
+{
+ if (key->group != NULL)
+ EC_GROUP_free(key->group);
+ key->group = EC_GROUP_dup(group);
+ return (key->group == NULL) ? 0 : 1;
+}
+
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
+{
+ return key->priv_key;
+}
+
+int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
+{
+ if (key->priv_key)
+ BN_clear_free(key->priv_key);
+ key->priv_key = BN_dup(priv_key);
+ return (key->priv_key == NULL) ? 0 : 1;
+}
+
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
+{
+ return key->pub_key;
+}
+
+int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
+{
+ if (key->pub_key != NULL)
+ EC_POINT_free(key->pub_key);
+ key->pub_key = EC_POINT_dup(pub_key, key->group);
+ return (key->pub_key == NULL) ? 0 : 1;
+}
+
+unsigned int EC_KEY_get_enc_flags(const EC_KEY *key)
+{
+ return key->enc_flag;
+}
+
+void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)
+{
+ key->enc_flag = flags;
+}
+
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key)
+{
+ return key->conv_form;
+}
+
+void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
+{
+ key->conv_form = cform;
+ if (key->group != NULL)
+ EC_GROUP_set_point_conversion_form(key->group, cform);
+}
+
+void *EC_KEY_get_key_method_data(EC_KEY *key,
+ void *(*dup_func) (void *),
+ void (*free_func) (void *),
+ void (*clear_free_func) (void *))
+{
+ void *ret;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_EC);
+ ret =
+ EC_EX_DATA_get_data(key->method_data, dup_func, free_func,
+ clear_free_func);
+ CRYPTO_r_unlock(CRYPTO_LOCK_EC);
+
+ return ret;
+}
+
+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
+ void *(*dup_func) (void *),
+ void (*free_func) (void *),
+ void (*clear_free_func) (void *))
+{
+ EC_EXTRA_DATA *ex_data;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_EC);
+ ex_data =
+ EC_EX_DATA_get_data(key->method_data, dup_func, free_func,
+ clear_free_func);
+ if (ex_data == NULL)
+ EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func,
+ clear_free_func);
+ CRYPTO_w_unlock(CRYPTO_LOCK_EC);
+
+ return ex_data;
+}
+
+void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
+{
+ if (key->group != NULL)
+ EC_GROUP_set_asn1_flag(key->group, flag);
+}
+
+int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
+{
+ if (key->group == NULL)
+ return 0;
+ return EC_GROUP_precompute_mult(key->group, ctx);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lcl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec_lcl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,390 +0,0 @@
-/* crypto/ec/ec_lcl.h */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-
-#include <stdlib.h>
-
-#include <openssl/obj_mac.h>
-#include <openssl/ec.h>
-#include <openssl/bn.h>
-
-#if defined(__SUNPRO_C)
-# if __SUNPRO_C >= 0x520
-# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
-# endif
-#endif
-
-/* Structure details are not part of the exported interface,
- * so all this may change in future versions. */
-
-struct ec_method_st {
- /* used by EC_METHOD_get_field_type: */
- int field_type; /* a NID */
-
- /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */
- int (*group_init)(EC_GROUP *);
- void (*group_finish)(EC_GROUP *);
- void (*group_clear_finish)(EC_GROUP *);
- int (*group_copy)(EC_GROUP *, const EC_GROUP *);
-
- /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
- /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
- int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
- int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-
- /* used by EC_GROUP_get_degree: */
- int (*group_get_degree)(const EC_GROUP *);
-
- /* used by EC_GROUP_check: */
- int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *);
-
- /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */
- int (*point_init)(EC_POINT *);
- void (*point_finish)(EC_POINT *);
- void (*point_clear_finish)(EC_POINT *);
- int (*point_copy)(EC_POINT *, const EC_POINT *);
-
- /* used by EC_POINT_set_to_infinity,
- * EC_POINT_set_Jprojective_coordinates_GFp,
- * EC_POINT_get_Jprojective_coordinates_GFp,
- * EC_POINT_set_affine_coordinates_GFp, ..._GF2m,
- * EC_POINT_get_affine_coordinates_GFp, ..._GF2m,
- * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
- */
- int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
- int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
- int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
- int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, const BIGNUM *y, BN_CTX *);
- int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *,
- BIGNUM *x, BIGNUM *y, BN_CTX *);
- int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, int y_bit, BN_CTX *);
-
- /* used by EC_POINT_point2oct, EC_POINT_oct2point: */
- size_t (*point2oct)(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
- unsigned char *buf, size_t len, BN_CTX *);
- int (*oct2point)(const EC_GROUP *, EC_POINT *,
- const unsigned char *buf, size_t len, BN_CTX *);
-
- /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
- int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
- int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
- int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *);
-
- /* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */
- int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *);
- int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *);
- int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-
- /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
- int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *);
- int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
-
- /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult
- * (default implementations are used if the 'mul' pointer is 0): */
- int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
- int (*precompute_mult)(EC_GROUP *group, BN_CTX *);
- int (*have_precompute_mult)(const EC_GROUP *group);
-
-
- /* internal functions */
-
- /* 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 'dbl' so that
- * the same implementations of point operations can be used with different
- * optimized implementations of expensive field operations: */
- int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
- int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
- int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-
- int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */
- int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */
- int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);
-} /* EC_METHOD */;
-
-typedef struct ec_extra_data_st {
- struct ec_extra_data_st *next;
- void *data;
- void *(*dup_func)(void *);
- void (*free_func)(void *);
- void (*clear_free_func)(void *);
-} EC_EXTRA_DATA; /* used in EC_GROUP */
-
-struct ec_group_st {
- const EC_METHOD *meth;
-
- EC_POINT *generator; /* optional */
- BIGNUM order, cofactor;
-
- int curve_name;/* optional NID for named curve */
- int asn1_flag; /* flag to control the asn1 encoding */
- point_conversion_form_t asn1_form;
-
- unsigned char *seed; /* optional seed for parameters (appears in ASN1) */
- size_t seed_len;
-
- EC_EXTRA_DATA *extra_data; /* linked list */
-
- /* The following members are handled by the method functions,
- * even if they appear generic */
-
- BIGNUM field; /* Field specification.
- * For curves over GF(p), this is the modulus;
- * for curves over GF(2^m), this is the
- * irreducible polynomial defining the field.
- */
-
- unsigned int poly[5]; /* Field specification for curves over GF(2^m).
- * The irreducible f(t) is then of the form:
- * t^poly[0] + t^poly[1] + ... + t^poly[k]
- * where m = poly[0] > poly[1] > ... > poly[k] = 0.
- */
-
- BIGNUM a, b; /* Curve coefficients.
- * (Here the assumption is that BIGNUMs can be used
- * or abused for all kinds of fields, not just GF(p).)
- * For characteristic > 3, the curve is defined
- * by a Weierstrass equation of the form
- * y^2 = x^3 + a*x + b.
- * For characteristic 2, the curve is defined by
- * an equation of the form
- * y^2 + x*y = x^3 + a*x^2 + b.
- */
-
- int a_is_minus3; /* enable optimized point arithmetics for special case */
-
- void *field_data1; /* method-specific (e.g., Montgomery structure) */
- void *field_data2; /* method-specific */
- int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */
-} /* EC_GROUP */;
-
-struct ec_key_st {
- int version;
-
- EC_GROUP *group;
-
- EC_POINT *pub_key;
- BIGNUM *priv_key;
-
- unsigned int enc_flag;
- point_conversion_form_t conv_form;
-
- int references;
-
- EC_EXTRA_DATA *method_data;
-} /* EC_KEY */;
-
-/* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only
- * (with visibility limited to 'package' level for now).
- * We use the function pointers as index for retrieval; this obviates
- * global ex_data-style index tables.
- */
-int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data,
- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *,
- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_EX_DATA_free_data(EC_EXTRA_DATA **,
- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **,
- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **);
-void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **);
-
-
-
-struct ec_point_st {
- const EC_METHOD *meth;
-
- /* All members except 'meth' are handled by the method functions,
- * even if they appear generic */
-
- BIGNUM X;
- BIGNUM Y;
- BIGNUM Z; /* Jacobian projective coordinates:
- * (X, Y, Z) represents (X/Z^2, Y/Z^3) if Z != 0 */
- int Z_is_one; /* enable optimized point arithmetics for special case */
-} /* EC_POINT */;
-
-
-
-/* method functions in ec_mult.c
- * (ec_lib.c uses these as defaults if group->method->mul is 0) */
-int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
-int ec_wNAF_have_precompute_mult(const EC_GROUP *group);
-
-
-/* method functions in ecp_smpl.c */
-int ec_GFp_simple_group_init(EC_GROUP *);
-void ec_GFp_simple_group_finish(EC_GROUP *);
-void ec_GFp_simple_group_clear_finish(EC_GROUP *);
-int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_group_get_degree(const EC_GROUP *);
-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
-int ec_GFp_simple_point_init(EC_POINT *);
-void ec_GFp_simple_point_finish(EC_POINT *);
-void ec_GFp_simple_point_clear_finish(EC_POINT *);
-int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
-int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
-int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,
- BIGNUM *x, BIGNUM *y, BN_CTX *);
-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, int y_bit, BN_CTX *);
-size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
- unsigned char *buf, size_t len, BN_CTX *);
-int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
- const unsigned char *buf, size_t len, BN_CTX *);
-int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
-int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
-int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
-int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
-int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-
-
-/* method functions in ecp_mont.c */
-int ec_GFp_mont_group_init(EC_GROUP *);
-int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-void ec_GFp_mont_group_finish(EC_GROUP *);
-void ec_GFp_mont_group_clear_finish(EC_GROUP *);
-int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
-
-
-/* method functions in ecp_nist.c */
-int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
-int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-
-
-/* method functions in ec2_smpl.c */
-int ec_GF2m_simple_group_init(EC_GROUP *);
-void ec_GF2m_simple_group_finish(EC_GROUP *);
-void ec_GF2m_simple_group_clear_finish(EC_GROUP *);
-int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-int ec_GF2m_simple_group_get_degree(const EC_GROUP *);
-int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
-int ec_GF2m_simple_point_init(EC_POINT *);
-void ec_GF2m_simple_point_finish(EC_POINT *);
-void ec_GF2m_simple_point_clear_finish(EC_POINT *);
-int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);
-int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
-int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,
- BIGNUM *x, BIGNUM *y, BN_CTX *);
-int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
- const BIGNUM *x, int y_bit, BN_CTX *);
-size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
- unsigned char *buf, size_t len, BN_CTX *);
-int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,
- const unsigned char *buf, size_t len, BN_CTX *);
-int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
-int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
-int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
-int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
-int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-
-
-/* method functions in ec2_mult.c */
-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lcl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec_lcl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lcl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,444 @@
+/* crypto/ec/ec_lcl.h */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdlib.h>
+
+#include <openssl/obj_mac.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+
+#if defined(__SUNPRO_C)
+# if __SUNPRO_C >= 0x520
+# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
+# endif
+#endif
+
+/*
+ * Structure details are not part of the exported interface, so all this may
+ * change in future versions.
+ */
+
+struct ec_method_st {
+ /* used by EC_METHOD_get_field_type: */
+ int field_type; /* a NID */
+ /*
+ * used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free,
+ * EC_GROUP_copy:
+ */
+ int (*group_init) (EC_GROUP *);
+ void (*group_finish) (EC_GROUP *);
+ void (*group_clear_finish) (EC_GROUP *);
+ int (*group_copy) (EC_GROUP *, const EC_GROUP *);
+ /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
+ /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
+ int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+ int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+ BN_CTX *);
+ /* used by EC_GROUP_get_degree: */
+ int (*group_get_degree) (const EC_GROUP *);
+ /* used by EC_GROUP_check: */
+ int (*group_check_discriminant) (const EC_GROUP *, BN_CTX *);
+ /*
+ * used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free,
+ * EC_POINT_copy:
+ */
+ int (*point_init) (EC_POINT *);
+ void (*point_finish) (EC_POINT *);
+ void (*point_clear_finish) (EC_POINT *);
+ int (*point_copy) (EC_POINT *, const EC_POINT *);
+ /*-
+ * used by EC_POINT_set_to_infinity,
+ * EC_POINT_set_Jprojective_coordinates_GFp,
+ * EC_POINT_get_Jprojective_coordinates_GFp,
+ * EC_POINT_set_affine_coordinates_GFp, ..._GF2m,
+ * EC_POINT_get_affine_coordinates_GFp, ..._GF2m,
+ * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
+ */
+ int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *);
+ int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *,
+ EC_POINT *, const BIGNUM *x,
+ const BIGNUM *y,
+ const BIGNUM *z, BN_CTX *);
+ int (*point_get_Jprojective_coordinates_GFp) (const EC_GROUP *,
+ const EC_POINT *, BIGNUM *x,
+ BIGNUM *y, BIGNUM *z,
+ BN_CTX *);
+ int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *,
+ const BIGNUM *x, const BIGNUM *y,
+ BN_CTX *);
+ int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *,
+ BIGNUM *x, BIGNUM *y, BN_CTX *);
+ int (*point_set_compressed_coordinates) (const EC_GROUP *, EC_POINT *,
+ const BIGNUM *x, int y_bit,
+ BN_CTX *);
+ /* used by EC_POINT_point2oct, EC_POINT_oct2point: */
+ size_t (*point2oct) (const EC_GROUP *, const EC_POINT *,
+ point_conversion_form_t form, unsigned char *buf,
+ size_t len, BN_CTX *);
+ int (*oct2point) (const EC_GROUP *, EC_POINT *, const unsigned char *buf,
+ size_t len, BN_CTX *);
+ /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
+ int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+ const EC_POINT *b, BN_CTX *);
+ int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+ int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *);
+ /*
+ * used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp:
+ */
+ int (*is_at_infinity) (const EC_GROUP *, const EC_POINT *);
+ int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *);
+ int (*point_cmp) (const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+ BN_CTX *);
+ /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
+ int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *);
+ int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[],
+ BN_CTX *);
+ /*
+ * used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult,
+ * EC_POINT_have_precompute_mult (default implementations are used if the
+ * 'mul' pointer is 0):
+ */
+ int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+ size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+ BN_CTX *);
+ int (*precompute_mult) (EC_GROUP *group, BN_CTX *);
+ int (*have_precompute_mult) (const EC_GROUP *group);
+ /* internal functions */
+ /*
+ * 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and
+ * 'dbl' so that the same implementations of point operations can be used
+ * with different optimized implementations of expensive field
+ * operations:
+ */
+ int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+ int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+ int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+ /* e.g. to Montgomery */
+ int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ BN_CTX *);
+ /* e.g. from Montgomery */
+ int (*field_decode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ BN_CTX *);
+ int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *);
+} /* EC_METHOD */ ;
+
+typedef struct ec_extra_data_st {
+ struct ec_extra_data_st *next;
+ void *data;
+ void *(*dup_func) (void *);
+ void (*free_func) (void *);
+ void (*clear_free_func) (void *);
+} EC_EXTRA_DATA; /* used in EC_GROUP */
+
+struct ec_group_st {
+ const EC_METHOD *meth;
+ EC_POINT *generator; /* optional */
+ BIGNUM order, cofactor;
+ int curve_name; /* optional NID for named curve */
+ int asn1_flag; /* flag to control the asn1 encoding */
+ point_conversion_form_t asn1_form;
+ unsigned char *seed; /* optional seed for parameters (appears in
+ * ASN1) */
+ size_t seed_len;
+ EC_EXTRA_DATA *extra_data; /* linked list */
+ /*
+ * The following members are handled by the method functions, even if
+ * they appear generic
+ */
+ /*
+ * Field specification. For curves over GF(p), this is the modulus; for
+ * curves over GF(2^m), this is the irreducible polynomial defining the
+ * field.
+ */
+ BIGNUM field;
+ /*
+ * Field specification for curves over GF(2^m). The irreducible f(t) is
+ * then of the form: t^poly[0] + t^poly[1] + ... + t^poly[k] where m =
+ * poly[0] > poly[1] > ... > poly[k] = 0.
+ */
+ unsigned int poly[5];
+ /*
+ * Curve coefficients. (Here the assumption is that BIGNUMs can be used
+ * or abused for all kinds of fields, not just GF(p).) For characteristic
+ * > 3, the curve is defined by a Weierstrass equation of the form y^2 =
+ * x^3 + a*x + b. For characteristic 2, the curve is defined by an
+ * equation of the form y^2 + x*y = x^3 + a*x^2 + b.
+ */
+ BIGNUM a, b;
+ /* enable optimized point arithmetics for special case */
+ int a_is_minus3;
+ /* method-specific (e.g., Montgomery structure) */
+ void *field_data1;
+ /* method-specific */
+ void *field_data2;
+ /* method-specific */
+ int (*field_mod_func) (BIGNUM *, const BIGNUM *, const BIGNUM *,
+ BN_CTX *);
+} /* EC_GROUP */ ;
+
+struct ec_key_st {
+ int version;
+ EC_GROUP *group;
+ EC_POINT *pub_key;
+ BIGNUM *priv_key;
+ unsigned int enc_flag;
+ point_conversion_form_t conv_form;
+ int references;
+ EC_EXTRA_DATA *method_data;
+} /* EC_KEY */ ;
+
+/*
+ * Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs
+ * only (with visibility limited to 'package' level for now). We use the
+ * function pointers as index for retrieval; this obviates global
+ * ex_data-style index tables.
+ */
+int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data,
+ void *(*dup_func) (void *),
+ void (*free_func) (void *),
+ void (*clear_free_func) (void *));
+void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *, void *(*dup_func) (void *),
+ void (*free_func) (void *),
+ void (*clear_free_func) (void *));
+void EC_EX_DATA_free_data(EC_EXTRA_DATA **, void *(*dup_func) (void *),
+ void (*free_func) (void *),
+ void (*clear_free_func) (void *));
+void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **, void *(*dup_func) (void *),
+ void (*free_func) (void *),
+ void (*clear_free_func) (void *));
+void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **);
+void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **);
+
+struct ec_point_st {
+ const EC_METHOD *meth;
+ /*
+ * All members except 'meth' are handled by the method functions, even if
+ * they appear generic
+ */
+ BIGNUM X;
+ BIGNUM Y;
+ BIGNUM Z; /* Jacobian projective coordinates: (X, Y, Z)
+ * represents (X/Z^2, Y/Z^3) if Z != 0 */
+ int Z_is_one; /* enable optimized point arithmetics for
+ * special case */
+} /* EC_POINT */ ;
+
+/*
+ * method functions in ec_mult.c (ec_lib.c uses these as defaults if
+ * group->method->mul is 0)
+ */
+int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+ size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+ BN_CTX *);
+int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
+int ec_wNAF_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ecp_smpl.c */
+int ec_GFp_simple_group_init(EC_GROUP *);
+void ec_GFp_simple_group_finish(EC_GROUP *);
+void ec_GFp_simple_group_clear_finish(EC_GROUP *);
+int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p,
+ const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
+ BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_degree(const EC_GROUP *);
+int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
+int ec_GFp_simple_point_init(EC_POINT *);
+void ec_GFp_simple_point_finish(EC_POINT *);
+void ec_GFp_simple_point_clear_finish(EC_POINT *);
+int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *,
+ EC_POINT *, const BIGNUM *x,
+ const BIGNUM *y,
+ const BIGNUM *z, BN_CTX *);
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *,
+ const EC_POINT *, BIGNUM *x,
+ BIGNUM *y, BIGNUM *z,
+ BN_CTX *);
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+ const BIGNUM *x,
+ const BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *,
+ const EC_POINT *, BIGNUM *x,
+ BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
+ const BIGNUM *x, int y_bit,
+ BN_CTX *);
+size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *,
+ point_conversion_form_t form,
+ unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
+ const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+ const EC_POINT *b, BN_CTX *);
+int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+ BN_CTX *);
+int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+ BN_CTX *);
+int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num,
+ EC_POINT *[], BN_CTX *);
+int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ BN_CTX *);
+
+/* method functions in ecp_mont.c */
+int ec_GFp_mont_group_init(EC_GROUP *);
+int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+void ec_GFp_mont_group_finish(EC_GROUP *);
+void ec_GFp_mont_group_clear_finish(EC_GROUP *);
+int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ BN_CTX *);
+int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ BN_CTX *);
+int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ BN_CTX *);
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+
+/* method functions in ecp_nist.c */
+int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
+int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ BN_CTX *);
+
+/* method functions in ec2_smpl.c */
+int ec_GF2m_simple_group_init(EC_GROUP *);
+void ec_GF2m_simple_group_finish(EC_GROUP *);
+void ec_GF2m_simple_group_clear_finish(EC_GROUP *);
+int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p,
+ const BIGNUM *a, const BIGNUM *b,
+ BN_CTX *);
+int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
+ BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_group_get_degree(const EC_GROUP *);
+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
+int ec_GF2m_simple_point_init(EC_POINT *);
+void ec_GF2m_simple_point_finish(EC_POINT *);
+void ec_GF2m_simple_point_clear_finish(EC_POINT *);
+int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+ const BIGNUM *x,
+ const BIGNUM *y, BN_CTX *);
+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *,
+ const EC_POINT *, BIGNUM *x,
+ BIGNUM *y, BN_CTX *);
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
+ const BIGNUM *x, int y_bit,
+ BN_CTX *);
+size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *,
+ point_conversion_form_t form,
+ unsigned char *buf, size_t len, BN_CTX *);
+int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,
+ const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+ const EC_POINT *b, BN_CTX *);
+int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+ BN_CTX *);
+int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+ BN_CTX *);
+int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num,
+ EC_POINT *[], BN_CTX *);
+int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ BN_CTX *);
+int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *);
+
+/* method functions in ec2_mult.c */
+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
+ const BIGNUM *scalar, size_t num,
+ const EC_POINT *points[], const BIGNUM *scalars[],
+ BN_CTX *);
+int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1164 +0,0 @@
-/* crypto/ec/ec_lib.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <string.h>
-
-#include <openssl/err.h>
-#include <openssl/opensslv.h>
-
-#include "ec_lcl.h"
-
-static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
-
-
-/* functions for EC_GROUP objects */
-
-EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
- {
- EC_GROUP *ret;
-
- if (meth == NULL)
- {
- ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- if (meth->group_init == 0)
- {
- ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return NULL;
- }
-
- ret = OPENSSL_malloc(sizeof *ret);
- if (ret == NULL)
- {
- ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- ret->meth = meth;
-
- ret->extra_data = NULL;
-
- ret->generator = NULL;
- BN_init(&ret->order);
- BN_init(&ret->cofactor);
-
- ret->curve_name = 0;
- ret->asn1_flag = 0;
- ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
-
- ret->seed = NULL;
- ret->seed_len = 0;
-
- if (!meth->group_init(ret))
- {
- OPENSSL_free(ret);
- return NULL;
- }
-
- return ret;
- }
-
-
-void EC_GROUP_free(EC_GROUP *group)
- {
- if (!group) return;
-
- if (group->meth->group_finish != 0)
- group->meth->group_finish(group);
-
- EC_EX_DATA_free_all_data(&group->extra_data);
-
- if (group->generator != NULL)
- EC_POINT_free(group->generator);
- BN_free(&group->order);
- BN_free(&group->cofactor);
-
- if (group->seed)
- OPENSSL_free(group->seed);
-
- OPENSSL_free(group);
- }
-
-
-void EC_GROUP_clear_free(EC_GROUP *group)
- {
- if (!group) return;
-
- if (group->meth->group_clear_finish != 0)
- group->meth->group_clear_finish(group);
- else if (group->meth->group_finish != 0)
- group->meth->group_finish(group);
-
- EC_EX_DATA_clear_free_all_data(&group->extra_data);
-
- if (group->generator != NULL)
- EC_POINT_clear_free(group->generator);
- BN_clear_free(&group->order);
- BN_clear_free(&group->cofactor);
-
- if (group->seed)
- {
- OPENSSL_cleanse(group->seed, group->seed_len);
- OPENSSL_free(group->seed);
- }
-
- OPENSSL_cleanse(group, sizeof *group);
- OPENSSL_free(group);
- }
-
-
-int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
- {
- EC_EXTRA_DATA *d;
-
- if (dest->meth->group_copy == 0)
- {
- ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (dest->meth != src->meth)
- {
- ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- if (dest == src)
- return 1;
-
- EC_EX_DATA_free_all_data(&dest->extra_data);
-
- for (d = src->extra_data; d != NULL; d = d->next)
- {
- void *t = d->dup_func(d->data);
-
- if (t == NULL)
- return 0;
- if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func))
- return 0;
- }
-
- if (src->generator != NULL)
- {
- if (dest->generator == NULL)
- {
- dest->generator = EC_POINT_new(dest);
- if (dest->generator == NULL) return 0;
- }
- if (!EC_POINT_copy(dest->generator, src->generator)) return 0;
- }
- else
- {
- /* src->generator == NULL */
- if (dest->generator != NULL)
- {
- EC_POINT_clear_free(dest->generator);
- dest->generator = NULL;
- }
- }
-
- if (!BN_copy(&dest->order, &src->order)) return 0;
- if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0;
-
- dest->curve_name = src->curve_name;
- dest->asn1_flag = src->asn1_flag;
- dest->asn1_form = src->asn1_form;
-
- if (src->seed)
- {
- if (dest->seed)
- OPENSSL_free(dest->seed);
- dest->seed = OPENSSL_malloc(src->seed_len);
- if (dest->seed == NULL)
- return 0;
- if (!memcpy(dest->seed, src->seed, src->seed_len))
- return 0;
- dest->seed_len = src->seed_len;
- }
- else
- {
- if (dest->seed)
- OPENSSL_free(dest->seed);
- dest->seed = NULL;
- dest->seed_len = 0;
- }
-
-
- return dest->meth->group_copy(dest, src);
- }
-
-
-EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
- {
- EC_GROUP *t = NULL;
- int ok = 0;
-
- if (a == NULL) return NULL;
-
- if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL);
- if (!EC_GROUP_copy(t, a)) goto err;
-
- ok = 1;
-
- err:
- if (!ok)
- {
- if (t) EC_GROUP_free(t);
- return NULL;
- }
- else return t;
- }
-
-
-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
- {
- return group->meth;
- }
-
-
-int EC_METHOD_get_field_type(const EC_METHOD *meth)
- {
- return meth->field_type;
- }
-
-
-int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor)
- {
- if (generator == NULL)
- {
- ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
- return 0 ;
- }
-
- if (group->generator == NULL)
- {
- group->generator = EC_POINT_new(group);
- if (group->generator == NULL) return 0;
- }
- if (!EC_POINT_copy(group->generator, generator)) return 0;
-
- if (order != NULL)
- { if (!BN_copy(&group->order, order)) return 0; }
- else
- BN_zero(&group->order);
-
- if (cofactor != NULL)
- { if (!BN_copy(&group->cofactor, cofactor)) return 0; }
- else
- BN_zero(&group->cofactor);
-
- return 1;
- }
-
-
-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
- {
- return group->generator;
- }
-
-
-int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
- {
- if (!BN_copy(order, &group->order))
- return 0;
-
- return !BN_is_zero(order);
- }
-
-
-int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
- {
- if (!BN_copy(cofactor, &group->cofactor))
- return 0;
-
- return !BN_is_zero(&group->cofactor);
- }
-
-
-void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
- {
- group->curve_name = nid;
- }
-
-
-int EC_GROUP_get_curve_name(const EC_GROUP *group)
- {
- return group->curve_name;
- }
-
-
-void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
- {
- group->asn1_flag = flag;
- }
-
-
-int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
- {
- return group->asn1_flag;
- }
-
-
-void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
- point_conversion_form_t form)
- {
- group->asn1_form = form;
- }
-
-
-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group)
- {
- return group->asn1_form;
- }
-
-
-size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
- {
- if (group->seed)
- {
- OPENSSL_free(group->seed);
- group->seed = NULL;
- group->seed_len = 0;
- }
-
- if (!len || !p)
- return 1;
-
- if ((group->seed = OPENSSL_malloc(len)) == NULL)
- return 0;
- memcpy(group->seed, p, len);
- group->seed_len = len;
-
- return len;
- }
-
-
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
- {
- return group->seed;
- }
-
-
-size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
- {
- return group->seed_len;
- }
-
-
-int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- if (group->meth->group_set_curve == 0)
- {
- ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- return group->meth->group_set_curve(group, p, a, b, ctx);
- }
-
-
-int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
- {
- if (group->meth->group_get_curve == 0)
- {
- ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- return group->meth->group_get_curve(group, p, a, b, ctx);
- }
-
-
-int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- if (group->meth->group_set_curve == 0)
- {
- ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- return group->meth->group_set_curve(group, p, a, b, ctx);
- }
-
-
-int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
- {
- if (group->meth->group_get_curve == 0)
- {
- ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- return group->meth->group_get_curve(group, p, a, b, ctx);
- }
-
-
-int EC_GROUP_get_degree(const EC_GROUP *group)
- {
- if (group->meth->group_get_degree == 0)
- {
- ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- return group->meth->group_get_degree(group);
- }
-
-
-int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
- {
- if (group->meth->group_check_discriminant == 0)
- {
- ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- return group->meth->group_check_discriminant(group, ctx);
- }
-
-
-int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
- {
- int r = 0;
- BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
- BN_CTX *ctx_new = NULL;
-
- /* compare the field types*/
- if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
- EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
- return 1;
- /* compare the curve name (if present in both) */
- if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
- EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
- return 1;
-
- if (!ctx)
- ctx_new = ctx = BN_CTX_new();
- if (!ctx)
- return -1;
-
- BN_CTX_start(ctx);
- a1 = BN_CTX_get(ctx);
- a2 = BN_CTX_get(ctx);
- a3 = BN_CTX_get(ctx);
- b1 = BN_CTX_get(ctx);
- b2 = BN_CTX_get(ctx);
- b3 = BN_CTX_get(ctx);
- if (!b3)
- {
- BN_CTX_end(ctx);
- if (ctx_new)
- BN_CTX_free(ctx);
- return -1;
- }
-
- /* XXX This approach assumes that the external representation
- * of curves over the same field type is the same.
- */
- if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
- !b->meth->group_get_curve(b, b1, b2, b3, ctx))
- r = 1;
-
- if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
- r = 1;
-
- /* XXX EC_POINT_cmp() assumes that the methods are equal */
- if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
- EC_GROUP_get0_generator(b), ctx))
- r = 1;
-
- if (!r)
- {
- /* compare the order and cofactor */
- if (!EC_GROUP_get_order(a, a1, ctx) ||
- !EC_GROUP_get_order(b, b1, ctx) ||
- !EC_GROUP_get_cofactor(a, a2, ctx) ||
- !EC_GROUP_get_cofactor(b, b2, ctx))
- {
- BN_CTX_end(ctx);
- if (ctx_new)
- BN_CTX_free(ctx);
- return -1;
- }
- if (BN_cmp(a1, b1) || BN_cmp(a2, b2))
- r = 1;
- }
-
- BN_CTX_end(ctx);
- if (ctx_new)
- BN_CTX_free(ctx);
-
- return r;
- }
-
-
-/* this has 'package' visibility */
-int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
- {
- EC_EXTRA_DATA *d;
-
- if (ex_data == NULL)
- return 0;
-
- for (d = *ex_data; d != NULL; d = d->next)
- {
- if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)
- {
- ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
- return 0;
- }
- }
-
- if (data == NULL)
- /* no explicit entry needed */
- return 1;
-
- d = OPENSSL_malloc(sizeof *d);
- if (d == NULL)
- return 0;
-
- d->data = data;
- d->dup_func = dup_func;
- d->free_func = free_func;
- d->clear_free_func = clear_free_func;
-
- d->next = *ex_data;
- *ex_data = d;
-
- return 1;
- }
-
-/* this has 'package' visibility */
-void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data,
- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
- {
- const EC_EXTRA_DATA *d;
-
- for (d = ex_data; d != NULL; d = d->next)
- {
- if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)
- return d->data;
- }
-
- return NULL;
- }
-
-/* this has 'package' visibility */
-void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data,
- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
- {
- EC_EXTRA_DATA **p;
-
- if (ex_data == NULL)
- return;
-
- for (p = ex_data; *p != NULL; p = &((*p)->next))
- {
- if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func)
- {
- EC_EXTRA_DATA *next = (*p)->next;
-
- (*p)->free_func((*p)->data);
- OPENSSL_free(*p);
-
- *p = next;
- return;
- }
- }
- }
-
-/* this has 'package' visibility */
-void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data,
- void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
- {
- EC_EXTRA_DATA **p;
-
- if (ex_data == NULL)
- return;
-
- for (p = ex_data; *p != NULL; p = &((*p)->next))
- {
- if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func)
- {
- EC_EXTRA_DATA *next = (*p)->next;
-
- (*p)->clear_free_func((*p)->data);
- OPENSSL_free(*p);
-
- *p = next;
- return;
- }
- }
- }
-
-/* this has 'package' visibility */
-void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data)
- {
- EC_EXTRA_DATA *d;
-
- if (ex_data == NULL)
- return;
-
- d = *ex_data;
- while (d)
- {
- EC_EXTRA_DATA *next = d->next;
-
- d->free_func(d->data);
- OPENSSL_free(d);
-
- d = next;
- }
- *ex_data = NULL;
- }
-
-/* this has 'package' visibility */
-void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data)
- {
- EC_EXTRA_DATA *d;
-
- if (ex_data == NULL)
- return;
-
- d = *ex_data;
- while (d)
- {
- EC_EXTRA_DATA *next = d->next;
-
- d->clear_free_func(d->data);
- OPENSSL_free(d);
-
- d = next;
- }
- *ex_data = NULL;
- }
-
-
-/* functions for EC_POINT objects */
-
-EC_POINT *EC_POINT_new(const EC_GROUP *group)
- {
- EC_POINT *ret;
-
- if (group == NULL)
- {
- ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- if (group->meth->point_init == 0)
- {
- ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return NULL;
- }
-
- ret = OPENSSL_malloc(sizeof *ret);
- if (ret == NULL)
- {
- ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- ret->meth = group->meth;
-
- if (!ret->meth->point_init(ret))
- {
- OPENSSL_free(ret);
- return NULL;
- }
-
- return ret;
- }
-
-
-void EC_POINT_free(EC_POINT *point)
- {
- if (!point) return;
-
- if (point->meth->point_finish != 0)
- point->meth->point_finish(point);
- OPENSSL_free(point);
- }
-
-
-void EC_POINT_clear_free(EC_POINT *point)
- {
- if (!point) return;
-
- if (point->meth->point_clear_finish != 0)
- point->meth->point_clear_finish(point);
- else if (point->meth != NULL && point->meth->point_finish != 0)
- point->meth->point_finish(point);
- OPENSSL_cleanse(point, sizeof *point);
- OPENSSL_free(point);
- }
-
-
-int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
- {
- if (dest->meth->point_copy == 0)
- {
- ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (dest->meth != src->meth)
- {
- ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- if (dest == src)
- return 1;
- return dest->meth->point_copy(dest, src);
- }
-
-
-EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
- {
- EC_POINT *t;
- int r;
-
- if (a == NULL) return NULL;
-
- t = EC_POINT_new(group);
- if (t == NULL) return(NULL);
- r = EC_POINT_copy(t, a);
- if (!r)
- {
- EC_POINT_free(t);
- return NULL;
- }
- else return t;
- }
-
-
-const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
- {
- return point->meth;
- }
-
-
-int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
- {
- if (group->meth->point_set_to_infinity == 0)
- {
- ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->point_set_to_infinity(group, point);
- }
-
-
-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
- {
- if (group->meth->point_set_Jprojective_coordinates_GFp == 0)
- {
- ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
- }
-
-
-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
- {
- if (group->meth->point_get_Jprojective_coordinates_GFp == 0)
- {
- ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
- }
-
-
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
- {
- if (group->meth->point_set_affine_coordinates == 0)
- {
- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
- }
-
-
-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
- {
- if (group->meth->point_set_affine_coordinates == 0)
- {
- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
- }
-
-
-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
- BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
- {
- if (group->meth->point_get_affine_coordinates == 0)
- {
- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
- }
-
-
-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point,
- BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
- {
- if (group->meth->point_get_affine_coordinates == 0)
- {
- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
- }
-
-
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
- const BIGNUM *x, int y_bit, BN_CTX *ctx)
- {
- if (group->meth->point_set_compressed_coordinates == 0)
- {
- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
- }
-
-
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
- const BIGNUM *x, int y_bit, BN_CTX *ctx)
- {
- if (group->meth->point_set_compressed_coordinates == 0)
- {
- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
- }
-
-
-size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
- unsigned char *buf, size_t len, BN_CTX *ctx)
- {
- if (group->meth->point2oct == 0)
- {
- ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->point2oct(group, point, form, buf, len, ctx);
- }
-
-
-int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
- const unsigned char *buf, size_t len, BN_CTX *ctx)
- {
- if (group->meth->oct2point == 0)
- {
- ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->oct2point(group, point, buf, len, ctx);
- }
-
-
-int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
- {
- if (group->meth->add == 0)
- {
- ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth))
- {
- ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->add(group, r, a, b, ctx);
- }
-
-
-int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
- {
- if (group->meth->dbl == 0)
- {
- ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if ((group->meth != r->meth) || (r->meth != a->meth))
- {
- ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->dbl(group, r, a, ctx);
- }
-
-
-int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
- {
- if (group->meth->invert == 0)
- {
- ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != a->meth)
- {
- ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->invert(group, a, ctx);
- }
-
-
-int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
- {
- if (group->meth->is_at_infinity == 0)
- {
- ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->is_at_infinity(group, point);
- }
-
-
-int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
- {
- if (group->meth->is_on_curve == 0)
- {
- ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->is_on_curve(group, point, ctx);
- }
-
-
-int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
- {
- if (group->meth->point_cmp == 0)
- {
- ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return -1;
- }
- if ((group->meth != a->meth) || (a->meth != b->meth))
- {
- ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
- return -1;
- }
- return group->meth->point_cmp(group, a, b, ctx);
- }
-
-
-int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
- {
- if (group->meth->make_affine == 0)
- {
- ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- if (group->meth != point->meth)
- {
- ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- return group->meth->make_affine(group, point, ctx);
- }
-
-
-int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
- {
- size_t i;
-
- if (group->meth->points_make_affine == 0)
- {
- ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return 0;
- }
- for (i = 0; i < num; i++)
- {
- if (group->meth != points[i]->meth)
- {
- ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- }
- return group->meth->points_make_affine(group, num, points, ctx);
- }
-
-
-/* Functions for point multiplication.
- *
- * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c;
- * otherwise we dispatch through methods.
- */
-
-int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
- {
- if (group->meth->mul == 0)
- /* use default */
- return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
-
- return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
- }
-
-int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
- const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
- {
- /* just a convenient interface to EC_POINTs_mul() */
-
- const EC_POINT *points[1];
- const BIGNUM *scalars[1];
-
- points[0] = point;
- scalars[0] = p_scalar;
-
- return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx);
- }
-
-int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
- {
- if (group->meth->mul == 0)
- /* use default */
- return ec_wNAF_precompute_mult(group, ctx);
-
- if (group->meth->precompute_mult != 0)
- return group->meth->precompute_mult(group, ctx);
- else
- return 1; /* nothing to do, so report success */
- }
-
-int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
- {
- if (group->meth->mul == 0)
- /* use default */
- return ec_wNAF_have_precompute_mult(group);
-
- if (group->meth->have_precompute_mult != 0)
- return group->meth->have_precompute_mult(group);
- else
- return 0; /* cannot tell whether precomputation has been performed */
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1111 @@
+/* crypto/ec/ec_lib.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Binary polynomial ECC support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/opensslv.h>
+
+#include "ec_lcl.h"
+
+static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
+
+/* functions for EC_GROUP objects */
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
+{
+ EC_GROUP *ret;
+
+ if (meth == NULL) {
+ ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ if (meth->group_init == 0) {
+ ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return NULL;
+ }
+
+ ret = OPENSSL_malloc(sizeof *ret);
+ if (ret == NULL) {
+ ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ ret->meth = meth;
+
+ ret->extra_data = NULL;
+
+ ret->generator = NULL;
+ BN_init(&ret->order);
+ BN_init(&ret->cofactor);
+
+ ret->curve_name = 0;
+ ret->asn1_flag = 0;
+ ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
+
+ ret->seed = NULL;
+ ret->seed_len = 0;
+
+ if (!meth->group_init(ret)) {
+ OPENSSL_free(ret);
+ return NULL;
+ }
+
+ return ret;
+}
+
+void EC_GROUP_free(EC_GROUP *group)
+{
+ if (!group)
+ return;
+
+ if (group->meth->group_finish != 0)
+ group->meth->group_finish(group);
+
+ EC_EX_DATA_free_all_data(&group->extra_data);
+
+ if (group->generator != NULL)
+ EC_POINT_free(group->generator);
+ BN_free(&group->order);
+ BN_free(&group->cofactor);
+
+ if (group->seed)
+ OPENSSL_free(group->seed);
+
+ OPENSSL_free(group);
+}
+
+void EC_GROUP_clear_free(EC_GROUP *group)
+{
+ if (!group)
+ return;
+
+ if (group->meth->group_clear_finish != 0)
+ group->meth->group_clear_finish(group);
+ else if (group->meth->group_finish != 0)
+ group->meth->group_finish(group);
+
+ EC_EX_DATA_clear_free_all_data(&group->extra_data);
+
+ if (group->generator != NULL)
+ EC_POINT_clear_free(group->generator);
+ BN_clear_free(&group->order);
+ BN_clear_free(&group->cofactor);
+
+ if (group->seed) {
+ OPENSSL_cleanse(group->seed, group->seed_len);
+ OPENSSL_free(group->seed);
+ }
+
+ OPENSSL_cleanse(group, sizeof *group);
+ OPENSSL_free(group);
+}
+
+int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+ EC_EXTRA_DATA *d;
+
+ if (dest->meth->group_copy == 0) {
+ ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (dest->meth != src->meth) {
+ ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ if (dest == src)
+ return 1;
+
+ EC_EX_DATA_free_all_data(&dest->extra_data);
+
+ for (d = src->extra_data; d != NULL; d = d->next) {
+ void *t = d->dup_func(d->data);
+
+ if (t == NULL)
+ return 0;
+ if (!EC_EX_DATA_set_data
+ (&dest->extra_data, t, d->dup_func, d->free_func,
+ d->clear_free_func))
+ return 0;
+ }
+
+ if (src->generator != NULL) {
+ if (dest->generator == NULL) {
+ dest->generator = EC_POINT_new(dest);
+ if (dest->generator == NULL)
+ return 0;
+ }
+ if (!EC_POINT_copy(dest->generator, src->generator))
+ return 0;
+ } else {
+ /* src->generator == NULL */
+ if (dest->generator != NULL) {
+ EC_POINT_clear_free(dest->generator);
+ dest->generator = NULL;
+ }
+ }
+
+ if (!BN_copy(&dest->order, &src->order))
+ return 0;
+ if (!BN_copy(&dest->cofactor, &src->cofactor))
+ return 0;
+
+ dest->curve_name = src->curve_name;
+ dest->asn1_flag = src->asn1_flag;
+ dest->asn1_form = src->asn1_form;
+
+ if (src->seed) {
+ if (dest->seed)
+ OPENSSL_free(dest->seed);
+ dest->seed = OPENSSL_malloc(src->seed_len);
+ if (dest->seed == NULL)
+ return 0;
+ if (!memcpy(dest->seed, src->seed, src->seed_len))
+ return 0;
+ dest->seed_len = src->seed_len;
+ } else {
+ if (dest->seed)
+ OPENSSL_free(dest->seed);
+ dest->seed = NULL;
+ dest->seed_len = 0;
+ }
+
+ return dest->meth->group_copy(dest, src);
+}
+
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
+{
+ EC_GROUP *t = NULL;
+ int ok = 0;
+
+ if (a == NULL)
+ return NULL;
+
+ if ((t = EC_GROUP_new(a->meth)) == NULL)
+ return (NULL);
+ if (!EC_GROUP_copy(t, a))
+ goto err;
+
+ ok = 1;
+
+ err:
+ if (!ok) {
+ if (t)
+ EC_GROUP_free(t);
+ return NULL;
+ } else
+ return t;
+}
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
+{
+ return group->meth;
+}
+
+int EC_METHOD_get_field_type(const EC_METHOD *meth)
+{
+ return meth->field_type;
+}
+
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+ const BIGNUM *order, const BIGNUM *cofactor)
+{
+ if (generator == NULL) {
+ ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ if (group->generator == NULL) {
+ group->generator = EC_POINT_new(group);
+ if (group->generator == NULL)
+ return 0;
+ }
+ if (!EC_POINT_copy(group->generator, generator))
+ return 0;
+
+ if (order != NULL) {
+ if (!BN_copy(&group->order, order))
+ return 0;
+ } else
+ BN_zero(&group->order);
+
+ if (cofactor != NULL) {
+ if (!BN_copy(&group->cofactor, cofactor))
+ return 0;
+ } else
+ BN_zero(&group->cofactor);
+
+ return 1;
+}
+
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
+{
+ return group->generator;
+}
+
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
+{
+ if (!BN_copy(order, &group->order))
+ return 0;
+
+ return !BN_is_zero(order);
+}
+
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
+ BN_CTX *ctx)
+{
+ if (!BN_copy(cofactor, &group->cofactor))
+ return 0;
+
+ return !BN_is_zero(&group->cofactor);
+}
+
+void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
+{
+ group->curve_name = nid;
+}
+
+int EC_GROUP_get_curve_name(const EC_GROUP *group)
+{
+ return group->curve_name;
+}
+
+void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
+{
+ group->asn1_flag = flag;
+}
+
+int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
+{
+ return group->asn1_flag;
+}
+
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
+ point_conversion_form_t form)
+{
+ group->asn1_form = form;
+}
+
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP
+ *group)
+{
+ return group->asn1_form;
+}
+
+size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
+{
+ if (group->seed) {
+ OPENSSL_free(group->seed);
+ group->seed = NULL;
+ group->seed_len = 0;
+ }
+
+ if (!len || !p)
+ return 1;
+
+ if ((group->seed = OPENSSL_malloc(len)) == NULL)
+ return 0;
+ memcpy(group->seed, p, len);
+ group->seed_len = len;
+
+ return len;
+}
+
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
+{
+ return group->seed;
+}
+
+size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
+{
+ return group->seed_len;
+}
+
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *ctx)
+{
+ if (group->meth->group_set_curve == 0) {
+ ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ return group->meth->group_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+ BIGNUM *b, BN_CTX *ctx)
+{
+ if (group->meth->group_get_curve == 0) {
+ ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ return group->meth->group_get_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *ctx)
+{
+ if (group->meth->group_set_curve == 0) {
+ ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ return group->meth->group_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+ BIGNUM *b, BN_CTX *ctx)
+{
+ if (group->meth->group_get_curve == 0) {
+ ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ return group->meth->group_get_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_degree(const EC_GROUP *group)
+{
+ if (group->meth->group_get_degree == 0) {
+ ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ return group->meth->group_get_degree(group);
+}
+
+int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+{
+ if (group->meth->group_check_discriminant == 0) {
+ ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ return group->meth->group_check_discriminant(group, ctx);
+}
+
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
+{
+ int r = 0;
+ BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
+ BN_CTX *ctx_new = NULL;
+
+ /* compare the field types */
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
+ EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
+ return 1;
+ /* compare the curve name (if present in both) */
+ if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
+ EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
+ return 1;
+
+ if (!ctx)
+ ctx_new = ctx = BN_CTX_new();
+ if (!ctx)
+ return -1;
+
+ BN_CTX_start(ctx);
+ a1 = BN_CTX_get(ctx);
+ a2 = BN_CTX_get(ctx);
+ a3 = BN_CTX_get(ctx);
+ b1 = BN_CTX_get(ctx);
+ b2 = BN_CTX_get(ctx);
+ b3 = BN_CTX_get(ctx);
+ if (!b3) {
+ BN_CTX_end(ctx);
+ if (ctx_new)
+ BN_CTX_free(ctx);
+ return -1;
+ }
+
+ /*
+ * XXX This approach assumes that the external representation of curves
+ * over the same field type is the same.
+ */
+ if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
+ !b->meth->group_get_curve(b, b1, b2, b3, ctx))
+ r = 1;
+
+ if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
+ r = 1;
+
+ /* XXX EC_POINT_cmp() assumes that the methods are equal */
+ if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
+ EC_GROUP_get0_generator(b), ctx))
+ r = 1;
+
+ if (!r) {
+ /* compare the order and cofactor */
+ if (!EC_GROUP_get_order(a, a1, ctx) ||
+ !EC_GROUP_get_order(b, b1, ctx) ||
+ !EC_GROUP_get_cofactor(a, a2, ctx) ||
+ !EC_GROUP_get_cofactor(b, b2, ctx)) {
+ BN_CTX_end(ctx);
+ if (ctx_new)
+ BN_CTX_free(ctx);
+ return -1;
+ }
+ if (BN_cmp(a1, b1) || BN_cmp(a2, b2))
+ r = 1;
+ }
+
+ BN_CTX_end(ctx);
+ if (ctx_new)
+ BN_CTX_free(ctx);
+
+ return r;
+}
+
+/* this has 'package' visibility */
+int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
+ void *(*dup_func) (void *),
+ void (*free_func) (void *),
+ void (*clear_free_func) (void *))
+{
+ EC_EXTRA_DATA *d;
+
+ if (ex_data == NULL)
+ return 0;
+
+ for (d = *ex_data; d != NULL; d = d->next) {
+ if (d->dup_func == dup_func && d->free_func == free_func
+ && d->clear_free_func == clear_free_func) {
+ ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
+ return 0;
+ }
+ }
+
+ if (data == NULL)
+ /* no explicit entry needed */
+ return 1;
+
+ d = OPENSSL_malloc(sizeof *d);
+ if (d == NULL)
+ return 0;
+
+ d->data = data;
+ d->dup_func = dup_func;
+ d->free_func = free_func;
+ d->clear_free_func = clear_free_func;
+
+ d->next = *ex_data;
+ *ex_data = d;
+
+ return 1;
+}
+
+/* this has 'package' visibility */
+void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data,
+ void *(*dup_func) (void *),
+ void (*free_func) (void *),
+ void (*clear_free_func) (void *))
+{
+ const EC_EXTRA_DATA *d;
+
+ for (d = ex_data; d != NULL; d = d->next) {
+ if (d->dup_func == dup_func && d->free_func == free_func
+ && d->clear_free_func == clear_free_func)
+ return d->data;
+ }
+
+ return NULL;
+}
+
+/* this has 'package' visibility */
+void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data,
+ void *(*dup_func) (void *),
+ void (*free_func) (void *),
+ void (*clear_free_func) (void *))
+{
+ EC_EXTRA_DATA **p;
+
+ if (ex_data == NULL)
+ return;
+
+ for (p = ex_data; *p != NULL; p = &((*p)->next)) {
+ if ((*p)->dup_func == dup_func && (*p)->free_func == free_func
+ && (*p)->clear_free_func == clear_free_func) {
+ EC_EXTRA_DATA *next = (*p)->next;
+
+ (*p)->free_func((*p)->data);
+ OPENSSL_free(*p);
+
+ *p = next;
+ return;
+ }
+ }
+}
+
+/* this has 'package' visibility */
+void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data,
+ void *(*dup_func) (void *),
+ void (*free_func) (void *),
+ void (*clear_free_func) (void *))
+{
+ EC_EXTRA_DATA **p;
+
+ if (ex_data == NULL)
+ return;
+
+ for (p = ex_data; *p != NULL; p = &((*p)->next)) {
+ if ((*p)->dup_func == dup_func && (*p)->free_func == free_func
+ && (*p)->clear_free_func == clear_free_func) {
+ EC_EXTRA_DATA *next = (*p)->next;
+
+ (*p)->clear_free_func((*p)->data);
+ OPENSSL_free(*p);
+
+ *p = next;
+ return;
+ }
+ }
+}
+
+/* this has 'package' visibility */
+void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data)
+{
+ EC_EXTRA_DATA *d;
+
+ if (ex_data == NULL)
+ return;
+
+ d = *ex_data;
+ while (d) {
+ EC_EXTRA_DATA *next = d->next;
+
+ d->free_func(d->data);
+ OPENSSL_free(d);
+
+ d = next;
+ }
+ *ex_data = NULL;
+}
+
+/* this has 'package' visibility */
+void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data)
+{
+ EC_EXTRA_DATA *d;
+
+ if (ex_data == NULL)
+ return;
+
+ d = *ex_data;
+ while (d) {
+ EC_EXTRA_DATA *next = d->next;
+
+ d->clear_free_func(d->data);
+ OPENSSL_free(d);
+
+ d = next;
+ }
+ *ex_data = NULL;
+}
+
+/* functions for EC_POINT objects */
+
+EC_POINT *EC_POINT_new(const EC_GROUP *group)
+{
+ EC_POINT *ret;
+
+ if (group == NULL) {
+ ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ if (group->meth->point_init == 0) {
+ ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return NULL;
+ }
+
+ ret = OPENSSL_malloc(sizeof *ret);
+ if (ret == NULL) {
+ ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ ret->meth = group->meth;
+
+ if (!ret->meth->point_init(ret)) {
+ OPENSSL_free(ret);
+ return NULL;
+ }
+
+ return ret;
+}
+
+void EC_POINT_free(EC_POINT *point)
+{
+ if (!point)
+ return;
+
+ if (point->meth->point_finish != 0)
+ point->meth->point_finish(point);
+ OPENSSL_free(point);
+}
+
+void EC_POINT_clear_free(EC_POINT *point)
+{
+ if (!point)
+ return;
+
+ if (point->meth->point_clear_finish != 0)
+ point->meth->point_clear_finish(point);
+ else if (point->meth != NULL && point->meth->point_finish != 0)
+ point->meth->point_finish(point);
+ OPENSSL_cleanse(point, sizeof *point);
+ OPENSSL_free(point);
+}
+
+int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
+{
+ if (dest->meth->point_copy == 0) {
+ ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (dest->meth != src->meth) {
+ ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ if (dest == src)
+ return 1;
+ return dest->meth->point_copy(dest, src);
+}
+
+EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
+{
+ EC_POINT *t;
+ int r;
+
+ if (a == NULL)
+ return NULL;
+
+ t = EC_POINT_new(group);
+ if (t == NULL)
+ return (NULL);
+ r = EC_POINT_copy(t, a);
+ if (!r) {
+ EC_POINT_free(t);
+ return NULL;
+ } else
+ return t;
+}
+
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
+{
+ return point->meth;
+}
+
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
+{
+ if (group->meth->point_set_to_infinity == 0) {
+ ECerr(EC_F_EC_POINT_SET_TO_INFINITY,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->point_set_to_infinity(group, point);
+}
+
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+ EC_POINT *point, const BIGNUM *x,
+ const BIGNUM *y, const BIGNUM *z,
+ BN_CTX *ctx)
+{
+ if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
+ ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
+ EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x,
+ y, z, ctx);
+}
+
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+ const EC_POINT *point, BIGNUM *x,
+ BIGNUM *y, BIGNUM *z,
+ BN_CTX *ctx)
+{
+ if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
+ ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
+ EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x,
+ y, z, ctx);
+}
+
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+ EC_POINT *point, const BIGNUM *x,
+ const BIGNUM *y, BN_CTX *ctx)
+{
+ if (group->meth->point_set_affine_coordinates == 0) {
+ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
+ EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
+}
+
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
+ EC_POINT *point, const BIGNUM *x,
+ const BIGNUM *y, BN_CTX *ctx)
+{
+ if (group->meth->point_set_affine_coordinates == 0) {
+ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
+ EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
+}
+
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+ const EC_POINT *point, BIGNUM *x,
+ BIGNUM *y, BN_CTX *ctx)
+{
+ if (group->meth->point_get_affine_coordinates == 0) {
+ ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
+ EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+}
+
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+ const EC_POINT *point, BIGNUM *x,
+ BIGNUM *y, BN_CTX *ctx)
+{
+ if (group->meth->point_get_affine_coordinates == 0) {
+ ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
+ EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+}
+
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+ EC_POINT *point, const BIGNUM *x,
+ int y_bit, BN_CTX *ctx)
+{
+ if (group->meth->point_set_compressed_coordinates == 0) {
+ ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+ EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->point_set_compressed_coordinates(group, point, x,
+ y_bit, ctx);
+}
+
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+ EC_POINT *point, const BIGNUM *x,
+ int y_bit, BN_CTX *ctx)
+{
+ if (group->meth->point_set_compressed_coordinates == 0) {
+ ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
+ EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->point_set_compressed_coordinates(group, point, x,
+ y_bit, ctx);
+}
+
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
+ point_conversion_form_t form, unsigned char *buf,
+ size_t len, BN_CTX *ctx)
+{
+ if (group->meth->point2oct == 0) {
+ ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->point2oct(group, point, form, buf, len, ctx);
+}
+
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
+ const unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+ if (group->meth->oct2point == 0) {
+ ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->oct2point(group, point, buf, len, ctx);
+}
+
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+ const EC_POINT *b, BN_CTX *ctx)
+{
+ if (group->meth->add == 0) {
+ ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if ((group->meth != r->meth) || (r->meth != a->meth)
+ || (a->meth != b->meth)) {
+ ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->add(group, r, a, b, ctx);
+}
+
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+ BN_CTX *ctx)
+{
+ if (group->meth->dbl == 0) {
+ ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if ((group->meth != r->meth) || (r->meth != a->meth)) {
+ ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->dbl(group, r, a, ctx);
+}
+
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
+{
+ if (group->meth->invert == 0) {
+ ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != a->meth) {
+ ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->invert(group, a, ctx);
+}
+
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+{
+ if (group->meth->is_at_infinity == 0) {
+ ECerr(EC_F_EC_POINT_IS_AT_INFINITY,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->is_at_infinity(group, point);
+}
+
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+ BN_CTX *ctx)
+{
+ if (group->meth->is_on_curve == 0) {
+ ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->is_on_curve(group, point, ctx);
+}
+
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
+ BN_CTX *ctx)
+{
+ if (group->meth->point_cmp == 0) {
+ ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return -1;
+ }
+ if ((group->meth != a->meth) || (a->meth != b->meth)) {
+ ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
+ return -1;
+ }
+ return group->meth->point_cmp(group, a, b, ctx);
+}
+
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+{
+ if (group->meth->make_affine == 0) {
+ ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ if (group->meth != point->meth) {
+ ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ return group->meth->make_affine(group, point, ctx);
+}
+
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+ EC_POINT *points[], BN_CTX *ctx)
+{
+ size_t i;
+
+ if (group->meth->points_make_affine == 0) {
+ ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return 0;
+ }
+ for (i = 0; i < num; i++) {
+ if (group->meth != points[i]->meth) {
+ ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ }
+ return group->meth->points_make_affine(group, num, points, ctx);
+}
+
+/*
+ * Functions for point multiplication. If group->meth->mul is 0, we use the
+ * wNAF-based implementations in ec_mult.c; otherwise we dispatch through
+ * methods.
+ */
+
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+ size_t num, const EC_POINT *points[],
+ const BIGNUM *scalars[], BN_CTX *ctx)
+{
+ if (group->meth->mul == 0)
+ /* use default */
+ return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+
+ return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
+}
+
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
+ const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
+{
+ /* just a convenient interface to EC_POINTs_mul() */
+
+ const EC_POINT *points[1];
+ const BIGNUM *scalars[1];
+
+ points[0] = point;
+ scalars[0] = p_scalar;
+
+ return EC_POINTs_mul(group, r, g_scalar,
+ (point != NULL
+ && p_scalar != NULL), points, scalars, ctx);
+}
+
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+ if (group->meth->mul == 0)
+ /* use default */
+ return ec_wNAF_precompute_mult(group, ctx);
+
+ if (group->meth->precompute_mult != 0)
+ return group->meth->precompute_mult(group, ctx);
+ else
+ return 1; /* nothing to do, so report success */
+}
+
+int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
+{
+ if (group->meth->mul == 0)
+ /* use default */
+ return ec_wNAF_have_precompute_mult(group);
+
+ if (group->meth->have_precompute_mult != 0)
+ return group->meth->have_precompute_mult(group);
+ else
+ return 0; /* cannot tell whether precomputation has
+ * been performed */
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_mult.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec_mult.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_mult.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,940 +0,0 @@
-/* crypto/ec/ec_mult.c */
-/*
- * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
-#include <string.h>
-
-#include <openssl/err.h>
-
-#include "ec_lcl.h"
-
-
-/*
- * This file implements the wNAF-based interleaving multi-exponentation method
- * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>);
- * for multiplication with precomputation, we use wNAF splitting
- * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>).
- */
-
-
-
-
-/* structure for precomputed multiples of the generator */
-typedef struct ec_pre_comp_st {
- const EC_GROUP *group; /* parent EC_GROUP object */
- size_t blocksize; /* block size for wNAF splitting */
- size_t numblocks; /* max. number of blocks for which we have precomputation */
- size_t w; /* window size */
- EC_POINT **points; /* array with pre-calculated multiples of generator:
- * 'num' pointers to EC_POINT objects followed by a NULL */
- size_t num; /* numblocks * 2^(w-1) */
- int references;
-} EC_PRE_COMP;
-
-/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */
-static void *ec_pre_comp_dup(void *);
-static void ec_pre_comp_free(void *);
-static void ec_pre_comp_clear_free(void *);
-
-static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
- {
- EC_PRE_COMP *ret = NULL;
-
- if (!group)
- return NULL;
-
- ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP));
- if (!ret)
- {
- ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
- return ret;
- }
- ret->group = group;
- ret->blocksize = 8; /* default */
- ret->numblocks = 0;
- ret->w = 4; /* default */
- ret->points = NULL;
- ret->num = 0;
- ret->references = 1;
- return ret;
- }
-
-static void *ec_pre_comp_dup(void *src_)
- {
- EC_PRE_COMP *src = src_;
-
- /* no need to actually copy, these objects never change! */
-
- CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
-
- return src_;
- }
-
-static void ec_pre_comp_free(void *pre_)
- {
- int i;
- EC_PRE_COMP *pre = pre_;
-
- if (!pre)
- return;
-
- i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
- if (i > 0)
- return;
-
- if (pre->points)
- {
- EC_POINT **p;
-
- for (p = pre->points; *p != NULL; p++)
- EC_POINT_free(*p);
- OPENSSL_free(pre->points);
- }
- OPENSSL_free(pre);
- }
-
-static void ec_pre_comp_clear_free(void *pre_)
- {
- int i;
- EC_PRE_COMP *pre = pre_;
-
- if (!pre)
- return;
-
- i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
- if (i > 0)
- return;
-
- if (pre->points)
- {
- EC_POINT **p;
-
- for (p = pre->points; *p != NULL; p++)
- {
- EC_POINT_clear_free(*p);
- OPENSSL_cleanse(p, sizeof *p);
- }
- OPENSSL_free(pre->points);
- }
- OPENSSL_cleanse(pre, sizeof *pre);
- OPENSSL_free(pre);
- }
-
-
-
-
-/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
- * This is an array r[] of values that are either zero or odd with an
- * absolute value less than 2^w satisfying
- * scalar = \sum_j r[j]*2^j
- * where at most one of any w+1 consecutive digits is non-zero
- * with the exception that the most significant digit may be only
- * w-1 zeros away from that next non-zero digit.
- */
-static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
- {
- int window_val;
- int ok = 0;
- signed char *r = NULL;
- int sign = 1;
- int bit, next_bit, mask;
- size_t len = 0, j;
-
- if (BN_is_zero(scalar))
- {
- r = OPENSSL_malloc(1);
- if (!r)
- {
- ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- r[0] = 0;
- *ret_len = 1;
- return r;
- }
-
- if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */
- {
- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- bit = 1 << w; /* at most 128 */
- next_bit = bit << 1; /* at most 256 */
- mask = next_bit - 1; /* at most 255 */
-
- if (BN_is_negative(scalar))
- {
- sign = -1;
- }
-
- len = BN_num_bits(scalar);
- r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation
- * (*ret_len will be set to the actual length, i.e. at most
- * BN_num_bits(scalar) + 1) */
- if (r == NULL)
- {
- ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (scalar->d == NULL || scalar->top == 0)
- {
- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- window_val = scalar->d[0] & mask;
- j = 0;
- while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */
- {
- int digit = 0;
-
- /* 0 <= window_val <= 2^(w+1) */
-
- if (window_val & 1)
- {
- /* 0 < window_val < 2^(w+1) */
-
- if (window_val & bit)
- {
- digit = window_val - next_bit; /* -2^w < digit < 0 */
-
-#if 1 /* modified wNAF */
- if (j + w + 1 >= len)
- {
- /* special case for generating modified wNAFs:
- * no new bits will be added into window_val,
- * so using a positive digit here will decrease
- * the total length of the representation */
-
- digit = window_val & (mask >> 1); /* 0 < digit < 2^w */
- }
-#endif
- }
- else
- {
- digit = window_val; /* 0 < digit < 2^w */
- }
-
- if (digit <= -bit || digit >= bit || !(digit & 1))
- {
- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- window_val -= digit;
-
- /* now window_val is 0 or 2^(w+1) in standard wNAF generation;
- * for modified window NAFs, it may also be 2^w
- */
- if (window_val != 0 && window_val != next_bit && window_val != bit)
- {
- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- r[j++] = sign * digit;
-
- window_val >>= 1;
- window_val += bit * BN_is_bit_set(scalar, j + w);
-
- if (window_val > next_bit)
- {
- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- if (j > len + 1)
- {
- ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- len = j;
- ok = 1;
-
- err:
- if (!ok)
- {
- OPENSSL_free(r);
- r = NULL;
- }
- if (ok)
- *ret_len = len;
- return r;
- }
-
-
-/* TODO: table should be optimised for the wNAF-based implementation,
- * sometimes smaller windows will give better performance
- * (thus the boundaries should be increased)
- */
-#define EC_window_bits_for_scalar_size(b) \
- ((size_t) \
- ((b) >= 2000 ? 6 : \
- (b) >= 800 ? 5 : \
- (b) >= 300 ? 4 : \
- (b) >= 70 ? 3 : \
- (b) >= 20 ? 2 : \
- 1))
-
-/* Compute
- * \sum scalars[i]*points[i],
- * also including
- * scalar*generator
- * in the addition if scalar != NULL
- */
-int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
- size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
- {
- BN_CTX *new_ctx = NULL;
- const EC_POINT *generator = NULL;
- EC_POINT *tmp = NULL;
- size_t totalnum;
- size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */
- size_t pre_points_per_block = 0;
- size_t i, j;
- int k;
- int r_is_inverted = 0;
- int r_is_at_infinity = 1;
- size_t *wsize = NULL; /* individual window sizes */
- signed char **wNAF = NULL; /* individual wNAFs */
- size_t *wNAF_len = NULL;
- size_t max_len = 0;
- size_t num_val;
- EC_POINT **val = NULL; /* precomputation */
- EC_POINT **v;
- EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */
- const EC_PRE_COMP *pre_comp = NULL;
- int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars,
- * i.e. precomputation is not available */
- int ret = 0;
-
- if (group->meth != r->meth)
- {
- ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
-
- if ((scalar == NULL) && (num == 0))
- {
- return EC_POINT_set_to_infinity(group, r);
- }
-
- for (i = 0; i < num; i++)
- {
- if (group->meth != points[i]->meth)
- {
- ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
- }
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
- }
-
- if (scalar != NULL)
- {
- generator = EC_GROUP_get0_generator(group);
- if (generator == NULL)
- {
- ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);
- goto err;
- }
-
- /* look if we can use precomputed multiples of generator */
-
- pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);
-
- if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0))
- {
- blocksize = pre_comp->blocksize;
-
- /* determine maximum number of blocks that wNAF splitting may yield
- * (NB: maximum wNAF length is bit length plus one) */
- numblocks = (BN_num_bits(scalar) / blocksize) + 1;
-
- /* we cannot use more blocks than we have precomputation for */
- if (numblocks > pre_comp->numblocks)
- numblocks = pre_comp->numblocks;
-
- pre_points_per_block = 1u << (pre_comp->w - 1);
-
- /* check that pre_comp looks sane */
- if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block))
- {
- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
- else
- {
- /* can't use precomputation */
- pre_comp = NULL;
- numblocks = 1;
- num_scalar = 1; /* treat 'scalar' like 'num'-th element of 'scalars' */
- }
- }
-
- totalnum = num + numblocks;
-
- wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
- wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
- wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */
- val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
-
- if (!wsize || !wNAF_len || !wNAF || !val_sub)
- {
- ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- wNAF[0] = NULL; /* preliminary pivot */
-
- /* num_val will be the total number of temporarily precomputed points */
- num_val = 0;
-
- for (i = 0; i < num + num_scalar; i++)
- {
- size_t bits;
-
- bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
- wsize[i] = EC_window_bits_for_scalar_size(bits);
- num_val += 1u << (wsize[i] - 1);
- wNAF[i + 1] = NULL; /* make sure we always have a pivot */
- wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]);
- if (wNAF[i] == NULL)
- goto err;
- if (wNAF_len[i] > max_len)
- max_len = wNAF_len[i];
- }
-
- if (numblocks)
- {
- /* we go here iff scalar != NULL */
-
- if (pre_comp == NULL)
- {
- if (num_scalar != 1)
- {
- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- /* we have already generated a wNAF for 'scalar' */
- }
- else
- {
- signed char *tmp_wNAF = NULL;
- size_t tmp_len = 0;
-
- if (num_scalar != 0)
- {
- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- /* use the window size for which we have precomputation */
- wsize[num] = pre_comp->w;
- tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len);
- if (!tmp_wNAF)
- goto err;
-
- if (tmp_len <= max_len)
- {
- /* One of the other wNAFs is at least as long
- * as the wNAF belonging to the generator,
- * so wNAF splitting will not buy us anything. */
-
- numblocks = 1;
- totalnum = num + 1; /* don't use wNAF splitting */
- wNAF[num] = tmp_wNAF;
- wNAF[num + 1] = NULL;
- wNAF_len[num] = tmp_len;
- if (tmp_len > max_len)
- max_len = tmp_len;
- /* pre_comp->points starts with the points that we need here: */
- val_sub[num] = pre_comp->points;
- }
- else
- {
- /* don't include tmp_wNAF directly into wNAF array
- * - use wNAF splitting and include the blocks */
-
- signed char *pp;
- EC_POINT **tmp_points;
-
- if (tmp_len < numblocks * blocksize)
- {
- /* possibly we can do with fewer blocks than estimated */
- numblocks = (tmp_len + blocksize - 1) / blocksize;
- if (numblocks > pre_comp->numblocks)
- {
- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- totalnum = num + numblocks;
- }
-
- /* split wNAF in 'numblocks' parts */
- pp = tmp_wNAF;
- tmp_points = pre_comp->points;
-
- for (i = num; i < totalnum; i++)
- {
- if (i < totalnum - 1)
- {
- wNAF_len[i] = blocksize;
- if (tmp_len < blocksize)
- {
- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- tmp_len -= blocksize;
- }
- else
- /* last block gets whatever is left
- * (this could be more or less than 'blocksize'!) */
- wNAF_len[i] = tmp_len;
-
- wNAF[i + 1] = NULL;
- wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
- if (wNAF[i] == NULL)
- {
- ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
- OPENSSL_free(tmp_wNAF);
- goto err;
- }
- memcpy(wNAF[i], pp, wNAF_len[i]);
- if (wNAF_len[i] > max_len)
- max_len = wNAF_len[i];
-
- if (*tmp_points == NULL)
- {
- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
- OPENSSL_free(tmp_wNAF);
- goto err;
- }
- val_sub[i] = tmp_points;
- tmp_points += pre_points_per_block;
- pp += blocksize;
- }
- OPENSSL_free(tmp_wNAF);
- }
- }
- }
-
- /* All points we precompute now go into a single array 'val'.
- * 'val_sub[i]' is a pointer to the subarray for the i-th point,
- * or to a subarray of 'pre_comp->points' if we already have precomputation. */
- val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
- if (val == NULL)
- {
- ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- val[num_val] = NULL; /* pivot element */
-
- /* allocate points for precomputation */
- v = val;
- for (i = 0; i < num + num_scalar; i++)
- {
- val_sub[i] = v;
- for (j = 0; j < (1u << (wsize[i] - 1)); j++)
- {
- *v = EC_POINT_new(group);
- if (*v == NULL) goto err;
- v++;
- }
- }
- if (!(v == val + num_val))
- {
- ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if (!(tmp = EC_POINT_new(group)))
- goto err;
-
- /* prepare precomputed values:
- * val_sub[i][0] := points[i]
- * val_sub[i][1] := 3 * points[i]
- * val_sub[i][2] := 5 * points[i]
- * ...
- */
- for (i = 0; i < num + num_scalar; i++)
- {
- if (i < num)
- {
- if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err;
- }
- else
- {
- if (!EC_POINT_copy(val_sub[i][0], generator)) goto err;
- }
-
- if (wsize[i] > 1)
- {
- if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err;
- for (j = 1; j < (1u << (wsize[i] - 1)); j++)
- {
- if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;
- }
- }
- }
-
-#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */
- if (!EC_POINTs_make_affine(group, num_val, val, ctx))
- goto err;
-#endif
-
- r_is_at_infinity = 1;
-
- for (k = max_len - 1; k >= 0; k--)
- {
- if (!r_is_at_infinity)
- {
- if (!EC_POINT_dbl(group, r, r, ctx)) goto err;
- }
-
- for (i = 0; i < totalnum; i++)
- {
- if (wNAF_len[i] > (size_t)k)
- {
- int digit = wNAF[i][k];
- int is_neg;
-
- if (digit)
- {
- is_neg = digit < 0;
-
- if (is_neg)
- digit = -digit;
-
- if (is_neg != r_is_inverted)
- {
- if (!r_is_at_infinity)
- {
- if (!EC_POINT_invert(group, r, ctx)) goto err;
- }
- r_is_inverted = !r_is_inverted;
- }
-
- /* digit > 0 */
-
- if (r_is_at_infinity)
- {
- if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err;
- r_is_at_infinity = 0;
- }
- else
- {
- if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err;
- }
- }
- }
- }
- }
-
- if (r_is_at_infinity)
- {
- if (!EC_POINT_set_to_infinity(group, r)) goto err;
- }
- else
- {
- if (r_is_inverted)
- if (!EC_POINT_invert(group, r, ctx)) goto err;
- }
-
- ret = 1;
-
- err:
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- if (tmp != NULL)
- EC_POINT_free(tmp);
- if (wsize != NULL)
- OPENSSL_free(wsize);
- if (wNAF_len != NULL)
- OPENSSL_free(wNAF_len);
- if (wNAF != NULL)
- {
- signed char **w;
-
- for (w = wNAF; *w != NULL; w++)
- OPENSSL_free(*w);
-
- OPENSSL_free(wNAF);
- }
- if (val != NULL)
- {
- for (v = val; *v != NULL; v++)
- EC_POINT_clear_free(*v);
-
- OPENSSL_free(val);
- }
- if (val_sub != NULL)
- {
- OPENSSL_free(val_sub);
- }
- return ret;
- }
-
-
-/* ec_wNAF_precompute_mult()
- * creates an EC_PRE_COMP object with preprecomputed multiples of the generator
- * for use with wNAF splitting as implemented in ec_wNAF_mul().
- *
- * 'pre_comp->points' is an array of multiples of the generator
- * of the following form:
- * points[0] = generator;
- * points[1] = 3 * generator;
- * ...
- * points[2^(w-1)-1] = (2^(w-1)-1) * generator;
- * points[2^(w-1)] = 2^blocksize * generator;
- * points[2^(w-1)+1] = 3 * 2^blocksize * generator;
- * ...
- * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) * 2^(blocksize*(numblocks-2)) * generator
- * points[2^(w-1)*(numblocks-1)] = 2^(blocksize*(numblocks-1)) * generator
- * ...
- * points[2^(w-1)*numblocks-1] = (2^(w-1)) * 2^(blocksize*(numblocks-1)) * generator
- * points[2^(w-1)*numblocks] = NULL
- */
-int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
- {
- const EC_POINT *generator;
- EC_POINT *tmp_point = NULL, *base = NULL, **var;
- BN_CTX *new_ctx = NULL;
- BIGNUM *order;
- size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num;
- EC_POINT **points = NULL;
- EC_PRE_COMP *pre_comp;
- int ret = 0;
-
- /* if there is an old EC_PRE_COMP object, throw it away */
- EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);
-
- if ((pre_comp = ec_pre_comp_new(group)) == NULL)
- return 0;
-
- generator = EC_GROUP_get0_generator(group);
- if (generator == NULL)
- {
- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
- goto err;
- }
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
- }
-
- BN_CTX_start(ctx);
- order = BN_CTX_get(ctx);
- if (order == NULL) goto err;
-
- if (!EC_GROUP_get_order(group, order, ctx)) goto err;
- if (BN_is_zero(order))
- {
- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
- goto err;
- }
-
- bits = BN_num_bits(order);
- /* The following parameters mean we precompute (approximately)
- * one point per bit.
- *
- * TBD: The combination 8, 4 is perfect for 160 bits; for other
- * bit lengths, other parameter combinations might provide better
- * efficiency.
- */
- blocksize = 8;
- w = 4;
- if (EC_window_bits_for_scalar_size(bits) > w)
- {
- /* let's not make the window too small ... */
- w = EC_window_bits_for_scalar_size(bits);
- }
-
- numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */
-
- pre_points_per_block = 1u << (w - 1);
- num = pre_points_per_block * numblocks; /* number of points to compute and store */
-
- points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1));
- if (!points)
- {
- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- var = points;
- var[num] = NULL; /* pivot */
- for (i = 0; i < num; i++)
- {
- if ((var[i] = EC_POINT_new(group)) == NULL)
- {
- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
-
- if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group)))
- {
- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!EC_POINT_copy(base, generator))
- goto err;
-
- /* do the precomputation */
- for (i = 0; i < numblocks; i++)
- {
- size_t j;
-
- if (!EC_POINT_dbl(group, tmp_point, base, ctx))
- goto err;
-
- if (!EC_POINT_copy(*var++, base))
- goto err;
-
- for (j = 1; j < pre_points_per_block; j++, var++)
- {
- /* calculate odd multiples of the current base point */
- if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx))
- goto err;
- }
-
- if (i < numblocks - 1)
- {
- /* get the next base (multiply current one by 2^blocksize) */
- size_t k;
-
- if (blocksize <= 2)
- {
- ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if (!EC_POINT_dbl(group, base, tmp_point, ctx))
- goto err;
- for (k = 2; k < blocksize; k++)
- {
- if (!EC_POINT_dbl(group,base,base,ctx))
- goto err;
- }
- }
- }
-
- if (!EC_POINTs_make_affine(group, num, points, ctx))
- goto err;
-
- pre_comp->group = group;
- pre_comp->blocksize = blocksize;
- pre_comp->numblocks = numblocks;
- pre_comp->w = w;
- pre_comp->points = points;
- points = NULL;
- pre_comp->num = num;
-
- if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp,
- ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free))
- goto err;
- pre_comp = NULL;
-
- ret = 1;
- err:
- if (ctx != NULL)
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- if (pre_comp)
- ec_pre_comp_free(pre_comp);
- if (points)
- {
- EC_POINT **p;
-
- for (p = points; *p != NULL; p++)
- EC_POINT_free(*p);
- OPENSSL_free(points);
- }
- if (tmp_point)
- EC_POINT_free(tmp_point);
- if (base)
- EC_POINT_free(base);
- return ret;
- }
-
-
-int ec_wNAF_have_precompute_mult(const EC_GROUP *group)
- {
- if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL)
- return 1;
- else
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_mult.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec_mult.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_mult.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_mult.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,911 @@
+/* crypto/ec/ec_mult.c */
+/*
+ * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <string.h>
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+/*
+ * This file implements the wNAF-based interleaving multi-exponentation method
+ * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>);
+ * for multiplication with precomputation, we use wNAF splitting
+ * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>).
+ */
+
+/* structure for precomputed multiples of the generator */
+typedef struct ec_pre_comp_st {
+ const EC_GROUP *group; /* parent EC_GROUP object */
+ size_t blocksize; /* block size for wNAF splitting */
+ size_t numblocks; /* max. number of blocks for which we have
+ * precomputation */
+ size_t w; /* window size */
+ EC_POINT **points; /* array with pre-calculated multiples of
+ * generator: 'num' pointers to EC_POINT
+ * objects followed by a NULL */
+ size_t num; /* numblocks * 2^(w-1) */
+ int references;
+} EC_PRE_COMP;
+
+/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */
+static void *ec_pre_comp_dup(void *);
+static void ec_pre_comp_free(void *);
+static void ec_pre_comp_clear_free(void *);
+
+static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
+{
+ EC_PRE_COMP *ret = NULL;
+
+ if (!group)
+ return NULL;
+
+ ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP));
+ if (!ret) {
+ ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+ return ret;
+ }
+ ret->group = group;
+ ret->blocksize = 8; /* default */
+ ret->numblocks = 0;
+ ret->w = 4; /* default */
+ ret->points = NULL;
+ ret->num = 0;
+ ret->references = 1;
+ return ret;
+}
+
+static void *ec_pre_comp_dup(void *src_)
+{
+ EC_PRE_COMP *src = src_;
+
+ /* no need to actually copy, these objects never change! */
+
+ CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
+
+ return src_;
+}
+
+static void ec_pre_comp_free(void *pre_)
+{
+ int i;
+ EC_PRE_COMP *pre = pre_;
+
+ if (!pre)
+ return;
+
+ i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
+ if (i > 0)
+ return;
+
+ if (pre->points) {
+ EC_POINT **p;
+
+ for (p = pre->points; *p != NULL; p++)
+ EC_POINT_free(*p);
+ OPENSSL_free(pre->points);
+ }
+ OPENSSL_free(pre);
+}
+
+static void ec_pre_comp_clear_free(void *pre_)
+{
+ int i;
+ EC_PRE_COMP *pre = pre_;
+
+ if (!pre)
+ return;
+
+ i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
+ if (i > 0)
+ return;
+
+ if (pre->points) {
+ EC_POINT **p;
+
+ for (p = pre->points; *p != NULL; p++) {
+ EC_POINT_clear_free(*p);
+ OPENSSL_cleanse(p, sizeof *p);
+ }
+ OPENSSL_free(pre->points);
+ }
+ OPENSSL_cleanse(pre, sizeof *pre);
+ OPENSSL_free(pre);
+}
+
+/*-
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array r[] of values that are either zero or odd with an
+ * absolute value less than 2^w satisfying
+ * scalar = \sum_j r[j]*2^j
+ * where at most one of any w+1 consecutive digits is non-zero
+ * with the exception that the most significant digit may be only
+ * w-1 zeros away from that next non-zero digit.
+ */
+static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
+{
+ int window_val;
+ int ok = 0;
+ signed char *r = NULL;
+ int sign = 1;
+ int bit, next_bit, mask;
+ size_t len = 0, j;
+
+ if (BN_is_zero(scalar)) {
+ r = OPENSSL_malloc(1);
+ if (!r) {
+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ r[0] = 0;
+ *ret_len = 1;
+ return r;
+ }
+
+ if (w <= 0 || w > 7) { /* 'signed char' can represent integers with
+ * absolute values less than 2^7 */
+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ bit = 1 << w; /* at most 128 */
+ next_bit = bit << 1; /* at most 256 */
+ mask = next_bit - 1; /* at most 255 */
+
+ if (BN_is_negative(scalar)) {
+ sign = -1;
+ }
+
+ len = BN_num_bits(scalar);
+ r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer
+ * than binary representation (*ret_len will
+ * be set to the actual length, i.e. at most
+ * BN_num_bits(scalar) + 1) */
+ if (r == NULL) {
+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (scalar->d == NULL || scalar->top == 0) {
+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ window_val = scalar->d[0] & mask;
+ j = 0;
+ while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len,
+ * window_val will not
+ * increase */
+ int digit = 0;
+
+ /* 0 <= window_val <= 2^(w+1) */
+
+ if (window_val & 1) {
+ /* 0 < window_val < 2^(w+1) */
+
+ if (window_val & bit) {
+ digit = window_val - next_bit; /* -2^w < digit < 0 */
+
+#if 1 /* modified wNAF */
+ if (j + w + 1 >= len) {
+ /*
+ * special case for generating modified wNAFs: no new
+ * bits will be added into window_val, so using a
+ * positive digit here will decrease the total length of
+ * the representation
+ */
+
+ digit = window_val & (mask >> 1); /* 0 < digit < 2^w */
+ }
+#endif
+ } else {
+ digit = window_val; /* 0 < digit < 2^w */
+ }
+
+ if (digit <= -bit || digit >= bit || !(digit & 1)) {
+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ window_val -= digit;
+
+ /*
+ * now window_val is 0 or 2^(w+1) in standard wNAF generation;
+ * for modified window NAFs, it may also be 2^w
+ */
+ if (window_val != 0 && window_val != next_bit
+ && window_val != bit) {
+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ r[j++] = sign * digit;
+
+ window_val >>= 1;
+ window_val += bit * BN_is_bit_set(scalar, j + w);
+
+ if (window_val > next_bit) {
+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (j > len + 1) {
+ ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ len = j;
+ ok = 1;
+
+ err:
+ if (!ok) {
+ OPENSSL_free(r);
+ r = NULL;
+ }
+ if (ok)
+ *ret_len = len;
+ return r;
+}
+
+/*
+ * TODO: table should be optimised for the wNAF-based implementation,
+ * sometimes smaller windows will give better performance (thus the
+ * boundaries should be increased)
+ */
+#define EC_window_bits_for_scalar_size(b) \
+ ((size_t) \
+ ((b) >= 2000 ? 6 : \
+ (b) >= 800 ? 5 : \
+ (b) >= 300 ? 4 : \
+ (b) >= 70 ? 3 : \
+ (b) >= 20 ? 2 : \
+ 1))
+
+/*-
+ * Compute
+ * \sum scalars[i]*points[i],
+ * also including
+ * scalar*generator
+ * in the addition if scalar != NULL
+ */
+int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+ size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+ BN_CTX *ctx)
+{
+ BN_CTX *new_ctx = NULL;
+ const EC_POINT *generator = NULL;
+ EC_POINT *tmp = NULL;
+ size_t totalnum;
+ size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */
+ size_t pre_points_per_block = 0;
+ size_t i, j;
+ int k;
+ int r_is_inverted = 0;
+ int r_is_at_infinity = 1;
+ size_t *wsize = NULL; /* individual window sizes */
+ signed char **wNAF = NULL; /* individual wNAFs */
+ size_t *wNAF_len = NULL;
+ size_t max_len = 0;
+ size_t num_val;
+ EC_POINT **val = NULL; /* precomputation */
+ EC_POINT **v;
+ EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or
+ * 'pre_comp->points' */
+ const EC_PRE_COMP *pre_comp = NULL;
+ int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be
+ * treated like other scalars, i.e.
+ * precomputation is not available */
+ int ret = 0;
+
+ if (group->meth != r->meth) {
+ ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+
+ if ((scalar == NULL) && (num == 0)) {
+ return EC_POINT_set_to_infinity(group, r);
+ }
+
+ for (i = 0; i < num; i++) {
+ if (group->meth != points[i]->meth) {
+ ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+ }
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ }
+
+ if (scalar != NULL) {
+ generator = EC_GROUP_get0_generator(group);
+ if (generator == NULL) {
+ ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);
+ goto err;
+ }
+
+ /* look if we can use precomputed multiples of generator */
+
+ pre_comp =
+ EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup,
+ ec_pre_comp_free, ec_pre_comp_clear_free);
+
+ if (pre_comp && pre_comp->numblocks
+ && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) ==
+ 0)) {
+ blocksize = pre_comp->blocksize;
+
+ /*
+ * determine maximum number of blocks that wNAF splitting may
+ * yield (NB: maximum wNAF length is bit length plus one)
+ */
+ numblocks = (BN_num_bits(scalar) / blocksize) + 1;
+
+ /*
+ * we cannot use more blocks than we have precomputation for
+ */
+ if (numblocks > pre_comp->numblocks)
+ numblocks = pre_comp->numblocks;
+
+ pre_points_per_block = 1u << (pre_comp->w - 1);
+
+ /* check that pre_comp looks sane */
+ if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) {
+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ } else {
+ /* can't use precomputation */
+ pre_comp = NULL;
+ numblocks = 1;
+ num_scalar = 1; /* treat 'scalar' like 'num'-th element of
+ * 'scalars' */
+ }
+ }
+
+ totalnum = num + numblocks;
+
+ wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
+ wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
+ wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space
+ * for pivot */
+ val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
+
+ if (!wsize || !wNAF_len || !wNAF || !val_sub) {
+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ wNAF[0] = NULL; /* preliminary pivot */
+
+ /*
+ * num_val will be the total number of temporarily precomputed points
+ */
+ num_val = 0;
+
+ for (i = 0; i < num + num_scalar; i++) {
+ size_t bits;
+
+ bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
+ wsize[i] = EC_window_bits_for_scalar_size(bits);
+ num_val += 1u << (wsize[i] - 1);
+ wNAF[i + 1] = NULL; /* make sure we always have a pivot */
+ wNAF[i] =
+ compute_wNAF((i < num ? scalars[i] : scalar), wsize[i],
+ &wNAF_len[i]);
+ if (wNAF[i] == NULL)
+ goto err;
+ if (wNAF_len[i] > max_len)
+ max_len = wNAF_len[i];
+ }
+
+ if (numblocks) {
+ /* we go here iff scalar != NULL */
+
+ if (pre_comp == NULL) {
+ if (num_scalar != 1) {
+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ /* we have already generated a wNAF for 'scalar' */
+ } else {
+ signed char *tmp_wNAF = NULL;
+ size_t tmp_len = 0;
+
+ if (num_scalar != 0) {
+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /*
+ * use the window size for which we have precomputation
+ */
+ wsize[num] = pre_comp->w;
+ tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len);
+ if (!tmp_wNAF)
+ goto err;
+
+ if (tmp_len <= max_len) {
+ /*
+ * One of the other wNAFs is at least as long as the wNAF
+ * belonging to the generator, so wNAF splitting will not buy
+ * us anything.
+ */
+
+ numblocks = 1;
+ totalnum = num + 1; /* don't use wNAF splitting */
+ wNAF[num] = tmp_wNAF;
+ wNAF[num + 1] = NULL;
+ wNAF_len[num] = tmp_len;
+ if (tmp_len > max_len)
+ max_len = tmp_len;
+ /*
+ * pre_comp->points starts with the points that we need here:
+ */
+ val_sub[num] = pre_comp->points;
+ } else {
+ /*
+ * don't include tmp_wNAF directly into wNAF array - use wNAF
+ * splitting and include the blocks
+ */
+
+ signed char *pp;
+ EC_POINT **tmp_points;
+
+ if (tmp_len < numblocks * blocksize) {
+ /*
+ * possibly we can do with fewer blocks than estimated
+ */
+ numblocks = (tmp_len + blocksize - 1) / blocksize;
+ if (numblocks > pre_comp->numblocks) {
+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ totalnum = num + numblocks;
+ }
+
+ /* split wNAF in 'numblocks' parts */
+ pp = tmp_wNAF;
+ tmp_points = pre_comp->points;
+
+ for (i = num; i < totalnum; i++) {
+ if (i < totalnum - 1) {
+ wNAF_len[i] = blocksize;
+ if (tmp_len < blocksize) {
+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ tmp_len -= blocksize;
+ } else
+ /*
+ * last block gets whatever is left (this could be
+ * more or less than 'blocksize'!)
+ */
+ wNAF_len[i] = tmp_len;
+
+ wNAF[i + 1] = NULL;
+ wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
+ if (wNAF[i] == NULL) {
+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(tmp_wNAF);
+ goto err;
+ }
+ memcpy(wNAF[i], pp, wNAF_len[i]);
+ if (wNAF_len[i] > max_len)
+ max_len = wNAF_len[i];
+
+ if (*tmp_points == NULL) {
+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+ OPENSSL_free(tmp_wNAF);
+ goto err;
+ }
+ val_sub[i] = tmp_points;
+ tmp_points += pre_points_per_block;
+ pp += blocksize;
+ }
+ OPENSSL_free(tmp_wNAF);
+ }
+ }
+ }
+
+ /*
+ * All points we precompute now go into a single array 'val'.
+ * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a
+ * subarray of 'pre_comp->points' if we already have precomputation.
+ */
+ val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
+ if (val == NULL) {
+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ val[num_val] = NULL; /* pivot element */
+
+ /* allocate points for precomputation */
+ v = val;
+ for (i = 0; i < num + num_scalar; i++) {
+ val_sub[i] = v;
+ for (j = 0; j < (1u << (wsize[i] - 1)); j++) {
+ *v = EC_POINT_new(group);
+ if (*v == NULL)
+ goto err;
+ v++;
+ }
+ }
+ if (!(v == val + num_val)) {
+ ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (!(tmp = EC_POINT_new(group)))
+ goto err;
+
+ /*-
+ * prepare precomputed values:
+ * val_sub[i][0] := points[i]
+ * val_sub[i][1] := 3 * points[i]
+ * val_sub[i][2] := 5 * points[i]
+ * ...
+ */
+ for (i = 0; i < num + num_scalar; i++) {
+ if (i < num) {
+ if (!EC_POINT_copy(val_sub[i][0], points[i]))
+ goto err;
+ } else {
+ if (!EC_POINT_copy(val_sub[i][0], generator))
+ goto err;
+ }
+
+ if (wsize[i] > 1) {
+ if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx))
+ goto err;
+ for (j = 1; j < (1u << (wsize[i] - 1)); j++) {
+ if (!EC_POINT_add
+ (group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx))
+ goto err;
+ }
+ }
+ }
+
+#if 1 /* optional; EC_window_bits_for_scalar_size
+ * assumes we do this step */
+ if (!EC_POINTs_make_affine(group, num_val, val, ctx))
+ goto err;
+#endif
+
+ r_is_at_infinity = 1;
+
+ for (k = max_len - 1; k >= 0; k--) {
+ if (!r_is_at_infinity) {
+ if (!EC_POINT_dbl(group, r, r, ctx))
+ goto err;
+ }
+
+ for (i = 0; i < totalnum; i++) {
+ if (wNAF_len[i] > (size_t)k) {
+ int digit = wNAF[i][k];
+ int is_neg;
+
+ if (digit) {
+ is_neg = digit < 0;
+
+ if (is_neg)
+ digit = -digit;
+
+ if (is_neg != r_is_inverted) {
+ if (!r_is_at_infinity) {
+ if (!EC_POINT_invert(group, r, ctx))
+ goto err;
+ }
+ r_is_inverted = !r_is_inverted;
+ }
+
+ /* digit > 0 */
+
+ if (r_is_at_infinity) {
+ if (!EC_POINT_copy(r, val_sub[i][digit >> 1]))
+ goto err;
+ r_is_at_infinity = 0;
+ } else {
+ if (!EC_POINT_add
+ (group, r, r, val_sub[i][digit >> 1], ctx))
+ goto err;
+ }
+ }
+ }
+ }
+ }
+
+ if (r_is_at_infinity) {
+ if (!EC_POINT_set_to_infinity(group, r))
+ goto err;
+ } else {
+ if (r_is_inverted)
+ if (!EC_POINT_invert(group, r, ctx))
+ goto err;
+ }
+
+ ret = 1;
+
+ err:
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ if (tmp != NULL)
+ EC_POINT_free(tmp);
+ if (wsize != NULL)
+ OPENSSL_free(wsize);
+ if (wNAF_len != NULL)
+ OPENSSL_free(wNAF_len);
+ if (wNAF != NULL) {
+ signed char **w;
+
+ for (w = wNAF; *w != NULL; w++)
+ OPENSSL_free(*w);
+
+ OPENSSL_free(wNAF);
+ }
+ if (val != NULL) {
+ for (v = val; *v != NULL; v++)
+ EC_POINT_clear_free(*v);
+
+ OPENSSL_free(val);
+ }
+ if (val_sub != NULL) {
+ OPENSSL_free(val_sub);
+ }
+ return ret;
+}
+
+/*-
+ * ec_wNAF_precompute_mult()
+ * creates an EC_PRE_COMP object with preprecomputed multiples of the generator
+ * for use with wNAF splitting as implemented in ec_wNAF_mul().
+ *
+ * 'pre_comp->points' is an array of multiples of the generator
+ * of the following form:
+ * points[0] = generator;
+ * points[1] = 3 * generator;
+ * ...
+ * points[2^(w-1)-1] = (2^(w-1)-1) * generator;
+ * points[2^(w-1)] = 2^blocksize * generator;
+ * points[2^(w-1)+1] = 3 * 2^blocksize * generator;
+ * ...
+ * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) * 2^(blocksize*(numblocks-2)) * generator
+ * points[2^(w-1)*(numblocks-1)] = 2^(blocksize*(numblocks-1)) * generator
+ * ...
+ * points[2^(w-1)*numblocks-1] = (2^(w-1)) * 2^(blocksize*(numblocks-1)) * generator
+ * points[2^(w-1)*numblocks] = NULL
+ */
+int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+ const EC_POINT *generator;
+ EC_POINT *tmp_point = NULL, *base = NULL, **var;
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *order;
+ size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num;
+ EC_POINT **points = NULL;
+ EC_PRE_COMP *pre_comp;
+ int ret = 0;
+
+ /* if there is an old EC_PRE_COMP object, throw it away */
+ EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup,
+ ec_pre_comp_free, ec_pre_comp_clear_free);
+
+ if ((pre_comp = ec_pre_comp_new(group)) == NULL)
+ return 0;
+
+ generator = EC_GROUP_get0_generator(group);
+ if (generator == NULL) {
+ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
+ goto err;
+ }
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ }
+
+ BN_CTX_start(ctx);
+ order = BN_CTX_get(ctx);
+ if (order == NULL)
+ goto err;
+
+ if (!EC_GROUP_get_order(group, order, ctx))
+ goto err;
+ if (BN_is_zero(order)) {
+ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
+ goto err;
+ }
+
+ bits = BN_num_bits(order);
+ /*
+ * The following parameters mean we precompute (approximately) one point
+ * per bit. TBD: The combination 8, 4 is perfect for 160 bits; for other
+ * bit lengths, other parameter combinations might provide better
+ * efficiency.
+ */
+ blocksize = 8;
+ w = 4;
+ if (EC_window_bits_for_scalar_size(bits) > w) {
+ /* let's not make the window too small ... */
+ w = EC_window_bits_for_scalar_size(bits);
+ }
+
+ numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks
+ * to use for wNAF
+ * splitting */
+
+ pre_points_per_block = 1u << (w - 1);
+ num = pre_points_per_block * numblocks; /* number of points to compute
+ * and store */
+
+ points = OPENSSL_malloc(sizeof(EC_POINT *) * (num + 1));
+ if (!points) {
+ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ var = points;
+ var[num] = NULL; /* pivot */
+ for (i = 0; i < num; i++) {
+ if ((var[i] = EC_POINT_new(group)) == NULL) {
+ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+
+ if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) {
+ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!EC_POINT_copy(base, generator))
+ goto err;
+
+ /* do the precomputation */
+ for (i = 0; i < numblocks; i++) {
+ size_t j;
+
+ if (!EC_POINT_dbl(group, tmp_point, base, ctx))
+ goto err;
+
+ if (!EC_POINT_copy(*var++, base))
+ goto err;
+
+ for (j = 1; j < pre_points_per_block; j++, var++) {
+ /*
+ * calculate odd multiples of the current base point
+ */
+ if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx))
+ goto err;
+ }
+
+ if (i < numblocks - 1) {
+ /*
+ * get the next base (multiply current one by 2^blocksize)
+ */
+ size_t k;
+
+ if (blocksize <= 2) {
+ ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (!EC_POINT_dbl(group, base, tmp_point, ctx))
+ goto err;
+ for (k = 2; k < blocksize; k++) {
+ if (!EC_POINT_dbl(group, base, base, ctx))
+ goto err;
+ }
+ }
+ }
+
+ if (!EC_POINTs_make_affine(group, num, points, ctx))
+ goto err;
+
+ pre_comp->group = group;
+ pre_comp->blocksize = blocksize;
+ pre_comp->numblocks = numblocks;
+ pre_comp->w = w;
+ pre_comp->points = points;
+ points = NULL;
+ pre_comp->num = num;
+
+ if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp,
+ ec_pre_comp_dup, ec_pre_comp_free,
+ ec_pre_comp_clear_free))
+ goto err;
+ pre_comp = NULL;
+
+ ret = 1;
+ err:
+ if (ctx != NULL)
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ if (pre_comp)
+ ec_pre_comp_free(pre_comp);
+ if (points) {
+ EC_POINT **p;
+
+ for (p = points; *p != NULL; p++)
+ EC_POINT_free(*p);
+ OPENSSL_free(points);
+ }
+ if (tmp_point)
+ EC_POINT_free(tmp_point);
+ if (base)
+ EC_POINT_free(base);
+ return ret;
+}
+
+int ec_wNAF_have_precompute_mult(const EC_GROUP *group)
+{
+ if (EC_EX_DATA_get_data
+ (group->extra_data, ec_pre_comp_dup, ec_pre_comp_free,
+ ec_pre_comp_clear_free) != NULL)
+ return 1;
+ else
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_print.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ec_print.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_print.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,195 +0,0 @@
-/* crypto/ec/ec_print.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/crypto.h>
-#include "ec_lcl.h"
-
-BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,
- const EC_POINT *point,
- point_conversion_form_t form,
- BIGNUM *ret,
- BN_CTX *ctx)
- {
- size_t buf_len=0;
- unsigned char *buf;
-
- buf_len = EC_POINT_point2oct(group, point, form,
- NULL, 0, ctx);
- if (buf_len == 0)
- return NULL;
-
- if ((buf = OPENSSL_malloc(buf_len)) == NULL)
- return NULL;
-
- if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx))
- {
- OPENSSL_free(buf);
- return NULL;
- }
-
- ret = BN_bin2bn(buf, buf_len, ret);
-
- OPENSSL_free(buf);
-
- return ret;
-}
-
-EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
- const BIGNUM *bn,
- EC_POINT *point,
- BN_CTX *ctx)
- {
- size_t buf_len=0;
- unsigned char *buf;
- EC_POINT *ret;
-
- if ((buf_len = BN_num_bytes(bn)) == 0) return NULL;
- buf = OPENSSL_malloc(buf_len);
- if (buf == NULL)
- return NULL;
-
- if (!BN_bn2bin(bn, buf))
- {
- OPENSSL_free(buf);
- return NULL;
- }
-
- if (point == NULL)
- {
- if ((ret = EC_POINT_new(group)) == NULL)
- {
- OPENSSL_free(buf);
- return NULL;
- }
- }
- else
- ret = point;
-
- if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx))
- {
- if (point == NULL)
- EC_POINT_clear_free(ret);
- OPENSSL_free(buf);
- return NULL;
- }
-
- OPENSSL_free(buf);
- return ret;
- }
-
-static const char *HEX_DIGITS = "0123456789ABCDEF";
-
-/* the return value must be freed (using OPENSSL_free()) */
-char *EC_POINT_point2hex(const EC_GROUP *group,
- const EC_POINT *point,
- point_conversion_form_t form,
- BN_CTX *ctx)
- {
- char *ret, *p;
- size_t buf_len=0,i;
- unsigned char *buf, *pbuf;
-
- buf_len = EC_POINT_point2oct(group, point, form,
- NULL, 0, ctx);
- if (buf_len == 0)
- return NULL;
-
- if ((buf = OPENSSL_malloc(buf_len)) == NULL)
- return NULL;
-
- if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx))
- {
- OPENSSL_free(buf);
- return NULL;
- }
-
- ret = (char *)OPENSSL_malloc(buf_len*2+2);
- if (ret == NULL)
- {
- OPENSSL_free(buf);
- return NULL;
- }
- p = ret;
- pbuf = buf;
- for (i=buf_len; i > 0; i--)
- {
- int v = (int) *(pbuf++);
- *(p++)=HEX_DIGITS[v>>4];
- *(p++)=HEX_DIGITS[v&0x0F];
- }
- *p='\0';
-
- OPENSSL_free(buf);
-
- return ret;
- }
-
-EC_POINT *EC_POINT_hex2point(const EC_GROUP *group,
- const char *buf,
- EC_POINT *point,
- BN_CTX *ctx)
- {
- EC_POINT *ret=NULL;
- BIGNUM *tmp_bn=NULL;
-
- if (!BN_hex2bn(&tmp_bn, buf))
- return NULL;
-
- ret = EC_POINT_bn2point(group, tmp_bn, point, ctx);
-
- BN_clear_free(tmp_bn);
-
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_print.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ec_print.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_print.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ec_print.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,179 @@
+/* crypto/ec/ec_print.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "ec_lcl.h"
+
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,
+ const EC_POINT *point,
+ point_conversion_form_t form,
+ BIGNUM *ret, BN_CTX *ctx)
+{
+ size_t buf_len = 0;
+ unsigned char *buf;
+
+ buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx);
+ if (buf_len == 0)
+ return NULL;
+
+ if ((buf = OPENSSL_malloc(buf_len)) == NULL)
+ return NULL;
+
+ if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) {
+ OPENSSL_free(buf);
+ return NULL;
+ }
+
+ ret = BN_bin2bn(buf, buf_len, ret);
+
+ OPENSSL_free(buf);
+
+ return ret;
+}
+
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
+ const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx)
+{
+ size_t buf_len = 0;
+ unsigned char *buf;
+ EC_POINT *ret;
+
+ if ((buf_len = BN_num_bytes(bn)) == 0)
+ return NULL;
+ buf = OPENSSL_malloc(buf_len);
+ if (buf == NULL)
+ return NULL;
+
+ if (!BN_bn2bin(bn, buf)) {
+ OPENSSL_free(buf);
+ return NULL;
+ }
+
+ if (point == NULL) {
+ if ((ret = EC_POINT_new(group)) == NULL) {
+ OPENSSL_free(buf);
+ return NULL;
+ }
+ } else
+ ret = point;
+
+ if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) {
+ if (point == NULL)
+ EC_POINT_clear_free(ret);
+ OPENSSL_free(buf);
+ return NULL;
+ }
+
+ OPENSSL_free(buf);
+ return ret;
+}
+
+static const char *HEX_DIGITS = "0123456789ABCDEF";
+
+/* the return value must be freed (using OPENSSL_free()) */
+char *EC_POINT_point2hex(const EC_GROUP *group,
+ const EC_POINT *point,
+ point_conversion_form_t form, BN_CTX *ctx)
+{
+ char *ret, *p;
+ size_t buf_len = 0, i;
+ unsigned char *buf, *pbuf;
+
+ buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx);
+ if (buf_len == 0)
+ return NULL;
+
+ if ((buf = OPENSSL_malloc(buf_len)) == NULL)
+ return NULL;
+
+ if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) {
+ OPENSSL_free(buf);
+ return NULL;
+ }
+
+ ret = (char *)OPENSSL_malloc(buf_len * 2 + 2);
+ if (ret == NULL) {
+ OPENSSL_free(buf);
+ return NULL;
+ }
+ p = ret;
+ pbuf = buf;
+ for (i = buf_len; i > 0; i--) {
+ int v = (int)*(pbuf++);
+ *(p++) = HEX_DIGITS[v >> 4];
+ *(p++) = HEX_DIGITS[v & 0x0F];
+ }
+ *p = '\0';
+
+ OPENSSL_free(buf);
+
+ return ret;
+}
+
+EC_POINT *EC_POINT_hex2point(const EC_GROUP *group,
+ const char *buf, EC_POINT *point, BN_CTX *ctx)
+{
+ EC_POINT *ret = NULL;
+ BIGNUM *tmp_bn = NULL;
+
+ if (!BN_hex2bn(&tmp_bn, buf))
+ return NULL;
+
+ ret = EC_POINT_bn2point(group, tmp_bn, point, ctx);
+
+ BN_clear_free(tmp_bn);
+
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_mont.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ecp_mont.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_mont.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,315 +0,0 @@
-/* crypto/ec/ecp_mont.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
-#include <openssl/err.h>
-
-#include "ec_lcl.h"
-
-
-const EC_METHOD *EC_GFp_mont_method(void)
- {
- static const EC_METHOD ret = {
- NID_X9_62_prime_field,
- ec_GFp_mont_group_init,
- ec_GFp_mont_group_finish,
- ec_GFp_mont_group_clear_finish,
- ec_GFp_mont_group_copy,
- ec_GFp_mont_group_set_curve,
- ec_GFp_simple_group_get_curve,
- ec_GFp_simple_group_get_degree,
- ec_GFp_simple_group_check_discriminant,
- ec_GFp_simple_point_init,
- ec_GFp_simple_point_finish,
- ec_GFp_simple_point_clear_finish,
- ec_GFp_simple_point_copy,
- ec_GFp_simple_point_set_to_infinity,
- ec_GFp_simple_set_Jprojective_coordinates_GFp,
- ec_GFp_simple_get_Jprojective_coordinates_GFp,
- ec_GFp_simple_point_set_affine_coordinates,
- ec_GFp_simple_point_get_affine_coordinates,
- ec_GFp_simple_set_compressed_coordinates,
- ec_GFp_simple_point2oct,
- ec_GFp_simple_oct2point,
- ec_GFp_simple_add,
- ec_GFp_simple_dbl,
- ec_GFp_simple_invert,
- ec_GFp_simple_is_at_infinity,
- ec_GFp_simple_is_on_curve,
- ec_GFp_simple_cmp,
- ec_GFp_simple_make_affine,
- ec_GFp_simple_points_make_affine,
- 0 /* mul */,
- 0 /* precompute_mult */,
- 0 /* have_precompute_mult */,
- ec_GFp_mont_field_mul,
- ec_GFp_mont_field_sqr,
- 0 /* field_div */,
- ec_GFp_mont_field_encode,
- ec_GFp_mont_field_decode,
- ec_GFp_mont_field_set_to_one };
-
- return &ret;
- }
-
-
-int ec_GFp_mont_group_init(EC_GROUP *group)
- {
- int ok;
-
- ok = ec_GFp_simple_group_init(group);
- group->field_data1 = NULL;
- group->field_data2 = NULL;
- return ok;
- }
-
-
-void ec_GFp_mont_group_finish(EC_GROUP *group)
- {
- if (group->field_data1 != NULL)
- {
- BN_MONT_CTX_free(group->field_data1);
- group->field_data1 = NULL;
- }
- if (group->field_data2 != NULL)
- {
- BN_free(group->field_data2);
- group->field_data2 = NULL;
- }
- ec_GFp_simple_group_finish(group);
- }
-
-
-void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
- {
- if (group->field_data1 != NULL)
- {
- BN_MONT_CTX_free(group->field_data1);
- group->field_data1 = NULL;
- }
- if (group->field_data2 != NULL)
- {
- BN_clear_free(group->field_data2);
- group->field_data2 = NULL;
- }
- ec_GFp_simple_group_clear_finish(group);
- }
-
-
-int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
- {
- if (dest->field_data1 != NULL)
- {
- BN_MONT_CTX_free(dest->field_data1);
- dest->field_data1 = NULL;
- }
- if (dest->field_data2 != NULL)
- {
- BN_clear_free(dest->field_data2);
- dest->field_data2 = NULL;
- }
-
- if (!ec_GFp_simple_group_copy(dest, src)) return 0;
-
- if (src->field_data1 != NULL)
- {
- dest->field_data1 = BN_MONT_CTX_new();
- if (dest->field_data1 == NULL) return 0;
- if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) goto err;
- }
- if (src->field_data2 != NULL)
- {
- dest->field_data2 = BN_dup(src->field_data2);
- if (dest->field_data2 == NULL) goto err;
- }
-
- return 1;
-
- err:
- if (dest->field_data1 != NULL)
- {
- BN_MONT_CTX_free(dest->field_data1);
- dest->field_data1 = NULL;
- }
- return 0;
- }
-
-
-int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- BN_CTX *new_ctx = NULL;
- BN_MONT_CTX *mont = NULL;
- BIGNUM *one = NULL;
- int ret = 0;
-
- if (group->field_data1 != NULL)
- {
- BN_MONT_CTX_free(group->field_data1);
- group->field_data1 = NULL;
- }
- if (group->field_data2 != NULL)
- {
- BN_free(group->field_data2);
- group->field_data2 = NULL;
- }
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- mont = BN_MONT_CTX_new();
- if (mont == NULL) goto err;
- if (!BN_MONT_CTX_set(mont, p, ctx))
- {
- ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
- goto err;
- }
- one = BN_new();
- if (one == NULL) goto err;
- if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;
-
- group->field_data1 = mont;
- mont = NULL;
- group->field_data2 = one;
- one = NULL;
-
- ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
-
- if (!ret)
- {
- BN_MONT_CTX_free(group->field_data1);
- group->field_data1 = NULL;
- BN_free(group->field_data2);
- group->field_data2 = NULL;
- }
-
- err:
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- if (mont != NULL)
- BN_MONT_CTX_free(mont);
- return ret;
- }
-
-
-int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- if (group->field_data1 == NULL)
- {
- ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
- return 0;
- }
-
- return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
- }
-
-
-int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
- {
- if (group->field_data1 == NULL)
- {
- ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
- return 0;
- }
-
- return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
- }
-
-
-int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
- {
- if (group->field_data1 == NULL)
- {
- ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
- return 0;
- }
-
- return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
- }
-
-
-int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
- {
- if (group->field_data1 == NULL)
- {
- ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
- return 0;
- }
-
- return BN_from_montgomery(r, a, group->field_data1, ctx);
- }
-
-
-int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
- {
- if (group->field_data2 == NULL)
- {
- ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);
- return 0;
- }
-
- if (!BN_copy(r, group->field_data2)) return 0;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_mont.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ecp_mont.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_mont.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_mont.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,300 @@
+/* crypto/ec/ecp_mont.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+const EC_METHOD *EC_GFp_mont_method(void)
+{
+ static const EC_METHOD ret = {
+ NID_X9_62_prime_field,
+ ec_GFp_mont_group_init,
+ ec_GFp_mont_group_finish,
+ ec_GFp_mont_group_clear_finish,
+ ec_GFp_mont_group_copy,
+ ec_GFp_mont_group_set_curve,
+ ec_GFp_simple_group_get_curve,
+ ec_GFp_simple_group_get_degree,
+ ec_GFp_simple_group_check_discriminant,
+ ec_GFp_simple_point_init,
+ ec_GFp_simple_point_finish,
+ ec_GFp_simple_point_clear_finish,
+ ec_GFp_simple_point_copy,
+ ec_GFp_simple_point_set_to_infinity,
+ ec_GFp_simple_set_Jprojective_coordinates_GFp,
+ ec_GFp_simple_get_Jprojective_coordinates_GFp,
+ ec_GFp_simple_point_set_affine_coordinates,
+ ec_GFp_simple_point_get_affine_coordinates,
+ ec_GFp_simple_set_compressed_coordinates,
+ ec_GFp_simple_point2oct,
+ ec_GFp_simple_oct2point,
+ ec_GFp_simple_add,
+ ec_GFp_simple_dbl,
+ ec_GFp_simple_invert,
+ ec_GFp_simple_is_at_infinity,
+ ec_GFp_simple_is_on_curve,
+ ec_GFp_simple_cmp,
+ ec_GFp_simple_make_affine,
+ ec_GFp_simple_points_make_affine,
+ 0 /* mul */ ,
+ 0 /* precompute_mult */ ,
+ 0 /* have_precompute_mult */ ,
+ ec_GFp_mont_field_mul,
+ ec_GFp_mont_field_sqr,
+ 0 /* field_div */ ,
+ ec_GFp_mont_field_encode,
+ ec_GFp_mont_field_decode,
+ ec_GFp_mont_field_set_to_one
+ };
+
+ return &ret;
+}
+
+int ec_GFp_mont_group_init(EC_GROUP *group)
+{
+ int ok;
+
+ ok = ec_GFp_simple_group_init(group);
+ group->field_data1 = NULL;
+ group->field_data2 = NULL;
+ return ok;
+}
+
+void ec_GFp_mont_group_finish(EC_GROUP *group)
+{
+ if (group->field_data1 != NULL) {
+ BN_MONT_CTX_free(group->field_data1);
+ group->field_data1 = NULL;
+ }
+ if (group->field_data2 != NULL) {
+ BN_free(group->field_data2);
+ group->field_data2 = NULL;
+ }
+ ec_GFp_simple_group_finish(group);
+}
+
+void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
+{
+ if (group->field_data1 != NULL) {
+ BN_MONT_CTX_free(group->field_data1);
+ group->field_data1 = NULL;
+ }
+ if (group->field_data2 != NULL) {
+ BN_clear_free(group->field_data2);
+ group->field_data2 = NULL;
+ }
+ ec_GFp_simple_group_clear_finish(group);
+}
+
+int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+ if (dest->field_data1 != NULL) {
+ BN_MONT_CTX_free(dest->field_data1);
+ dest->field_data1 = NULL;
+ }
+ if (dest->field_data2 != NULL) {
+ BN_clear_free(dest->field_data2);
+ dest->field_data2 = NULL;
+ }
+
+ if (!ec_GFp_simple_group_copy(dest, src))
+ return 0;
+
+ if (src->field_data1 != NULL) {
+ dest->field_data1 = BN_MONT_CTX_new();
+ if (dest->field_data1 == NULL)
+ return 0;
+ if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1))
+ goto err;
+ }
+ if (src->field_data2 != NULL) {
+ dest->field_data2 = BN_dup(src->field_data2);
+ if (dest->field_data2 == NULL)
+ goto err;
+ }
+
+ return 1;
+
+ err:
+ if (dest->field_data1 != NULL) {
+ BN_MONT_CTX_free(dest->field_data1);
+ dest->field_data1 = NULL;
+ }
+ return 0;
+}
+
+int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+ BN_CTX *new_ctx = NULL;
+ BN_MONT_CTX *mont = NULL;
+ BIGNUM *one = NULL;
+ int ret = 0;
+
+ if (group->field_data1 != NULL) {
+ BN_MONT_CTX_free(group->field_data1);
+ group->field_data1 = NULL;
+ }
+ if (group->field_data2 != NULL) {
+ BN_free(group->field_data2);
+ group->field_data2 = NULL;
+ }
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ mont = BN_MONT_CTX_new();
+ if (mont == NULL)
+ goto err;
+ if (!BN_MONT_CTX_set(mont, p, ctx)) {
+ ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
+ goto err;
+ }
+ one = BN_new();
+ if (one == NULL)
+ goto err;
+ if (!BN_to_montgomery(one, BN_value_one(), mont, ctx))
+ goto err;
+
+ group->field_data1 = mont;
+ mont = NULL;
+ group->field_data2 = one;
+ one = NULL;
+
+ ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+
+ if (!ret) {
+ BN_MONT_CTX_free(group->field_data1);
+ group->field_data1 = NULL;
+ BN_free(group->field_data2);
+ group->field_data2 = NULL;
+ }
+
+ err:
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ if (mont != NULL)
+ BN_MONT_CTX_free(mont);
+ return ret;
+}
+
+int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *ctx)
+{
+ if (group->field_data1 == NULL) {
+ ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
+ return 0;
+ }
+
+ return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+ BN_CTX *ctx)
+{
+ if (group->field_data1 == NULL) {
+ ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
+ return 0;
+ }
+
+ return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r,
+ const BIGNUM *a, BN_CTX *ctx)
+{
+ if (group->field_data1 == NULL) {
+ ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
+ return 0;
+ }
+
+ return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r,
+ const BIGNUM *a, BN_CTX *ctx)
+{
+ if (group->field_data1 == NULL) {
+ ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
+ return 0;
+ }
+
+ return BN_from_montgomery(r, a, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r,
+ BN_CTX *ctx)
+{
+ if (group->field_data2 == NULL) {
+ ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);
+ return 0;
+ }
+
+ if (!BN_copy(r, group->field_data2))
+ return 0;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_nist.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ecp_nist.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_nist.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,236 +0,0 @@
-/* crypto/ec/ecp_nist.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
-#include <limits.h>
-
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
-#include "ec_lcl.h"
-
-const EC_METHOD *EC_GFp_nist_method(void)
- {
- static const EC_METHOD ret = {
- NID_X9_62_prime_field,
- ec_GFp_simple_group_init,
- ec_GFp_simple_group_finish,
- ec_GFp_simple_group_clear_finish,
- ec_GFp_nist_group_copy,
- ec_GFp_nist_group_set_curve,
- ec_GFp_simple_group_get_curve,
- ec_GFp_simple_group_get_degree,
- ec_GFp_simple_group_check_discriminant,
- ec_GFp_simple_point_init,
- ec_GFp_simple_point_finish,
- ec_GFp_simple_point_clear_finish,
- ec_GFp_simple_point_copy,
- ec_GFp_simple_point_set_to_infinity,
- ec_GFp_simple_set_Jprojective_coordinates_GFp,
- ec_GFp_simple_get_Jprojective_coordinates_GFp,
- ec_GFp_simple_point_set_affine_coordinates,
- ec_GFp_simple_point_get_affine_coordinates,
- ec_GFp_simple_set_compressed_coordinates,
- ec_GFp_simple_point2oct,
- ec_GFp_simple_oct2point,
- ec_GFp_simple_add,
- ec_GFp_simple_dbl,
- ec_GFp_simple_invert,
- ec_GFp_simple_is_at_infinity,
- ec_GFp_simple_is_on_curve,
- ec_GFp_simple_cmp,
- ec_GFp_simple_make_affine,
- ec_GFp_simple_points_make_affine,
- 0 /* mul */,
- 0 /* precompute_mult */,
- 0 /* have_precompute_mult */,
- ec_GFp_nist_field_mul,
- ec_GFp_nist_field_sqr,
- 0 /* field_div */,
- 0 /* field_encode */,
- 0 /* field_decode */,
- 0 /* field_set_to_one */ };
-
- return &ret;
- }
-
-#if BN_BITS2 == 64
-#define NO_32_BIT_TYPE
-#endif
-
-int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
- {
- dest->field_mod_func = src->field_mod_func;
-
- return ec_GFp_simple_group_copy(dest, src);
- }
-
-int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
- const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- int ret = 0;
- BN_CTX *new_ctx = NULL;
- BIGNUM *tmp_bn;
-
- if (ctx == NULL)
- if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0;
-
- BN_CTX_start(ctx);
- if ((tmp_bn = BN_CTX_get(ctx)) == NULL) goto err;
-
- if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
- group->field_mod_func = BN_nist_mod_192;
- else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0)
- {
-#ifndef NO_32_BIT_TYPE
- group->field_mod_func = BN_nist_mod_224;
-#else
- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
- goto err;
-#endif
- }
- else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
- {
-#ifndef NO_32_BIT_TYPE
- group->field_mod_func = BN_nist_mod_256;
-#else
- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
- goto err;
-#endif
- }
- else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
- {
-#ifndef NO_32_BIT_TYPE
- group->field_mod_func = BN_nist_mod_384;
-#else
- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
- goto err;
-#endif
- }
- else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
- /* this one works in the NO_32_BIT_TYPE case */
- group->field_mod_func = BN_nist_mod_521;
- else
- {
- ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);
- goto err;
- }
-
- ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
-
- err:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *b, BN_CTX *ctx)
- {
- int ret=0;
- BN_CTX *ctx_new=NULL;
-
- if (!group || !r || !a || !b)
- {
- ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);
- goto err;
- }
- if (!ctx)
- if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err;
-
- if (!BN_mul(r, a, b, ctx)) goto err;
- if (!group->field_mod_func(r, r, &group->field, ctx))
- goto err;
-
- ret=1;
-err:
- if (ctx_new)
- BN_CTX_free(ctx_new);
- return ret;
- }
-
-
-int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
- BN_CTX *ctx)
- {
- int ret=0;
- BN_CTX *ctx_new=NULL;
-
- if (!group || !r || !a)
- {
- ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);
- goto err;
- }
- if (!ctx)
- if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err;
-
- if (!BN_sqr(r, a, ctx)) goto err;
- if (!group->field_mod_func(r, r, &group->field, ctx))
- goto err;
-
- ret=1;
-err:
- if (ctx_new)
- BN_CTX_free(ctx_new);
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_nist.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ecp_nist.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_nist.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_nist.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,235 @@
+/* crypto/ec/ecp_nist.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <limits.h>
+
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include "ec_lcl.h"
+
+const EC_METHOD *EC_GFp_nist_method(void)
+{
+ static const EC_METHOD ret = {
+ NID_X9_62_prime_field,
+ ec_GFp_simple_group_init,
+ ec_GFp_simple_group_finish,
+ ec_GFp_simple_group_clear_finish,
+ ec_GFp_nist_group_copy,
+ ec_GFp_nist_group_set_curve,
+ ec_GFp_simple_group_get_curve,
+ ec_GFp_simple_group_get_degree,
+ ec_GFp_simple_group_check_discriminant,
+ ec_GFp_simple_point_init,
+ ec_GFp_simple_point_finish,
+ ec_GFp_simple_point_clear_finish,
+ ec_GFp_simple_point_copy,
+ ec_GFp_simple_point_set_to_infinity,
+ ec_GFp_simple_set_Jprojective_coordinates_GFp,
+ ec_GFp_simple_get_Jprojective_coordinates_GFp,
+ ec_GFp_simple_point_set_affine_coordinates,
+ ec_GFp_simple_point_get_affine_coordinates,
+ ec_GFp_simple_set_compressed_coordinates,
+ ec_GFp_simple_point2oct,
+ ec_GFp_simple_oct2point,
+ ec_GFp_simple_add,
+ ec_GFp_simple_dbl,
+ ec_GFp_simple_invert,
+ ec_GFp_simple_is_at_infinity,
+ ec_GFp_simple_is_on_curve,
+ ec_GFp_simple_cmp,
+ ec_GFp_simple_make_affine,
+ ec_GFp_simple_points_make_affine,
+ 0 /* mul */ ,
+ 0 /* precompute_mult */ ,
+ 0 /* have_precompute_mult */ ,
+ ec_GFp_nist_field_mul,
+ ec_GFp_nist_field_sqr,
+ 0 /* field_div */ ,
+ 0 /* field_encode */ ,
+ 0 /* field_decode */ ,
+ 0 /* field_set_to_one */
+ };
+
+ return &ret;
+}
+
+#if BN_BITS2 == 64
+# define NO_32_BIT_TYPE
+#endif
+
+int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+ dest->field_mod_func = src->field_mod_func;
+
+ return ec_GFp_simple_group_copy(dest, src);
+}
+
+int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+ const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+ int ret = 0;
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *tmp_bn;
+
+ if (ctx == NULL)
+ if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+ return 0;
+
+ BN_CTX_start(ctx);
+ if ((tmp_bn = BN_CTX_get(ctx)) == NULL)
+ goto err;
+
+ if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
+ group->field_mod_func = BN_nist_mod_192;
+ else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) {
+#ifndef NO_32_BIT_TYPE
+ group->field_mod_func = BN_nist_mod_224;
+#else
+ ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE,
+ EC_R_NOT_A_SUPPORTED_NIST_PRIME);
+ goto err;
+#endif
+ } else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) {
+#ifndef NO_32_BIT_TYPE
+ group->field_mod_func = BN_nist_mod_256;
+#else
+ ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE,
+ EC_R_NOT_A_SUPPORTED_NIST_PRIME);
+ goto err;
+#endif
+ } else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) {
+#ifndef NO_32_BIT_TYPE
+ group->field_mod_func = BN_nist_mod_384;
+#else
+ ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE,
+ EC_R_NOT_A_SUPPORTED_NIST_PRIME);
+ goto err;
+#endif
+ } else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
+ /* this one works in the NO_32_BIT_TYPE case */
+ group->field_mod_func = BN_nist_mod_521;
+ else {
+ ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);
+ goto err;
+ }
+
+ ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *ctx)
+{
+ int ret = 0;
+ BN_CTX *ctx_new = NULL;
+
+ if (!group || !r || !a || !b) {
+ ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);
+ goto err;
+ }
+ if (!ctx)
+ if ((ctx_new = ctx = BN_CTX_new()) == NULL)
+ goto err;
+
+ if (!BN_mul(r, a, b, ctx))
+ goto err;
+ if (!group->field_mod_func(r, r, &group->field, ctx))
+ goto err;
+
+ ret = 1;
+ err:
+ if (ctx_new)
+ BN_CTX_free(ctx_new);
+ return ret;
+}
+
+int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+ BN_CTX *ctx)
+{
+ int ret = 0;
+ BN_CTX *ctx_new = NULL;
+
+ if (!group || !r || !a) {
+ ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);
+ goto err;
+ }
+ if (!ctx)
+ if ((ctx_new = ctx = BN_CTX_new()) == NULL)
+ goto err;
+
+ if (!BN_sqr(r, a, ctx))
+ goto err;
+ if (!group->field_mod_func(r, r, &group->field, ctx))
+ goto err;
+
+ ret = 1;
+ err:
+ if (ctx_new)
+ BN_CTX_free(ctx_new);
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_smpl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_smpl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1697 +0,0 @@
-/* crypto/ec/ecp_smpl.c */
-/* Includes code written by Lenka Fibikova <fibikova at exp-math.uni-essen.de>
- * for the OpenSSL project.
- * Includes code written by Bodo Moeller for the OpenSSL project.
-*/
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-
-#include <openssl/err.h>
-#include <openssl/symhacks.h>
-
-#include "ec_lcl.h"
-
-const EC_METHOD *EC_GFp_simple_method(void)
- {
- static const EC_METHOD ret = {
- NID_X9_62_prime_field,
- ec_GFp_simple_group_init,
- ec_GFp_simple_group_finish,
- ec_GFp_simple_group_clear_finish,
- ec_GFp_simple_group_copy,
- ec_GFp_simple_group_set_curve,
- ec_GFp_simple_group_get_curve,
- ec_GFp_simple_group_get_degree,
- ec_GFp_simple_group_check_discriminant,
- ec_GFp_simple_point_init,
- ec_GFp_simple_point_finish,
- ec_GFp_simple_point_clear_finish,
- ec_GFp_simple_point_copy,
- ec_GFp_simple_point_set_to_infinity,
- ec_GFp_simple_set_Jprojective_coordinates_GFp,
- ec_GFp_simple_get_Jprojective_coordinates_GFp,
- ec_GFp_simple_point_set_affine_coordinates,
- ec_GFp_simple_point_get_affine_coordinates,
- ec_GFp_simple_set_compressed_coordinates,
- ec_GFp_simple_point2oct,
- ec_GFp_simple_oct2point,
- ec_GFp_simple_add,
- ec_GFp_simple_dbl,
- ec_GFp_simple_invert,
- ec_GFp_simple_is_at_infinity,
- ec_GFp_simple_is_on_curve,
- ec_GFp_simple_cmp,
- ec_GFp_simple_make_affine,
- ec_GFp_simple_points_make_affine,
- 0 /* mul */,
- 0 /* precompute_mult */,
- 0 /* have_precompute_mult */,
- ec_GFp_simple_field_mul,
- ec_GFp_simple_field_sqr,
- 0 /* field_div */,
- 0 /* field_encode */,
- 0 /* field_decode */,
- 0 /* field_set_to_one */ };
-
- return &ret;
- }
-
-
-/* Most method functions in this file are designed to work with
- * non-trivial representations of field elements if necessary
- * (see ecp_mont.c): while standard modular addition and subtraction
- * are used, the field_mul and field_sqr methods will be used for
- * multiplication, and field_encode and field_decode (if defined)
- * will be used for converting between representations.
-
- * Functions ec_GFp_simple_points_make_affine() and
- * ec_GFp_simple_point_get_affine_coordinates() specifically assume
- * that if a non-trivial representation is used, it is a Montgomery
- * representation (i.e. 'encoding' means multiplying by some factor R).
- */
-
-
-int ec_GFp_simple_group_init(EC_GROUP *group)
- {
- BN_init(&group->field);
- BN_init(&group->a);
- BN_init(&group->b);
- group->a_is_minus3 = 0;
- return 1;
- }
-
-
-void ec_GFp_simple_group_finish(EC_GROUP *group)
- {
- BN_free(&group->field);
- BN_free(&group->a);
- BN_free(&group->b);
- }
-
-
-void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
- {
- BN_clear_free(&group->field);
- BN_clear_free(&group->a);
- BN_clear_free(&group->b);
- }
-
-
-int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
- {
- if (!BN_copy(&dest->field, &src->field)) return 0;
- if (!BN_copy(&dest->a, &src->a)) return 0;
- if (!BN_copy(&dest->b, &src->b)) return 0;
-
- dest->a_is_minus3 = src->a_is_minus3;
-
- return 1;
- }
-
-
-int ec_GFp_simple_group_set_curve(EC_GROUP *group,
- const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- int ret = 0;
- BN_CTX *new_ctx = NULL;
- BIGNUM *tmp_a;
-
- /* p must be a prime > 3 */
- if (BN_num_bits(p) <= 2 || !BN_is_odd(p))
- {
- ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
- return 0;
- }
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- BN_CTX_start(ctx);
- tmp_a = BN_CTX_get(ctx);
- if (tmp_a == NULL) goto err;
-
- /* group->field */
- if (!BN_copy(&group->field, p)) goto err;
- BN_set_negative(&group->field, 0);
-
- /* group->a */
- if (!BN_nnmod(tmp_a, a, p, ctx)) goto err;
- if (group->meth->field_encode)
- { if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; }
- else
- if (!BN_copy(&group->a, tmp_a)) goto err;
-
- /* group->b */
- if (!BN_nnmod(&group->b, b, p, ctx)) goto err;
- if (group->meth->field_encode)
- if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err;
-
- /* group->a_is_minus3 */
- if (!BN_add_word(tmp_a, 3)) goto err;
- group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
- {
- int ret = 0;
- BN_CTX *new_ctx = NULL;
-
- if (p != NULL)
- {
- if (!BN_copy(p, &group->field)) return 0;
- }
-
- if (a != NULL || b != NULL)
- {
- if (group->meth->field_decode)
- {
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
- if (a != NULL)
- {
- if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
- }
- if (b != NULL)
- {
- if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
- }
- }
- else
- {
- if (a != NULL)
- {
- if (!BN_copy(a, &group->a)) goto err;
- }
- if (b != NULL)
- {
- if (!BN_copy(b, &group->b)) goto err;
- }
- }
- }
-
- ret = 1;
-
- err:
- if (new_ctx)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_simple_group_get_degree(const EC_GROUP *group)
- {
- return BN_num_bits(&group->field);
- }
-
-
-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
- {
- int ret = 0;
- BIGNUM *a,*b,*order,*tmp_1,*tmp_2;
- const BIGNUM *p = &group->field;
- BN_CTX *new_ctx = NULL;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- BN_CTX_start(ctx);
- a = BN_CTX_get(ctx);
- b = BN_CTX_get(ctx);
- tmp_1 = BN_CTX_get(ctx);
- tmp_2 = BN_CTX_get(ctx);
- order = BN_CTX_get(ctx);
- if (order == NULL) goto err;
-
- if (group->meth->field_decode)
- {
- if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
- if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
- }
- else
- {
- if (!BN_copy(a, &group->a)) goto err;
- if (!BN_copy(b, &group->b)) goto err;
- }
-
- /* check the discriminant:
- * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p)
- * 0 =< a, b < p */
- if (BN_is_zero(a))
- {
- if (BN_is_zero(b)) goto err;
- }
- else if (!BN_is_zero(b))
- {
- if (!BN_mod_sqr(tmp_1, a, p, ctx)) goto err;
- if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) goto err;
- if (!BN_lshift(tmp_1, tmp_2, 2)) goto err;
- /* tmp_1 = 4*a^3 */
-
- if (!BN_mod_sqr(tmp_2, b, p, ctx)) goto err;
- if (!BN_mul_word(tmp_2, 27)) goto err;
- /* tmp_2 = 27*b^2 */
-
- if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err;
- if (BN_is_zero(a)) goto err;
- }
- ret = 1;
-
-err:
- if (ctx != NULL)
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_simple_point_init(EC_POINT *point)
- {
- BN_init(&point->X);
- BN_init(&point->Y);
- BN_init(&point->Z);
- point->Z_is_one = 0;
-
- return 1;
- }
-
-
-void ec_GFp_simple_point_finish(EC_POINT *point)
- {
- BN_free(&point->X);
- BN_free(&point->Y);
- BN_free(&point->Z);
- }
-
-
-void ec_GFp_simple_point_clear_finish(EC_POINT *point)
- {
- BN_clear_free(&point->X);
- BN_clear_free(&point->Y);
- BN_clear_free(&point->Z);
- point->Z_is_one = 0;
- }
-
-
-int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
- {
- if (!BN_copy(&dest->X, &src->X)) return 0;
- if (!BN_copy(&dest->Y, &src->Y)) return 0;
- if (!BN_copy(&dest->Z, &src->Z)) return 0;
- dest->Z_is_one = src->Z_is_one;
-
- return 1;
- }
-
-
-int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
- {
- point->Z_is_one = 0;
- BN_zero(&point->Z);
- return 1;
- }
-
-
-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
- const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
- {
- BN_CTX *new_ctx = NULL;
- int ret = 0;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- if (x != NULL)
- {
- if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err;
- if (group->meth->field_encode)
- {
- if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err;
- }
- }
-
- if (y != NULL)
- {
- if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err;
- if (group->meth->field_encode)
- {
- if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err;
- }
- }
-
- if (z != NULL)
- {
- int Z_is_one;
-
- if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err;
- Z_is_one = BN_is_one(&point->Z);
- if (group->meth->field_encode)
- {
- if (Z_is_one && (group->meth->field_set_to_one != 0))
- {
- if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err;
- }
- else
- {
- if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err;
- }
- }
- point->Z_is_one = Z_is_one;
- }
-
- ret = 1;
-
- err:
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
- BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
- {
- BN_CTX *new_ctx = NULL;
- int ret = 0;
-
- if (group->meth->field_decode != 0)
- {
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- if (x != NULL)
- {
- if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
- }
- if (y != NULL)
- {
- if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
- }
- if (z != NULL)
- {
- if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err;
- }
- }
- else
- {
- if (x != NULL)
- {
- if (!BN_copy(x, &point->X)) goto err;
- }
- if (y != NULL)
- {
- if (!BN_copy(y, &point->Y)) goto err;
- }
- if (z != NULL)
- {
- if (!BN_copy(z, &point->Z)) goto err;
- }
- }
-
- ret = 1;
-
- err:
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
- const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
- {
- if (x == NULL || y == NULL)
- {
- /* unlike for projective coordinates, we do not tolerate this */
- ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
- return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
- }
-
-
-int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
- BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
- {
- BN_CTX *new_ctx = NULL;
- BIGNUM *Z, *Z_1, *Z_2, *Z_3;
- const BIGNUM *Z_;
- int ret = 0;
-
- if (EC_POINT_is_at_infinity(group, point))
- {
- ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
- return 0;
- }
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- BN_CTX_start(ctx);
- Z = BN_CTX_get(ctx);
- Z_1 = BN_CTX_get(ctx);
- Z_2 = BN_CTX_get(ctx);
- Z_3 = BN_CTX_get(ctx);
- if (Z_3 == NULL) goto err;
-
- /* transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3) */
-
- if (group->meth->field_decode)
- {
- if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err;
- Z_ = Z;
- }
- else
- {
- Z_ = &point->Z;
- }
-
- if (BN_is_one(Z_))
- {
- if (group->meth->field_decode)
- {
- if (x != NULL)
- {
- if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
- }
- if (y != NULL)
- {
- if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
- }
- }
- else
- {
- if (x != NULL)
- {
- if (!BN_copy(x, &point->X)) goto err;
- }
- if (y != NULL)
- {
- if (!BN_copy(y, &point->Y)) goto err;
- }
- }
- }
- else
- {
- if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx))
- {
- ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB);
- goto err;
- }
-
- if (group->meth->field_encode == 0)
- {
- /* field_sqr works on standard representation */
- if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err;
- }
- else
- {
- if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err;
- }
-
- if (x != NULL)
- {
- /* in the Montgomery case, field_mul will cancel out Montgomery factor in X: */
- if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) goto err;
- }
-
- if (y != NULL)
- {
- if (group->meth->field_encode == 0)
- {
- /* field_mul works on standard representation */
- if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err;
- }
- else
- {
- if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err;
- }
-
- /* in the Montgomery case, field_mul will cancel out Montgomery factor in Y: */
- if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) goto err;
- }
- }
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
- const BIGNUM *x_, int y_bit, BN_CTX *ctx)
- {
- BN_CTX *new_ctx = NULL;
- BIGNUM *tmp1, *tmp2, *x, *y;
- int ret = 0;
-
- /* clear error queue*/
- ERR_clear_error();
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- y_bit = (y_bit != 0);
-
- BN_CTX_start(ctx);
- tmp1 = BN_CTX_get(ctx);
- tmp2 = BN_CTX_get(ctx);
- x = BN_CTX_get(ctx);
- y = BN_CTX_get(ctx);
- if (y == NULL) goto err;
-
- /* Recover y. We have a Weierstrass equation
- * y^2 = x^3 + a*x + b,
- * so y is one of the square roots of x^3 + a*x + b.
- */
-
- /* tmp1 := x^3 */
- if (!BN_nnmod(x, x_, &group->field,ctx)) goto err;
- if (group->meth->field_decode == 0)
- {
- /* field_{sqr,mul} work on standard representation */
- if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err;
- if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err;
- }
- else
- {
- if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err;
- if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err;
- }
-
- /* tmp1 := tmp1 + a*x */
- if (group->a_is_minus3)
- {
- if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err;
- if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err;
- if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
- }
- else
- {
- if (group->meth->field_decode)
- {
- if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err;
- if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err;
- }
- else
- {
- /* field_mul works on standard representation */
- if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err;
- }
-
- if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
- }
-
- /* tmp1 := tmp1 + b */
- if (group->meth->field_decode)
- {
- if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err;
- if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
- }
- else
- {
- if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err;
- }
-
- if (!BN_mod_sqrt(y, tmp1, &group->field, ctx))
- {
- unsigned long err = ERR_peek_last_error();
-
- if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE)
- {
- ERR_clear_error();
- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
- }
- else
- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
- goto err;
- }
-
- if (y_bit != BN_is_odd(y))
- {
- if (BN_is_zero(y))
- {
- int kron;
-
- kron = BN_kronecker(x, &group->field, ctx);
- if (kron == -2) goto err;
-
- if (kron == 1)
- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT);
- else
- /* BN_mod_sqrt() should have cought this error (not a square) */
- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
- goto err;
- }
- if (!BN_usub(y, &group->field, y)) goto err;
- }
- if (y_bit != BN_is_odd(y))
- {
- ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
- unsigned char *buf, size_t len, BN_CTX *ctx)
- {
- size_t ret;
- BN_CTX *new_ctx = NULL;
- int used_ctx = 0;
- BIGNUM *x, *y;
- size_t field_len, i, skip;
-
- if ((form != POINT_CONVERSION_COMPRESSED)
- && (form != POINT_CONVERSION_UNCOMPRESSED)
- && (form != POINT_CONVERSION_HYBRID))
- {
- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
- goto err;
- }
-
- if (EC_POINT_is_at_infinity(group, point))
- {
- /* encodes to a single 0 octet */
- if (buf != NULL)
- {
- if (len < 1)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
- return 0;
- }
- buf[0] = 0;
- }
- return 1;
- }
-
-
- /* ret := required output buffer length */
- field_len = BN_num_bytes(&group->field);
- ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
- /* if 'buf' is NULL, just return required length */
- if (buf != NULL)
- {
- if (len < ret)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
- goto err;
- }
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- BN_CTX_start(ctx);
- used_ctx = 1;
- x = BN_CTX_get(ctx);
- y = BN_CTX_get(ctx);
- if (y == NULL) goto err;
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-
- if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
- buf[0] = form + 1;
- else
- buf[0] = form;
-
- i = 1;
-
- skip = field_len - BN_num_bytes(x);
- if (skip > field_len)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- while (skip > 0)
- {
- buf[i++] = 0;
- skip--;
- }
- skip = BN_bn2bin(x, buf + i);
- i += skip;
- if (i != 1 + field_len)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
- {
- skip = field_len - BN_num_bytes(y);
- if (skip > field_len)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- while (skip > 0)
- {
- buf[i++] = 0;
- skip--;
- }
- skip = BN_bn2bin(y, buf + i);
- i += skip;
- }
-
- if (i != ret)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- if (used_ctx)
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
-
- err:
- if (used_ctx)
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return 0;
- }
-
-
-int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
- const unsigned char *buf, size_t len, BN_CTX *ctx)
- {
- point_conversion_form_t form;
- int y_bit;
- BN_CTX *new_ctx = NULL;
- BIGNUM *x, *y;
- size_t field_len, enc_len;
- int ret = 0;
-
- if (len == 0)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
- return 0;
- }
- form = buf[0];
- y_bit = form & 1;
- form = form & ~1U;
- if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
- && (form != POINT_CONVERSION_UNCOMPRESSED)
- && (form != POINT_CONVERSION_HYBRID))
- {
- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- return 0;
- }
- if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- return 0;
- }
-
- if (form == 0)
- {
- if (len != 1)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- return 0;
- }
-
- return EC_POINT_set_to_infinity(group, point);
- }
-
- field_len = BN_num_bytes(&group->field);
- enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
- if (len != enc_len)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- return 0;
- }
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- BN_CTX_start(ctx);
- x = BN_CTX_get(ctx);
- y = BN_CTX_get(ctx);
- if (y == NULL) goto err;
-
- if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
- if (BN_ucmp(x, &group->field) >= 0)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- goto err;
- }
-
- if (form == POINT_CONVERSION_COMPRESSED)
- {
- if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err;
- }
- else
- {
- if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
- if (BN_ucmp(y, &group->field) >= 0)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- goto err;
- }
- if (form == POINT_CONVERSION_HYBRID)
- {
- if (y_bit != BN_is_odd(y))
- {
- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
- goto err;
- }
- }
-
- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
- }
-
- if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
- {
- ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
- goto err;
- }
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
- {
- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
- const BIGNUM *p;
- BN_CTX *new_ctx = NULL;
- BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
- int ret = 0;
-
- if (a == b)
- return EC_POINT_dbl(group, r, a, ctx);
- if (EC_POINT_is_at_infinity(group, a))
- return EC_POINT_copy(r, b);
- if (EC_POINT_is_at_infinity(group, b))
- return EC_POINT_copy(r, a);
-
- field_mul = group->meth->field_mul;
- field_sqr = group->meth->field_sqr;
- p = &group->field;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- BN_CTX_start(ctx);
- n0 = BN_CTX_get(ctx);
- n1 = BN_CTX_get(ctx);
- n2 = BN_CTX_get(ctx);
- n3 = BN_CTX_get(ctx);
- n4 = BN_CTX_get(ctx);
- n5 = BN_CTX_get(ctx);
- n6 = BN_CTX_get(ctx);
- if (n6 == NULL) goto end;
-
- /* Note that in this function we must not read components of 'a' or 'b'
- * once we have written the corresponding components of 'r'.
- * ('r' might be one of 'a' or 'b'.)
- */
-
- /* n1, n2 */
- if (b->Z_is_one)
- {
- if (!BN_copy(n1, &a->X)) goto end;
- if (!BN_copy(n2, &a->Y)) goto end;
- /* n1 = X_a */
- /* n2 = Y_a */
- }
- else
- {
- if (!field_sqr(group, n0, &b->Z, ctx)) goto end;
- if (!field_mul(group, n1, &a->X, n0, ctx)) goto end;
- /* n1 = X_a * Z_b^2 */
-
- if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end;
- if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end;
- /* n2 = Y_a * Z_b^3 */
- }
-
- /* n3, n4 */
- if (a->Z_is_one)
- {
- if (!BN_copy(n3, &b->X)) goto end;
- if (!BN_copy(n4, &b->Y)) goto end;
- /* n3 = X_b */
- /* n4 = Y_b */
- }
- else
- {
- if (!field_sqr(group, n0, &a->Z, ctx)) goto end;
- if (!field_mul(group, n3, &b->X, n0, ctx)) goto end;
- /* n3 = X_b * Z_a^2 */
-
- if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end;
- if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end;
- /* n4 = Y_b * Z_a^3 */
- }
-
- /* n5, n6 */
- if (!BN_mod_sub_quick(n5, n1, n3, p)) goto end;
- if (!BN_mod_sub_quick(n6, n2, n4, p)) goto end;
- /* n5 = n1 - n3 */
- /* n6 = n2 - n4 */
-
- if (BN_is_zero(n5))
- {
- if (BN_is_zero(n6))
- {
- /* a is the same point as b */
- BN_CTX_end(ctx);
- ret = EC_POINT_dbl(group, r, a, ctx);
- ctx = NULL;
- goto end;
- }
- else
- {
- /* a is the inverse of b */
- BN_zero(&r->Z);
- r->Z_is_one = 0;
- ret = 1;
- goto end;
- }
- }
-
- /* 'n7', 'n8' */
- if (!BN_mod_add_quick(n1, n1, n3, p)) goto end;
- if (!BN_mod_add_quick(n2, n2, n4, p)) goto end;
- /* 'n7' = n1 + n3 */
- /* 'n8' = n2 + n4 */
-
- /* Z_r */
- if (a->Z_is_one && b->Z_is_one)
- {
- if (!BN_copy(&r->Z, n5)) goto end;
- }
- else
- {
- if (a->Z_is_one)
- { if (!BN_copy(n0, &b->Z)) goto end; }
- else if (b->Z_is_one)
- { if (!BN_copy(n0, &a->Z)) goto end; }
- else
- { if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; }
- if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end;
- }
- r->Z_is_one = 0;
- /* Z_r = Z_a * Z_b * n5 */
-
- /* X_r */
- if (!field_sqr(group, n0, n6, ctx)) goto end;
- if (!field_sqr(group, n4, n5, ctx)) goto end;
- if (!field_mul(group, n3, n1, n4, ctx)) goto end;
- if (!BN_mod_sub_quick(&r->X, n0, n3, p)) goto end;
- /* X_r = n6^2 - n5^2 * 'n7' */
-
- /* 'n9' */
- if (!BN_mod_lshift1_quick(n0, &r->X, p)) goto end;
- if (!BN_mod_sub_quick(n0, n3, n0, p)) goto end;
- /* n9 = n5^2 * 'n7' - 2 * X_r */
-
- /* Y_r */
- if (!field_mul(group, n0, n0, n6, ctx)) goto end;
- if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */
- if (!field_mul(group, n1, n2, n5, ctx)) goto end;
- if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end;
- if (BN_is_odd(n0))
- if (!BN_add(n0, n0, p)) goto end;
- /* now 0 <= n0 < 2*p, and n0 is even */
- if (!BN_rshift1(&r->Y, n0)) goto end;
- /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
-
- ret = 1;
-
- end:
- if (ctx) /* otherwise we already called BN_CTX_end */
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
- {
- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
- const BIGNUM *p;
- BN_CTX *new_ctx = NULL;
- BIGNUM *n0, *n1, *n2, *n3;
- int ret = 0;
-
- if (EC_POINT_is_at_infinity(group, a))
- {
- BN_zero(&r->Z);
- r->Z_is_one = 0;
- return 1;
- }
-
- field_mul = group->meth->field_mul;
- field_sqr = group->meth->field_sqr;
- p = &group->field;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- BN_CTX_start(ctx);
- n0 = BN_CTX_get(ctx);
- n1 = BN_CTX_get(ctx);
- n2 = BN_CTX_get(ctx);
- n3 = BN_CTX_get(ctx);
- if (n3 == NULL) goto err;
-
- /* Note that in this function we must not read components of 'a'
- * once we have written the corresponding components of 'r'.
- * ('r' might the same as 'a'.)
- */
-
- /* n1 */
- if (a->Z_is_one)
- {
- if (!field_sqr(group, n0, &a->X, ctx)) goto err;
- if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
- if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
- if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err;
- /* n1 = 3 * X_a^2 + a_curve */
- }
- else if (group->a_is_minus3)
- {
- if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
- if (!BN_mod_add_quick(n0, &a->X, n1, p)) goto err;
- if (!BN_mod_sub_quick(n2, &a->X, n1, p)) goto err;
- if (!field_mul(group, n1, n0, n2, ctx)) goto err;
- if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
- if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
- /* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
- * = 3 * X_a^2 - 3 * Z_a^4 */
- }
- else
- {
- if (!field_sqr(group, n0, &a->X, ctx)) goto err;
- if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
- if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
- if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
- if (!field_sqr(group, n1, n1, ctx)) goto err;
- if (!field_mul(group, n1, n1, &group->a, ctx)) goto err;
- if (!BN_mod_add_quick(n1, n1, n0, p)) goto err;
- /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
- }
-
- /* Z_r */
- if (a->Z_is_one)
- {
- if (!BN_copy(n0, &a->Y)) goto err;
- }
- else
- {
- if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err;
- }
- if (!BN_mod_lshift1_quick(&r->Z, n0, p)) goto err;
- r->Z_is_one = 0;
- /* Z_r = 2 * Y_a * Z_a */
-
- /* n2 */
- if (!field_sqr(group, n3, &a->Y, ctx)) goto err;
- if (!field_mul(group, n2, &a->X, n3, ctx)) goto err;
- if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err;
- /* n2 = 4 * X_a * Y_a^2 */
-
- /* X_r */
- if (!BN_mod_lshift1_quick(n0, n2, p)) goto err;
- if (!field_sqr(group, &r->X, n1, ctx)) goto err;
- if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) goto err;
- /* X_r = n1^2 - 2 * n2 */
-
- /* n3 */
- if (!field_sqr(group, n0, n3, ctx)) goto err;
- if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err;
- /* n3 = 8 * Y_a^4 */
-
- /* Y_r */
- if (!BN_mod_sub_quick(n0, n2, &r->X, p)) goto err;
- if (!field_mul(group, n0, n1, n0, ctx)) goto err;
- if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) goto err;
- /* Y_r = n1 * (n2 - X_r) - n3 */
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
- {
- if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
- /* point is its own inverse */
- return 1;
-
- return BN_usub(&point->Y, &group->field, &point->Y);
- }
-
-
-int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
- {
- return BN_is_zero(&point->Z);
- }
-
-
-int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
- {
- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
- const BIGNUM *p;
- BN_CTX *new_ctx = NULL;
- BIGNUM *rh, *tmp, *Z4, *Z6;
- int ret = -1;
-
- if (EC_POINT_is_at_infinity(group, point))
- return 1;
-
- field_mul = group->meth->field_mul;
- field_sqr = group->meth->field_sqr;
- p = &group->field;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return -1;
- }
-
- BN_CTX_start(ctx);
- rh = BN_CTX_get(ctx);
- tmp = BN_CTX_get(ctx);
- Z4 = BN_CTX_get(ctx);
- Z6 = BN_CTX_get(ctx);
- if (Z6 == NULL) goto err;
-
- /* We have a curve defined by a Weierstrass equation
- * y^2 = x^3 + a*x + b.
- * The point to consider is given in Jacobian projective coordinates
- * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3).
- * Substituting this and multiplying by Z^6 transforms the above equation into
- * Y^2 = X^3 + a*X*Z^4 + b*Z^6.
- * To test this, we add up the right-hand side in 'rh'.
- */
-
- /* rh := X^2 */
- if (!field_sqr(group, rh, &point->X, ctx)) goto err;
-
- if (!point->Z_is_one)
- {
- if (!field_sqr(group, tmp, &point->Z, ctx)) goto err;
- if (!field_sqr(group, Z4, tmp, ctx)) goto err;
- if (!field_mul(group, Z6, Z4, tmp, ctx)) goto err;
-
- /* rh := (rh + a*Z^4)*X */
- if (group->a_is_minus3)
- {
- if (!BN_mod_lshift1_quick(tmp, Z4, p)) goto err;
- if (!BN_mod_add_quick(tmp, tmp, Z4, p)) goto err;
- if (!BN_mod_sub_quick(rh, rh, tmp, p)) goto err;
- if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
- }
- else
- {
- if (!field_mul(group, tmp, Z4, &group->a, ctx)) goto err;
- if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err;
- if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
- }
-
- /* rh := rh + b*Z^6 */
- if (!field_mul(group, tmp, &group->b, Z6, ctx)) goto err;
- if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err;
- }
- else
- {
- /* point->Z_is_one */
-
- /* rh := (rh + a)*X */
- if (!BN_mod_add_quick(rh, rh, &group->a, p)) goto err;
- if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
- /* rh := rh + b */
- if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err;
- }
-
- /* 'lh' := Y^2 */
- if (!field_sqr(group, tmp, &point->Y, ctx)) goto err;
-
- ret = (0 == BN_ucmp(tmp, rh));
-
- err:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
- {
- /* return values:
- * -1 error
- * 0 equal (in affine coordinates)
- * 1 not equal
- */
-
- int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
- int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
- BN_CTX *new_ctx = NULL;
- BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
- const BIGNUM *tmp1_, *tmp2_;
- int ret = -1;
-
- if (EC_POINT_is_at_infinity(group, a))
- {
- return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
- }
-
- if (EC_POINT_is_at_infinity(group, b))
- return 1;
-
- if (a->Z_is_one && b->Z_is_one)
- {
- return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
- }
-
- field_mul = group->meth->field_mul;
- field_sqr = group->meth->field_sqr;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return -1;
- }
-
- BN_CTX_start(ctx);
- tmp1 = BN_CTX_get(ctx);
- tmp2 = BN_CTX_get(ctx);
- Za23 = BN_CTX_get(ctx);
- Zb23 = BN_CTX_get(ctx);
- if (Zb23 == NULL) goto end;
-
- /* We have to decide whether
- * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
- * or equivalently, whether
- * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
- */
-
- if (!b->Z_is_one)
- {
- if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end;
- if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end;
- tmp1_ = tmp1;
- }
- else
- tmp1_ = &a->X;
- if (!a->Z_is_one)
- {
- if (!field_sqr(group, Za23, &a->Z, ctx)) goto end;
- if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end;
- tmp2_ = tmp2;
- }
- else
- tmp2_ = &b->X;
-
- /* compare X_a*Z_b^2 with X_b*Z_a^2 */
- if (BN_cmp(tmp1_, tmp2_) != 0)
- {
- ret = 1; /* points differ */
- goto end;
- }
-
-
- if (!b->Z_is_one)
- {
- if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end;
- if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end;
- /* tmp1_ = tmp1 */
- }
- else
- tmp1_ = &a->Y;
- if (!a->Z_is_one)
- {
- if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end;
- if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end;
- /* tmp2_ = tmp2 */
- }
- else
- tmp2_ = &b->Y;
-
- /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */
- if (BN_cmp(tmp1_, tmp2_) != 0)
- {
- ret = 1; /* points differ */
- goto end;
- }
-
- /* points are equal */
- ret = 0;
-
- end:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
- {
- BN_CTX *new_ctx = NULL;
- BIGNUM *x, *y;
- int ret = 0;
-
- if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
- return 1;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- BN_CTX_start(ctx);
- x = BN_CTX_get(ctx);
- y = BN_CTX_get(ctx);
- if (y == NULL) goto err;
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
- if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
- if (!point->Z_is_one)
- {
- ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- return ret;
- }
-
-
-int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
- {
- BN_CTX *new_ctx = NULL;
- BIGNUM *tmp, *tmp_Z;
- BIGNUM **prod_Z = NULL;
- size_t i;
- int ret = 0;
-
- if (num == 0)
- return 1;
-
- if (ctx == NULL)
- {
- ctx = new_ctx = BN_CTX_new();
- if (ctx == NULL)
- return 0;
- }
-
- BN_CTX_start(ctx);
- tmp = BN_CTX_get(ctx);
- tmp_Z = BN_CTX_get(ctx);
- if (tmp == NULL || tmp_Z == NULL) goto err;
-
- prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
- if (prod_Z == NULL) goto err;
- for (i = 0; i < num; i++)
- {
- prod_Z[i] = BN_new();
- if (prod_Z[i] == NULL) goto err;
- }
-
- /* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
- * skipping any zero-valued inputs (pretend that they're 1). */
-
- if (!BN_is_zero(&points[0]->Z))
- {
- if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err;
- }
- else
- {
- if (group->meth->field_set_to_one != 0)
- {
- if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err;
- }
- else
- {
- if (!BN_one(prod_Z[0])) goto err;
- }
- }
-
- for (i = 1; i < num; i++)
- {
- if (!BN_is_zero(&points[i]->Z))
- {
- if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err;
- }
- else
- {
- if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err;
- }
- }
-
- /* Now use a single explicit inversion to replace every
- * non-zero points[i]->Z by its inverse. */
-
- if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx))
- {
- ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
- goto err;
- }
- if (group->meth->field_encode != 0)
- {
- /* In the Montgomery case, we just turned R*H (representing H)
- * into 1/(R*H), but we need R*(1/H) (representing 1/H);
- * i.e. we need to multiply by the Montgomery factor twice. */
- if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
- if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
- }
-
- for (i = num - 1; i > 0; --i)
- {
- /* Loop invariant: tmp is the product of the inverses of
- * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */
- if (!BN_is_zero(&points[i]->Z))
- {
- /* Set tmp_Z to the inverse of points[i]->Z (as product
- * of Z inverses 0 .. i, Z values 0 .. i - 1). */
- if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err;
- /* Update tmp to satisfy the loop invariant for i - 1. */
- if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err;
- /* Replace points[i]->Z by its inverse. */
- if (!BN_copy(&points[i]->Z, tmp_Z)) goto err;
- }
- }
-
- if (!BN_is_zero(&points[0]->Z))
- {
- /* Replace points[0]->Z by its inverse. */
- if (!BN_copy(&points[0]->Z, tmp)) goto err;
- }
-
- /* Finally, fix up the X and Y coordinates for all points. */
-
- for (i = 0; i < num; i++)
- {
- EC_POINT *p = points[i];
-
- if (!BN_is_zero(&p->Z))
- {
- /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */
-
- if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err;
- if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err;
-
- if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err;
- if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err;
-
- if (group->meth->field_set_to_one != 0)
- {
- if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
- }
- else
- {
- if (!BN_one(&p->Z)) goto err;
- }
- p->Z_is_one = 1;
- }
- }
-
- ret = 1;
-
- err:
- BN_CTX_end(ctx);
- if (new_ctx != NULL)
- BN_CTX_free(new_ctx);
- if (prod_Z != NULL)
- {
- for (i = 0; i < num; i++)
- {
- if (prod_Z[i] == NULL) break;
- BN_clear_free(prod_Z[i]);
- }
- OPENSSL_free(prod_Z);
- }
- return ret;
- }
-
-
-int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
- {
- return BN_mod_mul(r, a, b, &group->field, ctx);
- }
-
-
-int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
- {
- return BN_mod_sqr(r, a, &group->field, ctx);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_smpl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ecp_smpl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_smpl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ecp_smpl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1769 @@
+/* crypto/ec/ecp_smpl.c */
+/*
+ * Includes code written by Lenka Fibikova <fibikova at exp-math.uni-essen.de>
+ * for the OpenSSL project. Includes code written by Bodo Moeller for the
+ * OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <openssl/err.h>
+#include <openssl/symhacks.h>
+
+#include "ec_lcl.h"
+
+const EC_METHOD *EC_GFp_simple_method(void)
+{
+ static const EC_METHOD ret = {
+ NID_X9_62_prime_field,
+ ec_GFp_simple_group_init,
+ ec_GFp_simple_group_finish,
+ ec_GFp_simple_group_clear_finish,
+ ec_GFp_simple_group_copy,
+ ec_GFp_simple_group_set_curve,
+ ec_GFp_simple_group_get_curve,
+ ec_GFp_simple_group_get_degree,
+ ec_GFp_simple_group_check_discriminant,
+ ec_GFp_simple_point_init,
+ ec_GFp_simple_point_finish,
+ ec_GFp_simple_point_clear_finish,
+ ec_GFp_simple_point_copy,
+ ec_GFp_simple_point_set_to_infinity,
+ ec_GFp_simple_set_Jprojective_coordinates_GFp,
+ ec_GFp_simple_get_Jprojective_coordinates_GFp,
+ ec_GFp_simple_point_set_affine_coordinates,
+ ec_GFp_simple_point_get_affine_coordinates,
+ ec_GFp_simple_set_compressed_coordinates,
+ ec_GFp_simple_point2oct,
+ ec_GFp_simple_oct2point,
+ ec_GFp_simple_add,
+ ec_GFp_simple_dbl,
+ ec_GFp_simple_invert,
+ ec_GFp_simple_is_at_infinity,
+ ec_GFp_simple_is_on_curve,
+ ec_GFp_simple_cmp,
+ ec_GFp_simple_make_affine,
+ ec_GFp_simple_points_make_affine,
+ 0 /* mul */ ,
+ 0 /* precompute_mult */ ,
+ 0 /* have_precompute_mult */ ,
+ ec_GFp_simple_field_mul,
+ ec_GFp_simple_field_sqr,
+ 0 /* field_div */ ,
+ 0 /* field_encode */ ,
+ 0 /* field_decode */ ,
+ 0 /* field_set_to_one */
+ };
+
+ return &ret;
+}
+
+/*
+ * Most method functions in this file are designed to work with
+ * non-trivial representations of field elements if necessary
+ * (see ecp_mont.c): while standard modular addition and subtraction
+ * are used, the field_mul and field_sqr methods will be used for
+ * multiplication, and field_encode and field_decode (if defined)
+ * will be used for converting between representations.
+ *
+ * Functions ec_GFp_simple_points_make_affine() and
+ * ec_GFp_simple_point_get_affine_coordinates() specifically assume
+ * that if a non-trivial representation is used, it is a Montgomery
+ * representation (i.e. 'encoding' means multiplying by some factor R).
+ */
+
+int ec_GFp_simple_group_init(EC_GROUP *group)
+{
+ BN_init(&group->field);
+ BN_init(&group->a);
+ BN_init(&group->b);
+ group->a_is_minus3 = 0;
+ return 1;
+}
+
+void ec_GFp_simple_group_finish(EC_GROUP *group)
+{
+ BN_free(&group->field);
+ BN_free(&group->a);
+ BN_free(&group->b);
+}
+
+void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
+{
+ BN_clear_free(&group->field);
+ BN_clear_free(&group->a);
+ BN_clear_free(&group->b);
+}
+
+int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+ if (!BN_copy(&dest->field, &src->field))
+ return 0;
+ if (!BN_copy(&dest->a, &src->a))
+ return 0;
+ if (!BN_copy(&dest->b, &src->b))
+ return 0;
+
+ dest->a_is_minus3 = src->a_is_minus3;
+
+ return 1;
+}
+
+int ec_GFp_simple_group_set_curve(EC_GROUP *group,
+ const BIGNUM *p, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *ctx)
+{
+ int ret = 0;
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *tmp_a;
+
+ /* p must be a prime > 3 */
+ if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) {
+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
+ return 0;
+ }
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+ tmp_a = BN_CTX_get(ctx);
+ if (tmp_a == NULL)
+ goto err;
+
+ /* group->field */
+ if (!BN_copy(&group->field, p))
+ goto err;
+ BN_set_negative(&group->field, 0);
+
+ /* group->a */
+ if (!BN_nnmod(tmp_a, a, p, ctx))
+ goto err;
+ if (group->meth->field_encode) {
+ if (!group->meth->field_encode(group, &group->a, tmp_a, ctx))
+ goto err;
+ } else if (!BN_copy(&group->a, tmp_a))
+ goto err;
+
+ /* group->b */
+ if (!BN_nnmod(&group->b, b, p, ctx))
+ goto err;
+ if (group->meth->field_encode)
+ if (!group->meth->field_encode(group, &group->b, &group->b, ctx))
+ goto err;
+
+ /* group->a_is_minus3 */
+ if (!BN_add_word(tmp_a, 3))
+ goto err;
+ group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+ BIGNUM *b, BN_CTX *ctx)
+{
+ int ret = 0;
+ BN_CTX *new_ctx = NULL;
+
+ if (p != NULL) {
+ if (!BN_copy(p, &group->field))
+ return 0;
+ }
+
+ if (a != NULL || b != NULL) {
+ if (group->meth->field_decode) {
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+ if (a != NULL) {
+ if (!group->meth->field_decode(group, a, &group->a, ctx))
+ goto err;
+ }
+ if (b != NULL) {
+ if (!group->meth->field_decode(group, b, &group->b, ctx))
+ goto err;
+ }
+ } else {
+ if (a != NULL) {
+ if (!BN_copy(a, &group->a))
+ goto err;
+ }
+ if (b != NULL) {
+ if (!BN_copy(b, &group->b))
+ goto err;
+ }
+ }
+ }
+
+ ret = 1;
+
+ err:
+ if (new_ctx)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_simple_group_get_degree(const EC_GROUP *group)
+{
+ return BN_num_bits(&group->field);
+}
+
+int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+{
+ int ret = 0;
+ BIGNUM *a, *b, *order, *tmp_1, *tmp_2;
+ const BIGNUM *p = &group->field;
+ BN_CTX *new_ctx = NULL;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL) {
+ ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ BN_CTX_start(ctx);
+ a = BN_CTX_get(ctx);
+ b = BN_CTX_get(ctx);
+ tmp_1 = BN_CTX_get(ctx);
+ tmp_2 = BN_CTX_get(ctx);
+ order = BN_CTX_get(ctx);
+ if (order == NULL)
+ goto err;
+
+ if (group->meth->field_decode) {
+ if (!group->meth->field_decode(group, a, &group->a, ctx))
+ goto err;
+ if (!group->meth->field_decode(group, b, &group->b, ctx))
+ goto err;
+ } else {
+ if (!BN_copy(a, &group->a))
+ goto err;
+ if (!BN_copy(b, &group->b))
+ goto err;
+ }
+
+ /*-
+ * check the discriminant:
+ * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p)
+ * 0 =< a, b < p
+ */
+ if (BN_is_zero(a)) {
+ if (BN_is_zero(b))
+ goto err;
+ } else if (!BN_is_zero(b)) {
+ if (!BN_mod_sqr(tmp_1, a, p, ctx))
+ goto err;
+ if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx))
+ goto err;
+ if (!BN_lshift(tmp_1, tmp_2, 2))
+ goto err;
+ /* tmp_1 = 4*a^3 */
+
+ if (!BN_mod_sqr(tmp_2, b, p, ctx))
+ goto err;
+ if (!BN_mul_word(tmp_2, 27))
+ goto err;
+ /* tmp_2 = 27*b^2 */
+
+ if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx))
+ goto err;
+ if (BN_is_zero(a))
+ goto err;
+ }
+ ret = 1;
+
+ err:
+ if (ctx != NULL)
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_simple_point_init(EC_POINT *point)
+{
+ BN_init(&point->X);
+ BN_init(&point->Y);
+ BN_init(&point->Z);
+ point->Z_is_one = 0;
+
+ return 1;
+}
+
+void ec_GFp_simple_point_finish(EC_POINT *point)
+{
+ BN_free(&point->X);
+ BN_free(&point->Y);
+ BN_free(&point->Z);
+}
+
+void ec_GFp_simple_point_clear_finish(EC_POINT *point)
+{
+ BN_clear_free(&point->X);
+ BN_clear_free(&point->Y);
+ BN_clear_free(&point->Z);
+ point->Z_is_one = 0;
+}
+
+int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
+{
+ if (!BN_copy(&dest->X, &src->X))
+ return 0;
+ if (!BN_copy(&dest->Y, &src->Y))
+ return 0;
+ if (!BN_copy(&dest->Z, &src->Z))
+ return 0;
+ dest->Z_is_one = src->Z_is_one;
+
+ return 1;
+}
+
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group,
+ EC_POINT *point)
+{
+ point->Z_is_one = 0;
+ BN_zero(&point->Z);
+ return 1;
+}
+
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+ EC_POINT *point,
+ const BIGNUM *x,
+ const BIGNUM *y,
+ const BIGNUM *z,
+ BN_CTX *ctx)
+{
+ BN_CTX *new_ctx = NULL;
+ int ret = 0;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ if (x != NULL) {
+ if (!BN_nnmod(&point->X, x, &group->field, ctx))
+ goto err;
+ if (group->meth->field_encode) {
+ if (!group->meth->field_encode(group, &point->X, &point->X, ctx))
+ goto err;
+ }
+ }
+
+ if (y != NULL) {
+ if (!BN_nnmod(&point->Y, y, &group->field, ctx))
+ goto err;
+ if (group->meth->field_encode) {
+ if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx))
+ goto err;
+ }
+ }
+
+ if (z != NULL) {
+ int Z_is_one;
+
+ if (!BN_nnmod(&point->Z, z, &group->field, ctx))
+ goto err;
+ Z_is_one = BN_is_one(&point->Z);
+ if (group->meth->field_encode) {
+ if (Z_is_one && (group->meth->field_set_to_one != 0)) {
+ if (!group->meth->field_set_to_one(group, &point->Z, ctx))
+ goto err;
+ } else {
+ if (!group->
+ meth->field_encode(group, &point->Z, &point->Z, ctx))
+ goto err;
+ }
+ }
+ point->Z_is_one = Z_is_one;
+ }
+
+ ret = 1;
+
+ err:
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+ const EC_POINT *point,
+ BIGNUM *x, BIGNUM *y,
+ BIGNUM *z, BN_CTX *ctx)
+{
+ BN_CTX *new_ctx = NULL;
+ int ret = 0;
+
+ if (group->meth->field_decode != 0) {
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ if (x != NULL) {
+ if (!group->meth->field_decode(group, x, &point->X, ctx))
+ goto err;
+ }
+ if (y != NULL) {
+ if (!group->meth->field_decode(group, y, &point->Y, ctx))
+ goto err;
+ }
+ if (z != NULL) {
+ if (!group->meth->field_decode(group, z, &point->Z, ctx))
+ goto err;
+ }
+ } else {
+ if (x != NULL) {
+ if (!BN_copy(x, &point->X))
+ goto err;
+ }
+ if (y != NULL) {
+ if (!BN_copy(y, &point->Y))
+ goto err;
+ }
+ if (z != NULL) {
+ if (!BN_copy(z, &point->Z))
+ goto err;
+ }
+ }
+
+ ret = 1;
+
+ err:
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group,
+ EC_POINT *point,
+ const BIGNUM *x,
+ const BIGNUM *y, BN_CTX *ctx)
+{
+ if (x == NULL || y == NULL) {
+ /*
+ * unlike for projective coordinates, we do not tolerate this
+ */
+ ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y,
+ BN_value_one(), ctx);
+}
+
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
+ const EC_POINT *point,
+ BIGNUM *x, BIGNUM *y,
+ BN_CTX *ctx)
+{
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *Z, *Z_1, *Z_2, *Z_3;
+ const BIGNUM *Z_;
+ int ret = 0;
+
+ if (EC_POINT_is_at_infinity(group, point)) {
+ ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+ EC_R_POINT_AT_INFINITY);
+ return 0;
+ }
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+ Z = BN_CTX_get(ctx);
+ Z_1 = BN_CTX_get(ctx);
+ Z_2 = BN_CTX_get(ctx);
+ Z_3 = BN_CTX_get(ctx);
+ if (Z_3 == NULL)
+ goto err;
+
+ /* transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3) */
+
+ if (group->meth->field_decode) {
+ if (!group->meth->field_decode(group, Z, &point->Z, ctx))
+ goto err;
+ Z_ = Z;
+ } else {
+ Z_ = &point->Z;
+ }
+
+ if (BN_is_one(Z_)) {
+ if (group->meth->field_decode) {
+ if (x != NULL) {
+ if (!group->meth->field_decode(group, x, &point->X, ctx))
+ goto err;
+ }
+ if (y != NULL) {
+ if (!group->meth->field_decode(group, y, &point->Y, ctx))
+ goto err;
+ }
+ } else {
+ if (x != NULL) {
+ if (!BN_copy(x, &point->X))
+ goto err;
+ }
+ if (y != NULL) {
+ if (!BN_copy(y, &point->Y))
+ goto err;
+ }
+ }
+ } else {
+ if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) {
+ ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+ ERR_R_BN_LIB);
+ goto err;
+ }
+
+ if (group->meth->field_encode == 0) {
+ /* field_sqr works on standard representation */
+ if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))
+ goto err;
+ } else {
+ if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx))
+ goto err;
+ }
+
+ if (x != NULL) {
+ /*
+ * in the Montgomery case, field_mul will cancel out Montgomery
+ * factor in X:
+ */
+ if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx))
+ goto err;
+ }
+
+ if (y != NULL) {
+ if (group->meth->field_encode == 0) {
+ /*
+ * field_mul works on standard representation
+ */
+ if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx))
+ goto err;
+ } else {
+ if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx))
+ goto err;
+ }
+
+ /*
+ * in the Montgomery case, field_mul will cancel out Montgomery
+ * factor in Y:
+ */
+ if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx))
+ goto err;
+ }
+ }
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
+ EC_POINT *point,
+ const BIGNUM *x_, int y_bit,
+ BN_CTX *ctx)
+{
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *tmp1, *tmp2, *x, *y;
+ int ret = 0;
+
+ /* clear error queue */
+ ERR_clear_error();
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ y_bit = (y_bit != 0);
+
+ BN_CTX_start(ctx);
+ tmp1 = BN_CTX_get(ctx);
+ tmp2 = BN_CTX_get(ctx);
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ if (y == NULL)
+ goto err;
+
+ /*-
+ * Recover y. We have a Weierstrass equation
+ * y^2 = x^3 + a*x + b,
+ * so y is one of the square roots of x^3 + a*x + b.
+ */
+
+ /* tmp1 := x^3 */
+ if (!BN_nnmod(x, x_, &group->field, ctx))
+ goto err;
+ if (group->meth->field_decode == 0) {
+ /* field_{sqr,mul} work on standard representation */
+ if (!group->meth->field_sqr(group, tmp2, x_, ctx))
+ goto err;
+ if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx))
+ goto err;
+ } else {
+ if (!BN_mod_sqr(tmp2, x_, &group->field, ctx))
+ goto err;
+ if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx))
+ goto err;
+ }
+
+ /* tmp1 := tmp1 + a*x */
+ if (group->a_is_minus3) {
+ if (!BN_mod_lshift1_quick(tmp2, x, &group->field))
+ goto err;
+ if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field))
+ goto err;
+ if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field))
+ goto err;
+ } else {
+ if (group->meth->field_decode) {
+ if (!group->meth->field_decode(group, tmp2, &group->a, ctx))
+ goto err;
+ if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx))
+ goto err;
+ } else {
+ /* field_mul works on standard representation */
+ if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx))
+ goto err;
+ }
+
+ if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field))
+ goto err;
+ }
+
+ /* tmp1 := tmp1 + b */
+ if (group->meth->field_decode) {
+ if (!group->meth->field_decode(group, tmp2, &group->b, ctx))
+ goto err;
+ if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field))
+ goto err;
+ } else {
+ if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field))
+ goto err;
+ }
+
+ if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) {
+ unsigned long err = ERR_peek_last_error();
+
+ if (ERR_GET_LIB(err) == ERR_LIB_BN
+ && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
+ ERR_clear_error();
+ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+ EC_R_INVALID_COMPRESSED_POINT);
+ } else
+ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+ ERR_R_BN_LIB);
+ goto err;
+ }
+
+ if (y_bit != BN_is_odd(y)) {
+ if (BN_is_zero(y)) {
+ int kron;
+
+ kron = BN_kronecker(x, &group->field, ctx);
+ if (kron == -2)
+ goto err;
+
+ if (kron == 1)
+ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+ EC_R_INVALID_COMPRESSION_BIT);
+ else
+ /*
+ * BN_mod_sqrt() should have cought this error (not a square)
+ */
+ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+ EC_R_INVALID_COMPRESSED_POINT);
+ goto err;
+ }
+ if (!BN_usub(y, &group->field, y))
+ goto err;
+ }
+ if (y_bit != BN_is_odd(y)) {
+ ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+ goto err;
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
+ point_conversion_form_t form,
+ unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+ size_t ret;
+ BN_CTX *new_ctx = NULL;
+ int used_ctx = 0;
+ BIGNUM *x, *y;
+ size_t field_len, i, skip;
+
+ if ((form != POINT_CONVERSION_COMPRESSED)
+ && (form != POINT_CONVERSION_UNCOMPRESSED)
+ && (form != POINT_CONVERSION_HYBRID)) {
+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+ goto err;
+ }
+
+ if (EC_POINT_is_at_infinity(group, point)) {
+ /* encodes to a single 0 octet */
+ if (buf != NULL) {
+ if (len < 1) {
+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+ buf[0] = 0;
+ }
+ return 1;
+ }
+
+ /* ret := required output buffer length */
+ field_len = BN_num_bytes(&group->field);
+ ret =
+ (form ==
+ POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+ /* if 'buf' is NULL, just return required length */
+ if (buf != NULL) {
+ if (len < ret) {
+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+ goto err;
+ }
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+ used_ctx = 1;
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ if (y == NULL)
+ goto err;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
+ goto err;
+
+ if ((form == POINT_CONVERSION_COMPRESSED
+ || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
+ buf[0] = form + 1;
+ else
+ buf[0] = form;
+
+ i = 1;
+
+ skip = field_len - BN_num_bytes(x);
+ if (skip > field_len) {
+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ while (skip > 0) {
+ buf[i++] = 0;
+ skip--;
+ }
+ skip = BN_bn2bin(x, buf + i);
+ i += skip;
+ if (i != 1 + field_len) {
+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (form == POINT_CONVERSION_UNCOMPRESSED
+ || form == POINT_CONVERSION_HYBRID) {
+ skip = field_len - BN_num_bytes(y);
+ if (skip > field_len) {
+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ while (skip > 0) {
+ buf[i++] = 0;
+ skip--;
+ }
+ skip = BN_bn2bin(y, buf + i);
+ i += skip;
+ }
+
+ if (i != ret) {
+ ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (used_ctx)
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+
+ err:
+ if (used_ctx)
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return 0;
+}
+
+int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+ const unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+ point_conversion_form_t form;
+ int y_bit;
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *x, *y;
+ size_t field_len, enc_len;
+ int ret = 0;
+
+ if (len == 0) {
+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+ return 0;
+ }
+ form = buf[0];
+ y_bit = form & 1;
+ form = form & ~1U;
+ if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
+ && (form != POINT_CONVERSION_UNCOMPRESSED)
+ && (form != POINT_CONVERSION_HYBRID)) {
+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ return 0;
+ }
+ if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ return 0;
+ }
+
+ if (form == 0) {
+ if (len != 1) {
+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ return 0;
+ }
+
+ return EC_POINT_set_to_infinity(group, point);
+ }
+
+ field_len = BN_num_bytes(&group->field);
+ enc_len =
+ (form ==
+ POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+ if (len != enc_len) {
+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ return 0;
+ }
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ if (y == NULL)
+ goto err;
+
+ if (!BN_bin2bn(buf + 1, field_len, x))
+ goto err;
+ if (BN_ucmp(x, &group->field) >= 0) {
+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ goto err;
+ }
+
+ if (form == POINT_CONVERSION_COMPRESSED) {
+ if (!EC_POINT_set_compressed_coordinates_GFp
+ (group, point, x, y_bit, ctx))
+ goto err;
+ } else {
+ if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
+ goto err;
+ if (BN_ucmp(y, &group->field) >= 0) {
+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ goto err;
+ }
+ if (form == POINT_CONVERSION_HYBRID) {
+ if (y_bit != BN_is_odd(y)) {
+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+ goto err;
+ }
+ }
+
+ if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+ goto err;
+ }
+
+ /* test required by X9.62 */
+ if (!EC_POINT_is_on_curve(group, point, ctx)) {
+ ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+ goto err;
+ }
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+ const EC_POINT *b, BN_CTX *ctx)
+{
+ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *);
+ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+ const BIGNUM *p;
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
+ int ret = 0;
+
+ if (a == b)
+ return EC_POINT_dbl(group, r, a, ctx);
+ if (EC_POINT_is_at_infinity(group, a))
+ return EC_POINT_copy(r, b);
+ if (EC_POINT_is_at_infinity(group, b))
+ return EC_POINT_copy(r, a);
+
+ field_mul = group->meth->field_mul;
+ field_sqr = group->meth->field_sqr;
+ p = &group->field;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+ n0 = BN_CTX_get(ctx);
+ n1 = BN_CTX_get(ctx);
+ n2 = BN_CTX_get(ctx);
+ n3 = BN_CTX_get(ctx);
+ n4 = BN_CTX_get(ctx);
+ n5 = BN_CTX_get(ctx);
+ n6 = BN_CTX_get(ctx);
+ if (n6 == NULL)
+ goto end;
+
+ /*
+ * Note that in this function we must not read components of 'a' or 'b'
+ * once we have written the corresponding components of 'r'. ('r' might
+ * be one of 'a' or 'b'.)
+ */
+
+ /* n1, n2 */
+ if (b->Z_is_one) {
+ if (!BN_copy(n1, &a->X))
+ goto end;
+ if (!BN_copy(n2, &a->Y))
+ goto end;
+ /* n1 = X_a */
+ /* n2 = Y_a */
+ } else {
+ if (!field_sqr(group, n0, &b->Z, ctx))
+ goto end;
+ if (!field_mul(group, n1, &a->X, n0, ctx))
+ goto end;
+ /* n1 = X_a * Z_b^2 */
+
+ if (!field_mul(group, n0, n0, &b->Z, ctx))
+ goto end;
+ if (!field_mul(group, n2, &a->Y, n0, ctx))
+ goto end;
+ /* n2 = Y_a * Z_b^3 */
+ }
+
+ /* n3, n4 */
+ if (a->Z_is_one) {
+ if (!BN_copy(n3, &b->X))
+ goto end;
+ if (!BN_copy(n4, &b->Y))
+ goto end;
+ /* n3 = X_b */
+ /* n4 = Y_b */
+ } else {
+ if (!field_sqr(group, n0, &a->Z, ctx))
+ goto end;
+ if (!field_mul(group, n3, &b->X, n0, ctx))
+ goto end;
+ /* n3 = X_b * Z_a^2 */
+
+ if (!field_mul(group, n0, n0, &a->Z, ctx))
+ goto end;
+ if (!field_mul(group, n4, &b->Y, n0, ctx))
+ goto end;
+ /* n4 = Y_b * Z_a^3 */
+ }
+
+ /* n5, n6 */
+ if (!BN_mod_sub_quick(n5, n1, n3, p))
+ goto end;
+ if (!BN_mod_sub_quick(n6, n2, n4, p))
+ goto end;
+ /* n5 = n1 - n3 */
+ /* n6 = n2 - n4 */
+
+ if (BN_is_zero(n5)) {
+ if (BN_is_zero(n6)) {
+ /* a is the same point as b */
+ BN_CTX_end(ctx);
+ ret = EC_POINT_dbl(group, r, a, ctx);
+ ctx = NULL;
+ goto end;
+ } else {
+ /* a is the inverse of b */
+ BN_zero(&r->Z);
+ r->Z_is_one = 0;
+ ret = 1;
+ goto end;
+ }
+ }
+
+ /* 'n7', 'n8' */
+ if (!BN_mod_add_quick(n1, n1, n3, p))
+ goto end;
+ if (!BN_mod_add_quick(n2, n2, n4, p))
+ goto end;
+ /* 'n7' = n1 + n3 */
+ /* 'n8' = n2 + n4 */
+
+ /* Z_r */
+ if (a->Z_is_one && b->Z_is_one) {
+ if (!BN_copy(&r->Z, n5))
+ goto end;
+ } else {
+ if (a->Z_is_one) {
+ if (!BN_copy(n0, &b->Z))
+ goto end;
+ } else if (b->Z_is_one) {
+ if (!BN_copy(n0, &a->Z))
+ goto end;
+ } else {
+ if (!field_mul(group, n0, &a->Z, &b->Z, ctx))
+ goto end;
+ }
+ if (!field_mul(group, &r->Z, n0, n5, ctx))
+ goto end;
+ }
+ r->Z_is_one = 0;
+ /* Z_r = Z_a * Z_b * n5 */
+
+ /* X_r */
+ if (!field_sqr(group, n0, n6, ctx))
+ goto end;
+ if (!field_sqr(group, n4, n5, ctx))
+ goto end;
+ if (!field_mul(group, n3, n1, n4, ctx))
+ goto end;
+ if (!BN_mod_sub_quick(&r->X, n0, n3, p))
+ goto end;
+ /* X_r = n6^2 - n5^2 * 'n7' */
+
+ /* 'n9' */
+ if (!BN_mod_lshift1_quick(n0, &r->X, p))
+ goto end;
+ if (!BN_mod_sub_quick(n0, n3, n0, p))
+ goto end;
+ /* n9 = n5^2 * 'n7' - 2 * X_r */
+
+ /* Y_r */
+ if (!field_mul(group, n0, n0, n6, ctx))
+ goto end;
+ if (!field_mul(group, n5, n4, n5, ctx))
+ goto end; /* now n5 is n5^3 */
+ if (!field_mul(group, n1, n2, n5, ctx))
+ goto end;
+ if (!BN_mod_sub_quick(n0, n0, n1, p))
+ goto end;
+ if (BN_is_odd(n0))
+ if (!BN_add(n0, n0, p))
+ goto end;
+ /* now 0 <= n0 < 2*p, and n0 is even */
+ if (!BN_rshift1(&r->Y, n0))
+ goto end;
+ /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
+
+ ret = 1;
+
+ end:
+ if (ctx) /* otherwise we already called BN_CTX_end */
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+ BN_CTX *ctx)
+{
+ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *);
+ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+ const BIGNUM *p;
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *n0, *n1, *n2, *n3;
+ int ret = 0;
+
+ if (EC_POINT_is_at_infinity(group, a)) {
+ BN_zero(&r->Z);
+ r->Z_is_one = 0;
+ return 1;
+ }
+
+ field_mul = group->meth->field_mul;
+ field_sqr = group->meth->field_sqr;
+ p = &group->field;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+ n0 = BN_CTX_get(ctx);
+ n1 = BN_CTX_get(ctx);
+ n2 = BN_CTX_get(ctx);
+ n3 = BN_CTX_get(ctx);
+ if (n3 == NULL)
+ goto err;
+
+ /*
+ * Note that in this function we must not read components of 'a' once we
+ * have written the corresponding components of 'r'. ('r' might the same
+ * as 'a'.)
+ */
+
+ /* n1 */
+ if (a->Z_is_one) {
+ if (!field_sqr(group, n0, &a->X, ctx))
+ goto err;
+ if (!BN_mod_lshift1_quick(n1, n0, p))
+ goto err;
+ if (!BN_mod_add_quick(n0, n0, n1, p))
+ goto err;
+ if (!BN_mod_add_quick(n1, n0, &group->a, p))
+ goto err;
+ /* n1 = 3 * X_a^2 + a_curve */
+ } else if (group->a_is_minus3) {
+ if (!field_sqr(group, n1, &a->Z, ctx))
+ goto err;
+ if (!BN_mod_add_quick(n0, &a->X, n1, p))
+ goto err;
+ if (!BN_mod_sub_quick(n2, &a->X, n1, p))
+ goto err;
+ if (!field_mul(group, n1, n0, n2, ctx))
+ goto err;
+ if (!BN_mod_lshift1_quick(n0, n1, p))
+ goto err;
+ if (!BN_mod_add_quick(n1, n0, n1, p))
+ goto err;
+ /*-
+ * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+ * = 3 * X_a^2 - 3 * Z_a^4
+ */
+ } else {
+ if (!field_sqr(group, n0, &a->X, ctx))
+ goto err;
+ if (!BN_mod_lshift1_quick(n1, n0, p))
+ goto err;
+ if (!BN_mod_add_quick(n0, n0, n1, p))
+ goto err;
+ if (!field_sqr(group, n1, &a->Z, ctx))
+ goto err;
+ if (!field_sqr(group, n1, n1, ctx))
+ goto err;
+ if (!field_mul(group, n1, n1, &group->a, ctx))
+ goto err;
+ if (!BN_mod_add_quick(n1, n1, n0, p))
+ goto err;
+ /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
+ }
+
+ /* Z_r */
+ if (a->Z_is_one) {
+ if (!BN_copy(n0, &a->Y))
+ goto err;
+ } else {
+ if (!field_mul(group, n0, &a->Y, &a->Z, ctx))
+ goto err;
+ }
+ if (!BN_mod_lshift1_quick(&r->Z, n0, p))
+ goto err;
+ r->Z_is_one = 0;
+ /* Z_r = 2 * Y_a * Z_a */
+
+ /* n2 */
+ if (!field_sqr(group, n3, &a->Y, ctx))
+ goto err;
+ if (!field_mul(group, n2, &a->X, n3, ctx))
+ goto err;
+ if (!BN_mod_lshift_quick(n2, n2, 2, p))
+ goto err;
+ /* n2 = 4 * X_a * Y_a^2 */
+
+ /* X_r */
+ if (!BN_mod_lshift1_quick(n0, n2, p))
+ goto err;
+ if (!field_sqr(group, &r->X, n1, ctx))
+ goto err;
+ if (!BN_mod_sub_quick(&r->X, &r->X, n0, p))
+ goto err;
+ /* X_r = n1^2 - 2 * n2 */
+
+ /* n3 */
+ if (!field_sqr(group, n0, n3, ctx))
+ goto err;
+ if (!BN_mod_lshift_quick(n3, n0, 3, p))
+ goto err;
+ /* n3 = 8 * Y_a^4 */
+
+ /* Y_r */
+ if (!BN_mod_sub_quick(n0, n2, &r->X, p))
+ goto err;
+ if (!field_mul(group, n0, n1, n0, ctx))
+ goto err;
+ if (!BN_mod_sub_quick(&r->Y, n0, n3, p))
+ goto err;
+ /* Y_r = n1 * (n2 - X_r) - n3 */
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+{
+ if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
+ /* point is its own inverse */
+ return 1;
+
+ return BN_usub(&point->Y, &group->field, &point->Y);
+}
+
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+{
+ return BN_is_zero(&point->Z);
+}
+
+int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+ BN_CTX *ctx)
+{
+ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *);
+ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+ const BIGNUM *p;
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *rh, *tmp, *Z4, *Z6;
+ int ret = -1;
+
+ if (EC_POINT_is_at_infinity(group, point))
+ return 1;
+
+ field_mul = group->meth->field_mul;
+ field_sqr = group->meth->field_sqr;
+ p = &group->field;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return -1;
+ }
+
+ BN_CTX_start(ctx);
+ rh = BN_CTX_get(ctx);
+ tmp = BN_CTX_get(ctx);
+ Z4 = BN_CTX_get(ctx);
+ Z6 = BN_CTX_get(ctx);
+ if (Z6 == NULL)
+ goto err;
+
+ /*-
+ * We have a curve defined by a Weierstrass equation
+ * y^2 = x^3 + a*x + b.
+ * The point to consider is given in Jacobian projective coordinates
+ * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3).
+ * Substituting this and multiplying by Z^6 transforms the above equation into
+ * Y^2 = X^3 + a*X*Z^4 + b*Z^6.
+ * To test this, we add up the right-hand side in 'rh'.
+ */
+
+ /* rh := X^2 */
+ if (!field_sqr(group, rh, &point->X, ctx))
+ goto err;
+
+ if (!point->Z_is_one) {
+ if (!field_sqr(group, tmp, &point->Z, ctx))
+ goto err;
+ if (!field_sqr(group, Z4, tmp, ctx))
+ goto err;
+ if (!field_mul(group, Z6, Z4, tmp, ctx))
+ goto err;
+
+ /* rh := (rh + a*Z^4)*X */
+ if (group->a_is_minus3) {
+ if (!BN_mod_lshift1_quick(tmp, Z4, p))
+ goto err;
+ if (!BN_mod_add_quick(tmp, tmp, Z4, p))
+ goto err;
+ if (!BN_mod_sub_quick(rh, rh, tmp, p))
+ goto err;
+ if (!field_mul(group, rh, rh, &point->X, ctx))
+ goto err;
+ } else {
+ if (!field_mul(group, tmp, Z4, &group->a, ctx))
+ goto err;
+ if (!BN_mod_add_quick(rh, rh, tmp, p))
+ goto err;
+ if (!field_mul(group, rh, rh, &point->X, ctx))
+ goto err;
+ }
+
+ /* rh := rh + b*Z^6 */
+ if (!field_mul(group, tmp, &group->b, Z6, ctx))
+ goto err;
+ if (!BN_mod_add_quick(rh, rh, tmp, p))
+ goto err;
+ } else {
+ /* point->Z_is_one */
+
+ /* rh := (rh + a)*X */
+ if (!BN_mod_add_quick(rh, rh, &group->a, p))
+ goto err;
+ if (!field_mul(group, rh, rh, &point->X, ctx))
+ goto err;
+ /* rh := rh + b */
+ if (!BN_mod_add_quick(rh, rh, &group->b, p))
+ goto err;
+ }
+
+ /* 'lh' := Y^2 */
+ if (!field_sqr(group, tmp, &point->Y, ctx))
+ goto err;
+
+ ret = (0 == BN_ucmp(tmp, rh));
+
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
+ const EC_POINT *b, BN_CTX *ctx)
+{
+ /*-
+ * return values:
+ * -1 error
+ * 0 equal (in affine coordinates)
+ * 1 not equal
+ */
+
+ int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+ const BIGNUM *, BN_CTX *);
+ int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
+ const BIGNUM *tmp1_, *tmp2_;
+ int ret = -1;
+
+ if (EC_POINT_is_at_infinity(group, a)) {
+ return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+ }
+
+ if (EC_POINT_is_at_infinity(group, b))
+ return 1;
+
+ if (a->Z_is_one && b->Z_is_one) {
+ return ((BN_cmp(&a->X, &b->X) == 0)
+ && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
+ }
+
+ field_mul = group->meth->field_mul;
+ field_sqr = group->meth->field_sqr;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return -1;
+ }
+
+ BN_CTX_start(ctx);
+ tmp1 = BN_CTX_get(ctx);
+ tmp2 = BN_CTX_get(ctx);
+ Za23 = BN_CTX_get(ctx);
+ Zb23 = BN_CTX_get(ctx);
+ if (Zb23 == NULL)
+ goto end;
+
+ /*-
+ * We have to decide whether
+ * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
+ * or equivalently, whether
+ * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
+ */
+
+ if (!b->Z_is_one) {
+ if (!field_sqr(group, Zb23, &b->Z, ctx))
+ goto end;
+ if (!field_mul(group, tmp1, &a->X, Zb23, ctx))
+ goto end;
+ tmp1_ = tmp1;
+ } else
+ tmp1_ = &a->X;
+ if (!a->Z_is_one) {
+ if (!field_sqr(group, Za23, &a->Z, ctx))
+ goto end;
+ if (!field_mul(group, tmp2, &b->X, Za23, ctx))
+ goto end;
+ tmp2_ = tmp2;
+ } else
+ tmp2_ = &b->X;
+
+ /* compare X_a*Z_b^2 with X_b*Z_a^2 */
+ if (BN_cmp(tmp1_, tmp2_) != 0) {
+ ret = 1; /* points differ */
+ goto end;
+ }
+
+ if (!b->Z_is_one) {
+ if (!field_mul(group, Zb23, Zb23, &b->Z, ctx))
+ goto end;
+ if (!field_mul(group, tmp1, &a->Y, Zb23, ctx))
+ goto end;
+ /* tmp1_ = tmp1 */
+ } else
+ tmp1_ = &a->Y;
+ if (!a->Z_is_one) {
+ if (!field_mul(group, Za23, Za23, &a->Z, ctx))
+ goto end;
+ if (!field_mul(group, tmp2, &b->Y, Za23, ctx))
+ goto end;
+ /* tmp2_ = tmp2 */
+ } else
+ tmp2_ = &b->Y;
+
+ /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */
+ if (BN_cmp(tmp1_, tmp2_) != 0) {
+ ret = 1; /* points differ */
+ goto end;
+ }
+
+ /* points are equal */
+ ret = 0;
+
+ end:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
+ BN_CTX *ctx)
+{
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *x, *y;
+ int ret = 0;
+
+ if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+ return 1;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+ if (y == NULL)
+ goto err;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
+ goto err;
+ if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+ goto err;
+ if (!point->Z_is_one) {
+ ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ return ret;
+}
+
+int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
+ EC_POINT *points[], BN_CTX *ctx)
+{
+ BN_CTX *new_ctx = NULL;
+ BIGNUM *tmp, *tmp_Z;
+ BIGNUM **prod_Z = NULL;
+ size_t i;
+ int ret = 0;
+
+ if (num == 0)
+ return 1;
+
+ if (ctx == NULL) {
+ ctx = new_ctx = BN_CTX_new();
+ if (ctx == NULL)
+ return 0;
+ }
+
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
+ tmp_Z = BN_CTX_get(ctx);
+ if (tmp == NULL || tmp_Z == NULL)
+ goto err;
+
+ prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
+ if (prod_Z == NULL)
+ goto err;
+ for (i = 0; i < num; i++) {
+ prod_Z[i] = BN_new();
+ if (prod_Z[i] == NULL)
+ goto err;
+ }
+
+ /*
+ * Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
+ * skipping any zero-valued inputs (pretend that they're 1).
+ */
+
+ if (!BN_is_zero(&points[0]->Z)) {
+ if (!BN_copy(prod_Z[0], &points[0]->Z))
+ goto err;
+ } else {
+ if (group->meth->field_set_to_one != 0) {
+ if (!group->meth->field_set_to_one(group, prod_Z[0], ctx))
+ goto err;
+ } else {
+ if (!BN_one(prod_Z[0]))
+ goto err;
+ }
+ }
+
+ for (i = 1; i < num; i++) {
+ if (!BN_is_zero(&points[i]->Z)) {
+ if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1],
+ &points[i]->Z, ctx))
+ goto err;
+ } else {
+ if (!BN_copy(prod_Z[i], prod_Z[i - 1]))
+ goto err;
+ }
+ }
+
+ /*
+ * Now use a single explicit inversion to replace every non-zero
+ * points[i]->Z by its inverse.
+ */
+
+ if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) {
+ ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (group->meth->field_encode != 0) {
+ /*
+ * In the Montgomery case, we just turned R*H (representing H) into
+ * 1/(R*H), but we need R*(1/H) (representing 1/H); i.e. we need to
+ * multiply by the Montgomery factor twice.
+ */
+ if (!group->meth->field_encode(group, tmp, tmp, ctx))
+ goto err;
+ if (!group->meth->field_encode(group, tmp, tmp, ctx))
+ goto err;
+ }
+
+ for (i = num - 1; i > 0; --i) {
+ /*
+ * Loop invariant: tmp is the product of the inverses of points[0]->Z
+ * .. points[i]->Z (zero-valued inputs skipped).
+ */
+ if (!BN_is_zero(&points[i]->Z)) {
+ /*
+ * Set tmp_Z to the inverse of points[i]->Z (as product of Z
+ * inverses 0 .. i, Z values 0 .. i - 1).
+ */
+ if (!group->
+ meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx))
+ goto err;
+ /*
+ * Update tmp to satisfy the loop invariant for i - 1.
+ */
+ if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx))
+ goto err;
+ /* Replace points[i]->Z by its inverse. */
+ if (!BN_copy(&points[i]->Z, tmp_Z))
+ goto err;
+ }
+ }
+
+ if (!BN_is_zero(&points[0]->Z)) {
+ /* Replace points[0]->Z by its inverse. */
+ if (!BN_copy(&points[0]->Z, tmp))
+ goto err;
+ }
+
+ /* Finally, fix up the X and Y coordinates for all points. */
+
+ for (i = 0; i < num; i++) {
+ EC_POINT *p = points[i];
+
+ if (!BN_is_zero(&p->Z)) {
+ /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */
+
+ if (!group->meth->field_sqr(group, tmp, &p->Z, ctx))
+ goto err;
+ if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx))
+ goto err;
+
+ if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx))
+ goto err;
+ if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx))
+ goto err;
+
+ if (group->meth->field_set_to_one != 0) {
+ if (!group->meth->field_set_to_one(group, &p->Z, ctx))
+ goto err;
+ } else {
+ if (!BN_one(&p->Z))
+ goto err;
+ }
+ p->Z_is_one = 1;
+ }
+ }
+
+ ret = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ if (new_ctx != NULL)
+ BN_CTX_free(new_ctx);
+ if (prod_Z != NULL) {
+ for (i = 0; i < num; i++) {
+ if (prod_Z[i] == NULL)
+ break;
+ BN_clear_free(prod_Z[i]);
+ }
+ OPENSSL_free(prod_Z);
+ }
+ return ret;
+}
+
+int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *b, BN_CTX *ctx)
+{
+ return BN_mod_mul(r, a, b, &group->field, ctx);
+}
+
+int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+ BN_CTX *ctx)
+{
+ return BN_mod_sqr(r, a, &group->field, ctx);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ec/ectest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ec/ectest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ectest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1344 +0,0 @@
-/* crypto/ec/ectest.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#ifdef FLAT_INC
-#include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
-#include <string.h>
-#include <time.h>
-
-
-#ifdef OPENSSL_NO_EC
-int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; }
-#else
-
-
-#include <openssl/ec.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-
-#if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
-/* suppress "too big too optimize" warning */
-#pragma warning(disable:4959)
-#endif
-
-#define ABORT do { \
- fflush(stdout); \
- fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
- ERR_print_errors_fp(stderr); \
- EXIT(1); \
-} while (0)
-
-void prime_field_tests(void);
-void char2_field_tests(void);
-void internal_curve_test(void);
-
-#define TIMING_BASE_PT 0
-#define TIMING_RAND_PT 1
-#define TIMING_SIMUL 2
-
-#if 0
-static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
- {
- clock_t clck;
- int i, j;
- BIGNUM *s;
- BIGNUM *r[10], *r0[10];
- EC_POINT *P;
-
- s = BN_new();
- if (s == NULL) ABORT;
-
- fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
- if (!EC_GROUP_get_order(group, s, ctx)) ABORT;
- fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
- fflush(stdout);
-
- P = EC_POINT_new(group);
- if (P == NULL) ABORT;
- EC_POINT_copy(P, EC_GROUP_get0_generator(group));
-
- for (i = 0; i < 10; i++)
- {
- if ((r[i] = BN_new()) == NULL) ABORT;
- if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT;
- if (type != TIMING_BASE_PT)
- {
- if ((r0[i] = BN_new()) == NULL) ABORT;
- if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT;
- }
- }
-
- clck = clock();
- for (i = 0; i < 10; i++)
- {
- for (j = 0; j < 10; j++)
- {
- if (!EC_POINT_mul(group, P, (type != TIMING_RAND_PT) ? r[i] : NULL,
- (type != TIMING_BASE_PT) ? P : NULL, (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx)) ABORT;
- }
- }
- clck = clock() - clck;
-
- fprintf(stdout, "\n");
-
-#ifdef CLOCKS_PER_SEC
- /* "To determine the time in seconds, the value returned
- * by the clock function should be divided by the value
- * of the macro CLOCKS_PER_SEC."
- * -- ISO/IEC 9899 */
-# define UNIT "s"
-#else
- /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
- * -- cc on NeXTstep/OpenStep */
-# define UNIT "units"
-# define CLOCKS_PER_SEC 1
-#endif
-
- if (type == TIMING_BASE_PT) {
- fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
- "base point multiplications", (double)clck/CLOCKS_PER_SEC);
- } else if (type == TIMING_RAND_PT) {
- fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
- "random point multiplications", (double)clck/CLOCKS_PER_SEC);
- } else if (type == TIMING_SIMUL) {
- fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
- "s*P+t*Q operations", (double)clck/CLOCKS_PER_SEC);
- }
- fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j));
-
- EC_POINT_free(P);
- BN_free(s);
- for (i = 0; i < 10; i++)
- {
- BN_free(r[i]);
- if (type != TIMING_BASE_PT) BN_free(r0[i]);
- }
- }
-#endif
-
-void prime_field_tests()
- {
- BN_CTX *ctx = NULL;
- BIGNUM *p, *a, *b;
- EC_GROUP *group;
- EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
- EC_POINT *P, *Q, *R;
- BIGNUM *x, *y, *z;
- unsigned char buf[100];
- size_t i, len;
- int k;
-
-#if 1 /* optional */
- ctx = BN_CTX_new();
- if (!ctx) ABORT;
-#endif
-
- p = BN_new();
- a = BN_new();
- b = BN_new();
- if (!p || !a || !b) ABORT;
-
- if (!BN_hex2bn(&p, "17")) ABORT;
- if (!BN_hex2bn(&a, "1")) ABORT;
- if (!BN_hex2bn(&b, "1")) ABORT;
-
- group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
- * so that the library gets to choose the EC_METHOD */
- if (!group) ABORT;
-
- if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
- {
- EC_GROUP *tmp;
- tmp = EC_GROUP_new(EC_GROUP_method_of(group));
- if (!tmp) ABORT;
- if (!EC_GROUP_copy(tmp, group)) ABORT;
- EC_GROUP_free(group);
- group = tmp;
- }
-
- if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT;
-
- fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x");
- BN_print_fp(stdout, p);
- fprintf(stdout, ")\n a = 0x");
- BN_print_fp(stdout, a);
- fprintf(stdout, "\n b = 0x");
- BN_print_fp(stdout, b);
- fprintf(stdout, "\n");
-
- P = EC_POINT_new(group);
- Q = EC_POINT_new(group);
- R = EC_POINT_new(group);
- if (!P || !Q || !R) ABORT;
-
- if (!EC_POINT_set_to_infinity(group, P)) ABORT;
- if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
- buf[0] = 0;
- if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
-
- if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
- x = BN_new();
- y = BN_new();
- z = BN_new();
- if (!x || !y || !z) ABORT;
-
- if (!BN_hex2bn(&x, "D")) ABORT;
- if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, Q, ctx))
- {
- if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
- fprintf(stderr, "Point is not on curve: x = 0x");
- BN_print_fp(stderr, x);
- fprintf(stderr, ", y = 0x");
- BN_print_fp(stderr, y);
- fprintf(stderr, "\n");
- ABORT;
- }
-
- fprintf(stdout, "A cyclic subgroup:\n");
- k = 100;
- do
- {
- if (k-- == 0) ABORT;
-
- if (EC_POINT_is_at_infinity(group, P))
- fprintf(stdout, " point at infinity\n");
- else
- {
- if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
-
- fprintf(stdout, " x = 0x");
- BN_print_fp(stdout, x);
- fprintf(stdout, ", y = 0x");
- BN_print_fp(stdout, y);
- fprintf(stdout, "\n");
- }
-
- if (!EC_POINT_copy(R, P)) ABORT;
- if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
-
-#if 0 /* optional */
- {
- EC_POINT *points[3];
-
- points[0] = R;
- points[1] = Q;
- points[2] = P;
- if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT;
- }
-#endif
-
- }
- while (!EC_POINT_is_at_infinity(group, P));
-
- if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
- if (len == 0) ABORT;
- if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
- if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
- fprintf(stdout, "Generator as octect string, compressed form:\n ");
- for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
-
- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
- if (len == 0) ABORT;
- if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
- if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
- fprintf(stdout, "\nGenerator as octect string, uncompressed form:\n ");
- for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
-
- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
- if (len == 0) ABORT;
- if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
- if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
- fprintf(stdout, "\nGenerator as octect string, hybrid form:\n ");
- for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
-
- if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT;
- fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x");
- BN_print_fp(stdout, x);
- fprintf(stdout, ", Y = 0x");
- BN_print_fp(stdout, y);
- fprintf(stdout, ", Z = 0x");
- BN_print_fp(stdout, z);
- fprintf(stdout, "\n");
-
- if (!EC_POINT_invert(group, P, ctx)) ABORT;
- if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
-
-
- /* Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2, 2000)
- * -- not a NIST curve, but commonly used */
-
- if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF")) ABORT;
- if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
- if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) ABORT;
- if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45")) ABORT;
- if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
- if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82")) ABORT;
- if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
- if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
- if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257")) ABORT;
- if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
- fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x");
- BN_print_fp(stdout, x);
- fprintf(stdout, "\n y = 0x");
- BN_print_fp(stdout, y);
- fprintf(stdout, "\n");
- /* G_y value taken from the standard: */
- if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32")) ABORT;
- if (0 != BN_cmp(y, z)) ABORT;
-
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 160) ABORT;
- fprintf(stdout, " ok\n");
-
- fprintf(stdout, "verify group order ...");
- fflush(stdout);
- if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
- fprintf(stdout, ".");
- fflush(stdout);
- if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
- fprintf(stdout, " ok\n");
-
- if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
- if (!EC_GROUP_copy(P_160, group)) ABORT;
-
-
- /* Curve P-192 (FIPS PUB 186-2, App. 6) */
-
- if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT;
- if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
- if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT;
- if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT;
- if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
- if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;
- if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
- if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;
- if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
- fprintf(stdout, "\nNIST curve P-192 -- Generator:\n x = 0x");
- BN_print_fp(stdout, x);
- fprintf(stdout, "\n y = 0x");
- BN_print_fp(stdout, y);
- fprintf(stdout, "\n");
- /* G_y value taken from the standard: */
- if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT;
- if (0 != BN_cmp(y, z)) ABORT;
-
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 192) ABORT;
- fprintf(stdout, " ok\n");
-
- fprintf(stdout, "verify group order ...");
- fflush(stdout);
- if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
- fprintf(stdout, ".");
- fflush(stdout);
-#if 0
- if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
- fprintf(stdout, " ok\n");
-
- if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
- if (!EC_GROUP_copy(P_192, group)) ABORT;
-
-
- /* Curve P-224 (FIPS PUB 186-2, App. 6) */
-
- if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT;
- if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
- if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT;
- if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT;
- if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
- if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;
- if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
- if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;
- if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
- fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x");
- BN_print_fp(stdout, x);
- fprintf(stdout, "\n y = 0x");
- BN_print_fp(stdout, y);
- fprintf(stdout, "\n");
- /* G_y value taken from the standard: */
- if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT;
- if (0 != BN_cmp(y, z)) ABORT;
-
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 224) ABORT;
- fprintf(stdout, " ok\n");
-
- fprintf(stdout, "verify group order ...");
- fflush(stdout);
- if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
- fprintf(stdout, ".");
- fflush(stdout);
-#if 0
- if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
- fprintf(stdout, " ok\n");
-
- if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
- if (!EC_GROUP_copy(P_224, group)) ABORT;
-
-
- /* Curve P-256 (FIPS PUB 186-2, App. 6) */
-
- if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
- if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
- if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
- if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;
- if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
- if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
- if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
- if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
- "84F3B9CAC2FC632551")) ABORT;
- if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
- fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x");
- BN_print_fp(stdout, x);
- fprintf(stdout, "\n y = 0x");
- BN_print_fp(stdout, y);
- fprintf(stdout, "\n");
- /* G_y value taken from the standard: */
- if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT;
- if (0 != BN_cmp(y, z)) ABORT;
-
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 256) ABORT;
- fprintf(stdout, " ok\n");
-
- fprintf(stdout, "verify group order ...");
- fflush(stdout);
- if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
- fprintf(stdout, ".");
- fflush(stdout);
-#if 0
- if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
- fprintf(stdout, " ok\n");
-
- if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
- if (!EC_GROUP_copy(P_256, group)) ABORT;
-
-
- /* Curve P-384 (FIPS PUB 186-2, App. 6) */
-
- if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
- if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
- if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
- if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
- "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
- if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
- if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
- "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
- if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
- if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
- if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
- fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x");
- BN_print_fp(stdout, x);
- fprintf(stdout, "\n y = 0x");
- BN_print_fp(stdout, y);
- fprintf(stdout, "\n");
- /* G_y value taken from the standard: */
- if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
- "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
- if (0 != BN_cmp(y, z)) ABORT;
-
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 384) ABORT;
- fprintf(stdout, " ok\n");
-
- fprintf(stdout, "verify group order ...");
- fflush(stdout);
- if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
- fprintf(stdout, ".");
- fflush(stdout);
-#if 0
- if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
- fprintf(stdout, " ok\n");
-
- if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
- if (!EC_GROUP_copy(P_384, group)) ABORT;
-
-
- /* Curve P-521 (FIPS PUB 186-2, App. 6) */
-
- if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
- if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
- if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
- if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
- "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
- "DF883D2C34F1EF451FD46B503F00")) ABORT;
- if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
-
- if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
- "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
- "3C1856A429BF97E7E31C2E5BD66")) ABORT;
- if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
- if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
- "C9B8899C47AEBB6FB71E91386409")) ABORT;
- if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
-
- if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
- fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x");
- BN_print_fp(stdout, x);
- fprintf(stdout, "\n y = 0x");
- BN_print_fp(stdout, y);
- fprintf(stdout, "\n");
- /* G_y value taken from the standard: */
- if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
- "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
- "7086A272C24088BE94769FD16650")) ABORT;
- if (0 != BN_cmp(y, z)) ABORT;
-
- fprintf(stdout, "verify degree ...");
- if (EC_GROUP_get_degree(group) != 521) ABORT;
- fprintf(stdout, " ok\n");
-
- fprintf(stdout, "verify group order ...");
- fflush(stdout);
- if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
- fprintf(stdout, ".");
- fflush(stdout);
-#if 0
- if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-#endif
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
- fprintf(stdout, " ok\n");
-
- if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
- if (!EC_GROUP_copy(P_521, group)) ABORT;
-
-
- /* more tests using the last curve */
-
- if (!EC_POINT_copy(Q, P)) ABORT;
- if (EC_POINT_is_at_infinity(group, Q)) ABORT;
- if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
- if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
-
- if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
- if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
-
- {
- const EC_POINT *points[4];
- const BIGNUM *scalars[4];
- BIGNUM scalar3;
-
- if (EC_POINT_is_at_infinity(group, Q)) ABORT;
- points[0] = Q;
- points[1] = Q;
- points[2] = Q;
- points[3] = Q;
-
- if (!BN_add(y, z, BN_value_one())) ABORT;
- if (BN_is_odd(y)) ABORT;
- if (!BN_rshift1(y, y)) ABORT;
- scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
- scalars[1] = y;
-
- fprintf(stdout, "combined multiplication ...");
- fflush(stdout);
-
- /* z is still the group order */
- if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
- if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
- if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
- if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
-
- fprintf(stdout, ".");
- fflush(stdout);
-
- if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
- if (!BN_add(z, z, y)) ABORT;
- BN_set_negative(z, 1);
- scalars[0] = y;
- scalars[1] = z; /* z = -(order + y) */
-
- if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
- fprintf(stdout, ".");
- fflush(stdout);
-
- if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
- if (!BN_add(z, x, y)) ABORT;
- BN_set_negative(z, 1);
- scalars[0] = x;
- scalars[1] = y;
- scalars[2] = z; /* z = -(x+y) */
-
- BN_init(&scalar3);
- BN_zero(&scalar3);
- scalars[3] = &scalar3;
-
- if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
- fprintf(stdout, " ok\n\n");
-
- BN_free(&scalar3);
- }
-
-
-#if 0
- timings(P_160, TIMING_BASE_PT, ctx);
- timings(P_160, TIMING_RAND_PT, ctx);
- timings(P_160, TIMING_SIMUL, ctx);
- timings(P_192, TIMING_BASE_PT, ctx);
- timings(P_192, TIMING_RAND_PT, ctx);
- timings(P_192, TIMING_SIMUL, ctx);
- timings(P_224, TIMING_BASE_PT, ctx);
- timings(P_224, TIMING_RAND_PT, ctx);
- timings(P_224, TIMING_SIMUL, ctx);
- timings(P_256, TIMING_BASE_PT, ctx);
- timings(P_256, TIMING_RAND_PT, ctx);
- timings(P_256, TIMING_SIMUL, ctx);
- timings(P_384, TIMING_BASE_PT, ctx);
- timings(P_384, TIMING_RAND_PT, ctx);
- timings(P_384, TIMING_SIMUL, ctx);
- timings(P_521, TIMING_BASE_PT, ctx);
- timings(P_521, TIMING_RAND_PT, ctx);
- timings(P_521, TIMING_SIMUL, ctx);
-#endif
-
-
- if (ctx)
- BN_CTX_free(ctx);
- BN_free(p); BN_free(a); BN_free(b);
- EC_GROUP_free(group);
- EC_POINT_free(P);
- EC_POINT_free(Q);
- EC_POINT_free(R);
- BN_free(x); BN_free(y); BN_free(z);
-
- if (P_160) EC_GROUP_free(P_160);
- if (P_192) EC_GROUP_free(P_192);
- if (P_224) EC_GROUP_free(P_224);
- if (P_256) EC_GROUP_free(P_256);
- if (P_384) EC_GROUP_free(P_384);
- if (P_521) EC_GROUP_free(P_521);
-
- }
-
-/* Change test based on whether binary point compression is enabled or not. */
-#ifdef OPENSSL_EC_BIN_PT_COMP
-#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
- if (!BN_hex2bn(&x, _x)) ABORT; \
- if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
- if (!BN_hex2bn(&z, _order)) ABORT; \
- if (!BN_hex2bn(&cof, _cof)) ABORT; \
- if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
- if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
- fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \
- BN_print_fp(stdout, x); \
- fprintf(stdout, "\n y = 0x"); \
- BN_print_fp(stdout, y); \
- fprintf(stdout, "\n"); \
- /* G_y value taken from the standard: */ \
- if (!BN_hex2bn(&z, _y)) ABORT; \
- if (0 != BN_cmp(y, z)) ABORT;
-#else
-#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
- if (!BN_hex2bn(&x, _x)) ABORT; \
- if (!BN_hex2bn(&y, _y)) ABORT; \
- if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
- if (!BN_hex2bn(&z, _order)) ABORT; \
- if (!BN_hex2bn(&cof, _cof)) ABORT; \
- if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
- fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \
- BN_print_fp(stdout, x); \
- fprintf(stdout, "\n y = 0x"); \
- BN_print_fp(stdout, y); \
- fprintf(stdout, "\n");
-#endif
-
-#define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
- if (!BN_hex2bn(&p, _p)) ABORT; \
- if (!BN_hex2bn(&a, _a)) ABORT; \
- if (!BN_hex2bn(&b, _b)) ABORT; \
- if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \
- CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
- fprintf(stdout, "verify degree ..."); \
- if (EC_GROUP_get_degree(group) != _degree) ABORT; \
- fprintf(stdout, " ok\n"); \
- fprintf(stdout, "verify group order ..."); \
- fflush(stdout); \
- if (!EC_GROUP_get_order(group, z, ctx)) ABORT; \
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
- fprintf(stdout, "."); \
- fflush(stdout); \
- /* if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; */ \
- if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \
- if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
- fprintf(stdout, " ok\n"); \
- if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \
- if (!EC_GROUP_copy(_variable, group)) ABORT;
-
-void char2_field_tests()
- {
- BN_CTX *ctx = NULL;
- BIGNUM *p, *a, *b;
- EC_GROUP *group;
- EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = NULL, *C2_K571 = NULL;
- EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL;
- EC_POINT *P, *Q, *R;
- BIGNUM *x, *y, *z, *cof;
- unsigned char buf[100];
- size_t i, len;
- int k;
-
-#if 1 /* optional */
- ctx = BN_CTX_new();
- if (!ctx) ABORT;
-#endif
-
- p = BN_new();
- a = BN_new();
- b = BN_new();
- if (!p || !a || !b) ABORT;
-
- if (!BN_hex2bn(&p, "13")) ABORT;
- if (!BN_hex2bn(&a, "3")) ABORT;
- if (!BN_hex2bn(&b, "1")) ABORT;
-
- group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m
- * so that the library gets to choose the EC_METHOD */
- if (!group) ABORT;
- if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT;
-
- {
- EC_GROUP *tmp;
- tmp = EC_GROUP_new(EC_GROUP_method_of(group));
- if (!tmp) ABORT;
- if (!EC_GROUP_copy(tmp, group)) ABORT;
- EC_GROUP_free(group);
- group = tmp;
- }
-
- if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) ABORT;
-
- fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x");
- BN_print_fp(stdout, p);
- fprintf(stdout, ")\n a = 0x");
- BN_print_fp(stdout, a);
- fprintf(stdout, "\n b = 0x");
- BN_print_fp(stdout, b);
- fprintf(stdout, "\n(0x... means binary polynomial)\n");
-
- P = EC_POINT_new(group);
- Q = EC_POINT_new(group);
- R = EC_POINT_new(group);
- if (!P || !Q || !R) ABORT;
-
- if (!EC_POINT_set_to_infinity(group, P)) ABORT;
- if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
- buf[0] = 0;
- if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
-
- if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
- x = BN_new();
- y = BN_new();
- z = BN_new();
- cof = BN_new();
- if (!x || !y || !z || !cof) ABORT;
-
- if (!BN_hex2bn(&x, "6")) ABORT;
-/* Change test based on whether binary point compression is enabled or not. */
-#ifdef OPENSSL_EC_BIN_PT_COMP
- if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) ABORT;
-#else
- if (!BN_hex2bn(&y, "8")) ABORT;
- if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
-#endif
- if (!EC_POINT_is_on_curve(group, Q, ctx))
- {
-/* Change test based on whether binary point compression is enabled or not. */
-#ifdef OPENSSL_EC_BIN_PT_COMP
- if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
-#endif
- fprintf(stderr, "Point is not on curve: x = 0x");
- BN_print_fp(stderr, x);
- fprintf(stderr, ", y = 0x");
- BN_print_fp(stderr, y);
- fprintf(stderr, "\n");
- ABORT;
- }
-
- fprintf(stdout, "A cyclic subgroup:\n");
- k = 100;
- do
- {
- if (k-- == 0) ABORT;
-
- if (EC_POINT_is_at_infinity(group, P))
- fprintf(stdout, " point at infinity\n");
- else
- {
- if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT;
-
- fprintf(stdout, " x = 0x");
- BN_print_fp(stdout, x);
- fprintf(stdout, ", y = 0x");
- BN_print_fp(stdout, y);
- fprintf(stdout, "\n");
- }
-
- if (!EC_POINT_copy(R, P)) ABORT;
- if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
- }
- while (!EC_POINT_is_at_infinity(group, P));
-
- if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
-/* Change test based on whether binary point compression is enabled or not. */
-#ifdef OPENSSL_EC_BIN_PT_COMP
- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
- if (len == 0) ABORT;
- if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
- if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
- fprintf(stdout, "Generator as octet string, compressed form:\n ");
- for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
-#endif
-
- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
- if (len == 0) ABORT;
- if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
- if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
- fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n ");
- for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
-
-/* Change test based on whether binary point compression is enabled or not. */
-#ifdef OPENSSL_EC_BIN_PT_COMP
- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
- if (len == 0) ABORT;
- if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
- if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
- fprintf(stdout, "\nGenerator as octet string, hybrid form:\n ");
- for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
-#endif
-
- fprintf(stdout, "\n");
-
- if (!EC_POINT_invert(group, P, ctx)) ABORT;
- if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
-
-
- /* Curve K-163 (FIPS PUB 186-2, App. 6) */
- CHAR2_CURVE_TEST
- (
- "NIST curve K-163",
- "0800000000000000000000000000000000000000C9",
- "1",
- "1",
- "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
- "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
- 1,
- "04000000000000000000020108A2E0CC0D99F8A5EF",
- "2",
- 163,
- C2_K163
- );
-
- /* Curve B-163 (FIPS PUB 186-2, App. 6) */
- CHAR2_CURVE_TEST
- (
- "NIST curve B-163",
- "0800000000000000000000000000000000000000C9",
- "1",
- "020A601907B8C953CA1481EB10512F78744A3205FD",
- "03F0EBA16286A2D57EA0991168D4994637E8343E36",
- "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
- 1,
- "040000000000000000000292FE77E70C12A4234C33",
- "2",
- 163,
- C2_B163
- );
-
- /* Curve K-233 (FIPS PUB 186-2, App. 6) */
- CHAR2_CURVE_TEST
- (
- "NIST curve K-233",
- "020000000000000000000000000000000000000004000000000000000001",
- "0",
- "1",
- "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
- "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
- 0,
- "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
- "4",
- 233,
- C2_K233
- );
-
- /* Curve B-233 (FIPS PUB 186-2, App. 6) */
- CHAR2_CURVE_TEST
- (
- "NIST curve B-233",
- "020000000000000000000000000000000000000004000000000000000001",
- "000000000000000000000000000000000000000000000000000000000001",
- "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
- "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
- "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
- 1,
- "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
- "2",
- 233,
- C2_B233
- );
-
- /* Curve K-283 (FIPS PUB 186-2, App. 6) */
- CHAR2_CURVE_TEST
- (
- "NIST curve K-283",
- "0800000000000000000000000000000000000000000000000000000000000000000010A1",
- "0",
- "1",
- "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
- "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
- 0,
- "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
- "4",
- 283,
- C2_K283
- );
-
- /* Curve B-283 (FIPS PUB 186-2, App. 6) */
- CHAR2_CURVE_TEST
- (
- "NIST curve B-283",
- "0800000000000000000000000000000000000000000000000000000000000000000010A1",
- "000000000000000000000000000000000000000000000000000000000000000000000001",
- "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
- "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
- "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
- 1,
- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
- "2",
- 283,
- C2_B283
- );
-
- /* Curve K-409 (FIPS PUB 186-2, App. 6) */
- CHAR2_CURVE_TEST
- (
- "NIST curve K-409",
- "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
- "0",
- "1",
- "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
- "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
- 1,
- "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
- "4",
- 409,
- C2_K409
- );
-
- /* Curve B-409 (FIPS PUB 186-2, App. 6) */
- CHAR2_CURVE_TEST
- (
- "NIST curve B-409",
- "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
- "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
- "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
- "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
- "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
- 1,
- "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
- "2",
- 409,
- C2_B409
- );
-
- /* Curve K-571 (FIPS PUB 186-2, App. 6) */
- CHAR2_CURVE_TEST
- (
- "NIST curve K-571",
- "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
- "0",
- "1",
- "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
- "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
- 0,
- "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
- "4",
- 571,
- C2_K571
- );
-
- /* Curve B-571 (FIPS PUB 186-2, App. 6) */
- CHAR2_CURVE_TEST
- (
- "NIST curve B-571",
- "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
- "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
- "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
- "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
- "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
- 1,
- "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
- "2",
- 571,
- C2_B571
- );
-
- /* more tests using the last curve */
-
- if (!EC_POINT_copy(Q, P)) ABORT;
- if (EC_POINT_is_at_infinity(group, Q)) ABORT;
- if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
- if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
- if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
-
- if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
- if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
-
- {
- const EC_POINT *points[3];
- const BIGNUM *scalars[3];
-
- if (EC_POINT_is_at_infinity(group, Q)) ABORT;
- points[0] = Q;
- points[1] = Q;
- points[2] = Q;
-
- if (!BN_add(y, z, BN_value_one())) ABORT;
- if (BN_is_odd(y)) ABORT;
- if (!BN_rshift1(y, y)) ABORT;
- scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
- scalars[1] = y;
-
- fprintf(stdout, "combined multiplication ...");
- fflush(stdout);
-
- /* z is still the group order */
- if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
- if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
- if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
- if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
-
- fprintf(stdout, ".");
- fflush(stdout);
-
- if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
- if (!BN_add(z, z, y)) ABORT;
- BN_set_negative(z, 1);
- scalars[0] = y;
- scalars[1] = z; /* z = -(order + y) */
-
- if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
- fprintf(stdout, ".");
- fflush(stdout);
-
- if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
- if (!BN_add(z, x, y)) ABORT;
- BN_set_negative(z, 1);
- scalars[0] = x;
- scalars[1] = y;
- scalars[2] = z; /* z = -(x+y) */
-
- if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT;
- if (!EC_POINT_is_at_infinity(group, P)) ABORT;
-
- fprintf(stdout, " ok\n\n");
- }
-
-
-#if 0
- timings(C2_K163, TIMING_BASE_PT, ctx);
- timings(C2_K163, TIMING_RAND_PT, ctx);
- timings(C2_K163, TIMING_SIMUL, ctx);
- timings(C2_B163, TIMING_BASE_PT, ctx);
- timings(C2_B163, TIMING_RAND_PT, ctx);
- timings(C2_B163, TIMING_SIMUL, ctx);
- timings(C2_K233, TIMING_BASE_PT, ctx);
- timings(C2_K233, TIMING_RAND_PT, ctx);
- timings(C2_K233, TIMING_SIMUL, ctx);
- timings(C2_B233, TIMING_BASE_PT, ctx);
- timings(C2_B233, TIMING_RAND_PT, ctx);
- timings(C2_B233, TIMING_SIMUL, ctx);
- timings(C2_K283, TIMING_BASE_PT, ctx);
- timings(C2_K283, TIMING_RAND_PT, ctx);
- timings(C2_K283, TIMING_SIMUL, ctx);
- timings(C2_B283, TIMING_BASE_PT, ctx);
- timings(C2_B283, TIMING_RAND_PT, ctx);
- timings(C2_B283, TIMING_SIMUL, ctx);
- timings(C2_K409, TIMING_BASE_PT, ctx);
- timings(C2_K409, TIMING_RAND_PT, ctx);
- timings(C2_K409, TIMING_SIMUL, ctx);
- timings(C2_B409, TIMING_BASE_PT, ctx);
- timings(C2_B409, TIMING_RAND_PT, ctx);
- timings(C2_B409, TIMING_SIMUL, ctx);
- timings(C2_K571, TIMING_BASE_PT, ctx);
- timings(C2_K571, TIMING_RAND_PT, ctx);
- timings(C2_K571, TIMING_SIMUL, ctx);
- timings(C2_B571, TIMING_BASE_PT, ctx);
- timings(C2_B571, TIMING_RAND_PT, ctx);
- timings(C2_B571, TIMING_SIMUL, ctx);
-#endif
-
-
- if (ctx)
- BN_CTX_free(ctx);
- BN_free(p); BN_free(a); BN_free(b);
- EC_GROUP_free(group);
- EC_POINT_free(P);
- EC_POINT_free(Q);
- EC_POINT_free(R);
- BN_free(x); BN_free(y); BN_free(z); BN_free(cof);
-
- if (C2_K163) EC_GROUP_free(C2_K163);
- if (C2_B163) EC_GROUP_free(C2_B163);
- if (C2_K233) EC_GROUP_free(C2_K233);
- if (C2_B233) EC_GROUP_free(C2_B233);
- if (C2_K283) EC_GROUP_free(C2_K283);
- if (C2_B283) EC_GROUP_free(C2_B283);
- if (C2_K409) EC_GROUP_free(C2_K409);
- if (C2_B409) EC_GROUP_free(C2_B409);
- if (C2_K571) EC_GROUP_free(C2_K571);
- if (C2_B571) EC_GROUP_free(C2_B571);
-
- }
-
-void internal_curve_test(void)
- {
- EC_builtin_curve *curves = NULL;
- size_t crv_len = 0, n = 0;
- int ok = 1;
-
- crv_len = EC_get_builtin_curves(NULL, 0);
-
- curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
-
- if (curves == NULL)
- return;
-
- if (!EC_get_builtin_curves(curves, crv_len))
- {
- OPENSSL_free(curves);
- return;
- }
-
- fprintf(stdout, "testing internal curves: ");
-
- for (n = 0; n < crv_len; n++)
- {
- EC_GROUP *group = NULL;
- int nid = curves[n].nid;
- if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
- {
- ok = 0;
- fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
- " curve %s\n", OBJ_nid2sn(nid));
- /* try next curve */
- continue;
- }
- if (!EC_GROUP_check(group, NULL))
- {
- ok = 0;
- fprintf(stdout, "\nEC_GROUP_check() failed with"
- " curve %s\n", OBJ_nid2sn(nid));
- EC_GROUP_free(group);
- /* try the next curve */
- continue;
- }
- fprintf(stdout, ".");
- fflush(stdout);
- EC_GROUP_free(group);
- }
- if (ok)
- fprintf(stdout, " ok\n");
- else
- fprintf(stdout, " failed\n");
- OPENSSL_free(curves);
- return;
- }
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int main(int argc, char *argv[])
- {
-
- /* enable memory leak checking unless explicitly disabled */
- if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
- {
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- }
- else
- {
- /* OPENSSL_DEBUG_MEMORY=off */
- CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
- }
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
- ERR_load_crypto_strings();
-
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
-
- prime_field_tests();
- puts("");
- char2_field_tests();
- /* test the internal curves */
- internal_curve_test();
-
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif
- CRYPTO_cleanup_all_ex_data();
- ERR_free_strings();
- ERR_remove_state(0);
- CRYPTO_mem_leaks_fp(stderr);
-
- return 0;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ec/ectest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ec/ectest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ec/ectest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ec/ectest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1621 @@
+/* crypto/ec/ectest.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef FLAT_INC
+# include "e_os.h"
+#else
+# include "../e_os.h"
+#endif
+#include <string.h>
+#include <time.h>
+
+#ifdef OPENSSL_NO_EC
+int main(int argc, char *argv[])
+{
+ puts("Elliptic curves are disabled.");
+ return 0;
+}
+#else
+
+# include <openssl/ec.h>
+# ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+# endif
+# include <openssl/err.h>
+# include <openssl/obj_mac.h>
+# include <openssl/objects.h>
+# include <openssl/rand.h>
+# include <openssl/bn.h>
+
+# if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
+/* suppress "too big too optimize" warning */
+# pragma warning(disable:4959)
+# endif
+
+# define ABORT do { \
+ fflush(stdout); \
+ fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
+ ERR_print_errors_fp(stderr); \
+ EXIT(1); \
+} while (0)
+
+void prime_field_tests(void);
+void char2_field_tests(void);
+void internal_curve_test(void);
+
+# define TIMING_BASE_PT 0
+# define TIMING_RAND_PT 1
+# define TIMING_SIMUL 2
+
+# if 0
+static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
+{
+ clock_t clck;
+ int i, j;
+ BIGNUM *s;
+ BIGNUM *r[10], *r0[10];
+ EC_POINT *P;
+
+ s = BN_new();
+ if (s == NULL)
+ ABORT;
+
+ fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
+ if (!EC_GROUP_get_order(group, s, ctx))
+ ABORT;
+ fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
+ fflush(stdout);
+
+ P = EC_POINT_new(group);
+ if (P == NULL)
+ ABORT;
+ EC_POINT_copy(P, EC_GROUP_get0_generator(group));
+
+ for (i = 0; i < 10; i++) {
+ if ((r[i] = BN_new()) == NULL)
+ ABORT;
+ if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0))
+ ABORT;
+ if (type != TIMING_BASE_PT) {
+ if ((r0[i] = BN_new()) == NULL)
+ ABORT;
+ if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0))
+ ABORT;
+ }
+ }
+
+ clck = clock();
+ for (i = 0; i < 10; i++) {
+ for (j = 0; j < 10; j++) {
+ if (!EC_POINT_mul
+ (group, P, (type != TIMING_RAND_PT) ? r[i] : NULL,
+ (type != TIMING_BASE_PT) ? P : NULL,
+ (type != TIMING_BASE_PT) ? r0[i] : NULL, ctx))
+ ABORT;
+ }
+ }
+ clck = clock() - clck;
+
+ fprintf(stdout, "\n");
+
+# ifdef CLOCKS_PER_SEC
+ /*
+ * "To determine the time in seconds, the value returned by the clock
+ * function should be divided by the value of the macro CLOCKS_PER_SEC."
+ * -- ISO/IEC 9899
+ */
+# define UNIT "s"
+# else
+ /*
+ * "`CLOCKS_PER_SEC' undeclared (first use this function)" -- cc on
+ * NeXTstep/OpenStep
+ */
+# define UNIT "units"
+# define CLOCKS_PER_SEC 1
+# endif
+
+ if (type == TIMING_BASE_PT) {
+ fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
+ "base point multiplications", (double)clck / CLOCKS_PER_SEC);
+ } else if (type == TIMING_RAND_PT) {
+ fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
+ "random point multiplications",
+ (double)clck / CLOCKS_PER_SEC);
+ } else if (type == TIMING_SIMUL) {
+ fprintf(stdout, "%i %s in %.2f " UNIT "\n", i * j,
+ "s*P+t*Q operations", (double)clck / CLOCKS_PER_SEC);
+ }
+ fprintf(stdout, "average: %.4f " UNIT "\n",
+ (double)clck / (CLOCKS_PER_SEC * i * j));
+
+ EC_POINT_free(P);
+ BN_free(s);
+ for (i = 0; i < 10; i++) {
+ BN_free(r[i]);
+ if (type != TIMING_BASE_PT)
+ BN_free(r0[i]);
+ }
+}
+# endif
+
+void prime_field_tests()
+{
+ BN_CTX *ctx = NULL;
+ BIGNUM *p, *a, *b;
+ EC_GROUP *group;
+ EC_GROUP *P_160 = NULL, *P_192 = NULL, *P_224 = NULL, *P_256 =
+ NULL, *P_384 = NULL, *P_521 = NULL;
+ EC_POINT *P, *Q, *R;
+ BIGNUM *x, *y, *z;
+ unsigned char buf[100];
+ size_t i, len;
+ int k;
+
+# if 1 /* optional */
+ ctx = BN_CTX_new();
+ if (!ctx)
+ ABORT;
+# endif
+
+ p = BN_new();
+ a = BN_new();
+ b = BN_new();
+ if (!p || !a || !b)
+ ABORT;
+
+ if (!BN_hex2bn(&p, "17"))
+ ABORT;
+ if (!BN_hex2bn(&a, "1"))
+ ABORT;
+ if (!BN_hex2bn(&b, "1"))
+ ABORT;
+
+ group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use
+ * EC_GROUP_new_curve_GFp so
+ * that the library gets to
+ * choose the EC_METHOD */
+ if (!group)
+ ABORT;
+
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+ ABORT;
+
+ {
+ EC_GROUP *tmp;
+ tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+ if (!tmp)
+ ABORT;
+ if (!EC_GROUP_copy(tmp, group))
+ ABORT;
+ EC_GROUP_free(group);
+ group = tmp;
+ }
+
+ if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx))
+ ABORT;
+
+ fprintf(stdout,
+ "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x");
+ BN_print_fp(stdout, p);
+ fprintf(stdout, ")\n a = 0x");
+ BN_print_fp(stdout, a);
+ fprintf(stdout, "\n b = 0x");
+ BN_print_fp(stdout, b);
+ fprintf(stdout, "\n");
+
+ P = EC_POINT_new(group);
+ Q = EC_POINT_new(group);
+ R = EC_POINT_new(group);
+ if (!P || !Q || !R)
+ ABORT;
+
+ if (!EC_POINT_set_to_infinity(group, P))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, P))
+ ABORT;
+
+ buf[0] = 0;
+ if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
+ ABORT;
+
+ if (!EC_POINT_add(group, P, P, Q, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, P))
+ ABORT;
+
+ x = BN_new();
+ y = BN_new();
+ z = BN_new();
+ if (!x || !y || !z)
+ ABORT;
+
+ if (!BN_hex2bn(&x, "D"))
+ ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx))
+ ABORT;
+ if (!EC_POINT_is_on_curve(group, Q, ctx)) {
+ if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx))
+ ABORT;
+ fprintf(stderr, "Point is not on curve: x = 0x");
+ BN_print_fp(stderr, x);
+ fprintf(stderr, ", y = 0x");
+ BN_print_fp(stderr, y);
+ fprintf(stderr, "\n");
+ ABORT;
+ }
+
+ fprintf(stdout, "A cyclic subgroup:\n");
+ k = 100;
+ do {
+ if (k-- == 0)
+ ABORT;
+
+ if (EC_POINT_is_at_infinity(group, P))
+ fprintf(stdout, " point at infinity\n");
+ else {
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+ ABORT;
+
+ fprintf(stdout, " x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, ", y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ }
+
+ if (!EC_POINT_copy(R, P))
+ ABORT;
+ if (!EC_POINT_add(group, P, P, Q, ctx))
+ ABORT;
+
+# if 0 /* optional */
+ {
+ EC_POINT *points[3];
+
+ points[0] = R;
+ points[1] = Q;
+ points[2] = P;
+ if (!EC_POINTs_make_affine(group, 2, points, ctx))
+ ABORT;
+ }
+# endif
+
+ }
+ while (!EC_POINT_is_at_infinity(group, P));
+
+ if (!EC_POINT_add(group, P, Q, R, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, P))
+ ABORT;
+
+ len =
+ EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
+ sizeof buf, ctx);
+ if (len == 0)
+ ABORT;
+ if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+ ABORT;
+ if (0 != EC_POINT_cmp(group, P, Q, ctx))
+ ABORT;
+ fprintf(stdout, "Generator as octect string, compressed form:\n ");
+ for (i = 0; i < len; i++)
+ fprintf(stdout, "%02X", buf[i]);
+
+ len =
+ EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
+ sizeof buf, ctx);
+ if (len == 0)
+ ABORT;
+ if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+ ABORT;
+ if (0 != EC_POINT_cmp(group, P, Q, ctx))
+ ABORT;
+ fprintf(stdout,
+ "\nGenerator as octect string, uncompressed form:\n ");
+ for (i = 0; i < len; i++)
+ fprintf(stdout, "%02X", buf[i]);
+
+ len =
+ EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf,
+ ctx);
+ if (len == 0)
+ ABORT;
+ if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+ ABORT;
+ if (0 != EC_POINT_cmp(group, P, Q, ctx))
+ ABORT;
+ fprintf(stdout, "\nGenerator as octect string, hybrid form:\n ");
+ for (i = 0; i < len; i++)
+ fprintf(stdout, "%02X", buf[i]);
+
+ if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx))
+ ABORT;
+ fprintf(stdout,
+ "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, ", Y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, ", Z = 0x");
+ BN_print_fp(stdout, z);
+ fprintf(stdout, "\n");
+
+ if (!EC_POINT_invert(group, P, ctx))
+ ABORT;
+ if (0 != EC_POINT_cmp(group, P, R, ctx))
+ ABORT;
+
+ /*
+ * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2,
+ * 2000) -- not a NIST curve, but commonly used
+ */
+
+ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"))
+ ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+ ABORT;
+ if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))
+ ABORT;
+ if (!BN_hex2bn(&b, "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45"))
+ ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+ ABORT;
+
+ if (!BN_hex2bn(&x, "4A96B5688EF573284664698968C38BB913CBFC82"))
+ ABORT;
+ if (!BN_hex2bn(&y, "23a628553168947d59dcc912042351377ac5fb32"))
+ ABORT;
+ if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
+ ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx))
+ ABORT;
+ if (!BN_hex2bn(&z, "0100000000000000000001F4C8F927AED3CA752257"))
+ ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+ ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+ ABORT;
+ fprintf(stdout, "\nSEC2 curve secp160r1 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "23a628553168947d59dcc912042351377ac5fb32"))
+ ABORT;
+ if (0 != BN_cmp(y, z))
+ ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 160)
+ ABORT;
+ fprintf(stdout, " ok\n");
+
+ fprintf(stdout, "verify group order ...");
+ fflush(stdout);
+ if (!EC_GROUP_get_order(group, z, ctx))
+ ABORT;
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ fprintf(stdout, ".");
+ fflush(stdout);
+ if (!EC_GROUP_precompute_mult(group, ctx))
+ ABORT;
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ fprintf(stdout, " ok\n");
+
+ if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group))))
+ ABORT;
+ if (!EC_GROUP_copy(P_160, group))
+ ABORT;
+
+ /* Curve P-192 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"))
+ ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+ ABORT;
+ if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))
+ ABORT;
+ if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1"))
+ ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+ ABORT;
+
+ if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012"))
+ ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
+ ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx))
+ ABORT;
+ if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831"))
+ ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+ ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+ ABORT;
+ fprintf(stdout, "\nNIST curve P-192 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811"))
+ ABORT;
+ if (0 != BN_cmp(y, z))
+ ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 192)
+ ABORT;
+ fprintf(stdout, " ok\n");
+
+ fprintf(stdout, "verify group order ...");
+ fflush(stdout);
+ if (!EC_GROUP_get_order(group, z, ctx))
+ ABORT;
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ fprintf(stdout, ".");
+ fflush(stdout);
+# if 0
+ if (!EC_GROUP_precompute_mult(group, ctx))
+ ABORT;
+# endif
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ fprintf(stdout, " ok\n");
+
+ if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group))))
+ ABORT;
+ if (!EC_GROUP_copy(P_192, group))
+ ABORT;
+
+ /* Curve P-224 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn
+ (&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001"))
+ ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+ ABORT;
+ if (!BN_hex2bn
+ (&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE"))
+ ABORT;
+ if (!BN_hex2bn
+ (&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4"))
+ ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+ ABORT;
+
+ if (!BN_hex2bn
+ (&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21"))
+ ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
+ ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx))
+ ABORT;
+ if (!BN_hex2bn
+ (&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"))
+ ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+ ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+ ABORT;
+ fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn
+ (&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34"))
+ ABORT;
+ if (0 != BN_cmp(y, z))
+ ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 224)
+ ABORT;
+ fprintf(stdout, " ok\n");
+
+ fprintf(stdout, "verify group order ...");
+ fflush(stdout);
+ if (!EC_GROUP_get_order(group, z, ctx))
+ ABORT;
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ fprintf(stdout, ".");
+ fflush(stdout);
+# if 0
+ if (!EC_GROUP_precompute_mult(group, ctx))
+ ABORT;
+# endif
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ fprintf(stdout, " ok\n");
+
+ if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))))
+ ABORT;
+ if (!EC_GROUP_copy(P_224, group))
+ ABORT;
+
+ /* Curve P-256 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn
+ (&p,
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"))
+ ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+ ABORT;
+ if (!BN_hex2bn
+ (&a,
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"))
+ ABORT;
+ if (!BN_hex2bn
+ (&b,
+ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"))
+ ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+ ABORT;
+
+ if (!BN_hex2bn
+ (&x,
+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"))
+ ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
+ ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx))
+ ABORT;
+ if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
+ "84F3B9CAC2FC632551"))
+ ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+ ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+ ABORT;
+ fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn
+ (&z,
+ "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5"))
+ ABORT;
+ if (0 != BN_cmp(y, z))
+ ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 256)
+ ABORT;
+ fprintf(stdout, " ok\n");
+
+ fprintf(stdout, "verify group order ...");
+ fflush(stdout);
+ if (!EC_GROUP_get_order(group, z, ctx))
+ ABORT;
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ fprintf(stdout, ".");
+ fflush(stdout);
+# if 0
+ if (!EC_GROUP_precompute_mult(group, ctx))
+ ABORT;
+# endif
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ fprintf(stdout, " ok\n");
+
+ if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))))
+ ABORT;
+ if (!EC_GROUP_copy(P_256, group))
+ ABORT;
+
+ /* Curve P-384 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF"))
+ ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+ ABORT;
+ if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC"))
+ ABORT;
+ if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
+ "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF"))
+ ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+ ABORT;
+
+ if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
+ "9859F741E082542A385502F25DBF55296C3A545E3872760AB7"))
+ ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx))
+ ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx))
+ ABORT;
+ if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973"))
+ ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+ ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+ ABORT;
+ fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
+ "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F"))
+ ABORT;
+ if (0 != BN_cmp(y, z))
+ ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 384)
+ ABORT;
+ fprintf(stdout, " ok\n");
+
+ fprintf(stdout, "verify group order ...");
+ fflush(stdout);
+ if (!EC_GROUP_get_order(group, z, ctx))
+ ABORT;
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ fprintf(stdout, ".");
+ fflush(stdout);
+# if 0
+ if (!EC_GROUP_precompute_mult(group, ctx))
+ ABORT;
+# endif
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ fprintf(stdout, " ok\n");
+
+ if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))))
+ ABORT;
+ if (!EC_GROUP_copy(P_384, group))
+ ABORT;
+
+ /* Curve P-521 (FIPS PUB 186-2, App. 6) */
+
+ if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF"))
+ ABORT;
+ if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL))
+ ABORT;
+ if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFC"))
+ ABORT;
+ if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
+ "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
+ "DF883D2C34F1EF451FD46B503F00"))
+ ABORT;
+ if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx))
+ ABORT;
+
+ if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
+ "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+ "3C1856A429BF97E7E31C2E5BD66"))
+ ABORT;
+ if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx))
+ ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx))
+ ABORT;
+ if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+ "C9B8899C47AEBB6FB71E91386409"))
+ ABORT;
+ if (!EC_GROUP_set_generator(group, P, z, BN_value_one()))
+ ABORT;
+
+ if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))
+ ABORT;
+ fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, "\n y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ /* G_y value taken from the standard: */
+ if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
+ "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
+ "7086A272C24088BE94769FD16650"))
+ ABORT;
+ if (0 != BN_cmp(y, z))
+ ABORT;
+
+ fprintf(stdout, "verify degree ...");
+ if (EC_GROUP_get_degree(group) != 521)
+ ABORT;
+ fprintf(stdout, " ok\n");
+
+ fprintf(stdout, "verify group order ...");
+ fflush(stdout);
+ if (!EC_GROUP_get_order(group, z, ctx))
+ ABORT;
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ fprintf(stdout, ".");
+ fflush(stdout);
+# if 0
+ if (!EC_GROUP_precompute_mult(group, ctx))
+ ABORT;
+# endif
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ fprintf(stdout, " ok\n");
+
+ if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))))
+ ABORT;
+ if (!EC_GROUP_copy(P_521, group))
+ ABORT;
+
+ /* more tests using the last curve */
+
+ if (!EC_POINT_copy(Q, P))
+ ABORT;
+ if (EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ if (!EC_POINT_dbl(group, P, P, ctx))
+ ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx))
+ ABORT;
+ if (!EC_POINT_invert(group, Q, ctx))
+ ABORT; /* P = -2Q */
+
+ if (!EC_POINT_add(group, R, P, Q, ctx))
+ ABORT;
+ if (!EC_POINT_add(group, R, R, Q, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, R))
+ ABORT; /* R = P + 2Q */
+
+ {
+ const EC_POINT *points[4];
+ const BIGNUM *scalars[4];
+ BIGNUM scalar3;
+
+ if (EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ points[0] = Q;
+ points[1] = Q;
+ points[2] = Q;
+ points[3] = Q;
+
+ if (!BN_add(y, z, BN_value_one()))
+ ABORT;
+ if (BN_is_odd(y))
+ ABORT;
+ if (!BN_rshift1(y, y))
+ ABORT;
+ scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
+ scalars[1] = y;
+
+ fprintf(stdout, "combined multiplication ...");
+ fflush(stdout);
+
+ /* z is still the group order */
+ if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+ ABORT;
+ if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
+ ABORT;
+ if (0 != EC_POINT_cmp(group, P, R, ctx))
+ ABORT;
+ if (0 != EC_POINT_cmp(group, R, Q, ctx))
+ ABORT;
+
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
+ ABORT;
+ if (!BN_add(z, z, y))
+ ABORT;
+ BN_set_negative(z, 1);
+ scalars[0] = y;
+ scalars[1] = z; /* z = -(order + y) */
+
+ if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, P))
+ ABORT;
+
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
+ ABORT;
+ if (!BN_add(z, x, y))
+ ABORT;
+ BN_set_negative(z, 1);
+ scalars[0] = x;
+ scalars[1] = y;
+ scalars[2] = z; /* z = -(x+y) */
+
+ BN_init(&scalar3);
+ BN_zero(&scalar3);
+ scalars[3] = &scalar3;
+
+ if (!EC_POINTs_mul(group, P, NULL, 4, points, scalars, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, P))
+ ABORT;
+
+ fprintf(stdout, " ok\n\n");
+
+ BN_free(&scalar3);
+ }
+
+# if 0
+ timings(P_160, TIMING_BASE_PT, ctx);
+ timings(P_160, TIMING_RAND_PT, ctx);
+ timings(P_160, TIMING_SIMUL, ctx);
+ timings(P_192, TIMING_BASE_PT, ctx);
+ timings(P_192, TIMING_RAND_PT, ctx);
+ timings(P_192, TIMING_SIMUL, ctx);
+ timings(P_224, TIMING_BASE_PT, ctx);
+ timings(P_224, TIMING_RAND_PT, ctx);
+ timings(P_224, TIMING_SIMUL, ctx);
+ timings(P_256, TIMING_BASE_PT, ctx);
+ timings(P_256, TIMING_RAND_PT, ctx);
+ timings(P_256, TIMING_SIMUL, ctx);
+ timings(P_384, TIMING_BASE_PT, ctx);
+ timings(P_384, TIMING_RAND_PT, ctx);
+ timings(P_384, TIMING_SIMUL, ctx);
+ timings(P_521, TIMING_BASE_PT, ctx);
+ timings(P_521, TIMING_RAND_PT, ctx);
+ timings(P_521, TIMING_SIMUL, ctx);
+# endif
+
+ if (ctx)
+ BN_CTX_free(ctx);
+ BN_free(p);
+ BN_free(a);
+ BN_free(b);
+ EC_GROUP_free(group);
+ EC_POINT_free(P);
+ EC_POINT_free(Q);
+ EC_POINT_free(R);
+ BN_free(x);
+ BN_free(y);
+ BN_free(z);
+
+ if (P_160)
+ EC_GROUP_free(P_160);
+ if (P_192)
+ EC_GROUP_free(P_192);
+ if (P_224)
+ EC_GROUP_free(P_224);
+ if (P_256)
+ EC_GROUP_free(P_256);
+ if (P_384)
+ EC_GROUP_free(P_384);
+ if (P_521)
+ EC_GROUP_free(P_521);
+
+}
+
+/* Change test based on whether binary point compression is enabled or not. */
+# ifdef OPENSSL_EC_BIN_PT_COMP
+# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+ if (!BN_hex2bn(&x, _x)) ABORT; \
+ if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+ if (!BN_hex2bn(&z, _order)) ABORT; \
+ if (!BN_hex2bn(&cof, _cof)) ABORT; \
+ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+ fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \
+ BN_print_fp(stdout, x); \
+ fprintf(stdout, "\n y = 0x"); \
+ BN_print_fp(stdout, y); \
+ fprintf(stdout, "\n"); \
+ /* G_y value taken from the standard: */ \
+ if (!BN_hex2bn(&z, _y)) ABORT; \
+ if (0 != BN_cmp(y, z)) ABORT;
+# else
+# define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+ if (!BN_hex2bn(&x, _x)) ABORT; \
+ if (!BN_hex2bn(&y, _y)) ABORT; \
+ if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+ if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+ if (!BN_hex2bn(&z, _order)) ABORT; \
+ if (!BN_hex2bn(&cof, _cof)) ABORT; \
+ if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+ fprintf(stdout, "\n%s -- Generator:\n x = 0x", _name); \
+ BN_print_fp(stdout, x); \
+ fprintf(stdout, "\n y = 0x"); \
+ BN_print_fp(stdout, y); \
+ fprintf(stdout, "\n");
+# endif
+
+# define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+ if (!BN_hex2bn(&p, _p)) ABORT; \
+ if (!BN_hex2bn(&a, _a)) ABORT; \
+ if (!BN_hex2bn(&b, _b)) ABORT; \
+ if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \
+ CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+ fprintf(stdout, "verify degree ..."); \
+ if (EC_GROUP_get_degree(group) != _degree) ABORT; \
+ fprintf(stdout, " ok\n"); \
+ fprintf(stdout, "verify group order ..."); \
+ fflush(stdout); \
+ if (!EC_GROUP_get_order(group, z, ctx)) ABORT; \
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \
+ if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
+ fprintf(stdout, "."); \
+ fflush(stdout); \
+ /* if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; */ \
+ if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \
+ if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
+ fprintf(stdout, " ok\n"); \
+ if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \
+ if (!EC_GROUP_copy(_variable, group)) ABORT;
+
+void char2_field_tests()
+{
+ BN_CTX *ctx = NULL;
+ BIGNUM *p, *a, *b;
+ EC_GROUP *group;
+ EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 =
+ NULL, *C2_K571 = NULL;
+ EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 =
+ NULL, *C2_B571 = NULL;
+ EC_POINT *P, *Q, *R;
+ BIGNUM *x, *y, *z, *cof;
+ unsigned char buf[100];
+ size_t i, len;
+ int k;
+
+# if 1 /* optional */
+ ctx = BN_CTX_new();
+ if (!ctx)
+ ABORT;
+# endif
+
+ p = BN_new();
+ a = BN_new();
+ b = BN_new();
+ if (!p || !a || !b)
+ ABORT;
+
+ if (!BN_hex2bn(&p, "13"))
+ ABORT;
+ if (!BN_hex2bn(&a, "3"))
+ ABORT;
+ if (!BN_hex2bn(&b, "1"))
+ ABORT;
+
+ group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use
+ * EC_GROUP_new_curve_GF2m
+ * so that the library gets
+ * to choose the EC_METHOD */
+ if (!group)
+ ABORT;
+ if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx))
+ ABORT;
+
+ {
+ EC_GROUP *tmp;
+ tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+ if (!tmp)
+ ABORT;
+ if (!EC_GROUP_copy(tmp, group))
+ ABORT;
+ EC_GROUP_free(group);
+ group = tmp;
+ }
+
+ if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx))
+ ABORT;
+
+ fprintf(stdout,
+ "Curve defined by Weierstrass equation\n y^2 + x*y = x^3 + a*x^2 + b (mod 0x");
+ BN_print_fp(stdout, p);
+ fprintf(stdout, ")\n a = 0x");
+ BN_print_fp(stdout, a);
+ fprintf(stdout, "\n b = 0x");
+ BN_print_fp(stdout, b);
+ fprintf(stdout, "\n(0x... means binary polynomial)\n");
+
+ P = EC_POINT_new(group);
+ Q = EC_POINT_new(group);
+ R = EC_POINT_new(group);
+ if (!P || !Q || !R)
+ ABORT;
+
+ if (!EC_POINT_set_to_infinity(group, P))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, P))
+ ABORT;
+
+ buf[0] = 0;
+ if (!EC_POINT_oct2point(group, Q, buf, 1, ctx))
+ ABORT;
+
+ if (!EC_POINT_add(group, P, P, Q, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, P))
+ ABORT;
+
+ x = BN_new();
+ y = BN_new();
+ z = BN_new();
+ cof = BN_new();
+ if (!x || !y || !z || !cof)
+ ABORT;
+
+ if (!BN_hex2bn(&x, "6"))
+ ABORT;
+/* Change test based on whether binary point compression is enabled or not. */
+# ifdef OPENSSL_EC_BIN_PT_COMP
+ if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx))
+ ABORT;
+# else
+ if (!BN_hex2bn(&y, "8"))
+ ABORT;
+ if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx))
+ ABORT;
+# endif
+ if (!EC_POINT_is_on_curve(group, Q, ctx)) {
+/* Change test based on whether binary point compression is enabled or not. */
+# ifdef OPENSSL_EC_BIN_PT_COMP
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx))
+ ABORT;
+# endif
+ fprintf(stderr, "Point is not on curve: x = 0x");
+ BN_print_fp(stderr, x);
+ fprintf(stderr, ", y = 0x");
+ BN_print_fp(stderr, y);
+ fprintf(stderr, "\n");
+ ABORT;
+ }
+
+ fprintf(stdout, "A cyclic subgroup:\n");
+ k = 100;
+ do {
+ if (k-- == 0)
+ ABORT;
+
+ if (EC_POINT_is_at_infinity(group, P))
+ fprintf(stdout, " point at infinity\n");
+ else {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx))
+ ABORT;
+
+ fprintf(stdout, " x = 0x");
+ BN_print_fp(stdout, x);
+ fprintf(stdout, ", y = 0x");
+ BN_print_fp(stdout, y);
+ fprintf(stdout, "\n");
+ }
+
+ if (!EC_POINT_copy(R, P))
+ ABORT;
+ if (!EC_POINT_add(group, P, P, Q, ctx))
+ ABORT;
+ }
+ while (!EC_POINT_is_at_infinity(group, P));
+
+ if (!EC_POINT_add(group, P, Q, R, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, P))
+ ABORT;
+
+/* Change test based on whether binary point compression is enabled or not. */
+# ifdef OPENSSL_EC_BIN_PT_COMP
+ len =
+ EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
+ sizeof buf, ctx);
+ if (len == 0)
+ ABORT;
+ if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+ ABORT;
+ if (0 != EC_POINT_cmp(group, P, Q, ctx))
+ ABORT;
+ fprintf(stdout, "Generator as octet string, compressed form:\n ");
+ for (i = 0; i < len; i++)
+ fprintf(stdout, "%02X", buf[i]);
+# endif
+
+ len =
+ EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf,
+ sizeof buf, ctx);
+ if (len == 0)
+ ABORT;
+ if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+ ABORT;
+ if (0 != EC_POINT_cmp(group, P, Q, ctx))
+ ABORT;
+ fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n ");
+ for (i = 0; i < len; i++)
+ fprintf(stdout, "%02X", buf[i]);
+
+/* Change test based on whether binary point compression is enabled or not. */
+# ifdef OPENSSL_EC_BIN_PT_COMP
+ len =
+ EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf,
+ ctx);
+ if (len == 0)
+ ABORT;
+ if (!EC_POINT_oct2point(group, P, buf, len, ctx))
+ ABORT;
+ if (0 != EC_POINT_cmp(group, P, Q, ctx))
+ ABORT;
+ fprintf(stdout, "\nGenerator as octet string, hybrid form:\n ");
+ for (i = 0; i < len; i++)
+ fprintf(stdout, "%02X", buf[i]);
+# endif
+
+ fprintf(stdout, "\n");
+
+ if (!EC_POINT_invert(group, P, ctx))
+ ABORT;
+ if (0 != EC_POINT_cmp(group, P, R, ctx))
+ ABORT;
+
+ /* Curve K-163 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ ("NIST curve K-163",
+ "0800000000000000000000000000000000000000C9",
+ "1",
+ "1",
+ "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+ "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+ 1, "04000000000000000000020108A2E0CC0D99F8A5EF", "2", 163, C2_K163);
+
+ /* Curve B-163 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ ("NIST curve B-163",
+ "0800000000000000000000000000000000000000C9",
+ "1",
+ "020A601907B8C953CA1481EB10512F78744A3205FD",
+ "03F0EBA16286A2D57EA0991168D4994637E8343E36",
+ "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+ 1, "040000000000000000000292FE77E70C12A4234C33", "2", 163, C2_B163);
+
+ /* Curve K-233 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ ("NIST curve K-233",
+ "020000000000000000000000000000000000000004000000000000000001",
+ "0",
+ "1",
+ "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+ "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+ 0,
+ "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
+ "4", 233, C2_K233);
+
+ /* Curve B-233 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ ("NIST curve B-233",
+ "020000000000000000000000000000000000000004000000000000000001",
+ "000000000000000000000000000000000000000000000000000000000001",
+ "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+ "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+ "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+ 1,
+ "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
+ "2", 233, C2_B233);
+
+ /* Curve K-283 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ ("NIST curve K-283",
+ "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+ "0",
+ "1",
+ "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
+ "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
+ 0,
+ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
+ "4", 283, C2_K283);
+
+ /* Curve B-283 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ ("NIST curve B-283",
+ "0800000000000000000000000000000000000000000000000000000000000000000010A1",
+ "000000000000000000000000000000000000000000000000000000000000000000000001",
+ "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
+ "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
+ "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
+ 1,
+ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
+ "2", 283, C2_B283);
+
+ /* Curve K-409 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ ("NIST curve K-409",
+ "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+ "0",
+ "1",
+ "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
+ "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
+ 1,
+ "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
+ "4", 409, C2_K409);
+
+ /* Curve B-409 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ ("NIST curve B-409",
+ "02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+ "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+ "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
+ "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
+ "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
+ 1,
+ "010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
+ "2", 409, C2_B409);
+
+ /* Curve K-571 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ ("NIST curve K-571",
+ "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+ "0",
+ "1",
+ "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
+ "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
+ 0,
+ "020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
+ "4", 571, C2_K571);
+
+ /* Curve B-571 (FIPS PUB 186-2, App. 6) */
+ CHAR2_CURVE_TEST
+ ("NIST curve B-571",
+ "80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+ "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+ "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
+ "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
+ "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
+ 1,
+ "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
+ "2", 571, C2_B571);
+
+ /* more tests using the last curve */
+
+ if (!EC_POINT_copy(Q, P))
+ ABORT;
+ if (EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ if (!EC_POINT_dbl(group, P, P, ctx))
+ ABORT;
+ if (!EC_POINT_is_on_curve(group, P, ctx))
+ ABORT;
+ if (!EC_POINT_invert(group, Q, ctx))
+ ABORT; /* P = -2Q */
+
+ if (!EC_POINT_add(group, R, P, Q, ctx))
+ ABORT;
+ if (!EC_POINT_add(group, R, R, Q, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, R))
+ ABORT; /* R = P + 2Q */
+
+ {
+ const EC_POINT *points[3];
+ const BIGNUM *scalars[3];
+
+ if (EC_POINT_is_at_infinity(group, Q))
+ ABORT;
+ points[0] = Q;
+ points[1] = Q;
+ points[2] = Q;
+
+ if (!BN_add(y, z, BN_value_one()))
+ ABORT;
+ if (BN_is_odd(y))
+ ABORT;
+ if (!BN_rshift1(y, y))
+ ABORT;
+ scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */
+ scalars[1] = y;
+
+ fprintf(stdout, "combined multiplication ...");
+ fflush(stdout);
+
+ /* z is still the group order */
+ if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+ ABORT;
+ if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx))
+ ABORT;
+ if (0 != EC_POINT_cmp(group, P, R, ctx))
+ ABORT;
+ if (0 != EC_POINT_cmp(group, R, Q, ctx))
+ ABORT;
+
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0))
+ ABORT;
+ if (!BN_add(z, z, y))
+ ABORT;
+ BN_set_negative(z, 1);
+ scalars[0] = y;
+ scalars[1] = z; /* z = -(order + y) */
+
+ if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, P))
+ ABORT;
+
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0))
+ ABORT;
+ if (!BN_add(z, x, y))
+ ABORT;
+ BN_set_negative(z, 1);
+ scalars[0] = x;
+ scalars[1] = y;
+ scalars[2] = z; /* z = -(x+y) */
+
+ if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx))
+ ABORT;
+ if (!EC_POINT_is_at_infinity(group, P))
+ ABORT;
+
+ fprintf(stdout, " ok\n\n");
+ }
+
+# if 0
+ timings(C2_K163, TIMING_BASE_PT, ctx);
+ timings(C2_K163, TIMING_RAND_PT, ctx);
+ timings(C2_K163, TIMING_SIMUL, ctx);
+ timings(C2_B163, TIMING_BASE_PT, ctx);
+ timings(C2_B163, TIMING_RAND_PT, ctx);
+ timings(C2_B163, TIMING_SIMUL, ctx);
+ timings(C2_K233, TIMING_BASE_PT, ctx);
+ timings(C2_K233, TIMING_RAND_PT, ctx);
+ timings(C2_K233, TIMING_SIMUL, ctx);
+ timings(C2_B233, TIMING_BASE_PT, ctx);
+ timings(C2_B233, TIMING_RAND_PT, ctx);
+ timings(C2_B233, TIMING_SIMUL, ctx);
+ timings(C2_K283, TIMING_BASE_PT, ctx);
+ timings(C2_K283, TIMING_RAND_PT, ctx);
+ timings(C2_K283, TIMING_SIMUL, ctx);
+ timings(C2_B283, TIMING_BASE_PT, ctx);
+ timings(C2_B283, TIMING_RAND_PT, ctx);
+ timings(C2_B283, TIMING_SIMUL, ctx);
+ timings(C2_K409, TIMING_BASE_PT, ctx);
+ timings(C2_K409, TIMING_RAND_PT, ctx);
+ timings(C2_K409, TIMING_SIMUL, ctx);
+ timings(C2_B409, TIMING_BASE_PT, ctx);
+ timings(C2_B409, TIMING_RAND_PT, ctx);
+ timings(C2_B409, TIMING_SIMUL, ctx);
+ timings(C2_K571, TIMING_BASE_PT, ctx);
+ timings(C2_K571, TIMING_RAND_PT, ctx);
+ timings(C2_K571, TIMING_SIMUL, ctx);
+ timings(C2_B571, TIMING_BASE_PT, ctx);
+ timings(C2_B571, TIMING_RAND_PT, ctx);
+ timings(C2_B571, TIMING_SIMUL, ctx);
+# endif
+
+ if (ctx)
+ BN_CTX_free(ctx);
+ BN_free(p);
+ BN_free(a);
+ BN_free(b);
+ EC_GROUP_free(group);
+ EC_POINT_free(P);
+ EC_POINT_free(Q);
+ EC_POINT_free(R);
+ BN_free(x);
+ BN_free(y);
+ BN_free(z);
+ BN_free(cof);
+
+ if (C2_K163)
+ EC_GROUP_free(C2_K163);
+ if (C2_B163)
+ EC_GROUP_free(C2_B163);
+ if (C2_K233)
+ EC_GROUP_free(C2_K233);
+ if (C2_B233)
+ EC_GROUP_free(C2_B233);
+ if (C2_K283)
+ EC_GROUP_free(C2_K283);
+ if (C2_B283)
+ EC_GROUP_free(C2_B283);
+ if (C2_K409)
+ EC_GROUP_free(C2_K409);
+ if (C2_B409)
+ EC_GROUP_free(C2_B409);
+ if (C2_K571)
+ EC_GROUP_free(C2_K571);
+ if (C2_B571)
+ EC_GROUP_free(C2_B571);
+
+}
+
+void internal_curve_test(void)
+{
+ EC_builtin_curve *curves = NULL;
+ size_t crv_len = 0, n = 0;
+ int ok = 1;
+
+ crv_len = EC_get_builtin_curves(NULL, 0);
+
+ curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+ if (curves == NULL)
+ return;
+
+ if (!EC_get_builtin_curves(curves, crv_len)) {
+ OPENSSL_free(curves);
+ return;
+ }
+
+ fprintf(stdout, "testing internal curves: ");
+
+ for (n = 0; n < crv_len; n++) {
+ EC_GROUP *group = NULL;
+ int nid = curves[n].nid;
+ if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL) {
+ ok = 0;
+ fprintf(stdout, "\nEC_GROUP_new_curve_name() failed with"
+ " curve %s\n", OBJ_nid2sn(nid));
+ /* try next curve */
+ continue;
+ }
+ if (!EC_GROUP_check(group, NULL)) {
+ ok = 0;
+ fprintf(stdout, "\nEC_GROUP_check() failed with"
+ " curve %s\n", OBJ_nid2sn(nid));
+ EC_GROUP_free(group);
+ /* try the next curve */
+ continue;
+ }
+ fprintf(stdout, ".");
+ fflush(stdout);
+ EC_GROUP_free(group);
+ }
+ if (ok)
+ fprintf(stdout, " ok\n");
+ else
+ fprintf(stdout, " failed\n");
+ OPENSSL_free(curves);
+ return;
+}
+
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+{
+
+ /* enable memory leak checking unless explicitly disabled */
+ if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
+ && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ } else {
+ /* OPENSSL_DEBUG_MEMORY=off */
+ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+ }
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+ ERR_load_crypto_strings();
+
+ RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+
+ prime_field_tests();
+ puts("");
+ char2_field_tests();
+ /* test the internal curves */
+ internal_curve_test();
+
+# ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+# endif
+ CRYPTO_cleanup_all_ex_data();
+ ERR_free_strings();
+ ERR_remove_state(0);
+ CRYPTO_mem_leaks_fp(stderr);
+
+ return 0;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdh.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdh/ecdh.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdh.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,123 +0,0 @@
-/* crypto/ecdh/ecdh.h */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#ifndef HEADER_ECDH_H
-#define HEADER_ECDH_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_ECDH
-#error ECDH is disabled.
-#endif
-
-#include <openssl/ec.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-const ECDH_METHOD *ECDH_OpenSSL(void);
-
-void ECDH_set_default_method(const ECDH_METHOD *);
-const ECDH_METHOD *ECDH_get_default_method(void);
-int ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
-
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-
-int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
- *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
-void *ECDH_get_ex_data(EC_KEY *d, int idx);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ECDH_strings(void);
-
-/* Error codes for the ECDH functions. */
-
-/* Function codes. */
-#define ECDH_F_ECDH_COMPUTE_KEY 100
-#define ECDH_F_ECDH_DATA_NEW_METHOD 101
-
-/* Reason codes. */
-#define ECDH_R_KDF_FAILED 102
-#define ECDH_R_NO_PRIVATE_VALUE 100
-#define ECDH_R_POINT_ARITHMETIC_FAILURE 101
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdh.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdh/ecdh.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdh.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdh.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,125 @@
+/* crypto/ecdh/ecdh.h */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ECDH_H
+# define HEADER_ECDH_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_ECDH
+# error ECDH is disabled.
+# endif
+
+# include <openssl/ec.h>
+# include <openssl/ossl_typ.h>
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/bn.h>
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+const ECDH_METHOD *ECDH_OpenSSL(void);
+
+void ECDH_set_default_method(const ECDH_METHOD *);
+const ECDH_METHOD *ECDH_get_default_method(void);
+int ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+ EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen,
+ void *out, size_t *outlen));
+
+int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
+ *new_func, CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
+void *ECDH_get_ex_data(EC_KEY *d, int idx);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ECDH_strings(void);
+
+/* Error codes for the ECDH functions. */
+
+/* Function codes. */
+# define ECDH_F_ECDH_COMPUTE_KEY 100
+# define ECDH_F_ECDH_DATA_NEW_METHOD 101
+
+/* Reason codes. */
+# define ECDH_R_KDF_FAILED 102
+# define ECDH_R_NO_PRIVATE_VALUE 100
+# define ECDH_R_POINT_ARITHMETIC_FAILURE 101
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdhtest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdh/ecdhtest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdhtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,368 +0,0 @@
-/* crypto/ecdh/ecdhtest.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-#include <openssl/err.h>
-
-#ifdef OPENSSL_NO_ECDH
-int main(int argc, char *argv[])
-{
- printf("No ECDH support\n");
- return(0);
-}
-#else
-#include <openssl/ec.h>
-#include <openssl/ecdh.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define MS_CALLBACK _far _loadds
-#else
-#define MS_CALLBACK
-#endif
-
-#if 0
-static void MS_CALLBACK cb(int p, int n, void *arg);
-#endif
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-
-static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
- {
-#ifndef OPENSSL_NO_SHA
- if (*outlen < SHA_DIGEST_LENGTH)
- return NULL;
- else
- *outlen = SHA_DIGEST_LENGTH;
- return SHA1(in, inlen, out);
-#else
- return NULL;
-#endif
- }
-
-
-static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
- {
- EC_KEY *a=NULL;
- EC_KEY *b=NULL;
- BIGNUM *x_a=NULL, *y_a=NULL,
- *x_b=NULL, *y_b=NULL;
- char buf[12];
- unsigned char *abuf=NULL,*bbuf=NULL;
- int i,alen,blen,aout,bout,ret=0;
- const EC_GROUP *group;
-
- a = EC_KEY_new_by_curve_name(nid);
- b = EC_KEY_new_by_curve_name(nid);
- if (a == NULL || b == NULL)
- goto err;
-
- group = EC_KEY_get0_group(a);
-
- if ((x_a=BN_new()) == NULL) goto err;
- if ((y_a=BN_new()) == NULL) goto err;
- if ((x_b=BN_new()) == NULL) goto err;
- if ((y_b=BN_new()) == NULL) goto err;
-
- BIO_puts(out,"Testing key generation with ");
- BIO_puts(out,text);
-#ifdef NOISY
- BIO_puts(out,"\n");
-#else
- (void)BIO_flush(out);
-#endif
-
- if (!EC_KEY_generate_key(a)) goto err;
-
- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
- {
- if (!EC_POINT_get_affine_coordinates_GFp(group,
- EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
- }
- else
- {
- if (!EC_POINT_get_affine_coordinates_GF2m(group,
- EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
- }
-#ifdef NOISY
- BIO_puts(out," pri 1=");
- BN_print(out,a->priv_key);
- BIO_puts(out,"\n pub 1=");
- BN_print(out,x_a);
- BIO_puts(out,",");
- BN_print(out,y_a);
- BIO_puts(out,"\n");
-#else
- BIO_printf(out," .");
- (void)BIO_flush(out);
-#endif
-
- if (!EC_KEY_generate_key(b)) goto err;
-
- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
- {
- if (!EC_POINT_get_affine_coordinates_GFp(group,
- EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
- }
- else
- {
- if (!EC_POINT_get_affine_coordinates_GF2m(group,
- EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
- }
-
-#ifdef NOISY
- BIO_puts(out," pri 2=");
- BN_print(out,b->priv_key);
- BIO_puts(out,"\n pub 2=");
- BN_print(out,x_b);
- BIO_puts(out,",");
- BN_print(out,y_b);
- BIO_puts(out,"\n");
-#else
- BIO_printf(out,".");
- (void)BIO_flush(out);
-#endif
-
- alen=KDF1_SHA1_len;
- abuf=(unsigned char *)OPENSSL_malloc(alen);
- aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
-
-#ifdef NOISY
- BIO_puts(out," key1 =");
- for (i=0; i<aout; i++)
- {
- sprintf(buf,"%02X",abuf[i]);
- BIO_puts(out,buf);
- }
- BIO_puts(out,"\n");
-#else
- BIO_printf(out,".");
- (void)BIO_flush(out);
-#endif
-
- blen=KDF1_SHA1_len;
- bbuf=(unsigned char *)OPENSSL_malloc(blen);
- bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);
-
-#ifdef NOISY
- BIO_puts(out," key2 =");
- for (i=0; i<bout; i++)
- {
- sprintf(buf,"%02X",bbuf[i]);
- BIO_puts(out,buf);
- }
- BIO_puts(out,"\n");
-#else
- BIO_printf(out,".");
- (void)BIO_flush(out);
-#endif
-
- if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
- {
-#ifndef NOISY
- BIO_printf(out, " failed\n\n");
- BIO_printf(out, "key a:\n");
- BIO_printf(out, "private key: ");
- BN_print(out, EC_KEY_get0_private_key(a));
- BIO_printf(out, "\n");
- BIO_printf(out, "public key (x,y): ");
- BN_print(out, x_a);
- BIO_printf(out, ",");
- BN_print(out, y_a);
- BIO_printf(out, "\nkey b:\n");
- BIO_printf(out, "private key: ");
- BN_print(out, EC_KEY_get0_private_key(b));
- BIO_printf(out, "\n");
- BIO_printf(out, "public key (x,y): ");
- BN_print(out, x_b);
- BIO_printf(out, ",");
- BN_print(out, y_b);
- BIO_printf(out, "\n");
- BIO_printf(out, "generated key a: ");
- for (i=0; i<bout; i++)
- {
- sprintf(buf, "%02X", bbuf[i]);
- BIO_puts(out, buf);
- }
- BIO_printf(out, "\n");
- BIO_printf(out, "generated key b: ");
- for (i=0; i<aout; i++)
- {
- sprintf(buf, "%02X", abuf[i]);
- BIO_puts(out,buf);
- }
- BIO_printf(out, "\n");
-#endif
- fprintf(stderr,"Error in ECDH routines\n");
- ret=0;
- }
- else
- {
-#ifndef NOISY
- BIO_printf(out, " ok\n");
-#endif
- ret=1;
- }
-err:
- ERR_print_errors_fp(stderr);
-
- if (abuf != NULL) OPENSSL_free(abuf);
- if (bbuf != NULL) OPENSSL_free(bbuf);
- if (x_a) BN_free(x_a);
- if (y_a) BN_free(y_a);
- if (x_b) BN_free(x_b);
- if (y_b) BN_free(y_b);
- if (b) EC_KEY_free(b);
- if (a) EC_KEY_free(a);
- return(ret);
- }
-
-int main(int argc, char *argv[])
- {
- BN_CTX *ctx=NULL;
- int ret=1;
- BIO *out;
-
- CRYPTO_malloc_debug_init();
- CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-#ifdef OPENSSL_SYS_WIN32
- CRYPTO_malloc_init();
-#endif
-
- RAND_seed(rnd_seed, sizeof rnd_seed);
-
- out=BIO_new(BIO_s_file());
- if (out == NULL) EXIT(1);
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-
- if ((ctx=BN_CTX_new()) == NULL) goto err;
-
- /* NIST PRIME CURVES TESTS */
- if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
- /* NIST BINARY CURVES TESTS */
- if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
- if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
-
- ret = 0;
-
-err:
- ERR_print_errors_fp(stderr);
- if (ctx) BN_CTX_free(ctx);
- BIO_free(out);
- CRYPTO_cleanup_all_ex_data();
- ERR_remove_state(0);
- CRYPTO_mem_leaks_fp(stderr);
- EXIT(ret);
- return(ret);
- }
-
-#if 0
-static void MS_CALLBACK cb(int p, int n, void *arg)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write((BIO *)arg,&c,1);
- (void)BIO_flush((BIO *)arg);
-#ifdef LINT
- p=n;
-#endif
- }
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdhtest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdh/ecdhtest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdhtest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ecdhtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,402 @@
+/* crypto/ecdh/ecdhtest.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_ECDH */
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_NO_ECDH
+int main(int argc, char *argv[])
+{
+ printf("No ECDH support\n");
+ return (0);
+}
+#else
+# include <openssl/ec.h>
+# include <openssl/ecdh.h>
+
+# ifdef OPENSSL_SYS_WIN16
+# define MS_CALLBACK _far _loadds
+# else
+# define MS_CALLBACK
+# endif
+
+# if 0
+static void MS_CALLBACK cb(int p, int n, void *arg);
+# endif
+
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+
+static const int KDF1_SHA1_len = 20;
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out,
+ size_t *outlen)
+{
+# ifndef OPENSSL_NO_SHA
+ if (*outlen < SHA_DIGEST_LENGTH)
+ return NULL;
+ else
+ *outlen = SHA_DIGEST_LENGTH;
+ return SHA1(in, inlen, out);
+# else
+ return NULL;
+# endif
+}
+
+static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
+{
+ EC_KEY *a = NULL;
+ EC_KEY *b = NULL;
+ BIGNUM *x_a = NULL, *y_a = NULL, *x_b = NULL, *y_b = NULL;
+ char buf[12];
+ unsigned char *abuf = NULL, *bbuf = NULL;
+ int i, alen, blen, aout, bout, ret = 0;
+ const EC_GROUP *group;
+
+ a = EC_KEY_new_by_curve_name(nid);
+ b = EC_KEY_new_by_curve_name(nid);
+ if (a == NULL || b == NULL)
+ goto err;
+
+ group = EC_KEY_get0_group(a);
+
+ if ((x_a = BN_new()) == NULL)
+ goto err;
+ if ((y_a = BN_new()) == NULL)
+ goto err;
+ if ((x_b = BN_new()) == NULL)
+ goto err;
+ if ((y_b = BN_new()) == NULL)
+ goto err;
+
+ BIO_puts(out, "Testing key generation with ");
+ BIO_puts(out, text);
+# ifdef NOISY
+ BIO_puts(out, "\n");
+# else
+ (void)BIO_flush(out);
+# endif
+
+ if (!EC_KEY_generate_key(a))
+ goto err;
+
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+ NID_X9_62_prime_field) {
+ if (!EC_POINT_get_affine_coordinates_GFp
+ (group, EC_KEY_get0_public_key(a), x_a, y_a, ctx))
+ goto err;
+ } else {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
+ EC_KEY_get0_public_key(a),
+ x_a, y_a, ctx))
+ goto err;
+ }
+# ifdef NOISY
+ BIO_puts(out, " pri 1=");
+ BN_print(out, a->priv_key);
+ BIO_puts(out, "\n pub 1=");
+ BN_print(out, x_a);
+ BIO_puts(out, ",");
+ BN_print(out, y_a);
+ BIO_puts(out, "\n");
+# else
+ BIO_printf(out, " .");
+ (void)BIO_flush(out);
+# endif
+
+ if (!EC_KEY_generate_key(b))
+ goto err;
+
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+ NID_X9_62_prime_field) {
+ if (!EC_POINT_get_affine_coordinates_GFp
+ (group, EC_KEY_get0_public_key(b), x_b, y_b, ctx))
+ goto err;
+ } else {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
+ EC_KEY_get0_public_key(b),
+ x_b, y_b, ctx))
+ goto err;
+ }
+
+# ifdef NOISY
+ BIO_puts(out, " pri 2=");
+ BN_print(out, b->priv_key);
+ BIO_puts(out, "\n pub 2=");
+ BN_print(out, x_b);
+ BIO_puts(out, ",");
+ BN_print(out, y_b);
+ BIO_puts(out, "\n");
+# else
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+# endif
+
+ alen = KDF1_SHA1_len;
+ abuf = (unsigned char *)OPENSSL_malloc(alen);
+ aout =
+ ECDH_compute_key(abuf, alen, EC_KEY_get0_public_key(b), a, KDF1_SHA1);
+
+# ifdef NOISY
+ BIO_puts(out, " key1 =");
+ for (i = 0; i < aout; i++) {
+ sprintf(buf, "%02X", abuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_puts(out, "\n");
+# else
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+# endif
+
+ blen = KDF1_SHA1_len;
+ bbuf = (unsigned char *)OPENSSL_malloc(blen);
+ bout =
+ ECDH_compute_key(bbuf, blen, EC_KEY_get0_public_key(a), b, KDF1_SHA1);
+
+# ifdef NOISY
+ BIO_puts(out, " key2 =");
+ for (i = 0; i < bout; i++) {
+ sprintf(buf, "%02X", bbuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_puts(out, "\n");
+# else
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+# endif
+
+ if ((aout < 4) || (bout != aout) || (memcmp(abuf, bbuf, aout) != 0)) {
+# ifndef NOISY
+ BIO_printf(out, " failed\n\n");
+ BIO_printf(out, "key a:\n");
+ BIO_printf(out, "private key: ");
+ BN_print(out, EC_KEY_get0_private_key(a));
+ BIO_printf(out, "\n");
+ BIO_printf(out, "public key (x,y): ");
+ BN_print(out, x_a);
+ BIO_printf(out, ",");
+ BN_print(out, y_a);
+ BIO_printf(out, "\nkey b:\n");
+ BIO_printf(out, "private key: ");
+ BN_print(out, EC_KEY_get0_private_key(b));
+ BIO_printf(out, "\n");
+ BIO_printf(out, "public key (x,y): ");
+ BN_print(out, x_b);
+ BIO_printf(out, ",");
+ BN_print(out, y_b);
+ BIO_printf(out, "\n");
+ BIO_printf(out, "generated key a: ");
+ for (i = 0; i < bout; i++) {
+ sprintf(buf, "%02X", bbuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_printf(out, "\n");
+ BIO_printf(out, "generated key b: ");
+ for (i = 0; i < aout; i++) {
+ sprintf(buf, "%02X", abuf[i]);
+ BIO_puts(out, buf);
+ }
+ BIO_printf(out, "\n");
+# endif
+ fprintf(stderr, "Error in ECDH routines\n");
+ ret = 0;
+ } else {
+# ifndef NOISY
+ BIO_printf(out, " ok\n");
+# endif
+ ret = 1;
+ }
+ err:
+ ERR_print_errors_fp(stderr);
+
+ if (abuf != NULL)
+ OPENSSL_free(abuf);
+ if (bbuf != NULL)
+ OPENSSL_free(bbuf);
+ if (x_a)
+ BN_free(x_a);
+ if (y_a)
+ BN_free(y_a);
+ if (x_b)
+ BN_free(x_b);
+ if (y_b)
+ BN_free(y_b);
+ if (b)
+ EC_KEY_free(b);
+ if (a)
+ EC_KEY_free(a);
+ return (ret);
+}
+
+int main(int argc, char *argv[])
+{
+ BN_CTX *ctx = NULL;
+ int ret = 1;
+ BIO *out;
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+# ifdef OPENSSL_SYS_WIN32
+ CRYPTO_malloc_init();
+# endif
+
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+
+ out = BIO_new(BIO_s_file());
+ if (out == NULL)
+ EXIT(1);
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+
+ /* NIST PRIME CURVES TESTS */
+ if (!test_ecdh_curve
+ (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
+ goto err;
+ if (!test_ecdh_curve
+ (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out))
+ goto err;
+ /* NIST BINARY CURVES TESTS */
+ if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out))
+ goto err;
+ if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
+ goto err;
+
+ ret = 0;
+
+ err:
+ ERR_print_errors_fp(stderr);
+ if (ctx)
+ BN_CTX_free(ctx);
+ BIO_free(out);
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+ CRYPTO_mem_leaks_fp(stderr);
+ EXIT(ret);
+ return (ret);
+}
+
+# if 0
+static void MS_CALLBACK cb(int p, int n, void *arg)
+{
+ char c = '*';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ BIO_write((BIO *)arg, &c, 1);
+ (void)BIO_flush((BIO *)arg);
+# ifdef LINT
+ p = n;
+# endif
+}
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdh/ech_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,98 +0,0 @@
-/* crypto/ecdh/ech_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ecdh.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)
-
-static ERR_STRING_DATA ECDH_str_functs[]=
- {
-{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
-{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_NEW_METHOD"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA ECDH_str_reasons[]=
- {
-{ERR_REASON(ECDH_R_KDF_FAILED) ,"KDF failed"},
-{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE) ,"no private value"},
-{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_ECDH_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,ECDH_str_functs);
- ERR_load_strings(0,ECDH_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdh/ech_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,96 @@
+/* crypto/ecdh/ech_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ecdh.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)
+
+static ERR_STRING_DATA ECDH_str_functs[] = {
+ {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
+ {ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_NEW_METHOD"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA ECDH_str_reasons[] = {
+ {ERR_REASON(ECDH_R_KDF_FAILED), "KDF failed"},
+ {ERR_REASON(ECDH_R_NO_PRIVATE_VALUE), "no private value"},
+ {ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_ECDH_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, ECDH_str_functs);
+ ERR_load_strings(0, ECDH_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_key.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdh/ech_key.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,83 +0,0 @@
-/* crypto/ecdh/ecdh_key.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ech_locl.h"
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
- EC_KEY *eckey,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
-{
- ECDH_DATA *ecdh = ecdh_check(eckey);
- if (ecdh == NULL)
- return 0;
- return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_key.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdh/ech_key.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_key.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,84 @@
+/* crypto/ecdh/ecdh_key.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ech_locl.h"
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+ EC_KEY *eckey,
+ void *(*KDF) (const void *in, size_t inlen, void *out,
+ size_t *outlen))
+{
+ ECDH_DATA *ecdh = ecdh_check(eckey);
+ if (ecdh == NULL)
+ return 0;
+ return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdh/ech_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,248 +0,0 @@
-/* crypto/ecdh/ech_lib.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ech_locl.h"
-#include <string.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-
-const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
-
-static const ECDH_METHOD *default_ECDH_method = NULL;
-
-static void *ecdh_data_new(void);
-static void *ecdh_data_dup(void *);
-static void ecdh_data_free(void *);
-
-void ECDH_set_default_method(const ECDH_METHOD *meth)
- {
- default_ECDH_method = meth;
- }
-
-const ECDH_METHOD *ECDH_get_default_method(void)
- {
- if(!default_ECDH_method)
- default_ECDH_method = ECDH_OpenSSL();
- return default_ECDH_method;
- }
-
-int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
- {
- ECDH_DATA *ecdh;
-
- ecdh = ecdh_check(eckey);
-
- if (ecdh == NULL)
- return 0;
-
-#ifndef OPENSSL_NO_ENGINE
- if (ecdh->engine)
- {
- ENGINE_finish(ecdh->engine);
- ecdh->engine = NULL;
- }
-#endif
- ecdh->meth = meth;
-#if 0
- if (meth->init)
- meth->init(eckey);
-#endif
- return 1;
- }
-
-static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
- {
- ECDH_DATA *ret;
-
- ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
- if (ret == NULL)
- {
- ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
- ret->init = NULL;
-
- ret->meth = ECDH_get_default_method();
- ret->engine = engine;
-#ifndef OPENSSL_NO_ENGINE
- if (!ret->engine)
- ret->engine = ENGINE_get_default_ECDH();
- if (ret->engine)
- {
- ret->meth = ENGINE_get_ECDH(ret->engine);
- if (!ret->meth)
- {
- ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
- ENGINE_finish(ret->engine);
- OPENSSL_free(ret);
- return NULL;
- }
- }
-#endif
-
- ret->flags = ret->meth->flags;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
-#if 0
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
- {
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
- OPENSSL_free(ret);
- ret=NULL;
- }
-#endif
- return(ret);
- }
-
-static void *ecdh_data_new(void)
- {
- return (void *)ECDH_DATA_new_method(NULL);
- }
-
-static void *ecdh_data_dup(void *data)
-{
- ECDH_DATA *r = (ECDH_DATA *)data;
-
- /* XXX: dummy operation */
- if (r == NULL)
- return NULL;
-
- return (void *)ecdh_data_new();
-}
-
-void ecdh_data_free(void *data)
- {
- ECDH_DATA *r = (ECDH_DATA *)data;
-
-#ifndef OPENSSL_NO_ENGINE
- if (r->engine)
- ENGINE_finish(r->engine);
-#endif
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
-
- OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
-
- OPENSSL_free(r);
- }
-
-ECDH_DATA *ecdh_check(EC_KEY *key)
- {
- ECDH_DATA *ecdh_data;
-
- void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup,
- ecdh_data_free, ecdh_data_free);
- if (data == NULL)
- {
- ecdh_data = (ECDH_DATA *)ecdh_data_new();
- if (ecdh_data == NULL)
- return NULL;
- data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
- ecdh_data_dup, ecdh_data_free, ecdh_data_free);
- if (data != NULL)
- {
- /* Another thread raced us to install the key_method
- * data and won. */
- ecdh_data_free(ecdh_data);
- ecdh_data = (ECDH_DATA *)data;
- }
- }
- else
- ecdh_data = (ECDH_DATA *)data;
-
-
- return ecdh_data;
- }
-
-int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)
- {
- ECDH_DATA *ecdh;
- ecdh = ecdh_check(d);
- if (ecdh == NULL)
- return 0;
- return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg));
- }
-
-void *ECDH_get_ex_data(EC_KEY *d, int idx)
- {
- ECDH_DATA *ecdh;
- ecdh = ecdh_check(d);
- if (ecdh == NULL)
- return NULL;
- return(CRYPTO_get_ex_data(&ecdh->ex_data,idx));
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdh/ech_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,242 @@
+/* crypto/ecdh/ech_lib.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ech_locl.h"
+#include <string.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+
+const char ECDH_version[] = "ECDH" OPENSSL_VERSION_PTEXT;
+
+static const ECDH_METHOD *default_ECDH_method = NULL;
+
+static void *ecdh_data_new(void);
+static void *ecdh_data_dup(void *);
+static void ecdh_data_free(void *);
+
+void ECDH_set_default_method(const ECDH_METHOD *meth)
+{
+ default_ECDH_method = meth;
+}
+
+const ECDH_METHOD *ECDH_get_default_method(void)
+{
+ if (!default_ECDH_method)
+ default_ECDH_method = ECDH_OpenSSL();
+ return default_ECDH_method;
+}
+
+int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
+{
+ ECDH_DATA *ecdh;
+
+ ecdh = ecdh_check(eckey);
+
+ if (ecdh == NULL)
+ return 0;
+
+#ifndef OPENSSL_NO_ENGINE
+ if (ecdh->engine) {
+ ENGINE_finish(ecdh->engine);
+ ecdh->engine = NULL;
+ }
+#endif
+ ecdh->meth = meth;
+#if 0
+ if (meth->init)
+ meth->init(eckey);
+#endif
+ return 1;
+}
+
+static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
+{
+ ECDH_DATA *ret;
+
+ ret = (ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
+ if (ret == NULL) {
+ ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+
+ ret->init = NULL;
+
+ ret->meth = ECDH_get_default_method();
+ ret->engine = engine;
+#ifndef OPENSSL_NO_ENGINE
+ if (!ret->engine)
+ ret->engine = ENGINE_get_default_ECDH();
+ if (ret->engine) {
+ ret->meth = ENGINE_get_ECDH(ret->engine);
+ if (!ret->meth) {
+ ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
+#endif
+
+ ret->flags = ret->meth->flags;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+#if 0
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+ OPENSSL_free(ret);
+ ret = NULL;
+ }
+#endif
+ return (ret);
+}
+
+static void *ecdh_data_new(void)
+{
+ return (void *)ECDH_DATA_new_method(NULL);
+}
+
+static void *ecdh_data_dup(void *data)
+{
+ ECDH_DATA *r = (ECDH_DATA *)data;
+
+ /* XXX: dummy operation */
+ if (r == NULL)
+ return NULL;
+
+ return (void *)ecdh_data_new();
+}
+
+void ecdh_data_free(void *data)
+{
+ ECDH_DATA *r = (ECDH_DATA *)data;
+
+#ifndef OPENSSL_NO_ENGINE
+ if (r->engine)
+ ENGINE_finish(r->engine);
+#endif
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
+
+ OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
+
+ OPENSSL_free(r);
+}
+
+ECDH_DATA *ecdh_check(EC_KEY *key)
+{
+ ECDH_DATA *ecdh_data;
+
+ void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup,
+ ecdh_data_free, ecdh_data_free);
+ if (data == NULL) {
+ ecdh_data = (ECDH_DATA *)ecdh_data_new();
+ if (ecdh_data == NULL)
+ return NULL;
+ data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
+ ecdh_data_dup, ecdh_data_free,
+ ecdh_data_free);
+ if (data != NULL) {
+ /*
+ * Another thread raced us to install the key_method data and
+ * won.
+ */
+ ecdh_data_free(ecdh_data);
+ ecdh_data = (ECDH_DATA *)data;
+ }
+ } else
+ ecdh_data = (ECDH_DATA *)data;
+
+ return ecdh_data;
+}
+
+int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)
+{
+ ECDH_DATA *ecdh;
+ ecdh = ecdh_check(d);
+ if (ecdh == NULL)
+ return 0;
+ return (CRYPTO_set_ex_data(&ecdh->ex_data, idx, arg));
+}
+
+void *ECDH_get_ex_data(EC_KEY *d, int idx)
+{
+ ECDH_DATA *ecdh;
+ ecdh = ecdh_check(d);
+ if (ecdh == NULL)
+ return NULL;
+ return (CRYPTO_get_ex_data(&ecdh->ex_data, idx));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdh/ech_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,94 +0,0 @@
-/* crypto/ecdh/ech_locl.h */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ECH_LOCL_H
-#define HEADER_ECH_LOCL_H
-
-#include <openssl/ecdh.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct ecdh_method
- {
- const char *name;
- int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-#if 0
- int (*init)(EC_KEY *eckey);
- int (*finish)(EC_KEY *eckey);
-#endif
- int flags;
- char *app_data;
- };
-
-typedef struct ecdh_data_st {
- /* EC_KEY_METH_DATA part */
- int (*init)(EC_KEY *);
- /* method specific part */
- ENGINE *engine;
- int flags;
- const ECDH_METHOD *meth;
- CRYPTO_EX_DATA ex_data;
-} ECDH_DATA;
-
-ECDH_DATA *ecdh_check(EC_KEY *);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* HEADER_ECH_LOCL_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdh/ech_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,95 @@
+/* crypto/ecdh/ech_locl.h */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ECH_LOCL_H
+# define HEADER_ECH_LOCL_H
+
+# include <openssl/ecdh.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct ecdh_method {
+ const char *name;
+ int (*compute_key) (void *key, size_t outlen, const EC_POINT *pub_key,
+ EC_KEY *ecdh, void *(*KDF) (const void *in,
+ size_t inlen, void *out,
+ size_t *outlen));
+# if 0
+ int (*init) (EC_KEY *eckey);
+ int (*finish) (EC_KEY *eckey);
+# endif
+ int flags;
+ char *app_data;
+};
+
+typedef struct ecdh_data_st {
+ /* EC_KEY_METH_DATA part */
+ int (*init) (EC_KEY *);
+ /* method specific part */
+ ENGINE *engine;
+ int flags;
+ const ECDH_METHOD *meth;
+ CRYPTO_EX_DATA ex_data;
+} ECDH_DATA;
+
+ECDH_DATA *ecdh_check(EC_KEY *);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_ECH_LOCL_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_ossl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdh/ech_ossl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_ossl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,213 +0,0 @@
-/* crypto/ecdh/ech_ossl.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH software is originally written by Douglas Stebila of
- * Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <string.h>
-#include <limits.h>
-
-#include "cryptlib.h"
-
-#include "ech_locl.h"
-#include <openssl/err.h>
-#include <openssl/sha.h>
-#include <openssl/obj_mac.h>
-#include <openssl/bn.h>
-
-static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
- EC_KEY *ecdh,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
-
-static ECDH_METHOD openssl_ecdh_meth = {
- "OpenSSL ECDH method",
- ecdh_compute_key,
-#if 0
- NULL, /* init */
- NULL, /* finish */
-#endif
- 0, /* flags */
- NULL /* app_data */
-};
-
-const ECDH_METHOD *ECDH_OpenSSL(void)
- {
- return &openssl_ecdh_meth;
- }
-
-
-/* This implementation is based on the following primitives in the IEEE 1363 standard:
- * - ECKAS-DH1
- * - ECSVDP-DH
- * Finally an optional KDF is applied.
- */
-static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
- EC_KEY *ecdh,
- void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
- {
- BN_CTX *ctx;
- EC_POINT *tmp=NULL;
- BIGNUM *x=NULL, *y=NULL;
- const BIGNUM *priv_key;
- const EC_GROUP* group;
- int ret= -1;
- size_t buflen, len;
- unsigned char *buf=NULL;
-
- if (outlen > INT_MAX)
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
- return -1;
- }
-
- if ((ctx = BN_CTX_new()) == NULL) goto err;
- BN_CTX_start(ctx);
- x = BN_CTX_get(ctx);
- y = BN_CTX_get(ctx);
-
- priv_key = EC_KEY_get0_private_key(ecdh);
- if (priv_key == NULL)
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
- goto err;
- }
-
- group = EC_KEY_get0_group(ecdh);
- if ((tmp=EC_POINT_new(group)) == NULL)
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx))
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
- goto err;
- }
-
- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
- {
- if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx))
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
- goto err;
- }
- }
- else
- {
- if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx))
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
- goto err;
- }
- }
-
- buflen = (EC_GROUP_get_degree(group) + 7)/8;
- len = BN_num_bytes(x);
- if (len > buflen)
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- if ((buf = OPENSSL_malloc(buflen)) == NULL)
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- memset(buf, 0, buflen - len);
- if (len != (size_t)BN_bn2bin(x, buf + buflen - len))
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
- goto err;
- }
-
- if (KDF != 0)
- {
- if (KDF(buf, buflen, out, &outlen) == NULL)
- {
- ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED);
- goto err;
- }
- ret = outlen;
- }
- else
- {
- /* no KDF, just copy as much as we can */
- if (outlen > buflen)
- outlen = buflen;
- memcpy(out, buf, outlen);
- ret = outlen;
- }
-
-err:
- if (tmp) EC_POINT_free(tmp);
- if (ctx) BN_CTX_end(ctx);
- if (ctx) BN_CTX_free(ctx);
- if (buf) OPENSSL_free(buf);
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_ossl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdh/ech_ossl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_ossl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdh/ech_ossl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,205 @@
+/* crypto/ecdh/ech_ossl.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <limits.h>
+
+#include "cryptlib.h"
+
+#include "ech_locl.h"
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/obj_mac.h>
+#include <openssl/bn.h>
+
+static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
+ EC_KEY *ecdh,
+ void *(*KDF) (const void *in, size_t inlen,
+ void *out, size_t *outlen));
+
+static ECDH_METHOD openssl_ecdh_meth = {
+ "OpenSSL ECDH method",
+ ecdh_compute_key,
+#if 0
+ NULL, /* init */
+ NULL, /* finish */
+#endif
+ 0, /* flags */
+ NULL /* app_data */
+};
+
+const ECDH_METHOD *ECDH_OpenSSL(void)
+{
+ return &openssl_ecdh_meth;
+}
+
+/*-
+ * This implementation is based on the following primitives in the IEEE 1363 standard:
+ * - ECKAS-DH1
+ * - ECSVDP-DH
+ * Finally an optional KDF is applied.
+ */
+static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+ EC_KEY *ecdh,
+ void *(*KDF) (const void *in, size_t inlen,
+ void *out, size_t *outlen))
+{
+ BN_CTX *ctx;
+ EC_POINT *tmp = NULL;
+ BIGNUM *x = NULL, *y = NULL;
+ const BIGNUM *priv_key;
+ const EC_GROUP *group;
+ int ret = -1;
+ size_t buflen, len;
+ unsigned char *buf = NULL;
+
+ if (outlen > INT_MAX) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of,
+ * anyway */
+ return -1;
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ x = BN_CTX_get(ctx);
+ y = BN_CTX_get(ctx);
+
+ priv_key = EC_KEY_get0_private_key(ecdh);
+ if (priv_key == NULL) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
+ goto err;
+ }
+
+ group = EC_KEY_get0_group(ecdh);
+ if ((tmp = EC_POINT_new(group)) == NULL) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+ goto err;
+ }
+
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+ NID_X9_62_prime_field) {
+ if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+ goto err;
+ }
+ } else {
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+ goto err;
+ }
+ }
+
+ buflen = (EC_GROUP_get_degree(group) + 7) / 8;
+ len = BN_num_bytes(x);
+ if (len > buflen) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ if ((buf = OPENSSL_malloc(buflen)) == NULL) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ memset(buf, 0, buflen - len);
+ if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+ goto err;
+ }
+
+ if (KDF != 0) {
+ if (KDF(buf, buflen, out, &outlen) == NULL) {
+ ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KDF_FAILED);
+ goto err;
+ }
+ ret = outlen;
+ } else {
+ /* no KDF, just copy as much as we can */
+ if (outlen > buflen)
+ outlen = buflen;
+ memcpy(out, buf, outlen);
+ ret = outlen;
+ }
+
+ err:
+ if (tmp)
+ EC_POINT_free(tmp);
+ if (ctx)
+ BN_CTX_end(ctx);
+ if (ctx)
+ BN_CTX_free(ctx);
+ if (buf)
+ OPENSSL_free(buf);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsa.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdsa/ecdsa.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsa.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,271 +0,0 @@
-/* crypto/ecdsa/ecdsa.h */
-/**
- * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
- * \author Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#ifndef HEADER_ECDSA_H
-#define HEADER_ECDSA_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_ECDSA
-#error ECDSA is disabled.
-#endif
-
-#include <openssl/ec.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct ECDSA_SIG_st
- {
- BIGNUM *r;
- BIGNUM *s;
- } ECDSA_SIG;
-
-/** ECDSA_SIG *ECDSA_SIG_new(void)
- * allocates and initialize a ECDSA_SIG structure
- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
- */
-ECDSA_SIG *ECDSA_SIG_new(void);
-
-/** ECDSA_SIG_free
- * frees a ECDSA_SIG structure
- * \param a pointer to the ECDSA_SIG structure
- */
-void ECDSA_SIG_free(ECDSA_SIG *a);
-
-/** i2d_ECDSA_SIG
- * DER encode content of ECDSA_SIG object (note: this function modifies *pp
- * (*pp += length of the DER encoded signature)).
- * \param a pointer to the ECDSA_SIG object
- * \param pp pointer to a unsigned char pointer for the output or NULL
- * \return the length of the DER encoded ECDSA_SIG object or 0
- */
-int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp);
-
-/** d2i_ECDSA_SIG
- * decodes a DER encoded ECDSA signature (note: this function changes *pp
- * (*pp += len)).
- * \param v pointer to ECDSA_SIG pointer (may be NULL)
- * \param pp buffer with the DER encoded signature
- * \param len bufferlength
- * \return pointer to the decoded ECDSA_SIG structure (or NULL)
- */
-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len);
-
-/** ECDSA_do_sign
- * computes the ECDSA signature of the given hash value using
- * the supplied private key and returns the created signature.
- * \param dgst pointer to the hash value
- * \param dgst_len length of the hash value
- * \param eckey pointer to the EC_KEY object containing a private EC key
- * \return pointer to a ECDSA_SIG structure or NULL
- */
-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst,int dgst_len,EC_KEY *eckey);
-
-/** ECDSA_do_sign_ex
- * computes ECDSA signature of a given hash value using the supplied
- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- * \param dgst pointer to the hash value to sign
- * \param dgstlen length of the hash value
- * \param kinv optional pointer to a pre-computed inverse k
- * \param rp optional pointer to the pre-computed rp value (see
- * ECDSA_sign_setup
- * \param eckey pointer to the EC_KEY object containing a private EC key
- * \return pointer to a ECDSA_SIG structure or NULL
- */
-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
- const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
-
-/** ECDSA_do_verify
- * verifies that the supplied signature is a valid ECDSA
- * signature of the supplied hash value using the supplied public key.
- * \param dgst pointer to the hash value
- * \param dgst_len length of the hash value
- * \param sig pointer to the ECDSA_SIG structure
- * \param eckey pointer to the EC_KEY object containing a public EC key
- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error
- */
-int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY* eckey);
-
-const ECDSA_METHOD *ECDSA_OpenSSL(void);
-
-/** ECDSA_set_default_method
- * sets the default ECDSA method
- * \param meth the new default ECDSA_METHOD
- */
-void ECDSA_set_default_method(const ECDSA_METHOD *meth);
-
-/** ECDSA_get_default_method
- * returns the default ECDSA method
- * \return pointer to ECDSA_METHOD structure containing the default method
- */
-const ECDSA_METHOD *ECDSA_get_default_method(void);
-
-/** ECDSA_set_method
- * sets method to be used for the ECDSA operations
- * \param eckey pointer to the EC_KEY object
- * \param meth pointer to the new method
- * \return 1 on success and 0 otherwise
- */
-int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
-
-/** ECDSA_size
- * returns the maximum length of the DER encoded signature
- * \param eckey pointer to a EC_KEY object
- * \return numbers of bytes required for the DER encoded signature
- */
-int ECDSA_size(const EC_KEY *eckey);
-
-/** ECDSA_sign_setup
- * precompute parts of the signing operation.
- * \param eckey pointer to the EC_KEY object containing a private EC key
- * \param ctx pointer to a BN_CTX object (may be NULL)
- * \param kinv pointer to a BIGNUM pointer for the inverse of k
- * \param rp pointer to a BIGNUM pointer for x coordinate of k * generator
- * \return 1 on success and 0 otherwise
- */
-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
- BIGNUM **rp);
-
-/** ECDSA_sign
- * computes ECDSA signature of a given hash value using the supplied
- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- * \param type this parameter is ignored
- * \param dgst pointer to the hash value to sign
- * \param dgstlen length of the hash value
- * \param sig buffer to hold the DER encoded signature
- * \param siglen pointer to the length of the returned signature
- * \param eckey pointer to the EC_KEY object containing a private EC key
- * \return 1 on success and 0 otherwise
- */
-int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
- unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
-
-
-/** ECDSA_sign_ex
- * computes ECDSA signature of a given hash value using the supplied
- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
- * \param type this parameter is ignored
- * \param dgst pointer to the hash value to sign
- * \param dgstlen length of the hash value
- * \param sig buffer to hold the DER encoded signature
- * \param siglen pointer to the length of the returned signature
- * \param kinv optional pointer to a pre-computed inverse k
- * \param rp optional pointer to the pre-computed rp value (see
- * ECDSA_sign_setup
- * \param eckey pointer to the EC_KEY object containing a private EC key
- * \return 1 on success and 0 otherwise
- */
-int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
- unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
- const BIGNUM *rp, EC_KEY *eckey);
-
-/** ECDSA_verify
- * verifies that the given signature is valid ECDSA signature
- * of the supplied hash value using the specified public key.
- * \param type this parameter is ignored
- * \param dgst pointer to the hash value
- * \param dgstlen length of the hash value
- * \param sig pointer to the DER encoded signature
- * \param siglen length of the DER encoded signature
- * \param eckey pointer to the EC_KEY object containing a public EC key
- * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error
- */
-int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
- const unsigned char *sig, int siglen, EC_KEY *eckey);
-
-/* the standard ex_data functions */
-int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
- *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
-void *ECDSA_get_ex_data(EC_KEY *d, int idx);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ECDSA_strings(void);
-
-/* Error codes for the ECDSA functions. */
-
-/* Function codes. */
-#define ECDSA_F_ECDSA_DATA_NEW_METHOD 100
-#define ECDSA_F_ECDSA_DO_SIGN 101
-#define ECDSA_F_ECDSA_DO_VERIFY 102
-#define ECDSA_F_ECDSA_SIGN_SETUP 103
-
-/* Reason codes. */
-#define ECDSA_R_BAD_SIGNATURE 100
-#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101
-#define ECDSA_R_ERR_EC_LIB 102
-#define ECDSA_R_MISSING_PARAMETERS 103
-#define ECDSA_R_NEED_NEW_SETUP_VALUES 106
-#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104
-#define ECDSA_R_SIGNATURE_MALLOC_FAILED 105
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsa.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdsa/ecdsa.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsa.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsa.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,271 @@
+/* crypto/ecdsa/ecdsa.h */
+/**
+ * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions
+ * \author Written by Nils Larsch for the OpenSSL project
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ECDSA_H
+# define HEADER_ECDSA_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_ECDSA
+# error ECDSA is disabled.
+# endif
+
+# include <openssl/ec.h>
+# include <openssl/ossl_typ.h>
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/bn.h>
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct ECDSA_SIG_st {
+ BIGNUM *r;
+ BIGNUM *s;
+} ECDSA_SIG;
+
+/** ECDSA_SIG *ECDSA_SIG_new(void)
+ * allocates and initialize a ECDSA_SIG structure
+ * \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_SIG_new(void);
+
+/** ECDSA_SIG_free
+ * frees a ECDSA_SIG structure
+ * \param a pointer to the ECDSA_SIG structure
+ */
+void ECDSA_SIG_free(ECDSA_SIG *a);
+
+/** i2d_ECDSA_SIG
+ * DER encode content of ECDSA_SIG object (note: this function modifies *pp
+ * (*pp += length of the DER encoded signature)).
+ * \param a pointer to the ECDSA_SIG object
+ * \param pp pointer to a unsigned char pointer for the output or NULL
+ * \return the length of the DER encoded ECDSA_SIG object or 0
+ */
+int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp);
+
+/** d2i_ECDSA_SIG
+ * decodes a DER encoded ECDSA signature (note: this function changes *pp
+ * (*pp += len)).
+ * \param v pointer to ECDSA_SIG pointer (may be NULL)
+ * \param pp buffer with the DER encoded signature
+ * \param len bufferlength
+ * \return pointer to the decoded ECDSA_SIG structure (or NULL)
+ */
+ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long len);
+
+/** ECDSA_do_sign
+ * computes the ECDSA signature of the given hash value using
+ * the supplied private key and returns the created signature.
+ * \param dgst pointer to the hash value
+ * \param dgst_len length of the hash value
+ * \param eckey pointer to the EC_KEY object containing a private EC key
+ * \return pointer to a ECDSA_SIG structure or NULL
+ */
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+ EC_KEY *eckey);
+
+/** ECDSA_do_sign_ex
+ * computes ECDSA signature of a given hash value using the supplied
+ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ * \param dgst pointer to the hash value to sign
+ * \param dgstlen length of the hash value
+ * \param kinv optional pointer to a pre-computed inverse k
+ * \param rp optional pointer to the pre-computed rp value (see
+ * ECDSA_sign_setup
+ * \param eckey pointer to the EC_KEY object containing a private EC key
+ * \return pointer to a ECDSA_SIG structure or NULL
+ */
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+ const BIGNUM *kinv, const BIGNUM *rp,
+ EC_KEY *eckey);
+
+/** ECDSA_do_verify
+ * verifies that the supplied signature is a valid ECDSA
+ * signature of the supplied hash value using the supplied public key.
+ * \param dgst pointer to the hash value
+ * \param dgst_len length of the hash value
+ * \param sig pointer to the ECDSA_SIG structure
+ * \param eckey pointer to the EC_KEY object containing a public EC key
+ * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error
+ */
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey);
+
+const ECDSA_METHOD *ECDSA_OpenSSL(void);
+
+/** ECDSA_set_default_method
+ * sets the default ECDSA method
+ * \param meth the new default ECDSA_METHOD
+ */
+void ECDSA_set_default_method(const ECDSA_METHOD *meth);
+
+/** ECDSA_get_default_method
+ * returns the default ECDSA method
+ * \return pointer to ECDSA_METHOD structure containing the default method
+ */
+const ECDSA_METHOD *ECDSA_get_default_method(void);
+
+/** ECDSA_set_method
+ * sets method to be used for the ECDSA operations
+ * \param eckey pointer to the EC_KEY object
+ * \param meth pointer to the new method
+ * \return 1 on success and 0 otherwise
+ */
+int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth);
+
+/** ECDSA_size
+ * returns the maximum length of the DER encoded signature
+ * \param eckey pointer to a EC_KEY object
+ * \return numbers of bytes required for the DER encoded signature
+ */
+int ECDSA_size(const EC_KEY *eckey);
+
+/** ECDSA_sign_setup
+ * precompute parts of the signing operation.
+ * \param eckey pointer to the EC_KEY object containing a private EC key
+ * \param ctx pointer to a BN_CTX object (may be NULL)
+ * \param kinv pointer to a BIGNUM pointer for the inverse of k
+ * \param rp pointer to a BIGNUM pointer for x coordinate of k * generator
+ * \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
+
+/** ECDSA_sign
+ * computes ECDSA signature of a given hash value using the supplied
+ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ * \param type this parameter is ignored
+ * \param dgst pointer to the hash value to sign
+ * \param dgstlen length of the hash value
+ * \param sig buffer to hold the DER encoded signature
+ * \param siglen pointer to the length of the returned signature
+ * \param eckey pointer to the EC_KEY object containing a private EC key
+ * \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
+ unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/** ECDSA_sign_ex
+ * computes ECDSA signature of a given hash value using the supplied
+ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ * \param type this parameter is ignored
+ * \param dgst pointer to the hash value to sign
+ * \param dgstlen length of the hash value
+ * \param sig buffer to hold the DER encoded signature
+ * \param siglen pointer to the length of the returned signature
+ * \param kinv optional pointer to a pre-computed inverse k
+ * \param rp optional pointer to the pre-computed rp value (see
+ * ECDSA_sign_setup
+ * \param eckey pointer to the EC_KEY object containing a private EC key
+ * \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
+ unsigned char *sig, unsigned int *siglen,
+ const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
+
+/** ECDSA_verify
+ * verifies that the given signature is valid ECDSA signature
+ * of the supplied hash value using the specified public key.
+ * \param type this parameter is ignored
+ * \param dgst pointer to the hash value
+ * \param dgstlen length of the hash value
+ * \param sig pointer to the DER encoded signature
+ * \param siglen length of the DER encoded signature
+ * \param eckey pointer to the EC_KEY object containing a public EC key
+ * \return 1 if the signature is valid, 0 if the signature is invalid and -1 on error
+ */
+int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
+ const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+/* the standard ex_data functions */
+int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new
+ *new_func, CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
+void *ECDSA_get_ex_data(EC_KEY *d, int idx);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ECDSA_strings(void);
+
+/* Error codes for the ECDSA functions. */
+
+/* Function codes. */
+# define ECDSA_F_ECDSA_DATA_NEW_METHOD 100
+# define ECDSA_F_ECDSA_DO_SIGN 101
+# define ECDSA_F_ECDSA_DO_VERIFY 102
+# define ECDSA_F_ECDSA_SIGN_SETUP 103
+
+/* Reason codes. */
+# define ECDSA_R_BAD_SIGNATURE 100
+# define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101
+# define ECDSA_R_ERR_EC_LIB 102
+# define ECDSA_R_MISSING_PARAMETERS 103
+# define ECDSA_R_NEED_NEW_SETUP_VALUES 106
+# define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104
+# define ECDSA_R_SIGNATURE_MALLOC_FAILED 105
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsatest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdsa/ecdsatest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsatest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,571 +0,0 @@
-/* crypto/ecdsa/ecdsatest.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */
-
-#ifdef OPENSSL_NO_ECDSA
-int main(int argc, char * argv[])
- {
- puts("Elliptic curves are disabled.");
- return 0;
- }
-#else
-
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/ecdsa.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-static const char rnd_seed[] = "string to make the random number generator "
- "think it has entropy";
-
-/* declaration of the test functions */
-int x9_62_tests(BIO *);
-int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
-int test_builtin(BIO *);
-
-/* functions to change the RAND_METHOD */
-int change_rand(void);
-int restore_rand(void);
-int fbytes(unsigned char *buf, int num);
-
-RAND_METHOD fake_rand;
-const RAND_METHOD *old_rand;
-
-int change_rand(void)
- {
- /* save old rand method */
- if ((old_rand = RAND_get_rand_method()) == NULL)
- return 0;
-
- fake_rand.seed = old_rand->seed;
- fake_rand.cleanup = old_rand->cleanup;
- fake_rand.add = old_rand->add;
- fake_rand.status = old_rand->status;
- /* use own random function */
- fake_rand.bytes = fbytes;
- fake_rand.pseudorand = old_rand->bytes;
- /* set new RAND_METHOD */
- if (!RAND_set_rand_method(&fake_rand))
- return 0;
- return 1;
- }
-
-int restore_rand(void)
- {
- if (!RAND_set_rand_method(old_rand))
- return 0;
- else
- return 1;
- }
-
-static int fbytes_counter = 0;
-static const char *numbers[8] = {
- "651056770906015076056810763456358567190100156695615665659",
- "6140507067065001063065065565667405560006161556565665656654",
- "8763001015071075675010661307616710783570106710677817767166"
- "71676178726717",
- "7000000175690566466555057817571571075705015757757057795755"
- "55657156756655",
- "1275552191113212300012030439187146164646146646466749494799",
- "1542725565216523985789236956265265265235675811949404040041",
- "1456427555219115346513212300075341203043918714616464614664"
- "64667494947990",
- "1712787255652165239672857892369562652652652356758119494040"
- "40041670216363"};
-
-int fbytes(unsigned char *buf, int num)
- {
- int ret;
- BIGNUM *tmp = NULL;
-
- if (fbytes_counter >= 8)
- return 0;
- tmp = BN_new();
- if (!tmp)
- return 0;
- if (!BN_dec2bn(&tmp, numbers[fbytes_counter]))
- {
- BN_free(tmp);
- return 0;
- }
- fbytes_counter ++;
- if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
- ret = 0;
- else
- ret = 1;
- if (tmp)
- BN_free(tmp);
- return ret;
- }
-
-/* some tests from the X9.62 draft */
-int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
- {
- int ret = 0;
- const char message[] = "abc";
- unsigned char digest[20];
- unsigned int dgst_len = 0;
- EVP_MD_CTX md_ctx;
- EC_KEY *key = NULL;
- ECDSA_SIG *signature = NULL;
- BIGNUM *r = NULL, *s = NULL;
-
- EVP_MD_CTX_init(&md_ctx);
- /* get the message digest */
- EVP_DigestInit(&md_ctx, EVP_ecdsa());
- EVP_DigestUpdate(&md_ctx, (const void*)message, 3);
- EVP_DigestFinal(&md_ctx, digest, &dgst_len);
-
- BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
- /* create the key */
- if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
- goto x962_int_err;
- if (!EC_KEY_generate_key(key))
- goto x962_int_err;
- BIO_printf(out, ".");
- (void)BIO_flush(out);
- /* create the signature */
- signature = ECDSA_do_sign(digest, 20, key);
- if (signature == NULL)
- goto x962_int_err;
- BIO_printf(out, ".");
- (void)BIO_flush(out);
- /* compare the created signature with the expected signature */
- if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
- goto x962_int_err;
- if (!BN_dec2bn(&r, r_in) ||
- !BN_dec2bn(&s, s_in))
- goto x962_int_err;
- if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))
- goto x962_int_err;
- BIO_printf(out, ".");
- (void)BIO_flush(out);
- /* verify the signature */
- if (ECDSA_do_verify(digest, 20, signature, key) != 1)
- goto x962_int_err;
- BIO_printf(out, ".");
- (void)BIO_flush(out);
-
- BIO_printf(out, " ok\n");
- ret = 1;
-x962_int_err:
- if (!ret)
- BIO_printf(out, " failed\n");
- if (key)
- EC_KEY_free(key);
- if (signature)
- ECDSA_SIG_free(signature);
- if (r)
- BN_free(r);
- if (s)
- BN_free(s);
- EVP_MD_CTX_cleanup(&md_ctx);
- return ret;
- }
-
-int x9_62_tests(BIO *out)
- {
- int ret = 0;
-
- BIO_printf(out, "some tests from X9.62:\n");
-
- /* set own rand method */
- if (!change_rand())
- goto x962_err;
-
- if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
- "3342403536405981729393488334694600415596881826869351677613",
- "5735822328888155254683894997897571951568553642892029982342"))
- goto x962_err;
- if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
- "3086361431751678114926225473006680188549593787585317781474"
- "62058306432176",
- "3238135532097973577080787768312505059318910517550078427819"
- "78505179448783"))
- goto x962_err;
- if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
- "87194383164871543355722284926904419997237591535066528048",
- "308992691965804947361541664549085895292153777025772063598"))
- goto x962_err;
- if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
- "2159633321041961198501834003903461262881815148684178964245"
- "5876922391552",
- "1970303740007316867383349976549972270528498040721988191026"
- "49413465737174"))
- goto x962_err;
-
- ret = 1;
-x962_err:
- if (!restore_rand())
- ret = 0;
- return ret;
- }
-
-int test_builtin(BIO *out)
- {
- EC_builtin_curve *curves = NULL;
- size_t crv_len = 0, n = 0;
- EC_KEY *eckey = NULL, *wrong_eckey = NULL;
- EC_GROUP *group;
- ECDSA_SIG *ecdsa_sig = NULL;
- unsigned char digest[20], wrong_digest[20];
- unsigned char *signature = NULL;
- const unsigned char *sig_ptr;
- unsigned char *sig_ptr2;
- unsigned char *raw_buf = NULL;
- unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
- int nid, ret = 0;
-
- /* fill digest values with some random data */
- if (!RAND_pseudo_bytes(digest, 20) ||
- !RAND_pseudo_bytes(wrong_digest, 20))
- {
- BIO_printf(out, "ERROR: unable to get random data\n");
- goto builtin_err;
- }
-
- /* create and verify a ecdsa signature with every availble curve
- * (with ) */
- BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
- "with some internal curves:\n");
-
- /* get a list of all internal curves */
- crv_len = EC_get_builtin_curves(NULL, 0);
-
- curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
-
- if (curves == NULL)
- {
- BIO_printf(out, "malloc error\n");
- goto builtin_err;
- }
-
- if (!EC_get_builtin_curves(curves, crv_len))
- {
- BIO_printf(out, "unable to get internal curves\n");
- goto builtin_err;
- }
-
- /* now create and verify a signature for every curve */
- for (n = 0; n < crv_len; n++)
- {
- unsigned char dirt, offset;
-
- nid = curves[n].nid;
- if (nid == NID_ipsec4)
- continue;
- /* create new ecdsa key (== EC_KEY) */
- if ((eckey = EC_KEY_new()) == NULL)
- goto builtin_err;
- group = EC_GROUP_new_by_curve_name(nid);
- if (group == NULL)
- goto builtin_err;
- if (EC_KEY_set_group(eckey, group) == 0)
- goto builtin_err;
- EC_GROUP_free(group);
- degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
- if (degree < 160)
- /* drop the curve */
- {
- EC_KEY_free(eckey);
- eckey = NULL;
- continue;
- }
- BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
- /* create key */
- if (!EC_KEY_generate_key(eckey))
- {
- BIO_printf(out, " failed\n");
- goto builtin_err;
- }
- /* create second key */
- if ((wrong_eckey = EC_KEY_new()) == NULL)
- goto builtin_err;
- group = EC_GROUP_new_by_curve_name(nid);
- if (group == NULL)
- goto builtin_err;
- if (EC_KEY_set_group(wrong_eckey, group) == 0)
- goto builtin_err;
- EC_GROUP_free(group);
- if (!EC_KEY_generate_key(wrong_eckey))
- {
- BIO_printf(out, " failed\n");
- goto builtin_err;
- }
-
- BIO_printf(out, ".");
- (void)BIO_flush(out);
- /* check key */
- if (!EC_KEY_check_key(eckey))
- {
- BIO_printf(out, " failed\n");
- goto builtin_err;
- }
- BIO_printf(out, ".");
- (void)BIO_flush(out);
- /* create signature */
- sig_len = ECDSA_size(eckey);
- if ((signature = OPENSSL_malloc(sig_len)) == NULL)
- goto builtin_err;
- if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))
- {
- BIO_printf(out, " failed\n");
- goto builtin_err;
- }
- BIO_printf(out, ".");
- (void)BIO_flush(out);
- /* verify signature */
- if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
- {
- BIO_printf(out, " failed\n");
- goto builtin_err;
- }
- BIO_printf(out, ".");
- (void)BIO_flush(out);
- /* verify signature with the wrong key */
- if (ECDSA_verify(0, digest, 20, signature, sig_len,
- wrong_eckey) == 1)
- {
- BIO_printf(out, " failed\n");
- goto builtin_err;
- }
- BIO_printf(out, ".");
- (void)BIO_flush(out);
- /* wrong digest */
- if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,
- eckey) == 1)
- {
- BIO_printf(out, " failed\n");
- goto builtin_err;
- }
- BIO_printf(out, ".");
- (void)BIO_flush(out);
- /* wrong length */
- if (ECDSA_verify(0, digest, 20, signature, sig_len - 1,
- eckey) == 1)
- {
- BIO_printf(out, " failed\n");
- goto builtin_err;
- }
- BIO_printf(out, ".");
- (void)BIO_flush(out);
-
- /* Modify a single byte of the signature: to ensure we don't
- * garble the ASN1 structure, we read the raw signature and
- * modify a byte in one of the bignums directly. */
- sig_ptr = signature;
- if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL)
- {
- BIO_printf(out, " failed\n");
- goto builtin_err;
- }
-
- /* Store the two BIGNUMs in raw_buf. */
- r_len = BN_num_bytes(ecdsa_sig->r);
- s_len = BN_num_bytes(ecdsa_sig->s);
- bn_len = (degree + 7) / 8;
- if ((r_len > bn_len) || (s_len > bn_len))
- {
- BIO_printf(out, " failed\n");
- goto builtin_err;
- }
- buf_len = 2 * bn_len;
- if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
- goto builtin_err;
- /* Pad the bignums with leading zeroes. */
- memset(raw_buf, 0, buf_len);
- BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
- BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
-
- /* Modify a single byte in the buffer. */
- offset = raw_buf[10] % buf_len;
- dirt = raw_buf[11] ? raw_buf[11] : 1;
- raw_buf[offset] ^= dirt;
- /* Now read the BIGNUMs back in from raw_buf. */
- if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
- (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
- goto builtin_err;
-
- sig_ptr2 = signature;
- sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
- if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
- {
- BIO_printf(out, " failed\n");
- goto builtin_err;
- }
- /* Sanity check: undo the modification and verify signature. */
- raw_buf[offset] ^= dirt;
- if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
- (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
- goto builtin_err;
-
- sig_ptr2 = signature;
- sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
- if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
- {
- BIO_printf(out, " failed\n");
- goto builtin_err;
- }
- BIO_printf(out, ".");
- (void)BIO_flush(out);
-
- BIO_printf(out, " ok\n");
- /* cleanup */
- /* clean bogus errors */
- ERR_clear_error();
- OPENSSL_free(signature);
- signature = NULL;
- EC_KEY_free(eckey);
- eckey = NULL;
- EC_KEY_free(wrong_eckey);
- wrong_eckey = NULL;
- ECDSA_SIG_free(ecdsa_sig);
- ecdsa_sig = NULL;
- OPENSSL_free(raw_buf);
- raw_buf = NULL;
- }
-
- ret = 1;
-builtin_err:
- if (eckey)
- EC_KEY_free(eckey);
- if (wrong_eckey)
- EC_KEY_free(wrong_eckey);
- if (ecdsa_sig)
- ECDSA_SIG_free(ecdsa_sig);
- if (signature)
- OPENSSL_free(signature);
- if (raw_buf)
- OPENSSL_free(raw_buf);
- if (curves)
- OPENSSL_free(curves);
-
- return ret;
- }
-
-int main(void)
- {
- int ret = 1;
- BIO *out;
-
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-
- /* enable memory leak checking unless explicitly disabled */
- if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) &&
- (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
- {
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- }
- else
- {
- /* OPENSSL_DEBUG_MEMORY=off */
- CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
- }
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- ERR_load_crypto_strings();
-
- /* initialize the prng */
- RAND_seed(rnd_seed, sizeof(rnd_seed));
-
- /* the tests */
- if (!x9_62_tests(out)) goto err;
- if (!test_builtin(out)) goto err;
-
- ret = 0;
-err:
- if (ret)
- BIO_printf(out, "\nECDSA test failed\n");
- else
- BIO_printf(out, "\nECDSA test passed\n");
- if (ret)
- ERR_print_errors(out);
- CRYPTO_cleanup_all_ex_data();
- ERR_remove_state(0);
- ERR_free_strings();
- CRYPTO_mem_leaks(out);
- if (out != NULL)
- BIO_free(out);
- return ret;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsatest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdsa/ecdsatest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsatest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecdsatest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,555 @@
+/* crypto/ecdsa/ecdsatest.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */
+
+#ifdef OPENSSL_NO_ECDSA
+int main(int argc, char *argv[])
+{
+ puts("Elliptic curves are disabled.");
+ return 0;
+}
+#else
+
+# include <openssl/crypto.h>
+# include <openssl/bio.h>
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/ecdsa.h>
+# ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+# endif
+# include <openssl/err.h>
+# include <openssl/rand.h>
+
+static const char rnd_seed[] = "string to make the random number generator "
+ "think it has entropy";
+
+/* declaration of the test functions */
+int x9_62_tests(BIO *);
+int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
+int test_builtin(BIO *);
+
+/* functions to change the RAND_METHOD */
+int change_rand(void);
+int restore_rand(void);
+int fbytes(unsigned char *buf, int num);
+
+RAND_METHOD fake_rand;
+const RAND_METHOD *old_rand;
+
+int change_rand(void)
+{
+ /* save old rand method */
+ if ((old_rand = RAND_get_rand_method()) == NULL)
+ return 0;
+
+ fake_rand.seed = old_rand->seed;
+ fake_rand.cleanup = old_rand->cleanup;
+ fake_rand.add = old_rand->add;
+ fake_rand.status = old_rand->status;
+ /* use own random function */
+ fake_rand.bytes = fbytes;
+ fake_rand.pseudorand = old_rand->bytes;
+ /* set new RAND_METHOD */
+ if (!RAND_set_rand_method(&fake_rand))
+ return 0;
+ return 1;
+}
+
+int restore_rand(void)
+{
+ if (!RAND_set_rand_method(old_rand))
+ return 0;
+ else
+ return 1;
+}
+
+static int fbytes_counter = 0;
+static const char *numbers[8] = {
+ "651056770906015076056810763456358567190100156695615665659",
+ "6140507067065001063065065565667405560006161556565665656654",
+ "8763001015071075675010661307616710783570106710677817767166"
+ "71676178726717",
+ "7000000175690566466555057817571571075705015757757057795755"
+ "55657156756655",
+ "1275552191113212300012030439187146164646146646466749494799",
+ "1542725565216523985789236956265265265235675811949404040041",
+ "1456427555219115346513212300075341203043918714616464614664"
+ "64667494947990",
+ "1712787255652165239672857892369562652652652356758119494040"
+ "40041670216363"
+};
+
+int fbytes(unsigned char *buf, int num)
+{
+ int ret;
+ BIGNUM *tmp = NULL;
+
+ if (fbytes_counter >= 8)
+ return 0;
+ tmp = BN_new();
+ if (!tmp)
+ return 0;
+ if (!BN_dec2bn(&tmp, numbers[fbytes_counter])) {
+ BN_free(tmp);
+ return 0;
+ }
+ fbytes_counter++;
+ if (num != BN_num_bytes(tmp) || !BN_bn2bin(tmp, buf))
+ ret = 0;
+ else
+ ret = 1;
+ if (tmp)
+ BN_free(tmp);
+ return ret;
+}
+
+/* some tests from the X9.62 draft */
+int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
+{
+ int ret = 0;
+ const char message[] = "abc";
+ unsigned char digest[20];
+ unsigned int dgst_len = 0;
+ EVP_MD_CTX md_ctx;
+ EC_KEY *key = NULL;
+ ECDSA_SIG *signature = NULL;
+ BIGNUM *r = NULL, *s = NULL;
+
+ EVP_MD_CTX_init(&md_ctx);
+ /* get the message digest */
+ EVP_DigestInit(&md_ctx, EVP_ecdsa());
+ EVP_DigestUpdate(&md_ctx, (const void *)message, 3);
+ EVP_DigestFinal(&md_ctx, digest, &dgst_len);
+
+ BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
+ /* create the key */
+ if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
+ goto x962_int_err;
+ if (!EC_KEY_generate_key(key))
+ goto x962_int_err;
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* create the signature */
+ signature = ECDSA_do_sign(digest, 20, key);
+ if (signature == NULL)
+ goto x962_int_err;
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* compare the created signature with the expected signature */
+ if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
+ goto x962_int_err;
+ if (!BN_dec2bn(&r, r_in) || !BN_dec2bn(&s, s_in))
+ goto x962_int_err;
+ if (BN_cmp(signature->r, r) || BN_cmp(signature->s, s))
+ goto x962_int_err;
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* verify the signature */
+ if (ECDSA_do_verify(digest, 20, signature, key) != 1)
+ goto x962_int_err;
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+
+ BIO_printf(out, " ok\n");
+ ret = 1;
+ x962_int_err:
+ if (!ret)
+ BIO_printf(out, " failed\n");
+ if (key)
+ EC_KEY_free(key);
+ if (signature)
+ ECDSA_SIG_free(signature);
+ if (r)
+ BN_free(r);
+ if (s)
+ BN_free(s);
+ EVP_MD_CTX_cleanup(&md_ctx);
+ return ret;
+}
+
+int x9_62_tests(BIO *out)
+{
+ int ret = 0;
+
+ BIO_printf(out, "some tests from X9.62:\n");
+
+ /* set own rand method */
+ if (!change_rand())
+ goto x962_err;
+
+ if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
+ "3342403536405981729393488334694600415596881826869351677613",
+ "5735822328888155254683894997897571951568553642892029982342"))
+ goto x962_err;
+ if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
+ "3086361431751678114926225473006680188549593787585317781474"
+ "62058306432176",
+ "3238135532097973577080787768312505059318910517550078427819"
+ "78505179448783"))
+ goto x962_err;
+ if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
+ "87194383164871543355722284926904419997237591535066528048",
+ "308992691965804947361541664549085895292153777025772063598"))
+ goto x962_err;
+ if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
+ "2159633321041961198501834003903461262881815148684178964245"
+ "5876922391552",
+ "1970303740007316867383349976549972270528498040721988191026"
+ "49413465737174"))
+ goto x962_err;
+
+ ret = 1;
+ x962_err:
+ if (!restore_rand())
+ ret = 0;
+ return ret;
+}
+
+int test_builtin(BIO *out)
+{
+ EC_builtin_curve *curves = NULL;
+ size_t crv_len = 0, n = 0;
+ EC_KEY *eckey = NULL, *wrong_eckey = NULL;
+ EC_GROUP *group;
+ ECDSA_SIG *ecdsa_sig = NULL;
+ unsigned char digest[20], wrong_digest[20];
+ unsigned char *signature = NULL;
+ const unsigned char *sig_ptr;
+ unsigned char *sig_ptr2;
+ unsigned char *raw_buf = NULL;
+ unsigned int sig_len, degree, r_len, s_len, bn_len, buf_len;
+ int nid, ret = 0;
+
+ /* fill digest values with some random data */
+ if (!RAND_pseudo_bytes(digest, 20) ||
+ !RAND_pseudo_bytes(wrong_digest, 20)) {
+ BIO_printf(out, "ERROR: unable to get random data\n");
+ goto builtin_err;
+ }
+
+ /*
+ * create and verify a ecdsa signature with every availble curve (with )
+ */
+ BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
+ "with some internal curves:\n");
+
+ /* get a list of all internal curves */
+ crv_len = EC_get_builtin_curves(NULL, 0);
+
+ curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+ if (curves == NULL) {
+ BIO_printf(out, "malloc error\n");
+ goto builtin_err;
+ }
+
+ if (!EC_get_builtin_curves(curves, crv_len)) {
+ BIO_printf(out, "unable to get internal curves\n");
+ goto builtin_err;
+ }
+
+ /* now create and verify a signature for every curve */
+ for (n = 0; n < crv_len; n++) {
+ unsigned char dirt, offset;
+
+ nid = curves[n].nid;
+ if (nid == NID_ipsec4)
+ continue;
+ /* create new ecdsa key (== EC_KEY) */
+ if ((eckey = EC_KEY_new()) == NULL)
+ goto builtin_err;
+ group = EC_GROUP_new_by_curve_name(nid);
+ if (group == NULL)
+ goto builtin_err;
+ if (EC_KEY_set_group(eckey, group) == 0)
+ goto builtin_err;
+ EC_GROUP_free(group);
+ degree = EC_GROUP_get_degree(EC_KEY_get0_group(eckey));
+ if (degree < 160)
+ /* drop the curve */
+ {
+ EC_KEY_free(eckey);
+ eckey = NULL;
+ continue;
+ }
+ BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
+ /* create key */
+ if (!EC_KEY_generate_key(eckey)) {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ /* create second key */
+ if ((wrong_eckey = EC_KEY_new()) == NULL)
+ goto builtin_err;
+ group = EC_GROUP_new_by_curve_name(nid);
+ if (group == NULL)
+ goto builtin_err;
+ if (EC_KEY_set_group(wrong_eckey, group) == 0)
+ goto builtin_err;
+ EC_GROUP_free(group);
+ if (!EC_KEY_generate_key(wrong_eckey)) {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* check key */
+ if (!EC_KEY_check_key(eckey)) {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* create signature */
+ sig_len = ECDSA_size(eckey);
+ if ((signature = OPENSSL_malloc(sig_len)) == NULL)
+ goto builtin_err;
+ if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey)) {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* verify signature */
+ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* verify signature with the wrong key */
+ if (ECDSA_verify(0, digest, 20, signature, sig_len, wrong_eckey) == 1) {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* wrong digest */
+ if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len, eckey) == 1) {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+ /* wrong length */
+ if (ECDSA_verify(0, digest, 20, signature, sig_len - 1, eckey) == 1) {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+
+ /*
+ * Modify a single byte of the signature: to ensure we don't garble
+ * the ASN1 structure, we read the raw signature and modify a byte in
+ * one of the bignums directly.
+ */
+ sig_ptr = signature;
+ if ((ecdsa_sig = d2i_ECDSA_SIG(NULL, &sig_ptr, sig_len)) == NULL) {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+
+ /* Store the two BIGNUMs in raw_buf. */
+ r_len = BN_num_bytes(ecdsa_sig->r);
+ s_len = BN_num_bytes(ecdsa_sig->s);
+ bn_len = (degree + 7) / 8;
+ if ((r_len > bn_len) || (s_len > bn_len)) {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ buf_len = 2 * bn_len;
+ if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
+ goto builtin_err;
+ /* Pad the bignums with leading zeroes. */
+ memset(raw_buf, 0, buf_len);
+ BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
+ BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
+
+ /* Modify a single byte in the buffer. */
+ offset = raw_buf[10] % buf_len;
+ dirt = raw_buf[11] ? raw_buf[11] : 1;
+ raw_buf[offset] ^= dirt;
+ /* Now read the BIGNUMs back in from raw_buf. */
+ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
+ (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
+ goto builtin_err;
+
+ sig_ptr2 = signature;
+ sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
+ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1) {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ /*
+ * Sanity check: undo the modification and verify signature.
+ */
+ raw_buf[offset] ^= dirt;
+ if ((BN_bin2bn(raw_buf, bn_len, ecdsa_sig->r) == NULL) ||
+ (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
+ goto builtin_err;
+
+ sig_ptr2 = signature;
+ sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
+ if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1) {
+ BIO_printf(out, " failed\n");
+ goto builtin_err;
+ }
+ BIO_printf(out, ".");
+ (void)BIO_flush(out);
+
+ BIO_printf(out, " ok\n");
+ /* cleanup */
+ /* clean bogus errors */
+ ERR_clear_error();
+ OPENSSL_free(signature);
+ signature = NULL;
+ EC_KEY_free(eckey);
+ eckey = NULL;
+ EC_KEY_free(wrong_eckey);
+ wrong_eckey = NULL;
+ ECDSA_SIG_free(ecdsa_sig);
+ ecdsa_sig = NULL;
+ OPENSSL_free(raw_buf);
+ raw_buf = NULL;
+ }
+
+ ret = 1;
+ builtin_err:
+ if (eckey)
+ EC_KEY_free(eckey);
+ if (wrong_eckey)
+ EC_KEY_free(wrong_eckey);
+ if (ecdsa_sig)
+ ECDSA_SIG_free(ecdsa_sig);
+ if (signature)
+ OPENSSL_free(signature);
+ if (raw_buf)
+ OPENSSL_free(raw_buf);
+ if (curves)
+ OPENSSL_free(curves);
+
+ return ret;
+}
+
+int main(void)
+{
+ int ret = 1;
+ BIO *out;
+
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+ /* enable memory leak checking unless explicitly disabled */
+ if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) &&
+ (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ } else {
+ /* OPENSSL_DEBUG_MEMORY=off */
+ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+ }
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ ERR_load_crypto_strings();
+
+ /* initialize the prng */
+ RAND_seed(rnd_seed, sizeof(rnd_seed));
+
+ /* the tests */
+ if (!x9_62_tests(out))
+ goto err;
+ if (!test_builtin(out))
+ goto err;
+
+ ret = 0;
+ err:
+ if (ret)
+ BIO_printf(out, "\nECDSA test failed\n");
+ else
+ BIO_printf(out, "\nECDSA test passed\n");
+ if (ret)
+ ERR_print_errors(out);
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+ ERR_free_strings();
+ CRYPTO_mem_leaks(out);
+ if (out != NULL)
+ BIO_free(out);
+ return ret;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_asn1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdsa/ecs_asn1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,67 +0,0 @@
-/* crypto/ecdsa/ecs_asn1.c */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ecs_locl.h"
-#include <openssl/err.h>
-#include <openssl/asn1t.h>
-
-ASN1_SEQUENCE(ECDSA_SIG) = {
- ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
- ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
-} ASN1_SEQUENCE_END(ECDSA_SIG)
-
-DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
-IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_asn1.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdsa/ecs_asn1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_asn1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,67 @@
+/* crypto/ecdsa/ecs_asn1.c */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ecs_locl.h"
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(ECDSA_SIG) = {
+ ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
+ ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
+} ASN1_SEQUENCE_END(ECDSA_SIG)
+
+DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
+IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdsa/ecs_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,104 +0,0 @@
-/* crypto/ecdsa/ecs_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ecdsa.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason)
-
-static ERR_STRING_DATA ECDSA_str_functs[]=
- {
-{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"},
-{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"},
-{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
-{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA ECDSA_str_reasons[]=
- {
-{ERR_REASON(ECDSA_R_BAD_SIGNATURE) ,"bad signature"},
-{ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(ECDSA_R_ERR_EC_LIB) ,"err ec lib"},
-{ERR_REASON(ECDSA_R_MISSING_PARAMETERS) ,"missing parameters"},
-{ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES),"need new setup values"},
-{ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"},
-{ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_ECDSA_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,ECDSA_str_functs);
- ERR_load_strings(0,ECDSA_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdsa/ecs_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,104 @@
+/* crypto/ecdsa/ecs_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ecdsa.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason)
+
+static ERR_STRING_DATA ECDSA_str_functs[] = {
+ {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"},
+ {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"},
+ {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
+ {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA ECDSA_str_reasons[] = {
+ {ERR_REASON(ECDSA_R_BAD_SIGNATURE), "bad signature"},
+ {ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
+ "data too large for key size"},
+ {ERR_REASON(ECDSA_R_ERR_EC_LIB), "err ec lib"},
+ {ERR_REASON(ECDSA_R_MISSING_PARAMETERS), "missing parameters"},
+ {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
+ {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),
+ "random number generation failed"},
+ {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED), "signature malloc failed"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_ECDSA_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, ECDSA_str_functs);
+ ERR_load_strings(0, ECDSA_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdsa/ecs_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,266 +0,0 @@
-/* crypto/ecdsa/ecs_lib.c */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include "ecs_locl.h"
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
-
-static const ECDSA_METHOD *default_ECDSA_method = NULL;
-
-static void *ecdsa_data_new(void);
-static void *ecdsa_data_dup(void *);
-static void ecdsa_data_free(void *);
-
-void ECDSA_set_default_method(const ECDSA_METHOD *meth)
-{
- default_ECDSA_method = meth;
-}
-
-const ECDSA_METHOD *ECDSA_get_default_method(void)
-{
- if(!default_ECDSA_method)
- default_ECDSA_method = ECDSA_OpenSSL();
- return default_ECDSA_method;
-}
-
-int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
-{
- ECDSA_DATA *ecdsa;
-
- ecdsa = ecdsa_check(eckey);
-
- if (ecdsa == NULL)
- return 0;
-
-#ifndef OPENSSL_NO_ENGINE
- if (ecdsa->engine)
- {
- ENGINE_finish(ecdsa->engine);
- ecdsa->engine = NULL;
- }
-#endif
- ecdsa->meth = meth;
-
- return 1;
-}
-
-static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
-{
- ECDSA_DATA *ret;
-
- ret=(ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA));
- if (ret == NULL)
- {
- ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
- ret->init = NULL;
-
- ret->meth = ECDSA_get_default_method();
- ret->engine = engine;
-#ifndef OPENSSL_NO_ENGINE
- if (!ret->engine)
- ret->engine = ENGINE_get_default_ECDSA();
- if (ret->engine)
- {
- ret->meth = ENGINE_get_ECDSA(ret->engine);
- if (!ret->meth)
- {
- ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
- ENGINE_finish(ret->engine);
- OPENSSL_free(ret);
- return NULL;
- }
- }
-#endif
-
- ret->flags = ret->meth->flags;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
-#if 0
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
- {
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
- OPENSSL_free(ret);
- ret=NULL;
- }
-#endif
- return(ret);
-}
-
-static void *ecdsa_data_new(void)
-{
- return (void *)ECDSA_DATA_new_method(NULL);
-}
-
-static void *ecdsa_data_dup(void *data)
-{
- ECDSA_DATA *r = (ECDSA_DATA *)data;
-
- /* XXX: dummy operation */
- if (r == NULL)
- return NULL;
-
- return ecdsa_data_new();
-}
-
-static void ecdsa_data_free(void *data)
-{
- ECDSA_DATA *r = (ECDSA_DATA *)data;
-
-#ifndef OPENSSL_NO_ENGINE
- if (r->engine)
- ENGINE_finish(r->engine);
-#endif
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
-
- OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));
-
- OPENSSL_free(r);
-}
-
-ECDSA_DATA *ecdsa_check(EC_KEY *key)
-{
- ECDSA_DATA *ecdsa_data;
-
- void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup,
- ecdsa_data_free, ecdsa_data_free);
- if (data == NULL)
- {
- ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
- if (ecdsa_data == NULL)
- return NULL;
- data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
- ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
- if (data != NULL)
- {
- /* Another thread raced us to install the key_method
- * data and won. */
- ecdsa_data_free(ecdsa_data);
- ecdsa_data = (ECDSA_DATA *)data;
- }
- }
- else
- ecdsa_data = (ECDSA_DATA *)data;
-
-
- return ecdsa_data;
-}
-
-int ECDSA_size(const EC_KEY *r)
-{
- int ret,i;
- ASN1_INTEGER bs;
- BIGNUM *order=NULL;
- unsigned char buf[4];
- const EC_GROUP *group;
-
- if (r == NULL)
- return 0;
- group = EC_KEY_get0_group(r);
- if (group == NULL)
- return 0;
-
- if ((order = BN_new()) == NULL) return 0;
- if (!EC_GROUP_get_order(group,order,NULL))
- {
- BN_clear_free(order);
- return 0;
- }
- i=BN_num_bits(order);
- bs.length=(i+7)/8;
- bs.data=buf;
- bs.type=V_ASN1_INTEGER;
- /* If the top bit is set the asn1 encoding is 1 larger. */
- buf[0]=0xff;
-
- i=i2d_ASN1_INTEGER(&bs,NULL);
- i+=i; /* r and s */
- ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
- BN_clear_free(order);
- return(ret);
-}
-
-
-int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp,
- new_func, dup_func, free_func);
-}
-
-int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg)
-{
- ECDSA_DATA *ecdsa;
- ecdsa = ecdsa_check(d);
- if (ecdsa == NULL)
- return 0;
- return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg));
-}
-
-void *ECDSA_get_ex_data(EC_KEY *d, int idx)
-{
- ECDSA_DATA *ecdsa;
- ecdsa = ecdsa_check(d);
- if (ecdsa == NULL)
- return NULL;
- return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx));
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdsa/ecs_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,259 @@
+/* crypto/ecdsa/ecs_lib.c */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include "ecs_locl.h"
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+const char ECDSA_version[] = "ECDSA" OPENSSL_VERSION_PTEXT;
+
+static const ECDSA_METHOD *default_ECDSA_method = NULL;
+
+static void *ecdsa_data_new(void);
+static void *ecdsa_data_dup(void *);
+static void ecdsa_data_free(void *);
+
+void ECDSA_set_default_method(const ECDSA_METHOD *meth)
+{
+ default_ECDSA_method = meth;
+}
+
+const ECDSA_METHOD *ECDSA_get_default_method(void)
+{
+ if (!default_ECDSA_method)
+ default_ECDSA_method = ECDSA_OpenSSL();
+ return default_ECDSA_method;
+}
+
+int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
+{
+ ECDSA_DATA *ecdsa;
+
+ ecdsa = ecdsa_check(eckey);
+
+ if (ecdsa == NULL)
+ return 0;
+
+#ifndef OPENSSL_NO_ENGINE
+ if (ecdsa->engine) {
+ ENGINE_finish(ecdsa->engine);
+ ecdsa->engine = NULL;
+ }
+#endif
+ ecdsa->meth = meth;
+
+ return 1;
+}
+
+static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
+{
+ ECDSA_DATA *ret;
+
+ ret = (ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA));
+ if (ret == NULL) {
+ ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+
+ ret->init = NULL;
+
+ ret->meth = ECDSA_get_default_method();
+ ret->engine = engine;
+#ifndef OPENSSL_NO_ENGINE
+ if (!ret->engine)
+ ret->engine = ENGINE_get_default_ECDSA();
+ if (ret->engine) {
+ ret->meth = ENGINE_get_ECDSA(ret->engine);
+ if (!ret->meth) {
+ ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
+#endif
+
+ ret->flags = ret->meth->flags;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
+#if 0
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
+ OPENSSL_free(ret);
+ ret = NULL;
+ }
+#endif
+ return (ret);
+}
+
+static void *ecdsa_data_new(void)
+{
+ return (void *)ECDSA_DATA_new_method(NULL);
+}
+
+static void *ecdsa_data_dup(void *data)
+{
+ ECDSA_DATA *r = (ECDSA_DATA *)data;
+
+ /* XXX: dummy operation */
+ if (r == NULL)
+ return NULL;
+
+ return ecdsa_data_new();
+}
+
+static void ecdsa_data_free(void *data)
+{
+ ECDSA_DATA *r = (ECDSA_DATA *)data;
+
+#ifndef OPENSSL_NO_ENGINE
+ if (r->engine)
+ ENGINE_finish(r->engine);
+#endif
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
+
+ OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));
+
+ OPENSSL_free(r);
+}
+
+ECDSA_DATA *ecdsa_check(EC_KEY *key)
+{
+ ECDSA_DATA *ecdsa_data;
+
+ void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup,
+ ecdsa_data_free, ecdsa_data_free);
+ if (data == NULL) {
+ ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
+ if (ecdsa_data == NULL)
+ return NULL;
+ data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
+ ecdsa_data_dup, ecdsa_data_free,
+ ecdsa_data_free);
+ if (data != NULL) {
+ /*
+ * Another thread raced us to install the key_method data and
+ * won.
+ */
+ ecdsa_data_free(ecdsa_data);
+ ecdsa_data = (ECDSA_DATA *)data;
+ }
+ } else
+ ecdsa_data = (ECDSA_DATA *)data;
+
+ return ecdsa_data;
+}
+
+int ECDSA_size(const EC_KEY *r)
+{
+ int ret, i;
+ ASN1_INTEGER bs;
+ BIGNUM *order = NULL;
+ unsigned char buf[4];
+ const EC_GROUP *group;
+
+ if (r == NULL)
+ return 0;
+ group = EC_KEY_get0_group(r);
+ if (group == NULL)
+ return 0;
+
+ if ((order = BN_new()) == NULL)
+ return 0;
+ if (!EC_GROUP_get_order(group, order, NULL)) {
+ BN_clear_free(order);
+ return 0;
+ }
+ i = BN_num_bits(order);
+ bs.length = (i + 7) / 8;
+ bs.data = buf;
+ bs.type = V_ASN1_INTEGER;
+ /* If the top bit is set the asn1 encoding is 1 larger. */
+ buf[0] = 0xff;
+
+ i = i2d_ASN1_INTEGER(&bs, NULL);
+ i += i; /* r and s */
+ ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+ BN_clear_free(order);
+ return (ret);
+}
+
+int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg)
+{
+ ECDSA_DATA *ecdsa;
+ ecdsa = ecdsa_check(d);
+ if (ecdsa == NULL)
+ return 0;
+ return (CRYPTO_set_ex_data(&ecdsa->ex_data, idx, arg));
+}
+
+void *ECDSA_get_ex_data(EC_KEY *d, int idx)
+{
+ ECDSA_DATA *ecdsa;
+ ecdsa = ecdsa_check(d);
+ if (ecdsa == NULL)
+ return NULL;
+ return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdsa/ecs_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,107 +0,0 @@
-/* crypto/ecdsa/ecs_locl.h */
-/*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ECS_LOCL_H
-#define HEADER_ECS_LOCL_H
-
-#include <openssl/ecdsa.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct ecdsa_method
- {
- const char *name;
- ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len,
- const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey);
- int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
- BIGNUM **r);
- int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey);
-#if 0
- int (*init)(EC_KEY *eckey);
- int (*finish)(EC_KEY *eckey);
-#endif
- int flags;
- char *app_data;
- };
-
-typedef struct ecdsa_data_st {
- /* EC_KEY_METH_DATA part */
- int (*init)(EC_KEY *);
- /* method (ECDSA) specific part */
- ENGINE *engine;
- int flags;
- const ECDSA_METHOD *meth;
- CRYPTO_EX_DATA ex_data;
-} ECDSA_DATA;
-
-/** ecdsa_check
- * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure
- * and if not it removes the old meth_data and creates a ECDSA_DATA structure.
- * \param eckey pointer to a EC_KEY object
- * \return pointer to a ECDSA_DATA structure
- */
-ECDSA_DATA *ecdsa_check(EC_KEY *eckey);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* HEADER_ECS_LOCL_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdsa/ecs_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,107 @@
+/* crypto/ecdsa/ecs_locl.h */
+/*
+ * Written by Nils Larsch for the OpenSSL project
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ECS_LOCL_H
+# define HEADER_ECS_LOCL_H
+
+# include <openssl/ecdsa.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct ecdsa_method {
+ const char *name;
+ ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char *dgst, int dgst_len,
+ const BIGNUM *inv, const BIGNUM *rp,
+ EC_KEY *eckey);
+ int (*ecdsa_sign_setup) (EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv,
+ BIGNUM **r);
+ int (*ecdsa_do_verify) (const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey);
+# if 0
+ int (*init) (EC_KEY *eckey);
+ int (*finish) (EC_KEY *eckey);
+# endif
+ int flags;
+ char *app_data;
+};
+
+typedef struct ecdsa_data_st {
+ /* EC_KEY_METH_DATA part */
+ int (*init) (EC_KEY *);
+ /* method (ECDSA) specific part */
+ ENGINE *engine;
+ int flags;
+ const ECDSA_METHOD *meth;
+ CRYPTO_EX_DATA ex_data;
+} ECDSA_DATA;
+
+/** ecdsa_check
+ * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure
+ * and if not it removes the old meth_data and creates a ECDSA_DATA structure.
+ * \param eckey pointer to a EC_KEY object
+ * \return pointer to a ECDSA_DATA structure
+ */
+ECDSA_DATA *ecdsa_check(EC_KEY *eckey);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_ECS_LOCL_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_ossl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdsa/ecs_ossl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_ossl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,480 +0,0 @@
-/* crypto/ecdsa/ecs_ossl.c */
-/*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ecs_locl.h"
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
-#include <openssl/bn.h>
-
-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
- const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
- BIGNUM **rp);
-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey);
-
-static ECDSA_METHOD openssl_ecdsa_meth = {
- "OpenSSL ECDSA method",
- ecdsa_do_sign,
- ecdsa_sign_setup,
- ecdsa_do_verify,
-#if 0
- NULL, /* init */
- NULL, /* finish */
-#endif
- 0, /* flags */
- NULL /* app_data */
-};
-
-const ECDSA_METHOD *ECDSA_OpenSSL(void)
-{
- return &openssl_ecdsa_meth;
-}
-
-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
- BIGNUM **rp)
-{
- BN_CTX *ctx = NULL;
- BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
- EC_POINT *tmp_point=NULL;
- const EC_GROUP *group;
- int ret = 0;
-
- if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL)
- {
- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
- if (ctx_in == NULL)
- {
- if ((ctx = BN_CTX_new()) == NULL)
- {
- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- else
- ctx = ctx_in;
-
- k = BN_new(); /* this value is later returned in *kinvp */
- r = BN_new(); /* this value is later returned in *rp */
- order = BN_new();
- X = BN_new();
- if (!k || !r || !order || !X)
- {
- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if ((tmp_point = EC_POINT_new(group)) == NULL)
- {
- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
- goto err;
- }
- if (!EC_GROUP_get_order(group, order, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
- goto err;
- }
-
- do
- {
- /* get random k */
- do
- if (!BN_rand_range(k, order))
- {
- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
- ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
- goto err;
- }
- while (BN_is_zero(k));
-
- /* We do not want timing information to leak the length of k,
- * so we compute G*k using an equivalent scalar of fixed
- * bit-length. */
-
- if (!BN_add(k, k, order)) goto err;
- if (BN_num_bits(k) <= BN_num_bits(order))
- if (!BN_add(k, k, order)) goto err;
-
- /* compute r the x-coordinate of generator * k */
- if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
- goto err;
- }
- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
- {
- if (!EC_POINT_get_affine_coordinates_GFp(group,
- tmp_point, X, NULL, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);
- goto err;
- }
- }
- else /* NID_X9_62_characteristic_two_field */
- {
- if (!EC_POINT_get_affine_coordinates_GF2m(group,
- tmp_point, X, NULL, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);
- goto err;
- }
- }
- if (!BN_nnmod(r, X, order, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
- goto err;
- }
- }
- while (BN_is_zero(r));
-
- /* compute the inverse of k */
- if (!BN_mod_inverse(k, k, order, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
- goto err;
- }
- /* clear old values if necessary */
- if (*rp != NULL)
- BN_clear_free(*rp);
- if (*kinvp != NULL)
- BN_clear_free(*kinvp);
- /* save the pre-computed values */
- *rp = r;
- *kinvp = k;
- ret = 1;
-err:
- if (!ret)
- {
- if (k != NULL) BN_clear_free(k);
- if (r != NULL) BN_clear_free(r);
- }
- if (ctx_in == NULL)
- BN_CTX_free(ctx);
- if (order != NULL)
- BN_free(order);
- if (tmp_point != NULL)
- EC_POINT_free(tmp_point);
- if (X)
- BN_clear_free(X);
- return(ret);
-}
-
-
-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
- const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
-{
- int ok = 0, i;
- BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL;
- const BIGNUM *ckinv;
- BN_CTX *ctx = NULL;
- const EC_GROUP *group;
- ECDSA_SIG *ret;
- ECDSA_DATA *ecdsa;
- const BIGNUM *priv_key;
-
- ecdsa = ecdsa_check(eckey);
- group = EC_KEY_get0_group(eckey);
- priv_key = EC_KEY_get0_private_key(eckey);
-
- if (group == NULL || priv_key == NULL || ecdsa == NULL)
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
-
- ret = ECDSA_SIG_new();
- if (!ret)
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- s = ret->s;
-
- if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
- (tmp = BN_new()) == NULL || (m = BN_new()) == NULL)
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!EC_GROUP_get_order(group, order, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
- goto err;
- }
- i = BN_num_bits(order);
- /* Need to truncate digest if it is too long: first truncate whole
- * bytes.
- */
- if (8 * dgst_len > i)
- dgst_len = (i + 7)/8;
- if (!BN_bin2bn(dgst, dgst_len, m))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
- goto err;
- }
- /* If still too long truncate remaining bits with a shift */
- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
- goto err;
- }
- do
- {
- if (in_kinv == NULL || in_r == NULL)
- {
- if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB);
- goto err;
- }
- ckinv = kinv;
- }
- else
- {
- ckinv = in_kinv;
- if (BN_copy(ret->r, in_r) == NULL)
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
-
- if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
- goto err;
- }
- if (!BN_mod_add_quick(s, tmp, m, order))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
- goto err;
- }
- if (!BN_mod_mul(s, s, ckinv, order, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
- goto err;
- }
- if (BN_is_zero(s))
- {
- /* if kinv and r have been supplied by the caller
- * don't to generate new kinv and r values */
- if (in_kinv != NULL && in_r != NULL)
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES);
- goto err;
- }
- }
- else
- /* s != 0 => we have a valid signature */
- break;
- }
- while (1);
-
- ok = 1;
-err:
- if (!ok)
- {
- ECDSA_SIG_free(ret);
- ret = NULL;
- }
- if (ctx)
- BN_CTX_free(ctx);
- if (m)
- BN_clear_free(m);
- if (tmp)
- BN_clear_free(tmp);
- if (order)
- BN_free(order);
- if (kinv)
- BN_clear_free(kinv);
- return ret;
-}
-
-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey)
-{
- int ret = -1, i;
- BN_CTX *ctx;
- BIGNUM *order, *u1, *u2, *m, *X;
- EC_POINT *point = NULL;
- const EC_GROUP *group;
- const EC_POINT *pub_key;
-
- /* check input values */
- if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
- (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
- return -1;
- }
-
- ctx = BN_CTX_new();
- if (!ctx)
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- return -1;
- }
- BN_CTX_start(ctx);
- order = BN_CTX_get(ctx);
- u1 = BN_CTX_get(ctx);
- u2 = BN_CTX_get(ctx);
- m = BN_CTX_get(ctx);
- X = BN_CTX_get(ctx);
- if (!X)
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
- goto err;
- }
-
- if (!EC_GROUP_get_order(group, order, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
- goto err;
- }
-
- if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
- BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
- BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0)
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
- ret = 0; /* signature is invalid */
- goto err;
- }
- /* calculate tmp1 = inv(S) mod order */
- if (!BN_mod_inverse(u2, sig->s, order, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
- goto err;
- }
- /* digest -> m */
- i = BN_num_bits(order);
- /* Need to truncate digest if it is too long: first truncate whole
- * bytes.
- */
- if (8 * dgst_len > i)
- dgst_len = (i + 7)/8;
- if (!BN_bin2bn(dgst, dgst_len, m))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
- goto err;
- }
- /* If still too long truncate remaining bits with a shift */
- if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
- goto err;
- }
- /* u1 = m * tmp mod order */
- if (!BN_mod_mul(u1, m, u2, order, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
- goto err;
- }
- /* u2 = r * w mod q */
- if (!BN_mod_mul(u2, sig->r, u2, order, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
- goto err;
- }
-
- if ((point = EC_POINT_new(group)) == NULL)
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
- goto err;
- }
- if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
- {
- if (!EC_POINT_get_affine_coordinates_GFp(group,
- point, X, NULL, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
- goto err;
- }
- }
- else /* NID_X9_62_characteristic_two_field */
- {
- if (!EC_POINT_get_affine_coordinates_GF2m(group,
- point, X, NULL, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
- goto err;
- }
- }
-
- if (!BN_nnmod(u1, X, order, ctx))
- {
- ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
- goto err;
- }
- /* if the signature is correct u1 is equal to sig->r */
- ret = (BN_ucmp(u1, sig->r) == 0);
-err:
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- if (point)
- EC_POINT_free(point);
- return ret;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_ossl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdsa/ecs_ossl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_ossl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_ossl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,437 @@
+/* crypto/ecdsa/ecs_ossl.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ecs_locl.h"
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/bn.h>
+
+static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
+ const BIGNUM *, const BIGNUM *,
+ EC_KEY *eckey);
+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp);
+static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey);
+
+static ECDSA_METHOD openssl_ecdsa_meth = {
+ "OpenSSL ECDSA method",
+ ecdsa_do_sign,
+ ecdsa_sign_setup,
+ ecdsa_do_verify,
+#if 0
+ NULL, /* init */
+ NULL, /* finish */
+#endif
+ 0, /* flags */
+ NULL /* app_data */
+};
+
+const ECDSA_METHOD *ECDSA_OpenSSL(void)
+{
+ return &openssl_ecdsa_meth;
+}
+
+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp)
+{
+ BN_CTX *ctx = NULL;
+ BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
+ EC_POINT *tmp_point = NULL;
+ const EC_GROUP *group;
+ int ret = 0;
+
+ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+
+ if (ctx_in == NULL) {
+ if ((ctx = BN_CTX_new()) == NULL) {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ } else
+ ctx = ctx_in;
+
+ k = BN_new(); /* this value is later returned in *kinvp */
+ r = BN_new(); /* this value is later returned in *rp */
+ order = BN_new();
+ X = BN_new();
+ if (!k || !r || !order || !X) {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if ((tmp_point = EC_POINT_new(group)) == NULL) {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (!EC_GROUP_get_order(group, order, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ do {
+ /* get random k */
+ do
+ if (!BN_rand_range(k, order)) {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
+ ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
+ goto err;
+ }
+ while (BN_is_zero(k)) ;
+
+ /*
+ * We do not want timing information to leak the length of k, so we
+ * compute G*k using an equivalent scalar of fixed bit-length.
+ */
+
+ if (!BN_add(k, k, order))
+ goto err;
+ if (BN_num_bits(k) <= BN_num_bits(order))
+ if (!BN_add(k, k, order))
+ goto err;
+
+ /* compute r the x-coordinate of generator * k */
+ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+ NID_X9_62_prime_field) {
+ if (!EC_POINT_get_affine_coordinates_GFp
+ (group, tmp_point, X, NULL, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+ goto err;
+ }
+ } else { /* NID_X9_62_characteristic_two_field */
+
+ if (!EC_POINT_get_affine_coordinates_GF2m(group,
+ tmp_point, X, NULL,
+ ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+ if (!BN_nnmod(r, X, order, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+ goto err;
+ }
+ }
+ while (BN_is_zero(r));
+
+ /* compute the inverse of k */
+ if (!BN_mod_inverse(k, k, order, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+ goto err;
+ }
+ /* clear old values if necessary */
+ if (*rp != NULL)
+ BN_clear_free(*rp);
+ if (*kinvp != NULL)
+ BN_clear_free(*kinvp);
+ /* save the pre-computed values */
+ *rp = r;
+ *kinvp = k;
+ ret = 1;
+ err:
+ if (!ret) {
+ if (k != NULL)
+ BN_clear_free(k);
+ if (r != NULL)
+ BN_clear_free(r);
+ }
+ if (ctx_in == NULL)
+ BN_CTX_free(ctx);
+ if (order != NULL)
+ BN_free(order);
+ if (tmp_point != NULL)
+ EC_POINT_free(tmp_point);
+ if (X)
+ BN_clear_free(X);
+ return (ret);
+}
+
+static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
+ const BIGNUM *in_kinv, const BIGNUM *in_r,
+ EC_KEY *eckey)
+{
+ int ok = 0, i;
+ BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL;
+ const BIGNUM *ckinv;
+ BN_CTX *ctx = NULL;
+ const EC_GROUP *group;
+ ECDSA_SIG *ret;
+ ECDSA_DATA *ecdsa;
+ const BIGNUM *priv_key;
+
+ ecdsa = ecdsa_check(eckey);
+ group = EC_KEY_get0_group(eckey);
+ priv_key = EC_KEY_get0_private_key(eckey);
+
+ if (group == NULL || priv_key == NULL || ecdsa == NULL) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+
+ ret = ECDSA_SIG_new();
+ if (!ret) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ s = ret->s;
+
+ if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
+ (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!EC_GROUP_get_order(group, order, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+ goto err;
+ }
+ i = BN_num_bits(order);
+ /*
+ * Need to truncate digest if it is too long: first truncate whole bytes.
+ */
+ if (8 * dgst_len > i)
+ dgst_len = (i + 7) / 8;
+ if (!BN_bin2bn(dgst, dgst_len, m)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+ goto err;
+ }
+ /* If still too long truncate remaining bits with a shift */
+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+ goto err;
+ }
+ do {
+ if (in_kinv == NULL || in_r == NULL) {
+ if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_ECDSA_LIB);
+ goto err;
+ }
+ ckinv = kinv;
+ } else {
+ ckinv = in_kinv;
+ if (BN_copy(ret->r, in_r) == NULL) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+
+ if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (!BN_mod_add_quick(s, tmp, m, order)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+ goto err;
+ }
+ if (BN_is_zero(s)) {
+ /*
+ * if kinv and r have been supplied by the caller don't to
+ * generate new kinv and r values
+ */
+ if (in_kinv != NULL && in_r != NULL) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
+ ECDSA_R_NEED_NEW_SETUP_VALUES);
+ goto err;
+ }
+ } else
+ /* s != 0 => we have a valid signature */
+ break;
+ }
+ while (1);
+
+ ok = 1;
+ err:
+ if (!ok) {
+ ECDSA_SIG_free(ret);
+ ret = NULL;
+ }
+ if (ctx)
+ BN_CTX_free(ctx);
+ if (m)
+ BN_clear_free(m);
+ if (tmp)
+ BN_clear_free(tmp);
+ if (order)
+ BN_free(order);
+ if (kinv)
+ BN_clear_free(kinv);
+ return ret;
+}
+
+static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+ int ret = -1, i;
+ BN_CTX *ctx;
+ BIGNUM *order, *u1, *u2, *m, *X;
+ EC_POINT *point = NULL;
+ const EC_GROUP *group;
+ const EC_POINT *pub_key;
+
+ /* check input values */
+ if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
+ (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
+ return -1;
+ }
+
+ ctx = BN_CTX_new();
+ if (!ctx) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ BN_CTX_start(ctx);
+ order = BN_CTX_get(ctx);
+ u1 = BN_CTX_get(ctx);
+ u2 = BN_CTX_get(ctx);
+ m = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ if (!X) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
+
+ if (!EC_GROUP_get_order(group, order, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+ BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
+ BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
+ ret = 0; /* signature is invalid */
+ goto err;
+ }
+ /* calculate tmp1 = inv(S) mod order */
+ if (!BN_mod_inverse(u2, sig->s, order, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
+ /* digest -> m */
+ i = BN_num_bits(order);
+ /*
+ * Need to truncate digest if it is too long: first truncate whole bytes.
+ */
+ if (8 * dgst_len > i)
+ dgst_len = (i + 7) / 8;
+ if (!BN_bin2bn(dgst, dgst_len, m)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
+ /* If still too long truncate remaining bits with a shift */
+ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
+ /* u1 = m * tmp mod order */
+ if (!BN_mod_mul(u1, m, u2, order, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
+ /* u2 = r * w mod q */
+ if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
+
+ if ((point = EC_POINT_new(group)) == NULL) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+ NID_X9_62_prime_field) {
+ if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+ goto err;
+ }
+ } else { /* NID_X9_62_characteristic_two_field */
+
+ if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+
+ if (!BN_nnmod(u1, X, order, ctx)) {
+ ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+ goto err;
+ }
+ /* if the signature is correct u1 is equal to sig->r */
+ ret = (BN_ucmp(u1, sig->r) == 0);
+ err:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ if (point)
+ EC_POINT_free(point);
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_sign.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdsa/ecs_sign.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,106 +0,0 @@
-/* crypto/ecdsa/ecdsa_sign.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ecs_locl.h"
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/rand.h>
-
-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
-{
- return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
-}
-
-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen,
- const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey)
-{
- ECDSA_DATA *ecdsa = ecdsa_check(eckey);
- if (ecdsa == NULL)
- return NULL;
- return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey);
-}
-
-int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char
- *sig, unsigned int *siglen, EC_KEY *eckey)
-{
- return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
-}
-
-int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
- *sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r,
- EC_KEY *eckey)
-{
- ECDSA_SIG *s;
- RAND_seed(dgst, dlen);
- s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
- if (s == NULL)
- {
- *siglen=0;
- return 0;
- }
- *siglen = i2d_ECDSA_SIG(s, &sig);
- ECDSA_SIG_free(s);
- return 1;
-}
-
-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
- BIGNUM **rp)
-{
- ECDSA_DATA *ecdsa = ecdsa_check(eckey);
- if (ecdsa == NULL)
- return 0;
- return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_sign.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdsa/ecs_sign.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_sign.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,106 @@
+/* crypto/ecdsa/ecdsa_sign.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ecs_locl.h"
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/rand.h>
+
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
+{
+ return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
+}
+
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen,
+ const BIGNUM *kinv, const BIGNUM *rp,
+ EC_KEY *eckey)
+{
+ ECDSA_DATA *ecdsa = ecdsa_check(eckey);
+ if (ecdsa == NULL)
+ return NULL;
+ return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey);
+}
+
+int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char
+ *sig, unsigned int *siglen, EC_KEY *eckey)
+{
+ return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
+}
+
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
+ *sig, unsigned int *siglen, const BIGNUM *kinv,
+ const BIGNUM *r, EC_KEY *eckey)
+{
+ ECDSA_SIG *s;
+ RAND_seed(dgst, dlen);
+ s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
+ if (s == NULL) {
+ *siglen = 0;
+ return 0;
+ }
+ *siglen = i2d_ECDSA_SIG(s, &sig);
+ ECDSA_SIG_free(s);
+ return 1;
+}
+
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp)
+{
+ ECDSA_DATA *ecdsa = ecdsa_check(eckey);
+ if (ecdsa == NULL)
+ return 0;
+ return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_vrf.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ecdsa/ecs_vrf.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_vrf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,96 +0,0 @@
-/* crypto/ecdsa/ecdsa_vrf.c */
-/*
- * Written by Nils Larsch for the OpenSSL project
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ecs_locl.h"
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-/* returns
- * 1: correct signature
- * 0: incorrect signature
- * -1: error
- */
-int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY *eckey)
- {
- ECDSA_DATA *ecdsa = ecdsa_check(eckey);
- if (ecdsa == NULL)
- return 0;
- return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
- }
-
-/* returns
- * 1: correct signature
- * 0: incorrect signature
- * -1: error
- */
-int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
- const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
- {
- ECDSA_SIG *s;
- int ret=-1;
-
- s = ECDSA_SIG_new();
- if (s == NULL) return(ret);
- if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
- ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
-err:
- ECDSA_SIG_free(s);
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_vrf.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ecdsa/ecs_vrf.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_vrf.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ecdsa/ecs_vrf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,112 @@
+/* crypto/ecdsa/ecdsa_vrf.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ecs_locl.h"
+#include <string.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+/*-
+ * returns
+ * 1: correct signature
+ * 0: incorrect signature
+ * -1: error
+ */
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+ const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+ ECDSA_DATA *ecdsa = ecdsa_check(eckey);
+ if (ecdsa == NULL)
+ return 0;
+ return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
+}
+
+/*-
+ * returns
+ * 1: correct signature
+ * 0: incorrect signature
+ * -1: error
+ */
+int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
+ const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+ ECDSA_SIG *s;
+ const unsigned char *p = sigbuf;
+ unsigned char *der = NULL;
+ int derlen = -1;
+ int ret = -1;
+
+ s = ECDSA_SIG_new();
+ if (s == NULL)
+ return (ret);
+ if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
+ goto err;
+ /* Ensure signature uses DER and doesn't have trailing garbage */
+ derlen = i2d_ECDSA_SIG(s, &der);
+ if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+ goto err;
+ ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
+ err:
+ if (derlen > 0) {
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ }
+ ECDSA_SIG_free(s);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_all.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_all.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_all.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,125 +0,0 @@
-/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte <richard at levitte.org> for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include "eng_int.h"
-
-void ENGINE_load_builtin_engines(void)
- {
- /* There's no longer any need for an "openssl" ENGINE unless, one day,
- * it is the *only* way for standard builtin implementations to be be
- * accessed (ie. it would be possible to statically link binaries with
- * *no* builtin implementations). */
-#if 0
- ENGINE_load_openssl();
-#endif
-#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
- ENGINE_load_padlock();
-#endif
- ENGINE_load_dynamic();
-#ifndef OPENSSL_NO_STATIC_ENGINE
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_4758_CCA
- ENGINE_load_4758cca();
-#endif
-#ifndef OPENSSL_NO_HW_AEP
- ENGINE_load_aep();
-#endif
-#ifndef OPENSSL_NO_HW_ATALLA
- ENGINE_load_atalla();
-#endif
-#ifndef OPENSSL_NO_HW_CSWIFT
- ENGINE_load_cswift();
-#endif
-#ifndef OPENSSL_NO_HW_NCIPHER
- ENGINE_load_chil();
-#endif
-#ifndef OPENSSL_NO_HW_NURON
- ENGINE_load_nuron();
-#endif
-#ifndef OPENSSL_NO_HW_SUREWARE
- ENGINE_load_sureware();
-#endif
-#ifndef OPENSSL_NO_HW_UBSEC
- ENGINE_load_ubsec();
-#endif
-#endif
-#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP)
- ENGINE_load_gmp();
-#endif
-#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
- ENGINE_load_capi();
-#endif
-#endif
-#ifndef OPENSSL_NO_HW
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
- ENGINE_load_cryptodev();
-#endif
-#endif
- }
-
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
-void ENGINE_setup_bsd_cryptodev(void) {
- static int bsd_cryptodev_default_loaded = 0;
- if (!bsd_cryptodev_default_loaded) {
- ENGINE_load_cryptodev();
- ENGINE_register_all_complete();
- }
- bsd_cryptodev_default_loaded=1;
-}
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_all.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_all.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_all.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_all.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,129 @@
+/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "eng_int.h"
+
+void ENGINE_load_builtin_engines(void)
+{
+ /*
+ * There's no longer any need for an "openssl" ENGINE unless, one day, it
+ * is the *only* way for standard builtin implementations to be be
+ * accessed (ie. it would be possible to statically link binaries with
+ * *no* builtin implementations).
+ */
+#if 0
+ ENGINE_load_openssl();
+#endif
+#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+ ENGINE_load_padlock();
+#endif
+ ENGINE_load_dynamic();
+#ifndef OPENSSL_NO_STATIC_ENGINE
+# ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_4758_CCA
+ ENGINE_load_4758cca();
+# endif
+# ifndef OPENSSL_NO_HW_AEP
+ ENGINE_load_aep();
+# endif
+# ifndef OPENSSL_NO_HW_ATALLA
+ ENGINE_load_atalla();
+# endif
+# ifndef OPENSSL_NO_HW_CSWIFT
+ ENGINE_load_cswift();
+# endif
+# ifndef OPENSSL_NO_HW_NCIPHER
+ ENGINE_load_chil();
+# endif
+# ifndef OPENSSL_NO_HW_NURON
+ ENGINE_load_nuron();
+# endif
+# ifndef OPENSSL_NO_HW_SUREWARE
+ ENGINE_load_sureware();
+# endif
+# ifndef OPENSSL_NO_HW_UBSEC
+ ENGINE_load_ubsec();
+# endif
+# endif
+# if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP)
+ ENGINE_load_gmp();
+# endif
+# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+ ENGINE_load_capi();
+# endif
+#endif
+#ifndef OPENSSL_NO_HW
+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+ ENGINE_load_cryptodev();
+# endif
+#endif
+}
+
+#if defined(__OpenBSD__) || defined(__FreeBSD__)
+void ENGINE_setup_bsd_cryptodev(void)
+{
+ static int bsd_cryptodev_default_loaded = 0;
+ if (!bsd_cryptodev_default_loaded) {
+ ENGINE_load_cryptodev();
+ ENGINE_register_all_complete();
+ }
+ bsd_cryptodev_default_loaded = 1;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cnf.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_cnf.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cnf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,259 +0,0 @@
-/* eng_cnf.c */
-/* Written by Stephen Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-#include <openssl/conf.h>
-
-/* #define ENGINE_CONF_DEBUG */
-
-/* ENGINE config module */
-
-static char *skip_dot(char *name)
- {
- char *p;
- p = strchr(name, '.');
- if (p)
- return p + 1;
- return name;
- }
-
-static STACK_OF(ENGINE) *initialized_engines = NULL;
-
-static int int_engine_init(ENGINE *e)
- {
- if (!ENGINE_init(e))
- return 0;
- if (!initialized_engines)
- initialized_engines = sk_ENGINE_new_null();
- if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e))
- {
- ENGINE_finish(e);
- return 0;
- }
- return 1;
- }
-
-
-static int int_engine_configure(char *name, char *value, const CONF *cnf)
- {
- int i;
- int ret = 0;
- long do_init = -1;
- STACK_OF(CONF_VALUE) *ecmds;
- CONF_VALUE *ecmd = NULL;
- char *ctrlname, *ctrlvalue;
- ENGINE *e = NULL;
- int soft = 0;
-
- name = skip_dot(name);
-#ifdef ENGINE_CONF_DEBUG
- fprintf(stderr, "Configuring engine %s\n", name);
-#endif
- /* Value is a section containing ENGINE commands */
- ecmds = NCONF_get_section(cnf, value);
-
- if (!ecmds)
- {
- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);
- return 0;
- }
-
- for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)
- {
- ecmd = sk_CONF_VALUE_value(ecmds, i);
- ctrlname = skip_dot(ecmd->name);
- ctrlvalue = ecmd->value;
-#ifdef ENGINE_CONF_DEBUG
- fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);
-#endif
-
- /* First handle some special pseudo ctrls */
-
- /* Override engine name to use */
- if (!strcmp(ctrlname, "engine_id"))
- name = ctrlvalue;
- else if (!strcmp(ctrlname, "soft_load"))
- soft = 1;
- /* Load a dynamic ENGINE */
- else if (!strcmp(ctrlname, "dynamic_path"))
- {
- e = ENGINE_by_id("dynamic");
- if (!e)
- goto err;
- if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
- goto err;
- if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
- goto err;
- if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
- goto err;
- }
- /* ... add other pseudos here ... */
- else
- {
- /* At this point we need an ENGINE structural reference
- * if we don't already have one.
- */
- if (!e)
- {
- e = ENGINE_by_id(name);
- if (!e && soft)
- {
- ERR_clear_error();
- return 1;
- }
- if (!e)
- goto err;
- }
- /* Allow "EMPTY" to mean no value: this allows a valid
- * "value" to be passed to ctrls of type NO_INPUT
- */
- if (!strcmp(ctrlvalue, "EMPTY"))
- ctrlvalue = NULL;
- if (!strcmp(ctrlname, "init"))
- {
- if (!NCONF_get_number_e(cnf, value, "init", &do_init))
- goto err;
- if (do_init == 1)
- {
- if (!int_engine_init(e))
- goto err;
- }
- else if (do_init != 0)
- {
- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);
- goto err;
- }
- }
- else if (!strcmp(ctrlname, "default_algorithms"))
- {
- if (!ENGINE_set_default_string(e, ctrlvalue))
- goto err;
- }
- else if (!ENGINE_ctrl_cmd_string(e,
- ctrlname, ctrlvalue, 0))
- goto err;
- }
-
-
-
- }
- if (e && (do_init == -1) && !int_engine_init(e))
- {
- ecmd = NULL;
- goto err;
- }
- ret = 1;
- err:
- if (ret != 1)
- {
- ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR);
- if (ecmd)
- ERR_add_error_data(6, "section=", ecmd->section,
- ", name=", ecmd->name,
- ", value=", ecmd->value);
- }
- if (e)
- ENGINE_free(e);
- return ret;
- }
-
-
-static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
- {
- STACK_OF(CONF_VALUE) *elist;
- CONF_VALUE *cval;
- int i;
-#ifdef ENGINE_CONF_DEBUG
- fprintf(stderr, "Called engine module: name %s, value %s\n",
- CONF_imodule_get_name(md), CONF_imodule_get_value(md));
-#endif
- /* Value is a section containing ENGINEs to configure */
- elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
-
- if (!elist)
- {
- ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
- return 0;
- }
-
- for (i = 0; i < sk_CONF_VALUE_num(elist); i++)
- {
- cval = sk_CONF_VALUE_value(elist, i);
- if (!int_engine_configure(cval->name, cval->value, cnf))
- return 0;
- }
-
- return 1;
- }
-
-static void int_engine_module_finish(CONF_IMODULE *md)
- {
- ENGINE *e;
- while ((e = sk_ENGINE_pop(initialized_engines)))
- ENGINE_finish(e);
- sk_ENGINE_free(initialized_engines);
- initialized_engines = NULL;
- }
-
-
-void ENGINE_add_conf_module(void)
- {
- CONF_module_add("engines",
- int_engine_module_init,
- int_engine_module_finish);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cnf.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_cnf.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cnf.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cnf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,242 @@
+/* eng_cnf.c */
+/*
+ * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+#include <openssl/conf.h>
+
+/* #define ENGINE_CONF_DEBUG */
+
+/* ENGINE config module */
+
+static char *skip_dot(char *name)
+{
+ char *p;
+ p = strchr(name, '.');
+ if (p)
+ return p + 1;
+ return name;
+}
+
+static STACK_OF(ENGINE) *initialized_engines = NULL;
+
+static int int_engine_init(ENGINE *e)
+{
+ if (!ENGINE_init(e))
+ return 0;
+ if (!initialized_engines)
+ initialized_engines = sk_ENGINE_new_null();
+ if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) {
+ ENGINE_finish(e);
+ return 0;
+ }
+ return 1;
+}
+
+static int int_engine_configure(char *name, char *value, const CONF *cnf)
+{
+ int i;
+ int ret = 0;
+ long do_init = -1;
+ STACK_OF(CONF_VALUE) *ecmds;
+ CONF_VALUE *ecmd = NULL;
+ char *ctrlname, *ctrlvalue;
+ ENGINE *e = NULL;
+ int soft = 0;
+
+ name = skip_dot(name);
+#ifdef ENGINE_CONF_DEBUG
+ fprintf(stderr, "Configuring engine %s\n", name);
+#endif
+ /* Value is a section containing ENGINE commands */
+ ecmds = NCONF_get_section(cnf, value);
+
+ if (!ecmds) {
+ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+ ENGINE_R_ENGINE_SECTION_ERROR);
+ return 0;
+ }
+
+ for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
+ ecmd = sk_CONF_VALUE_value(ecmds, i);
+ ctrlname = skip_dot(ecmd->name);
+ ctrlvalue = ecmd->value;
+#ifdef ENGINE_CONF_DEBUG
+ fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname,
+ ctrlvalue);
+#endif
+
+ /* First handle some special pseudo ctrls */
+
+ /* Override engine name to use */
+ if (!strcmp(ctrlname, "engine_id"))
+ name = ctrlvalue;
+ else if (!strcmp(ctrlname, "soft_load"))
+ soft = 1;
+ /* Load a dynamic ENGINE */
+ else if (!strcmp(ctrlname, "dynamic_path")) {
+ e = ENGINE_by_id("dynamic");
+ if (!e)
+ goto err;
+ if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
+ goto err;
+ if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
+ goto err;
+ if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+ goto err;
+ }
+ /* ... add other pseudos here ... */
+ else {
+ /*
+ * At this point we need an ENGINE structural reference if we
+ * don't already have one.
+ */
+ if (!e) {
+ e = ENGINE_by_id(name);
+ if (!e && soft) {
+ ERR_clear_error();
+ return 1;
+ }
+ if (!e)
+ goto err;
+ }
+ /*
+ * Allow "EMPTY" to mean no value: this allows a valid "value" to
+ * be passed to ctrls of type NO_INPUT
+ */
+ if (!strcmp(ctrlvalue, "EMPTY"))
+ ctrlvalue = NULL;
+ if (!strcmp(ctrlname, "init")) {
+ if (!NCONF_get_number_e(cnf, value, "init", &do_init))
+ goto err;
+ if (do_init == 1) {
+ if (!int_engine_init(e))
+ goto err;
+ } else if (do_init != 0) {
+ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+ ENGINE_R_INVALID_INIT_VALUE);
+ goto err;
+ }
+ } else if (!strcmp(ctrlname, "default_algorithms")) {
+ if (!ENGINE_set_default_string(e, ctrlvalue))
+ goto err;
+ } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0))
+ goto err;
+ }
+
+ }
+ if (e && (do_init == -1) && !int_engine_init(e)) {
+ ecmd = NULL;
+ goto err;
+ }
+ ret = 1;
+ err:
+ if (ret != 1) {
+ ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+ ENGINE_R_ENGINE_CONFIGURATION_ERROR);
+ if (ecmd)
+ ERR_add_error_data(6, "section=", ecmd->section,
+ ", name=", ecmd->name,
+ ", value=", ecmd->value);
+ }
+ if (e)
+ ENGINE_free(e);
+ return ret;
+}
+
+static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+ STACK_OF(CONF_VALUE) *elist;
+ CONF_VALUE *cval;
+ int i;
+#ifdef ENGINE_CONF_DEBUG
+ fprintf(stderr, "Called engine module: name %s, value %s\n",
+ CONF_imodule_get_name(md), CONF_imodule_get_value(md));
+#endif
+ /* Value is a section containing ENGINEs to configure */
+ elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
+
+ if (!elist) {
+ ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT,
+ ENGINE_R_ENGINES_SECTION_ERROR);
+ return 0;
+ }
+
+ for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
+ cval = sk_CONF_VALUE_value(elist, i);
+ if (!int_engine_configure(cval->name, cval->value, cnf))
+ return 0;
+ }
+
+ return 1;
+}
+
+static void int_engine_module_finish(CONF_IMODULE *md)
+{
+ ENGINE *e;
+ while ((e = sk_ENGINE_pop(initialized_engines)))
+ ENGINE_finish(e);
+ sk_ENGINE_free(initialized_engines);
+ initialized_engines = NULL;
+}
+
+void ENGINE_add_conf_module(void)
+{
+ CONF_module_add("engines",
+ int_engine_module_init, int_engine_module_finish);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cryptodev.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cryptodev.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1156 +0,0 @@
-/*
- * Copyright (c) 2002 Bob Beck <beck at openbsd.org>
- * Copyright (c) 2002 Theo de Raadt
- * Copyright (c) 2002 Markus Friedl
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <openssl/objects.h>
-#include <openssl/engine.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rsa.h>
-#include <openssl/dh.h>
-#include <openssl/err.h>
-
-#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
- (defined(OpenBSD) || defined(__FreeBSD__))
-#include <sys/param.h>
-# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
-# define HAVE_CRYPTODEV
-# endif
-# if (OpenBSD >= 200110)
-# define HAVE_SYSLOG_R
-# endif
-#endif
-
-#ifndef HAVE_CRYPTODEV
-
-void
-ENGINE_load_cryptodev(void)
-{
- /* This is a NOP on platforms without /dev/crypto */
- return;
-}
-
-#else
-
-#include <sys/types.h>
-#include <crypto/cryptodev.h>
-#include <sys/ioctl.h>
-#include <errno.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <stdarg.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
-
-struct dev_crypto_state {
- struct session_op d_sess;
- int d_fd;
-};
-
-static u_int32_t cryptodev_asymfeat = 0;
-
-static int get_asym_dev_crypto(void);
-static int open_dev_crypto(void);
-static int get_dev_crypto(void);
-static int cryptodev_max_iv(int cipher);
-static int cryptodev_key_length_valid(int cipher, int len);
-static int cipher_nid_to_cryptodev(int nid);
-static int get_cryptodev_ciphers(const int **cnids);
-/*static int get_cryptodev_digests(const int **cnids);*/
-static int cryptodev_usable_ciphers(const int **nids);
-static int cryptodev_usable_digests(const int **nids);
-static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl);
-static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
-static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid);
-static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid);
-static int bn2crparam(const BIGNUM *a, struct crparam *crp);
-static int crparam2bn(struct crparam *crp, BIGNUM *a);
-static void zapparams(struct crypt_kop *kop);
-static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
- int slen, BIGNUM *s);
-
-static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
- RSA *rsa, BN_CTX *ctx);
-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
- BN_CTX *ctx, BN_MONT_CTX *mont);
-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
- int dlen, DSA *dsa);
-static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-static int cryptodev_dh_compute_key(unsigned char *key,
- const BIGNUM *pub_key, DH *dh);
-static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
- void (*f)());
-void ENGINE_load_cryptodev(void);
-
-static const ENGINE_CMD_DEFN cryptodev_defns[] = {
- { 0, NULL, NULL, 0 }
-};
-
-static struct {
- int id;
- int nid;
- int ivmax;
- int keylen;
-} ciphers[] = {
- { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, },
- { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, },
- { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, },
- { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, },
- { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, },
- { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, },
- { 0, NID_undef, 0, 0, },
-};
-
-#if 0
-static struct {
- int id;
- int nid;
-} digests[] = {
- { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, },
- { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, },
- { CRYPTO_MD5_KPDK, NID_undef, },
- { CRYPTO_SHA1_KPDK, NID_undef, },
- { CRYPTO_MD5, NID_md5, },
- { CRYPTO_SHA1, NID_undef, },
- { 0, NID_undef, },
-};
-#endif
-
-/*
- * Return a fd if /dev/crypto seems usable, 0 otherwise.
- */
-static int
-open_dev_crypto(void)
-{
- static int fd = -1;
-
- if (fd == -1) {
- if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
- return (-1);
- /* close on exec */
- if (fcntl(fd, F_SETFD, 1) == -1) {
- close(fd);
- fd = -1;
- return (-1);
- }
- }
- return (fd);
-}
-
-static int
-get_dev_crypto(void)
-{
- int fd, retfd;
-
- if ((fd = open_dev_crypto()) == -1)
- return (-1);
- if (ioctl(fd, CRIOGET, &retfd) == -1)
- return (-1);
-
- /* close on exec */
- if (fcntl(retfd, F_SETFD, 1) == -1) {
- close(retfd);
- return (-1);
- }
- return (retfd);
-}
-
-/* Caching version for asym operations */
-static int
-get_asym_dev_crypto(void)
-{
- static int fd = -1;
-
- if (fd == -1)
- fd = get_dev_crypto();
- return fd;
-}
-
-/*
- * XXXX this needs to be set for each alg - and determined from
- * a running card.
- */
-static int
-cryptodev_max_iv(int cipher)
-{
- int i;
-
- for (i = 0; ciphers[i].id; i++)
- if (ciphers[i].id == cipher)
- return (ciphers[i].ivmax);
- return (0);
-}
-
-/*
- * XXXX this needs to be set for each alg - and determined from
- * a running card. For now, fake it out - but most of these
- * for real devices should return 1 for the supported key
- * sizes the device can handle.
- */
-static int
-cryptodev_key_length_valid(int cipher, int len)
-{
- int i;
-
- for (i = 0; ciphers[i].id; i++)
- if (ciphers[i].id == cipher)
- return (ciphers[i].keylen == len);
- return (0);
-}
-
-/* convert libcrypto nids to cryptodev */
-static int
-cipher_nid_to_cryptodev(int nid)
-{
- int i;
-
- for (i = 0; ciphers[i].id; i++)
- if (ciphers[i].nid == nid)
- return (ciphers[i].id);
- return (0);
-}
-
-/*
- * Find out what ciphers /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
- * returning them here is harmless, as long as we return NULL
- * when asked for a handler in the cryptodev_engine_ciphers routine
- */
-static int
-get_cryptodev_ciphers(const int **cnids)
-{
- static int nids[CRYPTO_ALGORITHM_MAX];
- struct session_op sess;
- int fd, i, count = 0;
-
- if ((fd = get_dev_crypto()) < 0) {
- *cnids = NULL;
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
- sess.key = (caddr_t)"123456781234567812345678";
-
- for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (ciphers[i].nid == NID_undef)
- continue;
- sess.cipher = ciphers[i].id;
- sess.keylen = ciphers[i].keylen;
- sess.mac = 0;
- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
- nids[count++] = ciphers[i].nid;
- }
- close(fd);
-
- if (count > 0)
- *cnids = nids;
- else
- *cnids = NULL;
- return (count);
-}
-
-#if 0 /* unused */
-/*
- * Find out what digests /dev/crypto will let us have a session for.
- * XXX note, that some of these openssl doesn't deal with yet!
- * returning them here is harmless, as long as we return NULL
- * when asked for a handler in the cryptodev_engine_digests routine
- */
-static int
-get_cryptodev_digests(const int **cnids)
-{
- static int nids[CRYPTO_ALGORITHM_MAX];
- struct session_op sess;
- int fd, i, count = 0;
-
- if ((fd = get_dev_crypto()) < 0) {
- *cnids = NULL;
- return (0);
- }
- memset(&sess, 0, sizeof(sess));
- for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
- if (digests[i].nid == NID_undef)
- continue;
- sess.mac = digests[i].id;
- sess.cipher = 0;
- if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
- ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
- nids[count++] = digests[i].nid;
- }
- close(fd);
-
- if (count > 0)
- *cnids = nids;
- else
- *cnids = NULL;
- return (count);
-}
-
-#endif
-
-/*
- * Find the useable ciphers|digests from dev/crypto - this is the first
- * thing called by the engine init crud which determines what it
- * can use for ciphers from this engine. We want to return
- * only what we can do, anythine else is handled by software.
- *
- * If we can't initialize the device to do anything useful for
- * any reason, we want to return a NULL array, and 0 length,
- * which forces everything to be done is software. By putting
- * the initalization of the device in here, we ensure we can
- * use this engine as the default, and if for whatever reason
- * /dev/crypto won't do what we want it will just be done in
- * software
- *
- * This can (should) be greatly expanded to perhaps take into
- * account speed of the device, and what we want to do.
- * (although the disabling of particular alg's could be controlled
- * by the device driver with sysctl's.) - this is where we
- * want most of the decisions made about what we actually want
- * to use from /dev/crypto.
- */
-static int
-cryptodev_usable_ciphers(const int **nids)
-{
- return (get_cryptodev_ciphers(nids));
-}
-
-static int
-cryptodev_usable_digests(const int **nids)
-{
- /*
- * XXXX just disable all digests for now, because it sucks.
- * we need a better way to decide this - i.e. I may not
- * want digests on slow cards like hifn on fast machines,
- * but might want them on slow or loaded machines, etc.
- * will also want them when using crypto cards that don't
- * suck moose gonads - would be nice to be able to decide something
- * as reasonable default without having hackery that's card dependent.
- * of course, the default should probably be just do everything,
- * with perhaps a sysctl to turn algoritms off (or have them off
- * by default) on cards that generally suck like the hifn.
- */
- *nids = NULL;
- return (0);
-}
-
-static int
-cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
-{
- struct crypt_op cryp;
- struct dev_crypto_state *state = ctx->cipher_data;
- struct session_op *sess = &state->d_sess;
- const void *iiv;
- unsigned char save_iv[EVP_MAX_IV_LENGTH];
-
- if (state->d_fd < 0)
- return (0);
- if (!inl)
- return (1);
- if ((inl % ctx->cipher->block_size) != 0)
- return (0);
-
- memset(&cryp, 0, sizeof(cryp));
-
- cryp.ses = sess->ses;
- cryp.flags = 0;
- cryp.len = inl;
- cryp.src = (caddr_t) in;
- cryp.dst = (caddr_t) out;
- cryp.mac = 0;
-
- cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
- if (ctx->cipher->iv_len) {
- cryp.iv = (caddr_t) ctx->iv;
- if (!ctx->encrypt) {
- iiv = in + inl - ctx->cipher->iv_len;
- memcpy(save_iv, iiv, ctx->cipher->iv_len);
- }
- } else
- cryp.iv = NULL;
-
- if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
- /* XXX need better errror handling
- * this can fail for a number of different reasons.
- */
- return (0);
- }
-
- if (ctx->cipher->iv_len) {
- if (ctx->encrypt)
- iiv = out + inl - ctx->cipher->iv_len;
- else
- iiv = save_iv;
- memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
- }
- return (1);
-}
-
-static int
-cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
-{
- struct dev_crypto_state *state = ctx->cipher_data;
- struct session_op *sess = &state->d_sess;
- int cipher;
-
- if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
- return (0);
-
- if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
- return (0);
-
- if (!cryptodev_key_length_valid(cipher, ctx->key_len))
- return (0);
-
- memset(sess, 0, sizeof(struct session_op));
-
- if ((state->d_fd = get_dev_crypto()) < 0)
- return (0);
-
- sess->key = (char *)key;
- sess->keylen = ctx->key_len;
- sess->cipher = cipher;
-
- if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
- close(state->d_fd);
- state->d_fd = -1;
- return (0);
- }
- return (1);
-}
-
-/*
- * free anything we allocated earlier when initting a
- * session, and close the session.
- */
-static int
-cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
-{
- int ret = 0;
- struct dev_crypto_state *state = ctx->cipher_data;
- struct session_op *sess = &state->d_sess;
-
- if (state->d_fd < 0)
- return (0);
-
- /* XXX if this ioctl fails, someting's wrong. the invoker
- * may have called us with a bogus ctx, or we could
- * have a device that for whatever reason just doesn't
- * want to play ball - it's not clear what's right
- * here - should this be an error? should it just
- * increase a counter, hmm. For right now, we return
- * 0 - I don't believe that to be "right". we could
- * call the gorpy openssl lib error handlers that
- * print messages to users of the library. hmm..
- */
-
- if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
- ret = 0;
- } else {
- ret = 1;
- }
- close(state->d_fd);
- state->d_fd = -1;
-
- return (ret);
-}
-
-/*
- * libcrypto EVP stuff - this is how we get wired to EVP so the engine
- * gets called when libcrypto requests a cipher NID.
- */
-
-/* DES CBC EVP */
-const EVP_CIPHER cryptodev_des_cbc = {
- NID_des_cbc,
- 8, 8, 8,
- EVP_CIPH_CBC_MODE,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL
-};
-
-/* 3DES CBC EVP */
-const EVP_CIPHER cryptodev_3des_cbc = {
- NID_des_ede3_cbc,
- 8, 24, 8,
- EVP_CIPH_CBC_MODE,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL
-};
-
-const EVP_CIPHER cryptodev_bf_cbc = {
- NID_bf_cbc,
- 8, 16, 8,
- EVP_CIPH_CBC_MODE,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL
-};
-
-const EVP_CIPHER cryptodev_cast_cbc = {
- NID_cast5_cbc,
- 8, 16, 8,
- EVP_CIPH_CBC_MODE,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL
-};
-
-const EVP_CIPHER cryptodev_aes_cbc = {
- NID_aes_128_cbc,
- 16, 16, 16,
- EVP_CIPH_CBC_MODE,
- cryptodev_init_key,
- cryptodev_cipher,
- cryptodev_cleanup,
- sizeof(struct dev_crypto_state),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL
-};
-
-/*
- * Registered by the ENGINE when used to find out how to deal with
- * a particular NID in the ENGINE. this says what we'll do at the
- * top level - note, that list is restricted by what we answer with
- */
-static int
-cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid)
-{
- if (!cipher)
- return (cryptodev_usable_ciphers(nids));
-
- switch (nid) {
- case NID_des_ede3_cbc:
- *cipher = &cryptodev_3des_cbc;
- break;
- case NID_des_cbc:
- *cipher = &cryptodev_des_cbc;
- break;
- case NID_bf_cbc:
- *cipher = &cryptodev_bf_cbc;
- break;
- case NID_cast5_cbc:
- *cipher = &cryptodev_cast_cbc;
- break;
- case NID_aes_128_cbc:
- *cipher = &cryptodev_aes_cbc;
- break;
- default:
- *cipher = NULL;
- break;
- }
- return (*cipher != NULL);
-}
-
-static int
-cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid)
-{
- if (!digest)
- return (cryptodev_usable_digests(nids));
-
- switch (nid) {
- case NID_md5:
- *digest = NULL; /* need to make a clean md5 critter */
- break;
- default:
- *digest = NULL;
- break;
- }
- return (*digest != NULL);
-}
-
-/*
- * Convert a BIGNUM to the representation that /dev/crypto needs.
- * Upon completion of use, the caller is responsible for freeing
- * crp->crp_p.
- */
-static int
-bn2crparam(const BIGNUM *a, struct crparam *crp)
-{
- int i, j, k;
- ssize_t bytes, bits;
- u_char *b;
-
- crp->crp_p = NULL;
- crp->crp_nbits = 0;
-
- bits = BN_num_bits(a);
- bytes = (bits + 7) / 8;
-
- b = malloc(bytes);
- if (b == NULL)
- return (1);
-
- crp->crp_p = (char *)b;
- crp->crp_nbits = bits;
-
- for (i = 0, j = 0; i < a->top; i++) {
- for (k = 0; k < BN_BITS2 / 8; k++) {
- if ((j + k) >= bytes)
- return (0);
- b[j + k] = a->d[i] >> (k * 8);
- }
- j += BN_BITS2 / 8;
- }
- return (0);
-}
-
-/* Convert a /dev/crypto parameter to a BIGNUM */
-static int
-crparam2bn(struct crparam *crp, BIGNUM *a)
-{
- u_int8_t *pd;
- int i, bytes;
-
- bytes = (crp->crp_nbits + 7) / 8;
-
- if (bytes == 0)
- return (-1);
-
- if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
- return (-1);
-
- for (i = 0; i < bytes; i++)
- pd[i] = crp->crp_p[bytes - i - 1];
-
- BN_bin2bn(pd, bytes, a);
- free(pd);
-
- return (0);
-}
-
-static void
-zapparams(struct crypt_kop *kop)
-{
- int i;
-
- for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
- if (kop->crk_param[i].crp_p)
- free(kop->crk_param[i].crp_p);
- kop->crk_param[i].crp_p = NULL;
- kop->crk_param[i].crp_nbits = 0;
- }
-}
-
-static int
-cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
-{
- int fd, ret = -1;
-
- if ((fd = get_asym_dev_crypto()) < 0)
- return (ret);
-
- if (r) {
- kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
- kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
- kop->crk_oparams++;
- }
- if (s) {
- kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
- kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
- kop->crk_oparams++;
- }
-
- if (ioctl(fd, CIOCKEY, kop) == 0) {
- if (r)
- crparam2bn(&kop->crk_param[kop->crk_iparams], r);
- if (s)
- crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
- ret = 0;
- }
-
- return (ret);
-}
-
-static int
-cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
- struct crypt_kop kop;
- int ret = 1;
-
- /* Currently, we know we can do mod exp iff we can do any
- * asymmetric operations at all.
- */
- if (cryptodev_asymfeat == 0) {
- ret = BN_mod_exp(r, a, p, m, ctx);
- return (ret);
- }
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_MOD_EXP;
-
- /* inputs: a^p % m */
- if (bn2crparam(a, &kop.crk_param[0]))
- goto err;
- if (bn2crparam(p, &kop.crk_param[1]))
- goto err;
- if (bn2crparam(m, &kop.crk_param[2]))
- goto err;
- kop.crk_iparams = 3;
-
- if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- printf("OCF asym process failed, Running in software\n");
- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-
- } else if (ECANCELED == kop.crk_status) {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- printf("OCF hardware operation cancelled. Running in Software\n");
- ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
- }
- /* else cryptodev operation worked ok ==> ret = 1*/
-
-err:
- zapparams(&kop);
- return (ret);
-}
-
-static int
-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
- int r;
-
- r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
- return (r);
-}
-
-static int
-cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
- struct crypt_kop kop;
- int ret = 1;
-
- if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
- /* XXX 0 means failure?? */
- return (0);
- }
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_MOD_EXP_CRT;
- /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
- if (bn2crparam(rsa->p, &kop.crk_param[0]))
- goto err;
- if (bn2crparam(rsa->q, &kop.crk_param[1]))
- goto err;
- if (bn2crparam(I, &kop.crk_param[2]))
- goto err;
- if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
- goto err;
- if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
- goto err;
- if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
- goto err;
- kop.crk_iparams = 6;
-
- if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- printf("OCF asym process failed, running in Software\n");
- ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-
- } else if (ECANCELED == kop.crk_status) {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- printf("OCF hardware operation cancelled. Running in Software\n");
- ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
- }
- /* else cryptodev operation worked ok ==> ret = 1*/
-
-err:
- zapparams(&kop);
- return (ret);
-}
-
-static RSA_METHOD cryptodev_rsa = {
- "cryptodev RSA method",
- NULL, /* rsa_pub_enc */
- NULL, /* rsa_pub_dec */
- NULL, /* rsa_priv_enc */
- NULL, /* rsa_priv_dec */
- NULL,
- NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* rsa_sign */
- NULL /* rsa_verify */
-};
-
-static int
-cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-}
-
-static int
-cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
- BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
- BN_CTX *ctx, BN_MONT_CTX *mont)
-{
- BIGNUM t2;
- int ret = 0;
-
- BN_init(&t2);
-
- /* v = ( g^u1 * y^u2 mod p ) mod q */
- /* let t1 = g ^ u1 mod p */
- ret = 0;
-
- if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
- goto err;
-
- /* let t2 = y ^ u2 mod p */
- if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
- goto err;
- /* let u1 = t1 * t2 mod p */
- if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
- goto err;
-
- BN_copy(t1,u1);
-
- ret = 1;
-err:
- BN_free(&t2);
- return(ret);
-}
-
-static DSA_SIG *
-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-{
- struct crypt_kop kop;
- BIGNUM *r = NULL, *s = NULL;
- DSA_SIG *dsaret = NULL;
-
- if ((r = BN_new()) == NULL)
- goto err;
- if ((s = BN_new()) == NULL) {
- BN_free(r);
- goto err;
- }
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DSA_SIGN;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
- kop.crk_param[0].crp_p = (caddr_t)dgst;
- kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
- goto err;
- if (bn2crparam(dsa->q, &kop.crk_param[2]))
- goto err;
- if (bn2crparam(dsa->g, &kop.crk_param[3]))
- goto err;
- if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
- goto err;
- kop.crk_iparams = 5;
-
- if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
- BN_num_bytes(dsa->q), s) == 0) {
- dsaret = DSA_SIG_new();
- dsaret->r = r;
- dsaret->s = s;
- } else {
- const DSA_METHOD *meth = DSA_OpenSSL();
- BN_free(r);
- BN_free(s);
- dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
- }
-err:
- kop.crk_param[0].crp_p = NULL;
- zapparams(&kop);
- return (dsaret);
-}
-
-static int
-cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
- DSA_SIG *sig, DSA *dsa)
-{
- struct crypt_kop kop;
- int dsaret = 1;
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DSA_VERIFY;
-
- /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
- kop.crk_param[0].crp_p = (caddr_t)dgst;
- kop.crk_param[0].crp_nbits = dlen * 8;
- if (bn2crparam(dsa->p, &kop.crk_param[1]))
- goto err;
- if (bn2crparam(dsa->q, &kop.crk_param[2]))
- goto err;
- if (bn2crparam(dsa->g, &kop.crk_param[3]))
- goto err;
- if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
- goto err;
- if (bn2crparam(sig->r, &kop.crk_param[5]))
- goto err;
- if (bn2crparam(sig->s, &kop.crk_param[6]))
- goto err;
- kop.crk_iparams = 7;
-
- if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-/*OCF success value is 0, if not zero, change dsaret to fail*/
- if(0 != kop.crk_status) dsaret = 0;
- } else {
- const DSA_METHOD *meth = DSA_OpenSSL();
-
- dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
- }
-err:
- kop.crk_param[0].crp_p = NULL;
- zapparams(&kop);
- return (dsaret);
-}
-
-static DSA_METHOD cryptodev_dsa = {
- "cryptodev DSA method",
- NULL,
- NULL, /* dsa_sign_setup */
- NULL,
- NULL, /* dsa_mod_exp */
- NULL,
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL /* app_data */
-};
-
-static int
-cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
-{
- return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
-}
-
-static int
-cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-{
- struct crypt_kop kop;
- int dhret = 1;
- int fd, keylen;
-
- if ((fd = get_asym_dev_crypto()) < 0) {
- const DH_METHOD *meth = DH_OpenSSL();
-
- return ((meth->compute_key)(key, pub_key, dh));
- }
-
- keylen = BN_num_bits(dh->p);
-
- memset(&kop, 0, sizeof kop);
- kop.crk_op = CRK_DH_COMPUTE_KEY;
-
- /* inputs: dh->priv_key pub_key dh->p key */
- if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
- goto err;
- if (bn2crparam(pub_key, &kop.crk_param[1]))
- goto err;
- if (bn2crparam(dh->p, &kop.crk_param[2]))
- goto err;
- kop.crk_iparams = 3;
-
- kop.crk_param[3].crp_p = (char *)key;
- kop.crk_param[3].crp_nbits = keylen * 8;
- kop.crk_oparams = 1;
-
- if (ioctl(fd, CIOCKEY, &kop) == -1) {
- const DH_METHOD *meth = DH_OpenSSL();
-
- dhret = (meth->compute_key)(key, pub_key, dh);
- }
-err:
- kop.crk_param[3].crp_p = NULL;
- zapparams(&kop);
- return (dhret);
-}
-
-static DH_METHOD cryptodev_dh = {
- "cryptodev DH method",
- NULL, /* cryptodev_dh_generate_key */
- NULL,
- NULL,
- NULL,
- NULL,
- 0, /* flags */
- NULL /* app_data */
-};
-
-/*
- * ctrl right now is just a wrapper that doesn't do much
- * but I expect we'll want some options soon.
- */
-static int
-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
-{
-#ifdef HAVE_SYSLOG_R
- struct syslog_data sd = SYSLOG_DATA_INIT;
-#endif
-
- switch (cmd) {
- default:
-#ifdef HAVE_SYSLOG_R
- syslog_r(LOG_ERR, &sd,
- "cryptodev_ctrl: unknown command %d", cmd);
-#else
- syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
-#endif
- break;
- }
- return (1);
-}
-
-void
-ENGINE_load_cryptodev(void)
-{
- ENGINE *engine = ENGINE_new();
- int fd;
-
- if (engine == NULL)
- return;
- if ((fd = get_dev_crypto()) < 0) {
- ENGINE_free(engine);
- return;
- }
-
- /*
- * find out what asymmetric crypto algorithms we support
- */
- if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
- close(fd);
- ENGINE_free(engine);
- return;
- }
- close(fd);
-
- if (!ENGINE_set_id(engine, "cryptodev") ||
- !ENGINE_set_name(engine, "BSD cryptodev engine") ||
- !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
- !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
- !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
- !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
- ENGINE_free(engine);
- return;
- }
-
- if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
- const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
-
- cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
- cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
- cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
- cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
- cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
- cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
- if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
- cryptodev_rsa.rsa_mod_exp =
- cryptodev_rsa_mod_exp;
- else
- cryptodev_rsa.rsa_mod_exp =
- cryptodev_rsa_nocrt_mod_exp;
- }
- }
-
- if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
- const DSA_METHOD *meth = DSA_OpenSSL();
-
- memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
- if (cryptodev_asymfeat & CRF_DSA_SIGN)
- cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
- cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
- }
- if (cryptodev_asymfeat & CRF_DSA_VERIFY)
- cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
- }
-
- if (ENGINE_set_DH(engine, &cryptodev_dh)){
- const DH_METHOD *dh_meth = DH_OpenSSL();
-
- cryptodev_dh.generate_key = dh_meth->generate_key;
- cryptodev_dh.compute_key = dh_meth->compute_key;
- cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
- if (cryptodev_asymfeat & CRF_MOD_EXP) {
- cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
- if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
- cryptodev_dh.compute_key =
- cryptodev_dh_compute_key;
- }
- }
-
- ENGINE_add(engine);
- ENGINE_free(engine);
- ERR_clear_error();
-}
-
-#endif /* HAVE_CRYPTODEV */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cryptodev.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_cryptodev.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cryptodev.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_cryptodev.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1175 @@
+/*
+ * Copyright (c) 2002 Bob Beck <beck at openbsd.org>
+ * Copyright (c) 2002 Theo de Raadt
+ * Copyright (c) 2002 Markus Friedl
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rsa.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
+
+#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
+ (defined(OpenBSD) || defined(__FreeBSD__))
+# include <sys/param.h>
+# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
+# define HAVE_CRYPTODEV
+# endif
+# if (OpenBSD >= 200110)
+# define HAVE_SYSLOG_R
+# endif
+#endif
+
+#ifndef HAVE_CRYPTODEV
+
+void ENGINE_load_cryptodev(void)
+{
+ /* This is a NOP on platforms without /dev/crypto */
+ return;
+}
+
+#else
+
+# include <sys/types.h>
+# include <crypto/cryptodev.h>
+# include <sys/ioctl.h>
+# include <errno.h>
+# include <stdio.h>
+# include <unistd.h>
+# include <fcntl.h>
+# include <stdarg.h>
+# include <syslog.h>
+# include <errno.h>
+# include <string.h>
+
+struct dev_crypto_state {
+ struct session_op d_sess;
+ int d_fd;
+};
+
+static u_int32_t cryptodev_asymfeat = 0;
+
+static int get_asym_dev_crypto(void);
+static int open_dev_crypto(void);
+static int get_dev_crypto(void);
+static int cryptodev_max_iv(int cipher);
+static int cryptodev_key_length_valid(int cipher, int len);
+static int cipher_nid_to_cryptodev(int nid);
+static int get_cryptodev_ciphers(const int **cnids);
+/*
+ * static int get_cryptodev_digests(const int **cnids);
+ */
+static int cryptodev_usable_ciphers(const int **nids);
+static int cryptodev_usable_digests(const int **nids);
+static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl);
+static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
+static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ const int **nids, int nid);
+static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+ const int **nids, int nid);
+static int bn2crparam(const BIGNUM *a, struct crparam *crp);
+static int crparam2bn(struct crparam *crp, BIGNUM *a);
+static void zapparams(struct crypt_kop *kop);
+static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
+ int slen, BIGNUM *s);
+
+static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
+static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
+ BIGNUM *p, BN_CTX *ctx,
+ BN_MONT_CTX *mont);
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa);
+static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ DH *dh);
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ());
+void ENGINE_load_cryptodev(void);
+
+static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+ {0, NULL, NULL, 0}
+};
+
+static struct {
+ int id;
+ int nid;
+ int ivmax;
+ int keylen;
+} ciphers[] = {
+ {
+ CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
+ },
+ {
+ CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
+ },
+ {
+ CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
+ },
+ {
+ CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
+ },
+ {
+ CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
+ },
+ {
+ CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
+ },
+ {
+ 0, NID_undef, 0, 0,
+ },
+};
+
+# if 0
+static struct {
+ int id;
+ int nid;
+} digests[] = {
+ {
+ CRYPTO_SHA1_HMAC, NID_hmacWithSHA1,
+ },
+ {
+ CRYPTO_RIPEMD160_HMAC, NID_ripemd160,
+ },
+ {
+ CRYPTO_MD5_KPDK, NID_undef,
+ },
+ {
+ CRYPTO_SHA1_KPDK, NID_undef,
+ },
+ {
+ CRYPTO_MD5, NID_md5,
+ },
+ {
+ CRYPTO_SHA1, NID_undef,
+ },
+ {
+ 0, NID_undef,
+ },
+};
+# endif
+
+/*
+ * Return a fd if /dev/crypto seems usable, 0 otherwise.
+ */
+static int open_dev_crypto(void)
+{
+ static int fd = -1;
+
+ if (fd == -1) {
+ if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+ return (-1);
+ /* close on exec */
+ if (fcntl(fd, F_SETFD, 1) == -1) {
+ close(fd);
+ fd = -1;
+ return (-1);
+ }
+ }
+ return (fd);
+}
+
+static int get_dev_crypto(void)
+{
+ int fd, retfd;
+
+ if ((fd = open_dev_crypto()) == -1)
+ return (-1);
+ if (ioctl(fd, CRIOGET, &retfd) == -1)
+ return (-1);
+
+ /* close on exec */
+ if (fcntl(retfd, F_SETFD, 1) == -1) {
+ close(retfd);
+ return (-1);
+ }
+ return (retfd);
+}
+
+/* Caching version for asym operations */
+static int get_asym_dev_crypto(void)
+{
+ static int fd = -1;
+
+ if (fd == -1)
+ fd = get_dev_crypto();
+ return fd;
+}
+
+/*
+ * XXXX this needs to be set for each alg - and determined from
+ * a running card.
+ */
+static int cryptodev_max_iv(int cipher)
+{
+ int i;
+
+ for (i = 0; ciphers[i].id; i++)
+ if (ciphers[i].id == cipher)
+ return (ciphers[i].ivmax);
+ return (0);
+}
+
+/*
+ * XXXX this needs to be set for each alg - and determined from
+ * a running card. For now, fake it out - but most of these
+ * for real devices should return 1 for the supported key
+ * sizes the device can handle.
+ */
+static int cryptodev_key_length_valid(int cipher, int len)
+{
+ int i;
+
+ for (i = 0; ciphers[i].id; i++)
+ if (ciphers[i].id == cipher)
+ return (ciphers[i].keylen == len);
+ return (0);
+}
+
+/* convert libcrypto nids to cryptodev */
+static int cipher_nid_to_cryptodev(int nid)
+{
+ int i;
+
+ for (i = 0; ciphers[i].id; i++)
+ if (ciphers[i].nid == nid)
+ return (ciphers[i].id);
+ return (0);
+}
+
+/*
+ * Find out what ciphers /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_ciphers routine
+ */
+static int get_cryptodev_ciphers(const int **cnids)
+{
+ static int nids[CRYPTO_ALGORITHM_MAX];
+ struct session_op sess;
+ int fd, i, count = 0;
+
+ if ((fd = get_dev_crypto()) < 0) {
+ *cnids = NULL;
+ return (0);
+ }
+ memset(&sess, 0, sizeof(sess));
+ sess.key = (caddr_t) "123456781234567812345678";
+
+ for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+ if (ciphers[i].nid == NID_undef)
+ continue;
+ sess.cipher = ciphers[i].id;
+ sess.keylen = ciphers[i].keylen;
+ sess.mac = 0;
+ if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+ ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+ nids[count++] = ciphers[i].nid;
+ }
+ close(fd);
+
+ if (count > 0)
+ *cnids = nids;
+ else
+ *cnids = NULL;
+ return (count);
+}
+
+# if 0 /* unused */
+/*
+ * Find out what digests /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_digests routine
+ */
+static int get_cryptodev_digests(const int **cnids)
+{
+ static int nids[CRYPTO_ALGORITHM_MAX];
+ struct session_op sess;
+ int fd, i, count = 0;
+
+ if ((fd = get_dev_crypto()) < 0) {
+ *cnids = NULL;
+ return (0);
+ }
+ memset(&sess, 0, sizeof(sess));
+ for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+ if (digests[i].nid == NID_undef)
+ continue;
+ sess.mac = digests[i].id;
+ sess.cipher = 0;
+ if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+ ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+ nids[count++] = digests[i].nid;
+ }
+ close(fd);
+
+ if (count > 0)
+ *cnids = nids;
+ else
+ *cnids = NULL;
+ return (count);
+}
+
+# endif
+
+/*
+ * Find the useable ciphers|digests from dev/crypto - this is the first
+ * thing called by the engine init crud which determines what it
+ * can use for ciphers from this engine. We want to return
+ * only what we can do, anythine else is handled by software.
+ *
+ * If we can't initialize the device to do anything useful for
+ * any reason, we want to return a NULL array, and 0 length,
+ * which forces everything to be done is software. By putting
+ * the initalization of the device in here, we ensure we can
+ * use this engine as the default, and if for whatever reason
+ * /dev/crypto won't do what we want it will just be done in
+ * software
+ *
+ * This can (should) be greatly expanded to perhaps take into
+ * account speed of the device, and what we want to do.
+ * (although the disabling of particular alg's could be controlled
+ * by the device driver with sysctl's.) - this is where we
+ * want most of the decisions made about what we actually want
+ * to use from /dev/crypto.
+ */
+static int cryptodev_usable_ciphers(const int **nids)
+{
+ return (get_cryptodev_ciphers(nids));
+}
+
+static int cryptodev_usable_digests(const int **nids)
+{
+ /*
+ * XXXX just disable all digests for now, because it sucks.
+ * we need a better way to decide this - i.e. I may not
+ * want digests on slow cards like hifn on fast machines,
+ * but might want them on slow or loaded machines, etc.
+ * will also want them when using crypto cards that don't
+ * suck moose gonads - would be nice to be able to decide something
+ * as reasonable default without having hackery that's card dependent.
+ * of course, the default should probably be just do everything,
+ * with perhaps a sysctl to turn algoritms off (or have them off
+ * by default) on cards that generally suck like the hifn.
+ */
+ *nids = NULL;
+ return (0);
+}
+
+static int
+cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ struct crypt_op cryp;
+ struct dev_crypto_state *state = ctx->cipher_data;
+ struct session_op *sess = &state->d_sess;
+ const void *iiv;
+ unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
+ if (state->d_fd < 0)
+ return (0);
+ if (!inl)
+ return (1);
+ if ((inl % ctx->cipher->block_size) != 0)
+ return (0);
+
+ memset(&cryp, 0, sizeof(cryp));
+
+ cryp.ses = sess->ses;
+ cryp.flags = 0;
+ cryp.len = inl;
+ cryp.src = (caddr_t) in;
+ cryp.dst = (caddr_t) out;
+ cryp.mac = 0;
+
+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+ if (ctx->cipher->iv_len) {
+ cryp.iv = (caddr_t) ctx->iv;
+ if (!ctx->encrypt) {
+ iiv = in + inl - ctx->cipher->iv_len;
+ memcpy(save_iv, iiv, ctx->cipher->iv_len);
+ }
+ } else
+ cryp.iv = NULL;
+
+ if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+ /*
+ * XXX need better errror handling this can fail for a number of
+ * different reasons.
+ */
+ return (0);
+ }
+
+ if (ctx->cipher->iv_len) {
+ if (ctx->encrypt)
+ iiv = out + inl - ctx->cipher->iv_len;
+ else
+ iiv = save_iv;
+ memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+ }
+ return (1);
+}
+
+static int
+cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ struct dev_crypto_state *state = ctx->cipher_data;
+ struct session_op *sess = &state->d_sess;
+ int cipher;
+
+ if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
+ return (0);
+
+ if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
+ return (0);
+
+ if (!cryptodev_key_length_valid(cipher, ctx->key_len))
+ return (0);
+
+ memset(sess, 0, sizeof(struct session_op));
+
+ if ((state->d_fd = get_dev_crypto()) < 0)
+ return (0);
+
+ sess->key = (char *)key;
+ sess->keylen = ctx->key_len;
+ sess->cipher = cipher;
+
+ if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+ close(state->d_fd);
+ state->d_fd = -1;
+ return (0);
+ }
+ return (1);
+}
+
+/*
+ * free anything we allocated earlier when initting a
+ * session, and close the session.
+ */
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ int ret = 0;
+ struct dev_crypto_state *state = ctx->cipher_data;
+ struct session_op *sess = &state->d_sess;
+
+ if (state->d_fd < 0)
+ return (0);
+
+ /*
+ * XXX if this ioctl fails, someting's wrong. the invoker may have called
+ * us with a bogus ctx, or we could have a device that for whatever
+ * reason just doesn't want to play ball - it's not clear what's right
+ * here - should this be an error? should it just increase a counter,
+ * hmm. For right now, we return 0 - I don't believe that to be "right".
+ * we could call the gorpy openssl lib error handlers that print messages
+ * to users of the library. hmm..
+ */
+
+ if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+ ret = 0;
+ } else {
+ ret = 1;
+ }
+ close(state->d_fd);
+ state->d_fd = -1;
+
+ return (ret);
+}
+
+/*
+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+ * gets called when libcrypto requests a cipher NID.
+ */
+
+/* DES CBC EVP */
+const EVP_CIPHER cryptodev_des_cbc = {
+ NID_des_cbc,
+ 8, 8, 8,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+};
+
+/* 3DES CBC EVP */
+const EVP_CIPHER cryptodev_3des_cbc = {
+ NID_des_ede3_cbc,
+ 8, 24, 8,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+};
+
+const EVP_CIPHER cryptodev_bf_cbc = {
+ NID_bf_cbc,
+ 8, 16, 8,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+};
+
+const EVP_CIPHER cryptodev_cast_cbc = {
+ NID_cast5_cbc,
+ 8, 16, 8,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+};
+
+const EVP_CIPHER cryptodev_aes_cbc = {
+ NID_aes_128_cbc,
+ 16, 16, 16,
+ EVP_CIPH_CBC_MODE,
+ cryptodev_init_key,
+ cryptodev_cipher,
+ cryptodev_cleanup,
+ sizeof(struct dev_crypto_state),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL
+};
+
+/*
+ * Registered by the ENGINE when used to find out how to deal with
+ * a particular NID in the ENGINE. this says what we'll do at the
+ * top level - note, that list is restricted by what we answer with
+ */
+static int
+cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ const int **nids, int nid)
+{
+ if (!cipher)
+ return (cryptodev_usable_ciphers(nids));
+
+ switch (nid) {
+ case NID_des_ede3_cbc:
+ *cipher = &cryptodev_3des_cbc;
+ break;
+ case NID_des_cbc:
+ *cipher = &cryptodev_des_cbc;
+ break;
+ case NID_bf_cbc:
+ *cipher = &cryptodev_bf_cbc;
+ break;
+ case NID_cast5_cbc:
+ *cipher = &cryptodev_cast_cbc;
+ break;
+ case NID_aes_128_cbc:
+ *cipher = &cryptodev_aes_cbc;
+ break;
+ default:
+ *cipher = NULL;
+ break;
+ }
+ return (*cipher != NULL);
+}
+
+static int
+cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+ const int **nids, int nid)
+{
+ if (!digest)
+ return (cryptodev_usable_digests(nids));
+
+ switch (nid) {
+ case NID_md5:
+ *digest = NULL; /* need to make a clean md5 critter */
+ break;
+ default:
+ *digest = NULL;
+ break;
+ }
+ return (*digest != NULL);
+}
+
+/*
+ * Convert a BIGNUM to the representation that /dev/crypto needs.
+ * Upon completion of use, the caller is responsible for freeing
+ * crp->crp_p.
+ */
+static int bn2crparam(const BIGNUM *a, struct crparam *crp)
+{
+ int i, j, k;
+ ssize_t bytes, bits;
+ u_char *b;
+
+ crp->crp_p = NULL;
+ crp->crp_nbits = 0;
+
+ bits = BN_num_bits(a);
+ bytes = (bits + 7) / 8;
+
+ b = malloc(bytes);
+ if (b == NULL)
+ return (1);
+
+ crp->crp_p = (char *)b;
+ crp->crp_nbits = bits;
+
+ for (i = 0, j = 0; i < a->top; i++) {
+ for (k = 0; k < BN_BITS2 / 8; k++) {
+ if ((j + k) >= bytes)
+ return (0);
+ b[j + k] = a->d[i] >> (k * 8);
+ }
+ j += BN_BITS2 / 8;
+ }
+ return (0);
+}
+
+/* Convert a /dev/crypto parameter to a BIGNUM */
+static int crparam2bn(struct crparam *crp, BIGNUM *a)
+{
+ u_int8_t *pd;
+ int i, bytes;
+
+ bytes = (crp->crp_nbits + 7) / 8;
+
+ if (bytes == 0)
+ return (-1);
+
+ if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+ return (-1);
+
+ for (i = 0; i < bytes; i++)
+ pd[i] = crp->crp_p[bytes - i - 1];
+
+ BN_bin2bn(pd, bytes, a);
+ free(pd);
+
+ return (0);
+}
+
+static void zapparams(struct crypt_kop *kop)
+{
+ int i;
+
+ for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
+ if (kop->crk_param[i].crp_p)
+ free(kop->crk_param[i].crp_p);
+ kop->crk_param[i].crp_p = NULL;
+ kop->crk_param[i].crp_nbits = 0;
+ }
+}
+
+static int
+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+ BIGNUM *s)
+{
+ int fd, ret = -1;
+
+ if ((fd = get_asym_dev_crypto()) < 0)
+ return (ret);
+
+ if (r) {
+ kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+ kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+ kop->crk_oparams++;
+ }
+ if (s) {
+ kop->crk_param[kop->crk_iparams + 1].crp_p =
+ calloc(slen, sizeof(char));
+ kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
+ kop->crk_oparams++;
+ }
+
+ if (ioctl(fd, CIOCKEY, kop) == 0) {
+ if (r)
+ crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+ if (s)
+ crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
+ ret = 0;
+ }
+
+ return (ret);
+}
+
+static int
+cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ struct crypt_kop kop;
+ int ret = 1;
+
+ /*
+ * Currently, we know we can do mod exp iff we can do any asymmetric
+ * operations at all.
+ */
+ if (cryptodev_asymfeat == 0) {
+ ret = BN_mod_exp(r, a, p, m, ctx);
+ return (ret);
+ }
+
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_MOD_EXP;
+
+ /* inputs: a^p % m */
+ if (bn2crparam(a, &kop.crk_param[0]))
+ goto err;
+ if (bn2crparam(p, &kop.crk_param[1]))
+ goto err;
+ if (bn2crparam(m, &kop.crk_param[2]))
+ goto err;
+ kop.crk_iparams = 3;
+
+ if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ printf("OCF asym process failed, Running in software\n");
+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+
+ } else if (ECANCELED == kop.crk_status) {
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ printf("OCF hardware operation cancelled. Running in Software\n");
+ ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+ }
+ /* else cryptodev operation worked ok ==> ret = 1 */
+
+ err:
+ zapparams(&kop);
+ return (ret);
+}
+
+static int
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ int r;
+
+ r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+ return (r);
+}
+
+static int
+cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+ struct crypt_kop kop;
+ int ret = 1;
+
+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ /* XXX 0 means failure?? */
+ return (0);
+ }
+
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_MOD_EXP_CRT;
+ /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+ if (bn2crparam(rsa->p, &kop.crk_param[0]))
+ goto err;
+ if (bn2crparam(rsa->q, &kop.crk_param[1]))
+ goto err;
+ if (bn2crparam(I, &kop.crk_param[2]))
+ goto err;
+ if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+ goto err;
+ if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+ goto err;
+ if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+ goto err;
+ kop.crk_iparams = 6;
+
+ if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ printf("OCF asym process failed, running in Software\n");
+ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+
+ } else if (ECANCELED == kop.crk_status) {
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ printf("OCF hardware operation cancelled. Running in Software\n");
+ ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+ }
+ /* else cryptodev operation worked ok ==> ret = 1 */
+
+ err:
+ zapparams(&kop);
+ return (ret);
+}
+
+static RSA_METHOD cryptodev_rsa = {
+ "cryptodev RSA method",
+ NULL, /* rsa_pub_enc */
+ NULL, /* rsa_pub_dec */
+ NULL, /* rsa_priv_enc */
+ NULL, /* rsa_priv_dec */
+ NULL,
+ NULL,
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* rsa_sign */
+ NULL /* rsa_verify */
+};
+
+static int
+cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+ BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+ BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+ BIGNUM t2;
+ int ret = 0;
+
+ BN_init(&t2);
+
+ /* v = ( g^u1 * y^u2 mod p ) mod q */
+ /* let t1 = g ^ u1 mod p */
+ ret = 0;
+
+ if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
+ goto err;
+
+ /* let t2 = y ^ u2 mod p */
+ if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
+ goto err;
+ /* let u1 = t1 * t2 mod p */
+ if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
+ goto err;
+
+ BN_copy(t1, u1);
+
+ ret = 1;
+ err:
+ BN_free(&t2);
+ return (ret);
+}
+
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa)
+{
+ struct crypt_kop kop;
+ BIGNUM *r = NULL, *s = NULL;
+ DSA_SIG *dsaret = NULL;
+
+ if ((r = BN_new()) == NULL)
+ goto err;
+ if ((s = BN_new()) == NULL) {
+ BN_free(r);
+ goto err;
+ }
+
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_DSA_SIGN;
+
+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+ kop.crk_param[0].crp_p = (caddr_t) dgst;
+ kop.crk_param[0].crp_nbits = dlen * 8;
+ if (bn2crparam(dsa->p, &kop.crk_param[1]))
+ goto err;
+ if (bn2crparam(dsa->q, &kop.crk_param[2]))
+ goto err;
+ if (bn2crparam(dsa->g, &kop.crk_param[3]))
+ goto err;
+ if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+ goto err;
+ kop.crk_iparams = 5;
+
+ if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+ BN_num_bytes(dsa->q), s) == 0) {
+ dsaret = DSA_SIG_new();
+ dsaret->r = r;
+ dsaret->s = s;
+ } else {
+ const DSA_METHOD *meth = DSA_OpenSSL();
+ BN_free(r);
+ BN_free(s);
+ dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
+ }
+ err:
+ kop.crk_param[0].crp_p = NULL;
+ zapparams(&kop);
+ return (dsaret);
+}
+
+static int
+cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+ DSA_SIG *sig, DSA *dsa)
+{
+ struct crypt_kop kop;
+ int dsaret = 1;
+
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_DSA_VERIFY;
+
+ /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+ kop.crk_param[0].crp_p = (caddr_t) dgst;
+ kop.crk_param[0].crp_nbits = dlen * 8;
+ if (bn2crparam(dsa->p, &kop.crk_param[1]))
+ goto err;
+ if (bn2crparam(dsa->q, &kop.crk_param[2]))
+ goto err;
+ if (bn2crparam(dsa->g, &kop.crk_param[3]))
+ goto err;
+ if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+ goto err;
+ if (bn2crparam(sig->r, &kop.crk_param[5]))
+ goto err;
+ if (bn2crparam(sig->s, &kop.crk_param[6]))
+ goto err;
+ kop.crk_iparams = 7;
+
+ if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+ /*
+ * OCF success value is 0, if not zero, change dsaret to fail
+ */
+ if (0 != kop.crk_status)
+ dsaret = 0;
+ } else {
+ const DSA_METHOD *meth = DSA_OpenSSL();
+
+ dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
+ }
+ err:
+ kop.crk_param[0].crp_p = NULL;
+ zapparams(&kop);
+ return (dsaret);
+}
+
+static DSA_METHOD cryptodev_dsa = {
+ "cryptodev DSA method",
+ NULL,
+ NULL, /* dsa_sign_setup */
+ NULL,
+ NULL, /* dsa_mod_exp */
+ NULL,
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL /* app_data */
+};
+
+static int
+cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+ struct crypt_kop kop;
+ int dhret = 1;
+ int fd, keylen;
+
+ if ((fd = get_asym_dev_crypto()) < 0) {
+ const DH_METHOD *meth = DH_OpenSSL();
+
+ return ((meth->compute_key) (key, pub_key, dh));
+ }
+
+ keylen = BN_num_bits(dh->p);
+
+ memset(&kop, 0, sizeof kop);
+ kop.crk_op = CRK_DH_COMPUTE_KEY;
+
+ /* inputs: dh->priv_key pub_key dh->p key */
+ if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+ goto err;
+ if (bn2crparam(pub_key, &kop.crk_param[1]))
+ goto err;
+ if (bn2crparam(dh->p, &kop.crk_param[2]))
+ goto err;
+ kop.crk_iparams = 3;
+
+ kop.crk_param[3].crp_p = (char *)key;
+ kop.crk_param[3].crp_nbits = keylen * 8;
+ kop.crk_oparams = 1;
+
+ if (ioctl(fd, CIOCKEY, &kop) == -1) {
+ const DH_METHOD *meth = DH_OpenSSL();
+
+ dhret = (meth->compute_key) (key, pub_key, dh);
+ }
+ err:
+ kop.crk_param[3].crp_p = NULL;
+ zapparams(&kop);
+ return (dhret);
+}
+
+static DH_METHOD cryptodev_dh = {
+ "cryptodev DH method",
+ NULL, /* cryptodev_dh_generate_key */
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ 0, /* flags */
+ NULL /* app_data */
+};
+
+/*
+ * ctrl right now is just a wrapper that doesn't do much
+ * but I expect we'll want some options soon.
+ */
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ())
+{
+# ifdef HAVE_SYSLOG_R
+ struct syslog_data sd = SYSLOG_DATA_INIT;
+# endif
+
+ switch (cmd) {
+ default:
+# ifdef HAVE_SYSLOG_R
+ syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
+# else
+ syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
+# endif
+ break;
+ }
+ return (1);
+}
+
+void ENGINE_load_cryptodev(void)
+{
+ ENGINE *engine = ENGINE_new();
+ int fd;
+
+ if (engine == NULL)
+ return;
+ if ((fd = get_dev_crypto()) < 0) {
+ ENGINE_free(engine);
+ return;
+ }
+
+ /*
+ * find out what asymmetric crypto algorithms we support
+ */
+ if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+ close(fd);
+ ENGINE_free(engine);
+ return;
+ }
+ close(fd);
+
+ if (!ENGINE_set_id(engine, "cryptodev") ||
+ !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+ !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+ !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+ !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+ !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+ ENGINE_free(engine);
+ return;
+ }
+
+ if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+ const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+
+ cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+ cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
+ cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
+ cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
+ cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
+ cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+ if (cryptodev_asymfeat & CRF_MOD_EXP) {
+ cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+ if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+ cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
+ else
+ cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
+ }
+ }
+
+ if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+ const DSA_METHOD *meth = DSA_OpenSSL();
+
+ memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+ if (cryptodev_asymfeat & CRF_DSA_SIGN)
+ cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+ if (cryptodev_asymfeat & CRF_MOD_EXP) {
+ cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+ cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+ }
+ if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+ cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+ }
+
+ if (ENGINE_set_DH(engine, &cryptodev_dh)) {
+ const DH_METHOD *dh_meth = DH_OpenSSL();
+
+ cryptodev_dh.generate_key = dh_meth->generate_key;
+ cryptodev_dh.compute_key = dh_meth->compute_key;
+ cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+ if (cryptodev_asymfeat & CRF_MOD_EXP) {
+ cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+ if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+ cryptodev_dh.compute_key = cryptodev_dh_compute_key;
+ }
+ }
+
+ ENGINE_add(engine);
+ ENGINE_free(engine);
+ ERR_clear_error();
+}
+
+#endif /* HAVE_CRYPTODEV */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_ctrl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_ctrl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_ctrl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,389 +0,0 @@
-/* crypto/engine/eng_ctrl.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* When querying a ENGINE-specific control command's 'description', this string
- * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
-static const char *int_no_description = "";
-
-/* These internal functions handle 'CMD'-related control commands when the
- * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
- * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
-
-static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
- {
- if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
- return 1;
- return 0;
- }
-
-static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
- {
- int idx = 0;
- while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
- {
- idx++;
- defn++;
- }
- if(int_ctrl_cmd_is_null(defn))
- /* The given name wasn't found */
- return -1;
- return idx;
- }
-
-static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
- {
- int idx = 0;
- /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
- * our searches don't need to take any longer than necessary. */
- while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
- {
- idx++;
- defn++;
- }
- if(defn->cmd_num == num)
- return idx;
- /* The given cmd_num wasn't found */
- return -1;
- }
-
-static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
- void (*f)(void))
- {
- int idx;
- char *s = (char *)p;
- /* Take care of the easy one first (eg. it requires no searches) */
- if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
- {
- if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
- return 0;
- return e->cmd_defns->cmd_num;
- }
- /* One or two commands require that "p" be a valid string buffer */
- if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
- (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
- (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
- {
- if(s == NULL)
- {
- ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
- ERR_R_PASSED_NULL_PARAMETER);
- return -1;
- }
- }
- /* Now handle cmd_name -> cmd_num conversion */
- if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
- {
- if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
- e->cmd_defns, s)) < 0))
- {
- ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
- ENGINE_R_INVALID_CMD_NAME);
- return -1;
- }
- return e->cmd_defns[idx].cmd_num;
- }
- /* For the rest of the commands, the 'long' argument must specify a
- * valie command number - so we need to conduct a search. */
- if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
- (unsigned int)i)) < 0))
- {
- ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
- ENGINE_R_INVALID_CMD_NUMBER);
- return -1;
- }
- /* Now the logic splits depending on command type */
- switch(cmd)
- {
- case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
- idx++;
- if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
- /* end-of-list */
- return 0;
- else
- return e->cmd_defns[idx].cmd_num;
- case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
- return strlen(e->cmd_defns[idx].cmd_name);
- case ENGINE_CTRL_GET_NAME_FROM_CMD:
- return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
- "%s", e->cmd_defns[idx].cmd_name);
- case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
- if(e->cmd_defns[idx].cmd_desc)
- return strlen(e->cmd_defns[idx].cmd_desc);
- return strlen(int_no_description);
- case ENGINE_CTRL_GET_DESC_FROM_CMD:
- if(e->cmd_defns[idx].cmd_desc)
- return BIO_snprintf(s,
- strlen(e->cmd_defns[idx].cmd_desc) + 1,
- "%s", e->cmd_defns[idx].cmd_desc);
- return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
- int_no_description);
- case ENGINE_CTRL_GET_CMD_FLAGS:
- return e->cmd_defns[idx].cmd_flags;
- }
- /* Shouldn't really be here ... */
- ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
- return -1;
- }
-
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int ctrl_exists, ref_exists;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- ref_exists = ((e->struct_ref > 0) ? 1 : 0);
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
- if(!ref_exists)
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
- return 0;
- }
- /* Intercept any "root-level" commands before trying to hand them on to
- * ctrl() handlers. */
- switch(cmd)
- {
- case ENGINE_CTRL_HAS_CTRL_FUNCTION:
- return ctrl_exists;
- case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
- case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
- case ENGINE_CTRL_GET_CMD_FROM_NAME:
- case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
- case ENGINE_CTRL_GET_NAME_FROM_CMD:
- case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
- case ENGINE_CTRL_GET_DESC_FROM_CMD:
- case ENGINE_CTRL_GET_CMD_FLAGS:
- if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
- return int_ctrl_helper(e,cmd,i,p,f);
- if(!ctrl_exists)
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
- /* For these cmd-related functions, failure is indicated
- * by a -1 return value (because 0 is used as a valid
- * return in some places). */
- return -1;
- }
- default:
- break;
- }
- /* Anything else requires a ctrl() handler to exist. */
- if(!ctrl_exists)
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
- return 0;
- }
- return e->ctrl(e, cmd, i, p, f);
- }
-
-int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
- {
- int flags;
- if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
- {
- ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
- ENGINE_R_INVALID_CMD_NUMBER);
- return 0;
- }
- if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
- !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
- !(flags & ENGINE_CMD_FLAG_STRING))
- return 0;
- return 1;
- }
-
-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
- long i, void *p, void (*f)(void), int cmd_optional)
- {
- int num;
-
- if((e == NULL) || (cmd_name == NULL))
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
- ENGINE_CTRL_GET_CMD_FROM_NAME,
- 0, (void *)cmd_name, NULL)) <= 0))
- {
- /* If the command didn't *have* to be supported, we fake
- * success. This allows certain settings to be specified for
- * multiple ENGINEs and only require a change of ENGINE id
- * (without having to selectively apply settings). Eg. changing
- * from a hardware device back to the regular software ENGINE
- * without editing the config file, etc. */
- if(cmd_optional)
- {
- ERR_clear_error();
- return 1;
- }
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
- ENGINE_R_INVALID_CMD_NAME);
- return 0;
- }
- /* Force the result of the control command to 0 or 1, for the reasons
- * mentioned before. */
- if (ENGINE_ctrl(e, num, i, p, f) > 0)
- return 1;
- return 0;
- }
-
-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
- int cmd_optional)
- {
- int num, flags;
- long l;
- char *ptr;
- if((e == NULL) || (cmd_name == NULL))
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
- ENGINE_CTRL_GET_CMD_FROM_NAME,
- 0, (void *)cmd_name, NULL)) <= 0))
- {
- /* If the command didn't *have* to be supported, we fake
- * success. This allows certain settings to be specified for
- * multiple ENGINEs and only require a change of ENGINE id
- * (without having to selectively apply settings). Eg. changing
- * from a hardware device back to the regular software ENGINE
- * without editing the config file, etc. */
- if(cmd_optional)
- {
- ERR_clear_error();
- return 1;
- }
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_INVALID_CMD_NAME);
- return 0;
- }
- if(!ENGINE_cmd_is_executable(e, num))
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_CMD_NOT_EXECUTABLE);
- return 0;
- }
- if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
- {
- /* Shouldn't happen, given that ENGINE_cmd_is_executable()
- * returned success. */
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- /* If the command takes no input, there must be no input. And vice
- * versa. */
- if(flags & ENGINE_CMD_FLAG_NO_INPUT)
- {
- if(arg != NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_COMMAND_TAKES_NO_INPUT);
- return 0;
- }
- /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
- * rather than returning it as "return data". This is to ensure
- * usage of these commands is consistent across applications and
- * that certain applications don't understand it one way, and
- * others another. */
- if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
- return 1;
- return 0;
- }
- /* So, we require input */
- if(arg == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_COMMAND_TAKES_INPUT);
- return 0;
- }
- /* If it takes string input, that's easy */
- if(flags & ENGINE_CMD_FLAG_STRING)
- {
- /* Same explanation as above */
- if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
- return 1;
- return 0;
- }
- /* If it doesn't take numeric either, then it is unsupported for use in
- * a config-setting situation, which is what this function is for. This
- * should never happen though, because ENGINE_cmd_is_executable() was
- * used. */
- if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- l = strtol(arg, &ptr, 10);
- if((arg == ptr) || (*ptr != '\0'))
- {
- ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
- ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
- return 0;
- }
- /* Force the result of the control command to 0 or 1, for the reasons
- * mentioned before. */
- if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
- return 1;
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_ctrl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_ctrl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_ctrl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_ctrl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,385 @@
+/* crypto/engine/eng_ctrl.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+
+/*
+ * When querying a ENGINE-specific control command's 'description', this
+ * string is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL.
+ */
+static const char *int_no_description = "";
+
+/*
+ * These internal functions handle 'CMD'-related control commands when the
+ * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
+ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag.
+ */
+
+static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
+{
+ if ((defn->cmd_num == 0) || (defn->cmd_name == NULL))
+ return 1;
+ return 0;
+}
+
+static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
+{
+ int idx = 0;
+ while (!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) {
+ idx++;
+ defn++;
+ }
+ if (int_ctrl_cmd_is_null(defn))
+ /* The given name wasn't found */
+ return -1;
+ return idx;
+}
+
+static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
+{
+ int idx = 0;
+ /*
+ * NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
+ * our searches don't need to take any longer than necessary.
+ */
+ while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) {
+ idx++;
+ defn++;
+ }
+ if (defn->cmd_num == num)
+ return idx;
+ /* The given cmd_num wasn't found */
+ return -1;
+}
+
+static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
+ void (*f) (void))
+{
+ int idx;
+ char *s = (char *)p;
+ /* Take care of the easy one first (eg. it requires no searches) */
+ if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) {
+ if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
+ return 0;
+ return e->cmd_defns->cmd_num;
+ }
+ /* One or two commands require that "p" be a valid string buffer */
+ if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
+ (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
+ (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
+ if (s == NULL) {
+ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ERR_R_PASSED_NULL_PARAMETER);
+ return -1;
+ }
+ }
+ /* Now handle cmd_name -> cmd_num conversion */
+ if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
+ if ((e->cmd_defns == NULL)
+ || ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {
+ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NAME);
+ return -1;
+ }
+ return e->cmd_defns[idx].cmd_num;
+ }
+ /*
+ * For the rest of the commands, the 'long' argument must specify a valie
+ * command number - so we need to conduct a search.
+ */
+ if ((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
+ (unsigned int)
+ i)) < 0)) {
+ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NUMBER);
+ return -1;
+ }
+ /* Now the logic splits depending on command type */
+ switch (cmd) {
+ case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+ idx++;
+ if (int_ctrl_cmd_is_null(e->cmd_defns + idx))
+ /* end-of-list */
+ return 0;
+ else
+ return e->cmd_defns[idx].cmd_num;
+ case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+ return strlen(e->cmd_defns[idx].cmd_name);
+ case ENGINE_CTRL_GET_NAME_FROM_CMD:
+ return BIO_snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1,
+ "%s", e->cmd_defns[idx].cmd_name);
+ case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+ if (e->cmd_defns[idx].cmd_desc)
+ return strlen(e->cmd_defns[idx].cmd_desc);
+ return strlen(int_no_description);
+ case ENGINE_CTRL_GET_DESC_FROM_CMD:
+ if (e->cmd_defns[idx].cmd_desc)
+ return BIO_snprintf(s,
+ strlen(e->cmd_defns[idx].cmd_desc) + 1,
+ "%s", e->cmd_defns[idx].cmd_desc);
+ return BIO_snprintf(s, strlen(int_no_description) + 1, "%s",
+ int_no_description);
+ case ENGINE_CTRL_GET_CMD_FLAGS:
+ return e->cmd_defns[idx].cmd_flags;
+ }
+ /* Shouldn't really be here ... */
+ ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR);
+ return -1;
+}
+
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int ctrl_exists, ref_exists;
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ ref_exists = ((e->struct_ref > 0) ? 1 : 0);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
+ if (!ref_exists) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE);
+ return 0;
+ }
+ /*
+ * Intercept any "root-level" commands before trying to hand them on to
+ * ctrl() handlers.
+ */
+ switch (cmd) {
+ case ENGINE_CTRL_HAS_CTRL_FUNCTION:
+ return ctrl_exists;
+ case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
+ case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+ case ENGINE_CTRL_GET_CMD_FROM_NAME:
+ case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+ case ENGINE_CTRL_GET_NAME_FROM_CMD:
+ case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+ case ENGINE_CTRL_GET_DESC_FROM_CMD:
+ case ENGINE_CTRL_GET_CMD_FLAGS:
+ if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
+ return int_ctrl_helper(e, cmd, i, p, f);
+ if (!ctrl_exists) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+ /*
+ * For these cmd-related functions, failure is indicated by a -1
+ * return value (because 0 is used as a valid return in some
+ * places).
+ */
+ return -1;
+ }
+ default:
+ break;
+ }
+ /* Anything else requires a ctrl() handler to exist. */
+ if (!ctrl_exists) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+ return 0;
+ }
+ return e->ctrl(e, cmd, i, p, f);
+}
+
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
+{
+ int flags;
+ if ((flags =
+ ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) {
+ ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
+ ENGINE_R_INVALID_CMD_NUMBER);
+ return 0;
+ }
+ if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
+ !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
+ !(flags & ENGINE_CMD_FLAG_STRING))
+ return 0;
+ return 1;
+}
+
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+ long i, void *p, void (*f) (void), int cmd_optional)
+{
+ int num;
+
+ if ((e == NULL) || (cmd_name == NULL)) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+ ENGINE_CTRL_GET_CMD_FROM_NAME,
+ 0, (void *)cmd_name,
+ NULL)) <= 0)) {
+ /*
+ * If the command didn't *have* to be supported, we fake success.
+ * This allows certain settings to be specified for multiple ENGINEs
+ * and only require a change of ENGINE id (without having to
+ * selectively apply settings). Eg. changing from a hardware device
+ * back to the regular software ENGINE without editing the config
+ * file, etc.
+ */
+ if (cmd_optional) {
+ ERR_clear_error();
+ return 1;
+ }
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ENGINE_R_INVALID_CMD_NAME);
+ return 0;
+ }
+ /*
+ * Force the result of the control command to 0 or 1, for the reasons
+ * mentioned before.
+ */
+ if (ENGINE_ctrl(e, num, i, p, f) > 0)
+ return 1;
+ return 0;
+}
+
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+ int cmd_optional)
+{
+ int num, flags;
+ long l;
+ char *ptr;
+ if ((e == NULL) || (cmd_name == NULL)) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+ ENGINE_CTRL_GET_CMD_FROM_NAME,
+ 0, (void *)cmd_name,
+ NULL)) <= 0)) {
+ /*
+ * If the command didn't *have* to be supported, we fake success.
+ * This allows certain settings to be specified for multiple ENGINEs
+ * and only require a change of ENGINE id (without having to
+ * selectively apply settings). Eg. changing from a hardware device
+ * back to the regular software ENGINE without editing the config
+ * file, etc.
+ */
+ if (cmd_optional) {
+ ERR_clear_error();
+ return 1;
+ }
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ENGINE_R_INVALID_CMD_NAME);
+ return 0;
+ }
+ if (!ENGINE_cmd_is_executable(e, num)) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ENGINE_R_CMD_NOT_EXECUTABLE);
+ return 0;
+ }
+ if ((flags =
+ ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) {
+ /*
+ * Shouldn't happen, given that ENGINE_cmd_is_executable() returned
+ * success.
+ */
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ENGINE_R_INTERNAL_LIST_ERROR);
+ return 0;
+ }
+ /*
+ * If the command takes no input, there must be no input. And vice versa.
+ */
+ if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
+ if (arg != NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ENGINE_R_COMMAND_TAKES_NO_INPUT);
+ return 0;
+ }
+ /*
+ * We deliberately force the result of ENGINE_ctrl() to 0 or 1 rather
+ * than returning it as "return data". This is to ensure usage of
+ * these commands is consistent across applications and that certain
+ * applications don't understand it one way, and others another.
+ */
+ if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
+ return 1;
+ return 0;
+ }
+ /* So, we require input */
+ if (arg == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ENGINE_R_COMMAND_TAKES_INPUT);
+ return 0;
+ }
+ /* If it takes string input, that's easy */
+ if (flags & ENGINE_CMD_FLAG_STRING) {
+ /* Same explanation as above */
+ if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
+ return 1;
+ return 0;
+ }
+ /*
+ * If it doesn't take numeric either, then it is unsupported for use in a
+ * config-setting situation, which is what this function is for. This
+ * should never happen though, because ENGINE_cmd_is_executable() was
+ * used.
+ */
+ if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ENGINE_R_INTERNAL_LIST_ERROR);
+ return 0;
+ }
+ l = strtol(arg, &ptr, 10);
+ if ((arg == ptr) || (*ptr != '\0')) {
+ ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+ ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
+ return 0;
+ }
+ /*
+ * Force the result of the control command to 0 or 1, for the reasons
+ * mentioned before.
+ */
+ if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
+ return 1;
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_dyn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_dyn.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_dyn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,548 +0,0 @@
-/* crypto/engine/eng_dyn.c */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include "eng_int.h"
-#include <openssl/dso.h>
-
-/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
- * should implement the hook-up functions with the following prototypes. */
-
-/* Our ENGINE handlers */
-static int dynamic_init(ENGINE *e);
-static int dynamic_finish(ENGINE *e);
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-/* Predeclare our context type */
-typedef struct st_dynamic_data_ctx dynamic_data_ctx;
-/* The implementation for the important control command */
-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
-
-#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE
-#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1)
-#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2)
-#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3)
-#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4)
-#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5)
-#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6)
-
-/* The constants used when creating the ENGINE */
-static const char *engine_dynamic_id = "dynamic";
-static const char *engine_dynamic_name = "Dynamic engine loading support";
-static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
- {DYNAMIC_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the new ENGINE shared library",
- ENGINE_CMD_FLAG_STRING},
- {DYNAMIC_CMD_NO_VCHECK,
- "NO_VCHECK",
- "Specifies to continue even if version checking fails (boolean)",
- ENGINE_CMD_FLAG_NUMERIC},
- {DYNAMIC_CMD_ID,
- "ID",
- "Specifies an ENGINE id name for loading",
- ENGINE_CMD_FLAG_STRING},
- {DYNAMIC_CMD_LIST_ADD,
- "LIST_ADD",
- "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
- ENGINE_CMD_FLAG_NUMERIC},
- {DYNAMIC_CMD_DIR_LOAD,
- "DIR_LOAD",
- "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
- ENGINE_CMD_FLAG_NUMERIC},
- {DYNAMIC_CMD_DIR_ADD,
- "DIR_ADD",
- "Adds a directory from which ENGINEs can be loaded",
- ENGINE_CMD_FLAG_STRING},
- {DYNAMIC_CMD_LOAD,
- "LOAD",
- "Load up the ENGINE specified by other settings",
- ENGINE_CMD_FLAG_NO_INPUT},
- {0, NULL, NULL, 0}
- };
-static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {
- {0, NULL, NULL, 0}
- };
-
-/* Loading code stores state inside the ENGINE structure via the "ex_data"
- * element. We load all our state into a single structure and use that as a
- * single context in the "ex_data" stack. */
-struct st_dynamic_data_ctx
- {
- /* The DSO object we load that supplies the ENGINE code */
- DSO *dynamic_dso;
- /* The function pointer to the version checking shared library function */
- dynamic_v_check_fn v_check;
- /* The function pointer to the engine-binding shared library function */
- dynamic_bind_engine bind_engine;
- /* The default name/path for loading the shared library */
- const char *DYNAMIC_LIBNAME;
- /* Whether to continue loading on a version check failure */
- int no_vcheck;
- /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
- const char *engine_id;
- /* If non-zero, a successfully loaded ENGINE should be added to the internal
- * ENGINE list. If 2, the add must succeed or the entire load should fail. */
- int list_add_value;
- /* The symbol name for the version checking function */
- const char *DYNAMIC_F1;
- /* The symbol name for the "initialise ENGINE structure" function */
- const char *DYNAMIC_F2;
- /* Whether to never use 'dirs', use 'dirs' as a fallback, or only use
- * 'dirs' for loading. Default is to use 'dirs' as a fallback. */
- int dir_load;
- /* A stack of directories from which ENGINEs could be loaded */
- STACK *dirs;
- };
-
-/* This is the "ex_data" index we obtain and reserve for use with our context
- * structure. */
-static int dynamic_ex_data_idx = -1;
-
-static void int_free_str(void *s) { OPENSSL_free(s); }
-/* Because our ex_data element may or may not get allocated depending on whether
- * a "first-use" occurs before the ENGINE is freed, we have a memory leak
- * problem to solve. We can't declare a "new" handler for the ex_data as we
- * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
- * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
- * handler and that will get called if an ENGINE is being destroyed and there
- * was an ex_data element corresponding to our context type. */
-static void dynamic_data_ctx_free_func(void *parent, void *ptr,
- CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
- {
- if(ptr)
- {
- dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
- if(ctx->dynamic_dso)
- DSO_free(ctx->dynamic_dso);
- if(ctx->DYNAMIC_LIBNAME)
- OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
- if(ctx->engine_id)
- OPENSSL_free((void*)ctx->engine_id);
- if(ctx->dirs)
- sk_pop_free(ctx->dirs, int_free_str);
- OPENSSL_free(ctx);
- }
- }
-
-/* Construct the per-ENGINE context. We create it blindly and then use a lock to
- * check for a race - if so, all but one of the threads "racing" will have
- * wasted their time. The alternative involves creating everything inside the
- * lock which is far worse. */
-static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
- {
- dynamic_data_ctx *c;
- c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
- if(!c)
- {
- ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- memset(c, 0, sizeof(dynamic_data_ctx));
- c->dynamic_dso = NULL;
- c->v_check = NULL;
- c->bind_engine = NULL;
- c->DYNAMIC_LIBNAME = NULL;
- c->no_vcheck = 0;
- c->engine_id = NULL;
- c->list_add_value = 0;
- c->DYNAMIC_F1 = "v_check";
- c->DYNAMIC_F2 = "bind_engine";
- c->dir_load = 1;
- c->dirs = sk_new_null();
- if(!c->dirs)
- {
- ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
- OPENSSL_free(c);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
- dynamic_ex_data_idx)) == NULL)
- {
- /* Good, we're the first */
- ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
- *ctx = c;
- c = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- /* If we lost the race to set the context, c is non-NULL and *ctx is the
- * context of the thread that won. */
- if(c)
- OPENSSL_free(c);
- return 1;
- }
-
-/* This function retrieves the context structure from an ENGINE's "ex_data", or
- * if it doesn't exist yet, sets it up. */
-static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
- {
- dynamic_data_ctx *ctx;
- if(dynamic_ex_data_idx < 0)
- {
- /* Create and register the ENGINE ex_data, and associate our
- * "free" function with it to ensure any allocated contexts get
- * freed when an ENGINE goes underground. */
- int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
- dynamic_data_ctx_free_func);
- if(new_idx == -1)
- {
- ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX);
- return NULL;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- /* Avoid a race by checking again inside this lock */
- if(dynamic_ex_data_idx < 0)
- {
- /* Good, someone didn't beat us to it */
- dynamic_ex_data_idx = new_idx;
- new_idx = -1;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- /* In theory we could "give back" the index here if
- * (new_idx>-1), but it's not possible and wouldn't gain us much
- * if it were. */
- }
- ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
- /* Check if the context needs to be created */
- if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
- /* "set_data" will set errors if necessary */
- return NULL;
- return ctx;
- }
-
-static ENGINE *engine_dynamic(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!ENGINE_set_id(ret, engine_dynamic_id) ||
- !ENGINE_set_name(ret, engine_dynamic_name) ||
- !ENGINE_set_init_function(ret, dynamic_init) ||
- !ENGINE_set_finish_function(ret, dynamic_finish) ||
- !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
- !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
- !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_dynamic(void)
- {
- ENGINE *toadd = engine_dynamic();
- if(!toadd) return;
- ENGINE_add(toadd);
- /* If the "add" worked, it gets a structural reference. So either way,
- * we release our just-created reference. */
- ENGINE_free(toadd);
- /* If the "add" didn't work, it was probably a conflict because it was
- * already added (eg. someone calling ENGINE_load_blah then calling
- * ENGINE_load_builtin_engines() perhaps). */
- ERR_clear_error();
- }
-
-static int dynamic_init(ENGINE *e)
- {
- /* We always return failure - the "dyanamic" engine itself can't be used
- * for anything. */
- return 0;
- }
-
-static int dynamic_finish(ENGINE *e)
- {
- /* This should never be called on account of "dynamic_init" always
- * failing. */
- return 0;
- }
-
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
- int initialised;
-
- if(!ctx)
- {
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED);
- return 0;
- }
- initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
- /* All our control commands require the ENGINE to be uninitialised */
- if(initialised)
- {
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
- ENGINE_R_ALREADY_LOADED);
- return 0;
- }
- switch(cmd)
- {
- case DYNAMIC_CMD_SO_PATH:
- /* a NULL 'p' or a string of zero-length is the same thing */
- if(p && (strlen((const char *)p) < 1))
- p = NULL;
- if(ctx->DYNAMIC_LIBNAME)
- OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
- if(p)
- ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
- else
- ctx->DYNAMIC_LIBNAME = NULL;
- return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
- case DYNAMIC_CMD_NO_VCHECK:
- ctx->no_vcheck = ((i == 0) ? 0 : 1);
- return 1;
- case DYNAMIC_CMD_ID:
- /* a NULL 'p' or a string of zero-length is the same thing */
- if(p && (strlen((const char *)p) < 1))
- p = NULL;
- if(ctx->engine_id)
- OPENSSL_free((void*)ctx->engine_id);
- if(p)
- ctx->engine_id = BUF_strdup(p);
- else
- ctx->engine_id = NULL;
- return (ctx->engine_id ? 1 : 0);
- case DYNAMIC_CMD_LIST_ADD:
- if((i < 0) || (i > 2))
- {
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
- ENGINE_R_INVALID_ARGUMENT);
- return 0;
- }
- ctx->list_add_value = (int)i;
- return 1;
- case DYNAMIC_CMD_LOAD:
- return dynamic_load(e, ctx);
- case DYNAMIC_CMD_DIR_LOAD:
- if((i < 0) || (i > 2))
- {
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
- ENGINE_R_INVALID_ARGUMENT);
- return 0;
- }
- ctx->dir_load = (int)i;
- return 1;
- case DYNAMIC_CMD_DIR_ADD:
- /* a NULL 'p' or a string of zero-length is the same thing */
- if(!p || (strlen((const char *)p) < 1))
- {
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
- ENGINE_R_INVALID_ARGUMENT);
- return 0;
- }
- {
- char *tmp_str = BUF_strdup(p);
- if(!tmp_str)
- {
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- sk_insert(ctx->dirs, tmp_str, -1);
- }
- return 1;
- default:
- break;
- }
- ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-static int int_load(dynamic_data_ctx *ctx)
- {
- int num, loop;
- /* Unless told not to, try a direct load */
- if((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
- ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)
- return 1;
- /* If we're not allowed to use 'dirs' or we have none, fail */
- if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1))
- return 0;
- for(loop = 0; loop < num; loop++)
- {
- const char *s = sk_value(ctx->dirs, loop);
- char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
- if(!merge)
- return 0;
- if(DSO_load(ctx->dynamic_dso, merge, NULL, 0))
- {
- /* Found what we're looking for */
- OPENSSL_free(merge);
- return 1;
- }
- OPENSSL_free(merge);
- }
- return 0;
- }
-
-static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
- {
- ENGINE cpy;
- dynamic_fns fns;
-
- if(!ctx->dynamic_dso)
- ctx->dynamic_dso = DSO_new();
- if(!ctx->DYNAMIC_LIBNAME)
- {
- if(!ctx->engine_id)
- return 0;
- ctx->DYNAMIC_LIBNAME =
- DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
- }
- if(!int_load(ctx))
- {
- ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
- ENGINE_R_DSO_NOT_FOUND);
- DSO_free(ctx->dynamic_dso);
- ctx->dynamic_dso = NULL;
- return 0;
- }
- /* We have to find a bind function otherwise it'll always end badly */
- if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(
- ctx->dynamic_dso, ctx->DYNAMIC_F2)))
- {
- ctx->bind_engine = NULL;
- DSO_free(ctx->dynamic_dso);
- ctx->dynamic_dso = NULL;
- ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
- ENGINE_R_DSO_FAILURE);
- return 0;
- }
- /* Do we perform version checking? */
- if(!ctx->no_vcheck)
- {
- unsigned long vcheck_res = 0;
- /* Now we try to find a version checking function and decide how
- * to cope with failure if/when it fails. */
- ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(
- ctx->dynamic_dso, ctx->DYNAMIC_F1);
- if(ctx->v_check)
- vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
- /* We fail if the version checker veto'd the load *or* if it is
- * deferring to us (by returning its version) and we think it is
- * too old. */
- if(vcheck_res < OSSL_DYNAMIC_OLDEST)
- {
- /* Fail */
- ctx->bind_engine = NULL;
- ctx->v_check = NULL;
- DSO_free(ctx->dynamic_dso);
- ctx->dynamic_dso = NULL;
- ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
- ENGINE_R_VERSION_INCOMPATIBILITY);
- return 0;
- }
- }
- /* First binary copy the ENGINE structure so that we can roll back if
- * the hand-over fails */
- memcpy(&cpy, e, sizeof(ENGINE));
- /* Provide the ERR, "ex_data", memory, and locking callbacks so the
- * loaded library uses our state rather than its own. FIXME: As noted in
- * engine.h, much of this would be simplified if each area of code
- * provided its own "summary" structure of all related callbacks. It
- * would also increase opaqueness. */
- fns.static_state = ENGINE_get_static_state();
- fns.err_fns = ERR_get_implementation();
- fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
- CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
- &fns.mem_fns.realloc_cb,
- &fns.mem_fns.free_cb);
- fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
- fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
- fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
- fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
- fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
- /* Now that we've loaded the dynamic engine, make sure no "dynamic"
- * ENGINE elements will show through. */
- engine_set_all_null(e);
-
- /* Try to bind the ENGINE onto our own ENGINE structure */
- if(!ctx->bind_engine(e, ctx->engine_id, &fns))
- {
- ctx->bind_engine = NULL;
- ctx->v_check = NULL;
- DSO_free(ctx->dynamic_dso);
- ctx->dynamic_dso = NULL;
- ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED);
- /* Copy the original ENGINE structure back */
- memcpy(e, &cpy, sizeof(ENGINE));
- return 0;
- }
- /* Do we try to add this ENGINE to the internal list too? */
- if(ctx->list_add_value > 0)
- {
- if(!ENGINE_add(e))
- {
- /* Do we tolerate this or fail? */
- if(ctx->list_add_value > 1)
- {
- /* Fail - NB: By this time, it's too late to
- * rollback, and trying to do so allows the
- * bind_engine() code to have created leaks. We
- * just have to fail where we are, after the
- * ENGINE has changed. */
- ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
- ENGINE_R_CONFLICTING_ENGINE_ID);
- return 0;
- }
- /* Tolerate */
- ERR_clear_error();
- }
- }
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_dyn.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_dyn.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_dyn.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_dyn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,572 @@
+/* crypto/engine/eng_dyn.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+#include <openssl/dso.h>
+
+/*
+ * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE
+ * loader should implement the hook-up functions with the following
+ * prototypes.
+ */
+
+/* Our ENGINE handlers */
+static int dynamic_init(ENGINE *e);
+static int dynamic_finish(ENGINE *e);
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) (void));
+/* Predeclare our context type */
+typedef struct st_dynamic_data_ctx dynamic_data_ctx;
+/* The implementation for the important control command */
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
+
+#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE
+#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1)
+#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2)
+#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3)
+#define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4)
+#define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5)
+#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6)
+
+/* The constants used when creating the ENGINE */
+static const char *engine_dynamic_id = "dynamic";
+static const char *engine_dynamic_name = "Dynamic engine loading support";
+static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
+ {DYNAMIC_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the new ENGINE shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {DYNAMIC_CMD_NO_VCHECK,
+ "NO_VCHECK",
+ "Specifies to continue even if version checking fails (boolean)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {DYNAMIC_CMD_ID,
+ "ID",
+ "Specifies an ENGINE id name for loading",
+ ENGINE_CMD_FLAG_STRING},
+ {DYNAMIC_CMD_LIST_ADD,
+ "LIST_ADD",
+ "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {DYNAMIC_CMD_DIR_LOAD,
+ "DIR_LOAD",
+ "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {DYNAMIC_CMD_DIR_ADD,
+ "DIR_ADD",
+ "Adds a directory from which ENGINEs can be loaded",
+ ENGINE_CMD_FLAG_STRING},
+ {DYNAMIC_CMD_LOAD,
+ "LOAD",
+ "Load up the ENGINE specified by other settings",
+ ENGINE_CMD_FLAG_NO_INPUT},
+ {0, NULL, NULL, 0}
+};
+
+static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {
+ {0, NULL, NULL, 0}
+};
+
+/*
+ * Loading code stores state inside the ENGINE structure via the "ex_data"
+ * element. We load all our state into a single structure and use that as a
+ * single context in the "ex_data" stack.
+ */
+struct st_dynamic_data_ctx {
+ /* The DSO object we load that supplies the ENGINE code */
+ DSO *dynamic_dso;
+ /*
+ * The function pointer to the version checking shared library function
+ */
+ dynamic_v_check_fn v_check;
+ /*
+ * The function pointer to the engine-binding shared library function
+ */
+ dynamic_bind_engine bind_engine;
+ /* The default name/path for loading the shared library */
+ const char *DYNAMIC_LIBNAME;
+ /* Whether to continue loading on a version check failure */
+ int no_vcheck;
+ /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
+ const char *engine_id;
+ /*
+ * If non-zero, a successfully loaded ENGINE should be added to the
+ * internal ENGINE list. If 2, the add must succeed or the entire load
+ * should fail.
+ */
+ int list_add_value;
+ /* The symbol name for the version checking function */
+ const char *DYNAMIC_F1;
+ /* The symbol name for the "initialise ENGINE structure" function */
+ const char *DYNAMIC_F2;
+ /*
+ * Whether to never use 'dirs', use 'dirs' as a fallback, or only use
+ * 'dirs' for loading. Default is to use 'dirs' as a fallback.
+ */
+ int dir_load;
+ /* A stack of directories from which ENGINEs could be loaded */
+ STACK *dirs;
+};
+
+/*
+ * This is the "ex_data" index we obtain and reserve for use with our context
+ * structure.
+ */
+static int dynamic_ex_data_idx = -1;
+
+static void int_free_str(void *s)
+{
+ OPENSSL_free(s);
+}
+
+/*
+ * Because our ex_data element may or may not get allocated depending on
+ * whether a "first-use" occurs before the ENGINE is freed, we have a memory
+ * leak problem to solve. We can't declare a "new" handler for the ex_data as
+ * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types
+ * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare
+ * a "free" handler and that will get called if an ENGINE is being destroyed
+ * and there was an ex_data element corresponding to our context type.
+ */
+static void dynamic_data_ctx_free_func(void *parent, void *ptr,
+ CRYPTO_EX_DATA *ad, int idx, long argl,
+ void *argp)
+{
+ if (ptr) {
+ dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
+ if (ctx->dynamic_dso)
+ DSO_free(ctx->dynamic_dso);
+ if (ctx->DYNAMIC_LIBNAME)
+ OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME);
+ if (ctx->engine_id)
+ OPENSSL_free((void *)ctx->engine_id);
+ if (ctx->dirs)
+ sk_pop_free(ctx->dirs, int_free_str);
+ OPENSSL_free(ctx);
+ }
+}
+
+/*
+ * Construct the per-ENGINE context. We create it blindly and then use a lock
+ * to check for a race - if so, all but one of the threads "racing" will have
+ * wasted their time. The alternative involves creating everything inside the
+ * lock which is far worse.
+ */
+static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
+{
+ dynamic_data_ctx *c;
+ c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
+ if (!c) {
+ ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ memset(c, 0, sizeof(dynamic_data_ctx));
+ c->dynamic_dso = NULL;
+ c->v_check = NULL;
+ c->bind_engine = NULL;
+ c->DYNAMIC_LIBNAME = NULL;
+ c->no_vcheck = 0;
+ c->engine_id = NULL;
+ c->list_add_value = 0;
+ c->DYNAMIC_F1 = "v_check";
+ c->DYNAMIC_F2 = "bind_engine";
+ c->dir_load = 1;
+ c->dirs = sk_new_null();
+ if (!c->dirs) {
+ ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(c);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
+ dynamic_ex_data_idx))
+ == NULL) {
+ /* Good, we're the first */
+ ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
+ *ctx = c;
+ c = NULL;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /*
+ * If we lost the race to set the context, c is non-NULL and *ctx is the
+ * context of the thread that won.
+ */
+ if (c)
+ OPENSSL_free(c);
+ return 1;
+}
+
+/*
+ * This function retrieves the context structure from an ENGINE's "ex_data",
+ * or if it doesn't exist yet, sets it up.
+ */
+static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
+{
+ dynamic_data_ctx *ctx;
+ if (dynamic_ex_data_idx < 0) {
+ /*
+ * Create and register the ENGINE ex_data, and associate our "free"
+ * function with it to ensure any allocated contexts get freed when
+ * an ENGINE goes underground.
+ */
+ int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
+ dynamic_data_ctx_free_func);
+ if (new_idx == -1) {
+ ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX, ENGINE_R_NO_INDEX);
+ return NULL;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ /* Avoid a race by checking again inside this lock */
+ if (dynamic_ex_data_idx < 0) {
+ /* Good, someone didn't beat us to it */
+ dynamic_ex_data_idx = new_idx;
+ new_idx = -1;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /*
+ * In theory we could "give back" the index here if (new_idx>-1), but
+ * it's not possible and wouldn't gain us much if it were.
+ */
+ }
+ ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
+ /* Check if the context needs to be created */
+ if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
+ /* "set_data" will set errors if necessary */
+ return NULL;
+ return ctx;
+}
+
+static ENGINE *engine_dynamic(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!ENGINE_set_id(ret, engine_dynamic_id) ||
+ !ENGINE_set_name(ret, engine_dynamic_name) ||
+ !ENGINE_set_init_function(ret, dynamic_init) ||
+ !ENGINE_set_finish_function(ret, dynamic_finish) ||
+ !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
+ !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
+ !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_dynamic(void)
+{
+ ENGINE *toadd = engine_dynamic();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ /*
+ * If the "add" worked, it gets a structural reference. So either way, we
+ * release our just-created reference.
+ */
+ ENGINE_free(toadd);
+ /*
+ * If the "add" didn't work, it was probably a conflict because it was
+ * already added (eg. someone calling ENGINE_load_blah then calling
+ * ENGINE_load_builtin_engines() perhaps).
+ */
+ ERR_clear_error();
+}
+
+static int dynamic_init(ENGINE *e)
+{
+ /*
+ * We always return failure - the "dyanamic" engine itself can't be used
+ * for anything.
+ */
+ return 0;
+}
+
+static int dynamic_finish(ENGINE *e)
+{
+ /*
+ * This should never be called on account of "dynamic_init" always
+ * failing.
+ */
+ return 0;
+}
+
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
+ int initialised;
+
+ if (!ctx) {
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_NOT_LOADED);
+ return 0;
+ }
+ initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
+ /* All our control commands require the ENGINE to be uninitialised */
+ if (initialised) {
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_ALREADY_LOADED);
+ return 0;
+ }
+ switch (cmd) {
+ case DYNAMIC_CMD_SO_PATH:
+ /* a NULL 'p' or a string of zero-length is the same thing */
+ if (p && (strlen((const char *)p) < 1))
+ p = NULL;
+ if (ctx->DYNAMIC_LIBNAME)
+ OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME);
+ if (p)
+ ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
+ else
+ ctx->DYNAMIC_LIBNAME = NULL;
+ return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
+ case DYNAMIC_CMD_NO_VCHECK:
+ ctx->no_vcheck = ((i == 0) ? 0 : 1);
+ return 1;
+ case DYNAMIC_CMD_ID:
+ /* a NULL 'p' or a string of zero-length is the same thing */
+ if (p && (strlen((const char *)p) < 1))
+ p = NULL;
+ if (ctx->engine_id)
+ OPENSSL_free((void *)ctx->engine_id);
+ if (p)
+ ctx->engine_id = BUF_strdup(p);
+ else
+ ctx->engine_id = NULL;
+ return (ctx->engine_id ? 1 : 0);
+ case DYNAMIC_CMD_LIST_ADD:
+ if ((i < 0) || (i > 2)) {
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+ return 0;
+ }
+ ctx->list_add_value = (int)i;
+ return 1;
+ case DYNAMIC_CMD_LOAD:
+ return dynamic_load(e, ctx);
+ case DYNAMIC_CMD_DIR_LOAD:
+ if ((i < 0) || (i > 2)) {
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+ return 0;
+ }
+ ctx->dir_load = (int)i;
+ return 1;
+ case DYNAMIC_CMD_DIR_ADD:
+ /* a NULL 'p' or a string of zero-length is the same thing */
+ if (!p || (strlen((const char *)p) < 1)) {
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+ return 0;
+ }
+ {
+ char *tmp_str = BUF_strdup(p);
+ if (!tmp_str) {
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ sk_insert(ctx->dirs, tmp_str, -1);
+ }
+ return 1;
+ default:
+ break;
+ }
+ ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
+
+static int int_load(dynamic_data_ctx *ctx)
+{
+ int num, loop;
+ /* Unless told not to, try a direct load */
+ if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
+ ctx->DYNAMIC_LIBNAME, NULL,
+ 0)) != NULL)
+ return 1;
+ /* If we're not allowed to use 'dirs' or we have none, fail */
+ if (!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1))
+ return 0;
+ for (loop = 0; loop < num; loop++) {
+ const char *s = sk_value(ctx->dirs, loop);
+ char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
+ if (!merge)
+ return 0;
+ if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) {
+ /* Found what we're looking for */
+ OPENSSL_free(merge);
+ return 1;
+ }
+ OPENSSL_free(merge);
+ }
+ return 0;
+}
+
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
+{
+ ENGINE cpy;
+ dynamic_fns fns;
+
+ if (!ctx->dynamic_dso)
+ ctx->dynamic_dso = DSO_new();
+ if (!ctx->DYNAMIC_LIBNAME) {
+ if (!ctx->engine_id)
+ return 0;
+ ctx->DYNAMIC_LIBNAME =
+ DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
+ }
+ if (!int_load(ctx)) {
+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND);
+ DSO_free(ctx->dynamic_dso);
+ ctx->dynamic_dso = NULL;
+ return 0;
+ }
+ /* We have to find a bind function otherwise it'll always end badly */
+ if (!
+ (ctx->bind_engine =
+ (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso,
+ ctx->DYNAMIC_F2))) {
+ ctx->bind_engine = NULL;
+ DSO_free(ctx->dynamic_dso);
+ ctx->dynamic_dso = NULL;
+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_FAILURE);
+ return 0;
+ }
+ /* Do we perform version checking? */
+ if (!ctx->no_vcheck) {
+ unsigned long vcheck_res = 0;
+ /*
+ * Now we try to find a version checking function and decide how to
+ * cope with failure if/when it fails.
+ */
+ ctx->v_check =
+ (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso,
+ ctx->DYNAMIC_F1);
+ if (ctx->v_check)
+ vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
+ /*
+ * We fail if the version checker veto'd the load *or* if it is
+ * deferring to us (by returning its version) and we think it is too
+ * old.
+ */
+ if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
+ /* Fail */
+ ctx->bind_engine = NULL;
+ ctx->v_check = NULL;
+ DSO_free(ctx->dynamic_dso);
+ ctx->dynamic_dso = NULL;
+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+ ENGINE_R_VERSION_INCOMPATIBILITY);
+ return 0;
+ }
+ }
+ /*
+ * First binary copy the ENGINE structure so that we can roll back if the
+ * hand-over fails
+ */
+ memcpy(&cpy, e, sizeof(ENGINE));
+ /*
+ * Provide the ERR, "ex_data", memory, and locking callbacks so the
+ * loaded library uses our state rather than its own. FIXME: As noted in
+ * engine.h, much of this would be simplified if each area of code
+ * provided its own "summary" structure of all related callbacks. It
+ * would also increase opaqueness.
+ */
+ fns.static_state = ENGINE_get_static_state();
+ fns.err_fns = ERR_get_implementation();
+ fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
+ CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
+ &fns.mem_fns.realloc_cb, &fns.mem_fns.free_cb);
+ fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
+ fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
+ fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
+ fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
+ fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
+ /*
+ * Now that we've loaded the dynamic engine, make sure no "dynamic"
+ * ENGINE elements will show through.
+ */
+ engine_set_all_null(e);
+
+ /* Try to bind the ENGINE onto our own ENGINE structure */
+ if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
+ ctx->bind_engine = NULL;
+ ctx->v_check = NULL;
+ DSO_free(ctx->dynamic_dso);
+ ctx->dynamic_dso = NULL;
+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED);
+ /* Copy the original ENGINE structure back */
+ memcpy(e, &cpy, sizeof(ENGINE));
+ return 0;
+ }
+ /* Do we try to add this ENGINE to the internal list too? */
+ if (ctx->list_add_value > 0) {
+ if (!ENGINE_add(e)) {
+ /* Do we tolerate this or fail? */
+ if (ctx->list_add_value > 1) {
+ /*
+ * Fail - NB: By this time, it's too late to rollback, and
+ * trying to do so allows the bind_engine() code to have
+ * created leaks. We just have to fail where we are, after
+ * the ENGINE has changed.
+ */
+ ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+ ENGINE_R_CONFLICTING_ENGINE_ID);
+ return 0;
+ }
+ /* Tolerate */
+ ERR_clear_error();
+ }
+ }
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,170 +0,0 @@
-/* crypto/engine/eng_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/engine.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
-
-static ERR_STRING_DATA ENGINE_str_functs[]=
- {
-{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"},
-{ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
-{ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
-{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
-{ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
-{ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
-{ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
-{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"},
-{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT), "ENGINE_load_ssl_client_cert"},
-{ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
-{ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING), "ENGINE_set_default_string"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
-{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"},
-{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
-{ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"},
-{ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
-{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
-{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
-{ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"},
-{ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA ENGINE_str_reasons[]=
- {
-{ERR_REASON(ENGINE_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
-{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
-{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
-{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
-{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},
-{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},
-{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},
-{ERR_REASON(ENGINE_R_DSO_FAILURE) ,"DSO failure"},
-{ERR_REASON(ENGINE_R_DSO_NOT_FOUND) ,"dso not found"},
-{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
-{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"},
-{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
-{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
-{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
-{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
-{ERR_REASON(ENGINE_R_FINISH_FAILED) ,"finish failed"},
-{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) ,"could not obtain hardware handle"},
-{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},
-{ERR_REASON(ENGINE_R_INIT_FAILED) ,"init failed"},
-{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},
-{ERR_REASON(ENGINE_R_INVALID_ARGUMENT) ,"invalid argument"},
-{ERR_REASON(ENGINE_R_INVALID_CMD_NAME) ,"invalid cmd name"},
-{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
-{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
-{ERR_REASON(ENGINE_R_INVALID_STRING) ,"invalid string"},
-{ERR_REASON(ENGINE_R_NOT_INITIALISED) ,"not initialised"},
-{ERR_REASON(ENGINE_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
-{ERR_REASON(ENGINE_R_NO_INDEX) ,"no index"},
-{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) ,"no load function"},
-{ERR_REASON(ENGINE_R_NO_REFERENCE) ,"no reference"},
-{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) ,"no such engine"},
-{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
-{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
-{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
-{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_ENGINE_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,ENGINE_str_functs);
- ERR_load_strings(0,ENGINE_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,176 @@
+/* crypto/engine/eng_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
+
+static ERR_STRING_DATA ENGINE_str_functs[] = {
+ {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"},
+ {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"},
+ {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"},
+ {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"},
+ {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
+ {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
+ {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
+ {ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
+ {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
+ {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
+ {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
+ {ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"},
+ {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
+ {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
+ {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
+ {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
+ {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
+ {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
+ {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"},
+ {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
+ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
+ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
+ {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),
+ "ENGINE_load_ssl_client_cert"},
+ {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
+ {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
+ {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),
+ "ENGINE_set_default_string"},
+ {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
+ {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
+ {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
+ {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"},
+ {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
+ {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"},
+ {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
+ {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
+ {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
+ {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"},
+ {ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA ENGINE_str_reasons[] = {
+ {ERR_REASON(ENGINE_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),
+ "argument is not a number"},
+ {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE), "cmd not executable"},
+ {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"},
+ {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"},
+ {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"},
+ {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED), "dh not implemented"},
+ {ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED), "dsa not implemented"},
+ {ERR_REASON(ENGINE_R_DSO_FAILURE), "DSO failure"},
+ {ERR_REASON(ENGINE_R_DSO_NOT_FOUND), "dso not found"},
+ {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"},
+ {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),
+ "engine configuration error"},
+ {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"},
+ {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"},
+ {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),
+ "failed loading private key"},
+ {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
+ "failed loading public key"},
+ {ERR_REASON(ENGINE_R_FINISH_FAILED), "finish failed"},
+ {ERR_REASON(ENGINE_R_GET_HANDLE_FAILED),
+ "could not obtain hardware handle"},
+ {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING), "'id' or 'name' missing"},
+ {ERR_REASON(ENGINE_R_INIT_FAILED), "init failed"},
+ {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"},
+ {ERR_REASON(ENGINE_R_INVALID_ARGUMENT), "invalid argument"},
+ {ERR_REASON(ENGINE_R_INVALID_CMD_NAME), "invalid cmd name"},
+ {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER), "invalid cmd number"},
+ {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE), "invalid init value"},
+ {ERR_REASON(ENGINE_R_INVALID_STRING), "invalid string"},
+ {ERR_REASON(ENGINE_R_NOT_INITIALISED), "not initialised"},
+ {ERR_REASON(ENGINE_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"},
+ {ERR_REASON(ENGINE_R_NO_INDEX), "no index"},
+ {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION), "no load function"},
+ {ERR_REASON(ENGINE_R_NO_REFERENCE), "no reference"},
+ {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
+ {ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION), "no unload function"},
+ {ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS), "provide parameters"},
+ {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED), "rsa not implemented"},
+ {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"},
+ {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"},
+ {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_ENGINE_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, ENGINE_str_functs);
+ ERR_load_strings(0, ENGINE_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_fat.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_fat.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_fat.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,167 +0,0 @@
-/* crypto/engine/eng_fat.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include "eng_int.h"
-#include <openssl/conf.h>
-
-int ENGINE_set_default(ENGINE *e, unsigned int flags)
- {
- if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
- return 0;
- if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
- return 0;
-#ifndef OPENSSL_NO_RSA
- if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
- return 0;
-#endif
-#ifndef OPENSSL_NO_DSA
- if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
- return 0;
-#endif
-#ifndef OPENSSL_NO_DH
- if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
- return 0;
-#endif
-#ifndef OPENSSL_NO_ECDH
- if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
- return 0;
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
- return 0;
-#endif
- if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
- return 0;
- return 1;
- }
-
-/* Set default algorithms using a string */
-
-static int int_def_cb(const char *alg, int len, void *arg)
- {
- unsigned int *pflags = arg;
- if (!strncmp(alg, "ALL", len))
- *pflags |= ENGINE_METHOD_ALL;
- else if (!strncmp(alg, "RSA", len))
- *pflags |= ENGINE_METHOD_RSA;
- else if (!strncmp(alg, "DSA", len))
- *pflags |= ENGINE_METHOD_DSA;
- else if (!strncmp(alg, "ECDH", len))
- *pflags |= ENGINE_METHOD_ECDH;
- else if (!strncmp(alg, "ECDSA", len))
- *pflags |= ENGINE_METHOD_ECDSA;
- else if (!strncmp(alg, "DH", len))
- *pflags |= ENGINE_METHOD_DH;
- else if (!strncmp(alg, "RAND", len))
- *pflags |= ENGINE_METHOD_RAND;
- else if (!strncmp(alg, "CIPHERS", len))
- *pflags |= ENGINE_METHOD_CIPHERS;
- else if (!strncmp(alg, "DIGESTS", len))
- *pflags |= ENGINE_METHOD_DIGESTS;
- else
- return 0;
- return 1;
- }
-
-
-int ENGINE_set_default_string(ENGINE *e, const char *def_list)
- {
- unsigned int flags = 0;
- if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
- {
- ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
- ENGINE_R_INVALID_STRING);
- ERR_add_error_data(2, "str=",def_list);
- return 0;
- }
- return ENGINE_set_default(e, flags);
- }
-
-int ENGINE_register_complete(ENGINE *e)
- {
- ENGINE_register_ciphers(e);
- ENGINE_register_digests(e);
-#ifndef OPENSSL_NO_RSA
- ENGINE_register_RSA(e);
-#endif
-#ifndef OPENSSL_NO_DSA
- ENGINE_register_DSA(e);
-#endif
-#ifndef OPENSSL_NO_DH
- ENGINE_register_DH(e);
-#endif
-#ifndef OPENSSL_NO_ECDH
- ENGINE_register_ECDH(e);
-#endif
-#ifndef OPENSSL_NO_ECDSA
- ENGINE_register_ECDSA(e);
-#endif
- ENGINE_register_RAND(e);
- return 1;
- }
-
-int ENGINE_register_all_complete(void)
- {
- ENGINE *e;
-
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_complete(e);
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_fat.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_fat.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_fat.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_fat.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,165 @@
+/* crypto/engine/eng_fat.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include "eng_int.h"
+#include <openssl/conf.h>
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags)
+{
+ if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
+ return 0;
+ if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
+ return 0;
+#ifndef OPENSSL_NO_RSA
+ if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
+ return 0;
+#endif
+#ifndef OPENSSL_NO_DSA
+ if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
+ return 0;
+#endif
+#ifndef OPENSSL_NO_DH
+ if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
+ return 0;
+#endif
+#ifndef OPENSSL_NO_ECDH
+ if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
+ return 0;
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
+ return 0;
+#endif
+ if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
+ return 0;
+ return 1;
+}
+
+/* Set default algorithms using a string */
+
+static int int_def_cb(const char *alg, int len, void *arg)
+{
+ unsigned int *pflags = arg;
+ if (!strncmp(alg, "ALL", len))
+ *pflags |= ENGINE_METHOD_ALL;
+ else if (!strncmp(alg, "RSA", len))
+ *pflags |= ENGINE_METHOD_RSA;
+ else if (!strncmp(alg, "DSA", len))
+ *pflags |= ENGINE_METHOD_DSA;
+ else if (!strncmp(alg, "ECDH", len))
+ *pflags |= ENGINE_METHOD_ECDH;
+ else if (!strncmp(alg, "ECDSA", len))
+ *pflags |= ENGINE_METHOD_ECDSA;
+ else if (!strncmp(alg, "DH", len))
+ *pflags |= ENGINE_METHOD_DH;
+ else if (!strncmp(alg, "RAND", len))
+ *pflags |= ENGINE_METHOD_RAND;
+ else if (!strncmp(alg, "CIPHERS", len))
+ *pflags |= ENGINE_METHOD_CIPHERS;
+ else if (!strncmp(alg, "DIGESTS", len))
+ *pflags |= ENGINE_METHOD_DIGESTS;
+ else
+ return 0;
+ return 1;
+}
+
+int ENGINE_set_default_string(ENGINE *e, const char *def_list)
+{
+ unsigned int flags = 0;
+ if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {
+ ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
+ ENGINE_R_INVALID_STRING);
+ ERR_add_error_data(2, "str=", def_list);
+ return 0;
+ }
+ return ENGINE_set_default(e, flags);
+}
+
+int ENGINE_register_complete(ENGINE *e)
+{
+ ENGINE_register_ciphers(e);
+ ENGINE_register_digests(e);
+#ifndef OPENSSL_NO_RSA
+ ENGINE_register_RSA(e);
+#endif
+#ifndef OPENSSL_NO_DSA
+ ENGINE_register_DSA(e);
+#endif
+#ifndef OPENSSL_NO_DH
+ ENGINE_register_DH(e);
+#endif
+#ifndef OPENSSL_NO_ECDH
+ ENGINE_register_ECDH(e);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ ENGINE_register_ECDSA(e);
+#endif
+ ENGINE_register_RAND(e);
+ return 1;
+}
+
+int ENGINE_register_all_complete(void)
+{
+ ENGINE *e;
+
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_complete(e);
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_init.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_init.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_init.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,154 +0,0 @@
-/* crypto/engine/eng_init.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* Initialise a engine type for use (or up its functional reference count
- * if it's already in use). This version is only used internally. */
-int engine_unlocked_init(ENGINE *e)
- {
- int to_return = 1;
-
- if((e->funct_ref == 0) && e->init)
- /* This is the first functional reference and the engine
- * requires initialisation so we do it now. */
- to_return = e->init(e);
- if(to_return)
- {
- /* OK, we return a functional reference which is also a
- * structural reference. */
- e->struct_ref++;
- e->funct_ref++;
- engine_ref_debug(e, 0, 1)
- engine_ref_debug(e, 1, 1)
- }
- return to_return;
- }
-
-/* Free a functional reference to a engine type. This version is only used
- * internally. */
-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
- {
- int to_return = 1;
-
- /* Reduce the functional reference count here so if it's the terminating
- * case, we can release the lock safely and call the finish() handler
- * without risk of a race. We get a race if we leave the count until
- * after and something else is calling "finish" at the same time -
- * there's a chance that both threads will together take the count from
- * 2 to 0 without either calling finish(). */
- e->funct_ref--;
- engine_ref_debug(e, 1, -1);
- if((e->funct_ref == 0) && e->finish)
- {
- if(unlock_for_handlers)
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- to_return = e->finish(e);
- if(unlock_for_handlers)
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(!to_return)
- return 0;
- }
-#ifdef REF_CHECK
- if(e->funct_ref < 0)
- {
- fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
- abort();
- }
-#endif
- /* Release the structural reference too */
- if(!engine_free_util(e, 0))
- {
- ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,ENGINE_R_FINISH_FAILED);
- return 0;
- }
- return to_return;
- }
-
-/* The API (locked) version of "init" */
-int ENGINE_init(ENGINE *e)
- {
- int ret;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- ret = engine_unlocked_init(e);
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return ret;
- }
-
-/* The API (locked) version of "finish" */
-int ENGINE_finish(ENGINE *e)
- {
- int to_return = 1;
-
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- to_return = engine_unlocked_finish(e, 1);
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- if(!to_return)
- {
- ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
- return 0;
- }
- return to_return;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_init.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_init.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_init.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_init.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,157 @@
+/* crypto/engine/eng_init.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+
+/*
+ * Initialise a engine type for use (or up its functional reference count if
+ * it's already in use). This version is only used internally.
+ */
+int engine_unlocked_init(ENGINE *e)
+{
+ int to_return = 1;
+
+ if ((e->funct_ref == 0) && e->init)
+ /*
+ * This is the first functional reference and the engine requires
+ * initialisation so we do it now.
+ */
+ to_return = e->init(e);
+ if (to_return) {
+ /*
+ * OK, we return a functional reference which is also a structural
+ * reference.
+ */
+ e->struct_ref++;
+ e->funct_ref++;
+ engine_ref_debug(e, 0, 1)
+ engine_ref_debug(e, 1, 1)
+ }
+ return to_return;
+}
+
+/*
+ * Free a functional reference to a engine type. This version is only used
+ * internally.
+ */
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
+{
+ int to_return = 1;
+
+ /*
+ * Reduce the functional reference count here so if it's the terminating
+ * case, we can release the lock safely and call the finish() handler
+ * without risk of a race. We get a race if we leave the count until
+ * after and something else is calling "finish" at the same time -
+ * there's a chance that both threads will together take the count from 2
+ * to 0 without either calling finish().
+ */
+ e->funct_ref--;
+ engine_ref_debug(e, 1, -1);
+ if ((e->funct_ref == 0) && e->finish) {
+ if (unlock_for_handlers)
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ to_return = e->finish(e);
+ if (unlock_for_handlers)
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (!to_return)
+ return 0;
+ }
+#ifdef REF_CHECK
+ if (e->funct_ref < 0) {
+ fprintf(stderr, "ENGINE_finish, bad functional reference count\n");
+ abort();
+ }
+#endif
+ /* Release the structural reference too */
+ if (!engine_free_util(e, 0)) {
+ ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH, ENGINE_R_FINISH_FAILED);
+ return 0;
+ }
+ return to_return;
+}
+
+/* The API (locked) version of "init" */
+int ENGINE_init(ENGINE *e)
+{
+ int ret;
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ ret = engine_unlocked_init(e);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+}
+
+/* The API (locked) version of "finish" */
+int ENGINE_finish(ENGINE *e)
+{
+ int to_return = 1;
+
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ to_return = engine_unlocked_finish(e, 1);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ if (!to_return) {
+ ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
+ return 0;
+ }
+ return to_return;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_int.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_int.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_int.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,196 +0,0 @@
-/* crypto/engine/eng_int.h */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_ENGINE_INT_H
-#define HEADER_ENGINE_INT_H
-
-#include "cryptlib.h"
-/* Take public definitions from engine.h */
-#include <openssl/engine.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* If we compile with this symbol defined, then both reference counts in the
- * ENGINE structure will be monitored with a line of output on stderr for each
- * change. This prints the engine's pointer address (truncated to unsigned int),
- * "struct" or "funct" to indicate the reference type, the before and after
- * reference count, and the file:line-number pair. The "engine_ref_debug"
- * statements must come *after* the change. */
-#ifdef ENGINE_REF_COUNT_DEBUG
-
-#define engine_ref_debug(e, isfunct, diff) \
- fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
- (unsigned int)(e), (isfunct ? "funct" : "struct"), \
- ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
- ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
- (__FILE__), (__LINE__));
-
-#else
-
-#define engine_ref_debug(e, isfunct, diff)
-
-#endif
-
-/* Any code that will need cleanup operations should use these functions to
- * register callbacks. ENGINE_cleanup() will call all registered callbacks in
- * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
- * held (in "write" mode). */
-typedef void (ENGINE_CLEANUP_CB)(void);
-typedef struct st_engine_cleanup_item
- {
- ENGINE_CLEANUP_CB *cb;
- } ENGINE_CLEANUP_ITEM;
-DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
-
-/* We need stacks of ENGINEs for use in eng_table.c */
-DECLARE_STACK_OF(ENGINE)
-
-/* If this symbol is defined then engine_table_select(), the function that is
- * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
- * functional references (etc), will display debugging summaries to stderr. */
-/* #define ENGINE_TABLE_DEBUG */
-
-/* This represents an implementation table. Dependent code should instantiate it
- * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
-typedef struct st_engine_table ENGINE_TABLE;
-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
- ENGINE *e, const int *nids, int num_nids, int setdefault);
-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
-void engine_table_cleanup(ENGINE_TABLE **table);
-#ifndef ENGINE_TABLE_DEBUG
-ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
-#else
-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
-#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
-#endif
-
-/* Internal versions of API functions that have control over locking. These are
- * used between C files when functionality needs to be shared but the caller may
- * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
-int engine_unlocked_init(ENGINE *e);
-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
-int engine_free_util(ENGINE *e, int locked);
-
-/* This function will reset all "set"able values in an ENGINE to NULL. This
- * won't touch reference counts or ex_data, but is equivalent to calling all the
- * ENGINE_set_***() functions with a NULL value. */
-void engine_set_all_null(ENGINE *e);
-
-/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
- * in engine.h. */
-
-/* This is a structure for storing implementations of various crypto
- * algorithms and functions. */
-struct engine_st
- {
- const char *id;
- const char *name;
- const RSA_METHOD *rsa_meth;
- const DSA_METHOD *dsa_meth;
- const DH_METHOD *dh_meth;
- const ECDH_METHOD *ecdh_meth;
- const ECDSA_METHOD *ecdsa_meth;
- const RAND_METHOD *rand_meth;
- const STORE_METHOD *store_meth;
- /* Cipher handling is via this callback */
- ENGINE_CIPHERS_PTR ciphers;
- /* Digest handling is via this callback */
- ENGINE_DIGESTS_PTR digests;
-
-
- ENGINE_GEN_INT_FUNC_PTR destroy;
-
- ENGINE_GEN_INT_FUNC_PTR init;
- ENGINE_GEN_INT_FUNC_PTR finish;
- ENGINE_CTRL_FUNC_PTR ctrl;
- ENGINE_LOAD_KEY_PTR load_privkey;
- ENGINE_LOAD_KEY_PTR load_pubkey;
-
- ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
-
- const ENGINE_CMD_DEFN *cmd_defns;
- int flags;
- /* reference count on the structure itself */
- int struct_ref;
- /* reference count on usability of the engine type. NB: This
- * controls the loading and initialisation of any functionlity
- * required by this engine, whereas the previous count is
- * simply to cope with (de)allocation of this structure. Hence,
- * running_ref <= struct_ref at all times. */
- int funct_ref;
- /* A place to store per-ENGINE data */
- CRYPTO_EX_DATA ex_data;
- /* Used to maintain the linked-list of engines. */
- struct engine_st *prev;
- struct engine_st *next;
- };
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* HEADER_ENGINE_INT_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_int.h (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_int.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_int.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_int.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,211 @@
+/* crypto/engine/eng_int.h */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_ENGINE_INT_H
+# define HEADER_ENGINE_INT_H
+
+# include "cryptlib.h"
+/* Take public definitions from engine.h */
+# include <openssl/engine.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * If we compile with this symbol defined, then both reference counts in the
+ * ENGINE structure will be monitored with a line of output on stderr for
+ * each change. This prints the engine's pointer address (truncated to
+ * unsigned int), "struct" or "funct" to indicate the reference type, the
+ * before and after reference count, and the file:line-number pair. The
+ * "engine_ref_debug" statements must come *after* the change.
+ */
+# ifdef ENGINE_REF_COUNT_DEBUG
+
+# define engine_ref_debug(e, isfunct, diff) \
+ fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
+ (unsigned int)(e), (isfunct ? "funct" : "struct"), \
+ ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
+ ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
+ (__FILE__), (__LINE__));
+
+# else
+
+# define engine_ref_debug(e, isfunct, diff)
+
+# endif
+
+/*
+ * Any code that will need cleanup operations should use these functions to
+ * register callbacks. ENGINE_cleanup() will call all registered callbacks in
+ * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
+ * held (in "write" mode).
+ */
+typedef void (ENGINE_CLEANUP_CB) (void);
+typedef struct st_engine_cleanup_item {
+ ENGINE_CLEANUP_CB *cb;
+} ENGINE_CLEANUP_ITEM;
+DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
+
+/* We need stacks of ENGINEs for use in eng_table.c */
+DECLARE_STACK_OF(ENGINE)
+
+/*
+ * If this symbol is defined then engine_table_select(), the function that is
+ * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults
+ * and functional references (etc), will display debugging summaries to
+ * stderr.
+ */
+/* #define ENGINE_TABLE_DEBUG */
+
+/*
+ * This represents an implementation table. Dependent code should instantiate
+ * it as a (ENGINE_TABLE *) pointer value set initially to NULL.
+ */
+typedef struct st_engine_table ENGINE_TABLE;
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+ ENGINE *e, const int *nids, int num_nids,
+ int setdefault);
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
+void engine_table_cleanup(ENGINE_TABLE **table);
+# ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
+# else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
+ int l);
+# define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
+# endif
+
+/*
+ * Internal versions of API functions that have control over locking. These
+ * are used between C files when functionality needs to be shared but the
+ * caller may already be controlling of the CRYPTO_LOCK_ENGINE lock.
+ */
+int engine_unlocked_init(ENGINE *e);
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
+int engine_free_util(ENGINE *e, int locked);
+
+/*
+ * This function will reset all "set"able values in an ENGINE to NULL. This
+ * won't touch reference counts or ex_data, but is equivalent to calling all
+ * the ENGINE_set_***() functions with a NULL value.
+ */
+void engine_set_all_null(ENGINE *e);
+
+/*
+ * NB: Bitwise OR-able values for the "flags" variable in ENGINE are now
+ * exposed in engine.h.
+ */
+
+/*
+ * This is a structure for storing implementations of various crypto
+ * algorithms and functions.
+ */
+struct engine_st {
+ const char *id;
+ const char *name;
+ const RSA_METHOD *rsa_meth;
+ const DSA_METHOD *dsa_meth;
+ const DH_METHOD *dh_meth;
+ const ECDH_METHOD *ecdh_meth;
+ const ECDSA_METHOD *ecdsa_meth;
+ const RAND_METHOD *rand_meth;
+ const STORE_METHOD *store_meth;
+ /* Cipher handling is via this callback */
+ ENGINE_CIPHERS_PTR ciphers;
+ /* Digest handling is via this callback */
+ ENGINE_DIGESTS_PTR digests;
+ ENGINE_GEN_INT_FUNC_PTR destroy;
+ ENGINE_GEN_INT_FUNC_PTR init;
+ ENGINE_GEN_INT_FUNC_PTR finish;
+ ENGINE_CTRL_FUNC_PTR ctrl;
+ ENGINE_LOAD_KEY_PTR load_privkey;
+ ENGINE_LOAD_KEY_PTR load_pubkey;
+ ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+ const ENGINE_CMD_DEFN *cmd_defns;
+ int flags;
+ /* reference count on the structure itself */
+ int struct_ref;
+ /*
+ * reference count on usability of the engine type. NB: This controls the
+ * loading and initialisation of any functionlity required by this
+ * engine, whereas the previous count is simply to cope with
+ * (de)allocation of this structure. Hence, running_ref <= struct_ref at
+ * all times.
+ */
+ int funct_ref;
+ /* A place to store per-ENGINE data */
+ CRYPTO_EX_DATA ex_data;
+ /* Used to maintain the linked-list of engines. */
+ struct engine_st *prev;
+ struct engine_st *next;
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_ENGINE_INT_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,329 +0,0 @@
-/* crypto/engine/eng_lib.c */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-#include <openssl/rand.h>
-
-/* The "new"/"free" stuff first */
-
-ENGINE *ENGINE_new(void)
- {
- ENGINE *ret;
-
- ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
- if(ret == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- memset(ret, 0, sizeof(ENGINE));
- ret->struct_ref = 1;
- engine_ref_debug(ret, 0, 1)
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
- return ret;
- }
-
-/* Placed here (close proximity to ENGINE_new) so that modifications to the
- * elements of the ENGINE structure are more likely to be caught and changed
- * here. */
-void engine_set_all_null(ENGINE *e)
- {
- e->id = NULL;
- e->name = NULL;
- e->rsa_meth = NULL;
- e->dsa_meth = NULL;
- e->dh_meth = NULL;
- e->rand_meth = NULL;
- e->store_meth = NULL;
- e->ciphers = NULL;
- e->digests = NULL;
- e->destroy = NULL;
- e->init = NULL;
- e->finish = NULL;
- e->ctrl = NULL;
- e->load_privkey = NULL;
- e->load_pubkey = NULL;
- e->cmd_defns = NULL;
- e->flags = 0;
- }
-
-int engine_free_util(ENGINE *e, int locked)
- {
- int i;
-
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(locked)
- i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
- else
- i = --e->struct_ref;
- engine_ref_debug(e, 0, -1)
- if (i > 0) return 1;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"ENGINE_free, bad structural reference count\n");
- abort();
- }
-#endif
- /* Give the ENGINE a chance to do any structural cleanup corresponding
- * to allocation it did in its constructor (eg. unload error strings) */
- if(e->destroy)
- e->destroy(e);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
- OPENSSL_free(e);
- return 1;
- }
-
-int ENGINE_free(ENGINE *e)
- {
- return engine_free_util(e, 1);
- }
-
-/* Cleanup stuff */
-
-/* ENGINE_cleanup() is coded such that anything that does work that will need
- * cleanup can register a "cleanup" callback here. That way we don't get linker
- * bloat by referring to all *possible* cleanups, but any linker bloat into code
- * "X" will cause X's cleanup function to end up here. */
-static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
-static int int_cleanup_check(int create)
- {
- if(cleanup_stack) return 1;
- if(!create) return 0;
- cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
- return (cleanup_stack ? 1 : 0);
- }
-static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
- {
- ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(
- ENGINE_CLEANUP_ITEM));
- if(!item) return NULL;
- item->cb = cb;
- return item;
- }
-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
- {
- ENGINE_CLEANUP_ITEM *item;
- if(!int_cleanup_check(1)) return;
- item = int_cleanup_item(cb);
- if(item)
- sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
- }
-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
- {
- ENGINE_CLEANUP_ITEM *item;
- if(!int_cleanup_check(1)) return;
- item = int_cleanup_item(cb);
- if(item)
- sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
- }
-/* The API function that performs all cleanup */
-static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
- {
- (*(item->cb))();
- OPENSSL_free(item);
- }
-void ENGINE_cleanup(void)
- {
- if(int_cleanup_check(0))
- {
- sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
- engine_cleanup_cb_free);
- cleanup_stack = NULL;
- }
- /* FIXME: This should be handled (somehow) through RAND, eg. by it
- * registering a cleanup callback. */
- RAND_set_rand_method(NULL);
- }
-
-/* Now the "ex_data" support */
-
-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));
- }
-
-void *ENGINE_get_ex_data(const ENGINE *e, int idx)
- {
- return(CRYPTO_get_ex_data(&e->ex_data, idx));
- }
-
-/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
- * ENGINE structure itself. */
-
-int ENGINE_set_id(ENGINE *e, const char *id)
- {
- if(id == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_SET_ID,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- e->id = id;
- return 1;
- }
-
-int ENGINE_set_name(ENGINE *e, const char *name)
- {
- if(name == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- e->name = name;
- return 1;
- }
-
-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
- {
- e->destroy = destroy_f;
- return 1;
- }
-
-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
- {
- e->init = init_f;
- return 1;
- }
-
-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
- {
- e->finish = finish_f;
- return 1;
- }
-
-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
- {
- e->ctrl = ctrl_f;
- return 1;
- }
-
-int ENGINE_set_flags(ENGINE *e, int flags)
- {
- e->flags = flags;
- return 1;
- }
-
-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
- {
- e->cmd_defns = defns;
- return 1;
- }
-
-const char *ENGINE_get_id(const ENGINE *e)
- {
- return e->id;
- }
-
-const char *ENGINE_get_name(const ENGINE *e)
- {
- return e->name;
- }
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
- {
- return e->destroy;
- }
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
- {
- return e->init;
- }
-
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
- {
- return e->finish;
- }
-
-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
- {
- return e->ctrl;
- }
-
-int ENGINE_get_flags(const ENGINE *e)
- {
- return e->flags;
- }
-
-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
- {
- return e->cmd_defns;
- }
-
-/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so
- * put the "static_state" hack here. */
-
-static int internal_static_hack = 0;
-
-void *ENGINE_get_static_state(void)
- {
- return &internal_static_hack;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,344 @@
+/* crypto/engine/eng_lib.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+#include <openssl/rand.h>
+
+/* The "new"/"free" stuff first */
+
+ENGINE *ENGINE_new(void)
+{
+ ENGINE *ret;
+
+ ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
+ if (ret == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ memset(ret, 0, sizeof(ENGINE));
+ ret->struct_ref = 1;
+ engine_ref_debug(ret, 0, 1)
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
+ return ret;
+}
+
+/*
+ * Placed here (close proximity to ENGINE_new) so that modifications to the
+ * elements of the ENGINE structure are more likely to be caught and changed
+ * here.
+ */
+void engine_set_all_null(ENGINE *e)
+{
+ e->id = NULL;
+ e->name = NULL;
+ e->rsa_meth = NULL;
+ e->dsa_meth = NULL;
+ e->dh_meth = NULL;
+ e->rand_meth = NULL;
+ e->store_meth = NULL;
+ e->ciphers = NULL;
+ e->digests = NULL;
+ e->destroy = NULL;
+ e->init = NULL;
+ e->finish = NULL;
+ e->ctrl = NULL;
+ e->load_privkey = NULL;
+ e->load_pubkey = NULL;
+ e->cmd_defns = NULL;
+ e->flags = 0;
+}
+
+int engine_free_util(ENGINE *e, int locked)
+{
+ int i;
+
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (locked)
+ i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE);
+ else
+ i = --e->struct_ref;
+ engine_ref_debug(e, 0, -1)
+ if (i > 0)
+ return 1;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "ENGINE_free, bad structural reference count\n");
+ abort();
+ }
+#endif
+ /*
+ * Give the ENGINE a chance to do any structural cleanup corresponding to
+ * allocation it did in its constructor (eg. unload error strings)
+ */
+ if (e->destroy)
+ e->destroy(e);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
+ OPENSSL_free(e);
+ return 1;
+}
+
+int ENGINE_free(ENGINE *e)
+{
+ return engine_free_util(e, 1);
+}
+
+/* Cleanup stuff */
+
+/*
+ * ENGINE_cleanup() is coded such that anything that does work that will need
+ * cleanup can register a "cleanup" callback here. That way we don't get
+ * linker bloat by referring to all *possible* cleanups, but any linker bloat
+ * into code "X" will cause X's cleanup function to end up here.
+ */
+static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
+static int int_cleanup_check(int create)
+{
+ if (cleanup_stack)
+ return 1;
+ if (!create)
+ return 0;
+ cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
+ return (cleanup_stack ? 1 : 0);
+}
+
+static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
+{
+ ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(ENGINE_CLEANUP_ITEM));
+ if (!item)
+ return NULL;
+ item->cb = cb;
+ return item;
+}
+
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
+{
+ ENGINE_CLEANUP_ITEM *item;
+ if (!int_cleanup_check(1))
+ return;
+ item = int_cleanup_item(cb);
+ if (item)
+ sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
+}
+
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
+{
+ ENGINE_CLEANUP_ITEM *item;
+ if (!int_cleanup_check(1))
+ return;
+ item = int_cleanup_item(cb);
+ if (item)
+ sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+}
+
+/* The API function that performs all cleanup */
+static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
+{
+ (*(item->cb)) ();
+ OPENSSL_free(item);
+}
+
+void ENGINE_cleanup(void)
+{
+ if (int_cleanup_check(0)) {
+ sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
+ engine_cleanup_cb_free);
+ cleanup_stack = NULL;
+ }
+ /*
+ * FIXME: This should be handled (somehow) through RAND, eg. by it
+ * registering a cleanup callback.
+ */
+ RAND_set_rand_method(NULL);
+}
+
+/* Now the "ex_data" support */
+
+int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
+{
+ return (CRYPTO_set_ex_data(&e->ex_data, idx, arg));
+}
+
+void *ENGINE_get_ex_data(const ENGINE *e, int idx)
+{
+ return (CRYPTO_get_ex_data(&e->ex_data, idx));
+}
+
+/*
+ * Functions to get/set an ENGINE's elements - mainly to avoid exposing the
+ * ENGINE structure itself.
+ */
+
+int ENGINE_set_id(ENGINE *e, const char *id)
+{
+ if (id == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_SET_ID, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->id = id;
+ return 1;
+}
+
+int ENGINE_set_name(ENGINE *e, const char *name)
+{
+ if (name == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_SET_NAME, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ e->name = name;
+ return 1;
+}
+
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
+{
+ e->destroy = destroy_f;
+ return 1;
+}
+
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
+{
+ e->init = init_f;
+ return 1;
+}
+
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
+{
+ e->finish = finish_f;
+ return 1;
+}
+
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
+{
+ e->ctrl = ctrl_f;
+ return 1;
+}
+
+int ENGINE_set_flags(ENGINE *e, int flags)
+{
+ e->flags = flags;
+ return 1;
+}
+
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
+{
+ e->cmd_defns = defns;
+ return 1;
+}
+
+const char *ENGINE_get_id(const ENGINE *e)
+{
+ return e->id;
+}
+
+const char *ENGINE_get_name(const ENGINE *e)
+{
+ return e->name;
+}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
+{
+ return e->destroy;
+}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
+{
+ return e->init;
+}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
+{
+ return e->finish;
+}
+
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
+{
+ return e->ctrl;
+}
+
+int ENGINE_get_flags(const ENGINE *e)
+{
+ return e->flags;
+}
+
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
+{
+ return e->cmd_defns;
+}
+
+/*
+ * eng_lib.o is pretty much linked into anything that touches ENGINE already,
+ * so put the "static_state" hack here.
+ */
+
+static int internal_static_hack = 0;
+
+void *ENGINE_get_static_state(void)
+{
+ return &internal_static_hack;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_list.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_list.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_list.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,432 +0,0 @@
-/* crypto/engine/eng_list.c */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include "eng_int.h"
-
-/* The linked-list of pointers to engine types. engine_list_head
- * incorporates an implicit structural reference but engine_list_tail
- * does not - the latter is a computational niceity and only points
- * to something that is already pointed to by its predecessor in the
- * list (or engine_list_head itself). In the same way, the use of the
- * "prev" pointer in each ENGINE is to save excessive list iteration,
- * it doesn't correspond to an extra structural reference. Hence,
- * engine_list_head, and each non-null "next" pointer account for
- * the list itself assuming exactly 1 structural reference on each
- * list member. */
-static ENGINE *engine_list_head = NULL;
-static ENGINE *engine_list_tail = NULL;
-
-/* This cleanup function is only needed internally. If it should be called, we
- * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
-
-static void engine_list_cleanup(void)
- {
- ENGINE *iterator = engine_list_head;
-
- while(iterator != NULL)
- {
- ENGINE_remove(iterator);
- iterator = engine_list_head;
- }
- return;
- }
-
-/* These static functions starting with a lower case "engine_" always
- * take place when CRYPTO_LOCK_ENGINE has been locked up. */
-static int engine_list_add(ENGINE *e)
- {
- int conflict = 0;
- ENGINE *iterator = NULL;
-
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- iterator = engine_list_head;
- while(iterator && !conflict)
- {
- conflict = (strcmp(iterator->id, e->id) == 0);
- iterator = iterator->next;
- }
- if(conflict)
- {
- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
- ENGINE_R_CONFLICTING_ENGINE_ID);
- return 0;
- }
- if(engine_list_head == NULL)
- {
- /* We are adding to an empty list. */
- if(engine_list_tail)
- {
- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
- ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- engine_list_head = e;
- e->prev = NULL;
- /* The first time the list allocates, we should register the
- * cleanup. */
- engine_cleanup_add_last(engine_list_cleanup);
- }
- else
- {
- /* We are adding to the tail of an existing list. */
- if((engine_list_tail == NULL) ||
- (engine_list_tail->next != NULL))
- {
- ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
- ENGINE_R_INTERNAL_LIST_ERROR);
- return 0;
- }
- engine_list_tail->next = e;
- e->prev = engine_list_tail;
- }
- /* Having the engine in the list assumes a structural
- * reference. */
- e->struct_ref++;
- engine_ref_debug(e, 0, 1)
- /* However it came to be, e is the last item in the list. */
- engine_list_tail = e;
- e->next = NULL;
- return 1;
- }
-
-static int engine_list_remove(ENGINE *e)
- {
- ENGINE *iterator;
-
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- /* We need to check that e is in our linked list! */
- iterator = engine_list_head;
- while(iterator && (iterator != e))
- iterator = iterator->next;
- if(iterator == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
- ENGINE_R_ENGINE_IS_NOT_IN_LIST);
- return 0;
- }
- /* un-link e from the chain. */
- if(e->next)
- e->next->prev = e->prev;
- if(e->prev)
- e->prev->next = e->next;
- /* Correct our head/tail if necessary. */
- if(engine_list_head == e)
- engine_list_head = e->next;
- if(engine_list_tail == e)
- engine_list_tail = e->prev;
- engine_free_util(e, 0);
- return 1;
- }
-
-/* Get the first/last "ENGINE" type available. */
-ENGINE *ENGINE_get_first(void)
- {
- ENGINE *ret;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- ret = engine_list_head;
- if(ret)
- {
- ret->struct_ref++;
- engine_ref_debug(ret, 0, 1)
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return ret;
- }
-
-ENGINE *ENGINE_get_last(void)
- {
- ENGINE *ret;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- ret = engine_list_tail;
- if(ret)
- {
- ret->struct_ref++;
- engine_ref_debug(ret, 0, 1)
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return ret;
- }
-
-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *ENGINE_get_next(ENGINE *e)
- {
- ENGINE *ret = NULL;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- ret = e->next;
- if(ret)
- {
- /* Return a valid structural refernce to the next ENGINE */
- ret->struct_ref++;
- engine_ref_debug(ret, 0, 1)
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- /* Release the structural reference to the previous ENGINE */
- ENGINE_free(e);
- return ret;
- }
-
-ENGINE *ENGINE_get_prev(ENGINE *e)
- {
- ENGINE *ret = NULL;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- ret = e->prev;
- if(ret)
- {
- /* Return a valid structural reference to the next ENGINE */
- ret->struct_ref++;
- engine_ref_debug(ret, 0, 1)
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- /* Release the structural reference to the previous ENGINE */
- ENGINE_free(e);
- return ret;
- }
-
-/* Add another "ENGINE" type into the list. */
-int ENGINE_add(ENGINE *e)
- {
- int to_return = 1;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_ADD,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if((e->id == NULL) || (e->name == NULL))
- {
- ENGINEerr(ENGINE_F_ENGINE_ADD,
- ENGINE_R_ID_OR_NAME_MISSING);
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(!engine_list_add(e))
- {
- ENGINEerr(ENGINE_F_ENGINE_ADD,
- ENGINE_R_INTERNAL_LIST_ERROR);
- to_return = 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return to_return;
- }
-
-/* Remove an existing "ENGINE" type from the array. */
-int ENGINE_remove(ENGINE *e)
- {
- int to_return = 1;
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_REMOVE,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(!engine_list_remove(e))
- {
- ENGINEerr(ENGINE_F_ENGINE_REMOVE,
- ENGINE_R_INTERNAL_LIST_ERROR);
- to_return = 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return to_return;
- }
-
-static void engine_cpy(ENGINE *dest, const ENGINE *src)
- {
- dest->id = src->id;
- dest->name = src->name;
-#ifndef OPENSSL_NO_RSA
- dest->rsa_meth = src->rsa_meth;
-#endif
-#ifndef OPENSSL_NO_DSA
- dest->dsa_meth = src->dsa_meth;
-#endif
-#ifndef OPENSSL_NO_DH
- dest->dh_meth = src->dh_meth;
-#endif
-#ifndef OPENSSL_NO_ECDH
- dest->ecdh_meth = src->ecdh_meth;
-#endif
-#ifndef OPENSSL_NO_ECDSA
- dest->ecdsa_meth = src->ecdsa_meth;
-#endif
- dest->rand_meth = src->rand_meth;
- dest->store_meth = src->store_meth;
- dest->ciphers = src->ciphers;
- dest->digests = src->digests;
- dest->destroy = src->destroy;
- dest->init = src->init;
- dest->finish = src->finish;
- dest->ctrl = src->ctrl;
- dest->load_privkey = src->load_privkey;
- dest->load_pubkey = src->load_pubkey;
- dest->cmd_defns = src->cmd_defns;
- dest->flags = src->flags;
- }
-
-ENGINE *ENGINE_by_id(const char *id)
- {
- ENGINE *iterator;
- char *load_dir = NULL;
- if(id == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_BY_ID,
- ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- iterator = engine_list_head;
- while(iterator && (strcmp(id, iterator->id) != 0))
- iterator = iterator->next;
- if(iterator)
- {
- /* We need to return a structural reference. If this is an
- * ENGINE type that returns copies, make a duplicate - otherwise
- * increment the existing ENGINE's reference count. */
- if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)
- {
- ENGINE *cp = ENGINE_new();
- if(!cp)
- iterator = NULL;
- else
- {
- engine_cpy(cp, iterator);
- iterator = cp;
- }
- }
- else
- {
- iterator->struct_ref++;
- engine_ref_debug(iterator, 0, 1)
- }
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-#if 0
- if(iterator == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_BY_ID,
- ENGINE_R_NO_SUCH_ENGINE);
- ERR_add_error_data(2, "id=", id);
- }
- return iterator;
-#else
- /* EEK! Experimental code starts */
- if(iterator) return iterator;
- /* Prevent infinite recusrion if we're looking for the dynamic engine. */
- if (strcmp(id, "dynamic"))
- {
-#ifdef OPENSSL_SYS_VMS
- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
-#else
- if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
-#endif
- iterator = ENGINE_by_id("dynamic");
- if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
- !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
- !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
- load_dir, 0) ||
- !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
- goto notfound;
- return iterator;
- }
-notfound:
- ENGINE_free(iterator);
- ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
- ERR_add_error_data(2, "id=", id);
- return NULL;
- /* EEK! Experimental code ends */
-#endif
- }
-
-int ENGINE_up_ref(ENGINE *e)
- {
- if (e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE);
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_list.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_list.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_list.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_list.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,402 @@
+/* crypto/engine/eng_list.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include "eng_int.h"
+
+/*
+ * The linked-list of pointers to engine types. engine_list_head incorporates
+ * an implicit structural reference but engine_list_tail does not - the
+ * latter is a computational niceity and only points to something that is
+ * already pointed to by its predecessor in the list (or engine_list_head
+ * itself). In the same way, the use of the "prev" pointer in each ENGINE is
+ * to save excessive list iteration, it doesn't correspond to an extra
+ * structural reference. Hence, engine_list_head, and each non-null "next"
+ * pointer account for the list itself assuming exactly 1 structural
+ * reference on each list member.
+ */
+static ENGINE *engine_list_head = NULL;
+static ENGINE *engine_list_tail = NULL;
+
+/*
+ * This cleanup function is only needed internally. If it should be called,
+ * we register it with the "ENGINE_cleanup()" stack to be called during
+ * cleanup.
+ */
+
+static void engine_list_cleanup(void)
+{
+ ENGINE *iterator = engine_list_head;
+
+ while (iterator != NULL) {
+ ENGINE_remove(iterator);
+ iterator = engine_list_head;
+ }
+ return;
+}
+
+/*
+ * These static functions starting with a lower case "engine_" always take
+ * place when CRYPTO_LOCK_ENGINE has been locked up.
+ */
+static int engine_list_add(ENGINE *e)
+{
+ int conflict = 0;
+ ENGINE *iterator = NULL;
+
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ iterator = engine_list_head;
+ while (iterator && !conflict) {
+ conflict = (strcmp(iterator->id, e->id) == 0);
+ iterator = iterator->next;
+ }
+ if (conflict) {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_CONFLICTING_ENGINE_ID);
+ return 0;
+ }
+ if (engine_list_head == NULL) {
+ /* We are adding to an empty list. */
+ if (engine_list_tail) {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+ return 0;
+ }
+ engine_list_head = e;
+ e->prev = NULL;
+ /*
+ * The first time the list allocates, we should register the cleanup.
+ */
+ engine_cleanup_add_last(engine_list_cleanup);
+ } else {
+ /* We are adding to the tail of an existing list. */
+ if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+ return 0;
+ }
+ engine_list_tail->next = e;
+ e->prev = engine_list_tail;
+ }
+ /*
+ * Having the engine in the list assumes a structural reference.
+ */
+ e->struct_ref++;
+ engine_ref_debug(e, 0, 1)
+ /* However it came to be, e is the last item in the list. */
+ engine_list_tail = e;
+ e->next = NULL;
+ return 1;
+}
+
+static int engine_list_remove(ENGINE *e)
+{
+ ENGINE *iterator;
+
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ /* We need to check that e is in our linked list! */
+ iterator = engine_list_head;
+ while (iterator && (iterator != e))
+ iterator = iterator->next;
+ if (iterator == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+ ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+ return 0;
+ }
+ /* un-link e from the chain. */
+ if (e->next)
+ e->next->prev = e->prev;
+ if (e->prev)
+ e->prev->next = e->next;
+ /* Correct our head/tail if necessary. */
+ if (engine_list_head == e)
+ engine_list_head = e->next;
+ if (engine_list_tail == e)
+ engine_list_tail = e->prev;
+ engine_free_util(e, 0);
+ return 1;
+}
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void)
+{
+ ENGINE *ret;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ ret = engine_list_head;
+ if (ret) {
+ ret->struct_ref++;
+ engine_ref_debug(ret, 0, 1)
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+}
+
+ENGINE *ENGINE_get_last(void)
+{
+ ENGINE *ret;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ ret = engine_list_tail;
+ if (ret) {
+ ret->struct_ref++;
+ engine_ref_debug(ret, 0, 1)
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+}
+
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e)
+{
+ ENGINE *ret = NULL;
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ ret = e->next;
+ if (ret) {
+ /* Return a valid structural refernce to the next ENGINE */
+ ret->struct_ref++;
+ engine_ref_debug(ret, 0, 1)
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /* Release the structural reference to the previous ENGINE */
+ ENGINE_free(e);
+ return ret;
+}
+
+ENGINE *ENGINE_get_prev(ENGINE *e)
+{
+ ENGINE *ret = NULL;
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_GET_PREV, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ ret = e->prev;
+ if (ret) {
+ /* Return a valid structural reference to the next ENGINE */
+ ret->struct_ref++;
+ engine_ref_debug(ret, 0, 1)
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /* Release the structural reference to the previous ENGINE */
+ ENGINE_free(e);
+ return ret;
+}
+
+/* Add another "ENGINE" type into the list. */
+int ENGINE_add(ENGINE *e)
+{
+ int to_return = 1;
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_ADD, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if ((e->id == NULL) || (e->name == NULL)) {
+ ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING);
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (!engine_list_add(e)) {
+ ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+ to_return = 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return to_return;
+}
+
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e)
+{
+ int to_return = 1;
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (!engine_list_remove(e)) {
+ ENGINEerr(ENGINE_F_ENGINE_REMOVE, ENGINE_R_INTERNAL_LIST_ERROR);
+ to_return = 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return to_return;
+}
+
+static void engine_cpy(ENGINE *dest, const ENGINE *src)
+{
+ dest->id = src->id;
+ dest->name = src->name;
+#ifndef OPENSSL_NO_RSA
+ dest->rsa_meth = src->rsa_meth;
+#endif
+#ifndef OPENSSL_NO_DSA
+ dest->dsa_meth = src->dsa_meth;
+#endif
+#ifndef OPENSSL_NO_DH
+ dest->dh_meth = src->dh_meth;
+#endif
+#ifndef OPENSSL_NO_ECDH
+ dest->ecdh_meth = src->ecdh_meth;
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ dest->ecdsa_meth = src->ecdsa_meth;
+#endif
+ dest->rand_meth = src->rand_meth;
+ dest->store_meth = src->store_meth;
+ dest->ciphers = src->ciphers;
+ dest->digests = src->digests;
+ dest->destroy = src->destroy;
+ dest->init = src->init;
+ dest->finish = src->finish;
+ dest->ctrl = src->ctrl;
+ dest->load_privkey = src->load_privkey;
+ dest->load_pubkey = src->load_pubkey;
+ dest->cmd_defns = src->cmd_defns;
+ dest->flags = src->flags;
+}
+
+ENGINE *ENGINE_by_id(const char *id)
+{
+ ENGINE *iterator;
+ char *load_dir = NULL;
+ if (id == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ iterator = engine_list_head;
+ while (iterator && (strcmp(id, iterator->id) != 0))
+ iterator = iterator->next;
+ if (iterator) {
+ /*
+ * We need to return a structural reference. If this is an ENGINE
+ * type that returns copies, make a duplicate - otherwise increment
+ * the existing ENGINE's reference count.
+ */
+ if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) {
+ ENGINE *cp = ENGINE_new();
+ if (!cp)
+ iterator = NULL;
+ else {
+ engine_cpy(cp, iterator);
+ iterator = cp;
+ }
+ } else {
+ iterator->struct_ref++;
+ engine_ref_debug(iterator, 0, 1)
+ }
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+#if 0
+ if (iterator == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
+ ERR_add_error_data(2, "id=", id);
+ }
+ return iterator;
+#else
+ /* EEK! Experimental code starts */
+ if (iterator)
+ return iterator;
+ /*
+ * Prevent infinite recusrion if we're looking for the dynamic engine.
+ */
+ if (strcmp(id, "dynamic")) {
+# ifdef OPENSSL_SYS_VMS
+ if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+ load_dir = "SSLROOT:[ENGINES]";
+# else
+ if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+ load_dir = ENGINESDIR;
+# endif
+ iterator = ENGINE_by_id("dynamic");
+ if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
+ !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
+ !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
+ load_dir, 0) ||
+ !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
+ goto notfound;
+ return iterator;
+ }
+ notfound:
+ ENGINE_free(iterator);
+ ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
+ ERR_add_error_data(2, "id=", id);
+ return NULL;
+ /* EEK! Experimental code ends */
+#endif
+}
+
+int ENGINE_up_ref(ENGINE *e)
+{
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE);
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_openssl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_openssl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_openssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,384 +0,0 @@
-/* crypto/engine/eng_openssl.c */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/engine.h>
-#include <openssl/dso.h>
-#include <openssl/pem.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-/* This testing gunk is implemented (and explained) lower down. It also assumes
- * the application explicitly calls "ENGINE_load_openssl()" because this is no
- * longer automatic in ENGINE_load_builtin_engines(). */
-#define TEST_ENG_OPENSSL_RC4
-#define TEST_ENG_OPENSSL_PKEY
-/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
-#define TEST_ENG_OPENSSL_RC4_P_INIT
-/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
-#define TEST_ENG_OPENSSL_SHA
-/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
-/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
-/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
-/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
-
-/* Now check what of those algorithms are actually enabled */
-#ifdef OPENSSL_NO_RC4
-#undef TEST_ENG_OPENSSL_RC4
-#undef TEST_ENG_OPENSSL_RC4_OTHERS
-#undef TEST_ENG_OPENSSL_RC4_P_INIT
-#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
-#endif
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
-#undef TEST_ENG_OPENSSL_SHA
-#undef TEST_ENG_OPENSSL_SHA_OTHERS
-#undef TEST_ENG_OPENSSL_SHA_P_INIT
-#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
-#undef TEST_ENG_OPENSSL_SHA_P_FINAL
-#endif
-
-#ifdef TEST_ENG_OPENSSL_RC4
-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid);
-#endif
-#ifdef TEST_ENG_OPENSSL_SHA
-static int openssl_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid);
-#endif
-
-#ifdef TEST_ENG_OPENSSL_PKEY
-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-#endif
-
-/* The constants used when creating the ENGINE */
-static const char *engine_openssl_id = "openssl";
-static const char *engine_openssl_name = "Software engine support";
-
-/* This internal function is used by ENGINE_openssl() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
- if(!ENGINE_set_id(e, engine_openssl_id)
- || !ENGINE_set_name(e, engine_openssl_name)
-#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
-#ifndef OPENSSL_NO_RSA
- || !ENGINE_set_RSA(e, RSA_get_default_method())
-#endif
-#ifndef OPENSSL_NO_DSA
- || !ENGINE_set_DSA(e, DSA_get_default_method())
-#endif
-#ifndef OPENSSL_NO_ECDH
- || !ENGINE_set_ECDH(e, ECDH_OpenSSL())
-#endif
-#ifndef OPENSSL_NO_ECDSA
- || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
-#endif
-#ifndef OPENSSL_NO_DH
- || !ENGINE_set_DH(e, DH_get_default_method())
-#endif
- || !ENGINE_set_RAND(e, RAND_SSLeay())
-#ifdef TEST_ENG_OPENSSL_RC4
- || !ENGINE_set_ciphers(e, openssl_ciphers)
-#endif
-#ifdef TEST_ENG_OPENSSL_SHA
- || !ENGINE_set_digests(e, openssl_digests)
-#endif
-#endif
-#ifdef TEST_ENG_OPENSSL_PKEY
- || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
-#endif
- )
- return 0;
- /* If we add errors to this ENGINE, ensure the error handling is setup here */
- /* openssl_load_error_strings(); */
- return 1;
- }
-
-static ENGINE *engine_openssl(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_openssl(void)
- {
- ENGINE *toadd = engine_openssl();
- if(!toadd) return;
- ENGINE_add(toadd);
- /* If the "add" worked, it gets a structural reference. So either way,
- * we release our just-created reference. */
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_openssl_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
-
-#ifdef TEST_ENG_OPENSSL_RC4
-/* This section of code compiles an "alternative implementation" of two modes of
- * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
- * should under normal circumstances go via this support rather than the default
- * EVP support. There are other symbols to tweak the testing;
- * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
- * we're asked for a cipher we don't support (should not happen).
- * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
- * the "init_key" handler is called.
- * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
- */
-#include <openssl/rc4.h>
-#define TEST_RC4_KEY_SIZE 16
-static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
-static int test_cipher_nids_number = 2;
-typedef struct {
- unsigned char key[TEST_RC4_KEY_SIZE];
- RC4_KEY ks;
- } TEST_RC4_KEY;
-#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
-static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
-#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
-#endif
- memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
- RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
- test(ctx)->key);
- return 1;
- }
-static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
-#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
-#endif
- RC4(&test(ctx)->ks,inl,in,out);
- return 1;
- }
-static const EVP_CIPHER test_r4_cipher=
- {
- NID_rc4,
- 1,TEST_RC4_KEY_SIZE,0,
- EVP_CIPH_VARIABLE_LENGTH,
- test_rc4_init_key,
- test_rc4_cipher,
- NULL,
- sizeof(TEST_RC4_KEY),
- NULL,
- NULL,
- NULL,
- NULL
- };
-static const EVP_CIPHER test_r4_40_cipher=
- {
- NID_rc4_40,
- 1,5 /* 40 bit */,0,
- EVP_CIPH_VARIABLE_LENGTH,
- test_rc4_init_key,
- test_rc4_cipher,
- NULL,
- sizeof(TEST_RC4_KEY),
- NULL,
- NULL,
- NULL,
- NULL
- };
-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid)
- {
- if(!cipher)
- {
- /* We are returning a list of supported nids */
- *nids = test_cipher_nids;
- return test_cipher_nids_number;
- }
- /* We are being asked for a specific cipher */
- if(nid == NID_rc4)
- *cipher = &test_r4_cipher;
- else if(nid == NID_rc4_40)
- *cipher = &test_r4_40_cipher;
- else
- {
-#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
- fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
- "nid %d\n", nid);
-#endif
- *cipher = NULL;
- return 0;
- }
- return 1;
- }
-#endif
-
-#ifdef TEST_ENG_OPENSSL_SHA
-/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
-#include <openssl/sha.h>
-static int test_digest_nids[] = {NID_sha1};
-static int test_digest_nids_number = 1;
-static int test_sha1_init(EVP_MD_CTX *ctx)
- {
-#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
-#endif
- return SHA1_Init(ctx->md_data);
- }
-static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,size_t count)
- {
-#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
-#endif
- return SHA1_Update(ctx->md_data,data,count);
- }
-static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md)
- {
-#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
-#endif
- return SHA1_Final(md,ctx->md_data);
- }
-static const EVP_MD test_sha_md=
- {
- NID_sha1,
- NID_sha1WithRSAEncryption,
- SHA_DIGEST_LENGTH,
- 0,
- test_sha1_init,
- test_sha1_update,
- test_sha1_final,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- SHA_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA_CTX),
- };
-static int openssl_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid)
- {
- if(!digest)
- {
- /* We are returning a list of supported nids */
- *nids = test_digest_nids;
- return test_digest_nids_number;
- }
- /* We are being asked for a specific digest */
- if(nid == NID_sha1)
- *digest = &test_sha_md;
- else
- {
-#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
- fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
- "nid %d\n", nid);
-#endif
- *digest = NULL;
- return 0;
- }
- return 1;
- }
-#endif
-
-#ifdef TEST_ENG_OPENSSL_PKEY
-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- BIO *in;
- EVP_PKEY *key;
- fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);
- in = BIO_new_file(key_id, "r");
- if (!in)
- return NULL;
- key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
- BIO_free(in);
- return key;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_openssl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_openssl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_openssl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_openssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,402 @@
+/* crypto/engine/eng_openssl.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+
+/*
+ * This testing gunk is implemented (and explained) lower down. It also
+ * assumes the application explicitly calls "ENGINE_load_openssl()" because
+ * this is no longer automatic in ENGINE_load_builtin_engines().
+ */
+#define TEST_ENG_OPENSSL_RC4
+#define TEST_ENG_OPENSSL_PKEY
+/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
+#define TEST_ENG_OPENSSL_RC4_P_INIT
+/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
+#define TEST_ENG_OPENSSL_SHA
+/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
+/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
+/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
+/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
+
+/* Now check what of those algorithms are actually enabled */
+#ifdef OPENSSL_NO_RC4
+# undef TEST_ENG_OPENSSL_RC4
+# undef TEST_ENG_OPENSSL_RC4_OTHERS
+# undef TEST_ENG_OPENSSL_RC4_P_INIT
+# undef TEST_ENG_OPENSSL_RC4_P_CIPHER
+#endif
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
+# undef TEST_ENG_OPENSSL_SHA
+# undef TEST_ENG_OPENSSL_SHA_OTHERS
+# undef TEST_ENG_OPENSSL_SHA_P_INIT
+# undef TEST_ENG_OPENSSL_SHA_P_UPDATE
+# undef TEST_ENG_OPENSSL_SHA_P_FINAL
+#endif
+
+#ifdef TEST_ENG_OPENSSL_RC4
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ const int **nids, int nid);
+#endif
+#ifdef TEST_ENG_OPENSSL_SHA
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+ const int **nids, int nid);
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data);
+#endif
+
+/* The constants used when creating the ENGINE */
+static const char *engine_openssl_id = "openssl";
+static const char *engine_openssl_name = "Software engine support";
+
+/*
+ * This internal function is used by ENGINE_openssl() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+ if (!ENGINE_set_id(e, engine_openssl_id)
+ || !ENGINE_set_name(e, engine_openssl_name)
+#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
+# ifndef OPENSSL_NO_RSA
+ || !ENGINE_set_RSA(e, RSA_get_default_method())
+# endif
+# ifndef OPENSSL_NO_DSA
+ || !ENGINE_set_DSA(e, DSA_get_default_method())
+# endif
+# ifndef OPENSSL_NO_ECDH
+ || !ENGINE_set_ECDH(e, ECDH_OpenSSL())
+# endif
+# ifndef OPENSSL_NO_ECDSA
+ || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
+# endif
+# ifndef OPENSSL_NO_DH
+ || !ENGINE_set_DH(e, DH_get_default_method())
+# endif
+ || !ENGINE_set_RAND(e, RAND_SSLeay())
+# ifdef TEST_ENG_OPENSSL_RC4
+ || !ENGINE_set_ciphers(e, openssl_ciphers)
+# endif
+# ifdef TEST_ENG_OPENSSL_SHA
+ || !ENGINE_set_digests(e, openssl_digests)
+# endif
+#endif
+#ifdef TEST_ENG_OPENSSL_PKEY
+ || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
+#endif
+ )
+ return 0;
+ /*
+ * If we add errors to this ENGINE, ensure the error handling is setup
+ * here
+ */
+ /* openssl_load_error_strings(); */
+ return 1;
+}
+
+static ENGINE *engine_openssl(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_openssl(void)
+{
+ ENGINE *toadd = engine_openssl();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ /*
+ * If the "add" worked, it gets a structural reference. So either way, we
+ * release our just-created reference.
+ */
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_openssl_id) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+#ifdef TEST_ENG_OPENSSL_RC4
+/*-
+ * This section of code compiles an "alternative implementation" of two modes of
+ * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
+ * should under normal circumstances go via this support rather than the default
+ * EVP support. There are other symbols to tweak the testing;
+ * TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
+ * we're asked for a cipher we don't support (should not happen).
+ * TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
+ * the "init_key" handler is called.
+ * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
+ */
+# include <openssl/rc4.h>
+# define TEST_RC4_KEY_SIZE 16
+static int test_cipher_nids[] = { NID_rc4, NID_rc4_40 };
+
+static int test_cipher_nids_number = 2;
+typedef struct {
+ unsigned char key[TEST_RC4_KEY_SIZE];
+ RC4_KEY ks;
+} TEST_RC4_KEY;
+# define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
+static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+# ifdef TEST_ENG_OPENSSL_RC4_P_INIT
+ fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
+# endif
+ memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
+ RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+ test(ctx)->key);
+ return 1;
+}
+
+static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
+ fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
+# endif
+ RC4(&test(ctx)->ks, inl, in, out);
+ return 1;
+}
+
+static const EVP_CIPHER test_r4_cipher = {
+ NID_rc4,
+ 1, TEST_RC4_KEY_SIZE, 0,
+ EVP_CIPH_VARIABLE_LENGTH,
+ test_rc4_init_key,
+ test_rc4_cipher,
+ NULL,
+ sizeof(TEST_RC4_KEY),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+static const EVP_CIPHER test_r4_40_cipher = {
+ NID_rc4_40,
+ 1, 5 /* 40 bit */ , 0,
+ EVP_CIPH_VARIABLE_LENGTH,
+ test_rc4_init_key,
+ test_rc4_cipher,
+ NULL,
+ sizeof(TEST_RC4_KEY),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ const int **nids, int nid)
+{
+ if (!cipher) {
+ /* We are returning a list of supported nids */
+ *nids = test_cipher_nids;
+ return test_cipher_nids_number;
+ }
+ /* We are being asked for a specific cipher */
+ if (nid == NID_rc4)
+ *cipher = &test_r4_cipher;
+ else if (nid == NID_rc4_40)
+ *cipher = &test_r4_40_cipher;
+ else {
+# ifdef TEST_ENG_OPENSSL_RC4_OTHERS
+ fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
+ "nid %d\n", nid);
+# endif
+ *cipher = NULL;
+ return 0;
+ }
+ return 1;
+}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_SHA
+/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
+# include <openssl/sha.h>
+static int test_digest_nids[] = { NID_sha1 };
+
+static int test_digest_nids_number = 1;
+static int test_sha1_init(EVP_MD_CTX *ctx)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_INIT
+ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
+# endif
+ return SHA1_Init(ctx->md_data);
+}
+
+static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
+ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
+# endif
+ return SHA1_Update(ctx->md_data, data, count);
+}
+
+static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
+ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
+# endif
+ return SHA1_Final(md, ctx->md_data);
+}
+
+static const EVP_MD test_sha_md = {
+ NID_sha1,
+ NID_sha1WithRSAEncryption,
+ SHA_DIGEST_LENGTH,
+ 0,
+ test_sha1_init,
+ test_sha1_update,
+ test_sha1_final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
+
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+ const int **nids, int nid)
+{
+ if (!digest) {
+ /* We are returning a list of supported nids */
+ *nids = test_digest_nids;
+ return test_digest_nids_number;
+ }
+ /* We are being asked for a specific digest */
+ if (nid == NID_sha1)
+ *digest = &test_sha_md;
+ else {
+# ifdef TEST_ENG_OPENSSL_SHA_OTHERS
+ fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
+ "nid %d\n", nid);
+# endif
+ *digest = NULL;
+ return 0;
+ }
+ return 1;
+}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data)
+{
+ BIO *in;
+ EVP_PKEY *key;
+ fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
+ key_id);
+ in = BIO_new_file(key_id, "r");
+ if (!in)
+ return NULL;
+ key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
+ BIO_free(in);
+ return key;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_padlock.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_padlock.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_padlock.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1219 +0,0 @@
-/*
- * Support for VIA PadLock Advanced Cryptography Engine (ACE)
- * Written by Michal Ludvig <michal at logix.cz>
- * http://www.logix.cz/michal
- *
- * Big thanks to Andy Polyakov for a help with optimization,
- * assembler fixes, port to MS Windows and a lot of other
- * valuable work on this engine!
- */
-
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/opensslconf.h>
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_AES
-#include <openssl/aes.h>
-#endif
-#include <openssl/rand.h>
-#include <openssl/err.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_PADLOCK
-
-/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
-#if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
-# ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define DYNAMIC_ENGINE
-# endif
-#elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-# ifdef ENGINE_DYNAMIC_SUPPORT
-# define DYNAMIC_ENGINE
-# endif
-#else
-# error "Only OpenSSL >= 0.9.7 is supported"
-#endif
-
-/* VIA PadLock AES is available *ONLY* on some x86 CPUs.
- Not only that it doesn't exist elsewhere, but it
- even can't be compiled on other platforms!
-
- In addition, because of the heavy use of inline assembler,
- compiler choice is limited to GCC and Microsoft C. */
-#undef COMPILE_HW_PADLOCK
-#if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
- (defined(_MSC_VER) && defined(_M_IX86))
-# define COMPILE_HW_PADLOCK
-static ENGINE *ENGINE_padlock (void);
-# endif
-#endif
-
-void ENGINE_load_padlock (void)
-{
-/* On non-x86 CPUs it just returns. */
-#ifdef COMPILE_HW_PADLOCK
- ENGINE *toadd = ENGINE_padlock ();
- if (!toadd) return;
- ENGINE_add (toadd);
- ENGINE_free (toadd);
- ERR_clear_error ();
-#endif
-}
-
-#ifdef COMPILE_HW_PADLOCK
-/* We do these includes here to avoid header problems on platforms that
- do not have the VIA padlock anyway... */
-#ifdef _MSC_VER
-# include <malloc.h>
-# define alloca _alloca
-#elif defined(NETWARE_CLIB) && defined(__GNUC__)
- void *alloca(size_t);
-# define alloca(s) __builtin_alloca(s)
-#else
-# include <stdlib.h>
-#endif
-
-/* Function for ENGINE detection and control */
-static int padlock_available(void);
-static int padlock_init(ENGINE *e);
-
-/* RNG Stuff */
-static RAND_METHOD padlock_rand;
-
-/* Cipher Stuff */
-#ifndef OPENSSL_NO_AES
-static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
-#endif
-
-/* Engine names */
-static const char *padlock_id = "padlock";
-static char padlock_name[100];
-
-/* Available features */
-static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
-static int padlock_use_rng = 0; /* Random Number Generator */
-#ifndef OPENSSL_NO_AES
-static int padlock_aes_align_required = 1;
-#endif
-
-/* ===== Engine "management" functions ===== */
-
-/* Prepare the ENGINE structure for registration */
-static int
-padlock_bind_helper(ENGINE *e)
-{
- /* Check available features */
- padlock_available();
-
-#if 1 /* disable RNG for now, see commentary in vicinity of RNG code */
- padlock_use_rng=0;
-#endif
-
- /* Generate a nice engine name with available features */
- BIO_snprintf(padlock_name, sizeof(padlock_name),
- "VIA PadLock (%s, %s)",
- padlock_use_rng ? "RNG" : "no-RNG",
- padlock_use_ace ? "ACE" : "no-ACE");
-
- /* Register everything or return with an error */
- if (!ENGINE_set_id(e, padlock_id) ||
- !ENGINE_set_name(e, padlock_name) ||
-
- !ENGINE_set_init_function(e, padlock_init) ||
-#ifndef OPENSSL_NO_AES
- (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
-#endif
- (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
- return 0;
- }
-
- /* Everything looks good */
- return 1;
-}
-
-/* Constructor */
-static ENGINE *
-ENGINE_padlock(void)
-{
- ENGINE *eng = ENGINE_new();
-
- if (!eng) {
- return NULL;
- }
-
- if (!padlock_bind_helper(eng)) {
- ENGINE_free(eng);
- return NULL;
- }
-
- return eng;
-}
-
-/* Check availability of the engine */
-static int
-padlock_init(ENGINE *e)
-{
- return (padlock_use_rng || padlock_use_ace);
-}
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library.
- */
-#ifdef DYNAMIC_ENGINE
-static int
-padlock_bind_fn(ENGINE *e, const char *id)
-{
- if (id && (strcmp(id, padlock_id) != 0)) {
- return 0;
- }
-
- if (!padlock_bind_helper(e)) {
- return 0;
- }
-
- return 1;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN ()
-IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn)
-#endif /* DYNAMIC_ENGINE */
-
-/* ===== Here comes the "real" engine ===== */
-
-#ifndef OPENSSL_NO_AES
-/* Some AES-related constants */
-#define AES_BLOCK_SIZE 16
-#define AES_KEY_SIZE_128 16
-#define AES_KEY_SIZE_192 24
-#define AES_KEY_SIZE_256 32
-
-/* Here we store the status information relevant to the
- current context. */
-/* BIG FAT WARNING:
- * Inline assembler in PADLOCK_XCRYPT_ASM()
- * depends on the order of items in this structure.
- * Don't blindly modify, reorder, etc!
- */
-struct padlock_cipher_data
-{
- unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
- union { unsigned int pad[4];
- struct {
- int rounds:4;
- int dgst:1; /* n/a in C3 */
- int align:1; /* n/a in C3 */
- int ciphr:1; /* n/a in C3 */
- unsigned int keygen:1;
- int interm:1;
- unsigned int encdec:1;
- int ksize:2;
- } b;
- } cword; /* Control word */
- AES_KEY ks; /* Encryption key */
-};
-
-/*
- * Essentially this variable belongs in thread local storage.
- * Having this variable global on the other hand can only cause
- * few bogus key reloads [if any at all on single-CPU system],
- * so we accept the penatly...
- */
-static volatile struct padlock_cipher_data *padlock_saved_context;
-#endif
-
-/*
- * =======================================================
- * Inline assembler section(s).
- * =======================================================
- * Order of arguments is chosen to facilitate Windows port
- * using __fastcall calling convention. If you wish to add
- * more routines, keep in mind that first __fastcall
- * argument is passed in %ecx and second - in %edx.
- * =======================================================
- */
-#if defined(__GNUC__) && __GNUC__>=2
-/*
- * As for excessive "push %ebx"/"pop %ebx" found all over.
- * When generating position-independent code GCC won't let
- * us use "b" in assembler templates nor even respect "ebx"
- * in "clobber description." Therefore the trouble...
- */
-
-/* Helper function - check if a CPUID instruction
- is available on this CPU */
-static int
-padlock_insn_cpuid_available(void)
-{
- int result = -1;
-
- /* We're checking if the bit #21 of EFLAGS
- can be toggled. If yes = CPUID is available. */
- asm volatile (
- "pushf\n"
- "popl %%eax\n"
- "xorl $0x200000, %%eax\n"
- "movl %%eax, %%ecx\n"
- "andl $0x200000, %%ecx\n"
- "pushl %%eax\n"
- "popf\n"
- "pushf\n"
- "popl %%eax\n"
- "andl $0x200000, %%eax\n"
- "xorl %%eax, %%ecx\n"
- "movl %%ecx, %0\n"
- : "=r" (result) : : "eax", "ecx");
-
- return (result == 0);
-}
-
-/* Load supported features of the CPU to see if
- the PadLock is available. */
-static int
-padlock_available(void)
-{
- char vendor_string[16];
- unsigned int eax, edx;
-
- /* First check if the CPUID instruction is available at all... */
- if (! padlock_insn_cpuid_available())
- return 0;
-
- /* Are we running on the Centaur (VIA) CPU? */
- eax = 0x00000000;
- vendor_string[12] = 0;
- asm volatile (
- "pushl %%ebx\n"
- "cpuid\n"
- "movl %%ebx,(%%edi)\n"
- "movl %%edx,4(%%edi)\n"
- "movl %%ecx,8(%%edi)\n"
- "popl %%ebx"
- : "+a"(eax) : "D"(vendor_string) : "ecx", "edx");
- if (strcmp(vendor_string, "CentaurHauls") != 0)
- return 0;
-
- /* Check for Centaur Extended Feature Flags presence */
- eax = 0xC0000000;
- asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
- : "+a"(eax) : : "ecx", "edx");
- if (eax < 0xC0000001)
- return 0;
-
- /* Read the Centaur Extended Feature Flags */
- eax = 0xC0000001;
- asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
- : "+a"(eax), "=d"(edx) : : "ecx");
-
- /* Fill up some flags */
- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
-
- return padlock_use_ace + padlock_use_rng;
-}
-
-#ifndef OPENSSL_NO_AES
-/* Our own htonl()/ntohl() */
-static inline void
-padlock_bswapl(AES_KEY *ks)
-{
- size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
- unsigned int *key = ks->rd_key;
-
- while (i--) {
- asm volatile ("bswapl %0" : "+r"(*key));
- key++;
- }
-}
-#endif
-
-/* Force key reload from memory to the CPU microcode.
- Loading EFLAGS from the stack clears EFLAGS[30]
- which does the trick. */
-static inline void
-padlock_reload_key(void)
-{
- asm volatile ("pushfl; popfl");
-}
-
-#ifndef OPENSSL_NO_AES
-/*
- * This is heuristic key context tracing. At first one
- * believes that one should use atomic swap instructions,
- * but it's not actually necessary. Point is that if
- * padlock_saved_context was changed by another thread
- * after we've read it and before we compare it with cdata,
- * our key *shall* be reloaded upon thread context switch
- * and we are therefore set in either case...
- */
-static inline void
-padlock_verify_context(struct padlock_cipher_data *cdata)
-{
- asm volatile (
- "pushfl\n"
-" btl $30,(%%esp)\n"
-" jnc 1f\n"
-" cmpl %2,%1\n"
-" je 1f\n"
-" popfl\n"
-" subl $4,%%esp\n"
-"1: addl $4,%%esp\n"
-" movl %2,%0"
- :"+m"(padlock_saved_context)
- : "r"(padlock_saved_context), "r"(cdata) : "cc");
-}
-
-/* Template for padlock_xcrypt_* modes */
-/* BIG FAT WARNING:
- * The offsets used with 'leal' instructions
- * describe items of the 'padlock_cipher_data'
- * structure.
- */
-#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \
-static inline void *name(size_t cnt, \
- struct padlock_cipher_data *cdata, \
- void *out, const void *inp) \
-{ void *iv; \
- asm volatile ( "pushl %%ebx\n" \
- " leal 16(%0),%%edx\n" \
- " leal 32(%0),%%ebx\n" \
- rep_xcrypt "\n" \
- " popl %%ebx" \
- : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
- : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \
- : "edx", "cc", "memory"); \
- return iv; \
-}
-
-/* Generate all functions with appropriate opcodes */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */
-#endif
-
-/* The RNG call itself */
-static inline unsigned int
-padlock_xstore(void *addr, unsigned int edx_in)
-{
- unsigned int eax_out;
-
- asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */
- : "=a"(eax_out),"=m"(*(unsigned *)addr)
- : "D"(addr), "d" (edx_in)
- );
-
- return eax_out;
-}
-
-/* Why not inline 'rep movsd'? I failed to find information on what
- * value in Direction Flag one can expect and consequently have to
- * apply "better-safe-than-sorry" approach and assume "undefined."
- * I could explicitly clear it and restore the original value upon
- * return from padlock_aes_cipher, but it's presumably too much
- * trouble for too little gain...
- *
- * In case you wonder 'rep xcrypt*' instructions above are *not*
- * affected by the Direction Flag and pointers advance toward
- * larger addresses unconditionally.
- */
-static inline unsigned char *
-padlock_memcpy(void *dst,const void *src,size_t n)
-{
- long *d=dst;
- const long *s=src;
-
- n /= sizeof(*d);
- do { *d++ = *s++; } while (--n);
-
- return dst;
-}
-
-#elif defined(_MSC_VER)
-/*
- * Unlike GCC these are real functions. In order to minimize impact
- * on performance we adhere to __fastcall calling convention in
- * order to get two first arguments passed through %ecx and %edx.
- * Which kind of suits very well, as instructions in question use
- * both %ecx and %edx as input:-)
- */
-#define REP_XCRYPT(code) \
- _asm _emit 0xf3 \
- _asm _emit 0x0f _asm _emit 0xa7 \
- _asm _emit code
-
-/* BIG FAT WARNING:
- * The offsets used with 'lea' instructions
- * describe items of the 'padlock_cipher_data'
- * structure.
- */
-#define PADLOCK_XCRYPT_ASM(name,code) \
-static void * __fastcall \
- name (size_t cnt, void *cdata, \
- void *outp, const void *inp) \
-{ _asm mov eax,edx \
- _asm lea edx,[eax+16] \
- _asm lea ebx,[eax+32] \
- _asm mov edi,outp \
- _asm mov esi,inp \
- REP_XCRYPT(code) \
-}
-
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8)
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0)
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0)
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8)
-
-static int __fastcall
-padlock_xstore(void *outp,unsigned int code)
-{ _asm mov edi,ecx
- _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0
-}
-
-static void __fastcall
-padlock_reload_key(void)
-{ _asm pushfd _asm popfd }
-
-static void __fastcall
-padlock_verify_context(void *cdata)
-{ _asm {
- pushfd
- bt DWORD PTR[esp],30
- jnc skip
- cmp ecx,padlock_saved_context
- je skip
- popfd
- sub esp,4
- skip: add esp,4
- mov padlock_saved_context,ecx
- }
-}
-
-static int
-padlock_available(void)
-{ _asm {
- pushfd
- pop eax
- mov ecx,eax
- xor eax,1<<21
- push eax
- popfd
- pushfd
- pop eax
- xor eax,ecx
- bt eax,21
- jnc noluck
- mov eax,0
- cpuid
- xor eax,eax
- cmp ebx,'tneC'
- jne noluck
- cmp edx,'Hrua'
- jne noluck
- cmp ecx,'slua'
- jne noluck
- mov eax,0xC0000000
- cpuid
- mov edx,eax
- xor eax,eax
- cmp edx,0xC0000001
- jb noluck
- mov eax,0xC0000001
- cpuid
- xor eax,eax
- bt edx,6
- jnc skip_a
- bt edx,7
- jnc skip_a
- mov padlock_use_ace,1
- inc eax
- skip_a: bt edx,2
- jnc skip_r
- bt edx,3
- jnc skip_r
- mov padlock_use_rng,1
- inc eax
- skip_r:
- noluck:
- }
-}
-
-static void __fastcall
-padlock_bswapl(void *key)
-{ _asm {
- pushfd
- cld
- mov esi,ecx
- mov edi,ecx
- mov ecx,60
- up: lodsd
- bswap eax
- stosd
- loop up
- popfd
- }
-}
-
-/* MS actually specifies status of Direction Flag and compiler even
- * manages to compile following as 'rep movsd' all by itself...
- */
-#define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U))
-#endif
-
-/* ===== AES encryption/decryption ===== */
-#ifndef OPENSSL_NO_AES
-
-#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
-#define NID_aes_128_cfb NID_aes_128_cfb128
-#endif
-
-#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
-#define NID_aes_128_ofb NID_aes_128_ofb128
-#endif
-
-#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
-#define NID_aes_192_cfb NID_aes_192_cfb128
-#endif
-
-#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
-#define NID_aes_192_ofb NID_aes_192_ofb128
-#endif
-
-#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
-#define NID_aes_256_cfb NID_aes_256_cfb128
-#endif
-
-#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
-#define NID_aes_256_ofb NID_aes_256_ofb128
-#endif
-
-/* List of supported ciphers. */
-static int padlock_cipher_nids[] = {
- NID_aes_128_ecb,
- NID_aes_128_cbc,
- NID_aes_128_cfb,
- NID_aes_128_ofb,
-
- NID_aes_192_ecb,
- NID_aes_192_cbc,
- NID_aes_192_cfb,
- NID_aes_192_ofb,
-
- NID_aes_256_ecb,
- NID_aes_256_cbc,
- NID_aes_256_cfb,
- NID_aes_256_ofb,
-};
-static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/
- sizeof(padlock_cipher_nids[0]));
-
-/* Function prototypes ... */
-static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, size_t nbytes);
-
-#define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \
- ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) )
-#define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
- NEAREST_ALIGNED(ctx->cipher_data))
-
-#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
-#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
-#define EVP_CIPHER_block_size_OFB 1
-#define EVP_CIPHER_block_size_CFB 1
-
-/* Declaring so many ciphers by hand would be a pain.
- Instead introduce a bit of preprocessor magic :-) */
-#define DECLARE_AES_EVP(ksize,lmode,umode) \
-static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \
- NID_aes_##ksize##_##lmode, \
- EVP_CIPHER_block_size_##umode, \
- AES_KEY_SIZE_##ksize, \
- AES_BLOCK_SIZE, \
- 0 | EVP_CIPH_##umode##_MODE, \
- padlock_aes_init_key, \
- padlock_aes_cipher, \
- NULL, \
- sizeof(struct padlock_cipher_data) + 16, \
- EVP_CIPHER_set_asn1_iv, \
- EVP_CIPHER_get_asn1_iv, \
- NULL, \
- NULL \
-}
-
-DECLARE_AES_EVP(128,ecb,ECB);
-DECLARE_AES_EVP(128,cbc,CBC);
-DECLARE_AES_EVP(128,cfb,CFB);
-DECLARE_AES_EVP(128,ofb,OFB);
-
-DECLARE_AES_EVP(192,ecb,ECB);
-DECLARE_AES_EVP(192,cbc,CBC);
-DECLARE_AES_EVP(192,cfb,CFB);
-DECLARE_AES_EVP(192,ofb,OFB);
-
-DECLARE_AES_EVP(256,ecb,ECB);
-DECLARE_AES_EVP(256,cbc,CBC);
-DECLARE_AES_EVP(256,cfb,CFB);
-DECLARE_AES_EVP(256,ofb,OFB);
-
-static int
-padlock_ciphers (ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
-{
- /* No specific cipher => return a list of supported nids ... */
- if (!cipher) {
- *nids = padlock_cipher_nids;
- return padlock_cipher_nids_num;
- }
-
- /* ... or the requested "cipher" otherwise */
- switch (nid) {
- case NID_aes_128_ecb:
- *cipher = &padlock_aes_128_ecb;
- break;
- case NID_aes_128_cbc:
- *cipher = &padlock_aes_128_cbc;
- break;
- case NID_aes_128_cfb:
- *cipher = &padlock_aes_128_cfb;
- break;
- case NID_aes_128_ofb:
- *cipher = &padlock_aes_128_ofb;
- break;
-
- case NID_aes_192_ecb:
- *cipher = &padlock_aes_192_ecb;
- break;
- case NID_aes_192_cbc:
- *cipher = &padlock_aes_192_cbc;
- break;
- case NID_aes_192_cfb:
- *cipher = &padlock_aes_192_cfb;
- break;
- case NID_aes_192_ofb:
- *cipher = &padlock_aes_192_ofb;
- break;
-
- case NID_aes_256_ecb:
- *cipher = &padlock_aes_256_ecb;
- break;
- case NID_aes_256_cbc:
- *cipher = &padlock_aes_256_cbc;
- break;
- case NID_aes_256_cfb:
- *cipher = &padlock_aes_256_cfb;
- break;
- case NID_aes_256_ofb:
- *cipher = &padlock_aes_256_ofb;
- break;
-
- default:
- /* Sorry, we don't support this NID */
- *cipher = NULL;
- return 0;
- }
-
- return 1;
-}
-
-/* Prepare the encryption key for PadLock usage */
-static int
-padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
-{
- struct padlock_cipher_data *cdata;
- int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
-
- if (key==NULL) return 0; /* ERROR */
-
- cdata = ALIGNED_CIPHER_DATA(ctx);
- memset(cdata, 0, sizeof(struct padlock_cipher_data));
-
- /* Prepare Control word. */
- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
- cdata->cword.b.encdec = 0;
- else
- cdata->cword.b.encdec = (ctx->encrypt == 0);
- cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
- cdata->cword.b.ksize = (key_len - 128) / 64;
-
- switch(key_len) {
- case 128:
- /* PadLock can generate an extended key for
- AES128 in hardware */
- memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
- cdata->cword.b.keygen = 0;
- break;
-
- case 192:
- case 256:
- /* Generate an extended AES key in software.
- Needed for AES192/AES256 */
- /* Well, the above applies to Stepping 8 CPUs
- and is listed as hardware errata. They most
- likely will fix it at some point and then
- a check for stepping would be due here. */
- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE ||
- EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE ||
- enc)
- AES_set_encrypt_key(key, key_len, &cdata->ks);
- else
- AES_set_decrypt_key(key, key_len, &cdata->ks);
-#ifndef AES_ASM
- /* OpenSSL C functions use byte-swapped extended key. */
- padlock_bswapl(&cdata->ks);
-#endif
- cdata->cword.b.keygen = 1;
- break;
-
- default:
- /* ERROR */
- return 0;
- }
-
- /*
- * This is done to cover for cases when user reuses the
- * context for new key. The catch is that if we don't do
- * this, padlock_eas_cipher might proceed with old key...
- */
- padlock_reload_key ();
-
- return 1;
-}
-
-/*
- * Simplified version of padlock_aes_cipher() used when
- * 1) both input and output buffers are at aligned addresses.
- * or when
- * 2) running on a newer CPU that doesn't require aligned buffers.
- */
-static int
-padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
- const unsigned char *in_arg, size_t nbytes)
-{
- struct padlock_cipher_data *cdata;
- void *iv;
-
- cdata = ALIGNED_CIPHER_DATA(ctx);
- padlock_verify_context(cdata);
-
- switch (EVP_CIPHER_CTX_mode(ctx)) {
- case EVP_CIPH_ECB_MODE:
- padlock_xcrypt_ecb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
- break;
-
- case EVP_CIPH_CBC_MODE:
- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
- iv = padlock_xcrypt_cbc(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
- memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
- break;
-
- case EVP_CIPH_CFB_MODE:
- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
- iv = padlock_xcrypt_cfb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
- memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
- break;
-
- case EVP_CIPH_OFB_MODE:
- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
- padlock_xcrypt_ofb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
- memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
- break;
-
- default:
- return 0;
- }
-
- memset(cdata->iv, 0, AES_BLOCK_SIZE);
-
- return 1;
-}
-
-#ifndef PADLOCK_CHUNK
-# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */
-#endif
-#if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1)
-# error "insane PADLOCK_CHUNK..."
-#endif
-
-/* Re-align the arguments to 16-Bytes boundaries and run the
- encryption function itself. This function is not AES-specific. */
-static int
-padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
- const unsigned char *in_arg, size_t nbytes)
-{
- struct padlock_cipher_data *cdata;
- const void *inp;
- unsigned char *out;
- void *iv;
- int inp_misaligned, out_misaligned, realign_in_loop;
- size_t chunk, allocated=0;
-
- /* ctx->num is maintained in byte-oriented modes,
- such as CFB and OFB... */
- if ((chunk = ctx->num)) { /* borrow chunk variable */
- unsigned char *ivp=ctx->iv;
-
- switch (EVP_CIPHER_CTX_mode(ctx)) {
- case EVP_CIPH_CFB_MODE:
- if (chunk >= AES_BLOCK_SIZE)
- return 0; /* bogus value */
-
- if (ctx->encrypt)
- while (chunk<AES_BLOCK_SIZE && nbytes!=0) {
- ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
- chunk++, nbytes--;
- }
- else while (chunk<AES_BLOCK_SIZE && nbytes!=0) {
- unsigned char c = *(in_arg++);
- *(out_arg++) = c ^ ivp[chunk];
- ivp[chunk++] = c, nbytes--;
- }
-
- ctx->num = chunk%AES_BLOCK_SIZE;
- break;
- case EVP_CIPH_OFB_MODE:
- if (chunk >= AES_BLOCK_SIZE)
- return 0; /* bogus value */
-
- while (chunk<AES_BLOCK_SIZE && nbytes!=0) {
- *(out_arg++) = *(in_arg++) ^ ivp[chunk];
- chunk++, nbytes--;
- }
-
- ctx->num = chunk%AES_BLOCK_SIZE;
- break;
- }
- }
-
- if (nbytes == 0)
- return 1;
-#if 0
- if (nbytes % AES_BLOCK_SIZE)
- return 0; /* are we expected to do tail processing? */
-#else
- /* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC
- modes and arbitrary value in byte-oriented modes, such as
- CFB and OFB... */
-#endif
-
- /* VIA promises CPUs that won't require alignment in the future.
- For now padlock_aes_align_required is initialized to 1 and
- the condition is never met... */
- /* C7 core is capable to manage unaligned input in non-ECB[!]
- mode, but performance penalties appear to be approximately
- same as for software alignment below or ~3x. They promise to
- improve it in the future, but for now we can just as well
- pretend that it can only handle aligned input... */
- if (!padlock_aes_align_required && (nbytes%AES_BLOCK_SIZE)==0)
- return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
-
- inp_misaligned = (((size_t)in_arg) & 0x0F);
- out_misaligned = (((size_t)out_arg) & 0x0F);
-
- /* Note that even if output is aligned and input not,
- * I still prefer to loop instead of copy the whole
- * input and then encrypt in one stroke. This is done
- * in order to improve L1 cache utilization... */
- realign_in_loop = out_misaligned|inp_misaligned;
-
- if (!realign_in_loop && (nbytes%AES_BLOCK_SIZE)==0)
- return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
-
- /* this takes one "if" out of the loops */
- chunk = nbytes;
- chunk %= PADLOCK_CHUNK;
- if (chunk==0) chunk = PADLOCK_CHUNK;
-
- if (out_misaligned) {
- /* optmize for small input */
- allocated = (chunk<nbytes?PADLOCK_CHUNK:nbytes);
- out = alloca(0x10 + allocated);
- out = NEAREST_ALIGNED(out);
- }
- else
- out = out_arg;
-
- cdata = ALIGNED_CIPHER_DATA(ctx);
- padlock_verify_context(cdata);
-
- switch (EVP_CIPHER_CTX_mode(ctx)) {
- case EVP_CIPH_ECB_MODE:
- do {
- if (inp_misaligned)
- inp = padlock_memcpy(out, in_arg, chunk);
- else
- inp = in_arg;
- in_arg += chunk;
-
- padlock_xcrypt_ecb(chunk/AES_BLOCK_SIZE, cdata, out, inp);
-
- if (out_misaligned)
- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
- else
- out = out_arg+=chunk;
-
- nbytes -= chunk;
- chunk = PADLOCK_CHUNK;
- } while (nbytes);
- break;
-
- case EVP_CIPH_CBC_MODE:
- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
- goto cbc_shortcut;
- do {
- if (iv != cdata->iv)
- memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
- chunk = PADLOCK_CHUNK;
- cbc_shortcut: /* optimize for small input */
- if (inp_misaligned)
- inp = padlock_memcpy(out, in_arg, chunk);
- else
- inp = in_arg;
- in_arg += chunk;
-
- iv = padlock_xcrypt_cbc(chunk/AES_BLOCK_SIZE, cdata, out, inp);
-
- if (out_misaligned)
- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
- else
- out = out_arg+=chunk;
-
- } while (nbytes -= chunk);
- memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
- break;
-
- case EVP_CIPH_CFB_MODE:
- memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE);
- chunk &= ~(AES_BLOCK_SIZE-1);
- if (chunk) goto cfb_shortcut;
- else goto cfb_skiploop;
- do {
- if (iv != cdata->iv)
- memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
- chunk = PADLOCK_CHUNK;
- cfb_shortcut: /* optimize for small input */
- if (inp_misaligned)
- inp = padlock_memcpy(out, in_arg, chunk);
- else
- inp = in_arg;
- in_arg += chunk;
-
- iv = padlock_xcrypt_cfb(chunk/AES_BLOCK_SIZE, cdata, out, inp);
-
- if (out_misaligned)
- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
- else
- out = out_arg+=chunk;
-
- nbytes -= chunk;
- } while (nbytes >= AES_BLOCK_SIZE);
-
- cfb_skiploop:
- if (nbytes) {
- unsigned char *ivp = cdata->iv;
-
- if (iv != ivp) {
- memcpy(ivp, iv, AES_BLOCK_SIZE);
- iv = ivp;
- }
- ctx->num = nbytes;
- if (cdata->cword.b.encdec) {
- cdata->cword.b.encdec=0;
- padlock_reload_key();
- padlock_xcrypt_ecb(1,cdata,ivp,ivp);
- cdata->cword.b.encdec=1;
- padlock_reload_key();
- while(nbytes) {
- unsigned char c = *(in_arg++);
- *(out_arg++) = c ^ *ivp;
- *(ivp++) = c, nbytes--;
- }
- }
- else { padlock_reload_key();
- padlock_xcrypt_ecb(1,cdata,ivp,ivp);
- padlock_reload_key();
- while (nbytes) {
- *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
- ivp++, nbytes--;
- }
- }
- }
-
- memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
- break;
-
- case EVP_CIPH_OFB_MODE:
- memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
- chunk &= ~(AES_BLOCK_SIZE-1);
- if (chunk) do {
- if (inp_misaligned)
- inp = padlock_memcpy(out, in_arg, chunk);
- else
- inp = in_arg;
- in_arg += chunk;
-
- padlock_xcrypt_ofb(chunk/AES_BLOCK_SIZE, cdata, out, inp);
-
- if (out_misaligned)
- out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
- else
- out = out_arg+=chunk;
-
- nbytes -= chunk;
- chunk = PADLOCK_CHUNK;
- } while (nbytes >= AES_BLOCK_SIZE);
-
- if (nbytes) {
- unsigned char *ivp = cdata->iv;
-
- ctx->num = nbytes;
- padlock_reload_key(); /* empirically found */
- padlock_xcrypt_ecb(1,cdata,ivp,ivp);
- padlock_reload_key(); /* empirically found */
- while (nbytes) {
- *(out_arg++) = *(in_arg++) ^ *ivp;
- ivp++, nbytes--;
- }
- }
-
- memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
- break;
-
- default:
- return 0;
- }
-
- /* Clean the realign buffer if it was used */
- if (out_misaligned) {
- volatile unsigned long *p=(void *)out;
- size_t n = allocated/sizeof(*p);
- while (n--) *p++=0;
- }
-
- memset(cdata->iv, 0, AES_BLOCK_SIZE);
-
- return 1;
-}
-
-#endif /* OPENSSL_NO_AES */
-
-/* ===== Random Number Generator ===== */
-/*
- * This code is not engaged. The reason is that it does not comply
- * with recommendations for VIA RNG usage for secure applications
- * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
- * provide meaningful error control...
- */
-/* Wrapper that provides an interface between the API and
- the raw PadLock RNG */
-static int
-padlock_rand_bytes(unsigned char *output, int count)
-{
- unsigned int eax, buf;
-
- while (count >= 8) {
- eax = padlock_xstore(output, 0);
- if (!(eax&(1<<6))) return 0; /* RNG disabled */
- /* this ---vv--- covers DC bias, Raw Bits and String Filter */
- if (eax&(0x1F<<10)) return 0;
- if ((eax&0x1F)==0) continue; /* no data, retry... */
- if ((eax&0x1F)!=8) return 0; /* fatal failure... */
- output += 8;
- count -= 8;
- }
- while (count > 0) {
- eax = padlock_xstore(&buf, 3);
- if (!(eax&(1<<6))) return 0; /* RNG disabled */
- /* this ---vv--- covers DC bias, Raw Bits and String Filter */
- if (eax&(0x1F<<10)) return 0;
- if ((eax&0x1F)==0) continue; /* no data, retry... */
- if ((eax&0x1F)!=1) return 0; /* fatal failure... */
- *output++ = (unsigned char)buf;
- count--;
- }
- *(volatile unsigned int *)&buf=0;
-
- return 1;
-}
-
-/* Dummy but necessary function */
-static int
-padlock_rand_status(void)
-{
- return 1;
-}
-
-/* Prepare structure for registration */
-static RAND_METHOD padlock_rand = {
- NULL, /* seed */
- padlock_rand_bytes, /* bytes */
- NULL, /* cleanup */
- NULL, /* add */
- padlock_rand_bytes, /* pseudorand */
- padlock_rand_status, /* rand status */
-};
-
-#endif /* COMPILE_HW_PADLOCK */
-
-#endif /* !OPENSSL_NO_HW_PADLOCK */
-#endif /* !OPENSSL_NO_HW */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_padlock.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_padlock.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_padlock.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_padlock.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1241 @@
+/*-
+ * Support for VIA PadLock Advanced Cryptography Engine (ACE)
+ * Written by Michal Ludvig <michal at logix.cz>
+ * http://www.logix.cz/michal
+ *
+ * Big thanks to Andy Polyakov for a help with optimization,
+ * assembler fixes, port to MS Windows and a lot of other
+ * valuable work on this engine!
+ */
+
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_AES
+# include <openssl/aes.h>
+#endif
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_PADLOCK
+
+/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
+# if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define DYNAMIC_ENGINE
+# endif
+# elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+# ifdef ENGINE_DYNAMIC_SUPPORT
+# define DYNAMIC_ENGINE
+# endif
+# else
+# error "Only OpenSSL >= 0.9.7 is supported"
+# endif
+
+/*
+ * VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it
+ * doesn't exist elsewhere, but it even can't be compiled on other platforms!
+ *
+ * In addition, because of the heavy use of inline assembler, compiler choice
+ * is limited to GCC and Microsoft C.
+ */
+# undef COMPILE_HW_PADLOCK
+# if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
+# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
+ (defined(_MSC_VER) && defined(_M_IX86))
+# define COMPILE_HW_PADLOCK
+static ENGINE *ENGINE_padlock(void);
+# endif
+# endif
+
+void ENGINE_load_padlock(void)
+{
+/* On non-x86 CPUs it just returns. */
+# ifdef COMPILE_HW_PADLOCK
+ ENGINE *toadd = ENGINE_padlock();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+# endif
+}
+
+# ifdef COMPILE_HW_PADLOCK
+/*
+ * We do these includes here to avoid header problems on platforms that do
+ * not have the VIA padlock anyway...
+ */
+# ifdef _MSC_VER
+# include <malloc.h>
+# define alloca _alloca
+# elif defined(NETWARE_CLIB) && defined(__GNUC__)
+void *alloca(size_t);
+# define alloca(s) __builtin_alloca(s)
+# else
+# include <stdlib.h>
+# endif
+
+/* Function for ENGINE detection and control */
+static int padlock_available(void);
+static int padlock_init(ENGINE *e);
+
+/* RNG Stuff */
+static RAND_METHOD padlock_rand;
+
+/* Cipher Stuff */
+# ifndef OPENSSL_NO_AES
+static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ const int **nids, int nid);
+# endif
+
+/* Engine names */
+static const char *padlock_id = "padlock";
+static char padlock_name[100];
+
+/* Available features */
+static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
+static int padlock_use_rng = 0; /* Random Number Generator */
+# ifndef OPENSSL_NO_AES
+static int padlock_aes_align_required = 1;
+# endif
+
+/* ===== Engine "management" functions ===== */
+
+/* Prepare the ENGINE structure for registration */
+static int padlock_bind_helper(ENGINE *e)
+{
+ /* Check available features */
+ padlock_available();
+
+# if 1 /* disable RNG for now, see commentary in
+ * vicinity of RNG code */
+ padlock_use_rng = 0;
+# endif
+
+ /* Generate a nice engine name with available features */
+ BIO_snprintf(padlock_name, sizeof(padlock_name),
+ "VIA PadLock (%s, %s)",
+ padlock_use_rng ? "RNG" : "no-RNG",
+ padlock_use_ace ? "ACE" : "no-ACE");
+
+ /* Register everything or return with an error */
+ if (!ENGINE_set_id(e, padlock_id) ||
+ !ENGINE_set_name(e, padlock_name) ||
+ !ENGINE_set_init_function(e, padlock_init) ||
+# ifndef OPENSSL_NO_AES
+ (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) ||
+# endif
+ (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
+ return 0;
+ }
+
+ /* Everything looks good */
+ return 1;
+}
+
+/* Constructor */
+static ENGINE *ENGINE_padlock(void)
+{
+ ENGINE *eng = ENGINE_new();
+
+ if (!eng) {
+ return NULL;
+ }
+
+ if (!padlock_bind_helper(eng)) {
+ ENGINE_free(eng);
+ return NULL;
+ }
+
+ return eng;
+}
+
+/* Check availability of the engine */
+static int padlock_init(ENGINE *e)
+{
+ return (padlock_use_rng || padlock_use_ace);
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifdef DYNAMIC_ENGINE
+static int padlock_bind_fn(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, padlock_id) != 0)) {
+ return 0;
+ }
+
+ if (!padlock_bind_helper(e)) {
+ return 0;
+ }
+
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
+# endif /* DYNAMIC_ENGINE */
+/* ===== Here comes the "real" engine ===== */
+# ifndef OPENSSL_NO_AES
+/* Some AES-related constants */
+# define AES_BLOCK_SIZE 16
+# define AES_KEY_SIZE_128 16
+# define AES_KEY_SIZE_192 24
+# define AES_KEY_SIZE_256 32
+ /*
+ * Here we store the status information relevant to the current context.
+ */
+ /*
+ * BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on
+ * the order of items in this structure. Don't blindly modify, reorder,
+ * etc!
+ */
+struct padlock_cipher_data {
+ unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
+ union {
+ unsigned int pad[4];
+ struct {
+ int rounds:4;
+ int dgst:1; /* n/a in C3 */
+ int align:1; /* n/a in C3 */
+ int ciphr:1; /* n/a in C3 */
+ unsigned int keygen:1;
+ int interm:1;
+ unsigned int encdec:1;
+ int ksize:2;
+ } b;
+ } cword; /* Control word */
+ AES_KEY ks; /* Encryption key */
+};
+
+/*
+ * Essentially this variable belongs in thread local storage.
+ * Having this variable global on the other hand can only cause
+ * few bogus key reloads [if any at all on single-CPU system],
+ * so we accept the penatly...
+ */
+static volatile struct padlock_cipher_data *padlock_saved_context;
+# endif
+
+/*-
+ * =======================================================
+ * Inline assembler section(s).
+ * =======================================================
+ * Order of arguments is chosen to facilitate Windows port
+ * using __fastcall calling convention. If you wish to add
+ * more routines, keep in mind that first __fastcall
+ * argument is passed in %ecx and second - in %edx.
+ * =======================================================
+ */
+# if defined(__GNUC__) && __GNUC__>=2
+/*
+ * As for excessive "push %ebx"/"pop %ebx" found all over.
+ * When generating position-independent code GCC won't let
+ * us use "b" in assembler templates nor even respect "ebx"
+ * in "clobber description." Therefore the trouble...
+ */
+
+/*
+ * Helper function - check if a CPUID instruction is available on this CPU
+ */
+static int padlock_insn_cpuid_available(void)
+{
+ int result = -1;
+
+ /*
+ * We're checking if the bit #21 of EFLAGS can be toggled. If yes =
+ * CPUID is available.
+ */
+ asm volatile ("pushf\n"
+ "popl %%eax\n"
+ "xorl $0x200000, %%eax\n"
+ "movl %%eax, %%ecx\n"
+ "andl $0x200000, %%ecx\n"
+ "pushl %%eax\n"
+ "popf\n"
+ "pushf\n"
+ "popl %%eax\n"
+ "andl $0x200000, %%eax\n"
+ "xorl %%eax, %%ecx\n"
+ "movl %%ecx, %0\n":"=r" (result)::"eax", "ecx");
+
+ return (result == 0);
+}
+
+/*
+ * Load supported features of the CPU to see if the PadLock is available.
+ */
+static int padlock_available(void)
+{
+ char vendor_string[16];
+ unsigned int eax, edx;
+
+ /* First check if the CPUID instruction is available at all... */
+ if (!padlock_insn_cpuid_available())
+ return 0;
+
+ /* Are we running on the Centaur (VIA) CPU? */
+ eax = 0x00000000;
+ vendor_string[12] = 0;
+ asm volatile ("pushl %%ebx\n"
+ "cpuid\n"
+ "movl %%ebx,(%%edi)\n"
+ "movl %%edx,4(%%edi)\n"
+ "movl %%ecx,8(%%edi)\n"
+ "popl %%ebx":"+a" (eax):"D"(vendor_string):"ecx", "edx");
+ if (strcmp(vendor_string, "CentaurHauls") != 0)
+ return 0;
+
+ /* Check for Centaur Extended Feature Flags presence */
+ eax = 0xC0000000;
+ asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax)::"ecx", "edx");
+ if (eax < 0xC0000001)
+ return 0;
+
+ /* Read the Centaur Extended Feature Flags */
+ eax = 0xC0000001;
+ asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax),
+ "=d"(edx)::"ecx");
+
+ /* Fill up some flags */
+ padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
+ padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
+
+ return padlock_use_ace + padlock_use_rng;
+}
+
+# ifndef OPENSSL_NO_AES
+/* Our own htonl()/ntohl() */
+static inline void padlock_bswapl(AES_KEY *ks)
+{
+ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]);
+ unsigned int *key = ks->rd_key;
+
+ while (i--) {
+ asm volatile ("bswapl %0":"+r" (*key));
+ key++;
+ }
+}
+# endif
+
+/*
+ * Force key reload from memory to the CPU microcode. Loading EFLAGS from the
+ * stack clears EFLAGS[30] which does the trick.
+ */
+static inline void padlock_reload_key(void)
+{
+ asm volatile ("pushfl; popfl");
+}
+
+# ifndef OPENSSL_NO_AES
+/*
+ * This is heuristic key context tracing. At first one
+ * believes that one should use atomic swap instructions,
+ * but it's not actually necessary. Point is that if
+ * padlock_saved_context was changed by another thread
+ * after we've read it and before we compare it with cdata,
+ * our key *shall* be reloaded upon thread context switch
+ * and we are therefore set in either case...
+ */
+static inline void padlock_verify_context(struct padlock_cipher_data *cdata)
+{
+ asm volatile ("pushfl\n"
+ " btl $30,(%%esp)\n"
+ " jnc 1f\n"
+ " cmpl %2,%1\n"
+ " je 1f\n"
+ " popfl\n"
+ " subl $4,%%esp\n"
+ "1: addl $4,%%esp\n"
+ " movl %2,%0":"+m" (padlock_saved_context)
+ :"r"(padlock_saved_context), "r"(cdata):"cc");
+}
+
+/* Template for padlock_xcrypt_* modes */
+/*
+ * BIG FAT WARNING: The offsets used with 'leal' instructions describe items
+ * of the 'padlock_cipher_data' structure.
+ */
+# define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \
+static inline void *name(size_t cnt, \
+ struct padlock_cipher_data *cdata, \
+ void *out, const void *inp) \
+{ void *iv; \
+ asm volatile ( "pushl %%ebx\n" \
+ " leal 16(%0),%%edx\n" \
+ " leal 32(%0),%%ebx\n" \
+ rep_xcrypt "\n" \
+ " popl %%ebx" \
+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
+ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \
+ : "edx", "cc", "memory"); \
+ return iv; \
+}
+
+/* Generate all functions with appropriate opcodes */
+/* rep xcryptecb */
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8")
+/* rep xcryptcbc */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0")
+/* rep xcryptcfb */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")
+/* rep xcryptofb */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")
+# endif
+/* The RNG call itself */
+static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in)
+{
+ unsigned int eax_out;
+
+ asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */
+ :"=a" (eax_out), "=m"(*(unsigned *)addr)
+ :"D"(addr), "d"(edx_in)
+ );
+
+ return eax_out;
+}
+
+/*
+ * Why not inline 'rep movsd'? I failed to find information on what value in
+ * Direction Flag one can expect and consequently have to apply
+ * "better-safe-than-sorry" approach and assume "undefined." I could
+ * explicitly clear it and restore the original value upon return from
+ * padlock_aes_cipher, but it's presumably too much trouble for too little
+ * gain... In case you wonder 'rep xcrypt*' instructions above are *not*
+ * affected by the Direction Flag and pointers advance toward larger
+ * addresses unconditionally.
+ */
+static inline unsigned char *padlock_memcpy(void *dst, const void *src,
+ size_t n)
+{
+ long *d = dst;
+ const long *s = src;
+
+ n /= sizeof(*d);
+ do {
+ *d++ = *s++;
+ } while (--n);
+
+ return dst;
+}
+
+# elif defined(_MSC_VER)
+/*
+ * Unlike GCC these are real functions. In order to minimize impact
+ * on performance we adhere to __fastcall calling convention in
+ * order to get two first arguments passed through %ecx and %edx.
+ * Which kind of suits very well, as instructions in question use
+ * both %ecx and %edx as input:-)
+ */
+# define REP_XCRYPT(code) \
+ _asm _emit 0xf3 \
+ _asm _emit 0x0f _asm _emit 0xa7 \
+ _asm _emit code
+
+/*
+ * BIG FAT WARNING: The offsets used with 'lea' instructions describe items
+ * of the 'padlock_cipher_data' structure.
+ */
+# define PADLOCK_XCRYPT_ASM(name,code) \
+static void * __fastcall \
+ name (size_t cnt, void *cdata, \
+ void *outp, const void *inp) \
+{ _asm mov eax,edx \
+ _asm lea edx,[eax+16] \
+ _asm lea ebx,[eax+32] \
+ _asm mov edi,outp \
+ _asm mov esi,inp \
+ REP_XCRYPT(code) \
+}
+
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8)
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0)
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0)
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8)
+
+static int __fastcall padlock_xstore(void *outp, unsigned int code)
+{
+ _asm mov edi,ecx
+ _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0
+}
+
+static void __fastcall padlock_reload_key(void)
+{
+ _asm pushfd
+ _asm popfd
+}
+
+static void __fastcall padlock_verify_context(void *cdata)
+{
+ _asm {
+ pushfd
+ bt DWORD PTR[esp],30
+ jnc skip
+ cmp ecx,padlock_saved_context
+ je skip
+ popfd
+ sub esp,4
+ skip: add esp,4
+ mov padlock_saved_context,ecx
+ }
+}
+
+static int
+padlock_available(void)
+{
+ _asm {
+ pushfd
+ pop eax
+ mov ecx,eax
+ xor eax,1<<21
+ push eax
+ popfd
+ pushfd
+ pop eax
+ xor eax,ecx
+ bt eax,21
+ jnc noluck
+ mov eax,0
+ cpuid
+ xor eax,eax
+ cmp ebx,'tneC'
+ jne noluck
+ cmp edx,'Hrua'
+ jne noluck
+ cmp ecx,'slua'
+ jne noluck
+ mov eax,0xC0000000
+ cpuid
+ mov edx,eax
+ xor eax,eax
+ cmp edx,0xC0000001
+ jb noluck
+ mov eax,0xC0000001
+ cpuid
+ xor eax,eax
+ bt edx,6
+ jnc skip_a
+ bt edx,7
+ jnc skip_a
+ mov padlock_use_ace,1
+ inc eax
+ skip_a: bt edx,2
+ jnc skip_r
+ bt edx,3
+ jnc skip_r
+ mov padlock_use_rng,1
+ inc eax
+ skip_r:
+ noluck:
+ }
+}
+
+static void __fastcall padlock_bswapl(void *key)
+{
+ _asm {
+ pushfd
+ cld
+ mov esi,ecx
+ mov edi,ecx
+ mov ecx,60
+ up: lodsd
+ bswap eax
+ stosd
+ loop up
+ popfd
+ }
+}
+
+/*
+ * MS actually specifies status of Direction Flag and compiler even manages
+ * to compile following as 'rep movsd' all by itself...
+ */
+# define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U))
+# endif
+/* ===== AES encryption/decryption ===== */
+# ifndef OPENSSL_NO_AES
+# if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
+# define NID_aes_128_cfb NID_aes_128_cfb128
+# endif
+# if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
+# define NID_aes_128_ofb NID_aes_128_ofb128
+# endif
+# if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
+# define NID_aes_192_cfb NID_aes_192_cfb128
+# endif
+# if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
+# define NID_aes_192_ofb NID_aes_192_ofb128
+# endif
+# if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
+# define NID_aes_256_cfb NID_aes_256_cfb128
+# endif
+# if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
+# define NID_aes_256_ofb NID_aes_256_ofb128
+# endif
+/*
+ * List of supported ciphers.
+ */ static int padlock_cipher_nids[] = {
+ NID_aes_128_ecb,
+ NID_aes_128_cbc,
+ NID_aes_128_cfb,
+ NID_aes_128_ofb,
+
+ NID_aes_192_ecb,
+ NID_aes_192_cbc,
+ NID_aes_192_cfb,
+ NID_aes_192_ofb,
+
+ NID_aes_256_ecb,
+ NID_aes_256_cbc,
+ NID_aes_256_cfb,
+ NID_aes_256_ofb,
+};
+
+static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
+ sizeof(padlock_cipher_nids[0]));
+
+/* Function prototypes ... */
+static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, size_t nbytes);
+
+# define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \
+ ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) )
+# define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
+ NEAREST_ALIGNED(ctx->cipher_data))
+
+# define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE
+# define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE
+# define EVP_CIPHER_block_size_OFB 1
+# define EVP_CIPHER_block_size_CFB 1
+
+/*
+ * Declaring so many ciphers by hand would be a pain. Instead introduce a bit
+ * of preprocessor magic :-)
+ */
+# define DECLARE_AES_EVP(ksize,lmode,umode) \
+static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \
+ NID_aes_##ksize##_##lmode, \
+ EVP_CIPHER_block_size_##umode, \
+ AES_KEY_SIZE_##ksize, \
+ AES_BLOCK_SIZE, \
+ 0 | EVP_CIPH_##umode##_MODE, \
+ padlock_aes_init_key, \
+ padlock_aes_cipher, \
+ NULL, \
+ sizeof(struct padlock_cipher_data) + 16, \
+ EVP_CIPHER_set_asn1_iv, \
+ EVP_CIPHER_get_asn1_iv, \
+ NULL, \
+ NULL \
+}
+
+DECLARE_AES_EVP(128, ecb, ECB);
+DECLARE_AES_EVP(128, cbc, CBC);
+DECLARE_AES_EVP(128, cfb, CFB);
+DECLARE_AES_EVP(128, ofb, OFB);
+
+DECLARE_AES_EVP(192, ecb, ECB);
+DECLARE_AES_EVP(192, cbc, CBC);
+DECLARE_AES_EVP(192, cfb, CFB);
+DECLARE_AES_EVP(192, ofb, OFB);
+
+DECLARE_AES_EVP(256, ecb, ECB);
+DECLARE_AES_EVP(256, cbc, CBC);
+DECLARE_AES_EVP(256, cfb, CFB);
+DECLARE_AES_EVP(256, ofb, OFB);
+
+static int
+padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids,
+ int nid)
+{
+ /* No specific cipher => return a list of supported nids ... */
+ if (!cipher) {
+ *nids = padlock_cipher_nids;
+ return padlock_cipher_nids_num;
+ }
+
+ /* ... or the requested "cipher" otherwise */
+ switch (nid) {
+ case NID_aes_128_ecb:
+ *cipher = &padlock_aes_128_ecb;
+ break;
+ case NID_aes_128_cbc:
+ *cipher = &padlock_aes_128_cbc;
+ break;
+ case NID_aes_128_cfb:
+ *cipher = &padlock_aes_128_cfb;
+ break;
+ case NID_aes_128_ofb:
+ *cipher = &padlock_aes_128_ofb;
+ break;
+
+ case NID_aes_192_ecb:
+ *cipher = &padlock_aes_192_ecb;
+ break;
+ case NID_aes_192_cbc:
+ *cipher = &padlock_aes_192_cbc;
+ break;
+ case NID_aes_192_cfb:
+ *cipher = &padlock_aes_192_cfb;
+ break;
+ case NID_aes_192_ofb:
+ *cipher = &padlock_aes_192_ofb;
+ break;
+
+ case NID_aes_256_ecb:
+ *cipher = &padlock_aes_256_ecb;
+ break;
+ case NID_aes_256_cbc:
+ *cipher = &padlock_aes_256_cbc;
+ break;
+ case NID_aes_256_cfb:
+ *cipher = &padlock_aes_256_cfb;
+ break;
+ case NID_aes_256_ofb:
+ *cipher = &padlock_aes_256_ofb;
+ break;
+
+ default:
+ /* Sorry, we don't support this NID */
+ *cipher = NULL;
+ return 0;
+ }
+
+ return 1;
+}
+
+/* Prepare the encryption key for PadLock usage */
+static int
+padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ struct padlock_cipher_data *cdata;
+ int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
+
+ if (key == NULL)
+ return 0; /* ERROR */
+
+ cdata = ALIGNED_CIPHER_DATA(ctx);
+ memset(cdata, 0, sizeof(struct padlock_cipher_data));
+
+ /* Prepare Control word. */
+ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
+ cdata->cword.b.encdec = 0;
+ else
+ cdata->cword.b.encdec = (ctx->encrypt == 0);
+ cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
+ cdata->cword.b.ksize = (key_len - 128) / 64;
+
+ switch (key_len) {
+ case 128:
+ /*
+ * PadLock can generate an extended key for AES128 in hardware
+ */
+ memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
+ cdata->cword.b.keygen = 0;
+ break;
+
+ case 192:
+ case 256:
+ /*
+ * Generate an extended AES key in software. Needed for AES192/AES256
+ */
+ /*
+ * Well, the above applies to Stepping 8 CPUs and is listed as
+ * hardware errata. They most likely will fix it at some point and
+ * then a check for stepping would be due here.
+ */
+ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE ||
+ EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || enc)
+ AES_set_encrypt_key(key, key_len, &cdata->ks);
+ else
+ AES_set_decrypt_key(key, key_len, &cdata->ks);
+# ifndef AES_ASM
+ /*
+ * OpenSSL C functions use byte-swapped extended key.
+ */
+ padlock_bswapl(&cdata->ks);
+# endif
+ cdata->cword.b.keygen = 1;
+ break;
+
+ default:
+ /* ERROR */
+ return 0;
+ }
+
+ /*
+ * This is done to cover for cases when user reuses the
+ * context for new key. The catch is that if we don't do
+ * this, padlock_eas_cipher might proceed with old key...
+ */
+ padlock_reload_key();
+
+ return 1;
+}
+
+/*-
+ * Simplified version of padlock_aes_cipher() used when
+ * 1) both input and output buffers are at aligned addresses.
+ * or when
+ * 2) running on a newer CPU that doesn't require aligned buffers.
+ */
+static int
+padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+ const unsigned char *in_arg, size_t nbytes)
+{
+ struct padlock_cipher_data *cdata;
+ void *iv;
+
+ cdata = ALIGNED_CIPHER_DATA(ctx);
+ padlock_verify_context(cdata);
+
+ switch (EVP_CIPHER_CTX_mode(ctx)) {
+ case EVP_CIPH_ECB_MODE:
+ padlock_xcrypt_ecb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg);
+ break;
+
+ case EVP_CIPH_CBC_MODE:
+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+ iv = padlock_xcrypt_cbc(nbytes / AES_BLOCK_SIZE, cdata, out_arg,
+ in_arg);
+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+ break;
+
+ case EVP_CIPH_CFB_MODE:
+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+ iv = padlock_xcrypt_cfb(nbytes / AES_BLOCK_SIZE, cdata, out_arg,
+ in_arg);
+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+ break;
+
+ case EVP_CIPH_OFB_MODE:
+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+ padlock_xcrypt_ofb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg);
+ memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
+ break;
+
+ default:
+ return 0;
+ }
+
+ memset(cdata->iv, 0, AES_BLOCK_SIZE);
+
+ return 1;
+}
+
+# ifndef PADLOCK_CHUNK
+# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */
+# endif
+# if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1)
+# error "insane PADLOCK_CHUNK..."
+# endif
+
+/*
+ * Re-align the arguments to 16-Bytes boundaries and run the encryption
+ * function itself. This function is not AES-specific.
+ */
+static int
+padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+ const unsigned char *in_arg, size_t nbytes)
+{
+ struct padlock_cipher_data *cdata;
+ const void *inp;
+ unsigned char *out;
+ void *iv;
+ int inp_misaligned, out_misaligned, realign_in_loop;
+ size_t chunk, allocated = 0;
+
+ /*
+ * ctx->num is maintained in byte-oriented modes, such as CFB and OFB...
+ */
+ if ((chunk = ctx->num)) { /* borrow chunk variable */
+ unsigned char *ivp = ctx->iv;
+
+ switch (EVP_CIPHER_CTX_mode(ctx)) {
+ case EVP_CIPH_CFB_MODE:
+ if (chunk >= AES_BLOCK_SIZE)
+ return 0; /* bogus value */
+
+ if (ctx->encrypt)
+ while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+ ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+ chunk++, nbytes--;
+ } else
+ while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+ unsigned char c = *(in_arg++);
+ *(out_arg++) = c ^ ivp[chunk];
+ ivp[chunk++] = c, nbytes--;
+ }
+
+ ctx->num = chunk % AES_BLOCK_SIZE;
+ break;
+ case EVP_CIPH_OFB_MODE:
+ if (chunk >= AES_BLOCK_SIZE)
+ return 0; /* bogus value */
+
+ while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+ *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+ chunk++, nbytes--;
+ }
+
+ ctx->num = chunk % AES_BLOCK_SIZE;
+ break;
+ }
+ }
+
+ if (nbytes == 0)
+ return 1;
+# if 0
+ if (nbytes % AES_BLOCK_SIZE)
+ return 0; /* are we expected to do tail processing? */
+# else
+ /*
+ * nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC modes and
+ * arbitrary value in byte-oriented modes, such as CFB and OFB...
+ */
+# endif
+
+ /*
+ * VIA promises CPUs that won't require alignment in the future. For now
+ * padlock_aes_align_required is initialized to 1 and the condition is
+ * never met...
+ */
+ /*
+ * C7 core is capable to manage unaligned input in non-ECB[!] mode, but
+ * performance penalties appear to be approximately same as for software
+ * alignment below or ~3x. They promise to improve it in the future, but
+ * for now we can just as well pretend that it can only handle aligned
+ * input...
+ */
+ if (!padlock_aes_align_required && (nbytes % AES_BLOCK_SIZE) == 0)
+ return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
+
+ inp_misaligned = (((size_t)in_arg) & 0x0F);
+ out_misaligned = (((size_t)out_arg) & 0x0F);
+
+ /*
+ * Note that even if output is aligned and input not, I still prefer to
+ * loop instead of copy the whole input and then encrypt in one stroke.
+ * This is done in order to improve L1 cache utilization...
+ */
+ realign_in_loop = out_misaligned | inp_misaligned;
+
+ if (!realign_in_loop && (nbytes % AES_BLOCK_SIZE) == 0)
+ return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
+
+ /* this takes one "if" out of the loops */
+ chunk = nbytes;
+ chunk %= PADLOCK_CHUNK;
+ if (chunk == 0)
+ chunk = PADLOCK_CHUNK;
+
+ if (out_misaligned) {
+ /* optmize for small input */
+ allocated = (chunk < nbytes ? PADLOCK_CHUNK : nbytes);
+ out = alloca(0x10 + allocated);
+ out = NEAREST_ALIGNED(out);
+ } else
+ out = out_arg;
+
+ cdata = ALIGNED_CIPHER_DATA(ctx);
+ padlock_verify_context(cdata);
+
+ switch (EVP_CIPHER_CTX_mode(ctx)) {
+ case EVP_CIPH_ECB_MODE:
+ do {
+ if (inp_misaligned)
+ inp = padlock_memcpy(out, in_arg, chunk);
+ else
+ inp = in_arg;
+ in_arg += chunk;
+
+ padlock_xcrypt_ecb(chunk / AES_BLOCK_SIZE, cdata, out, inp);
+
+ if (out_misaligned)
+ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
+ else
+ out = out_arg += chunk;
+
+ nbytes -= chunk;
+ chunk = PADLOCK_CHUNK;
+ } while (nbytes);
+ break;
+
+ case EVP_CIPH_CBC_MODE:
+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+ goto cbc_shortcut;
+ do {
+ if (iv != cdata->iv)
+ memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
+ chunk = PADLOCK_CHUNK;
+ cbc_shortcut: /* optimize for small input */
+ if (inp_misaligned)
+ inp = padlock_memcpy(out, in_arg, chunk);
+ else
+ inp = in_arg;
+ in_arg += chunk;
+
+ iv = padlock_xcrypt_cbc(chunk / AES_BLOCK_SIZE, cdata, out, inp);
+
+ if (out_misaligned)
+ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
+ else
+ out = out_arg += chunk;
+
+ } while (nbytes -= chunk);
+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+ break;
+
+ case EVP_CIPH_CFB_MODE:
+ memcpy(iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+ chunk &= ~(AES_BLOCK_SIZE - 1);
+ if (chunk)
+ goto cfb_shortcut;
+ else
+ goto cfb_skiploop;
+ do {
+ if (iv != cdata->iv)
+ memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
+ chunk = PADLOCK_CHUNK;
+ cfb_shortcut: /* optimize for small input */
+ if (inp_misaligned)
+ inp = padlock_memcpy(out, in_arg, chunk);
+ else
+ inp = in_arg;
+ in_arg += chunk;
+
+ iv = padlock_xcrypt_cfb(chunk / AES_BLOCK_SIZE, cdata, out, inp);
+
+ if (out_misaligned)
+ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
+ else
+ out = out_arg += chunk;
+
+ nbytes -= chunk;
+ } while (nbytes >= AES_BLOCK_SIZE);
+
+ cfb_skiploop:
+ if (nbytes) {
+ unsigned char *ivp = cdata->iv;
+
+ if (iv != ivp) {
+ memcpy(ivp, iv, AES_BLOCK_SIZE);
+ iv = ivp;
+ }
+ ctx->num = nbytes;
+ if (cdata->cword.b.encdec) {
+ cdata->cword.b.encdec = 0;
+ padlock_reload_key();
+ padlock_xcrypt_ecb(1, cdata, ivp, ivp);
+ cdata->cword.b.encdec = 1;
+ padlock_reload_key();
+ while (nbytes) {
+ unsigned char c = *(in_arg++);
+ *(out_arg++) = c ^ *ivp;
+ *(ivp++) = c, nbytes--;
+ }
+ } else {
+ padlock_reload_key();
+ padlock_xcrypt_ecb(1, cdata, ivp, ivp);
+ padlock_reload_key();
+ while (nbytes) {
+ *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
+ ivp++, nbytes--;
+ }
+ }
+ }
+
+ memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+ break;
+
+ case EVP_CIPH_OFB_MODE:
+ memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+ chunk &= ~(AES_BLOCK_SIZE - 1);
+ if (chunk)
+ do {
+ if (inp_misaligned)
+ inp = padlock_memcpy(out, in_arg, chunk);
+ else
+ inp = in_arg;
+ in_arg += chunk;
+
+ padlock_xcrypt_ofb(chunk / AES_BLOCK_SIZE, cdata, out, inp);
+
+ if (out_misaligned)
+ out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
+ else
+ out = out_arg += chunk;
+
+ nbytes -= chunk;
+ chunk = PADLOCK_CHUNK;
+ } while (nbytes >= AES_BLOCK_SIZE);
+
+ if (nbytes) {
+ unsigned char *ivp = cdata->iv;
+
+ ctx->num = nbytes;
+ padlock_reload_key(); /* empirically found */
+ padlock_xcrypt_ecb(1, cdata, ivp, ivp);
+ padlock_reload_key(); /* empirically found */
+ while (nbytes) {
+ *(out_arg++) = *(in_arg++) ^ *ivp;
+ ivp++, nbytes--;
+ }
+ }
+
+ memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
+ break;
+
+ default:
+ return 0;
+ }
+
+ /* Clean the realign buffer if it was used */
+ if (out_misaligned) {
+ volatile unsigned long *p = (void *)out;
+ size_t n = allocated / sizeof(*p);
+ while (n--)
+ *p++ = 0;
+ }
+
+ memset(cdata->iv, 0, AES_BLOCK_SIZE);
+
+ return 1;
+}
+
+# endif /* OPENSSL_NO_AES */
+
+/* ===== Random Number Generator ===== */
+/*
+ * This code is not engaged. The reason is that it does not comply
+ * with recommendations for VIA RNG usage for secure applications
+ * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
+ * provide meaningful error control...
+ */
+/*
+ * Wrapper that provides an interface between the API and the raw PadLock
+ * RNG
+ */
+static int padlock_rand_bytes(unsigned char *output, int count)
+{
+ unsigned int eax, buf;
+
+ while (count >= 8) {
+ eax = padlock_xstore(output, 0);
+ if (!(eax & (1 << 6)))
+ return 0; /* RNG disabled */
+ /* this ---vv--- covers DC bias, Raw Bits and String Filter */
+ if (eax & (0x1F << 10))
+ return 0;
+ if ((eax & 0x1F) == 0)
+ continue; /* no data, retry... */
+ if ((eax & 0x1F) != 8)
+ return 0; /* fatal failure... */
+ output += 8;
+ count -= 8;
+ }
+ while (count > 0) {
+ eax = padlock_xstore(&buf, 3);
+ if (!(eax & (1 << 6)))
+ return 0; /* RNG disabled */
+ /* this ---vv--- covers DC bias, Raw Bits and String Filter */
+ if (eax & (0x1F << 10))
+ return 0;
+ if ((eax & 0x1F) == 0)
+ continue; /* no data, retry... */
+ if ((eax & 0x1F) != 1)
+ return 0; /* fatal failure... */
+ *output++ = (unsigned char)buf;
+ count--;
+ }
+ *(volatile unsigned int *)&buf = 0;
+
+ return 1;
+}
+
+/* Dummy but necessary function */
+static int padlock_rand_status(void)
+{
+ return 1;
+}
+
+/* Prepare structure for registration */
+static RAND_METHOD padlock_rand = {
+ NULL, /* seed */
+ padlock_rand_bytes, /* bytes */
+ NULL, /* cleanup */
+ NULL, /* add */
+ padlock_rand_bytes, /* pseudorand */
+ padlock_rand_status, /* rand status */
+};
+
+# endif /* COMPILE_HW_PADLOCK */
+
+# endif /* !OPENSSL_NO_HW_PADLOCK */
+#endif /* !OPENSSL_NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_pkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_pkey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,196 +0,0 @@
-/* crypto/engine/eng_pkey.c */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* Basic get/set stuff */
-
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
- {
- e->load_privkey = loadpriv_f;
- return 1;
- }
-
-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
- {
- e->load_pubkey = loadpub_f;
- return 1;
- }
-
-int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
- ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
- {
- e->load_ssl_client_cert = loadssl_f;
- return 1;
- }
-
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
- {
- return e->load_privkey;
- }
-
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
- {
- return e->load_pubkey;
- }
-
-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e)
- {
- return e->load_ssl_client_cert;
- }
-
-/* API functions to load public/private keys */
-
-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- EVP_PKEY *pkey;
-
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(e->funct_ref == 0)
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
- ENGINE_R_NOT_INITIALISED);
- return 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- if (!e->load_privkey)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
- ENGINE_R_NO_LOAD_FUNCTION);
- return 0;
- }
- pkey = e->load_privkey(e, key_id, ui_method, callback_data);
- if (!pkey)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
- ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- return 0;
- }
- return pkey;
- }
-
-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- EVP_PKEY *pkey;
-
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(e->funct_ref == 0)
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
- ENGINE_R_NOT_INITIALISED);
- return 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- if (!e->load_pubkey)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
- ENGINE_R_NO_LOAD_FUNCTION);
- return 0;
- }
- pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
- if (!pkey)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
- ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
- return 0;
- }
- return pkey;
- }
-
-int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
- STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
- {
-
- if(e == NULL)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(e->funct_ref == 0)
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
- ENGINE_R_NOT_INITIALISED);
- return 0;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- if (!e->load_ssl_client_cert)
- {
- ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
- ENGINE_R_NO_LOAD_FUNCTION);
- return 0;
- }
- return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
- ui_method, callback_data);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_pkey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_pkey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_pkey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,186 @@
+/* crypto/engine/eng_pkey.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+
+/* Basic get/set stuff */
+
+int ENGINE_set_load_privkey_function(ENGINE *e,
+ ENGINE_LOAD_KEY_PTR loadpriv_f)
+{
+ e->load_privkey = loadpriv_f;
+ return 1;
+}
+
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
+{
+ e->load_pubkey = loadpub_f;
+ return 1;
+}
+
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+ ENGINE_SSL_CLIENT_CERT_PTR
+ loadssl_f)
+{
+ e->load_ssl_client_cert = loadssl_f;
+ return 1;
+}
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
+{
+ return e->load_privkey;
+}
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
+{
+ return e->load_pubkey;
+}
+
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
+ *e)
+{
+ return e->load_ssl_client_cert;
+}
+
+/* API functions to load public/private keys */
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+ UI_METHOD *ui_method, void *callback_data)
+{
+ EVP_PKEY *pkey;
+
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (e->funct_ref == 0) {
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ENGINE_R_NOT_INITIALISED);
+ return 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ if (!e->load_privkey) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+ ENGINE_R_NO_LOAD_FUNCTION);
+ return 0;
+ }
+ pkey = e->load_privkey(e, key_id, ui_method, callback_data);
+ if (!pkey) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+ ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+ return 0;
+ }
+ return pkey;
+}
+
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+ UI_METHOD *ui_method, void *callback_data)
+{
+ EVP_PKEY *pkey;
+
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (e->funct_ref == 0) {
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NOT_INITIALISED);
+ return 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ if (!e->load_pubkey) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NO_LOAD_FUNCTION);
+ return 0;
+ }
+ pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
+ if (!pkey) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+ ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+ return 0;
+ }
+ return pkey;
+}
+
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+ EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+ UI_METHOD *ui_method, void *callback_data)
+{
+
+ if (e == NULL) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (e->funct_ref == 0) {
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+ ENGINE_R_NOT_INITIALISED);
+ return 0;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ if (!e->load_ssl_client_cert) {
+ ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+ ENGINE_R_NO_LOAD_FUNCTION);
+ return 0;
+ }
+ return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
+ ui_method, callback_data);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_table.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/eng_table.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_table.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,316 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/lhash.h>
-#include "eng_int.h"
-
-/* The type of the items in the table */
-typedef struct st_engine_pile
- {
- /* The 'nid' of this algorithm/mode */
- int nid;
- /* ENGINEs that implement this algorithm/mode. */
- STACK_OF(ENGINE) *sk;
- /* The default ENGINE to perform this algorithm/mode. */
- ENGINE *funct;
- /* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */
- int uptodate;
- } ENGINE_PILE;
-
-/* The type exposed in eng_int.h */
-struct st_engine_table
- {
- LHASH piles;
- }; /* ENGINE_TABLE */
-
-/* Global flags (ENGINE_TABLE_FLAG_***). */
-static unsigned int table_flags = 0;
-
-/* API function manipulating 'table_flags' */
-unsigned int ENGINE_get_table_flags(void)
- {
- return table_flags;
- }
-void ENGINE_set_table_flags(unsigned int flags)
- {
- table_flags = flags;
- }
-
-/* Internal functions for the "piles" hash table */
-static unsigned long engine_pile_hash(const ENGINE_PILE *c)
- {
- return c->nid;
- }
-static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
- {
- return a->nid - b->nid;
- }
-static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
-static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
-static int int_table_check(ENGINE_TABLE **t, int create)
- {
- LHASH *lh;
- if(*t) return 1;
- if(!create) return 0;
- if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
- LHASH_COMP_FN(engine_pile_cmp))) == NULL)
- return 0;
- *t = (ENGINE_TABLE *)lh;
- return 1;
- }
-
-/* Privately exposed (via eng_int.h) functions for adding and/or removing
- * ENGINEs from the implementation table */
-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
- ENGINE *e, const int *nids, int num_nids, int setdefault)
- {
- int ret = 0, added = 0;
- ENGINE_PILE tmplate, *fnd;
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(!(*table))
- added = 1;
- if(!int_table_check(table, 1))
- goto end;
- if(added)
- /* The cleanup callback needs to be added */
- engine_cleanup_add_first(cleanup);
- while(num_nids--)
- {
- tmplate.nid = *nids;
- fnd = lh_retrieve(&(*table)->piles, &tmplate);
- if(!fnd)
- {
- fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
- if(!fnd) goto end;
- fnd->uptodate = 1;
- fnd->nid = *nids;
- fnd->sk = sk_ENGINE_new_null();
- if(!fnd->sk)
- {
- OPENSSL_free(fnd);
- goto end;
- }
- fnd->funct = NULL;
- lh_insert(&(*table)->piles, fnd);
- }
- /* A registration shouldn't add duplciate entries */
- (void)sk_ENGINE_delete_ptr(fnd->sk, e);
- /* if 'setdefault', this ENGINE goes to the head of the list */
- if(!sk_ENGINE_push(fnd->sk, e))
- goto end;
- /* "touch" this ENGINE_PILE */
- fnd->uptodate = 0;
- if(setdefault)
- {
- if(!engine_unlocked_init(e))
- {
- ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
- ENGINE_R_INIT_FAILED);
- goto end;
- }
- if(fnd->funct)
- engine_unlocked_finish(fnd->funct, 0);
- fnd->funct = e;
- fnd->uptodate = 1;
- }
- nids++;
- }
- ret = 1;
-end:
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return ret;
- }
-static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
- {
- int n;
- /* Iterate the 'c->sk' stack removing any occurance of 'e' */
- while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
- {
- (void)sk_ENGINE_delete(pile->sk, n);
- pile->uptodate = 0;
- }
- if(pile->funct == e)
- {
- engine_unlocked_finish(e, 0);
- pile->funct = NULL;
- }
- }
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)
-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(int_table_check(table, 0))
- lh_doall_arg(&(*table)->piles,
- LHASH_DOALL_ARG_FN(int_unregister_cb), e);
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- }
-
-static void int_cleanup_cb(ENGINE_PILE *p)
- {
- sk_ENGINE_free(p->sk);
- if(p->funct)
- engine_unlocked_finish(p->funct, 0);
- OPENSSL_free(p);
- }
-static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)
-void engine_table_cleanup(ENGINE_TABLE **table)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(*table)
- {
- lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
- lh_free(&(*table)->piles);
- *table = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- }
-
-/* return a functional reference for a given 'nid' */
-#ifndef ENGINE_TABLE_DEBUG
-ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
-#else
-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
-#endif
- {
- ENGINE *ret = NULL;
- ENGINE_PILE tmplate, *fnd=NULL;
- int initres, loop = 0;
-
- if(!(*table))
- {
-#ifdef ENGINE_TABLE_DEBUG
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
- "registered!\n", f, l, nid);
-#endif
- return NULL;
- }
- ERR_set_mark();
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- /* Check again inside the lock otherwise we could race against cleanup
- * operations. But don't worry about a fprintf(stderr). */
- if(!int_table_check(table, 0)) goto end;
- tmplate.nid = nid;
- fnd = lh_retrieve(&(*table)->piles, &tmplate);
- if(!fnd) goto end;
- if(fnd->funct && engine_unlocked_init(fnd->funct))
- {
-#ifdef ENGINE_TABLE_DEBUG
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
- "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
-#endif
- ret = fnd->funct;
- goto end;
- }
- if(fnd->uptodate)
- {
- ret = fnd->funct;
- goto end;
- }
-trynext:
- ret = sk_ENGINE_value(fnd->sk, loop++);
- if(!ret)
- {
-#ifdef ENGINE_TABLE_DEBUG
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
- "registered implementations would initialise\n",
- f, l, nid);
-#endif
- goto end;
- }
- /* Try to initialise the ENGINE? */
- if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
- initres = engine_unlocked_init(ret);
- else
- initres = 0;
- if(initres)
- {
- /* Update 'funct' */
- if((fnd->funct != ret) && engine_unlocked_init(ret))
- {
- /* If there was a previous default we release it. */
- if(fnd->funct)
- engine_unlocked_finish(fnd->funct, 0);
- fnd->funct = ret;
-#ifdef ENGINE_TABLE_DEBUG
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
- "setting default to '%s'\n", f, l, nid, ret->id);
-#endif
- }
-#ifdef ENGINE_TABLE_DEBUG
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
- "newly initialised '%s'\n", f, l, nid, ret->id);
-#endif
- goto end;
- }
- goto trynext;
-end:
- /* If it failed, it is unlikely to succeed again until some future
- * registrations have taken place. In all cases, we cache. */
- if(fnd) fnd->uptodate = 1;
-#ifdef ENGINE_TABLE_DEBUG
- if(ret)
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
- "ENGINE '%s'\n", f, l, nid, ret->id);
- else
- fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
- "'no matching ENGINE'\n", f, l, nid);
-#endif
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- /* Whatever happened, any failed init()s are not failures in this
- * context, so clear our error state. */
- ERR_pop_to_mark();
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_table.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/eng_table.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_table.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/eng_table.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,326 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/lhash.h>
+#include "eng_int.h"
+
+/* The type of the items in the table */
+typedef struct st_engine_pile {
+ /* The 'nid' of this algorithm/mode */
+ int nid;
+ /* ENGINEs that implement this algorithm/mode. */
+ STACK_OF(ENGINE) *sk;
+ /* The default ENGINE to perform this algorithm/mode. */
+ ENGINE *funct;
+ /*
+ * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise
+ */
+ int uptodate;
+} ENGINE_PILE;
+
+/* The type exposed in eng_int.h */
+struct st_engine_table {
+ LHASH piles;
+}; /* ENGINE_TABLE */
+
+/* Global flags (ENGINE_TABLE_FLAG_***). */
+static unsigned int table_flags = 0;
+
+/* API function manipulating 'table_flags' */
+unsigned int ENGINE_get_table_flags(void)
+{
+ return table_flags;
+}
+
+void ENGINE_set_table_flags(unsigned int flags)
+{
+ table_flags = flags;
+}
+
+/* Internal functions for the "piles" hash table */
+static unsigned long engine_pile_hash(const ENGINE_PILE *c)
+{
+ return c->nid;
+}
+
+static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
+{
+ return a->nid - b->nid;
+}
+
+static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
+static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
+static int int_table_check(ENGINE_TABLE **t, int create)
+{
+ LHASH *lh;
+ if (*t)
+ return 1;
+ if (!create)
+ return 0;
+ if ((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
+ LHASH_COMP_FN(engine_pile_cmp))) == NULL)
+ return 0;
+ *t = (ENGINE_TABLE *)lh;
+ return 1;
+}
+
+/*
+ * Privately exposed (via eng_int.h) functions for adding and/or removing
+ * ENGINEs from the implementation table
+ */
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+ ENGINE *e, const int *nids, int num_nids,
+ int setdefault)
+{
+ int ret = 0, added = 0;
+ ENGINE_PILE tmplate, *fnd;
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (!(*table))
+ added = 1;
+ if (!int_table_check(table, 1))
+ goto end;
+ if (added)
+ /* The cleanup callback needs to be added */
+ engine_cleanup_add_first(cleanup);
+ while (num_nids--) {
+ tmplate.nid = *nids;
+ fnd = lh_retrieve(&(*table)->piles, &tmplate);
+ if (!fnd) {
+ fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
+ if (!fnd)
+ goto end;
+ fnd->uptodate = 1;
+ fnd->nid = *nids;
+ fnd->sk = sk_ENGINE_new_null();
+ if (!fnd->sk) {
+ OPENSSL_free(fnd);
+ goto end;
+ }
+ fnd->funct = NULL;
+ lh_insert(&(*table)->piles, fnd);
+ }
+ /* A registration shouldn't add duplciate entries */
+ (void)sk_ENGINE_delete_ptr(fnd->sk, e);
+ /*
+ * if 'setdefault', this ENGINE goes to the head of the list
+ */
+ if (!sk_ENGINE_push(fnd->sk, e))
+ goto end;
+ /* "touch" this ENGINE_PILE */
+ fnd->uptodate = 0;
+ if (setdefault) {
+ if (!engine_unlocked_init(e)) {
+ ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
+ ENGINE_R_INIT_FAILED);
+ goto end;
+ }
+ if (fnd->funct)
+ engine_unlocked_finish(fnd->funct, 0);
+ fnd->funct = e;
+ fnd->uptodate = 1;
+ }
+ nids++;
+ }
+ ret = 1;
+ end:
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return ret;
+}
+
+static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
+{
+ int n;
+ /* Iterate the 'c->sk' stack removing any occurance of 'e' */
+ while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) {
+ (void)sk_ENGINE_delete(pile->sk, n);
+ pile->uptodate = 0;
+ }
+ if (pile->funct == e) {
+ engine_unlocked_finish(e, 0);
+ pile->funct = NULL;
+ }
+}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE *,
+ ENGINE *)
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
+{
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (int_table_check(table, 0))
+ lh_doall_arg(&(*table)->piles,
+ LHASH_DOALL_ARG_FN(int_unregister_cb), e);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+}
+
+static void int_cleanup_cb(ENGINE_PILE *p)
+{
+ sk_ENGINE_free(p->sk);
+ if (p->funct)
+ engine_unlocked_finish(p->funct, 0);
+ OPENSSL_free(p);
+}
+
+static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE *)
+void engine_table_cleanup(ENGINE_TABLE **table)
+{
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (*table) {
+ lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
+ lh_free(&(*table)->piles);
+ *table = NULL;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+}
+
+/* return a functional reference for a given 'nid' */
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
+ int l)
+#endif
+{
+ ENGINE *ret = NULL;
+ ENGINE_PILE tmplate, *fnd = NULL;
+ int initres, loop = 0;
+
+ if (!(*table)) {
+#ifdef ENGINE_TABLE_DEBUG
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
+ "registered!\n", f, l, nid);
+#endif
+ return NULL;
+ }
+ ERR_set_mark();
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ /*
+ * Check again inside the lock otherwise we could race against cleanup
+ * operations. But don't worry about a fprintf(stderr).
+ */
+ if (!int_table_check(table, 0))
+ goto end;
+ tmplate.nid = nid;
+ fnd = lh_retrieve(&(*table)->piles, &tmplate);
+ if (!fnd)
+ goto end;
+ if (fnd->funct && engine_unlocked_init(fnd->funct)) {
+#ifdef ENGINE_TABLE_DEBUG
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+ "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
+#endif
+ ret = fnd->funct;
+ goto end;
+ }
+ if (fnd->uptodate) {
+ ret = fnd->funct;
+ goto end;
+ }
+ trynext:
+ ret = sk_ENGINE_value(fnd->sk, loop++);
+ if (!ret) {
+#ifdef ENGINE_TABLE_DEBUG
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+ "registered implementations would initialise\n", f, l, nid);
+#endif
+ goto end;
+ }
+ /* Try to initialise the ENGINE? */
+ if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
+ initres = engine_unlocked_init(ret);
+ else
+ initres = 0;
+ if (initres) {
+ /* Update 'funct' */
+ if ((fnd->funct != ret) && engine_unlocked_init(ret)) {
+ /* If there was a previous default we release it. */
+ if (fnd->funct)
+ engine_unlocked_finish(fnd->funct, 0);
+ fnd->funct = ret;
+#ifdef ENGINE_TABLE_DEBUG
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
+ "setting default to '%s'\n", f, l, nid, ret->id);
+#endif
+ }
+#ifdef ENGINE_TABLE_DEBUG
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+ "newly initialised '%s'\n", f, l, nid, ret->id);
+#endif
+ goto end;
+ }
+ goto trynext;
+ end:
+ /*
+ * If it failed, it is unlikely to succeed again until some future
+ * registrations have taken place. In all cases, we cache.
+ */
+ if (fnd)
+ fnd->uptodate = 1;
+#ifdef ENGINE_TABLE_DEBUG
+ if (ret)
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+ "ENGINE '%s'\n", f, l, nid, ret->id);
+ else
+ fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+ "'no matching ENGINE'\n", f, l, nid);
+#endif
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ /*
+ * Whatever happened, any failed init()s are not failures in this
+ * context, so clear our error state.
+ */
+ ERR_pop_to_mark();
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/engine.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/engine.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/engine.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,804 +0,0 @@
-/* openssl/engine.h */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_ENGINE_H
-#define HEADER_ENGINE_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_ENGINE
-#error ENGINE is disabled.
-#endif
-
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#include <openssl/rand.h>
-#include <openssl/store.h>
-#include <openssl/ui.h>
-#include <openssl/err.h>
-#endif
-
-#include <openssl/x509.h>
-
-#include <openssl/ossl_typ.h>
-#include <openssl/symhacks.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* These flags are used to control combinations of algorithm (methods)
- * by bitwise "OR"ing. */
-#define ENGINE_METHOD_RSA (unsigned int)0x0001
-#define ENGINE_METHOD_DSA (unsigned int)0x0002
-#define ENGINE_METHOD_DH (unsigned int)0x0004
-#define ENGINE_METHOD_RAND (unsigned int)0x0008
-#define ENGINE_METHOD_ECDH (unsigned int)0x0010
-#define ENGINE_METHOD_ECDSA (unsigned int)0x0020
-#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040
-#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080
-#define ENGINE_METHOD_STORE (unsigned int)0x0100
-/* Obvious all-or-nothing cases. */
-#define ENGINE_METHOD_ALL (unsigned int)0xFFFF
-#define ENGINE_METHOD_NONE (unsigned int)0x0000
-
-/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
- * internally to control registration of ENGINE implementations, and can be set
- * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
- * initialise registered ENGINEs if they are not already initialised. */
-#define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001
-
-/* ENGINE flags that can be set by ENGINE_set_flags(). */
-/* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */
-
-/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
- * control commands on their own. Without this flag, ENGINE_ctrl() handles these
- * control commands on behalf of the ENGINE using their "cmd_defns" data. */
-#define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002
-
-/* This flag is for ENGINEs who return new duplicate structures when found via
- * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
- * commands are called in sequence as part of some stateful process like
- * key-generation setup and execution), it can set this flag - then each attempt
- * to obtain the ENGINE will result in it being copied into a new structure.
- * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
- * the existing ENGINE's structural reference count. */
-#define ENGINE_FLAGS_BY_ID_COPY (int)0x0004
-
-/* ENGINEs can support their own command types, and these flags are used in
- * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
- * command expects. Currently only numeric and string input is supported. If a
- * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
- * then it is regarded as an "internal" control command - and not for use in
- * config setting situations. As such, they're not available to the
- * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
- * this list of 'command types' should be reflected carefully in
- * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
-
-/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
-#define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
-/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
- * ENGINE_ctrl) */
-#define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
-/* Indicates that the control command takes *no* input. Ie. the control command
- * is unparameterised. */
-#define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
-/* Indicates that the control command is internal. This control command won't
- * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
- * function. */
-#define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
-
-/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
- * relying on these commands should compile conditional support for
- * compatibility (eg. if these symbols are defined) but should also migrate the
- * same functionality to their own ENGINE-specific control functions that can be
- * "discovered" by calling applications. The fact these control commands
- * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
- * fact that application code can find and use them without requiring per-ENGINE
- * hacking. */
-
-/* These flags are used to tell the ctrl function what should be done.
- * All command numbers are shared between all engines, even if some don't
- * make sense to some engines. In such a case, they do nothing but return
- * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
-#define ENGINE_CTRL_SET_LOGSTREAM 1
-#define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2
-#define ENGINE_CTRL_HUP 3 /* Close and reinitialise any
- handles/connections etc. */
-#define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */
-#define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used
- when calling the password
- callback and the user
- interface */
-#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given
- a string that represents a
- file name or so */
-#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given
- section in the already loaded
- configuration */
-
-/* These control commands allow an application to deal with an arbitrary engine
- * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
- * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
- * including ENGINE-specific command types, return zero for an error.
- *
- * An ENGINE can choose to implement these ctrl functions, and can internally
- * manage things however it chooses - it does so by setting the
- * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
- * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
- * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
- * handler need only implement its own commands - the above "meta" commands will
- * be taken care of. */
-
-/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
- * all the remaining control commands will return failure, so it is worth
- * checking this first if the caller is trying to "discover" the engine's
- * capabilities and doesn't want errors generated unnecessarily. */
-#define ENGINE_CTRL_HAS_CTRL_FUNCTION 10
-/* Returns a positive command number for the first command supported by the
- * engine. Returns zero if no ctrl commands are supported. */
-#define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
-/* The 'long' argument specifies a command implemented by the engine, and the
- * return value is the next command supported, or zero if there are no more. */
-#define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
-/* The 'void*' argument is a command name (cast from 'const char *'), and the
- * return value is the command that corresponds to it. */
-#define ENGINE_CTRL_GET_CMD_FROM_NAME 13
-/* The next two allow a command to be converted into its corresponding string
- * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
- * case, the return value is the length of the command name (not counting a
- * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
- * large enough, and it will be populated with the name of the command (WITH a
- * trailing EOL). */
-#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
-#define ENGINE_CTRL_GET_NAME_FROM_CMD 15
-/* The next two are similar but give a "short description" of a command. */
-#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
-#define ENGINE_CTRL_GET_DESC_FROM_CMD 17
-/* With this command, the return value is the OR'd combination of
- * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
- * engine-specific ctrl command expects. */
-#define ENGINE_CTRL_GET_CMD_FLAGS 18
-
-/* ENGINE implementations should start the numbering of their own control
- * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
-#define ENGINE_CMD_BASE 200
-
-/* NB: These 2 nCipher "chil" control commands are deprecated, and their
- * functionality is now available through ENGINE-specific control commands
- * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
- * commands should be migrated to the more general command handling before these
- * are removed. */
-
-/* Flags specific to the nCipher "chil" engine */
-#define ENGINE_CTRL_CHIL_SET_FORKCHECK 100
- /* Depending on the value of the (long)i argument, this sets or
- * unsets the SimpleForkCheck flag in the CHIL API to enable or
- * disable checking and workarounds for applications that fork().
- */
-#define ENGINE_CTRL_CHIL_NO_LOCKING 101
- /* This prevents the initialisation function from providing mutex
- * callbacks to the nCipher library. */
-
-/* If an ENGINE supports its own specific control commands and wishes the
- * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
- * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
- * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
- * supports the stated commands (ie. the "cmd_num" entries as described by the
- * array). NB: The array must be ordered in increasing order of cmd_num.
- * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
- * to zero and/or cmd_name set to NULL. */
-typedef struct ENGINE_CMD_DEFN_st
- {
- unsigned int cmd_num; /* The command number */
- const char *cmd_name; /* The command name itself */
- const char *cmd_desc; /* A short description of the command */
- unsigned int cmd_flags; /* The input the command expects */
- } ENGINE_CMD_DEFN;
-
-/* Generic function pointer */
-typedef int (*ENGINE_GEN_FUNC_PTR)(void);
-/* Generic function pointer taking no arguments */
-typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
-/* Specific control function pointer */
-typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void));
-/* Generic load_key function pointer */
-typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
- UI_METHOD *ui_method, void *callback_data);
-typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl,
- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
- STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
-/* These callback types are for an ENGINE's handler for cipher and digest logic.
- * These handlers have these prototypes;
- * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
- * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
- * Looking at how to implement these handlers in the case of cipher support, if
- * the framework wants the EVP_CIPHER for 'nid', it will call;
- * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure)
- * If the framework wants a list of supported 'nid's, it will call;
- * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
- */
-/* Returns to a pointer to the array of supported cipher 'nid's. If the second
- * parameter is non-NULL it is set to the size of the returned array. */
-typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
-typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
-
-/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
- * structures where the pointers have a "structural reference". This means that
- * their reference is to allowed access to the structure but it does not imply
- * that the structure is functional. To simply increment or decrement the
- * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
- * required when iterating using ENGINE_get_next as it will automatically
- * decrement the structural reference count of the "current" ENGINE and
- * increment the structural reference count of the ENGINE it returns (unless it
- * is NULL). */
-
-/* Get the first/last "ENGINE" type available. */
-ENGINE *ENGINE_get_first(void);
-ENGINE *ENGINE_get_last(void);
-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *ENGINE_get_next(ENGINE *e);
-ENGINE *ENGINE_get_prev(ENGINE *e);
-/* Add another "ENGINE" type into the array. */
-int ENGINE_add(ENGINE *e);
-/* Remove an existing "ENGINE" type from the array. */
-int ENGINE_remove(ENGINE *e);
-/* Retrieve an engine from the list by its unique "id" value. */
-ENGINE *ENGINE_by_id(const char *id);
-/* Add all the built-in engines. */
-void ENGINE_load_openssl(void);
-void ENGINE_load_dynamic(void);
-#ifndef OPENSSL_NO_STATIC_ENGINE
-void ENGINE_load_4758cca(void);
-void ENGINE_load_aep(void);
-void ENGINE_load_atalla(void);
-void ENGINE_load_chil(void);
-void ENGINE_load_cswift(void);
-#ifndef OPENSSL_NO_GMP
-void ENGINE_load_gmp(void);
-#endif
-void ENGINE_load_nuron(void);
-void ENGINE_load_sureware(void);
-void ENGINE_load_ubsec(void);
-#ifdef OPENSSL_SYS_WIN32
-#ifndef OPENSSL_NO_CAPIENG
-void ENGINE_load_capi(void);
-#endif
-#endif
-#endif
-void ENGINE_load_cryptodev(void);
-void ENGINE_load_padlock(void);
-void ENGINE_load_builtin_engines(void);
-
-/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
- * "registry" handling. */
-unsigned int ENGINE_get_table_flags(void);
-void ENGINE_set_table_flags(unsigned int flags);
-
-/* Manage registration of ENGINEs per "table". For each type, there are 3
- * functions;
- * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
- * ENGINE_unregister_***(e) - unregister the implementation from 'e'
- * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
- * Cleanup is automatically registered from each table when required, so
- * ENGINE_cleanup() will reverse any "register" operations. */
-
-int ENGINE_register_RSA(ENGINE *e);
-void ENGINE_unregister_RSA(ENGINE *e);
-void ENGINE_register_all_RSA(void);
-
-int ENGINE_register_DSA(ENGINE *e);
-void ENGINE_unregister_DSA(ENGINE *e);
-void ENGINE_register_all_DSA(void);
-
-int ENGINE_register_ECDH(ENGINE *e);
-void ENGINE_unregister_ECDH(ENGINE *e);
-void ENGINE_register_all_ECDH(void);
-
-int ENGINE_register_ECDSA(ENGINE *e);
-void ENGINE_unregister_ECDSA(ENGINE *e);
-void ENGINE_register_all_ECDSA(void);
-
-int ENGINE_register_DH(ENGINE *e);
-void ENGINE_unregister_DH(ENGINE *e);
-void ENGINE_register_all_DH(void);
-
-int ENGINE_register_RAND(ENGINE *e);
-void ENGINE_unregister_RAND(ENGINE *e);
-void ENGINE_register_all_RAND(void);
-
-int ENGINE_register_STORE(ENGINE *e);
-void ENGINE_unregister_STORE(ENGINE *e);
-void ENGINE_register_all_STORE(void);
-
-int ENGINE_register_ciphers(ENGINE *e);
-void ENGINE_unregister_ciphers(ENGINE *e);
-void ENGINE_register_all_ciphers(void);
-
-int ENGINE_register_digests(ENGINE *e);
-void ENGINE_unregister_digests(ENGINE *e);
-void ENGINE_register_all_digests(void);
-
-/* These functions register all support from the above categories. Note, use of
- * these functions can result in static linkage of code your application may not
- * need. If you only need a subset of functionality, consider using more
- * selective initialisation. */
-int ENGINE_register_complete(ENGINE *e);
-int ENGINE_register_all_complete(void);
-
-/* Send parametrised control commands to the engine. The possibilities to send
- * down an integer, a pointer to data or a function pointer are provided. Any of
- * the parameters may or may not be NULL, depending on the command number. In
- * actuality, this function only requires a structural (rather than functional)
- * reference to an engine, but many control commands may require the engine be
- * functional. The caller should be aware of trying commands that require an
- * operational ENGINE, and only use functional references in such situations. */
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-/* This function tests if an ENGINE-specific command is usable as a "setting".
- * Eg. in an application's config file that gets processed through
- * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
- * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
-int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
-
-/* This function works like ENGINE_ctrl() with the exception of taking a
- * command name instead of a command number, and can handle optional commands.
- * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
- * use the cmd_name and cmd_optional. */
-int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
- long i, void *p, void (*f)(void), int cmd_optional);
-
-/* This function passes a command-name and argument to an ENGINE. The cmd_name
- * is converted to a command number and the control command is called using
- * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
- * which case no control command is called). The command is checked for input
- * flags, and if necessary the argument will be converted to a numeric value. If
- * cmd_optional is non-zero, then if the ENGINE doesn't support the given
- * cmd_name the return value will be success anyway. This function is intended
- * for applications to use so that users (or config files) can supply
- * engine-specific config data to the ENGINE at run-time to control behaviour of
- * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
- * functions that return data, deal with binary data, or that are otherwise
- * supposed to be used directly through ENGINE_ctrl() in application code. Any
- * "return" data from an ENGINE_ctrl() operation in this function will be lost -
- * the return value is interpreted as failure if the return value is zero,
- * success otherwise, and this function returns a boolean value as a result. In
- * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
- * implementations with parameterisations that work in this scheme, so that
- * compliant ENGINE-based applications can work consistently with the same
- * configuration for the same ENGINE-enabled devices, across applications. */
-int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
- int cmd_optional);
-
-/* These functions are useful for manufacturing new ENGINE structures. They
- * don't address reference counting at all - one uses them to populate an ENGINE
- * structure with personalised implementations of things prior to using it
- * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
- * here so that the ENGINE structure doesn't have to be exposed and break binary
- * compatibility! */
-ENGINE *ENGINE_new(void);
-int ENGINE_free(ENGINE *e);
-int ENGINE_up_ref(ENGINE *e);
-int ENGINE_set_id(ENGINE *e, const char *id);
-int ENGINE_set_name(ENGINE *e, const char *name);
-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
-int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);
-int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
-int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
-int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
-int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
-int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
-int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
- ENGINE_SSL_CLIENT_CERT_PTR loadssl_f);
-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
-int ENGINE_set_flags(ENGINE *e, int flags);
-int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
-/* These functions allow control over any per-structure ENGINE data. */
-int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
-void *ENGINE_get_ex_data(const ENGINE *e, int idx);
-
-/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
- * automatically ensures the list cleanup function is registered to be called
- * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
- * ENGINE_cleanup() will clean up after them. */
-void ENGINE_cleanup(void);
-
-/* These return values from within the ENGINE structure. These can be useful
- * with functional references as well as structural references - it depends
- * which you obtained. Using the result for functional purposes if you only
- * obtained a structural reference may be problematic! */
-const char *ENGINE_get_id(const ENGINE *e);
-const char *ENGINE_get_name(const ENGINE *e);
-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
-const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
-const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
-const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
-ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
-ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
-ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e);
-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
-const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
-int ENGINE_get_flags(const ENGINE *e);
-
-/* FUNCTIONAL functions. These functions deal with ENGINE structures
- * that have (or will) be initialised for use. Broadly speaking, the
- * structural functions are useful for iterating the list of available
- * engine types, creating new engine types, and other "list" operations.
- * These functions actually deal with ENGINEs that are to be used. As
- * such these functions can fail (if applicable) when particular
- * engines are unavailable - eg. if a hardware accelerator is not
- * attached or not functioning correctly. Each ENGINE has 2 reference
- * counts; structural and functional. Every time a functional reference
- * is obtained or released, a corresponding structural reference is
- * automatically obtained or released too. */
-
-/* Initialise a engine type for use (or up its reference count if it's
- * already in use). This will fail if the engine is not currently
- * operational and cannot initialise. */
-int ENGINE_init(ENGINE *e);
-/* Free a functional reference to a engine type. This does not require
- * a corresponding call to ENGINE_free as it also releases a structural
- * reference. */
-int ENGINE_finish(ENGINE *e);
-
-/* The following functions handle keys that are stored in some secondary
- * location, handled by the engine. The storage may be on a card or
- * whatever. */
-EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
- STACK_OF(X509) **pother,
- UI_METHOD *ui_method, void *callback_data);
-
-/* This returns a pointer for the current ENGINE structure that
- * is (by default) performing any RSA operations. The value returned
- * is an incremented reference, so it should be free'd (ENGINE_finish)
- * before it is discarded. */
-ENGINE *ENGINE_get_default_RSA(void);
-/* Same for the other "methods" */
-ENGINE *ENGINE_get_default_DSA(void);
-ENGINE *ENGINE_get_default_ECDH(void);
-ENGINE *ENGINE_get_default_ECDSA(void);
-ENGINE *ENGINE_get_default_DH(void);
-ENGINE *ENGINE_get_default_RAND(void);
-/* These functions can be used to get a functional reference to perform
- * ciphering or digesting corresponding to "nid". */
-ENGINE *ENGINE_get_cipher_engine(int nid);
-ENGINE *ENGINE_get_digest_engine(int nid);
-
-/* This sets a new default ENGINE structure for performing RSA
- * operations. If the result is non-zero (success) then the ENGINE
- * structure will have had its reference count up'd so the caller
- * should still free their own reference 'e'. */
-int ENGINE_set_default_RSA(ENGINE *e);
-int ENGINE_set_default_string(ENGINE *e, const char *def_list);
-/* Same for the other "methods" */
-int ENGINE_set_default_DSA(ENGINE *e);
-int ENGINE_set_default_ECDH(ENGINE *e);
-int ENGINE_set_default_ECDSA(ENGINE *e);
-int ENGINE_set_default_DH(ENGINE *e);
-int ENGINE_set_default_RAND(ENGINE *e);
-int ENGINE_set_default_ciphers(ENGINE *e);
-int ENGINE_set_default_digests(ENGINE *e);
-
-/* The combination "set" - the flags are bitwise "OR"d from the
- * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
- * function, this function can result in unnecessary static linkage. If your
- * application requires only specific functionality, consider using more
- * selective functions. */
-int ENGINE_set_default(ENGINE *e, unsigned int flags);
-
-void ENGINE_add_conf_module(void);
-
-/* Deprecated functions ... */
-/* int ENGINE_clear_defaults(void); */
-
-/**************************/
-/* DYNAMIC ENGINE SUPPORT */
-/**************************/
-
-/* Binary/behaviour compatibility levels */
-#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000
-/* Binary versions older than this are too old for us (whether we're a loader or
- * a loadee) */
-#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000
-
-/* When compiling an ENGINE entirely as an external shared library, loadable by
- * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
- * type provides the calling application's (or library's) error functionality
- * and memory management function pointers to the loaded library. These should
- * be used/set in the loaded library code so that the loading application's
- * 'state' will be used/changed in all operations. The 'static_state' pointer
- * allows the loaded library to know if it shares the same static data as the
- * calling application (or library), and thus whether these callbacks need to be
- * set or not. */
-typedef void *(*dyn_MEM_malloc_cb)(size_t);
-typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
-typedef void (*dyn_MEM_free_cb)(void *);
-typedef struct st_dynamic_MEM_fns {
- dyn_MEM_malloc_cb malloc_cb;
- dyn_MEM_realloc_cb realloc_cb;
- dyn_MEM_free_cb free_cb;
- } dynamic_MEM_fns;
-/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
- * these types so we (and any other dependant code) can simplify a bit?? */
-typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);
-typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);
-typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
- const char *,int);
-typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,
- const char *,int);
-typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
- const char *,int);
-typedef struct st_dynamic_LOCK_fns {
- dyn_lock_locking_cb lock_locking_cb;
- dyn_lock_add_lock_cb lock_add_lock_cb;
- dyn_dynlock_create_cb dynlock_create_cb;
- dyn_dynlock_lock_cb dynlock_lock_cb;
- dyn_dynlock_destroy_cb dynlock_destroy_cb;
- } dynamic_LOCK_fns;
-/* The top-level structure */
-typedef struct st_dynamic_fns {
- void *static_state;
- const ERR_FNS *err_fns;
- const CRYPTO_EX_DATA_IMPL *ex_data_fns;
- dynamic_MEM_fns mem_fns;
- dynamic_LOCK_fns lock_fns;
- } dynamic_fns;
-
-/* The version checking function should be of this prototype. NB: The
- * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
- * If this function returns zero, it indicates a (potential) version
- * incompatibility and the loaded library doesn't believe it can proceed.
- * Otherwise, the returned value is the (latest) version supported by the
- * loading library. The loader may still decide that the loaded code's version
- * is unsatisfactory and could veto the load. The function is expected to
- * be implemented with the symbol name "v_check", and a default implementation
- * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
-typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
-#define IMPLEMENT_DYNAMIC_CHECK_FN() \
- OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
- if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
- return 0; }
-
-/* This function is passed the ENGINE structure to initialise with its own
- * function and command settings. It should not adjust the structural or
- * functional reference counts. If this function returns zero, (a) the load will
- * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
- * structure, and (c) the shared library will be unloaded. So implementations
- * should do their own internal cleanup in failure circumstances otherwise they
- * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
- * the loader is looking for. If this is NULL, the shared library can choose to
- * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
- * library must initialise only an ENGINE matching the passed 'id'. The function
- * is expected to be implemented with the symbol name "bind_engine". A standard
- * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
- * the parameter 'fn' is a callback function that populates the ENGINE structure
- * and returns an int value (zero for failure). 'fn' should have prototype;
- * [static] int fn(ENGINE *e, const char *id); */
-typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
- const dynamic_fns *fns);
-#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
- OPENSSL_EXPORT \
- int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
- if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
- if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
- fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
- return 0; \
- CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
- CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
- CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
- CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
- CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
- if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
- return 0; \
- if(!ERR_set_implementation(fns->err_fns)) return 0; \
- skip_cbs: \
- if(!fn(e,id)) return 0; \
- return 1; }
-
-/* If the loading application (or library) and the loaded ENGINE library share
- * the same static data (eg. they're both dynamically linked to the same
- * libcrypto.so) we need a way to avoid trying to set system callbacks - this
- * would fail, and for the same reason that it's unnecessary to try. If the
- * loaded ENGINE has (or gets from through the loader) its own copy of the
- * libcrypto static data, we will need to set the callbacks. The easiest way to
- * detect this is to have a function that returns a pointer to some static data
- * and let the loading application and loaded ENGINE compare their respective
- * values. */
-void *ENGINE_get_static_state(void);
-
-#if defined(__OpenBSD__) || defined(__FreeBSD__)
-void ENGINE_setup_bsd_cryptodev(void);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_ENGINE_strings(void);
-
-/* Error codes for the ENGINE functions. */
-
-/* Function codes. */
-#define ENGINE_F_DYNAMIC_CTRL 180
-#define ENGINE_F_DYNAMIC_GET_DATA_CTX 181
-#define ENGINE_F_DYNAMIC_LOAD 182
-#define ENGINE_F_DYNAMIC_SET_DATA_CTX 183
-#define ENGINE_F_ENGINE_ADD 105
-#define ENGINE_F_ENGINE_BY_ID 106
-#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170
-#define ENGINE_F_ENGINE_CTRL 142
-#define ENGINE_F_ENGINE_CTRL_CMD 178
-#define ENGINE_F_ENGINE_CTRL_CMD_STRING 171
-#define ENGINE_F_ENGINE_FINISH 107
-#define ENGINE_F_ENGINE_FREE_UTIL 108
-#define ENGINE_F_ENGINE_GET_CIPHER 185
-#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177
-#define ENGINE_F_ENGINE_GET_DIGEST 186
-#define ENGINE_F_ENGINE_GET_NEXT 115
-#define ENGINE_F_ENGINE_GET_PREV 116
-#define ENGINE_F_ENGINE_INIT 119
-#define ENGINE_F_ENGINE_LIST_ADD 120
-#define ENGINE_F_ENGINE_LIST_REMOVE 121
-#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
-#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
-#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192
-#define ENGINE_F_ENGINE_NEW 122
-#define ENGINE_F_ENGINE_REMOVE 123
-#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189
-#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126
-#define ENGINE_F_ENGINE_SET_ID 129
-#define ENGINE_F_ENGINE_SET_NAME 130
-#define ENGINE_F_ENGINE_TABLE_REGISTER 184
-#define ENGINE_F_ENGINE_UNLOAD_KEY 152
-#define ENGINE_F_ENGINE_UNLOCKED_FINISH 191
-#define ENGINE_F_ENGINE_UP_REF 190
-#define ENGINE_F_INT_CTRL_HELPER 172
-#define ENGINE_F_INT_ENGINE_CONFIGURE 188
-#define ENGINE_F_INT_ENGINE_MODULE_INIT 187
-#define ENGINE_F_LOG_MESSAGE 141
-
-/* Reason codes. */
-#define ENGINE_R_ALREADY_LOADED 100
-#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133
-#define ENGINE_R_CMD_NOT_EXECUTABLE 134
-#define ENGINE_R_COMMAND_TAKES_INPUT 135
-#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
-#define ENGINE_R_CONFLICTING_ENGINE_ID 103
-#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
-#define ENGINE_R_DH_NOT_IMPLEMENTED 139
-#define ENGINE_R_DSA_NOT_IMPLEMENTED 140
-#define ENGINE_R_DSO_FAILURE 104
-#define ENGINE_R_DSO_NOT_FOUND 132
-#define ENGINE_R_ENGINES_SECTION_ERROR 148
-#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101
-#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
-#define ENGINE_R_ENGINE_SECTION_ERROR 149
-#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
-#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
-#define ENGINE_R_FINISH_FAILED 106
-#define ENGINE_R_GET_HANDLE_FAILED 107
-#define ENGINE_R_ID_OR_NAME_MISSING 108
-#define ENGINE_R_INIT_FAILED 109
-#define ENGINE_R_INTERNAL_LIST_ERROR 110
-#define ENGINE_R_INVALID_ARGUMENT 143
-#define ENGINE_R_INVALID_CMD_NAME 137
-#define ENGINE_R_INVALID_CMD_NUMBER 138
-#define ENGINE_R_INVALID_INIT_VALUE 151
-#define ENGINE_R_INVALID_STRING 150
-#define ENGINE_R_NOT_INITIALISED 117
-#define ENGINE_R_NOT_LOADED 112
-#define ENGINE_R_NO_CONTROL_FUNCTION 120
-#define ENGINE_R_NO_INDEX 144
-#define ENGINE_R_NO_LOAD_FUNCTION 125
-#define ENGINE_R_NO_REFERENCE 130
-#define ENGINE_R_NO_SUCH_ENGINE 116
-#define ENGINE_R_NO_UNLOAD_FUNCTION 126
-#define ENGINE_R_PROVIDE_PARAMETERS 113
-#define ENGINE_R_RSA_NOT_IMPLEMENTED 141
-#define ENGINE_R_UNIMPLEMENTED_CIPHER 146
-#define ENGINE_R_UNIMPLEMENTED_DIGEST 147
-#define ENGINE_R_VERSION_INCOMPATIBILITY 145
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/engine.h (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/engine.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/engine.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/engine.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,918 @@
+/* openssl/engine.h */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_ENGINE_H
+# define HEADER_ENGINE_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_ENGINE
+# error ENGINE is disabled.
+# endif
+
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/bn.h>
+# ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# endif
+# ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+# endif
+# ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+# endif
+# ifndef OPENSSL_NO_ECDH
+# include <openssl/ecdh.h>
+# endif
+# ifndef OPENSSL_NO_ECDSA
+# include <openssl/ecdsa.h>
+# endif
+# include <openssl/rand.h>
+# include <openssl/store.h>
+# include <openssl/ui.h>
+# include <openssl/err.h>
+# endif
+
+# include <openssl/x509.h>
+
+# include <openssl/ossl_typ.h>
+# include <openssl/symhacks.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * These flags are used to control combinations of algorithm (methods) by
+ * bitwise "OR"ing.
+ */
+# define ENGINE_METHOD_RSA (unsigned int)0x0001
+# define ENGINE_METHOD_DSA (unsigned int)0x0002
+# define ENGINE_METHOD_DH (unsigned int)0x0004
+# define ENGINE_METHOD_RAND (unsigned int)0x0008
+# define ENGINE_METHOD_ECDH (unsigned int)0x0010
+# define ENGINE_METHOD_ECDSA (unsigned int)0x0020
+# define ENGINE_METHOD_CIPHERS (unsigned int)0x0040
+# define ENGINE_METHOD_DIGESTS (unsigned int)0x0080
+# define ENGINE_METHOD_STORE (unsigned int)0x0100
+/* Obvious all-or-nothing cases. */
+# define ENGINE_METHOD_ALL (unsigned int)0xFFFF
+# define ENGINE_METHOD_NONE (unsigned int)0x0000
+
+/*
+ * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
+ * internally to control registration of ENGINE implementations, and can be
+ * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
+ * initialise registered ENGINEs if they are not already initialised.
+ */
+# define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001
+
+/* ENGINE flags that can be set by ENGINE_set_flags(). */
+/* Not used */
+/* #define ENGINE_FLAGS_MALLOCED 0x0001 */
+
+/*
+ * This flag is for ENGINEs that wish to handle the various 'CMD'-related
+ * control commands on their own. Without this flag, ENGINE_ctrl() handles
+ * these control commands on behalf of the ENGINE using their "cmd_defns"
+ * data.
+ */
+# define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002
+
+/*
+ * This flag is for ENGINEs who return new duplicate structures when found
+ * via "ENGINE_by_id()". When an ENGINE must store state (eg. if
+ * ENGINE_ctrl() commands are called in sequence as part of some stateful
+ * process like key-generation setup and execution), it can set this flag -
+ * then each attempt to obtain the ENGINE will result in it being copied into
+ * a new structure. Normally, ENGINEs don't declare this flag so
+ * ENGINE_by_id() just increments the existing ENGINE's structural reference
+ * count.
+ */
+# define ENGINE_FLAGS_BY_ID_COPY (int)0x0004
+
+/*
+ * ENGINEs can support their own command types, and these flags are used in
+ * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input
+ * each command expects. Currently only numeric and string input is
+ * supported. If a control command supports none of the _NUMERIC, _STRING, or
+ * _NO_INPUT options, then it is regarded as an "internal" control command -
+ * and not for use in config setting situations. As such, they're not
+ * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl()
+ * access. Changes to this list of 'command types' should be reflected
+ * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string().
+ */
+
+/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
+# define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
+/*
+ * accepts string input (cast from 'void*' to 'const char *', 4th parameter
+ * to ENGINE_ctrl)
+ */
+# define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
+/*
+ * Indicates that the control command takes *no* input. Ie. the control
+ * command is unparameterised.
+ */
+# define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
+/*
+ * Indicates that the control command is internal. This control command won't
+ * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
+ * function.
+ */
+# define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
+
+/*
+ * NB: These 3 control commands are deprecated and should not be used.
+ * ENGINEs relying on these commands should compile conditional support for
+ * compatibility (eg. if these symbols are defined) but should also migrate
+ * the same functionality to their own ENGINE-specific control functions that
+ * can be "discovered" by calling applications. The fact these control
+ * commands wouldn't be "executable" (ie. usable by text-based config)
+ * doesn't change the fact that application code can find and use them
+ * without requiring per-ENGINE hacking.
+ */
+
+/*
+ * These flags are used to tell the ctrl function what should be done. All
+ * command numbers are shared between all engines, even if some don't make
+ * sense to some engines. In such a case, they do nothing but return the
+ * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED.
+ */
+# define ENGINE_CTRL_SET_LOGSTREAM 1
+# define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2
+# define ENGINE_CTRL_HUP 3/* Close and reinitialise
+ * any handles/connections
+ * etc. */
+# define ENGINE_CTRL_SET_USER_INTERFACE 4/* Alternative to callback */
+# define ENGINE_CTRL_SET_CALLBACK_DATA 5/* User-specific data, used
+ * when calling the password
+ * callback and the user
+ * interface */
+# define ENGINE_CTRL_LOAD_CONFIGURATION 6/* Load a configuration,
+ * given a string that
+ * represents a file name
+ * or so */
+# define ENGINE_CTRL_LOAD_SECTION 7/* Load data from a given
+ * section in the already
+ * loaded configuration */
+
+/*
+ * These control commands allow an application to deal with an arbitrary
+ * engine in a dynamic way. Warn: Negative return values indicate errors FOR
+ * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other
+ * commands, including ENGINE-specific command types, return zero for an
+ * error. An ENGINE can choose to implement these ctrl functions, and can
+ * internally manage things however it chooses - it does so by setting the
+ * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise
+ * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the
+ * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's
+ * ctrl() handler need only implement its own commands - the above "meta"
+ * commands will be taken care of.
+ */
+
+/*
+ * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not",
+ * then all the remaining control commands will return failure, so it is
+ * worth checking this first if the caller is trying to "discover" the
+ * engine's capabilities and doesn't want errors generated unnecessarily.
+ */
+# define ENGINE_CTRL_HAS_CTRL_FUNCTION 10
+/*
+ * Returns a positive command number for the first command supported by the
+ * engine. Returns zero if no ctrl commands are supported.
+ */
+# define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
+/*
+ * The 'long' argument specifies a command implemented by the engine, and the
+ * return value is the next command supported, or zero if there are no more.
+ */
+# define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
+/*
+ * The 'void*' argument is a command name (cast from 'const char *'), and the
+ * return value is the command that corresponds to it.
+ */
+# define ENGINE_CTRL_GET_CMD_FROM_NAME 13
+/*
+ * The next two allow a command to be converted into its corresponding string
+ * form. In each case, the 'long' argument supplies the command. In the
+ * NAME_LEN case, the return value is the length of the command name (not
+ * counting a trailing EOL). In the NAME case, the 'void*' argument must be a
+ * string buffer large enough, and it will be populated with the name of the
+ * command (WITH a trailing EOL).
+ */
+# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
+# define ENGINE_CTRL_GET_NAME_FROM_CMD 15
+/* The next two are similar but give a "short description" of a command. */
+# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
+# define ENGINE_CTRL_GET_DESC_FROM_CMD 17
+/*
+ * With this command, the return value is the OR'd combination of
+ * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
+ * engine-specific ctrl command expects.
+ */
+# define ENGINE_CTRL_GET_CMD_FLAGS 18
+
+/*
+ * ENGINE implementations should start the numbering of their own control
+ * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc).
+ */
+# define ENGINE_CMD_BASE 200
+
+/*
+ * NB: These 2 nCipher "chil" control commands are deprecated, and their
+ * functionality is now available through ENGINE-specific control commands
+ * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
+ * commands should be migrated to the more general command handling before
+ * these are removed.
+ */
+
+/* Flags specific to the nCipher "chil" engine */
+# define ENGINE_CTRL_CHIL_SET_FORKCHECK 100
+ /*
+ * Depending on the value of the (long)i argument, this sets or
+ * unsets the SimpleForkCheck flag in the CHIL API to enable or
+ * disable checking and workarounds for applications that fork().
+ */
+# define ENGINE_CTRL_CHIL_NO_LOCKING 101
+ /*
+ * This prevents the initialisation function from providing mutex
+ * callbacks to the nCipher library.
+ */
+
+/*
+ * If an ENGINE supports its own specific control commands and wishes the
+ * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on
+ * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN
+ * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl()
+ * handler that supports the stated commands (ie. the "cmd_num" entries as
+ * described by the array). NB: The array must be ordered in increasing order
+ * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element
+ * has cmd_num set to zero and/or cmd_name set to NULL.
+ */
+typedef struct ENGINE_CMD_DEFN_st {
+ unsigned int cmd_num; /* The command number */
+ const char *cmd_name; /* The command name itself */
+ const char *cmd_desc; /* A short description of the command */
+ unsigned int cmd_flags; /* The input the command expects */
+} ENGINE_CMD_DEFN;
+
+/* Generic function pointer */
+typedef int (*ENGINE_GEN_FUNC_PTR) (void);
+/* Generic function pointer taking no arguments */
+typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *,
+ void (*f) (void));
+/* Generic load_key function pointer */
+typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
+ UI_METHOD *ui_method,
+ void *callback_data);
+typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl,
+ STACK_OF(X509_NAME) *ca_dn,
+ X509 **pcert, EVP_PKEY **pkey,
+ STACK_OF(X509) **pother,
+ UI_METHOD *ui_method,
+ void *callback_data);
+/*-
+ * These callback types are for an ENGINE's handler for cipher and digest logic.
+ * These handlers have these prototypes;
+ * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+ * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
+ * Looking at how to implement these handlers in the case of cipher support, if
+ * the framework wants the EVP_CIPHER for 'nid', it will call;
+ * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure)
+ * If the framework wants a list of supported 'nid's, it will call;
+ * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
+ */
+/*
+ * Returns to a pointer to the array of supported cipher 'nid's. If the
+ * second parameter is non-NULL it is set to the size of the returned array.
+ */
+typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **,
+ const int **, int);
+typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **,
+ int);
+
+/*
+ * STRUCTURE functions ... all of these functions deal with pointers to
+ * ENGINE structures where the pointers have a "structural reference". This
+ * means that their reference is to allowed access to the structure but it
+ * does not imply that the structure is functional. To simply increment or
+ * decrement the structural reference count, use ENGINE_by_id and
+ * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next
+ * as it will automatically decrement the structural reference count of the
+ * "current" ENGINE and increment the structural reference count of the
+ * ENGINE it returns (unless it is NULL).
+ */
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+/* Add another "ENGINE" type into the array. */
+int ENGINE_add(ENGINE *e);
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e);
+/* Retrieve an engine from the list by its unique "id" value. */
+ENGINE *ENGINE_by_id(const char *id);
+/* Add all the built-in engines. */
+void ENGINE_load_openssl(void);
+void ENGINE_load_dynamic(void);
+# ifndef OPENSSL_NO_STATIC_ENGINE
+void ENGINE_load_4758cca(void);
+void ENGINE_load_aep(void);
+void ENGINE_load_atalla(void);
+void ENGINE_load_chil(void);
+void ENGINE_load_cswift(void);
+# ifndef OPENSSL_NO_GMP
+void ENGINE_load_gmp(void);
+# endif
+void ENGINE_load_nuron(void);
+void ENGINE_load_sureware(void);
+void ENGINE_load_ubsec(void);
+# ifdef OPENSSL_SYS_WIN32
+# ifndef OPENSSL_NO_CAPIENG
+void ENGINE_load_capi(void);
+# endif
+# endif
+# endif
+void ENGINE_load_cryptodev(void);
+void ENGINE_load_padlock(void);
+void ENGINE_load_builtin_engines(void);
+
+/*
+ * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+ * "registry" handling.
+ */
+unsigned int ENGINE_get_table_flags(void);
+void ENGINE_set_table_flags(unsigned int flags);
+
+/*- Manage registration of ENGINEs per "table". For each type, there are 3
+ * functions;
+ * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
+ * ENGINE_unregister_***(e) - unregister the implementation from 'e'
+ * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
+ * Cleanup is automatically registered from each table when required, so
+ * ENGINE_cleanup() will reverse any "register" operations.
+ */
+
+int ENGINE_register_RSA(ENGINE *e);
+void ENGINE_unregister_RSA(ENGINE *e);
+void ENGINE_register_all_RSA(void);
+
+int ENGINE_register_DSA(ENGINE *e);
+void ENGINE_unregister_DSA(ENGINE *e);
+void ENGINE_register_all_DSA(void);
+
+int ENGINE_register_ECDH(ENGINE *e);
+void ENGINE_unregister_ECDH(ENGINE *e);
+void ENGINE_register_all_ECDH(void);
+
+int ENGINE_register_ECDSA(ENGINE *e);
+void ENGINE_unregister_ECDSA(ENGINE *e);
+void ENGINE_register_all_ECDSA(void);
+
+int ENGINE_register_DH(ENGINE *e);
+void ENGINE_unregister_DH(ENGINE *e);
+void ENGINE_register_all_DH(void);
+
+int ENGINE_register_RAND(ENGINE *e);
+void ENGINE_unregister_RAND(ENGINE *e);
+void ENGINE_register_all_RAND(void);
+
+int ENGINE_register_STORE(ENGINE *e);
+void ENGINE_unregister_STORE(ENGINE *e);
+void ENGINE_register_all_STORE(void);
+
+int ENGINE_register_ciphers(ENGINE *e);
+void ENGINE_unregister_ciphers(ENGINE *e);
+void ENGINE_register_all_ciphers(void);
+
+int ENGINE_register_digests(ENGINE *e);
+void ENGINE_unregister_digests(ENGINE *e);
+void ENGINE_register_all_digests(void);
+
+/*
+ * These functions register all support from the above categories. Note, use
+ * of these functions can result in static linkage of code your application
+ * may not need. If you only need a subset of functionality, consider using
+ * more selective initialisation.
+ */
+int ENGINE_register_complete(ENGINE *e);
+int ENGINE_register_all_complete(void);
+
+/*
+ * Send parametrised control commands to the engine. The possibilities to
+ * send down an integer, a pointer to data or a function pointer are
+ * provided. Any of the parameters may or may not be NULL, depending on the
+ * command number. In actuality, this function only requires a structural
+ * (rather than functional) reference to an engine, but many control commands
+ * may require the engine be functional. The caller should be aware of trying
+ * commands that require an operational ENGINE, and only use functional
+ * references in such situations.
+ */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+
+/*
+ * This function tests if an ENGINE-specific command is usable as a
+ * "setting". Eg. in an application's config file that gets processed through
+ * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
+ * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl().
+ */
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+
+/*
+ * This function works like ENGINE_ctrl() with the exception of taking a
+ * command name instead of a command number, and can handle optional
+ * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation
+ * on how to use the cmd_name and cmd_optional.
+ */
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+ long i, void *p, void (*f) (void), int cmd_optional);
+
+/*
+ * This function passes a command-name and argument to an ENGINE. The
+ * cmd_name is converted to a command number and the control command is
+ * called using 'arg' as an argument (unless the ENGINE doesn't support such
+ * a command, in which case no control command is called). The command is
+ * checked for input flags, and if necessary the argument will be converted
+ * to a numeric value. If cmd_optional is non-zero, then if the ENGINE
+ * doesn't support the given cmd_name the return value will be success
+ * anyway. This function is intended for applications to use so that users
+ * (or config files) can supply engine-specific config data to the ENGINE at
+ * run-time to control behaviour of specific engines. As such, it shouldn't
+ * be used for calling ENGINE_ctrl() functions that return data, deal with
+ * binary data, or that are otherwise supposed to be used directly through
+ * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl()
+ * operation in this function will be lost - the return value is interpreted
+ * as failure if the return value is zero, success otherwise, and this
+ * function returns a boolean value as a result. In other words, vendors of
+ * 'ENGINE'-enabled devices should write ENGINE implementations with
+ * parameterisations that work in this scheme, so that compliant ENGINE-based
+ * applications can work consistently with the same configuration for the
+ * same ENGINE-enabled devices, across applications.
+ */
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+ int cmd_optional);
+
+/*
+ * These functions are useful for manufacturing new ENGINE structures. They
+ * don't address reference counting at all - one uses them to populate an
+ * ENGINE structure with personalised implementations of things prior to
+ * using it directly or adding it to the builtin ENGINE list in OpenSSL.
+ * These are also here so that the ENGINE structure doesn't have to be
+ * exposed and break binary compatibility!
+ */
+ENGINE *ENGINE_new(void);
+int ENGINE_free(ENGINE *e);
+int ENGINE_up_ref(ENGINE *e);
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
+int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+int ENGINE_set_load_privkey_function(ENGINE *e,
+ ENGINE_LOAD_KEY_PTR loadpriv_f);
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+ ENGINE_SSL_CLIENT_CERT_PTR
+ loadssl_f);
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_flags(ENGINE *e, int flags);
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+/* These functions allow control over any per-structure ENGINE data. */
+int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+
+/*
+ * This function cleans up anything that needs it. Eg. the ENGINE_add()
+ * function automatically ensures the list cleanup function is registered to
+ * be called from ENGINE_cleanup(). Similarly, all ENGINE_register_***
+ * functions ensure ENGINE_cleanup() will clean up after them.
+ */
+void ENGINE_cleanup(void);
+
+/*
+ * These return values from within the ENGINE structure. These can be useful
+ * with functional references as well as structural references - it depends
+ * which you obtained. Using the result for functional purposes if you only
+ * obtained a structural reference may be problematic!
+ */
+const char *ENGINE_get_id(const ENGINE *e);
+const char *ENGINE_get_name(const ENGINE *e);
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
+const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
+ *e);
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+int ENGINE_get_flags(const ENGINE *e);
+
+/*
+ * FUNCTIONAL functions. These functions deal with ENGINE structures that
+ * have (or will) be initialised for use. Broadly speaking, the structural
+ * functions are useful for iterating the list of available engine types,
+ * creating new engine types, and other "list" operations. These functions
+ * actually deal with ENGINEs that are to be used. As such these functions
+ * can fail (if applicable) when particular engines are unavailable - eg. if
+ * a hardware accelerator is not attached or not functioning correctly. Each
+ * ENGINE has 2 reference counts; structural and functional. Every time a
+ * functional reference is obtained or released, a corresponding structural
+ * reference is automatically obtained or released too.
+ */
+
+/*
+ * Initialise a engine type for use (or up its reference count if it's
+ * already in use). This will fail if the engine is not currently operational
+ * and cannot initialise.
+ */
+int ENGINE_init(ENGINE *e);
+/*
+ * Free a functional reference to a engine type. This does not require a
+ * corresponding call to ENGINE_free as it also releases a structural
+ * reference.
+ */
+int ENGINE_finish(ENGINE *e);
+
+/*
+ * The following functions handle keys that are stored in some secondary
+ * location, handled by the engine. The storage may be on a card or
+ * whatever.
+ */
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+ UI_METHOD *ui_method, void *callback_data);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+ UI_METHOD *ui_method, void *callback_data);
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+ EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+ UI_METHOD *ui_method, void *callback_data);
+
+/*
+ * This returns a pointer for the current ENGINE structure that is (by
+ * default) performing any RSA operations. The value returned is an
+ * incremented reference, so it should be free'd (ENGINE_finish) before it is
+ * discarded.
+ */
+ENGINE *ENGINE_get_default_RSA(void);
+/* Same for the other "methods" */
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_ECDH(void);
+ENGINE *ENGINE_get_default_ECDSA(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+/*
+ * These functions can be used to get a functional reference to perform
+ * ciphering or digesting corresponding to "nid".
+ */
+ENGINE *ENGINE_get_cipher_engine(int nid);
+ENGINE *ENGINE_get_digest_engine(int nid);
+
+/*
+ * This sets a new default ENGINE structure for performing RSA operations. If
+ * the result is non-zero (success) then the ENGINE structure will have had
+ * its reference count up'd so the caller should still free their own
+ * reference 'e'.
+ */
+int ENGINE_set_default_RSA(ENGINE *e);
+int ENGINE_set_default_string(ENGINE *e, const char *def_list);
+/* Same for the other "methods" */
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_ECDH(ENGINE *e);
+int ENGINE_set_default_ECDSA(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_ciphers(ENGINE *e);
+int ENGINE_set_default_digests(ENGINE *e);
+
+/*
+ * The combination "set" - the flags are bitwise "OR"d from the
+ * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
+ * function, this function can result in unnecessary static linkage. If your
+ * application requires only specific functionality, consider using more
+ * selective functions.
+ */
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+void ENGINE_add_conf_module(void);
+
+/* Deprecated functions ... */
+/* int ENGINE_clear_defaults(void); */
+
+/**************************/
+/* DYNAMIC ENGINE SUPPORT */
+/**************************/
+
+/* Binary/behaviour compatibility levels */
+# define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000
+/*
+ * Binary versions older than this are too old for us (whether we're a loader
+ * or a loadee)
+ */
+# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000
+
+/*
+ * When compiling an ENGINE entirely as an external shared library, loadable
+ * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns'
+ * structure type provides the calling application's (or library's) error
+ * functionality and memory management function pointers to the loaded
+ * library. These should be used/set in the loaded library code so that the
+ * loading application's 'state' will be used/changed in all operations. The
+ * 'static_state' pointer allows the loaded library to know if it shares the
+ * same static data as the calling application (or library), and thus whether
+ * these callbacks need to be set or not.
+ */
+typedef void *(*dyn_MEM_malloc_cb) (size_t);
+typedef void *(*dyn_MEM_realloc_cb) (void *, size_t);
+typedef void (*dyn_MEM_free_cb) (void *);
+typedef struct st_dynamic_MEM_fns {
+ dyn_MEM_malloc_cb malloc_cb;
+ dyn_MEM_realloc_cb realloc_cb;
+ dyn_MEM_free_cb free_cb;
+} dynamic_MEM_fns;
+/*
+ * FIXME: Perhaps the memory and locking code (crypto.h) should declare and
+ * use these types so we (and any other dependant code) can simplify a bit??
+ */
+typedef void (*dyn_lock_locking_cb) (int, int, const char *, int);
+typedef int (*dyn_lock_add_lock_cb) (int *, int, int, const char *, int);
+typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb) (const char *,
+ int);
+typedef void (*dyn_dynlock_lock_cb) (int, struct CRYPTO_dynlock_value *,
+ const char *, int);
+typedef void (*dyn_dynlock_destroy_cb) (struct CRYPTO_dynlock_value *,
+ const char *, int);
+typedef struct st_dynamic_LOCK_fns {
+ dyn_lock_locking_cb lock_locking_cb;
+ dyn_lock_add_lock_cb lock_add_lock_cb;
+ dyn_dynlock_create_cb dynlock_create_cb;
+ dyn_dynlock_lock_cb dynlock_lock_cb;
+ dyn_dynlock_destroy_cb dynlock_destroy_cb;
+} dynamic_LOCK_fns;
+/* The top-level structure */
+typedef struct st_dynamic_fns {
+ void *static_state;
+ const ERR_FNS *err_fns;
+ const CRYPTO_EX_DATA_IMPL *ex_data_fns;
+ dynamic_MEM_fns mem_fns;
+ dynamic_LOCK_fns lock_fns;
+} dynamic_fns;
+
+/*
+ * The version checking function should be of this prototype. NB: The
+ * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading
+ * code. If this function returns zero, it indicates a (potential) version
+ * incompatibility and the loaded library doesn't believe it can proceed.
+ * Otherwise, the returned value is the (latest) version supported by the
+ * loading library. The loader may still decide that the loaded code's
+ * version is unsatisfactory and could veto the load. The function is
+ * expected to be implemented with the symbol name "v_check", and a default
+ * implementation can be fully instantiated with
+ * IMPLEMENT_DYNAMIC_CHECK_FN().
+ */
+typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version);
+# define IMPLEMENT_DYNAMIC_CHECK_FN() \
+ OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
+ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
+ return 0; }
+
+/*
+ * This function is passed the ENGINE structure to initialise with its own
+ * function and command settings. It should not adjust the structural or
+ * functional reference counts. If this function returns zero, (a) the load
+ * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto
+ * the structure, and (c) the shared library will be unloaded. So
+ * implementations should do their own internal cleanup in failure
+ * circumstances otherwise they could leak. The 'id' parameter, if non-NULL,
+ * represents the ENGINE id that the loader is looking for. If this is NULL,
+ * the shared library can choose to return failure or to initialise a
+ * 'default' ENGINE. If non-NULL, the shared library must initialise only an
+ * ENGINE matching the passed 'id'. The function is expected to be
+ * implemented with the symbol name "bind_engine". A standard implementation
+ * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter
+ * 'fn' is a callback function that populates the ENGINE structure and
+ * returns an int value (zero for failure). 'fn' should have prototype;
+ * [static] int fn(ENGINE *e, const char *id);
+ */
+typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
+ const dynamic_fns *fns);
+# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+ OPENSSL_EXPORT \
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
+ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
+ fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
+ return 0; \
+ CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
+ CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
+ CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
+ CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
+ CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
+ if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
+ return 0; \
+ if(!ERR_set_implementation(fns->err_fns)) return 0; \
+ skip_cbs: \
+ if(!fn(e,id)) return 0; \
+ return 1; }
+
+/*
+ * If the loading application (or library) and the loaded ENGINE library
+ * share the same static data (eg. they're both dynamically linked to the
+ * same libcrypto.so) we need a way to avoid trying to set system callbacks -
+ * this would fail, and for the same reason that it's unnecessary to try. If
+ * the loaded ENGINE has (or gets from through the loader) its own copy of
+ * the libcrypto static data, we will need to set the callbacks. The easiest
+ * way to detect this is to have a function that returns a pointer to some
+ * static data and let the loading application and loaded ENGINE compare
+ * their respective values.
+ */
+void *ENGINE_get_static_state(void);
+
+# if defined(__OpenBSD__) || defined(__FreeBSD__)
+void ENGINE_setup_bsd_cryptodev(void);
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ENGINE_strings(void);
+
+/* Error codes for the ENGINE functions. */
+
+/* Function codes. */
+# define ENGINE_F_DYNAMIC_CTRL 180
+# define ENGINE_F_DYNAMIC_GET_DATA_CTX 181
+# define ENGINE_F_DYNAMIC_LOAD 182
+# define ENGINE_F_DYNAMIC_SET_DATA_CTX 183
+# define ENGINE_F_ENGINE_ADD 105
+# define ENGINE_F_ENGINE_BY_ID 106
+# define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170
+# define ENGINE_F_ENGINE_CTRL 142
+# define ENGINE_F_ENGINE_CTRL_CMD 178
+# define ENGINE_F_ENGINE_CTRL_CMD_STRING 171
+# define ENGINE_F_ENGINE_FINISH 107
+# define ENGINE_F_ENGINE_FREE_UTIL 108
+# define ENGINE_F_ENGINE_GET_CIPHER 185
+# define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177
+# define ENGINE_F_ENGINE_GET_DIGEST 186
+# define ENGINE_F_ENGINE_GET_NEXT 115
+# define ENGINE_F_ENGINE_GET_PREV 116
+# define ENGINE_F_ENGINE_INIT 119
+# define ENGINE_F_ENGINE_LIST_ADD 120
+# define ENGINE_F_ENGINE_LIST_REMOVE 121
+# define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150
+# define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151
+# define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 192
+# define ENGINE_F_ENGINE_NEW 122
+# define ENGINE_F_ENGINE_REMOVE 123
+# define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189
+# define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126
+# define ENGINE_F_ENGINE_SET_ID 129
+# define ENGINE_F_ENGINE_SET_NAME 130
+# define ENGINE_F_ENGINE_TABLE_REGISTER 184
+# define ENGINE_F_ENGINE_UNLOAD_KEY 152
+# define ENGINE_F_ENGINE_UNLOCKED_FINISH 191
+# define ENGINE_F_ENGINE_UP_REF 190
+# define ENGINE_F_INT_CTRL_HELPER 172
+# define ENGINE_F_INT_ENGINE_CONFIGURE 188
+# define ENGINE_F_INT_ENGINE_MODULE_INIT 187
+# define ENGINE_F_LOG_MESSAGE 141
+
+/* Reason codes. */
+# define ENGINE_R_ALREADY_LOADED 100
+# define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133
+# define ENGINE_R_CMD_NOT_EXECUTABLE 134
+# define ENGINE_R_COMMAND_TAKES_INPUT 135
+# define ENGINE_R_COMMAND_TAKES_NO_INPUT 136
+# define ENGINE_R_CONFLICTING_ENGINE_ID 103
+# define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119
+# define ENGINE_R_DH_NOT_IMPLEMENTED 139
+# define ENGINE_R_DSA_NOT_IMPLEMENTED 140
+# define ENGINE_R_DSO_FAILURE 104
+# define ENGINE_R_DSO_NOT_FOUND 132
+# define ENGINE_R_ENGINES_SECTION_ERROR 148
+# define ENGINE_R_ENGINE_CONFIGURATION_ERROR 101
+# define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105
+# define ENGINE_R_ENGINE_SECTION_ERROR 149
+# define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128
+# define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129
+# define ENGINE_R_FINISH_FAILED 106
+# define ENGINE_R_GET_HANDLE_FAILED 107
+# define ENGINE_R_ID_OR_NAME_MISSING 108
+# define ENGINE_R_INIT_FAILED 109
+# define ENGINE_R_INTERNAL_LIST_ERROR 110
+# define ENGINE_R_INVALID_ARGUMENT 143
+# define ENGINE_R_INVALID_CMD_NAME 137
+# define ENGINE_R_INVALID_CMD_NUMBER 138
+# define ENGINE_R_INVALID_INIT_VALUE 151
+# define ENGINE_R_INVALID_STRING 150
+# define ENGINE_R_NOT_INITIALISED 117
+# define ENGINE_R_NOT_LOADED 112
+# define ENGINE_R_NO_CONTROL_FUNCTION 120
+# define ENGINE_R_NO_INDEX 144
+# define ENGINE_R_NO_LOAD_FUNCTION 125
+# define ENGINE_R_NO_REFERENCE 130
+# define ENGINE_R_NO_SUCH_ENGINE 116
+# define ENGINE_R_NO_UNLOAD_FUNCTION 126
+# define ENGINE_R_PROVIDE_PARAMETERS 113
+# define ENGINE_R_RSA_NOT_IMPLEMENTED 141
+# define ENGINE_R_UNIMPLEMENTED_CIPHER 146
+# define ENGINE_R_UNIMPLEMENTED_DIGEST 147
+# define ENGINE_R_VERSION_INCOMPATIBILITY 145
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/enginetest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/enginetest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/enginetest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,283 +0,0 @@
-/* crypto/engine/enginetest.c */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/e_os2.h>
-
-#ifdef OPENSSL_NO_ENGINE
-int main(int argc, char *argv[])
-{
- printf("No ENGINE support\n");
- return(0);
-}
-#else
-#include <openssl/buffer.h>
-#include <openssl/crypto.h>
-#include <openssl/engine.h>
-#include <openssl/err.h>
-
-static void display_engine_list(void)
- {
- ENGINE *h;
- int loop;
-
- h = ENGINE_get_first();
- loop = 0;
- printf("listing available engine types\n");
- while(h)
- {
- printf("engine %i, id = \"%s\", name = \"%s\"\n",
- loop++, ENGINE_get_id(h), ENGINE_get_name(h));
- h = ENGINE_get_next(h);
- }
- printf("end of list\n");
- /* ENGINE_get_first() increases the struct_ref counter, so we
- must call ENGINE_free() to decrease it again */
- ENGINE_free(h);
- }
-
-int main(int argc, char *argv[])
- {
- ENGINE *block[512];
- char buf[256];
- const char *id, *name;
- ENGINE *ptr;
- int loop;
- int to_return = 1;
- ENGINE *new_h1 = NULL;
- ENGINE *new_h2 = NULL;
- ENGINE *new_h3 = NULL;
- ENGINE *new_h4 = NULL;
-
- /* enable memory leak checking unless explicitly disabled */
- if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
- {
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- }
- else
- {
- /* OPENSSL_DEBUG_MEMORY=off */
- CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
- }
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
- ERR_load_crypto_strings();
-
- memset(block, 0, 512 * sizeof(ENGINE *));
- if(((new_h1 = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(new_h1, "test_id0") ||
- !ENGINE_set_name(new_h1, "First test item") ||
- ((new_h2 = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(new_h2, "test_id1") ||
- !ENGINE_set_name(new_h2, "Second test item") ||
- ((new_h3 = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(new_h3, "test_id2") ||
- !ENGINE_set_name(new_h3, "Third test item") ||
- ((new_h4 = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(new_h4, "test_id3") ||
- !ENGINE_set_name(new_h4, "Fourth test item"))
- {
- printf("Couldn't set up test ENGINE structures\n");
- goto end;
- }
- printf("\nenginetest beginning\n\n");
- display_engine_list();
- if(!ENGINE_add(new_h1))
- {
- printf("Add failed!\n");
- goto end;
- }
- display_engine_list();
- ptr = ENGINE_get_first();
- if(!ENGINE_remove(ptr))
- {
- printf("Remove failed!\n");
- goto end;
- }
- if (ptr)
- ENGINE_free(ptr);
- display_engine_list();
- if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
- {
- printf("Add failed!\n");
- goto end;
- }
- display_engine_list();
- if(!ENGINE_remove(new_h2))
- {
- printf("Remove failed!\n");
- goto end;
- }
- display_engine_list();
- if(!ENGINE_add(new_h4))
- {
- printf("Add failed!\n");
- goto end;
- }
- display_engine_list();
- if(ENGINE_add(new_h3))
- {
- printf("Add *should* have failed but didn't!\n");
- goto end;
- }
- else
- printf("Add that should fail did.\n");
- ERR_clear_error();
- if(ENGINE_remove(new_h2))
- {
- printf("Remove *should* have failed but didn't!\n");
- goto end;
- }
- else
- printf("Remove that should fail did.\n");
- ERR_clear_error();
- if(!ENGINE_remove(new_h3))
- {
- printf("Remove failed!\n");
- goto end;
- }
- display_engine_list();
- if(!ENGINE_remove(new_h4))
- {
- printf("Remove failed!\n");
- goto end;
- }
- display_engine_list();
- /* Depending on whether there's any hardware support compiled
- * in, this remove may be destined to fail. */
- ptr = ENGINE_get_first();
- if(ptr)
- if(!ENGINE_remove(ptr))
- printf("Remove failed!i - probably no hardware "
- "support present.\n");
- if (ptr)
- ENGINE_free(ptr);
- display_engine_list();
- if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
- {
- printf("Couldn't add and remove to an empty list!\n");
- goto end;
- }
- else
- printf("Successfully added and removed to an empty list!\n");
- printf("About to beef up the engine-type list\n");
- for(loop = 0; loop < 512; loop++)
- {
- sprintf(buf, "id%i", loop);
- id = BUF_strdup(buf);
- sprintf(buf, "Fake engine type %i", loop);
- name = BUF_strdup(buf);
- if(((block[loop] = ENGINE_new()) == NULL) ||
- !ENGINE_set_id(block[loop], id) ||
- !ENGINE_set_name(block[loop], name))
- {
- printf("Couldn't create block of ENGINE structures.\n"
- "I'll probably also core-dump now, damn.\n");
- goto end;
- }
- }
- for(loop = 0; loop < 512; loop++)
- {
- if(!ENGINE_add(block[loop]))
- {
- printf("\nAdding stopped at %i, (%s,%s)\n",
- loop, ENGINE_get_id(block[loop]),
- ENGINE_get_name(block[loop]));
- goto cleanup_loop;
- }
- else
- printf("."); fflush(stdout);
- }
-cleanup_loop:
- printf("\nAbout to empty the engine-type list\n");
- while((ptr = ENGINE_get_first()) != NULL)
- {
- if(!ENGINE_remove(ptr))
- {
- printf("\nRemove failed!\n");
- goto end;
- }
- ENGINE_free(ptr);
- printf("."); fflush(stdout);
- }
- for(loop = 0; loop < 512; loop++)
- {
- OPENSSL_free((void *)ENGINE_get_id(block[loop]));
- OPENSSL_free((void *)ENGINE_get_name(block[loop]));
- }
- printf("\nTests completed happily\n");
- to_return = 0;
-end:
- if(to_return)
- ERR_print_errors_fp(stderr);
- if(new_h1) ENGINE_free(new_h1);
- if(new_h2) ENGINE_free(new_h2);
- if(new_h3) ENGINE_free(new_h3);
- if(new_h4) ENGINE_free(new_h4);
- for(loop = 0; loop < 512; loop++)
- if(block[loop])
- ENGINE_free(block[loop]);
- ENGINE_cleanup();
- CRYPTO_cleanup_all_ex_data();
- ERR_free_strings();
- ERR_remove_state(0);
- CRYPTO_mem_leaks_fp(stderr);
- return to_return;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/enginetest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/enginetest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/enginetest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/enginetest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,269 @@
+/* crypto/engine/enginetest.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_NO_ENGINE
+int main(int argc, char *argv[])
+{
+ printf("No ENGINE support\n");
+ return (0);
+}
+#else
+# include <openssl/buffer.h>
+# include <openssl/crypto.h>
+# include <openssl/engine.h>
+# include <openssl/err.h>
+
+static void display_engine_list(void)
+{
+ ENGINE *h;
+ int loop;
+
+ h = ENGINE_get_first();
+ loop = 0;
+ printf("listing available engine types\n");
+ while (h) {
+ printf("engine %i, id = \"%s\", name = \"%s\"\n",
+ loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+ h = ENGINE_get_next(h);
+ }
+ printf("end of list\n");
+ /*
+ * ENGINE_get_first() increases the struct_ref counter, so we must call
+ * ENGINE_free() to decrease it again
+ */
+ ENGINE_free(h);
+}
+
+int main(int argc, char *argv[])
+{
+ ENGINE *block[512];
+ char buf[256];
+ const char *id, *name;
+ ENGINE *ptr;
+ int loop;
+ int to_return = 1;
+ ENGINE *new_h1 = NULL;
+ ENGINE *new_h2 = NULL;
+ ENGINE *new_h3 = NULL;
+ ENGINE *new_h4 = NULL;
+
+ /* enable memory leak checking unless explicitly disabled */
+ if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
+ && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ } else {
+ /* OPENSSL_DEBUG_MEMORY=off */
+ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+ }
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+ ERR_load_crypto_strings();
+
+ memset(block, 0, 512 * sizeof(ENGINE *));
+ if (((new_h1 = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(new_h1, "test_id0") ||
+ !ENGINE_set_name(new_h1, "First test item") ||
+ ((new_h2 = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(new_h2, "test_id1") ||
+ !ENGINE_set_name(new_h2, "Second test item") ||
+ ((new_h3 = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(new_h3, "test_id2") ||
+ !ENGINE_set_name(new_h3, "Third test item") ||
+ ((new_h4 = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(new_h4, "test_id3") ||
+ !ENGINE_set_name(new_h4, "Fourth test item")) {
+ printf("Couldn't set up test ENGINE structures\n");
+ goto end;
+ }
+ printf("\nenginetest beginning\n\n");
+ display_engine_list();
+ if (!ENGINE_add(new_h1)) {
+ printf("Add failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ ptr = ENGINE_get_first();
+ if (!ENGINE_remove(ptr)) {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ if (ptr)
+ ENGINE_free(ptr);
+ display_engine_list();
+ if (!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) {
+ printf("Add failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if (!ENGINE_remove(new_h2)) {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if (!ENGINE_add(new_h4)) {
+ printf("Add failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if (ENGINE_add(new_h3)) {
+ printf("Add *should* have failed but didn't!\n");
+ goto end;
+ } else
+ printf("Add that should fail did.\n");
+ ERR_clear_error();
+ if (ENGINE_remove(new_h2)) {
+ printf("Remove *should* have failed but didn't!\n");
+ goto end;
+ } else
+ printf("Remove that should fail did.\n");
+ ERR_clear_error();
+ if (!ENGINE_remove(new_h3)) {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ if (!ENGINE_remove(new_h4)) {
+ printf("Remove failed!\n");
+ goto end;
+ }
+ display_engine_list();
+ /*
+ * Depending on whether there's any hardware support compiled in, this
+ * remove may be destined to fail.
+ */
+ ptr = ENGINE_get_first();
+ if (ptr)
+ if (!ENGINE_remove(ptr))
+ printf("Remove failed!i - probably no hardware "
+ "support present.\n");
+ if (ptr)
+ ENGINE_free(ptr);
+ display_engine_list();
+ if (!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) {
+ printf("Couldn't add and remove to an empty list!\n");
+ goto end;
+ } else
+ printf("Successfully added and removed to an empty list!\n");
+ printf("About to beef up the engine-type list\n");
+ for (loop = 0; loop < 512; loop++) {
+ sprintf(buf, "id%i", loop);
+ id = BUF_strdup(buf);
+ sprintf(buf, "Fake engine type %i", loop);
+ name = BUF_strdup(buf);
+ if (((block[loop] = ENGINE_new()) == NULL) ||
+ !ENGINE_set_id(block[loop], id) ||
+ !ENGINE_set_name(block[loop], name)) {
+ printf("Couldn't create block of ENGINE structures.\n"
+ "I'll probably also core-dump now, damn.\n");
+ goto end;
+ }
+ }
+ for (loop = 0; loop < 512; loop++) {
+ if (!ENGINE_add(block[loop])) {
+ printf("\nAdding stopped at %i, (%s,%s)\n",
+ loop, ENGINE_get_id(block[loop]),
+ ENGINE_get_name(block[loop]));
+ goto cleanup_loop;
+ } else
+ printf(".");
+ fflush(stdout);
+ }
+ cleanup_loop:
+ printf("\nAbout to empty the engine-type list\n");
+ while ((ptr = ENGINE_get_first()) != NULL) {
+ if (!ENGINE_remove(ptr)) {
+ printf("\nRemove failed!\n");
+ goto end;
+ }
+ ENGINE_free(ptr);
+ printf(".");
+ fflush(stdout);
+ }
+ for (loop = 0; loop < 512; loop++) {
+ OPENSSL_free((void *)ENGINE_get_id(block[loop]));
+ OPENSSL_free((void *)ENGINE_get_name(block[loop]));
+ }
+ printf("\nTests completed happily\n");
+ to_return = 0;
+ end:
+ if (to_return)
+ ERR_print_errors_fp(stderr);
+ if (new_h1)
+ ENGINE_free(new_h1);
+ if (new_h2)
+ ENGINE_free(new_h2);
+ if (new_h3)
+ ENGINE_free(new_h3);
+ if (new_h4)
+ ENGINE_free(new_h4);
+ for (loop = 0; loop < 512; loop++)
+ if (block[loop])
+ ENGINE_free(block[loop]);
+ ENGINE_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ ERR_free_strings();
+ ERR_remove_state(0);
+ CRYPTO_mem_leaks_fp(stderr);
+ return to_return;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_cipher.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/tb_cipher.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_cipher.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,143 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
- * is used by EVP to hook in cipher code and cache defaults (etc), will display
- * brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_CIPHER_DEBUG */
-
-static ENGINE_TABLE *cipher_table = NULL;
-
-void ENGINE_unregister_ciphers(ENGINE *e)
- {
- engine_table_unregister(&cipher_table, e);
- }
-
-static void engine_unregister_all_ciphers(void)
- {
- engine_table_cleanup(&cipher_table);
- }
-
-int ENGINE_register_ciphers(ENGINE *e)
- {
- if(e->ciphers)
- {
- const int *nids;
- int num_nids = e->ciphers(e, NULL, &nids, 0);
- if(num_nids > 0)
- return engine_table_register(&cipher_table,
- engine_unregister_all_ciphers, e, nids,
- num_nids, 0);
- }
- return 1;
- }
-
-void ENGINE_register_all_ciphers()
- {
- ENGINE *e;
-
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_ciphers(e);
- }
-
-int ENGINE_set_default_ciphers(ENGINE *e)
- {
- if(e->ciphers)
- {
- const int *nids;
- int num_nids = e->ciphers(e, NULL, &nids, 0);
- if(num_nids > 0)
- return engine_table_register(&cipher_table,
- engine_unregister_all_ciphers, e, nids,
- num_nids, 1);
- }
- return 1;
- }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given cipher 'nid' */
-ENGINE *ENGINE_get_cipher_engine(int nid)
- {
- return engine_table_select(&cipher_table, nid);
- }
-
-/* Obtains a cipher implementation from an ENGINE functional reference */
-const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
- {
- const EVP_CIPHER *ret;
- ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
- if(!fn || !fn(e, &ret, NULL, nid))
- {
- ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
- ENGINE_R_UNIMPLEMENTED_CIPHER);
- return NULL;
- }
- return ret;
- }
-
-/* Gets the cipher callback from an ENGINE structure */
-ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
- {
- return e->ciphers;
- }
-
-/* Sets the cipher callback in an ENGINE structure */
-int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
- {
- e->ciphers = f;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_cipher.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/tb_cipher.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_cipher.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_cipher.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,143 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+
+/*
+ * If this symbol is defined then ENGINE_get_cipher_engine(), the function
+ * that is used by EVP to hook in cipher code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'.
+ */
+/* #define ENGINE_CIPHER_DEBUG */
+
+static ENGINE_TABLE *cipher_table = NULL;
+
+void ENGINE_unregister_ciphers(ENGINE *e)
+{
+ engine_table_unregister(&cipher_table, e);
+}
+
+static void engine_unregister_all_ciphers(void)
+{
+ engine_table_cleanup(&cipher_table);
+}
+
+int ENGINE_register_ciphers(ENGINE *e)
+{
+ if (e->ciphers) {
+ const int *nids;
+ int num_nids = e->ciphers(e, NULL, &nids, 0);
+ if (num_nids > 0)
+ return engine_table_register(&cipher_table,
+ engine_unregister_all_ciphers, e,
+ nids, num_nids, 0);
+ }
+ return 1;
+}
+
+void ENGINE_register_all_ciphers()
+{
+ ENGINE *e;
+
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_ciphers(e);
+}
+
+int ENGINE_set_default_ciphers(ENGINE *e)
+{
+ if (e->ciphers) {
+ const int *nids;
+ int num_nids = e->ciphers(e, NULL, &nids, 0);
+ if (num_nids > 0)
+ return engine_table_register(&cipher_table,
+ engine_unregister_all_ciphers, e,
+ nids, num_nids, 1);
+ }
+ return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid'
+ */
+ENGINE *ENGINE_get_cipher_engine(int nid)
+{
+ return engine_table_select(&cipher_table, nid);
+}
+
+/* Obtains a cipher implementation from an ENGINE functional reference */
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
+{
+ const EVP_CIPHER *ret;
+ ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
+ if (!fn || !fn(e, &ret, NULL, nid)) {
+ ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER, ENGINE_R_UNIMPLEMENTED_CIPHER);
+ return NULL;
+ }
+ return ret;
+}
+
+/* Gets the cipher callback from an ENGINE structure */
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
+{
+ return e->ciphers;
+}
+
+/* Sets the cipher callback in an ENGINE structure */
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
+{
+ e->ciphers = f;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dh.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/tb_dh.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dh.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,118 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
- * used by DH to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_DH_DEBUG */
-
-static ENGINE_TABLE *dh_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_DH(ENGINE *e)
- {
- engine_table_unregister(&dh_table, e);
- }
-
-static void engine_unregister_all_DH(void)
- {
- engine_table_cleanup(&dh_table);
- }
-
-int ENGINE_register_DH(ENGINE *e)
- {
- if(e->dh_meth)
- return engine_table_register(&dh_table,
- engine_unregister_all_DH, e, &dummy_nid, 1, 0);
- return 1;
- }
-
-void ENGINE_register_all_DH()
- {
- ENGINE *e;
-
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_DH(e);
- }
-
-int ENGINE_set_default_DH(ENGINE *e)
- {
- if(e->dh_meth)
- return engine_table_register(&dh_table,
- engine_unregister_all_DH, e, &dummy_nid, 1, 1);
- return 1;
- }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_DH(void)
- {
- return engine_table_select(&dh_table, dummy_nid);
- }
-
-/* Obtains an DH implementation from an ENGINE functional reference */
-const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
- {
- return e->dh_meth;
- }
-
-/* Sets an DH implementation in an ENGINE structure */
-int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
- {
- e->dh_meth = dh_meth;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dh.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/tb_dh.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dh.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dh.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,124 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+
+/*
+ * If this symbol is defined then ENGINE_get_default_DH(), the function that
+ * is used by DH to hook in implementation code and cache defaults (etc),
+ * will display brief debugging summaries to stderr with the 'nid'.
+ */
+/* #define ENGINE_DH_DEBUG */
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DH(ENGINE *e)
+{
+ engine_table_unregister(&dh_table, e);
+}
+
+static void engine_unregister_all_DH(void)
+{
+ engine_table_cleanup(&dh_table);
+}
+
+int ENGINE_register_DH(ENGINE *e)
+{
+ if (e->dh_meth)
+ return engine_table_register(&dh_table,
+ engine_unregister_all_DH, e, &dummy_nid,
+ 1, 0);
+ return 1;
+}
+
+void ENGINE_register_all_DH()
+{
+ ENGINE *e;
+
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_DH(e);
+}
+
+int ENGINE_set_default_DH(ENGINE *e)
+{
+ if (e->dh_meth)
+ return engine_table_register(&dh_table,
+ engine_unregister_all_DH, e, &dummy_nid,
+ 1, 1);
+ return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_DH(void)
+{
+ return engine_table_select(&dh_table, dummy_nid);
+}
+
+/* Obtains an DH implementation from an ENGINE functional reference */
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
+{
+ return e->dh_meth;
+}
+
+/* Sets an DH implementation in an ENGINE structure */
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
+{
+ e->dh_meth = dh_meth;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_digest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/tb_digest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_digest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,143 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
- * is used by EVP to hook in digest code and cache defaults (etc), will display
- * brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_DIGEST_DEBUG */
-
-static ENGINE_TABLE *digest_table = NULL;
-
-void ENGINE_unregister_digests(ENGINE *e)
- {
- engine_table_unregister(&digest_table, e);
- }
-
-static void engine_unregister_all_digests(void)
- {
- engine_table_cleanup(&digest_table);
- }
-
-int ENGINE_register_digests(ENGINE *e)
- {
- if(e->digests)
- {
- const int *nids;
- int num_nids = e->digests(e, NULL, &nids, 0);
- if(num_nids > 0)
- return engine_table_register(&digest_table,
- engine_unregister_all_digests, e, nids,
- num_nids, 0);
- }
- return 1;
- }
-
-void ENGINE_register_all_digests()
- {
- ENGINE *e;
-
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_digests(e);
- }
-
-int ENGINE_set_default_digests(ENGINE *e)
- {
- if(e->digests)
- {
- const int *nids;
- int num_nids = e->digests(e, NULL, &nids, 0);
- if(num_nids > 0)
- return engine_table_register(&digest_table,
- engine_unregister_all_digests, e, nids,
- num_nids, 1);
- }
- return 1;
- }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given digest 'nid' */
-ENGINE *ENGINE_get_digest_engine(int nid)
- {
- return engine_table_select(&digest_table, nid);
- }
-
-/* Obtains a digest implementation from an ENGINE functional reference */
-const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
- {
- const EVP_MD *ret;
- ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
- if(!fn || !fn(e, &ret, NULL, nid))
- {
- ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
- ENGINE_R_UNIMPLEMENTED_DIGEST);
- return NULL;
- }
- return ret;
- }
-
-/* Gets the digest callback from an ENGINE structure */
-ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
- {
- return e->digests;
- }
-
-/* Sets the digest callback in an ENGINE structure */
-int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
- {
- e->digests = f;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_digest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/tb_digest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_digest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_digest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,143 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+
+/*
+ * If this symbol is defined then ENGINE_get_digest_engine(), the function
+ * that is used by EVP to hook in digest code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'.
+ */
+/* #define ENGINE_DIGEST_DEBUG */
+
+static ENGINE_TABLE *digest_table = NULL;
+
+void ENGINE_unregister_digests(ENGINE *e)
+{
+ engine_table_unregister(&digest_table, e);
+}
+
+static void engine_unregister_all_digests(void)
+{
+ engine_table_cleanup(&digest_table);
+}
+
+int ENGINE_register_digests(ENGINE *e)
+{
+ if (e->digests) {
+ const int *nids;
+ int num_nids = e->digests(e, NULL, &nids, 0);
+ if (num_nids > 0)
+ return engine_table_register(&digest_table,
+ engine_unregister_all_digests, e,
+ nids, num_nids, 0);
+ }
+ return 1;
+}
+
+void ENGINE_register_all_digests()
+{
+ ENGINE *e;
+
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_digests(e);
+}
+
+int ENGINE_set_default_digests(ENGINE *e)
+{
+ if (e->digests) {
+ const int *nids;
+ int num_nids = e->digests(e, NULL, &nids, 0);
+ if (num_nids > 0)
+ return engine_table_register(&digest_table,
+ engine_unregister_all_digests, e,
+ nids, num_nids, 1);
+ }
+ return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given digest 'nid'
+ */
+ENGINE *ENGINE_get_digest_engine(int nid)
+{
+ return engine_table_select(&digest_table, nid);
+}
+
+/* Obtains a digest implementation from an ENGINE functional reference */
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
+{
+ const EVP_MD *ret;
+ ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
+ if (!fn || !fn(e, &ret, NULL, nid)) {
+ ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST, ENGINE_R_UNIMPLEMENTED_DIGEST);
+ return NULL;
+ }
+ return ret;
+}
+
+/* Gets the digest callback from an ENGINE structure */
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
+{
+ return e->digests;
+}
+
+/* Sets the digest callback in an ENGINE structure */
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
+{
+ e->digests = f;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dsa.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/tb_dsa.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,118 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
- * used by DSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_DSA_DEBUG */
-
-static ENGINE_TABLE *dsa_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_DSA(ENGINE *e)
- {
- engine_table_unregister(&dsa_table, e);
- }
-
-static void engine_unregister_all_DSA(void)
- {
- engine_table_cleanup(&dsa_table);
- }
-
-int ENGINE_register_DSA(ENGINE *e)
- {
- if(e->dsa_meth)
- return engine_table_register(&dsa_table,
- engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
- return 1;
- }
-
-void ENGINE_register_all_DSA()
- {
- ENGINE *e;
-
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_DSA(e);
- }
-
-int ENGINE_set_default_DSA(ENGINE *e)
- {
- if(e->dsa_meth)
- return engine_table_register(&dsa_table,
- engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
- return 1;
- }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_DSA(void)
- {
- return engine_table_select(&dsa_table, dummy_nid);
- }
-
-/* Obtains an DSA implementation from an ENGINE functional reference */
-const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
- {
- return e->dsa_meth;
- }
-
-/* Sets an DSA implementation in an ENGINE structure */
-int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
- {
- e->dsa_meth = dsa_meth;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dsa.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/tb_dsa.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dsa.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_dsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,124 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+
+/*
+ * If this symbol is defined then ENGINE_get_default_DSA(), the function that
+ * is used by DSA to hook in implementation code and cache defaults (etc),
+ * will display brief debugging summaries to stderr with the 'nid'.
+ */
+/* #define ENGINE_DSA_DEBUG */
+
+static ENGINE_TABLE *dsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DSA(ENGINE *e)
+{
+ engine_table_unregister(&dsa_table, e);
+}
+
+static void engine_unregister_all_DSA(void)
+{
+ engine_table_cleanup(&dsa_table);
+}
+
+int ENGINE_register_DSA(ENGINE *e)
+{
+ if (e->dsa_meth)
+ return engine_table_register(&dsa_table,
+ engine_unregister_all_DSA, e, &dummy_nid,
+ 1, 0);
+ return 1;
+}
+
+void ENGINE_register_all_DSA()
+{
+ ENGINE *e;
+
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_DSA(e);
+}
+
+int ENGINE_set_default_DSA(ENGINE *e)
+{
+ if (e->dsa_meth)
+ return engine_table_register(&dsa_table,
+ engine_unregister_all_DSA, e, &dummy_nid,
+ 1, 1);
+ return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_DSA(void)
+{
+ return engine_table_select(&dsa_table, dummy_nid);
+}
+
+/* Obtains an DSA implementation from an ENGINE functional reference */
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
+{
+ return e->dsa_meth;
+}
+
+/* Sets an DSA implementation in an ENGINE structure */
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
+{
+ e->dsa_meth = dsa_meth;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdh.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/tb_ecdh.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdh.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,133 +0,0 @@
-/* crypto/engine/tb_ecdh.c */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
- * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
- * to the OpenSSL project.
- *
- * The ECC Code is licensed pursuant to the OpenSSL open source
- * license provided below.
- *
- * The ECDH engine software is originally written by Nils Gura and
- * Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_ECDH(), the function that is
- * used by ECDH to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_ECDH_DEBUG */
-
-static ENGINE_TABLE *ecdh_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_ECDH(ENGINE *e)
- {
- engine_table_unregister(&ecdh_table, e);
- }
-
-static void engine_unregister_all_ECDH(void)
- {
- engine_table_cleanup(&ecdh_table);
- }
-
-int ENGINE_register_ECDH(ENGINE *e)
- {
- if(e->ecdh_meth)
- return engine_table_register(&ecdh_table,
- engine_unregister_all_ECDH, e, &dummy_nid, 1, 0);
- return 1;
- }
-
-void ENGINE_register_all_ECDH()
- {
- ENGINE *e;
-
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_ECDH(e);
- }
-
-int ENGINE_set_default_ECDH(ENGINE *e)
- {
- if(e->ecdh_meth)
- return engine_table_register(&ecdh_table,
- engine_unregister_all_ECDH, e, &dummy_nid, 1, 1);
- return 1;
- }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_ECDH(void)
- {
- return engine_table_select(&ecdh_table, dummy_nid);
- }
-
-/* Obtains an ECDH implementation from an ENGINE functional reference */
-const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e)
- {
- return e->ecdh_meth;
- }
-
-/* Sets an ECDH implementation in an ENGINE structure */
-int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth)
- {
- e->ecdh_meth = ecdh_meth;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdh.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/tb_ecdh.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdh.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdh.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,139 @@
+/* crypto/engine/tb_ecdh.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH engine software is originally written by Nils Gura and
+ * Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+
+/*
+ * If this symbol is defined then ENGINE_get_default_ECDH(), the function
+ * that is used by ECDH to hook in implementation code and cache defaults
+ * (etc), will display brief debugging summaries to stderr with the 'nid'.
+ */
+/* #define ENGINE_ECDH_DEBUG */
+
+static ENGINE_TABLE *ecdh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_ECDH(ENGINE *e)
+{
+ engine_table_unregister(&ecdh_table, e);
+}
+
+static void engine_unregister_all_ECDH(void)
+{
+ engine_table_cleanup(&ecdh_table);
+}
+
+int ENGINE_register_ECDH(ENGINE *e)
+{
+ if (e->ecdh_meth)
+ return engine_table_register(&ecdh_table,
+ engine_unregister_all_ECDH, e,
+ &dummy_nid, 1, 0);
+ return 1;
+}
+
+void ENGINE_register_all_ECDH()
+{
+ ENGINE *e;
+
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_ECDH(e);
+}
+
+int ENGINE_set_default_ECDH(ENGINE *e)
+{
+ if (e->ecdh_meth)
+ return engine_table_register(&ecdh_table,
+ engine_unregister_all_ECDH, e,
+ &dummy_nid, 1, 1);
+ return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_ECDH(void)
+{
+ return engine_table_select(&ecdh_table, dummy_nid);
+}
+
+/* Obtains an ECDH implementation from an ENGINE functional reference */
+const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e)
+{
+ return e->ecdh_meth;
+}
+
+/* Sets an ECDH implementation in an ENGINE structure */
+int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth)
+{
+ e->ecdh_meth = ecdh_meth;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdsa.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/tb_ecdsa.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,118 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_ECDSA(), the function that is
- * used by ECDSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_ECDSA_DEBUG */
-
-static ENGINE_TABLE *ecdsa_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_ECDSA(ENGINE *e)
- {
- engine_table_unregister(&ecdsa_table, e);
- }
-
-static void engine_unregister_all_ECDSA(void)
- {
- engine_table_cleanup(&ecdsa_table);
- }
-
-int ENGINE_register_ECDSA(ENGINE *e)
- {
- if(e->ecdsa_meth)
- return engine_table_register(&ecdsa_table,
- engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0);
- return 1;
- }
-
-void ENGINE_register_all_ECDSA()
- {
- ENGINE *e;
-
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_ECDSA(e);
- }
-
-int ENGINE_set_default_ECDSA(ENGINE *e)
- {
- if(e->ecdsa_meth)
- return engine_table_register(&ecdsa_table,
- engine_unregister_all_ECDSA, e, &dummy_nid, 1, 1);
- return 1;
- }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_ECDSA(void)
- {
- return engine_table_select(&ecdsa_table, dummy_nid);
- }
-
-/* Obtains an ECDSA implementation from an ENGINE functional reference */
-const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e)
- {
- return e->ecdsa_meth;
- }
-
-/* Sets an ECDSA implementation in an ENGINE structure */
-int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth)
- {
- e->ecdsa_meth = ecdsa_meth;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdsa.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/tb_ecdsa.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdsa.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_ecdsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,124 @@
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+
+/*
+ * If this symbol is defined then ENGINE_get_default_ECDSA(), the function
+ * that is used by ECDSA to hook in implementation code and cache defaults
+ * (etc), will display brief debugging summaries to stderr with the 'nid'.
+ */
+/* #define ENGINE_ECDSA_DEBUG */
+
+static ENGINE_TABLE *ecdsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_ECDSA(ENGINE *e)
+{
+ engine_table_unregister(&ecdsa_table, e);
+}
+
+static void engine_unregister_all_ECDSA(void)
+{
+ engine_table_cleanup(&ecdsa_table);
+}
+
+int ENGINE_register_ECDSA(ENGINE *e)
+{
+ if (e->ecdsa_meth)
+ return engine_table_register(&ecdsa_table,
+ engine_unregister_all_ECDSA, e,
+ &dummy_nid, 1, 0);
+ return 1;
+}
+
+void ENGINE_register_all_ECDSA()
+{
+ ENGINE *e;
+
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_ECDSA(e);
+}
+
+int ENGINE_set_default_ECDSA(ENGINE *e)
+{
+ if (e->ecdsa_meth)
+ return engine_table_register(&ecdsa_table,
+ engine_unregister_all_ECDSA, e,
+ &dummy_nid, 1, 1);
+ return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_ECDSA(void)
+{
+ return engine_table_select(&ecdsa_table, dummy_nid);
+}
+
+/* Obtains an ECDSA implementation from an ENGINE functional reference */
+const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e)
+{
+ return e->ecdsa_meth;
+}
+
+/* Sets an ECDSA implementation in an ENGINE structure */
+int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth)
+{
+ e->ecdsa_meth = ecdsa_meth;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rand.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/tb_rand.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,118 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
- * used by RAND to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_RAND_DEBUG */
-
-static ENGINE_TABLE *rand_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_RAND(ENGINE *e)
- {
- engine_table_unregister(&rand_table, e);
- }
-
-static void engine_unregister_all_RAND(void)
- {
- engine_table_cleanup(&rand_table);
- }
-
-int ENGINE_register_RAND(ENGINE *e)
- {
- if(e->rand_meth)
- return engine_table_register(&rand_table,
- engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
- return 1;
- }
-
-void ENGINE_register_all_RAND()
- {
- ENGINE *e;
-
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_RAND(e);
- }
-
-int ENGINE_set_default_RAND(ENGINE *e)
- {
- if(e->rand_meth)
- return engine_table_register(&rand_table,
- engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
- return 1;
- }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_RAND(void)
- {
- return engine_table_select(&rand_table, dummy_nid);
- }
-
-/* Obtains an RAND implementation from an ENGINE functional reference */
-const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
- {
- return e->rand_meth;
- }
-
-/* Sets an RAND implementation in an ENGINE structure */
-int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
- {
- e->rand_meth = rand_meth;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rand.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/tb_rand.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rand.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,124 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+
+/*
+ * If this symbol is defined then ENGINE_get_default_RAND(), the function
+ * that is used by RAND to hook in implementation code and cache defaults
+ * (etc), will display brief debugging summaries to stderr with the 'nid'.
+ */
+/* #define ENGINE_RAND_DEBUG */
+
+static ENGINE_TABLE *rand_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RAND(ENGINE *e)
+{
+ engine_table_unregister(&rand_table, e);
+}
+
+static void engine_unregister_all_RAND(void)
+{
+ engine_table_cleanup(&rand_table);
+}
+
+int ENGINE_register_RAND(ENGINE *e)
+{
+ if (e->rand_meth)
+ return engine_table_register(&rand_table,
+ engine_unregister_all_RAND, e,
+ &dummy_nid, 1, 0);
+ return 1;
+}
+
+void ENGINE_register_all_RAND()
+{
+ ENGINE *e;
+
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_RAND(e);
+}
+
+int ENGINE_set_default_RAND(ENGINE *e)
+{
+ if (e->rand_meth)
+ return engine_table_register(&rand_table,
+ engine_unregister_all_RAND, e,
+ &dummy_nid, 1, 1);
+ return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_RAND(void)
+{
+ return engine_table_select(&rand_table, dummy_nid);
+}
+
+/* Obtains an RAND implementation from an ENGINE functional reference */
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
+{
+ return e->rand_meth;
+}
+
+/* Sets an RAND implementation in an ENGINE structure */
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
+{
+ e->rand_meth = rand_meth;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rsa.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/tb_rsa.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,118 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
- * used by RSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_RSA_DEBUG */
-
-static ENGINE_TABLE *rsa_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_RSA(ENGINE *e)
- {
- engine_table_unregister(&rsa_table, e);
- }
-
-static void engine_unregister_all_RSA(void)
- {
- engine_table_cleanup(&rsa_table);
- }
-
-int ENGINE_register_RSA(ENGINE *e)
- {
- if(e->rsa_meth)
- return engine_table_register(&rsa_table,
- engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
- return 1;
- }
-
-void ENGINE_register_all_RSA()
- {
- ENGINE *e;
-
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_RSA(e);
- }
-
-int ENGINE_set_default_RSA(ENGINE *e)
- {
- if(e->rsa_meth)
- return engine_table_register(&rsa_table,
- engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
- return 1;
- }
-
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_RSA(void)
- {
- return engine_table_select(&rsa_table, dummy_nid);
- }
-
-/* Obtains an RSA implementation from an ENGINE functional reference */
-const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
- {
- return e->rsa_meth;
- }
-
-/* Sets an RSA implementation in an ENGINE structure */
-int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
- {
- e->rsa_meth = rsa_meth;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rsa.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/tb_rsa.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rsa.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_rsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,124 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+
+/*
+ * If this symbol is defined then ENGINE_get_default_RSA(), the function that
+ * is used by RSA to hook in implementation code and cache defaults (etc),
+ * will display brief debugging summaries to stderr with the 'nid'.
+ */
+/* #define ENGINE_RSA_DEBUG */
+
+static ENGINE_TABLE *rsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RSA(ENGINE *e)
+{
+ engine_table_unregister(&rsa_table, e);
+}
+
+static void engine_unregister_all_RSA(void)
+{
+ engine_table_cleanup(&rsa_table);
+}
+
+int ENGINE_register_RSA(ENGINE *e)
+{
+ if (e->rsa_meth)
+ return engine_table_register(&rsa_table,
+ engine_unregister_all_RSA, e, &dummy_nid,
+ 1, 0);
+ return 1;
+}
+
+void ENGINE_register_all_RSA()
+{
+ ENGINE *e;
+
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_RSA(e);
+}
+
+int ENGINE_set_default_RSA(ENGINE *e)
+{
+ if (e->rsa_meth)
+ return engine_table_register(&rsa_table,
+ engine_unregister_all_RSA, e, &dummy_nid,
+ 1, 1);
+ return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_RSA(void)
+{
+ return engine_table_select(&rsa_table, dummy_nid);
+}
+
+/* Obtains an RSA implementation from an ENGINE functional reference */
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
+{
+ return e->rsa_meth;
+}
+
+/* Sets an RSA implementation in an ENGINE structure */
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
+{
+ e->rsa_meth = rsa_meth;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_store.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/engine/tb_store.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_store.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,123 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "eng_int.h"
-
-/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is
- * used by STORE to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_STORE_DEBUG */
-
-static ENGINE_TABLE *store_table = NULL;
-static const int dummy_nid = 1;
-
-void ENGINE_unregister_STORE(ENGINE *e)
- {
- engine_table_unregister(&store_table, e);
- }
-
-static void engine_unregister_all_STORE(void)
- {
- engine_table_cleanup(&store_table);
- }
-
-int ENGINE_register_STORE(ENGINE *e)
- {
- if(e->store_meth)
- return engine_table_register(&store_table,
- engine_unregister_all_STORE, e, &dummy_nid, 1, 0);
- return 1;
- }
-
-void ENGINE_register_all_STORE()
- {
- ENGINE *e;
-
- for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
- ENGINE_register_STORE(e);
- }
-
-/* The following two functions are removed because they're useless. */
-#if 0
-int ENGINE_set_default_STORE(ENGINE *e)
- {
- if(e->store_meth)
- return engine_table_register(&store_table,
- engine_unregister_all_STORE, e, &dummy_nid, 1, 1);
- return 1;
- }
-#endif
-
-#if 0
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *ENGINE_get_default_STORE(void)
- {
- return engine_table_select(&store_table, dummy_nid);
- }
-#endif
-
-/* Obtains an STORE implementation from an ENGINE functional reference */
-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e)
- {
- return e->store_meth;
- }
-
-/* Sets an STORE implementation in an ENGINE structure */
-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth)
- {
- e->store_meth = store_meth;
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_store.c (from rev 6976, vendor-crypto/openssl/dist/crypto/engine/tb_store.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_store.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/engine/tb_store.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,129 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "eng_int.h"
+
+/*
+ * If this symbol is defined then ENGINE_get_default_STORE(), the function
+ * that is used by STORE to hook in implementation code and cache defaults
+ * (etc), will display brief debugging summaries to stderr with the 'nid'.
+ */
+/* #define ENGINE_STORE_DEBUG */
+
+static ENGINE_TABLE *store_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_STORE(ENGINE *e)
+{
+ engine_table_unregister(&store_table, e);
+}
+
+static void engine_unregister_all_STORE(void)
+{
+ engine_table_cleanup(&store_table);
+}
+
+int ENGINE_register_STORE(ENGINE *e)
+{
+ if (e->store_meth)
+ return engine_table_register(&store_table,
+ engine_unregister_all_STORE, e,
+ &dummy_nid, 1, 0);
+ return 1;
+}
+
+void ENGINE_register_all_STORE()
+{
+ ENGINE *e;
+
+ for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+ ENGINE_register_STORE(e);
+}
+
+/* The following two functions are removed because they're useless. */
+#if 0
+int ENGINE_set_default_STORE(ENGINE *e)
+{
+ if (e->store_meth)
+ return engine_table_register(&store_table,
+ engine_unregister_all_STORE, e,
+ &dummy_nid, 1, 1);
+ return 1;
+}
+#endif
+
+#if 0
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_STORE(void)
+{
+ return engine_table_select(&store_table, dummy_nid);
+}
+#endif
+
+/* Obtains an STORE implementation from an ENGINE functional reference */
+const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e)
+{
+ return e->store_meth;
+}
+
+/* Sets an STORE implementation in an ENGINE structure */
+int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth)
+{
+ e->store_meth = store_meth;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/err/err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/err/err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,416 +0,0 @@
-/* crypto/err/err.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-
-static unsigned long get_error_values(int inc,int top,
- const char **file,int *line,
- const char **data,int *flags);
-
-#define err_clear_data(p,i) \
- do { \
- if (((p)->err_data[i] != NULL) && \
- (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
- { \
- OPENSSL_free((p)->err_data[i]); \
- (p)->err_data[i]=NULL; \
- } \
- (p)->err_data_flags[i]=0; \
- } while(0)
-
-#define err_clear(p,i) \
- do { \
- (p)->err_flags[i]=0; \
- (p)->err_buffer[i]=0; \
- err_clear_data(p,i); \
- (p)->err_file[i]=NULL; \
- (p)->err_line[i]= -1; \
- } while(0)
-
-void ERR_put_error(int lib, int func, int reason, const char *file,
- int line)
- {
- ERR_STATE *es;
-
-#ifdef _OSD_POSIX
- /* In the BS2000-OSD POSIX subsystem, the compiler generates
- * path names in the form "*POSIX(/etc/passwd)".
- * This dirty hack strips them to something sensible.
- * @@@ We shouldn't modify a const string, though.
- */
- if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) {
- char *end;
-
- /* Skip the "*POSIX(" prefix */
- file += sizeof("*POSIX(")-1;
- end = &file[strlen(file)-1];
- if (*end == ')')
- *end = '\0';
- /* Optional: use the basename of the path only. */
- if ((end = strrchr(file, '/')) != NULL)
- file = &end[1];
- }
-#endif
- es=ERR_get_state();
-
- es->top=(es->top+1)%ERR_NUM_ERRORS;
- if (es->top == es->bottom)
- es->bottom=(es->bottom+1)%ERR_NUM_ERRORS;
- es->err_flags[es->top]=0;
- es->err_buffer[es->top]=ERR_PACK(lib,func,reason);
- es->err_file[es->top]=file;
- es->err_line[es->top]=line;
- err_clear_data(es,es->top);
- }
-
-void ERR_clear_error(void)
- {
- int i;
- ERR_STATE *es;
-
- es=ERR_get_state();
-
- for (i=0; i<ERR_NUM_ERRORS; i++)
- {
- err_clear(es,i);
- }
- es->top=es->bottom=0;
- }
-
-
-unsigned long ERR_get_error(void)
- { return(get_error_values(1,0,NULL,NULL,NULL,NULL)); }
-
-unsigned long ERR_get_error_line(const char **file,
- int *line)
- { return(get_error_values(1,0,file,line,NULL,NULL)); }
-
-unsigned long ERR_get_error_line_data(const char **file, int *line,
- const char **data, int *flags)
- { return(get_error_values(1,0,file,line,data,flags)); }
-
-
-unsigned long ERR_peek_error(void)
- { return(get_error_values(0,0,NULL,NULL,NULL,NULL)); }
-
-unsigned long ERR_peek_error_line(const char **file, int *line)
- { return(get_error_values(0,0,file,line,NULL,NULL)); }
-
-unsigned long ERR_peek_error_line_data(const char **file, int *line,
- const char **data, int *flags)
- { return(get_error_values(0,0,file,line,data,flags)); }
-
-
-unsigned long ERR_peek_last_error(void)
- { return(get_error_values(0,1,NULL,NULL,NULL,NULL)); }
-
-unsigned long ERR_peek_last_error_line(const char **file, int *line)
- { return(get_error_values(0,1,file,line,NULL,NULL)); }
-
-unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
- const char **data, int *flags)
- { return(get_error_values(0,1,file,line,data,flags)); }
-
-
-static unsigned long get_error_values(int inc, int top, const char **file, int *line,
- const char **data, int *flags)
- {
- int i=0;
- ERR_STATE *es;
- unsigned long ret;
-
- es=ERR_get_state();
-
- if (inc && top)
- {
- if (file) *file = "";
- if (line) *line = 0;
- if (data) *data = "";
- if (flags) *flags = 0;
-
- return ERR_R_INTERNAL_ERROR;
- }
-
- if (es->bottom == es->top) return 0;
- if (top)
- i=es->top; /* last error */
- else
- i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */
-
- ret=es->err_buffer[i];
- if (inc)
- {
- es->bottom=i;
- es->err_buffer[i]=0;
- }
-
- if ((file != NULL) && (line != NULL))
- {
- if (es->err_file[i] == NULL)
- {
- *file="NA";
- if (line != NULL) *line=0;
- }
- else
- {
- *file=es->err_file[i];
- if (line != NULL) *line=es->err_line[i];
- }
- }
-
- if (data == NULL)
- {
- if (inc)
- {
- err_clear_data(es, i);
- }
- }
- else
- {
- if (es->err_data[i] == NULL)
- {
- *data="";
- if (flags != NULL) *flags=0;
- }
- else
- {
- *data=es->err_data[i];
- if (flags != NULL) *flags=es->err_data_flags[i];
- }
- }
- return ret;
- }
-
-void ERR_set_error_data(char *data, int flags)
- {
- ERR_STATE *es;
- int i;
-
- es=ERR_get_state();
-
- i=es->top;
- if (i == 0)
- i=ERR_NUM_ERRORS-1;
-
- err_clear_data(es,i);
- es->err_data[i]=data;
- es->err_data_flags[i]=flags;
- }
-
-void ERR_add_error_data(int num, ...)
- {
- va_list args;
- int i,n,s;
- char *str,*p,*a;
-
- s=80;
- str=OPENSSL_malloc(s+1);
- if (str == NULL) return;
- str[0]='\0';
-
- va_start(args, num);
- n=0;
- for (i=0; i<num; i++)
- {
- a=va_arg(args, char*);
- /* ignore NULLs, thanks to Bob Beck <beck at obtuse.com> */
- if (a != NULL)
- {
- n+=strlen(a);
- if (n > s)
- {
- s=n+20;
- p=OPENSSL_realloc(str,s+1);
- if (p == NULL)
- {
- OPENSSL_free(str);
- goto err;
- }
- else
- str=p;
- }
- BUF_strlcat(str,a,(size_t)s+1);
- }
- }
- ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
-
-err:
- va_end(args);
- }
-
-int ERR_set_mark(void)
- {
- ERR_STATE *es;
-
- es=ERR_get_state();
-
- if (es->bottom == es->top) return 0;
- es->err_flags[es->top]|=ERR_FLAG_MARK;
- return 1;
- }
-
-int ERR_pop_to_mark(void)
- {
- ERR_STATE *es;
-
- es=ERR_get_state();
-
- while(es->bottom != es->top
- && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0)
- {
- err_clear(es,es->top);
- es->top-=1;
- if (es->top == -1) es->top=ERR_NUM_ERRORS-1;
- }
-
- if (es->bottom == es->top) return 0;
- es->err_flags[es->top]&=~ERR_FLAG_MARK;
- return 1;
- }
-
-#ifdef OPENSSL_FIPS
-
-static ERR_STATE *fget_state(void)
- {
- static ERR_STATE fstate;
- return &fstate;
- }
-
-ERR_STATE *(*get_state_func)(void) = fget_state;
-void (*remove_state_func)(unsigned long pid);
-
-ERR_STATE *ERR_get_state(void)
- {
- return get_state_func();
- }
-
-void int_ERR_set_state_func(ERR_STATE *(*get_func)(void),
- void (*remove_func)(unsigned long pid))
- {
- get_state_func = get_func;
- remove_state_func = remove_func;
- }
-
-void ERR_remove_state(unsigned long pid)
- {
- if (remove_state_func)
- remove_state_func(pid);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/err/err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/err/err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/err/err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,422 @@
+/* crypto/err/err.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+static unsigned long get_error_values(int inc, int top,
+ const char **file, int *line,
+ const char **data, int *flags);
+
+#define err_clear_data(p,i) \
+ do { \
+ if (((p)->err_data[i] != NULL) && \
+ (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
+ { \
+ OPENSSL_free((p)->err_data[i]); \
+ (p)->err_data[i]=NULL; \
+ } \
+ (p)->err_data_flags[i]=0; \
+ } while(0)
+
+#define err_clear(p,i) \
+ do { \
+ (p)->err_flags[i]=0; \
+ (p)->err_buffer[i]=0; \
+ err_clear_data(p,i); \
+ (p)->err_file[i]=NULL; \
+ (p)->err_line[i]= -1; \
+ } while(0)
+
+void ERR_put_error(int lib, int func, int reason, const char *file, int line)
+{
+ ERR_STATE *es;
+
+#ifdef _OSD_POSIX
+ /*
+ * In the BS2000-OSD POSIX subsystem, the compiler generates path names
+ * in the form "*POSIX(/etc/passwd)". This dirty hack strips them to
+ * something sensible. @@@ We shouldn't modify a const string, though.
+ */
+ if (strncmp(file, "*POSIX(", sizeof("*POSIX(") - 1) == 0) {
+ char *end;
+
+ /* Skip the "*POSIX(" prefix */
+ file += sizeof("*POSIX(") - 1;
+ end = &file[strlen(file) - 1];
+ if (*end == ')')
+ *end = '\0';
+ /* Optional: use the basename of the path only. */
+ if ((end = strrchr(file, '/')) != NULL)
+ file = &end[1];
+ }
+#endif
+ es = ERR_get_state();
+
+ es->top = (es->top + 1) % ERR_NUM_ERRORS;
+ if (es->top == es->bottom)
+ es->bottom = (es->bottom + 1) % ERR_NUM_ERRORS;
+ es->err_flags[es->top] = 0;
+ es->err_buffer[es->top] = ERR_PACK(lib, func, reason);
+ es->err_file[es->top] = file;
+ es->err_line[es->top] = line;
+ err_clear_data(es, es->top);
+}
+
+void ERR_clear_error(void)
+{
+ int i;
+ ERR_STATE *es;
+
+ es = ERR_get_state();
+
+ for (i = 0; i < ERR_NUM_ERRORS; i++) {
+ err_clear(es, i);
+ }
+ es->top = es->bottom = 0;
+}
+
+unsigned long ERR_get_error(void)
+{
+ return (get_error_values(1, 0, NULL, NULL, NULL, NULL));
+}
+
+unsigned long ERR_get_error_line(const char **file, int *line)
+{
+ return (get_error_values(1, 0, file, line, NULL, NULL));
+}
+
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+ const char **data, int *flags)
+{
+ return (get_error_values(1, 0, file, line, data, flags));
+}
+
+unsigned long ERR_peek_error(void)
+{
+ return (get_error_values(0, 0, NULL, NULL, NULL, NULL));
+}
+
+unsigned long ERR_peek_error_line(const char **file, int *line)
+{
+ return (get_error_values(0, 0, file, line, NULL, NULL));
+}
+
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+ const char **data, int *flags)
+{
+ return (get_error_values(0, 0, file, line, data, flags));
+}
+
+unsigned long ERR_peek_last_error(void)
+{
+ return (get_error_values(0, 1, NULL, NULL, NULL, NULL));
+}
+
+unsigned long ERR_peek_last_error_line(const char **file, int *line)
+{
+ return (get_error_values(0, 1, file, line, NULL, NULL));
+}
+
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+ const char **data, int *flags)
+{
+ return (get_error_values(0, 1, file, line, data, flags));
+}
+
+static unsigned long get_error_values(int inc, int top, const char **file,
+ int *line, const char **data,
+ int *flags)
+{
+ int i = 0;
+ ERR_STATE *es;
+ unsigned long ret;
+
+ es = ERR_get_state();
+
+ if (inc && top) {
+ if (file)
+ *file = "";
+ if (line)
+ *line = 0;
+ if (data)
+ *data = "";
+ if (flags)
+ *flags = 0;
+
+ return ERR_R_INTERNAL_ERROR;
+ }
+
+ if (es->bottom == es->top)
+ return 0;
+ if (top)
+ i = es->top; /* last error */
+ else
+ i = (es->bottom + 1) % ERR_NUM_ERRORS; /* first error */
+
+ ret = es->err_buffer[i];
+ if (inc) {
+ es->bottom = i;
+ es->err_buffer[i] = 0;
+ }
+
+ if ((file != NULL) && (line != NULL)) {
+ if (es->err_file[i] == NULL) {
+ *file = "NA";
+ if (line != NULL)
+ *line = 0;
+ } else {
+ *file = es->err_file[i];
+ if (line != NULL)
+ *line = es->err_line[i];
+ }
+ }
+
+ if (data == NULL) {
+ if (inc) {
+ err_clear_data(es, i);
+ }
+ } else {
+ if (es->err_data[i] == NULL) {
+ *data = "";
+ if (flags != NULL)
+ *flags = 0;
+ } else {
+ *data = es->err_data[i];
+ if (flags != NULL)
+ *flags = es->err_data_flags[i];
+ }
+ }
+ return ret;
+}
+
+void ERR_set_error_data(char *data, int flags)
+{
+ ERR_STATE *es;
+ int i;
+
+ es = ERR_get_state();
+
+ i = es->top;
+ if (i == 0)
+ i = ERR_NUM_ERRORS - 1;
+
+ err_clear_data(es, i);
+ es->err_data[i] = data;
+ es->err_data_flags[i] = flags;
+}
+
+void ERR_add_error_data(int num, ...)
+{
+ va_list args;
+ int i, n, s;
+ char *str, *p, *a;
+
+ s = 80;
+ str = OPENSSL_malloc(s + 1);
+ if (str == NULL)
+ return;
+ str[0] = '\0';
+
+ va_start(args, num);
+ n = 0;
+ for (i = 0; i < num; i++) {
+ a = va_arg(args, char *);
+ /* ignore NULLs, thanks to Bob Beck <beck at obtuse.com> */
+ if (a != NULL) {
+ n += strlen(a);
+ if (n > s) {
+ s = n + 20;
+ p = OPENSSL_realloc(str, s + 1);
+ if (p == NULL) {
+ OPENSSL_free(str);
+ goto err;
+ } else
+ str = p;
+ }
+ BUF_strlcat(str, a, (size_t)s + 1);
+ }
+ }
+ ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING);
+
+ err:
+ va_end(args);
+}
+
+int ERR_set_mark(void)
+{
+ ERR_STATE *es;
+
+ es = ERR_get_state();
+
+ if (es->bottom == es->top)
+ return 0;
+ es->err_flags[es->top] |= ERR_FLAG_MARK;
+ return 1;
+}
+
+int ERR_pop_to_mark(void)
+{
+ ERR_STATE *es;
+
+ es = ERR_get_state();
+
+ while (es->bottom != es->top
+ && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) {
+ err_clear(es, es->top);
+ es->top -= 1;
+ if (es->top == -1)
+ es->top = ERR_NUM_ERRORS - 1;
+ }
+
+ if (es->bottom == es->top)
+ return 0;
+ es->err_flags[es->top] &= ~ERR_FLAG_MARK;
+ return 1;
+}
+
+#ifdef OPENSSL_FIPS
+
+static ERR_STATE *fget_state(void)
+{
+ static ERR_STATE fstate;
+ return &fstate;
+}
+
+ERR_STATE *(*get_state_func) (void) = fget_state;
+void (*remove_state_func) (unsigned long pid);
+
+ERR_STATE *ERR_get_state(void)
+{
+ return get_state_func();
+}
+
+void int_ERR_set_state_func(ERR_STATE *(*get_func) (void),
+ void (*remove_func) (unsigned long pid))
+{
+ get_state_func = get_func;
+ remove_state_func = remove_func;
+}
+
+void ERR_remove_state(unsigned long pid)
+{
+ if (remove_state_func)
+ remove_state_func(pid);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/err/err.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/err/err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,330 +0,0 @@
-/* crypto/err/err.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ERR_H
-#define HEADER_ERR_H
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h>
-#include <stdlib.h>
-#endif
-
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_LHASH
-#include <openssl/lhash.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef OPENSSL_NO_ERR
-#define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e)
-#else
-#define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0)
-#endif
-
-#include <errno.h>
-
-#define ERR_TXT_MALLOCED 0x01
-#define ERR_TXT_STRING 0x02
-
-#define ERR_FLAG_MARK 0x01
-
-#define ERR_NUM_ERRORS 16
-typedef struct err_state_st
- {
- unsigned long pid;
- int err_flags[ERR_NUM_ERRORS];
- unsigned long err_buffer[ERR_NUM_ERRORS];
- char *err_data[ERR_NUM_ERRORS];
- int err_data_flags[ERR_NUM_ERRORS];
- const char *err_file[ERR_NUM_ERRORS];
- int err_line[ERR_NUM_ERRORS];
- int top,bottom;
- } ERR_STATE;
-
-/* library */
-#define ERR_LIB_NONE 1
-#define ERR_LIB_SYS 2
-#define ERR_LIB_BN 3
-#define ERR_LIB_RSA 4
-#define ERR_LIB_DH 5
-#define ERR_LIB_EVP 6
-#define ERR_LIB_BUF 7
-#define ERR_LIB_OBJ 8
-#define ERR_LIB_PEM 9
-#define ERR_LIB_DSA 10
-#define ERR_LIB_X509 11
-/* #define ERR_LIB_METH 12 */
-#define ERR_LIB_ASN1 13
-#define ERR_LIB_CONF 14
-#define ERR_LIB_CRYPTO 15
-#define ERR_LIB_EC 16
-#define ERR_LIB_SSL 20
-/* #define ERR_LIB_SSL23 21 */
-/* #define ERR_LIB_SSL2 22 */
-/* #define ERR_LIB_SSL3 23 */
-/* #define ERR_LIB_RSAREF 30 */
-/* #define ERR_LIB_PROXY 31 */
-#define ERR_LIB_BIO 32
-#define ERR_LIB_PKCS7 33
-#define ERR_LIB_X509V3 34
-#define ERR_LIB_PKCS12 35
-#define ERR_LIB_RAND 36
-#define ERR_LIB_DSO 37
-#define ERR_LIB_ENGINE 38
-#define ERR_LIB_OCSP 39
-#define ERR_LIB_UI 40
-#define ERR_LIB_COMP 41
-#define ERR_LIB_ECDSA 42
-#define ERR_LIB_ECDH 43
-#define ERR_LIB_STORE 44
-#define ERR_LIB_FIPS 45
-#define ERR_LIB_CMS 46
-#define ERR_LIB_JPAKE 47
-
-#define ERR_LIB_USER 128
-
-#define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
-#define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
-#define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
-#define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
-#define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
-#define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
-#define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
-#define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
-#define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
-#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
-#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
-#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
-#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
-#define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
-#define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
-#define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
-#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
-#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
-#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
-#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
-#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
-#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
-#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
-#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
-#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
-#define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
-#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
-#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
-#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
-#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
-#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
-
-/* Borland C seems too stupid to be able to shift and do longs in
- * the pre-processor :-( */
-#define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)*0x1000000)| \
- ((((unsigned long)f)&0xfffL)*0x1000)| \
- ((((unsigned long)r)&0xfffL)))
-#define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL)
-#define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL)
-#define ERR_GET_REASON(l) (int)((l)&0xfffL)
-#define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL)
-
-
-/* OS functions */
-#define SYS_F_FOPEN 1
-#define SYS_F_CONNECT 2
-#define SYS_F_GETSERVBYNAME 3
-#define SYS_F_SOCKET 4
-#define SYS_F_IOCTLSOCKET 5
-#define SYS_F_BIND 6
-#define SYS_F_LISTEN 7
-#define SYS_F_ACCEPT 8
-#define SYS_F_WSASTARTUP 9 /* Winsock stuff */
-#define SYS_F_OPENDIR 10
-#define SYS_F_FREAD 11
-
-
-/* reasons */
-#define ERR_R_SYS_LIB ERR_LIB_SYS /* 2 */
-#define ERR_R_BN_LIB ERR_LIB_BN /* 3 */
-#define ERR_R_RSA_LIB ERR_LIB_RSA /* 4 */
-#define ERR_R_DH_LIB ERR_LIB_DH /* 5 */
-#define ERR_R_EVP_LIB ERR_LIB_EVP /* 6 */
-#define ERR_R_BUF_LIB ERR_LIB_BUF /* 7 */
-#define ERR_R_OBJ_LIB ERR_LIB_OBJ /* 8 */
-#define ERR_R_PEM_LIB ERR_LIB_PEM /* 9 */
-#define ERR_R_DSA_LIB ERR_LIB_DSA /* 10 */
-#define ERR_R_X509_LIB ERR_LIB_X509 /* 11 */
-#define ERR_R_ASN1_LIB ERR_LIB_ASN1 /* 13 */
-#define ERR_R_CONF_LIB ERR_LIB_CONF /* 14 */
-#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO /* 15 */
-#define ERR_R_EC_LIB ERR_LIB_EC /* 16 */
-#define ERR_R_SSL_LIB ERR_LIB_SSL /* 20 */
-#define ERR_R_BIO_LIB ERR_LIB_BIO /* 32 */
-#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7 /* 33 */
-#define ERR_R_X509V3_LIB ERR_LIB_X509V3 /* 34 */
-#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12 /* 35 */
-#define ERR_R_RAND_LIB ERR_LIB_RAND /* 36 */
-#define ERR_R_DSO_LIB ERR_LIB_DSO /* 37 */
-#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE /* 38 */
-#define ERR_R_OCSP_LIB ERR_LIB_OCSP /* 39 */
-#define ERR_R_UI_LIB ERR_LIB_UI /* 40 */
-#define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */
-#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */
-#define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */
-#define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */
-
-#define ERR_R_NESTED_ASN1_ERROR 58
-#define ERR_R_BAD_ASN1_OBJECT_HEADER 59
-#define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60
-#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61
-#define ERR_R_ASN1_LENGTH_MISMATCH 62
-#define ERR_R_MISSING_ASN1_EOS 63
-
-/* fatal error */
-#define ERR_R_FATAL 64
-#define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL)
-#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL)
-#define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL)
-#define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL)
-#define ERR_R_DISABLED (5|ERR_R_FATAL)
-
-/* 99 is the maximum possible ERR_R_... code, higher values
- * are reserved for the individual libraries */
-
-
-typedef struct ERR_string_data_st
- {
- unsigned long error;
- const char *string;
- } ERR_STRING_DATA;
-
-void ERR_put_error(int lib, int func,int reason,const char *file,int line);
-void ERR_set_error_data(char *data,int flags);
-
-unsigned long ERR_get_error(void);
-unsigned long ERR_get_error_line(const char **file,int *line);
-unsigned long ERR_get_error_line_data(const char **file,int *line,
- const char **data, int *flags);
-unsigned long ERR_peek_error(void);
-unsigned long ERR_peek_error_line(const char **file,int *line);
-unsigned long ERR_peek_error_line_data(const char **file,int *line,
- const char **data,int *flags);
-unsigned long ERR_peek_last_error(void);
-unsigned long ERR_peek_last_error_line(const char **file,int *line);
-unsigned long ERR_peek_last_error_line_data(const char **file,int *line,
- const char **data,int *flags);
-void ERR_clear_error(void );
-char *ERR_error_string(unsigned long e,char *buf);
-void ERR_error_string_n(unsigned long e, char *buf, size_t len);
-const char *ERR_lib_error_string(unsigned long e);
-const char *ERR_func_error_string(unsigned long e);
-const char *ERR_reason_error_string(unsigned long e);
-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
- void *u);
-#ifndef OPENSSL_NO_FP_API
-void ERR_print_errors_fp(FILE *fp);
-#endif
-#ifndef OPENSSL_NO_BIO
-void ERR_print_errors(BIO *bp);
-void ERR_add_error_data(int num, ...);
-#endif
-void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
-void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
-void ERR_load_ERR_strings(void);
-void ERR_load_crypto_strings(void);
-void ERR_free_strings(void);
-
-void ERR_remove_state(unsigned long pid); /* if zero we look it up */
-ERR_STATE *ERR_get_state(void);
-
-#ifndef OPENSSL_NO_LHASH
-LHASH *ERR_get_string_table(void);
-LHASH *ERR_get_err_state_table(void);
-void ERR_release_err_state_table(LHASH **hash);
-#endif
-
-int ERR_get_next_error_library(void);
-
-int ERR_set_mark(void);
-int ERR_pop_to_mark(void);
-
-#ifdef OPENSSL_FIPS
-void int_ERR_set_state_func(ERR_STATE *(*get_func)(void),
- void (*remove_func)(unsigned long pid));
-void int_ERR_lib_init(void);
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct st_ERR_FNS ERR_FNS; */
-/* An application can use this function and provide the return value to loaded
- * modules that should use the application's ERR state/functionality */
-const ERR_FNS *ERR_get_implementation(void);
-/* A loaded module should call this function prior to any ERR operations using
- * the application's "ERR_FNS". */
-int ERR_set_implementation(const ERR_FNS *fns);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/err/err.h (from rev 6976, vendor-crypto/openssl/dist/crypto/err/err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/err/err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,333 @@
+/* crypto/err/err.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ERR_H
+# define HEADER_ERR_H
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_FP_API
+# include <stdio.h>
+# include <stdlib.h>
+# endif
+
+# include <openssl/ossl_typ.h>
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+# ifndef OPENSSL_NO_LHASH
+# include <openssl/lhash.h>
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifndef OPENSSL_NO_ERR
+# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e)
+# else
+# define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0)
+# endif
+
+# include <errno.h>
+
+# define ERR_TXT_MALLOCED 0x01
+# define ERR_TXT_STRING 0x02
+
+# define ERR_FLAG_MARK 0x01
+
+# define ERR_NUM_ERRORS 16
+typedef struct err_state_st {
+ unsigned long pid;
+ int err_flags[ERR_NUM_ERRORS];
+ unsigned long err_buffer[ERR_NUM_ERRORS];
+ char *err_data[ERR_NUM_ERRORS];
+ int err_data_flags[ERR_NUM_ERRORS];
+ const char *err_file[ERR_NUM_ERRORS];
+ int err_line[ERR_NUM_ERRORS];
+ int top, bottom;
+} ERR_STATE;
+
+/* library */
+# define ERR_LIB_NONE 1
+# define ERR_LIB_SYS 2
+# define ERR_LIB_BN 3
+# define ERR_LIB_RSA 4
+# define ERR_LIB_DH 5
+# define ERR_LIB_EVP 6
+# define ERR_LIB_BUF 7
+# define ERR_LIB_OBJ 8
+# define ERR_LIB_PEM 9
+# define ERR_LIB_DSA 10
+# define ERR_LIB_X509 11
+/* #define ERR_LIB_METH 12 */
+# define ERR_LIB_ASN1 13
+# define ERR_LIB_CONF 14
+# define ERR_LIB_CRYPTO 15
+# define ERR_LIB_EC 16
+# define ERR_LIB_SSL 20
+/* #define ERR_LIB_SSL23 21 */
+/* #define ERR_LIB_SSL2 22 */
+/* #define ERR_LIB_SSL3 23 */
+/* #define ERR_LIB_RSAREF 30 */
+/* #define ERR_LIB_PROXY 31 */
+# define ERR_LIB_BIO 32
+# define ERR_LIB_PKCS7 33
+# define ERR_LIB_X509V3 34
+# define ERR_LIB_PKCS12 35
+# define ERR_LIB_RAND 36
+# define ERR_LIB_DSO 37
+# define ERR_LIB_ENGINE 38
+# define ERR_LIB_OCSP 39
+# define ERR_LIB_UI 40
+# define ERR_LIB_COMP 41
+# define ERR_LIB_ECDSA 42
+# define ERR_LIB_ECDH 43
+# define ERR_LIB_STORE 44
+# define ERR_LIB_FIPS 45
+# define ERR_LIB_CMS 46
+# define ERR_LIB_JPAKE 47
+
+# define ERR_LIB_USER 128
+
+# define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
+# define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
+# define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
+# define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
+# define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
+# define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
+# define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
+# define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
+# define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
+# define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
+# define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
+# define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
+# define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
+# define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
+# define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
+# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__)
+
+/*
+ * Borland C seems too stupid to be able to shift and do longs in the
+ * pre-processor :-(
+ */
+# define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)*0x1000000)| \
+ ((((unsigned long)f)&0xfffL)*0x1000)| \
+ ((((unsigned long)r)&0xfffL)))
+# define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL)
+# define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL)
+# define ERR_GET_REASON(l) (int)((l)&0xfffL)
+# define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL)
+
+/* OS functions */
+# define SYS_F_FOPEN 1
+# define SYS_F_CONNECT 2
+# define SYS_F_GETSERVBYNAME 3
+# define SYS_F_SOCKET 4
+# define SYS_F_IOCTLSOCKET 5
+# define SYS_F_BIND 6
+# define SYS_F_LISTEN 7
+# define SYS_F_ACCEPT 8
+# define SYS_F_WSASTARTUP 9/* Winsock stuff */
+# define SYS_F_OPENDIR 10
+# define SYS_F_FREAD 11
+
+/* reasons */
+# define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */
+# define ERR_R_BN_LIB ERR_LIB_BN/* 3 */
+# define ERR_R_RSA_LIB ERR_LIB_RSA/* 4 */
+# define ERR_R_DH_LIB ERR_LIB_DH/* 5 */
+# define ERR_R_EVP_LIB ERR_LIB_EVP/* 6 */
+# define ERR_R_BUF_LIB ERR_LIB_BUF/* 7 */
+# define ERR_R_OBJ_LIB ERR_LIB_OBJ/* 8 */
+# define ERR_R_PEM_LIB ERR_LIB_PEM/* 9 */
+# define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */
+# define ERR_R_X509_LIB ERR_LIB_X509/* 11 */
+# define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */
+# define ERR_R_CONF_LIB ERR_LIB_CONF/* 14 */
+# define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO/* 15 */
+# define ERR_R_EC_LIB ERR_LIB_EC/* 16 */
+# define ERR_R_SSL_LIB ERR_LIB_SSL/* 20 */
+# define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */
+# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */
+# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */
+# define ERR_R_PKCS12_LIB ERR_LIB_PKCS12/* 35 */
+# define ERR_R_RAND_LIB ERR_LIB_RAND/* 36 */
+# define ERR_R_DSO_LIB ERR_LIB_DSO/* 37 */
+# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */
+# define ERR_R_OCSP_LIB ERR_LIB_OCSP/* 39 */
+# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */
+# define ERR_R_COMP_LIB ERR_LIB_COMP/* 41 */
+# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */
+# define ERR_R_ECDH_LIB ERR_LIB_ECDH/* 43 */
+# define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */
+
+# define ERR_R_NESTED_ASN1_ERROR 58
+# define ERR_R_BAD_ASN1_OBJECT_HEADER 59
+# define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60
+# define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61
+# define ERR_R_ASN1_LENGTH_MISMATCH 62
+# define ERR_R_MISSING_ASN1_EOS 63
+
+/* fatal error */
+# define ERR_R_FATAL 64
+# define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL)
+# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL)
+# define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL)
+# define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL)
+# define ERR_R_DISABLED (5|ERR_R_FATAL)
+
+/*
+ * 99 is the maximum possible ERR_R_... code, higher values are reserved for
+ * the individual libraries
+ */
+
+typedef struct ERR_string_data_st {
+ unsigned long error;
+ const char *string;
+} ERR_STRING_DATA;
+
+void ERR_put_error(int lib, int func, int reason, const char *file, int line);
+void ERR_set_error_data(char *data, int flags);
+
+unsigned long ERR_get_error(void);
+unsigned long ERR_get_error_line(const char **file, int *line);
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+ const char **data, int *flags);
+unsigned long ERR_peek_error(void);
+unsigned long ERR_peek_error_line(const char **file, int *line);
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+ const char **data, int *flags);
+unsigned long ERR_peek_last_error(void);
+unsigned long ERR_peek_last_error_line(const char **file, int *line);
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+ const char **data, int *flags);
+void ERR_clear_error(void);
+char *ERR_error_string(unsigned long e, char *buf);
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+const char *ERR_lib_error_string(unsigned long e);
+const char *ERR_func_error_string(unsigned long e);
+const char *ERR_reason_error_string(unsigned long e);
+void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
+ void *u);
+# ifndef OPENSSL_NO_FP_API
+void ERR_print_errors_fp(FILE *fp);
+# endif
+# ifndef OPENSSL_NO_BIO
+void ERR_print_errors(BIO *bp);
+void ERR_add_error_data(int num, ...);
+# endif
+void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+void ERR_unload_strings(int lib, ERR_STRING_DATA str[]);
+void ERR_load_ERR_strings(void);
+void ERR_load_crypto_strings(void);
+void ERR_free_strings(void);
+
+void ERR_remove_state(unsigned long pid); /* if zero we look it up */
+ERR_STATE *ERR_get_state(void);
+
+# ifndef OPENSSL_NO_LHASH
+LHASH *ERR_get_string_table(void);
+LHASH *ERR_get_err_state_table(void);
+void ERR_release_err_state_table(LHASH **hash);
+# endif
+
+int ERR_get_next_error_library(void);
+
+int ERR_set_mark(void);
+int ERR_pop_to_mark(void);
+
+# ifdef OPENSSL_FIPS
+void int_ERR_set_state_func(ERR_STATE *(*get_func) (void),
+ void (*remove_func) (unsigned long pid));
+void int_ERR_lib_init(void);
+# endif
+
+/* Already defined in ossl_typ.h */
+/* typedef struct st_ERR_FNS ERR_FNS; */
+/*
+ * An application can use this function and provide the return value to
+ * loaded modules that should use the application's ERR state/functionality
+ */
+const ERR_FNS *ERR_get_implementation(void);
+/*
+ * A loaded module should call this function prior to any ERR operations
+ * using the application's "ERR_FNS".
+ */
+int ERR_set_implementation(const ERR_FNS *fns);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/err/err_all.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/err/err_all.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err_all.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,165 +0,0 @@
-/* crypto/err/err_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/asn1.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/pem2.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/conf.h>
-#include <openssl/pkcs12.h>
-#include <openssl/rand.h>
-#include <openssl/dso.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/ui.h>
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#ifndef OPENSSL_NO_CMS
-#include <openssl/cms.h>
-#endif
-#ifndef OPENSSL_NO_JPAKE
-#include <openssl/jpake.h>
-#endif
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-
-void ERR_load_crypto_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_load_ERR_strings(); /* include error strings for SYSerr */
- ERR_load_BN_strings();
-#ifndef OPENSSL_NO_RSA
- ERR_load_RSA_strings();
-#endif
-#ifndef OPENSSL_NO_DH
- ERR_load_DH_strings();
-#endif
- ERR_load_EVP_strings();
- ERR_load_BUF_strings();
- ERR_load_OBJ_strings();
- ERR_load_PEM_strings();
-#ifndef OPENSSL_NO_DSA
- ERR_load_DSA_strings();
-#endif
- ERR_load_X509_strings();
- ERR_load_ASN1_strings();
- ERR_load_CONF_strings();
- ERR_load_CRYPTO_strings();
-#ifndef OPENSSL_NO_EC
- ERR_load_EC_strings();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- ERR_load_ECDSA_strings();
-#endif
-#ifndef OPENSSL_NO_ECDH
- ERR_load_ECDH_strings();
-#endif
- /* skip ERR_load_SSL_strings() because it is not in this library */
- ERR_load_BIO_strings();
- ERR_load_PKCS7_strings();
- ERR_load_X509V3_strings();
- ERR_load_PKCS12_strings();
- ERR_load_RAND_strings();
- ERR_load_DSO_strings();
-#ifndef OPENSSL_NO_ENGINE
- ERR_load_ENGINE_strings();
-#endif
- ERR_load_OCSP_strings();
- ERR_load_UI_strings();
-#ifdef OPENSSL_FIPS
- ERR_load_FIPS_strings();
-#endif
-#ifndef OPENSSL_NO_CMS
- ERR_load_CMS_strings();
-#endif
-#ifndef OPENSSL_NO_JPAKE
- ERR_load_JPAKE_strings();
-#endif
- ERR_load_COMP_strings();
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/err/err_all.c (from rev 6976, vendor-crypto/openssl/dist/crypto/err/err_all.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/err/err_all.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err_all.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,165 @@
+/* crypto/err/err_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_EC
+# include <openssl/ec.h>
+#endif
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_ECDSA
+# include <openssl/ecdsa.h>
+#endif
+#ifndef OPENSSL_NO_ECDH
+# include <openssl/ecdh.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/pem2.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/conf.h>
+#include <openssl/pkcs12.h>
+#include <openssl/rand.h>
+#include <openssl/dso.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/ui.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#ifndef OPENSSL_NO_CMS
+# include <openssl/cms.h>
+#endif
+#ifndef OPENSSL_NO_JPAKE
+# include <openssl/jpake.h>
+#endif
+#ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+#endif
+
+void ERR_load_crypto_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+ ERR_load_ERR_strings(); /* include error strings for SYSerr */
+ ERR_load_BN_strings();
+# ifndef OPENSSL_NO_RSA
+ ERR_load_RSA_strings();
+# endif
+# ifndef OPENSSL_NO_DH
+ ERR_load_DH_strings();
+# endif
+ ERR_load_EVP_strings();
+ ERR_load_BUF_strings();
+ ERR_load_OBJ_strings();
+ ERR_load_PEM_strings();
+# ifndef OPENSSL_NO_DSA
+ ERR_load_DSA_strings();
+# endif
+ ERR_load_X509_strings();
+ ERR_load_ASN1_strings();
+ ERR_load_CONF_strings();
+ ERR_load_CRYPTO_strings();
+# ifndef OPENSSL_NO_EC
+ ERR_load_EC_strings();
+# endif
+# ifndef OPENSSL_NO_ECDSA
+ ERR_load_ECDSA_strings();
+# endif
+# ifndef OPENSSL_NO_ECDH
+ ERR_load_ECDH_strings();
+# endif
+ /* skip ERR_load_SSL_strings() because it is not in this library */
+ ERR_load_BIO_strings();
+ ERR_load_PKCS7_strings();
+ ERR_load_X509V3_strings();
+ ERR_load_PKCS12_strings();
+ ERR_load_RAND_strings();
+ ERR_load_DSO_strings();
+# ifndef OPENSSL_NO_ENGINE
+ ERR_load_ENGINE_strings();
+# endif
+ ERR_load_OCSP_strings();
+ ERR_load_UI_strings();
+# ifdef OPENSSL_FIPS
+ ERR_load_FIPS_strings();
+# endif
+# ifndef OPENSSL_NO_CMS
+ ERR_load_CMS_strings();
+# endif
+# ifndef OPENSSL_NO_JPAKE
+ ERR_load_JPAKE_strings();
+# endif
+ ERR_load_COMP_strings();
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/err/err_bio.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/err/err_bio.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err_bio.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,75 +0,0 @@
-/* crypto/err/err_prn.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-static int print_bio(const char *str, size_t len, void *bp)
- {
- return BIO_write((BIO *)bp, str, len);
- }
-void ERR_print_errors(BIO *bp)
- {
- ERR_print_errors_cb(print_bio, bp);
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/err/err_bio.c (from rev 6976, vendor-crypto/openssl/dist/crypto/err/err_bio.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/err/err_bio.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err_bio.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,74 @@
+/* crypto/err/err_prn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static int print_bio(const char *str, size_t len, void *bp)
+{
+ return BIO_write((BIO *)bp, str, len);
+}
+
+void ERR_print_errors(BIO *bp)
+{
+ ERR_print_errors_cb(print_bio, bp);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/err/err_def.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/err/err_def.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err_def.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,665 +0,0 @@
-/* crypto/err/err_def.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-
-#define err_clear_data(p,i) \
- do { \
- if (((p)->err_data[i] != NULL) && \
- (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
- { \
- OPENSSL_free((p)->err_data[i]); \
- (p)->err_data[i]=NULL; \
- } \
- (p)->err_data_flags[i]=0; \
- } while(0)
-
-#define err_clear(p,i) \
- do { \
- (p)->err_flags[i]=0; \
- (p)->err_buffer[i]=0; \
- err_clear_data(p,i); \
- (p)->err_file[i]=NULL; \
- (p)->err_line[i]= -1; \
- } while(0)
-
-static void err_load_strings(int lib, ERR_STRING_DATA *str);
-
-static void ERR_STATE_free(ERR_STATE *s);
-
-/* Define the predeclared (but externally opaque) "ERR_FNS" type */
-struct st_ERR_FNS
- {
- /* Works on the "error_hash" string table */
- LHASH *(*cb_err_get)(int create);
- void (*cb_err_del)(void);
- ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);
- ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);
- ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
- /* Works on the "thread_hash" error-state table */
- LHASH *(*cb_thread_get)(int create);
- void (*cb_thread_release)(LHASH **hash);
- ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
- ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
- void (*cb_thread_del_item)(const ERR_STATE *);
- /* Returns the next available error "library" numbers */
- int (*cb_get_next_lib)(void);
- };
-
-/* Predeclarations of the "err_defaults" functions */
-static LHASH *int_err_get(int create);
-static void int_err_del(void);
-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
-static LHASH *int_thread_get(int create);
-static void int_thread_release(LHASH **hash);
-static ERR_STATE *int_thread_get_item(const ERR_STATE *);
-static ERR_STATE *int_thread_set_item(ERR_STATE *);
-static void int_thread_del_item(const ERR_STATE *);
-static int int_err_get_next_lib(void);
-/* The static ERR_FNS table using these defaults functions */
-static const ERR_FNS err_defaults =
- {
- int_err_get,
- int_err_del,
- int_err_get_item,
- int_err_set_item,
- int_err_del_item,
- int_thread_get,
- int_thread_release,
- int_thread_get_item,
- int_thread_set_item,
- int_thread_del_item,
- int_err_get_next_lib
- };
-
-/* The replacable table of ERR_FNS functions we use at run-time */
-static const ERR_FNS *err_fns = NULL;
-
-/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
-#define ERRFN(a) err_fns->cb_##a
-
-/* The internal state used by "err_defaults" - as such, the setting, reading,
- * creating, and deleting of this data should only be permitted via the
- * "err_defaults" functions. This way, a linked module can completely defer all
- * ERR state operation (together with requisite locking) to the implementations
- * and state in the loading application. */
-static LHASH *int_error_hash = NULL;
-static LHASH *int_thread_hash = NULL;
-static int int_thread_hash_references = 0;
-static int int_err_library_number= ERR_LIB_USER;
-
-/* Internal function that checks whether "err_fns" is set and if not, sets it to
- * the defaults. */
-static void err_fns_check(void)
- {
- if (err_fns) return;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- if (!err_fns)
- err_fns = &err_defaults;
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
- }
-
-/* API functions to get or set the underlying ERR functions. */
-
-const ERR_FNS *ERR_get_implementation(void)
- {
- err_fns_check();
- return err_fns;
- }
-
-int ERR_set_implementation(const ERR_FNS *fns)
- {
- int ret = 0;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting
- * an error is there?! */
- if (!err_fns)
- {
- err_fns = fns;
- ret = 1;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
- return ret;
- }
-
-/* These are the callbacks provided to "lh_new()" when creating the LHASH tables
- * internal to the "err_defaults" implementation. */
-
-/* static unsigned long err_hash(ERR_STRING_DATA *a); */
-static unsigned long err_hash(const void *a_void);
-/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */
-static int err_cmp(const void *a_void, const void *b_void);
-/* static unsigned long pid_hash(ERR_STATE *pid); */
-static unsigned long pid_hash(const void *pid_void);
-/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */
-static int pid_cmp(const void *a_void,const void *pid_void);
-
-/* The internal functions used in the "err_defaults" implementation */
-
-static LHASH *int_err_get(int create)
- {
- LHASH *ret = NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- if (!int_error_hash && create)
- {
- CRYPTO_push_info("int_err_get (err.c)");
- int_error_hash = lh_new(err_hash, err_cmp);
- CRYPTO_pop_info();
- }
- if (int_error_hash)
- ret = int_error_hash;
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
- return ret;
- }
-
-static void int_err_del(void)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- if (int_error_hash)
- {
- lh_free(int_error_hash);
- int_error_hash = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
- }
-
-static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
- {
- ERR_STRING_DATA *p;
- LHASH *hash;
-
- err_fns_check();
- hash = ERRFN(err_get)(0);
- if (!hash)
- return NULL;
-
- CRYPTO_r_lock(CRYPTO_LOCK_ERR);
- p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
- CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-
- return p;
- }
-
-static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
- {
- ERR_STRING_DATA *p;
- LHASH *hash;
-
- err_fns_check();
- hash = ERRFN(err_get)(1);
- if (!hash)
- return NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- p = (ERR_STRING_DATA *)lh_insert(hash, d);
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
- return p;
- }
-
-static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
- {
- ERR_STRING_DATA *p;
- LHASH *hash;
-
- err_fns_check();
- hash = ERRFN(err_get)(0);
- if (!hash)
- return NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- p = (ERR_STRING_DATA *)lh_delete(hash, d);
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
- return p;
- }
-
-static LHASH *int_thread_get(int create)
- {
- LHASH *ret = NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- if (!int_thread_hash && create)
- {
- CRYPTO_push_info("int_thread_get (err.c)");
- int_thread_hash = lh_new(pid_hash, pid_cmp);
- CRYPTO_pop_info();
- }
- if (int_thread_hash)
- {
- int_thread_hash_references++;
- ret = int_thread_hash;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
- return ret;
- }
-
-static void int_thread_release(LHASH **hash)
- {
- int i;
-
- if (hash == NULL || *hash == NULL)
- return;
-
- i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
-
-#ifdef REF_PRINT
- fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"int_thread_release, bad reference count\n");
- abort(); /* ok */
- }
-#endif
- *hash = NULL;
- }
-
-static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
- {
- ERR_STATE *p;
- LHASH *hash;
-
- err_fns_check();
- hash = ERRFN(thread_get)(0);
- if (!hash)
- return NULL;
-
- CRYPTO_r_lock(CRYPTO_LOCK_ERR);
- p = (ERR_STATE *)lh_retrieve(hash, d);
- CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-
- ERRFN(thread_release)(&hash);
- return p;
- }
-
-static ERR_STATE *int_thread_set_item(ERR_STATE *d)
- {
- ERR_STATE *p;
- LHASH *hash;
-
- err_fns_check();
- hash = ERRFN(thread_get)(1);
- if (!hash)
- return NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- p = (ERR_STATE *)lh_insert(hash, d);
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
- ERRFN(thread_release)(&hash);
- return p;
- }
-
-static void int_thread_del_item(const ERR_STATE *d)
- {
- ERR_STATE *p;
- LHASH *hash;
-
- err_fns_check();
- hash = ERRFN(thread_get)(0);
- if (!hash)
- return;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- p = (ERR_STATE *)lh_delete(hash, d);
- /* make sure we don't leak memory */
- if (int_thread_hash_references == 1
- && int_thread_hash && (lh_num_items(int_thread_hash) == 0))
- {
- lh_free(int_thread_hash);
- int_thread_hash = NULL;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
- ERRFN(thread_release)(&hash);
- if (p)
- ERR_STATE_free(p);
- }
-
-static int int_err_get_next_lib(void)
- {
- int ret;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- ret = int_err_library_number++;
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
- return ret;
- }
-
-static void ERR_STATE_free(ERR_STATE *s)
- {
- int i;
-
- if (s == NULL)
- return;
-
- for (i=0; i<ERR_NUM_ERRORS; i++)
- {
- err_clear_data(s,i);
- }
- OPENSSL_free(s);
- }
-
-static void err_load_strings(int lib, ERR_STRING_DATA *str)
- {
- while (str->error)
- {
- if (lib)
- str->error|=ERR_PACK(lib,0,0);
- ERRFN(err_set_item)(str);
- str++;
- }
- }
-
-void ERR_load_strings(int lib, ERR_STRING_DATA *str)
- {
- err_fns_check();
- err_load_strings(lib, str);
- }
-
-void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
- {
- while (str->error)
- {
- if (lib)
- str->error|=ERR_PACK(lib,0,0);
- ERRFN(err_del_item)(str);
- str++;
- }
- }
-
-void ERR_free_strings(void)
- {
- err_fns_check();
- ERRFN(err_del)();
- }
-
-LHASH *ERR_get_string_table(void)
- {
- err_fns_check();
- return ERRFN(err_get)(0);
- }
-
-LHASH *ERR_get_err_state_table(void)
- {
- err_fns_check();
- return ERRFN(thread_get)(0);
- }
-
-void ERR_release_err_state_table(LHASH **hash)
- {
- err_fns_check();
- ERRFN(thread_release)(hash);
- }
-
-const char *ERR_lib_error_string(unsigned long e)
- {
- ERR_STRING_DATA d,*p;
- unsigned long l;
-
- err_fns_check();
- l=ERR_GET_LIB(e);
- d.error=ERR_PACK(l,0,0);
- p=ERRFN(err_get_item)(&d);
- return((p == NULL)?NULL:p->string);
- }
-
-const char *ERR_func_error_string(unsigned long e)
- {
- ERR_STRING_DATA d,*p;
- unsigned long l,f;
-
- err_fns_check();
- l=ERR_GET_LIB(e);
- f=ERR_GET_FUNC(e);
- d.error=ERR_PACK(l,f,0);
- p=ERRFN(err_get_item)(&d);
- return((p == NULL)?NULL:p->string);
- }
-
-const char *ERR_reason_error_string(unsigned long e)
- {
- ERR_STRING_DATA d,*p=NULL;
- unsigned long l,r;
-
- err_fns_check();
- l=ERR_GET_LIB(e);
- r=ERR_GET_REASON(e);
- d.error=ERR_PACK(l,0,r);
- p=ERRFN(err_get_item)(&d);
- if (!p)
- {
- d.error=ERR_PACK(0,0,r);
- p=ERRFN(err_get_item)(&d);
- }
- return((p == NULL)?NULL:p->string);
- }
-
-/* static unsigned long err_hash(ERR_STRING_DATA *a) */
-static unsigned long err_hash(const void *a_void)
- {
- unsigned long ret,l;
-
- l=((const ERR_STRING_DATA *)a_void)->error;
- ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
- return(ret^ret%19*13);
- }
-
-/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */
-static int err_cmp(const void *a_void, const void *b_void)
- {
- return((int)(((const ERR_STRING_DATA *)a_void)->error -
- ((const ERR_STRING_DATA *)b_void)->error));
- }
-
-/* static unsigned long pid_hash(ERR_STATE *a) */
-static unsigned long pid_hash(const void *a_void)
- {
- return(((const ERR_STATE *)a_void)->pid*13);
- }
-
-/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */
-static int pid_cmp(const void *a_void, const void *b_void)
- {
- return((int)((long)((const ERR_STATE *)a_void)->pid -
- (long)((const ERR_STATE *)b_void)->pid));
- }
-#ifdef OPENSSL_FIPS
-static void int_err_remove_state(unsigned long pid)
-#else
-void ERR_remove_state(unsigned long pid)
-#endif
- {
- ERR_STATE tmp;
-
- err_fns_check();
- if (pid == 0)
- pid=(unsigned long)CRYPTO_thread_id();
- tmp.pid=pid;
- /* thread_del_item automatically destroys the LHASH if the number of
- * items reaches zero. */
- ERRFN(thread_del_item)(&tmp);
- }
-
-#ifdef OPENSSL_FIPS
- static ERR_STATE *int_err_get_state(void)
-#else
-ERR_STATE *ERR_get_state(void)
-#endif
- {
- static ERR_STATE fallback;
- ERR_STATE *ret,tmp,*tmpp=NULL;
- int i;
- unsigned long pid;
-
- err_fns_check();
- pid=(unsigned long)CRYPTO_thread_id();
- tmp.pid=pid;
- ret=ERRFN(thread_get_item)(&tmp);
-
- /* ret == the error state, if NULL, make a new one */
- if (ret == NULL)
- {
- ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
- if (ret == NULL) return(&fallback);
- ret->pid=pid;
- ret->top=0;
- ret->bottom=0;
- for (i=0; i<ERR_NUM_ERRORS; i++)
- {
- ret->err_data[i]=NULL;
- ret->err_data_flags[i]=0;
- }
- tmpp = ERRFN(thread_set_item)(ret);
- /* To check if insertion failed, do a get. */
- if (ERRFN(thread_get_item)(ret) != ret)
- {
- ERR_STATE_free(ret); /* could not insert it */
- return(&fallback);
- }
- /* If a race occured in this function and we came second, tmpp
- * is the first one that we just replaced. */
- if (tmpp)
- ERR_STATE_free(tmpp);
- }
- return ret;
- }
-
-#ifdef OPENSSL_FIPS
-void int_ERR_lib_init(void)
- {
- int_ERR_set_state_func(int_err_get_state, int_err_remove_state);
- }
-#endif
-
-int ERR_get_next_error_library(void)
- {
- err_fns_check();
- return ERRFN(get_next_lib)();
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/err/err_def.c (from rev 6976, vendor-crypto/openssl/dist/crypto/err/err_def.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/err/err_def.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err_def.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,665 @@
+/* crypto/err/err_def.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#define err_clear_data(p,i) \
+ do { \
+ if (((p)->err_data[i] != NULL) && \
+ (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
+ { \
+ OPENSSL_free((p)->err_data[i]); \
+ (p)->err_data[i]=NULL; \
+ } \
+ (p)->err_data_flags[i]=0; \
+ } while(0)
+
+#define err_clear(p,i) \
+ do { \
+ (p)->err_flags[i]=0; \
+ (p)->err_buffer[i]=0; \
+ err_clear_data(p,i); \
+ (p)->err_file[i]=NULL; \
+ (p)->err_line[i]= -1; \
+ } while(0)
+
+static void err_load_strings(int lib, ERR_STRING_DATA *str);
+
+static void ERR_STATE_free(ERR_STATE *s);
+
+/* Define the predeclared (but externally opaque) "ERR_FNS" type */
+struct st_ERR_FNS {
+ /* Works on the "error_hash" string table */
+ LHASH *(*cb_err_get) (int create);
+ void (*cb_err_del) (void);
+ ERR_STRING_DATA *(*cb_err_get_item) (const ERR_STRING_DATA *);
+ ERR_STRING_DATA *(*cb_err_set_item) (ERR_STRING_DATA *);
+ ERR_STRING_DATA *(*cb_err_del_item) (ERR_STRING_DATA *);
+ /* Works on the "thread_hash" error-state table */
+ LHASH *(*cb_thread_get) (int create);
+ void (*cb_thread_release) (LHASH **hash);
+ ERR_STATE *(*cb_thread_get_item) (const ERR_STATE *);
+ ERR_STATE *(*cb_thread_set_item) (ERR_STATE *);
+ void (*cb_thread_del_item) (const ERR_STATE *);
+ /* Returns the next available error "library" numbers */
+ int (*cb_get_next_lib) (void);
+};
+
+/* Predeclarations of the "err_defaults" functions */
+static LHASH *int_err_get(int create);
+static void int_err_del(void);
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
+static LHASH *int_thread_get(int create);
+static void int_thread_release(LHASH **hash);
+static ERR_STATE *int_thread_get_item(const ERR_STATE *);
+static ERR_STATE *int_thread_set_item(ERR_STATE *);
+static void int_thread_del_item(const ERR_STATE *);
+static int int_err_get_next_lib(void);
+/* The static ERR_FNS table using these defaults functions */
+static const ERR_FNS err_defaults = {
+ int_err_get,
+ int_err_del,
+ int_err_get_item,
+ int_err_set_item,
+ int_err_del_item,
+ int_thread_get,
+ int_thread_release,
+ int_thread_get_item,
+ int_thread_set_item,
+ int_thread_del_item,
+ int_err_get_next_lib
+};
+
+/* The replacable table of ERR_FNS functions we use at run-time */
+static const ERR_FNS *err_fns = NULL;
+
+/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
+#define ERRFN(a) err_fns->cb_##a
+
+/*
+ * The internal state used by "err_defaults" - as such, the setting, reading,
+ * creating, and deleting of this data should only be permitted via the
+ * "err_defaults" functions. This way, a linked module can completely defer
+ * all ERR state operation (together with requisite locking) to the
+ * implementations and state in the loading application.
+ */
+static LHASH *int_error_hash = NULL;
+static LHASH *int_thread_hash = NULL;
+static int int_thread_hash_references = 0;
+static int int_err_library_number = ERR_LIB_USER;
+
+/*
+ * Internal function that checks whether "err_fns" is set and if not, sets it
+ * to the defaults.
+ */
+static void err_fns_check(void)
+{
+ if (err_fns)
+ return;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+ if (!err_fns)
+ err_fns = &err_defaults;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+}
+
+/* API functions to get or set the underlying ERR functions. */
+
+const ERR_FNS *ERR_get_implementation(void)
+{
+ err_fns_check();
+ return err_fns;
+}
+
+int ERR_set_implementation(const ERR_FNS *fns)
+{
+ int ret = 0;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+ /*
+ * It's too late if 'err_fns' is non-NULL. BTW: not much point setting an
+ * error is there?!
+ */
+ if (!err_fns) {
+ err_fns = fns;
+ ret = 1;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+ return ret;
+}
+
+/*
+ * These are the callbacks provided to "lh_new()" when creating the LHASH
+ * tables internal to the "err_defaults" implementation.
+ */
+
+/* static unsigned long err_hash(ERR_STRING_DATA *a); */
+static unsigned long err_hash(const void *a_void);
+/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */
+static int err_cmp(const void *a_void, const void *b_void);
+/* static unsigned long pid_hash(ERR_STATE *pid); */
+static unsigned long pid_hash(const void *pid_void);
+/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */
+static int pid_cmp(const void *a_void, const void *pid_void);
+
+/* The internal functions used in the "err_defaults" implementation */
+
+static LHASH *int_err_get(int create)
+{
+ LHASH *ret = NULL;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+ if (!int_error_hash && create) {
+ CRYPTO_push_info("int_err_get (err.c)");
+ int_error_hash = lh_new(err_hash, err_cmp);
+ CRYPTO_pop_info();
+ }
+ if (int_error_hash)
+ ret = int_error_hash;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+ return ret;
+}
+
+static void int_err_del(void)
+{
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+ if (int_error_hash) {
+ lh_free(int_error_hash);
+ int_error_hash = NULL;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+}
+
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
+{
+ ERR_STRING_DATA *p;
+ LHASH *hash;
+
+ err_fns_check();
+ hash = ERRFN(err_get) (0);
+ if (!hash)
+ return NULL;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+ p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+ return p;
+}
+
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
+{
+ ERR_STRING_DATA *p;
+ LHASH *hash;
+
+ err_fns_check();
+ hash = ERRFN(err_get) (1);
+ if (!hash)
+ return NULL;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+ p = (ERR_STRING_DATA *)lh_insert(hash, d);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+ return p;
+}
+
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
+{
+ ERR_STRING_DATA *p;
+ LHASH *hash;
+
+ err_fns_check();
+ hash = ERRFN(err_get) (0);
+ if (!hash)
+ return NULL;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+ p = (ERR_STRING_DATA *)lh_delete(hash, d);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+ return p;
+}
+
+static LHASH *int_thread_get(int create)
+{
+ LHASH *ret = NULL;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+ if (!int_thread_hash && create) {
+ CRYPTO_push_info("int_thread_get (err.c)");
+ int_thread_hash = lh_new(pid_hash, pid_cmp);
+ CRYPTO_pop_info();
+ }
+ if (int_thread_hash) {
+ int_thread_hash_references++;
+ ret = int_thread_hash;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+ return ret;
+}
+
+static void int_thread_release(LHASH **hash)
+{
+ int i;
+
+ if (hash == NULL || *hash == NULL)
+ return;
+
+ i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
+
+#ifdef REF_PRINT
+ fprintf(stderr, "%4d:%s\n", int_thread_hash_references, "ERR");
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "int_thread_release, bad reference count\n");
+ abort(); /* ok */
+ }
+#endif
+ *hash = NULL;
+}
+
+static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
+{
+ ERR_STATE *p;
+ LHASH *hash;
+
+ err_fns_check();
+ hash = ERRFN(thread_get) (0);
+ if (!hash)
+ return NULL;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+ p = (ERR_STATE *)lh_retrieve(hash, d);
+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+ ERRFN(thread_release) (&hash);
+ return p;
+}
+
+static ERR_STATE *int_thread_set_item(ERR_STATE *d)
+{
+ ERR_STATE *p;
+ LHASH *hash;
+
+ err_fns_check();
+ hash = ERRFN(thread_get) (1);
+ if (!hash)
+ return NULL;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+ p = (ERR_STATE *)lh_insert(hash, d);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+ ERRFN(thread_release) (&hash);
+ return p;
+}
+
+static void int_thread_del_item(const ERR_STATE *d)
+{
+ ERR_STATE *p;
+ LHASH *hash;
+
+ err_fns_check();
+ hash = ERRFN(thread_get) (0);
+ if (!hash)
+ return;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+ p = (ERR_STATE *)lh_delete(hash, d);
+ /* make sure we don't leak memory */
+ if (int_thread_hash_references == 1
+ && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) {
+ lh_free(int_thread_hash);
+ int_thread_hash = NULL;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+ ERRFN(thread_release) (&hash);
+ if (p)
+ ERR_STATE_free(p);
+}
+
+static int int_err_get_next_lib(void)
+{
+ int ret;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+ ret = int_err_library_number++;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+ return ret;
+}
+
+static void ERR_STATE_free(ERR_STATE *s)
+{
+ int i;
+
+ if (s == NULL)
+ return;
+
+ for (i = 0; i < ERR_NUM_ERRORS; i++) {
+ err_clear_data(s, i);
+ }
+ OPENSSL_free(s);
+}
+
+static void err_load_strings(int lib, ERR_STRING_DATA *str)
+{
+ while (str->error) {
+ if (lib)
+ str->error |= ERR_PACK(lib, 0, 0);
+ ERRFN(err_set_item) (str);
+ str++;
+ }
+}
+
+void ERR_load_strings(int lib, ERR_STRING_DATA *str)
+{
+ err_fns_check();
+ err_load_strings(lib, str);
+}
+
+void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+{
+ while (str->error) {
+ if (lib)
+ str->error |= ERR_PACK(lib, 0, 0);
+ ERRFN(err_del_item) (str);
+ str++;
+ }
+}
+
+void ERR_free_strings(void)
+{
+ err_fns_check();
+ ERRFN(err_del) ();
+}
+
+LHASH *ERR_get_string_table(void)
+{
+ err_fns_check();
+ return ERRFN(err_get) (0);
+}
+
+LHASH *ERR_get_err_state_table(void)
+{
+ err_fns_check();
+ return ERRFN(thread_get) (0);
+}
+
+void ERR_release_err_state_table(LHASH **hash)
+{
+ err_fns_check();
+ ERRFN(thread_release) (hash);
+}
+
+const char *ERR_lib_error_string(unsigned long e)
+{
+ ERR_STRING_DATA d, *p;
+ unsigned long l;
+
+ err_fns_check();
+ l = ERR_GET_LIB(e);
+ d.error = ERR_PACK(l, 0, 0);
+ p = ERRFN(err_get_item) (&d);
+ return ((p == NULL) ? NULL : p->string);
+}
+
+const char *ERR_func_error_string(unsigned long e)
+{
+ ERR_STRING_DATA d, *p;
+ unsigned long l, f;
+
+ err_fns_check();
+ l = ERR_GET_LIB(e);
+ f = ERR_GET_FUNC(e);
+ d.error = ERR_PACK(l, f, 0);
+ p = ERRFN(err_get_item) (&d);
+ return ((p == NULL) ? NULL : p->string);
+}
+
+const char *ERR_reason_error_string(unsigned long e)
+{
+ ERR_STRING_DATA d, *p = NULL;
+ unsigned long l, r;
+
+ err_fns_check();
+ l = ERR_GET_LIB(e);
+ r = ERR_GET_REASON(e);
+ d.error = ERR_PACK(l, 0, r);
+ p = ERRFN(err_get_item) (&d);
+ if (!p) {
+ d.error = ERR_PACK(0, 0, r);
+ p = ERRFN(err_get_item) (&d);
+ }
+ return ((p == NULL) ? NULL : p->string);
+}
+
+/* static unsigned long err_hash(ERR_STRING_DATA *a) */
+static unsigned long err_hash(const void *a_void)
+{
+ unsigned long ret, l;
+
+ l = ((const ERR_STRING_DATA *)a_void)->error;
+ ret = l ^ ERR_GET_LIB(l) ^ ERR_GET_FUNC(l);
+ return (ret ^ ret % 19 * 13);
+}
+
+/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */
+static int err_cmp(const void *a_void, const void *b_void)
+{
+ return ((int)(((const ERR_STRING_DATA *)a_void)->error -
+ ((const ERR_STRING_DATA *)b_void)->error));
+}
+
+/* static unsigned long pid_hash(ERR_STATE *a) */
+static unsigned long pid_hash(const void *a_void)
+{
+ return (((const ERR_STATE *)a_void)->pid * 13);
+}
+
+/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */
+static int pid_cmp(const void *a_void, const void *b_void)
+{
+ return ((int)((long)((const ERR_STATE *)a_void)->pid -
+ (long)((const ERR_STATE *)b_void)->pid));
+}
+
+#ifdef OPENSSL_FIPS
+static void int_err_remove_state(unsigned long pid)
+#else
+void ERR_remove_state(unsigned long pid)
+#endif
+{
+ ERR_STATE tmp;
+
+ err_fns_check();
+ if (pid == 0)
+ pid = (unsigned long)CRYPTO_thread_id();
+ tmp.pid = pid;
+ /*
+ * thread_del_item automatically destroys the LHASH if the number of
+ * items reaches zero.
+ */
+ ERRFN(thread_del_item) (&tmp);
+}
+
+#ifdef OPENSSL_FIPS
+static ERR_STATE *int_err_get_state(void)
+#else
+ERR_STATE *ERR_get_state(void)
+#endif
+{
+ static ERR_STATE fallback;
+ ERR_STATE *ret, tmp, *tmpp = NULL;
+ int i;
+ unsigned long pid;
+
+ err_fns_check();
+ pid = (unsigned long)CRYPTO_thread_id();
+ tmp.pid = pid;
+ ret = ERRFN(thread_get_item) (&tmp);
+
+ /* ret == the error state, if NULL, make a new one */
+ if (ret == NULL) {
+ ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
+ if (ret == NULL)
+ return (&fallback);
+ ret->pid = pid;
+ ret->top = 0;
+ ret->bottom = 0;
+ for (i = 0; i < ERR_NUM_ERRORS; i++) {
+ ret->err_data[i] = NULL;
+ ret->err_data_flags[i] = 0;
+ }
+ tmpp = ERRFN(thread_set_item) (ret);
+ /* To check if insertion failed, do a get. */
+ if (ERRFN(thread_get_item) (ret) != ret) {
+ ERR_STATE_free(ret); /* could not insert it */
+ return (&fallback);
+ }
+ /*
+ * If a race occured in this function and we came second, tmpp is the
+ * first one that we just replaced.
+ */
+ if (tmpp)
+ ERR_STATE_free(tmpp);
+ }
+ return ret;
+}
+
+#ifdef OPENSSL_FIPS
+void int_ERR_lib_init(void)
+{
+ int_ERR_set_state_func(int_err_get_state, int_err_remove_state);
+}
+#endif
+
+int ERR_get_next_error_library(void)
+{
+ err_fns_check();
+ return ERRFN(get_next_lib) ();
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/err/err_prn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/err/err_prn.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err_prn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,163 +0,0 @@
-/* crypto/err/err_prn.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-
-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
- void *u)
- {
- unsigned long l;
- char buf[256];
- char buf2[4096];
- const char *file,*data;
- int line,flags;
- unsigned long es;
-
- es=CRYPTO_thread_id();
- while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
- {
- ERR_error_string_n(l, buf, sizeof buf);
- BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
- file, line, (flags & ERR_TXT_STRING) ? data : "");
- if (cb(buf2, strlen(buf2), u) <= 0)
- break; /* abort outputting the error report */
- }
- }
-
-#ifndef OPENSSL_NO_FP_API
-static int print_fp(const char *str, size_t len, void *fp)
- {
- BIO bio;
-
- BIO_set(&bio,BIO_s_file());
- BIO_set_fp(&bio,fp,BIO_NOCLOSE);
-
- return BIO_printf(&bio, "%s", str);
- }
-void ERR_print_errors_fp(FILE *fp)
- {
- ERR_print_errors_cb(print_fp, fp);
- }
-#endif
-
-void ERR_error_string_n(unsigned long e, char *buf, size_t len)
- {
- char lsbuf[64], fsbuf[64], rsbuf[64];
- const char *ls,*fs,*rs;
- unsigned long l,f,r;
-
- l=ERR_GET_LIB(e);
- f=ERR_GET_FUNC(e);
- r=ERR_GET_REASON(e);
-
- ls=ERR_lib_error_string(e);
- fs=ERR_func_error_string(e);
- rs=ERR_reason_error_string(e);
-
- if (ls == NULL)
- BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
- if (fs == NULL)
- BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
- if (rs == NULL)
- BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
-
- BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf,
- fs?fs:fsbuf, rs?rs:rsbuf);
- if (strlen(buf) == len-1)
- {
- /* output may be truncated; make sure we always have 5
- * colon-separated fields, i.e. 4 colons ... */
-#define NUM_COLONS 4
- if (len > NUM_COLONS) /* ... if possible */
- {
- int i;
- char *s = buf;
-
- for (i = 0; i < NUM_COLONS; i++)
- {
- char *colon = strchr(s, ':');
- if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
- {
- /* set colon no. i at last possible position
- * (buf[len-1] is the terminating 0)*/
- colon = &buf[len-1] - NUM_COLONS + i;
- *colon = ':';
- }
- s = colon + 1;
- }
- }
- }
- }
-
-/* BAD for multi-threading: uses a local buffer if ret == NULL */
-/* ERR_error_string_n should be used instead for ret != NULL
- * as ERR_error_string cannot know how large the buffer is */
-char *ERR_error_string(unsigned long e, char *ret)
- {
- static char buf[256];
-
- if (ret == NULL) ret=buf;
- ERR_error_string_n(e, ret, 256);
-
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/err/err_prn.c (from rev 6976, vendor-crypto/openssl/dist/crypto/err/err_prn.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/err/err_prn.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err_prn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,166 @@
+/* crypto/err/err_prn.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
+ void *u)
+{
+ unsigned long l;
+ char buf[256];
+ char buf2[4096];
+ const char *file, *data;
+ int line, flags;
+ unsigned long es;
+
+ es = CRYPTO_thread_id();
+ while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
+ ERR_error_string_n(l, buf, sizeof buf);
+ BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
+ file, line, (flags & ERR_TXT_STRING) ? data : "");
+ if (cb(buf2, strlen(buf2), u) <= 0)
+ break; /* abort outputting the error report */
+ }
+}
+
+#ifndef OPENSSL_NO_FP_API
+static int print_fp(const char *str, size_t len, void *fp)
+{
+ BIO bio;
+
+ BIO_set(&bio, BIO_s_file());
+ BIO_set_fp(&bio, fp, BIO_NOCLOSE);
+
+ return BIO_printf(&bio, "%s", str);
+}
+
+void ERR_print_errors_fp(FILE *fp)
+{
+ ERR_print_errors_cb(print_fp, fp);
+}
+#endif
+
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+{
+ char lsbuf[64], fsbuf[64], rsbuf[64];
+ const char *ls, *fs, *rs;
+ unsigned long l, f, r;
+
+ l = ERR_GET_LIB(e);
+ f = ERR_GET_FUNC(e);
+ r = ERR_GET_REASON(e);
+
+ ls = ERR_lib_error_string(e);
+ fs = ERR_func_error_string(e);
+ rs = ERR_reason_error_string(e);
+
+ if (ls == NULL)
+ BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
+ if (fs == NULL)
+ BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
+ if (rs == NULL)
+ BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+
+ BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls ? ls : lsbuf,
+ fs ? fs : fsbuf, rs ? rs : rsbuf);
+ if (strlen(buf) == len - 1) {
+ /*
+ * output may be truncated; make sure we always have 5
+ * colon-separated fields, i.e. 4 colons ...
+ */
+#define NUM_COLONS 4
+ if (len > NUM_COLONS) { /* ... if possible */
+ int i;
+ char *s = buf;
+
+ for (i = 0; i < NUM_COLONS; i++) {
+ char *colon = strchr(s, ':');
+ if (colon == NULL || colon > &buf[len - 1] - NUM_COLONS + i) {
+ /*
+ * set colon no. i at last possible position (buf[len-1]
+ * is the terminating 0)
+ */
+ colon = &buf[len - 1] - NUM_COLONS + i;
+ *colon = ':';
+ }
+ s = colon + 1;
+ }
+ }
+ }
+}
+
+/* BAD for multi-threading: uses a local buffer if ret == NULL */
+/*
+ * ERR_error_string_n should be used instead for ret != NULL as
+ * ERR_error_string cannot know how large the buffer is
+ */
+char *ERR_error_string(unsigned long e, char *ret)
+{
+ static char buf[256];
+
+ if (ret == NULL)
+ ret = buf;
+ ERR_error_string_n(e, ret, 256);
+
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/err/err_str.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/err/err_str.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err_str.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,295 +0,0 @@
-/* crypto/err/err_str.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA ERR_str_libraries[]=
- {
-{ERR_PACK(ERR_LIB_NONE,0,0) ,"unknown library"},
-{ERR_PACK(ERR_LIB_SYS,0,0) ,"system library"},
-{ERR_PACK(ERR_LIB_BN,0,0) ,"bignum routines"},
-{ERR_PACK(ERR_LIB_RSA,0,0) ,"rsa routines"},
-{ERR_PACK(ERR_LIB_DH,0,0) ,"Diffie-Hellman routines"},
-{ERR_PACK(ERR_LIB_EVP,0,0) ,"digital envelope routines"},
-{ERR_PACK(ERR_LIB_BUF,0,0) ,"memory buffer routines"},
-{ERR_PACK(ERR_LIB_OBJ,0,0) ,"object identifier routines"},
-{ERR_PACK(ERR_LIB_PEM,0,0) ,"PEM routines"},
-{ERR_PACK(ERR_LIB_DSA,0,0) ,"dsa routines"},
-{ERR_PACK(ERR_LIB_X509,0,0) ,"x509 certificate routines"},
-{ERR_PACK(ERR_LIB_ASN1,0,0) ,"asn1 encoding routines"},
-{ERR_PACK(ERR_LIB_CONF,0,0) ,"configuration file routines"},
-{ERR_PACK(ERR_LIB_CRYPTO,0,0) ,"common libcrypto routines"},
-{ERR_PACK(ERR_LIB_EC,0,0) ,"elliptic curve routines"},
-{ERR_PACK(ERR_LIB_SSL,0,0) ,"SSL routines"},
-{ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"},
-{ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"},
-{ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"},
-{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"},
-{ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"},
-{ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"},
-{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"},
-{ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"},
-{ERR_PACK(ERR_LIB_FIPS,0,0) ,"FIPS routines"},
-{ERR_PACK(ERR_LIB_CMS,0,0) ,"CMS routines"},
-{ERR_PACK(ERR_LIB_JPAKE,0,0) ,"JPAKE routines"},
-{0,NULL},
- };
-
-static ERR_STRING_DATA ERR_str_functs[]=
- {
- {ERR_PACK(0,SYS_F_FOPEN,0), "fopen"},
- {ERR_PACK(0,SYS_F_CONNECT,0), "connect"},
- {ERR_PACK(0,SYS_F_GETSERVBYNAME,0), "getservbyname"},
- {ERR_PACK(0,SYS_F_SOCKET,0), "socket"},
- {ERR_PACK(0,SYS_F_IOCTLSOCKET,0), "ioctlsocket"},
- {ERR_PACK(0,SYS_F_BIND,0), "bind"},
- {ERR_PACK(0,SYS_F_LISTEN,0), "listen"},
- {ERR_PACK(0,SYS_F_ACCEPT,0), "accept"},
-#ifdef OPENSSL_SYS_WINDOWS
- {ERR_PACK(0,SYS_F_WSASTARTUP,0), "WSAstartup"},
-#endif
- {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"},
- {ERR_PACK(0,SYS_F_FREAD,0), "fread"},
- {0,NULL},
- };
-
-static ERR_STRING_DATA ERR_str_reasons[]=
- {
-{ERR_R_SYS_LIB ,"system lib"},
-{ERR_R_BN_LIB ,"BN lib"},
-{ERR_R_RSA_LIB ,"RSA lib"},
-{ERR_R_DH_LIB ,"DH lib"},
-{ERR_R_EVP_LIB ,"EVP lib"},
-{ERR_R_BUF_LIB ,"BUF lib"},
-{ERR_R_OBJ_LIB ,"OBJ lib"},
-{ERR_R_PEM_LIB ,"PEM lib"},
-{ERR_R_DSA_LIB ,"DSA lib"},
-{ERR_R_X509_LIB ,"X509 lib"},
-{ERR_R_ASN1_LIB ,"ASN1 lib"},
-{ERR_R_CONF_LIB ,"CONF lib"},
-{ERR_R_CRYPTO_LIB ,"CRYPTO lib"},
-{ERR_R_EC_LIB ,"EC lib"},
-{ERR_R_SSL_LIB ,"SSL lib"},
-{ERR_R_BIO_LIB ,"BIO lib"},
-{ERR_R_PKCS7_LIB ,"PKCS7 lib"},
-{ERR_R_X509V3_LIB ,"X509V3 lib"},
-{ERR_R_PKCS12_LIB ,"PKCS12 lib"},
-{ERR_R_RAND_LIB ,"RAND lib"},
-{ERR_R_DSO_LIB ,"DSO lib"},
-{ERR_R_ENGINE_LIB ,"ENGINE lib"},
-{ERR_R_OCSP_LIB ,"OCSP lib"},
-
-{ERR_R_NESTED_ASN1_ERROR ,"nested asn1 error"},
-{ERR_R_BAD_ASN1_OBJECT_HEADER ,"bad asn1 object header"},
-{ERR_R_BAD_GET_ASN1_OBJECT_CALL ,"bad get asn1 object call"},
-{ERR_R_EXPECTING_AN_ASN1_SEQUENCE ,"expecting an asn1 sequence"},
-{ERR_R_ASN1_LENGTH_MISMATCH ,"asn1 length mismatch"},
-{ERR_R_MISSING_ASN1_EOS ,"missing asn1 eos"},
-
-{ERR_R_FATAL ,"fatal"},
-{ERR_R_MALLOC_FAILURE ,"malloc failure"},
-{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"},
-{ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"},
-{ERR_R_INTERNAL_ERROR ,"internal error"},
-{ERR_R_DISABLED ,"called a function that was disabled at compile-time"},
-
-{0,NULL},
- };
-#endif
-
-#ifndef OPENSSL_NO_ERR
-#define NUM_SYS_STR_REASONS 127
-#define LEN_SYS_STR_REASON 32
-
-static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
-/* SYS_str_reasons is filled with copies of strerror() results at
- * initialization.
- * 'errno' values up to 127 should cover all usual errors,
- * others will be displayed numerically by ERR_error_string.
- * It is crucial that we have something for each reason code
- * that occurs in ERR_str_reasons, or bogus reason strings
- * will be returned for SYSerr, which always gets an errno
- * value and never one of those 'standard' reason codes. */
-
-static void build_SYS_str_reasons(void)
- {
- /* OPENSSL_malloc cannot be used here, use static storage instead */
- static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
- int i;
- static int init = 1;
-
- CRYPTO_r_lock(CRYPTO_LOCK_ERR);
- if (!init)
- {
- CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
- return;
- }
-
- CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
- CRYPTO_w_lock(CRYPTO_LOCK_ERR);
- if (!init)
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
- return;
- }
-
- for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
- {
- ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
-
- str->error = (unsigned long)i;
- if (str->string == NULL)
- {
- char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
- char *src = strerror(i);
- if (src != NULL)
- {
- strncpy(*dest, src, sizeof *dest);
- (*dest)[sizeof *dest - 1] = '\0';
- str->string = *dest;
- }
- }
- if (str->string == NULL)
- str->string = "unknown";
- }
-
- /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},
- * as required by ERR_load_strings. */
-
- init = 0;
-
- CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
- }
-#endif
-
-void ERR_load_ERR_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
- if (ERR_func_error_string(ERR_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,ERR_str_libraries);
- ERR_load_strings(0,ERR_str_reasons);
- ERR_load_strings(ERR_LIB_SYS,ERR_str_functs);
- build_SYS_str_reasons();
- ERR_load_strings(ERR_LIB_SYS,SYS_str_reasons);
- }
-#endif
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/err/err_str.c (from rev 6976, vendor-crypto/openssl/dist/crypto/err/err_str.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/err/err_str.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/err/err_str.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,289 @@
+/* crypto/err/err_str.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ERR_str_libraries[] = {
+ {ERR_PACK(ERR_LIB_NONE, 0, 0), "unknown library"},
+ {ERR_PACK(ERR_LIB_SYS, 0, 0), "system library"},
+ {ERR_PACK(ERR_LIB_BN, 0, 0), "bignum routines"},
+ {ERR_PACK(ERR_LIB_RSA, 0, 0), "rsa routines"},
+ {ERR_PACK(ERR_LIB_DH, 0, 0), "Diffie-Hellman routines"},
+ {ERR_PACK(ERR_LIB_EVP, 0, 0), "digital envelope routines"},
+ {ERR_PACK(ERR_LIB_BUF, 0, 0), "memory buffer routines"},
+ {ERR_PACK(ERR_LIB_OBJ, 0, 0), "object identifier routines"},
+ {ERR_PACK(ERR_LIB_PEM, 0, 0), "PEM routines"},
+ {ERR_PACK(ERR_LIB_DSA, 0, 0), "dsa routines"},
+ {ERR_PACK(ERR_LIB_X509, 0, 0), "x509 certificate routines"},
+ {ERR_PACK(ERR_LIB_ASN1, 0, 0), "asn1 encoding routines"},
+ {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"},
+ {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"},
+ {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"},
+ {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"},
+ {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"},
+ {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"},
+ {ERR_PACK(ERR_LIB_X509V3, 0, 0), "X509 V3 routines"},
+ {ERR_PACK(ERR_LIB_PKCS12, 0, 0), "PKCS12 routines"},
+ {ERR_PACK(ERR_LIB_RAND, 0, 0), "random number generator"},
+ {ERR_PACK(ERR_LIB_DSO, 0, 0), "DSO support routines"},
+ {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"},
+ {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"},
+ {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"},
+ {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"},
+ {ERR_PACK(ERR_LIB_JPAKE, 0, 0), "JPAKE routines"},
+ {0, NULL},
+};
+
+static ERR_STRING_DATA ERR_str_functs[] = {
+ {ERR_PACK(0, SYS_F_FOPEN, 0), "fopen"},
+ {ERR_PACK(0, SYS_F_CONNECT, 0), "connect"},
+ {ERR_PACK(0, SYS_F_GETSERVBYNAME, 0), "getservbyname"},
+ {ERR_PACK(0, SYS_F_SOCKET, 0), "socket"},
+ {ERR_PACK(0, SYS_F_IOCTLSOCKET, 0), "ioctlsocket"},
+ {ERR_PACK(0, SYS_F_BIND, 0), "bind"},
+ {ERR_PACK(0, SYS_F_LISTEN, 0), "listen"},
+ {ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"},
+# ifdef OPENSSL_SYS_WINDOWS
+ {ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"},
+# endif
+ {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"},
+ {ERR_PACK(0, SYS_F_FREAD, 0), "fread"},
+ {0, NULL},
+};
+
+static ERR_STRING_DATA ERR_str_reasons[] = {
+ {ERR_R_SYS_LIB, "system lib"},
+ {ERR_R_BN_LIB, "BN lib"},
+ {ERR_R_RSA_LIB, "RSA lib"},
+ {ERR_R_DH_LIB, "DH lib"},
+ {ERR_R_EVP_LIB, "EVP lib"},
+ {ERR_R_BUF_LIB, "BUF lib"},
+ {ERR_R_OBJ_LIB, "OBJ lib"},
+ {ERR_R_PEM_LIB, "PEM lib"},
+ {ERR_R_DSA_LIB, "DSA lib"},
+ {ERR_R_X509_LIB, "X509 lib"},
+ {ERR_R_ASN1_LIB, "ASN1 lib"},
+ {ERR_R_CONF_LIB, "CONF lib"},
+ {ERR_R_CRYPTO_LIB, "CRYPTO lib"},
+ {ERR_R_EC_LIB, "EC lib"},
+ {ERR_R_SSL_LIB, "SSL lib"},
+ {ERR_R_BIO_LIB, "BIO lib"},
+ {ERR_R_PKCS7_LIB, "PKCS7 lib"},
+ {ERR_R_X509V3_LIB, "X509V3 lib"},
+ {ERR_R_PKCS12_LIB, "PKCS12 lib"},
+ {ERR_R_RAND_LIB, "RAND lib"},
+ {ERR_R_DSO_LIB, "DSO lib"},
+ {ERR_R_ENGINE_LIB, "ENGINE lib"},
+ {ERR_R_OCSP_LIB, "OCSP lib"},
+
+ {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},
+ {ERR_R_BAD_ASN1_OBJECT_HEADER, "bad asn1 object header"},
+ {ERR_R_BAD_GET_ASN1_OBJECT_CALL, "bad get asn1 object call"},
+ {ERR_R_EXPECTING_AN_ASN1_SEQUENCE, "expecting an asn1 sequence"},
+ {ERR_R_ASN1_LENGTH_MISMATCH, "asn1 length mismatch"},
+ {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"},
+
+ {ERR_R_FATAL, "fatal"},
+ {ERR_R_MALLOC_FAILURE, "malloc failure"},
+ {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
+ "called a function you should not call"},
+ {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"},
+ {ERR_R_INTERNAL_ERROR, "internal error"},
+ {ERR_R_DISABLED, "called a function that was disabled at compile-time"},
+
+ {0, NULL},
+};
+#endif
+
+#ifndef OPENSSL_NO_ERR
+# define NUM_SYS_STR_REASONS 127
+# define LEN_SYS_STR_REASON 32
+
+static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
+/*
+ * SYS_str_reasons is filled with copies of strerror() results at
+ * initialization. 'errno' values up to 127 should cover all usual errors,
+ * others will be displayed numerically by ERR_error_string. It is crucial
+ * that we have something for each reason code that occurs in
+ * ERR_str_reasons, or bogus reason strings will be returned for SYSerr,
+ * which always gets an errno value and never one of those 'standard' reason
+ * codes.
+ */
+
+static void build_SYS_str_reasons(void)
+{
+ /* OPENSSL_malloc cannot be used here, use static storage instead */
+ static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+ int i;
+ static int init = 1;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+ if (!init) {
+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+ return;
+ }
+
+ CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+ CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+ if (!init) {
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+ return;
+ }
+
+ for (i = 1; i <= NUM_SYS_STR_REASONS; i++) {
+ ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
+
+ str->error = (unsigned long)i;
+ if (str->string == NULL) {
+ char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
+ char *src = strerror(i);
+ if (src != NULL) {
+ strncpy(*dest, src, sizeof *dest);
+ (*dest)[sizeof *dest - 1] = '\0';
+ str->string = *dest;
+ }
+ }
+ if (str->string == NULL)
+ str->string = "unknown";
+ }
+
+ /*
+ * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as
+ * required by ERR_load_strings.
+ */
+
+ init = 0;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+}
+#endif
+
+void ERR_load_ERR_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+ if (ERR_func_error_string(ERR_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, ERR_str_libraries);
+ ERR_load_strings(0, ERR_str_reasons);
+ ERR_load_strings(ERR_LIB_SYS, ERR_str_functs);
+ build_SYS_str_reasons();
+ ERR_load_strings(ERR_LIB_SYS, SYS_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/Makefile
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/Makefile 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/Makefile 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,728 +0,0 @@
-#
-# OpenSSL/crypto/evp/Makefile
-#
-
-DIR= evp
-TOP= ../..
-CC= cc
-INCLUDES= -I.. -I$(TOP) -I../../include
-CFLAG=-g
-MAKEFILE= Makefile
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=evp_test.c
-TESTDATA=evptests.txt
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
- e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
- e_rc4.c e_aes.c names.c e_seed.c \
- e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c enc_min.c \
- m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
- m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
- p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
- bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
- c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
- evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
- e_old.c
-
-LIBOBJ= encode.o digest.o dig_eng.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
- e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
- e_rc4.o e_aes.o names.o e_seed.o \
- e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o enc_min.o \
- m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
- m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
- p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
- bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
- c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
- evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
- e_old.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= evp.h
-HEADER= $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-all: lib
-
-lib: $(LIBOBJ)
- $(ARX) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
- @touch lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
- cp $(TESTDATA) ../../test
- @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
-
-install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-
-tags:
- ctags $(SRC)
-
-tests:
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h
-bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_b64.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bio_b64.o: ../cryptlib.h bio_b64.c
-bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h
-bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-bio_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bio_enc.o: ../cryptlib.h bio_enc.c
-bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_md.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_md.c
-bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-bio_ok.o: ../cryptlib.h bio_ok.c
-c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-c_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_all.c
-c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_allc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_allc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-c_allc.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c
-c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-c_alld.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-c_alld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
-c_alld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c
-dig_eng.o: ../../e_os.h ../../include/openssl/asn1.h
-dig_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-dig_eng.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-dig_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-dig_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-dig_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-dig_eng.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-dig_eng.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-dig_eng.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-dig_eng.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-dig_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-dig_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-dig_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-dig_eng.o: ../cryptlib.h dig_eng.c evp_locl.h
-digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h digest.c evp_locl.h
-e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
-e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
-e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_aes.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-e_aes.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_aes.o: ../../include/openssl/symhacks.h e_aes.c evp_locl.h
-e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
-e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_bf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_bf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_bf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_bf.o: ../cryptlib.h e_bf.c evp_locl.h
-e_camellia.o: ../../include/openssl/opensslconf.h e_camellia.c
-e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
-e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_cast.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_cast.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_cast.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_cast.o: ../cryptlib.h e_cast.c evp_locl.h
-e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-e_des.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_des.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-e_des.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_des.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-e_des.o: ../cryptlib.h e_des.c evp_locl.h
-e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_des3.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_des3.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-e_des3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_des3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-e_des3.o: ../cryptlib.h e_des3.c evp_locl.h
-e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_idea.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
-e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_idea.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_idea.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_idea.o: ../cryptlib.h e_idea.c evp_locl.h
-e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_null.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-e_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h e_null.c
-e_old.o: e_old.c
-e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h
-e_rc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_rc2.o: ../cryptlib.h e_rc2.c evp_locl.h
-e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
-e_rc4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_rc4.o: ../cryptlib.h e_rc4.c evp_locl.h
-e_rc5.o: ../../e_os.h ../../include/openssl/bio.h
-e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_rc5.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c
-e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_seed.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-e_seed.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-e_seed.o: e_seed.c
-e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
-e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
-e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
-e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-e_xcbc_d.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_xcbc_d.o: ../../include/openssl/opensslconf.h
-e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
-enc_min.o: ../../e_os.h ../../include/openssl/asn1.h
-enc_min.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-enc_min.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-enc_min.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-enc_min.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-enc_min.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-enc_min.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-enc_min.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-enc_min.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-enc_min.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-enc_min.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-enc_min.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-enc_min.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-enc_min.o: ../../include/openssl/x509_vfy.h ../cryptlib.h enc_min.c evp_locl.h
-encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-encode.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-encode.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-encode.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c
-evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
-evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
-evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-evp_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-evp_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-evp_cnf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-evp_cnf.o: ../cryptlib.h evp_cnf.c
-evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-evp_enc.o: ../../include/openssl/x509_vfy.h ../constant_time_locl.h
-evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
-evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_err.o: evp_err.c
-evp_key.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_key.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-evp_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
-evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-evp_key.o: ../cryptlib.h evp_key.c
-evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-evp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-evp_lib.o: ../cryptlib.h evp_lib.c
-evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-evp_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c
-evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
-evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-evp_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c
-m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_dss.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_dss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss.c
-m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_dss1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_dss1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss1.c
-m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
-m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-m_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-m_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ecdsa.c
-m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-m_md2.o: ../../include/openssl/md2.h ../../include/openssl/obj_mac.h
-m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md2.o: ../cryptlib.h evp_locl.h m_md2.c
-m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md4.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-m_md4.o: ../../include/openssl/md4.h ../../include/openssl/obj_mac.h
-m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md4.o: ../cryptlib.h evp_locl.h m_md4.c
-m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_md5.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-m_md5.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h
-m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_md5.o: ../cryptlib.h evp_locl.h m_md5.c
-m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h
-m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h m_mdc2.c
-m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_null.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_null.o: ../cryptlib.h m_null.c
-m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h
-m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-m_ripemd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h
-m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c
-m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_sha.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_sha.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_sha.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_sha.c
-m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-m_sha1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_sha1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_sha1.c
-names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-names.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-names.o: ../cryptlib.h names.c
-p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
-p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-p5_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c
-p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h
-p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
-p5_crpt2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p5_crpt2.o: ../../include/openssl/opensslconf.h
-p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt2.c
-p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_dec.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p_dec.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_dec.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p_dec.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_dec.o: ../cryptlib.h p_dec.c
-p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_enc.o: ../cryptlib.h p_enc.c
-p_lib.o: ../../e_os.h ../../include/openssl/asn1.h
-p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
-p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
-p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
-p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_lib.o: ../cryptlib.h p_lib.c
-p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_open.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p_open.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_open.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_open.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_open.c
-p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_seal.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p_seal.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_seal.o: ../cryptlib.h p_seal.c
-p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
-p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-p_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-p_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-p_sign.o: ../cryptlib.h p_sign.c
-p_verify.o: ../../e_os.h ../../include/openssl/asn1.h
-p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-p_verify.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-p_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/Makefile (from rev 6969, vendor-crypto/openssl/dist/crypto/evp/Makefile)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/Makefile (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/Makefile 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,727 @@
+#
+# OpenSSL/crypto/evp/Makefile
+#
+
+DIR= evp
+TOP= ../..
+CC= cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE= Makefile
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=evp_test.c
+TESTDATA=evptests.txt
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= encode.c digest.c dig_eng.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
+ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
+ e_rc4.c e_aes.c names.c e_seed.c \
+ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c enc_min.c \
+ m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
+ m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
+ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
+ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
+ e_old.c
+
+LIBOBJ= encode.o digest.o dig_eng.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
+ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
+ e_rc4.o e_aes.o names.o e_seed.o \
+ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o enc_min.o \
+ m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
+ m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
+ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
+ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+ c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
+ evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
+ e_old.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= evp.h
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(ARX) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+ @touch lib
+
+files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+links:
+ @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ cp $(TESTDATA) ../../test
+ @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+ $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h
+bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_b64.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_b64.o: ../cryptlib.h bio_b64.c
+bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_enc.o: ../cryptlib.h bio_enc.c
+bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_md.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_md.c
+bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_ok.o: ../cryptlib.h bio_ok.c
+c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+c_all.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+c_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_all.c
+c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_allc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_allc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+c_allc.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c
+c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_alld.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_alld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+c_alld.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c
+dig_eng.o: ../../e_os.h ../../include/openssl/asn1.h
+dig_eng.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+dig_eng.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+dig_eng.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+dig_eng.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+dig_eng.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dig_eng.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+dig_eng.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dig_eng.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dig_eng.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+dig_eng.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+dig_eng.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dig_eng.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+dig_eng.o: ../cryptlib.h dig_eng.c evp_locl.h
+digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+digest.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h digest.c evp_locl.h
+e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_aes.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_aes.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_aes.o: ../../include/openssl/symhacks.h e_aes.c evp_locl.h
+e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
+e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_bf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_bf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_bf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_bf.o: ../cryptlib.h e_bf.c evp_locl.h
+e_camellia.o: ../../include/openssl/opensslconf.h e_camellia.c
+e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cast.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_cast.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_cast.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_cast.o: ../cryptlib.h e_cast.c evp_locl.h
+e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_des.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_des.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_des.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+e_des.o: ../cryptlib.h e_des.c evp_locl.h
+e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des3.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des3.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_des3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_des3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+e_des3.o: ../cryptlib.h e_des3.c evp_locl.h
+e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_idea.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_idea.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_idea.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_idea.o: ../cryptlib.h e_idea.c evp_locl.h
+e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_null.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h e_null.c
+e_old.o: e_old.c
+e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h
+e_rc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_rc2.o: ../cryptlib.h e_rc2.c evp_locl.h
+e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
+e_rc4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_rc4.o: ../cryptlib.h e_rc4.c evp_locl.h
+e_rc5.o: ../../e_os.h ../../include/openssl/bio.h
+e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc5.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c
+e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_seed.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_seed.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_seed.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_seed.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_seed.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_seed.o: e_seed.c
+e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
+e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_xcbc_d.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_xcbc_d.o: ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
+enc_min.o: ../../e_os.h ../../include/openssl/asn1.h
+enc_min.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+enc_min.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+enc_min.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+enc_min.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+enc_min.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+enc_min.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+enc_min.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+enc_min.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+enc_min.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+enc_min.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+enc_min.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+enc_min.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+enc_min.o: ../../include/openssl/x509_vfy.h ../cryptlib.h enc_min.c evp_locl.h
+encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+encode.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+encode.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+encode.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c
+evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
+evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_cnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_cnf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+evp_cnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_cnf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+evp_cnf.o: ../cryptlib.h evp_cnf.c
+evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_enc.c evp_locl.h
+evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_err.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_err.o: evp_err.c
+evp_key.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_key.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_key.o: ../cryptlib.h evp_key.c
+evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_lib.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_lib.o: ../cryptlib.h evp_lib.c
+evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c
+evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+evp_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c
+m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_dss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_dss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss.c
+m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_dss1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss1.c
+m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
+m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ecdsa.c
+m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md2.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_md2.o: ../../include/openssl/md2.h ../../include/openssl/obj_mac.h
+m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md2.o: ../cryptlib.h evp_locl.h m_md2.c
+m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md4.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_md4.o: ../../include/openssl/md4.h ../../include/openssl/obj_mac.h
+m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md4.o: ../cryptlib.h evp_locl.h m_md4.c
+m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md5.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_md5.o: ../../include/openssl/md5.h ../../include/openssl/obj_mac.h
+m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md5.o: ../cryptlib.h evp_locl.h m_md5.c
+m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h
+m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h m_mdc2.c
+m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_null.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_null.o: ../cryptlib.h m_null.c
+m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h
+m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+m_ripemd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h
+m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c
+m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_sha.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_sha.c
+m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha1.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_sha1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_sha1.c
+names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+names.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+names.o: ../cryptlib.h names.c
+p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p5_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c
+p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/lhash.h
+p5_crpt2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_crpt2.o: ../../include/openssl/opensslconf.h
+p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt2.c
+p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_dec.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_dec.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_dec.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_dec.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_dec.o: ../cryptlib.h p_dec.c
+p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_enc.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_enc.o: ../cryptlib.h p_enc.c
+p_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_lib.o: ../cryptlib.h p_lib.c
+p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_open.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_open.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_open.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_open.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_open.c
+p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_seal.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_seal.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_seal.o: ../cryptlib.h p_seal.c
+p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_sign.o: ../cryptlib.h p_sign.c
+p_verify.o: ../../e_os.h ../../include/openssl/asn1.h
+p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p_verify.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
+p_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_b64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/bio_b64.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_b64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,599 +0,0 @@
-/* crypto/evp/bio_b64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-static int b64_write(BIO *h, const char *buf, int num);
-static int b64_read(BIO *h, char *buf, int size);
-static int b64_puts(BIO *h, const char *str);
-/*static int b64_gets(BIO *h, char *str, int size); */
-static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int b64_new(BIO *h);
-static int b64_free(BIO *data);
-static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
-#define B64_BLOCK_SIZE 1024
-#define B64_BLOCK_SIZE2 768
-#define B64_NONE 0
-#define B64_ENCODE 1
-#define B64_DECODE 2
-
-typedef struct b64_struct
- {
- /*BIO *bio; moved to the BIO structure */
- int buf_len;
- int buf_off;
- int tmp_len; /* used to find the start when decoding */
- int tmp_nl; /* If true, scan until '\n' */
- int encode;
- int start; /* have we started decoding yet? */
- int cont; /* <= 0 when finished */
- EVP_ENCODE_CTX base64;
- char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10];
- char tmp[B64_BLOCK_SIZE];
- } BIO_B64_CTX;
-
-static BIO_METHOD methods_b64=
- {
- BIO_TYPE_BASE64,"base64 encoding",
- b64_write,
- b64_read,
- b64_puts,
- NULL, /* b64_gets, */
- b64_ctrl,
- b64_new,
- b64_free,
- b64_callback_ctrl,
- };
-
-BIO_METHOD *BIO_f_base64(void)
- {
- return(&methods_b64);
- }
-
-static int b64_new(BIO *bi)
- {
- BIO_B64_CTX *ctx;
-
- ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX));
- if (ctx == NULL) return(0);
-
- ctx->buf_len=0;
- ctx->tmp_len=0;
- ctx->tmp_nl=0;
- ctx->buf_off=0;
- ctx->cont=1;
- ctx->start=1;
- ctx->encode=0;
-
- bi->init=1;
- bi->ptr=(char *)ctx;
- bi->flags=0;
- bi->num = 0;
- return(1);
- }
-
-static int b64_free(BIO *a)
- {
- if (a == NULL) return(0);
- OPENSSL_free(a->ptr);
- a->ptr=NULL;
- a->init=0;
- a->flags=0;
- return(1);
- }
-
-static int b64_read(BIO *b, char *out, int outl)
- {
- int ret=0,i,ii,j,k,x,n,num,ret_code=0;
- BIO_B64_CTX *ctx;
- unsigned char *p,*q;
-
- if (out == NULL) return(0);
- ctx=(BIO_B64_CTX *)b->ptr;
-
- if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
- BIO_clear_retry_flags(b);
-
- if (ctx->encode != B64_DECODE)
- {
- ctx->encode=B64_DECODE;
- ctx->buf_len=0;
- ctx->buf_off=0;
- ctx->tmp_len=0;
- EVP_DecodeInit(&(ctx->base64));
- }
-
- /* First check if there are bytes decoded/encoded */
- if (ctx->buf_len > 0)
- {
- OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
- i=ctx->buf_len-ctx->buf_off;
- if (i > outl) i=outl;
- OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
- memcpy(out,&(ctx->buf[ctx->buf_off]),i);
- ret=i;
- out+=i;
- outl-=i;
- ctx->buf_off+=i;
- if (ctx->buf_len == ctx->buf_off)
- {
- ctx->buf_len=0;
- ctx->buf_off=0;
- }
- }
-
- /* At this point, we have room of outl bytes and an empty
- * buffer, so we should read in some more. */
-
- ret_code=0;
- while (outl > 0)
- {
- if (ctx->cont <= 0)
- break;
-
- i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
- B64_BLOCK_SIZE-ctx->tmp_len);
-
- if (i <= 0)
- {
- ret_code=i;
-
- /* Should we continue next time we are called? */
- if (!BIO_should_retry(b->next_bio))
- {
- ctx->cont=i;
- /* If buffer empty break */
- if(ctx->tmp_len == 0)
- break;
- /* Fall through and process what we have */
- else
- i = 0;
- }
- /* else we retry and add more data to buffer */
- else
- break;
- }
- i+=ctx->tmp_len;
- ctx->tmp_len = i;
-
- /* We need to scan, a line at a time until we
- * have a valid line if we are starting. */
- if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL))
- {
- /* ctx->start=1; */
- ctx->tmp_len=0;
- }
- else if (ctx->start)
- {
- q=p=(unsigned char *)ctx->tmp;
- num = 0;
- for (j=0; j<i; j++)
- {
- if (*(q++) != '\n') continue;
-
- /* due to a previous very long line,
- * we need to keep on scanning for a '\n'
- * before we even start looking for
- * base64 encoded stuff. */
- if (ctx->tmp_nl)
- {
- p=q;
- ctx->tmp_nl=0;
- continue;
- }
-
- k=EVP_DecodeUpdate(&(ctx->base64),
- (unsigned char *)ctx->buf,
- &num,p,q-p);
- if ((k <= 0) && (num == 0) && (ctx->start))
- EVP_DecodeInit(&ctx->base64);
- else
- {
- if (p != (unsigned char *)
- &(ctx->tmp[0]))
- {
- i-=(p- (unsigned char *)
- &(ctx->tmp[0]));
- for (x=0; x < i; x++)
- ctx->tmp[x]=p[x];
- }
- EVP_DecodeInit(&ctx->base64);
- ctx->start=0;
- break;
- }
- p=q;
- }
-
- /* we fell off the end without starting */
- if ((j == i) && (num == 0))
- {
- /* Is this is one long chunk?, if so, keep on
- * reading until a new line. */
- if (p == (unsigned char *)&(ctx->tmp[0]))
- {
- /* Check buffer full */
- if (i == B64_BLOCK_SIZE)
- {
- ctx->tmp_nl=1;
- ctx->tmp_len=0;
- }
- }
- else if (p != q) /* finished on a '\n' */
- {
- n=q-p;
- for (ii=0; ii<n; ii++)
- ctx->tmp[ii]=p[ii];
- ctx->tmp_len=n;
- }
- /* else finished on a '\n' */
- continue;
- }
- else
- {
- ctx->tmp_len=0;
- }
- }
- else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
- {
- /* If buffer isn't full and we can retry then
- * restart to read in more data.
- */
- continue;
- }
-
- if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
- {
- int z,jj;
-
-#if 0
- jj=(i>>2)<<2;
-#else
- jj = i & ~3; /* process per 4 */
-#endif
- z=EVP_DecodeBlock((unsigned char *)ctx->buf,
- (unsigned char *)ctx->tmp,jj);
- if (jj > 2)
- {
- if (ctx->tmp[jj-1] == '=')
- {
- z--;
- if (ctx->tmp[jj-2] == '=')
- z--;
- }
- }
- /* z is now number of output bytes and jj is the
- * number consumed */
- if (jj != i)
- {
- memmove(ctx->tmp, &ctx->tmp[jj], i-jj);
- ctx->tmp_len=i-jj;
- }
- ctx->buf_len=0;
- if (z > 0)
- {
- ctx->buf_len=z;
- }
- i=z;
- }
- else
- {
- i=EVP_DecodeUpdate(&(ctx->base64),
- (unsigned char *)ctx->buf,&ctx->buf_len,
- (unsigned char *)ctx->tmp,i);
- ctx->tmp_len = 0;
- }
- ctx->buf_off=0;
- if (i < 0)
- {
- ret_code=0;
- ctx->buf_len=0;
- break;
- }
-
- if (ctx->buf_len <= outl)
- i=ctx->buf_len;
- else
- i=outl;
-
- memcpy(out,ctx->buf,i);
- ret+=i;
- ctx->buf_off=i;
- if (ctx->buf_off == ctx->buf_len)
- {
- ctx->buf_len=0;
- ctx->buf_off=0;
- }
- outl-=i;
- out+=i;
- }
- /* BIO_clear_retry_flags(b); */
- BIO_copy_next_retry(b);
- return((ret == 0)?ret_code:ret);
- }
-
-static int b64_write(BIO *b, const char *in, int inl)
- {
- int ret=0;
- int n;
- int i;
- BIO_B64_CTX *ctx;
-
- ctx=(BIO_B64_CTX *)b->ptr;
- BIO_clear_retry_flags(b);
-
- if (ctx->encode != B64_ENCODE)
- {
- ctx->encode=B64_ENCODE;
- ctx->buf_len=0;
- ctx->buf_off=0;
- ctx->tmp_len=0;
- EVP_EncodeInit(&(ctx->base64));
- }
-
- OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
- OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
- n=ctx->buf_len-ctx->buf_off;
- while (n > 0)
- {
- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- return(i);
- }
- OPENSSL_assert(i <= n);
- ctx->buf_off+=i;
- OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
- OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
- n-=i;
- }
- /* at this point all pending data has been written */
- ctx->buf_off=0;
- ctx->buf_len=0;
-
- if ((in == NULL) || (inl <= 0)) return(0);
-
- while (inl > 0)
- {
- n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
-
- if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
- {
- if (ctx->tmp_len > 0)
- {
- OPENSSL_assert(ctx->tmp_len <= 3);
- n=3-ctx->tmp_len;
- /* There's a theoretical possibility for this */
- if (n > inl)
- n=inl;
- memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
- ctx->tmp_len+=n;
- ret += n;
- if (ctx->tmp_len < 3)
- break;
- ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len);
- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
- OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
- /* Since we're now done using the temporary
- buffer, the length should be 0'd */
- ctx->tmp_len=0;
- }
- else
- {
- if (n < 3)
- {
- memcpy(ctx->tmp,in,n);
- ctx->tmp_len=n;
- ret += n;
- break;
- }
- n-=n%3;
- ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n);
- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
- OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
- ret += n;
- }
- }
- else
- {
- EVP_EncodeUpdate(&(ctx->base64),
- (unsigned char *)ctx->buf,&ctx->buf_len,
- (unsigned char *)in,n);
- OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
- OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
- ret += n;
- }
- inl-=n;
- in+=n;
-
- ctx->buf_off=0;
- n=ctx->buf_len;
- while (n > 0)
- {
- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- return((ret == 0)?i:ret);
- }
- OPENSSL_assert(i <= n);
- n-=i;
- ctx->buf_off+=i;
- OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
- OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
- }
- ctx->buf_len=0;
- ctx->buf_off=0;
- }
- return(ret);
- }
-
-static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- BIO_B64_CTX *ctx;
- long ret=1;
- int i;
-
- ctx=(BIO_B64_CTX *)b->ptr;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- ctx->cont=1;
- ctx->start=1;
- ctx->encode=B64_NONE;
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_EOF: /* More to read */
- if (ctx->cont <= 0)
- ret=1;
- else
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_WPENDING: /* More to write in buffer */
- OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
- ret=ctx->buf_len-ctx->buf_off;
- if ((ret == 0) && (ctx->encode != B64_NONE)
- && (ctx->base64.num != 0))
- ret=1;
- else if (ret <= 0)
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_PENDING: /* More to read in buffer */
- OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
- ret=ctx->buf_len-ctx->buf_off;
- if (ret <= 0)
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_FLUSH:
- /* do a final write */
-again:
- while (ctx->buf_len != ctx->buf_off)
- {
- i=b64_write(b,NULL,0);
- if (i < 0)
- return i;
- }
- if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
- {
- if (ctx->tmp_len != 0)
- {
- ctx->buf_len=EVP_EncodeBlock(
- (unsigned char *)ctx->buf,
- (unsigned char *)ctx->tmp,
- ctx->tmp_len);
- ctx->buf_off=0;
- ctx->tmp_len=0;
- goto again;
- }
- }
- else if (ctx->encode != B64_NONE && ctx->base64.num != 0)
- {
- ctx->buf_off=0;
- EVP_EncodeFinal(&(ctx->base64),
- (unsigned char *)ctx->buf,
- &(ctx->buf_len));
- /* push out the bytes */
- goto again;
- }
- /* Finally flush the underlying BIO */
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
-
- case BIO_C_DO_STATE_MACHINE:
- BIO_clear_retry_flags(b);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- BIO_copy_next_retry(b);
- break;
-
- case BIO_CTRL_DUP:
- break;
- case BIO_CTRL_INFO:
- case BIO_CTRL_GET:
- case BIO_CTRL_SET:
- default:
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- }
- return(ret);
- }
-
-static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- long ret=1;
-
- if (b->next_bio == NULL) return(0);
- switch (cmd)
- {
- default:
- ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
- break;
- }
- return(ret);
- }
-
-static int b64_puts(BIO *b, const char *str)
- {
- return b64_write(b,str,strlen(str));
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_b64.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/bio_b64.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_b64.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_b64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,573 @@
+/* crypto/evp/bio_b64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+static int b64_write(BIO *h, const char *buf, int num);
+static int b64_read(BIO *h, char *buf, int size);
+static int b64_puts(BIO *h, const char *str);
+/*
+ * static int b64_gets(BIO *h, char *str, int size);
+ */
+static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int b64_new(BIO *h);
+static int b64_free(BIO *data);
+static long b64_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+#define B64_BLOCK_SIZE 1024
+#define B64_BLOCK_SIZE2 768
+#define B64_NONE 0
+#define B64_ENCODE 1
+#define B64_DECODE 2
+
+typedef struct b64_struct {
+ /*
+ * BIO *bio; moved to the BIO structure
+ */
+ int buf_len;
+ int buf_off;
+ int tmp_len; /* used to find the start when decoding */
+ int tmp_nl; /* If true, scan until '\n' */
+ int encode;
+ int start; /* have we started decoding yet? */
+ int cont; /* <= 0 when finished */
+ EVP_ENCODE_CTX base64;
+ char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10];
+ char tmp[B64_BLOCK_SIZE];
+} BIO_B64_CTX;
+
+static BIO_METHOD methods_b64 = {
+ BIO_TYPE_BASE64, "base64 encoding",
+ b64_write,
+ b64_read,
+ b64_puts,
+ NULL, /* b64_gets, */
+ b64_ctrl,
+ b64_new,
+ b64_free,
+ b64_callback_ctrl,
+};
+
+BIO_METHOD *BIO_f_base64(void)
+{
+ return (&methods_b64);
+}
+
+static int b64_new(BIO *bi)
+{
+ BIO_B64_CTX *ctx;
+
+ ctx = (BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX));
+ if (ctx == NULL)
+ return (0);
+
+ ctx->buf_len = 0;
+ ctx->tmp_len = 0;
+ ctx->tmp_nl = 0;
+ ctx->buf_off = 0;
+ ctx->cont = 1;
+ ctx->start = 1;
+ ctx->encode = 0;
+
+ bi->init = 1;
+ bi->ptr = (char *)ctx;
+ bi->flags = 0;
+ bi->num = 0;
+ return (1);
+}
+
+static int b64_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ OPENSSL_free(a->ptr);
+ a->ptr = NULL;
+ a->init = 0;
+ a->flags = 0;
+ return (1);
+}
+
+static int b64_read(BIO *b, char *out, int outl)
+{
+ int ret = 0, i, ii, j, k, x, n, num, ret_code = 0;
+ BIO_B64_CTX *ctx;
+ unsigned char *p, *q;
+
+ if (out == NULL)
+ return (0);
+ ctx = (BIO_B64_CTX *)b->ptr;
+
+ if ((ctx == NULL) || (b->next_bio == NULL))
+ return (0);
+
+ BIO_clear_retry_flags(b);
+
+ if (ctx->encode != B64_DECODE) {
+ ctx->encode = B64_DECODE;
+ ctx->buf_len = 0;
+ ctx->buf_off = 0;
+ ctx->tmp_len = 0;
+ EVP_DecodeInit(&(ctx->base64));
+ }
+
+ /* First check if there are bytes decoded/encoded */
+ if (ctx->buf_len > 0) {
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ i = ctx->buf_len - ctx->buf_off;
+ if (i > outl)
+ i = outl;
+ OPENSSL_assert(ctx->buf_off + i < (int)sizeof(ctx->buf));
+ memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+ ret = i;
+ out += i;
+ outl -= i;
+ ctx->buf_off += i;
+ if (ctx->buf_len == ctx->buf_off) {
+ ctx->buf_len = 0;
+ ctx->buf_off = 0;
+ }
+ }
+
+ /*
+ * At this point, we have room of outl bytes and an empty buffer, so we
+ * should read in some more.
+ */
+
+ ret_code = 0;
+ while (outl > 0) {
+ if (ctx->cont <= 0)
+ break;
+
+ i = BIO_read(b->next_bio, &(ctx->tmp[ctx->tmp_len]),
+ B64_BLOCK_SIZE - ctx->tmp_len);
+
+ if (i <= 0) {
+ ret_code = i;
+
+ /* Should we continue next time we are called? */
+ if (!BIO_should_retry(b->next_bio)) {
+ ctx->cont = i;
+ /* If buffer empty break */
+ if (ctx->tmp_len == 0)
+ break;
+ /* Fall through and process what we have */
+ else
+ i = 0;
+ }
+ /* else we retry and add more data to buffer */
+ else
+ break;
+ }
+ i += ctx->tmp_len;
+ ctx->tmp_len = i;
+
+ /*
+ * We need to scan, a line at a time until we have a valid line if we
+ * are starting.
+ */
+ if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) {
+ /* ctx->start=1; */
+ ctx->tmp_len = 0;
+ } else if (ctx->start) {
+ q = p = (unsigned char *)ctx->tmp;
+ num = 0;
+ for (j = 0; j < i; j++) {
+ if (*(q++) != '\n')
+ continue;
+
+ /*
+ * due to a previous very long line, we need to keep on
+ * scanning for a '\n' before we even start looking for
+ * base64 encoded stuff.
+ */
+ if (ctx->tmp_nl) {
+ p = q;
+ ctx->tmp_nl = 0;
+ continue;
+ }
+
+ k = EVP_DecodeUpdate(&(ctx->base64),
+ (unsigned char *)ctx->buf,
+ &num, p, q - p);
+ if ((k <= 0) && (num == 0) && (ctx->start))
+ EVP_DecodeInit(&ctx->base64);
+ else {
+ if (p != (unsigned char *)
+ &(ctx->tmp[0])) {
+ i -= (p - (unsigned char *)
+ &(ctx->tmp[0]));
+ for (x = 0; x < i; x++)
+ ctx->tmp[x] = p[x];
+ }
+ EVP_DecodeInit(&ctx->base64);
+ ctx->start = 0;
+ break;
+ }
+ p = q;
+ }
+
+ /* we fell off the end without starting */
+ if ((j == i) && (num == 0)) {
+ /*
+ * Is this is one long chunk?, if so, keep on reading until a
+ * new line.
+ */
+ if (p == (unsigned char *)&(ctx->tmp[0])) {
+ /* Check buffer full */
+ if (i == B64_BLOCK_SIZE) {
+ ctx->tmp_nl = 1;
+ ctx->tmp_len = 0;
+ }
+ } else if (p != q) { /* finished on a '\n' */
+ n = q - p;
+ for (ii = 0; ii < n; ii++)
+ ctx->tmp[ii] = p[ii];
+ ctx->tmp_len = n;
+ }
+ /* else finished on a '\n' */
+ continue;
+ } else {
+ ctx->tmp_len = 0;
+ }
+ } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) {
+ /*
+ * If buffer isn't full and we can retry then restart to read in
+ * more data.
+ */
+ continue;
+ }
+
+ if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+ int z, jj;
+
+#if 0
+ jj = (i >> 2) << 2;
+#else
+ jj = i & ~3; /* process per 4 */
+#endif
+ z = EVP_DecodeBlock((unsigned char *)ctx->buf,
+ (unsigned char *)ctx->tmp, jj);
+ if (jj > 2) {
+ if (ctx->tmp[jj - 1] == '=') {
+ z--;
+ if (ctx->tmp[jj - 2] == '=')
+ z--;
+ }
+ }
+ /*
+ * z is now number of output bytes and jj is the number consumed
+ */
+ if (jj != i) {
+ memmove(ctx->tmp, &ctx->tmp[jj], i - jj);
+ ctx->tmp_len = i - jj;
+ }
+ ctx->buf_len = 0;
+ if (z > 0) {
+ ctx->buf_len = z;
+ }
+ i = z;
+ } else {
+ i = EVP_DecodeUpdate(&(ctx->base64),
+ (unsigned char *)ctx->buf, &ctx->buf_len,
+ (unsigned char *)ctx->tmp, i);
+ ctx->tmp_len = 0;
+ }
+ ctx->buf_off = 0;
+ if (i < 0) {
+ ret_code = 0;
+ ctx->buf_len = 0;
+ break;
+ }
+
+ if (ctx->buf_len <= outl)
+ i = ctx->buf_len;
+ else
+ i = outl;
+
+ memcpy(out, ctx->buf, i);
+ ret += i;
+ ctx->buf_off = i;
+ if (ctx->buf_off == ctx->buf_len) {
+ ctx->buf_len = 0;
+ ctx->buf_off = 0;
+ }
+ outl -= i;
+ out += i;
+ }
+ /* BIO_clear_retry_flags(b); */
+ BIO_copy_next_retry(b);
+ return ((ret == 0) ? ret_code : ret);
+}
+
+static int b64_write(BIO *b, const char *in, int inl)
+{
+ int ret = 0;
+ int n;
+ int i;
+ BIO_B64_CTX *ctx;
+
+ ctx = (BIO_B64_CTX *)b->ptr;
+ BIO_clear_retry_flags(b);
+
+ if (ctx->encode != B64_ENCODE) {
+ ctx->encode = B64_ENCODE;
+ ctx->buf_len = 0;
+ ctx->buf_off = 0;
+ ctx->tmp_len = 0;
+ EVP_EncodeInit(&(ctx->base64));
+ }
+
+ OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ n = ctx->buf_len - ctx->buf_off;
+ while (n > 0) {
+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ return (i);
+ }
+ OPENSSL_assert(i <= n);
+ ctx->buf_off += i;
+ OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ n -= i;
+ }
+ /* at this point all pending data has been written */
+ ctx->buf_off = 0;
+ ctx->buf_len = 0;
+
+ if ((in == NULL) || (inl <= 0))
+ return (0);
+
+ while (inl > 0) {
+ n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl;
+
+ if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+ if (ctx->tmp_len > 0) {
+ OPENSSL_assert(ctx->tmp_len <= 3);
+ n = 3 - ctx->tmp_len;
+ /*
+ * There's a theoretical possibility for this
+ */
+ if (n > inl)
+ n = inl;
+ memcpy(&(ctx->tmp[ctx->tmp_len]), in, n);
+ ctx->tmp_len += n;
+ ret += n;
+ if (ctx->tmp_len < 3)
+ break;
+ ctx->buf_len =
+ EVP_EncodeBlock((unsigned char *)ctx->buf,
+ (unsigned char *)ctx->tmp, ctx->tmp_len);
+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ /*
+ * Since we're now done using the temporary buffer, the
+ * length should be 0'd
+ */
+ ctx->tmp_len = 0;
+ } else {
+ if (n < 3) {
+ memcpy(ctx->tmp, in, n);
+ ctx->tmp_len = n;
+ ret += n;
+ break;
+ }
+ n -= n % 3;
+ ctx->buf_len =
+ EVP_EncodeBlock((unsigned char *)ctx->buf,
+ (const unsigned char *)in, n);
+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ ret += n;
+ }
+ } else {
+ EVP_EncodeUpdate(&(ctx->base64),
+ (unsigned char *)ctx->buf, &ctx->buf_len,
+ (unsigned char *)in, n);
+ OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ ret += n;
+ }
+ inl -= n;
+ in += n;
+
+ ctx->buf_off = 0;
+ n = ctx->buf_len;
+ while (n > 0) {
+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ return ((ret == 0) ? i : ret);
+ }
+ OPENSSL_assert(i <= n);
+ n -= i;
+ ctx->buf_off += i;
+ OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ }
+ ctx->buf_len = 0;
+ ctx->buf_off = 0;
+ }
+ return (ret);
+}
+
+static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ BIO_B64_CTX *ctx;
+ long ret = 1;
+ int i;
+
+ ctx = (BIO_B64_CTX *)b->ptr;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ ctx->cont = 1;
+ ctx->start = 1;
+ ctx->encode = B64_NONE;
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_EOF: /* More to read */
+ if (ctx->cont <= 0)
+ ret = 1;
+ else
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_WPENDING: /* More to write in buffer */
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ ret = ctx->buf_len - ctx->buf_off;
+ if ((ret == 0) && (ctx->encode != B64_NONE)
+ && (ctx->base64.num != 0))
+ ret = 1;
+ else if (ret <= 0)
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_PENDING: /* More to read in buffer */
+ OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+ ret = ctx->buf_len - ctx->buf_off;
+ if (ret <= 0)
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_FLUSH:
+ /* do a final write */
+ again:
+ while (ctx->buf_len != ctx->buf_off) {
+ i = b64_write(b, NULL, 0);
+ if (i < 0)
+ return i;
+ }
+ if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+ if (ctx->tmp_len != 0) {
+ ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf,
+ (unsigned char *)ctx->tmp,
+ ctx->tmp_len);
+ ctx->buf_off = 0;
+ ctx->tmp_len = 0;
+ goto again;
+ }
+ } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) {
+ ctx->buf_off = 0;
+ EVP_EncodeFinal(&(ctx->base64),
+ (unsigned char *)ctx->buf, &(ctx->buf_len));
+ /* push out the bytes */
+ goto again;
+ }
+ /* Finally flush the underlying BIO */
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+
+ case BIO_C_DO_STATE_MACHINE:
+ BIO_clear_retry_flags(b);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ BIO_copy_next_retry(b);
+ break;
+
+ case BIO_CTRL_DUP:
+ break;
+ case BIO_CTRL_INFO:
+ case BIO_CTRL_GET:
+ case BIO_CTRL_SET:
+ default:
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ }
+ return (ret);
+}
+
+static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+ long ret = 1;
+
+ if (b->next_bio == NULL)
+ return (0);
+ switch (cmd) {
+ default:
+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+ break;
+ }
+ return (ret);
+}
+
+static int b64_puts(BIO *b, const char *str)
+{
+ return b64_write(b, str, strlen(str));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/bio_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,426 +0,0 @@
-/* crypto/evp/bio_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-static int enc_write(BIO *h, const char *buf, int num);
-static int enc_read(BIO *h, char *buf, int size);
-/*static int enc_puts(BIO *h, const char *str); */
-/*static int enc_gets(BIO *h, char *str, int size); */
-static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int enc_new(BIO *h);
-static int enc_free(BIO *data);
-static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
-#define ENC_BLOCK_SIZE (1024*4)
-#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2)
-
-typedef struct enc_struct
- {
- int buf_len;
- int buf_off;
- int cont; /* <= 0 when finished */
- int finished;
- int ok; /* bad decrypt */
- EVP_CIPHER_CTX cipher;
- /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate
- * can return up to a block more data than is presented to it
- */
- char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2];
- } BIO_ENC_CTX;
-
-static BIO_METHOD methods_enc=
- {
- BIO_TYPE_CIPHER,"cipher",
- enc_write,
- enc_read,
- NULL, /* enc_puts, */
- NULL, /* enc_gets, */
- enc_ctrl,
- enc_new,
- enc_free,
- enc_callback_ctrl,
- };
-
-BIO_METHOD *BIO_f_cipher(void)
- {
- return(&methods_enc);
- }
-
-static int enc_new(BIO *bi)
- {
- BIO_ENC_CTX *ctx;
-
- ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
- if (ctx == NULL) return(0);
- EVP_CIPHER_CTX_init(&ctx->cipher);
-
- ctx->buf_len=0;
- ctx->buf_off=0;
- ctx->cont=1;
- ctx->finished=0;
- ctx->ok=1;
-
- bi->init=0;
- bi->ptr=(char *)ctx;
- bi->flags=0;
- return(1);
- }
-
-static int enc_free(BIO *a)
- {
- BIO_ENC_CTX *b;
-
- if (a == NULL) return(0);
- b=(BIO_ENC_CTX *)a->ptr;
- EVP_CIPHER_CTX_cleanup(&(b->cipher));
- OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
- OPENSSL_free(a->ptr);
- a->ptr=NULL;
- a->init=0;
- a->flags=0;
- return(1);
- }
-
-static int enc_read(BIO *b, char *out, int outl)
- {
- int ret=0,i;
- BIO_ENC_CTX *ctx;
-
- if (out == NULL) return(0);
- ctx=(BIO_ENC_CTX *)b->ptr;
-
- if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
- /* First check if there are bytes decoded/encoded */
- if (ctx->buf_len > 0)
- {
- i=ctx->buf_len-ctx->buf_off;
- if (i > outl) i=outl;
- memcpy(out,&(ctx->buf[ctx->buf_off]),i);
- ret=i;
- out+=i;
- outl-=i;
- ctx->buf_off+=i;
- if (ctx->buf_len == ctx->buf_off)
- {
- ctx->buf_len=0;
- ctx->buf_off=0;
- }
- }
-
- /* At this point, we have room of outl bytes and an empty
- * buffer, so we should read in some more. */
-
- while (outl > 0)
- {
- if (ctx->cont <= 0) break;
-
- /* read in at IV offset, read the EVP_Cipher
- * documentation about why */
- i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE);
-
- if (i <= 0)
- {
- /* Should be continue next time we are called? */
- if (!BIO_should_retry(b->next_bio))
- {
- ctx->cont=i;
- i=EVP_CipherFinal_ex(&(ctx->cipher),
- (unsigned char *)ctx->buf,
- &(ctx->buf_len));
- ctx->ok=i;
- ctx->buf_off=0;
- }
- else
- {
- ret=(ret == 0)?i:ret;
- break;
- }
- }
- else
- {
- EVP_CipherUpdate(&(ctx->cipher),
- (unsigned char *)ctx->buf,&ctx->buf_len,
- (unsigned char *)&(ctx->buf[BUF_OFFSET]),i);
- ctx->cont=1;
- /* Note: it is possible for EVP_CipherUpdate to
- * decrypt zero bytes because this is or looks like
- * the final block: if this happens we should retry
- * and either read more data or decrypt the final
- * block
- */
- if(ctx->buf_len == 0) continue;
- }
-
- if (ctx->buf_len <= outl)
- i=ctx->buf_len;
- else
- i=outl;
- if (i <= 0) break;
- memcpy(out,ctx->buf,i);
- ret+=i;
- ctx->buf_off=i;
- outl-=i;
- out+=i;
- }
-
- BIO_clear_retry_flags(b);
- BIO_copy_next_retry(b);
- return((ret == 0)?ctx->cont:ret);
- }
-
-static int enc_write(BIO *b, const char *in, int inl)
- {
- int ret=0,n,i;
- BIO_ENC_CTX *ctx;
-
- ctx=(BIO_ENC_CTX *)b->ptr;
- ret=inl;
-
- BIO_clear_retry_flags(b);
- n=ctx->buf_len-ctx->buf_off;
- while (n > 0)
- {
- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- return(i);
- }
- ctx->buf_off+=i;
- n-=i;
- }
- /* at this point all pending data has been written */
-
- if ((in == NULL) || (inl <= 0)) return(0);
-
- ctx->buf_off=0;
- while (inl > 0)
- {
- n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
- EVP_CipherUpdate(&(ctx->cipher),
- (unsigned char *)ctx->buf,&ctx->buf_len,
- (unsigned char *)in,n);
- inl-=n;
- in+=n;
-
- ctx->buf_off=0;
- n=ctx->buf_len;
- while (n > 0)
- {
- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- return (ret == inl) ? i : ret - inl;
- }
- n-=i;
- ctx->buf_off+=i;
- }
- ctx->buf_len=0;
- ctx->buf_off=0;
- }
- BIO_copy_next_retry(b);
- return(ret);
- }
-
-static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- BIO *dbio;
- BIO_ENC_CTX *ctx,*dctx;
- long ret=1;
- int i;
- EVP_CIPHER_CTX **c_ctx;
-
- ctx=(BIO_ENC_CTX *)b->ptr;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- ctx->ok=1;
- ctx->finished=0;
- EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
- ctx->cipher.encrypt);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_EOF: /* More to read */
- if (ctx->cont <= 0)
- ret=1;
- else
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_WPENDING:
- ret=ctx->buf_len-ctx->buf_off;
- if (ret <= 0)
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_PENDING: /* More to read in buffer */
- ret=ctx->buf_len-ctx->buf_off;
- if (ret <= 0)
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_FLUSH:
- /* do a final write */
-again:
- while (ctx->buf_len != ctx->buf_off)
- {
- i=enc_write(b,NULL,0);
- if (i < 0)
- return i;
- }
-
- if (!ctx->finished)
- {
- ctx->finished=1;
- ctx->buf_off=0;
- ret=EVP_CipherFinal_ex(&(ctx->cipher),
- (unsigned char *)ctx->buf,
- &(ctx->buf_len));
- ctx->ok=(int)ret;
- if (ret <= 0) break;
-
- /* push out the bytes */
- goto again;
- }
-
- /* Finally flush the underlying BIO */
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_C_GET_CIPHER_STATUS:
- ret=(long)ctx->ok;
- break;
- case BIO_C_DO_STATE_MACHINE:
- BIO_clear_retry_flags(b);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- BIO_copy_next_retry(b);
- break;
- case BIO_C_GET_CIPHER_CTX:
- c_ctx=(EVP_CIPHER_CTX **)ptr;
- (*c_ctx)= &(ctx->cipher);
- b->init=1;
- break;
- case BIO_CTRL_DUP:
- dbio=(BIO *)ptr;
- dctx=(BIO_ENC_CTX *)dbio->ptr;
- memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
- dbio->init=1;
- break;
- default:
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- }
- return(ret);
- }
-
-static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- long ret=1;
-
- if (b->next_bio == NULL) return(0);
- switch (cmd)
- {
- default:
- ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
- break;
- }
- return(ret);
- }
-
-/*
-void BIO_set_cipher_ctx(b,c)
-BIO *b;
-EVP_CIPHER_ctx *c;
- {
- if (b == NULL) return;
-
- if ((b->callback != NULL) &&
- (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
- return;
-
- b->init=1;
- ctx=(BIO_ENC_CTX *)b->ptr;
- memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
-
- if (b->callback != NULL)
- b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
- }
-*/
-
-void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
- const unsigned char *i, int e)
- {
- BIO_ENC_CTX *ctx;
-
- if (b == NULL) return;
-
- if ((b->callback != NULL) &&
- (b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0))
- return;
-
- b->init=1;
- ctx=(BIO_ENC_CTX *)b->ptr;
- EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);
-
- if (b->callback != NULL)
- b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/bio_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,426 @@
+/* crypto/evp/bio_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+static int enc_write(BIO *h, const char *buf, int num);
+static int enc_read(BIO *h, char *buf, int size);
+/*
+ * static int enc_puts(BIO *h, const char *str);
+ */
+/*
+ * static int enc_gets(BIO *h, char *str, int size);
+ */
+static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int enc_new(BIO *h);
+static int enc_free(BIO *data);
+static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
+#define ENC_BLOCK_SIZE (1024*4)
+#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2)
+
+typedef struct enc_struct {
+ int buf_len;
+ int buf_off;
+ int cont; /* <= 0 when finished */
+ int finished;
+ int ok; /* bad decrypt */
+ EVP_CIPHER_CTX cipher;
+ /*
+ * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
+ * up to a block more data than is presented to it
+ */
+ char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2];
+} BIO_ENC_CTX;
+
+static BIO_METHOD methods_enc = {
+ BIO_TYPE_CIPHER, "cipher",
+ enc_write,
+ enc_read,
+ NULL, /* enc_puts, */
+ NULL, /* enc_gets, */
+ enc_ctrl,
+ enc_new,
+ enc_free,
+ enc_callback_ctrl,
+};
+
+BIO_METHOD *BIO_f_cipher(void)
+{
+ return (&methods_enc);
+}
+
+static int enc_new(BIO *bi)
+{
+ BIO_ENC_CTX *ctx;
+
+ ctx = (BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
+ if (ctx == NULL)
+ return (0);
+ EVP_CIPHER_CTX_init(&ctx->cipher);
+
+ ctx->buf_len = 0;
+ ctx->buf_off = 0;
+ ctx->cont = 1;
+ ctx->finished = 0;
+ ctx->ok = 1;
+
+ bi->init = 0;
+ bi->ptr = (char *)ctx;
+ bi->flags = 0;
+ return (1);
+}
+
+static int enc_free(BIO *a)
+{
+ BIO_ENC_CTX *b;
+
+ if (a == NULL)
+ return (0);
+ b = (BIO_ENC_CTX *)a->ptr;
+ EVP_CIPHER_CTX_cleanup(&(b->cipher));
+ OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX));
+ OPENSSL_free(a->ptr);
+ a->ptr = NULL;
+ a->init = 0;
+ a->flags = 0;
+ return (1);
+}
+
+static int enc_read(BIO *b, char *out, int outl)
+{
+ int ret = 0, i;
+ BIO_ENC_CTX *ctx;
+
+ if (out == NULL)
+ return (0);
+ ctx = (BIO_ENC_CTX *)b->ptr;
+
+ if ((ctx == NULL) || (b->next_bio == NULL))
+ return (0);
+
+ /* First check if there are bytes decoded/encoded */
+ if (ctx->buf_len > 0) {
+ i = ctx->buf_len - ctx->buf_off;
+ if (i > outl)
+ i = outl;
+ memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+ ret = i;
+ out += i;
+ outl -= i;
+ ctx->buf_off += i;
+ if (ctx->buf_len == ctx->buf_off) {
+ ctx->buf_len = 0;
+ ctx->buf_off = 0;
+ }
+ }
+
+ /*
+ * At this point, we have room of outl bytes and an empty buffer, so we
+ * should read in some more.
+ */
+
+ while (outl > 0) {
+ if (ctx->cont <= 0)
+ break;
+
+ /*
+ * read in at IV offset, read the EVP_Cipher documentation about why
+ */
+ i = BIO_read(b->next_bio, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE);
+
+ if (i <= 0) {
+ /* Should be continue next time we are called? */
+ if (!BIO_should_retry(b->next_bio)) {
+ ctx->cont = i;
+ i = EVP_CipherFinal_ex(&(ctx->cipher),
+ (unsigned char *)ctx->buf,
+ &(ctx->buf_len));
+ ctx->ok = i;
+ ctx->buf_off = 0;
+ } else {
+ ret = (ret == 0) ? i : ret;
+ break;
+ }
+ } else {
+ EVP_CipherUpdate(&(ctx->cipher),
+ (unsigned char *)ctx->buf, &ctx->buf_len,
+ (unsigned char *)&(ctx->buf[BUF_OFFSET]), i);
+ ctx->cont = 1;
+ /*
+ * Note: it is possible for EVP_CipherUpdate to decrypt zero
+ * bytes because this is or looks like the final block: if this
+ * happens we should retry and either read more data or decrypt
+ * the final block
+ */
+ if (ctx->buf_len == 0)
+ continue;
+ }
+
+ if (ctx->buf_len <= outl)
+ i = ctx->buf_len;
+ else
+ i = outl;
+ if (i <= 0)
+ break;
+ memcpy(out, ctx->buf, i);
+ ret += i;
+ ctx->buf_off = i;
+ outl -= i;
+ out += i;
+ }
+
+ BIO_clear_retry_flags(b);
+ BIO_copy_next_retry(b);
+ return ((ret == 0) ? ctx->cont : ret);
+}
+
+static int enc_write(BIO *b, const char *in, int inl)
+{
+ int ret = 0, n, i;
+ BIO_ENC_CTX *ctx;
+
+ ctx = (BIO_ENC_CTX *)b->ptr;
+ ret = inl;
+
+ BIO_clear_retry_flags(b);
+ n = ctx->buf_len - ctx->buf_off;
+ while (n > 0) {
+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ return (i);
+ }
+ ctx->buf_off += i;
+ n -= i;
+ }
+ /* at this point all pending data has been written */
+
+ if ((in == NULL) || (inl <= 0))
+ return (0);
+
+ ctx->buf_off = 0;
+ while (inl > 0) {
+ n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
+ EVP_CipherUpdate(&(ctx->cipher),
+ (unsigned char *)ctx->buf, &ctx->buf_len,
+ (unsigned char *)in, n);
+ inl -= n;
+ in += n;
+
+ ctx->buf_off = 0;
+ n = ctx->buf_len;
+ while (n > 0) {
+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ return (ret == inl) ? i : ret - inl;
+ }
+ n -= i;
+ ctx->buf_off += i;
+ }
+ ctx->buf_len = 0;
+ ctx->buf_off = 0;
+ }
+ BIO_copy_next_retry(b);
+ return (ret);
+}
+
+static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ BIO *dbio;
+ BIO_ENC_CTX *ctx, *dctx;
+ long ret = 1;
+ int i;
+ EVP_CIPHER_CTX **c_ctx;
+
+ ctx = (BIO_ENC_CTX *)b->ptr;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ ctx->ok = 1;
+ ctx->finished = 0;
+ EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
+ ctx->cipher.encrypt);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_EOF: /* More to read */
+ if (ctx->cont <= 0)
+ ret = 1;
+ else
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_WPENDING:
+ ret = ctx->buf_len - ctx->buf_off;
+ if (ret <= 0)
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_PENDING: /* More to read in buffer */
+ ret = ctx->buf_len - ctx->buf_off;
+ if (ret <= 0)
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_FLUSH:
+ /* do a final write */
+ again:
+ while (ctx->buf_len != ctx->buf_off) {
+ i = enc_write(b, NULL, 0);
+ if (i < 0)
+ return i;
+ }
+
+ if (!ctx->finished) {
+ ctx->finished = 1;
+ ctx->buf_off = 0;
+ ret = EVP_CipherFinal_ex(&(ctx->cipher),
+ (unsigned char *)ctx->buf,
+ &(ctx->buf_len));
+ ctx->ok = (int)ret;
+ if (ret <= 0)
+ break;
+
+ /* push out the bytes */
+ goto again;
+ }
+
+ /* Finally flush the underlying BIO */
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_C_GET_CIPHER_STATUS:
+ ret = (long)ctx->ok;
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+ BIO_clear_retry_flags(b);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ BIO_copy_next_retry(b);
+ break;
+ case BIO_C_GET_CIPHER_CTX:
+ c_ctx = (EVP_CIPHER_CTX **)ptr;
+ (*c_ctx) = &(ctx->cipher);
+ b->init = 1;
+ break;
+ case BIO_CTRL_DUP:
+ dbio = (BIO *)ptr;
+ dctx = (BIO_ENC_CTX *)dbio->ptr;
+ memcpy(&(dctx->cipher), &(ctx->cipher), sizeof(ctx->cipher));
+ dbio->init = 1;
+ break;
+ default:
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ }
+ return (ret);
+}
+
+static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+ long ret = 1;
+
+ if (b->next_bio == NULL)
+ return (0);
+ switch (cmd) {
+ default:
+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+ break;
+ }
+ return (ret);
+}
+
+/*-
+void BIO_set_cipher_ctx(b,c)
+BIO *b;
+EVP_CIPHER_ctx *c;
+ {
+ if (b == NULL) return;
+
+ if ((b->callback != NULL) &&
+ (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+ return;
+
+ b->init=1;
+ ctx=(BIO_ENC_CTX *)b->ptr;
+ memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
+
+ if (b->callback != NULL)
+ b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+ }
+*/
+
+void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+ const unsigned char *i, int e)
+{
+ BIO_ENC_CTX *ctx;
+
+ if (b == NULL)
+ return;
+
+ if ((b->callback != NULL) &&
+ (b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <=
+ 0))
+ return;
+
+ b->init = 1;
+ ctx = (BIO_ENC_CTX *)b->ptr;
+ EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e);
+
+ if (b->callback != NULL)
+ b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_md.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/bio_md.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_md.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,264 +0,0 @@
-/* crypto/evp/bio_md.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-/* BIO_put and BIO_get both add to the digest,
- * BIO_gets returns the digest */
-
-static int md_write(BIO *h, char const *buf, int num);
-static int md_read(BIO *h, char *buf, int size);
-/*static int md_puts(BIO *h, const char *str); */
-static int md_gets(BIO *h, char *str, int size);
-static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int md_new(BIO *h);
-static int md_free(BIO *data);
-static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
-
-static BIO_METHOD methods_md=
- {
- BIO_TYPE_MD,"message digest",
- md_write,
- md_read,
- NULL, /* md_puts, */
- md_gets,
- md_ctrl,
- md_new,
- md_free,
- md_callback_ctrl,
- };
-
-BIO_METHOD *BIO_f_md(void)
- {
- return(&methods_md);
- }
-
-static int md_new(BIO *bi)
- {
- EVP_MD_CTX *ctx;
-
- ctx=EVP_MD_CTX_create();
- if (ctx == NULL) return(0);
-
- bi->init=0;
- bi->ptr=(char *)ctx;
- bi->flags=0;
- return(1);
- }
-
-static int md_free(BIO *a)
- {
- if (a == NULL) return(0);
- EVP_MD_CTX_destroy(a->ptr);
- a->ptr=NULL;
- a->init=0;
- a->flags=0;
- return(1);
- }
-
-static int md_read(BIO *b, char *out, int outl)
- {
- int ret=0;
- EVP_MD_CTX *ctx;
-
- if (out == NULL) return(0);
- ctx=b->ptr;
-
- if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
- ret=BIO_read(b->next_bio,out,outl);
- if (b->init)
- {
- if (ret > 0)
- {
- EVP_DigestUpdate(ctx,(unsigned char *)out,
- (unsigned int)ret);
- }
- }
- BIO_clear_retry_flags(b);
- BIO_copy_next_retry(b);
- return(ret);
- }
-
-static int md_write(BIO *b, const char *in, int inl)
- {
- int ret=0;
- EVP_MD_CTX *ctx;
-
- if ((in == NULL) || (inl <= 0)) return(0);
- ctx=b->ptr;
-
- if ((ctx != NULL) && (b->next_bio != NULL))
- ret=BIO_write(b->next_bio,in,inl);
- if (b->init)
- {
- if (ret > 0)
- {
- EVP_DigestUpdate(ctx,(const unsigned char *)in,
- (unsigned int)ret);
- }
- }
- BIO_clear_retry_flags(b);
- BIO_copy_next_retry(b);
- return(ret);
- }
-
-static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- EVP_MD_CTX *ctx,*dctx,**pctx;
- const EVP_MD **ppmd;
- EVP_MD *md;
- long ret=1;
- BIO *dbio;
-
- ctx=b->ptr;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- if (b->init)
- ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL);
- else
- ret=0;
- if (ret > 0)
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_C_GET_MD:
- if (b->init)
- {
- ppmd=ptr;
- *ppmd=ctx->digest;
- }
- else
- ret=0;
- break;
- case BIO_C_GET_MD_CTX:
- pctx=ptr;
- *pctx=ctx;
- break;
- case BIO_C_SET_MD_CTX:
- if (b->init)
- b->ptr=ptr;
- else
- ret=0;
- break;
- case BIO_C_DO_STATE_MACHINE:
- BIO_clear_retry_flags(b);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- BIO_copy_next_retry(b);
- break;
-
- case BIO_C_SET_MD:
- md=ptr;
- ret = EVP_DigestInit_ex(ctx,md, NULL);
- if (ret > 0)
- b->init=1;
- break;
- case BIO_CTRL_DUP:
- dbio=ptr;
- dctx=dbio->ptr;
- EVP_MD_CTX_copy_ex(dctx,ctx);
- b->init=1;
- break;
- default:
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- }
- return(ret);
- }
-
-static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- long ret=1;
-
- if (b->next_bio == NULL) return(0);
- switch (cmd)
- {
- default:
- ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
- break;
- }
- return(ret);
- }
-
-static int md_gets(BIO *bp, char *buf, int size)
- {
- EVP_MD_CTX *ctx;
- unsigned int ret;
-
-
- ctx=bp->ptr;
- if (size < ctx->digest->md_size)
- return(0);
- EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret);
- return((int)ret);
- }
-
-/*
-static int md_puts(bp,str)
-BIO *bp;
-char *str;
- {
- return(-1);
- }
-*/
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_md.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/bio_md.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_md.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_md.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,261 @@
+/* crypto/evp/bio_md.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int md_write(BIO *h, char const *buf, int num);
+static int md_read(BIO *h, char *buf, int size);
+/*
+ * static int md_puts(BIO *h, const char *str);
+ */
+static int md_gets(BIO *h, char *str, int size);
+static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int md_new(BIO *h);
+static int md_free(BIO *data);
+static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+
+static BIO_METHOD methods_md = {
+ BIO_TYPE_MD, "message digest",
+ md_write,
+ md_read,
+ NULL, /* md_puts, */
+ md_gets,
+ md_ctrl,
+ md_new,
+ md_free,
+ md_callback_ctrl,
+};
+
+BIO_METHOD *BIO_f_md(void)
+{
+ return (&methods_md);
+}
+
+static int md_new(BIO *bi)
+{
+ EVP_MD_CTX *ctx;
+
+ ctx = EVP_MD_CTX_create();
+ if (ctx == NULL)
+ return (0);
+
+ bi->init = 0;
+ bi->ptr = (char *)ctx;
+ bi->flags = 0;
+ return (1);
+}
+
+static int md_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ EVP_MD_CTX_destroy(a->ptr);
+ a->ptr = NULL;
+ a->init = 0;
+ a->flags = 0;
+ return (1);
+}
+
+static int md_read(BIO *b, char *out, int outl)
+{
+ int ret = 0;
+ EVP_MD_CTX *ctx;
+
+ if (out == NULL)
+ return (0);
+ ctx = b->ptr;
+
+ if ((ctx == NULL) || (b->next_bio == NULL))
+ return (0);
+
+ ret = BIO_read(b->next_bio, out, outl);
+ if (b->init) {
+ if (ret > 0) {
+ EVP_DigestUpdate(ctx, (unsigned char *)out, (unsigned int)ret);
+ }
+ }
+ BIO_clear_retry_flags(b);
+ BIO_copy_next_retry(b);
+ return (ret);
+}
+
+static int md_write(BIO *b, const char *in, int inl)
+{
+ int ret = 0;
+ EVP_MD_CTX *ctx;
+
+ if ((in == NULL) || (inl <= 0))
+ return (0);
+ ctx = b->ptr;
+
+ if ((ctx != NULL) && (b->next_bio != NULL))
+ ret = BIO_write(b->next_bio, in, inl);
+ if (b->init) {
+ if (ret > 0) {
+ EVP_DigestUpdate(ctx, (const unsigned char *)in,
+ (unsigned int)ret);
+ }
+ }
+ BIO_clear_retry_flags(b);
+ BIO_copy_next_retry(b);
+ return (ret);
+}
+
+static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ EVP_MD_CTX *ctx, *dctx, **pctx;
+ const EVP_MD **ppmd;
+ EVP_MD *md;
+ long ret = 1;
+ BIO *dbio;
+
+ ctx = b->ptr;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ if (b->init)
+ ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL);
+ else
+ ret = 0;
+ if (ret > 0)
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_C_GET_MD:
+ if (b->init) {
+ ppmd = ptr;
+ *ppmd = ctx->digest;
+ } else
+ ret = 0;
+ break;
+ case BIO_C_GET_MD_CTX:
+ pctx = ptr;
+ *pctx = ctx;
+ break;
+ case BIO_C_SET_MD_CTX:
+ if (b->init)
+ b->ptr = ptr;
+ else
+ ret = 0;
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+ BIO_clear_retry_flags(b);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ BIO_copy_next_retry(b);
+ break;
+
+ case BIO_C_SET_MD:
+ md = ptr;
+ ret = EVP_DigestInit_ex(ctx, md, NULL);
+ if (ret > 0)
+ b->init = 1;
+ break;
+ case BIO_CTRL_DUP:
+ dbio = ptr;
+ dctx = dbio->ptr;
+ EVP_MD_CTX_copy_ex(dctx, ctx);
+ b->init = 1;
+ break;
+ default:
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ }
+ return (ret);
+}
+
+static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+ long ret = 1;
+
+ if (b->next_bio == NULL)
+ return (0);
+ switch (cmd) {
+ default:
+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+ break;
+ }
+ return (ret);
+}
+
+static int md_gets(BIO *bp, char *buf, int size)
+{
+ EVP_MD_CTX *ctx;
+ unsigned int ret;
+
+ ctx = bp->ptr;
+ if (size < ctx->digest->md_size)
+ return (0);
+ EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret);
+ return ((int)ret);
+}
+
+/*-
+static int md_puts(bp,str)
+BIO *bp;
+char *str;
+ {
+ return(-1);
+ }
+*/
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_ok.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/bio_ok.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_ok.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,575 +0,0 @@
-/* crypto/evp/bio_ok.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/*
- From: Arne Ansper <arne at cyber.ee>
-
- Why BIO_f_reliable?
-
- I wrote function which took BIO* as argument, read data from it
- and processed it. Then I wanted to store the input file in
- encrypted form. OK I pushed BIO_f_cipher to the BIO stack
- and everything was OK. BUT if user types wrong password
- BIO_f_cipher outputs only garbage and my function crashes. Yes
- I can and I should fix my function, but BIO_f_cipher is
- easy way to add encryption support to many existing applications
- and it's hard to debug and fix them all.
-
- So I wanted another BIO which would catch the incorrect passwords and
- file damages which cause garbage on BIO_f_cipher's output.
-
- The easy way is to push the BIO_f_md and save the checksum at
- the end of the file. However there are several problems with this
- approach:
-
- 1) you must somehow separate checksum from actual data.
- 2) you need lot's of memory when reading the file, because you
- must read to the end of the file and verify the checksum before
- letting the application to read the data.
-
- BIO_f_reliable tries to solve both problems, so that you can
- read and write arbitrary long streams using only fixed amount
- of memory.
-
- BIO_f_reliable splits data stream into blocks. Each block is prefixed
- with it's length and suffixed with it's digest. So you need only
- several Kbytes of memory to buffer single block before verifying
- it's digest.
-
- BIO_f_reliable goes further and adds several important capabilities:
-
- 1) the digest of the block is computed over the whole stream
- -- so nobody can rearrange the blocks or remove or replace them.
-
- 2) to detect invalid passwords right at the start BIO_f_reliable
- adds special prefix to the stream. In order to avoid known plain-text
- attacks this prefix is generated as follows:
-
- *) digest is initialized with random seed instead of
- standardized one.
- *) same seed is written to output
- *) well-known text is then hashed and the output
- of the digest is also written to output.
-
- reader can now read the seed from stream, hash the same string
- and then compare the digest output.
-
- Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I
- initially wrote and tested this code on x86 machine and wrote the
- digests out in machine-dependent order :( There are people using
- this code and I cannot change this easily without making existing
- data files unreadable.
-
-*/
-
-#include <stdio.h>
-#include <errno.h>
-#include <assert.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-
-static int ok_write(BIO *h, const char *buf, int num);
-static int ok_read(BIO *h, char *buf, int size);
-static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int ok_new(BIO *h);
-static int ok_free(BIO *data);
-static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-
-static void sig_out(BIO* b);
-static void sig_in(BIO* b);
-static void block_out(BIO* b);
-static void block_in(BIO* b);
-#define OK_BLOCK_SIZE (1024*4)
-#define OK_BLOCK_BLOCK 4
-#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
-#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
-
-typedef struct ok_struct
- {
- size_t buf_len;
- size_t buf_off;
- size_t buf_len_save;
- size_t buf_off_save;
- int cont; /* <= 0 when finished */
- int finished;
- EVP_MD_CTX md;
- int blockout; /* output block is ready */
- int sigio; /* must process signature */
- unsigned char buf[IOBS];
- } BIO_OK_CTX;
-
-static BIO_METHOD methods_ok=
- {
- BIO_TYPE_CIPHER,"reliable",
- ok_write,
- ok_read,
- NULL, /* ok_puts, */
- NULL, /* ok_gets, */
- ok_ctrl,
- ok_new,
- ok_free,
- ok_callback_ctrl,
- };
-
-BIO_METHOD *BIO_f_reliable(void)
- {
- return(&methods_ok);
- }
-
-static int ok_new(BIO *bi)
- {
- BIO_OK_CTX *ctx;
-
- ctx=(BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
- if (ctx == NULL) return(0);
-
- ctx->buf_len=0;
- ctx->buf_off=0;
- ctx->buf_len_save=0;
- ctx->buf_off_save=0;
- ctx->cont=1;
- ctx->finished=0;
- ctx->blockout= 0;
- ctx->sigio=1;
-
- EVP_MD_CTX_init(&ctx->md);
-
- bi->init=0;
- bi->ptr=(char *)ctx;
- bi->flags=0;
- return(1);
- }
-
-static int ok_free(BIO *a)
- {
- if (a == NULL) return(0);
- EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
- OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
- OPENSSL_free(a->ptr);
- a->ptr=NULL;
- a->init=0;
- a->flags=0;
- return(1);
- }
-
-static int ok_read(BIO *b, char *out, int outl)
- {
- int ret=0,i,n;
- BIO_OK_CTX *ctx;
-
- if (out == NULL) return(0);
- ctx=(BIO_OK_CTX *)b->ptr;
-
- if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
-
- while(outl > 0)
- {
-
- /* copy clean bytes to output buffer */
- if (ctx->blockout)
- {
- i=ctx->buf_len-ctx->buf_off;
- if (i > outl) i=outl;
- memcpy(out,&(ctx->buf[ctx->buf_off]),i);
- ret+=i;
- out+=i;
- outl-=i;
- ctx->buf_off+=i;
-
- /* all clean bytes are out */
- if (ctx->buf_len == ctx->buf_off)
- {
- ctx->buf_off=0;
-
- /* copy start of the next block into proper place */
- if(ctx->buf_len_save- ctx->buf_off_save > 0)
- {
- ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save;
- memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
- ctx->buf_len);
- }
- else
- {
- ctx->buf_len=0;
- }
- ctx->blockout= 0;
- }
- }
-
- /* output buffer full -- cancel */
- if (outl == 0) break;
-
- /* no clean bytes in buffer -- fill it */
- n=IOBS- ctx->buf_len;
- i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n);
-
- if (i <= 0) break; /* nothing new */
-
- ctx->buf_len+= i;
-
- /* no signature yet -- check if we got one */
- if (ctx->sigio == 1) sig_in(b);
-
- /* signature ok -- check if we got block */
- if (ctx->sigio == 0) block_in(b);
-
- /* invalid block -- cancel */
- if (ctx->cont <= 0) break;
-
- }
-
- BIO_clear_retry_flags(b);
- BIO_copy_next_retry(b);
- return(ret);
- }
-
-static int ok_write(BIO *b, const char *in, int inl)
- {
- int ret=0,n,i;
- BIO_OK_CTX *ctx;
-
- if (inl <= 0) return inl;
-
- ctx=(BIO_OK_CTX *)b->ptr;
- ret=inl;
-
- if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
-
- if(ctx->sigio) sig_out(b);
-
- do{
- BIO_clear_retry_flags(b);
- n=ctx->buf_len-ctx->buf_off;
- while (ctx->blockout && n > 0)
- {
- i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
- if (i <= 0)
- {
- BIO_copy_next_retry(b);
- if(!BIO_should_retry(b))
- ctx->cont= 0;
- return(i);
- }
- ctx->buf_off+=i;
- n-=i;
- }
-
- /* at this point all pending data has been written */
- ctx->blockout= 0;
- if (ctx->buf_len == ctx->buf_off)
- {
- ctx->buf_len=OK_BLOCK_BLOCK;
- ctx->buf_off=0;
- }
-
- if ((in == NULL) || (inl <= 0)) return(0);
-
- n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ?
- (int)(OK_BLOCK_SIZE+OK_BLOCK_BLOCK-ctx->buf_len) : inl;
-
- memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n);
- ctx->buf_len+= n;
- inl-=n;
- in+=n;
-
- if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK)
- {
- block_out(b);
- }
- }while(inl > 0);
-
- BIO_clear_retry_flags(b);
- BIO_copy_next_retry(b);
- return(ret);
- }
-
-static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- BIO_OK_CTX *ctx;
- EVP_MD *md;
- const EVP_MD **ppmd;
- long ret=1;
- int i;
-
- ctx=b->ptr;
-
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- ctx->buf_len=0;
- ctx->buf_off=0;
- ctx->buf_len_save=0;
- ctx->buf_off_save=0;
- ctx->cont=1;
- ctx->finished=0;
- ctx->blockout= 0;
- ctx->sigio=1;
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_EOF: /* More to read */
- if (ctx->cont <= 0)
- ret=1;
- else
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_PENDING: /* More to read in buffer */
- case BIO_CTRL_WPENDING: /* More to read in buffer */
- ret=ctx->blockout ? ctx->buf_len-ctx->buf_off : 0;
- if (ret <= 0)
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_CTRL_FLUSH:
- /* do a final write */
- if(ctx->blockout == 0)
- block_out(b);
-
- while (ctx->blockout)
- {
- i=ok_write(b,NULL,0);
- if (i < 0)
- {
- ret=i;
- break;
- }
- }
-
- ctx->finished=1;
- ctx->buf_off=ctx->buf_len=0;
- ctx->cont=(int)ret;
-
- /* Finally flush the underlying BIO */
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- case BIO_C_DO_STATE_MACHINE:
- BIO_clear_retry_flags(b);
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- BIO_copy_next_retry(b);
- break;
- case BIO_CTRL_INFO:
- ret=(long)ctx->cont;
- break;
- case BIO_C_SET_MD:
- md=ptr;
- EVP_DigestInit_ex(&ctx->md, md, NULL);
- b->init=1;
- break;
- case BIO_C_GET_MD:
- if (b->init)
- {
- ppmd=ptr;
- *ppmd=ctx->md.digest;
- }
- else
- ret=0;
- break;
- default:
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- }
- return(ret);
- }
-
-static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- long ret=1;
-
- if (b->next_bio == NULL) return(0);
- switch (cmd)
- {
- default:
- ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
- break;
- }
- return(ret);
- }
-
-static void longswap(void *_ptr, size_t len)
-{ const union { long one; char little; } is_endian = {1};
-
- if (is_endian.little) {
- size_t i;
- unsigned char *p=_ptr,c;
-
- for(i= 0;i < len;i+= 4) {
- c=p[0],p[0]=p[3],p[3]=c;
- c=p[1],p[1]=p[2],p[2]=c;
- }
- }
-}
-
-static void sig_out(BIO* b)
- {
- BIO_OK_CTX *ctx;
- EVP_MD_CTX *md;
-
- ctx=b->ptr;
- md=&ctx->md;
-
- if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
-
- EVP_DigestInit_ex(md, md->digest, NULL);
- /* FIXME: there's absolutely no guarantee this makes any sense at all,
- * particularly now EVP_MD_CTX has been restructured.
- */
- RAND_pseudo_bytes(md->md_data, md->digest->md_size);
- memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
- longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
- ctx->buf_len+= md->digest->md_size;
-
- EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
- EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
- ctx->buf_len+= md->digest->md_size;
- ctx->blockout= 1;
- ctx->sigio= 0;
- }
-
-static void sig_in(BIO* b)
- {
- BIO_OK_CTX *ctx;
- EVP_MD_CTX *md;
- unsigned char tmp[EVP_MAX_MD_SIZE];
- int ret= 0;
-
- ctx=b->ptr;
- md=&ctx->md;
-
- if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return;
-
- EVP_DigestInit_ex(md, md->digest, NULL);
- memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
- longswap(md->md_data, md->digest->md_size);
- ctx->buf_off+= md->digest->md_size;
-
- EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
- EVP_DigestFinal_ex(md, tmp, NULL);
- ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
- ctx->buf_off+= md->digest->md_size;
- if(ret == 1)
- {
- ctx->sigio= 0;
- if(ctx->buf_len != ctx->buf_off)
- {
- memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len- ctx->buf_off);
- }
- ctx->buf_len-= ctx->buf_off;
- ctx->buf_off= 0;
- }
- else
- {
- ctx->cont= 0;
- }
- }
-
-static void block_out(BIO* b)
- {
- BIO_OK_CTX *ctx;
- EVP_MD_CTX *md;
- unsigned long tl;
-
- ctx=b->ptr;
- md=&ctx->md;
-
- tl= ctx->buf_len- OK_BLOCK_BLOCK;
- ctx->buf[0]=(unsigned char)(tl>>24);
- ctx->buf[1]=(unsigned char)(tl>>16);
- ctx->buf[2]=(unsigned char)(tl>>8);
- ctx->buf[3]=(unsigned char)(tl);
- EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
- EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
- ctx->buf_len+= md->digest->md_size;
- ctx->blockout= 1;
- }
-
-static void block_in(BIO* b)
- {
- BIO_OK_CTX *ctx;
- EVP_MD_CTX *md;
- unsigned long tl= 0;
- unsigned char tmp[EVP_MAX_MD_SIZE];
-
- ctx=b->ptr;
- md=&ctx->md;
-
- assert(sizeof(tl)>=OK_BLOCK_BLOCK); /* always true */
- tl =ctx->buf[0]; tl<<=8;
- tl|=ctx->buf[1]; tl<<=8;
- tl|=ctx->buf[2]; tl<<=8;
- tl|=ctx->buf[3];
-
- if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
-
- EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
- EVP_DigestFinal_ex(md, tmp, NULL);
- if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
- {
- /* there might be parts from next block lurking around ! */
- ctx->buf_off_save= tl+ OK_BLOCK_BLOCK+ md->digest->md_size;
- ctx->buf_len_save= ctx->buf_len;
- ctx->buf_off= OK_BLOCK_BLOCK;
- ctx->buf_len= tl+ OK_BLOCK_BLOCK;
- ctx->blockout= 1;
- }
- else
- {
- ctx->cont= 0;
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_ok.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/bio_ok.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_ok.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/bio_ok.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,582 @@
+/* crypto/evp/bio_ok.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*-
+ From: Arne Ansper <arne at cyber.ee>
+
+ Why BIO_f_reliable?
+
+ I wrote function which took BIO* as argument, read data from it
+ and processed it. Then I wanted to store the input file in
+ encrypted form. OK I pushed BIO_f_cipher to the BIO stack
+ and everything was OK. BUT if user types wrong password
+ BIO_f_cipher outputs only garbage and my function crashes. Yes
+ I can and I should fix my function, but BIO_f_cipher is
+ easy way to add encryption support to many existing applications
+ and it's hard to debug and fix them all.
+
+ So I wanted another BIO which would catch the incorrect passwords and
+ file damages which cause garbage on BIO_f_cipher's output.
+
+ The easy way is to push the BIO_f_md and save the checksum at
+ the end of the file. However there are several problems with this
+ approach:
+
+ 1) you must somehow separate checksum from actual data.
+ 2) you need lot's of memory when reading the file, because you
+ must read to the end of the file and verify the checksum before
+ letting the application to read the data.
+
+ BIO_f_reliable tries to solve both problems, so that you can
+ read and write arbitrary long streams using only fixed amount
+ of memory.
+
+ BIO_f_reliable splits data stream into blocks. Each block is prefixed
+ with it's length and suffixed with it's digest. So you need only
+ several Kbytes of memory to buffer single block before verifying
+ it's digest.
+
+ BIO_f_reliable goes further and adds several important capabilities:
+
+ 1) the digest of the block is computed over the whole stream
+ -- so nobody can rearrange the blocks or remove or replace them.
+
+ 2) to detect invalid passwords right at the start BIO_f_reliable
+ adds special prefix to the stream. In order to avoid known plain-text
+ attacks this prefix is generated as follows:
+
+ *) digest is initialized with random seed instead of
+ standardized one.
+ *) same seed is written to output
+ *) well-known text is then hashed and the output
+ of the digest is also written to output.
+
+ reader can now read the seed from stream, hash the same string
+ and then compare the digest output.
+
+ Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I
+ initially wrote and tested this code on x86 machine and wrote the
+ digests out in machine-dependent order :( There are people using
+ this code and I cannot change this easily without making existing
+ data files unreadable.
+
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+static int ok_write(BIO *h, const char *buf, int num);
+static int ok_read(BIO *h, char *buf, int size);
+static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ok_new(BIO *h);
+static int ok_free(BIO *data);
+static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+
+static void sig_out(BIO *b);
+static void sig_in(BIO *b);
+static void block_out(BIO *b);
+static void block_in(BIO *b);
+#define OK_BLOCK_SIZE (1024*4)
+#define OK_BLOCK_BLOCK 4
+#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
+#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
+
+typedef struct ok_struct {
+ size_t buf_len;
+ size_t buf_off;
+ size_t buf_len_save;
+ size_t buf_off_save;
+ int cont; /* <= 0 when finished */
+ int finished;
+ EVP_MD_CTX md;
+ int blockout; /* output block is ready */
+ int sigio; /* must process signature */
+ unsigned char buf[IOBS];
+} BIO_OK_CTX;
+
+static BIO_METHOD methods_ok = {
+ BIO_TYPE_CIPHER, "reliable",
+ ok_write,
+ ok_read,
+ NULL, /* ok_puts, */
+ NULL, /* ok_gets, */
+ ok_ctrl,
+ ok_new,
+ ok_free,
+ ok_callback_ctrl,
+};
+
+BIO_METHOD *BIO_f_reliable(void)
+{
+ return (&methods_ok);
+}
+
+static int ok_new(BIO *bi)
+{
+ BIO_OK_CTX *ctx;
+
+ ctx = (BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
+ if (ctx == NULL)
+ return (0);
+
+ ctx->buf_len = 0;
+ ctx->buf_off = 0;
+ ctx->buf_len_save = 0;
+ ctx->buf_off_save = 0;
+ ctx->cont = 1;
+ ctx->finished = 0;
+ ctx->blockout = 0;
+ ctx->sigio = 1;
+
+ EVP_MD_CTX_init(&ctx->md);
+
+ bi->init = 0;
+ bi->ptr = (char *)ctx;
+ bi->flags = 0;
+ return (1);
+}
+
+static int ok_free(BIO *a)
+{
+ if (a == NULL)
+ return (0);
+ EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
+ OPENSSL_cleanse(a->ptr, sizeof(BIO_OK_CTX));
+ OPENSSL_free(a->ptr);
+ a->ptr = NULL;
+ a->init = 0;
+ a->flags = 0;
+ return (1);
+}
+
+static int ok_read(BIO *b, char *out, int outl)
+{
+ int ret = 0, i, n;
+ BIO_OK_CTX *ctx;
+
+ if (out == NULL)
+ return (0);
+ ctx = (BIO_OK_CTX *)b->ptr;
+
+ if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0))
+ return (0);
+
+ while (outl > 0) {
+
+ /* copy clean bytes to output buffer */
+ if (ctx->blockout) {
+ i = ctx->buf_len - ctx->buf_off;
+ if (i > outl)
+ i = outl;
+ memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+ ret += i;
+ out += i;
+ outl -= i;
+ ctx->buf_off += i;
+
+ /* all clean bytes are out */
+ if (ctx->buf_len == ctx->buf_off) {
+ ctx->buf_off = 0;
+
+ /*
+ * copy start of the next block into proper place
+ */
+ if (ctx->buf_len_save - ctx->buf_off_save > 0) {
+ ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save;
+ memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
+ ctx->buf_len);
+ } else {
+ ctx->buf_len = 0;
+ }
+ ctx->blockout = 0;
+ }
+ }
+
+ /* output buffer full -- cancel */
+ if (outl == 0)
+ break;
+
+ /* no clean bytes in buffer -- fill it */
+ n = IOBS - ctx->buf_len;
+ i = BIO_read(b->next_bio, &(ctx->buf[ctx->buf_len]), n);
+
+ if (i <= 0)
+ break; /* nothing new */
+
+ ctx->buf_len += i;
+
+ /* no signature yet -- check if we got one */
+ if (ctx->sigio == 1)
+ sig_in(b);
+
+ /* signature ok -- check if we got block */
+ if (ctx->sigio == 0)
+ block_in(b);
+
+ /* invalid block -- cancel */
+ if (ctx->cont <= 0)
+ break;
+
+ }
+
+ BIO_clear_retry_flags(b);
+ BIO_copy_next_retry(b);
+ return (ret);
+}
+
+static int ok_write(BIO *b, const char *in, int inl)
+{
+ int ret = 0, n, i;
+ BIO_OK_CTX *ctx;
+
+ if (inl <= 0)
+ return inl;
+
+ ctx = (BIO_OK_CTX *)b->ptr;
+ ret = inl;
+
+ if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0))
+ return (0);
+
+ if (ctx->sigio)
+ sig_out(b);
+
+ do {
+ BIO_clear_retry_flags(b);
+ n = ctx->buf_len - ctx->buf_off;
+ while (ctx->blockout && n > 0) {
+ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ if (!BIO_should_retry(b))
+ ctx->cont = 0;
+ return (i);
+ }
+ ctx->buf_off += i;
+ n -= i;
+ }
+
+ /* at this point all pending data has been written */
+ ctx->blockout = 0;
+ if (ctx->buf_len == ctx->buf_off) {
+ ctx->buf_len = OK_BLOCK_BLOCK;
+ ctx->buf_off = 0;
+ }
+
+ if ((in == NULL) || (inl <= 0))
+ return (0);
+
+ n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ?
+ (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl;
+
+ memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),
+ (unsigned char *)in, n);
+ ctx->buf_len += n;
+ inl -= n;
+ in += n;
+
+ if (ctx->buf_len >= OK_BLOCK_SIZE + OK_BLOCK_BLOCK) {
+ block_out(b);
+ }
+ } while (inl > 0);
+
+ BIO_clear_retry_flags(b);
+ BIO_copy_next_retry(b);
+ return (ret);
+}
+
+static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ BIO_OK_CTX *ctx;
+ EVP_MD *md;
+ const EVP_MD **ppmd;
+ long ret = 1;
+ int i;
+
+ ctx = b->ptr;
+
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ ctx->buf_len = 0;
+ ctx->buf_off = 0;
+ ctx->buf_len_save = 0;
+ ctx->buf_off_save = 0;
+ ctx->cont = 1;
+ ctx->finished = 0;
+ ctx->blockout = 0;
+ ctx->sigio = 1;
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_EOF: /* More to read */
+ if (ctx->cont <= 0)
+ ret = 1;
+ else
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_PENDING: /* More to read in buffer */
+ case BIO_CTRL_WPENDING: /* More to read in buffer */
+ ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0;
+ if (ret <= 0)
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_FLUSH:
+ /* do a final write */
+ if (ctx->blockout == 0)
+ block_out(b);
+
+ while (ctx->blockout) {
+ i = ok_write(b, NULL, 0);
+ if (i < 0) {
+ ret = i;
+ break;
+ }
+ }
+
+ ctx->finished = 1;
+ ctx->buf_off = ctx->buf_len = 0;
+ ctx->cont = (int)ret;
+
+ /* Finally flush the underlying BIO */
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+ BIO_clear_retry_flags(b);
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ BIO_copy_next_retry(b);
+ break;
+ case BIO_CTRL_INFO:
+ ret = (long)ctx->cont;
+ break;
+ case BIO_C_SET_MD:
+ md = ptr;
+ EVP_DigestInit_ex(&ctx->md, md, NULL);
+ b->init = 1;
+ break;
+ case BIO_C_GET_MD:
+ if (b->init) {
+ ppmd = ptr;
+ *ppmd = ctx->md.digest;
+ } else
+ ret = 0;
+ break;
+ default:
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ break;
+ }
+ return (ret);
+}
+
+static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+ long ret = 1;
+
+ if (b->next_bio == NULL)
+ return (0);
+ switch (cmd) {
+ default:
+ ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+ break;
+ }
+ return (ret);
+}
+
+static void longswap(void *_ptr, size_t len)
+{
+ const union {
+ long one;
+ char little;
+ } is_endian = {
+ 1
+ };
+
+ if (is_endian.little) {
+ size_t i;
+ unsigned char *p = _ptr, c;
+
+ for (i = 0; i < len; i += 4) {
+ c = p[0], p[0] = p[3], p[3] = c;
+ c = p[1], p[1] = p[2], p[2] = c;
+ }
+ }
+}
+
+static void sig_out(BIO *b)
+{
+ BIO_OK_CTX *ctx;
+ EVP_MD_CTX *md;
+
+ ctx = b->ptr;
+ md = &ctx->md;
+
+ if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE)
+ return;
+
+ EVP_DigestInit_ex(md, md->digest, NULL);
+ /*
+ * FIXME: there's absolutely no guarantee this makes any sense at all,
+ * particularly now EVP_MD_CTX has been restructured.
+ */
+ RAND_pseudo_bytes(md->md_data, md->digest->md_size);
+ memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
+ longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
+ ctx->buf_len += md->digest->md_size;
+
+ EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
+ EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
+ ctx->buf_len += md->digest->md_size;
+ ctx->blockout = 1;
+ ctx->sigio = 0;
+}
+
+static void sig_in(BIO *b)
+{
+ BIO_OK_CTX *ctx;
+ EVP_MD_CTX *md;
+ unsigned char tmp[EVP_MAX_MD_SIZE];
+ int ret = 0;
+
+ ctx = b->ptr;
+ md = &ctx->md;
+
+ if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size)
+ return;
+
+ EVP_DigestInit_ex(md, md->digest, NULL);
+ memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
+ longswap(md->md_data, md->digest->md_size);
+ ctx->buf_off += md->digest->md_size;
+
+ EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
+ EVP_DigestFinal_ex(md, tmp, NULL);
+ ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
+ ctx->buf_off += md->digest->md_size;
+ if (ret == 1) {
+ ctx->sigio = 0;
+ if (ctx->buf_len != ctx->buf_off) {
+ memmove(ctx->buf, &(ctx->buf[ctx->buf_off]),
+ ctx->buf_len - ctx->buf_off);
+ }
+ ctx->buf_len -= ctx->buf_off;
+ ctx->buf_off = 0;
+ } else {
+ ctx->cont = 0;
+ }
+}
+
+static void block_out(BIO *b)
+{
+ BIO_OK_CTX *ctx;
+ EVP_MD_CTX *md;
+ unsigned long tl;
+
+ ctx = b->ptr;
+ md = &ctx->md;
+
+ tl = ctx->buf_len - OK_BLOCK_BLOCK;
+ ctx->buf[0] = (unsigned char)(tl >> 24);
+ ctx->buf[1] = (unsigned char)(tl >> 16);
+ ctx->buf[2] = (unsigned char)(tl >> 8);
+ ctx->buf[3] = (unsigned char)(tl);
+ EVP_DigestUpdate(md, (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl);
+ EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
+ ctx->buf_len += md->digest->md_size;
+ ctx->blockout = 1;
+}
+
+static void block_in(BIO *b)
+{
+ BIO_OK_CTX *ctx;
+ EVP_MD_CTX *md;
+ unsigned long tl = 0;
+ unsigned char tmp[EVP_MAX_MD_SIZE];
+
+ ctx = b->ptr;
+ md = &ctx->md;
+
+ assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
+ tl = ctx->buf[0];
+ tl <<= 8;
+ tl |= ctx->buf[1];
+ tl <<= 8;
+ tl |= ctx->buf[2];
+ tl <<= 8;
+ tl |= ctx->buf[3];
+
+ if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size)
+ return;
+
+ EVP_DigestUpdate(md, (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl);
+ EVP_DigestFinal_ex(md, tmp, NULL);
+ if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) ==
+ 0) {
+ /* there might be parts from next block lurking around ! */
+ ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size;
+ ctx->buf_len_save = ctx->buf_len;
+ ctx->buf_off = OK_BLOCK_BLOCK;
+ ctx->buf_len = tl + OK_BLOCK_BLOCK;
+ ctx->blockout = 1;
+ } else {
+ ctx->cont = 0;
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/c_all.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/c_all.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/c_all.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,90 +0,0 @@
-/* crypto/evp/c_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-#if 0
-#undef OpenSSL_add_all_algorithms
-
-void OpenSSL_add_all_algorithms(void)
- {
- OPENSSL_add_all_algorithms_noconf();
- }
-#endif
-
-void OPENSSL_add_all_algorithms_noconf(void)
- {
- /*
- * For the moment OPENSSL_cpuid_setup does something
- * only on IA-32, but we reserve the option for all
- * platforms...
- */
- OPENSSL_cpuid_setup();
- OpenSSL_add_all_ciphers();
- OpenSSL_add_all_digests();
-#ifndef OPENSSL_NO_ENGINE
-# if defined(__OpenBSD__) || defined(__FreeBSD__)
- ENGINE_setup_bsd_cryptodev();
-# endif
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/c_all.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/c_all.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/c_all.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/c_all.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,90 @@
+/* crypto/evp/c_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+#if 0
+# undef OpenSSL_add_all_algorithms
+
+void OpenSSL_add_all_algorithms(void)
+{
+ OPENSSL_add_all_algorithms_noconf();
+}
+#endif
+
+void OPENSSL_add_all_algorithms_noconf(void)
+{
+ /*
+ * For the moment OPENSSL_cpuid_setup does something
+ * only on IA-32, but we reserve the option for all
+ * platforms...
+ */
+ OPENSSL_cpuid_setup();
+ OpenSSL_add_all_ciphers();
+ OpenSSL_add_all_digests();
+#ifndef OPENSSL_NO_ENGINE
+# if defined(__OpenBSD__) || defined(__FreeBSD__)
+ ENGINE_setup_bsd_cryptodev();
+# endif
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/c_allc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/c_allc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/c_allc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,227 +0,0 @@
-/* crypto/evp/c_allc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/pkcs12.h>
-#include <openssl/objects.h>
-
-void OpenSSL_add_all_ciphers(void)
- {
-
-#ifndef OPENSSL_NO_DES
- EVP_add_cipher(EVP_des_cfb());
- EVP_add_cipher(EVP_des_cfb1());
- EVP_add_cipher(EVP_des_cfb8());
- EVP_add_cipher(EVP_des_ede_cfb());
- EVP_add_cipher(EVP_des_ede3_cfb());
- EVP_add_cipher(EVP_des_ede3_cfb1());
- EVP_add_cipher(EVP_des_ede3_cfb8());
-
- EVP_add_cipher(EVP_des_ofb());
- EVP_add_cipher(EVP_des_ede_ofb());
- EVP_add_cipher(EVP_des_ede3_ofb());
-
- EVP_add_cipher(EVP_desx_cbc());
- EVP_add_cipher_alias(SN_desx_cbc,"DESX");
- EVP_add_cipher_alias(SN_desx_cbc,"desx");
-
- EVP_add_cipher(EVP_des_cbc());
- EVP_add_cipher_alias(SN_des_cbc,"DES");
- EVP_add_cipher_alias(SN_des_cbc,"des");
- EVP_add_cipher(EVP_des_ede_cbc());
- EVP_add_cipher(EVP_des_ede3_cbc());
- EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
- EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
-
- EVP_add_cipher(EVP_des_ecb());
- EVP_add_cipher(EVP_des_ede());
- EVP_add_cipher(EVP_des_ede3());
-#endif
-
-#ifndef OPENSSL_NO_RC4
- EVP_add_cipher(EVP_rc4());
- EVP_add_cipher(EVP_rc4_40());
-#endif
-
-#ifndef OPENSSL_NO_IDEA
- EVP_add_cipher(EVP_idea_ecb());
- EVP_add_cipher(EVP_idea_cfb());
- EVP_add_cipher(EVP_idea_ofb());
- EVP_add_cipher(EVP_idea_cbc());
- EVP_add_cipher_alias(SN_idea_cbc,"IDEA");
- EVP_add_cipher_alias(SN_idea_cbc,"idea");
-#endif
-
-#ifndef OPENSSL_NO_SEED
- EVP_add_cipher(EVP_seed_ecb());
- EVP_add_cipher(EVP_seed_cfb());
- EVP_add_cipher(EVP_seed_ofb());
- EVP_add_cipher(EVP_seed_cbc());
- EVP_add_cipher_alias(SN_seed_cbc,"SEED");
- EVP_add_cipher_alias(SN_seed_cbc,"seed");
-#endif
-
-#ifndef OPENSSL_NO_RC2
- EVP_add_cipher(EVP_rc2_ecb());
- EVP_add_cipher(EVP_rc2_cfb());
- EVP_add_cipher(EVP_rc2_ofb());
- EVP_add_cipher(EVP_rc2_cbc());
- EVP_add_cipher(EVP_rc2_40_cbc());
- EVP_add_cipher(EVP_rc2_64_cbc());
- EVP_add_cipher_alias(SN_rc2_cbc,"RC2");
- EVP_add_cipher_alias(SN_rc2_cbc,"rc2");
-#endif
-
-#ifndef OPENSSL_NO_BF
- EVP_add_cipher(EVP_bf_ecb());
- EVP_add_cipher(EVP_bf_cfb());
- EVP_add_cipher(EVP_bf_ofb());
- EVP_add_cipher(EVP_bf_cbc());
- EVP_add_cipher_alias(SN_bf_cbc,"BF");
- EVP_add_cipher_alias(SN_bf_cbc,"bf");
- EVP_add_cipher_alias(SN_bf_cbc,"blowfish");
-#endif
-
-#ifndef OPENSSL_NO_CAST
- EVP_add_cipher(EVP_cast5_ecb());
- EVP_add_cipher(EVP_cast5_cfb());
- EVP_add_cipher(EVP_cast5_ofb());
- EVP_add_cipher(EVP_cast5_cbc());
- EVP_add_cipher_alias(SN_cast5_cbc,"CAST");
- EVP_add_cipher_alias(SN_cast5_cbc,"cast");
- EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc");
- EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");
-#endif
-
-#ifndef OPENSSL_NO_RC5
- EVP_add_cipher(EVP_rc5_32_12_16_ecb());
- EVP_add_cipher(EVP_rc5_32_12_16_cfb());
- EVP_add_cipher(EVP_rc5_32_12_16_ofb());
- EVP_add_cipher(EVP_rc5_32_12_16_cbc());
- EVP_add_cipher_alias(SN_rc5_cbc,"rc5");
- EVP_add_cipher_alias(SN_rc5_cbc,"RC5");
-#endif
-
-#ifndef OPENSSL_NO_AES
- EVP_add_cipher(EVP_aes_128_ecb());
- EVP_add_cipher(EVP_aes_128_cbc());
- EVP_add_cipher(EVP_aes_128_cfb());
- EVP_add_cipher(EVP_aes_128_cfb1());
- EVP_add_cipher(EVP_aes_128_cfb8());
- EVP_add_cipher(EVP_aes_128_ofb());
-#if 0
- EVP_add_cipher(EVP_aes_128_ctr());
-#endif
- EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
- EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
- EVP_add_cipher(EVP_aes_192_ecb());
- EVP_add_cipher(EVP_aes_192_cbc());
- EVP_add_cipher(EVP_aes_192_cfb());
- EVP_add_cipher(EVP_aes_192_cfb1());
- EVP_add_cipher(EVP_aes_192_cfb8());
- EVP_add_cipher(EVP_aes_192_ofb());
-#if 0
- EVP_add_cipher(EVP_aes_192_ctr());
-#endif
- EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
- EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
- EVP_add_cipher(EVP_aes_256_ecb());
- EVP_add_cipher(EVP_aes_256_cbc());
- EVP_add_cipher(EVP_aes_256_cfb());
- EVP_add_cipher(EVP_aes_256_cfb1());
- EVP_add_cipher(EVP_aes_256_cfb8());
- EVP_add_cipher(EVP_aes_256_ofb());
-#if 0
- EVP_add_cipher(EVP_aes_256_ctr());
-#endif
- EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
- EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
-#endif
-
-#ifndef OPENSSL_NO_CAMELLIA
- EVP_add_cipher(EVP_camellia_128_ecb());
- EVP_add_cipher(EVP_camellia_128_cbc());
- EVP_add_cipher(EVP_camellia_128_cfb());
- EVP_add_cipher(EVP_camellia_128_cfb1());
- EVP_add_cipher(EVP_camellia_128_cfb8());
- EVP_add_cipher(EVP_camellia_128_ofb());
- EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128");
- EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128");
- EVP_add_cipher(EVP_camellia_192_ecb());
- EVP_add_cipher(EVP_camellia_192_cbc());
- EVP_add_cipher(EVP_camellia_192_cfb());
- EVP_add_cipher(EVP_camellia_192_cfb1());
- EVP_add_cipher(EVP_camellia_192_cfb8());
- EVP_add_cipher(EVP_camellia_192_ofb());
- EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192");
- EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192");
- EVP_add_cipher(EVP_camellia_256_ecb());
- EVP_add_cipher(EVP_camellia_256_cbc());
- EVP_add_cipher(EVP_camellia_256_cfb());
- EVP_add_cipher(EVP_camellia_256_cfb1());
- EVP_add_cipher(EVP_camellia_256_cfb8());
- EVP_add_cipher(EVP_camellia_256_ofb());
- EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
- EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
-#endif
-
- PKCS12_PBE_add();
- PKCS5_PBE_add();
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/c_allc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/c_allc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/c_allc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/c_allc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,227 @@
+/* crypto/evp/c_allc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void OpenSSL_add_all_ciphers(void)
+{
+
+#ifndef OPENSSL_NO_DES
+ EVP_add_cipher(EVP_des_cfb());
+ EVP_add_cipher(EVP_des_cfb1());
+ EVP_add_cipher(EVP_des_cfb8());
+ EVP_add_cipher(EVP_des_ede_cfb());
+ EVP_add_cipher(EVP_des_ede3_cfb());
+ EVP_add_cipher(EVP_des_ede3_cfb1());
+ EVP_add_cipher(EVP_des_ede3_cfb8());
+
+ EVP_add_cipher(EVP_des_ofb());
+ EVP_add_cipher(EVP_des_ede_ofb());
+ EVP_add_cipher(EVP_des_ede3_ofb());
+
+ EVP_add_cipher(EVP_desx_cbc());
+ EVP_add_cipher_alias(SN_desx_cbc, "DESX");
+ EVP_add_cipher_alias(SN_desx_cbc, "desx");
+
+ EVP_add_cipher(EVP_des_cbc());
+ EVP_add_cipher_alias(SN_des_cbc, "DES");
+ EVP_add_cipher_alias(SN_des_cbc, "des");
+ EVP_add_cipher(EVP_des_ede_cbc());
+ EVP_add_cipher(EVP_des_ede3_cbc());
+ EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
+ EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
+
+ EVP_add_cipher(EVP_des_ecb());
+ EVP_add_cipher(EVP_des_ede());
+ EVP_add_cipher(EVP_des_ede3());
+#endif
+
+#ifndef OPENSSL_NO_RC4
+ EVP_add_cipher(EVP_rc4());
+ EVP_add_cipher(EVP_rc4_40());
+#endif
+
+#ifndef OPENSSL_NO_IDEA
+ EVP_add_cipher(EVP_idea_ecb());
+ EVP_add_cipher(EVP_idea_cfb());
+ EVP_add_cipher(EVP_idea_ofb());
+ EVP_add_cipher(EVP_idea_cbc());
+ EVP_add_cipher_alias(SN_idea_cbc, "IDEA");
+ EVP_add_cipher_alias(SN_idea_cbc, "idea");
+#endif
+
+#ifndef OPENSSL_NO_SEED
+ EVP_add_cipher(EVP_seed_ecb());
+ EVP_add_cipher(EVP_seed_cfb());
+ EVP_add_cipher(EVP_seed_ofb());
+ EVP_add_cipher(EVP_seed_cbc());
+ EVP_add_cipher_alias(SN_seed_cbc, "SEED");
+ EVP_add_cipher_alias(SN_seed_cbc, "seed");
+#endif
+
+#ifndef OPENSSL_NO_RC2
+ EVP_add_cipher(EVP_rc2_ecb());
+ EVP_add_cipher(EVP_rc2_cfb());
+ EVP_add_cipher(EVP_rc2_ofb());
+ EVP_add_cipher(EVP_rc2_cbc());
+ EVP_add_cipher(EVP_rc2_40_cbc());
+ EVP_add_cipher(EVP_rc2_64_cbc());
+ EVP_add_cipher_alias(SN_rc2_cbc, "RC2");
+ EVP_add_cipher_alias(SN_rc2_cbc, "rc2");
+#endif
+
+#ifndef OPENSSL_NO_BF
+ EVP_add_cipher(EVP_bf_ecb());
+ EVP_add_cipher(EVP_bf_cfb());
+ EVP_add_cipher(EVP_bf_ofb());
+ EVP_add_cipher(EVP_bf_cbc());
+ EVP_add_cipher_alias(SN_bf_cbc, "BF");
+ EVP_add_cipher_alias(SN_bf_cbc, "bf");
+ EVP_add_cipher_alias(SN_bf_cbc, "blowfish");
+#endif
+
+#ifndef OPENSSL_NO_CAST
+ EVP_add_cipher(EVP_cast5_ecb());
+ EVP_add_cipher(EVP_cast5_cfb());
+ EVP_add_cipher(EVP_cast5_ofb());
+ EVP_add_cipher(EVP_cast5_cbc());
+ EVP_add_cipher_alias(SN_cast5_cbc, "CAST");
+ EVP_add_cipher_alias(SN_cast5_cbc, "cast");
+ EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc");
+ EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc");
+#endif
+
+#ifndef OPENSSL_NO_RC5
+ EVP_add_cipher(EVP_rc5_32_12_16_ecb());
+ EVP_add_cipher(EVP_rc5_32_12_16_cfb());
+ EVP_add_cipher(EVP_rc5_32_12_16_ofb());
+ EVP_add_cipher(EVP_rc5_32_12_16_cbc());
+ EVP_add_cipher_alias(SN_rc5_cbc, "rc5");
+ EVP_add_cipher_alias(SN_rc5_cbc, "RC5");
+#endif
+
+#ifndef OPENSSL_NO_AES
+ EVP_add_cipher(EVP_aes_128_ecb());
+ EVP_add_cipher(EVP_aes_128_cbc());
+ EVP_add_cipher(EVP_aes_128_cfb());
+ EVP_add_cipher(EVP_aes_128_cfb1());
+ EVP_add_cipher(EVP_aes_128_cfb8());
+ EVP_add_cipher(EVP_aes_128_ofb());
+# if 0
+ EVP_add_cipher(EVP_aes_128_ctr());
+# endif
+ EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
+ EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
+ EVP_add_cipher(EVP_aes_192_ecb());
+ EVP_add_cipher(EVP_aes_192_cbc());
+ EVP_add_cipher(EVP_aes_192_cfb());
+ EVP_add_cipher(EVP_aes_192_cfb1());
+ EVP_add_cipher(EVP_aes_192_cfb8());
+ EVP_add_cipher(EVP_aes_192_ofb());
+# if 0
+ EVP_add_cipher(EVP_aes_192_ctr());
+# endif
+ EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
+ EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
+ EVP_add_cipher(EVP_aes_256_ecb());
+ EVP_add_cipher(EVP_aes_256_cbc());
+ EVP_add_cipher(EVP_aes_256_cfb());
+ EVP_add_cipher(EVP_aes_256_cfb1());
+ EVP_add_cipher(EVP_aes_256_cfb8());
+ EVP_add_cipher(EVP_aes_256_ofb());
+# if 0
+ EVP_add_cipher(EVP_aes_256_ctr());
+# endif
+ EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
+ EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
+#endif
+
+#ifndef OPENSSL_NO_CAMELLIA
+ EVP_add_cipher(EVP_camellia_128_ecb());
+ EVP_add_cipher(EVP_camellia_128_cbc());
+ EVP_add_cipher(EVP_camellia_128_cfb());
+ EVP_add_cipher(EVP_camellia_128_cfb1());
+ EVP_add_cipher(EVP_camellia_128_cfb8());
+ EVP_add_cipher(EVP_camellia_128_ofb());
+ EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128");
+ EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128");
+ EVP_add_cipher(EVP_camellia_192_ecb());
+ EVP_add_cipher(EVP_camellia_192_cbc());
+ EVP_add_cipher(EVP_camellia_192_cfb());
+ EVP_add_cipher(EVP_camellia_192_cfb1());
+ EVP_add_cipher(EVP_camellia_192_cfb8());
+ EVP_add_cipher(EVP_camellia_192_ofb());
+ EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192");
+ EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192");
+ EVP_add_cipher(EVP_camellia_256_ecb());
+ EVP_add_cipher(EVP_camellia_256_cbc());
+ EVP_add_cipher(EVP_camellia_256_cfb());
+ EVP_add_cipher(EVP_camellia_256_cfb1());
+ EVP_add_cipher(EVP_camellia_256_cfb8());
+ EVP_add_cipher(EVP_camellia_256_ofb());
+ EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256");
+ EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256");
+#endif
+
+ PKCS12_PBE_add();
+ PKCS5_PBE_add();
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/c_alld.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/c_alld.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/c_alld.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,111 +0,0 @@
-/* crypto/evp/c_alld.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/pkcs12.h>
-#include <openssl/objects.h>
-
-void OpenSSL_add_all_digests(void)
- {
-#ifndef OPENSSL_NO_MD4
- EVP_add_digest(EVP_md4());
-#endif
-#ifndef OPENSSL_NO_MD5
- EVP_add_digest(EVP_md5());
- EVP_add_digest_alias(SN_md5,"ssl2-md5");
- EVP_add_digest_alias(SN_md5,"ssl3-md5");
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
- EVP_add_digest(EVP_sha());
-#ifndef OPENSSL_NO_DSA
- EVP_add_digest(EVP_dss());
-#endif
-#endif
-#ifndef OPENSSL_NO_SHA
- EVP_add_digest(EVP_sha1());
- EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
- EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
-#ifndef OPENSSL_NO_DSA
- EVP_add_digest(EVP_dss1());
- EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
- EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
- EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
-#endif
-#ifndef OPENSSL_NO_ECDSA
- EVP_add_digest(EVP_ecdsa());
-#endif
-#endif
-#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
- EVP_add_digest(EVP_mdc2());
-#endif
-#ifndef OPENSSL_NO_RIPEMD
- EVP_add_digest(EVP_ripemd160());
- EVP_add_digest_alias(SN_ripemd160,"ripemd");
- EVP_add_digest_alias(SN_ripemd160,"rmd160");
-#endif
-#ifndef OPENSSL_NO_SHA256
- EVP_add_digest(EVP_sha224());
- EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
- EVP_add_digest(EVP_sha384());
- EVP_add_digest(EVP_sha512());
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/c_alld.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/c_alld.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/c_alld.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/c_alld.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,111 @@
+/* crypto/evp/c_alld.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void OpenSSL_add_all_digests(void)
+{
+#ifndef OPENSSL_NO_MD4
+ EVP_add_digest(EVP_md4());
+#endif
+#ifndef OPENSSL_NO_MD5
+ EVP_add_digest(EVP_md5());
+ EVP_add_digest_alias(SN_md5, "ssl2-md5");
+ EVP_add_digest_alias(SN_md5, "ssl3-md5");
+#endif
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
+ EVP_add_digest(EVP_sha());
+# ifndef OPENSSL_NO_DSA
+ EVP_add_digest(EVP_dss());
+# endif
+#endif
+#ifndef OPENSSL_NO_SHA
+ EVP_add_digest(EVP_sha1());
+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+# ifndef OPENSSL_NO_DSA
+ EVP_add_digest(EVP_dss1());
+ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
+ EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
+ EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
+# endif
+# ifndef OPENSSL_NO_ECDSA
+ EVP_add_digest(EVP_ecdsa());
+# endif
+#endif
+#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+ EVP_add_digest(EVP_mdc2());
+#endif
+#ifndef OPENSSL_NO_RIPEMD
+ EVP_add_digest(EVP_ripemd160());
+ EVP_add_digest_alias(SN_ripemd160, "ripemd");
+ EVP_add_digest_alias(SN_ripemd160, "rmd160");
+#endif
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/dig_eng.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/dig_eng.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/dig_eng.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,180 +0,0 @@
-/* crypto/evp/digest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include "evp_locl.h"
-
-#ifndef OPENSSL_NO_ENGINE
-
-#ifdef OPENSSL_FIPS
-
-static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
- {
- if (*ptype)
- {
- /* Ensure an ENGINE left lying around from last time is cleared
- * (the previous check attempted to avoid this if the same
- * ENGINE and EVP_MD could be used). */
- if(ctx->engine)
- ENGINE_finish(ctx->engine);
- if(impl)
- {
- if (!ENGINE_init(impl))
- {
- EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- }
- else
- /* Ask if an ENGINE is reserved for this job */
- impl = ENGINE_get_digest_engine((*ptype)->type);
- if(impl)
- {
- /* There's an ENGINE for this job ... (apparently) */
- const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
- if(!d)
- {
- /* Same comment from evp_enc.c */
- EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- /* We'll use the ENGINE's private digest definition */
- *ptype = d;
- /* Store the ENGINE functional reference so we know
- * 'type' came from an ENGINE and we need to release
- * it when done. */
- ctx->engine = impl;
- }
- else
- ctx->engine = NULL;
- }
- else
- if(!ctx->digest)
- {
- EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_NO_DIGEST_SET);
- return 0;
- }
- return 1;
- }
-
-void int_EVP_MD_init_engine_callbacks(void)
- {
- int_EVP_MD_set_engine_callbacks(
- ENGINE_init, ENGINE_finish, do_evp_md_engine_full);
- }
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/dig_eng.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/dig_eng.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/dig_eng.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/dig_eng.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,176 @@
+/* crypto/evp/digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include "evp_locl.h"
+
+#ifndef OPENSSL_NO_ENGINE
+
+# ifdef OPENSSL_FIPS
+
+static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype,
+ ENGINE *impl)
+{
+ if (*ptype) {
+ /*
+ * Ensure an ENGINE left lying around from last time is cleared (the
+ * previous check attempted to avoid this if the same ENGINE and
+ * EVP_MD could be used).
+ */
+ if (ctx->engine)
+ ENGINE_finish(ctx->engine);
+ if (impl) {
+ if (!ENGINE_init(impl)) {
+ EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,
+ EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ } else
+ /* Ask if an ENGINE is reserved for this job */
+ impl = ENGINE_get_digest_engine((*ptype)->type);
+ if (impl) {
+ /* There's an ENGINE for this job ... (apparently) */
+ const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
+ if (!d) {
+ /* Same comment from evp_enc.c */
+ EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,
+ EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ /* We'll use the ENGINE's private digest definition */
+ *ptype = d;
+ /*
+ * Store the ENGINE functional reference so we know 'type' came
+ * from an ENGINE and we need to release it when done.
+ */
+ ctx->engine = impl;
+ } else
+ ctx->engine = NULL;
+ } else if (!ctx->digest) {
+ EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL, EVP_R_NO_DIGEST_SET);
+ return 0;
+ }
+ return 1;
+}
+
+void int_EVP_MD_init_engine_callbacks(void)
+{
+ int_EVP_MD_set_engine_callbacks(ENGINE_init, ENGINE_finish,
+ do_evp_md_engine_full);
+}
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/digest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/digest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/digest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,458 +0,0 @@
-/* crypto/evp/digest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include "evp_locl.h"
-
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
- {
- memset(ctx,'\0',sizeof *ctx);
- }
-
-EVP_MD_CTX *EVP_MD_CTX_create(void)
- {
- EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
-
- if (ctx)
- EVP_MD_CTX_init(ctx);
-
- return ctx;
- }
-
-int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
- {
- EVP_MD_CTX_init(ctx);
- return EVP_DigestInit_ex(ctx, type, NULL);
- }
-
-#ifdef OPENSSL_FIPS
-
-/* The purpose of these is to trap programs that attempt to use non FIPS
- * algorithms in FIPS mode and ignore the errors.
- */
-
-static int bad_init(EVP_MD_CTX *ctx)
- { FIPS_ERROR_IGNORED("Digest init"); return 0;}
-
-static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { FIPS_ERROR_IGNORED("Digest update"); return 0;}
-
-static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
- { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
-
-static const EVP_MD bad_md =
- {
- 0,
- 0,
- 0,
- 0,
- bad_init,
- bad_update,
- bad_final,
- NULL,
- NULL,
- NULL,
- 0,
- {0,0,0,0},
- };
-
-#endif
-
-#ifndef OPENSSL_NO_ENGINE
-
-#ifdef OPENSSL_FIPS
-
-static int do_engine_null(ENGINE *impl) { return 0;}
-static int do_evp_md_engine_null(EVP_MD_CTX *ctx,
- const EVP_MD **ptype, ENGINE *impl)
- { return 1; }
-
-static int (*do_engine_init)(ENGINE *impl)
- = do_engine_null;
-
-static int (*do_engine_finish)(ENGINE *impl)
- = do_engine_null;
-
-static int (*do_evp_md_engine)
- (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
- = do_evp_md_engine_null;
-
-void int_EVP_MD_set_engine_callbacks(
- int (*eng_md_init)(ENGINE *impl),
- int (*eng_md_fin)(ENGINE *impl),
- int (*eng_md_evp)
- (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl))
- {
- do_engine_init = eng_md_init;
- do_engine_finish = eng_md_fin;
- do_evp_md_engine = eng_md_evp;
- }
-
-#else
-
-#define do_engine_init ENGINE_init
-#define do_engine_finish ENGINE_finish
-
-static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
- {
- if (*ptype)
- {
- /* Ensure an ENGINE left lying around from last time is cleared
- * (the previous check attempted to avoid this if the same
- * ENGINE and EVP_MD could be used). */
- if(ctx->engine)
- ENGINE_finish(ctx->engine);
- if(impl)
- {
- if (!ENGINE_init(impl))
- {
- EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- }
- else
- /* Ask if an ENGINE is reserved for this job */
- impl = ENGINE_get_digest_engine((*ptype)->type);
- if(impl)
- {
- /* There's an ENGINE for this job ... (apparently) */
- const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
- if(!d)
- {
- /* Same comment from evp_enc.c */
- EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
- ENGINE_finish(impl);
- return 0;
- }
- /* We'll use the ENGINE's private digest definition */
- *ptype = d;
- /* Store the ENGINE functional reference so we know
- * 'type' came from an ENGINE and we need to release
- * it when done. */
- ctx->engine = impl;
- }
- else
- ctx->engine = NULL;
- }
- else
- if(!ctx->digest)
- {
- EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET);
- return 0;
- }
- return 1;
- }
-
-#endif
-
-#endif
-
-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
- {
- M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
-#ifdef OPENSSL_FIPS
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
- ctx->digest = &bad_md;
- return 0;
- }
-#endif
-#ifndef OPENSSL_NO_ENGINE
- /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
- * so this context may already have an ENGINE! Try to avoid releasing
- * the previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unecessary. */
- if (ctx->engine && ctx->digest && (!type ||
- (type && (type->type == ctx->digest->type))))
- goto skip_to_init;
- if (!do_evp_md_engine(ctx, &type, impl))
- return 0;
-#endif
- if (ctx->digest != type)
- {
-#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- {
- if (!(type->flags & EVP_MD_FLAG_FIPS)
- && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
- {
- EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
- ctx->digest = &bad_md;
- return 0;
- }
- }
-#endif
- if (ctx->digest && ctx->digest->ctx_size)
- OPENSSL_free(ctx->md_data);
- ctx->digest=type;
- if (type->ctx_size)
- {
- ctx->md_data=OPENSSL_malloc(type->ctx_size);
- if (!ctx->md_data)
- {
- EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- }
-#ifndef OPENSSL_NO_ENGINE
- skip_to_init:
-#endif
- return ctx->digest->init(ctx);
- }
-
-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
- size_t count)
- {
-#ifdef OPENSSL_FIPS
- FIPS_selftest_check();
-#endif
- return ctx->digest->update(ctx,data,count);
- }
-
-/* The caller can assume that this removes any secret data from the context */
-int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
- {
- int ret;
- ret = EVP_DigestFinal_ex(ctx, md, size);
- EVP_MD_CTX_cleanup(ctx);
- return ret;
- }
-
-/* The caller can assume that this removes any secret data from the context */
-int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
- {
- int ret;
-#ifdef OPENSSL_FIPS
- FIPS_selftest_check();
-#endif
-
- OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
- ret=ctx->digest->final(ctx,md);
- if (size != NULL)
- *size=ctx->digest->md_size;
- if (ctx->digest->cleanup)
- {
- ctx->digest->cleanup(ctx);
- M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
- }
- memset(ctx->md_data,0,ctx->digest->ctx_size);
- return ret;
- }
-
-int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
- {
- EVP_MD_CTX_init(out);
- return EVP_MD_CTX_copy_ex(out, in);
- }
-
-int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
- {
- unsigned char *tmp_buf;
- if ((in == NULL) || (in->digest == NULL))
- {
- EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED);
- return 0;
- }
-#ifndef OPENSSL_NO_ENGINE
- /* Make sure it's safe to copy a digest context using an ENGINE */
- if (in->engine && !do_engine_init(in->engine))
- {
- EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);
- return 0;
- }
-#endif
-
- if (out->digest == in->digest)
- {
- tmp_buf = out->md_data;
- M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
- }
- else tmp_buf = NULL;
- EVP_MD_CTX_cleanup(out);
- memcpy(out,in,sizeof *out);
-
- if (out->digest->ctx_size)
- {
- if (tmp_buf)
- out->md_data = tmp_buf;
- else
- {
- out->md_data=OPENSSL_malloc(out->digest->ctx_size);
- if (!out->md_data)
- {
- EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- memcpy(out->md_data,in->md_data,out->digest->ctx_size);
- }
-
- if (out->digest->copy)
- return out->digest->copy(out,in);
-
- return 1;
- }
-
-int EVP_Digest(const void *data, size_t count,
- unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
- {
- EVP_MD_CTX ctx;
- int ret;
-
- EVP_MD_CTX_init(&ctx);
- M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
- ret=EVP_DigestInit_ex(&ctx, type, impl)
- && EVP_DigestUpdate(&ctx, data, count)
- && EVP_DigestFinal_ex(&ctx, md, size);
- EVP_MD_CTX_cleanup(&ctx);
-
- return ret;
- }
-
-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
- {
- EVP_MD_CTX_cleanup(ctx);
- OPENSSL_free(ctx);
- }
-
-/* This call frees resources associated with the context */
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
- {
- /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
- * because sometimes only copies of the context are ever finalised.
- */
- if (ctx->digest && ctx->digest->cleanup
- && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
- ctx->digest->cleanup(ctx);
- if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
- && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
- {
- OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
- OPENSSL_free(ctx->md_data);
- }
-#ifndef OPENSSL_NO_ENGINE
- if(ctx->engine)
- /* The EVP_MD we used belongs to an ENGINE, release the
- * functional reference we held for this reason. */
- do_engine_finish(ctx->engine);
-#endif
- memset(ctx,'\0',sizeof *ctx);
-
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/digest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/digest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/digest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/digest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,460 @@
+/* crypto/evp/digest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include "evp_locl.h"
+
+void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+{
+ memset(ctx, '\0', sizeof *ctx);
+}
+
+EVP_MD_CTX *EVP_MD_CTX_create(void)
+{
+ EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+
+ if (ctx)
+ EVP_MD_CTX_init(ctx);
+
+ return ctx;
+}
+
+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
+{
+ EVP_MD_CTX_init(ctx);
+ return EVP_DigestInit_ex(ctx, type, NULL);
+}
+
+#ifdef OPENSSL_FIPS
+
+/*
+ * The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+
+static int bad_init(EVP_MD_CTX *ctx)
+{
+ FIPS_ERROR_IGNORED("Digest init");
+ return 0;
+}
+
+static int bad_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ FIPS_ERROR_IGNORED("Digest update");
+ return 0;
+}
+
+static int bad_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ FIPS_ERROR_IGNORED("Digest Final");
+ return 0;
+}
+
+static const EVP_MD bad_md = {
+ 0,
+ 0,
+ 0,
+ 0,
+ bad_init,
+ bad_update,
+ bad_final,
+ NULL,
+ NULL,
+ NULL,
+ 0,
+ {0, 0, 0, 0},
+};
+
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+
+# ifdef OPENSSL_FIPS
+
+static int do_engine_null(ENGINE *impl)
+{
+ return 0;
+}
+
+static int do_evp_md_engine_null(EVP_MD_CTX *ctx,
+ const EVP_MD **ptype, ENGINE *impl)
+{
+ return 1;
+}
+
+static int (*do_engine_init) (ENGINE *impl)
+ = do_engine_null;
+
+static int (*do_engine_finish) (ENGINE *impl)
+ = do_engine_null;
+
+static int (*do_evp_md_engine)
+ (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
+ = do_evp_md_engine_null;
+
+void int_EVP_MD_set_engine_callbacks(int (*eng_md_init) (ENGINE *impl),
+ int (*eng_md_fin) (ENGINE *impl),
+ int (*eng_md_evp)
+ (EVP_MD_CTX *ctx, const EVP_MD **ptype,
+ ENGINE *impl))
+{
+ do_engine_init = eng_md_init;
+ do_engine_finish = eng_md_fin;
+ do_evp_md_engine = eng_md_evp;
+}
+
+# else
+
+# define do_engine_init ENGINE_init
+# define do_engine_finish ENGINE_finish
+
+static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype,
+ ENGINE *impl)
+{
+ if (*ptype) {
+ /*
+ * Ensure an ENGINE left lying around from last time is cleared (the
+ * previous check attempted to avoid this if the same ENGINE and
+ * EVP_MD could be used).
+ */
+ if (ctx->engine)
+ ENGINE_finish(ctx->engine);
+ if (impl) {
+ if (!ENGINE_init(impl)) {
+ EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ } else
+ /* Ask if an ENGINE is reserved for this job */
+ impl = ENGINE_get_digest_engine((*ptype)->type);
+ if (impl) {
+ /* There's an ENGINE for this job ... (apparently) */
+ const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
+ if (!d) {
+ /* Same comment from evp_enc.c */
+ EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_INITIALIZATION_ERROR);
+ ENGINE_finish(impl);
+ return 0;
+ }
+ /* We'll use the ENGINE's private digest definition */
+ *ptype = d;
+ /*
+ * Store the ENGINE functional reference so we know 'type' came
+ * from an ENGINE and we need to release it when done.
+ */
+ ctx->engine = impl;
+ } else
+ ctx->engine = NULL;
+ } else if (!ctx->digest) {
+ EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_NO_DIGEST_SET);
+ return 0;
+ }
+ return 1;
+}
+
+# endif
+
+#endif
+
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+{
+ M_EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+#ifdef OPENSSL_FIPS
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_EVP_DIGESTINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED);
+ ctx->digest = &bad_md;
+ return 0;
+ }
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ /*
+ * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
+ * this context may already have an ENGINE! Try to avoid releasing the
+ * previous handle, re-querying for an ENGINE, and having a
+ * reinitialisation, when it may all be unecessary.
+ */
+ if (ctx->engine && ctx->digest && (!type ||
+ (type
+ && (type->type ==
+ ctx->digest->type))))
+ goto skip_to_init;
+ if (!do_evp_md_engine(ctx, &type, impl))
+ return 0;
+#endif
+ if (ctx->digest != type) {
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode()) {
+ if (!(type->flags & EVP_MD_FLAG_FIPS)
+ && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) {
+ EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
+ ctx->digest = &bad_md;
+ return 0;
+ }
+ }
+#endif
+ if (ctx->digest && ctx->digest->ctx_size)
+ OPENSSL_free(ctx->md_data);
+ ctx->digest = type;
+ if (type->ctx_size) {
+ ctx->md_data = OPENSSL_malloc(type->ctx_size);
+ if (!ctx->md_data) {
+ EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ }
+#ifndef OPENSSL_NO_ENGINE
+ skip_to_init:
+#endif
+ return ctx->digest->init(ctx);
+}
+
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
+ return ctx->digest->update(ctx, data, count);
+}
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+{
+ int ret;
+ ret = EVP_DigestFinal_ex(ctx, md, size);
+ EVP_MD_CTX_cleanup(ctx);
+ return ret;
+}
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+{
+ int ret;
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
+
+ OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
+ ret = ctx->digest->final(ctx, md);
+ if (size != NULL)
+ *size = ctx->digest->md_size;
+ if (ctx->digest->cleanup) {
+ ctx->digest->cleanup(ctx);
+ M_EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+ }
+ memset(ctx->md_data, 0, ctx->digest->ctx_size);
+ return ret;
+}
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+{
+ EVP_MD_CTX_init(out);
+ return EVP_MD_CTX_copy_ex(out, in);
+}
+
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+{
+ unsigned char *tmp_buf;
+ if ((in == NULL) || (in->digest == NULL)) {
+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
+ return 0;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ /* Make sure it's safe to copy a digest context using an ENGINE */
+ if (in->engine && !do_engine_init(in->engine)) {
+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
+ return 0;
+ }
+#endif
+
+ if (out->digest == in->digest) {
+ tmp_buf = out->md_data;
+ M_EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
+ } else
+ tmp_buf = NULL;
+ EVP_MD_CTX_cleanup(out);
+ memcpy(out, in, sizeof *out);
+
+ if (out->digest->ctx_size) {
+ if (tmp_buf)
+ out->md_data = tmp_buf;
+ else {
+ out->md_data = OPENSSL_malloc(out->digest->ctx_size);
+ if (!out->md_data) {
+ EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ memcpy(out->md_data, in->md_data, out->digest->ctx_size);
+ }
+
+ if (out->digest->copy)
+ return out->digest->copy(out, in);
+
+ return 1;
+}
+
+int EVP_Digest(const void *data, size_t count,
+ unsigned char *md, unsigned int *size, const EVP_MD *type,
+ ENGINE *impl)
+{
+ EVP_MD_CTX ctx;
+ int ret;
+
+ EVP_MD_CTX_init(&ctx);
+ M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ ret = EVP_DigestInit_ex(&ctx, type, impl)
+ && EVP_DigestUpdate(&ctx, data, count)
+ && EVP_DigestFinal_ex(&ctx, md, size);
+ EVP_MD_CTX_cleanup(&ctx);
+
+ return ret;
+}
+
+void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
+{
+ EVP_MD_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+}
+
+/* This call frees resources associated with the context */
+int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+{
+ /*
+ * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
+ * sometimes only copies of the context are ever finalised.
+ */
+ if (ctx->digest && ctx->digest->cleanup
+ && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
+ ctx->digest->cleanup(ctx);
+ if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
+ && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
+ OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+ OPENSSL_free(ctx->md_data);
+ }
+#ifndef OPENSSL_NO_ENGINE
+ if (ctx->engine)
+ /*
+ * The EVP_MD we used belongs to an ENGINE, release the functional
+ * reference we held for this reason.
+ */
+ do_engine_finish(ctx->engine);
+#endif
+ memset(ctx, '\0', sizeof *ctx);
+
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_aes.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_aes.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_aes.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,117 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_AES
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <string.h>
-#include <assert.h>
-#include <openssl/aes.h>
-#include "evp_locl.h"
-
-static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-
-typedef struct
- {
- AES_KEY ks;
- } EVP_AES_KEY;
-
-#define data(ctx) EVP_C_DATA(EVP_AES_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
- NID_aes_128, 16, 16, 16, 128,
- EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
- aes_init_key,
- NULL, NULL, NULL, NULL)
-IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
- NID_aes_192, 16, 24, 16, 128,
- EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
- aes_init_key,
- NULL, NULL, NULL, NULL)
-IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
- NID_aes_256, 16, 32, 16, 128,
- EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
- aes_init_key,
- NULL, NULL, NULL, NULL)
-
-#define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
-
-IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
-
-IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
-
-static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- int ret;
-
- if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
- || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
- || enc)
- ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
- else
- ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
-
- if(ret < 0)
- {
- EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
- return 0;
- }
-
- return 1;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_aes.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_aes.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_aes.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_aes.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,109 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_AES
+# include <openssl/evp.h>
+# include <openssl/err.h>
+# include <string.h>
+# include <assert.h>
+# include <openssl/aes.h>
+# include "evp_locl.h"
+
+static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+typedef struct {
+ AES_KEY ks;
+} EVP_AES_KEY;
+
+# define data(ctx) EVP_C_DATA(EVP_AES_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
+ NID_aes_128, 16, 16, 16, 128,
+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1,
+ aes_init_key, NULL, NULL, NULL, NULL)
+ IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
+ NID_aes_192, 16, 24, 16, 128,
+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1,
+ aes_init_key, NULL, NULL, NULL, NULL)
+ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
+ NID_aes_256, 16, 32, 16, 128,
+ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1,
+ aes_init_key, NULL, NULL, NULL, NULL)
+# define IMPLEMENT_AES_CFBR(ksize,cbits,flags) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
+ IMPLEMENT_AES_CFBR(128, 1, EVP_CIPH_FLAG_FIPS)
+ IMPLEMENT_AES_CFBR(192, 1, EVP_CIPH_FLAG_FIPS)
+ IMPLEMENT_AES_CFBR(256, 1, EVP_CIPH_FLAG_FIPS)
+
+ IMPLEMENT_AES_CFBR(128, 8, EVP_CIPH_FLAG_FIPS)
+ IMPLEMENT_AES_CFBR(192, 8, EVP_CIPH_FLAG_FIPS)
+ IMPLEMENT_AES_CFBR(256, 8, EVP_CIPH_FLAG_FIPS)
+
+static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ int ret;
+
+ if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
+ || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE || enc)
+ ret = AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+ else
+ ret = AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+
+ if (ret < 0) {
+ EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+ return 0;
+ }
+
+ return 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_bf.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_bf.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_bf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,88 +0,0 @@
-/* crypto/evp/e_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_BF
-#include <openssl/evp.h>
-#include "evp_locl.h"
-#include <openssl/objects.h>
-#include <openssl/blowfish.h>
-
-static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-
-typedef struct
- {
- BF_KEY ks;
- } EVP_BF_KEY;
-
-#define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
- EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-
-static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
- return 1;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_bf.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_bf.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_bf.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_bf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,87 @@
+/* crypto/evp/e_bf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#ifndef OPENSSL_NO_BF
+# include <openssl/evp.h>
+# include "evp_locl.h"
+# include <openssl/objects.h>
+# include <openssl/blowfish.h>
+
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+typedef struct {
+ BF_KEY ks;
+} EVP_BF_KEY;
+
+# define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
+ EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+ return 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_camellia.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_camellia.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_camellia.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,131 +0,0 @@
-/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_CAMELLIA
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <string.h>
-#include <assert.h>
-#include <openssl/camellia.h>
-#include "evp_locl.h"
-
-static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-
-/* Camellia subkey Structure */
-typedef struct
- {
- CAMELLIA_KEY ks;
- } EVP_CAMELLIA_KEY;
-
-/* Attribute operation for Camellia */
-#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY,
- NID_camellia_128, 16, 16, 16, 128,
- 0, camellia_init_key, NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL)
-IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY,
- NID_camellia_192, 16, 24, 16, 128,
- 0, camellia_init_key, NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL)
-IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
- NID_camellia_256, 16, 32, 16, 128,
- 0, camellia_init_key, NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL)
-
-#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0)
-
-IMPLEMENT_CAMELLIA_CFBR(128,1)
-IMPLEMENT_CAMELLIA_CFBR(192,1)
-IMPLEMENT_CAMELLIA_CFBR(256,1)
-
-IMPLEMENT_CAMELLIA_CFBR(128,8)
-IMPLEMENT_CAMELLIA_CFBR(192,8)
-IMPLEMENT_CAMELLIA_CFBR(256,8)
-
-
-
-/* The subkey for Camellia is generated. */
-static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- int ret;
-
- ret=Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);
-
- if(ret < 0)
- {
- EVPerr(EVP_F_CAMELLIA_INIT_KEY,EVP_R_CAMELLIA_KEY_SETUP_FAILED);
- return 0;
- }
-
- return 1;
- }
-
-#else
-
-# ifdef PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_camellia.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_camellia.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_camellia.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_camellia.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,119 @@
+/* crypto/evp/e_camellia.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_NO_CAMELLIA
+# include <openssl/evp.h>
+# include <openssl/err.h>
+# include <string.h>
+# include <assert.h>
+# include <openssl/camellia.h>
+# include "evp_locl.h"
+
+static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+/* Camellia subkey Structure */
+typedef struct {
+ CAMELLIA_KEY ks;
+} EVP_CAMELLIA_KEY;
+
+/* Attribute operation for Camellia */
+# define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY,
+ NID_camellia_128, 16, 16, 16, 128,
+ 0, camellia_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+ IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY,
+ NID_camellia_192, 16, 24, 16, 128,
+ 0, camellia_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+ IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY,
+ NID_camellia_256, 16, 32, 16, 128,
+ 0, camellia_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+# define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16,0)
+ IMPLEMENT_CAMELLIA_CFBR(128, 1)
+ IMPLEMENT_CAMELLIA_CFBR(192, 1)
+ IMPLEMENT_CAMELLIA_CFBR(256, 1)
+
+ IMPLEMENT_CAMELLIA_CFBR(128, 8)
+ IMPLEMENT_CAMELLIA_CFBR(192, 8)
+ IMPLEMENT_CAMELLIA_CFBR(256, 8)
+
+/* The subkey for Camellia is generated. */
+static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ int ret;
+
+ ret = Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data);
+
+ if (ret < 0) {
+ EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
+ return 0;
+ }
+
+ return 1;
+}
+
+#else
+
+# ifdef PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_cast.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_cast.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_cast.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,90 +0,0 @@
-/* crypto/evp/e_cast.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_CAST
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/cast.h>
-
-static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv,int enc);
-
-typedef struct
- {
- CAST_KEY ks;
- } EVP_CAST_KEY;
-
-#define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY,
- NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
- EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-
-static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
- return 1;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_cast.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_cast.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_cast.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_cast.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,89 @@
+/* crypto/evp/e_cast.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_CAST
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/cast.h>
+
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+typedef struct {
+ CAST_KEY ks;
+} EVP_CAST_KEY;
+
+# define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY,
+ NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
+ EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+ return 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_des.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,179 +0,0 @@
-/* crypto/evp/e_des.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_DES
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-
-/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
-
-static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
-{
- BLOCK_CIPHER_ecb_loop()
- DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt);
- return 1;
-}
-
-static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
-{
- DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num);
- return 1;
-}
-
-static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
-{
- DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
- (DES_cblock *)ctx->iv, ctx->encrypt);
- return 1;
-}
-
-static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
-{
- DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
- (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
- return 1;
-}
-
-/* Although we have a CFB-r implementation for DES, it doesn't pack the right
- way, so wrap it here */
-static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
- unsigned int n;
- unsigned char c[1],d[1];
-
- for(n=0 ; n < inl ; ++n)
- {
- c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
- DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
- ctx->encrypt);
- out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
- }
- return 1;
- }
-
-static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
- DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,
- ctx->encrypt);
- return 1;
- }
-
-BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
- EVP_CIPH_RAND_KEY,
- des_init_key, NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- des_ctrl)
-
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
- EVP_CIPH_RAND_KEY,
- des_init_key, NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,des_ctrl)
-
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
- EVP_CIPH_RAND_KEY,
- des_init_key,NULL,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,des_ctrl)
-
-static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- DES_cblock *deskey = (DES_cblock *)key;
-#ifdef EVP_CHECK_DES_KEY
- if(DES_set_key_checked(deskey,ctx->cipher_data) != 0)
- return 0;
-#else
- DES_set_key_unchecked(deskey,ctx->cipher_data);
-#endif
- return 1;
- }
-
-static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
- {
-
- switch(type)
- {
- case EVP_CTRL_RAND_KEY:
- if (RAND_bytes(ptr, 8) <= 0)
- return 0;
- DES_set_odd_parity((DES_cblock *)ptr);
- return 1;
-
- default:
- return -1;
- }
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_des.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,182 @@
+/* crypto/evp/e_des.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#ifndef OPENSSL_NO_DES
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/des.h>
+# include <openssl/rand.h>
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+/*
+ * Because of various casts and different names can't use
+ * IMPLEMENT_BLOCK_CIPHER
+ */
+
+static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ BLOCK_CIPHER_ecb_loop()
+ DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
+ ctx->cipher_data, ctx->encrypt);
+ return 1;
+}
+
+static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
+ (DES_cblock *)ctx->iv, &ctx->num);
+ return 1;
+}
+
+static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
+ (DES_cblock *)ctx->iv, ctx->encrypt);
+ return 1;
+}
+
+static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
+ (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+ return 1;
+}
+
+/*
+ * Although we have a CFB-r implementation for DES, it doesn't pack the right
+ * way, so wrap it here
+ */
+static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ unsigned int n;
+ unsigned char c[1], d[1];
+
+ for (n = 0; n < inl; ++n) {
+ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+ DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data, (DES_cblock *)ctx->iv,
+ ctx->encrypt);
+ out[n / 8] =
+ (out[n / 8] & ~(0x80 >> (n % 8))) | ((d[0] & 0x80) >> (n % 8));
+ }
+ return 1;
+}
+
+static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ DES_cfb_encrypt(in, out, 8, inl, ctx->cipher_data, (DES_cblock *)ctx->iv,
+ ctx->encrypt);
+ return 1;
+}
+
+BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
+ EVP_CIPH_RAND_KEY,
+ des_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+
+BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 1,
+ EVP_CIPH_RAND_KEY,
+ des_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 8,
+ EVP_CIPH_RAND_KEY,
+ des_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ DES_cblock *deskey = (DES_cblock *)key;
+# ifdef EVP_CHECK_DES_KEY
+ if (DES_set_key_checked(deskey, ctx->cipher_data) != 0)
+ return 0;
+# else
+ DES_set_key_unchecked(deskey, ctx->cipher_data);
+# endif
+ return 1;
+}
+
+static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+
+ switch (type) {
+ case EVP_CTRL_RAND_KEY:
+ if (RAND_bytes(ptr, 8) <= 0)
+ return 0;
+ DES_set_odd_parity((DES_cblock *)ptr);
+ return 1;
+
+ default:
+ return -1;
+ }
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des3.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_des3.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des3.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,270 +0,0 @@
-/* crypto/evp/e_des3.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#ifndef OPENSSL_NO_DES
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/des.h>
-#include <openssl/rand.h>
-
-static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv,int enc);
-
-static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv,int enc);
-
-static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-
-typedef struct
- {
- DES_key_schedule ks1;/* key schedule */
- DES_key_schedule ks2;/* key schedule (for ede) */
- DES_key_schedule ks3;/* key schedule (for ede3) */
- } DES_EDE_KEY;
-
-#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
-
-/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
-
-static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
-{
- BLOCK_CIPHER_ecb_loop()
- DES_ecb3_encrypt((const_DES_cblock *)(in + i),
- (DES_cblock *)(out + i),
- &data(ctx)->ks1, &data(ctx)->ks2,
- &data(ctx)->ks3,
- ctx->encrypt);
- return 1;
-}
-
-static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
-{
- DES_ede3_ofb64_encrypt(in, out, (long)inl,
- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
- (DES_cblock *)ctx->iv, &ctx->num);
- return 1;
-}
-
-static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
-{
-#ifdef KSSL_DEBUG
- {
- int i;
- printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len);
- printf("\t iv= ");
- for(i=0;i<8;i++)
- printf("%02X",ctx->iv[i]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
- DES_ede3_cbc_encrypt(in, out, (long)inl,
- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
- (DES_cblock *)ctx->iv, ctx->encrypt);
- return 1;
-}
-
-static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
-{
- DES_ede3_cfb64_encrypt(in, out, (long)inl,
- &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
- (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
- return 1;
-}
-
-/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
- way, so wrap it here */
-static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
- unsigned int n;
- unsigned char c[1],d[1];
-
- for(n=0 ; n < inl ; ++n)
- {
- c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
- DES_ede3_cfb_encrypt(c,d,1,1,
- &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
- (DES_cblock *)ctx->iv,ctx->encrypt);
- out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
- }
-
- return 1;
- }
-
-static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
- DES_ede3_cfb_encrypt(in,out,8,inl,
- &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
- (DES_cblock *)ctx->iv,ctx->encrypt);
- return 1;
- }
-
-BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
- EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
- des_ede_init_key,
- NULL, NULL, NULL,
- des3_ctrl)
-
-#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
-#define des_ede3_ofb_cipher des_ede_ofb_cipher
-#define des_ede3_cbc_cipher des_ede_cbc_cipher
-#define des_ede3_ecb_cipher des_ede_ecb_cipher
-
-BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
- EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
- des_ede3_init_key,
- NULL, NULL, NULL,
- des3_ctrl)
-
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
- EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
- des_ede3_init_key,
- NULL, NULL, NULL,
- des3_ctrl)
-
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
- EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
- des_ede3_init_key,
- NULL, NULL, NULL,
- des3_ctrl)
-
-static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- DES_cblock *deskey = (DES_cblock *)key;
-#ifdef EVP_CHECK_DES_KEY
- if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
- !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2))
- return 0;
-#else
- DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
- DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
-#endif
- memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
- sizeof(data(ctx)->ks1));
- return 1;
- }
-
-static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- DES_cblock *deskey = (DES_cblock *)key;
-#ifdef KSSL_DEBUG
- {
- int i;
- printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx);
- printf("\tKEY= ");
- for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
- printf("\t IV= ");
- for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
-#ifdef EVP_CHECK_DES_KEY
- if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
- || DES_set_key_checked(&deskey[1],&data(ctx)->ks2)
- || DES_set_key_checked(&deskey[2],&data(ctx)->ks3))
- return 0;
-#else
- DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
- DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
- DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
-#endif
- return 1;
- }
-
-static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
- {
-
- DES_cblock *deskey = ptr;
-
- switch(type)
- {
- case EVP_CTRL_RAND_KEY:
- if (RAND_bytes(ptr, c->key_len) <= 0)
- return 0;
- DES_set_odd_parity(deskey);
- if (c->key_len >= 16)
- DES_set_odd_parity(deskey + 1);
- if (c->key_len >= 24)
- DES_set_odd_parity(deskey + 2);
- return 1;
-
- default:
- return -1;
- }
- }
-
-const EVP_CIPHER *EVP_des_ede(void)
-{
- return &des_ede_ecb;
-}
-
-const EVP_CIPHER *EVP_des_ede3(void)
-{
- return &des_ede3_ecb;
-}
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des3.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_des3.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des3.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_des3.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,271 @@
+/* crypto/evp/e_des3.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#ifndef OPENSSL_NO_DES
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/des.h>
+# include <openssl/rand.h>
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+typedef struct {
+ DES_key_schedule ks1; /* key schedule */
+ DES_key_schedule ks2; /* key schedule (for ede) */
+ DES_key_schedule ks3; /* key schedule (for ede3) */
+} DES_EDE_KEY;
+
+# define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
+
+/*
+ * Because of various casts and different args can't use
+ * IMPLEMENT_BLOCK_CIPHER
+ */
+
+static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ BLOCK_CIPHER_ecb_loop()
+ DES_ecb3_encrypt((const_DES_cblock *)(in + i),
+ (DES_cblock *)(out + i),
+ &data(ctx)->ks1, &data(ctx)->ks2,
+ &data(ctx)->ks3, ctx->encrypt);
+ return 1;
+}
+
+static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ DES_ede3_ofb64_encrypt(in, out, (long)inl,
+ &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+ (DES_cblock *)ctx->iv, &ctx->num);
+ return 1;
+}
+
+static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+# ifdef KSSL_DEBUG
+ {
+ int i;
+ printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx,
+ ctx->buf_len);
+ printf("\t iv= ");
+ for (i = 0; i < 8; i++)
+ printf("%02X", ctx->iv[i]);
+ printf("\n");
+ }
+# endif /* KSSL_DEBUG */
+ DES_ede3_cbc_encrypt(in, out, (long)inl,
+ &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+ (DES_cblock *)ctx->iv, ctx->encrypt);
+ return 1;
+}
+
+static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ DES_ede3_cfb64_encrypt(in, out, (long)inl,
+ &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+ (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+ return 1;
+}
+
+/*
+ * Although we have a CFB-r implementation for 3-DES, it doesn't pack the
+ * right way, so wrap it here
+ */
+static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ unsigned int n;
+ unsigned char c[1], d[1];
+
+ for (n = 0; n < inl; ++n) {
+ c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+ DES_ede3_cfb_encrypt(c, d, 1, 1,
+ &data(ctx)->ks1, &data(ctx)->ks2,
+ &data(ctx)->ks3, (DES_cblock *)ctx->iv,
+ ctx->encrypt);
+ out[n / 8] =
+ (out[n / 8] & ~(0x80 >> (n % 8))) | ((d[0] & 0x80) >> (n % 8));
+ }
+
+ return 1;
+}
+
+static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ DES_ede3_cfb_encrypt(in, out, 8, inl,
+ &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+ (DES_cblock *)ctx->iv, ctx->encrypt);
+ return 1;
+}
+
+BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede_init_key, NULL, NULL,
+ NULL, des3_ctrl)
+# define des_ede3_cfb64_cipher des_ede_cfb64_cipher
+# define des_ede3_ofb_cipher des_ede_ofb_cipher
+# define des_ede3_cbc_cipher des_ede_cbc_cipher
+# define des_ede3_ecb_cipher des_ede_ecb_cipher
+ BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL,
+ des3_ctrl)
+
+ BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL,
+ NULL, des3_ctrl)
+
+ BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
+ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
+ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL,
+ NULL, des3_ctrl)
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ DES_cblock *deskey = (DES_cblock *)key;
+# ifdef EVP_CHECK_DES_KEY
+ if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
+ ! !DES_set_key_checked(&deskey[1], &data(ctx)->ks2))
+ return 0;
+# else
+ DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
+ DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
+# endif
+ memcpy(&data(ctx)->ks3, &data(ctx)->ks1, sizeof(data(ctx)->ks1));
+ return 1;
+}
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ DES_cblock *deskey = (DES_cblock *)key;
+# ifdef KSSL_DEBUG
+ {
+ int i;
+ printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx);
+ printf("\tKEY= ");
+ for (i = 0; i < 24; i++)
+ printf("%02X", key[i]);
+ printf("\n");
+ printf("\t IV= ");
+ for (i = 0; i < 8; i++)
+ printf("%02X", iv[i]);
+ printf("\n");
+ }
+# endif /* KSSL_DEBUG */
+
+# ifdef EVP_CHECK_DES_KEY
+ if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
+ || DES_set_key_checked(&deskey[1], &data(ctx)->ks2)
+ || DES_set_key_checked(&deskey[2], &data(ctx)->ks3))
+ return 0;
+# else
+ DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
+ DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
+ DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3);
+# endif
+ return 1;
+}
+
+static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+
+ DES_cblock *deskey = ptr;
+
+ switch (type) {
+ case EVP_CTRL_RAND_KEY:
+ if (RAND_bytes(ptr, c->key_len) <= 0)
+ return 0;
+ DES_set_odd_parity(deskey);
+ if (c->key_len >= 16)
+ DES_set_odd_parity(deskey + 1);
+ if (c->key_len >= 24)
+ DES_set_odd_parity(deskey + 2);
+ return 1;
+
+ default:
+ return -1;
+ }
+}
+
+const EVP_CIPHER *EVP_des_ede(void)
+{
+ return &des_ede_ecb;
+}
+
+const EVP_CIPHER *EVP_des_ede3(void)
+{
+ return &des_ede3_ecb;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_dsa.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_dsa.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_dsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,71 +0,0 @@
-/* crypto/evp/e_dsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-static EVP_PKEY_METHOD dss_method=
- {
- DSA_sign,
- DSA_verify,
- {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,NULL},
- };
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_dsa.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_dsa.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_dsa.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_dsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,69 @@
+/* crypto/evp/e_dsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+static EVP_PKEY_METHOD dss_method = {
+ DSA_sign,
+ DSA_verify,
+ {EVP_PKEY_DSA, EVP_PKEY_DSA2, EVP_PKEY_DSA3, NULL},
+};
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_idea.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_idea.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_idea.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,118 +0,0 @@
-/* crypto/evp/e_idea.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_IDEA
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/idea.h>
-
-static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv,int enc);
-
-/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special
- * case
- */
-
-static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
-{
- BLOCK_CIPHER_ecb_loop()
- idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
- return 1;
-}
-
-/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
-
-typedef struct
- {
- IDEA_KEY_SCHEDULE ks;
- } EVP_IDEA_KEY;
-
-BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
-BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
-BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
-
-BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
- 0, idea_init_key, NULL,
- EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-
-static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- if(!enc) {
- if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1;
- else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1;
- }
- if (enc) idea_set_encrypt_key(key,ctx->cipher_data);
- else
- {
- IDEA_KEY_SCHEDULE tmp;
-
- idea_set_encrypt_key(key,&tmp);
- idea_set_decrypt_key(&tmp,ctx->cipher_data);
- OPENSSL_cleanse((unsigned char *)&tmp,
- sizeof(IDEA_KEY_SCHEDULE));
- }
- return 1;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_idea.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_idea.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_idea.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_idea.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,119 @@
+/* crypto/evp/e_idea.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/idea.h>
+
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+/*
+ * NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a
+ * special case
+ */
+
+static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ BLOCK_CIPHER_ecb_loop()
+ idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
+ return 1;
+}
+
+/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
+
+typedef struct {
+ IDEA_KEY_SCHEDULE ks;
+} EVP_IDEA_KEY;
+
+BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
+ BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
+ BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
+
+ BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
+ 0, idea_init_key, NULL,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ if (!enc) {
+ if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
+ enc = 1;
+ else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE)
+ enc = 1;
+ }
+ if (enc)
+ idea_set_encrypt_key(key, ctx->cipher_data);
+ else {
+ IDEA_KEY_SCHEDULE tmp;
+
+ idea_set_encrypt_key(key, &tmp);
+ idea_set_decrypt_key(&tmp, ctx->cipher_data);
+ OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE));
+ }
+ return 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_null.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_null.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_null.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,102 +0,0 @@
-/* crypto/evp/e_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv,int enc);
-static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl);
-static const EVP_CIPHER n_cipher=
- {
- NID_undef,
- 1,0,0,
- EVP_CIPH_FLAG_FIPS,
- null_init_key,
- null_cipher,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-
-const EVP_CIPHER *EVP_enc_null(void)
- {
- return(&n_cipher);
- }
-
-static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- /* memset(&(ctx->c),0,sizeof(ctx->c));*/
- return 1;
- }
-
-static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
- if (in != out)
- memcpy((char *)out,(const char *)in,(size_t)inl);
- return 1;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_null.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_null.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_null.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_null.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,100 @@
+/* crypto/evp/e_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl);
+static const EVP_CIPHER n_cipher = {
+ NID_undef,
+ 1, 0, 0,
+ EVP_CIPH_FLAG_FIPS,
+ null_init_key,
+ null_cipher,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+const EVP_CIPHER *EVP_enc_null(void)
+{
+ return (&n_cipher);
+}
+
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ /* memset(&(ctx->c),0,sizeof(ctx->c)); */
+ return 1;
+}
+
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ if (in != out)
+ memcpy((char *)out, (const char *)in, (size_t)inl);
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_old.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_old.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_old.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,125 +0,0 @@
-/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifdef OPENSSL_NO_DEPRECATED
-static void *dummy = &dummy;
-#else
-
-#include <openssl/evp.h>
-
-/* Define some deprecated functions, so older programs
- don't crash and burn too quickly. On Windows and VMS,
- these will never be used, since functions and variables
- in shared libraries are selected by entry point location,
- not by name. */
-
-#ifndef OPENSSL_NO_BF
-#undef EVP_bf_cfb
-const EVP_CIPHER *EVP_bf_cfb(void);
-const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_DES
-#undef EVP_des_cfb
-const EVP_CIPHER *EVP_des_cfb(void);
-const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); }
-#undef EVP_des_ede3_cfb
-const EVP_CIPHER *EVP_des_ede3_cfb(void);
-const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); }
-#undef EVP_des_ede_cfb
-const EVP_CIPHER *EVP_des_ede_cfb(void);
-const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_IDEA
-#undef EVP_idea_cfb
-const EVP_CIPHER *EVP_idea_cfb(void);
-const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_RC2
-#undef EVP_rc2_cfb
-const EVP_CIPHER *EVP_rc2_cfb(void);
-const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_CAST
-#undef EVP_cast5_cfb
-const EVP_CIPHER *EVP_cast5_cfb(void);
-const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_RC5
-#undef EVP_rc5_32_12_16_cfb
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); }
-#endif
-
-#ifndef OPENSSL_NO_AES
-#undef EVP_aes_128_cfb
-const EVP_CIPHER *EVP_aes_128_cfb(void);
-const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); }
-#undef EVP_aes_192_cfb
-const EVP_CIPHER *EVP_aes_192_cfb(void);
-const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); }
-#undef EVP_aes_256_cfb
-const EVP_CIPHER *EVP_aes_256_cfb(void);
-const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); }
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_old.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_old.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_old.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_old.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,164 @@
+/* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifdef OPENSSL_NO_DEPRECATED
+static void *dummy = &dummy;
+#else
+
+# include <openssl/evp.h>
+
+/*
+ * Define some deprecated functions, so older programs don't crash and burn
+ * too quickly. On Windows and VMS, these will never be used, since
+ * functions and variables in shared libraries are selected by entry point
+ * location, not by name.
+ */
+
+# ifndef OPENSSL_NO_BF
+# undef EVP_bf_cfb
+const EVP_CIPHER *EVP_bf_cfb(void);
+const EVP_CIPHER *EVP_bf_cfb(void)
+{
+ return EVP_bf_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_DES
+# undef EVP_des_cfb
+const EVP_CIPHER *EVP_des_cfb(void);
+const EVP_CIPHER *EVP_des_cfb(void)
+{
+ return EVP_des_cfb64();
+}
+
+# undef EVP_des_ede3_cfb
+const EVP_CIPHER *EVP_des_ede3_cfb(void);
+const EVP_CIPHER *EVP_des_ede3_cfb(void)
+{
+ return EVP_des_ede3_cfb64();
+}
+
+# undef EVP_des_ede_cfb
+const EVP_CIPHER *EVP_des_ede_cfb(void);
+const EVP_CIPHER *EVP_des_ede_cfb(void)
+{
+ return EVP_des_ede_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_IDEA
+# undef EVP_idea_cfb
+const EVP_CIPHER *EVP_idea_cfb(void);
+const EVP_CIPHER *EVP_idea_cfb(void)
+{
+ return EVP_idea_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_RC2
+# undef EVP_rc2_cfb
+const EVP_CIPHER *EVP_rc2_cfb(void);
+const EVP_CIPHER *EVP_rc2_cfb(void)
+{
+ return EVP_rc2_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_CAST
+# undef EVP_cast5_cfb
+const EVP_CIPHER *EVP_cast5_cfb(void);
+const EVP_CIPHER *EVP_cast5_cfb(void)
+{
+ return EVP_cast5_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_RC5
+# undef EVP_rc5_32_12_16_cfb
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+{
+ return EVP_rc5_32_12_16_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_AES
+# undef EVP_aes_128_cfb
+const EVP_CIPHER *EVP_aes_128_cfb(void);
+const EVP_CIPHER *EVP_aes_128_cfb(void)
+{
+ return EVP_aes_128_cfb128();
+}
+
+# undef EVP_aes_192_cfb
+const EVP_CIPHER *EVP_aes_192_cfb(void);
+const EVP_CIPHER *EVP_aes_192_cfb(void)
+{
+ return EVP_aes_192_cfb128();
+}
+
+# undef EVP_aes_256_cfb
+const EVP_CIPHER *EVP_aes_256_cfb(void);
+const EVP_CIPHER *EVP_aes_256_cfb(void)
+{
+ return EVP_aes_256_cfb128();
+}
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_rc2.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,232 +0,0 @@
-/* crypto/evp/e_rc2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_RC2
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/rc2.h>
-
-static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv,int enc);
-static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
-static int rc2_magic_to_meth(int i);
-static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-
-typedef struct
- {
- int key_bits; /* effective key bits */
- RC2_KEY ks; /* key schedule */
- } EVP_RC2_KEY;
-
-#define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data)
-
-IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
- 8,
- RC2_KEY_LENGTH, 8, 64,
- EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
- rc2_init_key, NULL,
- rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv,
- rc2_ctrl)
-
-#define RC2_40_MAGIC 0xa0
-#define RC2_64_MAGIC 0x78
-#define RC2_128_MAGIC 0x3a
-
-static const EVP_CIPHER r2_64_cbc_cipher=
- {
- NID_rc2_64_cbc,
- 8,8 /* 64 bit */,8,
- EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
- rc2_init_key,
- rc2_cbc_cipher,
- NULL,
- sizeof(EVP_RC2_KEY),
- rc2_set_asn1_type_and_iv,
- rc2_get_asn1_type_and_iv,
- rc2_ctrl,
- NULL
- };
-
-static const EVP_CIPHER r2_40_cbc_cipher=
- {
- NID_rc2_40_cbc,
- 8,5 /* 40 bit */,8,
- EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
- rc2_init_key,
- rc2_cbc_cipher,
- NULL,
- sizeof(EVP_RC2_KEY),
- rc2_set_asn1_type_and_iv,
- rc2_get_asn1_type_and_iv,
- rc2_ctrl,
- NULL
- };
-
-const EVP_CIPHER *EVP_rc2_64_cbc(void)
- {
- return(&r2_64_cbc_cipher);
- }
-
-const EVP_CIPHER *EVP_rc2_40_cbc(void)
- {
- return(&r2_40_cbc_cipher);
- }
-
-static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
- key,data(ctx)->key_bits);
- return 1;
- }
-
-static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
- {
- int i;
-
- EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
- if (i == 128) return(RC2_128_MAGIC);
- else if (i == 64) return(RC2_64_MAGIC);
- else if (i == 40) return(RC2_40_MAGIC);
- else return(0);
- }
-
-static int rc2_magic_to_meth(int i)
- {
- if (i == RC2_128_MAGIC) return 128;
- else if (i == RC2_64_MAGIC) return 64;
- else if (i == RC2_40_MAGIC) return 40;
- else
- {
- EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);
- return(0);
- }
- }
-
-static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
- {
- long num=0;
- int i=0;
- int key_bits;
- unsigned int l;
- unsigned char iv[EVP_MAX_IV_LENGTH];
-
- if (type != NULL)
- {
- l=EVP_CIPHER_CTX_iv_length(c);
- OPENSSL_assert(l <= sizeof(iv));
- i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
- if (i != (int)l)
- return(-1);
- key_bits =rc2_magic_to_meth((int)num);
- if (!key_bits)
- return(-1);
- if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
- EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
- EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
- }
- return(i);
- }
-
-static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
- {
- long num;
- int i=0,j;
-
- if (type != NULL)
- {
- num=rc2_meth_to_magic(c);
- j=EVP_CIPHER_CTX_iv_length(c);
- i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
- }
- return(i);
- }
-
-static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
- {
- switch(type)
- {
- case EVP_CTRL_INIT:
- data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
- return 1;
-
- case EVP_CTRL_GET_RC2_KEY_BITS:
- *(int *)ptr = data(c)->key_bits;
- return 1;
-
- case EVP_CTRL_SET_RC2_KEY_BITS:
- if(arg > 0)
- {
- data(c)->key_bits = arg;
- return 1;
- }
- return 0;
-
- default:
- return -1;
- }
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc2.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_rc2.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc2.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,230 @@
+/* crypto/evp/e_rc2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_RC2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/rc2.h>
+
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
+static int rc2_magic_to_meth(int i);
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+typedef struct {
+ int key_bits; /* effective key bits */
+ RC2_KEY ks; /* key schedule */
+} EVP_RC2_KEY;
+
+# define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data)
+
+IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
+ 8,
+ RC2_KEY_LENGTH, 8, 64,
+ EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+ rc2_init_key, NULL,
+ rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv,
+ rc2_ctrl)
+# define RC2_40_MAGIC 0xa0
+# define RC2_64_MAGIC 0x78
+# define RC2_128_MAGIC 0x3a
+static const EVP_CIPHER r2_64_cbc_cipher = {
+ NID_rc2_64_cbc,
+ 8, 8 /* 64 bit */ , 8,
+ EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+ rc2_init_key,
+ rc2_cbc_cipher,
+ NULL,
+ sizeof(EVP_RC2_KEY),
+ rc2_set_asn1_type_and_iv,
+ rc2_get_asn1_type_and_iv,
+ rc2_ctrl,
+ NULL
+};
+
+static const EVP_CIPHER r2_40_cbc_cipher = {
+ NID_rc2_40_cbc,
+ 8, 5 /* 40 bit */ , 8,
+ EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+ rc2_init_key,
+ rc2_cbc_cipher,
+ NULL,
+ sizeof(EVP_RC2_KEY),
+ rc2_set_asn1_type_and_iv,
+ rc2_get_asn1_type_and_iv,
+ rc2_ctrl,
+ NULL
+};
+
+const EVP_CIPHER *EVP_rc2_64_cbc(void)
+{
+ return (&r2_64_cbc_cipher);
+}
+
+const EVP_CIPHER *EVP_rc2_40_cbc(void)
+{
+ return (&r2_40_cbc_cipher);
+}
+
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+ key, data(ctx)->key_bits);
+ return 1;
+}
+
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
+{
+ int i;
+
+ EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
+ if (i == 128)
+ return (RC2_128_MAGIC);
+ else if (i == 64)
+ return (RC2_64_MAGIC);
+ else if (i == 40)
+ return (RC2_40_MAGIC);
+ else
+ return (0);
+}
+
+static int rc2_magic_to_meth(int i)
+{
+ if (i == RC2_128_MAGIC)
+ return 128;
+ else if (i == RC2_64_MAGIC)
+ return 64;
+ else if (i == RC2_40_MAGIC)
+ return 40;
+ else {
+ EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE);
+ return (0);
+ }
+}
+
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+ long num = 0;
+ int i = 0;
+ int key_bits;
+ unsigned int l;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+
+ if (type != NULL) {
+ l = EVP_CIPHER_CTX_iv_length(c);
+ OPENSSL_assert(l <= sizeof(iv));
+ i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
+ if (i != (int)l)
+ return (-1);
+ key_bits = rc2_magic_to_meth((int)num);
+ if (!key_bits)
+ return (-1);
+ if (i > 0)
+ EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
+ EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
+ EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
+ }
+ return (i);
+}
+
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+ long num;
+ int i = 0, j;
+
+ if (type != NULL) {
+ num = rc2_meth_to_magic(c);
+ j = EVP_CIPHER_CTX_iv_length(c);
+ i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
+ }
+ return (i);
+}
+
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+ switch (type) {
+ case EVP_CTRL_INIT:
+ data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
+ return 1;
+
+ case EVP_CTRL_GET_RC2_KEY_BITS:
+ *(int *)ptr = data(c)->key_bits;
+ return 1;
+
+ case EVP_CTRL_SET_RC2_KEY_BITS:
+ if (arg > 0) {
+ data(c)->key_bits = arg;
+ return 1;
+ }
+ return 0;
+
+ default:
+ return -1;
+ }
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc4.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_rc4.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc4.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,137 +0,0 @@
-/* crypto/evp/e_rc4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_RC4
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/rc4.h>
-#include "evp_locl.h"
-
-/* FIXME: surely this is available elsewhere? */
-#define EVP_RC4_KEY_SIZE 16
-
-typedef struct
- {
- RC4_KEY ks; /* working key */
- } EVP_RC4_KEY;
-
-#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
-
-static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv,int enc);
-static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl);
-static const EVP_CIPHER r4_cipher=
- {
- NID_rc4,
- 1,EVP_RC4_KEY_SIZE,0,
- EVP_CIPH_VARIABLE_LENGTH,
- rc4_init_key,
- rc4_cipher,
- NULL,
- sizeof(EVP_RC4_KEY),
- NULL,
- NULL,
- NULL,
- NULL
- };
-
-static const EVP_CIPHER r4_40_cipher=
- {
- NID_rc4_40,
- 1,5 /* 40 bit */,0,
- EVP_CIPH_VARIABLE_LENGTH,
- rc4_init_key,
- rc4_cipher,
- NULL,
- sizeof(EVP_RC4_KEY),
- NULL,
- NULL,
- NULL,
- NULL
- };
-
-const EVP_CIPHER *EVP_rc4(void)
- {
- return(&r4_cipher);
- }
-
-const EVP_CIPHER *EVP_rc4_40(void)
- {
- return(&r4_40_cipher);
- }
-
-static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
- key);
- return 1;
- }
-
-static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
- RC4(&data(ctx)->ks,inl,in,out);
- return 1;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc4.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_rc4.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc4.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc4.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,133 @@
+/* crypto/evp/e_rc4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_RC4
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/rc4.h>
+# include "evp_locl.h"
+
+/* FIXME: surely this is available elsewhere? */
+# define EVP_RC4_KEY_SIZE 16
+
+typedef struct {
+ RC4_KEY ks; /* working key */
+} EVP_RC4_KEY;
+
+# define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
+
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl);
+static const EVP_CIPHER r4_cipher = {
+ NID_rc4,
+ 1, EVP_RC4_KEY_SIZE, 0,
+ EVP_CIPH_VARIABLE_LENGTH,
+ rc4_init_key,
+ rc4_cipher,
+ NULL,
+ sizeof(EVP_RC4_KEY),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+static const EVP_CIPHER r4_40_cipher = {
+ NID_rc4_40,
+ 1, 5 /* 40 bit */ , 0,
+ EVP_CIPH_VARIABLE_LENGTH,
+ rc4_init_key,
+ rc4_cipher,
+ NULL,
+ sizeof(EVP_RC4_KEY),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+const EVP_CIPHER *EVP_rc4(void)
+{
+ return (&r4_cipher);
+}
+
+const EVP_CIPHER *EVP_rc4_40(void)
+{
+ return (&r4_40_cipher);
+}
+
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+ return 1;
+}
+
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ RC4(&data(ctx)->ks, inl, in, out);
+ return 1;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc5.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_rc5.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc5.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,126 +0,0 @@
-/* crypto/evp/e_rc5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_RC5
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/rc5.h>
-
-static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv,int enc);
-static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
-
-typedef struct
- {
- int rounds; /* number of rounds */
- RC5_32_KEY ks; /* key schedule */
- } EVP_RC5_KEY;
-
-#define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
- 8, RC5_32_KEY_LENGTH, 8, 64,
- EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
- r_32_12_16_init_key, NULL,
- NULL, NULL, rc5_ctrl)
-
-static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
- {
- switch(type)
- {
- case EVP_CTRL_INIT:
- data(c)->rounds = RC5_12_ROUNDS;
- return 1;
-
- case EVP_CTRL_GET_RC5_ROUNDS:
- *(int *)ptr = data(c)->rounds;
- return 1;
-
- case EVP_CTRL_SET_RC5_ROUNDS:
- switch(arg)
- {
- case RC5_8_ROUNDS:
- case RC5_12_ROUNDS:
- case RC5_16_ROUNDS:
- data(c)->rounds = arg;
- return 1;
-
- default:
- EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
- return 0;
- }
-
- default:
- return -1;
- }
- }
-
-static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
- key,data(ctx)->rounds);
- return 1;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc5.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_rc5.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc5.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_rc5.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,122 @@
+/* crypto/evp/e_rc5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_RC5
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/rc5.h>
+
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+typedef struct {
+ int rounds; /* number of rounds */
+ RC5_32_KEY ks; /* key schedule */
+} EVP_RC5_KEY;
+
+# define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
+ 8, RC5_32_KEY_LENGTH, 8, 64,
+ EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+ r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl)
+
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+ switch (type) {
+ case EVP_CTRL_INIT:
+ data(c)->rounds = RC5_12_ROUNDS;
+ return 1;
+
+ case EVP_CTRL_GET_RC5_ROUNDS:
+ *(int *)ptr = data(c)->rounds;
+ return 1;
+
+ case EVP_CTRL_SET_RC5_ROUNDS:
+ switch (arg) {
+ case RC5_8_ROUNDS:
+ case RC5_12_ROUNDS:
+ case RC5_16_ROUNDS:
+ data(c)->rounds = arg;
+ return 1;
+
+ default:
+ EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
+ return 0;
+ }
+
+ default:
+ return -1;
+ }
+}
+
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+ key, data(ctx)->rounds);
+ return 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_seed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_seed.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_seed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,83 +0,0 @@
-/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <string.h>
-#include <assert.h>
-#ifndef OPENSSL_NO_SEED
-#include <openssl/seed.h>
-#include "evp_locl.h"
-
-static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc);
-
-typedef struct
- {
- SEED_KEY_SCHEDULE ks;
- } EVP_SEED_KEY;
-
-IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
- 16, 16, 16, 128,
- 0, seed_init_key, 0, 0, 0, 0)
-
-static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- SEED_set_key(key, ctx->cipher_data);
- return 1;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_seed.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_seed.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_seed.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_seed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,82 @@
+/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <assert.h>
+#ifndef OPENSSL_NO_SEED
+# include <openssl/seed.h>
+# include "evp_locl.h"
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+
+typedef struct {
+ SEED_KEY_SCHEDULE ks;
+} EVP_SEED_KEY;
+
+IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
+ 16, 16, 16, 128, 0, seed_init_key, 0, 0, 0, 0)
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ SEED_set_key(key, ctx->cipher_data);
+ return 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_xcbc_d.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/e_xcbc_d.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_xcbc_d.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,125 +0,0 @@
-/* crypto/evp/e_xcbc_d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_DES
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/des.h>
-
-static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv,int enc);
-static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl);
-
-
-typedef struct
- {
- DES_key_schedule ks;/* key schedule */
- DES_cblock inw;
- DES_cblock outw;
- } DESX_CBC_KEY;
-
-#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
-
-static const EVP_CIPHER d_xcbc_cipher=
- {
- NID_desx_cbc,
- 8,24,8,
- EVP_CIPH_CBC_MODE,
- desx_cbc_init_key,
- desx_cbc_cipher,
- NULL,
- sizeof(DESX_CBC_KEY),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL,
- NULL
- };
-
-const EVP_CIPHER *EVP_desx_cbc(void)
- {
- return(&d_xcbc_cipher);
- }
-
-static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- DES_cblock *deskey = (DES_cblock *)key;
-
- DES_set_key_unchecked(deskey,&data(ctx)->ks);
- memcpy(&data(ctx)->inw[0],&key[8],8);
- memcpy(&data(ctx)->outw[0],&key[16],8);
-
- return 1;
- }
-
-static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
- DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks,
- (DES_cblock *)&(ctx->iv[0]),
- &data(ctx)->inw,
- &data(ctx)->outw,
- ctx->encrypt);
- return 1;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/e_xcbc_d.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/e_xcbc_d.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/e_xcbc_d.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/e_xcbc_d.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,120 @@
+/* crypto/evp/e_xcbc_d.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_DES
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/des.h>
+
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl);
+
+typedef struct {
+ DES_key_schedule ks; /* key schedule */
+ DES_cblock inw;
+ DES_cblock outw;
+} DESX_CBC_KEY;
+
+# define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
+
+static const EVP_CIPHER d_xcbc_cipher = {
+ NID_desx_cbc,
+ 8, 24, 8,
+ EVP_CIPH_CBC_MODE,
+ desx_cbc_init_key,
+ desx_cbc_cipher,
+ NULL,
+ sizeof(DESX_CBC_KEY),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL,
+ NULL
+};
+
+const EVP_CIPHER *EVP_desx_cbc(void)
+{
+ return (&d_xcbc_cipher);
+}
+
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ DES_cblock *deskey = (DES_cblock *)key;
+
+ DES_set_key_unchecked(deskey, &data(ctx)->ks);
+ memcpy(&data(ctx)->inw[0], &key[8], 8);
+ memcpy(&data(ctx)->outw[0], &key[16], 8);
+
+ return 1;
+}
+
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ DES_xcbc_encrypt(in, out, inl, &data(ctx)->ks,
+ (DES_cblock *)&(ctx->iv[0]),
+ &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt);
+ return 1;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/enc_min.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/enc_min.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/enc_min.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,391 +0,0 @@
-/* crypto/evp/enc_min.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include "evp_locl.h"
-
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
- {
-#ifdef OPENSSL_FIPS
- FIPS_selftest_check();
-#endif
- memset(ctx,0,sizeof(EVP_CIPHER_CTX));
- /* ctx->cipher=NULL; */
- }
-
-#ifdef OPENSSL_FIPS
-
-/* The purpose of these is to trap programs that attempt to use non FIPS
- * algorithms in FIPS mode and ignore the errors.
- */
-
-static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
-
-static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
-
-/* NB: no cleanup because it is allowed after failed init */
-
-static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
- { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
-static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
- { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
-static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
- { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
-
-static const EVP_CIPHER bad_cipher =
- {
- 0,
- 0,
- 0,
- 0,
- 0,
- bad_init,
- bad_do_cipher,
- NULL,
- 0,
- bad_set_asn1,
- bad_get_asn1,
- bad_ctrl,
- NULL
- };
-
-#endif
-
-#ifndef OPENSSL_NO_ENGINE
-
-#ifdef OPENSSL_FIPS
-
-static int do_engine_null(ENGINE *impl) { return 0;}
-static int do_evp_enc_engine_null(EVP_CIPHER_CTX *ctx,
- const EVP_CIPHER **pciph, ENGINE *impl)
- { return 1; }
-
-static int (*do_engine_finish)(ENGINE *impl)
- = do_engine_null;
-
-static int (*do_evp_enc_engine)
- (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)
- = do_evp_enc_engine_null;
-
-void int_EVP_CIPHER_set_engine_callbacks(
- int (*eng_ciph_fin)(ENGINE *impl),
- int (*eng_ciph_evp)
- (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl))
- {
- do_engine_finish = eng_ciph_fin;
- do_evp_enc_engine = eng_ciph_evp;
- }
-
-#else
-
-#define do_engine_finish ENGINE_finish
-
-static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
- {
- if(impl)
- {
- if (!ENGINE_init(impl))
- {
- EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- }
- else
- /* Ask if an ENGINE is reserved for this job */
- impl = ENGINE_get_cipher_engine((*pcipher)->nid);
- if(impl)
- {
- /* There's an ENGINE for this job ... (apparently) */
- const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
- if(!c)
- {
- /* One positive side-effect of US's export
- * control history, is that we should at least
- * be able to avoid using US mispellings of
- * "initialisation"? */
- EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- /* We'll use the ENGINE's private cipher definition */
- *pcipher = c;
- /* Store the ENGINE functional reference so we know
- * 'cipher' came from an ENGINE and we need to release
- * it when done. */
- ctx->engine = impl;
- }
- else
- ctx->engine = NULL;
- return 1;
- }
-
-#endif
-
-#endif
-
-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
- const unsigned char *key, const unsigned char *iv, int enc)
- {
- if (enc == -1)
- enc = ctx->encrypt;
- else
- {
- if (enc)
- enc = 1;
- ctx->encrypt = enc;
- }
-#ifdef OPENSSL_FIPS
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
- ctx->cipher = &bad_cipher;
- return 0;
- }
-#endif
-#ifndef OPENSSL_NO_ENGINE
- /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
- * so this context may already have an ENGINE! Try to avoid releasing
- * the previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unecessary. */
- if (ctx->engine && ctx->cipher && (!cipher ||
- (cipher && (cipher->nid == ctx->cipher->nid))))
- goto skip_to_init;
-#endif
- if (cipher)
- {
- /* Ensure a context left lying around from last time is cleared
- * (the previous check attempted to avoid this if the same
- * ENGINE and EVP_CIPHER could be used). */
- EVP_CIPHER_CTX_cleanup(ctx);
-
- /* Restore encrypt field: it is zeroed by cleanup */
- ctx->encrypt = enc;
-#ifndef OPENSSL_NO_ENGINE
- if (!do_evp_enc_engine(ctx, &cipher, impl))
- return 0;
-#endif
-
- ctx->cipher=cipher;
- if (ctx->cipher->ctx_size)
- {
- ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
- if (!ctx->cipher_data)
- {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- else
- {
- ctx->cipher_data = NULL;
- }
- ctx->key_len = cipher->key_len;
- ctx->flags = 0;
- if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
- {
- if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
- {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- }
- }
- else if(!ctx->cipher)
- {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
- return 0;
- }
-#ifndef OPENSSL_NO_ENGINE
-skip_to_init:
-#endif
- /* we assume block size is a power of 2 in *cryptUpdate */
- OPENSSL_assert(ctx->cipher->block_size == 1
- || ctx->cipher->block_size == 8
- || ctx->cipher->block_size == 16);
-
- if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
- switch(EVP_CIPHER_CTX_mode(ctx)) {
-
- case EVP_CIPH_STREAM_CIPHER:
- case EVP_CIPH_ECB_MODE:
- break;
-
- case EVP_CIPH_CFB_MODE:
- case EVP_CIPH_OFB_MODE:
-
- ctx->num = 0;
- /* fall-through */
-
- case EVP_CIPH_CBC_MODE:
-
- OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
- (int)sizeof(ctx->iv));
- if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
- memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
- break;
-
- default:
- return 0;
- break;
- }
- }
-
-#ifdef OPENSSL_FIPS
- /* After 'key' is set no further parameters changes are permissible.
- * So only check for non FIPS enabling at this point.
- */
- if (key && FIPS_mode())
- {
- if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
- & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
- {
- EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
-#if 0
- ERR_add_error_data(2, "cipher=",
- EVP_CIPHER_name(ctx->cipher));
-#endif
- ctx->cipher = &bad_cipher;
- return 0;
- }
- }
-#endif
-
- if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
- if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
- }
- ctx->buf_len=0;
- ctx->final_used=0;
- ctx->block_mask=ctx->cipher->block_size-1;
- return 1;
- }
-
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
- {
- if (c->cipher != NULL)
- {
- if(c->cipher->cleanup && !c->cipher->cleanup(c))
- return 0;
- /* Cleanse cipher context data */
- if (c->cipher_data)
- OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
- }
- if (c->cipher_data)
- OPENSSL_free(c->cipher_data);
-#ifndef OPENSSL_NO_ENGINE
- if (c->engine)
- /* The EVP_CIPHER we used belongs to an ENGINE, release the
- * functional reference we held for this reason. */
- do_engine_finish(c->engine);
-#endif
- memset(c,0,sizeof(EVP_CIPHER_CTX));
- return 1;
- }
-
-int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
- {
-#ifdef OPENSSL_FIPS
- FIPS_selftest_check();
-#endif
- return ctx->cipher->do_cipher(ctx,out,in,inl);
- }
-
-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-{
- int ret;
- if(!ctx->cipher) {
- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
- return 0;
- }
-
- if(!ctx->cipher->ctrl) {
- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
- return 0;
- }
-
- ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
- if(ret == -1) {
- EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
- return 0;
- }
- return ret;
-}
-
-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
- {
- return ctx->cipher->flags;
- }
-
-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
- {
- return ctx->cipher->iv_len;
- }
-
-int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
- {
- return cipher->nid;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/enc_min.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/enc_min.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/enc_min.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/enc_min.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,410 @@
+/* crypto/evp/enc_min.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include "evp_locl.h"
+
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
+{
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
+ memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
+ /* ctx->cipher=NULL; */
+}
+
+#ifdef OPENSSL_FIPS
+
+/*
+ * The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+
+static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ FIPS_ERROR_IGNORED("Cipher init");
+ return 0;
+}
+
+static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ FIPS_ERROR_IGNORED("Cipher update");
+ return 0;
+}
+
+/* NB: no cleanup because it is allowed after failed init */
+
+static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+{
+ FIPS_ERROR_IGNORED("Cipher set_asn1");
+ return 0;
+}
+
+static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+{
+ FIPS_ERROR_IGNORED("Cipher get_asn1");
+ return 0;
+}
+
+static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+ FIPS_ERROR_IGNORED("Cipher ctrl");
+ return 0;
+}
+
+static const EVP_CIPHER bad_cipher = {
+ 0,
+ 0,
+ 0,
+ 0,
+ 0,
+ bad_init,
+ bad_do_cipher,
+ NULL,
+ 0,
+ bad_set_asn1,
+ bad_get_asn1,
+ bad_ctrl,
+ NULL
+};
+
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+
+# ifdef OPENSSL_FIPS
+
+static int do_engine_null(ENGINE *impl)
+{
+ return 0;
+}
+
+static int do_evp_enc_engine_null(EVP_CIPHER_CTX *ctx,
+ const EVP_CIPHER **pciph, ENGINE *impl)
+{
+ return 1;
+}
+
+static int (*do_engine_finish) (ENGINE *impl)
+ = do_engine_null;
+
+static int (*do_evp_enc_engine)
+ (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)
+ = do_evp_enc_engine_null;
+
+void int_EVP_CIPHER_set_engine_callbacks(int (*eng_ciph_fin) (ENGINE *impl),
+ int (*eng_ciph_evp)
+ (EVP_CIPHER_CTX *ctx,
+ const EVP_CIPHER **pciph,
+ ENGINE *impl))
+{
+ do_engine_finish = eng_ciph_fin;
+ do_evp_enc_engine = eng_ciph_evp;
+}
+
+# else
+
+# define do_engine_finish ENGINE_finish
+
+static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher,
+ ENGINE *impl)
+{
+ if (impl) {
+ if (!ENGINE_init(impl)) {
+ EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ } else
+ /* Ask if an ENGINE is reserved for this job */
+ impl = ENGINE_get_cipher_engine((*pcipher)->nid);
+ if (impl) {
+ /* There's an ENGINE for this job ... (apparently) */
+ const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
+ if (!c) {
+ /*
+ * One positive side-effect of US's export control history, is
+ * that we should at least be able to avoid using US mispellings
+ * of "initialisation"?
+ */
+ EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ /* We'll use the ENGINE's private cipher definition */
+ *pcipher = c;
+ /*
+ * Store the ENGINE functional reference so we know 'cipher' came
+ * from an ENGINE and we need to release it when done.
+ */
+ ctx->engine = impl;
+ } else
+ ctx->engine = NULL;
+ return 1;
+}
+
+# endif
+
+#endif
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ ENGINE *impl, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ if (enc == -1)
+ enc = ctx->encrypt;
+ else {
+ if (enc)
+ enc = 1;
+ ctx->encrypt = enc;
+ }
+#ifdef OPENSSL_FIPS
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_EVP_CIPHERINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED);
+ ctx->cipher = &bad_cipher;
+ return 0;
+ }
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ /*
+ * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
+ * this context may already have an ENGINE! Try to avoid releasing the
+ * previous handle, re-querying for an ENGINE, and having a
+ * reinitialisation, when it may all be unecessary.
+ */
+ if (ctx->engine && ctx->cipher && (!cipher ||
+ (cipher
+ && (cipher->nid ==
+ ctx->cipher->nid))))
+ goto skip_to_init;
+#endif
+ if (cipher) {
+ /*
+ * Ensure a context left lying around from last time is cleared (the
+ * previous check attempted to avoid this if the same ENGINE and
+ * EVP_CIPHER could be used).
+ */
+ EVP_CIPHER_CTX_cleanup(ctx);
+
+ /* Restore encrypt field: it is zeroed by cleanup */
+ ctx->encrypt = enc;
+#ifndef OPENSSL_NO_ENGINE
+ if (!do_evp_enc_engine(ctx, &cipher, impl))
+ return 0;
+#endif
+
+ ctx->cipher = cipher;
+ if (ctx->cipher->ctx_size) {
+ ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
+ if (!ctx->cipher_data) {
+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ } else {
+ ctx->cipher_data = NULL;
+ }
+ ctx->key_len = cipher->key_len;
+ ctx->flags = 0;
+ if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
+ if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ }
+ } else if (!ctx->cipher) {
+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+ return 0;
+ }
+#ifndef OPENSSL_NO_ENGINE
+ skip_to_init:
+#endif
+ /* we assume block size is a power of 2 in *cryptUpdate */
+ OPENSSL_assert(ctx->cipher->block_size == 1
+ || ctx->cipher->block_size == 8
+ || ctx->cipher->block_size == 16);
+
+ if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+ switch (EVP_CIPHER_CTX_mode(ctx)) {
+
+ case EVP_CIPH_STREAM_CIPHER:
+ case EVP_CIPH_ECB_MODE:
+ break;
+
+ case EVP_CIPH_CFB_MODE:
+ case EVP_CIPH_OFB_MODE:
+
+ ctx->num = 0;
+ /* fall-through */
+
+ case EVP_CIPH_CBC_MODE:
+
+ OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+ (int)sizeof(ctx->iv));
+ if (iv)
+ memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+ memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+ break;
+
+ default:
+ return 0;
+ break;
+ }
+ }
+#ifdef OPENSSL_FIPS
+ /*
+ * After 'key' is set no further parameters changes are permissible. So
+ * only check for non FIPS enabling at this point.
+ */
+ if (key && FIPS_mode()) {
+ if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
+ & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) {
+ EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
+# if 0
+ ERR_add_error_data(2, "cipher=", EVP_CIPHER_name(ctx->cipher));
+# endif
+ ctx->cipher = &bad_cipher;
+ return 0;
+ }
+ }
+#endif
+
+ if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+ if (!ctx->cipher->init(ctx, key, iv, enc))
+ return 0;
+ }
+ ctx->buf_len = 0;
+ ctx->final_used = 0;
+ ctx->block_mask = ctx->cipher->block_size - 1;
+ return 1;
+}
+
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
+{
+ if (c->cipher != NULL) {
+ if (c->cipher->cleanup && !c->cipher->cleanup(c))
+ return 0;
+ /* Cleanse cipher context data */
+ if (c->cipher_data)
+ OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+ }
+ if (c->cipher_data)
+ OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+ if (c->engine)
+ /*
+ * The EVP_CIPHER we used belongs to an ENGINE, release the
+ * functional reference we held for this reason.
+ */
+ do_engine_finish(c->engine);
+#endif
+ memset(c, 0, sizeof(EVP_CIPHER_CTX));
+ return 1;
+}
+
+int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+#ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+#endif
+ return ctx->cipher->do_cipher(ctx, out, in, inl);
+}
+
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+ int ret;
+ if (!ctx->cipher) {
+ EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+ return 0;
+ }
+
+ if (!ctx->cipher->ctrl) {
+ EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+ return 0;
+ }
+
+ ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+ if (ret == -1) {
+ EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
+ EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+ return 0;
+ }
+ return ret;
+}
+
+unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
+{
+ return ctx->cipher->flags;
+}
+
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
+{
+ return ctx->cipher->iv_len;
+}
+
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
+{
+ return cipher->nid;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/encode.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/encode.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/encode.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,446 +0,0 @@
-/* crypto/evp/encode.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-
-#ifndef CHARSET_EBCDIC
-#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
-#define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f])
-#else
-/* We assume that PEM encoded files are EBCDIC files
- * (i.e., printable text files). Convert them here while decoding.
- * When encoding, output is EBCDIC (text) format again.
- * (No need for conversion in the conv_bin2ascii macro, as the
- * underlying textstring data_bin2ascii[] is already EBCDIC)
- */
-#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
-#define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f])
-#endif
-
-/* 64 char lines
- * pad input with 0
- * left over chars are set to =
- * 1 byte => xx==
- * 2 bytes => xxx=
- * 3 bytes => xxxx
- */
-#define BIN_PER_LINE (64/4*3)
-#define CHUNKS_PER_LINE (64/4)
-#define CHAR_PER_LINE (64+1)
-
-static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
-abcdefghijklmnopqrstuvwxyz0123456789+/";
-
-/* 0xF0 is a EOLN
- * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
- * 0xF2 is EOF
- * 0xE0 is ignore at start of line.
- * 0xFF is error
- */
-
-#define B64_EOLN 0xF0
-#define B64_CR 0xF1
-#define B64_EOF 0xF2
-#define B64_WS 0xE0
-#define B64_ERROR 0xFF
-#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3)
-
-static unsigned char data_ascii2bin[128]={
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F,
- 0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,
- 0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF,
- 0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06,
- 0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,
- 0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,
- 0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF,
- 0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,
- 0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,
- 0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,
- 0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF,
- };
-
-void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
- {
- ctx->length=48;
- ctx->num=0;
- ctx->line_num=0;
- }
-
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl)
- {
- int i,j;
- unsigned int total=0;
-
- *outl=0;
- if (inl == 0) return;
- OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
- if ((ctx->num+inl) < ctx->length)
- {
- memcpy(&(ctx->enc_data[ctx->num]),in,inl);
- ctx->num+=inl;
- return;
- }
- if (ctx->num != 0)
- {
- i=ctx->length-ctx->num;
- memcpy(&(ctx->enc_data[ctx->num]),in,i);
- in+=i;
- inl-=i;
- j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length);
- ctx->num=0;
- out+=j;
- *(out++)='\n';
- *out='\0';
- total=j+1;
- }
- while (inl >= ctx->length)
- {
- j=EVP_EncodeBlock(out,in,ctx->length);
- in+=ctx->length;
- inl-=ctx->length;
- out+=j;
- *(out++)='\n';
- *out='\0';
- total+=j+1;
- }
- if (inl != 0)
- memcpy(&(ctx->enc_data[0]),in,inl);
- ctx->num=inl;
- *outl=total;
- }
-
-void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
- {
- unsigned int ret=0;
-
- if (ctx->num != 0)
- {
- ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num);
- out[ret++]='\n';
- out[ret]='\0';
- ctx->num=0;
- }
- *outl=ret;
- }
-
-int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
- {
- int i,ret=0;
- unsigned long l;
-
- for (i=dlen; i > 0; i-=3)
- {
- if (i >= 3)
- {
- l= (((unsigned long)f[0])<<16L)|
- (((unsigned long)f[1])<< 8L)|f[2];
- *(t++)=conv_bin2ascii(l>>18L);
- *(t++)=conv_bin2ascii(l>>12L);
- *(t++)=conv_bin2ascii(l>> 6L);
- *(t++)=conv_bin2ascii(l );
- }
- else
- {
- l=((unsigned long)f[0])<<16L;
- if (i == 2) l|=((unsigned long)f[1]<<8L);
-
- *(t++)=conv_bin2ascii(l>>18L);
- *(t++)=conv_bin2ascii(l>>12L);
- *(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L);
- *(t++)='=';
- }
- ret+=4;
- f+=3;
- }
-
- *t='\0';
- return(ret);
- }
-
-void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
- {
- ctx->length=30;
- ctx->num=0;
- ctx->line_num=0;
- ctx->expect_nl=0;
- }
-
-/* -1 for error
- * 0 for last line
- * 1 for full line
- */
-int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl)
- {
- int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl;
- unsigned char *d;
-
- n=ctx->num;
- d=ctx->enc_data;
- ln=ctx->line_num;
- exp_nl=ctx->expect_nl;
-
- /* last line of input. */
- if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF)))
- { rv=0; goto end; }
-
- /* We parse the input data */
- for (i=0; i<inl; i++)
- {
- /* If the current line is > 80 characters, scream alot */
- if (ln >= 80) { rv= -1; goto end; }
-
- /* Get char and put it into the buffer */
- tmp= *(in++);
- v=conv_ascii2bin(tmp);
- /* only save the good data :-) */
- if (!B64_NOT_BASE64(v))
- {
- OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
- d[n++]=tmp;
- ln++;
- }
- else if (v == B64_ERROR)
- {
- rv= -1;
- goto end;
- }
-
- /* have we seen a '=' which is 'definitly' the last
- * input line. seof will point to the character that
- * holds it. and eof will hold how many characters to
- * chop off. */
- if (tmp == '=')
- {
- if (seof == -1) seof=n;
- eof++;
- }
-
- if (v == B64_CR)
- {
- ln = 0;
- if (exp_nl)
- continue;
- }
-
- /* eoln */
- if (v == B64_EOLN)
- {
- ln=0;
- if (exp_nl)
- {
- exp_nl=0;
- continue;
- }
- }
- exp_nl=0;
-
- /* If we are at the end of input and it looks like a
- * line, process it. */
- if (((i+1) == inl) && (((n&3) == 0) || eof))
- {
- v=B64_EOF;
- /* In case things were given us in really small
- records (so two '=' were given in separate
- updates), eof may contain the incorrect number
- of ending bytes to skip, so let's redo the count */
- eof = 0;
- if (d[n-1] == '=') eof++;
- if (d[n-2] == '=') eof++;
- /* There will never be more than two '=' */
- }
-
- if ((v == B64_EOF && (n&3) == 0) || (n >= 64))
- {
- /* This is needed to work correctly on 64 byte input
- * lines. We process the line and then need to
- * accept the '\n' */
- if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
- if (n > 0)
- {
- v=EVP_DecodeBlock(out,d,n);
- n=0;
- if (v < 0) { rv=0; goto end; }
- if (eof > v) { rv=-1; goto end; }
- ret+=(v-eof);
- }
- else
- {
- eof=1;
- v=0;
- }
-
- /* This is the case where we have had a short
- * but valid input line */
- if ((v < ctx->length) && eof)
- {
- rv=0;
- goto end;
- }
- else
- ctx->length=v;
-
- if (seof >= 0) { rv=0; goto end; }
- out+=v;
- }
- }
- rv=1;
-end:
- *outl=ret;
- ctx->num=n;
- ctx->line_num=ln;
- ctx->expect_nl=exp_nl;
- return(rv);
- }
-
-int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
- {
- int i,ret=0,a,b,c,d;
- unsigned long l;
-
- /* trim white space from the start of the line. */
- while ((conv_ascii2bin(*f) == B64_WS) && (n > 0))
- {
- f++;
- n--;
- }
-
- /* strip off stuff at the end of the line
- * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */
- while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1]))))
- n--;
-
- if (n%4 != 0) return(-1);
-
- for (i=0; i<n; i+=4)
- {
- a=conv_ascii2bin(*(f++));
- b=conv_ascii2bin(*(f++));
- c=conv_ascii2bin(*(f++));
- d=conv_ascii2bin(*(f++));
- if ( (a & 0x80) || (b & 0x80) ||
- (c & 0x80) || (d & 0x80))
- return(-1);
- l=( (((unsigned long)a)<<18L)|
- (((unsigned long)b)<<12L)|
- (((unsigned long)c)<< 6L)|
- (((unsigned long)d) ));
- *(t++)=(unsigned char)(l>>16L)&0xff;
- *(t++)=(unsigned char)(l>> 8L)&0xff;
- *(t++)=(unsigned char)(l )&0xff;
- ret+=3;
- }
- return(ret);
- }
-
-int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
- {
- int i;
-
- *outl=0;
- if (ctx->num != 0)
- {
- i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num);
- if (i < 0) return(-1);
- ctx->num=0;
- *outl=i;
- return(1);
- }
- else
- return(1);
- }
-
-#ifdef undef
-int EVP_DecodeValid(unsigned char *buf, int len)
- {
- int i,num=0,bad=0;
-
- if (len == 0) return(-1);
- while (conv_ascii2bin(*buf) == B64_WS)
- {
- buf++;
- len--;
- if (len == 0) return(-1);
- }
-
- for (i=len; i >= 4; i-=4)
- {
- if ( (conv_ascii2bin(buf[0]) >= 0x40) ||
- (conv_ascii2bin(buf[1]) >= 0x40) ||
- (conv_ascii2bin(buf[2]) >= 0x40) ||
- (conv_ascii2bin(buf[3]) >= 0x40))
- return(-1);
- buf+=4;
- num+=1+(buf[2] != '=')+(buf[3] != '=');
- }
- if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
- return(num);
- if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
- (conv_ascii2bin(buf[0]) == B64_EOLN))
- return(num);
- return(1);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/encode.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/encode.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/encode.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/encode.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,452 @@
+/* crypto/evp/encode.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+
+#ifndef CHARSET_EBCDIC
+# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
+# define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f])
+#else
+/*
+ * We assume that PEM encoded files are EBCDIC files (i.e., printable text
+ * files). Convert them here while decoding. When encoding, output is EBCDIC
+ * (text) format again. (No need for conversion in the conv_bin2ascii macro,
+ * as the underlying textstring data_bin2ascii[] is already EBCDIC)
+ */
+# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
+# define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f])
+#endif
+
+/*-
+ * 64 char lines
+ * pad input with 0
+ * left over chars are set to =
+ * 1 byte => xx==
+ * 2 bytes => xxx=
+ * 3 bytes => xxxx
+ */
+#define BIN_PER_LINE (64/4*3)
+#define CHUNKS_PER_LINE (64/4)
+#define CHAR_PER_LINE (64+1)
+
+static unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+abcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/*-
+ * 0xF0 is a EOLN
+ * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
+ * 0xF2 is EOF
+ * 0xE0 is ignore at start of line.
+ * 0xFF is error
+ */
+
+#define B64_EOLN 0xF0
+#define B64_CR 0xF1
+#define B64_EOF 0xF2
+#define B64_WS 0xE0
+#define B64_ERROR 0xFF
+#define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3)
+
+static unsigned char data_ascii2bin[128] = {
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
+ 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
+ 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
+ 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+ 0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+ 0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
+ 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+ 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
+ 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
+{
+ ctx->length = 48;
+ ctx->num = 0;
+ ctx->line_num = 0;
+}
+
+void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl)
+{
+ int i, j;
+ unsigned int total = 0;
+
+ *outl = 0;
+ if (inl == 0)
+ return;
+ OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
+ if ((ctx->num + inl) < ctx->length) {
+ memcpy(&(ctx->enc_data[ctx->num]), in, inl);
+ ctx->num += inl;
+ return;
+ }
+ if (ctx->num != 0) {
+ i = ctx->length - ctx->num;
+ memcpy(&(ctx->enc_data[ctx->num]), in, i);
+ in += i;
+ inl -= i;
+ j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length);
+ ctx->num = 0;
+ out += j;
+ *(out++) = '\n';
+ *out = '\0';
+ total = j + 1;
+ }
+ while (inl >= ctx->length) {
+ j = EVP_EncodeBlock(out, in, ctx->length);
+ in += ctx->length;
+ inl -= ctx->length;
+ out += j;
+ *(out++) = '\n';
+ *out = '\0';
+ total += j + 1;
+ }
+ if (inl != 0)
+ memcpy(&(ctx->enc_data[0]), in, inl);
+ ctx->num = inl;
+ *outl = total;
+}
+
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+{
+ unsigned int ret = 0;
+
+ if (ctx->num != 0) {
+ ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num);
+ out[ret++] = '\n';
+ out[ret] = '\0';
+ ctx->num = 0;
+ }
+ *outl = ret;
+}
+
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
+{
+ int i, ret = 0;
+ unsigned long l;
+
+ for (i = dlen; i > 0; i -= 3) {
+ if (i >= 3) {
+ l = (((unsigned long)f[0]) << 16L) |
+ (((unsigned long)f[1]) << 8L) | f[2];
+ *(t++) = conv_bin2ascii(l >> 18L);
+ *(t++) = conv_bin2ascii(l >> 12L);
+ *(t++) = conv_bin2ascii(l >> 6L);
+ *(t++) = conv_bin2ascii(l);
+ } else {
+ l = ((unsigned long)f[0]) << 16L;
+ if (i == 2)
+ l |= ((unsigned long)f[1] << 8L);
+
+ *(t++) = conv_bin2ascii(l >> 18L);
+ *(t++) = conv_bin2ascii(l >> 12L);
+ *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L);
+ *(t++) = '=';
+ }
+ ret += 4;
+ f += 3;
+ }
+
+ *t = '\0';
+ return (ret);
+}
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
+{
+ ctx->length = 30;
+ ctx->num = 0;
+ ctx->line_num = 0;
+ ctx->expect_nl = 0;
+}
+
+/*-
+ * -1 for error
+ * 0 for last line
+ * 1 for full line
+ */
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl)
+{
+ int seof = -1, eof = 0, rv = -1, ret = 0, i, v, tmp, n, ln, exp_nl;
+ unsigned char *d;
+
+ n = ctx->num;
+ d = ctx->enc_data;
+ ln = ctx->line_num;
+ exp_nl = ctx->expect_nl;
+
+ /* last line of input. */
+ if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) {
+ rv = 0;
+ goto end;
+ }
+
+ /* We parse the input data */
+ for (i = 0; i < inl; i++) {
+ /* If the current line is > 80 characters, scream alot */
+ if (ln >= 80) {
+ rv = -1;
+ goto end;
+ }
+
+ /* Get char and put it into the buffer */
+ tmp = *(in++);
+ v = conv_ascii2bin(tmp);
+ /* only save the good data :-) */
+ if (!B64_NOT_BASE64(v)) {
+ OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
+ d[n++] = tmp;
+ ln++;
+ } else if (v == B64_ERROR) {
+ rv = -1;
+ goto end;
+ }
+
+ /*
+ * have we seen a '=' which is 'definitly' the last input line. seof
+ * will point to the character that holds it. and eof will hold how
+ * many characters to chop off.
+ */
+ if (tmp == '=') {
+ if (seof == -1)
+ seof = n;
+ eof++;
+ }
+
+ if (v == B64_CR) {
+ ln = 0;
+ if (exp_nl)
+ continue;
+ }
+
+ /* eoln */
+ if (v == B64_EOLN) {
+ ln = 0;
+ if (exp_nl) {
+ exp_nl = 0;
+ continue;
+ }
+ }
+ exp_nl = 0;
+
+ /*
+ * If we are at the end of input and it looks like a line, process
+ * it.
+ */
+ if (((i + 1) == inl) && (((n & 3) == 0) || eof)) {
+ v = B64_EOF;
+ /*
+ * In case things were given us in really small records (so two
+ * '=' were given in separate updates), eof may contain the
+ * incorrect number of ending bytes to skip, so let's redo the
+ * count
+ */
+ eof = 0;
+ if (d[n - 1] == '=')
+ eof++;
+ if (d[n - 2] == '=')
+ eof++;
+ /* There will never be more than two '=' */
+ }
+
+ if ((v == B64_EOF && (n & 3) == 0) || (n >= 64)) {
+ /*
+ * This is needed to work correctly on 64 byte input lines. We
+ * process the line and then need to accept the '\n'
+ */
+ if ((v != B64_EOF) && (n >= 64))
+ exp_nl = 1;
+ if (n > 0) {
+ v = EVP_DecodeBlock(out, d, n);
+ n = 0;
+ if (v < 0) {
+ rv = 0;
+ goto end;
+ }
+ if (eof > v) {
+ rv = -1;
+ goto end;
+ }
+ ret += (v - eof);
+ } else {
+ eof = 1;
+ v = 0;
+ }
+
+ /*
+ * This is the case where we have had a short but valid input
+ * line
+ */
+ if ((v < ctx->length) && eof) {
+ rv = 0;
+ goto end;
+ } else
+ ctx->length = v;
+
+ if (seof >= 0) {
+ rv = 0;
+ goto end;
+ }
+ out += v;
+ }
+ }
+ rv = 1;
+ end:
+ *outl = ret;
+ ctx->num = n;
+ ctx->line_num = ln;
+ ctx->expect_nl = exp_nl;
+ return (rv);
+}
+
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
+{
+ int i, ret = 0, a, b, c, d;
+ unsigned long l;
+
+ /* trim white space from the start of the line. */
+ while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) {
+ f++;
+ n--;
+ }
+
+ /*
+ * strip off stuff at the end of the line ascii2bin values B64_WS,
+ * B64_EOLN, B64_EOLN and B64_EOF
+ */
+ while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1]))))
+ n--;
+
+ if (n % 4 != 0)
+ return (-1);
+
+ for (i = 0; i < n; i += 4) {
+ a = conv_ascii2bin(*(f++));
+ b = conv_ascii2bin(*(f++));
+ c = conv_ascii2bin(*(f++));
+ d = conv_ascii2bin(*(f++));
+ if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80))
+ return (-1);
+ l = ((((unsigned long)a) << 18L) |
+ (((unsigned long)b) << 12L) |
+ (((unsigned long)c) << 6L) | (((unsigned long)d)));
+ *(t++) = (unsigned char)(l >> 16L) & 0xff;
+ *(t++) = (unsigned char)(l >> 8L) & 0xff;
+ *(t++) = (unsigned char)(l) & 0xff;
+ ret += 3;
+ }
+ return (ret);
+}
+
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+{
+ int i;
+
+ *outl = 0;
+ if (ctx->num != 0) {
+ i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num);
+ if (i < 0)
+ return (-1);
+ ctx->num = 0;
+ *outl = i;
+ return (1);
+ } else
+ return (1);
+}
+
+#ifdef undef
+int EVP_DecodeValid(unsigned char *buf, int len)
+{
+ int i, num = 0, bad = 0;
+
+ if (len == 0)
+ return (-1);
+ while (conv_ascii2bin(*buf) == B64_WS) {
+ buf++;
+ len--;
+ if (len == 0)
+ return (-1);
+ }
+
+ for (i = len; i >= 4; i -= 4) {
+ if ((conv_ascii2bin(buf[0]) >= 0x40) ||
+ (conv_ascii2bin(buf[1]) >= 0x40) ||
+ (conv_ascii2bin(buf[2]) >= 0x40) ||
+ (conv_ascii2bin(buf[3]) >= 0x40))
+ return (-1);
+ buf += 4;
+ num += 1 + (buf[2] != '=') + (buf[3] != '=');
+ }
+ if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
+ return (num);
+ if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
+ (conv_ascii2bin(buf[0]) == B64_EOLN))
+ return (num);
+ return (1);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/evp.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1059 +0,0 @@
-/* crypto/evp/evp.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_ENVELOPE_H
-#define HEADER_ENVELOPE_H
-
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# include <openssl/opensslconf.h>
-#else
-# define OPENSSL_ALGORITHM_DEFINES
-# include <openssl/opensslconf.h>
-# undef OPENSSL_ALGORITHM_DEFINES
-#endif
-
-#include <openssl/ossl_typ.h>
-
-#include <openssl/symhacks.h>
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-/*
-#define EVP_RC2_KEY_SIZE 16
-#define EVP_RC4_KEY_SIZE 16
-#define EVP_BLOWFISH_KEY_SIZE 16
-#define EVP_CAST5_KEY_SIZE 16
-#define EVP_RC5_32_12_16_KEY_SIZE 16
-*/
-#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */
-#define EVP_MAX_KEY_LENGTH 32
-#define EVP_MAX_IV_LENGTH 16
-#define EVP_MAX_BLOCK_LENGTH 32
-
-#define PKCS5_SALT_LEN 8
-/* Default PKCS#5 iteration count */
-#define PKCS5_DEFAULT_ITER 2048
-
-#include <openssl/objects.h>
-
-#define EVP_PK_RSA 0x0001
-#define EVP_PK_DSA 0x0002
-#define EVP_PK_DH 0x0004
-#define EVP_PK_EC 0x0008
-#define EVP_PKT_SIGN 0x0010
-#define EVP_PKT_ENC 0x0020
-#define EVP_PKT_EXCH 0x0040
-#define EVP_PKS_RSA 0x0100
-#define EVP_PKS_DSA 0x0200
-#define EVP_PKS_EC 0x0400
-#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */
-
-#define EVP_PKEY_NONE NID_undef
-#define EVP_PKEY_RSA NID_rsaEncryption
-#define EVP_PKEY_RSA2 NID_rsa
-#define EVP_PKEY_DSA NID_dsa
-#define EVP_PKEY_DSA1 NID_dsa_2
-#define EVP_PKEY_DSA2 NID_dsaWithSHA
-#define EVP_PKEY_DSA3 NID_dsaWithSHA1
-#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2
-#define EVP_PKEY_DH NID_dhKeyAgreement
-#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Type needs to be a bit field
- * Sub-type needs to be for variations on the method, as in, can it do
- * arbitrary encryption.... */
-struct evp_pkey_st
- {
- int type;
- int save_type;
- int references;
- union {
- char *ptr;
-#ifndef OPENSSL_NO_RSA
- struct rsa_st *rsa; /* RSA */
-#endif
-#ifndef OPENSSL_NO_DSA
- struct dsa_st *dsa; /* DSA */
-#endif
-#ifndef OPENSSL_NO_DH
- struct dh_st *dh; /* DH */
-#endif
-#ifndef OPENSSL_NO_EC
- struct ec_key_st *ec; /* ECC */
-#endif
- } pkey;
- int save_parameters;
- STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
- } /* EVP_PKEY */;
-
-#define EVP_PKEY_MO_SIGN 0x0001
-#define EVP_PKEY_MO_VERIFY 0x0002
-#define EVP_PKEY_MO_ENCRYPT 0x0004
-#define EVP_PKEY_MO_DECRYPT 0x0008
-
-#if 0
-/* This structure is required to tie the message digest and signing together.
- * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or
- * oid, md and pkey.
- * This is required because for various smart-card perform the digest and
- * signing/verification on-board. To handle this case, the specific
- * EVP_MD and EVP_PKEY_METHODs need to be closely associated.
- * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it.
- * This can either be software or a token to provide the required low level
- * routines.
- */
-typedef struct evp_pkey_md_st
- {
- int oid;
- EVP_MD *md;
- EVP_PKEY_METHOD *pkey;
- } EVP_PKEY_MD;
-
-#define EVP_rsa_md2() \
- EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
- EVP_rsa_pkcs1(),EVP_md2())
-#define EVP_rsa_md5() \
- EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
- EVP_rsa_pkcs1(),EVP_md5())
-#define EVP_rsa_sha0() \
- EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
- EVP_rsa_pkcs1(),EVP_sha())
-#define EVP_rsa_sha1() \
- EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
- EVP_rsa_pkcs1(),EVP_sha1())
-#define EVP_rsa_ripemd160() \
- EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
- EVP_rsa_pkcs1(),EVP_ripemd160())
-#define EVP_rsa_mdc2() \
- EVP_PKEY_MD_add(NID_mdc2WithRSA,\
- EVP_rsa_octet_string(),EVP_mdc2())
-#define EVP_dsa_sha() \
- EVP_PKEY_MD_add(NID_dsaWithSHA,\
- EVP_dsa(),EVP_sha())
-#define EVP_dsa_sha1() \
- EVP_PKEY_MD_add(NID_dsaWithSHA1,\
- EVP_dsa(),EVP_sha1())
-
-typedef struct evp_pkey_method_st
- {
- char *name;
- int flags;
- int type; /* RSA, DSA, an SSLeay specific constant */
- int oid; /* For the pub-key type */
- int encrypt_oid; /* pub/priv key encryption */
-
- int (*sign)();
- int (*verify)();
- struct {
- int (*set)(); /* get and/or set the underlying type */
- int (*get)();
- int (*encrypt)();
- int (*decrypt)();
- int (*i2d)();
- int (*d2i)();
- int (*dup)();
- } pub,priv;
- int (*set_asn1_parameters)();
- int (*get_asn1_parameters)();
- } EVP_PKEY_METHOD;
-#endif
-
-#ifndef EVP_MD
-struct env_md_st
- {
- int type;
- int pkey_type;
- int md_size;
- unsigned long flags;
- int (*init)(EVP_MD_CTX *ctx);
- int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
- int (*final)(EVP_MD_CTX *ctx,unsigned char *md);
- int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);
- int (*cleanup)(EVP_MD_CTX *ctx);
-
- /* FIXME: prototype these some day */
- int (*sign)(int type, const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen, void *key);
- int (*verify)(int type, const unsigned char *m, unsigned int m_length,
- const unsigned char *sigbuf, unsigned int siglen,
- void *key);
- int required_pkey_type[5]; /*EVP_PKEY_xxx */
- int block_size;
- int ctx_size; /* how big does the ctx->md_data need to be */
- } /* EVP_MD */;
-
-typedef int evp_sign_method(int type,const unsigned char *m,
- unsigned int m_length,unsigned char *sigret,
- unsigned int *siglen, void *key);
-typedef int evp_verify_method(int type,const unsigned char *m,
- unsigned int m_length,const unsigned char *sigbuf,
- unsigned int siglen, void *key);
-
-typedef struct
- {
- EVP_MD_CTX *mctx;
- void *key;
- } EVP_MD_SVCTX;
-
-#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single
- * block */
-
-#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */
-
-#define EVP_MD_FLAG_SVCTX 0x0800 /* pass EVP_MD_SVCTX to sign/verify */
-
-#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
-
-#ifndef OPENSSL_NO_DSA
-#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \
- (evp_verify_method *)DSA_verify, \
- {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
- EVP_PKEY_DSA4,0}
-#else
-#define EVP_PKEY_DSA_method EVP_PKEY_NULL_method
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \
- (evp_verify_method *)ECDSA_verify, \
- {EVP_PKEY_EC,0,0,0}
-#else
-#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method
-#endif
-
-#ifndef OPENSSL_NO_RSA
-#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \
- (evp_verify_method *)RSA_verify, \
- {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
- (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \
- (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \
- {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-#else
-#define EVP_PKEY_RSA_method EVP_PKEY_NULL_method
-#define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
-#endif
-
-#endif /* !EVP_MD */
-
-struct env_md_ctx_st
- {
- const EVP_MD *digest;
- ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
- unsigned long flags;
- void *md_data;
- } /* EVP_MD_CTX */;
-
-/* values for EVP_MD_CTX flags */
-
-#define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called
- * once only */
-#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been
- * cleaned */
-#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data
- * in EVP_MD_CTX_cleanup */
-#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest
- * in FIPS mode */
-
-#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */
-#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */
-#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */
-#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */
-#define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
- ((ctx->flags>>16) &0xFFFF) /* seed length */
-#define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF /* salt len same as digest */
-#define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE /* salt max or auto recovered */
-
-struct evp_cipher_st
- {
- int nid;
- int block_size;
- int key_len; /* Default value for variable length ciphers */
- int iv_len;
- unsigned long flags; /* Various flags */
- int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc); /* init key */
- int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */
- int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
- int ctx_size; /* how big ctx->cipher_data needs to be */
- int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
- int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
- int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
- void *app_data; /* Application data */
- } /* EVP_CIPHER */;
-
-/* Values for cipher flags */
-
-/* Modes for ciphers */
-
-#define EVP_CIPH_STREAM_CIPHER 0x0
-#define EVP_CIPH_ECB_MODE 0x1
-#define EVP_CIPH_CBC_MODE 0x2
-#define EVP_CIPH_CFB_MODE 0x3
-#define EVP_CIPH_OFB_MODE 0x4
-#define EVP_CIPH_MODE 0x7
-/* Set if variable length cipher */
-#define EVP_CIPH_VARIABLE_LENGTH 0x8
-/* Set if the iv handling should be done by the cipher itself */
-#define EVP_CIPH_CUSTOM_IV 0x10
-/* Set if the cipher's init() function should be called if key is NULL */
-#define EVP_CIPH_ALWAYS_CALL_INIT 0x20
-/* Call ctrl() to init cipher parameters */
-#define EVP_CIPH_CTRL_INIT 0x40
-/* Don't use standard key length function */
-#define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80
-/* Don't use standard block padding */
-#define EVP_CIPH_NO_PADDING 0x100
-/* cipher handles random key generation */
-#define EVP_CIPH_RAND_KEY 0x200
-/* Note if suitable for use in FIPS mode */
-#define EVP_CIPH_FLAG_FIPS 0x400
-/* Allow non FIPS cipher in FIPS mode */
-#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
-/* Allow use default ASN1 get/set iv */
-#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
-/* Buffer length in bits not bytes: CFB1 mode only */
-#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
-
-/* ctrl() values */
-
-#define EVP_CTRL_INIT 0x0
-#define EVP_CTRL_SET_KEY_LENGTH 0x1
-#define EVP_CTRL_GET_RC2_KEY_BITS 0x2
-#define EVP_CTRL_SET_RC2_KEY_BITS 0x3
-#define EVP_CTRL_GET_RC5_ROUNDS 0x4
-#define EVP_CTRL_SET_RC5_ROUNDS 0x5
-#define EVP_CTRL_RAND_KEY 0x6
-
-typedef struct evp_cipher_info_st
- {
- const EVP_CIPHER *cipher;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- } EVP_CIPHER_INFO;
-
-struct evp_cipher_ctx_st
- {
- const EVP_CIPHER *cipher;
- ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */
- int encrypt; /* encrypt or decrypt */
- int buf_len; /* number we have left */
-
- unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
- unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
- unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
- int num; /* used by cfb/ofb mode */
-
- void *app_data; /* application stuff */
- int key_len; /* May change for variable length cipher */
- unsigned long flags; /* Various flags */
- void *cipher_data; /* per EVP data */
- int final_used;
- int block_mask;
- unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
- } /* EVP_CIPHER_CTX */;
-
-typedef struct evp_Encode_Ctx_st
- {
- int num; /* number saved in a partial encode/decode */
- int length; /* The length is either the output line length
- * (in input bytes) or the shortest input line
- * length that is ok. Once decoding begins,
- * the length is adjusted up each time a longer
- * line is decoded */
- unsigned char enc_data[80]; /* data to encode */
- int line_num; /* number read on current line */
- int expect_nl;
- } EVP_ENCODE_CTX;
-
-/* Password based encryption function */
-typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
- ASN1_TYPE *param, const EVP_CIPHER *cipher,
- const EVP_MD *md, int en_de);
-
-#ifndef OPENSSL_NO_RSA
-#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
- (char *)(rsa))
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
- (char *)(dsa))
-#endif
-
-#ifndef OPENSSL_NO_DH
-#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
- (char *)(dh))
-#endif
-
-#ifndef OPENSSL_NO_EC
-#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
- (char *)(eckey))
-#endif
-
-/* Add some extra combinations */
-#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
-#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
-#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
-#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
-
-/* Macros to reduce FIPS dependencies: do NOT use in applications */
-#define M_EVP_MD_size(e) ((e)->md_size)
-#define M_EVP_MD_block_size(e) ((e)->block_size)
-#define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
-#define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
-#define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
-#define M_EVP_MD_type(e) ((e)->type)
-#define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e))
-#define M_EVP_MD_CTX_md(e) ((e)->digest)
-
-#define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
-
-int EVP_MD_type(const EVP_MD *md);
-#define EVP_MD_nid(e) EVP_MD_type(e)
-#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e))
-int EVP_MD_pkey_type(const EVP_MD *md);
-int EVP_MD_size(const EVP_MD *md);
-int EVP_MD_block_size(const EVP_MD *md);
-
-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
-#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
-#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
-#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
-
-int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
-#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
-int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
-#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
-
-const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
-void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
-void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
-#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
-#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
-
-#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80)
-#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80)
-
-#define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c)
-#define EVP_SignInit(a,b) EVP_DigestInit(a,b)
-#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
-#define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c)
-#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b)
-#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
-#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e)
-#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e)
-
-#ifdef CONST_STRICT
-void BIO_set_md(BIO *,const EVP_MD *md);
-#else
-# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
-#endif
-#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
-#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
-#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
-#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
-#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
-
-int EVP_Cipher(EVP_CIPHER_CTX *c,
- unsigned char *out,
- const unsigned char *in,
- unsigned int inl);
-
-#define EVP_add_cipher_alias(n,alias) \
- OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
-#define EVP_add_digest_alias(n,alias) \
- OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))
-#define EVP_delete_cipher_alias(alias) \
- OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);
-#define EVP_delete_digest_alias(alias) \
- OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
-
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
-int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
-EVP_MD_CTX *EVP_MD_CTX_create(void);
-void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
-void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
-void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
-int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
-int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
-int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
- size_t cnt);
-int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-int EVP_Digest(const void *data, size_t count,
- unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
-
-int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);
-int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-
-int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
-void EVP_set_pw_prompt(const char *prompt);
-char * EVP_get_pw_prompt(void);
-
-int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
- const unsigned char *salt, const unsigned char *data,
- int datal, int count, unsigned char *key,unsigned char *iv);
-
-void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
-void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
-int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx,int flags);
-
-int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv);
-int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
- const unsigned char *key, const unsigned char *iv);
-int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, const unsigned char *in, int inl);
-int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv);
-int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
- const unsigned char *key, const unsigned char *iv);
-int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, const unsigned char *in, int inl);
-int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
- const unsigned char *key,const unsigned char *iv,
- int enc);
-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
- const unsigned char *key,const unsigned char *iv,
- int enc);
-int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, const unsigned char *in, int inl);
-int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
- EVP_PKEY *pkey);
-
-int EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
- unsigned int siglen,EVP_PKEY *pkey);
-
-int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
- const unsigned char *ek, int ekl, const unsigned char *iv,
- EVP_PKEY *priv);
-int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- unsigned char **ek, int *ekl, unsigned char *iv,
- EVP_PKEY **pubk, int npubk);
-int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
-
-void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
- const unsigned char *in,int inl);
-void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
-int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
-
-void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
-int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
- const unsigned char *in, int inl);
-int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
- char *out, int *outl);
-int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
-
-void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
-int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
-int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
-int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
-int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
-
-#ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_md(void);
-BIO_METHOD *BIO_f_base64(void);
-BIO_METHOD *BIO_f_cipher(void);
-BIO_METHOD *BIO_f_reliable(void);
-void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k,
- const unsigned char *i, int enc);
-#endif
-
-const EVP_MD *EVP_md_null(void);
-#ifndef OPENSSL_NO_MD2
-const EVP_MD *EVP_md2(void);
-#endif
-#ifndef OPENSSL_NO_MD4
-const EVP_MD *EVP_md4(void);
-#endif
-#ifndef OPENSSL_NO_MD5
-const EVP_MD *EVP_md5(void);
-#endif
-#ifndef OPENSSL_NO_SHA
-const EVP_MD *EVP_sha(void);
-const EVP_MD *EVP_sha1(void);
-const EVP_MD *EVP_dss(void);
-const EVP_MD *EVP_dss1(void);
-const EVP_MD *EVP_ecdsa(void);
-#endif
-#ifndef OPENSSL_NO_SHA256
-const EVP_MD *EVP_sha224(void);
-const EVP_MD *EVP_sha256(void);
-#endif
-#ifndef OPENSSL_NO_SHA512
-const EVP_MD *EVP_sha384(void);
-const EVP_MD *EVP_sha512(void);
-#endif
-#ifndef OPENSSL_NO_MDC2
-const EVP_MD *EVP_mdc2(void);
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-const EVP_MD *EVP_ripemd160(void);
-#endif
-const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
-#ifndef OPENSSL_NO_DES
-const EVP_CIPHER *EVP_des_ecb(void);
-const EVP_CIPHER *EVP_des_ede(void);
-const EVP_CIPHER *EVP_des_ede3(void);
-const EVP_CIPHER *EVP_des_ede_ecb(void);
-const EVP_CIPHER *EVP_des_ede3_ecb(void);
-const EVP_CIPHER *EVP_des_cfb64(void);
-# define EVP_des_cfb EVP_des_cfb64
-const EVP_CIPHER *EVP_des_cfb1(void);
-const EVP_CIPHER *EVP_des_cfb8(void);
-const EVP_CIPHER *EVP_des_ede_cfb64(void);
-# define EVP_des_ede_cfb EVP_des_ede_cfb64
-#if 0
-const EVP_CIPHER *EVP_des_ede_cfb1(void);
-const EVP_CIPHER *EVP_des_ede_cfb8(void);
-#endif
-const EVP_CIPHER *EVP_des_ede3_cfb64(void);
-# define EVP_des_ede3_cfb EVP_des_ede3_cfb64
-const EVP_CIPHER *EVP_des_ede3_cfb1(void);
-const EVP_CIPHER *EVP_des_ede3_cfb8(void);
-const EVP_CIPHER *EVP_des_ofb(void);
-const EVP_CIPHER *EVP_des_ede_ofb(void);
-const EVP_CIPHER *EVP_des_ede3_ofb(void);
-const EVP_CIPHER *EVP_des_cbc(void);
-const EVP_CIPHER *EVP_des_ede_cbc(void);
-const EVP_CIPHER *EVP_des_ede3_cbc(void);
-const EVP_CIPHER *EVP_desx_cbc(void);
-/* This should now be supported through the dev_crypto ENGINE. But also, why are
- * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */
-#if 0
-# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
-const EVP_CIPHER *EVP_dev_crypto_rc4(void);
-const EVP_MD *EVP_dev_crypto_md5(void);
-# endif
-#endif
-#endif
-#ifndef OPENSSL_NO_RC4
-const EVP_CIPHER *EVP_rc4(void);
-const EVP_CIPHER *EVP_rc4_40(void);
-#endif
-#ifndef OPENSSL_NO_IDEA
-const EVP_CIPHER *EVP_idea_ecb(void);
-const EVP_CIPHER *EVP_idea_cfb64(void);
-# define EVP_idea_cfb EVP_idea_cfb64
-const EVP_CIPHER *EVP_idea_ofb(void);
-const EVP_CIPHER *EVP_idea_cbc(void);
-#endif
-#ifndef OPENSSL_NO_RC2
-const EVP_CIPHER *EVP_rc2_ecb(void);
-const EVP_CIPHER *EVP_rc2_cbc(void);
-const EVP_CIPHER *EVP_rc2_40_cbc(void);
-const EVP_CIPHER *EVP_rc2_64_cbc(void);
-const EVP_CIPHER *EVP_rc2_cfb64(void);
-# define EVP_rc2_cfb EVP_rc2_cfb64
-const EVP_CIPHER *EVP_rc2_ofb(void);
-#endif
-#ifndef OPENSSL_NO_BF
-const EVP_CIPHER *EVP_bf_ecb(void);
-const EVP_CIPHER *EVP_bf_cbc(void);
-const EVP_CIPHER *EVP_bf_cfb64(void);
-# define EVP_bf_cfb EVP_bf_cfb64
-const EVP_CIPHER *EVP_bf_ofb(void);
-#endif
-#ifndef OPENSSL_NO_CAST
-const EVP_CIPHER *EVP_cast5_ecb(void);
-const EVP_CIPHER *EVP_cast5_cbc(void);
-const EVP_CIPHER *EVP_cast5_cfb64(void);
-# define EVP_cast5_cfb EVP_cast5_cfb64
-const EVP_CIPHER *EVP_cast5_ofb(void);
-#endif
-#ifndef OPENSSL_NO_RC5
-const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
-# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
-const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
-#endif
-#ifndef OPENSSL_NO_AES
-const EVP_CIPHER *EVP_aes_128_ecb(void);
-const EVP_CIPHER *EVP_aes_128_cbc(void);
-const EVP_CIPHER *EVP_aes_128_cfb1(void);
-const EVP_CIPHER *EVP_aes_128_cfb8(void);
-const EVP_CIPHER *EVP_aes_128_cfb128(void);
-# define EVP_aes_128_cfb EVP_aes_128_cfb128
-const EVP_CIPHER *EVP_aes_128_ofb(void);
-#if 0
-const EVP_CIPHER *EVP_aes_128_ctr(void);
-#endif
-const EVP_CIPHER *EVP_aes_192_ecb(void);
-const EVP_CIPHER *EVP_aes_192_cbc(void);
-const EVP_CIPHER *EVP_aes_192_cfb1(void);
-const EVP_CIPHER *EVP_aes_192_cfb8(void);
-const EVP_CIPHER *EVP_aes_192_cfb128(void);
-# define EVP_aes_192_cfb EVP_aes_192_cfb128
-const EVP_CIPHER *EVP_aes_192_ofb(void);
-#if 0
-const EVP_CIPHER *EVP_aes_192_ctr(void);
-#endif
-const EVP_CIPHER *EVP_aes_256_ecb(void);
-const EVP_CIPHER *EVP_aes_256_cbc(void);
-const EVP_CIPHER *EVP_aes_256_cfb1(void);
-const EVP_CIPHER *EVP_aes_256_cfb8(void);
-const EVP_CIPHER *EVP_aes_256_cfb128(void);
-# define EVP_aes_256_cfb EVP_aes_256_cfb128
-const EVP_CIPHER *EVP_aes_256_ofb(void);
-#if 0
-const EVP_CIPHER *EVP_aes_256_ctr(void);
-#endif
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-const EVP_CIPHER *EVP_camellia_128_ecb(void);
-const EVP_CIPHER *EVP_camellia_128_cbc(void);
-const EVP_CIPHER *EVP_camellia_128_cfb1(void);
-const EVP_CIPHER *EVP_camellia_128_cfb8(void);
-const EVP_CIPHER *EVP_camellia_128_cfb128(void);
-# define EVP_camellia_128_cfb EVP_camellia_128_cfb128
-const EVP_CIPHER *EVP_camellia_128_ofb(void);
-const EVP_CIPHER *EVP_camellia_192_ecb(void);
-const EVP_CIPHER *EVP_camellia_192_cbc(void);
-const EVP_CIPHER *EVP_camellia_192_cfb1(void);
-const EVP_CIPHER *EVP_camellia_192_cfb8(void);
-const EVP_CIPHER *EVP_camellia_192_cfb128(void);
-# define EVP_camellia_192_cfb EVP_camellia_192_cfb128
-const EVP_CIPHER *EVP_camellia_192_ofb(void);
-const EVP_CIPHER *EVP_camellia_256_ecb(void);
-const EVP_CIPHER *EVP_camellia_256_cbc(void);
-const EVP_CIPHER *EVP_camellia_256_cfb1(void);
-const EVP_CIPHER *EVP_camellia_256_cfb8(void);
-const EVP_CIPHER *EVP_camellia_256_cfb128(void);
-# define EVP_camellia_256_cfb EVP_camellia_256_cfb128
-const EVP_CIPHER *EVP_camellia_256_ofb(void);
-#endif
-
-#ifndef OPENSSL_NO_SEED
-const EVP_CIPHER *EVP_seed_ecb(void);
-const EVP_CIPHER *EVP_seed_cbc(void);
-const EVP_CIPHER *EVP_seed_cfb128(void);
-# define EVP_seed_cfb EVP_seed_cfb128
-const EVP_CIPHER *EVP_seed_ofb(void);
-#endif
-
-void OPENSSL_add_all_algorithms_noconf(void);
-void OPENSSL_add_all_algorithms_conf(void);
-
-#ifdef OPENSSL_LOAD_CONF
-#define OpenSSL_add_all_algorithms() \
- OPENSSL_add_all_algorithms_conf()
-#else
-#define OpenSSL_add_all_algorithms() \
- OPENSSL_add_all_algorithms_noconf()
-#endif
-
-void OpenSSL_add_all_ciphers(void);
-void OpenSSL_add_all_digests(void);
-#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
-#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
-#define SSLeay_add_all_digests() OpenSSL_add_all_digests()
-
-int EVP_add_cipher(const EVP_CIPHER *cipher);
-int EVP_add_digest(const EVP_MD *digest);
-
-const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
-const EVP_MD *EVP_get_digestbyname(const char *name);
-void EVP_cleanup(void);
-
-int EVP_PKEY_decrypt(unsigned char *dec_key,
- const unsigned char *enc_key,int enc_key_len,
- EVP_PKEY *private_key);
-int EVP_PKEY_encrypt(unsigned char *enc_key,
- const unsigned char *key,int key_len,
- EVP_PKEY *pub_key);
-int EVP_PKEY_type(int type);
-int EVP_PKEY_bits(EVP_PKEY *pkey);
-int EVP_PKEY_size(EVP_PKEY *pkey);
-int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
-
-#ifndef OPENSSL_NO_RSA
-struct rsa_st;
-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key);
-struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_DSA
-struct dsa_st;
-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key);
-struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_DH
-struct dh_st;
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);
-struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_EC
-struct ec_key_st;
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key);
-struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-#endif
-
-EVP_PKEY * EVP_PKEY_new(void);
-void EVP_PKEY_free(EVP_PKEY *pkey);
-
-EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,
- long length);
-int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
-
-EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp,
- long length);
-EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
- long length);
-int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
-
-int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
-int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
-int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
-int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
-
-int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
-
-int EVP_CIPHER_type(const EVP_CIPHER *ctx);
-
-/* calls methods */
-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-/* These are used by EVP_CIPHER methods */
-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
-
-/* PKCS5 password based encryption */
-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
- int en_de);
-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
- const unsigned char *salt, int saltlen, int iter,
- int keylen, unsigned char *out);
-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
- int en_de);
-
-void PKCS5_PBE_add(void);
-
-int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
- ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
- EVP_PBE_KEYGEN *keygen);
-void EVP_PBE_cleanup(void);
-
-#ifdef OPENSSL_FIPS
-#ifndef OPENSSL_NO_ENGINE
-void int_EVP_MD_set_engine_callbacks(
- int (*eng_md_init)(ENGINE *impl),
- int (*eng_md_fin)(ENGINE *impl),
- int (*eng_md_evp)
- (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl));
-void int_EVP_MD_init_engine_callbacks(void);
-void int_EVP_CIPHER_set_engine_callbacks(
- int (*eng_ciph_fin)(ENGINE *impl),
- int (*eng_ciph_evp)
- (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl));
-void int_EVP_CIPHER_init_engine_callbacks(void);
-#endif
-#endif
-
-void EVP_add_alg_module(void);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_EVP_strings(void);
-
-/* Error codes for the EVP functions. */
-
-/* Function codes. */
-#define EVP_F_AES_INIT_KEY 133
-#define EVP_F_ALG_MODULE_INIT 138
-#define EVP_F_CAMELLIA_INIT_KEY 159
-#define EVP_F_D2I_PKEY 100
-#define EVP_F_DO_EVP_ENC_ENGINE 140
-#define EVP_F_DO_EVP_ENC_ENGINE_FULL 141
-#define EVP_F_DO_EVP_MD_ENGINE 139
-#define EVP_F_DO_EVP_MD_ENGINE_FULL 142
-#define EVP_F_DSAPKEY2PKCS8 134
-#define EVP_F_DSA_PKEY2PKCS8 135
-#define EVP_F_ECDSA_PKEY2PKCS8 129
-#define EVP_F_ECKEY_PKEY2PKCS8 132
-#define EVP_F_EVP_CIPHERINIT 137
-#define EVP_F_EVP_CIPHERINIT_EX 123
-#define EVP_F_EVP_CIPHER_CTX_CTRL 124
-#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
-#define EVP_F_EVP_DECRYPTFINAL_EX 101
-#define EVP_F_EVP_DIGESTINIT 136
-#define EVP_F_EVP_DIGESTINIT_EX 128
-#define EVP_F_EVP_ENCRYPTFINAL_EX 127
-#define EVP_F_EVP_MD_CTX_COPY_EX 110
-#define EVP_F_EVP_OPENINIT 102
-#define EVP_F_EVP_PBE_ALG_ADD 115
-#define EVP_F_EVP_PBE_CIPHERINIT 116
-#define EVP_F_EVP_PKCS82PKEY 111
-#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113
-#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
-#define EVP_F_EVP_PKEY_DECRYPT 104
-#define EVP_F_EVP_PKEY_ENCRYPT 105
-#define EVP_F_EVP_PKEY_GET1_DH 119
-#define EVP_F_EVP_PKEY_GET1_DSA 120
-#define EVP_F_EVP_PKEY_GET1_ECDSA 130
-#define EVP_F_EVP_PKEY_GET1_EC_KEY 131
-#define EVP_F_EVP_PKEY_GET1_RSA 121
-#define EVP_F_EVP_PKEY_NEW 106
-#define EVP_F_EVP_RIJNDAEL 126
-#define EVP_F_EVP_SIGNFINAL 107
-#define EVP_F_EVP_VERIFYFINAL 108
-#define EVP_F_PKCS5_PBE_KEYIVGEN 117
-#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
-#define EVP_F_PKCS8_SET_BROKEN 112
-#define EVP_F_RC2_MAGIC_TO_METH 109
-#define EVP_F_RC5_CTRL 125
-
-/* Reason codes. */
-#define EVP_R_AES_KEY_SETUP_FAILED 143
-#define EVP_R_ASN1_LIB 140
-#define EVP_R_BAD_BLOCK_LENGTH 136
-#define EVP_R_BAD_DECRYPT 100
-#define EVP_R_BAD_KEY_LENGTH 137
-#define EVP_R_BN_DECODE_ERROR 112
-#define EVP_R_BN_PUBKEY_ERROR 113
-#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
-#define EVP_R_CIPHER_PARAMETER_ERROR 122
-#define EVP_R_CTRL_NOT_IMPLEMENTED 132
-#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
-#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
-#define EVP_R_DECODE_ERROR 114
-#define EVP_R_DIFFERENT_KEY_TYPES 101
-#define EVP_R_DISABLED_FOR_FIPS 144
-#define EVP_R_ENCODE_ERROR 115
-#define EVP_R_ERROR_LOADING_SECTION 145
-#define EVP_R_ERROR_SETTING_FIPS_MODE 146
-#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
-#define EVP_R_EXPECTING_AN_RSA_KEY 127
-#define EVP_R_EXPECTING_A_DH_KEY 128
-#define EVP_R_EXPECTING_A_DSA_KEY 129
-#define EVP_R_EXPECTING_A_ECDSA_KEY 141
-#define EVP_R_EXPECTING_A_EC_KEY 142
-#define EVP_R_FIPS_MODE_NOT_SUPPORTED 147
-#define EVP_R_INITIALIZATION_ERROR 134
-#define EVP_R_INPUT_NOT_INITIALIZED 111
-#define EVP_R_INVALID_FIPS_MODE 148
-#define EVP_R_INVALID_KEY_LENGTH 130
-#define EVP_R_IV_TOO_LARGE 102
-#define EVP_R_KEYGEN_FAILURE 120
-#define EVP_R_MISSING_PARAMETERS 103
-#define EVP_R_NO_CIPHER_SET 131
-#define EVP_R_NO_DIGEST_SET 139
-#define EVP_R_NO_DSA_PARAMETERS 116
-#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104
-#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
-#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
-#define EVP_R_PUBLIC_KEY_NOT_RSA 106
-#define EVP_R_UNKNOWN_OPTION 149
-#define EVP_R_UNKNOWN_PBE_ALGORITHM 121
-#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135
-#define EVP_R_UNSUPPORTED_CIPHER 107
-#define EVP_R_UNSUPPORTED_KEYLENGTH 123
-#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124
-#define EVP_R_UNSUPPORTED_KEY_SIZE 108
-#define EVP_R_UNSUPPORTED_PRF 125
-#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118
-#define EVP_R_UNSUPPORTED_SALT_TYPE 126
-#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
-#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
-#define EVP_R_SEED_KEY_SETUP_FAILED 162
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp.h (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/evp.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/evp.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1072 @@
+/* crypto/evp/evp.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_ENVELOPE_H
+# define HEADER_ENVELOPE_H
+
+# ifdef OPENSSL_ALGORITHM_DEFINES
+# include <openssl/opensslconf.h>
+# else
+# define OPENSSL_ALGORITHM_DEFINES
+# include <openssl/opensslconf.h>
+# undef OPENSSL_ALGORITHM_DEFINES
+# endif
+
+# include <openssl/ossl_typ.h>
+
+# include <openssl/symhacks.h>
+
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+
+# ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+# endif
+
+/*-
+#define EVP_RC2_KEY_SIZE 16
+#define EVP_RC4_KEY_SIZE 16
+#define EVP_BLOWFISH_KEY_SIZE 16
+#define EVP_CAST5_KEY_SIZE 16
+#define EVP_RC5_32_12_16_KEY_SIZE 16
+*/
+# define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */
+# define EVP_MAX_KEY_LENGTH 32
+# define EVP_MAX_IV_LENGTH 16
+# define EVP_MAX_BLOCK_LENGTH 32
+
+# define PKCS5_SALT_LEN 8
+/* Default PKCS#5 iteration count */
+# define PKCS5_DEFAULT_ITER 2048
+
+# include <openssl/objects.h>
+
+# define EVP_PK_RSA 0x0001
+# define EVP_PK_DSA 0x0002
+# define EVP_PK_DH 0x0004
+# define EVP_PK_EC 0x0008
+# define EVP_PKT_SIGN 0x0010
+# define EVP_PKT_ENC 0x0020
+# define EVP_PKT_EXCH 0x0040
+# define EVP_PKS_RSA 0x0100
+# define EVP_PKS_DSA 0x0200
+# define EVP_PKS_EC 0x0400
+# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */
+
+# define EVP_PKEY_NONE NID_undef
+# define EVP_PKEY_RSA NID_rsaEncryption
+# define EVP_PKEY_RSA2 NID_rsa
+# define EVP_PKEY_DSA NID_dsa
+# define EVP_PKEY_DSA1 NID_dsa_2
+# define EVP_PKEY_DSA2 NID_dsaWithSHA
+# define EVP_PKEY_DSA3 NID_dsaWithSHA1
+# define EVP_PKEY_DSA4 NID_dsaWithSHA1_2
+# define EVP_PKEY_DH NID_dhKeyAgreement
+# define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Type needs to be a bit field Sub-type needs to be for variations on the
+ * method, as in, can it do arbitrary encryption....
+ */
+struct evp_pkey_st {
+ int type;
+ int save_type;
+ int references;
+ union {
+ char *ptr;
+# ifndef OPENSSL_NO_RSA
+ struct rsa_st *rsa; /* RSA */
+# endif
+# ifndef OPENSSL_NO_DSA
+ struct dsa_st *dsa; /* DSA */
+# endif
+# ifndef OPENSSL_NO_DH
+ struct dh_st *dh; /* DH */
+# endif
+# ifndef OPENSSL_NO_EC
+ struct ec_key_st *ec; /* ECC */
+# endif
+ } pkey;
+ int save_parameters;
+ STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+} /* EVP_PKEY */ ;
+
+# define EVP_PKEY_MO_SIGN 0x0001
+# define EVP_PKEY_MO_VERIFY 0x0002
+# define EVP_PKEY_MO_ENCRYPT 0x0004
+# define EVP_PKEY_MO_DECRYPT 0x0008
+
+# if 0
+/*
+ * This structure is required to tie the message digest and signing together.
+ * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or oid, md
+ * and pkey. This is required because for various smart-card perform the
+ * digest and signing/verification on-board. To handle this case, the
+ * specific EVP_MD and EVP_PKEY_METHODs need to be closely associated. When a
+ * PKEY is created, it will have a EVP_PKEY_METHOD associated with it. This
+ * can either be software or a token to provide the required low level
+ * routines.
+ */
+typedef struct evp_pkey_md_st {
+ int oid;
+ EVP_MD *md;
+ EVP_PKEY_METHOD *pkey;
+} EVP_PKEY_MD;
+
+# define EVP_rsa_md2() \
+ EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
+ EVP_rsa_pkcs1(),EVP_md2())
+# define EVP_rsa_md5() \
+ EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
+ EVP_rsa_pkcs1(),EVP_md5())
+# define EVP_rsa_sha0() \
+ EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
+ EVP_rsa_pkcs1(),EVP_sha())
+# define EVP_rsa_sha1() \
+ EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
+ EVP_rsa_pkcs1(),EVP_sha1())
+# define EVP_rsa_ripemd160() \
+ EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
+ EVP_rsa_pkcs1(),EVP_ripemd160())
+# define EVP_rsa_mdc2() \
+ EVP_PKEY_MD_add(NID_mdc2WithRSA,\
+ EVP_rsa_octet_string(),EVP_mdc2())
+# define EVP_dsa_sha() \
+ EVP_PKEY_MD_add(NID_dsaWithSHA,\
+ EVP_dsa(),EVP_sha())
+# define EVP_dsa_sha1() \
+ EVP_PKEY_MD_add(NID_dsaWithSHA1,\
+ EVP_dsa(),EVP_sha1())
+
+typedef struct evp_pkey_method_st {
+ char *name;
+ int flags;
+ int type; /* RSA, DSA, an SSLeay specific constant */
+ int oid; /* For the pub-key type */
+ int encrypt_oid; /* pub/priv key encryption */
+ int (*sign) ();
+ int (*verify) ();
+ struct {
+ int (*set) (); /* get and/or set the underlying type */
+ int (*get) ();
+ int (*encrypt) ();
+ int (*decrypt) ();
+ int (*i2d) ();
+ int (*d2i) ();
+ int (*dup) ();
+ } pub, priv;
+ int (*set_asn1_parameters) ();
+ int (*get_asn1_parameters) ();
+} EVP_PKEY_METHOD;
+# endif
+
+# ifndef EVP_MD
+struct env_md_st {
+ int type;
+ int pkey_type;
+ int md_size;
+ unsigned long flags;
+ int (*init) (EVP_MD_CTX *ctx);
+ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
+ int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
+ int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from);
+ int (*cleanup) (EVP_MD_CTX *ctx);
+ /* FIXME: prototype these some day */
+ int (*sign) (int type, const unsigned char *m, unsigned int m_length,
+ unsigned char *sigret, unsigned int *siglen, void *key);
+ int (*verify) (int type, const unsigned char *m, unsigned int m_length,
+ const unsigned char *sigbuf, unsigned int siglen,
+ void *key);
+ int required_pkey_type[5]; /* EVP_PKEY_xxx */
+ int block_size;
+ int ctx_size; /* how big does the ctx->md_data need to be */
+} /* EVP_MD */ ;
+
+typedef int evp_sign_method(int type, const unsigned char *m,
+ unsigned int m_length, unsigned char *sigret,
+ unsigned int *siglen, void *key);
+typedef int evp_verify_method(int type, const unsigned char *m,
+ unsigned int m_length,
+ const unsigned char *sigbuf,
+ unsigned int siglen, void *key);
+
+typedef struct {
+ EVP_MD_CTX *mctx;
+ void *key;
+} EVP_MD_SVCTX;
+
+/* digest can only handle a single block */
+# define EVP_MD_FLAG_ONESHOT 0x0001
+
+/* Note if suitable for use in FIPS mode */
+# define EVP_MD_FLAG_FIPS 0x0400
+
+# define EVP_MD_FLAG_SVCTX 0x0800
+ /* pass EVP_MD_SVCTX to sign/verify */
+
+# define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0}
+
+# ifndef OPENSSL_NO_DSA
+# define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \
+ (evp_verify_method *)DSA_verify, \
+ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
+ EVP_PKEY_DSA4,0}
+# else
+# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method
+# endif
+
+# ifndef OPENSSL_NO_ECDSA
+# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \
+ (evp_verify_method *)ECDSA_verify, \
+ {EVP_PKEY_EC,0,0,0}
+# else
+# define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method
+# endif
+
+# ifndef OPENSSL_NO_RSA
+# define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \
+ (evp_verify_method *)RSA_verify, \
+ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
+# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
+ (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \
+ (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \
+ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
+# else
+# define EVP_PKEY_RSA_method EVP_PKEY_NULL_method
+# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method
+# endif
+
+# endif /* !EVP_MD */
+
+struct env_md_ctx_st {
+ const EVP_MD *digest;
+ ENGINE *engine; /* functional reference if 'digest' is
+ * ENGINE-provided */
+ unsigned long flags;
+ void *md_data;
+} /* EVP_MD_CTX */ ;
+
+/* values for EVP_MD_CTX flags */
+
+# define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be
+ * called once only */
+# define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been
+ * cleaned */
+# define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data
+ * in EVP_MD_CTX_cleanup */
+# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008/* Allow use of non FIPS
+ * digest in FIPS mode */
+
+# define EVP_MD_CTX_FLAG_PAD_MASK 0xF0/* RSA mode to use */
+# define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00/* PKCS#1 v1.5 mode */
+# define EVP_MD_CTX_FLAG_PAD_X931 0x10/* X9.31 mode */
+# define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */
+# define M_EVP_MD_CTX_FLAG_PSS_SALT(ctx) \
+ ((ctx->flags>>16) &0xFFFF) /* seed length */
+# define EVP_MD_CTX_FLAG_PSS_MDLEN 0xFFFF/* salt len same as digest */
+# define EVP_MD_CTX_FLAG_PSS_MREC 0xFFFE/* salt max or auto recovered */
+
+struct evp_cipher_st {
+ int nid;
+ int block_size;
+ /* Default value for variable length ciphers */
+ int key_len;
+ int iv_len;
+ /* Various flags */
+ unsigned long flags;
+ /* init key */
+ int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+ /* encrypt/decrypt data */
+ int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl);
+ /* cleanup ctx */
+ int (*cleanup) (EVP_CIPHER_CTX *);
+ /* how big ctx->cipher_data needs to be */
+ int ctx_size;
+ /* Populate a ASN1_TYPE with parameters */
+ int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+ /* Get parameters from a ASN1_TYPE */
+ int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+ /* Miscellaneous operations */
+ int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+ /* Application data */
+ void *app_data;
+} /* EVP_CIPHER */ ;
+
+/* Values for cipher flags */
+
+/* Modes for ciphers */
+
+# define EVP_CIPH_STREAM_CIPHER 0x0
+# define EVP_CIPH_ECB_MODE 0x1
+# define EVP_CIPH_CBC_MODE 0x2
+# define EVP_CIPH_CFB_MODE 0x3
+# define EVP_CIPH_OFB_MODE 0x4
+# define EVP_CIPH_MODE 0x7
+/* Set if variable length cipher */
+# define EVP_CIPH_VARIABLE_LENGTH 0x8
+/* Set if the iv handling should be done by the cipher itself */
+# define EVP_CIPH_CUSTOM_IV 0x10
+/* Set if the cipher's init() function should be called if key is NULL */
+# define EVP_CIPH_ALWAYS_CALL_INIT 0x20
+/* Call ctrl() to init cipher parameters */
+# define EVP_CIPH_CTRL_INIT 0x40
+/* Don't use standard key length function */
+# define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80
+/* Don't use standard block padding */
+# define EVP_CIPH_NO_PADDING 0x100
+/* cipher handles random key generation */
+# define EVP_CIPH_RAND_KEY 0x200
+/* Note if suitable for use in FIPS mode */
+# define EVP_CIPH_FLAG_FIPS 0x400
+/* Allow non FIPS cipher in FIPS mode */
+# define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x800
+/* Allow use default ASN1 get/set iv */
+# define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000
+/* Buffer length in bits not bytes: CFB1 mode only */
+# define EVP_CIPH_FLAG_LENGTH_BITS 0x2000
+
+/* ctrl() values */
+
+# define EVP_CTRL_INIT 0x0
+# define EVP_CTRL_SET_KEY_LENGTH 0x1
+# define EVP_CTRL_GET_RC2_KEY_BITS 0x2
+# define EVP_CTRL_SET_RC2_KEY_BITS 0x3
+# define EVP_CTRL_GET_RC5_ROUNDS 0x4
+# define EVP_CTRL_SET_RC5_ROUNDS 0x5
+# define EVP_CTRL_RAND_KEY 0x6
+
+typedef struct evp_cipher_info_st {
+ const EVP_CIPHER *cipher;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+} EVP_CIPHER_INFO;
+
+struct evp_cipher_ctx_st {
+ const EVP_CIPHER *cipher;
+ ENGINE *engine; /* functional reference if 'cipher' is
+ * ENGINE-provided */
+ int encrypt; /* encrypt or decrypt */
+ int buf_len; /* number we have left */
+ unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
+ unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
+ unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */
+ int num; /* used by cfb/ofb mode */
+ void *app_data; /* application stuff */
+ int key_len; /* May change for variable length cipher */
+ unsigned long flags; /* Various flags */
+ void *cipher_data; /* per EVP data */
+ int final_used;
+ int block_mask;
+ unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
+} /* EVP_CIPHER_CTX */ ;
+
+typedef struct evp_Encode_Ctx_st {
+ /* number saved in a partial encode/decode */
+ int num;
+ /*
+ * The length is either the output line length (in input bytes) or the
+ * shortest input line length that is ok. Once decoding begins, the
+ * length is adjusted up each time a longer line is decoded
+ */
+ int length;
+ /* data to encode */
+ unsigned char enc_data[80];
+ /* number read on current line */
+ int line_num;
+ int expect_nl;
+} EVP_ENCODE_CTX;
+
+/* Password based encryption function */
+typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
+ int passlen, ASN1_TYPE *param,
+ const EVP_CIPHER *cipher, const EVP_MD *md,
+ int en_de);
+
+# ifndef OPENSSL_NO_RSA
+# define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
+ (char *)(rsa))
+# endif
+
+# ifndef OPENSSL_NO_DSA
+# define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
+ (char *)(dsa))
+# endif
+
+# ifndef OPENSSL_NO_DH
+# define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
+ (char *)(dh))
+# endif
+
+# ifndef OPENSSL_NO_EC
+# define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
+ (char *)(eckey))
+# endif
+
+/* Add some extra combinations */
+# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+
+/* Macros to reduce FIPS dependencies: do NOT use in applications */
+# define M_EVP_MD_size(e) ((e)->md_size)
+# define M_EVP_MD_block_size(e) ((e)->block_size)
+# define M_EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+# define M_EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
+# define M_EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
+# define M_EVP_MD_type(e) ((e)->type)
+# define M_EVP_MD_CTX_type(e) M_EVP_MD_type(M_EVP_MD_CTX_md(e))
+# define M_EVP_MD_CTX_md(e) ((e)->digest)
+
+# define M_EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+
+int EVP_MD_type(const EVP_MD *md);
+# define EVP_MD_nid(e) EVP_MD_type(e)
+# define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e))
+int EVP_MD_pkey_type(const EVP_MD *md);
+int EVP_MD_size(const EVP_MD *md);
+int EVP_MD_block_size(const EVP_MD *md);
+
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+# define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e))
+# define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e))
+# define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e))
+
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e))
+int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
+int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
+int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
+
+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
+# define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
+# define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
+
+# define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80)
+# define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80)
+
+# define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c)
+# define EVP_SignInit(a,b) EVP_DigestInit(a,b)
+# define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
+# define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c)
+# define EVP_VerifyInit(a,b) EVP_DigestInit(a,b)
+# define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
+# define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e)
+# define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e)
+
+# ifdef CONST_STRICT
+void BIO_set_md(BIO *, const EVP_MD *md);
+# else
+# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
+# endif
+# define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
+# define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
+# define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp)
+# define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
+# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
+
+int EVP_Cipher(EVP_CIPHER_CTX *c,
+ unsigned char *out, const unsigned char *in, unsigned int inl);
+
+# define EVP_add_cipher_alias(n,alias) \
+ OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
+# define EVP_add_digest_alias(n,alias) \
+ OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))
+# define EVP_delete_cipher_alias(alias) \
+ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);
+# define EVP_delete_digest_alias(alias) \
+ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
+
+void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
+EVP_MD_CTX *EVP_MD_CTX_create(void);
+void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
+int EVP_Digest(const void *data, size_t count,
+ unsigned char *md, unsigned int *size, const EVP_MD *type,
+ ENGINE *impl);
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
+
+int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
+void EVP_set_pw_prompt(const char *prompt);
+char *EVP_get_pw_prompt(void);
+
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+ const unsigned char *salt, const unsigned char *data,
+ int datal, int count, unsigned char *key,
+ unsigned char *iv);
+
+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
+
+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ const unsigned char *key, const unsigned char *iv);
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ ENGINE *impl, const unsigned char *key,
+ const unsigned char *iv);
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ const unsigned char *key, const unsigned char *iv);
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ ENGINE *impl, const unsigned char *key,
+ const unsigned char *iv);
+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ const unsigned char *key, const unsigned char *iv,
+ int enc);
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ ENGINE *impl, const unsigned char *key,
+ const unsigned char *iv, int enc);
+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
+ EVP_PKEY *pkey);
+
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+ unsigned int siglen, EVP_PKEY *pkey);
+
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ const unsigned char *ek, int ekl, const unsigned char *iv,
+ EVP_PKEY *priv);
+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ unsigned char **ek, int *ekl, unsigned char *iv,
+ EVP_PKEY **pubk, int npubk);
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+ char *out, int *outl);
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
+
+# ifndef OPENSSL_NO_BIO
+BIO_METHOD *BIO_f_md(void);
+BIO_METHOD *BIO_f_base64(void);
+BIO_METHOD *BIO_f_cipher(void);
+BIO_METHOD *BIO_f_reliable(void);
+void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+ const unsigned char *i, int enc);
+# endif
+
+const EVP_MD *EVP_md_null(void);
+# ifndef OPENSSL_NO_MD2
+const EVP_MD *EVP_md2(void);
+# endif
+# ifndef OPENSSL_NO_MD4
+const EVP_MD *EVP_md4(void);
+# endif
+# ifndef OPENSSL_NO_MD5
+const EVP_MD *EVP_md5(void);
+# endif
+# ifndef OPENSSL_NO_SHA
+const EVP_MD *EVP_sha(void);
+const EVP_MD *EVP_sha1(void);
+const EVP_MD *EVP_dss(void);
+const EVP_MD *EVP_dss1(void);
+const EVP_MD *EVP_ecdsa(void);
+# endif
+# ifndef OPENSSL_NO_SHA256
+const EVP_MD *EVP_sha224(void);
+const EVP_MD *EVP_sha256(void);
+# endif
+# ifndef OPENSSL_NO_SHA512
+const EVP_MD *EVP_sha384(void);
+const EVP_MD *EVP_sha512(void);
+# endif
+# ifndef OPENSSL_NO_MDC2
+const EVP_MD *EVP_mdc2(void);
+# endif
+# ifndef OPENSSL_NO_RIPEMD
+const EVP_MD *EVP_ripemd160(void);
+# endif
+const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
+# ifndef OPENSSL_NO_DES
+const EVP_CIPHER *EVP_des_ecb(void);
+const EVP_CIPHER *EVP_des_ede(void);
+const EVP_CIPHER *EVP_des_ede3(void);
+const EVP_CIPHER *EVP_des_ede_ecb(void);
+const EVP_CIPHER *EVP_des_ede3_ecb(void);
+const EVP_CIPHER *EVP_des_cfb64(void);
+# define EVP_des_cfb EVP_des_cfb64
+const EVP_CIPHER *EVP_des_cfb1(void);
+const EVP_CIPHER *EVP_des_cfb8(void);
+const EVP_CIPHER *EVP_des_ede_cfb64(void);
+# define EVP_des_ede_cfb EVP_des_ede_cfb64
+# if 0
+const EVP_CIPHER *EVP_des_ede_cfb1(void);
+const EVP_CIPHER *EVP_des_ede_cfb8(void);
+# endif
+const EVP_CIPHER *EVP_des_ede3_cfb64(void);
+# define EVP_des_ede3_cfb EVP_des_ede3_cfb64
+const EVP_CIPHER *EVP_des_ede3_cfb1(void);
+const EVP_CIPHER *EVP_des_ede3_cfb8(void);
+const EVP_CIPHER *EVP_des_ofb(void);
+const EVP_CIPHER *EVP_des_ede_ofb(void);
+const EVP_CIPHER *EVP_des_ede3_ofb(void);
+const EVP_CIPHER *EVP_des_cbc(void);
+const EVP_CIPHER *EVP_des_ede_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_desx_cbc(void);
+/*
+ * This should now be supported through the dev_crypto ENGINE. But also, why
+ * are rc4 and md5 declarations made here inside a "NO_DES" precompiler
+ * branch?
+ */
+# if 0
+# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_dev_crypto_rc4(void);
+const EVP_MD *EVP_dev_crypto_md5(void);
+# endif
+# endif
+# endif
+# ifndef OPENSSL_NO_RC4
+const EVP_CIPHER *EVP_rc4(void);
+const EVP_CIPHER *EVP_rc4_40(void);
+# endif
+# ifndef OPENSSL_NO_IDEA
+const EVP_CIPHER *EVP_idea_ecb(void);
+const EVP_CIPHER *EVP_idea_cfb64(void);
+# define EVP_idea_cfb EVP_idea_cfb64
+const EVP_CIPHER *EVP_idea_ofb(void);
+const EVP_CIPHER *EVP_idea_cbc(void);
+# endif
+# ifndef OPENSSL_NO_RC2
+const EVP_CIPHER *EVP_rc2_ecb(void);
+const EVP_CIPHER *EVP_rc2_cbc(void);
+const EVP_CIPHER *EVP_rc2_40_cbc(void);
+const EVP_CIPHER *EVP_rc2_64_cbc(void);
+const EVP_CIPHER *EVP_rc2_cfb64(void);
+# define EVP_rc2_cfb EVP_rc2_cfb64
+const EVP_CIPHER *EVP_rc2_ofb(void);
+# endif
+# ifndef OPENSSL_NO_BF
+const EVP_CIPHER *EVP_bf_ecb(void);
+const EVP_CIPHER *EVP_bf_cbc(void);
+const EVP_CIPHER *EVP_bf_cfb64(void);
+# define EVP_bf_cfb EVP_bf_cfb64
+const EVP_CIPHER *EVP_bf_ofb(void);
+# endif
+# ifndef OPENSSL_NO_CAST
+const EVP_CIPHER *EVP_cast5_ecb(void);
+const EVP_CIPHER *EVP_cast5_cbc(void);
+const EVP_CIPHER *EVP_cast5_cfb64(void);
+# define EVP_cast5_cfb EVP_cast5_cfb64
+const EVP_CIPHER *EVP_cast5_ofb(void);
+# endif
+# ifndef OPENSSL_NO_RC5
+const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
+# define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
+const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
+# endif
+# ifndef OPENSSL_NO_AES
+const EVP_CIPHER *EVP_aes_128_ecb(void);
+const EVP_CIPHER *EVP_aes_128_cbc(void);
+const EVP_CIPHER *EVP_aes_128_cfb1(void);
+const EVP_CIPHER *EVP_aes_128_cfb8(void);
+const EVP_CIPHER *EVP_aes_128_cfb128(void);
+# define EVP_aes_128_cfb EVP_aes_128_cfb128
+const EVP_CIPHER *EVP_aes_128_ofb(void);
+# if 0
+const EVP_CIPHER *EVP_aes_128_ctr(void);
+# endif
+const EVP_CIPHER *EVP_aes_192_ecb(void);
+const EVP_CIPHER *EVP_aes_192_cbc(void);
+const EVP_CIPHER *EVP_aes_192_cfb1(void);
+const EVP_CIPHER *EVP_aes_192_cfb8(void);
+const EVP_CIPHER *EVP_aes_192_cfb128(void);
+# define EVP_aes_192_cfb EVP_aes_192_cfb128
+const EVP_CIPHER *EVP_aes_192_ofb(void);
+# if 0
+const EVP_CIPHER *EVP_aes_192_ctr(void);
+# endif
+const EVP_CIPHER *EVP_aes_256_ecb(void);
+const EVP_CIPHER *EVP_aes_256_cbc(void);
+const EVP_CIPHER *EVP_aes_256_cfb1(void);
+const EVP_CIPHER *EVP_aes_256_cfb8(void);
+const EVP_CIPHER *EVP_aes_256_cfb128(void);
+# define EVP_aes_256_cfb EVP_aes_256_cfb128
+const EVP_CIPHER *EVP_aes_256_ofb(void);
+# if 0
+const EVP_CIPHER *EVP_aes_256_ctr(void);
+# endif
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+const EVP_CIPHER *EVP_camellia_128_ecb(void);
+const EVP_CIPHER *EVP_camellia_128_cbc(void);
+const EVP_CIPHER *EVP_camellia_128_cfb1(void);
+const EVP_CIPHER *EVP_camellia_128_cfb8(void);
+const EVP_CIPHER *EVP_camellia_128_cfb128(void);
+# define EVP_camellia_128_cfb EVP_camellia_128_cfb128
+const EVP_CIPHER *EVP_camellia_128_ofb(void);
+const EVP_CIPHER *EVP_camellia_192_ecb(void);
+const EVP_CIPHER *EVP_camellia_192_cbc(void);
+const EVP_CIPHER *EVP_camellia_192_cfb1(void);
+const EVP_CIPHER *EVP_camellia_192_cfb8(void);
+const EVP_CIPHER *EVP_camellia_192_cfb128(void);
+# define EVP_camellia_192_cfb EVP_camellia_192_cfb128
+const EVP_CIPHER *EVP_camellia_192_ofb(void);
+const EVP_CIPHER *EVP_camellia_256_ecb(void);
+const EVP_CIPHER *EVP_camellia_256_cbc(void);
+const EVP_CIPHER *EVP_camellia_256_cfb1(void);
+const EVP_CIPHER *EVP_camellia_256_cfb8(void);
+const EVP_CIPHER *EVP_camellia_256_cfb128(void);
+# define EVP_camellia_256_cfb EVP_camellia_256_cfb128
+const EVP_CIPHER *EVP_camellia_256_ofb(void);
+# endif
+
+# ifndef OPENSSL_NO_SEED
+const EVP_CIPHER *EVP_seed_ecb(void);
+const EVP_CIPHER *EVP_seed_cbc(void);
+const EVP_CIPHER *EVP_seed_cfb128(void);
+# define EVP_seed_cfb EVP_seed_cfb128
+const EVP_CIPHER *EVP_seed_ofb(void);
+# endif
+
+void OPENSSL_add_all_algorithms_noconf(void);
+void OPENSSL_add_all_algorithms_conf(void);
+
+# ifdef OPENSSL_LOAD_CONF
+# define OpenSSL_add_all_algorithms() \
+ OPENSSL_add_all_algorithms_conf()
+# else
+# define OpenSSL_add_all_algorithms() \
+ OPENSSL_add_all_algorithms_noconf()
+# endif
+
+void OpenSSL_add_all_ciphers(void);
+void OpenSSL_add_all_digests(void);
+# define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
+# define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
+# define SSLeay_add_all_digests() OpenSSL_add_all_digests()
+
+int EVP_add_cipher(const EVP_CIPHER *cipher);
+int EVP_add_digest(const EVP_MD *digest);
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+const EVP_MD *EVP_get_digestbyname(const char *name);
+void EVP_cleanup(void);
+
+int EVP_PKEY_decrypt(unsigned char *dec_key,
+ const unsigned char *enc_key, int enc_key_len,
+ EVP_PKEY *private_key);
+int EVP_PKEY_encrypt(unsigned char *enc_key,
+ const unsigned char *key, int key_len,
+ EVP_PKEY *pub_key);
+int EVP_PKEY_type(int type);
+int EVP_PKEY_bits(EVP_PKEY *pkey);
+int EVP_PKEY_size(EVP_PKEY *pkey);
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key);
+
+# ifndef OPENSSL_NO_RSA
+struct rsa_st;
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
+struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+# endif
+# ifndef OPENSSL_NO_DSA
+struct dsa_st;
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
+struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+# endif
+# ifndef OPENSSL_NO_DH
+struct dh_st;
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
+struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+# endif
+# ifndef OPENSSL_NO_EC
+struct ec_key_st;
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
+struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+# endif
+
+EVP_PKEY *EVP_PKEY_new(void);
+void EVP_PKEY_free(EVP_PKEY *pkey);
+
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+ long length);
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+ long length);
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+ long length);
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
+int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode);
+int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+
+int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+
+int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
+/* calls methods */
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+/* These are used by EVP_CIPHER methods */
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+/* PKCS5 password based encryption */
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+ ASN1_TYPE *param, const EVP_CIPHER *cipher,
+ const EVP_MD *md, int en_de);
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+ const unsigned char *salt, int saltlen, int iter,
+ int keylen, unsigned char *out);
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+ ASN1_TYPE *param, const EVP_CIPHER *cipher,
+ const EVP_MD *md, int en_de);
+
+void PKCS5_PBE_add(void);
+
+int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+ ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+ EVP_PBE_KEYGEN *keygen);
+void EVP_PBE_cleanup(void);
+
+# ifdef OPENSSL_FIPS
+# ifndef OPENSSL_NO_ENGINE
+void int_EVP_MD_set_engine_callbacks(int (*eng_md_init) (ENGINE *impl),
+ int (*eng_md_fin) (ENGINE *impl),
+ int (*eng_md_evp)
+ (EVP_MD_CTX *ctx, const EVP_MD **ptype,
+ ENGINE *impl));
+void int_EVP_MD_init_engine_callbacks(void);
+void int_EVP_CIPHER_set_engine_callbacks(int (*eng_ciph_fin) (ENGINE *impl),
+ int (*eng_ciph_evp)
+ (EVP_CIPHER_CTX *ctx,
+ const EVP_CIPHER **pciph,
+ ENGINE *impl));
+void int_EVP_CIPHER_init_engine_callbacks(void);
+# endif
+# endif
+
+void EVP_add_alg_module(void);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_EVP_strings(void);
+
+/* Error codes for the EVP functions. */
+
+/* Function codes. */
+# define EVP_F_AES_INIT_KEY 133
+# define EVP_F_ALG_MODULE_INIT 138
+# define EVP_F_CAMELLIA_INIT_KEY 159
+# define EVP_F_D2I_PKEY 100
+# define EVP_F_DO_EVP_ENC_ENGINE 140
+# define EVP_F_DO_EVP_ENC_ENGINE_FULL 141
+# define EVP_F_DO_EVP_MD_ENGINE 139
+# define EVP_F_DO_EVP_MD_ENGINE_FULL 142
+# define EVP_F_DSAPKEY2PKCS8 134
+# define EVP_F_DSA_PKEY2PKCS8 135
+# define EVP_F_ECDSA_PKEY2PKCS8 129
+# define EVP_F_ECKEY_PKEY2PKCS8 132
+# define EVP_F_EVP_CIPHERINIT 137
+# define EVP_F_EVP_CIPHERINIT_EX 123
+# define EVP_F_EVP_CIPHER_CTX_CTRL 124
+# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122
+# define EVP_F_EVP_DECRYPTFINAL_EX 101
+# define EVP_F_EVP_DIGESTINIT 136
+# define EVP_F_EVP_DIGESTINIT_EX 128
+# define EVP_F_EVP_ENCRYPTFINAL_EX 127
+# define EVP_F_EVP_MD_CTX_COPY_EX 110
+# define EVP_F_EVP_OPENINIT 102
+# define EVP_F_EVP_PBE_ALG_ADD 115
+# define EVP_F_EVP_PBE_CIPHERINIT 116
+# define EVP_F_EVP_PKCS82PKEY 111
+# define EVP_F_EVP_PKEY2PKCS8_BROKEN 113
+# define EVP_F_EVP_PKEY_COPY_PARAMETERS 103
+# define EVP_F_EVP_PKEY_DECRYPT 104
+# define EVP_F_EVP_PKEY_ENCRYPT 105
+# define EVP_F_EVP_PKEY_GET1_DH 119
+# define EVP_F_EVP_PKEY_GET1_DSA 120
+# define EVP_F_EVP_PKEY_GET1_ECDSA 130
+# define EVP_F_EVP_PKEY_GET1_EC_KEY 131
+# define EVP_F_EVP_PKEY_GET1_RSA 121
+# define EVP_F_EVP_PKEY_NEW 106
+# define EVP_F_EVP_RIJNDAEL 126
+# define EVP_F_EVP_SIGNFINAL 107
+# define EVP_F_EVP_VERIFYFINAL 108
+# define EVP_F_PKCS5_PBE_KEYIVGEN 117
+# define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118
+# define EVP_F_PKCS8_SET_BROKEN 112
+# define EVP_F_RC2_MAGIC_TO_METH 109
+# define EVP_F_RC5_CTRL 125
+
+/* Reason codes. */
+# define EVP_R_AES_KEY_SETUP_FAILED 143
+# define EVP_R_ASN1_LIB 140
+# define EVP_R_BAD_BLOCK_LENGTH 136
+# define EVP_R_BAD_DECRYPT 100
+# define EVP_R_BAD_KEY_LENGTH 137
+# define EVP_R_BN_DECODE_ERROR 112
+# define EVP_R_BN_PUBKEY_ERROR 113
+# define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157
+# define EVP_R_CIPHER_PARAMETER_ERROR 122
+# define EVP_R_CTRL_NOT_IMPLEMENTED 132
+# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133
+# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138
+# define EVP_R_DECODE_ERROR 114
+# define EVP_R_DIFFERENT_KEY_TYPES 101
+# define EVP_R_DISABLED_FOR_FIPS 144
+# define EVP_R_ENCODE_ERROR 115
+# define EVP_R_ERROR_LOADING_SECTION 145
+# define EVP_R_ERROR_SETTING_FIPS_MODE 146
+# define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119
+# define EVP_R_EXPECTING_AN_RSA_KEY 127
+# define EVP_R_EXPECTING_A_DH_KEY 128
+# define EVP_R_EXPECTING_A_DSA_KEY 129
+# define EVP_R_EXPECTING_A_ECDSA_KEY 141
+# define EVP_R_EXPECTING_A_EC_KEY 142
+# define EVP_R_FIPS_MODE_NOT_SUPPORTED 147
+# define EVP_R_INITIALIZATION_ERROR 134
+# define EVP_R_INPUT_NOT_INITIALIZED 111
+# define EVP_R_INVALID_FIPS_MODE 148
+# define EVP_R_INVALID_KEY_LENGTH 130
+# define EVP_R_IV_TOO_LARGE 102
+# define EVP_R_KEYGEN_FAILURE 120
+# define EVP_R_MISSING_PARAMETERS 103
+# define EVP_R_NO_CIPHER_SET 131
+# define EVP_R_NO_DIGEST_SET 139
+# define EVP_R_NO_DSA_PARAMETERS 116
+# define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104
+# define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
+# define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117
+# define EVP_R_PUBLIC_KEY_NOT_RSA 106
+# define EVP_R_UNKNOWN_OPTION 149
+# define EVP_R_UNKNOWN_PBE_ALGORITHM 121
+# define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135
+# define EVP_R_UNSUPPORTED_CIPHER 107
+# define EVP_R_UNSUPPORTED_KEYLENGTH 123
+# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124
+# define EVP_R_UNSUPPORTED_KEY_SIZE 108
+# define EVP_R_UNSUPPORTED_PRF 125
+# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118
+# define EVP_R_UNSUPPORTED_SALT_TYPE 126
+# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
+# define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
+# define EVP_R_SEED_KEY_SETUP_FAILED 162
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_acnf.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/evp_acnf.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_acnf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,73 +0,0 @@
-/* evp_acnf.c */
-/* Written by Stephen Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/conf.h>
-
-
-/* Load all algorithms and configure OpenSSL.
- * This function is called automatically when
- * OPENSSL_LOAD_CONF is set.
- */
-
-void OPENSSL_add_all_algorithms_conf(void)
- {
- OPENSSL_add_all_algorithms_noconf();
- OPENSSL_config(NULL);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_acnf.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/evp_acnf.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_acnf.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_acnf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,73 @@
+/* evp_acnf.c */
+/*
+ * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+
+/*
+ * Load all algorithms and configure OpenSSL. This function is called
+ * automatically when OPENSSL_LOAD_CONF is set.
+ */
+
+void OPENSSL_add_all_algorithms_conf(void)
+{
+ OPENSSL_add_all_algorithms_noconf();
+ OPENSSL_config(NULL);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_cnf.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/evp_cnf.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_cnf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,125 +0,0 @@
-/* evp_cnf.c */
-/* Written by Stephen Henson (steve at openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-/* Algorithm configuration module. */
-
-static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
- {
- int i;
- const char *oid_section;
- STACK_OF(CONF_VALUE) *sktmp;
- CONF_VALUE *oval;
- oid_section = CONF_imodule_get_value(md);
- if(!(sktmp = NCONF_get_section(cnf, oid_section)))
- {
- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
- return 0;
- }
- for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
- {
- oval = sk_CONF_VALUE_value(sktmp, i);
- if (!strcmp(oval->name, "fips_mode"))
- {
- int m;
- if (!X509V3_get_value_bool(oval, &m))
- {
- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
- return 0;
- }
- if (m > 0)
- {
-#ifdef OPENSSL_FIPS
- if (!FIPS_mode() && !FIPS_mode_set(1))
- {
- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_SETTING_FIPS_MODE);
- return 0;
- }
-#else
- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
- return 0;
-#endif
- }
- }
- else
- {
- EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
- ERR_add_error_data(4, "name=", oval->name,
- ", value=", oval->value);
- }
-
- }
- return 1;
- }
-
-void EVP_add_alg_module(void)
- {
- CONF_module_add("alg_section", alg_module_init, 0);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_cnf.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/evp_cnf.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_cnf.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_cnf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,118 @@
+/* evp_cnf.c */
+/*
+ * Written by Stephen Henson (steve at openssl.org) for the OpenSSL project
+ * 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+/* Algorithm configuration module. */
+
+static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+ int i;
+ const char *oid_section;
+ STACK_OF(CONF_VALUE) *sktmp;
+ CONF_VALUE *oval;
+ oid_section = CONF_imodule_get_value(md);
+ if (!(sktmp = NCONF_get_section(cnf, oid_section))) {
+ EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
+ return 0;
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+ oval = sk_CONF_VALUE_value(sktmp, i);
+ if (!strcmp(oval->name, "fips_mode")) {
+ int m;
+ if (!X509V3_get_value_bool(oval, &m)) {
+ EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
+ return 0;
+ }
+ if (m > 0) {
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode() && !FIPS_mode_set(1)) {
+ EVPerr(EVP_F_ALG_MODULE_INIT,
+ EVP_R_ERROR_SETTING_FIPS_MODE);
+ return 0;
+ }
+#else
+ EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
+ return 0;
+#endif
+ }
+ } else {
+ EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
+ ERR_add_error_data(4, "name=", oval->name,
+ ", value=", oval->value);
+ }
+
+ }
+ return 1;
+}
+
+void EVP_add_alg_module(void)
+{
+ CONF_module_add("alg_section", alg_module_init, 0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/evp_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,447 +0,0 @@
-/* crypto/evp/evp_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include "../constant_time_locl.h"
-#include "evp_locl.h"
-
-#ifdef OPENSSL_FIPS
- #define M_do_cipher(ctx, out, in, inl) \
- EVP_Cipher(ctx,out,in,inl)
-#else
- #define M_do_cipher(ctx, out, in, inl) \
- ctx->cipher->do_cipher(ctx,out,in,inl)
-#endif
-
-const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
-
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
- {
- EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
- if (ctx)
- EVP_CIPHER_CTX_init(ctx);
- return ctx;
- }
-
-int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv, int enc)
- {
- if (cipher)
- EVP_CIPHER_CTX_init(ctx);
- return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
- }
-
-int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl)
- {
- if (ctx->encrypt)
- return EVP_EncryptUpdate(ctx,out,outl,in,inl);
- else return EVP_DecryptUpdate(ctx,out,outl,in,inl);
- }
-
-int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
- {
- if (ctx->encrypt)
- return EVP_EncryptFinal_ex(ctx,out,outl);
- else return EVP_DecryptFinal_ex(ctx,out,outl);
- }
-
-int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
- {
- if (ctx->encrypt)
- return EVP_EncryptFinal(ctx,out,outl);
- else return EVP_DecryptFinal(ctx,out,outl);
- }
-
-int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv)
- {
- return EVP_CipherInit(ctx, cipher, key, iv, 1);
- }
-
-int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
- const unsigned char *key, const unsigned char *iv)
- {
- return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
- }
-
-int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv)
- {
- return EVP_CipherInit(ctx, cipher, key, iv, 0);
- }
-
-int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
- const unsigned char *key, const unsigned char *iv)
- {
- return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
- }
-
-int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl)
- {
- int i,j,bl;
-
- if (inl <= 0)
- {
- *outl = 0;
- return inl == 0;
- }
-
- if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
- {
- if(M_do_cipher(ctx,out,in,inl))
- {
- *outl=inl;
- return 1;
- }
- else
- {
- *outl=0;
- return 0;
- }
- }
- i=ctx->buf_len;
- bl=ctx->cipher->block_size;
- OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
- if (i != 0)
- {
- if (i+inl < bl)
- {
- memcpy(&(ctx->buf[i]),in,inl);
- ctx->buf_len+=inl;
- *outl=0;
- return 1;
- }
- else
- {
- j=bl-i;
- memcpy(&(ctx->buf[i]),in,j);
- if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
- inl-=j;
- in+=j;
- out+=bl;
- *outl=bl;
- }
- }
- else
- *outl = 0;
- i=inl&(bl-1);
- inl-=i;
- if (inl > 0)
- {
- if(!M_do_cipher(ctx,out,in,inl)) return 0;
- *outl+=inl;
- }
-
- if (i != 0)
- memcpy(ctx->buf,&(in[inl]),i);
- ctx->buf_len=i;
- return 1;
- }
-
-int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
- {
- int ret;
- ret = EVP_EncryptFinal_ex(ctx, out, outl);
- return ret;
- }
-
-int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
- {
- int n,ret;
- unsigned int i, b, bl;
-
- b=ctx->cipher->block_size;
- OPENSSL_assert(b <= sizeof ctx->buf);
- if (b == 1)
- {
- *outl=0;
- return 1;
- }
- bl=ctx->buf_len;
- if (ctx->flags & EVP_CIPH_NO_PADDING)
- {
- if(bl)
- {
- EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
- return 0;
- }
- *outl = 0;
- return 1;
- }
-
- n=b-bl;
- for (i=bl; i<b; i++)
- ctx->buf[i]=n;
- ret=M_do_cipher(ctx,out,ctx->buf,b);
-
-
- if(ret)
- *outl=b;
-
- return ret;
- }
-
-int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
- const unsigned char *in, int inl)
- {
- int fix_len;
- unsigned int b;
-
- if (inl <= 0)
- {
- *outl = 0;
- return inl == 0;
- }
-
- if (ctx->flags & EVP_CIPH_NO_PADDING)
- return EVP_EncryptUpdate(ctx, out, outl, in, inl);
-
- b=ctx->cipher->block_size;
- OPENSSL_assert(b <= sizeof ctx->final);
-
- if(ctx->final_used)
- {
- memcpy(out,ctx->final,b);
- out+=b;
- fix_len = 1;
- }
- else
- fix_len = 0;
-
-
- if(!EVP_EncryptUpdate(ctx,out,outl,in,inl))
- return 0;
-
- /* if we have 'decrypted' a multiple of block size, make sure
- * we have a copy of this last block */
- if (b > 1 && !ctx->buf_len)
- {
- *outl-=b;
- ctx->final_used=1;
- memcpy(ctx->final,&out[*outl],b);
- }
- else
- ctx->final_used = 0;
-
- if (fix_len)
- *outl += b;
-
- return 1;
- }
-
-int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
- {
- int ret;
- ret = EVP_DecryptFinal_ex(ctx, out, outl);
- return ret;
- }
-
-int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
- {
- unsigned int i, b;
- unsigned char pad, padding_good;
-
- *outl=0;
- b=(unsigned int)(ctx->cipher->block_size);
- if (ctx->flags & EVP_CIPH_NO_PADDING)
- {
- if(ctx->buf_len)
- {
- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
- return 0;
- }
- *outl = 0;
- return 1;
- }
- if (b > 1)
- {
- if (ctx->buf_len || !ctx->final_used)
- {
- EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
- return(0);
- }
- OPENSSL_assert(b <= sizeof ctx->final);
- pad=ctx->final[b-1];
-
- padding_good = (unsigned char)(~constant_time_is_zero_8(pad));
- padding_good &= constant_time_ge_8(b, pad);
-
- for (i = 1; i < b; ++i)
- {
- unsigned char is_pad_index = constant_time_lt_8(i, pad);
- unsigned char pad_byte_good = constant_time_eq_8(ctx->final[b-i-1], pad);
- padding_good &= constant_time_select_8(is_pad_index, pad_byte_good, 0xff);
- }
-
- /*
- * At least 1 byte is always padding, so we always write b - 1
- * bytes to avoid a timing leak. The caller is required to have |b|
- * bytes space in |out| by the API contract.
- */
- for (i = 0; i < b - 1; ++i)
- out[i] = ctx->final[i] & padding_good;
- /* Safe cast: for a good padding, EVP_MAX_IV_LENGTH >= b >= pad */
- *outl = padding_good & ((unsigned char)(b - pad));
- return padding_good & 1;
- }
- else
- {
- *outl = 0;
- return 1;
- }
- }
-
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
- {
- if (ctx)
- {
- EVP_CIPHER_CTX_cleanup(ctx);
- OPENSSL_free(ctx);
- }
- }
-
-int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
- {
- if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
- return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
- if(c->key_len == keylen) return 1;
- if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH))
- {
- c->key_len = keylen;
- return 1;
- }
- EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
- return 0;
- }
-
-int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
- {
- if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING;
- else ctx->flags |= EVP_CIPH_NO_PADDING;
- return 1;
- }
-
-int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
- {
- if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
- return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
- if (RAND_bytes(key, ctx->key_len) <= 0)
- return 0;
- return 1;
- }
-
-#ifndef OPENSSL_NO_ENGINE
-
-#ifdef OPENSSL_FIPS
-
-static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
- {
- if(impl)
- {
- if (!ENGINE_init(impl))
- {
- EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- }
- else
- /* Ask if an ENGINE is reserved for this job */
- impl = ENGINE_get_cipher_engine((*pcipher)->nid);
- if(impl)
- {
- /* There's an ENGINE for this job ... (apparently) */
- const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
- if(!c)
- {
- /* One positive side-effect of US's export
- * control history, is that we should at least
- * be able to avoid using US mispellings of
- * "initialisation"? */
- EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
- return 0;
- }
- /* We'll use the ENGINE's private cipher definition */
- *pcipher = c;
- /* Store the ENGINE functional reference so we know
- * 'cipher' came from an ENGINE and we need to release
- * it when done. */
- ctx->engine = impl;
- }
- else
- ctx->engine = NULL;
- return 1;
- }
-
-void int_EVP_CIPHER_init_engine_callbacks(void)
- {
- int_EVP_CIPHER_set_engine_callbacks(
- ENGINE_finish, do_evp_enc_engine_full);
- }
-
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/evp_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,420 @@
+/* crypto/evp/evp_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include "evp_locl.h"
+
+#ifdef OPENSSL_FIPS
+# define M_do_cipher(ctx, out, in, inl) \
+ EVP_Cipher(ctx,out,in,inl)
+#else
+# define M_do_cipher(ctx, out, in, inl) \
+ ctx->cipher->do_cipher(ctx,out,in,inl)
+#endif
+
+const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT;
+
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
+{
+ EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+ if (ctx)
+ EVP_CIPHER_CTX_init(ctx);
+ return ctx;
+}
+
+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ const unsigned char *key, const unsigned char *iv, int enc)
+{
+ if (cipher)
+ EVP_CIPHER_CTX_init(ctx);
+ return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
+}
+
+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl)
+{
+ if (ctx->encrypt)
+ return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+ else
+ return EVP_DecryptUpdate(ctx, out, outl, in, inl);
+}
+
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ if (ctx->encrypt)
+ return EVP_EncryptFinal_ex(ctx, out, outl);
+ else
+ return EVP_DecryptFinal_ex(ctx, out, outl);
+}
+
+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ if (ctx->encrypt)
+ return EVP_EncryptFinal(ctx, out, outl);
+ else
+ return EVP_DecryptFinal(ctx, out, outl);
+}
+
+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ const unsigned char *key, const unsigned char *iv)
+{
+ return EVP_CipherInit(ctx, cipher, key, iv, 1);
+}
+
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ ENGINE *impl, const unsigned char *key,
+ const unsigned char *iv)
+{
+ return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
+}
+
+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ const unsigned char *key, const unsigned char *iv)
+{
+ return EVP_CipherInit(ctx, cipher, key, iv, 0);
+}
+
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ ENGINE *impl, const unsigned char *key,
+ const unsigned char *iv)
+{
+ return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
+}
+
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl)
+{
+ int i, j, bl;
+
+ if (inl <= 0) {
+ *outl = 0;
+ return inl == 0;
+ }
+
+ if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
+ if (M_do_cipher(ctx, out, in, inl)) {
+ *outl = inl;
+ return 1;
+ } else {
+ *outl = 0;
+ return 0;
+ }
+ }
+ i = ctx->buf_len;
+ bl = ctx->cipher->block_size;
+ OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
+ if (i != 0) {
+ if (i + inl < bl) {
+ memcpy(&(ctx->buf[i]), in, inl);
+ ctx->buf_len += inl;
+ *outl = 0;
+ return 1;
+ } else {
+ j = bl - i;
+ memcpy(&(ctx->buf[i]), in, j);
+ if (!M_do_cipher(ctx, out, ctx->buf, bl))
+ return 0;
+ inl -= j;
+ in += j;
+ out += bl;
+ *outl = bl;
+ }
+ } else
+ *outl = 0;
+ i = inl & (bl - 1);
+ inl -= i;
+ if (inl > 0) {
+ if (!M_do_cipher(ctx, out, in, inl))
+ return 0;
+ *outl += inl;
+ }
+
+ if (i != 0)
+ memcpy(ctx->buf, &(in[inl]), i);
+ ctx->buf_len = i;
+ return 1;
+}
+
+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ int ret;
+ ret = EVP_EncryptFinal_ex(ctx, out, outl);
+ return ret;
+}
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ int n, ret;
+ unsigned int i, b, bl;
+
+ b = ctx->cipher->block_size;
+ OPENSSL_assert(b <= sizeof ctx->buf);
+ if (b == 1) {
+ *outl = 0;
+ return 1;
+ }
+ bl = ctx->buf_len;
+ if (ctx->flags & EVP_CIPH_NO_PADDING) {
+ if (bl) {
+ EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
+ EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+ return 0;
+ }
+ *outl = 0;
+ return 1;
+ }
+
+ n = b - bl;
+ for (i = bl; i < b; i++)
+ ctx->buf[i] = n;
+ ret = M_do_cipher(ctx, out, ctx->buf, b);
+
+ if (ret)
+ *outl = b;
+
+ return ret;
+}
+
+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+ const unsigned char *in, int inl)
+{
+ int fix_len;
+ unsigned int b;
+
+ if (inl <= 0) {
+ *outl = 0;
+ return inl == 0;
+ }
+
+ if (ctx->flags & EVP_CIPH_NO_PADDING)
+ return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+
+ b = ctx->cipher->block_size;
+ OPENSSL_assert(b <= sizeof ctx->final);
+
+ if (ctx->final_used) {
+ memcpy(out, ctx->final, b);
+ out += b;
+ fix_len = 1;
+ } else
+ fix_len = 0;
+
+ if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
+ return 0;
+
+ /*
+ * if we have 'decrypted' a multiple of block size, make sure we have a
+ * copy of this last block
+ */
+ if (b > 1 && !ctx->buf_len) {
+ *outl -= b;
+ ctx->final_used = 1;
+ memcpy(ctx->final, &out[*outl], b);
+ } else
+ ctx->final_used = 0;
+
+ if (fix_len)
+ *outl += b;
+
+ return 1;
+}
+
+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ int ret;
+ ret = EVP_DecryptFinal_ex(ctx, out, outl);
+ return ret;
+}
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ int i, n;
+ unsigned int b;
+
+ *outl = 0;
+ b = ctx->cipher->block_size;
+ if (ctx->flags & EVP_CIPH_NO_PADDING) {
+ if (ctx->buf_len) {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
+ EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+ return 0;
+ }
+ *outl = 0;
+ return 1;
+ }
+ if (b > 1) {
+ if (ctx->buf_len || !ctx->final_used) {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+ return (0);
+ }
+ OPENSSL_assert(b <= sizeof ctx->final);
+ n = ctx->final[b - 1];
+ if (n == 0 || n > (int)b) {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+ return (0);
+ }
+ for (i = 0; i < n; i++) {
+ if (ctx->final[--b] != n) {
+ EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+ return (0);
+ }
+ }
+ n = ctx->cipher->block_size - n;
+ for (i = 0; i < n; i++)
+ out[i] = ctx->final[i];
+ *outl = n;
+ } else
+ *outl = 0;
+ return (1);
+}
+
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+{
+ if (ctx) {
+ EVP_CIPHER_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
+}
+
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
+{
+ if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
+ return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
+ if (c->key_len == keylen)
+ return 1;
+ if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
+ c->key_len = keylen;
+ return 1;
+ }
+ EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
+ return 0;
+}
+
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
+{
+ if (pad)
+ ctx->flags &= ~EVP_CIPH_NO_PADDING;
+ else
+ ctx->flags |= EVP_CIPH_NO_PADDING;
+ return 1;
+}
+
+int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
+{
+ if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
+ return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
+ if (RAND_bytes(key, ctx->key_len) <= 0)
+ return 0;
+ return 1;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+
+# ifdef OPENSSL_FIPS
+
+static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx,
+ const EVP_CIPHER **pcipher, ENGINE *impl)
+{
+ if (impl) {
+ if (!ENGINE_init(impl)) {
+ EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ } else
+ /* Ask if an ENGINE is reserved for this job */
+ impl = ENGINE_get_cipher_engine((*pcipher)->nid);
+ if (impl) {
+ /* There's an ENGINE for this job ... (apparently) */
+ const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
+ if (!c) {
+ /*
+ * One positive side-effect of US's export control history, is
+ * that we should at least be able to avoid using US mispellings
+ * of "initialisation"?
+ */
+ EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
+ return 0;
+ }
+ /* We'll use the ENGINE's private cipher definition */
+ *pcipher = c;
+ /*
+ * Store the ENGINE functional reference so we know 'cipher' came
+ * from an ENGINE and we need to release it when done.
+ */
+ ctx->engine = impl;
+ } else
+ ctx->engine = NULL;
+ return 1;
+}
+
+void int_EVP_CIPHER_init_engine_callbacks(void)
+{
+ int_EVP_CIPHER_set_engine_callbacks(ENGINE_finish,
+ do_evp_enc_engine_full);
+}
+
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/evp_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,188 +0,0 @@
-/* crypto/evp/evp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
-
-static ERR_STRING_DATA EVP_str_functs[]=
- {
-{ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
-{ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
-{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
-{ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
-{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"},
-{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"},
-{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"},
-{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"},
-{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
-{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"},
-{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
-{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
-{ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"},
-{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
-{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
-{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
-{ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
-{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
-{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
-{ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
-{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"},
-{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
-{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
-{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
-{ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
-{ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
-{ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
-{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
-{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
-{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
-{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
-{ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA EVP_str_reasons[]=
- {
-{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) ,"aes key setup failed"},
-{ERR_REASON(EVP_R_ASN1_LIB) ,"asn1 lib"},
-{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) ,"bad block length"},
-{ERR_REASON(EVP_R_BAD_DECRYPT) ,"bad decrypt"},
-{ERR_REASON(EVP_R_BAD_KEY_LENGTH) ,"bad key length"},
-{ERR_REASON(EVP_R_BN_DECODE_ERROR) ,"bn decode error"},
-{ERR_REASON(EVP_R_BN_PUBKEY_ERROR) ,"bn pubkey error"},
-{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"},
-{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
-{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) ,"ctrl not implemented"},
-{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
-{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
-{ERR_REASON(EVP_R_DECODE_ERROR) ,"decode error"},
-{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) ,"different key types"},
-{ERR_REASON(EVP_R_DISABLED_FOR_FIPS) ,"disabled for fips"},
-{ERR_REASON(EVP_R_ENCODE_ERROR) ,"encode error"},
-{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
-{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
-{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
-{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) ,"expecting an rsa key"},
-{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) ,"expecting a dh key"},
-{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) ,"expecting a dsa key"},
-{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
-{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) ,"expecting a ec key"},
-{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
-{ERR_REASON(EVP_R_INITIALIZATION_ERROR) ,"initialization error"},
-{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
-{ERR_REASON(EVP_R_INVALID_FIPS_MODE) ,"invalid fips mode"},
-{ERR_REASON(EVP_R_INVALID_KEY_LENGTH) ,"invalid key length"},
-{ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"},
-{ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"},
-{ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"},
-{ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"},
-{ERR_REASON(EVP_R_NO_DIGEST_SET) ,"no digest set"},
-{ERR_REASON(EVP_R_NO_DSA_PARAMETERS) ,"no dsa parameters"},
-{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
-{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
-{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
-{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
-{ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"},
-{ERR_REASON(EVP_R_UNKNOWN_OPTION) ,"unknown option"},
-{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
-{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
-{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
-{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},
-{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},
-{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) ,"unsupported key size"},
-{ERR_REASON(EVP_R_UNSUPPORTED_PRF) ,"unsupported prf"},
-{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"},
-{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"},
-{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"},
-{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_EVP_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(EVP_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,EVP_str_functs);
- ERR_load_strings(0,EVP_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/evp_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,196 @@
+/* crypto/evp/evp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
+
+static ERR_STRING_DATA EVP_str_functs[] = {
+ {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
+ {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
+ {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
+ {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
+ {ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"},
+ {ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"},
+ {ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"},
+ {ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"},
+ {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
+ {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
+ {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
+ {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
+ {ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"},
+ {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
+ {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
+ {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
+ "EVP_CIPHER_CTX_set_key_length"},
+ {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
+ {ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"},
+ {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
+ {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
+ {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
+ {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
+ {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
+ {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
+ {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
+ {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"},
+ {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
+ {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
+ {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"},
+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"},
+ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
+ {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
+ {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
+ {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
+ {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
+ {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
+ {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
+ {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
+ {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
+ {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA EVP_str_reasons[] = {
+ {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"},
+ {ERR_REASON(EVP_R_ASN1_LIB), "asn1 lib"},
+ {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH), "bad block length"},
+ {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"},
+ {ERR_REASON(EVP_R_BAD_KEY_LENGTH), "bad key length"},
+ {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"},
+ {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"},
+ {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),
+ "camellia key setup failed"},
+ {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"},
+ {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"},
+ {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),
+ "ctrl operation not implemented"},
+ {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),
+ "data not multiple of block length"},
+ {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"},
+ {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"},
+ {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for fips"},
+ {ERR_REASON(EVP_R_ENCODE_ERROR), "encode error"},
+ {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
+ {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
+ {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"},
+ {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"},
+ {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
+ {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"},
+ {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"},
+ {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
+ {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
+ {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"},
+ {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
+ {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+ {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
+ {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"},
+ {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"},
+ {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"},
+ {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"},
+ {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"},
+ {ERR_REASON(EVP_R_NO_DSA_PARAMETERS), "no dsa parameters"},
+ {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),
+ "no sign function configured"},
+ {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),
+ "no verify function configured"},
+ {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),
+ "pkcs8 unknown broken type"},
+ {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
+ {ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED), "seed key setup failed"},
+ {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
+ {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"},
+ {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),
+ "unsuported number of rounds"},
+ {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+ {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"},
+ {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),
+ "unsupported key derivation function"},
+ {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"},
+ {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"},
+ {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),
+ "unsupported private key algorithm"},
+ {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"},
+ {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"},
+ {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_EVP_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, EVP_str_functs);
+ ERR_load_strings(0, EVP_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_key.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/evp_key.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,175 +0,0 @@
-/* crypto/evp/evp_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/ui.h>
-
-/* should be init to zeros. */
-static char prompt_string[80];
-
-void EVP_set_pw_prompt(const char *prompt)
- {
- if (prompt == NULL)
- prompt_string[0]='\0';
- else
- {
- strncpy(prompt_string,prompt,79);
- prompt_string[79]='\0';
- }
- }
-
-char *EVP_get_pw_prompt(void)
- {
- if (prompt_string[0] == '\0')
- return(NULL);
- else
- return(prompt_string);
- }
-
-/* For historical reasons, the standard function for reading passwords is
- * in the DES library -- if someone ever wants to disable DES,
- * this function will fail */
-int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
- {
- int ret;
- char buff[BUFSIZ];
- UI *ui;
-
- if ((prompt == NULL) && (prompt_string[0] != '\0'))
- prompt=prompt_string;
- ui = UI_new();
- UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
- if (verify)
- UI_add_verify_string(ui,prompt,0,
- buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
- ret = UI_process(ui);
- UI_free(ui);
- OPENSSL_cleanse(buff,BUFSIZ);
- return ret;
- }
-
-int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
- const unsigned char *salt, const unsigned char *data, int datal,
- int count, unsigned char *key, unsigned char *iv)
- {
- EVP_MD_CTX c;
- unsigned char md_buf[EVP_MAX_MD_SIZE];
- int niv,nkey,addmd=0;
- unsigned int mds=0,i;
-
- nkey=type->key_len;
- niv=type->iv_len;
- OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
- OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
-
- if (data == NULL) return(nkey);
-
- EVP_MD_CTX_init(&c);
- for (;;)
- {
- if (!EVP_DigestInit_ex(&c,md, NULL))
- return 0;
- if (addmd++)
- EVP_DigestUpdate(&c,&(md_buf[0]),mds);
- EVP_DigestUpdate(&c,data,datal);
- if (salt != NULL)
- EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
- EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
-
- for (i=1; i<(unsigned int)count; i++)
- {
- EVP_DigestInit_ex(&c,md, NULL);
- EVP_DigestUpdate(&c,&(md_buf[0]),mds);
- EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
- }
- i=0;
- if (nkey)
- {
- for (;;)
- {
- if (nkey == 0) break;
- if (i == mds) break;
- if (key != NULL)
- *(key++)=md_buf[i];
- nkey--;
- i++;
- }
- }
- if (niv && (i != mds))
- {
- for (;;)
- {
- if (niv == 0) break;
- if (i == mds) break;
- if (iv != NULL)
- *(iv++)=md_buf[i];
- niv--;
- i++;
- }
- }
- if ((nkey == 0) && (niv == 0)) break;
- }
- EVP_MD_CTX_cleanup(&c);
- OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
- return(type->key_len);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_key.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/evp_key.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_key.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,178 @@
+/* crypto/evp/evp_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/ui.h>
+
+/* should be init to zeros. */
+static char prompt_string[80];
+
+void EVP_set_pw_prompt(const char *prompt)
+{
+ if (prompt == NULL)
+ prompt_string[0] = '\0';
+ else {
+ strncpy(prompt_string, prompt, 79);
+ prompt_string[79] = '\0';
+ }
+}
+
+char *EVP_get_pw_prompt(void)
+{
+ if (prompt_string[0] == '\0')
+ return (NULL);
+ else
+ return (prompt_string);
+}
+
+/*
+ * For historical reasons, the standard function for reading passwords is in
+ * the DES library -- if someone ever wants to disable DES, this function
+ * will fail
+ */
+int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
+{
+ int ret;
+ char buff[BUFSIZ];
+ UI *ui;
+
+ if ((prompt == NULL) && (prompt_string[0] != '\0'))
+ prompt = prompt_string;
+ ui = UI_new();
+ UI_add_input_string(ui, prompt, 0, buf, 0,
+ (len >= BUFSIZ) ? BUFSIZ - 1 : len);
+ if (verify)
+ UI_add_verify_string(ui, prompt, 0,
+ buff, 0, (len >= BUFSIZ) ? BUFSIZ - 1 : len,
+ buf);
+ ret = UI_process(ui);
+ UI_free(ui);
+ OPENSSL_cleanse(buff, BUFSIZ);
+ return ret;
+}
+
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+ const unsigned char *salt, const unsigned char *data,
+ int datal, int count, unsigned char *key,
+ unsigned char *iv)
+{
+ EVP_MD_CTX c;
+ unsigned char md_buf[EVP_MAX_MD_SIZE];
+ int niv, nkey, addmd = 0;
+ unsigned int mds = 0, i;
+
+ nkey = type->key_len;
+ niv = type->iv_len;
+ OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+ OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
+
+ if (data == NULL)
+ return (nkey);
+
+ EVP_MD_CTX_init(&c);
+ for (;;) {
+ if (!EVP_DigestInit_ex(&c, md, NULL))
+ return 0;
+ if (addmd++)
+ EVP_DigestUpdate(&c, &(md_buf[0]), mds);
+ EVP_DigestUpdate(&c, data, datal);
+ if (salt != NULL)
+ EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN);
+ EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds);
+
+ for (i = 1; i < (unsigned int)count; i++) {
+ EVP_DigestInit_ex(&c, md, NULL);
+ EVP_DigestUpdate(&c, &(md_buf[0]), mds);
+ EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds);
+ }
+ i = 0;
+ if (nkey) {
+ for (;;) {
+ if (nkey == 0)
+ break;
+ if (i == mds)
+ break;
+ if (key != NULL)
+ *(key++) = md_buf[i];
+ nkey--;
+ i++;
+ }
+ }
+ if (niv && (i != mds)) {
+ for (;;) {
+ if (niv == 0)
+ break;
+ if (i == mds)
+ break;
+ if (iv != NULL)
+ *(iv++) = md_buf[i];
+ niv--;
+ i++;
+ }
+ }
+ if ((nkey == 0) && (niv == 0))
+ break;
+ }
+ EVP_MD_CTX_cleanup(&c);
+ OPENSSL_cleanse(&(md_buf[0]), EVP_MAX_MD_SIZE);
+ return (type->key_len);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/evp_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,284 +0,0 @@
-/* crypto/evp/evp_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
- {
- int ret;
-
- if (c->cipher->set_asn1_parameters != NULL)
- ret=c->cipher->set_asn1_parameters(c,type);
- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
- ret=EVP_CIPHER_set_asn1_iv(c, type);
- else
- ret=-1;
- return(ret);
- }
-
-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
- {
- int ret;
-
- if (c->cipher->get_asn1_parameters != NULL)
- ret=c->cipher->get_asn1_parameters(c,type);
- else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
- ret=EVP_CIPHER_get_asn1_iv(c, type);
- else
- ret=-1;
- return(ret);
- }
-
-int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
- {
- int i=0;
- unsigned int l;
-
- if (type != NULL)
- {
- l=EVP_CIPHER_CTX_iv_length(c);
- OPENSSL_assert(l <= sizeof(c->iv));
- i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
- if (i != (int)l)
- return(-1);
- else if (i > 0)
- memcpy(c->iv,c->oiv,l);
- }
- return(i);
- }
-
-int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
- {
- int i=0;
- unsigned int j;
-
- if (type != NULL)
- {
- j=EVP_CIPHER_CTX_iv_length(c);
- OPENSSL_assert(j <= sizeof(c->iv));
- i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
- }
- return(i);
- }
-
-/* Convert the various cipher NIDs and dummies to a proper OID NID */
-int EVP_CIPHER_type(const EVP_CIPHER *ctx)
-{
- int nid;
- ASN1_OBJECT *otmp;
- nid = EVP_CIPHER_nid(ctx);
-
- switch(nid) {
-
- case NID_rc2_cbc:
- case NID_rc2_64_cbc:
- case NID_rc2_40_cbc:
-
- return NID_rc2_cbc;
-
- case NID_rc4:
- case NID_rc4_40:
-
- return NID_rc4;
-
- case NID_aes_128_cfb128:
- case NID_aes_128_cfb8:
- case NID_aes_128_cfb1:
-
- return NID_aes_128_cfb128;
-
- case NID_aes_192_cfb128:
- case NID_aes_192_cfb8:
- case NID_aes_192_cfb1:
-
- return NID_aes_192_cfb128;
-
- case NID_aes_256_cfb128:
- case NID_aes_256_cfb8:
- case NID_aes_256_cfb1:
-
- return NID_aes_256_cfb128;
-
- case NID_des_cfb64:
- case NID_des_cfb8:
- case NID_des_cfb1:
-
- return NID_des_cfb64;
-
- case NID_des_ede3_cfb64:
- case NID_des_ede3_cfb8:
- case NID_des_ede3_cfb1:
-
- return NID_des_cfb64;
-
- default:
- /* Check it has an OID and it is valid */
- otmp = OBJ_nid2obj(nid);
- if(!otmp || !otmp->data) nid = NID_undef;
- ASN1_OBJECT_free(otmp);
- return nid;
- }
-}
-
-int EVP_CIPHER_block_size(const EVP_CIPHER *e)
- {
- return e->block_size;
- }
-
-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
- {
- return ctx->cipher->block_size;
- }
-
-const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
- {
- return ctx->cipher;
- }
-
-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
- {
- return cipher->flags;
- }
-
-void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
- {
- return ctx->app_data;
- }
-
-void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
- {
- ctx->app_data = data;
- }
-
-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
- {
- return cipher->iv_len;
- }
-
-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
- {
- return cipher->key_len;
- }
-
-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
- {
- return ctx->key_len;
- }
-
-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
- {
- return ctx->cipher->nid;
- }
-
-int EVP_MD_block_size(const EVP_MD *md)
- {
- return md->block_size;
- }
-
-int EVP_MD_type(const EVP_MD *md)
- {
- return md->type;
- }
-
-int EVP_MD_pkey_type(const EVP_MD *md)
- {
- return md->pkey_type;
- }
-
-int EVP_MD_size(const EVP_MD *md)
- {
- return md->md_size;
- }
-
-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
- {
- return ctx->digest;
- }
-
-void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
- {
- ctx->flags |= flags;
- }
-
-void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
- {
- ctx->flags &= ~flags;
- }
-
-int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
- {
- return (ctx->flags & flags);
- }
-
-void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
- {
- ctx->flags |= flags;
- }
-
-void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
- {
- ctx->flags &= ~flags;
- }
-
-int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
- {
- return (ctx->flags & flags);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/evp_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,283 @@
+/* crypto/evp/evp_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+ int ret;
+
+ if (c->cipher->set_asn1_parameters != NULL)
+ ret = c->cipher->set_asn1_parameters(c, type);
+ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
+ ret = EVP_CIPHER_set_asn1_iv(c, type);
+ else
+ ret = -1;
+ return (ret);
+}
+
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+ int ret;
+
+ if (c->cipher->get_asn1_parameters != NULL)
+ ret = c->cipher->get_asn1_parameters(c, type);
+ else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
+ ret = EVP_CIPHER_get_asn1_iv(c, type);
+ else
+ ret = -1;
+ return (ret);
+}
+
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+ int i = 0;
+ unsigned int l;
+
+ if (type != NULL) {
+ l = EVP_CIPHER_CTX_iv_length(c);
+ OPENSSL_assert(l <= sizeof(c->iv));
+ i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
+ if (i != (int)l)
+ return (-1);
+ else if (i > 0)
+ memcpy(c->iv, c->oiv, l);
+ }
+ return (i);
+}
+
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+ int i = 0;
+ unsigned int j;
+
+ if (type != NULL) {
+ j = EVP_CIPHER_CTX_iv_length(c);
+ OPENSSL_assert(j <= sizeof(c->iv));
+ i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
+ }
+ return (i);
+}
+
+/* Convert the various cipher NIDs and dummies to a proper OID NID */
+int EVP_CIPHER_type(const EVP_CIPHER *ctx)
+{
+ int nid;
+ ASN1_OBJECT *otmp;
+ nid = EVP_CIPHER_nid(ctx);
+
+ switch (nid) {
+
+ case NID_rc2_cbc:
+ case NID_rc2_64_cbc:
+ case NID_rc2_40_cbc:
+
+ return NID_rc2_cbc;
+
+ case NID_rc4:
+ case NID_rc4_40:
+
+ return NID_rc4;
+
+ case NID_aes_128_cfb128:
+ case NID_aes_128_cfb8:
+ case NID_aes_128_cfb1:
+
+ return NID_aes_128_cfb128;
+
+ case NID_aes_192_cfb128:
+ case NID_aes_192_cfb8:
+ case NID_aes_192_cfb1:
+
+ return NID_aes_192_cfb128;
+
+ case NID_aes_256_cfb128:
+ case NID_aes_256_cfb8:
+ case NID_aes_256_cfb1:
+
+ return NID_aes_256_cfb128;
+
+ case NID_des_cfb64:
+ case NID_des_cfb8:
+ case NID_des_cfb1:
+
+ return NID_des_cfb64;
+
+ case NID_des_ede3_cfb64:
+ case NID_des_ede3_cfb8:
+ case NID_des_ede3_cfb1:
+
+ return NID_des_cfb64;
+
+ default:
+ /* Check it has an OID and it is valid */
+ otmp = OBJ_nid2obj(nid);
+ if (!otmp || !otmp->data)
+ nid = NID_undef;
+ ASN1_OBJECT_free(otmp);
+ return nid;
+ }
+}
+
+int EVP_CIPHER_block_size(const EVP_CIPHER *e)
+{
+ return e->block_size;
+}
+
+int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
+{
+ return ctx->cipher->block_size;
+}
+
+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
+{
+ return ctx->cipher;
+}
+
+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
+{
+ return cipher->flags;
+}
+
+void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
+{
+ return ctx->app_data;
+}
+
+void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
+{
+ ctx->app_data = data;
+}
+
+int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
+{
+ return cipher->iv_len;
+}
+
+int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
+{
+ return cipher->key_len;
+}
+
+int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
+{
+ return ctx->key_len;
+}
+
+int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
+{
+ return ctx->cipher->nid;
+}
+
+int EVP_MD_block_size(const EVP_MD *md)
+{
+ return md->block_size;
+}
+
+int EVP_MD_type(const EVP_MD *md)
+{
+ return md->type;
+}
+
+int EVP_MD_pkey_type(const EVP_MD *md)
+{
+ return md->pkey_type;
+}
+
+int EVP_MD_size(const EVP_MD *md)
+{
+ return md->md_size;
+}
+
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
+{
+ return ctx->digest;
+}
+
+void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
+{
+ ctx->flags |= flags;
+}
+
+void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
+{
+ ctx->flags &= ~flags;
+}
+
+int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
+{
+ return (ctx->flags & flags);
+}
+
+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
+{
+ ctx->flags |= flags;
+}
+
+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
+{
+ ctx->flags &= ~flags;
+}
+
+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
+{
+ return (ctx->flags & flags);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/evp_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,252 +0,0 @@
-/* evp_locl.h */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* Macros to code block cipher wrappers */
-
-/* Wrapper functions for each cipher mode */
-
-#define BLOCK_CIPHER_ecb_loop() \
- unsigned int i, bl; \
- bl = ctx->cipher->block_size;\
- if(inl < bl) return 1;\
- inl -= bl; \
- for(i=0; i <= inl; i+=bl)
-
-#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
-static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
-{\
- BLOCK_CIPHER_ecb_loop() \
- cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\
- return 1;\
-}
-
-#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
-{\
- cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
- return 1;\
-}
-
-#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
-static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
-{\
- cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
- return 1;\
-}
-
-#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
-static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
-{\
- cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
- return 1;\
-}
-
-#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
- BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
- BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
- BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
- BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
-
-#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
- key_len, iv_len, flags, init_key, cleanup, \
- set_asn1, get_asn1, ctrl) \
-static const EVP_CIPHER cname##_##mode = { \
- nid##_##nmode, block_size, key_len, iv_len, \
- flags | EVP_CIPH_##MODE##_MODE, \
- init_key, \
- cname##_##mode##_cipher, \
- cleanup, \
- sizeof(kstruct), \
- set_asn1, get_asn1,\
- ctrl, \
- NULL \
-}; \
-const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
-
-#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
- iv_len, flags, init_key, cleanup, set_asn1, \
- get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
- iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
-
-#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
- iv_len, cbits, flags, init_key, cleanup, \
- set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
- key_len, iv_len, flags, init_key, cleanup, set_asn1, \
- get_asn1, ctrl)
-
-#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
- iv_len, cbits, flags, init_key, cleanup, \
- set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
- key_len, iv_len, flags, init_key, cleanup, set_asn1, \
- get_asn1, ctrl)
-
-#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
- flags, init_key, cleanup, set_asn1, \
- get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
- 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
-
-#define BLOCK_CIPHER_defs(cname, kstruct, \
- nid, block_size, key_len, iv_len, cbits, flags, \
- init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
- init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
- flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
- flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
- init_key, cleanup, set_asn1, get_asn1, ctrl)
-
-
-/*
-#define BLOCK_CIPHER_defs(cname, kstruct, \
- nid, block_size, key_len, iv_len, flags,\
- init_key, cleanup, set_asn1, get_asn1, ctrl)\
-static const EVP_CIPHER cname##_cbc = {\
- nid##_cbc, block_size, key_len, iv_len, \
- flags | EVP_CIPH_CBC_MODE,\
- init_key,\
- cname##_cbc_cipher,\
- cleanup,\
- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
- set_asn1, get_asn1,\
- ctrl, \
- NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
-static const EVP_CIPHER cname##_cfb = {\
- nid##_cfb64, 1, key_len, iv_len, \
- flags | EVP_CIPH_CFB_MODE,\
- init_key,\
- cname##_cfb_cipher,\
- cleanup,\
- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
- set_asn1, get_asn1,\
- ctrl,\
- NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
-static const EVP_CIPHER cname##_ofb = {\
- nid##_ofb64, 1, key_len, iv_len, \
- flags | EVP_CIPH_OFB_MODE,\
- init_key,\
- cname##_ofb_cipher,\
- cleanup,\
- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
- set_asn1, get_asn1,\
- ctrl,\
- NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
-static const EVP_CIPHER cname##_ecb = {\
- nid##_ecb, block_size, key_len, iv_len, \
- flags | EVP_CIPH_ECB_MODE,\
- init_key,\
- cname##_ecb_cipher,\
- cleanup,\
- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
- set_asn1, get_asn1,\
- ctrl,\
- NULL \
-};\
-const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
-*/
-
-#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
- block_size, key_len, iv_len, cbits, \
- flags, init_key, \
- cleanup, set_asn1, get_asn1, ctrl) \
- BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
- BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
- cbits, flags, init_key, cleanup, set_asn1, \
- get_asn1, ctrl)
-
-#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data)
-
-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
- BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
- BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
- NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
- (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
- cipher##_init_key, NULL, NULL, NULL, NULL)
-
-#ifdef OPENSSL_FIPS
-#define RC2_set_key private_RC2_set_key
-#define RC4_set_key private_RC4_set_key
-#define CAST_set_key private_CAST_set_key
-#define RC5_32_set_key private_RC5_32_set_key
-#define BF_set_key private_BF_set_key
-#define Camellia_set_key private_Camellia_set_key
-#define idea_set_encrypt_key private_idea_set_encrypt_key
-
-#define MD5_Init private_MD5_Init
-#define MD4_Init private_MD4_Init
-#define MD2_Init private_MD2_Init
-#define MDC2_Init private_MDC2_Init
-#define SHA_Init private_SHA_Init
-
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/evp_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,251 @@
+/* evp_locl.h */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* Macros to code block cipher wrappers */
+
+/* Wrapper functions for each cipher mode */
+
+#define BLOCK_CIPHER_ecb_loop() \
+ unsigned int i, bl; \
+ bl = ctx->cipher->block_size;\
+ if(inl < bl) return 1;\
+ inl -= bl; \
+ for(i=0; i <= inl; i+=bl)
+
+#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+ BLOCK_CIPHER_ecb_loop() \
+ cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\
+ return 1;\
+}
+
+#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
+static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+ cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
+ return 1;\
+}
+
+#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+ cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
+ return 1;\
+}
+
+#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+ cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
+ return 1;\
+}
+
+#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+ BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+ BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+ BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+ BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
+
+#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
+ key_len, iv_len, flags, init_key, cleanup, \
+ set_asn1, get_asn1, ctrl) \
+static const EVP_CIPHER cname##_##mode = { \
+ nid##_##nmode, block_size, key_len, iv_len, \
+ flags | EVP_CIPH_##MODE##_MODE, \
+ init_key, \
+ cname##_##mode##_cipher, \
+ cleanup, \
+ sizeof(kstruct), \
+ set_asn1, get_asn1,\
+ ctrl, \
+ NULL \
+}; \
+const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
+
+#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
+ iv_len, flags, init_key, cleanup, set_asn1, \
+ get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
+ iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
+ iv_len, cbits, flags, init_key, cleanup, \
+ set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
+ key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+ get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
+ iv_len, cbits, flags, init_key, cleanup, \
+ set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
+ key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+ get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
+ flags, init_key, cleanup, set_asn1, \
+ get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
+ 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+ nid, block_size, key_len, iv_len, cbits, flags, \
+ init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+ init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
+ flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
+ flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
+ init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+/*-
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+ nid, block_size, key_len, iv_len, flags,\
+ init_key, cleanup, set_asn1, get_asn1, ctrl)\
+static const EVP_CIPHER cname##_cbc = {\
+ nid##_cbc, block_size, key_len, iv_len, \
+ flags | EVP_CIPH_CBC_MODE,\
+ init_key,\
+ cname##_cbc_cipher,\
+ cleanup,\
+ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+ set_asn1, get_asn1,\
+ ctrl, \
+ NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
+static const EVP_CIPHER cname##_cfb = {\
+ nid##_cfb64, 1, key_len, iv_len, \
+ flags | EVP_CIPH_CFB_MODE,\
+ init_key,\
+ cname##_cfb_cipher,\
+ cleanup,\
+ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+ set_asn1, get_asn1,\
+ ctrl,\
+ NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
+static const EVP_CIPHER cname##_ofb = {\
+ nid##_ofb64, 1, key_len, iv_len, \
+ flags | EVP_CIPH_OFB_MODE,\
+ init_key,\
+ cname##_ofb_cipher,\
+ cleanup,\
+ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+ set_asn1, get_asn1,\
+ ctrl,\
+ NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
+static const EVP_CIPHER cname##_ecb = {\
+ nid##_ecb, block_size, key_len, iv_len, \
+ flags | EVP_CIPH_ECB_MODE,\
+ init_key,\
+ cname##_ecb_cipher,\
+ cleanup,\
+ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+ set_asn1, get_asn1,\
+ ctrl,\
+ NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
+*/
+
+#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
+ block_size, key_len, iv_len, cbits, \
+ flags, init_key, \
+ cleanup, set_asn1, get_asn1, ctrl) \
+ BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+ BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
+ cbits, flags, init_key, cleanup, set_asn1, \
+ get_asn1, ctrl)
+
+#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data)
+
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
+ BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
+ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
+ NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
+ (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
+ cipher##_init_key, NULL, NULL, NULL, NULL)
+
+#ifdef OPENSSL_FIPS
+# define RC2_set_key private_RC2_set_key
+# define RC4_set_key private_RC4_set_key
+# define CAST_set_key private_CAST_set_key
+# define RC5_32_set_key private_RC5_32_set_key
+# define BF_set_key private_BF_set_key
+# define Camellia_set_key private_Camellia_set_key
+# define idea_set_encrypt_key private_idea_set_encrypt_key
+
+# define MD5_Init private_MD5_Init
+# define MD4_Init private_MD4_Init
+# define MD2_Init private_MD2_Init
+# define MDC2_Init private_MDC2_Init
+# define SHA_Init private_SHA_Init
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pbe.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/evp_pbe.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pbe.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,170 +0,0 @@
-/* evp_pbe.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-/* Password based encryption (PBE) functions */
-
-static STACK *pbe_algs;
-
-/* Setup a cipher context from a PBE algorithm */
-
-typedef struct {
-int pbe_nid;
-const EVP_CIPHER *cipher;
-const EVP_MD *md;
-EVP_PBE_KEYGEN *keygen;
-} EVP_PBE_CTL;
-
-int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
- ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
-{
-
- EVP_PBE_CTL *pbetmp, pbelu;
- int i;
- pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
- if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);
- else i = -1;
-
- if (i == -1) {
- char obj_tmp[80];
- EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
- if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
- else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
- ERR_add_error_data(2, "TYPE=", obj_tmp);
- return 0;
- }
- if(!pass) passlen = 0;
- else if (passlen == -1) passlen = strlen(pass);
- pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
- i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
- pbetmp->md, en_de);
- if (!i) {
- EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
- return 0;
- }
- return 1;
-}
-
-static int pbe_cmp(const char * const *a, const char * const *b)
-{
- const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a,
- * const *pbe2 = (const EVP_PBE_CTL * const *)b;
- return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
-}
-
-/* Add a PBE algorithm */
-
-int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
- EVP_PBE_KEYGEN *keygen)
-{
- EVP_PBE_CTL *pbe_tmp = NULL, pbelu;
- int i;
- if (!pbe_algs)
- {
- pbe_algs = sk_new(pbe_cmp);
- if (!pbe_algs)
- {
- EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- else
- {
- /* Check if already present */
- pbelu.pbe_nid = nid;
- i = sk_find(pbe_algs, (char *)&pbelu);
- if (i >= 0)
- {
- pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i);
- /* If everything identical leave alone */
- if (pbe_tmp->cipher == cipher
- && pbe_tmp->md == md
- && pbe_tmp->keygen == keygen)
- return 1;
- }
- }
-
- if (!pbe_tmp)
- {
- pbe_tmp = OPENSSL_malloc (sizeof(EVP_PBE_CTL));
- if (!pbe_tmp)
- {
- EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- /* If adding a new PBE, set nid, append and sort */
- pbe_tmp->pbe_nid = nid;
- sk_push (pbe_algs, (char *)pbe_tmp);
- sk_sort(pbe_algs);
- }
-
- pbe_tmp->cipher = cipher;
- pbe_tmp->md = md;
- pbe_tmp->keygen = keygen;
- return 1;
-}
-
-void EVP_PBE_cleanup(void)
-{
- sk_pop_free(pbe_algs, OPENSSL_freeFunc);
- pbe_algs = NULL;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pbe.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/evp_pbe.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pbe.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pbe.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,169 @@
+/* evp_pbe.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+/* Password based encryption (PBE) functions */
+
+static STACK *pbe_algs;
+
+/* Setup a cipher context from a PBE algorithm */
+
+typedef struct {
+ int pbe_nid;
+ const EVP_CIPHER *cipher;
+ const EVP_MD *md;
+ EVP_PBE_KEYGEN *keygen;
+} EVP_PBE_CTL;
+
+int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+ ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+{
+
+ EVP_PBE_CTL *pbetmp, pbelu;
+ int i;
+ pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
+ if (pbelu.pbe_nid != NID_undef)
+ i = sk_find(pbe_algs, (char *)&pbelu);
+ else
+ i = -1;
+
+ if (i == -1) {
+ char obj_tmp[80];
+ EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM);
+ if (!pbe_obj)
+ BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp);
+ else
+ i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
+ ERR_add_error_data(2, "TYPE=", obj_tmp);
+ return 0;
+ }
+ if (!pass)
+ passlen = 0;
+ else if (passlen == -1)
+ passlen = strlen(pass);
+ pbetmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i);
+ i = (*pbetmp->keygen) (ctx, pass, passlen, param, pbetmp->cipher,
+ pbetmp->md, en_de);
+ if (!i) {
+ EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE);
+ return 0;
+ }
+ return 1;
+}
+
+static int pbe_cmp(const char *const *a, const char *const *b)
+{
+ const EVP_PBE_CTL *const *pbe1 = (const EVP_PBE_CTL *const *)a,
+ *const *pbe2 = (const EVP_PBE_CTL *const *)b;
+ return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
+}
+
+/* Add a PBE algorithm */
+
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+ EVP_PBE_KEYGEN *keygen)
+{
+ EVP_PBE_CTL *pbe_tmp = NULL, pbelu;
+ int i;
+ if (!pbe_algs) {
+ pbe_algs = sk_new(pbe_cmp);
+ if (!pbe_algs) {
+ EVPerr(EVP_F_EVP_PBE_ALG_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ } else {
+ /* Check if already present */
+ pbelu.pbe_nid = nid;
+ i = sk_find(pbe_algs, (char *)&pbelu);
+ if (i >= 0) {
+ pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i);
+ /* If everything identical leave alone */
+ if (pbe_tmp->cipher == cipher
+ && pbe_tmp->md == md && pbe_tmp->keygen == keygen)
+ return 1;
+ }
+ }
+
+ if (!pbe_tmp) {
+ pbe_tmp = OPENSSL_malloc(sizeof(EVP_PBE_CTL));
+ if (!pbe_tmp) {
+ EVPerr(EVP_F_EVP_PBE_ALG_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /* If adding a new PBE, set nid, append and sort */
+ pbe_tmp->pbe_nid = nid;
+ sk_push(pbe_algs, (char *)pbe_tmp);
+ sk_sort(pbe_algs);
+ }
+
+ pbe_tmp->cipher = cipher;
+ pbe_tmp->md = md;
+ pbe_tmp->keygen = keygen;
+ return 1;
+}
+
+void EVP_PBE_cleanup(void)
+{
+ sk_pop_free(pbe_algs, OPENSSL_freeFunc);
+ pbe_algs = NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/evp_pkey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,794 +0,0 @@
-/* evp_pkey.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_DSA
-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
-#endif
-#ifndef OPENSSL_NO_EC
-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
-#endif
-
-/* Extract a private key from a PKCS8 structure */
-
-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
-{
- EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_RSA
- RSA *rsa = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
- DSA *dsa = NULL;
- ASN1_TYPE *t1, *t2;
- ASN1_INTEGER *privkey;
- STACK_OF(ASN1_TYPE) *ndsa = NULL;
-#endif
-#ifndef OPENSSL_NO_EC
- EC_KEY *eckey = NULL;
- const unsigned char *p_tmp;
-#endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
- ASN1_TYPE *param = NULL;
- BN_CTX *ctx = NULL;
- int plen;
-#endif
- X509_ALGOR *a;
- const unsigned char *p;
- const unsigned char *cp;
- int pkeylen;
- int nid;
- char obj_tmp[80];
-
- if(p8->pkey->type == V_ASN1_OCTET_STRING) {
- p8->broken = PKCS8_OK;
- p = p8->pkey->value.octet_string->data;
- pkeylen = p8->pkey->value.octet_string->length;
- } else {
- p8->broken = PKCS8_NO_OCTET;
- p = p8->pkey->value.sequence->data;
- pkeylen = p8->pkey->value.sequence->length;
- }
- if (!(pkey = EVP_PKEY_new())) {
- EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- a = p8->pkeyalg;
- nid = OBJ_obj2nid(a->algorithm);
- switch(nid)
- {
-#ifndef OPENSSL_NO_RSA
- case NID_rsaEncryption:
- cp = p;
- if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
- return NULL;
- }
- EVP_PKEY_assign_RSA (pkey, rsa);
- break;
-#endif
-#ifndef OPENSSL_NO_DSA
- case NID_dsa:
- /* PKCS#8 DSA is weird: you just get a private key integer
- * and parameters in the AlgorithmIdentifier the pubkey must
- * be recalculated.
- */
-
- /* Check for broken DSA PKCS#8, UGH! */
- if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
- if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen,
- d2i_ASN1_TYPE,
- ASN1_TYPE_free))) {
- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
- goto dsaerr;
- }
- if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
- goto dsaerr;
- }
- /* Handle Two broken types:
- * SEQUENCE {parameters, priv_key}
- * SEQUENCE {pub_key, priv_key}
- */
-
- t1 = sk_ASN1_TYPE_value(ndsa, 0);
- t2 = sk_ASN1_TYPE_value(ndsa, 1);
- if(t1->type == V_ASN1_SEQUENCE) {
- p8->broken = PKCS8_EMBEDDED_PARAM;
- param = t1;
- } else if(a->parameter->type == V_ASN1_SEQUENCE) {
- p8->broken = PKCS8_NS_DB;
- param = a->parameter;
- } else {
- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
- goto dsaerr;
- }
-
- if(t2->type != V_ASN1_INTEGER) {
- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
- goto dsaerr;
- }
- privkey = t2->value.integer;
- } else {
- if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
- goto dsaerr;
- }
- param = p8->pkeyalg->parameter;
- }
- if (!param || (param->type != V_ASN1_SEQUENCE)) {
- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
- goto dsaerr;
- }
- cp = p = param->value.sequence->data;
- plen = param->value.sequence->length;
- if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
- goto dsaerr;
- }
- /* We have parameters now set private key */
- if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
- EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
- goto dsaerr;
- }
- /* Calculate public key (ouch!) */
- if (!(dsa->pub_key = BN_new())) {
- EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
- goto dsaerr;
- }
- if (!(ctx = BN_CTX_new())) {
- EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
- goto dsaerr;
- }
-
- if (!BN_mod_exp(dsa->pub_key, dsa->g,
- dsa->priv_key, dsa->p, ctx)) {
-
- EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
- goto dsaerr;
- }
-
- EVP_PKEY_assign_DSA(pkey, dsa);
- BN_CTX_free (ctx);
- if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
- else ASN1_INTEGER_free(privkey);
- break;
- dsaerr:
- BN_CTX_free (ctx);
- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
- DSA_free(dsa);
- EVP_PKEY_free(pkey);
- return NULL;
- break;
-#endif
-#ifndef OPENSSL_NO_EC
- case NID_X9_62_id_ecPublicKey:
- p_tmp = p;
- /* extract the ec parameters */
- param = p8->pkeyalg->parameter;
-
- if (!param || ((param->type != V_ASN1_SEQUENCE) &&
- (param->type != V_ASN1_OBJECT)))
- {
- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
- goto ecerr;
- }
-
- if (param->type == V_ASN1_SEQUENCE)
- {
- cp = p = param->value.sequence->data;
- plen = param->value.sequence->length;
-
- if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
- {
- EVPerr(EVP_F_EVP_PKCS82PKEY,
- EVP_R_DECODE_ERROR);
- goto ecerr;
- }
- }
- else
- {
- EC_GROUP *group;
- cp = p = param->value.object->data;
- plen = param->value.object->length;
-
- /* type == V_ASN1_OBJECT => the parameters are given
- * by an asn1 OID
- */
- if ((eckey = EC_KEY_new()) == NULL)
- {
- EVPerr(EVP_F_EVP_PKCS82PKEY,
- ERR_R_MALLOC_FAILURE);
- goto ecerr;
- }
- group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
- if (group == NULL)
- goto ecerr;
- EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
- if (EC_KEY_set_group(eckey, group) == 0)
- goto ecerr;
- EC_GROUP_free(group);
- }
-
- /* We have parameters now set private key */
- if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
- {
- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
- goto ecerr;
- }
-
- /* calculate public key (if necessary) */
- if (EC_KEY_get0_public_key(eckey) == NULL)
- {
- const BIGNUM *priv_key;
- const EC_GROUP *group;
- EC_POINT *pub_key;
- /* the public key was not included in the SEC1 private
- * key => calculate the public key */
- group = EC_KEY_get0_group(eckey);
- pub_key = EC_POINT_new(group);
- if (pub_key == NULL)
- {
- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
- goto ecerr;
- }
- if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
- {
- EC_POINT_free(pub_key);
- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
- goto ecerr;
- }
- priv_key = EC_KEY_get0_private_key(eckey);
- if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
- {
- EC_POINT_free(pub_key);
- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
- goto ecerr;
- }
- if (EC_KEY_set_public_key(eckey, pub_key) == 0)
- {
- EC_POINT_free(pub_key);
- EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
- goto ecerr;
- }
- EC_POINT_free(pub_key);
- }
-
- EVP_PKEY_assign_EC_KEY(pkey, eckey);
- if (ctx)
- BN_CTX_free(ctx);
- break;
-ecerr:
- if (ctx)
- BN_CTX_free(ctx);
- if (eckey)
- EC_KEY_free(eckey);
- if (pkey)
- EVP_PKEY_free(pkey);
- return NULL;
-#endif
- default:
- EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
- if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
- else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
- ERR_add_error_data(2, "TYPE=", obj_tmp);
- EVP_PKEY_free (pkey);
- return NULL;
- }
- return pkey;
-}
-
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
-{
- return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
-}
-
-/* Turn a private key into a PKCS8 structure */
-
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
-{
- PKCS8_PRIV_KEY_INFO *p8;
-
- if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- p8->broken = broken;
- if (!ASN1_INTEGER_set(p8->version, 0)) {
- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
- PKCS8_PRIV_KEY_INFO_free (p8);
- return NULL;
- }
- if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
- PKCS8_PRIV_KEY_INFO_free (p8);
- return NULL;
- }
- p8->pkey->type = V_ASN1_OCTET_STRING;
- switch (EVP_PKEY_type(pkey->type)) {
-#ifndef OPENSSL_NO_RSA
- case EVP_PKEY_RSA:
-
- if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
-
- p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
- p8->pkeyalg->parameter->type = V_ASN1_NULL;
- if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey,
- &p8->pkey->value.octet_string)) {
- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
- PKCS8_PRIV_KEY_INFO_free (p8);
- return NULL;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_DSA
- case EVP_PKEY_DSA:
- if(!dsa_pkey2pkcs8(p8, pkey)) {
- PKCS8_PRIV_KEY_INFO_free (p8);
- return NULL;
- }
-
- break;
-#endif
-#ifndef OPENSSL_NO_EC
- case EVP_PKEY_EC:
- if (!eckey_pkey2pkcs8(p8, pkey))
- {
- PKCS8_PRIV_KEY_INFO_free(p8);
- return(NULL);
- }
- break;
-#endif
- default:
- EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
- PKCS8_PRIV_KEY_INFO_free (p8);
- return NULL;
- }
- RAND_add(p8->pkey->value.octet_string->data,
- p8->pkey->value.octet_string->length, 0.0);
- return p8;
-}
-
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
-{
- switch (broken) {
-
- case PKCS8_OK:
- p8->broken = PKCS8_OK;
- return p8;
- break;
-
- case PKCS8_NO_OCTET:
- p8->broken = PKCS8_NO_OCTET;
- p8->pkey->type = V_ASN1_SEQUENCE;
- return p8;
- break;
-
- default:
- EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
- return NULL;
- }
-}
-
-#ifndef OPENSSL_NO_DSA
-static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
-{
- ASN1_STRING *params = NULL;
- ASN1_INTEGER *prkey = NULL;
- ASN1_TYPE *ttmp = NULL;
- STACK_OF(ASN1_TYPE) *ndsa = NULL;
- unsigned char *p = NULL, *q;
- int len;
-
- p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
- len = i2d_DSAparams (pkey->pkey.dsa, NULL);
- if (!(p = OPENSSL_malloc(len))) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- q = p;
- i2d_DSAparams (pkey->pkey.dsa, &q);
- if (!(params = ASN1_STRING_new())) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!ASN1_STRING_set(params, p, len)) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- OPENSSL_free(p);
- p = NULL;
- /* Get private key into integer */
- if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
- goto err;
- }
-
- switch(p8->broken) {
-
- case PKCS8_OK:
- case PKCS8_NO_OCTET:
-
- if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
- &p8->pkey->value.octet_string)) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- M_ASN1_INTEGER_free (prkey);
- prkey = NULL;
- p8->pkeyalg->parameter->value.sequence = params;
- params = NULL;
- p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-
- break;
-
- case PKCS8_NS_DB:
-
- p8->pkeyalg->parameter->value.sequence = params;
- params = NULL;
- p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
- if (!(ndsa = sk_ASN1_TYPE_new_null())) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!(ttmp = ASN1_TYPE_new())) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!(ttmp->value.integer =
- BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
- goto err;
- }
- ttmp->type = V_ASN1_INTEGER;
- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!(ttmp = ASN1_TYPE_new())) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ttmp->value.integer = prkey;
- prkey = NULL;
- ttmp->type = V_ASN1_INTEGER;
- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ttmp = NULL;
-
- if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
- &p8->pkey->value.octet_string->data,
- &p8->pkey->value.octet_string->length)) {
-
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
- break;
-
- case PKCS8_EMBEDDED_PARAM:
-
- p8->pkeyalg->parameter->type = V_ASN1_NULL;
- if (!(ndsa = sk_ASN1_TYPE_new_null())) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!(ttmp = ASN1_TYPE_new())) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ttmp->value.sequence = params;
- params = NULL;
- ttmp->type = V_ASN1_SEQUENCE;
- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!(ttmp = ASN1_TYPE_new())) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ttmp->value.integer = prkey;
- prkey = NULL;
- ttmp->type = V_ASN1_INTEGER;
- if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ttmp = NULL;
-
- if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
- &p8->pkey->value.octet_string->data,
- &p8->pkey->value.octet_string->length)) {
-
- EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
- break;
- }
- return 1;
-err:
- if (p != NULL) OPENSSL_free(p);
- if (params != NULL) ASN1_STRING_free(params);
- if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
- if (ttmp != NULL) ASN1_TYPE_free(ttmp);
- if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
- return 0;
-}
-#endif
-
-#ifndef OPENSSL_NO_EC
-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
-{
- EC_KEY *ec_key;
- const EC_GROUP *group;
- unsigned char *p, *pp;
- int nid, i, ret = 0;
- unsigned int tmp_flags, old_flags;
-
- ec_key = pkey->pkey.ec;
- if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL)
- {
- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
- return 0;
- }
-
- /* set the ec parameters OID */
- if (p8->pkeyalg->algorithm)
- ASN1_OBJECT_free(p8->pkeyalg->algorithm);
-
- p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
-
- /* set the ec parameters */
-
- if (p8->pkeyalg->parameter)
- {
- ASN1_TYPE_free(p8->pkeyalg->parameter);
- p8->pkeyalg->parameter = NULL;
- }
-
- if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
- {
- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- if (EC_GROUP_get_asn1_flag(group)
- && (nid = EC_GROUP_get_curve_name(group)))
- {
- /* we have a 'named curve' => just set the OID */
- p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
- p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
- }
- else /* explicit parameters */
- {
- if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
- {
- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
- return 0;
- }
- if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
- {
- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- pp = p;
- if (!i2d_ECParameters(ec_key, &pp))
- {
- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
- OPENSSL_free(p);
- return 0;
- }
- p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
- if ((p8->pkeyalg->parameter->value.sequence
- = ASN1_STRING_new()) == NULL)
- {
- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
- OPENSSL_free(p);
- return 0;
- }
- ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
- OPENSSL_free(p);
- }
-
- /* set the private key */
-
- /* do not include the parameters in the SEC1 private key
- * see PKCS#11 12.11 */
- old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
- tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
- EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
- i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
- if (!i)
- {
- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
- return 0;
- }
- p = (unsigned char *) OPENSSL_malloc(i);
- if (!p)
- {
- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- pp = p;
- if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
- {
- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
- OPENSSL_free(p);
- return 0;
- }
- /* restore old encoding flags */
- EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-
- switch(p8->broken) {
-
- case PKCS8_OK:
- p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
- if (!p8->pkey->value.octet_string ||
- !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
- (const void *)p, i))
-
- {
- EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
- }
- else
- ret = 1;
- break;
- case PKCS8_NO_OCTET: /* RSA specific */
- case PKCS8_NS_DB: /* DSA specific */
- case PKCS8_EMBEDDED_PARAM: /* DSA specific */
- default:
- EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
- }
- OPENSSL_cleanse(p, (size_t)i);
- OPENSSL_free(p);
- return ret;
-}
-#endif
-
-/* EVP_PKEY attribute functions */
-
-int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
-{
- return X509at_get_attr_count(key->attributes);
-}
-
-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
- int lastpos)
-{
- return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
-}
-
-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
- int lastpos)
-{
- return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
-}
-
-X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
-{
- return X509at_get_attr(key->attributes, loc);
-}
-
-X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
-{
- return X509at_delete_attr(key->attributes, loc);
-}
-
-int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
-{
- if(X509at_add1_attr(&key->attributes, attr)) return 1;
- return 0;
-}
-
-int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
- const ASN1_OBJECT *obj, int type,
- const unsigned char *bytes, int len)
-{
- if(X509at_add1_attr_by_OBJ(&key->attributes, obj,
- type, bytes, len)) return 1;
- return 0;
-}
-
-int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
- int nid, int type,
- const unsigned char *bytes, int len)
-{
- if(X509at_add1_attr_by_NID(&key->attributes, nid,
- type, bytes, len)) return 1;
- return 0;
-}
-
-int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
- const char *attrname, int type,
- const unsigned char *bytes, int len)
-{
- if(X509at_add1_attr_by_txt(&key->attributes, attrname,
- type, bytes, len)) return 1;
- return 0;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pkey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/evp_pkey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pkey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,782 @@
+/* evp_pkey.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_DSA
+static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
+#endif
+#ifndef OPENSSL_NO_EC
+static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
+#endif
+
+/* Extract a private key from a PKCS8 structure */
+
+EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
+{
+ EVP_PKEY *pkey = NULL;
+#ifndef OPENSSL_NO_RSA
+ RSA *rsa = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+ DSA *dsa = NULL;
+ ASN1_TYPE *t1, *t2;
+ ASN1_INTEGER *privkey;
+ STACK_OF(ASN1_TYPE) *ndsa = NULL;
+#endif
+#ifndef OPENSSL_NO_EC
+ EC_KEY *eckey = NULL;
+ const unsigned char *p_tmp;
+#endif
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
+ ASN1_TYPE *param = NULL;
+ BN_CTX *ctx = NULL;
+ int plen;
+#endif
+ X509_ALGOR *a;
+ const unsigned char *p;
+ const unsigned char *cp;
+ int pkeylen;
+ int nid;
+ char obj_tmp[80];
+
+ if (p8->pkey->type == V_ASN1_OCTET_STRING) {
+ p8->broken = PKCS8_OK;
+ p = p8->pkey->value.octet_string->data;
+ pkeylen = p8->pkey->value.octet_string->length;
+ } else {
+ p8->broken = PKCS8_NO_OCTET;
+ p = p8->pkey->value.sequence->data;
+ pkeylen = p8->pkey->value.sequence->length;
+ }
+ if (!(pkey = EVP_PKEY_new())) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ a = p8->pkeyalg;
+ nid = OBJ_obj2nid(a->algorithm);
+ switch (nid) {
+#ifndef OPENSSL_NO_RSA
+ case NID_rsaEncryption:
+ cp = p;
+ if (!(rsa = d2i_RSAPrivateKey(NULL, &cp, pkeylen))) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+ return NULL;
+ }
+ EVP_PKEY_assign_RSA(pkey, rsa);
+ break;
+#endif
+#ifndef OPENSSL_NO_DSA
+ case NID_dsa:
+ /*
+ * PKCS#8 DSA is weird: you just get a private key integer and
+ * parameters in the AlgorithmIdentifier the pubkey must be
+ * recalculated.
+ */
+
+ /* Check for broken DSA PKCS#8, UGH! */
+ if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {
+ if (!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen,
+ d2i_ASN1_TYPE,
+ ASN1_TYPE_free))) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+ goto dsaerr;
+ }
+ if (sk_ASN1_TYPE_num(ndsa) != 2) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+ goto dsaerr;
+ }
+ /*
+ * Handle Two broken types: SEQUENCE {parameters, priv_key}
+ * SEQUENCE {pub_key, priv_key}
+ */
+
+ t1 = sk_ASN1_TYPE_value(ndsa, 0);
+ t2 = sk_ASN1_TYPE_value(ndsa, 1);
+ if (t1->type == V_ASN1_SEQUENCE) {
+ p8->broken = PKCS8_EMBEDDED_PARAM;
+ param = t1;
+ } else if (a->parameter->type == V_ASN1_SEQUENCE) {
+ p8->broken = PKCS8_NS_DB;
+ param = a->parameter;
+ } else {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+ goto dsaerr;
+ }
+
+ if (t2->type != V_ASN1_INTEGER) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+ goto dsaerr;
+ }
+ privkey = t2->value.integer;
+ } else {
+ if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pkeylen))) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+ goto dsaerr;
+ }
+ param = p8->pkeyalg->parameter;
+ }
+ if (!param || (param->type != V_ASN1_SEQUENCE)) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+ goto dsaerr;
+ }
+ cp = p = param->value.sequence->data;
+ plen = param->value.sequence->length;
+ if (!(dsa = d2i_DSAparams(NULL, &cp, plen))) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+ goto dsaerr;
+ }
+ /* We have parameters now set private key */
+ if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_DECODE_ERROR);
+ goto dsaerr;
+ }
+ /* Calculate public key (ouch!) */
+ if (!(dsa->pub_key = BN_new())) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+ goto dsaerr;
+ }
+ if (!(ctx = BN_CTX_new())) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+ goto dsaerr;
+ }
+
+ if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
+
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_PUBKEY_ERROR);
+ goto dsaerr;
+ }
+
+ EVP_PKEY_assign_DSA(pkey, dsa);
+ BN_CTX_free(ctx);
+ if (ndsa)
+ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+ else
+ ASN1_INTEGER_free(privkey);
+ break;
+ dsaerr:
+ BN_CTX_free(ctx);
+ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+ DSA_free(dsa);
+ EVP_PKEY_free(pkey);
+ return NULL;
+ break;
+#endif
+#ifndef OPENSSL_NO_EC
+ case NID_X9_62_id_ecPublicKey:
+ p_tmp = p;
+ /* extract the ec parameters */
+ param = p8->pkeyalg->parameter;
+
+ if (!param || ((param->type != V_ASN1_SEQUENCE) &&
+ (param->type != V_ASN1_OBJECT))) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+ goto ecerr;
+ }
+
+ if (param->type == V_ASN1_SEQUENCE) {
+ cp = p = param->value.sequence->data;
+ plen = param->value.sequence->length;
+
+ if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+ goto ecerr;
+ }
+ } else {
+ EC_GROUP *group;
+ cp = p = param->value.object->data;
+ plen = param->value.object->length;
+
+ /*
+ * type == V_ASN1_OBJECT => the parameters are given by an asn1
+ * OID
+ */
+ if ((eckey = EC_KEY_new()) == NULL) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+ goto ecerr;
+ }
+ group =
+ EC_GROUP_new_by_curve_name(OBJ_obj2nid
+ (a->parameter->value.object));
+ if (group == NULL)
+ goto ecerr;
+ EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+ if (EC_KEY_set_group(eckey, group) == 0)
+ goto ecerr;
+ EC_GROUP_free(group);
+ }
+
+ /* We have parameters now set private key */
+ if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+ goto ecerr;
+ }
+
+ /* calculate public key (if necessary) */
+ if (EC_KEY_get0_public_key(eckey) == NULL) {
+ const BIGNUM *priv_key;
+ const EC_GROUP *group;
+ EC_POINT *pub_key;
+ /*
+ * the public key was not included in the SEC1 private key =>
+ * calculate the public key
+ */
+ group = EC_KEY_get0_group(eckey);
+ pub_key = EC_POINT_new(group);
+ if (pub_key == NULL) {
+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
+ goto ecerr;
+ }
+ if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
+ EC_POINT_free(pub_key);
+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
+ goto ecerr;
+ }
+ priv_key = EC_KEY_get0_private_key(eckey);
+ if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) {
+ EC_POINT_free(pub_key);
+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
+ goto ecerr;
+ }
+ if (EC_KEY_set_public_key(eckey, pub_key) == 0) {
+ EC_POINT_free(pub_key);
+ EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
+ goto ecerr;
+ }
+ EC_POINT_free(pub_key);
+ }
+
+ EVP_PKEY_assign_EC_KEY(pkey, eckey);
+ if (ctx)
+ BN_CTX_free(ctx);
+ break;
+ ecerr:
+ if (ctx)
+ BN_CTX_free(ctx);
+ if (eckey)
+ EC_KEY_free(eckey);
+ if (pkey)
+ EVP_PKEY_free(pkey);
+ return NULL;
+#endif
+ default:
+ EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+ if (!a->algorithm)
+ BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp);
+ else
+ i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
+ ERR_add_error_data(2, "TYPE=", obj_tmp);
+ EVP_PKEY_free(pkey);
+ return NULL;
+ }
+ return pkey;
+}
+
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+{
+ return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
+}
+
+/* Turn a private key into a PKCS8 structure */
+
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
+{
+ PKCS8_PRIV_KEY_INFO *p8;
+
+ if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ p8->broken = broken;
+ if (!ASN1_INTEGER_set(p8->version, 0)) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE);
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ return NULL;
+ }
+ if (!(p8->pkeyalg->parameter = ASN1_TYPE_new())) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE);
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ return NULL;
+ }
+ p8->pkey->type = V_ASN1_OCTET_STRING;
+ switch (EVP_PKEY_type(pkey->type)) {
+#ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+
+ if (p8->broken == PKCS8_NO_OCTET)
+ p8->pkey->type = V_ASN1_SEQUENCE;
+
+ p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+ p8->pkeyalg->parameter->type = V_ASN1_NULL;
+ if (!ASN1_pack_string_of(EVP_PKEY, pkey, i2d_PrivateKey,
+ &p8->pkey->value.octet_string)) {
+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE);
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ return NULL;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_DSA
+ case EVP_PKEY_DSA:
+ if (!dsa_pkey2pkcs8(p8, pkey)) {
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ return NULL;
+ }
+
+ break;
+#endif
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ if (!eckey_pkey2pkcs8(p8, pkey)) {
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ return (NULL);
+ }
+ break;
+#endif
+ default:
+ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
+ EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ return NULL;
+ }
+ RAND_add(p8->pkey->value.octet_string->data,
+ p8->pkey->value.octet_string->length, 0.0);
+ return p8;
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
+{
+ switch (broken) {
+
+ case PKCS8_OK:
+ p8->broken = PKCS8_OK;
+ return p8;
+ break;
+
+ case PKCS8_NO_OCTET:
+ p8->broken = PKCS8_NO_OCTET;
+ p8->pkey->type = V_ASN1_SEQUENCE;
+ return p8;
+ break;
+
+ default:
+ EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
+ return NULL;
+ }
+}
+
+#ifndef OPENSSL_NO_DSA
+static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
+{
+ ASN1_STRING *params = NULL;
+ ASN1_INTEGER *prkey = NULL;
+ ASN1_TYPE *ttmp = NULL;
+ STACK_OF(ASN1_TYPE) *ndsa = NULL;
+ unsigned char *p = NULL, *q;
+ int len;
+
+ p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+ len = i2d_DSAparams(pkey->pkey.dsa, NULL);
+ if (!(p = OPENSSL_malloc(len))) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ q = p;
+ i2d_DSAparams(pkey->pkey.dsa, &q);
+ if (!(params = ASN1_STRING_new())) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!ASN1_STRING_set(params, p, len)) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ OPENSSL_free(p);
+ p = NULL;
+ /* Get private key into integer */
+ if (!(prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL))) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, EVP_R_ENCODE_ERROR);
+ goto err;
+ }
+
+ switch (p8->broken) {
+
+ case PKCS8_OK:
+ case PKCS8_NO_OCTET:
+
+ if (!ASN1_pack_string_of(ASN1_INTEGER, prkey, i2d_ASN1_INTEGER,
+ &p8->pkey->value.octet_string)) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ M_ASN1_INTEGER_free(prkey);
+ prkey = NULL;
+ p8->pkeyalg->parameter->value.sequence = params;
+ params = NULL;
+ p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+
+ break;
+
+ case PKCS8_NS_DB:
+
+ p8->pkeyalg->parameter->value.sequence = params;
+ params = NULL;
+ p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+ if (!(ndsa = sk_ASN1_TYPE_new_null())) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!(ttmp = ASN1_TYPE_new())) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!(ttmp->value.integer =
+ BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, EVP_R_ENCODE_ERROR);
+ goto err;
+ }
+ ttmp->type = V_ASN1_INTEGER;
+ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!(ttmp = ASN1_TYPE_new())) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ttmp->value.integer = prkey;
+ prkey = NULL;
+ ttmp->type = V_ASN1_INTEGER;
+ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ttmp = NULL;
+
+ if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
+ &p8->pkey->value.octet_string->data,
+ &p8->pkey->value.octet_string->length)) {
+
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+ break;
+
+ case PKCS8_EMBEDDED_PARAM:
+
+ p8->pkeyalg->parameter->type = V_ASN1_NULL;
+ if (!(ndsa = sk_ASN1_TYPE_new_null())) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!(ttmp = ASN1_TYPE_new())) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ttmp->value.sequence = params;
+ params = NULL;
+ ttmp->type = V_ASN1_SEQUENCE;
+ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!(ttmp = ASN1_TYPE_new())) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ttmp->value.integer = prkey;
+ prkey = NULL;
+ ttmp->type = V_ASN1_INTEGER;
+ if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ttmp = NULL;
+
+ if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
+ &p8->pkey->value.octet_string->data,
+ &p8->pkey->value.octet_string->length)) {
+
+ EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+ break;
+ }
+ return 1;
+ err:
+ if (p != NULL)
+ OPENSSL_free(p);
+ if (params != NULL)
+ ASN1_STRING_free(params);
+ if (prkey != NULL)
+ M_ASN1_INTEGER_free(prkey);
+ if (ttmp != NULL)
+ ASN1_TYPE_free(ttmp);
+ if (ndsa != NULL)
+ sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+ return 0;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
+{
+ EC_KEY *ec_key;
+ const EC_GROUP *group;
+ unsigned char *p, *pp;
+ int nid, i, ret = 0;
+ unsigned int tmp_flags, old_flags;
+
+ ec_key = pkey->pkey.ec;
+ if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) {
+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
+ return 0;
+ }
+
+ /* set the ec parameters OID */
+ if (p8->pkeyalg->algorithm)
+ ASN1_OBJECT_free(p8->pkeyalg->algorithm);
+
+ p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
+
+ /* set the ec parameters */
+
+ if (p8->pkeyalg->parameter) {
+ ASN1_TYPE_free(p8->pkeyalg->parameter);
+ p8->pkeyalg->parameter = NULL;
+ }
+
+ if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) {
+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if (EC_GROUP_get_asn1_flag(group)
+ && (nid = EC_GROUP_get_curve_name(group))) {
+ /* we have a 'named curve' => just set the OID */
+ p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
+ p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
+ } else { /* explicit parameters */
+
+ if ((i = i2d_ECParameters(ec_key, NULL)) == 0) {
+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
+ return 0;
+ }
+ if ((p = (unsigned char *)OPENSSL_malloc(i)) == NULL) {
+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ pp = p;
+ if (!i2d_ECParameters(ec_key, &pp)) {
+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
+ OPENSSL_free(p);
+ return 0;
+ }
+ p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+ if ((p8->pkeyalg->parameter->value.sequence
+ = ASN1_STRING_new()) == NULL) {
+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
+ OPENSSL_free(p);
+ return 0;
+ }
+ ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
+ OPENSSL_free(p);
+ }
+
+ /* set the private key */
+
+ /*
+ * do not include the parameters in the SEC1 private key see PKCS#11
+ * 12.11
+ */
+ old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
+ tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
+ EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
+ i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
+ if (!i) {
+ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
+ return 0;
+ }
+ p = (unsigned char *)OPENSSL_malloc(i);
+ if (!p) {
+ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ pp = p;
+ if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) {
+ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
+ OPENSSL_free(p);
+ return 0;
+ }
+ /* restore old encoding flags */
+ EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
+
+ switch (p8->broken) {
+
+ case PKCS8_OK:
+ p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
+ if (!p8->pkey->value.octet_string ||
+ !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
+ (const void *)p, i)) {
+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+ } else
+ ret = 1;
+ break;
+ case PKCS8_NO_OCTET: /* RSA specific */
+ case PKCS8_NS_DB: /* DSA specific */
+ case PKCS8_EMBEDDED_PARAM: /* DSA specific */
+ default:
+ EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_ENCODE_ERROR);
+ }
+ OPENSSL_cleanse(p, (size_t)i);
+ OPENSSL_free(p);
+ return ret;
+}
+#endif
+
+/* EVP_PKEY attribute functions */
+
+int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
+{
+ return X509at_get_attr_count(key->attributes);
+}
+
+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos)
+{
+ return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
+}
+
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
+ int lastpos)
+{
+ return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
+}
+
+X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
+{
+ return X509at_get_attr(key->attributes, loc);
+}
+
+X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
+{
+ return X509at_delete_attr(key->attributes, loc);
+}
+
+int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
+{
+ if (X509at_add1_attr(&key->attributes, attr))
+ return 1;
+ return 0;
+}
+
+int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
+ const ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes, int len)
+{
+ if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len))
+ return 1;
+ return 0;
+}
+
+int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
+ int nid, int type,
+ const unsigned char *bytes, int len)
+{
+ if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len))
+ return 1;
+ return 0;
+}
+
+int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
+ const char *attrname, int type,
+ const unsigned char *bytes, int len)
+{
+ if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, bytes, len))
+ return 1;
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/evp_test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,450 +0,0 @@
-/* Written by Ben Laurie, 2001 */
-/*
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#include <openssl/opensslconf.h>
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/conf.h>
-
-static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
- {
- int n=0;
-
- fprintf(f,"%s",title);
- for( ; n < l ; ++n)
- {
- if((n%16) == 0)
- fprintf(f,"\n%04x",n);
- fprintf(f," %02x",s[n]);
- }
- fprintf(f,"\n");
- }
-
-static int convert(unsigned char *s)
- {
- unsigned char *d;
-
- for(d=s ; *s ; s+=2,++d)
- {
- unsigned int n;
-
- if(!s[1])
- {
- fprintf(stderr,"Odd number of hex digits!");
- EXIT(4);
- }
- sscanf((char *)s,"%2x",&n);
- *d=(unsigned char)n;
- }
- return s-d;
- }
-
-static char *sstrsep(char **string, const char *delim)
- {
- char isdelim[256];
- char *token = *string;
-
- if (**string == 0)
- return NULL;
-
- memset(isdelim, 0, 256);
- isdelim[0] = 1;
-
- while (*delim)
- {
- isdelim[(unsigned char)(*delim)] = 1;
- delim++;
- }
-
- while (!isdelim[(unsigned char)(**string)])
- {
- (*string)++;
- }
-
- if (**string)
- {
- **string = 0;
- (*string)++;
- }
-
- return token;
- }
-
-static unsigned char *ustrsep(char **p,const char *sep)
- { return (unsigned char *)sstrsep(p,sep); }
-
-static int test1_exit(int ec)
- {
- EXIT(ec);
- return(0); /* To keep some compilers quiet */
- }
-
-static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
- const unsigned char *iv,int in,
- const unsigned char *plaintext,int pn,
- const unsigned char *ciphertext,int cn,
- int encdec)
- {
- EVP_CIPHER_CTX ctx;
- unsigned char out[4096];
- int outl,outl2;
-
- printf("Testing cipher %s%s\n",EVP_CIPHER_name(c),
- (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)")));
- hexdump(stdout,"Key",key,kn);
- if(in)
- hexdump(stdout,"IV",iv,in);
- hexdump(stdout,"Plaintext",plaintext,pn);
- hexdump(stdout,"Ciphertext",ciphertext,cn);
-
- if(kn != c->key_len)
- {
- fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn,
- c->key_len);
- test1_exit(5);
- }
- EVP_CIPHER_CTX_init(&ctx);
- if (encdec != 0)
- {
- if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
- {
- fprintf(stderr,"EncryptInit failed\n");
- ERR_print_errors_fp(stderr);
- test1_exit(10);
- }
- EVP_CIPHER_CTX_set_padding(&ctx,0);
-
- if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn))
- {
- fprintf(stderr,"Encrypt failed\n");
- ERR_print_errors_fp(stderr);
- test1_exit(6);
- }
- if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
- {
- fprintf(stderr,"EncryptFinal failed\n");
- ERR_print_errors_fp(stderr);
- test1_exit(7);
- }
-
- if(outl+outl2 != cn)
- {
- fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
- outl+outl2,cn);
- test1_exit(8);
- }
-
- if(memcmp(out,ciphertext,cn))
- {
- fprintf(stderr,"Ciphertext mismatch\n");
- hexdump(stderr,"Got",out,cn);
- hexdump(stderr,"Expected",ciphertext,cn);
- test1_exit(9);
- }
- }
-
- if (encdec <= 0)
- {
- if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
- {
- fprintf(stderr,"DecryptInit failed\n");
- ERR_print_errors_fp(stderr);
- test1_exit(11);
- }
- EVP_CIPHER_CTX_set_padding(&ctx,0);
-
- if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn))
- {
- fprintf(stderr,"Decrypt failed\n");
- ERR_print_errors_fp(stderr);
- test1_exit(6);
- }
- if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
- {
- fprintf(stderr,"DecryptFinal failed\n");
- ERR_print_errors_fp(stderr);
- test1_exit(7);
- }
-
- if(outl+outl2 != pn)
- {
- fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
- outl+outl2,pn);
- test1_exit(8);
- }
-
- if(memcmp(out,plaintext,pn))
- {
- fprintf(stderr,"Plaintext mismatch\n");
- hexdump(stderr,"Got",out,pn);
- hexdump(stderr,"Expected",plaintext,pn);
- test1_exit(9);
- }
- }
-
- EVP_CIPHER_CTX_cleanup(&ctx);
-
- printf("\n");
- }
-
-static int test_cipher(const char *cipher,const unsigned char *key,int kn,
- const unsigned char *iv,int in,
- const unsigned char *plaintext,int pn,
- const unsigned char *ciphertext,int cn,
- int encdec)
- {
- const EVP_CIPHER *c;
-
- c=EVP_get_cipherbyname(cipher);
- if(!c)
- return 0;
-
- test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec);
-
- return 1;
- }
-
-static int test_digest(const char *digest,
- const unsigned char *plaintext,int pn,
- const unsigned char *ciphertext, unsigned int cn)
- {
- const EVP_MD *d;
- EVP_MD_CTX ctx;
- unsigned char md[EVP_MAX_MD_SIZE];
- unsigned int mdn;
-
- d=EVP_get_digestbyname(digest);
- if(!d)
- return 0;
-
- printf("Testing digest %s\n",EVP_MD_name(d));
- hexdump(stdout,"Plaintext",plaintext,pn);
- hexdump(stdout,"Digest",ciphertext,cn);
-
- EVP_MD_CTX_init(&ctx);
- if(!EVP_DigestInit_ex(&ctx,d, NULL))
- {
- fprintf(stderr,"DigestInit failed\n");
- ERR_print_errors_fp(stderr);
- EXIT(100);
- }
- if(!EVP_DigestUpdate(&ctx,plaintext,pn))
- {
- fprintf(stderr,"DigestUpdate failed\n");
- ERR_print_errors_fp(stderr);
- EXIT(101);
- }
- if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
- {
- fprintf(stderr,"DigestFinal failed\n");
- ERR_print_errors_fp(stderr);
- EXIT(101);
- }
- EVP_MD_CTX_cleanup(&ctx);
-
- if(mdn != cn)
- {
- fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn);
- EXIT(102);
- }
-
- if(memcmp(md,ciphertext,cn))
- {
- fprintf(stderr,"Digest mismatch\n");
- hexdump(stderr,"Got",md,cn);
- hexdump(stderr,"Expected",ciphertext,cn);
- EXIT(103);
- }
-
- printf("\n");
-
- EVP_MD_CTX_cleanup(&ctx);
-
- return 1;
- }
-
-int main(int argc,char **argv)
- {
- const char *szTestFile;
- FILE *f;
-
- if(argc != 2)
- {
- fprintf(stderr,"%s <test file>\n",argv[0]);
- EXIT(1);
- }
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- szTestFile=argv[1];
-
- f=fopen(szTestFile,"r");
- if(!f)
- {
- perror(szTestFile);
- EXIT(2);
- }
-
- /* Load up the software EVP_CIPHER and EVP_MD definitions */
- OpenSSL_add_all_ciphers();
- OpenSSL_add_all_digests();
-#ifndef OPENSSL_NO_ENGINE
- /* Load all compiled-in ENGINEs */
- ENGINE_load_builtin_engines();
-#endif
-#if 0
- OPENSSL_config();
-#endif
-#ifndef OPENSSL_NO_ENGINE
- /* Register all available ENGINE implementations of ciphers and digests.
- * This could perhaps be changed to "ENGINE_register_all_complete()"? */
- ENGINE_register_all_ciphers();
- ENGINE_register_all_digests();
- /* If we add command-line options, this statement should be switchable.
- * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
- * they weren't already initialised. */
- /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
-#endif
-
- for( ; ; )
- {
- char line[4096];
- char *p;
- char *cipher;
- unsigned char *iv,*key,*plaintext,*ciphertext;
- int encdec;
- int kn,in,pn,cn;
-
- if(!fgets((char *)line,sizeof line,f))
- break;
- if(line[0] == '#' || line[0] == '\n')
- continue;
- p=line;
- cipher=sstrsep(&p,":");
- key=ustrsep(&p,":");
- iv=ustrsep(&p,":");
- plaintext=ustrsep(&p,":");
- ciphertext=ustrsep(&p,":");
- if (p[-1] == '\n') {
- p[-1] = '\0';
- encdec = -1;
- } else {
- encdec = atoi(sstrsep(&p,"\n"));
- }
-
-
- kn=convert(key);
- in=convert(iv);
- pn=convert(plaintext);
- cn=convert(ciphertext);
-
- if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec)
- && !test_digest(cipher,plaintext,pn,ciphertext,cn))
- {
-#ifdef OPENSSL_NO_AES
- if (strstr(cipher, "AES") == cipher)
- {
- fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
- continue;
- }
-#endif
-#ifdef OPENSSL_NO_DES
- if (strstr(cipher, "DES") == cipher)
- {
- fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
- continue;
- }
-#endif
-#ifdef OPENSSL_NO_RC4
- if (strstr(cipher, "RC4") == cipher)
- {
- fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
- continue;
- }
-#endif
-#ifdef OPENSSL_NO_CAMELLIA
- if (strstr(cipher, "CAMELLIA") == cipher)
- {
- fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
- continue;
- }
-#endif
-#ifdef OPENSSL_NO_SEED
- if (strstr(cipher, "SEED") == cipher)
- {
- fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
- continue;
- }
-#endif
- fprintf(stderr,"Can't find %s\n",cipher);
- EXIT(3);
- }
- }
- fclose(f);
-
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif
- EVP_cleanup();
- CRYPTO_cleanup_all_ex_data();
- ERR_remove_state(0);
- ERR_free_strings();
- CRYPTO_mem_leaks_fp(stderr);
-
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/evp_test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/evp_test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,424 @@
+/* Written by Ben Laurie, 2001 */
+/*
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/opensslconf.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/conf.h>
+
+static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
+{
+ int n = 0;
+
+ fprintf(f, "%s", title);
+ for (; n < l; ++n) {
+ if ((n % 16) == 0)
+ fprintf(f, "\n%04x", n);
+ fprintf(f, " %02x", s[n]);
+ }
+ fprintf(f, "\n");
+}
+
+static int convert(unsigned char *s)
+{
+ unsigned char *d;
+
+ for (d = s; *s; s += 2, ++d) {
+ unsigned int n;
+
+ if (!s[1]) {
+ fprintf(stderr, "Odd number of hex digits!");
+ EXIT(4);
+ }
+ sscanf((char *)s, "%2x", &n);
+ *d = (unsigned char)n;
+ }
+ return s - d;
+}
+
+static char *sstrsep(char **string, const char *delim)
+{
+ char isdelim[256];
+ char *token = *string;
+
+ if (**string == 0)
+ return NULL;
+
+ memset(isdelim, 0, 256);
+ isdelim[0] = 1;
+
+ while (*delim) {
+ isdelim[(unsigned char)(*delim)] = 1;
+ delim++;
+ }
+
+ while (!isdelim[(unsigned char)(**string)]) {
+ (*string)++;
+ }
+
+ if (**string) {
+ **string = 0;
+ (*string)++;
+ }
+
+ return token;
+}
+
+static unsigned char *ustrsep(char **p, const char *sep)
+{
+ return (unsigned char *)sstrsep(p, sep);
+}
+
+static int test1_exit(int ec)
+{
+ EXIT(ec);
+ return (0); /* To keep some compilers quiet */
+}
+
+static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn,
+ const unsigned char *iv, int in,
+ const unsigned char *plaintext, int pn,
+ const unsigned char *ciphertext, int cn, int encdec)
+{
+ EVP_CIPHER_CTX ctx;
+ unsigned char out[4096];
+ int outl, outl2;
+
+ printf("Testing cipher %s%s\n", EVP_CIPHER_name(c),
+ (encdec ==
+ 1 ? "(encrypt)" : (encdec ==
+ 0 ? "(decrypt)" : "(encrypt/decrypt)")));
+ hexdump(stdout, "Key", key, kn);
+ if (in)
+ hexdump(stdout, "IV", iv, in);
+ hexdump(stdout, "Plaintext", plaintext, pn);
+ hexdump(stdout, "Ciphertext", ciphertext, cn);
+
+ if (kn != c->key_len) {
+ fprintf(stderr, "Key length doesn't match, got %d expected %d\n", kn,
+ c->key_len);
+ test1_exit(5);
+ }
+ EVP_CIPHER_CTX_init(&ctx);
+ if (encdec != 0) {
+ if (!EVP_EncryptInit_ex(&ctx, c, NULL, key, iv)) {
+ fprintf(stderr, "EncryptInit failed\n");
+ ERR_print_errors_fp(stderr);
+ test1_exit(10);
+ }
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+
+ if (!EVP_EncryptUpdate(&ctx, out, &outl, plaintext, pn)) {
+ fprintf(stderr, "Encrypt failed\n");
+ ERR_print_errors_fp(stderr);
+ test1_exit(6);
+ }
+ if (!EVP_EncryptFinal_ex(&ctx, out + outl, &outl2)) {
+ fprintf(stderr, "EncryptFinal failed\n");
+ ERR_print_errors_fp(stderr);
+ test1_exit(7);
+ }
+
+ if (outl + outl2 != cn) {
+ fprintf(stderr, "Ciphertext length mismatch got %d expected %d\n",
+ outl + outl2, cn);
+ test1_exit(8);
+ }
+
+ if (memcmp(out, ciphertext, cn)) {
+ fprintf(stderr, "Ciphertext mismatch\n");
+ hexdump(stderr, "Got", out, cn);
+ hexdump(stderr, "Expected", ciphertext, cn);
+ test1_exit(9);
+ }
+ }
+
+ if (encdec <= 0) {
+ if (!EVP_DecryptInit_ex(&ctx, c, NULL, key, iv)) {
+ fprintf(stderr, "DecryptInit failed\n");
+ ERR_print_errors_fp(stderr);
+ test1_exit(11);
+ }
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+
+ if (!EVP_DecryptUpdate(&ctx, out, &outl, ciphertext, cn)) {
+ fprintf(stderr, "Decrypt failed\n");
+ ERR_print_errors_fp(stderr);
+ test1_exit(6);
+ }
+ if (!EVP_DecryptFinal_ex(&ctx, out + outl, &outl2)) {
+ fprintf(stderr, "DecryptFinal failed\n");
+ ERR_print_errors_fp(stderr);
+ test1_exit(7);
+ }
+
+ if (outl + outl2 != pn) {
+ fprintf(stderr, "Plaintext length mismatch got %d expected %d\n",
+ outl + outl2, pn);
+ test1_exit(8);
+ }
+
+ if (memcmp(out, plaintext, pn)) {
+ fprintf(stderr, "Plaintext mismatch\n");
+ hexdump(stderr, "Got", out, pn);
+ hexdump(stderr, "Expected", plaintext, pn);
+ test1_exit(9);
+ }
+ }
+
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ printf("\n");
+}
+
+static int test_cipher(const char *cipher, const unsigned char *key, int kn,
+ const unsigned char *iv, int in,
+ const unsigned char *plaintext, int pn,
+ const unsigned char *ciphertext, int cn, int encdec)
+{
+ const EVP_CIPHER *c;
+
+ c = EVP_get_cipherbyname(cipher);
+ if (!c)
+ return 0;
+
+ test1(c, key, kn, iv, in, plaintext, pn, ciphertext, cn, encdec);
+
+ return 1;
+}
+
+static int test_digest(const char *digest,
+ const unsigned char *plaintext, int pn,
+ const unsigned char *ciphertext, unsigned int cn)
+{
+ const EVP_MD *d;
+ EVP_MD_CTX ctx;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int mdn;
+
+ d = EVP_get_digestbyname(digest);
+ if (!d)
+ return 0;
+
+ printf("Testing digest %s\n", EVP_MD_name(d));
+ hexdump(stdout, "Plaintext", plaintext, pn);
+ hexdump(stdout, "Digest", ciphertext, cn);
+
+ EVP_MD_CTX_init(&ctx);
+ if (!EVP_DigestInit_ex(&ctx, d, NULL)) {
+ fprintf(stderr, "DigestInit failed\n");
+ ERR_print_errors_fp(stderr);
+ EXIT(100);
+ }
+ if (!EVP_DigestUpdate(&ctx, plaintext, pn)) {
+ fprintf(stderr, "DigestUpdate failed\n");
+ ERR_print_errors_fp(stderr);
+ EXIT(101);
+ }
+ if (!EVP_DigestFinal_ex(&ctx, md, &mdn)) {
+ fprintf(stderr, "DigestFinal failed\n");
+ ERR_print_errors_fp(stderr);
+ EXIT(101);
+ }
+ EVP_MD_CTX_cleanup(&ctx);
+
+ if (mdn != cn) {
+ fprintf(stderr, "Digest length mismatch, got %d expected %d\n", mdn,
+ cn);
+ EXIT(102);
+ }
+
+ if (memcmp(md, ciphertext, cn)) {
+ fprintf(stderr, "Digest mismatch\n");
+ hexdump(stderr, "Got", md, cn);
+ hexdump(stderr, "Expected", ciphertext, cn);
+ EXIT(103);
+ }
+
+ printf("\n");
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ return 1;
+}
+
+int main(int argc, char **argv)
+{
+ const char *szTestFile;
+ FILE *f;
+
+ if (argc != 2) {
+ fprintf(stderr, "%s <test file>\n", argv[0]);
+ EXIT(1);
+ }
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ szTestFile = argv[1];
+
+ f = fopen(szTestFile, "r");
+ if (!f) {
+ perror(szTestFile);
+ EXIT(2);
+ }
+
+ /* Load up the software EVP_CIPHER and EVP_MD definitions */
+ OpenSSL_add_all_ciphers();
+ OpenSSL_add_all_digests();
+#ifndef OPENSSL_NO_ENGINE
+ /* Load all compiled-in ENGINEs */
+ ENGINE_load_builtin_engines();
+#endif
+#if 0
+ OPENSSL_config();
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ /*
+ * Register all available ENGINE implementations of ciphers and digests.
+ * This could perhaps be changed to "ENGINE_register_all_complete()"?
+ */
+ ENGINE_register_all_ciphers();
+ ENGINE_register_all_digests();
+ /*
+ * If we add command-line options, this statement should be switchable.
+ * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use
+ * if they weren't already initialised.
+ */
+ /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
+#endif
+
+ for (;;) {
+ char line[4096];
+ char *p;
+ char *cipher;
+ unsigned char *iv, *key, *plaintext, *ciphertext;
+ int encdec;
+ int kn, in, pn, cn;
+
+ if (!fgets((char *)line, sizeof line, f))
+ break;
+ if (line[0] == '#' || line[0] == '\n')
+ continue;
+ p = line;
+ cipher = sstrsep(&p, ":");
+ key = ustrsep(&p, ":");
+ iv = ustrsep(&p, ":");
+ plaintext = ustrsep(&p, ":");
+ ciphertext = ustrsep(&p, ":");
+ if (p[-1] == '\n') {
+ p[-1] = '\0';
+ encdec = -1;
+ } else {
+ encdec = atoi(sstrsep(&p, "\n"));
+ }
+
+ kn = convert(key);
+ in = convert(iv);
+ pn = convert(plaintext);
+ cn = convert(ciphertext);
+
+ if (!test_cipher
+ (cipher, key, kn, iv, in, plaintext, pn, ciphertext, cn, encdec)
+ && !test_digest(cipher, plaintext, pn, ciphertext, cn)) {
+#ifdef OPENSSL_NO_AES
+ if (strstr(cipher, "AES") == cipher) {
+ fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
+ continue;
+ }
+#endif
+#ifdef OPENSSL_NO_DES
+ if (strstr(cipher, "DES") == cipher) {
+ fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
+ continue;
+ }
+#endif
+#ifdef OPENSSL_NO_RC4
+ if (strstr(cipher, "RC4") == cipher) {
+ fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
+ continue;
+ }
+#endif
+#ifdef OPENSSL_NO_CAMELLIA
+ if (strstr(cipher, "CAMELLIA") == cipher) {
+ fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
+ continue;
+ }
+#endif
+#ifdef OPENSSL_NO_SEED
+ if (strstr(cipher, "SEED") == cipher) {
+ fprintf(stdout, "Cipher disabled, skipping %s\n", cipher);
+ continue;
+ }
+#endif
+ fprintf(stderr, "Can't find %s\n", cipher);
+ EXIT(3);
+ }
+ }
+ fclose(f);
+
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+#endif
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+ ERR_free_strings();
+ CRYPTO_mem_leaks_fp(stderr);
+
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/m_dss.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,99 +0,0 @@
-/* crypto/evp/m_dss.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_NO_SHA
-
-static int init(EVP_MD_CTX *ctx)
- { return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return SHA1_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD dsa_md=
- {
- NID_dsaWithSHA,
- NID_dsaWithSHA,
- SHA_DIGEST_LENGTH,
- EVP_MD_FLAG_FIPS,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_DSA_method,
- SHA_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA_CTX),
- };
-
-const EVP_MD *EVP_dss(void)
- {
- return(&dsa_md);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/m_dss.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,104 @@
+/* crypto/evp/m_dss.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#ifndef OPENSSL_NO_SHA
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return SHA1_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA1_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA1_Final(md, ctx->md_data);
+}
+
+static const EVP_MD dsa_md = {
+ NID_dsaWithSHA,
+ NID_dsaWithSHA,
+ SHA_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ EVP_PKEY_DSA_method,
+ SHA_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
+
+const EVP_MD *EVP_dss(void)
+{
+ return (&dsa_md);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/m_dss1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,103 +0,0 @@
-/* crypto/evp/m_dss1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_SHA
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_FIPS
-
-static int init(EVP_MD_CTX *ctx)
- { return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return SHA1_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD dss1_md=
- {
- NID_dsa,
- NID_dsaWithSHA1,
- SHA_DIGEST_LENGTH,
- 0,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_DSA_method,
- SHA_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA_CTX),
- };
-
-const EVP_MD *EVP_dss1(void)
- {
- return(&dss1_md);
- }
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss1.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/m_dss1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_dss1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,108 @@
+/* crypto/evp/m_dss1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_SHA
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+# endif
+
+# ifndef OPENSSL_FIPS
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return SHA1_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA1_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA1_Final(md, ctx->md_data);
+}
+
+static const EVP_MD dss1_md = {
+ NID_dsa,
+ NID_dsaWithSHA1,
+ SHA_DIGEST_LENGTH,
+ 0,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ EVP_PKEY_DSA_method,
+ SHA_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
+
+const EVP_MD *EVP_dss1(void)
+{
+ return (&dss1_md);
+}
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ecdsa.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/m_ecdsa.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ecdsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,148 +0,0 @@
-/* crypto/evp/m_ecdsa.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_SHA
-static int init(EVP_MD_CTX *ctx)
- { return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return SHA1_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD ecdsa_md=
- {
- NID_ecdsa_with_SHA1,
- NID_ecdsa_with_SHA1,
- SHA_DIGEST_LENGTH,
- 0,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_ECDSA_method,
- SHA_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA_CTX),
- };
-
-const EVP_MD *EVP_ecdsa(void)
- {
- return(&ecdsa_md);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ecdsa.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/m_ecdsa.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ecdsa.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ecdsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,153 @@
+/* crypto/evp/m_ecdsa.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+#ifndef OPENSSL_NO_SHA
+static int init(EVP_MD_CTX *ctx)
+{
+ return SHA1_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA1_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA1_Final(md, ctx->md_data);
+}
+
+static const EVP_MD ecdsa_md = {
+ NID_ecdsa_with_SHA1,
+ NID_ecdsa_with_SHA1,
+ SHA_DIGEST_LENGTH,
+ 0,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ EVP_PKEY_ECDSA_method,
+ SHA_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
+
+const EVP_MD *EVP_ecdsa(void)
+{
+ return (&ecdsa_md);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/m_md2.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,102 +0,0 @@
-/* crypto/evp/m_md2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp_locl.h"
-
-#ifndef OPENSSL_NO_MD2
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/md2.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-static int init(EVP_MD_CTX *ctx)
- { return MD2_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return MD2_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return MD2_Final(md,ctx->md_data); }
-
-static const EVP_MD md2_md=
- {
- NID_md2,
- NID_md2WithRSAEncryption,
- MD2_DIGEST_LENGTH,
- 0,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- MD2_BLOCK,
- sizeof(EVP_MD *)+sizeof(MD2_CTX),
- };
-
-const EVP_MD *EVP_md2(void)
- {
- return(&md2_md);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md2.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/m_md2.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md2.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,107 @@
+/* crypto/evp/m_md2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp_locl.h"
+
+#ifndef OPENSSL_NO_MD2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md2.h>
+# ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# endif
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return MD2_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return MD2_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return MD2_Final(md, ctx->md_data);
+}
+
+static const EVP_MD md2_md = {
+ NID_md2,
+ NID_md2WithRSAEncryption,
+ MD2_DIGEST_LENGTH,
+ 0,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ MD2_BLOCK,
+ sizeof(EVP_MD *) + sizeof(MD2_CTX),
+};
+
+const EVP_MD *EVP_md2(void)
+{
+ return (&md2_md);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md4.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/m_md4.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md4.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,102 +0,0 @@
-/* crypto/evp/m_md4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp_locl.h"
-
-#ifndef OPENSSL_NO_MD4
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/md4.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-static int init(EVP_MD_CTX *ctx)
- { return MD4_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return MD4_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return MD4_Final(md,ctx->md_data); }
-
-static const EVP_MD md4_md=
- {
- NID_md4,
- NID_md4WithRSAEncryption,
- MD4_DIGEST_LENGTH,
- 0,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- MD4_CBLOCK,
- sizeof(EVP_MD *)+sizeof(MD4_CTX),
- };
-
-const EVP_MD *EVP_md4(void)
- {
- return(&md4_md);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md4.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/m_md4.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md4.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md4.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,107 @@
+/* crypto/evp/m_md4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp_locl.h"
+
+#ifndef OPENSSL_NO_MD4
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md4.h>
+# ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# endif
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return MD4_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return MD4_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return MD4_Final(md, ctx->md_data);
+}
+
+static const EVP_MD md4_md = {
+ NID_md4,
+ NID_md4WithRSAEncryption,
+ MD4_DIGEST_LENGTH,
+ 0,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ MD4_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(MD4_CTX),
+};
+
+const EVP_MD *EVP_md4(void)
+{
+ return (&md4_md);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md5.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/m_md5.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md5.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,102 +0,0 @@
-/* crypto/evp/m_md5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_MD5
-
-#include <openssl/evp.h>
-#include "evp_locl.h"
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/md5.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-static int init(EVP_MD_CTX *ctx)
- { return MD5_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return MD5_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return MD5_Final(md,ctx->md_data); }
-
-static const EVP_MD md5_md=
- {
- NID_md5,
- NID_md5WithRSAEncryption,
- MD5_DIGEST_LENGTH,
- 0,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- MD5_CBLOCK,
- sizeof(EVP_MD *)+sizeof(MD5_CTX),
- };
-
-const EVP_MD *EVP_md5(void)
- {
- return(&md5_md);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md5.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/m_md5.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md5.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_md5.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,107 @@
+/* crypto/evp/m_md5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_MD5
+
+# include <openssl/evp.h>
+# include "evp_locl.h"
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md5.h>
+# ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# endif
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return MD5_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return MD5_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return MD5_Final(md, ctx->md_data);
+}
+
+static const EVP_MD md5_md = {
+ NID_md5,
+ NID_md5WithRSAEncryption,
+ MD5_DIGEST_LENGTH,
+ 0,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ MD5_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(MD5_CTX),
+};
+
+const EVP_MD *EVP_md5(void)
+{
+ return (&md5_md);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_mdc2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/m_mdc2.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_mdc2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,100 +0,0 @@
-/* crypto/evp/m_mdc2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp_locl.h"
-
-#ifndef OPENSSL_NO_MDC2
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/mdc2.h>
-#include <openssl/rsa.h>
-
-static int init(EVP_MD_CTX *ctx)
- { return MDC2_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return MDC2_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return MDC2_Final(md,ctx->md_data); }
-
-static const EVP_MD mdc2_md=
- {
- NID_mdc2,
- NID_mdc2WithRSA,
- MDC2_DIGEST_LENGTH,
- 0,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_RSA_ASN1_OCTET_STRING_method,
- MDC2_BLOCK,
- sizeof(EVP_MD *)+sizeof(MDC2_CTX),
- };
-
-const EVP_MD *EVP_mdc2(void)
- {
- return(&mdc2_md);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_mdc2.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/m_mdc2.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/m_mdc2.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_mdc2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,105 @@
+/* crypto/evp/m_mdc2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp_locl.h"
+
+#ifndef OPENSSL_NO_MDC2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/mdc2.h>
+# include <openssl/rsa.h>
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return MDC2_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return MDC2_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return MDC2_Final(md, ctx->md_data);
+}
+
+static const EVP_MD mdc2_md = {
+ NID_mdc2,
+ NID_mdc2WithRSA,
+ MDC2_DIGEST_LENGTH,
+ 0,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_ASN1_OCTET_STRING_method,
+ MDC2_BLOCK,
+ sizeof(EVP_MD *) + sizeof(MDC2_CTX),
+};
+
+const EVP_MD *EVP_mdc2(void)
+{
+ return (&mdc2_md);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_null.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/m_null.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_null.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,95 +0,0 @@
-/* crypto/evp/m_null.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-static int init(EVP_MD_CTX *ctx)
- { return 1; }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return 1; }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return 1; }
-
-static const EVP_MD null_md=
- {
- NID_undef,
- NID_undef,
- 0,
- 0,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_NULL_method,
- 0,
- sizeof(EVP_MD *),
- };
-
-const EVP_MD *EVP_md_null(void)
- {
- return(&null_md);
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_null.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/m_null.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/m_null.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_null.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,98 @@
+/* crypto/evp/m_null.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return 1;
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return 1;
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return 1;
+}
+
+static const EVP_MD null_md = {
+ NID_undef,
+ NID_undef,
+ 0,
+ 0,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ EVP_PKEY_NULL_method,
+ 0,
+ sizeof(EVP_MD *),
+};
+
+const EVP_MD *EVP_md_null(void)
+{
+ return (&null_md);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ripemd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/m_ripemd.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ripemd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,101 +0,0 @@
-/* crypto/evp/m_ripemd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_RIPEMD
-
-#include <openssl/ripemd.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-static int init(EVP_MD_CTX *ctx)
- { return RIPEMD160_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return RIPEMD160_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return RIPEMD160_Final(md,ctx->md_data); }
-
-static const EVP_MD ripemd160_md=
- {
- NID_ripemd160,
- NID_ripemd160WithRSA,
- RIPEMD160_DIGEST_LENGTH,
- 0,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- RIPEMD160_CBLOCK,
- sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX),
- };
-
-const EVP_MD *EVP_ripemd160(void)
- {
- return(&ripemd160_md);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ripemd.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/m_ripemd.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ripemd.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_ripemd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,106 @@
+/* crypto/evp/m_ripemd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_RIPEMD
+
+# include <openssl/ripemd.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# endif
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return RIPEMD160_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return RIPEMD160_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return RIPEMD160_Final(md, ctx->md_data);
+}
+
+static const EVP_MD ripemd160_md = {
+ NID_ripemd160,
+ NID_ripemd160WithRSA,
+ RIPEMD160_DIGEST_LENGTH,
+ 0,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ RIPEMD160_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX),
+};
+
+const EVP_MD *EVP_ripemd160(void)
+{
+ return (&ripemd160_md);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/m_sha.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,101 +0,0 @@
-/* crypto/evp/m_sha.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp_locl.h"
-
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-static int init(EVP_MD_CTX *ctx)
- { return SHA_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return SHA_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return SHA_Final(md,ctx->md_data); }
-
-static const EVP_MD sha_md=
- {
- NID_sha,
- NID_shaWithRSAEncryption,
- SHA_DIGEST_LENGTH,
- 0,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- SHA_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA_CTX),
- };
-
-const EVP_MD *EVP_sha(void)
- {
- return(&sha_md);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/m_sha.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,106 @@
+/* crypto/evp/m_sha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "evp_locl.h"
+
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# endif
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return SHA_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA_Final(md, ctx->md_data);
+}
+
+static const EVP_MD sha_md = {
+ NID_sha,
+ NID_shaWithRSAEncryption,
+ SHA_DIGEST_LENGTH,
+ 0,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
+
+const EVP_MD *EVP_sha(void)
+{
+ return (&sha_md);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/m_sha1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,209 +0,0 @@
-/* crypto/evp/m_sha1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_SHA
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-
-#ifndef OPENSSL_FIPS
-
-static int init(EVP_MD_CTX *ctx)
- { return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return SHA1_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD sha1_md=
- {
- NID_sha1,
- NID_sha1WithRSAEncryption,
- SHA_DIGEST_LENGTH,
- 0,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- SHA_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA_CTX),
- };
-
-const EVP_MD *EVP_sha1(void)
- {
- return(&sha1_md);
- }
-
-#ifndef OPENSSL_NO_SHA256
-static int init224(EVP_MD_CTX *ctx)
- { return SHA224_Init(ctx->md_data); }
-static int init256(EVP_MD_CTX *ctx)
- { return SHA256_Init(ctx->md_data); }
-/*
- * Even though there're separate SHA224_[Update|Final], we call
- * SHA256 functions even in SHA224 context. This is what happens
- * there anyway, so we can spare few CPU cycles:-)
- */
-static int update256(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return SHA256_Update(ctx->md_data,data,count); }
-static int final256(EVP_MD_CTX *ctx,unsigned char *md)
- { return SHA256_Final(md,ctx->md_data); }
-
-static const EVP_MD sha224_md=
- {
- NID_sha224,
- NID_sha224WithRSAEncryption,
- SHA224_DIGEST_LENGTH,
- 0,
- init224,
- update256,
- final256,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- SHA256_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA256_CTX),
- };
-
-const EVP_MD *EVP_sha224(void)
- { return(&sha224_md); }
-
-static const EVP_MD sha256_md=
- {
- NID_sha256,
- NID_sha256WithRSAEncryption,
- SHA256_DIGEST_LENGTH,
- 0,
- init256,
- update256,
- final256,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- SHA256_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA256_CTX),
- };
-
-const EVP_MD *EVP_sha256(void)
- { return(&sha256_md); }
-#endif /* ifndef OPENSSL_NO_SHA256 */
-
-#ifndef OPENSSL_NO_SHA512
-static int init384(EVP_MD_CTX *ctx)
- { return SHA384_Init(ctx->md_data); }
-static int init512(EVP_MD_CTX *ctx)
- { return SHA512_Init(ctx->md_data); }
-/* See comment in SHA224/256 section */
-static int update512(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return SHA512_Update(ctx->md_data,data,count); }
-static int final512(EVP_MD_CTX *ctx,unsigned char *md)
- { return SHA512_Final(md,ctx->md_data); }
-
-static const EVP_MD sha384_md=
- {
- NID_sha384,
- NID_sha384WithRSAEncryption,
- SHA384_DIGEST_LENGTH,
- 0,
- init384,
- update512,
- final512,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- SHA512_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA512_CTX),
- };
-
-const EVP_MD *EVP_sha384(void)
- { return(&sha384_md); }
-
-static const EVP_MD sha512_md=
- {
- NID_sha512,
- NID_sha512WithRSAEncryption,
- SHA512_DIGEST_LENGTH,
- 0,
- init512,
- update512,
- final512,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- SHA512_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA512_CTX),
- };
-
-const EVP_MD *EVP_sha512(void)
- { return(&sha512_md); }
-#endif /* ifndef OPENSSL_NO_SHA512 */
-
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha1.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/m_sha1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/m_sha1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,240 @@
+/* crypto/evp/m_sha1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_SHA
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# endif
+
+# ifndef OPENSSL_FIPS
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return SHA1_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA1_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA1_Final(md, ctx->md_data);
+}
+
+static const EVP_MD sha1_md = {
+ NID_sha1,
+ NID_sha1WithRSAEncryption,
+ SHA_DIGEST_LENGTH,
+ 0,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
+
+const EVP_MD *EVP_sha1(void)
+{
+ return (&sha1_md);
+}
+
+# ifndef OPENSSL_NO_SHA256
+static int init224(EVP_MD_CTX *ctx)
+{
+ return SHA224_Init(ctx->md_data);
+}
+
+static int init256(EVP_MD_CTX *ctx)
+{
+ return SHA256_Init(ctx->md_data);
+}
+
+/*
+ * Even though there're separate SHA224_[Update|Final], we call
+ * SHA256 functions even in SHA224 context. This is what happens
+ * there anyway, so we can spare few CPU cycles:-)
+ */
+static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA256_Update(ctx->md_data, data, count);
+}
+
+static int final256(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA256_Final(md, ctx->md_data);
+}
+
+static const EVP_MD sha224_md = {
+ NID_sha224,
+ NID_sha224WithRSAEncryption,
+ SHA224_DIGEST_LENGTH,
+ 0,
+ init224,
+ update256,
+ final256,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
+
+const EVP_MD *EVP_sha224(void)
+{
+ return (&sha224_md);
+}
+
+static const EVP_MD sha256_md = {
+ NID_sha256,
+ NID_sha256WithRSAEncryption,
+ SHA256_DIGEST_LENGTH,
+ 0,
+ init256,
+ update256,
+ final256,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
+
+const EVP_MD *EVP_sha256(void)
+{
+ return (&sha256_md);
+}
+# endif /* ifndef OPENSSL_NO_SHA256 */
+
+# ifndef OPENSSL_NO_SHA512
+static int init384(EVP_MD_CTX *ctx)
+{
+ return SHA384_Init(ctx->md_data);
+}
+
+static int init512(EVP_MD_CTX *ctx)
+{
+ return SHA512_Init(ctx->md_data);
+}
+
+/* See comment in SHA224/256 section */
+static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA512_Update(ctx->md_data, data, count);
+}
+
+static int final512(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA512_Final(md, ctx->md_data);
+}
+
+static const EVP_MD sha384_md = {
+ NID_sha384,
+ NID_sha384WithRSAEncryption,
+ SHA384_DIGEST_LENGTH,
+ 0,
+ init384,
+ update512,
+ final512,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha384(void)
+{
+ return (&sha384_md);
+}
+
+static const EVP_MD sha512_md = {
+ NID_sha512,
+ NID_sha512WithRSAEncryption,
+ SHA512_DIGEST_LENGTH,
+ 0,
+ init512,
+ update512,
+ final512,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512(void)
+{
+ return (&sha512_md);
+}
+# endif /* ifndef OPENSSL_NO_SHA512 */
+
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/names.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/names.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/names.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,130 +0,0 @@
-/* crypto/evp/names.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_add_cipher(const EVP_CIPHER *c)
- {
- int r;
-
-#ifdef OPENSSL_FIPS
- OPENSSL_init();
-#endif
-
- r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
- if (r == 0) return(0);
- r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
- return(r);
- }
-
-int EVP_add_digest(const EVP_MD *md)
- {
- int r;
- const char *name;
-
-#ifdef OPENSSL_FIPS
- OPENSSL_init();
-#endif
- name=OBJ_nid2sn(md->type);
- r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
- if (r == 0) return(0);
- r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md);
- if (r == 0) return(0);
-
- if (md->pkey_type && md->type != md->pkey_type)
- {
- r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
- OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
- if (r == 0) return(0);
- r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
- OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
- }
- return(r);
- }
-
-const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
- {
- const EVP_CIPHER *cp;
-
- cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH);
- return(cp);
- }
-
-const EVP_MD *EVP_get_digestbyname(const char *name)
- {
- const EVP_MD *cp;
-
- cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH);
- return(cp);
- }
-
-void EVP_cleanup(void)
- {
- OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
- OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
- /* The above calls will only clean out the contents of the name
- hash table, but not the hash table itself. The following line
- does that part. -- Richard Levitte */
- OBJ_NAME_cleanup(-1);
-
- EVP_PBE_cleanup();
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/names.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/names.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/names.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/names.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,138 @@
+/* crypto/evp/names.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_add_cipher(const EVP_CIPHER *c)
+{
+ int r;
+
+#ifdef OPENSSL_FIPS
+ OPENSSL_init();
+#endif
+
+ r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
+ (const char *)c);
+ if (r == 0)
+ return (0);
+ r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
+ (const char *)c);
+ return (r);
+}
+
+int EVP_add_digest(const EVP_MD *md)
+{
+ int r;
+ const char *name;
+
+#ifdef OPENSSL_FIPS
+ OPENSSL_init();
+#endif
+ name = OBJ_nid2sn(md->type);
+ r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md);
+ if (r == 0)
+ return (0);
+ r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH,
+ (const char *)md);
+ if (r == 0)
+ return (0);
+
+ if (md->pkey_type && md->type != md->pkey_type) {
+ r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
+ OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
+ if (r == 0)
+ return (0);
+ r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
+ OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
+ }
+ return (r);
+}
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
+{
+ const EVP_CIPHER *cp;
+
+ cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
+ return (cp);
+}
+
+const EVP_MD *EVP_get_digestbyname(const char *name)
+{
+ const EVP_MD *cp;
+
+ cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
+ return (cp);
+}
+
+void EVP_cleanup(void)
+{
+ OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
+ OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
+ /*
+ * The above calls will only clean out the contents of the name hash
+ * table, but not the hash table itself. The following line does that
+ * part. -- Richard Levitte
+ */
+ OBJ_NAME_cleanup(-1);
+
+ EVP_PBE_cleanup();
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/openbsd_hw.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/openbsd_hw.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/openbsd_hw.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,446 +0,0 @@
-/* Written by Ben Laurie, 2001 */
-/*
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/rsa.h>
-#include "evp_locl.h"
-
-/* This stuff should now all be supported through
- * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up */
-static void *dummy=&dummy;
-
-#if 0
-
-/* check flag after OpenSSL headers to ensure make depend works */
-#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
-
-#include <fcntl.h>
-#include <stdio.h>
-#include <errno.h>
-#include <sys/ioctl.h>
-#include <crypto/cryptodev.h>
-#include <unistd.h>
-#include <assert.h>
-
-/* longest key supported in hardware */
-#define MAX_HW_KEY 24
-#define MAX_HW_IV 8
-
-#define MD5_DIGEST_LENGTH 16
-#define MD5_CBLOCK 64
-
-static int fd;
-static int dev_failed;
-
-typedef struct session_op session_op;
-
-#define CDATA(ctx) EVP_C_DATA(session_op,ctx)
-
-static void err(const char *str)
- {
- fprintf(stderr,"%s: errno %d\n",str,errno);
- }
-
-static int dev_crypto_init(session_op *ses)
- {
- if(dev_failed)
- return 0;
- if(!fd)
- {
- int cryptodev_fd;
-
- if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
- {
- err("/dev/crypto");
- dev_failed=1;
- return 0;
- }
- if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
- {
- err("CRIOGET failed");
- close(cryptodev_fd);
- dev_failed=1;
- return 0;
- }
- close(cryptodev_fd);
- }
- assert(ses);
- memset(ses,'\0',sizeof *ses);
-
- return 1;
- }
-
-static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
- {
- if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1)
- err("CIOCFSESSION failed");
-
- OPENSSL_free(CDATA(ctx)->key);
-
- return 1;
- }
-
-static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,
- const unsigned char *key,int klen)
- {
- if(!dev_crypto_init(CDATA(ctx)))
- return 0;
-
- CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY);
-
- assert(ctx->cipher->iv_len <= MAX_HW_IV);
-
- memcpy(CDATA(ctx)->key,key,klen);
-
- CDATA(ctx)->cipher=cipher;
- CDATA(ctx)->keylen=klen;
-
- if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1)
- {
- err("CIOCGSESSION failed");
- return 0;
- }
- return 1;
- }
-
-static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
- const unsigned char *in,unsigned int inl)
- {
- struct crypt_op cryp;
- unsigned char lb[MAX_HW_IV];
-
- if(!inl)
- return 1;
-
- assert(CDATA(ctx));
- assert(!dev_failed);
-
- memset(&cryp,'\0',sizeof cryp);
- cryp.ses=CDATA(ctx)->ses;
- cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
- cryp.flags=0;
- cryp.len=inl;
- assert((inl&(ctx->cipher->block_size-1)) == 0);
- cryp.src=(caddr_t)in;
- cryp.dst=(caddr_t)out;
- cryp.mac=0;
- if(ctx->cipher->iv_len)
- cryp.iv=(caddr_t)ctx->iv;
-
- if(!ctx->encrypt)
- memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
-
- if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
- {
- if(errno == EINVAL) /* buffers are misaligned */
- {
- unsigned int cinl=0;
- char *cin=NULL;
- char *cout=NULL;
-
- /* NB: this can only make cinl != inl with stream ciphers */
- cinl=(inl+3)/4*4;
-
- if(((unsigned long)in&3) || cinl != inl)
- {
- cin=OPENSSL_malloc(cinl);
- memcpy(cin,in,inl);
- cryp.src=cin;
- }
-
- if(((unsigned long)out&3) || cinl != inl)
- {
- cout=OPENSSL_malloc(cinl);
- cryp.dst=cout;
- }
-
- cryp.len=cinl;
-
- if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
- {
- err("CIOCCRYPT(2) failed");
- printf("src=%p dst=%p\n",cryp.src,cryp.dst);
- abort();
- return 0;
- }
-
- if(cout)
- {
- memcpy(out,cout,inl);
- OPENSSL_free(cout);
- }
- if(cin)
- OPENSSL_free(cin);
- }
- else
- {
- err("CIOCCRYPT failed");
- abort();
- return 0;
- }
- }
-
- if(ctx->encrypt)
- memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
- else
- memcpy(ctx->iv,lb,ctx->cipher->iv_len);
-
- return 1;
- }
-
-static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
- const unsigned char *key,
- const unsigned char *iv, int enc)
- { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }
-
-#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
-
-BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
- 0, dev_crypto_des_ede3_init_key,
- dev_crypto_cleanup,
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL)
-
-static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
- const unsigned char *key,
- const unsigned char *iv, int enc)
- { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }
-
-static const EVP_CIPHER r4_cipher=
- {
- NID_rc4,
- 1,16,0, /* FIXME: key should be up to 256 bytes */
- EVP_CIPH_VARIABLE_LENGTH,
- dev_crypto_rc4_init_key,
- dev_crypto_cipher,
- dev_crypto_cleanup,
- sizeof(session_op),
- NULL,
- NULL,
- NULL
- };
-
-const EVP_CIPHER *EVP_dev_crypto_rc4(void)
- { return &r4_cipher; }
-
-typedef struct
- {
- session_op sess;
- char *data;
- int len;
- unsigned char md[EVP_MAX_MD_SIZE];
- } MD_DATA;
-
-static int dev_crypto_init_digest(MD_DATA *md_data,int mac)
- {
- if(!dev_crypto_init(&md_data->sess))
- return 0;
-
- md_data->len=0;
- md_data->data=NULL;
-
- md_data->sess.mac=mac;
-
- if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1)
- {
- err("CIOCGSESSION failed");
- return 0;
- }
- return 1;
- }
-
-static int dev_crypto_cleanup_digest(MD_DATA *md_data)
- {
- if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1)
- {
- err("CIOCFSESSION failed");
- return 0;
- }
-
- return 1;
- }
-
-/* FIXME: if device can do chained MACs, then don't accumulate */
-/* FIXME: move accumulation to the framework */
-static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
- { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); }
-
-static int do_digest(int ses,unsigned char *md,const void *data,int len)
- {
- struct crypt_op cryp;
- static unsigned char md5zero[16]=
- {
- 0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,
- 0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e
- };
-
- /* some cards can't do zero length */
- if(!len)
- {
- memcpy(md,md5zero,16);
- return 1;
- }
-
- memset(&cryp,'\0',sizeof cryp);
- cryp.ses=ses;
- cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
- cryp.len=len;
- cryp.src=(caddr_t)data;
- cryp.dst=(caddr_t)data; // FIXME!!!
- cryp.mac=(caddr_t)md;
-
- if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
- {
- if(errno == EINVAL) /* buffer is misaligned */
- {
- char *dcopy;
-
- dcopy=OPENSSL_malloc(len);
- memcpy(dcopy,data,len);
- cryp.src=dcopy;
- cryp.dst=cryp.src; // FIXME!!!
-
- if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
- {
- err("CIOCCRYPT(MAC2) failed");
- abort();
- return 0;
- }
- OPENSSL_free(dcopy);
- }
- else
- {
- err("CIOCCRYPT(MAC) failed");
- abort();
- return 0;
- }
- }
- // printf("done\n");
-
- return 1;
- }
-
-static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data,
- unsigned long len)
- {
- MD_DATA *md_data=ctx->md_data;
-
- if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
- return do_digest(md_data->sess.ses,md_data->md,data,len);
-
- md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len);
- memcpy(md_data->data+md_data->len,data,len);
- md_data->len+=len;
-
- return 1;
- }
-
-static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
- {
- int ret;
- MD_DATA *md_data=ctx->md_data;
-
- if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
- {
- memcpy(md,md_data->md,MD5_DIGEST_LENGTH);
- ret=1;
- }
- else
- {
- ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len);
- OPENSSL_free(md_data->data);
- md_data->data=NULL;
- md_data->len=0;
- }
-
- return ret;
- }
-
-static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
- {
- const MD_DATA *from_md=from->md_data;
- MD_DATA *to_md=to->md_data;
-
- // How do we copy sessions?
- assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
-
- to_md->data=OPENSSL_malloc(from_md->len);
- memcpy(to_md->data,from_md->data,from_md->len);
-
- return 1;
- }
-
-static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
- {
- return dev_crypto_cleanup_digest(ctx->md_data);
- }
-
-static const EVP_MD md5_md=
- {
- NID_md5,
- NID_md5WithRSAEncryption,
- MD5_DIGEST_LENGTH,
- EVP_MD_FLAG_ONESHOT, // XXX: set according to device info...
- dev_crypto_md5_init,
- dev_crypto_md5_update,
- dev_crypto_md5_final,
- dev_crypto_md5_copy,
- dev_crypto_md5_cleanup,
- EVP_PKEY_RSA_method,
- MD5_CBLOCK,
- sizeof(MD_DATA),
- };
-
-const EVP_MD *EVP_dev_crypto_md5(void)
- { return &md5_md; }
-
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/openbsd_hw.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/openbsd_hw.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/openbsd_hw.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/openbsd_hw.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,431 @@
+/* Written by Ben Laurie, 2001 */
+/*
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/rsa.h>
+#include "evp_locl.h"
+
+/*
+ * This stuff should now all be supported through
+ * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up
+ */
+static void *dummy = &dummy;
+
+#if 0
+
+/* check flag after OpenSSL headers to ensure make depend works */
+# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+
+# include <fcntl.h>
+# include <stdio.h>
+# include <errno.h>
+# include <sys/ioctl.h>
+# include <crypto/cryptodev.h>
+# include <unistd.h>
+# include <assert.h>
+
+/* longest key supported in hardware */
+# define MAX_HW_KEY 24
+# define MAX_HW_IV 8
+
+# define MD5_DIGEST_LENGTH 16
+# define MD5_CBLOCK 64
+
+static int fd;
+static int dev_failed;
+
+typedef struct session_op session_op;
+
+# define CDATA(ctx) EVP_C_DATA(session_op,ctx)
+
+static void err(const char *str)
+{
+ fprintf(stderr, "%s: errno %d\n", str, errno);
+}
+
+static int dev_crypto_init(session_op *ses)
+{
+ if (dev_failed)
+ return 0;
+ if (!fd) {
+ int cryptodev_fd;
+
+ if ((cryptodev_fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+ err("/dev/crypto");
+ dev_failed = 1;
+ return 0;
+ }
+ if (ioctl(cryptodev_fd, CRIOGET, &fd) == -1) {
+ err("CRIOGET failed");
+ close(cryptodev_fd);
+ dev_failed = 1;
+ return 0;
+ }
+ close(cryptodev_fd);
+ }
+ assert(ses);
+ memset(ses, '\0', sizeof *ses);
+
+ return 1;
+}
+
+static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
+{
+ if (ioctl(fd, CIOCFSESSION, &CDATA(ctx)->ses) == -1)
+ err("CIOCFSESSION failed");
+
+ OPENSSL_free(CDATA(ctx)->key);
+
+ return 1;
+}
+
+static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx, int cipher,
+ const unsigned char *key, int klen)
+{
+ if (!dev_crypto_init(CDATA(ctx)))
+ return 0;
+
+ CDATA(ctx)->key = OPENSSL_malloc(MAX_HW_KEY);
+
+ assert(ctx->cipher->iv_len <= MAX_HW_IV);
+
+ memcpy(CDATA(ctx)->key, key, klen);
+
+ CDATA(ctx)->cipher = cipher;
+ CDATA(ctx)->keylen = klen;
+
+ if (ioctl(fd, CIOCGSESSION, CDATA(ctx)) == -1) {
+ err("CIOCGSESSION failed");
+ return 0;
+ }
+ return 1;
+}
+
+static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ struct crypt_op cryp;
+ unsigned char lb[MAX_HW_IV];
+
+ if (!inl)
+ return 1;
+
+ assert(CDATA(ctx));
+ assert(!dev_failed);
+
+ memset(&cryp, '\0', sizeof cryp);
+ cryp.ses = CDATA(ctx)->ses;
+ cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+ cryp.flags = 0;
+ cryp.len = inl;
+ assert((inl & (ctx->cipher->block_size - 1)) == 0);
+ cryp.src = (caddr_t) in;
+ cryp.dst = (caddr_t) out;
+ cryp.mac = 0;
+ if (ctx->cipher->iv_len)
+ cryp.iv = (caddr_t) ctx->iv;
+
+ if (!ctx->encrypt)
+ memcpy(lb, &in[cryp.len - ctx->cipher->iv_len], ctx->cipher->iv_len);
+
+ if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
+ if (errno == EINVAL) { /* buffers are misaligned */
+ unsigned int cinl = 0;
+ char *cin = NULL;
+ char *cout = NULL;
+
+ /* NB: this can only make cinl != inl with stream ciphers */
+ cinl = (inl + 3) / 4 * 4;
+
+ if (((unsigned long)in & 3) || cinl != inl) {
+ cin = OPENSSL_malloc(cinl);
+ memcpy(cin, in, inl);
+ cryp.src = cin;
+ }
+
+ if (((unsigned long)out & 3) || cinl != inl) {
+ cout = OPENSSL_malloc(cinl);
+ cryp.dst = cout;
+ }
+
+ cryp.len = cinl;
+
+ if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
+ err("CIOCCRYPT(2) failed");
+ printf("src=%p dst=%p\n", cryp.src, cryp.dst);
+ abort();
+ return 0;
+ }
+
+ if (cout) {
+ memcpy(out, cout, inl);
+ OPENSSL_free(cout);
+ }
+ if (cin)
+ OPENSSL_free(cin);
+ } else {
+ err("CIOCCRYPT failed");
+ abort();
+ return 0;
+ }
+ }
+
+ if (ctx->encrypt)
+ memcpy(ctx->iv, &out[cryp.len - ctx->cipher->iv_len],
+ ctx->cipher->iv_len);
+ else
+ memcpy(ctx->iv, lb, ctx->cipher->iv_len);
+
+ return 1;
+}
+
+static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ return dev_crypto_init_key(ctx, CRYPTO_3DES_CBC, key, 24);
+}
+
+# define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
+
+BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
+ 0, dev_crypto_des_ede3_init_key,
+ dev_crypto_cleanup,
+ EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ return dev_crypto_init_key(ctx, CRYPTO_ARC4, key, 16);
+}
+
+static const EVP_CIPHER r4_cipher = {
+ NID_rc4,
+ 1, 16, 0, /* FIXME: key should be up to 256 bytes */
+ EVP_CIPH_VARIABLE_LENGTH,
+ dev_crypto_rc4_init_key,
+ dev_crypto_cipher,
+ dev_crypto_cleanup,
+ sizeof(session_op),
+ NULL,
+ NULL,
+ NULL
+};
+
+const EVP_CIPHER *EVP_dev_crypto_rc4(void)
+{
+ return &r4_cipher;
+}
+
+typedef struct {
+ session_op sess;
+ char *data;
+ int len;
+ unsigned char md[EVP_MAX_MD_SIZE];
+} MD_DATA;
+
+static int dev_crypto_init_digest(MD_DATA *md_data, int mac)
+{
+ if (!dev_crypto_init(&md_data->sess))
+ return 0;
+
+ md_data->len = 0;
+ md_data->data = NULL;
+
+ md_data->sess.mac = mac;
+
+ if (ioctl(fd, CIOCGSESSION, &md_data->sess) == -1) {
+ err("CIOCGSESSION failed");
+ return 0;
+ }
+ return 1;
+}
+
+static int dev_crypto_cleanup_digest(MD_DATA *md_data)
+{
+ if (ioctl(fd, CIOCFSESSION, &md_data->sess.ses) == -1) {
+ err("CIOCFSESSION failed");
+ return 0;
+ }
+
+ return 1;
+}
+
+/* FIXME: if device can do chained MACs, then don't accumulate */
+/* FIXME: move accumulation to the framework */
+static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
+{
+ return dev_crypto_init_digest(ctx->md_data, CRYPTO_MD5);
+}
+
+static int do_digest(int ses, unsigned char *md, const void *data, int len)
+{
+ struct crypt_op cryp;
+ static unsigned char md5zero[16] = {
+ 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04,
+ 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e
+ };
+
+ /* some cards can't do zero length */
+ if (!len) {
+ memcpy(md, md5zero, 16);
+ return 1;
+ }
+
+ memset(&cryp, '\0', sizeof cryp);
+ cryp.ses = ses;
+ cryp.op = COP_ENCRYPT; /* required to do the MAC rather than check
+ * it */
+ cryp.len = len;
+ cryp.src = (caddr_t) data;
+ cryp.dst = (caddr_t) data; // FIXME!!!
+ cryp.mac = (caddr_t) md;
+
+ if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
+ if (errno == EINVAL) { /* buffer is misaligned */
+ char *dcopy;
+
+ dcopy = OPENSSL_malloc(len);
+ memcpy(dcopy, data, len);
+ cryp.src = dcopy;
+ cryp.dst = cryp.src; // FIXME!!!
+
+ if (ioctl(fd, CIOCCRYPT, &cryp) == -1) {
+ err("CIOCCRYPT(MAC2) failed");
+ abort();
+ return 0;
+ }
+ OPENSSL_free(dcopy);
+ } else {
+ err("CIOCCRYPT(MAC) failed");
+ abort();
+ return 0;
+ }
+ }
+ // printf("done\n");
+
+ return 1;
+}
+
+static int dev_crypto_md5_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long len)
+{
+ MD_DATA *md_data = ctx->md_data;
+
+ if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)
+ return do_digest(md_data->sess.ses, md_data->md, data, len);
+
+ md_data->data = OPENSSL_realloc(md_data->data, md_data->len + len);
+ memcpy(md_data->data + md_data->len, data, len);
+ md_data->len += len;
+
+ return 1;
+}
+
+static int dev_crypto_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ int ret;
+ MD_DATA *md_data = ctx->md_data;
+
+ if (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) {
+ memcpy(md, md_data->md, MD5_DIGEST_LENGTH);
+ ret = 1;
+ } else {
+ ret = do_digest(md_data->sess.ses, md, md_data->data, md_data->len);
+ OPENSSL_free(md_data->data);
+ md_data->data = NULL;
+ md_data->len = 0;
+ }
+
+ return ret;
+}
+
+static int dev_crypto_md5_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+{
+ const MD_DATA *from_md = from->md_data;
+ MD_DATA *to_md = to->md_data;
+
+ // How do we copy sessions?
+ assert(from->digest->flags & EVP_MD_FLAG_ONESHOT);
+
+ to_md->data = OPENSSL_malloc(from_md->len);
+ memcpy(to_md->data, from_md->data, from_md->len);
+
+ return 1;
+}
+
+static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
+{
+ return dev_crypto_cleanup_digest(ctx->md_data);
+}
+
+static const EVP_MD md5_md = {
+ NID_md5,
+ NID_md5WithRSAEncryption,
+ MD5_DIGEST_LENGTH,
+ EVP_MD_FLAG_ONESHOT, // XXX: set according to device info...
+ dev_crypto_md5_init,
+ dev_crypto_md5_update,
+ dev_crypto_md5_final,
+ dev_crypto_md5_copy,
+ dev_crypto_md5_cleanup,
+ EVP_PKEY_RSA_method,
+ MD5_CBLOCK,
+ sizeof(MD_DATA),
+};
+
+const EVP_MD *EVP_dev_crypto_md5(void)
+{
+ return &md5_md;
+}
+
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/p5_crpt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,159 +0,0 @@
-/* p5_crpt.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-
-/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
- */
-
-void PKCS5_PBE_add(void)
-{
-#ifndef OPENSSL_NO_DES
-# ifndef OPENSSL_NO_MD5
-EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
- PKCS5_PBE_keyivgen);
-# endif
-# ifndef OPENSSL_NO_MD2
-EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
- PKCS5_PBE_keyivgen);
-# endif
-# ifndef OPENSSL_NO_SHA
-EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
- PKCS5_PBE_keyivgen);
-# endif
-#endif
-#ifndef OPENSSL_NO_RC2
-# ifndef OPENSSL_NO_MD5
-EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
- PKCS5_PBE_keyivgen);
-# endif
-# ifndef OPENSSL_NO_MD2
-EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
- PKCS5_PBE_keyivgen);
-# endif
-# ifndef OPENSSL_NO_SHA
-EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
- PKCS5_PBE_keyivgen);
-# endif
-#endif
-#ifndef OPENSSL_NO_HMAC
-EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
-#endif
-}
-
-int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
- int en_de)
-{
- EVP_MD_CTX ctx;
- unsigned char md_tmp[EVP_MAX_MD_SIZE];
- unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
- int i;
- PBEPARAM *pbe;
- int saltlen, iter;
- unsigned char *salt;
- const unsigned char *pbuf;
-
- /* Extract useful info from parameter */
- if (param == NULL || param->type != V_ASN1_SEQUENCE ||
- param->value.sequence == NULL) {
- EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
- return 0;
- }
-
- pbuf = param->value.sequence->data;
- if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
- EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
- return 0;
- }
-
- if (!pbe->iter) iter = 1;
- else iter = ASN1_INTEGER_get (pbe->iter);
- salt = pbe->salt->data;
- saltlen = pbe->salt->length;
-
- if(!pass) passlen = 0;
- else if(passlen == -1) passlen = strlen(pass);
-
- EVP_MD_CTX_init(&ctx);
- EVP_DigestInit_ex(&ctx, md, NULL);
- EVP_DigestUpdate(&ctx, pass, passlen);
- EVP_DigestUpdate(&ctx, salt, saltlen);
- PBEPARAM_free(pbe);
- EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
- for (i = 1; i < iter; i++) {
- EVP_DigestInit_ex(&ctx, md, NULL);
- EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
- EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
- }
- EVP_MD_CTX_cleanup(&ctx);
- OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
- memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
- OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
- memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
- EVP_CIPHER_iv_length(cipher));
- EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
- OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
- OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
- OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
- return 1;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/p5_crpt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,165 @@
+/* p5_crpt.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+
+/*
+ * PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
+ */
+
+void PKCS5_PBE_add(void)
+{
+#ifndef OPENSSL_NO_DES
+# ifndef OPENSSL_NO_MD5
+ EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
+ PKCS5_PBE_keyivgen);
+# endif
+# ifndef OPENSSL_NO_MD2
+ EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
+ PKCS5_PBE_keyivgen);
+# endif
+# ifndef OPENSSL_NO_SHA
+ EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
+ PKCS5_PBE_keyivgen);
+# endif
+#endif
+#ifndef OPENSSL_NO_RC2
+# ifndef OPENSSL_NO_MD5
+ EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
+ PKCS5_PBE_keyivgen);
+# endif
+# ifndef OPENSSL_NO_MD2
+ EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
+ PKCS5_PBE_keyivgen);
+# endif
+# ifndef OPENSSL_NO_SHA
+ EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
+ PKCS5_PBE_keyivgen);
+# endif
+#endif
+#ifndef OPENSSL_NO_HMAC
+ EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
+#endif
+}
+
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+ ASN1_TYPE *param, const EVP_CIPHER *cipher,
+ const EVP_MD *md, int en_de)
+{
+ EVP_MD_CTX ctx;
+ unsigned char md_tmp[EVP_MAX_MD_SIZE];
+ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+ int i;
+ PBEPARAM *pbe;
+ int saltlen, iter;
+ unsigned char *salt;
+ const unsigned char *pbuf;
+
+ /* Extract useful info from parameter */
+ if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+ param->value.sequence == NULL) {
+ EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+ return 0;
+ }
+
+ pbuf = param->value.sequence->data;
+ if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
+ EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+ return 0;
+ }
+
+ if (!pbe->iter)
+ iter = 1;
+ else
+ iter = ASN1_INTEGER_get(pbe->iter);
+ salt = pbe->salt->data;
+ saltlen = pbe->salt->length;
+
+ if (!pass)
+ passlen = 0;
+ else if (passlen == -1)
+ passlen = strlen(pass);
+
+ EVP_MD_CTX_init(&ctx);
+ EVP_DigestInit_ex(&ctx, md, NULL);
+ EVP_DigestUpdate(&ctx, pass, passlen);
+ EVP_DigestUpdate(&ctx, salt, saltlen);
+ PBEPARAM_free(pbe);
+ EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+ for (i = 1; i < iter; i++) {
+ EVP_DigestInit_ex(&ctx, md, NULL);
+ EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
+ EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+ }
+ EVP_MD_CTX_cleanup(&ctx);
+ OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
+ memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
+ OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
+ memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+ EVP_CIPHER_iv_length(cipher));
+ EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
+ OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+ OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/p5_crpt2.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,263 +0,0 @@
-/* p5_crpt2.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-
-/* set this to print out info about the keygen algorithm */
-/* #define DEBUG_PKCS5V2 */
-
-#ifdef DEBUG_PKCS5V2
- static void h__dump (const unsigned char *p, int len);
-#endif
-
-/* This is an implementation of PKCS#5 v2.0 password based encryption key
- * derivation function PBKDF2 using the only currently defined function HMAC
- * with SHA1. Verified against test vectors posted by Peter Gutmann
- * <pgut001 at cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng at rsa.com> mailing list.
- */
-
-int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
- const unsigned char *salt, int saltlen, int iter,
- int keylen, unsigned char *out)
-{
- unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
- int cplen, j, k, tkeylen;
- unsigned long i = 1;
- HMAC_CTX hctx;
-
- HMAC_CTX_init(&hctx);
- p = out;
- tkeylen = keylen;
- if(!pass) passlen = 0;
- else if(passlen == -1) passlen = strlen(pass);
- while(tkeylen) {
- if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
- else cplen = tkeylen;
- /* We are unlikely to ever use more than 256 blocks (5120 bits!)
- * but just in case...
- */
- itmp[0] = (unsigned char)((i >> 24) & 0xff);
- itmp[1] = (unsigned char)((i >> 16) & 0xff);
- itmp[2] = (unsigned char)((i >> 8) & 0xff);
- itmp[3] = (unsigned char)(i & 0xff);
- HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);
- HMAC_Update(&hctx, salt, saltlen);
- HMAC_Update(&hctx, itmp, 4);
- HMAC_Final(&hctx, digtmp, NULL);
- memcpy(p, digtmp, cplen);
- for(j = 1; j < iter; j++) {
- HMAC(EVP_sha1(), pass, passlen,
- digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
- for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];
- }
- tkeylen-= cplen;
- i++;
- p+= cplen;
- }
- HMAC_CTX_cleanup(&hctx);
-#ifdef DEBUG_PKCS5V2
- fprintf(stderr, "Password:\n");
- h__dump (pass, passlen);
- fprintf(stderr, "Salt:\n");
- h__dump (salt, saltlen);
- fprintf(stderr, "Iteration count %d\n", iter);
- fprintf(stderr, "Key:\n");
- h__dump (out, keylen);
-#endif
- return 1;
-}
-
-#ifdef DO_TEST
-main()
-{
- unsigned char out[4];
- unsigned char salt[] = {0x12, 0x34, 0x56, 0x78};
- PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
- fprintf(stderr, "Out %02X %02X %02X %02X\n",
- out[0], out[1], out[2], out[3]);
-}
-
-#endif
-
-/* Now the key derivation function itself. This is a bit evil because
- * it has to check the ASN1 parameters are valid: and there are quite a
- * few of them...
- */
-
-int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
- ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
- int en_de)
-{
- unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
- const unsigned char *pbuf;
- int saltlen, iter, plen;
- unsigned int keylen;
- PBE2PARAM *pbe2 = NULL;
- const EVP_CIPHER *cipher;
- PBKDF2PARAM *kdf = NULL;
-
- if (param == NULL || param->type != V_ASN1_SEQUENCE ||
- param->value.sequence == NULL) {
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
- return 0;
- }
-
- pbuf = param->value.sequence->data;
- plen = param->value.sequence->length;
- if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
- return 0;
- }
-
- /* See if we recognise the key derivation function */
-
- if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
- EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
- goto err;
- }
-
- /* lets see if we recognise the encryption algorithm.
- */
-
- cipher = EVP_get_cipherbyname(
- OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));
-
- if(!cipher) {
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
- EVP_R_UNSUPPORTED_CIPHER);
- goto err;
- }
-
- /* Fixup cipher based on AlgorithmIdentifier */
- EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
- if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
- EVP_R_CIPHER_PARAMETER_ERROR);
- goto err;
- }
- keylen = EVP_CIPHER_CTX_key_length(ctx);
- OPENSSL_assert(keylen <= sizeof key);
-
- /* Now decode key derivation function */
-
- if(!pbe2->keyfunc->parameter ||
- (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
- {
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
- goto err;
- }
-
- pbuf = pbe2->keyfunc->parameter->value.sequence->data;
- plen = pbe2->keyfunc->parameter->value.sequence->length;
- if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
- goto err;
- }
-
- PBE2PARAM_free(pbe2);
- pbe2 = NULL;
-
- /* Now check the parameters of the kdf */
-
- if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
- EVP_R_UNSUPPORTED_KEYLENGTH);
- goto err;
- }
-
- if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
- goto err;
- }
-
- if(kdf->salt->type != V_ASN1_OCTET_STRING) {
- EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
- EVP_R_UNSUPPORTED_SALT_TYPE);
- goto err;
- }
-
- /* it seems that its all OK */
- salt = kdf->salt->value.octet_string->data;
- saltlen = kdf->salt->value.octet_string->length;
- iter = ASN1_INTEGER_get(kdf->iter);
- PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
- EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
- OPENSSL_cleanse(key, keylen);
- PBKDF2PARAM_free(kdf);
- return 1;
-
- err:
- PBE2PARAM_free(pbe2);
- PBKDF2PARAM_free(kdf);
- return 0;
-}
-
-#ifdef DEBUG_PKCS5V2
-static void h__dump (const unsigned char *p, int len)
-{
- for (; len --; p++) fprintf(stderr, "%02X ", *p);
- fprintf(stderr, "\n");
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt2.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/p5_crpt2.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt2.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p5_crpt2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,271 @@
+/* p5_crpt2.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
+# include <openssl/x509.h>
+# include <openssl/evp.h>
+# include <openssl/hmac.h>
+
+/* set this to print out info about the keygen algorithm */
+/* #define DEBUG_PKCS5V2 */
+
+# ifdef DEBUG_PKCS5V2
+static void h__dump(const unsigned char *p, int len);
+# endif
+
+/*
+ * This is an implementation of PKCS#5 v2.0 password based encryption key
+ * derivation function PBKDF2 using the only currently defined function HMAC
+ * with SHA1. Verified against test vectors posted by Peter Gutmann
+ * <pgut001 at cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng at rsa.com> mailing
+ * list.
+ */
+
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+ const unsigned char *salt, int saltlen, int iter,
+ int keylen, unsigned char *out)
+{
+ unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
+ int cplen, j, k, tkeylen;
+ unsigned long i = 1;
+ HMAC_CTX hctx;
+
+ HMAC_CTX_init(&hctx);
+ p = out;
+ tkeylen = keylen;
+ if (!pass)
+ passlen = 0;
+ else if (passlen == -1)
+ passlen = strlen(pass);
+ while (tkeylen) {
+ if (tkeylen > SHA_DIGEST_LENGTH)
+ cplen = SHA_DIGEST_LENGTH;
+ else
+ cplen = tkeylen;
+ /*
+ * We are unlikely to ever use more than 256 blocks (5120 bits!) but
+ * just in case...
+ */
+ itmp[0] = (unsigned char)((i >> 24) & 0xff);
+ itmp[1] = (unsigned char)((i >> 16) & 0xff);
+ itmp[2] = (unsigned char)((i >> 8) & 0xff);
+ itmp[3] = (unsigned char)(i & 0xff);
+ HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);
+ HMAC_Update(&hctx, salt, saltlen);
+ HMAC_Update(&hctx, itmp, 4);
+ HMAC_Final(&hctx, digtmp, NULL);
+ memcpy(p, digtmp, cplen);
+ for (j = 1; j < iter; j++) {
+ HMAC(EVP_sha1(), pass, passlen,
+ digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
+ for (k = 0; k < cplen; k++)
+ p[k] ^= digtmp[k];
+ }
+ tkeylen -= cplen;
+ i++;
+ p += cplen;
+ }
+ HMAC_CTX_cleanup(&hctx);
+# ifdef DEBUG_PKCS5V2
+ fprintf(stderr, "Password:\n");
+ h__dump(pass, passlen);
+ fprintf(stderr, "Salt:\n");
+ h__dump(salt, saltlen);
+ fprintf(stderr, "Iteration count %d\n", iter);
+ fprintf(stderr, "Key:\n");
+ h__dump(out, keylen);
+# endif
+ return 1;
+}
+
+# ifdef DO_TEST
+main()
+{
+ unsigned char out[4];
+ unsigned char salt[] = { 0x12, 0x34, 0x56, 0x78 };
+ PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
+ fprintf(stderr, "Out %02X %02X %02X %02X\n",
+ out[0], out[1], out[2], out[3]);
+}
+
+# endif
+
+/*
+ * Now the key derivation function itself. This is a bit evil because it has
+ * to check the ASN1 parameters are valid: and there are quite a few of
+ * them...
+ */
+
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+ ASN1_TYPE *param, const EVP_CIPHER *c,
+ const EVP_MD *md, int en_de)
+{
+ unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
+ const unsigned char *pbuf;
+ int saltlen, iter, plen;
+ unsigned int keylen;
+ PBE2PARAM *pbe2 = NULL;
+ const EVP_CIPHER *cipher;
+ PBKDF2PARAM *kdf = NULL;
+
+ if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+ param->value.sequence == NULL) {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+ return 0;
+ }
+
+ pbuf = param->value.sequence->data;
+ plen = param->value.sequence->length;
+ if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+ return 0;
+ }
+
+ /* See if we recognise the key derivation function */
+
+ if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+ EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
+ goto err;
+ }
+
+ /*
+ * lets see if we recognise the encryption algorithm.
+ */
+
+ cipher =
+ EVP_get_cipherbyname(OBJ_nid2sn
+ (OBJ_obj2nid(pbe2->encryption->algorithm)));
+
+ if (!cipher) {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_CIPHER);
+ goto err;
+ }
+
+ /* Fixup cipher based on AlgorithmIdentifier */
+ EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
+ if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR);
+ goto err;
+ }
+ keylen = EVP_CIPHER_CTX_key_length(ctx);
+ OPENSSL_assert(keylen <= sizeof key);
+
+ /* Now decode key derivation function */
+
+ if (!pbe2->keyfunc->parameter ||
+ (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE)) {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+ goto err;
+ }
+
+ pbuf = pbe2->keyfunc->parameter->value.sequence->data;
+ plen = pbe2->keyfunc->parameter->value.sequence->length;
+ if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen))) {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+ goto err;
+ }
+
+ PBE2PARAM_free(pbe2);
+ pbe2 = NULL;
+
+ /* Now check the parameters of the kdf */
+
+ if (kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)) {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH);
+ goto err;
+ }
+
+ if (kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+ goto err;
+ }
+
+ if (kdf->salt->type != V_ASN1_OCTET_STRING) {
+ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_SALT_TYPE);
+ goto err;
+ }
+
+ /* it seems that its all OK */
+ salt = kdf->salt->value.octet_string->data;
+ saltlen = kdf->salt->value.octet_string->length;
+ iter = ASN1_INTEGER_get(kdf->iter);
+ PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+ EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+ OPENSSL_cleanse(key, keylen);
+ PBKDF2PARAM_free(kdf);
+ return 1;
+
+ err:
+ PBE2PARAM_free(pbe2);
+ PBKDF2PARAM_free(kdf);
+ return 0;
+}
+
+# ifdef DEBUG_PKCS5V2
+static void h__dump(const unsigned char *p, int len)
+{
+ for (; len--; p++)
+ fprintf(stderr, "%02X ", *p);
+ fprintf(stderr, "\n");
+}
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_dec.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/p_dec.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_dec.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,87 +0,0 @@
-/* crypto/evp/p_dec.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl,
- EVP_PKEY *priv)
- {
- int ret= -1;
-
-#ifndef OPENSSL_NO_RSA
- if (priv->type != EVP_PKEY_RSA)
- {
-#endif
- EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
-#ifndef OPENSSL_NO_RSA
- goto err;
- }
-
- ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
-err:
-#endif
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_dec.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/p_dec.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/p_dec.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_dec.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,87 @@
+/* crypto/evp/p_dec.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl,
+ EVP_PKEY *priv)
+{
+ int ret = -1;
+
+#ifndef OPENSSL_NO_RSA
+ if (priv->type != EVP_PKEY_RSA) {
+#endif
+ EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef OPENSSL_NO_RSA
+ goto err;
+ }
+
+ ret =
+ RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa, RSA_PKCS1_PADDING);
+ err:
+#endif
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/p_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,86 +0,0 @@
-/* crypto/evp/p_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len,
- EVP_PKEY *pubk)
- {
- int ret=0;
-
-#ifndef OPENSSL_NO_RSA
- if (pubk->type != EVP_PKEY_RSA)
- {
-#endif
- EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
-#ifndef OPENSSL_NO_RSA
- goto err;
- }
- ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
-err:
-#endif
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/p_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/p_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,87 @@
+/* crypto/evp/p_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len,
+ EVP_PKEY *pubk)
+{
+ int ret = 0;
+
+#ifndef OPENSSL_NO_RSA
+ if (pubk->type != EVP_PKEY_RSA) {
+#endif
+ EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef OPENSSL_NO_RSA
+ goto err;
+ }
+ ret =
+ RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa,
+ RSA_PKCS1_PADDING);
+ err:
+#endif
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/p_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,502 +0,0 @@
-/* crypto/evp/p_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-static void EVP_PKEY_free_it(EVP_PKEY *x);
-
-int EVP_PKEY_bits(EVP_PKEY *pkey)
- {
- if (0)
- return 0;
-#ifndef OPENSSL_NO_RSA
- else if (pkey->type == EVP_PKEY_RSA)
- return(BN_num_bits(pkey->pkey.rsa->n));
-#endif
-#ifndef OPENSSL_NO_DSA
- else if (pkey->type == EVP_PKEY_DSA)
- return(BN_num_bits(pkey->pkey.dsa->p));
-#endif
-#ifndef OPENSSL_NO_EC
- else if (pkey->type == EVP_PKEY_EC)
- {
- BIGNUM *order = BN_new();
- const EC_GROUP *group;
- int ret;
-
- if (!order)
- {
- ERR_clear_error();
- return 0;
- }
- group = EC_KEY_get0_group(pkey->pkey.ec);
- if (!EC_GROUP_get_order(group, order, NULL))
- {
- ERR_clear_error();
- return 0;
- }
-
- ret = BN_num_bits(order);
- BN_free(order);
- return ret;
- }
-#endif
- return(0);
- }
-
-int EVP_PKEY_size(EVP_PKEY *pkey)
- {
- if (pkey == NULL)
- return(0);
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- return(RSA_size(pkey->pkey.rsa));
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- return(DSA_size(pkey->pkey.dsa));
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- return(ECDSA_size(pkey->pkey.ec));
-#endif
-
- return(0);
- }
-
-int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
- {
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- int ret=pkey->save_parameters;
-
- if (mode >= 0)
- pkey->save_parameters=mode;
- return(ret);
- }
-#endif
-#ifndef OPENSSL_NO_EC
- if (pkey->type == EVP_PKEY_EC)
- {
- int ret = pkey->save_parameters;
-
- if (mode >= 0)
- pkey->save_parameters = mode;
- return(ret);
- }
-#endif
- return(0);
- }
-
-int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
- {
- if (to->type != from->type)
- {
- EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES);
- goto err;
- }
-
- if (EVP_PKEY_missing_parameters(from))
- {
- EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
- goto err;
- }
-#ifndef OPENSSL_NO_DSA
- if (to->type == EVP_PKEY_DSA)
- {
- BIGNUM *a;
-
- if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err;
- if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p);
- to->pkey.dsa->p=a;
-
- if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err;
- if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q);
- to->pkey.dsa->q=a;
-
- if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err;
- if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g);
- to->pkey.dsa->g=a;
- }
-#endif
-#ifndef OPENSSL_NO_EC
- if (to->type == EVP_PKEY_EC)
- {
- EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
- if (group == NULL)
- goto err;
- if (EC_KEY_set_group(to->pkey.ec, group) == 0)
- goto err;
- EC_GROUP_free(group);
- }
-#endif
- return(1);
-err:
- return(0);
- }
-
-int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
- {
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- DSA *dsa;
-
- dsa=pkey->pkey.dsa;
- if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
- return(1);
- }
-#endif
-#ifndef OPENSSL_NO_EC
- if (pkey->type == EVP_PKEY_EC)
- {
- if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
- return(1);
- }
-#endif
-
- return(0);
- }
-
-int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
- {
-#ifndef OPENSSL_NO_DSA
- if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
- {
- if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
- BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
- BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
- return(0);
- else
- return(1);
- }
-#endif
-#ifndef OPENSSL_NO_EC
- if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC)
- {
- const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
- *group_b = EC_KEY_get0_group(b->pkey.ec);
- if (EC_GROUP_cmp(group_a, group_b, NULL))
- return 0;
- else
- return 1;
- }
-#endif
- return(-1);
- }
-
-int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
- {
- if (a->type != b->type)
- return -1;
-
- if (EVP_PKEY_cmp_parameters(a, b) == 0)
- return 0;
-
- switch (a->type)
- {
-#ifndef OPENSSL_NO_RSA
- case EVP_PKEY_RSA:
- if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
- || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
- return 0;
- break;
-#endif
-#ifndef OPENSSL_NO_DSA
- case EVP_PKEY_DSA:
- if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
- return 0;
- break;
-#endif
-#ifndef OPENSSL_NO_EC
- case EVP_PKEY_EC:
- {
- int r;
- const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
- const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
- *pb = EC_KEY_get0_public_key(b->pkey.ec);
- r = EC_POINT_cmp(group, pa, pb, NULL);
- if (r != 0)
- {
- if (r == 1)
- return 0;
- else
- return -2;
- }
- }
- break;
-#endif
-#ifndef OPENSSL_NO_DH
- case EVP_PKEY_DH:
- return -2;
-#endif
- default:
- return -2;
- }
-
- return 1;
- }
-
-EVP_PKEY *EVP_PKEY_new(void)
- {
- EVP_PKEY *ret;
-
- ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY));
- if (ret == NULL)
- {
- EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- ret->type=EVP_PKEY_NONE;
- ret->references=1;
- ret->pkey.ptr=NULL;
- ret->attributes=NULL;
- ret->save_parameters=1;
- return(ret);
- }
-
-int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
- {
- if (pkey == NULL) return(0);
- if (pkey->pkey.ptr != NULL)
- EVP_PKEY_free_it(pkey);
- pkey->type=EVP_PKEY_type(type);
- pkey->save_type=type;
- pkey->pkey.ptr=key;
- return(key != NULL);
- }
-
-#ifndef OPENSSL_NO_RSA
-int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
-{
- int ret = EVP_PKEY_assign_RSA(pkey, key);
- if(ret)
- RSA_up_ref(key);
- return ret;
-}
-
-RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
- {
- if(pkey->type != EVP_PKEY_RSA) {
- EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
- return NULL;
- }
- RSA_up_ref(pkey->pkey.rsa);
- return pkey->pkey.rsa;
-}
-#endif
-
-#ifndef OPENSSL_NO_DSA
-int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
-{
- int ret = EVP_PKEY_assign_DSA(pkey, key);
- if(ret)
- DSA_up_ref(key);
- return ret;
-}
-
-DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
- {
- if(pkey->type != EVP_PKEY_DSA) {
- EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);
- return NULL;
- }
- DSA_up_ref(pkey->pkey.dsa);
- return pkey->pkey.dsa;
-}
-#endif
-
-#ifndef OPENSSL_NO_EC
-
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
-{
- int ret = EVP_PKEY_assign_EC_KEY(pkey,key);
- if (ret)
- EC_KEY_up_ref(key);
- return ret;
-}
-
-EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
-{
- if (pkey->type != EVP_PKEY_EC)
- {
- EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
- return NULL;
- }
- EC_KEY_up_ref(pkey->pkey.ec);
- return pkey->pkey.ec;
-}
-#endif
-
-
-#ifndef OPENSSL_NO_DH
-
-int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
-{
- int ret = EVP_PKEY_assign_DH(pkey, key);
- if(ret)
- DH_up_ref(key);
- return ret;
-}
-
-DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
- {
- if(pkey->type != EVP_PKEY_DH) {
- EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
- return NULL;
- }
- DH_up_ref(pkey->pkey.dh);
- return pkey->pkey.dh;
-}
-#endif
-
-int EVP_PKEY_type(int type)
- {
- switch (type)
- {
- case EVP_PKEY_RSA:
- case EVP_PKEY_RSA2:
- return(EVP_PKEY_RSA);
- case EVP_PKEY_DSA:
- case EVP_PKEY_DSA1:
- case EVP_PKEY_DSA2:
- case EVP_PKEY_DSA3:
- case EVP_PKEY_DSA4:
- return(EVP_PKEY_DSA);
- case EVP_PKEY_DH:
- return(EVP_PKEY_DH);
- case EVP_PKEY_EC:
- return(EVP_PKEY_EC);
- default:
- return(NID_undef);
- }
- }
-
-void EVP_PKEY_free(EVP_PKEY *x)
- {
- int i;
-
- if (x == NULL) return;
-
- i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
- REF_PRINT("EVP_PKEY",x);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"EVP_PKEY_free, bad reference count\n");
- abort();
- }
-#endif
- EVP_PKEY_free_it(x);
- if (x->attributes)
- sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
- OPENSSL_free(x);
- }
-
-static void EVP_PKEY_free_it(EVP_PKEY *x)
- {
- switch (x->type)
- {
-#ifndef OPENSSL_NO_RSA
- case EVP_PKEY_RSA:
- case EVP_PKEY_RSA2:
- RSA_free(x->pkey.rsa);
- break;
-#endif
-#ifndef OPENSSL_NO_DSA
- case EVP_PKEY_DSA:
- case EVP_PKEY_DSA2:
- case EVP_PKEY_DSA3:
- case EVP_PKEY_DSA4:
- DSA_free(x->pkey.dsa);
- break;
-#endif
-#ifndef OPENSSL_NO_EC
- case EVP_PKEY_EC:
- EC_KEY_free(x->pkey.ec);
- break;
-#endif
-#ifndef OPENSSL_NO_DH
- case EVP_PKEY_DH:
- DH_free(x->pkey.dh);
- break;
-#endif
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/p_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/p_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,489 @@
+/* crypto/evp/p_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+
+static void EVP_PKEY_free_it(EVP_PKEY *x);
+
+int EVP_PKEY_bits(EVP_PKEY *pkey)
+{
+ if (0)
+ return 0;
+#ifndef OPENSSL_NO_RSA
+ else if (pkey->type == EVP_PKEY_RSA)
+ return (BN_num_bits(pkey->pkey.rsa->n));
+#endif
+#ifndef OPENSSL_NO_DSA
+ else if (pkey->type == EVP_PKEY_DSA)
+ return (BN_num_bits(pkey->pkey.dsa->p));
+#endif
+#ifndef OPENSSL_NO_EC
+ else if (pkey->type == EVP_PKEY_EC) {
+ BIGNUM *order = BN_new();
+ const EC_GROUP *group;
+ int ret;
+
+ if (!order) {
+ ERR_clear_error();
+ return 0;
+ }
+ group = EC_KEY_get0_group(pkey->pkey.ec);
+ if (!EC_GROUP_get_order(group, order, NULL)) {
+ ERR_clear_error();
+ return 0;
+ }
+
+ ret = BN_num_bits(order);
+ BN_free(order);
+ return ret;
+ }
+#endif
+ return (0);
+}
+
+int EVP_PKEY_size(EVP_PKEY *pkey)
+{
+ if (pkey == NULL)
+ return (0);
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA)
+ return (RSA_size(pkey->pkey.rsa));
+ else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ return (DSA_size(pkey->pkey.dsa));
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ return (ECDSA_size(pkey->pkey.ec));
+#endif
+
+ return (0);
+}
+
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
+{
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA) {
+ int ret = pkey->save_parameters;
+
+ if (mode >= 0)
+ pkey->save_parameters = mode;
+ return (ret);
+ }
+#endif
+#ifndef OPENSSL_NO_EC
+ if (pkey->type == EVP_PKEY_EC) {
+ int ret = pkey->save_parameters;
+
+ if (mode >= 0)
+ pkey->save_parameters = mode;
+ return (ret);
+ }
+#endif
+ return (0);
+}
+
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+ if (to->type != from->type) {
+ EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES);
+ goto err;
+ }
+
+ if (EVP_PKEY_missing_parameters(from)) {
+ EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
+ goto err;
+ }
+#ifndef OPENSSL_NO_DSA
+ if (to->type == EVP_PKEY_DSA) {
+ BIGNUM *a;
+
+ if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
+ goto err;
+ if (to->pkey.dsa->p != NULL)
+ BN_free(to->pkey.dsa->p);
+ to->pkey.dsa->p = a;
+
+ if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
+ goto err;
+ if (to->pkey.dsa->q != NULL)
+ BN_free(to->pkey.dsa->q);
+ to->pkey.dsa->q = a;
+
+ if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
+ goto err;
+ if (to->pkey.dsa->g != NULL)
+ BN_free(to->pkey.dsa->g);
+ to->pkey.dsa->g = a;
+ }
+#endif
+#ifndef OPENSSL_NO_EC
+ if (to->type == EVP_PKEY_EC) {
+ EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
+ if (group == NULL)
+ goto err;
+ if (EC_KEY_set_group(to->pkey.ec, group) == 0)
+ goto err;
+ EC_GROUP_free(group);
+ }
+#endif
+ return (1);
+ err:
+ return (0);
+}
+
+int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
+{
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA) {
+ DSA *dsa;
+
+ dsa = pkey->pkey.dsa;
+ if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+ return (1);
+ }
+#endif
+#ifndef OPENSSL_NO_EC
+ if (pkey->type == EVP_PKEY_EC) {
+ if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+ return (1);
+ }
+#endif
+
+ return (0);
+}
+
+int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+#ifndef OPENSSL_NO_DSA
+ if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) {
+ if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
+ BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
+ BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
+ return (0);
+ else
+ return (1);
+ }
+#endif
+#ifndef OPENSSL_NO_EC
+ if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) {
+ const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
+ *group_b = EC_KEY_get0_group(b->pkey.ec);
+ if (EC_GROUP_cmp(group_a, group_b, NULL))
+ return 0;
+ else
+ return 1;
+ }
+#endif
+ return (-1);
+}
+
+int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+ if (a->type != b->type)
+ return -1;
+
+ if (EVP_PKEY_cmp_parameters(a, b) == 0)
+ return 0;
+
+ switch (a->type) {
+#ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
+ || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
+ return 0;
+ break;
+#endif
+#ifndef OPENSSL_NO_DSA
+ case EVP_PKEY_DSA:
+ if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
+ return 0;
+ break;
+#endif
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ {
+ int r;
+ const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
+ const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
+ *pb = EC_KEY_get0_public_key(b->pkey.ec);
+ r = EC_POINT_cmp(group, pa, pb, NULL);
+ if (r != 0) {
+ if (r == 1)
+ return 0;
+ else
+ return -2;
+ }
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_DH
+ case EVP_PKEY_DH:
+ return -2;
+#endif
+ default:
+ return -2;
+ }
+
+ return 1;
+}
+
+EVP_PKEY *EVP_PKEY_new(void)
+{
+ EVP_PKEY *ret;
+
+ ret = (EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY));
+ if (ret == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ ret->type = EVP_PKEY_NONE;
+ ret->references = 1;
+ ret->pkey.ptr = NULL;
+ ret->attributes = NULL;
+ ret->save_parameters = 1;
+ return (ret);
+}
+
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
+{
+ if (pkey == NULL)
+ return (0);
+ if (pkey->pkey.ptr != NULL)
+ EVP_PKEY_free_it(pkey);
+ pkey->type = EVP_PKEY_type(type);
+ pkey->save_type = type;
+ pkey->pkey.ptr = key;
+ return (key != NULL);
+}
+
+#ifndef OPENSSL_NO_RSA
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
+{
+ int ret = EVP_PKEY_assign_RSA(pkey, key);
+ if (ret)
+ RSA_up_ref(key);
+ return ret;
+}
+
+RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
+{
+ if (pkey->type != EVP_PKEY_RSA) {
+ EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
+ return NULL;
+ }
+ RSA_up_ref(pkey->pkey.rsa);
+ return pkey->pkey.rsa;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
+{
+ int ret = EVP_PKEY_assign_DSA(pkey, key);
+ if (ret)
+ DSA_up_ref(key);
+ return ret;
+}
+
+DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
+{
+ if (pkey->type != EVP_PKEY_DSA) {
+ EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);
+ return NULL;
+ }
+ DSA_up_ref(pkey->pkey.dsa);
+ return pkey->pkey.dsa;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
+{
+ int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
+ if (ret)
+ EC_KEY_up_ref(key);
+ return ret;
+}
+
+EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
+{
+ if (pkey->type != EVP_PKEY_EC) {
+ EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
+ return NULL;
+ }
+ EC_KEY_up_ref(pkey->pkey.ec);
+ return pkey->pkey.ec;
+}
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
+{
+ int ret = EVP_PKEY_assign_DH(pkey, key);
+ if (ret)
+ DH_up_ref(key);
+ return ret;
+}
+
+DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
+{
+ if (pkey->type != EVP_PKEY_DH) {
+ EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
+ return NULL;
+ }
+ DH_up_ref(pkey->pkey.dh);
+ return pkey->pkey.dh;
+}
+#endif
+
+int EVP_PKEY_type(int type)
+{
+ switch (type) {
+ case EVP_PKEY_RSA:
+ case EVP_PKEY_RSA2:
+ return (EVP_PKEY_RSA);
+ case EVP_PKEY_DSA:
+ case EVP_PKEY_DSA1:
+ case EVP_PKEY_DSA2:
+ case EVP_PKEY_DSA3:
+ case EVP_PKEY_DSA4:
+ return (EVP_PKEY_DSA);
+ case EVP_PKEY_DH:
+ return (EVP_PKEY_DH);
+ case EVP_PKEY_EC:
+ return (EVP_PKEY_EC);
+ default:
+ return (NID_undef);
+ }
+}
+
+void EVP_PKEY_free(EVP_PKEY *x)
+{
+ int i;
+
+ if (x == NULL)
+ return;
+
+ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+ REF_PRINT("EVP_PKEY", x);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "EVP_PKEY_free, bad reference count\n");
+ abort();
+ }
+#endif
+ EVP_PKEY_free_it(x);
+ if (x->attributes)
+ sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
+ OPENSSL_free(x);
+}
+
+static void EVP_PKEY_free_it(EVP_PKEY *x)
+{
+ switch (x->type) {
+#ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ case EVP_PKEY_RSA2:
+ RSA_free(x->pkey.rsa);
+ break;
+#endif
+#ifndef OPENSSL_NO_DSA
+ case EVP_PKEY_DSA:
+ case EVP_PKEY_DSA2:
+ case EVP_PKEY_DSA3:
+ case EVP_PKEY_DSA4:
+ DSA_free(x->pkey.dsa);
+ break;
+#endif
+#ifndef OPENSSL_NO_EC
+ case EVP_PKEY_EC:
+ EC_KEY_free(x->pkey.ec);
+ break;
+#endif
+#ifndef OPENSSL_NO_DH
+ case EVP_PKEY_DH:
+ DH_free(x->pkey.dh);
+ break;
+#endif
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_open.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/p_open.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_open.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,127 +0,0 @@
-/* crypto/evp/p_open.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_RSA
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/rsa.h>
-
-int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- const unsigned char *ek, int ekl, const unsigned char *iv,
- EVP_PKEY *priv)
- {
- unsigned char *key=NULL;
- int i,size=0,ret=0;
-
- if(type) {
- EVP_CIPHER_CTX_init(ctx);
- if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0;
- }
-
- if(!priv) return 1;
-
- if (priv->type != EVP_PKEY_RSA)
- {
- EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
- goto err;
- }
-
- size=RSA_size(priv->pkey.rsa);
- key=(unsigned char *)OPENSSL_malloc(size+2);
- if (key == NULL)
- {
- /* ERROR */
- EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- i=EVP_PKEY_decrypt(key,ek,ekl,priv);
- if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i))
- {
- /* ERROR */
- goto err;
- }
- if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err;
-
- ret=1;
-err:
- if (key != NULL) OPENSSL_cleanse(key,size);
- OPENSSL_free(key);
- return(ret);
- }
-
-int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
- {
- int i;
-
- i=EVP_DecryptFinal_ex(ctx,out,outl);
- EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
- return(i);
- }
-#else /* !OPENSSL_NO_RSA */
-
-# ifdef PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_open.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/p_open.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/p_open.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_open.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,128 @@
+/* crypto/evp/p_open.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_RSA
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/rsa.h>
+
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ const unsigned char *ek, int ekl, const unsigned char *iv,
+ EVP_PKEY *priv)
+{
+ unsigned char *key = NULL;
+ int i, size = 0, ret = 0;
+
+ if (type) {
+ EVP_CIPHER_CTX_init(ctx);
+ if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
+ return 0;
+ }
+
+ if (!priv)
+ return 1;
+
+ if (priv->type != EVP_PKEY_RSA) {
+ EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA);
+ goto err;
+ }
+
+ size = RSA_size(priv->pkey.rsa);
+ key = (unsigned char *)OPENSSL_malloc(size + 2);
+ if (key == NULL) {
+ /* ERROR */
+ EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ i = EVP_PKEY_decrypt(key, ek, ekl, priv);
+ if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
+ /* ERROR */
+ goto err;
+ }
+ if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+ goto err;
+
+ ret = 1;
+ err:
+ if (key != NULL)
+ OPENSSL_cleanse(key, size);
+ OPENSSL_free(key);
+ return (ret);
+}
+
+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ int i;
+
+ i = EVP_DecryptFinal_ex(ctx, out, outl);
+ EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+ return (i);
+}
+#else /* !OPENSSL_NO_RSA */
+
+# ifdef PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_seal.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/p_seal.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_seal.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,115 +0,0 @@
-/* crypto/evp/p_seal.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
- int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
- {
- unsigned char key[EVP_MAX_KEY_LENGTH];
- int i;
-
- if(type) {
- EVP_CIPHER_CTX_init(ctx);
- if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0;
- }
- if ((npubk <= 0) || !pubk)
- return 1;
- if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
- return 0;
- if (EVP_CIPHER_CTX_iv_length(ctx))
- RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
-
- if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0;
-
- for (i=0; i<npubk; i++)
- {
- ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),
- pubk[i]);
- if (ekl[i] <= 0) return(-1);
- }
- return(npubk);
- }
-
-/* MACRO
-void EVP_SealUpdate(ctx,out,outl,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
- {
- EVP_EncryptUpdate(ctx,out,outl,in,inl);
- }
-*/
-
-int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
- {
- int i;
- i = EVP_EncryptFinal_ex(ctx,out,outl);
- EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
- return i;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_seal.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/p_seal.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/p_seal.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_seal.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,118 @@
+/* crypto/evp/p_seal.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ unsigned char **ek, int *ekl, unsigned char *iv,
+ EVP_PKEY **pubk, int npubk)
+{
+ unsigned char key[EVP_MAX_KEY_LENGTH];
+ int i;
+
+ if (type) {
+ EVP_CIPHER_CTX_init(ctx);
+ if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
+ return 0;
+ }
+ if ((npubk <= 0) || !pubk)
+ return 1;
+ if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+ return 0;
+ if (EVP_CIPHER_CTX_iv_length(ctx))
+ RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx));
+
+ if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+ return 0;
+
+ for (i = 0; i < npubk; i++) {
+ ekl[i] = EVP_PKEY_encrypt(ek[i], key, EVP_CIPHER_CTX_key_length(ctx),
+ pubk[i]);
+ if (ekl[i] <= 0)
+ return (-1);
+ }
+ return (npubk);
+}
+
+/*- MACRO
+void EVP_SealUpdate(ctx,out,outl,in,inl)
+EVP_CIPHER_CTX *ctx;
+unsigned char *out;
+int *outl;
+unsigned char *in;
+int inl;
+ {
+ EVP_EncryptUpdate(ctx,out,outl,in,inl);
+ }
+*/
+
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ int i;
+ i = EVP_EncryptFinal_ex(ctx, out, outl);
+ EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+ return i;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_sign.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/p_sign.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,126 +0,0 @@
-/* crypto/evp/p_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#ifdef undef
-void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
- {
- EVP_DigestInit_ex(ctx,type);
- }
-
-void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
- unsigned int count)
- {
- EVP_DigestUpdate(ctx,data,count);
- }
-#endif
-
-int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
- EVP_PKEY *pkey)
- {
- unsigned char m[EVP_MAX_MD_SIZE];
- unsigned int m_len;
- int i,ok=0,v;
- EVP_MD_CTX tmp_ctx;
-
- *siglen=0;
- for (i=0; i<4; i++)
- {
- v=ctx->digest->required_pkey_type[i];
- if (v == 0) break;
- if (pkey->type == v)
- {
- ok=1;
- break;
- }
- }
- if (!ok)
- {
- EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
- return(0);
- }
- if (ctx->digest->sign == NULL)
- {
- EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
- return(0);
- }
- EVP_MD_CTX_init(&tmp_ctx);
- EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
- if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
- {
- EVP_MD_SVCTX sctmp;
- sctmp.mctx = &tmp_ctx;
- sctmp.key = pkey->pkey.ptr;
- i = ctx->digest->sign(ctx->digest->type,
- NULL, -1, sigret, siglen, &sctmp);
- }
- else
- {
- EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
- i = ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
- pkey->pkey.ptr);
- }
- EVP_MD_CTX_cleanup(&tmp_ctx);
- return i;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_sign.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/p_sign.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/p_sign.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,118 @@
+/* crypto/evp/p_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+#ifdef undef
+void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
+{
+ EVP_DigestInit_ex(ctx, type);
+}
+
+void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count)
+{
+ EVP_DigestUpdate(ctx, data, count);
+}
+#endif
+
+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+ unsigned int *siglen, EVP_PKEY *pkey)
+{
+ unsigned char m[EVP_MAX_MD_SIZE];
+ unsigned int m_len;
+ int i, ok = 0, v;
+ EVP_MD_CTX tmp_ctx;
+
+ *siglen = 0;
+ for (i = 0; i < 4; i++) {
+ v = ctx->digest->required_pkey_type[i];
+ if (v == 0)
+ break;
+ if (pkey->type == v) {
+ ok = 1;
+ break;
+ }
+ }
+ if (!ok) {
+ EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
+ return (0);
+ }
+ if (ctx->digest->sign == NULL) {
+ EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
+ return (0);
+ }
+ EVP_MD_CTX_init(&tmp_ctx);
+ EVP_MD_CTX_copy_ex(&tmp_ctx, ctx);
+ if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) {
+ EVP_MD_SVCTX sctmp;
+ sctmp.mctx = &tmp_ctx;
+ sctmp.key = pkey->pkey.ptr;
+ i = ctx->digest->sign(ctx->digest->type,
+ NULL, -1, sigret, siglen, &sctmp);
+ } else {
+ EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len);
+ i = ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen,
+ pkey->pkey.ptr);
+ }
+ EVP_MD_CTX_cleanup(&tmp_ctx);
+ return i;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_verify.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/evp/p_verify.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_verify.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,113 +0,0 @@
-/* crypto/evp/p_verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
- unsigned int siglen, EVP_PKEY *pkey)
- {
- unsigned char m[EVP_MAX_MD_SIZE];
- unsigned int m_len;
- int i,ok=0,v;
- EVP_MD_CTX tmp_ctx;
-
- for (i=0; i<4; i++)
- {
- v=ctx->digest->required_pkey_type[i];
- if (v == 0) break;
- if (pkey->type == v)
- {
- ok=1;
- break;
- }
- }
- if (!ok)
- {
- EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
- return(-1);
- }
- if (ctx->digest->verify == NULL)
- {
- EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
- return(0);
- }
-
- EVP_MD_CTX_init(&tmp_ctx);
- EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
- if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
- {
- EVP_MD_SVCTX sctmp;
- sctmp.mctx = &tmp_ctx;
- sctmp.key = pkey->pkey.ptr;
- i = ctx->digest->verify(ctx->digest->type,
- NULL, -1, sigbuf, siglen, &sctmp);
- }
- else
- {
- EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
- i = ctx->digest->verify(ctx->digest->type,m,m_len,
- sigbuf,siglen,pkey->pkey.ptr);
- }
- EVP_MD_CTX_cleanup(&tmp_ctx);
- return i;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/evp/p_verify.c (from rev 6976, vendor-crypto/openssl/dist/crypto/evp/p_verify.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/evp/p_verify.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/evp/p_verify.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,106 @@
+/* crypto/evp/p_verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+ unsigned int siglen, EVP_PKEY *pkey)
+{
+ unsigned char m[EVP_MAX_MD_SIZE];
+ unsigned int m_len;
+ int i, ok = 0, v;
+ EVP_MD_CTX tmp_ctx;
+
+ for (i = 0; i < 4; i++) {
+ v = ctx->digest->required_pkey_type[i];
+ if (v == 0)
+ break;
+ if (pkey->type == v) {
+ ok = 1;
+ break;
+ }
+ }
+ if (!ok) {
+ EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
+ return (-1);
+ }
+ if (ctx->digest->verify == NULL) {
+ EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
+ return (0);
+ }
+
+ EVP_MD_CTX_init(&tmp_ctx);
+ EVP_MD_CTX_copy_ex(&tmp_ctx, ctx);
+ if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) {
+ EVP_MD_SVCTX sctmp;
+ sctmp.mctx = &tmp_ctx;
+ sctmp.key = pkey->pkey.ptr;
+ i = ctx->digest->verify(ctx->digest->type,
+ NULL, -1, sigbuf, siglen, &sctmp);
+ } else {
+ EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len);
+ i = ctx->digest->verify(ctx->digest->type, m, m_len,
+ sigbuf, siglen, pkey->pkey.ptr);
+ }
+ EVP_MD_CTX_cleanup(&tmp_ctx);
+ return i;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ex_data.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ex_data.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ex_data.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,632 +0,0 @@
-/* crypto/ex_data.c */
-
-/*
- * Overhaul notes;
- *
- * This code is now *mostly* thread-safe. It is now easier to understand in what
- * ways it is safe and in what ways it is not, which is an improvement. Firstly,
- * all per-class stacks and index-counters for ex_data are stored in the same
- * global LHASH table (keyed by class). This hash table uses locking for all
- * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be
- * called when no other threads can possibly race against it (even if it was
- * locked, the race would mean it's possible the hash table might have been
- * recreated after the cleanup). As classes can only be added to the hash table,
- * and within each class, the stack of methods can only be incremented, the
- * locking mechanics are simpler than they would otherwise be. For example, the
- * new/dup/free ex_data functions will lock the hash table, copy the method
- * pointers it needs from the relevant class, then unlock the hash table before
- * actually applying those method pointers to the task of the new/dup/free
- * operations. As they can't be removed from the method-stack, only
- * supplemented, there's no race conditions associated with using them outside
- * the lock. The get/set_ex_data functions are not locked because they do not
- * involve this global state at all - they operate directly with a previously
- * obtained per-class method index and a particular "ex_data" variable. These
- * variables are usually instantiated per-context (eg. each RSA structure has
- * one) so locking on read/write access to that variable can be locked locally
- * if required (eg. using the "RSA" lock to synchronise access to a
- * per-RSA-structure ex_data variable if required).
- * [Geoff]
- */
-
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-
-/* What an "implementation of ex_data functionality" looks like */
-struct st_CRYPTO_EX_DATA_IMPL
- {
- /*********************/
- /* GLOBAL OPERATIONS */
- /* Return a new class index */
- int (*cb_new_class)(void);
- /* Cleanup all state used by the implementation */
- void (*cb_cleanup)(void);
- /************************/
- /* PER-CLASS OPERATIONS */
- /* Get a new method index within a class */
- int (*cb_get_new_index)(int class_index, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
- /* Initialise a new CRYPTO_EX_DATA of a given class */
- int (*cb_new_ex_data)(int class_index, void *obj,
- CRYPTO_EX_DATA *ad);
- /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */
- int (*cb_dup_ex_data)(int class_index, CRYPTO_EX_DATA *to,
- CRYPTO_EX_DATA *from);
- /* Cleanup a CRYPTO_EX_DATA of a given class */
- void (*cb_free_ex_data)(int class_index, void *obj,
- CRYPTO_EX_DATA *ad);
- };
-
-/* The implementation we use at run-time */
-static const CRYPTO_EX_DATA_IMPL *impl = NULL;
-
-/* To call "impl" functions, use this macro rather than referring to 'impl' directly, eg.
- * EX_IMPL(get_new_index)(...); */
-#define EX_IMPL(a) impl->cb_##a
-
-/* Predeclare the "default" ex_data implementation */
-static int int_new_class(void);
-static void int_cleanup(void);
-static int int_get_new_index(int class_index, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
-static int int_new_ex_data(int class_index, void *obj,
- CRYPTO_EX_DATA *ad);
-static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
- CRYPTO_EX_DATA *from);
-static void int_free_ex_data(int class_index, void *obj,
- CRYPTO_EX_DATA *ad);
-static CRYPTO_EX_DATA_IMPL impl_default =
- {
- int_new_class,
- int_cleanup,
- int_get_new_index,
- int_new_ex_data,
- int_dup_ex_data,
- int_free_ex_data
- };
-
-/* Internal function that checks whether "impl" is set and if not, sets it to
- * the default. */
-static void impl_check(void)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
- if(!impl)
- impl = &impl_default;
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
- }
-/* A macro wrapper for impl_check that first uses a non-locked test before
- * invoking the function (which checks again inside a lock). */
-#define IMPL_CHECK if(!impl) impl_check();
-
-/* API functions to get/set the "ex_data" implementation */
-const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void)
- {
- IMPL_CHECK
- return impl;
- }
-int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i)
- {
- int toret = 0;
- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
- if(!impl)
- {
- impl = i;
- toret = 1;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
- return toret;
- }
-
-/****************************************************************************/
-/* Interal (default) implementation of "ex_data" support. API functions are
- * further down. */
-
-/* The type that represents what each "class" used to implement locally. A STACK
- * of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is the global
- * value representing the class that is used to distinguish these items. */
-typedef struct st_ex_class_item {
- int class_index;
- STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth;
- int meth_num;
-} EX_CLASS_ITEM;
-
-/* When assigning new class indexes, this is our counter */
-static int ex_class = CRYPTO_EX_INDEX_USER;
-
-/* The global hash table of EX_CLASS_ITEM items */
-static LHASH *ex_data = NULL;
-
-/* The callbacks required in the "ex_data" hash table */
-static unsigned long ex_hash_cb(const void *a_void)
- {
- return ((const EX_CLASS_ITEM *)a_void)->class_index;
- }
-static int ex_cmp_cb(const void *a_void, const void *b_void)
- {
- return (((const EX_CLASS_ITEM *)a_void)->class_index -
- ((const EX_CLASS_ITEM *)b_void)->class_index);
- }
-
-/* Internal functions used by the "impl_default" implementation to access the
- * state */
-
-static int ex_data_check(void)
- {
- int toret = 1;
- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
- if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL))
- toret = 0;
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
- return toret;
- }
-/* This macros helps reduce the locking from repeated checks because the
- * ex_data_check() function checks ex_data again inside a lock. */
-#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail}
-
-/* This "inner" callback is used by the callback function that follows it */
-static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs)
- {
- OPENSSL_free(funcs);
- }
-
-/* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from
- * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do
- * any locking. */
-static void def_cleanup_cb(void *a_void)
- {
- EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;
- sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);
- OPENSSL_free(item);
- }
-
-/* Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to a
- * given class. Handles locking. */
-static EX_CLASS_ITEM *def_get_class(int class_index)
- {
- EX_CLASS_ITEM d, *p, *gen;
- EX_DATA_CHECK(return NULL;)
- d.class_index = class_index;
- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
- p = lh_retrieve(ex_data, &d);
- if(!p)
- {
- gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));
- if(gen)
- {
- gen->class_index = class_index;
- gen->meth_num = 0;
- gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
- if(!gen->meth)
- OPENSSL_free(gen);
- else
- {
- /* Because we're inside the ex_data lock, the
- * return value from the insert will be NULL */
- lh_insert(ex_data, gen);
- p = gen;
- }
- }
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
- if(!p)
- CRYPTOerr(CRYPTO_F_DEF_GET_CLASS,ERR_R_MALLOC_FAILURE);
- return p;
- }
-
-/* Add a new method to the given EX_CLASS_ITEM and return the corresponding
- * index (or -1 for error). Handles locking. */
-static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func)
- {
- int toret = -1;
- CRYPTO_EX_DATA_FUNCS *a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(
- sizeof(CRYPTO_EX_DATA_FUNCS));
- if(!a)
- {
- CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
- return -1;
- }
- a->argl=argl;
- a->argp=argp;
- a->new_func=new_func;
- a->dup_func=dup_func;
- a->free_func=free_func;
- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
- while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num)
- {
- if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL))
- {
- CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
- OPENSSL_free(a);
- goto err;
- }
- }
- toret = item->meth_num++;
- (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
-err:
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
- return toret;
- }
-
-/**************************************************************/
-/* The functions in the default CRYPTO_EX_DATA_IMPL structure */
-
-static int int_new_class(void)
- {
- int toret;
- CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
- toret = ex_class++;
- CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
- return toret;
- }
-
-static void int_cleanup(void)
- {
- EX_DATA_CHECK(return;)
- lh_doall(ex_data, def_cleanup_cb);
- lh_free(ex_data);
- ex_data = NULL;
- impl = NULL;
- }
-
-static int int_get_new_index(int class_index, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func)
- {
- EX_CLASS_ITEM *item = def_get_class(class_index);
- if(!item)
- return -1;
- return def_add_index(item, argl, argp, new_func, dup_func, free_func);
- }
-
-/* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries in
- * the lock, then using them outside the lock. NB: Thread-safety only applies to
- * the global "ex_data" state (ie. class definitions), not thread-safe on 'ad'
- * itself. */
-static int int_new_ex_data(int class_index, void *obj,
- CRYPTO_EX_DATA *ad)
- {
- int mx,i;
- void *ptr;
- CRYPTO_EX_DATA_FUNCS **storage = NULL;
- EX_CLASS_ITEM *item = def_get_class(class_index);
- if(!item)
- /* error is already set */
- return 0;
- ad->sk = NULL;
- CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
- mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
- if(mx > 0)
- {
- storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
- if(!storage)
- goto skip;
- for(i = 0; i < mx; i++)
- storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
- }
-skip:
- CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
- if((mx > 0) && !storage)
- {
- CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- for(i = 0; i < mx; i++)
- {
- if(storage[i] && storage[i]->new_func)
- {
- ptr = CRYPTO_get_ex_data(ad, i);
- storage[i]->new_func(obj,ptr,ad,i,
- storage[i]->argl,storage[i]->argp);
- }
- }
- if(storage)
- OPENSSL_free(storage);
- return 1;
- }
-
-/* Same thread-safety notes as for "int_new_ex_data" */
-static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
- CRYPTO_EX_DATA *from)
- {
- int mx, j, i;
- char *ptr;
- CRYPTO_EX_DATA_FUNCS **storage = NULL;
- EX_CLASS_ITEM *item;
- if(!from->sk)
- /* 'to' should be "blank" which *is* just like 'from' */
- return 1;
- if((item = def_get_class(class_index)) == NULL)
- return 0;
- CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
- mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
- j = sk_num(from->sk);
- if(j < mx)
- mx = j;
- if(mx > 0)
- {
- storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
- if(!storage)
- goto skip;
- for(i = 0; i < mx; i++)
- storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
- }
-skip:
- CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
- if((mx > 0) && !storage)
- {
- CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- for(i = 0; i < mx; i++)
- {
- ptr = CRYPTO_get_ex_data(from, i);
- if(storage[i] && storage[i]->dup_func)
- storage[i]->dup_func(to,from,&ptr,i,
- storage[i]->argl,storage[i]->argp);
- CRYPTO_set_ex_data(to,i,ptr);
- }
- if(storage)
- OPENSSL_free(storage);
- return 1;
- }
-
-/* Same thread-safety notes as for "int_new_ex_data" */
-static void int_free_ex_data(int class_index, void *obj,
- CRYPTO_EX_DATA *ad)
- {
- int mx,i;
- EX_CLASS_ITEM *item;
- void *ptr;
- CRYPTO_EX_DATA_FUNCS **storage = NULL;
- if((item = def_get_class(class_index)) == NULL)
- return;
- CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
- mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
- if(mx > 0)
- {
- storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
- if(!storage)
- goto skip;
- for(i = 0; i < mx; i++)
- storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
- }
-skip:
- CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
- if((mx > 0) && !storage)
- {
- CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA,ERR_R_MALLOC_FAILURE);
- return;
- }
- for(i = 0; i < mx; i++)
- {
- if(storage[i] && storage[i]->free_func)
- {
- ptr = CRYPTO_get_ex_data(ad,i);
- storage[i]->free_func(obj,ptr,ad,i,
- storage[i]->argl,storage[i]->argp);
- }
- }
- if(storage)
- OPENSSL_free(storage);
- if(ad->sk)
- {
- sk_free(ad->sk);
- ad->sk=NULL;
- }
- }
-
-/********************************************************************/
-/* API functions that defer all "state" operations to the "ex_data"
- * implementation we have set. */
-
-/* Obtain an index for a new class (not the same as getting a new index within
- * an existing class - this is actually getting a new *class*) */
-int CRYPTO_ex_data_new_class(void)
- {
- IMPL_CHECK
- return EX_IMPL(new_class)();
- }
-
-/* Release all "ex_data" state to prevent memory leaks. This can't be made
- * thread-safe without overhauling a lot of stuff, and shouldn't really be
- * called under potential race-conditions anyway (it's for program shutdown
- * after all). */
-void CRYPTO_cleanup_all_ex_data(void)
- {
- IMPL_CHECK
- EX_IMPL(cleanup)();
- }
-
-/* Inside an existing class, get/register a new index. */
-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func)
- {
- int ret = -1;
-
- IMPL_CHECK
- ret = EX_IMPL(get_new_index)(class_index,
- argl, argp, new_func, dup_func, free_func);
- return ret;
- }
-
-/* Initialise a new CRYPTO_EX_DATA for use in a particular class - including
- * calling new() callbacks for each index in the class used by this variable */
-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
- {
- IMPL_CHECK
- return EX_IMPL(new_ex_data)(class_index, obj, ad);
- }
-
-/* Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks for
- * each index in the class used by this variable */
-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
- CRYPTO_EX_DATA *from)
- {
- IMPL_CHECK
- return EX_IMPL(dup_ex_data)(class_index, to, from);
- }
-
-/* Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
- * each index in the class used by this variable */
-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
- {
- IMPL_CHECK
- EX_IMPL(free_ex_data)(class_index, obj, ad);
- }
-
-/* For a given CRYPTO_EX_DATA variable, set the value corresponding to a
- * particular index in the class used by this variable */
-int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
- {
- int i;
-
- if (ad->sk == NULL)
- {
- if ((ad->sk=sk_new_null()) == NULL)
- {
- CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- }
- i=sk_num(ad->sk);
-
- while (i <= idx)
- {
- if (!sk_push(ad->sk,NULL))
- {
- CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- i++;
- }
- sk_set(ad->sk,idx,val);
- return(1);
- }
-
-/* For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a
- * particular index in the class used by this variable */
-void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
- {
- if (ad->sk == NULL)
- return(0);
- else if (idx >= sk_num(ad->sk))
- return(0);
- else
- return(sk_value(ad->sk,idx));
- }
-
-IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ex_data.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ex_data.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ex_data.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ex_data.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,641 @@
+/* crypto/ex_data.c */
+
+/*
+ * Overhaul notes;
+ *
+ * This code is now *mostly* thread-safe. It is now easier to understand in what
+ * ways it is safe and in what ways it is not, which is an improvement. Firstly,
+ * all per-class stacks and index-counters for ex_data are stored in the same
+ * global LHASH table (keyed by class). This hash table uses locking for all
+ * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be
+ * called when no other threads can possibly race against it (even if it was
+ * locked, the race would mean it's possible the hash table might have been
+ * recreated after the cleanup). As classes can only be added to the hash table,
+ * and within each class, the stack of methods can only be incremented, the
+ * locking mechanics are simpler than they would otherwise be. For example, the
+ * new/dup/free ex_data functions will lock the hash table, copy the method
+ * pointers it needs from the relevant class, then unlock the hash table before
+ * actually applying those method pointers to the task of the new/dup/free
+ * operations. As they can't be removed from the method-stack, only
+ * supplemented, there's no race conditions associated with using them outside
+ * the lock. The get/set_ex_data functions are not locked because they do not
+ * involve this global state at all - they operate directly with a previously
+ * obtained per-class method index and a particular "ex_data" variable. These
+ * variables are usually instantiated per-context (eg. each RSA structure has
+ * one) so locking on read/write access to that variable can be locked locally
+ * if required (eg. using the "RSA" lock to synchronise access to a
+ * per-RSA-structure ex_data variable if required).
+ * [Geoff]
+ */
+
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+
+/* What an "implementation of ex_data functionality" looks like */
+struct st_CRYPTO_EX_DATA_IMPL {
+ /*********************/
+ /* GLOBAL OPERATIONS */
+ /* Return a new class index */
+ int (*cb_new_class) (void);
+ /* Cleanup all state used by the implementation */
+ void (*cb_cleanup) (void);
+ /************************/
+ /* PER-CLASS OPERATIONS */
+ /* Get a new method index within a class */
+ int (*cb_get_new_index) (int class_index, long argl, void *argp,
+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+ /* Initialise a new CRYPTO_EX_DATA of a given class */
+ int (*cb_new_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad);
+ /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */
+ int (*cb_dup_ex_data) (int class_index, CRYPTO_EX_DATA *to,
+ CRYPTO_EX_DATA *from);
+ /* Cleanup a CRYPTO_EX_DATA of a given class */
+ void (*cb_free_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad);
+};
+
+/* The implementation we use at run-time */
+static const CRYPTO_EX_DATA_IMPL *impl = NULL;
+
+/*
+ * To call "impl" functions, use this macro rather than referring to 'impl'
+ * directly, eg. EX_IMPL(get_new_index)(...);
+ */
+#define EX_IMPL(a) impl->cb_##a
+
+/* Predeclare the "default" ex_data implementation */
+static int int_new_class(void);
+static void int_cleanup(void);
+static int int_get_new_index(int class_index, long argl, void *argp,
+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+ CRYPTO_EX_DATA *from);
+static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+static CRYPTO_EX_DATA_IMPL impl_default = {
+ int_new_class,
+ int_cleanup,
+ int_get_new_index,
+ int_new_ex_data,
+ int_dup_ex_data,
+ int_free_ex_data
+};
+
+/*
+ * Internal function that checks whether "impl" is set and if not, sets it to
+ * the default.
+ */
+static void impl_check(void)
+{
+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+ if (!impl)
+ impl = &impl_default;
+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+}
+
+/*
+ * A macro wrapper for impl_check that first uses a non-locked test before
+ * invoking the function (which checks again inside a lock).
+ */
+#define IMPL_CHECK if(!impl) impl_check();
+
+/* API functions to get/set the "ex_data" implementation */
+const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void)
+{
+ IMPL_CHECK return impl;
+}
+
+int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i)
+{
+ int toret = 0;
+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+ if (!impl) {
+ impl = i;
+ toret = 1;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ return toret;
+}
+
+/****************************************************************************/
+/*
+ * Interal (default) implementation of "ex_data" support. API functions are
+ * further down.
+ */
+
+/*
+ * The type that represents what each "class" used to implement locally. A
+ * STACK of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is
+ * the global value representing the class that is used to distinguish these
+ * items.
+ */
+typedef struct st_ex_class_item {
+ int class_index;
+ STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth;
+ int meth_num;
+} EX_CLASS_ITEM;
+
+/* When assigning new class indexes, this is our counter */
+static int ex_class = CRYPTO_EX_INDEX_USER;
+
+/* The global hash table of EX_CLASS_ITEM items */
+static LHASH *ex_data = NULL;
+
+/* The callbacks required in the "ex_data" hash table */
+static unsigned long ex_hash_cb(const void *a_void)
+{
+ return ((const EX_CLASS_ITEM *)a_void)->class_index;
+}
+
+static int ex_cmp_cb(const void *a_void, const void *b_void)
+{
+ return (((const EX_CLASS_ITEM *)a_void)->class_index -
+ ((const EX_CLASS_ITEM *)b_void)->class_index);
+}
+
+/*
+ * Internal functions used by the "impl_default" implementation to access the
+ * state
+ */
+
+static int ex_data_check(void)
+{
+ int toret = 1;
+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+ if (!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL))
+ toret = 0;
+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ return toret;
+}
+
+/*
+ * This macros helps reduce the locking from repeated checks because the
+ * ex_data_check() function checks ex_data again inside a lock.
+ */
+#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail}
+
+/* This "inner" callback is used by the callback function that follows it */
+static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs)
+{
+ OPENSSL_free(funcs);
+}
+
+/*
+ * This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from
+ * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't
+ * do any locking.
+ */
+static void def_cleanup_cb(void *a_void)
+{
+ EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;
+ sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);
+ OPENSSL_free(item);
+}
+
+/*
+ * Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to
+ * a given class. Handles locking.
+ */
+static EX_CLASS_ITEM *def_get_class(int class_index)
+{
+ EX_CLASS_ITEM d, *p, *gen;
+ EX_DATA_CHECK(return NULL;)
+ d.class_index = class_index;
+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+ p = lh_retrieve(ex_data, &d);
+ if (!p) {
+ gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));
+ if (gen) {
+ gen->class_index = class_index;
+ gen->meth_num = 0;
+ gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
+ if (!gen->meth)
+ OPENSSL_free(gen);
+ else {
+ /*
+ * Because we're inside the ex_data lock, the return value
+ * from the insert will be NULL
+ */
+ lh_insert(ex_data, gen);
+ p = gen;
+ }
+ }
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ if (!p)
+ CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE);
+ return p;
+}
+
+/*
+ * Add a new method to the given EX_CLASS_ITEM and return the corresponding
+ * index (or -1 for error). Handles locking.
+ */
+static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func)
+{
+ int toret = -1;
+ CRYPTO_EX_DATA_FUNCS *a =
+ (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
+ if (!a) {
+ CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ a->argl = argl;
+ a->argp = argp;
+ a->new_func = new_func;
+ a->dup_func = dup_func;
+ a->free_func = free_func;
+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+ while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) {
+ if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) {
+ CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(a);
+ goto err;
+ }
+ }
+ toret = item->meth_num++;
+ (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
+ err:
+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ return toret;
+}
+
+/**************************************************************/
+/* The functions in the default CRYPTO_EX_DATA_IMPL structure */
+
+static int int_new_class(void)
+{
+ int toret;
+ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+ toret = ex_class++;
+ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+ return toret;
+}
+
+static void int_cleanup(void)
+{
+ EX_DATA_CHECK(return;)
+ lh_doall(ex_data, def_cleanup_cb);
+ lh_free(ex_data);
+ ex_data = NULL;
+ impl = NULL;
+}
+
+static int int_get_new_index(int class_index, long argl, void *argp,
+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func)
+{
+ EX_CLASS_ITEM *item = def_get_class(class_index);
+ if (!item)
+ return -1;
+ return def_add_index(item, argl, argp, new_func, dup_func, free_func);
+}
+
+/*
+ * Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries
+ * in the lock, then using them outside the lock. NB: Thread-safety only
+ * applies to the global "ex_data" state (ie. class definitions), not
+ * thread-safe on 'ad' itself.
+ */
+static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+{
+ int mx, i;
+ void *ptr;
+ CRYPTO_EX_DATA_FUNCS **storage = NULL;
+ EX_CLASS_ITEM *item = def_get_class(class_index);
+ if (!item)
+ /* error is already set */
+ return 0;
+ ad->sk = NULL;
+ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+ if (mx > 0) {
+ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
+ if (!storage)
+ goto skip;
+ for (i = 0; i < mx; i++)
+ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
+ }
+ skip:
+ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+ if ((mx > 0) && !storage) {
+ CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ for (i = 0; i < mx; i++) {
+ if (storage[i] && storage[i]->new_func) {
+ ptr = CRYPTO_get_ex_data(ad, i);
+ storage[i]->new_func(obj, ptr, ad, i,
+ storage[i]->argl, storage[i]->argp);
+ }
+ }
+ if (storage)
+ OPENSSL_free(storage);
+ return 1;
+}
+
+/* Same thread-safety notes as for "int_new_ex_data" */
+static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+ CRYPTO_EX_DATA *from)
+{
+ int mx, j, i;
+ char *ptr;
+ CRYPTO_EX_DATA_FUNCS **storage = NULL;
+ EX_CLASS_ITEM *item;
+ if (!from->sk)
+ /* 'to' should be "blank" which *is* just like 'from' */
+ return 1;
+ if ((item = def_get_class(class_index)) == NULL)
+ return 0;
+ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+ j = sk_num(from->sk);
+ if (j < mx)
+ mx = j;
+ if (mx > 0) {
+ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
+ if (!storage)
+ goto skip;
+ for (i = 0; i < mx; i++)
+ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
+ }
+ skip:
+ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+ if ((mx > 0) && !storage) {
+ CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ for (i = 0; i < mx; i++) {
+ ptr = CRYPTO_get_ex_data(from, i);
+ if (storage[i] && storage[i]->dup_func)
+ storage[i]->dup_func(to, from, &ptr, i,
+ storage[i]->argl, storage[i]->argp);
+ CRYPTO_set_ex_data(to, i, ptr);
+ }
+ if (storage)
+ OPENSSL_free(storage);
+ return 1;
+}
+
+/* Same thread-safety notes as for "int_new_ex_data" */
+static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+{
+ int mx, i;
+ EX_CLASS_ITEM *item;
+ void *ptr;
+ CRYPTO_EX_DATA_FUNCS **storage = NULL;
+ if ((item = def_get_class(class_index)) == NULL)
+ return;
+ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+ if (mx > 0) {
+ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
+ if (!storage)
+ goto skip;
+ for (i = 0; i < mx; i++)
+ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
+ }
+ skip:
+ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+ if ((mx > 0) && !storage) {
+ CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA, ERR_R_MALLOC_FAILURE);
+ return;
+ }
+ for (i = 0; i < mx; i++) {
+ if (storage[i] && storage[i]->free_func) {
+ ptr = CRYPTO_get_ex_data(ad, i);
+ storage[i]->free_func(obj, ptr, ad, i,
+ storage[i]->argl, storage[i]->argp);
+ }
+ }
+ if (storage)
+ OPENSSL_free(storage);
+ if (ad->sk) {
+ sk_free(ad->sk);
+ ad->sk = NULL;
+ }
+}
+
+/********************************************************************/
+/*
+ * API functions that defer all "state" operations to the "ex_data"
+ * implementation we have set.
+ */
+
+/*
+ * Obtain an index for a new class (not the same as getting a new index
+ * within an existing class - this is actually getting a new *class*)
+ */
+int CRYPTO_ex_data_new_class(void)
+{
+ IMPL_CHECK return EX_IMPL(new_class) ();
+}
+
+/*
+ * Release all "ex_data" state to prevent memory leaks. This can't be made
+ * thread-safe without overhauling a lot of stuff, and shouldn't really be
+ * called under potential race-conditions anyway (it's for program shutdown
+ * after all).
+ */
+void CRYPTO_cleanup_all_ex_data(void)
+{
+ IMPL_CHECK EX_IMPL(cleanup) ();
+}
+
+/* Inside an existing class, get/register a new index. */
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func)
+{
+ int ret = -1;
+
+ IMPL_CHECK
+ ret = EX_IMPL(get_new_index) (class_index,
+ argl, argp, new_func, dup_func,
+ free_func);
+ return ret;
+}
+
+/*
+ * Initialise a new CRYPTO_EX_DATA for use in a particular class - including
+ * calling new() callbacks for each index in the class used by this variable
+ */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+{
+ IMPL_CHECK return EX_IMPL(new_ex_data) (class_index, obj, ad);
+}
+
+/*
+ * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks
+ * for each index in the class used by this variable
+ */
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+ CRYPTO_EX_DATA *from)
+{
+ IMPL_CHECK return EX_IMPL(dup_ex_data) (class_index, to, from);
+}
+
+/*
+ * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
+ * each index in the class used by this variable
+ */
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+{
+ IMPL_CHECK EX_IMPL(free_ex_data) (class_index, obj, ad);
+}
+
+/*
+ * For a given CRYPTO_EX_DATA variable, set the value corresponding to a
+ * particular index in the class used by this variable
+ */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
+{
+ int i;
+
+ if (ad->sk == NULL) {
+ if ((ad->sk = sk_new_null()) == NULL) {
+ CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ }
+ i = sk_num(ad->sk);
+
+ while (i <= idx) {
+ if (!sk_push(ad->sk, NULL)) {
+ CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ i++;
+ }
+ sk_set(ad->sk, idx, val);
+ return (1);
+}
+
+/*
+ * For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a
+ * particular index in the class used by this variable
+ */
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
+{
+ if (ad->sk == NULL)
+ return (0);
+ else if (idx >= sk_num(ad->sk))
+ return (0);
+ else
+ return (sk_value(ad->sk, idx));
+}
+
+IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/fips_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/fips_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/fips_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,7 +0,0 @@
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-# include "fips_err.h"
-#else
-static void *dummy=&dummy;
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/fips_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/fips_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/fips_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/fips_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,7 @@
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
+# include "fips_err.h"
+#else
+static void *dummy = &dummy;
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/fips_err.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/fips_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/fips_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,137 +0,0 @@
-/* crypto/fips_err.h */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason)
-
-static ERR_STRING_DATA FIPS_str_functs[]=
- {
-{ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
-{ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
-{ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
-{ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"},
-{ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
-{ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
-{ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"},
-{ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT), "FIPS_CHECK_INCORE_FINGERPRINT"},
-{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "FIPS_CHECK_RSA"},
-{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK), "FIPS_DSA_CHECK"},
-{ERR_FUNC(FIPS_F_FIPS_MODE_SET), "FIPS_mode_set"},
-{ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"},
-{ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"},
-{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"},
-{ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"},
-{ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
-{ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG), "FIPS_selftest_rng"},
-{ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
-{ERR_FUNC(FIPS_F_HASH_FINAL), "HASH_FINAL"},
-{ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
-{ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
-{ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
-{ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
-{ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
-{ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY_EX), "RSA_X931_generate_key_ex"},
-{ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA FIPS_str_reasons[]=
- {
-{ERR_REASON(FIPS_R_CANNOT_READ_EXE) ,"cannot read exe"},
-{ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot read exe digest"},
-{ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"contradicting evidence"},
-{ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"exe digest does not match"},
-{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),"fingerprint does not match"},
-{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),"fingerprint does not match nonpic relocated"},
-{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match segment aliasing"},
-{ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET),"fips mode already set"},
-{ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"},
-{ERR_REASON(FIPS_R_INVALID_KEY_LENGTH) ,"invalid key length"},
-{ERR_REASON(FIPS_R_KEY_TOO_SHORT) ,"key too short"},
-{ERR_REASON(FIPS_R_NON_FIPS_METHOD) ,"non fips method"},
-{ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
-{ERR_REASON(FIPS_R_RSA_DECRYPT_ERROR) ,"rsa decrypt error"},
-{ERR_REASON(FIPS_R_RSA_ENCRYPT_ERROR) ,"rsa encrypt error"},
-{ERR_REASON(FIPS_R_SELFTEST_FAILED) ,"selftest failed"},
-{ERR_REASON(FIPS_R_TEST_FAILURE) ,"test failure"},
-{ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_FIPS_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,FIPS_str_functs);
- ERR_load_strings(0,FIPS_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/fips_err.h (from rev 6976, vendor-crypto/openssl/dist/crypto/fips_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/fips_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/fips_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,140 @@
+/* crypto/fips_err.h */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_FIPS,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_FIPS,0,reason)
+
+static ERR_STRING_DATA FIPS_str_functs[] = {
+ {ERR_FUNC(FIPS_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
+ {ERR_FUNC(FIPS_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
+ {ERR_FUNC(FIPS_F_DSA_DO_SIGN), "DSA_do_sign"},
+ {ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"},
+ {ERR_FUNC(FIPS_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
+ {ERR_FUNC(FIPS_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
+ {ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"},
+ {ERR_FUNC(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),
+ "FIPS_CHECK_INCORE_FINGERPRINT"},
+ {ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "FIPS_CHECK_RSA"},
+ {ERR_FUNC(FIPS_F_FIPS_DSA_CHECK), "FIPS_DSA_CHECK"},
+ {ERR_FUNC(FIPS_F_FIPS_MODE_SET), "FIPS_mode_set"},
+ {ERR_FUNC(FIPS_F_FIPS_PKEY_SIGNATURE_TEST), "fips_pkey_signature_test"},
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_AES), "FIPS_selftest_aes"},
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DES), "FIPS_selftest_des"},
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_DSA), "FIPS_selftest_dsa"},
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_HMAC), "FIPS_selftest_hmac"},
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_RNG), "FIPS_selftest_rng"},
+ {ERR_FUNC(FIPS_F_FIPS_SELFTEST_SHA1), "FIPS_selftest_sha1"},
+ {ERR_FUNC(FIPS_F_HASH_FINAL), "HASH_FINAL"},
+ {ERR_FUNC(FIPS_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
+ {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
+ {ERR_FUNC(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
+ {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
+ {ERR_FUNC(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
+ {ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY_EX), "RSA_X931_generate_key_ex"},
+ {ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA FIPS_str_reasons[] = {
+ {ERR_REASON(FIPS_R_CANNOT_READ_EXE), "cannot read exe"},
+ {ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST), "cannot read exe digest"},
+ {ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE), "contradicting evidence"},
+ {ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),
+ "exe digest does not match"},
+ {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),
+ "fingerprint does not match"},
+ {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),
+ "fingerprint does not match nonpic relocated"},
+ {ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),
+ "fingerprint does not match segment aliasing"},
+ {ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET), "fips mode already set"},
+ {ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED), "fips selftest failed"},
+ {ERR_REASON(FIPS_R_INVALID_KEY_LENGTH), "invalid key length"},
+ {ERR_REASON(FIPS_R_KEY_TOO_SHORT), "key too short"},
+ {ERR_REASON(FIPS_R_NON_FIPS_METHOD), "non fips method"},
+ {ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED), "pairwise test failed"},
+ {ERR_REASON(FIPS_R_RSA_DECRYPT_ERROR), "rsa decrypt error"},
+ {ERR_REASON(FIPS_R_RSA_ENCRYPT_ERROR), "rsa encrypt error"},
+ {ERR_REASON(FIPS_R_SELFTEST_FAILED), "selftest failed"},
+ {ERR_REASON(FIPS_R_TEST_FAILURE), "test failure"},
+ {ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM), "unsupported platform"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_FIPS_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(FIPS_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, FIPS_str_functs);
+ ERR_load_strings(0, FIPS_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/hmac/hmac.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,180 +0,0 @@
-/* crypto/hmac/hmac.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/hmac.h>
-
-#ifndef OPENSSL_FIPS
-
-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
- const EVP_MD *md, ENGINE *impl)
- {
- int i,j,reset=0;
- unsigned char pad[HMAC_MAX_MD_CBLOCK];
-
- if (md != NULL)
- {
- reset=1;
- ctx->md=md;
- }
- else
- md=ctx->md;
-
- if (key != NULL)
- {
- reset=1;
- j=EVP_MD_block_size(md);
- OPENSSL_assert(j <= (int)sizeof(ctx->key));
- if (j < len)
- {
- EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
- EVP_DigestUpdate(&ctx->md_ctx,key,len);
- EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
- &ctx->key_length);
- }
- else
- {
- OPENSSL_assert(len>=0 && len<=(int)sizeof(ctx->key));
- memcpy(ctx->key,key,len);
- ctx->key_length=len;
- }
- if(ctx->key_length != HMAC_MAX_MD_CBLOCK)
- memset(&ctx->key[ctx->key_length], 0,
- HMAC_MAX_MD_CBLOCK - ctx->key_length);
- }
-
- if (reset)
- {
- for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
- pad[i]=0x36^ctx->key[i];
- EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
- EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
-
- for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
- pad[i]=0x5c^ctx->key[i];
- EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
- EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
- }
- EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
- }
-
-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
- const EVP_MD *md)
- {
- if(key && md)
- HMAC_CTX_init(ctx);
- HMAC_Init_ex(ctx,key,len,md, NULL);
- }
-
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
- {
- EVP_DigestUpdate(&ctx->md_ctx,data,len);
- }
-
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
- {
- unsigned int i;
- unsigned char buf[EVP_MAX_MD_SIZE];
-
- EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
- EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
- EVP_DigestUpdate(&ctx->md_ctx,buf,i);
- EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
- }
-
-void HMAC_CTX_init(HMAC_CTX *ctx)
- {
- EVP_MD_CTX_init(&ctx->i_ctx);
- EVP_MD_CTX_init(&ctx->o_ctx);
- EVP_MD_CTX_init(&ctx->md_ctx);
- }
-
-void HMAC_CTX_cleanup(HMAC_CTX *ctx)
- {
- EVP_MD_CTX_cleanup(&ctx->i_ctx);
- EVP_MD_CTX_cleanup(&ctx->o_ctx);
- EVP_MD_CTX_cleanup(&ctx->md_ctx);
- memset(ctx,0,sizeof *ctx);
- }
-
-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
- const unsigned char *d, size_t n, unsigned char *md,
- unsigned int *md_len)
- {
- HMAC_CTX c;
- static unsigned char m[EVP_MAX_MD_SIZE];
-
- if (md == NULL) md=m;
- HMAC_CTX_init(&c);
- HMAC_Init(&c,key,key_len,evp_md);
- HMAC_Update(&c,d,n);
- HMAC_Final(&c,md,md_len);
- HMAC_CTX_cleanup(&c);
- return(md);
- }
-
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
- {
- EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
- EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.c (from rev 6976, vendor-crypto/openssl/dist/crypto/hmac/hmac.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,172 @@
+/* crypto/hmac/hmac.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/hmac.h>
+
+#ifndef OPENSSL_FIPS
+
+void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+ const EVP_MD *md, ENGINE *impl)
+{
+ int i, j, reset = 0;
+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+ if (md != NULL) {
+ reset = 1;
+ ctx->md = md;
+ } else
+ md = ctx->md;
+
+ if (key != NULL) {
+ reset = 1;
+ j = EVP_MD_block_size(md);
+ OPENSSL_assert(j <= (int)sizeof(ctx->key));
+ if (j < len) {
+ EVP_DigestInit_ex(&ctx->md_ctx, md, impl);
+ EVP_DigestUpdate(&ctx->md_ctx, key, len);
+ EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, &ctx->key_length);
+ } else {
+ OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key));
+ memcpy(ctx->key, key, len);
+ ctx->key_length = len;
+ }
+ if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
+ memset(&ctx->key[ctx->key_length], 0,
+ HMAC_MAX_MD_CBLOCK - ctx->key_length);
+ }
+
+ if (reset) {
+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+ pad[i] = 0x36 ^ ctx->key[i];
+ EVP_DigestInit_ex(&ctx->i_ctx, md, impl);
+ EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md));
+
+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+ pad[i] = 0x5c ^ ctx->key[i];
+ EVP_DigestInit_ex(&ctx->o_ctx, md, impl);
+ EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md));
+ }
+ EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx);
+}
+
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
+{
+ if (key && md)
+ HMAC_CTX_init(ctx);
+ HMAC_Init_ex(ctx, key, len, md, NULL);
+}
+
+void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+{
+ EVP_DigestUpdate(&ctx->md_ctx, data, len);
+}
+
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+{
+ unsigned int i;
+ unsigned char buf[EVP_MAX_MD_SIZE];
+
+ EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i);
+ EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx);
+ EVP_DigestUpdate(&ctx->md_ctx, buf, i);
+ EVP_DigestFinal_ex(&ctx->md_ctx, md, len);
+}
+
+void HMAC_CTX_init(HMAC_CTX *ctx)
+{
+ EVP_MD_CTX_init(&ctx->i_ctx);
+ EVP_MD_CTX_init(&ctx->o_ctx);
+ EVP_MD_CTX_init(&ctx->md_ctx);
+}
+
+void HMAC_CTX_cleanup(HMAC_CTX *ctx)
+{
+ EVP_MD_CTX_cleanup(&ctx->i_ctx);
+ EVP_MD_CTX_cleanup(&ctx->o_ctx);
+ EVP_MD_CTX_cleanup(&ctx->md_ctx);
+ memset(ctx, 0, sizeof *ctx);
+}
+
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+ const unsigned char *d, size_t n, unsigned char *md,
+ unsigned int *md_len)
+{
+ HMAC_CTX c;
+ static unsigned char m[EVP_MAX_MD_SIZE];
+
+ if (md == NULL)
+ md = m;
+ HMAC_CTX_init(&c);
+ HMAC_Init(&c, key, key_len, evp_md);
+ HMAC_Update(&c, d, n);
+ HMAC_Final(&c, md, md_len);
+ HMAC_CTX_cleanup(&c);
+ return (md);
+}
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+{
+ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/hmac/hmac.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,109 +0,0 @@
-/* crypto/hmac/hmac.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifndef HEADER_HMAC_H
-#define HEADER_HMAC_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_HMAC
-#error HMAC is disabled.
-#endif
-
-#include <openssl/evp.h>
-
-#define HMAC_MAX_MD_CBLOCK 128 /* largest known is SHA512 */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct hmac_ctx_st
- {
- const EVP_MD *md;
- EVP_MD_CTX md_ctx;
- EVP_MD_CTX i_ctx;
- EVP_MD_CTX o_ctx;
- unsigned int key_length;
- unsigned char key[HMAC_MAX_MD_CBLOCK];
- } HMAC_CTX;
-
-#define HMAC_size(e) (EVP_MD_size((e)->md))
-
-
-void HMAC_CTX_init(HMAC_CTX *ctx);
-void HMAC_CTX_cleanup(HMAC_CTX *ctx);
-
-#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
-
-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
- const EVP_MD *md); /* deprecated */
-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
- const EVP_MD *md, ENGINE *impl);
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
- const unsigned char *d, size_t n, unsigned char *md,
- unsigned int *md_len);
-
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.h (from rev 6976, vendor-crypto/openssl/dist/crypto/hmac/hmac.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmac.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,108 @@
+/* crypto/hmac/hmac.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_HMAC_H
+# define HEADER_HMAC_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_HMAC
+# error HMAC is disabled.
+# endif
+
+# include <openssl/evp.h>
+
+# define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct hmac_ctx_st {
+ const EVP_MD *md;
+ EVP_MD_CTX md_ctx;
+ EVP_MD_CTX i_ctx;
+ EVP_MD_CTX o_ctx;
+ unsigned int key_length;
+ unsigned char key[HMAC_MAX_MD_CBLOCK];
+} HMAC_CTX;
+
+# define HMAC_size(e) (EVP_MD_size((e)->md))
+
+void HMAC_CTX_init(HMAC_CTX *ctx);
+void HMAC_CTX_cleanup(HMAC_CTX *ctx);
+
+/* deprecated */
+# define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx)
+
+/* deprecated */
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md);
+void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+ const EVP_MD *md, ENGINE *impl);
+void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+ const unsigned char *d, size_t n, unsigned char *md,
+ unsigned int *md_len);
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmactest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/hmac/hmactest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmactest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,175 +0,0 @@
-/* crypto/hmac/hmactest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_HMAC
-int main(int argc, char *argv[])
-{
- printf("No HMAC support\n");
- return(0);
-}
-#else
-#include <openssl/hmac.h>
-#ifndef OPENSSL_NO_MD5
-#include <openssl/md5.h>
-#endif
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-#ifndef OPENSSL_NO_MD5
-static struct test_st
- {
- unsigned char key[16];
- int key_len;
- unsigned char data[64];
- int data_len;
- unsigned char *digest;
- } test[4]={
- { "",
- 0,
- "More text test vectors to stuff up EBCDIC machines :-)",
- 54,
- (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
- },{ {0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
- 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},
- 16,
- "Hi There",
- 8,
- (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
- },{ "Jefe",
- 4,
- "what do ya want for nothing?",
- 28,
- (unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
- },{
- {0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
- 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},
- 16,
- {0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
- 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
- 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
- 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
- 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
- 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
- 0xdd,0xdd},
- 50,
- (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
- },
- };
-#endif
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
- {
-#ifndef OPENSSL_NO_MD5
- int i;
- char *p;
-#endif
- int err=0;
-
-#ifdef OPENSSL_NO_MD5
- printf("test skipped: MD5 disabled\n");
-#else
-
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
- ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
- ebcdic2ascii(test[2].key, test[2].key, test[2].key_len);
- ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
-#endif
-
- for (i=0; i<4; i++)
- {
- p=pt(HMAC(EVP_md5(),
- test[i].key, test[i].key_len,
- test[i].data, test[i].data_len,
- NULL,NULL));
-
- if (strcmp(p,(char *)test[i].digest) != 0)
- {
- printf("error calculating HMAC on %d entry'\n",i);
- printf("got %s instead of %s\n",p,test[i].digest);
- err++;
- }
- else
- printf("test %d ok\n",i);
- }
-#endif /* OPENSSL_NO_MD5 */
- EXIT(err);
- return(0);
- }
-
-#ifndef OPENSSL_NO_MD5
-static char *pt(unsigned char *md)
- {
- int i;
- static char buf[80];
-
- for (i=0; i<MD5_DIGEST_LENGTH; i++)
- sprintf(&(buf[i*2]),"%02x",md[i]);
- return(buf);
- }
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmactest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/hmac/hmactest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmactest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/hmac/hmactest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,167 @@
+/* crypto/hmac/hmactest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_HMAC
+int main(int argc, char *argv[])
+{
+ printf("No HMAC support\n");
+ return (0);
+}
+#else
+# include <openssl/hmac.h>
+# ifndef OPENSSL_NO_MD5
+# include <openssl/md5.h>
+# endif
+
+# ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+# endif
+
+# ifndef OPENSSL_NO_MD5
+static struct test_st {
+ unsigned char key[16];
+ int key_len;
+ unsigned char data[64];
+ int data_len;
+ unsigned char *digest;
+} test[4] = {
+ {
+ "", 0, "More text test vectors to stuff up EBCDIC machines :-)", 54,
+ (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
+ },
+ {
+ {
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ }, 16, "Hi There", 8,
+ (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
+ },
+ {
+ "Jefe", 4, "what do ya want for nothing?", 28,
+ (unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
+ },
+ {
+ {
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ }, 16, {
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+ 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd
+ }, 50, (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
+ },
+};
+# endif
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+# ifndef OPENSSL_NO_MD5
+ int i;
+ char *p;
+# endif
+ int err = 0;
+
+# ifdef OPENSSL_NO_MD5
+ printf("test skipped: MD5 disabled\n");
+# else
+
+# ifdef CHARSET_EBCDIC
+ ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
+ ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
+ ebcdic2ascii(test[2].key, test[2].key, test[2].key_len);
+ ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
+# endif
+
+ for (i = 0; i < 4; i++) {
+ p = pt(HMAC(EVP_md5(),
+ test[i].key, test[i].key_len,
+ test[i].data, test[i].data_len, NULL, NULL));
+
+ if (strcmp(p, (char *)test[i].digest) != 0) {
+ printf("error calculating HMAC on %d entry'\n", i);
+ printf("got %s instead of %s\n", p, test[i].digest);
+ err++;
+ } else
+ printf("test %d ok\n", i);
+ }
+# endif /* OPENSSL_NO_MD5 */
+ EXIT(err);
+ return (0);
+}
+
+# ifndef OPENSSL_NO_MD5
+static char *pt(unsigned char *md)
+{
+ int i;
+ static char buf[80];
+
+ for (i = 0; i < MD5_DIGEST_LENGTH; i++)
+ sprintf(&(buf[i * 2]), "%02x", md[i]);
+ return (buf);
+}
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/idea/i_cbc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,168 +0,0 @@
-/* crypto/idea/i_cbc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/idea.h>
-#include "idea_lcl.h"
-
-void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int encrypt)
- {
- register unsigned long tin0,tin1;
- register unsigned long tout0,tout1,xor0,xor1;
- register long l=length;
- unsigned long tin[2];
-
- if (encrypt)
- {
- n2l(iv,tout0);
- n2l(iv,tout1);
- iv-=8;
- for (l-=8; l>=0; l-=8)
- {
- n2l(in,tin0);
- n2l(in,tin1);
- tin0^=tout0;
- tin1^=tout1;
- tin[0]=tin0;
- tin[1]=tin1;
- idea_encrypt(tin,ks);
- tout0=tin[0]; l2n(tout0,out);
- tout1=tin[1]; l2n(tout1,out);
- }
- if (l != -8)
- {
- n2ln(in,tin0,tin1,l+8);
- tin0^=tout0;
- tin1^=tout1;
- tin[0]=tin0;
- tin[1]=tin1;
- idea_encrypt(tin,ks);
- tout0=tin[0]; l2n(tout0,out);
- tout1=tin[1]; l2n(tout1,out);
- }
- l2n(tout0,iv);
- l2n(tout1,iv);
- }
- else
- {
- n2l(iv,xor0);
- n2l(iv,xor1);
- iv-=8;
- for (l-=8; l>=0; l-=8)
- {
- n2l(in,tin0); tin[0]=tin0;
- n2l(in,tin1); tin[1]=tin1;
- idea_encrypt(tin,ks);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2n(tout0,out);
- l2n(tout1,out);
- xor0=tin0;
- xor1=tin1;
- }
- if (l != -8)
- {
- n2l(in,tin0); tin[0]=tin0;
- n2l(in,tin1); tin[1]=tin1;
- idea_encrypt(tin,ks);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2nn(tout0,tout1,out,l+8);
- xor0=tin0;
- xor1=tin1;
- }
- l2n(xor0,iv);
- l2n(xor1,iv);
- }
- tin0=tin1=tout0=tout1=xor0=xor1=0;
- tin[0]=tin[1]=0;
- }
-
-void idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key)
- {
- register IDEA_INT *p;
- register unsigned long x1,x2,x3,x4,t0,t1,ul;
-
- x2=d[0];
- x1=(x2>>16);
- x4=d[1];
- x3=(x4>>16);
-
- p= &(key->data[0][0]);
-
- E_IDEA(0);
- E_IDEA(1);
- E_IDEA(2);
- E_IDEA(3);
- E_IDEA(4);
- E_IDEA(5);
- E_IDEA(6);
- E_IDEA(7);
-
- x1&=0xffff;
- idea_mul(x1,x1,*p,ul); p++;
-
- t0= x3+ *(p++);
- t1= x2+ *(p++);
-
- x4&=0xffff;
- idea_mul(x4,x4,*p,ul);
-
- d[0]=(t0&0xffff)|((x1&0xffff)<<16);
- d[1]=(x4&0xffff)|((t1&0xffff)<<16);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cbc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/idea/i_cbc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cbc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,171 @@
+/* crypto/idea/i_cbc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+ int encrypt)
+{
+ register unsigned long tin0, tin1;
+ register unsigned long tout0, tout1, xor0, xor1;
+ register long l = length;
+ unsigned long tin[2];
+
+ if (encrypt) {
+ n2l(iv, tout0);
+ n2l(iv, tout1);
+ iv -= 8;
+ for (l -= 8; l >= 0; l -= 8) {
+ n2l(in, tin0);
+ n2l(in, tin1);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ idea_encrypt(tin, ks);
+ tout0 = tin[0];
+ l2n(tout0, out);
+ tout1 = tin[1];
+ l2n(tout1, out);
+ }
+ if (l != -8) {
+ n2ln(in, tin0, tin1, l + 8);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ idea_encrypt(tin, ks);
+ tout0 = tin[0];
+ l2n(tout0, out);
+ tout1 = tin[1];
+ l2n(tout1, out);
+ }
+ l2n(tout0, iv);
+ l2n(tout1, iv);
+ } else {
+ n2l(iv, xor0);
+ n2l(iv, xor1);
+ iv -= 8;
+ for (l -= 8; l >= 0; l -= 8) {
+ n2l(in, tin0);
+ tin[0] = tin0;
+ n2l(in, tin1);
+ tin[1] = tin1;
+ idea_encrypt(tin, ks);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2n(tout0, out);
+ l2n(tout1, out);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ if (l != -8) {
+ n2l(in, tin0);
+ tin[0] = tin0;
+ n2l(in, tin1);
+ tin[1] = tin1;
+ idea_encrypt(tin, ks);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2nn(tout0, tout1, out, l + 8);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ l2n(xor0, iv);
+ l2n(xor1, iv);
+ }
+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+ tin[0] = tin[1] = 0;
+}
+
+void idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key)
+{
+ register IDEA_INT *p;
+ register unsigned long x1, x2, x3, x4, t0, t1, ul;
+
+ x2 = d[0];
+ x1 = (x2 >> 16);
+ x4 = d[1];
+ x3 = (x4 >> 16);
+
+ p = &(key->data[0][0]);
+
+ E_IDEA(0);
+ E_IDEA(1);
+ E_IDEA(2);
+ E_IDEA(3);
+ E_IDEA(4);
+ E_IDEA(5);
+ E_IDEA(6);
+ E_IDEA(7);
+
+ x1 &= 0xffff;
+ idea_mul(x1, x1, *p, ul);
+ p++;
+
+ t0 = x3 + *(p++);
+ t1 = x2 + *(p++);
+
+ x4 &= 0xffff;
+ idea_mul(x4, x4, *p, ul);
+
+ d[0] = (t0 & 0xffff) | ((x1 & 0xffff) << 16);
+ d[1] = (x4 & 0xffff) | ((t1 & 0xffff) << 16);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cfb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/idea/i_cfb64.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cfb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,122 +0,0 @@
-/* crypto/idea/i_cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/idea.h>
-#include "idea_lcl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, IDEA_KEY_SCHEDULE *schedule,
- unsigned char *ivec, int *num, int encrypt)
- {
- register unsigned long v0,v1,t;
- register int n= *num;
- register long l=length;
- unsigned long ti[2];
- unsigned char *iv,c,cc;
-
- iv=(unsigned char *)ivec;
- if (encrypt)
- {
- while (l--)
- {
- if (n == 0)
- {
- n2l(iv,v0); ti[0]=v0;
- n2l(iv,v1); ti[1]=v1;
- idea_encrypt((unsigned long *)ti,schedule);
- iv=(unsigned char *)ivec;
- t=ti[0]; l2n(t,iv);
- t=ti[1]; l2n(t,iv);
- iv=(unsigned char *)ivec;
- }
- c= *(in++)^iv[n];
- *(out++)=c;
- iv[n]=c;
- n=(n+1)&0x07;
- }
- }
- else
- {
- while (l--)
- {
- if (n == 0)
- {
- n2l(iv,v0); ti[0]=v0;
- n2l(iv,v1); ti[1]=v1;
- idea_encrypt((unsigned long *)ti,schedule);
- iv=(unsigned char *)ivec;
- t=ti[0]; l2n(t,iv);
- t=ti[1]; l2n(t,iv);
- iv=(unsigned char *)ivec;
- }
- cc= *(in++);
- c=iv[n];
- iv[n]=cc;
- *(out++)=c^cc;
- n=(n+1)&0x07;
- }
- }
- v0=v1=ti[0]=ti[1]=t=c=cc=0;
- *num=n;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cfb64.c (from rev 6976, vendor-crypto/openssl/dist/crypto/idea/i_cfb64.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cfb64.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/i_cfb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,123 @@
+/* crypto/idea/i_cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, IDEA_KEY_SCHEDULE *schedule,
+ unsigned char *ivec, int *num, int encrypt)
+{
+ register unsigned long v0, v1, t;
+ register int n = *num;
+ register long l = length;
+ unsigned long ti[2];
+ unsigned char *iv, c, cc;
+
+ iv = (unsigned char *)ivec;
+ if (encrypt) {
+ while (l--) {
+ if (n == 0) {
+ n2l(iv, v0);
+ ti[0] = v0;
+ n2l(iv, v1);
+ ti[1] = v1;
+ idea_encrypt((unsigned long *)ti, schedule);
+ iv = (unsigned char *)ivec;
+ t = ti[0];
+ l2n(t, iv);
+ t = ti[1];
+ l2n(t, iv);
+ iv = (unsigned char *)ivec;
+ }
+ c = *(in++) ^ iv[n];
+ *(out++) = c;
+ iv[n] = c;
+ n = (n + 1) & 0x07;
+ }
+ } else {
+ while (l--) {
+ if (n == 0) {
+ n2l(iv, v0);
+ ti[0] = v0;
+ n2l(iv, v1);
+ ti[1] = v1;
+ idea_encrypt((unsigned long *)ti, schedule);
+ iv = (unsigned char *)ivec;
+ t = ti[0];
+ l2n(t, iv);
+ t = ti[1];
+ l2n(t, iv);
+ iv = (unsigned char *)ivec;
+ }
+ cc = *(in++);
+ c = iv[n];
+ iv[n] = cc;
+ *(out++) = c ^ cc;
+ n = (n + 1) & 0x07;
+ }
+ }
+ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/idea/i_ecb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,85 +0,0 @@
-/* crypto/idea/i_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/idea.h>
-#include "idea_lcl.h"
-#include <openssl/opensslv.h>
-
-const char IDEA_version[]="IDEA" OPENSSL_VERSION_PTEXT;
-
-const char *idea_options(void)
- {
- if (sizeof(short) != sizeof(IDEA_INT))
- return("idea(int)");
- else
- return("idea(short)");
- }
-
-void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
- IDEA_KEY_SCHEDULE *ks)
- {
- unsigned long l0,l1,d[2];
-
- n2l(in,l0); d[0]=l0;
- n2l(in,l1); d[1]=l1;
- idea_encrypt(d,ks);
- l0=d[0]; l2n(l0,out);
- l1=d[1]; l2n(l1,out);
- l0=l1=d[0]=d[1]=0;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ecb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/idea/i_ecb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ecb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,88 @@
+/* crypto/idea/i_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+#include <openssl/opensslv.h>
+
+const char IDEA_version[] = "IDEA" OPENSSL_VERSION_PTEXT;
+
+const char *idea_options(void)
+{
+ if (sizeof(short) != sizeof(IDEA_INT))
+ return ("idea(int)");
+ else
+ return ("idea(short)");
+}
+
+void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ IDEA_KEY_SCHEDULE *ks)
+{
+ unsigned long l0, l1, d[2];
+
+ n2l(in, l0);
+ d[0] = l0;
+ n2l(in, l1);
+ d[1] = l1;
+ idea_encrypt(d, ks);
+ l0 = d[0];
+ l2n(l0, out);
+ l1 = d[1];
+ l2n(l1, out);
+ l0 = l1 = d[0] = d[1] = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ofb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/idea/i_ofb64.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ofb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,111 +0,0 @@
-/* crypto/idea/i_ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/idea.h>
-#include "idea_lcl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, IDEA_KEY_SCHEDULE *schedule,
- unsigned char *ivec, int *num)
- {
- register unsigned long v0,v1,t;
- register int n= *num;
- register long l=length;
- unsigned char d[8];
- register char *dp;
- unsigned long ti[2];
- unsigned char *iv;
- int save=0;
-
- iv=(unsigned char *)ivec;
- n2l(iv,v0);
- n2l(iv,v1);
- ti[0]=v0;
- ti[1]=v1;
- dp=(char *)d;
- l2n(v0,dp);
- l2n(v1,dp);
- while (l--)
- {
- if (n == 0)
- {
- idea_encrypt((unsigned long *)ti,schedule);
- dp=(char *)d;
- t=ti[0]; l2n(t,dp);
- t=ti[1]; l2n(t,dp);
- save++;
- }
- *(out++)= *(in++)^d[n];
- n=(n+1)&0x07;
- }
- if (save)
- {
- v0=ti[0];
- v1=ti[1];
- iv=(unsigned char *)ivec;
- l2n(v0,iv);
- l2n(v1,iv);
- }
- t=v0=v1=ti[0]=ti[1]=0;
- *num=n;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ofb64.c (from rev 6976, vendor-crypto/openssl/dist/crypto/idea/i_ofb64.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ofb64.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/i_ofb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,110 @@
+/* crypto/idea/i_ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/idea.h>
+#include "idea_lcl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, IDEA_KEY_SCHEDULE *schedule,
+ unsigned char *ivec, int *num)
+{
+ register unsigned long v0, v1, t;
+ register int n = *num;
+ register long l = length;
+ unsigned char d[8];
+ register char *dp;
+ unsigned long ti[2];
+ unsigned char *iv;
+ int save = 0;
+
+ iv = (unsigned char *)ivec;
+ n2l(iv, v0);
+ n2l(iv, v1);
+ ti[0] = v0;
+ ti[1] = v1;
+ dp = (char *)d;
+ l2n(v0, dp);
+ l2n(v1, dp);
+ while (l--) {
+ if (n == 0) {
+ idea_encrypt((unsigned long *)ti, schedule);
+ dp = (char *)d;
+ t = ti[0];
+ l2n(t, dp);
+ t = ti[1];
+ l2n(t, dp);
+ save++;
+ }
+ *(out++) = *(in++) ^ d[n];
+ n = (n + 1) & 0x07;
+ }
+ if (save) {
+ v0 = ti[0];
+ v1 = ti[1];
+ iv = (unsigned char *)ivec;
+ l2n(v0, iv);
+ l2n(v1, iv);
+ }
+ t = v0 = v1 = ti[0] = ti[1] = 0;
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/idea/i_skey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/idea/i_skey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/i_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,174 +0,0 @@
-/* crypto/idea/i_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/idea.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include "idea_lcl.h"
-
-static IDEA_INT inverse(unsigned int xin);
-
-#ifdef OPENSSL_FIPS
-void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
- {
- if (FIPS_mode())
- FIPS_BAD_ABORT(IDEA)
- private_idea_set_encrypt_key(key, ks);
- }
-void private_idea_set_encrypt_key(const unsigned char *key,
- IDEA_KEY_SCHEDULE *ks)
-#else
-void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-#endif
- {
- int i;
- register IDEA_INT *kt,*kf,r0,r1,r2;
-
- kt= &(ks->data[0][0]);
- n2s(key,kt[0]); n2s(key,kt[1]); n2s(key,kt[2]); n2s(key,kt[3]);
- n2s(key,kt[4]); n2s(key,kt[5]); n2s(key,kt[6]); n2s(key,kt[7]);
-
- kf=kt;
- kt+=8;
- for (i=0; i<6; i++)
- {
- r2= kf[1];
- r1= kf[2];
- *(kt++)= ((r2<<9) | (r1>>7))&0xffff;
- r0= kf[3];
- *(kt++)= ((r1<<9) | (r0>>7))&0xffff;
- r1= kf[4];
- *(kt++)= ((r0<<9) | (r1>>7))&0xffff;
- r0= kf[5];
- *(kt++)= ((r1<<9) | (r0>>7))&0xffff;
- r1= kf[6];
- *(kt++)= ((r0<<9) | (r1>>7))&0xffff;
- r0= kf[7];
- *(kt++)= ((r1<<9) | (r0>>7))&0xffff;
- r1= kf[0];
- if (i >= 5) break;
- *(kt++)= ((r0<<9) | (r1>>7))&0xffff;
- *(kt++)= ((r1<<9) | (r2>>7))&0xffff;
- kf+=8;
- }
- }
-
-void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
- {
- int r;
- register IDEA_INT *tp,t;
- const IDEA_INT *fp;
-
- tp= &(dk->data[0][0]);
- fp= &(ek->data[8][0]);
- for (r=0; r<9; r++)
- {
- *(tp++)=inverse(fp[0]);
- *(tp++)=((int)(0x10000L-fp[2])&0xffff);
- *(tp++)=((int)(0x10000L-fp[1])&0xffff);
- *(tp++)=inverse(fp[3]);
- if (r == 8) break;
- fp-=6;
- *(tp++)=fp[4];
- *(tp++)=fp[5];
- }
-
- tp= &(dk->data[0][0]);
- t=tp[1];
- tp[1]=tp[2];
- tp[2]=t;
-
- t=tp[49];
- tp[49]=tp[50];
- tp[50]=t;
- }
-
-/* taken directly from the 'paper' I'll have a look at it later */
-static IDEA_INT inverse(unsigned int xin)
- {
- long n1,n2,q,r,b1,b2,t;
-
- if (xin == 0)
- b2=0;
- else
- {
- n1=0x10001;
- n2=xin;
- b2=1;
- b1=0;
-
- do {
- r=(n1%n2);
- q=(n1-r)/n2;
- if (r == 0)
- { if (b2 < 0) b2=0x10001+b2; }
- else
- {
- n1=n2;
- n2=r;
- t=b2;
- b2=b1-q*b2;
- b1=t;
- }
- } while (r != 0);
- }
- return((IDEA_INT)b2);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/idea/i_skey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/idea/i_skey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/idea/i_skey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/i_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,180 @@
+/* crypto/idea/i_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/idea.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#include "idea_lcl.h"
+
+static IDEA_INT inverse(unsigned int xin);
+
+#ifdef OPENSSL_FIPS
+void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+{
+ if (FIPS_mode())
+ FIPS_BAD_ABORT(IDEA)
+ private_idea_set_encrypt_key(key, ks);
+}
+
+void private_idea_set_encrypt_key(const unsigned char *key,
+ IDEA_KEY_SCHEDULE *ks)
+#else
+void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+#endif
+{
+ int i;
+ register IDEA_INT *kt, *kf, r0, r1, r2;
+
+ kt = &(ks->data[0][0]);
+ n2s(key, kt[0]);
+ n2s(key, kt[1]);
+ n2s(key, kt[2]);
+ n2s(key, kt[3]);
+ n2s(key, kt[4]);
+ n2s(key, kt[5]);
+ n2s(key, kt[6]);
+ n2s(key, kt[7]);
+
+ kf = kt;
+ kt += 8;
+ for (i = 0; i < 6; i++) {
+ r2 = kf[1];
+ r1 = kf[2];
+ *(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff;
+ r0 = kf[3];
+ *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+ r1 = kf[4];
+ *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+ r0 = kf[5];
+ *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+ r1 = kf[6];
+ *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+ r0 = kf[7];
+ *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+ r1 = kf[0];
+ if (i >= 5)
+ break;
+ *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+ *(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff;
+ kf += 8;
+ }
+}
+
+void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
+{
+ int r;
+ register IDEA_INT *tp, t;
+ const IDEA_INT *fp;
+
+ tp = &(dk->data[0][0]);
+ fp = &(ek->data[8][0]);
+ for (r = 0; r < 9; r++) {
+ *(tp++) = inverse(fp[0]);
+ *(tp++) = ((int)(0x10000L - fp[2]) & 0xffff);
+ *(tp++) = ((int)(0x10000L - fp[1]) & 0xffff);
+ *(tp++) = inverse(fp[3]);
+ if (r == 8)
+ break;
+ fp -= 6;
+ *(tp++) = fp[4];
+ *(tp++) = fp[5];
+ }
+
+ tp = &(dk->data[0][0]);
+ t = tp[1];
+ tp[1] = tp[2];
+ tp[2] = t;
+
+ t = tp[49];
+ tp[49] = tp[50];
+ tp[50] = t;
+}
+
+/* taken directly from the 'paper' I'll have a look at it later */
+static IDEA_INT inverse(unsigned int xin)
+{
+ long n1, n2, q, r, b1, b2, t;
+
+ if (xin == 0)
+ b2 = 0;
+ else {
+ n1 = 0x10001;
+ n2 = xin;
+ b2 = 1;
+ b1 = 0;
+
+ do {
+ r = (n1 % n2);
+ q = (n1 - r) / n2;
+ if (r == 0) {
+ if (b2 < 0)
+ b2 = 0x10001 + b2;
+ } else {
+ n1 = n2;
+ n2 = r;
+ t = b2;
+ b2 = b1 - q * b2;
+ b1 = t;
+ }
+ } while (r != 0);
+ }
+ return ((IDEA_INT) b2);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/idea/idea.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/idea/idea.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/idea.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,103 +0,0 @@
-/* crypto/idea/idea.h */
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_IDEA_H
-#define HEADER_IDEA_H
-
-#include <openssl/opensslconf.h> /* IDEA_INT, OPENSSL_NO_IDEA */
-
-#ifdef OPENSSL_NO_IDEA
-#error IDEA is disabled.
-#endif
-
-#define IDEA_ENCRYPT 1
-#define IDEA_DECRYPT 0
-
-#define IDEA_BLOCK 8
-#define IDEA_KEY_LENGTH 16
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct idea_key_st
- {
- IDEA_INT data[9][6];
- } IDEA_KEY_SCHEDULE;
-
-const char *idea_options(void);
-void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
- IDEA_KEY_SCHEDULE *ks);
-#ifdef OPENSSL_FIPS
-void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-#endif
-void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
-void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
- long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
-void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
- int *num,int enc);
-void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);
-void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/idea/idea.h (from rev 6976, vendor-crypto/openssl/dist/crypto/idea/idea.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/idea/idea.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/idea.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,105 @@
+/* crypto/idea/idea.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_IDEA_H
+# define HEADER_IDEA_H
+
+# include <openssl/opensslconf.h>/* IDEA_INT, OPENSSL_NO_IDEA */
+
+# ifdef OPENSSL_NO_IDEA
+# error IDEA is disabled.
+# endif
+
+# define IDEA_ENCRYPT 1
+# define IDEA_DECRYPT 0
+
+# define IDEA_BLOCK 8
+# define IDEA_KEY_LENGTH 16
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct idea_key_st {
+ IDEA_INT data[9][6];
+} IDEA_KEY_SCHEDULE;
+
+const char *idea_options(void);
+void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ IDEA_KEY_SCHEDULE *ks);
+# ifdef OPENSSL_FIPS
+void private_idea_set_encrypt_key(const unsigned char *key,
+ IDEA_KEY_SCHEDULE *ks);
+# endif
+void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
+void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+ int enc);
+void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+ int *num, int enc);
+void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+ int *num);
+void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_lcl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/idea/idea_lcl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,215 +0,0 @@
-/* crypto/idea/idea_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* The new form of this macro (check if the a*b == 0) was suggested by
- * Colin Plumb <colin at nyx10.cs.du.edu> */
-/* Removal of the inner if from from Wei Dai 24/4/96 */
-#define idea_mul(r,a,b,ul) \
-ul=(unsigned long)a*b; \
-if (ul != 0) \
- { \
- r=(ul&0xffff)-(ul>>16); \
- r-=((r)>>16); \
- } \
-else \
- r=(-(int)a-b+1); /* assuming a or b is 0 and in range */
-
-#ifdef undef
-#define idea_mul(r,a,b,ul,sl) \
-if (a == 0) r=(0x10001-b)&0xffff; \
-else if (b == 0) r=(0x10001-a)&0xffff; \
-else { \
- ul=(unsigned long)a*b; \
- sl=(ul&0xffff)-(ul>>16); \
- if (sl <= 0) sl+=0x10001; \
- r=sl; \
- }
-#endif
-
-/* 7/12/95 - Many thanks to Rhys Weatherley <rweather at us.oracle.com>
- * for pointing out that I was assuming little endian
- * byte order for all quantities what idea
- * actually used bigendian. No where in the spec does it mention
- * this, it is all in terms of 16 bit numbers and even the example
- * does not use byte streams for the input example :-(.
- * If you byte swap each pair of input, keys and iv, the functions
- * would produce the output as the old version :-(.
- */
-
-/* NOTE - c is not incremented as per n2l */
-#define n2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c)))) ; \
- case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
- case 6: l2|=((unsigned long)(*(--(c))))<<16; \
- case 5: l2|=((unsigned long)(*(--(c))))<<24; \
- case 4: l1 =((unsigned long)(*(--(c)))) ; \
- case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
- case 2: l1|=((unsigned long)(*(--(c))))<<16; \
- case 1: l1|=((unsigned long)(*(--(c))))<<24; \
- } \
- }
-
-/* NOTE - c is not incremented as per l2n */
-#define l2nn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
- } \
- }
-
-#undef n2l
-#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
- l|=((unsigned long)(*((c)++)))<<16L, \
- l|=((unsigned long)(*((c)++)))<< 8L, \
- l|=((unsigned long)(*((c)++))))
-
-#undef l2n
-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-#undef s2n
-#define s2n(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff))
-
-#undef n2s
-#define n2s(c,l) (l =((IDEA_INT)(*((c)++)))<< 8L, \
- l|=((IDEA_INT)(*((c)++))) )
-
-#ifdef undef
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c))))<<24; \
- case 7: l2|=((unsigned long)(*(--(c))))<<16; \
- case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
- case 5: l2|=((unsigned long)(*(--(c)))); \
- case 4: l1 =((unsigned long)(*(--(c))))<<24; \
- case 3: l1|=((unsigned long)(*(--(c))))<<16; \
- case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
- case 1: l1|=((unsigned long)(*(--(c)))); \
- } \
- }
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
- } \
- }
-
-#undef c2s
-#define c2s(c,l) (l =((unsigned long)(*((c)++))) , \
- l|=((unsigned long)(*((c)++)))<< 8L)
-
-#undef s2c
-#define s2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff))
-
-#undef c2l
-#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
- l|=((unsigned long)(*((c)++)))<< 8L, \
- l|=((unsigned long)(*((c)++)))<<16L, \
- l|=((unsigned long)(*((c)++)))<<24L)
-
-#undef l2c
-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-#endif
-
-#define E_IDEA(num) \
- x1&=0xffff; \
- idea_mul(x1,x1,*p,ul); p++; \
- x2+= *(p++); \
- x3+= *(p++); \
- x4&=0xffff; \
- idea_mul(x4,x4,*p,ul); p++; \
- t0=(x1^x3)&0xffff; \
- idea_mul(t0,t0,*p,ul); p++; \
- t1=(t0+(x2^x4))&0xffff; \
- idea_mul(t1,t1,*p,ul); p++; \
- t0+=t1; \
- x1^=t1; \
- x4^=t0; \
- ul=x2^t0; /* do the swap to x3 */ \
- x2=x3^t1; \
- x3=ul;
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_lcl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/idea/idea_lcl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_lcl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,216 @@
+/* crypto/idea/idea_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * The new form of this macro (check if the a*b == 0) was suggested by Colin
+ * Plumb <colin at nyx10.cs.du.edu>
+ */
+/* Removal of the inner if from from Wei Dai 24/4/96 */
+#define idea_mul(r,a,b,ul) \
+ul=(unsigned long)a*b; \
+if (ul != 0) \
+ { \
+ r=(ul&0xffff)-(ul>>16); \
+ r-=((r)>>16); \
+ } \
+else \
+ r=(-(int)a-b+1); /* assuming a or b is 0 and in range */
+
+#ifdef undef
+# define idea_mul(r,a,b,ul,sl) \
+if (a == 0) r=(0x10001-b)&0xffff; \
+else if (b == 0) r=(0x10001-a)&0xffff; \
+else { \
+ ul=(unsigned long)a*b; \
+ sl=(ul&0xffff)-(ul>>16); \
+ if (sl <= 0) sl+=0x10001; \
+ r=sl; \
+ }
+#endif
+
+/*
+ * 7/12/95 - Many thanks to Rhys Weatherley <rweather at us.oracle.com> for
+ * pointing out that I was assuming little endian byte order for all
+ * quantities what idea actually used bigendian. No where in the spec does
+ * it mention this, it is all in terms of 16 bit numbers and even the example
+ * does not use byte streams for the input example :-(. If you byte swap each
+ * pair of input, keys and iv, the functions would produce the output as the
+ * old version :-(.
+ */
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c)))) ; \
+ case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+ case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+ case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+ case 4: l1 =((unsigned long)(*(--(c)))) ; \
+ case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+ case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+ case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+ } \
+ }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+ } \
+ }
+
+#undef n2l
+#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+#undef s2n
+#define s2n(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff))
+
+#undef n2s
+#define n2s(c,l) (l =((IDEA_INT)(*((c)++)))<< 8L, \
+ l|=((IDEA_INT)(*((c)++))) )
+
+#ifdef undef
+/* NOTE - c is not incremented as per c2l */
+# define c2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c))))<<24; \
+ case 7: l2|=((unsigned long)(*(--(c))))<<16; \
+ case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
+ case 5: l2|=((unsigned long)(*(--(c)))); \
+ case 4: l1 =((unsigned long)(*(--(c))))<<24; \
+ case 3: l1|=((unsigned long)(*(--(c))))<<16; \
+ case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
+ case 1: l1|=((unsigned long)(*(--(c)))); \
+ } \
+ }
+
+/* NOTE - c is not incremented as per l2c */
+# define l2cn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ } \
+ }
+
+# undef c2s
+# define c2s(c,l) (l =((unsigned long)(*((c)++))) , \
+ l|=((unsigned long)(*((c)++)))<< 8L)
+
+# undef s2c
+# define s2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff))
+
+# undef c2l
+# define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<<24L)
+
+# undef l2c
+# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+#endif
+
+#define E_IDEA(num) \
+ x1&=0xffff; \
+ idea_mul(x1,x1,*p,ul); p++; \
+ x2+= *(p++); \
+ x3+= *(p++); \
+ x4&=0xffff; \
+ idea_mul(x4,x4,*p,ul); p++; \
+ t0=(x1^x3)&0xffff; \
+ idea_mul(t0,t0,*p,ul); p++; \
+ t1=(t0+(x2^x4))&0xffff; \
+ idea_mul(t1,t1,*p,ul); p++; \
+ t0+=t1; \
+ x1^=t1; \
+ x4^=t0; \
+ ul=x2^t0; /* do the swap to x3 */ \
+ x2=x3^t1; \
+ x3=ul;
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_spd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/idea/idea_spd.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_spd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,299 +0,0 @@
-/* crypto/idea/idea_spd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/idea.h>
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-#ifndef CLK_TCK
-#define HZ 100.0
-#else /* CLK_TCK */
-#define HZ ((double)CLK_TCK)
-#endif
-#endif
-
-#define BUFSIZE ((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-double Time_F(int s)
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
- }
-
-int main(int argc, char **argv)
- {
- long count;
- static unsigned char buf[BUFSIZE];
- static unsigned char key[] ={
- 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
- };
- IDEA_KEY_SCHEDULE sch;
- double a,aa,b,c,d;
-#ifndef SIGALRM
- long ca,cca,cb,cc;
-#endif
-
-#ifndef TIMES
- printf("To get the most accurate results, try to run this\n");
- printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
- printf("First we calculate the approximate speed ...\n");
- idea_set_encrypt_key(key,&sch);
- count=10;
- do {
- long i;
- IDEA_INT data[2];
-
- count*=2;
- Time_F(START);
- for (i=count; i; i--)
- idea_encrypt(data,&sch);
- d=Time_F(STOP);
- } while (d < 3.0);
- ca=count/4;
- cca=count/200;
- cb=count;
- cc=count*8/BUFSIZE+1;
- printf("idea_set_encrypt_key %ld times\n",ca);
-#define COND(d) (count <= (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
- printf("Doing idea_set_encrypt_key for 10 seconds\n");
- alarm(10);
-#endif
-
- Time_F(START);
- for (count=0,run=1; COND(ca); count+=4)
- {
- idea_set_encrypt_key(key,&sch);
- idea_set_encrypt_key(key,&sch);
- idea_set_encrypt_key(key,&sch);
- idea_set_encrypt_key(key,&sch);
- }
- d=Time_F(STOP);
- printf("%ld idea idea_set_encrypt_key's in %.2f seconds\n",count,d);
- a=((double)COUNT(ca))/d;
-
-#ifdef SIGALRM
- printf("Doing idea_set_decrypt_key for 10 seconds\n");
- alarm(10);
-#else
- printf("Doing idea_set_decrypt_key %ld times\n",cca);
-#endif
-
- Time_F(START);
- for (count=0,run=1; COND(cca); count+=4)
- {
- idea_set_decrypt_key(&sch,&sch);
- idea_set_decrypt_key(&sch,&sch);
- idea_set_decrypt_key(&sch,&sch);
- idea_set_decrypt_key(&sch,&sch);
- }
- d=Time_F(STOP);
- printf("%ld idea idea_set_decrypt_key's in %.2f seconds\n",count,d);
- aa=((double)COUNT(cca))/d;
-
-#ifdef SIGALRM
- printf("Doing idea_encrypt's for 10 seconds\n");
- alarm(10);
-#else
- printf("Doing idea_encrypt %ld times\n",cb);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cb); count+=4)
- {
- unsigned long data[2];
-
- idea_encrypt(data,&sch);
- idea_encrypt(data,&sch);
- idea_encrypt(data,&sch);
- idea_encrypt(data,&sch);
- }
- d=Time_F(STOP);
- printf("%ld idea_encrypt's in %.2f second\n",count,d);
- b=((double)COUNT(cb)*8)/d;
-
-#ifdef SIGALRM
- printf("Doing idea_cbc_encrypt on %ld byte blocks for 10 seconds\n",
- BUFSIZE);
- alarm(10);
-#else
- printf("Doing idea_cbc_encrypt %ld times on %ld byte blocks\n",cc,
- BUFSIZE);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cc); count++)
- idea_cbc_encrypt(buf,buf,BUFSIZE,&sch,
- &(key[0]),IDEA_ENCRYPT);
- d=Time_F(STOP);
- printf("%ld idea_cbc_encrypt's of %ld byte blocks in %.2f second\n",
- count,BUFSIZE,d);
- c=((double)COUNT(cc)*BUFSIZE)/d;
-
- printf("IDEA set_encrypt_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
- printf("IDEA set_decrypt_key per sec = %12.2f (%9.3fuS)\n",aa,1.0e6/aa);
- printf("IDEA raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
- printf("IDEA cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
- exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
- return(0);
-#endif
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_spd.c (from rev 6976, vendor-crypto/openssl/dist/crypto/idea/idea_spd.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_spd.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/idea_spd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,283 @@
+/* crypto/idea/idea_spd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+# define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+#endif
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+ /*
+ * Depending on the VMS version, the tms structure is perhaps defined.
+ * The __TMS macro will show if it was. If it wasn't defined, we should
+ * undefine TIMES, since that tells the rest of the program how things
+ * should be handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+#ifndef TIMES
+# include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+#include <openssl/idea.h>
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# define HZ 100.0
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run = 0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi) || defined(_AIX)
+# define SIGRETTYPE void
+# else
+# define SIGRETTYPE int
+# endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+{
+ signal(SIGALRM, sig_done);
+ run = 0;
+# ifdef LINT
+ sig = sig;
+# endif
+}
+#endif
+
+#define START 0
+#define STOP 1
+
+double Time_F(int s)
+{
+ double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#endif
+}
+
+int main(int argc, char **argv)
+{
+ long count;
+ static unsigned char buf[BUFSIZE];
+ static unsigned char key[] = {
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+ };
+ IDEA_KEY_SCHEDULE sch;
+ double a, aa, b, c, d;
+#ifndef SIGALRM
+ long ca, cca, cb, cc;
+#endif
+
+#ifndef TIMES
+ printf("To get the most accurate results, try to run this\n");
+ printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+ printf("First we calculate the approximate speed ...\n");
+ idea_set_encrypt_key(key, &sch);
+ count = 10;
+ do {
+ long i;
+ IDEA_INT data[2];
+
+ count *= 2;
+ Time_F(START);
+ for (i = count; i; i--)
+ idea_encrypt(data, &sch);
+ d = Time_F(STOP);
+ } while (d < 3.0);
+ ca = count / 4;
+ cca = count / 200;
+ cb = count;
+ cc = count * 8 / BUFSIZE + 1;
+ printf("idea_set_encrypt_key %ld times\n", ca);
+# define COND(d) (count <= (d))
+# define COUNT(d) (d)
+#else
+# define COND(c) (run)
+# define COUNT(d) (count)
+ signal(SIGALRM, sig_done);
+ printf("Doing idea_set_encrypt_key for 10 seconds\n");
+ alarm(10);
+#endif
+
+ Time_F(START);
+ for (count = 0, run = 1; COND(ca); count += 4) {
+ idea_set_encrypt_key(key, &sch);
+ idea_set_encrypt_key(key, &sch);
+ idea_set_encrypt_key(key, &sch);
+ idea_set_encrypt_key(key, &sch);
+ }
+ d = Time_F(STOP);
+ printf("%ld idea idea_set_encrypt_key's in %.2f seconds\n", count, d);
+ a = ((double)COUNT(ca)) / d;
+
+#ifdef SIGALRM
+ printf("Doing idea_set_decrypt_key for 10 seconds\n");
+ alarm(10);
+#else
+ printf("Doing idea_set_decrypt_key %ld times\n", cca);
+#endif
+
+ Time_F(START);
+ for (count = 0, run = 1; COND(cca); count += 4) {
+ idea_set_decrypt_key(&sch, &sch);
+ idea_set_decrypt_key(&sch, &sch);
+ idea_set_decrypt_key(&sch, &sch);
+ idea_set_decrypt_key(&sch, &sch);
+ }
+ d = Time_F(STOP);
+ printf("%ld idea idea_set_decrypt_key's in %.2f seconds\n", count, d);
+ aa = ((double)COUNT(cca)) / d;
+
+#ifdef SIGALRM
+ printf("Doing idea_encrypt's for 10 seconds\n");
+ alarm(10);
+#else
+ printf("Doing idea_encrypt %ld times\n", cb);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cb); count += 4) {
+ unsigned long data[2];
+
+ idea_encrypt(data, &sch);
+ idea_encrypt(data, &sch);
+ idea_encrypt(data, &sch);
+ idea_encrypt(data, &sch);
+ }
+ d = Time_F(STOP);
+ printf("%ld idea_encrypt's in %.2f second\n", count, d);
+ b = ((double)COUNT(cb) * 8) / d;
+
+#ifdef SIGALRM
+ printf("Doing idea_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+ BUFSIZE);
+ alarm(10);
+#else
+ printf("Doing idea_cbc_encrypt %ld times on %ld byte blocks\n", cc,
+ BUFSIZE);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cc); count++)
+ idea_cbc_encrypt(buf, buf, BUFSIZE, &sch, &(key[0]), IDEA_ENCRYPT);
+ d = Time_F(STOP);
+ printf("%ld idea_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+ count, BUFSIZE, d);
+ c = ((double)COUNT(cc) * BUFSIZE) / d;
+
+ printf("IDEA set_encrypt_key per sec = %12.2f (%9.3fuS)\n", a, 1.0e6 / a);
+ printf("IDEA set_decrypt_key per sec = %12.2f (%9.3fuS)\n", aa,
+ 1.0e6 / aa);
+ printf("IDEA raw ecb bytes per sec = %12.2f (%9.3fuS)\n", b, 8.0e6 / b);
+ printf("IDEA cbc bytes per sec = %12.2f (%9.3fuS)\n", c, 8.0e6 / c);
+ exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+ return (0);
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/idea/ideatest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/idea/ideatest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/ideatest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,235 +0,0 @@
-/* crypto/idea/ideatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_IDEA
-int main(int argc, char *argv[])
-{
- printf("No IDEA support\n");
- return(0);
-}
-#else
-#include <openssl/idea.h>
-
-unsigned char k[16]={
- 0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
- 0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
-
-unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
-unsigned char c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
-unsigned char out[80];
-
-char *text="Hello to all people out there";
-
-static unsigned char cfb_key[16]={
- 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
- 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
- };
-static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
-static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
-#define CFB_TEST_SIZE 24
-static unsigned char plain[CFB_TEST_SIZE]=
- {
- 0x4e,0x6f,0x77,0x20,0x69,0x73,
- 0x20,0x74,0x68,0x65,0x20,0x74,
- 0x69,0x6d,0x65,0x20,0x66,0x6f,
- 0x72,0x20,0x61,0x6c,0x6c,0x20
- };
-static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
- 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
- 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
- 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
-
-/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
- 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
- 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
- };
-
-static int cfb64_test(unsigned char *cfb_cipher);
-static char *pt(unsigned char *p);
-int main(int argc, char *argv[])
- {
- int i,err=0;
- IDEA_KEY_SCHEDULE key,dkey;
- unsigned char iv[8];
-
- idea_set_encrypt_key(k,&key);
- idea_ecb_encrypt(in,out,&key);
- if (memcmp(out,c,8) != 0)
- {
- printf("ecb idea error encrypting\n");
- printf("got :");
- for (i=0; i<8; i++)
- printf("%02X ",out[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<8; i++)
- printf("%02X ",c[i]);
- err=20;
- printf("\n");
- }
-
- idea_set_decrypt_key(&key,&dkey);
- idea_ecb_encrypt(c,out,&dkey);
- if (memcmp(out,in,8) != 0)
- {
- printf("ecb idea error decrypting\n");
- printf("got :");
- for (i=0; i<8; i++)
- printf("%02X ",out[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<8; i++)
- printf("%02X ",in[i]);
- printf("\n");
- err=3;
- }
-
- if (err == 0) printf("ecb idea ok\n");
-
- memcpy(iv,k,8);
- idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
- memcpy(iv,k,8);
- idea_cbc_encrypt(out,out,8,&dkey,iv,0);
- idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
- if (memcmp(text,out,strlen(text)+1) != 0)
- {
- printf("cbc idea bad\n");
- err=4;
- }
- else
- printf("cbc idea ok\n");
-
- printf("cfb64 idea ");
- if (cfb64_test(cfb_cipher64))
- {
- printf("bad\n");
- err=5;
- }
- else
- printf("ok\n");
-
-#ifdef OPENSSL_SYS_NETWARE
- if (err) printf("ERROR: %d\n", err);
-#endif
- EXIT(err);
- return(err);
- }
-
-static int cfb64_test(unsigned char *cfb_cipher)
- {
- IDEA_KEY_SCHEDULE eks,dks;
- int err=0,i,n;
-
- idea_set_encrypt_key(cfb_key,&eks);
- idea_set_decrypt_key(&eks,&dks);
- memcpy(cfb_tmp,cfb_iv,8);
- n=0;
- idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
- cfb_tmp,&n,IDEA_ENCRYPT);
- idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
- (long)CFB_TEST_SIZE-12,&eks,
- cfb_tmp,&n,IDEA_ENCRYPT);
- if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
- {
- err=1;
- printf("idea_cfb64_encrypt encrypt error\n");
- for (i=0; i<CFB_TEST_SIZE; i+=8)
- printf("%s\n",pt(&(cfb_buf1[i])));
- }
- memcpy(cfb_tmp,cfb_iv,8);
- n=0;
- idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)13,&eks,
- cfb_tmp,&n,IDEA_DECRYPT);
- idea_cfb64_encrypt(&(cfb_buf1[13]),&(cfb_buf2[13]),
- (long)CFB_TEST_SIZE-13,&eks,
- cfb_tmp,&n,IDEA_DECRYPT);
- if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
- {
- err=1;
- printf("idea_cfb_encrypt decrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf2[i])));
- }
- return(err);
- }
-
-static char *pt(unsigned char *p)
- {
- static char bufs[10][20];
- static int bnum=0;
- char *ret;
- int i;
- static char *f="0123456789ABCDEF";
-
- ret= &(bufs[bnum++][0]);
- bnum%=10;
- for (i=0; i<8; i++)
- {
- ret[i*2]=f[(p[i]>>4)&0xf];
- ret[i*2+1]=f[p[i]&0xf];
- }
- ret[16]='\0';
- return(ret);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/idea/ideatest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/idea/ideatest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/idea/ideatest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/idea/ideatest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,232 @@
+/* crypto/idea/ideatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_IDEA
+int main(int argc, char *argv[])
+{
+ printf("No IDEA support\n");
+ return (0);
+}
+#else
+# include <openssl/idea.h>
+
+unsigned char k[16] = {
+ 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
+ 0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08
+};
+
+unsigned char in[8] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 };
+unsigned char c[8] = { 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 };
+
+unsigned char out[80];
+
+char *text = "Hello to all people out there";
+
+static unsigned char cfb_key[16] = {
+ 0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96,
+ 0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e,
+};
+static unsigned char cfb_iv[80] =
+ { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd };
+static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
+# define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE] = {
+ 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
+ 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
+ 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
+};
+
+static unsigned char cfb_cipher64[CFB_TEST_SIZE] = {
+ 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
+ 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
+ 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+ 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+ 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+};
+
+static int cfb64_test(unsigned char *cfb_cipher);
+static char *pt(unsigned char *p);
+int main(int argc, char *argv[])
+{
+ int i, err = 0;
+ IDEA_KEY_SCHEDULE key, dkey;
+ unsigned char iv[8];
+
+ idea_set_encrypt_key(k, &key);
+ idea_ecb_encrypt(in, out, &key);
+ if (memcmp(out, c, 8) != 0) {
+ printf("ecb idea error encrypting\n");
+ printf("got :");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", c[i]);
+ err = 20;
+ printf("\n");
+ }
+
+ idea_set_decrypt_key(&key, &dkey);
+ idea_ecb_encrypt(c, out, &dkey);
+ if (memcmp(out, in, 8) != 0) {
+ printf("ecb idea error decrypting\n");
+ printf("got :");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", out[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", in[i]);
+ printf("\n");
+ err = 3;
+ }
+
+ if (err == 0)
+ printf("ecb idea ok\n");
+
+ memcpy(iv, k, 8);
+ idea_cbc_encrypt((unsigned char *)text, out, strlen(text) + 1, &key, iv,
+ 1);
+ memcpy(iv, k, 8);
+ idea_cbc_encrypt(out, out, 8, &dkey, iv, 0);
+ idea_cbc_encrypt(&(out[8]), &(out[8]), strlen(text) + 1 - 8, &dkey, iv,
+ 0);
+ if (memcmp(text, out, strlen(text) + 1) != 0) {
+ printf("cbc idea bad\n");
+ err = 4;
+ } else
+ printf("cbc idea ok\n");
+
+ printf("cfb64 idea ");
+ if (cfb64_test(cfb_cipher64)) {
+ printf("bad\n");
+ err = 5;
+ } else
+ printf("ok\n");
+
+# ifdef OPENSSL_SYS_NETWARE
+ if (err)
+ printf("ERROR: %d\n", err);
+# endif
+ EXIT(err);
+ return (err);
+}
+
+static int cfb64_test(unsigned char *cfb_cipher)
+{
+ IDEA_KEY_SCHEDULE eks, dks;
+ int err = 0, i, n;
+
+ idea_set_encrypt_key(cfb_key, &eks);
+ idea_set_decrypt_key(&eks, &dks);
+ memcpy(cfb_tmp, cfb_iv, 8);
+ n = 0;
+ idea_cfb64_encrypt(plain, cfb_buf1, (long)12, &eks,
+ cfb_tmp, &n, IDEA_ENCRYPT);
+ idea_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]),
+ (long)CFB_TEST_SIZE - 12, &eks,
+ cfb_tmp, &n, IDEA_ENCRYPT);
+ if (memcmp(cfb_cipher, cfb_buf1, CFB_TEST_SIZE) != 0) {
+ err = 1;
+ printf("idea_cfb64_encrypt encrypt error\n");
+ for (i = 0; i < CFB_TEST_SIZE; i += 8)
+ printf("%s\n", pt(&(cfb_buf1[i])));
+ }
+ memcpy(cfb_tmp, cfb_iv, 8);
+ n = 0;
+ idea_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)13, &eks,
+ cfb_tmp, &n, IDEA_DECRYPT);
+ idea_cfb64_encrypt(&(cfb_buf1[13]), &(cfb_buf2[13]),
+ (long)CFB_TEST_SIZE - 13, &eks,
+ cfb_tmp, &n, IDEA_DECRYPT);
+ if (memcmp(plain, cfb_buf2, CFB_TEST_SIZE) != 0) {
+ err = 1;
+ printf("idea_cfb_encrypt decrypt error\n");
+ for (i = 0; i < 24; i += 8)
+ printf("%s\n", pt(&(cfb_buf2[i])));
+ }
+ return (err);
+}
+
+static char *pt(unsigned char *p)
+{
+ static char bufs[10][20];
+ static int bnum = 0;
+ char *ret;
+ int i;
+ static char *f = "0123456789ABCDEF";
+
+ ret = &(bufs[bnum++][0]);
+ bnum %= 10;
+ for (i = 0; i < 8; i++) {
+ ret[i * 2] = f[(p[i] >> 4) & 0xf];
+ ret[i * 2 + 1] = f[p[i] & 0xf];
+ }
+ ret[16] = '\0';
+ return (ret);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/jpake/jpake.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,513 +0,0 @@
-#include "jpake.h"
-
-#include <openssl/crypto.h>
-#include <openssl/sha.h>
-#include <openssl/err.h>
-#include <memory.h>
-#include <assert.h>
-
-/*
- * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or
- * Bob's (x3, x4, x1, x2). If you see what I mean.
- */
-
-typedef struct
- {
- char *name; /* Must be unique */
- char *peer_name;
- BIGNUM *p;
- BIGNUM *g;
- BIGNUM *q;
- BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */
- BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */
- } JPAKE_CTX_PUBLIC;
-
-struct JPAKE_CTX
- {
- JPAKE_CTX_PUBLIC p;
- BIGNUM *secret; /* The shared secret */
- BN_CTX *ctx;
- BIGNUM *xa; /* Alice's x1 or Bob's x3 */
- BIGNUM *xb; /* Alice's x2 or Bob's x4 */
- BIGNUM *key; /* The calculated (shared) key */
- };
-
-static void JPAKE_ZKP_init(JPAKE_ZKP *zkp)
- {
- zkp->gr = BN_new();
- zkp->b = BN_new();
- }
-
-static void JPAKE_ZKP_release(JPAKE_ZKP *zkp)
- {
- BN_free(zkp->b);
- BN_free(zkp->gr);
- }
-
-/* Two birds with one stone - make the global name as expected */
-#define JPAKE_STEP_PART_init JPAKE_STEP2_init
-#define JPAKE_STEP_PART_release JPAKE_STEP2_release
-
-void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p)
- {
- p->gx = BN_new();
- JPAKE_ZKP_init(&p->zkpx);
- }
-
-void JPAKE_STEP_PART_release(JPAKE_STEP_PART *p)
- {
- JPAKE_ZKP_release(&p->zkpx);
- BN_free(p->gx);
- }
-
-void JPAKE_STEP1_init(JPAKE_STEP1 *s1)
- {
- JPAKE_STEP_PART_init(&s1->p1);
- JPAKE_STEP_PART_init(&s1->p2);
- }
-
-void JPAKE_STEP1_release(JPAKE_STEP1 *s1)
- {
- JPAKE_STEP_PART_release(&s1->p2);
- JPAKE_STEP_PART_release(&s1->p1);
- }
-
-static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name,
- const char *peer_name, const BIGNUM *p,
- const BIGNUM *g, const BIGNUM *q,
- const BIGNUM *secret)
- {
- ctx->p.name = OPENSSL_strdup(name);
- ctx->p.peer_name = OPENSSL_strdup(peer_name);
- ctx->p.p = BN_dup(p);
- ctx->p.g = BN_dup(g);
- ctx->p.q = BN_dup(q);
- ctx->secret = BN_dup(secret);
-
- ctx->p.gxc = BN_new();
- ctx->p.gxd = BN_new();
-
- ctx->xa = BN_new();
- ctx->xb = BN_new();
- ctx->key = BN_new();
- ctx->ctx = BN_CTX_new();
- }
-
-static void JPAKE_CTX_release(JPAKE_CTX *ctx)
- {
- BN_CTX_free(ctx->ctx);
- BN_clear_free(ctx->key);
- BN_clear_free(ctx->xb);
- BN_clear_free(ctx->xa);
-
- BN_free(ctx->p.gxd);
- BN_free(ctx->p.gxc);
-
- BN_clear_free(ctx->secret);
- BN_free(ctx->p.q);
- BN_free(ctx->p.g);
- BN_free(ctx->p.p);
- OPENSSL_free(ctx->p.peer_name);
- OPENSSL_free(ctx->p.name);
-
- memset(ctx, '\0', sizeof *ctx);
- }
-
-JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
- const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
- const BIGNUM *secret)
- {
- JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
-
- JPAKE_CTX_init(ctx, name, peer_name, p, g, q, secret);
-
- return ctx;
- }
-
-void JPAKE_CTX_free(JPAKE_CTX *ctx)
- {
- JPAKE_CTX_release(ctx);
- OPENSSL_free(ctx);
- }
-
-static void hashlength(SHA_CTX *sha, size_t l)
- {
- unsigned char b[2];
-
- assert(l <= 0xffff);
- b[0] = l >> 8;
- b[1] = l&0xff;
- SHA1_Update(sha, b, 2);
- }
-
-static void hashstring(SHA_CTX *sha, const char *string)
- {
- size_t l = strlen(string);
-
- hashlength(sha, l);
- SHA1_Update(sha, string, l);
- }
-
-static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
- {
- size_t l = BN_num_bytes(bn);
- unsigned char *bin = OPENSSL_malloc(l);
-
- hashlength(sha, l);
- BN_bn2bin(bn, bin);
- SHA1_Update(sha, bin, l);
- OPENSSL_free(bin);
- }
-
-/* h=hash(g, g^r, g^x, name) */
-static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p,
- const char *proof_name)
- {
- unsigned char md[SHA_DIGEST_LENGTH];
- SHA_CTX sha;
-
- /*
- * XXX: hash should not allow moving of the boundaries - Java code
- * is flawed in this respect. Length encoding seems simplest.
- */
- SHA1_Init(&sha);
- hashbn(&sha, zkpg);
- assert(!BN_is_zero(p->zkpx.gr));
- hashbn(&sha, p->zkpx.gr);
- hashbn(&sha, p->gx);
- hashstring(&sha, proof_name);
- SHA1_Final(md, &sha);
- BN_bin2bn(md, SHA_DIGEST_LENGTH, h);
- }
-
-/*
- * Prove knowledge of x
- * Note that p->gx has already been calculated
- */
-static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
- const BIGNUM *zkpg, JPAKE_CTX *ctx)
- {
- BIGNUM *r = BN_new();
- BIGNUM *h = BN_new();
- BIGNUM *t = BN_new();
-
- /*
- * r in [0,q)
- * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
- */
- BN_rand_range(r, ctx->p.q);
- /* g^r */
- BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx);
-
- /* h=hash... */
- zkp_hash(h, zkpg, p, ctx->p.name);
-
- /* b = r - x*h */
- BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx);
- BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx);
-
- /* cleanup */
- BN_free(t);
- BN_free(h);
- BN_free(r);
- }
-
-static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg,
- JPAKE_CTX *ctx)
- {
- BIGNUM *h = BN_new();
- BIGNUM *t1 = BN_new();
- BIGNUM *t2 = BN_new();
- BIGNUM *t3 = BN_new();
- int ret = 0;
-
- zkp_hash(h, zkpg, p, ctx->p.peer_name);
-
- /* t1 = g^b */
- BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx);
- /* t2 = (g^x)^h = g^{hx} */
- BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx);
- /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */
- BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx);
-
- /* verify t3 == g^r */
- if(BN_cmp(t3, p->zkpx.gr) == 0)
- ret = 1;
- else
- JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED);
-
- /* cleanup */
- BN_free(t3);
- BN_free(t2);
- BN_free(t1);
- BN_free(h);
-
- return ret;
- }
-
-static void generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x,
- const BIGNUM *g, JPAKE_CTX *ctx)
- {
- BN_mod_exp(p->gx, g, x, ctx->p.p, ctx->ctx);
- generate_zkp(p, x, g, ctx);
- }
-
-/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */
-static void genrand(JPAKE_CTX *ctx)
- {
- BIGNUM *qm1;
-
- /* xa in [0, q) */
- BN_rand_range(ctx->xa, ctx->p.q);
-
- /* q-1 */
- qm1 = BN_new();
- BN_copy(qm1, ctx->p.q);
- BN_sub_word(qm1, 1);
-
- /* ... and xb in [0, q-1) */
- BN_rand_range(ctx->xb, qm1);
- /* [1, q) */
- BN_add_word(ctx->xb, 1);
-
- /* cleanup */
- BN_free(qm1);
- }
-
-int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
- {
- genrand(ctx);
- generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx);
- generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx);
-
- return 1;
- }
-
-/* g^x is a legal value */
-static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
- {
- BIGNUM *t;
- int res;
-
- if(BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
- return 0;
-
- t = BN_new();
- BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
- res = BN_is_one(t);
- BN_free(t);
-
- return res;
- }
-
-int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
- {
- if(!is_legal(received->p1.gx, ctx))
- {
- JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
- return 0;
- }
-
- if(!is_legal(received->p2.gx, ctx))
- {
- JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
- return 0;
- }
-
-
- /* verify their ZKP(xc) */
- if(!verify_zkp(&received->p1, ctx->p.g, ctx))
- {
- JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED);
- return 0;
- }
-
- /* verify their ZKP(xd) */
- if(!verify_zkp(&received->p2, ctx->p.g, ctx))
- {
- JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED);
- return 0;
- }
-
- /* g^xd != 1 */
- if(BN_is_one(received->p2.gx))
- {
- JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE);
- return 0;
- }
-
- /* Save the bits we need for later */
- BN_copy(ctx->p.gxc, received->p1.gx);
- BN_copy(ctx->p.gxd, received->p2.gx);
-
- return 1;
- }
-
-
-int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx)
- {
- BIGNUM *t1 = BN_new();
- BIGNUM *t2 = BN_new();
-
- /*
- * X = g^{(xa + xc + xd) * xb * s}
- * t1 = g^xa
- */
- BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx);
- /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */
- BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx);
- /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */
- BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx);
- /* t2 = xb * s */
- BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx);
-
- /*
- * ZKP(xb * s)
- * XXX: this is kinda funky, because we're using
- *
- * g' = g^{xa + xc + xd}
- *
- * as the generator, which means X is g'^{xb * s}
- * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
- */
- generate_step_part(send, t2, t1, ctx);
-
- /* cleanup */
- BN_free(t1);
- BN_free(t2);
-
- return 1;
- }
-
-/* gx = g^{xc + xa + xb} * xd * s */
-static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx)
- {
- BIGNUM *t1 = BN_new();
- BIGNUM *t2 = BN_new();
- BIGNUM *t3 = BN_new();
-
- /*
- * K = (gx/g^{xb * xd * s})^{xb}
- * = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
- * = (g^{(xa + xc) * xd * s})^{xb}
- * = g^{(xa + xc) * xb * xd * s}
- * [which is the same regardless of who calculates it]
- */
-
- /* t1 = (g^{xd})^{xb} = g^{xb * xd} */
- BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx);
- /* t2 = -s = q-s */
- BN_sub(t2, ctx->p.q, ctx->secret);
- /* t3 = t1^t2 = g^{-xb * xd * s} */
- BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx);
- /* t1 = gx * t3 = X/g^{xb * xd * s} */
- BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx);
- /* K = t1^{xb} */
- BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx);
-
- /* cleanup */
- BN_free(t3);
- BN_free(t2);
- BN_free(t1);
-
- return 1;
- }
-
-int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received)
- {
- BIGNUM *t1 = BN_new();
- BIGNUM *t2 = BN_new();
- int ret = 0;
-
- /*
- * g' = g^{xc + xa + xb} [from our POV]
- * t1 = xa + xb
- */
- BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx);
- /* t2 = g^{t1} = g^{xa+xb} */
- BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx);
- /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */
- BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx);
-
- if(verify_zkp(received, t1, ctx))
- ret = 1;
- else
- JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED);
-
- compute_key(ctx, received->gx);
-
- /* cleanup */
- BN_free(t2);
- BN_free(t1);
-
- return ret;
- }
-
-static void quickhashbn(unsigned char *md, const BIGNUM *bn)
- {
- SHA_CTX sha;
-
- SHA1_Init(&sha);
- hashbn(&sha, bn);
- SHA1_Final(md, &sha);
- }
-
-void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a)
- {}
-
-int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx)
- {
- quickhashbn(send->hhk, ctx->key);
- SHA1(send->hhk, sizeof send->hhk, send->hhk);
-
- return 1;
- }
-
-int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received)
- {
- unsigned char hhk[SHA_DIGEST_LENGTH];
-
- quickhashbn(hhk, ctx->key);
- SHA1(hhk, sizeof hhk, hhk);
- if(memcmp(hhk, received->hhk, sizeof hhk))
- {
- JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS, JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH);
- return 0;
- }
- return 1;
- }
-
-void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a)
- {}
-
-void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b)
- {}
-
-int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx)
- {
- quickhashbn(send->hk, ctx->key);
-
- return 1;
- }
-
-int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received)
- {
- unsigned char hk[SHA_DIGEST_LENGTH];
-
- quickhashbn(hk, ctx->key);
- if(memcmp(hk, received->hk, sizeof hk))
- {
- JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH);
- return 0;
- }
- return 1;
- }
-
-void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b)
- {}
-
-const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx)
- {
- return ctx->key;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.c (from rev 6976, vendor-crypto/openssl/dist/crypto/jpake/jpake.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,508 @@
+#include "jpake.h"
+
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/err.h>
+#include <memory.h>
+#include <assert.h>
+
+/*
+ * In the definition, (xa, xb, xc, xd) are Alice's (x1, x2, x3, x4) or
+ * Bob's (x3, x4, x1, x2). If you see what I mean.
+ */
+
+typedef struct {
+ char *name; /* Must be unique */
+ char *peer_name;
+ BIGNUM *p;
+ BIGNUM *g;
+ BIGNUM *q;
+ BIGNUM *gxc; /* Alice's g^{x3} or Bob's g^{x1} */
+ BIGNUM *gxd; /* Alice's g^{x4} or Bob's g^{x2} */
+} JPAKE_CTX_PUBLIC;
+
+struct JPAKE_CTX {
+ JPAKE_CTX_PUBLIC p;
+ BIGNUM *secret; /* The shared secret */
+ BN_CTX *ctx;
+ BIGNUM *xa; /* Alice's x1 or Bob's x3 */
+ BIGNUM *xb; /* Alice's x2 or Bob's x4 */
+ BIGNUM *key; /* The calculated (shared) key */
+};
+
+static void JPAKE_ZKP_init(JPAKE_ZKP *zkp)
+{
+ zkp->gr = BN_new();
+ zkp->b = BN_new();
+}
+
+static void JPAKE_ZKP_release(JPAKE_ZKP *zkp)
+{
+ BN_free(zkp->b);
+ BN_free(zkp->gr);
+}
+
+/* Two birds with one stone - make the global name as expected */
+#define JPAKE_STEP_PART_init JPAKE_STEP2_init
+#define JPAKE_STEP_PART_release JPAKE_STEP2_release
+
+void JPAKE_STEP_PART_init(JPAKE_STEP_PART *p)
+{
+ p->gx = BN_new();
+ JPAKE_ZKP_init(&p->zkpx);
+}
+
+void JPAKE_STEP_PART_release(JPAKE_STEP_PART *p)
+{
+ JPAKE_ZKP_release(&p->zkpx);
+ BN_free(p->gx);
+}
+
+void JPAKE_STEP1_init(JPAKE_STEP1 *s1)
+{
+ JPAKE_STEP_PART_init(&s1->p1);
+ JPAKE_STEP_PART_init(&s1->p2);
+}
+
+void JPAKE_STEP1_release(JPAKE_STEP1 *s1)
+{
+ JPAKE_STEP_PART_release(&s1->p2);
+ JPAKE_STEP_PART_release(&s1->p1);
+}
+
+static void JPAKE_CTX_init(JPAKE_CTX *ctx, const char *name,
+ const char *peer_name, const BIGNUM *p,
+ const BIGNUM *g, const BIGNUM *q,
+ const BIGNUM *secret)
+{
+ ctx->p.name = OPENSSL_strdup(name);
+ ctx->p.peer_name = OPENSSL_strdup(peer_name);
+ ctx->p.p = BN_dup(p);
+ ctx->p.g = BN_dup(g);
+ ctx->p.q = BN_dup(q);
+ ctx->secret = BN_dup(secret);
+
+ ctx->p.gxc = BN_new();
+ ctx->p.gxd = BN_new();
+
+ ctx->xa = BN_new();
+ ctx->xb = BN_new();
+ ctx->key = BN_new();
+ ctx->ctx = BN_CTX_new();
+}
+
+static void JPAKE_CTX_release(JPAKE_CTX *ctx)
+{
+ BN_CTX_free(ctx->ctx);
+ BN_clear_free(ctx->key);
+ BN_clear_free(ctx->xb);
+ BN_clear_free(ctx->xa);
+
+ BN_free(ctx->p.gxd);
+ BN_free(ctx->p.gxc);
+
+ BN_clear_free(ctx->secret);
+ BN_free(ctx->p.q);
+ BN_free(ctx->p.g);
+ BN_free(ctx->p.p);
+ OPENSSL_free(ctx->p.peer_name);
+ OPENSSL_free(ctx->p.name);
+
+ memset(ctx, '\0', sizeof *ctx);
+}
+
+JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
+ const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
+ const BIGNUM *secret)
+{
+ JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+
+ JPAKE_CTX_init(ctx, name, peer_name, p, g, q, secret);
+
+ return ctx;
+}
+
+void JPAKE_CTX_free(JPAKE_CTX *ctx)
+{
+ JPAKE_CTX_release(ctx);
+ OPENSSL_free(ctx);
+}
+
+static void hashlength(SHA_CTX *sha, size_t l)
+{
+ unsigned char b[2];
+
+ assert(l <= 0xffff);
+ b[0] = l >> 8;
+ b[1] = l & 0xff;
+ SHA1_Update(sha, b, 2);
+}
+
+static void hashstring(SHA_CTX *sha, const char *string)
+{
+ size_t l = strlen(string);
+
+ hashlength(sha, l);
+ SHA1_Update(sha, string, l);
+}
+
+static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
+{
+ size_t l = BN_num_bytes(bn);
+ unsigned char *bin = OPENSSL_malloc(l);
+
+ hashlength(sha, l);
+ BN_bn2bin(bn, bin);
+ SHA1_Update(sha, bin, l);
+ OPENSSL_free(bin);
+}
+
+/* h=hash(g, g^r, g^x, name) */
+static void zkp_hash(BIGNUM *h, const BIGNUM *zkpg, const JPAKE_STEP_PART *p,
+ const char *proof_name)
+{
+ unsigned char md[SHA_DIGEST_LENGTH];
+ SHA_CTX sha;
+
+ /*
+ * XXX: hash should not allow moving of the boundaries - Java code
+ * is flawed in this respect. Length encoding seems simplest.
+ */
+ SHA1_Init(&sha);
+ hashbn(&sha, zkpg);
+ assert(!BN_is_zero(p->zkpx.gr));
+ hashbn(&sha, p->zkpx.gr);
+ hashbn(&sha, p->gx);
+ hashstring(&sha, proof_name);
+ SHA1_Final(md, &sha);
+ BN_bin2bn(md, SHA_DIGEST_LENGTH, h);
+}
+
+/*
+ * Prove knowledge of x
+ * Note that p->gx has already been calculated
+ */
+static void generate_zkp(JPAKE_STEP_PART *p, const BIGNUM *x,
+ const BIGNUM *zkpg, JPAKE_CTX *ctx)
+{
+ BIGNUM *r = BN_new();
+ BIGNUM *h = BN_new();
+ BIGNUM *t = BN_new();
+
+ /*-
+ * r in [0,q)
+ * XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
+ */
+ BN_rand_range(r, ctx->p.q);
+ /* g^r */
+ BN_mod_exp(p->zkpx.gr, zkpg, r, ctx->p.p, ctx->ctx);
+
+ /* h=hash... */
+ zkp_hash(h, zkpg, p, ctx->p.name);
+
+ /* b = r - x*h */
+ BN_mod_mul(t, x, h, ctx->p.q, ctx->ctx);
+ BN_mod_sub(p->zkpx.b, r, t, ctx->p.q, ctx->ctx);
+
+ /* cleanup */
+ BN_free(t);
+ BN_free(h);
+ BN_free(r);
+}
+
+static int verify_zkp(const JPAKE_STEP_PART *p, const BIGNUM *zkpg,
+ JPAKE_CTX *ctx)
+{
+ BIGNUM *h = BN_new();
+ BIGNUM *t1 = BN_new();
+ BIGNUM *t2 = BN_new();
+ BIGNUM *t3 = BN_new();
+ int ret = 0;
+
+ zkp_hash(h, zkpg, p, ctx->p.peer_name);
+
+ /* t1 = g^b */
+ BN_mod_exp(t1, zkpg, p->zkpx.b, ctx->p.p, ctx->ctx);
+ /* t2 = (g^x)^h = g^{hx} */
+ BN_mod_exp(t2, p->gx, h, ctx->p.p, ctx->ctx);
+ /* t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) */
+ BN_mod_mul(t3, t1, t2, ctx->p.p, ctx->ctx);
+
+ /* verify t3 == g^r */
+ if (BN_cmp(t3, p->zkpx.gr) == 0)
+ ret = 1;
+ else
+ JPAKEerr(JPAKE_F_VERIFY_ZKP, JPAKE_R_ZKP_VERIFY_FAILED);
+
+ /* cleanup */
+ BN_free(t3);
+ BN_free(t2);
+ BN_free(t1);
+ BN_free(h);
+
+ return ret;
+}
+
+static void generate_step_part(JPAKE_STEP_PART *p, const BIGNUM *x,
+ const BIGNUM *g, JPAKE_CTX *ctx)
+{
+ BN_mod_exp(p->gx, g, x, ctx->p.p, ctx->ctx);
+ generate_zkp(p, x, g, ctx);
+}
+
+/* Generate each party's random numbers. xa is in [0, q), xb is in [1, q). */
+static void genrand(JPAKE_CTX *ctx)
+{
+ BIGNUM *qm1;
+
+ /* xa in [0, q) */
+ BN_rand_range(ctx->xa, ctx->p.q);
+
+ /* q-1 */
+ qm1 = BN_new();
+ BN_copy(qm1, ctx->p.q);
+ BN_sub_word(qm1, 1);
+
+ /* ... and xb in [0, q-1) */
+ BN_rand_range(ctx->xb, qm1);
+ /* [1, q) */
+ BN_add_word(ctx->xb, 1);
+
+ /* cleanup */
+ BN_free(qm1);
+}
+
+int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx)
+{
+ genrand(ctx);
+ generate_step_part(&send->p1, ctx->xa, ctx->p.g, ctx);
+ generate_step_part(&send->p2, ctx->xb, ctx->p.g, ctx);
+
+ return 1;
+}
+
+/* g^x is a legal value */
+static int is_legal(const BIGNUM *gx, const JPAKE_CTX *ctx)
+{
+ BIGNUM *t;
+ int res;
+
+ if (BN_is_negative(gx) || BN_is_zero(gx) || BN_cmp(gx, ctx->p.p) >= 0)
+ return 0;
+
+ t = BN_new();
+ BN_mod_exp(t, gx, ctx->p.q, ctx->p.p, ctx->ctx);
+ res = BN_is_one(t);
+ BN_free(t);
+
+ return res;
+}
+
+int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received)
+{
+ if (!is_legal(received->p1.gx, ctx)) {
+ JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS,
+ JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL);
+ return 0;
+ }
+
+ if (!is_legal(received->p2.gx, ctx)) {
+ JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS,
+ JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL);
+ return 0;
+ }
+
+ /* verify their ZKP(xc) */
+ if (!verify_zkp(&received->p1, ctx->p.g, ctx)) {
+ JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X3_FAILED);
+ return 0;
+ }
+
+ /* verify their ZKP(xd) */
+ if (!verify_zkp(&received->p2, ctx->p.g, ctx)) {
+ JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_VERIFY_X4_FAILED);
+ return 0;
+ }
+
+ /* g^xd != 1 */
+ if (BN_is_one(received->p2.gx)) {
+ JPAKEerr(JPAKE_F_JPAKE_STEP1_PROCESS, JPAKE_R_G_TO_THE_X4_IS_ONE);
+ return 0;
+ }
+
+ /* Save the bits we need for later */
+ BN_copy(ctx->p.gxc, received->p1.gx);
+ BN_copy(ctx->p.gxd, received->p2.gx);
+
+ return 1;
+}
+
+int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx)
+{
+ BIGNUM *t1 = BN_new();
+ BIGNUM *t2 = BN_new();
+
+ /*-
+ * X = g^{(xa + xc + xd) * xb * s}
+ * t1 = g^xa
+ */
+ BN_mod_exp(t1, ctx->p.g, ctx->xa, ctx->p.p, ctx->ctx);
+ /* t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} */
+ BN_mod_mul(t2, t1, ctx->p.gxc, ctx->p.p, ctx->ctx);
+ /* t1 = t2 * g^{xd} = g^{xa + xc + xd} */
+ BN_mod_mul(t1, t2, ctx->p.gxd, ctx->p.p, ctx->ctx);
+ /* t2 = xb * s */
+ BN_mod_mul(t2, ctx->xb, ctx->secret, ctx->p.q, ctx->ctx);
+
+ /*-
+ * ZKP(xb * s)
+ * XXX: this is kinda funky, because we're using
+ *
+ * g' = g^{xa + xc + xd}
+ *
+ * as the generator, which means X is g'^{xb * s}
+ * X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
+ */
+ generate_step_part(send, t2, t1, ctx);
+
+ /* cleanup */
+ BN_free(t1);
+ BN_free(t2);
+
+ return 1;
+}
+
+/* gx = g^{xc + xa + xb} * xd * s */
+static int compute_key(JPAKE_CTX *ctx, const BIGNUM *gx)
+{
+ BIGNUM *t1 = BN_new();
+ BIGNUM *t2 = BN_new();
+ BIGNUM *t3 = BN_new();
+
+ /*-
+ * K = (gx/g^{xb * xd * s})^{xb}
+ * = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
+ * = (g^{(xa + xc) * xd * s})^{xb}
+ * = g^{(xa + xc) * xb * xd * s}
+ * [which is the same regardless of who calculates it]
+ */
+
+ /* t1 = (g^{xd})^{xb} = g^{xb * xd} */
+ BN_mod_exp(t1, ctx->p.gxd, ctx->xb, ctx->p.p, ctx->ctx);
+ /* t2 = -s = q-s */
+ BN_sub(t2, ctx->p.q, ctx->secret);
+ /* t3 = t1^t2 = g^{-xb * xd * s} */
+ BN_mod_exp(t3, t1, t2, ctx->p.p, ctx->ctx);
+ /* t1 = gx * t3 = X/g^{xb * xd * s} */
+ BN_mod_mul(t1, gx, t3, ctx->p.p, ctx->ctx);
+ /* K = t1^{xb} */
+ BN_mod_exp(ctx->key, t1, ctx->xb, ctx->p.p, ctx->ctx);
+
+ /* cleanup */
+ BN_free(t3);
+ BN_free(t2);
+ BN_free(t1);
+
+ return 1;
+}
+
+int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received)
+{
+ BIGNUM *t1 = BN_new();
+ BIGNUM *t2 = BN_new();
+ int ret = 0;
+
+ /*-
+ * g' = g^{xc + xa + xb} [from our POV]
+ * t1 = xa + xb
+ */
+ BN_mod_add(t1, ctx->xa, ctx->xb, ctx->p.q, ctx->ctx);
+ /* t2 = g^{t1} = g^{xa+xb} */
+ BN_mod_exp(t2, ctx->p.g, t1, ctx->p.p, ctx->ctx);
+ /* t1 = g^{xc} * t2 = g^{xc + xa + xb} */
+ BN_mod_mul(t1, ctx->p.gxc, t2, ctx->p.p, ctx->ctx);
+
+ if (verify_zkp(received, t1, ctx))
+ ret = 1;
+ else
+ JPAKEerr(JPAKE_F_JPAKE_STEP2_PROCESS, JPAKE_R_VERIFY_B_FAILED);
+
+ compute_key(ctx, received->gx);
+
+ /* cleanup */
+ BN_free(t2);
+ BN_free(t1);
+
+ return ret;
+}
+
+static void quickhashbn(unsigned char *md, const BIGNUM *bn)
+{
+ SHA_CTX sha;
+
+ SHA1_Init(&sha);
+ hashbn(&sha, bn);
+ SHA1_Final(md, &sha);
+}
+
+void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a)
+{
+}
+
+int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx)
+{
+ quickhashbn(send->hhk, ctx->key);
+ SHA1(send->hhk, sizeof send->hhk, send->hhk);
+
+ return 1;
+}
+
+int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received)
+{
+ unsigned char hhk[SHA_DIGEST_LENGTH];
+
+ quickhashbn(hhk, ctx->key);
+ SHA1(hhk, sizeof hhk, hhk);
+ if (memcmp(hhk, received->hhk, sizeof hhk)) {
+ JPAKEerr(JPAKE_F_JPAKE_STEP3A_PROCESS,
+ JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH);
+ return 0;
+ }
+ return 1;
+}
+
+void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a)
+{
+}
+
+void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b)
+{
+}
+
+int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx)
+{
+ quickhashbn(send->hk, ctx->key);
+
+ return 1;
+}
+
+int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received)
+{
+ unsigned char hk[SHA_DIGEST_LENGTH];
+
+ quickhashbn(hk, ctx->key);
+ if (memcmp(hk, received->hk, sizeof hk)) {
+ JPAKEerr(JPAKE_F_JPAKE_STEP3B_PROCESS, JPAKE_R_HASH_OF_KEY_MISMATCH);
+ return 0;
+ }
+ return 1;
+}
+
+void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b)
+{
+}
+
+const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx)
+{
+ return ctx->key;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/jpake/jpake.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,131 +0,0 @@
-/*
- * Implement J-PAKE, as described in
- * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
- *
- * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
- */
-
-#ifndef HEADER_JPAKE_H
-#define HEADER_JPAKE_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_JPAKE
-#error JPAKE is disabled.
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#include <openssl/bn.h>
-#include <openssl/sha.h>
-
-typedef struct JPAKE_CTX JPAKE_CTX;
-
-/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */
-typedef struct
- {
- BIGNUM *gr; /* g^r (r random) */
- BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */
- } JPAKE_ZKP;
-
-typedef struct
- {
- BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s in step 2 */
- JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */
- } JPAKE_STEP_PART;
-
-typedef struct
- {
- JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */
- JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */
- } JPAKE_STEP1;
-
-typedef JPAKE_STEP_PART JPAKE_STEP2;
-
-typedef struct
- {
- unsigned char hhk[SHA_DIGEST_LENGTH];
- } JPAKE_STEP3A;
-
-typedef struct
- {
- unsigned char hk[SHA_DIGEST_LENGTH];
- } JPAKE_STEP3B;
-
-/* Parameters are copied */
-JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
- const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
- const BIGNUM *secret);
-void JPAKE_CTX_free(JPAKE_CTX *ctx);
-
-/*
- * Note that JPAKE_STEP1 can be used multiple times before release
- * without another init.
- */
-void JPAKE_STEP1_init(JPAKE_STEP1 *s1);
-int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx);
-int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received);
-void JPAKE_STEP1_release(JPAKE_STEP1 *s1);
-
-/*
- * Note that JPAKE_STEP2 can be used multiple times before release
- * without another init.
- */
-void JPAKE_STEP2_init(JPAKE_STEP2 *s2);
-int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx);
-int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received);
-void JPAKE_STEP2_release(JPAKE_STEP2 *s2);
-
-/*
- * Optionally verify the shared key. If the shared secrets do not
- * match, the two ends will disagree about the shared key, but
- * otherwise the protocol will succeed.
- */
-void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a);
-int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx);
-int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received);
-void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a);
-
-void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b);
-int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx);
-int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received);
-void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b);
-
-/*
- * the return value belongs to the library and will be released when
- * ctx is released, and will change when a new handshake is performed.
- */
-const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_JPAKE_strings(void);
-
-/* Error codes for the JPAKE functions. */
-
-/* Function codes. */
-#define JPAKE_F_JPAKE_STEP1_PROCESS 101
-#define JPAKE_F_JPAKE_STEP2_PROCESS 102
-#define JPAKE_F_JPAKE_STEP3A_PROCESS 103
-#define JPAKE_F_JPAKE_STEP3B_PROCESS 104
-#define JPAKE_F_VERIFY_ZKP 100
-
-/* Reason codes. */
-#define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108
-#define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109
-#define JPAKE_R_G_TO_THE_X4_IS_ONE 105
-#define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106
-#define JPAKE_R_HASH_OF_KEY_MISMATCH 107
-#define JPAKE_R_VERIFY_B_FAILED 102
-#define JPAKE_R_VERIFY_X3_FAILED 103
-#define JPAKE_R_VERIFY_X4_FAILED 104
-#define JPAKE_R_ZKP_VERIFY_FAILED 100
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.h (from rev 6976, vendor-crypto/openssl/dist/crypto/jpake/jpake.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,128 @@
+/*
+ * Implement J-PAKE, as described in
+ * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
+ *
+ * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
+ */
+
+#ifndef HEADER_JPAKE_H
+# define HEADER_JPAKE_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_JPAKE
+# error JPAKE is disabled.
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# include <openssl/bn.h>
+# include <openssl/sha.h>
+
+typedef struct JPAKE_CTX JPAKE_CTX;
+
+/* Note that "g" in the ZKPs is not necessarily the J-PAKE g. */
+typedef struct {
+ BIGNUM *gr; /* g^r (r random) */
+ BIGNUM *b; /* b = r - x*h, h=hash(g, g^r, g^x, name) */
+} JPAKE_ZKP;
+
+typedef struct {
+ BIGNUM *gx; /* g^x in step 1, g^(xa + xc + xd) * xb * s
+ * in step 2 */
+ JPAKE_ZKP zkpx; /* ZKP(x) or ZKP(xb * s) */
+} JPAKE_STEP_PART;
+
+typedef struct {
+ JPAKE_STEP_PART p1; /* g^x3, ZKP(x3) or g^x1, ZKP(x1) */
+ JPAKE_STEP_PART p2; /* g^x4, ZKP(x4) or g^x2, ZKP(x2) */
+} JPAKE_STEP1;
+
+typedef JPAKE_STEP_PART JPAKE_STEP2;
+
+typedef struct {
+ unsigned char hhk[SHA_DIGEST_LENGTH];
+} JPAKE_STEP3A;
+
+typedef struct {
+ unsigned char hk[SHA_DIGEST_LENGTH];
+} JPAKE_STEP3B;
+
+/* Parameters are copied */
+JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name,
+ const BIGNUM *p, const BIGNUM *g, const BIGNUM *q,
+ const BIGNUM *secret);
+void JPAKE_CTX_free(JPAKE_CTX *ctx);
+
+/*
+ * Note that JPAKE_STEP1 can be used multiple times before release
+ * without another init.
+ */
+void JPAKE_STEP1_init(JPAKE_STEP1 *s1);
+int JPAKE_STEP1_generate(JPAKE_STEP1 *send, JPAKE_CTX *ctx);
+int JPAKE_STEP1_process(JPAKE_CTX *ctx, const JPAKE_STEP1 *received);
+void JPAKE_STEP1_release(JPAKE_STEP1 *s1);
+
+/*
+ * Note that JPAKE_STEP2 can be used multiple times before release
+ * without another init.
+ */
+void JPAKE_STEP2_init(JPAKE_STEP2 *s2);
+int JPAKE_STEP2_generate(JPAKE_STEP2 *send, JPAKE_CTX *ctx);
+int JPAKE_STEP2_process(JPAKE_CTX *ctx, const JPAKE_STEP2 *received);
+void JPAKE_STEP2_release(JPAKE_STEP2 *s2);
+
+/*
+ * Optionally verify the shared key. If the shared secrets do not
+ * match, the two ends will disagree about the shared key, but
+ * otherwise the protocol will succeed.
+ */
+void JPAKE_STEP3A_init(JPAKE_STEP3A *s3a);
+int JPAKE_STEP3A_generate(JPAKE_STEP3A *send, JPAKE_CTX *ctx);
+int JPAKE_STEP3A_process(JPAKE_CTX *ctx, const JPAKE_STEP3A *received);
+void JPAKE_STEP3A_release(JPAKE_STEP3A *s3a);
+
+void JPAKE_STEP3B_init(JPAKE_STEP3B *s3b);
+int JPAKE_STEP3B_generate(JPAKE_STEP3B *send, JPAKE_CTX *ctx);
+int JPAKE_STEP3B_process(JPAKE_CTX *ctx, const JPAKE_STEP3B *received);
+void JPAKE_STEP3B_release(JPAKE_STEP3B *s3b);
+
+/*
+ * the return value belongs to the library and will be released when
+ * ctx is released, and will change when a new handshake is performed.
+ */
+const BIGNUM *JPAKE_get_shared_key(JPAKE_CTX *ctx);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_JPAKE_strings(void);
+
+/* Error codes for the JPAKE functions. */
+
+/* Function codes. */
+# define JPAKE_F_JPAKE_STEP1_PROCESS 101
+# define JPAKE_F_JPAKE_STEP2_PROCESS 102
+# define JPAKE_F_JPAKE_STEP3A_PROCESS 103
+# define JPAKE_F_JPAKE_STEP3B_PROCESS 104
+# define JPAKE_F_VERIFY_ZKP 100
+
+/* Reason codes. */
+# define JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL 108
+# define JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL 109
+# define JPAKE_R_G_TO_THE_X4_IS_ONE 105
+# define JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH 106
+# define JPAKE_R_HASH_OF_KEY_MISMATCH 107
+# define JPAKE_R_VERIFY_B_FAILED 102
+# define JPAKE_R_VERIFY_X3_FAILED 103
+# define JPAKE_R_VERIFY_X4_FAILED 104
+# define JPAKE_R_ZKP_VERIFY_FAILED 100
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/jpake/jpake_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,107 +0,0 @@
-/* crypto/jpake/jpake_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/jpake.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_JPAKE,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_JPAKE,0,reason)
-
-static ERR_STRING_DATA JPAKE_str_functs[]=
- {
-{ERR_FUNC(JPAKE_F_JPAKE_STEP1_PROCESS), "JPAKE_STEP1_process"},
-{ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS), "JPAKE_STEP2_process"},
-{ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS), "JPAKE_STEP3A_process"},
-{ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS), "JPAKE_STEP3B_process"},
-{ERR_FUNC(JPAKE_F_VERIFY_ZKP), "VERIFY_ZKP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA JPAKE_str_reasons[]=
- {
-{ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),"g to the x3 is not legal"},
-{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),"g to the x4 is not legal"},
-{ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE) ,"g to the x4 is one"},
-{ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),"hash of hash of key mismatch"},
-{ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH),"hash of key mismatch"},
-{ERR_REASON(JPAKE_R_VERIFY_B_FAILED) ,"verify b failed"},
-{ERR_REASON(JPAKE_R_VERIFY_X3_FAILED) ,"verify x3 failed"},
-{ERR_REASON(JPAKE_R_VERIFY_X4_FAILED) ,"verify x4 failed"},
-{ERR_REASON(JPAKE_R_ZKP_VERIFY_FAILED) ,"zkp verify failed"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_JPAKE_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(JPAKE_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,JPAKE_str_functs);
- ERR_load_strings(0,JPAKE_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/jpake/jpake_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpake_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,108 @@
+/* crypto/jpake/jpake_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/jpake.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_JPAKE,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_JPAKE,0,reason)
+
+static ERR_STRING_DATA JPAKE_str_functs[] = {
+ {ERR_FUNC(JPAKE_F_JPAKE_STEP1_PROCESS), "JPAKE_STEP1_process"},
+ {ERR_FUNC(JPAKE_F_JPAKE_STEP2_PROCESS), "JPAKE_STEP2_process"},
+ {ERR_FUNC(JPAKE_F_JPAKE_STEP3A_PROCESS), "JPAKE_STEP3A_process"},
+ {ERR_FUNC(JPAKE_F_JPAKE_STEP3B_PROCESS), "JPAKE_STEP3B_process"},
+ {ERR_FUNC(JPAKE_F_VERIFY_ZKP), "VERIFY_ZKP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA JPAKE_str_reasons[] = {
+ {ERR_REASON(JPAKE_R_G_TO_THE_X3_IS_NOT_LEGAL),
+ "g to the x3 is not legal"},
+ {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_NOT_LEGAL),
+ "g to the x4 is not legal"},
+ {ERR_REASON(JPAKE_R_G_TO_THE_X4_IS_ONE), "g to the x4 is one"},
+ {ERR_REASON(JPAKE_R_HASH_OF_HASH_OF_KEY_MISMATCH),
+ "hash of hash of key mismatch"},
+ {ERR_REASON(JPAKE_R_HASH_OF_KEY_MISMATCH), "hash of key mismatch"},
+ {ERR_REASON(JPAKE_R_VERIFY_B_FAILED), "verify b failed"},
+ {ERR_REASON(JPAKE_R_VERIFY_X3_FAILED), "verify x3 failed"},
+ {ERR_REASON(JPAKE_R_VERIFY_X4_FAILED), "verify x4 failed"},
+ {ERR_REASON(JPAKE_R_ZKP_VERIFY_FAILED), "zkp verify failed"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_JPAKE_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(JPAKE_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, JPAKE_str_functs);
+ ERR_load_strings(0, JPAKE_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpaketest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/jpake/jpaketest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpaketest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,192 +0,0 @@
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_JPAKE
-
-#include <stdio.h>
-
-int main(int argc, char *argv[])
-{
- printf("No J-PAKE support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/jpake.h>
-#include <openssl/err.h>
-
-static void showbn(const char *name, const BIGNUM *bn)
- {
- fputs(name, stdout);
- fputs(" = ", stdout);
- BN_print_fp(stdout, bn);
- putc('\n', stdout);
- }
-
-static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
- {
- JPAKE_STEP1 alice_s1;
- JPAKE_STEP1 bob_s1;
- JPAKE_STEP2 alice_s2;
- JPAKE_STEP2 bob_s2;
- JPAKE_STEP3A alice_s3a;
- JPAKE_STEP3B bob_s3b;
-
- /* Alice -> Bob: step 1 */
- puts("A->B s1");
- JPAKE_STEP1_init(&alice_s1);
- JPAKE_STEP1_generate(&alice_s1, alice);
- if(!JPAKE_STEP1_process(bob, &alice_s1))
- {
- printf("Bob fails to process Alice's step 1\n");
- ERR_print_errors_fp(stdout);
- return 1;
- }
- JPAKE_STEP1_release(&alice_s1);
-
- /* Bob -> Alice: step 1 */
- puts("B->A s1");
- JPAKE_STEP1_init(&bob_s1);
- JPAKE_STEP1_generate(&bob_s1, bob);
- if(!JPAKE_STEP1_process(alice, &bob_s1))
- {
- printf("Alice fails to process Bob's step 1\n");
- ERR_print_errors_fp(stdout);
- return 2;
- }
- JPAKE_STEP1_release(&bob_s1);
-
- /* Alice -> Bob: step 2 */
- puts("A->B s2");
- JPAKE_STEP2_init(&alice_s2);
- JPAKE_STEP2_generate(&alice_s2, alice);
- if(!JPAKE_STEP2_process(bob, &alice_s2))
- {
- printf("Bob fails to process Alice's step 2\n");
- ERR_print_errors_fp(stdout);
- return 3;
- }
- JPAKE_STEP2_release(&alice_s2);
-
- /* Bob -> Alice: step 2 */
- puts("B->A s2");
- JPAKE_STEP2_init(&bob_s2);
- JPAKE_STEP2_generate(&bob_s2, bob);
- if(!JPAKE_STEP2_process(alice, &bob_s2))
- {
- printf("Alice fails to process Bob's step 2\n");
- ERR_print_errors_fp(stdout);
- return 4;
- }
- JPAKE_STEP2_release(&bob_s2);
-
- showbn("Alice's key", JPAKE_get_shared_key(alice));
- showbn("Bob's key ", JPAKE_get_shared_key(bob));
-
- /* Alice -> Bob: step 3a */
- puts("A->B s3a");
- JPAKE_STEP3A_init(&alice_s3a);
- JPAKE_STEP3A_generate(&alice_s3a, alice);
- if(!JPAKE_STEP3A_process(bob, &alice_s3a))
- {
- printf("Bob fails to process Alice's step 3a\n");
- ERR_print_errors_fp(stdout);
- return 5;
- }
- JPAKE_STEP3A_release(&alice_s3a);
-
- /* Bob -> Alice: step 3b */
- puts("B->A s3b");
- JPAKE_STEP3B_init(&bob_s3b);
- JPAKE_STEP3B_generate(&bob_s3b, bob);
- if(!JPAKE_STEP3B_process(alice, &bob_s3b))
- {
- printf("Alice fails to process Bob's step 3b\n");
- ERR_print_errors_fp(stdout);
- return 6;
- }
- JPAKE_STEP3B_release(&bob_s3b);
-
- return 0;
- }
-
-int main(int argc, char **argv)
- {
- JPAKE_CTX *alice;
- JPAKE_CTX *bob;
- BIGNUM *p = NULL;
- BIGNUM *g = NULL;
- BIGNUM *q = NULL;
- BIGNUM *secret = BN_new();
- BIO *bio_err;
-
- bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
- CRYPTO_malloc_debug_init();
- CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- ERR_load_crypto_strings();
-
- /*
- BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7");
- BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a");
- BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5");
- */
- /*
- p = BN_new();
- BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL);
- */
- /* Use a safe prime for p (that we found earlier) */
- BN_hex2bn(&p, "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
- showbn("p", p);
- g = BN_new();
- BN_set_word(g, 2);
- showbn("g", g);
- q = BN_new();
- BN_rshift1(q, p);
- showbn("q", q);
-
- BN_rand(secret, 32, -1, 0);
-
- /* A normal run, expect this to work... */
- alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
- bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
-
- if(run_jpake(alice, bob) != 0)
- {
- fprintf(stderr, "Plain JPAKE run failed\n");
- return 1;
- }
-
- JPAKE_CTX_free(bob);
- JPAKE_CTX_free(alice);
-
- /* Now give Alice and Bob different secrets */
- alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
- BN_add_word(secret, 1);
- bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
-
- if(run_jpake(alice, bob) != 5)
- {
- fprintf(stderr, "Mismatched secret JPAKE run failed\n");
- return 1;
- }
-
- JPAKE_CTX_free(bob);
- JPAKE_CTX_free(alice);
-
- BN_free(secret);
- BN_free(q);
- BN_free(g);
- BN_free(p);
-
- CRYPTO_cleanup_all_ex_data();
- ERR_remove_state(0);
- ERR_free_strings();
- CRYPTO_mem_leaks(bio_err);
-
- return 0;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpaketest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/jpake/jpaketest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpaketest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/jpake/jpaketest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,185 @@
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_NO_JPAKE
+
+# include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+ printf("No J-PAKE support\n");
+ return (0);
+}
+
+#else
+
+# include <openssl/jpake.h>
+# include <openssl/err.h>
+
+static void showbn(const char *name, const BIGNUM *bn)
+{
+ fputs(name, stdout);
+ fputs(" = ", stdout);
+ BN_print_fp(stdout, bn);
+ putc('\n', stdout);
+}
+
+static int run_jpake(JPAKE_CTX *alice, JPAKE_CTX *bob)
+{
+ JPAKE_STEP1 alice_s1;
+ JPAKE_STEP1 bob_s1;
+ JPAKE_STEP2 alice_s2;
+ JPAKE_STEP2 bob_s2;
+ JPAKE_STEP3A alice_s3a;
+ JPAKE_STEP3B bob_s3b;
+
+ /* Alice -> Bob: step 1 */
+ puts("A->B s1");
+ JPAKE_STEP1_init(&alice_s1);
+ JPAKE_STEP1_generate(&alice_s1, alice);
+ if (!JPAKE_STEP1_process(bob, &alice_s1)) {
+ printf("Bob fails to process Alice's step 1\n");
+ ERR_print_errors_fp(stdout);
+ return 1;
+ }
+ JPAKE_STEP1_release(&alice_s1);
+
+ /* Bob -> Alice: step 1 */
+ puts("B->A s1");
+ JPAKE_STEP1_init(&bob_s1);
+ JPAKE_STEP1_generate(&bob_s1, bob);
+ if (!JPAKE_STEP1_process(alice, &bob_s1)) {
+ printf("Alice fails to process Bob's step 1\n");
+ ERR_print_errors_fp(stdout);
+ return 2;
+ }
+ JPAKE_STEP1_release(&bob_s1);
+
+ /* Alice -> Bob: step 2 */
+ puts("A->B s2");
+ JPAKE_STEP2_init(&alice_s2);
+ JPAKE_STEP2_generate(&alice_s2, alice);
+ if (!JPAKE_STEP2_process(bob, &alice_s2)) {
+ printf("Bob fails to process Alice's step 2\n");
+ ERR_print_errors_fp(stdout);
+ return 3;
+ }
+ JPAKE_STEP2_release(&alice_s2);
+
+ /* Bob -> Alice: step 2 */
+ puts("B->A s2");
+ JPAKE_STEP2_init(&bob_s2);
+ JPAKE_STEP2_generate(&bob_s2, bob);
+ if (!JPAKE_STEP2_process(alice, &bob_s2)) {
+ printf("Alice fails to process Bob's step 2\n");
+ ERR_print_errors_fp(stdout);
+ return 4;
+ }
+ JPAKE_STEP2_release(&bob_s2);
+
+ showbn("Alice's key", JPAKE_get_shared_key(alice));
+ showbn("Bob's key ", JPAKE_get_shared_key(bob));
+
+ /* Alice -> Bob: step 3a */
+ puts("A->B s3a");
+ JPAKE_STEP3A_init(&alice_s3a);
+ JPAKE_STEP3A_generate(&alice_s3a, alice);
+ if (!JPAKE_STEP3A_process(bob, &alice_s3a)) {
+ printf("Bob fails to process Alice's step 3a\n");
+ ERR_print_errors_fp(stdout);
+ return 5;
+ }
+ JPAKE_STEP3A_release(&alice_s3a);
+
+ /* Bob -> Alice: step 3b */
+ puts("B->A s3b");
+ JPAKE_STEP3B_init(&bob_s3b);
+ JPAKE_STEP3B_generate(&bob_s3b, bob);
+ if (!JPAKE_STEP3B_process(alice, &bob_s3b)) {
+ printf("Alice fails to process Bob's step 3b\n");
+ ERR_print_errors_fp(stdout);
+ return 6;
+ }
+ JPAKE_STEP3B_release(&bob_s3b);
+
+ return 0;
+}
+
+int main(int argc, char **argv)
+{
+ JPAKE_CTX *alice;
+ JPAKE_CTX *bob;
+ BIGNUM *p = NULL;
+ BIGNUM *g = NULL;
+ BIGNUM *q = NULL;
+ BIGNUM *secret = BN_new();
+ BIO *bio_err;
+
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ ERR_load_crypto_strings();
+
+ /*-
+ BN_hex2bn(&p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7");
+ BN_hex2bn(&g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a");
+ BN_hex2bn(&q, "9760508f15230bccb292b982a2eb840bf0581cf5");
+ */
+ /*-
+ p = BN_new();
+ BN_generate_prime(p, 1024, 1, NULL, NULL, NULL, NULL);
+ */
+ /* Use a safe prime for p (that we found earlier) */
+ BN_hex2bn(&p,
+ "F9E5B365665EA7A05A9C534502780FEE6F1AB5BD4F49947FD036DBD7E905269AF46EF28B0FC07487EE4F5D20FB3C0AF8E700F3A2FA3414970CBED44FEDFF80CE78D800F184BB82435D137AADA2C6C16523247930A63B85661D1FC817A51ACD96168E95898A1F83A79FFB529368AA7833ABD1B0C3AEDDB14D2E1A2F71D99F763F");
+ showbn("p", p);
+ g = BN_new();
+ BN_set_word(g, 2);
+ showbn("g", g);
+ q = BN_new();
+ BN_rshift1(q, p);
+ showbn("q", q);
+
+ BN_rand(secret, 32, -1, 0);
+
+ /* A normal run, expect this to work... */
+ alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
+ bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
+
+ if (run_jpake(alice, bob) != 0) {
+ fprintf(stderr, "Plain JPAKE run failed\n");
+ return 1;
+ }
+
+ JPAKE_CTX_free(bob);
+ JPAKE_CTX_free(alice);
+
+ /* Now give Alice and Bob different secrets */
+ alice = JPAKE_CTX_new("Alice", "Bob", p, g, q, secret);
+ BN_add_word(secret, 1);
+ bob = JPAKE_CTX_new("Bob", "Alice", p, g, q, secret);
+
+ if (run_jpake(alice, bob) != 5) {
+ fprintf(stderr, "Mismatched secret JPAKE run failed\n");
+ return 1;
+ }
+
+ JPAKE_CTX_free(bob);
+ JPAKE_CTX_free(alice);
+
+ BN_free(secret);
+ BN_free(q);
+ BN_free(g);
+ BN_free(p);
+
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+ ERR_free_strings();
+ CRYPTO_mem_leaks(bio_err);
+
+ return 0;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/krb5/krb5_asn.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,167 +0,0 @@
-/* krb5_asn.c */
-/* Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project,
-** using ocsp/{*.h,*asn*.c} as a starting point
-*/
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/krb5_asn.h>
-
-
-ASN1_SEQUENCE(KRB5_ENCDATA) = {
- ASN1_EXP(KRB5_ENCDATA, etype, ASN1_INTEGER, 0),
- ASN1_EXP_OPT(KRB5_ENCDATA, kvno, ASN1_INTEGER, 1),
- ASN1_EXP(KRB5_ENCDATA, cipher, ASN1_OCTET_STRING,2)
-} ASN1_SEQUENCE_END(KRB5_ENCDATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA)
-
-
-ASN1_SEQUENCE(KRB5_PRINCNAME) = {
- ASN1_EXP(KRB5_PRINCNAME, nametype, ASN1_INTEGER, 0),
- ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)
-} ASN1_SEQUENCE_END(KRB5_PRINCNAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME)
-
-
-/* [APPLICATION 1] = 0x61 */
-ASN1_SEQUENCE(KRB5_TKTBODY) = {
- ASN1_EXP(KRB5_TKTBODY, tktvno, ASN1_INTEGER, 0),
- ASN1_EXP(KRB5_TKTBODY, realm, ASN1_GENERALSTRING, 1),
- ASN1_EXP(KRB5_TKTBODY, sname, KRB5_PRINCNAME, 2),
- ASN1_EXP(KRB5_TKTBODY, encdata, KRB5_ENCDATA, 3)
-} ASN1_SEQUENCE_END(KRB5_TKTBODY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY)
-
-
-ASN1_ITEM_TEMPLATE(KRB5_TICKET) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,
- KRB5_TICKET, KRB5_TKTBODY)
-ASN1_ITEM_TEMPLATE_END(KRB5_TICKET)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET)
-
-
-/* [APPLICATION 14] = 0x6e */
-ASN1_SEQUENCE(KRB5_APREQBODY) = {
- ASN1_EXP(KRB5_APREQBODY, pvno, ASN1_INTEGER, 0),
- ASN1_EXP(KRB5_APREQBODY, msgtype, ASN1_INTEGER, 1),
- ASN1_EXP(KRB5_APREQBODY, apoptions, ASN1_BIT_STRING, 2),
- ASN1_EXP(KRB5_APREQBODY, ticket, KRB5_TICKET, 3),
- ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA, 4),
-} ASN1_SEQUENCE_END(KRB5_APREQBODY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY)
-
-ASN1_ITEM_TEMPLATE(KRB5_APREQ) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,
- KRB5_APREQ, KRB5_APREQBODY)
-ASN1_ITEM_TEMPLATE_END(KRB5_APREQ)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ)
-
-
-/* Authenticator stuff */
-
-ASN1_SEQUENCE(KRB5_CHECKSUM) = {
- ASN1_EXP(KRB5_CHECKSUM, ctype, ASN1_INTEGER, 0),
- ASN1_EXP(KRB5_CHECKSUM, checksum, ASN1_OCTET_STRING,1)
-} ASN1_SEQUENCE_END(KRB5_CHECKSUM)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM)
-
-
-ASN1_SEQUENCE(KRB5_ENCKEY) = {
- ASN1_EXP(KRB5_ENCKEY, ktype, ASN1_INTEGER, 0),
- ASN1_EXP(KRB5_ENCKEY, keyvalue, ASN1_OCTET_STRING,1)
-} ASN1_SEQUENCE_END(KRB5_ENCKEY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY)
-
-
-/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
-ASN1_SEQUENCE(KRB5_AUTHDATA) = {
- ASN1_EXP(KRB5_AUTHDATA, adtype, ASN1_INTEGER, 0),
- ASN1_EXP(KRB5_AUTHDATA, addata, ASN1_OCTET_STRING,1)
-} ASN1_SEQUENCE_END(KRB5_AUTHDATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA)
-
-
-/* [APPLICATION 2] = 0x62 */
-ASN1_SEQUENCE(KRB5_AUTHENTBODY) = {
- ASN1_EXP(KRB5_AUTHENTBODY, avno, ASN1_INTEGER, 0),
- ASN1_EXP(KRB5_AUTHENTBODY, crealm, ASN1_GENERALSTRING, 1),
- ASN1_EXP(KRB5_AUTHENTBODY, cname, KRB5_PRINCNAME, 2),
- ASN1_EXP_OPT(KRB5_AUTHENTBODY, cksum, KRB5_CHECKSUM, 3),
- ASN1_EXP(KRB5_AUTHENTBODY, cusec, ASN1_INTEGER, 4),
- ASN1_EXP(KRB5_AUTHENTBODY, ctime, ASN1_GENERALIZEDTIME, 5),
- ASN1_EXP_OPT(KRB5_AUTHENTBODY, subkey, KRB5_ENCKEY, 6),
- ASN1_EXP_OPT(KRB5_AUTHENTBODY, seqnum, ASN1_INTEGER, 7),
- ASN1_EXP_SEQUENCE_OF_OPT
- (KRB5_AUTHENTBODY, authorization, KRB5_AUTHDATA, 8),
-} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
-
-ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,
- KRB5_AUTHENT, KRB5_AUTHENTBODY)
-ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT)
-
-IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT)
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.c (from rev 6976, vendor-crypto/openssl/dist/crypto/krb5/krb5_asn.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,162 @@
+/* krb5_asn.c */
+/*
+ * Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project, **
+ * using ocsp/{*.h,*asn*.c} as a starting point
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/krb5_asn.h>
+
+
+ASN1_SEQUENCE(KRB5_ENCDATA) = {
+ ASN1_EXP(KRB5_ENCDATA, etype, ASN1_INTEGER, 0),
+ ASN1_EXP_OPT(KRB5_ENCDATA, kvno, ASN1_INTEGER, 1),
+ ASN1_EXP(KRB5_ENCDATA, cipher, ASN1_OCTET_STRING,2)
+} ASN1_SEQUENCE_END(KRB5_ENCDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA)
+
+
+ASN1_SEQUENCE(KRB5_PRINCNAME) = {
+ ASN1_EXP(KRB5_PRINCNAME, nametype, ASN1_INTEGER, 0),
+ ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)
+} ASN1_SEQUENCE_END(KRB5_PRINCNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME)
+
+/* [APPLICATION 1] = 0x61 */
+ASN1_SEQUENCE(KRB5_TKTBODY) = {
+ ASN1_EXP(KRB5_TKTBODY, tktvno, ASN1_INTEGER, 0),
+ ASN1_EXP(KRB5_TKTBODY, realm, ASN1_GENERALSTRING, 1),
+ ASN1_EXP(KRB5_TKTBODY, sname, KRB5_PRINCNAME, 2),
+ ASN1_EXP(KRB5_TKTBODY, encdata, KRB5_ENCDATA, 3)
+} ASN1_SEQUENCE_END(KRB5_TKTBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY)
+
+
+ASN1_ITEM_TEMPLATE(KRB5_TICKET) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,
+ KRB5_TICKET, KRB5_TKTBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_TICKET)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET)
+
+/* [APPLICATION 14] = 0x6e */
+ASN1_SEQUENCE(KRB5_APREQBODY) = {
+ ASN1_EXP(KRB5_APREQBODY, pvno, ASN1_INTEGER, 0),
+ ASN1_EXP(KRB5_APREQBODY, msgtype, ASN1_INTEGER, 1),
+ ASN1_EXP(KRB5_APREQBODY, apoptions, ASN1_BIT_STRING, 2),
+ ASN1_EXP(KRB5_APREQBODY, ticket, KRB5_TICKET, 3),
+ ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA, 4),
+} ASN1_SEQUENCE_END(KRB5_APREQBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY)
+
+ASN1_ITEM_TEMPLATE(KRB5_APREQ) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,
+ KRB5_APREQ, KRB5_APREQBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_APREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ)
+
+/* Authenticator stuff */
+
+ASN1_SEQUENCE(KRB5_CHECKSUM) = {
+ ASN1_EXP(KRB5_CHECKSUM, ctype, ASN1_INTEGER, 0),
+ ASN1_EXP(KRB5_CHECKSUM, checksum, ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_CHECKSUM)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM)
+
+
+ASN1_SEQUENCE(KRB5_ENCKEY) = {
+ ASN1_EXP(KRB5_ENCKEY, ktype, ASN1_INTEGER, 0),
+ ASN1_EXP(KRB5_ENCKEY, keyvalue, ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_ENCKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY)
+
+/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
+ASN1_SEQUENCE(KRB5_AUTHDATA) = {
+ ASN1_EXP(KRB5_AUTHDATA, adtype, ASN1_INTEGER, 0),
+ ASN1_EXP(KRB5_AUTHDATA, addata, ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_AUTHDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA)
+
+/* [APPLICATION 2] = 0x62 */
+ASN1_SEQUENCE(KRB5_AUTHENTBODY) = {
+ ASN1_EXP(KRB5_AUTHENTBODY, avno, ASN1_INTEGER, 0),
+ ASN1_EXP(KRB5_AUTHENTBODY, crealm, ASN1_GENERALSTRING, 1),
+ ASN1_EXP(KRB5_AUTHENTBODY, cname, KRB5_PRINCNAME, 2),
+ ASN1_EXP_OPT(KRB5_AUTHENTBODY, cksum, KRB5_CHECKSUM, 3),
+ ASN1_EXP(KRB5_AUTHENTBODY, cusec, ASN1_INTEGER, 4),
+ ASN1_EXP(KRB5_AUTHENTBODY, ctime, ASN1_GENERALIZEDTIME, 5),
+ ASN1_EXP_OPT(KRB5_AUTHENTBODY, subkey, KRB5_ENCKEY, 6),
+ ASN1_EXP_OPT(KRB5_AUTHENTBODY, seqnum, ASN1_INTEGER, 7),
+ ASN1_EXP_SEQUENCE_OF_OPT
+ (KRB5_AUTHENTBODY, authorization, KRB5_AUTHDATA, 8),
+} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
+
+ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,
+ KRB5_AUTHENT, KRB5_AUTHENTBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/krb5/krb5_asn.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,256 +0,0 @@
-/* krb5_asn.h */
-/* Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project,
-** using ocsp/{*.h,*asn*.c} as a starting point
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_KRB5_ASN_H
-#define HEADER_KRB5_ASN_H
-
-/*
-#include <krb5.h>
-*/
-#include <openssl/safestack.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/* ASN.1 from Kerberos RFC 1510
-*/
-
-/* EncryptedData ::= SEQUENCE {
-** etype[0] INTEGER, -- EncryptionType
-** kvno[1] INTEGER OPTIONAL,
-** cipher[2] OCTET STRING -- ciphertext
-** }
-*/
-typedef struct krb5_encdata_st
- {
- ASN1_INTEGER *etype;
- ASN1_INTEGER *kvno;
- ASN1_OCTET_STRING *cipher;
- } KRB5_ENCDATA;
-
-DECLARE_STACK_OF(KRB5_ENCDATA)
-
-/* PrincipalName ::= SEQUENCE {
-** name-type[0] INTEGER,
-** name-string[1] SEQUENCE OF GeneralString
-** }
-*/
-typedef struct krb5_princname_st
- {
- ASN1_INTEGER *nametype;
- STACK_OF(ASN1_GENERALSTRING) *namestring;
- } KRB5_PRINCNAME;
-
-DECLARE_STACK_OF(KRB5_PRINCNAME)
-
-
-/* Ticket ::= [APPLICATION 1] SEQUENCE {
-** tkt-vno[0] INTEGER,
-** realm[1] Realm,
-** sname[2] PrincipalName,
-** enc-part[3] EncryptedData
-** }
-*/
-typedef struct krb5_tktbody_st
- {
- ASN1_INTEGER *tktvno;
- ASN1_GENERALSTRING *realm;
- KRB5_PRINCNAME *sname;
- KRB5_ENCDATA *encdata;
- } KRB5_TKTBODY;
-
-typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
-DECLARE_STACK_OF(KRB5_TKTBODY)
-
-
-/* AP-REQ ::= [APPLICATION 14] SEQUENCE {
-** pvno[0] INTEGER,
-** msg-type[1] INTEGER,
-** ap-options[2] APOptions,
-** ticket[3] Ticket,
-** authenticator[4] EncryptedData
-** }
-**
-** APOptions ::= BIT STRING {
-** reserved(0), use-session-key(1), mutual-required(2) }
-*/
-typedef struct krb5_ap_req_st
- {
- ASN1_INTEGER *pvno;
- ASN1_INTEGER *msgtype;
- ASN1_BIT_STRING *apoptions;
- KRB5_TICKET *ticket;
- KRB5_ENCDATA *authenticator;
- } KRB5_APREQBODY;
-
-typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
-DECLARE_STACK_OF(KRB5_APREQBODY)
-
-
-/* Authenticator Stuff */
-
-
-/* Checksum ::= SEQUENCE {
-** cksumtype[0] INTEGER,
-** checksum[1] OCTET STRING
-** }
-*/
-typedef struct krb5_checksum_st
- {
- ASN1_INTEGER *ctype;
- ASN1_OCTET_STRING *checksum;
- } KRB5_CHECKSUM;
-
-DECLARE_STACK_OF(KRB5_CHECKSUM)
-
-
-/* EncryptionKey ::= SEQUENCE {
-** keytype[0] INTEGER,
-** keyvalue[1] OCTET STRING
-** }
-*/
-typedef struct krb5_encryptionkey_st
- {
- ASN1_INTEGER *ktype;
- ASN1_OCTET_STRING *keyvalue;
- } KRB5_ENCKEY;
-
-DECLARE_STACK_OF(KRB5_ENCKEY)
-
-
-/* AuthorizationData ::= SEQUENCE OF SEQUENCE {
-** ad-type[0] INTEGER,
-** ad-data[1] OCTET STRING
-** }
-*/
-typedef struct krb5_authorization_st
- {
- ASN1_INTEGER *adtype;
- ASN1_OCTET_STRING *addata;
- } KRB5_AUTHDATA;
-
-DECLARE_STACK_OF(KRB5_AUTHDATA)
-
-
-/* -- Unencrypted authenticator
-** Authenticator ::= [APPLICATION 2] SEQUENCE {
-** authenticator-vno[0] INTEGER,
-** crealm[1] Realm,
-** cname[2] PrincipalName,
-** cksum[3] Checksum OPTIONAL,
-** cusec[4] INTEGER,
-** ctime[5] KerberosTime,
-** subkey[6] EncryptionKey OPTIONAL,
-** seq-number[7] INTEGER OPTIONAL,
-** authorization-data[8] AuthorizationData OPTIONAL
-** }
-*/
-typedef struct krb5_authenticator_st
- {
- ASN1_INTEGER *avno;
- ASN1_GENERALSTRING *crealm;
- KRB5_PRINCNAME *cname;
- KRB5_CHECKSUM *cksum;
- ASN1_INTEGER *cusec;
- ASN1_GENERALIZEDTIME *ctime;
- KRB5_ENCKEY *subkey;
- ASN1_INTEGER *seqnum;
- KRB5_AUTHDATA *authorization;
- } KRB5_AUTHENTBODY;
-
-typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
-DECLARE_STACK_OF(KRB5_AUTHENTBODY)
-
-
-/* DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
-** type *name##_new(void);
-** void name##_free(type *a);
-** DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
-** DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
-** type *d2i_##name(type **a, const unsigned char **in, long len);
-** int i2d_##name(type *a, unsigned char **out);
-** DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
-*/
-
-DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
-DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
-DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)
-DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)
-
-DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)
-DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
-DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.h (from rev 6976, vendor-crypto/openssl/dist/crypto/krb5/krb5_asn.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/krb5/krb5_asn.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,240 @@
+/* krb5_asn.h */
+/*
+ * Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project, **
+ * using ocsp/{*.h,*asn*.c} as a starting point
+ */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_KRB5_ASN_H
+# define HEADER_KRB5_ASN_H
+
+/*
+ * #include <krb5.h>
+ */
+# include <openssl/safestack.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * ASN.1 from Kerberos RFC 1510
+ */
+
+/*- EncryptedData ::= SEQUENCE {
+ * etype[0] INTEGER, -- EncryptionType
+ * kvno[1] INTEGER OPTIONAL,
+ * cipher[2] OCTET STRING -- ciphertext
+ * }
+ */
+typedef struct krb5_encdata_st {
+ ASN1_INTEGER *etype;
+ ASN1_INTEGER *kvno;
+ ASN1_OCTET_STRING *cipher;
+} KRB5_ENCDATA;
+
+DECLARE_STACK_OF(KRB5_ENCDATA)
+
+/*- PrincipalName ::= SEQUENCE {
+ * name-type[0] INTEGER,
+ * name-string[1] SEQUENCE OF GeneralString
+ * }
+ */
+typedef struct krb5_princname_st {
+ ASN1_INTEGER *nametype;
+ STACK_OF(ASN1_GENERALSTRING) *namestring;
+} KRB5_PRINCNAME;
+
+DECLARE_STACK_OF(KRB5_PRINCNAME)
+
+/*- Ticket ::= [APPLICATION 1] SEQUENCE {
+ * tkt-vno[0] INTEGER,
+ * realm[1] Realm,
+ * sname[2] PrincipalName,
+ * enc-part[3] EncryptedData
+ * }
+ */
+typedef struct krb5_tktbody_st {
+ ASN1_INTEGER *tktvno;
+ ASN1_GENERALSTRING *realm;
+ KRB5_PRINCNAME *sname;
+ KRB5_ENCDATA *encdata;
+} KRB5_TKTBODY;
+
+typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
+DECLARE_STACK_OF(KRB5_TKTBODY)
+
+/*- AP-REQ ::= [APPLICATION 14] SEQUENCE {
+ * pvno[0] INTEGER,
+ * msg-type[1] INTEGER,
+ * ap-options[2] APOptions,
+ * ticket[3] Ticket,
+ * authenticator[4] EncryptedData
+ * }
+ *
+ * APOptions ::= BIT STRING {
+ * reserved(0), use-session-key(1), mutual-required(2) }
+ */
+typedef struct krb5_ap_req_st {
+ ASN1_INTEGER *pvno;
+ ASN1_INTEGER *msgtype;
+ ASN1_BIT_STRING *apoptions;
+ KRB5_TICKET *ticket;
+ KRB5_ENCDATA *authenticator;
+} KRB5_APREQBODY;
+
+typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
+DECLARE_STACK_OF(KRB5_APREQBODY)
+
+/* Authenticator Stuff */
+
+/*- Checksum ::= SEQUENCE {
+ * cksumtype[0] INTEGER,
+ * checksum[1] OCTET STRING
+ * }
+ */
+typedef struct krb5_checksum_st {
+ ASN1_INTEGER *ctype;
+ ASN1_OCTET_STRING *checksum;
+} KRB5_CHECKSUM;
+
+DECLARE_STACK_OF(KRB5_CHECKSUM)
+
+/*- EncryptionKey ::= SEQUENCE {
+ * keytype[0] INTEGER,
+ * keyvalue[1] OCTET STRING
+ * }
+ */
+typedef struct krb5_encryptionkey_st {
+ ASN1_INTEGER *ktype;
+ ASN1_OCTET_STRING *keyvalue;
+} KRB5_ENCKEY;
+
+DECLARE_STACK_OF(KRB5_ENCKEY)
+
+/*- AuthorizationData ::= SEQUENCE OF SEQUENCE {
+ * ad-type[0] INTEGER,
+ * ad-data[1] OCTET STRING
+ * }
+ */
+typedef struct krb5_authorization_st {
+ ASN1_INTEGER *adtype;
+ ASN1_OCTET_STRING *addata;
+} KRB5_AUTHDATA;
+
+DECLARE_STACK_OF(KRB5_AUTHDATA)
+
+/*- -- Unencrypted authenticator
+ * Authenticator ::= [APPLICATION 2] SEQUENCE {
+ * authenticator-vno[0] INTEGER,
+ * crealm[1] Realm,
+ * cname[2] PrincipalName,
+ * cksum[3] Checksum OPTIONAL,
+ * cusec[4] INTEGER,
+ * ctime[5] KerberosTime,
+ * subkey[6] EncryptionKey OPTIONAL,
+ * seq-number[7] INTEGER OPTIONAL,
+ * authorization-data[8] AuthorizationData OPTIONAL
+ * }
+ */
+typedef struct krb5_authenticator_st {
+ ASN1_INTEGER *avno;
+ ASN1_GENERALSTRING *crealm;
+ KRB5_PRINCNAME *cname;
+ KRB5_CHECKSUM *cksum;
+ ASN1_INTEGER *cusec;
+ ASN1_GENERALIZEDTIME *ctime;
+ KRB5_ENCKEY *subkey;
+ ASN1_INTEGER *seqnum;
+ KRB5_AUTHDATA *authorization;
+} KRB5_AUTHENTBODY;
+
+typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
+DECLARE_STACK_OF(KRB5_AUTHENTBODY)
+
+/*- DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
+ * type *name##_new(void);
+ * void name##_free(type *a);
+ * DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
+ * DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
+ * type *d2i_##name(type **a, const unsigned char **in, long len);
+ * int i2d_##name(type *a, unsigned char **out);
+ * DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
+ */
+
+DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
+DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
+DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)
+DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)
+
+DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)
+DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_stats.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/lhash/lh_stats.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_stats.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,248 +0,0 @@
-/* crypto/lhash/lh_stats.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-/* If you wish to build this outside of SSLeay, remove the following lines
- * and things should work as expected */
-#include "cryptlib.h"
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/lhash.h>
-
-#ifdef OPENSSL_NO_BIO
-
-void lh_stats(LHASH *lh, FILE *out)
- {
- fprintf(out,"num_items = %lu\n",lh->num_items);
- fprintf(out,"num_nodes = %u\n",lh->num_nodes);
- fprintf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes);
- fprintf(out,"num_expands = %lu\n",lh->num_expands);
- fprintf(out,"num_expand_reallocs = %lu\n",lh->num_expand_reallocs);
- fprintf(out,"num_contracts = %lu\n",lh->num_contracts);
- fprintf(out,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
- fprintf(out,"num_hash_calls = %lu\n",lh->num_hash_calls);
- fprintf(out,"num_comp_calls = %lu\n",lh->num_comp_calls);
- fprintf(out,"num_insert = %lu\n",lh->num_insert);
- fprintf(out,"num_replace = %lu\n",lh->num_replace);
- fprintf(out,"num_delete = %lu\n",lh->num_delete);
- fprintf(out,"num_no_delete = %lu\n",lh->num_no_delete);
- fprintf(out,"num_retrieve = %lu\n",lh->num_retrieve);
- fprintf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss);
- fprintf(out,"num_hash_comps = %lu\n",lh->num_hash_comps);
-#if 0
- fprintf(out,"p = %u\n",lh->p);
- fprintf(out,"pmax = %u\n",lh->pmax);
- fprintf(out,"up_load = %lu\n",lh->up_load);
- fprintf(out,"down_load = %lu\n",lh->down_load);
-#endif
- }
-
-void lh_node_stats(LHASH *lh, FILE *out)
- {
- LHASH_NODE *n;
- unsigned int i,num;
-
- for (i=0; i<lh->num_nodes; i++)
- {
- for (n=lh->b[i],num=0; n != NULL; n=n->next)
- num++;
- fprintf(out,"node %6u -> %3u\n",i,num);
- }
- }
-
-void lh_node_usage_stats(LHASH *lh, FILE *out)
- {
- LHASH_NODE *n;
- unsigned long num;
- unsigned int i;
- unsigned long total=0,n_used=0;
-
- for (i=0; i<lh->num_nodes; i++)
- {
- for (n=lh->b[i],num=0; n != NULL; n=n->next)
- num++;
- if (num != 0)
- {
- n_used++;
- total+=num;
- }
- }
- fprintf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
- fprintf(out,"%lu items\n",total);
- if (n_used == 0) return;
- fprintf(out,"load %d.%02d actual load %d.%02d\n",
- (int)(total/lh->num_nodes),
- (int)((total%lh->num_nodes)*100/lh->num_nodes),
- (int)(total/n_used),
- (int)((total%n_used)*100/n_used));
- }
-
-#else
-
-#ifndef OPENSSL_NO_FP_API
-void lh_stats(const LHASH *lh, FILE *fp)
- {
- BIO *bp;
-
- bp=BIO_new(BIO_s_file());
- if (bp == NULL) goto end;
- BIO_set_fp(bp,fp,BIO_NOCLOSE);
- lh_stats_bio(lh,bp);
- BIO_free(bp);
-end:;
- }
-
-void lh_node_stats(const LHASH *lh, FILE *fp)
- {
- BIO *bp;
-
- bp=BIO_new(BIO_s_file());
- if (bp == NULL) goto end;
- BIO_set_fp(bp,fp,BIO_NOCLOSE);
- lh_node_stats_bio(lh,bp);
- BIO_free(bp);
-end:;
- }
-
-void lh_node_usage_stats(const LHASH *lh, FILE *fp)
- {
- BIO *bp;
-
- bp=BIO_new(BIO_s_file());
- if (bp == NULL) goto end;
- BIO_set_fp(bp,fp,BIO_NOCLOSE);
- lh_node_usage_stats_bio(lh,bp);
- BIO_free(bp);
-end:;
- }
-
-#endif
-
-void lh_stats_bio(const LHASH *lh, BIO *out)
- {
- BIO_printf(out,"num_items = %lu\n",lh->num_items);
- BIO_printf(out,"num_nodes = %u\n",lh->num_nodes);
- BIO_printf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes);
- BIO_printf(out,"num_expands = %lu\n",lh->num_expands);
- BIO_printf(out,"num_expand_reallocs = %lu\n",
- lh->num_expand_reallocs);
- BIO_printf(out,"num_contracts = %lu\n",lh->num_contracts);
- BIO_printf(out,"num_contract_reallocs = %lu\n",
- lh->num_contract_reallocs);
- BIO_printf(out,"num_hash_calls = %lu\n",lh->num_hash_calls);
- BIO_printf(out,"num_comp_calls = %lu\n",lh->num_comp_calls);
- BIO_printf(out,"num_insert = %lu\n",lh->num_insert);
- BIO_printf(out,"num_replace = %lu\n",lh->num_replace);
- BIO_printf(out,"num_delete = %lu\n",lh->num_delete);
- BIO_printf(out,"num_no_delete = %lu\n",lh->num_no_delete);
- BIO_printf(out,"num_retrieve = %lu\n",lh->num_retrieve);
- BIO_printf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss);
- BIO_printf(out,"num_hash_comps = %lu\n",lh->num_hash_comps);
-#if 0
- BIO_printf(out,"p = %u\n",lh->p);
- BIO_printf(out,"pmax = %u\n",lh->pmax);
- BIO_printf(out,"up_load = %lu\n",lh->up_load);
- BIO_printf(out,"down_load = %lu\n",lh->down_load);
-#endif
- }
-
-void lh_node_stats_bio(const LHASH *lh, BIO *out)
- {
- LHASH_NODE *n;
- unsigned int i,num;
-
- for (i=0; i<lh->num_nodes; i++)
- {
- for (n=lh->b[i],num=0; n != NULL; n=n->next)
- num++;
- BIO_printf(out,"node %6u -> %3u\n",i,num);
- }
- }
-
-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out)
- {
- LHASH_NODE *n;
- unsigned long num;
- unsigned int i;
- unsigned long total=0,n_used=0;
-
- for (i=0; i<lh->num_nodes; i++)
- {
- for (n=lh->b[i],num=0; n != NULL; n=n->next)
- num++;
- if (num != 0)
- {
- n_used++;
- total+=num;
- }
- }
- BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
- BIO_printf(out,"%lu items\n",total);
- if (n_used == 0) return;
- BIO_printf(out,"load %d.%02d actual load %d.%02d\n",
- (int)(total/lh->num_nodes),
- (int)((total%lh->num_nodes)*100/lh->num_nodes),
- (int)(total/n_used),
- (int)((total%n_used)*100/n_used));
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_stats.c (from rev 6976, vendor-crypto/openssl/dist/crypto/lhash/lh_stats.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_stats.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_stats.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,246 @@
+/* crypto/lhash/lh_stats.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+/*
+ * If you wish to build this outside of SSLeay, remove the following lines
+ * and things should work as expected
+ */
+#include "cryptlib.h"
+
+#ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+#endif
+#include <openssl/lhash.h>
+
+#ifdef OPENSSL_NO_BIO
+
+void lh_stats(LHASH *lh, FILE *out)
+{
+ fprintf(out, "num_items = %lu\n", lh->num_items);
+ fprintf(out, "num_nodes = %u\n", lh->num_nodes);
+ fprintf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes);
+ fprintf(out, "num_expands = %lu\n", lh->num_expands);
+ fprintf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs);
+ fprintf(out, "num_contracts = %lu\n", lh->num_contracts);
+ fprintf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs);
+ fprintf(out, "num_hash_calls = %lu\n", lh->num_hash_calls);
+ fprintf(out, "num_comp_calls = %lu\n", lh->num_comp_calls);
+ fprintf(out, "num_insert = %lu\n", lh->num_insert);
+ fprintf(out, "num_replace = %lu\n", lh->num_replace);
+ fprintf(out, "num_delete = %lu\n", lh->num_delete);
+ fprintf(out, "num_no_delete = %lu\n", lh->num_no_delete);
+ fprintf(out, "num_retrieve = %lu\n", lh->num_retrieve);
+ fprintf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss);
+ fprintf(out, "num_hash_comps = %lu\n", lh->num_hash_comps);
+# if 0
+ fprintf(out, "p = %u\n", lh->p);
+ fprintf(out, "pmax = %u\n", lh->pmax);
+ fprintf(out, "up_load = %lu\n", lh->up_load);
+ fprintf(out, "down_load = %lu\n", lh->down_load);
+# endif
+}
+
+void lh_node_stats(LHASH *lh, FILE *out)
+{
+ LHASH_NODE *n;
+ unsigned int i, num;
+
+ for (i = 0; i < lh->num_nodes; i++) {
+ for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+ num++;
+ fprintf(out, "node %6u -> %3u\n", i, num);
+ }
+}
+
+void lh_node_usage_stats(LHASH *lh, FILE *out)
+{
+ LHASH_NODE *n;
+ unsigned long num;
+ unsigned int i;
+ unsigned long total = 0, n_used = 0;
+
+ for (i = 0; i < lh->num_nodes; i++) {
+ for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+ num++;
+ if (num != 0) {
+ n_used++;
+ total += num;
+ }
+ }
+ fprintf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes);
+ fprintf(out, "%lu items\n", total);
+ if (n_used == 0)
+ return;
+ fprintf(out, "load %d.%02d actual load %d.%02d\n",
+ (int)(total / lh->num_nodes),
+ (int)((total % lh->num_nodes) * 100 / lh->num_nodes),
+ (int)(total / n_used), (int)((total % n_used) * 100 / n_used));
+}
+
+#else
+
+# ifndef OPENSSL_NO_FP_API
+void lh_stats(const LHASH *lh, FILE *fp)
+{
+ BIO *bp;
+
+ bp = BIO_new(BIO_s_file());
+ if (bp == NULL)
+ goto end;
+ BIO_set_fp(bp, fp, BIO_NOCLOSE);
+ lh_stats_bio(lh, bp);
+ BIO_free(bp);
+ end:;
+}
+
+void lh_node_stats(const LHASH *lh, FILE *fp)
+{
+ BIO *bp;
+
+ bp = BIO_new(BIO_s_file());
+ if (bp == NULL)
+ goto end;
+ BIO_set_fp(bp, fp, BIO_NOCLOSE);
+ lh_node_stats_bio(lh, bp);
+ BIO_free(bp);
+ end:;
+}
+
+void lh_node_usage_stats(const LHASH *lh, FILE *fp)
+{
+ BIO *bp;
+
+ bp = BIO_new(BIO_s_file());
+ if (bp == NULL)
+ goto end;
+ BIO_set_fp(bp, fp, BIO_NOCLOSE);
+ lh_node_usage_stats_bio(lh, bp);
+ BIO_free(bp);
+ end:;
+}
+
+# endif
+
+void lh_stats_bio(const LHASH *lh, BIO *out)
+{
+ BIO_printf(out, "num_items = %lu\n", lh->num_items);
+ BIO_printf(out, "num_nodes = %u\n", lh->num_nodes);
+ BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes);
+ BIO_printf(out, "num_expands = %lu\n", lh->num_expands);
+ BIO_printf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs);
+ BIO_printf(out, "num_contracts = %lu\n", lh->num_contracts);
+ BIO_printf(out, "num_contract_reallocs = %lu\n",
+ lh->num_contract_reallocs);
+ BIO_printf(out, "num_hash_calls = %lu\n", lh->num_hash_calls);
+ BIO_printf(out, "num_comp_calls = %lu\n", lh->num_comp_calls);
+ BIO_printf(out, "num_insert = %lu\n", lh->num_insert);
+ BIO_printf(out, "num_replace = %lu\n", lh->num_replace);
+ BIO_printf(out, "num_delete = %lu\n", lh->num_delete);
+ BIO_printf(out, "num_no_delete = %lu\n", lh->num_no_delete);
+ BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve);
+ BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss);
+ BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps);
+# if 0
+ BIO_printf(out, "p = %u\n", lh->p);
+ BIO_printf(out, "pmax = %u\n", lh->pmax);
+ BIO_printf(out, "up_load = %lu\n", lh->up_load);
+ BIO_printf(out, "down_load = %lu\n", lh->down_load);
+# endif
+}
+
+void lh_node_stats_bio(const LHASH *lh, BIO *out)
+{
+ LHASH_NODE *n;
+ unsigned int i, num;
+
+ for (i = 0; i < lh->num_nodes; i++) {
+ for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+ num++;
+ BIO_printf(out, "node %6u -> %3u\n", i, num);
+ }
+}
+
+void lh_node_usage_stats_bio(const LHASH *lh, BIO *out)
+{
+ LHASH_NODE *n;
+ unsigned long num;
+ unsigned int i;
+ unsigned long total = 0, n_used = 0;
+
+ for (i = 0; i < lh->num_nodes; i++) {
+ for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+ num++;
+ if (num != 0) {
+ n_used++;
+ total += num;
+ }
+ }
+ BIO_printf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes);
+ BIO_printf(out, "%lu items\n", total);
+ if (n_used == 0)
+ return;
+ BIO_printf(out, "load %d.%02d actual load %d.%02d\n",
+ (int)(total / lh->num_nodes),
+ (int)((total % lh->num_nodes) * 100 / lh->num_nodes),
+ (int)(total / n_used), (int)((total % n_used) * 100 / n_used));
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/lhash/lh_test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,88 +0,0 @@
-/* crypto/lhash/lh_test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/lhash.h>
-
-main()
- {
- LHASH *conf;
- char buf[256];
- int i;
-
- conf=lh_new(lh_strhash,strcmp);
- for (;;)
- {
- char *p;
-
- buf[0]='\0';
- fgets(buf,256,stdin);
- if (buf[0] == '\0') break;
- i=strlen(buf);
- p=OPENSSL_malloc(i+1);
- memcpy(p,buf,i+1);
- lh_insert(conf,p);
- }
-
- lh_node_stats(conf,stdout);
- lh_stats(conf,stdout);
- lh_node_usage_stats(conf,stdout);
- exit(0);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/lhash/lh_test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/lhash/lh_test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,88 @@
+/* crypto/lhash/lh_test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/lhash.h>
+
+main()
+{
+ LHASH *conf;
+ char buf[256];
+ int i;
+
+ conf = lh_new(lh_strhash, strcmp);
+ for (;;) {
+ char *p;
+
+ buf[0] = '\0';
+ fgets(buf, 256, stdin);
+ if (buf[0] == '\0')
+ break;
+ i = strlen(buf);
+ p = OPENSSL_malloc(i + 1);
+ memcpy(p, buf, i + 1);
+ lh_insert(conf, p);
+ }
+
+ lh_node_stats(conf, stdout);
+ lh_stats(conf, stdout);
+ lh_node_usage_stats(conf, stdout);
+ exit(0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/lhash/lhash.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,474 +0,0 @@
-/* crypto/lhash/lhash.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Code for dynamic hash table routines
- * Author - Eric Young v 2.0
- *
- * 2.2 eay - added #include "crypto.h" so the memory leak checking code is
- * present. eay 18-Jun-98
- *
- * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
- *
- * 2.0 eay - Fixed a bug that occurred when using lh_delete
- * from inside lh_doall(). As entries were deleted,
- * the 'table' was 'contract()ed', making some entries
- * jump from the end of the table to the start, there by
- * skipping the lh_doall() processing. eay - 4/12/95
- *
- * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
- * were not being free()ed. 21/11/95
- *
- * 1.8 eay - Put the stats routines into a separate file, lh_stats.c
- * 19/09/95
- *
- * 1.7 eay - Removed the fputs() for realloc failures - the code
- * should silently tolerate them. I have also fixed things
- * lint complained about 04/05/95
- *
- * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92
- *
- * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992
- *
- * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91
- *
- * 1.3 eay - Fixed a few lint problems 19/3/1991
- *
- * 1.2 eay - Fixed lh_doall problem 13/3/1991
- *
- * 1.1 eay - Added lh_doall
- *
- * 1.0 eay - First version
- */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-
-const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT;
-
-#undef MIN_NODES
-#define MIN_NODES 16
-#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */
-#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */
-
-static void expand(LHASH *lh);
-static void contract(LHASH *lh);
-static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash);
-
-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
- {
- LHASH *ret;
- int i;
-
- if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL)
- goto err0;
- if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
- goto err1;
- for (i=0; i<MIN_NODES; i++)
- ret->b[i]=NULL;
- ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c);
- ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h);
- ret->num_nodes=MIN_NODES/2;
- ret->num_alloc_nodes=MIN_NODES;
- ret->p=0;
- ret->pmax=MIN_NODES/2;
- ret->up_load=UP_LOAD;
- ret->down_load=DOWN_LOAD;
- ret->num_items=0;
-
- ret->num_expands=0;
- ret->num_expand_reallocs=0;
- ret->num_contracts=0;
- ret->num_contract_reallocs=0;
- ret->num_hash_calls=0;
- ret->num_comp_calls=0;
- ret->num_insert=0;
- ret->num_replace=0;
- ret->num_delete=0;
- ret->num_no_delete=0;
- ret->num_retrieve=0;
- ret->num_retrieve_miss=0;
- ret->num_hash_comps=0;
-
- ret->error=0;
- return(ret);
-err1:
- OPENSSL_free(ret);
-err0:
- return(NULL);
- }
-
-void lh_free(LHASH *lh)
- {
- unsigned int i;
- LHASH_NODE *n,*nn;
-
- if (lh == NULL)
- return;
-
- for (i=0; i<lh->num_nodes; i++)
- {
- n=lh->b[i];
- while (n != NULL)
- {
- nn=n->next;
- OPENSSL_free(n);
- n=nn;
- }
- }
- OPENSSL_free(lh->b);
- OPENSSL_free(lh);
- }
-
-void *lh_insert(LHASH *lh, void *data)
- {
- unsigned long hash;
- LHASH_NODE *nn,**rn;
- void *ret;
-
- lh->error=0;
- if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
- expand(lh);
-
- rn=getrn(lh,data,&hash);
-
- if (*rn == NULL)
- {
- if ((nn=(LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL)
- {
- lh->error++;
- return(NULL);
- }
- nn->data=data;
- nn->next=NULL;
-#ifndef OPENSSL_NO_HASH_COMP
- nn->hash=hash;
-#endif
- *rn=nn;
- ret=NULL;
- lh->num_insert++;
- lh->num_items++;
- }
- else /* replace same key */
- {
- ret= (*rn)->data;
- (*rn)->data=data;
- lh->num_replace++;
- }
- return(ret);
- }
-
-void *lh_delete(LHASH *lh, const void *data)
- {
- unsigned long hash;
- LHASH_NODE *nn,**rn;
- void *ret;
-
- lh->error=0;
- rn=getrn(lh,data,&hash);
-
- if (*rn == NULL)
- {
- lh->num_no_delete++;
- return(NULL);
- }
- else
- {
- nn= *rn;
- *rn=nn->next;
- ret=nn->data;
- OPENSSL_free(nn);
- lh->num_delete++;
- }
-
- lh->num_items--;
- if ((lh->num_nodes > MIN_NODES) &&
- (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))
- contract(lh);
-
- return(ret);
- }
-
-void *lh_retrieve(LHASH *lh, const void *data)
- {
- unsigned long hash;
- LHASH_NODE **rn;
- void *ret;
-
- lh->error=0;
- rn=getrn(lh,data,&hash);
-
- if (*rn == NULL)
- {
- lh->num_retrieve_miss++;
- return(NULL);
- }
- else
- {
- ret= (*rn)->data;
- lh->num_retrieve++;
- }
- return(ret);
- }
-
-static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
- LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
- {
- int i;
- LHASH_NODE *a,*n;
-
- /* reverse the order so we search from 'top to bottom'
- * We were having memory leaks otherwise */
- for (i=lh->num_nodes-1; i>=0; i--)
- {
- a=lh->b[i];
- while (a != NULL)
- {
- /* 28/05/91 - eay - n added so items can be deleted
- * via lh_doall */
- n=a->next;
- if(use_arg)
- func_arg(a->data,arg);
- else
- func(a->data);
- a=n;
- }
- }
- }
-
-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func)
- {
- doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
- }
-
-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
- {
- doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
- }
-
-static void expand(LHASH *lh)
- {
- LHASH_NODE **n,**n1,**n2,*np;
- unsigned int p,i,j,pmax;
- unsigned long hash,nni;
-
- p=(int)lh->p++;
- nni=lh->num_alloc_nodes;
- pmax=lh->pmax;
-
- if ((lh->p) >= lh->pmax)
- {
- j=(int)lh->num_alloc_nodes*2;
- n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
- (int)sizeof(LHASH_NODE *)*j);
- if (n == NULL)
- {
-/* fputs("realloc error in lhash",stderr); */
- lh->error++;
- lh->p=0;
- return;
- }
- /* else */
- for (i=(int)lh->num_alloc_nodes; i<j; i++)/* 26/02/92 eay */
- n[i]=NULL; /* 02/03/92 eay */
- lh->pmax=lh->num_alloc_nodes;
- lh->num_alloc_nodes=j;
- lh->num_expand_reallocs++;
- lh->p=0;
- lh->b=n;
- }
-
- lh->num_nodes++;
- lh->num_expands++;
- n1= &(lh->b[p]);
- n2= &(lh->b[p+pmax]);
- *n2=NULL; /* 27/07/92 - eay - undefined pointer bug */
-
- for (np= *n1; np != NULL; )
- {
-#ifndef OPENSSL_NO_HASH_COMP
- hash=np->hash;
-#else
- hash=lh->hash(np->data);
- lh->num_hash_calls++;
-#endif
- if ((hash%nni) != p)
- { /* move it */
- *n1= (*n1)->next;
- np->next= *n2;
- *n2=np;
- }
- else
- n1= &((*n1)->next);
- np= *n1;
- }
-
- }
-
-static void contract(LHASH *lh)
- {
- LHASH_NODE **n,*n1,*np;
- int idx = lh->p+lh->pmax-1;
-
- np=lh->b[idx];
- if (lh->p == 0)
- {
- n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
- (unsigned int)(sizeof(LHASH_NODE *)*lh->pmax));
- if (n == NULL)
- {
-/* fputs("realloc error in lhash",stderr); */
- lh->error++;
- return;
- }
- lh->num_contract_reallocs++;
- lh->num_alloc_nodes/=2;
- lh->pmax/=2;
- lh->p=lh->pmax-1;
- lh->b=n;
- }
- else
- lh->p--;
-
- lh->b[idx] = NULL;
- lh->num_nodes--;
- lh->num_contracts++;
-
- n1=lh->b[(int)lh->p];
- if (n1 == NULL)
- lh->b[(int)lh->p]=np;
- else
- {
- while (n1->next != NULL)
- n1=n1->next;
- n1->next=np;
- }
- }
-
-static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash)
- {
- LHASH_NODE **ret,*n1;
- unsigned long hash,nn;
- LHASH_COMP_FN_TYPE cf;
-
- hash=(*(lh->hash))(data);
- lh->num_hash_calls++;
- *rhash=hash;
-
- nn=hash%lh->pmax;
- if (nn < lh->p)
- nn=hash%lh->num_alloc_nodes;
-
- cf=lh->comp;
- ret= &(lh->b[(int)nn]);
- for (n1= *ret; n1 != NULL; n1=n1->next)
- {
-#ifndef OPENSSL_NO_HASH_COMP
- lh->num_hash_comps++;
- if (n1->hash != hash)
- {
- ret= &(n1->next);
- continue;
- }
-#endif
- lh->num_comp_calls++;
- if(cf(n1->data,data) == 0)
- break;
- ret= &(n1->next);
- }
- return(ret);
- }
-
-/* The following hash seems to work very well on normal text strings
- * no collisions on /usr/dict/words and it distributes on %2^n quite
- * well, not as good as MD5, but still good.
- */
-unsigned long lh_strhash(const char *c)
- {
- unsigned long ret=0;
- long n;
- unsigned long v;
- int r;
-
- if ((c == NULL) || (*c == '\0'))
- return(ret);
-/*
- unsigned char b[16];
- MD5(c,strlen(c),b);
- return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));
-*/
-
- n=0x100;
- while (*c)
- {
- v=n|(*c);
- n+=0x100;
- r= (int)((v>>2)^v)&0x0f;
- ret=(ret<<r)|(ret>>(32-r));
- ret&=0xFFFFFFFFL;
- ret^=v*v;
- c++;
- }
- return((ret>>16)^ret);
- }
-
-unsigned long lh_num_items(const LHASH *lh)
- {
- return lh ? lh->num_items : 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.c (from rev 6976, vendor-crypto/openssl/dist/crypto/lhash/lhash.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,457 @@
+/* crypto/lhash/lhash.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*-
+ * Code for dynamic hash table routines
+ * Author - Eric Young v 2.0
+ *
+ * 2.2 eay - added #include "crypto.h" so the memory leak checking code is
+ * present. eay 18-Jun-98
+ *
+ * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
+ *
+ * 2.0 eay - Fixed a bug that occurred when using lh_delete
+ * from inside lh_doall(). As entries were deleted,
+ * the 'table' was 'contract()ed', making some entries
+ * jump from the end of the table to the start, there by
+ * skipping the lh_doall() processing. eay - 4/12/95
+ *
+ * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
+ * were not being free()ed. 21/11/95
+ *
+ * 1.8 eay - Put the stats routines into a separate file, lh_stats.c
+ * 19/09/95
+ *
+ * 1.7 eay - Removed the fputs() for realloc failures - the code
+ * should silently tolerate them. I have also fixed things
+ * lint complained about 04/05/95
+ *
+ * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92
+ *
+ * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992
+ *
+ * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91
+ *
+ * 1.3 eay - Fixed a few lint problems 19/3/1991
+ *
+ * 1.2 eay - Fixed lh_doall problem 13/3/1991
+ *
+ * 1.1 eay - Added lh_doall
+ *
+ * 1.0 eay - First version
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+
+const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
+
+#undef MIN_NODES
+#define MIN_NODES 16
+#define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */
+#define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */
+
+static void expand(LHASH *lh);
+static void contract(LHASH *lh);
+static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash);
+
+LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
+{
+ LHASH *ret;
+ int i;
+
+ if ((ret = (LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL)
+ goto err0;
+ if ((ret->b =
+ (LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *) * MIN_NODES)) ==
+ NULL)
+ goto err1;
+ for (i = 0; i < MIN_NODES; i++)
+ ret->b[i] = NULL;
+ ret->comp = ((c == NULL) ? (LHASH_COMP_FN_TYPE)strcmp : c);
+ ret->hash = ((h == NULL) ? (LHASH_HASH_FN_TYPE)lh_strhash : h);
+ ret->num_nodes = MIN_NODES / 2;
+ ret->num_alloc_nodes = MIN_NODES;
+ ret->p = 0;
+ ret->pmax = MIN_NODES / 2;
+ ret->up_load = UP_LOAD;
+ ret->down_load = DOWN_LOAD;
+ ret->num_items = 0;
+
+ ret->num_expands = 0;
+ ret->num_expand_reallocs = 0;
+ ret->num_contracts = 0;
+ ret->num_contract_reallocs = 0;
+ ret->num_hash_calls = 0;
+ ret->num_comp_calls = 0;
+ ret->num_insert = 0;
+ ret->num_replace = 0;
+ ret->num_delete = 0;
+ ret->num_no_delete = 0;
+ ret->num_retrieve = 0;
+ ret->num_retrieve_miss = 0;
+ ret->num_hash_comps = 0;
+
+ ret->error = 0;
+ return (ret);
+ err1:
+ OPENSSL_free(ret);
+ err0:
+ return (NULL);
+}
+
+void lh_free(LHASH *lh)
+{
+ unsigned int i;
+ LHASH_NODE *n, *nn;
+
+ if (lh == NULL)
+ return;
+
+ for (i = 0; i < lh->num_nodes; i++) {
+ n = lh->b[i];
+ while (n != NULL) {
+ nn = n->next;
+ OPENSSL_free(n);
+ n = nn;
+ }
+ }
+ OPENSSL_free(lh->b);
+ OPENSSL_free(lh);
+}
+
+void *lh_insert(LHASH *lh, void *data)
+{
+ unsigned long hash;
+ LHASH_NODE *nn, **rn;
+ void *ret;
+
+ lh->error = 0;
+ if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))
+ expand(lh);
+
+ rn = getrn(lh, data, &hash);
+
+ if (*rn == NULL) {
+ if ((nn = (LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) {
+ lh->error++;
+ return (NULL);
+ }
+ nn->data = data;
+ nn->next = NULL;
+#ifndef OPENSSL_NO_HASH_COMP
+ nn->hash = hash;
+#endif
+ *rn = nn;
+ ret = NULL;
+ lh->num_insert++;
+ lh->num_items++;
+ } else { /* replace same key */
+
+ ret = (*rn)->data;
+ (*rn)->data = data;
+ lh->num_replace++;
+ }
+ return (ret);
+}
+
+void *lh_delete(LHASH *lh, const void *data)
+{
+ unsigned long hash;
+ LHASH_NODE *nn, **rn;
+ void *ret;
+
+ lh->error = 0;
+ rn = getrn(lh, data, &hash);
+
+ if (*rn == NULL) {
+ lh->num_no_delete++;
+ return (NULL);
+ } else {
+ nn = *rn;
+ *rn = nn->next;
+ ret = nn->data;
+ OPENSSL_free(nn);
+ lh->num_delete++;
+ }
+
+ lh->num_items--;
+ if ((lh->num_nodes > MIN_NODES) &&
+ (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)))
+ contract(lh);
+
+ return (ret);
+}
+
+void *lh_retrieve(LHASH *lh, const void *data)
+{
+ unsigned long hash;
+ LHASH_NODE **rn;
+ void *ret;
+
+ lh->error = 0;
+ rn = getrn(lh, data, &hash);
+
+ if (*rn == NULL) {
+ lh->num_retrieve_miss++;
+ return (NULL);
+ } else {
+ ret = (*rn)->data;
+ lh->num_retrieve++;
+ }
+ return (ret);
+}
+
+static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
+ LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
+{
+ int i;
+ LHASH_NODE *a, *n;
+
+ /*
+ * reverse the order so we search from 'top to bottom' We were having
+ * memory leaks otherwise
+ */
+ for (i = lh->num_nodes - 1; i >= 0; i--) {
+ a = lh->b[i];
+ while (a != NULL) {
+ /*
+ * 28/05/91 - eay - n added so items can be deleted via lh_doall
+ */
+ n = a->next;
+ if (use_arg)
+ func_arg(a->data, arg);
+ else
+ func(a->data);
+ a = n;
+ }
+ }
+}
+
+void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func)
+{
+ doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
+}
+
+void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
+{
+ doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
+}
+
+static void expand(LHASH *lh)
+{
+ LHASH_NODE **n, **n1, **n2, *np;
+ unsigned int p, i, j, pmax;
+ unsigned long hash, nni;
+
+ p = (int)lh->p++;
+ nni = lh->num_alloc_nodes;
+ pmax = lh->pmax;
+
+ if ((lh->p) >= lh->pmax) {
+ j = (int)lh->num_alloc_nodes * 2;
+ n = (LHASH_NODE **)OPENSSL_realloc(lh->b,
+ (int)sizeof(LHASH_NODE *) * j);
+ if (n == NULL) {
+/* fputs("realloc error in lhash",stderr); */
+ lh->error++;
+ lh->p = 0;
+ return;
+ }
+ /* else */
+ for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */
+ n[i] = NULL; /* 02/03/92 eay */
+ lh->pmax = lh->num_alloc_nodes;
+ lh->num_alloc_nodes = j;
+ lh->num_expand_reallocs++;
+ lh->p = 0;
+ lh->b = n;
+ }
+
+ lh->num_nodes++;
+ lh->num_expands++;
+ n1 = &(lh->b[p]);
+ n2 = &(lh->b[p + pmax]);
+ *n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */
+
+ for (np = *n1; np != NULL;) {
+#ifndef OPENSSL_NO_HASH_COMP
+ hash = np->hash;
+#else
+ hash = lh->hash(np->data);
+ lh->num_hash_calls++;
+#endif
+ if ((hash % nni) != p) { /* move it */
+ *n1 = (*n1)->next;
+ np->next = *n2;
+ *n2 = np;
+ } else
+ n1 = &((*n1)->next);
+ np = *n1;
+ }
+
+}
+
+static void contract(LHASH *lh)
+{
+ LHASH_NODE **n, *n1, *np;
+ int idx = lh->p + lh->pmax - 1;
+
+ np = lh->b[idx];
+ if (lh->p == 0) {
+ n = (LHASH_NODE **)OPENSSL_realloc(lh->b,
+ (unsigned int)(sizeof(LHASH_NODE *)
+ * lh->pmax));
+ if (n == NULL) {
+/* fputs("realloc error in lhash",stderr); */
+ lh->error++;
+ return;
+ }
+ lh->num_contract_reallocs++;
+ lh->num_alloc_nodes /= 2;
+ lh->pmax /= 2;
+ lh->p = lh->pmax - 1;
+ lh->b = n;
+ } else
+ lh->p--;
+
+ lh->b[idx] = NULL;
+ lh->num_nodes--;
+ lh->num_contracts++;
+
+ n1 = lh->b[(int)lh->p];
+ if (n1 == NULL)
+ lh->b[(int)lh->p] = np;
+ else {
+ while (n1->next != NULL)
+ n1 = n1->next;
+ n1->next = np;
+ }
+}
+
+static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash)
+{
+ LHASH_NODE **ret, *n1;
+ unsigned long hash, nn;
+ LHASH_COMP_FN_TYPE cf;
+
+ hash = (*(lh->hash)) (data);
+ lh->num_hash_calls++;
+ *rhash = hash;
+
+ nn = hash % lh->pmax;
+ if (nn < lh->p)
+ nn = hash % lh->num_alloc_nodes;
+
+ cf = lh->comp;
+ ret = &(lh->b[(int)nn]);
+ for (n1 = *ret; n1 != NULL; n1 = n1->next) {
+#ifndef OPENSSL_NO_HASH_COMP
+ lh->num_hash_comps++;
+ if (n1->hash != hash) {
+ ret = &(n1->next);
+ continue;
+ }
+#endif
+ lh->num_comp_calls++;
+ if (cf(n1->data, data) == 0)
+ break;
+ ret = &(n1->next);
+ }
+ return (ret);
+}
+
+/*
+ * The following hash seems to work very well on normal text strings no
+ * collisions on /usr/dict/words and it distributes on %2^n quite well, not
+ * as good as MD5, but still good.
+ */
+unsigned long lh_strhash(const char *c)
+{
+ unsigned long ret = 0;
+ long n;
+ unsigned long v;
+ int r;
+
+ if ((c == NULL) || (*c == '\0'))
+ return (ret);
+/*-
+ unsigned char b[16];
+ MD5(c,strlen(c),b);
+ return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));
+*/
+
+ n = 0x100;
+ while (*c) {
+ v = n | (*c);
+ n += 0x100;
+ r = (int)((v >> 2) ^ v) & 0x0f;
+ ret = (ret << r) | (ret >> (32 - r));
+ ret &= 0xFFFFFFFFL;
+ ret ^= v * v;
+ c++;
+ }
+ return ((ret >> 16) ^ ret);
+}
+
+unsigned long lh_num_items(const LHASH *lh)
+{
+ return lh ? lh->num_items : 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/lhash/lhash.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,200 +0,0 @@
-/* crypto/lhash/lhash.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Header for dynamic hash table routines
- * Author - Eric Young
- */
-
-#ifndef HEADER_LHASH_H
-#define HEADER_LHASH_H
-
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_FP_API
-#include <stdio.h>
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct lhash_node_st
- {
- void *data;
- struct lhash_node_st *next;
-#ifndef OPENSSL_NO_HASH_COMP
- unsigned long hash;
-#endif
- } LHASH_NODE;
-
-typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
-typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
-typedef void (*LHASH_DOALL_FN_TYPE)(void *);
-typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *);
-
-/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks.
- * This way, callbacks can be provided to LHASH structures without function
- * pointer casting and the macro-defined callbacks provide per-variable casting
- * before deferring to the underlying type-specific callbacks. NB: It is
- * possible to place a "static" in front of both the DECLARE and IMPLEMENT
- * macros if the functions are strictly internal. */
-
-/* First: "hash" functions */
-#define DECLARE_LHASH_HASH_FN(f_name,o_type) \
- unsigned long f_name##_LHASH_HASH(const void *);
-#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
- unsigned long f_name##_LHASH_HASH(const void *arg) { \
- o_type a = (o_type)arg; \
- return f_name(a); }
-#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
-
-/* Second: "compare" functions */
-#define DECLARE_LHASH_COMP_FN(f_name,o_type) \
- int f_name##_LHASH_COMP(const void *, const void *);
-#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
- int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
- o_type a = (o_type)arg1; \
- o_type b = (o_type)arg2; \
- return f_name(a,b); }
-#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
-
-/* Third: "doall" functions */
-#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
- void f_name##_LHASH_DOALL(void *);
-#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
- void f_name##_LHASH_DOALL(void *arg) { \
- o_type a = (o_type)arg; \
- f_name(a); }
-#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
-
-/* Fourth: "doall_arg" functions */
-#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
- void f_name##_LHASH_DOALL_ARG(void *, void *);
-#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
- void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
- o_type a = (o_type)arg1; \
- a_type b = (a_type)arg2; \
- f_name(a,b); }
-#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
-
-typedef struct lhash_st
- {
- LHASH_NODE **b;
- LHASH_COMP_FN_TYPE comp;
- LHASH_HASH_FN_TYPE hash;
- unsigned int num_nodes;
- unsigned int num_alloc_nodes;
- unsigned int p;
- unsigned int pmax;
- unsigned long up_load; /* load times 256 */
- unsigned long down_load; /* load times 256 */
- unsigned long num_items;
-
- unsigned long num_expands;
- unsigned long num_expand_reallocs;
- unsigned long num_contracts;
- unsigned long num_contract_reallocs;
- unsigned long num_hash_calls;
- unsigned long num_comp_calls;
- unsigned long num_insert;
- unsigned long num_replace;
- unsigned long num_delete;
- unsigned long num_no_delete;
- unsigned long num_retrieve;
- unsigned long num_retrieve_miss;
- unsigned long num_hash_comps;
-
- int error;
- } LHASH;
-
-#define LH_LOAD_MULT 256
-
-/* Indicates a malloc() error in the last call, this is only bad
- * in lh_insert(). */
-#define lh_error(lh) ((lh)->error)
-
-LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
-void lh_free(LHASH *lh);
-void *lh_insert(LHASH *lh, void *data);
-void *lh_delete(LHASH *lh, const void *data);
-void *lh_retrieve(LHASH *lh, const void *data);
-void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);
-void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
-unsigned long lh_strhash(const char *c);
-unsigned long lh_num_items(const LHASH *lh);
-
-#ifndef OPENSSL_NO_FP_API
-void lh_stats(const LHASH *lh, FILE *out);
-void lh_node_stats(const LHASH *lh, FILE *out);
-void lh_node_usage_stats(const LHASH *lh, FILE *out);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-void lh_stats_bio(const LHASH *lh, BIO *out);
-void lh_node_stats_bio(const LHASH *lh, BIO *out);
-void lh_node_usage_stats_bio(const LHASH *lh, BIO *out);
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.h (from rev 6976, vendor-crypto/openssl/dist/crypto/lhash/lhash.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/lhash/lhash.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,199 @@
+/* crypto/lhash/lhash.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * Header for dynamic hash table routines Author - Eric Young
+ */
+
+#ifndef HEADER_LHASH_H
+# define HEADER_LHASH_H
+
+# include <openssl/e_os2.h>
+# ifndef OPENSSL_NO_FP_API
+# include <stdio.h>
+# endif
+
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct lhash_node_st {
+ void *data;
+ struct lhash_node_st *next;
+# ifndef OPENSSL_NO_HASH_COMP
+ unsigned long hash;
+# endif
+} LHASH_NODE;
+
+typedef int (*LHASH_COMP_FN_TYPE) (const void *, const void *);
+typedef unsigned long (*LHASH_HASH_FN_TYPE) (const void *);
+typedef void (*LHASH_DOALL_FN_TYPE) (void *);
+typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *);
+
+/*
+ * Macros for declaring and implementing type-safe wrappers for LHASH
+ * callbacks. This way, callbacks can be provided to LHASH structures without
+ * function pointer casting and the macro-defined callbacks provide
+ * per-variable casting before deferring to the underlying type-specific
+ * callbacks. NB: It is possible to place a "static" in front of both the
+ * DECLARE and IMPLEMENT macros if the functions are strictly internal.
+ */
+
+/* First: "hash" functions */
+# define DECLARE_LHASH_HASH_FN(f_name,o_type) \
+ unsigned long f_name##_LHASH_HASH(const void *);
+# define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
+ unsigned long f_name##_LHASH_HASH(const void *arg) { \
+ o_type a = (o_type)arg; \
+ return f_name(a); }
+# define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
+
+/* Second: "compare" functions */
+# define DECLARE_LHASH_COMP_FN(f_name,o_type) \
+ int f_name##_LHASH_COMP(const void *, const void *);
+# define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
+ int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+ o_type a = (o_type)arg1; \
+ o_type b = (o_type)arg2; \
+ return f_name(a,b); }
+# define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
+
+/* Third: "doall" functions */
+# define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
+ void f_name##_LHASH_DOALL(void *);
+# define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
+ void f_name##_LHASH_DOALL(void *arg) { \
+ o_type a = (o_type)arg; \
+ f_name(a); }
+# define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
+
+/* Fourth: "doall_arg" functions */
+# define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+ void f_name##_LHASH_DOALL_ARG(void *, void *);
+# define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+ void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
+ o_type a = (o_type)arg1; \
+ a_type b = (a_type)arg2; \
+ f_name(a,b); }
+# define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
+
+typedef struct lhash_st {
+ LHASH_NODE **b;
+ LHASH_COMP_FN_TYPE comp;
+ LHASH_HASH_FN_TYPE hash;
+ unsigned int num_nodes;
+ unsigned int num_alloc_nodes;
+ unsigned int p;
+ unsigned int pmax;
+ unsigned long up_load; /* load times 256 */
+ unsigned long down_load; /* load times 256 */
+ unsigned long num_items;
+ unsigned long num_expands;
+ unsigned long num_expand_reallocs;
+ unsigned long num_contracts;
+ unsigned long num_contract_reallocs;
+ unsigned long num_hash_calls;
+ unsigned long num_comp_calls;
+ unsigned long num_insert;
+ unsigned long num_replace;
+ unsigned long num_delete;
+ unsigned long num_no_delete;
+ unsigned long num_retrieve;
+ unsigned long num_retrieve_miss;
+ unsigned long num_hash_comps;
+ int error;
+} LHASH;
+
+# define LH_LOAD_MULT 256
+
+/*
+ * Indicates a malloc() error in the last call, this is only bad in
+ * lh_insert().
+ */
+# define lh_error(lh) ((lh)->error)
+
+LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
+void lh_free(LHASH *lh);
+void *lh_insert(LHASH *lh, void *data);
+void *lh_delete(LHASH *lh, const void *data);
+void *lh_retrieve(LHASH *lh, const void *data);
+void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);
+void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
+unsigned long lh_strhash(const char *c);
+unsigned long lh_num_items(const LHASH *lh);
+
+# ifndef OPENSSL_NO_FP_API
+void lh_stats(const LHASH *lh, FILE *out);
+void lh_node_stats(const LHASH *lh, FILE *out);
+void lh_node_usage_stats(const LHASH *lh, FILE *out);
+# endif
+
+# ifndef OPENSSL_NO_BIO
+void lh_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_usage_stats_bio(const LHASH *lh, BIO *out);
+# endif
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md2/md2.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,124 +0,0 @@
-/* crypto/md2/md2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md2.h>
-
-#define BUFSIZE 1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-int read(int, void *, unsigned int);
-void exit(int);
-int main(int argc, char *argv[])
- {
- int i,err=0;
- FILE *IN;
-
- if (argc == 1)
- {
- do_fp(stdin);
- }
- else
- {
- for (i=1; i<argc; i++)
- {
- IN=fopen(argv[i],"r");
- if (IN == NULL)
- {
- perror(argv[i]);
- err++;
- continue;
- }
- printf("MD2(%s)= ",argv[i]);
- do_fp(IN);
- fclose(IN);
- }
- }
- exit(err);
- return(err);
- }
-
-void do_fp(FILE *f)
- {
- MD2_CTX c;
- unsigned char md[MD2_DIGEST_LENGTH];
- int fd,i;
- static unsigned char buf[BUFSIZE];
-
- fd=fileno(f);
- MD2_Init(&c);
- for (;;)
- {
- i=read(fd,buf,BUFSIZE);
- if (i <= 0) break;
- MD2_Update(&c,buf,(unsigned long)i);
- }
- MD2_Final(&(md[0]),&c);
- pt(md);
- }
-
-void pt(unsigned char *md)
- {
- int i;
-
- for (i=0; i<MD2_DIGEST_LENGTH; i++)
- printf("%02x",md[i]);
- printf("\n");
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.c (from rev 6976, vendor-crypto/openssl/dist/crypto/md2/md2.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,119 @@
+/* crypto/md2/md2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md2.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+void exit(int);
+int main(int argc, char *argv[])
+{
+ int i, err = 0;
+ FILE *IN;
+
+ if (argc == 1) {
+ do_fp(stdin);
+ } else {
+ for (i = 1; i < argc; i++) {
+ IN = fopen(argv[i], "r");
+ if (IN == NULL) {
+ perror(argv[i]);
+ err++;
+ continue;
+ }
+ printf("MD2(%s)= ", argv[i]);
+ do_fp(IN);
+ fclose(IN);
+ }
+ }
+ exit(err);
+ return (err);
+}
+
+void do_fp(FILE *f)
+{
+ MD2_CTX c;
+ unsigned char md[MD2_DIGEST_LENGTH];
+ int fd, i;
+ static unsigned char buf[BUFSIZE];
+
+ fd = fileno(f);
+ MD2_Init(&c);
+ for (;;) {
+ i = read(fd, buf, BUFSIZE);
+ if (i <= 0)
+ break;
+ MD2_Update(&c, buf, (unsigned long)i);
+ }
+ MD2_Final(&(md[0]), &c);
+ pt(md);
+}
+
+void pt(unsigned char *md)
+{
+ int i;
+
+ for (i = 0; i < MD2_DIGEST_LENGTH; i++)
+ printf("%02x", md[i]);
+ printf("\n");
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/md2/md2.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,95 +0,0 @@
-/* crypto/md/md2.h */
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MD2_H
-#define HEADER_MD2_H
-
-#include <openssl/opensslconf.h> /* OPENSSL_NO_MD2, MD2_INT */
-#ifdef OPENSSL_NO_MD2
-#error MD2 is disabled.
-#endif
-#include <stddef.h>
-
-#define MD2_DIGEST_LENGTH 16
-#define MD2_BLOCK 16
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct MD2state_st
- {
- unsigned int num;
- unsigned char data[MD2_BLOCK];
- MD2_INT cksm[MD2_BLOCK];
- MD2_INT state[MD2_BLOCK];
- } MD2_CTX;
-
-const char *MD2_options(void);
-#ifdef OPENSSL_FIPS
-int private_MD2_Init(MD2_CTX *c);
-#endif
-int MD2_Init(MD2_CTX *c);
-int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
-int MD2_Final(unsigned char *md, MD2_CTX *c);
-unsigned char *MD2(const unsigned char *d, size_t n,unsigned char *md);
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.h (from rev 6976, vendor-crypto/openssl/dist/crypto/md2/md2.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md2/md2.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,94 @@
+/* crypto/md/md2.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_MD2_H
+# define HEADER_MD2_H
+
+# include <openssl/opensslconf.h>/* OPENSSL_NO_MD2, MD2_INT */
+# ifdef OPENSSL_NO_MD2
+# error MD2 is disabled.
+# endif
+# include <stddef.h>
+
+# define MD2_DIGEST_LENGTH 16
+# define MD2_BLOCK 16
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct MD2state_st {
+ unsigned int num;
+ unsigned char data[MD2_BLOCK];
+ MD2_INT cksm[MD2_BLOCK];
+ MD2_INT state[MD2_BLOCK];
+} MD2_CTX;
+
+const char *MD2_options(void);
+# ifdef OPENSSL_FIPS
+int private_MD2_Init(MD2_CTX *c);
+# endif
+int MD2_Init(MD2_CTX *c);
+int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
+int MD2_Final(unsigned char *md, MD2_CTX *c);
+unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md);
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_dgst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md2/md2_dgst.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,232 +0,0 @@
-/* crypto/md2/md2_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/md2.h>
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include <openssl/err.h>
-
-const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
-
-/* Implemented from RFC1319 The MD2 Message-Digest Algorithm
- */
-
-#define UCHAR unsigned char
-
-static void md2_block(MD2_CTX *c, const unsigned char *d);
-/* The magic S table - I have converted it to hex since it is
- * basically just a random byte string. */
-static MD2_INT S[256]={
- 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
- 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
- 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
- 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
- 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
- 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
- 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
- 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
- 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
- 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
- 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
- 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
- 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
- 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
- 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
- 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
- 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
- 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
- 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
- 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
- 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
- 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
- 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
- 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
- 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
- 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
- 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
- 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
- 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
- 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
- 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
- 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
- };
-
-const char *MD2_options(void)
- {
- if (sizeof(MD2_INT) == 1)
- return("md2(char)");
- else
- return("md2(int)");
- }
-
-FIPS_NON_FIPS_MD_Init(MD2)
- {
- c->num=0;
- memset(c->state,0,sizeof c->state);
- memset(c->cksm,0,sizeof c->cksm);
- memset(c->data,0,sizeof c->data);
- return 1;
- }
-
-int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len)
- {
- register UCHAR *p;
-
- if (len == 0) return 1;
-
- p=c->data;
- if (c->num != 0)
- {
- if ((c->num+len) >= MD2_BLOCK)
- {
- memcpy(&(p[c->num]),data,MD2_BLOCK-c->num);
- md2_block(c,c->data);
- data+=(MD2_BLOCK - c->num);
- len-=(MD2_BLOCK - c->num);
- c->num=0;
- /* drop through and do the rest */
- }
- else
- {
- memcpy(&(p[c->num]),data,len);
- /* data+=len; */
- c->num+=(int)len;
- return 1;
- }
- }
- /* we now can process the input data in blocks of MD2_BLOCK
- * chars and save the leftovers to c->data. */
- while (len >= MD2_BLOCK)
- {
- md2_block(c,data);
- data+=MD2_BLOCK;
- len-=MD2_BLOCK;
- }
- memcpy(p,data,len);
- c->num=(int)len;
- return 1;
- }
-
-static void md2_block(MD2_CTX *c, const unsigned char *d)
- {
- register MD2_INT t,*sp1,*sp2;
- register int i,j;
- MD2_INT state[48];
-
- sp1=c->state;
- sp2=c->cksm;
- j=sp2[MD2_BLOCK-1];
- for (i=0; i<16; i++)
- {
- state[i]=sp1[i];
- state[i+16]=t=d[i];
- state[i+32]=(t^sp1[i]);
- j=sp2[i]^=S[t^j];
- }
- t=0;
- for (i=0; i<18; i++)
- {
- for (j=0; j<48; j+=8)
- {
- t= state[j+ 0]^=S[t];
- t= state[j+ 1]^=S[t];
- t= state[j+ 2]^=S[t];
- t= state[j+ 3]^=S[t];
- t= state[j+ 4]^=S[t];
- t= state[j+ 5]^=S[t];
- t= state[j+ 6]^=S[t];
- t= state[j+ 7]^=S[t];
- }
- t=(t+i)&0xff;
- }
- memcpy(sp1,state,16*sizeof(MD2_INT));
- OPENSSL_cleanse(state,48*sizeof(MD2_INT));
- }
-
-int MD2_Final(unsigned char *md, MD2_CTX *c)
- {
- int i,v;
- register UCHAR *cp;
- register MD2_INT *p1,*p2;
-
- cp=c->data;
- p1=c->state;
- p2=c->cksm;
- v=MD2_BLOCK-c->num;
- for (i=c->num; i<MD2_BLOCK; i++)
- cp[i]=(UCHAR)v;
-
- md2_block(c,cp);
-
- for (i=0; i<MD2_BLOCK; i++)
- cp[i]=(UCHAR)p2[i];
- md2_block(c,cp);
-
- for (i=0; i<16; i++)
- md[i]=(UCHAR)(p1[i]&0xff);
- memset((char *)&c,0,sizeof(c));
- return 1;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_dgst.c (from rev 6976, vendor-crypto/openssl/dist/crypto/md2/md2_dgst.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_dgst.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,229 @@
+/* crypto/md2/md2_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/md2.h>
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#include <openssl/err.h>
+
+const char MD2_version[] = "MD2" OPENSSL_VERSION_PTEXT;
+
+/*
+ * Implemented from RFC1319 The MD2 Message-Digest Algorithm
+ */
+
+#define UCHAR unsigned char
+
+static void md2_block(MD2_CTX *c, const unsigned char *d);
+/*
+ * The magic S table - I have converted it to hex since it is basically just
+ * a random byte string.
+ */
+static MD2_INT S[256] = {
+ 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
+ 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
+ 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
+ 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
+ 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+ 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
+ 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
+ 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
+ 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
+ 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+ 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
+ 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
+ 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
+ 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
+ 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+ 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
+ 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
+ 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
+ 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
+ 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+ 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
+ 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
+ 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
+ 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
+ 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+ 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
+ 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
+ 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
+ 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
+ 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+ 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
+ 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
+};
+
+const char *MD2_options(void)
+{
+ if (sizeof(MD2_INT) == 1)
+ return ("md2(char)");
+ else
+ return ("md2(int)");
+}
+
+FIPS_NON_FIPS_MD_Init(MD2)
+{
+ c->num = 0;
+ memset(c->state, 0, sizeof c->state);
+ memset(c->cksm, 0, sizeof c->cksm);
+ memset(c->data, 0, sizeof c->data);
+ return 1;
+}
+
+int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len)
+{
+ register UCHAR *p;
+
+ if (len == 0)
+ return 1;
+
+ p = c->data;
+ if (c->num != 0) {
+ if ((c->num + len) >= MD2_BLOCK) {
+ memcpy(&(p[c->num]), data, MD2_BLOCK - c->num);
+ md2_block(c, c->data);
+ data += (MD2_BLOCK - c->num);
+ len -= (MD2_BLOCK - c->num);
+ c->num = 0;
+ /* drop through and do the rest */
+ } else {
+ memcpy(&(p[c->num]), data, len);
+ /* data+=len; */
+ c->num += (int)len;
+ return 1;
+ }
+ }
+ /*
+ * we now can process the input data in blocks of MD2_BLOCK chars and
+ * save the leftovers to c->data.
+ */
+ while (len >= MD2_BLOCK) {
+ md2_block(c, data);
+ data += MD2_BLOCK;
+ len -= MD2_BLOCK;
+ }
+ memcpy(p, data, len);
+ c->num = (int)len;
+ return 1;
+}
+
+static void md2_block(MD2_CTX *c, const unsigned char *d)
+{
+ register MD2_INT t, *sp1, *sp2;
+ register int i, j;
+ MD2_INT state[48];
+
+ sp1 = c->state;
+ sp2 = c->cksm;
+ j = sp2[MD2_BLOCK - 1];
+ for (i = 0; i < 16; i++) {
+ state[i] = sp1[i];
+ state[i + 16] = t = d[i];
+ state[i + 32] = (t ^ sp1[i]);
+ j = sp2[i] ^= S[t ^ j];
+ }
+ t = 0;
+ for (i = 0; i < 18; i++) {
+ for (j = 0; j < 48; j += 8) {
+ t = state[j + 0] ^= S[t];
+ t = state[j + 1] ^= S[t];
+ t = state[j + 2] ^= S[t];
+ t = state[j + 3] ^= S[t];
+ t = state[j + 4] ^= S[t];
+ t = state[j + 5] ^= S[t];
+ t = state[j + 6] ^= S[t];
+ t = state[j + 7] ^= S[t];
+ }
+ t = (t + i) & 0xff;
+ }
+ memcpy(sp1, state, 16 * sizeof(MD2_INT));
+ OPENSSL_cleanse(state, 48 * sizeof(MD2_INT));
+}
+
+int MD2_Final(unsigned char *md, MD2_CTX *c)
+{
+ int i, v;
+ register UCHAR *cp;
+ register MD2_INT *p1, *p2;
+
+ cp = c->data;
+ p1 = c->state;
+ p2 = c->cksm;
+ v = MD2_BLOCK - c->num;
+ for (i = c->num; i < MD2_BLOCK; i++)
+ cp[i] = (UCHAR) v;
+
+ md2_block(c, cp);
+
+ for (i = 0; i < MD2_BLOCK; i++)
+ cp[i] = (UCHAR) p2[i];
+ md2_block(c, cp);
+
+ for (i = 0; i < 16; i++)
+ md[i] = (UCHAR) (p1[i] & 0xff);
+ memset((char *)&c, 0, sizeof(c));
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_one.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md2/md2_one.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,94 +0,0 @@
-/* crypto/md2/md2_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/md2.h>
-
-/* This is a separate file so that #defines in cryptlib.h can
- * map my MD functions to different names */
-
-unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md)
- {
- MD2_CTX c;
- static unsigned char m[MD2_DIGEST_LENGTH];
-
- if (md == NULL) md=m;
- if (!MD2_Init(&c))
- return NULL;
-#ifndef CHARSET_EBCDIC
- MD2_Update(&c,d,n);
-#else
- {
- char temp[1024];
- unsigned long chunk;
-
- while (n > 0)
- {
- chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
- ebcdic2ascii(temp, d, chunk);
- MD2_Update(&c,temp,chunk);
- n -= chunk;
- d += chunk;
- }
- }
-#endif
- MD2_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c)); /* Security consideration */
- return(md);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_one.c (from rev 6976, vendor-crypto/openssl/dist/crypto/md2/md2_one.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_one.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md2/md2_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,96 @@
+/* crypto/md2/md2_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/md2.h>
+
+/*
+ * This is a separate file so that #defines in cryptlib.h can map my MD
+ * functions to different names
+ */
+
+unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md)
+{
+ MD2_CTX c;
+ static unsigned char m[MD2_DIGEST_LENGTH];
+
+ if (md == NULL)
+ md = m;
+ if (!MD2_Init(&c))
+ return NULL;
+#ifndef CHARSET_EBCDIC
+ MD2_Update(&c, d, n);
+#else
+ {
+ char temp[1024];
+ unsigned long chunk;
+
+ while (n > 0) {
+ chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+ ebcdic2ascii(temp, d, chunk);
+ MD2_Update(&c, temp, chunk);
+ n -= chunk;
+ d += chunk;
+ }
+ }
+#endif
+ MD2_Final(md, &c);
+ OPENSSL_cleanse(&c, sizeof(c)); /* Security consideration */
+ return (md);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md2/md2test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md2/md2test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md2/md2test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,143 +0,0 @@
-/* crypto/md2/md2test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_MD2
-int main(int argc, char *argv[])
-{
- printf("No MD2 support\n");
- return(0);
-}
-#else
-#include <openssl/evp.h>
-#include <openssl/md2.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-static char *test[]={
- "",
- "a",
- "abc",
- "message digest",
- "abcdefghijklmnopqrstuvwxyz",
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
- "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
- NULL,
- };
-
-static char *ret[]={
- "8350e5a3e24c153df2275c9f80692773",
- "32ec01ec4a6dac72c0ab96fb34c0b5d1",
- "da853b0d3f88d99b30283a69e6ded6bb",
- "ab4f496bfb2a530b219ff33031fe06b0",
- "4e8ddff3650292ab5a4108c3aa47940b",
- "da33def2a42df13975352846c30338cd",
- "d5976f79d83d3a0dc9806c3c66f3efd8",
- };
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
- {
- int i,err=0;
- char **P,**R;
- char *p;
- unsigned char md[MD2_DIGEST_LENGTH];
-
- P=test;
- R=ret;
- i=1;
- while (*P != NULL)
- {
- EVP_Digest((unsigned char *)*P,strlen(*P),md,NULL,EVP_md2(), NULL);
- p=pt(md);
- if (strcmp(p,*R) != 0)
- {
- printf("error calculating MD2 on '%s'\n",*P);
- printf("got %s instead of %s\n",p,*R);
- err++;
- }
- else
- printf("test %d ok\n",i);
- i++;
- R++;
- P++;
- }
-#ifdef OPENSSL_SYS_NETWARE
- if (err) printf("ERROR: %d\n", err);
-#endif
- EXIT(err);
- return err;
- }
-
-static char *pt(unsigned char *md)
- {
- int i;
- static char buf[80];
-
- for (i=0; i<MD2_DIGEST_LENGTH; i++)
- sprintf(&(buf[i*2]),"%02x",md[i]);
- return(buf);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md2/md2test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/md2/md2test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md2/md2test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md2/md2test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,142 @@
+/* crypto/md2/md2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD2
+int main(int argc, char *argv[])
+{
+ printf("No MD2 support\n");
+ return (0);
+}
+#else
+# include <openssl/evp.h>
+# include <openssl/md2.h>
+
+# ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+# endif
+
+static char *test[] = {
+ "",
+ "a",
+ "abc",
+ "message digest",
+ "abcdefghijklmnopqrstuvwxyz",
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+ NULL,
+};
+
+static char *ret[] = {
+ "8350e5a3e24c153df2275c9f80692773",
+ "32ec01ec4a6dac72c0ab96fb34c0b5d1",
+ "da853b0d3f88d99b30283a69e6ded6bb",
+ "ab4f496bfb2a530b219ff33031fe06b0",
+ "4e8ddff3650292ab5a4108c3aa47940b",
+ "da33def2a42df13975352846c30338cd",
+ "d5976f79d83d3a0dc9806c3c66f3efd8",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+ int i, err = 0;
+ char **P, **R;
+ char *p;
+ unsigned char md[MD2_DIGEST_LENGTH];
+
+ P = test;
+ R = ret;
+ i = 1;
+ while (*P != NULL) {
+ EVP_Digest((unsigned char *)*P, strlen(*P), md, NULL, EVP_md2(),
+ NULL);
+ p = pt(md);
+ if (strcmp(p, *R) != 0) {
+ printf("error calculating MD2 on '%s'\n", *P);
+ printf("got %s instead of %s\n", p, *R);
+ err++;
+ } else
+ printf("test %d ok\n", i);
+ i++;
+ R++;
+ P++;
+ }
+# ifdef OPENSSL_SYS_NETWARE
+ if (err)
+ printf("ERROR: %d\n", err);
+# endif
+ EXIT(err);
+ return err;
+}
+
+static char *pt(unsigned char *md)
+{
+ int i;
+ static char buf[80];
+
+ for (i = 0; i < MD2_DIGEST_LENGTH; i++)
+ sprintf(&(buf[i * 2]), "%02x", md[i]);
+ return (buf);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md32_common.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/md32_common.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md32_common.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,408 +0,0 @@
-/* crypto/md32_common.h */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-/*
- * This is a generic 32 bit "collector" for message digest algorithms.
- * Whenever needed it collects input character stream into chunks of
- * 32 bit values and invokes a block function that performs actual hash
- * calculations.
- *
- * Porting guide.
- *
- * Obligatory macros:
- *
- * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
- * this macro defines byte order of input stream.
- * HASH_CBLOCK
- * size of a unit chunk HASH_BLOCK operates on.
- * HASH_LONG
- * has to be at lest 32 bit wide, if it's wider, then
- * HASH_LONG_LOG2 *has to* be defined along
- * HASH_CTX
- * context structure that at least contains following
- * members:
- * typedef struct {
- * ...
- * HASH_LONG Nl,Nh;
- * either {
- * HASH_LONG data[HASH_LBLOCK];
- * unsigned char data[HASH_CBLOCK];
- * };
- * unsigned int num;
- * ...
- * } HASH_CTX;
- * data[] vector is expected to be zeroed upon first call to
- * HASH_UPDATE.
- * HASH_UPDATE
- * name of "Update" function, implemented here.
- * HASH_TRANSFORM
- * name of "Transform" function, implemented here.
- * HASH_FINAL
- * name of "Final" function, implemented here.
- * HASH_BLOCK_DATA_ORDER
- * name of "block" function capable of treating *unaligned* input
- * message in original (data) byte order, implemented externally.
- * HASH_MAKE_STRING
- * macro convering context variables to an ASCII hash string.
- *
- * MD5 example:
- *
- * #define DATA_ORDER_IS_LITTLE_ENDIAN
- *
- * #define HASH_LONG MD5_LONG
- * #define HASH_LONG_LOG2 MD5_LONG_LOG2
- * #define HASH_CTX MD5_CTX
- * #define HASH_CBLOCK MD5_CBLOCK
- * #define HASH_UPDATE MD5_Update
- * #define HASH_TRANSFORM MD5_Transform
- * #define HASH_FINAL MD5_Final
- * #define HASH_BLOCK_DATA_ORDER md5_block_data_order
- *
- * <appro at fy.chalmers.se>
- */
-
-#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-#error "DATA_ORDER must be defined!"
-#endif
-
-#ifndef HASH_CBLOCK
-#error "HASH_CBLOCK must be defined!"
-#endif
-#ifndef HASH_LONG
-#error "HASH_LONG must be defined!"
-#endif
-#ifndef HASH_CTX
-#error "HASH_CTX must be defined!"
-#endif
-
-#ifndef HASH_UPDATE
-#error "HASH_UPDATE must be defined!"
-#endif
-#ifndef HASH_TRANSFORM
-#error "HASH_TRANSFORM must be defined!"
-#endif
-#ifndef HASH_FINAL
-#error "HASH_FINAL must be defined!"
-#endif
-
-#ifndef HASH_BLOCK_DATA_ORDER
-#error "HASH_BLOCK_DATA_ORDER must be defined!"
-#endif
-
-/*
- * Engage compiler specific rotate intrinsic function if available.
- */
-#undef ROTATE
-#ifndef PEDANTIC
-# if defined(_MSC_VER) || defined(__ICC)
-# define ROTATE(a,n) _lrotl(a,n)
-# elif defined(__MWERKS__)
-# if defined(__POWERPC__)
-# define ROTATE(a,n) __rlwinm(a,n,0,31)
-# elif defined(__MC68K__)
- /* Motorola specific tweak. <appro at fy.chalmers.se> */
-# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) )
-# else
-# define ROTATE(a,n) __rol(a,n)
-# endif
-# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
- /*
- * Some GNU C inline assembler templates. Note that these are
- * rotates by *constant* number of bits! But that's exactly
- * what we need here...
- * <appro at fy.chalmers.se>
- */
-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-# define ROTATE(a,n) ({ register unsigned int ret; \
- asm ( \
- "roll %1,%0" \
- : "=r"(ret) \
- : "I"(n), "0"(a) \
- : "cc"); \
- ret; \
- })
-# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
- defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
-# define ROTATE(a,n) ({ register unsigned int ret; \
- asm ( \
- "rlwinm %0,%1,%2,0,31" \
- : "=r"(ret) \
- : "r"(a), "I"(n)); \
- ret; \
- })
-# elif defined(__s390x__)
-# define ROTATE(a,n) ({ register unsigned int ret; \
- asm ("rll %0,%1,%2" \
- : "=r"(ret) \
- : "r"(a), "I"(n)); \
- ret; \
- })
-# endif
-# endif
-#endif /* PEDANTIC */
-
-#ifndef ROTATE
-#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#endif
-
-#if defined(DATA_ORDER_IS_BIG_ENDIAN)
-
-#ifndef PEDANTIC
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
- (defined(__x86_64) || defined(__x86_64__))
-# if !defined(B_ENDIAN)
- /*
- * This gives ~30-40% performance improvement in SHA-256 compiled
- * with gcc [on P4]. Well, first macro to be frank. We can pull
- * this trick on x86* platforms only, because these CPUs can fetch
- * unaligned data without raising an exception.
- */
-# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \
- asm ("bswapl %0":"=r"(r):"0"(r)); \
- (c)+=4; (l)=r; })
-# define HOST_l2c(l,c) ({ unsigned int r=(l); \
- asm ("bswapl %0":"=r"(r):"0"(r)); \
- *((unsigned int *)(c))=r; (c)+=4; r; })
-# endif
-# endif
-# endif
-#endif
-#if defined(__s390__) || defined(__s390x__)
-# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
-#endif
-
-#ifndef HOST_c2l
-#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
- l|=(((unsigned long)(*((c)++)))<<16), \
- l|=(((unsigned long)(*((c)++)))<< 8), \
- l|=(((unsigned long)(*((c)++))) ), \
- l)
-#endif
-#ifndef HOST_l2c
-#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff), \
- l)
-#endif
-
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-
-#ifndef PEDANTIC
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-# if defined(__s390x__)
-# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \
- :"=d"(l) :"m"(*(const unsigned int *)(c)));\
- (c)+=4; (l); })
-# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \
- :"=m"(*(unsigned int *)(c)) :"d"(l));\
- (c)+=4; (l); })
-# endif
-# endif
-#endif
-#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-# ifndef B_ENDIAN
- /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
-# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l)
-# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l)
-# endif
-#endif
-
-#ifndef HOST_c2l
-#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
- l|=(((unsigned long)(*((c)++)))<< 8), \
- l|=(((unsigned long)(*((c)++)))<<16), \
- l|=(((unsigned long)(*((c)++)))<<24), \
- l)
-#endif
-#ifndef HOST_l2c
-#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24)&0xff), \
- l)
-#endif
-
-#endif
-
-/*
- * Time for some action:-)
- */
-
-int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
- {
- const unsigned char *data=data_;
- unsigned char *p;
- HASH_LONG l;
- size_t n;
-
- if (len==0) return 1;
-
- l=(c->Nl+(((HASH_LONG)len)<<3))&0xffffffffUL;
- /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
- * Wei Dai <weidai at eskimo.com> for pointing it out. */
- if (l < c->Nl) /* overflow */
- c->Nh++;
- c->Nh+=(len>>29); /* might cause compiler warning on 16-bit */
- c->Nl=l;
-
- n = c->num;
- if (n != 0)
- {
- p=(unsigned char *)c->data;
-
- if (len >= HASH_CBLOCK || len+n >= HASH_CBLOCK)
- {
- memcpy (p+n,data,HASH_CBLOCK-n);
- HASH_BLOCK_DATA_ORDER (c,p,1);
- n = HASH_CBLOCK-n;
- data += n;
- len -= n;
- c->num = 0;
- memset (p,0,HASH_CBLOCK); /* keep it zeroed */
- }
- else
- {
- memcpy (p+n,data,len);
- c->num += (unsigned int)len;
- return 1;
- }
- }
-
- n = len/HASH_CBLOCK;
- if (n > 0)
- {
- HASH_BLOCK_DATA_ORDER (c,data,n);
- n *= HASH_CBLOCK;
- data += n;
- len -= n;
- }
-
- if (len != 0)
- {
- p = (unsigned char *)c->data;
- c->num = len;
- memcpy (p,data,len);
- }
- return 1;
- }
-
-
-void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
- {
- HASH_BLOCK_DATA_ORDER (c,data,1);
- }
-
-
-int HASH_FINAL (unsigned char *md, HASH_CTX *c)
- {
- unsigned char *p = (unsigned char *)c->data;
- size_t n = c->num;
-
- p[n] = 0x80; /* there is always room for one */
- n++;
-
- if (n > (HASH_CBLOCK-8))
- {
- memset (p+n,0,HASH_CBLOCK-n);
- n=0;
- HASH_BLOCK_DATA_ORDER (c,p,1);
- }
- memset (p+n,0,HASH_CBLOCK-8-n);
-
- p += HASH_CBLOCK-8;
-#if defined(DATA_ORDER_IS_BIG_ENDIAN)
- (void)HOST_l2c(c->Nh,p);
- (void)HOST_l2c(c->Nl,p);
-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
- (void)HOST_l2c(c->Nl,p);
- (void)HOST_l2c(c->Nh,p);
-#endif
- p -= HASH_CBLOCK;
- HASH_BLOCK_DATA_ORDER (c,p,1);
- c->num=0;
- memset (p,0,HASH_CBLOCK);
-
-#ifndef HASH_MAKE_STRING
-#error "HASH_MAKE_STRING must be defined!"
-#else
- HASH_MAKE_STRING(c,md);
-#endif
-
- return 1;
- }
-
-#ifndef MD32_REG_T
-#define MD32_REG_T long
-/*
- * This comment was originaly written for MD5, which is why it
- * discusses A-D. But it basically applies to all 32-bit digests,
- * which is why it was moved to common header file.
- *
- * In case you wonder why A-D are declared as long and not
- * as MD5_LONG. Doing so results in slight performance
- * boost on LP64 architectures. The catch is we don't
- * really care if 32 MSBs of a 64-bit register get polluted
- * with eventual overflows as we *save* only 32 LSBs in
- * *either* case. Now declaring 'em long excuses the compiler
- * from keeping 32 MSBs zeroed resulting in 13% performance
- * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
- * Well, to be honest it should say that this *prevents*
- * performance degradation.
- * <appro at fy.chalmers.se>
- * Apparently there're LP64 compilers that generate better
- * code if A-D are declared int. Most notably GCC-x86_64
- * generates better code.
- * <appro at fy.chalmers.se>
- */
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md32_common.h (from rev 6976, vendor-crypto/openssl/dist/crypto/md32_common.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md32_common.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md32_common.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,398 @@
+/* crypto/md32_common.h */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+/*-
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ * this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ * size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ * has to be at lest 32 bit wide, if it's wider, then
+ * HASH_LONG_LOG2 *has to* be defined along
+ * HASH_CTX
+ * context structure that at least contains following
+ * members:
+ * typedef struct {
+ * ...
+ * HASH_LONG Nl,Nh;
+ * either {
+ * HASH_LONG data[HASH_LBLOCK];
+ * unsigned char data[HASH_CBLOCK];
+ * };
+ * unsigned int num;
+ * ...
+ * } HASH_CTX;
+ * data[] vector is expected to be zeroed upon first call to
+ * HASH_UPDATE.
+ * HASH_UPDATE
+ * name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ * name of "Transform" function, implemented here.
+ * HASH_FINAL
+ * name of "Final" function, implemented here.
+ * HASH_BLOCK_DATA_ORDER
+ * name of "block" function capable of treating *unaligned* input
+ * message in original (data) byte order, implemented externally.
+ * HASH_MAKE_STRING
+ * macro convering context variables to an ASCII hash string.
+ *
+ * MD5 example:
+ *
+ * #define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ * #define HASH_LONG MD5_LONG
+ * #define HASH_LONG_LOG2 MD5_LONG_LOG2
+ * #define HASH_CTX MD5_CTX
+ * #define HASH_CBLOCK MD5_CBLOCK
+ * #define HASH_UPDATE MD5_Update
+ * #define HASH_TRANSFORM MD5_Transform
+ * #define HASH_FINAL MD5_Final
+ * #define HASH_BLOCK_DATA_ORDER md5_block_data_order
+ *
+ * <appro at fy.chalmers.se>
+ */
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+# error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+# error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+# error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+# error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+# error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+# error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_DATA_ORDER
+# error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+
+/*
+ * Engage compiler specific rotate intrinsic function if available.
+ */
+#undef ROTATE
+#ifndef PEDANTIC
+# if defined(_MSC_VER) || defined(__ICC)
+# define ROTATE(a,n) _lrotl(a,n)
+# elif defined(__MWERKS__)
+# if defined(__POWERPC__)
+# define ROTATE(a,n) __rlwinm(a,n,0,31)
+# elif defined(__MC68K__)
+ /* Motorola specific tweak. <appro at fy.chalmers.se> */
+# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) )
+# else
+# define ROTATE(a,n) __rol(a,n)
+# endif
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+ /*
+ * Some GNU C inline assembler templates. Note that these are
+ * rotates by *constant* number of bits! But that's exactly
+ * what we need here...
+ * <appro at fy.chalmers.se>
+ */
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+# define ROTATE(a,n) ({ register unsigned int ret; \
+ asm ( \
+ "roll %1,%0" \
+ : "=r"(ret) \
+ : "I"(n), "0"(a) \
+ : "cc"); \
+ ret; \
+ })
+# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
+ defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
+# define ROTATE(a,n) ({ register unsigned int ret; \
+ asm ( \
+ "rlwinm %0,%1,%2,0,31" \
+ : "=r"(ret) \
+ : "r"(a), "I"(n)); \
+ ret; \
+ })
+# elif defined(__s390x__)
+# define ROTATE(a,n) ({ register unsigned int ret; \
+ asm ("rll %0,%1,%2" \
+ : "=r"(ret) \
+ : "r"(a), "I"(n)); \
+ ret; \
+ })
+# endif
+# endif
+#endif /* PEDANTIC */
+
+#ifndef ROTATE
+# define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+# ifndef PEDANTIC
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
+ (defined(__x86_64) || defined(__x86_64__))
+# if !defined(B_ENDIAN)
+ /*
+ * This gives ~30-40% performance improvement in SHA-256 compiled
+ * with gcc [on P4]. Well, first macro to be frank. We can pull
+ * this trick on x86* platforms only, because these CPUs can fetch
+ * unaligned data without raising an exception.
+ */
+# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \
+ asm ("bswapl %0":"=r"(r):"0"(r)); \
+ (c)+=4; (l)=r; })
+# define HOST_l2c(l,c) ({ unsigned int r=(l); \
+ asm ("bswapl %0":"=r"(r):"0"(r)); \
+ *((unsigned int *)(c))=r; (c)+=4; r; })
+# endif
+# endif
+# endif
+# endif
+# if defined(__s390__) || defined(__s390x__)
+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
+# endif
+
+# ifndef HOST_c2l
+# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \
+ l|=(((unsigned long)(*((c)++)))<<16), \
+ l|=(((unsigned long)(*((c)++)))<< 8), \
+ l|=(((unsigned long)(*((c)++))) ) )
+# endif
+# ifndef HOST_l2c
+# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff) )
+# endif
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+# ifndef PEDANTIC
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__s390x__)
+# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \
+ :"=d"(l) :"m"(*(const unsigned int *)(c)));\
+ (c)+=4; (l); })
+# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \
+ :"=m"(*(unsigned int *)(c)) :"d"(l));\
+ (c)+=4; (l); })
+# endif
+# endif
+# endif
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+# ifndef B_ENDIAN
+ /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
+# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4)
+# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4)
+# endif
+# endif
+
+# ifndef HOST_c2l
+# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \
+ l|=(((unsigned long)(*((c)++)))<< 8), \
+ l|=(((unsigned long)(*((c)++)))<<16), \
+ l|=(((unsigned long)(*((c)++)))<<24) )
+# endif
+# ifndef HOST_l2c
+# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24)&0xff) )
+# endif
+
+#endif
+
+/*
+ * Time for some action:-)
+ */
+
+int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
+{
+ const unsigned char *data = data_;
+ unsigned char *p;
+ HASH_LONG l;
+ size_t n;
+
+ if (len == 0)
+ return 1;
+
+ l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
+ /*
+ * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai
+ * <weidai at eskimo.com> for pointing it out.
+ */
+ if (l < c->Nl) /* overflow */
+ c->Nh++;
+ c->Nh += (len >> 29); /* might cause compiler warning on 16-bit */
+ c->Nl = l;
+
+ n = c->num;
+ if (n != 0) {
+ p = (unsigned char *)c->data;
+
+ if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
+ memcpy(p + n, data, HASH_CBLOCK - n);
+ HASH_BLOCK_DATA_ORDER(c, p, 1);
+ n = HASH_CBLOCK - n;
+ data += n;
+ len -= n;
+ c->num = 0;
+ memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
+ } else {
+ memcpy(p + n, data, len);
+ c->num += (unsigned int)len;
+ return 1;
+ }
+ }
+
+ n = len / HASH_CBLOCK;
+ if (n > 0) {
+ HASH_BLOCK_DATA_ORDER(c, data, n);
+ n *= HASH_CBLOCK;
+ data += n;
+ len -= n;
+ }
+
+ if (len != 0) {
+ p = (unsigned char *)c->data;
+ c->num = len;
+ memcpy(p, data, len);
+ }
+ return 1;
+}
+
+void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
+{
+ HASH_BLOCK_DATA_ORDER(c, data, 1);
+}
+
+int HASH_FINAL(unsigned char *md, HASH_CTX *c)
+{
+ unsigned char *p = (unsigned char *)c->data;
+ size_t n = c->num;
+
+ p[n] = 0x80; /* there is always room for one */
+ n++;
+
+ if (n > (HASH_CBLOCK - 8)) {
+ memset(p + n, 0, HASH_CBLOCK - n);
+ n = 0;
+ HASH_BLOCK_DATA_ORDER(c, p, 1);
+ }
+ memset(p + n, 0, HASH_CBLOCK - 8 - n);
+
+ p += HASH_CBLOCK - 8;
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+ (void)HOST_l2c(c->Nh, p);
+ (void)HOST_l2c(c->Nl, p);
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+ (void)HOST_l2c(c->Nl, p);
+ (void)HOST_l2c(c->Nh, p);
+#endif
+ p -= HASH_CBLOCK;
+ HASH_BLOCK_DATA_ORDER(c, p, 1);
+ c->num = 0;
+ memset(p, 0, HASH_CBLOCK);
+
+#ifndef HASH_MAKE_STRING
+# error "HASH_MAKE_STRING must be defined!"
+#else
+ HASH_MAKE_STRING(c, md);
+#endif
+
+ return 1;
+}
+
+#ifndef MD32_REG_T
+# define MD32_REG_T long
+/*
+ * This comment was originaly written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents*
+ * performance degradation.
+ * <appro at fy.chalmers.se>
+ * Apparently there're LP64 compilers that generate better
+ * code if A-D are declared int. Most notably GCC-x86_64
+ * generates better code.
+ * <appro at fy.chalmers.se>
+ */
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md4/md4.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,127 +0,0 @@
-/* crypto/md4/md4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md4.h>
-
-#define BUFSIZE 1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
-int read(int, void *, unsigned int);
-#endif
-
-int main(int argc, char **argv)
- {
- int i,err=0;
- FILE *IN;
-
- if (argc == 1)
- {
- do_fp(stdin);
- }
- else
- {
- for (i=1; i<argc; i++)
- {
- IN=fopen(argv[i],"r");
- if (IN == NULL)
- {
- perror(argv[i]);
- err++;
- continue;
- }
- printf("MD4(%s)= ",argv[i]);
- do_fp(IN);
- fclose(IN);
- }
- }
- exit(err);
- }
-
-void do_fp(FILE *f)
- {
- MD4_CTX c;
- unsigned char md[MD4_DIGEST_LENGTH];
- int fd;
- int i;
- static unsigned char buf[BUFSIZE];
-
- fd=fileno(f);
- MD4_Init(&c);
- for (;;)
- {
- i=read(fd,buf,sizeof buf);
- if (i <= 0) break;
- MD4_Update(&c,buf,(unsigned long)i);
- }
- MD4_Final(&(md[0]),&c);
- pt(md);
- }
-
-void pt(unsigned char *md)
- {
- int i;
-
- for (i=0; i<MD4_DIGEST_LENGTH; i++)
- printf("%02x",md[i]);
- printf("\n");
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.c (from rev 6976, vendor-crypto/openssl/dist/crypto/md4/md4.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,121 @@
+/* crypto/md4/md4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+{
+ int i, err = 0;
+ FILE *IN;
+
+ if (argc == 1) {
+ do_fp(stdin);
+ } else {
+ for (i = 1; i < argc; i++) {
+ IN = fopen(argv[i], "r");
+ if (IN == NULL) {
+ perror(argv[i]);
+ err++;
+ continue;
+ }
+ printf("MD4(%s)= ", argv[i]);
+ do_fp(IN);
+ fclose(IN);
+ }
+ }
+ exit(err);
+}
+
+void do_fp(FILE *f)
+{
+ MD4_CTX c;
+ unsigned char md[MD4_DIGEST_LENGTH];
+ int fd;
+ int i;
+ static unsigned char buf[BUFSIZE];
+
+ fd = fileno(f);
+ MD4_Init(&c);
+ for (;;) {
+ i = read(fd, buf, sizeof buf);
+ if (i <= 0)
+ break;
+ MD4_Update(&c, buf, (unsigned long)i);
+ }
+ MD4_Final(&(md[0]), &c);
+ pt(md);
+}
+
+void pt(unsigned char *md)
+{
+ int i;
+
+ for (i = 0; i < MD4_DIGEST_LENGTH; i++)
+ printf("%02x", md[i]);
+ printf("\n");
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/md4/md4.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,120 +0,0 @@
-/* crypto/md4/md4.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MD4_H
-#define HEADER_MD4_H
-
-#include <openssl/e_os2.h>
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MD4
-#error MD4 is disabled.
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! MD4_LONG_LOG2 has to be defined along. !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
-#define MD4_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define MD4_LONG unsigned long
-#define MD4_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- * <appro at fy.chalmers.se>
- */
-#else
-#define MD4_LONG unsigned int
-#endif
-
-#define MD4_CBLOCK 64
-#define MD4_LBLOCK (MD4_CBLOCK/4)
-#define MD4_DIGEST_LENGTH 16
-
-typedef struct MD4state_st
- {
- MD4_LONG A,B,C,D;
- MD4_LONG Nl,Nh;
- MD4_LONG data[MD4_LBLOCK];
- unsigned int num;
- } MD4_CTX;
-
-#ifdef OPENSSL_FIPS
-int private_MD4_Init(MD4_CTX *c);
-#endif
-int MD4_Init(MD4_CTX *c);
-int MD4_Update(MD4_CTX *c, const void *data, size_t len);
-int MD4_Final(unsigned char *md, MD4_CTX *c);
-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
-void MD4_Transform(MD4_CTX *c, const unsigned char *b);
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.h (from rev 6976, vendor-crypto/openssl/dist/crypto/md4/md4.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md4/md4.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,119 @@
+/* crypto/md4/md4.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_MD4_H
+# define HEADER_MD4_H
+
+# include <openssl/e_os2.h>
+# include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifdef OPENSSL_NO_MD4
+# error MD4 is disabled.
+# endif
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! MD4_LONG_LOG2 has to be defined along. !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+# define MD4_LONG unsigned long
+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+# define MD4_LONG unsigned long
+# define MD4_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ * <appro at fy.chalmers.se>
+ */
+# else
+# define MD4_LONG unsigned int
+# endif
+
+# define MD4_CBLOCK 64
+# define MD4_LBLOCK (MD4_CBLOCK/4)
+# define MD4_DIGEST_LENGTH 16
+
+typedef struct MD4state_st {
+ MD4_LONG A, B, C, D;
+ MD4_LONG Nl, Nh;
+ MD4_LONG data[MD4_LBLOCK];
+ unsigned int num;
+} MD4_CTX;
+
+# ifdef OPENSSL_FIPS
+int private_MD4_Init(MD4_CTX *c);
+# endif
+int MD4_Init(MD4_CTX *c);
+int MD4_Update(MD4_CTX *c, const void *data, size_t len);
+int MD4_Final(unsigned char *md, MD4_CTX *c);
+unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
+void MD4_Transform(MD4_CTX *c, const unsigned char *b);
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_dgst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md4/md4_dgst.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,174 +0,0 @@
-/* crypto/md4/md4_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "md4_locl.h"
-#include <openssl/opensslv.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
-
-/* Implemented from RFC1186 The MD4 Message-Digest Algorithm
- */
-
-#define INIT_DATA_A (unsigned long)0x67452301L
-#define INIT_DATA_B (unsigned long)0xefcdab89L
-#define INIT_DATA_C (unsigned long)0x98badcfeL
-#define INIT_DATA_D (unsigned long)0x10325476L
-
-FIPS_NON_FIPS_MD_Init(MD4)
- {
- c->A=INIT_DATA_A;
- c->B=INIT_DATA_B;
- c->C=INIT_DATA_C;
- c->D=INIT_DATA_D;
- c->Nl=0;
- c->Nh=0;
- c->num=0;
- return 1;
- }
-
-#ifndef md4_block_data_order
-#ifdef X
-#undef X
-#endif
-void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)
- {
- const unsigned char *data=data_;
- register unsigned MD32_REG_T A,B,C,D,l;
-#ifndef MD32_XARRAY
- /* See comment in crypto/sha/sha_locl.h for details. */
- unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
- XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-# define X(i) XX##i
-#else
- MD4_LONG XX[MD4_LBLOCK];
-# define X(i) XX[i]
-#endif
-
- A=c->A;
- B=c->B;
- C=c->C;
- D=c->D;
-
- for (;num--;)
- {
- HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l;
- /* Round 0 */
- R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l;
- R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l;
- R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l;
- R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l;
- R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l;
- R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l;
- R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l;
- R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l;
- R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l;
- R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l;
- R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l;
- R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l;
- R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l;
- R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l;
- R0(C,D,A,B,X(14),11,0);
- R0(B,C,D,A,X(15),19,0);
- /* Round 1 */
- R1(A,B,C,D,X( 0), 3,0x5A827999L);
- R1(D,A,B,C,X( 4), 5,0x5A827999L);
- R1(C,D,A,B,X( 8), 9,0x5A827999L);
- R1(B,C,D,A,X(12),13,0x5A827999L);
- R1(A,B,C,D,X( 1), 3,0x5A827999L);
- R1(D,A,B,C,X( 5), 5,0x5A827999L);
- R1(C,D,A,B,X( 9), 9,0x5A827999L);
- R1(B,C,D,A,X(13),13,0x5A827999L);
- R1(A,B,C,D,X( 2), 3,0x5A827999L);
- R1(D,A,B,C,X( 6), 5,0x5A827999L);
- R1(C,D,A,B,X(10), 9,0x5A827999L);
- R1(B,C,D,A,X(14),13,0x5A827999L);
- R1(A,B,C,D,X( 3), 3,0x5A827999L);
- R1(D,A,B,C,X( 7), 5,0x5A827999L);
- R1(C,D,A,B,X(11), 9,0x5A827999L);
- R1(B,C,D,A,X(15),13,0x5A827999L);
- /* Round 2 */
- R2(A,B,C,D,X( 0), 3,0x6ED9EBA1L);
- R2(D,A,B,C,X( 8), 9,0x6ED9EBA1L);
- R2(C,D,A,B,X( 4),11,0x6ED9EBA1L);
- R2(B,C,D,A,X(12),15,0x6ED9EBA1L);
- R2(A,B,C,D,X( 2), 3,0x6ED9EBA1L);
- R2(D,A,B,C,X(10), 9,0x6ED9EBA1L);
- R2(C,D,A,B,X( 6),11,0x6ED9EBA1L);
- R2(B,C,D,A,X(14),15,0x6ED9EBA1L);
- R2(A,B,C,D,X( 1), 3,0x6ED9EBA1L);
- R2(D,A,B,C,X( 9), 9,0x6ED9EBA1L);
- R2(C,D,A,B,X( 5),11,0x6ED9EBA1L);
- R2(B,C,D,A,X(13),15,0x6ED9EBA1L);
- R2(A,B,C,D,X( 3), 3,0x6ED9EBA1L);
- R2(D,A,B,C,X(11), 9,0x6ED9EBA1L);
- R2(C,D,A,B,X( 7),11,0x6ED9EBA1L);
- R2(B,C,D,A,X(15),15,0x6ED9EBA1L);
-
- A = c->A += A;
- B = c->B += B;
- C = c->C += C;
- D = c->D += D;
- }
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_dgst.c (from rev 6976, vendor-crypto/openssl/dist/crypto/md4/md4_dgst.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_dgst.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,204 @@
+/* crypto/md4/md4_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "md4_locl.h"
+#include <openssl/opensslv.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+const char MD4_version[] = "MD4" OPENSSL_VERSION_PTEXT;
+
+/*
+ * Implemented from RFC1186 The MD4 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+FIPS_NON_FIPS_MD_Init(MD4)
+{
+ c->A = INIT_DATA_A;
+ c->B = INIT_DATA_B;
+ c->C = INIT_DATA_C;
+ c->D = INIT_DATA_D;
+ c->Nl = 0;
+ c->Nh = 0;
+ c->num = 0;
+ return 1;
+}
+
+#ifndef md4_block_data_order
+# ifdef X
+# undef X
+# endif
+void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num)
+{
+ const unsigned char *data = data_;
+ register unsigned MD32_REG_T A, B, C, D, l;
+# ifndef MD32_XARRAY
+ /* See comment in crypto/sha/sha_locl.h for details. */
+ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+# define X(i) XX##i
+# else
+ MD4_LONG XX[MD4_LBLOCK];
+# define X(i) XX[i]
+# endif
+
+ A = c->A;
+ B = c->B;
+ C = c->C;
+ D = c->D;
+
+ for (; num--;) {
+ HOST_c2l(data, l);
+ X(0) = l;
+ HOST_c2l(data, l);
+ X(1) = l;
+ /* Round 0 */
+ R0(A, B, C, D, X(0), 3, 0);
+ HOST_c2l(data, l);
+ X(2) = l;
+ R0(D, A, B, C, X(1), 7, 0);
+ HOST_c2l(data, l);
+ X(3) = l;
+ R0(C, D, A, B, X(2), 11, 0);
+ HOST_c2l(data, l);
+ X(4) = l;
+ R0(B, C, D, A, X(3), 19, 0);
+ HOST_c2l(data, l);
+ X(5) = l;
+ R0(A, B, C, D, X(4), 3, 0);
+ HOST_c2l(data, l);
+ X(6) = l;
+ R0(D, A, B, C, X(5), 7, 0);
+ HOST_c2l(data, l);
+ X(7) = l;
+ R0(C, D, A, B, X(6), 11, 0);
+ HOST_c2l(data, l);
+ X(8) = l;
+ R0(B, C, D, A, X(7), 19, 0);
+ HOST_c2l(data, l);
+ X(9) = l;
+ R0(A, B, C, D, X(8), 3, 0);
+ HOST_c2l(data, l);
+ X(10) = l;
+ R0(D, A, B, C, X(9), 7, 0);
+ HOST_c2l(data, l);
+ X(11) = l;
+ R0(C, D, A, B, X(10), 11, 0);
+ HOST_c2l(data, l);
+ X(12) = l;
+ R0(B, C, D, A, X(11), 19, 0);
+ HOST_c2l(data, l);
+ X(13) = l;
+ R0(A, B, C, D, X(12), 3, 0);
+ HOST_c2l(data, l);
+ X(14) = l;
+ R0(D, A, B, C, X(13), 7, 0);
+ HOST_c2l(data, l);
+ X(15) = l;
+ R0(C, D, A, B, X(14), 11, 0);
+ R0(B, C, D, A, X(15), 19, 0);
+ /* Round 1 */
+ R1(A, B, C, D, X(0), 3, 0x5A827999L);
+ R1(D, A, B, C, X(4), 5, 0x5A827999L);
+ R1(C, D, A, B, X(8), 9, 0x5A827999L);
+ R1(B, C, D, A, X(12), 13, 0x5A827999L);
+ R1(A, B, C, D, X(1), 3, 0x5A827999L);
+ R1(D, A, B, C, X(5), 5, 0x5A827999L);
+ R1(C, D, A, B, X(9), 9, 0x5A827999L);
+ R1(B, C, D, A, X(13), 13, 0x5A827999L);
+ R1(A, B, C, D, X(2), 3, 0x5A827999L);
+ R1(D, A, B, C, X(6), 5, 0x5A827999L);
+ R1(C, D, A, B, X(10), 9, 0x5A827999L);
+ R1(B, C, D, A, X(14), 13, 0x5A827999L);
+ R1(A, B, C, D, X(3), 3, 0x5A827999L);
+ R1(D, A, B, C, X(7), 5, 0x5A827999L);
+ R1(C, D, A, B, X(11), 9, 0x5A827999L);
+ R1(B, C, D, A, X(15), 13, 0x5A827999L);
+ /* Round 2 */
+ R2(A, B, C, D, X(0), 3, 0x6ED9EBA1L);
+ R2(D, A, B, C, X(8), 9, 0x6ED9EBA1L);
+ R2(C, D, A, B, X(4), 11, 0x6ED9EBA1L);
+ R2(B, C, D, A, X(12), 15, 0x6ED9EBA1L);
+ R2(A, B, C, D, X(2), 3, 0x6ED9EBA1L);
+ R2(D, A, B, C, X(10), 9, 0x6ED9EBA1L);
+ R2(C, D, A, B, X(6), 11, 0x6ED9EBA1L);
+ R2(B, C, D, A, X(14), 15, 0x6ED9EBA1L);
+ R2(A, B, C, D, X(1), 3, 0x6ED9EBA1L);
+ R2(D, A, B, C, X(9), 9, 0x6ED9EBA1L);
+ R2(C, D, A, B, X(5), 11, 0x6ED9EBA1L);
+ R2(B, C, D, A, X(13), 15, 0x6ED9EBA1L);
+ R2(A, B, C, D, X(3), 3, 0x6ED9EBA1L);
+ R2(D, A, B, C, X(11), 9, 0x6ED9EBA1L);
+ R2(C, D, A, B, X(7), 11, 0x6ED9EBA1L);
+ R2(B, C, D, A, X(15), 15, 0x6ED9EBA1L);
+
+ A = c->A += A;
+ B = c->B += B;
+ C = c->C += C;
+ D = c->D += D;
+ }
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/md4/md4_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,112 +0,0 @@
-/* crypto/md4/md4_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#include <openssl/md4.h>
-
-#ifndef MD4_LONG_LOG2
-#define MD4_LONG_LOG2 2 /* default to 32 bits */
-#endif
-
-void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
-
-#define DATA_ORDER_IS_LITTLE_ENDIAN
-
-#define HASH_LONG MD4_LONG
-#define HASH_CTX MD4_CTX
-#define HASH_CBLOCK MD4_CBLOCK
-#define HASH_UPDATE MD4_Update
-#define HASH_TRANSFORM MD4_Transform
-#define HASH_FINAL MD4_Final
-#define HASH_MAKE_STRING(c,s) do { \
- unsigned long ll; \
- ll=(c)->A; HOST_l2c(ll,(s)); \
- ll=(c)->B; HOST_l2c(ll,(s)); \
- ll=(c)->C; HOST_l2c(ll,(s)); \
- ll=(c)->D; HOST_l2c(ll,(s)); \
- } while (0)
-#define HASH_BLOCK_DATA_ORDER md4_block_data_order
-
-#include "md32_common.h"
-
-/*
-#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
-#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z))))
-*/
-
-/* As pointed out by Wei Dai <weidai at eskimo.com>, the above can be
- * simplified to the code below. Wei attributes these optimizations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- */
-#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
-#define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
-#define H(b,c,d) ((b) ^ (c) ^ (d))
-
-#define R0(a,b,c,d,k,s,t) { \
- a+=((k)+(t)+F((b),(c),(d))); \
- a=ROTATE(a,s); };
-
-#define R1(a,b,c,d,k,s,t) { \
- a+=((k)+(t)+G((b),(c),(d))); \
- a=ROTATE(a,s); };\
-
-#define R2(a,b,c,d,k,s,t) { \
- a+=((k)+(t)+H((b),(c),(d))); \
- a=ROTATE(a,s); };
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/md4/md4_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,113 @@
+/* crypto/md4/md4_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/md4.h>
+
+#ifndef MD4_LONG_LOG2
+# define MD4_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+void md4_block_data_order(MD4_CTX *c, const void *p, size_t num);
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG MD4_LONG
+#define HASH_CTX MD4_CTX
+#define HASH_CBLOCK MD4_CBLOCK
+#define HASH_UPDATE MD4_Update
+#define HASH_TRANSFORM MD4_Transform
+#define HASH_FINAL MD4_Final
+#define HASH_MAKE_STRING(c,s) do { \
+ unsigned long ll; \
+ ll=(c)->A; HOST_l2c(ll,(s)); \
+ ll=(c)->B; HOST_l2c(ll,(s)); \
+ ll=(c)->C; HOST_l2c(ll,(s)); \
+ ll=(c)->D; HOST_l2c(ll,(s)); \
+ } while (0)
+#define HASH_BLOCK_DATA_ORDER md4_block_data_order
+
+#include "md32_common.h"
+
+/*-
+#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
+#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z))))
+*/
+
+/*
+ * As pointed out by Wei Dai <weidai at eskimo.com>, the above can be simplified
+ * to the code below. Wei attributes these optimizations to Peter Gutmann's
+ * SHS code, and he attributes it to Rich Schroeppel.
+ */
+#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
+#define H(b,c,d) ((b) ^ (c) ^ (d))
+
+#define R0(a,b,c,d,k,s,t) { \
+ a+=((k)+(t)+F((b),(c),(d))); \
+ a=ROTATE(a,s); };
+
+#define R1(a,b,c,d,k,s,t) { \
+ a+=((k)+(t)+G((b),(c),(d))); \
+ a=ROTATE(a,s); };\
+
+#define R2(a,b,c,d,k,s,t) { \
+ a+=((k)+(t)+H((b),(c),(d))); \
+ a=ROTATE(a,s); };
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_one.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md4/md4_one.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,97 +0,0 @@
-/* crypto/md4/md4_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/md4.h>
-#include <openssl/crypto.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)
- {
- MD4_CTX c;
- static unsigned char m[MD4_DIGEST_LENGTH];
-
- if (md == NULL) md=m;
- if (!MD4_Init(&c))
- return NULL;
-#ifndef CHARSET_EBCDIC
- MD4_Update(&c,d,n);
-#else
- {
- char temp[1024];
- unsigned long chunk;
-
- while (n > 0)
- {
- chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
- ebcdic2ascii(temp, d, chunk);
- MD4_Update(&c,temp,chunk);
- n -= chunk;
- d += chunk;
- }
- }
-#endif
- MD4_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
- return(md);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_one.c (from rev 6976, vendor-crypto/openssl/dist/crypto/md4/md4_one.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_one.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md4/md4_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,96 @@
+/* crypto/md4/md4_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md4.h>
+#include <openssl/crypto.h>
+
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)
+{
+ MD4_CTX c;
+ static unsigned char m[MD4_DIGEST_LENGTH];
+
+ if (md == NULL)
+ md = m;
+ if (!MD4_Init(&c))
+ return NULL;
+#ifndef CHARSET_EBCDIC
+ MD4_Update(&c, d, n);
+#else
+ {
+ char temp[1024];
+ unsigned long chunk;
+
+ while (n > 0) {
+ chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+ ebcdic2ascii(temp, d, chunk);
+ MD4_Update(&c, temp, chunk);
+ n -= chunk;
+ d += chunk;
+ }
+ }
+#endif
+ MD4_Final(md, &c);
+ OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+ return (md);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md4/md4test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md4/md4test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md4/md4test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,136 +0,0 @@
-/* crypto/md4/md4test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_MD4
-int main(int argc, char *argv[])
-{
- printf("No MD4 support\n");
- return(0);
-}
-#else
-#include <openssl/evp.h>
-#include <openssl/md4.h>
-
-static char *test[]={
- "",
- "a",
- "abc",
- "message digest",
- "abcdefghijklmnopqrstuvwxyz",
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
- "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
- NULL,
- };
-
-static char *ret[]={
-"31d6cfe0d16ae931b73c59d7e0c089c0",
-"bde52cb31de33e46245e05fbdbd6fb24",
-"a448017aaf21d8525fc10ae87aa6729d",
-"d9130a8164549fe818874806e1c7014b",
-"d79e1c308aa5bbcdeea8ed63df412da9",
-"043f8582f241db351ce627e153e7f0e4",
-"e33b4ddc9c38f2199c3e7b164fcc0536",
-};
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
- {
- int i,err=0;
- char **P,**R;
- char *p;
- unsigned char md[MD4_DIGEST_LENGTH];
-
- P=test;
- R=ret;
- i=1;
- while (*P != NULL)
- {
- EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md4(), NULL);
- p=pt(md);
- if (strcmp(p,(char *)*R) != 0)
- {
- printf("error calculating MD4 on '%s'\n",*P);
- printf("got %s instead of %s\n",p,*R);
- err++;
- }
- else
- printf("test %d ok\n",i);
- i++;
- R++;
- P++;
- }
- EXIT(err);
- return(0);
- }
-
-static char *pt(unsigned char *md)
- {
- int i;
- static char buf[80];
-
- for (i=0; i<MD4_DIGEST_LENGTH; i++)
- sprintf(&(buf[i*2]),"%02x",md[i]);
- return(buf);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md4/md4test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/md4/md4test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md4/md4test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md4/md4test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,133 @@
+/* crypto/md4/md4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD4
+int main(int argc, char *argv[])
+{
+ printf("No MD4 support\n");
+ return (0);
+}
+#else
+# include <openssl/evp.h>
+# include <openssl/md4.h>
+
+static char *test[] = {
+ "",
+ "a",
+ "abc",
+ "message digest",
+ "abcdefghijklmnopqrstuvwxyz",
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+ NULL,
+};
+
+static char *ret[] = {
+ "31d6cfe0d16ae931b73c59d7e0c089c0",
+ "bde52cb31de33e46245e05fbdbd6fb24",
+ "a448017aaf21d8525fc10ae87aa6729d",
+ "d9130a8164549fe818874806e1c7014b",
+ "d79e1c308aa5bbcdeea8ed63df412da9",
+ "043f8582f241db351ce627e153e7f0e4",
+ "e33b4ddc9c38f2199c3e7b164fcc0536",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+ int i, err = 0;
+ char **P, **R;
+ char *p;
+ unsigned char md[MD4_DIGEST_LENGTH];
+
+ P = test;
+ R = ret;
+ i = 1;
+ while (*P != NULL) {
+ EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md4(), NULL);
+ p = pt(md);
+ if (strcmp(p, (char *)*R) != 0) {
+ printf("error calculating MD4 on '%s'\n", *P);
+ printf("got %s instead of %s\n", p, *R);
+ err++;
+ } else
+ printf("test %d ok\n", i);
+ i++;
+ R++;
+ P++;
+ }
+ EXIT(err);
+ return (0);
+}
+
+static char *pt(unsigned char *md)
+{
+ int i;
+ static char buf[80];
+
+ for (i = 0; i < MD4_DIGEST_LENGTH; i++)
+ sprintf(&(buf[i * 2]), "%02x", md[i]);
+ return (buf);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md5/md5.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,127 +0,0 @@
-/* crypto/md5/md5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md5.h>
-
-#define BUFSIZE 1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
-int read(int, void *, unsigned int);
-#endif
-
-int main(int argc, char **argv)
- {
- int i,err=0;
- FILE *IN;
-
- if (argc == 1)
- {
- do_fp(stdin);
- }
- else
- {
- for (i=1; i<argc; i++)
- {
- IN=fopen(argv[i],"r");
- if (IN == NULL)
- {
- perror(argv[i]);
- err++;
- continue;
- }
- printf("MD5(%s)= ",argv[i]);
- do_fp(IN);
- fclose(IN);
- }
- }
- exit(err);
- }
-
-void do_fp(FILE *f)
- {
- MD5_CTX c;
- unsigned char md[MD5_DIGEST_LENGTH];
- int fd;
- int i;
- static unsigned char buf[BUFSIZE];
-
- fd=fileno(f);
- MD5_Init(&c);
- for (;;)
- {
- i=read(fd,buf,BUFSIZE);
- if (i <= 0) break;
- MD5_Update(&c,buf,(unsigned long)i);
- }
- MD5_Final(&(md[0]),&c);
- pt(md);
- }
-
-void pt(unsigned char *md)
- {
- int i;
-
- for (i=0; i<MD5_DIGEST_LENGTH; i++)
- printf("%02x",md[i]);
- printf("\n");
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.c (from rev 6976, vendor-crypto/openssl/dist/crypto/md5/md5.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,121 @@
+/* crypto/md5/md5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md5.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+{
+ int i, err = 0;
+ FILE *IN;
+
+ if (argc == 1) {
+ do_fp(stdin);
+ } else {
+ for (i = 1; i < argc; i++) {
+ IN = fopen(argv[i], "r");
+ if (IN == NULL) {
+ perror(argv[i]);
+ err++;
+ continue;
+ }
+ printf("MD5(%s)= ", argv[i]);
+ do_fp(IN);
+ fclose(IN);
+ }
+ }
+ exit(err);
+}
+
+void do_fp(FILE *f)
+{
+ MD5_CTX c;
+ unsigned char md[MD5_DIGEST_LENGTH];
+ int fd;
+ int i;
+ static unsigned char buf[BUFSIZE];
+
+ fd = fileno(f);
+ MD5_Init(&c);
+ for (;;) {
+ i = read(fd, buf, BUFSIZE);
+ if (i <= 0)
+ break;
+ MD5_Update(&c, buf, (unsigned long)i);
+ }
+ MD5_Final(&(md[0]), &c);
+ pt(md);
+}
+
+void pt(unsigned char *md)
+{
+ int i;
+
+ for (i = 0; i < MD5_DIGEST_LENGTH; i++)
+ printf("%02x", md[i]);
+ printf("\n");
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/md5/md5.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,120 +0,0 @@
-/* crypto/md5/md5.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MD5_H
-#define HEADER_MD5_H
-
-#include <openssl/e_os2.h>
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MD5
-#error MD5 is disabled.
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! MD5_LONG_LOG2 has to be defined along. !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
-#define MD5_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define MD5_LONG unsigned long
-#define MD5_LONG_LOG2 3
-/*
- * _CRAY note. I could declare short, but I have no idea what impact
- * does it have on performance on none-T3E machines. I could declare
- * int, but at least on C90 sizeof(int) can be chosen at compile time.
- * So I've chosen long...
- * <appro at fy.chalmers.se>
- */
-#else
-#define MD5_LONG unsigned int
-#endif
-
-#define MD5_CBLOCK 64
-#define MD5_LBLOCK (MD5_CBLOCK/4)
-#define MD5_DIGEST_LENGTH 16
-
-typedef struct MD5state_st
- {
- MD5_LONG A,B,C,D;
- MD5_LONG Nl,Nh;
- MD5_LONG data[MD5_LBLOCK];
- unsigned int num;
- } MD5_CTX;
-
-#ifdef OPENSSL_FIPS
-int private_MD5_Init(MD5_CTX *c);
-#endif
-int MD5_Init(MD5_CTX *c);
-int MD5_Update(MD5_CTX *c, const void *data, size_t len);
-int MD5_Final(unsigned char *md, MD5_CTX *c);
-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
-void MD5_Transform(MD5_CTX *c, const unsigned char *b);
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.h (from rev 6976, vendor-crypto/openssl/dist/crypto/md5/md5.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md5/md5.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,119 @@
+/* crypto/md5/md5.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_MD5_H
+# define HEADER_MD5_H
+
+# include <openssl/e_os2.h>
+# include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifdef OPENSSL_NO_MD5
+# error MD5 is disabled.
+# endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! MD5_LONG_LOG2 has to be defined along. !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+# define MD5_LONG unsigned long
+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+# define MD5_LONG unsigned long
+# define MD5_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ * <appro at fy.chalmers.se>
+ */
+# else
+# define MD5_LONG unsigned int
+# endif
+
+# define MD5_CBLOCK 64
+# define MD5_LBLOCK (MD5_CBLOCK/4)
+# define MD5_DIGEST_LENGTH 16
+
+typedef struct MD5state_st {
+ MD5_LONG A, B, C, D;
+ MD5_LONG Nl, Nh;
+ MD5_LONG data[MD5_LBLOCK];
+ unsigned int num;
+} MD5_CTX;
+
+# ifdef OPENSSL_FIPS
+int private_MD5_Init(MD5_CTX *c);
+# endif
+int MD5_Init(MD5_CTX *c);
+int MD5_Update(MD5_CTX *c, const void *data, size_t len);
+int MD5_Final(unsigned char *md, MD5_CTX *c);
+unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
+void MD5_Transform(MD5_CTX *c, const unsigned char *b);
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_dgst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md5/md5_dgst.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,191 +0,0 @@
-/* crypto/md5/md5_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "md5_locl.h"
-#include <openssl/opensslv.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
-
-/* Implemented from RFC1321 The MD5 Message-Digest Algorithm
- */
-
-#define INIT_DATA_A (unsigned long)0x67452301L
-#define INIT_DATA_B (unsigned long)0xefcdab89L
-#define INIT_DATA_C (unsigned long)0x98badcfeL
-#define INIT_DATA_D (unsigned long)0x10325476L
-
-FIPS_NON_FIPS_MD_Init(MD5)
- {
- c->A=INIT_DATA_A;
- c->B=INIT_DATA_B;
- c->C=INIT_DATA_C;
- c->D=INIT_DATA_D;
- c->Nl=0;
- c->Nh=0;
- c->num=0;
- return 1;
- }
-
-#ifndef md5_block_data_order
-#ifdef X
-#undef X
-#endif
-void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num)
- {
- const unsigned char *data=data_;
- register unsigned MD32_REG_T A,B,C,D,l;
-#ifndef MD32_XARRAY
- /* See comment in crypto/sha/sha_locl.h for details. */
- unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
- XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-# define X(i) XX##i
-#else
- MD5_LONG XX[MD5_LBLOCK];
-# define X(i) XX[i]
-#endif
-
- A=c->A;
- B=c->B;
- C=c->C;
- D=c->D;
-
- for (;num--;)
- {
- HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l;
- /* Round 0 */
- R0(A,B,C,D,X( 0), 7,0xd76aa478L); HOST_c2l(data,l); X( 2)=l;
- R0(D,A,B,C,X( 1),12,0xe8c7b756L); HOST_c2l(data,l); X( 3)=l;
- R0(C,D,A,B,X( 2),17,0x242070dbL); HOST_c2l(data,l); X( 4)=l;
- R0(B,C,D,A,X( 3),22,0xc1bdceeeL); HOST_c2l(data,l); X( 5)=l;
- R0(A,B,C,D,X( 4), 7,0xf57c0fafL); HOST_c2l(data,l); X( 6)=l;
- R0(D,A,B,C,X( 5),12,0x4787c62aL); HOST_c2l(data,l); X( 7)=l;
- R0(C,D,A,B,X( 6),17,0xa8304613L); HOST_c2l(data,l); X( 8)=l;
- R0(B,C,D,A,X( 7),22,0xfd469501L); HOST_c2l(data,l); X( 9)=l;
- R0(A,B,C,D,X( 8), 7,0x698098d8L); HOST_c2l(data,l); X(10)=l;
- R0(D,A,B,C,X( 9),12,0x8b44f7afL); HOST_c2l(data,l); X(11)=l;
- R0(C,D,A,B,X(10),17,0xffff5bb1L); HOST_c2l(data,l); X(12)=l;
- R0(B,C,D,A,X(11),22,0x895cd7beL); HOST_c2l(data,l); X(13)=l;
- R0(A,B,C,D,X(12), 7,0x6b901122L); HOST_c2l(data,l); X(14)=l;
- R0(D,A,B,C,X(13),12,0xfd987193L); HOST_c2l(data,l); X(15)=l;
- R0(C,D,A,B,X(14),17,0xa679438eL);
- R0(B,C,D,A,X(15),22,0x49b40821L);
- /* Round 1 */
- R1(A,B,C,D,X( 1), 5,0xf61e2562L);
- R1(D,A,B,C,X( 6), 9,0xc040b340L);
- R1(C,D,A,B,X(11),14,0x265e5a51L);
- R1(B,C,D,A,X( 0),20,0xe9b6c7aaL);
- R1(A,B,C,D,X( 5), 5,0xd62f105dL);
- R1(D,A,B,C,X(10), 9,0x02441453L);
- R1(C,D,A,B,X(15),14,0xd8a1e681L);
- R1(B,C,D,A,X( 4),20,0xe7d3fbc8L);
- R1(A,B,C,D,X( 9), 5,0x21e1cde6L);
- R1(D,A,B,C,X(14), 9,0xc33707d6L);
- R1(C,D,A,B,X( 3),14,0xf4d50d87L);
- R1(B,C,D,A,X( 8),20,0x455a14edL);
- R1(A,B,C,D,X(13), 5,0xa9e3e905L);
- R1(D,A,B,C,X( 2), 9,0xfcefa3f8L);
- R1(C,D,A,B,X( 7),14,0x676f02d9L);
- R1(B,C,D,A,X(12),20,0x8d2a4c8aL);
- /* Round 2 */
- R2(A,B,C,D,X( 5), 4,0xfffa3942L);
- R2(D,A,B,C,X( 8),11,0x8771f681L);
- R2(C,D,A,B,X(11),16,0x6d9d6122L);
- R2(B,C,D,A,X(14),23,0xfde5380cL);
- R2(A,B,C,D,X( 1), 4,0xa4beea44L);
- R2(D,A,B,C,X( 4),11,0x4bdecfa9L);
- R2(C,D,A,B,X( 7),16,0xf6bb4b60L);
- R2(B,C,D,A,X(10),23,0xbebfbc70L);
- R2(A,B,C,D,X(13), 4,0x289b7ec6L);
- R2(D,A,B,C,X( 0),11,0xeaa127faL);
- R2(C,D,A,B,X( 3),16,0xd4ef3085L);
- R2(B,C,D,A,X( 6),23,0x04881d05L);
- R2(A,B,C,D,X( 9), 4,0xd9d4d039L);
- R2(D,A,B,C,X(12),11,0xe6db99e5L);
- R2(C,D,A,B,X(15),16,0x1fa27cf8L);
- R2(B,C,D,A,X( 2),23,0xc4ac5665L);
- /* Round 3 */
- R3(A,B,C,D,X( 0), 6,0xf4292244L);
- R3(D,A,B,C,X( 7),10,0x432aff97L);
- R3(C,D,A,B,X(14),15,0xab9423a7L);
- R3(B,C,D,A,X( 5),21,0xfc93a039L);
- R3(A,B,C,D,X(12), 6,0x655b59c3L);
- R3(D,A,B,C,X( 3),10,0x8f0ccc92L);
- R3(C,D,A,B,X(10),15,0xffeff47dL);
- R3(B,C,D,A,X( 1),21,0x85845dd1L);
- R3(A,B,C,D,X( 8), 6,0x6fa87e4fL);
- R3(D,A,B,C,X(15),10,0xfe2ce6e0L);
- R3(C,D,A,B,X( 6),15,0xa3014314L);
- R3(B,C,D,A,X(13),21,0x4e0811a1L);
- R3(A,B,C,D,X( 4), 6,0xf7537e82L);
- R3(D,A,B,C,X(11),10,0xbd3af235L);
- R3(C,D,A,B,X( 2),15,0x2ad7d2bbL);
- R3(B,C,D,A,X( 9),21,0xeb86d391L);
-
- A = c->A += A;
- B = c->B += B;
- C = c->C += C;
- D = c->D += D;
- }
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_dgst.c (from rev 6976, vendor-crypto/openssl/dist/crypto/md5/md5_dgst.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_dgst.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,221 @@
+/* crypto/md5/md5_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "md5_locl.h"
+#include <openssl/opensslv.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+const char MD5_version[] = "MD5" OPENSSL_VERSION_PTEXT;
+
+/*
+ * Implemented from RFC1321 The MD5 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+FIPS_NON_FIPS_MD_Init(MD5)
+{
+ c->A = INIT_DATA_A;
+ c->B = INIT_DATA_B;
+ c->C = INIT_DATA_C;
+ c->D = INIT_DATA_D;
+ c->Nl = 0;
+ c->Nh = 0;
+ c->num = 0;
+ return 1;
+}
+
+#ifndef md5_block_data_order
+# ifdef X
+# undef X
+# endif
+void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num)
+{
+ const unsigned char *data = data_;
+ register unsigned MD32_REG_T A, B, C, D, l;
+# ifndef MD32_XARRAY
+ /* See comment in crypto/sha/sha_locl.h for details. */
+ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+# define X(i) XX##i
+# else
+ MD5_LONG XX[MD5_LBLOCK];
+# define X(i) XX[i]
+# endif
+
+ A = c->A;
+ B = c->B;
+ C = c->C;
+ D = c->D;
+
+ for (; num--;) {
+ HOST_c2l(data, l);
+ X(0) = l;
+ HOST_c2l(data, l);
+ X(1) = l;
+ /* Round 0 */
+ R0(A, B, C, D, X(0), 7, 0xd76aa478L);
+ HOST_c2l(data, l);
+ X(2) = l;
+ R0(D, A, B, C, X(1), 12, 0xe8c7b756L);
+ HOST_c2l(data, l);
+ X(3) = l;
+ R0(C, D, A, B, X(2), 17, 0x242070dbL);
+ HOST_c2l(data, l);
+ X(4) = l;
+ R0(B, C, D, A, X(3), 22, 0xc1bdceeeL);
+ HOST_c2l(data, l);
+ X(5) = l;
+ R0(A, B, C, D, X(4), 7, 0xf57c0fafL);
+ HOST_c2l(data, l);
+ X(6) = l;
+ R0(D, A, B, C, X(5), 12, 0x4787c62aL);
+ HOST_c2l(data, l);
+ X(7) = l;
+ R0(C, D, A, B, X(6), 17, 0xa8304613L);
+ HOST_c2l(data, l);
+ X(8) = l;
+ R0(B, C, D, A, X(7), 22, 0xfd469501L);
+ HOST_c2l(data, l);
+ X(9) = l;
+ R0(A, B, C, D, X(8), 7, 0x698098d8L);
+ HOST_c2l(data, l);
+ X(10) = l;
+ R0(D, A, B, C, X(9), 12, 0x8b44f7afL);
+ HOST_c2l(data, l);
+ X(11) = l;
+ R0(C, D, A, B, X(10), 17, 0xffff5bb1L);
+ HOST_c2l(data, l);
+ X(12) = l;
+ R0(B, C, D, A, X(11), 22, 0x895cd7beL);
+ HOST_c2l(data, l);
+ X(13) = l;
+ R0(A, B, C, D, X(12), 7, 0x6b901122L);
+ HOST_c2l(data, l);
+ X(14) = l;
+ R0(D, A, B, C, X(13), 12, 0xfd987193L);
+ HOST_c2l(data, l);
+ X(15) = l;
+ R0(C, D, A, B, X(14), 17, 0xa679438eL);
+ R0(B, C, D, A, X(15), 22, 0x49b40821L);
+ /* Round 1 */
+ R1(A, B, C, D, X(1), 5, 0xf61e2562L);
+ R1(D, A, B, C, X(6), 9, 0xc040b340L);
+ R1(C, D, A, B, X(11), 14, 0x265e5a51L);
+ R1(B, C, D, A, X(0), 20, 0xe9b6c7aaL);
+ R1(A, B, C, D, X(5), 5, 0xd62f105dL);
+ R1(D, A, B, C, X(10), 9, 0x02441453L);
+ R1(C, D, A, B, X(15), 14, 0xd8a1e681L);
+ R1(B, C, D, A, X(4), 20, 0xe7d3fbc8L);
+ R1(A, B, C, D, X(9), 5, 0x21e1cde6L);
+ R1(D, A, B, C, X(14), 9, 0xc33707d6L);
+ R1(C, D, A, B, X(3), 14, 0xf4d50d87L);
+ R1(B, C, D, A, X(8), 20, 0x455a14edL);
+ R1(A, B, C, D, X(13), 5, 0xa9e3e905L);
+ R1(D, A, B, C, X(2), 9, 0xfcefa3f8L);
+ R1(C, D, A, B, X(7), 14, 0x676f02d9L);
+ R1(B, C, D, A, X(12), 20, 0x8d2a4c8aL);
+ /* Round 2 */
+ R2(A, B, C, D, X(5), 4, 0xfffa3942L);
+ R2(D, A, B, C, X(8), 11, 0x8771f681L);
+ R2(C, D, A, B, X(11), 16, 0x6d9d6122L);
+ R2(B, C, D, A, X(14), 23, 0xfde5380cL);
+ R2(A, B, C, D, X(1), 4, 0xa4beea44L);
+ R2(D, A, B, C, X(4), 11, 0x4bdecfa9L);
+ R2(C, D, A, B, X(7), 16, 0xf6bb4b60L);
+ R2(B, C, D, A, X(10), 23, 0xbebfbc70L);
+ R2(A, B, C, D, X(13), 4, 0x289b7ec6L);
+ R2(D, A, B, C, X(0), 11, 0xeaa127faL);
+ R2(C, D, A, B, X(3), 16, 0xd4ef3085L);
+ R2(B, C, D, A, X(6), 23, 0x04881d05L);
+ R2(A, B, C, D, X(9), 4, 0xd9d4d039L);
+ R2(D, A, B, C, X(12), 11, 0xe6db99e5L);
+ R2(C, D, A, B, X(15), 16, 0x1fa27cf8L);
+ R2(B, C, D, A, X(2), 23, 0xc4ac5665L);
+ /* Round 3 */
+ R3(A, B, C, D, X(0), 6, 0xf4292244L);
+ R3(D, A, B, C, X(7), 10, 0x432aff97L);
+ R3(C, D, A, B, X(14), 15, 0xab9423a7L);
+ R3(B, C, D, A, X(5), 21, 0xfc93a039L);
+ R3(A, B, C, D, X(12), 6, 0x655b59c3L);
+ R3(D, A, B, C, X(3), 10, 0x8f0ccc92L);
+ R3(C, D, A, B, X(10), 15, 0xffeff47dL);
+ R3(B, C, D, A, X(1), 21, 0x85845dd1L);
+ R3(A, B, C, D, X(8), 6, 0x6fa87e4fL);
+ R3(D, A, B, C, X(15), 10, 0xfe2ce6e0L);
+ R3(C, D, A, B, X(6), 15, 0xa3014314L);
+ R3(B, C, D, A, X(13), 21, 0x4e0811a1L);
+ R3(A, B, C, D, X(4), 6, 0xf7537e82L);
+ R3(D, A, B, C, X(11), 10, 0xbd3af235L);
+ R3(C, D, A, B, X(2), 15, 0x2ad7d2bbL);
+ R3(B, C, D, A, X(9), 21, 0xeb86d391L);
+
+ A = c->A += A;
+ B = c->B += B;
+ C = c->C += C;
+ D = c->D += D;
+ }
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/md5/md5_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,128 +0,0 @@
-/* crypto/md5/md5_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/e_os2.h>
-#include <openssl/md5.h>
-
-#ifndef MD5_LONG_LOG2
-#define MD5_LONG_LOG2 2 /* default to 32 bits */
-#endif
-
-#ifdef MD5_ASM
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \
- defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
-# define md5_block_data_order md5_block_asm_data_order
-# endif
-#endif
-
-void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);
-
-#define DATA_ORDER_IS_LITTLE_ENDIAN
-
-#define HASH_LONG MD5_LONG
-#define HASH_CTX MD5_CTX
-#define HASH_CBLOCK MD5_CBLOCK
-#define HASH_UPDATE MD5_Update
-#define HASH_TRANSFORM MD5_Transform
-#define HASH_FINAL MD5_Final
-#define HASH_MAKE_STRING(c,s) do { \
- unsigned long ll; \
- ll=(c)->A; HOST_l2c(ll,(s)); \
- ll=(c)->B; HOST_l2c(ll,(s)); \
- ll=(c)->C; HOST_l2c(ll,(s)); \
- ll=(c)->D; HOST_l2c(ll,(s)); \
- } while (0)
-#define HASH_BLOCK_DATA_ORDER md5_block_data_order
-
-#include "md32_common.h"
-
-/*
-#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
-#define G(x,y,z) (((x) & (z)) | ((y) & (~(z))))
-*/
-
-/* As pointed out by Wei Dai <weidai at eskimo.com>, the above can be
- * simplified to the code below. Wei attributes these optimizations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- */
-#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
-#define G(b,c,d) ((((b) ^ (c)) & (d)) ^ (c))
-#define H(b,c,d) ((b) ^ (c) ^ (d))
-#define I(b,c,d) (((~(d)) | (b)) ^ (c))
-
-#define R0(a,b,c,d,k,s,t) { \
- a+=((k)+(t)+F((b),(c),(d))); \
- a=ROTATE(a,s); \
- a+=b; };\
-
-#define R1(a,b,c,d,k,s,t) { \
- a+=((k)+(t)+G((b),(c),(d))); \
- a=ROTATE(a,s); \
- a+=b; };
-
-#define R2(a,b,c,d,k,s,t) { \
- a+=((k)+(t)+H((b),(c),(d))); \
- a=ROTATE(a,s); \
- a+=b; };
-
-#define R3(a,b,c,d,k,s,t) { \
- a+=((k)+(t)+I((b),(c),(d))); \
- a=ROTATE(a,s); \
- a+=b; };
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/md5/md5_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,129 @@
+/* crypto/md5/md5_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/e_os2.h>
+#include <openssl/md5.h>
+
+#ifndef MD5_LONG_LOG2
+# define MD5_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+#ifdef MD5_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \
+ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+# define md5_block_data_order md5_block_asm_data_order
+# endif
+#endif
+
+void md5_block_data_order(MD5_CTX *c, const void *p, size_t num);
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG MD5_LONG
+#define HASH_CTX MD5_CTX
+#define HASH_CBLOCK MD5_CBLOCK
+#define HASH_UPDATE MD5_Update
+#define HASH_TRANSFORM MD5_Transform
+#define HASH_FINAL MD5_Final
+#define HASH_MAKE_STRING(c,s) do { \
+ unsigned long ll; \
+ ll=(c)->A; HOST_l2c(ll,(s)); \
+ ll=(c)->B; HOST_l2c(ll,(s)); \
+ ll=(c)->C; HOST_l2c(ll,(s)); \
+ ll=(c)->D; HOST_l2c(ll,(s)); \
+ } while (0)
+#define HASH_BLOCK_DATA_ORDER md5_block_data_order
+
+#include "md32_common.h"
+
+/*-
+#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
+#define G(x,y,z) (((x) & (z)) | ((y) & (~(z))))
+*/
+
+/*
+ * As pointed out by Wei Dai <weidai at eskimo.com>, the above can be simplified
+ * to the code below. Wei attributes these optimizations to Peter Gutmann's
+ * SHS code, and he attributes it to Rich Schroeppel.
+ */
+#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d) ((((b) ^ (c)) & (d)) ^ (c))
+#define H(b,c,d) ((b) ^ (c) ^ (d))
+#define I(b,c,d) (((~(d)) | (b)) ^ (c))
+
+#define R0(a,b,c,d,k,s,t) { \
+ a+=((k)+(t)+F((b),(c),(d))); \
+ a=ROTATE(a,s); \
+ a+=b; };\
+
+#define R1(a,b,c,d,k,s,t) { \
+ a+=((k)+(t)+G((b),(c),(d))); \
+ a=ROTATE(a,s); \
+ a+=b; };
+
+#define R2(a,b,c,d,k,s,t) { \
+ a+=((k)+(t)+H((b),(c),(d))); \
+ a=ROTATE(a,s); \
+ a+=b; };
+
+#define R3(a,b,c,d,k,s,t) { \
+ a+=((k)+(t)+I((b),(c),(d))); \
+ a=ROTATE(a,s); \
+ a+=b; };
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_one.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md5/md5_one.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,97 +0,0 @@
-/* crypto/md5/md5_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/md5.h>
-#include <openssl/crypto.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
- {
- MD5_CTX c;
- static unsigned char m[MD5_DIGEST_LENGTH];
-
- if (md == NULL) md=m;
- if (!MD5_Init(&c))
- return NULL;
-#ifndef CHARSET_EBCDIC
- MD5_Update(&c,d,n);
-#else
- {
- char temp[1024];
- unsigned long chunk;
-
- while (n > 0)
- {
- chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
- ebcdic2ascii(temp, d, chunk);
- MD5_Update(&c,temp,chunk);
- n -= chunk;
- d += chunk;
- }
- }
-#endif
- MD5_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
- return(md);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_one.c (from rev 6976, vendor-crypto/openssl/dist/crypto/md5/md5_one.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_one.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md5/md5_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,96 @@
+/* crypto/md5/md5_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md5.h>
+#include <openssl/crypto.h>
+
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
+{
+ MD5_CTX c;
+ static unsigned char m[MD5_DIGEST_LENGTH];
+
+ if (md == NULL)
+ md = m;
+ if (!MD5_Init(&c))
+ return NULL;
+#ifndef CHARSET_EBCDIC
+ MD5_Update(&c, d, n);
+#else
+ {
+ char temp[1024];
+ unsigned long chunk;
+
+ while (n > 0) {
+ chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+ ebcdic2ascii(temp, d, chunk);
+ MD5_Update(&c, temp, chunk);
+ n -= chunk;
+ d += chunk;
+ }
+ }
+#endif
+ MD5_Final(md, &c);
+ OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+ return (md);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/md5/md5test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/md5/md5test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md5/md5test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,140 +0,0 @@
-/* crypto/md5/md5test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_MD5
-int main(int argc, char *argv[])
-{
- printf("No MD5 support\n");
- return(0);
-}
-#else
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-
-static char *test[]={
- "",
- "a",
- "abc",
- "message digest",
- "abcdefghijklmnopqrstuvwxyz",
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
- "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
- NULL,
- };
-
-static char *ret[]={
- "d41d8cd98f00b204e9800998ecf8427e",
- "0cc175b9c0f1b6a831c399e269772661",
- "900150983cd24fb0d6963f7d28e17f72",
- "f96b697d7cb7938d525a2f31aaf161d0",
- "c3fcd3d76192e4007dfb496cca67e13b",
- "d174ab98d277d9f5a5611c2c9f419d9f",
- "57edf4a22be3c955ac49da2e2107b67a",
- };
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
- {
- int i,err=0;
- char **P,**R;
- char *p;
- unsigned char md[MD5_DIGEST_LENGTH];
-
- P=test;
- R=ret;
- i=1;
- while (*P != NULL)
- {
- EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_md5(), NULL);
- p=pt(md);
- if (strcmp(p,(char *)*R) != 0)
- {
- printf("error calculating MD5 on '%s'\n",*P);
- printf("got %s instead of %s\n",p,*R);
- err++;
- }
- else
- printf("test %d ok\n",i);
- i++;
- R++;
- P++;
- }
-
-#ifdef OPENSSL_SYS_NETWARE
- if (err) printf("ERROR: %d\n", err);
-#endif
- EXIT(err);
- return(0);
- }
-
-static char *pt(unsigned char *md)
- {
- int i;
- static char buf[80];
-
- for (i=0; i<MD5_DIGEST_LENGTH; i++)
- sprintf(&(buf[i*2]),"%02x",md[i]);
- return(buf);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/md5/md5test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/md5/md5test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/md5/md5test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/md5/md5test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,138 @@
+/* crypto/md5/md5test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD5
+int main(int argc, char *argv[])
+{
+ printf("No MD5 support\n");
+ return (0);
+}
+#else
+# include <openssl/evp.h>
+# include <openssl/md5.h>
+
+static char *test[] = {
+ "",
+ "a",
+ "abc",
+ "message digest",
+ "abcdefghijklmnopqrstuvwxyz",
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+ NULL,
+};
+
+static char *ret[] = {
+ "d41d8cd98f00b204e9800998ecf8427e",
+ "0cc175b9c0f1b6a831c399e269772661",
+ "900150983cd24fb0d6963f7d28e17f72",
+ "f96b697d7cb7938d525a2f31aaf161d0",
+ "c3fcd3d76192e4007dfb496cca67e13b",
+ "d174ab98d277d9f5a5611c2c9f419d9f",
+ "57edf4a22be3c955ac49da2e2107b67a",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+ int i, err = 0;
+ char **P, **R;
+ char *p;
+ unsigned char md[MD5_DIGEST_LENGTH];
+
+ P = test;
+ R = ret;
+ i = 1;
+ while (*P != NULL) {
+ EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_md5(), NULL);
+ p = pt(md);
+ if (strcmp(p, (char *)*R) != 0) {
+ printf("error calculating MD5 on '%s'\n", *P);
+ printf("got %s instead of %s\n", p, *R);
+ err++;
+ } else
+ printf("test %d ok\n", i);
+ i++;
+ R++;
+ P++;
+ }
+
+# ifdef OPENSSL_SYS_NETWARE
+ if (err)
+ printf("ERROR: %d\n", err);
+# endif
+ EXIT(err);
+ return (0);
+}
+
+static char *pt(unsigned char *md)
+{
+ int i;
+ static char buf[80];
+
+ for (i = 0; i < MD5_DIGEST_LENGTH; i++)
+ sprintf(&(buf[i * 2]), "%02x", md[i]);
+ return (buf);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/mdc2/mdc2.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,97 +0,0 @@
-/* crypto/mdc2/mdc2.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MDC2_H
-#define HEADER_MDC2_H
-
-#include <openssl/des.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_MDC2
-#error MDC2 is disabled.
-#endif
-
-#define MDC2_BLOCK 8
-#define MDC2_DIGEST_LENGTH 16
-
-typedef struct mdc2_ctx_st
- {
- unsigned int num;
- unsigned char data[MDC2_BLOCK];
- DES_cblock h,hh;
- int pad_type; /* either 1 or 2, default 1 */
- } MDC2_CTX;
-
-#ifdef OPENSSL_FIPS
-int private_MDC2_Init(MDC2_CTX *c);
-#endif
-int MDC2_Init(MDC2_CTX *c);
-int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
-int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-unsigned char *MDC2(const unsigned char *d, size_t n,
- unsigned char *md);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2.h (from rev 6976, vendor-crypto/openssl/dist/crypto/mdc2/mdc2.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,94 @@
+/* crypto/mdc2/mdc2.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_MDC2_H
+# define HEADER_MDC2_H
+
+# include <openssl/des.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifdef OPENSSL_NO_MDC2
+# error MDC2 is disabled.
+# endif
+
+# define MDC2_BLOCK 8
+# define MDC2_DIGEST_LENGTH 16
+
+typedef struct mdc2_ctx_st {
+ unsigned int num;
+ unsigned char data[MDC2_BLOCK];
+ DES_cblock h, hh;
+ int pad_type; /* either 1 or 2, default 1 */
+} MDC2_CTX;
+
+# ifdef OPENSSL_FIPS
+int private_MDC2_Init(MDC2_CTX *c);
+# endif
+int MDC2_Init(MDC2_CTX *c);
+int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
+int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2_one.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/mdc2/mdc2_one.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,76 +0,0 @@
-/* crypto/mdc2/mdc2_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/mdc2.h>
-
-unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
- {
- MDC2_CTX c;
- static unsigned char m[MDC2_DIGEST_LENGTH];
-
- if (md == NULL) md=m;
- if (!MDC2_Init(&c))
- return NULL;
- MDC2_Update(&c,d,n);
- MDC2_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
- return(md);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2_one.c (from rev 6976, vendor-crypto/openssl/dist/crypto/mdc2/mdc2_one.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2_one.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,76 @@
+/* crypto/mdc2/mdc2_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/mdc2.h>
+
+unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
+{
+ MDC2_CTX c;
+ static unsigned char m[MDC2_DIGEST_LENGTH];
+
+ if (md == NULL)
+ md = m;
+ if (!MDC2_Init(&c))
+ return NULL;
+ MDC2_Update(&c, d, n);
+ MDC2_Final(md, &c);
+ OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+ return (md);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2dgst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/mdc2/mdc2dgst.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,204 +0,0 @@
-/* crypto/mdc2/mdc2dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/des.h>
-#include <openssl/mdc2.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-#undef c2l
-#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
- l|=((DES_LONG)(*((c)++)))<< 8L, \
- l|=((DES_LONG)(*((c)++)))<<16L, \
- l|=((DES_LONG)(*((c)++)))<<24L)
-
-#undef l2c
-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
-FIPS_NON_FIPS_MD_Init(MDC2)
- {
- c->num=0;
- c->pad_type=1;
- memset(&(c->h[0]),0x52,MDC2_BLOCK);
- memset(&(c->hh[0]),0x25,MDC2_BLOCK);
- return 1;
- }
-
-int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
- {
- size_t i,j;
-
- i=c->num;
- if (i != 0)
- {
- if (i+len < MDC2_BLOCK)
- {
- /* partial block */
- memcpy(&(c->data[i]),in,len);
- c->num+=(int)len;
- return 1;
- }
- else
- {
- /* filled one */
- j=MDC2_BLOCK-i;
- memcpy(&(c->data[i]),in,j);
- len-=j;
- in+=j;
- c->num=0;
- mdc2_body(c,&(c->data[0]),MDC2_BLOCK);
- }
- }
- i=len&~((size_t)MDC2_BLOCK-1);
- if (i > 0) mdc2_body(c,in,i);
- j=len-i;
- if (j > 0)
- {
- memcpy(&(c->data[0]),&(in[i]),j);
- c->num=(int)j;
- }
- return 1;
- }
-
-static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
- {
- register DES_LONG tin0,tin1;
- register DES_LONG ttin0,ttin1;
- DES_LONG d[2],dd[2];
- DES_key_schedule k;
- unsigned char *p;
- size_t i;
-
- for (i=0; i<len; i+=8)
- {
- c2l(in,tin0); d[0]=dd[0]=tin0;
- c2l(in,tin1); d[1]=dd[1]=tin1;
- c->h[0]=(c->h[0]&0x9f)|0x40;
- c->hh[0]=(c->hh[0]&0x9f)|0x20;
-
- DES_set_odd_parity(&c->h);
- DES_set_key_unchecked(&c->h,&k);
- DES_encrypt1(d,&k,1);
-
- DES_set_odd_parity(&c->hh);
- DES_set_key_unchecked(&c->hh,&k);
- DES_encrypt1(dd,&k,1);
-
- ttin0=tin0^dd[0];
- ttin1=tin1^dd[1];
- tin0^=d[0];
- tin1^=d[1];
-
- p=c->h;
- l2c(tin0,p);
- l2c(ttin1,p);
- p=c->hh;
- l2c(ttin0,p);
- l2c(tin1,p);
- }
- }
-
-int MDC2_Final(unsigned char *md, MDC2_CTX *c)
- {
- unsigned int i;
- int j;
-
- i=c->num;
- j=c->pad_type;
- if ((i > 0) || (j == 2))
- {
- if (j == 2)
- c->data[i++]=0x80;
- memset(&(c->data[i]),0,MDC2_BLOCK-i);
- mdc2_body(c,c->data,MDC2_BLOCK);
- }
- memcpy(md,(char *)c->h,MDC2_BLOCK);
- memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK);
- return 1;
- }
-
-#undef TEST
-
-#ifdef TEST
-main()
- {
- unsigned char md[MDC2_DIGEST_LENGTH];
- int i;
- MDC2_CTX c;
- static char *text="Now is the time for all ";
-
- MDC2_Init(&c);
- MDC2_Update(&c,text,strlen(text));
- MDC2_Final(&(md[0]),&c);
-
- for (i=0; i<MDC2_DIGEST_LENGTH; i++)
- printf("%02X",md[i]);
- printf("\n");
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2dgst.c (from rev 6976, vendor-crypto/openssl/dist/crypto/mdc2/mdc2dgst.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2dgst.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,199 @@
+/* crypto/mdc2/mdc2dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/des.h>
+#include <openssl/mdc2.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#undef c2l
+#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
+ l|=((DES_LONG)(*((c)++)))<< 8L, \
+ l|=((DES_LONG)(*((c)++)))<<16L, \
+ l|=((DES_LONG)(*((c)++)))<<24L)
+
+#undef l2c
+#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
+FIPS_NON_FIPS_MD_Init(MDC2)
+{
+ c->num = 0;
+ c->pad_type = 1;
+ memset(&(c->h[0]), 0x52, MDC2_BLOCK);
+ memset(&(c->hh[0]), 0x25, MDC2_BLOCK);
+ return 1;
+}
+
+int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
+{
+ size_t i, j;
+
+ i = c->num;
+ if (i != 0) {
+ if (i + len < MDC2_BLOCK) {
+ /* partial block */
+ memcpy(&(c->data[i]), in, len);
+ c->num += (int)len;
+ return 1;
+ } else {
+ /* filled one */
+ j = MDC2_BLOCK - i;
+ memcpy(&(c->data[i]), in, j);
+ len -= j;
+ in += j;
+ c->num = 0;
+ mdc2_body(c, &(c->data[0]), MDC2_BLOCK);
+ }
+ }
+ i = len & ~((size_t)MDC2_BLOCK - 1);
+ if (i > 0)
+ mdc2_body(c, in, i);
+ j = len - i;
+ if (j > 0) {
+ memcpy(&(c->data[0]), &(in[i]), j);
+ c->num = (int)j;
+ }
+ return 1;
+}
+
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
+{
+ register DES_LONG tin0, tin1;
+ register DES_LONG ttin0, ttin1;
+ DES_LONG d[2], dd[2];
+ DES_key_schedule k;
+ unsigned char *p;
+ size_t i;
+
+ for (i = 0; i < len; i += 8) {
+ c2l(in, tin0);
+ d[0] = dd[0] = tin0;
+ c2l(in, tin1);
+ d[1] = dd[1] = tin1;
+ c->h[0] = (c->h[0] & 0x9f) | 0x40;
+ c->hh[0] = (c->hh[0] & 0x9f) | 0x20;
+
+ DES_set_odd_parity(&c->h);
+ DES_set_key_unchecked(&c->h, &k);
+ DES_encrypt1(d, &k, 1);
+
+ DES_set_odd_parity(&c->hh);
+ DES_set_key_unchecked(&c->hh, &k);
+ DES_encrypt1(dd, &k, 1);
+
+ ttin0 = tin0 ^ dd[0];
+ ttin1 = tin1 ^ dd[1];
+ tin0 ^= d[0];
+ tin1 ^= d[1];
+
+ p = c->h;
+ l2c(tin0, p);
+ l2c(ttin1, p);
+ p = c->hh;
+ l2c(ttin0, p);
+ l2c(tin1, p);
+ }
+}
+
+int MDC2_Final(unsigned char *md, MDC2_CTX *c)
+{
+ unsigned int i;
+ int j;
+
+ i = c->num;
+ j = c->pad_type;
+ if ((i > 0) || (j == 2)) {
+ if (j == 2)
+ c->data[i++] = 0x80;
+ memset(&(c->data[i]), 0, MDC2_BLOCK - i);
+ mdc2_body(c, c->data, MDC2_BLOCK);
+ }
+ memcpy(md, (char *)c->h, MDC2_BLOCK);
+ memcpy(&(md[MDC2_BLOCK]), (char *)c->hh, MDC2_BLOCK);
+ return 1;
+}
+
+#undef TEST
+
+#ifdef TEST
+main()
+{
+ unsigned char md[MDC2_DIGEST_LENGTH];
+ int i;
+ MDC2_CTX c;
+ static char *text = "Now is the time for all ";
+
+ MDC2_Init(&c);
+ MDC2_Update(&c, text, strlen(text));
+ MDC2_Final(&(md[0]), &c);
+
+ for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+ printf("%02X", md[i]);
+ printf("\n");
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/mdc2/mdc2test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,149 +0,0 @@
-/* crypto/mdc2/mdc2test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2)
-#define OPENSSL_NO_MDC2
-#endif
-
-#ifdef OPENSSL_NO_MDC2
-int main(int argc, char *argv[])
-{
- printf("No MDC2 support\n");
- return(0);
-}
-#else
-#include <openssl/evp.h>
-#include <openssl/mdc2.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-static unsigned char pad1[16]={
- 0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA,
- 0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A
- };
-
-static unsigned char pad2[16]={
- 0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75,
- 0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2
- };
-
-int main(int argc, char *argv[])
- {
- int ret=0;
- unsigned char md[MDC2_DIGEST_LENGTH];
- int i;
- EVP_MD_CTX c;
- static char *text="Now is the time for all ";
-
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(text,text,strlen(text));
-#endif
-
- EVP_MD_CTX_init(&c);
- EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
- EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
- EVP_DigestFinal_ex(&c,&(md[0]),NULL);
-
- if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
- {
- for (i=0; i<MDC2_DIGEST_LENGTH; i++)
- printf("%02X",md[i]);
- printf(" <- generated\n");
- for (i=0; i<MDC2_DIGEST_LENGTH; i++)
- printf("%02X",pad1[i]);
- printf(" <- correct\n");
- ret=1;
- }
- else
- printf("pad1 - ok\n");
-
- EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
- /* FIXME: use a ctl function? */
- ((MDC2_CTX *)c.md_data)->pad_type=2;
- EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
- EVP_DigestFinal_ex(&c,&(md[0]),NULL);
-
- if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
- {
- for (i=0; i<MDC2_DIGEST_LENGTH; i++)
- printf("%02X",md[i]);
- printf(" <- generated\n");
- for (i=0; i<MDC2_DIGEST_LENGTH; i++)
- printf("%02X",pad2[i]);
- printf(" <- correct\n");
- ret=1;
- }
- else
- printf("pad2 - ok\n");
-
- EVP_MD_CTX_cleanup(&c);
-#ifdef OPENSSL_SYS_NETWARE
- if (ret) printf("ERROR: %d\n", ret);
-#endif
- EXIT(ret);
- return(ret);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/mdc2/mdc2test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mdc2/mdc2test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,146 @@
+/* crypto/mdc2/mdc2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2)
+# define OPENSSL_NO_MDC2
+#endif
+
+#ifdef OPENSSL_NO_MDC2
+int main(int argc, char *argv[])
+{
+ printf("No MDC2 support\n");
+ return (0);
+}
+#else
+# include <openssl/evp.h>
+# include <openssl/mdc2.h>
+
+# ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+# endif
+
+static unsigned char pad1[16] = {
+ 0x42, 0xE5, 0x0C, 0xD2, 0x24, 0xBA, 0xCE, 0xBA,
+ 0x76, 0x0B, 0xDD, 0x2B, 0xD4, 0x09, 0x28, 0x1A
+};
+
+static unsigned char pad2[16] = {
+ 0x2E, 0x46, 0x79, 0xB5, 0xAD, 0xD9, 0xCA, 0x75,
+ 0x35, 0xD8, 0x7A, 0xFE, 0xAB, 0x33, 0xBE, 0xE2
+};
+
+int main(int argc, char *argv[])
+{
+ int ret = 0;
+ unsigned char md[MDC2_DIGEST_LENGTH];
+ int i;
+ EVP_MD_CTX c;
+ static char *text = "Now is the time for all ";
+
+# ifdef CHARSET_EBCDIC
+ ebcdic2ascii(text, text, strlen(text));
+# endif
+
+ EVP_MD_CTX_init(&c);
+ EVP_DigestInit_ex(&c, EVP_mdc2(), NULL);
+ EVP_DigestUpdate(&c, (unsigned char *)text, strlen(text));
+ EVP_DigestFinal_ex(&c, &(md[0]), NULL);
+
+ if (memcmp(md, pad1, MDC2_DIGEST_LENGTH) != 0) {
+ for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+ printf("%02X", md[i]);
+ printf(" <- generated\n");
+ for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+ printf("%02X", pad1[i]);
+ printf(" <- correct\n");
+ ret = 1;
+ } else
+ printf("pad1 - ok\n");
+
+ EVP_DigestInit_ex(&c, EVP_mdc2(), NULL);
+ /* FIXME: use a ctl function? */
+ ((MDC2_CTX *)c.md_data)->pad_type = 2;
+ EVP_DigestUpdate(&c, (unsigned char *)text, strlen(text));
+ EVP_DigestFinal_ex(&c, &(md[0]), NULL);
+
+ if (memcmp(md, pad2, MDC2_DIGEST_LENGTH) != 0) {
+ for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+ printf("%02X", md[i]);
+ printf(" <- generated\n");
+ for (i = 0; i < MDC2_DIGEST_LENGTH; i++)
+ printf("%02X", pad2[i]);
+ printf(" <- correct\n");
+ ret = 1;
+ } else
+ printf("pad2 - ok\n");
+
+ EVP_MD_CTX_cleanup(&c);
+# ifdef OPENSSL_SYS_NETWARE
+ if (ret)
+ printf("ERROR: %d\n", ret);
+# endif
+ EXIT(ret);
+ return (ret);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/mem.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/mem.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mem.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,450 +0,0 @@
-/* crypto/mem.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-
-
-static int allow_customize = 1; /* we provide flexible functions for */
-static int allow_customize_debug = 1;/* exchanging memory-related functions at
- * run-time, but this must be done
- * before any blocks are actually
- * allocated; or we'll run into huge
- * problems when malloc/free pairs
- * don't match etc. */
-
-
-
-/* the following pointers may be changed as long as 'allow_customize' is set */
-
-static void *(*malloc_func)(size_t) = malloc;
-static void *default_malloc_ex(size_t num, const char *file, int line)
- { return malloc_func(num); }
-static void *(*malloc_ex_func)(size_t, const char *file, int line)
- = default_malloc_ex;
-
-static void *(*realloc_func)(void *, size_t)= realloc;
-static void *default_realloc_ex(void *str, size_t num,
- const char *file, int line)
- { return realloc_func(str,num); }
-static void *(*realloc_ex_func)(void *, size_t, const char *file, int line)
- = default_realloc_ex;
-
-static void (*free_func)(void *) = free;
-
-static void *(*malloc_locked_func)(size_t) = malloc;
-static void *default_malloc_locked_ex(size_t num, const char *file, int line)
- { return malloc_locked_func(num); }
-static void *(*malloc_locked_ex_func)(size_t, const char *file, int line)
- = default_malloc_locked_ex;
-
-static void (*free_locked_func)(void *) = free;
-
-
-
-/* may be changed as long as 'allow_customize_debug' is set */
-/* XXX use correct function pointer types */
-#if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS)
-/* use default functions from mem_dbg.c */
-static void (*malloc_debug_func)(void *,int,const char *,int,int)
- = CRYPTO_dbg_malloc;
-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
- = CRYPTO_dbg_realloc;
-static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
-static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
-static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
-
-static int (*push_info_func)(const char *info, const char *file, int line)
- = CRYPTO_dbg_push_info;
-static int (*pop_info_func)(void)
- = CRYPTO_dbg_pop_info;
-static int (*remove_all_info_func)(void)
- = CRYPTO_dbg_remove_all_info;
-
-#else
-/* applications can use CRYPTO_malloc_debug_init() to select above case
- * at run-time */
-static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL;
-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
- = NULL;
-static void (*free_debug_func)(void *,int) = NULL;
-static void (*set_debug_options_func)(long) = NULL;
-static long (*get_debug_options_func)(void) = NULL;
-
-
-static int (*push_info_func)(const char *info, const char *file, int line)
- = NULL;
-static int (*pop_info_func)(void) = NULL;
-static int (*remove_all_info_func)(void) = NULL;
-
-#endif
-
-
-int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
- void (*f)(void *))
- {
- if (!allow_customize)
- return 0;
- if ((m == 0) || (r == 0) || (f == 0))
- return 0;
- malloc_func=m; malloc_ex_func=default_malloc_ex;
- realloc_func=r; realloc_ex_func=default_realloc_ex;
- free_func=f;
- malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
- free_locked_func=f;
- return 1;
- }
-
-int CRYPTO_set_mem_ex_functions(
- void *(*m)(size_t,const char *,int),
- void *(*r)(void *, size_t,const char *,int),
- void (*f)(void *))
- {
- if (!allow_customize)
- return 0;
- if ((m == 0) || (r == 0) || (f == 0))
- return 0;
- malloc_func=0; malloc_ex_func=m;
- realloc_func=0; realloc_ex_func=r;
- free_func=f;
- malloc_locked_func=0; malloc_locked_ex_func=m;
- free_locked_func=f;
- return 1;
- }
-
-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *))
- {
- if (!allow_customize)
- return 0;
- if ((m == NULL) || (f == NULL))
- return 0;
- malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
- free_locked_func=f;
- return 1;
- }
-
-int CRYPTO_set_locked_mem_ex_functions(
- void *(*m)(size_t,const char *,int),
- void (*f)(void *))
- {
- if (!allow_customize)
- return 0;
- if ((m == NULL) || (f == NULL))
- return 0;
- malloc_locked_func=0; malloc_locked_ex_func=m;
- free_func=f;
- return 1;
- }
-
-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
- void (*r)(void *,void *,int,const char *,int,int),
- void (*f)(void *,int),
- void (*so)(long),
- long (*go)(void))
- {
- if (!allow_customize_debug)
- return 0;
- malloc_debug_func=m;
- realloc_debug_func=r;
- free_debug_func=f;
- set_debug_options_func=so;
- get_debug_options_func=go;
- return 1;
- }
-
-void CRYPTO_set_mem_info_functions(
- int (*push_info_fn)(const char *info, const char *file, int line),
- int (*pop_info_fn)(void),
- int (*remove_all_info_fn)(void))
- {
- push_info_func = push_info_fn;
- pop_info_func = pop_info_fn;
- remove_all_info_func = remove_all_info_fn;
- }
-
-void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t),
- void (**f)(void *))
- {
- if (m != NULL) *m = (malloc_ex_func == default_malloc_ex) ?
- malloc_func : 0;
- if (r != NULL) *r = (realloc_ex_func == default_realloc_ex) ?
- realloc_func : 0;
- if (f != NULL) *f=free_func;
- }
-
-void CRYPTO_get_mem_ex_functions(
- void *(**m)(size_t,const char *,int),
- void *(**r)(void *, size_t,const char *,int),
- void (**f)(void *))
- {
- if (m != NULL) *m = (malloc_ex_func != default_malloc_ex) ?
- malloc_ex_func : 0;
- if (r != NULL) *r = (realloc_ex_func != default_realloc_ex) ?
- realloc_ex_func : 0;
- if (f != NULL) *f=free_func;
- }
-
-void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *))
- {
- if (m != NULL) *m = (malloc_locked_ex_func == default_malloc_locked_ex) ?
- malloc_locked_func : 0;
- if (f != NULL) *f=free_locked_func;
- }
-
-void CRYPTO_get_locked_mem_ex_functions(
- void *(**m)(size_t,const char *,int),
- void (**f)(void *))
- {
- if (m != NULL) *m = (malloc_locked_ex_func != default_malloc_locked_ex) ?
- malloc_locked_ex_func : 0;
- if (f != NULL) *f=free_locked_func;
- }
-
-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
- void (**r)(void *,void *,int,const char *,int,int),
- void (**f)(void *,int),
- void (**so)(long),
- long (**go)(void))
- {
- if (m != NULL) *m=malloc_debug_func;
- if (r != NULL) *r=realloc_debug_func;
- if (f != NULL) *f=free_debug_func;
- if (so != NULL) *so=set_debug_options_func;
- if (go != NULL) *go=get_debug_options_func;
- }
-
-
-void *CRYPTO_malloc_locked(int num, const char *file, int line)
- {
- void *ret = NULL;
- extern unsigned char cleanse_ctr;
-
- if (num <= 0) return NULL;
-
- allow_customize = 0;
- if (malloc_debug_func != NULL)
- {
- allow_customize_debug = 0;
- malloc_debug_func(NULL, num, file, line, 0);
- }
- ret = malloc_locked_ex_func(num,file,line);
-#ifdef LEVITTE_DEBUG_MEM
- fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num);
-#endif
- if (malloc_debug_func != NULL)
- malloc_debug_func(ret, num, file, line, 1);
-
- /* Create a dependency on the value of 'cleanse_ctr' so our memory
- * sanitisation function can't be optimised out. NB: We only do
- * this for >2Kb so the overhead doesn't bother us. */
- if(ret && (num > 2048))
- ((unsigned char *)ret)[0] = cleanse_ctr;
-
- return ret;
- }
-
-void CRYPTO_free_locked(void *str)
- {
- if (free_debug_func != NULL)
- free_debug_func(str, 0);
-#ifdef LEVITTE_DEBUG_MEM
- fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str);
-#endif
- free_locked_func(str);
- if (free_debug_func != NULL)
- free_debug_func(NULL, 1);
- }
-
-void *CRYPTO_malloc(int num, const char *file, int line)
- {
- void *ret = NULL;
- extern unsigned char cleanse_ctr;
-
- if (num <= 0) return NULL;
-
- allow_customize = 0;
- if (malloc_debug_func != NULL)
- {
- allow_customize_debug = 0;
- malloc_debug_func(NULL, num, file, line, 0);
- }
- ret = malloc_ex_func(num,file,line);
-#ifdef LEVITTE_DEBUG_MEM
- fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num);
-#endif
- if (malloc_debug_func != NULL)
- malloc_debug_func(ret, num, file, line, 1);
-
- /* Create a dependency on the value of 'cleanse_ctr' so our memory
- * sanitisation function can't be optimised out. NB: We only do
- * this for >2Kb so the overhead doesn't bother us. */
- if(ret && (num > 2048))
- ((unsigned char *)ret)[0] = cleanse_ctr;
-
- return ret;
- }
-
-void *CRYPTO_realloc(void *str, int num, const char *file, int line)
- {
- void *ret = NULL;
-
- if (str == NULL)
- return CRYPTO_malloc(num, file, line);
-
- if (num <= 0) return NULL;
-
- if (realloc_debug_func != NULL)
- realloc_debug_func(str, NULL, num, file, line, 0);
- ret = realloc_ex_func(str,num,file,line);
-#ifdef LEVITTE_DEBUG_MEM
- fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num);
-#endif
- if (realloc_debug_func != NULL)
- realloc_debug_func(str, ret, num, file, line, 1);
-
- return ret;
- }
-
-void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
- int line)
- {
- void *ret = NULL;
-
- if (str == NULL)
- return CRYPTO_malloc(num, file, line);
-
- if (num <= 0) return NULL;
-
- /* We don't support shrinking the buffer. Note the memcpy that copies
- * |old_len| bytes to the new buffer, below. */
- if (num < old_len) return NULL;
-
- if (realloc_debug_func != NULL)
- realloc_debug_func(str, NULL, num, file, line, 0);
- ret=malloc_ex_func(num,file,line);
- if(ret)
- {
- memcpy(ret,str,old_len);
- OPENSSL_cleanse(str,old_len);
- free_func(str);
- }
-#ifdef LEVITTE_DEBUG_MEM
- fprintf(stderr,
- "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n",
- str, ret, num);
-#endif
- if (realloc_debug_func != NULL)
- realloc_debug_func(str, ret, num, file, line, 1);
-
- return ret;
- }
-
-void CRYPTO_free(void *str)
- {
- if (free_debug_func != NULL)
- free_debug_func(str, 0);
-#ifdef LEVITTE_DEBUG_MEM
- fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str);
-#endif
- free_func(str);
- if (free_debug_func != NULL)
- free_debug_func(NULL, 1);
- }
-
-void *CRYPTO_remalloc(void *a, int num, const char *file, int line)
- {
- if (a != NULL) OPENSSL_free(a);
- a=(char *)OPENSSL_malloc(num);
- return(a);
- }
-
-void CRYPTO_set_mem_debug_options(long bits)
- {
- if (set_debug_options_func != NULL)
- set_debug_options_func(bits);
- }
-
-long CRYPTO_get_mem_debug_options(void)
- {
- if (get_debug_options_func != NULL)
- return get_debug_options_func();
- return 0;
- }
-
-int CRYPTO_push_info_(const char *info, const char *file, int line)
- {
- if (push_info_func)
- return push_info_func(info, file, line);
- return 1;
- }
-
-int CRYPTO_pop_info(void)
- {
- if (pop_info_func)
- return pop_info_func();
- return 1;
- }
-
-int CRYPTO_remove_all_info(void)
- {
- if (remove_all_info_func)
- return remove_all_info_func();
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/mem.c (from rev 6976, vendor-crypto/openssl/dist/crypto/mem.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/mem.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mem.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,487 @@
+/* crypto/mem.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+
+static int allow_customize = 1; /* we provide flexible functions for */
+static int allow_customize_debug = 1; /* exchanging memory-related functions
+ * at run-time, but this must be done
+ * before any blocks are actually
+ * allocated; or we'll run into huge
+ * problems when malloc/free pairs
+ * don't match etc. */
+
+/*
+ * the following pointers may be changed as long as 'allow_customize' is set
+ */
+
+static void *(*malloc_func) (size_t) = malloc;
+static void *default_malloc_ex(size_t num, const char *file, int line)
+{
+ return malloc_func(num);
+}
+
+static void *(*malloc_ex_func) (size_t, const char *file, int line)
+ = default_malloc_ex;
+
+static void *(*realloc_func) (void *, size_t) = realloc;
+static void *default_realloc_ex(void *str, size_t num,
+ const char *file, int line)
+{
+ return realloc_func(str, num);
+}
+
+static void *(*realloc_ex_func) (void *, size_t, const char *file, int line)
+ = default_realloc_ex;
+
+static void (*free_func) (void *) = free;
+
+static void *(*malloc_locked_func) (size_t) = malloc;
+static void *default_malloc_locked_ex(size_t num, const char *file, int line)
+{
+ return malloc_locked_func(num);
+}
+
+static void *(*malloc_locked_ex_func) (size_t, const char *file, int line)
+ = default_malloc_locked_ex;
+
+static void (*free_locked_func) (void *) = free;
+
+/* may be changed as long as 'allow_customize_debug' is set */
+/* XXX use correct function pointer types */
+#if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS)
+/* use default functions from mem_dbg.c */
+static void (*malloc_debug_func) (void *, int, const char *, int, int)
+ = CRYPTO_dbg_malloc;
+static void (*realloc_debug_func) (void *, void *, int, const char *, int,
+ int)
+ = CRYPTO_dbg_realloc;
+static void (*free_debug_func) (void *, int) = CRYPTO_dbg_free;
+static void (*set_debug_options_func) (long) = CRYPTO_dbg_set_options;
+static long (*get_debug_options_func) (void) = CRYPTO_dbg_get_options;
+
+static int (*push_info_func) (const char *info, const char *file, int line)
+ = CRYPTO_dbg_push_info;
+static int (*pop_info_func) (void)
+ = CRYPTO_dbg_pop_info;
+static int (*remove_all_info_func) (void)
+ = CRYPTO_dbg_remove_all_info;
+
+#else
+/*
+ * applications can use CRYPTO_malloc_debug_init() to select above case at
+ * run-time
+ */
+static void (*malloc_debug_func) (void *, int, const char *, int, int) = NULL;
+static void (*realloc_debug_func) (void *, void *, int, const char *, int,
+ int)
+ = NULL;
+static void (*free_debug_func) (void *, int) = NULL;
+static void (*set_debug_options_func) (long) = NULL;
+static long (*get_debug_options_func) (void) = NULL;
+
+static int (*push_info_func) (const char *info, const char *file, int line)
+ = NULL;
+static int (*pop_info_func) (void) = NULL;
+static int (*remove_all_info_func) (void) = NULL;
+
+#endif
+
+int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t),
+ void (*f) (void *))
+{
+ if (!allow_customize)
+ return 0;
+ if ((m == 0) || (r == 0) || (f == 0))
+ return 0;
+ malloc_func = m;
+ malloc_ex_func = default_malloc_ex;
+ realloc_func = r;
+ realloc_ex_func = default_realloc_ex;
+ free_func = f;
+ malloc_locked_func = m;
+ malloc_locked_ex_func = default_malloc_locked_ex;
+ free_locked_func = f;
+ return 1;
+}
+
+int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
+ void *(*r) (void *, size_t, const char *,
+ int), void (*f) (void *))
+{
+ if (!allow_customize)
+ return 0;
+ if ((m == 0) || (r == 0) || (f == 0))
+ return 0;
+ malloc_func = 0;
+ malloc_ex_func = m;
+ realloc_func = 0;
+ realloc_ex_func = r;
+ free_func = f;
+ malloc_locked_func = 0;
+ malloc_locked_ex_func = m;
+ free_locked_func = f;
+ return 1;
+}
+
+int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), void (*f) (void *))
+{
+ if (!allow_customize)
+ return 0;
+ if ((m == NULL) || (f == NULL))
+ return 0;
+ malloc_locked_func = m;
+ malloc_locked_ex_func = default_malloc_locked_ex;
+ free_locked_func = f;
+ return 1;
+}
+
+int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int),
+ void (*f) (void *))
+{
+ if (!allow_customize)
+ return 0;
+ if ((m == NULL) || (f == NULL))
+ return 0;
+ malloc_locked_func = 0;
+ malloc_locked_ex_func = m;
+ free_func = f;
+ return 1;
+}
+
+int CRYPTO_set_mem_debug_functions(void (*m)
+ (void *, int, const char *, int, int),
+ void (*r) (void *, void *, int,
+ const char *, int, int),
+ void (*f) (void *, int), void (*so) (long),
+ long (*go) (void))
+{
+ if (!allow_customize_debug)
+ return 0;
+ malloc_debug_func = m;
+ realloc_debug_func = r;
+ free_debug_func = f;
+ set_debug_options_func = so;
+ get_debug_options_func = go;
+ return 1;
+}
+
+void CRYPTO_set_mem_info_functions(int (*push_info_fn)
+ (const char *info, const char *file,
+ int line), int (*pop_info_fn) (void),
+ int (*remove_all_info_fn) (void))
+{
+ push_info_func = push_info_fn;
+ pop_info_func = pop_info_fn;
+ remove_all_info_func = remove_all_info_fn;
+}
+
+void CRYPTO_get_mem_functions(void *(**m) (size_t),
+ void *(**r) (void *, size_t),
+ void (**f) (void *))
+{
+ if (m != NULL)
+ *m = (malloc_ex_func == default_malloc_ex) ? malloc_func : 0;
+ if (r != NULL)
+ *r = (realloc_ex_func == default_realloc_ex) ? realloc_func : 0;
+ if (f != NULL)
+ *f = free_func;
+}
+
+void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int),
+ void *(**r) (void *, size_t, const char *,
+ int), void (**f) (void *))
+{
+ if (m != NULL)
+ *m = (malloc_ex_func != default_malloc_ex) ? malloc_ex_func : 0;
+ if (r != NULL)
+ *r = (realloc_ex_func != default_realloc_ex) ? realloc_ex_func : 0;
+ if (f != NULL)
+ *f = free_func;
+}
+
+void CRYPTO_get_locked_mem_functions(void *(**m) (size_t),
+ void (**f) (void *))
+{
+ if (m != NULL)
+ *m = (malloc_locked_ex_func == default_malloc_locked_ex) ?
+ malloc_locked_func : 0;
+ if (f != NULL)
+ *f = free_locked_func;
+}
+
+void CRYPTO_get_locked_mem_ex_functions(void
+ *(**m) (size_t, const char *, int),
+ void (**f) (void *))
+{
+ if (m != NULL)
+ *m = (malloc_locked_ex_func != default_malloc_locked_ex) ?
+ malloc_locked_ex_func : 0;
+ if (f != NULL)
+ *f = free_locked_func;
+}
+
+void CRYPTO_get_mem_debug_functions(void (**m)
+ (void *, int, const char *, int, int),
+ void (**r) (void *, void *, int,
+ const char *, int, int),
+ void (**f) (void *, int),
+ void (**so) (long), long (**go) (void))
+{
+ if (m != NULL)
+ *m = malloc_debug_func;
+ if (r != NULL)
+ *r = realloc_debug_func;
+ if (f != NULL)
+ *f = free_debug_func;
+ if (so != NULL)
+ *so = set_debug_options_func;
+ if (go != NULL)
+ *go = get_debug_options_func;
+}
+
+void *CRYPTO_malloc_locked(int num, const char *file, int line)
+{
+ void *ret = NULL;
+ extern unsigned char cleanse_ctr;
+
+ if (num <= 0)
+ return NULL;
+
+ allow_customize = 0;
+ if (malloc_debug_func != NULL) {
+ allow_customize_debug = 0;
+ malloc_debug_func(NULL, num, file, line, 0);
+ }
+ ret = malloc_locked_ex_func(num, file, line);
+#ifdef LEVITTE_DEBUG_MEM
+ fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num);
+#endif
+ if (malloc_debug_func != NULL)
+ malloc_debug_func(ret, num, file, line, 1);
+
+ /*
+ * Create a dependency on the value of 'cleanse_ctr' so our memory
+ * sanitisation function can't be optimised out. NB: We only do this for
+ * >2Kb so the overhead doesn't bother us.
+ */
+ if (ret && (num > 2048))
+ ((unsigned char *)ret)[0] = cleanse_ctr;
+
+ return ret;
+}
+
+void CRYPTO_free_locked(void *str)
+{
+ if (free_debug_func != NULL)
+ free_debug_func(str, 0);
+#ifdef LEVITTE_DEBUG_MEM
+ fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str);
+#endif
+ free_locked_func(str);
+ if (free_debug_func != NULL)
+ free_debug_func(NULL, 1);
+}
+
+void *CRYPTO_malloc(int num, const char *file, int line)
+{
+ void *ret = NULL;
+ extern unsigned char cleanse_ctr;
+
+ if (num <= 0)
+ return NULL;
+
+ allow_customize = 0;
+ if (malloc_debug_func != NULL) {
+ allow_customize_debug = 0;
+ malloc_debug_func(NULL, num, file, line, 0);
+ }
+ ret = malloc_ex_func(num, file, line);
+#ifdef LEVITTE_DEBUG_MEM
+ fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num);
+#endif
+ if (malloc_debug_func != NULL)
+ malloc_debug_func(ret, num, file, line, 1);
+
+ /*
+ * Create a dependency on the value of 'cleanse_ctr' so our memory
+ * sanitisation function can't be optimised out. NB: We only do this for
+ * >2Kb so the overhead doesn't bother us.
+ */
+ if (ret && (num > 2048))
+ ((unsigned char *)ret)[0] = cleanse_ctr;
+
+ return ret;
+}
+
+void *CRYPTO_realloc(void *str, int num, const char *file, int line)
+{
+ void *ret = NULL;
+
+ if (str == NULL)
+ return CRYPTO_malloc(num, file, line);
+
+ if (num <= 0)
+ return NULL;
+
+ if (realloc_debug_func != NULL)
+ realloc_debug_func(str, NULL, num, file, line, 0);
+ ret = realloc_ex_func(str, num, file, line);
+#ifdef LEVITTE_DEBUG_MEM
+ fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str,
+ ret, num);
+#endif
+ if (realloc_debug_func != NULL)
+ realloc_debug_func(str, ret, num, file, line, 1);
+
+ return ret;
+}
+
+void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
+ int line)
+{
+ void *ret = NULL;
+
+ if (str == NULL)
+ return CRYPTO_malloc(num, file, line);
+
+ if (num <= 0)
+ return NULL;
+
+ /*
+ * We don't support shrinking the buffer. Note the memcpy that copies
+ * |old_len| bytes to the new buffer, below.
+ */
+ if (num < old_len)
+ return NULL;
+
+ if (realloc_debug_func != NULL)
+ realloc_debug_func(str, NULL, num, file, line, 0);
+ ret = malloc_ex_func(num, file, line);
+ if (ret) {
+ memcpy(ret, str, old_len);
+ OPENSSL_cleanse(str, old_len);
+ free_func(str);
+ }
+#ifdef LEVITTE_DEBUG_MEM
+ fprintf(stderr,
+ "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n",
+ str, ret, num);
+#endif
+ if (realloc_debug_func != NULL)
+ realloc_debug_func(str, ret, num, file, line, 1);
+
+ return ret;
+}
+
+void CRYPTO_free(void *str)
+{
+ if (free_debug_func != NULL)
+ free_debug_func(str, 0);
+#ifdef LEVITTE_DEBUG_MEM
+ fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str);
+#endif
+ free_func(str);
+ if (free_debug_func != NULL)
+ free_debug_func(NULL, 1);
+}
+
+void *CRYPTO_remalloc(void *a, int num, const char *file, int line)
+{
+ if (a != NULL)
+ OPENSSL_free(a);
+ a = (char *)OPENSSL_malloc(num);
+ return (a);
+}
+
+void CRYPTO_set_mem_debug_options(long bits)
+{
+ if (set_debug_options_func != NULL)
+ set_debug_options_func(bits);
+}
+
+long CRYPTO_get_mem_debug_options(void)
+{
+ if (get_debug_options_func != NULL)
+ return get_debug_options_func();
+ return 0;
+}
+
+int CRYPTO_push_info_(const char *info, const char *file, int line)
+{
+ if (push_info_func)
+ return push_info_func(info, file, line);
+ return 1;
+}
+
+int CRYPTO_pop_info(void)
+{
+ if (pop_info_func)
+ return pop_info_func();
+ return 1;
+}
+
+int CRYPTO_remove_all_info(void)
+{
+ if (remove_all_info_func)
+ return remove_all_info_func();
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/mem_clr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/mem_clr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mem_clr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,77 +0,0 @@
-/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2002.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/crypto.h>
-
-unsigned char cleanse_ctr = 0;
-
-void OPENSSL_cleanse(void *ptr, size_t len)
- {
- unsigned char *p = ptr;
- size_t loop = len, ctr = cleanse_ctr;
- while(loop--)
- {
- *(p++) = (unsigned char)ctr;
- ctr += (17 + ((size_t)p & 0xF));
- }
- p=memchr(ptr, (unsigned char)ctr, len);
- if(p)
- ctr += (63 + (size_t)p);
- cleanse_ctr = (unsigned char)ctr;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/mem_clr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/mem_clr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/mem_clr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mem_clr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,77 @@
+/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+
+unsigned char cleanse_ctr = 0;
+
+void OPENSSL_cleanse(void *ptr, size_t len)
+{
+ unsigned char *p = ptr;
+ size_t loop = len, ctr = cleanse_ctr;
+ while (loop--) {
+ *(p++) = (unsigned char)ctr;
+ ctr += (17 + ((size_t)p & 0xF));
+ }
+ p = memchr(ptr, (unsigned char)ctr, len);
+ if (p)
+ ctr += (63 + (size_t)p);
+ cleanse_ctr = (unsigned char)ctr;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/mem_dbg.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/mem_dbg.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mem_dbg.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,817 +0,0 @@
-/* crypto/mem_dbg.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/bio.h>
-#include <openssl/lhash.h>
-
-static int mh_mode=CRYPTO_MEM_CHECK_OFF;
-/* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE
- * when the application asks for it (usually after library initialisation
- * for which no book-keeping is desired).
- *
- * State CRYPTO_MEM_CHECK_ON exists only temporarily when the library
- * thinks that certain allocations should not be checked (e.g. the data
- * structures used for memory checking). It is not suitable as an initial
- * state: the library will unexpectedly enable memory checking when it
- * executes one of those sections that want to disable checking
- * temporarily.
- *
- * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever.
- */
-
-static unsigned long order = 0; /* number of memory requests */
-static LHASH *mh=NULL; /* hash-table of memory requests (address as key);
- * access requires MALLOC2 lock */
-
-
-typedef struct app_mem_info_st
-/* For application-defined information (static C-string `info')
- * to be displayed in memory leak list.
- * Each thread has its own stack. For applications, there is
- * CRYPTO_push_info("...") to push an entry,
- * CRYPTO_pop_info() to pop an entry,
- * CRYPTO_remove_all_info() to pop all entries.
- */
- {
- unsigned long thread;
- const char *file;
- int line;
- const char *info;
- struct app_mem_info_st *next; /* tail of thread's stack */
- int references;
- } APP_INFO;
-
-static void app_info_free(APP_INFO *);
-
-static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
- * that are at the top of their thread's stack
- * (with `thread' as key);
- * access requires MALLOC2 lock */
-
-typedef struct mem_st
-/* memory-block description */
- {
- void *addr;
- int num;
- const char *file;
- int line;
- unsigned long thread;
- unsigned long order;
- time_t time;
- APP_INFO *app_info;
- } MEM;
-
-static long options = /* extra information to be recorded */
-#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL)
- V_CRYPTO_MDEBUG_TIME |
-#endif
-#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL)
- V_CRYPTO_MDEBUG_THREAD |
-#endif
- 0;
-
-
-static unsigned int num_disable = 0; /* num_disable > 0
- * iff
- * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE)
- */
-static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
- * CRYPTO_LOCK_MALLOC2 is locked
- * exactly in this case (by the
- * thread named in disabling_thread).
- */
-
-static void app_info_free(APP_INFO *inf)
- {
- if (--(inf->references) <= 0)
- {
- if (inf->next != NULL)
- {
- app_info_free(inf->next);
- }
- OPENSSL_free(inf);
- }
- }
-
-int CRYPTO_mem_ctrl(int mode)
- {
- int ret=mh_mode;
-
- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
- switch (mode)
- {
- /* for applications (not to be called while multiple threads
- * use the library): */
- case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
- mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;
- num_disable = 0;
- break;
- case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
- mh_mode = 0;
- num_disable = 0; /* should be true *before* MemCheck_stop is used,
- or there'll be a lot of confusion */
- break;
-
- /* switch off temporarily (for library-internal use): */
- case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
- if (mh_mode & CRYPTO_MEM_CHECK_ON)
- {
- if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */
- {
- /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while
- * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if
- * somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot release
- * it because we block entry to this function).
- * Give them a chance, first, and then claim the locks in
- * appropriate order (long-time lock first).
- */
- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
- /* Note that after we have waited for CRYPTO_LOCK_MALLOC2
- * and CRYPTO_LOCK_MALLOC, we'll still be in the right
- * "case" and "if" branch because MemCheck_start and
- * MemCheck_stop may never be used while there are multiple
- * OpenSSL threads. */
- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
- mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
- disabling_thread=CRYPTO_thread_id();
- }
- num_disable++;
- }
- break;
- case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
- if (mh_mode & CRYPTO_MEM_CHECK_ON)
- {
- if (num_disable) /* always true, or something is going wrong */
- {
- num_disable--;
- if (num_disable == 0)
- {
- mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
- }
- }
- }
- break;
-
- default:
- break;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
- return(ret);
- }
-
-int CRYPTO_is_mem_check_on(void)
- {
- int ret = 0;
-
- if (mh_mode & CRYPTO_MEM_CHECK_ON)
- {
- CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
-
- ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
- || (disabling_thread != CRYPTO_thread_id());
-
- CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
- }
- return(ret);
- }
-
-
-void CRYPTO_dbg_set_options(long bits)
- {
- options = bits;
- }
-
-long CRYPTO_dbg_get_options(void)
- {
- return options;
- }
-
-/* static int mem_cmp(MEM *a, MEM *b) */
-static int mem_cmp(const void *a_void, const void *b_void)
- {
-#ifdef _WIN64
- const char *a=(const char *)((const MEM *)a_void)->addr,
- *b=(const char *)((const MEM *)b_void)->addr;
- if (a==b) return 0;
- else if (a>b) return 1;
- else return -1;
-#else
- return((const char *)((const MEM *)a_void)->addr
- - (const char *)((const MEM *)b_void)->addr);
-#endif
- }
-
-/* static unsigned long mem_hash(MEM *a) */
-static unsigned long mem_hash(const void *a_void)
- {
- unsigned long ret;
-
- ret=(unsigned long)((const MEM *)a_void)->addr;
-
- ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
- return(ret);
- }
-
-/* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */
-static int app_info_cmp(const void *a_void, const void *b_void)
- {
- return(((const APP_INFO *)a_void)->thread
- != ((const APP_INFO *)b_void)->thread);
- }
-
-/* static unsigned long app_info_hash(APP_INFO *a) */
-static unsigned long app_info_hash(const void *a_void)
- {
- unsigned long ret;
-
- ret=(unsigned long)((const APP_INFO *)a_void)->thread;
-
- ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
- return(ret);
- }
-
-static APP_INFO *pop_info(void)
- {
- APP_INFO tmp;
- APP_INFO *ret = NULL;
-
- if (amih != NULL)
- {
- tmp.thread=CRYPTO_thread_id();
- if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL)
- {
- APP_INFO *next=ret->next;
-
- if (next != NULL)
- {
- next->references++;
- lh_insert(amih,(char *)next);
- }
-#ifdef LEVITTE_DEBUG_MEM
- if (ret->thread != tmp.thread)
- {
- fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
- ret->thread, tmp.thread);
- abort();
- }
-#endif
- if (--(ret->references) <= 0)
- {
- ret->next = NULL;
- if (next != NULL)
- next->references--;
- OPENSSL_free(ret);
- }
- }
- }
- return(ret);
- }
-
-int CRYPTO_dbg_push_info(const char *info, const char *file, int line)
- {
- APP_INFO *ami, *amim;
- int ret=0;
-
- if (is_MemCheck_on())
- {
- MemCheck_off(); /* obtain MALLOC2 lock */
-
- if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL)
- {
- ret=0;
- goto err;
- }
- if (amih == NULL)
- {
- if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL)
- {
- OPENSSL_free(ami);
- ret=0;
- goto err;
- }
- }
-
- ami->thread=CRYPTO_thread_id();
- ami->file=file;
- ami->line=line;
- ami->info=info;
- ami->references=1;
- ami->next=NULL;
-
- if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL)
- {
-#ifdef LEVITTE_DEBUG_MEM
- if (ami->thread != amim->thread)
- {
- fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
- amim->thread, ami->thread);
- abort();
- }
-#endif
- ami->next=amim;
- }
- err:
- MemCheck_on(); /* release MALLOC2 lock */
- }
-
- return(ret);
- }
-
-int CRYPTO_dbg_pop_info(void)
- {
- int ret=0;
-
- if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */
- {
- MemCheck_off(); /* obtain MALLOC2 lock */
-
- ret=(pop_info() != NULL);
-
- MemCheck_on(); /* release MALLOC2 lock */
- }
- return(ret);
- }
-
-int CRYPTO_dbg_remove_all_info(void)
- {
- int ret=0;
-
- if (is_MemCheck_on()) /* _must_ be true */
- {
- MemCheck_off(); /* obtain MALLOC2 lock */
-
- while(pop_info() != NULL)
- ret++;
-
- MemCheck_on(); /* release MALLOC2 lock */
- }
- return(ret);
- }
-
-
-static unsigned long break_order_num=0;
-void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
- int before_p)
- {
- MEM *m,*mm;
- APP_INFO tmp,*amim;
-
- switch(before_p & 127)
- {
- case 0:
- break;
- case 1:
- if (addr == NULL)
- break;
-
- if (is_MemCheck_on())
- {
- MemCheck_off(); /* make sure we hold MALLOC2 lock */
- if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL)
- {
- OPENSSL_free(addr);
- MemCheck_on(); /* release MALLOC2 lock
- * if num_disabled drops to 0 */
- return;
- }
- if (mh == NULL)
- {
- if ((mh=lh_new(mem_hash, mem_cmp)) == NULL)
- {
- OPENSSL_free(addr);
- OPENSSL_free(m);
- addr=NULL;
- goto err;
- }
- }
-
- m->addr=addr;
- m->file=file;
- m->line=line;
- m->num=num;
- if (options & V_CRYPTO_MDEBUG_THREAD)
- m->thread=CRYPTO_thread_id();
- else
- m->thread=0;
-
- if (order == break_order_num)
- {
- /* BREAK HERE */
- m->order=order;
- }
- m->order=order++;
-#ifdef LEVITTE_DEBUG_MEM
- fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n",
- m->order,
- (before_p & 128) ? '*' : '+',
- m->addr, m->num);
-#endif
- if (options & V_CRYPTO_MDEBUG_TIME)
- m->time=time(NULL);
- else
- m->time=0;
-
- tmp.thread=CRYPTO_thread_id();
- m->app_info=NULL;
- if (amih != NULL
- && (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL)
- {
- m->app_info = amim;
- amim->references++;
- }
-
- if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
- {
- /* Not good, but don't sweat it */
- if (mm->app_info != NULL)
- {
- mm->app_info->references--;
- }
- OPENSSL_free(mm);
- }
- err:
- MemCheck_on(); /* release MALLOC2 lock
- * if num_disabled drops to 0 */
- }
- break;
- }
- return;
- }
-
-void CRYPTO_dbg_free(void *addr, int before_p)
- {
- MEM m,*mp;
-
- switch(before_p)
- {
- case 0:
- if (addr == NULL)
- break;
-
- if (is_MemCheck_on() && (mh != NULL))
- {
- MemCheck_off(); /* make sure we hold MALLOC2 lock */
-
- m.addr=addr;
- mp=(MEM *)lh_delete(mh,(char *)&m);
- if (mp != NULL)
- {
-#ifdef LEVITTE_DEBUG_MEM
- fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n",
- mp->order, mp->addr, mp->num);
-#endif
- if (mp->app_info != NULL)
- app_info_free(mp->app_info);
- OPENSSL_free(mp);
- }
-
- MemCheck_on(); /* release MALLOC2 lock
- * if num_disabled drops to 0 */
- }
- break;
- case 1:
- break;
- }
- }
-
-void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
- const char *file, int line, int before_p)
- {
- MEM m,*mp;
-
-#ifdef LEVITTE_DEBUG_MEM
- fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",
- addr1, addr2, num, file, line, before_p);
-#endif
-
- switch(before_p)
- {
- case 0:
- break;
- case 1:
- if (addr2 == NULL)
- break;
-
- if (addr1 == NULL)
- {
- CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p);
- break;
- }
-
- if (is_MemCheck_on())
- {
- MemCheck_off(); /* make sure we hold MALLOC2 lock */
-
- m.addr=addr1;
- mp=(MEM *)lh_delete(mh,(char *)&m);
- if (mp != NULL)
- {
-#ifdef LEVITTE_DEBUG_MEM
- fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",
- mp->order,
- mp->addr, mp->num,
- addr2, num);
-#endif
- mp->addr=addr2;
- mp->num=num;
- lh_insert(mh,(char *)mp);
- }
-
- MemCheck_on(); /* release MALLOC2 lock
- * if num_disabled drops to 0 */
- }
- break;
- }
- return;
- }
-
-
-typedef struct mem_leak_st
- {
- BIO *bio;
- int chunks;
- long bytes;
- } MEM_LEAK;
-
-static void print_leak(const MEM *m, MEM_LEAK *l)
- {
- char buf[1024];
- char *bufp = buf;
- APP_INFO *amip;
- int ami_cnt;
- struct tm *lcl = NULL;
- unsigned long ti;
-
-#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
-
- if(m->addr == (char *)l->bio)
- return;
-
- if (options & V_CRYPTO_MDEBUG_TIME)
- {
- lcl = localtime(&m->time);
-
- BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
- lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
- bufp += strlen(bufp);
- }
-
- BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
- m->order,m->file,m->line);
- bufp += strlen(bufp);
-
- if (options & V_CRYPTO_MDEBUG_THREAD)
- {
- BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
- bufp += strlen(bufp);
- }
-
- BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
- m->num,(unsigned long)m->addr);
- bufp += strlen(bufp);
-
- BIO_puts(l->bio,buf);
-
- l->chunks++;
- l->bytes+=m->num;
-
- amip=m->app_info;
- ami_cnt=0;
- if (!amip)
- return;
- ti=amip->thread;
-
- do
- {
- int buf_len;
- int info_len;
-
- ami_cnt++;
- memset(buf,'>',ami_cnt);
- BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
- " thread=%lu, file=%s, line=%d, info=\"",
- amip->thread, amip->file, amip->line);
- buf_len=strlen(buf);
- info_len=strlen(amip->info);
- if (128 - buf_len - 3 < info_len)
- {
- memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
- buf_len = 128 - 3;
- }
- else
- {
- BUF_strlcpy(buf + buf_len, amip->info,
- sizeof buf - buf_len);
- buf_len = strlen(buf);
- }
- BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
-
- BIO_puts(l->bio,buf);
-
- amip = amip->next;
- }
- while(amip && amip->thread == ti);
-
-#ifdef LEVITTE_DEBUG_MEM
- if (amip)
- {
- fprintf(stderr, "Thread switch detected in backtrace!!!!\n");
- abort();
- }
-#endif
- }
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *)
-
-void CRYPTO_mem_leaks(BIO *b)
- {
- MEM_LEAK ml;
-
- if (mh == NULL && amih == NULL)
- return;
-
- MemCheck_off(); /* obtain MALLOC2 lock */
-
- ml.bio=b;
- ml.bytes=0;
- ml.chunks=0;
- if (mh != NULL)
- lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak),
- (char *)&ml);
- if (ml.chunks != 0)
- {
- BIO_printf(b,"%ld bytes leaked in %d chunks\n",
- ml.bytes,ml.chunks);
- }
- else
- {
- /* Make sure that, if we found no leaks, memory-leak debugging itself
- * does not introduce memory leaks (which might irritate
- * external debugging tools).
- * (When someone enables leak checking, but does not call
- * this function, we declare it to be their fault.)
- *
- * XXX This should be in CRYPTO_mem_leaks_cb,
- * and CRYPTO_mem_leaks should be implemented by
- * using CRYPTO_mem_leaks_cb.
- * (Also their should be a variant of lh_doall_arg
- * that takes a function pointer instead of a void *;
- * this would obviate the ugly and illegal
- * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
- * Otherwise the code police will come and get us.)
- */
- int old_mh_mode;
-
- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-
- /* avoid deadlock when lh_free() uses CRYPTO_dbg_free(),
- * which uses CRYPTO_is_mem_check_on */
- old_mh_mode = mh_mode;
- mh_mode = CRYPTO_MEM_CHECK_OFF;
-
- if (mh != NULL)
- {
- lh_free(mh);
- mh = NULL;
- }
- if (amih != NULL)
- {
- if (lh_num_items(amih) == 0)
- {
- lh_free(amih);
- amih = NULL;
- }
- }
-
- mh_mode = old_mh_mode;
- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
- }
- MemCheck_on(); /* release MALLOC2 lock */
- }
-
-#ifndef OPENSSL_NO_FP_API
-void CRYPTO_mem_leaks_fp(FILE *fp)
- {
- BIO *b;
-
- if (mh == NULL) return;
- /* Need to turn off memory checking when allocated BIOs ... especially
- * as we're creating them at a time when we're trying to check we've not
- * left anything un-free()'d!! */
- MemCheck_off();
- b = BIO_new(BIO_s_file());
- MemCheck_on();
- if(!b) return;
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- CRYPTO_mem_leaks(b);
- BIO_free(b);
- }
-#endif
-
-
-
-/* FIXME: We really don't allow much to the callback. For example, it has
- no chance of reaching the info stack for the item it processes. Should
- it really be this way? -- Richard Levitte */
-/* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h
- * If this code is restructured, remove the callback type if it is no longer
- * needed. -- Geoff Thorpe */
-static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb)
- {
- (**cb)(m->order,m->file,m->line,m->num,m->addr);
- }
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **)
-
-void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)
- {
- if (mh == NULL) return;
- CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
- lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb);
- CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
- }
-
-void CRYPTO_malloc_debug_init(void)
- {
- CRYPTO_set_mem_debug_functions(
- CRYPTO_dbg_malloc,
- CRYPTO_dbg_realloc,
- CRYPTO_dbg_free,
- CRYPTO_dbg_set_options,
- CRYPTO_dbg_get_options);
- CRYPTO_set_mem_info_functions(
- CRYPTO_dbg_push_info,
- CRYPTO_dbg_pop_info,
- CRYPTO_dbg_remove_all_info);
- }
-
-char *CRYPTO_strdup(const char *str, const char *file, int line)
- {
- char *ret = CRYPTO_malloc(strlen(str)+1, file, line);
-
- strcpy(ret, str);
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/mem_dbg.c (from rev 6976, vendor-crypto/openssl/dist/crypto/mem_dbg.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/mem_dbg.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/mem_dbg.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,769 @@
+/* crypto/mem_dbg.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+
+static int mh_mode = CRYPTO_MEM_CHECK_OFF;
+/*
+ * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when
+ * the application asks for it (usually after library initialisation for
+ * which no book-keeping is desired). State CRYPTO_MEM_CHECK_ON exists only
+ * temporarily when the library thinks that certain allocations should not be
+ * checked (e.g. the data structures used for memory checking). It is not
+ * suitable as an initial state: the library will unexpectedly enable memory
+ * checking when it executes one of those sections that want to disable
+ * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes
+ * no sense whatsoever.
+ */
+
+static unsigned long order = 0; /* number of memory requests */
+static LHASH *mh = NULL; /* hash-table of memory requests (address as
+ * key); access requires MALLOC2 lock */
+
+typedef struct app_mem_info_st
+/*-
+ * For application-defined information (static C-string `info')
+ * to be displayed in memory leak list.
+ * Each thread has its own stack. For applications, there is
+ * CRYPTO_push_info("...") to push an entry,
+ * CRYPTO_pop_info() to pop an entry,
+ * CRYPTO_remove_all_info() to pop all entries.
+ */
+{
+ unsigned long thread;
+ const char *file;
+ int line;
+ const char *info;
+ struct app_mem_info_st *next; /* tail of thread's stack */
+ int references;
+} APP_INFO;
+
+static void app_info_free(APP_INFO *);
+
+static LHASH *amih = NULL; /* hash-table with those app_mem_info_st's
+ * that are at the top of their thread's
+ * stack (with `thread' as key); access
+ * requires MALLOC2 lock */
+
+typedef struct mem_st
+/* memory-block description */
+{
+ void *addr;
+ int num;
+ const char *file;
+ int line;
+ unsigned long thread;
+ unsigned long order;
+ time_t time;
+ APP_INFO *app_info;
+} MEM;
+
+static long options = /* extra information to be recorded */
+#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL)
+ V_CRYPTO_MDEBUG_TIME |
+#endif
+#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL)
+ V_CRYPTO_MDEBUG_THREAD |
+#endif
+ 0;
+
+static unsigned int num_disable = 0; /* num_disable > 0 iff mh_mode ==
+ * CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */
+static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
+ * CRYPTO_LOCK_MALLOC2 is locked
+ * exactly in this case (by the
+ * thread named in
+ * disabling_thread). */
+
+static void app_info_free(APP_INFO *inf)
+{
+ if (--(inf->references) <= 0) {
+ if (inf->next != NULL) {
+ app_info_free(inf->next);
+ }
+ OPENSSL_free(inf);
+ }
+}
+
+int CRYPTO_mem_ctrl(int mode)
+{
+ int ret = mh_mode;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+ switch (mode) {
+ /*
+ * for applications (not to be called while multiple threads use the
+ * library):
+ */
+ case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
+ mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE;
+ num_disable = 0;
+ break;
+ case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
+ mh_mode = 0;
+ num_disable = 0; /* should be true *before* MemCheck_stop is
+ * used, or there'll be a lot of confusion */
+ break;
+
+ /* switch off temporarily (for library-internal use): */
+ case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
+ if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+ /* otherwise we already have the MALLOC2 lock */
+ if (!num_disable || (disabling_thread != CRYPTO_thread_id())) {
+ /*
+ * Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed
+ * while we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock
+ * if somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot
+ * release it because we block entry to this function). Give
+ * them a chance, first, and then claim the locks in
+ * appropriate order (long-time lock first).
+ */
+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+ /*
+ * Note that after we have waited for CRYPTO_LOCK_MALLOC2 and
+ * CRYPTO_LOCK_MALLOC, we'll still be in the right "case" and
+ * "if" branch because MemCheck_start and MemCheck_stop may
+ * never be used while there are multiple OpenSSL threads.
+ */
+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+ mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
+ disabling_thread = CRYPTO_thread_id();
+ }
+ num_disable++;
+ }
+ break;
+ case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
+ if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+ if (num_disable) { /* always true, or something is going wrong */
+ num_disable--;
+ if (num_disable == 0) {
+ mh_mode |= CRYPTO_MEM_CHECK_ENABLE;
+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+ }
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+ return (ret);
+}
+
+int CRYPTO_is_mem_check_on(void)
+{
+ int ret = 0;
+
+ if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+ CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
+
+ ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
+ || (disabling_thread != CRYPTO_thread_id());
+
+ CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
+ }
+ return (ret);
+}
+
+void CRYPTO_dbg_set_options(long bits)
+{
+ options = bits;
+}
+
+long CRYPTO_dbg_get_options(void)
+{
+ return options;
+}
+
+/* static int mem_cmp(MEM *a, MEM *b) */
+static int mem_cmp(const void *a_void, const void *b_void)
+{
+#ifdef _WIN64
+ const char *a = (const char *)((const MEM *)a_void)->addr,
+ *b = (const char *)((const MEM *)b_void)->addr;
+ if (a == b)
+ return 0;
+ else if (a > b)
+ return 1;
+ else
+ return -1;
+#else
+ return ((const char *)((const MEM *)a_void)->addr
+ - (const char *)((const MEM *)b_void)->addr);
+#endif
+}
+
+/* static unsigned long mem_hash(MEM *a) */
+static unsigned long mem_hash(const void *a_void)
+{
+ unsigned long ret;
+
+ ret = (unsigned long)((const MEM *)a_void)->addr;
+
+ ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
+ return (ret);
+}
+
+/* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */
+static int app_info_cmp(const void *a_void, const void *b_void)
+{
+ return (((const APP_INFO *)a_void)->thread
+ != ((const APP_INFO *)b_void)->thread);
+}
+
+/* static unsigned long app_info_hash(APP_INFO *a) */
+static unsigned long app_info_hash(const void *a_void)
+{
+ unsigned long ret;
+
+ ret = (unsigned long)((const APP_INFO *)a_void)->thread;
+
+ ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
+ return (ret);
+}
+
+static APP_INFO *pop_info(void)
+{
+ APP_INFO tmp;
+ APP_INFO *ret = NULL;
+
+ if (amih != NULL) {
+ tmp.thread = CRYPTO_thread_id();
+ if ((ret = (APP_INFO *)lh_delete(amih, &tmp)) != NULL) {
+ APP_INFO *next = ret->next;
+
+ if (next != NULL) {
+ next->references++;
+ lh_insert(amih, (char *)next);
+ }
+#ifdef LEVITTE_DEBUG_MEM
+ if (ret->thread != tmp.thread) {
+ fprintf(stderr,
+ "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
+ ret->thread, tmp.thread);
+ abort();
+ }
+#endif
+ if (--(ret->references) <= 0) {
+ ret->next = NULL;
+ if (next != NULL)
+ next->references--;
+ OPENSSL_free(ret);
+ }
+ }
+ }
+ return (ret);
+}
+
+int CRYPTO_dbg_push_info(const char *info, const char *file, int line)
+{
+ APP_INFO *ami, *amim;
+ int ret = 0;
+
+ if (is_MemCheck_on()) {
+ MemCheck_off(); /* obtain MALLOC2 lock */
+
+ if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) {
+ ret = 0;
+ goto err;
+ }
+ if (amih == NULL) {
+ if ((amih = lh_new(app_info_hash, app_info_cmp)) == NULL) {
+ OPENSSL_free(ami);
+ ret = 0;
+ goto err;
+ }
+ }
+
+ ami->thread = CRYPTO_thread_id();
+ ami->file = file;
+ ami->line = line;
+ ami->info = info;
+ ami->references = 1;
+ ami->next = NULL;
+
+ if ((amim = (APP_INFO *)lh_insert(amih, (char *)ami)) != NULL) {
+#ifdef LEVITTE_DEBUG_MEM
+ if (ami->thread != amim->thread) {
+ fprintf(stderr,
+ "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
+ amim->thread, ami->thread);
+ abort();
+ }
+#endif
+ ami->next = amim;
+ }
+ err:
+ MemCheck_on(); /* release MALLOC2 lock */
+ }
+
+ return (ret);
+}
+
+int CRYPTO_dbg_pop_info(void)
+{
+ int ret = 0;
+
+ if (is_MemCheck_on()) { /* _must_ be true, or something went severely
+ * wrong */
+ MemCheck_off(); /* obtain MALLOC2 lock */
+
+ ret = (pop_info() != NULL);
+
+ MemCheck_on(); /* release MALLOC2 lock */
+ }
+ return (ret);
+}
+
+int CRYPTO_dbg_remove_all_info(void)
+{
+ int ret = 0;
+
+ if (is_MemCheck_on()) { /* _must_ be true */
+ MemCheck_off(); /* obtain MALLOC2 lock */
+
+ while (pop_info() != NULL)
+ ret++;
+
+ MemCheck_on(); /* release MALLOC2 lock */
+ }
+ return (ret);
+}
+
+static unsigned long break_order_num = 0;
+void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
+ int before_p)
+{
+ MEM *m, *mm;
+ APP_INFO tmp, *amim;
+
+ switch (before_p & 127) {
+ case 0:
+ break;
+ case 1:
+ if (addr == NULL)
+ break;
+
+ if (is_MemCheck_on()) {
+ MemCheck_off(); /* make sure we hold MALLOC2 lock */
+ if ((m = (MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) {
+ OPENSSL_free(addr);
+ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops
+ * to 0 */
+ return;
+ }
+ if (mh == NULL) {
+ if ((mh = lh_new(mem_hash, mem_cmp)) == NULL) {
+ OPENSSL_free(addr);
+ OPENSSL_free(m);
+ addr = NULL;
+ goto err;
+ }
+ }
+
+ m->addr = addr;
+ m->file = file;
+ m->line = line;
+ m->num = num;
+ if (options & V_CRYPTO_MDEBUG_THREAD)
+ m->thread = CRYPTO_thread_id();
+ else
+ m->thread = 0;
+
+ if (order == break_order_num) {
+ /* BREAK HERE */
+ m->order = order;
+ }
+ m->order = order++;
+#ifdef LEVITTE_DEBUG_MEM
+ fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n",
+ m->order, (before_p & 128) ? '*' : '+', m->addr, m->num);
+#endif
+ if (options & V_CRYPTO_MDEBUG_TIME)
+ m->time = time(NULL);
+ else
+ m->time = 0;
+
+ tmp.thread = CRYPTO_thread_id();
+ m->app_info = NULL;
+ if (amih != NULL
+ && (amim =
+ (APP_INFO *)lh_retrieve(amih, (char *)&tmp)) != NULL) {
+ m->app_info = amim;
+ amim->references++;
+ }
+
+ if ((mm = (MEM *)lh_insert(mh, (char *)m)) != NULL) {
+ /* Not good, but don't sweat it */
+ if (mm->app_info != NULL) {
+ mm->app_info->references--;
+ }
+ OPENSSL_free(mm);
+ }
+ err:
+ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops
+ * to 0 */
+ }
+ break;
+ }
+ return;
+}
+
+void CRYPTO_dbg_free(void *addr, int before_p)
+{
+ MEM m, *mp;
+
+ switch (before_p) {
+ case 0:
+ if (addr == NULL)
+ break;
+
+ if (is_MemCheck_on() && (mh != NULL)) {
+ MemCheck_off(); /* make sure we hold MALLOC2 lock */
+
+ m.addr = addr;
+ mp = (MEM *)lh_delete(mh, (char *)&m);
+ if (mp != NULL) {
+#ifdef LEVITTE_DEBUG_MEM
+ fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n",
+ mp->order, mp->addr, mp->num);
+#endif
+ if (mp->app_info != NULL)
+ app_info_free(mp->app_info);
+ OPENSSL_free(mp);
+ }
+
+ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops
+ * to 0 */
+ }
+ break;
+ case 1:
+ break;
+ }
+}
+
+void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
+ const char *file, int line, int before_p)
+{
+ MEM m, *mp;
+
+#ifdef LEVITTE_DEBUG_MEM
+ fprintf(stderr,
+ "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",
+ addr1, addr2, num, file, line, before_p);
+#endif
+
+ switch (before_p) {
+ case 0:
+ break;
+ case 1:
+ if (addr2 == NULL)
+ break;
+
+ if (addr1 == NULL) {
+ CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p);
+ break;
+ }
+
+ if (is_MemCheck_on()) {
+ MemCheck_off(); /* make sure we hold MALLOC2 lock */
+
+ m.addr = addr1;
+ mp = (MEM *)lh_delete(mh, (char *)&m);
+ if (mp != NULL) {
+#ifdef LEVITTE_DEBUG_MEM
+ fprintf(stderr,
+ "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",
+ mp->order, mp->addr, mp->num, addr2, num);
+#endif
+ mp->addr = addr2;
+ mp->num = num;
+ lh_insert(mh, (char *)mp);
+ }
+
+ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops
+ * to 0 */
+ }
+ break;
+ }
+ return;
+}
+
+typedef struct mem_leak_st {
+ BIO *bio;
+ int chunks;
+ long bytes;
+} MEM_LEAK;
+
+static void print_leak(const MEM *m, MEM_LEAK *l)
+{
+ char buf[1024];
+ char *bufp = buf;
+ APP_INFO *amip;
+ int ami_cnt;
+ struct tm *lcl = NULL;
+ unsigned long ti;
+
+#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
+
+ if (m->addr == (char *)l->bio)
+ return;
+
+ if (options & V_CRYPTO_MDEBUG_TIME) {
+ lcl = localtime(&m->time);
+
+ BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
+ lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
+ bufp += strlen(bufp);
+ }
+
+ BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
+ m->order, m->file, m->line);
+ bufp += strlen(bufp);
+
+ if (options & V_CRYPTO_MDEBUG_THREAD) {
+ BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
+ bufp += strlen(bufp);
+ }
+
+ BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
+ m->num, (unsigned long)m->addr);
+ bufp += strlen(bufp);
+
+ BIO_puts(l->bio, buf);
+
+ l->chunks++;
+ l->bytes += m->num;
+
+ amip = m->app_info;
+ ami_cnt = 0;
+ if (!amip)
+ return;
+ ti = amip->thread;
+
+ do {
+ int buf_len;
+ int info_len;
+
+ ami_cnt++;
+ memset(buf, '>', ami_cnt);
+ BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
+ " thread=%lu, file=%s, line=%d, info=\"",
+ amip->thread, amip->file, amip->line);
+ buf_len = strlen(buf);
+ info_len = strlen(amip->info);
+ if (128 - buf_len - 3 < info_len) {
+ memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
+ buf_len = 128 - 3;
+ } else {
+ BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len);
+ buf_len = strlen(buf);
+ }
+ BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
+
+ BIO_puts(l->bio, buf);
+
+ amip = amip->next;
+ }
+ while (amip && amip->thread == ti);
+
+#ifdef LEVITTE_DEBUG_MEM
+ if (amip) {
+ fprintf(stderr, "Thread switch detected in backtrace!!!!\n");
+ abort();
+ }
+#endif
+}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *)
+
+void CRYPTO_mem_leaks(BIO *b)
+{
+ MEM_LEAK ml;
+
+ if (mh == NULL && amih == NULL)
+ return;
+
+ MemCheck_off(); /* obtain MALLOC2 lock */
+
+ ml.bio = b;
+ ml.bytes = 0;
+ ml.chunks = 0;
+ if (mh != NULL)
+ lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), (char *)&ml);
+ if (ml.chunks != 0) {
+ BIO_printf(b, "%ld bytes leaked in %d chunks\n", ml.bytes, ml.chunks);
+ } else {
+ /*
+ * Make sure that, if we found no leaks, memory-leak debugging itself
+ * does not introduce memory leaks (which might irritate external
+ * debugging tools). (When someone enables leak checking, but does not
+ * call this function, we declare it to be their fault.) XXX This
+ * should be in CRYPTO_mem_leaks_cb, and CRYPTO_mem_leaks should be
+ * implemented by using CRYPTO_mem_leaks_cb. (Also their should be a
+ * variant of lh_doall_arg that takes a function pointer instead of a
+ * void *; this would obviate the ugly and illegal void_fn_to_char
+ * kludge in CRYPTO_mem_leaks_cb. Otherwise the code police will come
+ * and get us.)
+ */
+ int old_mh_mode;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+
+ /*
+ * avoid deadlock when lh_free() uses CRYPTO_dbg_free(), which uses
+ * CRYPTO_is_mem_check_on
+ */
+ old_mh_mode = mh_mode;
+ mh_mode = CRYPTO_MEM_CHECK_OFF;
+
+ if (mh != NULL) {
+ lh_free(mh);
+ mh = NULL;
+ }
+ if (amih != NULL) {
+ if (lh_num_items(amih) == 0) {
+ lh_free(amih);
+ amih = NULL;
+ }
+ }
+
+ mh_mode = old_mh_mode;
+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+ }
+ MemCheck_on(); /* release MALLOC2 lock */
+}
+
+#ifndef OPENSSL_NO_FP_API
+void CRYPTO_mem_leaks_fp(FILE *fp)
+{
+ BIO *b;
+
+ if (mh == NULL)
+ return;
+ /*
+ * Need to turn off memory checking when allocated BIOs ... especially as
+ * we're creating them at a time when we're trying to check we've not
+ * left anything un-free()'d!!
+ */
+ MemCheck_off();
+ b = BIO_new(BIO_s_file());
+ MemCheck_on();
+ if (!b)
+ return;
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ CRYPTO_mem_leaks(b);
+ BIO_free(b);
+}
+#endif
+
+/*
+ * FIXME: We really don't allow much to the callback. For example, it has no
+ * chance of reaching the info stack for the item it processes. Should it
+ * really be this way? -- Richard Levitte
+ */
+/*
+ * NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside
+ * crypto.h If this code is restructured, remove the callback type if it is
+ * no longer needed. -- Geoff Thorpe
+ */
+static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb)
+{
+ (**cb) (m->order, m->file, m->line, m->num, m->addr);
+}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *,
+ CRYPTO_MEM_LEAK_CB **)
+
+void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)
+{
+ if (mh == NULL)
+ return;
+ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
+ lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb);
+ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+}
+
+void CRYPTO_malloc_debug_init(void)
+{
+ CRYPTO_set_mem_debug_functions(CRYPTO_dbg_malloc,
+ CRYPTO_dbg_realloc,
+ CRYPTO_dbg_free,
+ CRYPTO_dbg_set_options,
+ CRYPTO_dbg_get_options);
+ CRYPTO_set_mem_info_functions(CRYPTO_dbg_push_info,
+ CRYPTO_dbg_pop_info,
+ CRYPTO_dbg_remove_all_info);
+}
+
+char *CRYPTO_strdup(const char *str, const char *file, int line)
+{
+ char *ret = CRYPTO_malloc(strlen(str) + 1, file, line);
+
+ strcpy(ret, str);
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/o_dir.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_dir.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_dir.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,83 +0,0 @@
-/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <errno.h>
-#include <e_os.h>
-
-/* The routines really come from the Levitte Programming, so to make
- life simple, let's just use the raw files and hack the symbols to
- fit our namespace. */
-#define LP_DIR_CTX OPENSSL_DIR_CTX
-#define LP_dir_context_st OPENSSL_dir_context_st
-#define LP_find_file OPENSSL_DIR_read
-#define LP_find_file_end OPENSSL_DIR_end
-
-#include "o_dir.h"
-
-#define LPDIR_H
-#if defined OPENSSL_SYS_UNIX || defined DJGPP
-#include "LPdir_unix.c"
-#elif defined OPENSSL_SYS_VMS
-#include "LPdir_vms.c"
-#elif defined OPENSSL_SYS_WIN32
-#include "LPdir_win32.c"
-#elif defined OPENSSL_SYS_WINCE
-#include "LPdir_wince.c"
-#else
-#include "LPdir_nyi.c"
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/o_dir.c (from rev 6976, vendor-crypto/openssl/dist/crypto/o_dir.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/o_dir.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_dir.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,86 @@
+/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <errno.h>
+#include <e_os.h>
+
+/*
+ * The routines really come from the Levitte Programming, so to make life
+ * simple, let's just use the raw files and hack the symbols to fit our
+ * namespace.
+ */
+#define LP_DIR_CTX OPENSSL_DIR_CTX
+#define LP_dir_context_st OPENSSL_dir_context_st
+#define LP_find_file OPENSSL_DIR_read
+#define LP_find_file_end OPENSSL_DIR_end
+
+#include "o_dir.h"
+
+#define LPDIR_H
+#if defined OPENSSL_SYS_UNIX || defined DJGPP
+# include "LPdir_unix.c"
+#elif defined OPENSSL_SYS_VMS
+# include "LPdir_vms.c"
+#elif defined OPENSSL_SYS_WIN32
+# include "LPdir_win32.c"
+#elif defined OPENSSL_SYS_WINCE
+# include "LPdir_wince.c"
+#else
+# include "LPdir_nyi.c"
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/o_dir.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_dir.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_dir.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,53 +0,0 @@
-/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
-/* Copied from Richard Levitte's (richard at levitte.org) LP library. All
- * symbol names have been changed, with permission from the author.
- */
-
-/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-#ifndef O_DIR_H
-#define O_DIR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
- typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
-
- /* returns NULL on error or end-of-directory.
- If it is end-of-directory, errno will be zero */
- const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
- /* returns 1 on success, 0 on error */
- int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* LPDIR_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/o_dir.h (from rev 6976, vendor-crypto/openssl/dist/crypto/o_dir.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/o_dir.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_dir.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,55 @@
+/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Copied from Richard Levitte's (richard at levitte.org) LP library. All
+ * symbol names have been changed, with permission from the author.
+ */
+
+/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef O_DIR_H
+# define O_DIR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
+
+ /*
+ * returns NULL on error or end-of-directory. If it is end-of-directory,
+ * errno will be zero
+ */
+const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
+ /* returns 1 on success, 0 on error */
+int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LPDIR_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/o_dir_test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_dir_test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_dir_test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,70 +0,0 @@
-/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
-/* Copied from Richard Levitte's (richard at levitte.org) LP library. All
- * symbol names have been changed, with permission from the author.
- */
-
-/* $LP: LPlib/test/test_dir.c,v 1.1 2004/06/16 22:59:47 _cvs_levitte Exp $ */
-/*
- * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stddef.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <errno.h>
-#include "e_os2.h"
-#include "o_dir.h"
-
-#if defined OPENSSL_SYS_UNIX || defined OPENSSL_SYS_WIN32 || defined OPENSSL_SYS_WINCE
-#define CURRDIR "."
-#elif defined OPENSSL_SYS_VMS
-#define CURRDIR "SYS$DISK:[]"
-#else
-#error "No supported platform defined!"
-#endif
-
-int main()
-{
- OPENSSL_DIR_CTX *ctx = NULL;
- const char *result;
-
- while((result = OPENSSL_DIR_read(&ctx, CURRDIR)) != NULL)
- {
- printf("%s\n", result);
- }
-
- if (errno)
- {
- perror("test_dir");
- exit(1);
- }
-
- if (!OPENSSL_DIR_end(&ctx))
- {
- perror("test_dir");
- exit(2);
- }
- exit(0);
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/o_dir_test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/o_dir_test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/o_dir_test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_dir_test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,68 @@
+/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Copied from Richard Levitte's (richard at levitte.org) LP library. All
+ * symbol names have been changed, with permission from the author.
+ */
+
+/* $LP: LPlib/test/test_dir.c,v 1.1 2004/06/16 22:59:47 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard at levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include "e_os2.h"
+#include "o_dir.h"
+
+#if defined OPENSSL_SYS_UNIX || defined OPENSSL_SYS_WIN32 || defined OPENSSL_SYS_WINCE
+# define CURRDIR "."
+#elif defined OPENSSL_SYS_VMS
+# define CURRDIR "SYS$DISK:[]"
+#else
+# error "No supported platform defined!"
+#endif
+
+int main()
+{
+ OPENSSL_DIR_CTX *ctx = NULL;
+ const char *result;
+
+ while ((result = OPENSSL_DIR_read(&ctx, CURRDIR)) != NULL) {
+ printf("%s\n", result);
+ }
+
+ if (errno) {
+ perror("test_dir");
+ exit(1);
+ }
+
+ if (!OPENSSL_DIR_end(&ctx)) {
+ perror("test_dir");
+ exit(2);
+ }
+ exit(0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/o_init.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_init.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_init.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,110 +0,0 @@
-/* o_init.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <e_os.h>
-#include <openssl/err.h>
-
-/* Internal only functions: only ever used here */
-#ifdef OPENSSL_FIPS
-extern void int_ERR_lib_init(void);
-# ifndef OPENSSL_NO_ENGINE
-extern void int_EVP_MD_init_engine_callbacks(void );
-extern void int_EVP_CIPHER_init_engine_callbacks(void );
-extern void int_RAND_init_engine_callbacks(void );
-# endif
-#endif
-
-/* Perform any essential OpenSSL initialization operations.
- * Currently only sets FIPS callbacks
- */
-
-void OPENSSL_init(void)
- {
-#ifdef OPENSSL_FIPS
- static int done = 0;
- if (!done)
- {
- int_ERR_lib_init();
-#ifdef CRYPTO_MDEBUG
- CRYPTO_malloc_debug_init();
-#endif
-#ifndef OPENSSL_NO_ENGINE
- int_EVP_MD_init_engine_callbacks();
- int_EVP_CIPHER_init_engine_callbacks();
- int_RAND_init_engine_callbacks();
-#endif
- done = 1;
- }
-#endif
- }
-
-#ifdef OPENSSL_FIPS
-
-int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
- {
- size_t i;
- const unsigned char *a = in_a;
- const unsigned char *b = in_b;
- unsigned char x = 0;
-
- for (i = 0; i < len; i++)
- x |= a[i] ^ b[i];
-
- return x;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/o_init.c (from rev 6976, vendor-crypto/openssl/dist/crypto/o_init.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/o_init.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_init.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,111 @@
+/* o_init.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <e_os.h>
+#include <openssl/err.h>
+
+/* Internal only functions: only ever used here */
+#ifdef OPENSSL_FIPS
+extern void int_ERR_lib_init(void);
+# ifndef OPENSSL_NO_ENGINE
+extern void int_EVP_MD_init_engine_callbacks(void);
+extern void int_EVP_CIPHER_init_engine_callbacks(void);
+extern void int_RAND_init_engine_callbacks(void);
+# endif
+#endif
+
+/*
+ * Perform any essential OpenSSL initialization operations. Currently only
+ * sets FIPS callbacks
+ */
+
+void OPENSSL_init(void)
+{
+#ifdef OPENSSL_FIPS
+ static int done = 0;
+ if (!done) {
+ int_ERR_lib_init();
+# ifdef CRYPTO_MDEBUG
+ CRYPTO_malloc_debug_init();
+# endif
+# ifndef OPENSSL_NO_ENGINE
+ int_EVP_MD_init_engine_callbacks();
+ int_EVP_CIPHER_init_engine_callbacks();
+ int_RAND_init_engine_callbacks();
+# endif
+ done = 1;
+ }
+#endif
+}
+
+#ifdef OPENSSL_FIPS
+
+int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
+{
+ size_t i;
+ const unsigned char *a = in_a;
+ const unsigned char *b = in_b;
+ unsigned char x = 0;
+
+ for (i = 0; i < len; i++)
+ x |= a[i] ^ b[i];
+
+ return x;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/o_str.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_str.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_str.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,111 +0,0 @@
-/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <ctype.h>
-#include <e_os.h>
-#include "o_str.h"
-
-#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \
- !defined(OPENSSL_SYSNAME_WIN32) && \
- !defined(NETWARE_CLIB)
-# include <strings.h>
-#endif
-
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
- {
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
- while (*str1 && *str2 && n)
- {
- int res = toupper(*str1) - toupper(*str2);
- if (res) return res < 0 ? -1 : 1;
- str1++;
- str2++;
- n--;
- }
- if (n == 0)
- return 0;
- if (*str1)
- return 1;
- if (*str2)
- return -1;
- return 0;
-#else
- /* Recursion hazard warning! Whenever strncasecmp is #defined as
- * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be
- * defined as well. */
- return strncasecmp(str1, str2, n);
-#endif
- }
-int OPENSSL_strcasecmp(const char *str1, const char *str2)
- {
-#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
- return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
-#else
- return strcasecmp(str1, str2);
-#endif
- }
-
-int OPENSSL_memcmp(const void *v1,const void *v2,size_t n)
- {
- const unsigned char *c1=v1,*c2=v2;
- int ret=0;
-
- while(n && (ret=*c1-*c2)==0) n--,c1++,c2++;
-
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/o_str.c (from rev 6976, vendor-crypto/openssl/dist/crypto/o_str.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/o_str.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_str.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,116 @@
+/* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <ctype.h>
+#include <e_os.h>
+#include "o_str.h"
+
+#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \
+ !defined(OPENSSL_SYSNAME_WIN32) && \
+ !defined(NETWARE_CLIB)
+# include <strings.h>
+#endif
+
+int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
+{
+#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
+ while (*str1 && *str2 && n) {
+ int res = toupper(*str1) - toupper(*str2);
+ if (res)
+ return res < 0 ? -1 : 1;
+ str1++;
+ str2++;
+ n--;
+ }
+ if (n == 0)
+ return 0;
+ if (*str1)
+ return 1;
+ if (*str2)
+ return -1;
+ return 0;
+#else
+ /*
+ * Recursion hazard warning! Whenever strncasecmp is #defined as
+ * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be defined as
+ * well.
+ */
+ return strncasecmp(str1, str2, n);
+#endif
+}
+
+int OPENSSL_strcasecmp(const char *str1, const char *str2)
+{
+#if defined(OPENSSL_IMPLEMENTS_strncasecmp)
+ return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
+#else
+ return strcasecmp(str1, str2);
+#endif
+}
+
+int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
+{
+ const unsigned char *c1 = v1, *c2 = v2;
+ int ret = 0;
+
+ while (n && (ret = *c1 - *c2) == 0)
+ n--, c1++, c2++;
+
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/o_str.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_str.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_str.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,68 +0,0 @@
-/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_O_STR_H
-#define HEADER_O_STR_H
-
-#include <stddef.h> /* to get size_t */
-
-int OPENSSL_strcasecmp(const char *str1, const char *str2);
-int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
-int OPENSSL_memcmp(const void *p1,const void *p2,size_t n);
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/o_str.h (from rev 6976, vendor-crypto/openssl/dist/crypto/o_str.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/o_str.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_str.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,69 @@
+/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_O_STR_H
+# define HEADER_O_STR_H
+
+# include <stddef.h> /* to get size_t */
+
+int OPENSSL_strcasecmp(const char *str1, const char *str2);
+int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
+int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/o_time.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_time.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_time.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,217 +0,0 @@
-/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/e_os2.h>
-#include <string.h>
-#include "o_time.h"
-
-#ifdef OPENSSL_SYS_VMS
-# include <libdtdef.h>
-# include <lib$routines.h>
-# include <lnmdef.h>
-# include <starlet.h>
-# include <descrip.h>
-# include <stdlib.h>
-#endif
-
-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
- {
- struct tm *ts = NULL;
-
-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
- /* should return &data, but doesn't on some systems,
- so we don't even look at the return value */
- gmtime_r(timer,result);
- ts = result;
-#elif !defined(OPENSSL_SYS_VMS)
- ts = gmtime(timer);
- if (ts == NULL)
- return NULL;
-
- memcpy(result, ts, sizeof(struct tm));
- ts = result;
-#endif
-#ifdef OPENSSL_SYS_VMS
- if (ts == NULL)
- {
- static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
- static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
- char logvalue[256];
- unsigned int reslen = 0;
- struct {
- short buflen;
- short code;
- void *bufaddr;
- unsigned int *reslen;
- } itemlist[] = {
- { 0, LNM$_STRING, 0, 0 },
- { 0, 0, 0, 0 },
- };
- int status;
- time_t t;
-
- /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
- itemlist[0].buflen = sizeof(logvalue);
- itemlist[0].bufaddr = logvalue;
- itemlist[0].reslen = &reslen;
- status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
- if (!(status & 1))
- return NULL;
- logvalue[reslen] = '\0';
-
- t = *timer;
-
-/* The following is extracted from the DEC C header time.h */
-/*
-** Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime
-** have two implementations. One implementation is provided
-** for compatibility and deals with time in terms of local time,
-** the other __utc_* deals with time in terms of UTC.
-*/
-/* We use the same conditions as in said time.h to check if we should
- assume that t contains local time (and should therefore be adjusted)
- or UTC (and should therefore be left untouched). */
-#if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE
- /* Get the numerical value of the equivalence string */
- status = atoi(logvalue);
-
- /* and use it to move time to GMT */
- t -= status;
-#endif
-
- /* then convert the result to the time structure */
-
- /* Since there was no gmtime_r() to do this stuff for us,
- we have to do it the hard way. */
- {
- /* The VMS epoch is the astronomical Smithsonian date,
- if I remember correctly, which is November 17, 1858.
- Furthermore, time is measure in thenths of microseconds
- and stored in quadwords (64 bit integers). unix_epoch
- below is January 1st 1970 expressed as a VMS time. The
- following code was used to get this number:
-
- #include <stdio.h>
- #include <stdlib.h>
- #include <lib$routines.h>
- #include <starlet.h>
-
- main()
- {
- unsigned long systime[2];
- unsigned short epoch_values[7] =
- { 1970, 1, 1, 0, 0, 0, 0 };
-
- lib$cvt_vectim(epoch_values, systime);
-
- printf("%u %u", systime[0], systime[1]);
- }
- */
- unsigned long unix_epoch[2] = { 1273708544, 8164711 };
- unsigned long deltatime[2];
- unsigned long systime[2];
- struct vms_vectime
- {
- short year, month, day, hour, minute, second,
- centi_second;
- } time_values;
- long operation;
-
- /* Turn the number of seconds since January 1st 1970 to
- an internal delta time.
- Note that lib$cvt_to_internal_time() will assume
- that t is signed, and will therefore break on 32-bit
- systems some time in 2038.
- */
- operation = LIB$K_DELTA_SECONDS;
- status = lib$cvt_to_internal_time(&operation,
- &t, deltatime);
-
- /* Add the delta time with the Unix epoch and we have
- the current UTC time in internal format */
- status = lib$add_times(unix_epoch, deltatime, systime);
-
- /* Turn the internal time into a time vector */
- status = sys$numtim(&time_values, systime);
-
- /* Fill in the struct tm with the result */
- result->tm_sec = time_values.second;
- result->tm_min = time_values.minute;
- result->tm_hour = time_values.hour;
- result->tm_mday = time_values.day;
- result->tm_mon = time_values.month - 1;
- result->tm_year = time_values.year - 1900;
-
- operation = LIB$K_DAY_OF_WEEK;
- status = lib$cvt_from_internal_time(&operation,
- &result->tm_wday, systime);
- result->tm_wday %= 7;
-
- operation = LIB$K_DAY_OF_YEAR;
- status = lib$cvt_from_internal_time(&operation,
- &result->tm_yday, systime);
- result->tm_yday--;
-
- result->tm_isdst = 0; /* There's no way to know... */
-
- ts = result;
- }
- }
-#endif
- return ts;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/o_time.c (from rev 6976, vendor-crypto/openssl/dist/crypto/o_time.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/o_time.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_time.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,227 @@
+/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/e_os2.h>
+#include <string.h>
+#include "o_time.h"
+
+#ifdef OPENSSL_SYS_VMS
+# include <libdtdef.h>
+# include <lib$routines.h>
+# include <lnmdef.h>
+# include <starlet.h>
+# include <descrip.h>
+# include <stdlib.h>
+#endif
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
+{
+ struct tm *ts = NULL;
+
+#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
+ /*
+ * should return &data, but doesn't on some systems, so we don't even
+ * look at the return value
+ */
+ gmtime_r(timer, result);
+ ts = result;
+#elif !defined(OPENSSL_SYS_VMS)
+ ts = gmtime(timer);
+ if (ts == NULL)
+ return NULL;
+
+ memcpy(result, ts, sizeof(struct tm));
+ ts = result;
+#endif
+#ifdef OPENSSL_SYS_VMS
+ if (ts == NULL) {
+ static $DESCRIPTOR(tabnam, "LNM$DCL_LOGICAL");
+ static $DESCRIPTOR(lognam, "SYS$TIMEZONE_DIFFERENTIAL");
+ char logvalue[256];
+ unsigned int reslen = 0;
+ struct {
+ short buflen;
+ short code;
+ void *bufaddr;
+ unsigned int *reslen;
+ } itemlist[] = {
+ {
+ 0, LNM$_STRING, 0, 0
+ },
+ {
+ 0, 0, 0, 0
+ },
+ };
+ int status;
+ time_t t;
+
+ /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
+ itemlist[0].buflen = sizeof(logvalue);
+ itemlist[0].bufaddr = logvalue;
+ itemlist[0].reslen = &reslen;
+ status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
+ if (!(status & 1))
+ return NULL;
+ logvalue[reslen] = '\0';
+
+ t = *timer;
+
+/* The following is extracted from the DEC C header time.h */
+ /*
+ ** Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime
+ ** have two implementations. One implementation is provided
+ ** for compatibility and deals with time in terms of local time,
+ ** the other __utc_* deals with time in terms of UTC.
+ */
+ /*
+ * We use the same conditions as in said time.h to check if we should
+ * assume that t contains local time (and should therefore be
+ * adjusted) or UTC (and should therefore be left untouched).
+ */
+# if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE
+ /* Get the numerical value of the equivalence string */
+ status = atoi(logvalue);
+
+ /* and use it to move time to GMT */
+ t -= status;
+# endif
+
+ /* then convert the result to the time structure */
+
+ /*
+ * Since there was no gmtime_r() to do this stuff for us, we have to
+ * do it the hard way.
+ */
+ {
+ /*-
+ * The VMS epoch is the astronomical Smithsonian date,
+ if I remember correctly, which is November 17, 1858.
+ Furthermore, time is measure in thenths of microseconds
+ and stored in quadwords (64 bit integers). unix_epoch
+ below is January 1st 1970 expressed as a VMS time. The
+ following code was used to get this number:
+
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <lib$routines.h>
+ #include <starlet.h>
+
+ main()
+ {
+ unsigned long systime[2];
+ unsigned short epoch_values[7] =
+ { 1970, 1, 1, 0, 0, 0, 0 };
+
+ lib$cvt_vectim(epoch_values, systime);
+
+ printf("%u %u", systime[0], systime[1]);
+ }
+ */
+ unsigned long unix_epoch[2] = { 1273708544, 8164711 };
+ unsigned long deltatime[2];
+ unsigned long systime[2];
+ struct vms_vectime {
+ short year, month, day, hour, minute, second, centi_second;
+ } time_values;
+ long operation;
+
+ /*
+ * Turn the number of seconds since January 1st 1970 to an
+ * internal delta time. Note that lib$cvt_to_internal_time() will
+ * assume that t is signed, and will therefore break on 32-bit
+ * systems some time in 2038.
+ */
+ operation = LIB$K_DELTA_SECONDS;
+ status = lib$cvt_to_internal_time(&operation, &t, deltatime);
+
+ /*
+ * Add the delta time with the Unix epoch and we have the current
+ * UTC time in internal format
+ */
+ status = lib$add_times(unix_epoch, deltatime, systime);
+
+ /* Turn the internal time into a time vector */
+ status = sys$numtim(&time_values, systime);
+
+ /* Fill in the struct tm with the result */
+ result->tm_sec = time_values.second;
+ result->tm_min = time_values.minute;
+ result->tm_hour = time_values.hour;
+ result->tm_mday = time_values.day;
+ result->tm_mon = time_values.month - 1;
+ result->tm_year = time_values.year - 1900;
+
+ operation = LIB$K_DAY_OF_WEEK;
+ status = lib$cvt_from_internal_time(&operation,
+ &result->tm_wday, systime);
+ result->tm_wday %= 7;
+
+ operation = LIB$K_DAY_OF_YEAR;
+ status = lib$cvt_from_internal_time(&operation,
+ &result->tm_yday, systime);
+ result->tm_yday--;
+
+ result->tm_isdst = 0; /* There's no way to know... */
+
+ ts = result;
+ }
+ }
+#endif
+ return ts;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/o_time.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/o_time.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_time.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,66 +0,0 @@
-/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_O_TIME_H
-#define HEADER_O_TIME_H
-
-#include <time.h>
-
-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/o_time.h (from rev 6976, vendor-crypto/openssl/dist/crypto/o_time.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/o_time.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/o_time.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,67 @@
+/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_O_TIME_H
+# define HEADER_O_TIME_H
+
+# include <time.h>
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/objects/o_names.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/objects/o_names.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/o_names.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,369 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/err.h>
-#include <openssl/lhash.h>
-#include <openssl/objects.h>
-#include <openssl/safestack.h>
-#include <openssl/e_os2.h>
-
-/* Later versions of DEC C has started to add lnkage information to certain
- * functions, which makes it tricky to use them as values to regular function
- * pointers. One way is to define a macro that takes care of casting them
- * correctly.
- */
-#ifdef OPENSSL_SYS_VMS_DECC
-# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp
-#else
-# define OPENSSL_strcmp strcmp
-#endif
-
-/* I use the ex_data stuff to manage the identifiers for the obj_name_types
- * that applications may define. I only really use the free function field.
- */
-static LHASH *names_lh=NULL;
-static int names_type_num=OBJ_NAME_TYPE_NUM;
-
-typedef struct name_funcs_st
- {
- unsigned long (*hash_func)(const char *name);
- int (*cmp_func)(const char *a,const char *b);
- void (*free_func)(const char *, int, const char *);
- } NAME_FUNCS;
-
-DECLARE_STACK_OF(NAME_FUNCS)
-IMPLEMENT_STACK_OF(NAME_FUNCS)
-
-static STACK_OF(NAME_FUNCS) *name_funcs_stack;
-
-/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable
- * casting in the functions. This prevents function pointer casting without the
- * need for macro-generated wrapper functions. */
-
-/* static unsigned long obj_name_hash(OBJ_NAME *a); */
-static unsigned long obj_name_hash(const void *a_void);
-/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
-static int obj_name_cmp(const void *a_void,const void *b_void);
-
-int OBJ_NAME_init(void)
- {
- if (names_lh != NULL) return(1);
- MemCheck_off();
- names_lh=lh_new(obj_name_hash, obj_name_cmp);
- MemCheck_on();
- return(names_lh != NULL);
- }
-
-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
- int (*cmp_func)(const char *, const char *),
- void (*free_func)(const char *, int, const char *))
- {
- int ret;
- int i;
- NAME_FUNCS *name_funcs;
-
- if (name_funcs_stack == NULL)
- {
- MemCheck_off();
- name_funcs_stack=sk_NAME_FUNCS_new_null();
- MemCheck_on();
- }
- if ((name_funcs_stack == NULL))
- {
- /* ERROR */
- return(0);
- }
- ret=names_type_num;
- names_type_num++;
- for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++)
- {
- MemCheck_off();
- name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
- MemCheck_on();
- if (!name_funcs)
- {
- OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- name_funcs->hash_func = lh_strhash;
- name_funcs->cmp_func = OPENSSL_strcmp;
- name_funcs->free_func = 0; /* NULL is often declared to
- * ((void *)0), which according
- * to Compaq C is not really
- * compatible with a function
- * pointer. -- Richard Levitte*/
- MemCheck_off();
- sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
- MemCheck_on();
- }
- name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
- if (hash_func != NULL)
- name_funcs->hash_func = hash_func;
- if (cmp_func != NULL)
- name_funcs->cmp_func = cmp_func;
- if (free_func != NULL)
- name_funcs->free_func = free_func;
- return(ret);
- }
-
-/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */
-static int obj_name_cmp(const void *a_void, const void *b_void)
- {
- int ret;
- const OBJ_NAME *a = (const OBJ_NAME *)a_void;
- const OBJ_NAME *b = (const OBJ_NAME *)b_void;
-
- ret=a->type-b->type;
- if (ret == 0)
- {
- if ((name_funcs_stack != NULL)
- && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
- {
- ret=sk_NAME_FUNCS_value(name_funcs_stack,
- a->type)->cmp_func(a->name,b->name);
- }
- else
- ret=strcmp(a->name,b->name);
- }
- return(ret);
- }
-
-/* static unsigned long obj_name_hash(OBJ_NAME *a) */
-static unsigned long obj_name_hash(const void *a_void)
- {
- unsigned long ret;
- const OBJ_NAME *a = (const OBJ_NAME *)a_void;
-
- if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
- {
- ret=sk_NAME_FUNCS_value(name_funcs_stack,
- a->type)->hash_func(a->name);
- }
- else
- {
- ret=lh_strhash(a->name);
- }
- ret^=a->type;
- return(ret);
- }
-
-const char *OBJ_NAME_get(const char *name, int type)
- {
- OBJ_NAME on,*ret;
- int num=0,alias;
-
- if (name == NULL) return(NULL);
- if ((names_lh == NULL) && !OBJ_NAME_init()) return(NULL);
-
- alias=type&OBJ_NAME_ALIAS;
- type&= ~OBJ_NAME_ALIAS;
-
- on.name=name;
- on.type=type;
-
- for (;;)
- {
- ret=(OBJ_NAME *)lh_retrieve(names_lh,&on);
- if (ret == NULL) return(NULL);
- if ((ret->alias) && !alias)
- {
- if (++num > 10) return(NULL);
- on.name=ret->data;
- }
- else
- {
- return(ret->data);
- }
- }
- }
-
-int OBJ_NAME_add(const char *name, int type, const char *data)
- {
- OBJ_NAME *onp,*ret;
- int alias;
-
- if ((names_lh == NULL) && !OBJ_NAME_init()) return(0);
-
- alias=type&OBJ_NAME_ALIAS;
- type&= ~OBJ_NAME_ALIAS;
-
- onp=(OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));
- if (onp == NULL)
- {
- /* ERROR */
- return(0);
- }
-
- onp->name=name;
- onp->alias=alias;
- onp->type=type;
- onp->data=data;
-
- ret=(OBJ_NAME *)lh_insert(names_lh,onp);
- if (ret != NULL)
- {
- /* free things */
- if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))
- {
- /* XXX: I'm not sure I understand why the free
- * function should get three arguments...
- * -- Richard Levitte
- */
- sk_NAME_FUNCS_value(name_funcs_stack,
- ret->type)->free_func(ret->name,ret->type,ret->data);
- }
- OPENSSL_free(ret);
- }
- else
- {
- if (lh_error(names_lh))
- {
- /* ERROR */
- return(0);
- }
- }
- return(1);
- }
-
-int OBJ_NAME_remove(const char *name, int type)
- {
- OBJ_NAME on,*ret;
-
- if (names_lh == NULL) return(0);
-
- type&= ~OBJ_NAME_ALIAS;
- on.name=name;
- on.type=type;
- ret=(OBJ_NAME *)lh_delete(names_lh,&on);
- if (ret != NULL)
- {
- /* free things */
- if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))
- {
- /* XXX: I'm not sure I understand why the free
- * function should get three arguments...
- * -- Richard Levitte
- */
- sk_NAME_FUNCS_value(name_funcs_stack,
- ret->type)->free_func(ret->name,ret->type,ret->data);
- }
- OPENSSL_free(ret);
- return(1);
- }
- else
- return(0);
- }
-
-struct doall
- {
- int type;
- void (*fn)(const OBJ_NAME *,void *arg);
- void *arg;
- };
-
-static void do_all_fn(const OBJ_NAME *name,struct doall *d)
- {
- if(name->type == d->type)
- d->fn(name,d->arg);
- }
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *)
-
-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg)
- {
- struct doall d;
-
- d.type=type;
- d.fn=fn;
- d.arg=arg;
-
- lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d);
- }
-
-struct doall_sorted
- {
- int type;
- int n;
- const OBJ_NAME **names;
- };
-
-static void do_all_sorted_fn(const OBJ_NAME *name,void *d_)
- {
- struct doall_sorted *d=d_;
-
- if(name->type != d->type)
- return;
-
- d->names[d->n++]=name;
- }
-
-static int do_all_sorted_cmp(const void *n1_,const void *n2_)
- {
- const OBJ_NAME * const *n1=n1_;
- const OBJ_NAME * const *n2=n2_;
-
- return strcmp((*n1)->name,(*n2)->name);
- }
-
-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
- void *arg)
- {
- struct doall_sorted d;
- int n;
-
- d.type=type;
- d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names);
- d.n=0;
- OBJ_NAME_do_all(type,do_all_sorted_fn,&d);
-
- qsort((void *)d.names,d.n,sizeof *d.names,do_all_sorted_cmp);
-
- for(n=0 ; n < d.n ; ++n)
- fn(d.names[n],arg);
-
- OPENSSL_free((void *)d.names);
- }
-
-static int free_type;
-
-static void names_lh_free(OBJ_NAME *onp)
-{
- if(onp == NULL)
- return;
-
- if ((free_type < 0) || (free_type == onp->type))
- {
- OBJ_NAME_remove(onp->name,onp->type);
- }
- }
-
-static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *)
-
-static void name_funcs_free(NAME_FUNCS *ptr)
- {
- OPENSSL_free(ptr);
- }
-
-void OBJ_NAME_cleanup(int type)
- {
- unsigned long down_load;
-
- if (names_lh == NULL) return;
-
- free_type=type;
- down_load=names_lh->down_load;
- names_lh->down_load=0;
-
- lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
- if (type < 0)
- {
- lh_free(names_lh);
- sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free);
- names_lh=NULL;
- name_funcs_stack = NULL;
- }
- else
- names_lh->down_load=down_load;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/objects/o_names.c (from rev 6976, vendor-crypto/openssl/dist/crypto/objects/o_names.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/objects/o_names.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/o_names.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,359 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/safestack.h>
+#include <openssl/e_os2.h>
+
+/*
+ * Later versions of DEC C has started to add lnkage information to certain
+ * functions, which makes it tricky to use them as values to regular function
+ * pointers. One way is to define a macro that takes care of casting them
+ * correctly.
+ */
+#ifdef OPENSSL_SYS_VMS_DECC
+# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp
+#else
+# define OPENSSL_strcmp strcmp
+#endif
+
+/*
+ * I use the ex_data stuff to manage the identifiers for the obj_name_types
+ * that applications may define. I only really use the free function field.
+ */
+static LHASH *names_lh = NULL;
+static int names_type_num = OBJ_NAME_TYPE_NUM;
+
+typedef struct name_funcs_st {
+ unsigned long (*hash_func) (const char *name);
+ int (*cmp_func) (const char *a, const char *b);
+ void (*free_func) (const char *, int, const char *);
+} NAME_FUNCS;
+
+DECLARE_STACK_OF(NAME_FUNCS)
+IMPLEMENT_STACK_OF(NAME_FUNCS)
+
+static STACK_OF(NAME_FUNCS) *name_funcs_stack;
+
+/*
+ * The LHASH callbacks now use the raw "void *" prototypes and do
+ * per-variable casting in the functions. This prevents function pointer
+ * casting without the need for macro-generated wrapper functions.
+ */
+
+/* static unsigned long obj_name_hash(OBJ_NAME *a); */
+static unsigned long obj_name_hash(const void *a_void);
+/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
+static int obj_name_cmp(const void *a_void, const void *b_void);
+
+int OBJ_NAME_init(void)
+{
+ if (names_lh != NULL)
+ return (1);
+ MemCheck_off();
+ names_lh = lh_new(obj_name_hash, obj_name_cmp);
+ MemCheck_on();
+ return (names_lh != NULL);
+}
+
+int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
+ int (*cmp_func) (const char *, const char *),
+ void (*free_func) (const char *, int, const char *))
+{
+ int ret;
+ int i;
+ NAME_FUNCS *name_funcs;
+
+ if (name_funcs_stack == NULL) {
+ MemCheck_off();
+ name_funcs_stack = sk_NAME_FUNCS_new_null();
+ MemCheck_on();
+ }
+ if ((name_funcs_stack == NULL)) {
+ /* ERROR */
+ return (0);
+ }
+ ret = names_type_num;
+ names_type_num++;
+ for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
+ MemCheck_off();
+ name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
+ MemCheck_on();
+ if (!name_funcs) {
+ OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ name_funcs->hash_func = lh_strhash;
+ name_funcs->cmp_func = OPENSSL_strcmp;
+ name_funcs->free_func = 0; /* NULL is often declared to * ((void
+ * *)0), which according * to Compaq C is
+ * not really * compatible with a function
+ * * pointer. -- Richard Levitte */
+ MemCheck_off();
+ sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
+ MemCheck_on();
+ }
+ name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
+ if (hash_func != NULL)
+ name_funcs->hash_func = hash_func;
+ if (cmp_func != NULL)
+ name_funcs->cmp_func = cmp_func;
+ if (free_func != NULL)
+ name_funcs->free_func = free_func;
+ return (ret);
+}
+
+/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */
+static int obj_name_cmp(const void *a_void, const void *b_void)
+{
+ int ret;
+ const OBJ_NAME *a = (const OBJ_NAME *)a_void;
+ const OBJ_NAME *b = (const OBJ_NAME *)b_void;
+
+ ret = a->type - b->type;
+ if (ret == 0) {
+ if ((name_funcs_stack != NULL)
+ && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
+ ret = sk_NAME_FUNCS_value(name_funcs_stack,
+ a->type)->cmp_func(a->name, b->name);
+ } else
+ ret = strcmp(a->name, b->name);
+ }
+ return (ret);
+}
+
+/* static unsigned long obj_name_hash(OBJ_NAME *a) */
+static unsigned long obj_name_hash(const void *a_void)
+{
+ unsigned long ret;
+ const OBJ_NAME *a = (const OBJ_NAME *)a_void;
+
+ if ((name_funcs_stack != NULL)
+ && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
+ ret =
+ sk_NAME_FUNCS_value(name_funcs_stack,
+ a->type)->hash_func(a->name);
+ } else {
+ ret = lh_strhash(a->name);
+ }
+ ret ^= a->type;
+ return (ret);
+}
+
+const char *OBJ_NAME_get(const char *name, int type)
+{
+ OBJ_NAME on, *ret;
+ int num = 0, alias;
+
+ if (name == NULL)
+ return (NULL);
+ if ((names_lh == NULL) && !OBJ_NAME_init())
+ return (NULL);
+
+ alias = type & OBJ_NAME_ALIAS;
+ type &= ~OBJ_NAME_ALIAS;
+
+ on.name = name;
+ on.type = type;
+
+ for (;;) {
+ ret = (OBJ_NAME *)lh_retrieve(names_lh, &on);
+ if (ret == NULL)
+ return (NULL);
+ if ((ret->alias) && !alias) {
+ if (++num > 10)
+ return (NULL);
+ on.name = ret->data;
+ } else {
+ return (ret->data);
+ }
+ }
+}
+
+int OBJ_NAME_add(const char *name, int type, const char *data)
+{
+ OBJ_NAME *onp, *ret;
+ int alias;
+
+ if ((names_lh == NULL) && !OBJ_NAME_init())
+ return (0);
+
+ alias = type & OBJ_NAME_ALIAS;
+ type &= ~OBJ_NAME_ALIAS;
+
+ onp = (OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));
+ if (onp == NULL) {
+ /* ERROR */
+ return (0);
+ }
+
+ onp->name = name;
+ onp->alias = alias;
+ onp->type = type;
+ onp->data = data;
+
+ ret = (OBJ_NAME *)lh_insert(names_lh, onp);
+ if (ret != NULL) {
+ /* free things */
+ if ((name_funcs_stack != NULL)
+ && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
+ /*
+ * XXX: I'm not sure I understand why the free function should
+ * get three arguments... -- Richard Levitte
+ */
+ sk_NAME_FUNCS_value(name_funcs_stack,
+ ret->type)->free_func(ret->name, ret->type,
+ ret->data);
+ }
+ OPENSSL_free(ret);
+ } else {
+ if (lh_error(names_lh)) {
+ /* ERROR */
+ return (0);
+ }
+ }
+ return (1);
+}
+
+int OBJ_NAME_remove(const char *name, int type)
+{
+ OBJ_NAME on, *ret;
+
+ if (names_lh == NULL)
+ return (0);
+
+ type &= ~OBJ_NAME_ALIAS;
+ on.name = name;
+ on.type = type;
+ ret = (OBJ_NAME *)lh_delete(names_lh, &on);
+ if (ret != NULL) {
+ /* free things */
+ if ((name_funcs_stack != NULL)
+ && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
+ /*
+ * XXX: I'm not sure I understand why the free function should
+ * get three arguments... -- Richard Levitte
+ */
+ sk_NAME_FUNCS_value(name_funcs_stack,
+ ret->type)->free_func(ret->name, ret->type,
+ ret->data);
+ }
+ OPENSSL_free(ret);
+ return (1);
+ } else
+ return (0);
+}
+
+struct doall {
+ int type;
+ void (*fn) (const OBJ_NAME *, void *arg);
+ void *arg;
+};
+
+static void do_all_fn(const OBJ_NAME *name, struct doall *d)
+{
+ if (name->type == d->type)
+ d->fn(name, d->arg);
+}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *,
+ struct doall *)
+
+void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
+ void *arg)
+{
+ struct doall d;
+
+ d.type = type;
+ d.fn = fn;
+ d.arg = arg;
+
+ lh_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn), &d);
+}
+
+struct doall_sorted {
+ int type;
+ int n;
+ const OBJ_NAME **names;
+};
+
+static void do_all_sorted_fn(const OBJ_NAME *name, void *d_)
+{
+ struct doall_sorted *d = d_;
+
+ if (name->type != d->type)
+ return;
+
+ d->names[d->n++] = name;
+}
+
+static int do_all_sorted_cmp(const void *n1_, const void *n2_)
+{
+ const OBJ_NAME *const *n1 = n1_;
+ const OBJ_NAME *const *n2 = n2_;
+
+ return strcmp((*n1)->name, (*n2)->name);
+}
+
+void OBJ_NAME_do_all_sorted(int type,
+ void (*fn) (const OBJ_NAME *, void *arg),
+ void *arg)
+{
+ struct doall_sorted d;
+ int n;
+
+ d.type = type;
+ d.names = OPENSSL_malloc(lh_num_items(names_lh) * sizeof *d.names);
+ d.n = 0;
+ OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
+
+ qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp);
+
+ for (n = 0; n < d.n; ++n)
+ fn(d.names[n], arg);
+
+ OPENSSL_free((void *)d.names);
+}
+
+static int free_type;
+
+static void names_lh_free(OBJ_NAME *onp)
+{
+ if (onp == NULL)
+ return;
+
+ if ((free_type < 0) || (free_type == onp->type)) {
+ OBJ_NAME_remove(onp->name, onp->type);
+ }
+}
+
+static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *)
+
+static void name_funcs_free(NAME_FUNCS *ptr)
+{
+ OPENSSL_free(ptr);
+}
+
+void OBJ_NAME_cleanup(int type)
+{
+ unsigned long down_load;
+
+ if (names_lh == NULL)
+ return;
+
+ free_type = type;
+ down_load = names_lh->down_load;
+ names_lh->down_load = 0;
+
+ lh_doall(names_lh, LHASH_DOALL_FN(names_lh_free));
+ if (type < 0) {
+ lh_free(names_lh);
+ sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free);
+ names_lh = NULL;
+ name_funcs_stack = NULL;
+ } else
+ names_lh->down_load = down_load;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_dat.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/objects/obj_dat.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_dat.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,791 +0,0 @@
-/* crypto/objects/obj_dat.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <limits.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/bn.h>
-
-/* obj_dat.h is generated from objects.h by obj_dat.pl */
-#ifndef OPENSSL_NO_OBJECT
-#include "obj_dat.h"
-#else
-/* You will have to load all the objects needed manually in the application */
-#define NUM_NID 0
-#define NUM_SN 0
-#define NUM_LN 0
-#define NUM_OBJ 0
-static unsigned char lvalues[1];
-static ASN1_OBJECT nid_objs[1];
-static ASN1_OBJECT *sn_objs[1];
-static ASN1_OBJECT *ln_objs[1];
-static ASN1_OBJECT *obj_objs[1];
-#endif
-
-static int sn_cmp(const void *a, const void *b);
-static int ln_cmp(const void *a, const void *b);
-static int obj_cmp(const void *a, const void *b);
-#define ADDED_DATA 0
-#define ADDED_SNAME 1
-#define ADDED_LNAME 2
-#define ADDED_NID 3
-
-typedef struct added_obj_st
- {
- int type;
- ASN1_OBJECT *obj;
- } ADDED_OBJ;
-
-static int new_nid=NUM_NID;
-static LHASH *added=NULL;
-
-static int sn_cmp(const void *a, const void *b)
- {
- const ASN1_OBJECT * const *ap = a, * const *bp = b;
- return(strcmp((*ap)->sn,(*bp)->sn));
- }
-
-static int ln_cmp(const void *a, const void *b)
- {
- const ASN1_OBJECT * const *ap = a, * const *bp = b;
- return(strcmp((*ap)->ln,(*bp)->ln));
- }
-
-/* static unsigned long add_hash(ADDED_OBJ *ca) */
-static unsigned long add_hash(const void *ca_void)
- {
- const ASN1_OBJECT *a;
- int i;
- unsigned long ret=0;
- unsigned char *p;
- const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
-
- a=ca->obj;
- switch (ca->type)
- {
- case ADDED_DATA:
- ret=a->length<<20L;
- p=(unsigned char *)a->data;
- for (i=0; i<a->length; i++)
- ret^=p[i]<<((i*3)%24);
- break;
- case ADDED_SNAME:
- ret=lh_strhash(a->sn);
- break;
- case ADDED_LNAME:
- ret=lh_strhash(a->ln);
- break;
- case ADDED_NID:
- ret=a->nid;
- break;
- default:
- /* abort(); */
- return 0;
- }
- ret&=0x3fffffffL;
- ret|=ca->type<<30L;
- return(ret);
- }
-
-/* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */
-static int add_cmp(const void *ca_void, const void *cb_void)
- {
- ASN1_OBJECT *a,*b;
- int i;
- const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
- const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void;
-
- i=ca->type-cb->type;
- if (i) return(i);
- a=ca->obj;
- b=cb->obj;
- switch (ca->type)
- {
- case ADDED_DATA:
- i=(a->length - b->length);
- if (i) return(i);
- return(memcmp(a->data,b->data,(size_t)a->length));
- case ADDED_SNAME:
- if (a->sn == NULL) return(-1);
- else if (b->sn == NULL) return(1);
- else return(strcmp(a->sn,b->sn));
- case ADDED_LNAME:
- if (a->ln == NULL) return(-1);
- else if (b->ln == NULL) return(1);
- else return(strcmp(a->ln,b->ln));
- case ADDED_NID:
- return(a->nid-b->nid);
- default:
- /* abort(); */
- return 0;
- }
- }
-
-static int init_added(void)
- {
- if (added != NULL) return(1);
- added=lh_new(add_hash,add_cmp);
- return(added != NULL);
- }
-
-static void cleanup1(ADDED_OBJ *a)
- {
- a->obj->nid=0;
- a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC|
- ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
- ASN1_OBJECT_FLAG_DYNAMIC_DATA;
- }
-
-static void cleanup2(ADDED_OBJ *a)
- { a->obj->nid++; }
-
-static void cleanup3(ADDED_OBJ *a)
- {
- if (--a->obj->nid == 0)
- ASN1_OBJECT_free(a->obj);
- OPENSSL_free(a);
- }
-
-static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *)
-static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *)
-static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *)
-
-void OBJ_cleanup(void)
- {
- if (added == NULL) return;
- added->down_load=0;
- lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
- lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
- lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
- lh_free(added);
- added=NULL;
- }
-
-int OBJ_new_nid(int num)
- {
- int i;
-
- i=new_nid;
- new_nid+=num;
- return(i);
- }
-
-int OBJ_add_object(const ASN1_OBJECT *obj)
- {
- ASN1_OBJECT *o;
- ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop;
- int i;
-
- if (added == NULL)
- if (!init_added()) return(0);
- if ((o=OBJ_dup(obj)) == NULL) goto err;
- if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
- if ((o->length != 0) && (obj->data != NULL))
- if (!(ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
- if (o->sn != NULL)
- if (!(ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
- if (o->ln != NULL)
- if (!(ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-
- for (i=ADDED_DATA; i<=ADDED_NID; i++)
- {
- if (ao[i] != NULL)
- {
- ao[i]->type=i;
- ao[i]->obj=o;
- aop=(ADDED_OBJ *)lh_insert(added,ao[i]);
- /* memory leak, buit should not normally matter */
- if (aop != NULL)
- OPENSSL_free(aop);
- }
- }
- o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
- ASN1_OBJECT_FLAG_DYNAMIC_DATA);
-
- return(o->nid);
-err2:
- OBJerr(OBJ_F_OBJ_ADD_OBJECT,ERR_R_MALLOC_FAILURE);
-err:
- for (i=ADDED_DATA; i<=ADDED_NID; i++)
- if (ao[i] != NULL) OPENSSL_free(ao[i]);
- if (o != NULL) OPENSSL_free(o);
- return(NID_undef);
- }
-
-ASN1_OBJECT *OBJ_nid2obj(int n)
- {
- ADDED_OBJ ad,*adp;
- ASN1_OBJECT ob;
-
- if ((n >= 0) && (n < NUM_NID))
- {
- if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
- {
- OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
- return(NULL);
- }
- return((ASN1_OBJECT *)&(nid_objs[n]));
- }
- else if (added == NULL)
- return(NULL);
- else
- {
- ad.type=ADDED_NID;
- ad.obj= &ob;
- ob.nid=n;
- adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
- if (adp != NULL)
- return(adp->obj);
- else
- {
- OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
- return(NULL);
- }
- }
- }
-
-const char *OBJ_nid2sn(int n)
- {
- ADDED_OBJ ad,*adp;
- ASN1_OBJECT ob;
-
- if ((n >= 0) && (n < NUM_NID))
- {
- if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
- {
- OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
- return(NULL);
- }
- return(nid_objs[n].sn);
- }
- else if (added == NULL)
- return(NULL);
- else
- {
- ad.type=ADDED_NID;
- ad.obj= &ob;
- ob.nid=n;
- adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
- if (adp != NULL)
- return(adp->obj->sn);
- else
- {
- OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
- return(NULL);
- }
- }
- }
-
-const char *OBJ_nid2ln(int n)
- {
- ADDED_OBJ ad,*adp;
- ASN1_OBJECT ob;
-
- if ((n >= 0) && (n < NUM_NID))
- {
- if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
- {
- OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
- return(NULL);
- }
- return(nid_objs[n].ln);
- }
- else if (added == NULL)
- return(NULL);
- else
- {
- ad.type=ADDED_NID;
- ad.obj= &ob;
- ob.nid=n;
- adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
- if (adp != NULL)
- return(adp->obj->ln);
- else
- {
- OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
- return(NULL);
- }
- }
- }
-
-int OBJ_obj2nid(const ASN1_OBJECT *a)
- {
- ASN1_OBJECT **op;
- ADDED_OBJ ad,*adp;
-
- if (a == NULL)
- return(NID_undef);
- if (a->nid != 0)
- return(a->nid);
-
- if (added != NULL)
- {
- ad.type=ADDED_DATA;
- ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */
- adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
- if (adp != NULL) return (adp->obj->nid);
- }
- op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs,
- NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp);
- if (op == NULL)
- return(NID_undef);
- return((*op)->nid);
- }
-
-/* Convert an object name into an ASN1_OBJECT
- * if "noname" is not set then search for short and long names first.
- * This will convert the "dotted" form into an object: unlike OBJ_txt2nid
- * it can be used with any objects, not just registered ones.
- */
-
-ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
- {
- int nid = NID_undef;
- ASN1_OBJECT *op=NULL;
- unsigned char *buf;
- unsigned char *p;
- const unsigned char *cp;
- int i, j;
-
- if(!no_name) {
- if( ((nid = OBJ_sn2nid(s)) != NID_undef) ||
- ((nid = OBJ_ln2nid(s)) != NID_undef) )
- return OBJ_nid2obj(nid);
- }
-
- /* Work out size of content octets */
- i=a2d_ASN1_OBJECT(NULL,0,s,-1);
- if (i <= 0) {
- /* Don't clear the error */
- /*ERR_clear_error();*/
- return NULL;
- }
- /* Work out total size */
- j = ASN1_object_size(0,i,V_ASN1_OBJECT);
-
- if((buf=(unsigned char *)OPENSSL_malloc(j)) == NULL) return NULL;
-
- p = buf;
- /* Write out tag+length */
- ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
- /* Write out contents */
- a2d_ASN1_OBJECT(p,i,s,-1);
-
- cp=buf;
- op=d2i_ASN1_OBJECT(NULL,&cp,j);
- OPENSSL_free(buf);
- return op;
- }
-
-int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
-{
- int i,n=0,len,nid, first, use_bn;
- BIGNUM *bl;
- unsigned long l;
- unsigned char *p;
- char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
-
- /* Ensure that, at every state, |buf| is NUL-terminated. */
- if (buf && buf_len > 0)
- buf[0] = '\0';
-
- if ((a == NULL) || (a->data == NULL))
- return(0);
-
- if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)
- {
- const char *s;
- s=OBJ_nid2ln(nid);
- if (s == NULL)
- s=OBJ_nid2sn(nid);
- if (s)
- {
- if (buf)
- BUF_strlcpy(buf,s,buf_len);
- n=strlen(s);
- return n;
- }
- }
-
-
- len=a->length;
- p=a->data;
-
- first = 1;
- bl = NULL;
-
- while (len > 0)
- {
- l=0;
- use_bn = 0;
- for (;;)
- {
- unsigned char c = *p++;
- len--;
- if ((len == 0) && (c & 0x80))
- goto err;
- if (use_bn)
- {
- if (!BN_add_word(bl, c & 0x7f))
- goto err;
- }
- else
- l |= c & 0x7f;
- if (!(c & 0x80))
- break;
- if (!use_bn && (l > (ULONG_MAX >> 7L)))
- {
- if (!bl && !(bl = BN_new()))
- goto err;
- if (!BN_set_word(bl, l))
- goto err;
- use_bn = 1;
- }
- if (use_bn)
- {
- if (!BN_lshift(bl, bl, 7))
- goto err;
- }
- else
- l<<=7L;
- }
-
- if (first)
- {
- first = 0;
- if (l >= 80)
- {
- i = 2;
- if (use_bn)
- {
- if (!BN_sub_word(bl, 80))
- goto err;
- }
- else
- l -= 80;
- }
- else
- {
- i=(int)(l/40);
- l-=(long)(i*40);
- }
- if (buf && (buf_len > 1))
- {
- *buf++ = i + '0';
- *buf = '\0';
- buf_len--;
- }
- n++;
- }
-
- if (use_bn)
- {
- char *bndec;
- bndec = BN_bn2dec(bl);
- if (!bndec)
- goto err;
- i = strlen(bndec);
- if (buf)
- {
- if (buf_len > 1)
- {
- *buf++ = '.';
- *buf = '\0';
- buf_len--;
- }
- BUF_strlcpy(buf,bndec,buf_len);
- if (i > buf_len)
- {
- buf += buf_len;
- buf_len = 0;
- }
- else
- {
- buf+=i;
- buf_len-=i;
- }
- }
- n++;
- n += i;
- OPENSSL_free(bndec);
- }
- else
- {
- BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
- i=strlen(tbuf);
- if (buf && (buf_len > 0))
- {
- BUF_strlcpy(buf,tbuf,buf_len);
- if (i > buf_len)
- {
- buf += buf_len;
- buf_len = 0;
- }
- else
- {
- buf+=i;
- buf_len-=i;
- }
- }
- n+=i;
- l=0;
- }
- }
-
- if (bl)
- BN_free(bl);
- return n;
-
- err:
- if (bl)
- BN_free(bl);
- return -1;
-}
-
-int OBJ_txt2nid(const char *s)
-{
- ASN1_OBJECT *obj;
- int nid;
- obj = OBJ_txt2obj(s, 0);
- nid = OBJ_obj2nid(obj);
- ASN1_OBJECT_free(obj);
- return nid;
-}
-
-int OBJ_ln2nid(const char *s)
- {
- ASN1_OBJECT o,*oo= &o,**op;
- ADDED_OBJ ad,*adp;
-
- o.ln=s;
- if (added != NULL)
- {
- ad.type=ADDED_LNAME;
- ad.obj= &o;
- adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
- if (adp != NULL) return (adp->obj->nid);
- }
- op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN,
- sizeof(ASN1_OBJECT *),ln_cmp);
- if (op == NULL) return(NID_undef);
- return((*op)->nid);
- }
-
-int OBJ_sn2nid(const char *s)
- {
- ASN1_OBJECT o,*oo= &o,**op;
- ADDED_OBJ ad,*adp;
-
- o.sn=s;
- if (added != NULL)
- {
- ad.type=ADDED_SNAME;
- ad.obj= &o;
- adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
- if (adp != NULL) return (adp->obj->nid);
- }
- op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
- sizeof(ASN1_OBJECT *),sn_cmp);
- if (op == NULL) return(NID_undef);
- return((*op)->nid);
- }
-
-static int obj_cmp(const void *ap, const void *bp)
- {
- int j;
- const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap;
- const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp;
-
- j=(a->length - b->length);
- if (j) return(j);
- return(memcmp(a->data,b->data,a->length));
- }
-
-const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
- int (*cmp)(const void *, const void *))
- {
- return OBJ_bsearch_ex(key, base, num, size, cmp, 0);
- }
-
-const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
- int size, int (*cmp)(const void *, const void *), int flags)
- {
- int l,h,i=0,c=0;
- const char *p = NULL;
-
- if (num == 0) return(NULL);
- l=0;
- h=num;
- while (l < h)
- {
- i=(l+h)/2;
- p= &(base[i*size]);
- c=(*cmp)(key,p);
- if (c < 0)
- h=i;
- else if (c > 0)
- l=i+1;
- else
- break;
- }
-#ifdef CHARSET_EBCDIC
-/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and
- * I don't have perl (yet), we revert to a *LINEAR* search
- * when the object wasn't found in the binary search.
- */
- if (c != 0)
- {
- for (i=0; i<num; ++i)
- {
- p= &(base[i*size]);
- c = (*cmp)(key,p);
- if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
- return p;
- }
- }
-#endif
- if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))
- p = NULL;
- else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH))
- {
- while(i > 0 && (*cmp)(key,&(base[(i-1)*size])) == 0)
- i--;
- p = &(base[i*size]);
- }
- return(p);
- }
-
-int OBJ_create_objects(BIO *in)
- {
- MS_STATIC char buf[512];
- int i,num=0;
- char *o,*s,*l=NULL;
-
- for (;;)
- {
- s=o=NULL;
- i=BIO_gets(in,buf,512);
- if (i <= 0) return(num);
- buf[i-1]='\0';
- if (!isalnum((unsigned char)buf[0])) return(num);
- o=s=buf;
- while (isdigit((unsigned char)*s) || (*s == '.'))
- s++;
- if (*s != '\0')
- {
- *(s++)='\0';
- while (isspace((unsigned char)*s))
- s++;
- if (*s == '\0')
- s=NULL;
- else
- {
- l=s;
- while ((*l != '\0') && !isspace((unsigned char)*l))
- l++;
- if (*l != '\0')
- {
- *(l++)='\0';
- while (isspace((unsigned char)*l))
- l++;
- if (*l == '\0') l=NULL;
- }
- else
- l=NULL;
- }
- }
- else
- s=NULL;
- if ((o == NULL) || (*o == '\0')) return(num);
- if (!OBJ_create(o,s,l)) return(num);
- num++;
- }
- /* return(num); */
- }
-
-int OBJ_create(const char *oid, const char *sn, const char *ln)
- {
- int ok=0;
- ASN1_OBJECT *op=NULL;
- unsigned char *buf;
- int i;
-
- i=a2d_ASN1_OBJECT(NULL,0,oid,-1);
- if (i <= 0) return(0);
-
- if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL)
- {
- OBJerr(OBJ_F_OBJ_CREATE,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- i=a2d_ASN1_OBJECT(buf,i,oid,-1);
- if (i == 0)
- goto err;
- op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln);
- if (op == NULL)
- goto err;
- ok=OBJ_add_object(op);
-err:
- ASN1_OBJECT_free(op);
- OPENSSL_free(buf);
- return(ok);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_dat.c (from rev 6976, vendor-crypto/openssl/dist/crypto/objects/obj_dat.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_dat.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_dat.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,772 @@
+/* crypto/objects/obj_dat.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+
+/* obj_dat.h is generated from objects.h by obj_dat.pl */
+#ifndef OPENSSL_NO_OBJECT
+# include "obj_dat.h"
+#else
+/* You will have to load all the objects needed manually in the application */
+# define NUM_NID 0
+# define NUM_SN 0
+# define NUM_LN 0
+# define NUM_OBJ 0
+static unsigned char lvalues[1];
+static ASN1_OBJECT nid_objs[1];
+static ASN1_OBJECT *sn_objs[1];
+static ASN1_OBJECT *ln_objs[1];
+static ASN1_OBJECT *obj_objs[1];
+#endif
+
+static int sn_cmp(const void *a, const void *b);
+static int ln_cmp(const void *a, const void *b);
+static int obj_cmp(const void *a, const void *b);
+#define ADDED_DATA 0
+#define ADDED_SNAME 1
+#define ADDED_LNAME 2
+#define ADDED_NID 3
+
+typedef struct added_obj_st {
+ int type;
+ ASN1_OBJECT *obj;
+} ADDED_OBJ;
+
+static int new_nid = NUM_NID;
+static LHASH *added = NULL;
+
+static int sn_cmp(const void *a, const void *b)
+{
+ const ASN1_OBJECT *const *ap = a, *const *bp = b;
+ return (strcmp((*ap)->sn, (*bp)->sn));
+}
+
+static int ln_cmp(const void *a, const void *b)
+{
+ const ASN1_OBJECT *const *ap = a, *const *bp = b;
+ return (strcmp((*ap)->ln, (*bp)->ln));
+}
+
+/* static unsigned long add_hash(ADDED_OBJ *ca) */
+static unsigned long add_hash(const void *ca_void)
+{
+ const ASN1_OBJECT *a;
+ int i;
+ unsigned long ret = 0;
+ unsigned char *p;
+ const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
+
+ a = ca->obj;
+ switch (ca->type) {
+ case ADDED_DATA:
+ ret = a->length << 20L;
+ p = (unsigned char *)a->data;
+ for (i = 0; i < a->length; i++)
+ ret ^= p[i] << ((i * 3) % 24);
+ break;
+ case ADDED_SNAME:
+ ret = lh_strhash(a->sn);
+ break;
+ case ADDED_LNAME:
+ ret = lh_strhash(a->ln);
+ break;
+ case ADDED_NID:
+ ret = a->nid;
+ break;
+ default:
+ /* abort(); */
+ return 0;
+ }
+ ret &= 0x3fffffffL;
+ ret |= ca->type << 30L;
+ return (ret);
+}
+
+/* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */
+static int add_cmp(const void *ca_void, const void *cb_void)
+{
+ ASN1_OBJECT *a, *b;
+ int i;
+ const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
+ const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void;
+
+ i = ca->type - cb->type;
+ if (i)
+ return (i);
+ a = ca->obj;
+ b = cb->obj;
+ switch (ca->type) {
+ case ADDED_DATA:
+ i = (a->length - b->length);
+ if (i)
+ return (i);
+ return (memcmp(a->data, b->data, (size_t)a->length));
+ case ADDED_SNAME:
+ if (a->sn == NULL)
+ return (-1);
+ else if (b->sn == NULL)
+ return (1);
+ else
+ return (strcmp(a->sn, b->sn));
+ case ADDED_LNAME:
+ if (a->ln == NULL)
+ return (-1);
+ else if (b->ln == NULL)
+ return (1);
+ else
+ return (strcmp(a->ln, b->ln));
+ case ADDED_NID:
+ return (a->nid - b->nid);
+ default:
+ /* abort(); */
+ return 0;
+ }
+}
+
+static int init_added(void)
+{
+ if (added != NULL)
+ return (1);
+ added = lh_new(add_hash, add_cmp);
+ return (added != NULL);
+}
+
+static void cleanup1(ADDED_OBJ *a)
+{
+ a->obj->nid = 0;
+ a->obj->flags |= ASN1_OBJECT_FLAG_DYNAMIC |
+ ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+}
+
+static void cleanup2(ADDED_OBJ *a)
+{
+ a->obj->nid++;
+}
+
+static void cleanup3(ADDED_OBJ *a)
+{
+ if (--a->obj->nid == 0)
+ ASN1_OBJECT_free(a->obj);
+ OPENSSL_free(a);
+}
+
+static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *)
+
+void OBJ_cleanup(void)
+{
+ if (added == NULL)
+ return;
+ added->down_load = 0;
+ lh_doall(added, LHASH_DOALL_FN(cleanup1)); /* zero counters */
+ lh_doall(added, LHASH_DOALL_FN(cleanup2)); /* set counters */
+ lh_doall(added, LHASH_DOALL_FN(cleanup3)); /* free objects */
+ lh_free(added);
+ added = NULL;
+}
+
+int OBJ_new_nid(int num)
+{
+ int i;
+
+ i = new_nid;
+ new_nid += num;
+ return (i);
+}
+
+int OBJ_add_object(const ASN1_OBJECT *obj)
+{
+ ASN1_OBJECT *o;
+ ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop;
+ int i;
+
+ if (added == NULL)
+ if (!init_added())
+ return (0);
+ if ((o = OBJ_dup(obj)) == NULL)
+ goto err;
+ if (!(ao[ADDED_NID] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ))))
+ goto err2;
+ if ((o->length != 0) && (obj->data != NULL))
+ if (!
+ (ao[ADDED_DATA] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ))))
+ goto err2;
+ if (o->sn != NULL)
+ if (!
+ (ao[ADDED_SNAME] =
+ (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ))))
+ goto err2;
+ if (o->ln != NULL)
+ if (!
+ (ao[ADDED_LNAME] =
+ (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ))))
+ goto err2;
+
+ for (i = ADDED_DATA; i <= ADDED_NID; i++) {
+ if (ao[i] != NULL) {
+ ao[i]->type = i;
+ ao[i]->obj = o;
+ aop = (ADDED_OBJ *)lh_insert(added, ao[i]);
+ /* memory leak, buit should not normally matter */
+ if (aop != NULL)
+ OPENSSL_free(aop);
+ }
+ }
+ o->flags &=
+ ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+ ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+
+ return (o->nid);
+ err2:
+ OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE);
+ err:
+ for (i = ADDED_DATA; i <= ADDED_NID; i++)
+ if (ao[i] != NULL)
+ OPENSSL_free(ao[i]);
+ if (o != NULL)
+ OPENSSL_free(o);
+ return (NID_undef);
+}
+
+ASN1_OBJECT *OBJ_nid2obj(int n)
+{
+ ADDED_OBJ ad, *adp;
+ ASN1_OBJECT ob;
+
+ if ((n >= 0) && (n < NUM_NID)) {
+ if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+ OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+ return (NULL);
+ }
+ return ((ASN1_OBJECT *)&(nid_objs[n]));
+ } else if (added == NULL)
+ return (NULL);
+ else {
+ ad.type = ADDED_NID;
+ ad.obj = &ob;
+ ob.nid = n;
+ adp = (ADDED_OBJ *)lh_retrieve(added, &ad);
+ if (adp != NULL)
+ return (adp->obj);
+ else {
+ OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+ return (NULL);
+ }
+ }
+}
+
+const char *OBJ_nid2sn(int n)
+{
+ ADDED_OBJ ad, *adp;
+ ASN1_OBJECT ob;
+
+ if ((n >= 0) && (n < NUM_NID)) {
+ if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+ OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+ return (NULL);
+ }
+ return (nid_objs[n].sn);
+ } else if (added == NULL)
+ return (NULL);
+ else {
+ ad.type = ADDED_NID;
+ ad.obj = &ob;
+ ob.nid = n;
+ adp = (ADDED_OBJ *)lh_retrieve(added, &ad);
+ if (adp != NULL)
+ return (adp->obj->sn);
+ else {
+ OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+ return (NULL);
+ }
+ }
+}
+
+const char *OBJ_nid2ln(int n)
+{
+ ADDED_OBJ ad, *adp;
+ ASN1_OBJECT ob;
+
+ if ((n >= 0) && (n < NUM_NID)) {
+ if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+ OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+ return (NULL);
+ }
+ return (nid_objs[n].ln);
+ } else if (added == NULL)
+ return (NULL);
+ else {
+ ad.type = ADDED_NID;
+ ad.obj = &ob;
+ ob.nid = n;
+ adp = (ADDED_OBJ *)lh_retrieve(added, &ad);
+ if (adp != NULL)
+ return (adp->obj->ln);
+ else {
+ OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+ return (NULL);
+ }
+ }
+}
+
+int OBJ_obj2nid(const ASN1_OBJECT *a)
+{
+ ASN1_OBJECT **op;
+ ADDED_OBJ ad, *adp;
+
+ if (a == NULL)
+ return (NID_undef);
+ if (a->nid != 0)
+ return (a->nid);
+
+ if (added != NULL) {
+ ad.type = ADDED_DATA;
+ ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
+ adp = (ADDED_OBJ *)lh_retrieve(added, &ad);
+ if (adp != NULL)
+ return (adp->obj->nid);
+ }
+ op = (ASN1_OBJECT **)OBJ_bsearch((const char *)&a, (const char *)obj_objs,
+ NUM_OBJ, sizeof(ASN1_OBJECT *), obj_cmp);
+ if (op == NULL)
+ return (NID_undef);
+ return ((*op)->nid);
+}
+
+/*
+ * Convert an object name into an ASN1_OBJECT if "noname" is not set then
+ * search for short and long names first. This will convert the "dotted" form
+ * into an object: unlike OBJ_txt2nid it can be used with any objects, not
+ * just registered ones.
+ */
+
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
+{
+ int nid = NID_undef;
+ ASN1_OBJECT *op = NULL;
+ unsigned char *buf;
+ unsigned char *p;
+ const unsigned char *cp;
+ int i, j;
+
+ if (!no_name) {
+ if (((nid = OBJ_sn2nid(s)) != NID_undef) ||
+ ((nid = OBJ_ln2nid(s)) != NID_undef))
+ return OBJ_nid2obj(nid);
+ }
+
+ /* Work out size of content octets */
+ i = a2d_ASN1_OBJECT(NULL, 0, s, -1);
+ if (i <= 0) {
+ /* Don't clear the error */
+ /*
+ * ERR_clear_error();
+ */
+ return NULL;
+ }
+ /* Work out total size */
+ j = ASN1_object_size(0, i, V_ASN1_OBJECT);
+
+ if ((buf = (unsigned char *)OPENSSL_malloc(j)) == NULL)
+ return NULL;
+
+ p = buf;
+ /* Write out tag+length */
+ ASN1_put_object(&p, 0, i, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
+ /* Write out contents */
+ a2d_ASN1_OBJECT(p, i, s, -1);
+
+ cp = buf;
+ op = d2i_ASN1_OBJECT(NULL, &cp, j);
+ OPENSSL_free(buf);
+ return op;
+}
+
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+{
+ int i, n = 0, len, nid, first, use_bn;
+ BIGNUM *bl;
+ unsigned long l;
+ unsigned char *p;
+ char tbuf[DECIMAL_SIZE(i) + DECIMAL_SIZE(l) + 2];
+
+ /* Ensure that, at every state, |buf| is NUL-terminated. */
+ if (buf && buf_len > 0)
+ buf[0] = '\0';
+
+ if ((a == NULL) || (a->data == NULL))
+ return (0);
+
+ if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) {
+ const char *s;
+ s = OBJ_nid2ln(nid);
+ if (s == NULL)
+ s = OBJ_nid2sn(nid);
+ if (s) {
+ if (buf)
+ BUF_strlcpy(buf, s, buf_len);
+ n = strlen(s);
+ return n;
+ }
+ }
+
+ len = a->length;
+ p = a->data;
+
+ first = 1;
+ bl = NULL;
+
+ while (len > 0) {
+ l = 0;
+ use_bn = 0;
+ for (;;) {
+ unsigned char c = *p++;
+ len--;
+ if ((len == 0) && (c & 0x80))
+ goto err;
+ if (use_bn) {
+ if (!BN_add_word(bl, c & 0x7f))
+ goto err;
+ } else
+ l |= c & 0x7f;
+ if (!(c & 0x80))
+ break;
+ if (!use_bn && (l > (ULONG_MAX >> 7L))) {
+ if (!bl && !(bl = BN_new()))
+ goto err;
+ if (!BN_set_word(bl, l))
+ goto err;
+ use_bn = 1;
+ }
+ if (use_bn) {
+ if (!BN_lshift(bl, bl, 7))
+ goto err;
+ } else
+ l <<= 7L;
+ }
+
+ if (first) {
+ first = 0;
+ if (l >= 80) {
+ i = 2;
+ if (use_bn) {
+ if (!BN_sub_word(bl, 80))
+ goto err;
+ } else
+ l -= 80;
+ } else {
+ i = (int)(l / 40);
+ l -= (long)(i * 40);
+ }
+ if (buf && (buf_len > 1)) {
+ *buf++ = i + '0';
+ *buf = '\0';
+ buf_len--;
+ }
+ n++;
+ }
+
+ if (use_bn) {
+ char *bndec;
+ bndec = BN_bn2dec(bl);
+ if (!bndec)
+ goto err;
+ i = strlen(bndec);
+ if (buf) {
+ if (buf_len > 1) {
+ *buf++ = '.';
+ *buf = '\0';
+ buf_len--;
+ }
+ BUF_strlcpy(buf, bndec, buf_len);
+ if (i > buf_len) {
+ buf += buf_len;
+ buf_len = 0;
+ } else {
+ buf += i;
+ buf_len -= i;
+ }
+ }
+ n++;
+ n += i;
+ OPENSSL_free(bndec);
+ } else {
+ BIO_snprintf(tbuf, sizeof tbuf, ".%lu", l);
+ i = strlen(tbuf);
+ if (buf && (buf_len > 0)) {
+ BUF_strlcpy(buf, tbuf, buf_len);
+ if (i > buf_len) {
+ buf += buf_len;
+ buf_len = 0;
+ } else {
+ buf += i;
+ buf_len -= i;
+ }
+ }
+ n += i;
+ l = 0;
+ }
+ }
+
+ if (bl)
+ BN_free(bl);
+ return n;
+
+ err:
+ if (bl)
+ BN_free(bl);
+ return -1;
+}
+
+int OBJ_txt2nid(const char *s)
+{
+ ASN1_OBJECT *obj;
+ int nid;
+ obj = OBJ_txt2obj(s, 0);
+ nid = OBJ_obj2nid(obj);
+ ASN1_OBJECT_free(obj);
+ return nid;
+}
+
+int OBJ_ln2nid(const char *s)
+{
+ ASN1_OBJECT o, *oo = &o, **op;
+ ADDED_OBJ ad, *adp;
+
+ o.ln = s;
+ if (added != NULL) {
+ ad.type = ADDED_LNAME;
+ ad.obj = &o;
+ adp = (ADDED_OBJ *)lh_retrieve(added, &ad);
+ if (adp != NULL)
+ return (adp->obj->nid);
+ }
+ op = (ASN1_OBJECT **)OBJ_bsearch((char *)&oo, (char *)ln_objs, NUM_LN,
+ sizeof(ASN1_OBJECT *), ln_cmp);
+ if (op == NULL)
+ return (NID_undef);
+ return ((*op)->nid);
+}
+
+int OBJ_sn2nid(const char *s)
+{
+ ASN1_OBJECT o, *oo = &o, **op;
+ ADDED_OBJ ad, *adp;
+
+ o.sn = s;
+ if (added != NULL) {
+ ad.type = ADDED_SNAME;
+ ad.obj = &o;
+ adp = (ADDED_OBJ *)lh_retrieve(added, &ad);
+ if (adp != NULL)
+ return (adp->obj->nid);
+ }
+ op = (ASN1_OBJECT **)OBJ_bsearch((char *)&oo, (char *)sn_objs, NUM_SN,
+ sizeof(ASN1_OBJECT *), sn_cmp);
+ if (op == NULL)
+ return (NID_undef);
+ return ((*op)->nid);
+}
+
+static int obj_cmp(const void *ap, const void *bp)
+{
+ int j;
+ const ASN1_OBJECT *a = *(ASN1_OBJECT *const *)ap;
+ const ASN1_OBJECT *b = *(ASN1_OBJECT *const *)bp;
+
+ j = (a->length - b->length);
+ if (j)
+ return (j);
+ return (memcmp(a->data, b->data, a->length));
+}
+
+const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
+ int (*cmp) (const void *, const void *))
+{
+ return OBJ_bsearch_ex(key, base, num, size, cmp, 0);
+}
+
+const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
+ int size, int (*cmp) (const void *, const void *),
+ int flags)
+{
+ int l, h, i = 0, c = 0;
+ const char *p = NULL;
+
+ if (num == 0)
+ return (NULL);
+ l = 0;
+ h = num;
+ while (l < h) {
+ i = (l + h) / 2;
+ p = &(base[i * size]);
+ c = (*cmp) (key, p);
+ if (c < 0)
+ h = i;
+ else if (c > 0)
+ l = i + 1;
+ else
+ break;
+ }
+#ifdef CHARSET_EBCDIC
+ /*
+ * THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and I
+ * don't have perl (yet), we revert to a *LINEAR* search when the object
+ * wasn't found in the binary search.
+ */
+ if (c != 0) {
+ for (i = 0; i < num; ++i) {
+ p = &(base[i * size]);
+ c = (*cmp) (key, p);
+ if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
+ return p;
+ }
+ }
+#endif
+ if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))
+ p = NULL;
+ else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH)) {
+ while (i > 0 && (*cmp) (key, &(base[(i - 1) * size])) == 0)
+ i--;
+ p = &(base[i * size]);
+ }
+ return (p);
+}
+
+int OBJ_create_objects(BIO *in)
+{
+ MS_STATIC char buf[512];
+ int i, num = 0;
+ char *o, *s, *l = NULL;
+
+ for (;;) {
+ s = o = NULL;
+ i = BIO_gets(in, buf, 512);
+ if (i <= 0)
+ return (num);
+ buf[i - 1] = '\0';
+ if (!isalnum((unsigned char)buf[0]))
+ return (num);
+ o = s = buf;
+ while (isdigit((unsigned char)*s) || (*s == '.'))
+ s++;
+ if (*s != '\0') {
+ *(s++) = '\0';
+ while (isspace((unsigned char)*s))
+ s++;
+ if (*s == '\0')
+ s = NULL;
+ else {
+ l = s;
+ while ((*l != '\0') && !isspace((unsigned char)*l))
+ l++;
+ if (*l != '\0') {
+ *(l++) = '\0';
+ while (isspace((unsigned char)*l))
+ l++;
+ if (*l == '\0')
+ l = NULL;
+ } else
+ l = NULL;
+ }
+ } else
+ s = NULL;
+ if ((o == NULL) || (*o == '\0'))
+ return (num);
+ if (!OBJ_create(o, s, l))
+ return (num);
+ num++;
+ }
+ /* return(num); */
+}
+
+int OBJ_create(const char *oid, const char *sn, const char *ln)
+{
+ int ok = 0;
+ ASN1_OBJECT *op = NULL;
+ unsigned char *buf;
+ int i;
+
+ i = a2d_ASN1_OBJECT(NULL, 0, oid, -1);
+ if (i <= 0)
+ return (0);
+
+ if ((buf = (unsigned char *)OPENSSL_malloc(i)) == NULL) {
+ OBJerr(OBJ_F_OBJ_CREATE, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ i = a2d_ASN1_OBJECT(buf, i, oid, -1);
+ if (i == 0)
+ goto err;
+ op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln);
+ if (op == NULL)
+ goto err;
+ ok = OBJ_add_object(op);
+ err:
+ ASN1_OBJECT_free(op);
+ OPENSSL_free(buf);
+ return (ok);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/objects/obj_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,102 +0,0 @@
-/* crypto/objects/obj_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/objects.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
-
-static ERR_STRING_DATA OBJ_str_functs[]=
- {
-{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"},
-{ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"},
-{ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"},
-{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"},
-{ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"},
-{ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"},
-{ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA OBJ_str_reasons[]=
- {
-{ERR_REASON(OBJ_R_MALLOC_FAILURE) ,"malloc failure"},
-{ERR_REASON(OBJ_R_UNKNOWN_NID) ,"unknown nid"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_OBJ_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,OBJ_str_functs);
- ERR_load_strings(0,OBJ_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/objects/obj_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,100 @@
+/* crypto/objects/obj_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/objects.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
+
+static ERR_STRING_DATA OBJ_str_functs[] = {
+ {ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"},
+ {ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"},
+ {ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"},
+ {ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"},
+ {ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"},
+ {ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"},
+ {ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA OBJ_str_reasons[] = {
+ {ERR_REASON(OBJ_R_MALLOC_FAILURE), "malloc failure"},
+ {ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_OBJ_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, OBJ_str_functs);
+ ERR_load_strings(0, OBJ_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/objects/obj_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,128 +0,0 @@
-/* crypto/objects/obj_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-
-ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
- {
- ASN1_OBJECT *r;
- int i;
- char *ln=NULL;
-
- if (o == NULL) return(NULL);
- if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
- return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of
- duplication is this??? */
-
- r=ASN1_OBJECT_new();
- if (r == NULL)
- {
- OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);
- return(NULL);
- }
- r->data=OPENSSL_malloc(o->length);
- if (r->data == NULL)
- goto err;
- if (o->data != NULL)
- memcpy(r->data,o->data,o->length);
- r->length=o->length;
- r->nid=o->nid;
- r->ln=r->sn=NULL;
- if (o->ln != NULL)
- {
- i=strlen(o->ln)+1;
- r->ln=ln=OPENSSL_malloc(i);
- if (r->ln == NULL) goto err;
- memcpy(ln,o->ln,i);
- }
-
- if (o->sn != NULL)
- {
- char *s;
-
- i=strlen(o->sn)+1;
- r->sn=s=OPENSSL_malloc(i);
- if (r->sn == NULL) goto err;
- memcpy(s,o->sn,i);
- }
- r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC|
- ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA);
- return(r);
-err:
- OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
- if (r != NULL)
- {
- if (ln != NULL) OPENSSL_free(ln);
- if (r->data != NULL) OPENSSL_free(r->data);
- OPENSSL_free(r);
- }
- return(NULL);
- }
-
-int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
- {
- int ret;
-
- ret=(a->length-b->length);
- if (ret) return(ret);
- return(memcmp(a->data,b->data,a->length));
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/objects/obj_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,131 @@
+/* crypto/objects/obj_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
+{
+ ASN1_OBJECT *r;
+ int i;
+ char *ln = NULL;
+
+ if (o == NULL)
+ return (NULL);
+ if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+ return ((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication
+ * is this??? */
+
+ r = ASN1_OBJECT_new();
+ if (r == NULL) {
+ OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB);
+ return (NULL);
+ }
+ r->data = OPENSSL_malloc(o->length);
+ if (r->data == NULL)
+ goto err;
+ if (o->data != NULL)
+ memcpy(r->data, o->data, o->length);
+ r->length = o->length;
+ r->nid = o->nid;
+ r->ln = r->sn = NULL;
+ if (o->ln != NULL) {
+ i = strlen(o->ln) + 1;
+ r->ln = ln = OPENSSL_malloc(i);
+ if (r->ln == NULL)
+ goto err;
+ memcpy(ln, o->ln, i);
+ }
+
+ if (o->sn != NULL) {
+ char *s;
+
+ i = strlen(o->sn) + 1;
+ r->sn = s = OPENSSL_malloc(i);
+ if (r->sn == NULL)
+ goto err;
+ memcpy(s, o->sn, i);
+ }
+ r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC |
+ ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+ ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+ return (r);
+ err:
+ OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE);
+ if (r != NULL) {
+ if (ln != NULL)
+ OPENSSL_free(ln);
+ if (r->data != NULL)
+ OPENSSL_free(r->data);
+ OPENSSL_free(r);
+ }
+ return (NULL);
+}
+
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
+{
+ int ret;
+
+ ret = (a->length - b->length);
+ if (ret)
+ return (ret);
+ return (memcmp(a->data, b->data, a->length));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_mac.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/objects/obj_mac.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_mac.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,3914 +0,0 @@
-/* crypto/objects/obj_mac.h */
-
-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
- * following command:
- * perl objects.pl objects.txt obj_mac.num obj_mac.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define SN_undef "UNDEF"
-#define LN_undef "undefined"
-#define NID_undef 0
-#define OBJ_undef 0L
-
-#define SN_itu_t "ITU-T"
-#define LN_itu_t "itu-t"
-#define NID_itu_t 645
-#define OBJ_itu_t 0L
-
-#define NID_ccitt 404
-#define OBJ_ccitt OBJ_itu_t
-
-#define SN_iso "ISO"
-#define LN_iso "iso"
-#define NID_iso 181
-#define OBJ_iso 1L
-
-#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T"
-#define LN_joint_iso_itu_t "joint-iso-itu-t"
-#define NID_joint_iso_itu_t 646
-#define OBJ_joint_iso_itu_t 2L
-
-#define NID_joint_iso_ccitt 393
-#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t
-
-#define SN_member_body "member-body"
-#define LN_member_body "ISO Member Body"
-#define NID_member_body 182
-#define OBJ_member_body OBJ_iso,2L
-
-#define SN_identified_organization "identified-organization"
-#define NID_identified_organization 676
-#define OBJ_identified_organization OBJ_iso,3L
-
-#define SN_hmac_md5 "HMAC-MD5"
-#define LN_hmac_md5 "hmac-md5"
-#define NID_hmac_md5 780
-#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L
-
-#define SN_hmac_sha1 "HMAC-SHA1"
-#define LN_hmac_sha1 "hmac-sha1"
-#define NID_hmac_sha1 781
-#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L
-
-#define SN_certicom_arc "certicom-arc"
-#define NID_certicom_arc 677
-#define OBJ_certicom_arc OBJ_identified_organization,132L
-
-#define SN_international_organizations "international-organizations"
-#define LN_international_organizations "International Organizations"
-#define NID_international_organizations 647
-#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L
-
-#define SN_wap "wap"
-#define NID_wap 678
-#define OBJ_wap OBJ_international_organizations,43L
-
-#define SN_wap_wsg "wap-wsg"
-#define NID_wap_wsg 679
-#define OBJ_wap_wsg OBJ_wap,1L
-
-#define SN_selected_attribute_types "selected-attribute-types"
-#define LN_selected_attribute_types "Selected Attribute Types"
-#define NID_selected_attribute_types 394
-#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L
-
-#define SN_clearance "clearance"
-#define NID_clearance 395
-#define OBJ_clearance OBJ_selected_attribute_types,55L
-
-#define SN_ISO_US "ISO-US"
-#define LN_ISO_US "ISO US Member Body"
-#define NID_ISO_US 183
-#define OBJ_ISO_US OBJ_member_body,840L
-
-#define SN_X9_57 "X9-57"
-#define LN_X9_57 "X9.57"
-#define NID_X9_57 184
-#define OBJ_X9_57 OBJ_ISO_US,10040L
-
-#define SN_X9cm "X9cm"
-#define LN_X9cm "X9.57 CM ?"
-#define NID_X9cm 185
-#define OBJ_X9cm OBJ_X9_57,4L
-
-#define SN_dsa "DSA"
-#define LN_dsa "dsaEncryption"
-#define NID_dsa 116
-#define OBJ_dsa OBJ_X9cm,1L
-
-#define SN_dsaWithSHA1 "DSA-SHA1"
-#define LN_dsaWithSHA1 "dsaWithSHA1"
-#define NID_dsaWithSHA1 113
-#define OBJ_dsaWithSHA1 OBJ_X9cm,3L
-
-#define SN_ansi_X9_62 "ansi-X9-62"
-#define LN_ansi_X9_62 "ANSI X9.62"
-#define NID_ansi_X9_62 405
-#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L
-
-#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L
-
-#define SN_X9_62_prime_field "prime-field"
-#define NID_X9_62_prime_field 406
-#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L
-
-#define SN_X9_62_characteristic_two_field "characteristic-two-field"
-#define NID_X9_62_characteristic_two_field 407
-#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L
-
-#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis"
-#define NID_X9_62_id_characteristic_two_basis 680
-#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L
-
-#define SN_X9_62_onBasis "onBasis"
-#define NID_X9_62_onBasis 681
-#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L
-
-#define SN_X9_62_tpBasis "tpBasis"
-#define NID_X9_62_tpBasis 682
-#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L
-
-#define SN_X9_62_ppBasis "ppBasis"
-#define NID_X9_62_ppBasis 683
-#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L
-
-#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L
-
-#define SN_X9_62_id_ecPublicKey "id-ecPublicKey"
-#define NID_X9_62_id_ecPublicKey 408
-#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L
-
-#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L
-
-#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L
-
-#define SN_X9_62_c2pnb163v1 "c2pnb163v1"
-#define NID_X9_62_c2pnb163v1 684
-#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L
-
-#define SN_X9_62_c2pnb163v2 "c2pnb163v2"
-#define NID_X9_62_c2pnb163v2 685
-#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L
-
-#define SN_X9_62_c2pnb163v3 "c2pnb163v3"
-#define NID_X9_62_c2pnb163v3 686
-#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L
-
-#define SN_X9_62_c2pnb176v1 "c2pnb176v1"
-#define NID_X9_62_c2pnb176v1 687
-#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L
-
-#define SN_X9_62_c2tnb191v1 "c2tnb191v1"
-#define NID_X9_62_c2tnb191v1 688
-#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L
-
-#define SN_X9_62_c2tnb191v2 "c2tnb191v2"
-#define NID_X9_62_c2tnb191v2 689
-#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L
-
-#define SN_X9_62_c2tnb191v3 "c2tnb191v3"
-#define NID_X9_62_c2tnb191v3 690
-#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L
-
-#define SN_X9_62_c2onb191v4 "c2onb191v4"
-#define NID_X9_62_c2onb191v4 691
-#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L
-
-#define SN_X9_62_c2onb191v5 "c2onb191v5"
-#define NID_X9_62_c2onb191v5 692
-#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L
-
-#define SN_X9_62_c2pnb208w1 "c2pnb208w1"
-#define NID_X9_62_c2pnb208w1 693
-#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L
-
-#define SN_X9_62_c2tnb239v1 "c2tnb239v1"
-#define NID_X9_62_c2tnb239v1 694
-#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L
-
-#define SN_X9_62_c2tnb239v2 "c2tnb239v2"
-#define NID_X9_62_c2tnb239v2 695
-#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L
-
-#define SN_X9_62_c2tnb239v3 "c2tnb239v3"
-#define NID_X9_62_c2tnb239v3 696
-#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L
-
-#define SN_X9_62_c2onb239v4 "c2onb239v4"
-#define NID_X9_62_c2onb239v4 697
-#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L
-
-#define SN_X9_62_c2onb239v5 "c2onb239v5"
-#define NID_X9_62_c2onb239v5 698
-#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L
-
-#define SN_X9_62_c2pnb272w1 "c2pnb272w1"
-#define NID_X9_62_c2pnb272w1 699
-#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L
-
-#define SN_X9_62_c2pnb304w1 "c2pnb304w1"
-#define NID_X9_62_c2pnb304w1 700
-#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L
-
-#define SN_X9_62_c2tnb359v1 "c2tnb359v1"
-#define NID_X9_62_c2tnb359v1 701
-#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L
-
-#define SN_X9_62_c2pnb368w1 "c2pnb368w1"
-#define NID_X9_62_c2pnb368w1 702
-#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L
-
-#define SN_X9_62_c2tnb431r1 "c2tnb431r1"
-#define NID_X9_62_c2tnb431r1 703
-#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L
-
-#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L
-
-#define SN_X9_62_prime192v1 "prime192v1"
-#define NID_X9_62_prime192v1 409
-#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L
-
-#define SN_X9_62_prime192v2 "prime192v2"
-#define NID_X9_62_prime192v2 410
-#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L
-
-#define SN_X9_62_prime192v3 "prime192v3"
-#define NID_X9_62_prime192v3 411
-#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L
-
-#define SN_X9_62_prime239v1 "prime239v1"
-#define NID_X9_62_prime239v1 412
-#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L
-
-#define SN_X9_62_prime239v2 "prime239v2"
-#define NID_X9_62_prime239v2 413
-#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L
-
-#define SN_X9_62_prime239v3 "prime239v3"
-#define NID_X9_62_prime239v3 414
-#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L
-
-#define SN_X9_62_prime256v1 "prime256v1"
-#define NID_X9_62_prime256v1 415
-#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L
-
-#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L
-
-#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1"
-#define NID_ecdsa_with_SHA1 416
-#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L
-
-#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended"
-#define NID_ecdsa_with_Recommended 791
-#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L
-
-#define SN_ecdsa_with_Specified "ecdsa-with-Specified"
-#define NID_ecdsa_with_Specified 792
-#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L
-
-#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224"
-#define NID_ecdsa_with_SHA224 793
-#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L
-
-#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256"
-#define NID_ecdsa_with_SHA256 794
-#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L
-
-#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384"
-#define NID_ecdsa_with_SHA384 795
-#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L
-
-#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512"
-#define NID_ecdsa_with_SHA512 796
-#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L
-
-#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L
-
-#define SN_secp112r1 "secp112r1"
-#define NID_secp112r1 704
-#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L
-
-#define SN_secp112r2 "secp112r2"
-#define NID_secp112r2 705
-#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L
-
-#define SN_secp128r1 "secp128r1"
-#define NID_secp128r1 706
-#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L
-
-#define SN_secp128r2 "secp128r2"
-#define NID_secp128r2 707
-#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L
-
-#define SN_secp160k1 "secp160k1"
-#define NID_secp160k1 708
-#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L
-
-#define SN_secp160r1 "secp160r1"
-#define NID_secp160r1 709
-#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L
-
-#define SN_secp160r2 "secp160r2"
-#define NID_secp160r2 710
-#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L
-
-#define SN_secp192k1 "secp192k1"
-#define NID_secp192k1 711
-#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L
-
-#define SN_secp224k1 "secp224k1"
-#define NID_secp224k1 712
-#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L
-
-#define SN_secp224r1 "secp224r1"
-#define NID_secp224r1 713
-#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L
-
-#define SN_secp256k1 "secp256k1"
-#define NID_secp256k1 714
-#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L
-
-#define SN_secp384r1 "secp384r1"
-#define NID_secp384r1 715
-#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L
-
-#define SN_secp521r1 "secp521r1"
-#define NID_secp521r1 716
-#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L
-
-#define SN_sect113r1 "sect113r1"
-#define NID_sect113r1 717
-#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L
-
-#define SN_sect113r2 "sect113r2"
-#define NID_sect113r2 718
-#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L
-
-#define SN_sect131r1 "sect131r1"
-#define NID_sect131r1 719
-#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L
-
-#define SN_sect131r2 "sect131r2"
-#define NID_sect131r2 720
-#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L
-
-#define SN_sect163k1 "sect163k1"
-#define NID_sect163k1 721
-#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L
-
-#define SN_sect163r1 "sect163r1"
-#define NID_sect163r1 722
-#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L
-
-#define SN_sect163r2 "sect163r2"
-#define NID_sect163r2 723
-#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L
-
-#define SN_sect193r1 "sect193r1"
-#define NID_sect193r1 724
-#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L
-
-#define SN_sect193r2 "sect193r2"
-#define NID_sect193r2 725
-#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L
-
-#define SN_sect233k1 "sect233k1"
-#define NID_sect233k1 726
-#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L
-
-#define SN_sect233r1 "sect233r1"
-#define NID_sect233r1 727
-#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L
-
-#define SN_sect239k1 "sect239k1"
-#define NID_sect239k1 728
-#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L
-
-#define SN_sect283k1 "sect283k1"
-#define NID_sect283k1 729
-#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L
-
-#define SN_sect283r1 "sect283r1"
-#define NID_sect283r1 730
-#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L
-
-#define SN_sect409k1 "sect409k1"
-#define NID_sect409k1 731
-#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L
-
-#define SN_sect409r1 "sect409r1"
-#define NID_sect409r1 732
-#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L
-
-#define SN_sect571k1 "sect571k1"
-#define NID_sect571k1 733
-#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L
-
-#define SN_sect571r1 "sect571r1"
-#define NID_sect571r1 734
-#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L
-
-#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L
-
-#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1"
-#define NID_wap_wsg_idm_ecid_wtls1 735
-#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L
-
-#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3"
-#define NID_wap_wsg_idm_ecid_wtls3 736
-#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L
-
-#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4"
-#define NID_wap_wsg_idm_ecid_wtls4 737
-#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L
-
-#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5"
-#define NID_wap_wsg_idm_ecid_wtls5 738
-#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L
-
-#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6"
-#define NID_wap_wsg_idm_ecid_wtls6 739
-#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L
-
-#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7"
-#define NID_wap_wsg_idm_ecid_wtls7 740
-#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L
-
-#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8"
-#define NID_wap_wsg_idm_ecid_wtls8 741
-#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L
-
-#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9"
-#define NID_wap_wsg_idm_ecid_wtls9 742
-#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L
-
-#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10"
-#define NID_wap_wsg_idm_ecid_wtls10 743
-#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L
-
-#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11"
-#define NID_wap_wsg_idm_ecid_wtls11 744
-#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L
-
-#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12"
-#define NID_wap_wsg_idm_ecid_wtls12 745
-#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L
-
-#define SN_cast5_cbc "CAST5-CBC"
-#define LN_cast5_cbc "cast5-cbc"
-#define NID_cast5_cbc 108
-#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L
-
-#define SN_cast5_ecb "CAST5-ECB"
-#define LN_cast5_ecb "cast5-ecb"
-#define NID_cast5_ecb 109
-
-#define SN_cast5_cfb64 "CAST5-CFB"
-#define LN_cast5_cfb64 "cast5-cfb"
-#define NID_cast5_cfb64 110
-
-#define SN_cast5_ofb64 "CAST5-OFB"
-#define LN_cast5_ofb64 "cast5-ofb"
-#define NID_cast5_ofb64 111
-
-#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC"
-#define NID_pbeWithMD5AndCast5_CBC 112
-#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L
-
-#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC"
-#define LN_id_PasswordBasedMAC "password based MAC"
-#define NID_id_PasswordBasedMAC 782
-#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L
-
-#define SN_id_DHBasedMac "id-DHBasedMac"
-#define LN_id_DHBasedMac "Diffie-Hellman based MAC"
-#define NID_id_DHBasedMac 783
-#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L
-
-#define SN_rsadsi "rsadsi"
-#define LN_rsadsi "RSA Data Security, Inc."
-#define NID_rsadsi 1
-#define OBJ_rsadsi OBJ_ISO_US,113549L
-
-#define SN_pkcs "pkcs"
-#define LN_pkcs "RSA Data Security, Inc. PKCS"
-#define NID_pkcs 2
-#define OBJ_pkcs OBJ_rsadsi,1L
-
-#define SN_pkcs1 "pkcs1"
-#define NID_pkcs1 186
-#define OBJ_pkcs1 OBJ_pkcs,1L
-
-#define LN_rsaEncryption "rsaEncryption"
-#define NID_rsaEncryption 6
-#define OBJ_rsaEncryption OBJ_pkcs1,1L
-
-#define SN_md2WithRSAEncryption "RSA-MD2"
-#define LN_md2WithRSAEncryption "md2WithRSAEncryption"
-#define NID_md2WithRSAEncryption 7
-#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L
-
-#define SN_md4WithRSAEncryption "RSA-MD4"
-#define LN_md4WithRSAEncryption "md4WithRSAEncryption"
-#define NID_md4WithRSAEncryption 396
-#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L
-
-#define SN_md5WithRSAEncryption "RSA-MD5"
-#define LN_md5WithRSAEncryption "md5WithRSAEncryption"
-#define NID_md5WithRSAEncryption 8
-#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L
-
-#define SN_sha1WithRSAEncryption "RSA-SHA1"
-#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption"
-#define NID_sha1WithRSAEncryption 65
-#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L
-
-#define SN_sha256WithRSAEncryption "RSA-SHA256"
-#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption"
-#define NID_sha256WithRSAEncryption 668
-#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L
-
-#define SN_sha384WithRSAEncryption "RSA-SHA384"
-#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption"
-#define NID_sha384WithRSAEncryption 669
-#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L
-
-#define SN_sha512WithRSAEncryption "RSA-SHA512"
-#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption"
-#define NID_sha512WithRSAEncryption 670
-#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L
-
-#define SN_sha224WithRSAEncryption "RSA-SHA224"
-#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption"
-#define NID_sha224WithRSAEncryption 671
-#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L
-
-#define SN_pkcs3 "pkcs3"
-#define NID_pkcs3 27
-#define OBJ_pkcs3 OBJ_pkcs,3L
-
-#define LN_dhKeyAgreement "dhKeyAgreement"
-#define NID_dhKeyAgreement 28
-#define OBJ_dhKeyAgreement OBJ_pkcs3,1L
-
-#define SN_pkcs5 "pkcs5"
-#define NID_pkcs5 187
-#define OBJ_pkcs5 OBJ_pkcs,5L
-
-#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES"
-#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC"
-#define NID_pbeWithMD2AndDES_CBC 9
-#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L
-
-#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES"
-#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC"
-#define NID_pbeWithMD5AndDES_CBC 10
-#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L
-
-#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64"
-#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC"
-#define NID_pbeWithMD2AndRC2_CBC 168
-#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L
-
-#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64"
-#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC"
-#define NID_pbeWithMD5AndRC2_CBC 169
-#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L
-
-#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES"
-#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC"
-#define NID_pbeWithSHA1AndDES_CBC 170
-#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L
-
-#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64"
-#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC"
-#define NID_pbeWithSHA1AndRC2_CBC 68
-#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L
-
-#define LN_id_pbkdf2 "PBKDF2"
-#define NID_id_pbkdf2 69
-#define OBJ_id_pbkdf2 OBJ_pkcs5,12L
-
-#define LN_pbes2 "PBES2"
-#define NID_pbes2 161
-#define OBJ_pbes2 OBJ_pkcs5,13L
-
-#define LN_pbmac1 "PBMAC1"
-#define NID_pbmac1 162
-#define OBJ_pbmac1 OBJ_pkcs5,14L
-
-#define SN_pkcs7 "pkcs7"
-#define NID_pkcs7 20
-#define OBJ_pkcs7 OBJ_pkcs,7L
-
-#define LN_pkcs7_data "pkcs7-data"
-#define NID_pkcs7_data 21
-#define OBJ_pkcs7_data OBJ_pkcs7,1L
-
-#define LN_pkcs7_signed "pkcs7-signedData"
-#define NID_pkcs7_signed 22
-#define OBJ_pkcs7_signed OBJ_pkcs7,2L
-
-#define LN_pkcs7_enveloped "pkcs7-envelopedData"
-#define NID_pkcs7_enveloped 23
-#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L
-
-#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData"
-#define NID_pkcs7_signedAndEnveloped 24
-#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L
-
-#define LN_pkcs7_digest "pkcs7-digestData"
-#define NID_pkcs7_digest 25
-#define OBJ_pkcs7_digest OBJ_pkcs7,5L
-
-#define LN_pkcs7_encrypted "pkcs7-encryptedData"
-#define NID_pkcs7_encrypted 26
-#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L
-
-#define SN_pkcs9 "pkcs9"
-#define NID_pkcs9 47
-#define OBJ_pkcs9 OBJ_pkcs,9L
-
-#define LN_pkcs9_emailAddress "emailAddress"
-#define NID_pkcs9_emailAddress 48
-#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L
-
-#define LN_pkcs9_unstructuredName "unstructuredName"
-#define NID_pkcs9_unstructuredName 49
-#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L
-
-#define LN_pkcs9_contentType "contentType"
-#define NID_pkcs9_contentType 50
-#define OBJ_pkcs9_contentType OBJ_pkcs9,3L
-
-#define LN_pkcs9_messageDigest "messageDigest"
-#define NID_pkcs9_messageDigest 51
-#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L
-
-#define LN_pkcs9_signingTime "signingTime"
-#define NID_pkcs9_signingTime 52
-#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L
-
-#define LN_pkcs9_countersignature "countersignature"
-#define NID_pkcs9_countersignature 53
-#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L
-
-#define LN_pkcs9_challengePassword "challengePassword"
-#define NID_pkcs9_challengePassword 54
-#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L
-
-#define LN_pkcs9_unstructuredAddress "unstructuredAddress"
-#define NID_pkcs9_unstructuredAddress 55
-#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L
-
-#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes"
-#define NID_pkcs9_extCertAttributes 56
-#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L
-
-#define SN_ext_req "extReq"
-#define LN_ext_req "Extension Request"
-#define NID_ext_req 172
-#define OBJ_ext_req OBJ_pkcs9,14L
-
-#define SN_SMIMECapabilities "SMIME-CAPS"
-#define LN_SMIMECapabilities "S/MIME Capabilities"
-#define NID_SMIMECapabilities 167
-#define OBJ_SMIMECapabilities OBJ_pkcs9,15L
-
-#define SN_SMIME "SMIME"
-#define LN_SMIME "S/MIME"
-#define NID_SMIME 188
-#define OBJ_SMIME OBJ_pkcs9,16L
-
-#define SN_id_smime_mod "id-smime-mod"
-#define NID_id_smime_mod 189
-#define OBJ_id_smime_mod OBJ_SMIME,0L
-
-#define SN_id_smime_ct "id-smime-ct"
-#define NID_id_smime_ct 190
-#define OBJ_id_smime_ct OBJ_SMIME,1L
-
-#define SN_id_smime_aa "id-smime-aa"
-#define NID_id_smime_aa 191
-#define OBJ_id_smime_aa OBJ_SMIME,2L
-
-#define SN_id_smime_alg "id-smime-alg"
-#define NID_id_smime_alg 192
-#define OBJ_id_smime_alg OBJ_SMIME,3L
-
-#define SN_id_smime_cd "id-smime-cd"
-#define NID_id_smime_cd 193
-#define OBJ_id_smime_cd OBJ_SMIME,4L
-
-#define SN_id_smime_spq "id-smime-spq"
-#define NID_id_smime_spq 194
-#define OBJ_id_smime_spq OBJ_SMIME,5L
-
-#define SN_id_smime_cti "id-smime-cti"
-#define NID_id_smime_cti 195
-#define OBJ_id_smime_cti OBJ_SMIME,6L
-
-#define SN_id_smime_mod_cms "id-smime-mod-cms"
-#define NID_id_smime_mod_cms 196
-#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L
-
-#define SN_id_smime_mod_ess "id-smime-mod-ess"
-#define NID_id_smime_mod_ess 197
-#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L
-
-#define SN_id_smime_mod_oid "id-smime-mod-oid"
-#define NID_id_smime_mod_oid 198
-#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L
-
-#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3"
-#define NID_id_smime_mod_msg_v3 199
-#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L
-
-#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88"
-#define NID_id_smime_mod_ets_eSignature_88 200
-#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L
-
-#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97"
-#define NID_id_smime_mod_ets_eSignature_97 201
-#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L
-
-#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88"
-#define NID_id_smime_mod_ets_eSigPolicy_88 202
-#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L
-
-#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97"
-#define NID_id_smime_mod_ets_eSigPolicy_97 203
-#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L
-
-#define SN_id_smime_ct_receipt "id-smime-ct-receipt"
-#define NID_id_smime_ct_receipt 204
-#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L
-
-#define SN_id_smime_ct_authData "id-smime-ct-authData"
-#define NID_id_smime_ct_authData 205
-#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L
-
-#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert"
-#define NID_id_smime_ct_publishCert 206
-#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L
-
-#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo"
-#define NID_id_smime_ct_TSTInfo 207
-#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L
-
-#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo"
-#define NID_id_smime_ct_TDTInfo 208
-#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L
-
-#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo"
-#define NID_id_smime_ct_contentInfo 209
-#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L
-
-#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData"
-#define NID_id_smime_ct_DVCSRequestData 210
-#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L
-
-#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData"
-#define NID_id_smime_ct_DVCSResponseData 211
-#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L
-
-#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData"
-#define NID_id_smime_ct_compressedData 786
-#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L
-
-#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF"
-#define NID_id_ct_asciiTextWithCRLF 787
-#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L
-
-#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest"
-#define NID_id_smime_aa_receiptRequest 212
-#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L
-
-#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel"
-#define NID_id_smime_aa_securityLabel 213
-#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L
-
-#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory"
-#define NID_id_smime_aa_mlExpandHistory 214
-#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L
-
-#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint"
-#define NID_id_smime_aa_contentHint 215
-#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L
-
-#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest"
-#define NID_id_smime_aa_msgSigDigest 216
-#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L
-
-#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType"
-#define NID_id_smime_aa_encapContentType 217
-#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L
-
-#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier"
-#define NID_id_smime_aa_contentIdentifier 218
-#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L
-
-#define SN_id_smime_aa_macValue "id-smime-aa-macValue"
-#define NID_id_smime_aa_macValue 219
-#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L
-
-#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels"
-#define NID_id_smime_aa_equivalentLabels 220
-#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L
-
-#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference"
-#define NID_id_smime_aa_contentReference 221
-#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L
-
-#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref"
-#define NID_id_smime_aa_encrypKeyPref 222
-#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L
-
-#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate"
-#define NID_id_smime_aa_signingCertificate 223
-#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L
-
-#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts"
-#define NID_id_smime_aa_smimeEncryptCerts 224
-#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L
-
-#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken"
-#define NID_id_smime_aa_timeStampToken 225
-#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L
-
-#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId"
-#define NID_id_smime_aa_ets_sigPolicyId 226
-#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L
-
-#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType"
-#define NID_id_smime_aa_ets_commitmentType 227
-#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L
-
-#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation"
-#define NID_id_smime_aa_ets_signerLocation 228
-#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L
-
-#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr"
-#define NID_id_smime_aa_ets_signerAttr 229
-#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L
-
-#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert"
-#define NID_id_smime_aa_ets_otherSigCert 230
-#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L
-
-#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp"
-#define NID_id_smime_aa_ets_contentTimestamp 231
-#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L
-
-#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs"
-#define NID_id_smime_aa_ets_CertificateRefs 232
-#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L
-
-#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs"
-#define NID_id_smime_aa_ets_RevocationRefs 233
-#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L
-
-#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues"
-#define NID_id_smime_aa_ets_certValues 234
-#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L
-
-#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues"
-#define NID_id_smime_aa_ets_revocationValues 235
-#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L
-
-#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp"
-#define NID_id_smime_aa_ets_escTimeStamp 236
-#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L
-
-#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp"
-#define NID_id_smime_aa_ets_certCRLTimestamp 237
-#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L
-
-#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp"
-#define NID_id_smime_aa_ets_archiveTimeStamp 238
-#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L
-
-#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType"
-#define NID_id_smime_aa_signatureType 239
-#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L
-
-#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc"
-#define NID_id_smime_aa_dvcs_dvc 240
-#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L
-
-#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES"
-#define NID_id_smime_alg_ESDHwith3DES 241
-#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L
-
-#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2"
-#define NID_id_smime_alg_ESDHwithRC2 242
-#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L
-
-#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap"
-#define NID_id_smime_alg_3DESwrap 243
-#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L
-
-#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap"
-#define NID_id_smime_alg_RC2wrap 244
-#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L
-
-#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH"
-#define NID_id_smime_alg_ESDH 245
-#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L
-
-#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap"
-#define NID_id_smime_alg_CMS3DESwrap 246
-#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L
-
-#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap"
-#define NID_id_smime_alg_CMSRC2wrap 247
-#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L
-
-#define SN_id_smime_cd_ldap "id-smime-cd-ldap"
-#define NID_id_smime_cd_ldap 248
-#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L
-
-#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri"
-#define NID_id_smime_spq_ets_sqt_uri 249
-#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L
-
-#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice"
-#define NID_id_smime_spq_ets_sqt_unotice 250
-#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L
-
-#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin"
-#define NID_id_smime_cti_ets_proofOfOrigin 251
-#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L
-
-#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt"
-#define NID_id_smime_cti_ets_proofOfReceipt 252
-#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L
-
-#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery"
-#define NID_id_smime_cti_ets_proofOfDelivery 253
-#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L
-
-#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender"
-#define NID_id_smime_cti_ets_proofOfSender 254
-#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L
-
-#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval"
-#define NID_id_smime_cti_ets_proofOfApproval 255
-#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L
-
-#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation"
-#define NID_id_smime_cti_ets_proofOfCreation 256
-#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L
-
-#define LN_friendlyName "friendlyName"
-#define NID_friendlyName 156
-#define OBJ_friendlyName OBJ_pkcs9,20L
-
-#define LN_localKeyID "localKeyID"
-#define NID_localKeyID 157
-#define OBJ_localKeyID OBJ_pkcs9,21L
-
-#define SN_ms_csp_name "CSPName"
-#define LN_ms_csp_name "Microsoft CSP Name"
-#define NID_ms_csp_name 417
-#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L
-
-#define SN_LocalKeySet "LocalKeySet"
-#define LN_LocalKeySet "Microsoft Local Key set"
-#define NID_LocalKeySet 856
-#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L
-
-#define OBJ_certTypes OBJ_pkcs9,22L
-
-#define LN_x509Certificate "x509Certificate"
-#define NID_x509Certificate 158
-#define OBJ_x509Certificate OBJ_certTypes,1L
-
-#define LN_sdsiCertificate "sdsiCertificate"
-#define NID_sdsiCertificate 159
-#define OBJ_sdsiCertificate OBJ_certTypes,2L
-
-#define OBJ_crlTypes OBJ_pkcs9,23L
-
-#define LN_x509Crl "x509Crl"
-#define NID_x509Crl 160
-#define OBJ_x509Crl OBJ_crlTypes,1L
-
-#define OBJ_pkcs12 OBJ_pkcs,12L
-
-#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L
-
-#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128"
-#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4"
-#define NID_pbe_WithSHA1And128BitRC4 144
-#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L
-
-#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40"
-#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4"
-#define NID_pbe_WithSHA1And40BitRC4 145
-#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L
-
-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES"
-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146
-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L
-
-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES"
-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147
-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L
-
-#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128"
-#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC"
-#define NID_pbe_WithSHA1And128BitRC2_CBC 148
-#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L
-
-#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40"
-#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC"
-#define NID_pbe_WithSHA1And40BitRC2_CBC 149
-#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L
-
-#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L
-
-#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L
-
-#define LN_keyBag "keyBag"
-#define NID_keyBag 150
-#define OBJ_keyBag OBJ_pkcs12_BagIds,1L
-
-#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag"
-#define NID_pkcs8ShroudedKeyBag 151
-#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L
-
-#define LN_certBag "certBag"
-#define NID_certBag 152
-#define OBJ_certBag OBJ_pkcs12_BagIds,3L
-
-#define LN_crlBag "crlBag"
-#define NID_crlBag 153
-#define OBJ_crlBag OBJ_pkcs12_BagIds,4L
-
-#define LN_secretBag "secretBag"
-#define NID_secretBag 154
-#define OBJ_secretBag OBJ_pkcs12_BagIds,5L
-
-#define LN_safeContentsBag "safeContentsBag"
-#define NID_safeContentsBag 155
-#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L
-
-#define SN_md2 "MD2"
-#define LN_md2 "md2"
-#define NID_md2 3
-#define OBJ_md2 OBJ_rsadsi,2L,2L
-
-#define SN_md4 "MD4"
-#define LN_md4 "md4"
-#define NID_md4 257
-#define OBJ_md4 OBJ_rsadsi,2L,4L
-
-#define SN_md5 "MD5"
-#define LN_md5 "md5"
-#define NID_md5 4
-#define OBJ_md5 OBJ_rsadsi,2L,5L
-
-#define SN_md5_sha1 "MD5-SHA1"
-#define LN_md5_sha1 "md5-sha1"
-#define NID_md5_sha1 114
-
-#define LN_hmacWithMD5 "hmacWithMD5"
-#define NID_hmacWithMD5 797
-#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L
-
-#define LN_hmacWithSHA1 "hmacWithSHA1"
-#define NID_hmacWithSHA1 163
-#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L
-
-#define LN_hmacWithSHA224 "hmacWithSHA224"
-#define NID_hmacWithSHA224 798
-#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L
-
-#define LN_hmacWithSHA256 "hmacWithSHA256"
-#define NID_hmacWithSHA256 799
-#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L
-
-#define LN_hmacWithSHA384 "hmacWithSHA384"
-#define NID_hmacWithSHA384 800
-#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L
-
-#define LN_hmacWithSHA512 "hmacWithSHA512"
-#define NID_hmacWithSHA512 801
-#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L
-
-#define SN_rc2_cbc "RC2-CBC"
-#define LN_rc2_cbc "rc2-cbc"
-#define NID_rc2_cbc 37
-#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L
-
-#define SN_rc2_ecb "RC2-ECB"
-#define LN_rc2_ecb "rc2-ecb"
-#define NID_rc2_ecb 38
-
-#define SN_rc2_cfb64 "RC2-CFB"
-#define LN_rc2_cfb64 "rc2-cfb"
-#define NID_rc2_cfb64 39
-
-#define SN_rc2_ofb64 "RC2-OFB"
-#define LN_rc2_ofb64 "rc2-ofb"
-#define NID_rc2_ofb64 40
-
-#define SN_rc2_40_cbc "RC2-40-CBC"
-#define LN_rc2_40_cbc "rc2-40-cbc"
-#define NID_rc2_40_cbc 98
-
-#define SN_rc2_64_cbc "RC2-64-CBC"
-#define LN_rc2_64_cbc "rc2-64-cbc"
-#define NID_rc2_64_cbc 166
-
-#define SN_rc4 "RC4"
-#define LN_rc4 "rc4"
-#define NID_rc4 5
-#define OBJ_rc4 OBJ_rsadsi,3L,4L
-
-#define SN_rc4_40 "RC4-40"
-#define LN_rc4_40 "rc4-40"
-#define NID_rc4_40 97
-
-#define SN_des_ede3_cbc "DES-EDE3-CBC"
-#define LN_des_ede3_cbc "des-ede3-cbc"
-#define NID_des_ede3_cbc 44
-#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L
-
-#define SN_rc5_cbc "RC5-CBC"
-#define LN_rc5_cbc "rc5-cbc"
-#define NID_rc5_cbc 120
-#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L
-
-#define SN_rc5_ecb "RC5-ECB"
-#define LN_rc5_ecb "rc5-ecb"
-#define NID_rc5_ecb 121
-
-#define SN_rc5_cfb64 "RC5-CFB"
-#define LN_rc5_cfb64 "rc5-cfb"
-#define NID_rc5_cfb64 122
-
-#define SN_rc5_ofb64 "RC5-OFB"
-#define LN_rc5_ofb64 "rc5-ofb"
-#define NID_rc5_ofb64 123
-
-#define SN_ms_ext_req "msExtReq"
-#define LN_ms_ext_req "Microsoft Extension Request"
-#define NID_ms_ext_req 171
-#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
-
-#define SN_ms_code_ind "msCodeInd"
-#define LN_ms_code_ind "Microsoft Individual Code Signing"
-#define NID_ms_code_ind 134
-#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
-
-#define SN_ms_code_com "msCodeCom"
-#define LN_ms_code_com "Microsoft Commercial Code Signing"
-#define NID_ms_code_com 135
-#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
-
-#define SN_ms_ctl_sign "msCTLSign"
-#define LN_ms_ctl_sign "Microsoft Trust List Signing"
-#define NID_ms_ctl_sign 136
-#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
-
-#define SN_ms_sgc "msSGC"
-#define LN_ms_sgc "Microsoft Server Gated Crypto"
-#define NID_ms_sgc 137
-#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
-
-#define SN_ms_efs "msEFS"
-#define LN_ms_efs "Microsoft Encrypted File System"
-#define NID_ms_efs 138
-#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
-
-#define SN_ms_smartcard_login "msSmartcardLogin"
-#define LN_ms_smartcard_login "Microsoft Smartcardlogin"
-#define NID_ms_smartcard_login 648
-#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
-
-#define SN_ms_upn "msUPN"
-#define LN_ms_upn "Microsoft Universal Principal Name"
-#define NID_ms_upn 649
-#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
-
-#define SN_idea_cbc "IDEA-CBC"
-#define LN_idea_cbc "idea-cbc"
-#define NID_idea_cbc 34
-#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
-
-#define SN_idea_ecb "IDEA-ECB"
-#define LN_idea_ecb "idea-ecb"
-#define NID_idea_ecb 36
-
-#define SN_idea_cfb64 "IDEA-CFB"
-#define LN_idea_cfb64 "idea-cfb"
-#define NID_idea_cfb64 35
-
-#define SN_idea_ofb64 "IDEA-OFB"
-#define LN_idea_ofb64 "idea-ofb"
-#define NID_idea_ofb64 46
-
-#define SN_bf_cbc "BF-CBC"
-#define LN_bf_cbc "bf-cbc"
-#define NID_bf_cbc 91
-#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L
-
-#define SN_bf_ecb "BF-ECB"
-#define LN_bf_ecb "bf-ecb"
-#define NID_bf_ecb 92
-
-#define SN_bf_cfb64 "BF-CFB"
-#define LN_bf_cfb64 "bf-cfb"
-#define NID_bf_cfb64 93
-
-#define SN_bf_ofb64 "BF-OFB"
-#define LN_bf_ofb64 "bf-ofb"
-#define NID_bf_ofb64 94
-
-#define SN_id_pkix "PKIX"
-#define NID_id_pkix 127
-#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L
-
-#define SN_id_pkix_mod "id-pkix-mod"
-#define NID_id_pkix_mod 258
-#define OBJ_id_pkix_mod OBJ_id_pkix,0L
-
-#define SN_id_pe "id-pe"
-#define NID_id_pe 175
-#define OBJ_id_pe OBJ_id_pkix,1L
-
-#define SN_id_qt "id-qt"
-#define NID_id_qt 259
-#define OBJ_id_qt OBJ_id_pkix,2L
-
-#define SN_id_kp "id-kp"
-#define NID_id_kp 128
-#define OBJ_id_kp OBJ_id_pkix,3L
-
-#define SN_id_it "id-it"
-#define NID_id_it 260
-#define OBJ_id_it OBJ_id_pkix,4L
-
-#define SN_id_pkip "id-pkip"
-#define NID_id_pkip 261
-#define OBJ_id_pkip OBJ_id_pkix,5L
-
-#define SN_id_alg "id-alg"
-#define NID_id_alg 262
-#define OBJ_id_alg OBJ_id_pkix,6L
-
-#define SN_id_cmc "id-cmc"
-#define NID_id_cmc 263
-#define OBJ_id_cmc OBJ_id_pkix,7L
-
-#define SN_id_on "id-on"
-#define NID_id_on 264
-#define OBJ_id_on OBJ_id_pkix,8L
-
-#define SN_id_pda "id-pda"
-#define NID_id_pda 265
-#define OBJ_id_pda OBJ_id_pkix,9L
-
-#define SN_id_aca "id-aca"
-#define NID_id_aca 266
-#define OBJ_id_aca OBJ_id_pkix,10L
-
-#define SN_id_qcs "id-qcs"
-#define NID_id_qcs 267
-#define OBJ_id_qcs OBJ_id_pkix,11L
-
-#define SN_id_cct "id-cct"
-#define NID_id_cct 268
-#define OBJ_id_cct OBJ_id_pkix,12L
-
-#define SN_id_ppl "id-ppl"
-#define NID_id_ppl 662
-#define OBJ_id_ppl OBJ_id_pkix,21L
-
-#define SN_id_ad "id-ad"
-#define NID_id_ad 176
-#define OBJ_id_ad OBJ_id_pkix,48L
-
-#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88"
-#define NID_id_pkix1_explicit_88 269
-#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L
-
-#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88"
-#define NID_id_pkix1_implicit_88 270
-#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L
-
-#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93"
-#define NID_id_pkix1_explicit_93 271
-#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L
-
-#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93"
-#define NID_id_pkix1_implicit_93 272
-#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L
-
-#define SN_id_mod_crmf "id-mod-crmf"
-#define NID_id_mod_crmf 273
-#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L
-
-#define SN_id_mod_cmc "id-mod-cmc"
-#define NID_id_mod_cmc 274
-#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L
-
-#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88"
-#define NID_id_mod_kea_profile_88 275
-#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L
-
-#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93"
-#define NID_id_mod_kea_profile_93 276
-#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L
-
-#define SN_id_mod_cmp "id-mod-cmp"
-#define NID_id_mod_cmp 277
-#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L
-
-#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88"
-#define NID_id_mod_qualified_cert_88 278
-#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L
-
-#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93"
-#define NID_id_mod_qualified_cert_93 279
-#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L
-
-#define SN_id_mod_attribute_cert "id-mod-attribute-cert"
-#define NID_id_mod_attribute_cert 280
-#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L
-
-#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol"
-#define NID_id_mod_timestamp_protocol 281
-#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L
-
-#define SN_id_mod_ocsp "id-mod-ocsp"
-#define NID_id_mod_ocsp 282
-#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L
-
-#define SN_id_mod_dvcs "id-mod-dvcs"
-#define NID_id_mod_dvcs 283
-#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L
-
-#define SN_id_mod_cmp2000 "id-mod-cmp2000"
-#define NID_id_mod_cmp2000 284
-#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L
-
-#define SN_info_access "authorityInfoAccess"
-#define LN_info_access "Authority Information Access"
-#define NID_info_access 177
-#define OBJ_info_access OBJ_id_pe,1L
-
-#define SN_biometricInfo "biometricInfo"
-#define LN_biometricInfo "Biometric Info"
-#define NID_biometricInfo 285
-#define OBJ_biometricInfo OBJ_id_pe,2L
-
-#define SN_qcStatements "qcStatements"
-#define NID_qcStatements 286
-#define OBJ_qcStatements OBJ_id_pe,3L
-
-#define SN_ac_auditEntity "ac-auditEntity"
-#define NID_ac_auditEntity 287
-#define OBJ_ac_auditEntity OBJ_id_pe,4L
-
-#define SN_ac_targeting "ac-targeting"
-#define NID_ac_targeting 288
-#define OBJ_ac_targeting OBJ_id_pe,5L
-
-#define SN_aaControls "aaControls"
-#define NID_aaControls 289
-#define OBJ_aaControls OBJ_id_pe,6L
-
-#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock"
-#define NID_sbgp_ipAddrBlock 290
-#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L
-
-#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum"
-#define NID_sbgp_autonomousSysNum 291
-#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L
-
-#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier"
-#define NID_sbgp_routerIdentifier 292
-#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L
-
-#define SN_ac_proxying "ac-proxying"
-#define NID_ac_proxying 397
-#define OBJ_ac_proxying OBJ_id_pe,10L
-
-#define SN_sinfo_access "subjectInfoAccess"
-#define LN_sinfo_access "Subject Information Access"
-#define NID_sinfo_access 398
-#define OBJ_sinfo_access OBJ_id_pe,11L
-
-#define SN_proxyCertInfo "proxyCertInfo"
-#define LN_proxyCertInfo "Proxy Certificate Information"
-#define NID_proxyCertInfo 663
-#define OBJ_proxyCertInfo OBJ_id_pe,14L
-
-#define SN_id_qt_cps "id-qt-cps"
-#define LN_id_qt_cps "Policy Qualifier CPS"
-#define NID_id_qt_cps 164
-#define OBJ_id_qt_cps OBJ_id_qt,1L
-
-#define SN_id_qt_unotice "id-qt-unotice"
-#define LN_id_qt_unotice "Policy Qualifier User Notice"
-#define NID_id_qt_unotice 165
-#define OBJ_id_qt_unotice OBJ_id_qt,2L
-
-#define SN_textNotice "textNotice"
-#define NID_textNotice 293
-#define OBJ_textNotice OBJ_id_qt,3L
-
-#define SN_server_auth "serverAuth"
-#define LN_server_auth "TLS Web Server Authentication"
-#define NID_server_auth 129
-#define OBJ_server_auth OBJ_id_kp,1L
-
-#define SN_client_auth "clientAuth"
-#define LN_client_auth "TLS Web Client Authentication"
-#define NID_client_auth 130
-#define OBJ_client_auth OBJ_id_kp,2L
-
-#define SN_code_sign "codeSigning"
-#define LN_code_sign "Code Signing"
-#define NID_code_sign 131
-#define OBJ_code_sign OBJ_id_kp,3L
-
-#define SN_email_protect "emailProtection"
-#define LN_email_protect "E-mail Protection"
-#define NID_email_protect 132
-#define OBJ_email_protect OBJ_id_kp,4L
-
-#define SN_ipsecEndSystem "ipsecEndSystem"
-#define LN_ipsecEndSystem "IPSec End System"
-#define NID_ipsecEndSystem 294
-#define OBJ_ipsecEndSystem OBJ_id_kp,5L
-
-#define SN_ipsecTunnel "ipsecTunnel"
-#define LN_ipsecTunnel "IPSec Tunnel"
-#define NID_ipsecTunnel 295
-#define OBJ_ipsecTunnel OBJ_id_kp,6L
-
-#define SN_ipsecUser "ipsecUser"
-#define LN_ipsecUser "IPSec User"
-#define NID_ipsecUser 296
-#define OBJ_ipsecUser OBJ_id_kp,7L
-
-#define SN_time_stamp "timeStamping"
-#define LN_time_stamp "Time Stamping"
-#define NID_time_stamp 133
-#define OBJ_time_stamp OBJ_id_kp,8L
-
-#define SN_OCSP_sign "OCSPSigning"
-#define LN_OCSP_sign "OCSP Signing"
-#define NID_OCSP_sign 180
-#define OBJ_OCSP_sign OBJ_id_kp,9L
-
-#define SN_dvcs "DVCS"
-#define LN_dvcs "dvcs"
-#define NID_dvcs 297
-#define OBJ_dvcs OBJ_id_kp,10L
-
-#define SN_id_it_caProtEncCert "id-it-caProtEncCert"
-#define NID_id_it_caProtEncCert 298
-#define OBJ_id_it_caProtEncCert OBJ_id_it,1L
-
-#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes"
-#define NID_id_it_signKeyPairTypes 299
-#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L
-
-#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes"
-#define NID_id_it_encKeyPairTypes 300
-#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L
-
-#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg"
-#define NID_id_it_preferredSymmAlg 301
-#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L
-
-#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo"
-#define NID_id_it_caKeyUpdateInfo 302
-#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L
-
-#define SN_id_it_currentCRL "id-it-currentCRL"
-#define NID_id_it_currentCRL 303
-#define OBJ_id_it_currentCRL OBJ_id_it,6L
-
-#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs"
-#define NID_id_it_unsupportedOIDs 304
-#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L
-
-#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest"
-#define NID_id_it_subscriptionRequest 305
-#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L
-
-#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse"
-#define NID_id_it_subscriptionResponse 306
-#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L
-
-#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq"
-#define NID_id_it_keyPairParamReq 307
-#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L
-
-#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep"
-#define NID_id_it_keyPairParamRep 308
-#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L
-
-#define SN_id_it_revPassphrase "id-it-revPassphrase"
-#define NID_id_it_revPassphrase 309
-#define OBJ_id_it_revPassphrase OBJ_id_it,12L
-
-#define SN_id_it_implicitConfirm "id-it-implicitConfirm"
-#define NID_id_it_implicitConfirm 310
-#define OBJ_id_it_implicitConfirm OBJ_id_it,13L
-
-#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime"
-#define NID_id_it_confirmWaitTime 311
-#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L
-
-#define SN_id_it_origPKIMessage "id-it-origPKIMessage"
-#define NID_id_it_origPKIMessage 312
-#define OBJ_id_it_origPKIMessage OBJ_id_it,15L
-
-#define SN_id_it_suppLangTags "id-it-suppLangTags"
-#define NID_id_it_suppLangTags 784
-#define OBJ_id_it_suppLangTags OBJ_id_it,16L
-
-#define SN_id_regCtrl "id-regCtrl"
-#define NID_id_regCtrl 313
-#define OBJ_id_regCtrl OBJ_id_pkip,1L
-
-#define SN_id_regInfo "id-regInfo"
-#define NID_id_regInfo 314
-#define OBJ_id_regInfo OBJ_id_pkip,2L
-
-#define SN_id_regCtrl_regToken "id-regCtrl-regToken"
-#define NID_id_regCtrl_regToken 315
-#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L
-
-#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator"
-#define NID_id_regCtrl_authenticator 316
-#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L
-
-#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo"
-#define NID_id_regCtrl_pkiPublicationInfo 317
-#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L
-
-#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions"
-#define NID_id_regCtrl_pkiArchiveOptions 318
-#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L
-
-#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID"
-#define NID_id_regCtrl_oldCertID 319
-#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L
-
-#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey"
-#define NID_id_regCtrl_protocolEncrKey 320
-#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L
-
-#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs"
-#define NID_id_regInfo_utf8Pairs 321
-#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L
-
-#define SN_id_regInfo_certReq "id-regInfo-certReq"
-#define NID_id_regInfo_certReq 322
-#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L
-
-#define SN_id_alg_des40 "id-alg-des40"
-#define NID_id_alg_des40 323
-#define OBJ_id_alg_des40 OBJ_id_alg,1L
-
-#define SN_id_alg_noSignature "id-alg-noSignature"
-#define NID_id_alg_noSignature 324
-#define OBJ_id_alg_noSignature OBJ_id_alg,2L
-
-#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1"
-#define NID_id_alg_dh_sig_hmac_sha1 325
-#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L
-
-#define SN_id_alg_dh_pop "id-alg-dh-pop"
-#define NID_id_alg_dh_pop 326
-#define OBJ_id_alg_dh_pop OBJ_id_alg,4L
-
-#define SN_id_cmc_statusInfo "id-cmc-statusInfo"
-#define NID_id_cmc_statusInfo 327
-#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L
-
-#define SN_id_cmc_identification "id-cmc-identification"
-#define NID_id_cmc_identification 328
-#define OBJ_id_cmc_identification OBJ_id_cmc,2L
-
-#define SN_id_cmc_identityProof "id-cmc-identityProof"
-#define NID_id_cmc_identityProof 329
-#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L
-
-#define SN_id_cmc_dataReturn "id-cmc-dataReturn"
-#define NID_id_cmc_dataReturn 330
-#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L
-
-#define SN_id_cmc_transactionId "id-cmc-transactionId"
-#define NID_id_cmc_transactionId 331
-#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L
-
-#define SN_id_cmc_senderNonce "id-cmc-senderNonce"
-#define NID_id_cmc_senderNonce 332
-#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L
-
-#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce"
-#define NID_id_cmc_recipientNonce 333
-#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L
-
-#define SN_id_cmc_addExtensions "id-cmc-addExtensions"
-#define NID_id_cmc_addExtensions 334
-#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L
-
-#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP"
-#define NID_id_cmc_encryptedPOP 335
-#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L
-
-#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP"
-#define NID_id_cmc_decryptedPOP 336
-#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L
-
-#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness"
-#define NID_id_cmc_lraPOPWitness 337
-#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L
-
-#define SN_id_cmc_getCert "id-cmc-getCert"
-#define NID_id_cmc_getCert 338
-#define OBJ_id_cmc_getCert OBJ_id_cmc,15L
-
-#define SN_id_cmc_getCRL "id-cmc-getCRL"
-#define NID_id_cmc_getCRL 339
-#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L
-
-#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest"
-#define NID_id_cmc_revokeRequest 340
-#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L
-
-#define SN_id_cmc_regInfo "id-cmc-regInfo"
-#define NID_id_cmc_regInfo 341
-#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L
-
-#define SN_id_cmc_responseInfo "id-cmc-responseInfo"
-#define NID_id_cmc_responseInfo 342
-#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L
-
-#define SN_id_cmc_queryPending "id-cmc-queryPending"
-#define NID_id_cmc_queryPending 343
-#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L
-
-#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom"
-#define NID_id_cmc_popLinkRandom 344
-#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L
-
-#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness"
-#define NID_id_cmc_popLinkWitness 345
-#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L
-
-#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance"
-#define NID_id_cmc_confirmCertAcceptance 346
-#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L
-
-#define SN_id_on_personalData "id-on-personalData"
-#define NID_id_on_personalData 347
-#define OBJ_id_on_personalData OBJ_id_on,1L
-
-#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier"
-#define LN_id_on_permanentIdentifier "Permanent Identifier"
-#define NID_id_on_permanentIdentifier 858
-#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L
-
-#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth"
-#define NID_id_pda_dateOfBirth 348
-#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L
-
-#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth"
-#define NID_id_pda_placeOfBirth 349
-#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L
-
-#define SN_id_pda_gender "id-pda-gender"
-#define NID_id_pda_gender 351
-#define OBJ_id_pda_gender OBJ_id_pda,3L
-
-#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship"
-#define NID_id_pda_countryOfCitizenship 352
-#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L
-
-#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence"
-#define NID_id_pda_countryOfResidence 353
-#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L
-
-#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo"
-#define NID_id_aca_authenticationInfo 354
-#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L
-
-#define SN_id_aca_accessIdentity "id-aca-accessIdentity"
-#define NID_id_aca_accessIdentity 355
-#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L
-
-#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity"
-#define NID_id_aca_chargingIdentity 356
-#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L
-
-#define SN_id_aca_group "id-aca-group"
-#define NID_id_aca_group 357
-#define OBJ_id_aca_group OBJ_id_aca,4L
-
-#define SN_id_aca_role "id-aca-role"
-#define NID_id_aca_role 358
-#define OBJ_id_aca_role OBJ_id_aca,5L
-
-#define SN_id_aca_encAttrs "id-aca-encAttrs"
-#define NID_id_aca_encAttrs 399
-#define OBJ_id_aca_encAttrs OBJ_id_aca,6L
-
-#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1"
-#define NID_id_qcs_pkixQCSyntax_v1 359
-#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L
-
-#define SN_id_cct_crs "id-cct-crs"
-#define NID_id_cct_crs 360
-#define OBJ_id_cct_crs OBJ_id_cct,1L
-
-#define SN_id_cct_PKIData "id-cct-PKIData"
-#define NID_id_cct_PKIData 361
-#define OBJ_id_cct_PKIData OBJ_id_cct,2L
-
-#define SN_id_cct_PKIResponse "id-cct-PKIResponse"
-#define NID_id_cct_PKIResponse 362
-#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L
-
-#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage"
-#define LN_id_ppl_anyLanguage "Any language"
-#define NID_id_ppl_anyLanguage 664
-#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L
-
-#define SN_id_ppl_inheritAll "id-ppl-inheritAll"
-#define LN_id_ppl_inheritAll "Inherit all"
-#define NID_id_ppl_inheritAll 665
-#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L
-
-#define SN_Independent "id-ppl-independent"
-#define LN_Independent "Independent"
-#define NID_Independent 667
-#define OBJ_Independent OBJ_id_ppl,2L
-
-#define SN_ad_OCSP "OCSP"
-#define LN_ad_OCSP "OCSP"
-#define NID_ad_OCSP 178
-#define OBJ_ad_OCSP OBJ_id_ad,1L
-
-#define SN_ad_ca_issuers "caIssuers"
-#define LN_ad_ca_issuers "CA Issuers"
-#define NID_ad_ca_issuers 179
-#define OBJ_ad_ca_issuers OBJ_id_ad,2L
-
-#define SN_ad_timeStamping "ad_timestamping"
-#define LN_ad_timeStamping "AD Time Stamping"
-#define NID_ad_timeStamping 363
-#define OBJ_ad_timeStamping OBJ_id_ad,3L
-
-#define SN_ad_dvcs "AD_DVCS"
-#define LN_ad_dvcs "ad dvcs"
-#define NID_ad_dvcs 364
-#define OBJ_ad_dvcs OBJ_id_ad,4L
-
-#define SN_caRepository "caRepository"
-#define LN_caRepository "CA Repository"
-#define NID_caRepository 785
-#define OBJ_caRepository OBJ_id_ad,5L
-
-#define OBJ_id_pkix_OCSP OBJ_ad_OCSP
-
-#define SN_id_pkix_OCSP_basic "basicOCSPResponse"
-#define LN_id_pkix_OCSP_basic "Basic OCSP Response"
-#define NID_id_pkix_OCSP_basic 365
-#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L
-
-#define SN_id_pkix_OCSP_Nonce "Nonce"
-#define LN_id_pkix_OCSP_Nonce "OCSP Nonce"
-#define NID_id_pkix_OCSP_Nonce 366
-#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L
-
-#define SN_id_pkix_OCSP_CrlID "CrlID"
-#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID"
-#define NID_id_pkix_OCSP_CrlID 367
-#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L
-
-#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses"
-#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses"
-#define NID_id_pkix_OCSP_acceptableResponses 368
-#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L
-
-#define SN_id_pkix_OCSP_noCheck "noCheck"
-#define LN_id_pkix_OCSP_noCheck "OCSP No Check"
-#define NID_id_pkix_OCSP_noCheck 369
-#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L
-
-#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff"
-#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff"
-#define NID_id_pkix_OCSP_archiveCutoff 370
-#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L
-
-#define SN_id_pkix_OCSP_serviceLocator "serviceLocator"
-#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator"
-#define NID_id_pkix_OCSP_serviceLocator 371
-#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L
-
-#define SN_id_pkix_OCSP_extendedStatus "extendedStatus"
-#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status"
-#define NID_id_pkix_OCSP_extendedStatus 372
-#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L
-
-#define SN_id_pkix_OCSP_valid "valid"
-#define NID_id_pkix_OCSP_valid 373
-#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L
-
-#define SN_id_pkix_OCSP_path "path"
-#define NID_id_pkix_OCSP_path 374
-#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L
-
-#define SN_id_pkix_OCSP_trustRoot "trustRoot"
-#define LN_id_pkix_OCSP_trustRoot "Trust Root"
-#define NID_id_pkix_OCSP_trustRoot 375
-#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L
-
-#define SN_algorithm "algorithm"
-#define LN_algorithm "algorithm"
-#define NID_algorithm 376
-#define OBJ_algorithm 1L,3L,14L,3L,2L
-
-#define SN_md5WithRSA "RSA-NP-MD5"
-#define LN_md5WithRSA "md5WithRSA"
-#define NID_md5WithRSA 104
-#define OBJ_md5WithRSA OBJ_algorithm,3L
-
-#define SN_des_ecb "DES-ECB"
-#define LN_des_ecb "des-ecb"
-#define NID_des_ecb 29
-#define OBJ_des_ecb OBJ_algorithm,6L
-
-#define SN_des_cbc "DES-CBC"
-#define LN_des_cbc "des-cbc"
-#define NID_des_cbc 31
-#define OBJ_des_cbc OBJ_algorithm,7L
-
-#define SN_des_ofb64 "DES-OFB"
-#define LN_des_ofb64 "des-ofb"
-#define NID_des_ofb64 45
-#define OBJ_des_ofb64 OBJ_algorithm,8L
-
-#define SN_des_cfb64 "DES-CFB"
-#define LN_des_cfb64 "des-cfb"
-#define NID_des_cfb64 30
-#define OBJ_des_cfb64 OBJ_algorithm,9L
-
-#define SN_rsaSignature "rsaSignature"
-#define NID_rsaSignature 377
-#define OBJ_rsaSignature OBJ_algorithm,11L
-
-#define SN_dsa_2 "DSA-old"
-#define LN_dsa_2 "dsaEncryption-old"
-#define NID_dsa_2 67
-#define OBJ_dsa_2 OBJ_algorithm,12L
-
-#define SN_dsaWithSHA "DSA-SHA"
-#define LN_dsaWithSHA "dsaWithSHA"
-#define NID_dsaWithSHA 66
-#define OBJ_dsaWithSHA OBJ_algorithm,13L
-
-#define SN_shaWithRSAEncryption "RSA-SHA"
-#define LN_shaWithRSAEncryption "shaWithRSAEncryption"
-#define NID_shaWithRSAEncryption 42
-#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L
-
-#define SN_des_ede_ecb "DES-EDE"
-#define LN_des_ede_ecb "des-ede"
-#define NID_des_ede_ecb 32
-#define OBJ_des_ede_ecb OBJ_algorithm,17L
-
-#define SN_des_ede3_ecb "DES-EDE3"
-#define LN_des_ede3_ecb "des-ede3"
-#define NID_des_ede3_ecb 33
-
-#define SN_des_ede_cbc "DES-EDE-CBC"
-#define LN_des_ede_cbc "des-ede-cbc"
-#define NID_des_ede_cbc 43
-
-#define SN_des_ede_cfb64 "DES-EDE-CFB"
-#define LN_des_ede_cfb64 "des-ede-cfb"
-#define NID_des_ede_cfb64 60
-
-#define SN_des_ede3_cfb64 "DES-EDE3-CFB"
-#define LN_des_ede3_cfb64 "des-ede3-cfb"
-#define NID_des_ede3_cfb64 61
-
-#define SN_des_ede_ofb64 "DES-EDE-OFB"
-#define LN_des_ede_ofb64 "des-ede-ofb"
-#define NID_des_ede_ofb64 62
-
-#define SN_des_ede3_ofb64 "DES-EDE3-OFB"
-#define LN_des_ede3_ofb64 "des-ede3-ofb"
-#define NID_des_ede3_ofb64 63
-
-#define SN_desx_cbc "DESX-CBC"
-#define LN_desx_cbc "desx-cbc"
-#define NID_desx_cbc 80
-
-#define SN_sha "SHA"
-#define LN_sha "sha"
-#define NID_sha 41
-#define OBJ_sha OBJ_algorithm,18L
-
-#define SN_sha1 "SHA1"
-#define LN_sha1 "sha1"
-#define NID_sha1 64
-#define OBJ_sha1 OBJ_algorithm,26L
-
-#define SN_dsaWithSHA1_2 "DSA-SHA1-old"
-#define LN_dsaWithSHA1_2 "dsaWithSHA1-old"
-#define NID_dsaWithSHA1_2 70
-#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L
-
-#define SN_sha1WithRSA "RSA-SHA1-2"
-#define LN_sha1WithRSA "sha1WithRSA"
-#define NID_sha1WithRSA 115
-#define OBJ_sha1WithRSA OBJ_algorithm,29L
-
-#define SN_ripemd160 "RIPEMD160"
-#define LN_ripemd160 "ripemd160"
-#define NID_ripemd160 117
-#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L
-
-#define SN_ripemd160WithRSA "RSA-RIPEMD160"
-#define LN_ripemd160WithRSA "ripemd160WithRSA"
-#define NID_ripemd160WithRSA 119
-#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L
-
-#define SN_sxnet "SXNetID"
-#define LN_sxnet "Strong Extranet ID"
-#define NID_sxnet 143
-#define OBJ_sxnet 1L,3L,101L,1L,4L,1L
-
-#define SN_X500 "X500"
-#define LN_X500 "directory services (X.500)"
-#define NID_X500 11
-#define OBJ_X500 2L,5L
-
-#define SN_X509 "X509"
-#define NID_X509 12
-#define OBJ_X509 OBJ_X500,4L
-
-#define SN_commonName "CN"
-#define LN_commonName "commonName"
-#define NID_commonName 13
-#define OBJ_commonName OBJ_X509,3L
-
-#define SN_surname "SN"
-#define LN_surname "surname"
-#define NID_surname 100
-#define OBJ_surname OBJ_X509,4L
-
-#define LN_serialNumber "serialNumber"
-#define NID_serialNumber 105
-#define OBJ_serialNumber OBJ_X509,5L
-
-#define SN_countryName "C"
-#define LN_countryName "countryName"
-#define NID_countryName 14
-#define OBJ_countryName OBJ_X509,6L
-
-#define SN_localityName "L"
-#define LN_localityName "localityName"
-#define NID_localityName 15
-#define OBJ_localityName OBJ_X509,7L
-
-#define SN_stateOrProvinceName "ST"
-#define LN_stateOrProvinceName "stateOrProvinceName"
-#define NID_stateOrProvinceName 16
-#define OBJ_stateOrProvinceName OBJ_X509,8L
-
-#define SN_streetAddress "street"
-#define LN_streetAddress "streetAddress"
-#define NID_streetAddress 660
-#define OBJ_streetAddress OBJ_X509,9L
-
-#define SN_organizationName "O"
-#define LN_organizationName "organizationName"
-#define NID_organizationName 17
-#define OBJ_organizationName OBJ_X509,10L
-
-#define SN_organizationalUnitName "OU"
-#define LN_organizationalUnitName "organizationalUnitName"
-#define NID_organizationalUnitName 18
-#define OBJ_organizationalUnitName OBJ_X509,11L
-
-#define SN_title "title"
-#define LN_title "title"
-#define NID_title 106
-#define OBJ_title OBJ_X509,12L
-
-#define LN_description "description"
-#define NID_description 107
-#define OBJ_description OBJ_X509,13L
-
-#define LN_searchGuide "searchGuide"
-#define NID_searchGuide 859
-#define OBJ_searchGuide OBJ_X509,14L
-
-#define LN_businessCategory "businessCategory"
-#define NID_businessCategory 860
-#define OBJ_businessCategory OBJ_X509,15L
-
-#define LN_postalAddress "postalAddress"
-#define NID_postalAddress 861
-#define OBJ_postalAddress OBJ_X509,16L
-
-#define LN_postalCode "postalCode"
-#define NID_postalCode 661
-#define OBJ_postalCode OBJ_X509,17L
-
-#define LN_postOfficeBox "postOfficeBox"
-#define NID_postOfficeBox 862
-#define OBJ_postOfficeBox OBJ_X509,18L
-
-#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName"
-#define NID_physicalDeliveryOfficeName 863
-#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L
-
-#define LN_telephoneNumber "telephoneNumber"
-#define NID_telephoneNumber 864
-#define OBJ_telephoneNumber OBJ_X509,20L
-
-#define LN_telexNumber "telexNumber"
-#define NID_telexNumber 865
-#define OBJ_telexNumber OBJ_X509,21L
-
-#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier"
-#define NID_teletexTerminalIdentifier 866
-#define OBJ_teletexTerminalIdentifier OBJ_X509,22L
-
-#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber"
-#define NID_facsimileTelephoneNumber 867
-#define OBJ_facsimileTelephoneNumber OBJ_X509,23L
-
-#define LN_x121Address "x121Address"
-#define NID_x121Address 868
-#define OBJ_x121Address OBJ_X509,24L
-
-#define LN_internationaliSDNNumber "internationaliSDNNumber"
-#define NID_internationaliSDNNumber 869
-#define OBJ_internationaliSDNNumber OBJ_X509,25L
-
-#define LN_registeredAddress "registeredAddress"
-#define NID_registeredAddress 870
-#define OBJ_registeredAddress OBJ_X509,26L
-
-#define LN_destinationIndicator "destinationIndicator"
-#define NID_destinationIndicator 871
-#define OBJ_destinationIndicator OBJ_X509,27L
-
-#define LN_preferredDeliveryMethod "preferredDeliveryMethod"
-#define NID_preferredDeliveryMethod 872
-#define OBJ_preferredDeliveryMethod OBJ_X509,28L
-
-#define LN_presentationAddress "presentationAddress"
-#define NID_presentationAddress 873
-#define OBJ_presentationAddress OBJ_X509,29L
-
-#define LN_supportedApplicationContext "supportedApplicationContext"
-#define NID_supportedApplicationContext 874
-#define OBJ_supportedApplicationContext OBJ_X509,30L
-
-#define SN_member "member"
-#define NID_member 875
-#define OBJ_member OBJ_X509,31L
-
-#define SN_owner "owner"
-#define NID_owner 876
-#define OBJ_owner OBJ_X509,32L
-
-#define LN_roleOccupant "roleOccupant"
-#define NID_roleOccupant 877
-#define OBJ_roleOccupant OBJ_X509,33L
-
-#define SN_seeAlso "seeAlso"
-#define NID_seeAlso 878
-#define OBJ_seeAlso OBJ_X509,34L
-
-#define LN_userPassword "userPassword"
-#define NID_userPassword 879
-#define OBJ_userPassword OBJ_X509,35L
-
-#define LN_userCertificate "userCertificate"
-#define NID_userCertificate 880
-#define OBJ_userCertificate OBJ_X509,36L
-
-#define LN_cACertificate "cACertificate"
-#define NID_cACertificate 881
-#define OBJ_cACertificate OBJ_X509,37L
-
-#define LN_authorityRevocationList "authorityRevocationList"
-#define NID_authorityRevocationList 882
-#define OBJ_authorityRevocationList OBJ_X509,38L
-
-#define LN_certificateRevocationList "certificateRevocationList"
-#define NID_certificateRevocationList 883
-#define OBJ_certificateRevocationList OBJ_X509,39L
-
-#define LN_crossCertificatePair "crossCertificatePair"
-#define NID_crossCertificatePair 884
-#define OBJ_crossCertificatePair OBJ_X509,40L
-
-#define SN_name "name"
-#define LN_name "name"
-#define NID_name 173
-#define OBJ_name OBJ_X509,41L
-
-#define SN_givenName "GN"
-#define LN_givenName "givenName"
-#define NID_givenName 99
-#define OBJ_givenName OBJ_X509,42L
-
-#define SN_initials "initials"
-#define LN_initials "initials"
-#define NID_initials 101
-#define OBJ_initials OBJ_X509,43L
-
-#define LN_generationQualifier "generationQualifier"
-#define NID_generationQualifier 509
-#define OBJ_generationQualifier OBJ_X509,44L
-
-#define LN_x500UniqueIdentifier "x500UniqueIdentifier"
-#define NID_x500UniqueIdentifier 503
-#define OBJ_x500UniqueIdentifier OBJ_X509,45L
-
-#define SN_dnQualifier "dnQualifier"
-#define LN_dnQualifier "dnQualifier"
-#define NID_dnQualifier 174
-#define OBJ_dnQualifier OBJ_X509,46L
-
-#define LN_enhancedSearchGuide "enhancedSearchGuide"
-#define NID_enhancedSearchGuide 885
-#define OBJ_enhancedSearchGuide OBJ_X509,47L
-
-#define LN_protocolInformation "protocolInformation"
-#define NID_protocolInformation 886
-#define OBJ_protocolInformation OBJ_X509,48L
-
-#define LN_distinguishedName "distinguishedName"
-#define NID_distinguishedName 887
-#define OBJ_distinguishedName OBJ_X509,49L
-
-#define LN_uniqueMember "uniqueMember"
-#define NID_uniqueMember 888
-#define OBJ_uniqueMember OBJ_X509,50L
-
-#define LN_houseIdentifier "houseIdentifier"
-#define NID_houseIdentifier 889
-#define OBJ_houseIdentifier OBJ_X509,51L
-
-#define LN_supportedAlgorithms "supportedAlgorithms"
-#define NID_supportedAlgorithms 890
-#define OBJ_supportedAlgorithms OBJ_X509,52L
-
-#define LN_deltaRevocationList "deltaRevocationList"
-#define NID_deltaRevocationList 891
-#define OBJ_deltaRevocationList OBJ_X509,53L
-
-#define SN_dmdName "dmdName"
-#define NID_dmdName 892
-#define OBJ_dmdName OBJ_X509,54L
-
-#define LN_pseudonym "pseudonym"
-#define NID_pseudonym 510
-#define OBJ_pseudonym OBJ_X509,65L
-
-#define SN_role "role"
-#define LN_role "role"
-#define NID_role 400
-#define OBJ_role OBJ_X509,72L
-
-#define SN_X500algorithms "X500algorithms"
-#define LN_X500algorithms "directory services - algorithms"
-#define NID_X500algorithms 378
-#define OBJ_X500algorithms OBJ_X500,8L
-
-#define SN_rsa "RSA"
-#define LN_rsa "rsa"
-#define NID_rsa 19
-#define OBJ_rsa OBJ_X500algorithms,1L,1L
-
-#define SN_mdc2WithRSA "RSA-MDC2"
-#define LN_mdc2WithRSA "mdc2WithRSA"
-#define NID_mdc2WithRSA 96
-#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L
-
-#define SN_mdc2 "MDC2"
-#define LN_mdc2 "mdc2"
-#define NID_mdc2 95
-#define OBJ_mdc2 OBJ_X500algorithms,3L,101L
-
-#define SN_id_ce "id-ce"
-#define NID_id_ce 81
-#define OBJ_id_ce OBJ_X500,29L
-
-#define SN_subject_directory_attributes "subjectDirectoryAttributes"
-#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes"
-#define NID_subject_directory_attributes 769
-#define OBJ_subject_directory_attributes OBJ_id_ce,9L
-
-#define SN_subject_key_identifier "subjectKeyIdentifier"
-#define LN_subject_key_identifier "X509v3 Subject Key Identifier"
-#define NID_subject_key_identifier 82
-#define OBJ_subject_key_identifier OBJ_id_ce,14L
-
-#define SN_key_usage "keyUsage"
-#define LN_key_usage "X509v3 Key Usage"
-#define NID_key_usage 83
-#define OBJ_key_usage OBJ_id_ce,15L
-
-#define SN_private_key_usage_period "privateKeyUsagePeriod"
-#define LN_private_key_usage_period "X509v3 Private Key Usage Period"
-#define NID_private_key_usage_period 84
-#define OBJ_private_key_usage_period OBJ_id_ce,16L
-
-#define SN_subject_alt_name "subjectAltName"
-#define LN_subject_alt_name "X509v3 Subject Alternative Name"
-#define NID_subject_alt_name 85
-#define OBJ_subject_alt_name OBJ_id_ce,17L
-
-#define SN_issuer_alt_name "issuerAltName"
-#define LN_issuer_alt_name "X509v3 Issuer Alternative Name"
-#define NID_issuer_alt_name 86
-#define OBJ_issuer_alt_name OBJ_id_ce,18L
-
-#define SN_basic_constraints "basicConstraints"
-#define LN_basic_constraints "X509v3 Basic Constraints"
-#define NID_basic_constraints 87
-#define OBJ_basic_constraints OBJ_id_ce,19L
-
-#define SN_crl_number "crlNumber"
-#define LN_crl_number "X509v3 CRL Number"
-#define NID_crl_number 88
-#define OBJ_crl_number OBJ_id_ce,20L
-
-#define SN_crl_reason "CRLReason"
-#define LN_crl_reason "X509v3 CRL Reason Code"
-#define NID_crl_reason 141
-#define OBJ_crl_reason OBJ_id_ce,21L
-
-#define SN_invalidity_date "invalidityDate"
-#define LN_invalidity_date "Invalidity Date"
-#define NID_invalidity_date 142
-#define OBJ_invalidity_date OBJ_id_ce,24L
-
-#define SN_delta_crl "deltaCRL"
-#define LN_delta_crl "X509v3 Delta CRL Indicator"
-#define NID_delta_crl 140
-#define OBJ_delta_crl OBJ_id_ce,27L
-
-#define SN_issuing_distribution_point "issuingDistributionPoint"
-#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point"
-#define NID_issuing_distribution_point 770
-#define OBJ_issuing_distribution_point OBJ_id_ce,28L
-
-#define SN_certificate_issuer "certificateIssuer"
-#define LN_certificate_issuer "X509v3 Certificate Issuer"
-#define NID_certificate_issuer 771
-#define OBJ_certificate_issuer OBJ_id_ce,29L
-
-#define SN_name_constraints "nameConstraints"
-#define LN_name_constraints "X509v3 Name Constraints"
-#define NID_name_constraints 666
-#define OBJ_name_constraints OBJ_id_ce,30L
-
-#define SN_crl_distribution_points "crlDistributionPoints"
-#define LN_crl_distribution_points "X509v3 CRL Distribution Points"
-#define NID_crl_distribution_points 103
-#define OBJ_crl_distribution_points OBJ_id_ce,31L
-
-#define SN_certificate_policies "certificatePolicies"
-#define LN_certificate_policies "X509v3 Certificate Policies"
-#define NID_certificate_policies 89
-#define OBJ_certificate_policies OBJ_id_ce,32L
-
-#define SN_any_policy "anyPolicy"
-#define LN_any_policy "X509v3 Any Policy"
-#define NID_any_policy 746
-#define OBJ_any_policy OBJ_certificate_policies,0L
-
-#define SN_policy_mappings "policyMappings"
-#define LN_policy_mappings "X509v3 Policy Mappings"
-#define NID_policy_mappings 747
-#define OBJ_policy_mappings OBJ_id_ce,33L
-
-#define SN_authority_key_identifier "authorityKeyIdentifier"
-#define LN_authority_key_identifier "X509v3 Authority Key Identifier"
-#define NID_authority_key_identifier 90
-#define OBJ_authority_key_identifier OBJ_id_ce,35L
-
-#define SN_policy_constraints "policyConstraints"
-#define LN_policy_constraints "X509v3 Policy Constraints"
-#define NID_policy_constraints 401
-#define OBJ_policy_constraints OBJ_id_ce,36L
-
-#define SN_ext_key_usage "extendedKeyUsage"
-#define LN_ext_key_usage "X509v3 Extended Key Usage"
-#define NID_ext_key_usage 126
-#define OBJ_ext_key_usage OBJ_id_ce,37L
-
-#define SN_freshest_crl "freshestCRL"
-#define LN_freshest_crl "X509v3 Freshest CRL"
-#define NID_freshest_crl 857
-#define OBJ_freshest_crl OBJ_id_ce,46L
-
-#define SN_inhibit_any_policy "inhibitAnyPolicy"
-#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy"
-#define NID_inhibit_any_policy 748
-#define OBJ_inhibit_any_policy OBJ_id_ce,54L
-
-#define SN_target_information "targetInformation"
-#define LN_target_information "X509v3 AC Targeting"
-#define NID_target_information 402
-#define OBJ_target_information OBJ_id_ce,55L
-
-#define SN_no_rev_avail "noRevAvail"
-#define LN_no_rev_avail "X509v3 No Revocation Available"
-#define NID_no_rev_avail 403
-#define OBJ_no_rev_avail OBJ_id_ce,56L
-
-#define SN_netscape "Netscape"
-#define LN_netscape "Netscape Communications Corp."
-#define NID_netscape 57
-#define OBJ_netscape 2L,16L,840L,1L,113730L
-
-#define SN_netscape_cert_extension "nsCertExt"
-#define LN_netscape_cert_extension "Netscape Certificate Extension"
-#define NID_netscape_cert_extension 58
-#define OBJ_netscape_cert_extension OBJ_netscape,1L
-
-#define SN_netscape_data_type "nsDataType"
-#define LN_netscape_data_type "Netscape Data Type"
-#define NID_netscape_data_type 59
-#define OBJ_netscape_data_type OBJ_netscape,2L
-
-#define SN_netscape_cert_type "nsCertType"
-#define LN_netscape_cert_type "Netscape Cert Type"
-#define NID_netscape_cert_type 71
-#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L
-
-#define SN_netscape_base_url "nsBaseUrl"
-#define LN_netscape_base_url "Netscape Base Url"
-#define NID_netscape_base_url 72
-#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L
-
-#define SN_netscape_revocation_url "nsRevocationUrl"
-#define LN_netscape_revocation_url "Netscape Revocation Url"
-#define NID_netscape_revocation_url 73
-#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L
-
-#define SN_netscape_ca_revocation_url "nsCaRevocationUrl"
-#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url"
-#define NID_netscape_ca_revocation_url 74
-#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L
-
-#define SN_netscape_renewal_url "nsRenewalUrl"
-#define LN_netscape_renewal_url "Netscape Renewal Url"
-#define NID_netscape_renewal_url 75
-#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L
-
-#define SN_netscape_ca_policy_url "nsCaPolicyUrl"
-#define LN_netscape_ca_policy_url "Netscape CA Policy Url"
-#define NID_netscape_ca_policy_url 76
-#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L
-
-#define SN_netscape_ssl_server_name "nsSslServerName"
-#define LN_netscape_ssl_server_name "Netscape SSL Server Name"
-#define NID_netscape_ssl_server_name 77
-#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L
-
-#define SN_netscape_comment "nsComment"
-#define LN_netscape_comment "Netscape Comment"
-#define NID_netscape_comment 78
-#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L
-
-#define SN_netscape_cert_sequence "nsCertSequence"
-#define LN_netscape_cert_sequence "Netscape Certificate Sequence"
-#define NID_netscape_cert_sequence 79
-#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L
-
-#define SN_ns_sgc "nsSGC"
-#define LN_ns_sgc "Netscape Server Gated Crypto"
-#define NID_ns_sgc 139
-#define OBJ_ns_sgc OBJ_netscape,4L,1L
-
-#define SN_org "ORG"
-#define LN_org "org"
-#define NID_org 379
-#define OBJ_org OBJ_iso,3L
-
-#define SN_dod "DOD"
-#define LN_dod "dod"
-#define NID_dod 380
-#define OBJ_dod OBJ_org,6L
-
-#define SN_iana "IANA"
-#define LN_iana "iana"
-#define NID_iana 381
-#define OBJ_iana OBJ_dod,1L
-
-#define OBJ_internet OBJ_iana
-
-#define SN_Directory "directory"
-#define LN_Directory "Directory"
-#define NID_Directory 382
-#define OBJ_Directory OBJ_internet,1L
-
-#define SN_Management "mgmt"
-#define LN_Management "Management"
-#define NID_Management 383
-#define OBJ_Management OBJ_internet,2L
-
-#define SN_Experimental "experimental"
-#define LN_Experimental "Experimental"
-#define NID_Experimental 384
-#define OBJ_Experimental OBJ_internet,3L
-
-#define SN_Private "private"
-#define LN_Private "Private"
-#define NID_Private 385
-#define OBJ_Private OBJ_internet,4L
-
-#define SN_Security "security"
-#define LN_Security "Security"
-#define NID_Security 386
-#define OBJ_Security OBJ_internet,5L
-
-#define SN_SNMPv2 "snmpv2"
-#define LN_SNMPv2 "SNMPv2"
-#define NID_SNMPv2 387
-#define OBJ_SNMPv2 OBJ_internet,6L
-
-#define LN_Mail "Mail"
-#define NID_Mail 388
-#define OBJ_Mail OBJ_internet,7L
-
-#define SN_Enterprises "enterprises"
-#define LN_Enterprises "Enterprises"
-#define NID_Enterprises 389
-#define OBJ_Enterprises OBJ_Private,1L
-
-#define SN_dcObject "dcobject"
-#define LN_dcObject "dcObject"
-#define NID_dcObject 390
-#define OBJ_dcObject OBJ_Enterprises,1466L,344L
-
-#define SN_mime_mhs "mime-mhs"
-#define LN_mime_mhs "MIME MHS"
-#define NID_mime_mhs 504
-#define OBJ_mime_mhs OBJ_Mail,1L
-
-#define SN_mime_mhs_headings "mime-mhs-headings"
-#define LN_mime_mhs_headings "mime-mhs-headings"
-#define NID_mime_mhs_headings 505
-#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L
-
-#define SN_mime_mhs_bodies "mime-mhs-bodies"
-#define LN_mime_mhs_bodies "mime-mhs-bodies"
-#define NID_mime_mhs_bodies 506
-#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L
-
-#define SN_id_hex_partial_message "id-hex-partial-message"
-#define LN_id_hex_partial_message "id-hex-partial-message"
-#define NID_id_hex_partial_message 507
-#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L
-
-#define SN_id_hex_multipart_message "id-hex-multipart-message"
-#define LN_id_hex_multipart_message "id-hex-multipart-message"
-#define NID_id_hex_multipart_message 508
-#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L
-
-#define SN_rle_compression "RLE"
-#define LN_rle_compression "run length compression"
-#define NID_rle_compression 124
-#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L
-
-#define SN_zlib_compression "ZLIB"
-#define LN_zlib_compression "zlib compression"
-#define NID_zlib_compression 125
-#define OBJ_zlib_compression OBJ_id_smime_alg,8L
-
-#define OBJ_csor 2L,16L,840L,1L,101L,3L
-
-#define OBJ_nistAlgorithms OBJ_csor,4L
-
-#define OBJ_aes OBJ_nistAlgorithms,1L
-
-#define SN_aes_128_ecb "AES-128-ECB"
-#define LN_aes_128_ecb "aes-128-ecb"
-#define NID_aes_128_ecb 418
-#define OBJ_aes_128_ecb OBJ_aes,1L
-
-#define SN_aes_128_cbc "AES-128-CBC"
-#define LN_aes_128_cbc "aes-128-cbc"
-#define NID_aes_128_cbc 419
-#define OBJ_aes_128_cbc OBJ_aes,2L
-
-#define SN_aes_128_ofb128 "AES-128-OFB"
-#define LN_aes_128_ofb128 "aes-128-ofb"
-#define NID_aes_128_ofb128 420
-#define OBJ_aes_128_ofb128 OBJ_aes,3L
-
-#define SN_aes_128_cfb128 "AES-128-CFB"
-#define LN_aes_128_cfb128 "aes-128-cfb"
-#define NID_aes_128_cfb128 421
-#define OBJ_aes_128_cfb128 OBJ_aes,4L
-
-#define SN_aes_192_ecb "AES-192-ECB"
-#define LN_aes_192_ecb "aes-192-ecb"
-#define NID_aes_192_ecb 422
-#define OBJ_aes_192_ecb OBJ_aes,21L
-
-#define SN_aes_192_cbc "AES-192-CBC"
-#define LN_aes_192_cbc "aes-192-cbc"
-#define NID_aes_192_cbc 423
-#define OBJ_aes_192_cbc OBJ_aes,22L
-
-#define SN_aes_192_ofb128 "AES-192-OFB"
-#define LN_aes_192_ofb128 "aes-192-ofb"
-#define NID_aes_192_ofb128 424
-#define OBJ_aes_192_ofb128 OBJ_aes,23L
-
-#define SN_aes_192_cfb128 "AES-192-CFB"
-#define LN_aes_192_cfb128 "aes-192-cfb"
-#define NID_aes_192_cfb128 425
-#define OBJ_aes_192_cfb128 OBJ_aes,24L
-
-#define SN_aes_256_ecb "AES-256-ECB"
-#define LN_aes_256_ecb "aes-256-ecb"
-#define NID_aes_256_ecb 426
-#define OBJ_aes_256_ecb OBJ_aes,41L
-
-#define SN_aes_256_cbc "AES-256-CBC"
-#define LN_aes_256_cbc "aes-256-cbc"
-#define NID_aes_256_cbc 427
-#define OBJ_aes_256_cbc OBJ_aes,42L
-
-#define SN_aes_256_ofb128 "AES-256-OFB"
-#define LN_aes_256_ofb128 "aes-256-ofb"
-#define NID_aes_256_ofb128 428
-#define OBJ_aes_256_ofb128 OBJ_aes,43L
-
-#define SN_aes_256_cfb128 "AES-256-CFB"
-#define LN_aes_256_cfb128 "aes-256-cfb"
-#define NID_aes_256_cfb128 429
-#define OBJ_aes_256_cfb128 OBJ_aes,44L
-
-#define SN_aes_128_cfb1 "AES-128-CFB1"
-#define LN_aes_128_cfb1 "aes-128-cfb1"
-#define NID_aes_128_cfb1 650
-
-#define SN_aes_192_cfb1 "AES-192-CFB1"
-#define LN_aes_192_cfb1 "aes-192-cfb1"
-#define NID_aes_192_cfb1 651
-
-#define SN_aes_256_cfb1 "AES-256-CFB1"
-#define LN_aes_256_cfb1 "aes-256-cfb1"
-#define NID_aes_256_cfb1 652
-
-#define SN_aes_128_cfb8 "AES-128-CFB8"
-#define LN_aes_128_cfb8 "aes-128-cfb8"
-#define NID_aes_128_cfb8 653
-
-#define SN_aes_192_cfb8 "AES-192-CFB8"
-#define LN_aes_192_cfb8 "aes-192-cfb8"
-#define NID_aes_192_cfb8 654
-
-#define SN_aes_256_cfb8 "AES-256-CFB8"
-#define LN_aes_256_cfb8 "aes-256-cfb8"
-#define NID_aes_256_cfb8 655
-
-#define SN_des_cfb1 "DES-CFB1"
-#define LN_des_cfb1 "des-cfb1"
-#define NID_des_cfb1 656
-
-#define SN_des_cfb8 "DES-CFB8"
-#define LN_des_cfb8 "des-cfb8"
-#define NID_des_cfb8 657
-
-#define SN_des_ede3_cfb1 "DES-EDE3-CFB1"
-#define LN_des_ede3_cfb1 "des-ede3-cfb1"
-#define NID_des_ede3_cfb1 658
-
-#define SN_des_ede3_cfb8 "DES-EDE3-CFB8"
-#define LN_des_ede3_cfb8 "des-ede3-cfb8"
-#define NID_des_ede3_cfb8 659
-
-#define SN_id_aes128_wrap "id-aes128-wrap"
-#define NID_id_aes128_wrap 788
-#define OBJ_id_aes128_wrap OBJ_aes,5L
-
-#define SN_id_aes192_wrap "id-aes192-wrap"
-#define NID_id_aes192_wrap 789
-#define OBJ_id_aes192_wrap OBJ_aes,25L
-
-#define SN_id_aes256_wrap "id-aes256-wrap"
-#define NID_id_aes256_wrap 790
-#define OBJ_id_aes256_wrap OBJ_aes,45L
-
-#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L
-
-#define SN_sha256 "SHA256"
-#define LN_sha256 "sha256"
-#define NID_sha256 672
-#define OBJ_sha256 OBJ_nist_hashalgs,1L
-
-#define SN_sha384 "SHA384"
-#define LN_sha384 "sha384"
-#define NID_sha384 673
-#define OBJ_sha384 OBJ_nist_hashalgs,2L
-
-#define SN_sha512 "SHA512"
-#define LN_sha512 "sha512"
-#define NID_sha512 674
-#define OBJ_sha512 OBJ_nist_hashalgs,3L
-
-#define SN_sha224 "SHA224"
-#define LN_sha224 "sha224"
-#define NID_sha224 675
-#define OBJ_sha224 OBJ_nist_hashalgs,4L
-
-#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L
-
-#define SN_dsa_with_SHA224 "dsa_with_SHA224"
-#define NID_dsa_with_SHA224 802
-#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L
-
-#define SN_dsa_with_SHA256 "dsa_with_SHA256"
-#define NID_dsa_with_SHA256 803
-#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L
-
-#define SN_hold_instruction_code "holdInstructionCode"
-#define LN_hold_instruction_code "Hold Instruction Code"
-#define NID_hold_instruction_code 430
-#define OBJ_hold_instruction_code OBJ_id_ce,23L
-
-#define OBJ_holdInstruction OBJ_X9_57,2L
-
-#define SN_hold_instruction_none "holdInstructionNone"
-#define LN_hold_instruction_none "Hold Instruction None"
-#define NID_hold_instruction_none 431
-#define OBJ_hold_instruction_none OBJ_holdInstruction,1L
-
-#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer"
-#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer"
-#define NID_hold_instruction_call_issuer 432
-#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L
-
-#define SN_hold_instruction_reject "holdInstructionReject"
-#define LN_hold_instruction_reject "Hold Instruction Reject"
-#define NID_hold_instruction_reject 433
-#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L
-
-#define SN_data "data"
-#define NID_data 434
-#define OBJ_data OBJ_itu_t,9L
-
-#define SN_pss "pss"
-#define NID_pss 435
-#define OBJ_pss OBJ_data,2342L
-
-#define SN_ucl "ucl"
-#define NID_ucl 436
-#define OBJ_ucl OBJ_pss,19200300L
-
-#define SN_pilot "pilot"
-#define NID_pilot 437
-#define OBJ_pilot OBJ_ucl,100L
-
-#define LN_pilotAttributeType "pilotAttributeType"
-#define NID_pilotAttributeType 438
-#define OBJ_pilotAttributeType OBJ_pilot,1L
-
-#define LN_pilotAttributeSyntax "pilotAttributeSyntax"
-#define NID_pilotAttributeSyntax 439
-#define OBJ_pilotAttributeSyntax OBJ_pilot,3L
-
-#define LN_pilotObjectClass "pilotObjectClass"
-#define NID_pilotObjectClass 440
-#define OBJ_pilotObjectClass OBJ_pilot,4L
-
-#define LN_pilotGroups "pilotGroups"
-#define NID_pilotGroups 441
-#define OBJ_pilotGroups OBJ_pilot,10L
-
-#define LN_iA5StringSyntax "iA5StringSyntax"
-#define NID_iA5StringSyntax 442
-#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L
-
-#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax"
-#define NID_caseIgnoreIA5StringSyntax 443
-#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L
-
-#define LN_pilotObject "pilotObject"
-#define NID_pilotObject 444
-#define OBJ_pilotObject OBJ_pilotObjectClass,3L
-
-#define LN_pilotPerson "pilotPerson"
-#define NID_pilotPerson 445
-#define OBJ_pilotPerson OBJ_pilotObjectClass,4L
-
-#define SN_account "account"
-#define NID_account 446
-#define OBJ_account OBJ_pilotObjectClass,5L
-
-#define SN_document "document"
-#define NID_document 447
-#define OBJ_document OBJ_pilotObjectClass,6L
-
-#define SN_room "room"
-#define NID_room 448
-#define OBJ_room OBJ_pilotObjectClass,7L
-
-#define LN_documentSeries "documentSeries"
-#define NID_documentSeries 449
-#define OBJ_documentSeries OBJ_pilotObjectClass,9L
-
-#define SN_Domain "domain"
-#define LN_Domain "Domain"
-#define NID_Domain 392
-#define OBJ_Domain OBJ_pilotObjectClass,13L
-
-#define LN_rFC822localPart "rFC822localPart"
-#define NID_rFC822localPart 450
-#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L
-
-#define LN_dNSDomain "dNSDomain"
-#define NID_dNSDomain 451
-#define OBJ_dNSDomain OBJ_pilotObjectClass,15L
-
-#define LN_domainRelatedObject "domainRelatedObject"
-#define NID_domainRelatedObject 452
-#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L
-
-#define LN_friendlyCountry "friendlyCountry"
-#define NID_friendlyCountry 453
-#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L
-
-#define LN_simpleSecurityObject "simpleSecurityObject"
-#define NID_simpleSecurityObject 454
-#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L
-
-#define LN_pilotOrganization "pilotOrganization"
-#define NID_pilotOrganization 455
-#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L
-
-#define LN_pilotDSA "pilotDSA"
-#define NID_pilotDSA 456
-#define OBJ_pilotDSA OBJ_pilotObjectClass,21L
-
-#define LN_qualityLabelledData "qualityLabelledData"
-#define NID_qualityLabelledData 457
-#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L
-
-#define SN_userId "UID"
-#define LN_userId "userId"
-#define NID_userId 458
-#define OBJ_userId OBJ_pilotAttributeType,1L
-
-#define LN_textEncodedORAddress "textEncodedORAddress"
-#define NID_textEncodedORAddress 459
-#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L
-
-#define SN_rfc822Mailbox "mail"
-#define LN_rfc822Mailbox "rfc822Mailbox"
-#define NID_rfc822Mailbox 460
-#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L
-
-#define SN_info "info"
-#define NID_info 461
-#define OBJ_info OBJ_pilotAttributeType,4L
-
-#define LN_favouriteDrink "favouriteDrink"
-#define NID_favouriteDrink 462
-#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L
-
-#define LN_roomNumber "roomNumber"
-#define NID_roomNumber 463
-#define OBJ_roomNumber OBJ_pilotAttributeType,6L
-
-#define SN_photo "photo"
-#define NID_photo 464
-#define OBJ_photo OBJ_pilotAttributeType,7L
-
-#define LN_userClass "userClass"
-#define NID_userClass 465
-#define OBJ_userClass OBJ_pilotAttributeType,8L
-
-#define SN_host "host"
-#define NID_host 466
-#define OBJ_host OBJ_pilotAttributeType,9L
-
-#define SN_manager "manager"
-#define NID_manager 467
-#define OBJ_manager OBJ_pilotAttributeType,10L
-
-#define LN_documentIdentifier "documentIdentifier"
-#define NID_documentIdentifier 468
-#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L
-
-#define LN_documentTitle "documentTitle"
-#define NID_documentTitle 469
-#define OBJ_documentTitle OBJ_pilotAttributeType,12L
-
-#define LN_documentVersion "documentVersion"
-#define NID_documentVersion 470
-#define OBJ_documentVersion OBJ_pilotAttributeType,13L
-
-#define LN_documentAuthor "documentAuthor"
-#define NID_documentAuthor 471
-#define OBJ_documentAuthor OBJ_pilotAttributeType,14L
-
-#define LN_documentLocation "documentLocation"
-#define NID_documentLocation 472
-#define OBJ_documentLocation OBJ_pilotAttributeType,15L
-
-#define LN_homeTelephoneNumber "homeTelephoneNumber"
-#define NID_homeTelephoneNumber 473
-#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L
-
-#define SN_secretary "secretary"
-#define NID_secretary 474
-#define OBJ_secretary OBJ_pilotAttributeType,21L
-
-#define LN_otherMailbox "otherMailbox"
-#define NID_otherMailbox 475
-#define OBJ_otherMailbox OBJ_pilotAttributeType,22L
-
-#define LN_lastModifiedTime "lastModifiedTime"
-#define NID_lastModifiedTime 476
-#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L
-
-#define LN_lastModifiedBy "lastModifiedBy"
-#define NID_lastModifiedBy 477
-#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L
-
-#define SN_domainComponent "DC"
-#define LN_domainComponent "domainComponent"
-#define NID_domainComponent 391
-#define OBJ_domainComponent OBJ_pilotAttributeType,25L
-
-#define LN_aRecord "aRecord"
-#define NID_aRecord 478
-#define OBJ_aRecord OBJ_pilotAttributeType,26L
-
-#define LN_pilotAttributeType27 "pilotAttributeType27"
-#define NID_pilotAttributeType27 479
-#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L
-
-#define LN_mXRecord "mXRecord"
-#define NID_mXRecord 480
-#define OBJ_mXRecord OBJ_pilotAttributeType,28L
-
-#define LN_nSRecord "nSRecord"
-#define NID_nSRecord 481
-#define OBJ_nSRecord OBJ_pilotAttributeType,29L
-
-#define LN_sOARecord "sOARecord"
-#define NID_sOARecord 482
-#define OBJ_sOARecord OBJ_pilotAttributeType,30L
-
-#define LN_cNAMERecord "cNAMERecord"
-#define NID_cNAMERecord 483
-#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L
-
-#define LN_associatedDomain "associatedDomain"
-#define NID_associatedDomain 484
-#define OBJ_associatedDomain OBJ_pilotAttributeType,37L
-
-#define LN_associatedName "associatedName"
-#define NID_associatedName 485
-#define OBJ_associatedName OBJ_pilotAttributeType,38L
-
-#define LN_homePostalAddress "homePostalAddress"
-#define NID_homePostalAddress 486
-#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L
-
-#define LN_personalTitle "personalTitle"
-#define NID_personalTitle 487
-#define OBJ_personalTitle OBJ_pilotAttributeType,40L
-
-#define LN_mobileTelephoneNumber "mobileTelephoneNumber"
-#define NID_mobileTelephoneNumber 488
-#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L
-
-#define LN_pagerTelephoneNumber "pagerTelephoneNumber"
-#define NID_pagerTelephoneNumber 489
-#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L
-
-#define LN_friendlyCountryName "friendlyCountryName"
-#define NID_friendlyCountryName 490
-#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L
-
-#define LN_organizationalStatus "organizationalStatus"
-#define NID_organizationalStatus 491
-#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L
-
-#define LN_janetMailbox "janetMailbox"
-#define NID_janetMailbox 492
-#define OBJ_janetMailbox OBJ_pilotAttributeType,46L
-
-#define LN_mailPreferenceOption "mailPreferenceOption"
-#define NID_mailPreferenceOption 493
-#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L
-
-#define LN_buildingName "buildingName"
-#define NID_buildingName 494
-#define OBJ_buildingName OBJ_pilotAttributeType,48L
-
-#define LN_dSAQuality "dSAQuality"
-#define NID_dSAQuality 495
-#define OBJ_dSAQuality OBJ_pilotAttributeType,49L
-
-#define LN_singleLevelQuality "singleLevelQuality"
-#define NID_singleLevelQuality 496
-#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L
-
-#define LN_subtreeMinimumQuality "subtreeMinimumQuality"
-#define NID_subtreeMinimumQuality 497
-#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L
-
-#define LN_subtreeMaximumQuality "subtreeMaximumQuality"
-#define NID_subtreeMaximumQuality 498
-#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L
-
-#define LN_personalSignature "personalSignature"
-#define NID_personalSignature 499
-#define OBJ_personalSignature OBJ_pilotAttributeType,53L
-
-#define LN_dITRedirect "dITRedirect"
-#define NID_dITRedirect 500
-#define OBJ_dITRedirect OBJ_pilotAttributeType,54L
-
-#define SN_audio "audio"
-#define NID_audio 501
-#define OBJ_audio OBJ_pilotAttributeType,55L
-
-#define LN_documentPublisher "documentPublisher"
-#define NID_documentPublisher 502
-#define OBJ_documentPublisher OBJ_pilotAttributeType,56L
-
-#define SN_id_set "id-set"
-#define LN_id_set "Secure Electronic Transactions"
-#define NID_id_set 512
-#define OBJ_id_set OBJ_international_organizations,42L
-
-#define SN_set_ctype "set-ctype"
-#define LN_set_ctype "content types"
-#define NID_set_ctype 513
-#define OBJ_set_ctype OBJ_id_set,0L
-
-#define SN_set_msgExt "set-msgExt"
-#define LN_set_msgExt "message extensions"
-#define NID_set_msgExt 514
-#define OBJ_set_msgExt OBJ_id_set,1L
-
-#define SN_set_attr "set-attr"
-#define NID_set_attr 515
-#define OBJ_set_attr OBJ_id_set,3L
-
-#define SN_set_policy "set-policy"
-#define NID_set_policy 516
-#define OBJ_set_policy OBJ_id_set,5L
-
-#define SN_set_certExt "set-certExt"
-#define LN_set_certExt "certificate extensions"
-#define NID_set_certExt 517
-#define OBJ_set_certExt OBJ_id_set,7L
-
-#define SN_set_brand "set-brand"
-#define NID_set_brand 518
-#define OBJ_set_brand OBJ_id_set,8L
-
-#define SN_setct_PANData "setct-PANData"
-#define NID_setct_PANData 519
-#define OBJ_setct_PANData OBJ_set_ctype,0L
-
-#define SN_setct_PANToken "setct-PANToken"
-#define NID_setct_PANToken 520
-#define OBJ_setct_PANToken OBJ_set_ctype,1L
-
-#define SN_setct_PANOnly "setct-PANOnly"
-#define NID_setct_PANOnly 521
-#define OBJ_setct_PANOnly OBJ_set_ctype,2L
-
-#define SN_setct_OIData "setct-OIData"
-#define NID_setct_OIData 522
-#define OBJ_setct_OIData OBJ_set_ctype,3L
-
-#define SN_setct_PI "setct-PI"
-#define NID_setct_PI 523
-#define OBJ_setct_PI OBJ_set_ctype,4L
-
-#define SN_setct_PIData "setct-PIData"
-#define NID_setct_PIData 524
-#define OBJ_setct_PIData OBJ_set_ctype,5L
-
-#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned"
-#define NID_setct_PIDataUnsigned 525
-#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L
-
-#define SN_setct_HODInput "setct-HODInput"
-#define NID_setct_HODInput 526
-#define OBJ_setct_HODInput OBJ_set_ctype,7L
-
-#define SN_setct_AuthResBaggage "setct-AuthResBaggage"
-#define NID_setct_AuthResBaggage 527
-#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L
-
-#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage"
-#define NID_setct_AuthRevReqBaggage 528
-#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L
-
-#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage"
-#define NID_setct_AuthRevResBaggage 529
-#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L
-
-#define SN_setct_CapTokenSeq "setct-CapTokenSeq"
-#define NID_setct_CapTokenSeq 530
-#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L
-
-#define SN_setct_PInitResData "setct-PInitResData"
-#define NID_setct_PInitResData 531
-#define OBJ_setct_PInitResData OBJ_set_ctype,12L
-
-#define SN_setct_PI_TBS "setct-PI-TBS"
-#define NID_setct_PI_TBS 532
-#define OBJ_setct_PI_TBS OBJ_set_ctype,13L
-
-#define SN_setct_PResData "setct-PResData"
-#define NID_setct_PResData 533
-#define OBJ_setct_PResData OBJ_set_ctype,14L
-
-#define SN_setct_AuthReqTBS "setct-AuthReqTBS"
-#define NID_setct_AuthReqTBS 534
-#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L
-
-#define SN_setct_AuthResTBS "setct-AuthResTBS"
-#define NID_setct_AuthResTBS 535
-#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L
-
-#define SN_setct_AuthResTBSX "setct-AuthResTBSX"
-#define NID_setct_AuthResTBSX 536
-#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L
-
-#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS"
-#define NID_setct_AuthTokenTBS 537
-#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L
-
-#define SN_setct_CapTokenData "setct-CapTokenData"
-#define NID_setct_CapTokenData 538
-#define OBJ_setct_CapTokenData OBJ_set_ctype,20L
-
-#define SN_setct_CapTokenTBS "setct-CapTokenTBS"
-#define NID_setct_CapTokenTBS 539
-#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L
-
-#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg"
-#define NID_setct_AcqCardCodeMsg 540
-#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L
-
-#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS"
-#define NID_setct_AuthRevReqTBS 541
-#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L
-
-#define SN_setct_AuthRevResData "setct-AuthRevResData"
-#define NID_setct_AuthRevResData 542
-#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L
-
-#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS"
-#define NID_setct_AuthRevResTBS 543
-#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L
-
-#define SN_setct_CapReqTBS "setct-CapReqTBS"
-#define NID_setct_CapReqTBS 544
-#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L
-
-#define SN_setct_CapReqTBSX "setct-CapReqTBSX"
-#define NID_setct_CapReqTBSX 545
-#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L
-
-#define SN_setct_CapResData "setct-CapResData"
-#define NID_setct_CapResData 546
-#define OBJ_setct_CapResData OBJ_set_ctype,28L
-
-#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS"
-#define NID_setct_CapRevReqTBS 547
-#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L
-
-#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX"
-#define NID_setct_CapRevReqTBSX 548
-#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L
-
-#define SN_setct_CapRevResData "setct-CapRevResData"
-#define NID_setct_CapRevResData 549
-#define OBJ_setct_CapRevResData OBJ_set_ctype,31L
-
-#define SN_setct_CredReqTBS "setct-CredReqTBS"
-#define NID_setct_CredReqTBS 550
-#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L
-
-#define SN_setct_CredReqTBSX "setct-CredReqTBSX"
-#define NID_setct_CredReqTBSX 551
-#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L
-
-#define SN_setct_CredResData "setct-CredResData"
-#define NID_setct_CredResData 552
-#define OBJ_setct_CredResData OBJ_set_ctype,34L
-
-#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS"
-#define NID_setct_CredRevReqTBS 553
-#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L
-
-#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX"
-#define NID_setct_CredRevReqTBSX 554
-#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L
-
-#define SN_setct_CredRevResData "setct-CredRevResData"
-#define NID_setct_CredRevResData 555
-#define OBJ_setct_CredRevResData OBJ_set_ctype,37L
-
-#define SN_setct_PCertReqData "setct-PCertReqData"
-#define NID_setct_PCertReqData 556
-#define OBJ_setct_PCertReqData OBJ_set_ctype,38L
-
-#define SN_setct_PCertResTBS "setct-PCertResTBS"
-#define NID_setct_PCertResTBS 557
-#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L
-
-#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData"
-#define NID_setct_BatchAdminReqData 558
-#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L
-
-#define SN_setct_BatchAdminResData "setct-BatchAdminResData"
-#define NID_setct_BatchAdminResData 559
-#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L
-
-#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS"
-#define NID_setct_CardCInitResTBS 560
-#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L
-
-#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS"
-#define NID_setct_MeAqCInitResTBS 561
-#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L
-
-#define SN_setct_RegFormResTBS "setct-RegFormResTBS"
-#define NID_setct_RegFormResTBS 562
-#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L
-
-#define SN_setct_CertReqData "setct-CertReqData"
-#define NID_setct_CertReqData 563
-#define OBJ_setct_CertReqData OBJ_set_ctype,45L
-
-#define SN_setct_CertReqTBS "setct-CertReqTBS"
-#define NID_setct_CertReqTBS 564
-#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L
-
-#define SN_setct_CertResData "setct-CertResData"
-#define NID_setct_CertResData 565
-#define OBJ_setct_CertResData OBJ_set_ctype,47L
-
-#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS"
-#define NID_setct_CertInqReqTBS 566
-#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L
-
-#define SN_setct_ErrorTBS "setct-ErrorTBS"
-#define NID_setct_ErrorTBS 567
-#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L
-
-#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE"
-#define NID_setct_PIDualSignedTBE 568
-#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L
-
-#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE"
-#define NID_setct_PIUnsignedTBE 569
-#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L
-
-#define SN_setct_AuthReqTBE "setct-AuthReqTBE"
-#define NID_setct_AuthReqTBE 570
-#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L
-
-#define SN_setct_AuthResTBE "setct-AuthResTBE"
-#define NID_setct_AuthResTBE 571
-#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L
-
-#define SN_setct_AuthResTBEX "setct-AuthResTBEX"
-#define NID_setct_AuthResTBEX 572
-#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L
-
-#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE"
-#define NID_setct_AuthTokenTBE 573
-#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L
-
-#define SN_setct_CapTokenTBE "setct-CapTokenTBE"
-#define NID_setct_CapTokenTBE 574
-#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L
-
-#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX"
-#define NID_setct_CapTokenTBEX 575
-#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L
-
-#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE"
-#define NID_setct_AcqCardCodeMsgTBE 576
-#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L
-
-#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE"
-#define NID_setct_AuthRevReqTBE 577
-#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L
-
-#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE"
-#define NID_setct_AuthRevResTBE 578
-#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L
-
-#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB"
-#define NID_setct_AuthRevResTBEB 579
-#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L
-
-#define SN_setct_CapReqTBE "setct-CapReqTBE"
-#define NID_setct_CapReqTBE 580
-#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L
-
-#define SN_setct_CapReqTBEX "setct-CapReqTBEX"
-#define NID_setct_CapReqTBEX 581
-#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L
-
-#define SN_setct_CapResTBE "setct-CapResTBE"
-#define NID_setct_CapResTBE 582
-#define OBJ_setct_CapResTBE OBJ_set_ctype,64L
-
-#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE"
-#define NID_setct_CapRevReqTBE 583
-#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L
-
-#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX"
-#define NID_setct_CapRevReqTBEX 584
-#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L
-
-#define SN_setct_CapRevResTBE "setct-CapRevResTBE"
-#define NID_setct_CapRevResTBE 585
-#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L
-
-#define SN_setct_CredReqTBE "setct-CredReqTBE"
-#define NID_setct_CredReqTBE 586
-#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L
-
-#define SN_setct_CredReqTBEX "setct-CredReqTBEX"
-#define NID_setct_CredReqTBEX 587
-#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L
-
-#define SN_setct_CredResTBE "setct-CredResTBE"
-#define NID_setct_CredResTBE 588
-#define OBJ_setct_CredResTBE OBJ_set_ctype,70L
-
-#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE"
-#define NID_setct_CredRevReqTBE 589
-#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L
-
-#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX"
-#define NID_setct_CredRevReqTBEX 590
-#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L
-
-#define SN_setct_CredRevResTBE "setct-CredRevResTBE"
-#define NID_setct_CredRevResTBE 591
-#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L
-
-#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE"
-#define NID_setct_BatchAdminReqTBE 592
-#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L
-
-#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE"
-#define NID_setct_BatchAdminResTBE 593
-#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L
-
-#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE"
-#define NID_setct_RegFormReqTBE 594
-#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L
-
-#define SN_setct_CertReqTBE "setct-CertReqTBE"
-#define NID_setct_CertReqTBE 595
-#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L
-
-#define SN_setct_CertReqTBEX "setct-CertReqTBEX"
-#define NID_setct_CertReqTBEX 596
-#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L
-
-#define SN_setct_CertResTBE "setct-CertResTBE"
-#define NID_setct_CertResTBE 597
-#define OBJ_setct_CertResTBE OBJ_set_ctype,79L
-
-#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS"
-#define NID_setct_CRLNotificationTBS 598
-#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L
-
-#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS"
-#define NID_setct_CRLNotificationResTBS 599
-#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L
-
-#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS"
-#define NID_setct_BCIDistributionTBS 600
-#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L
-
-#define SN_setext_genCrypt "setext-genCrypt"
-#define LN_setext_genCrypt "generic cryptogram"
-#define NID_setext_genCrypt 601
-#define OBJ_setext_genCrypt OBJ_set_msgExt,1L
-
-#define SN_setext_miAuth "setext-miAuth"
-#define LN_setext_miAuth "merchant initiated auth"
-#define NID_setext_miAuth 602
-#define OBJ_setext_miAuth OBJ_set_msgExt,3L
-
-#define SN_setext_pinSecure "setext-pinSecure"
-#define NID_setext_pinSecure 603
-#define OBJ_setext_pinSecure OBJ_set_msgExt,4L
-
-#define SN_setext_pinAny "setext-pinAny"
-#define NID_setext_pinAny 604
-#define OBJ_setext_pinAny OBJ_set_msgExt,5L
-
-#define SN_setext_track2 "setext-track2"
-#define NID_setext_track2 605
-#define OBJ_setext_track2 OBJ_set_msgExt,7L
-
-#define SN_setext_cv "setext-cv"
-#define LN_setext_cv "additional verification"
-#define NID_setext_cv 606
-#define OBJ_setext_cv OBJ_set_msgExt,8L
-
-#define SN_set_policy_root "set-policy-root"
-#define NID_set_policy_root 607
-#define OBJ_set_policy_root OBJ_set_policy,0L
-
-#define SN_setCext_hashedRoot "setCext-hashedRoot"
-#define NID_setCext_hashedRoot 608
-#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L
-
-#define SN_setCext_certType "setCext-certType"
-#define NID_setCext_certType 609
-#define OBJ_setCext_certType OBJ_set_certExt,1L
-
-#define SN_setCext_merchData "setCext-merchData"
-#define NID_setCext_merchData 610
-#define OBJ_setCext_merchData OBJ_set_certExt,2L
-
-#define SN_setCext_cCertRequired "setCext-cCertRequired"
-#define NID_setCext_cCertRequired 611
-#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L
-
-#define SN_setCext_tunneling "setCext-tunneling"
-#define NID_setCext_tunneling 612
-#define OBJ_setCext_tunneling OBJ_set_certExt,4L
-
-#define SN_setCext_setExt "setCext-setExt"
-#define NID_setCext_setExt 613
-#define OBJ_setCext_setExt OBJ_set_certExt,5L
-
-#define SN_setCext_setQualf "setCext-setQualf"
-#define NID_setCext_setQualf 614
-#define OBJ_setCext_setQualf OBJ_set_certExt,6L
-
-#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities"
-#define NID_setCext_PGWYcapabilities 615
-#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L
-
-#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier"
-#define NID_setCext_TokenIdentifier 616
-#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L
-
-#define SN_setCext_Track2Data "setCext-Track2Data"
-#define NID_setCext_Track2Data 617
-#define OBJ_setCext_Track2Data OBJ_set_certExt,9L
-
-#define SN_setCext_TokenType "setCext-TokenType"
-#define NID_setCext_TokenType 618
-#define OBJ_setCext_TokenType OBJ_set_certExt,10L
-
-#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities"
-#define NID_setCext_IssuerCapabilities 619
-#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L
-
-#define SN_setAttr_Cert "setAttr-Cert"
-#define NID_setAttr_Cert 620
-#define OBJ_setAttr_Cert OBJ_set_attr,0L
-
-#define SN_setAttr_PGWYcap "setAttr-PGWYcap"
-#define LN_setAttr_PGWYcap "payment gateway capabilities"
-#define NID_setAttr_PGWYcap 621
-#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L
-
-#define SN_setAttr_TokenType "setAttr-TokenType"
-#define NID_setAttr_TokenType 622
-#define OBJ_setAttr_TokenType OBJ_set_attr,2L
-
-#define SN_setAttr_IssCap "setAttr-IssCap"
-#define LN_setAttr_IssCap "issuer capabilities"
-#define NID_setAttr_IssCap 623
-#define OBJ_setAttr_IssCap OBJ_set_attr,3L
-
-#define SN_set_rootKeyThumb "set-rootKeyThumb"
-#define NID_set_rootKeyThumb 624
-#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L
-
-#define SN_set_addPolicy "set-addPolicy"
-#define NID_set_addPolicy 625
-#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L
-
-#define SN_setAttr_Token_EMV "setAttr-Token-EMV"
-#define NID_setAttr_Token_EMV 626
-#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L
-
-#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime"
-#define NID_setAttr_Token_B0Prime 627
-#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L
-
-#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM"
-#define NID_setAttr_IssCap_CVM 628
-#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L
-
-#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2"
-#define NID_setAttr_IssCap_T2 629
-#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L
-
-#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig"
-#define NID_setAttr_IssCap_Sig 630
-#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L
-
-#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm"
-#define LN_setAttr_GenCryptgrm "generate cryptogram"
-#define NID_setAttr_GenCryptgrm 631
-#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L
-
-#define SN_setAttr_T2Enc "setAttr-T2Enc"
-#define LN_setAttr_T2Enc "encrypted track 2"
-#define NID_setAttr_T2Enc 632
-#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L
-
-#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt"
-#define LN_setAttr_T2cleartxt "cleartext track 2"
-#define NID_setAttr_T2cleartxt 633
-#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L
-
-#define SN_setAttr_TokICCsig "setAttr-TokICCsig"
-#define LN_setAttr_TokICCsig "ICC or token signature"
-#define NID_setAttr_TokICCsig 634
-#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L
-
-#define SN_setAttr_SecDevSig "setAttr-SecDevSig"
-#define LN_setAttr_SecDevSig "secure device signature"
-#define NID_setAttr_SecDevSig 635
-#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L
-
-#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA"
-#define NID_set_brand_IATA_ATA 636
-#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L
-
-#define SN_set_brand_Diners "set-brand-Diners"
-#define NID_set_brand_Diners 637
-#define OBJ_set_brand_Diners OBJ_set_brand,30L
-
-#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress"
-#define NID_set_brand_AmericanExpress 638
-#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L
-
-#define SN_set_brand_JCB "set-brand-JCB"
-#define NID_set_brand_JCB 639
-#define OBJ_set_brand_JCB OBJ_set_brand,35L
-
-#define SN_set_brand_Visa "set-brand-Visa"
-#define NID_set_brand_Visa 640
-#define OBJ_set_brand_Visa OBJ_set_brand,4L
-
-#define SN_set_brand_MasterCard "set-brand-MasterCard"
-#define NID_set_brand_MasterCard 641
-#define OBJ_set_brand_MasterCard OBJ_set_brand,5L
-
-#define SN_set_brand_Novus "set-brand-Novus"
-#define NID_set_brand_Novus 642
-#define OBJ_set_brand_Novus OBJ_set_brand,6011L
-
-#define SN_des_cdmf "DES-CDMF"
-#define LN_des_cdmf "des-cdmf"
-#define NID_des_cdmf 643
-#define OBJ_des_cdmf OBJ_rsadsi,3L,10L
-
-#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET"
-#define NID_rsaOAEPEncryptionSET 644
-#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L
-
-#define SN_ipsec3 "Oakley-EC2N-3"
-#define LN_ipsec3 "ipsec3"
-#define NID_ipsec3 749
-
-#define SN_ipsec4 "Oakley-EC2N-4"
-#define LN_ipsec4 "ipsec4"
-#define NID_ipsec4 750
-
-#define SN_whirlpool "whirlpool"
-#define NID_whirlpool 804
-#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L
-
-#define SN_cryptopro "cryptopro"
-#define NID_cryptopro 805
-#define OBJ_cryptopro OBJ_member_body,643L,2L,2L
-
-#define SN_cryptocom "cryptocom"
-#define NID_cryptocom 806
-#define OBJ_cryptocom OBJ_member_body,643L,2L,9L
-
-#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001"
-#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001"
-#define NID_id_GostR3411_94_with_GostR3410_2001 807
-#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L
-
-#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94"
-#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94"
-#define NID_id_GostR3411_94_with_GostR3410_94 808
-#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L
-
-#define SN_id_GostR3411_94 "md_gost94"
-#define LN_id_GostR3411_94 "GOST R 34.11-94"
-#define NID_id_GostR3411_94 809
-#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L
-
-#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94"
-#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94"
-#define NID_id_HMACGostR3411_94 810
-#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L
-
-#define SN_id_GostR3410_2001 "gost2001"
-#define LN_id_GostR3410_2001 "GOST R 34.10-2001"
-#define NID_id_GostR3410_2001 811
-#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L
-
-#define SN_id_GostR3410_94 "gost94"
-#define LN_id_GostR3410_94 "GOST R 34.10-94"
-#define NID_id_GostR3410_94 812
-#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L
-
-#define SN_id_Gost28147_89 "gost89"
-#define LN_id_Gost28147_89 "GOST 28147-89"
-#define NID_id_Gost28147_89 813
-#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L
-
-#define SN_gost89_cnt "gost89-cnt"
-#define NID_gost89_cnt 814
-
-#define SN_id_Gost28147_89_MAC "gost-mac"
-#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC"
-#define NID_id_Gost28147_89_MAC 815
-#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L
-
-#define SN_id_GostR3411_94_prf "prf-gostr3411-94"
-#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF"
-#define NID_id_GostR3411_94_prf 816
-#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L
-
-#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH"
-#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH"
-#define NID_id_GostR3410_2001DH 817
-#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L
-
-#define SN_id_GostR3410_94DH "id-GostR3410-94DH"
-#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH"
-#define NID_id_GostR3410_94DH 818
-#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L
-
-#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing"
-#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819
-#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L
-
-#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing"
-#define NID_id_Gost28147_89_None_KeyMeshing 820
-#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L
-
-#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet"
-#define NID_id_GostR3411_94_TestParamSet 821
-#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L
-
-#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet"
-#define NID_id_GostR3411_94_CryptoProParamSet 822
-#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L
-
-#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet"
-#define NID_id_Gost28147_89_TestParamSet 823
-#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L
-
-#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824
-#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L
-
-#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825
-#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L
-
-#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826
-#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L
-
-#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827
-#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L
-
-#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828
-#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L
-
-#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829
-#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L
-
-#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet"
-#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830
-#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L
-
-#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet"
-#define NID_id_GostR3410_94_TestParamSet 831
-#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L
-
-#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832
-#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L
-
-#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833
-#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L
-
-#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834
-#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L
-
-#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835
-#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L
-
-#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836
-#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L
-
-#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837
-#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L
-
-#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet"
-#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838
-#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L
-
-#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet"
-#define NID_id_GostR3410_2001_TestParamSet 839
-#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L
-
-#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840
-#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L
-
-#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841
-#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L
-
-#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842
-#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L
-
-#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843
-#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L
-
-#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet"
-#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844
-#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L
-
-#define SN_id_GostR3410_94_a "id-GostR3410-94-a"
-#define NID_id_GostR3410_94_a 845
-#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L
-
-#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis"
-#define NID_id_GostR3410_94_aBis 846
-#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L
-
-#define SN_id_GostR3410_94_b "id-GostR3410-94-b"
-#define NID_id_GostR3410_94_b 847
-#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L
-
-#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis"
-#define NID_id_GostR3410_94_bBis 848
-#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L
-
-#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc"
-#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet"
-#define NID_id_Gost28147_89_cc 849
-#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L
-
-#define SN_id_GostR3410_94_cc "gost94cc"
-#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom"
-#define NID_id_GostR3410_94_cc 850
-#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L
-
-#define SN_id_GostR3410_2001_cc "gost2001cc"
-#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom"
-#define NID_id_GostR3410_2001_cc 851
-#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L
-
-#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc"
-#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom"
-#define NID_id_GostR3411_94_with_GostR3410_94_cc 852
-#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L
-
-#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc"
-#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom"
-#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853
-#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L
-
-#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc"
-#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom"
-#define NID_id_GostR3410_2001_ParamSet_cc 854
-#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L
-
-#define SN_camellia_128_cbc "CAMELLIA-128-CBC"
-#define LN_camellia_128_cbc "camellia-128-cbc"
-#define NID_camellia_128_cbc 751
-#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L
-
-#define SN_camellia_192_cbc "CAMELLIA-192-CBC"
-#define LN_camellia_192_cbc "camellia-192-cbc"
-#define NID_camellia_192_cbc 752
-#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L
-
-#define SN_camellia_256_cbc "CAMELLIA-256-CBC"
-#define LN_camellia_256_cbc "camellia-256-cbc"
-#define NID_camellia_256_cbc 753
-#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L
-
-#define OBJ_ntt_ds 0L,3L,4401L,5L
-
-#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L
-
-#define SN_camellia_128_ecb "CAMELLIA-128-ECB"
-#define LN_camellia_128_ecb "camellia-128-ecb"
-#define NID_camellia_128_ecb 754
-#define OBJ_camellia_128_ecb OBJ_camellia,1L
-
-#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB"
-#define LN_camellia_128_ofb128 "camellia-128-ofb"
-#define NID_camellia_128_ofb128 766
-#define OBJ_camellia_128_ofb128 OBJ_camellia,3L
-
-#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB"
-#define LN_camellia_128_cfb128 "camellia-128-cfb"
-#define NID_camellia_128_cfb128 757
-#define OBJ_camellia_128_cfb128 OBJ_camellia,4L
-
-#define SN_camellia_192_ecb "CAMELLIA-192-ECB"
-#define LN_camellia_192_ecb "camellia-192-ecb"
-#define NID_camellia_192_ecb 755
-#define OBJ_camellia_192_ecb OBJ_camellia,21L
-
-#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB"
-#define LN_camellia_192_ofb128 "camellia-192-ofb"
-#define NID_camellia_192_ofb128 767
-#define OBJ_camellia_192_ofb128 OBJ_camellia,23L
-
-#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB"
-#define LN_camellia_192_cfb128 "camellia-192-cfb"
-#define NID_camellia_192_cfb128 758
-#define OBJ_camellia_192_cfb128 OBJ_camellia,24L
-
-#define SN_camellia_256_ecb "CAMELLIA-256-ECB"
-#define LN_camellia_256_ecb "camellia-256-ecb"
-#define NID_camellia_256_ecb 756
-#define OBJ_camellia_256_ecb OBJ_camellia,41L
-
-#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB"
-#define LN_camellia_256_ofb128 "camellia-256-ofb"
-#define NID_camellia_256_ofb128 768
-#define OBJ_camellia_256_ofb128 OBJ_camellia,43L
-
-#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB"
-#define LN_camellia_256_cfb128 "camellia-256-cfb"
-#define NID_camellia_256_cfb128 759
-#define OBJ_camellia_256_cfb128 OBJ_camellia,44L
-
-#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1"
-#define LN_camellia_128_cfb1 "camellia-128-cfb1"
-#define NID_camellia_128_cfb1 760
-
-#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1"
-#define LN_camellia_192_cfb1 "camellia-192-cfb1"
-#define NID_camellia_192_cfb1 761
-
-#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1"
-#define LN_camellia_256_cfb1 "camellia-256-cfb1"
-#define NID_camellia_256_cfb1 762
-
-#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8"
-#define LN_camellia_128_cfb8 "camellia-128-cfb8"
-#define NID_camellia_128_cfb8 763
-
-#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8"
-#define LN_camellia_192_cfb8 "camellia-192-cfb8"
-#define NID_camellia_192_cfb8 764
-
-#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8"
-#define LN_camellia_256_cfb8 "camellia-256-cfb8"
-#define NID_camellia_256_cfb8 765
-
-#define SN_kisa "KISA"
-#define LN_kisa "kisa"
-#define NID_kisa 773
-#define OBJ_kisa OBJ_member_body,410L,200004L
-
-#define SN_seed_ecb "SEED-ECB"
-#define LN_seed_ecb "seed-ecb"
-#define NID_seed_ecb 776
-#define OBJ_seed_ecb OBJ_kisa,1L,3L
-
-#define SN_seed_cbc "SEED-CBC"
-#define LN_seed_cbc "seed-cbc"
-#define NID_seed_cbc 777
-#define OBJ_seed_cbc OBJ_kisa,1L,4L
-
-#define SN_seed_cfb128 "SEED-CFB"
-#define LN_seed_cfb128 "seed-cfb"
-#define NID_seed_cfb128 779
-#define OBJ_seed_cfb128 OBJ_kisa,1L,5L
-
-#define SN_seed_ofb128 "SEED-OFB"
-#define LN_seed_ofb128 "seed-ofb"
-#define NID_seed_ofb128 778
-#define OBJ_seed_ofb128 OBJ_kisa,1L,6L
-
-#define SN_hmac "HMAC"
-#define LN_hmac "hmac"
-#define NID_hmac 855
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_mac.h (from rev 6976, vendor-crypto/openssl/dist/crypto/objects/obj_mac.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_mac.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/obj_mac.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,3913 @@
+/* crypto/objects/obj_mac.h */
+
+/*
+ * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following
+ * command: perl objects.pl objects.txt obj_mac.num obj_mac.h
+ */
+
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define SN_undef "UNDEF"
+#define LN_undef "undefined"
+#define NID_undef 0
+#define OBJ_undef 0L
+
+#define SN_itu_t "ITU-T"
+#define LN_itu_t "itu-t"
+#define NID_itu_t 645
+#define OBJ_itu_t 0L
+
+#define NID_ccitt 404
+#define OBJ_ccitt OBJ_itu_t
+
+#define SN_iso "ISO"
+#define LN_iso "iso"
+#define NID_iso 181
+#define OBJ_iso 1L
+
+#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T"
+#define LN_joint_iso_itu_t "joint-iso-itu-t"
+#define NID_joint_iso_itu_t 646
+#define OBJ_joint_iso_itu_t 2L
+
+#define NID_joint_iso_ccitt 393
+#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t
+
+#define SN_member_body "member-body"
+#define LN_member_body "ISO Member Body"
+#define NID_member_body 182
+#define OBJ_member_body OBJ_iso,2L
+
+#define SN_identified_organization "identified-organization"
+#define NID_identified_organization 676
+#define OBJ_identified_organization OBJ_iso,3L
+
+#define SN_hmac_md5 "HMAC-MD5"
+#define LN_hmac_md5 "hmac-md5"
+#define NID_hmac_md5 780
+#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L
+
+#define SN_hmac_sha1 "HMAC-SHA1"
+#define LN_hmac_sha1 "hmac-sha1"
+#define NID_hmac_sha1 781
+#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L
+
+#define SN_certicom_arc "certicom-arc"
+#define NID_certicom_arc 677
+#define OBJ_certicom_arc OBJ_identified_organization,132L
+
+#define SN_international_organizations "international-organizations"
+#define LN_international_organizations "International Organizations"
+#define NID_international_organizations 647
+#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L
+
+#define SN_wap "wap"
+#define NID_wap 678
+#define OBJ_wap OBJ_international_organizations,43L
+
+#define SN_wap_wsg "wap-wsg"
+#define NID_wap_wsg 679
+#define OBJ_wap_wsg OBJ_wap,1L
+
+#define SN_selected_attribute_types "selected-attribute-types"
+#define LN_selected_attribute_types "Selected Attribute Types"
+#define NID_selected_attribute_types 394
+#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L
+
+#define SN_clearance "clearance"
+#define NID_clearance 395
+#define OBJ_clearance OBJ_selected_attribute_types,55L
+
+#define SN_ISO_US "ISO-US"
+#define LN_ISO_US "ISO US Member Body"
+#define NID_ISO_US 183
+#define OBJ_ISO_US OBJ_member_body,840L
+
+#define SN_X9_57 "X9-57"
+#define LN_X9_57 "X9.57"
+#define NID_X9_57 184
+#define OBJ_X9_57 OBJ_ISO_US,10040L
+
+#define SN_X9cm "X9cm"
+#define LN_X9cm "X9.57 CM ?"
+#define NID_X9cm 185
+#define OBJ_X9cm OBJ_X9_57,4L
+
+#define SN_dsa "DSA"
+#define LN_dsa "dsaEncryption"
+#define NID_dsa 116
+#define OBJ_dsa OBJ_X9cm,1L
+
+#define SN_dsaWithSHA1 "DSA-SHA1"
+#define LN_dsaWithSHA1 "dsaWithSHA1"
+#define NID_dsaWithSHA1 113
+#define OBJ_dsaWithSHA1 OBJ_X9cm,3L
+
+#define SN_ansi_X9_62 "ansi-X9-62"
+#define LN_ansi_X9_62 "ANSI X9.62"
+#define NID_ansi_X9_62 405
+#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L
+
+#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L
+
+#define SN_X9_62_prime_field "prime-field"
+#define NID_X9_62_prime_field 406
+#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L
+
+#define SN_X9_62_characteristic_two_field "characteristic-two-field"
+#define NID_X9_62_characteristic_two_field 407
+#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L
+
+#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis"
+#define NID_X9_62_id_characteristic_two_basis 680
+#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L
+
+#define SN_X9_62_onBasis "onBasis"
+#define NID_X9_62_onBasis 681
+#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L
+
+#define SN_X9_62_tpBasis "tpBasis"
+#define NID_X9_62_tpBasis 682
+#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L
+
+#define SN_X9_62_ppBasis "ppBasis"
+#define NID_X9_62_ppBasis 683
+#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L
+
+#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L
+
+#define SN_X9_62_id_ecPublicKey "id-ecPublicKey"
+#define NID_X9_62_id_ecPublicKey 408
+#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L
+
+#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L
+
+#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L
+
+#define SN_X9_62_c2pnb163v1 "c2pnb163v1"
+#define NID_X9_62_c2pnb163v1 684
+#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L
+
+#define SN_X9_62_c2pnb163v2 "c2pnb163v2"
+#define NID_X9_62_c2pnb163v2 685
+#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L
+
+#define SN_X9_62_c2pnb163v3 "c2pnb163v3"
+#define NID_X9_62_c2pnb163v3 686
+#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L
+
+#define SN_X9_62_c2pnb176v1 "c2pnb176v1"
+#define NID_X9_62_c2pnb176v1 687
+#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L
+
+#define SN_X9_62_c2tnb191v1 "c2tnb191v1"
+#define NID_X9_62_c2tnb191v1 688
+#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L
+
+#define SN_X9_62_c2tnb191v2 "c2tnb191v2"
+#define NID_X9_62_c2tnb191v2 689
+#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L
+
+#define SN_X9_62_c2tnb191v3 "c2tnb191v3"
+#define NID_X9_62_c2tnb191v3 690
+#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L
+
+#define SN_X9_62_c2onb191v4 "c2onb191v4"
+#define NID_X9_62_c2onb191v4 691
+#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L
+
+#define SN_X9_62_c2onb191v5 "c2onb191v5"
+#define NID_X9_62_c2onb191v5 692
+#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L
+
+#define SN_X9_62_c2pnb208w1 "c2pnb208w1"
+#define NID_X9_62_c2pnb208w1 693
+#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L
+
+#define SN_X9_62_c2tnb239v1 "c2tnb239v1"
+#define NID_X9_62_c2tnb239v1 694
+#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L
+
+#define SN_X9_62_c2tnb239v2 "c2tnb239v2"
+#define NID_X9_62_c2tnb239v2 695
+#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L
+
+#define SN_X9_62_c2tnb239v3 "c2tnb239v3"
+#define NID_X9_62_c2tnb239v3 696
+#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L
+
+#define SN_X9_62_c2onb239v4 "c2onb239v4"
+#define NID_X9_62_c2onb239v4 697
+#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L
+
+#define SN_X9_62_c2onb239v5 "c2onb239v5"
+#define NID_X9_62_c2onb239v5 698
+#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L
+
+#define SN_X9_62_c2pnb272w1 "c2pnb272w1"
+#define NID_X9_62_c2pnb272w1 699
+#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L
+
+#define SN_X9_62_c2pnb304w1 "c2pnb304w1"
+#define NID_X9_62_c2pnb304w1 700
+#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L
+
+#define SN_X9_62_c2tnb359v1 "c2tnb359v1"
+#define NID_X9_62_c2tnb359v1 701
+#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L
+
+#define SN_X9_62_c2pnb368w1 "c2pnb368w1"
+#define NID_X9_62_c2pnb368w1 702
+#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L
+
+#define SN_X9_62_c2tnb431r1 "c2tnb431r1"
+#define NID_X9_62_c2tnb431r1 703
+#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L
+
+#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L
+
+#define SN_X9_62_prime192v1 "prime192v1"
+#define NID_X9_62_prime192v1 409
+#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L
+
+#define SN_X9_62_prime192v2 "prime192v2"
+#define NID_X9_62_prime192v2 410
+#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L
+
+#define SN_X9_62_prime192v3 "prime192v3"
+#define NID_X9_62_prime192v3 411
+#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L
+
+#define SN_X9_62_prime239v1 "prime239v1"
+#define NID_X9_62_prime239v1 412
+#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L
+
+#define SN_X9_62_prime239v2 "prime239v2"
+#define NID_X9_62_prime239v2 413
+#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L
+
+#define SN_X9_62_prime239v3 "prime239v3"
+#define NID_X9_62_prime239v3 414
+#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L
+
+#define SN_X9_62_prime256v1 "prime256v1"
+#define NID_X9_62_prime256v1 415
+#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L
+
+#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L
+
+#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1"
+#define NID_ecdsa_with_SHA1 416
+#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L
+
+#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended"
+#define NID_ecdsa_with_Recommended 791
+#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L
+
+#define SN_ecdsa_with_Specified "ecdsa-with-Specified"
+#define NID_ecdsa_with_Specified 792
+#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L
+
+#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224"
+#define NID_ecdsa_with_SHA224 793
+#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L
+
+#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256"
+#define NID_ecdsa_with_SHA256 794
+#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L
+
+#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384"
+#define NID_ecdsa_with_SHA384 795
+#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L
+
+#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512"
+#define NID_ecdsa_with_SHA512 796
+#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L
+
+#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L
+
+#define SN_secp112r1 "secp112r1"
+#define NID_secp112r1 704
+#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L
+
+#define SN_secp112r2 "secp112r2"
+#define NID_secp112r2 705
+#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L
+
+#define SN_secp128r1 "secp128r1"
+#define NID_secp128r1 706
+#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L
+
+#define SN_secp128r2 "secp128r2"
+#define NID_secp128r2 707
+#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L
+
+#define SN_secp160k1 "secp160k1"
+#define NID_secp160k1 708
+#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L
+
+#define SN_secp160r1 "secp160r1"
+#define NID_secp160r1 709
+#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L
+
+#define SN_secp160r2 "secp160r2"
+#define NID_secp160r2 710
+#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L
+
+#define SN_secp192k1 "secp192k1"
+#define NID_secp192k1 711
+#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L
+
+#define SN_secp224k1 "secp224k1"
+#define NID_secp224k1 712
+#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L
+
+#define SN_secp224r1 "secp224r1"
+#define NID_secp224r1 713
+#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L
+
+#define SN_secp256k1 "secp256k1"
+#define NID_secp256k1 714
+#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L
+
+#define SN_secp384r1 "secp384r1"
+#define NID_secp384r1 715
+#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L
+
+#define SN_secp521r1 "secp521r1"
+#define NID_secp521r1 716
+#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L
+
+#define SN_sect113r1 "sect113r1"
+#define NID_sect113r1 717
+#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L
+
+#define SN_sect113r2 "sect113r2"
+#define NID_sect113r2 718
+#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L
+
+#define SN_sect131r1 "sect131r1"
+#define NID_sect131r1 719
+#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L
+
+#define SN_sect131r2 "sect131r2"
+#define NID_sect131r2 720
+#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L
+
+#define SN_sect163k1 "sect163k1"
+#define NID_sect163k1 721
+#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L
+
+#define SN_sect163r1 "sect163r1"
+#define NID_sect163r1 722
+#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L
+
+#define SN_sect163r2 "sect163r2"
+#define NID_sect163r2 723
+#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L
+
+#define SN_sect193r1 "sect193r1"
+#define NID_sect193r1 724
+#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L
+
+#define SN_sect193r2 "sect193r2"
+#define NID_sect193r2 725
+#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L
+
+#define SN_sect233k1 "sect233k1"
+#define NID_sect233k1 726
+#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L
+
+#define SN_sect233r1 "sect233r1"
+#define NID_sect233r1 727
+#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L
+
+#define SN_sect239k1 "sect239k1"
+#define NID_sect239k1 728
+#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L
+
+#define SN_sect283k1 "sect283k1"
+#define NID_sect283k1 729
+#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L
+
+#define SN_sect283r1 "sect283r1"
+#define NID_sect283r1 730
+#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L
+
+#define SN_sect409k1 "sect409k1"
+#define NID_sect409k1 731
+#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L
+
+#define SN_sect409r1 "sect409r1"
+#define NID_sect409r1 732
+#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L
+
+#define SN_sect571k1 "sect571k1"
+#define NID_sect571k1 733
+#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L
+
+#define SN_sect571r1 "sect571r1"
+#define NID_sect571r1 734
+#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L
+
+#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L
+
+#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1"
+#define NID_wap_wsg_idm_ecid_wtls1 735
+#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L
+
+#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3"
+#define NID_wap_wsg_idm_ecid_wtls3 736
+#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L
+
+#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4"
+#define NID_wap_wsg_idm_ecid_wtls4 737
+#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L
+
+#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5"
+#define NID_wap_wsg_idm_ecid_wtls5 738
+#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L
+
+#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6"
+#define NID_wap_wsg_idm_ecid_wtls6 739
+#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L
+
+#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7"
+#define NID_wap_wsg_idm_ecid_wtls7 740
+#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L
+
+#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8"
+#define NID_wap_wsg_idm_ecid_wtls8 741
+#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L
+
+#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9"
+#define NID_wap_wsg_idm_ecid_wtls9 742
+#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L
+
+#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10"
+#define NID_wap_wsg_idm_ecid_wtls10 743
+#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L
+
+#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11"
+#define NID_wap_wsg_idm_ecid_wtls11 744
+#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L
+
+#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12"
+#define NID_wap_wsg_idm_ecid_wtls12 745
+#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L
+
+#define SN_cast5_cbc "CAST5-CBC"
+#define LN_cast5_cbc "cast5-cbc"
+#define NID_cast5_cbc 108
+#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L
+
+#define SN_cast5_ecb "CAST5-ECB"
+#define LN_cast5_ecb "cast5-ecb"
+#define NID_cast5_ecb 109
+
+#define SN_cast5_cfb64 "CAST5-CFB"
+#define LN_cast5_cfb64 "cast5-cfb"
+#define NID_cast5_cfb64 110
+
+#define SN_cast5_ofb64 "CAST5-OFB"
+#define LN_cast5_ofb64 "cast5-ofb"
+#define NID_cast5_ofb64 111
+
+#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC"
+#define NID_pbeWithMD5AndCast5_CBC 112
+#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L
+
+#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC"
+#define LN_id_PasswordBasedMAC "password based MAC"
+#define NID_id_PasswordBasedMAC 782
+#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L
+
+#define SN_id_DHBasedMac "id-DHBasedMac"
+#define LN_id_DHBasedMac "Diffie-Hellman based MAC"
+#define NID_id_DHBasedMac 783
+#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L
+
+#define SN_rsadsi "rsadsi"
+#define LN_rsadsi "RSA Data Security, Inc."
+#define NID_rsadsi 1
+#define OBJ_rsadsi OBJ_ISO_US,113549L
+
+#define SN_pkcs "pkcs"
+#define LN_pkcs "RSA Data Security, Inc. PKCS"
+#define NID_pkcs 2
+#define OBJ_pkcs OBJ_rsadsi,1L
+
+#define SN_pkcs1 "pkcs1"
+#define NID_pkcs1 186
+#define OBJ_pkcs1 OBJ_pkcs,1L
+
+#define LN_rsaEncryption "rsaEncryption"
+#define NID_rsaEncryption 6
+#define OBJ_rsaEncryption OBJ_pkcs1,1L
+
+#define SN_md2WithRSAEncryption "RSA-MD2"
+#define LN_md2WithRSAEncryption "md2WithRSAEncryption"
+#define NID_md2WithRSAEncryption 7
+#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L
+
+#define SN_md4WithRSAEncryption "RSA-MD4"
+#define LN_md4WithRSAEncryption "md4WithRSAEncryption"
+#define NID_md4WithRSAEncryption 396
+#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L
+
+#define SN_md5WithRSAEncryption "RSA-MD5"
+#define LN_md5WithRSAEncryption "md5WithRSAEncryption"
+#define NID_md5WithRSAEncryption 8
+#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L
+
+#define SN_sha1WithRSAEncryption "RSA-SHA1"
+#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption"
+#define NID_sha1WithRSAEncryption 65
+#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L
+
+#define SN_sha256WithRSAEncryption "RSA-SHA256"
+#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption"
+#define NID_sha256WithRSAEncryption 668
+#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L
+
+#define SN_sha384WithRSAEncryption "RSA-SHA384"
+#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption"
+#define NID_sha384WithRSAEncryption 669
+#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L
+
+#define SN_sha512WithRSAEncryption "RSA-SHA512"
+#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption"
+#define NID_sha512WithRSAEncryption 670
+#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L
+
+#define SN_sha224WithRSAEncryption "RSA-SHA224"
+#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption"
+#define NID_sha224WithRSAEncryption 671
+#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L
+
+#define SN_pkcs3 "pkcs3"
+#define NID_pkcs3 27
+#define OBJ_pkcs3 OBJ_pkcs,3L
+
+#define LN_dhKeyAgreement "dhKeyAgreement"
+#define NID_dhKeyAgreement 28
+#define OBJ_dhKeyAgreement OBJ_pkcs3,1L
+
+#define SN_pkcs5 "pkcs5"
+#define NID_pkcs5 187
+#define OBJ_pkcs5 OBJ_pkcs,5L
+
+#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES"
+#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC"
+#define NID_pbeWithMD2AndDES_CBC 9
+#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L
+
+#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES"
+#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC"
+#define NID_pbeWithMD5AndDES_CBC 10
+#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L
+
+#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64"
+#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC"
+#define NID_pbeWithMD2AndRC2_CBC 168
+#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L
+
+#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64"
+#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC"
+#define NID_pbeWithMD5AndRC2_CBC 169
+#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L
+
+#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES"
+#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC"
+#define NID_pbeWithSHA1AndDES_CBC 170
+#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L
+
+#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64"
+#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC"
+#define NID_pbeWithSHA1AndRC2_CBC 68
+#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L
+
+#define LN_id_pbkdf2 "PBKDF2"
+#define NID_id_pbkdf2 69
+#define OBJ_id_pbkdf2 OBJ_pkcs5,12L
+
+#define LN_pbes2 "PBES2"
+#define NID_pbes2 161
+#define OBJ_pbes2 OBJ_pkcs5,13L
+
+#define LN_pbmac1 "PBMAC1"
+#define NID_pbmac1 162
+#define OBJ_pbmac1 OBJ_pkcs5,14L
+
+#define SN_pkcs7 "pkcs7"
+#define NID_pkcs7 20
+#define OBJ_pkcs7 OBJ_pkcs,7L
+
+#define LN_pkcs7_data "pkcs7-data"
+#define NID_pkcs7_data 21
+#define OBJ_pkcs7_data OBJ_pkcs7,1L
+
+#define LN_pkcs7_signed "pkcs7-signedData"
+#define NID_pkcs7_signed 22
+#define OBJ_pkcs7_signed OBJ_pkcs7,2L
+
+#define LN_pkcs7_enveloped "pkcs7-envelopedData"
+#define NID_pkcs7_enveloped 23
+#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L
+
+#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData"
+#define NID_pkcs7_signedAndEnveloped 24
+#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L
+
+#define LN_pkcs7_digest "pkcs7-digestData"
+#define NID_pkcs7_digest 25
+#define OBJ_pkcs7_digest OBJ_pkcs7,5L
+
+#define LN_pkcs7_encrypted "pkcs7-encryptedData"
+#define NID_pkcs7_encrypted 26
+#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L
+
+#define SN_pkcs9 "pkcs9"
+#define NID_pkcs9 47
+#define OBJ_pkcs9 OBJ_pkcs,9L
+
+#define LN_pkcs9_emailAddress "emailAddress"
+#define NID_pkcs9_emailAddress 48
+#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L
+
+#define LN_pkcs9_unstructuredName "unstructuredName"
+#define NID_pkcs9_unstructuredName 49
+#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L
+
+#define LN_pkcs9_contentType "contentType"
+#define NID_pkcs9_contentType 50
+#define OBJ_pkcs9_contentType OBJ_pkcs9,3L
+
+#define LN_pkcs9_messageDigest "messageDigest"
+#define NID_pkcs9_messageDigest 51
+#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L
+
+#define LN_pkcs9_signingTime "signingTime"
+#define NID_pkcs9_signingTime 52
+#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L
+
+#define LN_pkcs9_countersignature "countersignature"
+#define NID_pkcs9_countersignature 53
+#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L
+
+#define LN_pkcs9_challengePassword "challengePassword"
+#define NID_pkcs9_challengePassword 54
+#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L
+
+#define LN_pkcs9_unstructuredAddress "unstructuredAddress"
+#define NID_pkcs9_unstructuredAddress 55
+#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L
+
+#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes"
+#define NID_pkcs9_extCertAttributes 56
+#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L
+
+#define SN_ext_req "extReq"
+#define LN_ext_req "Extension Request"
+#define NID_ext_req 172
+#define OBJ_ext_req OBJ_pkcs9,14L
+
+#define SN_SMIMECapabilities "SMIME-CAPS"
+#define LN_SMIMECapabilities "S/MIME Capabilities"
+#define NID_SMIMECapabilities 167
+#define OBJ_SMIMECapabilities OBJ_pkcs9,15L
+
+#define SN_SMIME "SMIME"
+#define LN_SMIME "S/MIME"
+#define NID_SMIME 188
+#define OBJ_SMIME OBJ_pkcs9,16L
+
+#define SN_id_smime_mod "id-smime-mod"
+#define NID_id_smime_mod 189
+#define OBJ_id_smime_mod OBJ_SMIME,0L
+
+#define SN_id_smime_ct "id-smime-ct"
+#define NID_id_smime_ct 190
+#define OBJ_id_smime_ct OBJ_SMIME,1L
+
+#define SN_id_smime_aa "id-smime-aa"
+#define NID_id_smime_aa 191
+#define OBJ_id_smime_aa OBJ_SMIME,2L
+
+#define SN_id_smime_alg "id-smime-alg"
+#define NID_id_smime_alg 192
+#define OBJ_id_smime_alg OBJ_SMIME,3L
+
+#define SN_id_smime_cd "id-smime-cd"
+#define NID_id_smime_cd 193
+#define OBJ_id_smime_cd OBJ_SMIME,4L
+
+#define SN_id_smime_spq "id-smime-spq"
+#define NID_id_smime_spq 194
+#define OBJ_id_smime_spq OBJ_SMIME,5L
+
+#define SN_id_smime_cti "id-smime-cti"
+#define NID_id_smime_cti 195
+#define OBJ_id_smime_cti OBJ_SMIME,6L
+
+#define SN_id_smime_mod_cms "id-smime-mod-cms"
+#define NID_id_smime_mod_cms 196
+#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L
+
+#define SN_id_smime_mod_ess "id-smime-mod-ess"
+#define NID_id_smime_mod_ess 197
+#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L
+
+#define SN_id_smime_mod_oid "id-smime-mod-oid"
+#define NID_id_smime_mod_oid 198
+#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L
+
+#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3"
+#define NID_id_smime_mod_msg_v3 199
+#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L
+
+#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88"
+#define NID_id_smime_mod_ets_eSignature_88 200
+#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L
+
+#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97"
+#define NID_id_smime_mod_ets_eSignature_97 201
+#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L
+
+#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88"
+#define NID_id_smime_mod_ets_eSigPolicy_88 202
+#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L
+
+#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97"
+#define NID_id_smime_mod_ets_eSigPolicy_97 203
+#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L
+
+#define SN_id_smime_ct_receipt "id-smime-ct-receipt"
+#define NID_id_smime_ct_receipt 204
+#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L
+
+#define SN_id_smime_ct_authData "id-smime-ct-authData"
+#define NID_id_smime_ct_authData 205
+#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L
+
+#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert"
+#define NID_id_smime_ct_publishCert 206
+#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L
+
+#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo"
+#define NID_id_smime_ct_TSTInfo 207
+#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L
+
+#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo"
+#define NID_id_smime_ct_TDTInfo 208
+#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L
+
+#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo"
+#define NID_id_smime_ct_contentInfo 209
+#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L
+
+#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData"
+#define NID_id_smime_ct_DVCSRequestData 210
+#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L
+
+#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData"
+#define NID_id_smime_ct_DVCSResponseData 211
+#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L
+
+#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData"
+#define NID_id_smime_ct_compressedData 786
+#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L
+
+#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF"
+#define NID_id_ct_asciiTextWithCRLF 787
+#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L
+
+#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest"
+#define NID_id_smime_aa_receiptRequest 212
+#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L
+
+#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel"
+#define NID_id_smime_aa_securityLabel 213
+#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L
+
+#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory"
+#define NID_id_smime_aa_mlExpandHistory 214
+#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L
+
+#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint"
+#define NID_id_smime_aa_contentHint 215
+#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L
+
+#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest"
+#define NID_id_smime_aa_msgSigDigest 216
+#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L
+
+#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType"
+#define NID_id_smime_aa_encapContentType 217
+#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L
+
+#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier"
+#define NID_id_smime_aa_contentIdentifier 218
+#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L
+
+#define SN_id_smime_aa_macValue "id-smime-aa-macValue"
+#define NID_id_smime_aa_macValue 219
+#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L
+
+#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels"
+#define NID_id_smime_aa_equivalentLabels 220
+#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L
+
+#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference"
+#define NID_id_smime_aa_contentReference 221
+#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L
+
+#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref"
+#define NID_id_smime_aa_encrypKeyPref 222
+#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L
+
+#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate"
+#define NID_id_smime_aa_signingCertificate 223
+#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L
+
+#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts"
+#define NID_id_smime_aa_smimeEncryptCerts 224
+#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L
+
+#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken"
+#define NID_id_smime_aa_timeStampToken 225
+#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L
+
+#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId"
+#define NID_id_smime_aa_ets_sigPolicyId 226
+#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L
+
+#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType"
+#define NID_id_smime_aa_ets_commitmentType 227
+#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L
+
+#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation"
+#define NID_id_smime_aa_ets_signerLocation 228
+#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L
+
+#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr"
+#define NID_id_smime_aa_ets_signerAttr 229
+#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L
+
+#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert"
+#define NID_id_smime_aa_ets_otherSigCert 230
+#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L
+
+#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp"
+#define NID_id_smime_aa_ets_contentTimestamp 231
+#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L
+
+#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs"
+#define NID_id_smime_aa_ets_CertificateRefs 232
+#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L
+
+#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs"
+#define NID_id_smime_aa_ets_RevocationRefs 233
+#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L
+
+#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues"
+#define NID_id_smime_aa_ets_certValues 234
+#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L
+
+#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues"
+#define NID_id_smime_aa_ets_revocationValues 235
+#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L
+
+#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp"
+#define NID_id_smime_aa_ets_escTimeStamp 236
+#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L
+
+#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp"
+#define NID_id_smime_aa_ets_certCRLTimestamp 237
+#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L
+
+#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp"
+#define NID_id_smime_aa_ets_archiveTimeStamp 238
+#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L
+
+#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType"
+#define NID_id_smime_aa_signatureType 239
+#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L
+
+#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc"
+#define NID_id_smime_aa_dvcs_dvc 240
+#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L
+
+#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES"
+#define NID_id_smime_alg_ESDHwith3DES 241
+#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L
+
+#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2"
+#define NID_id_smime_alg_ESDHwithRC2 242
+#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L
+
+#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap"
+#define NID_id_smime_alg_3DESwrap 243
+#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L
+
+#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap"
+#define NID_id_smime_alg_RC2wrap 244
+#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L
+
+#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH"
+#define NID_id_smime_alg_ESDH 245
+#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L
+
+#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap"
+#define NID_id_smime_alg_CMS3DESwrap 246
+#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L
+
+#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap"
+#define NID_id_smime_alg_CMSRC2wrap 247
+#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L
+
+#define SN_id_smime_cd_ldap "id-smime-cd-ldap"
+#define NID_id_smime_cd_ldap 248
+#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L
+
+#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri"
+#define NID_id_smime_spq_ets_sqt_uri 249
+#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L
+
+#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice"
+#define NID_id_smime_spq_ets_sqt_unotice 250
+#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L
+
+#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin"
+#define NID_id_smime_cti_ets_proofOfOrigin 251
+#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L
+
+#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt"
+#define NID_id_smime_cti_ets_proofOfReceipt 252
+#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L
+
+#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery"
+#define NID_id_smime_cti_ets_proofOfDelivery 253
+#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L
+
+#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender"
+#define NID_id_smime_cti_ets_proofOfSender 254
+#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L
+
+#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval"
+#define NID_id_smime_cti_ets_proofOfApproval 255
+#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L
+
+#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation"
+#define NID_id_smime_cti_ets_proofOfCreation 256
+#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L
+
+#define LN_friendlyName "friendlyName"
+#define NID_friendlyName 156
+#define OBJ_friendlyName OBJ_pkcs9,20L
+
+#define LN_localKeyID "localKeyID"
+#define NID_localKeyID 157
+#define OBJ_localKeyID OBJ_pkcs9,21L
+
+#define SN_ms_csp_name "CSPName"
+#define LN_ms_csp_name "Microsoft CSP Name"
+#define NID_ms_csp_name 417
+#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L
+
+#define SN_LocalKeySet "LocalKeySet"
+#define LN_LocalKeySet "Microsoft Local Key set"
+#define NID_LocalKeySet 856
+#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L
+
+#define OBJ_certTypes OBJ_pkcs9,22L
+
+#define LN_x509Certificate "x509Certificate"
+#define NID_x509Certificate 158
+#define OBJ_x509Certificate OBJ_certTypes,1L
+
+#define LN_sdsiCertificate "sdsiCertificate"
+#define NID_sdsiCertificate 159
+#define OBJ_sdsiCertificate OBJ_certTypes,2L
+
+#define OBJ_crlTypes OBJ_pkcs9,23L
+
+#define LN_x509Crl "x509Crl"
+#define NID_x509Crl 160
+#define OBJ_x509Crl OBJ_crlTypes,1L
+
+#define OBJ_pkcs12 OBJ_pkcs,12L
+
+#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L
+
+#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128"
+#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4"
+#define NID_pbe_WithSHA1And128BitRC4 144
+#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L
+
+#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40"
+#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4"
+#define NID_pbe_WithSHA1And40BitRC4 145
+#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L
+
+#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES"
+#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146
+#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L
+
+#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES"
+#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147
+#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L
+
+#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128"
+#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC"
+#define NID_pbe_WithSHA1And128BitRC2_CBC 148
+#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L
+
+#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40"
+#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC"
+#define NID_pbe_WithSHA1And40BitRC2_CBC 149
+#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L
+
+#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L
+
+#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L
+
+#define LN_keyBag "keyBag"
+#define NID_keyBag 150
+#define OBJ_keyBag OBJ_pkcs12_BagIds,1L
+
+#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag"
+#define NID_pkcs8ShroudedKeyBag 151
+#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L
+
+#define LN_certBag "certBag"
+#define NID_certBag 152
+#define OBJ_certBag OBJ_pkcs12_BagIds,3L
+
+#define LN_crlBag "crlBag"
+#define NID_crlBag 153
+#define OBJ_crlBag OBJ_pkcs12_BagIds,4L
+
+#define LN_secretBag "secretBag"
+#define NID_secretBag 154
+#define OBJ_secretBag OBJ_pkcs12_BagIds,5L
+
+#define LN_safeContentsBag "safeContentsBag"
+#define NID_safeContentsBag 155
+#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L
+
+#define SN_md2 "MD2"
+#define LN_md2 "md2"
+#define NID_md2 3
+#define OBJ_md2 OBJ_rsadsi,2L,2L
+
+#define SN_md4 "MD4"
+#define LN_md4 "md4"
+#define NID_md4 257
+#define OBJ_md4 OBJ_rsadsi,2L,4L
+
+#define SN_md5 "MD5"
+#define LN_md5 "md5"
+#define NID_md5 4
+#define OBJ_md5 OBJ_rsadsi,2L,5L
+
+#define SN_md5_sha1 "MD5-SHA1"
+#define LN_md5_sha1 "md5-sha1"
+#define NID_md5_sha1 114
+
+#define LN_hmacWithMD5 "hmacWithMD5"
+#define NID_hmacWithMD5 797
+#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L
+
+#define LN_hmacWithSHA1 "hmacWithSHA1"
+#define NID_hmacWithSHA1 163
+#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L
+
+#define LN_hmacWithSHA224 "hmacWithSHA224"
+#define NID_hmacWithSHA224 798
+#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L
+
+#define LN_hmacWithSHA256 "hmacWithSHA256"
+#define NID_hmacWithSHA256 799
+#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L
+
+#define LN_hmacWithSHA384 "hmacWithSHA384"
+#define NID_hmacWithSHA384 800
+#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L
+
+#define LN_hmacWithSHA512 "hmacWithSHA512"
+#define NID_hmacWithSHA512 801
+#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L
+
+#define SN_rc2_cbc "RC2-CBC"
+#define LN_rc2_cbc "rc2-cbc"
+#define NID_rc2_cbc 37
+#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L
+
+#define SN_rc2_ecb "RC2-ECB"
+#define LN_rc2_ecb "rc2-ecb"
+#define NID_rc2_ecb 38
+
+#define SN_rc2_cfb64 "RC2-CFB"
+#define LN_rc2_cfb64 "rc2-cfb"
+#define NID_rc2_cfb64 39
+
+#define SN_rc2_ofb64 "RC2-OFB"
+#define LN_rc2_ofb64 "rc2-ofb"
+#define NID_rc2_ofb64 40
+
+#define SN_rc2_40_cbc "RC2-40-CBC"
+#define LN_rc2_40_cbc "rc2-40-cbc"
+#define NID_rc2_40_cbc 98
+
+#define SN_rc2_64_cbc "RC2-64-CBC"
+#define LN_rc2_64_cbc "rc2-64-cbc"
+#define NID_rc2_64_cbc 166
+
+#define SN_rc4 "RC4"
+#define LN_rc4 "rc4"
+#define NID_rc4 5
+#define OBJ_rc4 OBJ_rsadsi,3L,4L
+
+#define SN_rc4_40 "RC4-40"
+#define LN_rc4_40 "rc4-40"
+#define NID_rc4_40 97
+
+#define SN_des_ede3_cbc "DES-EDE3-CBC"
+#define LN_des_ede3_cbc "des-ede3-cbc"
+#define NID_des_ede3_cbc 44
+#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L
+
+#define SN_rc5_cbc "RC5-CBC"
+#define LN_rc5_cbc "rc5-cbc"
+#define NID_rc5_cbc 120
+#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L
+
+#define SN_rc5_ecb "RC5-ECB"
+#define LN_rc5_ecb "rc5-ecb"
+#define NID_rc5_ecb 121
+
+#define SN_rc5_cfb64 "RC5-CFB"
+#define LN_rc5_cfb64 "rc5-cfb"
+#define NID_rc5_cfb64 122
+
+#define SN_rc5_ofb64 "RC5-OFB"
+#define LN_rc5_ofb64 "rc5-ofb"
+#define NID_rc5_ofb64 123
+
+#define SN_ms_ext_req "msExtReq"
+#define LN_ms_ext_req "Microsoft Extension Request"
+#define NID_ms_ext_req 171
+#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+
+#define SN_ms_code_ind "msCodeInd"
+#define LN_ms_code_ind "Microsoft Individual Code Signing"
+#define NID_ms_code_ind 134
+#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+#define SN_ms_code_com "msCodeCom"
+#define LN_ms_code_com "Microsoft Commercial Code Signing"
+#define NID_ms_code_com 135
+#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+#define SN_ms_ctl_sign "msCTLSign"
+#define LN_ms_ctl_sign "Microsoft Trust List Signing"
+#define NID_ms_ctl_sign 136
+#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+#define SN_ms_sgc "msSGC"
+#define LN_ms_sgc "Microsoft Server Gated Crypto"
+#define NID_ms_sgc 137
+#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+#define SN_ms_efs "msEFS"
+#define LN_ms_efs "Microsoft Encrypted File System"
+#define NID_ms_efs 138
+#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+#define SN_ms_smartcard_login "msSmartcardLogin"
+#define LN_ms_smartcard_login "Microsoft Smartcardlogin"
+#define NID_ms_smartcard_login 648
+#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+
+#define SN_ms_upn "msUPN"
+#define LN_ms_upn "Microsoft Universal Principal Name"
+#define NID_ms_upn 649
+#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+
+#define SN_idea_cbc "IDEA-CBC"
+#define LN_idea_cbc "idea-cbc"
+#define NID_idea_cbc 34
+#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
+
+#define SN_idea_ecb "IDEA-ECB"
+#define LN_idea_ecb "idea-ecb"
+#define NID_idea_ecb 36
+
+#define SN_idea_cfb64 "IDEA-CFB"
+#define LN_idea_cfb64 "idea-cfb"
+#define NID_idea_cfb64 35
+
+#define SN_idea_ofb64 "IDEA-OFB"
+#define LN_idea_ofb64 "idea-ofb"
+#define NID_idea_ofb64 46
+
+#define SN_bf_cbc "BF-CBC"
+#define LN_bf_cbc "bf-cbc"
+#define NID_bf_cbc 91
+#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L
+
+#define SN_bf_ecb "BF-ECB"
+#define LN_bf_ecb "bf-ecb"
+#define NID_bf_ecb 92
+
+#define SN_bf_cfb64 "BF-CFB"
+#define LN_bf_cfb64 "bf-cfb"
+#define NID_bf_cfb64 93
+
+#define SN_bf_ofb64 "BF-OFB"
+#define LN_bf_ofb64 "bf-ofb"
+#define NID_bf_ofb64 94
+
+#define SN_id_pkix "PKIX"
+#define NID_id_pkix 127
+#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L
+
+#define SN_id_pkix_mod "id-pkix-mod"
+#define NID_id_pkix_mod 258
+#define OBJ_id_pkix_mod OBJ_id_pkix,0L
+
+#define SN_id_pe "id-pe"
+#define NID_id_pe 175
+#define OBJ_id_pe OBJ_id_pkix,1L
+
+#define SN_id_qt "id-qt"
+#define NID_id_qt 259
+#define OBJ_id_qt OBJ_id_pkix,2L
+
+#define SN_id_kp "id-kp"
+#define NID_id_kp 128
+#define OBJ_id_kp OBJ_id_pkix,3L
+
+#define SN_id_it "id-it"
+#define NID_id_it 260
+#define OBJ_id_it OBJ_id_pkix,4L
+
+#define SN_id_pkip "id-pkip"
+#define NID_id_pkip 261
+#define OBJ_id_pkip OBJ_id_pkix,5L
+
+#define SN_id_alg "id-alg"
+#define NID_id_alg 262
+#define OBJ_id_alg OBJ_id_pkix,6L
+
+#define SN_id_cmc "id-cmc"
+#define NID_id_cmc 263
+#define OBJ_id_cmc OBJ_id_pkix,7L
+
+#define SN_id_on "id-on"
+#define NID_id_on 264
+#define OBJ_id_on OBJ_id_pkix,8L
+
+#define SN_id_pda "id-pda"
+#define NID_id_pda 265
+#define OBJ_id_pda OBJ_id_pkix,9L
+
+#define SN_id_aca "id-aca"
+#define NID_id_aca 266
+#define OBJ_id_aca OBJ_id_pkix,10L
+
+#define SN_id_qcs "id-qcs"
+#define NID_id_qcs 267
+#define OBJ_id_qcs OBJ_id_pkix,11L
+
+#define SN_id_cct "id-cct"
+#define NID_id_cct 268
+#define OBJ_id_cct OBJ_id_pkix,12L
+
+#define SN_id_ppl "id-ppl"
+#define NID_id_ppl 662
+#define OBJ_id_ppl OBJ_id_pkix,21L
+
+#define SN_id_ad "id-ad"
+#define NID_id_ad 176
+#define OBJ_id_ad OBJ_id_pkix,48L
+
+#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88"
+#define NID_id_pkix1_explicit_88 269
+#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L
+
+#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88"
+#define NID_id_pkix1_implicit_88 270
+#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L
+
+#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93"
+#define NID_id_pkix1_explicit_93 271
+#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L
+
+#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93"
+#define NID_id_pkix1_implicit_93 272
+#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L
+
+#define SN_id_mod_crmf "id-mod-crmf"
+#define NID_id_mod_crmf 273
+#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L
+
+#define SN_id_mod_cmc "id-mod-cmc"
+#define NID_id_mod_cmc 274
+#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L
+
+#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88"
+#define NID_id_mod_kea_profile_88 275
+#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L
+
+#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93"
+#define NID_id_mod_kea_profile_93 276
+#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L
+
+#define SN_id_mod_cmp "id-mod-cmp"
+#define NID_id_mod_cmp 277
+#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L
+
+#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88"
+#define NID_id_mod_qualified_cert_88 278
+#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L
+
+#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93"
+#define NID_id_mod_qualified_cert_93 279
+#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L
+
+#define SN_id_mod_attribute_cert "id-mod-attribute-cert"
+#define NID_id_mod_attribute_cert 280
+#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L
+
+#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol"
+#define NID_id_mod_timestamp_protocol 281
+#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L
+
+#define SN_id_mod_ocsp "id-mod-ocsp"
+#define NID_id_mod_ocsp 282
+#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L
+
+#define SN_id_mod_dvcs "id-mod-dvcs"
+#define NID_id_mod_dvcs 283
+#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L
+
+#define SN_id_mod_cmp2000 "id-mod-cmp2000"
+#define NID_id_mod_cmp2000 284
+#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L
+
+#define SN_info_access "authorityInfoAccess"
+#define LN_info_access "Authority Information Access"
+#define NID_info_access 177
+#define OBJ_info_access OBJ_id_pe,1L
+
+#define SN_biometricInfo "biometricInfo"
+#define LN_biometricInfo "Biometric Info"
+#define NID_biometricInfo 285
+#define OBJ_biometricInfo OBJ_id_pe,2L
+
+#define SN_qcStatements "qcStatements"
+#define NID_qcStatements 286
+#define OBJ_qcStatements OBJ_id_pe,3L
+
+#define SN_ac_auditEntity "ac-auditEntity"
+#define NID_ac_auditEntity 287
+#define OBJ_ac_auditEntity OBJ_id_pe,4L
+
+#define SN_ac_targeting "ac-targeting"
+#define NID_ac_targeting 288
+#define OBJ_ac_targeting OBJ_id_pe,5L
+
+#define SN_aaControls "aaControls"
+#define NID_aaControls 289
+#define OBJ_aaControls OBJ_id_pe,6L
+
+#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock"
+#define NID_sbgp_ipAddrBlock 290
+#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L
+
+#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum"
+#define NID_sbgp_autonomousSysNum 291
+#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L
+
+#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier"
+#define NID_sbgp_routerIdentifier 292
+#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L
+
+#define SN_ac_proxying "ac-proxying"
+#define NID_ac_proxying 397
+#define OBJ_ac_proxying OBJ_id_pe,10L
+
+#define SN_sinfo_access "subjectInfoAccess"
+#define LN_sinfo_access "Subject Information Access"
+#define NID_sinfo_access 398
+#define OBJ_sinfo_access OBJ_id_pe,11L
+
+#define SN_proxyCertInfo "proxyCertInfo"
+#define LN_proxyCertInfo "Proxy Certificate Information"
+#define NID_proxyCertInfo 663
+#define OBJ_proxyCertInfo OBJ_id_pe,14L
+
+#define SN_id_qt_cps "id-qt-cps"
+#define LN_id_qt_cps "Policy Qualifier CPS"
+#define NID_id_qt_cps 164
+#define OBJ_id_qt_cps OBJ_id_qt,1L
+
+#define SN_id_qt_unotice "id-qt-unotice"
+#define LN_id_qt_unotice "Policy Qualifier User Notice"
+#define NID_id_qt_unotice 165
+#define OBJ_id_qt_unotice OBJ_id_qt,2L
+
+#define SN_textNotice "textNotice"
+#define NID_textNotice 293
+#define OBJ_textNotice OBJ_id_qt,3L
+
+#define SN_server_auth "serverAuth"
+#define LN_server_auth "TLS Web Server Authentication"
+#define NID_server_auth 129
+#define OBJ_server_auth OBJ_id_kp,1L
+
+#define SN_client_auth "clientAuth"
+#define LN_client_auth "TLS Web Client Authentication"
+#define NID_client_auth 130
+#define OBJ_client_auth OBJ_id_kp,2L
+
+#define SN_code_sign "codeSigning"
+#define LN_code_sign "Code Signing"
+#define NID_code_sign 131
+#define OBJ_code_sign OBJ_id_kp,3L
+
+#define SN_email_protect "emailProtection"
+#define LN_email_protect "E-mail Protection"
+#define NID_email_protect 132
+#define OBJ_email_protect OBJ_id_kp,4L
+
+#define SN_ipsecEndSystem "ipsecEndSystem"
+#define LN_ipsecEndSystem "IPSec End System"
+#define NID_ipsecEndSystem 294
+#define OBJ_ipsecEndSystem OBJ_id_kp,5L
+
+#define SN_ipsecTunnel "ipsecTunnel"
+#define LN_ipsecTunnel "IPSec Tunnel"
+#define NID_ipsecTunnel 295
+#define OBJ_ipsecTunnel OBJ_id_kp,6L
+
+#define SN_ipsecUser "ipsecUser"
+#define LN_ipsecUser "IPSec User"
+#define NID_ipsecUser 296
+#define OBJ_ipsecUser OBJ_id_kp,7L
+
+#define SN_time_stamp "timeStamping"
+#define LN_time_stamp "Time Stamping"
+#define NID_time_stamp 133
+#define OBJ_time_stamp OBJ_id_kp,8L
+
+#define SN_OCSP_sign "OCSPSigning"
+#define LN_OCSP_sign "OCSP Signing"
+#define NID_OCSP_sign 180
+#define OBJ_OCSP_sign OBJ_id_kp,9L
+
+#define SN_dvcs "DVCS"
+#define LN_dvcs "dvcs"
+#define NID_dvcs 297
+#define OBJ_dvcs OBJ_id_kp,10L
+
+#define SN_id_it_caProtEncCert "id-it-caProtEncCert"
+#define NID_id_it_caProtEncCert 298
+#define OBJ_id_it_caProtEncCert OBJ_id_it,1L
+
+#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes"
+#define NID_id_it_signKeyPairTypes 299
+#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L
+
+#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes"
+#define NID_id_it_encKeyPairTypes 300
+#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L
+
+#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg"
+#define NID_id_it_preferredSymmAlg 301
+#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L
+
+#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo"
+#define NID_id_it_caKeyUpdateInfo 302
+#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L
+
+#define SN_id_it_currentCRL "id-it-currentCRL"
+#define NID_id_it_currentCRL 303
+#define OBJ_id_it_currentCRL OBJ_id_it,6L
+
+#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs"
+#define NID_id_it_unsupportedOIDs 304
+#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L
+
+#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest"
+#define NID_id_it_subscriptionRequest 305
+#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L
+
+#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse"
+#define NID_id_it_subscriptionResponse 306
+#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L
+
+#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq"
+#define NID_id_it_keyPairParamReq 307
+#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L
+
+#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep"
+#define NID_id_it_keyPairParamRep 308
+#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L
+
+#define SN_id_it_revPassphrase "id-it-revPassphrase"
+#define NID_id_it_revPassphrase 309
+#define OBJ_id_it_revPassphrase OBJ_id_it,12L
+
+#define SN_id_it_implicitConfirm "id-it-implicitConfirm"
+#define NID_id_it_implicitConfirm 310
+#define OBJ_id_it_implicitConfirm OBJ_id_it,13L
+
+#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime"
+#define NID_id_it_confirmWaitTime 311
+#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L
+
+#define SN_id_it_origPKIMessage "id-it-origPKIMessage"
+#define NID_id_it_origPKIMessage 312
+#define OBJ_id_it_origPKIMessage OBJ_id_it,15L
+
+#define SN_id_it_suppLangTags "id-it-suppLangTags"
+#define NID_id_it_suppLangTags 784
+#define OBJ_id_it_suppLangTags OBJ_id_it,16L
+
+#define SN_id_regCtrl "id-regCtrl"
+#define NID_id_regCtrl 313
+#define OBJ_id_regCtrl OBJ_id_pkip,1L
+
+#define SN_id_regInfo "id-regInfo"
+#define NID_id_regInfo 314
+#define OBJ_id_regInfo OBJ_id_pkip,2L
+
+#define SN_id_regCtrl_regToken "id-regCtrl-regToken"
+#define NID_id_regCtrl_regToken 315
+#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L
+
+#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator"
+#define NID_id_regCtrl_authenticator 316
+#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L
+
+#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo"
+#define NID_id_regCtrl_pkiPublicationInfo 317
+#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L
+
+#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions"
+#define NID_id_regCtrl_pkiArchiveOptions 318
+#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L
+
+#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID"
+#define NID_id_regCtrl_oldCertID 319
+#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L
+
+#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey"
+#define NID_id_regCtrl_protocolEncrKey 320
+#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L
+
+#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs"
+#define NID_id_regInfo_utf8Pairs 321
+#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L
+
+#define SN_id_regInfo_certReq "id-regInfo-certReq"
+#define NID_id_regInfo_certReq 322
+#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L
+
+#define SN_id_alg_des40 "id-alg-des40"
+#define NID_id_alg_des40 323
+#define OBJ_id_alg_des40 OBJ_id_alg,1L
+
+#define SN_id_alg_noSignature "id-alg-noSignature"
+#define NID_id_alg_noSignature 324
+#define OBJ_id_alg_noSignature OBJ_id_alg,2L
+
+#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1"
+#define NID_id_alg_dh_sig_hmac_sha1 325
+#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L
+
+#define SN_id_alg_dh_pop "id-alg-dh-pop"
+#define NID_id_alg_dh_pop 326
+#define OBJ_id_alg_dh_pop OBJ_id_alg,4L
+
+#define SN_id_cmc_statusInfo "id-cmc-statusInfo"
+#define NID_id_cmc_statusInfo 327
+#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L
+
+#define SN_id_cmc_identification "id-cmc-identification"
+#define NID_id_cmc_identification 328
+#define OBJ_id_cmc_identification OBJ_id_cmc,2L
+
+#define SN_id_cmc_identityProof "id-cmc-identityProof"
+#define NID_id_cmc_identityProof 329
+#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L
+
+#define SN_id_cmc_dataReturn "id-cmc-dataReturn"
+#define NID_id_cmc_dataReturn 330
+#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L
+
+#define SN_id_cmc_transactionId "id-cmc-transactionId"
+#define NID_id_cmc_transactionId 331
+#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L
+
+#define SN_id_cmc_senderNonce "id-cmc-senderNonce"
+#define NID_id_cmc_senderNonce 332
+#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L
+
+#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce"
+#define NID_id_cmc_recipientNonce 333
+#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L
+
+#define SN_id_cmc_addExtensions "id-cmc-addExtensions"
+#define NID_id_cmc_addExtensions 334
+#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L
+
+#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP"
+#define NID_id_cmc_encryptedPOP 335
+#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L
+
+#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP"
+#define NID_id_cmc_decryptedPOP 336
+#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L
+
+#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness"
+#define NID_id_cmc_lraPOPWitness 337
+#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L
+
+#define SN_id_cmc_getCert "id-cmc-getCert"
+#define NID_id_cmc_getCert 338
+#define OBJ_id_cmc_getCert OBJ_id_cmc,15L
+
+#define SN_id_cmc_getCRL "id-cmc-getCRL"
+#define NID_id_cmc_getCRL 339
+#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L
+
+#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest"
+#define NID_id_cmc_revokeRequest 340
+#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L
+
+#define SN_id_cmc_regInfo "id-cmc-regInfo"
+#define NID_id_cmc_regInfo 341
+#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L
+
+#define SN_id_cmc_responseInfo "id-cmc-responseInfo"
+#define NID_id_cmc_responseInfo 342
+#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L
+
+#define SN_id_cmc_queryPending "id-cmc-queryPending"
+#define NID_id_cmc_queryPending 343
+#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L
+
+#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom"
+#define NID_id_cmc_popLinkRandom 344
+#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L
+
+#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness"
+#define NID_id_cmc_popLinkWitness 345
+#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L
+
+#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance"
+#define NID_id_cmc_confirmCertAcceptance 346
+#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L
+
+#define SN_id_on_personalData "id-on-personalData"
+#define NID_id_on_personalData 347
+#define OBJ_id_on_personalData OBJ_id_on,1L
+
+#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier"
+#define LN_id_on_permanentIdentifier "Permanent Identifier"
+#define NID_id_on_permanentIdentifier 858
+#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L
+
+#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth"
+#define NID_id_pda_dateOfBirth 348
+#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L
+
+#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth"
+#define NID_id_pda_placeOfBirth 349
+#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L
+
+#define SN_id_pda_gender "id-pda-gender"
+#define NID_id_pda_gender 351
+#define OBJ_id_pda_gender OBJ_id_pda,3L
+
+#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship"
+#define NID_id_pda_countryOfCitizenship 352
+#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L
+
+#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence"
+#define NID_id_pda_countryOfResidence 353
+#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L
+
+#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo"
+#define NID_id_aca_authenticationInfo 354
+#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L
+
+#define SN_id_aca_accessIdentity "id-aca-accessIdentity"
+#define NID_id_aca_accessIdentity 355
+#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L
+
+#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity"
+#define NID_id_aca_chargingIdentity 356
+#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L
+
+#define SN_id_aca_group "id-aca-group"
+#define NID_id_aca_group 357
+#define OBJ_id_aca_group OBJ_id_aca,4L
+
+#define SN_id_aca_role "id-aca-role"
+#define NID_id_aca_role 358
+#define OBJ_id_aca_role OBJ_id_aca,5L
+
+#define SN_id_aca_encAttrs "id-aca-encAttrs"
+#define NID_id_aca_encAttrs 399
+#define OBJ_id_aca_encAttrs OBJ_id_aca,6L
+
+#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1"
+#define NID_id_qcs_pkixQCSyntax_v1 359
+#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L
+
+#define SN_id_cct_crs "id-cct-crs"
+#define NID_id_cct_crs 360
+#define OBJ_id_cct_crs OBJ_id_cct,1L
+
+#define SN_id_cct_PKIData "id-cct-PKIData"
+#define NID_id_cct_PKIData 361
+#define OBJ_id_cct_PKIData OBJ_id_cct,2L
+
+#define SN_id_cct_PKIResponse "id-cct-PKIResponse"
+#define NID_id_cct_PKIResponse 362
+#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L
+
+#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage"
+#define LN_id_ppl_anyLanguage "Any language"
+#define NID_id_ppl_anyLanguage 664
+#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L
+
+#define SN_id_ppl_inheritAll "id-ppl-inheritAll"
+#define LN_id_ppl_inheritAll "Inherit all"
+#define NID_id_ppl_inheritAll 665
+#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L
+
+#define SN_Independent "id-ppl-independent"
+#define LN_Independent "Independent"
+#define NID_Independent 667
+#define OBJ_Independent OBJ_id_ppl,2L
+
+#define SN_ad_OCSP "OCSP"
+#define LN_ad_OCSP "OCSP"
+#define NID_ad_OCSP 178
+#define OBJ_ad_OCSP OBJ_id_ad,1L
+
+#define SN_ad_ca_issuers "caIssuers"
+#define LN_ad_ca_issuers "CA Issuers"
+#define NID_ad_ca_issuers 179
+#define OBJ_ad_ca_issuers OBJ_id_ad,2L
+
+#define SN_ad_timeStamping "ad_timestamping"
+#define LN_ad_timeStamping "AD Time Stamping"
+#define NID_ad_timeStamping 363
+#define OBJ_ad_timeStamping OBJ_id_ad,3L
+
+#define SN_ad_dvcs "AD_DVCS"
+#define LN_ad_dvcs "ad dvcs"
+#define NID_ad_dvcs 364
+#define OBJ_ad_dvcs OBJ_id_ad,4L
+
+#define SN_caRepository "caRepository"
+#define LN_caRepository "CA Repository"
+#define NID_caRepository 785
+#define OBJ_caRepository OBJ_id_ad,5L
+
+#define OBJ_id_pkix_OCSP OBJ_ad_OCSP
+
+#define SN_id_pkix_OCSP_basic "basicOCSPResponse"
+#define LN_id_pkix_OCSP_basic "Basic OCSP Response"
+#define NID_id_pkix_OCSP_basic 365
+#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L
+
+#define SN_id_pkix_OCSP_Nonce "Nonce"
+#define LN_id_pkix_OCSP_Nonce "OCSP Nonce"
+#define NID_id_pkix_OCSP_Nonce 366
+#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L
+
+#define SN_id_pkix_OCSP_CrlID "CrlID"
+#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID"
+#define NID_id_pkix_OCSP_CrlID 367
+#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L
+
+#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses"
+#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses"
+#define NID_id_pkix_OCSP_acceptableResponses 368
+#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L
+
+#define SN_id_pkix_OCSP_noCheck "noCheck"
+#define LN_id_pkix_OCSP_noCheck "OCSP No Check"
+#define NID_id_pkix_OCSP_noCheck 369
+#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L
+
+#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff"
+#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff"
+#define NID_id_pkix_OCSP_archiveCutoff 370
+#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L
+
+#define SN_id_pkix_OCSP_serviceLocator "serviceLocator"
+#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator"
+#define NID_id_pkix_OCSP_serviceLocator 371
+#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L
+
+#define SN_id_pkix_OCSP_extendedStatus "extendedStatus"
+#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status"
+#define NID_id_pkix_OCSP_extendedStatus 372
+#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L
+
+#define SN_id_pkix_OCSP_valid "valid"
+#define NID_id_pkix_OCSP_valid 373
+#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L
+
+#define SN_id_pkix_OCSP_path "path"
+#define NID_id_pkix_OCSP_path 374
+#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L
+
+#define SN_id_pkix_OCSP_trustRoot "trustRoot"
+#define LN_id_pkix_OCSP_trustRoot "Trust Root"
+#define NID_id_pkix_OCSP_trustRoot 375
+#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L
+
+#define SN_algorithm "algorithm"
+#define LN_algorithm "algorithm"
+#define NID_algorithm 376
+#define OBJ_algorithm 1L,3L,14L,3L,2L
+
+#define SN_md5WithRSA "RSA-NP-MD5"
+#define LN_md5WithRSA "md5WithRSA"
+#define NID_md5WithRSA 104
+#define OBJ_md5WithRSA OBJ_algorithm,3L
+
+#define SN_des_ecb "DES-ECB"
+#define LN_des_ecb "des-ecb"
+#define NID_des_ecb 29
+#define OBJ_des_ecb OBJ_algorithm,6L
+
+#define SN_des_cbc "DES-CBC"
+#define LN_des_cbc "des-cbc"
+#define NID_des_cbc 31
+#define OBJ_des_cbc OBJ_algorithm,7L
+
+#define SN_des_ofb64 "DES-OFB"
+#define LN_des_ofb64 "des-ofb"
+#define NID_des_ofb64 45
+#define OBJ_des_ofb64 OBJ_algorithm,8L
+
+#define SN_des_cfb64 "DES-CFB"
+#define LN_des_cfb64 "des-cfb"
+#define NID_des_cfb64 30
+#define OBJ_des_cfb64 OBJ_algorithm,9L
+
+#define SN_rsaSignature "rsaSignature"
+#define NID_rsaSignature 377
+#define OBJ_rsaSignature OBJ_algorithm,11L
+
+#define SN_dsa_2 "DSA-old"
+#define LN_dsa_2 "dsaEncryption-old"
+#define NID_dsa_2 67
+#define OBJ_dsa_2 OBJ_algorithm,12L
+
+#define SN_dsaWithSHA "DSA-SHA"
+#define LN_dsaWithSHA "dsaWithSHA"
+#define NID_dsaWithSHA 66
+#define OBJ_dsaWithSHA OBJ_algorithm,13L
+
+#define SN_shaWithRSAEncryption "RSA-SHA"
+#define LN_shaWithRSAEncryption "shaWithRSAEncryption"
+#define NID_shaWithRSAEncryption 42
+#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L
+
+#define SN_des_ede_ecb "DES-EDE"
+#define LN_des_ede_ecb "des-ede"
+#define NID_des_ede_ecb 32
+#define OBJ_des_ede_ecb OBJ_algorithm,17L
+
+#define SN_des_ede3_ecb "DES-EDE3"
+#define LN_des_ede3_ecb "des-ede3"
+#define NID_des_ede3_ecb 33
+
+#define SN_des_ede_cbc "DES-EDE-CBC"
+#define LN_des_ede_cbc "des-ede-cbc"
+#define NID_des_ede_cbc 43
+
+#define SN_des_ede_cfb64 "DES-EDE-CFB"
+#define LN_des_ede_cfb64 "des-ede-cfb"
+#define NID_des_ede_cfb64 60
+
+#define SN_des_ede3_cfb64 "DES-EDE3-CFB"
+#define LN_des_ede3_cfb64 "des-ede3-cfb"
+#define NID_des_ede3_cfb64 61
+
+#define SN_des_ede_ofb64 "DES-EDE-OFB"
+#define LN_des_ede_ofb64 "des-ede-ofb"
+#define NID_des_ede_ofb64 62
+
+#define SN_des_ede3_ofb64 "DES-EDE3-OFB"
+#define LN_des_ede3_ofb64 "des-ede3-ofb"
+#define NID_des_ede3_ofb64 63
+
+#define SN_desx_cbc "DESX-CBC"
+#define LN_desx_cbc "desx-cbc"
+#define NID_desx_cbc 80
+
+#define SN_sha "SHA"
+#define LN_sha "sha"
+#define NID_sha 41
+#define OBJ_sha OBJ_algorithm,18L
+
+#define SN_sha1 "SHA1"
+#define LN_sha1 "sha1"
+#define NID_sha1 64
+#define OBJ_sha1 OBJ_algorithm,26L
+
+#define SN_dsaWithSHA1_2 "DSA-SHA1-old"
+#define LN_dsaWithSHA1_2 "dsaWithSHA1-old"
+#define NID_dsaWithSHA1_2 70
+#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L
+
+#define SN_sha1WithRSA "RSA-SHA1-2"
+#define LN_sha1WithRSA "sha1WithRSA"
+#define NID_sha1WithRSA 115
+#define OBJ_sha1WithRSA OBJ_algorithm,29L
+
+#define SN_ripemd160 "RIPEMD160"
+#define LN_ripemd160 "ripemd160"
+#define NID_ripemd160 117
+#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L
+
+#define SN_ripemd160WithRSA "RSA-RIPEMD160"
+#define LN_ripemd160WithRSA "ripemd160WithRSA"
+#define NID_ripemd160WithRSA 119
+#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L
+
+#define SN_sxnet "SXNetID"
+#define LN_sxnet "Strong Extranet ID"
+#define NID_sxnet 143
+#define OBJ_sxnet 1L,3L,101L,1L,4L,1L
+
+#define SN_X500 "X500"
+#define LN_X500 "directory services (X.500)"
+#define NID_X500 11
+#define OBJ_X500 2L,5L
+
+#define SN_X509 "X509"
+#define NID_X509 12
+#define OBJ_X509 OBJ_X500,4L
+
+#define SN_commonName "CN"
+#define LN_commonName "commonName"
+#define NID_commonName 13
+#define OBJ_commonName OBJ_X509,3L
+
+#define SN_surname "SN"
+#define LN_surname "surname"
+#define NID_surname 100
+#define OBJ_surname OBJ_X509,4L
+
+#define LN_serialNumber "serialNumber"
+#define NID_serialNumber 105
+#define OBJ_serialNumber OBJ_X509,5L
+
+#define SN_countryName "C"
+#define LN_countryName "countryName"
+#define NID_countryName 14
+#define OBJ_countryName OBJ_X509,6L
+
+#define SN_localityName "L"
+#define LN_localityName "localityName"
+#define NID_localityName 15
+#define OBJ_localityName OBJ_X509,7L
+
+#define SN_stateOrProvinceName "ST"
+#define LN_stateOrProvinceName "stateOrProvinceName"
+#define NID_stateOrProvinceName 16
+#define OBJ_stateOrProvinceName OBJ_X509,8L
+
+#define SN_streetAddress "street"
+#define LN_streetAddress "streetAddress"
+#define NID_streetAddress 660
+#define OBJ_streetAddress OBJ_X509,9L
+
+#define SN_organizationName "O"
+#define LN_organizationName "organizationName"
+#define NID_organizationName 17
+#define OBJ_organizationName OBJ_X509,10L
+
+#define SN_organizationalUnitName "OU"
+#define LN_organizationalUnitName "organizationalUnitName"
+#define NID_organizationalUnitName 18
+#define OBJ_organizationalUnitName OBJ_X509,11L
+
+#define SN_title "title"
+#define LN_title "title"
+#define NID_title 106
+#define OBJ_title OBJ_X509,12L
+
+#define LN_description "description"
+#define NID_description 107
+#define OBJ_description OBJ_X509,13L
+
+#define LN_searchGuide "searchGuide"
+#define NID_searchGuide 859
+#define OBJ_searchGuide OBJ_X509,14L
+
+#define LN_businessCategory "businessCategory"
+#define NID_businessCategory 860
+#define OBJ_businessCategory OBJ_X509,15L
+
+#define LN_postalAddress "postalAddress"
+#define NID_postalAddress 861
+#define OBJ_postalAddress OBJ_X509,16L
+
+#define LN_postalCode "postalCode"
+#define NID_postalCode 661
+#define OBJ_postalCode OBJ_X509,17L
+
+#define LN_postOfficeBox "postOfficeBox"
+#define NID_postOfficeBox 862
+#define OBJ_postOfficeBox OBJ_X509,18L
+
+#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName"
+#define NID_physicalDeliveryOfficeName 863
+#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L
+
+#define LN_telephoneNumber "telephoneNumber"
+#define NID_telephoneNumber 864
+#define OBJ_telephoneNumber OBJ_X509,20L
+
+#define LN_telexNumber "telexNumber"
+#define NID_telexNumber 865
+#define OBJ_telexNumber OBJ_X509,21L
+
+#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier"
+#define NID_teletexTerminalIdentifier 866
+#define OBJ_teletexTerminalIdentifier OBJ_X509,22L
+
+#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber"
+#define NID_facsimileTelephoneNumber 867
+#define OBJ_facsimileTelephoneNumber OBJ_X509,23L
+
+#define LN_x121Address "x121Address"
+#define NID_x121Address 868
+#define OBJ_x121Address OBJ_X509,24L
+
+#define LN_internationaliSDNNumber "internationaliSDNNumber"
+#define NID_internationaliSDNNumber 869
+#define OBJ_internationaliSDNNumber OBJ_X509,25L
+
+#define LN_registeredAddress "registeredAddress"
+#define NID_registeredAddress 870
+#define OBJ_registeredAddress OBJ_X509,26L
+
+#define LN_destinationIndicator "destinationIndicator"
+#define NID_destinationIndicator 871
+#define OBJ_destinationIndicator OBJ_X509,27L
+
+#define LN_preferredDeliveryMethod "preferredDeliveryMethod"
+#define NID_preferredDeliveryMethod 872
+#define OBJ_preferredDeliveryMethod OBJ_X509,28L
+
+#define LN_presentationAddress "presentationAddress"
+#define NID_presentationAddress 873
+#define OBJ_presentationAddress OBJ_X509,29L
+
+#define LN_supportedApplicationContext "supportedApplicationContext"
+#define NID_supportedApplicationContext 874
+#define OBJ_supportedApplicationContext OBJ_X509,30L
+
+#define SN_member "member"
+#define NID_member 875
+#define OBJ_member OBJ_X509,31L
+
+#define SN_owner "owner"
+#define NID_owner 876
+#define OBJ_owner OBJ_X509,32L
+
+#define LN_roleOccupant "roleOccupant"
+#define NID_roleOccupant 877
+#define OBJ_roleOccupant OBJ_X509,33L
+
+#define SN_seeAlso "seeAlso"
+#define NID_seeAlso 878
+#define OBJ_seeAlso OBJ_X509,34L
+
+#define LN_userPassword "userPassword"
+#define NID_userPassword 879
+#define OBJ_userPassword OBJ_X509,35L
+
+#define LN_userCertificate "userCertificate"
+#define NID_userCertificate 880
+#define OBJ_userCertificate OBJ_X509,36L
+
+#define LN_cACertificate "cACertificate"
+#define NID_cACertificate 881
+#define OBJ_cACertificate OBJ_X509,37L
+
+#define LN_authorityRevocationList "authorityRevocationList"
+#define NID_authorityRevocationList 882
+#define OBJ_authorityRevocationList OBJ_X509,38L
+
+#define LN_certificateRevocationList "certificateRevocationList"
+#define NID_certificateRevocationList 883
+#define OBJ_certificateRevocationList OBJ_X509,39L
+
+#define LN_crossCertificatePair "crossCertificatePair"
+#define NID_crossCertificatePair 884
+#define OBJ_crossCertificatePair OBJ_X509,40L
+
+#define SN_name "name"
+#define LN_name "name"
+#define NID_name 173
+#define OBJ_name OBJ_X509,41L
+
+#define SN_givenName "GN"
+#define LN_givenName "givenName"
+#define NID_givenName 99
+#define OBJ_givenName OBJ_X509,42L
+
+#define SN_initials "initials"
+#define LN_initials "initials"
+#define NID_initials 101
+#define OBJ_initials OBJ_X509,43L
+
+#define LN_generationQualifier "generationQualifier"
+#define NID_generationQualifier 509
+#define OBJ_generationQualifier OBJ_X509,44L
+
+#define LN_x500UniqueIdentifier "x500UniqueIdentifier"
+#define NID_x500UniqueIdentifier 503
+#define OBJ_x500UniqueIdentifier OBJ_X509,45L
+
+#define SN_dnQualifier "dnQualifier"
+#define LN_dnQualifier "dnQualifier"
+#define NID_dnQualifier 174
+#define OBJ_dnQualifier OBJ_X509,46L
+
+#define LN_enhancedSearchGuide "enhancedSearchGuide"
+#define NID_enhancedSearchGuide 885
+#define OBJ_enhancedSearchGuide OBJ_X509,47L
+
+#define LN_protocolInformation "protocolInformation"
+#define NID_protocolInformation 886
+#define OBJ_protocolInformation OBJ_X509,48L
+
+#define LN_distinguishedName "distinguishedName"
+#define NID_distinguishedName 887
+#define OBJ_distinguishedName OBJ_X509,49L
+
+#define LN_uniqueMember "uniqueMember"
+#define NID_uniqueMember 888
+#define OBJ_uniqueMember OBJ_X509,50L
+
+#define LN_houseIdentifier "houseIdentifier"
+#define NID_houseIdentifier 889
+#define OBJ_houseIdentifier OBJ_X509,51L
+
+#define LN_supportedAlgorithms "supportedAlgorithms"
+#define NID_supportedAlgorithms 890
+#define OBJ_supportedAlgorithms OBJ_X509,52L
+
+#define LN_deltaRevocationList "deltaRevocationList"
+#define NID_deltaRevocationList 891
+#define OBJ_deltaRevocationList OBJ_X509,53L
+
+#define SN_dmdName "dmdName"
+#define NID_dmdName 892
+#define OBJ_dmdName OBJ_X509,54L
+
+#define LN_pseudonym "pseudonym"
+#define NID_pseudonym 510
+#define OBJ_pseudonym OBJ_X509,65L
+
+#define SN_role "role"
+#define LN_role "role"
+#define NID_role 400
+#define OBJ_role OBJ_X509,72L
+
+#define SN_X500algorithms "X500algorithms"
+#define LN_X500algorithms "directory services - algorithms"
+#define NID_X500algorithms 378
+#define OBJ_X500algorithms OBJ_X500,8L
+
+#define SN_rsa "RSA"
+#define LN_rsa "rsa"
+#define NID_rsa 19
+#define OBJ_rsa OBJ_X500algorithms,1L,1L
+
+#define SN_mdc2WithRSA "RSA-MDC2"
+#define LN_mdc2WithRSA "mdc2WithRSA"
+#define NID_mdc2WithRSA 96
+#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L
+
+#define SN_mdc2 "MDC2"
+#define LN_mdc2 "mdc2"
+#define NID_mdc2 95
+#define OBJ_mdc2 OBJ_X500algorithms,3L,101L
+
+#define SN_id_ce "id-ce"
+#define NID_id_ce 81
+#define OBJ_id_ce OBJ_X500,29L
+
+#define SN_subject_directory_attributes "subjectDirectoryAttributes"
+#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes"
+#define NID_subject_directory_attributes 769
+#define OBJ_subject_directory_attributes OBJ_id_ce,9L
+
+#define SN_subject_key_identifier "subjectKeyIdentifier"
+#define LN_subject_key_identifier "X509v3 Subject Key Identifier"
+#define NID_subject_key_identifier 82
+#define OBJ_subject_key_identifier OBJ_id_ce,14L
+
+#define SN_key_usage "keyUsage"
+#define LN_key_usage "X509v3 Key Usage"
+#define NID_key_usage 83
+#define OBJ_key_usage OBJ_id_ce,15L
+
+#define SN_private_key_usage_period "privateKeyUsagePeriod"
+#define LN_private_key_usage_period "X509v3 Private Key Usage Period"
+#define NID_private_key_usage_period 84
+#define OBJ_private_key_usage_period OBJ_id_ce,16L
+
+#define SN_subject_alt_name "subjectAltName"
+#define LN_subject_alt_name "X509v3 Subject Alternative Name"
+#define NID_subject_alt_name 85
+#define OBJ_subject_alt_name OBJ_id_ce,17L
+
+#define SN_issuer_alt_name "issuerAltName"
+#define LN_issuer_alt_name "X509v3 Issuer Alternative Name"
+#define NID_issuer_alt_name 86
+#define OBJ_issuer_alt_name OBJ_id_ce,18L
+
+#define SN_basic_constraints "basicConstraints"
+#define LN_basic_constraints "X509v3 Basic Constraints"
+#define NID_basic_constraints 87
+#define OBJ_basic_constraints OBJ_id_ce,19L
+
+#define SN_crl_number "crlNumber"
+#define LN_crl_number "X509v3 CRL Number"
+#define NID_crl_number 88
+#define OBJ_crl_number OBJ_id_ce,20L
+
+#define SN_crl_reason "CRLReason"
+#define LN_crl_reason "X509v3 CRL Reason Code"
+#define NID_crl_reason 141
+#define OBJ_crl_reason OBJ_id_ce,21L
+
+#define SN_invalidity_date "invalidityDate"
+#define LN_invalidity_date "Invalidity Date"
+#define NID_invalidity_date 142
+#define OBJ_invalidity_date OBJ_id_ce,24L
+
+#define SN_delta_crl "deltaCRL"
+#define LN_delta_crl "X509v3 Delta CRL Indicator"
+#define NID_delta_crl 140
+#define OBJ_delta_crl OBJ_id_ce,27L
+
+#define SN_issuing_distribution_point "issuingDistributionPoint"
+#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point"
+#define NID_issuing_distribution_point 770
+#define OBJ_issuing_distribution_point OBJ_id_ce,28L
+
+#define SN_certificate_issuer "certificateIssuer"
+#define LN_certificate_issuer "X509v3 Certificate Issuer"
+#define NID_certificate_issuer 771
+#define OBJ_certificate_issuer OBJ_id_ce,29L
+
+#define SN_name_constraints "nameConstraints"
+#define LN_name_constraints "X509v3 Name Constraints"
+#define NID_name_constraints 666
+#define OBJ_name_constraints OBJ_id_ce,30L
+
+#define SN_crl_distribution_points "crlDistributionPoints"
+#define LN_crl_distribution_points "X509v3 CRL Distribution Points"
+#define NID_crl_distribution_points 103
+#define OBJ_crl_distribution_points OBJ_id_ce,31L
+
+#define SN_certificate_policies "certificatePolicies"
+#define LN_certificate_policies "X509v3 Certificate Policies"
+#define NID_certificate_policies 89
+#define OBJ_certificate_policies OBJ_id_ce,32L
+
+#define SN_any_policy "anyPolicy"
+#define LN_any_policy "X509v3 Any Policy"
+#define NID_any_policy 746
+#define OBJ_any_policy OBJ_certificate_policies,0L
+
+#define SN_policy_mappings "policyMappings"
+#define LN_policy_mappings "X509v3 Policy Mappings"
+#define NID_policy_mappings 747
+#define OBJ_policy_mappings OBJ_id_ce,33L
+
+#define SN_authority_key_identifier "authorityKeyIdentifier"
+#define LN_authority_key_identifier "X509v3 Authority Key Identifier"
+#define NID_authority_key_identifier 90
+#define OBJ_authority_key_identifier OBJ_id_ce,35L
+
+#define SN_policy_constraints "policyConstraints"
+#define LN_policy_constraints "X509v3 Policy Constraints"
+#define NID_policy_constraints 401
+#define OBJ_policy_constraints OBJ_id_ce,36L
+
+#define SN_ext_key_usage "extendedKeyUsage"
+#define LN_ext_key_usage "X509v3 Extended Key Usage"
+#define NID_ext_key_usage 126
+#define OBJ_ext_key_usage OBJ_id_ce,37L
+
+#define SN_freshest_crl "freshestCRL"
+#define LN_freshest_crl "X509v3 Freshest CRL"
+#define NID_freshest_crl 857
+#define OBJ_freshest_crl OBJ_id_ce,46L
+
+#define SN_inhibit_any_policy "inhibitAnyPolicy"
+#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy"
+#define NID_inhibit_any_policy 748
+#define OBJ_inhibit_any_policy OBJ_id_ce,54L
+
+#define SN_target_information "targetInformation"
+#define LN_target_information "X509v3 AC Targeting"
+#define NID_target_information 402
+#define OBJ_target_information OBJ_id_ce,55L
+
+#define SN_no_rev_avail "noRevAvail"
+#define LN_no_rev_avail "X509v3 No Revocation Available"
+#define NID_no_rev_avail 403
+#define OBJ_no_rev_avail OBJ_id_ce,56L
+
+#define SN_netscape "Netscape"
+#define LN_netscape "Netscape Communications Corp."
+#define NID_netscape 57
+#define OBJ_netscape 2L,16L,840L,1L,113730L
+
+#define SN_netscape_cert_extension "nsCertExt"
+#define LN_netscape_cert_extension "Netscape Certificate Extension"
+#define NID_netscape_cert_extension 58
+#define OBJ_netscape_cert_extension OBJ_netscape,1L
+
+#define SN_netscape_data_type "nsDataType"
+#define LN_netscape_data_type "Netscape Data Type"
+#define NID_netscape_data_type 59
+#define OBJ_netscape_data_type OBJ_netscape,2L
+
+#define SN_netscape_cert_type "nsCertType"
+#define LN_netscape_cert_type "Netscape Cert Type"
+#define NID_netscape_cert_type 71
+#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L
+
+#define SN_netscape_base_url "nsBaseUrl"
+#define LN_netscape_base_url "Netscape Base Url"
+#define NID_netscape_base_url 72
+#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L
+
+#define SN_netscape_revocation_url "nsRevocationUrl"
+#define LN_netscape_revocation_url "Netscape Revocation Url"
+#define NID_netscape_revocation_url 73
+#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L
+
+#define SN_netscape_ca_revocation_url "nsCaRevocationUrl"
+#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url"
+#define NID_netscape_ca_revocation_url 74
+#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L
+
+#define SN_netscape_renewal_url "nsRenewalUrl"
+#define LN_netscape_renewal_url "Netscape Renewal Url"
+#define NID_netscape_renewal_url 75
+#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L
+
+#define SN_netscape_ca_policy_url "nsCaPolicyUrl"
+#define LN_netscape_ca_policy_url "Netscape CA Policy Url"
+#define NID_netscape_ca_policy_url 76
+#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L
+
+#define SN_netscape_ssl_server_name "nsSslServerName"
+#define LN_netscape_ssl_server_name "Netscape SSL Server Name"
+#define NID_netscape_ssl_server_name 77
+#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L
+
+#define SN_netscape_comment "nsComment"
+#define LN_netscape_comment "Netscape Comment"
+#define NID_netscape_comment 78
+#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L
+
+#define SN_netscape_cert_sequence "nsCertSequence"
+#define LN_netscape_cert_sequence "Netscape Certificate Sequence"
+#define NID_netscape_cert_sequence 79
+#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L
+
+#define SN_ns_sgc "nsSGC"
+#define LN_ns_sgc "Netscape Server Gated Crypto"
+#define NID_ns_sgc 139
+#define OBJ_ns_sgc OBJ_netscape,4L,1L
+
+#define SN_org "ORG"
+#define LN_org "org"
+#define NID_org 379
+#define OBJ_org OBJ_iso,3L
+
+#define SN_dod "DOD"
+#define LN_dod "dod"
+#define NID_dod 380
+#define OBJ_dod OBJ_org,6L
+
+#define SN_iana "IANA"
+#define LN_iana "iana"
+#define NID_iana 381
+#define OBJ_iana OBJ_dod,1L
+
+#define OBJ_internet OBJ_iana
+
+#define SN_Directory "directory"
+#define LN_Directory "Directory"
+#define NID_Directory 382
+#define OBJ_Directory OBJ_internet,1L
+
+#define SN_Management "mgmt"
+#define LN_Management "Management"
+#define NID_Management 383
+#define OBJ_Management OBJ_internet,2L
+
+#define SN_Experimental "experimental"
+#define LN_Experimental "Experimental"
+#define NID_Experimental 384
+#define OBJ_Experimental OBJ_internet,3L
+
+#define SN_Private "private"
+#define LN_Private "Private"
+#define NID_Private 385
+#define OBJ_Private OBJ_internet,4L
+
+#define SN_Security "security"
+#define LN_Security "Security"
+#define NID_Security 386
+#define OBJ_Security OBJ_internet,5L
+
+#define SN_SNMPv2 "snmpv2"
+#define LN_SNMPv2 "SNMPv2"
+#define NID_SNMPv2 387
+#define OBJ_SNMPv2 OBJ_internet,6L
+
+#define LN_Mail "Mail"
+#define NID_Mail 388
+#define OBJ_Mail OBJ_internet,7L
+
+#define SN_Enterprises "enterprises"
+#define LN_Enterprises "Enterprises"
+#define NID_Enterprises 389
+#define OBJ_Enterprises OBJ_Private,1L
+
+#define SN_dcObject "dcobject"
+#define LN_dcObject "dcObject"
+#define NID_dcObject 390
+#define OBJ_dcObject OBJ_Enterprises,1466L,344L
+
+#define SN_mime_mhs "mime-mhs"
+#define LN_mime_mhs "MIME MHS"
+#define NID_mime_mhs 504
+#define OBJ_mime_mhs OBJ_Mail,1L
+
+#define SN_mime_mhs_headings "mime-mhs-headings"
+#define LN_mime_mhs_headings "mime-mhs-headings"
+#define NID_mime_mhs_headings 505
+#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L
+
+#define SN_mime_mhs_bodies "mime-mhs-bodies"
+#define LN_mime_mhs_bodies "mime-mhs-bodies"
+#define NID_mime_mhs_bodies 506
+#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L
+
+#define SN_id_hex_partial_message "id-hex-partial-message"
+#define LN_id_hex_partial_message "id-hex-partial-message"
+#define NID_id_hex_partial_message 507
+#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L
+
+#define SN_id_hex_multipart_message "id-hex-multipart-message"
+#define LN_id_hex_multipart_message "id-hex-multipart-message"
+#define NID_id_hex_multipart_message 508
+#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L
+
+#define SN_rle_compression "RLE"
+#define LN_rle_compression "run length compression"
+#define NID_rle_compression 124
+#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L
+
+#define SN_zlib_compression "ZLIB"
+#define LN_zlib_compression "zlib compression"
+#define NID_zlib_compression 125
+#define OBJ_zlib_compression OBJ_id_smime_alg,8L
+
+#define OBJ_csor 2L,16L,840L,1L,101L,3L
+
+#define OBJ_nistAlgorithms OBJ_csor,4L
+
+#define OBJ_aes OBJ_nistAlgorithms,1L
+
+#define SN_aes_128_ecb "AES-128-ECB"
+#define LN_aes_128_ecb "aes-128-ecb"
+#define NID_aes_128_ecb 418
+#define OBJ_aes_128_ecb OBJ_aes,1L
+
+#define SN_aes_128_cbc "AES-128-CBC"
+#define LN_aes_128_cbc "aes-128-cbc"
+#define NID_aes_128_cbc 419
+#define OBJ_aes_128_cbc OBJ_aes,2L
+
+#define SN_aes_128_ofb128 "AES-128-OFB"
+#define LN_aes_128_ofb128 "aes-128-ofb"
+#define NID_aes_128_ofb128 420
+#define OBJ_aes_128_ofb128 OBJ_aes,3L
+
+#define SN_aes_128_cfb128 "AES-128-CFB"
+#define LN_aes_128_cfb128 "aes-128-cfb"
+#define NID_aes_128_cfb128 421
+#define OBJ_aes_128_cfb128 OBJ_aes,4L
+
+#define SN_aes_192_ecb "AES-192-ECB"
+#define LN_aes_192_ecb "aes-192-ecb"
+#define NID_aes_192_ecb 422
+#define OBJ_aes_192_ecb OBJ_aes,21L
+
+#define SN_aes_192_cbc "AES-192-CBC"
+#define LN_aes_192_cbc "aes-192-cbc"
+#define NID_aes_192_cbc 423
+#define OBJ_aes_192_cbc OBJ_aes,22L
+
+#define SN_aes_192_ofb128 "AES-192-OFB"
+#define LN_aes_192_ofb128 "aes-192-ofb"
+#define NID_aes_192_ofb128 424
+#define OBJ_aes_192_ofb128 OBJ_aes,23L
+
+#define SN_aes_192_cfb128 "AES-192-CFB"
+#define LN_aes_192_cfb128 "aes-192-cfb"
+#define NID_aes_192_cfb128 425
+#define OBJ_aes_192_cfb128 OBJ_aes,24L
+
+#define SN_aes_256_ecb "AES-256-ECB"
+#define LN_aes_256_ecb "aes-256-ecb"
+#define NID_aes_256_ecb 426
+#define OBJ_aes_256_ecb OBJ_aes,41L
+
+#define SN_aes_256_cbc "AES-256-CBC"
+#define LN_aes_256_cbc "aes-256-cbc"
+#define NID_aes_256_cbc 427
+#define OBJ_aes_256_cbc OBJ_aes,42L
+
+#define SN_aes_256_ofb128 "AES-256-OFB"
+#define LN_aes_256_ofb128 "aes-256-ofb"
+#define NID_aes_256_ofb128 428
+#define OBJ_aes_256_ofb128 OBJ_aes,43L
+
+#define SN_aes_256_cfb128 "AES-256-CFB"
+#define LN_aes_256_cfb128 "aes-256-cfb"
+#define NID_aes_256_cfb128 429
+#define OBJ_aes_256_cfb128 OBJ_aes,44L
+
+#define SN_aes_128_cfb1 "AES-128-CFB1"
+#define LN_aes_128_cfb1 "aes-128-cfb1"
+#define NID_aes_128_cfb1 650
+
+#define SN_aes_192_cfb1 "AES-192-CFB1"
+#define LN_aes_192_cfb1 "aes-192-cfb1"
+#define NID_aes_192_cfb1 651
+
+#define SN_aes_256_cfb1 "AES-256-CFB1"
+#define LN_aes_256_cfb1 "aes-256-cfb1"
+#define NID_aes_256_cfb1 652
+
+#define SN_aes_128_cfb8 "AES-128-CFB8"
+#define LN_aes_128_cfb8 "aes-128-cfb8"
+#define NID_aes_128_cfb8 653
+
+#define SN_aes_192_cfb8 "AES-192-CFB8"
+#define LN_aes_192_cfb8 "aes-192-cfb8"
+#define NID_aes_192_cfb8 654
+
+#define SN_aes_256_cfb8 "AES-256-CFB8"
+#define LN_aes_256_cfb8 "aes-256-cfb8"
+#define NID_aes_256_cfb8 655
+
+#define SN_des_cfb1 "DES-CFB1"
+#define LN_des_cfb1 "des-cfb1"
+#define NID_des_cfb1 656
+
+#define SN_des_cfb8 "DES-CFB8"
+#define LN_des_cfb8 "des-cfb8"
+#define NID_des_cfb8 657
+
+#define SN_des_ede3_cfb1 "DES-EDE3-CFB1"
+#define LN_des_ede3_cfb1 "des-ede3-cfb1"
+#define NID_des_ede3_cfb1 658
+
+#define SN_des_ede3_cfb8 "DES-EDE3-CFB8"
+#define LN_des_ede3_cfb8 "des-ede3-cfb8"
+#define NID_des_ede3_cfb8 659
+
+#define SN_id_aes128_wrap "id-aes128-wrap"
+#define NID_id_aes128_wrap 788
+#define OBJ_id_aes128_wrap OBJ_aes,5L
+
+#define SN_id_aes192_wrap "id-aes192-wrap"
+#define NID_id_aes192_wrap 789
+#define OBJ_id_aes192_wrap OBJ_aes,25L
+
+#define SN_id_aes256_wrap "id-aes256-wrap"
+#define NID_id_aes256_wrap 790
+#define OBJ_id_aes256_wrap OBJ_aes,45L
+
+#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L
+
+#define SN_sha256 "SHA256"
+#define LN_sha256 "sha256"
+#define NID_sha256 672
+#define OBJ_sha256 OBJ_nist_hashalgs,1L
+
+#define SN_sha384 "SHA384"
+#define LN_sha384 "sha384"
+#define NID_sha384 673
+#define OBJ_sha384 OBJ_nist_hashalgs,2L
+
+#define SN_sha512 "SHA512"
+#define LN_sha512 "sha512"
+#define NID_sha512 674
+#define OBJ_sha512 OBJ_nist_hashalgs,3L
+
+#define SN_sha224 "SHA224"
+#define LN_sha224 "sha224"
+#define NID_sha224 675
+#define OBJ_sha224 OBJ_nist_hashalgs,4L
+
+#define OBJ_dsa_with_sha2 OBJ_nistAlgorithms,3L
+
+#define SN_dsa_with_SHA224 "dsa_with_SHA224"
+#define NID_dsa_with_SHA224 802
+#define OBJ_dsa_with_SHA224 OBJ_dsa_with_sha2,1L
+
+#define SN_dsa_with_SHA256 "dsa_with_SHA256"
+#define NID_dsa_with_SHA256 803
+#define OBJ_dsa_with_SHA256 OBJ_dsa_with_sha2,2L
+
+#define SN_hold_instruction_code "holdInstructionCode"
+#define LN_hold_instruction_code "Hold Instruction Code"
+#define NID_hold_instruction_code 430
+#define OBJ_hold_instruction_code OBJ_id_ce,23L
+
+#define OBJ_holdInstruction OBJ_X9_57,2L
+
+#define SN_hold_instruction_none "holdInstructionNone"
+#define LN_hold_instruction_none "Hold Instruction None"
+#define NID_hold_instruction_none 431
+#define OBJ_hold_instruction_none OBJ_holdInstruction,1L
+
+#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer"
+#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer"
+#define NID_hold_instruction_call_issuer 432
+#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L
+
+#define SN_hold_instruction_reject "holdInstructionReject"
+#define LN_hold_instruction_reject "Hold Instruction Reject"
+#define NID_hold_instruction_reject 433
+#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L
+
+#define SN_data "data"
+#define NID_data 434
+#define OBJ_data OBJ_itu_t,9L
+
+#define SN_pss "pss"
+#define NID_pss 435
+#define OBJ_pss OBJ_data,2342L
+
+#define SN_ucl "ucl"
+#define NID_ucl 436
+#define OBJ_ucl OBJ_pss,19200300L
+
+#define SN_pilot "pilot"
+#define NID_pilot 437
+#define OBJ_pilot OBJ_ucl,100L
+
+#define LN_pilotAttributeType "pilotAttributeType"
+#define NID_pilotAttributeType 438
+#define OBJ_pilotAttributeType OBJ_pilot,1L
+
+#define LN_pilotAttributeSyntax "pilotAttributeSyntax"
+#define NID_pilotAttributeSyntax 439
+#define OBJ_pilotAttributeSyntax OBJ_pilot,3L
+
+#define LN_pilotObjectClass "pilotObjectClass"
+#define NID_pilotObjectClass 440
+#define OBJ_pilotObjectClass OBJ_pilot,4L
+
+#define LN_pilotGroups "pilotGroups"
+#define NID_pilotGroups 441
+#define OBJ_pilotGroups OBJ_pilot,10L
+
+#define LN_iA5StringSyntax "iA5StringSyntax"
+#define NID_iA5StringSyntax 442
+#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L
+
+#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax"
+#define NID_caseIgnoreIA5StringSyntax 443
+#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L
+
+#define LN_pilotObject "pilotObject"
+#define NID_pilotObject 444
+#define OBJ_pilotObject OBJ_pilotObjectClass,3L
+
+#define LN_pilotPerson "pilotPerson"
+#define NID_pilotPerson 445
+#define OBJ_pilotPerson OBJ_pilotObjectClass,4L
+
+#define SN_account "account"
+#define NID_account 446
+#define OBJ_account OBJ_pilotObjectClass,5L
+
+#define SN_document "document"
+#define NID_document 447
+#define OBJ_document OBJ_pilotObjectClass,6L
+
+#define SN_room "room"
+#define NID_room 448
+#define OBJ_room OBJ_pilotObjectClass,7L
+
+#define LN_documentSeries "documentSeries"
+#define NID_documentSeries 449
+#define OBJ_documentSeries OBJ_pilotObjectClass,9L
+
+#define SN_Domain "domain"
+#define LN_Domain "Domain"
+#define NID_Domain 392
+#define OBJ_Domain OBJ_pilotObjectClass,13L
+
+#define LN_rFC822localPart "rFC822localPart"
+#define NID_rFC822localPart 450
+#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L
+
+#define LN_dNSDomain "dNSDomain"
+#define NID_dNSDomain 451
+#define OBJ_dNSDomain OBJ_pilotObjectClass,15L
+
+#define LN_domainRelatedObject "domainRelatedObject"
+#define NID_domainRelatedObject 452
+#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L
+
+#define LN_friendlyCountry "friendlyCountry"
+#define NID_friendlyCountry 453
+#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L
+
+#define LN_simpleSecurityObject "simpleSecurityObject"
+#define NID_simpleSecurityObject 454
+#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L
+
+#define LN_pilotOrganization "pilotOrganization"
+#define NID_pilotOrganization 455
+#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L
+
+#define LN_pilotDSA "pilotDSA"
+#define NID_pilotDSA 456
+#define OBJ_pilotDSA OBJ_pilotObjectClass,21L
+
+#define LN_qualityLabelledData "qualityLabelledData"
+#define NID_qualityLabelledData 457
+#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L
+
+#define SN_userId "UID"
+#define LN_userId "userId"
+#define NID_userId 458
+#define OBJ_userId OBJ_pilotAttributeType,1L
+
+#define LN_textEncodedORAddress "textEncodedORAddress"
+#define NID_textEncodedORAddress 459
+#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L
+
+#define SN_rfc822Mailbox "mail"
+#define LN_rfc822Mailbox "rfc822Mailbox"
+#define NID_rfc822Mailbox 460
+#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L
+
+#define SN_info "info"
+#define NID_info 461
+#define OBJ_info OBJ_pilotAttributeType,4L
+
+#define LN_favouriteDrink "favouriteDrink"
+#define NID_favouriteDrink 462
+#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L
+
+#define LN_roomNumber "roomNumber"
+#define NID_roomNumber 463
+#define OBJ_roomNumber OBJ_pilotAttributeType,6L
+
+#define SN_photo "photo"
+#define NID_photo 464
+#define OBJ_photo OBJ_pilotAttributeType,7L
+
+#define LN_userClass "userClass"
+#define NID_userClass 465
+#define OBJ_userClass OBJ_pilotAttributeType,8L
+
+#define SN_host "host"
+#define NID_host 466
+#define OBJ_host OBJ_pilotAttributeType,9L
+
+#define SN_manager "manager"
+#define NID_manager 467
+#define OBJ_manager OBJ_pilotAttributeType,10L
+
+#define LN_documentIdentifier "documentIdentifier"
+#define NID_documentIdentifier 468
+#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L
+
+#define LN_documentTitle "documentTitle"
+#define NID_documentTitle 469
+#define OBJ_documentTitle OBJ_pilotAttributeType,12L
+
+#define LN_documentVersion "documentVersion"
+#define NID_documentVersion 470
+#define OBJ_documentVersion OBJ_pilotAttributeType,13L
+
+#define LN_documentAuthor "documentAuthor"
+#define NID_documentAuthor 471
+#define OBJ_documentAuthor OBJ_pilotAttributeType,14L
+
+#define LN_documentLocation "documentLocation"
+#define NID_documentLocation 472
+#define OBJ_documentLocation OBJ_pilotAttributeType,15L
+
+#define LN_homeTelephoneNumber "homeTelephoneNumber"
+#define NID_homeTelephoneNumber 473
+#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L
+
+#define SN_secretary "secretary"
+#define NID_secretary 474
+#define OBJ_secretary OBJ_pilotAttributeType,21L
+
+#define LN_otherMailbox "otherMailbox"
+#define NID_otherMailbox 475
+#define OBJ_otherMailbox OBJ_pilotAttributeType,22L
+
+#define LN_lastModifiedTime "lastModifiedTime"
+#define NID_lastModifiedTime 476
+#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L
+
+#define LN_lastModifiedBy "lastModifiedBy"
+#define NID_lastModifiedBy 477
+#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L
+
+#define SN_domainComponent "DC"
+#define LN_domainComponent "domainComponent"
+#define NID_domainComponent 391
+#define OBJ_domainComponent OBJ_pilotAttributeType,25L
+
+#define LN_aRecord "aRecord"
+#define NID_aRecord 478
+#define OBJ_aRecord OBJ_pilotAttributeType,26L
+
+#define LN_pilotAttributeType27 "pilotAttributeType27"
+#define NID_pilotAttributeType27 479
+#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L
+
+#define LN_mXRecord "mXRecord"
+#define NID_mXRecord 480
+#define OBJ_mXRecord OBJ_pilotAttributeType,28L
+
+#define LN_nSRecord "nSRecord"
+#define NID_nSRecord 481
+#define OBJ_nSRecord OBJ_pilotAttributeType,29L
+
+#define LN_sOARecord "sOARecord"
+#define NID_sOARecord 482
+#define OBJ_sOARecord OBJ_pilotAttributeType,30L
+
+#define LN_cNAMERecord "cNAMERecord"
+#define NID_cNAMERecord 483
+#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L
+
+#define LN_associatedDomain "associatedDomain"
+#define NID_associatedDomain 484
+#define OBJ_associatedDomain OBJ_pilotAttributeType,37L
+
+#define LN_associatedName "associatedName"
+#define NID_associatedName 485
+#define OBJ_associatedName OBJ_pilotAttributeType,38L
+
+#define LN_homePostalAddress "homePostalAddress"
+#define NID_homePostalAddress 486
+#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L
+
+#define LN_personalTitle "personalTitle"
+#define NID_personalTitle 487
+#define OBJ_personalTitle OBJ_pilotAttributeType,40L
+
+#define LN_mobileTelephoneNumber "mobileTelephoneNumber"
+#define NID_mobileTelephoneNumber 488
+#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L
+
+#define LN_pagerTelephoneNumber "pagerTelephoneNumber"
+#define NID_pagerTelephoneNumber 489
+#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L
+
+#define LN_friendlyCountryName "friendlyCountryName"
+#define NID_friendlyCountryName 490
+#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L
+
+#define LN_organizationalStatus "organizationalStatus"
+#define NID_organizationalStatus 491
+#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L
+
+#define LN_janetMailbox "janetMailbox"
+#define NID_janetMailbox 492
+#define OBJ_janetMailbox OBJ_pilotAttributeType,46L
+
+#define LN_mailPreferenceOption "mailPreferenceOption"
+#define NID_mailPreferenceOption 493
+#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L
+
+#define LN_buildingName "buildingName"
+#define NID_buildingName 494
+#define OBJ_buildingName OBJ_pilotAttributeType,48L
+
+#define LN_dSAQuality "dSAQuality"
+#define NID_dSAQuality 495
+#define OBJ_dSAQuality OBJ_pilotAttributeType,49L
+
+#define LN_singleLevelQuality "singleLevelQuality"
+#define NID_singleLevelQuality 496
+#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L
+
+#define LN_subtreeMinimumQuality "subtreeMinimumQuality"
+#define NID_subtreeMinimumQuality 497
+#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L
+
+#define LN_subtreeMaximumQuality "subtreeMaximumQuality"
+#define NID_subtreeMaximumQuality 498
+#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L
+
+#define LN_personalSignature "personalSignature"
+#define NID_personalSignature 499
+#define OBJ_personalSignature OBJ_pilotAttributeType,53L
+
+#define LN_dITRedirect "dITRedirect"
+#define NID_dITRedirect 500
+#define OBJ_dITRedirect OBJ_pilotAttributeType,54L
+
+#define SN_audio "audio"
+#define NID_audio 501
+#define OBJ_audio OBJ_pilotAttributeType,55L
+
+#define LN_documentPublisher "documentPublisher"
+#define NID_documentPublisher 502
+#define OBJ_documentPublisher OBJ_pilotAttributeType,56L
+
+#define SN_id_set "id-set"
+#define LN_id_set "Secure Electronic Transactions"
+#define NID_id_set 512
+#define OBJ_id_set OBJ_international_organizations,42L
+
+#define SN_set_ctype "set-ctype"
+#define LN_set_ctype "content types"
+#define NID_set_ctype 513
+#define OBJ_set_ctype OBJ_id_set,0L
+
+#define SN_set_msgExt "set-msgExt"
+#define LN_set_msgExt "message extensions"
+#define NID_set_msgExt 514
+#define OBJ_set_msgExt OBJ_id_set,1L
+
+#define SN_set_attr "set-attr"
+#define NID_set_attr 515
+#define OBJ_set_attr OBJ_id_set,3L
+
+#define SN_set_policy "set-policy"
+#define NID_set_policy 516
+#define OBJ_set_policy OBJ_id_set,5L
+
+#define SN_set_certExt "set-certExt"
+#define LN_set_certExt "certificate extensions"
+#define NID_set_certExt 517
+#define OBJ_set_certExt OBJ_id_set,7L
+
+#define SN_set_brand "set-brand"
+#define NID_set_brand 518
+#define OBJ_set_brand OBJ_id_set,8L
+
+#define SN_setct_PANData "setct-PANData"
+#define NID_setct_PANData 519
+#define OBJ_setct_PANData OBJ_set_ctype,0L
+
+#define SN_setct_PANToken "setct-PANToken"
+#define NID_setct_PANToken 520
+#define OBJ_setct_PANToken OBJ_set_ctype,1L
+
+#define SN_setct_PANOnly "setct-PANOnly"
+#define NID_setct_PANOnly 521
+#define OBJ_setct_PANOnly OBJ_set_ctype,2L
+
+#define SN_setct_OIData "setct-OIData"
+#define NID_setct_OIData 522
+#define OBJ_setct_OIData OBJ_set_ctype,3L
+
+#define SN_setct_PI "setct-PI"
+#define NID_setct_PI 523
+#define OBJ_setct_PI OBJ_set_ctype,4L
+
+#define SN_setct_PIData "setct-PIData"
+#define NID_setct_PIData 524
+#define OBJ_setct_PIData OBJ_set_ctype,5L
+
+#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned"
+#define NID_setct_PIDataUnsigned 525
+#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L
+
+#define SN_setct_HODInput "setct-HODInput"
+#define NID_setct_HODInput 526
+#define OBJ_setct_HODInput OBJ_set_ctype,7L
+
+#define SN_setct_AuthResBaggage "setct-AuthResBaggage"
+#define NID_setct_AuthResBaggage 527
+#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L
+
+#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage"
+#define NID_setct_AuthRevReqBaggage 528
+#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L
+
+#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage"
+#define NID_setct_AuthRevResBaggage 529
+#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L
+
+#define SN_setct_CapTokenSeq "setct-CapTokenSeq"
+#define NID_setct_CapTokenSeq 530
+#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L
+
+#define SN_setct_PInitResData "setct-PInitResData"
+#define NID_setct_PInitResData 531
+#define OBJ_setct_PInitResData OBJ_set_ctype,12L
+
+#define SN_setct_PI_TBS "setct-PI-TBS"
+#define NID_setct_PI_TBS 532
+#define OBJ_setct_PI_TBS OBJ_set_ctype,13L
+
+#define SN_setct_PResData "setct-PResData"
+#define NID_setct_PResData 533
+#define OBJ_setct_PResData OBJ_set_ctype,14L
+
+#define SN_setct_AuthReqTBS "setct-AuthReqTBS"
+#define NID_setct_AuthReqTBS 534
+#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L
+
+#define SN_setct_AuthResTBS "setct-AuthResTBS"
+#define NID_setct_AuthResTBS 535
+#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L
+
+#define SN_setct_AuthResTBSX "setct-AuthResTBSX"
+#define NID_setct_AuthResTBSX 536
+#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L
+
+#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS"
+#define NID_setct_AuthTokenTBS 537
+#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L
+
+#define SN_setct_CapTokenData "setct-CapTokenData"
+#define NID_setct_CapTokenData 538
+#define OBJ_setct_CapTokenData OBJ_set_ctype,20L
+
+#define SN_setct_CapTokenTBS "setct-CapTokenTBS"
+#define NID_setct_CapTokenTBS 539
+#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L
+
+#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg"
+#define NID_setct_AcqCardCodeMsg 540
+#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L
+
+#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS"
+#define NID_setct_AuthRevReqTBS 541
+#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L
+
+#define SN_setct_AuthRevResData "setct-AuthRevResData"
+#define NID_setct_AuthRevResData 542
+#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L
+
+#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS"
+#define NID_setct_AuthRevResTBS 543
+#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L
+
+#define SN_setct_CapReqTBS "setct-CapReqTBS"
+#define NID_setct_CapReqTBS 544
+#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L
+
+#define SN_setct_CapReqTBSX "setct-CapReqTBSX"
+#define NID_setct_CapReqTBSX 545
+#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L
+
+#define SN_setct_CapResData "setct-CapResData"
+#define NID_setct_CapResData 546
+#define OBJ_setct_CapResData OBJ_set_ctype,28L
+
+#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS"
+#define NID_setct_CapRevReqTBS 547
+#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L
+
+#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX"
+#define NID_setct_CapRevReqTBSX 548
+#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L
+
+#define SN_setct_CapRevResData "setct-CapRevResData"
+#define NID_setct_CapRevResData 549
+#define OBJ_setct_CapRevResData OBJ_set_ctype,31L
+
+#define SN_setct_CredReqTBS "setct-CredReqTBS"
+#define NID_setct_CredReqTBS 550
+#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L
+
+#define SN_setct_CredReqTBSX "setct-CredReqTBSX"
+#define NID_setct_CredReqTBSX 551
+#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L
+
+#define SN_setct_CredResData "setct-CredResData"
+#define NID_setct_CredResData 552
+#define OBJ_setct_CredResData OBJ_set_ctype,34L
+
+#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS"
+#define NID_setct_CredRevReqTBS 553
+#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L
+
+#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX"
+#define NID_setct_CredRevReqTBSX 554
+#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L
+
+#define SN_setct_CredRevResData "setct-CredRevResData"
+#define NID_setct_CredRevResData 555
+#define OBJ_setct_CredRevResData OBJ_set_ctype,37L
+
+#define SN_setct_PCertReqData "setct-PCertReqData"
+#define NID_setct_PCertReqData 556
+#define OBJ_setct_PCertReqData OBJ_set_ctype,38L
+
+#define SN_setct_PCertResTBS "setct-PCertResTBS"
+#define NID_setct_PCertResTBS 557
+#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L
+
+#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData"
+#define NID_setct_BatchAdminReqData 558
+#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L
+
+#define SN_setct_BatchAdminResData "setct-BatchAdminResData"
+#define NID_setct_BatchAdminResData 559
+#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L
+
+#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS"
+#define NID_setct_CardCInitResTBS 560
+#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L
+
+#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS"
+#define NID_setct_MeAqCInitResTBS 561
+#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L
+
+#define SN_setct_RegFormResTBS "setct-RegFormResTBS"
+#define NID_setct_RegFormResTBS 562
+#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L
+
+#define SN_setct_CertReqData "setct-CertReqData"
+#define NID_setct_CertReqData 563
+#define OBJ_setct_CertReqData OBJ_set_ctype,45L
+
+#define SN_setct_CertReqTBS "setct-CertReqTBS"
+#define NID_setct_CertReqTBS 564
+#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L
+
+#define SN_setct_CertResData "setct-CertResData"
+#define NID_setct_CertResData 565
+#define OBJ_setct_CertResData OBJ_set_ctype,47L
+
+#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS"
+#define NID_setct_CertInqReqTBS 566
+#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L
+
+#define SN_setct_ErrorTBS "setct-ErrorTBS"
+#define NID_setct_ErrorTBS 567
+#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L
+
+#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE"
+#define NID_setct_PIDualSignedTBE 568
+#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L
+
+#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE"
+#define NID_setct_PIUnsignedTBE 569
+#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L
+
+#define SN_setct_AuthReqTBE "setct-AuthReqTBE"
+#define NID_setct_AuthReqTBE 570
+#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L
+
+#define SN_setct_AuthResTBE "setct-AuthResTBE"
+#define NID_setct_AuthResTBE 571
+#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L
+
+#define SN_setct_AuthResTBEX "setct-AuthResTBEX"
+#define NID_setct_AuthResTBEX 572
+#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L
+
+#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE"
+#define NID_setct_AuthTokenTBE 573
+#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L
+
+#define SN_setct_CapTokenTBE "setct-CapTokenTBE"
+#define NID_setct_CapTokenTBE 574
+#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L
+
+#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX"
+#define NID_setct_CapTokenTBEX 575
+#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L
+
+#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE"
+#define NID_setct_AcqCardCodeMsgTBE 576
+#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L
+
+#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE"
+#define NID_setct_AuthRevReqTBE 577
+#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L
+
+#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE"
+#define NID_setct_AuthRevResTBE 578
+#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L
+
+#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB"
+#define NID_setct_AuthRevResTBEB 579
+#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L
+
+#define SN_setct_CapReqTBE "setct-CapReqTBE"
+#define NID_setct_CapReqTBE 580
+#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L
+
+#define SN_setct_CapReqTBEX "setct-CapReqTBEX"
+#define NID_setct_CapReqTBEX 581
+#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L
+
+#define SN_setct_CapResTBE "setct-CapResTBE"
+#define NID_setct_CapResTBE 582
+#define OBJ_setct_CapResTBE OBJ_set_ctype,64L
+
+#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE"
+#define NID_setct_CapRevReqTBE 583
+#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L
+
+#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX"
+#define NID_setct_CapRevReqTBEX 584
+#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L
+
+#define SN_setct_CapRevResTBE "setct-CapRevResTBE"
+#define NID_setct_CapRevResTBE 585
+#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L
+
+#define SN_setct_CredReqTBE "setct-CredReqTBE"
+#define NID_setct_CredReqTBE 586
+#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L
+
+#define SN_setct_CredReqTBEX "setct-CredReqTBEX"
+#define NID_setct_CredReqTBEX 587
+#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L
+
+#define SN_setct_CredResTBE "setct-CredResTBE"
+#define NID_setct_CredResTBE 588
+#define OBJ_setct_CredResTBE OBJ_set_ctype,70L
+
+#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE"
+#define NID_setct_CredRevReqTBE 589
+#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L
+
+#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX"
+#define NID_setct_CredRevReqTBEX 590
+#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L
+
+#define SN_setct_CredRevResTBE "setct-CredRevResTBE"
+#define NID_setct_CredRevResTBE 591
+#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L
+
+#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE"
+#define NID_setct_BatchAdminReqTBE 592
+#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L
+
+#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE"
+#define NID_setct_BatchAdminResTBE 593
+#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L
+
+#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE"
+#define NID_setct_RegFormReqTBE 594
+#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L
+
+#define SN_setct_CertReqTBE "setct-CertReqTBE"
+#define NID_setct_CertReqTBE 595
+#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L
+
+#define SN_setct_CertReqTBEX "setct-CertReqTBEX"
+#define NID_setct_CertReqTBEX 596
+#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L
+
+#define SN_setct_CertResTBE "setct-CertResTBE"
+#define NID_setct_CertResTBE 597
+#define OBJ_setct_CertResTBE OBJ_set_ctype,79L
+
+#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS"
+#define NID_setct_CRLNotificationTBS 598
+#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L
+
+#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS"
+#define NID_setct_CRLNotificationResTBS 599
+#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L
+
+#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS"
+#define NID_setct_BCIDistributionTBS 600
+#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L
+
+#define SN_setext_genCrypt "setext-genCrypt"
+#define LN_setext_genCrypt "generic cryptogram"
+#define NID_setext_genCrypt 601
+#define OBJ_setext_genCrypt OBJ_set_msgExt,1L
+
+#define SN_setext_miAuth "setext-miAuth"
+#define LN_setext_miAuth "merchant initiated auth"
+#define NID_setext_miAuth 602
+#define OBJ_setext_miAuth OBJ_set_msgExt,3L
+
+#define SN_setext_pinSecure "setext-pinSecure"
+#define NID_setext_pinSecure 603
+#define OBJ_setext_pinSecure OBJ_set_msgExt,4L
+
+#define SN_setext_pinAny "setext-pinAny"
+#define NID_setext_pinAny 604
+#define OBJ_setext_pinAny OBJ_set_msgExt,5L
+
+#define SN_setext_track2 "setext-track2"
+#define NID_setext_track2 605
+#define OBJ_setext_track2 OBJ_set_msgExt,7L
+
+#define SN_setext_cv "setext-cv"
+#define LN_setext_cv "additional verification"
+#define NID_setext_cv 606
+#define OBJ_setext_cv OBJ_set_msgExt,8L
+
+#define SN_set_policy_root "set-policy-root"
+#define NID_set_policy_root 607
+#define OBJ_set_policy_root OBJ_set_policy,0L
+
+#define SN_setCext_hashedRoot "setCext-hashedRoot"
+#define NID_setCext_hashedRoot 608
+#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L
+
+#define SN_setCext_certType "setCext-certType"
+#define NID_setCext_certType 609
+#define OBJ_setCext_certType OBJ_set_certExt,1L
+
+#define SN_setCext_merchData "setCext-merchData"
+#define NID_setCext_merchData 610
+#define OBJ_setCext_merchData OBJ_set_certExt,2L
+
+#define SN_setCext_cCertRequired "setCext-cCertRequired"
+#define NID_setCext_cCertRequired 611
+#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L
+
+#define SN_setCext_tunneling "setCext-tunneling"
+#define NID_setCext_tunneling 612
+#define OBJ_setCext_tunneling OBJ_set_certExt,4L
+
+#define SN_setCext_setExt "setCext-setExt"
+#define NID_setCext_setExt 613
+#define OBJ_setCext_setExt OBJ_set_certExt,5L
+
+#define SN_setCext_setQualf "setCext-setQualf"
+#define NID_setCext_setQualf 614
+#define OBJ_setCext_setQualf OBJ_set_certExt,6L
+
+#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities"
+#define NID_setCext_PGWYcapabilities 615
+#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L
+
+#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier"
+#define NID_setCext_TokenIdentifier 616
+#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L
+
+#define SN_setCext_Track2Data "setCext-Track2Data"
+#define NID_setCext_Track2Data 617
+#define OBJ_setCext_Track2Data OBJ_set_certExt,9L
+
+#define SN_setCext_TokenType "setCext-TokenType"
+#define NID_setCext_TokenType 618
+#define OBJ_setCext_TokenType OBJ_set_certExt,10L
+
+#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities"
+#define NID_setCext_IssuerCapabilities 619
+#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L
+
+#define SN_setAttr_Cert "setAttr-Cert"
+#define NID_setAttr_Cert 620
+#define OBJ_setAttr_Cert OBJ_set_attr,0L
+
+#define SN_setAttr_PGWYcap "setAttr-PGWYcap"
+#define LN_setAttr_PGWYcap "payment gateway capabilities"
+#define NID_setAttr_PGWYcap 621
+#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L
+
+#define SN_setAttr_TokenType "setAttr-TokenType"
+#define NID_setAttr_TokenType 622
+#define OBJ_setAttr_TokenType OBJ_set_attr,2L
+
+#define SN_setAttr_IssCap "setAttr-IssCap"
+#define LN_setAttr_IssCap "issuer capabilities"
+#define NID_setAttr_IssCap 623
+#define OBJ_setAttr_IssCap OBJ_set_attr,3L
+
+#define SN_set_rootKeyThumb "set-rootKeyThumb"
+#define NID_set_rootKeyThumb 624
+#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L
+
+#define SN_set_addPolicy "set-addPolicy"
+#define NID_set_addPolicy 625
+#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L
+
+#define SN_setAttr_Token_EMV "setAttr-Token-EMV"
+#define NID_setAttr_Token_EMV 626
+#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L
+
+#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime"
+#define NID_setAttr_Token_B0Prime 627
+#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L
+
+#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM"
+#define NID_setAttr_IssCap_CVM 628
+#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L
+
+#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2"
+#define NID_setAttr_IssCap_T2 629
+#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L
+
+#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig"
+#define NID_setAttr_IssCap_Sig 630
+#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L
+
+#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm"
+#define LN_setAttr_GenCryptgrm "generate cryptogram"
+#define NID_setAttr_GenCryptgrm 631
+#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L
+
+#define SN_setAttr_T2Enc "setAttr-T2Enc"
+#define LN_setAttr_T2Enc "encrypted track 2"
+#define NID_setAttr_T2Enc 632
+#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L
+
+#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt"
+#define LN_setAttr_T2cleartxt "cleartext track 2"
+#define NID_setAttr_T2cleartxt 633
+#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L
+
+#define SN_setAttr_TokICCsig "setAttr-TokICCsig"
+#define LN_setAttr_TokICCsig "ICC or token signature"
+#define NID_setAttr_TokICCsig 634
+#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L
+
+#define SN_setAttr_SecDevSig "setAttr-SecDevSig"
+#define LN_setAttr_SecDevSig "secure device signature"
+#define NID_setAttr_SecDevSig 635
+#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L
+
+#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA"
+#define NID_set_brand_IATA_ATA 636
+#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L
+
+#define SN_set_brand_Diners "set-brand-Diners"
+#define NID_set_brand_Diners 637
+#define OBJ_set_brand_Diners OBJ_set_brand,30L
+
+#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress"
+#define NID_set_brand_AmericanExpress 638
+#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L
+
+#define SN_set_brand_JCB "set-brand-JCB"
+#define NID_set_brand_JCB 639
+#define OBJ_set_brand_JCB OBJ_set_brand,35L
+
+#define SN_set_brand_Visa "set-brand-Visa"
+#define NID_set_brand_Visa 640
+#define OBJ_set_brand_Visa OBJ_set_brand,4L
+
+#define SN_set_brand_MasterCard "set-brand-MasterCard"
+#define NID_set_brand_MasterCard 641
+#define OBJ_set_brand_MasterCard OBJ_set_brand,5L
+
+#define SN_set_brand_Novus "set-brand-Novus"
+#define NID_set_brand_Novus 642
+#define OBJ_set_brand_Novus OBJ_set_brand,6011L
+
+#define SN_des_cdmf "DES-CDMF"
+#define LN_des_cdmf "des-cdmf"
+#define NID_des_cdmf 643
+#define OBJ_des_cdmf OBJ_rsadsi,3L,10L
+
+#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET"
+#define NID_rsaOAEPEncryptionSET 644
+#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L
+
+#define SN_ipsec3 "Oakley-EC2N-3"
+#define LN_ipsec3 "ipsec3"
+#define NID_ipsec3 749
+
+#define SN_ipsec4 "Oakley-EC2N-4"
+#define LN_ipsec4 "ipsec4"
+#define NID_ipsec4 750
+
+#define SN_whirlpool "whirlpool"
+#define NID_whirlpool 804
+#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L
+
+#define SN_cryptopro "cryptopro"
+#define NID_cryptopro 805
+#define OBJ_cryptopro OBJ_member_body,643L,2L,2L
+
+#define SN_cryptocom "cryptocom"
+#define NID_cryptocom 806
+#define OBJ_cryptocom OBJ_member_body,643L,2L,9L
+
+#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001"
+#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001"
+#define NID_id_GostR3411_94_with_GostR3410_2001 807
+#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L
+
+#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94"
+#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94"
+#define NID_id_GostR3411_94_with_GostR3410_94 808
+#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L
+
+#define SN_id_GostR3411_94 "md_gost94"
+#define LN_id_GostR3411_94 "GOST R 34.11-94"
+#define NID_id_GostR3411_94 809
+#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L
+
+#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94"
+#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94"
+#define NID_id_HMACGostR3411_94 810
+#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L
+
+#define SN_id_GostR3410_2001 "gost2001"
+#define LN_id_GostR3410_2001 "GOST R 34.10-2001"
+#define NID_id_GostR3410_2001 811
+#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L
+
+#define SN_id_GostR3410_94 "gost94"
+#define LN_id_GostR3410_94 "GOST R 34.10-94"
+#define NID_id_GostR3410_94 812
+#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L
+
+#define SN_id_Gost28147_89 "gost89"
+#define LN_id_Gost28147_89 "GOST 28147-89"
+#define NID_id_Gost28147_89 813
+#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L
+
+#define SN_gost89_cnt "gost89-cnt"
+#define NID_gost89_cnt 814
+
+#define SN_id_Gost28147_89_MAC "gost-mac"
+#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC"
+#define NID_id_Gost28147_89_MAC 815
+#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L
+
+#define SN_id_GostR3411_94_prf "prf-gostr3411-94"
+#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF"
+#define NID_id_GostR3411_94_prf 816
+#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L
+
+#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH"
+#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH"
+#define NID_id_GostR3410_2001DH 817
+#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L
+
+#define SN_id_GostR3410_94DH "id-GostR3410-94DH"
+#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH"
+#define NID_id_GostR3410_94DH 818
+#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L
+
+#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing"
+#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819
+#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L
+
+#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing"
+#define NID_id_Gost28147_89_None_KeyMeshing 820
+#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L
+
+#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet"
+#define NID_id_GostR3411_94_TestParamSet 821
+#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L
+
+#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet"
+#define NID_id_GostR3411_94_CryptoProParamSet 822
+#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L
+
+#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet"
+#define NID_id_Gost28147_89_TestParamSet 823
+#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L
+
+#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824
+#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L
+
+#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825
+#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L
+
+#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826
+#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L
+
+#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827
+#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L
+
+#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828
+#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L
+
+#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829
+#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L
+
+#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830
+#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L
+
+#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet"
+#define NID_id_GostR3410_94_TestParamSet 831
+#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L
+
+#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832
+#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L
+
+#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833
+#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L
+
+#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834
+#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L
+
+#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835
+#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L
+
+#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836
+#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L
+
+#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837
+#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L
+
+#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838
+#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L
+
+#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet"
+#define NID_id_GostR3410_2001_TestParamSet 839
+#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L
+
+#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840
+#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L
+
+#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841
+#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L
+
+#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842
+#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L
+
+#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843
+#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L
+
+#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844
+#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L
+
+#define SN_id_GostR3410_94_a "id-GostR3410-94-a"
+#define NID_id_GostR3410_94_a 845
+#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L
+
+#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis"
+#define NID_id_GostR3410_94_aBis 846
+#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L
+
+#define SN_id_GostR3410_94_b "id-GostR3410-94-b"
+#define NID_id_GostR3410_94_b 847
+#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L
+
+#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis"
+#define NID_id_GostR3410_94_bBis 848
+#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L
+
+#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc"
+#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet"
+#define NID_id_Gost28147_89_cc 849
+#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L
+
+#define SN_id_GostR3410_94_cc "gost94cc"
+#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom"
+#define NID_id_GostR3410_94_cc 850
+#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L
+
+#define SN_id_GostR3410_2001_cc "gost2001cc"
+#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom"
+#define NID_id_GostR3410_2001_cc 851
+#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L
+
+#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc"
+#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom"
+#define NID_id_GostR3411_94_with_GostR3410_94_cc 852
+#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L
+
+#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc"
+#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom"
+#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853
+#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L
+
+#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc"
+#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom"
+#define NID_id_GostR3410_2001_ParamSet_cc 854
+#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L
+
+#define SN_camellia_128_cbc "CAMELLIA-128-CBC"
+#define LN_camellia_128_cbc "camellia-128-cbc"
+#define NID_camellia_128_cbc 751
+#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L
+
+#define SN_camellia_192_cbc "CAMELLIA-192-CBC"
+#define LN_camellia_192_cbc "camellia-192-cbc"
+#define NID_camellia_192_cbc 752
+#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L
+
+#define SN_camellia_256_cbc "CAMELLIA-256-CBC"
+#define LN_camellia_256_cbc "camellia-256-cbc"
+#define NID_camellia_256_cbc 753
+#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L
+
+#define OBJ_ntt_ds 0L,3L,4401L,5L
+
+#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L
+
+#define SN_camellia_128_ecb "CAMELLIA-128-ECB"
+#define LN_camellia_128_ecb "camellia-128-ecb"
+#define NID_camellia_128_ecb 754
+#define OBJ_camellia_128_ecb OBJ_camellia,1L
+
+#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB"
+#define LN_camellia_128_ofb128 "camellia-128-ofb"
+#define NID_camellia_128_ofb128 766
+#define OBJ_camellia_128_ofb128 OBJ_camellia,3L
+
+#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB"
+#define LN_camellia_128_cfb128 "camellia-128-cfb"
+#define NID_camellia_128_cfb128 757
+#define OBJ_camellia_128_cfb128 OBJ_camellia,4L
+
+#define SN_camellia_192_ecb "CAMELLIA-192-ECB"
+#define LN_camellia_192_ecb "camellia-192-ecb"
+#define NID_camellia_192_ecb 755
+#define OBJ_camellia_192_ecb OBJ_camellia,21L
+
+#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB"
+#define LN_camellia_192_ofb128 "camellia-192-ofb"
+#define NID_camellia_192_ofb128 767
+#define OBJ_camellia_192_ofb128 OBJ_camellia,23L
+
+#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB"
+#define LN_camellia_192_cfb128 "camellia-192-cfb"
+#define NID_camellia_192_cfb128 758
+#define OBJ_camellia_192_cfb128 OBJ_camellia,24L
+
+#define SN_camellia_256_ecb "CAMELLIA-256-ECB"
+#define LN_camellia_256_ecb "camellia-256-ecb"
+#define NID_camellia_256_ecb 756
+#define OBJ_camellia_256_ecb OBJ_camellia,41L
+
+#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB"
+#define LN_camellia_256_ofb128 "camellia-256-ofb"
+#define NID_camellia_256_ofb128 768
+#define OBJ_camellia_256_ofb128 OBJ_camellia,43L
+
+#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB"
+#define LN_camellia_256_cfb128 "camellia-256-cfb"
+#define NID_camellia_256_cfb128 759
+#define OBJ_camellia_256_cfb128 OBJ_camellia,44L
+
+#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1"
+#define LN_camellia_128_cfb1 "camellia-128-cfb1"
+#define NID_camellia_128_cfb1 760
+
+#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1"
+#define LN_camellia_192_cfb1 "camellia-192-cfb1"
+#define NID_camellia_192_cfb1 761
+
+#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1"
+#define LN_camellia_256_cfb1 "camellia-256-cfb1"
+#define NID_camellia_256_cfb1 762
+
+#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8"
+#define LN_camellia_128_cfb8 "camellia-128-cfb8"
+#define NID_camellia_128_cfb8 763
+
+#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8"
+#define LN_camellia_192_cfb8 "camellia-192-cfb8"
+#define NID_camellia_192_cfb8 764
+
+#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8"
+#define LN_camellia_256_cfb8 "camellia-256-cfb8"
+#define NID_camellia_256_cfb8 765
+
+#define SN_kisa "KISA"
+#define LN_kisa "kisa"
+#define NID_kisa 773
+#define OBJ_kisa OBJ_member_body,410L,200004L
+
+#define SN_seed_ecb "SEED-ECB"
+#define LN_seed_ecb "seed-ecb"
+#define NID_seed_ecb 776
+#define OBJ_seed_ecb OBJ_kisa,1L,3L
+
+#define SN_seed_cbc "SEED-CBC"
+#define LN_seed_cbc "seed-cbc"
+#define NID_seed_cbc 777
+#define OBJ_seed_cbc OBJ_kisa,1L,4L
+
+#define SN_seed_cfb128 "SEED-CFB"
+#define LN_seed_cfb128 "seed-cfb"
+#define NID_seed_cfb128 779
+#define OBJ_seed_cfb128 OBJ_kisa,1L,5L
+
+#define SN_seed_ofb128 "SEED-OFB"
+#define LN_seed_ofb128 "seed-ofb"
+#define NID_seed_ofb128 778
+#define OBJ_seed_ofb128 OBJ_kisa,1L,6L
+
+#define SN_hmac "HMAC"
+#define LN_hmac "hmac"
+#define NID_hmac 855
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/objects/objects.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1049 +0,0 @@
-/* crypto/objects/objects.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_OBJECTS_H
-#define HEADER_OBJECTS_H
-
-#define USE_OBJ_MAC
-
-#ifdef USE_OBJ_MAC
-#include <openssl/obj_mac.h>
-#else
-#define SN_undef "UNDEF"
-#define LN_undef "undefined"
-#define NID_undef 0
-#define OBJ_undef 0L
-
-#define SN_Algorithm "Algorithm"
-#define LN_algorithm "algorithm"
-#define NID_algorithm 38
-#define OBJ_algorithm 1L,3L,14L,3L,2L
-
-#define LN_rsadsi "rsadsi"
-#define NID_rsadsi 1
-#define OBJ_rsadsi 1L,2L,840L,113549L
-
-#define LN_pkcs "pkcs"
-#define NID_pkcs 2
-#define OBJ_pkcs OBJ_rsadsi,1L
-
-#define SN_md2 "MD2"
-#define LN_md2 "md2"
-#define NID_md2 3
-#define OBJ_md2 OBJ_rsadsi,2L,2L
-
-#define SN_md5 "MD5"
-#define LN_md5 "md5"
-#define NID_md5 4
-#define OBJ_md5 OBJ_rsadsi,2L,5L
-
-#define SN_rc4 "RC4"
-#define LN_rc4 "rc4"
-#define NID_rc4 5
-#define OBJ_rc4 OBJ_rsadsi,3L,4L
-
-#define LN_rsaEncryption "rsaEncryption"
-#define NID_rsaEncryption 6
-#define OBJ_rsaEncryption OBJ_pkcs,1L,1L
-
-#define SN_md2WithRSAEncryption "RSA-MD2"
-#define LN_md2WithRSAEncryption "md2WithRSAEncryption"
-#define NID_md2WithRSAEncryption 7
-#define OBJ_md2WithRSAEncryption OBJ_pkcs,1L,2L
-
-#define SN_md5WithRSAEncryption "RSA-MD5"
-#define LN_md5WithRSAEncryption "md5WithRSAEncryption"
-#define NID_md5WithRSAEncryption 8
-#define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L
-
-#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES"
-#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC"
-#define NID_pbeWithMD2AndDES_CBC 9
-#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L
-
-#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES"
-#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC"
-#define NID_pbeWithMD5AndDES_CBC 10
-#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L
-
-#define LN_X500 "X500"
-#define NID_X500 11
-#define OBJ_X500 2L,5L
-
-#define LN_X509 "X509"
-#define NID_X509 12
-#define OBJ_X509 OBJ_X500,4L
-
-#define SN_commonName "CN"
-#define LN_commonName "commonName"
-#define NID_commonName 13
-#define OBJ_commonName OBJ_X509,3L
-
-#define SN_countryName "C"
-#define LN_countryName "countryName"
-#define NID_countryName 14
-#define OBJ_countryName OBJ_X509,6L
-
-#define SN_localityName "L"
-#define LN_localityName "localityName"
-#define NID_localityName 15
-#define OBJ_localityName OBJ_X509,7L
-
-/* Postal Address? PA */
-
-/* should be "ST" (rfc1327) but MS uses 'S' */
-#define SN_stateOrProvinceName "ST"
-#define LN_stateOrProvinceName "stateOrProvinceName"
-#define NID_stateOrProvinceName 16
-#define OBJ_stateOrProvinceName OBJ_X509,8L
-
-#define SN_organizationName "O"
-#define LN_organizationName "organizationName"
-#define NID_organizationName 17
-#define OBJ_organizationName OBJ_X509,10L
-
-#define SN_organizationalUnitName "OU"
-#define LN_organizationalUnitName "organizationalUnitName"
-#define NID_organizationalUnitName 18
-#define OBJ_organizationalUnitName OBJ_X509,11L
-
-#define SN_rsa "RSA"
-#define LN_rsa "rsa"
-#define NID_rsa 19
-#define OBJ_rsa OBJ_X500,8L,1L,1L
-
-#define LN_pkcs7 "pkcs7"
-#define NID_pkcs7 20
-#define OBJ_pkcs7 OBJ_pkcs,7L
-
-#define LN_pkcs7_data "pkcs7-data"
-#define NID_pkcs7_data 21
-#define OBJ_pkcs7_data OBJ_pkcs7,1L
-
-#define LN_pkcs7_signed "pkcs7-signedData"
-#define NID_pkcs7_signed 22
-#define OBJ_pkcs7_signed OBJ_pkcs7,2L
-
-#define LN_pkcs7_enveloped "pkcs7-envelopedData"
-#define NID_pkcs7_enveloped 23
-#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L
-
-#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData"
-#define NID_pkcs7_signedAndEnveloped 24
-#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L
-
-#define LN_pkcs7_digest "pkcs7-digestData"
-#define NID_pkcs7_digest 25
-#define OBJ_pkcs7_digest OBJ_pkcs7,5L
-
-#define LN_pkcs7_encrypted "pkcs7-encryptedData"
-#define NID_pkcs7_encrypted 26
-#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L
-
-#define LN_pkcs3 "pkcs3"
-#define NID_pkcs3 27
-#define OBJ_pkcs3 OBJ_pkcs,3L
-
-#define LN_dhKeyAgreement "dhKeyAgreement"
-#define NID_dhKeyAgreement 28
-#define OBJ_dhKeyAgreement OBJ_pkcs3,1L
-
-#define SN_des_ecb "DES-ECB"
-#define LN_des_ecb "des-ecb"
-#define NID_des_ecb 29
-#define OBJ_des_ecb OBJ_algorithm,6L
-
-#define SN_des_cfb64 "DES-CFB"
-#define LN_des_cfb64 "des-cfb"
-#define NID_des_cfb64 30
-/* IV + num */
-#define OBJ_des_cfb64 OBJ_algorithm,9L
-
-#define SN_des_cbc "DES-CBC"
-#define LN_des_cbc "des-cbc"
-#define NID_des_cbc 31
-/* IV */
-#define OBJ_des_cbc OBJ_algorithm,7L
-
-#define SN_des_ede "DES-EDE"
-#define LN_des_ede "des-ede"
-#define NID_des_ede 32
-/* ?? */
-#define OBJ_des_ede OBJ_algorithm,17L
-
-#define SN_des_ede3 "DES-EDE3"
-#define LN_des_ede3 "des-ede3"
-#define NID_des_ede3 33
-
-#define SN_idea_cbc "IDEA-CBC"
-#define LN_idea_cbc "idea-cbc"
-#define NID_idea_cbc 34
-#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
-
-#define SN_idea_cfb64 "IDEA-CFB"
-#define LN_idea_cfb64 "idea-cfb"
-#define NID_idea_cfb64 35
-
-#define SN_idea_ecb "IDEA-ECB"
-#define LN_idea_ecb "idea-ecb"
-#define NID_idea_ecb 36
-
-#define SN_rc2_cbc "RC2-CBC"
-#define LN_rc2_cbc "rc2-cbc"
-#define NID_rc2_cbc 37
-#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L
-
-#define SN_rc2_ecb "RC2-ECB"
-#define LN_rc2_ecb "rc2-ecb"
-#define NID_rc2_ecb 38
-
-#define SN_rc2_cfb64 "RC2-CFB"
-#define LN_rc2_cfb64 "rc2-cfb"
-#define NID_rc2_cfb64 39
-
-#define SN_rc2_ofb64 "RC2-OFB"
-#define LN_rc2_ofb64 "rc2-ofb"
-#define NID_rc2_ofb64 40
-
-#define SN_sha "SHA"
-#define LN_sha "sha"
-#define NID_sha 41
-#define OBJ_sha OBJ_algorithm,18L
-
-#define SN_shaWithRSAEncryption "RSA-SHA"
-#define LN_shaWithRSAEncryption "shaWithRSAEncryption"
-#define NID_shaWithRSAEncryption 42
-#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L
-
-#define SN_des_ede_cbc "DES-EDE-CBC"
-#define LN_des_ede_cbc "des-ede-cbc"
-#define NID_des_ede_cbc 43
-
-#define SN_des_ede3_cbc "DES-EDE3-CBC"
-#define LN_des_ede3_cbc "des-ede3-cbc"
-#define NID_des_ede3_cbc 44
-#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L
-
-#define SN_des_ofb64 "DES-OFB"
-#define LN_des_ofb64 "des-ofb"
-#define NID_des_ofb64 45
-#define OBJ_des_ofb64 OBJ_algorithm,8L
-
-#define SN_idea_ofb64 "IDEA-OFB"
-#define LN_idea_ofb64 "idea-ofb"
-#define NID_idea_ofb64 46
-
-#define LN_pkcs9 "pkcs9"
-#define NID_pkcs9 47
-#define OBJ_pkcs9 OBJ_pkcs,9L
-
-#define SN_pkcs9_emailAddress "Email"
-#define LN_pkcs9_emailAddress "emailAddress"
-#define NID_pkcs9_emailAddress 48
-#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L
-
-#define LN_pkcs9_unstructuredName "unstructuredName"
-#define NID_pkcs9_unstructuredName 49
-#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L
-
-#define LN_pkcs9_contentType "contentType"
-#define NID_pkcs9_contentType 50
-#define OBJ_pkcs9_contentType OBJ_pkcs9,3L
-
-#define LN_pkcs9_messageDigest "messageDigest"
-#define NID_pkcs9_messageDigest 51
-#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L
-
-#define LN_pkcs9_signingTime "signingTime"
-#define NID_pkcs9_signingTime 52
-#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L
-
-#define LN_pkcs9_countersignature "countersignature"
-#define NID_pkcs9_countersignature 53
-#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L
-
-#define LN_pkcs9_challengePassword "challengePassword"
-#define NID_pkcs9_challengePassword 54
-#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L
-
-#define LN_pkcs9_unstructuredAddress "unstructuredAddress"
-#define NID_pkcs9_unstructuredAddress 55
-#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L
-
-#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes"
-#define NID_pkcs9_extCertAttributes 56
-#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L
-
-#define SN_netscape "Netscape"
-#define LN_netscape "Netscape Communications Corp."
-#define NID_netscape 57
-#define OBJ_netscape 2L,16L,840L,1L,113730L
-
-#define SN_netscape_cert_extension "nsCertExt"
-#define LN_netscape_cert_extension "Netscape Certificate Extension"
-#define NID_netscape_cert_extension 58
-#define OBJ_netscape_cert_extension OBJ_netscape,1L
-
-#define SN_netscape_data_type "nsDataType"
-#define LN_netscape_data_type "Netscape Data Type"
-#define NID_netscape_data_type 59
-#define OBJ_netscape_data_type OBJ_netscape,2L
-
-#define SN_des_ede_cfb64 "DES-EDE-CFB"
-#define LN_des_ede_cfb64 "des-ede-cfb"
-#define NID_des_ede_cfb64 60
-
-#define SN_des_ede3_cfb64 "DES-EDE3-CFB"
-#define LN_des_ede3_cfb64 "des-ede3-cfb"
-#define NID_des_ede3_cfb64 61
-
-#define SN_des_ede_ofb64 "DES-EDE-OFB"
-#define LN_des_ede_ofb64 "des-ede-ofb"
-#define NID_des_ede_ofb64 62
-
-#define SN_des_ede3_ofb64 "DES-EDE3-OFB"
-#define LN_des_ede3_ofb64 "des-ede3-ofb"
-#define NID_des_ede3_ofb64 63
-
-/* I'm not sure about the object ID */
-#define SN_sha1 "SHA1"
-#define LN_sha1 "sha1"
-#define NID_sha1 64
-#define OBJ_sha1 OBJ_algorithm,26L
-/* 28 Jun 1996 - eay */
-/* #define OBJ_sha1 1L,3L,14L,2L,26L,05L <- wrong */
-
-#define SN_sha1WithRSAEncryption "RSA-SHA1"
-#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption"
-#define NID_sha1WithRSAEncryption 65
-#define OBJ_sha1WithRSAEncryption OBJ_pkcs,1L,5L
-
-#define SN_dsaWithSHA "DSA-SHA"
-#define LN_dsaWithSHA "dsaWithSHA"
-#define NID_dsaWithSHA 66
-#define OBJ_dsaWithSHA OBJ_algorithm,13L
-
-#define SN_dsa_2 "DSA-old"
-#define LN_dsa_2 "dsaEncryption-old"
-#define NID_dsa_2 67
-#define OBJ_dsa_2 OBJ_algorithm,12L
-
-/* proposed by microsoft to RSA */
-#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64"
-#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC"
-#define NID_pbeWithSHA1AndRC2_CBC 68
-#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L
-
-/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now
- * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something
- * completely different.
- */
-#define LN_id_pbkdf2 "PBKDF2"
-#define NID_id_pbkdf2 69
-#define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L
-
-#define SN_dsaWithSHA1_2 "DSA-SHA1-old"
-#define LN_dsaWithSHA1_2 "dsaWithSHA1-old"
-#define NID_dsaWithSHA1_2 70
-/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */
-#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L
-
-#define SN_netscape_cert_type "nsCertType"
-#define LN_netscape_cert_type "Netscape Cert Type"
-#define NID_netscape_cert_type 71
-#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L
-
-#define SN_netscape_base_url "nsBaseUrl"
-#define LN_netscape_base_url "Netscape Base Url"
-#define NID_netscape_base_url 72
-#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L
-
-#define SN_netscape_revocation_url "nsRevocationUrl"
-#define LN_netscape_revocation_url "Netscape Revocation Url"
-#define NID_netscape_revocation_url 73
-#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L
-
-#define SN_netscape_ca_revocation_url "nsCaRevocationUrl"
-#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url"
-#define NID_netscape_ca_revocation_url 74
-#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L
-
-#define SN_netscape_renewal_url "nsRenewalUrl"
-#define LN_netscape_renewal_url "Netscape Renewal Url"
-#define NID_netscape_renewal_url 75
-#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L
-
-#define SN_netscape_ca_policy_url "nsCaPolicyUrl"
-#define LN_netscape_ca_policy_url "Netscape CA Policy Url"
-#define NID_netscape_ca_policy_url 76
-#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L
-
-#define SN_netscape_ssl_server_name "nsSslServerName"
-#define LN_netscape_ssl_server_name "Netscape SSL Server Name"
-#define NID_netscape_ssl_server_name 77
-#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L
-
-#define SN_netscape_comment "nsComment"
-#define LN_netscape_comment "Netscape Comment"
-#define NID_netscape_comment 78
-#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L
-
-#define SN_netscape_cert_sequence "nsCertSequence"
-#define LN_netscape_cert_sequence "Netscape Certificate Sequence"
-#define NID_netscape_cert_sequence 79
-#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L
-
-#define SN_desx_cbc "DESX-CBC"
-#define LN_desx_cbc "desx-cbc"
-#define NID_desx_cbc 80
-
-#define SN_id_ce "id-ce"
-#define NID_id_ce 81
-#define OBJ_id_ce 2L,5L,29L
-
-#define SN_subject_key_identifier "subjectKeyIdentifier"
-#define LN_subject_key_identifier "X509v3 Subject Key Identifier"
-#define NID_subject_key_identifier 82
-#define OBJ_subject_key_identifier OBJ_id_ce,14L
-
-#define SN_key_usage "keyUsage"
-#define LN_key_usage "X509v3 Key Usage"
-#define NID_key_usage 83
-#define OBJ_key_usage OBJ_id_ce,15L
-
-#define SN_private_key_usage_period "privateKeyUsagePeriod"
-#define LN_private_key_usage_period "X509v3 Private Key Usage Period"
-#define NID_private_key_usage_period 84
-#define OBJ_private_key_usage_period OBJ_id_ce,16L
-
-#define SN_subject_alt_name "subjectAltName"
-#define LN_subject_alt_name "X509v3 Subject Alternative Name"
-#define NID_subject_alt_name 85
-#define OBJ_subject_alt_name OBJ_id_ce,17L
-
-#define SN_issuer_alt_name "issuerAltName"
-#define LN_issuer_alt_name "X509v3 Issuer Alternative Name"
-#define NID_issuer_alt_name 86
-#define OBJ_issuer_alt_name OBJ_id_ce,18L
-
-#define SN_basic_constraints "basicConstraints"
-#define LN_basic_constraints "X509v3 Basic Constraints"
-#define NID_basic_constraints 87
-#define OBJ_basic_constraints OBJ_id_ce,19L
-
-#define SN_crl_number "crlNumber"
-#define LN_crl_number "X509v3 CRL Number"
-#define NID_crl_number 88
-#define OBJ_crl_number OBJ_id_ce,20L
-
-#define SN_certificate_policies "certificatePolicies"
-#define LN_certificate_policies "X509v3 Certificate Policies"
-#define NID_certificate_policies 89
-#define OBJ_certificate_policies OBJ_id_ce,32L
-
-#define SN_authority_key_identifier "authorityKeyIdentifier"
-#define LN_authority_key_identifier "X509v3 Authority Key Identifier"
-#define NID_authority_key_identifier 90
-#define OBJ_authority_key_identifier OBJ_id_ce,35L
-
-#define SN_bf_cbc "BF-CBC"
-#define LN_bf_cbc "bf-cbc"
-#define NID_bf_cbc 91
-#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L
-
-#define SN_bf_ecb "BF-ECB"
-#define LN_bf_ecb "bf-ecb"
-#define NID_bf_ecb 92
-
-#define SN_bf_cfb64 "BF-CFB"
-#define LN_bf_cfb64 "bf-cfb"
-#define NID_bf_cfb64 93
-
-#define SN_bf_ofb64 "BF-OFB"
-#define LN_bf_ofb64 "bf-ofb"
-#define NID_bf_ofb64 94
-
-#define SN_mdc2 "MDC2"
-#define LN_mdc2 "mdc2"
-#define NID_mdc2 95
-#define OBJ_mdc2 2L,5L,8L,3L,101L
-/* An alternative? 1L,3L,14L,3L,2L,19L */
-
-#define SN_mdc2WithRSA "RSA-MDC2"
-#define LN_mdc2WithRSA "mdc2withRSA"
-#define NID_mdc2WithRSA 96
-#define OBJ_mdc2WithRSA 2L,5L,8L,3L,100L
-
-#define SN_rc4_40 "RC4-40"
-#define LN_rc4_40 "rc4-40"
-#define NID_rc4_40 97
-
-#define SN_rc2_40_cbc "RC2-40-CBC"
-#define LN_rc2_40_cbc "rc2-40-cbc"
-#define NID_rc2_40_cbc 98
-
-#define SN_givenName "G"
-#define LN_givenName "givenName"
-#define NID_givenName 99
-#define OBJ_givenName OBJ_X509,42L
-
-#define SN_surname "S"
-#define LN_surname "surname"
-#define NID_surname 100
-#define OBJ_surname OBJ_X509,4L
-
-#define SN_initials "I"
-#define LN_initials "initials"
-#define NID_initials 101
-#define OBJ_initials OBJ_X509,43L
-
-#define SN_uniqueIdentifier "UID"
-#define LN_uniqueIdentifier "uniqueIdentifier"
-#define NID_uniqueIdentifier 102
-#define OBJ_uniqueIdentifier OBJ_X509,45L
-
-#define SN_crl_distribution_points "crlDistributionPoints"
-#define LN_crl_distribution_points "X509v3 CRL Distribution Points"
-#define NID_crl_distribution_points 103
-#define OBJ_crl_distribution_points OBJ_id_ce,31L
-
-#define SN_md5WithRSA "RSA-NP-MD5"
-#define LN_md5WithRSA "md5WithRSA"
-#define NID_md5WithRSA 104
-#define OBJ_md5WithRSA OBJ_algorithm,3L
-
-#define SN_serialNumber "SN"
-#define LN_serialNumber "serialNumber"
-#define NID_serialNumber 105
-#define OBJ_serialNumber OBJ_X509,5L
-
-#define SN_title "T"
-#define LN_title "title"
-#define NID_title 106
-#define OBJ_title OBJ_X509,12L
-
-#define SN_description "D"
-#define LN_description "description"
-#define NID_description 107
-#define OBJ_description OBJ_X509,13L
-
-/* CAST5 is CAST-128, I'm just sticking with the documentation */
-#define SN_cast5_cbc "CAST5-CBC"
-#define LN_cast5_cbc "cast5-cbc"
-#define NID_cast5_cbc 108
-#define OBJ_cast5_cbc 1L,2L,840L,113533L,7L,66L,10L
-
-#define SN_cast5_ecb "CAST5-ECB"
-#define LN_cast5_ecb "cast5-ecb"
-#define NID_cast5_ecb 109
-
-#define SN_cast5_cfb64 "CAST5-CFB"
-#define LN_cast5_cfb64 "cast5-cfb"
-#define NID_cast5_cfb64 110
-
-#define SN_cast5_ofb64 "CAST5-OFB"
-#define LN_cast5_ofb64 "cast5-ofb"
-#define NID_cast5_ofb64 111
-
-#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC"
-#define NID_pbeWithMD5AndCast5_CBC 112
-#define OBJ_pbeWithMD5AndCast5_CBC 1L,2L,840L,113533L,7L,66L,12L
-
-/* This is one sun will soon be using :-(
- * id-dsa-with-sha1 ID ::= {
- * iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }
- */
-#define SN_dsaWithSHA1 "DSA-SHA1"
-#define LN_dsaWithSHA1 "dsaWithSHA1"
-#define NID_dsaWithSHA1 113
-#define OBJ_dsaWithSHA1 1L,2L,840L,10040L,4L,3L
-
-#define NID_md5_sha1 114
-#define SN_md5_sha1 "MD5-SHA1"
-#define LN_md5_sha1 "md5-sha1"
-
-#define SN_sha1WithRSA "RSA-SHA1-2"
-#define LN_sha1WithRSA "sha1WithRSA"
-#define NID_sha1WithRSA 115
-#define OBJ_sha1WithRSA OBJ_algorithm,29L
-
-#define SN_dsa "DSA"
-#define LN_dsa "dsaEncryption"
-#define NID_dsa 116
-#define OBJ_dsa 1L,2L,840L,10040L,4L,1L
-
-#define SN_ripemd160 "RIPEMD160"
-#define LN_ripemd160 "ripemd160"
-#define NID_ripemd160 117
-#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L
-
-/* The name should actually be rsaSignatureWithripemd160, but I'm going
- * to continue using the convention I'm using with the other ciphers */
-#define SN_ripemd160WithRSA "RSA-RIPEMD160"
-#define LN_ripemd160WithRSA "ripemd160WithRSA"
-#define NID_ripemd160WithRSA 119
-#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L
-
-/* Taken from rfc2040
- * RC5_CBC_Parameters ::= SEQUENCE {
- * version INTEGER (v1_0(16)),
- * rounds INTEGER (8..127),
- * blockSizeInBits INTEGER (64, 128),
- * iv OCTET STRING OPTIONAL
- * }
- */
-#define SN_rc5_cbc "RC5-CBC"
-#define LN_rc5_cbc "rc5-cbc"
-#define NID_rc5_cbc 120
-#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L
-
-#define SN_rc5_ecb "RC5-ECB"
-#define LN_rc5_ecb "rc5-ecb"
-#define NID_rc5_ecb 121
-
-#define SN_rc5_cfb64 "RC5-CFB"
-#define LN_rc5_cfb64 "rc5-cfb"
-#define NID_rc5_cfb64 122
-
-#define SN_rc5_ofb64 "RC5-OFB"
-#define LN_rc5_ofb64 "rc5-ofb"
-#define NID_rc5_ofb64 123
-
-#define SN_rle_compression "RLE"
-#define LN_rle_compression "run length compression"
-#define NID_rle_compression 124
-#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L
-
-#define SN_zlib_compression "ZLIB"
-#define LN_zlib_compression "zlib compression"
-#define NID_zlib_compression 125
-#define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L
-
-#define SN_ext_key_usage "extendedKeyUsage"
-#define LN_ext_key_usage "X509v3 Extended Key Usage"
-#define NID_ext_key_usage 126
-#define OBJ_ext_key_usage OBJ_id_ce,37
-
-#define SN_id_pkix "PKIX"
-#define NID_id_pkix 127
-#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L
-
-#define SN_id_kp "id-kp"
-#define NID_id_kp 128
-#define OBJ_id_kp OBJ_id_pkix,3L
-
-/* PKIX extended key usage OIDs */
-
-#define SN_server_auth "serverAuth"
-#define LN_server_auth "TLS Web Server Authentication"
-#define NID_server_auth 129
-#define OBJ_server_auth OBJ_id_kp,1L
-
-#define SN_client_auth "clientAuth"
-#define LN_client_auth "TLS Web Client Authentication"
-#define NID_client_auth 130
-#define OBJ_client_auth OBJ_id_kp,2L
-
-#define SN_code_sign "codeSigning"
-#define LN_code_sign "Code Signing"
-#define NID_code_sign 131
-#define OBJ_code_sign OBJ_id_kp,3L
-
-#define SN_email_protect "emailProtection"
-#define LN_email_protect "E-mail Protection"
-#define NID_email_protect 132
-#define OBJ_email_protect OBJ_id_kp,4L
-
-#define SN_time_stamp "timeStamping"
-#define LN_time_stamp "Time Stamping"
-#define NID_time_stamp 133
-#define OBJ_time_stamp OBJ_id_kp,8L
-
-/* Additional extended key usage OIDs: Microsoft */
-
-#define SN_ms_code_ind "msCodeInd"
-#define LN_ms_code_ind "Microsoft Individual Code Signing"
-#define NID_ms_code_ind 134
-#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
-
-#define SN_ms_code_com "msCodeCom"
-#define LN_ms_code_com "Microsoft Commercial Code Signing"
-#define NID_ms_code_com 135
-#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
-
-#define SN_ms_ctl_sign "msCTLSign"
-#define LN_ms_ctl_sign "Microsoft Trust List Signing"
-#define NID_ms_ctl_sign 136
-#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
-
-#define SN_ms_sgc "msSGC"
-#define LN_ms_sgc "Microsoft Server Gated Crypto"
-#define NID_ms_sgc 137
-#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
-
-#define SN_ms_efs "msEFS"
-#define LN_ms_efs "Microsoft Encrypted File System"
-#define NID_ms_efs 138
-#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
-
-/* Additional usage: Netscape */
-
-#define SN_ns_sgc "nsSGC"
-#define LN_ns_sgc "Netscape Server Gated Crypto"
-#define NID_ns_sgc 139
-#define OBJ_ns_sgc OBJ_netscape,4L,1L
-
-#define SN_delta_crl "deltaCRL"
-#define LN_delta_crl "X509v3 Delta CRL Indicator"
-#define NID_delta_crl 140
-#define OBJ_delta_crl OBJ_id_ce,27L
-
-#define SN_crl_reason "CRLReason"
-#define LN_crl_reason "CRL Reason Code"
-#define NID_crl_reason 141
-#define OBJ_crl_reason OBJ_id_ce,21L
-
-#define SN_invalidity_date "invalidityDate"
-#define LN_invalidity_date "Invalidity Date"
-#define NID_invalidity_date 142
-#define OBJ_invalidity_date OBJ_id_ce,24L
-
-#define SN_sxnet "SXNetID"
-#define LN_sxnet "Strong Extranet ID"
-#define NID_sxnet 143
-#define OBJ_sxnet 1L,3L,101L,1L,4L,1L
-
-/* PKCS12 and related OBJECT IDENTIFIERS */
-
-#define OBJ_pkcs12 OBJ_pkcs,12L
-#define OBJ_pkcs12_pbeids OBJ_pkcs12, 1
-
-#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128"
-#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4"
-#define NID_pbe_WithSHA1And128BitRC4 144
-#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids, 1L
-
-#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40"
-#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4"
-#define NID_pbe_WithSHA1And40BitRC4 145
-#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids, 2L
-
-#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES"
-#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146
-#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 3L
-
-#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES"
-#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC"
-#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147
-#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 4L
-
-#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128"
-#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC"
-#define NID_pbe_WithSHA1And128BitRC2_CBC 148
-#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids, 5L
-
-#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40"
-#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC"
-#define NID_pbe_WithSHA1And40BitRC2_CBC 149
-#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L
-
-#define OBJ_pkcs12_Version1 OBJ_pkcs12, 10L
-
-#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1, 1L
-
-#define LN_keyBag "keyBag"
-#define NID_keyBag 150
-#define OBJ_keyBag OBJ_pkcs12_BagIds, 1L
-
-#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag"
-#define NID_pkcs8ShroudedKeyBag 151
-#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L
-
-#define LN_certBag "certBag"
-#define NID_certBag 152
-#define OBJ_certBag OBJ_pkcs12_BagIds, 3L
-
-#define LN_crlBag "crlBag"
-#define NID_crlBag 153
-#define OBJ_crlBag OBJ_pkcs12_BagIds, 4L
-
-#define LN_secretBag "secretBag"
-#define NID_secretBag 154
-#define OBJ_secretBag OBJ_pkcs12_BagIds, 5L
-
-#define LN_safeContentsBag "safeContentsBag"
-#define NID_safeContentsBag 155
-#define OBJ_safeContentsBag OBJ_pkcs12_BagIds, 6L
-
-#define LN_friendlyName "friendlyName"
-#define NID_friendlyName 156
-#define OBJ_friendlyName OBJ_pkcs9, 20L
-
-#define LN_localKeyID "localKeyID"
-#define NID_localKeyID 157
-#define OBJ_localKeyID OBJ_pkcs9, 21L
-
-#define OBJ_certTypes OBJ_pkcs9, 22L
-
-#define LN_x509Certificate "x509Certificate"
-#define NID_x509Certificate 158
-#define OBJ_x509Certificate OBJ_certTypes, 1L
-
-#define LN_sdsiCertificate "sdsiCertificate"
-#define NID_sdsiCertificate 159
-#define OBJ_sdsiCertificate OBJ_certTypes, 2L
-
-#define OBJ_crlTypes OBJ_pkcs9, 23L
-
-#define LN_x509Crl "x509Crl"
-#define NID_x509Crl 160
-#define OBJ_x509Crl OBJ_crlTypes, 1L
-
-/* PKCS#5 v2 OIDs */
-
-#define LN_pbes2 "PBES2"
-#define NID_pbes2 161
-#define OBJ_pbes2 OBJ_pkcs,5L,13L
-
-#define LN_pbmac1 "PBMAC1"
-#define NID_pbmac1 162
-#define OBJ_pbmac1 OBJ_pkcs,5L,14L
-
-#define LN_hmacWithSHA1 "hmacWithSHA1"
-#define NID_hmacWithSHA1 163
-#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L
-
-/* Policy Qualifier Ids */
-
-#define LN_id_qt_cps "Policy Qualifier CPS"
-#define SN_id_qt_cps "id-qt-cps"
-#define NID_id_qt_cps 164
-#define OBJ_id_qt_cps OBJ_id_pkix,2L,1L
-
-#define LN_id_qt_unotice "Policy Qualifier User Notice"
-#define SN_id_qt_unotice "id-qt-unotice"
-#define NID_id_qt_unotice 165
-#define OBJ_id_qt_unotice OBJ_id_pkix,2L,2L
-
-#define SN_rc2_64_cbc "RC2-64-CBC"
-#define LN_rc2_64_cbc "rc2-64-cbc"
-#define NID_rc2_64_cbc 166
-
-#define SN_SMIMECapabilities "SMIME-CAPS"
-#define LN_SMIMECapabilities "S/MIME Capabilities"
-#define NID_SMIMECapabilities 167
-#define OBJ_SMIMECapabilities OBJ_pkcs9,15L
-
-#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64"
-#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC"
-#define NID_pbeWithMD2AndRC2_CBC 168
-#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs,5L,4L
-
-#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64"
-#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC"
-#define NID_pbeWithMD5AndRC2_CBC 169
-#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs,5L,6L
-
-#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES"
-#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC"
-#define NID_pbeWithSHA1AndDES_CBC 170
-#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L
-
-/* Extension request OIDs */
-
-#define LN_ms_ext_req "Microsoft Extension Request"
-#define SN_ms_ext_req "msExtReq"
-#define NID_ms_ext_req 171
-#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
-
-#define LN_ext_req "Extension Request"
-#define SN_ext_req "extReq"
-#define NID_ext_req 172
-#define OBJ_ext_req OBJ_pkcs9,14L
-
-#define SN_name "name"
-#define LN_name "name"
-#define NID_name 173
-#define OBJ_name OBJ_X509,41L
-
-#define SN_dnQualifier "dnQualifier"
-#define LN_dnQualifier "dnQualifier"
-#define NID_dnQualifier 174
-#define OBJ_dnQualifier OBJ_X509,46L
-
-#define SN_id_pe "id-pe"
-#define NID_id_pe 175
-#define OBJ_id_pe OBJ_id_pkix,1L
-
-#define SN_id_ad "id-ad"
-#define NID_id_ad 176
-#define OBJ_id_ad OBJ_id_pkix,48L
-
-#define SN_info_access "authorityInfoAccess"
-#define LN_info_access "Authority Information Access"
-#define NID_info_access 177
-#define OBJ_info_access OBJ_id_pe,1L
-
-#define SN_ad_OCSP "OCSP"
-#define LN_ad_OCSP "OCSP"
-#define NID_ad_OCSP 178
-#define OBJ_ad_OCSP OBJ_id_ad,1L
-
-#define SN_ad_ca_issuers "caIssuers"
-#define LN_ad_ca_issuers "CA Issuers"
-#define NID_ad_ca_issuers 179
-#define OBJ_ad_ca_issuers OBJ_id_ad,2L
-
-#define SN_OCSP_sign "OCSPSigning"
-#define LN_OCSP_sign "OCSP Signing"
-#define NID_OCSP_sign 180
-#define OBJ_OCSP_sign OBJ_id_kp,9L
-#endif /* USE_OBJ_MAC */
-
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-
-#define OBJ_NAME_TYPE_UNDEF 0x00
-#define OBJ_NAME_TYPE_MD_METH 0x01
-#define OBJ_NAME_TYPE_CIPHER_METH 0x02
-#define OBJ_NAME_TYPE_PKEY_METH 0x03
-#define OBJ_NAME_TYPE_COMP_METH 0x04
-#define OBJ_NAME_TYPE_NUM 0x05
-
-#define OBJ_NAME_ALIAS 0x8000
-
-#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01
-#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct obj_name_st
- {
- int type;
- int alias;
- const char *name;
- const char *data;
- } OBJ_NAME;
-
-#define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
-
-
-int OBJ_NAME_init(void);
-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
- int (*cmp_func)(const char *, const char *),
- void (*free_func)(const char *, int, const char *));
-const char *OBJ_NAME_get(const char *name,int type);
-int OBJ_NAME_add(const char *name,int type,const char *data);
-int OBJ_NAME_remove(const char *name,int type);
-void OBJ_NAME_cleanup(int type); /* -1 for everything */
-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),
- void *arg);
-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
- void *arg);
-
-ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
-ASN1_OBJECT * OBJ_nid2obj(int n);
-const char * OBJ_nid2ln(int n);
-const char * OBJ_nid2sn(int n);
-int OBJ_obj2nid(const ASN1_OBJECT *o);
-ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
-int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
-int OBJ_txt2nid(const char *s);
-int OBJ_ln2nid(const char *s);
-int OBJ_sn2nid(const char *s);
-int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
-const char * OBJ_bsearch(const char *key,const char *base,int num,int size,
- int (*cmp)(const void *, const void *));
-const char * OBJ_bsearch_ex(const char *key,const char *base,int num,
- int size, int (*cmp)(const void *, const void *), int flags);
-
-int OBJ_new_nid(int num);
-int OBJ_add_object(const ASN1_OBJECT *obj);
-int OBJ_create(const char *oid,const char *sn,const char *ln);
-void OBJ_cleanup(void );
-int OBJ_create_objects(BIO *in);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_OBJ_strings(void);
-
-/* Error codes for the OBJ functions. */
-
-/* Function codes. */
-#define OBJ_F_OBJ_ADD_OBJECT 105
-#define OBJ_F_OBJ_CREATE 100
-#define OBJ_F_OBJ_DUP 101
-#define OBJ_F_OBJ_NAME_NEW_INDEX 106
-#define OBJ_F_OBJ_NID2LN 102
-#define OBJ_F_OBJ_NID2OBJ 103
-#define OBJ_F_OBJ_NID2SN 104
-
-/* Reason codes. */
-#define OBJ_R_MALLOC_FAILURE 100
-#define OBJ_R_UNKNOWN_NID 101
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.h (from rev 6976, vendor-crypto/openssl/dist/crypto/objects/objects.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1055 @@
+/* crypto/objects/objects.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_OBJECTS_H
+# define HEADER_OBJECTS_H
+
+# define USE_OBJ_MAC
+
+# ifdef USE_OBJ_MAC
+# include <openssl/obj_mac.h>
+# else
+# define SN_undef "UNDEF"
+# define LN_undef "undefined"
+# define NID_undef 0
+# define OBJ_undef 0L
+
+# define SN_Algorithm "Algorithm"
+# define LN_algorithm "algorithm"
+# define NID_algorithm 38
+# define OBJ_algorithm 1L,3L,14L,3L,2L
+
+# define LN_rsadsi "rsadsi"
+# define NID_rsadsi 1
+# define OBJ_rsadsi 1L,2L,840L,113549L
+
+# define LN_pkcs "pkcs"
+# define NID_pkcs 2
+# define OBJ_pkcs OBJ_rsadsi,1L
+
+# define SN_md2 "MD2"
+# define LN_md2 "md2"
+# define NID_md2 3
+# define OBJ_md2 OBJ_rsadsi,2L,2L
+
+# define SN_md5 "MD5"
+# define LN_md5 "md5"
+# define NID_md5 4
+# define OBJ_md5 OBJ_rsadsi,2L,5L
+
+# define SN_rc4 "RC4"
+# define LN_rc4 "rc4"
+# define NID_rc4 5
+# define OBJ_rc4 OBJ_rsadsi,3L,4L
+
+# define LN_rsaEncryption "rsaEncryption"
+# define NID_rsaEncryption 6
+# define OBJ_rsaEncryption OBJ_pkcs,1L,1L
+
+# define SN_md2WithRSAEncryption "RSA-MD2"
+# define LN_md2WithRSAEncryption "md2WithRSAEncryption"
+# define NID_md2WithRSAEncryption 7
+# define OBJ_md2WithRSAEncryption OBJ_pkcs,1L,2L
+
+# define SN_md5WithRSAEncryption "RSA-MD5"
+# define LN_md5WithRSAEncryption "md5WithRSAEncryption"
+# define NID_md5WithRSAEncryption 8
+# define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L
+
+# define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES"
+# define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC"
+# define NID_pbeWithMD2AndDES_CBC 9
+# define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L
+
+# define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES"
+# define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC"
+# define NID_pbeWithMD5AndDES_CBC 10
+# define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L
+
+# define LN_X500 "X500"
+# define NID_X500 11
+# define OBJ_X500 2L,5L
+
+# define LN_X509 "X509"
+# define NID_X509 12
+# define OBJ_X509 OBJ_X500,4L
+
+# define SN_commonName "CN"
+# define LN_commonName "commonName"
+# define NID_commonName 13
+# define OBJ_commonName OBJ_X509,3L
+
+# define SN_countryName "C"
+# define LN_countryName "countryName"
+# define NID_countryName 14
+# define OBJ_countryName OBJ_X509,6L
+
+# define SN_localityName "L"
+# define LN_localityName "localityName"
+# define NID_localityName 15
+# define OBJ_localityName OBJ_X509,7L
+
+/* Postal Address? PA */
+
+/* should be "ST" (rfc1327) but MS uses 'S' */
+# define SN_stateOrProvinceName "ST"
+# define LN_stateOrProvinceName "stateOrProvinceName"
+# define NID_stateOrProvinceName 16
+# define OBJ_stateOrProvinceName OBJ_X509,8L
+
+# define SN_organizationName "O"
+# define LN_organizationName "organizationName"
+# define NID_organizationName 17
+# define OBJ_organizationName OBJ_X509,10L
+
+# define SN_organizationalUnitName "OU"
+# define LN_organizationalUnitName "organizationalUnitName"
+# define NID_organizationalUnitName 18
+# define OBJ_organizationalUnitName OBJ_X509,11L
+
+# define SN_rsa "RSA"
+# define LN_rsa "rsa"
+# define NID_rsa 19
+# define OBJ_rsa OBJ_X500,8L,1L,1L
+
+# define LN_pkcs7 "pkcs7"
+# define NID_pkcs7 20
+# define OBJ_pkcs7 OBJ_pkcs,7L
+
+# define LN_pkcs7_data "pkcs7-data"
+# define NID_pkcs7_data 21
+# define OBJ_pkcs7_data OBJ_pkcs7,1L
+
+# define LN_pkcs7_signed "pkcs7-signedData"
+# define NID_pkcs7_signed 22
+# define OBJ_pkcs7_signed OBJ_pkcs7,2L
+
+# define LN_pkcs7_enveloped "pkcs7-envelopedData"
+# define NID_pkcs7_enveloped 23
+# define OBJ_pkcs7_enveloped OBJ_pkcs7,3L
+
+# define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData"
+# define NID_pkcs7_signedAndEnveloped 24
+# define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L
+
+# define LN_pkcs7_digest "pkcs7-digestData"
+# define NID_pkcs7_digest 25
+# define OBJ_pkcs7_digest OBJ_pkcs7,5L
+
+# define LN_pkcs7_encrypted "pkcs7-encryptedData"
+# define NID_pkcs7_encrypted 26
+# define OBJ_pkcs7_encrypted OBJ_pkcs7,6L
+
+# define LN_pkcs3 "pkcs3"
+# define NID_pkcs3 27
+# define OBJ_pkcs3 OBJ_pkcs,3L
+
+# define LN_dhKeyAgreement "dhKeyAgreement"
+# define NID_dhKeyAgreement 28
+# define OBJ_dhKeyAgreement OBJ_pkcs3,1L
+
+# define SN_des_ecb "DES-ECB"
+# define LN_des_ecb "des-ecb"
+# define NID_des_ecb 29
+# define OBJ_des_ecb OBJ_algorithm,6L
+
+# define SN_des_cfb64 "DES-CFB"
+# define LN_des_cfb64 "des-cfb"
+# define NID_des_cfb64 30
+/* IV + num */
+# define OBJ_des_cfb64 OBJ_algorithm,9L
+
+# define SN_des_cbc "DES-CBC"
+# define LN_des_cbc "des-cbc"
+# define NID_des_cbc 31
+/* IV */
+# define OBJ_des_cbc OBJ_algorithm,7L
+
+# define SN_des_ede "DES-EDE"
+# define LN_des_ede "des-ede"
+# define NID_des_ede 32
+/* ?? */
+# define OBJ_des_ede OBJ_algorithm,17L
+
+# define SN_des_ede3 "DES-EDE3"
+# define LN_des_ede3 "des-ede3"
+# define NID_des_ede3 33
+
+# define SN_idea_cbc "IDEA-CBC"
+# define LN_idea_cbc "idea-cbc"
+# define NID_idea_cbc 34
+# define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
+
+# define SN_idea_cfb64 "IDEA-CFB"
+# define LN_idea_cfb64 "idea-cfb"
+# define NID_idea_cfb64 35
+
+# define SN_idea_ecb "IDEA-ECB"
+# define LN_idea_ecb "idea-ecb"
+# define NID_idea_ecb 36
+
+# define SN_rc2_cbc "RC2-CBC"
+# define LN_rc2_cbc "rc2-cbc"
+# define NID_rc2_cbc 37
+# define OBJ_rc2_cbc OBJ_rsadsi,3L,2L
+
+# define SN_rc2_ecb "RC2-ECB"
+# define LN_rc2_ecb "rc2-ecb"
+# define NID_rc2_ecb 38
+
+# define SN_rc2_cfb64 "RC2-CFB"
+# define LN_rc2_cfb64 "rc2-cfb"
+# define NID_rc2_cfb64 39
+
+# define SN_rc2_ofb64 "RC2-OFB"
+# define LN_rc2_ofb64 "rc2-ofb"
+# define NID_rc2_ofb64 40
+
+# define SN_sha "SHA"
+# define LN_sha "sha"
+# define NID_sha 41
+# define OBJ_sha OBJ_algorithm,18L
+
+# define SN_shaWithRSAEncryption "RSA-SHA"
+# define LN_shaWithRSAEncryption "shaWithRSAEncryption"
+# define NID_shaWithRSAEncryption 42
+# define OBJ_shaWithRSAEncryption OBJ_algorithm,15L
+
+# define SN_des_ede_cbc "DES-EDE-CBC"
+# define LN_des_ede_cbc "des-ede-cbc"
+# define NID_des_ede_cbc 43
+
+# define SN_des_ede3_cbc "DES-EDE3-CBC"
+# define LN_des_ede3_cbc "des-ede3-cbc"
+# define NID_des_ede3_cbc 44
+# define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L
+
+# define SN_des_ofb64 "DES-OFB"
+# define LN_des_ofb64 "des-ofb"
+# define NID_des_ofb64 45
+# define OBJ_des_ofb64 OBJ_algorithm,8L
+
+# define SN_idea_ofb64 "IDEA-OFB"
+# define LN_idea_ofb64 "idea-ofb"
+# define NID_idea_ofb64 46
+
+# define LN_pkcs9 "pkcs9"
+# define NID_pkcs9 47
+# define OBJ_pkcs9 OBJ_pkcs,9L
+
+# define SN_pkcs9_emailAddress "Email"
+# define LN_pkcs9_emailAddress "emailAddress"
+# define NID_pkcs9_emailAddress 48
+# define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L
+
+# define LN_pkcs9_unstructuredName "unstructuredName"
+# define NID_pkcs9_unstructuredName 49
+# define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L
+
+# define LN_pkcs9_contentType "contentType"
+# define NID_pkcs9_contentType 50
+# define OBJ_pkcs9_contentType OBJ_pkcs9,3L
+
+# define LN_pkcs9_messageDigest "messageDigest"
+# define NID_pkcs9_messageDigest 51
+# define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L
+
+# define LN_pkcs9_signingTime "signingTime"
+# define NID_pkcs9_signingTime 52
+# define OBJ_pkcs9_signingTime OBJ_pkcs9,5L
+
+# define LN_pkcs9_countersignature "countersignature"
+# define NID_pkcs9_countersignature 53
+# define OBJ_pkcs9_countersignature OBJ_pkcs9,6L
+
+# define LN_pkcs9_challengePassword "challengePassword"
+# define NID_pkcs9_challengePassword 54
+# define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L
+
+# define LN_pkcs9_unstructuredAddress "unstructuredAddress"
+# define NID_pkcs9_unstructuredAddress 55
+# define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L
+
+# define LN_pkcs9_extCertAttributes "extendedCertificateAttributes"
+# define NID_pkcs9_extCertAttributes 56
+# define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L
+
+# define SN_netscape "Netscape"
+# define LN_netscape "Netscape Communications Corp."
+# define NID_netscape 57
+# define OBJ_netscape 2L,16L,840L,1L,113730L
+
+# define SN_netscape_cert_extension "nsCertExt"
+# define LN_netscape_cert_extension "Netscape Certificate Extension"
+# define NID_netscape_cert_extension 58
+# define OBJ_netscape_cert_extension OBJ_netscape,1L
+
+# define SN_netscape_data_type "nsDataType"
+# define LN_netscape_data_type "Netscape Data Type"
+# define NID_netscape_data_type 59
+# define OBJ_netscape_data_type OBJ_netscape,2L
+
+# define SN_des_ede_cfb64 "DES-EDE-CFB"
+# define LN_des_ede_cfb64 "des-ede-cfb"
+# define NID_des_ede_cfb64 60
+
+# define SN_des_ede3_cfb64 "DES-EDE3-CFB"
+# define LN_des_ede3_cfb64 "des-ede3-cfb"
+# define NID_des_ede3_cfb64 61
+
+# define SN_des_ede_ofb64 "DES-EDE-OFB"
+# define LN_des_ede_ofb64 "des-ede-ofb"
+# define NID_des_ede_ofb64 62
+
+# define SN_des_ede3_ofb64 "DES-EDE3-OFB"
+# define LN_des_ede3_ofb64 "des-ede3-ofb"
+# define NID_des_ede3_ofb64 63
+
+/* I'm not sure about the object ID */
+# define SN_sha1 "SHA1"
+# define LN_sha1 "sha1"
+# define NID_sha1 64
+# define OBJ_sha1 OBJ_algorithm,26L
+/* 28 Jun 1996 - eay */
+/* #define OBJ_sha1 1L,3L,14L,2L,26L,05L <- wrong */
+
+# define SN_sha1WithRSAEncryption "RSA-SHA1"
+# define LN_sha1WithRSAEncryption "sha1WithRSAEncryption"
+# define NID_sha1WithRSAEncryption 65
+# define OBJ_sha1WithRSAEncryption OBJ_pkcs,1L,5L
+
+# define SN_dsaWithSHA "DSA-SHA"
+# define LN_dsaWithSHA "dsaWithSHA"
+# define NID_dsaWithSHA 66
+# define OBJ_dsaWithSHA OBJ_algorithm,13L
+
+# define SN_dsa_2 "DSA-old"
+# define LN_dsa_2 "dsaEncryption-old"
+# define NID_dsa_2 67
+# define OBJ_dsa_2 OBJ_algorithm,12L
+
+/* proposed by microsoft to RSA */
+# define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64"
+# define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC"
+# define NID_pbeWithSHA1AndRC2_CBC 68
+# define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L
+
+/*
+ * proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now defined
+ * explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something completely
+ * different.
+ */
+# define LN_id_pbkdf2 "PBKDF2"
+# define NID_id_pbkdf2 69
+# define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L
+
+# define SN_dsaWithSHA1_2 "DSA-SHA1-old"
+# define LN_dsaWithSHA1_2 "dsaWithSHA1-old"
+# define NID_dsaWithSHA1_2 70
+/* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */
+# define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L
+
+# define SN_netscape_cert_type "nsCertType"
+# define LN_netscape_cert_type "Netscape Cert Type"
+# define NID_netscape_cert_type 71
+# define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L
+
+# define SN_netscape_base_url "nsBaseUrl"
+# define LN_netscape_base_url "Netscape Base Url"
+# define NID_netscape_base_url 72
+# define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L
+
+# define SN_netscape_revocation_url "nsRevocationUrl"
+# define LN_netscape_revocation_url "Netscape Revocation Url"
+# define NID_netscape_revocation_url 73
+# define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L
+
+# define SN_netscape_ca_revocation_url "nsCaRevocationUrl"
+# define LN_netscape_ca_revocation_url "Netscape CA Revocation Url"
+# define NID_netscape_ca_revocation_url 74
+# define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L
+
+# define SN_netscape_renewal_url "nsRenewalUrl"
+# define LN_netscape_renewal_url "Netscape Renewal Url"
+# define NID_netscape_renewal_url 75
+# define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L
+
+# define SN_netscape_ca_policy_url "nsCaPolicyUrl"
+# define LN_netscape_ca_policy_url "Netscape CA Policy Url"
+# define NID_netscape_ca_policy_url 76
+# define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L
+
+# define SN_netscape_ssl_server_name "nsSslServerName"
+# define LN_netscape_ssl_server_name "Netscape SSL Server Name"
+# define NID_netscape_ssl_server_name 77
+# define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L
+
+# define SN_netscape_comment "nsComment"
+# define LN_netscape_comment "Netscape Comment"
+# define NID_netscape_comment 78
+# define OBJ_netscape_comment OBJ_netscape_cert_extension,13L
+
+# define SN_netscape_cert_sequence "nsCertSequence"
+# define LN_netscape_cert_sequence "Netscape Certificate Sequence"
+# define NID_netscape_cert_sequence 79
+# define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L
+
+# define SN_desx_cbc "DESX-CBC"
+# define LN_desx_cbc "desx-cbc"
+# define NID_desx_cbc 80
+
+# define SN_id_ce "id-ce"
+# define NID_id_ce 81
+# define OBJ_id_ce 2L,5L,29L
+
+# define SN_subject_key_identifier "subjectKeyIdentifier"
+# define LN_subject_key_identifier "X509v3 Subject Key Identifier"
+# define NID_subject_key_identifier 82
+# define OBJ_subject_key_identifier OBJ_id_ce,14L
+
+# define SN_key_usage "keyUsage"
+# define LN_key_usage "X509v3 Key Usage"
+# define NID_key_usage 83
+# define OBJ_key_usage OBJ_id_ce,15L
+
+# define SN_private_key_usage_period "privateKeyUsagePeriod"
+# define LN_private_key_usage_period "X509v3 Private Key Usage Period"
+# define NID_private_key_usage_period 84
+# define OBJ_private_key_usage_period OBJ_id_ce,16L
+
+# define SN_subject_alt_name "subjectAltName"
+# define LN_subject_alt_name "X509v3 Subject Alternative Name"
+# define NID_subject_alt_name 85
+# define OBJ_subject_alt_name OBJ_id_ce,17L
+
+# define SN_issuer_alt_name "issuerAltName"
+# define LN_issuer_alt_name "X509v3 Issuer Alternative Name"
+# define NID_issuer_alt_name 86
+# define OBJ_issuer_alt_name OBJ_id_ce,18L
+
+# define SN_basic_constraints "basicConstraints"
+# define LN_basic_constraints "X509v3 Basic Constraints"
+# define NID_basic_constraints 87
+# define OBJ_basic_constraints OBJ_id_ce,19L
+
+# define SN_crl_number "crlNumber"
+# define LN_crl_number "X509v3 CRL Number"
+# define NID_crl_number 88
+# define OBJ_crl_number OBJ_id_ce,20L
+
+# define SN_certificate_policies "certificatePolicies"
+# define LN_certificate_policies "X509v3 Certificate Policies"
+# define NID_certificate_policies 89
+# define OBJ_certificate_policies OBJ_id_ce,32L
+
+# define SN_authority_key_identifier "authorityKeyIdentifier"
+# define LN_authority_key_identifier "X509v3 Authority Key Identifier"
+# define NID_authority_key_identifier 90
+# define OBJ_authority_key_identifier OBJ_id_ce,35L
+
+# define SN_bf_cbc "BF-CBC"
+# define LN_bf_cbc "bf-cbc"
+# define NID_bf_cbc 91
+# define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L
+
+# define SN_bf_ecb "BF-ECB"
+# define LN_bf_ecb "bf-ecb"
+# define NID_bf_ecb 92
+
+# define SN_bf_cfb64 "BF-CFB"
+# define LN_bf_cfb64 "bf-cfb"
+# define NID_bf_cfb64 93
+
+# define SN_bf_ofb64 "BF-OFB"
+# define LN_bf_ofb64 "bf-ofb"
+# define NID_bf_ofb64 94
+
+# define SN_mdc2 "MDC2"
+# define LN_mdc2 "mdc2"
+# define NID_mdc2 95
+# define OBJ_mdc2 2L,5L,8L,3L,101L
+/* An alternative? 1L,3L,14L,3L,2L,19L */
+
+# define SN_mdc2WithRSA "RSA-MDC2"
+# define LN_mdc2WithRSA "mdc2withRSA"
+# define NID_mdc2WithRSA 96
+# define OBJ_mdc2WithRSA 2L,5L,8L,3L,100L
+
+# define SN_rc4_40 "RC4-40"
+# define LN_rc4_40 "rc4-40"
+# define NID_rc4_40 97
+
+# define SN_rc2_40_cbc "RC2-40-CBC"
+# define LN_rc2_40_cbc "rc2-40-cbc"
+# define NID_rc2_40_cbc 98
+
+# define SN_givenName "G"
+# define LN_givenName "givenName"
+# define NID_givenName 99
+# define OBJ_givenName OBJ_X509,42L
+
+# define SN_surname "S"
+# define LN_surname "surname"
+# define NID_surname 100
+# define OBJ_surname OBJ_X509,4L
+
+# define SN_initials "I"
+# define LN_initials "initials"
+# define NID_initials 101
+# define OBJ_initials OBJ_X509,43L
+
+# define SN_uniqueIdentifier "UID"
+# define LN_uniqueIdentifier "uniqueIdentifier"
+# define NID_uniqueIdentifier 102
+# define OBJ_uniqueIdentifier OBJ_X509,45L
+
+# define SN_crl_distribution_points "crlDistributionPoints"
+# define LN_crl_distribution_points "X509v3 CRL Distribution Points"
+# define NID_crl_distribution_points 103
+# define OBJ_crl_distribution_points OBJ_id_ce,31L
+
+# define SN_md5WithRSA "RSA-NP-MD5"
+# define LN_md5WithRSA "md5WithRSA"
+# define NID_md5WithRSA 104
+# define OBJ_md5WithRSA OBJ_algorithm,3L
+
+# define SN_serialNumber "SN"
+# define LN_serialNumber "serialNumber"
+# define NID_serialNumber 105
+# define OBJ_serialNumber OBJ_X509,5L
+
+# define SN_title "T"
+# define LN_title "title"
+# define NID_title 106
+# define OBJ_title OBJ_X509,12L
+
+# define SN_description "D"
+# define LN_description "description"
+# define NID_description 107
+# define OBJ_description OBJ_X509,13L
+
+/* CAST5 is CAST-128, I'm just sticking with the documentation */
+# define SN_cast5_cbc "CAST5-CBC"
+# define LN_cast5_cbc "cast5-cbc"
+# define NID_cast5_cbc 108
+# define OBJ_cast5_cbc 1L,2L,840L,113533L,7L,66L,10L
+
+# define SN_cast5_ecb "CAST5-ECB"
+# define LN_cast5_ecb "cast5-ecb"
+# define NID_cast5_ecb 109
+
+# define SN_cast5_cfb64 "CAST5-CFB"
+# define LN_cast5_cfb64 "cast5-cfb"
+# define NID_cast5_cfb64 110
+
+# define SN_cast5_ofb64 "CAST5-OFB"
+# define LN_cast5_ofb64 "cast5-ofb"
+# define NID_cast5_ofb64 111
+
+# define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC"
+# define NID_pbeWithMD5AndCast5_CBC 112
+# define OBJ_pbeWithMD5AndCast5_CBC 1L,2L,840L,113533L,7L,66L,12L
+
+/*-
+ * This is one sun will soon be using :-(
+ * id-dsa-with-sha1 ID ::= {
+ * iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 }
+ */
+# define SN_dsaWithSHA1 "DSA-SHA1"
+# define LN_dsaWithSHA1 "dsaWithSHA1"
+# define NID_dsaWithSHA1 113
+# define OBJ_dsaWithSHA1 1L,2L,840L,10040L,4L,3L
+
+# define NID_md5_sha1 114
+# define SN_md5_sha1 "MD5-SHA1"
+# define LN_md5_sha1 "md5-sha1"
+
+# define SN_sha1WithRSA "RSA-SHA1-2"
+# define LN_sha1WithRSA "sha1WithRSA"
+# define NID_sha1WithRSA 115
+# define OBJ_sha1WithRSA OBJ_algorithm,29L
+
+# define SN_dsa "DSA"
+# define LN_dsa "dsaEncryption"
+# define NID_dsa 116
+# define OBJ_dsa 1L,2L,840L,10040L,4L,1L
+
+# define SN_ripemd160 "RIPEMD160"
+# define LN_ripemd160 "ripemd160"
+# define NID_ripemd160 117
+# define OBJ_ripemd160 1L,3L,36L,3L,2L,1L
+
+/*
+ * The name should actually be rsaSignatureWithripemd160, but I'm going to
+ * continue using the convention I'm using with the other ciphers
+ */
+# define SN_ripemd160WithRSA "RSA-RIPEMD160"
+# define LN_ripemd160WithRSA "ripemd160WithRSA"
+# define NID_ripemd160WithRSA 119
+# define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L
+
+/*-
+ * Taken from rfc2040
+ * RC5_CBC_Parameters ::= SEQUENCE {
+ * version INTEGER (v1_0(16)),
+ * rounds INTEGER (8..127),
+ * blockSizeInBits INTEGER (64, 128),
+ * iv OCTET STRING OPTIONAL
+ * }
+ */
+# define SN_rc5_cbc "RC5-CBC"
+# define LN_rc5_cbc "rc5-cbc"
+# define NID_rc5_cbc 120
+# define OBJ_rc5_cbc OBJ_rsadsi,3L,8L
+
+# define SN_rc5_ecb "RC5-ECB"
+# define LN_rc5_ecb "rc5-ecb"
+# define NID_rc5_ecb 121
+
+# define SN_rc5_cfb64 "RC5-CFB"
+# define LN_rc5_cfb64 "rc5-cfb"
+# define NID_rc5_cfb64 122
+
+# define SN_rc5_ofb64 "RC5-OFB"
+# define LN_rc5_ofb64 "rc5-ofb"
+# define NID_rc5_ofb64 123
+
+# define SN_rle_compression "RLE"
+# define LN_rle_compression "run length compression"
+# define NID_rle_compression 124
+# define OBJ_rle_compression 1L,1L,1L,1L,666L,1L
+
+# define SN_zlib_compression "ZLIB"
+# define LN_zlib_compression "zlib compression"
+# define NID_zlib_compression 125
+# define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L
+
+# define SN_ext_key_usage "extendedKeyUsage"
+# define LN_ext_key_usage "X509v3 Extended Key Usage"
+# define NID_ext_key_usage 126
+# define OBJ_ext_key_usage OBJ_id_ce,37
+
+# define SN_id_pkix "PKIX"
+# define NID_id_pkix 127
+# define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L
+
+# define SN_id_kp "id-kp"
+# define NID_id_kp 128
+# define OBJ_id_kp OBJ_id_pkix,3L
+
+/* PKIX extended key usage OIDs */
+
+# define SN_server_auth "serverAuth"
+# define LN_server_auth "TLS Web Server Authentication"
+# define NID_server_auth 129
+# define OBJ_server_auth OBJ_id_kp,1L
+
+# define SN_client_auth "clientAuth"
+# define LN_client_auth "TLS Web Client Authentication"
+# define NID_client_auth 130
+# define OBJ_client_auth OBJ_id_kp,2L
+
+# define SN_code_sign "codeSigning"
+# define LN_code_sign "Code Signing"
+# define NID_code_sign 131
+# define OBJ_code_sign OBJ_id_kp,3L
+
+# define SN_email_protect "emailProtection"
+# define LN_email_protect "E-mail Protection"
+# define NID_email_protect 132
+# define OBJ_email_protect OBJ_id_kp,4L
+
+# define SN_time_stamp "timeStamping"
+# define LN_time_stamp "Time Stamping"
+# define NID_time_stamp 133
+# define OBJ_time_stamp OBJ_id_kp,8L
+
+/* Additional extended key usage OIDs: Microsoft */
+
+# define SN_ms_code_ind "msCodeInd"
+# define LN_ms_code_ind "Microsoft Individual Code Signing"
+# define NID_ms_code_ind 134
+# define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+# define SN_ms_code_com "msCodeCom"
+# define LN_ms_code_com "Microsoft Commercial Code Signing"
+# define NID_ms_code_com 135
+# define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+# define SN_ms_ctl_sign "msCTLSign"
+# define LN_ms_ctl_sign "Microsoft Trust List Signing"
+# define NID_ms_ctl_sign 136
+# define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+# define SN_ms_sgc "msSGC"
+# define LN_ms_sgc "Microsoft Server Gated Crypto"
+# define NID_ms_sgc 137
+# define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+# define SN_ms_efs "msEFS"
+# define LN_ms_efs "Microsoft Encrypted File System"
+# define NID_ms_efs 138
+# define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+/* Additional usage: Netscape */
+
+# define SN_ns_sgc "nsSGC"
+# define LN_ns_sgc "Netscape Server Gated Crypto"
+# define NID_ns_sgc 139
+# define OBJ_ns_sgc OBJ_netscape,4L,1L
+
+# define SN_delta_crl "deltaCRL"
+# define LN_delta_crl "X509v3 Delta CRL Indicator"
+# define NID_delta_crl 140
+# define OBJ_delta_crl OBJ_id_ce,27L
+
+# define SN_crl_reason "CRLReason"
+# define LN_crl_reason "CRL Reason Code"
+# define NID_crl_reason 141
+# define OBJ_crl_reason OBJ_id_ce,21L
+
+# define SN_invalidity_date "invalidityDate"
+# define LN_invalidity_date "Invalidity Date"
+# define NID_invalidity_date 142
+# define OBJ_invalidity_date OBJ_id_ce,24L
+
+# define SN_sxnet "SXNetID"
+# define LN_sxnet "Strong Extranet ID"
+# define NID_sxnet 143
+# define OBJ_sxnet 1L,3L,101L,1L,4L,1L
+
+/* PKCS12 and related OBJECT IDENTIFIERS */
+
+# define OBJ_pkcs12 OBJ_pkcs,12L
+# define OBJ_pkcs12_pbeids OBJ_pkcs12, 1
+
+# define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128"
+# define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4"
+# define NID_pbe_WithSHA1And128BitRC4 144
+# define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids, 1L
+
+# define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40"
+# define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4"
+# define NID_pbe_WithSHA1And40BitRC4 145
+# define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids, 2L
+
+# define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES"
+# define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC"
+# define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146
+# define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 3L
+
+# define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES"
+# define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC"
+# define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147
+# define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 4L
+
+# define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128"
+# define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC"
+# define NID_pbe_WithSHA1And128BitRC2_CBC 148
+# define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids, 5L
+
+# define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40"
+# define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC"
+# define NID_pbe_WithSHA1And40BitRC2_CBC 149
+# define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L
+
+# define OBJ_pkcs12_Version1 OBJ_pkcs12, 10L
+
+# define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1, 1L
+
+# define LN_keyBag "keyBag"
+# define NID_keyBag 150
+# define OBJ_keyBag OBJ_pkcs12_BagIds, 1L
+
+# define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag"
+# define NID_pkcs8ShroudedKeyBag 151
+# define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L
+
+# define LN_certBag "certBag"
+# define NID_certBag 152
+# define OBJ_certBag OBJ_pkcs12_BagIds, 3L
+
+# define LN_crlBag "crlBag"
+# define NID_crlBag 153
+# define OBJ_crlBag OBJ_pkcs12_BagIds, 4L
+
+# define LN_secretBag "secretBag"
+# define NID_secretBag 154
+# define OBJ_secretBag OBJ_pkcs12_BagIds, 5L
+
+# define LN_safeContentsBag "safeContentsBag"
+# define NID_safeContentsBag 155
+# define OBJ_safeContentsBag OBJ_pkcs12_BagIds, 6L
+
+# define LN_friendlyName "friendlyName"
+# define NID_friendlyName 156
+# define OBJ_friendlyName OBJ_pkcs9, 20L
+
+# define LN_localKeyID "localKeyID"
+# define NID_localKeyID 157
+# define OBJ_localKeyID OBJ_pkcs9, 21L
+
+# define OBJ_certTypes OBJ_pkcs9, 22L
+
+# define LN_x509Certificate "x509Certificate"
+# define NID_x509Certificate 158
+# define OBJ_x509Certificate OBJ_certTypes, 1L
+
+# define LN_sdsiCertificate "sdsiCertificate"
+# define NID_sdsiCertificate 159
+# define OBJ_sdsiCertificate OBJ_certTypes, 2L
+
+# define OBJ_crlTypes OBJ_pkcs9, 23L
+
+# define LN_x509Crl "x509Crl"
+# define NID_x509Crl 160
+# define OBJ_x509Crl OBJ_crlTypes, 1L
+
+/* PKCS#5 v2 OIDs */
+
+# define LN_pbes2 "PBES2"
+# define NID_pbes2 161
+# define OBJ_pbes2 OBJ_pkcs,5L,13L
+
+# define LN_pbmac1 "PBMAC1"
+# define NID_pbmac1 162
+# define OBJ_pbmac1 OBJ_pkcs,5L,14L
+
+# define LN_hmacWithSHA1 "hmacWithSHA1"
+# define NID_hmacWithSHA1 163
+# define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L
+
+/* Policy Qualifier Ids */
+
+# define LN_id_qt_cps "Policy Qualifier CPS"
+# define SN_id_qt_cps "id-qt-cps"
+# define NID_id_qt_cps 164
+# define OBJ_id_qt_cps OBJ_id_pkix,2L,1L
+
+# define LN_id_qt_unotice "Policy Qualifier User Notice"
+# define SN_id_qt_unotice "id-qt-unotice"
+# define NID_id_qt_unotice 165
+# define OBJ_id_qt_unotice OBJ_id_pkix,2L,2L
+
+# define SN_rc2_64_cbc "RC2-64-CBC"
+# define LN_rc2_64_cbc "rc2-64-cbc"
+# define NID_rc2_64_cbc 166
+
+# define SN_SMIMECapabilities "SMIME-CAPS"
+# define LN_SMIMECapabilities "S/MIME Capabilities"
+# define NID_SMIMECapabilities 167
+# define OBJ_SMIMECapabilities OBJ_pkcs9,15L
+
+# define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64"
+# define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC"
+# define NID_pbeWithMD2AndRC2_CBC 168
+# define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs,5L,4L
+
+# define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64"
+# define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC"
+# define NID_pbeWithMD5AndRC2_CBC 169
+# define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs,5L,6L
+
+# define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES"
+# define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC"
+# define NID_pbeWithSHA1AndDES_CBC 170
+# define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L
+
+/* Extension request OIDs */
+
+# define LN_ms_ext_req "Microsoft Extension Request"
+# define SN_ms_ext_req "msExtReq"
+# define NID_ms_ext_req 171
+# define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+
+# define LN_ext_req "Extension Request"
+# define SN_ext_req "extReq"
+# define NID_ext_req 172
+# define OBJ_ext_req OBJ_pkcs9,14L
+
+# define SN_name "name"
+# define LN_name "name"
+# define NID_name 173
+# define OBJ_name OBJ_X509,41L
+
+# define SN_dnQualifier "dnQualifier"
+# define LN_dnQualifier "dnQualifier"
+# define NID_dnQualifier 174
+# define OBJ_dnQualifier OBJ_X509,46L
+
+# define SN_id_pe "id-pe"
+# define NID_id_pe 175
+# define OBJ_id_pe OBJ_id_pkix,1L
+
+# define SN_id_ad "id-ad"
+# define NID_id_ad 176
+# define OBJ_id_ad OBJ_id_pkix,48L
+
+# define SN_info_access "authorityInfoAccess"
+# define LN_info_access "Authority Information Access"
+# define NID_info_access 177
+# define OBJ_info_access OBJ_id_pe,1L
+
+# define SN_ad_OCSP "OCSP"
+# define LN_ad_OCSP "OCSP"
+# define NID_ad_OCSP 178
+# define OBJ_ad_OCSP OBJ_id_ad,1L
+
+# define SN_ad_ca_issuers "caIssuers"
+# define LN_ad_ca_issuers "CA Issuers"
+# define NID_ad_ca_issuers 179
+# define OBJ_ad_ca_issuers OBJ_id_ad,2L
+
+# define SN_OCSP_sign "OCSPSigning"
+# define LN_OCSP_sign "OCSP Signing"
+# define NID_OCSP_sign 180
+# define OBJ_OCSP_sign OBJ_id_kp,9L
+# endif /* USE_OBJ_MAC */
+
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+
+# define OBJ_NAME_TYPE_UNDEF 0x00
+# define OBJ_NAME_TYPE_MD_METH 0x01
+# define OBJ_NAME_TYPE_CIPHER_METH 0x02
+# define OBJ_NAME_TYPE_PKEY_METH 0x03
+# define OBJ_NAME_TYPE_COMP_METH 0x04
+# define OBJ_NAME_TYPE_NUM 0x05
+
+# define OBJ_NAME_ALIAS 0x8000
+
+# define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01
+# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct obj_name_st {
+ int type;
+ int alias;
+ const char *name;
+ const char *data;
+} OBJ_NAME;
+
+# define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
+
+int OBJ_NAME_init(void);
+int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
+ int (*cmp_func) (const char *, const char *),
+ void (*free_func) (const char *, int, const char *));
+const char *OBJ_NAME_get(const char *name, int type);
+int OBJ_NAME_add(const char *name, int type, const char *data);
+int OBJ_NAME_remove(const char *name, int type);
+void OBJ_NAME_cleanup(int type); /* -1 for everything */
+void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
+ void *arg);
+void OBJ_NAME_do_all_sorted(int type,
+ void (*fn) (const OBJ_NAME *, void *arg),
+ void *arg);
+
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
+ASN1_OBJECT *OBJ_nid2obj(int n);
+const char *OBJ_nid2ln(int n);
+const char *OBJ_nid2sn(int n);
+int OBJ_obj2nid(const ASN1_OBJECT *o);
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+int OBJ_txt2nid(const char *s);
+int OBJ_ln2nid(const char *s);
+int OBJ_sn2nid(const char *s);
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
+const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
+ int (*cmp) (const void *, const void *));
+const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
+ int size, int (*cmp) (const void *, const void *),
+ int flags);
+
+int OBJ_new_nid(int num);
+int OBJ_add_object(const ASN1_OBJECT *obj);
+int OBJ_create(const char *oid, const char *sn, const char *ln);
+void OBJ_cleanup(void);
+int OBJ_create_objects(BIO *in);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_OBJ_strings(void);
+
+/* Error codes for the OBJ functions. */
+
+/* Function codes. */
+# define OBJ_F_OBJ_ADD_OBJECT 105
+# define OBJ_F_OBJ_CREATE 100
+# define OBJ_F_OBJ_DUP 101
+# define OBJ_F_OBJ_NAME_NEW_INDEX 106
+# define OBJ_F_OBJ_NID2LN 102
+# define OBJ_F_OBJ_NID2OBJ 103
+# define OBJ_F_OBJ_NID2SN 104
+
+/* Reason codes. */
+# define OBJ_R_MALLOC_FAILURE 100
+# define OBJ_R_UNKNOWN_NID 101
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.pl
===================================================================
--- vendor-crypto/openssl/dist/crypto/objects/objects.pl 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.pl 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,229 +0,0 @@
-#!/usr/local/bin/perl
-
-open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]";
-$max_nid=0;
-$o=0;
-while(<NUMIN>)
- {
- chop;
- $o++;
- s/#.*$//;
- next if /^\s*$/;
- $_ = 'X'.$_;
- ($Cname,$mynum) = split;
- $Cname =~ s/^X//;
- if (defined($nidn{$mynum}))
- { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }
- $nid{$Cname} = $mynum;
- $nidn{$mynum} = $Cname;
- $order{$mynum} = $o;
- $max_nid = $mynum if $mynum > $max_nid;
- }
-close NUMIN;
-
-open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
-$Cname="";
-$o=0;
-while (<IN>)
- {
- chop;
- $o++;
- if (/^!module\s+(.*)$/)
- {
- $module = $1."-";
- $module =~ s/\./_/g;
- $module =~ s/-/_/g;
- }
- if (/^!global$/)
- { $module = ""; }
- if (/^!Cname\s+(.*)$/)
- { $Cname = $1; }
- if (/^!Alias\s+(.+?)\s+(.*)$/)
- {
- $Cname = $module.$1;
- $myoid = $2;
- $myoid = &process_oid($myoid);
- $Cname =~ s/-/_/g;
- $ordern{$o} = $Cname;
- $order{$Cname} = $o;
- $obj{$Cname} = $myoid;
- $_ = "";
- $Cname = "";
- }
- s/!.*$//;
- s/#.*$//;
- next if /^\s*$/;
- ($myoid,$mysn,$myln) = split ':';
- $mysn =~ s/^\s*//;
- $mysn =~ s/\s*$//;
- $myln =~ s/^\s*//;
- $myln =~ s/\s*$//;
- $myoid =~ s/^\s*//;
- $myoid =~ s/\s*$//;
- if ($myoid ne "")
- {
- $myoid = &process_oid($myoid);
- }
-
- if ($Cname eq "" && !($myln =~ / /))
- {
- $Cname = $myln;
- $Cname =~ s/\./_/g;
- $Cname =~ s/-/_/g;
- if ($Cname ne "" && defined($ln{$module.$Cname}))
- { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
- }
- if ($Cname eq "")
- {
- $Cname = $mysn;
- $Cname =~ s/-/_/g;
- if ($Cname ne "" && defined($sn{$module.$Cname}))
- { die "objects.txt:$o:There's already an object with short name ",$sn{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
- }
- if ($Cname eq "")
- {
- $Cname = $myln;
- $Cname =~ s/-/_/g;
- $Cname =~ s/\./_/g;
- $Cname =~ s/ /_/g;
- if ($Cname ne "" && defined($ln{$module.$Cname}))
- { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
- }
- $Cname =~ s/\./_/g;
- $Cname =~ s/-/_/g;
- $Cname = $module.$Cname;
- $ordern{$o} = $Cname;
- $order{$Cname} = $o;
- $sn{$Cname} = $mysn;
- $ln{$Cname} = $myln;
- $obj{$Cname} = $myoid;
- if (!defined($nid{$Cname}))
- {
- $max_nid++;
- $nid{$Cname} = $max_nid;
- $nidn{$max_nid} = $Cname;
- }
- $Cname="";
- }
-close IN;
-
-open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
-foreach (sort { $a <=> $b } keys %nidn)
- {
- print NUMOUT $nidn{$_},"\t\t",$_,"\n";
- }
-close NUMOUT;
-
-open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
-print OUT <<'EOF';
-/* crypto/objects/obj_mac.h */
-
-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
- * following command:
- * perl objects.pl objects.txt obj_mac.num obj_mac.h
- */
-
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define SN_undef "UNDEF"
-#define LN_undef "undefined"
-#define NID_undef 0
-#define OBJ_undef 0L
-
-EOF
-
-foreach (sort { $a <=> $b } keys %ordern)
- {
- $Cname=$ordern{$_};
- print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne "";
- print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne "";
- print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne "";
- print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne "";
- print OUT "\n";
- }
-
-close OUT;
-
-sub process_oid
- {
- local($oid)=@_;
- local(@a,$oid_pref);
-
- @a = split(/\s+/,$myoid);
- $pref_oid = "";
- $pref_sep = "";
- if (!($a[0] =~ /^[0-9]+$/))
- {
- $a[0] =~ s/-/_/g;
- if (!defined($obj{$a[0]}))
- { die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; }
- $pref_oid = "OBJ_" . $a[0];
- $pref_sep = ",";
- shift @a;
- }
- $oids = join('L,', at a) . "L";
- if ($oids ne "L")
- {
- $oids = $pref_oid . $pref_sep . $oids;
- }
- else
- {
- $oids = $pref_oid;
- }
- return($oids);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.pl (from rev 6976, vendor-crypto/openssl/dist/crypto/objects/objects.pl)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.pl (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/objects/objects.pl 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,237 @@
+#!/usr/local/bin/perl
+
+open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]";
+$max_nid=0;
+$o=0;
+while(<NUMIN>)
+ {
+ chop;
+ $o++;
+ s/#.*$//;
+ next if /^\s*$/;
+ $_ = 'X'.$_;
+ ($Cname,$mynum) = split;
+ $Cname =~ s/^X//;
+ if (defined($nidn{$mynum}))
+ { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }
+ $nid{$Cname} = $mynum;
+ $nidn{$mynum} = $Cname;
+ $order{$mynum} = $o;
+ $max_nid = $mynum if $mynum > $max_nid;
+ }
+close NUMIN;
+
+open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
+$Cname="";
+$o=0;
+while (<IN>)
+ {
+ chop;
+ $o++;
+ if (/^!module\s+(.*)$/)
+ {
+ $module = $1."-";
+ $module =~ s/\./_/g;
+ $module =~ s/-/_/g;
+ }
+ if (/^!global$/)
+ { $module = ""; }
+ if (/^!Cname\s+(.*)$/)
+ { $Cname = $1; }
+ if (/^!Alias\s+(.+?)\s+(.*)$/)
+ {
+ $Cname = $module.$1;
+ $myoid = $2;
+ $myoid = &process_oid($myoid);
+ $Cname =~ s/-/_/g;
+ $ordern{$o} = $Cname;
+ $order{$Cname} = $o;
+ $obj{$Cname} = $myoid;
+ $_ = "";
+ $Cname = "";
+ }
+ s/!.*$//;
+ s/#.*$//;
+ next if /^\s*$/;
+ ($myoid,$mysn,$myln) = split ':';
+ $mysn =~ s/^\s*//;
+ $mysn =~ s/\s*$//;
+ $myln =~ s/^\s*//;
+ $myln =~ s/\s*$//;
+ $myoid =~ s/^\s*//;
+ $myoid =~ s/\s*$//;
+ if ($myoid ne "")
+ {
+ $myoid = &process_oid($myoid);
+ }
+
+ if ($Cname eq "" && !($myln =~ / /))
+ {
+ $Cname = $myln;
+ $Cname =~ s/\./_/g;
+ $Cname =~ s/-/_/g;
+ if ($Cname ne "" && defined($ln{$module.$Cname}))
+ { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+ }
+ if ($Cname eq "")
+ {
+ $Cname = $mysn;
+ $Cname =~ s/-/_/g;
+ if ($Cname ne "" && defined($sn{$module.$Cname}))
+ { die "objects.txt:$o:There's already an object with short name ",$sn{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+ }
+ if ($Cname eq "")
+ {
+ $Cname = $myln;
+ $Cname =~ s/-/_/g;
+ $Cname =~ s/\./_/g;
+ $Cname =~ s/ /_/g;
+ if ($Cname ne "" && defined($ln{$module.$Cname}))
+ { die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+ }
+ $Cname =~ s/\./_/g;
+ $Cname =~ s/-/_/g;
+ $Cname = $module.$Cname;
+ $ordern{$o} = $Cname;
+ $order{$Cname} = $o;
+ $sn{$Cname} = $mysn;
+ $ln{$Cname} = $myln;
+ $obj{$Cname} = $myoid;
+ if (!defined($nid{$Cname}))
+ {
+ $max_nid++;
+ $nid{$Cname} = $max_nid;
+ $nidn{$max_nid} = $Cname;
+ }
+ $Cname="";
+ }
+close IN;
+
+open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
+foreach (sort { $a <=> $b } keys %nidn)
+ {
+ print NUMOUT $nidn{$_},"\t\t",$_,"\n";
+ }
+close NUMOUT;
+
+open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
+print OUT <<'EOF';
+/* crypto/objects/obj_mac.h */
+
+/*
+ * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following
+ * command: perl objects.pl objects.txt obj_mac.num obj_mac.h
+ */
+
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define SN_undef "UNDEF"
+#define LN_undef "undefined"
+#define NID_undef 0
+#define OBJ_undef 0L
+EOF
+
+sub expand
+ {
+ my $string = shift;
+
+ 1 while $string =~ s/\t+/' ' x (length($&) * 8 - length($`) % 8)/e;
+
+ return $string;
+ }
+
+foreach (sort { $a <=> $b } keys %ordern)
+ {
+ $Cname=$ordern{$_};
+ print OUT "\n";
+ print OUT expand("#define SN_$Cname\t\t\"$sn{$Cname}\"\n") if $sn{$Cname} ne "";
+ print OUT expand("#define LN_$Cname\t\t\"$ln{$Cname}\"\n") if $ln{$Cname} ne "";
+ print OUT expand("#define NID_$Cname\t\t$nid{$Cname}\n") if $nid{$Cname} ne "";
+ print OUT expand("#define OBJ_$Cname\t\t$obj{$Cname}\n") if $obj{$Cname} ne "";
+ }
+
+close OUT;
+
+sub process_oid
+ {
+ local($oid)=@_;
+ local(@a,$oid_pref);
+
+ @a = split(/\s+/,$myoid);
+ $pref_oid = "";
+ $pref_sep = "";
+ if (!($a[0] =~ /^[0-9]+$/))
+ {
+ $a[0] =~ s/-/_/g;
+ if (!defined($obj{$a[0]}))
+ { die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; }
+ $pref_oid = "OBJ_" . $a[0];
+ $pref_sep = ",";
+ shift @a;
+ }
+ $oids = join('L,', at a) . "L";
+ if ($oids ne "L")
+ {
+ $oids = $pref_oid . $pref_sep . $oids;
+ }
+ else
+ {
+ $oids = $pref_oid;
+ }
+ return($oids);
+ }
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ocsp/ocsp.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,623 +0,0 @@
-/* ocsp.h */
-/* Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
- * project. */
-
-/* History:
- This file was transfered to Richard Levitte from CertCo by Kathy
- Weinhold in mid-spring 2000 to be included in OpenSSL or released
- as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_OCSP_H
-#define HEADER_OCSP_H
-
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/safestack.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Various flags and values */
-
-#define OCSP_DEFAULT_NONCE_LENGTH 16
-
-#define OCSP_NOCERTS 0x1
-#define OCSP_NOINTERN 0x2
-#define OCSP_NOSIGS 0x4
-#define OCSP_NOCHAIN 0x8
-#define OCSP_NOVERIFY 0x10
-#define OCSP_NOEXPLICIT 0x20
-#define OCSP_NOCASIGN 0x40
-#define OCSP_NODELEGATED 0x80
-#define OCSP_NOCHECKS 0x100
-#define OCSP_TRUSTOTHER 0x200
-#define OCSP_RESPID_KEY 0x400
-#define OCSP_NOTIME 0x800
-
-/* CertID ::= SEQUENCE {
- * hashAlgorithm AlgorithmIdentifier,
- * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
- * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
- * serialNumber CertificateSerialNumber }
- */
-typedef struct ocsp_cert_id_st
- {
- X509_ALGOR *hashAlgorithm;
- ASN1_OCTET_STRING *issuerNameHash;
- ASN1_OCTET_STRING *issuerKeyHash;
- ASN1_INTEGER *serialNumber;
- } OCSP_CERTID;
-
-DECLARE_STACK_OF(OCSP_CERTID)
-
-/* Request ::= SEQUENCE {
- * reqCert CertID,
- * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_one_request_st
- {
- OCSP_CERTID *reqCert;
- STACK_OF(X509_EXTENSION) *singleRequestExtensions;
- } OCSP_ONEREQ;
-
-DECLARE_STACK_OF(OCSP_ONEREQ)
-DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
-
-
-/* TBSRequest ::= SEQUENCE {
- * version [0] EXPLICIT Version DEFAULT v1,
- * requestorName [1] EXPLICIT GeneralName OPTIONAL,
- * requestList SEQUENCE OF Request,
- * requestExtensions [2] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_req_info_st
- {
- ASN1_INTEGER *version;
- GENERAL_NAME *requestorName;
- STACK_OF(OCSP_ONEREQ) *requestList;
- STACK_OF(X509_EXTENSION) *requestExtensions;
- } OCSP_REQINFO;
-
-/* Signature ::= SEQUENCE {
- * signatureAlgorithm AlgorithmIdentifier,
- * signature BIT STRING,
- * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
-typedef struct ocsp_signature_st
- {
- X509_ALGOR *signatureAlgorithm;
- ASN1_BIT_STRING *signature;
- STACK_OF(X509) *certs;
- } OCSP_SIGNATURE;
-
-/* OCSPRequest ::= SEQUENCE {
- * tbsRequest TBSRequest,
- * optionalSignature [0] EXPLICIT Signature OPTIONAL }
- */
-typedef struct ocsp_request_st
- {
- OCSP_REQINFO *tbsRequest;
- OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
- } OCSP_REQUEST;
-
-/* OCSPResponseStatus ::= ENUMERATED {
- * successful (0), --Response has valid confirmations
- * malformedRequest (1), --Illegal confirmation request
- * internalError (2), --Internal error in issuer
- * tryLater (3), --Try again later
- * --(4) is not used
- * sigRequired (5), --Must sign the request
- * unauthorized (6) --Request unauthorized
- * }
- */
-#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
-#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
-#define OCSP_RESPONSE_STATUS_INTERNALERROR 2
-#define OCSP_RESPONSE_STATUS_TRYLATER 3
-#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
-#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
-
-/* ResponseBytes ::= SEQUENCE {
- * responseType OBJECT IDENTIFIER,
- * response OCTET STRING }
- */
-typedef struct ocsp_resp_bytes_st
- {
- ASN1_OBJECT *responseType;
- ASN1_OCTET_STRING *response;
- } OCSP_RESPBYTES;
-
-/* OCSPResponse ::= SEQUENCE {
- * responseStatus OCSPResponseStatus,
- * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
- */
-struct ocsp_response_st
- {
- ASN1_ENUMERATED *responseStatus;
- OCSP_RESPBYTES *responseBytes;
- };
-
-/* ResponderID ::= CHOICE {
- * byName [1] Name,
- * byKey [2] KeyHash }
- */
-#define V_OCSP_RESPID_NAME 0
-#define V_OCSP_RESPID_KEY 1
-struct ocsp_responder_id_st
- {
- int type;
- union {
- X509_NAME* byName;
- ASN1_OCTET_STRING *byKey;
- } value;
- };
-
-DECLARE_STACK_OF(OCSP_RESPID)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
-
-/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
- * --(excluding the tag and length fields)
- */
-
-/* RevokedInfo ::= SEQUENCE {
- * revocationTime GeneralizedTime,
- * revocationReason [0] EXPLICIT CRLReason OPTIONAL }
- */
-typedef struct ocsp_revoked_info_st
- {
- ASN1_GENERALIZEDTIME *revocationTime;
- ASN1_ENUMERATED *revocationReason;
- } OCSP_REVOKEDINFO;
-
-/* CertStatus ::= CHOICE {
- * good [0] IMPLICIT NULL,
- * revoked [1] IMPLICIT RevokedInfo,
- * unknown [2] IMPLICIT UnknownInfo }
- */
-#define V_OCSP_CERTSTATUS_GOOD 0
-#define V_OCSP_CERTSTATUS_REVOKED 1
-#define V_OCSP_CERTSTATUS_UNKNOWN 2
-typedef struct ocsp_cert_status_st
- {
- int type;
- union {
- ASN1_NULL *good;
- OCSP_REVOKEDINFO *revoked;
- ASN1_NULL *unknown;
- } value;
- } OCSP_CERTSTATUS;
-
-/* SingleResponse ::= SEQUENCE {
- * certID CertID,
- * certStatus CertStatus,
- * thisUpdate GeneralizedTime,
- * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
- * singleExtensions [1] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_single_response_st
- {
- OCSP_CERTID *certId;
- OCSP_CERTSTATUS *certStatus;
- ASN1_GENERALIZEDTIME *thisUpdate;
- ASN1_GENERALIZEDTIME *nextUpdate;
- STACK_OF(X509_EXTENSION) *singleExtensions;
- } OCSP_SINGLERESP;
-
-DECLARE_STACK_OF(OCSP_SINGLERESP)
-DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
-
-/* ResponseData ::= SEQUENCE {
- * version [0] EXPLICIT Version DEFAULT v1,
- * responderID ResponderID,
- * producedAt GeneralizedTime,
- * responses SEQUENCE OF SingleResponse,
- * responseExtensions [1] EXPLICIT Extensions OPTIONAL }
- */
-typedef struct ocsp_response_data_st
- {
- ASN1_INTEGER *version;
- OCSP_RESPID *responderId;
- ASN1_GENERALIZEDTIME *producedAt;
- STACK_OF(OCSP_SINGLERESP) *responses;
- STACK_OF(X509_EXTENSION) *responseExtensions;
- } OCSP_RESPDATA;
-
-/* BasicOCSPResponse ::= SEQUENCE {
- * tbsResponseData ResponseData,
- * signatureAlgorithm AlgorithmIdentifier,
- * signature BIT STRING,
- * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
- */
- /* Note 1:
- The value for "signature" is specified in the OCSP rfc2560 as follows:
- "The value for the signature SHALL be computed on the hash of the DER
- encoding ResponseData." This means that you must hash the DER-encoded
- tbsResponseData, and then run it through a crypto-signing function, which
- will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems
- a bit odd, but that's the spec. Also note that the data structures do not
- leave anywhere to independently specify the algorithm used for the initial
- hash. So, we look at the signature-specification algorithm, and try to do
- something intelligent. -- Kathy Weinhold, CertCo */
- /* Note 2:
- It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
- for interpretation. I've done tests against another responder, and found
- that it doesn't do the double hashing that the RFC seems to say one
- should. Therefore, all relevant functions take a flag saying which
- variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */
-typedef struct ocsp_basic_response_st
- {
- OCSP_RESPDATA *tbsResponseData;
- X509_ALGOR *signatureAlgorithm;
- ASN1_BIT_STRING *signature;
- STACK_OF(X509) *certs;
- } OCSP_BASICRESP;
-
-/*
- * CRLReason ::= ENUMERATED {
- * unspecified (0),
- * keyCompromise (1),
- * cACompromise (2),
- * affiliationChanged (3),
- * superseded (4),
- * cessationOfOperation (5),
- * certificateHold (6),
- * removeFromCRL (8) }
- */
-#define OCSP_REVOKED_STATUS_NOSTATUS -1
-#define OCSP_REVOKED_STATUS_UNSPECIFIED 0
-#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
-#define OCSP_REVOKED_STATUS_CACOMPROMISE 2
-#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3
-#define OCSP_REVOKED_STATUS_SUPERSEDED 4
-#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
-#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
-#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
-
-/* CrlID ::= SEQUENCE {
- * crlUrl [0] EXPLICIT IA5String OPTIONAL,
- * crlNum [1] EXPLICIT INTEGER OPTIONAL,
- * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL }
- */
-typedef struct ocsp_crl_id_st
- {
- ASN1_IA5STRING *crlUrl;
- ASN1_INTEGER *crlNum;
- ASN1_GENERALIZEDTIME *crlTime;
- } OCSP_CRLID;
-
-/* ServiceLocator ::= SEQUENCE {
- * issuer Name,
- * locator AuthorityInfoAccessSyntax OPTIONAL }
- */
-typedef struct ocsp_service_locator_st
- {
- X509_NAME* issuer;
- STACK_OF(ACCESS_DESCRIPTION) *locator;
- } OCSP_SERVICELOC;
-
-#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
-#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
-
-#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
-
-#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
-
-#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
-
-#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
- (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
-
-#define PEM_write_bio_OCSP_REQUEST(bp,o) \
- PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
- bp,(char *)o, NULL,NULL,0,NULL,NULL)
-
-#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
- PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
- bp,(char *)o, NULL,NULL,0,NULL,NULL)
-
-#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
-
-#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
-
-#define OCSP_REQUEST_sign(o,pkey,md) \
- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
- o->optionalSignature->signatureAlgorithm,NULL,\
- o->optionalSignature->signature,o->tbsRequest,pkey,md)
-
-#define OCSP_BASICRESP_sign(o,pkey,md,d) \
- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
- o->signature,o->tbsResponseData,pkey,md)
-
-#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
- a->optionalSignature->signatureAlgorithm,\
- a->optionalSignature->signature,a->tbsRequest,r)
-
-#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
- a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
-
-#define ASN1_BIT_STRING_digest(data,type,md,len) \
- ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
-
-#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
-
-#define OCSP_CERTSTATUS_dup(cs)\
- (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
- (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
-
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
- int maxline);
-int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
-void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
-
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
-
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
- X509_NAME *issuerName,
- ASN1_BIT_STRING* issuerKey,
- ASN1_INTEGER *serialNumber);
-
-OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
-
-int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
-int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
-int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
-int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
-
-int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
-int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
-
-int OCSP_request_sign(OCSP_REQUEST *req,
- X509 *signer,
- EVP_PKEY *key,
- const EVP_MD *dgst,
- STACK_OF(X509) *certs,
- unsigned long flags);
-
-int OCSP_response_status(OCSP_RESPONSE *resp);
-OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
-
-int OCSP_resp_count(OCSP_BASICRESP *bs);
-OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
-int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
-int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
- ASN1_GENERALIZEDTIME **revtime,
- ASN1_GENERALIZEDTIME **thisupd,
- ASN1_GENERALIZEDTIME **nextupd);
-int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
- int *reason,
- ASN1_GENERALIZEDTIME **revtime,
- ASN1_GENERALIZEDTIME **thisupd,
- ASN1_GENERALIZEDTIME **nextupd);
-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
- ASN1_GENERALIZEDTIME *nextupd,
- long sec, long maxsec);
-
-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);
-
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);
-
-int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
-int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
-
-int OCSP_request_onereq_count(OCSP_REQUEST *req);
-OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
-OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
- ASN1_OCTET_STRING **pikeyHash,
- ASN1_INTEGER **pserial, OCSP_CERTID *cid);
-int OCSP_request_is_signed(OCSP_REQUEST *req);
-OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
-OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
- OCSP_CERTID *cid,
- int status, int reason,
- ASN1_TIME *revtime,
- ASN1_TIME *thisupd, ASN1_TIME *nextupd);
-int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
-int OCSP_basic_sign(OCSP_BASICRESP *brsp,
- X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
- STACK_OF(X509) *certs, unsigned long flags);
-
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
- void *data, STACK_OF(ASN1_OBJECT) *sk);
-#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
- ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)
-
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
-
-X509_EXTENSION *OCSP_accept_responses_new(char **oids);
-
-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
-
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
-
-int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
-int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
-X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);
-int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
- unsigned long flags);
-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
-int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
-X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
-int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
- unsigned long flags);
-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
-int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
-X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);
-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
- unsigned long flags);
-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
-
-int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
-int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);
-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);
-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
-X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);
-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
- unsigned long flags);
-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
-
-DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
-DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
-DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
-DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
-DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
-DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
-DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
-DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
-DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
-DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
-DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
-
-char *OCSP_response_status_str(long s);
-char *OCSP_cert_status_str(long s);
-char *OCSP_crl_reason_str(long s);
-
-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
-
-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
- X509_STORE *st, unsigned long flags);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_OCSP_strings(void);
-
-/* Error codes for the OCSP functions. */
-
-/* Function codes. */
-#define OCSP_F_ASN1_STRING_ENCODE 100
-#define OCSP_F_D2I_OCSP_NONCE 102
-#define OCSP_F_OCSP_BASIC_ADD1_STATUS 103
-#define OCSP_F_OCSP_BASIC_SIGN 104
-#define OCSP_F_OCSP_BASIC_VERIFY 105
-#define OCSP_F_OCSP_CERT_ID_NEW 101
-#define OCSP_F_OCSP_CHECK_DELEGATED 106
-#define OCSP_F_OCSP_CHECK_IDS 107
-#define OCSP_F_OCSP_CHECK_ISSUER 108
-#define OCSP_F_OCSP_CHECK_VALIDITY 115
-#define OCSP_F_OCSP_MATCH_ISSUERID 109
-#define OCSP_F_OCSP_PARSE_URL 114
-#define OCSP_F_OCSP_REQUEST_SIGN 110
-#define OCSP_F_OCSP_REQUEST_VERIFY 116
-#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
-#define OCSP_F_OCSP_SENDREQ_BIO 112
-#define OCSP_F_PARSE_HTTP_LINE1 117
-#define OCSP_F_REQUEST_VERIFY 113
-
-/* Reason codes. */
-#define OCSP_R_BAD_DATA 100
-#define OCSP_R_CERTIFICATE_VERIFY_ERROR 101
-#define OCSP_R_DIGEST_ERR 102
-#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122
-#define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123
-#define OCSP_R_ERROR_PARSING_URL 121
-#define OCSP_R_MISSING_OCSPSIGNING_USAGE 103
-#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124
-#define OCSP_R_NOT_BASIC_RESPONSE 104
-#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105
-#define OCSP_R_NO_CONTENT 106
-#define OCSP_R_NO_PUBLIC_KEY 107
-#define OCSP_R_NO_RESPONSE_DATA 108
-#define OCSP_R_NO_REVOKED_TIME 109
-#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110
-#define OCSP_R_REQUEST_NOT_SIGNED 128
-#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111
-#define OCSP_R_ROOT_CA_NOT_TRUSTED 112
-#define OCSP_R_SERVER_READ_ERROR 113
-#define OCSP_R_SERVER_RESPONSE_ERROR 114
-#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115
-#define OCSP_R_SERVER_WRITE_ERROR 116
-#define OCSP_R_SIGNATURE_FAILURE 117
-#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118
-#define OCSP_R_STATUS_EXPIRED 125
-#define OCSP_R_STATUS_NOT_YET_VALID 126
-#define OCSP_R_STATUS_TOO_OLD 127
-#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119
-#define OCSP_R_UNKNOWN_NID 120
-#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ocsp/ocsp.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,626 @@
+/* ocsp.h */
+/*
+ * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
+ * project.
+ */
+
+/*
+ * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
+ * patch kit.
+ */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_OCSP_H
+# define HEADER_OCSP_H
+
+# include <openssl/x509.h>
+# include <openssl/x509v3.h>
+# include <openssl/safestack.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Various flags and values */
+
+# define OCSP_DEFAULT_NONCE_LENGTH 16
+
+# define OCSP_NOCERTS 0x1
+# define OCSP_NOINTERN 0x2
+# define OCSP_NOSIGS 0x4
+# define OCSP_NOCHAIN 0x8
+# define OCSP_NOVERIFY 0x10
+# define OCSP_NOEXPLICIT 0x20
+# define OCSP_NOCASIGN 0x40
+# define OCSP_NODELEGATED 0x80
+# define OCSP_NOCHECKS 0x100
+# define OCSP_TRUSTOTHER 0x200
+# define OCSP_RESPID_KEY 0x400
+# define OCSP_NOTIME 0x800
+
+/*- CertID ::= SEQUENCE {
+ * hashAlgorithm AlgorithmIdentifier,
+ * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
+ * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
+ * serialNumber CertificateSerialNumber }
+ */
+typedef struct ocsp_cert_id_st {
+ X509_ALGOR *hashAlgorithm;
+ ASN1_OCTET_STRING *issuerNameHash;
+ ASN1_OCTET_STRING *issuerKeyHash;
+ ASN1_INTEGER *serialNumber;
+} OCSP_CERTID;
+
+DECLARE_STACK_OF(OCSP_CERTID)
+
+/*- Request ::= SEQUENCE {
+ * reqCert CertID,
+ * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_one_request_st {
+ OCSP_CERTID *reqCert;
+ STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+} OCSP_ONEREQ;
+
+DECLARE_STACK_OF(OCSP_ONEREQ)
+DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
+
+/*- TBSRequest ::= SEQUENCE {
+ * version [0] EXPLICIT Version DEFAULT v1,
+ * requestorName [1] EXPLICIT GeneralName OPTIONAL,
+ * requestList SEQUENCE OF Request,
+ * requestExtensions [2] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_req_info_st {
+ ASN1_INTEGER *version;
+ GENERAL_NAME *requestorName;
+ STACK_OF(OCSP_ONEREQ) *requestList;
+ STACK_OF(X509_EXTENSION) *requestExtensions;
+} OCSP_REQINFO;
+
+/*- Signature ::= SEQUENCE {
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signature BIT STRING,
+ * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+typedef struct ocsp_signature_st {
+ X509_ALGOR *signatureAlgorithm;
+ ASN1_BIT_STRING *signature;
+ STACK_OF(X509) *certs;
+} OCSP_SIGNATURE;
+
+/*- OCSPRequest ::= SEQUENCE {
+ * tbsRequest TBSRequest,
+ * optionalSignature [0] EXPLICIT Signature OPTIONAL }
+ */
+typedef struct ocsp_request_st {
+ OCSP_REQINFO *tbsRequest;
+ OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
+} OCSP_REQUEST;
+
+/*- OCSPResponseStatus ::= ENUMERATED {
+ * successful (0), --Response has valid confirmations
+ * malformedRequest (1), --Illegal confirmation request
+ * internalError (2), --Internal error in issuer
+ * tryLater (3), --Try again later
+ * --(4) is not used
+ * sigRequired (5), --Must sign the request
+ * unauthorized (6) --Request unauthorized
+ * }
+ */
+# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0
+# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
+# define OCSP_RESPONSE_STATUS_INTERNALERROR 2
+# define OCSP_RESPONSE_STATUS_TRYLATER 3
+# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
+# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
+
+/*- ResponseBytes ::= SEQUENCE {
+ * responseType OBJECT IDENTIFIER,
+ * response OCTET STRING }
+ */
+typedef struct ocsp_resp_bytes_st {
+ ASN1_OBJECT *responseType;
+ ASN1_OCTET_STRING *response;
+} OCSP_RESPBYTES;
+
+/*- OCSPResponse ::= SEQUENCE {
+ * responseStatus OCSPResponseStatus,
+ * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
+ */
+struct ocsp_response_st {
+ ASN1_ENUMERATED *responseStatus;
+ OCSP_RESPBYTES *responseBytes;
+};
+
+/*- ResponderID ::= CHOICE {
+ * byName [1] Name,
+ * byKey [2] KeyHash }
+ */
+# define V_OCSP_RESPID_NAME 0
+# define V_OCSP_RESPID_KEY 1
+struct ocsp_responder_id_st {
+ int type;
+ union {
+ X509_NAME *byName;
+ ASN1_OCTET_STRING *byKey;
+ } value;
+};
+
+DECLARE_STACK_OF(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+
+/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ * --(excluding the tag and length fields)
+ */
+
+/*- RevokedInfo ::= SEQUENCE {
+ * revocationTime GeneralizedTime,
+ * revocationReason [0] EXPLICIT CRLReason OPTIONAL }
+ */
+typedef struct ocsp_revoked_info_st {
+ ASN1_GENERALIZEDTIME *revocationTime;
+ ASN1_ENUMERATED *revocationReason;
+} OCSP_REVOKEDINFO;
+
+/*- CertStatus ::= CHOICE {
+ * good [0] IMPLICIT NULL,
+ * revoked [1] IMPLICIT RevokedInfo,
+ * unknown [2] IMPLICIT UnknownInfo }
+ */
+# define V_OCSP_CERTSTATUS_GOOD 0
+# define V_OCSP_CERTSTATUS_REVOKED 1
+# define V_OCSP_CERTSTATUS_UNKNOWN 2
+typedef struct ocsp_cert_status_st {
+ int type;
+ union {
+ ASN1_NULL *good;
+ OCSP_REVOKEDINFO *revoked;
+ ASN1_NULL *unknown;
+ } value;
+} OCSP_CERTSTATUS;
+
+/*- SingleResponse ::= SEQUENCE {
+ * certID CertID,
+ * certStatus CertStatus,
+ * thisUpdate GeneralizedTime,
+ * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
+ * singleExtensions [1] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_single_response_st {
+ OCSP_CERTID *certId;
+ OCSP_CERTSTATUS *certStatus;
+ ASN1_GENERALIZEDTIME *thisUpdate;
+ ASN1_GENERALIZEDTIME *nextUpdate;
+ STACK_OF(X509_EXTENSION) *singleExtensions;
+} OCSP_SINGLERESP;
+
+DECLARE_STACK_OF(OCSP_SINGLERESP)
+DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
+
+/*- ResponseData ::= SEQUENCE {
+ * version [0] EXPLICIT Version DEFAULT v1,
+ * responderID ResponderID,
+ * producedAt GeneralizedTime,
+ * responses SEQUENCE OF SingleResponse,
+ * responseExtensions [1] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_response_data_st {
+ ASN1_INTEGER *version;
+ OCSP_RESPID *responderId;
+ ASN1_GENERALIZEDTIME *producedAt;
+ STACK_OF(OCSP_SINGLERESP) *responses;
+ STACK_OF(X509_EXTENSION) *responseExtensions;
+} OCSP_RESPDATA;
+
+/*- BasicOCSPResponse ::= SEQUENCE {
+ * tbsResponseData ResponseData,
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signature BIT STRING,
+ * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+ /*
+ * Note 1: The value for "signature" is specified in the OCSP rfc2560 as
+ * follows: "The value for the signature SHALL be computed on the hash of
+ * the DER encoding ResponseData." This means that you must hash the
+ * DER-encoded tbsResponseData, and then run it through a crypto-signing
+ * function, which will (at least w/RSA) do a hash-'n'-private-encrypt
+ * operation. This seems a bit odd, but that's the spec. Also note that
+ * the data structures do not leave anywhere to independently specify the
+ * algorithm used for the initial hash. So, we look at the
+ * signature-specification algorithm, and try to do something intelligent.
+ * -- Kathy Weinhold, CertCo
+ */
+ /*
+ * Note 2: It seems that the mentioned passage from RFC 2560 (section
+ * 4.2.1) is open for interpretation. I've done tests against another
+ * responder, and found that it doesn't do the double hashing that the RFC
+ * seems to say one should. Therefore, all relevant functions take a flag
+ * saying which variant should be used. -- Richard Levitte, OpenSSL team
+ * and CeloCom
+ */
+typedef struct ocsp_basic_response_st {
+ OCSP_RESPDATA *tbsResponseData;
+ X509_ALGOR *signatureAlgorithm;
+ ASN1_BIT_STRING *signature;
+ STACK_OF(X509) *certs;
+} OCSP_BASICRESP;
+
+/*-
+ * CRLReason ::= ENUMERATED {
+ * unspecified (0),
+ * keyCompromise (1),
+ * cACompromise (2),
+ * affiliationChanged (3),
+ * superseded (4),
+ * cessationOfOperation (5),
+ * certificateHold (6),
+ * removeFromCRL (8) }
+ */
+# define OCSP_REVOKED_STATUS_NOSTATUS -1
+# define OCSP_REVOKED_STATUS_UNSPECIFIED 0
+# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
+# define OCSP_REVOKED_STATUS_CACOMPROMISE 2
+# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3
+# define OCSP_REVOKED_STATUS_SUPERSEDED 4
+# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
+# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
+# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
+
+/*-
+ * CrlID ::= SEQUENCE {
+ * crlUrl [0] EXPLICIT IA5String OPTIONAL,
+ * crlNum [1] EXPLICIT INTEGER OPTIONAL,
+ * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL }
+ */
+typedef struct ocsp_crl_id_st {
+ ASN1_IA5STRING *crlUrl;
+ ASN1_INTEGER *crlNum;
+ ASN1_GENERALIZEDTIME *crlTime;
+} OCSP_CRLID;
+
+/*-
+ * ServiceLocator ::= SEQUENCE {
+ * issuer Name,
+ * locator AuthorityInfoAccessSyntax OPTIONAL }
+ */
+typedef struct ocsp_service_locator_st {
+ X509_NAME *issuer;
+ STACK_OF(ACCESS_DESCRIPTION) *locator;
+} OCSP_SERVICELOC;
+
+# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
+# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
+
+# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
+
+# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
+
+# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
+
+# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
+ (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
+
+# define PEM_write_bio_OCSP_REQUEST(bp,o) \
+ PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
+ bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+# define PEM_write_bio_OCSP_RESPONSE(bp,o) \
+ PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
+ bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
+
+# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
+
+# define OCSP_REQUEST_sign(o,pkey,md) \
+ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
+ o->optionalSignature->signatureAlgorithm,NULL,\
+ o->optionalSignature->signature,o->tbsRequest,pkey,md)
+
+# define OCSP_BASICRESP_sign(o,pkey,md,d) \
+ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
+ o->signature,o->tbsResponseData,pkey,md)
+
+# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
+ a->optionalSignature->signatureAlgorithm,\
+ a->optionalSignature->signature,a->tbsRequest,r)
+
+# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
+ a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
+
+# define ASN1_BIT_STRING_digest(data,type,md,len) \
+ ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
+
+# define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
+
+# define OCSP_CERTSTATUS_dup(cs)\
+ (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
+ (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
+ int maxline);
+int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
+void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+ X509_NAME *issuerName,
+ ASN1_BIT_STRING *issuerKey,
+ ASN1_INTEGER *serialNumber);
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+ X509 *signer,
+ EVP_PKEY *key,
+ const EVP_MD *dgst,
+ STACK_OF(X509) *certs, unsigned long flags);
+
+int OCSP_response_status(OCSP_RESPONSE *resp);
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+
+int OCSP_resp_count(OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+ ASN1_GENERALIZEDTIME **revtime,
+ ASN1_GENERALIZEDTIME **thisupd,
+ ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+ int *reason,
+ ASN1_GENERALIZEDTIME **revtime,
+ ASN1_GENERALIZEDTIME **thisupd,
+ ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+ ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec);
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
+ X509_STORE *store, unsigned long flags);
+
+int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath,
+ int *pssl);
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req);
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+ ASN1_OCTET_STRING **pikeyHash,
+ ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+int OCSP_request_is_signed(OCSP_REQUEST *req);
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+ OCSP_CERTID *cid,
+ int status, int reason,
+ ASN1_TIME *revtime,
+ ASN1_TIME *thisupd,
+ ASN1_TIME *nextupd);
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+ X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+ STACK_OF(X509) *certs, unsigned long flags);
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
+ void *data, STACK_OF(ASN1_OBJECT) *sk);
+# define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
+ ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
+
+X509_EXTENSION *OCSP_accept_responses_new(char **oids);
+
+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim);
+
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls);
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
+ int lastpos);
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit,
+ int *idx);
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+ unsigned long flags);
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+ unsigned long flags);
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
+ int lastpos);
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
+ int lastpos);
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
+ int *idx);
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
+ int crit, unsigned long flags);
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
+ int lastpos);
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
+ int lastpos);
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
+ int *idx);
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
+ int crit, unsigned long flags);
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
+
+DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
+DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
+DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
+
+char *OCSP_response_status_str(long s);
+char *OCSP_cert_status_str(long s);
+char *OCSP_crl_reason_str(long s);
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags);
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags);
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+ X509_STORE *st, unsigned long flags);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_OCSP_strings(void);
+
+/* Error codes for the OCSP functions. */
+
+/* Function codes. */
+# define OCSP_F_ASN1_STRING_ENCODE 100
+# define OCSP_F_D2I_OCSP_NONCE 102
+# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103
+# define OCSP_F_OCSP_BASIC_SIGN 104
+# define OCSP_F_OCSP_BASIC_VERIFY 105
+# define OCSP_F_OCSP_CERT_ID_NEW 101
+# define OCSP_F_OCSP_CHECK_DELEGATED 106
+# define OCSP_F_OCSP_CHECK_IDS 107
+# define OCSP_F_OCSP_CHECK_ISSUER 108
+# define OCSP_F_OCSP_CHECK_VALIDITY 115
+# define OCSP_F_OCSP_MATCH_ISSUERID 109
+# define OCSP_F_OCSP_PARSE_URL 114
+# define OCSP_F_OCSP_REQUEST_SIGN 110
+# define OCSP_F_OCSP_REQUEST_VERIFY 116
+# define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
+# define OCSP_F_OCSP_SENDREQ_BIO 112
+# define OCSP_F_PARSE_HTTP_LINE1 117
+# define OCSP_F_REQUEST_VERIFY 113
+
+/* Reason codes. */
+# define OCSP_R_BAD_DATA 100
+# define OCSP_R_CERTIFICATE_VERIFY_ERROR 101
+# define OCSP_R_DIGEST_ERR 102
+# define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122
+# define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123
+# define OCSP_R_ERROR_PARSING_URL 121
+# define OCSP_R_MISSING_OCSPSIGNING_USAGE 103
+# define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124
+# define OCSP_R_NOT_BASIC_RESPONSE 104
+# define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105
+# define OCSP_R_NO_CONTENT 106
+# define OCSP_R_NO_PUBLIC_KEY 107
+# define OCSP_R_NO_RESPONSE_DATA 108
+# define OCSP_R_NO_REVOKED_TIME 109
+# define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110
+# define OCSP_R_REQUEST_NOT_SIGNED 128
+# define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111
+# define OCSP_R_ROOT_CA_NOT_TRUSTED 112
+# define OCSP_R_SERVER_READ_ERROR 113
+# define OCSP_R_SERVER_RESPONSE_ERROR 114
+# define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115
+# define OCSP_R_SERVER_WRITE_ERROR 116
+# define OCSP_R_SIGNATURE_FAILURE 117
+# define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118
+# define OCSP_R_STATUS_EXPIRED 125
+# define OCSP_R_STATUS_NOT_YET_VALID 126
+# define OCSP_R_STATUS_TOO_OLD 127
+# define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119
+# define OCSP_R_UNKNOWN_NID 120
+# define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_asn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ocsp/ocsp_asn.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_asn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,182 +0,0 @@
-/* ocsp_asn.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/ocsp.h>
-
-ASN1_SEQUENCE(OCSP_SIGNATURE) = {
- ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
-} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
-
-ASN1_SEQUENCE(OCSP_CERTID) = {
- ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
- ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
- ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(OCSP_CERTID)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
-
-ASN1_SEQUENCE(OCSP_ONEREQ) = {
- ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END(OCSP_ONEREQ)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)
-
-ASN1_SEQUENCE(OCSP_REQINFO) = {
- ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
- ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
- ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),
- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
-} ASN1_SEQUENCE_END(OCSP_REQINFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
-
-ASN1_SEQUENCE(OCSP_REQUEST) = {
- ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
- ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
-} ASN1_SEQUENCE_END(OCSP_REQUEST)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
-
-/* OCSP_RESPONSE templates */
-
-ASN1_SEQUENCE(OCSP_RESPBYTES) = {
- ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
- ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
-
-ASN1_SEQUENCE(OCSP_RESPONSE) = {
- ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
- ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
-} ASN1_SEQUENCE_END(OCSP_RESPONSE)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
-
-ASN1_CHOICE(OCSP_RESPID) = {
- ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
- ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
-} ASN1_CHOICE_END(OCSP_RESPID)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
-
-ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
- ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
- ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
-} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
-
-ASN1_CHOICE(OCSP_CERTSTATUS) = {
- ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
- ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
- ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
-} ASN1_CHOICE_END(OCSP_CERTSTATUS)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
-
-ASN1_SEQUENCE(OCSP_SINGLERESP) = {
- ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
- ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
- ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
- ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
-
-ASN1_SEQUENCE(OCSP_RESPDATA) = {
- ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
- ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
- ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
- ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(OCSP_RESPDATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
-
-ASN1_SEQUENCE(OCSP_BASICRESP) = {
- ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
- ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
- ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
-} ASN1_SEQUENCE_END(OCSP_BASICRESP)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
-
-ASN1_SEQUENCE(OCSP_CRLID) = {
- ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
- ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
- ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
-} ASN1_SEQUENCE_END(OCSP_CRLID)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
-
-ASN1_SEQUENCE(OCSP_SERVICELOC) = {
- ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
- ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
-} ASN1_SEQUENCE_END(OCSP_SERVICELOC)
-
-IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_asn.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ocsp/ocsp_asn.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_asn.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_asn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,183 @@
+/* ocsp_asn.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/ocsp.h>
+
+ASN1_SEQUENCE(OCSP_SIGNATURE) = {
+ ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+
+ASN1_SEQUENCE(OCSP_CERTID) = {
+ ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(OCSP_CERTID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
+
+ASN1_SEQUENCE(OCSP_ONEREQ) = {
+ ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END(OCSP_ONEREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)
+
+ASN1_SEQUENCE(OCSP_REQINFO) = {
+ ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
+ ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
+ ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),
+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
+} ASN1_SEQUENCE_END(OCSP_REQINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
+
+ASN1_SEQUENCE(OCSP_REQUEST) = {
+ ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
+ ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
+} ASN1_SEQUENCE_END(OCSP_REQUEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
+
+/* OCSP_RESPONSE templates */
+
+ASN1_SEQUENCE(OCSP_RESPBYTES) = {
+ ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
+ ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+
+ASN1_SEQUENCE(OCSP_RESPONSE) = {
+ ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
+ ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
+} ASN1_SEQUENCE_END(OCSP_RESPONSE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
+
+ASN1_CHOICE(OCSP_RESPID) = {
+ ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
+ ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
+} ASN1_CHOICE_END(OCSP_RESPID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
+
+ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
+ ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
+ ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
+} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+
+ASN1_CHOICE(OCSP_CERTSTATUS) = {
+ ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
+ ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
+ ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
+} ASN1_CHOICE_END(OCSP_CERTSTATUS)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+
+ASN1_SEQUENCE(OCSP_SINGLERESP) = {
+ ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
+ ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
+ ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
+ ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+
+ASN1_SEQUENCE(OCSP_RESPDATA) = {
+ ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
+ ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
+ ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
+ ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_RESPDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
+
+ASN1_SEQUENCE(OCSP_BASICRESP) = {
+ ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+ ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
+ ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_BASICRESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
+
+ASN1_SEQUENCE(OCSP_CRLID) = {
+ ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
+ ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
+ ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
+} ASN1_SEQUENCE_END(OCSP_CRLID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
+
+ASN1_SEQUENCE(OCSP_SERVICELOC) = {
+ ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
+ ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+} ASN1_SEQUENCE_END(OCSP_SERVICELOC)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_cl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ocsp/ocsp_cl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_cl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,372 +0,0 @@
-/* ocsp_cl.c */
-/* Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
- * project. */
-
-/* History:
- This file was transfered to Richard Levitte from CertCo by Kathy
- Weinhold in mid-spring 2000 to be included in OpenSSL or released
- as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/ocsp.h>
-
-/* Utility functions related to sending OCSP requests and extracting
- * relevant information from the response.
- */
-
-/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ
- * pointer: useful if we want to add extensions.
- */
-
-OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
- {
- OCSP_ONEREQ *one = NULL;
-
- if (!(one = OCSP_ONEREQ_new())) goto err;
- if (one->reqCert) OCSP_CERTID_free(one->reqCert);
- one->reqCert = cid;
- if (req &&
- !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
- goto err;
- return one;
-err:
- OCSP_ONEREQ_free(one);
- return NULL;
- }
-
-/* Set requestorName from an X509_NAME structure */
-
-int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
- {
- GENERAL_NAME *gen;
- gen = GENERAL_NAME_new();
- if (gen == NULL)
- return 0;
- if (!X509_NAME_set(&gen->d.directoryName, nm))
- {
- GENERAL_NAME_free(gen);
- return 0;
- }
- gen->type = GEN_DIRNAME;
- if (req->tbsRequest->requestorName)
- GENERAL_NAME_free(req->tbsRequest->requestorName);
- req->tbsRequest->requestorName = gen;
- return 1;
- }
-
-
-/* Add a certificate to an OCSP request */
-
-int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
- {
- OCSP_SIGNATURE *sig;
- if (!req->optionalSignature)
- req->optionalSignature = OCSP_SIGNATURE_new();
- sig = req->optionalSignature;
- if (!sig) return 0;
- if (!cert) return 1;
- if (!sig->certs && !(sig->certs = sk_X509_new_null()))
- return 0;
-
- if(!sk_X509_push(sig->certs, cert)) return 0;
- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
- return 1;
- }
-
-/* Sign an OCSP request set the requestorName to the subjec
- * name of an optional signers certificate and include one
- * or more optional certificates in the request. Behaves
- * like PKCS7_sign().
- */
-
-int OCSP_request_sign(OCSP_REQUEST *req,
- X509 *signer,
- EVP_PKEY *key,
- const EVP_MD *dgst,
- STACK_OF(X509) *certs,
- unsigned long flags)
- {
- int i;
- OCSP_SIGNATURE *sig;
- X509 *x;
-
- if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
- goto err;
-
- if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
- if (!dgst) dgst = EVP_sha1();
- if (key)
- {
- if (!X509_check_private_key(signer, key))
- {
- OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
- goto err;
- }
- if (!OCSP_REQUEST_sign(req, key, dgst)) goto err;
- }
-
- if (!(flags & OCSP_NOCERTS))
- {
- if(!OCSP_request_add1_cert(req, signer)) goto err;
- for (i = 0; i < sk_X509_num(certs); i++)
- {
- x = sk_X509_value(certs, i);
- if (!OCSP_request_add1_cert(req, x)) goto err;
- }
- }
-
- return 1;
-err:
- OCSP_SIGNATURE_free(req->optionalSignature);
- req->optionalSignature = NULL;
- return 0;
- }
-
-/* Get response status */
-
-int OCSP_response_status(OCSP_RESPONSE *resp)
- {
- return ASN1_ENUMERATED_get(resp->responseStatus);
- }
-
-/* Extract basic response from OCSP_RESPONSE or NULL if
- * no basic response present.
- */
-
-
-OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
- {
- OCSP_RESPBYTES *rb;
- rb = resp->responseBytes;
- if (!rb)
- {
- OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
- return NULL;
- }
- if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
- {
- OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
- return NULL;
- }
-
- return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
- }
-
-/* Return number of OCSP_SINGLERESP reponses present in
- * a basic response.
- */
-
-int OCSP_resp_count(OCSP_BASICRESP *bs)
- {
- if (!bs) return -1;
- return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
- }
-
-/* Extract an OCSP_SINGLERESP response with a given index */
-
-OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
- {
- if (!bs) return NULL;
- return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
- }
-
-/* Look single response matching a given certificate ID */
-
-int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
- {
- int i;
- STACK_OF(OCSP_SINGLERESP) *sresp;
- OCSP_SINGLERESP *single;
- if (!bs) return -1;
- if (last < 0) last = 0;
- else last++;
- sresp = bs->tbsResponseData->responses;
- for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++)
- {
- single = sk_OCSP_SINGLERESP_value(sresp, i);
- if (!OCSP_id_cmp(id, single->certId)) return i;
- }
- return -1;
- }
-
-/* Extract status information from an OCSP_SINGLERESP structure.
- * Note: the revtime and reason values are only set if the
- * certificate status is revoked. Returns numerical value of
- * status.
- */
-
-int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
- ASN1_GENERALIZEDTIME **revtime,
- ASN1_GENERALIZEDTIME **thisupd,
- ASN1_GENERALIZEDTIME **nextupd)
- {
- int ret;
- OCSP_CERTSTATUS *cst;
- if(!single) return -1;
- cst = single->certStatus;
- ret = cst->type;
- if (ret == V_OCSP_CERTSTATUS_REVOKED)
- {
- OCSP_REVOKEDINFO *rev = cst->value.revoked;
- if (revtime) *revtime = rev->revocationTime;
- if (reason)
- {
- if(rev->revocationReason)
- *reason = ASN1_ENUMERATED_get(rev->revocationReason);
- else *reason = -1;
- }
- }
- if(thisupd) *thisupd = single->thisUpdate;
- if(nextupd) *nextupd = single->nextUpdate;
- return ret;
- }
-
-/* This function combines the previous ones: look up a certificate ID and
- * if found extract status information. Return 0 is successful.
- */
-
-int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
- int *reason,
- ASN1_GENERALIZEDTIME **revtime,
- ASN1_GENERALIZEDTIME **thisupd,
- ASN1_GENERALIZEDTIME **nextupd)
- {
- int i;
- OCSP_SINGLERESP *single;
- i = OCSP_resp_find(bs, id, -1);
- /* Maybe check for multiple responses and give an error? */
- if(i < 0) return 0;
- single = OCSP_resp_get0(bs, i);
- i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
- if(status) *status = i;
- return 1;
- }
-
-/* Check validity of thisUpdate and nextUpdate fields. It is possible that the request will
- * take a few seconds to process and/or the time wont be totally accurate. Therefore to avoid
- * rejecting otherwise valid time we allow the times to be within 'nsec' of the current time.
- * Also to avoid accepting very old responses without a nextUpdate field an optional maxage
- * parameter specifies the maximum age the thisUpdate field can be.
- */
-
-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
- {
- int ret = 1;
- time_t t_now, t_tmp;
- time(&t_now);
- /* Check thisUpdate is valid and not more than nsec in the future */
- if (!ASN1_GENERALIZEDTIME_check(thisupd))
- {
- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
- ret = 0;
- }
- else
- {
- t_tmp = t_now + nsec;
- if (X509_cmp_time(thisupd, &t_tmp) > 0)
- {
- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
- ret = 0;
- }
-
- /* If maxsec specified check thisUpdate is not more than maxsec in the past */
- if (maxsec >= 0)
- {
- t_tmp = t_now - maxsec;
- if (X509_cmp_time(thisupd, &t_tmp) < 0)
- {
- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
- ret = 0;
- }
- }
- }
-
-
- if (!nextupd) return ret;
-
- /* Check nextUpdate is valid and not more than nsec in the past */
- if (!ASN1_GENERALIZEDTIME_check(nextupd))
- {
- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
- ret = 0;
- }
- else
- {
- t_tmp = t_now - nsec;
- if (X509_cmp_time(nextupd, &t_tmp) < 0)
- {
- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
- ret = 0;
- }
- }
-
- /* Also don't allow nextUpdate to precede thisUpdate */
- if (ASN1_STRING_cmp(nextupd, thisupd) < 0)
- {
- OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
- ret = 0;
- }
-
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_cl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ocsp/ocsp_cl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_cl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_cl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,385 @@
+/* ocsp_cl.c */
+/*
+ * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
+ * project.
+ */
+
+/*
+ * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
+ * patch kit.
+ */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/*
+ * Utility functions related to sending OCSP requests and extracting relevant
+ * information from the response.
+ */
+
+/*
+ * Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ pointer:
+ * useful if we want to add extensions.
+ */
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
+{
+ OCSP_ONEREQ *one = NULL;
+
+ if (!(one = OCSP_ONEREQ_new()))
+ goto err;
+ if (one->reqCert)
+ OCSP_CERTID_free(one->reqCert);
+ one->reqCert = cid;
+ if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
+ goto err;
+ return one;
+ err:
+ OCSP_ONEREQ_free(one);
+ return NULL;
+}
+
+/* Set requestorName from an X509_NAME structure */
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
+{
+ GENERAL_NAME *gen;
+ gen = GENERAL_NAME_new();
+ if (gen == NULL)
+ return 0;
+ if (!X509_NAME_set(&gen->d.directoryName, nm)) {
+ GENERAL_NAME_free(gen);
+ return 0;
+ }
+ gen->type = GEN_DIRNAME;
+ if (req->tbsRequest->requestorName)
+ GENERAL_NAME_free(req->tbsRequest->requestorName);
+ req->tbsRequest->requestorName = gen;
+ return 1;
+}
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
+{
+ OCSP_SIGNATURE *sig;
+ if (!req->optionalSignature)
+ req->optionalSignature = OCSP_SIGNATURE_new();
+ sig = req->optionalSignature;
+ if (!sig)
+ return 0;
+ if (!cert)
+ return 1;
+ if (!sig->certs && !(sig->certs = sk_X509_new_null()))
+ return 0;
+
+ if (!sk_X509_push(sig->certs, cert))
+ return 0;
+ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+ return 1;
+}
+
+/*
+ * Sign an OCSP request set the requestorName to the subjec name of an
+ * optional signers certificate and include one or more optional certificates
+ * in the request. Behaves like PKCS7_sign().
+ */
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+ X509 *signer,
+ EVP_PKEY *key,
+ const EVP_MD *dgst,
+ STACK_OF(X509) *certs, unsigned long flags)
+{
+ int i;
+ OCSP_SIGNATURE *sig;
+ X509 *x;
+
+ if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
+ goto err;
+
+ if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new()))
+ goto err;
+ if (!dgst)
+ dgst = EVP_sha1();
+ if (key) {
+ if (!X509_check_private_key(signer, key)) {
+ OCSPerr(OCSP_F_OCSP_REQUEST_SIGN,
+ OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+ goto err;
+ }
+ if (!OCSP_REQUEST_sign(req, key, dgst))
+ goto err;
+ }
+
+ if (!(flags & OCSP_NOCERTS)) {
+ if (!OCSP_request_add1_cert(req, signer))
+ goto err;
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ if (!OCSP_request_add1_cert(req, x))
+ goto err;
+ }
+ }
+
+ return 1;
+ err:
+ OCSP_SIGNATURE_free(req->optionalSignature);
+ req->optionalSignature = NULL;
+ return 0;
+}
+
+/* Get response status */
+
+int OCSP_response_status(OCSP_RESPONSE *resp)
+{
+ return ASN1_ENUMERATED_get(resp->responseStatus);
+}
+
+/*
+ * Extract basic response from OCSP_RESPONSE or NULL if no basic response
+ * present.
+ */
+
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
+{
+ OCSP_RESPBYTES *rb;
+ rb = resp->responseBytes;
+ if (!rb) {
+ OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
+ return NULL;
+ }
+ if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
+ OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
+ return NULL;
+ }
+
+ return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
+}
+
+/*
+ * Return number of OCSP_SINGLERESP reponses present in a basic response.
+ */
+
+int OCSP_resp_count(OCSP_BASICRESP *bs)
+{
+ if (!bs)
+ return -1;
+ return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
+}
+
+/* Extract an OCSP_SINGLERESP response with a given index */
+
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
+{
+ if (!bs)
+ return NULL;
+ return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
+}
+
+/* Look single response matching a given certificate ID */
+
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
+{
+ int i;
+ STACK_OF(OCSP_SINGLERESP) *sresp;
+ OCSP_SINGLERESP *single;
+ if (!bs)
+ return -1;
+ if (last < 0)
+ last = 0;
+ else
+ last++;
+ sresp = bs->tbsResponseData->responses;
+ for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
+ single = sk_OCSP_SINGLERESP_value(sresp, i);
+ if (!OCSP_id_cmp(id, single->certId))
+ return i;
+ }
+ return -1;
+}
+
+/*
+ * Extract status information from an OCSP_SINGLERESP structure. Note: the
+ * revtime and reason values are only set if the certificate status is
+ * revoked. Returns numerical value of status.
+ */
+
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+ ASN1_GENERALIZEDTIME **revtime,
+ ASN1_GENERALIZEDTIME **thisupd,
+ ASN1_GENERALIZEDTIME **nextupd)
+{
+ int ret;
+ OCSP_CERTSTATUS *cst;
+ if (!single)
+ return -1;
+ cst = single->certStatus;
+ ret = cst->type;
+ if (ret == V_OCSP_CERTSTATUS_REVOKED) {
+ OCSP_REVOKEDINFO *rev = cst->value.revoked;
+ if (revtime)
+ *revtime = rev->revocationTime;
+ if (reason) {
+ if (rev->revocationReason)
+ *reason = ASN1_ENUMERATED_get(rev->revocationReason);
+ else
+ *reason = -1;
+ }
+ }
+ if (thisupd)
+ *thisupd = single->thisUpdate;
+ if (nextupd)
+ *nextupd = single->nextUpdate;
+ return ret;
+}
+
+/*
+ * This function combines the previous ones: look up a certificate ID and if
+ * found extract status information. Return 0 is successful.
+ */
+
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+ int *reason,
+ ASN1_GENERALIZEDTIME **revtime,
+ ASN1_GENERALIZEDTIME **thisupd,
+ ASN1_GENERALIZEDTIME **nextupd)
+{
+ int i;
+ OCSP_SINGLERESP *single;
+ i = OCSP_resp_find(bs, id, -1);
+ /* Maybe check for multiple responses and give an error? */
+ if (i < 0)
+ return 0;
+ single = OCSP_resp_get0(bs, i);
+ i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
+ if (status)
+ *status = i;
+ return 1;
+}
+
+/*
+ * Check validity of thisUpdate and nextUpdate fields. It is possible that
+ * the request will take a few seconds to process and/or the time wont be
+ * totally accurate. Therefore to avoid rejecting otherwise valid time we
+ * allow the times to be within 'nsec' of the current time. Also to avoid
+ * accepting very old responses without a nextUpdate field an optional maxage
+ * parameter specifies the maximum age the thisUpdate field can be.
+ */
+
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+ ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
+{
+ int ret = 1;
+ time_t t_now, t_tmp;
+ time(&t_now);
+ /* Check thisUpdate is valid and not more than nsec in the future */
+ if (!ASN1_GENERALIZEDTIME_check(thisupd)) {
+ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
+ ret = 0;
+ } else {
+ t_tmp = t_now + nsec;
+ if (X509_cmp_time(thisupd, &t_tmp) > 0) {
+ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
+ ret = 0;
+ }
+
+ /*
+ * If maxsec specified check thisUpdate is not more than maxsec in
+ * the past
+ */
+ if (maxsec >= 0) {
+ t_tmp = t_now - maxsec;
+ if (X509_cmp_time(thisupd, &t_tmp) < 0) {
+ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
+ ret = 0;
+ }
+ }
+ }
+
+ if (!nextupd)
+ return ret;
+
+ /* Check nextUpdate is valid and not more than nsec in the past */
+ if (!ASN1_GENERALIZEDTIME_check(nextupd)) {
+ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
+ ret = 0;
+ } else {
+ t_tmp = t_now - nsec;
+ if (X509_cmp_time(nextupd, &t_tmp) < 0) {
+ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
+ ret = 0;
+ }
+ }
+
+ /* Also don't allow nextUpdate to precede thisUpdate */
+ if (ASN1_STRING_cmp(nextupd, thisupd) < 0) {
+ OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
+ OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
+ ret = 0;
+ }
+
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ocsp/ocsp_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,141 +0,0 @@
-/* crypto/ocsp/ocsp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ocsp.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
-
-static ERR_STRING_DATA OCSP_str_functs[]=
- {
-{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
-{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
-{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
-{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
-{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
-{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
-{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
-{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
-{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
-{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"},
-{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA OCSP_str_reasons[]=
- {
-{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"},
-{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"},
-{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"},
-{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"},
-{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"},
-{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"},
-{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"},
-{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"},
-{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"},
-{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"},
-{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"},
-{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"},
-{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"},
-{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"},
-{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"},
-{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"},
-{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"},
-{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"},
-{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"},
-{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"},
-{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"},
-{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"},
-{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"},
-{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"},
-{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"},
-{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"},
-{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_OCSP_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,OCSP_str_functs);
- ERR_load_strings(0,OCSP_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ocsp/ocsp_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,148 @@
+/* crypto/ocsp/ocsp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
+
+static ERR_STRING_DATA OCSP_str_functs[] = {
+ {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
+ {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
+ {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
+ {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
+ {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
+ {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},
+ {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
+ {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
+ {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
+ {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
+ {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
+ {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
+ {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
+ {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
+ {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
+ {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
+ {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"},
+ {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA OCSP_str_reasons[] = {
+ {ERR_REASON(OCSP_R_BAD_DATA), "bad data"},
+ {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
+ {ERR_REASON(OCSP_R_DIGEST_ERR), "digest err"},
+ {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),
+ "error in nextupdate field"},
+ {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),
+ "error in thisupdate field"},
+ {ERR_REASON(OCSP_R_ERROR_PARSING_URL), "error parsing url"},
+ {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),
+ "missing ocspsigning usage"},
+ {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),
+ "nextupdate before thisupdate"},
+ {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE), "not basic response"},
+ {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"},
+ {ERR_REASON(OCSP_R_NO_CONTENT), "no content"},
+ {ERR_REASON(OCSP_R_NO_PUBLIC_KEY), "no public key"},
+ {ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"},
+ {ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"},
+ {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+ "private key does not match certificate"},
+ {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED), "request not signed"},
+ {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),
+ "response contains no revocation data"},
+ {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED), "root ca not trusted"},
+ {ERR_REASON(OCSP_R_SERVER_READ_ERROR), "server read error"},
+ {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"},
+ {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),
+ "server response parse error"},
+ {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR), "server write error"},
+ {ERR_REASON(OCSP_R_SIGNATURE_FAILURE), "signature failure"},
+ {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),
+ "signer certificate not found"},
+ {ERR_REASON(OCSP_R_STATUS_EXPIRED), "status expired"},
+ {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID), "status not yet valid"},
+ {ERR_REASON(OCSP_R_STATUS_TOO_OLD), "status too old"},
+ {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"},
+ {ERR_REASON(OCSP_R_UNKNOWN_NID), "unknown nid"},
+ {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),
+ "unsupported requestorname type"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_OCSP_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, OCSP_str_functs);
+ ERR_load_strings(0, OCSP_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ext.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ext.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ext.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,545 +0,0 @@
-/* ocsp_ext.c */
-/* Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
- * project. */
-
-/* History:
- This file was transfered to Richard Levitte from CertCo by Kathy
- Weinhold in mid-spring 2000 to be included in OpenSSL or released
- as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/ocsp.h>
-#include <openssl/rand.h>
-#include <openssl/x509v3.h>
-
-/* Standard wrapper functions for extensions */
-
-/* OCSP request extensions */
-
-int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
- {
- return(X509v3_get_ext_count(x->tbsRequest->requestExtensions));
- }
-
-int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
- {
- return(X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions,nid,lastpos));
- }
-
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos)
- {
- return(X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions,obj,lastpos));
- }
-
-int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
- {
- return(X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions,crit,lastpos));
- }
-
-X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
- {
- return(X509v3_get_ext(x->tbsRequest->requestExtensions,loc));
- }
-
-X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
- {
- return(X509v3_delete_ext(x->tbsRequest->requestExtensions,loc));
- }
-
-void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
- {
- return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
- }
-
-int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
- unsigned long flags)
- {
- return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, crit, flags);
- }
-
-int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
- {
- return(X509v3_add_ext(&(x->tbsRequest->requestExtensions),ex,loc) != NULL);
- }
-
-/* Single extensions */
-
-int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
- {
- return(X509v3_get_ext_count(x->singleRequestExtensions));
- }
-
-int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
- {
- return(X509v3_get_ext_by_NID(x->singleRequestExtensions,nid,lastpos));
- }
-
-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)
- {
- return(X509v3_get_ext_by_OBJ(x->singleRequestExtensions,obj,lastpos));
- }
-
-int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
- {
- return(X509v3_get_ext_by_critical(x->singleRequestExtensions,crit,lastpos));
- }
-
-X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
- {
- return(X509v3_get_ext(x->singleRequestExtensions,loc));
- }
-
-X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
- {
- return(X509v3_delete_ext(x->singleRequestExtensions,loc));
- }
-
-void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
- {
- return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
- }
-
-int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
- unsigned long flags)
- {
- return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, flags);
- }
-
-int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
- {
- return(X509v3_add_ext(&(x->singleRequestExtensions),ex,loc) != NULL);
- }
-
-/* OCSP Basic response */
-
-int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
- {
- return(X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
- }
-
-int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
- {
- return(X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,nid,lastpos));
- }
-
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos)
- {
- return(X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,obj,lastpos));
- }
-
-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)
- {
- return(X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,crit,lastpos));
- }
-
-X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
- {
- return(X509v3_get_ext(x->tbsResponseData->responseExtensions,loc));
- }
-
-X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
- {
- return(X509v3_delete_ext(x->tbsResponseData->responseExtensions,loc));
- }
-
-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx)
- {
- return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, idx);
- }
-
-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
- unsigned long flags)
- {
- return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, value, crit, flags);
- }
-
-int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
- {
- return(X509v3_add_ext(&(x->tbsResponseData->responseExtensions),ex,loc) != NULL);
- }
-
-/* OCSP single response extensions */
-
-int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
- {
- return(X509v3_get_ext_count(x->singleExtensions));
- }
-
-int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
- {
- return(X509v3_get_ext_by_NID(x->singleExtensions,nid,lastpos));
- }
-
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos)
- {
- return(X509v3_get_ext_by_OBJ(x->singleExtensions,obj,lastpos));
- }
-
-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos)
- {
- return(X509v3_get_ext_by_critical(x->singleExtensions,crit,lastpos));
- }
-
-X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
- {
- return(X509v3_get_ext(x->singleExtensions,loc));
- }
-
-X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
- {
- return(X509v3_delete_ext(x->singleExtensions,loc));
- }
-
-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx)
- {
- return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
- }
-
-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
- unsigned long flags)
- {
- return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
- }
-
-int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
- {
- return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL);
- }
-
-/* also CRL Entry Extensions */
-
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
- void *data, STACK_OF(ASN1_OBJECT) *sk)
- {
- int i;
- unsigned char *p, *b = NULL;
-
- if (data)
- {
- if ((i=i2d(data,NULL)) <= 0) goto err;
- if (!(b=p=OPENSSL_malloc((unsigned int)i)))
- goto err;
- if (i2d(data, &p) <= 0) goto err;
- }
- else if (sk)
- {
- if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,
- (I2D_OF(ASN1_OBJECT))i2d,
- V_ASN1_SEQUENCE,
- V_ASN1_UNIVERSAL,
- IS_SEQUENCE))<=0) goto err;
- if (!(b=p=OPENSSL_malloc((unsigned int)i)))
- goto err;
- if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d,
- V_ASN1_SEQUENCE,
- V_ASN1_UNIVERSAL,
- IS_SEQUENCE)<=0) goto err;
- }
- else
- {
- OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA);
- goto err;
- }
- if (!s && !(s = ASN1_STRING_new())) goto err;
- if (!(ASN1_STRING_set(s, b, i))) goto err;
- OPENSSL_free(b);
- return s;
-err:
- if (b) OPENSSL_free(b);
- return NULL;
- }
-
-/* Nonce handling functions */
-
-/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
- * a random nonce will be generated.
- * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
- * nonce, previous versions used the raw nonce.
- */
-
-static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
- {
- unsigned char *tmpval;
- ASN1_OCTET_STRING os;
- int ret = 0;
- if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
- /* Create the OCTET STRING manually by writing out the header and
- * appending the content octets. This avoids an extra memory allocation
- * operation in some cases. Applications should *NOT* do this because
- * it relies on library internals.
- */
- os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
- os.data = OPENSSL_malloc(os.length);
- if (os.data == NULL)
- goto err;
- tmpval = os.data;
- ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
- if (val)
- memcpy(tmpval, val, len);
- else
- RAND_pseudo_bytes(tmpval, len);
- if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
- &os, 0, X509V3_ADD_REPLACE))
- goto err;
- ret = 1;
- err:
- if (os.data)
- OPENSSL_free(os.data);
- return ret;
- }
-
-
-/* Add nonce to an OCSP request */
-
-int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
- {
- return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
- }
-
-/* Same as above but for a response */
-
-int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
- {
- return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len);
- }
-
-/* Check nonce validity in a request and response.
- * Return value reflects result:
- * 1: nonces present and equal.
- * 2: nonces both absent.
- * 3: nonce present in response only.
- * 0: nonces both present and not equal.
- * -1: nonce in request only.
- *
- * For most responders clients can check return > 0.
- * If responder doesn't handle nonces return != 0 may be
- * necessary. return == 0 is always an error.
- */
-
-int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
- {
- /*
- * Since we are only interested in the presence or absence of
- * the nonce and comparing its value there is no need to use
- * the X509V3 routines: this way we can avoid them allocating an
- * ASN1_OCTET_STRING structure for the value which would be
- * freed immediately anyway.
- */
-
- int req_idx, resp_idx;
- X509_EXTENSION *req_ext, *resp_ext;
- req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
- resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
- /* Check both absent */
- if((req_idx < 0) && (resp_idx < 0))
- return 2;
- /* Check in request only */
- if((req_idx >= 0) && (resp_idx < 0))
- return -1;
- /* Check in response but not request */
- if((req_idx < 0) && (resp_idx >= 0))
- return 3;
- /* Otherwise nonce in request and response so retrieve the extensions */
- req_ext = OCSP_REQUEST_get_ext(req, req_idx);
- resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
- if(ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
- return 0;
- return 1;
- }
-
-/* Copy the nonce value (if any) from an OCSP request to
- * a response.
- */
-
-int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
- {
- X509_EXTENSION *req_ext;
- int req_idx;
- /* Check for nonce in request */
- req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
- /* If no nonce that's OK */
- if (req_idx < 0) return 2;
- req_ext = OCSP_REQUEST_get_ext(req, req_idx);
- return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
- }
-
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
- {
- X509_EXTENSION *x = NULL;
- OCSP_CRLID *cid = NULL;
-
- if (!(cid = OCSP_CRLID_new())) goto err;
- if (url)
- {
- if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err;
- if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err;
- }
- if (n)
- {
- if (!(cid->crlNum = ASN1_INTEGER_new())) goto err;
- if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err;
- }
- if (tim)
- {
- if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err;
- if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
- goto err;
- }
- if (!(x = X509_EXTENSION_new())) goto err;
- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
- if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,
- NULL)))
- goto err;
- OCSP_CRLID_free(cid);
- return x;
-err:
- if (x) X509_EXTENSION_free(x);
- if (cid) OCSP_CRLID_free(cid);
- return NULL;
- }
-
-/* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
-X509_EXTENSION *OCSP_accept_responses_new(char **oids)
- {
- int nid;
- STACK_OF(ASN1_OBJECT) *sk = NULL;
- ASN1_OBJECT *o = NULL;
- X509_EXTENSION *x = NULL;
-
- if (!(sk = sk_ASN1_OBJECT_new_null())) goto err;
- while (oids && *oids)
- {
- if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid)))
- sk_ASN1_OBJECT_push(sk, o);
- oids++;
- }
- if (!(x = X509_EXTENSION_new())) goto err;
- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
- goto err;
- if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,
- sk)))
- goto err;
- sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
- return x;
-err:
- if (x) X509_EXTENSION_free(x);
- if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
- return NULL;
- }
-
-/* ArchiveCutoff ::= GeneralizedTime */
-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
- {
- X509_EXTENSION *x=NULL;
- ASN1_GENERALIZEDTIME *gt = NULL;
-
- if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
- if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
- if (!(x = X509_EXTENSION_new())) goto err;
- if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
- if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,
- i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;
- ASN1_GENERALIZEDTIME_free(gt);
- return x;
-err:
- if (gt) ASN1_GENERALIZEDTIME_free(gt);
- if (x) X509_EXTENSION_free(x);
- return NULL;
- }
-
-/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
- * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This
- * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
- */
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
- {
- X509_EXTENSION *x = NULL;
- ASN1_IA5STRING *ia5 = NULL;
- OCSP_SERVICELOC *sloc = NULL;
- ACCESS_DESCRIPTION *ad = NULL;
-
- if (!(sloc = OCSP_SERVICELOC_new())) goto err;
- if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err;
- if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) goto err;
- while (urls && *urls)
- {
- if (!(ad = ACCESS_DESCRIPTION_new())) goto err;
- if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err;
- if (!(ad->location = GENERAL_NAME_new())) goto err;
- if (!(ia5 = ASN1_IA5STRING_new())) goto err;
- if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err;
- ad->location->type = GEN_URI;
- ad->location->d.ia5 = ia5;
- if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
- urls++;
- }
- if (!(x = X509_EXTENSION_new())) goto err;
- if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator)))
- goto err;
- if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,
- i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;
- OCSP_SERVICELOC_free(sloc);
- return x;
-err:
- if (x) X509_EXTENSION_free(x);
- if (sloc) OCSP_SERVICELOC_free(sloc);
- return NULL;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ext.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ext.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ext.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ext.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,605 @@
+/* ocsp_ext.c */
+/*
+ * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
+ * project.
+ */
+
+/*
+ * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
+ * patch kit.
+ */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/ocsp.h>
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+
+/* Standard wrapper functions for extensions */
+
+/* OCSP request extensions */
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
+{
+ return (X509v3_get_ext_count(x->tbsRequest->requestExtensions));
+}
+
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
+{
+ return (X509v3_get_ext_by_NID
+ (x->tbsRequest->requestExtensions, nid, lastpos));
+}
+
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
+ int lastpos)
+{
+ return (X509v3_get_ext_by_OBJ
+ (x->tbsRequest->requestExtensions, obj, lastpos));
+}
+
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
+{
+ return (X509v3_get_ext_by_critical
+ (x->tbsRequest->requestExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
+{
+ return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc));
+}
+
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
+{
+ return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc));
+}
+
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
+{
+ return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
+}
+
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+ unsigned long flags)
+{
+ return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value,
+ crit, flags);
+}
+
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
+{
+ return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) !=
+ NULL);
+}
+
+/* Single extensions */
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
+{
+ return (X509v3_get_ext_count(x->singleRequestExtensions));
+}
+
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
+{
+ return (X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos));
+}
+
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)
+{
+ return (X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos));
+}
+
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
+{
+ return (X509v3_get_ext_by_critical
+ (x->singleRequestExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
+{
+ return (X509v3_get_ext(x->singleRequestExtensions, loc));
+}
+
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
+{
+ return (X509v3_delete_ext(x->singleRequestExtensions, loc));
+}
+
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
+{
+ return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
+}
+
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+ unsigned long flags)
+{
+ return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit,
+ flags);
+}
+
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
+{
+ return (X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL);
+}
+
+/* OCSP Basic response */
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
+{
+ return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
+}
+
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
+{
+ return (X509v3_get_ext_by_NID
+ (x->tbsResponseData->responseExtensions, nid, lastpos));
+}
+
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
+ int lastpos)
+{
+ return (X509v3_get_ext_by_OBJ
+ (x->tbsResponseData->responseExtensions, obj, lastpos));
+}
+
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
+ int lastpos)
+{
+ return (X509v3_get_ext_by_critical
+ (x->tbsResponseData->responseExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
+{
+ return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc));
+}
+
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
+{
+ return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc));
+}
+
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
+ int *idx)
+{
+ return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit,
+ idx);
+}
+
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
+ int crit, unsigned long flags)
+{
+ return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid,
+ value, crit, flags);
+}
+
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
+{
+ return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc)
+ != NULL);
+}
+
+/* OCSP single response extensions */
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
+{
+ return (X509v3_get_ext_count(x->singleExtensions));
+}
+
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
+{
+ return (X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos));
+}
+
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
+ int lastpos)
+{
+ return (X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos));
+}
+
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
+ int lastpos)
+{
+ return (X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
+{
+ return (X509v3_get_ext(x->singleExtensions, loc));
+}
+
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
+{
+ return (X509v3_delete_ext(x->singleExtensions, loc));
+}
+
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
+ int *idx)
+{
+ return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
+}
+
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
+ int crit, unsigned long flags)
+{
+ return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
+}
+
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
+{
+ return (X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL);
+}
+
+/* also CRL Entry Extensions */
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
+ void *data, STACK_OF(ASN1_OBJECT) *sk)
+{
+ int i;
+ unsigned char *p, *b = NULL;
+
+ if (data) {
+ if ((i = i2d(data, NULL)) <= 0)
+ goto err;
+ if (!(b = p = OPENSSL_malloc((unsigned int)i)))
+ goto err;
+ if (i2d(data, &p) <= 0)
+ goto err;
+ } else if (sk) {
+ if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL,
+ (I2D_OF(ASN1_OBJECT)) i2d,
+ V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL,
+ IS_SEQUENCE)) <= 0)
+ goto err;
+ if (!(b = p = OPENSSL_malloc((unsigned int)i)))
+ goto err;
+ if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, (I2D_OF(ASN1_OBJECT)) i2d,
+ V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
+ goto err;
+ } else {
+ OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA);
+ goto err;
+ }
+ if (!s && !(s = ASN1_STRING_new()))
+ goto err;
+ if (!(ASN1_STRING_set(s, b, i)))
+ goto err;
+ OPENSSL_free(b);
+ return s;
+ err:
+ if (b)
+ OPENSSL_free(b);
+ return NULL;
+}
+
+/* Nonce handling functions */
+
+/*
+ * Add a nonce to an extension stack. A nonce can be specificed or if NULL a
+ * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an
+ * OCTET STRING containing the nonce, previous versions used the raw nonce.
+ */
+
+static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
+ unsigned char *val, int len)
+{
+ unsigned char *tmpval;
+ ASN1_OCTET_STRING os;
+ int ret = 0;
+ if (len <= 0)
+ len = OCSP_DEFAULT_NONCE_LENGTH;
+ /*
+ * Create the OCTET STRING manually by writing out the header and
+ * appending the content octets. This avoids an extra memory allocation
+ * operation in some cases. Applications should *NOT* do this because it
+ * relies on library internals.
+ */
+ os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+ os.data = OPENSSL_malloc(os.length);
+ if (os.data == NULL)
+ goto err;
+ tmpval = os.data;
+ ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
+ if (val)
+ memcpy(tmpval, val, len);
+ else
+ RAND_pseudo_bytes(tmpval, len);
+ if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
+ &os, 0, X509V3_ADD_REPLACE))
+ goto err;
+ ret = 1;
+ err:
+ if (os.data)
+ OPENSSL_free(os.data);
+ return ret;
+}
+
+/* Add nonce to an OCSP request */
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
+{
+ return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
+}
+
+/* Same as above but for a response */
+
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
+{
+ return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val,
+ len);
+}
+
+/*-
+ * Check nonce validity in a request and response.
+ * Return value reflects result:
+ * 1: nonces present and equal.
+ * 2: nonces both absent.
+ * 3: nonce present in response only.
+ * 0: nonces both present and not equal.
+ * -1: nonce in request only.
+ *
+ * For most responders clients can check return > 0.
+ * If responder doesn't handle nonces return != 0 may be
+ * necessary. return == 0 is always an error.
+ */
+
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
+{
+ /*
+ * Since we are only interested in the presence or absence of
+ * the nonce and comparing its value there is no need to use
+ * the X509V3 routines: this way we can avoid them allocating an
+ * ASN1_OCTET_STRING structure for the value which would be
+ * freed immediately anyway.
+ */
+
+ int req_idx, resp_idx;
+ X509_EXTENSION *req_ext, *resp_ext;
+ req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+ resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
+ /* Check both absent */
+ if ((req_idx < 0) && (resp_idx < 0))
+ return 2;
+ /* Check in request only */
+ if ((req_idx >= 0) && (resp_idx < 0))
+ return -1;
+ /* Check in response but not request */
+ if ((req_idx < 0) && (resp_idx >= 0))
+ return 3;
+ /*
+ * Otherwise nonce in request and response so retrieve the extensions
+ */
+ req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+ resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
+ if (ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
+ return 0;
+ return 1;
+}
+
+/*
+ * Copy the nonce value (if any) from an OCSP request to a response.
+ */
+
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
+{
+ X509_EXTENSION *req_ext;
+ int req_idx;
+ /* Check for nonce in request */
+ req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+ /* If no nonce that's OK */
+ if (req_idx < 0)
+ return 2;
+ req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+ return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
+}
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
+{
+ X509_EXTENSION *x = NULL;
+ OCSP_CRLID *cid = NULL;
+
+ if (!(cid = OCSP_CRLID_new()))
+ goto err;
+ if (url) {
+ if (!(cid->crlUrl = ASN1_IA5STRING_new()))
+ goto err;
+ if (!(ASN1_STRING_set(cid->crlUrl, url, -1)))
+ goto err;
+ }
+ if (n) {
+ if (!(cid->crlNum = ASN1_INTEGER_new()))
+ goto err;
+ if (!(ASN1_INTEGER_set(cid->crlNum, *n)))
+ goto err;
+ }
+ if (tim) {
+ if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new()))
+ goto err;
+ if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
+ goto err;
+ }
+ if (!(x = X509_EXTENSION_new()))
+ goto err;
+ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID)))
+ goto err;
+ if (!(ASN1_STRING_encode_of(OCSP_CRLID, x->value, i2d_OCSP_CRLID, cid,
+ NULL)))
+ goto err;
+ OCSP_CRLID_free(cid);
+ return x;
+ err:
+ if (x)
+ X509_EXTENSION_free(x);
+ if (cid)
+ OCSP_CRLID_free(cid);
+ return NULL;
+}
+
+/* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
+X509_EXTENSION *OCSP_accept_responses_new(char **oids)
+{
+ int nid;
+ STACK_OF(ASN1_OBJECT) *sk = NULL;
+ ASN1_OBJECT *o = NULL;
+ X509_EXTENSION *x = NULL;
+
+ if (!(sk = sk_ASN1_OBJECT_new_null()))
+ goto err;
+ while (oids && *oids) {
+ if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid)))
+ sk_ASN1_OBJECT_push(sk, o);
+ oids++;
+ }
+ if (!(x = X509_EXTENSION_new()))
+ goto err;
+ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
+ goto err;
+ if (!(ASN1_STRING_encode_of(ASN1_OBJECT, x->value, i2d_ASN1_OBJECT, NULL,
+ sk)))
+ goto err;
+ sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+ return x;
+ err:
+ if (x)
+ X509_EXTENSION_free(x);
+ if (sk)
+ sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+ return NULL;
+}
+
+/* ArchiveCutoff ::= GeneralizedTime */
+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim)
+{
+ X509_EXTENSION *x = NULL;
+ ASN1_GENERALIZEDTIME *gt = NULL;
+
+ if (!(gt = ASN1_GENERALIZEDTIME_new()))
+ goto err;
+ if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
+ goto err;
+ if (!(x = X509_EXTENSION_new()))
+ goto err;
+ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))
+ goto err;
+ if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME, x->value,
+ i2d_ASN1_GENERALIZEDTIME, gt, NULL)))
+ goto err;
+ ASN1_GENERALIZEDTIME_free(gt);
+ return x;
+ err:
+ if (gt)
+ ASN1_GENERALIZEDTIME_free(gt);
+ if (x)
+ X509_EXTENSION_free(x);
+ return NULL;
+}
+
+/*
+ * per ACCESS_DESCRIPTION parameter are oids, of which there are currently
+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This method
+ * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
+ */
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls)
+{
+ X509_EXTENSION *x = NULL;
+ ASN1_IA5STRING *ia5 = NULL;
+ OCSP_SERVICELOC *sloc = NULL;
+ ACCESS_DESCRIPTION *ad = NULL;
+
+ if (!(sloc = OCSP_SERVICELOC_new()))
+ goto err;
+ if (!(sloc->issuer = X509_NAME_dup(issuer)))
+ goto err;
+ if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null()))
+ goto err;
+ while (urls && *urls) {
+ if (!(ad = ACCESS_DESCRIPTION_new()))
+ goto err;
+ if (!(ad->method = OBJ_nid2obj(NID_ad_OCSP)))
+ goto err;
+ if (!(ad->location = GENERAL_NAME_new()))
+ goto err;
+ if (!(ia5 = ASN1_IA5STRING_new()))
+ goto err;
+ if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1))
+ goto err;
+ ad->location->type = GEN_URI;
+ ad->location->d.ia5 = ia5;
+ if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
+ goto err;
+ urls++;
+ }
+ if (!(x = X509_EXTENSION_new()))
+ goto err;
+ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator)))
+ goto err;
+ if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC, x->value,
+ i2d_OCSP_SERVICELOC, sloc, NULL)))
+ goto err;
+ OCSP_SERVICELOC_free(sloc);
+ return x;
+ err:
+ if (x)
+ X509_EXTENSION_free(x);
+ if (sloc)
+ OCSP_SERVICELOC_free(sloc);
+ return NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ht.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ht.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ht.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,481 +0,0 @@
-/* ocsp_ht.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include "e_os.h"
-#include <openssl/asn1.h>
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
-#include <openssl/buffer.h>
-#ifdef OPENSSL_SYS_SUNOS
-#define strtoul (unsigned long)strtol
-#endif /* OPENSSL_SYS_SUNOS */
-
-/* Stateful OCSP request code, supporting non-blocking I/O */
-
-/* Opaque OCSP request status structure */
-
-struct ocsp_req_ctx_st {
- int state; /* Current I/O state */
- unsigned char *iobuf; /* Line buffer */
- int iobuflen; /* Line buffer length */
- BIO *io; /* BIO to perform I/O with */
- BIO *mem; /* Memory BIO response is built into */
- unsigned long asn1_len; /* ASN1 length of response */
- };
-
-#define OCSP_MAX_REQUEST_LENGTH (100 * 1024)
-#define OCSP_MAX_LINE_LEN 4096;
-
-/* OCSP states */
-
-/* If set no reading should be performed */
-#define OHS_NOREAD 0x1000
-/* Error condition */
-#define OHS_ERROR (0 | OHS_NOREAD)
-/* First line being read */
-#define OHS_FIRSTLINE 1
-/* MIME headers being read */
-#define OHS_HEADERS 2
-/* OCSP initial header (tag + length) being read */
-#define OHS_ASN1_HEADER 3
-/* OCSP content octets being read */
-#define OHS_ASN1_CONTENT 4
-/* Request being sent */
-#define OHS_ASN1_WRITE (6 | OHS_NOREAD)
-/* Request being flushed */
-#define OHS_ASN1_FLUSH (7 | OHS_NOREAD)
-/* Completed */
-#define OHS_DONE (8 | OHS_NOREAD)
-
-
-static int parse_http_line1(char *line);
-
-void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
- {
- if (rctx->mem)
- BIO_free(rctx->mem);
- if (rctx->iobuf)
- OPENSSL_free(rctx->iobuf);
- OPENSSL_free(rctx);
- }
-
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
- int maxline)
- {
- static char post_hdr[] = "POST %s HTTP/1.0\r\n"
- "Content-Type: application/ocsp-request\r\n"
- "Content-Length: %d\r\n\r\n";
-
- OCSP_REQ_CTX *rctx;
- rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
- rctx->state = OHS_FIRSTLINE;
- rctx->mem = BIO_new(BIO_s_mem());
- rctx->io = io;
- if (maxline > 0)
- rctx->iobuflen = maxline;
- else
- rctx->iobuflen = OCSP_MAX_LINE_LEN;
- rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
- if (!path)
- path = "/";
-
- if (BIO_printf(rctx->mem, post_hdr, path,
- i2d_OCSP_REQUEST(req, NULL)) <= 0)
- {
- rctx->state = OHS_ERROR;
- return 0;
- }
- if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
- {
- rctx->state = OHS_ERROR;
- return 0;
- }
- rctx->state = OHS_ASN1_WRITE;
- rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
-
- return rctx;
- }
-
-/* Parse the HTTP response. This will look like this:
- * "HTTP/1.0 200 OK". We need to obtain the numeric code and
- * (optional) informational message.
- */
-
-static int parse_http_line1(char *line)
- {
- int retcode;
- char *p, *q, *r;
- /* Skip to first white space (passed protocol info) */
-
- for(p = line; *p && !isspace((unsigned char)*p); p++)
- continue;
- if(!*p)
- {
- OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
- OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
- return 0;
- }
-
- /* Skip past white space to start of response code */
- while(*p && isspace((unsigned char)*p))
- p++;
-
- if(!*p)
- {
- OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
- OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
- return 0;
- }
-
- /* Find end of response code: first whitespace after start of code */
- for(q = p; *q && !isspace((unsigned char)*q); q++)
- continue;
-
- if(!*q)
- {
- OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
- OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
- return 0;
- }
-
- /* Set end of response code and start of message */
- *q++ = 0;
-
- /* Attempt to parse numeric code */
- retcode = strtoul(p, &r, 10);
-
- if(*r)
- return 0;
-
- /* Skip over any leading white space in message */
- while(*q && isspace((unsigned char)*q))
- q++;
-
- if(*q)
- {
- /* Finally zap any trailing white space in message (include
- * CRLF) */
-
- /* We know q has a non white space character so this is OK */
- for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
- *r = 0;
- }
- if(retcode != 200)
- {
- OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
- if(!*q)
- ERR_add_error_data(2, "Code=", p);
- else
- ERR_add_error_data(4, "Code=", p, ",Reason=", q);
- return 0;
- }
-
-
- return 1;
-
- }
-
-int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
- {
- int i, n;
- const unsigned char *p;
- next_io:
- if (!(rctx->state & OHS_NOREAD))
- {
- n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);
-
- if (n <= 0)
- {
- if (BIO_should_retry(rctx->io))
- return -1;
- return 0;
- }
-
- /* Write data to memory BIO */
-
- if (BIO_write(rctx->mem, rctx->iobuf, n) != n)
- return 0;
- }
-
- switch(rctx->state)
- {
-
- case OHS_ASN1_WRITE:
- n = BIO_get_mem_data(rctx->mem, &p);
-
- i = BIO_write(rctx->io,
- p + (n - rctx->asn1_len), rctx->asn1_len);
-
- if (i <= 0)
- {
- if (BIO_should_retry(rctx->io))
- return -1;
- rctx->state = OHS_ERROR;
- return 0;
- }
-
- rctx->asn1_len -= i;
-
- if (rctx->asn1_len > 0)
- goto next_io;
-
- rctx->state = OHS_ASN1_FLUSH;
-
- (void)BIO_reset(rctx->mem);
-
- case OHS_ASN1_FLUSH:
-
- i = BIO_flush(rctx->io);
-
- if (i > 0)
- {
- rctx->state = OHS_FIRSTLINE;
- goto next_io;
- }
-
- if (BIO_should_retry(rctx->io))
- return -1;
-
- rctx->state = OHS_ERROR;
- return 0;
-
- case OHS_ERROR:
- return 0;
-
- case OHS_FIRSTLINE:
- case OHS_HEADERS:
-
- /* Attempt to read a line in */
-
- next_line:
- /* Due to &%^*$" memory BIO behaviour with BIO_gets we
- * have to check there's a complete line in there before
- * calling BIO_gets or we'll just get a partial read.
- */
- n = BIO_get_mem_data(rctx->mem, &p);
- if ((n <= 0) || !memchr(p, '\n', n))
- {
- if (n >= rctx->iobuflen)
- {
- rctx->state = OHS_ERROR;
- return 0;
- }
- goto next_io;
- }
- n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);
-
- if (n <= 0)
- {
- if (BIO_should_retry(rctx->mem))
- goto next_io;
- rctx->state = OHS_ERROR;
- return 0;
- }
-
- /* Don't allow excessive lines */
- if (n == rctx->iobuflen)
- {
- rctx->state = OHS_ERROR;
- return 0;
- }
-
- /* First line */
- if (rctx->state == OHS_FIRSTLINE)
- {
- if (parse_http_line1((char *)rctx->iobuf))
- {
- rctx->state = OHS_HEADERS;
- goto next_line;
- }
- else
- {
- rctx->state = OHS_ERROR;
- return 0;
- }
- }
- else
- {
- /* Look for blank line: end of headers */
- for (p = rctx->iobuf; *p; p++)
- {
- if ((*p != '\r') && (*p != '\n'))
- break;
- }
- if (*p)
- goto next_line;
-
- rctx->state = OHS_ASN1_HEADER;
-
- }
-
- /* Fall thru */
-
-
- case OHS_ASN1_HEADER:
- /* Now reading ASN1 header: can read at least 2 bytes which
- * is enough for ASN1 SEQUENCE header and either length field
- * or at least the length of the length field.
- */
- n = BIO_get_mem_data(rctx->mem, &p);
- if (n < 2)
- goto next_io;
-
- /* Check it is an ASN1 SEQUENCE */
- if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
- {
- rctx->state = OHS_ERROR;
- return 0;
- }
-
- /* Check out length field */
- if (*p & 0x80)
- {
- /* If MSB set on initial length octet we can now
- * always read 6 octets: make sure we have them.
- */
- if (n < 6)
- goto next_io;
- n = *p & 0x7F;
- /* Not NDEF or excessive length */
- if (!n || (n > 4))
- {
- rctx->state = OHS_ERROR;
- return 0;
- }
- p++;
- rctx->asn1_len = 0;
- for (i = 0; i < n; i++)
- {
- rctx->asn1_len <<= 8;
- rctx->asn1_len |= *p++;
- }
-
- if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH)
- {
- rctx->state = OHS_ERROR;
- return 0;
- }
-
- rctx->asn1_len += n + 2;
- }
- else
- rctx->asn1_len = *p + 2;
-
- rctx->state = OHS_ASN1_CONTENT;
-
- /* Fall thru */
-
- case OHS_ASN1_CONTENT:
- n = BIO_get_mem_data(rctx->mem, &p);
- if (n < (int)rctx->asn1_len)
- goto next_io;
-
-
- *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len);
- if (*presp)
- {
- rctx->state = OHS_DONE;
- return 1;
- }
-
- rctx->state = OHS_ERROR;
- return 0;
-
- break;
-
- case OHS_DONE:
- return 1;
-
- }
-
-
-
- return 0;
-
-
- }
-
-/* Blocking OCSP request handler: now a special case of non-blocking I/O */
-
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
- {
- OCSP_RESPONSE *resp = NULL;
- OCSP_REQ_CTX *ctx;
- int rv;
-
- ctx = OCSP_sendreq_new(b, path, req, -1);
-
- if (!ctx)
- return NULL;
-
- do
- {
- rv = OCSP_sendreq_nbio(&resp, ctx);
- } while ((rv == -1) && BIO_should_retry(b));
-
- OCSP_REQ_CTX_free(ctx);
-
- if (rv)
- return resp;
-
- return NULL;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ht.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ocsp/ocsp_ht.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ht.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_ht.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,444 @@
+/* ocsp_ht.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include "e_os.h"
+#include <openssl/asn1.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+#ifdef OPENSSL_SYS_SUNOS
+# define strtoul (unsigned long)strtol
+#endif /* OPENSSL_SYS_SUNOS */
+
+/* Stateful OCSP request code, supporting non-blocking I/O */
+
+/* Opaque OCSP request status structure */
+
+struct ocsp_req_ctx_st {
+ int state; /* Current I/O state */
+ unsigned char *iobuf; /* Line buffer */
+ int iobuflen; /* Line buffer length */
+ BIO *io; /* BIO to perform I/O with */
+ BIO *mem; /* Memory BIO response is built into */
+ unsigned long asn1_len; /* ASN1 length of response */
+};
+
+#define OCSP_MAX_REQUEST_LENGTH (100 * 1024)
+#define OCSP_MAX_LINE_LEN 4096;
+
+/* OCSP states */
+
+/* If set no reading should be performed */
+#define OHS_NOREAD 0x1000
+/* Error condition */
+#define OHS_ERROR (0 | OHS_NOREAD)
+/* First line being read */
+#define OHS_FIRSTLINE 1
+/* MIME headers being read */
+#define OHS_HEADERS 2
+/* OCSP initial header (tag + length) being read */
+#define OHS_ASN1_HEADER 3
+/* OCSP content octets being read */
+#define OHS_ASN1_CONTENT 4
+/* Request being sent */
+#define OHS_ASN1_WRITE (6 | OHS_NOREAD)
+/* Request being flushed */
+#define OHS_ASN1_FLUSH (7 | OHS_NOREAD)
+/* Completed */
+#define OHS_DONE (8 | OHS_NOREAD)
+
+static int parse_http_line1(char *line);
+
+void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
+{
+ if (rctx->mem)
+ BIO_free(rctx->mem);
+ if (rctx->iobuf)
+ OPENSSL_free(rctx->iobuf);
+ OPENSSL_free(rctx);
+}
+
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
+ int maxline)
+{
+ static char post_hdr[] = "POST %s HTTP/1.0\r\n"
+ "Content-Type: application/ocsp-request\r\n"
+ "Content-Length: %d\r\n\r\n";
+
+ OCSP_REQ_CTX *rctx;
+ rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
+ rctx->state = OHS_FIRSTLINE;
+ rctx->mem = BIO_new(BIO_s_mem());
+ rctx->io = io;
+ if (maxline > 0)
+ rctx->iobuflen = maxline;
+ else
+ rctx->iobuflen = OCSP_MAX_LINE_LEN;
+ rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
+ if (!path)
+ path = "/";
+
+ if (BIO_printf(rctx->mem, post_hdr, path,
+ i2d_OCSP_REQUEST(req, NULL)) <= 0) {
+ rctx->state = OHS_ERROR;
+ return 0;
+ }
+ if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) {
+ rctx->state = OHS_ERROR;
+ return 0;
+ }
+ rctx->state = OHS_ASN1_WRITE;
+ rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
+
+ return rctx;
+}
+
+/*
+ * Parse the HTTP response. This will look like this: "HTTP/1.0 200 OK". We
+ * need to obtain the numeric code and (optional) informational message.
+ */
+
+static int parse_http_line1(char *line)
+{
+ int retcode;
+ char *p, *q, *r;
+ /* Skip to first white space (passed protocol info) */
+
+ for (p = line; *p && !isspace((unsigned char)*p); p++)
+ continue;
+ if (!*p) {
+ OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+ return 0;
+ }
+
+ /* Skip past white space to start of response code */
+ while (*p && isspace((unsigned char)*p))
+ p++;
+
+ if (!*p) {
+ OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+ return 0;
+ }
+
+ /* Find end of response code: first whitespace after start of code */
+ for (q = p; *q && !isspace((unsigned char)*q); q++)
+ continue;
+
+ if (!*q) {
+ OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+ return 0;
+ }
+
+ /* Set end of response code and start of message */
+ *q++ = 0;
+
+ /* Attempt to parse numeric code */
+ retcode = strtoul(p, &r, 10);
+
+ if (*r)
+ return 0;
+
+ /* Skip over any leading white space in message */
+ while (*q && isspace((unsigned char)*q))
+ q++;
+
+ if (*q) {
+ /*
+ * Finally zap any trailing white space in message (include CRLF)
+ */
+
+ /* We know q has a non white space character so this is OK */
+ for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
+ *r = 0;
+ }
+ if (retcode != 200) {
+ OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
+ if (!*q)
+ ERR_add_error_data(2, "Code=", p);
+ else
+ ERR_add_error_data(4, "Code=", p, ",Reason=", q);
+ return 0;
+ }
+
+ return 1;
+
+}
+
+int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
+{
+ int i, n;
+ const unsigned char *p;
+ next_io:
+ if (!(rctx->state & OHS_NOREAD)) {
+ n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);
+
+ if (n <= 0) {
+ if (BIO_should_retry(rctx->io))
+ return -1;
+ return 0;
+ }
+
+ /* Write data to memory BIO */
+
+ if (BIO_write(rctx->mem, rctx->iobuf, n) != n)
+ return 0;
+ }
+
+ switch (rctx->state) {
+
+ case OHS_ASN1_WRITE:
+ n = BIO_get_mem_data(rctx->mem, &p);
+
+ i = BIO_write(rctx->io, p + (n - rctx->asn1_len), rctx->asn1_len);
+
+ if (i <= 0) {
+ if (BIO_should_retry(rctx->io))
+ return -1;
+ rctx->state = OHS_ERROR;
+ return 0;
+ }
+
+ rctx->asn1_len -= i;
+
+ if (rctx->asn1_len > 0)
+ goto next_io;
+
+ rctx->state = OHS_ASN1_FLUSH;
+
+ (void)BIO_reset(rctx->mem);
+
+ case OHS_ASN1_FLUSH:
+
+ i = BIO_flush(rctx->io);
+
+ if (i > 0) {
+ rctx->state = OHS_FIRSTLINE;
+ goto next_io;
+ }
+
+ if (BIO_should_retry(rctx->io))
+ return -1;
+
+ rctx->state = OHS_ERROR;
+ return 0;
+
+ case OHS_ERROR:
+ return 0;
+
+ case OHS_FIRSTLINE:
+ case OHS_HEADERS:
+
+ /* Attempt to read a line in */
+
+ next_line:
+ /*
+ * Due to &%^*$" memory BIO behaviour with BIO_gets we have to check
+ * there's a complete line in there before calling BIO_gets or we'll
+ * just get a partial read.
+ */
+ n = BIO_get_mem_data(rctx->mem, &p);
+ if ((n <= 0) || !memchr(p, '\n', n)) {
+ if (n >= rctx->iobuflen) {
+ rctx->state = OHS_ERROR;
+ return 0;
+ }
+ goto next_io;
+ }
+ n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);
+
+ if (n <= 0) {
+ if (BIO_should_retry(rctx->mem))
+ goto next_io;
+ rctx->state = OHS_ERROR;
+ return 0;
+ }
+
+ /* Don't allow excessive lines */
+ if (n == rctx->iobuflen) {
+ rctx->state = OHS_ERROR;
+ return 0;
+ }
+
+ /* First line */
+ if (rctx->state == OHS_FIRSTLINE) {
+ if (parse_http_line1((char *)rctx->iobuf)) {
+ rctx->state = OHS_HEADERS;
+ goto next_line;
+ } else {
+ rctx->state = OHS_ERROR;
+ return 0;
+ }
+ } else {
+ /* Look for blank line: end of headers */
+ for (p = rctx->iobuf; *p; p++) {
+ if ((*p != '\r') && (*p != '\n'))
+ break;
+ }
+ if (*p)
+ goto next_line;
+
+ rctx->state = OHS_ASN1_HEADER;
+
+ }
+
+ /* Fall thru */
+
+ case OHS_ASN1_HEADER:
+ /*
+ * Now reading ASN1 header: can read at least 2 bytes which is enough
+ * for ASN1 SEQUENCE header and either length field or at least the
+ * length of the length field.
+ */
+ n = BIO_get_mem_data(rctx->mem, &p);
+ if (n < 2)
+ goto next_io;
+
+ /* Check it is an ASN1 SEQUENCE */
+ if (*p++ != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {
+ rctx->state = OHS_ERROR;
+ return 0;
+ }
+
+ /* Check out length field */
+ if (*p & 0x80) {
+ /*
+ * If MSB set on initial length octet we can now always read 6
+ * octets: make sure we have them.
+ */
+ if (n < 6)
+ goto next_io;
+ n = *p & 0x7F;
+ /* Not NDEF or excessive length */
+ if (!n || (n > 4)) {
+ rctx->state = OHS_ERROR;
+ return 0;
+ }
+ p++;
+ rctx->asn1_len = 0;
+ for (i = 0; i < n; i++) {
+ rctx->asn1_len <<= 8;
+ rctx->asn1_len |= *p++;
+ }
+
+ if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) {
+ rctx->state = OHS_ERROR;
+ return 0;
+ }
+
+ rctx->asn1_len += n + 2;
+ } else
+ rctx->asn1_len = *p + 2;
+
+ rctx->state = OHS_ASN1_CONTENT;
+
+ /* Fall thru */
+
+ case OHS_ASN1_CONTENT:
+ n = BIO_get_mem_data(rctx->mem, &p);
+ if (n < (int)rctx->asn1_len)
+ goto next_io;
+
+ *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len);
+ if (*presp) {
+ rctx->state = OHS_DONE;
+ return 1;
+ }
+
+ rctx->state = OHS_ERROR;
+ return 0;
+
+ break;
+
+ case OHS_DONE:
+ return 1;
+
+ }
+
+ return 0;
+
+}
+
+/* Blocking OCSP request handler: now a special case of non-blocking I/O */
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
+{
+ OCSP_RESPONSE *resp = NULL;
+ OCSP_REQ_CTX *ctx;
+ int rv;
+
+ ctx = OCSP_sendreq_new(b, path, req, -1);
+
+ if (!ctx)
+ return NULL;
+
+ do {
+ rv = OCSP_sendreq_nbio(&resp, ctx);
+ } while ((rv == -1) && BIO_should_retry(b));
+
+ OCSP_REQ_CTX_free(ctx);
+
+ if (rv)
+ return resp;
+
+ return NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ocsp/ocsp_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,273 +0,0 @@
-/* ocsp_lib.c */
-/* Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
- * project. */
-
-/* History:
- This file was transfered to Richard Levitte from CertCo by Kathy
- Weinhold in mid-spring 2000 to be included in OpenSSL or released
- as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/ocsp.h>
-
-/* Convert a certificate and its issuer to an OCSP_CERTID */
-
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
-{
- X509_NAME *iname;
- ASN1_INTEGER *serial;
- ASN1_BIT_STRING *ikey;
-#ifndef OPENSSL_NO_SHA1
- if(!dgst) dgst = EVP_sha1();
-#endif
- if (subject)
- {
- iname = X509_get_issuer_name(subject);
- serial = X509_get_serialNumber(subject);
- }
- else
- {
- iname = X509_get_subject_name(issuer);
- serial = NULL;
- }
- ikey = X509_get0_pubkey_bitstr(issuer);
- return OCSP_cert_id_new(dgst, iname, ikey, serial);
-}
-
-
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
- X509_NAME *issuerName,
- ASN1_BIT_STRING* issuerKey,
- ASN1_INTEGER *serialNumber)
- {
- int nid;
- unsigned int i;
- X509_ALGOR *alg;
- OCSP_CERTID *cid = NULL;
- unsigned char md[EVP_MAX_MD_SIZE];
-
- if (!(cid = OCSP_CERTID_new())) goto err;
-
- alg = cid->hashAlgorithm;
- if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
- if ((nid = EVP_MD_type(dgst)) == NID_undef)
- {
- OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
- goto err;
- }
- if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
- if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
- alg->parameter->type=V_ASN1_NULL;
-
- if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;
- if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
-
- /* Calculate the issuerKey hash, excluding tag and length */
- EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL);
-
- if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
-
- if (serialNumber)
- {
- ASN1_INTEGER_free(cid->serialNumber);
- if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
- }
- return cid;
-digerr:
- OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
-err:
- if (cid) OCSP_CERTID_free(cid);
- return NULL;
- }
-
-int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
- {
- int ret;
- ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
- if (ret) return ret;
- ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
- if (ret) return ret;
- return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
- }
-
-int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
- {
- int ret;
- ret = OCSP_id_issuer_cmp(a, b);
- if (ret) return ret;
- return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
- }
-
-
-/* Parse a URL and split it up into host, port and path components and whether
- * it is SSL.
- */
-
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
- {
- char *p, *buf;
-
- char *host, *port;
-
- *phost = NULL;
- *pport = NULL;
- *ppath = NULL;
-
- /* dup the buffer since we are going to mess with it */
- buf = BUF_strdup(url);
- if (!buf) goto mem_err;
-
- /* Check for initial colon */
- p = strchr(buf, ':');
-
- if (!p) goto parse_err;
-
- *(p++) = '\0';
-
- if (!strcmp(buf, "http"))
- {
- *pssl = 0;
- port = "80";
- }
- else if (!strcmp(buf, "https"))
- {
- *pssl = 1;
- port = "443";
- }
- else
- goto parse_err;
-
- /* Check for double slash */
- if ((p[0] != '/') || (p[1] != '/'))
- goto parse_err;
-
- p += 2;
-
- host = p;
-
- /* Check for trailing part of path */
-
- p = strchr(p, '/');
-
- if (!p)
- *ppath = BUF_strdup("/");
- else
- {
- *ppath = BUF_strdup(p);
- /* Set start of path to 0 so hostname is valid */
- *p = '\0';
- }
-
- if (!*ppath) goto mem_err;
-
- p = host;
- if(host[0] == '[')
- {
- /* ipv6 literal */
- host++;
- p = strchr(host, ']');
- if(!p) goto parse_err;
- *p = '\0';
- p++;
- }
-
- /* Look for optional ':' for port number */
- if ((p = strchr(p, ':')))
- {
- *p = 0;
- port = p + 1;
- }
- else
- {
- /* Not found: set default port */
- if (*pssl) port = "443";
- else port = "80";
- }
-
- *pport = BUF_strdup(port);
- if (!*pport) goto mem_err;
-
- *phost = BUF_strdup(host);
-
- if (!*phost) goto mem_err;
-
- OPENSSL_free(buf);
-
- return 1;
-
- mem_err:
- OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
- goto err;
-
- parse_err:
- OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
-
-
- err:
- if (buf) OPENSSL_free(buf);
- if (*ppath) OPENSSL_free(*ppath);
- if (*pport) OPENSSL_free(*pport);
- if (*phost) OPENSSL_free(*phost);
- return 0;
-
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ocsp/ocsp_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,286 @@
+/* ocsp_lib.c */
+/*
+ * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
+ * project.
+ */
+
+/*
+ * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
+ * patch kit.
+ */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/* Convert a certificate and its issuer to an OCSP_CERTID */
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
+{
+ X509_NAME *iname;
+ ASN1_INTEGER *serial;
+ ASN1_BIT_STRING *ikey;
+#ifndef OPENSSL_NO_SHA1
+ if (!dgst)
+ dgst = EVP_sha1();
+#endif
+ if (subject) {
+ iname = X509_get_issuer_name(subject);
+ serial = X509_get_serialNumber(subject);
+ } else {
+ iname = X509_get_subject_name(issuer);
+ serial = NULL;
+ }
+ ikey = X509_get0_pubkey_bitstr(issuer);
+ return OCSP_cert_id_new(dgst, iname, ikey, serial);
+}
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+ X509_NAME *issuerName,
+ ASN1_BIT_STRING *issuerKey,
+ ASN1_INTEGER *serialNumber)
+{
+ int nid;
+ unsigned int i;
+ X509_ALGOR *alg;
+ OCSP_CERTID *cid = NULL;
+ unsigned char md[EVP_MAX_MD_SIZE];
+
+ if (!(cid = OCSP_CERTID_new()))
+ goto err;
+
+ alg = cid->hashAlgorithm;
+ if (alg->algorithm != NULL)
+ ASN1_OBJECT_free(alg->algorithm);
+ if ((nid = EVP_MD_type(dgst)) == NID_undef) {
+ OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
+ goto err;
+ }
+ if (!(alg->algorithm = OBJ_nid2obj(nid)))
+ goto err;
+ if ((alg->parameter = ASN1_TYPE_new()) == NULL)
+ goto err;
+ alg->parameter->type = V_ASN1_NULL;
+
+ if (!X509_NAME_digest(issuerName, dgst, md, &i))
+ goto digerr;
+ if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i)))
+ goto err;
+
+ /* Calculate the issuerKey hash, excluding tag and length */
+ EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL);
+
+ if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i)))
+ goto err;
+
+ if (serialNumber) {
+ ASN1_INTEGER_free(cid->serialNumber);
+ if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber)))
+ goto err;
+ }
+ return cid;
+ digerr:
+ OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
+ err:
+ if (cid)
+ OCSP_CERTID_free(cid);
+ return NULL;
+}
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+{
+ int ret;
+ ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
+ if (ret)
+ return ret;
+ ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
+ if (ret)
+ return ret;
+ return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
+}
+
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+{
+ int ret;
+ ret = OCSP_id_issuer_cmp(a, b);
+ if (ret)
+ return ret;
+ return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
+}
+
+/*
+ * Parse a URL and split it up into host, port and path components and
+ * whether it is SSL.
+ */
+
+int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath,
+ int *pssl)
+{
+ char *p, *buf;
+
+ char *host, *port;
+
+ *phost = NULL;
+ *pport = NULL;
+ *ppath = NULL;
+
+ /* dup the buffer since we are going to mess with it */
+ buf = BUF_strdup(url);
+ if (!buf)
+ goto mem_err;
+
+ /* Check for initial colon */
+ p = strchr(buf, ':');
+
+ if (!p)
+ goto parse_err;
+
+ *(p++) = '\0';
+
+ if (!strcmp(buf, "http")) {
+ *pssl = 0;
+ port = "80";
+ } else if (!strcmp(buf, "https")) {
+ *pssl = 1;
+ port = "443";
+ } else
+ goto parse_err;
+
+ /* Check for double slash */
+ if ((p[0] != '/') || (p[1] != '/'))
+ goto parse_err;
+
+ p += 2;
+
+ host = p;
+
+ /* Check for trailing part of path */
+
+ p = strchr(p, '/');
+
+ if (!p)
+ *ppath = BUF_strdup("/");
+ else {
+ *ppath = BUF_strdup(p);
+ /* Set start of path to 0 so hostname is valid */
+ *p = '\0';
+ }
+
+ if (!*ppath)
+ goto mem_err;
+
+ p = host;
+ if (host[0] == '[') {
+ /* ipv6 literal */
+ host++;
+ p = strchr(host, ']');
+ if (!p)
+ goto parse_err;
+ *p = '\0';
+ p++;
+ }
+
+ /* Look for optional ':' for port number */
+ if ((p = strchr(p, ':'))) {
+ *p = 0;
+ port = p + 1;
+ } else {
+ /* Not found: set default port */
+ if (*pssl)
+ port = "443";
+ else
+ port = "80";
+ }
+
+ *pport = BUF_strdup(port);
+ if (!*pport)
+ goto mem_err;
+
+ *phost = BUF_strdup(host);
+
+ if (!*phost)
+ goto mem_err;
+
+ OPENSSL_free(buf);
+
+ return 1;
+
+ mem_err:
+ OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
+ goto err;
+
+ parse_err:
+ OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
+
+ err:
+ if (buf)
+ OPENSSL_free(buf);
+ if (*ppath)
+ OPENSSL_free(*ppath);
+ if (*pport)
+ OPENSSL_free(*pport);
+ if (*phost)
+ OPENSSL_free(*phost);
+ return 0;
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_prn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ocsp/ocsp_prn.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_prn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,290 +0,0 @@
-/* ocsp_prn.c */
-/* Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
- * project. */
-
-/* History:
- This file was originally part of ocsp.c and was transfered to Richard
- Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
- in OpenSSL or released as a patch kit. */
-
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/ocsp.h>
-#include <openssl/pem.h>
-
-static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
- {
- BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
- indent += 2;
- BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
- i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
- BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
- i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
- BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
- i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
- BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
- i2a_ASN1_INTEGER(bp, a->serialNumber);
- BIO_printf(bp, "\n");
- return 1;
- }
-
-typedef struct
- {
- long t;
- char *m;
- } OCSP_TBLSTR;
-
-static char *table2string(long s, OCSP_TBLSTR *ts, int len)
-{
- OCSP_TBLSTR *p;
- for (p=ts; p < ts + len; p++)
- if (p->t == s)
- return p->m;
- return "(UNKNOWN)";
-}
-
-char *OCSP_response_status_str(long s)
- {
- static OCSP_TBLSTR rstat_tbl[] = {
- { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
- { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
- { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
- { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
- { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
- { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } };
- return table2string(s, rstat_tbl, 6);
- }
-
-char *OCSP_cert_status_str(long s)
- {
- static OCSP_TBLSTR cstat_tbl[] = {
- { V_OCSP_CERTSTATUS_GOOD, "good" },
- { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
- { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } };
- return table2string(s, cstat_tbl, 3);
- }
-
-char *OCSP_crl_reason_str(long s)
- {
- OCSP_TBLSTR reason_tbl[] = {
- { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
- { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
- { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
- { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
- { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
- { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
- { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
- { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } };
- return table2string(s, reason_tbl, 8);
- }
-
-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
- {
- int i;
- long l;
- OCSP_CERTID* cid = NULL;
- OCSP_ONEREQ *one = NULL;
- OCSP_REQINFO *inf = o->tbsRequest;
- OCSP_SIGNATURE *sig = o->optionalSignature;
-
- if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
- l=ASN1_INTEGER_get(inf->version);
- if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0) goto err;
- if (inf->requestorName != NULL)
- {
- if (BIO_write(bp,"\n Requestor Name: ",21) <= 0)
- goto err;
- GENERAL_NAME_print(bp, inf->requestorName);
- }
- if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) goto err;
- for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
- {
- one = sk_OCSP_ONEREQ_value(inf->requestList, i);
- cid = one->reqCert;
- ocsp_certid_print(bp, cid, 8);
- if (!X509V3_extensions_print(bp,
- "Request Single Extensions",
- one->singleRequestExtensions, flags, 8))
- goto err;
- }
- if (!X509V3_extensions_print(bp, "Request Extensions",
- inf->requestExtensions, flags, 4))
- goto err;
- if (sig)
- {
- X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
- for (i=0; i<sk_X509_num(sig->certs); i++)
- {
- X509_print(bp, sk_X509_value(sig->certs,i));
- PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
- }
- }
- return 1;
-err:
- return 0;
- }
-
-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
- {
- int i, ret = 0;
- long l;
- OCSP_CERTID *cid = NULL;
- OCSP_BASICRESP *br = NULL;
- OCSP_RESPID *rid = NULL;
- OCSP_RESPDATA *rd = NULL;
- OCSP_CERTSTATUS *cst = NULL;
- OCSP_REVOKEDINFO *rev = NULL;
- OCSP_SINGLERESP *single = NULL;
- OCSP_RESPBYTES *rb = o->responseBytes;
-
- if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
- l=ASN1_ENUMERATED_get(o->responseStatus);
- if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n",
- OCSP_response_status_str(l), l) <= 0) goto err;
- if (rb == NULL) return 1;
- if (BIO_puts(bp," Response Type: ") <= 0)
- goto err;
- if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
- goto err;
- if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
- {
- BIO_puts(bp," (unknown response type)\n");
- return 1;
- }
-
- i = ASN1_STRING_length(rb->response);
- if (!(br = OCSP_response_get1_basic(o))) goto err;
- rd = br->tbsResponseData;
- l=ASN1_INTEGER_get(rd->version);
- if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n",
- l+1,l) <= 0) goto err;
- if (BIO_puts(bp," Responder Id: ") <= 0) goto err;
-
- rid = rd->responderId;
- switch (rid->type)
- {
- case V_OCSP_RESPID_NAME:
- X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
- break;
- case V_OCSP_RESPID_KEY:
- i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
- break;
- }
-
- if (BIO_printf(bp,"\n Produced At: ")<=0) goto err;
- if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;
- if (BIO_printf(bp,"\n Responses:\n") <= 0) goto err;
- for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
- {
- if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;
- single = sk_OCSP_SINGLERESP_value(rd->responses, i);
- cid = single->certId;
- if(ocsp_certid_print(bp, cid, 4) <= 0) goto err;
- cst = single->certStatus;
- if (BIO_printf(bp," Cert Status: %s",
- OCSP_cert_status_str(cst->type)) <= 0)
- goto err;
- if (cst->type == V_OCSP_CERTSTATUS_REVOKED)
- {
- rev = cst->value.revoked;
- if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
- goto err;
- if (!ASN1_GENERALIZEDTIME_print(bp,
- rev->revocationTime))
- goto err;
- if (rev->revocationReason)
- {
- l=ASN1_ENUMERATED_get(rev->revocationReason);
- if (BIO_printf(bp,
- "\n Revocation Reason: %s (0x%lx)",
- OCSP_crl_reason_str(l), l) <= 0)
- goto err;
- }
- }
- if (BIO_printf(bp,"\n This Update: ") <= 0) goto err;
- if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
- goto err;
- if (single->nextUpdate)
- {
- if (BIO_printf(bp,"\n Next Update: ") <= 0)goto err;
- if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
- goto err;
- }
- if (BIO_write(bp,"\n",1) <= 0) goto err;
- if (!X509V3_extensions_print(bp,
- "Response Single Extensions",
- single->singleExtensions, flags, 8))
- goto err;
- if (BIO_write(bp,"\n",1) <= 0) goto err;
- }
- if (!X509V3_extensions_print(bp, "Response Extensions",
- rd->responseExtensions, flags, 4))
- goto err;
- if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
- goto err;
-
- for (i=0; i<sk_X509_num(br->certs); i++)
- {
- X509_print(bp, sk_X509_value(br->certs,i));
- PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
- }
-
- ret = 1;
-err:
- OCSP_BASICRESP_free(br);
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_prn.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ocsp/ocsp_prn.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_prn.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_prn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,300 @@
+/* ocsp_prn.c */
+/*
+ * Written by Tom Titchener <Tom_Titchener at groove.net> for the OpenSSL
+ * project.
+ */
+
+/*
+ * History: This file was originally part of ocsp.c and was transfered to
+ * Richard Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be
+ * included in OpenSSL or released as a patch kit.
+ */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/pem.h>
+
+static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
+{
+ BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
+ indent += 2;
+ BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
+ i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+ BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
+ i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
+ BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
+ i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
+ BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
+ i2a_ASN1_INTEGER(bp, a->serialNumber);
+ BIO_printf(bp, "\n");
+ return 1;
+}
+
+typedef struct {
+ long t;
+ char *m;
+} OCSP_TBLSTR;
+
+static char *table2string(long s, OCSP_TBLSTR *ts, int len)
+{
+ OCSP_TBLSTR *p;
+ for (p = ts; p < ts + len; p++)
+ if (p->t == s)
+ return p->m;
+ return "(UNKNOWN)";
+}
+
+char *OCSP_response_status_str(long s)
+{
+ static OCSP_TBLSTR rstat_tbl[] = {
+ {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"},
+ {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"},
+ {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"},
+ {OCSP_RESPONSE_STATUS_TRYLATER, "trylater"},
+ {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
+ {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}
+ };
+ return table2string(s, rstat_tbl, 6);
+}
+
+char *OCSP_cert_status_str(long s)
+{
+ static OCSP_TBLSTR cstat_tbl[] = {
+ {V_OCSP_CERTSTATUS_GOOD, "good"},
+ {V_OCSP_CERTSTATUS_REVOKED, "revoked"},
+ {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"}
+ };
+ return table2string(s, cstat_tbl, 3);
+}
+
+char *OCSP_crl_reason_str(long s)
+{
+ OCSP_TBLSTR reason_tbl[] = {
+ {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"},
+ {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"},
+ {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"},
+ {OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged"},
+ {OCSP_REVOKED_STATUS_SUPERSEDED, "superseded"},
+ {OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation"},
+ {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"},
+ {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"}
+ };
+ return table2string(s, reason_tbl, 8);
+}
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
+{
+ int i;
+ long l;
+ OCSP_CERTID *cid = NULL;
+ OCSP_ONEREQ *one = NULL;
+ OCSP_REQINFO *inf = o->tbsRequest;
+ OCSP_SIGNATURE *sig = o->optionalSignature;
+
+ if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
+ goto err;
+ l = ASN1_INTEGER_get(inf->version);
+ if (BIO_printf(bp, " Version: %lu (0x%lx)", l + 1, l) <= 0)
+ goto err;
+ if (inf->requestorName != NULL) {
+ if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0)
+ goto err;
+ GENERAL_NAME_print(bp, inf->requestorName);
+ }
+ if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0)
+ goto err;
+ for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {
+ one = sk_OCSP_ONEREQ_value(inf->requestList, i);
+ cid = one->reqCert;
+ ocsp_certid_print(bp, cid, 8);
+ if (!X509V3_extensions_print(bp,
+ "Request Single Extensions",
+ one->singleRequestExtensions, flags, 8))
+ goto err;
+ }
+ if (!X509V3_extensions_print(bp, "Request Extensions",
+ inf->requestExtensions, flags, 4))
+ goto err;
+ if (sig) {
+ X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
+ for (i = 0; i < sk_X509_num(sig->certs); i++) {
+ X509_print(bp, sk_X509_value(sig->certs, i));
+ PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
+ }
+ }
+ return 1;
+ err:
+ return 0;
+}
+
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
+{
+ int i, ret = 0;
+ long l;
+ OCSP_CERTID *cid = NULL;
+ OCSP_BASICRESP *br = NULL;
+ OCSP_RESPID *rid = NULL;
+ OCSP_RESPDATA *rd = NULL;
+ OCSP_CERTSTATUS *cst = NULL;
+ OCSP_REVOKEDINFO *rev = NULL;
+ OCSP_SINGLERESP *single = NULL;
+ OCSP_RESPBYTES *rb = o->responseBytes;
+
+ if (BIO_puts(bp, "OCSP Response Data:\n") <= 0)
+ goto err;
+ l = ASN1_ENUMERATED_get(o->responseStatus);
+ if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n",
+ OCSP_response_status_str(l), l) <= 0)
+ goto err;
+ if (rb == NULL)
+ return 1;
+ if (BIO_puts(bp, " Response Type: ") <= 0)
+ goto err;
+ if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
+ goto err;
+ if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
+ BIO_puts(bp, " (unknown response type)\n");
+ return 1;
+ }
+
+ i = ASN1_STRING_length(rb->response);
+ if (!(br = OCSP_response_get1_basic(o)))
+ goto err;
+ rd = br->tbsResponseData;
+ l = ASN1_INTEGER_get(rd->version);
+ if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l + 1, l) <= 0)
+ goto err;
+ if (BIO_puts(bp, " Responder Id: ") <= 0)
+ goto err;
+
+ rid = rd->responderId;
+ switch (rid->type) {
+ case V_OCSP_RESPID_NAME:
+ X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
+ break;
+ case V_OCSP_RESPID_KEY:
+ i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
+ break;
+ }
+
+ if (BIO_printf(bp, "\n Produced At: ") <= 0)
+ goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt))
+ goto err;
+ if (BIO_printf(bp, "\n Responses:\n") <= 0)
+ goto err;
+ for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
+ if (!sk_OCSP_SINGLERESP_value(rd->responses, i))
+ continue;
+ single = sk_OCSP_SINGLERESP_value(rd->responses, i);
+ cid = single->certId;
+ if (ocsp_certid_print(bp, cid, 4) <= 0)
+ goto err;
+ cst = single->certStatus;
+ if (BIO_printf(bp, " Cert Status: %s",
+ OCSP_cert_status_str(cst->type)) <= 0)
+ goto err;
+ if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {
+ rev = cst->value.revoked;
+ if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
+ goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp, rev->revocationTime))
+ goto err;
+ if (rev->revocationReason) {
+ l = ASN1_ENUMERATED_get(rev->revocationReason);
+ if (BIO_printf(bp,
+ "\n Revocation Reason: %s (0x%lx)",
+ OCSP_crl_reason_str(l), l) <= 0)
+ goto err;
+ }
+ }
+ if (BIO_printf(bp, "\n This Update: ") <= 0)
+ goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
+ goto err;
+ if (single->nextUpdate) {
+ if (BIO_printf(bp, "\n Next Update: ") <= 0)
+ goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate))
+ goto err;
+ }
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ if (!X509V3_extensions_print(bp,
+ "Response Single Extensions",
+ single->singleExtensions, flags, 8))
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ if (!X509V3_extensions_print(bp, "Response Extensions",
+ rd->responseExtensions, flags, 4))
+ goto err;
+ if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
+ goto err;
+
+ for (i = 0; i < sk_X509_num(br->certs); i++) {
+ X509_print(bp, sk_X509_value(br->certs, i));
+ PEM_write_bio_X509(bp, sk_X509_value(br->certs, i));
+ }
+
+ ret = 1;
+ err:
+ OCSP_BASICRESP_free(br);
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_srv.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ocsp/ocsp_srv.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_srv.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,264 +0,0 @@
-/* ocsp_srv.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <cryptlib.h>
-#include <openssl/objects.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#include <openssl/ocsp.h>
-
-/* Utility functions related to sending OCSP responses and extracting
- * relevant information from the request.
- */
-
-int OCSP_request_onereq_count(OCSP_REQUEST *req)
- {
- return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
- }
-
-OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
- {
- return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
- }
-
-OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
- {
- return one->reqCert;
- }
-
-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
- ASN1_OCTET_STRING **pikeyHash,
- ASN1_INTEGER **pserial, OCSP_CERTID *cid)
- {
- if (!cid) return 0;
- if (pmd) *pmd = cid->hashAlgorithm->algorithm;
- if(piNameHash) *piNameHash = cid->issuerNameHash;
- if (pikeyHash) *pikeyHash = cid->issuerKeyHash;
- if (pserial) *pserial = cid->serialNumber;
- return 1;
- }
-
-int OCSP_request_is_signed(OCSP_REQUEST *req)
- {
- if(req->optionalSignature) return 1;
- return 0;
- }
-
-/* Create an OCSP response and encode an optional basic response */
-OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
- {
- OCSP_RESPONSE *rsp = NULL;
-
- if (!(rsp = OCSP_RESPONSE_new())) goto err;
- if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;
- if (!bs) return rsp;
- if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
- rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
- if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
- goto err;
- return rsp;
-err:
- if (rsp) OCSP_RESPONSE_free(rsp);
- return NULL;
- }
-
-
-OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
- OCSP_CERTID *cid,
- int status, int reason,
- ASN1_TIME *revtime,
- ASN1_TIME *thisupd, ASN1_TIME *nextupd)
- {
- OCSP_SINGLERESP *single = NULL;
- OCSP_CERTSTATUS *cs;
- OCSP_REVOKEDINFO *ri;
-
- if(!rsp->tbsResponseData->responses &&
- !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
- goto err;
-
- if (!(single = OCSP_SINGLERESP_new()))
- goto err;
-
-
-
- if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
- goto err;
- if (nextupd &&
- !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
- goto err;
-
- OCSP_CERTID_free(single->certId);
-
- if(!(single->certId = OCSP_CERTID_dup(cid)))
- goto err;
-
- cs = single->certStatus;
- switch(cs->type = status)
- {
- case V_OCSP_CERTSTATUS_REVOKED:
- if (!revtime)
- {
- OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME);
- goto err;
- }
- if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
- if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
- goto err;
- if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
- {
- if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
- goto err;
- if (!(ASN1_ENUMERATED_set(ri->revocationReason,
- reason)))
- goto err;
- }
- break;
-
- case V_OCSP_CERTSTATUS_GOOD:
- cs->value.good = ASN1_NULL_new();
- break;
-
- case V_OCSP_CERTSTATUS_UNKNOWN:
- cs->value.unknown = ASN1_NULL_new();
- break;
-
- default:
- goto err;
-
- }
- if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
- goto err;
- return single;
-err:
- OCSP_SINGLERESP_free(single);
- return NULL;
- }
-
-/* Add a certificate to an OCSP request */
-
-int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
- {
- if (!resp->certs && !(resp->certs = sk_X509_new_null()))
- return 0;
-
- if(!sk_X509_push(resp->certs, cert)) return 0;
- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
- return 1;
- }
-
-int OCSP_basic_sign(OCSP_BASICRESP *brsp,
- X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
- STACK_OF(X509) *certs, unsigned long flags)
- {
- int i;
- OCSP_RESPID *rid;
-
- if (!X509_check_private_key(signer, key))
- {
- OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
- goto err;
- }
-
- if(!(flags & OCSP_NOCERTS))
- {
- if(!OCSP_basic_add1_cert(brsp, signer))
- goto err;
- for (i = 0; i < sk_X509_num(certs); i++)
- {
- X509 *tmpcert = sk_X509_value(certs, i);
- if(!OCSP_basic_add1_cert(brsp, tmpcert))
- goto err;
- }
- }
-
- rid = brsp->tbsResponseData->responderId;
- if (flags & OCSP_RESPID_KEY)
- {
- unsigned char md[SHA_DIGEST_LENGTH];
- X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
- if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
- goto err;
- if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))
- goto err;
- rid->type = V_OCSP_RESPID_KEY;
- }
- else
- {
- if (!X509_NAME_set(&rid->value.byName,
- X509_get_subject_name(signer)))
- goto err;
- rid->type = V_OCSP_RESPID_NAME;
- }
-
- if (!(flags & OCSP_NOTIME) &&
- !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
- goto err;
-
- /* Right now, I think that not doing double hashing is the right
- thing. -- Richard Levitte */
-
- if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;
-
- return 1;
-err:
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_srv.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ocsp/ocsp_srv.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_srv.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_srv.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,271 @@
+/* ocsp_srv.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/*
+ * Utility functions related to sending OCSP responses and extracting
+ * relevant information from the request.
+ */
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req)
+{
+ return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
+}
+
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
+{
+ return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
+}
+
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
+{
+ return one->reqCert;
+}
+
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+ ASN1_OCTET_STRING **pikeyHash,
+ ASN1_INTEGER **pserial, OCSP_CERTID *cid)
+{
+ if (!cid)
+ return 0;
+ if (pmd)
+ *pmd = cid->hashAlgorithm->algorithm;
+ if (piNameHash)
+ *piNameHash = cid->issuerNameHash;
+ if (pikeyHash)
+ *pikeyHash = cid->issuerKeyHash;
+ if (pserial)
+ *pserial = cid->serialNumber;
+ return 1;
+}
+
+int OCSP_request_is_signed(OCSP_REQUEST *req)
+{
+ if (req->optionalSignature)
+ return 1;
+ return 0;
+}
+
+/* Create an OCSP response and encode an optional basic response */
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
+{
+ OCSP_RESPONSE *rsp = NULL;
+
+ if (!(rsp = OCSP_RESPONSE_new()))
+ goto err;
+ if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
+ goto err;
+ if (!bs)
+ return rsp;
+ if (!(rsp->responseBytes = OCSP_RESPBYTES_new()))
+ goto err;
+ rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
+ if (!ASN1_item_pack
+ (bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
+ goto err;
+ return rsp;
+ err:
+ if (rsp)
+ OCSP_RESPONSE_free(rsp);
+ return NULL;
+}
+
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+ OCSP_CERTID *cid,
+ int status, int reason,
+ ASN1_TIME *revtime,
+ ASN1_TIME *thisupd,
+ ASN1_TIME *nextupd)
+{
+ OCSP_SINGLERESP *single = NULL;
+ OCSP_CERTSTATUS *cs;
+ OCSP_REVOKEDINFO *ri;
+
+ if (!rsp->tbsResponseData->responses &&
+ !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
+ goto err;
+
+ if (!(single = OCSP_SINGLERESP_new()))
+ goto err;
+
+ if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
+ goto err;
+ if (nextupd &&
+ !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
+ goto err;
+
+ OCSP_CERTID_free(single->certId);
+
+ if (!(single->certId = OCSP_CERTID_dup(cid)))
+ goto err;
+
+ cs = single->certStatus;
+ switch (cs->type = status) {
+ case V_OCSP_CERTSTATUS_REVOKED:
+ if (!revtime) {
+ OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME);
+ goto err;
+ }
+ if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
+ goto err;
+ if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
+ goto err;
+ if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
+ if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
+ goto err;
+ if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason)))
+ goto err;
+ }
+ break;
+
+ case V_OCSP_CERTSTATUS_GOOD:
+ cs->value.good = ASN1_NULL_new();
+ break;
+
+ case V_OCSP_CERTSTATUS_UNKNOWN:
+ cs->value.unknown = ASN1_NULL_new();
+ break;
+
+ default:
+ goto err;
+
+ }
+ if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
+ goto err;
+ return single;
+ err:
+ OCSP_SINGLERESP_free(single);
+ return NULL;
+}
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
+{
+ if (!resp->certs && !(resp->certs = sk_X509_new_null()))
+ return 0;
+
+ if (!sk_X509_push(resp->certs, cert))
+ return 0;
+ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+ return 1;
+}
+
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+ X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+ STACK_OF(X509) *certs, unsigned long flags)
+{
+ int i;
+ OCSP_RESPID *rid;
+
+ if (!X509_check_private_key(signer, key)) {
+ OCSPerr(OCSP_F_OCSP_BASIC_SIGN,
+ OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+ goto err;
+ }
+
+ if (!(flags & OCSP_NOCERTS)) {
+ if (!OCSP_basic_add1_cert(brsp, signer))
+ goto err;
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ X509 *tmpcert = sk_X509_value(certs, i);
+ if (!OCSP_basic_add1_cert(brsp, tmpcert))
+ goto err;
+ }
+ }
+
+ rid = brsp->tbsResponseData->responderId;
+ if (flags & OCSP_RESPID_KEY) {
+ unsigned char md[SHA_DIGEST_LENGTH];
+ X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
+ if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
+ goto err;
+ if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))
+ goto err;
+ rid->type = V_OCSP_RESPID_KEY;
+ } else {
+ if (!X509_NAME_set(&rid->value.byName, X509_get_subject_name(signer)))
+ goto err;
+ rid->type = V_OCSP_RESPID_NAME;
+ }
+
+ if (!(flags & OCSP_NOTIME) &&
+ !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
+ goto err;
+
+ /*
+ * Right now, I think that not doing double hashing is the right thing.
+ * -- Richard Levitte
+ */
+
+ if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0))
+ goto err;
+
+ return 1;
+ err:
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_vfy.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ocsp/ocsp_vfy.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_vfy.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,448 +0,0 @@
-/* ocsp_vfy.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
-#include <string.h>
-
-static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
- X509_STORE *st, unsigned long flags);
-static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags);
-static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
-static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp);
-static int ocsp_check_delegated(X509 *x, int flags);
-static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
- X509_STORE *st, unsigned long flags);
-
-/* Verify a basic response message */
-
-int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
- X509_STORE *st, unsigned long flags)
- {
- X509 *signer, *x;
- STACK_OF(X509) *chain = NULL;
- X509_STORE_CTX ctx;
- int i, ret = 0;
- ret = ocsp_find_signer(&signer, bs, certs, st, flags);
- if (!ret)
- {
- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
- goto end;
- }
- if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
- flags |= OCSP_NOVERIFY;
- if (!(flags & OCSP_NOSIGS))
- {
- EVP_PKEY *skey;
- skey = X509_get_pubkey(signer);
- if (skey)
- {
- ret = OCSP_BASICRESP_verify(bs, skey, 0);
- EVP_PKEY_free(skey);
- }
- if(!skey || ret <= 0)
- {
- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
- goto end;
- }
- }
- if (!(flags & OCSP_NOVERIFY))
- {
- int init_res;
- if(flags & OCSP_NOCHAIN)
- init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
- else
- init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
- if(!init_res)
- {
- ret = -1;
- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
- goto end;
- }
-
- X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
- ret = X509_verify_cert(&ctx);
- chain = X509_STORE_CTX_get1_chain(&ctx);
- X509_STORE_CTX_cleanup(&ctx);
- if (ret <= 0)
- {
- i = X509_STORE_CTX_get_error(&ctx);
- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
- ERR_add_error_data(2, "Verify error:",
- X509_verify_cert_error_string(i));
- goto end;
- }
- if(flags & OCSP_NOCHECKS)
- {
- ret = 1;
- goto end;
- }
- /* At this point we have a valid certificate chain
- * need to verify it against the OCSP issuer criteria.
- */
- ret = ocsp_check_issuer(bs, chain, flags);
-
- /* If fatal error or valid match then finish */
- if (ret != 0) goto end;
-
- /* Easy case: explicitly trusted. Get root CA and
- * check for explicit trust
- */
- if(flags & OCSP_NOEXPLICIT) goto end;
-
- x = sk_X509_value(chain, sk_X509_num(chain) - 1);
- if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED)
- {
- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED);
- goto end;
- }
- ret = 1;
- }
-
-
-
- end:
- if(chain) sk_X509_pop_free(chain, X509_free);
- return ret;
- }
-
-
-static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
- X509_STORE *st, unsigned long flags)
- {
- X509 *signer;
- OCSP_RESPID *rid = bs->tbsResponseData->responderId;
- if ((signer = ocsp_find_signer_sk(certs, rid)))
- {
- *psigner = signer;
- return 2;
- }
- if(!(flags & OCSP_NOINTERN) &&
- (signer = ocsp_find_signer_sk(bs->certs, rid)))
- {
- *psigner = signer;
- return 1;
- }
- /* Maybe lookup from store if by subject name */
-
- *psigner = NULL;
- return 0;
- }
-
-
-static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
- {
- int i;
- unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
- X509 *x;
-
- /* Easy if lookup by name */
- if (id->type == V_OCSP_RESPID_NAME)
- return X509_find_by_subject(certs, id->value.byName);
-
- /* Lookup by key hash */
-
- /* If key hash isn't SHA1 length then forget it */
- if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL;
- keyhash = id->value.byKey->data;
- /* Calculate hash of each key and compare */
- for (i = 0; i < sk_X509_num(certs); i++)
- {
- x = sk_X509_value(certs, i);
- X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
- if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
- return x;
- }
- return NULL;
- }
-
-
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags)
- {
- STACK_OF(OCSP_SINGLERESP) *sresp;
- X509 *signer, *sca;
- OCSP_CERTID *caid = NULL;
- int i;
- sresp = bs->tbsResponseData->responses;
-
- if (sk_X509_num(chain) <= 0)
- {
- OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
- return -1;
- }
-
- /* See if the issuer IDs match. */
- i = ocsp_check_ids(sresp, &caid);
-
- /* If ID mismatch or other error then return */
- if (i <= 0) return i;
-
- signer = sk_X509_value(chain, 0);
- /* Check to see if OCSP responder CA matches request CA */
- if (sk_X509_num(chain) > 1)
- {
- sca = sk_X509_value(chain, 1);
- i = ocsp_match_issuerid(sca, caid, sresp);
- if (i < 0) return i;
- if (i)
- {
- /* We have a match, if extensions OK then success */
- if (ocsp_check_delegated(signer, flags)) return 1;
- return 0;
- }
- }
-
- /* Otherwise check if OCSP request signed directly by request CA */
- return ocsp_match_issuerid(signer, caid, sresp);
- }
-
-
-/* Check the issuer certificate IDs for equality. If there is a mismatch with the same
- * algorithm then there's no point trying to match any certificates against the issuer.
- * If the issuer IDs all match then we just need to check equality against one of them.
- */
-
-static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
- {
- OCSP_CERTID *tmpid, *cid;
- int i, idcount;
-
- idcount = sk_OCSP_SINGLERESP_num(sresp);
- if (idcount <= 0)
- {
- OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
- return -1;
- }
-
- cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
-
- *ret = NULL;
-
- for (i = 1; i < idcount; i++)
- {
- tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
- /* Check to see if IDs match */
- if (OCSP_id_issuer_cmp(cid, tmpid))
- {
- /* If algoritm mismatch let caller deal with it */
- if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
- cid->hashAlgorithm->algorithm))
- return 2;
- /* Else mismatch */
- return 0;
- }
- }
-
- /* All IDs match: only need to check one ID */
- *ret = cid;
- return 1;
- }
-
-
-static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
- STACK_OF(OCSP_SINGLERESP) *sresp)
- {
- /* If only one ID to match then do it */
- if(cid)
- {
- const EVP_MD *dgst;
- X509_NAME *iname;
- int mdlen;
- unsigned char md[EVP_MAX_MD_SIZE];
- if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)))
- {
- OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
- return -1;
- }
-
- mdlen = EVP_MD_size(dgst);
- if ((cid->issuerNameHash->length != mdlen) ||
- (cid->issuerKeyHash->length != mdlen))
- return 0;
- iname = X509_get_subject_name(cert);
- if (!X509_NAME_digest(iname, dgst, md, NULL))
- return -1;
- if (memcmp(md, cid->issuerNameHash->data, mdlen))
- return 0;
- X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
- if (memcmp(md, cid->issuerKeyHash->data, mdlen))
- return 0;
-
- return 1;
-
- }
- else
- {
- /* We have to match the whole lot */
- int i, ret;
- OCSP_CERTID *tmpid;
- for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
- {
- tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
- ret = ocsp_match_issuerid(cert, tmpid, NULL);
- if (ret <= 0) return ret;
- }
- return 1;
- }
-
- }
-
-static int ocsp_check_delegated(X509 *x, int flags)
- {
- X509_check_purpose(x, -1, 0);
- if ((x->ex_flags & EXFLAG_XKUSAGE) &&
- (x->ex_xkusage & XKU_OCSP_SIGN))
- return 1;
- OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
- return 0;
- }
-
-/* Verify an OCSP request. This is fortunately much easier than OCSP
- * response verify. Just find the signers certificate and verify it
- * against a given trust value.
- */
-
-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags)
- {
- X509 *signer;
- X509_NAME *nm;
- GENERAL_NAME *gen;
- int ret;
- X509_STORE_CTX ctx;
- if (!req->optionalSignature)
- {
- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
- return 0;
- }
- gen = req->tbsRequest->requestorName;
- if (!gen || gen->type != GEN_DIRNAME)
- {
- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
- return 0;
- }
- nm = gen->d.directoryName;
- ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
- if (ret <= 0)
- {
- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
- return 0;
- }
- if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
- flags |= OCSP_NOVERIFY;
- if (!(flags & OCSP_NOSIGS))
- {
- EVP_PKEY *skey;
- skey = X509_get_pubkey(signer);
- ret = OCSP_REQUEST_verify(req, skey);
- EVP_PKEY_free(skey);
- if(ret <= 0)
- {
- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
- return 0;
- }
- }
- if (!(flags & OCSP_NOVERIFY))
- {
- int init_res;
- if(flags & OCSP_NOCHAIN)
- init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
- else
- init_res = X509_STORE_CTX_init(&ctx, store, signer,
- req->optionalSignature->certs);
- if(!init_res)
- {
- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);
- return 0;
- }
-
- X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
- X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
- ret = X509_verify_cert(&ctx);
- X509_STORE_CTX_cleanup(&ctx);
- if (ret <= 0)
- {
- ret = X509_STORE_CTX_get_error(&ctx);
- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
- ERR_add_error_data(2, "Verify error:",
- X509_verify_cert_error_string(ret));
- return 0;
- }
- }
- return 1;
- }
-
-static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
- X509_STORE *st, unsigned long flags)
- {
- X509 *signer;
- if(!(flags & OCSP_NOINTERN))
- {
- signer = X509_find_by_subject(req->optionalSignature->certs, nm);
- *psigner = signer;
- return 1;
- }
-
- signer = X509_find_by_subject(certs, nm);
- if (signer)
- {
- *psigner = signer;
- return 2;
- }
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_vfy.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ocsp/ocsp_vfy.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_vfy.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ocsp/ocsp_vfy.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,437 @@
+/* ocsp_vfy.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <string.h>
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
+ STACK_OF(X509) *certs, X509_STORE *st,
+ unsigned long flags);
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
+ unsigned long flags);
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
+ OCSP_CERTID **ret);
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
+ STACK_OF(OCSP_SINGLERESP) *sresp);
+static int ocsp_check_delegated(X509 *x, int flags);
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
+ X509_NAME *nm, STACK_OF(X509) *certs,
+ X509_STORE *st, unsigned long flags);
+
+/* Verify a basic response message */
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+ X509_STORE *st, unsigned long flags)
+{
+ X509 *signer, *x;
+ STACK_OF(X509) *chain = NULL;
+ X509_STORE_CTX ctx;
+ int i, ret = 0;
+ ret = ocsp_find_signer(&signer, bs, certs, st, flags);
+ if (!ret) {
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+ OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+ goto end;
+ }
+ if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+ flags |= OCSP_NOVERIFY;
+ if (!(flags & OCSP_NOSIGS)) {
+ EVP_PKEY *skey;
+ skey = X509_get_pubkey(signer);
+ if (skey) {
+ ret = OCSP_BASICRESP_verify(bs, skey, 0);
+ EVP_PKEY_free(skey);
+ }
+ if (!skey || ret <= 0) {
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+ goto end;
+ }
+ }
+ if (!(flags & OCSP_NOVERIFY)) {
+ int init_res;
+ if (flags & OCSP_NOCHAIN)
+ init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
+ else
+ init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+ if (!init_res) {
+ ret = -1;
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
+ goto end;
+ }
+
+ X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
+ ret = X509_verify_cert(&ctx);
+ chain = X509_STORE_CTX_get1_chain(&ctx);
+ X509_STORE_CTX_cleanup(&ctx);
+ if (ret <= 0) {
+ i = X509_STORE_CTX_get_error(&ctx);
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+ OCSP_R_CERTIFICATE_VERIFY_ERROR);
+ ERR_add_error_data(2, "Verify error:",
+ X509_verify_cert_error_string(i));
+ goto end;
+ }
+ if (flags & OCSP_NOCHECKS) {
+ ret = 1;
+ goto end;
+ }
+ /*
+ * At this point we have a valid certificate chain need to verify it
+ * against the OCSP issuer criteria.
+ */
+ ret = ocsp_check_issuer(bs, chain, flags);
+
+ /* If fatal error or valid match then finish */
+ if (ret != 0)
+ goto end;
+
+ /*
+ * Easy case: explicitly trusted. Get root CA and check for explicit
+ * trust
+ */
+ if (flags & OCSP_NOEXPLICIT)
+ goto end;
+
+ x = sk_X509_value(chain, sk_X509_num(chain) - 1);
+ if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
+ OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
+ goto end;
+ }
+ ret = 1;
+ }
+
+ end:
+ if (chain)
+ sk_X509_pop_free(chain, X509_free);
+ return ret;
+}
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
+ STACK_OF(X509) *certs, X509_STORE *st,
+ unsigned long flags)
+{
+ X509 *signer;
+ OCSP_RESPID *rid = bs->tbsResponseData->responderId;
+ if ((signer = ocsp_find_signer_sk(certs, rid))) {
+ *psigner = signer;
+ return 2;
+ }
+ if (!(flags & OCSP_NOINTERN) &&
+ (signer = ocsp_find_signer_sk(bs->certs, rid))) {
+ *psigner = signer;
+ return 1;
+ }
+ /* Maybe lookup from store if by subject name */
+
+ *psigner = NULL;
+ return 0;
+}
+
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
+{
+ int i;
+ unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
+ X509 *x;
+
+ /* Easy if lookup by name */
+ if (id->type == V_OCSP_RESPID_NAME)
+ return X509_find_by_subject(certs, id->value.byName);
+
+ /* Lookup by key hash */
+
+ /* If key hash isn't SHA1 length then forget it */
+ if (id->value.byKey->length != SHA_DIGEST_LENGTH)
+ return NULL;
+ keyhash = id->value.byKey->data;
+ /* Calculate hash of each key and compare */
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
+ if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
+ return x;
+ }
+ return NULL;
+}
+
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
+ unsigned long flags)
+{
+ STACK_OF(OCSP_SINGLERESP) *sresp;
+ X509 *signer, *sca;
+ OCSP_CERTID *caid = NULL;
+ int i;
+ sresp = bs->tbsResponseData->responses;
+
+ if (sk_X509_num(chain) <= 0) {
+ OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
+ return -1;
+ }
+
+ /* See if the issuer IDs match. */
+ i = ocsp_check_ids(sresp, &caid);
+
+ /* If ID mismatch or other error then return */
+ if (i <= 0)
+ return i;
+
+ signer = sk_X509_value(chain, 0);
+ /* Check to see if OCSP responder CA matches request CA */
+ if (sk_X509_num(chain) > 1) {
+ sca = sk_X509_value(chain, 1);
+ i = ocsp_match_issuerid(sca, caid, sresp);
+ if (i < 0)
+ return i;
+ if (i) {
+ /* We have a match, if extensions OK then success */
+ if (ocsp_check_delegated(signer, flags))
+ return 1;
+ return 0;
+ }
+ }
+
+ /* Otherwise check if OCSP request signed directly by request CA */
+ return ocsp_match_issuerid(signer, caid, sresp);
+}
+
+/*
+ * Check the issuer certificate IDs for equality. If there is a mismatch with
+ * the same algorithm then there's no point trying to match any certificates
+ * against the issuer. If the issuer IDs all match then we just need to check
+ * equality against one of them.
+ */
+
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
+{
+ OCSP_CERTID *tmpid, *cid;
+ int i, idcount;
+
+ idcount = sk_OCSP_SINGLERESP_num(sresp);
+ if (idcount <= 0) {
+ OCSPerr(OCSP_F_OCSP_CHECK_IDS,
+ OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
+ return -1;
+ }
+
+ cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+
+ *ret = NULL;
+
+ for (i = 1; i < idcount; i++) {
+ tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
+ /* Check to see if IDs match */
+ if (OCSP_id_issuer_cmp(cid, tmpid)) {
+ /* If algoritm mismatch let caller deal with it */
+ if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
+ cid->hashAlgorithm->algorithm))
+ return 2;
+ /* Else mismatch */
+ return 0;
+ }
+ }
+
+ /* All IDs match: only need to check one ID */
+ *ret = cid;
+ return 1;
+}
+
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
+ STACK_OF(OCSP_SINGLERESP) *sresp)
+{
+ /* If only one ID to match then do it */
+ if (cid) {
+ const EVP_MD *dgst;
+ X509_NAME *iname;
+ int mdlen;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) {
+ OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
+ OCSP_R_UNKNOWN_MESSAGE_DIGEST);
+ return -1;
+ }
+
+ mdlen = EVP_MD_size(dgst);
+ if ((cid->issuerNameHash->length != mdlen) ||
+ (cid->issuerKeyHash->length != mdlen))
+ return 0;
+ iname = X509_get_subject_name(cert);
+ if (!X509_NAME_digest(iname, dgst, md, NULL))
+ return -1;
+ if (memcmp(md, cid->issuerNameHash->data, mdlen))
+ return 0;
+ X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
+ if (memcmp(md, cid->issuerKeyHash->data, mdlen))
+ return 0;
+
+ return 1;
+
+ } else {
+ /* We have to match the whole lot */
+ int i, ret;
+ OCSP_CERTID *tmpid;
+ for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
+ tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
+ ret = ocsp_match_issuerid(cert, tmpid, NULL);
+ if (ret <= 0)
+ return ret;
+ }
+ return 1;
+ }
+
+}
+
+static int ocsp_check_delegated(X509 *x, int flags)
+{
+ X509_check_purpose(x, -1, 0);
+ if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN))
+ return 1;
+ OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
+ return 0;
+}
+
+/*
+ * Verify an OCSP request. This is fortunately much easier than OCSP response
+ * verify. Just find the signers certificate and verify it against a given
+ * trust value.
+ */
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
+ X509_STORE *store, unsigned long flags)
+{
+ X509 *signer;
+ X509_NAME *nm;
+ GENERAL_NAME *gen;
+ int ret;
+ X509_STORE_CTX ctx;
+ if (!req->optionalSignature) {
+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
+ return 0;
+ }
+ gen = req->tbsRequest->requestorName;
+ if (!gen || gen->type != GEN_DIRNAME) {
+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+ OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
+ return 0;
+ }
+ nm = gen->d.directoryName;
+ ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
+ if (ret <= 0) {
+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+ OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+ return 0;
+ }
+ if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+ flags |= OCSP_NOVERIFY;
+ if (!(flags & OCSP_NOSIGS)) {
+ EVP_PKEY *skey;
+ skey = X509_get_pubkey(signer);
+ ret = OCSP_REQUEST_verify(req, skey);
+ EVP_PKEY_free(skey);
+ if (ret <= 0) {
+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+ return 0;
+ }
+ }
+ if (!(flags & OCSP_NOVERIFY)) {
+ int init_res;
+ if (flags & OCSP_NOCHAIN)
+ init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
+ else
+ init_res = X509_STORE_CTX_init(&ctx, store, signer,
+ req->optionalSignature->certs);
+ if (!init_res) {
+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
+ return 0;
+ }
+
+ X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
+ X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
+ ret = X509_verify_cert(&ctx);
+ X509_STORE_CTX_cleanup(&ctx);
+ if (ret <= 0) {
+ ret = X509_STORE_CTX_get_error(&ctx);
+ OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+ OCSP_R_CERTIFICATE_VERIFY_ERROR);
+ ERR_add_error_data(2, "Verify error:",
+ X509_verify_cert_error_string(ret));
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
+ X509_NAME *nm, STACK_OF(X509) *certs,
+ X509_STORE *st, unsigned long flags)
+{
+ X509 *signer;
+ if (!(flags & OCSP_NOINTERN)) {
+ signer = X509_find_by_subject(req->optionalSignature->certs, nm);
+ *psigner = signer;
+ return 1;
+ }
+
+ signer = X509_find_by_subject(certs, nm);
+ if (signer) {
+ *psigner = signer;
+ return 2;
+ }
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/opensslv.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/opensslv.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/opensslv.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,89 +0,0 @@
-#ifndef HEADER_OPENSSLV_H
-#define HEADER_OPENSSLV_H
-
-/* Numeric release version identifier:
- * MNNFFPPS: major minor fix patch status
- * The status nibble has one of the values 0 for development, 1 to e for betas
- * 1 to 14, and f for release. The patch level is exactly that.
- * For example:
- * 0.9.3-dev 0x00903000
- * 0.9.3-beta1 0x00903001
- * 0.9.3-beta2-dev 0x00903002
- * 0.9.3-beta2 0x00903002 (same as ...beta2-dev)
- * 0.9.3 0x0090300f
- * 0.9.3a 0x0090301f
- * 0.9.4 0x0090400f
- * 1.2.3z 0x102031af
- *
- * For continuity reasons (because 0.9.5 is already out, and is coded
- * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
- * part is slightly different, by setting the highest bit. This means
- * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start
- * with 0x0090600S...
- *
- * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
- * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
- * major minor fix final patch/beta)
- */
-#define OPENSSL_VERSION_NUMBER 0x009081cfL
-#ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zc-fips 15 Oct 2014"
-#else
-#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zc 15 Oct 2014"
-#endif
-#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
-
-
-/* The macros below are to be used for shared library (.so, .dll, ...)
- * versioning. That kind of versioning works a bit differently between
- * operating systems. The most usual scheme is to set a major and a minor
- * number, and have the runtime loader check that the major number is equal
- * to what it was at application link time, while the minor number has to
- * be greater or equal to what it was at application link time. With this
- * scheme, the version number is usually part of the file name, like this:
- *
- * libcrypto.so.0.9
- *
- * Some unixen also make a softlink with the major verson number only:
- *
- * libcrypto.so.0
- *
- * On Tru64 and IRIX 6.x it works a little bit differently. There, the
- * shared library version is stored in the file, and is actually a series
- * of versions, separated by colons. The rightmost version present in the
- * library when linking an application is stored in the application to be
- * matched at run time. When the application is run, a check is done to
- * see if the library version stored in the application matches any of the
- * versions in the version string of the library itself.
- * This version string can be constructed in any way, depending on what
- * kind of matching is desired. However, to implement the same scheme as
- * the one used in the other unixen, all compatible versions, from lowest
- * to highest, should be part of the string. Consecutive builds would
- * give the following versions strings:
- *
- * 3.0
- * 3.0:3.1
- * 3.0:3.1:3.2
- * 4.0
- * 4.0:4.1
- *
- * Notice how version 4 is completely incompatible with version, and
- * therefore give the breach you can see.
- *
- * There may be other schemes as well that I haven't yet discovered.
- *
- * So, here's the way it works here: first of all, the library version
- * number doesn't need at all to match the overall OpenSSL version.
- * However, it's nice and more understandable if it actually does.
- * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
- * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
- * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
- * we need to keep a history of version numbers, which is done in the
- * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and
- * should only keep the versions that are binary compatible with the current.
- */
-#define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "0.9.8"
-
-
-#endif /* HEADER_OPENSSLV_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/opensslv.h (from rev 6976, vendor-crypto/openssl/dist/crypto/opensslv.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/opensslv.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/opensslv.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,89 @@
+#ifndef HEADER_OPENSSLV_H
+# define HEADER_OPENSSLV_H
+
+/*-
+ * Numeric release version identifier:
+ * MNNFFPPS: major minor fix patch status
+ * The status nibble has one of the values 0 for development, 1 to e for betas
+ * 1 to 14, and f for release. The patch level is exactly that.
+ * For example:
+ * 0.9.3-dev 0x00903000
+ * 0.9.3-beta1 0x00903001
+ * 0.9.3-beta2-dev 0x00903002
+ * 0.9.3-beta2 0x00903002 (same as ...beta2-dev)
+ * 0.9.3 0x0090300f
+ * 0.9.3a 0x0090301f
+ * 0.9.4 0x0090400f
+ * 1.2.3z 0x102031af
+ *
+ * For continuity reasons (because 0.9.5 is already out, and is coded
+ * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
+ * part is slightly different, by setting the highest bit. This means
+ * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start
+ * with 0x0090600S...
+ *
+ * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ * major minor fix final patch/beta)
+ */
+# define OPENSSL_VERSION_NUMBER 0x009081ffL
+# ifdef OPENSSL_FIPS
+# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-fips 19 Mar 2015"
+# else
+# define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf 19 Mar 2015"
+# endif
+# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT
+
+/*-
+ * The macros below are to be used for shared library (.so, .dll, ...)
+ * versioning. That kind of versioning works a bit differently between
+ * operating systems. The most usual scheme is to set a major and a minor
+ * number, and have the runtime loader check that the major number is equal
+ * to what it was at application link time, while the minor number has to
+ * be greater or equal to what it was at application link time. With this
+ * scheme, the version number is usually part of the file name, like this:
+ *
+ * libcrypto.so.0.9
+ *
+ * Some unixen also make a softlink with the major verson number only:
+ *
+ * libcrypto.so.0
+ *
+ * On Tru64 and IRIX 6.x it works a little bit differently. There, the
+ * shared library version is stored in the file, and is actually a series
+ * of versions, separated by colons. The rightmost version present in the
+ * library when linking an application is stored in the application to be
+ * matched at run time. When the application is run, a check is done to
+ * see if the library version stored in the application matches any of the
+ * versions in the version string of the library itself.
+ * This version string can be constructed in any way, depending on what
+ * kind of matching is desired. However, to implement the same scheme as
+ * the one used in the other unixen, all compatible versions, from lowest
+ * to highest, should be part of the string. Consecutive builds would
+ * give the following versions strings:
+ *
+ * 3.0
+ * 3.0:3.1
+ * 3.0:3.1:3.2
+ * 4.0
+ * 4.0:4.1
+ *
+ * Notice how version 4 is completely incompatible with version, and
+ * therefore give the breach you can see.
+ *
+ * There may be other schemes as well that I haven't yet discovered.
+ *
+ * So, here's the way it works here: first of all, the library version
+ * number doesn't need at all to match the overall OpenSSL version.
+ * However, it's nice and more understandable if it actually does.
+ * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+ * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+ * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
+ * we need to keep a history of version numbers, which is done in the
+ * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and
+ * should only keep the versions that are binary compatible with the current.
+ */
+# define SHLIB_VERSION_HISTORY ""
+# define SHLIB_VERSION_NUMBER "0.9.8"
+
+#endif /* HEADER_OPENSSLV_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ossl_typ.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ossl_typ.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ossl_typ.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,183 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_OPENSSL_TYPES_H
-#define HEADER_OPENSSL_TYPES_H
-
-#include <openssl/e_os2.h>
-
-#ifdef NO_ASN1_TYPEDEFS
-#define ASN1_INTEGER ASN1_STRING
-#define ASN1_ENUMERATED ASN1_STRING
-#define ASN1_BIT_STRING ASN1_STRING
-#define ASN1_OCTET_STRING ASN1_STRING
-#define ASN1_PRINTABLESTRING ASN1_STRING
-#define ASN1_T61STRING ASN1_STRING
-#define ASN1_IA5STRING ASN1_STRING
-#define ASN1_UTCTIME ASN1_STRING
-#define ASN1_GENERALIZEDTIME ASN1_STRING
-#define ASN1_TIME ASN1_STRING
-#define ASN1_GENERALSTRING ASN1_STRING
-#define ASN1_UNIVERSALSTRING ASN1_STRING
-#define ASN1_BMPSTRING ASN1_STRING
-#define ASN1_VISIBLESTRING ASN1_STRING
-#define ASN1_UTF8STRING ASN1_STRING
-#define ASN1_BOOLEAN int
-#define ASN1_NULL int
-#else
-typedef struct asn1_string_st ASN1_INTEGER;
-typedef struct asn1_string_st ASN1_ENUMERATED;
-typedef struct asn1_string_st ASN1_BIT_STRING;
-typedef struct asn1_string_st ASN1_OCTET_STRING;
-typedef struct asn1_string_st ASN1_PRINTABLESTRING;
-typedef struct asn1_string_st ASN1_T61STRING;
-typedef struct asn1_string_st ASN1_IA5STRING;
-typedef struct asn1_string_st ASN1_GENERALSTRING;
-typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
-typedef struct asn1_string_st ASN1_BMPSTRING;
-typedef struct asn1_string_st ASN1_UTCTIME;
-typedef struct asn1_string_st ASN1_TIME;
-typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
-typedef struct asn1_string_st ASN1_VISIBLESTRING;
-typedef struct asn1_string_st ASN1_UTF8STRING;
-typedef int ASN1_BOOLEAN;
-typedef int ASN1_NULL;
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
-#undef X509_NAME
-#undef X509_EXTENSIONS
-#undef X509_CERT_PAIR
-#undef PKCS7_ISSUER_AND_SERIAL
-#undef OCSP_REQUEST
-#undef OCSP_RESPONSE
-#endif
-
-#ifdef BIGNUM
-#undef BIGNUM
-#endif
-typedef struct bignum_st BIGNUM;
-typedef struct bignum_ctx BN_CTX;
-typedef struct bn_blinding_st BN_BLINDING;
-typedef struct bn_mont_ctx_st BN_MONT_CTX;
-typedef struct bn_recp_ctx_st BN_RECP_CTX;
-typedef struct bn_gencb_st BN_GENCB;
-
-typedef struct buf_mem_st BUF_MEM;
-
-typedef struct evp_cipher_st EVP_CIPHER;
-typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
-typedef struct env_md_st EVP_MD;
-typedef struct env_md_ctx_st EVP_MD_CTX;
-typedef struct evp_pkey_st EVP_PKEY;
-
-typedef struct dh_st DH;
-typedef struct dh_method DH_METHOD;
-
-typedef struct dsa_st DSA;
-typedef struct dsa_method DSA_METHOD;
-
-typedef struct rsa_st RSA;
-typedef struct rsa_meth_st RSA_METHOD;
-
-typedef struct rand_meth_st RAND_METHOD;
-
-typedef struct ecdh_method ECDH_METHOD;
-typedef struct ecdsa_method ECDSA_METHOD;
-
-typedef struct x509_st X509;
-typedef struct X509_algor_st X509_ALGOR;
-typedef struct X509_crl_st X509_CRL;
-typedef struct X509_name_st X509_NAME;
-typedef struct x509_store_st X509_STORE;
-typedef struct x509_store_ctx_st X509_STORE_CTX;
-typedef struct ssl_st SSL;
-typedef struct ssl_ctx_st SSL_CTX;
-
-typedef struct v3_ext_ctx X509V3_CTX;
-typedef struct conf_st CONF;
-
-typedef struct store_st STORE;
-typedef struct store_method_st STORE_METHOD;
-
-typedef struct ui_st UI;
-typedef struct ui_method_st UI_METHOD;
-
-typedef struct st_ERR_FNS ERR_FNS;
-
-typedef struct engine_st ENGINE;
-
-typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
-typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
-typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
-typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
-
- /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
-#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
-#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
-
-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
-/* Callback types for crypto.h */
-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
- int idx, long argl, void *argp);
-
-typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
-typedef struct ocsp_response_st OCSP_RESPONSE;
-typedef struct ocsp_responder_id_st OCSP_RESPID;
-
-#endif /* def HEADER_OPENSSL_TYPES_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ossl_typ.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ossl_typ.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ossl_typ.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ossl_typ.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,183 @@
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_OPENSSL_TYPES_H
+# define HEADER_OPENSSL_TYPES_H
+
+# include <openssl/e_os2.h>
+
+# ifdef NO_ASN1_TYPEDEFS
+# define ASN1_INTEGER ASN1_STRING
+# define ASN1_ENUMERATED ASN1_STRING
+# define ASN1_BIT_STRING ASN1_STRING
+# define ASN1_OCTET_STRING ASN1_STRING
+# define ASN1_PRINTABLESTRING ASN1_STRING
+# define ASN1_T61STRING ASN1_STRING
+# define ASN1_IA5STRING ASN1_STRING
+# define ASN1_UTCTIME ASN1_STRING
+# define ASN1_GENERALIZEDTIME ASN1_STRING
+# define ASN1_TIME ASN1_STRING
+# define ASN1_GENERALSTRING ASN1_STRING
+# define ASN1_UNIVERSALSTRING ASN1_STRING
+# define ASN1_BMPSTRING ASN1_STRING
+# define ASN1_VISIBLESTRING ASN1_STRING
+# define ASN1_UTF8STRING ASN1_STRING
+# define ASN1_BOOLEAN int
+# define ASN1_NULL int
+# else
+typedef struct asn1_string_st ASN1_INTEGER;
+typedef struct asn1_string_st ASN1_ENUMERATED;
+typedef struct asn1_string_st ASN1_BIT_STRING;
+typedef struct asn1_string_st ASN1_OCTET_STRING;
+typedef struct asn1_string_st ASN1_PRINTABLESTRING;
+typedef struct asn1_string_st ASN1_T61STRING;
+typedef struct asn1_string_st ASN1_IA5STRING;
+typedef struct asn1_string_st ASN1_GENERALSTRING;
+typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
+typedef struct asn1_string_st ASN1_BMPSTRING;
+typedef struct asn1_string_st ASN1_UTCTIME;
+typedef struct asn1_string_st ASN1_TIME;
+typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
+typedef struct asn1_string_st ASN1_VISIBLESTRING;
+typedef struct asn1_string_st ASN1_UTF8STRING;
+typedef int ASN1_BOOLEAN;
+typedef int ASN1_NULL;
+# endif
+
+# ifdef OPENSSL_SYS_WIN32
+# undef X509_NAME
+# undef X509_EXTENSIONS
+# undef X509_CERT_PAIR
+# undef PKCS7_ISSUER_AND_SERIAL
+# undef OCSP_REQUEST
+# undef OCSP_RESPONSE
+# endif
+
+# ifdef BIGNUM
+# undef BIGNUM
+# endif
+typedef struct bignum_st BIGNUM;
+typedef struct bignum_ctx BN_CTX;
+typedef struct bn_blinding_st BN_BLINDING;
+typedef struct bn_mont_ctx_st BN_MONT_CTX;
+typedef struct bn_recp_ctx_st BN_RECP_CTX;
+typedef struct bn_gencb_st BN_GENCB;
+
+typedef struct buf_mem_st BUF_MEM;
+
+typedef struct evp_cipher_st EVP_CIPHER;
+typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
+typedef struct env_md_st EVP_MD;
+typedef struct env_md_ctx_st EVP_MD_CTX;
+typedef struct evp_pkey_st EVP_PKEY;
+
+typedef struct dh_st DH;
+typedef struct dh_method DH_METHOD;
+
+typedef struct dsa_st DSA;
+typedef struct dsa_method DSA_METHOD;
+
+typedef struct rsa_st RSA;
+typedef struct rsa_meth_st RSA_METHOD;
+
+typedef struct rand_meth_st RAND_METHOD;
+
+typedef struct ecdh_method ECDH_METHOD;
+typedef struct ecdsa_method ECDSA_METHOD;
+
+typedef struct x509_st X509;
+typedef struct X509_algor_st X509_ALGOR;
+typedef struct X509_crl_st X509_CRL;
+typedef struct X509_name_st X509_NAME;
+typedef struct x509_store_st X509_STORE;
+typedef struct x509_store_ctx_st X509_STORE_CTX;
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
+
+typedef struct v3_ext_ctx X509V3_CTX;
+typedef struct conf_st CONF;
+
+typedef struct store_st STORE;
+typedef struct store_method_st STORE_METHOD;
+
+typedef struct ui_st UI;
+typedef struct ui_method_st UI_METHOD;
+
+typedef struct st_ERR_FNS ERR_FNS;
+
+typedef struct engine_st ENGINE;
+
+typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
+typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
+typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
+typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
+
+ /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
+# define DECLARE_PKCS12_STACK_OF(type)/* Nothing */
+# define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */
+
+typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
+/* Callback types for crypto.h */
+typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from,
+ void *from_d, int idx, long argl, void *argp);
+
+typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
+typedef struct ocsp_response_st OCSP_RESPONSE;
+typedef struct ocsp_responder_id_st OCSP_RESPID;
+
+#endif /* def HEADER_OPENSSL_TYPES_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,782 +0,0 @@
-/* crypto/pem/pem.h */
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_PEM_H
-#define HEADER_PEM_H
-
-#include <openssl/e_os2.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_STACK
-#include <openssl/stack.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem2.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define PEM_BUFSIZE 1024
-
-#define PEM_OBJ_UNDEF 0
-#define PEM_OBJ_X509 1
-#define PEM_OBJ_X509_REQ 2
-#define PEM_OBJ_CRL 3
-#define PEM_OBJ_SSL_SESSION 4
-#define PEM_OBJ_PRIV_KEY 10
-#define PEM_OBJ_PRIV_RSA 11
-#define PEM_OBJ_PRIV_DSA 12
-#define PEM_OBJ_PRIV_DH 13
-#define PEM_OBJ_PUB_RSA 14
-#define PEM_OBJ_PUB_DSA 15
-#define PEM_OBJ_PUB_DH 16
-#define PEM_OBJ_DHPARAMS 17
-#define PEM_OBJ_DSAPARAMS 18
-#define PEM_OBJ_PRIV_RSA_PUBLIC 19
-#define PEM_OBJ_PRIV_ECDSA 20
-#define PEM_OBJ_PUB_ECDSA 21
-#define PEM_OBJ_ECPARAMETERS 22
-
-#define PEM_ERROR 30
-#define PEM_DEK_DES_CBC 40
-#define PEM_DEK_IDEA_CBC 45
-#define PEM_DEK_DES_EDE 50
-#define PEM_DEK_DES_ECB 60
-#define PEM_DEK_RSA 70
-#define PEM_DEK_RSA_MD2 80
-#define PEM_DEK_RSA_MD5 90
-
-#define PEM_MD_MD2 NID_md2
-#define PEM_MD_MD5 NID_md5
-#define PEM_MD_SHA NID_sha
-#define PEM_MD_MD2_RSA NID_md2WithRSAEncryption
-#define PEM_MD_MD5_RSA NID_md5WithRSAEncryption
-#define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption
-
-#define PEM_STRING_X509_OLD "X509 CERTIFICATE"
-#define PEM_STRING_X509 "CERTIFICATE"
-#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR"
-#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
-#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
-#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST"
-#define PEM_STRING_X509_CRL "X509 CRL"
-#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY"
-#define PEM_STRING_PUBLIC "PUBLIC KEY"
-#define PEM_STRING_RSA "RSA PRIVATE KEY"
-#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY"
-#define PEM_STRING_DSA "DSA PRIVATE KEY"
-#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY"
-#define PEM_STRING_PKCS7 "PKCS7"
-#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
-#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
-#define PEM_STRING_PKCS8INF "PRIVATE KEY"
-#define PEM_STRING_DHPARAMS "DH PARAMETERS"
-#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
-#define PEM_STRING_DSAPARAMS "DSA PARAMETERS"
-#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
-#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
-#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
-#define PEM_STRING_CMS "CMS"
-
- /* Note that this structure is initialised by PEM_SealInit and cleaned up
- by PEM_SealFinal (at least for now) */
-typedef struct PEM_Encode_Seal_st
- {
- EVP_ENCODE_CTX encode;
- EVP_MD_CTX md;
- EVP_CIPHER_CTX cipher;
- } PEM_ENCODE_SEAL_CTX;
-
-/* enc_type is one off */
-#define PEM_TYPE_ENCRYPTED 10
-#define PEM_TYPE_MIC_ONLY 20
-#define PEM_TYPE_MIC_CLEAR 30
-#define PEM_TYPE_CLEAR 40
-
-typedef struct pem_recip_st
- {
- char *name;
- X509_NAME *dn;
-
- int cipher;
- int key_enc;
- /* char iv[8]; unused and wrong size */
- } PEM_USER;
-
-typedef struct pem_ctx_st
- {
- int type; /* what type of object */
-
- struct {
- int version;
- int mode;
- } proc_type;
-
- char *domain;
-
- struct {
- int cipher;
- /* unused, and wrong size
- unsigned char iv[8]; */
- } DEK_info;
-
- PEM_USER *originator;
-
- int num_recipient;
- PEM_USER **recipient;
-
-#ifndef OPENSSL_NO_STACK
- STACK *x509_chain; /* certificate chain */
-#else
- char *x509_chain; /* certificate chain */
-#endif
- EVP_MD *md; /* signature type */
-
- int md_enc; /* is the md encrypted or not? */
- int md_len; /* length of md_data */
- char *md_data; /* message digest, could be pkey encrypted */
-
- EVP_CIPHER *dec; /* date encryption cipher */
- int key_len; /* key length */
- unsigned char *key; /* key */
- /* unused, and wrong size
- unsigned char iv[8]; */
-
-
- int data_enc; /* is the data encrypted */
- int data_len;
- unsigned char *data;
- } PEM_CTX;
-
-/* These macros make the PEM_read/PEM_write functions easier to maintain and
- * write. Now they are all implemented with either:
- * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
- */
-
-#ifdef OPENSSL_NO_FP_API
-
-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
-
-#else
-
-#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
-type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
-{ \
- return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \
- str, fp, \
- CHECKED_PPTR_OF(type, x), \
- cb, u); \
-}
-
-#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x) \
-{ \
- return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
- str, fp, \
- CHECKED_PTR_OF(type, x), \
- NULL, NULL, 0, NULL, NULL); \
-}
-
-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, const type *x) \
-{ \
- return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
- str, fp, \
- CHECKED_PTR_OF(const type, x), \
- NULL, NULL, 0, NULL, NULL); \
-}
-
-#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
- unsigned char *kstr, int klen, pem_password_cb *cb, \
- void *u) \
- { \
- return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
- str, fp, \
- CHECKED_PTR_OF(type, x), \
- enc, kstr, klen, cb, u); \
- }
-
-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
- unsigned char *kstr, int klen, pem_password_cb *cb, \
- void *u) \
- { \
- return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
- str, fp, \
- CHECKED_PTR_OF(const type, x), \
- enc, kstr, klen, cb, u); \
- }
-
-#endif
-
-#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
-type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
-{ \
- return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \
- str, bp, \
- CHECKED_PPTR_OF(type, x), \
- cb, u); \
-}
-
-#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x) \
-{ \
- return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
- str, bp, \
- CHECKED_PTR_OF(type, x), \
- NULL, NULL, 0, NULL, NULL); \
-}
-
-#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, const type *x) \
-{ \
- return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
- str, bp, \
- CHECKED_PTR_OF(const type, x), \
- NULL, NULL, 0, NULL, NULL); \
-}
-
-#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
- unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
- { \
- return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
- str, bp, \
- CHECKED_PTR_OF(type, x), \
- enc, kstr, klen, cb, u); \
- }
-
-#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
- unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
- { \
- return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
- str, bp, \
- CHECKED_PTR_OF(const type, x), \
- enc, kstr, klen, cb, u); \
- }
-
-#define IMPLEMENT_PEM_write(name, type, str, asn1) \
- IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
- IMPLEMENT_PEM_write_fp(name, type, str, asn1)
-
-#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
- IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
- IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
-
-#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
- IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
- IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
-
-#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
- IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
- IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
-
-#define IMPLEMENT_PEM_read(name, type, str, asn1) \
- IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
- IMPLEMENT_PEM_read_fp(name, type, str, asn1)
-
-#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
- IMPLEMENT_PEM_read(name, type, str, asn1) \
- IMPLEMENT_PEM_write(name, type, str, asn1)
-
-#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
- IMPLEMENT_PEM_read(name, type, str, asn1) \
- IMPLEMENT_PEM_write_const(name, type, str, asn1)
-
-#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
- IMPLEMENT_PEM_read(name, type, str, asn1) \
- IMPLEMENT_PEM_write_cb(name, type, str, asn1)
-
-/* These are the same except they are for the declarations */
-
-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)
-
-#define DECLARE_PEM_read_fp(name, type) /**/
-#define DECLARE_PEM_write_fp(name, type) /**/
-#define DECLARE_PEM_write_fp_const(name, type) /**/
-#define DECLARE_PEM_write_cb_fp(name, type) /**/
-
-#else
-
-#define DECLARE_PEM_read_fp(name, type) \
- type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
-
-#define DECLARE_PEM_write_fp(name, type) \
- int PEM_write_##name(FILE *fp, type *x);
-
-#define DECLARE_PEM_write_fp_const(name, type) \
- int PEM_write_##name(FILE *fp, const type *x);
-
-#define DECLARE_PEM_write_cb_fp(name, type) \
- int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
- unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
-
-#endif
-
-#ifndef OPENSSL_NO_BIO
-#define DECLARE_PEM_read_bio(name, type) \
- type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
-
-#define DECLARE_PEM_write_bio(name, type) \
- int PEM_write_bio_##name(BIO *bp, type *x);
-
-#define DECLARE_PEM_write_bio_const(name, type) \
- int PEM_write_bio_##name(BIO *bp, const type *x);
-
-#define DECLARE_PEM_write_cb_bio(name, type) \
- int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
- unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
-
-#else
-
-#define DECLARE_PEM_read_bio(name, type) /**/
-#define DECLARE_PEM_write_bio(name, type) /**/
-#define DECLARE_PEM_write_bio_const(name, type) /**/
-#define DECLARE_PEM_write_cb_bio(name, type) /**/
-
-#endif
-
-#define DECLARE_PEM_write(name, type) \
- DECLARE_PEM_write_bio(name, type) \
- DECLARE_PEM_write_fp(name, type)
-
-#define DECLARE_PEM_write_const(name, type) \
- DECLARE_PEM_write_bio_const(name, type) \
- DECLARE_PEM_write_fp_const(name, type)
-
-#define DECLARE_PEM_write_cb(name, type) \
- DECLARE_PEM_write_cb_bio(name, type) \
- DECLARE_PEM_write_cb_fp(name, type)
-
-#define DECLARE_PEM_read(name, type) \
- DECLARE_PEM_read_bio(name, type) \
- DECLARE_PEM_read_fp(name, type)
-
-#define DECLARE_PEM_rw(name, type) \
- DECLARE_PEM_read(name, type) \
- DECLARE_PEM_write(name, type)
-
-#define DECLARE_PEM_rw_const(name, type) \
- DECLARE_PEM_read(name, type) \
- DECLARE_PEM_write_const(name, type)
-
-#define DECLARE_PEM_rw_cb(name, type) \
- DECLARE_PEM_read(name, type) \
- DECLARE_PEM_write_cb(name, type)
-
-#ifdef SSLEAY_MACROS
-
-#define PEM_write_SSL_SESSION(fp,x) \
- PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
- PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_X509(fp,x) \
- PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
- (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
- (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
- NULL,NULL,0,NULL,NULL)
-#define PEM_write_X509_CRL(fp,x) \
- PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
- fp,(char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
- PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
- (char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_RSAPublicKey(fp,x) \
- PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
- PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
- PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
- (char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
- PEM_ASN1_write((int (*)())i2d_PrivateKey,\
- (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
- bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_PKCS7(fp,x) \
- PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
- (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_DHparams(fp,x) \
- PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
- (char *)x,NULL,NULL,0,NULL,NULL)
-
-#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
- PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
- PEM_STRING_X509,fp, \
- (char *)x, NULL,NULL,0,NULL,NULL)
-
-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
- (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
-#define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
- (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
-#define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
- (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
-#define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
- (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
-#define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
- (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
-#define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
- (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
-#define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
- (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
-#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
- (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
-#define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
- (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
-#define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
- (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
-
-#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
- (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
- (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
- (char **)x,cb,u)
-
-#define PEM_write_bio_X509(bp,x) \
- PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
- (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
- (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
- NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_X509_CRL(bp,x) \
- PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
- bp,(char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
- PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
- bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_bio_RSAPublicKey(bp,x) \
- PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
- PEM_STRING_RSA_PUBLIC,\
- bp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
- PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
- bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
- PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
- (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
- bp,(char *)x,enc,kstr,klen,cb,u)
-#define PEM_write_bio_PKCS7(bp,x) \
- PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
- (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_DHparams(bp,x) \
- PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
- bp,(char *)x,NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_DSAparams(bp,x) \
- PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
- PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
-
-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
- PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
- PEM_STRING_X509,bp, \
- (char *)x, NULL,NULL,0,NULL,NULL)
-
-#define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
-#define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
-#define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
-#define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
-#define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
-#define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
-#define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
-
-#define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
-#define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
-#define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
-
-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
- (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
- (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
- (char **)x,cb,u)
-
-#endif
-
-#if 1
-/* "userdata": new with OpenSSL 0.9.4 */
-typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
-#else
-/* OpenSSL 0.9.3, 0.9.3a */
-typedef int pem_password_cb(char *buf, int size, int rwflag);
-#endif
-
-int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
-int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
- pem_password_cb *callback,void *u);
-
-#ifndef OPENSSL_NO_BIO
-int PEM_read_bio(BIO *bp, char **name, char **header,
- unsigned char **data,long *len);
-int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
- long len);
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
- pem_password_cb *cb, void *u);
-void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
- void **x, pem_password_cb *cb, void *u);
-
-#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \
- ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \
- name, bp, \
- CHECKED_PPTR_OF(type, x), \
- cb, u))
-
-int PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x,
- const EVP_CIPHER *enc,unsigned char *kstr,int klen,
- pem_password_cb *cb, void *u);
-
-#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \
- (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \
- name, bp, \
- CHECKED_PTR_OF(type, x), \
- enc, kstr, klen, cb, u))
-
-STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
-int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
- unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
-#endif
-
-#ifndef OPENSSL_SYS_WIN16
-int PEM_read(FILE *fp, char **name, char **header,
- unsigned char **data,long *len);
-int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
-void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
- pem_password_cb *cb, void *u);
-int PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp,
- char *x,const EVP_CIPHER *enc,unsigned char *kstr,
- int klen,pem_password_cb *callback, void *u);
-STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
- pem_password_cb *cb, void *u);
-#endif
-
-int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
- EVP_MD *md_type, unsigned char **ek, int *ekl,
- unsigned char *iv, EVP_PKEY **pubk, int npubk);
-void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
- unsigned char *in, int inl);
-int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,
- unsigned char *out, int *outl, EVP_PKEY *priv);
-
-void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
-void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
-int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
- unsigned int *siglen, EVP_PKEY *pkey);
-
-int PEM_def_callback(char *buf, int num, int w, void *key);
-void PEM_proc_type(char *buf, int type);
-void PEM_dek_info(char *buf, const char *type, int len, char *str);
-
-#ifndef SSLEAY_MACROS
-
-#include <openssl/symhacks.h>
-
-DECLARE_PEM_rw(X509, X509)
-
-DECLARE_PEM_rw(X509_AUX, X509)
-
-DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
-
-DECLARE_PEM_rw(X509_REQ, X509_REQ)
-DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
-
-DECLARE_PEM_rw(X509_CRL, X509_CRL)
-
-DECLARE_PEM_rw(PKCS7, PKCS7)
-
-DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
-
-DECLARE_PEM_rw(PKCS8, X509_SIG)
-
-DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
-
-#ifndef OPENSSL_NO_RSA
-
-DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
-
-DECLARE_PEM_rw_const(RSAPublicKey, RSA)
-DECLARE_PEM_rw(RSA_PUBKEY, RSA)
-
-#endif
-
-#ifndef OPENSSL_NO_DSA
-
-DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
-
-DECLARE_PEM_rw(DSA_PUBKEY, DSA)
-
-DECLARE_PEM_rw_const(DSAparams, DSA)
-
-#endif
-
-#ifndef OPENSSL_NO_EC
-DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
-DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
-DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
-#endif
-
-#ifndef OPENSSL_NO_DH
-
-DECLARE_PEM_rw_const(DHparams, DH)
-
-#endif
-
-DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
-
-DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
-
-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
- char *, int, pem_password_cb *, void *);
-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-
-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-
-int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
- char *kstr,int klen, pem_password_cb *cd, void *u);
-
-#endif /* SSLEAY_MACROS */
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PEM_strings(void);
-
-/* Error codes for the PEM functions. */
-
-/* Function codes. */
-#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120
-#define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121
-#define PEM_F_DO_PK8PKEY 126
-#define PEM_F_DO_PK8PKEY_FP 125
-#define PEM_F_LOAD_IV 101
-#define PEM_F_PEM_ASN1_READ 102
-#define PEM_F_PEM_ASN1_READ_BIO 103
-#define PEM_F_PEM_ASN1_WRITE 104
-#define PEM_F_PEM_ASN1_WRITE_BIO 105
-#define PEM_F_PEM_DEF_CALLBACK 100
-#define PEM_F_PEM_DO_HEADER 106
-#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118
-#define PEM_F_PEM_GET_EVP_CIPHER_INFO 107
-#define PEM_F_PEM_PK8PKEY 119
-#define PEM_F_PEM_READ 108
-#define PEM_F_PEM_READ_BIO 109
-#define PEM_F_PEM_READ_BIO_PRIVATEKEY 123
-#define PEM_F_PEM_READ_PRIVATEKEY 124
-#define PEM_F_PEM_SEALFINAL 110
-#define PEM_F_PEM_SEALINIT 111
-#define PEM_F_PEM_SIGNFINAL 112
-#define PEM_F_PEM_WRITE 113
-#define PEM_F_PEM_WRITE_BIO 114
-#define PEM_F_PEM_X509_INFO_READ 115
-#define PEM_F_PEM_X509_INFO_READ_BIO 116
-#define PEM_F_PEM_X509_INFO_WRITE_BIO 117
-
-/* Reason codes. */
-#define PEM_R_BAD_BASE64_DECODE 100
-#define PEM_R_BAD_DECRYPT 101
-#define PEM_R_BAD_END_LINE 102
-#define PEM_R_BAD_IV_CHARS 103
-#define PEM_R_BAD_PASSWORD_READ 104
-#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115
-#define PEM_R_NOT_DEK_INFO 105
-#define PEM_R_NOT_ENCRYPTED 106
-#define PEM_R_NOT_PROC_TYPE 107
-#define PEM_R_NO_START_LINE 108
-#define PEM_R_PROBLEMS_GETTING_PASSWORD 109
-#define PEM_R_PUBLIC_KEY_NO_RSA 110
-#define PEM_R_READ_KEY 111
-#define PEM_R_SHORT_HEADER 112
-#define PEM_R_UNSUPPORTED_CIPHER 113
-#define PEM_R_UNSUPPORTED_ENCRYPTION 114
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem.h (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,742 @@
+/* crypto/pem/pem.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_PEM_H
+# define HEADER_PEM_H
+
+# include <openssl/e_os2.h>
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+# ifndef OPENSSL_NO_STACK
+# include <openssl/stack.h>
+# endif
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pem2.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define PEM_BUFSIZE 1024
+
+# define PEM_OBJ_UNDEF 0
+# define PEM_OBJ_X509 1
+# define PEM_OBJ_X509_REQ 2
+# define PEM_OBJ_CRL 3
+# define PEM_OBJ_SSL_SESSION 4
+# define PEM_OBJ_PRIV_KEY 10
+# define PEM_OBJ_PRIV_RSA 11
+# define PEM_OBJ_PRIV_DSA 12
+# define PEM_OBJ_PRIV_DH 13
+# define PEM_OBJ_PUB_RSA 14
+# define PEM_OBJ_PUB_DSA 15
+# define PEM_OBJ_PUB_DH 16
+# define PEM_OBJ_DHPARAMS 17
+# define PEM_OBJ_DSAPARAMS 18
+# define PEM_OBJ_PRIV_RSA_PUBLIC 19
+# define PEM_OBJ_PRIV_ECDSA 20
+# define PEM_OBJ_PUB_ECDSA 21
+# define PEM_OBJ_ECPARAMETERS 22
+
+# define PEM_ERROR 30
+# define PEM_DEK_DES_CBC 40
+# define PEM_DEK_IDEA_CBC 45
+# define PEM_DEK_DES_EDE 50
+# define PEM_DEK_DES_ECB 60
+# define PEM_DEK_RSA 70
+# define PEM_DEK_RSA_MD2 80
+# define PEM_DEK_RSA_MD5 90
+
+# define PEM_MD_MD2 NID_md2
+# define PEM_MD_MD5 NID_md5
+# define PEM_MD_SHA NID_sha
+# define PEM_MD_MD2_RSA NID_md2WithRSAEncryption
+# define PEM_MD_MD5_RSA NID_md5WithRSAEncryption
+# define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption
+
+# define PEM_STRING_X509_OLD "X509 CERTIFICATE"
+# define PEM_STRING_X509 "CERTIFICATE"
+# define PEM_STRING_X509_PAIR "CERTIFICATE PAIR"
+# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
+# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
+# define PEM_STRING_X509_REQ "CERTIFICATE REQUEST"
+# define PEM_STRING_X509_CRL "X509 CRL"
+# define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY"
+# define PEM_STRING_PUBLIC "PUBLIC KEY"
+# define PEM_STRING_RSA "RSA PRIVATE KEY"
+# define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY"
+# define PEM_STRING_DSA "DSA PRIVATE KEY"
+# define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY"
+# define PEM_STRING_PKCS7 "PKCS7"
+# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
+# define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY"
+# define PEM_STRING_PKCS8INF "PRIVATE KEY"
+# define PEM_STRING_DHPARAMS "DH PARAMETERS"
+# define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS"
+# define PEM_STRING_DSAPARAMS "DSA PARAMETERS"
+# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
+# define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
+# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
+# define PEM_STRING_CMS "CMS"
+
+ /*
+ * Note that this structure is initialised by PEM_SealInit and cleaned up
+ * by PEM_SealFinal (at least for now)
+ */
+typedef struct PEM_Encode_Seal_st {
+ EVP_ENCODE_CTX encode;
+ EVP_MD_CTX md;
+ EVP_CIPHER_CTX cipher;
+} PEM_ENCODE_SEAL_CTX;
+
+/* enc_type is one off */
+# define PEM_TYPE_ENCRYPTED 10
+# define PEM_TYPE_MIC_ONLY 20
+# define PEM_TYPE_MIC_CLEAR 30
+# define PEM_TYPE_CLEAR 40
+
+typedef struct pem_recip_st {
+ char *name;
+ X509_NAME *dn;
+ int cipher;
+ int key_enc;
+ /* char iv[8]; unused and wrong size */
+} PEM_USER;
+
+typedef struct pem_ctx_st {
+ int type; /* what type of object */
+ struct {
+ int version;
+ int mode;
+ } proc_type;
+
+ char *domain;
+
+ struct {
+ int cipher;
+ /*-
+ unused, and wrong size
+ unsigned char iv[8]; */
+ } DEK_info;
+
+ PEM_USER *originator;
+
+ int num_recipient;
+ PEM_USER **recipient;
+
+# ifndef OPENSSL_NO_STACK
+ STACK *x509_chain; /* certificate chain */
+# else
+ char *x509_chain; /* certificate chain */
+# endif
+ EVP_MD *md; /* signature type */
+
+ int md_enc; /* is the md encrypted or not? */
+ int md_len; /* length of md_data */
+ char *md_data; /* message digest, could be pkey encrypted */
+
+ EVP_CIPHER *dec; /* date encryption cipher */
+ int key_len; /* key length */
+ unsigned char *key; /* key */
+ /*-
+ unused, and wrong size
+ unsigned char iv[8]; */
+
+ int data_enc; /* is the data encrypted */
+ int data_len;
+ unsigned char *data;
+} PEM_CTX;
+
+/*
+ * These macros make the PEM_read/PEM_write functions easier to maintain and
+ * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or
+ * IMPLEMENT_PEM_rw_cb(...)
+ */
+
+# ifdef OPENSSL_NO_FP_API
+
+# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
+# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
+# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
+# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
+# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
+# else
+
+# define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
+type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
+{ \
+ return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \
+ str, fp, \
+ CHECKED_PPTR_OF(type, x), \
+ cb, u); \
+}
+
+# define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x) \
+{ \
+ return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+ str, fp, \
+ CHECKED_PTR_OF(type, x), \
+ NULL, NULL, 0, NULL, NULL); \
+}
+
+# define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, const type *x) \
+{ \
+ return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
+ str, fp, \
+ CHECKED_PTR_OF(const type, x), \
+ NULL, NULL, 0, NULL, NULL); \
+}
+
+# define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+ unsigned char *kstr, int klen, pem_password_cb *cb, \
+ void *u) \
+ { \
+ return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+ str, fp, \
+ CHECKED_PTR_OF(type, x), \
+ enc, kstr, klen, cb, u); \
+ }
+
+# define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+ unsigned char *kstr, int klen, pem_password_cb *cb, \
+ void *u) \
+ { \
+ return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
+ str, fp, \
+ CHECKED_PTR_OF(const type, x), \
+ enc, kstr, klen, cb, u); \
+ }
+
+# endif
+
+# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
+{ \
+ return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \
+ str, bp, \
+ CHECKED_PPTR_OF(type, x), \
+ cb, u); \
+}
+
+# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x) \
+{ \
+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+ str, bp, \
+ CHECKED_PTR_OF(type, x), \
+ NULL, NULL, 0, NULL, NULL); \
+}
+
+# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, const type *x) \
+{ \
+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
+ str, bp, \
+ CHECKED_PTR_OF(const type, x), \
+ NULL, NULL, 0, NULL, NULL); \
+}
+
+# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+ { \
+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+ str, bp, \
+ CHECKED_PTR_OF(type, x), \
+ enc, kstr, klen, cb, u); \
+ }
+
+# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+ { \
+ return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
+ str, bp, \
+ CHECKED_PTR_OF(const type, x), \
+ enc, kstr, klen, cb, u); \
+ }
+
+# define IMPLEMENT_PEM_write(name, type, str, asn1) \
+ IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+ IMPLEMENT_PEM_write_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
+ IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
+ IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
+ IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+ IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
+ IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
+ IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_read(name, type, str, asn1) \
+ IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+ IMPLEMENT_PEM_read_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw(name, type, str, asn1) \
+ IMPLEMENT_PEM_read(name, type, str, asn1) \
+ IMPLEMENT_PEM_write(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
+ IMPLEMENT_PEM_read(name, type, str, asn1) \
+ IMPLEMENT_PEM_write_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
+ IMPLEMENT_PEM_read(name, type, str, asn1) \
+ IMPLEMENT_PEM_write_cb(name, type, str, asn1)
+
+/* These are the same except they are for the declarations */
+
+# if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)
+
+# define DECLARE_PEM_read_fp(name, type) /**/
+# define DECLARE_PEM_write_fp(name, type) /**/
+# define DECLARE_PEM_write_fp_const(name, type) /**/
+# define DECLARE_PEM_write_cb_fp(name, type) /**/
+# else
+
+# define DECLARE_PEM_read_fp(name, type) \
+ type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
+
+# define DECLARE_PEM_write_fp(name, type) \
+ int PEM_write_##name(FILE *fp, type *x);
+
+# define DECLARE_PEM_write_fp_const(name, type) \
+ int PEM_write_##name(FILE *fp, const type *x);
+
+# define DECLARE_PEM_write_cb_fp(name, type) \
+ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+ unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+# endif
+
+# ifndef OPENSSL_NO_BIO
+# define DECLARE_PEM_read_bio(name, type) \
+ type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
+
+# define DECLARE_PEM_write_bio(name, type) \
+ int PEM_write_bio_##name(BIO *bp, type *x);
+
+# define DECLARE_PEM_write_bio_const(name, type) \
+ int PEM_write_bio_##name(BIO *bp, const type *x);
+
+# define DECLARE_PEM_write_cb_bio(name, type) \
+ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+ unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+# else
+
+# define DECLARE_PEM_read_bio(name, type) /**/
+# define DECLARE_PEM_write_bio(name, type) /**/
+# define DECLARE_PEM_write_bio_const(name, type) /**/
+# define DECLARE_PEM_write_cb_bio(name, type) /**/
+# endif
+# define DECLARE_PEM_write(name, type) \
+ DECLARE_PEM_write_bio(name, type) \
+ DECLARE_PEM_write_fp(name, type)
+# define DECLARE_PEM_write_const(name, type) \
+ DECLARE_PEM_write_bio_const(name, type) \
+ DECLARE_PEM_write_fp_const(name, type)
+# define DECLARE_PEM_write_cb(name, type) \
+ DECLARE_PEM_write_cb_bio(name, type) \
+ DECLARE_PEM_write_cb_fp(name, type)
+# define DECLARE_PEM_read(name, type) \
+ DECLARE_PEM_read_bio(name, type) \
+ DECLARE_PEM_read_fp(name, type)
+# define DECLARE_PEM_rw(name, type) \
+ DECLARE_PEM_read(name, type) \
+ DECLARE_PEM_write(name, type)
+# define DECLARE_PEM_rw_const(name, type) \
+ DECLARE_PEM_read(name, type) \
+ DECLARE_PEM_write_const(name, type)
+# define DECLARE_PEM_rw_cb(name, type) \
+ DECLARE_PEM_read(name, type) \
+ DECLARE_PEM_write_cb(name, type)
+# ifdef SSLEAY_MACROS
+# define PEM_write_SSL_SESSION(fp,x) \
+ PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
+ PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
+# define PEM_write_X509(fp,x) \
+ PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
+ (char *)x, NULL,NULL,0,NULL,NULL)
+# define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
+ (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
+ NULL,NULL,0,NULL,NULL)
+# define PEM_write_X509_CRL(fp,x) \
+ PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
+ fp,(char *)x, NULL,NULL,0,NULL,NULL)
+# define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
+ PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
+ (char *)x,enc,kstr,klen,cb,u)
+# define PEM_write_RSAPublicKey(fp,x) \
+ PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
+ PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
+# define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
+ PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
+ (char *)x,enc,kstr,klen,cb,u)
+# define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
+ PEM_ASN1_write((int (*)())i2d_PrivateKey,\
+ (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
+ bp,(char *)x,enc,kstr,klen,cb,u)
+# define PEM_write_PKCS7(fp,x) \
+ PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
+ (char *)x, NULL,NULL,0,NULL,NULL)
+# define PEM_write_DHparams(fp,x) \
+ PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
+ (char *)x,NULL,NULL,0,NULL,NULL)
+# define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
+ PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+ PEM_STRING_X509,fp, \
+ (char *)x, NULL,NULL,0,NULL,NULL)
+# define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
+ (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
+# define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
+ (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
+# define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
+ (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
+# define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
+ (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
+# define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+ (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
+# define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+ (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
+# define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
+ (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
+# define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
+ (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
+# define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
+ (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
+# define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
+ (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
+# define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
+ (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
+ (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
+ (char **)x,cb,u)
+# define PEM_write_bio_X509(bp,x) \
+ PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
+ (char *)x, NULL,NULL,0,NULL,NULL)
+# define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
+ (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
+ NULL,NULL,0,NULL,NULL)
+# define PEM_write_bio_X509_CRL(bp,x) \
+ PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
+ bp,(char *)x, NULL,NULL,0,NULL,NULL)
+# define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
+ PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
+ bp,(char *)x,enc,kstr,klen,cb,u)
+# define PEM_write_bio_RSAPublicKey(bp,x) \
+ PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
+ PEM_STRING_RSA_PUBLIC,\
+ bp,(char *)x,NULL,NULL,0,NULL,NULL)
+# define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
+ PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
+ bp,(char *)x,enc,kstr,klen,cb,u)
+# define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
+ PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
+ (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
+ bp,(char *)x,enc,kstr,klen,cb,u)
+# define PEM_write_bio_PKCS7(bp,x) \
+ PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
+ (char *)x, NULL,NULL,0,NULL,NULL)
+# define PEM_write_bio_DHparams(bp,x) \
+ PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
+ bp,(char *)x,NULL,NULL,0,NULL,NULL)
+# define PEM_write_bio_DSAparams(bp,x) \
+ PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
+ PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
+# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
+ PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+ PEM_STRING_X509,bp, \
+ (char *)x, NULL,NULL,0,NULL,NULL)
+# define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
+# define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
+# define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
+# define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
+# define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
+# define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
+# define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
+# define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
+# define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
+# define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
+# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
+ (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
+ (char **)x,cb,u)
+# endif
+# if 1
+/* "userdata": new with OpenSSL 0.9.4 */
+typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata);
+# else
+/* OpenSSL 0.9.3, 0.9.3a */
+typedef int pem_password_cb (char *buf, int size, int rwflag);
+# endif
+
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
+ pem_password_cb *callback, void *u);
+
+# ifndef OPENSSL_NO_BIO
+int PEM_read_bio(BIO *bp, char **name, char **header,
+ unsigned char **data, long *len);
+int PEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data,
+ long len);
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+ const char *name, BIO *bp, pem_password_cb *cb,
+ void *u);
+void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
+ pem_password_cb *cb, void *u);
+
+# define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \
+ ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \
+ name, bp, \
+ CHECKED_PPTR_OF(type, x), \
+ cb, u))
+
+int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, char *x,
+ const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+
+# define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \
+ (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \
+ name, bp, \
+ CHECKED_PTR_OF(type, x), \
+ enc, kstr, klen, cb, u))
+
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
+ pem_password_cb *cb, void *u);
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cd, void *u);
+# endif
+
+# ifndef OPENSSL_SYS_WIN16
+int PEM_read(FILE *fp, char **name, char **header,
+ unsigned char **data, long *len);
+int PEM_write(FILE *fp, char *name, char *hdr, unsigned char *data, long len);
+void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
+ pem_password_cb *cb, void *u);
+int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
+ char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+ int klen, pem_password_cb *callback, void *u);
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+ pem_password_cb *cb, void *u);
+# endif
+
+int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
+ EVP_MD *md_type, unsigned char **ek, int *ekl,
+ unsigned char *iv, EVP_PKEY **pubk, int npubk);
+void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
+ unsigned char *in, int inl);
+int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
+ unsigned char *out, int *outl, EVP_PKEY *priv);
+
+void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+ unsigned int *siglen, EVP_PKEY *pkey);
+
+int PEM_def_callback(char *buf, int num, int w, void *key);
+void PEM_proc_type(char *buf, int type);
+void PEM_dek_info(char *buf, const char *type, int len, char *str);
+
+# ifndef SSLEAY_MACROS
+
+# include <openssl/symhacks.h>
+
+DECLARE_PEM_rw(X509, X509)
+DECLARE_PEM_rw(X509_AUX, X509)
+DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
+DECLARE_PEM_rw(X509_REQ, X509_REQ)
+DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
+DECLARE_PEM_rw(X509_CRL, X509_CRL)
+DECLARE_PEM_rw(PKCS7, PKCS7)
+DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+DECLARE_PEM_rw(PKCS8, X509_SIG)
+DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+# ifndef OPENSSL_NO_RSA
+DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
+DECLARE_PEM_rw_const(RSAPublicKey, RSA)
+DECLARE_PEM_rw(RSA_PUBKEY, RSA)
+# endif
+# ifndef OPENSSL_NO_DSA
+DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
+DECLARE_PEM_rw(DSA_PUBKEY, DSA)
+DECLARE_PEM_rw_const(DSAparams, DSA)
+# endif
+# ifndef OPENSSL_NO_EC
+DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
+DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
+DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
+# endif
+# ifndef OPENSSL_NO_DH
+DECLARE_PEM_rw_const(DHparams, DH)
+# endif
+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
+DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
+ char *, int, pem_password_cb *, void *);
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+ void *u);
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u);
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+ void *u);
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ char *kstr, int klen, pem_password_cb *cd,
+ void *u);
+
+# endif /* SSLEAY_MACROS */
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PEM_strings(void);
+
+/* Error codes for the PEM functions. */
+
+/* Function codes. */
+# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120
+# define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121
+# define PEM_F_DO_PK8PKEY 126
+# define PEM_F_DO_PK8PKEY_FP 125
+# define PEM_F_LOAD_IV 101
+# define PEM_F_PEM_ASN1_READ 102
+# define PEM_F_PEM_ASN1_READ_BIO 103
+# define PEM_F_PEM_ASN1_WRITE 104
+# define PEM_F_PEM_ASN1_WRITE_BIO 105
+# define PEM_F_PEM_DEF_CALLBACK 100
+# define PEM_F_PEM_DO_HEADER 106
+# define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118
+# define PEM_F_PEM_GET_EVP_CIPHER_INFO 107
+# define PEM_F_PEM_PK8PKEY 119
+# define PEM_F_PEM_READ 108
+# define PEM_F_PEM_READ_BIO 109
+# define PEM_F_PEM_READ_BIO_PRIVATEKEY 123
+# define PEM_F_PEM_READ_PRIVATEKEY 124
+# define PEM_F_PEM_SEALFINAL 110
+# define PEM_F_PEM_SEALINIT 111
+# define PEM_F_PEM_SIGNFINAL 112
+# define PEM_F_PEM_WRITE 113
+# define PEM_F_PEM_WRITE_BIO 114
+# define PEM_F_PEM_X509_INFO_READ 115
+# define PEM_F_PEM_X509_INFO_READ_BIO 116
+# define PEM_F_PEM_X509_INFO_WRITE_BIO 117
+
+/* Reason codes. */
+# define PEM_R_BAD_BASE64_DECODE 100
+# define PEM_R_BAD_DECRYPT 101
+# define PEM_R_BAD_END_LINE 102
+# define PEM_R_BAD_IV_CHARS 103
+# define PEM_R_BAD_PASSWORD_READ 104
+# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115
+# define PEM_R_NOT_DEK_INFO 105
+# define PEM_R_NOT_ENCRYPTED 106
+# define PEM_R_NOT_PROC_TYPE 107
+# define PEM_R_NO_START_LINE 108
+# define PEM_R_PROBLEMS_GETTING_PASSWORD 109
+# define PEM_R_PUBLIC_KEY_NO_RSA 110
+# define PEM_R_READ_KEY 111
+# define PEM_R_SHORT_HEADER 112
+# define PEM_R_UNSUPPORTED_CIPHER 113
+# define PEM_R_UNSUPPORTED_ENCRYPTION 114
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem2.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem2.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem2.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,70 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
- * This header only exists to break a circular dependency between pem and err
- * Ben 30 Jan 1999.
- */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef HEADER_PEM_H
-void ERR_load_PEM_strings(void);
-#endif
-
-#ifdef __cplusplus
-}
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem2.h (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem2.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem2.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem2.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,70 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * This header only exists to break a circular dependency between pem and err
+ * Ben 30 Jan 1999.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef HEADER_PEM_H
+void ERR_load_PEM_strings(void);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_all.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_all.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_all.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,482 +0,0 @@
-/* crypto/pem/pem_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#undef SSLEAY_MACROS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
-#endif
-#ifndef OPENSSL_NO_DSA
-static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
-#endif
-
-#ifndef OPENSSL_NO_EC
-static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
-#endif
-
-IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
-
-IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
-
-IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
-
-IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
-
-IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
- PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
-
-
-#ifndef OPENSSL_NO_RSA
-
-/* We treat RSA or DSA private keys as a special case.
- *
- * For private keys we read in an EVP_PKEY structure with
- * PEM_read_bio_PrivateKey() and extract the relevant private
- * key: this means can handle "traditional" and PKCS#8 formats
- * transparently.
- */
-
-static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
-{
- RSA *rtmp;
- if(!key) return NULL;
- rtmp = EVP_PKEY_get1_RSA(key);
- EVP_PKEY_free(key);
- if(!rtmp) return NULL;
- if(rsa) {
- RSA_free(*rsa);
- *rsa = rtmp;
- }
- return rtmp;
-}
-
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
- void *u)
-{
- EVP_PKEY *pktmp;
- pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
- return pkey_get_rsa(pktmp, rsa);
-}
-
-#ifndef OPENSSL_NO_FP_API
-
-RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
- void *u)
-{
- EVP_PKEY *pktmp;
- pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
- return pkey_get_rsa(pktmp, rsa);
-}
-
-#endif
-
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- EVP_PKEY *k;
- int ret;
- k = EVP_PKEY_new();
- if (!k)
- return 0;
- EVP_PKEY_set1_RSA(k, x);
-
- ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
- EVP_PKEY_free(k);
- return ret;
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- EVP_PKEY *k;
- int ret;
- k = EVP_PKEY_new();
- if (!k)
- return 0;
-
- EVP_PKEY_set1_RSA(k, x);
-
- ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
- EVP_PKEY_free(k);
- return ret;
-}
-#endif
-
-#else
-
-IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
-
-#endif
-
-IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
-IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
-
-#endif
-
-#ifndef OPENSSL_NO_DSA
-
-static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
-{
- DSA *dtmp;
- if(!key) return NULL;
- dtmp = EVP_PKEY_get1_DSA(key);
- EVP_PKEY_free(key);
- if(!dtmp) return NULL;
- if(dsa) {
- DSA_free(*dsa);
- *dsa = dtmp;
- }
- return dtmp;
-}
-
-DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
- void *u)
-{
- EVP_PKEY *pktmp;
- pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
- return pkey_get_dsa(pktmp, dsa);
-}
-
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- EVP_PKEY *k;
- int ret;
- k = EVP_PKEY_new();
- if (!k)
- return 0;
- EVP_PKEY_set1_DSA(k, x);
-
- ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
- EVP_PKEY_free(k);
- return ret;
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- EVP_PKEY *k;
- int ret;
- k = EVP_PKEY_new();
- if (!k)
- return 0;
- EVP_PKEY_set1_DSA(k, x);
- ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
- EVP_PKEY_free(k);
- return ret;
-}
-#endif
-
-#else
-
-IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
-
-#endif
-
-IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
-
-#ifndef OPENSSL_NO_FP_API
-
-DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
- void *u)
-{
- EVP_PKEY *pktmp;
- pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
- return pkey_get_dsa(pktmp, dsa);
-}
-
-#endif
-
-IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
-
-#endif
-
-
-#ifndef OPENSSL_NO_EC
-static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
-{
- EC_KEY *dtmp;
- if(!key) return NULL;
- dtmp = EVP_PKEY_get1_EC_KEY(key);
- EVP_PKEY_free(key);
- if(!dtmp) return NULL;
- if(eckey)
- {
- EC_KEY_free(*eckey);
- *eckey = dtmp;
- }
- return dtmp;
-}
-
-EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
- void *u)
-{
- EVP_PKEY *pktmp;
- pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
- return pkey_get_eckey(pktmp, key);
-}
-
-IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
-
-
-
-#ifdef OPENSSL_FIPS
-
-int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- EVP_PKEY *k;
- int ret;
- k = EVP_PKEY_new();
- if (!k)
- return 0;
- EVP_PKEY_set1_EC_KEY(k, x);
-
- ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
- EVP_PKEY_free(k);
- return ret;
-}
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- EVP_PKEY *k;
- int ret;
- k = EVP_PKEY_new();
- if (!k)
- return 0;
- EVP_PKEY_set1_EC_KEY(k, x);
- ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
- EVP_PKEY_free(k);
- return ret;
-}
-#endif
-
-#else
-
-IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
-
-#endif
-
-IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
-
-#ifndef OPENSSL_NO_FP_API
-
-EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
- void *u)
-{
- EVP_PKEY *pktmp;
- pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
- return pkey_get_eckey(pktmp, eckey);
-}
-
-#endif
-
-#endif
-
-#ifndef OPENSSL_NO_DH
-
-IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
-
-#endif
-
-
-/* The PrivateKey case is not that straightforward.
- * IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
- * does not work, RSA and DSA keys have specific strings.
- * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
- * appropriate.)
- */
-
-#ifdef OPENSSL_FIPS
-
-static const char *pkey_str(EVP_PKEY *x)
- {
- switch (x->type)
- {
- case EVP_PKEY_RSA:
- return PEM_STRING_RSA;
-
- case EVP_PKEY_DSA:
- return PEM_STRING_DSA;
-
- case EVP_PKEY_EC:
- return PEM_STRING_ECPRIVATEKEY;
-
- default:
- return NULL;
- }
- }
-
-
-int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u)
- {
- if (FIPS_mode())
- return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
- (char *)kstr, klen, cb, u);
- else
- return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
- pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u);
- }
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u)
- {
- if (FIPS_mode())
- return PEM_write_PKCS8PrivateKey(fp, x, enc,
- (char *)kstr, klen, cb, u);
- else
- return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
- pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u);
- }
-#endif
-
-#else
-IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\
- (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey)
-
-#endif
-
-IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_all.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem_all.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_all.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_all.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,459 @@
+/* crypto/pem/pem_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+
+#ifndef OPENSSL_NO_RSA
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
+#endif
+#ifndef OPENSSL_NO_DSA
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
+#endif
+
+#ifndef OPENSSL_NO_EC
+static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
+#endif
+
+IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
+
+IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
+IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
+IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
+
+IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
+ PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
+#ifndef OPENSSL_NO_RSA
+/*
+ * We treat RSA or DSA private keys as a special case. For private keys we
+ * read in an EVP_PKEY structure with PEM_read_bio_PrivateKey() and extract
+ * the relevant private key: this means can handle "traditional" and PKCS#8
+ * formats transparently.
+ */
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
+{
+ RSA *rtmp;
+ if (!key)
+ return NULL;
+ rtmp = EVP_PKEY_get1_RSA(key);
+ EVP_PKEY_free(key);
+ if (!rtmp)
+ return NULL;
+ if (rsa) {
+ RSA_free(*rsa);
+ *rsa = rtmp;
+ }
+ return rtmp;
+}
+
+RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
+ void *u)
+{
+ EVP_PKEY *pktmp;
+ pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+ return pkey_get_rsa(pktmp, rsa);
+}
+
+# ifndef OPENSSL_NO_FP_API
+
+RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *pktmp;
+ pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+ return pkey_get_rsa(pktmp, rsa);
+}
+
+# endif
+
+# ifdef OPENSSL_FIPS
+
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *k;
+ int ret;
+ k = EVP_PKEY_new();
+ if (!k)
+ return 0;
+ EVP_PKEY_set1_RSA(k, x);
+
+ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+ EVP_PKEY_free(k);
+ return ret;
+}
+
+# ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *k;
+ int ret;
+ k = EVP_PKEY_new();
+ if (!k)
+ return 0;
+
+ EVP_PKEY_set1_RSA(k, x);
+
+ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+ EVP_PKEY_free(k);
+ return ret;
+}
+# endif
+
+# else
+
+IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA,
+ RSAPrivateKey)
+# endif
+IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC,
+ RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA,
+ PEM_STRING_PUBLIC,
+ RSA_PUBKEY)
+#endif
+#ifndef OPENSSL_NO_DSA
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
+{
+ DSA *dtmp;
+ if (!key)
+ return NULL;
+ dtmp = EVP_PKEY_get1_DSA(key);
+ EVP_PKEY_free(key);
+ if (!dtmp)
+ return NULL;
+ if (dsa) {
+ DSA_free(*dsa);
+ *dsa = dtmp;
+ }
+ return dtmp;
+}
+
+DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
+ void *u)
+{
+ EVP_PKEY *pktmp;
+ pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+ return pkey_get_dsa(pktmp, dsa);
+}
+
+# ifdef OPENSSL_FIPS
+
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *k;
+ int ret;
+ k = EVP_PKEY_new();
+ if (!k)
+ return 0;
+ EVP_PKEY_set1_DSA(k, x);
+
+ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+ EVP_PKEY_free(k);
+ return ret;
+}
+
+# ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *k;
+ int ret;
+ k = EVP_PKEY_new();
+ if (!k)
+ return 0;
+ EVP_PKEY_set1_DSA(k, x);
+ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+ EVP_PKEY_free(k);
+ return ret;
+}
+# endif
+
+# else
+
+IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA,
+ DSAPrivateKey)
+# endif
+ IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
+# ifndef OPENSSL_NO_FP_API
+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *pktmp;
+ pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+ return pkey_get_dsa(pktmp, dsa);
+}
+
+# endif
+
+IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
+#endif
+#ifndef OPENSSL_NO_EC
+static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
+{
+ EC_KEY *dtmp;
+ if (!key)
+ return NULL;
+ dtmp = EVP_PKEY_get1_EC_KEY(key);
+ EVP_PKEY_free(key);
+ if (!dtmp)
+ return NULL;
+ if (eckey) {
+ EC_KEY_free(*eckey);
+ *eckey = dtmp;
+ }
+ return dtmp;
+}
+
+EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
+ void *u)
+{
+ EVP_PKEY *pktmp;
+ pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+ return pkey_get_eckey(pktmp, key);
+}
+
+IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS,
+ ECPKParameters)
+# ifdef OPENSSL_FIPS
+int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *k;
+ int ret;
+ k = EVP_PKEY_new();
+ if (!k)
+ return 0;
+ EVP_PKEY_set1_EC_KEY(k, x);
+
+ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+ EVP_PKEY_free(k);
+ return ret;
+}
+
+# ifndef OPENSSL_NO_FP_API
+int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_PKEY *k;
+ int ret;
+ k = EVP_PKEY_new();
+ if (!k)
+ return 0;
+ EVP_PKEY_set1_EC_KEY(k, x);
+ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+ EVP_PKEY_free(k);
+ return ret;
+}
+# endif
+
+# else
+ IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,
+ ECPrivateKey)
+# endif
+IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
+# ifndef OPENSSL_NO_FP_API
+EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
+ void *u)
+{
+ EVP_PKEY *pktmp;
+ pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+ return pkey_get_eckey(pktmp, eckey);
+}
+
+# endif
+
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
+#endif
+/*-
+ * The PrivateKey case is not that straightforward.
+ * IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
+ * does not work, RSA and DSA keys have specific strings.
+ * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
+ * appropriate.)
+ */
+#ifdef OPENSSL_FIPS
+static const char *pkey_str(EVP_PKEY *x)
+{
+ switch (x->type) {
+ case EVP_PKEY_RSA:
+ return PEM_STRING_RSA;
+
+ case EVP_PKEY_DSA:
+ return PEM_STRING_DSA;
+
+ case EVP_PKEY_EC:
+ return PEM_STRING_ECPRIVATEKEY;
+
+ default:
+ return NULL;
+ }
+}
+
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ if (FIPS_mode())
+ return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+ (char *)kstr, klen, cb, u);
+ else
+ return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
+ pkey_str(x), bp, (char *)x, enc, kstr, klen,
+ cb, u);
+}
+
+# ifndef OPENSSL_NO_FP_API
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ if (FIPS_mode())
+ return PEM_write_PKCS8PrivateKey(fp, x, enc,
+ (char *)kstr, klen, cb, u);
+ else
+ return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
+ pkey_str(x), fp, (char *)x, enc, kstr, klen, cb,
+ u);
+}
+# endif
+
+#else
+IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY,
+ ((x->type ==
+ EVP_PKEY_DSA) ? PEM_STRING_DSA : (x->type ==
+ EVP_PKEY_RSA) ?
+ PEM_STRING_RSA : PEM_STRING_ECPRIVATEKEY), PrivateKey)
+#endif
+ IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,135 +0,0 @@
-/* crypto/pem/pem_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
-
-static ERR_STRING_DATA PEM_str_functs[]=
- {
-{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
-{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
-{ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"},
-{ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
-{ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
-{ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
-{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
-{ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
-{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
-{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
-{ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
-{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
-{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
-{ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"},
-{ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
-{ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
-{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"},
-{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"},
-{ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
-{ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
-{ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
-{ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
-{ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
-{ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
-{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
-{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA PEM_str_reasons[]=
- {
-{ERR_REASON(PEM_R_BAD_BASE64_DECODE) ,"bad base64 decode"},
-{ERR_REASON(PEM_R_BAD_DECRYPT) ,"bad decrypt"},
-{ERR_REASON(PEM_R_BAD_END_LINE) ,"bad end line"},
-{ERR_REASON(PEM_R_BAD_IV_CHARS) ,"bad iv chars"},
-{ERR_REASON(PEM_R_BAD_PASSWORD_READ) ,"bad password read"},
-{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
-{ERR_REASON(PEM_R_NOT_DEK_INFO) ,"not dek info"},
-{ERR_REASON(PEM_R_NOT_ENCRYPTED) ,"not encrypted"},
-{ERR_REASON(PEM_R_NOT_PROC_TYPE) ,"not proc type"},
-{ERR_REASON(PEM_R_NO_START_LINE) ,"no start line"},
-{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
-{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) ,"public key no rsa"},
-{ERR_REASON(PEM_R_READ_KEY) ,"read key"},
-{ERR_REASON(PEM_R_SHORT_HEADER) ,"short header"},
-{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
-{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_PEM_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(PEM_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,PEM_str_functs);
- ERR_load_strings(0,PEM_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,136 @@
+/* crypto/pem/pem_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
+
+static ERR_STRING_DATA PEM_str_functs[] = {
+ {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
+ {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
+ {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"},
+ {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
+ {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
+ {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
+ {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
+ {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
+ {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
+ {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
+ {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
+ {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),
+ "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
+ {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
+ {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"},
+ {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
+ {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
+ {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"},
+ {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"},
+ {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
+ {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
+ {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
+ {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
+ {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
+ {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
+ {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
+ {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA PEM_str_reasons[] = {
+ {ERR_REASON(PEM_R_BAD_BASE64_DECODE), "bad base64 decode"},
+ {ERR_REASON(PEM_R_BAD_DECRYPT), "bad decrypt"},
+ {ERR_REASON(PEM_R_BAD_END_LINE), "bad end line"},
+ {ERR_REASON(PEM_R_BAD_IV_CHARS), "bad iv chars"},
+ {ERR_REASON(PEM_R_BAD_PASSWORD_READ), "bad password read"},
+ {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),
+ "error converting private key"},
+ {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"},
+ {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"},
+ {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"},
+ {ERR_REASON(PEM_R_NO_START_LINE), "no start line"},
+ {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),
+ "problems getting password"},
+ {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"},
+ {ERR_REASON(PEM_R_READ_KEY), "read key"},
+ {ERR_REASON(PEM_R_SHORT_HEADER), "short header"},
+ {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+ {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_PEM_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, PEM_str_functs);
+ ERR_load_strings(0, PEM_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_info.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_info.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_info.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,397 +0,0 @@
-/* crypto/pem/pem_info.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
- {
- BIO *b;
- STACK_OF(X509_INFO) *ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
- {
- X509_INFO *xi=NULL;
- char *name=NULL,*header=NULL;
- void *pp;
- unsigned char *data=NULL;
- const unsigned char *p;
- long len,error=0;
- int ok=0;
- STACK_OF(X509_INFO) *ret=NULL;
- unsigned int i,raw;
- d2i_of_void *d2i;
-
- if (sk == NULL)
- {
- if ((ret=sk_X509_INFO_new_null()) == NULL)
- {
- PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- else
- ret=sk;
-
- if ((xi=X509_INFO_new()) == NULL) goto err;
- for (;;)
- {
- raw=0;
- i=PEM_read_bio(bp,&name,&header,&data,&len);
- if (i == 0)
- {
- error=ERR_GET_REASON(ERR_peek_last_error());
- if (error == PEM_R_NO_START_LINE)
- {
- ERR_clear_error();
- break;
- }
- goto err;
- }
-start:
- if ( (strcmp(name,PEM_STRING_X509) == 0) ||
- (strcmp(name,PEM_STRING_X509_OLD) == 0))
- {
- d2i=(D2I_OF(void))d2i_X509;
- if (xi->x509 != NULL)
- {
- if (!sk_X509_INFO_push(ret,xi)) goto err;
- if ((xi=X509_INFO_new()) == NULL) goto err;
- goto start;
- }
- pp=&(xi->x509);
- }
- else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
- {
- d2i=(D2I_OF(void))d2i_X509_AUX;
- if (xi->x509 != NULL)
- {
- if (!sk_X509_INFO_push(ret,xi)) goto err;
- if ((xi=X509_INFO_new()) == NULL) goto err;
- goto start;
- }
- pp=&(xi->x509);
- }
- else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
- {
- d2i=(D2I_OF(void))d2i_X509_CRL;
- if (xi->crl != NULL)
- {
- if (!sk_X509_INFO_push(ret,xi)) goto err;
- if ((xi=X509_INFO_new()) == NULL) goto err;
- goto start;
- }
- pp=&(xi->crl);
- }
- else
-#ifndef OPENSSL_NO_RSA
- if (strcmp(name,PEM_STRING_RSA) == 0)
- {
- d2i=(D2I_OF(void))d2i_RSAPrivateKey;
- if (xi->x_pkey != NULL)
- {
- if (!sk_X509_INFO_push(ret,xi)) goto err;
- if ((xi=X509_INFO_new()) == NULL) goto err;
- goto start;
- }
-
- xi->enc_data=NULL;
- xi->enc_len=0;
-
- xi->x_pkey=X509_PKEY_new();
- if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
- goto err;
- xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;
- pp=&(xi->x_pkey->dec_pkey->pkey.rsa);
- if ((int)strlen(header) > 10) /* assume encrypted */
- raw=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (strcmp(name,PEM_STRING_DSA) == 0)
- {
- d2i=(D2I_OF(void))d2i_DSAPrivateKey;
- if (xi->x_pkey != NULL)
- {
- if (!sk_X509_INFO_push(ret,xi)) goto err;
- if ((xi=X509_INFO_new()) == NULL) goto err;
- goto start;
- }
-
- xi->enc_data=NULL;
- xi->enc_len=0;
-
- xi->x_pkey=X509_PKEY_new();
- if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
- goto err;
- xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;
- pp=&xi->x_pkey->dec_pkey->pkey.dsa;
- if ((int)strlen(header) > 10) /* assume encrypted */
- raw=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_EC
- if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0)
- {
- d2i=(D2I_OF(void))d2i_ECPrivateKey;
- if (xi->x_pkey != NULL)
- {
- if (!sk_X509_INFO_push(ret,xi)) goto err;
- if ((xi=X509_INFO_new()) == NULL) goto err;
- goto start;
- }
-
- xi->enc_data=NULL;
- xi->enc_len=0;
-
- xi->x_pkey=X509_PKEY_new();
- if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
- goto err;
- xi->x_pkey->dec_pkey->type=EVP_PKEY_EC;
- pp=&(xi->x_pkey->dec_pkey->pkey.ec);
- if ((int)strlen(header) > 10) /* assume encrypted */
- raw=1;
- }
- else
-#endif
- {
- d2i=NULL;
- pp=NULL;
- }
-
- if (d2i != NULL)
- {
- if (!raw)
- {
- EVP_CIPHER_INFO cipher;
-
- if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
- goto err;
- if (!PEM_do_header(&cipher,data,&len,cb,u))
- goto err;
- p=data;
- if (d2i(pp,&p,len) == NULL)
- {
- PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
- goto err;
- }
- }
- else
- { /* encrypted RSA data */
- if (!PEM_get_EVP_CIPHER_INFO(header,
- &xi->enc_cipher)) goto err;
- xi->enc_data=(char *)data;
- xi->enc_len=(int)len;
- data=NULL;
- }
- }
- else {
- /* unknown */
- }
- if (name != NULL) OPENSSL_free(name);
- if (header != NULL) OPENSSL_free(header);
- if (data != NULL) OPENSSL_free(data);
- name=NULL;
- header=NULL;
- data=NULL;
- }
-
- /* if the last one hasn't been pushed yet and there is anything
- * in it then add it to the stack ...
- */
- if ((xi->x509 != NULL) || (xi->crl != NULL) ||
- (xi->x_pkey != NULL) || (xi->enc_data != NULL))
- {
- if (!sk_X509_INFO_push(ret,xi)) goto err;
- xi=NULL;
- }
- ok=1;
-err:
- if (xi != NULL) X509_INFO_free(xi);
- if (!ok)
- {
- for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
- {
- xi=sk_X509_INFO_value(ret,i);
- X509_INFO_free(xi);
- }
- if (ret != sk) sk_X509_INFO_free(ret);
- ret=NULL;
- }
-
- if (name != NULL) OPENSSL_free(name);
- if (header != NULL) OPENSSL_free(header);
- if (data != NULL) OPENSSL_free(data);
- return(ret);
- }
-
-
-/* A TJH addition */
-int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
- unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
- {
- EVP_CIPHER_CTX ctx;
- int i,ret=0;
- unsigned char *data=NULL;
- const char *objstr=NULL;
- char buf[PEM_BUFSIZE];
- unsigned char *iv=NULL;
-
- if (enc != NULL)
- {
- objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
- if (objstr == NULL)
- {
- PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
- goto err;
- }
- }
-
- /* now for the fun part ... if we have a private key then
- * we have to be able to handle a not-yet-decrypted key
- * being written out correctly ... if it is decrypted or
- * it is non-encrypted then we use the base code
- */
- if (xi->x_pkey!=NULL)
- {
- if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
- {
- /* copy from weirdo names into more normal things */
- iv=xi->enc_cipher.iv;
- data=(unsigned char *)xi->enc_data;
- i=xi->enc_len;
-
- /* we take the encryption data from the
- * internal stuff rather than what the
- * user has passed us ... as we have to
- * match exactly for some strange reason
- */
- objstr=OBJ_nid2sn(
- EVP_CIPHER_nid(xi->enc_cipher.cipher));
- if (objstr == NULL)
- {
- PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
- goto err;
- }
-
- /* create the right magic header stuff */
- OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
- buf[0]='\0';
- PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
- PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
-
- /* use the normal code to write things out */
- i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
- if (i <= 0) goto err;
- }
- else
- {
- /* Add DSA/DH */
-#ifndef OPENSSL_NO_RSA
- /* normal optionally encrypted stuff */
- if (PEM_write_bio_RSAPrivateKey(bp,
- xi->x_pkey->dec_pkey->pkey.rsa,
- enc,kstr,klen,cb,u)<=0)
- goto err;
-#endif
- }
- }
-
- /* if we have a certificate then write it out now */
- if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
- goto err;
-
- /* we are ignoring anything else that is loaded into the X509_INFO
- * structure for the moment ... as I don't need it so I'm not
- * coding it here and Eric can do it when this makes it into the
- * base library --tjh
- */
-
- ret=1;
-
-err:
- OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
- OPENSSL_cleanse(buf,PEM_BUFSIZE);
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_info.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem_info.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_info.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_info.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,383 @@
+/* crypto/pem/pem_info.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+ pem_password_cb *cb, void *u)
+{
+ BIO *b;
+ STACK_OF(X509_INFO) *ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
+ BIO_free(b);
+ return (ret);
+}
+#endif
+
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
+ pem_password_cb *cb, void *u)
+{
+ X509_INFO *xi = NULL;
+ char *name = NULL, *header = NULL;
+ void *pp;
+ unsigned char *data = NULL;
+ const unsigned char *p;
+ long len, error = 0;
+ int ok = 0;
+ STACK_OF(X509_INFO) *ret = NULL;
+ unsigned int i, raw;
+ d2i_of_void *d2i;
+
+ if (sk == NULL) {
+ if ((ret = sk_X509_INFO_new_null()) == NULL) {
+ PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ } else
+ ret = sk;
+
+ if ((xi = X509_INFO_new()) == NULL)
+ goto err;
+ for (;;) {
+ raw = 0;
+ i = PEM_read_bio(bp, &name, &header, &data, &len);
+ if (i == 0) {
+ error = ERR_GET_REASON(ERR_peek_last_error());
+ if (error == PEM_R_NO_START_LINE) {
+ ERR_clear_error();
+ break;
+ }
+ goto err;
+ }
+ start:
+ if ((strcmp(name, PEM_STRING_X509) == 0) ||
+ (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
+ d2i = (D2I_OF(void)) d2i_X509;
+ if (xi->x509 != NULL) {
+ if (!sk_X509_INFO_push(ret, xi))
+ goto err;
+ if ((xi = X509_INFO_new()) == NULL)
+ goto err;
+ goto start;
+ }
+ pp = &(xi->x509);
+ } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
+ d2i = (D2I_OF(void)) d2i_X509_AUX;
+ if (xi->x509 != NULL) {
+ if (!sk_X509_INFO_push(ret, xi))
+ goto err;
+ if ((xi = X509_INFO_new()) == NULL)
+ goto err;
+ goto start;
+ }
+ pp = &(xi->x509);
+ } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
+ d2i = (D2I_OF(void)) d2i_X509_CRL;
+ if (xi->crl != NULL) {
+ if (!sk_X509_INFO_push(ret, xi))
+ goto err;
+ if ((xi = X509_INFO_new()) == NULL)
+ goto err;
+ goto start;
+ }
+ pp = &(xi->crl);
+ } else
+#ifndef OPENSSL_NO_RSA
+ if (strcmp(name, PEM_STRING_RSA) == 0) {
+ d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
+ if (xi->x_pkey != NULL) {
+ if (!sk_X509_INFO_push(ret, xi))
+ goto err;
+ if ((xi = X509_INFO_new()) == NULL)
+ goto err;
+ goto start;
+ }
+
+ xi->enc_data = NULL;
+ xi->enc_len = 0;
+
+ xi->x_pkey = X509_PKEY_new();
+ if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL)
+ goto err;
+ xi->x_pkey->dec_pkey->type = EVP_PKEY_RSA;
+ pp = &(xi->x_pkey->dec_pkey->pkey.rsa);
+ if ((int)strlen(header) > 10) /* assume encrypted */
+ raw = 1;
+ } else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (strcmp(name, PEM_STRING_DSA) == 0) {
+ d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
+ if (xi->x_pkey != NULL) {
+ if (!sk_X509_INFO_push(ret, xi))
+ goto err;
+ if ((xi = X509_INFO_new()) == NULL)
+ goto err;
+ goto start;
+ }
+
+ xi->enc_data = NULL;
+ xi->enc_len = 0;
+
+ xi->x_pkey = X509_PKEY_new();
+ if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL)
+ goto err;
+ xi->x_pkey->dec_pkey->type = EVP_PKEY_DSA;
+ pp = &xi->x_pkey->dec_pkey->pkey.dsa;
+ if ((int)strlen(header) > 10) /* assume encrypted */
+ raw = 1;
+ } else
+#endif
+#ifndef OPENSSL_NO_EC
+ if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
+ d2i = (D2I_OF(void)) d2i_ECPrivateKey;
+ if (xi->x_pkey != NULL) {
+ if (!sk_X509_INFO_push(ret, xi))
+ goto err;
+ if ((xi = X509_INFO_new()) == NULL)
+ goto err;
+ goto start;
+ }
+
+ xi->enc_data = NULL;
+ xi->enc_len = 0;
+
+ xi->x_pkey = X509_PKEY_new();
+ if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL)
+ goto err;
+ xi->x_pkey->dec_pkey->type = EVP_PKEY_EC;
+ pp = &(xi->x_pkey->dec_pkey->pkey.ec);
+ if ((int)strlen(header) > 10) /* assume encrypted */
+ raw = 1;
+ } else
+#endif
+ {
+ d2i = NULL;
+ pp = NULL;
+ }
+
+ if (d2i != NULL) {
+ if (!raw) {
+ EVP_CIPHER_INFO cipher;
+
+ if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
+ goto err;
+ if (!PEM_do_header(&cipher, data, &len, cb, u))
+ goto err;
+ p = data;
+ if (d2i(pp, &p, len) == NULL) {
+ PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ } else { /* encrypted RSA data */
+ if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
+ goto err;
+ xi->enc_data = (char *)data;
+ xi->enc_len = (int)len;
+ data = NULL;
+ }
+ } else {
+ /* unknown */
+ }
+ if (name != NULL)
+ OPENSSL_free(name);
+ if (header != NULL)
+ OPENSSL_free(header);
+ if (data != NULL)
+ OPENSSL_free(data);
+ name = NULL;
+ header = NULL;
+ data = NULL;
+ }
+
+ /*
+ * if the last one hasn't been pushed yet and there is anything in it
+ * then add it to the stack ...
+ */
+ if ((xi->x509 != NULL) || (xi->crl != NULL) ||
+ (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
+ if (!sk_X509_INFO_push(ret, xi))
+ goto err;
+ xi = NULL;
+ }
+ ok = 1;
+ err:
+ if (xi != NULL)
+ X509_INFO_free(xi);
+ if (!ok) {
+ for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
+ xi = sk_X509_INFO_value(ret, i);
+ X509_INFO_free(xi);
+ }
+ if (ret != sk)
+ sk_X509_INFO_free(ret);
+ ret = NULL;
+ }
+
+ if (name != NULL)
+ OPENSSL_free(name);
+ if (header != NULL)
+ OPENSSL_free(header);
+ if (data != NULL)
+ OPENSSL_free(data);
+ return (ret);
+}
+
+/* A TJH addition */
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+ unsigned char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ EVP_CIPHER_CTX ctx;
+ int i, ret = 0;
+ unsigned char *data = NULL;
+ const char *objstr = NULL;
+ char buf[PEM_BUFSIZE];
+ unsigned char *iv = NULL;
+
+ if (enc != NULL) {
+ objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+ if (objstr == NULL) {
+ PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
+ goto err;
+ }
+ }
+
+ /*
+ * now for the fun part ... if we have a private key then we have to be
+ * able to handle a not-yet-decrypted key being written out correctly ...
+ * if it is decrypted or it is non-encrypted then we use the base code
+ */
+ if (xi->x_pkey != NULL) {
+ if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
+ /* copy from weirdo names into more normal things */
+ iv = xi->enc_cipher.iv;
+ data = (unsigned char *)xi->enc_data;
+ i = xi->enc_len;
+
+ /*
+ * we take the encryption data from the internal stuff rather
+ * than what the user has passed us ... as we have to match
+ * exactly for some strange reason
+ */
+ objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
+ if (objstr == NULL) {
+ PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
+ PEM_R_UNSUPPORTED_CIPHER);
+ goto err;
+ }
+
+ /* create the right magic header stuff */
+ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <=
+ sizeof buf);
+ buf[0] = '\0';
+ PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
+ PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
+
+ /* use the normal code to write things out */
+ i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
+ if (i <= 0)
+ goto err;
+ } else {
+ /* Add DSA/DH */
+#ifndef OPENSSL_NO_RSA
+ /* normal optionally encrypted stuff */
+ if (PEM_write_bio_RSAPrivateKey(bp,
+ xi->x_pkey->dec_pkey->pkey.rsa,
+ enc, kstr, klen, cb, u) <= 0)
+ goto err;
+#endif
+ }
+ }
+
+ /* if we have a certificate then write it out now */
+ if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
+ goto err;
+
+ /*
+ * we are ignoring anything else that is loaded into the X509_INFO
+ * structure for the moment ... as I don't need it so I'm not coding it
+ * here and Eric can do it when this makes it into the base library --tjh
+ */
+
+ ret = 1;
+
+ err:
+ OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
+ OPENSSL_cleanse(buf, PEM_BUFSIZE);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,782 +0,0 @@
-/* crypto/pem/pem_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-#ifndef OPENSSL_NO_DES
-#include <openssl/des.h>
-#endif
-
-const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
-
-#define MIN_LENGTH 4
-
-static int load_iv(char **fromp,unsigned char *to, int num);
-static int check_pem(const char *nm, const char *name);
-
-int PEM_def_callback(char *buf, int num, int w, void *key)
- {
-#ifdef OPENSSL_NO_FP_API
- /* We should not ever call the default callback routine from
- * windows. */
- PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(-1);
-#else
- int i,j;
- const char *prompt;
- if(key) {
- i=strlen(key);
- i=(i > num)?num:i;
- memcpy(buf,key,i);
- return(i);
- }
-
- prompt=EVP_get_pw_prompt();
- if (prompt == NULL)
- prompt="Enter PEM pass phrase:";
-
- for (;;)
- {
- i=EVP_read_pw_string(buf,num,prompt,w);
- if (i != 0)
- {
- PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
- memset(buf,0,(unsigned int)num);
- return(-1);
- }
- j=strlen(buf);
- if (j < MIN_LENGTH)
- {
- fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);
- }
- else
- break;
- }
- return(j);
-#endif
- }
-
-void PEM_proc_type(char *buf, int type)
- {
- const char *str;
-
- if (type == PEM_TYPE_ENCRYPTED)
- str="ENCRYPTED";
- else if (type == PEM_TYPE_MIC_CLEAR)
- str="MIC-CLEAR";
- else if (type == PEM_TYPE_MIC_ONLY)
- str="MIC-ONLY";
- else
- str="BAD-TYPE";
-
- BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
- BUF_strlcat(buf,str,PEM_BUFSIZE);
- BUF_strlcat(buf,"\n",PEM_BUFSIZE);
- }
-
-void PEM_dek_info(char *buf, const char *type, int len, char *str)
- {
- static const unsigned char map[17]="0123456789ABCDEF";
- long i;
- int j;
-
- BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
- BUF_strlcat(buf,type,PEM_BUFSIZE);
- BUF_strlcat(buf,",",PEM_BUFSIZE);
- j=strlen(buf);
- if (j + (len * 2) + 1 > PEM_BUFSIZE)
- return;
- for (i=0; i<len; i++)
- {
- buf[j+i*2] =map[(str[i]>>4)&0x0f];
- buf[j+i*2+1]=map[(str[i] )&0x0f];
- }
- buf[j+i*2]='\n';
- buf[j+i*2+1]='\0';
- }
-
-#ifndef OPENSSL_NO_FP_API
-void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
- pem_password_cb *cb, void *u)
- {
- BIO *b;
- void *ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-static int check_pem(const char *nm, const char *name)
-{
- /* Normal matching nm and name */
- if (!strcmp(nm,name)) return 1;
-
- /* Make PEM_STRING_EVP_PKEY match any private key */
-
- if(!strcmp(nm,PEM_STRING_PKCS8) &&
- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
-
- if(!strcmp(nm,PEM_STRING_PKCS8INF) &&
- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
-
- if(!strcmp(nm,PEM_STRING_RSA) &&
- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
-
- if(!strcmp(nm,PEM_STRING_DSA) &&
- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
-
- if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) &&
- !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
- /* Permit older strings */
-
- if(!strcmp(nm,PEM_STRING_X509_OLD) &&
- !strcmp(name,PEM_STRING_X509)) return 1;
-
- if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) &&
- !strcmp(name,PEM_STRING_X509_REQ)) return 1;
-
- /* Allow normal certs to be read as trusted certs */
- if(!strcmp(nm,PEM_STRING_X509) &&
- !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
-
- if(!strcmp(nm,PEM_STRING_X509_OLD) &&
- !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
-
- /* Some CAs use PKCS#7 with CERTIFICATE headers */
- if(!strcmp(nm, PEM_STRING_X509) &&
- !strcmp(name, PEM_STRING_PKCS7)) return 1;
-
- if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
- !strcmp(name, PEM_STRING_PKCS7)) return 1;
-
- return 0;
-}
-
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
- pem_password_cb *cb, void *u)
- {
- EVP_CIPHER_INFO cipher;
- char *nm=NULL,*header=NULL;
- unsigned char *data=NULL;
- long len;
- int ret = 0;
-
- for (;;)
- {
- if (!PEM_read_bio(bp,&nm,&header,&data,&len)) {
- if(ERR_GET_REASON(ERR_peek_error()) ==
- PEM_R_NO_START_LINE)
- ERR_add_error_data(2, "Expecting: ", name);
- return 0;
- }
- if(check_pem(nm, name)) break;
- OPENSSL_free(nm);
- OPENSSL_free(header);
- OPENSSL_free(data);
- }
- if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
- if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
-
- *pdata = data;
- *plen = len;
-
- if (pnm)
- *pnm = nm;
-
- ret = 1;
-
-err:
- if (!ret || !pnm) OPENSSL_free(nm);
- OPENSSL_free(header);
- if (!ret) OPENSSL_free(data);
- return ret;
- }
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
- char *x, const EVP_CIPHER *enc, unsigned char *kstr,
- int klen, pem_password_cb *callback, void *u)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
- char *x, const EVP_CIPHER *enc, unsigned char *kstr,
- int klen, pem_password_cb *callback, void *u)
- {
- EVP_CIPHER_CTX ctx;
- int dsize=0,i,j,ret=0;
- unsigned char *p,*data=NULL;
- const char *objstr=NULL;
- char buf[PEM_BUFSIZE];
- unsigned char key[EVP_MAX_KEY_LENGTH];
- unsigned char iv[EVP_MAX_IV_LENGTH];
-
- if (enc != NULL)
- {
- objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
- if (objstr == NULL)
- {
- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
- goto err;
- }
- }
-
- if ((dsize=i2d(x,NULL)) < 0)
- {
- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
- dsize=0;
- goto err;
- }
- /* dzise + 8 bytes are needed */
- /* actually it needs the cipher block size extra... */
- data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
- if (data == NULL)
- {
- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- p=data;
- i=i2d(x,&p);
-
- if (enc != NULL)
- {
- if (kstr == NULL)
- {
- if (callback == NULL)
- klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
- else
- klen=(*callback)(buf,PEM_BUFSIZE,1,u);
- if (klen <= 0)
- {
- PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
- goto err;
- }
-#ifdef CHARSET_EBCDIC
- /* Convert the pass phrase from EBCDIC */
- ebcdic2ascii(buf, buf, klen);
-#endif
- kstr=(unsigned char *)buf;
- }
- RAND_add(data,i,0);/* put in the RSA key. */
- OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
- if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
- goto err;
- /* The 'iv' is used as the iv and as a salt. It is
- * NOT taken from the BytesToKey function */
- EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
-
- if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
-
- OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
-
- buf[0]='\0';
- PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
- PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
- /* k=strlen(buf); */
-
- EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
- EVP_EncryptUpdate(&ctx,data,&j,data,i);
- EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
- EVP_CIPHER_CTX_cleanup(&ctx);
- i+=j;
- ret=1;
- }
- else
- {
- ret=1;
- buf[0]='\0';
- }
- i=PEM_write_bio(bp,name,buf,data,i);
- if (i <= 0) ret=0;
-err:
- OPENSSL_cleanse(key,sizeof(key));
- OPENSSL_cleanse(iv,sizeof(iv));
- OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
- OPENSSL_cleanse(buf,PEM_BUFSIZE);
- if (data != NULL)
- {
- OPENSSL_cleanse(data,(unsigned int)dsize);
- OPENSSL_free(data);
- }
- return(ret);
- }
-
-int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
- pem_password_cb *callback,void *u)
- {
- int i,j,o,klen;
- long len;
- EVP_CIPHER_CTX ctx;
- unsigned char key[EVP_MAX_KEY_LENGTH];
- char buf[PEM_BUFSIZE];
-
- len= *plen;
-
- if (cipher->cipher == NULL) return(1);
- if (callback == NULL)
- klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
- else
- klen=callback(buf,PEM_BUFSIZE,0,u);
- if (klen <= 0)
- {
- PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
- return(0);
- }
-#ifdef CHARSET_EBCDIC
- /* Convert the pass phrase from EBCDIC */
- ebcdic2ascii(buf, buf, klen);
-#endif
-
- EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
- (unsigned char *)buf,klen,1,key,NULL);
-
- j=(int)len;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
- EVP_DecryptUpdate(&ctx,data,&i,data,j);
- o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
- EVP_CIPHER_CTX_cleanup(&ctx);
- OPENSSL_cleanse((char *)buf,sizeof(buf));
- OPENSSL_cleanse((char *)key,sizeof(key));
- j+=i;
- if (!o)
- {
- PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
- return(0);
- }
- *plen=j;
- return(1);
- }
-
-int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
- {
- const EVP_CIPHER *enc=NULL;
- char *p,c;
- char **header_pp = &header;
-
- cipher->cipher=NULL;
- if ((header == NULL) || (*header == '\0') || (*header == '\n'))
- return(1);
- if (strncmp(header,"Proc-Type: ",11) != 0)
- { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); }
- header+=11;
- if (*header != '4') return(0); header++;
- if (*header != ',') return(0); header++;
- if (strncmp(header,"ENCRYPTED",9) != 0)
- { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); }
- for (; (*header != '\n') && (*header != '\0'); header++)
- ;
- if (*header == '\0')
- { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); }
- header++;
- if (strncmp(header,"DEK-Info: ",10) != 0)
- { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); }
- header+=10;
-
- p=header;
- for (;;)
- {
- c= *header;
-#ifndef CHARSET_EBCDIC
- if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') ||
- ((c >= '0') && (c <= '9'))))
- break;
-#else
- if (!( isupper(c) || (c == '-') ||
- isdigit(c)))
- break;
-#endif
- header++;
- }
- *header='\0';
- cipher->cipher=enc=EVP_get_cipherbyname(p);
- *header=c;
- header++;
-
- if (enc == NULL)
- {
- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
- return(0);
- }
- if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
- return(0);
-
- return(1);
- }
-
-static int load_iv(char **fromp, unsigned char *to, int num)
- {
- int v,i;
- char *from;
-
- from= *fromp;
- for (i=0; i<num; i++) to[i]=0;
- num*=2;
- for (i=0; i<num; i++)
- {
- if ((*from >= '0') && (*from <= '9'))
- v= *from-'0';
- else if ((*from >= 'A') && (*from <= 'F'))
- v= *from-'A'+10;
- else if ((*from >= 'a') && (*from <= 'f'))
- v= *from-'a'+10;
- else
- {
- PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS);
- return(0);
- }
- from++;
- to[i/2]|=v<<(long)((!(i&1))*4);
- }
-
- *fromp=from;
- return(1);
- }
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
- long len)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=PEM_write_bio(b, name, header, data,len);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
- long len)
- {
- int nlen,n,i,j,outl;
- unsigned char *buf = NULL;
- EVP_ENCODE_CTX ctx;
- int reason=ERR_R_BUF_LIB;
-
- EVP_EncodeInit(&ctx);
- nlen=strlen(name);
-
- if ( (BIO_write(bp,"-----BEGIN ",11) != 11) ||
- (BIO_write(bp,name,nlen) != nlen) ||
- (BIO_write(bp,"-----\n",6) != 6))
- goto err;
-
- i=strlen(header);
- if (i > 0)
- {
- if ( (BIO_write(bp,header,i) != i) ||
- (BIO_write(bp,"\n",1) != 1))
- goto err;
- }
-
- buf = OPENSSL_malloc(PEM_BUFSIZE*8);
- if (buf == NULL)
- {
- reason=ERR_R_MALLOC_FAILURE;
- goto err;
- }
-
- i=j=0;
- while (len > 0)
- {
- n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);
- EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n);
- if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
- goto err;
- i+=outl;
- len-=n;
- j+=n;
- }
- EVP_EncodeFinal(&ctx,buf,&outl);
- if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
- OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
- OPENSSL_free(buf);
- buf = NULL;
- if ( (BIO_write(bp,"-----END ",9) != 9) ||
- (BIO_write(bp,name,nlen) != nlen) ||
- (BIO_write(bp,"-----\n",6) != 6))
- goto err;
- return(i+outl);
-err:
- if (buf) {
- OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
- OPENSSL_free(buf);
- }
- PEMerr(PEM_F_PEM_WRITE_BIO,reason);
- return(0);
- }
-
-#ifndef OPENSSL_NO_FP_API
-int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
- long *len)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=PEM_read_bio(b, name, header, data,len);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
- long *len)
- {
- EVP_ENCODE_CTX ctx;
- int end=0,i,k,bl=0,hl=0,nohead=0;
- char buf[256];
- BUF_MEM *nameB;
- BUF_MEM *headerB;
- BUF_MEM *dataB,*tmpB;
-
- nameB=BUF_MEM_new();
- headerB=BUF_MEM_new();
- dataB=BUF_MEM_new();
- if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
- {
- BUF_MEM_free(nameB);
- BUF_MEM_free(headerB);
- BUF_MEM_free(dataB);
- PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
- buf[254]='\0';
- for (;;)
- {
- i=BIO_gets(bp,buf,254);
-
- if (i <= 0)
- {
- PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
- goto err;
- }
-
- while ((i >= 0) && (buf[i] <= ' ')) i--;
- buf[++i]='\n'; buf[++i]='\0';
-
- if (strncmp(buf,"-----BEGIN ",11) == 0)
- {
- i=strlen(&(buf[11]));
-
- if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0)
- continue;
- if (!BUF_MEM_grow(nameB,i+9))
- {
- PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- memcpy(nameB->data,&(buf[11]),i-6);
- nameB->data[i-6]='\0';
- break;
- }
- }
- hl=0;
- if (!BUF_MEM_grow(headerB,256))
- { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
- headerB->data[0]='\0';
- for (;;)
- {
- i=BIO_gets(bp,buf,254);
- if (i <= 0) break;
-
- while ((i >= 0) && (buf[i] <= ' ')) i--;
- buf[++i]='\n'; buf[++i]='\0';
-
- if (buf[0] == '\n') break;
- if (!BUF_MEM_grow(headerB,hl+i+9))
- { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
- if (strncmp(buf,"-----END ",9) == 0)
- {
- nohead=1;
- break;
- }
- memcpy(&(headerB->data[hl]),buf,i);
- headerB->data[hl+i]='\0';
- hl+=i;
- }
-
- bl=0;
- if (!BUF_MEM_grow(dataB,1024))
- { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
- dataB->data[0]='\0';
- if (!nohead)
- {
- for (;;)
- {
- i=BIO_gets(bp,buf,254);
- if (i <= 0) break;
-
- while ((i >= 0) && (buf[i] <= ' ')) i--;
- buf[++i]='\n'; buf[++i]='\0';
-
- if (i != 65) end=1;
- if (strncmp(buf,"-----END ",9) == 0)
- break;
- if (i > 65) break;
- if (!BUF_MEM_grow_clean(dataB,i+bl+9))
- {
- PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- memcpy(&(dataB->data[bl]),buf,i);
- dataB->data[bl+i]='\0';
- bl+=i;
- if (end)
- {
- buf[0]='\0';
- i=BIO_gets(bp,buf,254);
- if (i <= 0) break;
-
- while ((i >= 0) && (buf[i] <= ' ')) i--;
- buf[++i]='\n'; buf[++i]='\0';
-
- break;
- }
- }
- }
- else
- {
- tmpB=headerB;
- headerB=dataB;
- dataB=tmpB;
- bl=hl;
- }
- i=strlen(nameB->data);
- if ( (strncmp(buf,"-----END ",9) != 0) ||
- (strncmp(nameB->data,&(buf[9]),i) != 0) ||
- (strncmp(&(buf[9+i]),"-----\n",6) != 0))
- {
- PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
- goto err;
- }
-
- EVP_DecodeInit(&ctx);
- i=EVP_DecodeUpdate(&ctx,
- (unsigned char *)dataB->data,&bl,
- (unsigned char *)dataB->data,bl);
- if (i < 0)
- {
- PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
- goto err;
- }
- i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k);
- if (i < 0)
- {
- PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
- goto err;
- }
- bl+=k;
-
- if (bl == 0) goto err;
- *name=nameB->data;
- *header=headerB->data;
- *data=(unsigned char *)dataB->data;
- *len=bl;
- OPENSSL_free(nameB);
- OPENSSL_free(headerB);
- OPENSSL_free(dataB);
- return(1);
-err:
- BUF_MEM_free(nameB);
- BUF_MEM_free(headerB);
- BUF_MEM_free(dataB);
- return(0);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,790 @@
+/* crypto/pem/pem_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+
+const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT;
+
+#define MIN_LENGTH 4
+
+static int load_iv(char **fromp, unsigned char *to, int num);
+static int check_pem(const char *nm, const char *name);
+
+int PEM_def_callback(char *buf, int num, int w, void *key)
+{
+#ifdef OPENSSL_NO_FP_API
+ /*
+ * We should not ever call the default callback routine from windows.
+ */
+ PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (-1);
+#else
+ int i, j;
+ const char *prompt;
+ if (key) {
+ i = strlen(key);
+ i = (i > num) ? num : i;
+ memcpy(buf, key, i);
+ return (i);
+ }
+
+ prompt = EVP_get_pw_prompt();
+ if (prompt == NULL)
+ prompt = "Enter PEM pass phrase:";
+
+ for (;;) {
+ i = EVP_read_pw_string(buf, num, prompt, w);
+ if (i != 0) {
+ PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
+ memset(buf, 0, (unsigned int)num);
+ return (-1);
+ }
+ j = strlen(buf);
+ if (j < MIN_LENGTH) {
+ fprintf(stderr,
+ "phrase is too short, needs to be at least %d chars\n",
+ MIN_LENGTH);
+ } else
+ break;
+ }
+ return (j);
+#endif
+}
+
+void PEM_proc_type(char *buf, int type)
+{
+ const char *str;
+
+ if (type == PEM_TYPE_ENCRYPTED)
+ str = "ENCRYPTED";
+ else if (type == PEM_TYPE_MIC_CLEAR)
+ str = "MIC-CLEAR";
+ else if (type == PEM_TYPE_MIC_ONLY)
+ str = "MIC-ONLY";
+ else
+ str = "BAD-TYPE";
+
+ BUF_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
+ BUF_strlcat(buf, str, PEM_BUFSIZE);
+ BUF_strlcat(buf, "\n", PEM_BUFSIZE);
+}
+
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
+{
+ static const unsigned char map[17] = "0123456789ABCDEF";
+ long i;
+ int j;
+
+ BUF_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
+ BUF_strlcat(buf, type, PEM_BUFSIZE);
+ BUF_strlcat(buf, ",", PEM_BUFSIZE);
+ j = strlen(buf);
+ if (j + (len * 2) + 1 > PEM_BUFSIZE)
+ return;
+ for (i = 0; i < len; i++) {
+ buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
+ buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
+ }
+ buf[j + i * 2] = '\n';
+ buf[j + i * 2 + 1] = '\0';
+}
+
+#ifndef OPENSSL_NO_FP_API
+void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
+ pem_password_cb *cb, void *u)
+{
+ BIO *b;
+ void *ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
+ BIO_free(b);
+ return (ret);
+}
+#endif
+
+static int check_pem(const char *nm, const char *name)
+{
+ /* Normal matching nm and name */
+ if (!strcmp(nm, name))
+ return 1;
+
+ /* Make PEM_STRING_EVP_PKEY match any private key */
+
+ if (!strcmp(nm, PEM_STRING_PKCS8) && !strcmp(name, PEM_STRING_EVP_PKEY))
+ return 1;
+
+ if (!strcmp(nm, PEM_STRING_PKCS8INF) &&
+ !strcmp(name, PEM_STRING_EVP_PKEY))
+ return 1;
+
+ if (!strcmp(nm, PEM_STRING_RSA) && !strcmp(name, PEM_STRING_EVP_PKEY))
+ return 1;
+
+ if (!strcmp(nm, PEM_STRING_DSA) && !strcmp(name, PEM_STRING_EVP_PKEY))
+ return 1;
+
+ if (!strcmp(nm, PEM_STRING_ECPRIVATEKEY) &&
+ !strcmp(name, PEM_STRING_EVP_PKEY))
+ return 1;
+ /* Permit older strings */
+
+ if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509))
+ return 1;
+
+ if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) &&
+ !strcmp(name, PEM_STRING_X509_REQ))
+ return 1;
+
+ /* Allow normal certs to be read as trusted certs */
+ if (!strcmp(nm, PEM_STRING_X509) &&
+ !strcmp(name, PEM_STRING_X509_TRUSTED))
+ return 1;
+
+ if (!strcmp(nm, PEM_STRING_X509_OLD) &&
+ !strcmp(name, PEM_STRING_X509_TRUSTED))
+ return 1;
+
+ /* Some CAs use PKCS#7 with CERTIFICATE headers */
+ if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7))
+ return 1;
+
+ if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
+ !strcmp(name, PEM_STRING_PKCS7))
+ return 1;
+
+ return 0;
+}
+
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+ const char *name, BIO *bp, pem_password_cb *cb,
+ void *u)
+{
+ EVP_CIPHER_INFO cipher;
+ char *nm = NULL, *header = NULL;
+ unsigned char *data = NULL;
+ long len;
+ int ret = 0;
+
+ for (;;) {
+ if (!PEM_read_bio(bp, &nm, &header, &data, &len)) {
+ if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
+ ERR_add_error_data(2, "Expecting: ", name);
+ return 0;
+ }
+ if (check_pem(nm, name))
+ break;
+ OPENSSL_free(nm);
+ OPENSSL_free(header);
+ OPENSSL_free(data);
+ }
+ if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
+ goto err;
+ if (!PEM_do_header(&cipher, data, &len, cb, u))
+ goto err;
+
+ *pdata = data;
+ *plen = len;
+
+ if (pnm)
+ *pnm = nm;
+
+ ret = 1;
+
+ err:
+ if (!ret || !pnm)
+ OPENSSL_free(nm);
+ OPENSSL_free(header);
+ if (!ret)
+ OPENSSL_free(data);
+ return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
+ char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+ int klen, pem_password_cb *callback, void *u)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
+ BIO_free(b);
+ return (ret);
+}
+#endif
+
+int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
+ char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+ int klen, pem_password_cb *callback, void *u)
+{
+ EVP_CIPHER_CTX ctx;
+ int dsize = 0, i, j, ret = 0;
+ unsigned char *p, *data = NULL;
+ const char *objstr = NULL;
+ char buf[PEM_BUFSIZE];
+ unsigned char key[EVP_MAX_KEY_LENGTH];
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+
+ if (enc != NULL) {
+ objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+ if (objstr == NULL) {
+ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
+ goto err;
+ }
+ }
+
+ if ((dsize = i2d(x, NULL)) < 0) {
+ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
+ dsize = 0;
+ goto err;
+ }
+ /* dzise + 8 bytes are needed */
+ /* actually it needs the cipher block size extra... */
+ data = (unsigned char *)OPENSSL_malloc((unsigned int)dsize + 20);
+ if (data == NULL) {
+ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ p = data;
+ i = i2d(x, &p);
+
+ if (enc != NULL) {
+ if (kstr == NULL) {
+ if (callback == NULL)
+ klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+ else
+ klen = (*callback) (buf, PEM_BUFSIZE, 1, u);
+ if (klen <= 0) {
+ PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_READ_KEY);
+ goto err;
+ }
+#ifdef CHARSET_EBCDIC
+ /* Convert the pass phrase from EBCDIC */
+ ebcdic2ascii(buf, buf, klen);
+#endif
+ kstr = (unsigned char *)buf;
+ }
+ RAND_add(data, i, 0); /* put in the RSA key. */
+ OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
+ if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */
+ goto err;
+ /*
+ * The 'iv' is used as the iv and as a salt. It is NOT taken from
+ * the BytesToKey function
+ */
+ EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL);
+
+ if (kstr == (unsigned char *)buf)
+ OPENSSL_cleanse(buf, PEM_BUFSIZE);
+
+ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <=
+ sizeof buf);
+
+ buf[0] = '\0';
+ PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
+ PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
+ /* k=strlen(buf); */
+
+ EVP_CIPHER_CTX_init(&ctx);
+ EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv);
+ EVP_EncryptUpdate(&ctx, data, &j, data, i);
+ EVP_EncryptFinal_ex(&ctx, &(data[j]), &i);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ i += j;
+ ret = 1;
+ } else {
+ ret = 1;
+ buf[0] = '\0';
+ }
+ i = PEM_write_bio(bp, name, buf, data, i);
+ if (i <= 0)
+ ret = 0;
+ err:
+ OPENSSL_cleanse(key, sizeof(key));
+ OPENSSL_cleanse(iv, sizeof(iv));
+ OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
+ OPENSSL_cleanse(buf, PEM_BUFSIZE);
+ if (data != NULL) {
+ OPENSSL_cleanse(data, (unsigned int)dsize);
+ OPENSSL_free(data);
+ }
+ return (ret);
+}
+
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
+ pem_password_cb *callback, void *u)
+{
+ int i, j, o, klen;
+ long len;
+ EVP_CIPHER_CTX ctx;
+ unsigned char key[EVP_MAX_KEY_LENGTH];
+ char buf[PEM_BUFSIZE];
+
+ len = *plen;
+
+ if (cipher->cipher == NULL)
+ return (1);
+ if (callback == NULL)
+ klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
+ else
+ klen = callback(buf, PEM_BUFSIZE, 0, u);
+ if (klen <= 0) {
+ PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
+ return (0);
+ }
+#ifdef CHARSET_EBCDIC
+ /* Convert the pass phrase from EBCDIC */
+ ebcdic2ascii(buf, buf, klen);
+#endif
+
+ EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
+ (unsigned char *)buf, klen, 1, key, NULL);
+
+ j = (int)len;
+ EVP_CIPHER_CTX_init(&ctx);
+ EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
+ EVP_DecryptUpdate(&ctx, data, &i, data, j);
+ o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ OPENSSL_cleanse((char *)buf, sizeof(buf));
+ OPENSSL_cleanse((char *)key, sizeof(key));
+ j += i;
+ if (!o) {
+ PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
+ return (0);
+ }
+ *plen = j;
+ return (1);
+}
+
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
+{
+ const EVP_CIPHER *enc = NULL;
+ char *p, c;
+ char **header_pp = &header;
+
+ cipher->cipher = NULL;
+ if ((header == NULL) || (*header == '\0') || (*header == '\n'))
+ return (1);
+ if (strncmp(header, "Proc-Type: ", 11) != 0) {
+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
+ return (0);
+ }
+ header += 11;
+ if (*header != '4')
+ return (0);
+ header++;
+ if (*header != ',')
+ return (0);
+ header++;
+ if (strncmp(header, "ENCRYPTED", 9) != 0) {
+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
+ return (0);
+ }
+ for (; (*header != '\n') && (*header != '\0'); header++) ;
+ if (*header == '\0') {
+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
+ return (0);
+ }
+ header++;
+ if (strncmp(header, "DEK-Info: ", 10) != 0) {
+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
+ return (0);
+ }
+ header += 10;
+
+ p = header;
+ for (;;) {
+ c = *header;
+#ifndef CHARSET_EBCDIC
+ if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') ||
+ ((c >= '0') && (c <= '9'))))
+ break;
+#else
+ if (!(isupper(c) || (c == '-') || isdigit(c)))
+ break;
+#endif
+ header++;
+ }
+ *header = '\0';
+ cipher->cipher = enc = EVP_get_cipherbyname(p);
+ *header = c;
+ header++;
+
+ if (enc == NULL) {
+ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION);
+ return (0);
+ }
+ if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len))
+ return (0);
+
+ return (1);
+}
+
+static int load_iv(char **fromp, unsigned char *to, int num)
+{
+ int v, i;
+ char *from;
+
+ from = *fromp;
+ for (i = 0; i < num; i++)
+ to[i] = 0;
+ num *= 2;
+ for (i = 0; i < num; i++) {
+ if ((*from >= '0') && (*from <= '9'))
+ v = *from - '0';
+ else if ((*from >= 'A') && (*from <= 'F'))
+ v = *from - 'A' + 10;
+ else if ((*from >= 'a') && (*from <= 'f'))
+ v = *from - 'a' + 10;
+ else {
+ PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
+ return (0);
+ }
+ from++;
+ to[i / 2] |= v << (long)((!(i & 1)) * 4);
+ }
+
+ *fromp = from;
+ return (1);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
+ long len)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = PEM_write_bio(b, name, header, data, len);
+ BIO_free(b);
+ return (ret);
+}
+#endif
+
+int PEM_write_bio(BIO *bp, const char *name, char *header,
+ unsigned char *data, long len)
+{
+ int nlen, n, i, j, outl;
+ unsigned char *buf = NULL;
+ EVP_ENCODE_CTX ctx;
+ int reason = ERR_R_BUF_LIB;
+
+ EVP_EncodeInit(&ctx);
+ nlen = strlen(name);
+
+ if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
+ (BIO_write(bp, name, nlen) != nlen) ||
+ (BIO_write(bp, "-----\n", 6) != 6))
+ goto err;
+
+ i = strlen(header);
+ if (i > 0) {
+ if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1))
+ goto err;
+ }
+
+ buf = OPENSSL_malloc(PEM_BUFSIZE * 8);
+ if (buf == NULL) {
+ reason = ERR_R_MALLOC_FAILURE;
+ goto err;
+ }
+
+ i = j = 0;
+ while (len > 0) {
+ n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
+ EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n);
+ if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
+ goto err;
+ i += outl;
+ len -= n;
+ j += n;
+ }
+ EVP_EncodeFinal(&ctx, buf, &outl);
+ if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
+ goto err;
+ OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
+ OPENSSL_free(buf);
+ buf = NULL;
+ if ((BIO_write(bp, "-----END ", 9) != 9) ||
+ (BIO_write(bp, name, nlen) != nlen) ||
+ (BIO_write(bp, "-----\n", 6) != 6))
+ goto err;
+ return (i + outl);
+ err:
+ if (buf) {
+ OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
+ OPENSSL_free(buf);
+ }
+ PEMerr(PEM_F_PEM_WRITE_BIO, reason);
+ return (0);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
+ long *len)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = PEM_read_bio(b, name, header, data, len);
+ BIO_free(b);
+ return (ret);
+}
+#endif
+
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+ long *len)
+{
+ EVP_ENCODE_CTX ctx;
+ int end = 0, i, k, bl = 0, hl = 0, nohead = 0;
+ char buf[256];
+ BUF_MEM *nameB;
+ BUF_MEM *headerB;
+ BUF_MEM *dataB, *tmpB;
+
+ nameB = BUF_MEM_new();
+ headerB = BUF_MEM_new();
+ dataB = BUF_MEM_new();
+ if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
+ BUF_MEM_free(nameB);
+ BUF_MEM_free(headerB);
+ BUF_MEM_free(dataB);
+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+
+ buf[254] = '\0';
+ for (;;) {
+ i = BIO_gets(bp, buf, 254);
+
+ if (i <= 0) {
+ PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE);
+ goto err;
+ }
+
+ while ((i >= 0) && (buf[i] <= ' '))
+ i--;
+ buf[++i] = '\n';
+ buf[++i] = '\0';
+
+ if (strncmp(buf, "-----BEGIN ", 11) == 0) {
+ i = strlen(&(buf[11]));
+
+ if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
+ continue;
+ if (!BUF_MEM_grow(nameB, i + 9)) {
+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ memcpy(nameB->data, &(buf[11]), i - 6);
+ nameB->data[i - 6] = '\0';
+ break;
+ }
+ }
+ hl = 0;
+ if (!BUF_MEM_grow(headerB, 256)) {
+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ headerB->data[0] = '\0';
+ for (;;) {
+ i = BIO_gets(bp, buf, 254);
+ if (i <= 0)
+ break;
+
+ while ((i >= 0) && (buf[i] <= ' '))
+ i--;
+ buf[++i] = '\n';
+ buf[++i] = '\0';
+
+ if (buf[0] == '\n')
+ break;
+ if (!BUF_MEM_grow(headerB, hl + i + 9)) {
+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (strncmp(buf, "-----END ", 9) == 0) {
+ nohead = 1;
+ break;
+ }
+ memcpy(&(headerB->data[hl]), buf, i);
+ headerB->data[hl + i] = '\0';
+ hl += i;
+ }
+
+ bl = 0;
+ if (!BUF_MEM_grow(dataB, 1024)) {
+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ dataB->data[0] = '\0';
+ if (!nohead) {
+ for (;;) {
+ i = BIO_gets(bp, buf, 254);
+ if (i <= 0)
+ break;
+
+ while ((i >= 0) && (buf[i] <= ' '))
+ i--;
+ buf[++i] = '\n';
+ buf[++i] = '\0';
+
+ if (i != 65)
+ end = 1;
+ if (strncmp(buf, "-----END ", 9) == 0)
+ break;
+ if (i > 65)
+ break;
+ if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
+ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ memcpy(&(dataB->data[bl]), buf, i);
+ dataB->data[bl + i] = '\0';
+ bl += i;
+ if (end) {
+ buf[0] = '\0';
+ i = BIO_gets(bp, buf, 254);
+ if (i <= 0)
+ break;
+
+ while ((i >= 0) && (buf[i] <= ' '))
+ i--;
+ buf[++i] = '\n';
+ buf[++i] = '\0';
+
+ break;
+ }
+ }
+ } else {
+ tmpB = headerB;
+ headerB = dataB;
+ dataB = tmpB;
+ bl = hl;
+ }
+ i = strlen(nameB->data);
+ if ((strncmp(buf, "-----END ", 9) != 0) ||
+ (strncmp(nameB->data, &(buf[9]), i) != 0) ||
+ (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
+ PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE);
+ goto err;
+ }
+
+ EVP_DecodeInit(&ctx);
+ i = EVP_DecodeUpdate(&ctx,
+ (unsigned char *)dataB->data, &bl,
+ (unsigned char *)dataB->data, bl);
+ if (i < 0) {
+ PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
+ goto err;
+ }
+ i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k);
+ if (i < 0) {
+ PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
+ goto err;
+ }
+ bl += k;
+
+ if (bl == 0)
+ goto err;
+ *name = nameB->data;
+ *header = headerB->data;
+ *data = (unsigned char *)dataB->data;
+ *len = bl;
+ OPENSSL_free(nameB);
+ OPENSSL_free(headerB);
+ OPENSSL_free(dataB);
+ return (1);
+ err:
+ BUF_MEM_free(nameB);
+ BUF_MEM_free(headerB);
+ BUF_MEM_free(dataB);
+ return (0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_oth.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_oth.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_oth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,86 +0,0 @@
-/* crypto/pem/pem_oth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-/* Handle 'other' PEMs: not private keys */
-
-void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
- pem_password_cb *cb, void *u)
- {
- const unsigned char *p=NULL;
- unsigned char *data=NULL;
- long len;
- char *ret=NULL;
-
- if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
- return NULL;
- p = data;
- ret=d2i(x,&p,len);
- if (ret == NULL)
- PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
- OPENSSL_free(data);
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_oth.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem_oth.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_oth.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_oth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,86 @@
+/* crypto/pem/pem_oth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+/* Handle 'other' PEMs: not private keys */
+
+void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
+ pem_password_cb *cb, void *u)
+{
+ const unsigned char *p = NULL;
+ unsigned char *data = NULL;
+ long len;
+ char *ret = NULL;
+
+ if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
+ return NULL;
+ p = data;
+ ret = d2i(x, &p, len);
+ if (ret == NULL)
+ PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB);
+ OPENSSL_free(data);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pk8.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_pk8.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pk8.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,242 +0,0 @@
-/* crypto/pem/pem_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs12.h>
-#include <openssl/pem.h>
-
-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
- int nid, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
- int nid, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
-/* These functions write a private key in PKCS#8 format: it is a "drop in"
- * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
- * is NULL then it uses the unencrypted private key form. The 'nid' versions
- * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
- */
-
-int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
-}
-
-int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
-}
-
-int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
-}
-
-int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
-}
-
-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- X509_SIG *p8;
- PKCS8_PRIV_KEY_INFO *p8inf;
- char buf[PEM_BUFSIZE];
- int ret;
- if(!(p8inf = EVP_PKEY2PKCS8(x))) {
- PEMerr(PEM_F_DO_PK8PKEY,
- PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
- return 0;
- }
- if(enc || (nid != -1)) {
- if(!kstr) {
- if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
- else klen = cb(buf, PEM_BUFSIZE, 1, u);
- if(klen <= 0) {
- PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY);
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- return 0;
- }
-
- kstr = buf;
- }
- p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
- if(kstr == buf) OPENSSL_cleanse(buf, klen);
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- if(isder) ret = i2d_PKCS8_bio(bp, p8);
- else ret = PEM_write_bio_PKCS8(bp, p8);
- X509_SIG_free(p8);
- return ret;
- } else {
- if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
- else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- return ret;
- }
-}
-
-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-{
- PKCS8_PRIV_KEY_INFO *p8inf = NULL;
- X509_SIG *p8 = NULL;
- int klen;
- EVP_PKEY *ret;
- char psbuf[PEM_BUFSIZE];
- p8 = d2i_PKCS8_bio(bp, NULL);
- if(!p8) return NULL;
- if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
- else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
- if (klen <= 0) {
- PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
- X509_SIG_free(p8);
- return NULL;
- }
- p8inf = PKCS8_decrypt(p8, psbuf, klen);
- X509_SIG_free(p8);
- if(!p8inf) return NULL;
- ret = EVP_PKCS82PKEY(p8inf);
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- if(!ret) return NULL;
- if(x) {
- if(*x) EVP_PKEY_free(*x);
- *x = ret;
- }
- return ret;
-}
-
-#ifndef OPENSSL_NO_FP_API
-
-int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
-}
-
-int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
-}
-
-int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
-}
-
-int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen, pem_password_cb *cb, void *u)
-{
- return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
-}
-
-static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u)
-{
- BIO *bp;
- int ret;
- if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
- PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB);
- return(0);
- }
- ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
- BIO_free(bp);
- return ret;
-}
-
-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-{
- BIO *bp;
- EVP_PKEY *ret;
- if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
- PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
- return NULL;
- }
- ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
- BIO_free(bp);
- return ret;
-}
-
-#endif
-
-IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
-IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
- PKCS8_PRIV_KEY_INFO)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pk8.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem_pk8.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pk8.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pk8.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,257 @@
+/* crypto/pem/pem_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
+ int nid, const EVP_CIPHER *enc,
+ char *kstr, int klen, pem_password_cb *cb, void *u);
+static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
+ int nid, const EVP_CIPHER *enc,
+ char *kstr, int klen, pem_password_cb *cb, void *u);
+
+/*
+ * These functions write a private key in PKCS#8 format: it is a "drop in"
+ * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
+ * is NULL then it uses the unencrypted private key form. The 'nid' versions
+ * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
+ */
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,
+ const EVP_CIPHER *enc, char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ X509_SIG *p8;
+ PKCS8_PRIV_KEY_INFO *p8inf;
+ char buf[PEM_BUFSIZE];
+ int ret;
+ if (!(p8inf = EVP_PKEY2PKCS8(x))) {
+ PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+ return 0;
+ }
+ if (enc || (nid != -1)) {
+ if (!kstr) {
+ if (!cb)
+ klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+ else
+ klen = cb(buf, PEM_BUFSIZE, 1, u);
+ if (klen <= 0) {
+ PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ return 0;
+ }
+
+ kstr = buf;
+ }
+ p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
+ if (kstr == buf)
+ OPENSSL_cleanse(buf, klen);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ if (isder)
+ ret = i2d_PKCS8_bio(bp, p8);
+ else
+ ret = PEM_write_bio_PKCS8(bp, p8);
+ X509_SIG_free(p8);
+ return ret;
+ } else {
+ if (isder)
+ ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+ else
+ ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ return ret;
+ }
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+ void *u)
+{
+ PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+ X509_SIG *p8 = NULL;
+ int klen;
+ EVP_PKEY *ret;
+ char psbuf[PEM_BUFSIZE];
+ p8 = d2i_PKCS8_bio(bp, NULL);
+ if (!p8)
+ return NULL;
+ if (cb)
+ klen = cb(psbuf, PEM_BUFSIZE, 0, u);
+ else
+ klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+ if (klen <= 0) {
+ PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
+ X509_SIG_free(p8);
+ return NULL;
+ }
+ p8inf = PKCS8_decrypt(p8, psbuf, klen);
+ X509_SIG_free(p8);
+ if (!p8inf)
+ return NULL;
+ ret = EVP_PKCS82PKEY(p8inf);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ if (!ret)
+ return NULL;
+ if (x) {
+ if (*x)
+ EVP_PKEY_free(*x);
+ *x = ret;
+ }
+ return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ char *kstr, int klen, pem_password_cb *cb, void *u)
+{
+ return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+ char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+ char *kstr, int klen, pem_password_cb *cb,
+ void *u)
+{
+ return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid,
+ const EVP_CIPHER *enc, char *kstr, int klen,
+ pem_password_cb *cb, void *u)
+{
+ BIO *bp;
+ int ret;
+ if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+ PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
+ BIO_free(bp);
+ return ret;
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+ void *u)
+{
+ BIO *bp;
+ EVP_PKEY *ret;
+ if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+ PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB);
+ return NULL;
+ }
+ ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
+ BIO_free(bp);
+ return ret;
+}
+
+#endif
+
+IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
+
+
+IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
+ PKCS8_PRIV_KEY_INFO)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pkey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_pkey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,149 +0,0 @@
-/* crypto/pem/pem_pkey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs12.h>
-#include <openssl/pem.h>
-
-
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
- {
- char *nm=NULL;
- const unsigned char *p=NULL;
- unsigned char *data=NULL;
- long len;
- EVP_PKEY *ret=NULL;
-
- if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
- return NULL;
- p = data;
-
- if (strcmp(nm,PEM_STRING_RSA) == 0)
- ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);
- else if (strcmp(nm,PEM_STRING_DSA) == 0)
- ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
- else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)
- ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len);
- else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
- PKCS8_PRIV_KEY_INFO *p8inf;
- p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
- if(!p8inf) goto p8err;
- ret = EVP_PKCS82PKEY(p8inf);
- if(x) {
- if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
- *x = ret;
- }
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
- PKCS8_PRIV_KEY_INFO *p8inf;
- X509_SIG *p8;
- int klen;
- char psbuf[PEM_BUFSIZE];
- p8 = d2i_X509_SIG(NULL, &p, len);
- if(!p8) goto p8err;
- if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
- else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
- if (klen <= 0) {
- PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
- PEM_R_BAD_PASSWORD_READ);
- X509_SIG_free(p8);
- goto err;
- }
- p8inf = PKCS8_decrypt(p8, psbuf, klen);
- X509_SIG_free(p8);
- if(!p8inf) goto p8err;
- ret = EVP_PKCS82PKEY(p8inf);
- if(x) {
- if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
- *x = ret;
- }
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- }
-p8err:
- if (ret == NULL)
- PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
-err:
- OPENSSL_free(nm);
- OPENSSL_cleanse(data, len);
- OPENSSL_free(data);
- return(ret);
- }
-
-#ifndef OPENSSL_NO_FP_API
-EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
- {
- BIO *b;
- EVP_PKEY *ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL)
- {
- PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=PEM_read_bio_PrivateKey(b,x,cb,u);
- BIO_free(b);
- return(ret);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pkey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem_pkey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pkey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_pkey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,155 @@
+/* crypto/pem/pem_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+
+EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+ void *u)
+{
+ char *nm = NULL;
+ const unsigned char *p = NULL;
+ unsigned char *data = NULL;
+ long len;
+ EVP_PKEY *ret = NULL;
+
+ if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
+ return NULL;
+ p = data;
+
+ if (strcmp(nm, PEM_STRING_RSA) == 0)
+ ret = d2i_PrivateKey(EVP_PKEY_RSA, x, &p, len);
+ else if (strcmp(nm, PEM_STRING_DSA) == 0)
+ ret = d2i_PrivateKey(EVP_PKEY_DSA, x, &p, len);
+ else if (strcmp(nm, PEM_STRING_ECPRIVATEKEY) == 0)
+ ret = d2i_PrivateKey(EVP_PKEY_EC, x, &p, len);
+ else if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
+ PKCS8_PRIV_KEY_INFO *p8inf;
+ p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
+ if (!p8inf)
+ goto p8err;
+ ret = EVP_PKCS82PKEY(p8inf);
+ if (x) {
+ if (*x)
+ EVP_PKEY_free((EVP_PKEY *)*x);
+ *x = ret;
+ }
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
+ PKCS8_PRIV_KEY_INFO *p8inf;
+ X509_SIG *p8;
+ int klen;
+ char psbuf[PEM_BUFSIZE];
+ p8 = d2i_X509_SIG(NULL, &p, len);
+ if (!p8)
+ goto p8err;
+ if (cb)
+ klen = cb(psbuf, PEM_BUFSIZE, 0, u);
+ else
+ klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+ if (klen <= 0) {
+ PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
+ X509_SIG_free(p8);
+ goto err;
+ }
+ p8inf = PKCS8_decrypt(p8, psbuf, klen);
+ X509_SIG_free(p8);
+ if (!p8inf)
+ goto p8err;
+ ret = EVP_PKCS82PKEY(p8inf);
+ if (x) {
+ if (*x)
+ EVP_PKEY_free((EVP_PKEY *)*x);
+ *x = ret;
+ }
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ }
+ p8err:
+ if (ret == NULL)
+ PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
+ err:
+ OPENSSL_free(nm);
+ OPENSSL_cleanse(data, len);
+ OPENSSL_free(data);
+ return (ret);
+}
+
+#ifndef OPENSSL_NO_FP_API
+EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+ void *u)
+{
+ BIO *b;
+ EVP_PKEY *ret;
+
+ if ((b = BIO_new(BIO_s_file())) == NULL) {
+ PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = PEM_read_bio_PrivateKey(b, x, cb, u);
+ BIO_free(b);
+ return (ret);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_seal.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_seal.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_seal.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,189 +0,0 @@
-/* crypto/pem/pem_seal.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_RSA */
-#ifndef OPENSSL_NO_RSA
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/rsa.h>
-
-int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
- unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
- int npubk)
- {
- unsigned char key[EVP_MAX_KEY_LENGTH];
- int ret= -1;
- int i,j,max=0;
- char *s=NULL;
-
- for (i=0; i<npubk; i++)
- {
- if (pubk[i]->type != EVP_PKEY_RSA)
- {
- PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);
- goto err;
- }
- j=RSA_size(pubk[i]->pkey.rsa);
- if (j > max) max=j;
- }
- s=(char *)OPENSSL_malloc(max*2);
- if (s == NULL)
- {
- PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- EVP_EncodeInit(&ctx->encode);
-
- EVP_MD_CTX_init(&ctx->md);
- EVP_SignInit(&ctx->md,md_type);
-
- EVP_CIPHER_CTX_init(&ctx->cipher);
- ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
- if (ret <= 0) goto err;
-
- /* base64 encode the keys */
- for (i=0; i<npubk; i++)
- {
- j=EVP_EncodeBlock((unsigned char *)s,ek[i],
- RSA_size(pubk[i]->pkey.rsa));
- ekl[i]=j;
- memcpy(ek[i],s,j+1);
- }
-
- ret=npubk;
-err:
- if (s != NULL) OPENSSL_free(s);
- OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
- return(ret);
- }
-
-void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
- unsigned char *in, int inl)
- {
- unsigned char buffer[1600];
- int i,j;
-
- *outl=0;
- EVP_SignUpdate(&ctx->md,in,inl);
- for (;;)
- {
- if (inl <= 0) break;
- if (inl > 1200)
- i=1200;
- else
- i=inl;
- EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);
- EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);
- *outl+=j;
- out+=j;
- in+=i;
- inl-=i;
- }
- }
-
-int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
- unsigned char *out, int *outl, EVP_PKEY *priv)
- {
- unsigned char *s=NULL;
- int ret=0,j;
- unsigned int i;
-
- if (priv->type != EVP_PKEY_RSA)
- {
- PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);
- goto err;
- }
- i=RSA_size(priv->pkey.rsa);
- if (i < 100) i=100;
- s=(unsigned char *)OPENSSL_malloc(i*2);
- if (s == NULL)
- {
- PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
- EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
- *outl=j;
- out+=j;
- EVP_EncodeFinal(&ctx->encode,out,&j);
- *outl+=j;
-
- if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err;
- *sigl=EVP_EncodeBlock(sig,s,i);
-
- ret=1;
-err:
- EVP_MD_CTX_cleanup(&ctx->md);
- EVP_CIPHER_CTX_cleanup(&ctx->cipher);
- if (s != NULL) OPENSSL_free(s);
- return(ret);
- }
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_seal.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem_seal.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_seal.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_seal.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,189 @@
+/* crypto/pem/pem_seal.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_RSA */
+#ifndef OPENSSL_NO_RSA
+# include <stdio.h>
+# include "cryptlib.h"
+# include <openssl/evp.h>
+# include <openssl/rand.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/rsa.h>
+
+int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
+ unsigned char **ek, int *ekl, unsigned char *iv,
+ EVP_PKEY **pubk, int npubk)
+{
+ unsigned char key[EVP_MAX_KEY_LENGTH];
+ int ret = -1;
+ int i, j, max = 0;
+ char *s = NULL;
+
+ for (i = 0; i < npubk; i++) {
+ if (pubk[i]->type != EVP_PKEY_RSA) {
+ PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA);
+ goto err;
+ }
+ j = RSA_size(pubk[i]->pkey.rsa);
+ if (j > max)
+ max = j;
+ }
+ s = (char *)OPENSSL_malloc(max * 2);
+ if (s == NULL) {
+ PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ EVP_EncodeInit(&ctx->encode);
+
+ EVP_MD_CTX_init(&ctx->md);
+ EVP_SignInit(&ctx->md, md_type);
+
+ EVP_CIPHER_CTX_init(&ctx->cipher);
+ ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk);
+ if (ret <= 0)
+ goto err;
+
+ /* base64 encode the keys */
+ for (i = 0; i < npubk; i++) {
+ j = EVP_EncodeBlock((unsigned char *)s, ek[i],
+ RSA_size(pubk[i]->pkey.rsa));
+ ekl[i] = j;
+ memcpy(ek[i], s, j + 1);
+ }
+
+ ret = npubk;
+ err:
+ if (s != NULL)
+ OPENSSL_free(s);
+ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+ return (ret);
+}
+
+void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
+ unsigned char *in, int inl)
+{
+ unsigned char buffer[1600];
+ int i, j;
+
+ *outl = 0;
+ EVP_SignUpdate(&ctx->md, in, inl);
+ for (;;) {
+ if (inl <= 0)
+ break;
+ if (inl > 1200)
+ i = 1200;
+ else
+ i = inl;
+ EVP_EncryptUpdate(&ctx->cipher, buffer, &j, in, i);
+ EVP_EncodeUpdate(&ctx->encode, out, &j, buffer, j);
+ *outl += j;
+ out += j;
+ in += i;
+ inl -= i;
+ }
+}
+
+int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
+ unsigned char *out, int *outl, EVP_PKEY *priv)
+{
+ unsigned char *s = NULL;
+ int ret = 0, j;
+ unsigned int i;
+
+ if (priv->type != EVP_PKEY_RSA) {
+ PEMerr(PEM_F_PEM_SEALFINAL, PEM_R_PUBLIC_KEY_NO_RSA);
+ goto err;
+ }
+ i = RSA_size(priv->pkey.rsa);
+ if (i < 100)
+ i = 100;
+ s = (unsigned char *)OPENSSL_malloc(i * 2);
+ if (s == NULL) {
+ PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i);
+ EVP_EncodeUpdate(&ctx->encode, out, &j, s, i);
+ *outl = j;
+ out += j;
+ EVP_EncodeFinal(&ctx->encode, out, &j);
+ *outl += j;
+
+ if (!EVP_SignFinal(&ctx->md, s, &i, priv))
+ goto err;
+ *sigl = EVP_EncodeBlock(sig, s, i);
+
+ ret = 1;
+ err:
+ EVP_MD_CTX_cleanup(&ctx->md);
+ EVP_CIPHER_CTX_cleanup(&ctx->cipher);
+ if (s != NULL)
+ OPENSSL_free(s);
+ return (ret);
+}
+#else /* !OPENSSL_NO_RSA */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_sign.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_sign.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,102 +0,0 @@
-/* crypto/pem/pem_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
- {
- EVP_DigestInit_ex(ctx, type, NULL);
- }
-
-void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
- unsigned int count)
- {
- EVP_DigestUpdate(ctx,data,count);
- }
-
-int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
- EVP_PKEY *pkey)
- {
- unsigned char *m;
- int i,ret=0;
- unsigned int m_len;
-
- m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2);
- if (m == NULL)
- {
- PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err;
-
- i=EVP_EncodeBlock(sigret,m,m_len);
- *siglen=i;
- ret=1;
-err:
- /* ctx has been zeroed by EVP_SignFinal() */
- if (m != NULL) OPENSSL_free(m);
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_sign.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem_sign.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_sign.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,101 @@
+/* crypto/pem/pem_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
+{
+ EVP_DigestInit_ex(ctx, type, NULL);
+}
+
+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count)
+{
+ EVP_DigestUpdate(ctx, data, count);
+}
+
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+ unsigned int *siglen, EVP_PKEY *pkey)
+{
+ unsigned char *m;
+ int i, ret = 0;
+ unsigned int m_len;
+
+ m = (unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey) + 2);
+ if (m == NULL) {
+ PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (EVP_SignFinal(ctx, m, &m_len, pkey) <= 0)
+ goto err;
+
+ i = EVP_EncodeBlock(sigret, m, m_len);
+ *siglen = i;
+ ret = 1;
+ err:
+ /* ctx has been zeroed by EVP_SignFinal() */
+ if (m != NULL)
+ OPENSSL_free(m);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_x509.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_x509.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_x509.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,69 +0,0 @@
-/* pem_x509.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#undef SSLEAY_MACROS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-
-IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_x509.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem_x509.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_x509.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_x509.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,69 @@
+/* pem_x509.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_xaux.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pem/pem_xaux.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_xaux.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,69 +0,0 @@
-/* pem_xaux.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#undef SSLEAY_MACROS
-#include "cryptlib.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-
-IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
-IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_xaux.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pem/pem_xaux.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_xaux.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pem/pem_xaux.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,71 @@
+/* pem_xaux.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
+IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR,
+ X509_CERT_PAIR)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_add.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_add.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_add.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,224 +0,0 @@
-/* p12_add.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Pack an object into an OCTET STRING and turn into a safebag */
-
-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
- int nid2)
-{
- PKCS12_BAGS *bag;
- PKCS12_SAFEBAG *safebag;
- if (!(bag = PKCS12_BAGS_new())) {
- PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- bag->type = OBJ_nid2obj(nid1);
- if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
- PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- if (!(safebag = PKCS12_SAFEBAG_new())) {
- PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- safebag->value.bag = bag;
- safebag->type = OBJ_nid2obj(nid2);
- return safebag;
-}
-
-/* Turn PKCS8 object into a keybag */
-
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
-{
- PKCS12_SAFEBAG *bag;
- if (!(bag = PKCS12_SAFEBAG_new())) {
- PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- bag->type = OBJ_nid2obj(NID_keyBag);
- bag->value.keybag = p8;
- return bag;
-}
-
-/* Turn PKCS8 object into a shrouded keybag */
-
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
- int passlen, unsigned char *salt, int saltlen, int iter,
- PKCS8_PRIV_KEY_INFO *p8)
-{
- PKCS12_SAFEBAG *bag;
-
- /* Set up the safe bag */
- if (!(bag = PKCS12_SAFEBAG_new())) {
- PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
- if (!(bag->value.shkeybag =
- PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
- p8))) {
- PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- return bag;
-}
-
-/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
-{
- PKCS7 *p7;
- if (!(p7 = PKCS7_new())) {
- PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- p7->type = OBJ_nid2obj(NID_pkcs7_data);
- if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
- PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
- PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
- return NULL;
- }
- return p7;
-}
-
-/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
-{
- if(!PKCS7_type_is_data(p7))
- {
- PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
- return NULL;
- }
- return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
-}
-
-/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
-
-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
- unsigned char *salt, int saltlen, int iter,
- STACK_OF(PKCS12_SAFEBAG) *bags)
-{
- PKCS7 *p7;
- X509_ALGOR *pbe;
- if (!(p7 = PKCS7_new())) {
- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
- PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
- return NULL;
- }
- if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
- p7->d.encrypted->enc_data->algorithm = pbe;
- M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
- if (!(p7->d.encrypted->enc_data->enc_data =
- PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
- bags, 1))) {
- PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
- return NULL;
- }
-
- return p7;
-}
-
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
-{
- if(!PKCS7_type_is_encrypted(p7)) return NULL;
- return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
- ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
- pass, passlen,
- p7->d.encrypted->enc_data->enc_data, 1);
-}
-
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
- int passlen)
-{
- return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
-}
-
-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
-{
- if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
- &p12->authsafes->d.data))
- return 1;
- return 0;
-}
-
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
-{
- if (!PKCS7_type_is_data(p12->authsafes))
- {
- PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
- return NULL;
- }
- return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_add.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_add.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_add.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_add.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,229 @@
+/* p12_add.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Pack an object into an OCTET STRING and turn into a safebag */
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
+ int nid1, int nid2)
+{
+ PKCS12_BAGS *bag;
+ PKCS12_SAFEBAG *safebag;
+ if (!(bag = PKCS12_BAGS_new())) {
+ PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ bag->type = OBJ_nid2obj(nid1);
+ if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
+ PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (!(safebag = PKCS12_SAFEBAG_new())) {
+ PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ safebag->value.bag = bag;
+ safebag->type = OBJ_nid2obj(nid2);
+ return safebag;
+}
+
+/* Turn PKCS8 object into a keybag */
+
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
+{
+ PKCS12_SAFEBAG *bag;
+ if (!(bag = PKCS12_SAFEBAG_new())) {
+ PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ bag->type = OBJ_nid2obj(NID_keyBag);
+ bag->value.keybag = p8;
+ return bag;
+}
+
+/* Turn PKCS8 object into a shrouded keybag */
+
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
+ int passlen, unsigned char *salt,
+ int saltlen, int iter,
+ PKCS8_PRIV_KEY_INFO *p8)
+{
+ PKCS12_SAFEBAG *bag;
+
+ /* Set up the safe bag */
+ if (!(bag = PKCS12_SAFEBAG_new())) {
+ PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+ if (!(bag->value.shkeybag =
+ PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+ p8))) {
+ PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ return bag;
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
+{
+ PKCS7 *p7;
+ if (!(p7 = PKCS7_new())) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ p7->type = OBJ_nid2obj(NID_pkcs7_data);
+ if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
+ return NULL;
+ }
+ return p7;
+}
+
+/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
+{
+ if (!PKCS7_type_is_data(p7)) {
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
+ PKCS12_R_CONTENT_TYPE_NOT_DATA);
+ return NULL;
+ }
+ return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
+
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+ unsigned char *salt, int saltlen, int iter,
+ STACK_OF(PKCS12_SAFEBAG) *bags)
+{
+ PKCS7 *p7;
+ X509_ALGOR *pbe;
+ if (!(p7 = PKCS7_new())) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
+ PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
+ return NULL;
+ }
+ if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
+ p7->d.encrypted->enc_data->algorithm = pbe;
+ M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+ if (!(p7->d.encrypted->enc_data->enc_data =
+ PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
+ passlen, bags, 1))) {
+ PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
+ return NULL;
+ }
+
+ return p7;
+}
+
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+ int passlen)
+{
+ if (!PKCS7_type_is_encrypted(p7))
+ return NULL;
+ return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
+ ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+ pass, passlen,
+ p7->d.encrypted->enc_data->enc_data, 1);
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
+ const char *pass, int passlen)
+{
+ return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
+}
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
+{
+ if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+ &p12->authsafes->d.data))
+ return 1;
+ return 0;
+}
+
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
+{
+ if (!PKCS7_type_is_data(p12->authsafes)) {
+ PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
+ PKCS12_R_CONTENT_TYPE_NOT_DATA);
+ return NULL;
+ }
+ return ASN1_item_unpack(p12->authsafes->d.data,
+ ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_asn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_asn.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_asn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,125 +0,0 @@
-/* p12_asn.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pkcs12.h>
-
-/* PKCS#12 ASN1 module */
-
-ASN1_SEQUENCE(PKCS12) = {
- ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
- ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
- ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
-} ASN1_SEQUENCE_END(PKCS12)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
-
-ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
- ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
- ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
- ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
-
-ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
-
-ASN1_ADB(PKCS12_BAGS) = {
- ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
- ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
- ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
-} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
-
-ASN1_SEQUENCE(PKCS12_BAGS) = {
- ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
- ASN1_ADB_OBJECT(PKCS12_BAGS),
-} ASN1_SEQUENCE_END(PKCS12_BAGS)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
-
-ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
-
-ASN1_ADB(PKCS12_SAFEBAG) = {
- ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
- ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
- ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
- ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
- ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
- ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
-} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
-
-ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
- ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
- ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
- ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
-} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
-
-/* SEQUENCE OF SafeBag */
-ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
-ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
-
-/* Authsafes: SEQUENCE OF PKCS7 */
-ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
-ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_asn.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_asn.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_asn.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_asn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,125 @@
+/* p12_asn.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 ASN1 module */
+
+ASN1_SEQUENCE(PKCS12) = {
+ ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
+ ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
+ ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
+} ASN1_SEQUENCE_END(PKCS12)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
+
+ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
+ ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
+ ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
+ ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+
+ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_BAGS) = {
+ ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
+ ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
+ ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
+} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_BAGS) = {
+ ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
+ ASN1_ADB_OBJECT(PKCS12_BAGS),
+} ASN1_SEQUENCE_END(PKCS12_BAGS)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_SAFEBAG) = {
+ ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
+ ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
+ ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
+ ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+ ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+ ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
+} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
+ ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
+ ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
+ ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
+} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+
+/* SEQUENCE OF SafeBag */
+ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
+ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
+
+/* Authsafes: SEQUENCE OF PKCS7 */
+ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
+ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_attr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_attr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_attr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,151 +0,0 @@
-/* p12_attr.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-#ifdef OPENSSL_SYS_NETWARE
-/* Rename these functions to avoid name clashes on NetWare OS */
-#define uni2asc OPENSSL_uni2asc
-#define asc2uni OPENSSL_asc2uni
-#endif
-
-/* Add a local keyid to a safebag */
-
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
- int namelen)
-{
- if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
- V_ASN1_OCTET_STRING, name, namelen))
- return 1;
- else
- return 0;
-}
-
-/* Add key usage to PKCS#8 structure */
-
-int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
-{
- unsigned char us_val;
- us_val = (unsigned char) usage;
- if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
- V_ASN1_BIT_STRING, &us_val, 1))
- return 1;
- else
- return 0;
-}
-
-/* Add a friendlyname to a safebag */
-
-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
- int namelen)
-{
- if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
- MBSTRING_ASC, (unsigned char *)name, namelen))
- return 1;
- else
- return 0;
-}
-
-
-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
- const unsigned char *name, int namelen)
-{
- if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
- MBSTRING_BMP, name, namelen))
- return 1;
- else
- return 0;
-}
-
-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
- int namelen)
-{
- if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
- MBSTRING_ASC, (unsigned char *)name, namelen))
- return 1;
- else
- return 0;
-}
-
-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
-{
- X509_ATTRIBUTE *attrib;
- int i;
- if (!attrs) return NULL;
- for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
- attrib = sk_X509_ATTRIBUTE_value (attrs, i);
- if (OBJ_obj2nid (attrib->object) == attr_nid) {
- if (sk_ASN1_TYPE_num (attrib->value.set))
- return sk_ASN1_TYPE_value(attrib->value.set, 0);
- else return NULL;
- }
- }
- return NULL;
-}
-
-char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
-{
- ASN1_TYPE *atype;
- if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
- if (atype->type != V_ASN1_BMPSTRING) return NULL;
- return uni2asc(atype->value.bmpstring->data,
- atype->value.bmpstring->length);
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_attr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_attr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_attr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_attr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,153 @@
+/* p12_attr.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+#ifdef OPENSSL_SYS_NETWARE
+/* Rename these functions to avoid name clashes on NetWare OS */
+# define uni2asc OPENSSL_uni2asc
+# define asc2uni OPENSSL_asc2uni
+#endif
+
+/* Add a local keyid to a safebag */
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
+ int namelen)
+{
+ if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
+ V_ASN1_OCTET_STRING, name, namelen))
+ return 1;
+ else
+ return 0;
+}
+
+/* Add key usage to PKCS#8 structure */
+
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
+{
+ unsigned char us_val;
+ us_val = (unsigned char)usage;
+ if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
+ V_ASN1_BIT_STRING, &us_val, 1))
+ return 1;
+ else
+ return 0;
+}
+
+/* Add a friendlyname to a safebag */
+
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+ int namelen)
+{
+ if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+ MBSTRING_ASC, (unsigned char *)name, namelen))
+ return 1;
+ else
+ return 0;
+}
+
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+ const unsigned char *name, int namelen)
+{
+ if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+ MBSTRING_BMP, name, namelen))
+ return 1;
+ else
+ return 0;
+}
+
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
+{
+ if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
+ MBSTRING_ASC, (unsigned char *)name, namelen))
+ return 1;
+ else
+ return 0;
+}
+
+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
+{
+ X509_ATTRIBUTE *attrib;
+ int i;
+ if (!attrs)
+ return NULL;
+ for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) {
+ attrib = sk_X509_ATTRIBUTE_value(attrs, i);
+ if (OBJ_obj2nid(attrib->object) == attr_nid) {
+ if (sk_ASN1_TYPE_num(attrib->value.set))
+ return sk_ASN1_TYPE_value(attrib->value.set, 0);
+ else
+ return NULL;
+ }
+ }
+ return NULL;
+}
+
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
+{
+ ASN1_TYPE *atype;
+ if (!(atype = PKCS12_get_attr(bag, NID_friendlyName)))
+ return NULL;
+ if (atype->type != V_ASN1_BMPSTRING)
+ return NULL;
+ return uni2asc(atype->value.bmpstring->data,
+ atype->value.bmpstring->length);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crpt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_crpt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crpt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,130 +0,0 @@
-/* p12_crpt.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* PKCS#12 specific PBE functions */
-
-void PKCS12_PBE_add(void)
-{
-#ifndef OPENSSL_NO_RC4
-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
- PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
- PKCS12_PBE_keyivgen);
-#endif
-#ifndef OPENSSL_NO_DES
-EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
- EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
- EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
-#endif
-#ifndef OPENSSL_NO_RC2
-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
- EVP_sha1(), PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
- EVP_sha1(), PKCS12_PBE_keyivgen);
-#endif
-}
-
-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
-{
- PBEPARAM *pbe;
- int saltlen, iter, ret;
- unsigned char *salt;
- const unsigned char *pbuf;
- unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-
- /* Extract useful info from parameter */
- if (param == NULL || param->type != V_ASN1_SEQUENCE ||
- param->value.sequence == NULL) {
- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
- return 0;
- }
-
- pbuf = param->value.sequence->data;
- if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
- return 0;
- }
-
- if (!pbe->iter) iter = 1;
- else iter = ASN1_INTEGER_get (pbe->iter);
- salt = pbe->salt->data;
- saltlen = pbe->salt->length;
- if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
- iter, EVP_CIPHER_key_length(cipher), key, md)) {
- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
- PBEPARAM_free(pbe);
- return 0;
- }
- if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
- iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
- PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
- PBEPARAM_free(pbe);
- return 0;
- }
- PBEPARAM_free(pbe);
- ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
- OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
- OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
- return ret;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crpt.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_crpt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crpt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crpt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,134 @@
+/* p12_crpt.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 specific PBE functions */
+
+void PKCS12_PBE_add(void)
+{
+#ifndef OPENSSL_NO_RC4
+ EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
+ PKCS12_PBE_keyivgen);
+ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
+ PKCS12_PBE_keyivgen);
+#endif
+#ifndef OPENSSL_NO_DES
+ EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+ EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
+ EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
+ EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
+#endif
+#ifndef OPENSSL_NO_RC2
+ EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
+ EVP_sha1(), PKCS12_PBE_keyivgen);
+ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
+ EVP_sha1(), PKCS12_PBE_keyivgen);
+#endif
+}
+
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+ ASN1_TYPE *param, const EVP_CIPHER *cipher,
+ const EVP_MD *md, int en_de)
+{
+ PBEPARAM *pbe;
+ int saltlen, iter, ret;
+ unsigned char *salt;
+ const unsigned char *pbuf;
+ unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+
+ /* Extract useful info from parameter */
+ if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+ param->value.sequence == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+ return 0;
+ }
+
+ pbuf = param->value.sequence->data;
+ if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
+ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+ return 0;
+ }
+
+ if (!pbe->iter)
+ iter = 1;
+ else
+ iter = ASN1_INTEGER_get(pbe->iter);
+ salt = pbe->salt->data;
+ saltlen = pbe->salt->length;
+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+ iter, EVP_CIPHER_key_length(cipher), key, md)) {
+ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR);
+ PBEPARAM_free(pbe);
+ return 0;
+ }
+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
+ iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
+ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
+ PBEPARAM_free(pbe);
+ return 0;
+ }
+ PBEPARAM_free(pbe);
+ ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
+ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+ OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_crt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,378 +0,0 @@
-/* p12_crt.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-
-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
-
-static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
- {
- int idx;
- X509_ATTRIBUTE *attr;
- idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
- if (idx < 0)
- return 1;
- attr = EVP_PKEY_get_attr(pkey, idx);
- if (!X509at_add1_attr(&bag->attrib, attr))
- return 0;
- return 1;
- }
-
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
- STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
- int keytype)
-{
- PKCS12 *p12 = NULL;
- STACK_OF(PKCS7) *safes = NULL;
- STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
- PKCS12_SAFEBAG *bag = NULL;
- int i;
- unsigned char keyid[EVP_MAX_MD_SIZE];
- unsigned int keyidlen = 0;
-
- /* Set defaults */
- if (!nid_cert)
- {
-#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- else
-#endif
-#ifdef OPENSSL_NO_RC2
- nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-#else
- nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
-#endif
- }
- if (!nid_key)
- nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- if (!iter)
- iter = PKCS12_DEFAULT_ITER;
- if (!mac_iter)
- mac_iter = 1;
-
- if(!pkey && !cert && !ca)
- {
- PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
- return NULL;
- }
-
- if (pkey && cert)
- {
- if(!X509_check_private_key(cert, pkey))
- return NULL;
- X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
- }
-
- if (cert)
- {
- bag = PKCS12_add_cert(&bags, cert);
- if(name && !PKCS12_add_friendlyname(bag, name, -1))
- goto err;
- if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
- goto err;
- }
-
- /* Add all other certificates */
- for(i = 0; i < sk_X509_num(ca); i++)
- {
- if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
- goto err;
- }
-
- if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
- goto err;
-
- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- bags = NULL;
-
- if (pkey)
- {
- bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
-
- if (!bag)
- goto err;
-
- if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
- goto err;
- if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
- goto err;
-
- if(name && !PKCS12_add_friendlyname(bag, name, -1))
- goto err;
- if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
- goto err;
- }
-
- if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
- goto err;
-
- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- bags = NULL;
-
- p12 = PKCS12_add_safes(safes, 0);
-
- if (!p12)
- goto err;
-
- sk_PKCS7_pop_free(safes, PKCS7_free);
-
- safes = NULL;
-
- if ((mac_iter != -1) &&
- !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
- goto err;
-
- return p12;
-
- err:
-
- if (p12)
- PKCS12_free(p12);
- if (safes)
- sk_PKCS7_pop_free(safes, PKCS7_free);
- if (bags)
- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- return NULL;
-
-}
-
-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
- {
- PKCS12_SAFEBAG *bag = NULL;
- char *name;
- int namelen = -1;
- unsigned char *keyid;
- int keyidlen = -1;
-
- /* Add user certificate */
- if(!(bag = PKCS12_x5092certbag(cert)))
- goto err;
-
- /* Use friendlyName and localKeyID in certificate.
- * (if present)
- */
-
- name = (char *)X509_alias_get0(cert, &namelen);
-
- if(name && !PKCS12_add_friendlyname(bag, name, namelen))
- goto err;
-
- keyid = X509_keyid_get0(cert, &keyidlen);
-
- if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
- goto err;
-
- if (!pkcs12_add_bag(pbags, bag))
- goto err;
-
- return bag;
-
- err:
-
- if (bag)
- PKCS12_SAFEBAG_free(bag);
-
- return NULL;
-
- }
-
-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
- int key_usage, int iter,
- int nid_key, char *pass)
- {
-
- PKCS12_SAFEBAG *bag = NULL;
- PKCS8_PRIV_KEY_INFO *p8 = NULL;
-
- /* Make a PKCS#8 structure */
- if(!(p8 = EVP_PKEY2PKCS8(key)))
- goto err;
- if(key_usage && !PKCS8_add_keyusage(p8, key_usage))
- goto err;
- if (nid_key != -1)
- {
- bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
- PKCS8_PRIV_KEY_INFO_free(p8);
- }
- else
- bag = PKCS12_MAKE_KEYBAG(p8);
-
- if(!bag)
- goto err;
-
- if (!pkcs12_add_bag(pbags, bag))
- goto err;
-
- return bag;
-
- err:
-
- if (bag)
- PKCS12_SAFEBAG_free(bag);
-
- return NULL;
-
- }
-
-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
- int nid_safe, int iter, char *pass)
- {
- PKCS7 *p7 = NULL;
- int free_safes = 0;
-
- if (!*psafes)
- {
- *psafes = sk_PKCS7_new_null();
- if (!*psafes)
- return 0;
- free_safes = 1;
- }
- else
- free_safes = 0;
-
- if (nid_safe == 0)
-#ifdef OPENSSL_NO_RC2
- nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-#else
- nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
-#endif
-
- if (nid_safe == -1)
- p7 = PKCS12_pack_p7data(bags);
- else
- p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
- iter, bags);
- if (!p7)
- goto err;
-
- if (!sk_PKCS7_push(*psafes, p7))
- goto err;
-
- return 1;
-
- err:
- if (free_safes)
- {
- sk_PKCS7_free(*psafes);
- *psafes = NULL;
- }
-
- if (p7)
- PKCS7_free(p7);
-
- return 0;
-
- }
-
-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
- {
- int free_bags;
- if (!pbags)
- return 1;
- if (!*pbags)
- {
- *pbags = sk_PKCS12_SAFEBAG_new_null();
- if (!*pbags)
- return 0;
- free_bags = 1;
- }
- else
- free_bags = 0;
-
- if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))
- {
- if (free_bags)
- {
- sk_PKCS12_SAFEBAG_free(*pbags);
- *pbags = NULL;
- }
- return 0;
- }
-
- return 1;
-
- }
-
-
-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
- {
- PKCS12 *p12;
- if (nid_p7 <= 0)
- nid_p7 = NID_pkcs7_data;
- p12 = PKCS12_init(nid_p7);
-
- if (!p12)
- return NULL;
-
- if(!PKCS12_pack_authsafes(p12, safes))
- {
- PKCS12_free(p12);
- return NULL;
- }
-
- return p12;
-
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crt.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_crt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_crt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,361 @@
+/* p12_crt.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+ PKCS12_SAFEBAG *bag);
+
+static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
+{
+ int idx;
+ X509_ATTRIBUTE *attr;
+ idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
+ if (idx < 0)
+ return 1;
+ attr = EVP_PKEY_get_attr(pkey, idx);
+ if (!X509at_add1_attr(&bag->attrib, attr))
+ return 0;
+ return 1;
+}
+
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+ STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
+ int mac_iter, int keytype)
+{
+ PKCS12 *p12 = NULL;
+ STACK_OF(PKCS7) *safes = NULL;
+ STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+ PKCS12_SAFEBAG *bag = NULL;
+ int i;
+ unsigned char keyid[EVP_MAX_MD_SIZE];
+ unsigned int keyidlen = 0;
+
+ /* Set defaults */
+ if (!nid_cert) {
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ else
+#endif
+#ifdef OPENSSL_NO_RC2
+ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
+ nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
+ }
+ if (!nid_key)
+ nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+ if (!iter)
+ iter = PKCS12_DEFAULT_ITER;
+ if (!mac_iter)
+ mac_iter = 1;
+
+ if (!pkey && !cert && !ca) {
+ PKCS12err(PKCS12_F_PKCS12_CREATE, PKCS12_R_INVALID_NULL_ARGUMENT);
+ return NULL;
+ }
+
+ if (pkey && cert) {
+ if (!X509_check_private_key(cert, pkey))
+ return NULL;
+ X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+ }
+
+ if (cert) {
+ bag = PKCS12_add_cert(&bags, cert);
+ if (name && !PKCS12_add_friendlyname(bag, name, -1))
+ goto err;
+ if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+ goto err;
+ }
+
+ /* Add all other certificates */
+ for (i = 0; i < sk_X509_num(ca); i++) {
+ if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
+ goto err;
+ }
+
+ if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
+ goto err;
+
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ bags = NULL;
+
+ if (pkey) {
+ bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
+
+ if (!bag)
+ goto err;
+
+ if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
+ goto err;
+ if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
+ goto err;
+
+ if (name && !PKCS12_add_friendlyname(bag, name, -1))
+ goto err;
+ if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+ goto err;
+ }
+
+ if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
+ goto err;
+
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ bags = NULL;
+
+ p12 = PKCS12_add_safes(safes, 0);
+
+ if (!p12)
+ goto err;
+
+ sk_PKCS7_pop_free(safes, PKCS7_free);
+
+ safes = NULL;
+
+ if ((mac_iter != -1) &&
+ !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
+ goto err;
+
+ return p12;
+
+ err:
+
+ if (p12)
+ PKCS12_free(p12);
+ if (safes)
+ sk_PKCS7_pop_free(safes, PKCS7_free);
+ if (bags)
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ return NULL;
+
+}
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
+{
+ PKCS12_SAFEBAG *bag = NULL;
+ char *name;
+ int namelen = -1;
+ unsigned char *keyid;
+ int keyidlen = -1;
+
+ /* Add user certificate */
+ if (!(bag = PKCS12_x5092certbag(cert)))
+ goto err;
+
+ /*
+ * Use friendlyName and localKeyID in certificate. (if present)
+ */
+
+ name = (char *)X509_alias_get0(cert, &namelen);
+
+ if (name && !PKCS12_add_friendlyname(bag, name, namelen))
+ goto err;
+
+ keyid = X509_keyid_get0(cert, &keyidlen);
+
+ if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+ goto err;
+
+ if (!pkcs12_add_bag(pbags, bag))
+ goto err;
+
+ return bag;
+
+ err:
+
+ if (bag)
+ PKCS12_SAFEBAG_free(bag);
+
+ return NULL;
+
+}
+
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
+ EVP_PKEY *key, int key_usage, int iter,
+ int nid_key, char *pass)
+{
+
+ PKCS12_SAFEBAG *bag = NULL;
+ PKCS8_PRIV_KEY_INFO *p8 = NULL;
+
+ /* Make a PKCS#8 structure */
+ if (!(p8 = EVP_PKEY2PKCS8(key)))
+ goto err;
+ if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
+ goto err;
+ if (nid_key != -1) {
+ bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ } else
+ bag = PKCS12_MAKE_KEYBAG(p8);
+
+ if (!bag)
+ goto err;
+
+ if (!pkcs12_add_bag(pbags, bag))
+ goto err;
+
+ return bag;
+
+ err:
+
+ if (bag)
+ PKCS12_SAFEBAG_free(bag);
+
+ return NULL;
+
+}
+
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+ int nid_safe, int iter, char *pass)
+{
+ PKCS7 *p7 = NULL;
+ int free_safes = 0;
+
+ if (!*psafes) {
+ *psafes = sk_PKCS7_new_null();
+ if (!*psafes)
+ return 0;
+ free_safes = 1;
+ } else
+ free_safes = 0;
+
+ if (nid_safe == 0)
+#ifdef OPENSSL_NO_RC2
+ nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
+ nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
+
+ if (nid_safe == -1)
+ p7 = PKCS12_pack_p7data(bags);
+ else
+ p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, iter, bags);
+ if (!p7)
+ goto err;
+
+ if (!sk_PKCS7_push(*psafes, p7))
+ goto err;
+
+ return 1;
+
+ err:
+ if (free_safes) {
+ sk_PKCS7_free(*psafes);
+ *psafes = NULL;
+ }
+
+ if (p7)
+ PKCS7_free(p7);
+
+ return 0;
+
+}
+
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+ PKCS12_SAFEBAG *bag)
+{
+ int free_bags;
+ if (!pbags)
+ return 1;
+ if (!*pbags) {
+ *pbags = sk_PKCS12_SAFEBAG_new_null();
+ if (!*pbags)
+ return 0;
+ free_bags = 1;
+ } else
+ free_bags = 0;
+
+ if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) {
+ if (free_bags) {
+ sk_PKCS12_SAFEBAG_free(*pbags);
+ *pbags = NULL;
+ }
+ return 0;
+ }
+
+ return 1;
+
+}
+
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
+{
+ PKCS12 *p12;
+ if (nid_p7 <= 0)
+ nid_p7 = NID_pkcs7_data;
+ p12 = PKCS12_init(nid_p7);
+
+ if (!p12)
+ return NULL;
+
+ if (!PKCS12_pack_authsafes(p12, safes)) {
+ PKCS12_free(p12);
+ return NULL;
+ }
+
+ return p12;
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_decr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_decr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_decr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,177 +0,0 @@
-/* p12_decr.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Define this to dump decrypted output to files called DERnnn */
-/*#define DEBUG_DECRYPT*/
-
-
-/* Encrypt/Decrypt a buffer based on password and algor, result in a
- * OPENSSL_malloc'ed buffer
- */
-
-unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
- int passlen, unsigned char *in, int inlen, unsigned char **data,
- int *datalen, int en_de)
-{
- unsigned char *out;
- int outlen, i;
- EVP_CIPHER_CTX ctx;
-
- EVP_CIPHER_CTX_init(&ctx);
- /* Decrypt data */
- if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
- algor->parameter, &ctx, en_de)) {
- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
- return NULL;
- }
-
- if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- EVP_CipherUpdate(&ctx, out, &i, in, inlen);
- outlen = i;
- if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
- OPENSSL_free(out);
- out = NULL;
- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
- goto err;
- }
- outlen += i;
- if (datalen) *datalen = outlen;
- if (data) *data = out;
- err:
- EVP_CIPHER_CTX_cleanup(&ctx);
- return out;
-
-}
-
-/* Decrypt an OCTET STRING and decode ASN1 structure
- * if zbuf set zero buffer after use.
- */
-
-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
- const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
-{
- unsigned char *out;
- const unsigned char *p;
- void *ret;
- int outlen;
-
- if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
- &out, &outlen, 0)) {
- PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
- return NULL;
- }
- p = out;
-#ifdef DEBUG_DECRYPT
- {
- FILE *op;
-
- char fname[30];
- static int fnm = 1;
- sprintf(fname, "DER%d", fnm++);
- op = fopen(fname, "wb");
- fwrite (p, 1, outlen, op);
- fclose(op);
- }
-#endif
- ret = ASN1_item_d2i(NULL, &p, outlen, it);
- if (zbuf) OPENSSL_cleanse(out, outlen);
- if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
- OPENSSL_free(out);
- return ret;
-}
-
-/* Encode ASN1 structure and encrypt, return OCTET STRING
- * if zbuf set zero encoding.
- */
-
-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
- const char *pass, int passlen,
- void *obj, int zbuf)
-{
- ASN1_OCTET_STRING *oct;
- unsigned char *in = NULL;
- int inlen;
- if (!(oct = M_ASN1_OCTET_STRING_new ())) {
- PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- inlen = ASN1_item_i2d(obj, &in, it);
- if (!in) {
- PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
- return NULL;
- }
- if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
- &oct->length, 1)) {
- PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
- OPENSSL_free(in);
- return NULL;
- }
- if (zbuf) OPENSSL_cleanse(in, inlen);
- OPENSSL_free(in);
- return oct;
-}
-
-IMPLEMENT_PKCS12_STACK_OF(PKCS7)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_decr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_decr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_decr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_decr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,192 @@
+/* p12_decr.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Define this to dump decrypted output to files called DERnnn */
+/*
+ * #define DEBUG_DECRYPT
+ */
+
+/*
+ * Encrypt/Decrypt a buffer based on password and algor, result in a
+ * OPENSSL_malloc'ed buffer
+ */
+
+unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
+ int passlen, unsigned char *in, int inlen,
+ unsigned char **data, int *datalen, int en_de)
+{
+ unsigned char *out;
+ int outlen, i;
+ EVP_CIPHER_CTX ctx;
+
+ EVP_CIPHER_CTX_init(&ctx);
+ /* Decrypt data */
+ if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
+ algor->parameter, &ctx, en_de)) {
+ PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
+ PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
+ return NULL;
+ }
+
+ if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
+ PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ EVP_CipherUpdate(&ctx, out, &i, in, inlen);
+ outlen = i;
+ if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
+ OPENSSL_free(out);
+ out = NULL;
+ PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
+ PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
+ goto err;
+ }
+ outlen += i;
+ if (datalen)
+ *datalen = outlen;
+ if (data)
+ *data = out;
+ err:
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ return out;
+
+}
+
+/*
+ * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer
+ * after use.
+ */
+
+void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
+ const char *pass, int passlen,
+ ASN1_OCTET_STRING *oct, int zbuf)
+{
+ unsigned char *out;
+ const unsigned char *p;
+ void *ret;
+ int outlen;
+
+ if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
+ &out, &outlen, 0)) {
+ PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
+ PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+ return NULL;
+ }
+ p = out;
+#ifdef DEBUG_DECRYPT
+ {
+ FILE *op;
+
+ char fname[30];
+ static int fnm = 1;
+ sprintf(fname, "DER%d", fnm++);
+ op = fopen(fname, "wb");
+ fwrite(p, 1, outlen, op);
+ fclose(op);
+ }
+#endif
+ ret = ASN1_item_d2i(NULL, &p, outlen, it);
+ if (zbuf)
+ OPENSSL_cleanse(out, outlen);
+ if (!ret)
+ PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR);
+ OPENSSL_free(out);
+ return ret;
+}
+
+/*
+ * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero
+ * encoding.
+ */
+
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
+ const ASN1_ITEM *it,
+ const char *pass, int passlen,
+ void *obj, int zbuf)
+{
+ ASN1_OCTET_STRING *oct;
+ unsigned char *in = NULL;
+ int inlen;
+ if (!(oct = M_ASN1_OCTET_STRING_new())) {
+ PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ inlen = ASN1_item_i2d(obj, &in, it);
+ if (!in) {
+ PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR);
+ return NULL;
+ }
+ if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
+ &oct->length, 1)) {
+ PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+ OPENSSL_free(in);
+ return NULL;
+ }
+ if (zbuf)
+ OPENSSL_cleanse(in, inlen);
+ OPENSSL_free(in);
+ return oct;
+}
+
+IMPLEMENT_PKCS12_STACK_OF(PKCS7)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_init.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_init.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_init.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,92 +0,0 @@
-/* p12_init.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Initialise a PKCS12 structure to take data */
-
-PKCS12 *PKCS12_init(int mode)
-{
- PKCS12 *pkcs12;
- if (!(pkcs12 = PKCS12_new())) {
- PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- ASN1_INTEGER_set(pkcs12->version, 3);
- pkcs12->authsafes->type = OBJ_nid2obj(mode);
- switch (mode) {
- case NID_pkcs7_data:
- if (!(pkcs12->authsafes->d.data =
- M_ASN1_OCTET_STRING_new())) {
- PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- break;
- default:
- PKCS12err(PKCS12_F_PKCS12_INIT,
- PKCS12_R_UNSUPPORTED_PKCS12_MODE);
- goto err;
- }
-
- return pkcs12;
-err:
- if (pkcs12 != NULL) PKCS12_free(pkcs12);
- return NULL;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_init.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_init.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_init.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_init.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,92 @@
+/* p12_init.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Initialise a PKCS12 structure to take data */
+
+PKCS12 *PKCS12_init(int mode)
+{
+ PKCS12 *pkcs12;
+ if (!(pkcs12 = PKCS12_new())) {
+ PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ ASN1_INTEGER_set(pkcs12->version, 3);
+ pkcs12->authsafes->type = OBJ_nid2obj(mode);
+ switch (mode) {
+ case NID_pkcs7_data:
+ if (!(pkcs12->authsafes->d.data = M_ASN1_OCTET_STRING_new())) {
+ PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ break;
+ default:
+ PKCS12err(PKCS12_F_PKCS12_INIT, PKCS12_R_UNSUPPORTED_PKCS12_MODE);
+ goto err;
+ }
+
+ return pkcs12;
+ err:
+ if (pkcs12 != NULL)
+ PKCS12_free(pkcs12);
+ return NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_key.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_key.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,218 +0,0 @@
-/* p12_key.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-#include <openssl/bn.h>
-
-/* Uncomment out this line to get debugging info about key generation */
-/*#define DEBUG_KEYGEN*/
-#ifdef DEBUG_KEYGEN
-#include <openssl/bio.h>
-extern BIO *bio_err;
-void h__dump (unsigned char *p, int len);
-#endif
-
-#ifdef OPENSSL_SYS_NETWARE
-/* Rename these functions to avoid name clashes on NetWare OS */
-#define uni2asc OPENSSL_uni2asc
-#define asc2uni OPENSSL_asc2uni
-#endif
-
-/* PKCS12 compatible key/IV generation */
-#ifndef min
-#define min(a,b) ((a) < (b) ? (a) : (b))
-#endif
-
-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
- int saltlen, int id, int iter, int n, unsigned char *out,
- const EVP_MD *md_type)
-{
- int ret;
- unsigned char *unipass;
- int uniplen;
- if(!pass) {
- unipass = NULL;
- uniplen = 0;
- } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
- id, iter, n, out, md_type);
- if(unipass) {
- OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
- OPENSSL_free(unipass);
- }
- return ret;
-}
-
-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
- int saltlen, int id, int iter, int n, unsigned char *out,
- const EVP_MD *md_type)
-{
- unsigned char *B, *D, *I, *p, *Ai;
- int Slen, Plen, Ilen, Ijlen;
- int i, j, u, v;
- int ret = 0;
- BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
- EVP_MD_CTX ctx;
-#ifdef DEBUG_KEYGEN
- unsigned char *tmpout = out;
- int tmpn = n;
-#endif
-
-#if 0
- if (!pass) {
- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-#endif
-
- EVP_MD_CTX_init(&ctx);
-#ifdef DEBUG_KEYGEN
- fprintf(stderr, "KEYGEN DEBUG\n");
- fprintf(stderr, "ID %d, ITER %d\n", id, iter);
- fprintf(stderr, "Password (length %d):\n", passlen);
- h__dump(pass, passlen);
- fprintf(stderr, "Salt (length %d):\n", saltlen);
- h__dump(salt, saltlen);
-#endif
- v = EVP_MD_block_size (md_type);
- u = EVP_MD_size (md_type);
- D = OPENSSL_malloc (v);
- Ai = OPENSSL_malloc (u);
- B = OPENSSL_malloc (v + 1);
- Slen = v * ((saltlen+v-1)/v);
- if(passlen) Plen = v * ((passlen+v-1)/v);
- else Plen = 0;
- Ilen = Slen + Plen;
- I = OPENSSL_malloc (Ilen);
- Ij = BN_new();
- Bpl1 = BN_new();
- if (!D || !Ai || !B || !I || !Ij || !Bpl1)
- goto err;
- for (i = 0; i < v; i++) D[i] = id;
- p = I;
- for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
- for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
- for (;;) {
- EVP_DigestInit_ex(&ctx, md_type, NULL);
- EVP_DigestUpdate(&ctx, D, v);
- EVP_DigestUpdate(&ctx, I, Ilen);
- EVP_DigestFinal_ex(&ctx, Ai, NULL);
- for (j = 1; j < iter; j++) {
- EVP_DigestInit_ex(&ctx, md_type, NULL);
- EVP_DigestUpdate(&ctx, Ai, u);
- EVP_DigestFinal_ex(&ctx, Ai, NULL);
- }
- memcpy (out, Ai, min (n, u));
- if (u >= n) {
-#ifdef DEBUG_KEYGEN
- fprintf(stderr, "Output KEY (length %d)\n", tmpn);
- h__dump(tmpout, tmpn);
-#endif
- ret = 1;
- goto end;
- }
- n -= u;
- out += u;
- for (j = 0; j < v; j++) B[j] = Ai[j % u];
- /* Work out B + 1 first then can use B as tmp space */
- if (!BN_bin2bn (B, v, Bpl1)) goto err;
- if (!BN_add_word (Bpl1, 1)) goto err;
- for (j = 0; j < Ilen ; j+=v) {
- if (!BN_bin2bn (I + j, v, Ij)) goto err;
- if (!BN_add (Ij, Ij, Bpl1)) goto err;
- BN_bn2bin (Ij, B);
- Ijlen = BN_num_bytes (Ij);
- /* If more than 2^(v*8) - 1 cut off MSB */
- if (Ijlen > v) {
- BN_bn2bin (Ij, B);
- memcpy (I + j, B + 1, v);
-#ifndef PKCS12_BROKEN_KEYGEN
- /* If less than v bytes pad with zeroes */
- } else if (Ijlen < v) {
- memset(I + j, 0, v - Ijlen);
- BN_bn2bin(Ij, I + j + v - Ijlen);
-#endif
- } else BN_bn2bin (Ij, I + j);
- }
- }
-
-err:
- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
-
-end:
- OPENSSL_free (Ai);
- OPENSSL_free (B);
- OPENSSL_free (D);
- OPENSSL_free (I);
- BN_free (Ij);
- BN_free (Bpl1);
- EVP_MD_CTX_cleanup(&ctx);
- return ret;
-}
-#ifdef DEBUG_KEYGEN
-void h__dump (unsigned char *p, int len)
-{
- for (; len --; p++) fprintf(stderr, "%02X", *p);
- fprintf(stderr, "\n");
-}
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_key.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_key.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_key.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,234 @@
+/* p12_key.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+#include <openssl/bn.h>
+
+/* Uncomment out this line to get debugging info about key generation */
+/*
+ * #define DEBUG_KEYGEN
+ */
+#ifdef DEBUG_KEYGEN
+# include <openssl/bio.h>
+extern BIO *bio_err;
+void h__dump(unsigned char *p, int len);
+#endif
+
+#ifdef OPENSSL_SYS_NETWARE
+/* Rename these functions to avoid name clashes on NetWare OS */
+# define uni2asc OPENSSL_uni2asc
+# define asc2uni OPENSSL_asc2uni
+#endif
+
+/* PKCS12 compatible key/IV generation */
+#ifndef min
+# define min(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+ int saltlen, int id, int iter, int n,
+ unsigned char *out, const EVP_MD *md_type)
+{
+ int ret;
+ unsigned char *unipass;
+ int uniplen;
+ if (!pass) {
+ unipass = NULL;
+ uniplen = 0;
+ } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
+ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+ id, iter, n, out, md_type);
+ if (unipass) {
+ OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
+ OPENSSL_free(unipass);
+ }
+ return ret;
+}
+
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+ int saltlen, int id, int iter, int n,
+ unsigned char *out, const EVP_MD *md_type)
+{
+ unsigned char *B, *D, *I, *p, *Ai;
+ int Slen, Plen, Ilen, Ijlen;
+ int i, j, u, v;
+ int ret = 0;
+ BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */
+ EVP_MD_CTX ctx;
+#ifdef DEBUG_KEYGEN
+ unsigned char *tmpout = out;
+ int tmpn = n;
+#endif
+
+#if 0
+ if (!pass) {
+ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+#endif
+
+ EVP_MD_CTX_init(&ctx);
+#ifdef DEBUG_KEYGEN
+ fprintf(stderr, "KEYGEN DEBUG\n");
+ fprintf(stderr, "ID %d, ITER %d\n", id, iter);
+ fprintf(stderr, "Password (length %d):\n", passlen);
+ h__dump(pass, passlen);
+ fprintf(stderr, "Salt (length %d):\n", saltlen);
+ h__dump(salt, saltlen);
+#endif
+ v = EVP_MD_block_size(md_type);
+ u = EVP_MD_size(md_type);
+ D = OPENSSL_malloc(v);
+ Ai = OPENSSL_malloc(u);
+ B = OPENSSL_malloc(v + 1);
+ Slen = v * ((saltlen + v - 1) / v);
+ if (passlen)
+ Plen = v * ((passlen + v - 1) / v);
+ else
+ Plen = 0;
+ Ilen = Slen + Plen;
+ I = OPENSSL_malloc(Ilen);
+ Ij = BN_new();
+ Bpl1 = BN_new();
+ if (!D || !Ai || !B || !I || !Ij || !Bpl1)
+ goto err;
+ for (i = 0; i < v; i++)
+ D[i] = id;
+ p = I;
+ for (i = 0; i < Slen; i++)
+ *p++ = salt[i % saltlen];
+ for (i = 0; i < Plen; i++)
+ *p++ = pass[i % passlen];
+ for (;;) {
+ EVP_DigestInit_ex(&ctx, md_type, NULL);
+ EVP_DigestUpdate(&ctx, D, v);
+ EVP_DigestUpdate(&ctx, I, Ilen);
+ EVP_DigestFinal_ex(&ctx, Ai, NULL);
+ for (j = 1; j < iter; j++) {
+ EVP_DigestInit_ex(&ctx, md_type, NULL);
+ EVP_DigestUpdate(&ctx, Ai, u);
+ EVP_DigestFinal_ex(&ctx, Ai, NULL);
+ }
+ memcpy(out, Ai, min(n, u));
+ if (u >= n) {
+#ifdef DEBUG_KEYGEN
+ fprintf(stderr, "Output KEY (length %d)\n", tmpn);
+ h__dump(tmpout, tmpn);
+#endif
+ ret = 1;
+ goto end;
+ }
+ n -= u;
+ out += u;
+ for (j = 0; j < v; j++)
+ B[j] = Ai[j % u];
+ /* Work out B + 1 first then can use B as tmp space */
+ if (!BN_bin2bn(B, v, Bpl1))
+ goto err;
+ if (!BN_add_word(Bpl1, 1))
+ goto err;
+ for (j = 0; j < Ilen; j += v) {
+ if (!BN_bin2bn(I + j, v, Ij))
+ goto err;
+ if (!BN_add(Ij, Ij, Bpl1))
+ goto err;
+ BN_bn2bin(Ij, B);
+ Ijlen = BN_num_bytes(Ij);
+ /* If more than 2^(v*8) - 1 cut off MSB */
+ if (Ijlen > v) {
+ BN_bn2bin(Ij, B);
+ memcpy(I + j, B + 1, v);
+#ifndef PKCS12_BROKEN_KEYGEN
+ /* If less than v bytes pad with zeroes */
+ } else if (Ijlen < v) {
+ memset(I + j, 0, v - Ijlen);
+ BN_bn2bin(Ij, I + j + v - Ijlen);
+#endif
+ } else
+ BN_bn2bin(Ij, I + j);
+ }
+ }
+
+ err:
+ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE);
+
+ end:
+ OPENSSL_free(Ai);
+ OPENSSL_free(B);
+ OPENSSL_free(D);
+ OPENSSL_free(I);
+ BN_free(Ij);
+ BN_free(Bpl1);
+ EVP_MD_CTX_cleanup(&ctx);
+ return ret;
+}
+
+#ifdef DEBUG_KEYGEN
+void h__dump(unsigned char *p, int len)
+{
+ for (; len--; p++)
+ fprintf(stderr, "%02X", *p);
+ fprintf(stderr, "\n");
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_kiss.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_kiss.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_kiss.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,297 +0,0 @@
-/* p12_kiss.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-/* Simplified PKCS#12 routines */
-
-static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
-
-static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
- int passlen, EVP_PKEY **pkey, X509 **cert,
- STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
- char *keymatch);
-
-static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
- ASN1_OCTET_STRING **keyid, char *keymatch);
-
-/* Parse and decrypt a PKCS#12 structure returning user key, user cert
- * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
- * or it should point to a valid STACK structure. pkey and cert can be
- * passed unitialised.
- */
-
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
- STACK_OF(X509) **ca)
-{
-
- /* Check for NULL PKCS12 structure */
-
- if(!p12) {
- PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
- return 0;
- }
-
- /* Allocate stack for ca certificates if needed */
- if ((ca != NULL) && (*ca == NULL)) {
- if (!(*ca = sk_X509_new_null())) {
- PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
-
- if(pkey) *pkey = NULL;
- if(cert) *cert = NULL;
-
- /* Check the mac */
-
- /* If password is zero length or NULL then try verifying both cases
- * to determine which password is correct. The reason for this is that
- * under PKCS#12 password based encryption no password and a zero length
- * password are two different things...
- */
-
- if(!pass || !*pass) {
- if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL;
- else if(PKCS12_verify_mac(p12, "", 0)) pass = "";
- else {
- PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
- goto err;
- }
- } else if (!PKCS12_verify_mac(p12, pass, -1)) {
- PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
- goto err;
- }
-
- if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
- {
- PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
- goto err;
- }
-
- return 1;
-
- err:
-
- if (pkey && *pkey) EVP_PKEY_free(*pkey);
- if (cert && *cert) X509_free(*cert);
- if (ca) sk_X509_pop_free(*ca, X509_free);
- return 0;
-
-}
-
-/* Parse the outer PKCS#12 structure */
-
-static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
-{
- STACK_OF(PKCS7) *asafes;
- STACK_OF(PKCS12_SAFEBAG) *bags;
- int i, bagnid;
- PKCS7 *p7;
- ASN1_OCTET_STRING *keyid = NULL;
-
- char keymatch = 0;
- if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
- for (i = 0; i < sk_PKCS7_num (asafes); i++) {
- p7 = sk_PKCS7_value (asafes, i);
- bagnid = OBJ_obj2nid (p7->type);
- if (bagnid == NID_pkcs7_data) {
- bags = PKCS12_unpack_p7data(p7);
- } else if (bagnid == NID_pkcs7_encrypted) {
- bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
- } else continue;
- if (!bags) {
- sk_PKCS7_pop_free(asafes, PKCS7_free);
- return 0;
- }
- if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
- &keyid, &keymatch)) {
- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- sk_PKCS7_pop_free(asafes, PKCS7_free);
- return 0;
- }
- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- }
- sk_PKCS7_pop_free(asafes, PKCS7_free);
- if (keyid) M_ASN1_OCTET_STRING_free(keyid);
- return 1;
-}
-
-
-static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
- int passlen, EVP_PKEY **pkey, X509 **cert,
- STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
- char *keymatch)
-{
- int i;
- for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
- if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
- pass, passlen, pkey, cert, ca, keyid,
- keymatch)) return 0;
- }
- return 1;
-}
-
-#define MATCH_KEY 0x1
-#define MATCH_CERT 0x2
-#define MATCH_ALL 0x3
-
-static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
- ASN1_OCTET_STRING **keyid,
- char *keymatch)
-{
- PKCS8_PRIV_KEY_INFO *p8;
- X509 *x509;
- ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
- ASN1_TYPE *attrib;
- ASN1_BMPSTRING *fname = NULL;
-
- if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
- fname = attrib->value.bmpstring;
-
- if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
- lkey = attrib->value.octet_string;
- ckid = lkey;
- }
-
- /* Check for any local key id matching (if needed) */
- if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
- if (*keyid) {
- if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
- } else {
- if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
- PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- }
-
- switch (M_PKCS12_bag_type(bag))
- {
- case NID_keyBag:
- if (!lkey || !pkey) return 1;
- if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
- *keymatch |= MATCH_KEY;
- break;
-
- case NID_pkcs8ShroudedKeyBag:
- if (!lkey || !pkey) return 1;
- if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
- return 0;
- *pkey = EVP_PKCS82PKEY(p8);
- PKCS8_PRIV_KEY_INFO_free(p8);
- if (!(*pkey)) return 0;
- *keymatch |= MATCH_KEY;
- break;
-
- case NID_certBag:
- if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
- return 1;
- if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
- if(ckid)
- {
- if (!X509_keyid_set1(x509, ckid->data, ckid->length))
- {
- X509_free(x509);
- return 0;
- }
- }
- if(fname) {
- int len, r;
- unsigned char *data;
- len = ASN1_STRING_to_UTF8(&data, fname);
- if(len >= 0) {
- r = X509_alias_set1(x509, data, len);
- OPENSSL_free(data);
- if (!r)
- {
- X509_free(x509);
- return 0;
- }
- }
- }
-
-
- if (lkey) {
- *keymatch |= MATCH_CERT;
- if (cert) *cert = x509;
- else X509_free(x509);
- } else {
- if(ca) sk_X509_push (*ca, x509);
- else X509_free(x509);
- }
- break;
-
- case NID_safeContentsBag:
- return parse_bags(bag->value.safes, pass, passlen,
- pkey, cert, ca, keyid, keymatch);
- break;
-
- default:
- return 1;
- break;
- }
- return 1;
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_kiss.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_kiss.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_kiss.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_kiss.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,312 @@
+/* p12_kiss.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Simplified PKCS#12 routines */
+
+static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
+ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+
+static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+ int passlen, EVP_PKEY **pkey, X509 **cert,
+ STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+ char *keymatch);
+
+static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+ ASN1_OCTET_STRING **keyid, char *keymatch);
+
+/*
+ * Parse and decrypt a PKCS#12 structure returning user key, user cert and
+ * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it
+ * should point to a valid STACK structure. pkey and cert can be passed
+ * unitialised.
+ */
+
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+ STACK_OF(X509) **ca)
+{
+
+ /* Check for NULL PKCS12 structure */
+
+ if (!p12) {
+ PKCS12err(PKCS12_F_PKCS12_PARSE,
+ PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+ return 0;
+ }
+
+ /* Allocate stack for ca certificates if needed */
+ if ((ca != NULL) && (*ca == NULL)) {
+ if (!(*ca = sk_X509_new_null())) {
+ PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+
+ if (pkey)
+ *pkey = NULL;
+ if (cert)
+ *cert = NULL;
+
+ /* Check the mac */
+
+ /*
+ * If password is zero length or NULL then try verifying both cases to
+ * determine which password is correct. The reason for this is that under
+ * PKCS#12 password based encryption no password and a zero length
+ * password are two different things...
+ */
+
+ if (!pass || !*pass) {
+ if (PKCS12_verify_mac(p12, NULL, 0))
+ pass = NULL;
+ else if (PKCS12_verify_mac(p12, "", 0))
+ pass = "";
+ else {
+ PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
+ goto err;
+ }
+ } else if (!PKCS12_verify_mac(p12, pass, -1)) {
+ PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
+ goto err;
+ }
+
+ if (!parse_pk12(p12, pass, -1, pkey, cert, ca)) {
+ PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR);
+ goto err;
+ }
+
+ return 1;
+
+ err:
+
+ if (pkey && *pkey)
+ EVP_PKEY_free(*pkey);
+ if (cert && *cert)
+ X509_free(*cert);
+ if (ca)
+ sk_X509_pop_free(*ca, X509_free);
+ return 0;
+
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
+ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+{
+ STACK_OF(PKCS7) *asafes;
+ STACK_OF(PKCS12_SAFEBAG) *bags;
+ int i, bagnid;
+ PKCS7 *p7;
+ ASN1_OCTET_STRING *keyid = NULL;
+
+ char keymatch = 0;
+ if (!(asafes = PKCS12_unpack_authsafes(p12)))
+ return 0;
+ for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+ p7 = sk_PKCS7_value(asafes, i);
+ bagnid = OBJ_obj2nid(p7->type);
+ if (bagnid == NID_pkcs7_data) {
+ bags = PKCS12_unpack_p7data(p7);
+ } else if (bagnid == NID_pkcs7_encrypted) {
+ bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+ } else
+ continue;
+ if (!bags) {
+ sk_PKCS7_pop_free(asafes, PKCS7_free);
+ return 0;
+ }
+ if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
+ &keyid, &keymatch)) {
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ sk_PKCS7_pop_free(asafes, PKCS7_free);
+ return 0;
+ }
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ }
+ sk_PKCS7_pop_free(asafes, PKCS7_free);
+ if (keyid)
+ M_ASN1_OCTET_STRING_free(keyid);
+ return 1;
+}
+
+static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+ int passlen, EVP_PKEY **pkey, X509 **cert,
+ STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+ char *keymatch)
+{
+ int i;
+ for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+ if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i),
+ pass, passlen, pkey, cert, ca, keyid, keymatch))
+ return 0;
+ }
+ return 1;
+}
+
+#define MATCH_KEY 0x1
+#define MATCH_CERT 0x2
+#define MATCH_ALL 0x3
+
+static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+ EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+ ASN1_OCTET_STRING **keyid, char *keymatch)
+{
+ PKCS8_PRIV_KEY_INFO *p8;
+ X509 *x509;
+ ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
+ ASN1_TYPE *attrib;
+ ASN1_BMPSTRING *fname = NULL;
+
+ if ((attrib = PKCS12_get_attr(bag, NID_friendlyName)))
+ fname = attrib->value.bmpstring;
+
+ if ((attrib = PKCS12_get_attr(bag, NID_localKeyID))) {
+ lkey = attrib->value.octet_string;
+ ckid = lkey;
+ }
+
+ /* Check for any local key id matching (if needed) */
+ if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
+ if (*keyid) {
+ if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey))
+ lkey = NULL;
+ } else {
+ if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
+ PKCS12err(PKCS12_F_PARSE_BAG, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ }
+
+ switch (M_PKCS12_bag_type(bag)) {
+ case NID_keyBag:
+ if (!lkey || !pkey)
+ return 1;
+ if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
+ return 0;
+ *keymatch |= MATCH_KEY;
+ break;
+
+ case NID_pkcs8ShroudedKeyBag:
+ if (!lkey || !pkey)
+ return 1;
+ if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
+ return 0;
+ *pkey = EVP_PKCS82PKEY(p8);
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ if (!(*pkey))
+ return 0;
+ *keymatch |= MATCH_KEY;
+ break;
+
+ case NID_certBag:
+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+ return 1;
+ if (!(x509 = PKCS12_certbag2x509(bag)))
+ return 0;
+ if (ckid) {
+ if (!X509_keyid_set1(x509, ckid->data, ckid->length)) {
+ X509_free(x509);
+ return 0;
+ }
+ }
+ if (fname) {
+ int len, r;
+ unsigned char *data;
+ len = ASN1_STRING_to_UTF8(&data, fname);
+ if (len >= 0) {
+ r = X509_alias_set1(x509, data, len);
+ OPENSSL_free(data);
+ if (!r) {
+ X509_free(x509);
+ return 0;
+ }
+ }
+ }
+
+ if (lkey) {
+ *keymatch |= MATCH_CERT;
+ if (cert)
+ *cert = x509;
+ else
+ X509_free(x509);
+ } else {
+ if (ca)
+ sk_X509_push(*ca, x509);
+ else
+ X509_free(x509);
+ }
+ break;
+
+ case NID_safeContentsBag:
+ return parse_bags(bag->value.safes, pass, passlen,
+ pkey, cert, ca, keyid, keymatch);
+ break;
+
+ default:
+ return 1;
+ break;
+ }
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_mutl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_mutl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_mutl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,182 +0,0 @@
-/* p12_mutl.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef OPENSSL_NO_HMAC
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/hmac.h>
-#include <openssl/rand.h>
-#include <openssl/pkcs12.h>
-
-/* Generate a MAC */
-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
- unsigned char *mac, unsigned int *maclen)
-{
- const EVP_MD *md_type;
- HMAC_CTX hmac;
- unsigned char key[EVP_MAX_MD_SIZE], *salt;
- int saltlen, iter;
-
- if (!PKCS7_type_is_data(p12->authsafes))
- {
- PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
- return 0;
- }
-
- salt = p12->mac->salt->data;
- saltlen = p12->mac->salt->length;
- if (!p12->mac->iter) iter = 1;
- else iter = ASN1_INTEGER_get (p12->mac->iter);
- if(!(md_type =
- EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {
- PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
- return 0;
- }
- if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
- EVP_MD_size(md_type), key, md_type)) {
- PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
- return 0;
- }
- HMAC_CTX_init(&hmac);
- HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
- HMAC_Update(&hmac, p12->authsafes->d.data->data,
- p12->authsafes->d.data->length);
- HMAC_Final(&hmac, mac, maclen);
- HMAC_CTX_cleanup(&hmac);
- return 1;
-}
-
-/* Verify the mac */
-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
-{
- unsigned char mac[EVP_MAX_MD_SIZE];
- unsigned int maclen;
- if(p12->mac == NULL) {
- PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
- return 0;
- }
- if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
- PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
- return 0;
- }
- if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
- || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
- return 1;
-}
-
-/* Set a mac */
-
-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
- unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
-{
- unsigned char mac[EVP_MAX_MD_SIZE];
- unsigned int maclen;
-
- if (!md_type) md_type = EVP_sha1();
- if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==
- PKCS12_ERROR) {
- PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);
- return 0;
- }
- if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
- PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
- return 0;
- }
- if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
- PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
- return 0;
- }
- return 1;
-}
-
-/* Set up a mac structure */
-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
- const EVP_MD *md_type)
-{
- if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
- if (iter > 1) {
- if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
- PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
- PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- if (!saltlen) saltlen = PKCS12_SALT_LEN;
- p12->mac->salt->length = saltlen;
- if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
- PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if (!salt) {
- if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
- return 0;
- }
- else memcpy (p12->mac->salt->data, salt, saltlen);
- p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
- if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
- PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
-
- return 1;
-}
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_mutl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_mutl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_mutl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_mutl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,187 @@
+/* p12_mutl.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef OPENSSL_NO_HMAC
+# include <stdio.h>
+# include "cryptlib.h"
+# include <openssl/hmac.h>
+# include <openssl/rand.h>
+# include <openssl/pkcs12.h>
+
+/* Generate a MAC */
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+ unsigned char *mac, unsigned int *maclen)
+{
+ const EVP_MD *md_type;
+ HMAC_CTX hmac;
+ unsigned char key[EVP_MAX_MD_SIZE], *salt;
+ int saltlen, iter;
+
+ if (!PKCS7_type_is_data(p12->authsafes)) {
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
+ return 0;
+ }
+
+ salt = p12->mac->salt->data;
+ saltlen = p12->mac->salt->length;
+ if (!p12->mac->iter)
+ iter = 1;
+ else
+ iter = ASN1_INTEGER_get(p12->mac->iter);
+ if (!(md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm))) {
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
+ return 0;
+ }
+ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
+ EVP_MD_size(md_type), key, md_type)) {
+ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+ return 0;
+ }
+ HMAC_CTX_init(&hmac);
+ HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
+ HMAC_Update(&hmac, p12->authsafes->d.data->data,
+ p12->authsafes->d.data->length);
+ HMAC_Final(&hmac, mac, maclen);
+ HMAC_CTX_cleanup(&hmac);
+ return 1;
+}
+
+/* Verify the mac */
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
+{
+ unsigned char mac[EVP_MAX_MD_SIZE];
+ unsigned int maclen;
+ if (p12->mac == NULL) {
+ PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
+ return 0;
+ }
+ if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
+ PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+ return 0;
+ }
+ if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
+ || memcmp(mac, p12->mac->dinfo->digest->data, maclen))
+ return 0;
+ return 1;
+}
+
+/* Set a mac */
+
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+ unsigned char *salt, int saltlen, int iter,
+ const EVP_MD *md_type)
+{
+ unsigned char mac[EVP_MAX_MD_SIZE];
+ unsigned int maclen;
+
+ if (!md_type)
+ md_type = EVP_sha1();
+ if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) {
+ PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
+ return 0;
+ }
+ if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
+ PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+ return 0;
+ }
+ if (!(M_ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
+ PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
+ return 0;
+ }
+ return 1;
+}
+
+/* Set up a mac structure */
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
+ const EVP_MD *md_type)
+{
+ if (!(p12->mac = PKCS12_MAC_DATA_new()))
+ return PKCS12_ERROR;
+ if (iter > 1) {
+ if (!(p12->mac->iter = M_ASN1_INTEGER_new())) {
+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ if (!saltlen)
+ saltlen = PKCS12_SALT_LEN;
+ p12->mac->salt->length = saltlen;
+ if (!(p12->mac->salt->data = OPENSSL_malloc(saltlen))) {
+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!salt) {
+ if (RAND_pseudo_bytes(p12->mac->salt->data, saltlen) < 0)
+ return 0;
+ } else
+ memcpy(p12->mac->salt->data, salt, saltlen);
+ p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
+ if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
+ PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
+
+ return 1;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_npas.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_npas.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_npas.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,225 +0,0 @@
-/* p12_npas.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/pkcs12.h>
-
-/* PKCS#12 password change routine */
-
-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
- char *newpass);
-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
-static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
-
-/*
- * Change the password on a PKCS#12 structure.
- */
-
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
-{
- /* Check for NULL PKCS12 structure */
-
- if(!p12) {
- PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
- return 0;
- }
-
- /* Check the mac */
-
- if (!PKCS12_verify_mac(p12, oldpass, -1)) {
- PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
- return 0;
- }
-
- if (!newpass_p12(p12, oldpass, newpass)) {
- PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
- return 0;
- }
-
- return 1;
-}
-
-/* Parse the outer PKCS#12 structure */
-
-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
-{
- STACK_OF(PKCS7) *asafes, *newsafes;
- STACK_OF(PKCS12_SAFEBAG) *bags;
- int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
- PKCS7 *p7, *p7new;
- ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
- unsigned char mac[EVP_MAX_MD_SIZE];
- unsigned int maclen;
-
- if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0;
- if(!(newsafes = sk_PKCS7_new_null())) return 0;
- for (i = 0; i < sk_PKCS7_num (asafes); i++) {
- p7 = sk_PKCS7_value(asafes, i);
- bagnid = OBJ_obj2nid(p7->type);
- if (bagnid == NID_pkcs7_data) {
- bags = PKCS12_unpack_p7data(p7);
- } else if (bagnid == NID_pkcs7_encrypted) {
- bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
- if (!alg_get(p7->d.encrypted->enc_data->algorithm,
- &pbe_nid, &pbe_iter, &pbe_saltlen))
- {
- sk_PKCS12_SAFEBAG_pop_free(bags,
- PKCS12_SAFEBAG_free);
- bags = NULL;
- }
- } else continue;
- if (!bags) {
- sk_PKCS7_pop_free(asafes, PKCS7_free);
- return 0;
- }
- if (!newpass_bags(bags, oldpass, newpass)) {
- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- sk_PKCS7_pop_free(asafes, PKCS7_free);
- return 0;
- }
- /* Repack bag in same form with new password */
- if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
- else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
- pbe_saltlen, pbe_iter, bags);
- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
- if(!p7new) {
- sk_PKCS7_pop_free(asafes, PKCS7_free);
- return 0;
- }
- sk_PKCS7_push(newsafes, p7new);
- }
- sk_PKCS7_pop_free(asafes, PKCS7_free);
-
- /* Repack safe: save old safe in case of error */
-
- p12_data_tmp = p12->authsafes->d.data;
- if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
- if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
-
- if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
- if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
- if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;
- ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
- p12->mac->dinfo->digest = macnew;
- ASN1_OCTET_STRING_free(p12_data_tmp);
-
- return 1;
-
- saferr:
- /* Restore old safe */
- ASN1_OCTET_STRING_free(p12->authsafes->d.data);
- ASN1_OCTET_STRING_free(macnew);
- p12->authsafes->d.data = p12_data_tmp;
- return 0;
-
-}
-
-
-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
- char *newpass)
-{
- int i;
- for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
- if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
- oldpass, newpass))
- return 0;
- }
- return 1;
-}
-
-/* Change password of safebag: only needs handle shrouded keybags */
-
-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
-{
- PKCS8_PRIV_KEY_INFO *p8;
- X509_SIG *p8new;
- int p8_nid, p8_saltlen, p8_iter;
-
- if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
-
- if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
- if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
- &p8_saltlen))
- return 0;
- if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
- p8_iter, p8))) return 0;
- X509_SIG_free(bag->value.shkeybag);
- bag->value.shkeybag = p8new;
- return 1;
-}
-
-static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
-{
- PBEPARAM *pbe;
- const unsigned char *p;
-
- p = alg->parameter->value.sequence->data;
- pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
- if (!pbe)
- return 0;
- *pnid = OBJ_obj2nid(alg->algorithm);
- *piter = ASN1_INTEGER_get(pbe->iter);
- *psaltlen = pbe->salt->length;
- PBEPARAM_free(pbe);
- return 1;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_npas.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_npas.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_npas.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_npas.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,235 @@
+/* p12_npas.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 password change routine */
+
+static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+ char *newpass);
+static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
+
+/*
+ * Change the password on a PKCS#12 structure.
+ */
+
+int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
+{
+ /* Check for NULL PKCS12 structure */
+
+ if (!p12) {
+ PKCS12err(PKCS12_F_PKCS12_NEWPASS,
+ PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+ return 0;
+ }
+
+ /* Check the mac */
+
+ if (!PKCS12_verify_mac(p12, oldpass, -1)) {
+ PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE);
+ return 0;
+ }
+
+ if (!newpass_p12(p12, oldpass, newpass)) {
+ PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR);
+ return 0;
+ }
+
+ return 1;
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
+{
+ STACK_OF(PKCS7) *asafes, *newsafes;
+ STACK_OF(PKCS12_SAFEBAG) *bags;
+ int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
+ PKCS7 *p7, *p7new;
+ ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
+ unsigned char mac[EVP_MAX_MD_SIZE];
+ unsigned int maclen;
+
+ if (!(asafes = PKCS12_unpack_authsafes(p12)))
+ return 0;
+ if (!(newsafes = sk_PKCS7_new_null()))
+ return 0;
+ for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+ p7 = sk_PKCS7_value(asafes, i);
+ bagnid = OBJ_obj2nid(p7->type);
+ if (bagnid == NID_pkcs7_data) {
+ bags = PKCS12_unpack_p7data(p7);
+ } else if (bagnid == NID_pkcs7_encrypted) {
+ bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
+ if (!alg_get(p7->d.encrypted->enc_data->algorithm,
+ &pbe_nid, &pbe_iter, &pbe_saltlen)) {
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ bags = NULL;
+ }
+ } else
+ continue;
+ if (!bags) {
+ sk_PKCS7_pop_free(asafes, PKCS7_free);
+ return 0;
+ }
+ if (!newpass_bags(bags, oldpass, newpass)) {
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ sk_PKCS7_pop_free(asafes, PKCS7_free);
+ return 0;
+ }
+ /* Repack bag in same form with new password */
+ if (bagnid == NID_pkcs7_data)
+ p7new = PKCS12_pack_p7data(bags);
+ else
+ p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
+ pbe_saltlen, pbe_iter, bags);
+ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+ if (!p7new) {
+ sk_PKCS7_pop_free(asafes, PKCS7_free);
+ return 0;
+ }
+ sk_PKCS7_push(newsafes, p7new);
+ }
+ sk_PKCS7_pop_free(asafes, PKCS7_free);
+
+ /* Repack safe: save old safe in case of error */
+
+ p12_data_tmp = p12->authsafes->d.data;
+ if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new()))
+ goto saferr;
+ if (!PKCS12_pack_authsafes(p12, newsafes))
+ goto saferr;
+
+ if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
+ goto saferr;
+ if (!(macnew = ASN1_OCTET_STRING_new()))
+ goto saferr;
+ if (!ASN1_OCTET_STRING_set(macnew, mac, maclen))
+ goto saferr;
+ ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
+ p12->mac->dinfo->digest = macnew;
+ ASN1_OCTET_STRING_free(p12_data_tmp);
+
+ return 1;
+
+ saferr:
+ /* Restore old safe */
+ ASN1_OCTET_STRING_free(p12->authsafes->d.data);
+ ASN1_OCTET_STRING_free(macnew);
+ p12->authsafes->d.data = p12_data_tmp;
+ return 0;
+
+}
+
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+ char *newpass)
+{
+ int i;
+ for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+ if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass))
+ return 0;
+ }
+ return 1;
+}
+
+/* Change password of safebag: only needs handle shrouded keybags */
+
+static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
+{
+ PKCS8_PRIV_KEY_INFO *p8;
+ X509_SIG *p8new;
+ int p8_nid, p8_saltlen, p8_iter;
+
+ if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
+ return 1;
+
+ if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)))
+ return 0;
+ if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen))
+ return 0;
+ if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
+ p8_iter, p8)))
+ return 0;
+ X509_SIG_free(bag->value.shkeybag);
+ bag->value.shkeybag = p8new;
+ return 1;
+}
+
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
+{
+ PBEPARAM *pbe;
+ const unsigned char *p;
+
+ p = alg->parameter->value.sequence->data;
+ pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+ if (!pbe)
+ return 0;
+ *pnid = OBJ_obj2nid(alg->algorithm);
+ *piter = ASN1_INTEGER_get(pbe->iter);
+ *psaltlen = pbe->salt->length;
+ PBEPARAM_free(pbe);
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8d.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_p8d.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8d.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,68 +0,0 @@
-/* p12_p8d.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
-{
- return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
- passlen, p8->digest, 1);
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8d.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_p8d.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8d.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8d.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,70 @@
+/* p12_p8d.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
+ int passlen)
+{
+ return PKCS12_item_decrypt_d2i(p8->algor,
+ ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
+ passlen, p8->digest, 1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8e.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_p8e.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8e.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,97 +0,0 @@
-/* p12_p8e.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
- const char *pass, int passlen,
- unsigned char *salt, int saltlen, int iter,
- PKCS8_PRIV_KEY_INFO *p8inf)
-{
- X509_SIG *p8 = NULL;
- X509_ALGOR *pbe;
-
- if (!(p8 = X509_SIG_new())) {
- PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
- else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
- if(!pbe) {
- PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
- goto err;
- }
- X509_ALGOR_free(p8->algor);
- p8->algor = pbe;
- M_ASN1_OCTET_STRING_free(p8->digest);
- p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
- pass, passlen, p8inf, 1);
- if(!p8->digest) {
- PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
- goto err;
- }
-
- return p8;
-
- err:
- X509_SIG_free(p8);
- return NULL;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8e.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_p8e.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8e.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_p8e.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,101 @@
+/* p12_p8e.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+ const char *pass, int passlen,
+ unsigned char *salt, int saltlen, int iter,
+ PKCS8_PRIV_KEY_INFO *p8inf)
+{
+ X509_SIG *p8 = NULL;
+ X509_ALGOR *pbe;
+
+ if (!(p8 = X509_SIG_new())) {
+ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (pbe_nid == -1)
+ pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+ else
+ pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+ if (!pbe) {
+ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ X509_ALGOR_free(p8->algor);
+ p8->algor = pbe;
+ M_ASN1_OCTET_STRING_free(p8->digest);
+ p8->digest =
+ PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
+ pass, passlen, p8inf, 1);
+ if (!p8->digest) {
+ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+ goto err;
+ }
+
+ return p8;
+
+ err:
+ X509_SIG_free(p8);
+ return NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_utl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/p12_utl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_utl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,152 +0,0 @@
-/* p12_utl.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/pkcs12.h>
-
-#ifdef OPENSSL_SYS_NETWARE
-/* Rename these functions to avoid name clashes on NetWare OS */
-#define uni2asc OPENSSL_uni2asc
-#define asc2uni OPENSSL_asc2uni
-#endif
-
-/* Cheap and nasty Unicode stuff */
-
-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
-{
- int ulen, i;
- unsigned char *unitmp;
- if (asclen == -1) asclen = strlen(asc);
- ulen = asclen*2 + 2;
- if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
- for (i = 0; i < ulen - 2; i+=2) {
- unitmp[i] = 0;
- unitmp[i + 1] = asc[i>>1];
- }
- /* Make result double null terminated */
- unitmp[ulen - 2] = 0;
- unitmp[ulen - 1] = 0;
- if (unilen) *unilen = ulen;
- if (uni) *uni = unitmp;
- return unitmp;
-}
-
-char *uni2asc(unsigned char *uni, int unilen)
-{
- int asclen, i;
- char *asctmp;
- asclen = unilen / 2;
- /* If no terminating zero allow for one */
- if (!unilen || uni[unilen - 1]) asclen++;
- uni++;
- if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
- for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
- asctmp[asclen - 1] = 0;
- return asctmp;
-}
-
-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
-{
- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
-}
-
-#ifndef OPENSSL_NO_FP_API
-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
-{
- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
-}
-#endif
-
-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
-{
- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
-}
-#ifndef OPENSSL_NO_FP_API
-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
-{
- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
-}
-#endif
-
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
-{
- return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
- NID_x509Certificate, NID_certBag);
-}
-
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
-{
- return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
- NID_x509Crl, NID_crlBag);
-}
-
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
-{
- if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL;
- if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL;
- return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509));
-}
-
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
-{
- if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL;
- if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL;
- return ASN1_item_unpack(bag->value.bag->value.octet,
- ASN1_ITEM_rptr(X509_CRL));
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_utl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/p12_utl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_utl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/p12_utl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,167 @@
+/* p12_utl.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+#ifdef OPENSSL_SYS_NETWARE
+/* Rename these functions to avoid name clashes on NetWare OS */
+# define uni2asc OPENSSL_uni2asc
+# define asc2uni OPENSSL_asc2uni
+#endif
+
+/* Cheap and nasty Unicode stuff */
+
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni,
+ int *unilen)
+{
+ int ulen, i;
+ unsigned char *unitmp;
+ if (asclen == -1)
+ asclen = strlen(asc);
+ ulen = asclen * 2 + 2;
+ if (!(unitmp = OPENSSL_malloc(ulen)))
+ return NULL;
+ for (i = 0; i < ulen - 2; i += 2) {
+ unitmp[i] = 0;
+ unitmp[i + 1] = asc[i >> 1];
+ }
+ /* Make result double null terminated */
+ unitmp[ulen - 2] = 0;
+ unitmp[ulen - 1] = 0;
+ if (unilen)
+ *unilen = ulen;
+ if (uni)
+ *uni = unitmp;
+ return unitmp;
+}
+
+char *uni2asc(unsigned char *uni, int unilen)
+{
+ int asclen, i;
+ char *asctmp;
+ asclen = unilen / 2;
+ /* If no terminating zero allow for one */
+ if (!unilen || uni[unilen - 1])
+ asclen++;
+ uni++;
+ if (!(asctmp = OPENSSL_malloc(asclen)))
+ return NULL;
+ for (i = 0; i < unilen; i += 2)
+ asctmp[i >> 1] = uni[i];
+ asctmp[asclen - 1] = 0;
+ return asctmp;
+}
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
+{
+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
+{
+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
+
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
+{
+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+
+#ifndef OPENSSL_NO_FP_API
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
+{
+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
+
+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
+{
+ return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
+ NID_x509Certificate, NID_certBag);
+}
+
+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
+{
+ return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
+ NID_x509Crl, NID_crlBag);
+}
+
+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
+{
+ if (M_PKCS12_bag_type(bag) != NID_certBag)
+ return NULL;
+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+ return NULL;
+ return ASN1_item_unpack(bag->value.bag->value.octet,
+ ASN1_ITEM_rptr(X509));
+}
+
+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
+{
+ if (M_PKCS12_bag_type(bag) != NID_crlBag)
+ return NULL;
+ if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl)
+ return NULL;
+ return ASN1_item_unpack(bag->value.bag->value.octet,
+ ASN1_ITEM_rptr(X509_CRL));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pk12err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/pk12err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pk12err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,144 +0,0 @@
-/* crypto/pkcs12/pk12err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/pkcs12.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
-
-static ERR_STRING_DATA PKCS12_str_functs[]=
- {
-{ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"},
-{ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
-{ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
-{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
-{ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"},
-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"},
-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"},
-{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
-{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
-{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
-{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
-{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
-{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
-{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
-{ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
-{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
-{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
-{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
-{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
-{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
-{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
-{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
-{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
-{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA PKCS12_str_reasons[]=
- {
-{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
-{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},
-{ERR_REASON(PKCS12_R_DECODE_ERROR) ,"decode error"},
-{ERR_REASON(PKCS12_R_ENCODE_ERROR) ,"encode error"},
-{ERR_REASON(PKCS12_R_ENCRYPT_ERROR) ,"encrypt error"},
-{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"},
-{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
-{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"},
-{ERR_REASON(PKCS12_R_IV_GEN_ERROR) ,"iv gen error"},
-{ERR_REASON(PKCS12_R_KEY_GEN_ERROR) ,"key gen error"},
-{ERR_REASON(PKCS12_R_MAC_ABSENT) ,"mac absent"},
-{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"},
-{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) ,"mac setup error"},
-{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"},
-{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) ,"mac verify error"},
-{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"},
-{ERR_REASON(PKCS12_R_PARSE_ERROR) ,"parse error"},
-{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"},
-{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"},
-{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"},
-{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"},
-{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_PKCS12_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,PKCS12_str_functs);
- ERR_load_strings(0,PKCS12_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pk12err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/pk12err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pk12err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pk12err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,149 @@
+/* crypto/pkcs12/pk12err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
+
+static ERR_STRING_DATA PKCS12_str_functs[] = {
+ {ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"},
+ {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC),
+ "PKCS12_add_friendlyname_asc"},
+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI),
+ "PKCS12_add_friendlyname_uni"},
+ {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
+ {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
+ {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
+ {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
+ {ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"},
+ {ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"},
+ {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"},
+ {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
+ {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
+ {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
+ {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
+ {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
+ {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
+ {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
+ {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
+ {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
+ {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
+ {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
+ {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
+ {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
+ {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
+ {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
+ {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
+ {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA PKCS12_str_reasons[] = {
+ {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"},
+ {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"},
+ {ERR_REASON(PKCS12_R_DECODE_ERROR), "decode error"},
+ {ERR_REASON(PKCS12_R_ENCODE_ERROR), "encode error"},
+ {ERR_REASON(PKCS12_R_ENCRYPT_ERROR), "encrypt error"},
+ {ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),
+ "error setting encrypted data type"},
+ {ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
+ {ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),
+ "invalid null pkcs12 pointer"},
+ {ERR_REASON(PKCS12_R_IV_GEN_ERROR), "iv gen error"},
+ {ERR_REASON(PKCS12_R_KEY_GEN_ERROR), "key gen error"},
+ {ERR_REASON(PKCS12_R_MAC_ABSENT), "mac absent"},
+ {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"},
+ {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
+ {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"},
+ {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR), "mac verify error"},
+ {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"},
+ {ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"},
+ {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
+ "pkcs12 algor cipherinit error"},
+ {ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),
+ "pkcs12 cipherfinal error"},
+ {ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"},
+ {ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),
+ "unknown digest algorithm"},
+ {ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_PKCS12_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, PKCS12_str_functs);
+ ERR_load_strings(0, PKCS12_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pkcs12.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs12/pkcs12.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pkcs12.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,338 +0,0 @@
-/* pkcs12.h */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_PKCS12_H
-#define HEADER_PKCS12_H
-
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define PKCS12_KEY_ID 1
-#define PKCS12_IV_ID 2
-#define PKCS12_MAC_ID 3
-
-/* Default iteration count */
-#ifndef PKCS12_DEFAULT_ITER
-#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER
-#endif
-
-#define PKCS12_MAC_KEY_LENGTH 20
-
-#define PKCS12_SALT_LEN 8
-
-/* Uncomment out next line for unicode password and names, otherwise ASCII */
-
-/*#define PBE_UNICODE*/
-
-#ifdef PBE_UNICODE
-#define PKCS12_key_gen PKCS12_key_gen_uni
-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
-#else
-#define PKCS12_key_gen PKCS12_key_gen_asc
-#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
-#endif
-
-/* MS key usage constants */
-
-#define KEY_EX 0x10
-#define KEY_SIG 0x80
-
-typedef struct {
-X509_SIG *dinfo;
-ASN1_OCTET_STRING *salt;
-ASN1_INTEGER *iter; /* defaults to 1 */
-} PKCS12_MAC_DATA;
-
-typedef struct {
-ASN1_INTEGER *version;
-PKCS12_MAC_DATA *mac;
-PKCS7 *authsafes;
-} PKCS12;
-
-PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
-
-typedef struct {
-ASN1_OBJECT *type;
-union {
- struct pkcs12_bag_st *bag; /* secret, crl and certbag */
- struct pkcs8_priv_key_info_st *keybag; /* keybag */
- X509_SIG *shkeybag; /* shrouded key bag */
- STACK_OF(PKCS12_SAFEBAG) *safes;
- ASN1_TYPE *other;
-}value;
-STACK_OF(X509_ATTRIBUTE) *attrib;
-} PKCS12_SAFEBAG;
-
-DECLARE_STACK_OF(PKCS12_SAFEBAG)
-DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
-DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
-
-typedef struct pkcs12_bag_st {
-ASN1_OBJECT *type;
-union {
- ASN1_OCTET_STRING *x509cert;
- ASN1_OCTET_STRING *x509crl;
- ASN1_OCTET_STRING *octet;
- ASN1_IA5STRING *sdsicert;
- ASN1_TYPE *other; /* Secret or other bag */
-}value;
-} PKCS12_BAGS;
-
-#define PKCS12_ERROR 0
-#define PKCS12_OK 1
-
-/* Compatibility macros */
-
-#define M_PKCS12_x5092certbag PKCS12_x5092certbag
-#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
-
-#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
-#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl
-
-#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
-#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
-#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
-#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
-
-#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
-#define M_PKCS8_decrypt PKCS8_decrypt
-
-#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
-#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
-#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
-
-#define PKCS12_get_attr(bag, attr_nid) \
- PKCS12_get_attr_gen(bag->attrib, attr_nid)
-
-#define PKCS8_get_attr(p8, attr_nid) \
- PKCS12_get_attr_gen(p8->attributes, attr_nid)
-
-#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
-
-
-PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
-PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
-X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
-X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
-
-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
- int nid2);
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
- int passlen);
-X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
- const char *pass, int passlen,
- unsigned char *salt, int saltlen, int iter,
- PKCS8_PRIV_KEY_INFO *p8);
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
- int passlen, unsigned char *salt,
- int saltlen, int iter,
- PKCS8_PRIV_KEY_INFO *p8);
-PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
- unsigned char *salt, int saltlen, int iter,
- STACK_OF(PKCS12_SAFEBAG) *bags);
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);
-
-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
-
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
-int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
- int namelen);
-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
- int namelen);
-int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
- int namelen);
-int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
-ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
-char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
-unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
- int passlen, unsigned char *in, int inlen,
- unsigned char **data, int *datalen, int en_de);
-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
- const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
- const char *pass, int passlen,
- void *obj, int zbuf);
-PKCS12 *PKCS12_init(int mode);
-int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
- int saltlen, int id, int iter, int n,
- unsigned char *out, const EVP_MD *md_type);
-int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
- ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
- int en_de);
-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
- unsigned char *mac, unsigned int *maclen);
-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
- unsigned char *salt, int saltlen, int iter,
- const EVP_MD *md_type);
-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
- int saltlen, const EVP_MD *md_type);
-#if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE)
-/* Rename these functions to avoid name clashes on NetWare OS */
-unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
-char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
-#else
-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
-char *uni2asc(unsigned char *uni, int unilen);
-#endif
-DECLARE_ASN1_FUNCTIONS(PKCS12)
-DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
-DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
-DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
-
-DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
-DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
-
-void PKCS12_PBE_add(void);
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
- STACK_OF(X509) **ca);
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
- STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
- int mac_iter, int keytype);
-
-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
- int key_usage, int iter,
- int key_nid, char *pass);
-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
- int safe_nid, int iter, char *pass);
-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
-
-int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
-int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
-PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
-PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PKCS12_strings(void);
-
-/* Error codes for the PKCS12 functions. */
-
-/* Function codes. */
-#define PKCS12_F_PARSE_BAG 129
-#define PKCS12_F_PARSE_BAGS 103
-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100
-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127
-#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102
-#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104
-#define PKCS12_F_PKCS12_CREATE 105
-#define PKCS12_F_PKCS12_GEN_MAC 107
-#define PKCS12_F_PKCS12_INIT 109
-#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106
-#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108
-#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117
-#define PKCS12_F_PKCS12_KEY_GEN_ASC 110
-#define PKCS12_F_PKCS12_KEY_GEN_UNI 111
-#define PKCS12_F_PKCS12_MAKE_KEYBAG 112
-#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113
-#define PKCS12_F_PKCS12_NEWPASS 128
-#define PKCS12_F_PKCS12_PACK_P7DATA 114
-#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
-#define PKCS12_F_PKCS12_PARSE 118
-#define PKCS12_F_PKCS12_PBE_CRYPT 119
-#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
-#define PKCS12_F_PKCS12_SETUP_MAC 122
-#define PKCS12_F_PKCS12_SET_MAC 123
-#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130
-#define PKCS12_F_PKCS12_UNPACK_P7DATA 131
-#define PKCS12_F_PKCS12_VERIFY_MAC 126
-#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
-#define PKCS12_F_PKCS8_ENCRYPT 125
-
-/* Reason codes. */
-#define PKCS12_R_CANT_PACK_STRUCTURE 100
-#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121
-#define PKCS12_R_DECODE_ERROR 101
-#define PKCS12_R_ENCODE_ERROR 102
-#define PKCS12_R_ENCRYPT_ERROR 103
-#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120
-#define PKCS12_R_INVALID_NULL_ARGUMENT 104
-#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105
-#define PKCS12_R_IV_GEN_ERROR 106
-#define PKCS12_R_KEY_GEN_ERROR 107
-#define PKCS12_R_MAC_ABSENT 108
-#define PKCS12_R_MAC_GENERATION_ERROR 109
-#define PKCS12_R_MAC_SETUP_ERROR 110
-#define PKCS12_R_MAC_STRING_SET_ERROR 111
-#define PKCS12_R_MAC_VERIFY_ERROR 112
-#define PKCS12_R_MAC_VERIFY_FAILURE 113
-#define PKCS12_R_PARSE_ERROR 114
-#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115
-#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116
-#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117
-#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118
-#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pkcs12.h (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs12/pkcs12.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pkcs12.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs12/pkcs12.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,348 @@
+/* pkcs12.h */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_PKCS12_H
+# define HEADER_PKCS12_H
+
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define PKCS12_KEY_ID 1
+# define PKCS12_IV_ID 2
+# define PKCS12_MAC_ID 3
+
+/* Default iteration count */
+# ifndef PKCS12_DEFAULT_ITER
+# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER
+# endif
+
+# define PKCS12_MAC_KEY_LENGTH 20
+
+# define PKCS12_SALT_LEN 8
+
+/* Uncomment out next line for unicode password and names, otherwise ASCII */
+
+/*
+ * #define PBE_UNICODE
+ */
+
+# ifdef PBE_UNICODE
+# define PKCS12_key_gen PKCS12_key_gen_uni
+# define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
+# else
+# define PKCS12_key_gen PKCS12_key_gen_asc
+# define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
+# endif
+
+/* MS key usage constants */
+
+# define KEY_EX 0x10
+# define KEY_SIG 0x80
+
+typedef struct {
+ X509_SIG *dinfo;
+ ASN1_OCTET_STRING *salt;
+ ASN1_INTEGER *iter; /* defaults to 1 */
+} PKCS12_MAC_DATA;
+
+typedef struct {
+ ASN1_INTEGER *version;
+ PKCS12_MAC_DATA *mac;
+ PKCS7 *authsafes;
+} PKCS12;
+
+PREDECLARE_STACK_OF(PKCS12_SAFEBAG) typedef struct {
+ ASN1_OBJECT *type;
+ union {
+ struct pkcs12_bag_st *bag; /* secret, crl and certbag */
+ struct pkcs8_priv_key_info_st *keybag; /* keybag */
+ X509_SIG *shkeybag; /* shrouded key bag */
+ STACK_OF(PKCS12_SAFEBAG) *safes;
+ ASN1_TYPE *other;
+ } value;
+ STACK_OF(X509_ATTRIBUTE) *attrib;
+} PKCS12_SAFEBAG;
+
+DECLARE_STACK_OF(PKCS12_SAFEBAG)
+DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
+DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
+
+typedef struct pkcs12_bag_st {
+ ASN1_OBJECT *type;
+ union {
+ ASN1_OCTET_STRING *x509cert;
+ ASN1_OCTET_STRING *x509crl;
+ ASN1_OCTET_STRING *octet;
+ ASN1_IA5STRING *sdsicert;
+ ASN1_TYPE *other; /* Secret or other bag */
+ } value;
+} PKCS12_BAGS;
+
+# define PKCS12_ERROR 0
+# define PKCS12_OK 1
+
+/* Compatibility macros */
+
+# define M_PKCS12_x5092certbag PKCS12_x5092certbag
+# define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
+
+# define M_PKCS12_certbag2x509 PKCS12_certbag2x509
+# define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl
+
+# define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
+# define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
+# define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
+# define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
+
+# define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
+# define M_PKCS8_decrypt PKCS8_decrypt
+
+# define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
+# define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
+# define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
+
+# define PKCS12_get_attr(bag, attr_nid) \
+ PKCS12_get_attr_gen(bag->attrib, attr_nid)
+
+# define PKCS8_get_attr(p8, attr_nid) \
+ PKCS12_get_attr_gen(p8->attributes, attr_nid)
+
+# define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
+
+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
+ int nid1, int nid2);
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
+ int passlen);
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
+ const char *pass, int passlen);
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+ const char *pass, int passlen, unsigned char *salt,
+ int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
+ int passlen, unsigned char *salt,
+ int saltlen, int iter,
+ PKCS8_PRIV_KEY_INFO *p8);
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+ unsigned char *salt, int saltlen, int iter,
+ STACK_OF(PKCS12_SAFEBAG) *bags);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+ int passlen);
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
+ int namelen);
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+ int namelen);
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+ int namelen);
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+ const unsigned char *name, int namelen);
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
+unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
+ int passlen, unsigned char *in, int inlen,
+ unsigned char **data, int *datalen,
+ int en_de);
+void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
+ const char *pass, int passlen,
+ ASN1_OCTET_STRING *oct, int zbuf);
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
+ const ASN1_ITEM *it,
+ const char *pass, int passlen,
+ void *obj, int zbuf);
+PKCS12 *PKCS12_init(int mode);
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+ int saltlen, int id, int iter, int n,
+ unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+ int saltlen, int id, int iter, int n,
+ unsigned char *out, const EVP_MD *md_type);
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+ ASN1_TYPE *param, const EVP_CIPHER *cipher,
+ const EVP_MD *md_type, int en_de);
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+ unsigned char *mac, unsigned int *maclen);
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+ unsigned char *salt, int saltlen, int iter,
+ const EVP_MD *md_type);
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
+ int saltlen, const EVP_MD *md_type);
+# if defined(NETWARE) || defined(OPENSSL_SYS_NETWARE)
+/* Rename these functions to avoid name clashes on NetWare OS */
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
+ unsigned char **uni, int *unilen);
+char *OPENSSL_uni2asc(unsigned char *uni, int unilen);
+# else
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni,
+ int *unilen);
+char *uni2asc(unsigned char *uni, int unilen);
+# endif
+DECLARE_ASN1_FUNCTIONS(PKCS12)
+DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
+DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
+
+void PKCS12_PBE_add(void);
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+ STACK_OF(X509) **ca);
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+ STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
+ int mac_iter, int keytype);
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
+ EVP_PKEY *key, int key_usage, int iter,
+ int key_nid, char *pass);
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+ int safe_nid, int iter, char *pass);
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
+int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PKCS12_strings(void);
+
+/* Error codes for the PKCS12 functions. */
+
+/* Function codes. */
+# define PKCS12_F_PARSE_BAG 129
+# define PKCS12_F_PARSE_BAGS 103
+# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100
+# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127
+# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102
+# define PKCS12_F_PKCS12_ADD_LOCALKEYID 104
+# define PKCS12_F_PKCS12_CREATE 105
+# define PKCS12_F_PKCS12_GEN_MAC 107
+# define PKCS12_F_PKCS12_INIT 109
+# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106
+# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108
+# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117
+# define PKCS12_F_PKCS12_KEY_GEN_ASC 110
+# define PKCS12_F_PKCS12_KEY_GEN_UNI 111
+# define PKCS12_F_PKCS12_MAKE_KEYBAG 112
+# define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113
+# define PKCS12_F_PKCS12_NEWPASS 128
+# define PKCS12_F_PKCS12_PACK_P7DATA 114
+# define PKCS12_F_PKCS12_PACK_P7ENCDATA 115
+# define PKCS12_F_PKCS12_PARSE 118
+# define PKCS12_F_PKCS12_PBE_CRYPT 119
+# define PKCS12_F_PKCS12_PBE_KEYIVGEN 120
+# define PKCS12_F_PKCS12_SETUP_MAC 122
+# define PKCS12_F_PKCS12_SET_MAC 123
+# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130
+# define PKCS12_F_PKCS12_UNPACK_P7DATA 131
+# define PKCS12_F_PKCS12_VERIFY_MAC 126
+# define PKCS12_F_PKCS8_ADD_KEYUSAGE 124
+# define PKCS12_F_PKCS8_ENCRYPT 125
+
+/* Reason codes. */
+# define PKCS12_R_CANT_PACK_STRUCTURE 100
+# define PKCS12_R_CONTENT_TYPE_NOT_DATA 121
+# define PKCS12_R_DECODE_ERROR 101
+# define PKCS12_R_ENCODE_ERROR 102
+# define PKCS12_R_ENCRYPT_ERROR 103
+# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120
+# define PKCS12_R_INVALID_NULL_ARGUMENT 104
+# define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105
+# define PKCS12_R_IV_GEN_ERROR 106
+# define PKCS12_R_KEY_GEN_ERROR 107
+# define PKCS12_R_MAC_ABSENT 108
+# define PKCS12_R_MAC_GENERATION_ERROR 109
+# define PKCS12_R_MAC_SETUP_ERROR 110
+# define PKCS12_R_MAC_STRING_SET_ERROR 111
+# define PKCS12_R_MAC_VERIFY_ERROR 112
+# define PKCS12_R_MAC_VERIFY_FAILURE 113
+# define PKCS12_R_PARSE_ERROR 114
+# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115
+# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116
+# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117
+# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118
+# define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_asn1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs7/pk7_asn1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,214 +0,0 @@
-/* pk7_asn.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/pkcs7.h>
-#include <openssl/x509.h>
-
-/* PKCS#7 ASN1 module */
-
-/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
-
-ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
-
-ASN1_ADB(PKCS7) = {
- ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
- ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
- ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
- ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
- ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
- ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
-} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
-
-ASN1_NDEF_SEQUENCE(PKCS7) = {
- ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
- ASN1_ADB_OBJECT(PKCS7)
-}ASN1_NDEF_SEQUENCE_END(PKCS7)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
-IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)
-IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
-
-ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
- ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
- ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
- ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
- ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
- ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
- ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
-
-/* Minor tweak to operation: free up EVP_PKEY */
-static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- if(operation == ASN1_OP_FREE_POST) {
- PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
- EVP_PKEY_free(si->pkey);
- }
- return 1;
-}
-
-ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
- ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
- ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
- ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
- /* NB this should be a SET OF but we use a SEQUENCE OF so the
- * original order * is retained when the structure is reencoded.
- * Since the attributes are implicitly tagged this will not affect
- * the encoding.
- */
- ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
- ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
- ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
- ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
-} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
-
-ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
- ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
- ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
-
-ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
- ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
- ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
- ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
-
-/* Minor tweak to operation: free up X509 */
-static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- if(operation == ASN1_OP_FREE_POST) {
- PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
- X509_free(ri->cert);
- }
- return 1;
-}
-
-ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
- ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
- ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
- ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
- ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
-
-ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {
- ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
- ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
- ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
-
-ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
- ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
- ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
- ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
- ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
- ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
- ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
- ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
-
-ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = {
- ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
- ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
-
-ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = {
- ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
- ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
- ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
- ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
-
-/* Specials for authenticated attributes */
-
-/* When signing attributes we want to reorder them to match the sorted
- * encoding.
- */
-
-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
-ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
-
-/* When verifying attributes we need to use the received order. So
- * we use SEQUENCE OF and tag it to SET OF
- */
-
-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
- V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
-ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_asn1.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs7/pk7_asn1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_asn1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,217 @@
+/* pk7_asn.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+
+/* PKCS#7 ASN1 module */
+
+/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
+
+ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS7) = {
+ ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+ ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
+ ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
+ ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
+ ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
+ ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
+} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
+
+ASN1_NDEF_SEQUENCE(PKCS7) = {
+ ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
+ ASN1_ADB_OBJECT(PKCS7)
+}ASN1_NDEF_SEQUENCE_END(PKCS7)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
+IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)
+IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
+
+ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
+ ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
+ ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
+ ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
+ ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
+ ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
+ ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if (operation == ASN1_OP_FREE_POST) {
+ PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
+ EVP_PKEY_free(si->pkey);
+ }
+ return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
+ ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
+ ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+ ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
+ /* NB this should be a SET OF but we use a SEQUENCE OF so the
+ * original order * is retained when the structure is reencoded.
+ * Since the attributes are implicitly tagged this will not affect
+ * the encoding.
+ */
+ ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
+ ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
+ ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
+ ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+
+ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
+ ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
+ ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
+ ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
+ ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+ ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+
+/* Minor tweak to operation: free up X509 */
+static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if (operation == ASN1_OP_FREE_POST) {
+ PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
+ X509_free(ri->cert);
+ }
+ return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
+ ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
+ ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+ ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
+ ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {
+ ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
+ ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
+ ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+
+ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
+ ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
+ ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+ ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
+ ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
+ ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
+ ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
+ ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = {
+ ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
+ ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+
+ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = {
+ ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
+ ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
+ ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
+ ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
+
+/* Specials for authenticated attributes */
+
+/*
+ * When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
+
+/*
+ * When verifying attributes we need to use the received order. So we use
+ * SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+ V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_attr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs7/pk7_attr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_attr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,141 +0,0 @@
-/* pk7_attr.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs7.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-
-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
-{
- ASN1_STRING *seq;
- unsigned char *p, *pp;
- int len;
- len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR,
- V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL,
- IS_SEQUENCE);
- if(!(pp=(unsigned char *)OPENSSL_malloc(len))) {
- PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- p=pp;
- i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
- V_ASN1_UNIVERSAL, IS_SEQUENCE);
- if(!(seq = ASN1_STRING_new())) {
- PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if(!ASN1_STRING_set (seq, pp, len)) {
- PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- OPENSSL_free (pp);
- return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
- V_ASN1_SEQUENCE, seq);
-}
-
-STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
- {
- ASN1_TYPE *cap;
- const unsigned char *p;
-
- cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
- if (!cap || (cap->type != V_ASN1_SEQUENCE))
- return NULL;
- p = cap->value.sequence->data;
- return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
- cap->value.sequence->length,
- d2i_X509_ALGOR, X509_ALGOR_free,
- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
- }
-
-/* Basic smime-capabilities OID and optional integer arg */
-int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
-{
- X509_ALGOR *alg;
-
- if(!(alg = X509_ALGOR_new())) {
- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- ASN1_OBJECT_free(alg->algorithm);
- alg->algorithm = OBJ_nid2obj (nid);
- if (arg > 0) {
- ASN1_INTEGER *nbit;
- if(!(alg->parameter = ASN1_TYPE_new())) {
- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if(!(nbit = ASN1_INTEGER_new())) {
- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if(!ASN1_INTEGER_set (nbit, arg)) {
- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- alg->parameter->value.integer = nbit;
- alg->parameter->type = V_ASN1_INTEGER;
- }
- sk_X509_ALGOR_push (sk, alg);
- return 1;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_attr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs7/pk7_attr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_attr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_attr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,143 @@
+/* pk7_attr.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
+ STACK_OF(X509_ALGOR) *cap)
+{
+ ASN1_STRING *seq;
+ unsigned char *p, *pp;
+ int len;
+ len = i2d_ASN1_SET_OF_X509_ALGOR(cap, NULL, i2d_X509_ALGOR,
+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+ IS_SEQUENCE);
+ if (!(pp = (unsigned char *)OPENSSL_malloc(len))) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ p = pp;
+ i2d_ASN1_SET_OF_X509_ALGOR(cap, &p, i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE);
+ if (!(seq = ASN1_STRING_new())) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!ASN1_STRING_set(seq, pp, len)) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ OPENSSL_free(pp);
+ return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+ V_ASN1_SEQUENCE, seq);
+}
+
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+{
+ ASN1_TYPE *cap;
+ const unsigned char *p;
+
+ cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
+ if (!cap || (cap->type != V_ASN1_SEQUENCE))
+ return NULL;
+ p = cap->value.sequence->data;
+ return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
+ cap->value.sequence->length,
+ d2i_X509_ALGOR, X509_ALGOR_free,
+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+/* Basic smime-capabilities OID and optional integer arg */
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
+ X509_ALGOR *alg;
+
+ if (!(alg = X509_ALGOR_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ASN1_OBJECT_free(alg->algorithm);
+ alg->algorithm = OBJ_nid2obj(nid);
+ if (arg > 0) {
+ ASN1_INTEGER *nbit;
+ if (!(alg->parameter = ASN1_TYPE_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!(nbit = ASN1_INTEGER_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!ASN1_INTEGER_set(nbit, arg)) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ alg->parameter->value.integer = nbit;
+ alg->parameter->type = V_ASN1_INTEGER;
+ }
+ sk_X509_ALGOR_push(sk, alg);
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_dgst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs7/pk7_dgst.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,66 +0,0 @@
-/* crypto/pkcs7/pk7_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_dgst.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs7/pk7_dgst.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_dgst.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,65 @@
+/* crypto/pkcs7/pk7_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_doit.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs7/pk7_doit.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_doit.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1177 +0,0 @@
-/* crypto/pkcs7/pk7_doit.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/err.h>
-
-static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
- void *value);
-static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
-
-static int PKCS7_type_is_other(PKCS7* p7)
- {
- int isOther=1;
-
- int nid=OBJ_obj2nid(p7->type);
-
- switch( nid )
- {
- case NID_pkcs7_data:
- case NID_pkcs7_signed:
- case NID_pkcs7_enveloped:
- case NID_pkcs7_signedAndEnveloped:
- case NID_pkcs7_digest:
- case NID_pkcs7_encrypted:
- isOther=0;
- break;
- default:
- isOther=1;
- }
-
- return isOther;
-
- }
-
-static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
- {
- if ( PKCS7_type_is_data(p7))
- return p7->d.data;
- if ( PKCS7_type_is_other(p7) && p7->d.other
- && (p7->d.other->type == V_ASN1_OCTET_STRING))
- return p7->d.other->value.octet_string;
- return NULL;
- }
-
-static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
- {
- BIO *btmp;
- const EVP_MD *md;
- if ((btmp=BIO_new(BIO_f_md())) == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
- goto err;
- }
-
- md=EVP_get_digestbyobj(alg->algorithm);
- if (md == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE);
- goto err;
- }
-
- BIO_set_md(btmp,md);
- if (*pbio == NULL)
- *pbio=btmp;
- else if (!BIO_push(*pbio,btmp))
- {
- PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
- goto err;
- }
- btmp=NULL;
-
- return 1;
-
- err:
- if (btmp)
- BIO_free(btmp);
- return 0;
-
- }
-
-BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
- {
- int i;
- BIO *out=NULL,*btmp=NULL;
- X509_ALGOR *xa = NULL;
- const EVP_CIPHER *evp_cipher=NULL;
- STACK_OF(X509_ALGOR) *md_sk=NULL;
- STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
- X509_ALGOR *xalg=NULL;
- PKCS7_RECIP_INFO *ri=NULL;
- EVP_PKEY *pkey;
- ASN1_OCTET_STRING *os=NULL;
-
- i=OBJ_obj2nid(p7->type);
- p7->state=PKCS7_S_HEADER;
-
- switch (i)
- {
- case NID_pkcs7_signed:
- md_sk=p7->d.sign->md_algs;
- os = PKCS7_get_octet_string(p7->d.sign->contents);
- break;
- case NID_pkcs7_signedAndEnveloped:
- rsk=p7->d.signed_and_enveloped->recipientinfo;
- md_sk=p7->d.signed_and_enveloped->md_algs;
- xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
- evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
- if (evp_cipher == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATAINIT,
- PKCS7_R_CIPHER_NOT_INITIALIZED);
- goto err;
- }
- break;
- case NID_pkcs7_enveloped:
- rsk=p7->d.enveloped->recipientinfo;
- xalg=p7->d.enveloped->enc_data->algorithm;
- evp_cipher=p7->d.enveloped->enc_data->cipher;
- if (evp_cipher == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATAINIT,
- PKCS7_R_CIPHER_NOT_INITIALIZED);
- goto err;
- }
- break;
- case NID_pkcs7_digest:
- xa = p7->d.digest->md;
- os = PKCS7_get_octet_string(p7->d.digest->contents);
- break;
- default:
- PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
- goto err;
- }
-
- for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
- if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
- goto err;
-
- if (xa && !PKCS7_bio_add_digest(&out, xa))
- goto err;
-
- if (evp_cipher != NULL)
- {
- unsigned char key[EVP_MAX_KEY_LENGTH];
- unsigned char iv[EVP_MAX_IV_LENGTH];
- int keylen,ivlen;
- int jj,max;
- unsigned char *tmp;
- EVP_CIPHER_CTX *ctx;
-
- if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
- goto err;
- }
- BIO_get_cipher_ctx(btmp, &ctx);
- keylen=EVP_CIPHER_key_length(evp_cipher);
- ivlen=EVP_CIPHER_iv_length(evp_cipher);
- xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
- if (ivlen > 0)
- if (RAND_pseudo_bytes(iv,ivlen) <= 0)
- goto err;
- if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0)
- goto err;
- if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
- goto err;
- if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
- goto err;
-
- if (ivlen > 0) {
- if (xalg->parameter == NULL) {
- xalg->parameter = ASN1_TYPE_new();
- if (xalg->parameter == NULL)
- goto err;
- }
- if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
- goto err;
- }
-
- /* Lets do the pub key stuff :-) */
- max=0;
- for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
- {
- ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
- if (ri->cert == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
- goto err;
- }
- if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
- goto err;
- jj=EVP_PKEY_size(pkey);
- EVP_PKEY_free(pkey);
- if (max < jj) max=jj;
- }
- if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
- {
- ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
- if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
- goto err;
- jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
- EVP_PKEY_free(pkey);
- if (jj <= 0)
- {
- PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
- OPENSSL_free(tmp);
- goto err;
- }
- if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj))
- {
- PKCS7err(PKCS7_F_PKCS7_DATAINIT,
- ERR_R_MALLOC_FAILURE);
- OPENSSL_free(tmp);
- goto err;
- }
- }
- OPENSSL_free(tmp);
- OPENSSL_cleanse(key, keylen);
-
- if (out == NULL)
- out=btmp;
- else
- BIO_push(out,btmp);
- btmp=NULL;
- }
-
- if (bio == NULL)
- {
- if (PKCS7_is_detached(p7))
- bio=BIO_new(BIO_s_null());
- else if (os && os->length > 0)
- bio = BIO_new_mem_buf(os->data, os->length);
- if(bio == NULL)
- {
- bio=BIO_new(BIO_s_mem());
- if (bio == NULL)
- goto err;
- BIO_set_mem_eof_return(bio,0);
- }
- }
- BIO_push(out,bio);
- bio=NULL;
- if (0)
- {
-err:
- if (out != NULL)
- BIO_free_all(out);
- if (btmp != NULL)
- BIO_free_all(btmp);
- out=NULL;
- }
- return(out);
- }
-
-static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
- {
- int ret;
- ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
- pcert->cert_info->issuer);
- if (ret)
- return ret;
- return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
- ri->issuer_and_serial->serial);
- }
-
-/* int */
-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
- {
- int i,j;
- BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
- unsigned char *tmp=NULL;
- X509_ALGOR *xa;
- ASN1_OCTET_STRING *data_body=NULL;
- const EVP_MD *evp_md;
- const EVP_CIPHER *evp_cipher=NULL;
- EVP_CIPHER_CTX *evp_ctx=NULL;
- X509_ALGOR *enc_alg=NULL;
- STACK_OF(X509_ALGOR) *md_sk=NULL;
- STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
- PKCS7_RECIP_INFO *ri=NULL;
-
- i=OBJ_obj2nid(p7->type);
- p7->state=PKCS7_S_HEADER;
-
- switch (i)
- {
- case NID_pkcs7_signed:
- data_body=PKCS7_get_octet_string(p7->d.sign->contents);
- md_sk=p7->d.sign->md_algs;
- break;
- case NID_pkcs7_signedAndEnveloped:
- rsk=p7->d.signed_and_enveloped->recipientinfo;
- md_sk=p7->d.signed_and_enveloped->md_algs;
- data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
- enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
- evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
- if (evp_cipher == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
- goto err;
- }
- break;
- case NID_pkcs7_enveloped:
- rsk=p7->d.enveloped->recipientinfo;
- enc_alg=p7->d.enveloped->enc_data->algorithm;
- data_body=p7->d.enveloped->enc_data->enc_data;
- evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
- if (evp_cipher == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
- goto err;
- }
- break;
- default:
- PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
- goto err;
- }
-
- /* We will be checking the signature */
- if (md_sk != NULL)
- {
- for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
- {
- xa=sk_X509_ALGOR_value(md_sk,i);
- if ((btmp=BIO_new(BIO_f_md())) == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
- goto err;
- }
-
- j=OBJ_obj2nid(xa->algorithm);
- evp_md=EVP_get_digestbynid(j);
- if (evp_md == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
- goto err;
- }
-
- BIO_set_md(btmp,evp_md);
- if (out == NULL)
- out=btmp;
- else
- BIO_push(out,btmp);
- btmp=NULL;
- }
- }
-
- if (evp_cipher != NULL)
- {
-#if 0
- unsigned char key[EVP_MAX_KEY_LENGTH];
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char *p;
- int keylen,ivlen;
- int max;
- X509_OBJECT ret;
-#endif
- unsigned char *tkey = NULL;
- int tkeylen;
- int jj;
-
- if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
- goto err;
- }
-
- /* It was encrypted, we need to decrypt the secret key
- * with the private key */
-
- /* Find the recipientInfo which matches the passed certificate
- * (if any)
- */
-
- if (pcert) {
- for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
- ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
- if (!pkcs7_cmp_ri(ri, pcert))
- break;
- ri=NULL;
- }
- if (ri == NULL) {
- PKCS7err(PKCS7_F_PKCS7_DATADECODE,
- PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
- goto err;
- }
- }
-
- jj=EVP_PKEY_size(pkey);
- tmp=(unsigned char *)OPENSSL_malloc(jj+10);
- if (tmp == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* If we haven't got a certificate try each ri in turn */
-
- if (pcert == NULL)
- {
- /* Temporary storage in case EVP_PKEY_decrypt
- * overwrites output buffer on error.
- */
- unsigned char *tmp2;
- tmp2 = OPENSSL_malloc(jj);
- if (!tmp2)
- goto err;
- jj = -1;
- /* Always attempt to decrypt all cases to avoid
- * leaking timing information about a successful
- * decrypt.
- */
- for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
- {
- int tret;
- ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
- tret=EVP_PKEY_decrypt(tmp2,
- M_ASN1_STRING_data(ri->enc_key),
- M_ASN1_STRING_length(ri->enc_key),
- pkey);
- if (tret > 0)
- {
- memcpy(tmp, tmp2, tret);
- OPENSSL_cleanse(tmp2, tret);
- jj = tret;
- }
- ERR_clear_error();
- }
- OPENSSL_free(tmp2);
- }
- else
- {
- jj=EVP_PKEY_decrypt(tmp,
- M_ASN1_STRING_data(ri->enc_key),
- M_ASN1_STRING_length(ri->enc_key), pkey);
- ERR_clear_error();
- }
-
- evp_ctx=NULL;
- BIO_get_cipher_ctx(etmp,&evp_ctx);
- if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0)
- goto err;
- if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
- goto err;
- /* Generate random key to counter MMA */
- tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
- tkey = OPENSSL_malloc(tkeylen);
- if (!tkey)
- goto err;
- if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
- goto err;
- /* If we have no key use random key */
- if (jj <= 0)
- {
- OPENSSL_free(tmp);
- jj = tkeylen;
- tmp = tkey;
- tkey = NULL;
- }
-
- if (jj != tkeylen) {
- /* Some S/MIME clients don't use the same key
- * and effective key length. The key length is
- * determined by the size of the decrypted RSA key.
- */
- if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
- {
- /* As MMA defence use random key instead */
- OPENSSL_cleanse(tmp, jj);
- OPENSSL_free(tmp);
- jj = tkeylen;
- tmp = tkey;
- tkey = NULL;
- }
- }
- ERR_clear_error();
- if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
- goto err;
-
- OPENSSL_cleanse(tmp,jj);
-
- if (tkey)
- {
- OPENSSL_cleanse(tkey, tkeylen);
- OPENSSL_free(tkey);
- }
-
- if (out == NULL)
- out=etmp;
- else
- BIO_push(out,etmp);
- etmp=NULL;
- }
-
-#if 1
- if (PKCS7_is_detached(p7) || (in_bio != NULL))
- {
- bio=in_bio;
- }
- else
- {
-#if 0
- bio=BIO_new(BIO_s_mem());
- /* We need to set this so that when we have read all
- * the data, the encrypt BIO, if present, will read
- * EOF and encode the last few bytes */
- BIO_set_mem_eof_return(bio,0);
-
- if (data_body->length > 0)
- BIO_write(bio,(char *)data_body->data,data_body->length);
-#else
- if (data_body->length > 0)
- bio = BIO_new_mem_buf(data_body->data,data_body->length);
- else {
- bio=BIO_new(BIO_s_mem());
- BIO_set_mem_eof_return(bio,0);
- }
- if (bio == NULL)
- goto err;
-#endif
- }
- BIO_push(out,bio);
- bio=NULL;
-#endif
- if (0)
- {
-err:
- if (out != NULL) BIO_free_all(out);
- if (btmp != NULL) BIO_free_all(btmp);
- if (etmp != NULL) BIO_free_all(etmp);
- if (bio != NULL) BIO_free_all(bio);
- out=NULL;
- }
- if (tmp != NULL)
- OPENSSL_free(tmp);
- return(out);
- }
-
-static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
- {
- for (;;)
- {
- bio=BIO_find_type(bio,BIO_TYPE_MD);
- if (bio == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
- return NULL;
- }
- BIO_get_md_ctx(bio,pmd);
- if (*pmd == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR);
- return NULL;
- }
- if (EVP_MD_CTX_type(*pmd) == nid)
- return bio;
- bio=BIO_next(bio);
- }
- return NULL;
- }
-
-int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
- {
- int ret=0;
- int i,j;
- BIO *btmp;
- BUF_MEM *buf_mem=NULL;
- BUF_MEM *buf=NULL;
- PKCS7_SIGNER_INFO *si;
- EVP_MD_CTX *mdc,ctx_tmp;
- STACK_OF(X509_ATTRIBUTE) *sk;
- STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
- ASN1_OCTET_STRING *os=NULL;
-
- EVP_MD_CTX_init(&ctx_tmp);
- i=OBJ_obj2nid(p7->type);
- p7->state=PKCS7_S_HEADER;
-
- switch (i)
- {
- case NID_pkcs7_signedAndEnveloped:
- /* XXXXXXXXXXXXXXXX */
- si_sk=p7->d.signed_and_enveloped->signer_info;
- if (!(os=M_ASN1_OCTET_STRING_new()))
- {
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- p7->d.signed_and_enveloped->enc_data->enc_data=os;
- break;
- case NID_pkcs7_enveloped:
- /* XXXXXXXXXXXXXXXX */
- if (!(os=M_ASN1_OCTET_STRING_new()))
- {
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- p7->d.enveloped->enc_data->enc_data=os;
- break;
- case NID_pkcs7_signed:
- si_sk=p7->d.sign->signer_info;
- os=PKCS7_get_octet_string(p7->d.sign->contents);
- /* If detached data then the content is excluded */
- if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
- M_ASN1_OCTET_STRING_free(os);
- p7->d.sign->contents->d.data = NULL;
- }
- break;
-
- case NID_pkcs7_digest:
- os=PKCS7_get_octet_string(p7->d.digest->contents);
- /* If detached data then the content is excluded */
- if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
- {
- M_ASN1_OCTET_STRING_free(os);
- p7->d.digest->contents->d.data = NULL;
- }
- break;
-
- }
-
- if (si_sk != NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
- goto err;
- }
- for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
- {
- si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
- if (si->pkey == NULL) continue;
-
- j=OBJ_obj2nid(si->digest_alg->algorithm);
-
- btmp=bio;
-
- btmp = PKCS7_find_digest(&mdc, btmp, j);
-
- if (btmp == NULL)
- goto err;
-
- /* We now have the EVP_MD_CTX, lets do the
- * signing. */
- EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
- if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
- {
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
- goto err;
- }
-
- sk=si->auth_attr;
-
- /* If there are attributes, we add the digest
- * attribute and only sign the attributes */
- if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
- {
- unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
- unsigned int md_len, alen;
- ASN1_OCTET_STRING *digest;
- ASN1_UTCTIME *sign_time;
- const EVP_MD *md_tmp;
-
- /* Add signing time if not already present */
- if (!PKCS7_get_signed_attribute(si,
- NID_pkcs9_signingTime))
- {
- if (!(sign_time=X509_gmtime_adj(NULL,0)))
- {
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!PKCS7_add_signed_attribute(si,
- NID_pkcs9_signingTime,
- V_ASN1_UTCTIME,sign_time))
- {
- M_ASN1_UTCTIME_free(sign_time);
- goto err;
- }
- }
-
- /* Add digest */
- md_tmp=EVP_MD_CTX_md(&ctx_tmp);
- EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
- if (!(digest=M_ASN1_OCTET_STRING_new()))
- {
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!M_ASN1_OCTET_STRING_set(digest,md_data,
- md_len))
- {
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
- ERR_R_MALLOC_FAILURE);
- M_ASN1_OCTET_STRING_free(digest);
- goto err;
- }
- if (!PKCS7_add_signed_attribute(si,
- NID_pkcs9_messageDigest,
- V_ASN1_OCTET_STRING,digest))
- {
- M_ASN1_OCTET_STRING_free(digest);
- goto err;
- }
-
- /* Now sign the attributes */
- EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
- alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
- ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
- if(!abuf) goto err;
- EVP_SignUpdate(&ctx_tmp,abuf,alen);
- OPENSSL_free(abuf);
- }
-
-#ifndef OPENSSL_NO_DSA
- if (si->pkey->type == EVP_PKEY_DSA)
- ctx_tmp.digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (si->pkey->type == EVP_PKEY_EC)
- ctx_tmp.digest=EVP_ecdsa();
-#endif
-
- if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
- (unsigned int *)&buf->length,si->pkey))
- {
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB);
- goto err;
- }
- if (!ASN1_STRING_set(si->enc_digest,
- (unsigned char *)buf->data,buf->length))
- {
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB);
- goto err;
- }
- }
- }
- else if (i == NID_pkcs7_digest)
- {
- unsigned char md_data[EVP_MAX_MD_SIZE];
- unsigned int md_len;
- if (!PKCS7_find_digest(&mdc, bio,
- OBJ_obj2nid(p7->d.digest->md->algorithm)))
- goto err;
- EVP_DigestFinal_ex(mdc,md_data,&md_len);
- M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
- }
-
- if (!PKCS7_is_detached(p7))
- {
- btmp=BIO_find_type(bio,BIO_TYPE_MEM);
- if (btmp == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
- goto err;
- }
- BIO_get_mem_ptr(btmp,&buf_mem);
- /* Mark the BIO read only then we can use its copy of the data
- * instead of making an extra copy.
- */
- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
- BIO_set_mem_eof_return(btmp, 0);
- os->data = (unsigned char *)buf_mem->data;
- os->length = buf_mem->length;
-#if 0
- M_ASN1_OCTET_STRING_set(os,
- (unsigned char *)buf_mem->data,buf_mem->length);
-#endif
- }
- ret=1;
-err:
- EVP_MD_CTX_cleanup(&ctx_tmp);
- if (buf != NULL) BUF_MEM_free(buf);
- return(ret);
- }
-
-int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
- PKCS7 *p7, PKCS7_SIGNER_INFO *si)
- {
- PKCS7_ISSUER_AND_SERIAL *ias;
- int ret=0,i;
- STACK_OF(X509) *cert;
- X509 *x509;
-
- if (PKCS7_type_is_signed(p7))
- {
- cert=p7->d.sign->cert;
- }
- else if (PKCS7_type_is_signedAndEnveloped(p7))
- {
- cert=p7->d.signed_and_enveloped->cert;
- }
- else
- {
- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
- goto err;
- }
- /* XXXXXXXXXXXXXXXXXXXXXXX */
- ias=si->issuer_and_serial;
-
- x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
-
- /* were we able to find the cert in passed to us */
- if (x509 == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
- goto err;
- }
-
- /* Lets verify */
- if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
- {
- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
- goto err;
- }
- X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
- i=X509_verify_cert(ctx);
- if (i <= 0)
- {
- PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
- X509_STORE_CTX_cleanup(ctx);
- goto err;
- }
- X509_STORE_CTX_cleanup(ctx);
-
- return PKCS7_signatureVerify(bio, p7, si, x509);
- err:
- return ret;
- }
-
-int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
- X509 *x509)
- {
- ASN1_OCTET_STRING *os;
- EVP_MD_CTX mdc_tmp,*mdc;
- int ret=0,i;
- int md_type;
- STACK_OF(X509_ATTRIBUTE) *sk;
- BIO *btmp;
- EVP_PKEY *pkey;
-
- EVP_MD_CTX_init(&mdc_tmp);
-
- if (!PKCS7_type_is_signed(p7) &&
- !PKCS7_type_is_signedAndEnveloped(p7)) {
- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
- PKCS7_R_WRONG_PKCS7_TYPE);
- goto err;
- }
-
- md_type=OBJ_obj2nid(si->digest_alg->algorithm);
-
- btmp=bio;
- for (;;)
- {
- if ((btmp == NULL) ||
- ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
- {
- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
- PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
- goto err;
- }
- BIO_get_md_ctx(btmp,&mdc);
- if (mdc == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
- if (EVP_MD_CTX_type(mdc) == md_type)
- break;
- /* Workaround for some broken clients that put the signature
- * OID instead of the digest OID in digest_alg->algorithm
- */
- if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
- break;
- btmp=BIO_next(btmp);
- }
-
- /* mdc is the digest ctx that we want, unless there are attributes,
- * in which case the digest is the signed attributes */
- EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);
-
- sk=si->auth_attr;
- if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
- {
- unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
- unsigned int md_len, alen;
- ASN1_OCTET_STRING *message_digest;
-
- EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
- message_digest=PKCS7_digest_from_attributes(sk);
- if (!message_digest)
- {
- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
- PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
- goto err;
- }
- if ((message_digest->length != (int)md_len) ||
- (memcmp(message_digest->data,md_dat,md_len)))
- {
-#if 0
-{
-int ii;
-for (ii=0; ii<message_digest->length; ii++)
- printf("%02X",message_digest->data[ii]); printf(" sent\n");
-for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
-}
-#endif
- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
- PKCS7_R_DIGEST_FAILURE);
- ret= -1;
- goto err;
- }
-
- EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);
-
- alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
- ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
- EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
-
- OPENSSL_free(abuf);
- }
-
- os=si->enc_digest;
- pkey = X509_get_pubkey(x509);
- if (!pkey)
- {
- ret = -1;
- goto err;
- }
-#ifndef OPENSSL_NO_DSA
- if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
-#endif
-
- i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
- EVP_PKEY_free(pkey);
- if (i <= 0)
- {
- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
- PKCS7_R_SIGNATURE_FAILURE);
- ret= -1;
- goto err;
- }
- else
- ret=1;
-err:
- EVP_MD_CTX_cleanup(&mdc_tmp);
- return(ret);
- }
-
-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
- {
- STACK_OF(PKCS7_RECIP_INFO) *rsk;
- PKCS7_RECIP_INFO *ri;
- int i;
-
- i=OBJ_obj2nid(p7->type);
- if (i != NID_pkcs7_signedAndEnveloped)
- return NULL;
- if (p7->d.signed_and_enveloped == NULL)
- return NULL;
- rsk=p7->d.signed_and_enveloped->recipientinfo;
- if (rsk == NULL)
- return NULL;
- ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
- if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
- ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
- return(ri->issuer_and_serial);
- }
-
-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
- {
- return(get_attribute(si->auth_attr,nid));
- }
-
-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
- {
- return(get_attribute(si->unauth_attr,nid));
- }
-
-static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
- {
- int i;
- X509_ATTRIBUTE *xa;
- ASN1_OBJECT *o;
-
- o=OBJ_nid2obj(nid);
- if (!o || !sk) return(NULL);
- for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
- {
- xa=sk_X509_ATTRIBUTE_value(sk,i);
- if (OBJ_cmp(xa->object,o) == 0)
- {
- if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
- return(sk_ASN1_TYPE_value(xa->value.set,0));
- else
- return(NULL);
- }
- }
- return(NULL);
- }
-
-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
-{
- ASN1_TYPE *astype;
- if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
- return astype->value.octet_string;
-}
-
-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
- STACK_OF(X509_ATTRIBUTE) *sk)
- {
- int i;
-
- if (p7si->auth_attr != NULL)
- sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
- p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
- if (p7si->auth_attr == NULL)
- return 0;
- for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
- {
- if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
- X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
- == NULL)
- return(0);
- }
- return(1);
- }
-
-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
- {
- int i;
-
- if (p7si->unauth_attr != NULL)
- sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
- X509_ATTRIBUTE_free);
- p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
- if (p7si->unauth_attr == NULL)
- return 0;
- for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
- {
- if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
- X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
- == NULL)
- return(0);
- }
- return(1);
- }
-
-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
- void *value)
- {
- return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
- }
-
-int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
- void *value)
- {
- return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
- }
-
-static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
- void *value)
- {
- X509_ATTRIBUTE *attr=NULL;
-
- if (*sk == NULL)
- {
- if (!(*sk = sk_X509_ATTRIBUTE_new_null()))
- return 0;
-new_attrib:
- if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value)))
- return 0;
- if (!sk_X509_ATTRIBUTE_push(*sk,attr))
- {
- X509_ATTRIBUTE_free(attr);
- return 0;
- }
- }
- else
- {
- int i;
-
- for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
- {
- attr=sk_X509_ATTRIBUTE_value(*sk,i);
- if (OBJ_obj2nid(attr->object) == nid)
- {
- X509_ATTRIBUTE_free(attr);
- attr=X509_ATTRIBUTE_create(nid,atrtype,value);
- if (attr == NULL)
- return 0;
- if (!sk_X509_ATTRIBUTE_set(*sk,i,attr))
- {
- X509_ATTRIBUTE_free(attr);
- return 0;
- }
- goto end;
- }
- }
- goto new_attrib;
- }
-end:
- return(1);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_doit.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs7/pk7_doit.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_doit.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_doit.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1168 @@
+/* crypto/pkcs7/pk7_doit.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+ void *value);
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
+
+static int PKCS7_type_is_other(PKCS7 *p7)
+{
+ int isOther = 1;
+
+ int nid = OBJ_obj2nid(p7->type);
+
+ switch (nid) {
+ case NID_pkcs7_data:
+ case NID_pkcs7_signed:
+ case NID_pkcs7_enveloped:
+ case NID_pkcs7_signedAndEnveloped:
+ case NID_pkcs7_digest:
+ case NID_pkcs7_encrypted:
+ isOther = 0;
+ break;
+ default:
+ isOther = 1;
+ }
+
+ return isOther;
+
+}
+
+static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
+{
+ if (PKCS7_type_is_data(p7))
+ return p7->d.data;
+ if (PKCS7_type_is_other(p7) && p7->d.other
+ && (p7->d.other->type == V_ASN1_OCTET_STRING))
+ return p7->d.other->value.octet_string;
+ return NULL;
+}
+
+static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
+{
+ BIO *btmp;
+ const EVP_MD *md;
+ if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+ goto err;
+ }
+
+ md = EVP_get_digestbyobj(alg->algorithm);
+ if (md == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE);
+ goto err;
+ }
+
+ BIO_set_md(btmp, md);
+ if (*pbio == NULL)
+ *pbio = btmp;
+ else if (!BIO_push(*pbio, btmp)) {
+ PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+ goto err;
+ }
+ btmp = NULL;
+
+ return 1;
+
+ err:
+ if (btmp)
+ BIO_free(btmp);
+ return 0;
+
+}
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+{
+ int i;
+ BIO *out = NULL, *btmp = NULL;
+ X509_ALGOR *xa = NULL;
+ const EVP_CIPHER *evp_cipher = NULL;
+ STACK_OF(X509_ALGOR) *md_sk = NULL;
+ STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+ X509_ALGOR *xalg = NULL;
+ PKCS7_RECIP_INFO *ri = NULL;
+ EVP_PKEY *pkey;
+ ASN1_OCTET_STRING *os = NULL;
+
+ if (p7 == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
+ return NULL;
+ }
+ /*
+ * The content field in the PKCS7 ContentInfo is optional, but that really
+ * only applies to inner content (precisely, detached signatures).
+ *
+ * When reading content, missing outer content is therefore treated as an
+ * error.
+ *
+ * When creating content, PKCS7_content_new() must be called before
+ * calling this method, so a NULL p7->d is always an error.
+ */
+ if (p7->d.ptr == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
+ return NULL;
+ }
+
+ i = OBJ_obj2nid(p7->type);
+ p7->state = PKCS7_S_HEADER;
+
+ switch (i) {
+ case NID_pkcs7_signed:
+ md_sk = p7->d.sign->md_algs;
+ os = PKCS7_get_octet_string(p7->d.sign->contents);
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ rsk = p7->d.signed_and_enveloped->recipientinfo;
+ md_sk = p7->d.signed_and_enveloped->md_algs;
+ xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
+ evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
+ if (evp_cipher == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
+ goto err;
+ }
+ break;
+ case NID_pkcs7_enveloped:
+ rsk = p7->d.enveloped->recipientinfo;
+ xalg = p7->d.enveloped->enc_data->algorithm;
+ evp_cipher = p7->d.enveloped->enc_data->cipher;
+ if (evp_cipher == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
+ goto err;
+ }
+ break;
+ case NID_pkcs7_digest:
+ xa = p7->d.digest->md;
+ os = PKCS7_get_octet_string(p7->d.digest->contents);
+ break;
+ default:
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+ goto err;
+ }
+
+ for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
+ if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
+ goto err;
+
+ if (xa && !PKCS7_bio_add_digest(&out, xa))
+ goto err;
+
+ if (evp_cipher != NULL) {
+ unsigned char key[EVP_MAX_KEY_LENGTH];
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ int keylen, ivlen;
+ int jj, max;
+ unsigned char *tmp;
+ EVP_CIPHER_CTX *ctx;
+
+ if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
+ goto err;
+ }
+ BIO_get_cipher_ctx(btmp, &ctx);
+ keylen = EVP_CIPHER_key_length(evp_cipher);
+ ivlen = EVP_CIPHER_iv_length(evp_cipher);
+ xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+ if (ivlen > 0)
+ if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+ goto err;
+ if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
+ goto err;
+ if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+ goto err;
+ if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
+ goto err;
+
+ if (ivlen > 0) {
+ if (xalg->parameter == NULL) {
+ xalg->parameter = ASN1_TYPE_new();
+ if (xalg->parameter == NULL)
+ goto err;
+ }
+ if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+ goto err;
+ }
+
+ /* Lets do the pub key stuff :-) */
+ max = 0;
+ for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+ ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+ if (ri->cert == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+ PKCS7_R_MISSING_CERIPEND_INFO);
+ goto err;
+ }
+ if ((pkey = X509_get_pubkey(ri->cert)) == NULL)
+ goto err;
+ jj = EVP_PKEY_size(pkey);
+ EVP_PKEY_free(pkey);
+ if (max < jj)
+ max = jj;
+ }
+ if ((tmp = (unsigned char *)OPENSSL_malloc(max)) == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+ ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+ if ((pkey = X509_get_pubkey(ri->cert)) == NULL)
+ goto err;
+ jj = EVP_PKEY_encrypt(tmp, key, keylen, pkey);
+ EVP_PKEY_free(pkey);
+ if (jj <= 0) {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_EVP_LIB);
+ OPENSSL_free(tmp);
+ goto err;
+ }
+ if (!M_ASN1_OCTET_STRING_set(ri->enc_key, tmp, jj)) {
+ PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_MALLOC_FAILURE);
+ OPENSSL_free(tmp);
+ goto err;
+ }
+ }
+ OPENSSL_free(tmp);
+ OPENSSL_cleanse(key, keylen);
+
+ if (out == NULL)
+ out = btmp;
+ else
+ BIO_push(out, btmp);
+ btmp = NULL;
+ }
+
+ if (bio == NULL) {
+ if (PKCS7_is_detached(p7))
+ bio = BIO_new(BIO_s_null());
+ else if (os && os->length > 0)
+ bio = BIO_new_mem_buf(os->data, os->length);
+ if (bio == NULL) {
+ bio = BIO_new(BIO_s_mem());
+ if (bio == NULL)
+ goto err;
+ BIO_set_mem_eof_return(bio, 0);
+ }
+ }
+ BIO_push(out, bio);
+ bio = NULL;
+ if (0) {
+ err:
+ if (out != NULL)
+ BIO_free_all(out);
+ if (btmp != NULL)
+ BIO_free_all(btmp);
+ out = NULL;
+ }
+ return (out);
+}
+
+static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
+{
+ int ret;
+ ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
+ pcert->cert_info->issuer);
+ if (ret)
+ return ret;
+ return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
+ ri->issuer_and_serial->serial);
+}
+
+/* int */
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+{
+ int i, j;
+ BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
+ unsigned char *tmp = NULL;
+ X509_ALGOR *xa;
+ ASN1_OCTET_STRING *data_body = NULL;
+ const EVP_MD *evp_md;
+ const EVP_CIPHER *evp_cipher = NULL;
+ EVP_CIPHER_CTX *evp_ctx = NULL;
+ X509_ALGOR *enc_alg = NULL;
+ STACK_OF(X509_ALGOR) *md_sk = NULL;
+ STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+ PKCS7_RECIP_INFO *ri = NULL;
+
+ if (p7 == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
+ return NULL;
+ }
+
+ if (p7->d.ptr == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+ return NULL;
+ }
+
+ i = OBJ_obj2nid(p7->type);
+ p7->state = PKCS7_S_HEADER;
+
+ switch (i) {
+ case NID_pkcs7_signed:
+ data_body = PKCS7_get_octet_string(p7->d.sign->contents);
+ md_sk = p7->d.sign->md_algs;
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ rsk = p7->d.signed_and_enveloped->recipientinfo;
+ md_sk = p7->d.signed_and_enveloped->md_algs;
+ data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
+ enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
+ evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+ if (evp_cipher == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+ PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+ goto err;
+ }
+ break;
+ case NID_pkcs7_enveloped:
+ rsk = p7->d.enveloped->recipientinfo;
+ enc_alg = p7->d.enveloped->enc_data->algorithm;
+ data_body = p7->d.enveloped->enc_data->enc_data;
+ evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+ if (evp_cipher == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+ PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+ goto err;
+ }
+ break;
+ default:
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+ goto err;
+ }
+
+ /* We will be checking the signature */
+ if (md_sk != NULL) {
+ for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+ xa = sk_X509_ALGOR_value(md_sk, i);
+ if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+ goto err;
+ }
+
+ j = OBJ_obj2nid(xa->algorithm);
+ evp_md = EVP_get_digestbynid(j);
+ if (evp_md == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+ PKCS7_R_UNKNOWN_DIGEST_TYPE);
+ goto err;
+ }
+
+ BIO_set_md(btmp, evp_md);
+ if (out == NULL)
+ out = btmp;
+ else
+ BIO_push(out, btmp);
+ btmp = NULL;
+ }
+ }
+
+ if (evp_cipher != NULL) {
+#if 0
+ unsigned char key[EVP_MAX_KEY_LENGTH];
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned char *p;
+ int keylen, ivlen;
+ int max;
+ X509_OBJECT ret;
+#endif
+ unsigned char *tkey = NULL;
+ int tkeylen;
+ int jj;
+
+ if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+ goto err;
+ }
+
+ /*
+ * It was encrypted, we need to decrypt the secret key with the
+ * private key
+ */
+
+ /*
+ * Find the recipientInfo which matches the passed certificate (if
+ * any)
+ */
+
+ if (pcert) {
+ for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+ ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+ if (!pkcs7_cmp_ri(ri, pcert))
+ break;
+ ri = NULL;
+ }
+ if (ri == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+ PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+ goto err;
+ }
+ }
+
+ jj = EVP_PKEY_size(pkey);
+ tmp = (unsigned char *)OPENSSL_malloc(jj + 10);
+ if (tmp == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* If we haven't got a certificate try each ri in turn */
+
+ if (pcert == NULL) {
+ /*
+ * Temporary storage in case EVP_PKEY_decrypt overwrites output
+ * buffer on error.
+ */
+ unsigned char *tmp2;
+ tmp2 = OPENSSL_malloc(jj);
+ if (!tmp2)
+ goto err;
+ jj = -1;
+ /*
+ * Always attempt to decrypt all cases to avoid leaking timing
+ * information about a successful decrypt.
+ */
+ for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+ int tret;
+ ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+ tret = EVP_PKEY_decrypt(tmp2,
+ M_ASN1_STRING_data(ri->enc_key),
+ M_ASN1_STRING_length(ri->enc_key),
+ pkey);
+ if (tret > 0) {
+ memcpy(tmp, tmp2, tret);
+ OPENSSL_cleanse(tmp2, tret);
+ jj = tret;
+ }
+ ERR_clear_error();
+ }
+ OPENSSL_free(tmp2);
+ } else {
+ jj = EVP_PKEY_decrypt(tmp,
+ M_ASN1_STRING_data(ri->enc_key),
+ M_ASN1_STRING_length(ri->enc_key), pkey);
+ ERR_clear_error();
+ }
+
+ evp_ctx = NULL;
+ BIO_get_cipher_ctx(etmp, &evp_ctx);
+ if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0)
+ goto err;
+ if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
+ goto err;
+ /* Generate random key to counter MMA */
+ tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
+ tkey = OPENSSL_malloc(tkeylen);
+ if (!tkey)
+ goto err;
+ if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
+ goto err;
+ /* If we have no key use random key */
+ if (jj <= 0) {
+ OPENSSL_free(tmp);
+ jj = tkeylen;
+ tmp = tkey;
+ tkey = NULL;
+ }
+
+ if (jj != tkeylen) {
+ /*
+ * Some S/MIME clients don't use the same key and effective key
+ * length. The key length is determined by the size of the
+ * decrypted RSA key.
+ */
+ if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) {
+ /* As MMA defence use random key instead */
+ OPENSSL_cleanse(tmp, jj);
+ OPENSSL_free(tmp);
+ jj = tkeylen;
+ tmp = tkey;
+ tkey = NULL;
+ }
+ }
+ ERR_clear_error();
+ if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, tmp, NULL, 0) <= 0)
+ goto err;
+
+ OPENSSL_cleanse(tmp, jj);
+
+ if (tkey) {
+ OPENSSL_cleanse(tkey, tkeylen);
+ OPENSSL_free(tkey);
+ }
+
+ if (out == NULL)
+ out = etmp;
+ else
+ BIO_push(out, etmp);
+ etmp = NULL;
+ }
+#if 1
+ if (PKCS7_is_detached(p7) || (in_bio != NULL)) {
+ bio = in_bio;
+ } else {
+# if 0
+ bio = BIO_new(BIO_s_mem());
+ /*
+ * We need to set this so that when we have read all the data, the
+ * encrypt BIO, if present, will read EOF and encode the last few
+ * bytes
+ */
+ BIO_set_mem_eof_return(bio, 0);
+
+ if (data_body->length > 0)
+ BIO_write(bio, (char *)data_body->data, data_body->length);
+# else
+ if (data_body->length > 0)
+ bio = BIO_new_mem_buf(data_body->data, data_body->length);
+ else {
+ bio = BIO_new(BIO_s_mem());
+ BIO_set_mem_eof_return(bio, 0);
+ }
+ if (bio == NULL)
+ goto err;
+# endif
+ }
+ BIO_push(out, bio);
+ bio = NULL;
+#endif
+ if (0) {
+ err:
+ if (out != NULL)
+ BIO_free_all(out);
+ if (btmp != NULL)
+ BIO_free_all(btmp);
+ if (etmp != NULL)
+ BIO_free_all(etmp);
+ if (bio != NULL)
+ BIO_free_all(bio);
+ out = NULL;
+ }
+ if (tmp != NULL)
+ OPENSSL_free(tmp);
+ return (out);
+}
+
+static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
+{
+ for (;;) {
+ bio = BIO_find_type(bio, BIO_TYPE_MD);
+ if (bio == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
+ PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+ return NULL;
+ }
+ BIO_get_md_ctx(bio, pmd);
+ if (*pmd == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
+ if (EVP_MD_CTX_type(*pmd) == nid)
+ return bio;
+ bio = BIO_next(bio);
+ }
+ return NULL;
+}
+
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+{
+ int ret = 0;
+ int i, j;
+ BIO *btmp;
+ BUF_MEM *buf_mem = NULL;
+ BUF_MEM *buf = NULL;
+ PKCS7_SIGNER_INFO *si;
+ EVP_MD_CTX *mdc, ctx_tmp;
+ STACK_OF(X509_ATTRIBUTE) *sk;
+ STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
+ ASN1_OCTET_STRING *os = NULL;
+
+ if (p7 == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
+ return 0;
+ }
+
+ if (p7->d.ptr == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
+ return 0;
+ }
+
+ EVP_MD_CTX_init(&ctx_tmp);
+ i = OBJ_obj2nid(p7->type);
+ p7->state = PKCS7_S_HEADER;
+
+ switch (i) {
+ case NID_pkcs7_signedAndEnveloped:
+ /* XXXXXXXXXXXXXXXX */
+ si_sk = p7->d.signed_and_enveloped->signer_info;
+ if (!(os = M_ASN1_OCTET_STRING_new())) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ p7->d.signed_and_enveloped->enc_data->enc_data = os;
+ break;
+ case NID_pkcs7_enveloped:
+ /* XXXXXXXXXXXXXXXX */
+ if (!(os = M_ASN1_OCTET_STRING_new())) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ p7->d.enveloped->enc_data->enc_data = os;
+ break;
+ case NID_pkcs7_signed:
+ si_sk = p7->d.sign->signer_info;
+ os = PKCS7_get_octet_string(p7->d.sign->contents);
+ /* If detached data then the content is excluded */
+ if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+ M_ASN1_OCTET_STRING_free(os);
+ os = NULL;
+ p7->d.sign->contents->d.data = NULL;
+ }
+ break;
+
+ case NID_pkcs7_digest:
+ os = PKCS7_get_octet_string(p7->d.digest->contents);
+ /* If detached data then the content is excluded */
+ if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
+ M_ASN1_OCTET_STRING_free(os);
+ os = NULL;
+ p7->d.digest->contents->d.data = NULL;
+ }
+ break;
+
+ }
+
+ if (si_sk != NULL) {
+ if ((buf = BUF_MEM_new()) == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_BIO_LIB);
+ goto err;
+ }
+ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
+ si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
+ if (si->pkey == NULL)
+ continue;
+
+ j = OBJ_obj2nid(si->digest_alg->algorithm);
+
+ btmp = bio;
+
+ btmp = PKCS7_find_digest(&mdc, btmp, j);
+
+ if (btmp == NULL)
+ goto err;
+
+ /*
+ * We now have the EVP_MD_CTX, lets do the signing.
+ */
+ EVP_MD_CTX_copy_ex(&ctx_tmp, mdc);
+ if (!BUF_MEM_grow_clean(buf, EVP_PKEY_size(si->pkey))) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_BIO_LIB);
+ goto err;
+ }
+
+ sk = si->auth_attr;
+
+ /*
+ * If there are attributes, we add the digest attribute and only
+ * sign the attributes
+ */
+ if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
+ unsigned char md_data[EVP_MAX_MD_SIZE], *abuf = NULL;
+ unsigned int md_len, alen;
+ ASN1_OCTET_STRING *digest;
+ ASN1_UTCTIME *sign_time;
+ const EVP_MD *md_tmp;
+
+ /* Add signing time if not already present */
+ if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
+ if (!(sign_time = X509_gmtime_adj(NULL, 0))) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!PKCS7_add_signed_attribute(si,
+ NID_pkcs9_signingTime,
+ V_ASN1_UTCTIME,
+ sign_time)) {
+ M_ASN1_UTCTIME_free(sign_time);
+ goto err;
+ }
+ }
+
+ /* Add digest */
+ md_tmp = EVP_MD_CTX_md(&ctx_tmp);
+ EVP_DigestFinal_ex(&ctx_tmp, md_data, &md_len);
+ if (!(digest = M_ASN1_OCTET_STRING_new())) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!M_ASN1_OCTET_STRING_set(digest, md_data, md_len)) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+ M_ASN1_OCTET_STRING_free(digest);
+ goto err;
+ }
+ if (!PKCS7_add_signed_attribute(si,
+ NID_pkcs9_messageDigest,
+ V_ASN1_OCTET_STRING, digest))
+ {
+ M_ASN1_OCTET_STRING_free(digest);
+ goto err;
+ }
+
+ /* Now sign the attributes */
+ EVP_SignInit_ex(&ctx_tmp, md_tmp, NULL);
+ alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+ ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+ if (!abuf)
+ goto err;
+ EVP_SignUpdate(&ctx_tmp, abuf, alen);
+ OPENSSL_free(abuf);
+ }
+#ifndef OPENSSL_NO_DSA
+ if (si->pkey->type == EVP_PKEY_DSA)
+ ctx_tmp.digest = EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (si->pkey->type == EVP_PKEY_EC)
+ ctx_tmp.digest = EVP_ecdsa();
+#endif
+
+ if (!EVP_SignFinal(&ctx_tmp, (unsigned char *)buf->data,
+ (unsigned int *)&buf->length, si->pkey)) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
+ goto err;
+ }
+ if (!ASN1_STRING_set(si->enc_digest,
+ (unsigned char *)buf->data, buf->length)) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ }
+ } else if (i == NID_pkcs7_digest) {
+ unsigned char md_data[EVP_MAX_MD_SIZE];
+ unsigned int md_len;
+ if (!PKCS7_find_digest(&mdc, bio,
+ OBJ_obj2nid(p7->d.digest->md->algorithm)))
+ goto err;
+ EVP_DigestFinal_ex(mdc, md_data, &md_len);
+ M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+ }
+
+ if (!PKCS7_is_detached(p7)) {
+ /*
+ * NOTE(emilia): I think we only reach os == NULL here because detached
+ * digested data support is broken.
+ */
+ if (os == NULL)
+ goto err;
+ btmp = BIO_find_type(bio, BIO_TYPE_MEM);
+ if (btmp == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+ goto err;
+ }
+ BIO_get_mem_ptr(btmp, &buf_mem);
+ /*
+ * Mark the BIO read only then we can use its copy of the data
+ * instead of making an extra copy.
+ */
+ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+ BIO_set_mem_eof_return(btmp, 0);
+ os->data = (unsigned char *)buf_mem->data;
+ os->length = buf_mem->length;
+#if 0
+ M_ASN1_OCTET_STRING_set(os,
+ (unsigned char *)buf_mem->data,
+ buf_mem->length);
+#endif
+ }
+ ret = 1;
+ err:
+ EVP_MD_CTX_cleanup(&ctx_tmp);
+ if (buf != NULL)
+ BUF_MEM_free(buf);
+ return (ret);
+}
+
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
+ PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+ PKCS7_ISSUER_AND_SERIAL *ias;
+ int ret = 0, i;
+ STACK_OF(X509) *cert;
+ X509 *x509;
+
+ if (p7 == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
+ return 0;
+ }
+
+ if (p7->d.ptr == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
+ return 0;
+ }
+
+ if (PKCS7_type_is_signed(p7)) {
+ cert = p7->d.sign->cert;
+ } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+ cert = p7->d.signed_and_enveloped->cert;
+ } else {
+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+ goto err;
+ }
+ /* XXXXXXXXXXXXXXXXXXXXXXX */
+ ias = si->issuer_and_serial;
+
+ x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
+
+ /* were we able to find the cert in passed to us */
+ if (x509 == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
+ PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
+ goto err;
+ }
+
+ /* Lets verify */
+ if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+ goto err;
+ }
+ X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
+ i = X509_verify_cert(ctx);
+ if (i <= 0) {
+ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+ X509_STORE_CTX_cleanup(ctx);
+ goto err;
+ }
+ X509_STORE_CTX_cleanup(ctx);
+
+ return PKCS7_signatureVerify(bio, p7, si, x509);
+ err:
+ return ret;
+}
+
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+ X509 *x509)
+{
+ ASN1_OCTET_STRING *os;
+ EVP_MD_CTX mdc_tmp, *mdc;
+ int ret = 0, i;
+ int md_type;
+ STACK_OF(X509_ATTRIBUTE) *sk;
+ BIO *btmp;
+ EVP_PKEY *pkey;
+
+ EVP_MD_CTX_init(&mdc_tmp);
+
+ if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
+ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+ goto err;
+ }
+
+ md_type = OBJ_obj2nid(si->digest_alg->algorithm);
+
+ btmp = bio;
+ for (;;) {
+ if ((btmp == NULL) ||
+ ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
+ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+ PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+ goto err;
+ }
+ BIO_get_md_ctx(btmp, &mdc);
+ if (mdc == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ if (EVP_MD_CTX_type(mdc) == md_type)
+ break;
+ /*
+ * Workaround for some broken clients that put the signature OID
+ * instead of the digest OID in digest_alg->algorithm
+ */
+ if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+ break;
+ btmp = BIO_next(btmp);
+ }
+
+ /*
+ * mdc is the digest ctx that we want, unless there are attributes, in
+ * which case the digest is the signed attributes
+ */
+ EVP_MD_CTX_copy_ex(&mdc_tmp, mdc);
+
+ sk = si->auth_attr;
+ if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
+ unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
+ unsigned int md_len, alen;
+ ASN1_OCTET_STRING *message_digest;
+
+ EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len);
+ message_digest = PKCS7_digest_from_attributes(sk);
+ if (!message_digest) {
+ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+ PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+ goto err;
+ }
+ if ((message_digest->length != (int)md_len) ||
+ (memcmp(message_digest->data, md_dat, md_len))) {
+#if 0
+ {
+ int ii;
+ for (ii = 0; ii < message_digest->length; ii++)
+ printf("%02X", message_digest->data[ii]);
+ printf(" sent\n");
+ for (ii = 0; ii < md_len; ii++)
+ printf("%02X", md_dat[ii]);
+ printf(" calc\n");
+ }
+#endif
+ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
+ ret = -1;
+ goto err;
+ }
+
+ EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL);
+
+ alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+ ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+ EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
+
+ OPENSSL_free(abuf);
+ }
+
+ os = si->enc_digest;
+ pkey = X509_get_pubkey(x509);
+ if (!pkey) {
+ ret = -1;
+ goto err;
+ }
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA)
+ mdc_tmp.digest = EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC)
+ mdc_tmp.digest = EVP_ecdsa();
+#endif
+
+ i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
+ EVP_PKEY_free(pkey);
+ if (i <= 0) {
+ PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
+ ret = -1;
+ goto err;
+ } else
+ ret = 1;
+ err:
+ EVP_MD_CTX_cleanup(&mdc_tmp);
+ return (ret);
+}
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
+{
+ STACK_OF(PKCS7_RECIP_INFO) *rsk;
+ PKCS7_RECIP_INFO *ri;
+ int i;
+
+ i = OBJ_obj2nid(p7->type);
+ if (i != NID_pkcs7_signedAndEnveloped)
+ return NULL;
+ if (p7->d.signed_and_enveloped == NULL)
+ return NULL;
+ rsk = p7->d.signed_and_enveloped->recipientinfo;
+ if (rsk == NULL)
+ return NULL;
+ ri = sk_PKCS7_RECIP_INFO_value(rsk, 0);
+ if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
+ return (NULL);
+ ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
+ return (ri->issuer_and_serial);
+}
+
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+ return (get_attribute(si->auth_attr, nid));
+}
+
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+ return (get_attribute(si->unauth_attr, nid));
+}
+
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
+{
+ int i;
+ X509_ATTRIBUTE *xa;
+ ASN1_OBJECT *o;
+
+ o = OBJ_nid2obj(nid);
+ if (!o || !sk)
+ return (NULL);
+ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+ xa = sk_X509_ATTRIBUTE_value(sk, i);
+ if (OBJ_cmp(xa->object, o) == 0) {
+ if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
+ return (sk_ASN1_TYPE_value(xa->value.set, 0));
+ else
+ return (NULL);
+ }
+ }
+ return (NULL);
+}
+
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
+{
+ ASN1_TYPE *astype;
+ if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest)))
+ return NULL;
+ return astype->value.octet_string;
+}
+
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+ STACK_OF(X509_ATTRIBUTE) *sk)
+{
+ int i;
+
+ if (p7si->auth_attr != NULL)
+ sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
+ p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
+ if (p7si->auth_attr == NULL)
+ return 0;
+ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+ if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
+ X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
+ (sk, i))))
+ == NULL)
+ return (0);
+ }
+ return (1);
+}
+
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
+ STACK_OF(X509_ATTRIBUTE) *sk)
+{
+ int i;
+
+ if (p7si->unauth_attr != NULL)
+ sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
+ p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
+ if (p7si->unauth_attr == NULL)
+ return 0;
+ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+ if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
+ X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
+ (sk, i))))
+ == NULL)
+ return (0);
+ }
+ return (1);
+}
+
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+ void *value)
+{
+ return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
+}
+
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+ void *value)
+{
+ return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
+}
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+ void *value)
+{
+ X509_ATTRIBUTE *attr = NULL;
+
+ if (*sk == NULL) {
+ if (!(*sk = sk_X509_ATTRIBUTE_new_null()))
+ return 0;
+ new_attrib:
+ if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value)))
+ return 0;
+ if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
+ X509_ATTRIBUTE_free(attr);
+ return 0;
+ }
+ } else {
+ int i;
+
+ for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
+ attr = sk_X509_ATTRIBUTE_value(*sk, i);
+ if (OBJ_obj2nid(attr->object) == nid) {
+ X509_ATTRIBUTE_free(attr);
+ attr = X509_ATTRIBUTE_create(nid, atrtype, value);
+ if (attr == NULL)
+ return 0;
+ if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
+ X509_ATTRIBUTE_free(attr);
+ return 0;
+ }
+ goto end;
+ }
+ }
+ goto new_attrib;
+ }
+ end:
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs7/pk7_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,76 +0,0 @@
-/* crypto/pkcs7/pk7_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-
-PKCS7_in_bio(PKCS7 *p7,BIO *in);
-PKCS7_out_bio(PKCS7 *p7,BIO *out);
-
-PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key);
-PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher);
-
-PKCS7_Init(PKCS7 *p7);
-PKCS7_Update(PKCS7 *p7);
-PKCS7_Finish(PKCS7 *p7);
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs7/pk7_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,75 @@
+/* crypto/pkcs7/pk7_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+
+PKCS7_in_bio(PKCS7 *p7, BIO *in);
+PKCS7_out_bio(PKCS7 *p7, BIO *out);
+
+PKCS7_add_signer(PKCS7 *p7, X509 *cert, EVP_PKEY *key);
+PKCS7_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
+
+PKCS7_Init(PKCS7 *p7);
+PKCS7_Update(PKCS7 *p7);
+PKCS7_Finish(PKCS7 *p7);
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs7/pk7_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,587 +0,0 @@
-/* crypto/pkcs7/pk7_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
- {
- int nid;
- long ret;
-
- nid=OBJ_obj2nid(p7->type);
-
- switch (cmd)
- {
- case PKCS7_OP_SET_DETACHED_SIGNATURE:
- if (nid == NID_pkcs7_signed)
- {
- ret=p7->detached=(int)larg;
- if (ret && PKCS7_type_is_data(p7->d.sign->contents))
- {
- ASN1_OCTET_STRING *os;
- os=p7->d.sign->contents->d.data;
- ASN1_OCTET_STRING_free(os);
- p7->d.sign->contents->d.data = NULL;
- }
- }
- else
- {
- PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
- ret=0;
- }
- break;
- case PKCS7_OP_GET_DETACHED_SIGNATURE:
- if (nid == NID_pkcs7_signed)
- {
- if(!p7->d.sign || !p7->d.sign->contents->d.ptr)
- ret = 1;
- else ret = 0;
-
- p7->detached = ret;
- }
- else
- {
- PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
- ret=0;
- }
-
- break;
- default:
- PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
- ret=0;
- }
- return(ret);
- }
-
-int PKCS7_content_new(PKCS7 *p7, int type)
- {
- PKCS7 *ret=NULL;
-
- if ((ret=PKCS7_new()) == NULL) goto err;
- if (!PKCS7_set_type(ret,type)) goto err;
- if (!PKCS7_set_content(p7,ret)) goto err;
-
- return(1);
-err:
- if (ret != NULL) PKCS7_free(ret);
- return(0);
- }
-
-int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
- {
- int i;
-
- i=OBJ_obj2nid(p7->type);
- switch (i)
- {
- case NID_pkcs7_signed:
- if (p7->d.sign->contents != NULL)
- PKCS7_free(p7->d.sign->contents);
- p7->d.sign->contents=p7_data;
- break;
- case NID_pkcs7_digest:
- if (p7->d.digest->contents != NULL)
- PKCS7_free(p7->d.digest->contents);
- p7->d.digest->contents=p7_data;
- break;
- case NID_pkcs7_data:
- case NID_pkcs7_enveloped:
- case NID_pkcs7_signedAndEnveloped:
- case NID_pkcs7_encrypted:
- default:
- PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
- goto err;
- }
- return(1);
-err:
- return(0);
- }
-
-int PKCS7_set_type(PKCS7 *p7, int type)
- {
- ASN1_OBJECT *obj;
-
- /*PKCS7_content_free(p7);*/
- obj=OBJ_nid2obj(type); /* will not fail */
-
- switch (type)
- {
- case NID_pkcs7_signed:
- p7->type=obj;
- if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
- goto err;
- if (!ASN1_INTEGER_set(p7->d.sign->version,1))
- {
- PKCS7_SIGNED_free(p7->d.sign);
- p7->d.sign=NULL;
- goto err;
- }
- break;
- case NID_pkcs7_data:
- p7->type=obj;
- if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
- goto err;
- break;
- case NID_pkcs7_signedAndEnveloped:
- p7->type=obj;
- if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
- == NULL) goto err;
- ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
- if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1))
- goto err;
- p7->d.signed_and_enveloped->enc_data->content_type
- = OBJ_nid2obj(NID_pkcs7_data);
- break;
- case NID_pkcs7_enveloped:
- p7->type=obj;
- if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
- == NULL) goto err;
- if (!ASN1_INTEGER_set(p7->d.enveloped->version,0))
- goto err;
- p7->d.enveloped->enc_data->content_type
- = OBJ_nid2obj(NID_pkcs7_data);
- break;
- case NID_pkcs7_encrypted:
- p7->type=obj;
- if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
- == NULL) goto err;
- if (!ASN1_INTEGER_set(p7->d.encrypted->version,0))
- goto err;
- p7->d.encrypted->enc_data->content_type
- = OBJ_nid2obj(NID_pkcs7_data);
- break;
-
- case NID_pkcs7_digest:
- p7->type=obj;
- if ((p7->d.digest=PKCS7_DIGEST_new())
- == NULL) goto err;
- if (!ASN1_INTEGER_set(p7->d.digest->version,0))
- goto err;
- break;
- default:
- PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
- goto err;
- }
- return(1);
-err:
- return(0);
- }
-
-int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
- {
- p7->type = OBJ_nid2obj(type);
- p7->d.other = other;
- return 1;
- }
-
-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
- {
- int i,j,nid;
- X509_ALGOR *alg;
- STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
- STACK_OF(X509_ALGOR) *md_sk;
-
- i=OBJ_obj2nid(p7->type);
- switch (i)
- {
- case NID_pkcs7_signed:
- signer_sk= p7->d.sign->signer_info;
- md_sk= p7->d.sign->md_algs;
- break;
- case NID_pkcs7_signedAndEnveloped:
- signer_sk= p7->d.signed_and_enveloped->signer_info;
- md_sk= p7->d.signed_and_enveloped->md_algs;
- break;
- default:
- PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
- return(0);
- }
-
- nid=OBJ_obj2nid(psi->digest_alg->algorithm);
-
- /* If the digest is not currently listed, add it */
- j=0;
- for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
- {
- alg=sk_X509_ALGOR_value(md_sk,i);
- if (OBJ_obj2nid(alg->algorithm) == nid)
- {
- j=1;
- break;
- }
- }
- if (!j) /* we need to add another algorithm */
- {
- if(!(alg=X509_ALGOR_new())
- || !(alg->parameter = ASN1_TYPE_new()))
- {
- X509_ALGOR_free(alg);
- PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- alg->algorithm=OBJ_nid2obj(nid);
- alg->parameter->type = V_ASN1_NULL;
- if (!sk_X509_ALGOR_push(md_sk,alg))
- {
- X509_ALGOR_free(alg);
- return 0;
- }
- }
-
- if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi))
- return 0;
- return(1);
- }
-
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
- {
- int i;
- STACK_OF(X509) **sk;
-
- i=OBJ_obj2nid(p7->type);
- switch (i)
- {
- case NID_pkcs7_signed:
- sk= &(p7->d.sign->cert);
- break;
- case NID_pkcs7_signedAndEnveloped:
- sk= &(p7->d.signed_and_enveloped->cert);
- break;
- default:
- PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
- return(0);
- }
-
- if (*sk == NULL)
- *sk=sk_X509_new_null();
- if (*sk == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
- if (!sk_X509_push(*sk,x509))
- {
- X509_free(x509);
- return 0;
- }
- return(1);
- }
-
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
- {
- int i;
- STACK_OF(X509_CRL) **sk;
-
- i=OBJ_obj2nid(p7->type);
- switch (i)
- {
- case NID_pkcs7_signed:
- sk= &(p7->d.sign->crl);
- break;
- case NID_pkcs7_signedAndEnveloped:
- sk= &(p7->d.signed_and_enveloped->crl);
- break;
- default:
- PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
- return(0);
- }
-
- if (*sk == NULL)
- *sk=sk_X509_CRL_new_null();
- if (*sk == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
- if (!sk_X509_CRL_push(*sk,crl))
- {
- X509_CRL_free(crl);
- return 0;
- }
- return(1);
- }
-
-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
- const EVP_MD *dgst)
- {
- int nid;
- char is_dsa;
-
- if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
- is_dsa = 1;
- else
- is_dsa = 0;
- /* We now need to add another PKCS7_SIGNER_INFO entry */
- if (!ASN1_INTEGER_set(p7i->version,1))
- goto err;
- if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
- X509_get_issuer_name(x509)))
- goto err;
-
- /* because ASN1_INTEGER_set is used to set a 'long' we will do
- * things the ugly way. */
- M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
- if (!(p7i->issuer_and_serial->serial=
- M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
- goto err;
-
- /* lets keep the pkey around for a while */
- CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
- p7i->pkey=pkey;
-
- /* Set the algorithms */
- if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
- else
- p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
-
- if (p7i->digest_alg->parameter != NULL)
- ASN1_TYPE_free(p7i->digest_alg->parameter);
- if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
- goto err;
- p7i->digest_alg->parameter->type=V_ASN1_NULL;
-
- if (p7i->digest_enc_alg->parameter != NULL)
- ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
- nid = EVP_PKEY_type(pkey->type);
- if (nid == EVP_PKEY_RSA)
- {
- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption);
- if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
- goto err;
- p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
- }
- else if (nid == EVP_PKEY_DSA)
- {
-#if 1
- /* use 'dsaEncryption' OID for compatibility with other software
- * (PKCS #7 v1.5 does specify how to handle DSA) ... */
- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa);
-#else
- /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS)
- * would make more sense. */
- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1);
-#endif
- p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */
- }
- else if (nid == EVP_PKEY_EC)
- {
- p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);
- if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
- goto err;
- p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
- }
- else
- return(0);
-
- return(1);
-err:
- return(0);
- }
-
-PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
- const EVP_MD *dgst)
- {
- PKCS7_SIGNER_INFO *si;
-
- if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
- if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
- if (!PKCS7_add_signer(p7,si)) goto err;
- return(si);
-err:
- PKCS7_SIGNER_INFO_free(si);
- return(NULL);
- }
-
-int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
- {
- if (PKCS7_type_is_digest(p7))
- {
- if(!(p7->d.digest->md->parameter = ASN1_TYPE_new()))
- {
- PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- p7->d.digest->md->parameter->type = V_ASN1_NULL;
- p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
- return 1;
- }
-
- PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE);
- return 1;
- }
-
-STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
- {
- if (PKCS7_type_is_signed(p7))
- {
- return(p7->d.sign->signer_info);
- }
- else if (PKCS7_type_is_signedAndEnveloped(p7))
- {
- return(p7->d.signed_and_enveloped->signer_info);
- }
- else
- return(NULL);
- }
-
-PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
- {
- PKCS7_RECIP_INFO *ri;
-
- if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
- if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
- if (!PKCS7_add_recipient_info(p7,ri)) goto err;
- return(ri);
-err:
- PKCS7_RECIP_INFO_free(ri);
- return(NULL);
- }
-
-int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
- {
- int i;
- STACK_OF(PKCS7_RECIP_INFO) *sk;
-
- i=OBJ_obj2nid(p7->type);
- switch (i)
- {
- case NID_pkcs7_signedAndEnveloped:
- sk= p7->d.signed_and_enveloped->recipientinfo;
- break;
- case NID_pkcs7_enveloped:
- sk= p7->d.enveloped->recipientinfo;
- break;
- default:
- PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
- return(0);
- }
-
- if (!sk_PKCS7_RECIP_INFO_push(sk,ri))
- return 0;
- return(1);
- }
-
-int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
- {
- if (!ASN1_INTEGER_set(p7i->version,0))
- return 0;
- if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
- X509_get_issuer_name(x509)))
- return 0;
-
- M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
- if (!(p7i->issuer_and_serial->serial=
- M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
- return 0;
-
- X509_ALGOR_free(p7i->key_enc_algor);
- if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))
- return 0;
-
- CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
- p7i->cert=x509;
-
- return(1);
- }
-
-X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
- {
- if (PKCS7_type_is_signed(p7))
- return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
- si->issuer_and_serial->issuer,
- si->issuer_and_serial->serial));
- else
- return(NULL);
- }
-
-int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
- {
- int i;
- PKCS7_ENC_CONTENT *ec;
-
- i=OBJ_obj2nid(p7->type);
- switch (i)
- {
- case NID_pkcs7_signedAndEnveloped:
- ec=p7->d.signed_and_enveloped->enc_data;
- break;
- case NID_pkcs7_enveloped:
- ec=p7->d.enveloped->enc_data;
- break;
- default:
- PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
- return(0);
- }
-
- /* Check cipher OID exists and has data in it*/
- i = EVP_CIPHER_type(cipher);
- if(i == NID_undef) {
- PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
- return(0);
- }
-
- ec->cipher = cipher;
- return 1;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs7/pk7_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,580 @@
+/* crypto/pkcs7/pk7_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
+{
+ int nid;
+ long ret;
+
+ nid = OBJ_obj2nid(p7->type);
+
+ switch (cmd) {
+ /* NOTE(emilia): does not support detached digested data. */
+ case PKCS7_OP_SET_DETACHED_SIGNATURE:
+ if (nid == NID_pkcs7_signed) {
+ ret = p7->detached = (int)larg;
+ if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
+ ASN1_OCTET_STRING *os;
+ os = p7->d.sign->contents->d.data;
+ ASN1_OCTET_STRING_free(os);
+ p7->d.sign->contents->d.data = NULL;
+ }
+ } else {
+ PKCS7err(PKCS7_F_PKCS7_CTRL,
+ PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+ ret = 0;
+ }
+ break;
+ case PKCS7_OP_GET_DETACHED_SIGNATURE:
+ if (nid == NID_pkcs7_signed) {
+ if (!p7->d.sign || !p7->d.sign->contents->d.ptr)
+ ret = 1;
+ else
+ ret = 0;
+
+ p7->detached = ret;
+ } else {
+ PKCS7err(PKCS7_F_PKCS7_CTRL,
+ PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+ ret = 0;
+ }
+
+ break;
+ default:
+ PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
+ ret = 0;
+ }
+ return (ret);
+}
+
+int PKCS7_content_new(PKCS7 *p7, int type)
+{
+ PKCS7 *ret = NULL;
+
+ if ((ret = PKCS7_new()) == NULL)
+ goto err;
+ if (!PKCS7_set_type(ret, type))
+ goto err;
+ if (!PKCS7_set_content(p7, ret))
+ goto err;
+
+ return (1);
+ err:
+ if (ret != NULL)
+ PKCS7_free(ret);
+ return (0);
+}
+
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
+{
+ int i;
+
+ i = OBJ_obj2nid(p7->type);
+ switch (i) {
+ case NID_pkcs7_signed:
+ if (p7->d.sign->contents != NULL)
+ PKCS7_free(p7->d.sign->contents);
+ p7->d.sign->contents = p7_data;
+ break;
+ case NID_pkcs7_digest:
+ if (p7->d.digest->contents != NULL)
+ PKCS7_free(p7->d.digest->contents);
+ p7->d.digest->contents = p7_data;
+ break;
+ case NID_pkcs7_data:
+ case NID_pkcs7_enveloped:
+ case NID_pkcs7_signedAndEnveloped:
+ case NID_pkcs7_encrypted:
+ default:
+ PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+ goto err;
+ }
+ return (1);
+ err:
+ return (0);
+}
+
+int PKCS7_set_type(PKCS7 *p7, int type)
+{
+ ASN1_OBJECT *obj;
+
+ /*
+ * PKCS7_content_free(p7);
+ */
+ obj = OBJ_nid2obj(type); /* will not fail */
+
+ switch (type) {
+ case NID_pkcs7_signed:
+ p7->type = obj;
+ if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL)
+ goto err;
+ if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) {
+ PKCS7_SIGNED_free(p7->d.sign);
+ p7->d.sign = NULL;
+ goto err;
+ }
+ break;
+ case NID_pkcs7_data:
+ p7->type = obj;
+ if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL)
+ goto err;
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ p7->type = obj;
+ if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new())
+ == NULL)
+ goto err;
+ ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1);
+ if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1))
+ goto err;
+ p7->d.signed_and_enveloped->enc_data->content_type
+ = OBJ_nid2obj(NID_pkcs7_data);
+ break;
+ case NID_pkcs7_enveloped:
+ p7->type = obj;
+ if ((p7->d.enveloped = PKCS7_ENVELOPE_new())
+ == NULL)
+ goto err;
+ if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0))
+ goto err;
+ p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
+ break;
+ case NID_pkcs7_encrypted:
+ p7->type = obj;
+ if ((p7->d.encrypted = PKCS7_ENCRYPT_new())
+ == NULL)
+ goto err;
+ if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0))
+ goto err;
+ p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
+ break;
+
+ case NID_pkcs7_digest:
+ p7->type = obj;
+ if ((p7->d.digest = PKCS7_DIGEST_new())
+ == NULL)
+ goto err;
+ if (!ASN1_INTEGER_set(p7->d.digest->version, 0))
+ goto err;
+ break;
+ default:
+ PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+ goto err;
+ }
+ return (1);
+ err:
+ return (0);
+}
+
+int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
+{
+ p7->type = OBJ_nid2obj(type);
+ p7->d.other = other;
+ return 1;
+}
+
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
+{
+ int i, j, nid;
+ X509_ALGOR *alg;
+ STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
+ STACK_OF(X509_ALGOR) *md_sk;
+
+ i = OBJ_obj2nid(p7->type);
+ switch (i) {
+ case NID_pkcs7_signed:
+ signer_sk = p7->d.sign->signer_info;
+ md_sk = p7->d.sign->md_algs;
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ signer_sk = p7->d.signed_and_enveloped->signer_info;
+ md_sk = p7->d.signed_and_enveloped->md_algs;
+ break;
+ default:
+ PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
+ return (0);
+ }
+
+ nid = OBJ_obj2nid(psi->digest_alg->algorithm);
+
+ /* If the digest is not currently listed, add it */
+ j = 0;
+ for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+ alg = sk_X509_ALGOR_value(md_sk, i);
+ if (OBJ_obj2nid(alg->algorithm) == nid) {
+ j = 1;
+ break;
+ }
+ }
+ if (!j) { /* we need to add another algorithm */
+ if (!(alg = X509_ALGOR_new())
+ || !(alg->parameter = ASN1_TYPE_new())) {
+ X509_ALGOR_free(alg);
+ PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ alg->algorithm = OBJ_nid2obj(nid);
+ alg->parameter->type = V_ASN1_NULL;
+ if (!sk_X509_ALGOR_push(md_sk, alg)) {
+ X509_ALGOR_free(alg);
+ return 0;
+ }
+ }
+
+ if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi))
+ return 0;
+ return (1);
+}
+
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
+{
+ int i;
+ STACK_OF(X509) **sk;
+
+ i = OBJ_obj2nid(p7->type);
+ switch (i) {
+ case NID_pkcs7_signed:
+ sk = &(p7->d.sign->cert);
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ sk = &(p7->d.signed_and_enveloped->cert);
+ break;
+ default:
+ PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE);
+ return (0);
+ }
+
+ if (*sk == NULL)
+ *sk = sk_X509_new_null();
+ if (*sk == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+ if (!sk_X509_push(*sk, x509)) {
+ X509_free(x509);
+ return 0;
+ }
+ return (1);
+}
+
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
+{
+ int i;
+ STACK_OF(X509_CRL) **sk;
+
+ i = OBJ_obj2nid(p7->type);
+ switch (i) {
+ case NID_pkcs7_signed:
+ sk = &(p7->d.sign->crl);
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ sk = &(p7->d.signed_and_enveloped->crl);
+ break;
+ default:
+ PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
+ return (0);
+ }
+
+ if (*sk == NULL)
+ *sk = sk_X509_CRL_new_null();
+ if (*sk == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+ if (!sk_X509_CRL_push(*sk, crl)) {
+ X509_CRL_free(crl);
+ return 0;
+ }
+ return (1);
+}
+
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+ const EVP_MD *dgst)
+{
+ int nid;
+ char is_dsa;
+
+ if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
+ is_dsa = 1;
+ else
+ is_dsa = 0;
+ /* We now need to add another PKCS7_SIGNER_INFO entry */
+ if (!ASN1_INTEGER_set(p7i->version, 1))
+ goto err;
+ if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+ X509_get_issuer_name(x509)))
+ goto err;
+
+ /*
+ * because ASN1_INTEGER_set is used to set a 'long' we will do things the
+ * ugly way.
+ */
+ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+ if (!(p7i->issuer_and_serial->serial =
+ M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+ goto err;
+
+ /* lets keep the pkey around for a while */
+ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ p7i->pkey = pkey;
+
+ /* Set the algorithms */
+ if (is_dsa)
+ p7i->digest_alg->algorithm = OBJ_nid2obj(NID_sha1);
+ else
+ p7i->digest_alg->algorithm = OBJ_nid2obj(EVP_MD_type(dgst));
+
+ if (p7i->digest_alg->parameter != NULL)
+ ASN1_TYPE_free(p7i->digest_alg->parameter);
+ if ((p7i->digest_alg->parameter = ASN1_TYPE_new()) == NULL)
+ goto err;
+ p7i->digest_alg->parameter->type = V_ASN1_NULL;
+
+ if (p7i->digest_enc_alg->parameter != NULL)
+ ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
+ nid = EVP_PKEY_type(pkey->type);
+ if (nid == EVP_PKEY_RSA) {
+ p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+ if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new()))
+ goto err;
+ p7i->digest_enc_alg->parameter->type = V_ASN1_NULL;
+ } else if (nid == EVP_PKEY_DSA) {
+#if 1
+ /*
+ * use 'dsaEncryption' OID for compatibility with other software
+ * (PKCS #7 v1.5 does specify how to handle DSA) ...
+ */
+ p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsa);
+#else
+ /*
+ * ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for
+ * CMS) would make more sense.
+ */
+ p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsaWithSHA1);
+#endif
+ p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit
+ * 'parameter'! */
+ } else if (nid == EVP_PKEY_EC) {
+ p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA1);
+ if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new()))
+ goto err;
+ p7i->digest_enc_alg->parameter->type = V_ASN1_NULL;
+ } else
+ return (0);
+
+ return (1);
+ err:
+ return (0);
+}
+
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
+ const EVP_MD *dgst)
+{
+ PKCS7_SIGNER_INFO *si;
+
+ if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
+ goto err;
+ if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
+ goto err;
+ if (!PKCS7_add_signer(p7, si))
+ goto err;
+ return (si);
+ err:
+ PKCS7_SIGNER_INFO_free(si);
+ return (NULL);
+}
+
+int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
+{
+ if (PKCS7_type_is_digest(p7)) {
+ if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ p7->d.digest->md->parameter->type = V_ASN1_NULL;
+ p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
+ return 1;
+ }
+
+ PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE);
+ return 1;
+}
+
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+{
+ if (p7 == NULL || p7->d.ptr == NULL)
+ return NULL;
+ if (PKCS7_type_is_signed(p7)) {
+ return (p7->d.sign->signer_info);
+ } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+ return (p7->d.signed_and_enveloped->signer_info);
+ } else
+ return (NULL);
+}
+
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
+{
+ PKCS7_RECIP_INFO *ri;
+
+ if ((ri = PKCS7_RECIP_INFO_new()) == NULL)
+ goto err;
+ if (!PKCS7_RECIP_INFO_set(ri, x509))
+ goto err;
+ if (!PKCS7_add_recipient_info(p7, ri))
+ goto err;
+ return (ri);
+ err:
+ PKCS7_RECIP_INFO_free(ri);
+ return (NULL);
+}
+
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
+{
+ int i;
+ STACK_OF(PKCS7_RECIP_INFO) *sk;
+
+ i = OBJ_obj2nid(p7->type);
+ switch (i) {
+ case NID_pkcs7_signedAndEnveloped:
+ sk = p7->d.signed_and_enveloped->recipientinfo;
+ break;
+ case NID_pkcs7_enveloped:
+ sk = p7->d.enveloped->recipientinfo;
+ break;
+ default:
+ PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
+ PKCS7_R_WRONG_CONTENT_TYPE);
+ return (0);
+ }
+
+ if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
+ return 0;
+ return (1);
+}
+
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
+{
+ if (!ASN1_INTEGER_set(p7i->version, 0))
+ return 0;
+ if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+ X509_get_issuer_name(x509)))
+ return 0;
+
+ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+ if (!(p7i->issuer_and_serial->serial =
+ M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+ return 0;
+
+ X509_ALGOR_free(p7i->key_enc_algor);
+ if (!(p7i->key_enc_algor = X509_ALGOR_dup(x509->cert_info->key->algor)))
+ return 0;
+
+ CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+ p7i->cert = x509;
+
+ return (1);
+}
+
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+ if (PKCS7_type_is_signed(p7))
+ return (X509_find_by_issuer_and_serial(p7->d.sign->cert,
+ si->issuer_and_serial->issuer,
+ si->
+ issuer_and_serial->serial));
+ else
+ return (NULL);
+}
+
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
+{
+ int i;
+ PKCS7_ENC_CONTENT *ec;
+
+ i = OBJ_obj2nid(p7->type);
+ switch (i) {
+ case NID_pkcs7_signedAndEnveloped:
+ ec = p7->d.signed_and_enveloped->enc_data;
+ break;
+ case NID_pkcs7_enveloped:
+ ec = p7->d.enveloped->enc_data;
+ break;
+ default:
+ PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
+ return (0);
+ }
+
+ /* Check cipher OID exists and has data in it */
+ i = EVP_CIPHER_type(cipher);
+ if (i == NID_undef) {
+ PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
+ PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+ return (0);
+ }
+
+ ec->cipher = cipher;
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_mime.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs7/pk7_mime.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_mime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,125 +0,0 @@
-/* pk7_mime.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include <openssl/x509.h>
-#include <openssl/asn1.h>
-
-/* PKCS#7 wrappers round generalised MIME routines */
-
-PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
- {
- return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
- }
-
-/* Callback for int_smime_write_ASN1 */
-
-static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
- const ASN1_ITEM *it)
- {
- PKCS7 *p7 = (PKCS7 *)val;
- BIO *tmpbio, *p7bio;
-
- if (!(flags & SMIME_DETACHED))
- {
- SMIME_crlf_copy(data, out, flags);
- return 1;
- }
-
- /* Let PKCS7 code prepend any needed BIOs */
-
- p7bio = PKCS7_dataInit(p7, out);
-
- if (!p7bio)
- return 0;
-
- /* Copy data across, passing through filter BIOs for processing */
- SMIME_crlf_copy(data, p7bio, flags);
-
- /* Finalize structure */
- if (PKCS7_dataFinal(p7, p7bio) <= 0)
- goto err;
-
- err:
-
- /* Now remove any digests prepended to the BIO */
-
- while (p7bio != out)
- {
- tmpbio = BIO_pop(p7bio);
- BIO_free(p7bio);
- p7bio = tmpbio;
- }
-
- return 1;
-
- }
-
-int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
- {
- STACK_OF(X509_ALGOR) *mdalgs;
- int ctype_nid = OBJ_obj2nid(p7->type);
- if (ctype_nid == NID_pkcs7_signed)
- mdalgs = p7->d.sign->md_algs;
- else
- mdalgs = NULL;
-
- return int_smime_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
- ctype_nid, NID_undef, mdalgs,
- pk7_output_data,
- ASN1_ITEM_rptr(PKCS7));
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_mime.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs7/pk7_mime.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_mime.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_mime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,123 @@
+/* pk7_mime.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+/* PKCS#7 wrappers round generalised MIME routines */
+
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
+{
+ return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
+}
+
+/* Callback for int_smime_write_ASN1 */
+
+static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+ const ASN1_ITEM *it)
+{
+ PKCS7 *p7 = (PKCS7 *)val;
+ BIO *tmpbio, *p7bio;
+
+ if (!(flags & SMIME_DETACHED)) {
+ SMIME_crlf_copy(data, out, flags);
+ return 1;
+ }
+
+ /* Let PKCS7 code prepend any needed BIOs */
+
+ p7bio = PKCS7_dataInit(p7, out);
+
+ if (!p7bio)
+ return 0;
+
+ /* Copy data across, passing through filter BIOs for processing */
+ SMIME_crlf_copy(data, p7bio, flags);
+
+ /* Finalize structure */
+ if (PKCS7_dataFinal(p7, p7bio) <= 0)
+ goto err;
+
+ err:
+
+ /* Now remove any digests prepended to the BIO */
+
+ while (p7bio != out) {
+ tmpbio = BIO_pop(p7bio);
+ BIO_free(p7bio);
+ p7bio = tmpbio;
+ }
+
+ return 1;
+
+}
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+{
+ STACK_OF(X509_ALGOR) *mdalgs;
+ int ctype_nid = OBJ_obj2nid(p7->type);
+ if (ctype_nid == NID_pkcs7_signed)
+ mdalgs = p7->d.sign->md_algs;
+ else
+ mdalgs = NULL;
+
+ return int_smime_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
+ ctype_nid, NID_undef, mdalgs,
+ pk7_output_data, ASN1_ITEM_rptr(PKCS7));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_smime.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs7/pk7_smime.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_smime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,519 +0,0 @@
-/* pk7_smime.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* Simple PKCS#7 processing functions */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
- BIO *data, int flags)
-{
- PKCS7 *p7 = NULL;
- PKCS7_SIGNER_INFO *si;
- BIO *p7bio = NULL;
- STACK_OF(X509_ALGOR) *smcap = NULL;
- int i;
-
- if(!X509_check_private_key(signcert, pkey)) {
- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
- return NULL;
- }
-
- if(!(p7 = PKCS7_new())) {
- PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- if (!PKCS7_set_type(p7, NID_pkcs7_signed))
- goto err;
-
- if (!PKCS7_content_new(p7, NID_pkcs7_data))
- goto err;
-
- if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
- goto err;
- }
-
- if(!(flags & PKCS7_NOCERTS)) {
- if (!PKCS7_add_certificate(p7, signcert))
- goto err;
- if(certs) for(i = 0; i < sk_X509_num(certs); i++)
- if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
- goto err;
- }
-
- if(!(flags & PKCS7_NOATTR)) {
- if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
- V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)))
- goto err;
- /* Add SMIMECapabilities */
- if(!(flags & PKCS7_NOSMIMECAP))
- {
- if(!(smcap = sk_X509_ALGOR_new_null())) {
- PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-#ifndef OPENSSL_NO_DES
- if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1))
- goto err;
-#endif
-#ifndef OPENSSL_NO_RC2
- if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128))
- goto err;
- if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64))
- goto err;
-#endif
-#ifndef OPENSSL_NO_DES
- if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1))
- goto err;
-#endif
-#ifndef OPENSSL_NO_RC2
- if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40))
- goto err;
-#endif
- if (!PKCS7_add_attrib_smimecap (si, smcap))
- goto err;
- sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
- smcap = NULL;
- }
- }
-
- if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
-
- if (flags & PKCS7_STREAM)
- return p7;
-
-
- if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
- PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- SMIME_crlf_copy(data, p7bio, flags);
-
-
- if (!PKCS7_dataFinal(p7,p7bio)) {
- PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
- goto err;
- }
-
- BIO_free_all(p7bio);
- return p7;
-err:
- sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
- BIO_free_all(p7bio);
- PKCS7_free(p7);
- return NULL;
-}
-
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
- BIO *indata, BIO *out, int flags)
-{
- STACK_OF(X509) *signers;
- X509 *signer;
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
- PKCS7_SIGNER_INFO *si;
- X509_STORE_CTX cert_ctx;
- char buf[4096];
- int i, j=0, k, ret = 0;
- BIO *p7bio;
- BIO *tmpin, *tmpout;
-
- if(!p7) {
- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
- return 0;
- }
-
- if(!PKCS7_type_is_signed(p7)) {
- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
- return 0;
- }
-
- /* Check for no data and no content: no data to verify signature */
- if(PKCS7_get_detached(p7) && !indata) {
- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
- return 0;
- }
-#if 0
- /* NB: this test commented out because some versions of Netscape
- * illegally include zero length content when signing data.
- */
-
- /* Check for data and content: two sets of data */
- if(!PKCS7_get_detached(p7) && indata) {
- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
- return 0;
- }
-#endif
-
- sinfos = PKCS7_get_signer_info(p7);
-
- if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
- return 0;
- }
-
-
- signers = PKCS7_get0_signers(p7, certs, flags);
-
- if(!signers) return 0;
-
- /* Now verify the certificates */
-
- if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
- signer = sk_X509_value (signers, k);
- if (!(flags & PKCS7_NOCHAIN)) {
- if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
- p7->d.sign->cert))
- {
- PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
- sk_X509_free(signers);
- return 0;
- }
- X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
- } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
- PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
- sk_X509_free(signers);
- return 0;
- }
- if (!(flags & PKCS7_NOCRL))
- X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
- i = X509_verify_cert(&cert_ctx);
- if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
- X509_STORE_CTX_cleanup(&cert_ctx);
- if (i <= 0) {
- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
- ERR_add_error_data(2, "Verify error:",
- X509_verify_cert_error_string(j));
- sk_X509_free(signers);
- return 0;
- }
- /* Check for revocation status here */
- }
-
- /* Performance optimization: if the content is a memory BIO then
- * store its contents in a temporary read only memory BIO. This
- * avoids potentially large numbers of slow copies of data which will
- * occur when reading from a read write memory BIO when signatures
- * are calculated.
- */
-
- if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
- {
- char *ptr;
- long len;
- len = BIO_get_mem_data(indata, &ptr);
- tmpin = BIO_new_mem_buf(ptr, len);
- if (tmpin == NULL)
- {
- PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- else
- tmpin = indata;
-
-
- if (!(p7bio=PKCS7_dataInit(p7,tmpin)))
- goto err;
-
- if(flags & PKCS7_TEXT) {
- if(!(tmpout = BIO_new(BIO_s_mem()))) {
- PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- BIO_set_mem_eof_return(tmpout, 0);
- } else tmpout = out;
-
- /* We now have to 'read' from p7bio to calculate digests etc. */
- for (;;)
- {
- i=BIO_read(p7bio,buf,sizeof(buf));
- if (i <= 0) break;
- if (tmpout) BIO_write(tmpout, buf, i);
- }
-
- if(flags & PKCS7_TEXT) {
- if(!SMIME_text(tmpout, out)) {
- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
- BIO_free(tmpout);
- goto err;
- }
- BIO_free(tmpout);
- }
-
- /* Now Verify All Signatures */
- if (!(flags & PKCS7_NOSIGS))
- for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
- {
- si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
- signer = sk_X509_value (signers, i);
- j=PKCS7_signatureVerify(p7bio,p7,si, signer);
- if (j <= 0) {
- PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
- goto err;
- }
- }
-
- ret = 1;
-
- err:
-
- if (tmpin == indata)
- {
- if (indata) BIO_pop(p7bio);
- }
- BIO_free_all(p7bio);
-
- sk_X509_free(signers);
-
- return ret;
-}
-
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
-{
- STACK_OF(X509) *signers;
- STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
- PKCS7_SIGNER_INFO *si;
- PKCS7_ISSUER_AND_SERIAL *ias;
- X509 *signer;
- int i;
-
- if(!p7) {
- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
- return NULL;
- }
-
- if(!PKCS7_type_is_signed(p7)) {
- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
- return NULL;
- }
-
- /* Collect all the signers together */
-
- sinfos = PKCS7_get_signer_info(p7);
-
- if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
- return NULL;
- }
-
- if(!(signers = sk_X509_new_null())) {
- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
- {
- si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
- ias = si->issuer_and_serial;
- signer = NULL;
- /* If any certificates passed they take priority */
- if (certs) signer = X509_find_by_issuer_and_serial (certs,
- ias->issuer, ias->serial);
- if (!signer && !(flags & PKCS7_NOINTERN)
- && p7->d.sign->cert) signer =
- X509_find_by_issuer_and_serial (p7->d.sign->cert,
- ias->issuer, ias->serial);
- if (!signer) {
- PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
- sk_X509_free(signers);
- return NULL;
- }
-
- if (!sk_X509_push(signers, signer)) {
- sk_X509_free(signers);
- return NULL;
- }
- }
- return signers;
-}
-
-
-/* Build a complete PKCS#7 enveloped data */
-
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
- int flags)
-{
- PKCS7 *p7;
- BIO *p7bio = NULL;
- int i;
- X509 *x509;
- if(!(p7 = PKCS7_new())) {
- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
- goto err;
- if(!PKCS7_set_cipher(p7, cipher)) {
- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
- goto err;
- }
-
- for(i = 0; i < sk_X509_num(certs); i++) {
- x509 = sk_X509_value(certs, i);
- if(!PKCS7_add_recipient(p7, x509)) {
- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
- PKCS7_R_ERROR_ADDING_RECIPIENT);
- goto err;
- }
- }
-
- if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- SMIME_crlf_copy(in, p7bio, flags);
-
- (void)BIO_flush(p7bio);
-
- if (!PKCS7_dataFinal(p7,p7bio)) {
- PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
- goto err;
- }
- BIO_free_all(p7bio);
-
- return p7;
-
- err:
-
- BIO_free_all(p7bio);
- PKCS7_free(p7);
- return NULL;
-
-}
-
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
-{
- BIO *tmpmem;
- int ret, i;
- char buf[4096];
-
- if(!p7) {
- PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
- return 0;
- }
-
- if(!PKCS7_type_is_enveloped(p7)) {
- PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
- return 0;
- }
-
- if(cert && !X509_check_private_key(cert, pkey)) {
- PKCS7err(PKCS7_F_PKCS7_DECRYPT,
- PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
- return 0;
- }
-
- if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
- PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
- return 0;
- }
-
- if (flags & PKCS7_TEXT) {
- BIO *tmpbuf, *bread;
- /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
- if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
- PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
- BIO_free_all(tmpmem);
- return 0;
- }
- if(!(bread = BIO_push(tmpbuf, tmpmem))) {
- PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
- BIO_free_all(tmpbuf);
- BIO_free_all(tmpmem);
- return 0;
- }
- ret = SMIME_text(bread, data);
- if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
- {
- if (!BIO_get_cipher_status(tmpmem))
- ret = 0;
- }
- BIO_free_all(bread);
- return ret;
- } else {
- for(;;) {
- i = BIO_read(tmpmem, buf, sizeof(buf));
- if(i <= 0)
- {
- ret = 1;
- if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
- {
- if (!BIO_get_cipher_status(tmpmem))
- ret = 0;
- }
-
- break;
- }
- if (BIO_write(data, buf, i) != i)
- {
- ret = 0;
- break;
- }
- }
- BIO_free_all(tmpmem);
- return ret;
- }
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_smime.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs7/pk7_smime.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_smime.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pk7_smime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,518 @@
+/* pk7_smime.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* Simple PKCS#7 processing functions */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ BIO *data, int flags)
+{
+ PKCS7 *p7 = NULL;
+ PKCS7_SIGNER_INFO *si;
+ BIO *p7bio = NULL;
+ STACK_OF(X509_ALGOR) *smcap = NULL;
+ int i;
+
+ if (!X509_check_private_key(signcert, pkey)) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,
+ PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+ return NULL;
+ }
+
+ if (!(p7 = PKCS7_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ if (!PKCS7_set_type(p7, NID_pkcs7_signed))
+ goto err;
+
+ if (!PKCS7_content_new(p7, NID_pkcs7_data))
+ goto err;
+
+ if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+ goto err;
+ }
+
+ if (!(flags & PKCS7_NOCERTS)) {
+ if (!PKCS7_add_certificate(p7, signcert))
+ goto err;
+ if (certs)
+ for (i = 0; i < sk_X509_num(certs); i++)
+ if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
+ goto err;
+ }
+
+ if (!(flags & PKCS7_NOATTR)) {
+ if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+ V_ASN1_OBJECT,
+ OBJ_nid2obj(NID_pkcs7_data)))
+ goto err;
+ /* Add SMIMECapabilities */
+ if (!(flags & PKCS7_NOSMIMECAP)) {
+ if (!(smcap = sk_X509_ALGOR_new_null())) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+#ifndef OPENSSL_NO_DES
+ if (!PKCS7_simple_smimecap(smcap, NID_des_ede3_cbc, -1))
+ goto err;
+#endif
+#ifndef OPENSSL_NO_RC2
+ if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 128))
+ goto err;
+ if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 64))
+ goto err;
+#endif
+#ifndef OPENSSL_NO_DES
+ if (!PKCS7_simple_smimecap(smcap, NID_des_cbc, -1))
+ goto err;
+#endif
+#ifndef OPENSSL_NO_RC2
+ if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 40))
+ goto err;
+#endif
+ if (!PKCS7_add_attrib_smimecap(si, smcap))
+ goto err;
+ sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+ smcap = NULL;
+ }
+ }
+
+ if (flags & PKCS7_DETACHED)
+ PKCS7_set_detached(p7, 1);
+
+ if (flags & PKCS7_STREAM)
+ return p7;
+
+ if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ SMIME_crlf_copy(data, p7bio, flags);
+
+ if (!PKCS7_dataFinal(p7, p7bio)) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_DATASIGN);
+ goto err;
+ }
+
+ BIO_free_all(p7bio);
+ return p7;
+ err:
+ sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+ BIO_free_all(p7bio);
+ PKCS7_free(p7);
+ return NULL;
+}
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+ BIO *indata, BIO *out, int flags)
+{
+ STACK_OF(X509) *signers;
+ X509 *signer;
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ X509_STORE_CTX cert_ctx;
+ char buf[4096];
+ int i, j = 0, k, ret = 0;
+ BIO *p7bio;
+ BIO *tmpin, *tmpout;
+
+ if (!p7) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
+ return 0;
+ }
+
+ if (!PKCS7_type_is_signed(p7)) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE);
+ return 0;
+ }
+
+ /* Check for no data and no content: no data to verify signature */
+ if (PKCS7_get_detached(p7) && !indata) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
+ return 0;
+ }
+#if 0
+ /*
+ * NB: this test commented out because some versions of Netscape
+ * illegally include zero length content when signing data.
+ */
+
+ /* Check for data and content: two sets of data */
+ if (!PKCS7_get_detached(p7) && indata) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
+ return 0;
+ }
+#endif
+
+ sinfos = PKCS7_get_signer_info(p7);
+
+ if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA);
+ return 0;
+ }
+
+ signers = PKCS7_get0_signers(p7, certs, flags);
+
+ if (!signers)
+ return 0;
+
+ /* Now verify the certificates */
+
+ if (!(flags & PKCS7_NOVERIFY))
+ for (k = 0; k < sk_X509_num(signers); k++) {
+ signer = sk_X509_value(signers, k);
+ if (!(flags & PKCS7_NOCHAIN)) {
+ if (!X509_STORE_CTX_init(&cert_ctx, store, signer,
+ p7->d.sign->cert)) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
+ sk_X509_free(signers);
+ return 0;
+ }
+ X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
+ } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
+ sk_X509_free(signers);
+ return 0;
+ }
+ if (!(flags & PKCS7_NOCRL))
+ X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
+ i = X509_verify_cert(&cert_ctx);
+ if (i <= 0)
+ j = X509_STORE_CTX_get_error(&cert_ctx);
+ X509_STORE_CTX_cleanup(&cert_ctx);
+ if (i <= 0) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,
+ PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+ ERR_add_error_data(2, "Verify error:",
+ X509_verify_cert_error_string(j));
+ sk_X509_free(signers);
+ return 0;
+ }
+ /* Check for revocation status here */
+ }
+
+ /*
+ * Performance optimization: if the content is a memory BIO then store
+ * its contents in a temporary read only memory BIO. This avoids
+ * potentially large numbers of slow copies of data which will occur when
+ * reading from a read write memory BIO when signatures are calculated.
+ */
+
+ if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
+ char *ptr;
+ long len;
+ len = BIO_get_mem_data(indata, &ptr);
+ tmpin = BIO_new_mem_buf(ptr, len);
+ if (tmpin == NULL) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ } else
+ tmpin = indata;
+
+ if (!(p7bio = PKCS7_dataInit(p7, tmpin)))
+ goto err;
+
+ if (flags & PKCS7_TEXT) {
+ if (!(tmpout = BIO_new(BIO_s_mem()))) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ BIO_set_mem_eof_return(tmpout, 0);
+ } else
+ tmpout = out;
+
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+ for (;;) {
+ i = BIO_read(p7bio, buf, sizeof(buf));
+ if (i <= 0)
+ break;
+ if (tmpout)
+ BIO_write(tmpout, buf, i);
+ }
+
+ if (flags & PKCS7_TEXT) {
+ if (!SMIME_text(tmpout, out)) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SMIME_TEXT_ERROR);
+ BIO_free(tmpout);
+ goto err;
+ }
+ BIO_free(tmpout);
+ }
+
+ /* Now Verify All Signatures */
+ if (!(flags & PKCS7_NOSIGS))
+ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+ si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+ signer = sk_X509_value(signers, i);
+ j = PKCS7_signatureVerify(p7bio, p7, si, signer);
+ if (j <= 0) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SIGNATURE_FAILURE);
+ goto err;
+ }
+ }
+
+ ret = 1;
+
+ err:
+
+ if (tmpin == indata) {
+ if (indata)
+ BIO_pop(p7bio);
+ }
+ BIO_free_all(p7bio);
+
+ sk_X509_free(signers);
+
+ return ret;
+}
+
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
+ int flags)
+{
+ STACK_OF(X509) *signers;
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ PKCS7_ISSUER_AND_SERIAL *ias;
+ X509 *signer;
+ int i;
+
+ if (!p7) {
+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_INVALID_NULL_POINTER);
+ return NULL;
+ }
+
+ if (!PKCS7_type_is_signed(p7)) {
+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_WRONG_CONTENT_TYPE);
+ return NULL;
+ }
+
+ /* Collect all the signers together */
+
+ sinfos = PKCS7_get_signer_info(p7);
+
+ if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS);
+ return NULL;
+ }
+
+ if (!(signers = sk_X509_new_null())) {
+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+ si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+ ias = si->issuer_and_serial;
+ signer = NULL;
+ /* If any certificates passed they take priority */
+ if (certs)
+ signer = X509_find_by_issuer_and_serial(certs,
+ ias->issuer, ias->serial);
+ if (!signer && !(flags & PKCS7_NOINTERN)
+ && p7->d.sign->cert)
+ signer =
+ X509_find_by_issuer_and_serial(p7->d.sign->cert,
+ ias->issuer, ias->serial);
+ if (!signer) {
+ PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
+ PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+ sk_X509_free(signers);
+ return NULL;
+ }
+
+ if (!sk_X509_push(signers, signer)) {
+ sk_X509_free(signers);
+ return NULL;
+ }
+ }
+ return signers;
+}
+
+/* Build a complete PKCS#7 enveloped data */
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+ int flags)
+{
+ PKCS7 *p7;
+ BIO *p7bio = NULL;
+ int i;
+ X509 *x509;
+ if (!(p7 = PKCS7_new())) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
+ goto err;
+ if (!PKCS7_set_cipher(p7, cipher)) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER);
+ goto err;
+ }
+
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x509 = sk_X509_value(certs, i);
+ if (!PKCS7_add_recipient(p7, x509)) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_ADDING_RECIPIENT);
+ goto err;
+ }
+ }
+
+ if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ SMIME_crlf_copy(in, p7bio, flags);
+
+ (void)BIO_flush(p7bio);
+
+ if (!PKCS7_dataFinal(p7, p7bio)) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_PKCS7_DATAFINAL_ERROR);
+ goto err;
+ }
+ BIO_free_all(p7bio);
+
+ return p7;
+
+ err:
+
+ BIO_free_all(p7bio);
+ PKCS7_free(p7);
+ return NULL;
+
+}
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
+{
+ BIO *tmpmem;
+ int ret, i;
+ char buf[4096];
+
+ if (!p7) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
+ return 0;
+ }
+
+ if (!PKCS7_type_is_enveloped(p7)) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE);
+ return 0;
+ }
+
+ if (cert && !X509_check_private_key(cert, pkey)) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT,
+ PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+ return 0;
+ }
+
+ if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
+ return 0;
+ }
+
+ if (flags & PKCS7_TEXT) {
+ BIO *tmpbuf, *bread;
+ /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
+ if (!(tmpbuf = BIO_new(BIO_f_buffer()))) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+ BIO_free_all(tmpmem);
+ return 0;
+ }
+ if (!(bread = BIO_push(tmpbuf, tmpmem))) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+ BIO_free_all(tmpbuf);
+ BIO_free_all(tmpmem);
+ return 0;
+ }
+ ret = SMIME_text(bread, data);
+ if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
+ if (!BIO_get_cipher_status(tmpmem))
+ ret = 0;
+ }
+ BIO_free_all(bread);
+ return ret;
+ } else {
+ for (;;) {
+ i = BIO_read(tmpmem, buf, sizeof(buf));
+ if (i <= 0) {
+ ret = 1;
+ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
+ if (!BIO_get_cipher_status(tmpmem))
+ ret = 0;
+ }
+
+ break;
+ }
+ if (BIO_write(data, buf, i) != i) {
+ ret = 0;
+ break;
+ }
+ }
+ BIO_free_all(tmpmem);
+ return ret;
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs7/pkcs7.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,464 +0,0 @@
-/* crypto/pkcs7/pkcs7.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_PKCS7_H
-#define HEADER_PKCS7_H
-
-#include <openssl/asn1.h>
-#include <openssl/bio.h>
-#include <openssl/e_os2.h>
-
-#include <openssl/symhacks.h>
-#include <openssl/ossl_typ.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
-/* Under Win32 thes are defined in wincrypt.h */
-#undef PKCS7_ISSUER_AND_SERIAL
-#undef PKCS7_SIGNER_INFO
-#endif
-
-/*
-Encryption_ID DES-CBC
-Digest_ID MD5
-Digest_Encryption_ID rsaEncryption
-Key_Encryption_ID rsaEncryption
-*/
-
-typedef struct pkcs7_issuer_and_serial_st
- {
- X509_NAME *issuer;
- ASN1_INTEGER *serial;
- } PKCS7_ISSUER_AND_SERIAL;
-
-typedef struct pkcs7_signer_info_st
- {
- ASN1_INTEGER *version; /* version 1 */
- PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
- X509_ALGOR *digest_alg;
- STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */
- X509_ALGOR *digest_enc_alg;
- ASN1_OCTET_STRING *enc_digest;
- STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */
-
- /* The private key to sign with */
- EVP_PKEY *pkey;
- } PKCS7_SIGNER_INFO;
-
-DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
-DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
-
-typedef struct pkcs7_recip_info_st
- {
- ASN1_INTEGER *version; /* version 0 */
- PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
- X509_ALGOR *key_enc_algor;
- ASN1_OCTET_STRING *enc_key;
- X509 *cert; /* get the pub-key from this */
- } PKCS7_RECIP_INFO;
-
-DECLARE_STACK_OF(PKCS7_RECIP_INFO)
-DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
-
-typedef struct pkcs7_signed_st
- {
- ASN1_INTEGER *version; /* version 1 */
- STACK_OF(X509_ALGOR) *md_algs; /* md used */
- STACK_OF(X509) *cert; /* [ 0 ] */
- STACK_OF(X509_CRL) *crl; /* [ 1 ] */
- STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
-
- struct pkcs7_st *contents;
- } PKCS7_SIGNED;
-/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE.
- * How about merging the two */
-
-typedef struct pkcs7_enc_content_st
- {
- ASN1_OBJECT *content_type;
- X509_ALGOR *algorithm;
- ASN1_OCTET_STRING *enc_data; /* [ 0 ] */
- const EVP_CIPHER *cipher;
- } PKCS7_ENC_CONTENT;
-
-typedef struct pkcs7_enveloped_st
- {
- ASN1_INTEGER *version; /* version 0 */
- STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
- PKCS7_ENC_CONTENT *enc_data;
- } PKCS7_ENVELOPE;
-
-typedef struct pkcs7_signedandenveloped_st
- {
- ASN1_INTEGER *version; /* version 1 */
- STACK_OF(X509_ALGOR) *md_algs; /* md used */
- STACK_OF(X509) *cert; /* [ 0 ] */
- STACK_OF(X509_CRL) *crl; /* [ 1 ] */
- STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
-
- PKCS7_ENC_CONTENT *enc_data;
- STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
- } PKCS7_SIGN_ENVELOPE;
-
-typedef struct pkcs7_digest_st
- {
- ASN1_INTEGER *version; /* version 0 */
- X509_ALGOR *md; /* md used */
- struct pkcs7_st *contents;
- ASN1_OCTET_STRING *digest;
- } PKCS7_DIGEST;
-
-typedef struct pkcs7_encrypted_st
- {
- ASN1_INTEGER *version; /* version 0 */
- PKCS7_ENC_CONTENT *enc_data;
- } PKCS7_ENCRYPT;
-
-typedef struct pkcs7_st
- {
- /* The following is non NULL if it contains ASN1 encoding of
- * this structure */
- unsigned char *asn1;
- long length;
-
-#define PKCS7_S_HEADER 0
-#define PKCS7_S_BODY 1
-#define PKCS7_S_TAIL 2
- int state; /* used during processing */
-
- int detached;
-
- ASN1_OBJECT *type;
- /* content as defined by the type */
- /* all encryption/message digests are applied to the 'contents',
- * leaving out the 'type' field. */
- union {
- char *ptr;
-
- /* NID_pkcs7_data */
- ASN1_OCTET_STRING *data;
-
- /* NID_pkcs7_signed */
- PKCS7_SIGNED *sign;
-
- /* NID_pkcs7_enveloped */
- PKCS7_ENVELOPE *enveloped;
-
- /* NID_pkcs7_signedAndEnveloped */
- PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
-
- /* NID_pkcs7_digest */
- PKCS7_DIGEST *digest;
-
- /* NID_pkcs7_encrypted */
- PKCS7_ENCRYPT *encrypted;
-
- /* Anything else */
- ASN1_TYPE *other;
- } d;
- } PKCS7;
-
-DECLARE_STACK_OF(PKCS7)
-DECLARE_ASN1_SET_OF(PKCS7)
-DECLARE_PKCS12_STACK_OF(PKCS7)
-
-#define PKCS7_OP_SET_DETACHED_SIGNATURE 1
-#define PKCS7_OP_GET_DETACHED_SIGNATURE 2
-
-#define PKCS7_get_signed_attributes(si) ((si)->auth_attr)
-#define PKCS7_get_attributes(si) ((si)->unauth_attr)
-
-#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
-#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
-#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
-#define PKCS7_type_is_signedAndEnveloped(a) \
- (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
-#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
-
-#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
-
-#define PKCS7_set_detached(p,v) \
- PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
-#define PKCS7_get_detached(p) \
- PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
-
-#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
-
-#ifdef SSLEAY_MACROS
-#ifndef PKCS7_ISSUER_AND_SERIAL_digest
-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
- ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
- (char *)data,md,len)
-#endif
-#endif
-
-/* S/MIME related flags */
-
-#define PKCS7_TEXT 0x1
-#define PKCS7_NOCERTS 0x2
-#define PKCS7_NOSIGS 0x4
-#define PKCS7_NOCHAIN 0x8
-#define PKCS7_NOINTERN 0x10
-#define PKCS7_NOVERIFY 0x20
-#define PKCS7_DETACHED 0x40
-#define PKCS7_BINARY 0x80
-#define PKCS7_NOATTR 0x100
-#define PKCS7_NOSMIMECAP 0x200
-#define PKCS7_NOOLDMIMETYPE 0x400
-#define PKCS7_CRLFEOL 0x800
-#define PKCS7_STREAM 0x1000
-#define PKCS7_NOCRL 0x2000
-
-/* Flags: for compatibility with older code */
-
-#define SMIME_TEXT PKCS7_TEXT
-#define SMIME_NOCERTS PKCS7_NOCERTS
-#define SMIME_NOSIGS PKCS7_NOSIGS
-#define SMIME_NOCHAIN PKCS7_NOCHAIN
-#define SMIME_NOINTERN PKCS7_NOINTERN
-#define SMIME_NOVERIFY PKCS7_NOVERIFY
-#define SMIME_DETACHED PKCS7_DETACHED
-#define SMIME_BINARY PKCS7_BINARY
-#define SMIME_NOATTR PKCS7_NOATTR
-
-DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
-
-#ifndef SSLEAY_MACROS
-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,
- unsigned char *md,unsigned int *len);
-#ifndef OPENSSL_NO_FP_API
-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
-int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
-#endif
-PKCS7 *PKCS7_dup(PKCS7 *p7);
-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
-int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
-#endif
-
-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
-DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)
-DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
-DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
-DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
-DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
-DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
-DECLARE_ASN1_FUNCTIONS(PKCS7)
-
-DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
-DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
-
-DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
-
-long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
-
-int PKCS7_set_type(PKCS7 *p7, int type);
-int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
-int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
-int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
- const EVP_MD *dgst);
-int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
-int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
-int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
-int PKCS7_content_new(PKCS7 *p7, int nid);
-int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
- BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
-int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
- X509 *x509);
-
-BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
-int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
-
-
-PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
- EVP_PKEY *pkey, const EVP_MD *dgst);
-X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
-int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
-STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
-
-PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
-int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
-int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
-int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
-
-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
-int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
- void *data);
-int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
- void *value);
-ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
-ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
- STACK_OF(X509_ATTRIBUTE) *sk);
-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
-
-
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
- BIO *data, int flags);
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
- BIO *indata, BIO *out, int flags);
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
- int flags);
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
-
-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
- STACK_OF(X509_ALGOR) *cap);
-STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
-int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
-
-int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
-PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
-int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
-int SMIME_text(BIO *in, BIO *out);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_PKCS7_strings(void);
-
-/* Error codes for the PKCS7 functions. */
-
-/* Function codes. */
-#define PKCS7_F_B64_READ_PKCS7 120
-#define PKCS7_F_B64_WRITE_PKCS7 121
-#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118
-#define PKCS7_F_PKCS7_ADD_CERTIFICATE 100
-#define PKCS7_F_PKCS7_ADD_CRL 101
-#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102
-#define PKCS7_F_PKCS7_ADD_SIGNER 103
-#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125
-#define PKCS7_F_PKCS7_CTRL 104
-#define PKCS7_F_PKCS7_DATADECODE 112
-#define PKCS7_F_PKCS7_DATAFINAL 128
-#define PKCS7_F_PKCS7_DATAINIT 105
-#define PKCS7_F_PKCS7_DATASIGN 106
-#define PKCS7_F_PKCS7_DATAVERIFY 107
-#define PKCS7_F_PKCS7_DECRYPT 114
-#define PKCS7_F_PKCS7_ENCRYPT 115
-#define PKCS7_F_PKCS7_FIND_DIGEST 127
-#define PKCS7_F_PKCS7_GET0_SIGNERS 124
-#define PKCS7_F_PKCS7_SET_CIPHER 108
-#define PKCS7_F_PKCS7_SET_CONTENT 109
-#define PKCS7_F_PKCS7_SET_DIGEST 126
-#define PKCS7_F_PKCS7_SET_TYPE 110
-#define PKCS7_F_PKCS7_SIGN 116
-#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113
-#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119
-#define PKCS7_F_PKCS7_VERIFY 117
-#define PKCS7_F_SMIME_READ_PKCS7 122
-#define PKCS7_F_SMIME_TEXT 123
-
-/* Reason codes. */
-#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117
-#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144
-#define PKCS7_R_CIPHER_NOT_INITIALIZED 116
-#define PKCS7_R_CONTENT_AND_DATA_PRESENT 118
-#define PKCS7_R_DECODE_ERROR 130
-#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100
-#define PKCS7_R_DECRYPT_ERROR 119
-#define PKCS7_R_DIGEST_FAILURE 101
-#define PKCS7_R_ERROR_ADDING_RECIPIENT 120
-#define PKCS7_R_ERROR_SETTING_CIPHER 121
-#define PKCS7_R_INVALID_MIME_TYPE 131
-#define PKCS7_R_INVALID_NULL_POINTER 143
-#define PKCS7_R_MIME_NO_CONTENT_TYPE 132
-#define PKCS7_R_MIME_PARSE_ERROR 133
-#define PKCS7_R_MIME_SIG_PARSE_ERROR 134
-#define PKCS7_R_MISSING_CERIPEND_INFO 103
-#define PKCS7_R_NO_CONTENT 122
-#define PKCS7_R_NO_CONTENT_TYPE 135
-#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136
-#define PKCS7_R_NO_MULTIPART_BOUNDARY 137
-#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115
-#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146
-#define PKCS7_R_NO_SIGNATURES_ON_DATA 123
-#define PKCS7_R_NO_SIGNERS 142
-#define PKCS7_R_NO_SIG_CONTENT_TYPE 138
-#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104
-#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124
-#define PKCS7_R_PKCS7_DATAFINAL 126
-#define PKCS7_R_PKCS7_DATAFINAL_ERROR 125
-#define PKCS7_R_PKCS7_DATASIGN 145
-#define PKCS7_R_PKCS7_PARSE_ERROR 139
-#define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140
-#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127
-#define PKCS7_R_SIGNATURE_FAILURE 105
-#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128
-#define PKCS7_R_SIG_INVALID_MIME_TYPE 141
-#define PKCS7_R_SMIME_TEXT_ERROR 129
-#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106
-#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107
-#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108
-#define PKCS7_R_UNKNOWN_DIGEST_TYPE 109
-#define PKCS7_R_UNKNOWN_OPERATION 110
-#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111
-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112
-#define PKCS7_R_WRONG_CONTENT_TYPE 113
-#define PKCS7_R_WRONG_PKCS7_TYPE 114
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7.h (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs7/pkcs7.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,450 @@
+/* crypto/pkcs7/pkcs7.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_PKCS7_H
+# define HEADER_PKCS7_H
+
+# include <openssl/asn1.h>
+# include <openssl/bio.h>
+# include <openssl/e_os2.h>
+
+# include <openssl/symhacks.h>
+# include <openssl/ossl_typ.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifdef OPENSSL_SYS_WIN32
+/* Under Win32 thes are defined in wincrypt.h */
+# undef PKCS7_ISSUER_AND_SERIAL
+# undef PKCS7_SIGNER_INFO
+# endif
+
+/*-
+Encryption_ID DES-CBC
+Digest_ID MD5
+Digest_Encryption_ID rsaEncryption
+Key_Encryption_ID rsaEncryption
+*/
+
+typedef struct pkcs7_issuer_and_serial_st {
+ X509_NAME *issuer;
+ ASN1_INTEGER *serial;
+} PKCS7_ISSUER_AND_SERIAL;
+
+typedef struct pkcs7_signer_info_st {
+ ASN1_INTEGER *version; /* version 1 */
+ PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
+ X509_ALGOR *digest_alg;
+ STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */
+ X509_ALGOR *digest_enc_alg;
+ ASN1_OCTET_STRING *enc_digest;
+ STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */
+ /* The private key to sign with */
+ EVP_PKEY *pkey;
+} PKCS7_SIGNER_INFO;
+
+DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
+
+typedef struct pkcs7_recip_info_st {
+ ASN1_INTEGER *version; /* version 0 */
+ PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
+ X509_ALGOR *key_enc_algor;
+ ASN1_OCTET_STRING *enc_key;
+ X509 *cert; /* get the pub-key from this */
+} PKCS7_RECIP_INFO;
+
+DECLARE_STACK_OF(PKCS7_RECIP_INFO)
+DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
+
+typedef struct pkcs7_signed_st {
+ ASN1_INTEGER *version; /* version 1 */
+ STACK_OF(X509_ALGOR) *md_algs; /* md used */
+ STACK_OF(X509) *cert; /* [ 0 ] */
+ STACK_OF(X509_CRL) *crl; /* [ 1 ] */
+ STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
+ struct pkcs7_st *contents;
+} PKCS7_SIGNED;
+/*
+ * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about
+ * merging the two
+ */
+
+typedef struct pkcs7_enc_content_st {
+ ASN1_OBJECT *content_type;
+ X509_ALGOR *algorithm;
+ ASN1_OCTET_STRING *enc_data; /* [ 0 ] */
+ const EVP_CIPHER *cipher;
+} PKCS7_ENC_CONTENT;
+
+typedef struct pkcs7_enveloped_st {
+ ASN1_INTEGER *version; /* version 0 */
+ STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
+ PKCS7_ENC_CONTENT *enc_data;
+} PKCS7_ENVELOPE;
+
+typedef struct pkcs7_signedandenveloped_st {
+ ASN1_INTEGER *version; /* version 1 */
+ STACK_OF(X509_ALGOR) *md_algs; /* md used */
+ STACK_OF(X509) *cert; /* [ 0 ] */
+ STACK_OF(X509_CRL) *crl; /* [ 1 ] */
+ STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
+ PKCS7_ENC_CONTENT *enc_data;
+ STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
+} PKCS7_SIGN_ENVELOPE;
+
+typedef struct pkcs7_digest_st {
+ ASN1_INTEGER *version; /* version 0 */
+ X509_ALGOR *md; /* md used */
+ struct pkcs7_st *contents;
+ ASN1_OCTET_STRING *digest;
+} PKCS7_DIGEST;
+
+typedef struct pkcs7_encrypted_st {
+ ASN1_INTEGER *version; /* version 0 */
+ PKCS7_ENC_CONTENT *enc_data;
+} PKCS7_ENCRYPT;
+
+typedef struct pkcs7_st {
+ /*
+ * The following is non NULL if it contains ASN1 encoding of this
+ * structure
+ */
+ unsigned char *asn1;
+ long length;
+# define PKCS7_S_HEADER 0
+# define PKCS7_S_BODY 1
+# define PKCS7_S_TAIL 2
+ int state; /* used during processing */
+ int detached;
+ ASN1_OBJECT *type;
+ /* content as defined by the type */
+ /*
+ * all encryption/message digests are applied to the 'contents', leaving
+ * out the 'type' field.
+ */
+ union {
+ char *ptr;
+ /* NID_pkcs7_data */
+ ASN1_OCTET_STRING *data;
+ /* NID_pkcs7_signed */
+ PKCS7_SIGNED *sign;
+ /* NID_pkcs7_enveloped */
+ PKCS7_ENVELOPE *enveloped;
+ /* NID_pkcs7_signedAndEnveloped */
+ PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
+ /* NID_pkcs7_digest */
+ PKCS7_DIGEST *digest;
+ /* NID_pkcs7_encrypted */
+ PKCS7_ENCRYPT *encrypted;
+ /* Anything else */
+ ASN1_TYPE *other;
+ } d;
+} PKCS7;
+
+DECLARE_STACK_OF(PKCS7)
+DECLARE_ASN1_SET_OF(PKCS7)
+DECLARE_PKCS12_STACK_OF(PKCS7)
+
+# define PKCS7_OP_SET_DETACHED_SIGNATURE 1
+# define PKCS7_OP_GET_DETACHED_SIGNATURE 2
+
+# define PKCS7_get_signed_attributes(si) ((si)->auth_attr)
+# define PKCS7_get_attributes(si) ((si)->unauth_attr)
+
+# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
+# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
+# define PKCS7_type_is_signedAndEnveloped(a) \
+ (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
+# define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
+
+# define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
+
+# define PKCS7_set_detached(p,v) \
+ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
+# define PKCS7_get_detached(p) \
+ PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
+
+# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
+
+# ifdef SSLEAY_MACROS
+# ifndef PKCS7_ISSUER_AND_SERIAL_digest
+# define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
+ ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
+ (char *)data,md,len)
+# endif
+# endif
+
+/* S/MIME related flags */
+
+# define PKCS7_TEXT 0x1
+# define PKCS7_NOCERTS 0x2
+# define PKCS7_NOSIGS 0x4
+# define PKCS7_NOCHAIN 0x8
+# define PKCS7_NOINTERN 0x10
+# define PKCS7_NOVERIFY 0x20
+# define PKCS7_DETACHED 0x40
+# define PKCS7_BINARY 0x80
+# define PKCS7_NOATTR 0x100
+# define PKCS7_NOSMIMECAP 0x200
+# define PKCS7_NOOLDMIMETYPE 0x400
+# define PKCS7_CRLFEOL 0x800
+# define PKCS7_STREAM 0x1000
+# define PKCS7_NOCRL 0x2000
+
+/* Flags: for compatibility with older code */
+
+# define SMIME_TEXT PKCS7_TEXT
+# define SMIME_NOCERTS PKCS7_NOCERTS
+# define SMIME_NOSIGS PKCS7_NOSIGS
+# define SMIME_NOCHAIN PKCS7_NOCHAIN
+# define SMIME_NOINTERN PKCS7_NOINTERN
+# define SMIME_NOVERIFY PKCS7_NOVERIFY
+# define SMIME_DETACHED PKCS7_DETACHED
+# define SMIME_BINARY PKCS7_BINARY
+# define SMIME_NOATTR PKCS7_NOATTR
+
+DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
+
+# ifndef SSLEAY_MACROS
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+ const EVP_MD *type, unsigned char *md,
+ unsigned int *len);
+# ifndef OPENSSL_NO_FP_API
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7);
+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7);
+# endif
+PKCS7 *PKCS7_dup(PKCS7 *p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7);
+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7);
+# endif
+
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+DECLARE_ASN1_FUNCTIONS(PKCS7)
+
+DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
+DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
+
+DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
+
+int PKCS7_set_type(PKCS7 *p7, int type);
+int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+ const EVP_MD *dgst);
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_content_new(PKCS7 *p7, int nid);
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
+ BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+ X509 *x509);
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
+
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
+ EVP_PKEY *pkey, const EVP_MD *dgst);
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
+
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type,
+ void *data);
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+ void *value);
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+ STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
+ STACK_OF(X509_ATTRIBUTE) *sk);
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ BIO *data, int flags);
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+ BIO *indata, BIO *out, int flags);
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
+ int flags);
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+ int flags);
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data,
+ int flags);
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
+ STACK_OF(X509_ALGOR) *cap);
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PKCS7_strings(void);
+
+/* Error codes for the PKCS7 functions. */
+
+/* Function codes. */
+# define PKCS7_F_B64_READ_PKCS7 120
+# define PKCS7_F_B64_WRITE_PKCS7 121
+# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118
+# define PKCS7_F_PKCS7_ADD_CERTIFICATE 100
+# define PKCS7_F_PKCS7_ADD_CRL 101
+# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102
+# define PKCS7_F_PKCS7_ADD_SIGNER 103
+# define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125
+# define PKCS7_F_PKCS7_CTRL 104
+# define PKCS7_F_PKCS7_DATADECODE 112
+# define PKCS7_F_PKCS7_DATAFINAL 128
+# define PKCS7_F_PKCS7_DATAINIT 105
+# define PKCS7_F_PKCS7_DATASIGN 106
+# define PKCS7_F_PKCS7_DATAVERIFY 107
+# define PKCS7_F_PKCS7_DECRYPT 114
+# define PKCS7_F_PKCS7_ENCRYPT 115
+# define PKCS7_F_PKCS7_FIND_DIGEST 127
+# define PKCS7_F_PKCS7_GET0_SIGNERS 124
+# define PKCS7_F_PKCS7_SET_CIPHER 108
+# define PKCS7_F_PKCS7_SET_CONTENT 109
+# define PKCS7_F_PKCS7_SET_DIGEST 126
+# define PKCS7_F_PKCS7_SET_TYPE 110
+# define PKCS7_F_PKCS7_SIGN 116
+# define PKCS7_F_PKCS7_SIGNATUREVERIFY 113
+# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119
+# define PKCS7_F_PKCS7_VERIFY 117
+# define PKCS7_F_SMIME_READ_PKCS7 122
+# define PKCS7_F_SMIME_TEXT 123
+
+/* Reason codes. */
+# define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117
+# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144
+# define PKCS7_R_CIPHER_NOT_INITIALIZED 116
+# define PKCS7_R_CONTENT_AND_DATA_PRESENT 118
+# define PKCS7_R_DECODE_ERROR 130
+# define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100
+# define PKCS7_R_DECRYPT_ERROR 119
+# define PKCS7_R_DIGEST_FAILURE 101
+# define PKCS7_R_ERROR_ADDING_RECIPIENT 120
+# define PKCS7_R_ERROR_SETTING_CIPHER 121
+# define PKCS7_R_INVALID_MIME_TYPE 131
+# define PKCS7_R_INVALID_NULL_POINTER 143
+# define PKCS7_R_MIME_NO_CONTENT_TYPE 132
+# define PKCS7_R_MIME_PARSE_ERROR 133
+# define PKCS7_R_MIME_SIG_PARSE_ERROR 134
+# define PKCS7_R_MISSING_CERIPEND_INFO 103
+# define PKCS7_R_NO_CONTENT 122
+# define PKCS7_R_NO_CONTENT_TYPE 135
+# define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136
+# define PKCS7_R_NO_MULTIPART_BOUNDARY 137
+# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115
+# define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146
+# define PKCS7_R_NO_SIGNATURES_ON_DATA 123
+# define PKCS7_R_NO_SIGNERS 142
+# define PKCS7_R_NO_SIG_CONTENT_TYPE 138
+# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104
+# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124
+# define PKCS7_R_PKCS7_DATAFINAL 126
+# define PKCS7_R_PKCS7_DATAFINAL_ERROR 125
+# define PKCS7_R_PKCS7_DATASIGN 145
+# define PKCS7_R_PKCS7_PARSE_ERROR 139
+# define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140
+# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127
+# define PKCS7_R_SIGNATURE_FAILURE 105
+# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128
+# define PKCS7_R_SIG_INVALID_MIME_TYPE 141
+# define PKCS7_R_SMIME_TEXT_ERROR 129
+# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106
+# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107
+# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108
+# define PKCS7_R_UNKNOWN_DIGEST_TYPE 109
+# define PKCS7_R_UNKNOWN_OPERATION 110
+# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111
+# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112
+# define PKCS7_R_WRONG_CONTENT_TYPE 113
+# define PKCS7_R_WRONG_PKCS7_TYPE 114
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pkcs7/pkcs7err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,167 +0,0 @@
-/* crypto/pkcs7/pkcs7err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/pkcs7.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
-
-static ERR_STRING_DATA PKCS7_str_functs[]=
- {
-{ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"},
-{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
-{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"},
-{ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
-{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
-{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
-{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"},
-{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
-{ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
-{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"},
-{ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA PKCS7_str_reasons[]=
- {
-{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
-{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"},
-{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"},
-{ERR_REASON(PKCS7_R_DECODE_ERROR) ,"decode error"},
-{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"},
-{ERR_REASON(PKCS7_R_DECRYPT_ERROR) ,"decrypt error"},
-{ERR_REASON(PKCS7_R_DIGEST_FAILURE) ,"digest failure"},
-{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"},
-{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
-{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) ,"invalid mime type"},
-{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},
-{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},
-{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) ,"mime parse error"},
-{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},
-{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"},
-{ERR_REASON(PKCS7_R_NO_CONTENT) ,"no content"},
-{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) ,"no content type"},
-{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
-{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"},
-{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},
-{ERR_REASON(PKCS7_R_NO_SIGNERS) ,"no signers"},
-{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
-{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
-{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) ,"pkcs7 datafinal"},
-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
-{ERR_REASON(PKCS7_R_PKCS7_DATASIGN) ,"pkcs7 datasign"},
-{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) ,"pkcs7 parse error"},
-{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"},
-{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) ,"signature failure"},
-{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
-{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) ,"smime text error"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"},
-{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"},
-{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) ,"unknown operation"},
-{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"},
-{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
-{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) ,"wrong content type"},
-{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) ,"wrong pkcs7 type"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_PKCS7_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,PKCS7_str_functs);
- ERR_load_strings(0,PKCS7_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pkcs7/pkcs7err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pkcs7/pkcs7err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,180 @@
+/* crypto/pkcs7/pkcs7err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/pkcs7.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
+
+static ERR_STRING_DATA PKCS7_str_functs[] = {
+ {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"},
+ {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"},
+ {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),
+ "PKCS7_add_attrib_smimecap"},
+ {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
+ {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
+ {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
+ {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
+ {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"},
+ {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
+ {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
+ {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"},
+ {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
+ {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"},
+ {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
+ {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
+ {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
+ {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"},
+ {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
+ {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
+ {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
+ {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"},
+ {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
+ {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
+ {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
+ {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
+ {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
+ {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"},
+ {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA PKCS7_str_reasons[] = {
+ {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),
+ "certificate verify error"},
+ {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+ "cipher has no object identifier"},
+ {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"},
+ {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),
+ "content and data present"},
+ {ERR_REASON(PKCS7_R_DECODE_ERROR), "decode error"},
+ {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),
+ "decrypted key is wrong length"},
+ {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"},
+ {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"},
+ {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"},
+ {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"},
+ {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE), "invalid mime type"},
+ {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"},
+ {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
+ {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR), "mime parse error"},
+ {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"},
+ {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"},
+ {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"},
+ {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE), "no content type"},
+ {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),
+ "no multipart body failure"},
+ {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
+ {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),
+ "no recipient matches certificate"},
+ {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),
+ "no recipient matches key"},
+ {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"},
+ {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"},
+ {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE), "no sig content type"},
+ {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),
+ "operation not supported on this type"},
+ {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),
+ "pkcs7 add signature error"},
+ {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL), "pkcs7 datafinal"},
+ {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"},
+ {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"},
+ {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR), "pkcs7 parse error"},
+ {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"},
+ {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+ "private key does not match certificate"},
+ {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"},
+ {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),
+ "signer certificate not found"},
+ {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
+ {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"},
+ {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),
+ "unable to find certificate"},
+ {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"},
+ {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),
+ "unable to find message digest"},
+ {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE), "unknown digest type"},
+ {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION), "unknown operation"},
+ {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"},
+ {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),
+ "unsupported content type"},
+ {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE), "wrong content type"},
+ {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_PKCS7_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, PKCS7_str_functs);
+ ERR_load_strings(0, PKCS7_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_compat.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/pqueue/pq_compat.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_compat.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,152 +0,0 @@
-/* crypto/pqueue/pqueue_compat.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_PQ_COMPAT_H
-#define HEADER_PQ_COMPAT_H
-
-#include <openssl/opensslconf.h>
-#include <openssl/bn.h>
-
-/*
- * The purpose of this header file is for supporting 64-bit integer
- * manipulation on 32-bit (and lower) machines. Currently the only
- * such environment is VMS, Utrix and those with smaller default integer
- * sizes than 32 bits. For all such environment, we fall back to using
- * BIGNUM. We may need to fine tune the conditions for systems that
- * are incorrectly configured.
- *
- * The only clients of this code are (1) pqueue for priority, and
- * (2) DTLS, for sequence number manipulation.
- */
-
-#if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT)
-
-#define PQ_64BIT_IS_INTEGER 0
-#define PQ_64BIT_IS_BIGNUM 1
-
-#define PQ_64BIT BIGNUM
-#define PQ_64BIT_CTX BN_CTX
-
-#define pq_64bit_init(x) BN_init(x)
-#define pq_64bit_free(x) BN_free(x)
-
-#define pq_64bit_ctx_new(ctx) BN_CTX_new()
-#define pq_64bit_ctx_free(x) BN_CTX_free(x)
-
-#define pq_64bit_assign(x, y) BN_copy(x, y)
-#define pq_64bit_assign_word(x, y) BN_set_word(x, y)
-#define pq_64bit_gt(x, y) BN_ucmp(x, y) >= 1 ? 1 : 0
-#define pq_64bit_eq(x, y) BN_ucmp(x, y) == 0 ? 1 : 0
-#define pq_64bit_add_word(x, w) BN_add_word(x, w)
-#define pq_64bit_sub(r, x, y) BN_sub(r, x, y)
-#define pq_64bit_sub_word(x, w) BN_sub_word(x, w)
-#define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx)
-
-#define pq_64bit_bin2num(bn, bytes, len) BN_bin2bn(bytes, len, bn)
-#define pq_64bit_num2bin(bn, bytes) BN_bn2bin(bn, bytes)
-#define pq_64bit_get_word(x) BN_get_word(x)
-#define pq_64bit_is_bit_set(x, offset) BN_is_bit_set(x, offset)
-#define pq_64bit_lshift(r, x, shift) BN_lshift(r, x, shift)
-#define pq_64bit_set_bit(x, num) BN_set_bit(x, num)
-#define pq_64bit_get_length(x) BN_num_bits((x))
-
-#else
-
-#define PQ_64BIT_IS_INTEGER 1
-#define PQ_64BIT_IS_BIGNUM 0
-
-#if defined(SIXTY_FOUR_BIT)
-#define PQ_64BIT BN_ULONG
-#define PQ_64BIT_PRINT "%lld"
-#elif defined(SIXTY_FOUR_BIT_LONG)
-#define PQ_64BIT BN_ULONG
-#define PQ_64BIT_PRINT "%ld"
-#elif defined(THIRTY_TWO_BIT)
-#define PQ_64BIT BN_ULLONG
-#define PQ_64BIT_PRINT "%lld"
-#endif
-
-#define PQ_64BIT_CTX void
-
-#define pq_64bit_init(x)
-#define pq_64bit_free(x)
-#define pq_64bit_ctx_new(ctx) (ctx)
-#define pq_64bit_ctx_free(x)
-
-#define pq_64bit_assign(x, y) (*(x) = *(y))
-#define pq_64bit_assign_word(x, y) (*(x) = y)
-#define pq_64bit_gt(x, y) (*(x) > *(y))
-#define pq_64bit_eq(x, y) (*(x) == *(y))
-#define pq_64bit_add_word(x, w) (*(x) = (*(x) + (w)))
-#define pq_64bit_sub(r, x, y) (*(r) = (*(x) - *(y)))
-#define pq_64bit_sub_word(x, w) (*(x) = (*(x) - (w)))
-#define pq_64bit_mod(r, x, n, ctx)
-
-#define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num)
-#define pq_64bit_num2bin(num, bytes) long_long_to_bytes(num, bytes)
-#define pq_64bit_get_word(x) *(x)
-#define pq_64bit_lshift(r, x, shift) (*(r) = (*(x) << (shift)))
-#define pq_64bit_set_bit(x, num) do { \
- PQ_64BIT mask = 1; \
- mask = mask << (num); \
- *(x) |= mask; \
- } while(0)
-#endif /* OPENSSL_SYS_VMS */
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_compat.h (from rev 6976, vendor-crypto/openssl/dist/crypto/pqueue/pq_compat.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_compat.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_compat.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,152 @@
+/* crypto/pqueue/pqueue_compat.h */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_PQ_COMPAT_H
+# define HEADER_PQ_COMPAT_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/bn.h>
+
+/*
+ * The purpose of this header file is for supporting 64-bit integer
+ * manipulation on 32-bit (and lower) machines. Currently the only
+ * such environment is VMS, Utrix and those with smaller default integer
+ * sizes than 32 bits. For all such environment, we fall back to using
+ * BIGNUM. We may need to fine tune the conditions for systems that
+ * are incorrectly configured.
+ *
+ * The only clients of this code are (1) pqueue for priority, and
+ * (2) DTLS, for sequence number manipulation.
+ */
+
+# if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT)
+
+# define PQ_64BIT_IS_INTEGER 0
+# define PQ_64BIT_IS_BIGNUM 1
+
+# define PQ_64BIT BIGNUM
+# define PQ_64BIT_CTX BN_CTX
+
+# define pq_64bit_init(x) BN_init(x)
+# define pq_64bit_free(x) BN_free(x)
+
+# define pq_64bit_ctx_new(ctx) BN_CTX_new()
+# define pq_64bit_ctx_free(x) BN_CTX_free(x)
+
+# define pq_64bit_assign(x, y) BN_copy(x, y)
+# define pq_64bit_assign_word(x, y) BN_set_word(x, y)
+# define pq_64bit_gt(x, y) BN_ucmp(x, y) >= 1 ? 1 : 0
+# define pq_64bit_eq(x, y) BN_ucmp(x, y) == 0 ? 1 : 0
+# define pq_64bit_add_word(x, w) BN_add_word(x, w)
+# define pq_64bit_sub(r, x, y) BN_sub(r, x, y)
+# define pq_64bit_sub_word(x, w) BN_sub_word(x, w)
+# define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx)
+
+# define pq_64bit_bin2num(bn, bytes, len) BN_bin2bn(bytes, len, bn)
+# define pq_64bit_num2bin(bn, bytes) BN_bn2bin(bn, bytes)
+# define pq_64bit_get_word(x) BN_get_word(x)
+# define pq_64bit_is_bit_set(x, offset) BN_is_bit_set(x, offset)
+# define pq_64bit_lshift(r, x, shift) BN_lshift(r, x, shift)
+# define pq_64bit_set_bit(x, num) BN_set_bit(x, num)
+# define pq_64bit_get_length(x) BN_num_bits((x))
+
+# else
+
+# define PQ_64BIT_IS_INTEGER 1
+# define PQ_64BIT_IS_BIGNUM 0
+
+# if defined(SIXTY_FOUR_BIT)
+# define PQ_64BIT BN_ULONG
+# define PQ_64BIT_PRINT "%lld"
+# elif defined(SIXTY_FOUR_BIT_LONG)
+# define PQ_64BIT BN_ULONG
+# define PQ_64BIT_PRINT "%ld"
+# elif defined(THIRTY_TWO_BIT)
+# define PQ_64BIT BN_ULLONG
+# define PQ_64BIT_PRINT "%lld"
+# endif
+
+# define PQ_64BIT_CTX void
+
+# define pq_64bit_init(x)
+# define pq_64bit_free(x)
+# define pq_64bit_ctx_new(ctx) (ctx)
+# define pq_64bit_ctx_free(x)
+
+# define pq_64bit_assign(x, y) (*(x) = *(y))
+# define pq_64bit_assign_word(x, y) (*(x) = y)
+# define pq_64bit_gt(x, y) (*(x) > *(y))
+# define pq_64bit_eq(x, y) (*(x) == *(y))
+# define pq_64bit_add_word(x, w) (*(x) = (*(x) + (w)))
+# define pq_64bit_sub(r, x, y) (*(r) = (*(x) - *(y)))
+# define pq_64bit_sub_word(x, w) (*(x) = (*(x) - (w)))
+# define pq_64bit_mod(r, x, n, ctx)
+
+# define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num)
+# define pq_64bit_num2bin(num, bytes) long_long_to_bytes(num, bytes)
+# define pq_64bit_get_word(x) *(x)
+# define pq_64bit_lshift(r, x, shift) (*(r) = (*(x) << (shift)))
+# define pq_64bit_set_bit(x, num) do { \
+ PQ_64BIT mask = 1; \
+ mask = mask << (num); \
+ *(x) |= mask; \
+ } while(0)
+# endif /* OPENSSL_SYS_VMS */
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pqueue/pq_test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,95 +0,0 @@
-/* crypto/pqueue/pq_test.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "pqueue.h"
-
-int
-main(void)
- {
- pitem *item;
- pqueue pq;
-
- pq = pqueue_new();
-
- item = pitem_new(3, NULL);
- pqueue_insert(pq, item);
-
- item = pitem_new(1, NULL);
- pqueue_insert(pq, item);
-
- item = pitem_new(2, NULL);
- pqueue_insert(pq, item);
-
- item = pqueue_find(pq, 1);
- fprintf(stderr, "found %ld\n", item->priority);
-
- item = pqueue_find(pq, 2);
- fprintf(stderr, "found %ld\n", item->priority);
-
- item = pqueue_find(pq, 3);
- fprintf(stderr, "found %ld\n", item ? item->priority: 0);
-
- pqueue_print(pq);
-
- for(item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))
- pitem_free(item);
-
- pqueue_free(pq);
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pqueue/pq_test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pq_test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,94 @@
+/* crypto/pqueue/pq_test.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "pqueue.h"
+
+int main(void)
+{
+ pitem *item;
+ pqueue pq;
+
+ pq = pqueue_new();
+
+ item = pitem_new(3, NULL);
+ pqueue_insert(pq, item);
+
+ item = pitem_new(1, NULL);
+ pqueue_insert(pq, item);
+
+ item = pitem_new(2, NULL);
+ pqueue_insert(pq, item);
+
+ item = pqueue_find(pq, 1);
+ fprintf(stderr, "found %ld\n", item->priority);
+
+ item = pqueue_find(pq, 2);
+ fprintf(stderr, "found %ld\n", item->priority);
+
+ item = pqueue_find(pq, 3);
+ fprintf(stderr, "found %ld\n", item ? item->priority : 0);
+
+ pqueue_print(pq);
+
+ for (item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))
+ pitem_free(item);
+
+ pqueue_free(pq);
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/pqueue/pqueue.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,242 +0,0 @@
-/* crypto/pqueue/pqueue.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include "pqueue.h"
-
-typedef struct _pqueue
- {
- pitem *items;
- int count;
- } pqueue_s;
-
-pitem *
-pitem_new(PQ_64BIT priority, void *data)
- {
- pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem));
- if (item == NULL) return NULL;
-
- pq_64bit_init(&(item->priority));
- pq_64bit_assign(&item->priority, &priority);
-
- item->data = data;
- item->next = NULL;
-
- return item;
- }
-
-void
-pitem_free(pitem *item)
- {
- if (item == NULL) return;
-
- pq_64bit_free(&(item->priority));
- OPENSSL_free(item);
- }
-
-pqueue_s *
-pqueue_new()
- {
- pqueue_s *pq = (pqueue_s *) OPENSSL_malloc(sizeof(pqueue_s));
- if (pq == NULL) return NULL;
-
- memset(pq, 0x00, sizeof(pqueue_s));
- return pq;
- }
-
-void
-pqueue_free(pqueue_s *pq)
- {
- if (pq == NULL) return;
-
- OPENSSL_free(pq);
- }
-
-pitem *
-pqueue_insert(pqueue_s *pq, pitem *item)
- {
- pitem *curr, *next;
-
- if (pq->items == NULL)
- {
- pq->items = item;
- return item;
- }
-
- for(curr = NULL, next = pq->items;
- next != NULL;
- curr = next, next = next->next)
- {
- if (pq_64bit_gt(&(next->priority), &(item->priority)))
- {
- item->next = next;
-
- if (curr == NULL)
- pq->items = item;
- else
- curr->next = item;
-
- return item;
- }
- /* duplicates not allowed */
- if (pq_64bit_eq(&(item->priority), &(next->priority)))
- return NULL;
- }
-
- item->next = NULL;
- curr->next = item;
-
- return item;
- }
-
-pitem *
-pqueue_peek(pqueue_s *pq)
- {
- return pq->items;
- }
-
-pitem *
-pqueue_pop(pqueue_s *pq)
- {
- pitem *item = pq->items;
-
- if (pq->items != NULL)
- pq->items = pq->items->next;
-
- return item;
- }
-
-pitem *
-pqueue_find(pqueue_s *pq, PQ_64BIT priority)
- {
- pitem *next;
- pitem *found = NULL;
-
- if ( pq->items == NULL)
- return NULL;
-
- for ( next = pq->items; next->next != NULL; next = next->next)
- {
- if ( pq_64bit_eq(&(next->priority), &priority))
- {
- found = next;
- break;
- }
- }
-
- /* check the one last node */
- if ( pq_64bit_eq(&(next->priority), &priority))
- found = next;
-
- if ( ! found)
- return NULL;
-
- return found;
- }
-
-#if PQ_64BIT_IS_INTEGER
-void
-pqueue_print(pqueue_s *pq)
- {
- pitem *item = pq->items;
-
- while(item != NULL)
- {
- printf("item\t" PQ_64BIT_PRINT "\n", item->priority);
- item = item->next;
- }
- }
-#endif
-
-pitem *
-pqueue_iterator(pqueue_s *pq)
- {
- return pqueue_peek(pq);
- }
-
-pitem *
-pqueue_next(pitem **item)
- {
- pitem *ret;
-
- if ( item == NULL || *item == NULL)
- return NULL;
-
-
- /* *item != NULL */
- ret = *item;
- *item = (*item)->next;
-
- return ret;
- }
-
-int
-pqueue_size(pqueue_s *pq)
-{
- pitem *item = pq->items;
- int count = 0;
-
- while(item != NULL)
- {
- count++;
- item = item->next;
- }
- return count;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.c (from rev 6976, vendor-crypto/openssl/dist/crypto/pqueue/pqueue.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,224 @@
+/* crypto/pqueue/pqueue.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include "pqueue.h"
+
+typedef struct _pqueue {
+ pitem *items;
+ int count;
+} pqueue_s;
+
+pitem *pitem_new(PQ_64BIT priority, void *data)
+{
+ pitem *item = (pitem *)OPENSSL_malloc(sizeof(pitem));
+ if (item == NULL)
+ return NULL;
+
+ pq_64bit_init(&(item->priority));
+ pq_64bit_assign(&item->priority, &priority);
+
+ item->data = data;
+ item->next = NULL;
+
+ return item;
+}
+
+void pitem_free(pitem *item)
+{
+ if (item == NULL)
+ return;
+
+ pq_64bit_free(&(item->priority));
+ OPENSSL_free(item);
+}
+
+pqueue_s *pqueue_new()
+{
+ pqueue_s *pq = (pqueue_s *)OPENSSL_malloc(sizeof(pqueue_s));
+ if (pq == NULL)
+ return NULL;
+
+ memset(pq, 0x00, sizeof(pqueue_s));
+ return pq;
+}
+
+void pqueue_free(pqueue_s *pq)
+{
+ if (pq == NULL)
+ return;
+
+ OPENSSL_free(pq);
+}
+
+pitem *pqueue_insert(pqueue_s *pq, pitem *item)
+{
+ pitem *curr, *next;
+
+ if (pq->items == NULL) {
+ pq->items = item;
+ return item;
+ }
+
+ for (curr = NULL, next = pq->items;
+ next != NULL; curr = next, next = next->next) {
+ if (pq_64bit_gt(&(next->priority), &(item->priority))) {
+ item->next = next;
+
+ if (curr == NULL)
+ pq->items = item;
+ else
+ curr->next = item;
+
+ return item;
+ }
+ /* duplicates not allowed */
+ if (pq_64bit_eq(&(item->priority), &(next->priority)))
+ return NULL;
+ }
+
+ item->next = NULL;
+ curr->next = item;
+
+ return item;
+}
+
+pitem *pqueue_peek(pqueue_s *pq)
+{
+ return pq->items;
+}
+
+pitem *pqueue_pop(pqueue_s *pq)
+{
+ pitem *item = pq->items;
+
+ if (pq->items != NULL)
+ pq->items = pq->items->next;
+
+ return item;
+}
+
+pitem *pqueue_find(pqueue_s *pq, PQ_64BIT priority)
+{
+ pitem *next;
+ pitem *found = NULL;
+
+ if (pq->items == NULL)
+ return NULL;
+
+ for (next = pq->items; next->next != NULL; next = next->next) {
+ if (pq_64bit_eq(&(next->priority), &priority)) {
+ found = next;
+ break;
+ }
+ }
+
+ /* check the one last node */
+ if (pq_64bit_eq(&(next->priority), &priority))
+ found = next;
+
+ if (!found)
+ return NULL;
+
+ return found;
+}
+
+#if PQ_64BIT_IS_INTEGER
+void pqueue_print(pqueue_s *pq)
+{
+ pitem *item = pq->items;
+
+ while (item != NULL) {
+ printf("item\t" PQ_64BIT_PRINT "\n", item->priority);
+ item = item->next;
+ }
+}
+#endif
+
+pitem *pqueue_iterator(pqueue_s *pq)
+{
+ return pqueue_peek(pq);
+}
+
+pitem *pqueue_next(pitem **item)
+{
+ pitem *ret;
+
+ if (item == NULL || *item == NULL)
+ return NULL;
+
+ /* *item != NULL */
+ ret = *item;
+ *item = (*item)->next;
+
+ return ret;
+}
+
+int pqueue_size(pqueue_s *pq)
+{
+ pitem *item = pq->items;
+ int count = 0;
+
+ while (item != NULL) {
+ count++;
+ item = item->next;
+ }
+ return count;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/pqueue/pqueue.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,96 +0,0 @@
-/* crypto/pqueue/pqueue.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_PQUEUE_H
-#define HEADER_PQUEUE_H
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/pq_compat.h>
-
-typedef struct _pqueue *pqueue;
-
-typedef struct _pitem
- {
- PQ_64BIT priority;
- void *data;
- struct _pitem *next;
- } pitem;
-
-typedef struct _pitem *piterator;
-
-pitem *pitem_new(PQ_64BIT priority, void *data);
-void pitem_free(pitem *item);
-
-pqueue pqueue_new(void);
-void pqueue_free(pqueue pq);
-
-pitem *pqueue_insert(pqueue pq, pitem *item);
-pitem *pqueue_peek(pqueue pq);
-pitem *pqueue_pop(pqueue pq);
-pitem *pqueue_find(pqueue pq, PQ_64BIT priority);
-pitem *pqueue_iterator(pqueue pq);
-pitem *pqueue_next(piterator *iter);
-
-void pqueue_print(pqueue pq);
-int pqueue_size(pqueue pq);
-
-#endif /* ! HEADER_PQUEUE_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.h (from rev 6976, vendor-crypto/openssl/dist/crypto/pqueue/pqueue.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/pqueue/pqueue.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,95 @@
+/* crypto/pqueue/pqueue.h */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_PQUEUE_H
+# define HEADER_PQUEUE_H
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+
+# include <openssl/pq_compat.h>
+
+typedef struct _pqueue *pqueue;
+
+typedef struct _pitem {
+ PQ_64BIT priority;
+ void *data;
+ struct _pitem *next;
+} pitem;
+
+typedef struct _pitem *piterator;
+
+pitem *pitem_new(PQ_64BIT priority, void *data);
+void pitem_free(pitem *item);
+
+pqueue pqueue_new(void);
+void pqueue_free(pqueue pq);
+
+pitem *pqueue_insert(pqueue pq, pitem *item);
+pitem *pqueue_peek(pqueue pq);
+pitem *pqueue_pop(pqueue pq);
+pitem *pqueue_find(pqueue pq, PQ_64BIT priority);
+pitem *pqueue_iterator(pqueue pq);
+pitem *pqueue_next(piterator *iter);
+
+void pqueue_print(pqueue pq);
+int pqueue_size(pqueue pq);
+
+#endif /* ! HEADER_PQUEUE_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/md_rand.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/md_rand.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/md_rand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,584 +0,0 @@
-/* crypto/rand/md_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifdef MD_RAND_DEBUG
-# ifndef NDEBUG
-# define NDEBUG
-# endif
-#endif
-
-#include <assert.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-#ifdef BN_DEBUG
-# define PREDICT
-#endif
-
-/* #define PREDICT 1 */
-
-#define STATE_SIZE 1023
-static int state_num=0,state_index=0;
-static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
-static unsigned char md[MD_DIGEST_LENGTH];
-static long md_count[2]={0,0};
-static double entropy=0;
-static int initialized=0;
-
-static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
- * holds CRYPTO_LOCK_RAND
- * (to prevent double locking) */
-/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
-static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
-
-
-#ifdef PREDICT
-int rand_predictable=0;
-#endif
-
-const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
-
-static void ssleay_rand_cleanup(void);
-static void ssleay_rand_seed(const void *buf, int num);
-static void ssleay_rand_add(const void *buf, int num, double add_entropy);
-static int ssleay_rand_bytes(unsigned char *buf, int num);
-static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
-static int ssleay_rand_status(void);
-
-RAND_METHOD rand_ssleay_meth={
- ssleay_rand_seed,
- ssleay_rand_bytes,
- ssleay_rand_cleanup,
- ssleay_rand_add,
- ssleay_rand_pseudo_bytes,
- ssleay_rand_status
- };
-
-RAND_METHOD *RAND_SSLeay(void)
- {
- return(&rand_ssleay_meth);
- }
-
-static void ssleay_rand_cleanup(void)
- {
- OPENSSL_cleanse(state,sizeof(state));
- state_num=0;
- state_index=0;
- OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
- md_count[0]=0;
- md_count[1]=0;
- entropy=0;
- initialized=0;
- }
-
-static void ssleay_rand_add(const void *buf, int num, double add)
- {
- int i,j,k,st_idx;
- long md_c[2];
- unsigned char local_md[MD_DIGEST_LENGTH];
- EVP_MD_CTX m;
- int do_not_lock;
-
- /*
- * (Based on the rand(3) manpage)
- *
- * The input is chopped up into units of 20 bytes (or less for
- * the last block). Each of these blocks is run through the hash
- * function as follows: The data passed to the hash function
- * is the current 'md', the same number of bytes from the 'state'
- * (the location determined by in incremented looping index) as
- * the current 'block', the new key data 'block', and 'count'
- * (which is incremented after each use).
- * The result of this is kept in 'md' and also xored into the
- * 'state' at the same locations that were used as input into the
- * hash function.
- */
-
- /* check if we already have the lock */
- if (crypto_lock_rand)
- {
- CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
- do_not_lock = (locking_thread == CRYPTO_thread_id());
- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
- }
- else
- do_not_lock = 0;
-
- if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- st_idx=state_index;
-
- /* use our own copies of the counters so that even
- * if a concurrent thread seeds with exactly the
- * same data and uses the same subarray there's _some_
- * difference */
- md_c[0] = md_count[0];
- md_c[1] = md_count[1];
-
- memcpy(local_md, md, sizeof md);
-
- /* state_index <= state_num <= STATE_SIZE */
- state_index += num;
- if (state_index >= STATE_SIZE)
- {
- state_index%=STATE_SIZE;
- state_num=STATE_SIZE;
- }
- else if (state_num < STATE_SIZE)
- {
- if (state_index > state_num)
- state_num=state_index;
- }
- /* state_index <= state_num <= STATE_SIZE */
-
- /* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE]
- * are what we will use now, but other threads may use them
- * as well */
-
- md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
-
- if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
- EVP_MD_CTX_init(&m);
- for (i=0; i<num; i+=MD_DIGEST_LENGTH)
- {
- j=(num-i);
- j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
-
- MD_Init(&m);
- MD_Update(&m,local_md,MD_DIGEST_LENGTH);
- k=(st_idx+j)-STATE_SIZE;
- if (k > 0)
- {
- MD_Update(&m,&(state[st_idx]),j-k);
- MD_Update(&m,&(state[0]),k);
- }
- else
- MD_Update(&m,&(state[st_idx]),j);
-
- MD_Update(&m,buf,j);
- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
- MD_Final(&m,local_md);
- md_c[1]++;
-
- buf=(const char *)buf + j;
-
- for (k=0; k<j; k++)
- {
- /* Parallel threads may interfere with this,
- * but always each byte of the new state is
- * the XOR of some previous value of its
- * and local_md (itermediate values may be lost).
- * Alway using locking could hurt performance more
- * than necessary given that conflicts occur only
- * when the total seeding is longer than the random
- * state. */
- state[st_idx++]^=local_md[k];
- if (st_idx >= STATE_SIZE)
- st_idx=0;
- }
- }
- EVP_MD_CTX_cleanup(&m);
-
- if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- /* Don't just copy back local_md into md -- this could mean that
- * other thread's seeding remains without effect (except for
- * the incremented counter). By XORing it we keep at least as
- * much entropy as fits into md. */
- for (k = 0; k < (int)sizeof(md); k++)
- {
- md[k] ^= local_md[k];
- }
- if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
- entropy += add;
- if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
- assert(md_c[1] == md_count[1]);
-#endif
- }
-
-static void ssleay_rand_seed(const void *buf, int num)
- {
- ssleay_rand_add(buf, num, (double)num);
- }
-
-static int ssleay_rand_bytes(unsigned char *buf, int num)
- {
- static volatile int stirred_pool = 0;
- int i,j,k,st_num,st_idx;
- int num_ceil;
- int ok;
- long md_c[2];
- unsigned char local_md[MD_DIGEST_LENGTH];
- EVP_MD_CTX m;
-#ifndef GETPID_IS_MEANINGLESS
- pid_t curr_pid = getpid();
-#endif
- int do_stir_pool = 0;
-
-#ifdef OPENSSL_FIPS
- if(FIPS_mode())
- {
- FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
- return 0;
- }
-#endif
-
-#ifdef PREDICT
- if (rand_predictable)
- {
- static unsigned char val=0;
-
- for (i=0; i<num; i++)
- buf[i]=val++;
- return(1);
- }
-#endif
-
- if (num <= 0)
- return 1;
-
- EVP_MD_CTX_init(&m);
- /* round upwards to multiple of MD_DIGEST_LENGTH/2 */
- num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
-
- /*
- * (Based on the rand(3) manpage:)
- *
- * For each group of 10 bytes (or less), we do the following:
- *
- * Input into the hash function the local 'md' (which is initialized from
- * the global 'md' before any bytes are generated), the bytes that are to
- * be overwritten by the random bytes, and bytes from the 'state'
- * (incrementing looping index). From this digest output (which is kept
- * in 'md'), the top (up to) 10 bytes are returned to the caller and the
- * bottom 10 bytes are xored into the 'state'.
- *
- * Finally, after we have finished 'num' random bytes for the
- * caller, 'count' (which is incremented) and the local and global 'md'
- * are fed into the hash function and the results are kept in the
- * global 'md'.
- */
-
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
- CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
- locking_thread = CRYPTO_thread_id();
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
- crypto_lock_rand = 1;
-
- if (!initialized)
- {
- RAND_poll();
- initialized = 1;
- }
-
- if (!stirred_pool)
- do_stir_pool = 1;
-
- ok = (entropy >= ENTROPY_NEEDED);
- if (!ok)
- {
- /* If the PRNG state is not yet unpredictable, then seeing
- * the PRNG output may help attackers to determine the new
- * state; thus we have to decrease the entropy estimate.
- * Once we've had enough initial seeding we don't bother to
- * adjust the entropy count, though, because we're not ambitious
- * to provide *information-theoretic* randomness.
- *
- * NOTE: This approach fails if the program forks before
- * we have enough entropy. Entropy should be collected
- * in a separate input pool and be transferred to the
- * output pool only when the entropy limit has been reached.
- */
- entropy -= num;
- if (entropy < 0)
- entropy = 0;
- }
-
- if (do_stir_pool)
- {
- /* In the output function only half of 'md' remains secret,
- * so we better make sure that the required entropy gets
- * 'evenly distributed' through 'state', our randomness pool.
- * The input function (ssleay_rand_add) chains all of 'md',
- * which makes it more suitable for this purpose.
- */
-
- int n = STATE_SIZE; /* so that the complete pool gets accessed */
- while (n > 0)
- {
-#if MD_DIGEST_LENGTH > 20
-# error "Please adjust DUMMY_SEED."
-#endif
-#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
- /* Note that the seed does not matter, it's just that
- * ssleay_rand_add expects to have something to hash. */
- ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
- n -= MD_DIGEST_LENGTH;
- }
- if (ok)
- stirred_pool = 1;
- }
-
- st_idx=state_index;
- st_num=state_num;
- md_c[0] = md_count[0];
- md_c[1] = md_count[1];
- memcpy(local_md, md, sizeof md);
-
- state_index+=num_ceil;
- if (state_index > state_num)
- state_index %= state_num;
-
- /* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num]
- * are now ours (but other threads may use them too) */
-
- md_count[0] += 1;
-
- /* before unlocking, we must clear 'crypto_lock_rand' */
- crypto_lock_rand = 0;
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
- while (num > 0)
- {
- /* num_ceil -= MD_DIGEST_LENGTH/2 */
- j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
- num-=j;
- MD_Init(&m);
-#ifndef GETPID_IS_MEANINGLESS
- if (curr_pid) /* just in the first iteration to save time */
- {
- MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid);
- curr_pid = 0;
- }
-#endif
- MD_Update(&m,local_md,MD_DIGEST_LENGTH);
- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-#ifndef PURIFY
- MD_Update(&m,buf,j); /* purify complains */
-#endif
- k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
- if (k > 0)
- {
- MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
- MD_Update(&m,&(state[0]),k);
- }
- else
- MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
- MD_Final(&m,local_md);
-
- for (i=0; i<MD_DIGEST_LENGTH/2; i++)
- {
- state[st_idx++]^=local_md[i]; /* may compete with other threads */
- if (st_idx >= st_num)
- st_idx=0;
- if (i < j)
- *(buf++)=local_md[i+MD_DIGEST_LENGTH/2];
- }
- }
-
- MD_Init(&m);
- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
- MD_Update(&m,local_md,MD_DIGEST_LENGTH);
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- MD_Update(&m,md,MD_DIGEST_LENGTH);
- MD_Final(&m,md);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
- EVP_MD_CTX_cleanup(&m);
- if (ok)
- return(1);
- else
- {
- RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
- ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
- "http://www.openssl.org/support/faq.html");
- return(0);
- }
- }
-
-/* pseudo-random bytes that are guaranteed to be unique but not
- unpredictable */
-static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
- {
- int ret;
- unsigned long err;
-
- ret = RAND_bytes(buf, num);
- if (ret == 0)
- {
- err = ERR_peek_error();
- if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
- ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
- ERR_clear_error();
- }
- return (ret);
- }
-
-static int ssleay_rand_status(void)
- {
- int ret;
- int do_not_lock;
-
- /* check if we already have the lock
- * (could happen if a RAND_poll() implementation calls RAND_status()) */
- if (crypto_lock_rand)
- {
- CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
- do_not_lock = (locking_thread == CRYPTO_thread_id());
- CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
- }
- else
- do_not_lock = 0;
-
- if (!do_not_lock)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
- /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
- CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
- locking_thread = CRYPTO_thread_id();
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
- crypto_lock_rand = 1;
- }
-
- if (!initialized)
- {
- RAND_poll();
- initialized = 1;
- }
-
- ret = entropy >= ENTROPY_NEEDED;
-
- if (!do_not_lock)
- {
- /* before unlocking, we must clear 'crypto_lock_rand' */
- crypto_lock_rand = 0;
-
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- }
-
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/md_rand.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/md_rand.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/md_rand.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/md_rand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,575 @@
+/* crypto/rand/md_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifdef MD_RAND_DEBUG
+# ifndef NDEBUG
+# define NDEBUG
+# endif
+#endif
+
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#ifdef BN_DEBUG
+# define PREDICT
+#endif
+
+/* #define PREDICT 1 */
+
+#define STATE_SIZE 1023
+static int state_num = 0, state_index = 0;
+static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
+static unsigned char md[MD_DIGEST_LENGTH];
+static long md_count[2] = { 0, 0 };
+
+static double entropy = 0;
+static int initialized = 0;
+
+static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
+ * holds CRYPTO_LOCK_RAND (to
+ * prevent double locking) */
+/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
+/* valid iff crypto_lock_rand is set */
+static unsigned long locking_thread = 0;
+
+#ifdef PREDICT
+int rand_predictable = 0;
+#endif
+
+const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT;
+
+static void ssleay_rand_cleanup(void);
+static void ssleay_rand_seed(const void *buf, int num);
+static void ssleay_rand_add(const void *buf, int num, double add_entropy);
+static int ssleay_rand_bytes(unsigned char *buf, int num);
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
+static int ssleay_rand_status(void);
+
+RAND_METHOD rand_ssleay_meth = {
+ ssleay_rand_seed,
+ ssleay_rand_bytes,
+ ssleay_rand_cleanup,
+ ssleay_rand_add,
+ ssleay_rand_pseudo_bytes,
+ ssleay_rand_status
+};
+
+RAND_METHOD *RAND_SSLeay(void)
+{
+ return (&rand_ssleay_meth);
+}
+
+static void ssleay_rand_cleanup(void)
+{
+ OPENSSL_cleanse(state, sizeof(state));
+ state_num = 0;
+ state_index = 0;
+ OPENSSL_cleanse(md, MD_DIGEST_LENGTH);
+ md_count[0] = 0;
+ md_count[1] = 0;
+ entropy = 0;
+ initialized = 0;
+}
+
+static void ssleay_rand_add(const void *buf, int num, double add)
+{
+ int i, j, k, st_idx;
+ long md_c[2];
+ unsigned char local_md[MD_DIGEST_LENGTH];
+ EVP_MD_CTX m;
+ int do_not_lock;
+
+ /*
+ * (Based on the rand(3) manpage)
+ *
+ * The input is chopped up into units of 20 bytes (or less for
+ * the last block). Each of these blocks is run through the hash
+ * function as follows: The data passed to the hash function
+ * is the current 'md', the same number of bytes from the 'state'
+ * (the location determined by in incremented looping index) as
+ * the current 'block', the new key data 'block', and 'count'
+ * (which is incremented after each use).
+ * The result of this is kept in 'md' and also xored into the
+ * 'state' at the same locations that were used as input into the
+ * hash function.
+ */
+
+ /* check if we already have the lock */
+ if (crypto_lock_rand) {
+ CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+ do_not_lock = (locking_thread == CRYPTO_thread_id());
+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+ } else
+ do_not_lock = 0;
+
+ if (!do_not_lock)
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ st_idx = state_index;
+
+ /*
+ * use our own copies of the counters so that even if a concurrent thread
+ * seeds with exactly the same data and uses the same subarray there's
+ * _some_ difference
+ */
+ md_c[0] = md_count[0];
+ md_c[1] = md_count[1];
+
+ memcpy(local_md, md, sizeof md);
+
+ /* state_index <= state_num <= STATE_SIZE */
+ state_index += num;
+ if (state_index >= STATE_SIZE) {
+ state_index %= STATE_SIZE;
+ state_num = STATE_SIZE;
+ } else if (state_num < STATE_SIZE) {
+ if (state_index > state_num)
+ state_num = state_index;
+ }
+ /* state_index <= state_num <= STATE_SIZE */
+
+ /*
+ * state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] are what we
+ * will use now, but other threads may use them as well
+ */
+
+ md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
+
+ if (!do_not_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+ EVP_MD_CTX_init(&m);
+ for (i = 0; i < num; i += MD_DIGEST_LENGTH) {
+ j = (num - i);
+ j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j;
+
+ MD_Init(&m);
+ MD_Update(&m, local_md, MD_DIGEST_LENGTH);
+ k = (st_idx + j) - STATE_SIZE;
+ if (k > 0) {
+ MD_Update(&m, &(state[st_idx]), j - k);
+ MD_Update(&m, &(state[0]), k);
+ } else
+ MD_Update(&m, &(state[st_idx]), j);
+
+ MD_Update(&m, buf, j);
+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
+ MD_Final(&m, local_md);
+ md_c[1]++;
+
+ buf = (const char *)buf + j;
+
+ for (k = 0; k < j; k++) {
+ /*
+ * Parallel threads may interfere with this, but always each byte
+ * of the new state is the XOR of some previous value of its and
+ * local_md (itermediate values may be lost). Alway using locking
+ * could hurt performance more than necessary given that
+ * conflicts occur only when the total seeding is longer than the
+ * random state.
+ */
+ state[st_idx++] ^= local_md[k];
+ if (st_idx >= STATE_SIZE)
+ st_idx = 0;
+ }
+ }
+ EVP_MD_CTX_cleanup(&m);
+
+ if (!do_not_lock)
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ /*
+ * Don't just copy back local_md into md -- this could mean that other
+ * thread's seeding remains without effect (except for the incremented
+ * counter). By XORing it we keep at least as much entropy as fits into
+ * md.
+ */
+ for (k = 0; k < (int)sizeof(md); k++) {
+ md[k] ^= local_md[k];
+ }
+ if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
+ entropy += add;
+ if (!do_not_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
+ assert(md_c[1] == md_count[1]);
+#endif
+}
+
+static void ssleay_rand_seed(const void *buf, int num)
+{
+ ssleay_rand_add(buf, num, (double)num);
+}
+
+static int ssleay_rand_bytes(unsigned char *buf, int num)
+{
+ static volatile int stirred_pool = 0;
+ int i, j, k, st_num, st_idx;
+ int num_ceil;
+ int ok;
+ long md_c[2];
+ unsigned char local_md[MD_DIGEST_LENGTH];
+ EVP_MD_CTX m;
+#ifndef GETPID_IS_MEANINGLESS
+ pid_t curr_pid = getpid();
+#endif
+ int do_stir_pool = 0;
+
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode()) {
+ FIPSerr(FIPS_F_SSLEAY_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
+
+#ifdef PREDICT
+ if (rand_predictable) {
+ static unsigned char val = 0;
+
+ for (i = 0; i < num; i++)
+ buf[i] = val++;
+ return (1);
+ }
+#endif
+
+ if (num <= 0)
+ return 1;
+
+ EVP_MD_CTX_init(&m);
+ /* round upwards to multiple of MD_DIGEST_LENGTH/2 */
+ num_ceil =
+ (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2);
+
+ /*
+ * (Based on the rand(3) manpage:)
+ *
+ * For each group of 10 bytes (or less), we do the following:
+ *
+ * Input into the hash function the local 'md' (which is initialized from
+ * the global 'md' before any bytes are generated), the bytes that are to
+ * be overwritten by the random bytes, and bytes from the 'state'
+ * (incrementing looping index). From this digest output (which is kept
+ * in 'md'), the top (up to) 10 bytes are returned to the caller and the
+ * bottom 10 bytes are xored into the 'state'.
+ *
+ * Finally, after we have finished 'num' random bytes for the
+ * caller, 'count' (which is incremented) and the local and global 'md'
+ * are fed into the hash function and the results are kept in the
+ * global 'md'.
+ */
+
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+ /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+ locking_thread = CRYPTO_thread_id();
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+ crypto_lock_rand = 1;
+
+ if (!initialized) {
+ RAND_poll();
+ initialized = 1;
+ }
+
+ if (!stirred_pool)
+ do_stir_pool = 1;
+
+ ok = (entropy >= ENTROPY_NEEDED);
+ if (!ok) {
+ /*
+ * If the PRNG state is not yet unpredictable, then seeing the PRNG
+ * output may help attackers to determine the new state; thus we have
+ * to decrease the entropy estimate. Once we've had enough initial
+ * seeding we don't bother to adjust the entropy count, though,
+ * because we're not ambitious to provide *information-theoretic*
+ * randomness. NOTE: This approach fails if the program forks before
+ * we have enough entropy. Entropy should be collected in a separate
+ * input pool and be transferred to the output pool only when the
+ * entropy limit has been reached.
+ */
+ entropy -= num;
+ if (entropy < 0)
+ entropy = 0;
+ }
+
+ if (do_stir_pool) {
+ /*
+ * In the output function only half of 'md' remains secret, so we
+ * better make sure that the required entropy gets 'evenly
+ * distributed' through 'state', our randomness pool. The input
+ * function (ssleay_rand_add) chains all of 'md', which makes it more
+ * suitable for this purpose.
+ */
+
+ int n = STATE_SIZE; /* so that the complete pool gets accessed */
+ while (n > 0) {
+#if MD_DIGEST_LENGTH > 20
+# error "Please adjust DUMMY_SEED."
+#endif
+#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
+ /*
+ * Note that the seed does not matter, it's just that
+ * ssleay_rand_add expects to have something to hash.
+ */
+ ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
+ n -= MD_DIGEST_LENGTH;
+ }
+ if (ok)
+ stirred_pool = 1;
+ }
+
+ st_idx = state_index;
+ st_num = state_num;
+ md_c[0] = md_count[0];
+ md_c[1] = md_count[1];
+ memcpy(local_md, md, sizeof md);
+
+ state_index += num_ceil;
+ if (state_index > state_num)
+ state_index %= state_num;
+
+ /*
+ * state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] are now
+ * ours (but other threads may use them too)
+ */
+
+ md_count[0] += 1;
+
+ /* before unlocking, we must clear 'crypto_lock_rand' */
+ crypto_lock_rand = 0;
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+ while (num > 0) {
+ /* num_ceil -= MD_DIGEST_LENGTH/2 */
+ j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num;
+ num -= j;
+ MD_Init(&m);
+#ifndef GETPID_IS_MEANINGLESS
+ if (curr_pid) { /* just in the first iteration to save time */
+ MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid);
+ curr_pid = 0;
+ }
+#endif
+ MD_Update(&m, local_md, MD_DIGEST_LENGTH);
+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
+#ifndef PURIFY
+ MD_Update(&m, buf, j); /* purify complains */
+#endif
+ k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
+ if (k > 0) {
+ MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k);
+ MD_Update(&m, &(state[0]), k);
+ } else
+ MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2);
+ MD_Final(&m, local_md);
+
+ for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) {
+ /* may compete with other threads */
+ state[st_idx++] ^= local_md[i];
+ if (st_idx >= st_num)
+ st_idx = 0;
+ if (i < j)
+ *(buf++) = local_md[i + MD_DIGEST_LENGTH / 2];
+ }
+ }
+
+ MD_Init(&m);
+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
+ MD_Update(&m, local_md, MD_DIGEST_LENGTH);
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ MD_Update(&m, md, MD_DIGEST_LENGTH);
+ MD_Final(&m, md);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+ EVP_MD_CTX_cleanup(&m);
+ if (ok)
+ return (1);
+ else {
+ RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED);
+ ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
+ "http://www.openssl.org/support/faq.html");
+ return (0);
+ }
+}
+
+/*
+ * pseudo-random bytes that are guaranteed to be unique but not unpredictable
+ */
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
+{
+ int ret;
+ unsigned long err;
+
+ ret = RAND_bytes(buf, num);
+ if (ret == 0) {
+ err = ERR_peek_error();
+ if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
+ ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
+ ERR_clear_error();
+ }
+ return (ret);
+}
+
+static int ssleay_rand_status(void)
+{
+ int ret;
+ int do_not_lock;
+
+ /*
+ * check if we already have the lock (could happen if a RAND_poll()
+ * implementation calls RAND_status())
+ */
+ if (crypto_lock_rand) {
+ CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+ do_not_lock = (locking_thread == CRYPTO_thread_id());
+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+ } else
+ do_not_lock = 0;
+
+ if (!do_not_lock) {
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+ /*
+ * prevent ssleay_rand_bytes() from trying to obtain the lock again
+ */
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+ locking_thread = CRYPTO_thread_id();
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+ crypto_lock_rand = 1;
+ }
+
+ if (!initialized) {
+ RAND_poll();
+ initialized = 1;
+ }
+
+ ret = entropy >= ENTROPY_NEEDED;
+
+ if (!do_not_lock) {
+ /* before unlocking, we must clear 'crypto_lock_rand' */
+ crypto_lock_rand = 0;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ }
+
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,167 +0,0 @@
-/* crypto/rand/rand.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RAND_H
-#define HEADER_RAND_H
-
-#include <stdlib.h>
-#include <openssl/ossl_typ.h>
-#include <openssl/e_os2.h>
-
-#if defined(OPENSSL_SYS_WINDOWS)
-#include <windows.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T int
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct rand_meth_st RAND_METHOD; */
-
-struct rand_meth_st
- {
- void (*seed)(const void *buf, int num);
- int (*bytes)(unsigned char *buf, int num);
- void (*cleanup)(void);
- void (*add)(const void *buf, int num, double entropy);
- int (*pseudorand)(unsigned char *buf, int num);
- int (*status)(void);
- };
-
-#ifdef BN_DEBUG
-extern int rand_predictable;
-#endif
-
-int RAND_set_rand_method(const RAND_METHOD *meth);
-const RAND_METHOD *RAND_get_rand_method(void);
-#ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine);
-#endif
-RAND_METHOD *RAND_SSLeay(void);
-void RAND_cleanup(void );
-int RAND_bytes(unsigned char *buf,int num);
-int RAND_pseudo_bytes(unsigned char *buf,int num);
-void RAND_seed(const void *buf,int num);
-void RAND_add(const void *buf,int num,double entropy);
-int RAND_load_file(const char *file,long max_bytes);
-int RAND_write_file(const char *file);
-const char *RAND_file_name(char *file,size_t num);
-int RAND_status(void);
-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
-int RAND_egd(const char *path);
-int RAND_egd_bytes(const char *path,int bytes);
-int RAND_poll(void);
-#ifndef OPENSSL_NO_ENGINE
-#ifdef OPENSSL_FIPS
-void int_RAND_init_engine_callbacks(void);
-void int_RAND_set_callbacks(
- int (*set_rand_func)(const RAND_METHOD *meth,
- const RAND_METHOD **pmeth),
- const RAND_METHOD *(*get_rand_func)(const RAND_METHOD **pmeth));
-#endif
-#endif
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-
-void RAND_screen(void);
-int RAND_event(UINT, WPARAM, LPARAM);
-
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_RAND_strings(void);
-
-/* Error codes for the RAND functions. */
-
-/* Function codes. */
-#define RAND_F_ENG_RAND_GET_RAND_METHOD 108
-#define RAND_F_FIPS_RAND 103
-#define RAND_F_FIPS_RAND_BYTES 102
-#define RAND_F_FIPS_RAND_GET_RAND_METHOD 109
-#define RAND_F_FIPS_RAND_SET_DT 106
-#define RAND_F_FIPS_SET_DT 104
-#define RAND_F_FIPS_SET_PRNG_SEED 107
-#define RAND_F_FIPS_SET_TEST_MODE 105
-#define RAND_F_RAND_GET_RAND_METHOD 101
-#define RAND_F_SSLEAY_RAND_BYTES 100
-
-/* Reason codes. */
-#define RAND_R_NON_FIPS_METHOD 105
-#define RAND_R_NOT_IN_TEST_MODE 106
-#define RAND_R_NO_KEY_SET 107
-#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
-#define RAND_R_PRNG_ERROR 108
-#define RAND_R_PRNG_KEYED 109
-#define RAND_R_PRNG_NOT_REKEYED 102
-#define RAND_R_PRNG_NOT_RESEEDED 103
-#define RAND_R_PRNG_NOT_SEEDED 100
-#define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
-#define RAND_R_PRNG_STUCK 104
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand.h (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/rand.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/rand.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,168 @@
+/* crypto/rand/rand.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RAND_H
+# define HEADER_RAND_H
+
+# include <stdlib.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/e_os2.h>
+
+# if defined(OPENSSL_SYS_WINDOWS)
+# include <windows.h>
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# if defined(OPENSSL_FIPS)
+# define FIPS_RAND_SIZE_T int
+# endif
+
+/* Already defined in ossl_typ.h */
+/* typedef struct rand_meth_st RAND_METHOD; */
+
+struct rand_meth_st {
+ void (*seed) (const void *buf, int num);
+ int (*bytes) (unsigned char *buf, int num);
+ void (*cleanup) (void);
+ void (*add) (const void *buf, int num, double entropy);
+ int (*pseudorand) (unsigned char *buf, int num);
+ int (*status) (void);
+};
+
+# ifdef BN_DEBUG
+extern int rand_predictable;
+# endif
+
+int RAND_set_rand_method(const RAND_METHOD *meth);
+const RAND_METHOD *RAND_get_rand_method(void);
+# ifndef OPENSSL_NO_ENGINE
+int RAND_set_rand_engine(ENGINE *engine);
+# endif
+RAND_METHOD *RAND_SSLeay(void);
+void RAND_cleanup(void);
+int RAND_bytes(unsigned char *buf, int num);
+int RAND_pseudo_bytes(unsigned char *buf, int num);
+void RAND_seed(const void *buf, int num);
+void RAND_add(const void *buf, int num, double entropy);
+int RAND_load_file(const char *file, long max_bytes);
+int RAND_write_file(const char *file);
+const char *RAND_file_name(char *file, size_t num);
+int RAND_status(void);
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
+int RAND_egd(const char *path);
+int RAND_egd_bytes(const char *path, int bytes);
+int RAND_poll(void);
+# ifndef OPENSSL_NO_ENGINE
+# ifdef OPENSSL_FIPS
+void int_RAND_init_engine_callbacks(void);
+void int_RAND_set_callbacks(int (*set_rand_func) (const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth),
+ const RAND_METHOD *(*get_rand_func) (const
+ RAND_METHOD
+ **pmeth));
+# endif
+# endif
+
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+
+void RAND_screen(void);
+int RAND_event(UINT, WPARAM, LPARAM);
+
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_RAND_strings(void);
+
+/* Error codes for the RAND functions. */
+
+/* Function codes. */
+# define RAND_F_ENG_RAND_GET_RAND_METHOD 108
+# define RAND_F_FIPS_RAND 103
+# define RAND_F_FIPS_RAND_BYTES 102
+# define RAND_F_FIPS_RAND_GET_RAND_METHOD 109
+# define RAND_F_FIPS_RAND_SET_DT 106
+# define RAND_F_FIPS_SET_DT 104
+# define RAND_F_FIPS_SET_PRNG_SEED 107
+# define RAND_F_FIPS_SET_TEST_MODE 105
+# define RAND_F_RAND_GET_RAND_METHOD 101
+# define RAND_F_SSLEAY_RAND_BYTES 100
+
+/* Reason codes. */
+# define RAND_R_NON_FIPS_METHOD 105
+# define RAND_R_NOT_IN_TEST_MODE 106
+# define RAND_R_NO_KEY_SET 107
+# define RAND_R_PRNG_ASKING_FOR_TOO_MUCH 101
+# define RAND_R_PRNG_ERROR 108
+# define RAND_R_PRNG_KEYED 109
+# define RAND_R_PRNG_NOT_REKEYED 102
+# define RAND_R_PRNG_NOT_RESEEDED 103
+# define RAND_R_PRNG_NOT_SEEDED 100
+# define RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY 110
+# define RAND_R_PRNG_STUCK 104
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_egd.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand_egd.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_egd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,303 +0,0 @@
-/* crypto/rand/rand_egd.c */
-/* Written by Ulf Moeller and Lutz Jaenicke for the OpenSSL project. */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/e_os2.h>
-#include <openssl/rand.h>
-#include <openssl/buffer.h>
-
-/*
- * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
- *
- * This module supplies three routines:
- *
- * RAND_query_egd_bytes(path, buf, bytes)
- * will actually query "bytes" bytes of entropy form the egd-socket located
- * at path and will write them to buf (if supplied) or will directly feed
- * it to RAND_seed() if buf==NULL.
- * The number of bytes is not limited by the maximum chunk size of EGD,
- * which is 255 bytes. If more than 255 bytes are wanted, several chunks
- * of entropy bytes are requested. The connection is left open until the
- * query is competed.
- * RAND_query_egd_bytes() returns with
- * -1 if an error occured during connection or communication.
- * num the number of bytes read from the EGD socket. This number is either
- * the number of bytes requested or smaller, if the EGD pool is
- * drained and the daemon signals that the pool is empty.
- * This routine does not touch any RAND_status(). This is necessary, since
- * PRNG functions may call it during initialization.
- *
- * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them
- * used to seed the PRNG.
- * RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
- * Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
- * seed status so that the return value can reflect the seed state:
- * -1 if an error occured during connection or communication _or_
- * if the PRNG has still not received the required seeding.
- * num the number of bytes read from the EGD socket. This number is either
- * the number of bytes requested or smaller, if the EGD pool is
- * drained and the daemon signals that the pool is empty.
- *
- * RAND_egd(path) will query 255 bytes and use the bytes retreived to seed
- * the PRNG.
- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
- */
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
- {
- return(-1);
- }
-int RAND_egd(const char *path)
- {
- return(-1);
- }
-
-int RAND_egd_bytes(const char *path,int bytes)
- {
- return(-1);
- }
-#else
-#include <openssl/opensslconf.h>
-#include OPENSSL_UNISTD
-#include <sys/types.h>
-#include <sys/socket.h>
-#ifndef NO_SYS_UN_H
-# ifdef OPENSSL_SYS_VXWORKS
-# include <streams/un.h>
-# else
-# include <sys/un.h>
-# endif
-#else
-struct sockaddr_un {
- short sun_family; /* AF_UNIX */
- char sun_path[108]; /* path name (gag) */
-};
-#endif /* NO_SYS_UN_H */
-#include <string.h>
-#include <errno.h>
-
-#ifndef offsetof
-# define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
-#endif
-
-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
- {
- int ret = 0;
- struct sockaddr_un addr;
- int len, num, numbytes;
- int fd = -1;
- int success;
- unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
-
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- if (strlen(path) >= sizeof(addr.sun_path))
- return (-1);
- BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);
- len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
- fd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (fd == -1) return (-1);
- success = 0;
- while (!success)
- {
- if (connect(fd, (struct sockaddr *)&addr, len) == 0)
- success = 1;
- else
- {
- switch (errno)
- {
-#ifdef EINTR
- case EINTR:
-#endif
-#ifdef EAGAIN
- case EAGAIN:
-#endif
-#ifdef EINPROGRESS
- case EINPROGRESS:
-#endif
-#ifdef EALREADY
- case EALREADY:
-#endif
- /* No error, try again */
- break;
-#ifdef EISCONN
- case EISCONN:
- success = 1;
- break;
-#endif
- default:
- goto err; /* failure */
- }
- }
- }
-
- while(bytes > 0)
- {
- egdbuf[0] = 1;
- egdbuf[1] = bytes < 255 ? bytes : 255;
- numbytes = 0;
- while (numbytes != 2)
- {
- num = write(fd, egdbuf + numbytes, 2 - numbytes);
- if (num >= 0)
- numbytes += num;
- else
- {
- switch (errno)
- {
-#ifdef EINTR
- case EINTR:
-#endif
-#ifdef EAGAIN
- case EAGAIN:
-#endif
- /* No error, try again */
- break;
- default:
- ret = -1;
- goto err; /* failure */
- }
- }
- }
- numbytes = 0;
- while (numbytes != 1)
- {
- num = read(fd, egdbuf, 1);
- if (num == 0)
- goto err; /* descriptor closed */
- else if (num > 0)
- numbytes += num;
- else
- {
- switch (errno)
- {
-#ifdef EINTR
- case EINTR:
-#endif
-#ifdef EAGAIN
- case EAGAIN:
-#endif
- /* No error, try again */
- break;
- default:
- ret = -1;
- goto err; /* failure */
- }
- }
- }
- if(egdbuf[0] == 0)
- goto err;
- if (buf)
- retrievebuf = buf + ret;
- else
- retrievebuf = tempbuf;
- numbytes = 0;
- while (numbytes != egdbuf[0])
- {
- num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
- if (num == 0)
- goto err; /* descriptor closed */
- else if (num > 0)
- numbytes += num;
- else
- {
- switch (errno)
- {
-#ifdef EINTR
- case EINTR:
-#endif
-#ifdef EAGAIN
- case EAGAIN:
-#endif
- /* No error, try again */
- break;
- default:
- ret = -1;
- goto err; /* failure */
- }
- }
- }
- ret += egdbuf[0];
- bytes -= egdbuf[0];
- if (!buf)
- RAND_seed(tempbuf, egdbuf[0]);
- }
- err:
- if (fd != -1) close(fd);
- return(ret);
- }
-
-
-int RAND_egd_bytes(const char *path, int bytes)
- {
- int num, ret = 0;
-
- num = RAND_query_egd_bytes(path, NULL, bytes);
- if (num < 1) goto err;
- if (RAND_status() == 1)
- ret = num;
- err:
- return(ret);
- }
-
-
-int RAND_egd(const char *path)
- {
- return (RAND_egd_bytes(path, 255));
- }
-
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_egd.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/rand_egd.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_egd.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_egd.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,291 @@
+/* crypto/rand/rand_egd.c */
+/* Written by Ulf Moeller and Lutz Jaenicke for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/e_os2.h>
+#include <openssl/rand.h>
+#include <openssl/buffer.h>
+
+/*-
+ * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+ *
+ * This module supplies three routines:
+ *
+ * RAND_query_egd_bytes(path, buf, bytes)
+ * will actually query "bytes" bytes of entropy form the egd-socket located
+ * at path and will write them to buf (if supplied) or will directly feed
+ * it to RAND_seed() if buf==NULL.
+ * The number of bytes is not limited by the maximum chunk size of EGD,
+ * which is 255 bytes. If more than 255 bytes are wanted, several chunks
+ * of entropy bytes are requested. The connection is left open until the
+ * query is competed.
+ * RAND_query_egd_bytes() returns with
+ * -1 if an error occured during connection or communication.
+ * num the number of bytes read from the EGD socket. This number is either
+ * the number of bytes requested or smaller, if the EGD pool is
+ * drained and the daemon signals that the pool is empty.
+ * This routine does not touch any RAND_status(). This is necessary, since
+ * PRNG functions may call it during initialization.
+ *
+ * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them
+ * used to seed the PRNG.
+ * RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
+ * Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
+ * seed status so that the return value can reflect the seed state:
+ * -1 if an error occured during connection or communication _or_
+ * if the PRNG has still not received the required seeding.
+ * num the number of bytes read from the EGD socket. This number is either
+ * the number of bytes requested or smaller, if the EGD pool is
+ * drained and the daemon signals that the pool is empty.
+ *
+ * RAND_egd(path) will query 255 bytes and use the bytes retreived to seed
+ * the PRNG.
+ * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
+ */
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS)
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+{
+ return (-1);
+}
+
+int RAND_egd(const char *path)
+{
+ return (-1);
+}
+
+int RAND_egd_bytes(const char *path, int bytes)
+{
+ return (-1);
+}
+#else
+# include <openssl/opensslconf.h>
+# include OPENSSL_UNISTD
+# include <sys/types.h>
+# include <sys/socket.h>
+# ifndef NO_SYS_UN_H
+# ifdef OPENSSL_SYS_VXWORKS
+# include <streams/un.h>
+# else
+# include <sys/un.h>
+# endif
+# else
+struct sockaddr_un {
+ short sun_family; /* AF_UNIX */
+ char sun_path[108]; /* path name (gag) */
+};
+# endif /* NO_SYS_UN_H */
+# include <string.h>
+# include <errno.h>
+
+# ifndef offsetof
+# define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
+# endif
+
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+{
+ int ret = 0;
+ struct sockaddr_un addr;
+ int len, num, numbytes;
+ int fd = -1;
+ int success;
+ unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ if (strlen(path) >= sizeof(addr.sun_path))
+ return (-1);
+ BUF_strlcpy(addr.sun_path, path, sizeof addr.sun_path);
+ len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+ fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (fd == -1)
+ return (-1);
+ success = 0;
+ while (!success) {
+ if (connect(fd, (struct sockaddr *)&addr, len) == 0)
+ success = 1;
+ else {
+ switch (errno) {
+# ifdef EINTR
+ case EINTR:
+# endif
+# ifdef EAGAIN
+ case EAGAIN:
+# endif
+# ifdef EINPROGRESS
+ case EINPROGRESS:
+# endif
+# ifdef EALREADY
+ case EALREADY:
+# endif
+ /* No error, try again */
+ break;
+# ifdef EISCONN
+ case EISCONN:
+ success = 1;
+ break;
+# endif
+ default:
+ goto err; /* failure */
+ }
+ }
+ }
+
+ while (bytes > 0) {
+ egdbuf[0] = 1;
+ egdbuf[1] = bytes < 255 ? bytes : 255;
+ numbytes = 0;
+ while (numbytes != 2) {
+ num = write(fd, egdbuf + numbytes, 2 - numbytes);
+ if (num >= 0)
+ numbytes += num;
+ else {
+ switch (errno) {
+# ifdef EINTR
+ case EINTR:
+# endif
+# ifdef EAGAIN
+ case EAGAIN:
+# endif
+ /* No error, try again */
+ break;
+ default:
+ ret = -1;
+ goto err; /* failure */
+ }
+ }
+ }
+ numbytes = 0;
+ while (numbytes != 1) {
+ num = read(fd, egdbuf, 1);
+ if (num == 0)
+ goto err; /* descriptor closed */
+ else if (num > 0)
+ numbytes += num;
+ else {
+ switch (errno) {
+# ifdef EINTR
+ case EINTR:
+# endif
+# ifdef EAGAIN
+ case EAGAIN:
+# endif
+ /* No error, try again */
+ break;
+ default:
+ ret = -1;
+ goto err; /* failure */
+ }
+ }
+ }
+ if (egdbuf[0] == 0)
+ goto err;
+ if (buf)
+ retrievebuf = buf + ret;
+ else
+ retrievebuf = tempbuf;
+ numbytes = 0;
+ while (numbytes != egdbuf[0]) {
+ num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
+ if (num == 0)
+ goto err; /* descriptor closed */
+ else if (num > 0)
+ numbytes += num;
+ else {
+ switch (errno) {
+# ifdef EINTR
+ case EINTR:
+# endif
+# ifdef EAGAIN
+ case EAGAIN:
+# endif
+ /* No error, try again */
+ break;
+ default:
+ ret = -1;
+ goto err; /* failure */
+ }
+ }
+ }
+ ret += egdbuf[0];
+ bytes -= egdbuf[0];
+ if (!buf)
+ RAND_seed(tempbuf, egdbuf[0]);
+ }
+ err:
+ if (fd != -1)
+ close(fd);
+ return (ret);
+}
+
+int RAND_egd_bytes(const char *path, int bytes)
+{
+ int num, ret = 0;
+
+ num = RAND_query_egd_bytes(path, NULL, bytes);
+ if (num < 1)
+ goto err;
+ if (RAND_status() == 1)
+ ret = num;
+ err:
+ return (ret);
+}
+
+int RAND_egd(const char *path)
+{
+ return (RAND_egd_bytes(path, 255));
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_eng.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand_eng.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_eng.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,152 +0,0 @@
-/* crypto/rand/rand_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include "rand_lcl.h"
-#include <openssl/rand.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#endif
-
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-#if defined(OPENSSL_FIPS) && !defined(OPENSSL_NO_ENGINE)
-
-/* non-NULL if default_RAND_meth is ENGINE-provided */
-static ENGINE *funct_ref =NULL;
-
-int eng_RAND_set_rand_method(const RAND_METHOD *meth, const RAND_METHOD **pmeth)
- {
- if(funct_ref)
- {
- ENGINE_finish(funct_ref);
- funct_ref = NULL;
- }
- *pmeth = meth;
- return 1;
- }
-
-const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth)
- {
- if (!*pmeth)
- {
- ENGINE *e = ENGINE_get_default_RAND();
- if(e)
- {
- *pmeth = ENGINE_get_RAND(e);
- if(!*pmeth)
- {
- ENGINE_finish(e);
- e = NULL;
- }
- }
- if(e)
- funct_ref = e;
- else
- if(FIPS_mode())
- *pmeth=FIPS_rand_method();
- else
- *pmeth = RAND_SSLeay();
- }
-
- if(FIPS_mode()
- && *pmeth != FIPS_rand_check())
- {
- RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
- return 0;
- }
-
- return *pmeth;
- }
-
-int RAND_set_rand_engine(ENGINE *engine)
- {
- const RAND_METHOD *tmp_meth = NULL;
- if(engine)
- {
- if(!ENGINE_init(engine))
- return 0;
- tmp_meth = ENGINE_get_RAND(engine);
- if(!tmp_meth)
- {
- ENGINE_finish(engine);
- return 0;
- }
- }
- /* This function releases any prior ENGINE so call it first */
- RAND_set_rand_method(tmp_meth);
- funct_ref = engine;
- return 1;
- }
-
-void int_RAND_init_engine_callbacks(void)
- {
- static int done = 0;
- if (done)
- return;
- int_RAND_set_callbacks(eng_RAND_set_rand_method,
- eng_RAND_get_rand_method);
- done = 1;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_eng.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/rand_eng.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_eng.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_eng.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,145 @@
+/* crypto/rand/rand_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "rand_lcl.h"
+#include <openssl/rand.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+# include <openssl/fips_rand.h>
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+#if defined(OPENSSL_FIPS) && !defined(OPENSSL_NO_ENGINE)
+
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref = NULL;
+
+int eng_RAND_set_rand_method(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth)
+{
+ if (funct_ref) {
+ ENGINE_finish(funct_ref);
+ funct_ref = NULL;
+ }
+ *pmeth = meth;
+ return 1;
+}
+
+const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth)
+{
+ if (!*pmeth) {
+ ENGINE *e = ENGINE_get_default_RAND();
+ if (e) {
+ *pmeth = ENGINE_get_RAND(e);
+ if (!*pmeth) {
+ ENGINE_finish(e);
+ e = NULL;
+ }
+ }
+ if (e)
+ funct_ref = e;
+ else if (FIPS_mode())
+ *pmeth = FIPS_rand_method();
+ else
+ *pmeth = RAND_SSLeay();
+ }
+
+ if (FIPS_mode()
+ && *pmeth != FIPS_rand_check()) {
+ RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD, RAND_R_NON_FIPS_METHOD);
+ return 0;
+ }
+
+ return *pmeth;
+}
+
+int RAND_set_rand_engine(ENGINE *engine)
+{
+ const RAND_METHOD *tmp_meth = NULL;
+ if (engine) {
+ if (!ENGINE_init(engine))
+ return 0;
+ tmp_meth = ENGINE_get_RAND(engine);
+ if (!tmp_meth) {
+ ENGINE_finish(engine);
+ return 0;
+ }
+ }
+ /* This function releases any prior ENGINE so call it first */
+ RAND_set_rand_method(tmp_meth);
+ funct_ref = engine;
+ return 1;
+}
+
+void int_RAND_init_engine_callbacks(void)
+{
+ static int done = 0;
+ if (done)
+ return;
+ int_RAND_set_callbacks(eng_RAND_set_rand_method,
+ eng_RAND_get_rand_method);
+ done = 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,114 +0,0 @@
-/* crypto/rand/rand_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
-
-static ERR_STRING_DATA RAND_str_functs[]=
- {
-{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"},
-{ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"},
-{ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
-{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"},
-{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"},
-{ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"},
-{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"},
-{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"},
-{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
-{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA RAND_str_reasons[]=
- {
-{ERR_REASON(RAND_R_NON_FIPS_METHOD) ,"non fips method"},
-{ERR_REASON(RAND_R_NOT_IN_TEST_MODE) ,"not in test mode"},
-{ERR_REASON(RAND_R_NO_KEY_SET) ,"no key set"},
-{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
-{ERR_REASON(RAND_R_PRNG_ERROR) ,"prng error"},
-{ERR_REASON(RAND_R_PRNG_KEYED) ,"prng keyed"},
-{ERR_REASON(RAND_R_PRNG_NOT_REKEYED) ,"prng not rekeyed"},
-{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED) ,"prng not reseeded"},
-{ERR_REASON(RAND_R_PRNG_NOT_SEEDED) ,"PRNG not seeded"},
-{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
-{ERR_REASON(RAND_R_PRNG_STUCK) ,"prng stuck"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_RAND_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(RAND_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,RAND_str_functs);
- ERR_load_strings(0,RAND_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/rand_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,113 @@
+/* crypto/rand/rand_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
+
+static ERR_STRING_DATA RAND_str_functs[] = {
+ {ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"},
+ {ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"},
+ {ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
+ {ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"},
+ {ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"},
+ {ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"},
+ {ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"},
+ {ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"},
+ {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
+ {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA RAND_str_reasons[] = {
+ {ERR_REASON(RAND_R_NON_FIPS_METHOD), "non fips method"},
+ {ERR_REASON(RAND_R_NOT_IN_TEST_MODE), "not in test mode"},
+ {ERR_REASON(RAND_R_NO_KEY_SET), "no key set"},
+ {ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH), "prng asking for too much"},
+ {ERR_REASON(RAND_R_PRNG_ERROR), "prng error"},
+ {ERR_REASON(RAND_R_PRNG_KEYED), "prng keyed"},
+ {ERR_REASON(RAND_R_PRNG_NOT_REKEYED), "prng not rekeyed"},
+ {ERR_REASON(RAND_R_PRNG_NOT_RESEEDED), "prng not reseeded"},
+ {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
+ {ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),
+ "prng seed must not match key"},
+ {ERR_REASON(RAND_R_PRNG_STUCK), "prng stuck"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_RAND_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, RAND_str_functs);
+ ERR_load_strings(0, RAND_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lcl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand_lcl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,169 +0,0 @@
-/* crypto/rand/rand_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_RAND_LCL_H
-#define HEADER_RAND_LCL_H
-
-#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
-
-
-#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-#define USE_SHA1_RAND
-#elif !defined(OPENSSL_NO_MD5)
-#define USE_MD5_RAND
-#elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-#define USE_MDC2_RAND
-#elif !defined(OPENSSL_NO_MD2)
-#define USE_MD2_RAND
-#else
-#error No message digest algorithm available
-#endif
-#endif
-
-#include <openssl/evp.h>
-#define MD_Update(a,b,c) EVP_DigestUpdate(a,b,c)
-#define MD_Final(a,b) EVP_DigestFinal_ex(a,b,NULL)
-#if defined(USE_MD5_RAND)
-#include <openssl/md5.h>
-#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH
-#define MD_Init(a) EVP_DigestInit_ex(a,EVP_md5(), NULL)
-#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)
-#elif defined(USE_SHA1_RAND)
-#include <openssl/sha.h>
-#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH
-#define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha1(), NULL)
-#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)
-#elif defined(USE_MDC2_RAND)
-#include <openssl/mdc2.h>
-#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH
-#define MD_Init(a) EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
-#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)
-#elif defined(USE_MD2_RAND)
-#include <openssl/md2.h>
-#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH
-#define MD_Init(a) EVP_DigestInit_ex(a,EVP_md2(), NULL)
-#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
-#endif
-
-#ifndef OPENSSL_NO_ENGINE
-void int_RAND_set_callbacks(
- int (*set_rand_func)(const RAND_METHOD *meth,
- const RAND_METHOD **pmeth),
- const RAND_METHOD *(*get_rand_func)
- (const RAND_METHOD **pmeth));
-int eng_RAND_set_rand_method(const RAND_METHOD *meth,
- const RAND_METHOD **pmeth);
-const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth);
-#endif
-
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lcl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/rand_lcl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lcl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,166 @@
+/* crypto/rand/rand_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_RAND_LCL_H
+# define HEADER_RAND_LCL_H
+
+# define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */
+
+# if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+# define USE_SHA1_RAND
+# elif !defined(OPENSSL_NO_MD5)
+# define USE_MD5_RAND
+# elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+# define USE_MDC2_RAND
+# elif !defined(OPENSSL_NO_MD2)
+# define USE_MD2_RAND
+# else
+# error No message digest algorithm available
+# endif
+# endif
+
+# include <openssl/evp.h>
+# define MD_Update(a,b,c) EVP_DigestUpdate(a,b,c)
+# define MD_Final(a,b) EVP_DigestFinal_ex(a,b,NULL)
+# if defined(USE_MD5_RAND)
+# include <openssl/md5.h>
+# define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH
+# define MD_Init(a) EVP_DigestInit_ex(a,EVP_md5(), NULL)
+# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)
+# elif defined(USE_SHA1_RAND)
+# include <openssl/sha.h>
+# define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH
+# define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha1(), NULL)
+# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)
+# elif defined(USE_MDC2_RAND)
+# include <openssl/mdc2.h>
+# define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH
+# define MD_Init(a) EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
+# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)
+# elif defined(USE_MD2_RAND)
+# include <openssl/md2.h>
+# define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH
+# define MD_Init(a) EVP_DigestInit_ex(a,EVP_md2(), NULL)
+# define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
+# endif
+
+# ifndef OPENSSL_NO_ENGINE
+void int_RAND_set_callbacks(int (*set_rand_func) (const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth),
+ const RAND_METHOD *(*get_rand_func)
+ (const RAND_METHOD **pmeth));
+int eng_RAND_set_rand_method(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth);
+const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth);
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,245 +0,0 @@
-/* crypto/rand/rand_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#endif
-
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-static const RAND_METHOD *default_RAND_meth = NULL;
-
-#ifdef OPENSSL_FIPS
-
-static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
- const RAND_METHOD **pmeth)
- {
- *pmeth = meth;
- return 1;
- }
-
-static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
- {
- if (!*pmeth)
- {
- if(FIPS_mode())
- *pmeth=FIPS_rand_method();
- else
- *pmeth = RAND_SSLeay();
- }
-
- if(FIPS_mode()
- && *pmeth != FIPS_rand_check())
- {
- RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
- return 0;
- }
-
- return *pmeth;
- }
-
-static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth,
- const RAND_METHOD **pmeth)
- = fips_RAND_set_rand_method;
-static const RAND_METHOD *(*RAND_get_rand_method_func)
- (const RAND_METHOD **pmeth)
- = fips_RAND_get_rand_method;
-
-#ifndef OPENSSL_NO_ENGINE
-void int_RAND_set_callbacks(
- int (*set_rand_func)(const RAND_METHOD *meth,
- const RAND_METHOD **pmeth),
- const RAND_METHOD *(*get_rand_func)
- (const RAND_METHOD **pmeth))
- {
- RAND_set_rand_method_func = set_rand_func;
- RAND_get_rand_method_func = get_rand_func;
- }
-#endif
-
-int RAND_set_rand_method(const RAND_METHOD *meth)
- {
- return RAND_set_rand_method_func(meth, &default_RAND_meth);
- }
-
-const RAND_METHOD *RAND_get_rand_method(void)
- {
- return RAND_get_rand_method_func(&default_RAND_meth);
- }
-
-#else
-
-#ifndef OPENSSL_NO_ENGINE
-/* non-NULL if default_RAND_meth is ENGINE-provided */
-static ENGINE *funct_ref =NULL;
-#endif
-
-int RAND_set_rand_method(const RAND_METHOD *meth)
- {
-#ifndef OPENSSL_NO_ENGINE
- if(funct_ref)
- {
- ENGINE_finish(funct_ref);
- funct_ref = NULL;
- }
-#endif
- default_RAND_meth = meth;
- return 1;
- }
-
-const RAND_METHOD *RAND_get_rand_method(void)
- {
- if (!default_RAND_meth)
- {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = ENGINE_get_default_RAND();
- if(e)
- {
- default_RAND_meth = ENGINE_get_RAND(e);
- if(!default_RAND_meth)
- {
- ENGINE_finish(e);
- e = NULL;
- }
- }
- if(e)
- funct_ref = e;
- else
-#endif
- default_RAND_meth = RAND_SSLeay();
- }
- return default_RAND_meth;
- }
-
-#ifndef OPENSSL_NO_ENGINE
-int RAND_set_rand_engine(ENGINE *engine)
- {
- const RAND_METHOD *tmp_meth = NULL;
- if(engine)
- {
- if(!ENGINE_init(engine))
- return 0;
- tmp_meth = ENGINE_get_RAND(engine);
- if(!tmp_meth)
- {
- ENGINE_finish(engine);
- return 0;
- }
- }
- /* This function releases any prior ENGINE so call it first */
- RAND_set_rand_method(tmp_meth);
- funct_ref = engine;
- return 1;
- }
-#endif
-
-#endif
-
-void RAND_cleanup(void)
- {
- const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth && meth->cleanup)
- meth->cleanup();
- RAND_set_rand_method(NULL);
- }
-
-void RAND_seed(const void *buf, int num)
- {
- const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth && meth->seed)
- meth->seed(buf,num);
- }
-
-void RAND_add(const void *buf, int num, double entropy)
- {
- const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth && meth->add)
- meth->add(buf,num,entropy);
- }
-
-int RAND_bytes(unsigned char *buf, int num)
- {
- const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth && meth->bytes)
- return meth->bytes(buf,num);
- return(-1);
- }
-
-int RAND_pseudo_bytes(unsigned char *buf, int num)
- {
- const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth && meth->pseudorand)
- return meth->pseudorand(buf,num);
- return(-1);
- }
-
-int RAND_status(void)
- {
- const RAND_METHOD *meth = RAND_get_rand_method();
- if (meth && meth->status)
- return meth->status();
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/rand_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,236 @@
+/* crypto/rand/rand_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+# include <openssl/fips_rand.h>
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+static const RAND_METHOD *default_RAND_meth = NULL;
+
+#ifdef OPENSSL_FIPS
+
+static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth)
+{
+ *pmeth = meth;
+ return 1;
+}
+
+static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
+{
+ if (!*pmeth) {
+ if (FIPS_mode())
+ *pmeth = FIPS_rand_method();
+ else
+ *pmeth = RAND_SSLeay();
+ }
+
+ if (FIPS_mode()
+ && *pmeth != FIPS_rand_check()) {
+ RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD, RAND_R_NON_FIPS_METHOD);
+ return 0;
+ }
+
+ return *pmeth;
+}
+
+static int (*RAND_set_rand_method_func) (const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth)
+ = fips_RAND_set_rand_method;
+static const RAND_METHOD *(*RAND_get_rand_method_func)
+ (const RAND_METHOD **pmeth)
+ = fips_RAND_get_rand_method;
+
+# ifndef OPENSSL_NO_ENGINE
+void int_RAND_set_callbacks(int (*set_rand_func) (const RAND_METHOD *meth,
+ const RAND_METHOD **pmeth),
+ const RAND_METHOD *(*get_rand_func)
+ (const RAND_METHOD **pmeth))
+{
+ RAND_set_rand_method_func = set_rand_func;
+ RAND_get_rand_method_func = get_rand_func;
+}
+# endif
+
+int RAND_set_rand_method(const RAND_METHOD *meth)
+{
+ return RAND_set_rand_method_func(meth, &default_RAND_meth);
+}
+
+const RAND_METHOD *RAND_get_rand_method(void)
+{
+ return RAND_get_rand_method_func(&default_RAND_meth);
+}
+
+#else
+
+# ifndef OPENSSL_NO_ENGINE
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref = NULL;
+# endif
+
+int RAND_set_rand_method(const RAND_METHOD *meth)
+{
+# ifndef OPENSSL_NO_ENGINE
+ if (funct_ref) {
+ ENGINE_finish(funct_ref);
+ funct_ref = NULL;
+ }
+# endif
+ default_RAND_meth = meth;
+ return 1;
+}
+
+const RAND_METHOD *RAND_get_rand_method(void)
+{
+ if (!default_RAND_meth) {
+# ifndef OPENSSL_NO_ENGINE
+ ENGINE *e = ENGINE_get_default_RAND();
+ if (e) {
+ default_RAND_meth = ENGINE_get_RAND(e);
+ if (!default_RAND_meth) {
+ ENGINE_finish(e);
+ e = NULL;
+ }
+ }
+ if (e)
+ funct_ref = e;
+ else
+# endif
+ default_RAND_meth = RAND_SSLeay();
+ }
+ return default_RAND_meth;
+}
+
+# ifndef OPENSSL_NO_ENGINE
+int RAND_set_rand_engine(ENGINE *engine)
+{
+ const RAND_METHOD *tmp_meth = NULL;
+ if (engine) {
+ if (!ENGINE_init(engine))
+ return 0;
+ tmp_meth = ENGINE_get_RAND(engine);
+ if (!tmp_meth) {
+ ENGINE_finish(engine);
+ return 0;
+ }
+ }
+ /* This function releases any prior ENGINE so call it first */
+ RAND_set_rand_method(tmp_meth);
+ funct_ref = engine;
+ return 1;
+}
+# endif
+
+#endif
+
+void RAND_cleanup(void)
+{
+ const RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth && meth->cleanup)
+ meth->cleanup();
+ RAND_set_rand_method(NULL);
+}
+
+void RAND_seed(const void *buf, int num)
+{
+ const RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth && meth->seed)
+ meth->seed(buf, num);
+}
+
+void RAND_add(const void *buf, int num, double entropy)
+{
+ const RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth && meth->add)
+ meth->add(buf, num, entropy);
+}
+
+int RAND_bytes(unsigned char *buf, int num)
+{
+ const RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth && meth->bytes)
+ return meth->bytes(buf, num);
+ return (-1);
+}
+
+int RAND_pseudo_bytes(unsigned char *buf, int num)
+{
+ const RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth && meth->pseudorand)
+ return meth->pseudorand(buf, num);
+ return (-1);
+}
+
+int RAND_status(void)
+{
+ const RAND_METHOD *meth = RAND_get_rand_method();
+ if (meth && meth->status)
+ return meth->status();
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_nw.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand_nw.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_nw.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,183 +0,0 @@
-/* crypto/rand/rand_nw.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#if defined (OPENSSL_SYS_NETWARE)
-
-#if defined(NETWARE_LIBC)
-#include <nks/thread.h>
-#else
-#include <nwthread.h>
-#endif
-
-extern int GetProcessSwitchCount(void);
-#if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000)
-extern void *RunningProcess; /* declare here same as found in newer NDKs */
-extern unsigned long GetSuperHighResolutionTimer(void);
-#endif
-
- /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed
- */
-int RAND_poll(void)
-{
- unsigned long l;
- unsigned long tsc;
- int i;
-
- /* There are several options to gather miscellaneous data
- * but for now we will loop checking the time stamp counter (rdtsc) and
- * the SuperHighResolutionTimer. Each iteration will collect 8 bytes
- * of data but it is treated as only 1 byte of entropy. The call to
- * ThreadSwitchWithDelay() will introduce additional variability into
- * the data returned by rdtsc.
- *
- * Applications can agument the seed material by adding additional
- * stuff with RAND_add() and should probably do so.
- */
- l = GetProcessSwitchCount();
- RAND_add(&l,sizeof(l),1);
-
- /* need to cast the void* to unsigned long here */
- l = (unsigned long)RunningProcess;
- RAND_add(&l,sizeof(l),1);
-
- for( i=2; i<ENTROPY_NEEDED; i++)
- {
-#ifdef __MWERKS__
- asm
- {
- rdtsc
- mov tsc, eax
- }
-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
- asm volatile("rdtsc":"=a"(tsc)::"edx");
-#endif
-
- RAND_add(&tsc, sizeof(tsc), 1);
-
- l = GetSuperHighResolutionTimer();
- RAND_add(&l, sizeof(l), 0);
-
-# if defined(NETWARE_LIBC)
- NXThreadYield();
-# else /* NETWARE_CLIB */
- ThreadSwitchWithDelay();
-# endif
- }
-
- return 1;
-}
-
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_nw.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/rand_nw.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_nw.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_nw.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,179 @@
+/* crypto/rand/rand_nw.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined (OPENSSL_SYS_NETWARE)
+
+# if defined(NETWARE_LIBC)
+# include <nks/thread.h>
+# else
+# include <nwthread.h>
+# endif
+
+extern int GetProcessSwitchCount(void);
+# if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000)
+extern void *RunningProcess; /* declare here same as found in newer NDKs */
+extern unsigned long GetSuperHighResolutionTimer(void);
+# endif
+
+ /*
+ * the FAQ indicates we need to provide at least 20 bytes (160 bits) of
+ * seed
+ */
+int RAND_poll(void)
+{
+ unsigned long l;
+ unsigned long tsc;
+ int i;
+
+ /*
+ * There are several options to gather miscellaneous data but for now we
+ * will loop checking the time stamp counter (rdtsc) and the
+ * SuperHighResolutionTimer. Each iteration will collect 8 bytes of data
+ * but it is treated as only 1 byte of entropy. The call to
+ * ThreadSwitchWithDelay() will introduce additional variability into the
+ * data returned by rdtsc. Applications can agument the seed material by
+ * adding additional stuff with RAND_add() and should probably do so.
+ */
+ l = GetProcessSwitchCount();
+ RAND_add(&l, sizeof(l), 1);
+
+ /* need to cast the void* to unsigned long here */
+ l = (unsigned long)RunningProcess;
+ RAND_add(&l, sizeof(l), 1);
+
+ for (i = 2; i < ENTROPY_NEEDED; i++) {
+# ifdef __MWERKS__
+ asm {
+ rdtsc mov tsc, eax}
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+ asm volatile ("rdtsc":"=a" (tsc)::"edx");
+# endif
+
+ RAND_add(&tsc, sizeof(tsc), 1);
+
+ l = GetSuperHighResolutionTimer();
+ RAND_add(&l, sizeof(l), 0);
+
+# if defined(NETWARE_LIBC)
+ NXThreadYield();
+# else /* NETWARE_CLIB */
+ ThreadSwitchWithDelay();
+# endif
+ }
+
+ return 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_os2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand_os2.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_os2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,147 +0,0 @@
-/* crypto/rand/rand_os2.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#ifdef OPENSSL_SYS_OS2
-
-#define INCL_DOSPROCESS
-#define INCL_DOSPROFILE
-#define INCL_DOSMISC
-#define INCL_DOSMODULEMGR
-#include <os2.h>
-
-#define CMD_KI_RDCNT (0x63)
-
-typedef struct _CPUUTIL {
- ULONG ulTimeLow; /* Low 32 bits of time stamp */
- ULONG ulTimeHigh; /* High 32 bits of time stamp */
- ULONG ulIdleLow; /* Low 32 bits of idle time */
- ULONG ulIdleHigh; /* High 32 bits of idle time */
- ULONG ulBusyLow; /* Low 32 bits of busy time */
- ULONG ulBusyHigh; /* High 32 bits of busy time */
- ULONG ulIntrLow; /* Low 32 bits of interrupt time */
- ULONG ulIntrHigh; /* High 32 bits of interrupt time */
-} CPUUTIL;
-
-APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL;
-APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL;
-HMODULE hDoscalls = 0;
-
-int RAND_poll(void)
-{
- char failed_module[20];
- QWORD qwTime;
- ULONG SysVars[QSV_FOREGROUND_PROCESS];
-
- if (hDoscalls == 0) {
- ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls);
-
- if (rc == 0) {
- rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall);
-
- if (rc)
- DosPerfSysCall = NULL;
-
- rc = DosQueryProcAddr(hDoscalls, 368, NULL, (PFN *)&DosQuerySysState);
-
- if (rc)
- DosQuerySysState = NULL;
- }
- }
-
- /* Sample the hi-res timer, runs at around 1.1 MHz */
- DosTmrQueryTime(&qwTime);
- RAND_add(&qwTime, sizeof(qwTime), 2);
-
- /* Sample a bunch of system variables, includes various process & memory statistics */
- DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars));
- RAND_add(SysVars, sizeof(SysVars), 4);
-
- /* If available, sample CPU registers that count at CPU MHz
- * Only fairly new CPUs (PPro & K6 onwards) & OS/2 versions support this
- */
- if (DosPerfSysCall) {
- CPUUTIL util;
-
- if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG)&util, 0, 0) == 0) {
- RAND_add(&util, sizeof(util), 10);
- }
- else {
- DosPerfSysCall = NULL;
- }
- }
-
- /* DosQuerySysState() gives us a huge quantity of process, thread, memory & handle stats */
- if (DosQuerySysState) {
- char *buffer = OPENSSL_malloc(256 * 1024);
-
- if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) {
- /* First 4 bytes in buffer is a pointer to the thread count
- * there should be at least 1 byte of entropy per thread
- */
- RAND_add(buffer, 256 * 1024, **(ULONG **)buffer);
- }
-
- OPENSSL_free(buffer);
- return 1;
- }
-
- return 0;
-}
-
-#endif /* OPENSSL_SYS_OS2 */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_os2.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/rand_os2.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_os2.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_os2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,161 @@
+/* crypto/rand/rand_os2.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#ifdef OPENSSL_SYS_OS2
+
+# define INCL_DOSPROCESS
+# define INCL_DOSPROFILE
+# define INCL_DOSMISC
+# define INCL_DOSMODULEMGR
+# include <os2.h>
+
+# define CMD_KI_RDCNT (0x63)
+
+typedef struct _CPUUTIL {
+ ULONG ulTimeLow; /* Low 32 bits of time stamp */
+ ULONG ulTimeHigh; /* High 32 bits of time stamp */
+ ULONG ulIdleLow; /* Low 32 bits of idle time */
+ ULONG ulIdleHigh; /* High 32 bits of idle time */
+ ULONG ulBusyLow; /* Low 32 bits of busy time */
+ ULONG ulBusyHigh; /* High 32 bits of busy time */
+ ULONG ulIntrLow; /* Low 32 bits of interrupt time */
+ ULONG ulIntrHigh; /* High 32 bits of interrupt time */
+} CPUUTIL;
+
+APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1,
+ ULONG ulParm2, ULONG ulParm3) = NULL;
+APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid,
+ ULONG _res_, PVOID buf, ULONG bufsz) =
+ NULL;
+HMODULE hDoscalls = 0;
+
+int RAND_poll(void)
+{
+ char failed_module[20];
+ QWORD qwTime;
+ ULONG SysVars[QSV_FOREGROUND_PROCESS];
+
+ if (hDoscalls == 0) {
+ ULONG rc =
+ DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS",
+ &hDoscalls);
+
+ if (rc == 0) {
+ rc = DosQueryProcAddr(hDoscalls, 976, NULL,
+ (PFN *) & DosPerfSysCall);
+
+ if (rc)
+ DosPerfSysCall = NULL;
+
+ rc = DosQueryProcAddr(hDoscalls, 368, NULL,
+ (PFN *) & DosQuerySysState);
+
+ if (rc)
+ DosQuerySysState = NULL;
+ }
+ }
+
+ /* Sample the hi-res timer, runs at around 1.1 MHz */
+ DosTmrQueryTime(&qwTime);
+ RAND_add(&qwTime, sizeof(qwTime), 2);
+
+ /*
+ * Sample a bunch of system variables, includes various process & memory
+ * statistics
+ */
+ DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars));
+ RAND_add(SysVars, sizeof(SysVars), 4);
+
+ /*
+ * If available, sample CPU registers that count at CPU MHz Only fairly
+ * new CPUs (PPro & K6 onwards) & OS/2 versions support this
+ */
+ if (DosPerfSysCall) {
+ CPUUTIL util;
+
+ if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG) & util, 0, 0) == 0) {
+ RAND_add(&util, sizeof(util), 10);
+ } else {
+ DosPerfSysCall = NULL;
+ }
+ }
+
+ /*
+ * DosQuerySysState() gives us a huge quantity of process, thread, memory
+ * & handle stats
+ */
+ if (DosQuerySysState) {
+ char *buffer = OPENSSL_malloc(256 * 1024);
+
+ if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) {
+ /*
+ * First 4 bytes in buffer is a pointer to the thread count there
+ * should be at least 1 byte of entropy per thread
+ */
+ RAND_add(buffer, 256 * 1024, **(ULONG **) buffer);
+ }
+
+ OPENSSL_free(buffer);
+ return 1;
+ }
+
+ return 0;
+}
+
+#endif /* OPENSSL_SYS_OS2 */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_unix.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand_unix.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_unix.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,330 +0,0 @@
-/* crypto/rand/rand_unix.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#include <stdio.h>
-
-#define USE_SOCKETS
-#include "e_os.h"
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/times.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <time.h>
-#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */
-# include <poll.h>
-#endif
-#include <limits.h>
-#ifndef FD_SETSIZE
-# define FD_SETSIZE (8*sizeof(fd_set))
-#endif
-
-#ifdef __OpenBSD__
-int RAND_poll(void)
-{
- u_int32_t rnd = 0, i;
- unsigned char buf[ENTROPY_NEEDED];
-
- for (i = 0; i < sizeof(buf); i++) {
- if (i % 4 == 0)
- rnd = arc4random();
- buf[i] = rnd;
- rnd >>= 8;
- }
- RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
- memset(buf, 0, sizeof(buf));
-
- return 1;
-}
-#else /* !defined(__OpenBSD__) */
-int RAND_poll(void)
-{
- unsigned long l;
- pid_t curr_pid = getpid();
-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
- unsigned char tmpbuf[ENTROPY_NEEDED];
- int n = 0;
-#endif
-#ifdef DEVRANDOM
- static const char *randomfiles[] = { DEVRANDOM };
- struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
- int fd;
- size_t i;
-#endif
-#ifdef DEVRANDOM_EGD
- static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
- const char **egdsocket = NULL;
-#endif
-
-#ifdef DEVRANDOM
- memset(randomstats,0,sizeof(randomstats));
- /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
- * have this. Use /dev/urandom if you can as /dev/random may block
- * if it runs out of random entries. */
-
- for (i=0; i<sizeof(randomfiles)/sizeof(randomfiles[0]) && n < ENTROPY_NEEDED; i++)
- {
- if ((fd = open(randomfiles[i], O_RDONLY
-#ifdef O_NONBLOCK
- |O_NONBLOCK
-#endif
-#ifdef O_BINARY
- |O_BINARY
-#endif
-#ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it
- our controlling tty */
- |O_NOCTTY
-#endif
- )) >= 0)
- {
- int usec = 10*1000; /* spend 10ms on each file */
- int r;
- size_t j;
- struct stat *st=&randomstats[i];
-
- /* Avoid using same input... Used to be O_NOFOLLOW
- * above, but it's not universally appropriate... */
- if (fstat(fd,st) != 0) { close(fd); continue; }
- for (j=0;j<i;j++)
- {
- if (randomstats[j].st_ino==st->st_ino &&
- randomstats[j].st_dev==st->st_dev)
- break;
- }
- if (j<i) { close(fd); continue; }
-
- do
- {
- int try_read = 0;
-
-#if defined(OPENSSL_SYS_LINUX)
- /* use poll() */
- struct pollfd pset;
-
- pset.fd = fd;
- pset.events = POLLIN;
- pset.revents = 0;
-
- if (poll(&pset, 1, usec / 1000) < 0)
- usec = 0;
- else
- try_read = (pset.revents & POLLIN) != 0;
-
-#else
- /* use select() */
- fd_set fset;
- struct timeval t;
-
- t.tv_sec = 0;
- t.tv_usec = usec;
-
- if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE)
- {
- /* can't use select, so just try to read once anyway */
- try_read = 1;
- }
- else
- {
- FD_ZERO(&fset);
- FD_SET(fd, &fset);
-
- if (select(fd+1,&fset,NULL,NULL,&t) >= 0)
- {
- usec = t.tv_usec;
- if (FD_ISSET(fd, &fset))
- try_read = 1;
- }
- else
- usec = 0;
- }
-#endif
-
- if (try_read)
- {
- r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n);
- if (r > 0)
- n += r;
- }
- else
- r = -1;
-
- /* Some Unixen will update t in select(), some
- won't. For those who won't, or if we
- didn't use select() in the first place,
- give up here, otherwise, we will do
- this once again for the remaining
- time. */
- if (usec == 10*1000)
- usec = 0;
- }
- while ((r > 0 ||
- (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);
-
- close(fd);
- }
- }
-#endif /* defined(DEVRANDOM) */
-
-#ifdef DEVRANDOM_EGD
- /* Use an EGD socket to read entropy from an EGD or PRNGD entropy
- * collecting daemon. */
-
- for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++)
- {
- int r;
-
- r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n,
- ENTROPY_NEEDED-n);
- if (r > 0)
- n += r;
- }
-#endif /* defined(DEVRANDOM_EGD) */
-
-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
- if (n > 0)
- {
- RAND_add(tmpbuf,sizeof tmpbuf,(double)n);
- OPENSSL_cleanse(tmpbuf,n);
- }
-#endif
-
- /* put in some default random data, we need more than just this */
- l=curr_pid;
- RAND_add(&l,sizeof(l),0.0);
- l=getuid();
- RAND_add(&l,sizeof(l),0.0);
-
- l=time(NULL);
- RAND_add(&l,sizeof(l),0.0);
-
-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
- return 1;
-#else
- return 0;
-#endif
-}
-
-#endif /* defined(__OpenBSD__) */
-#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
-
-
-#if defined(OPENSSL_SYS_VXWORKS)
-int RAND_poll(void)
- {
- return 0;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_unix.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/rand_unix.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_unix.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_unix.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,340 @@
+/* crypto/rand/rand_unix.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+
+#define USE_SOCKETS
+#include "e_os.h"
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE))
+
+# include <sys/types.h>
+# include <sys/time.h>
+# include <sys/times.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+# include <unistd.h>
+# include <time.h>
+# if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
+ * everywhere */
+# include <poll.h>
+# endif
+# include <limits.h>
+# ifndef FD_SETSIZE
+# define FD_SETSIZE (8*sizeof(fd_set))
+# endif
+
+# ifdef __OpenBSD__
+int RAND_poll(void)
+{
+ u_int32_t rnd = 0, i;
+ unsigned char buf[ENTROPY_NEEDED];
+
+ for (i = 0; i < sizeof(buf); i++) {
+ if (i % 4 == 0)
+ rnd = arc4random();
+ buf[i] = rnd;
+ rnd >>= 8;
+ }
+ RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+ memset(buf, 0, sizeof(buf));
+
+ return 1;
+}
+# else /* !defined(__OpenBSD__) */
+int RAND_poll(void)
+{
+ unsigned long l;
+ pid_t curr_pid = getpid();
+# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+ unsigned char tmpbuf[ENTROPY_NEEDED];
+ int n = 0;
+# endif
+# ifdef DEVRANDOM
+ static const char *randomfiles[] = { DEVRANDOM };
+ struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])];
+ int fd;
+ size_t i;
+# endif
+# ifdef DEVRANDOM_EGD
+ static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
+ const char **egdsocket = NULL;
+# endif
+
+# ifdef DEVRANDOM
+ memset(randomstats, 0, sizeof(randomstats));
+ /*
+ * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have
+ * this. Use /dev/urandom if you can as /dev/random may block if it runs
+ * out of random entries.
+ */
+
+ for (i = 0; i < sizeof(randomfiles) / sizeof(randomfiles[0])
+ && n < ENTROPY_NEEDED; i++) {
+ if ((fd = open(randomfiles[i], O_RDONLY
+# ifdef O_NONBLOCK
+ | O_NONBLOCK
+# endif
+# ifdef O_BINARY
+ | O_BINARY
+# endif
+# ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do
+ * not make it our controlling tty */
+ | O_NOCTTY
+# endif
+ )) >= 0) {
+ int usec = 10 * 1000; /* spend 10ms on each file */
+ int r;
+ size_t j;
+ struct stat *st = &randomstats[i];
+
+ /*
+ * Avoid using same input... Used to be O_NOFOLLOW above, but
+ * it's not universally appropriate...
+ */
+ if (fstat(fd, st) != 0) {
+ close(fd);
+ continue;
+ }
+ for (j = 0; j < i; j++) {
+ if (randomstats[j].st_ino == st->st_ino &&
+ randomstats[j].st_dev == st->st_dev)
+ break;
+ }
+ if (j < i) {
+ close(fd);
+ continue;
+ }
+
+ do {
+ int try_read = 0;
+
+# if defined(OPENSSL_SYS_LINUX)
+ /* use poll() */
+ struct pollfd pset;
+
+ pset.fd = fd;
+ pset.events = POLLIN;
+ pset.revents = 0;
+
+ if (poll(&pset, 1, usec / 1000) < 0)
+ usec = 0;
+ else
+ try_read = (pset.revents & POLLIN) != 0;
+
+# else
+ /* use select() */
+ fd_set fset;
+ struct timeval t;
+
+ t.tv_sec = 0;
+ t.tv_usec = usec;
+
+ if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) {
+ /*
+ * can't use select, so just try to read once anyway
+ */
+ try_read = 1;
+ } else {
+ FD_ZERO(&fset);
+ FD_SET(fd, &fset);
+
+ if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) {
+ usec = t.tv_usec;
+ if (FD_ISSET(fd, &fset))
+ try_read = 1;
+ } else
+ usec = 0;
+ }
+# endif
+
+ if (try_read) {
+ r = read(fd, (unsigned char *)tmpbuf + n,
+ ENTROPY_NEEDED - n);
+ if (r > 0)
+ n += r;
+ } else
+ r = -1;
+
+ /*
+ * Some Unixen will update t in select(), some won't. For
+ * those who won't, or if we didn't use select() in the first
+ * place, give up here, otherwise, we will do this once again
+ * for the remaining time.
+ */
+ if (usec == 10 * 1000)
+ usec = 0;
+ }
+ while ((r > 0 ||
+ (errno == EINTR || errno == EAGAIN)) && usec != 0
+ && n < ENTROPY_NEEDED);
+
+ close(fd);
+ }
+ }
+# endif /* defined(DEVRANDOM) */
+
+# ifdef DEVRANDOM_EGD
+ /*
+ * Use an EGD socket to read entropy from an EGD or PRNGD entropy
+ * collecting daemon.
+ */
+
+ for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
+ egdsocket++) {
+ int r;
+
+ r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
+ ENTROPY_NEEDED - n);
+ if (r > 0)
+ n += r;
+ }
+# endif /* defined(DEVRANDOM_EGD) */
+
+# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+ if (n > 0) {
+ RAND_add(tmpbuf, sizeof tmpbuf, (double)n);
+ OPENSSL_cleanse(tmpbuf, n);
+ }
+# endif
+
+ /* put in some default random data, we need more than just this */
+ l = curr_pid;
+ RAND_add(&l, sizeof(l), 0.0);
+ l = getuid();
+ RAND_add(&l, sizeof(l), 0.0);
+
+ l = time(NULL);
+ RAND_add(&l, sizeof(l), 0.0);
+
+# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+ return 1;
+# else
+ return 0;
+# endif
+}
+
+# endif /* defined(__OpenBSD__) */
+#endif /* !(defined(OPENSSL_SYS_WINDOWS) ||
+ * defined(OPENSSL_SYS_WIN32) ||
+ * defined(OPENSSL_SYS_VMS) ||
+ * defined(OPENSSL_SYS_OS2) ||
+ * defined(OPENSSL_SYS_VXWORKS) ||
+ * defined(OPENSSL_SYS_NETWARE)) */
+
+#if defined(OPENSSL_SYS_VXWORKS)
+int RAND_poll(void)
+{
+ return 0;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_vms.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand_vms.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_vms.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,136 +0,0 @@
-/* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte <richard at levitte.org> for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#if defined(OPENSSL_SYS_VMS)
-
-#include <descrip.h>
-#include <jpidef.h>
-#include <ssdef.h>
-#include <starlet.h>
-#ifdef __DECC
-# pragma message disable DOLLARID
-#endif
-
-static struct items_data_st
- {
- short length, code; /* length is amount of bytes */
- } items_data[] =
- { { 4, JPI$_BUFIO },
- { 4, JPI$_CPUTIM },
- { 4, JPI$_DIRIO },
- { 8, JPI$_LOGINTIM },
- { 4, JPI$_PAGEFLTS },
- { 4, JPI$_PID },
- { 4, JPI$_WSSIZE },
- { 0, 0 }
- };
-
-int RAND_poll(void)
- {
- long pid, iosb[2];
- int status = 0;
- struct
- {
- short length, code;
- long *buffer;
- int *retlen;
- } item[32], *pitem;
- unsigned char data_buffer[256];
- short total_length = 0;
- struct items_data_st *pitems_data;
-
- pitems_data = items_data;
- pitem = item;
-
- /* Setup */
- while (pitems_data->length
- && (total_length + pitems_data->length <= 256))
- {
- pitem->length = pitems_data->length;
- pitem->code = pitems_data->code;
- pitem->buffer = (long *)&data_buffer[total_length];
- pitem->retlen = 0;
- total_length += pitems_data->length;
- pitems_data++;
- pitem++;
- }
- pitem->length = pitem->code = 0;
-
- /*
- * Scan through all the processes in the system and add entropy with
- * results from the processes that were possible to look at.
- * However, view the information as only half trustable.
- */
- pid = -1; /* search context */
- while ((status = sys$getjpiw(0, &pid, 0, item, iosb, 0, 0))
- != SS$_NOMOREPROC)
- {
- if (status == SS$_NORMAL)
- {
- RAND_add(data_buffer, total_length, total_length/2);
- }
- }
- sys$gettim(iosb);
- RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb)/2);
- return 1;
-}
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_vms.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/rand_vms.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_vms.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_vms.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,147 @@
+/* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte <richard at levitte.org> for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined(OPENSSL_SYS_VMS)
+
+# include <descrip.h>
+# include <jpidef.h>
+# include <ssdef.h>
+# include <starlet.h>
+# ifdef __DECC
+# pragma message disable DOLLARID
+# endif
+
+static struct items_data_st {
+ short length, code; /* length is amount of bytes */
+} items_data[] = {
+ {
+ 4, JPI$_BUFIO
+ },
+ {
+ 4, JPI$_CPUTIM
+ },
+ {
+ 4, JPI$_DIRIO
+ },
+ {
+ 8, JPI$_LOGINTIM
+ },
+ {
+ 4, JPI$_PAGEFLTS
+ },
+ {
+ 4, JPI$_PID
+ },
+ {
+ 4, JPI$_WSSIZE
+ },
+ {
+ 0, 0
+ }
+};
+
+int RAND_poll(void)
+{
+ long pid, iosb[2];
+ int status = 0;
+ struct {
+ short length, code;
+ long *buffer;
+ int *retlen;
+ } item[32], *pitem;
+ unsigned char data_buffer[256];
+ short total_length = 0;
+ struct items_data_st *pitems_data;
+
+ pitems_data = items_data;
+ pitem = item;
+
+ /* Setup */
+ while (pitems_data->length && (total_length + pitems_data->length <= 256)) {
+ pitem->length = pitems_data->length;
+ pitem->code = pitems_data->code;
+ pitem->buffer = (long *)&data_buffer[total_length];
+ pitem->retlen = 0;
+ total_length += pitems_data->length;
+ pitems_data++;
+ pitem ++;
+ }
+ pitem->length = pitem->code = 0;
+
+ /*
+ * Scan through all the processes in the system and add entropy with
+ * results from the processes that were possible to look at.
+ * However, view the information as only half trustable.
+ */
+ pid = -1; /* search context */
+ while ((status = sys$getjpiw(0, &pid, 0, item, iosb, 0, 0))
+ != SS$_NOMOREPROC) {
+ if (status == SS$_NORMAL) {
+ RAND_add(data_buffer, total_length, total_length / 2);
+ }
+ }
+ sys$gettim(iosb);
+ RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb) / 2);
+ return 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_win.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/rand_win.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_win.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,807 +0,0 @@
-/* crypto/rand/rand_win.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/rand.h>
-#include "rand_lcl.h"
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-#include <windows.h>
-#ifndef _WIN32_WINNT
-# define _WIN32_WINNT 0x0400
-#endif
-#include <wincrypt.h>
-#include <tlhelp32.h>
-
-/* Limit the time spent walking through the heap, processes, threads and modules to
- a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */
-#define MAXDELAY 1000
-
-/* Intel hardware RNG CSP -- available from
- * http://developer.intel.com/design/security/rng/redist_license.htm
- */
-#define PROV_INTEL_SEC 22
-#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
-
-static void readtimer(void);
-static void readscreen(void);
-
-/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
- when WINVER is 0x0500 and up, which currently only happens on Win2000.
- Unfortunately, those are typedefs, so they're a little bit difficult to
- detect properly. On the other hand, the macro CURSOR_SHOWING is defined
- within the same conditional, so it can be use to detect the absence of said
- typedefs. */
-
-#ifndef CURSOR_SHOWING
-/*
- * Information about the global cursor.
- */
-typedef struct tagCURSORINFO
-{
- DWORD cbSize;
- DWORD flags;
- HCURSOR hCursor;
- POINT ptScreenPos;
-} CURSORINFO, *PCURSORINFO, *LPCURSORINFO;
-
-#define CURSOR_SHOWING 0x00000001
-#endif /* CURSOR_SHOWING */
-
-#if !defined(OPENSSL_SYS_WINCE)
-typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR,
- DWORD, DWORD);
-typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
-typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
-
-typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID);
-typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
-typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
-
-typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
-typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
-typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t);
-typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
-typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
-typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
-typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
-typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
-
-#include <lmcons.h>
-#include <lmstats.h>
-#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE
- * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was
- * was added to the Platform SDK to allow the NET API to be used in
- * non-Unicode applications provided that Unicode strings were still
- * used for input. LMSTR is defined as LPWSTR.
- */
-typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
- (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);
-typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
-#endif /* 1 */
-#endif /* !OPENSSL_SYS_WINCE */
-
-int RAND_poll(void)
-{
- MEMORYSTATUS m;
- HCRYPTPROV hProvider = 0;
- DWORD w;
- int good = 0;
-
- /* Determine the OS version we are on so we can turn off things
- * that do not work properly.
- */
- OSVERSIONINFO osverinfo ;
- osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
- GetVersionEx( &osverinfo ) ;
-
-#if defined(OPENSSL_SYS_WINCE)
-# if defined(_WIN32_WCE) && _WIN32_WCE>=300
-/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
- * in commonly available implementations prior 300... */
- {
- BYTE buf[64];
- /* poll the CryptoAPI PRNG */
- /* The CryptoAPI returns sizeof(buf) bytes of randomness */
- if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT))
- {
- if (CryptGenRandom(hProvider, sizeof(buf), buf))
- RAND_add(buf, sizeof(buf), sizeof(buf));
- CryptReleaseContext(hProvider, 0);
- }
- }
-# endif
-#else /* OPENSSL_SYS_WINCE */
- /*
- * None of below libraries are present on Windows CE, which is
- * why we #ifndef the whole section. This also excuses us from
- * handling the GetProcAddress issue. The trouble is that in
- * real Win32 API GetProcAddress is available in ANSI flavor
- * only. In WinCE on the other hand GetProcAddress is a macro
- * most commonly defined as GetProcAddressW, which accepts
- * Unicode argument. If we were to call GetProcAddress under
- * WinCE, I'd recommend to either redefine GetProcAddress as
- * GetProcAddressA (there seem to be one in common CE spec) or
- * implement own shim routine, which would accept ANSI argument
- * and expand it to Unicode.
- */
- {
- /* load functions dynamically - not available on all systems */
- HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
- HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
- HMODULE user = NULL;
- HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
- CRYPTACQUIRECONTEXTW acquire = NULL;
- CRYPTGENRANDOM gen = NULL;
- CRYPTRELEASECONTEXT release = NULL;
- NETSTATGET netstatget = NULL;
- NETFREE netfree = NULL;
- BYTE buf[64];
-
- if (netapi)
- {
- netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
- netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");
- }
-
- if (netstatget && netfree)
- {
- LPBYTE outbuf;
- /* NetStatisticsGet() is a Unicode only function
- * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
- * contains 17 fields. We treat each field as a source of
- * one byte of entropy.
- */
-
- if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
- {
- RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
- netfree(outbuf);
- }
- if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)
- {
- RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
- netfree(outbuf);
- }
- }
-
- if (netapi)
- FreeLibrary(netapi);
-
- /* It appears like this can cause an exception deep within ADVAPI32.DLL
- * at random times on Windows 2000. Reported by Jeffrey Altman.
- * Only use it on NT.
- */
- /* Wolfgang Marczy <WMarczy at topcall.co.at> reports that
- * the RegQueryValueEx call below can hang on NT4.0 (SP6).
- * So we don't use this at all for now. */
-#if 0
- if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
- osverinfo.dwMajorVersion < 5)
- {
- /* Read Performance Statistics from NT/2000 registry
- * The size of the performance data can vary from call
- * to call so we must guess the size of the buffer to use
- * and increase its size if we get an ERROR_MORE_DATA
- * return instead of ERROR_SUCCESS.
- */
- LONG rc=ERROR_MORE_DATA;
- char * buf=NULL;
- DWORD bufsz=0;
- DWORD length;
-
- while (rc == ERROR_MORE_DATA)
- {
- buf = realloc(buf,bufsz+8192);
- if (!buf)
- break;
- bufsz += 8192;
-
- length = bufsz;
- rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),
- NULL, NULL, buf, &length);
- }
- if (rc == ERROR_SUCCESS)
- {
- /* For entropy count assume only least significant
- * byte of each DWORD is random.
- */
- RAND_add(&length, sizeof(length), 0);
- RAND_add(buf, length, length / 4.0);
-
- /* Close the Registry Key to allow Windows to cleanup/close
- * the open handle
- * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
- * when the RegQueryValueEx above is done. However, if
- * it is not explicitly closed, it can cause disk
- * partition manipulation problems.
- */
- RegCloseKey(HKEY_PERFORMANCE_DATA);
- }
- if (buf)
- free(buf);
- }
-#endif
-
- if (advapi)
- {
- /*
- * If it's available, then it's available in both ANSI
- * and UNICODE flavors even in Win9x, documentation says.
- * We favor Unicode...
- */
- acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
- "CryptAcquireContextW");
- gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
- "CryptGenRandom");
- release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
- "CryptReleaseContext");
- }
-
- if (acquire && gen && release)
- {
- /* poll the CryptoAPI PRNG */
- /* The CryptoAPI returns sizeof(buf) bytes of randomness */
- if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT))
- {
- if (gen(hProvider, sizeof(buf), buf) != 0)
- {
- RAND_add(buf, sizeof(buf), 0);
- good = 1;
-#if 0
- printf("randomness from PROV_RSA_FULL\n");
-#endif
- }
- release(hProvider, 0);
- }
-
- /* poll the Pentium PRG with CryptoAPI */
- if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
- {
- if (gen(hProvider, sizeof(buf), buf) != 0)
- {
- RAND_add(buf, sizeof(buf), sizeof(buf));
- good = 1;
-#if 0
- printf("randomness from PROV_INTEL_SEC\n");
-#endif
- }
- release(hProvider, 0);
- }
- }
-
- if (advapi)
- FreeLibrary(advapi);
-
- if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT ||
- !OPENSSL_isservice()) &&
- (user = LoadLibrary(TEXT("USER32.DLL"))))
- {
- GETCURSORINFO cursor;
- GETFOREGROUNDWINDOW win;
- GETQUEUESTATUS queue;
-
- win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
- cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
- queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
-
- if (win)
- {
- /* window handle */
- HWND h = win();
- RAND_add(&h, sizeof(h), 0);
- }
- if (cursor)
- {
- /* unfortunately, its not safe to call GetCursorInfo()
- * on NT4 even though it exists in SP3 (or SP6) and
- * higher.
- */
- if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
- osverinfo.dwMajorVersion < 5)
- cursor = 0;
- }
- if (cursor)
- {
- /* cursor position */
- /* assume 2 bytes of entropy */
- CURSORINFO ci;
- ci.cbSize = sizeof(CURSORINFO);
- if (cursor(&ci))
- RAND_add(&ci, ci.cbSize, 2);
- }
-
- if (queue)
- {
- /* message queue status */
- /* assume 1 byte of entropy */
- w = queue(QS_ALLEVENTS);
- RAND_add(&w, sizeof(w), 1);
- }
-
- FreeLibrary(user);
- }
-
- /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
- * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
- * (Win 9x and 2000 only, not available on NT)
- *
- * This seeding method was proposed in Peter Gutmann, Software
- * Generation of Practically Strong Random Numbers,
- * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
- * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
- * (The assignment of entropy estimates below is arbitrary, but based
- * on Peter's analysis the full poll appears to be safe. Additional
- * interactive seeding is encouraged.)
- */
-
- if (kernel)
- {
- CREATETOOLHELP32SNAPSHOT snap;
- CLOSETOOLHELP32SNAPSHOT close_snap;
- HANDLE handle;
-
- HEAP32FIRST heap_first;
- HEAP32NEXT heap_next;
- HEAP32LIST heaplist_first, heaplist_next;
- PROCESS32 process_first, process_next;
- THREAD32 thread_first, thread_next;
- MODULE32 module_first, module_next;
-
- HEAPLIST32 hlist;
- HEAPENTRY32 hentry;
- PROCESSENTRY32 p;
- THREADENTRY32 t;
- MODULEENTRY32 m;
- DWORD starttime = 0;
-
- snap = (CREATETOOLHELP32SNAPSHOT)
- GetProcAddress(kernel, "CreateToolhelp32Snapshot");
- close_snap = (CLOSETOOLHELP32SNAPSHOT)
- GetProcAddress(kernel, "CloseToolhelp32Snapshot");
- heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
- heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
- heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
- heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
- process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
- process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
- thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
- thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
- module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
- module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
-
- if (snap && heap_first && heap_next && heaplist_first &&
- heaplist_next && process_first && process_next &&
- thread_first && thread_next && module_first &&
- module_next && (handle = snap(TH32CS_SNAPALL,0))
- != INVALID_HANDLE_VALUE)
- {
- /* heap list and heap walking */
- /* HEAPLIST32 contains 3 fields that will change with
- * each entry. Consider each field a source of 1 byte
- * of entropy.
- * HEAPENTRY32 contains 5 fields that will change with
- * each entry. Consider each field a source of 1 byte
- * of entropy.
- */
- ZeroMemory(&hlist, sizeof(HEAPLIST32));
- hlist.dwSize = sizeof(HEAPLIST32);
- if (good) starttime = GetTickCount();
-#ifdef _MSC_VER
- if (heaplist_first(handle, &hlist))
- {
- /*
- following discussion on dev ML, exception on WinCE (or other Win
- platform) is theoretically of unknown origin; prevent infinite
- loop here when this theoretical case occurs; otherwise cope with
- the expected (MSDN documented) exception-throwing behaviour of
- Heap32Next() on WinCE.
-
- based on patch in original message by Tanguy Fautré (2009/03/02)
- Subject: RAND_poll() and CreateToolhelp32Snapshot() stability
- */
- int ex_cnt_limit = 42;
- do
- {
- RAND_add(&hlist, hlist.dwSize, 3);
- __try
- {
- ZeroMemory(&hentry, sizeof(HEAPENTRY32));
- hentry.dwSize = sizeof(HEAPENTRY32);
- if (heap_first(&hentry,
- hlist.th32ProcessID,
- hlist.th32HeapID))
- {
- int entrycnt = 80;
- do
- RAND_add(&hentry,
- hentry.dwSize, 5);
- while (heap_next(&hentry)
- && (!good || (GetTickCount()-starttime)<MAXDELAY)
- && --entrycnt > 0);
- }
- }
- __except (EXCEPTION_EXECUTE_HANDLER)
- {
- /* ignore access violations when walking the heap list */
- ex_cnt_limit--;
- }
- } while (heaplist_next(handle, &hlist)
- && (!good || (GetTickCount()-starttime)<MAXDELAY)
- && ex_cnt_limit > 0);
- }
-
-#else
- if (heaplist_first(handle, &hlist))
- {
- do
- {
- RAND_add(&hlist, hlist.dwSize, 3);
- hentry.dwSize = sizeof(HEAPENTRY32);
- if (heap_first(&hentry,
- hlist.th32ProcessID,
- hlist.th32HeapID))
- {
- int entrycnt = 80;
- do
- RAND_add(&hentry,
- hentry.dwSize, 5);
- while (heap_next(&hentry)
- && --entrycnt > 0);
- }
- } while (heaplist_next(handle, &hlist)
- && (!good || (GetTickCount()-starttime)<MAXDELAY));
- }
-#endif
-
- /* process walking */
- /* PROCESSENTRY32 contains 9 fields that will change
- * with each entry. Consider each field a source of
- * 1 byte of entropy.
- */
- p.dwSize = sizeof(PROCESSENTRY32);
-
- if (good) starttime = GetTickCount();
- if (process_first(handle, &p))
- do
- RAND_add(&p, p.dwSize, 9);
- while (process_next(handle, &p) && (!good || (GetTickCount()-starttime)<MAXDELAY));
-
- /* thread walking */
- /* THREADENTRY32 contains 6 fields that will change
- * with each entry. Consider each field a source of
- * 1 byte of entropy.
- */
- t.dwSize = sizeof(THREADENTRY32);
- if (good) starttime = GetTickCount();
- if (thread_first(handle, &t))
- do
- RAND_add(&t, t.dwSize, 6);
- while (thread_next(handle, &t) && (!good || (GetTickCount()-starttime)<MAXDELAY));
-
- /* module walking */
- /* MODULEENTRY32 contains 9 fields that will change
- * with each entry. Consider each field a source of
- * 1 byte of entropy.
- */
- m.dwSize = sizeof(MODULEENTRY32);
- if (good) starttime = GetTickCount();
- if (module_first(handle, &m))
- do
- RAND_add(&m, m.dwSize, 9);
- while (module_next(handle, &m)
- && (!good || (GetTickCount()-starttime)<MAXDELAY));
- if (close_snap)
- close_snap(handle);
- else
- CloseHandle(handle);
-
- }
-
- FreeLibrary(kernel);
- }
- }
-#endif /* !OPENSSL_SYS_WINCE */
-
- /* timer data */
- readtimer();
-
- /* memory usage statistics */
- GlobalMemoryStatus(&m);
- RAND_add(&m, sizeof(m), 1);
-
- /* process ID */
- w = GetCurrentProcessId();
- RAND_add(&w, sizeof(w), 1);
-
-#if 0
- printf("Exiting RAND_poll\n");
-#endif
-
- return(1);
-}
-
-int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
- {
- double add_entropy=0;
-
- switch (iMsg)
- {
- case WM_KEYDOWN:
- {
- static WPARAM key;
- if (key != wParam)
- add_entropy = 0.05;
- key = wParam;
- }
- break;
- case WM_MOUSEMOVE:
- {
- static int lastx,lasty,lastdx,lastdy;
- int x,y,dx,dy;
-
- x=LOWORD(lParam);
- y=HIWORD(lParam);
- dx=lastx-x;
- dy=lasty-y;
- if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0)
- add_entropy=.2;
- lastx=x, lasty=y;
- lastdx=dx, lastdy=dy;
- }
- break;
- }
-
- readtimer();
- RAND_add(&iMsg, sizeof(iMsg), add_entropy);
- RAND_add(&wParam, sizeof(wParam), 0);
- RAND_add(&lParam, sizeof(lParam), 0);
-
- return (RAND_status());
- }
-
-
-void RAND_screen(void) /* function available for backward compatibility */
-{
- RAND_poll();
- readscreen();
-}
-
-
-/* feed timing information to the PRNG */
-static void readtimer(void)
-{
- DWORD w;
- LARGE_INTEGER l;
- static int have_perfc = 1;
-#if defined(_MSC_VER) && defined(_M_X86)
- static int have_tsc = 1;
- DWORD cyclecount;
-
- if (have_tsc) {
- __try {
- __asm {
- _emit 0x0f
- _emit 0x31
- mov cyclecount, eax
- }
- RAND_add(&cyclecount, sizeof(cyclecount), 1);
- } __except(EXCEPTION_EXECUTE_HANDLER) {
- have_tsc = 0;
- }
- }
-#else
-# define have_tsc 0
-#endif
-
- if (have_perfc) {
- if (QueryPerformanceCounter(&l) == 0)
- have_perfc = 0;
- else
- RAND_add(&l, sizeof(l), 0);
- }
-
- if (!have_tsc && !have_perfc) {
- w = GetTickCount();
- RAND_add(&w, sizeof(w), 0);
- }
-}
-
-/* feed screen contents to PRNG */
-/*****************************************************************************
- *
- * Created 960901 by Gertjan van Oosten, gertjan at West.NL, West Consulting B.V.
- *
- * Code adapted from
- * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
- * the original copyright message is:
- *
- * (C) Copyright Microsoft Corp. 1993. All rights reserved.
- *
- * You have a royalty-free right to use, modify, reproduce and
- * distribute the Sample Files (and/or any modified version) in
- * any way you find useful, provided that you agree that
- * Microsoft has no warranty obligations or liability for any
- * Sample Application Files which are modified.
- */
-
-static void readscreen(void)
-{
-#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
- HDC hScrDC; /* screen DC */
- HDC hMemDC; /* memory DC */
- HBITMAP hBitmap; /* handle for our bitmap */
- HBITMAP hOldBitmap; /* handle for previous bitmap */
- BITMAP bm; /* bitmap properties */
- unsigned int size; /* size of bitmap */
- char *bmbits; /* contents of bitmap */
- int w; /* screen width */
- int h; /* screen height */
- int y; /* y-coordinate of screen lines to grab */
- int n = 16; /* number of screen lines to grab at a time */
-
- if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0)
- return;
-
- /* Create a screen DC and a memory DC compatible to screen DC */
- hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
- hMemDC = CreateCompatibleDC(hScrDC);
-
- /* Get screen resolution */
- w = GetDeviceCaps(hScrDC, HORZRES);
- h = GetDeviceCaps(hScrDC, VERTRES);
-
- /* Create a bitmap compatible with the screen DC */
- hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
-
- /* Select new bitmap into memory DC */
- hOldBitmap = SelectObject(hMemDC, hBitmap);
-
- /* Get bitmap properties */
- GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
- size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
-
- bmbits = OPENSSL_malloc(size);
- if (bmbits) {
- /* Now go through the whole screen, repeatedly grabbing n lines */
- for (y = 0; y < h-n; y += n)
- {
- unsigned char md[MD_DIGEST_LENGTH];
-
- /* Bitblt screen DC to memory DC */
- BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
-
- /* Copy bitmap bits from memory DC to bmbits */
- GetBitmapBits(hBitmap, size, bmbits);
-
- /* Get the hash of the bitmap */
- MD(bmbits,size,md);
-
- /* Seed the random generator with the hash value */
- RAND_add(md, MD_DIGEST_LENGTH, 0);
- }
-
- OPENSSL_free(bmbits);
- }
-
- /* Select old bitmap back into memory DC */
- hBitmap = SelectObject(hMemDC, hOldBitmap);
-
- /* Clean up */
- DeleteObject(hBitmap);
- DeleteDC(hMemDC);
- DeleteDC(hScrDC);
-#endif /* !OPENSSL_SYS_WINCE */
-}
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_win.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/rand_win.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_win.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/rand_win.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,751 @@
+/* crypto/rand/rand_win.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+# include <windows.h>
+# ifndef _WIN32_WINNT
+# define _WIN32_WINNT 0x0400
+# endif
+# include <wincrypt.h>
+# include <tlhelp32.h>
+
+/*
+ * Limit the time spent walking through the heap, processes, threads and
+ * modules to a maximum of 1000 miliseconds each, unless CryptoGenRandom
+ * failed
+ */
+# define MAXDELAY 1000
+
+/*
+ * Intel hardware RNG CSP -- available from
+ * http://developer.intel.com/design/security/rng/redist_license.htm
+ */
+# define PROV_INTEL_SEC 22
+# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+
+static void readtimer(void);
+static void readscreen(void);
+
+/*
+ * It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
+ * when WINVER is 0x0500 and up, which currently only happens on Win2000.
+ * Unfortunately, those are typedefs, so they're a little bit difficult to
+ * detect properly. On the other hand, the macro CURSOR_SHOWING is defined
+ * within the same conditional, so it can be use to detect the absence of
+ * said typedefs.
+ */
+
+# ifndef CURSOR_SHOWING
+/*
+ * Information about the global cursor.
+ */
+typedef struct tagCURSORINFO {
+ DWORD cbSize;
+ DWORD flags;
+ HCURSOR hCursor;
+ POINT ptScreenPos;
+} CURSORINFO, *PCURSORINFO, *LPCURSORINFO;
+
+# define CURSOR_SHOWING 0x00000001
+# endif /* CURSOR_SHOWING */
+
+# if !defined(OPENSSL_SYS_WINCE)
+typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR,
+ DWORD, DWORD);
+typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *);
+typedef BOOL(WINAPI *CRYPTRELEASECONTEXT) (HCRYPTPROV, DWORD);
+
+typedef HWND(WINAPI *GETFOREGROUNDWINDOW) (VOID);
+typedef BOOL(WINAPI *GETCURSORINFO) (PCURSORINFO);
+typedef DWORD(WINAPI *GETQUEUESTATUS) (UINT);
+
+typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD);
+typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE);
+typedef BOOL(WINAPI *HEAP32FIRST) (LPHEAPENTRY32, DWORD, size_t);
+typedef BOOL(WINAPI *HEAP32NEXT) (LPHEAPENTRY32);
+typedef BOOL(WINAPI *HEAP32LIST) (HANDLE, LPHEAPLIST32);
+typedef BOOL(WINAPI *PROCESS32) (HANDLE, LPPROCESSENTRY32);
+typedef BOOL(WINAPI *THREAD32) (HANDLE, LPTHREADENTRY32);
+typedef BOOL(WINAPI *MODULE32) (HANDLE, LPMODULEENTRY32);
+
+# include <lmcons.h>
+# include <lmstats.h>
+# if 1
+/*
+ * The NET API is Unicode only. It requires the use of the UNICODE macro.
+ * When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was was added to the
+ * Platform SDK to allow the NET API to be used in non-Unicode applications
+ * provided that Unicode strings were still used for input. LMSTR is defined
+ * as LPWSTR.
+ */
+typedef NET_API_STATUS(NET_API_FUNCTION *NETSTATGET)
+ (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE *);
+typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE);
+# endif /* 1 */
+# endif /* !OPENSSL_SYS_WINCE */
+
+int RAND_poll(void)
+{
+ MEMORYSTATUS m;
+ HCRYPTPROV hProvider = 0;
+ DWORD w;
+ int good = 0;
+
+# if defined(OPENSSL_SYS_WINCE)
+# if defined(_WIN32_WCE) && _WIN32_WCE>=300
+ /*
+ * Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
+ * in commonly available implementations prior 300...
+ */
+ {
+ BYTE buf[64];
+ /* poll the CryptoAPI PRNG */
+ /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+ if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT)) {
+ if (CryptGenRandom(hProvider, sizeof(buf), buf))
+ RAND_add(buf, sizeof(buf), sizeof(buf));
+ CryptReleaseContext(hProvider, 0);
+ }
+ }
+# endif
+# else /* OPENSSL_SYS_WINCE */
+ /*
+ * None of below libraries are present on Windows CE, which is
+ * why we #ifndef the whole section. This also excuses us from
+ * handling the GetProcAddress issue. The trouble is that in
+ * real Win32 API GetProcAddress is available in ANSI flavor
+ * only. In WinCE on the other hand GetProcAddress is a macro
+ * most commonly defined as GetProcAddressW, which accepts
+ * Unicode argument. If we were to call GetProcAddress under
+ * WinCE, I'd recommend to either redefine GetProcAddress as
+ * GetProcAddressA (there seem to be one in common CE spec) or
+ * implement own shim routine, which would accept ANSI argument
+ * and expand it to Unicode.
+ */
+ {
+ /* load functions dynamically - not available on all systems */
+ HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
+ HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
+ HMODULE user = NULL;
+ HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
+ CRYPTACQUIRECONTEXTW acquire = NULL;
+ CRYPTGENRANDOM gen = NULL;
+ CRYPTRELEASECONTEXT release = NULL;
+ NETSTATGET netstatget = NULL;
+ NETFREE netfree = NULL;
+ BYTE buf[64];
+
+ if (netapi) {
+ netstatget =
+ (NETSTATGET) GetProcAddress(netapi, "NetStatisticsGet");
+ netfree = (NETFREE) GetProcAddress(netapi, "NetApiBufferFree");
+ }
+
+ if (netstatget && netfree) {
+ LPBYTE outbuf;
+ /*
+ * NetStatisticsGet() is a Unicode only function
+ * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
+ * contains 17 fields. We treat each field as a source of one
+ * byte of entropy.
+ */
+
+ if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) {
+ RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
+ netfree(outbuf);
+ }
+ if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) {
+ RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
+ netfree(outbuf);
+ }
+ }
+
+ if (netapi)
+ FreeLibrary(netapi);
+
+ /*
+ * It appears like this can cause an exception deep within
+ * ADVAPI32.DLL at random times on Windows 2000. Reported by Jeffrey
+ * Altman. Only use it on NT.
+ */
+
+ if (advapi) {
+ /*
+ * If it's available, then it's available in both ANSI
+ * and UNICODE flavors even in Win9x, documentation says.
+ * We favor Unicode...
+ */
+ acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
+ "CryptAcquireContextW");
+ gen = (CRYPTGENRANDOM) GetProcAddress(advapi, "CryptGenRandom");
+ release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
+ "CryptReleaseContext");
+ }
+
+ if (acquire && gen && release) {
+ /* poll the CryptoAPI PRNG */
+ /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+ if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_VERIFYCONTEXT)) {
+ if (gen(hProvider, sizeof(buf), buf) != 0) {
+ RAND_add(buf, sizeof(buf), 0);
+ good = 1;
+# if 0
+ printf("randomness from PROV_RSA_FULL\n");
+# endif
+ }
+ release(hProvider, 0);
+ }
+
+ /* poll the Pentium PRG with CryptoAPI */
+ if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) {
+ if (gen(hProvider, sizeof(buf), buf) != 0) {
+ RAND_add(buf, sizeof(buf), sizeof(buf));
+ good = 1;
+# if 0
+ printf("randomness from PROV_INTEL_SEC\n");
+# endif
+ }
+ release(hProvider, 0);
+ }
+ }
+
+ if (advapi)
+ FreeLibrary(advapi);
+
+ if ((!check_winnt() ||
+ !OPENSSL_isservice()) &&
+ (user = LoadLibrary(TEXT("USER32.DLL")))) {
+ GETCURSORINFO cursor;
+ GETFOREGROUNDWINDOW win;
+ GETQUEUESTATUS queue;
+
+ win =
+ (GETFOREGROUNDWINDOW) GetProcAddress(user,
+ "GetForegroundWindow");
+ cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
+ queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
+
+ if (win) {
+ /* window handle */
+ HWND h = win();
+ RAND_add(&h, sizeof(h), 0);
+ }
+ if (cursor) {
+ /*
+ * unfortunately, its not safe to call GetCursorInfo() on NT4
+ * even though it exists in SP3 (or SP6) and higher.
+ */
+ if (check_winnt() && !check_win_minplat(5))
+ cursor = 0;
+ }
+ if (cursor) {
+ /* cursor position */
+ /* assume 2 bytes of entropy */
+ CURSORINFO ci;
+ ci.cbSize = sizeof(CURSORINFO);
+ if (cursor(&ci))
+ RAND_add(&ci, ci.cbSize, 2);
+ }
+
+ if (queue) {
+ /* message queue status */
+ /* assume 1 byte of entropy */
+ w = queue(QS_ALLEVENTS);
+ RAND_add(&w, sizeof(w), 1);
+ }
+
+ FreeLibrary(user);
+ }
+
+ /*-
+ * Toolhelp32 snapshot: enumerate processes, threads, modules and heap
+ * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
+ * (Win 9x and 2000 only, not available on NT)
+ *
+ * This seeding method was proposed in Peter Gutmann, Software
+ * Generation of Practically Strong Random Numbers,
+ * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
+ * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+ * (The assignment of entropy estimates below is arbitrary, but based
+ * on Peter's analysis the full poll appears to be safe. Additional
+ * interactive seeding is encouraged.)
+ */
+
+ if (kernel) {
+ CREATETOOLHELP32SNAPSHOT snap;
+ CLOSETOOLHELP32SNAPSHOT close_snap;
+ HANDLE handle;
+
+ HEAP32FIRST heap_first;
+ HEAP32NEXT heap_next;
+ HEAP32LIST heaplist_first, heaplist_next;
+ PROCESS32 process_first, process_next;
+ THREAD32 thread_first, thread_next;
+ MODULE32 module_first, module_next;
+
+ HEAPLIST32 hlist;
+ HEAPENTRY32 hentry;
+ PROCESSENTRY32 p;
+ THREADENTRY32 t;
+ MODULEENTRY32 m;
+ DWORD starttime = 0;
+
+ snap = (CREATETOOLHELP32SNAPSHOT)
+ GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+ close_snap = (CLOSETOOLHELP32SNAPSHOT)
+ GetProcAddress(kernel, "CloseToolhelp32Snapshot");
+ heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
+ heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
+ heaplist_first =
+ (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
+ heaplist_next =
+ (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
+ process_first =
+ (PROCESS32) GetProcAddress(kernel, "Process32First");
+ process_next =
+ (PROCESS32) GetProcAddress(kernel, "Process32Next");
+ thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
+ thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
+ module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
+ module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
+
+ if (snap && heap_first && heap_next && heaplist_first &&
+ heaplist_next && process_first && process_next &&
+ thread_first && thread_next && module_first &&
+ module_next && (handle = snap(TH32CS_SNAPALL, 0))
+ != INVALID_HANDLE_VALUE) {
+ /* heap list and heap walking */
+ /*
+ * HEAPLIST32 contains 3 fields that will change with each
+ * entry. Consider each field a source of 1 byte of entropy.
+ * HEAPENTRY32 contains 5 fields that will change with each
+ * entry. Consider each field a source of 1 byte of entropy.
+ */
+ ZeroMemory(&hlist, sizeof(HEAPLIST32));
+ hlist.dwSize = sizeof(HEAPLIST32);
+ if (good)
+ starttime = GetTickCount();
+# ifdef _MSC_VER
+ if (heaplist_first(handle, &hlist)) {
+ /*
+ * following discussion on dev ML, exception on WinCE (or
+ * other Win platform) is theoretically of unknown
+ * origin; prevent infinite loop here when this
+ * theoretical case occurs; otherwise cope with the
+ * expected (MSDN documented) exception-throwing
+ * behaviour of Heap32Next() on WinCE.
+ *
+ * based on patch in original message by Tanguy Fautré
+ * (2009/03/02) Subject: RAND_poll() and
+ * CreateToolhelp32Snapshot() stability
+ */
+ int ex_cnt_limit = 42;
+ do {
+ RAND_add(&hlist, hlist.dwSize, 3);
+ __try {
+ ZeroMemory(&hentry, sizeof(HEAPENTRY32));
+ hentry.dwSize = sizeof(HEAPENTRY32);
+ if (heap_first(&hentry,
+ hlist.th32ProcessID,
+ hlist.th32HeapID)) {
+ int entrycnt = 80;
+ do
+ RAND_add(&hentry, hentry.dwSize, 5);
+ while (heap_next(&hentry)
+ && (!good
+ || (GetTickCount() - starttime) <
+ MAXDELAY)
+ && --entrycnt > 0);
+ }
+ }
+ __except(EXCEPTION_EXECUTE_HANDLER) {
+ /*
+ * ignore access violations when walking the heap
+ * list
+ */
+ ex_cnt_limit--;
+ }
+ } while (heaplist_next(handle, &hlist)
+ && (!good
+ || (GetTickCount() - starttime) < MAXDELAY)
+ && ex_cnt_limit > 0);
+ }
+# else
+ if (heaplist_first(handle, &hlist)) {
+ do {
+ RAND_add(&hlist, hlist.dwSize, 3);
+ hentry.dwSize = sizeof(HEAPENTRY32);
+ if (heap_first(&hentry,
+ hlist.th32ProcessID,
+ hlist.th32HeapID)) {
+ int entrycnt = 80;
+ do
+ RAND_add(&hentry, hentry.dwSize, 5);
+ while (heap_next(&hentry)
+ && --entrycnt > 0);
+ }
+ } while (heaplist_next(handle, &hlist)
+ && (!good
+ || (GetTickCount() - starttime) < MAXDELAY));
+ }
+# endif
+
+ /* process walking */
+ /*
+ * PROCESSENTRY32 contains 9 fields that will change with
+ * each entry. Consider each field a source of 1 byte of
+ * entropy.
+ */
+ p.dwSize = sizeof(PROCESSENTRY32);
+
+ if (good)
+ starttime = GetTickCount();
+ if (process_first(handle, &p))
+ do
+ RAND_add(&p, p.dwSize, 9);
+ while (process_next(handle, &p)
+ && (!good
+ || (GetTickCount() - starttime) < MAXDELAY));
+
+ /* thread walking */
+ /*
+ * THREADENTRY32 contains 6 fields that will change with each
+ * entry. Consider each field a source of 1 byte of entropy.
+ */
+ t.dwSize = sizeof(THREADENTRY32);
+ if (good)
+ starttime = GetTickCount();
+ if (thread_first(handle, &t))
+ do
+ RAND_add(&t, t.dwSize, 6);
+ while (thread_next(handle, &t)
+ && (!good
+ || (GetTickCount() - starttime) < MAXDELAY));
+
+ /* module walking */
+ /*
+ * MODULEENTRY32 contains 9 fields that will change with each
+ * entry. Consider each field a source of 1 byte of entropy.
+ */
+ m.dwSize = sizeof(MODULEENTRY32);
+ if (good)
+ starttime = GetTickCount();
+ if (module_first(handle, &m))
+ do
+ RAND_add(&m, m.dwSize, 9);
+ while (module_next(handle, &m)
+ && (!good
+ || (GetTickCount() - starttime) < MAXDELAY));
+ if (close_snap)
+ close_snap(handle);
+ else
+ CloseHandle(handle);
+
+ }
+
+ FreeLibrary(kernel);
+ }
+ }
+# endif /* !OPENSSL_SYS_WINCE */
+
+ /* timer data */
+ readtimer();
+
+ /* memory usage statistics */
+ GlobalMemoryStatus(&m);
+ RAND_add(&m, sizeof(m), 1);
+
+ /* process ID */
+ w = GetCurrentProcessId();
+ RAND_add(&w, sizeof(w), 1);
+
+# if 0
+ printf("Exiting RAND_poll\n");
+# endif
+
+ return (1);
+}
+
+int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
+{
+ double add_entropy = 0;
+
+ switch (iMsg) {
+ case WM_KEYDOWN:
+ {
+ static WPARAM key;
+ if (key != wParam)
+ add_entropy = 0.05;
+ key = wParam;
+ }
+ break;
+ case WM_MOUSEMOVE:
+ {
+ static int lastx, lasty, lastdx, lastdy;
+ int x, y, dx, dy;
+
+ x = LOWORD(lParam);
+ y = HIWORD(lParam);
+ dx = lastx - x;
+ dy = lasty - y;
+ if (dx != 0 && dy != 0 && dx - lastdx != 0 && dy - lastdy != 0)
+ add_entropy = .2;
+ lastx = x, lasty = y;
+ lastdx = dx, lastdy = dy;
+ }
+ break;
+ }
+
+ readtimer();
+ RAND_add(&iMsg, sizeof(iMsg), add_entropy);
+ RAND_add(&wParam, sizeof(wParam), 0);
+ RAND_add(&lParam, sizeof(lParam), 0);
+
+ return (RAND_status());
+}
+
+void RAND_screen(void)
+{ /* function available for backward
+ * compatibility */
+ RAND_poll();
+ readscreen();
+}
+
+/* feed timing information to the PRNG */
+static void readtimer(void)
+{
+ DWORD w;
+ LARGE_INTEGER l;
+ static int have_perfc = 1;
+# if defined(_MSC_VER) && defined(_M_X86)
+ static int have_tsc = 1;
+ DWORD cyclecount;
+
+ if (have_tsc) {
+ __try {
+ __asm {
+ _emit 0x0f _emit 0x31 mov cyclecount, eax}
+ RAND_add(&cyclecount, sizeof(cyclecount), 1);
+ }
+ __except(EXCEPTION_EXECUTE_HANDLER) {
+ have_tsc = 0;
+ }
+ }
+# else
+# define have_tsc 0
+# endif
+
+ if (have_perfc) {
+ if (QueryPerformanceCounter(&l) == 0)
+ have_perfc = 0;
+ else
+ RAND_add(&l, sizeof(l), 0);
+ }
+
+ if (!have_tsc && !have_perfc) {
+ w = GetTickCount();
+ RAND_add(&w, sizeof(w), 0);
+ }
+}
+
+/* feed screen contents to PRNG */
+/*****************************************************************************
+ *
+ * Created 960901 by Gertjan van Oosten, gertjan at West.NL, West Consulting B.V.
+ *
+ * Code adapted from
+ * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
+ * the original copyright message is:
+ *
+ * (C) Copyright Microsoft Corp. 1993. All rights reserved.
+ *
+ * You have a royalty-free right to use, modify, reproduce and
+ * distribute the Sample Files (and/or any modified version) in
+ * any way you find useful, provided that you agree that
+ * Microsoft has no warranty obligations or liability for any
+ * Sample Application Files which are modified.
+ */
+
+static void readscreen(void)
+{
+# if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
+ HDC hScrDC; /* screen DC */
+ HDC hMemDC; /* memory DC */
+ HBITMAP hBitmap; /* handle for our bitmap */
+ HBITMAP hOldBitmap; /* handle for previous bitmap */
+ BITMAP bm; /* bitmap properties */
+ unsigned int size; /* size of bitmap */
+ char *bmbits; /* contents of bitmap */
+ int w; /* screen width */
+ int h; /* screen height */
+ int y; /* y-coordinate of screen lines to grab */
+ int n = 16; /* number of screen lines to grab at a time */
+
+ if (check_winnt() && OPENSSL_isservice() > 0)
+ return;
+
+ /* Create a screen DC and a memory DC compatible to screen DC */
+ hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
+ hMemDC = CreateCompatibleDC(hScrDC);
+
+ /* Get screen resolution */
+ w = GetDeviceCaps(hScrDC, HORZRES);
+ h = GetDeviceCaps(hScrDC, VERTRES);
+
+ /* Create a bitmap compatible with the screen DC */
+ hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
+
+ /* Select new bitmap into memory DC */
+ hOldBitmap = SelectObject(hMemDC, hBitmap);
+
+ /* Get bitmap properties */
+ GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm);
+ size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
+
+ bmbits = OPENSSL_malloc(size);
+ if (bmbits) {
+ /* Now go through the whole screen, repeatedly grabbing n lines */
+ for (y = 0; y < h - n; y += n) {
+ unsigned char md[MD_DIGEST_LENGTH];
+
+ /* Bitblt screen DC to memory DC */
+ BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
+
+ /* Copy bitmap bits from memory DC to bmbits */
+ GetBitmapBits(hBitmap, size, bmbits);
+
+ /* Get the hash of the bitmap */
+ MD(bmbits, size, md);
+
+ /* Seed the random generator with the hash value */
+ RAND_add(md, MD_DIGEST_LENGTH, 0);
+ }
+
+ OPENSSL_free(bmbits);
+ }
+
+ /* Select old bitmap back into memory DC */
+ hBitmap = SelectObject(hMemDC, hOldBitmap);
+
+ /* Clean up */
+ DeleteObject(hBitmap);
+ DeleteDC(hMemDC);
+ DeleteDC(hScrDC);
+# endif /* !OPENSSL_SYS_WINCE */
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/randfile.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/randfile.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/randfile.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,324 +0,0 @@
-/* crypto/rand/randfile.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* We need to define this to get macros like S_IFBLK and S_IFCHR */
-#define _XOPEN_SOURCE 500
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "e_os.h"
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/buffer.h>
-
-#ifdef OPENSSL_SYS_VMS
-#include <unixio.h>
-#endif
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef MAC_OS_pre_X
-# include <stat.h>
-#else
-# include <sys/stat.h>
-#endif
-
-#ifdef _WIN32
-#define stat _stat
-#define chmod _chmod
-#define open _open
-#define fdopen _fdopen
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE 1024
-#define RAND_DATA 1024
-
-#ifdef OPENSSL_SYS_VMS
-/* This declaration is a nasty hack to get around vms' extension to fopen
- * for passing in sharing options being disabled by our /STANDARD=ANSI89 */
-static FILE *(*const vms_fopen)(const char *, const char *, ...) =
- (FILE *(*)(const char *, const char *, ...))fopen;
-#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
-#endif
-
-/* #define RFILE ".rnd" - defined in ../../e_os.h */
-
-/* Note that these functions are intended for seed files only.
- * Entropy devices and EGD sockets are handled in rand_unix.c */
-
-int RAND_load_file(const char *file, long bytes)
- {
- /* If bytes >= 0, read up to 'bytes' bytes.
- * if bytes == -1, read complete file. */
-
- MS_STATIC unsigned char buf[BUFSIZE];
- struct stat sb;
- int i,ret=0,n;
- FILE *in;
-
- if (file == NULL) return(0);
-
-#ifdef PURIFY
- /* struct stat can have padding and unused fields that may not be
- * initialized in the call to stat(). We need to clear the entire
- * structure before calling RAND_add() to avoid complaints from
- * applications such as Valgrind.
- */
- memset(&sb, 0, sizeof(sb));
-#endif
-
- if (stat(file,&sb) < 0) return(0);
- RAND_add(&sb,sizeof(sb),0.0);
- if (bytes == 0) return(ret);
-
-#ifdef OPENSSL_SYS_VMS
- in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
-#else
- in=fopen(file,"rb");
-#endif
- if (in == NULL) goto err;
-#if defined(S_ISBLK) && defined(S_ISCHR)
- if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
- /* this file is a device. we don't want read an infinite number
- * of bytes from a random device, nor do we want to use buffered
- * I/O because we will waste system entropy.
- */
- bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
- setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
- }
-#endif
- for (;;)
- {
- if (bytes > 0)
- n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE;
- else
- n = BUFSIZE;
- i=fread(buf,1,n,in);
- if (i <= 0) break;
-#ifdef PURIFY
- RAND_add(buf,i,(double)i);
-#else
- /* even if n != i, use the full array */
- RAND_add(buf,n,(double)i);
-#endif
- ret+=i;
- if (bytes > 0)
- {
- bytes-=n;
- if (bytes <= 0) break;
- }
- }
- fclose(in);
- OPENSSL_cleanse(buf,BUFSIZE);
-err:
- return(ret);
- }
-
-int RAND_write_file(const char *file)
- {
- unsigned char buf[BUFSIZE];
- int i,ret=0,rand_err=0;
- FILE *out = NULL;
- int n;
- struct stat sb;
-
- i=stat(file,&sb);
- if (i != -1) {
-#if defined(S_ISBLK) && defined(S_ISCHR)
- if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
- /* this file is a device. we don't write back to it.
- * we "succeed" on the assumption this is some sort
- * of random device. Otherwise attempting to write to
- * and chmod the device causes problems.
- */
- return(1);
- }
-#endif
- }
-
-#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS)
- {
- /* For some reason Win32 can't write to files created this way */
-
- /* chmod(..., 0600) is too late to protect the file,
- * permissions should be restrictive from the start */
- int fd = open(file, O_CREAT, 0600);
- if (fd != -1)
- out = fdopen(fd, "wb");
- }
-#endif
-
-#ifdef OPENSSL_SYS_VMS
- /* VMS NOTE: Prior versions of this routine created a _new_
- * version of the rand file for each call into this routine, then
- * deleted all existing versions named ;-1, and finally renamed
- * the current version as ';1'. Under concurrent usage, this
- * resulted in an RMS race condition in rename() which could
- * orphan files (see vms message help for RMS$_REENT). With the
- * fopen() calls below, openssl/VMS now shares the top-level
- * version of the rand file. Note that there may still be
- * conditions where the top-level rand file is locked. If so, this
- * code will then create a new version of the rand file. Without
- * the delete and rename code, this can result in ascending file
- * versions that stop at version 32767, and this routine will then
- * return an error. The remedy for this is to recode the calling
- * application to avoid concurrent use of the rand file, or
- * synchronize usage at the application level. Also consider
- * whether or not you NEED a persistent rand file in a concurrent
- * use situation.
- */
-
- out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS);
- if (out == NULL)
- out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
-#else
- if (out == NULL)
- out = fopen(file,"wb");
-#endif
- if (out == NULL) goto err;
-
-#ifndef NO_CHMOD
- chmod(file,0600);
-#endif
- n=RAND_DATA;
- for (;;)
- {
- i=(n > BUFSIZE)?BUFSIZE:n;
- n-=BUFSIZE;
- if (RAND_bytes(buf,i) <= 0)
- rand_err=1;
- i=fwrite(buf,1,i,out);
- if (i <= 0)
- {
- ret=0;
- break;
- }
- ret+=i;
- if (n <= 0) break;
- }
-
- fclose(out);
- OPENSSL_cleanse(buf,BUFSIZE);
-err:
- return (rand_err ? -1 : ret);
- }
-
-const char *RAND_file_name(char *buf, size_t size)
- {
- char *s=NULL;
-#ifdef __OpenBSD__
- int ok = 0;
- struct stat sb;
-#endif
-
- if (OPENSSL_issetugid() == 0)
- s=getenv("RANDFILE");
- if (s != NULL && *s && strlen(s) + 1 < size)
- {
- if (BUF_strlcpy(buf,s,size) >= size)
- return NULL;
- }
- else
- {
- if (OPENSSL_issetugid() == 0)
- s=getenv("HOME");
-#ifdef DEFAULT_HOME
- if (s == NULL)
- {
- s = DEFAULT_HOME;
- }
-#endif
- if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
- {
- BUF_strlcpy(buf,s,size);
-#ifndef OPENSSL_SYS_VMS
- BUF_strlcat(buf,"/",size);
-#endif
- BUF_strlcat(buf,RFILE,size);
-#ifdef __OpenBSD__
- ok = 1;
-#endif
- }
- else
- buf[0] = '\0'; /* no file name */
- }
-
-#ifdef __OpenBSD__
- /* given that all random loads just fail if the file can't be
- * seen on a stat, we stat the file we're returning, if it
- * fails, use /dev/arandom instead. this allows the user to
- * use their own source for good random data, but defaults
- * to something hopefully decent if that isn't available.
- */
-
- if (!ok)
- if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
- return(NULL);
- }
- if (stat(buf,&sb) == -1)
- if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
- return(NULL);
- }
-
-#endif
- return(buf);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/randfile.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/randfile.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/randfile.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/randfile.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,331 @@
+/* crypto/rand/randfile.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* We need to define this to get macros like S_IFBLK and S_IFCHR */
+#define _XOPEN_SOURCE 500
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "e_os.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/buffer.h>
+
+#ifdef OPENSSL_SYS_VMS
+# include <unixio.h>
+#endif
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef MAC_OS_pre_X
+# include <stat.h>
+#else
+# include <sys/stat.h>
+#endif
+
+#ifdef _WIN32
+# define stat _stat
+# define chmod _chmod
+# define open _open
+# define fdopen _fdopen
+#endif
+
+#undef BUFSIZE
+#define BUFSIZE 1024
+#define RAND_DATA 1024
+
+#ifdef OPENSSL_SYS_VMS
+/*
+ * This declaration is a nasty hack to get around vms' extension to fopen for
+ * passing in sharing options being disabled by our /STANDARD=ANSI89
+ */
+static FILE *(*const vms_fopen)(const char *, const char *, ...) =
+ (FILE *(*)(const char *, const char *, ...))fopen;
+# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+#endif
+
+/* #define RFILE ".rnd" - defined in ../../e_os.h */
+
+/*
+ * Note that these functions are intended for seed files only. Entropy
+ * devices and EGD sockets are handled in rand_unix.c
+ */
+
+int RAND_load_file(const char *file, long bytes)
+{
+ /*-
+ * If bytes >= 0, read up to 'bytes' bytes.
+ * if bytes == -1, read complete file.
+ */
+
+ MS_STATIC unsigned char buf[BUFSIZE];
+ struct stat sb;
+ int i, ret = 0, n;
+ FILE *in;
+
+ if (file == NULL)
+ return (0);
+
+#ifdef PURIFY
+ /*
+ * struct stat can have padding and unused fields that may not be
+ * initialized in the call to stat(). We need to clear the entire
+ * structure before calling RAND_add() to avoid complaints from
+ * applications such as Valgrind.
+ */
+ memset(&sb, 0, sizeof(sb));
+#endif
+
+ if (stat(file, &sb) < 0)
+ return (0);
+ RAND_add(&sb, sizeof(sb), 0.0);
+ if (bytes == 0)
+ return (ret);
+
+#ifdef OPENSSL_SYS_VMS
+ in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);
+#else
+ in = fopen(file, "rb");
+#endif
+ if (in == NULL)
+ goto err;
+#if defined(S_ISBLK) && defined(S_ISCHR)
+ if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
+ /*
+ * this file is a device. we don't want read an infinite number of
+ * bytes from a random device, nor do we want to use buffered I/O
+ * because we will waste system entropy.
+ */
+ bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
+ setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
+ }
+#endif
+ for (;;) {
+ if (bytes > 0)
+ n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE;
+ else
+ n = BUFSIZE;
+ i = fread(buf, 1, n, in);
+ if (i <= 0)
+ break;
+#ifdef PURIFY
+ RAND_add(buf, i, (double)i);
+#else
+ /* even if n != i, use the full array */
+ RAND_add(buf, n, (double)i);
+#endif
+ ret += i;
+ if (bytes > 0) {
+ bytes -= n;
+ if (bytes <= 0)
+ break;
+ }
+ }
+ fclose(in);
+ OPENSSL_cleanse(buf, BUFSIZE);
+ err:
+ return (ret);
+}
+
+int RAND_write_file(const char *file)
+{
+ unsigned char buf[BUFSIZE];
+ int i, ret = 0, rand_err = 0;
+ FILE *out = NULL;
+ int n;
+ struct stat sb;
+
+ i = stat(file, &sb);
+ if (i != -1) {
+#if defined(S_ISBLK) && defined(S_ISCHR)
+ if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
+ /*
+ * this file is a device. we don't write back to it. we
+ * "succeed" on the assumption this is some sort of random
+ * device. Otherwise attempting to write to and chmod the device
+ * causes problems.
+ */
+ return (1);
+ }
+#endif
+ }
+#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS)
+ {
+ /* For some reason Win32 can't write to files created this way */
+
+ /*
+ * chmod(..., 0600) is too late to protect the file, permissions
+ * should be restrictive from the start
+ */
+ int fd = open(file, O_CREAT, 0600);
+ if (fd != -1)
+ out = fdopen(fd, "wb");
+ }
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+ /*
+ * VMS NOTE: Prior versions of this routine created a _new_ version of
+ * the rand file for each call into this routine, then deleted all
+ * existing versions named ;-1, and finally renamed the current version
+ * as ';1'. Under concurrent usage, this resulted in an RMS race
+ * condition in rename() which could orphan files (see vms message help
+ * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares
+ * the top-level version of the rand file. Note that there may still be
+ * conditions where the top-level rand file is locked. If so, this code
+ * will then create a new version of the rand file. Without the delete
+ * and rename code, this can result in ascending file versions that stop
+ * at version 32767, and this routine will then return an error. The
+ * remedy for this is to recode the calling application to avoid
+ * concurrent use of the rand file, or synchronize usage at the
+ * application level. Also consider whether or not you NEED a persistent
+ * rand file in a concurrent use situation.
+ */
+
+ out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS);
+ if (out == NULL)
+ out = vms_fopen(file, "wb", VMS_OPEN_ATTRS);
+#else
+ if (out == NULL)
+ out = fopen(file, "wb");
+#endif
+ if (out == NULL)
+ goto err;
+
+#ifndef NO_CHMOD
+ chmod(file, 0600);
+#endif
+ n = RAND_DATA;
+ for (;;) {
+ i = (n > BUFSIZE) ? BUFSIZE : n;
+ n -= BUFSIZE;
+ if (RAND_bytes(buf, i) <= 0)
+ rand_err = 1;
+ i = fwrite(buf, 1, i, out);
+ if (i <= 0) {
+ ret = 0;
+ break;
+ }
+ ret += i;
+ if (n <= 0)
+ break;
+ }
+
+ fclose(out);
+ OPENSSL_cleanse(buf, BUFSIZE);
+ err:
+ return (rand_err ? -1 : ret);
+}
+
+const char *RAND_file_name(char *buf, size_t size)
+{
+ char *s = NULL;
+#ifdef __OpenBSD__
+ int ok = 0;
+ struct stat sb;
+#endif
+
+ if (OPENSSL_issetugid() == 0)
+ s = getenv("RANDFILE");
+ if (s != NULL && *s && strlen(s) + 1 < size) {
+ if (BUF_strlcpy(buf, s, size) >= size)
+ return NULL;
+ } else {
+ if (OPENSSL_issetugid() == 0)
+ s = getenv("HOME");
+#ifdef DEFAULT_HOME
+ if (s == NULL) {
+ s = DEFAULT_HOME;
+ }
+#endif
+ if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) {
+ BUF_strlcpy(buf, s, size);
+#ifndef OPENSSL_SYS_VMS
+ BUF_strlcat(buf, "/", size);
+#endif
+ BUF_strlcat(buf, RFILE, size);
+#ifdef __OpenBSD__
+ ok = 1;
+#endif
+ } else
+ buf[0] = '\0'; /* no file name */
+ }
+
+#ifdef __OpenBSD__
+ /*
+ * given that all random loads just fail if the file can't be seen on a
+ * stat, we stat the file we're returning, if it fails, use /dev/arandom
+ * instead. this allows the user to use their own source for good random
+ * data, but defaults to something hopefully decent if that isn't
+ * available.
+ */
+
+ if (!ok)
+ if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) {
+ return (NULL);
+ }
+ if (stat(buf, &sb) == -1)
+ if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) {
+ return (NULL);
+ }
+#endif
+ return (buf);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rand/randtest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rand/randtest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/randtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,219 +0,0 @@
-/* crypto/rand/randtest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/rand.h>
-
-#include "../e_os.h"
-
-/* some FIPS 140-1 random number test */
-/* some simple tests */
-
-int main(int argc,char **argv)
- {
- unsigned char buf[2500];
- int i,j,k,s,sign,nsign,err=0;
- unsigned long n1;
- unsigned long n2[16];
- unsigned long runs[2][34];
- /*double d; */
- long d;
-
- i = RAND_pseudo_bytes(buf,2500);
- if (i < 0)
- {
- printf ("init failed, the rand method is not properly installed\n");
- err++;
- goto err;
- }
-
- n1=0;
- for (i=0; i<16; i++) n2[i]=0;
- for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
-
- /* test 1 and 2 */
- sign=0;
- nsign=0;
- for (i=0; i<2500; i++)
- {
- j=buf[i];
-
- n2[j&0x0f]++;
- n2[(j>>4)&0x0f]++;
-
- for (k=0; k<8; k++)
- {
- s=(j&0x01);
- if (s == sign)
- nsign++;
- else
- {
- if (nsign > 34) nsign=34;
- if (nsign != 0)
- {
- runs[sign][nsign-1]++;
- if (nsign > 6)
- runs[sign][5]++;
- }
- sign=s;
- nsign=1;
- }
-
- if (s) n1++;
- j>>=1;
- }
- }
- if (nsign > 34) nsign=34;
- if (nsign != 0) runs[sign][nsign-1]++;
-
- /* test 1 */
- if (!((9654 < n1) && (n1 < 10346)))
- {
- printf("test 1 failed, X=%lu\n",n1);
- err++;
- }
- printf("test 1 done\n");
-
- /* test 2 */
-#ifdef undef
- d=0;
- for (i=0; i<16; i++)
- d+=n2[i]*n2[i];
- d=d*16.0/5000.0-5000.0;
- if (!((1.03 < d) && (d < 57.4)))
- {
- printf("test 2 failed, X=%.2f\n",d);
- err++;
- }
-#endif
- d=0;
- for (i=0; i<16; i++)
- d+=n2[i]*n2[i];
- d=(d*8)/25-500000;
- if (!((103 < d) && (d < 5740)))
- {
- printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
- err++;
- }
- printf("test 2 done\n");
-
- /* test 3 */
- for (i=0; i<2; i++)
- {
- if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
- {
- printf("test 3 failed, bit=%d run=%d num=%lu\n",
- i,1,runs[i][0]);
- err++;
- }
- if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
- {
- printf("test 3 failed, bit=%d run=%d num=%lu\n",
- i,2,runs[i][1]);
- err++;
- }
- if (!(( 502 < runs[i][2]) && (runs[i][2] < 748)))
- {
- printf("test 3 failed, bit=%d run=%d num=%lu\n",
- i,3,runs[i][2]);
- err++;
- }
- if (!(( 223 < runs[i][3]) && (runs[i][3] < 402)))
- {
- printf("test 3 failed, bit=%d run=%d num=%lu\n",
- i,4,runs[i][3]);
- err++;
- }
- if (!(( 90 < runs[i][4]) && (runs[i][4] < 223)))
- {
- printf("test 3 failed, bit=%d run=%d num=%lu\n",
- i,5,runs[i][4]);
- err++;
- }
- if (!(( 90 < runs[i][5]) && (runs[i][5] < 223)))
- {
- printf("test 3 failed, bit=%d run=%d num=%lu\n",
- i,6,runs[i][5]);
- err++;
- }
- }
- printf("test 3 done\n");
-
- /* test 4 */
- if (runs[0][33] != 0)
- {
- printf("test 4 failed, bit=%d run=%d num=%lu\n",
- 0,34,runs[0][33]);
- err++;
- }
- if (runs[1][33] != 0)
- {
- printf("test 4 failed, bit=%d run=%d num=%lu\n",
- 1,34,runs[1][33]);
- err++;
- }
- printf("test 4 done\n");
- err:
- err=((err)?1:0);
-#ifdef OPENSSL_SYS_NETWARE
- if (err) printf("ERROR: %d\n", err);
-#endif
- EXIT(err);
- return(err);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rand/randtest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rand/randtest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rand/randtest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rand/randtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,209 @@
+/* crypto/rand/randtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rand.h>
+
+#include "../e_os.h"
+
+/* some FIPS 140-1 random number test */
+/* some simple tests */
+
+int main(int argc, char **argv)
+{
+ unsigned char buf[2500];
+ int i, j, k, s, sign, nsign, err = 0;
+ unsigned long n1;
+ unsigned long n2[16];
+ unsigned long runs[2][34];
+ /*
+ * double d;
+ */
+ long d;
+
+ i = RAND_pseudo_bytes(buf, 2500);
+ if (i < 0) {
+ printf("init failed, the rand method is not properly installed\n");
+ err++;
+ goto err;
+ }
+
+ n1 = 0;
+ for (i = 0; i < 16; i++)
+ n2[i] = 0;
+ for (i = 0; i < 34; i++)
+ runs[0][i] = runs[1][i] = 0;
+
+ /* test 1 and 2 */
+ sign = 0;
+ nsign = 0;
+ for (i = 0; i < 2500; i++) {
+ j = buf[i];
+
+ n2[j & 0x0f]++;
+ n2[(j >> 4) & 0x0f]++;
+
+ for (k = 0; k < 8; k++) {
+ s = (j & 0x01);
+ if (s == sign)
+ nsign++;
+ else {
+ if (nsign > 34)
+ nsign = 34;
+ if (nsign != 0) {
+ runs[sign][nsign - 1]++;
+ if (nsign > 6)
+ runs[sign][5]++;
+ }
+ sign = s;
+ nsign = 1;
+ }
+
+ if (s)
+ n1++;
+ j >>= 1;
+ }
+ }
+ if (nsign > 34)
+ nsign = 34;
+ if (nsign != 0)
+ runs[sign][nsign - 1]++;
+
+ /* test 1 */
+ if (!((9654 < n1) && (n1 < 10346))) {
+ printf("test 1 failed, X=%lu\n", n1);
+ err++;
+ }
+ printf("test 1 done\n");
+
+ /* test 2 */
+#ifdef undef
+ d = 0;
+ for (i = 0; i < 16; i++)
+ d += n2[i] * n2[i];
+ d = d * 16.0 / 5000.0 - 5000.0;
+ if (!((1.03 < d) && (d < 57.4))) {
+ printf("test 2 failed, X=%.2f\n", d);
+ err++;
+ }
+#endif
+ d = 0;
+ for (i = 0; i < 16; i++)
+ d += n2[i] * n2[i];
+ d = (d * 8) / 25 - 500000;
+ if (!((103 < d) && (d < 5740))) {
+ printf("test 2 failed, X=%ld.%02ld\n", d / 100L, d % 100L);
+ err++;
+ }
+ printf("test 2 done\n");
+
+ /* test 3 */
+ for (i = 0; i < 2; i++) {
+ if (!((2267 < runs[i][0]) && (runs[i][0] < 2733))) {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i, 1, runs[i][0]);
+ err++;
+ }
+ if (!((1079 < runs[i][1]) && (runs[i][1] < 1421))) {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i, 2, runs[i][1]);
+ err++;
+ }
+ if (!((502 < runs[i][2]) && (runs[i][2] < 748))) {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i, 3, runs[i][2]);
+ err++;
+ }
+ if (!((223 < runs[i][3]) && (runs[i][3] < 402))) {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i, 4, runs[i][3]);
+ err++;
+ }
+ if (!((90 < runs[i][4]) && (runs[i][4] < 223))) {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i, 5, runs[i][4]);
+ err++;
+ }
+ if (!((90 < runs[i][5]) && (runs[i][5] < 223))) {
+ printf("test 3 failed, bit=%d run=%d num=%lu\n",
+ i, 6, runs[i][5]);
+ err++;
+ }
+ }
+ printf("test 3 done\n");
+
+ /* test 4 */
+ if (runs[0][33] != 0) {
+ printf("test 4 failed, bit=%d run=%d num=%lu\n", 0, 34, runs[0][33]);
+ err++;
+ }
+ if (runs[1][33] != 0) {
+ printf("test 4 failed, bit=%d run=%d num=%lu\n", 1, 34, runs[1][33]);
+ err++;
+ }
+ printf("test 4 done\n");
+ err:
+ err = ((err) ? 1 : 0);
+#ifdef OPENSSL_SYS_NETWARE
+ if (err)
+ printf("ERROR: %d\n", err);
+#endif
+ EXIT(err);
+ return (err);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc2/rc2.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,103 +0,0 @@
-/* crypto/rc2/rc2.h */
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RC2_H
-#define HEADER_RC2_H
-
-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC2, RC2_INT */
-#ifdef OPENSSL_NO_RC2
-#error RC2 is disabled.
-#endif
-
-#define RC2_ENCRYPT 1
-#define RC2_DECRYPT 0
-
-#define RC2_BLOCK 8
-#define RC2_KEY_LENGTH 16
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct rc2_key_st
- {
- RC2_INT data[64];
- } RC2_KEY;
-
-#ifdef OPENSSL_FIPS
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-#endif
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
-void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
- int enc);
-void RC2_encrypt(unsigned long *data,RC2_KEY *key);
-void RC2_decrypt(unsigned long *data,RC2_KEY *key);
-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- RC2_KEY *ks, unsigned char *iv, int enc);
-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC2_KEY *schedule, unsigned char *ivec,
- int *num, int enc);
-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC2_KEY *schedule, unsigned char *ivec,
- int *num);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2.h (from rev 6976, vendor-crypto/openssl/dist/crypto/rc2/rc2.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,103 @@
+/* crypto/rc2/rc2.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RC2_H
+# define HEADER_RC2_H
+
+# include <openssl/opensslconf.h>/* OPENSSL_NO_RC2, RC2_INT */
+# ifdef OPENSSL_NO_RC2
+# error RC2 is disabled.
+# endif
+
+# define RC2_ENCRYPT 1
+# define RC2_DECRYPT 0
+
+# define RC2_BLOCK 8
+# define RC2_KEY_LENGTH 16
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct rc2_key_st {
+ RC2_INT data[64];
+} RC2_KEY;
+
+# ifdef OPENSSL_FIPS
+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
+ int bits);
+# endif
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ RC2_KEY *key, int enc);
+void RC2_encrypt(unsigned long *data, RC2_KEY *key);
+void RC2_decrypt(unsigned long *data, RC2_KEY *key);
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ RC2_KEY *ks, unsigned char *iv, int enc);
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, RC2_KEY *schedule, unsigned char *ivec,
+ int *num, int enc);
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, RC2_KEY *schedule, unsigned char *ivec,
+ int *num);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc2/rc2_cbc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,226 +0,0 @@
-/* crypto/rc2/rc2_cbc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-
-void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
- RC2_KEY *ks, unsigned char *iv, int encrypt)
- {
- register unsigned long tin0,tin1;
- register unsigned long tout0,tout1,xor0,xor1;
- register long l=length;
- unsigned long tin[2];
-
- if (encrypt)
- {
- c2l(iv,tout0);
- c2l(iv,tout1);
- iv-=8;
- for (l-=8; l>=0; l-=8)
- {
- c2l(in,tin0);
- c2l(in,tin1);
- tin0^=tout0;
- tin1^=tout1;
- tin[0]=tin0;
- tin[1]=tin1;
- RC2_encrypt(tin,ks);
- tout0=tin[0]; l2c(tout0,out);
- tout1=tin[1]; l2c(tout1,out);
- }
- if (l != -8)
- {
- c2ln(in,tin0,tin1,l+8);
- tin0^=tout0;
- tin1^=tout1;
- tin[0]=tin0;
- tin[1]=tin1;
- RC2_encrypt(tin,ks);
- tout0=tin[0]; l2c(tout0,out);
- tout1=tin[1]; l2c(tout1,out);
- }
- l2c(tout0,iv);
- l2c(tout1,iv);
- }
- else
- {
- c2l(iv,xor0);
- c2l(iv,xor1);
- iv-=8;
- for (l-=8; l>=0; l-=8)
- {
- c2l(in,tin0); tin[0]=tin0;
- c2l(in,tin1); tin[1]=tin1;
- RC2_decrypt(tin,ks);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2c(tout0,out);
- l2c(tout1,out);
- xor0=tin0;
- xor1=tin1;
- }
- if (l != -8)
- {
- c2l(in,tin0); tin[0]=tin0;
- c2l(in,tin1); tin[1]=tin1;
- RC2_decrypt(tin,ks);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2cn(tout0,tout1,out,l+8);
- xor0=tin0;
- xor1=tin1;
- }
- l2c(xor0,iv);
- l2c(xor1,iv);
- }
- tin0=tin1=tout0=tout1=xor0=xor1=0;
- tin[0]=tin[1]=0;
- }
-
-void RC2_encrypt(unsigned long *d, RC2_KEY *key)
- {
- int i,n;
- register RC2_INT *p0,*p1;
- register RC2_INT x0,x1,x2,x3,t;
- unsigned long l;
-
- l=d[0];
- x0=(RC2_INT)l&0xffff;
- x1=(RC2_INT)(l>>16L);
- l=d[1];
- x2=(RC2_INT)l&0xffff;
- x3=(RC2_INT)(l>>16L);
-
- n=3;
- i=5;
-
- p0=p1= &(key->data[0]);
- for (;;)
- {
- t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff;
- x0=(t<<1)|(t>>15);
- t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff;
- x1=(t<<2)|(t>>14);
- t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff;
- x2=(t<<3)|(t>>13);
- t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff;
- x3=(t<<5)|(t>>11);
-
- if (--i == 0)
- {
- if (--n == 0) break;
- i=(n == 2)?6:5;
-
- x0+=p1[x3&0x3f];
- x1+=p1[x0&0x3f];
- x2+=p1[x1&0x3f];
- x3+=p1[x2&0x3f];
- }
- }
-
- d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
- d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
- }
-
-void RC2_decrypt(unsigned long *d, RC2_KEY *key)
- {
- int i,n;
- register RC2_INT *p0,*p1;
- register RC2_INT x0,x1,x2,x3,t;
- unsigned long l;
-
- l=d[0];
- x0=(RC2_INT)l&0xffff;
- x1=(RC2_INT)(l>>16L);
- l=d[1];
- x2=(RC2_INT)l&0xffff;
- x3=(RC2_INT)(l>>16L);
-
- n=3;
- i=5;
-
- p0= &(key->data[63]);
- p1= &(key->data[0]);
- for (;;)
- {
- t=((x3<<11)|(x3>>5))&0xffff;
- x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff;
- t=((x2<<13)|(x2>>3))&0xffff;
- x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff;
- t=((x1<<14)|(x1>>2))&0xffff;
- x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff;
- t=((x0<<15)|(x0>>1))&0xffff;
- x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff;
-
- if (--i == 0)
- {
- if (--n == 0) break;
- i=(n == 2)?6:5;
-
- x3=(x3-p1[x2&0x3f])&0xffff;
- x2=(x2-p1[x1&0x3f])&0xffff;
- x1=(x1-p1[x0&0x3f])&0xffff;
- x0=(x0-p1[x3&0x3f])&0xffff;
- }
- }
-
- d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
- d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_cbc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc2/rc2_cbc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_cbc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,228 @@
+/* crypto/rc2/rc2_cbc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ RC2_KEY *ks, unsigned char *iv, int encrypt)
+{
+ register unsigned long tin0, tin1;
+ register unsigned long tout0, tout1, xor0, xor1;
+ register long l = length;
+ unsigned long tin[2];
+
+ if (encrypt) {
+ c2l(iv, tout0);
+ c2l(iv, tout1);
+ iv -= 8;
+ for (l -= 8; l >= 0; l -= 8) {
+ c2l(in, tin0);
+ c2l(in, tin1);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ RC2_encrypt(tin, ks);
+ tout0 = tin[0];
+ l2c(tout0, out);
+ tout1 = tin[1];
+ l2c(tout1, out);
+ }
+ if (l != -8) {
+ c2ln(in, tin0, tin1, l + 8);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ RC2_encrypt(tin, ks);
+ tout0 = tin[0];
+ l2c(tout0, out);
+ tout1 = tin[1];
+ l2c(tout1, out);
+ }
+ l2c(tout0, iv);
+ l2c(tout1, iv);
+ } else {
+ c2l(iv, xor0);
+ c2l(iv, xor1);
+ iv -= 8;
+ for (l -= 8; l >= 0; l -= 8) {
+ c2l(in, tin0);
+ tin[0] = tin0;
+ c2l(in, tin1);
+ tin[1] = tin1;
+ RC2_decrypt(tin, ks);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2c(tout0, out);
+ l2c(tout1, out);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ if (l != -8) {
+ c2l(in, tin0);
+ tin[0] = tin0;
+ c2l(in, tin1);
+ tin[1] = tin1;
+ RC2_decrypt(tin, ks);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2cn(tout0, tout1, out, l + 8);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ l2c(xor0, iv);
+ l2c(xor1, iv);
+ }
+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+ tin[0] = tin[1] = 0;
+}
+
+void RC2_encrypt(unsigned long *d, RC2_KEY *key)
+{
+ int i, n;
+ register RC2_INT *p0, *p1;
+ register RC2_INT x0, x1, x2, x3, t;
+ unsigned long l;
+
+ l = d[0];
+ x0 = (RC2_INT) l & 0xffff;
+ x1 = (RC2_INT) (l >> 16L);
+ l = d[1];
+ x2 = (RC2_INT) l & 0xffff;
+ x3 = (RC2_INT) (l >> 16L);
+
+ n = 3;
+ i = 5;
+
+ p0 = p1 = &(key->data[0]);
+ for (;;) {
+ t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff;
+ x0 = (t << 1) | (t >> 15);
+ t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff;
+ x1 = (t << 2) | (t >> 14);
+ t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff;
+ x2 = (t << 3) | (t >> 13);
+ t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff;
+ x3 = (t << 5) | (t >> 11);
+
+ if (--i == 0) {
+ if (--n == 0)
+ break;
+ i = (n == 2) ? 6 : 5;
+
+ x0 += p1[x3 & 0x3f];
+ x1 += p1[x0 & 0x3f];
+ x2 += p1[x1 & 0x3f];
+ x3 += p1[x2 & 0x3f];
+ }
+ }
+
+ d[0] =
+ (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L);
+ d[1] =
+ (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L);
+}
+
+void RC2_decrypt(unsigned long *d, RC2_KEY *key)
+{
+ int i, n;
+ register RC2_INT *p0, *p1;
+ register RC2_INT x0, x1, x2, x3, t;
+ unsigned long l;
+
+ l = d[0];
+ x0 = (RC2_INT) l & 0xffff;
+ x1 = (RC2_INT) (l >> 16L);
+ l = d[1];
+ x2 = (RC2_INT) l & 0xffff;
+ x3 = (RC2_INT) (l >> 16L);
+
+ n = 3;
+ i = 5;
+
+ p0 = &(key->data[63]);
+ p1 = &(key->data[0]);
+ for (;;) {
+ t = ((x3 << 11) | (x3 >> 5)) & 0xffff;
+ x3 = (t - (x0 & ~x2) - (x1 & x2) - *(p0--)) & 0xffff;
+ t = ((x2 << 13) | (x2 >> 3)) & 0xffff;
+ x2 = (t - (x3 & ~x1) - (x0 & x1) - *(p0--)) & 0xffff;
+ t = ((x1 << 14) | (x1 >> 2)) & 0xffff;
+ x1 = (t - (x2 & ~x0) - (x3 & x0) - *(p0--)) & 0xffff;
+ t = ((x0 << 15) | (x0 >> 1)) & 0xffff;
+ x0 = (t - (x1 & ~x3) - (x2 & x3) - *(p0--)) & 0xffff;
+
+ if (--i == 0) {
+ if (--n == 0)
+ break;
+ i = (n == 2) ? 6 : 5;
+
+ x3 = (x3 - p1[x2 & 0x3f]) & 0xffff;
+ x2 = (x2 - p1[x1 & 0x3f]) & 0xffff;
+ x1 = (x1 - p1[x0 & 0x3f]) & 0xffff;
+ x0 = (x0 - p1[x3 & 0x3f]) & 0xffff;
+ }
+ }
+
+ d[0] =
+ (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L);
+ d[1] =
+ (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc2/rc2_ecb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,88 +0,0 @@
-/* crypto/rc2/rc2_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-#include <openssl/opensslv.h>
-
-const char RC2_version[]="RC2" OPENSSL_VERSION_PTEXT;
-
-/* RC2 as implemented frm a posting from
- * Newsgroups: sci.crypt
- * Sender: pgut01 at cs.auckland.ac.nz (Peter Gutmann)
- * Subject: Specification for Ron Rivests Cipher No.2
- * Message-ID: <4fk39f$f70 at net.auckland.ac.nz>
- * Date: 11 Feb 1996 06:45:03 GMT
- */
-
-void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
- int encrypt)
- {
- unsigned long l,d[2];
-
- c2l(in,l); d[0]=l;
- c2l(in,l); d[1]=l;
- if (encrypt)
- RC2_encrypt(d,ks);
- else
- RC2_decrypt(d,ks);
- l=d[0]; l2c(l,out);
- l=d[1]; l2c(l,out);
- l=d[0]=d[1]=0;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_ecb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc2/rc2_ecb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_ecb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,92 @@
+/* crypto/rc2/rc2_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+#include <openssl/opensslv.h>
+
+const char RC2_version[] = "RC2" OPENSSL_VERSION_PTEXT;
+
+/*-
+ * RC2 as implemented frm a posting from
+ * Newsgroups: sci.crypt
+ * Sender: pgut01 at cs.auckland.ac.nz (Peter Gutmann)
+ * Subject: Specification for Ron Rivests Cipher No.2
+ * Message-ID: <4fk39f$f70 at net.auckland.ac.nz>
+ * Date: 11 Feb 1996 06:45:03 GMT
+ */
+
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
+ int encrypt)
+{
+ unsigned long l, d[2];
+
+ c2l(in, l);
+ d[0] = l;
+ c2l(in, l);
+ d[1] = l;
+ if (encrypt)
+ RC2_encrypt(d, ks);
+ else
+ RC2_decrypt(d, ks);
+ l = d[0];
+ l2c(l, out);
+ l = d[1];
+ l2c(l, out);
+ l = d[0] = d[1] = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc2/rc2_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,156 +0,0 @@
-/* crypto/rc2/rc2_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#undef c2l
-#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
- l|=((unsigned long)(*((c)++)))<< 8L, \
- l|=((unsigned long)(*((c)++)))<<16L, \
- l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#undef c2ln
-#define c2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
- case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
- case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
- case 5: l2|=((unsigned long)(*(--(c)))); \
- case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
- case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
- case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
- case 1: l1|=((unsigned long)(*(--(c)))); \
- } \
- }
-
-#undef l2c
-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
- } \
- }
-
-/* NOTE - c is not incremented as per n2l */
-#define n2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c)))) ; \
- case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
- case 6: l2|=((unsigned long)(*(--(c))))<<16; \
- case 5: l2|=((unsigned long)(*(--(c))))<<24; \
- case 4: l1 =((unsigned long)(*(--(c)))) ; \
- case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
- case 2: l1|=((unsigned long)(*(--(c))))<<16; \
- case 1: l1|=((unsigned long)(*(--(c))))<<24; \
- } \
- }
-
-/* NOTE - c is not incremented as per l2n */
-#define l2nn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
- } \
- }
-
-#undef n2l
-#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
- l|=((unsigned long)(*((c)++)))<<16L, \
- l|=((unsigned long)(*((c)++)))<< 8L, \
- l|=((unsigned long)(*((c)++))))
-
-#undef l2n
-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-#define C_RC2(n) \
- t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
- x0=(t<<1)|(t>>15); \
- t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \
- x1=(t<<2)|(t>>14); \
- t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \
- x2=(t<<3)|(t>>13); \
- t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
- x3=(t<<5)|(t>>11);
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/rc2/rc2_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,155 @@
+/* crypto/rc2/rc2_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef c2l
+#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+ case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+ case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+ case 5: l2|=((unsigned long)(*(--(c)))); \
+ case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+ case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+ case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+ case 1: l1|=((unsigned long)(*(--(c)))); \
+ } \
+ }
+
+#undef l2c
+#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ } \
+ }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c)))) ; \
+ case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+ case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+ case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+ case 4: l1 =((unsigned long)(*(--(c)))) ; \
+ case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+ case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+ case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+ } \
+ }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+ } \
+ }
+
+#undef n2l
+#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+#define C_RC2(n) \
+ t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
+ x0=(t<<1)|(t>>15); \
+ t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \
+ x1=(t<<2)|(t>>14); \
+ t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \
+ x2=(t<<3)|(t>>13); \
+ t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
+ x3=(t<<5)|(t>>11);
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_skey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc2/rc2_skey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,162 +0,0 @@
-/* crypto/rc2/rc2_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include "rc2_locl.h"
-
-static unsigned char key_table[256]={
- 0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,
- 0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,
- 0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,
- 0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32,
- 0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22,
- 0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c,
- 0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f,
- 0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26,
- 0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b,
- 0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7,
- 0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde,
- 0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a,
- 0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e,
- 0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc,
- 0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85,
- 0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31,
- 0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10,
- 0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c,
- 0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b,
- 0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e,
- 0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68,
- 0xfe,0x7f,0xc1,0xad,
- };
-
-#if defined(_MSC_VER) && defined(_ARM_)
-#pragma optimize("g",off)
-#endif
-
-/* It has come to my attention that there are 2 versions of the RC2
- * key schedule. One which is normal, and anther which has a hook to
- * use a reduced key length.
- * BSAFE uses the 'retarded' version. What I previously shipped is
- * the same as specifying 1024 for the 'bits' parameter. Bsafe uses
- * a version where the bits parameter is the same as len*8 */
-
-#ifdef OPENSSL_FIPS
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
- {
- if (FIPS_mode())
- FIPS_BAD_ABORT(RC2)
- private_RC2_set_key(key, len, data, bits);
- }
-void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
- int bits)
-#else
-void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-#endif
- {
- int i,j;
- unsigned char *k;
- RC2_INT *ki;
- unsigned int c,d;
-
- k= (unsigned char *)&(key->data[0]);
- *k=0; /* for if there is a zero length key */
-
- if (len > 128) len=128;
- if (bits <= 0) bits=1024;
- if (bits > 1024) bits=1024;
-
- for (i=0; i<len; i++)
- k[i]=data[i];
-
- /* expand table */
- d=k[len-1];
- j=0;
- for (i=len; i < 128; i++,j++)
- {
- d=key_table[(k[j]+d)&0xff];
- k[i]=d;
- }
-
- /* hmm.... key reduction to 'bits' bits */
-
- j=(bits+7)>>3;
- i=128-j;
- c= (0xff>>(-bits & 0x07));
-
- d=key_table[k[i]&c];
- k[i]=d;
- while (i--)
- {
- d=key_table[k[i+j]^d];
- k[i]=d;
- }
-
- /* copy from bytes into RC2_INT's */
- ki= &(key->data[63]);
- for (i=127; i>=0; i-=2)
- *(ki--)=((k[i]<<8)|k[i-1])&0xffff;
- }
-
-#if defined(_MSC_VER)
-#pragma optimize("",on)
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_skey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc2/rc2_skey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_skey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,165 @@
+/* crypto/rc2/rc2_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc2.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#include "rc2_locl.h"
+
+static unsigned char key_table[256] = {
+ 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79,
+ 0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e,
+ 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5,
+ 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,
+ 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22,
+ 0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c,
+ 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, 0x12, 0x75, 0xca, 0x1f,
+ 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,
+ 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b,
+ 0xbc, 0x94, 0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7,
+ 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8, 0xea, 0xde,
+ 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,
+ 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e,
+ 0x04, 0x18, 0xa4, 0xec, 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc,
+ 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85,
+ 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,
+ 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10,
+ 0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c,
+ 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b,
+ 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
+ 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68,
+ 0xfe, 0x7f, 0xc1, 0xad,
+};
+
+#if defined(_MSC_VER) && defined(_ARM_)
+# pragma optimize("g",off)
+#endif
+
+/*
+ * It has come to my attention that there are 2 versions of the RC2 key
+ * schedule. One which is normal, and anther which has a hook to use a
+ * reduced key length. BSAFE uses the 'retarded' version. What I previously
+ * shipped is the same as specifying 1024 for the 'bits' parameter. Bsafe
+ * uses a version where the bits parameter is the same as len*8
+ */
+
+#ifdef OPENSSL_FIPS
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
+{
+ if (FIPS_mode())
+ FIPS_BAD_ABORT(RC2)
+ private_RC2_set_key(key, len, data, bits);
+}
+
+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
+ int bits)
+#else
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
+#endif
+{
+ int i, j;
+ unsigned char *k;
+ RC2_INT *ki;
+ unsigned int c, d;
+
+ k = (unsigned char *)&(key->data[0]);
+ *k = 0; /* for if there is a zero length key */
+
+ if (len > 128)
+ len = 128;
+ if (bits <= 0)
+ bits = 1024;
+ if (bits > 1024)
+ bits = 1024;
+
+ for (i = 0; i < len; i++)
+ k[i] = data[i];
+
+ /* expand table */
+ d = k[len - 1];
+ j = 0;
+ for (i = len; i < 128; i++, j++) {
+ d = key_table[(k[j] + d) & 0xff];
+ k[i] = d;
+ }
+
+ /* hmm.... key reduction to 'bits' bits */
+
+ j = (bits + 7) >> 3;
+ i = 128 - j;
+ c = (0xff >> (-bits & 0x07));
+
+ d = key_table[k[i] & c];
+ k[i] = d;
+ while (i--) {
+ d = key_table[k[i + j] ^ d];
+ k[i] = d;
+ }
+
+ /* copy from bytes into RC2_INT's */
+ ki = &(key->data[63]);
+ for (i = 127; i >= 0; i -= 2)
+ *(ki--) = ((k[i] << 8) | k[i - 1]) & 0xffff;
+}
+
+#if defined(_MSC_VER)
+# pragma optimize("",on)
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2cfb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc2/rc2cfb64.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2cfb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,122 +0,0 @@
-/* crypto/rc2/rc2cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC2_KEY *schedule, unsigned char *ivec,
- int *num, int encrypt)
- {
- register unsigned long v0,v1,t;
- register int n= *num;
- register long l=length;
- unsigned long ti[2];
- unsigned char *iv,c,cc;
-
- iv=(unsigned char *)ivec;
- if (encrypt)
- {
- while (l--)
- {
- if (n == 0)
- {
- c2l(iv,v0); ti[0]=v0;
- c2l(iv,v1); ti[1]=v1;
- RC2_encrypt((unsigned long *)ti,schedule);
- iv=(unsigned char *)ivec;
- t=ti[0]; l2c(t,iv);
- t=ti[1]; l2c(t,iv);
- iv=(unsigned char *)ivec;
- }
- c= *(in++)^iv[n];
- *(out++)=c;
- iv[n]=c;
- n=(n+1)&0x07;
- }
- }
- else
- {
- while (l--)
- {
- if (n == 0)
- {
- c2l(iv,v0); ti[0]=v0;
- c2l(iv,v1); ti[1]=v1;
- RC2_encrypt((unsigned long *)ti,schedule);
- iv=(unsigned char *)ivec;
- t=ti[0]; l2c(t,iv);
- t=ti[1]; l2c(t,iv);
- iv=(unsigned char *)ivec;
- }
- cc= *(in++);
- c=iv[n];
- iv[n]=cc;
- *(out++)=c^cc;
- n=(n+1)&0x07;
- }
- }
- v0=v1=ti[0]=ti[1]=t=c=cc=0;
- *num=n;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2cfb64.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc2/rc2cfb64.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2cfb64.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2cfb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,123 @@
+/* crypto/rc2/rc2cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, RC2_KEY *schedule, unsigned char *ivec,
+ int *num, int encrypt)
+{
+ register unsigned long v0, v1, t;
+ register int n = *num;
+ register long l = length;
+ unsigned long ti[2];
+ unsigned char *iv, c, cc;
+
+ iv = (unsigned char *)ivec;
+ if (encrypt) {
+ while (l--) {
+ if (n == 0) {
+ c2l(iv, v0);
+ ti[0] = v0;
+ c2l(iv, v1);
+ ti[1] = v1;
+ RC2_encrypt((unsigned long *)ti, schedule);
+ iv = (unsigned char *)ivec;
+ t = ti[0];
+ l2c(t, iv);
+ t = ti[1];
+ l2c(t, iv);
+ iv = (unsigned char *)ivec;
+ }
+ c = *(in++) ^ iv[n];
+ *(out++) = c;
+ iv[n] = c;
+ n = (n + 1) & 0x07;
+ }
+ } else {
+ while (l--) {
+ if (n == 0) {
+ c2l(iv, v0);
+ ti[0] = v0;
+ c2l(iv, v1);
+ ti[1] = v1;
+ RC2_encrypt((unsigned long *)ti, schedule);
+ iv = (unsigned char *)ivec;
+ t = ti[0];
+ l2c(t, iv);
+ t = ti[1];
+ l2c(t, iv);
+ iv = (unsigned char *)ivec;
+ }
+ cc = *(in++);
+ c = iv[n];
+ iv[n] = cc;
+ *(out++) = c ^ cc;
+ n = (n + 1) & 0x07;
+ }
+ }
+ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2ofb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc2/rc2ofb64.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2ofb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,111 +0,0 @@
-/* crypto/rc2/rc2ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc2.h>
-#include "rc2_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC2_KEY *schedule, unsigned char *ivec,
- int *num)
- {
- register unsigned long v0,v1,t;
- register int n= *num;
- register long l=length;
- unsigned char d[8];
- register char *dp;
- unsigned long ti[2];
- unsigned char *iv;
- int save=0;
-
- iv=(unsigned char *)ivec;
- c2l(iv,v0);
- c2l(iv,v1);
- ti[0]=v0;
- ti[1]=v1;
- dp=(char *)d;
- l2c(v0,dp);
- l2c(v1,dp);
- while (l--)
- {
- if (n == 0)
- {
- RC2_encrypt((unsigned long *)ti,schedule);
- dp=(char *)d;
- t=ti[0]; l2c(t,dp);
- t=ti[1]; l2c(t,dp);
- save++;
- }
- *(out++)= *(in++)^d[n];
- n=(n+1)&0x07;
- }
- if (save)
- {
- v0=ti[0];
- v1=ti[1];
- iv=(unsigned char *)ivec;
- l2c(v0,iv);
- l2c(v1,iv);
- }
- t=v0=v1=ti[0]=ti[1]=0;
- *num=n;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2ofb64.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc2/rc2ofb64.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2ofb64.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2ofb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,110 @@
+/* crypto/rc2/rc2ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, RC2_KEY *schedule, unsigned char *ivec,
+ int *num)
+{
+ register unsigned long v0, v1, t;
+ register int n = *num;
+ register long l = length;
+ unsigned char d[8];
+ register char *dp;
+ unsigned long ti[2];
+ unsigned char *iv;
+ int save = 0;
+
+ iv = (unsigned char *)ivec;
+ c2l(iv, v0);
+ c2l(iv, v1);
+ ti[0] = v0;
+ ti[1] = v1;
+ dp = (char *)d;
+ l2c(v0, dp);
+ l2c(v1, dp);
+ while (l--) {
+ if (n == 0) {
+ RC2_encrypt((unsigned long *)ti, schedule);
+ dp = (char *)d;
+ t = ti[0];
+ l2c(t, dp);
+ t = ti[1];
+ l2c(t, dp);
+ save++;
+ }
+ *(out++) = *(in++) ^ d[n];
+ n = (n + 1) & 0x07;
+ }
+ if (save) {
+ v0 = ti[0];
+ v1 = ti[1];
+ iv = (unsigned char *)ivec;
+ l2c(v0, iv);
+ l2c(v1, iv);
+ }
+ t = v0 = v1 = ti[0] = ti[1] = 0;
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2speed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc2/rc2speed.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2speed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,277 +0,0 @@
-/* crypto/rc2/rc2speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/rc2.h>
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-#ifndef CLK_TCK
-#define HZ 100.0
-#else /* CLK_TCK */
-#define HZ ((double)CLK_TCK)
-#endif /* CLK_TCK */
-#endif /* HZ */
-
-#define BUFSIZE ((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-double Time_F(int s)
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
- }
-
-int main(int argc, char **argv)
- {
- long count;
- static unsigned char buf[BUFSIZE];
- static unsigned char key[] ={
- 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
- };
- RC2_KEY sch;
- double a,b,c,d;
-#ifndef SIGALRM
- long ca,cb,cc;
-#endif
-
-#ifndef TIMES
- printf("To get the most accurate results, try to run this\n");
- printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
- printf("First we calculate the approximate speed ...\n");
- RC2_set_key(&sch,16,key,128);
- count=10;
- do {
- long i;
- unsigned long data[2];
-
- count*=2;
- Time_F(START);
- for (i=count; i; i--)
- RC2_encrypt(data,&sch);
- d=Time_F(STOP);
- } while (d < 3.0);
- ca=count/512;
- cb=count;
- cc=count*8/BUFSIZE+1;
- printf("Doing RC2_set_key %ld times\n",ca);
-#define COND(d) (count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
- printf("Doing RC2_set_key for 10 seconds\n");
- alarm(10);
-#endif
-
- Time_F(START);
- for (count=0,run=1; COND(ca); count+=4)
- {
- RC2_set_key(&sch,16,key,128);
- RC2_set_key(&sch,16,key,128);
- RC2_set_key(&sch,16,key,128);
- RC2_set_key(&sch,16,key,128);
- }
- d=Time_F(STOP);
- printf("%ld RC2_set_key's in %.2f seconds\n",count,d);
- a=((double)COUNT(ca))/d;
-
-#ifdef SIGALRM
- printf("Doing RC2_encrypt's for 10 seconds\n");
- alarm(10);
-#else
- printf("Doing RC2_encrypt %ld times\n",cb);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cb); count+=4)
- {
- unsigned long data[2];
-
- RC2_encrypt(data,&sch);
- RC2_encrypt(data,&sch);
- RC2_encrypt(data,&sch);
- RC2_encrypt(data,&sch);
- }
- d=Time_F(STOP);
- printf("%ld RC2_encrypt's in %.2f second\n",count,d);
- b=((double)COUNT(cb)*8)/d;
-
-#ifdef SIGALRM
- printf("Doing RC2_cbc_encrypt on %ld byte blocks for 10 seconds\n",
- BUFSIZE);
- alarm(10);
-#else
- printf("Doing RC2_cbc_encrypt %ld times on %ld byte blocks\n",cc,
- BUFSIZE);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cc); count++)
- RC2_cbc_encrypt(buf,buf,BUFSIZE,&sch,
- &(key[0]),RC2_ENCRYPT);
- d=Time_F(STOP);
- printf("%ld RC2_cbc_encrypt's of %ld byte blocks in %.2f second\n",
- count,BUFSIZE,d);
- c=((double)COUNT(cc)*BUFSIZE)/d;
-
- printf("RC2 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
- printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
- printf("RC2 cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
- exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
- return(0);
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2speed.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc2/rc2speed.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2speed.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2speed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,262 @@
+/* crypto/rc2/rc2speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+# define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+#endif
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+ /*
+ * Depending on the VMS version, the tms structure is perhaps defined.
+ * The __TMS macro will show if it was. If it wasn't defined, we should
+ * undefine TIMES, since that tells the rest of the program how things
+ * should be handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+#ifndef TIMES
+# include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+#include <openssl/rc2.h>
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# define HZ 100.0
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif /* CLK_TCK */
+#endif /* HZ */
+#define BUFSIZE ((long)1024)
+long run = 0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi) || defined(_AIX)
+# define SIGRETTYPE void
+# else
+# define SIGRETTYPE int
+# endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+{
+ signal(SIGALRM, sig_done);
+ run = 0;
+# ifdef LINT
+ sig = sig;
+# endif
+}
+#endif
+
+#define START 0
+#define STOP 1
+
+double Time_F(int s)
+{
+ double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#endif
+}
+
+int main(int argc, char **argv)
+{
+ long count;
+ static unsigned char buf[BUFSIZE];
+ static unsigned char key[] = {
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+ };
+ RC2_KEY sch;
+ double a, b, c, d;
+#ifndef SIGALRM
+ long ca, cb, cc;
+#endif
+
+#ifndef TIMES
+ printf("To get the most accurate results, try to run this\n");
+ printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+ printf("First we calculate the approximate speed ...\n");
+ RC2_set_key(&sch, 16, key, 128);
+ count = 10;
+ do {
+ long i;
+ unsigned long data[2];
+
+ count *= 2;
+ Time_F(START);
+ for (i = count; i; i--)
+ RC2_encrypt(data, &sch);
+ d = Time_F(STOP);
+ } while (d < 3.0);
+ ca = count / 512;
+ cb = count;
+ cc = count * 8 / BUFSIZE + 1;
+ printf("Doing RC2_set_key %ld times\n", ca);
+# define COND(d) (count != (d))
+# define COUNT(d) (d)
+#else
+# define COND(c) (run)
+# define COUNT(d) (count)
+ signal(SIGALRM, sig_done);
+ printf("Doing RC2_set_key for 10 seconds\n");
+ alarm(10);
+#endif
+
+ Time_F(START);
+ for (count = 0, run = 1; COND(ca); count += 4) {
+ RC2_set_key(&sch, 16, key, 128);
+ RC2_set_key(&sch, 16, key, 128);
+ RC2_set_key(&sch, 16, key, 128);
+ RC2_set_key(&sch, 16, key, 128);
+ }
+ d = Time_F(STOP);
+ printf("%ld RC2_set_key's in %.2f seconds\n", count, d);
+ a = ((double)COUNT(ca)) / d;
+
+#ifdef SIGALRM
+ printf("Doing RC2_encrypt's for 10 seconds\n");
+ alarm(10);
+#else
+ printf("Doing RC2_encrypt %ld times\n", cb);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cb); count += 4) {
+ unsigned long data[2];
+
+ RC2_encrypt(data, &sch);
+ RC2_encrypt(data, &sch);
+ RC2_encrypt(data, &sch);
+ RC2_encrypt(data, &sch);
+ }
+ d = Time_F(STOP);
+ printf("%ld RC2_encrypt's in %.2f second\n", count, d);
+ b = ((double)COUNT(cb) * 8) / d;
+
+#ifdef SIGALRM
+ printf("Doing RC2_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+ BUFSIZE);
+ alarm(10);
+#else
+ printf("Doing RC2_cbc_encrypt %ld times on %ld byte blocks\n", cc,
+ BUFSIZE);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cc); count++)
+ RC2_cbc_encrypt(buf, buf, BUFSIZE, &sch, &(key[0]), RC2_ENCRYPT);
+ d = Time_F(STOP);
+ printf("%ld RC2_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+ count, BUFSIZE, d);
+ c = ((double)COUNT(cc) * BUFSIZE) / d;
+
+ printf("RC2 set_key per sec = %12.2f (%9.3fuS)\n", a, 1.0e6 / a);
+ printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n", b, 8.0e6 / b);
+ printf("RC2 cbc bytes per sec = %12.2f (%9.3fuS)\n", c, 8.0e6 / c);
+ exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+ return (0);
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc2/rc2test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,274 +0,0 @@
-/* crypto/rc2/rc2test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* This has been a quickly hacked 'ideatest.c'. When I add tests for other
- * RC2 modes, more of the code will be uncommented. */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_RC2
-int main(int argc, char *argv[])
-{
- printf("No RC2 support\n");
- return(0);
-}
-#else
-#include <openssl/rc2.h>
-
-static unsigned char RC2key[4][16]={
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F},
- };
-
-static unsigned char RC2plain[4][8]={
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- };
-
-static unsigned char RC2cipher[4][8]={
- {0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7},
- {0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74},
- {0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E},
- {0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31},
- };
-/************/
-#ifdef undef
-unsigned char k[16]={
- 0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
- 0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
-
-unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
-unsigned char c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
-unsigned char out[80];
-
-char *text="Hello to all people out there";
-
-static unsigned char cfb_key[16]={
- 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
- 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
- };
-static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
-static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
-#define CFB_TEST_SIZE 24
-static unsigned char plain[CFB_TEST_SIZE]=
- {
- 0x4e,0x6f,0x77,0x20,0x69,0x73,
- 0x20,0x74,0x68,0x65,0x20,0x74,
- 0x69,0x6d,0x65,0x20,0x66,0x6f,
- 0x72,0x20,0x61,0x6c,0x6c,0x20
- };
-static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
- 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
- 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
- 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
-
-/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
- 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
- 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
- };
-
-
-/*static int cfb64_test(unsigned char *cfb_cipher);*/
-static char *pt(unsigned char *p);
-#endif
-
-int main(int argc, char *argv[])
- {
- int i,n,err=0;
- RC2_KEY key;
- unsigned char buf[8],buf2[8];
-
- for (n=0; n<4; n++)
- {
- RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */);
-
- RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT);
- if (memcmp(&(RC2cipher[n][0]),buf,8) != 0)
- {
- printf("ecb rc2 error encrypting\n");
- printf("got :");
- for (i=0; i<8; i++)
- printf("%02X ",buf[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<8; i++)
- printf("%02X ",RC2cipher[n][i]);
- err=20;
- printf("\n");
- }
-
- RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT);
- if (memcmp(&(RC2plain[n][0]),buf2,8) != 0)
- {
- printf("ecb RC2 error decrypting\n");
- printf("got :");
- for (i=0; i<8; i++)
- printf("%02X ",buf[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<8; i++)
- printf("%02X ",RC2plain[n][i]);
- printf("\n");
- err=3;
- }
- }
-
- if (err == 0) printf("ecb RC2 ok\n");
-#ifdef undef
- memcpy(iv,k,8);
- idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
- memcpy(iv,k,8);
- idea_cbc_encrypt(out,out,8,&dkey,iv,0);
- idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
- if (memcmp(text,out,strlen(text)+1) != 0)
- {
- printf("cbc idea bad\n");
- err=4;
- }
- else
- printf("cbc idea ok\n");
-
- printf("cfb64 idea ");
- if (cfb64_test(cfb_cipher64))
- {
- printf("bad\n");
- err=5;
- }
- else
- printf("ok\n");
-#endif
-
-#ifdef OPENSSL_SYS_NETWARE
- if (err) printf("ERROR: %d\n", err);
-#endif
- EXIT(err);
- return(err);
- }
-
-#ifdef undef
-static int cfb64_test(unsigned char *cfb_cipher)
- {
- IDEA_KEY_SCHEDULE eks,dks;
- int err=0,i,n;
-
- idea_set_encrypt_key(cfb_key,&eks);
- idea_set_decrypt_key(&eks,&dks);
- memcpy(cfb_tmp,cfb_iv,8);
- n=0;
- idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
- cfb_tmp,&n,IDEA_ENCRYPT);
- idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
- (long)CFB_TEST_SIZE-12,&eks,
- cfb_tmp,&n,IDEA_ENCRYPT);
- if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
- {
- err=1;
- printf("idea_cfb64_encrypt encrypt error\n");
- for (i=0; i<CFB_TEST_SIZE; i+=8)
- printf("%s\n",pt(&(cfb_buf1[i])));
- }
- memcpy(cfb_tmp,cfb_iv,8);
- n=0;
- idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
- cfb_tmp,&n,IDEA_DECRYPT);
- idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
- (long)CFB_TEST_SIZE-17,&dks,
- cfb_tmp,&n,IDEA_DECRYPT);
- if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
- {
- err=1;
- printf("idea_cfb_encrypt decrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf2[i])));
- }
- return(err);
- }
-
-static char *pt(unsigned char *p)
- {
- static char bufs[10][20];
- static int bnum=0;
- char *ret;
- int i;
- static char *f="0123456789ABCDEF";
-
- ret= &(bufs[bnum++][0]);
- bnum%=10;
- for (i=0; i<8; i++)
- {
- ret[i*2]=f[(p[i]>>4)&0xf];
- ret[i*2+1]=f[p[i]&0xf];
- }
- ret[16]='\0';
- return(ret);
- }
-
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc2/rc2test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/rc2test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,274 @@
+/* crypto/rc2/rc2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * This has been a quickly hacked 'ideatest.c'. When I add tests for other
+ * RC2 modes, more of the code will be uncommented.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC2
+int main(int argc, char *argv[])
+{
+ printf("No RC2 support\n");
+ return (0);
+}
+#else
+# include <openssl/rc2.h>
+
+static unsigned char RC2key[4][16] = {
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F},
+};
+
+static unsigned char RC2plain[4][8] = {
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+};
+
+static unsigned char RC2cipher[4][8] = {
+ {0x1C, 0x19, 0x8A, 0x83, 0x8D, 0xF0, 0x28, 0xB7},
+ {0x21, 0x82, 0x9C, 0x78, 0xA9, 0xF9, 0xC0, 0x74},
+ {0x13, 0xDB, 0x35, 0x17, 0xD3, 0x21, 0x86, 0x9E},
+ {0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31},
+};
+
+/************/
+# ifdef undef
+unsigned char k[16] = {
+ 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04,
+ 0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08
+};
+
+unsigned char in[8] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 };
+unsigned char c[8] = { 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 };
+
+unsigned char out[80];
+
+char *text = "Hello to all people out there";
+
+static unsigned char cfb_key[16] = {
+ 0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96,
+ 0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e,
+};
+static unsigned char cfb_iv[80] =
+ { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd };
+static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8];
+# define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE] = {
+ 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73,
+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x74,
+ 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f,
+ 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20
+};
+
+static unsigned char cfb_cipher64[CFB_TEST_SIZE] = {
+ 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F,
+ 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A,
+ 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45
+/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+ 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+ 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+};
+
+/*
+ * static int cfb64_test(unsigned char *cfb_cipher);
+ */
+static char *pt(unsigned char *p);
+# endif
+
+int main(int argc, char *argv[])
+{
+ int i, n, err = 0;
+ RC2_KEY key;
+ unsigned char buf[8], buf2[8];
+
+ for (n = 0; n < 4; n++) {
+ RC2_set_key(&key, 16, &(RC2key[n][0]), 0 /* or 1024 */ );
+
+ RC2_ecb_encrypt(&(RC2plain[n][0]), buf, &key, RC2_ENCRYPT);
+ if (memcmp(&(RC2cipher[n][0]), buf, 8) != 0) {
+ printf("ecb rc2 error encrypting\n");
+ printf("got :");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", buf[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", RC2cipher[n][i]);
+ err = 20;
+ printf("\n");
+ }
+
+ RC2_ecb_encrypt(buf, buf2, &key, RC2_DECRYPT);
+ if (memcmp(&(RC2plain[n][0]), buf2, 8) != 0) {
+ printf("ecb RC2 error decrypting\n");
+ printf("got :");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", buf[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", RC2plain[n][i]);
+ printf("\n");
+ err = 3;
+ }
+ }
+
+ if (err == 0)
+ printf("ecb RC2 ok\n");
+# ifdef undef
+ memcpy(iv, k, 8);
+ idea_cbc_encrypt((unsigned char *)text, out, strlen(text) + 1, &key, iv,
+ 1);
+ memcpy(iv, k, 8);
+ idea_cbc_encrypt(out, out, 8, &dkey, iv, 0);
+ idea_cbc_encrypt(&(out[8]), &(out[8]), strlen(text) + 1 - 8, &dkey, iv,
+ 0);
+ if (memcmp(text, out, strlen(text) + 1) != 0) {
+ printf("cbc idea bad\n");
+ err = 4;
+ } else
+ printf("cbc idea ok\n");
+
+ printf("cfb64 idea ");
+ if (cfb64_test(cfb_cipher64)) {
+ printf("bad\n");
+ err = 5;
+ } else
+ printf("ok\n");
+# endif
+
+# ifdef OPENSSL_SYS_NETWARE
+ if (err)
+ printf("ERROR: %d\n", err);
+# endif
+ EXIT(err);
+ return (err);
+}
+
+# ifdef undef
+static int cfb64_test(unsigned char *cfb_cipher)
+{
+ IDEA_KEY_SCHEDULE eks, dks;
+ int err = 0, i, n;
+
+ idea_set_encrypt_key(cfb_key, &eks);
+ idea_set_decrypt_key(&eks, &dks);
+ memcpy(cfb_tmp, cfb_iv, 8);
+ n = 0;
+ idea_cfb64_encrypt(plain, cfb_buf1, (long)12, &eks,
+ cfb_tmp, &n, IDEA_ENCRYPT);
+ idea_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]),
+ (long)CFB_TEST_SIZE - 12, &eks,
+ cfb_tmp, &n, IDEA_ENCRYPT);
+ if (memcmp(cfb_cipher, cfb_buf1, CFB_TEST_SIZE) != 0) {
+ err = 1;
+ printf("idea_cfb64_encrypt encrypt error\n");
+ for (i = 0; i < CFB_TEST_SIZE; i += 8)
+ printf("%s\n", pt(&(cfb_buf1[i])));
+ }
+ memcpy(cfb_tmp, cfb_iv, 8);
+ n = 0;
+ idea_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &eks,
+ cfb_tmp, &n, IDEA_DECRYPT);
+ idea_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]),
+ (long)CFB_TEST_SIZE - 17, &dks,
+ cfb_tmp, &n, IDEA_DECRYPT);
+ if (memcmp(plain, cfb_buf2, CFB_TEST_SIZE) != 0) {
+ err = 1;
+ printf("idea_cfb_encrypt decrypt error\n");
+ for (i = 0; i < 24; i += 8)
+ printf("%s\n", pt(&(cfb_buf2[i])));
+ }
+ return (err);
+}
+
+static char *pt(unsigned char *p)
+{
+ static char bufs[10][20];
+ static int bnum = 0;
+ char *ret;
+ int i;
+ static char *f = "0123456789ABCDEF";
+
+ ret = &(bufs[bnum++][0]);
+ bnum %= 10;
+ for (i = 0; i < 8; i++) {
+ ret[i * 2] = f[(p[i] >> 4) & 0xf];
+ ret[i * 2 + 1] = f[p[i] & 0xf];
+ }
+ ret[16] = '\0';
+ return (ret);
+}
+
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc2/tab.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc2/tab.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/tab.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,86 +0,0 @@
-#include <stdio.h>
-
-unsigned char ebits_to_num[256]={
- 0xbd,0x56,0xea,0xf2,0xa2,0xf1,0xac,0x2a,
- 0xb0,0x93,0xd1,0x9c,0x1b,0x33,0xfd,0xd0,
- 0x30,0x04,0xb6,0xdc,0x7d,0xdf,0x32,0x4b,
- 0xf7,0xcb,0x45,0x9b,0x31,0xbb,0x21,0x5a,
- 0x41,0x9f,0xe1,0xd9,0x4a,0x4d,0x9e,0xda,
- 0xa0,0x68,0x2c,0xc3,0x27,0x5f,0x80,0x36,
- 0x3e,0xee,0xfb,0x95,0x1a,0xfe,0xce,0xa8,
- 0x34,0xa9,0x13,0xf0,0xa6,0x3f,0xd8,0x0c,
- 0x78,0x24,0xaf,0x23,0x52,0xc1,0x67,0x17,
- 0xf5,0x66,0x90,0xe7,0xe8,0x07,0xb8,0x60,
- 0x48,0xe6,0x1e,0x53,0xf3,0x92,0xa4,0x72,
- 0x8c,0x08,0x15,0x6e,0x86,0x00,0x84,0xfa,
- 0xf4,0x7f,0x8a,0x42,0x19,0xf6,0xdb,0xcd,
- 0x14,0x8d,0x50,0x12,0xba,0x3c,0x06,0x4e,
- 0xec,0xb3,0x35,0x11,0xa1,0x88,0x8e,0x2b,
- 0x94,0x99,0xb7,0x71,0x74,0xd3,0xe4,0xbf,
- 0x3a,0xde,0x96,0x0e,0xbc,0x0a,0xed,0x77,
- 0xfc,0x37,0x6b,0x03,0x79,0x89,0x62,0xc6,
- 0xd7,0xc0,0xd2,0x7c,0x6a,0x8b,0x22,0xa3,
- 0x5b,0x05,0x5d,0x02,0x75,0xd5,0x61,0xe3,
- 0x18,0x8f,0x55,0x51,0xad,0x1f,0x0b,0x5e,
- 0x85,0xe5,0xc2,0x57,0x63,0xca,0x3d,0x6c,
- 0xb4,0xc5,0xcc,0x70,0xb2,0x91,0x59,0x0d,
- 0x47,0x20,0xc8,0x4f,0x58,0xe0,0x01,0xe2,
- 0x16,0x38,0xc4,0x6f,0x3b,0x0f,0x65,0x46,
- 0xbe,0x7e,0x2d,0x7b,0x82,0xf9,0x40,0xb5,
- 0x1d,0x73,0xf8,0xeb,0x26,0xc7,0x87,0x97,
- 0x25,0x54,0xb1,0x28,0xaa,0x98,0x9d,0xa5,
- 0x64,0x6d,0x7a,0xd4,0x10,0x81,0x44,0xef,
- 0x49,0xd6,0xae,0x2e,0xdd,0x76,0x5c,0x2f,
- 0xa7,0x1c,0xc9,0x09,0x69,0x9a,0x83,0xcf,
- 0x29,0x39,0xb9,0xe9,0x4c,0xff,0x43,0xab,
- };
-
-unsigned char num_to_ebits[256]={
- 0x5d,0xbe,0x9b,0x8b,0x11,0x99,0x6e,0x4d,
- 0x59,0xf3,0x85,0xa6,0x3f,0xb7,0x83,0xc5,
- 0xe4,0x73,0x6b,0x3a,0x68,0x5a,0xc0,0x47,
- 0xa0,0x64,0x34,0x0c,0xf1,0xd0,0x52,0xa5,
- 0xb9,0x1e,0x96,0x43,0x41,0xd8,0xd4,0x2c,
- 0xdb,0xf8,0x07,0x77,0x2a,0xca,0xeb,0xef,
- 0x10,0x1c,0x16,0x0d,0x38,0x72,0x2f,0x89,
- 0xc1,0xf9,0x80,0xc4,0x6d,0xae,0x30,0x3d,
- 0xce,0x20,0x63,0xfe,0xe6,0x1a,0xc7,0xb8,
- 0x50,0xe8,0x24,0x17,0xfc,0x25,0x6f,0xbb,
- 0x6a,0xa3,0x44,0x53,0xd9,0xa2,0x01,0xab,
- 0xbc,0xb6,0x1f,0x98,0xee,0x9a,0xa7,0x2d,
- 0x4f,0x9e,0x8e,0xac,0xe0,0xc6,0x49,0x46,
- 0x29,0xf4,0x94,0x8a,0xaf,0xe1,0x5b,0xc3,
- 0xb3,0x7b,0x57,0xd1,0x7c,0x9c,0xed,0x87,
- 0x40,0x8c,0xe2,0xcb,0x93,0x14,0xc9,0x61,
- 0x2e,0xe5,0xcc,0xf6,0x5e,0xa8,0x5c,0xd6,
- 0x75,0x8d,0x62,0x95,0x58,0x69,0x76,0xa1,
- 0x4a,0xb5,0x55,0x09,0x78,0x33,0x82,0xd7,
- 0xdd,0x79,0xf5,0x1b,0x0b,0xde,0x26,0x21,
- 0x28,0x74,0x04,0x97,0x56,0xdf,0x3c,0xf0,
- 0x37,0x39,0xdc,0xff,0x06,0xa4,0xea,0x42,
- 0x08,0xda,0xb4,0x71,0xb0,0xcf,0x12,0x7a,
- 0x4e,0xfa,0x6c,0x1d,0x84,0x00,0xc8,0x7f,
- 0x91,0x45,0xaa,0x2b,0xc2,0xb1,0x8f,0xd5,
- 0xba,0xf2,0xad,0x19,0xb2,0x67,0x36,0xf7,
- 0x0f,0x0a,0x92,0x7d,0xe3,0x9d,0xe9,0x90,
- 0x3e,0x23,0x27,0x66,0x13,0xec,0x81,0x15,
- 0xbd,0x22,0xbf,0x9f,0x7e,0xa9,0x51,0x4b,
- 0x4c,0xfb,0x02,0xd3,0x70,0x86,0x31,0xe7,
- 0x3b,0x05,0x03,0x54,0x60,0x48,0x65,0x18,
- 0xd2,0xcd,0x5f,0x32,0x88,0x0e,0x35,0xfd,
- };
-
-main()
- {
- int i,j;
-
- for (i=0; i<256; i++)
- {
- for (j=0; j<256; j++)
- if (ebits_to_num[j] == i)
- {
- printf("0x%02x,",j);
- break;
- }
- }
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc2/tab.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc2/tab.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc2/tab.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc2/tab.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,84 @@
+#include <stdio.h>
+
+unsigned char ebits_to_num[256] = {
+ 0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a,
+ 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
+ 0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b,
+ 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
+ 0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda,
+ 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
+ 0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8,
+ 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
+ 0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17,
+ 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
+ 0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72,
+ 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
+ 0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd,
+ 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
+ 0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b,
+ 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
+ 0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77,
+ 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
+ 0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3,
+ 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
+ 0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e,
+ 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
+ 0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d,
+ 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
+ 0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46,
+ 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
+ 0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97,
+ 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
+ 0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef,
+ 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
+ 0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf,
+ 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab,
+};
+
+unsigned char num_to_ebits[256] = {
+ 0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d,
+ 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
+ 0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47,
+ 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
+ 0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c,
+ 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
+ 0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89,
+ 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
+ 0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8,
+ 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
+ 0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab,
+ 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
+ 0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46,
+ 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
+ 0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87,
+ 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
+ 0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6,
+ 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
+ 0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7,
+ 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
+ 0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0,
+ 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
+ 0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a,
+ 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
+ 0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5,
+ 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
+ 0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90,
+ 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
+ 0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b,
+ 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
+ 0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18,
+ 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd,
+};
+
+main()
+{
+ int i, j;
+
+ for (i = 0; i < 256; i++) {
+ for (j = 0; j < 256; j++)
+ if (ebits_to_num[j] == i) {
+ printf("0x%02x,", j);
+ break;
+ }
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc4/rc4.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,193 +0,0 @@
-/* crypto/rc4/rc4.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/rc4.h>
-#include <openssl/evp.h>
-
-char *usage[]={
-"usage: rc4 args\n",
-"\n",
-" -in arg - input file - default stdin\n",
-" -out arg - output file - default stdout\n",
-" -key key - password\n",
-NULL
-};
-
-int main(int argc, char *argv[])
- {
- FILE *in=NULL,*out=NULL;
- char *infile=NULL,*outfile=NULL,*keystr=NULL;
- RC4_KEY key;
- char buf[BUFSIZ];
- int badops=0,i;
- char **pp;
- unsigned char md[MD5_DIGEST_LENGTH];
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- keystr= *(++argv);
- }
- else
- {
- fprintf(stderr,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- for (pp=usage; (*pp != NULL); pp++)
- fprintf(stderr,"%s",*pp);
- exit(1);
- }
-
- if (infile == NULL)
- in=stdin;
- else
- {
- in=fopen(infile,"r");
- if (in == NULL)
- {
- perror("open");
- exit(1);
- }
-
- }
- if (outfile == NULL)
- out=stdout;
- else
- {
- out=fopen(outfile,"w");
- if (out == NULL)
- {
- perror("open");
- exit(1);
- }
- }
-
-#ifdef OPENSSL_SYS_MSDOS
- /* This should set the file to binary mode. */
- {
-#include <fcntl.h>
- setmode(fileno(in),O_BINARY);
- setmode(fileno(out),O_BINARY);
- }
-#endif
-
- if (keystr == NULL)
- { /* get key */
- i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
- if (i != 0)
- {
- OPENSSL_cleanse(buf,BUFSIZ);
- fprintf(stderr,"bad password read\n");
- exit(1);
- }
- keystr=buf;
- }
-
- EVP_Digest((unsigned char *)keystr,strlen(keystr),md,NULL,EVP_md5(),NULL);
- OPENSSL_cleanse(keystr,strlen(keystr));
- RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
-
- for(;;)
- {
- i=fread(buf,1,BUFSIZ,in);
- if (i == 0) break;
- if (i < 0)
- {
- perror("read");
- exit(1);
- }
- RC4(&key,(unsigned int)i,(unsigned char *)buf,
- (unsigned char *)buf);
- i=fwrite(buf,(unsigned int)i,1,out);
- if (i != 1)
- {
- perror("write");
- exit(1);
- }
- }
- fclose(out);
- fclose(in);
- exit(0);
- return(1);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc4/rc4.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,179 @@
+/* crypto/rc4/rc4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/rc4.h>
+#include <openssl/evp.h>
+
+char *usage[] = {
+ "usage: rc4 args\n",
+ "\n",
+ " -in arg - input file - default stdin\n",
+ " -out arg - output file - default stdout\n",
+ " -key key - password\n",
+ NULL
+};
+
+int main(int argc, char *argv[])
+{
+ FILE *in = NULL, *out = NULL;
+ char *infile = NULL, *outfile = NULL, *keystr = NULL;
+ RC4_KEY key;
+ char buf[BUFSIZ];
+ int badops = 0, i;
+ char **pp;
+ unsigned char md[MD5_DIGEST_LENGTH];
+
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ infile = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outfile = *(++argv);
+ } else if (strcmp(*argv, "-key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ keystr = *(++argv);
+ } else {
+ fprintf(stderr, "unknown option %s\n", *argv);
+ badops = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (badops) {
+ bad:
+ for (pp = usage; (*pp != NULL); pp++)
+ fprintf(stderr, "%s", *pp);
+ exit(1);
+ }
+
+ if (infile == NULL)
+ in = stdin;
+ else {
+ in = fopen(infile, "r");
+ if (in == NULL) {
+ perror("open");
+ exit(1);
+ }
+
+ }
+ if (outfile == NULL)
+ out = stdout;
+ else {
+ out = fopen(outfile, "w");
+ if (out == NULL) {
+ perror("open");
+ exit(1);
+ }
+ }
+
+#ifdef OPENSSL_SYS_MSDOS
+ /* This should set the file to binary mode. */
+ {
+# include <fcntl.h>
+ setmode(fileno(in), O_BINARY);
+ setmode(fileno(out), O_BINARY);
+ }
+#endif
+
+ if (keystr == NULL) { /* get key */
+ i = EVP_read_pw_string(buf, BUFSIZ, "Enter RC4 password:", 0);
+ if (i != 0) {
+ OPENSSL_cleanse(buf, BUFSIZ);
+ fprintf(stderr, "bad password read\n");
+ exit(1);
+ }
+ keystr = buf;
+ }
+
+ EVP_Digest((unsigned char *)keystr, strlen(keystr), md, NULL, EVP_md5(),
+ NULL);
+ OPENSSL_cleanse(keystr, strlen(keystr));
+ RC4_set_key(&key, MD5_DIGEST_LENGTH, md);
+
+ for (;;) {
+ i = fread(buf, 1, BUFSIZ, in);
+ if (i == 0)
+ break;
+ if (i < 0) {
+ perror("read");
+ exit(1);
+ }
+ RC4(&key, (unsigned int)i, (unsigned char *)buf,
+ (unsigned char *)buf);
+ i = fwrite(buf, (unsigned int)i, 1, out);
+ if (i != 1) {
+ perror("write");
+ exit(1);
+ }
+ }
+ fclose(out);
+ fclose(in);
+ exit(0);
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc4/rc4.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,90 +0,0 @@
-/* crypto/rc4/rc4.h */
-/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RC4_H
-#define HEADER_RC4_H
-
-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC4, RC4_INT */
-#ifdef OPENSSL_NO_RC4
-#error RC4 is disabled.
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct rc4_key_st
- {
- RC4_INT x,y;
- RC4_INT data[256];
- } RC4_KEY;
-
-
-const char *RC4_options(void);
-#ifdef OPENSSL_FIPS
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-#endif
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
- unsigned char *outdata);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.h (from rev 6976, vendor-crypto/openssl/dist/crypto/rc4/rc4.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,88 @@
+/* crypto/rc4/rc4.h */
+/* Copyright (C) 1995-1997 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RC4_H
+# define HEADER_RC4_H
+
+# include <openssl/opensslconf.h>/* OPENSSL_NO_RC4, RC4_INT */
+# ifdef OPENSSL_NO_RC4
+# error RC4 is disabled.
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct rc4_key_st {
+ RC4_INT x, y;
+ RC4_INT data[256];
+} RC4_KEY;
+
+const char *RC4_options(void);
+# ifdef OPENSSL_FIPS
+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+# endif
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+ unsigned char *outdata);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc4/rc4_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,315 +0,0 @@
-/* crypto/rc4/rc4_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc4.h>
-#include "rc4_locl.h"
-
-/* RC4 as implemented from a posting from
- * Newsgroups: sci.crypt
- * From: sterndark at netcom.com (David Sterndark)
- * Subject: RC4 Algorithm revealed.
- * Message-ID: <sternCvKL4B.Hyy at netcom.com>
- * Date: Wed, 14 Sep 1994 06:35:31 GMT
- */
-
-void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
- unsigned char *outdata)
- {
- register RC4_INT *d;
- register RC4_INT x,y,tx,ty;
- int i;
-
- x=key->x;
- y=key->y;
- d=key->data;
-
-#if defined(RC4_CHUNK)
- /*
- * The original reason for implementing this(*) was the fact that
- * pre-21164a Alpha CPUs don't have byte load/store instructions
- * and e.g. a byte store has to be done with 64-bit load, shift,
- * and, or and finally 64-bit store. Peaking data and operating
- * at natural word size made it possible to reduce amount of
- * instructions as well as to perform early read-ahead without
- * suffering from RAW (read-after-write) hazard. This resulted
- * in ~40%(**) performance improvement on 21064 box with gcc.
- * But it's not only Alpha users who win here:-) Thanks to the
- * early-n-wide read-ahead this implementation also exhibits
- * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending
- * on sizeof(RC4_INT)).
- *
- * (*) "this" means code which recognizes the case when input
- * and output pointers appear to be aligned at natural CPU
- * word boundary
- * (**) i.e. according to 'apps/openssl speed rc4' benchmark,
- * crypto/rc4/rc4speed.c exhibits almost 70% speed-up...
- *
- * Cavets.
- *
- * - RC4_CHUNK="unsigned long long" should be a #1 choice for
- * UltraSPARC. Unfortunately gcc generates very slow code
- * (2.5-3 times slower than one generated by Sun's WorkShop
- * C) and therefore gcc (at least 2.95 and earlier) should
- * always be told that RC4_CHUNK="unsigned long".
- *
- * <appro at fy.chalmers.se>
- */
-
-# define RC4_STEP ( \
- x=(x+1) &0xff, \
- tx=d[x], \
- y=(tx+y)&0xff, \
- ty=d[y], \
- d[y]=tx, \
- d[x]=ty, \
- (RC4_CHUNK)d[(tx+ty)&0xff]\
- )
-
- if ( ( ((unsigned long)indata & (sizeof(RC4_CHUNK)-1)) |
- ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 )
- {
- RC4_CHUNK ichunk,otp;
- const union { long one; char little; } is_endian = {1};
-
- /*
- * I reckon we can afford to implement both endian
- * cases and to decide which way to take at run-time
- * because the machine code appears to be very compact
- * and redundant 1-2KB is perfectly tolerable (i.e.
- * in case the compiler fails to eliminate it:-). By
- * suggestion from Terrel Larson <terr at terralogic.net>
- * who also stands for the is_endian union:-)
- *
- * Special notes.
- *
- * - is_endian is declared automatic as doing otherwise
- * (declaring static) prevents gcc from eliminating
- * the redundant code;
- * - compilers (those I've tried) don't seem to have
- * problems eliminating either the operators guarded
- * by "if (sizeof(RC4_CHUNK)==8)" or the condition
- * expressions themselves so I've got 'em to replace
- * corresponding #ifdefs from the previous version;
- * - I chose to let the redundant switch cases when
- * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed
- * before);
- * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in
- * [LB]ESHFT guards against "shift is out of range"
- * warnings when sizeof(RC4_CHUNK)!=8
- *
- * <appro at fy.chalmers.se>
- */
- if (!is_endian.little)
- { /* BIG-ENDIAN CASE */
-# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
- for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
- {
- ichunk = *(RC4_CHUNK *)indata;
- otp = RC4_STEP<<BESHFT(0);
- otp |= RC4_STEP<<BESHFT(1);
- otp |= RC4_STEP<<BESHFT(2);
- otp |= RC4_STEP<<BESHFT(3);
- if (sizeof(RC4_CHUNK)==8)
- {
- otp |= RC4_STEP<<BESHFT(4);
- otp |= RC4_STEP<<BESHFT(5);
- otp |= RC4_STEP<<BESHFT(6);
- otp |= RC4_STEP<<BESHFT(7);
- }
- *(RC4_CHUNK *)outdata = otp^ichunk;
- indata += sizeof(RC4_CHUNK);
- outdata += sizeof(RC4_CHUNK);
- }
- if (len)
- {
- RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
-
- ichunk = *(RC4_CHUNK *)indata;
- ochunk = *(RC4_CHUNK *)outdata;
- otp = 0;
- i = BESHFT(0);
- mask <<= (sizeof(RC4_CHUNK)-len)<<3;
- switch (len&(sizeof(RC4_CHUNK)-1))
- {
- case 7: otp = RC4_STEP<<i, i-=8;
- case 6: otp |= RC4_STEP<<i, i-=8;
- case 5: otp |= RC4_STEP<<i, i-=8;
- case 4: otp |= RC4_STEP<<i, i-=8;
- case 3: otp |= RC4_STEP<<i, i-=8;
- case 2: otp |= RC4_STEP<<i, i-=8;
- case 1: otp |= RC4_STEP<<i, i-=8;
- case 0: ; /*
- * it's never the case,
- * but it has to be here
- * for ultrix?
- */
- }
- ochunk &= ~mask;
- ochunk |= (otp^ichunk) & mask;
- *(RC4_CHUNK *)outdata = ochunk;
- }
- key->x=x;
- key->y=y;
- return;
- }
- else
- { /* LITTLE-ENDIAN CASE */
-# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1))
- for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
- {
- ichunk = *(RC4_CHUNK *)indata;
- otp = RC4_STEP;
- otp |= RC4_STEP<<8;
- otp |= RC4_STEP<<16;
- otp |= RC4_STEP<<24;
- if (sizeof(RC4_CHUNK)==8)
- {
- otp |= RC4_STEP<<LESHFT(4);
- otp |= RC4_STEP<<LESHFT(5);
- otp |= RC4_STEP<<LESHFT(6);
- otp |= RC4_STEP<<LESHFT(7);
- }
- *(RC4_CHUNK *)outdata = otp^ichunk;
- indata += sizeof(RC4_CHUNK);
- outdata += sizeof(RC4_CHUNK);
- }
- if (len)
- {
- RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
-
- ichunk = *(RC4_CHUNK *)indata;
- ochunk = *(RC4_CHUNK *)outdata;
- otp = 0;
- i = 0;
- mask >>= (sizeof(RC4_CHUNK)-len)<<3;
- switch (len&(sizeof(RC4_CHUNK)-1))
- {
- case 7: otp = RC4_STEP, i+=8;
- case 6: otp |= RC4_STEP<<i, i+=8;
- case 5: otp |= RC4_STEP<<i, i+=8;
- case 4: otp |= RC4_STEP<<i, i+=8;
- case 3: otp |= RC4_STEP<<i, i+=8;
- case 2: otp |= RC4_STEP<<i, i+=8;
- case 1: otp |= RC4_STEP<<i, i+=8;
- case 0: ; /*
- * it's never the case,
- * but it has to be here
- * for ultrix?
- */
- }
- ochunk &= ~mask;
- ochunk |= (otp^ichunk) & mask;
- *(RC4_CHUNK *)outdata = ochunk;
- }
- key->x=x;
- key->y=y;
- return;
- }
- }
-#endif
-#define LOOP(in,out) \
- x=((x+1)&0xff); \
- tx=d[x]; \
- y=(tx+y)&0xff; \
- d[x]=ty=d[y]; \
- d[y]=tx; \
- (out) = d[(tx+ty)&0xff]^ (in);
-
-#ifndef RC4_INDEX
-#define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++))
-#else
-#define RC4_LOOP(a,b,i) LOOP(a[i],b[i])
-#endif
-
- i=(int)(len>>3L);
- if (i)
- {
- for (;;)
- {
- RC4_LOOP(indata,outdata,0);
- RC4_LOOP(indata,outdata,1);
- RC4_LOOP(indata,outdata,2);
- RC4_LOOP(indata,outdata,3);
- RC4_LOOP(indata,outdata,4);
- RC4_LOOP(indata,outdata,5);
- RC4_LOOP(indata,outdata,6);
- RC4_LOOP(indata,outdata,7);
-#ifdef RC4_INDEX
- indata+=8;
- outdata+=8;
-#endif
- if (--i == 0) break;
- }
- }
- i=(int)len&0x07;
- if (i)
- {
- for (;;)
- {
- RC4_LOOP(indata,outdata,0); if (--i == 0) break;
- RC4_LOOP(indata,outdata,1); if (--i == 0) break;
- RC4_LOOP(indata,outdata,2); if (--i == 0) break;
- RC4_LOOP(indata,outdata,3); if (--i == 0) break;
- RC4_LOOP(indata,outdata,4); if (--i == 0) break;
- RC4_LOOP(indata,outdata,5); if (--i == 0) break;
- RC4_LOOP(indata,outdata,6); if (--i == 0) break;
- }
- }
- key->x=x;
- key->y=y;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc4/rc4_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,334 @@
+/* crypto/rc4/rc4_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc4.h>
+#include "rc4_locl.h"
+
+/*-
+ * RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * From: sterndark at netcom.com (David Sterndark)
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: <sternCvKL4B.Hyy at netcom.com>
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+
+void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+ unsigned char *outdata)
+{
+ register RC4_INT *d;
+ register RC4_INT x, y, tx, ty;
+ int i;
+
+ x = key->x;
+ y = key->y;
+ d = key->data;
+
+#if defined(RC4_CHUNK)
+ /*-
+ * The original reason for implementing this(*) was the fact that
+ * pre-21164a Alpha CPUs don't have byte load/store instructions
+ * and e.g. a byte store has to be done with 64-bit load, shift,
+ * and, or and finally 64-bit store. Peaking data and operating
+ * at natural word size made it possible to reduce amount of
+ * instructions as well as to perform early read-ahead without
+ * suffering from RAW (read-after-write) hazard. This resulted
+ * in ~40%(**) performance improvement on 21064 box with gcc.
+ * But it's not only Alpha users who win here:-) Thanks to the
+ * early-n-wide read-ahead this implementation also exhibits
+ * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending
+ * on sizeof(RC4_INT)).
+ *
+ * (*) "this" means code which recognizes the case when input
+ * and output pointers appear to be aligned at natural CPU
+ * word boundary
+ * (**) i.e. according to 'apps/openssl speed rc4' benchmark,
+ * crypto/rc4/rc4speed.c exhibits almost 70% speed-up...
+ *
+ * Cavets.
+ *
+ * - RC4_CHUNK="unsigned long long" should be a #1 choice for
+ * UltraSPARC. Unfortunately gcc generates very slow code
+ * (2.5-3 times slower than one generated by Sun's WorkShop
+ * C) and therefore gcc (at least 2.95 and earlier) should
+ * always be told that RC4_CHUNK="unsigned long".
+ *
+ * <appro at fy.chalmers.se>
+ */
+
+# define RC4_STEP ( \
+ x=(x+1) &0xff, \
+ tx=d[x], \
+ y=(tx+y)&0xff, \
+ ty=d[y], \
+ d[y]=tx, \
+ d[x]=ty, \
+ (RC4_CHUNK)d[(tx+ty)&0xff]\
+ )
+
+ if ((((unsigned long)indata & (sizeof(RC4_CHUNK) - 1)) |
+ ((unsigned long)outdata & (sizeof(RC4_CHUNK) - 1))) == 0) {
+ RC4_CHUNK ichunk, otp;
+ const union {
+ long one;
+ char little;
+ } is_endian = {
+ 1
+ };
+
+ /*-
+ * I reckon we can afford to implement both endian
+ * cases and to decide which way to take at run-time
+ * because the machine code appears to be very compact
+ * and redundant 1-2KB is perfectly tolerable (i.e.
+ * in case the compiler fails to eliminate it:-). By
+ * suggestion from Terrel Larson <terr at terralogic.net>
+ * who also stands for the is_endian union:-)
+ *
+ * Special notes.
+ *
+ * - is_endian is declared automatic as doing otherwise
+ * (declaring static) prevents gcc from eliminating
+ * the redundant code;
+ * - compilers (those I've tried) don't seem to have
+ * problems eliminating either the operators guarded
+ * by "if (sizeof(RC4_CHUNK)==8)" or the condition
+ * expressions themselves so I've got 'em to replace
+ * corresponding #ifdefs from the previous version;
+ * - I chose to let the redundant switch cases when
+ * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed
+ * before);
+ * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in
+ * [LB]ESHFT guards against "shift is out of range"
+ * warnings when sizeof(RC4_CHUNK)!=8
+ *
+ * <appro at fy.chalmers.se>
+ */
+ if (!is_endian.little) { /* BIG-ENDIAN CASE */
+# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
+ for (; len & ~(sizeof(RC4_CHUNK) - 1); len -= sizeof(RC4_CHUNK)) {
+ ichunk = *(RC4_CHUNK *) indata;
+ otp = RC4_STEP << BESHFT(0);
+ otp |= RC4_STEP << BESHFT(1);
+ otp |= RC4_STEP << BESHFT(2);
+ otp |= RC4_STEP << BESHFT(3);
+ if (sizeof(RC4_CHUNK) == 8) {
+ otp |= RC4_STEP << BESHFT(4);
+ otp |= RC4_STEP << BESHFT(5);
+ otp |= RC4_STEP << BESHFT(6);
+ otp |= RC4_STEP << BESHFT(7);
+ }
+ *(RC4_CHUNK *) outdata = otp ^ ichunk;
+ indata += sizeof(RC4_CHUNK);
+ outdata += sizeof(RC4_CHUNK);
+ }
+ if (len) {
+ RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk;
+
+ ichunk = *(RC4_CHUNK *) indata;
+ ochunk = *(RC4_CHUNK *) outdata;
+ otp = 0;
+ i = BESHFT(0);
+ mask <<= (sizeof(RC4_CHUNK) - len) << 3;
+ switch (len & (sizeof(RC4_CHUNK) - 1)) {
+ case 7:
+ otp = RC4_STEP << i, i -= 8;
+ case 6:
+ otp |= RC4_STEP << i, i -= 8;
+ case 5:
+ otp |= RC4_STEP << i, i -= 8;
+ case 4:
+ otp |= RC4_STEP << i, i -= 8;
+ case 3:
+ otp |= RC4_STEP << i, i -= 8;
+ case 2:
+ otp |= RC4_STEP << i, i -= 8;
+ case 1:
+ otp |= RC4_STEP << i, i -= 8;
+ case 0:; /*
+ * it's never the case,
+ * but it has to be here
+ * for ultrix?
+ */
+ }
+ ochunk &= ~mask;
+ ochunk |= (otp ^ ichunk) & mask;
+ *(RC4_CHUNK *) outdata = ochunk;
+ }
+ key->x = x;
+ key->y = y;
+ return;
+ } else { /* LITTLE-ENDIAN CASE */
+# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1))
+ for (; len & ~(sizeof(RC4_CHUNK) - 1); len -= sizeof(RC4_CHUNK)) {
+ ichunk = *(RC4_CHUNK *) indata;
+ otp = RC4_STEP;
+ otp |= RC4_STEP << 8;
+ otp |= RC4_STEP << 16;
+ otp |= RC4_STEP << 24;
+ if (sizeof(RC4_CHUNK) == 8) {
+ otp |= RC4_STEP << LESHFT(4);
+ otp |= RC4_STEP << LESHFT(5);
+ otp |= RC4_STEP << LESHFT(6);
+ otp |= RC4_STEP << LESHFT(7);
+ }
+ *(RC4_CHUNK *) outdata = otp ^ ichunk;
+ indata += sizeof(RC4_CHUNK);
+ outdata += sizeof(RC4_CHUNK);
+ }
+ if (len) {
+ RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk;
+
+ ichunk = *(RC4_CHUNK *) indata;
+ ochunk = *(RC4_CHUNK *) outdata;
+ otp = 0;
+ i = 0;
+ mask >>= (sizeof(RC4_CHUNK) - len) << 3;
+ switch (len & (sizeof(RC4_CHUNK) - 1)) {
+ case 7:
+ otp = RC4_STEP, i += 8;
+ case 6:
+ otp |= RC4_STEP << i, i += 8;
+ case 5:
+ otp |= RC4_STEP << i, i += 8;
+ case 4:
+ otp |= RC4_STEP << i, i += 8;
+ case 3:
+ otp |= RC4_STEP << i, i += 8;
+ case 2:
+ otp |= RC4_STEP << i, i += 8;
+ case 1:
+ otp |= RC4_STEP << i, i += 8;
+ case 0:; /*
+ * it's never the case,
+ * but it has to be here
+ * for ultrix?
+ */
+ }
+ ochunk &= ~mask;
+ ochunk |= (otp ^ ichunk) & mask;
+ *(RC4_CHUNK *) outdata = ochunk;
+ }
+ key->x = x;
+ key->y = y;
+ return;
+ }
+ }
+#endif
+#define LOOP(in,out) \
+ x=((x+1)&0xff); \
+ tx=d[x]; \
+ y=(tx+y)&0xff; \
+ d[x]=ty=d[y]; \
+ d[y]=tx; \
+ (out) = d[(tx+ty)&0xff]^ (in);
+
+#ifndef RC4_INDEX
+# define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++))
+#else
+# define RC4_LOOP(a,b,i) LOOP(a[i],b[i])
+#endif
+
+ i = (int)(len >> 3L);
+ if (i) {
+ for (;;) {
+ RC4_LOOP(indata, outdata, 0);
+ RC4_LOOP(indata, outdata, 1);
+ RC4_LOOP(indata, outdata, 2);
+ RC4_LOOP(indata, outdata, 3);
+ RC4_LOOP(indata, outdata, 4);
+ RC4_LOOP(indata, outdata, 5);
+ RC4_LOOP(indata, outdata, 6);
+ RC4_LOOP(indata, outdata, 7);
+#ifdef RC4_INDEX
+ indata += 8;
+ outdata += 8;
+#endif
+ if (--i == 0)
+ break;
+ }
+ }
+ i = (int)len & 0x07;
+ if (i) {
+ for (;;) {
+ RC4_LOOP(indata, outdata, 0);
+ if (--i == 0)
+ break;
+ RC4_LOOP(indata, outdata, 1);
+ if (--i == 0)
+ break;
+ RC4_LOOP(indata, outdata, 2);
+ if (--i == 0)
+ break;
+ RC4_LOOP(indata, outdata, 3);
+ if (--i == 0)
+ break;
+ RC4_LOOP(indata, outdata, 4);
+ if (--i == 0)
+ break;
+ RC4_LOOP(indata, outdata, 5);
+ if (--i == 0)
+ break;
+ RC4_LOOP(indata, outdata, 6);
+ if (--i == 0)
+ break;
+ }
+ }
+ key->x = x;
+ key->y = y;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_fblk.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc4/rc4_fblk.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_fblk.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,75 +0,0 @@
-/* crypto/rc4/rc4_fblk.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#include <openssl/rc4.h>
-#include "rc4_locl.h"
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-/* FIPS mode blocking for RC4 has to be done separately since RC4_set_key
- * may be implemented in an assembly language file.
- */
-
-#ifdef OPENSSL_FIPS
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
- {
- if (FIPS_mode())
- FIPS_BAD_ABORT(RC4)
- private_RC4_set_key(key, len, data);
- }
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_fblk.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc4/rc4_fblk.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_fblk.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_fblk.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,75 @@
+/* crypto/rc4/rc4_fblk.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/rc4.h>
+#include "rc4_locl.h"
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+/*
+ * FIPS mode blocking for RC4 has to be done separately since RC4_set_key may
+ * be implemented in an assembly language file.
+ */
+
+#ifdef OPENSSL_FIPS
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+{
+ if (FIPS_mode())
+ FIPS_BAD_ABORT(RC4)
+ private_RC4_set_key(key, len, data);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc4/rc4_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,5 +0,0 @@
-#ifndef HEADER_RC4_LOCL_H
-#define HEADER_RC4_LOCL_H
-#include <openssl/opensslconf.h>
-#include <cryptlib.h>
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/rc4/rc4_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,5 @@
+#ifndef HEADER_RC4_LOCL_H
+# define HEADER_RC4_LOCL_H
+# include <openssl/opensslconf.h>
+# include <cryptlib.h>
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_skey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc4/rc4_skey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,165 +0,0 @@
-/* crypto/rc4/rc4_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc4.h>
-#include "rc4_locl.h"
-#include <openssl/opensslv.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;
-
-const char *RC4_options(void)
- {
-#ifdef RC4_INDEX
- if (sizeof(RC4_INT) == 1)
- return("rc4(idx,char)");
- else
- return("rc4(idx,int)");
-#else
- if (sizeof(RC4_INT) == 1)
- return("rc4(ptr,char)");
- else
- return("rc4(ptr,int)");
-#endif
- }
-
-/* RC4 as implemented from a posting from
- * Newsgroups: sci.crypt
- * From: sterndark at netcom.com (David Sterndark)
- * Subject: RC4 Algorithm revealed.
- * Message-ID: <sternCvKL4B.Hyy at netcom.com>
- * Date: Wed, 14 Sep 1994 06:35:31 GMT
- */
-
-#ifdef OPENSSL_FIPS
-void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
-#else
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
-#endif
- {
- register RC4_INT tmp;
- register int id1,id2;
- register RC4_INT *d;
- unsigned int i;
-
- d= &(key->data[0]);
- key->x = 0;
- key->y = 0;
- id1=id2=0;
-
-#define SK_LOOP(d,n) { \
- tmp=d[(n)]; \
- id2 = (data[id1] + tmp + id2) & 0xff; \
- if (++id1 == len) id1=0; \
- d[(n)]=d[id2]; \
- d[id2]=tmp; }
-
-#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM)
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
- defined(__INTEL__) || \
- defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)
- if (sizeof(RC4_INT) > 1) {
- /*
- * Unlike all other x86 [and x86_64] implementations,
- * Intel P4 core [including EM64T] was found to perform
- * poorly with wider RC4_INT. Performance improvement
- * for IA-32 hand-coded assembler turned out to be 2.8x
- * if re-coded for RC4_CHAR! It's however inappropriate
- * to just switch to RC4_CHAR for x86[_64], as non-P4
- * implementations suffer from significant performance
- * losses then, e.g. PIII exhibits >2x deterioration,
- * and so does Opteron. In order to assure optimal
- * all-round performance, we detect P4 at run-time by
- * checking upon reserved bit 20 in CPU capability
- * vector and set up compressed key schedule, which is
- * recognized by correspondingly updated assembler
- * module... Bit 20 is set up by OPENSSL_ia32_cpuid.
- *
- * <appro at fy.chalmers.se>
- */
-#ifdef OPENSSL_FIPS
- unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc();
- if (ia32cap_ptr && (*ia32cap_ptr & (1<<20))) {
-#else
- if (OPENSSL_ia32cap_P & (1<<20)) {
-#endif
- unsigned char *cp=(unsigned char *)d;
-
- for (i=0;i<256;i++) cp[i]=i;
- for (i=0;i<256;i++) SK_LOOP(cp,i);
- /* mark schedule as compressed! */
- d[256/sizeof(RC4_INT)]=-1;
- return;
- }
- }
-# endif
-#endif
- for (i=0; i < 256; i++) d[i]=i;
- for (i=0; i < 256; i+=4)
- {
- SK_LOOP(d,i+0);
- SK_LOOP(d,i+1);
- SK_LOOP(d,i+2);
- SK_LOOP(d,i+3);
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_skey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc4/rc4_skey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_skey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,166 @@
+/* crypto/rc4/rc4_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc4.h>
+#include "rc4_locl.h"
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+const char RC4_version[] = "RC4" OPENSSL_VERSION_PTEXT;
+
+const char *RC4_options(void)
+{
+#ifdef RC4_INDEX
+ if (sizeof(RC4_INT) == 1)
+ return ("rc4(idx,char)");
+ else
+ return ("rc4(idx,int)");
+#else
+ if (sizeof(RC4_INT) == 1)
+ return ("rc4(ptr,char)");
+ else
+ return ("rc4(ptr,int)");
+#endif
+}
+
+/*-
+ * RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * From: sterndark at netcom.com (David Sterndark)
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: <sternCvKL4B.Hyy at netcom.com>
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+
+#ifdef OPENSSL_FIPS
+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+#else
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+#endif
+{
+ register RC4_INT tmp;
+ register int id1, id2;
+ register RC4_INT *d;
+ unsigned int i;
+
+ d = &(key->data[0]);
+ key->x = 0;
+ key->y = 0;
+ id1 = id2 = 0;
+
+#define SK_LOOP(d,n) { \
+ tmp=d[(n)]; \
+ id2 = (data[id1] + tmp + id2) & 0xff; \
+ if (++id1 == len) id1=0; \
+ d[(n)]=d[id2]; \
+ d[id2]=tmp; }
+
+#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM)
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+ defined(__INTEL__) || \
+ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)
+ if (sizeof(RC4_INT) > 1) {
+ /*
+ * Unlike all other x86 [and x86_64] implementations,
+ * Intel P4 core [including EM64T] was found to perform
+ * poorly with wider RC4_INT. Performance improvement
+ * for IA-32 hand-coded assembler turned out to be 2.8x
+ * if re-coded for RC4_CHAR! It's however inappropriate
+ * to just switch to RC4_CHAR for x86[_64], as non-P4
+ * implementations suffer from significant performance
+ * losses then, e.g. PIII exhibits >2x deterioration,
+ * and so does Opteron. In order to assure optimal
+ * all-round performance, we detect P4 at run-time by
+ * checking upon reserved bit 20 in CPU capability
+ * vector and set up compressed key schedule, which is
+ * recognized by correspondingly updated assembler
+ * module... Bit 20 is set up by OPENSSL_ia32_cpuid.
+ *
+ * <appro at fy.chalmers.se>
+ */
+# ifdef OPENSSL_FIPS
+ unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc();
+ if (ia32cap_ptr && (*ia32cap_ptr & (1 << 20))) {
+# else
+ if (OPENSSL_ia32cap_P & (1 << 20)) {
+# endif
+ unsigned char *cp = (unsigned char *)d;
+
+ for (i = 0; i < 256; i++)
+ cp[i] = i;
+ for (i = 0; i < 256; i++)
+ SK_LOOP(cp, i);
+ /* mark schedule as compressed! */
+ d[256 / sizeof(RC4_INT)] = -1;
+ return;
+ }
+ }
+# endif
+#endif
+ for (i = 0; i < 256; i++)
+ d[i] = i;
+ for (i = 0; i < 256; i += 4) {
+ SK_LOOP(d, i + 0);
+ SK_LOOP(d, i + 1);
+ SK_LOOP(d, i + 2);
+ SK_LOOP(d, i + 3);
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4speed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc4/rc4speed.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4speed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,253 +0,0 @@
-/* crypto/rc4/rc4speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/rc4.h>
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-#ifndef CLK_TCK
-#define HZ 100.0
-#else /* CLK_TCK */
-#define HZ ((double)CLK_TCK)
-#endif
-#endif
-
-#define BUFSIZE ((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-double Time_F(int s)
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
- }
-
-int main(int argc, char **argv)
- {
- long count;
- static unsigned char buf[BUFSIZE];
- static unsigned char key[] ={
- 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
- };
- RC4_KEY sch;
- double a,b,c,d;
-#ifndef SIGALRM
- long ca,cb,cc;
-#endif
-
-#ifndef TIMES
- printf("To get the most accurate results, try to run this\n");
- printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
- printf("First we calculate the approximate speed ...\n");
- RC4_set_key(&sch,16,key);
- count=10;
- do {
- long i;
- unsigned long data[2];
-
- count*=2;
- Time_F(START);
- for (i=count; i; i--)
- RC4(&sch,8,buf,buf);
- d=Time_F(STOP);
- } while (d < 3.0);
- ca=count/512;
- cc=count*8/BUFSIZE+1;
- printf("Doing RC4_set_key %ld times\n",ca);
-#define COND(d) (count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
- printf("Doing RC4_set_key for 10 seconds\n");
- alarm(10);
-#endif
-
- Time_F(START);
- for (count=0,run=1; COND(ca); count+=4)
- {
- RC4_set_key(&sch,16,key);
- RC4_set_key(&sch,16,key);
- RC4_set_key(&sch,16,key);
- RC4_set_key(&sch,16,key);
- }
- d=Time_F(STOP);
- printf("%ld RC4_set_key's in %.2f seconds\n",count,d);
- a=((double)COUNT(ca))/d;
-
-#ifdef SIGALRM
- printf("Doing RC4 on %ld byte blocks for 10 seconds\n",BUFSIZE);
- alarm(10);
-#else
- printf("Doing RC4 %ld times on %ld byte blocks\n",cc,BUFSIZE);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cc); count++)
- RC4(&sch,BUFSIZE,buf,buf);
- d=Time_F(STOP);
- printf("%ld RC4's of %ld byte blocks in %.2f second\n",
- count,BUFSIZE,d);
- c=((double)COUNT(cc)*BUFSIZE)/d;
-
- printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
- printf("RC4 bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
- exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
- return(0);
-#endif
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4speed.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc4/rc4speed.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4speed.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4speed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,239 @@
+/* crypto/rc4/rc4speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+# define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+#endif
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+ /*
+ * Depending on the VMS version, the tms structure is perhaps defined.
+ * The __TMS macro will show if it was. If it wasn't defined, we should
+ * undefine TIMES, since that tells the rest of the program how things
+ * should be handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+#ifndef TIMES
+# include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+#include <openssl/rc4.h>
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# define HZ 100.0
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run = 0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi) || defined(_AIX)
+# define SIGRETTYPE void
+# else
+# define SIGRETTYPE int
+# endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+{
+ signal(SIGALRM, sig_done);
+ run = 0;
+# ifdef LINT
+ sig = sig;
+# endif
+}
+#endif
+
+#define START 0
+#define STOP 1
+
+double Time_F(int s)
+{
+ double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#endif
+}
+
+int main(int argc, char **argv)
+{
+ long count;
+ static unsigned char buf[BUFSIZE];
+ static unsigned char key[] = {
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+ };
+ RC4_KEY sch;
+ double a, b, c, d;
+#ifndef SIGALRM
+ long ca, cb, cc;
+#endif
+
+#ifndef TIMES
+ printf("To get the most accurate results, try to run this\n");
+ printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+ printf("First we calculate the approximate speed ...\n");
+ RC4_set_key(&sch, 16, key);
+ count = 10;
+ do {
+ long i;
+ unsigned long data[2];
+
+ count *= 2;
+ Time_F(START);
+ for (i = count; i; i--)
+ RC4(&sch, 8, buf, buf);
+ d = Time_F(STOP);
+ } while (d < 3.0);
+ ca = count / 512;
+ cc = count * 8 / BUFSIZE + 1;
+ printf("Doing RC4_set_key %ld times\n", ca);
+# define COND(d) (count != (d))
+# define COUNT(d) (d)
+#else
+# define COND(c) (run)
+# define COUNT(d) (count)
+ signal(SIGALRM, sig_done);
+ printf("Doing RC4_set_key for 10 seconds\n");
+ alarm(10);
+#endif
+
+ Time_F(START);
+ for (count = 0, run = 1; COND(ca); count += 4) {
+ RC4_set_key(&sch, 16, key);
+ RC4_set_key(&sch, 16, key);
+ RC4_set_key(&sch, 16, key);
+ RC4_set_key(&sch, 16, key);
+ }
+ d = Time_F(STOP);
+ printf("%ld RC4_set_key's in %.2f seconds\n", count, d);
+ a = ((double)COUNT(ca)) / d;
+
+#ifdef SIGALRM
+ printf("Doing RC4 on %ld byte blocks for 10 seconds\n", BUFSIZE);
+ alarm(10);
+#else
+ printf("Doing RC4 %ld times on %ld byte blocks\n", cc, BUFSIZE);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cc); count++)
+ RC4(&sch, BUFSIZE, buf, buf);
+ d = Time_F(STOP);
+ printf("%ld RC4's of %ld byte blocks in %.2f second\n",
+ count, BUFSIZE, d);
+ c = ((double)COUNT(cc) * BUFSIZE) / d;
+
+ printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n", a, 1.0e6 / a);
+ printf("RC4 bytes per sec = %12.2f (%9.3fuS)\n", c, 8.0e6 / c);
+ exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+ return (0);
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc4/rc4test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,236 +0,0 @@
-/* crypto/rc4/rc4test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_RC4
-int main(int argc, char *argv[])
-{
- printf("No RC4 support\n");
- return(0);
-}
-#else
-#include <openssl/rc4.h>
-#include <openssl/sha.h>
-
-static unsigned char keys[7][30]={
- {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
- {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
- {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {4,0xef,0x01,0x23,0x45},
- {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
- {4,0xef,0x01,0x23,0x45},
- };
-
-static unsigned char data_len[7]={8,8,8,20,28,10};
-static unsigned char data[7][30]={
- {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0xff},
- {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
- 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
- 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
- 0x12,0x34,0x56,0x78,0xff},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
- {0},
- };
-
-static unsigned char output[7][30]={
- {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
- {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
- {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
- {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
- 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
- 0x36,0xb6,0x78,0x58,0x00},
- {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
- 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
- 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
- 0x40,0x01,0x1e,0xcf,0x00},
- {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
- {0},
- };
-
-int main(int argc, char *argv[])
- {
- int err=0;
- unsigned int i, j;
- unsigned char *p;
- RC4_KEY key;
- unsigned char obuf[512];
-
- for (i=0; i<6; i++)
- {
- RC4_set_key(&key,keys[i][0],&(keys[i][1]));
- memset(obuf,0x00,sizeof(obuf));
- RC4(&key,data_len[i],&(data[i][0]),obuf);
- if (memcmp(obuf,output[i],data_len[i]+1) != 0)
- {
- printf("error calculating RC4\n");
- printf("output:");
- for (j=0; j<data_len[i]+1U; j++)
- printf(" %02x",obuf[j]);
- printf("\n");
- printf("expect:");
- p= &(output[i][0]);
- for (j=0; j<data_len[i]+1U; j++)
- printf(" %02x",*(p++));
- printf("\n");
- err++;
- }
- else
- printf("test %d ok\n",i);
- }
- printf("test end processing ");
- for (i=0; i<data_len[3]; i++)
- {
- RC4_set_key(&key,keys[3][0],&(keys[3][1]));
- memset(obuf,0x00,sizeof(obuf));
- RC4(&key,i,&(data[3][0]),obuf);
- if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))
- {
- printf("error in RC4 length processing\n");
- printf("output:");
- for (j=0; j<i+1; j++)
- printf(" %02x",obuf[j]);
- printf("\n");
- printf("expect:");
- p= &(output[3][0]);
- for (j=0; j<i; j++)
- printf(" %02x",*(p++));
- printf(" 00\n");
- err++;
- }
- else
- {
- printf(".");
- fflush(stdout);
- }
- }
- printf("done\n");
- printf("test multi-call ");
- for (i=0; i<data_len[3]; i++)
- {
- RC4_set_key(&key,keys[3][0],&(keys[3][1]));
- memset(obuf,0x00,sizeof(obuf));
- RC4(&key,i,&(data[3][0]),obuf);
- RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));
- if (memcmp(obuf,output[3],data_len[3]+1) != 0)
- {
- printf("error in RC4 multi-call processing\n");
- printf("output:");
- for (j=0; j<data_len[3]+1U; j++)
- printf(" %02x",obuf[j]);
- printf("\n");
- printf("expect:");
- p= &(output[3][0]);
- for (j=0; j<data_len[3]+1U; j++)
- printf(" %02x",*(p++));
- err++;
- }
- else
- {
- printf(".");
- fflush(stdout);
- }
- }
- printf("done\n");
- printf("bulk test ");
- { unsigned char buf[513];
- SHA_CTX c;
- unsigned char md[SHA_DIGEST_LENGTH];
- static unsigned char expected[]={
- 0xa4,0x7b,0xcc,0x00,0x3d,0xd0,0xbd,0xe1,0xac,0x5f,
- 0x12,0x1e,0x45,0xbc,0xfb,0x1a,0xa1,0xf2,0x7f,0xc5 };
-
- RC4_set_key(&key,keys[0][0],&(keys[3][1]));
- memset(buf,'\0',sizeof(buf));
- SHA1_Init(&c);
- for (i=0;i<2571;i++) {
- RC4(&key,sizeof(buf),buf,buf);
- SHA1_Update(&c,buf,sizeof(buf));
- }
- SHA1_Final(md,&c);
-
- if (memcmp(md,expected,sizeof(md))) {
- printf("error in RC4 bulk test\n");
- printf("output:");
- for (j=0; j<sizeof(md); j++)
- printf(" %02x",md[j]);
- printf("\n");
- printf("expect:");
- for (j=0; j<sizeof(md); j++)
- printf(" %02x",expected[j]);
- printf("\n");
- err++;
- }
- else printf("ok\n");
- }
-#ifdef OPENSSL_SYS_NETWARE
- if (err) printf("ERROR: %d\n", err);
-#endif
- EXIT(err);
- return(0);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc4/rc4test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc4/rc4test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,229 @@
+/* crypto/rc4/rc4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC4
+int main(int argc, char *argv[])
+{
+ printf("No RC4 support\n");
+ return (0);
+}
+#else
+# include <openssl/rc4.h>
+# include <openssl/sha.h>
+
+static unsigned char keys[7][30] = {
+ {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
+ {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
+ {8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {4, 0xef, 0x01, 0x23, 0x45},
+ {8, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef},
+ {4, 0xef, 0x01, 0x23, 0x45},
+};
+
+static unsigned char data_len[7] = { 8, 8, 8, 20, 28, 10 };
+
+static unsigned char data[7][30] = {
+ {0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xff},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0xff},
+ {0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
+ 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
+ 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
+ 0x12, 0x34, 0x56, 0x78, 0xff},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff},
+ {0},
+};
+
+static unsigned char output[7][30] = {
+ {0x75, 0xb7, 0x87, 0x80, 0x99, 0xe0, 0xc5, 0x96, 0x00},
+ {0x74, 0x94, 0xc2, 0xe7, 0x10, 0x4b, 0x08, 0x79, 0x00},
+ {0xde, 0x18, 0x89, 0x41, 0xa3, 0x37, 0x5d, 0x3a, 0x00},
+ {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf,
+ 0xbd, 0x61, 0x5a, 0x11, 0x62, 0xe1, 0xc7, 0xba,
+ 0x36, 0xb6, 0x78, 0x58, 0x00},
+ {0x66, 0xa0, 0x94, 0x9f, 0x8a, 0xf7, 0xd6, 0x89,
+ 0x1f, 0x7f, 0x83, 0x2b, 0xa8, 0x33, 0xc0, 0x0c,
+ 0x89, 0x2e, 0xbe, 0x30, 0x14, 0x3c, 0xe2, 0x87,
+ 0x40, 0x01, 0x1e, 0xcf, 0x00},
+ {0xd6, 0xa1, 0x41, 0xa7, 0xec, 0x3c, 0x38, 0xdf, 0xbd, 0x61, 0x00},
+ {0},
+};
+
+int main(int argc, char *argv[])
+{
+ int err = 0;
+ unsigned int i, j;
+ unsigned char *p;
+ RC4_KEY key;
+ unsigned char obuf[512];
+
+ for (i = 0; i < 6; i++) {
+ RC4_set_key(&key, keys[i][0], &(keys[i][1]));
+ memset(obuf, 0x00, sizeof(obuf));
+ RC4(&key, data_len[i], &(data[i][0]), obuf);
+ if (memcmp(obuf, output[i], data_len[i] + 1) != 0) {
+ printf("error calculating RC4\n");
+ printf("output:");
+ for (j = 0; j < data_len[i] + 1U; j++)
+ printf(" %02x", obuf[j]);
+ printf("\n");
+ printf("expect:");
+ p = &(output[i][0]);
+ for (j = 0; j < data_len[i] + 1U; j++)
+ printf(" %02x", *(p++));
+ printf("\n");
+ err++;
+ } else
+ printf("test %d ok\n", i);
+ }
+ printf("test end processing ");
+ for (i = 0; i < data_len[3]; i++) {
+ RC4_set_key(&key, keys[3][0], &(keys[3][1]));
+ memset(obuf, 0x00, sizeof(obuf));
+ RC4(&key, i, &(data[3][0]), obuf);
+ if ((memcmp(obuf, output[3], i) != 0) || (obuf[i] != 0)) {
+ printf("error in RC4 length processing\n");
+ printf("output:");
+ for (j = 0; j < i + 1; j++)
+ printf(" %02x", obuf[j]);
+ printf("\n");
+ printf("expect:");
+ p = &(output[3][0]);
+ for (j = 0; j < i; j++)
+ printf(" %02x", *(p++));
+ printf(" 00\n");
+ err++;
+ } else {
+ printf(".");
+ fflush(stdout);
+ }
+ }
+ printf("done\n");
+ printf("test multi-call ");
+ for (i = 0; i < data_len[3]; i++) {
+ RC4_set_key(&key, keys[3][0], &(keys[3][1]));
+ memset(obuf, 0x00, sizeof(obuf));
+ RC4(&key, i, &(data[3][0]), obuf);
+ RC4(&key, data_len[3] - i, &(data[3][i]), &(obuf[i]));
+ if (memcmp(obuf, output[3], data_len[3] + 1) != 0) {
+ printf("error in RC4 multi-call processing\n");
+ printf("output:");
+ for (j = 0; j < data_len[3] + 1U; j++)
+ printf(" %02x", obuf[j]);
+ printf("\n");
+ printf("expect:");
+ p = &(output[3][0]);
+ for (j = 0; j < data_len[3] + 1U; j++)
+ printf(" %02x", *(p++));
+ err++;
+ } else {
+ printf(".");
+ fflush(stdout);
+ }
+ }
+ printf("done\n");
+ printf("bulk test ");
+ {
+ unsigned char buf[513];
+ SHA_CTX c;
+ unsigned char md[SHA_DIGEST_LENGTH];
+ static unsigned char expected[] = {
+ 0xa4, 0x7b, 0xcc, 0x00, 0x3d, 0xd0, 0xbd, 0xe1, 0xac, 0x5f,
+ 0x12, 0x1e, 0x45, 0xbc, 0xfb, 0x1a, 0xa1, 0xf2, 0x7f, 0xc5
+ };
+
+ RC4_set_key(&key, keys[0][0], &(keys[3][1]));
+ memset(buf, '\0', sizeof(buf));
+ SHA1_Init(&c);
+ for (i = 0; i < 2571; i++) {
+ RC4(&key, sizeof(buf), buf, buf);
+ SHA1_Update(&c, buf, sizeof(buf));
+ }
+ SHA1_Final(md, &c);
+
+ if (memcmp(md, expected, sizeof(md))) {
+ printf("error in RC4 bulk test\n");
+ printf("output:");
+ for (j = 0; j < sizeof(md); j++)
+ printf(" %02x", md[j]);
+ printf("\n");
+ printf("expect:");
+ for (j = 0; j < sizeof(md); j++)
+ printf(" %02x", expected[j]);
+ printf("\n");
+ err++;
+ } else
+ printf("ok\n");
+ }
+# ifdef OPENSSL_SYS_NETWARE
+ if (err)
+ printf("ERROR: %d\n", err);
+# endif
+ EXIT(err);
+ return (0);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc5/rc5.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,121 +0,0 @@
-/* crypto/rc5/rc5.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RC5_H
-#define HEADER_RC5_H
-
-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC5 */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_RC5
-#error RC5 is disabled.
-#endif
-
-#define RC5_ENCRYPT 1
-#define RC5_DECRYPT 0
-
-/* 32 bit. For Alpha, things may get weird */
-#define RC5_32_INT unsigned long
-
-#define RC5_32_BLOCK 8
-#define RC5_32_KEY_LENGTH 16 /* This is a default, max is 255 */
-
-/* This are the only values supported. Tweak the code if you want more
- * The most supported modes will be
- * RC5-32/12/16
- * RC5-32/16/8
- */
-#define RC5_8_ROUNDS 8
-#define RC5_12_ROUNDS 12
-#define RC5_16_ROUNDS 16
-
-typedef struct rc5_key_st
- {
- /* Number of rounds */
- int rounds;
- RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
- } RC5_32_KEY;
-
-#ifdef OPENSSL_FIPS
-void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
- int rounds);
-#endif
-void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
- int rounds);
-void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,
- int enc);
-void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key);
-void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key);
-void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC5_32_KEY *ks, unsigned char *iv,
- int enc);
-void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC5_32_KEY *schedule,
- unsigned char *ivec, int *num, int enc);
-void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC5_32_KEY *schedule,
- unsigned char *ivec, int *num);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5.h (from rev 6976, vendor-crypto/openssl/dist/crypto/rc5/rc5.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,119 @@
+/* crypto/rc5/rc5.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RC5_H
+# define HEADER_RC5_H
+
+# include <openssl/opensslconf.h>/* OPENSSL_NO_RC5 */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifdef OPENSSL_NO_RC5
+# error RC5 is disabled.
+# endif
+
+# define RC5_ENCRYPT 1
+# define RC5_DECRYPT 0
+
+/* 32 bit. For Alpha, things may get weird */
+# define RC5_32_INT unsigned long
+
+# define RC5_32_BLOCK 8
+# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */
+
+/*
+ * This are the only values supported. Tweak the code if you want more The
+ * most supported modes will be RC5-32/12/16 RC5-32/16/8
+ */
+# define RC5_8_ROUNDS 8
+# define RC5_12_ROUNDS 12
+# define RC5_16_ROUNDS 16
+
+typedef struct rc5_key_st {
+ /* Number of rounds */
+ int rounds;
+ RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)];
+} RC5_32_KEY;
+
+# ifdef OPENSSL_FIPS
+void private_RC5_32_set_key(RC5_32_KEY *key, int len,
+ const unsigned char *data, int rounds);
+# endif
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+ int rounds);
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ RC5_32_KEY *key, int enc);
+void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key);
+void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key);
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ long length, RC5_32_KEY *ks, unsigned char *iv,
+ int enc);
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, RC5_32_KEY *schedule,
+ unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, RC5_32_KEY *schedule,
+ unsigned char *ivec, int *num);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc5/rc5_ecb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,80 +0,0 @@
-/* crypto/rc5/rc5_ecb.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc5.h>
-#include "rc5_locl.h"
-#include <openssl/opensslv.h>
-
-const char RC5_version[]="RC5" OPENSSL_VERSION_PTEXT;
-
-void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
- RC5_32_KEY *ks, int encrypt)
- {
- unsigned long l,d[2];
-
- c2l(in,l); d[0]=l;
- c2l(in,l); d[1]=l;
- if (encrypt)
- RC5_32_encrypt(d,ks);
- else
- RC5_32_decrypt(d,ks);
- l=d[0]; l2c(l,out);
- l=d[1]; l2c(l,out);
- l=d[0]=d[1]=0;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_ecb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc5/rc5_ecb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_ecb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,83 @@
+/* crypto/rc5/rc5_ecb.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+#include <openssl/opensslv.h>
+
+const char RC5_version[] = "RC5" OPENSSL_VERSION_PTEXT;
+
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ RC5_32_KEY *ks, int encrypt)
+{
+ unsigned long l, d[2];
+
+ c2l(in, l);
+ d[0] = l;
+ c2l(in, l);
+ d[1] = l;
+ if (encrypt)
+ RC5_32_encrypt(d, ks);
+ else
+ RC5_32_decrypt(d, ks);
+ l = d[0];
+ l2c(l, out);
+ l = d[1];
+ l2c(l, out);
+ l = d[0] = d[1] = 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_enc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc5/rc5_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,215 +0,0 @@
-/* crypto/rc5/rc5_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/rc5.h>
-#include "rc5_locl.h"
-
-void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC5_32_KEY *ks, unsigned char *iv,
- int encrypt)
- {
- register unsigned long tin0,tin1;
- register unsigned long tout0,tout1,xor0,xor1;
- register long l=length;
- unsigned long tin[2];
-
- if (encrypt)
- {
- c2l(iv,tout0);
- c2l(iv,tout1);
- iv-=8;
- for (l-=8; l>=0; l-=8)
- {
- c2l(in,tin0);
- c2l(in,tin1);
- tin0^=tout0;
- tin1^=tout1;
- tin[0]=tin0;
- tin[1]=tin1;
- RC5_32_encrypt(tin,ks);
- tout0=tin[0]; l2c(tout0,out);
- tout1=tin[1]; l2c(tout1,out);
- }
- if (l != -8)
- {
- c2ln(in,tin0,tin1,l+8);
- tin0^=tout0;
- tin1^=tout1;
- tin[0]=tin0;
- tin[1]=tin1;
- RC5_32_encrypt(tin,ks);
- tout0=tin[0]; l2c(tout0,out);
- tout1=tin[1]; l2c(tout1,out);
- }
- l2c(tout0,iv);
- l2c(tout1,iv);
- }
- else
- {
- c2l(iv,xor0);
- c2l(iv,xor1);
- iv-=8;
- for (l-=8; l>=0; l-=8)
- {
- c2l(in,tin0); tin[0]=tin0;
- c2l(in,tin1); tin[1]=tin1;
- RC5_32_decrypt(tin,ks);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2c(tout0,out);
- l2c(tout1,out);
- xor0=tin0;
- xor1=tin1;
- }
- if (l != -8)
- {
- c2l(in,tin0); tin[0]=tin0;
- c2l(in,tin1); tin[1]=tin1;
- RC5_32_decrypt(tin,ks);
- tout0=tin[0]^xor0;
- tout1=tin[1]^xor1;
- l2cn(tout0,tout1,out,l+8);
- xor0=tin0;
- xor1=tin1;
- }
- l2c(xor0,iv);
- l2c(xor1,iv);
- }
- tin0=tin1=tout0=tout1=xor0=xor1=0;
- tin[0]=tin[1]=0;
- }
-
-void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key)
- {
- RC5_32_INT a,b,*s;
-
- s=key->data;
-
- a=d[0]+s[0];
- b=d[1]+s[1];
- E_RC5_32(a,b,s, 2);
- E_RC5_32(a,b,s, 4);
- E_RC5_32(a,b,s, 6);
- E_RC5_32(a,b,s, 8);
- E_RC5_32(a,b,s,10);
- E_RC5_32(a,b,s,12);
- E_RC5_32(a,b,s,14);
- E_RC5_32(a,b,s,16);
- if (key->rounds == 12)
- {
- E_RC5_32(a,b,s,18);
- E_RC5_32(a,b,s,20);
- E_RC5_32(a,b,s,22);
- E_RC5_32(a,b,s,24);
- }
- else if (key->rounds == 16)
- {
- /* Do a full expansion to avoid a jump */
- E_RC5_32(a,b,s,18);
- E_RC5_32(a,b,s,20);
- E_RC5_32(a,b,s,22);
- E_RC5_32(a,b,s,24);
- E_RC5_32(a,b,s,26);
- E_RC5_32(a,b,s,28);
- E_RC5_32(a,b,s,30);
- E_RC5_32(a,b,s,32);
- }
- d[0]=a;
- d[1]=b;
- }
-
-void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key)
- {
- RC5_32_INT a,b,*s;
-
- s=key->data;
-
- a=d[0];
- b=d[1];
- if (key->rounds == 16)
- {
- D_RC5_32(a,b,s,32);
- D_RC5_32(a,b,s,30);
- D_RC5_32(a,b,s,28);
- D_RC5_32(a,b,s,26);
- /* Do a full expansion to avoid a jump */
- D_RC5_32(a,b,s,24);
- D_RC5_32(a,b,s,22);
- D_RC5_32(a,b,s,20);
- D_RC5_32(a,b,s,18);
- }
- else if (key->rounds == 12)
- {
- D_RC5_32(a,b,s,24);
- D_RC5_32(a,b,s,22);
- D_RC5_32(a,b,s,20);
- D_RC5_32(a,b,s,18);
- }
- D_RC5_32(a,b,s,16);
- D_RC5_32(a,b,s,14);
- D_RC5_32(a,b,s,12);
- D_RC5_32(a,b,s,10);
- D_RC5_32(a,b,s, 8);
- D_RC5_32(a,b,s, 6);
- D_RC5_32(a,b,s, 4);
- D_RC5_32(a,b,s, 2);
- d[0]=a-s[0];
- d[1]=b-s[1];
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_enc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc5/rc5_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,209 @@
+/* crypto/rc5/rc5_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ long length, RC5_32_KEY *ks, unsigned char *iv,
+ int encrypt)
+{
+ register unsigned long tin0, tin1;
+ register unsigned long tout0, tout1, xor0, xor1;
+ register long l = length;
+ unsigned long tin[2];
+
+ if (encrypt) {
+ c2l(iv, tout0);
+ c2l(iv, tout1);
+ iv -= 8;
+ for (l -= 8; l >= 0; l -= 8) {
+ c2l(in, tin0);
+ c2l(in, tin1);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ RC5_32_encrypt(tin, ks);
+ tout0 = tin[0];
+ l2c(tout0, out);
+ tout1 = tin[1];
+ l2c(tout1, out);
+ }
+ if (l != -8) {
+ c2ln(in, tin0, tin1, l + 8);
+ tin0 ^= tout0;
+ tin1 ^= tout1;
+ tin[0] = tin0;
+ tin[1] = tin1;
+ RC5_32_encrypt(tin, ks);
+ tout0 = tin[0];
+ l2c(tout0, out);
+ tout1 = tin[1];
+ l2c(tout1, out);
+ }
+ l2c(tout0, iv);
+ l2c(tout1, iv);
+ } else {
+ c2l(iv, xor0);
+ c2l(iv, xor1);
+ iv -= 8;
+ for (l -= 8; l >= 0; l -= 8) {
+ c2l(in, tin0);
+ tin[0] = tin0;
+ c2l(in, tin1);
+ tin[1] = tin1;
+ RC5_32_decrypt(tin, ks);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2c(tout0, out);
+ l2c(tout1, out);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ if (l != -8) {
+ c2l(in, tin0);
+ tin[0] = tin0;
+ c2l(in, tin1);
+ tin[1] = tin1;
+ RC5_32_decrypt(tin, ks);
+ tout0 = tin[0] ^ xor0;
+ tout1 = tin[1] ^ xor1;
+ l2cn(tout0, tout1, out, l + 8);
+ xor0 = tin0;
+ xor1 = tin1;
+ }
+ l2c(xor0, iv);
+ l2c(xor1, iv);
+ }
+ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+ tin[0] = tin[1] = 0;
+}
+
+void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key)
+{
+ RC5_32_INT a, b, *s;
+
+ s = key->data;
+
+ a = d[0] + s[0];
+ b = d[1] + s[1];
+ E_RC5_32(a, b, s, 2);
+ E_RC5_32(a, b, s, 4);
+ E_RC5_32(a, b, s, 6);
+ E_RC5_32(a, b, s, 8);
+ E_RC5_32(a, b, s, 10);
+ E_RC5_32(a, b, s, 12);
+ E_RC5_32(a, b, s, 14);
+ E_RC5_32(a, b, s, 16);
+ if (key->rounds == 12) {
+ E_RC5_32(a, b, s, 18);
+ E_RC5_32(a, b, s, 20);
+ E_RC5_32(a, b, s, 22);
+ E_RC5_32(a, b, s, 24);
+ } else if (key->rounds == 16) {
+ /* Do a full expansion to avoid a jump */
+ E_RC5_32(a, b, s, 18);
+ E_RC5_32(a, b, s, 20);
+ E_RC5_32(a, b, s, 22);
+ E_RC5_32(a, b, s, 24);
+ E_RC5_32(a, b, s, 26);
+ E_RC5_32(a, b, s, 28);
+ E_RC5_32(a, b, s, 30);
+ E_RC5_32(a, b, s, 32);
+ }
+ d[0] = a;
+ d[1] = b;
+}
+
+void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key)
+{
+ RC5_32_INT a, b, *s;
+
+ s = key->data;
+
+ a = d[0];
+ b = d[1];
+ if (key->rounds == 16) {
+ D_RC5_32(a, b, s, 32);
+ D_RC5_32(a, b, s, 30);
+ D_RC5_32(a, b, s, 28);
+ D_RC5_32(a, b, s, 26);
+ /* Do a full expansion to avoid a jump */
+ D_RC5_32(a, b, s, 24);
+ D_RC5_32(a, b, s, 22);
+ D_RC5_32(a, b, s, 20);
+ D_RC5_32(a, b, s, 18);
+ } else if (key->rounds == 12) {
+ D_RC5_32(a, b, s, 24);
+ D_RC5_32(a, b, s, 22);
+ D_RC5_32(a, b, s, 20);
+ D_RC5_32(a, b, s, 18);
+ }
+ D_RC5_32(a, b, s, 16);
+ D_RC5_32(a, b, s, 14);
+ D_RC5_32(a, b, s, 12);
+ D_RC5_32(a, b, s, 10);
+ D_RC5_32(a, b, s, 8);
+ D_RC5_32(a, b, s, 6);
+ D_RC5_32(a, b, s, 4);
+ D_RC5_32(a, b, s, 2);
+ d[0] = a - s[0];
+ d[1] = b - s[1];
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc5/rc5_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,207 +0,0 @@
-/* crypto/rc5/rc5_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-
-#undef c2l
-#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
- l|=((unsigned long)(*((c)++)))<< 8L, \
- l|=((unsigned long)(*((c)++)))<<16L, \
- l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#undef c2ln
-#define c2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
- case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
- case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
- case 5: l2|=((unsigned long)(*(--(c)))); \
- case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
- case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
- case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
- case 1: l1|=((unsigned long)(*(--(c)))); \
- } \
- }
-
-#undef l2c
-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
- } \
- }
-
-/* NOTE - c is not incremented as per n2l */
-#define n2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c)))) ; \
- case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
- case 6: l2|=((unsigned long)(*(--(c))))<<16; \
- case 5: l2|=((unsigned long)(*(--(c))))<<24; \
- case 4: l1 =((unsigned long)(*(--(c)))) ; \
- case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
- case 2: l1|=((unsigned long)(*(--(c))))<<16; \
- case 1: l1|=((unsigned long)(*(--(c))))<<24; \
- } \
- }
-
-/* NOTE - c is not incremented as per l2n */
-#define l2nn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
- } \
- }
-
-#undef n2l
-#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
- l|=((unsigned long)(*((c)++)))<<16L, \
- l|=((unsigned long)(*((c)++)))<< 8L, \
- l|=((unsigned long)(*((c)++))))
-
-#undef l2n
-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC)
-#define ROTATE_l32(a,n) _lrotl(a,n)
-#define ROTATE_r32(a,n) _lrotr(a,n)
-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-# define ROTATE_l32(a,n) ({ register unsigned int ret; \
- asm ("roll %%cl,%0" \
- : "=r"(ret) \
- : "c"(n),"0"(a) \
- : "cc"); \
- ret; \
- })
-# define ROTATE_r32(a,n) ({ register unsigned int ret; \
- asm ("rorl %%cl,%0" \
- : "=r"(ret) \
- : "c"(n),"0"(a) \
- : "cc"); \
- ret; \
- })
-# endif
-#endif
-#ifndef ROTATE_l32
-#define ROTATE_l32(a,n) (((a)<<(n&0x1f))|(((a)&0xffffffff)>>(32-(n&0x1f))))
-#endif
-#ifndef ROTATE_r32
-#define ROTATE_r32(a,n) (((a)<<(32-(n&0x1f)))|(((a)&0xffffffff)>>(n&0x1f)))
-#endif
-
-#define RC5_32_MASK 0xffffffffL
-
-#define RC5_16_P 0xB7E1
-#define RC5_16_Q 0x9E37
-#define RC5_32_P 0xB7E15163L
-#define RC5_32_Q 0x9E3779B9L
-#define RC5_64_P 0xB7E151628AED2A6BLL
-#define RC5_64_Q 0x9E3779B97F4A7C15LL
-
-#define E_RC5_32(a,b,s,n) \
- a^=b; \
- a=ROTATE_l32(a,b); \
- a+=s[n]; \
- a&=RC5_32_MASK; \
- b^=a; \
- b=ROTATE_l32(b,a); \
- b+=s[n+1]; \
- b&=RC5_32_MASK;
-
-#define D_RC5_32(a,b,s,n) \
- b-=s[n+1]; \
- b&=RC5_32_MASK; \
- b=ROTATE_r32(b,a); \
- b^=a; \
- a-=s[n]; \
- a&=RC5_32_MASK; \
- a=ROTATE_r32(a,b); \
- a^=b;
-
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/rc5/rc5_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,204 @@
+/* crypto/rc5/rc5_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+
+#undef c2l
+#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+ case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+ case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+ case 5: l2|=((unsigned long)(*(--(c)))); \
+ case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+ case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+ case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+ case 1: l1|=((unsigned long)(*(--(c)))); \
+ } \
+ }
+
+#undef l2c
+#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ } \
+ }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c)))) ; \
+ case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+ case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+ case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+ case 4: l1 =((unsigned long)(*(--(c)))) ; \
+ case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+ case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+ case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+ } \
+ }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+ } \
+ }
+
+#undef n2l
+#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC)
+# define ROTATE_l32(a,n) _lrotl(a,n)
+# define ROTATE_r32(a,n) _lrotr(a,n)
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+# define ROTATE_l32(a,n) ({ register unsigned int ret; \
+ asm ("roll %%cl,%0" \
+ : "=r"(ret) \
+ : "c"(n),"0"(a) \
+ : "cc"); \
+ ret; \
+ })
+# define ROTATE_r32(a,n) ({ register unsigned int ret; \
+ asm ("rorl %%cl,%0" \
+ : "=r"(ret) \
+ : "c"(n),"0"(a) \
+ : "cc"); \
+ ret; \
+ })
+# endif
+#endif
+#ifndef ROTATE_l32
+# define ROTATE_l32(a,n) (((a)<<(n&0x1f))|(((a)&0xffffffff)>>(32-(n&0x1f))))
+#endif
+#ifndef ROTATE_r32
+# define ROTATE_r32(a,n) (((a)<<(32-(n&0x1f)))|(((a)&0xffffffff)>>(n&0x1f)))
+#endif
+
+#define RC5_32_MASK 0xffffffffL
+
+#define RC5_16_P 0xB7E1
+#define RC5_16_Q 0x9E37
+#define RC5_32_P 0xB7E15163L
+#define RC5_32_Q 0x9E3779B9L
+#define RC5_64_P 0xB7E151628AED2A6BLL
+#define RC5_64_Q 0x9E3779B97F4A7C15LL
+
+#define E_RC5_32(a,b,s,n) \
+ a^=b; \
+ a=ROTATE_l32(a,b); \
+ a+=s[n]; \
+ a&=RC5_32_MASK; \
+ b^=a; \
+ b=ROTATE_l32(b,a); \
+ b+=s[n+1]; \
+ b&=RC5_32_MASK;
+
+#define D_RC5_32(a,b,s,n) \
+ b-=s[n+1]; \
+ b&=RC5_32_MASK; \
+ b=ROTATE_r32(b,a); \
+ b^=a; \
+ a-=s[n]; \
+ a&=RC5_32_MASK; \
+ a=ROTATE_r32(a,b); \
+ a^=b;
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_skey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc5/rc5_skey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,130 +0,0 @@
-/* crypto/rc5/rc5_skey.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/crypto.h>
-#include <openssl/rc5.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include "rc5_locl.h"
-
-#ifdef OPENSSL_FIPS
-void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
- int rounds)
- {
- if (FIPS_mode())
- FIPS_BAD_ABORT(RC5)
- private_RC5_32_set_key(key, len, data, rounds);
- }
-void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
- int rounds)
-#else
-void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
- int rounds)
-#endif
- {
- RC5_32_INT L[64],l,ll,A,B,*S,k;
- int i,j,m,c,t,ii,jj;
-
- if ( (rounds != RC5_16_ROUNDS) &&
- (rounds != RC5_12_ROUNDS) &&
- (rounds != RC5_8_ROUNDS))
- rounds=RC5_16_ROUNDS;
-
- key->rounds=rounds;
- S= &(key->data[0]);
- j=0;
- for (i=0; i<=(len-8); i+=8)
- {
- c2l(data,l);
- L[j++]=l;
- c2l(data,l);
- L[j++]=l;
- }
- ii=len-i;
- if (ii)
- {
- k=len&0x07;
- c2ln(data,l,ll,k);
- L[j+0]=l;
- L[j+1]=ll;
- }
-
- c=(len+3)/4;
- t=(rounds+1)*2;
- S[0]=RC5_32_P;
- for (i=1; i<t; i++)
- S[i]=(S[i-1]+RC5_32_Q)&RC5_32_MASK;
-
- j=(t>c)?t:c;
- j*=3;
- ii=jj=0;
- A=B=0;
- for (i=0; i<j; i++)
- {
- k=(S[ii]+A+B)&RC5_32_MASK;
- A=S[ii]=ROTATE_l32(k,3);
- m=(int)(A+B);
- k=(L[jj]+A+B)&RC5_32_MASK;
- B=L[jj]=ROTATE_l32(k,m);
- if (++ii >= t) ii=0;
- if (++jj >= c) jj=0;
- }
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_skey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc5/rc5_skey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_skey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,128 @@
+/* crypto/rc5/rc5_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/rc5.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#include "rc5_locl.h"
+
+#ifdef OPENSSL_FIPS
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+ int rounds)
+{
+ if (FIPS_mode())
+ FIPS_BAD_ABORT(RC5)
+ private_RC5_32_set_key(key, len, data, rounds);
+}
+
+void private_RC5_32_set_key(RC5_32_KEY *key, int len,
+ const unsigned char *data, int rounds)
+#else
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+ int rounds)
+#endif
+{
+ RC5_32_INT L[64], l, ll, A, B, *S, k;
+ int i, j, m, c, t, ii, jj;
+
+ if ((rounds != RC5_16_ROUNDS) &&
+ (rounds != RC5_12_ROUNDS) && (rounds != RC5_8_ROUNDS))
+ rounds = RC5_16_ROUNDS;
+
+ key->rounds = rounds;
+ S = &(key->data[0]);
+ j = 0;
+ for (i = 0; i <= (len - 8); i += 8) {
+ c2l(data, l);
+ L[j++] = l;
+ c2l(data, l);
+ L[j++] = l;
+ }
+ ii = len - i;
+ if (ii) {
+ k = len & 0x07;
+ c2ln(data, l, ll, k);
+ L[j + 0] = l;
+ L[j + 1] = ll;
+ }
+
+ c = (len + 3) / 4;
+ t = (rounds + 1) * 2;
+ S[0] = RC5_32_P;
+ for (i = 1; i < t; i++)
+ S[i] = (S[i - 1] + RC5_32_Q) & RC5_32_MASK;
+
+ j = (t > c) ? t : c;
+ j *= 3;
+ ii = jj = 0;
+ A = B = 0;
+ for (i = 0; i < j; i++) {
+ k = (S[ii] + A + B) & RC5_32_MASK;
+ A = S[ii] = ROTATE_l32(k, 3);
+ m = (int)(A + B);
+ k = (L[jj] + A + B) & RC5_32_MASK;
+ B = L[jj] = ROTATE_l32(k, m);
+ if (++ii >= t)
+ ii = 0;
+ if (++jj >= c)
+ jj = 0;
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5cfb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc5/rc5cfb64.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5cfb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,122 +0,0 @@
-/* crypto/rc5/rc5cfb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc5.h>
-#include "rc5_locl.h"
-
-/* The input and output encrypted as though 64bit cfb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-
-void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC5_32_KEY *schedule,
- unsigned char *ivec, int *num, int encrypt)
- {
- register unsigned long v0,v1,t;
- register int n= *num;
- register long l=length;
- unsigned long ti[2];
- unsigned char *iv,c,cc;
-
- iv=(unsigned char *)ivec;
- if (encrypt)
- {
- while (l--)
- {
- if (n == 0)
- {
- c2l(iv,v0); ti[0]=v0;
- c2l(iv,v1); ti[1]=v1;
- RC5_32_encrypt((unsigned long *)ti,schedule);
- iv=(unsigned char *)ivec;
- t=ti[0]; l2c(t,iv);
- t=ti[1]; l2c(t,iv);
- iv=(unsigned char *)ivec;
- }
- c= *(in++)^iv[n];
- *(out++)=c;
- iv[n]=c;
- n=(n+1)&0x07;
- }
- }
- else
- {
- while (l--)
- {
- if (n == 0)
- {
- c2l(iv,v0); ti[0]=v0;
- c2l(iv,v1); ti[1]=v1;
- RC5_32_encrypt((unsigned long *)ti,schedule);
- iv=(unsigned char *)ivec;
- t=ti[0]; l2c(t,iv);
- t=ti[1]; l2c(t,iv);
- iv=(unsigned char *)ivec;
- }
- cc= *(in++);
- c=iv[n];
- iv[n]=cc;
- *(out++)=c^cc;
- n=(n+1)&0x07;
- }
- }
- v0=v1=ti[0]=ti[1]=t=c=cc=0;
- *num=n;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5cfb64.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc5/rc5cfb64.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5cfb64.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5cfb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,123 @@
+/* crypto/rc5/rc5cfb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, RC5_32_KEY *schedule,
+ unsigned char *ivec, int *num, int encrypt)
+{
+ register unsigned long v0, v1, t;
+ register int n = *num;
+ register long l = length;
+ unsigned long ti[2];
+ unsigned char *iv, c, cc;
+
+ iv = (unsigned char *)ivec;
+ if (encrypt) {
+ while (l--) {
+ if (n == 0) {
+ c2l(iv, v0);
+ ti[0] = v0;
+ c2l(iv, v1);
+ ti[1] = v1;
+ RC5_32_encrypt((unsigned long *)ti, schedule);
+ iv = (unsigned char *)ivec;
+ t = ti[0];
+ l2c(t, iv);
+ t = ti[1];
+ l2c(t, iv);
+ iv = (unsigned char *)ivec;
+ }
+ c = *(in++) ^ iv[n];
+ *(out++) = c;
+ iv[n] = c;
+ n = (n + 1) & 0x07;
+ }
+ } else {
+ while (l--) {
+ if (n == 0) {
+ c2l(iv, v0);
+ ti[0] = v0;
+ c2l(iv, v1);
+ ti[1] = v1;
+ RC5_32_encrypt((unsigned long *)ti, schedule);
+ iv = (unsigned char *)ivec;
+ t = ti[0];
+ l2c(t, iv);
+ t = ti[1];
+ l2c(t, iv);
+ iv = (unsigned char *)ivec;
+ }
+ cc = *(in++);
+ c = iv[n];
+ iv[n] = cc;
+ *(out++) = c ^ cc;
+ n = (n + 1) & 0x07;
+ }
+ }
+ v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5ofb64.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc5/rc5ofb64.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5ofb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,111 +0,0 @@
-/* crypto/rc5/rc5ofb64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/rc5.h>
-#include "rc5_locl.h"
-
-/* The input and output encrypted as though 64bit ofb mode is being
- * used. The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
- */
-void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, RC5_32_KEY *schedule,
- unsigned char *ivec, int *num)
- {
- register unsigned long v0,v1,t;
- register int n= *num;
- register long l=length;
- unsigned char d[8];
- register char *dp;
- unsigned long ti[2];
- unsigned char *iv;
- int save=0;
-
- iv=(unsigned char *)ivec;
- c2l(iv,v0);
- c2l(iv,v1);
- ti[0]=v0;
- ti[1]=v1;
- dp=(char *)d;
- l2c(v0,dp);
- l2c(v1,dp);
- while (l--)
- {
- if (n == 0)
- {
- RC5_32_encrypt((unsigned long *)ti,schedule);
- dp=(char *)d;
- t=ti[0]; l2c(t,dp);
- t=ti[1]; l2c(t,dp);
- save++;
- }
- *(out++)= *(in++)^d[n];
- n=(n+1)&0x07;
- }
- if (save)
- {
- v0=ti[0];
- v1=ti[1];
- iv=(unsigned char *)ivec;
- l2c(v0,iv);
- l2c(v1,iv);
- }
- t=v0=v1=ti[0]=ti[1]=0;
- *num=n;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5ofb64.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc5/rc5ofb64.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5ofb64.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5ofb64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,110 @@
+/* crypto/rc5/rc5ofb64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/rc5.h>
+#include "rc5_locl.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ long length, RC5_32_KEY *schedule,
+ unsigned char *ivec, int *num)
+{
+ register unsigned long v0, v1, t;
+ register int n = *num;
+ register long l = length;
+ unsigned char d[8];
+ register char *dp;
+ unsigned long ti[2];
+ unsigned char *iv;
+ int save = 0;
+
+ iv = (unsigned char *)ivec;
+ c2l(iv, v0);
+ c2l(iv, v1);
+ ti[0] = v0;
+ ti[1] = v1;
+ dp = (char *)d;
+ l2c(v0, dp);
+ l2c(v1, dp);
+ while (l--) {
+ if (n == 0) {
+ RC5_32_encrypt((unsigned long *)ti, schedule);
+ dp = (char *)d;
+ t = ti[0];
+ l2c(t, dp);
+ t = ti[1];
+ l2c(t, dp);
+ save++;
+ }
+ *(out++) = *(in++) ^ d[n];
+ n = (n + 1) & 0x07;
+ }
+ if (save) {
+ v0 = ti[0];
+ v1 = ti[1];
+ iv = (unsigned char *)ivec;
+ l2c(v0, iv);
+ l2c(v1, iv);
+ }
+ t = v0 = v1 = ti[0] = ti[1] = 0;
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5speed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc5/rc5speed.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5speed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,277 +0,0 @@
-/* crypto/rc5/rc5speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
-
-#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
-#define TIMES
-#endif
-
-#include <stdio.h>
-
-#include <openssl/e_os2.h>
-#include OPENSSL_UNISTD_IO
-OPENSSL_DECLARE_EXIT
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifndef TIMES
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/rc5.h>
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-#ifndef CLK_TCK
-#define HZ 100.0
-#else /* CLK_TCK */
-#define HZ ((double)CLK_TCK)
-#endif
-#endif
-
-#define BUFSIZE ((long)1024)
-long run=0;
-
-double Time_F(int s);
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-SIGRETTYPE sig_done(int sig);
-SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-double Time_F(int s)
- {
- double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
- }
-
-int main(int argc, char **argv)
- {
- long count;
- static unsigned char buf[BUFSIZE];
- static unsigned char key[] ={
- 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
- };
- RC5_32_KEY sch;
- double a,b,c,d;
-#ifndef SIGALRM
- long ca,cb,cc;
-#endif
-
-#ifndef TIMES
- printf("To get the most accurate results, try to run this\n");
- printf("program when this computer is idle.\n");
-#endif
-
-#ifndef SIGALRM
- printf("First we calculate the approximate speed ...\n");
- RC5_32_set_key(&sch,16,key,12);
- count=10;
- do {
- long i;
- unsigned long data[2];
-
- count*=2;
- Time_F(START);
- for (i=count; i; i--)
- RC5_32_encrypt(data,&sch);
- d=Time_F(STOP);
- } while (d < 3.0);
- ca=count/512;
- cb=count;
- cc=count*8/BUFSIZE+1;
- printf("Doing RC5_32_set_key %ld times\n",ca);
-#define COND(d) (count != (d))
-#define COUNT(d) (d)
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
- printf("Doing RC5_32_set_key for 10 seconds\n");
- alarm(10);
-#endif
-
- Time_F(START);
- for (count=0,run=1; COND(ca); count+=4)
- {
- RC5_32_set_key(&sch,16,key,12);
- RC5_32_set_key(&sch,16,key,12);
- RC5_32_set_key(&sch,16,key,12);
- RC5_32_set_key(&sch,16,key,12);
- }
- d=Time_F(STOP);
- printf("%ld RC5_32_set_key's in %.2f seconds\n",count,d);
- a=((double)COUNT(ca))/d;
-
-#ifdef SIGALRM
- printf("Doing RC5_32_encrypt's for 10 seconds\n");
- alarm(10);
-#else
- printf("Doing RC5_32_encrypt %ld times\n",cb);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cb); count+=4)
- {
- unsigned long data[2];
-
- RC5_32_encrypt(data,&sch);
- RC5_32_encrypt(data,&sch);
- RC5_32_encrypt(data,&sch);
- RC5_32_encrypt(data,&sch);
- }
- d=Time_F(STOP);
- printf("%ld RC5_32_encrypt's in %.2f second\n",count,d);
- b=((double)COUNT(cb)*8)/d;
-
-#ifdef SIGALRM
- printf("Doing RC5_32_cbc_encrypt on %ld byte blocks for 10 seconds\n",
- BUFSIZE);
- alarm(10);
-#else
- printf("Doing RC5_32_cbc_encrypt %ld times on %ld byte blocks\n",cc,
- BUFSIZE);
-#endif
- Time_F(START);
- for (count=0,run=1; COND(cc); count++)
- RC5_32_cbc_encrypt(buf,buf,BUFSIZE,&sch,
- &(key[0]),RC5_ENCRYPT);
- d=Time_F(STOP);
- printf("%ld RC5_32_cbc_encrypt's of %ld byte blocks in %.2f second\n",
- count,BUFSIZE,d);
- c=((double)COUNT(cc)*BUFSIZE)/d;
-
- printf("RC5_32/12/16 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
- printf("RC5_32/12/16 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
- printf("RC5_32/12/16 cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
- exit(0);
-#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
- return(0);
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5speed.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc5/rc5speed.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5speed.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5speed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,265 @@
+/* crypto/rc5/rc5speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
+
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+# define TIMES
+#endif
+
+#include <stdio.h>
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#ifndef OPENSSL_SYS_NETWARE
+# include <signal.h>
+#endif
+#ifndef _IRIX
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+ /*
+ * Depending on the VMS version, the tms structure is perhaps defined.
+ * The __TMS macro will show if it was. If it wasn't defined, we should
+ * undefine TIMES, since that tells the rest of the program how things
+ * should be handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+#ifndef TIMES
+# include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+#include <openssl/rc5.h>
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+# define HZ 100.0
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run = 0;
+
+double Time_F(int s);
+#ifdef SIGALRM
+# if defined(__STDC__) || defined(sgi) || defined(_AIX)
+# define SIGRETTYPE void
+# else
+# define SIGRETTYPE int
+# endif
+
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+{
+ signal(SIGALRM, sig_done);
+ run = 0;
+# ifdef LINT
+ sig = sig;
+# endif
+}
+#endif
+
+#define START 0
+#define STOP 1
+
+double Time_F(int s)
+{
+ double ret;
+#ifdef TIMES
+ static struct tms tstart, tend;
+
+ if (s == START) {
+ times(&tstart);
+ return (0);
+ } else {
+ times(&tend);
+ ret = ((double)(tend.tms_utime - tstart.tms_utime)) / HZ;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#else /* !times() */
+ static struct timeb tstart, tend;
+ long i;
+
+ if (s == START) {
+ ftime(&tstart);
+ return (0);
+ } else {
+ ftime(&tend);
+ i = (long)tend.millitm - (long)tstart.millitm;
+ ret = ((double)(tend.time - tstart.time)) + ((double)i) / 1e3;
+ return ((ret == 0.0) ? 1e-6 : ret);
+ }
+#endif
+}
+
+int main(int argc, char **argv)
+{
+ long count;
+ static unsigned char buf[BUFSIZE];
+ static unsigned char key[] = {
+ 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+ 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
+ };
+ RC5_32_KEY sch;
+ double a, b, c, d;
+#ifndef SIGALRM
+ long ca, cb, cc;
+#endif
+
+#ifndef TIMES
+ printf("To get the most accurate results, try to run this\n");
+ printf("program when this computer is idle.\n");
+#endif
+
+#ifndef SIGALRM
+ printf("First we calculate the approximate speed ...\n");
+ RC5_32_set_key(&sch, 16, key, 12);
+ count = 10;
+ do {
+ long i;
+ unsigned long data[2];
+
+ count *= 2;
+ Time_F(START);
+ for (i = count; i; i--)
+ RC5_32_encrypt(data, &sch);
+ d = Time_F(STOP);
+ } while (d < 3.0);
+ ca = count / 512;
+ cb = count;
+ cc = count * 8 / BUFSIZE + 1;
+ printf("Doing RC5_32_set_key %ld times\n", ca);
+# define COND(d) (count != (d))
+# define COUNT(d) (d)
+#else
+# define COND(c) (run)
+# define COUNT(d) (count)
+ signal(SIGALRM, sig_done);
+ printf("Doing RC5_32_set_key for 10 seconds\n");
+ alarm(10);
+#endif
+
+ Time_F(START);
+ for (count = 0, run = 1; COND(ca); count += 4) {
+ RC5_32_set_key(&sch, 16, key, 12);
+ RC5_32_set_key(&sch, 16, key, 12);
+ RC5_32_set_key(&sch, 16, key, 12);
+ RC5_32_set_key(&sch, 16, key, 12);
+ }
+ d = Time_F(STOP);
+ printf("%ld RC5_32_set_key's in %.2f seconds\n", count, d);
+ a = ((double)COUNT(ca)) / d;
+
+#ifdef SIGALRM
+ printf("Doing RC5_32_encrypt's for 10 seconds\n");
+ alarm(10);
+#else
+ printf("Doing RC5_32_encrypt %ld times\n", cb);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cb); count += 4) {
+ unsigned long data[2];
+
+ RC5_32_encrypt(data, &sch);
+ RC5_32_encrypt(data, &sch);
+ RC5_32_encrypt(data, &sch);
+ RC5_32_encrypt(data, &sch);
+ }
+ d = Time_F(STOP);
+ printf("%ld RC5_32_encrypt's in %.2f second\n", count, d);
+ b = ((double)COUNT(cb) * 8) / d;
+
+#ifdef SIGALRM
+ printf("Doing RC5_32_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+ BUFSIZE);
+ alarm(10);
+#else
+ printf("Doing RC5_32_cbc_encrypt %ld times on %ld byte blocks\n", cc,
+ BUFSIZE);
+#endif
+ Time_F(START);
+ for (count = 0, run = 1; COND(cc); count++)
+ RC5_32_cbc_encrypt(buf, buf, BUFSIZE, &sch, &(key[0]), RC5_ENCRYPT);
+ d = Time_F(STOP);
+ printf("%ld RC5_32_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+ count, BUFSIZE, d);
+ c = ((double)COUNT(cc) * BUFSIZE) / d;
+
+ printf("RC5_32/12/16 set_key per sec = %12.2f (%9.3fuS)\n", a,
+ 1.0e6 / a);
+ printf("RC5_32/12/16 raw ecb bytes per sec = %12.2f (%9.3fuS)\n", b,
+ 8.0e6 / b);
+ printf("RC5_32/12/16 cbc bytes per sec = %12.2f (%9.3fuS)\n", c,
+ 8.0e6 / c);
+ exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+ return (0);
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rc5/rc5test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,386 +0,0 @@
-/* crypto/rc5/rc5test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* This has been a quickly hacked 'ideatest.c'. When I add tests for other
- * RC5 modes, more of the code will be uncommented. */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_RC5
-int main(int argc, char *argv[])
-{
- printf("No RC5 support\n");
- return(0);
-}
-#else
-#include <openssl/rc5.h>
-
-static unsigned char RC5key[5][16]={
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x91,0x5f,0x46,0x19,0xbe,0x41,0xb2,0x51,
- 0x63,0x55,0xa5,0x01,0x10,0xa9,0xce,0x91},
- {0x78,0x33,0x48,0xe7,0x5a,0xeb,0x0f,0x2f,
- 0xd7,0xb1,0x69,0xbb,0x8d,0xc1,0x67,0x87},
- {0xdc,0x49,0xdb,0x13,0x75,0xa5,0x58,0x4f,
- 0x64,0x85,0xb4,0x13,0xb5,0xf1,0x2b,0xaf},
- {0x52,0x69,0xf1,0x49,0xd4,0x1b,0xa0,0x15,
- 0x24,0x97,0x57,0x4d,0x7f,0x15,0x31,0x25},
- };
-
-static unsigned char RC5plain[5][8]={
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x21,0xA5,0xDB,0xEE,0x15,0x4B,0x8F,0x6D},
- {0xF7,0xC0,0x13,0xAC,0x5B,0x2B,0x89,0x52},
- {0x2F,0x42,0xB3,0xB7,0x03,0x69,0xFC,0x92},
- {0x65,0xC1,0x78,0xB2,0x84,0xD1,0x97,0xCC},
- };
-
-static unsigned char RC5cipher[5][8]={
- {0x21,0xA5,0xDB,0xEE,0x15,0x4B,0x8F,0x6D},
- {0xF7,0xC0,0x13,0xAC,0x5B,0x2B,0x89,0x52},
- {0x2F,0x42,0xB3,0xB7,0x03,0x69,0xFC,0x92},
- {0x65,0xC1,0x78,0xB2,0x84,0xD1,0x97,0xCC},
- {0xEB,0x44,0xE4,0x15,0xDA,0x31,0x98,0x24},
- };
-
-#define RC5_CBC_NUM 27
-static unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8]={
- {0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1e},
- {0x79,0x7b,0xba,0x4d,0x78,0x11,0x1d,0x1e},
- {0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1f},
- {0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1f},
- {0x8b,0x9d,0xed,0x91,0xce,0x77,0x94,0xa6},
- {0x2f,0x75,0x9f,0xe7,0xad,0x86,0xa3,0x78},
- {0xdc,0xa2,0x69,0x4b,0xf4,0x0e,0x07,0x88},
- {0xdc,0xa2,0x69,0x4b,0xf4,0x0e,0x07,0x88},
- {0xdc,0xfe,0x09,0x85,0x77,0xec,0xa5,0xff},
- {0x96,0x46,0xfb,0x77,0x63,0x8f,0x9c,0xa8},
- {0xb2,0xb3,0x20,0x9d,0xb6,0x59,0x4d,0xa4},
- {0x54,0x5f,0x7f,0x32,0xa5,0xfc,0x38,0x36},
- {0x82,0x85,0xe7,0xc1,0xb5,0xbc,0x74,0x02},
- {0xfc,0x58,0x6f,0x92,0xf7,0x08,0x09,0x34},
- {0xcf,0x27,0x0e,0xf9,0x71,0x7f,0xf7,0xc4},
- {0xe4,0x93,0xf1,0xc1,0xbb,0x4d,0x6e,0x8c},
- {0x5c,0x4c,0x04,0x1e,0x0f,0x21,0x7a,0xc3},
- {0x92,0x1f,0x12,0x48,0x53,0x73,0xb4,0xf7},
- {0x5b,0xa0,0xca,0x6b,0xbe,0x7f,0x5f,0xad},
- {0xc5,0x33,0x77,0x1c,0xd0,0x11,0x0e,0x63},
- {0x29,0x4d,0xdb,0x46,0xb3,0x27,0x8d,0x60},
- {0xda,0xd6,0xbd,0xa9,0xdf,0xe8,0xf7,0xe8},
- {0x97,0xe0,0x78,0x78,0x37,0xed,0x31,0x7f},
- {0x78,0x75,0xdb,0xf6,0x73,0x8c,0x64,0x78},
- {0x8f,0x34,0xc3,0xc6,0x81,0xc9,0x96,0x95},
- {0x7c,0xb3,0xf1,0xdf,0x34,0xf9,0x48,0x11},
- {0x7f,0xd1,0xa0,0x23,0xa5,0xbb,0xa2,0x17},
- };
-
-static unsigned char rc5_cbc_key[RC5_CBC_NUM][17]={
- { 1,0x00},
- { 1,0x00},
- { 1,0x00},
- { 1,0x00},
- { 1,0x00},
- { 1,0x11},
- { 1,0x00},
- { 4,0x00,0x00,0x00,0x00},
- { 1,0x00},
- { 1,0x00},
- { 1,0x00},
- { 1,0x00},
- { 4,0x01,0x02,0x03,0x04},
- { 4,0x01,0x02,0x03,0x04},
- { 4,0x01,0x02,0x03,0x04},
- { 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- { 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- { 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- { 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- {16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- {16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- {16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- { 5,0x01,0x02,0x03,0x04,0x05},
- { 5,0x01,0x02,0x03,0x04,0x05},
- { 5,0x01,0x02,0x03,0x04,0x05},
- { 5,0x01,0x02,0x03,0x04,0x05},
- { 5,0x01,0x02,0x03,0x04,0x05},
- };
-
-static unsigned char rc5_cbc_plain[RC5_CBC_NUM][8]={
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
- {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
- {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
- {0x08,0x08,0x08,0x08,0x08,0x08,0x08,0x08},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x01},
- };
-
-static int rc5_cbc_rounds[RC5_CBC_NUM]={
- 0, 0, 0, 0, 0, 1, 2, 2,
- 8, 8,12,16, 8,12,16,12,
- 8,12,16, 8,12,16,12, 8,
- 8, 8, 8,
- };
-
-static unsigned char rc5_cbc_iv[RC5_CBC_NUM][8]={
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x78,0x75,0xdb,0xf6,0x73,0x8c,0x64,0x78},
- {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- {0x7c,0xb3,0xf1,0xdf,0x34,0xf9,0x48,0x11},
- };
-
-int main(int argc, char *argv[])
- {
- int i,n,err=0;
- RC5_32_KEY key;
- unsigned char buf[8],buf2[8],ivb[8];
-
- for (n=0; n<5; n++)
- {
- RC5_32_set_key(&key,16,&(RC5key[n][0]),12);
-
- RC5_32_ecb_encrypt(&(RC5plain[n][0]),buf,&key,RC5_ENCRYPT);
- if (memcmp(&(RC5cipher[n][0]),buf,8) != 0)
- {
- printf("ecb RC5 error encrypting (%d)\n",n+1);
- printf("got :");
- for (i=0; i<8; i++)
- printf("%02X ",buf[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<8; i++)
- printf("%02X ",RC5cipher[n][i]);
- err=20;
- printf("\n");
- }
-
- RC5_32_ecb_encrypt(buf,buf2,&key,RC5_DECRYPT);
- if (memcmp(&(RC5plain[n][0]),buf2,8) != 0)
- {
- printf("ecb RC5 error decrypting (%d)\n",n+1);
- printf("got :");
- for (i=0; i<8; i++)
- printf("%02X ",buf2[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<8; i++)
- printf("%02X ",RC5plain[n][i]);
- printf("\n");
- err=3;
- }
- }
- if (err == 0) printf("ecb RC5 ok\n");
-
- for (n=0; n<RC5_CBC_NUM; n++)
- {
- i=rc5_cbc_rounds[n];
- if (i < 8) continue;
-
- RC5_32_set_key(&key,rc5_cbc_key[n][0],&(rc5_cbc_key[n][1]),i);
-
- memcpy(ivb,&(rc5_cbc_iv[n][0]),8);
- RC5_32_cbc_encrypt(&(rc5_cbc_plain[n][0]),buf,8,
- &key,&(ivb[0]),RC5_ENCRYPT);
-
- if (memcmp(&(rc5_cbc_cipher[n][0]),buf,8) != 0)
- {
- printf("cbc RC5 error encrypting (%d)\n",n+1);
- printf("got :");
- for (i=0; i<8; i++)
- printf("%02X ",buf[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<8; i++)
- printf("%02X ",rc5_cbc_cipher[n][i]);
- err=30;
- printf("\n");
- }
-
- memcpy(ivb,&(rc5_cbc_iv[n][0]),8);
- RC5_32_cbc_encrypt(buf,buf2,8,
- &key,&(ivb[0]),RC5_DECRYPT);
- if (memcmp(&(rc5_cbc_plain[n][0]),buf2,8) != 0)
- {
- printf("cbc RC5 error decrypting (%d)\n",n+1);
- printf("got :");
- for (i=0; i<8; i++)
- printf("%02X ",buf2[i]);
- printf("\n");
- printf("expected:");
- for (i=0; i<8; i++)
- printf("%02X ",rc5_cbc_plain[n][i]);
- printf("\n");
- err=3;
- }
- }
- if (err == 0) printf("cbc RC5 ok\n");
-
- EXIT(err);
- return(err);
- }
-
-#ifdef undef
-static int cfb64_test(unsigned char *cfb_cipher)
- {
- IDEA_KEY_SCHEDULE eks,dks;
- int err=0,i,n;
-
- idea_set_encrypt_key(cfb_key,&eks);
- idea_set_decrypt_key(&eks,&dks);
- memcpy(cfb_tmp,cfb_iv,8);
- n=0;
- idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
- cfb_tmp,&n,IDEA_ENCRYPT);
- idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
- (long)CFB_TEST_SIZE-12,&eks,
- cfb_tmp,&n,IDEA_ENCRYPT);
- if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
- {
- err=1;
- printf("idea_cfb64_encrypt encrypt error\n");
- for (i=0; i<CFB_TEST_SIZE; i+=8)
- printf("%s\n",pt(&(cfb_buf1[i])));
- }
- memcpy(cfb_tmp,cfb_iv,8);
- n=0;
- idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
- cfb_tmp,&n,IDEA_DECRYPT);
- idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
- (long)CFB_TEST_SIZE-17,&dks,
- cfb_tmp,&n,IDEA_DECRYPT);
- if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
- {
- err=1;
- printf("idea_cfb_encrypt decrypt error\n");
- for (i=0; i<24; i+=8)
- printf("%s\n",pt(&(cfb_buf2[i])));
- }
- return(err);
- }
-
-static char *pt(unsigned char *p)
- {
- static char bufs[10][20];
- static int bnum=0;
- char *ret;
- int i;
- static char *f="0123456789ABCDEF";
-
- ret= &(bufs[bnum++][0]);
- bnum%=10;
- for (i=0; i<8; i++)
- {
- ret[i*2]=f[(p[i]>>4)&0xf];
- ret[i*2+1]=f[p[i]&0xf];
- }
- ret[16]='\0';
- return(ret);
- }
-
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rc5/rc5test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rc5/rc5test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,381 @@
+/* crypto/rc5/rc5test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * This has been a quickly hacked 'ideatest.c'. When I add tests for other
+ * RC5 modes, more of the code will be uncommented.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC5
+int main(int argc, char *argv[])
+{
+ printf("No RC5 support\n");
+ return (0);
+}
+#else
+# include <openssl/rc5.h>
+
+static unsigned char RC5key[5][16] = {
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x91, 0x5f, 0x46, 0x19, 0xbe, 0x41, 0xb2, 0x51,
+ 0x63, 0x55, 0xa5, 0x01, 0x10, 0xa9, 0xce, 0x91},
+ {0x78, 0x33, 0x48, 0xe7, 0x5a, 0xeb, 0x0f, 0x2f,
+ 0xd7, 0xb1, 0x69, 0xbb, 0x8d, 0xc1, 0x67, 0x87},
+ {0xdc, 0x49, 0xdb, 0x13, 0x75, 0xa5, 0x58, 0x4f,
+ 0x64, 0x85, 0xb4, 0x13, 0xb5, 0xf1, 0x2b, 0xaf},
+ {0x52, 0x69, 0xf1, 0x49, 0xd4, 0x1b, 0xa0, 0x15,
+ 0x24, 0x97, 0x57, 0x4d, 0x7f, 0x15, 0x31, 0x25},
+};
+
+static unsigned char RC5plain[5][8] = {
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x21, 0xA5, 0xDB, 0xEE, 0x15, 0x4B, 0x8F, 0x6D},
+ {0xF7, 0xC0, 0x13, 0xAC, 0x5B, 0x2B, 0x89, 0x52},
+ {0x2F, 0x42, 0xB3, 0xB7, 0x03, 0x69, 0xFC, 0x92},
+ {0x65, 0xC1, 0x78, 0xB2, 0x84, 0xD1, 0x97, 0xCC},
+};
+
+static unsigned char RC5cipher[5][8] = {
+ {0x21, 0xA5, 0xDB, 0xEE, 0x15, 0x4B, 0x8F, 0x6D},
+ {0xF7, 0xC0, 0x13, 0xAC, 0x5B, 0x2B, 0x89, 0x52},
+ {0x2F, 0x42, 0xB3, 0xB7, 0x03, 0x69, 0xFC, 0x92},
+ {0x65, 0xC1, 0x78, 0xB2, 0x84, 0xD1, 0x97, 0xCC},
+ {0xEB, 0x44, 0xE4, 0x15, 0xDA, 0x31, 0x98, 0x24},
+};
+
+# define RC5_CBC_NUM 27
+static unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8] = {
+ {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1e},
+ {0x79, 0x7b, 0xba, 0x4d, 0x78, 0x11, 0x1d, 0x1e},
+ {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1f},
+ {0x7a, 0x7b, 0xba, 0x4d, 0x79, 0x11, 0x1d, 0x1f},
+ {0x8b, 0x9d, 0xed, 0x91, 0xce, 0x77, 0x94, 0xa6},
+ {0x2f, 0x75, 0x9f, 0xe7, 0xad, 0x86, 0xa3, 0x78},
+ {0xdc, 0xa2, 0x69, 0x4b, 0xf4, 0x0e, 0x07, 0x88},
+ {0xdc, 0xa2, 0x69, 0x4b, 0xf4, 0x0e, 0x07, 0x88},
+ {0xdc, 0xfe, 0x09, 0x85, 0x77, 0xec, 0xa5, 0xff},
+ {0x96, 0x46, 0xfb, 0x77, 0x63, 0x8f, 0x9c, 0xa8},
+ {0xb2, 0xb3, 0x20, 0x9d, 0xb6, 0x59, 0x4d, 0xa4},
+ {0x54, 0x5f, 0x7f, 0x32, 0xa5, 0xfc, 0x38, 0x36},
+ {0x82, 0x85, 0xe7, 0xc1, 0xb5, 0xbc, 0x74, 0x02},
+ {0xfc, 0x58, 0x6f, 0x92, 0xf7, 0x08, 0x09, 0x34},
+ {0xcf, 0x27, 0x0e, 0xf9, 0x71, 0x7f, 0xf7, 0xc4},
+ {0xe4, 0x93, 0xf1, 0xc1, 0xbb, 0x4d, 0x6e, 0x8c},
+ {0x5c, 0x4c, 0x04, 0x1e, 0x0f, 0x21, 0x7a, 0xc3},
+ {0x92, 0x1f, 0x12, 0x48, 0x53, 0x73, 0xb4, 0xf7},
+ {0x5b, 0xa0, 0xca, 0x6b, 0xbe, 0x7f, 0x5f, 0xad},
+ {0xc5, 0x33, 0x77, 0x1c, 0xd0, 0x11, 0x0e, 0x63},
+ {0x29, 0x4d, 0xdb, 0x46, 0xb3, 0x27, 0x8d, 0x60},
+ {0xda, 0xd6, 0xbd, 0xa9, 0xdf, 0xe8, 0xf7, 0xe8},
+ {0x97, 0xe0, 0x78, 0x78, 0x37, 0xed, 0x31, 0x7f},
+ {0x78, 0x75, 0xdb, 0xf6, 0x73, 0x8c, 0x64, 0x78},
+ {0x8f, 0x34, 0xc3, 0xc6, 0x81, 0xc9, 0x96, 0x95},
+ {0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11},
+ {0x7f, 0xd1, 0xa0, 0x23, 0xa5, 0xbb, 0xa2, 0x17},
+};
+
+static unsigned char rc5_cbc_key[RC5_CBC_NUM][17] = {
+ {1, 0x00},
+ {1, 0x00},
+ {1, 0x00},
+ {1, 0x00},
+ {1, 0x00},
+ {1, 0x11},
+ {1, 0x00},
+ {4, 0x00, 0x00, 0x00, 0x00},
+ {1, 0x00},
+ {1, 0x00},
+ {1, 0x00},
+ {1, 0x00},
+ {4, 0x01, 0x02, 0x03, 0x04},
+ {4, 0x01, 0x02, 0x03, 0x04},
+ {4, 0x01, 0x02, 0x03, 0x04},
+ {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {8, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {16, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {5, 0x01, 0x02, 0x03, 0x04, 0x05},
+ {5, 0x01, 0x02, 0x03, 0x04, 0x05},
+ {5, 0x01, 0x02, 0x03, 0x04, 0x05},
+ {5, 0x01, 0x02, 0x03, 0x04, 0x05},
+ {5, 0x01, 0x02, 0x03, 0x04, 0x05},
+};
+
+static unsigned char rc5_cbc_plain[RC5_CBC_NUM][8] = {
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+ {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ {0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08, 0x08},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x01},
+};
+
+static int rc5_cbc_rounds[RC5_CBC_NUM] = {
+ 0, 0, 0, 0, 0, 1, 2, 2,
+ 8, 8, 12, 16, 8, 12, 16, 12,
+ 8, 12, 16, 8, 12, 16, 12, 8,
+ 8, 8, 8,
+};
+
+static unsigned char rc5_cbc_iv[RC5_CBC_NUM][8] = {
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x78, 0x75, 0xdb, 0xf6, 0x73, 0x8c, 0x64, 0x78},
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ {0x7c, 0xb3, 0xf1, 0xdf, 0x34, 0xf9, 0x48, 0x11},
+};
+
+int main(int argc, char *argv[])
+{
+ int i, n, err = 0;
+ RC5_32_KEY key;
+ unsigned char buf[8], buf2[8], ivb[8];
+
+ for (n = 0; n < 5; n++) {
+ RC5_32_set_key(&key, 16, &(RC5key[n][0]), 12);
+
+ RC5_32_ecb_encrypt(&(RC5plain[n][0]), buf, &key, RC5_ENCRYPT);
+ if (memcmp(&(RC5cipher[n][0]), buf, 8) != 0) {
+ printf("ecb RC5 error encrypting (%d)\n", n + 1);
+ printf("got :");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", buf[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", RC5cipher[n][i]);
+ err = 20;
+ printf("\n");
+ }
+
+ RC5_32_ecb_encrypt(buf, buf2, &key, RC5_DECRYPT);
+ if (memcmp(&(RC5plain[n][0]), buf2, 8) != 0) {
+ printf("ecb RC5 error decrypting (%d)\n", n + 1);
+ printf("got :");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", buf2[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", RC5plain[n][i]);
+ printf("\n");
+ err = 3;
+ }
+ }
+ if (err == 0)
+ printf("ecb RC5 ok\n");
+
+ for (n = 0; n < RC5_CBC_NUM; n++) {
+ i = rc5_cbc_rounds[n];
+ if (i < 8)
+ continue;
+
+ RC5_32_set_key(&key, rc5_cbc_key[n][0], &(rc5_cbc_key[n][1]), i);
+
+ memcpy(ivb, &(rc5_cbc_iv[n][0]), 8);
+ RC5_32_cbc_encrypt(&(rc5_cbc_plain[n][0]), buf, 8,
+ &key, &(ivb[0]), RC5_ENCRYPT);
+
+ if (memcmp(&(rc5_cbc_cipher[n][0]), buf, 8) != 0) {
+ printf("cbc RC5 error encrypting (%d)\n", n + 1);
+ printf("got :");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", buf[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", rc5_cbc_cipher[n][i]);
+ err = 30;
+ printf("\n");
+ }
+
+ memcpy(ivb, &(rc5_cbc_iv[n][0]), 8);
+ RC5_32_cbc_encrypt(buf, buf2, 8, &key, &(ivb[0]), RC5_DECRYPT);
+ if (memcmp(&(rc5_cbc_plain[n][0]), buf2, 8) != 0) {
+ printf("cbc RC5 error decrypting (%d)\n", n + 1);
+ printf("got :");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", buf2[i]);
+ printf("\n");
+ printf("expected:");
+ for (i = 0; i < 8; i++)
+ printf("%02X ", rc5_cbc_plain[n][i]);
+ printf("\n");
+ err = 3;
+ }
+ }
+ if (err == 0)
+ printf("cbc RC5 ok\n");
+
+ EXIT(err);
+ return (err);
+}
+
+# ifdef undef
+static int cfb64_test(unsigned char *cfb_cipher)
+{
+ IDEA_KEY_SCHEDULE eks, dks;
+ int err = 0, i, n;
+
+ idea_set_encrypt_key(cfb_key, &eks);
+ idea_set_decrypt_key(&eks, &dks);
+ memcpy(cfb_tmp, cfb_iv, 8);
+ n = 0;
+ idea_cfb64_encrypt(plain, cfb_buf1, (long)12, &eks,
+ cfb_tmp, &n, IDEA_ENCRYPT);
+ idea_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]),
+ (long)CFB_TEST_SIZE - 12, &eks,
+ cfb_tmp, &n, IDEA_ENCRYPT);
+ if (memcmp(cfb_cipher, cfb_buf1, CFB_TEST_SIZE) != 0) {
+ err = 1;
+ printf("idea_cfb64_encrypt encrypt error\n");
+ for (i = 0; i < CFB_TEST_SIZE; i += 8)
+ printf("%s\n", pt(&(cfb_buf1[i])));
+ }
+ memcpy(cfb_tmp, cfb_iv, 8);
+ n = 0;
+ idea_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &eks,
+ cfb_tmp, &n, IDEA_DECRYPT);
+ idea_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]),
+ (long)CFB_TEST_SIZE - 17, &dks,
+ cfb_tmp, &n, IDEA_DECRYPT);
+ if (memcmp(plain, cfb_buf2, CFB_TEST_SIZE) != 0) {
+ err = 1;
+ printf("idea_cfb_encrypt decrypt error\n");
+ for (i = 0; i < 24; i += 8)
+ printf("%s\n", pt(&(cfb_buf2[i])));
+ }
+ return (err);
+}
+
+static char *pt(unsigned char *p)
+{
+ static char bufs[10][20];
+ static int bnum = 0;
+ char *ret;
+ int i;
+ static char *f = "0123456789ABCDEF";
+
+ ret = &(bufs[bnum++][0]);
+ bnum %= 10;
+ for (i = 0; i < 8; i++) {
+ ret[i * 2] = f[(p[i] >> 4) & 0xf];
+ ret[i * 2 + 1] = f[p[i] & 0xf];
+ }
+ ret[16] = '\0';
+ return (ret);
+}
+
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/ripemd.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ripemd/ripemd.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/ripemd.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,106 +0,0 @@
-/* crypto/ripemd/ripemd.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RIPEMD_H
-#define HEADER_RIPEMD_H
-
-#include <openssl/e_os2.h>
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_NO_RIPEMD
-#error RIPEMD is disabled.
-#endif
-
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
-#define RIPEMD160_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define RIPEMD160_LONG unsigned long
-#define RIPEMD160_LONG_LOG2 3
-#else
-#define RIPEMD160_LONG unsigned int
-#endif
-
-#define RIPEMD160_CBLOCK 64
-#define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4)
-#define RIPEMD160_DIGEST_LENGTH 20
-
-typedef struct RIPEMD160state_st
- {
- RIPEMD160_LONG A,B,C,D,E;
- RIPEMD160_LONG Nl,Nh;
- RIPEMD160_LONG data[RIPEMD160_LBLOCK];
- unsigned int num;
- } RIPEMD160_CTX;
-#ifdef OPENSSL_FIPS
-int private_RIPEMD160_Init(RIPEMD160_CTX *c);
-#endif
-int RIPEMD160_Init(RIPEMD160_CTX *c);
-int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
-int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
-unsigned char *RIPEMD160(const unsigned char *d, size_t n,
- unsigned char *md);
-void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/ripemd.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ripemd/ripemd.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ripemd/ripemd.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/ripemd.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,104 @@
+/* crypto/ripemd/ripemd.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RIPEMD_H
+# define HEADER_RIPEMD_H
+
+# include <openssl/e_os2.h>
+# include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifdef OPENSSL_NO_RIPEMD
+# error RIPEMD is disabled.
+# endif
+
+# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+# define RIPEMD160_LONG unsigned long
+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+# define RIPEMD160_LONG unsigned long
+# define RIPEMD160_LONG_LOG2 3
+# else
+# define RIPEMD160_LONG unsigned int
+# endif
+
+# define RIPEMD160_CBLOCK 64
+# define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4)
+# define RIPEMD160_DIGEST_LENGTH 20
+
+typedef struct RIPEMD160state_st {
+ RIPEMD160_LONG A, B, C, D, E;
+ RIPEMD160_LONG Nl, Nh;
+ RIPEMD160_LONG data[RIPEMD160_LBLOCK];
+ unsigned int num;
+} RIPEMD160_CTX;
+# ifdef OPENSSL_FIPS
+int private_RIPEMD160_Init(RIPEMD160_CTX *c);
+# endif
+int RIPEMD160_Init(RIPEMD160_CTX *c);
+int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
+int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md);
+void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd160.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ripemd/rmd160.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd160.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,127 +0,0 @@
-/* crypto/ripemd/rmd160.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/ripemd.h>
-
-#define BUFSIZE 1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
-int read(int, void *, unsigned int);
-#endif
-
-int main(int argc, char **argv)
- {
- int i,err=0;
- FILE *IN;
-
- if (argc == 1)
- {
- do_fp(stdin);
- }
- else
- {
- for (i=1; i<argc; i++)
- {
- IN=fopen(argv[i],"r");
- if (IN == NULL)
- {
- perror(argv[i]);
- err++;
- continue;
- }
- printf("RIPEMD160(%s)= ",argv[i]);
- do_fp(IN);
- fclose(IN);
- }
- }
- exit(err);
- }
-
-void do_fp(FILE *f)
- {
- RIPEMD160_CTX c;
- unsigned char md[RIPEMD160_DIGEST_LENGTH];
- int fd;
- int i;
- static unsigned char buf[BUFSIZE];
-
- fd=fileno(f);
- RIPEMD160_Init(&c);
- for (;;)
- {
- i=read(fd,buf,BUFSIZE);
- if (i <= 0) break;
- RIPEMD160_Update(&c,buf,(unsigned long)i);
- }
- RIPEMD160_Final(&(md[0]),&c);
- pt(md);
- }
-
-void pt(unsigned char *md)
- {
- int i;
-
- for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
- printf("%02x",md[i]);
- printf("\n");
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd160.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ripemd/rmd160.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd160.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd160.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,121 @@
+/* crypto/ripemd/rmd160.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/ripemd.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+{
+ int i, err = 0;
+ FILE *IN;
+
+ if (argc == 1) {
+ do_fp(stdin);
+ } else {
+ for (i = 1; i < argc; i++) {
+ IN = fopen(argv[i], "r");
+ if (IN == NULL) {
+ perror(argv[i]);
+ err++;
+ continue;
+ }
+ printf("RIPEMD160(%s)= ", argv[i]);
+ do_fp(IN);
+ fclose(IN);
+ }
+ }
+ exit(err);
+}
+
+void do_fp(FILE *f)
+{
+ RIPEMD160_CTX c;
+ unsigned char md[RIPEMD160_DIGEST_LENGTH];
+ int fd;
+ int i;
+ static unsigned char buf[BUFSIZE];
+
+ fd = fileno(f);
+ RIPEMD160_Init(&c);
+ for (;;) {
+ i = read(fd, buf, BUFSIZE);
+ if (i <= 0)
+ break;
+ RIPEMD160_Update(&c, buf, (unsigned long)i);
+ }
+ RIPEMD160_Final(&(md[0]), &c);
+ pt(md);
+}
+
+void pt(unsigned char *md)
+{
+ int i;
+
+ for (i = 0; i < RIPEMD160_DIGEST_LENGTH; i++)
+ printf("%02x", md[i]);
+ printf("\n");
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_dgst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ripemd/rmd_dgst.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,298 +0,0 @@
-/* crypto/ripemd/rmd_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "rmd_locl.h"
-#include <openssl/opensslv.h>
-#include <openssl/err.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
-
-# ifdef RMD160_ASM
- void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,size_t num);
-# define ripemd160_block ripemd160_block_x86
-# else
- void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
-# endif
-
-FIPS_NON_FIPS_MD_Init(RIPEMD160)
- {
- c->A=RIPEMD160_A;
- c->B=RIPEMD160_B;
- c->C=RIPEMD160_C;
- c->D=RIPEMD160_D;
- c->E=RIPEMD160_E;
- c->Nl=0;
- c->Nh=0;
- c->num=0;
- return 1;
- }
-
-#ifndef ripemd160_block_data_order
-#ifdef X
-#undef X
-#endif
-void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
- {
- const unsigned char *data=p;
- register unsigned MD32_REG_T A,B,C,D,E;
- unsigned MD32_REG_T a,b,c,d,e,l;
-#ifndef MD32_XARRAY
- /* See comment in crypto/sha/sha_locl.h for details. */
- unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
- XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-# define X(i) XX##i
-#else
- RIPEMD160_LONG XX[16];
-# define X(i) XX[i]
-#endif
-
- for (;num--;)
- {
-
- A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
-
- HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l;
- RIP1(A,B,C,D,E,WL00,SL00); HOST_c2l(data,l); X( 2)=l;
- RIP1(E,A,B,C,D,WL01,SL01); HOST_c2l(data,l); X( 3)=l;
- RIP1(D,E,A,B,C,WL02,SL02); HOST_c2l(data,l); X( 4)=l;
- RIP1(C,D,E,A,B,WL03,SL03); HOST_c2l(data,l); X( 5)=l;
- RIP1(B,C,D,E,A,WL04,SL04); HOST_c2l(data,l); X( 6)=l;
- RIP1(A,B,C,D,E,WL05,SL05); HOST_c2l(data,l); X( 7)=l;
- RIP1(E,A,B,C,D,WL06,SL06); HOST_c2l(data,l); X( 8)=l;
- RIP1(D,E,A,B,C,WL07,SL07); HOST_c2l(data,l); X( 9)=l;
- RIP1(C,D,E,A,B,WL08,SL08); HOST_c2l(data,l); X(10)=l;
- RIP1(B,C,D,E,A,WL09,SL09); HOST_c2l(data,l); X(11)=l;
- RIP1(A,B,C,D,E,WL10,SL10); HOST_c2l(data,l); X(12)=l;
- RIP1(E,A,B,C,D,WL11,SL11); HOST_c2l(data,l); X(13)=l;
- RIP1(D,E,A,B,C,WL12,SL12); HOST_c2l(data,l); X(14)=l;
- RIP1(C,D,E,A,B,WL13,SL13); HOST_c2l(data,l); X(15)=l;
- RIP1(B,C,D,E,A,WL14,SL14);
- RIP1(A,B,C,D,E,WL15,SL15);
-
- RIP2(E,A,B,C,D,WL16,SL16,KL1);
- RIP2(D,E,A,B,C,WL17,SL17,KL1);
- RIP2(C,D,E,A,B,WL18,SL18,KL1);
- RIP2(B,C,D,E,A,WL19,SL19,KL1);
- RIP2(A,B,C,D,E,WL20,SL20,KL1);
- RIP2(E,A,B,C,D,WL21,SL21,KL1);
- RIP2(D,E,A,B,C,WL22,SL22,KL1);
- RIP2(C,D,E,A,B,WL23,SL23,KL1);
- RIP2(B,C,D,E,A,WL24,SL24,KL1);
- RIP2(A,B,C,D,E,WL25,SL25,KL1);
- RIP2(E,A,B,C,D,WL26,SL26,KL1);
- RIP2(D,E,A,B,C,WL27,SL27,KL1);
- RIP2(C,D,E,A,B,WL28,SL28,KL1);
- RIP2(B,C,D,E,A,WL29,SL29,KL1);
- RIP2(A,B,C,D,E,WL30,SL30,KL1);
- RIP2(E,A,B,C,D,WL31,SL31,KL1);
-
- RIP3(D,E,A,B,C,WL32,SL32,KL2);
- RIP3(C,D,E,A,B,WL33,SL33,KL2);
- RIP3(B,C,D,E,A,WL34,SL34,KL2);
- RIP3(A,B,C,D,E,WL35,SL35,KL2);
- RIP3(E,A,B,C,D,WL36,SL36,KL2);
- RIP3(D,E,A,B,C,WL37,SL37,KL2);
- RIP3(C,D,E,A,B,WL38,SL38,KL2);
- RIP3(B,C,D,E,A,WL39,SL39,KL2);
- RIP3(A,B,C,D,E,WL40,SL40,KL2);
- RIP3(E,A,B,C,D,WL41,SL41,KL2);
- RIP3(D,E,A,B,C,WL42,SL42,KL2);
- RIP3(C,D,E,A,B,WL43,SL43,KL2);
- RIP3(B,C,D,E,A,WL44,SL44,KL2);
- RIP3(A,B,C,D,E,WL45,SL45,KL2);
- RIP3(E,A,B,C,D,WL46,SL46,KL2);
- RIP3(D,E,A,B,C,WL47,SL47,KL2);
-
- RIP4(C,D,E,A,B,WL48,SL48,KL3);
- RIP4(B,C,D,E,A,WL49,SL49,KL3);
- RIP4(A,B,C,D,E,WL50,SL50,KL3);
- RIP4(E,A,B,C,D,WL51,SL51,KL3);
- RIP4(D,E,A,B,C,WL52,SL52,KL3);
- RIP4(C,D,E,A,B,WL53,SL53,KL3);
- RIP4(B,C,D,E,A,WL54,SL54,KL3);
- RIP4(A,B,C,D,E,WL55,SL55,KL3);
- RIP4(E,A,B,C,D,WL56,SL56,KL3);
- RIP4(D,E,A,B,C,WL57,SL57,KL3);
- RIP4(C,D,E,A,B,WL58,SL58,KL3);
- RIP4(B,C,D,E,A,WL59,SL59,KL3);
- RIP4(A,B,C,D,E,WL60,SL60,KL3);
- RIP4(E,A,B,C,D,WL61,SL61,KL3);
- RIP4(D,E,A,B,C,WL62,SL62,KL3);
- RIP4(C,D,E,A,B,WL63,SL63,KL3);
-
- RIP5(B,C,D,E,A,WL64,SL64,KL4);
- RIP5(A,B,C,D,E,WL65,SL65,KL4);
- RIP5(E,A,B,C,D,WL66,SL66,KL4);
- RIP5(D,E,A,B,C,WL67,SL67,KL4);
- RIP5(C,D,E,A,B,WL68,SL68,KL4);
- RIP5(B,C,D,E,A,WL69,SL69,KL4);
- RIP5(A,B,C,D,E,WL70,SL70,KL4);
- RIP5(E,A,B,C,D,WL71,SL71,KL4);
- RIP5(D,E,A,B,C,WL72,SL72,KL4);
- RIP5(C,D,E,A,B,WL73,SL73,KL4);
- RIP5(B,C,D,E,A,WL74,SL74,KL4);
- RIP5(A,B,C,D,E,WL75,SL75,KL4);
- RIP5(E,A,B,C,D,WL76,SL76,KL4);
- RIP5(D,E,A,B,C,WL77,SL77,KL4);
- RIP5(C,D,E,A,B,WL78,SL78,KL4);
- RIP5(B,C,D,E,A,WL79,SL79,KL4);
-
- a=A; b=B; c=C; d=D; e=E;
- /* Do other half */
- A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
-
- RIP5(A,B,C,D,E,WR00,SR00,KR0);
- RIP5(E,A,B,C,D,WR01,SR01,KR0);
- RIP5(D,E,A,B,C,WR02,SR02,KR0);
- RIP5(C,D,E,A,B,WR03,SR03,KR0);
- RIP5(B,C,D,E,A,WR04,SR04,KR0);
- RIP5(A,B,C,D,E,WR05,SR05,KR0);
- RIP5(E,A,B,C,D,WR06,SR06,KR0);
- RIP5(D,E,A,B,C,WR07,SR07,KR0);
- RIP5(C,D,E,A,B,WR08,SR08,KR0);
- RIP5(B,C,D,E,A,WR09,SR09,KR0);
- RIP5(A,B,C,D,E,WR10,SR10,KR0);
- RIP5(E,A,B,C,D,WR11,SR11,KR0);
- RIP5(D,E,A,B,C,WR12,SR12,KR0);
- RIP5(C,D,E,A,B,WR13,SR13,KR0);
- RIP5(B,C,D,E,A,WR14,SR14,KR0);
- RIP5(A,B,C,D,E,WR15,SR15,KR0);
-
- RIP4(E,A,B,C,D,WR16,SR16,KR1);
- RIP4(D,E,A,B,C,WR17,SR17,KR1);
- RIP4(C,D,E,A,B,WR18,SR18,KR1);
- RIP4(B,C,D,E,A,WR19,SR19,KR1);
- RIP4(A,B,C,D,E,WR20,SR20,KR1);
- RIP4(E,A,B,C,D,WR21,SR21,KR1);
- RIP4(D,E,A,B,C,WR22,SR22,KR1);
- RIP4(C,D,E,A,B,WR23,SR23,KR1);
- RIP4(B,C,D,E,A,WR24,SR24,KR1);
- RIP4(A,B,C,D,E,WR25,SR25,KR1);
- RIP4(E,A,B,C,D,WR26,SR26,KR1);
- RIP4(D,E,A,B,C,WR27,SR27,KR1);
- RIP4(C,D,E,A,B,WR28,SR28,KR1);
- RIP4(B,C,D,E,A,WR29,SR29,KR1);
- RIP4(A,B,C,D,E,WR30,SR30,KR1);
- RIP4(E,A,B,C,D,WR31,SR31,KR1);
-
- RIP3(D,E,A,B,C,WR32,SR32,KR2);
- RIP3(C,D,E,A,B,WR33,SR33,KR2);
- RIP3(B,C,D,E,A,WR34,SR34,KR2);
- RIP3(A,B,C,D,E,WR35,SR35,KR2);
- RIP3(E,A,B,C,D,WR36,SR36,KR2);
- RIP3(D,E,A,B,C,WR37,SR37,KR2);
- RIP3(C,D,E,A,B,WR38,SR38,KR2);
- RIP3(B,C,D,E,A,WR39,SR39,KR2);
- RIP3(A,B,C,D,E,WR40,SR40,KR2);
- RIP3(E,A,B,C,D,WR41,SR41,KR2);
- RIP3(D,E,A,B,C,WR42,SR42,KR2);
- RIP3(C,D,E,A,B,WR43,SR43,KR2);
- RIP3(B,C,D,E,A,WR44,SR44,KR2);
- RIP3(A,B,C,D,E,WR45,SR45,KR2);
- RIP3(E,A,B,C,D,WR46,SR46,KR2);
- RIP3(D,E,A,B,C,WR47,SR47,KR2);
-
- RIP2(C,D,E,A,B,WR48,SR48,KR3);
- RIP2(B,C,D,E,A,WR49,SR49,KR3);
- RIP2(A,B,C,D,E,WR50,SR50,KR3);
- RIP2(E,A,B,C,D,WR51,SR51,KR3);
- RIP2(D,E,A,B,C,WR52,SR52,KR3);
- RIP2(C,D,E,A,B,WR53,SR53,KR3);
- RIP2(B,C,D,E,A,WR54,SR54,KR3);
- RIP2(A,B,C,D,E,WR55,SR55,KR3);
- RIP2(E,A,B,C,D,WR56,SR56,KR3);
- RIP2(D,E,A,B,C,WR57,SR57,KR3);
- RIP2(C,D,E,A,B,WR58,SR58,KR3);
- RIP2(B,C,D,E,A,WR59,SR59,KR3);
- RIP2(A,B,C,D,E,WR60,SR60,KR3);
- RIP2(E,A,B,C,D,WR61,SR61,KR3);
- RIP2(D,E,A,B,C,WR62,SR62,KR3);
- RIP2(C,D,E,A,B,WR63,SR63,KR3);
-
- RIP1(B,C,D,E,A,WR64,SR64);
- RIP1(A,B,C,D,E,WR65,SR65);
- RIP1(E,A,B,C,D,WR66,SR66);
- RIP1(D,E,A,B,C,WR67,SR67);
- RIP1(C,D,E,A,B,WR68,SR68);
- RIP1(B,C,D,E,A,WR69,SR69);
- RIP1(A,B,C,D,E,WR70,SR70);
- RIP1(E,A,B,C,D,WR71,SR71);
- RIP1(D,E,A,B,C,WR72,SR72);
- RIP1(C,D,E,A,B,WR73,SR73);
- RIP1(B,C,D,E,A,WR74,SR74);
- RIP1(A,B,C,D,E,WR75,SR75);
- RIP1(E,A,B,C,D,WR76,SR76);
- RIP1(D,E,A,B,C,WR77,SR77);
- RIP1(C,D,E,A,B,WR78,SR78);
- RIP1(B,C,D,E,A,WR79,SR79);
-
- D =ctx->B+c+D;
- ctx->B=ctx->C+d+E;
- ctx->C=ctx->D+e+A;
- ctx->D=ctx->E+a+B;
- ctx->E=ctx->A+b+C;
- ctx->A=D;
-
- }
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_dgst.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ripemd/rmd_dgst.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_dgst.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,339 @@
+/* crypto/ripemd/rmd_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "rmd_locl.h"
+#include <openssl/opensslv.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+const char RMD160_version[] = "RIPE-MD160" OPENSSL_VERSION_PTEXT;
+
+#ifdef RMD160_ASM
+void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num);
+# define ripemd160_block ripemd160_block_x86
+#else
+void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num);
+#endif
+
+FIPS_NON_FIPS_MD_Init(RIPEMD160)
+{
+ c->A = RIPEMD160_A;
+ c->B = RIPEMD160_B;
+ c->C = RIPEMD160_C;
+ c->D = RIPEMD160_D;
+ c->E = RIPEMD160_E;
+ c->Nl = 0;
+ c->Nh = 0;
+ c->num = 0;
+ return 1;
+}
+
+#ifndef ripemd160_block_data_order
+# ifdef X
+# undef X
+# endif
+void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num)
+{
+ const unsigned char *data = p;
+ register unsigned MD32_REG_T A, B, C, D, E;
+ unsigned MD32_REG_T a, b, c, d, e, l;
+# ifndef MD32_XARRAY
+ /* See comment in crypto/sha/sha_locl.h for details. */
+ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+# define X(i) XX##i
+# else
+ RIPEMD160_LONG XX[16];
+# define X(i) XX[i]
+# endif
+
+ for (; num--;) {
+
+ A = ctx->A;
+ B = ctx->B;
+ C = ctx->C;
+ D = ctx->D;
+ E = ctx->E;
+
+ HOST_c2l(data, l);
+ X(0) = l;
+ HOST_c2l(data, l);
+ X(1) = l;
+ RIP1(A, B, C, D, E, WL00, SL00);
+ HOST_c2l(data, l);
+ X(2) = l;
+ RIP1(E, A, B, C, D, WL01, SL01);
+ HOST_c2l(data, l);
+ X(3) = l;
+ RIP1(D, E, A, B, C, WL02, SL02);
+ HOST_c2l(data, l);
+ X(4) = l;
+ RIP1(C, D, E, A, B, WL03, SL03);
+ HOST_c2l(data, l);
+ X(5) = l;
+ RIP1(B, C, D, E, A, WL04, SL04);
+ HOST_c2l(data, l);
+ X(6) = l;
+ RIP1(A, B, C, D, E, WL05, SL05);
+ HOST_c2l(data, l);
+ X(7) = l;
+ RIP1(E, A, B, C, D, WL06, SL06);
+ HOST_c2l(data, l);
+ X(8) = l;
+ RIP1(D, E, A, B, C, WL07, SL07);
+ HOST_c2l(data, l);
+ X(9) = l;
+ RIP1(C, D, E, A, B, WL08, SL08);
+ HOST_c2l(data, l);
+ X(10) = l;
+ RIP1(B, C, D, E, A, WL09, SL09);
+ HOST_c2l(data, l);
+ X(11) = l;
+ RIP1(A, B, C, D, E, WL10, SL10);
+ HOST_c2l(data, l);
+ X(12) = l;
+ RIP1(E, A, B, C, D, WL11, SL11);
+ HOST_c2l(data, l);
+ X(13) = l;
+ RIP1(D, E, A, B, C, WL12, SL12);
+ HOST_c2l(data, l);
+ X(14) = l;
+ RIP1(C, D, E, A, B, WL13, SL13);
+ HOST_c2l(data, l);
+ X(15) = l;
+ RIP1(B, C, D, E, A, WL14, SL14);
+ RIP1(A, B, C, D, E, WL15, SL15);
+
+ RIP2(E, A, B, C, D, WL16, SL16, KL1);
+ RIP2(D, E, A, B, C, WL17, SL17, KL1);
+ RIP2(C, D, E, A, B, WL18, SL18, KL1);
+ RIP2(B, C, D, E, A, WL19, SL19, KL1);
+ RIP2(A, B, C, D, E, WL20, SL20, KL1);
+ RIP2(E, A, B, C, D, WL21, SL21, KL1);
+ RIP2(D, E, A, B, C, WL22, SL22, KL1);
+ RIP2(C, D, E, A, B, WL23, SL23, KL1);
+ RIP2(B, C, D, E, A, WL24, SL24, KL1);
+ RIP2(A, B, C, D, E, WL25, SL25, KL1);
+ RIP2(E, A, B, C, D, WL26, SL26, KL1);
+ RIP2(D, E, A, B, C, WL27, SL27, KL1);
+ RIP2(C, D, E, A, B, WL28, SL28, KL1);
+ RIP2(B, C, D, E, A, WL29, SL29, KL1);
+ RIP2(A, B, C, D, E, WL30, SL30, KL1);
+ RIP2(E, A, B, C, D, WL31, SL31, KL1);
+
+ RIP3(D, E, A, B, C, WL32, SL32, KL2);
+ RIP3(C, D, E, A, B, WL33, SL33, KL2);
+ RIP3(B, C, D, E, A, WL34, SL34, KL2);
+ RIP3(A, B, C, D, E, WL35, SL35, KL2);
+ RIP3(E, A, B, C, D, WL36, SL36, KL2);
+ RIP3(D, E, A, B, C, WL37, SL37, KL2);
+ RIP3(C, D, E, A, B, WL38, SL38, KL2);
+ RIP3(B, C, D, E, A, WL39, SL39, KL2);
+ RIP3(A, B, C, D, E, WL40, SL40, KL2);
+ RIP3(E, A, B, C, D, WL41, SL41, KL2);
+ RIP3(D, E, A, B, C, WL42, SL42, KL2);
+ RIP3(C, D, E, A, B, WL43, SL43, KL2);
+ RIP3(B, C, D, E, A, WL44, SL44, KL2);
+ RIP3(A, B, C, D, E, WL45, SL45, KL2);
+ RIP3(E, A, B, C, D, WL46, SL46, KL2);
+ RIP3(D, E, A, B, C, WL47, SL47, KL2);
+
+ RIP4(C, D, E, A, B, WL48, SL48, KL3);
+ RIP4(B, C, D, E, A, WL49, SL49, KL3);
+ RIP4(A, B, C, D, E, WL50, SL50, KL3);
+ RIP4(E, A, B, C, D, WL51, SL51, KL3);
+ RIP4(D, E, A, B, C, WL52, SL52, KL3);
+ RIP4(C, D, E, A, B, WL53, SL53, KL3);
+ RIP4(B, C, D, E, A, WL54, SL54, KL3);
+ RIP4(A, B, C, D, E, WL55, SL55, KL3);
+ RIP4(E, A, B, C, D, WL56, SL56, KL3);
+ RIP4(D, E, A, B, C, WL57, SL57, KL3);
+ RIP4(C, D, E, A, B, WL58, SL58, KL3);
+ RIP4(B, C, D, E, A, WL59, SL59, KL3);
+ RIP4(A, B, C, D, E, WL60, SL60, KL3);
+ RIP4(E, A, B, C, D, WL61, SL61, KL3);
+ RIP4(D, E, A, B, C, WL62, SL62, KL3);
+ RIP4(C, D, E, A, B, WL63, SL63, KL3);
+
+ RIP5(B, C, D, E, A, WL64, SL64, KL4);
+ RIP5(A, B, C, D, E, WL65, SL65, KL4);
+ RIP5(E, A, B, C, D, WL66, SL66, KL4);
+ RIP5(D, E, A, B, C, WL67, SL67, KL4);
+ RIP5(C, D, E, A, B, WL68, SL68, KL4);
+ RIP5(B, C, D, E, A, WL69, SL69, KL4);
+ RIP5(A, B, C, D, E, WL70, SL70, KL4);
+ RIP5(E, A, B, C, D, WL71, SL71, KL4);
+ RIP5(D, E, A, B, C, WL72, SL72, KL4);
+ RIP5(C, D, E, A, B, WL73, SL73, KL4);
+ RIP5(B, C, D, E, A, WL74, SL74, KL4);
+ RIP5(A, B, C, D, E, WL75, SL75, KL4);
+ RIP5(E, A, B, C, D, WL76, SL76, KL4);
+ RIP5(D, E, A, B, C, WL77, SL77, KL4);
+ RIP5(C, D, E, A, B, WL78, SL78, KL4);
+ RIP5(B, C, D, E, A, WL79, SL79, KL4);
+
+ a = A;
+ b = B;
+ c = C;
+ d = D;
+ e = E;
+ /* Do other half */
+ A = ctx->A;
+ B = ctx->B;
+ C = ctx->C;
+ D = ctx->D;
+ E = ctx->E;
+
+ RIP5(A, B, C, D, E, WR00, SR00, KR0);
+ RIP5(E, A, B, C, D, WR01, SR01, KR0);
+ RIP5(D, E, A, B, C, WR02, SR02, KR0);
+ RIP5(C, D, E, A, B, WR03, SR03, KR0);
+ RIP5(B, C, D, E, A, WR04, SR04, KR0);
+ RIP5(A, B, C, D, E, WR05, SR05, KR0);
+ RIP5(E, A, B, C, D, WR06, SR06, KR0);
+ RIP5(D, E, A, B, C, WR07, SR07, KR0);
+ RIP5(C, D, E, A, B, WR08, SR08, KR0);
+ RIP5(B, C, D, E, A, WR09, SR09, KR0);
+ RIP5(A, B, C, D, E, WR10, SR10, KR0);
+ RIP5(E, A, B, C, D, WR11, SR11, KR0);
+ RIP5(D, E, A, B, C, WR12, SR12, KR0);
+ RIP5(C, D, E, A, B, WR13, SR13, KR0);
+ RIP5(B, C, D, E, A, WR14, SR14, KR0);
+ RIP5(A, B, C, D, E, WR15, SR15, KR0);
+
+ RIP4(E, A, B, C, D, WR16, SR16, KR1);
+ RIP4(D, E, A, B, C, WR17, SR17, KR1);
+ RIP4(C, D, E, A, B, WR18, SR18, KR1);
+ RIP4(B, C, D, E, A, WR19, SR19, KR1);
+ RIP4(A, B, C, D, E, WR20, SR20, KR1);
+ RIP4(E, A, B, C, D, WR21, SR21, KR1);
+ RIP4(D, E, A, B, C, WR22, SR22, KR1);
+ RIP4(C, D, E, A, B, WR23, SR23, KR1);
+ RIP4(B, C, D, E, A, WR24, SR24, KR1);
+ RIP4(A, B, C, D, E, WR25, SR25, KR1);
+ RIP4(E, A, B, C, D, WR26, SR26, KR1);
+ RIP4(D, E, A, B, C, WR27, SR27, KR1);
+ RIP4(C, D, E, A, B, WR28, SR28, KR1);
+ RIP4(B, C, D, E, A, WR29, SR29, KR1);
+ RIP4(A, B, C, D, E, WR30, SR30, KR1);
+ RIP4(E, A, B, C, D, WR31, SR31, KR1);
+
+ RIP3(D, E, A, B, C, WR32, SR32, KR2);
+ RIP3(C, D, E, A, B, WR33, SR33, KR2);
+ RIP3(B, C, D, E, A, WR34, SR34, KR2);
+ RIP3(A, B, C, D, E, WR35, SR35, KR2);
+ RIP3(E, A, B, C, D, WR36, SR36, KR2);
+ RIP3(D, E, A, B, C, WR37, SR37, KR2);
+ RIP3(C, D, E, A, B, WR38, SR38, KR2);
+ RIP3(B, C, D, E, A, WR39, SR39, KR2);
+ RIP3(A, B, C, D, E, WR40, SR40, KR2);
+ RIP3(E, A, B, C, D, WR41, SR41, KR2);
+ RIP3(D, E, A, B, C, WR42, SR42, KR2);
+ RIP3(C, D, E, A, B, WR43, SR43, KR2);
+ RIP3(B, C, D, E, A, WR44, SR44, KR2);
+ RIP3(A, B, C, D, E, WR45, SR45, KR2);
+ RIP3(E, A, B, C, D, WR46, SR46, KR2);
+ RIP3(D, E, A, B, C, WR47, SR47, KR2);
+
+ RIP2(C, D, E, A, B, WR48, SR48, KR3);
+ RIP2(B, C, D, E, A, WR49, SR49, KR3);
+ RIP2(A, B, C, D, E, WR50, SR50, KR3);
+ RIP2(E, A, B, C, D, WR51, SR51, KR3);
+ RIP2(D, E, A, B, C, WR52, SR52, KR3);
+ RIP2(C, D, E, A, B, WR53, SR53, KR3);
+ RIP2(B, C, D, E, A, WR54, SR54, KR3);
+ RIP2(A, B, C, D, E, WR55, SR55, KR3);
+ RIP2(E, A, B, C, D, WR56, SR56, KR3);
+ RIP2(D, E, A, B, C, WR57, SR57, KR3);
+ RIP2(C, D, E, A, B, WR58, SR58, KR3);
+ RIP2(B, C, D, E, A, WR59, SR59, KR3);
+ RIP2(A, B, C, D, E, WR60, SR60, KR3);
+ RIP2(E, A, B, C, D, WR61, SR61, KR3);
+ RIP2(D, E, A, B, C, WR62, SR62, KR3);
+ RIP2(C, D, E, A, B, WR63, SR63, KR3);
+
+ RIP1(B, C, D, E, A, WR64, SR64);
+ RIP1(A, B, C, D, E, WR65, SR65);
+ RIP1(E, A, B, C, D, WR66, SR66);
+ RIP1(D, E, A, B, C, WR67, SR67);
+ RIP1(C, D, E, A, B, WR68, SR68);
+ RIP1(B, C, D, E, A, WR69, SR69);
+ RIP1(A, B, C, D, E, WR70, SR70);
+ RIP1(E, A, B, C, D, WR71, SR71);
+ RIP1(D, E, A, B, C, WR72, SR72);
+ RIP1(C, D, E, A, B, WR73, SR73);
+ RIP1(B, C, D, E, A, WR74, SR74);
+ RIP1(A, B, C, D, E, WR75, SR75);
+ RIP1(E, A, B, C, D, WR76, SR76);
+ RIP1(D, E, A, B, C, WR77, SR77);
+ RIP1(C, D, E, A, B, WR78, SR78);
+ RIP1(B, C, D, E, A, WR79, SR79);
+
+ D = ctx->B + c + D;
+ ctx->B = ctx->C + d + E;
+ ctx->C = ctx->D + e + A;
+ ctx->D = ctx->E + a + B;
+ ctx->E = ctx->A + b + C;
+ ctx->A = D;
+
+ }
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ripemd/rmd_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,150 +0,0 @@
-/* crypto/ripemd/rmd_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#include <openssl/ripemd.h>
-
-#ifndef RIPEMD160_LONG_LOG2
-#define RIPEMD160_LONG_LOG2 2 /* default to 32 bits */
-#endif
-
-/*
- * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c
- * FOR EXPLANATIONS ON FOLLOWING "CODE."
- * <appro at fy.chalmers.se>
- */
-#ifdef RMD160_ASM
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-# define ripemd160_block_host_order ripemd160_block_asm_data_order
-# endif
-#endif
-
-void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);
-
-#define DATA_ORDER_IS_LITTLE_ENDIAN
-
-#define HASH_LONG RIPEMD160_LONG
-#define HASH_CTX RIPEMD160_CTX
-#define HASH_CBLOCK RIPEMD160_CBLOCK
-#define HASH_UPDATE RIPEMD160_Update
-#define HASH_TRANSFORM RIPEMD160_Transform
-#define HASH_FINAL RIPEMD160_Final
-#define HASH_MAKE_STRING(c,s) do { \
- unsigned long ll; \
- ll=(c)->A; HOST_l2c(ll,(s)); \
- ll=(c)->B; HOST_l2c(ll,(s)); \
- ll=(c)->C; HOST_l2c(ll,(s)); \
- ll=(c)->D; HOST_l2c(ll,(s)); \
- ll=(c)->E; HOST_l2c(ll,(s)); \
- } while (0)
-#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order
-
-#include "md32_common.h"
-
-#if 0
-#define F1(x,y,z) ((x)^(y)^(z))
-#define F2(x,y,z) (((x)&(y))|((~x)&z))
-#define F3(x,y,z) (((x)|(~y))^(z))
-#define F4(x,y,z) (((x)&(z))|((y)&(~(z))))
-#define F5(x,y,z) ((x)^((y)|(~(z))))
-#else
-/*
- * Transformed F2 and F4 are courtesy of Wei Dai <weidai at eskimo.com>
- */
-#define F1(x,y,z) ((x) ^ (y) ^ (z))
-#define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z))
-#define F3(x,y,z) (((~(y)) | (x)) ^ (z))
-#define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y))
-#define F5(x,y,z) (((~(z)) | (y)) ^ (x))
-#endif
-
-#define RIPEMD160_A 0x67452301L
-#define RIPEMD160_B 0xEFCDAB89L
-#define RIPEMD160_C 0x98BADCFEL
-#define RIPEMD160_D 0x10325476L
-#define RIPEMD160_E 0xC3D2E1F0L
-
-#include "rmdconst.h"
-
-#define RIP1(a,b,c,d,e,w,s) { \
- a+=F1(b,c,d)+X(w); \
- a=ROTATE(a,s)+e; \
- c=ROTATE(c,10); }
-
-#define RIP2(a,b,c,d,e,w,s,K) { \
- a+=F2(b,c,d)+X(w)+K; \
- a=ROTATE(a,s)+e; \
- c=ROTATE(c,10); }
-
-#define RIP3(a,b,c,d,e,w,s,K) { \
- a+=F3(b,c,d)+X(w)+K; \
- a=ROTATE(a,s)+e; \
- c=ROTATE(c,10); }
-
-#define RIP4(a,b,c,d,e,w,s,K) { \
- a+=F4(b,c,d)+X(w)+K; \
- a=ROTATE(a,s)+e; \
- c=ROTATE(c,10); }
-
-#define RIP5(a,b,c,d,e,w,s,K) { \
- a+=F5(b,c,d)+X(w)+K; \
- a=ROTATE(a,s)+e; \
- c=ROTATE(c,10); }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ripemd/rmd_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,149 @@
+/* crypto/ripemd/rmd_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/ripemd.h>
+
+#ifndef RIPEMD160_LONG_LOG2
+# define RIPEMD160_LONG_LOG2 2 /* default to 32 bits */
+#endif
+
+/*
+ * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c
+ * FOR EXPLANATIONS ON FOLLOWING "CODE."
+ * <appro at fy.chalmers.se>
+ */
+#ifdef RMD160_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+# define ripemd160_block_host_order ripemd160_block_asm_data_order
+# endif
+#endif
+
+void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num);
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG RIPEMD160_LONG
+#define HASH_CTX RIPEMD160_CTX
+#define HASH_CBLOCK RIPEMD160_CBLOCK
+#define HASH_UPDATE RIPEMD160_Update
+#define HASH_TRANSFORM RIPEMD160_Transform
+#define HASH_FINAL RIPEMD160_Final
+#define HASH_MAKE_STRING(c,s) do { \
+ unsigned long ll; \
+ ll=(c)->A; HOST_l2c(ll,(s)); \
+ ll=(c)->B; HOST_l2c(ll,(s)); \
+ ll=(c)->C; HOST_l2c(ll,(s)); \
+ ll=(c)->D; HOST_l2c(ll,(s)); \
+ ll=(c)->E; HOST_l2c(ll,(s)); \
+ } while (0)
+#define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order
+
+#include "md32_common.h"
+
+#if 0
+# define F1(x,y,z) ((x)^(y)^(z))
+# define F2(x,y,z) (((x)&(y))|((~x)&z))
+# define F3(x,y,z) (((x)|(~y))^(z))
+# define F4(x,y,z) (((x)&(z))|((y)&(~(z))))
+# define F5(x,y,z) ((x)^((y)|(~(z))))
+#else
+/*
+ * Transformed F2 and F4 are courtesy of Wei Dai <weidai at eskimo.com>
+ */
+# define F1(x,y,z) ((x) ^ (y) ^ (z))
+# define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z))
+# define F3(x,y,z) (((~(y)) | (x)) ^ (z))
+# define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y))
+# define F5(x,y,z) (((~(z)) | (y)) ^ (x))
+#endif
+
+#define RIPEMD160_A 0x67452301L
+#define RIPEMD160_B 0xEFCDAB89L
+#define RIPEMD160_C 0x98BADCFEL
+#define RIPEMD160_D 0x10325476L
+#define RIPEMD160_E 0xC3D2E1F0L
+
+#include "rmdconst.h"
+
+#define RIP1(a,b,c,d,e,w,s) { \
+ a+=F1(b,c,d)+X(w); \
+ a=ROTATE(a,s)+e; \
+ c=ROTATE(c,10); }
+
+#define RIP2(a,b,c,d,e,w,s,K) { \
+ a+=F2(b,c,d)+X(w)+K; \
+ a=ROTATE(a,s)+e; \
+ c=ROTATE(c,10); }
+
+#define RIP3(a,b,c,d,e,w,s,K) { \
+ a+=F3(b,c,d)+X(w)+K; \
+ a=ROTATE(a,s)+e; \
+ c=ROTATE(c,10); }
+
+#define RIP4(a,b,c,d,e,w,s,K) { \
+ a+=F4(b,c,d)+X(w)+K; \
+ a=ROTATE(a,s)+e; \
+ c=ROTATE(c,10); }
+
+#define RIP5(a,b,c,d,e,w,s,K) { \
+ a+=F5(b,c,d)+X(w)+K; \
+ a=ROTATE(a,s)+e; \
+ c=ROTATE(c,10); }
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_one.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ripemd/rmd_one.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,78 +0,0 @@
-/* crypto/ripemd/rmd_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/ripemd.h>
-#include <openssl/crypto.h>
-
-unsigned char *RIPEMD160(const unsigned char *d, size_t n,
- unsigned char *md)
- {
- RIPEMD160_CTX c;
- static unsigned char m[RIPEMD160_DIGEST_LENGTH];
-
- if (md == NULL) md=m;
- if (!RIPEMD160_Init(&c))
- return NULL;
- RIPEMD160_Update(&c,d,n);
- RIPEMD160_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
- return(md);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_one.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ripemd/rmd_one.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_one.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmd_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,77 @@
+/* crypto/ripemd/rmd_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/ripemd.h>
+#include <openssl/crypto.h>
+
+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md)
+{
+ RIPEMD160_CTX c;
+ static unsigned char m[RIPEMD160_DIGEST_LENGTH];
+
+ if (md == NULL)
+ md = m;
+ if (!RIPEMD160_Init(&c))
+ return NULL;
+ RIPEMD160_Update(&c, d, n);
+ RIPEMD160_Final(md, &c);
+ OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+ return (md);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdconst.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ripemd/rmdconst.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdconst.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,399 +0,0 @@
-/* crypto/ripemd/rmdconst.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#define KL0 0x00000000L
-#define KL1 0x5A827999L
-#define KL2 0x6ED9EBA1L
-#define KL3 0x8F1BBCDCL
-#define KL4 0xA953FD4EL
-
-#define KR0 0x50A28BE6L
-#define KR1 0x5C4DD124L
-#define KR2 0x6D703EF3L
-#define KR3 0x7A6D76E9L
-#define KR4 0x00000000L
-
-#define WL00 0
-#define SL00 11
-#define WL01 1
-#define SL01 14
-#define WL02 2
-#define SL02 15
-#define WL03 3
-#define SL03 12
-#define WL04 4
-#define SL04 5
-#define WL05 5
-#define SL05 8
-#define WL06 6
-#define SL06 7
-#define WL07 7
-#define SL07 9
-#define WL08 8
-#define SL08 11
-#define WL09 9
-#define SL09 13
-#define WL10 10
-#define SL10 14
-#define WL11 11
-#define SL11 15
-#define WL12 12
-#define SL12 6
-#define WL13 13
-#define SL13 7
-#define WL14 14
-#define SL14 9
-#define WL15 15
-#define SL15 8
-
-#define WL16 7
-#define SL16 7
-#define WL17 4
-#define SL17 6
-#define WL18 13
-#define SL18 8
-#define WL19 1
-#define SL19 13
-#define WL20 10
-#define SL20 11
-#define WL21 6
-#define SL21 9
-#define WL22 15
-#define SL22 7
-#define WL23 3
-#define SL23 15
-#define WL24 12
-#define SL24 7
-#define WL25 0
-#define SL25 12
-#define WL26 9
-#define SL26 15
-#define WL27 5
-#define SL27 9
-#define WL28 2
-#define SL28 11
-#define WL29 14
-#define SL29 7
-#define WL30 11
-#define SL30 13
-#define WL31 8
-#define SL31 12
-
-#define WL32 3
-#define SL32 11
-#define WL33 10
-#define SL33 13
-#define WL34 14
-#define SL34 6
-#define WL35 4
-#define SL35 7
-#define WL36 9
-#define SL36 14
-#define WL37 15
-#define SL37 9
-#define WL38 8
-#define SL38 13
-#define WL39 1
-#define SL39 15
-#define WL40 2
-#define SL40 14
-#define WL41 7
-#define SL41 8
-#define WL42 0
-#define SL42 13
-#define WL43 6
-#define SL43 6
-#define WL44 13
-#define SL44 5
-#define WL45 11
-#define SL45 12
-#define WL46 5
-#define SL46 7
-#define WL47 12
-#define SL47 5
-
-#define WL48 1
-#define SL48 11
-#define WL49 9
-#define SL49 12
-#define WL50 11
-#define SL50 14
-#define WL51 10
-#define SL51 15
-#define WL52 0
-#define SL52 14
-#define WL53 8
-#define SL53 15
-#define WL54 12
-#define SL54 9
-#define WL55 4
-#define SL55 8
-#define WL56 13
-#define SL56 9
-#define WL57 3
-#define SL57 14
-#define WL58 7
-#define SL58 5
-#define WL59 15
-#define SL59 6
-#define WL60 14
-#define SL60 8
-#define WL61 5
-#define SL61 6
-#define WL62 6
-#define SL62 5
-#define WL63 2
-#define SL63 12
-
-#define WL64 4
-#define SL64 9
-#define WL65 0
-#define SL65 15
-#define WL66 5
-#define SL66 5
-#define WL67 9
-#define SL67 11
-#define WL68 7
-#define SL68 6
-#define WL69 12
-#define SL69 8
-#define WL70 2
-#define SL70 13
-#define WL71 10
-#define SL71 12
-#define WL72 14
-#define SL72 5
-#define WL73 1
-#define SL73 12
-#define WL74 3
-#define SL74 13
-#define WL75 8
-#define SL75 14
-#define WL76 11
-#define SL76 11
-#define WL77 6
-#define SL77 8
-#define WL78 15
-#define SL78 5
-#define WL79 13
-#define SL79 6
-
-#define WR00 5
-#define SR00 8
-#define WR01 14
-#define SR01 9
-#define WR02 7
-#define SR02 9
-#define WR03 0
-#define SR03 11
-#define WR04 9
-#define SR04 13
-#define WR05 2
-#define SR05 15
-#define WR06 11
-#define SR06 15
-#define WR07 4
-#define SR07 5
-#define WR08 13
-#define SR08 7
-#define WR09 6
-#define SR09 7
-#define WR10 15
-#define SR10 8
-#define WR11 8
-#define SR11 11
-#define WR12 1
-#define SR12 14
-#define WR13 10
-#define SR13 14
-#define WR14 3
-#define SR14 12
-#define WR15 12
-#define SR15 6
-
-#define WR16 6
-#define SR16 9
-#define WR17 11
-#define SR17 13
-#define WR18 3
-#define SR18 15
-#define WR19 7
-#define SR19 7
-#define WR20 0
-#define SR20 12
-#define WR21 13
-#define SR21 8
-#define WR22 5
-#define SR22 9
-#define WR23 10
-#define SR23 11
-#define WR24 14
-#define SR24 7
-#define WR25 15
-#define SR25 7
-#define WR26 8
-#define SR26 12
-#define WR27 12
-#define SR27 7
-#define WR28 4
-#define SR28 6
-#define WR29 9
-#define SR29 15
-#define WR30 1
-#define SR30 13
-#define WR31 2
-#define SR31 11
-
-#define WR32 15
-#define SR32 9
-#define WR33 5
-#define SR33 7
-#define WR34 1
-#define SR34 15
-#define WR35 3
-#define SR35 11
-#define WR36 7
-#define SR36 8
-#define WR37 14
-#define SR37 6
-#define WR38 6
-#define SR38 6
-#define WR39 9
-#define SR39 14
-#define WR40 11
-#define SR40 12
-#define WR41 8
-#define SR41 13
-#define WR42 12
-#define SR42 5
-#define WR43 2
-#define SR43 14
-#define WR44 10
-#define SR44 13
-#define WR45 0
-#define SR45 13
-#define WR46 4
-#define SR46 7
-#define WR47 13
-#define SR47 5
-
-#define WR48 8
-#define SR48 15
-#define WR49 6
-#define SR49 5
-#define WR50 4
-#define SR50 8
-#define WR51 1
-#define SR51 11
-#define WR52 3
-#define SR52 14
-#define WR53 11
-#define SR53 14
-#define WR54 15
-#define SR54 6
-#define WR55 0
-#define SR55 14
-#define WR56 5
-#define SR56 6
-#define WR57 12
-#define SR57 9
-#define WR58 2
-#define SR58 12
-#define WR59 13
-#define SR59 9
-#define WR60 9
-#define SR60 12
-#define WR61 7
-#define SR61 5
-#define WR62 10
-#define SR62 15
-#define WR63 14
-#define SR63 8
-
-#define WR64 12
-#define SR64 8
-#define WR65 15
-#define SR65 5
-#define WR66 10
-#define SR66 12
-#define WR67 4
-#define SR67 9
-#define WR68 1
-#define SR68 12
-#define WR69 5
-#define SR69 5
-#define WR70 8
-#define SR70 14
-#define WR71 7
-#define SR71 6
-#define WR72 6
-#define SR72 8
-#define WR73 2
-#define SR73 13
-#define WR74 13
-#define SR74 6
-#define WR75 14
-#define SR75 5
-#define WR76 0
-#define SR76 15
-#define WR77 3
-#define SR77 13
-#define WR78 9
-#define SR78 11
-#define WR79 11
-#define SR79 11
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdconst.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ripemd/rmdconst.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdconst.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdconst.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,398 @@
+/* crypto/ripemd/rmdconst.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#define KL0 0x00000000L
+#define KL1 0x5A827999L
+#define KL2 0x6ED9EBA1L
+#define KL3 0x8F1BBCDCL
+#define KL4 0xA953FD4EL
+
+#define KR0 0x50A28BE6L
+#define KR1 0x5C4DD124L
+#define KR2 0x6D703EF3L
+#define KR3 0x7A6D76E9L
+#define KR4 0x00000000L
+
+#define WL00 0
+#define SL00 11
+#define WL01 1
+#define SL01 14
+#define WL02 2
+#define SL02 15
+#define WL03 3
+#define SL03 12
+#define WL04 4
+#define SL04 5
+#define WL05 5
+#define SL05 8
+#define WL06 6
+#define SL06 7
+#define WL07 7
+#define SL07 9
+#define WL08 8
+#define SL08 11
+#define WL09 9
+#define SL09 13
+#define WL10 10
+#define SL10 14
+#define WL11 11
+#define SL11 15
+#define WL12 12
+#define SL12 6
+#define WL13 13
+#define SL13 7
+#define WL14 14
+#define SL14 9
+#define WL15 15
+#define SL15 8
+
+#define WL16 7
+#define SL16 7
+#define WL17 4
+#define SL17 6
+#define WL18 13
+#define SL18 8
+#define WL19 1
+#define SL19 13
+#define WL20 10
+#define SL20 11
+#define WL21 6
+#define SL21 9
+#define WL22 15
+#define SL22 7
+#define WL23 3
+#define SL23 15
+#define WL24 12
+#define SL24 7
+#define WL25 0
+#define SL25 12
+#define WL26 9
+#define SL26 15
+#define WL27 5
+#define SL27 9
+#define WL28 2
+#define SL28 11
+#define WL29 14
+#define SL29 7
+#define WL30 11
+#define SL30 13
+#define WL31 8
+#define SL31 12
+
+#define WL32 3
+#define SL32 11
+#define WL33 10
+#define SL33 13
+#define WL34 14
+#define SL34 6
+#define WL35 4
+#define SL35 7
+#define WL36 9
+#define SL36 14
+#define WL37 15
+#define SL37 9
+#define WL38 8
+#define SL38 13
+#define WL39 1
+#define SL39 15
+#define WL40 2
+#define SL40 14
+#define WL41 7
+#define SL41 8
+#define WL42 0
+#define SL42 13
+#define WL43 6
+#define SL43 6
+#define WL44 13
+#define SL44 5
+#define WL45 11
+#define SL45 12
+#define WL46 5
+#define SL46 7
+#define WL47 12
+#define SL47 5
+
+#define WL48 1
+#define SL48 11
+#define WL49 9
+#define SL49 12
+#define WL50 11
+#define SL50 14
+#define WL51 10
+#define SL51 15
+#define WL52 0
+#define SL52 14
+#define WL53 8
+#define SL53 15
+#define WL54 12
+#define SL54 9
+#define WL55 4
+#define SL55 8
+#define WL56 13
+#define SL56 9
+#define WL57 3
+#define SL57 14
+#define WL58 7
+#define SL58 5
+#define WL59 15
+#define SL59 6
+#define WL60 14
+#define SL60 8
+#define WL61 5
+#define SL61 6
+#define WL62 6
+#define SL62 5
+#define WL63 2
+#define SL63 12
+
+#define WL64 4
+#define SL64 9
+#define WL65 0
+#define SL65 15
+#define WL66 5
+#define SL66 5
+#define WL67 9
+#define SL67 11
+#define WL68 7
+#define SL68 6
+#define WL69 12
+#define SL69 8
+#define WL70 2
+#define SL70 13
+#define WL71 10
+#define SL71 12
+#define WL72 14
+#define SL72 5
+#define WL73 1
+#define SL73 12
+#define WL74 3
+#define SL74 13
+#define WL75 8
+#define SL75 14
+#define WL76 11
+#define SL76 11
+#define WL77 6
+#define SL77 8
+#define WL78 15
+#define SL78 5
+#define WL79 13
+#define SL79 6
+
+#define WR00 5
+#define SR00 8
+#define WR01 14
+#define SR01 9
+#define WR02 7
+#define SR02 9
+#define WR03 0
+#define SR03 11
+#define WR04 9
+#define SR04 13
+#define WR05 2
+#define SR05 15
+#define WR06 11
+#define SR06 15
+#define WR07 4
+#define SR07 5
+#define WR08 13
+#define SR08 7
+#define WR09 6
+#define SR09 7
+#define WR10 15
+#define SR10 8
+#define WR11 8
+#define SR11 11
+#define WR12 1
+#define SR12 14
+#define WR13 10
+#define SR13 14
+#define WR14 3
+#define SR14 12
+#define WR15 12
+#define SR15 6
+
+#define WR16 6
+#define SR16 9
+#define WR17 11
+#define SR17 13
+#define WR18 3
+#define SR18 15
+#define WR19 7
+#define SR19 7
+#define WR20 0
+#define SR20 12
+#define WR21 13
+#define SR21 8
+#define WR22 5
+#define SR22 9
+#define WR23 10
+#define SR23 11
+#define WR24 14
+#define SR24 7
+#define WR25 15
+#define SR25 7
+#define WR26 8
+#define SR26 12
+#define WR27 12
+#define SR27 7
+#define WR28 4
+#define SR28 6
+#define WR29 9
+#define SR29 15
+#define WR30 1
+#define SR30 13
+#define WR31 2
+#define SR31 11
+
+#define WR32 15
+#define SR32 9
+#define WR33 5
+#define SR33 7
+#define WR34 1
+#define SR34 15
+#define WR35 3
+#define SR35 11
+#define WR36 7
+#define SR36 8
+#define WR37 14
+#define SR37 6
+#define WR38 6
+#define SR38 6
+#define WR39 9
+#define SR39 14
+#define WR40 11
+#define SR40 12
+#define WR41 8
+#define SR41 13
+#define WR42 12
+#define SR42 5
+#define WR43 2
+#define SR43 14
+#define WR44 10
+#define SR44 13
+#define WR45 0
+#define SR45 13
+#define WR46 4
+#define SR46 7
+#define WR47 13
+#define SR47 5
+
+#define WR48 8
+#define SR48 15
+#define WR49 6
+#define SR49 5
+#define WR50 4
+#define SR50 8
+#define WR51 1
+#define SR51 11
+#define WR52 3
+#define SR52 14
+#define WR53 11
+#define SR53 14
+#define WR54 15
+#define SR54 6
+#define WR55 0
+#define SR55 14
+#define WR56 5
+#define SR56 6
+#define WR57 12
+#define SR57 9
+#define WR58 2
+#define SR58 12
+#define WR59 13
+#define SR59 9
+#define WR60 9
+#define SR60 12
+#define WR61 7
+#define SR61 5
+#define WR62 10
+#define SR62 15
+#define WR63 14
+#define SR63 8
+
+#define WR64 12
+#define SR64 8
+#define WR65 15
+#define SR65 5
+#define WR66 10
+#define SR66 12
+#define WR67 4
+#define SR67 9
+#define WR68 1
+#define SR68 12
+#define WR69 5
+#define SR69 5
+#define WR70 8
+#define SR70 14
+#define WR71 7
+#define SR71 6
+#define WR72 6
+#define SR72 8
+#define WR73 2
+#define SR73 13
+#define WR74 13
+#define SR74 6
+#define WR75 14
+#define SR75 5
+#define WR76 0
+#define SR76 15
+#define WR77 3
+#define SR77 13
+#define WR78 9
+#define SR78 11
+#define WR79 11
+#define SR79 11
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdtest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ripemd/rmdtest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,145 +0,0 @@
-/* crypto/ripemd/rmdtest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_RIPEMD
-int main(int argc, char *argv[])
-{
- printf("No ripemd support\n");
- return(0);
-}
-#else
-#include <openssl/ripemd.h>
-#include <openssl/evp.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-static char *test[]={
- "",
- "a",
- "abc",
- "message digest",
- "abcdefghijklmnopqrstuvwxyz",
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
- "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
- NULL,
- };
-
-static char *ret[]={
- "9c1185a5c5e9fc54612808977ee8f548b2258d31",
- "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
- "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
- "5d0689ef49d2fae572b881b123a85ffa21595f36",
- "f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
- "12a053384a9c0c88e405a06c27dcf49ada62eb2b",
- "b0e20b6e3116640286ed3a87a5713079b21f5189",
- "9b752e45573d4b39f4dbd3323cab82bf63326bfb",
- };
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
- {
- int i,err=0;
- char **P,**R;
- char *p;
- unsigned char md[RIPEMD160_DIGEST_LENGTH];
-
- P=test;
- R=ret;
- i=1;
- while (*P != NULL)
- {
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
-#endif
- EVP_Digest(&(P[0][0]),strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL);
- p=pt(md);
- if (strcmp(p,(char *)*R) != 0)
- {
- printf("error calculating RIPEMD160 on '%s'\n",*P);
- printf("got %s instead of %s\n",p,*R);
- err++;
- }
- else
- printf("test %d ok\n",i);
- i++;
- R++;
- P++;
- }
- EXIT(err);
- return(0);
- }
-
-static char *pt(unsigned char *md)
- {
- int i;
- static char buf[80];
-
- for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
- sprintf(&(buf[i*2]),"%02x",md[i]);
- return(buf);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdtest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ripemd/rmdtest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdtest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ripemd/rmdtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,143 @@
+/* crypto/ripemd/rmdtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RIPEMD
+int main(int argc, char *argv[])
+{
+ printf("No ripemd support\n");
+ return (0);
+}
+#else
+# include <openssl/ripemd.h>
+# include <openssl/evp.h>
+
+# ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+# endif
+
+static char *test[] = {
+ "",
+ "a",
+ "abc",
+ "message digest",
+ "abcdefghijklmnopqrstuvwxyz",
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+ NULL,
+};
+
+static char *ret[] = {
+ "9c1185a5c5e9fc54612808977ee8f548b2258d31",
+ "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
+ "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
+ "5d0689ef49d2fae572b881b123a85ffa21595f36",
+ "f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
+ "12a053384a9c0c88e405a06c27dcf49ada62eb2b",
+ "b0e20b6e3116640286ed3a87a5713079b21f5189",
+ "9b752e45573d4b39f4dbd3323cab82bf63326bfb",
+};
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+ int i, err = 0;
+ char **P, **R;
+ char *p;
+ unsigned char md[RIPEMD160_DIGEST_LENGTH];
+
+ P = test;
+ R = ret;
+ i = 1;
+ while (*P != NULL) {
+# ifdef CHARSET_EBCDIC
+ ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
+# endif
+ EVP_Digest(&(P[0][0]), strlen((char *)*P), md, NULL, EVP_ripemd160(),
+ NULL);
+ p = pt(md);
+ if (strcmp(p, (char *)*R) != 0) {
+ printf("error calculating RIPEMD160 on '%s'\n", *P);
+ printf("got %s instead of %s\n", p, *R);
+ err++;
+ } else
+ printf("test %d ok\n", i);
+ i++;
+ R++;
+ P++;
+ }
+ EXIT(err);
+ return (0);
+}
+
+static char *pt(unsigned char *md)
+{
+ int i;
+ static char buf[80];
+
+ for (i = 0; i < RIPEMD160_DIGEST_LENGTH; i++)
+ sprintf(&(buf[i * 2]), "%02x", md[i]);
+ return (buf);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,497 +0,0 @@
-/* crypto/rsa/rsa.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RSA_H
-#define HEADER_RSA_H
-
-#include <openssl/asn1.h>
-
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/crypto.h>
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
-
-#ifdef OPENSSL_NO_RSA
-#error RSA is disabled.
-#endif
-
-/* If this flag is set the RSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-
-#define RSA_FLAG_FIPS_METHOD 0x0400
-
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-#define RSA_FLAG_NON_FIPS_ALLOW 0x0400
-
-#ifdef OPENSSL_FIPS
-#define FIPS_RSA_SIZE_T int
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Declared already in ossl_typ.h */
-/* typedef struct rsa_st RSA; */
-/* typedef struct rsa_meth_st RSA_METHOD; */
-
-struct rsa_meth_st
- {
- const char *name;
- int (*rsa_pub_enc)(int flen,const unsigned char *from,
- unsigned char *to,
- RSA *rsa,int padding);
- int (*rsa_pub_dec)(int flen,const unsigned char *from,
- unsigned char *to,
- RSA *rsa,int padding);
- int (*rsa_priv_enc)(int flen,const unsigned char *from,
- unsigned char *to,
- RSA *rsa,int padding);
- int (*rsa_priv_dec)(int flen,const unsigned char *from,
- unsigned char *to,
- RSA *rsa,int padding);
- int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx); /* Can be null */
- int (*init)(RSA *rsa); /* called at new */
- int (*finish)(RSA *rsa); /* called at free */
- int flags; /* RSA_METHOD_FLAG_* things */
- char *app_data; /* may be needed! */
-/* New sign and verify functions: some libraries don't allow arbitrary data
- * to be signed/verified: this allows them to be used. Note: for this to work
- * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
- * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
- * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
- * option is set in 'flags'.
- */
- int (*rsa_sign)(int type,
- const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
- int (*rsa_verify)(int dtype,
- const unsigned char *m, unsigned int m_length,
- unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
-/* If this callback is NULL, the builtin software RSA key-gen will be used. This
- * is for behavioural compatibility whilst the code gets rewired, but one day
- * it would be nice to assume there are no such things as "builtin software"
- * implementations. */
- int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
- };
-
-struct rsa_st
- {
- /* The first parameter is used to pickup errors where
- * this is passed instead of aEVP_PKEY, it is set to 0 */
- int pad;
- long version;
- const RSA_METHOD *meth;
- /* functional reference if 'meth' is ENGINE-provided */
- ENGINE *engine;
- BIGNUM *n;
- BIGNUM *e;
- BIGNUM *d;
- BIGNUM *p;
- BIGNUM *q;
- BIGNUM *dmp1;
- BIGNUM *dmq1;
- BIGNUM *iqmp;
- /* be careful using this if the RSA structure is shared */
- CRYPTO_EX_DATA ex_data;
- int references;
- int flags;
-
- /* Used to cache montgomery values */
- BN_MONT_CTX *_method_mod_n;
- BN_MONT_CTX *_method_mod_p;
- BN_MONT_CTX *_method_mod_q;
-
- /* all BIGNUM values are actually in the following data, if it is not
- * NULL */
- char *bignum_data;
- BN_BLINDING *blinding;
- BN_BLINDING *mt_blinding;
- };
-
-#ifndef OPENSSL_RSA_MAX_MODULUS_BITS
-# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
-#endif
-
-#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
-
-#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
-# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
-#endif
-#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
-# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */
-#endif
-
-#define RSA_3 0x3L
-#define RSA_F4 0x10001L
-
-#define RSA_METHOD_FLAG_NO_CHECK 0x0001 /* don't check pub/private match */
-
-#define RSA_FLAG_CACHE_PUBLIC 0x0002
-#define RSA_FLAG_CACHE_PRIVATE 0x0004
-#define RSA_FLAG_BLINDING 0x0008
-#define RSA_FLAG_THREAD_SAFE 0x0010
-/* This flag means the private key operations will be handled by rsa_mod_exp
- * and that they do not depend on the private key components being present:
- * for example a key stored in external hardware. Without this flag bn_mod_exp
- * gets called when private key components are absent.
- */
-#define RSA_FLAG_EXT_PKEY 0x0020
-
-/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
- */
-#define RSA_FLAG_SIGN_VER 0x0040
-
-#define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in
- * RSA implementation now uses blinding by
- * default (ignoring RSA_FLAG_BLINDING),
- * but other engines might not need it
- */
-#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA
- * implementation now uses constant time
- * operations by default in private key operations,
- * e.g., constant time modular exponentiation,
- * modular inverse without leaking branches,
- * division without leaking branches. This
- * flag disables these constant time
- * operations and results in faster RSA
- * private key operations.
- */
-#ifndef OPENSSL_NO_DEPRECATED
-#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/
- /* new with 0.9.7h; the built-in RSA
- * implementation now uses constant time
- * modular exponentiation for secret exponents
- * by default. This flag causes the
- * faster variable sliding window method to
- * be used for all exponents.
- */
-#endif
-
-
-#define RSA_PKCS1_PADDING 1
-#define RSA_SSLV23_PADDING 2
-#define RSA_NO_PADDING 3
-#define RSA_PKCS1_OAEP_PADDING 4
-#define RSA_X931_PADDING 5
-
-#define RSA_PKCS1_PADDING_SIZE 11
-
-#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
-#define RSA_get_app_data(s) RSA_get_ex_data(s,0)
-
-RSA * RSA_new(void);
-RSA * RSA_new_method(ENGINE *engine);
-int RSA_size(const RSA *);
-
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
-RSA * RSA_generate_key(int bits, unsigned long e,void
- (*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-
-/* New version */
-int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
- const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
- const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
- const BIGNUM *e, BN_GENCB *cb);
-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
-
-int RSA_check_key(const RSA *);
- /* next 4 return -1 on error */
-int RSA_public_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-int RSA_private_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-int RSA_public_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-int RSA_private_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-void RSA_free (RSA *r);
-/* "up" the RSA object's reference count */
-int RSA_up_ref(RSA *r);
-
-int RSA_flags(const RSA *r);
-
-#ifdef OPENSSL_FIPS
-RSA *FIPS_rsa_new(void);
-void FIPS_rsa_free(RSA *r);
-#endif
-
-void RSA_set_default_method(const RSA_METHOD *meth);
-const RSA_METHOD *RSA_get_default_method(void);
-const RSA_METHOD *RSA_get_method(const RSA *rsa);
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
-
-/* This function needs the memory locking malloc callbacks to be installed */
-int RSA_memory_lock(RSA *r);
-
-/* these are the actual SSLeay RSA functions */
-const RSA_METHOD *RSA_PKCS1_SSLeay(void);
-
-const RSA_METHOD *RSA_null_method(void);
-
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
-
-#ifndef OPENSSL_NO_FP_API
-int RSA_print_fp(FILE *fp, const RSA *r,int offset);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-int RSA_print(BIO *bp, const RSA *r,int offset);
-#endif
-
-#ifndef OPENSSL_NO_RC4
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
- int (*cb)(char *buf, int len, const char *prompt, int verify),
- int sgckey);
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
- int (*cb)(char *buf, int len, const char *prompt, int verify),
- int sgckey);
-
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
- int (*cb)(char *buf, int len, const char *prompt,
- int verify));
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
- int (*cb)(char *buf, int len, const char *prompt,
- int verify));
-#endif
-
-/* The following 2 functions sign and verify a X509_SIG ASN1 object
- * inside PKCS#1 padded RSA encryption */
-int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
- unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
-/* The following 2 function sign and verify a ASN1_OCTET_STRING
- * object inside PKCS#1 padded RSA encryption */
-int RSA_sign_ASN1_OCTET_STRING(int type,
- const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify_ASN1_OCTET_STRING(int type,
- const unsigned char *m, unsigned int m_length,
- unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
-void RSA_blinding_off(RSA *rsa);
-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
-
-int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
- const unsigned char *f,int fl);
-int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
- const unsigned char *f,int fl,int rsa_len);
-int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
- const unsigned char *f,int fl);
-int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
- const unsigned char *f,int fl,int rsa_len);
-int PKCS1_MGF1(unsigned char *mask, long len,
- const unsigned char *seed, long seedlen, const EVP_MD *dgst);
-int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
- const unsigned char *f,int fl,
- const unsigned char *p,int pl);
-int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
- const unsigned char *f,int fl,int rsa_len,
- const unsigned char *p,int pl);
-int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
- const unsigned char *f,int fl);
-int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
- const unsigned char *f,int fl,int rsa_len);
-int RSA_padding_add_none(unsigned char *to,int tlen,
- const unsigned char *f,int fl);
-int RSA_padding_check_none(unsigned char *to,int tlen,
- const unsigned char *f,int fl,int rsa_len);
-int RSA_padding_add_X931(unsigned char *to,int tlen,
- const unsigned char *f,int fl);
-int RSA_padding_check_X931(unsigned char *to,int tlen,
- const unsigned char *f,int fl,int rsa_len);
-int RSA_X931_hash_id(int nid);
-
-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
- const EVP_MD *Hash, const unsigned char *EM, int sLen);
-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
- const unsigned char *mHash,
- const EVP_MD *Hash, int sLen);
-
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int RSA_set_ex_data(RSA *r,int idx,void *arg);
-void *RSA_get_ex_data(const RSA *r, int idx);
-
-RSA *RSAPublicKey_dup(RSA *rsa);
-RSA *RSAPrivateKey_dup(RSA *rsa);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_RSA_strings(void);
-
-/* Error codes for the RSA functions. */
-
-/* Function codes. */
-#define RSA_F_FIPS_RSA_SIGN 140
-#define RSA_F_FIPS_RSA_VERIFY 141
-#define RSA_F_MEMORY_LOCK 100
-#define RSA_F_RSA_BUILTIN_KEYGEN 129
-#define RSA_F_RSA_CHECK_KEY 123
-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102
-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104
-#define RSA_F_RSA_GENERATE_KEY 105
-#define RSA_F_RSA_MEMORY_LOCK 130
-#define RSA_F_RSA_NEW_METHOD 106
-#define RSA_F_RSA_NULL 124
-#define RSA_F_RSA_NULL_MOD_EXP 131
-#define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132
-#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133
-#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134
-#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135
-#define RSA_F_RSA_PADDING_ADD_NONE 107
-#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
-#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
-#define RSA_F_RSA_PADDING_ADD_SSLV23 110
-#define RSA_F_RSA_PADDING_ADD_X931 127
-#define RSA_F_RSA_PADDING_CHECK_NONE 111
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
-#define RSA_F_RSA_PADDING_CHECK_SSLV23 114
-#define RSA_F_RSA_PADDING_CHECK_X931 128
-#define RSA_F_RSA_PRINT 115
-#define RSA_F_RSA_PRINT_FP 116
-#define RSA_F_RSA_PRIVATE_ENCRYPT 137
-#define RSA_F_RSA_PUBLIC_DECRYPT 138
-#define RSA_F_RSA_SETUP_BLINDING 136
-#define RSA_F_RSA_SET_DEFAULT_METHOD 139
-#define RSA_F_RSA_SET_METHOD 142
-#define RSA_F_RSA_SIGN 117
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
-#define RSA_F_RSA_VERIFY 119
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
-#define RSA_F_RSA_VERIFY_PKCS1_PSS 126
-
-/* Reason codes. */
-#define RSA_R_ALGORITHM_MISMATCH 100
-#define RSA_R_BAD_E_VALUE 101
-#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102
-#define RSA_R_BAD_PAD_BYTE_COUNT 103
-#define RSA_R_BAD_SIGNATURE 104
-#define RSA_R_BLOCK_TYPE_IS_NOT_01 106
-#define RSA_R_BLOCK_TYPE_IS_NOT_02 107
-#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108
-#define RSA_R_DATA_TOO_LARGE 109
-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
-#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132
-#define RSA_R_DATA_TOO_SMALL 111
-#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122
-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
-#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
-#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
-#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
-#define RSA_R_FIRST_OCTET_INVALID 133
-#define RSA_R_INVALID_HEADER 137
-#define RSA_R_INVALID_MESSAGE_LENGTH 131
-#define RSA_R_INVALID_PADDING 138
-#define RSA_R_INVALID_TRAILER 139
-#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
-#define RSA_R_KEY_SIZE_TOO_SMALL 120
-#define RSA_R_LAST_OCTET_INVALID 134
-#define RSA_R_MODULUS_TOO_LARGE 105
-#define RSA_R_NON_FIPS_METHOD 141
-#define RSA_R_NO_PUBLIC_EXPONENT 140
-#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
-#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
-#define RSA_R_OAEP_DECODING_ERROR 121
-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142
-#define RSA_R_PADDING_CHECK_FAILED 114
-#define RSA_R_PKCS_DECODING_ERROR 159
-#define RSA_R_P_NOT_PRIME 128
-#define RSA_R_Q_NOT_PRIME 129
-#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
-#define RSA_R_SLEN_CHECK_FAILED 136
-#define RSA_R_SLEN_RECOVERY_FAILED 135
-#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
-#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
-#define RSA_R_UNKNOWN_PADDING_TYPE 118
-#define RSA_R_WRONG_SIGNATURE_LENGTH 119
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa.h (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,525 @@
+/* crypto/rsa/rsa.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_RSA_H
+# define HEADER_RSA_H
+
+# include <openssl/asn1.h>
+
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+# include <openssl/crypto.h>
+# include <openssl/ossl_typ.h>
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/bn.h>
+# endif
+
+# ifdef OPENSSL_NO_RSA
+# error RSA is disabled.
+# endif
+
+/*
+ * If this flag is set the RSA method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its reposibility to ensure the
+ * result is compliant.
+ */
+
+# define RSA_FLAG_FIPS_METHOD 0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define RSA_FLAG_NON_FIPS_ALLOW 0x0400
+
+# ifdef OPENSSL_FIPS
+# define FIPS_RSA_SIZE_T int
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Declared already in ossl_typ.h */
+/* typedef struct rsa_st RSA; */
+/* typedef struct rsa_meth_st RSA_METHOD; */
+
+struct rsa_meth_st {
+ const char *name;
+ int (*rsa_pub_enc) (int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ int (*rsa_pub_dec) (int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ int (*rsa_priv_enc) (int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ int (*rsa_priv_dec) (int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+ /* Can be null */
+ int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+ /* Can be null */
+ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+ /* called at new */
+ int (*init) (RSA *rsa);
+ /* called at free */
+ int (*finish) (RSA *rsa);
+ /* RSA_METHOD_FLAG_* things */
+ int flags;
+ /* may be needed! */
+ char *app_data;
+ /*
+ * New sign and verify functions: some libraries don't allow arbitrary
+ * data to be signed/verified: this allows them to be used. Note: for
+ * this to work the RSA_public_decrypt() and RSA_private_encrypt() should
+ * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note:
+ * for backwards compatibility this functionality is only enabled if the
+ * RSA_FLAG_SIGN_VER option is set in 'flags'.
+ */
+ int (*rsa_sign) (int type,
+ const unsigned char *m, unsigned int m_length,
+ unsigned char *sigret, unsigned int *siglen,
+ const RSA *rsa);
+ int (*rsa_verify) (int dtype, const unsigned char *m,
+ unsigned int m_length, unsigned char *sigbuf,
+ unsigned int siglen, const RSA *rsa);
+ /*
+ * If this callback is NULL, the builtin software RSA key-gen will be
+ * used. This is for behavioural compatibility whilst the code gets
+ * rewired, but one day it would be nice to assume there are no such
+ * things as "builtin software" implementations.
+ */
+ int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+};
+
+struct rsa_st {
+ /*
+ * The first parameter is used to pickup errors where this is passed
+ * instead of aEVP_PKEY, it is set to 0
+ */
+ int pad;
+ long version;
+ const RSA_METHOD *meth;
+ /* functional reference if 'meth' is ENGINE-provided */
+ ENGINE *engine;
+ BIGNUM *n;
+ BIGNUM *e;
+ BIGNUM *d;
+ BIGNUM *p;
+ BIGNUM *q;
+ BIGNUM *dmp1;
+ BIGNUM *dmq1;
+ BIGNUM *iqmp;
+ /* be careful using this if the RSA structure is shared */
+ CRYPTO_EX_DATA ex_data;
+ int references;
+ int flags;
+ /* Used to cache montgomery values */
+ BN_MONT_CTX *_method_mod_n;
+ BN_MONT_CTX *_method_mod_p;
+ BN_MONT_CTX *_method_mod_q;
+ /*
+ * all BIGNUM values are actually in the following data, if it is not
+ * NULL
+ */
+ char *bignum_data;
+ BN_BLINDING *blinding;
+ BN_BLINDING *mt_blinding;
+};
+
+# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
+# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
+# endif
+
+# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
+
+# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
+# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
+# endif
+# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
+
+/* exponent limit enforced for "large" modulus only */
+# define OPENSSL_RSA_MAX_PUBEXP_BITS 64
+# endif
+
+# define RSA_3 0x3L
+# define RSA_F4 0x10001L
+
+# define RSA_METHOD_FLAG_NO_CHECK 0x0001/* don't check pub/private
+ * match */
+
+# define RSA_FLAG_CACHE_PUBLIC 0x0002
+# define RSA_FLAG_CACHE_PRIVATE 0x0004
+# define RSA_FLAG_BLINDING 0x0008
+# define RSA_FLAG_THREAD_SAFE 0x0010
+/*
+ * This flag means the private key operations will be handled by rsa_mod_exp
+ * and that they do not depend on the private key components being present:
+ * for example a key stored in external hardware. Without this flag
+ * bn_mod_exp gets called when private key components are absent.
+ */
+# define RSA_FLAG_EXT_PKEY 0x0020
+
+/*
+ * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify
+ * functions.
+ */
+# define RSA_FLAG_SIGN_VER 0x0040
+
+/*
+ * new with 0.9.6j and 0.9.7b; the built-in
+ * RSA implementation now uses blinding by
+ * default (ignoring RSA_FLAG_BLINDING),
+ * but other engines might not need it
+ */
+# define RSA_FLAG_NO_BLINDING 0x0080
+/*
+ * new with 0.9.8f; the built-in RSA
+ * implementation now uses constant time
+ * operations by default in private key operations,
+ * e.g., constant time modular exponentiation,
+ * modular inverse without leaking branches,
+ * division without leaking branches. This
+ * flag disables these constant time
+ * operations and results in faster RSA
+ * private key operations.
+ */
+# define RSA_FLAG_NO_CONSTTIME 0x0100
+# ifdef OPENSSL_USE_DEPRECATED
+/* deprecated name for the flag*/
+/*
+ * new with 0.9.7h; the built-in RSA
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
+# define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
+# endif
+
+# define RSA_PKCS1_PADDING 1
+# define RSA_SSLV23_PADDING 2
+# define RSA_NO_PADDING 3
+# define RSA_PKCS1_OAEP_PADDING 4
+# define RSA_X931_PADDING 5
+
+# define RSA_PKCS1_PADDING_SIZE 11
+
+# define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
+# define RSA_get_app_data(s) RSA_get_ex_data(s,0)
+
+RSA *RSA_new(void);
+RSA *RSA_new_method(ENGINE *engine);
+int RSA_size(const RSA *);
+
+/* Deprecated version */
+# ifndef OPENSSL_NO_DEPRECATED
+RSA *RSA_generate_key(int bits, unsigned long e, void
+ (*callback) (int, int, void *), void *cb_arg);
+# endif /* !defined(OPENSSL_NO_DEPRECATED) */
+
+/* New version */
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
+ BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
+ const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb);
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
+ BN_GENCB *cb);
+
+int RSA_check_key(const RSA *);
+ /* next 4 return -1 on error */
+int RSA_public_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+int RSA_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+int RSA_public_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+int RSA_private_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+void RSA_free(RSA *r);
+/* "up" the RSA object's reference count */
+int RSA_up_ref(RSA *r);
+
+int RSA_flags(const RSA *r);
+
+# ifdef OPENSSL_FIPS
+RSA *FIPS_rsa_new(void);
+void FIPS_rsa_free(RSA *r);
+# endif
+
+void RSA_set_default_method(const RSA_METHOD *meth);
+const RSA_METHOD *RSA_get_default_method(void);
+const RSA_METHOD *RSA_get_method(const RSA *rsa);
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+
+/* This function needs the memory locking malloc callbacks to be installed */
+int RSA_memory_lock(RSA *r);
+
+/* these are the actual SSLeay RSA functions */
+const RSA_METHOD *RSA_PKCS1_SSLeay(void);
+
+const RSA_METHOD *RSA_null_method(void);
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
+
+# ifndef OPENSSL_NO_FP_API
+int RSA_print_fp(FILE *fp, const RSA *r, int offset);
+# endif
+
+# ifndef OPENSSL_NO_BIO
+int RSA_print(BIO *bp, const RSA *r, int offset);
+# endif
+
+# ifndef OPENSSL_NO_RC4
+int i2d_RSA_NET(const RSA *a, unsigned char **pp,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify), int sgckey);
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify), int sgckey);
+
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify));
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
+ int (*cb) (char *buf, int len, const char *prompt,
+ int verify));
+# endif
+
+/*
+ * The following 2 functions sign and verify a X509_SIG ASN1 object inside
+ * PKCS#1 padded RSA encryption
+ */
+int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
+ unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
+ unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+/*
+ * The following 2 function sign and verify a ASN1_OCTET_STRING object inside
+ * PKCS#1 padded RSA encryption
+ */
+int RSA_sign_ASN1_OCTET_STRING(int type,
+ const unsigned char *m, unsigned int m_length,
+ unsigned char *sigret, unsigned int *siglen,
+ RSA *rsa);
+int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m,
+ unsigned int m_length, unsigned char *sigbuf,
+ unsigned int siglen, RSA *rsa);
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+void RSA_blinding_off(RSA *rsa);
+BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+ const unsigned char *f, int fl);
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ int rsa_len);
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+ const unsigned char *f, int fl);
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ int rsa_len);
+int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
+ long seedlen, const EVP_MD *dgst);
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+ const unsigned char *f, int fl,
+ const unsigned char *p, int pl);
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+ const unsigned char *f, int fl, int rsa_len,
+ const unsigned char *p, int pl);
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+ const unsigned char *f, int fl);
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+ const unsigned char *f, int fl, int rsa_len);
+int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f,
+ int fl);
+int RSA_padding_check_none(unsigned char *to, int tlen,
+ const unsigned char *f, int fl, int rsa_len);
+int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f,
+ int fl);
+int RSA_padding_check_X931(unsigned char *to, int tlen,
+ const unsigned char *f, int fl, int rsa_len);
+int RSA_X931_hash_id(int nid);
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+ const EVP_MD *Hash, const unsigned char *EM,
+ int sLen);
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+ const unsigned char *mHash, const EVP_MD *Hash,
+ int sLen);
+
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int RSA_set_ex_data(RSA *r, int idx, void *arg);
+void *RSA_get_ex_data(const RSA *r, int idx);
+
+RSA *RSAPublicKey_dup(RSA *rsa);
+RSA *RSAPrivateKey_dup(RSA *rsa);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_RSA_strings(void);
+
+/* Error codes for the RSA functions. */
+
+/* Function codes. */
+# define RSA_F_FIPS_RSA_SIGN 140
+# define RSA_F_FIPS_RSA_VERIFY 141
+# define RSA_F_MEMORY_LOCK 100
+# define RSA_F_RSA_BUILTIN_KEYGEN 129
+# define RSA_F_RSA_CHECK_KEY 123
+# define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
+# define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102
+# define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
+# define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104
+# define RSA_F_RSA_GENERATE_KEY 105
+# define RSA_F_RSA_MEMORY_LOCK 130
+# define RSA_F_RSA_NEW_METHOD 106
+# define RSA_F_RSA_NULL 124
+# define RSA_F_RSA_NULL_MOD_EXP 131
+# define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132
+# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133
+# define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134
+# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135
+# define RSA_F_RSA_PADDING_ADD_NONE 107
+# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
+# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
+# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
+# define RSA_F_RSA_PADDING_ADD_SSLV23 110
+# define RSA_F_RSA_PADDING_ADD_X931 127
+# define RSA_F_RSA_PADDING_CHECK_NONE 111
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
+# define RSA_F_RSA_PADDING_CHECK_SSLV23 114
+# define RSA_F_RSA_PADDING_CHECK_X931 128
+# define RSA_F_RSA_PRINT 115
+# define RSA_F_RSA_PRINT_FP 116
+# define RSA_F_RSA_PRIVATE_ENCRYPT 137
+# define RSA_F_RSA_PUBLIC_DECRYPT 138
+# define RSA_F_RSA_SETUP_BLINDING 136
+# define RSA_F_RSA_SET_DEFAULT_METHOD 139
+# define RSA_F_RSA_SET_METHOD 142
+# define RSA_F_RSA_SIGN 117
+# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
+# define RSA_F_RSA_VERIFY 119
+# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
+# define RSA_F_RSA_VERIFY_PKCS1_PSS 126
+
+/* Reason codes. */
+# define RSA_R_ALGORITHM_MISMATCH 100
+# define RSA_R_BAD_E_VALUE 101
+# define RSA_R_BAD_FIXED_HEADER_DECRYPT 102
+# define RSA_R_BAD_PAD_BYTE_COUNT 103
+# define RSA_R_BAD_SIGNATURE 104
+# define RSA_R_BLOCK_TYPE_IS_NOT_01 106
+# define RSA_R_BLOCK_TYPE_IS_NOT_02 107
+# define RSA_R_DATA_GREATER_THAN_MOD_LEN 108
+# define RSA_R_DATA_TOO_LARGE 109
+# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
+# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132
+# define RSA_R_DATA_TOO_SMALL 111
+# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122
+# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
+# define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
+# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
+# define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
+# define RSA_R_FIRST_OCTET_INVALID 133
+# define RSA_R_INVALID_HEADER 137
+# define RSA_R_INVALID_MESSAGE_LENGTH 131
+# define RSA_R_INVALID_PADDING 138
+# define RSA_R_INVALID_TRAILER 139
+# define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
+# define RSA_R_KEY_SIZE_TOO_SMALL 120
+# define RSA_R_LAST_OCTET_INVALID 134
+# define RSA_R_MODULUS_TOO_LARGE 105
+# define RSA_R_NON_FIPS_METHOD 141
+# define RSA_R_NO_PUBLIC_EXPONENT 140
+# define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
+# define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
+# define RSA_R_OAEP_DECODING_ERROR 121
+# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142
+# define RSA_R_PADDING_CHECK_FAILED 114
+# define RSA_R_PKCS_DECODING_ERROR 159
+# define RSA_R_P_NOT_PRIME 128
+# define RSA_R_Q_NOT_PRIME 129
+# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
+# define RSA_R_SLEN_CHECK_FAILED 136
+# define RSA_R_SLEN_RECOVERY_FAILED 135
+# define RSA_R_SSLV3_ROLLBACK_ATTACK 115
+# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
+# define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
+# define RSA_R_UNKNOWN_PADDING_TYPE 118
+# define RSA_R_WRONG_SIGNATURE_LENGTH 119
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_asn1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_asn1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,121 +0,0 @@
-/* rsa_asn1.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/asn1t.h>
-
-static ASN1_METHOD method={
- (I2D_OF(void)) i2d_RSAPrivateKey,
- (D2I_OF(void)) d2i_RSAPrivateKey,
- (void *(*)(void)) RSA_new,
- (void (*)(void *)) RSA_free};
-
-ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
- {
- return(&method);
- }
-
-/* Override the default free and new methods */
-static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-{
- if(operation == ASN1_OP_NEW_PRE) {
- *pval = (ASN1_VALUE *)RSA_new();
- if(*pval) return 2;
- return 0;
- } else if(operation == ASN1_OP_FREE_PRE) {
- RSA_free((RSA *)*pval);
- *pval = NULL;
- return 2;
- }
- return 1;
-}
-
-ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
- ASN1_SIMPLE(RSA, version, LONG),
- ASN1_SIMPLE(RSA, n, BIGNUM),
- ASN1_SIMPLE(RSA, e, BIGNUM),
- ASN1_SIMPLE(RSA, d, BIGNUM),
- ASN1_SIMPLE(RSA, p, BIGNUM),
- ASN1_SIMPLE(RSA, q, BIGNUM),
- ASN1_SIMPLE(RSA, dmp1, BIGNUM),
- ASN1_SIMPLE(RSA, dmq1, BIGNUM),
- ASN1_SIMPLE(RSA, iqmp, BIGNUM)
-} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
-
-
-ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
- ASN1_SIMPLE(RSA, n, BIGNUM),
- ASN1_SIMPLE(RSA, e, BIGNUM),
-} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
-
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)
-
-RSA *RSAPublicKey_dup(RSA *rsa)
- {
- return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
- }
-
-RSA *RSAPrivateKey_dup(RSA *rsa)
- {
- return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_asn1.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_asn1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_asn1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,124 @@
+/* rsa_asn1.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/asn1t.h>
+
+static ASN1_METHOD method = {
+ (I2D_OF(void)) i2d_RSAPrivateKey,
+ (D2I_OF(void)) d2i_RSAPrivateKey,
+ (void *(*)(void))RSA_new,
+ (void (*)(void *))RSA_free
+};
+
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
+{
+ return (&method);
+}
+
+/* Override the default free and new methods */
+static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+ if (operation == ASN1_OP_NEW_PRE) {
+ *pval = (ASN1_VALUE *)RSA_new();
+ if (*pval)
+ return 2;
+ return 0;
+ } else if (operation == ASN1_OP_FREE_PRE) {
+ RSA_free((RSA *)*pval);
+ *pval = NULL;
+ return 2;
+ }
+ return 1;
+}
+
+ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
+ ASN1_SIMPLE(RSA, version, LONG),
+ ASN1_SIMPLE(RSA, n, BIGNUM),
+ ASN1_SIMPLE(RSA, e, BIGNUM),
+ ASN1_SIMPLE(RSA, d, BIGNUM),
+ ASN1_SIMPLE(RSA, p, BIGNUM),
+ ASN1_SIMPLE(RSA, q, BIGNUM),
+ ASN1_SIMPLE(RSA, dmp1, BIGNUM),
+ ASN1_SIMPLE(RSA, dmq1, BIGNUM),
+ ASN1_SIMPLE(RSA, iqmp, BIGNUM)
+} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
+
+
+ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
+ ASN1_SIMPLE(RSA, n, BIGNUM),
+ ASN1_SIMPLE(RSA, e, BIGNUM),
+} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)
+
+RSA *RSAPublicKey_dup(RSA *rsa)
+{
+ return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
+}
+
+RSA *RSAPrivateKey_dup(RSA *rsa)
+{
+ return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_chk.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_chk.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_chk.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,184 +0,0 @@
-/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-
-int RSA_check_key(const RSA *key)
- {
- BIGNUM *i, *j, *k, *l, *m;
- BN_CTX *ctx;
- int r;
- int ret=1;
-
- i = BN_new();
- j = BN_new();
- k = BN_new();
- l = BN_new();
- m = BN_new();
- ctx = BN_CTX_new();
- if (i == NULL || j == NULL || k == NULL || l == NULL ||
- m == NULL || ctx == NULL)
- {
- ret = -1;
- RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* p prime? */
- r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
- if (r != 1)
- {
- ret = r;
- if (r != 0)
- goto err;
- RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
- }
-
- /* q prime? */
- r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
- if (r != 1)
- {
- ret = r;
- if (r != 0)
- goto err;
- RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
- }
-
- /* n = p*q? */
- r = BN_mul(i, key->p, key->q, ctx);
- if (!r) { ret = -1; goto err; }
-
- if (BN_cmp(i, key->n) != 0)
- {
- ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
- }
-
- /* d*e = 1 mod lcm(p-1,q-1)? */
-
- r = BN_sub(i, key->p, BN_value_one());
- if (!r) { ret = -1; goto err; }
- r = BN_sub(j, key->q, BN_value_one());
- if (!r) { ret = -1; goto err; }
-
- /* now compute k = lcm(i,j) */
- r = BN_mul(l, i, j, ctx);
- if (!r) { ret = -1; goto err; }
- r = BN_gcd(m, i, j, ctx);
- if (!r) { ret = -1; goto err; }
- r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
- if (!r) { ret = -1; goto err; }
-
- r = BN_mod_mul(i, key->d, key->e, k, ctx);
- if (!r) { ret = -1; goto err; }
-
- if (!BN_is_one(i))
- {
- ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
- }
-
- if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL)
- {
- /* dmp1 = d mod (p-1)? */
- r = BN_sub(i, key->p, BN_value_one());
- if (!r) { ret = -1; goto err; }
-
- r = BN_mod(j, key->d, i, ctx);
- if (!r) { ret = -1; goto err; }
-
- if (BN_cmp(j, key->dmp1) != 0)
- {
- ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY,
- RSA_R_DMP1_NOT_CONGRUENT_TO_D);
- }
-
- /* dmq1 = d mod (q-1)? */
- r = BN_sub(i, key->q, BN_value_one());
- if (!r) { ret = -1; goto err; }
-
- r = BN_mod(j, key->d, i, ctx);
- if (!r) { ret = -1; goto err; }
-
- if (BN_cmp(j, key->dmq1) != 0)
- {
- ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY,
- RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
- }
-
- /* iqmp = q^-1 mod p? */
- if(!BN_mod_inverse(i, key->q, key->p, ctx))
- {
- ret = -1;
- goto err;
- }
-
- if (BN_cmp(i, key->iqmp) != 0)
- {
- ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY,
- RSA_R_IQMP_NOT_INVERSE_OF_Q);
- }
- }
-
- err:
- if (i != NULL) BN_free(i);
- if (j != NULL) BN_free(j);
- if (k != NULL) BN_free(k);
- if (l != NULL) BN_free(l);
- if (m != NULL) BN_free(m);
- if (ctx != NULL) BN_CTX_free(ctx);
- return (ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_chk.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_chk.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_chk.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_chk.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,209 @@
+/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+int RSA_check_key(const RSA *key)
+{
+ BIGNUM *i, *j, *k, *l, *m;
+ BN_CTX *ctx;
+ int r;
+ int ret = 1;
+
+ i = BN_new();
+ j = BN_new();
+ k = BN_new();
+ l = BN_new();
+ m = BN_new();
+ ctx = BN_CTX_new();
+ if (i == NULL || j == NULL || k == NULL || l == NULL ||
+ m == NULL || ctx == NULL) {
+ ret = -1;
+ RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* p prime? */
+ r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
+ if (r != 1) {
+ ret = r;
+ if (r != 0)
+ goto err;
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
+ }
+
+ /* q prime? */
+ r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
+ if (r != 1) {
+ ret = r;
+ if (r != 0)
+ goto err;
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
+ }
+
+ /* n = p*q? */
+ r = BN_mul(i, key->p, key->q, ctx);
+ if (!r) {
+ ret = -1;
+ goto err;
+ }
+
+ if (BN_cmp(i, key->n) != 0) {
+ ret = 0;
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+ }
+
+ /* d*e = 1 mod lcm(p-1,q-1)? */
+
+ r = BN_sub(i, key->p, BN_value_one());
+ if (!r) {
+ ret = -1;
+ goto err;
+ }
+ r = BN_sub(j, key->q, BN_value_one());
+ if (!r) {
+ ret = -1;
+ goto err;
+ }
+
+ /* now compute k = lcm(i,j) */
+ r = BN_mul(l, i, j, ctx);
+ if (!r) {
+ ret = -1;
+ goto err;
+ }
+ r = BN_gcd(m, i, j, ctx);
+ if (!r) {
+ ret = -1;
+ goto err;
+ }
+ r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
+ if (!r) {
+ ret = -1;
+ goto err;
+ }
+
+ r = BN_mod_mul(i, key->d, key->e, k, ctx);
+ if (!r) {
+ ret = -1;
+ goto err;
+ }
+
+ if (!BN_is_one(i)) {
+ ret = 0;
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
+ }
+
+ if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
+ /* dmp1 = d mod (p-1)? */
+ r = BN_sub(i, key->p, BN_value_one());
+ if (!r) {
+ ret = -1;
+ goto err;
+ }
+
+ r = BN_mod(j, key->d, i, ctx);
+ if (!r) {
+ ret = -1;
+ goto err;
+ }
+
+ if (BN_cmp(j, key->dmp1) != 0) {
+ ret = 0;
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
+ }
+
+ /* dmq1 = d mod (q-1)? */
+ r = BN_sub(i, key->q, BN_value_one());
+ if (!r) {
+ ret = -1;
+ goto err;
+ }
+
+ r = BN_mod(j, key->d, i, ctx);
+ if (!r) {
+ ret = -1;
+ goto err;
+ }
+
+ if (BN_cmp(j, key->dmq1) != 0) {
+ ret = 0;
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
+ }
+
+ /* iqmp = q^-1 mod p? */
+ if (!BN_mod_inverse(i, key->q, key->p, ctx)) {
+ ret = -1;
+ goto err;
+ }
+
+ if (BN_cmp(i, key->iqmp) != 0) {
+ ret = 0;
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q);
+ }
+ }
+
+ err:
+ if (i != NULL)
+ BN_free(i);
+ if (j != NULL)
+ BN_free(j);
+ if (k != NULL)
+ BN_free(k);
+ if (l != NULL)
+ BN_free(l);
+ if (m != NULL)
+ BN_free(m);
+ if (ctx != NULL)
+ BN_CTX_free(ctx);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_depr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_depr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_depr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,101 +0,0 @@
-/* crypto/rsa/rsa_depr.c */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NB: This file contains deprecated functions (compatibility wrappers to the
- * "new" versions). */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-#ifdef OPENSSL_NO_DEPRECATED
-
-static void *dummy=&dummy;
-
-#else
-
-RSA *RSA_generate_key(int bits, unsigned long e_value,
- void (*callback)(int,int,void *), void *cb_arg)
- {
- BN_GENCB cb;
- int i;
- RSA *rsa = RSA_new();
- BIGNUM *e = BN_new();
-
- if(!rsa || !e) goto err;
-
- /* The problem is when building with 8, 16, or 32 BN_ULONG,
- * unsigned long can be larger */
- for (i=0; i<(int)sizeof(unsigned long)*8; i++)
- {
- if (e_value & (1UL<<i))
- if (BN_set_bit(e,i) == 0)
- goto err;
- }
-
- BN_GENCB_set_old(&cb, callback, cb_arg);
-
- if(RSA_generate_key_ex(rsa, bits, e, &cb)) {
- BN_free(e);
- return rsa;
- }
-err:
- if(e) BN_free(e);
- if(rsa) RSA_free(rsa);
- return 0;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_depr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_depr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_depr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_depr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,107 @@
+/* crypto/rsa/rsa_depr.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NB: This file contains deprecated functions (compatibility wrappers to the
+ * "new" versions).
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+#ifdef OPENSSL_NO_DEPRECATED
+
+static void *dummy = &dummy;
+
+#else
+
+RSA *RSA_generate_key(int bits, unsigned long e_value,
+ void (*callback) (int, int, void *), void *cb_arg)
+{
+ BN_GENCB cb;
+ int i;
+ RSA *rsa = RSA_new();
+ BIGNUM *e = BN_new();
+
+ if (!rsa || !e)
+ goto err;
+
+ /*
+ * The problem is when building with 8, 16, or 32 BN_ULONG, unsigned long
+ * can be larger
+ */
+ for (i = 0; i < (int)sizeof(unsigned long) * 8; i++) {
+ if (e_value & (1UL << i))
+ if (BN_set_bit(e, i) == 0)
+ goto err;
+ }
+
+ BN_GENCB_set_old(&cb, callback, cb_arg);
+
+ if (RSA_generate_key_ex(rsa, bits, e, &cb)) {
+ BN_free(e);
+ return rsa;
+ }
+ err:
+ if (e)
+ BN_free(e);
+ if (rsa)
+ RSA_free(rsa);
+ return 0;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eay.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_eay.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eay.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,913 +0,0 @@
-/* crypto/rsa/rsa_eay.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
-
-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
-static int RSA_eay_init(RSA *rsa);
-static int RSA_eay_finish(RSA *rsa);
-static RSA_METHOD rsa_pkcs1_eay_meth={
- "Eric Young's PKCS#1 RSA",
- RSA_eay_public_encrypt,
- RSA_eay_public_decrypt, /* signature verification */
- RSA_eay_private_encrypt, /* signing */
- RSA_eay_private_decrypt,
- RSA_eay_mod_exp,
- BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */
- RSA_eay_init,
- RSA_eay_finish,
- 0, /* flags */
- NULL,
- 0, /* rsa_sign */
- 0, /* rsa_verify */
- NULL /* rsa_keygen */
- };
-
-const RSA_METHOD *RSA_PKCS1_SSLeay(void)
- {
- return(&rsa_pkcs1_eay_meth);
- }
-
-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- BIGNUM *f,*ret;
- int i,j,k,num=0,r= -1;
- unsigned char *buf=NULL;
- BN_CTX *ctx=NULL;
-
- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
- return -1;
- }
-
- if (BN_ucmp(rsa->n, rsa->e) <= 0)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
- return -1;
- }
-
- /* for large moduli, enforce exponent limit */
- if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
- {
- if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
- return -1;
- }
- }
-
- if ((ctx=BN_CTX_new()) == NULL) goto err;
- BN_CTX_start(ctx);
- f = BN_CTX_get(ctx);
- ret = BN_CTX_get(ctx);
- num=BN_num_bytes(rsa->n);
- buf = OPENSSL_malloc(num);
- if (!f || !ret || !buf)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- switch (padding)
- {
- case RSA_PKCS1_PADDING:
- i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
- break;
-#ifndef OPENSSL_NO_SHA
- case RSA_PKCS1_OAEP_PADDING:
- i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
- break;
-#endif
- case RSA_SSLV23_PADDING:
- i=RSA_padding_add_SSLv23(buf,num,from,flen);
- break;
- case RSA_NO_PADDING:
- i=RSA_padding_add_none(buf,num,from,flen);
- break;
- default:
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
- if (i <= 0) goto err;
-
- if (BN_bin2bn(buf,num,f) == NULL) goto err;
-
- if (BN_ucmp(f, rsa->n) >= 0)
- {
- /* usually the padding functions would catch this */
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
- goto err;
- }
-
- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
- goto err;
-
- if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
- rsa->_method_mod_n)) goto err;
-
- /* put in leading 0 bytes if the number is less than the
- * length of the modulus */
- j=BN_num_bytes(ret);
- i=BN_bn2bin(ret,&(to[num-j]));
- for (k=0; k<(num-i); k++)
- to[k]=0;
-
- r=num;
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,num);
- OPENSSL_free(buf);
- }
- return(r);
- }
-
-static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
-{
- BN_BLINDING *ret;
- int got_write_lock = 0;
-
- CRYPTO_r_lock(CRYPTO_LOCK_RSA);
-
- if (rsa->blinding == NULL)
- {
- CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- got_write_lock = 1;
-
- if (rsa->blinding == NULL)
- rsa->blinding = RSA_setup_blinding(rsa, ctx);
- }
-
- ret = rsa->blinding;
- if (ret == NULL)
- goto err;
-
- if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
- {
- /* rsa->blinding is ours! */
-
- *local = 1;
- }
- else
- {
- /* resort to rsa->mt_blinding instead */
-
- *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
- * that the BN_BLINDING is shared, meaning that accesses
- * require locks, and that the blinding factor must be
- * stored outside the BN_BLINDING
- */
-
- if (rsa->mt_blinding == NULL)
- {
- if (!got_write_lock)
- {
- CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- got_write_lock = 1;
- }
-
- if (rsa->mt_blinding == NULL)
- rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
- }
- ret = rsa->mt_blinding;
- }
-
- err:
- if (got_write_lock)
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- else
- CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
- return ret;
-}
-
-static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
- BN_CTX *ctx)
- {
- if (unblind == NULL)
- /* Local blinding: store the unblinding factor
- * in BN_BLINDING. */
- return BN_BLINDING_convert_ex(f, NULL, b, ctx);
- else
- {
- /* Shared blinding: store the unblinding factor
- * outside BN_BLINDING. */
- int ret;
- CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
- ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
- return ret;
- }
- }
-
-static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
- BN_CTX *ctx)
- {
- /* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
- * will use the unblinding factor stored in BN_BLINDING.
- * If BN_BLINDING is shared between threads, unblind must be non-null:
- * BN_BLINDING_invert_ex will then use the local unblinding factor,
- * and will only read the modulus from BN_BLINDING.
- * In both cases it's safe to access the blinding without a lock.
- */
- return BN_BLINDING_invert_ex(f, unblind, b, ctx);
- }
-
-/* signing */
-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- BIGNUM *f, *ret, *res;
- int i,j,k,num=0,r= -1;
- unsigned char *buf=NULL;
- BN_CTX *ctx=NULL;
- int local_blinding = 0;
- /* Used only if the blinding structure is shared. A non-NULL unblind
- * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
- * the unblinding factor outside the blinding structure. */
- BIGNUM *unblind = NULL;
- BN_BLINDING *blinding = NULL;
-
- if ((ctx=BN_CTX_new()) == NULL) goto err;
- BN_CTX_start(ctx);
- f = BN_CTX_get(ctx);
- ret = BN_CTX_get(ctx);
- num = BN_num_bytes(rsa->n);
- buf = OPENSSL_malloc(num);
- if(!f || !ret || !buf)
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- switch (padding)
- {
- case RSA_PKCS1_PADDING:
- i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
- break;
- case RSA_X931_PADDING:
- i=RSA_padding_add_X931(buf,num,from,flen);
- break;
- case RSA_NO_PADDING:
- i=RSA_padding_add_none(buf,num,from,flen);
- break;
- case RSA_SSLV23_PADDING:
- default:
- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
- if (i <= 0) goto err;
-
- if (BN_bin2bn(buf,num,f) == NULL) goto err;
-
- if (BN_ucmp(f, rsa->n) >= 0)
- {
- /* usually the padding functions would catch this */
- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
- goto err;
- }
-
- if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
- {
- blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
- if (blinding == NULL)
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- if (blinding != NULL)
- {
- if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!rsa_blinding_convert(blinding, f, unblind, ctx))
- goto err;
- }
-
- if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
- ((rsa->p != NULL) &&
- (rsa->q != NULL) &&
- (rsa->dmp1 != NULL) &&
- (rsa->dmq1 != NULL) &&
- (rsa->iqmp != NULL)) )
- {
- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
- }
- else
- {
- BIGNUM local_d;
- BIGNUM *d = NULL;
-
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- BN_init(&local_d);
- d = &local_d;
- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
- }
- else
- d= rsa->d;
-
- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
- if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
- goto err;
-
- if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
- rsa->_method_mod_n)) goto err;
- }
-
- if (blinding)
- if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
- goto err;
-
- if (padding == RSA_X931_PADDING)
- {
- BN_sub(f, rsa->n, ret);
- if (BN_cmp(ret, f) > 0)
- res = f;
- else
- res = ret;
- }
- else
- res = ret;
-
- /* put in leading 0 bytes if the number is less than the
- * length of the modulus */
- j=BN_num_bytes(res);
- i=BN_bn2bin(res,&(to[num-j]));
- for (k=0; k<(num-i); k++)
- to[k]=0;
-
- r=num;
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,num);
- OPENSSL_free(buf);
- }
- return(r);
- }
-
-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- BIGNUM *f, *ret;
- int j,num=0,r= -1;
- unsigned char *p;
- unsigned char *buf=NULL;
- BN_CTX *ctx=NULL;
- int local_blinding = 0;
- /* Used only if the blinding structure is shared. A non-NULL unblind
- * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
- * the unblinding factor outside the blinding structure. */
- BIGNUM *unblind = NULL;
- BN_BLINDING *blinding = NULL;
-
- if((ctx = BN_CTX_new()) == NULL) goto err;
- BN_CTX_start(ctx);
- f = BN_CTX_get(ctx);
- ret = BN_CTX_get(ctx);
- num = BN_num_bytes(rsa->n);
- buf = OPENSSL_malloc(num);
- if(!f || !ret || !buf)
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* This check was for equality but PGP does evil things
- * and chops off the top '0' bytes */
- if (flen > num)
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
- goto err;
- }
-
- /* make data into a big number */
- if (BN_bin2bn(from,(int)flen,f) == NULL) goto err;
-
- if (BN_ucmp(f, rsa->n) >= 0)
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
- goto err;
- }
-
- if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
- {
- blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
- if (blinding == NULL)
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- if (blinding != NULL)
- {
- if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!rsa_blinding_convert(blinding, f, unblind, ctx))
- goto err;
- }
-
- /* do the decrypt */
- if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
- ((rsa->p != NULL) &&
- (rsa->q != NULL) &&
- (rsa->dmp1 != NULL) &&
- (rsa->dmq1 != NULL) &&
- (rsa->iqmp != NULL)) )
- {
- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
- }
- else
- {
- BIGNUM local_d;
- BIGNUM *d = NULL;
-
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- d = &local_d;
- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
- }
- else
- d = rsa->d;
-
- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
- goto err;
- if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
- rsa->_method_mod_n))
- goto err;
- }
-
- if (blinding)
- if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
- goto err;
-
- p=buf;
- j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */
-
- switch (padding)
- {
- case RSA_PKCS1_PADDING:
- r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
- break;
-#ifndef OPENSSL_NO_SHA
- case RSA_PKCS1_OAEP_PADDING:
- r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
- break;
-#endif
- case RSA_SSLV23_PADDING:
- r=RSA_padding_check_SSLv23(to,num,buf,j,num);
- break;
- case RSA_NO_PADDING:
- r=RSA_padding_check_none(to,num,buf,j,num);
- break;
- default:
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
- if (r < 0)
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,num);
- OPENSSL_free(buf);
- }
- return(r);
- }
-
-/* signature verification */
-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- BIGNUM *f,*ret;
- int i,num=0,r= -1;
- unsigned char *p;
- unsigned char *buf=NULL;
- BN_CTX *ctx=NULL;
-
- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
- return -1;
- }
-
- if (BN_ucmp(rsa->n, rsa->e) <= 0)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
- return -1;
- }
-
- /* for large moduli, enforce exponent limit */
- if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
- {
- if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
- return -1;
- }
- }
-
- if((ctx = BN_CTX_new()) == NULL) goto err;
- BN_CTX_start(ctx);
- f = BN_CTX_get(ctx);
- ret = BN_CTX_get(ctx);
- num=BN_num_bytes(rsa->n);
- buf = OPENSSL_malloc(num);
- if(!f || !ret || !buf)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* This check was for equality but PGP does evil things
- * and chops off the top '0' bytes */
- if (flen > num)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
- goto err;
- }
-
- if (BN_bin2bn(from,flen,f) == NULL) goto err;
-
- if (BN_ucmp(f, rsa->n) >= 0)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
- goto err;
- }
-
- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
- goto err;
-
- if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
- rsa->_method_mod_n)) goto err;
-
- if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
- if (!BN_sub(ret, rsa->n, ret)) goto err;
-
- p=buf;
- i=BN_bn2bin(ret,p);
-
- switch (padding)
- {
- case RSA_PKCS1_PADDING:
- r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
- break;
- case RSA_X931_PADDING:
- r=RSA_padding_check_X931(to,num,buf,i,num);
- break;
- case RSA_NO_PADDING:
- r=RSA_padding_check_none(to,num,buf,i,num);
- break;
- default:
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
- if (r < 0)
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,num);
- OPENSSL_free(buf);
- }
- return(r);
- }
-
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- BIGNUM *r1,*m1,*vrfy;
- BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
- BIGNUM *dmp1,*dmq1,*c,*pr1;
- int ret=0;
-
- BN_CTX_start(ctx);
- r1 = BN_CTX_get(ctx);
- m1 = BN_CTX_get(ctx);
- vrfy = BN_CTX_get(ctx);
-
- {
- BIGNUM local_p, local_q;
- BIGNUM *p = NULL, *q = NULL;
-
- /* Make sure BN_mod_inverse in Montgomery intialization uses the
- * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
- */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- BN_init(&local_p);
- p = &local_p;
- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-
- BN_init(&local_q);
- q = &local_q;
- BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
- }
- else
- {
- p = rsa->p;
- q = rsa->q;
- }
-
- if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
- {
- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
- goto err;
- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
- goto err;
- }
- }
-
- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
- if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
- goto err;
-
- /* compute I mod q */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- c = &local_c;
- BN_with_flags(c, I, BN_FLG_CONSTTIME);
- if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
- }
- else
- {
- if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
- }
-
- /* compute r1^dmq1 mod q */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- dmq1 = &local_dmq1;
- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
- }
- else
- dmq1 = rsa->dmq1;
- if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx,
- rsa->_method_mod_q)) goto err;
-
- /* compute I mod p */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- c = &local_c;
- BN_with_flags(c, I, BN_FLG_CONSTTIME);
- if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
- }
- else
- {
- if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
- }
-
- /* compute r1^dmp1 mod p */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- dmp1 = &local_dmp1;
- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
- }
- else
- dmp1 = rsa->dmp1;
- if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx,
- rsa->_method_mod_p)) goto err;
-
- if (!BN_sub(r0,r0,m1)) goto err;
- /* This will help stop the size of r0 increasing, which does
- * affect the multiply if it optimised for a power of 2 size */
- if (BN_is_negative(r0))
- if (!BN_add(r0,r0,rsa->p)) goto err;
-
- if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
-
- /* Turn BN_FLG_CONSTTIME flag on before division operation */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- pr1 = &local_r1;
- BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
- }
- else
- pr1 = r1;
- if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
-
- /* If p < q it is occasionally possible for the correction of
- * adding 'p' if r0 is negative above to leave the result still
- * negative. This can break the private key operations: the following
- * second correction should *always* correct this rare occurrence.
- * This will *never* happen with OpenSSL generated keys because
- * they ensure p > q [steve]
- */
- if (BN_is_negative(r0))
- if (!BN_add(r0,r0,rsa->p)) goto err;
- if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
- if (!BN_add(r0,r1,m1)) goto err;
-
- if (rsa->e && rsa->n)
- {
- if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err;
- /* If 'I' was greater than (or equal to) rsa->n, the operation
- * will be equivalent to using 'I mod n'. However, the result of
- * the verify will *always* be less than 'n' so we don't check
- * for absolute equality, just congruency. */
- if (!BN_sub(vrfy, vrfy, I)) goto err;
- if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err;
- if (BN_is_negative(vrfy))
- if (!BN_add(vrfy, vrfy, rsa->n)) goto err;
- if (!BN_is_zero(vrfy))
- {
- /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
- * miscalculated CRT output, just do a raw (slower)
- * mod_exp and return that instead. */
-
- BIGNUM local_d;
- BIGNUM *d = NULL;
-
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- d = &local_d;
- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
- }
- else
- d = rsa->d;
- if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,
- rsa->_method_mod_n)) goto err;
- }
- }
- ret=1;
-err:
- BN_CTX_end(ctx);
- return(ret);
- }
-
-static int RSA_eay_init(RSA *rsa)
- {
- rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
- return(1);
- }
-
-static int RSA_eay_finish(RSA *rsa)
- {
- if (rsa->_method_mod_n != NULL)
- BN_MONT_CTX_free(rsa->_method_mod_n);
- if (rsa->_method_mod_p != NULL)
- BN_MONT_CTX_free(rsa->_method_mod_p);
- if (rsa->_method_mod_q != NULL)
- BN_MONT_CTX_free(rsa->_method_mod_q);
- return(1);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eay.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_eay.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eay.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eay.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,902 @@
+/* crypto/rsa/rsa_eay.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
+
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+ BN_CTX *ctx);
+static int RSA_eay_init(RSA *rsa);
+static int RSA_eay_finish(RSA *rsa);
+static RSA_METHOD rsa_pkcs1_eay_meth = {
+ "Eric Young's PKCS#1 RSA",
+ RSA_eay_public_encrypt,
+ RSA_eay_public_decrypt, /* signature verification */
+ RSA_eay_private_encrypt, /* signing */
+ RSA_eay_private_decrypt,
+ RSA_eay_mod_exp,
+ BN_mod_exp_mont, /* XXX probably we should not use Montgomery
+ * if e == 3 */
+ RSA_eay_init,
+ RSA_eay_finish,
+ 0, /* flags */
+ NULL,
+ 0, /* rsa_sign */
+ 0, /* rsa_verify */
+ NULL /* rsa_keygen */
+};
+
+const RSA_METHOD *RSA_PKCS1_SSLeay(void)
+{
+ return (&rsa_pkcs1_eay_meth);
+}
+
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ BIGNUM *f, *ret;
+ int i, j, k, num = 0, r = -1;
+ unsigned char *buf = NULL;
+ BN_CTX *ctx = NULL;
+
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
+ if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+
+ /* for large moduli, enforce exponent limit */
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ f = BN_CTX_get(ctx);
+ ret = BN_CTX_get(ctx);
+ num = BN_num_bytes(rsa->n);
+ buf = OPENSSL_malloc(num);
+ if (!f || !ret || !buf) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ switch (padding) {
+ case RSA_PKCS1_PADDING:
+ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
+ break;
+# ifndef OPENSSL_NO_SHA
+ case RSA_PKCS1_OAEP_PADDING:
+ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
+ break;
+# endif
+ case RSA_SSLV23_PADDING:
+ i = RSA_padding_add_SSLv23(buf, num, from, flen);
+ break;
+ case RSA_NO_PADDING:
+ i = RSA_padding_add_none(buf, num, from, flen);
+ break;
+ default:
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (i <= 0)
+ goto err;
+
+ if (BN_bin2bn(buf, num, f) == NULL)
+ goto err;
+
+ if (BN_ucmp(f, rsa->n) >= 0) {
+ /* usually the padding functions would catch this */
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+ goto err;
+
+ if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+ rsa->_method_mod_n))
+ goto err;
+
+ /*
+ * put in leading 0 bytes if the number is less than the length of the
+ * modulus
+ */
+ j = BN_num_bytes(ret);
+ i = BN_bn2bin(ret, &(to[num - j]));
+ for (k = 0; k < (num - i); k++)
+ to[k] = 0;
+
+ r = num;
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, num);
+ OPENSSL_free(buf);
+ }
+ return (r);
+}
+
+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
+{
+ BN_BLINDING *ret;
+ int got_write_lock = 0;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_RSA);
+
+ if (rsa->blinding == NULL) {
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ got_write_lock = 1;
+
+ if (rsa->blinding == NULL)
+ rsa->blinding = RSA_setup_blinding(rsa, ctx);
+ }
+
+ ret = rsa->blinding;
+ if (ret == NULL)
+ goto err;
+
+ if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) {
+ /* rsa->blinding is ours! */
+
+ *local = 1;
+ } else {
+ /* resort to rsa->mt_blinding instead */
+
+ /*
+ * instructs rsa_blinding_convert(), rsa_blinding_invert() that the
+ * BN_BLINDING is shared, meaning that accesses require locks, and
+ * that the blinding factor must be stored outside the BN_BLINDING
+ */
+ *local = 0;
+
+ if (rsa->mt_blinding == NULL) {
+ if (!got_write_lock) {
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ got_write_lock = 1;
+ }
+
+ if (rsa->mt_blinding == NULL)
+ rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
+ }
+ ret = rsa->mt_blinding;
+ }
+
+ err:
+ if (got_write_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ else
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ return ret;
+}
+
+static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+ BN_CTX *ctx)
+{
+ if (unblind == NULL)
+ /*
+ * Local blinding: store the unblinding factor in BN_BLINDING.
+ */
+ return BN_BLINDING_convert_ex(f, NULL, b, ctx);
+ else {
+ /*
+ * Shared blinding: store the unblinding factor outside BN_BLINDING.
+ */
+ int ret;
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
+ ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
+ return ret;
+ }
+}
+
+static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+ BN_CTX *ctx)
+{
+ /*
+ * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
+ * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING
+ * is shared between threads, unblind must be non-null:
+ * BN_BLINDING_invert_ex will then use the local unblinding factor, and
+ * will only read the modulus from BN_BLINDING. In both cases it's safe
+ * to access the blinding without a lock.
+ */
+ return BN_BLINDING_invert_ex(f, unblind, b, ctx);
+}
+
+/* signing */
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ BIGNUM *f, *ret, *res;
+ int i, j, k, num = 0, r = -1;
+ unsigned char *buf = NULL;
+ BN_CTX *ctx = NULL;
+ int local_blinding = 0;
+ /*
+ * Used only if the blinding structure is shared. A non-NULL unblind
+ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+ * the unblinding factor outside the blinding structure.
+ */
+ BIGNUM *unblind = NULL;
+ BN_BLINDING *blinding = NULL;
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ f = BN_CTX_get(ctx);
+ ret = BN_CTX_get(ctx);
+ num = BN_num_bytes(rsa->n);
+ buf = OPENSSL_malloc(num);
+ if (!f || !ret || !buf) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ switch (padding) {
+ case RSA_PKCS1_PADDING:
+ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
+ break;
+ case RSA_X931_PADDING:
+ i = RSA_padding_add_X931(buf, num, from, flen);
+ break;
+ case RSA_NO_PADDING:
+ i = RSA_padding_add_none(buf, num, from, flen);
+ break;
+ case RSA_SSLV23_PADDING:
+ default:
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (i <= 0)
+ goto err;
+
+ if (BN_bin2bn(buf, num, f) == NULL)
+ goto err;
+
+ if (BN_ucmp(f, rsa->n) >= 0) {
+ /* usually the padding functions would catch this */
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+ if (blinding == NULL) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (blinding != NULL) {
+ if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+ goto err;
+ }
+
+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+ ((rsa->p != NULL) &&
+ (rsa->q != NULL) &&
+ (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+ goto err;
+ } else {
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ BN_init(&local_d);
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+ goto err;
+
+ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+ rsa->_method_mod_n))
+ goto err;
+ }
+
+ if (blinding)
+ if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+ goto err;
+
+ if (padding == RSA_X931_PADDING) {
+ BN_sub(f, rsa->n, ret);
+ if (BN_cmp(ret, f) > 0)
+ res = f;
+ else
+ res = ret;
+ } else
+ res = ret;
+
+ /*
+ * put in leading 0 bytes if the number is less than the length of the
+ * modulus
+ */
+ j = BN_num_bytes(res);
+ i = BN_bn2bin(res, &(to[num - j]));
+ for (k = 0; k < (num - i); k++)
+ to[k] = 0;
+
+ r = num;
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, num);
+ OPENSSL_free(buf);
+ }
+ return (r);
+}
+
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ BIGNUM *f, *ret;
+ int j, num = 0, r = -1;
+ unsigned char *p;
+ unsigned char *buf = NULL;
+ BN_CTX *ctx = NULL;
+ int local_blinding = 0;
+ /*
+ * Used only if the blinding structure is shared. A non-NULL unblind
+ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+ * the unblinding factor outside the blinding structure.
+ */
+ BIGNUM *unblind = NULL;
+ BN_BLINDING *blinding = NULL;
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ f = BN_CTX_get(ctx);
+ ret = BN_CTX_get(ctx);
+ num = BN_num_bytes(rsa->n);
+ buf = OPENSSL_malloc(num);
+ if (!f || !ret || !buf) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /*
+ * This check was for equality but PGP does evil things and chops off the
+ * top '0' bytes
+ */
+ if (flen > num) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
+ RSA_R_DATA_GREATER_THAN_MOD_LEN);
+ goto err;
+ }
+
+ /* make data into a big number */
+ if (BN_bin2bn(from, (int)flen, f) == NULL)
+ goto err;
+
+ if (BN_ucmp(f, rsa->n) >= 0) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+ if (blinding == NULL) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (blinding != NULL) {
+ if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+ goto err;
+ }
+
+ /* do the decrypt */
+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+ ((rsa->p != NULL) &&
+ (rsa->q != NULL) &&
+ (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+ goto err;
+ } else {
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+ goto err;
+ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+ rsa->_method_mod_n))
+ goto err;
+ }
+
+ if (blinding)
+ if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+ goto err;
+
+ p = buf;
+ j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */
+
+ switch (padding) {
+ case RSA_PKCS1_PADDING:
+ r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
+ break;
+# ifndef OPENSSL_NO_SHA
+ case RSA_PKCS1_OAEP_PADDING:
+ r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
+ break;
+# endif
+ case RSA_SSLV23_PADDING:
+ r = RSA_padding_check_SSLv23(to, num, buf, j, num);
+ break;
+ case RSA_NO_PADDING:
+ r = RSA_padding_check_none(to, num, buf, j, num);
+ break;
+ default:
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (r < 0)
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, num);
+ OPENSSL_free(buf);
+ }
+ return (r);
+}
+
+/* signature verification */
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ BIGNUM *f, *ret;
+ int i, num = 0, r = -1;
+ unsigned char *p;
+ unsigned char *buf = NULL;
+ BN_CTX *ctx = NULL;
+
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
+ if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+
+ /* for large moduli, enforce exponent limit */
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ f = BN_CTX_get(ctx);
+ ret = BN_CTX_get(ctx);
+ num = BN_num_bytes(rsa->n);
+ buf = OPENSSL_malloc(num);
+ if (!f || !ret || !buf) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /*
+ * This check was for equality but PGP does evil things and chops off the
+ * top '0' bytes
+ */
+ if (flen > num) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN);
+ goto err;
+ }
+
+ if (BN_bin2bn(from, flen, f) == NULL)
+ goto err;
+
+ if (BN_ucmp(f, rsa->n) >= 0) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+ goto err;
+
+ if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+ rsa->_method_mod_n))
+ goto err;
+
+ if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
+ if (!BN_sub(ret, rsa->n, ret))
+ goto err;
+
+ p = buf;
+ i = BN_bn2bin(ret, p);
+
+ switch (padding) {
+ case RSA_PKCS1_PADDING:
+ r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num);
+ break;
+ case RSA_X931_PADDING:
+ r = RSA_padding_check_X931(to, num, buf, i, num);
+ break;
+ case RSA_NO_PADDING:
+ r = RSA_padding_check_none(to, num, buf, i, num);
+ break;
+ default:
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (r < 0)
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, num);
+ OPENSSL_free(buf);
+ }
+ return (r);
+}
+
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+ BIGNUM *r1, *m1, *vrfy;
+ BIGNUM local_dmp1, local_dmq1, local_c, local_r1;
+ BIGNUM *dmp1, *dmq1, *c, *pr1;
+ int ret = 0;
+
+ BN_CTX_start(ctx);
+ r1 = BN_CTX_get(ctx);
+ m1 = BN_CTX_get(ctx);
+ vrfy = BN_CTX_get(ctx);
+
+ {
+ BIGNUM local_p, local_q;
+ BIGNUM *p = NULL, *q = NULL;
+
+ /*
+ * Make sure BN_mod_inverse in Montgomery intialization uses the
+ * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
+ */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ BN_init(&local_p);
+ p = &local_p;
+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+
+ BN_init(&local_q);
+ q = &local_q;
+ BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
+ } else {
+ p = rsa->p;
+ q = rsa->q;
+ }
+
+ if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
+ goto err;
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
+ goto err;
+ }
+ }
+
+ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+ goto err;
+
+ /* compute I mod q */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ c = &local_c;
+ BN_with_flags(c, I, BN_FLG_CONSTTIME);
+ if (!BN_mod(r1, c, rsa->q, ctx))
+ goto err;
+ } else {
+ if (!BN_mod(r1, I, rsa->q, ctx))
+ goto err;
+ }
+
+ /* compute r1^dmq1 mod q */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ dmq1 = &local_dmq1;
+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+ } else
+ dmq1 = rsa->dmq1;
+ if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, rsa->_method_mod_q))
+ goto err;
+
+ /* compute I mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ c = &local_c;
+ BN_with_flags(c, I, BN_FLG_CONSTTIME);
+ if (!BN_mod(r1, c, rsa->p, ctx))
+ goto err;
+ } else {
+ if (!BN_mod(r1, I, rsa->p, ctx))
+ goto err;
+ }
+
+ /* compute r1^dmp1 mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ dmp1 = &local_dmp1;
+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+ } else
+ dmp1 = rsa->dmp1;
+ if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, rsa->_method_mod_p))
+ goto err;
+
+ if (!BN_sub(r0, r0, m1))
+ goto err;
+ /*
+ * This will help stop the size of r0 increasing, which does affect the
+ * multiply if it optimised for a power of 2 size
+ */
+ if (BN_is_negative(r0))
+ if (!BN_add(r0, r0, rsa->p))
+ goto err;
+
+ if (!BN_mul(r1, r0, rsa->iqmp, ctx))
+ goto err;
+
+ /* Turn BN_FLG_CONSTTIME flag on before division operation */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ pr1 = &local_r1;
+ BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
+ } else
+ pr1 = r1;
+ if (!BN_mod(r0, pr1, rsa->p, ctx))
+ goto err;
+
+ /*
+ * If p < q it is occasionally possible for the correction of adding 'p'
+ * if r0 is negative above to leave the result still negative. This can
+ * break the private key operations: the following second correction
+ * should *always* correct this rare occurrence. This will *never* happen
+ * with OpenSSL generated keys because they ensure p > q [steve]
+ */
+ if (BN_is_negative(r0))
+ if (!BN_add(r0, r0, rsa->p))
+ goto err;
+ if (!BN_mul(r1, r0, rsa->q, ctx))
+ goto err;
+ if (!BN_add(r0, r1, m1))
+ goto err;
+
+ if (rsa->e && rsa->n) {
+ if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx,
+ rsa->_method_mod_n))
+ goto err;
+ /*
+ * If 'I' was greater than (or equal to) rsa->n, the operation will
+ * be equivalent to using 'I mod n'. However, the result of the
+ * verify will *always* be less than 'n' so we don't check for
+ * absolute equality, just congruency.
+ */
+ if (!BN_sub(vrfy, vrfy, I))
+ goto err;
+ if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
+ goto err;
+ if (BN_is_negative(vrfy))
+ if (!BN_add(vrfy, vrfy, rsa->n))
+ goto err;
+ if (!BN_is_zero(vrfy)) {
+ /*
+ * 'I' and 'vrfy' aren't congruent mod n. Don't leak
+ * miscalculated CRT output, just do a raw (slower) mod_exp and
+ * return that instead.
+ */
+
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
+ if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx,
+ rsa->_method_mod_n))
+ goto err;
+ }
+ }
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ return (ret);
+}
+
+static int RSA_eay_init(RSA *rsa)
+{
+ rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
+ return (1);
+}
+
+static int RSA_eay_finish(RSA *rsa)
+{
+ if (rsa->_method_mod_n != NULL)
+ BN_MONT_CTX_free(rsa->_method_mod_n);
+ if (rsa->_method_mod_p != NULL)
+ BN_MONT_CTX_free(rsa->_method_mod_p);
+ if (rsa->_method_mod_q != NULL)
+ BN_MONT_CTX_free(rsa->_method_mod_q);
+ return (1);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eng.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_eng.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eng.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,357 +0,0 @@
-/* crypto/rsa/rsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
-
-static const RSA_METHOD *default_RSA_meth=NULL;
-
-RSA *RSA_new(void)
- {
- RSA *r=RSA_new_method(NULL);
-
- return r;
- }
-
-void RSA_set_default_method(const RSA_METHOD *meth)
- {
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
- {
- RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
- return;
- }
-#endif
- default_RSA_meth = meth;
- }
-
-const RSA_METHOD *RSA_get_default_method(void)
- {
- if (default_RSA_meth == NULL)
- {
-#ifdef RSA_NULL
- default_RSA_meth=RSA_null_method();
-#else
-#if 0 /* was: #ifdef RSAref */
- default_RSA_meth=RSA_PKCS1_RSAref();
-#else
- default_RSA_meth=RSA_PKCS1_SSLeay();
-#endif
-#endif
- }
-
- return default_RSA_meth;
- }
-
-const RSA_METHOD *RSA_get_method(const RSA *rsa)
- {
- return rsa->meth;
- }
-
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
- {
- /* NB: The caller is specifically setting a method, so it's not up to us
- * to deal with which ENGINE it comes from. */
- const RSA_METHOD *mtmp;
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
- {
- RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
- return 0;
- }
-#endif
- mtmp = rsa->meth;
- if (mtmp->finish) mtmp->finish(rsa);
-#ifndef OPENSSL_NO_ENGINE
- if (rsa->engine)
- {
- ENGINE_finish(rsa->engine);
- rsa->engine = NULL;
- }
-#endif
- rsa->meth = meth;
- if (meth->init) meth->init(rsa);
- return 1;
- }
-
-RSA *RSA_new_method(ENGINE *engine)
- {
- RSA *ret;
-
- ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
- if (ret == NULL)
- {
- RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- ret->meth = RSA_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
- if (engine)
- {
- if (!ENGINE_init(engine))
- {
- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
- OPENSSL_free(ret);
- return NULL;
- }
- ret->engine = engine;
- }
- else
- ret->engine = ENGINE_get_default_RSA();
- if(ret->engine)
- {
- ret->meth = ENGINE_get_RSA(ret->engine);
- if(!ret->meth)
- {
- RSAerr(RSA_F_RSA_NEW_METHOD,
- ERR_R_ENGINE_LIB);
- ENGINE_finish(ret->engine);
- OPENSSL_free(ret);
- return NULL;
- }
- }
-#endif
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
- {
- RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
-#ifndef OPENSSL_NO_ENGINE
- if (ret->engine)
- ENGINE_finish(ret->engine);
-#endif
- OPENSSL_free(ret);
- return NULL;
- }
-#endif
-
- ret->pad=0;
- ret->version=0;
- ret->n=NULL;
- ret->e=NULL;
- ret->d=NULL;
- ret->p=NULL;
- ret->q=NULL;
- ret->dmp1=NULL;
- ret->dmq1=NULL;
- ret->iqmp=NULL;
- ret->references=1;
- ret->_method_mod_n=NULL;
- ret->_method_mod_p=NULL;
- ret->_method_mod_q=NULL;
- ret->blinding=NULL;
- ret->mt_blinding=NULL;
- ret->bignum_data=NULL;
- ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
- {
-#ifndef OPENSSL_NO_ENGINE
- if (ret->engine)
- ENGINE_finish(ret->engine);
-#endif
- OPENSSL_free(ret);
- return(NULL);
- }
-
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
- {
-#ifndef OPENSSL_NO_ENGINE
- if (ret->engine)
- ENGINE_finish(ret->engine);
-#endif
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
- OPENSSL_free(ret);
- ret=NULL;
- }
- return(ret);
- }
-
-void RSA_free(RSA *r)
- {
- int i;
-
- if (r == NULL) return;
-
- i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
-#ifdef REF_PRINT
- REF_PRINT("RSA",r);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"RSA_free, bad reference count\n");
- abort();
- }
-#endif
-
- if (r->meth->finish)
- r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
- if (r->engine)
- ENGINE_finish(r->engine);
-#endif
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
-
- if (r->n != NULL) BN_clear_free(r->n);
- if (r->e != NULL) BN_clear_free(r->e);
- if (r->d != NULL) BN_clear_free(r->d);
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
- if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
- if (r->iqmp != NULL) BN_clear_free(r->iqmp);
- if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
- if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
- if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
- OPENSSL_free(r);
- }
-
-int RSA_up_ref(RSA *r)
- {
- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
-#ifdef REF_PRINT
- REF_PRINT("RSA",r);
-#endif
-#ifdef REF_CHECK
- if (i < 2)
- {
- fprintf(stderr, "RSA_up_ref, bad reference count\n");
- abort();
- }
-#endif
- return ((i > 1) ? 1 : 0);
- }
-
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int RSA_set_ex_data(RSA *r, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
- }
-
-void *RSA_get_ex_data(const RSA *r, int idx)
- {
- return(CRYPTO_get_ex_data(&r->ex_data,idx));
- }
-
-int RSA_flags(const RSA *r)
- {
- return((r == NULL)?0:r->meth->flags);
- }
-
-int RSA_memory_lock(RSA *r)
- {
- int i,j,k,off;
- char *p;
- BIGNUM *bn,**t[6],*b;
- BN_ULONG *ul;
-
- if (r->d == NULL) return(1);
- t[0]= &r->d;
- t[1]= &r->p;
- t[2]= &r->q;
- t[3]= &r->dmp1;
- t[4]= &r->dmq1;
- t[5]= &r->iqmp;
- k=sizeof(BIGNUM)*6;
- off=k/sizeof(BN_ULONG)+1;
- j=1;
- for (i=0; i<6; i++)
- j+= (*t[i])->top;
- if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
- {
- RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- bn=(BIGNUM *)p;
- ul=(BN_ULONG *)&(p[off]);
- for (i=0; i<6; i++)
- {
- b= *(t[i]);
- *(t[i])= &(bn[i]);
- memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
- bn[i].flags=BN_FLG_STATIC_DATA;
- bn[i].d=ul;
- memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
- ul+=b->top;
- BN_clear_free(b);
- }
-
- /* I should fix this so it can still be done */
- r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
-
- r->bignum_data=p;
- return(1);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eng.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_eng.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eng.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_eng.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,357 @@
+/* crypto/rsa/rsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+const char RSA_version[] = "RSA" OPENSSL_VERSION_PTEXT;
+
+static const RSA_METHOD *default_RSA_meth = NULL;
+
+RSA *RSA_new(void)
+{
+ RSA *r = RSA_new_method(NULL);
+
+ return r;
+}
+
+void RSA_set_default_method(const RSA_METHOD *meth)
+{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) {
+ RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
+ return;
+ }
+#endif
+ default_RSA_meth = meth;
+}
+
+const RSA_METHOD *RSA_get_default_method(void)
+{
+ if (default_RSA_meth == NULL) {
+#ifdef RSA_NULL
+ default_RSA_meth = RSA_null_method();
+#else
+# if 0 /* was: #ifdef RSAref */
+ default_RSA_meth = RSA_PKCS1_RSAref();
+# else
+ default_RSA_meth = RSA_PKCS1_SSLeay();
+# endif
+#endif
+ }
+
+ return default_RSA_meth;
+}
+
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
+{
+ return rsa->meth;
+}
+
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+{
+ /*
+ * NB: The caller is specifically setting a method, so it's not up to us
+ * to deal with which ENGINE it comes from.
+ */
+ const RSA_METHOD *mtmp;
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) {
+ RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
+ return 0;
+ }
+#endif
+ mtmp = rsa->meth;
+ if (mtmp->finish)
+ mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
+ if (rsa->engine) {
+ ENGINE_finish(rsa->engine);
+ rsa->engine = NULL;
+ }
+#endif
+ rsa->meth = meth;
+ if (meth->init)
+ meth->init(rsa);
+ return 1;
+}
+
+RSA *RSA_new_method(ENGINE *engine)
+{
+ RSA *ret;
+
+ ret = (RSA *)OPENSSL_malloc(sizeof(RSA));
+ if (ret == NULL) {
+ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+ if (engine) {
+ if (!ENGINE_init(engine)) {
+ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ ret->engine = engine;
+ } else
+ ret->engine = ENGINE_get_default_RSA();
+ if (ret->engine) {
+ ret->meth = ENGINE_get_RSA(ret->engine);
+ if (!ret->meth) {
+ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
+#endif
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) {
+ RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
+# ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+# endif
+ OPENSSL_free(ret);
+ return NULL;
+ }
+#endif
+
+ ret->pad = 0;
+ ret->version = 0;
+ ret->n = NULL;
+ ret->e = NULL;
+ ret->d = NULL;
+ ret->p = NULL;
+ ret->q = NULL;
+ ret->dmp1 = NULL;
+ ret->dmq1 = NULL;
+ ret->iqmp = NULL;
+ ret->references = 1;
+ ret->_method_mod_n = NULL;
+ ret->_method_mod_p = NULL;
+ ret->_method_mod_q = NULL;
+ ret->blinding = NULL;
+ ret->mt_blinding = NULL;
+ ret->bignum_data = NULL;
+ ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
+#ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+#endif
+ OPENSSL_free(ret);
+ return (NULL);
+ }
+
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+#ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+#endif
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+ OPENSSL_free(ret);
+ ret = NULL;
+ }
+ return (ret);
+}
+
+void RSA_free(RSA *r)
+{
+ int i;
+
+ if (r == NULL)
+ return;
+
+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+ REF_PRINT("RSA", r);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "RSA_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ if (r->meth->finish)
+ r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+ if (r->engine)
+ ENGINE_finish(r->engine);
+#endif
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+
+ if (r->n != NULL)
+ BN_clear_free(r->n);
+ if (r->e != NULL)
+ BN_clear_free(r->e);
+ if (r->d != NULL)
+ BN_clear_free(r->d);
+ if (r->p != NULL)
+ BN_clear_free(r->p);
+ if (r->q != NULL)
+ BN_clear_free(r->q);
+ if (r->dmp1 != NULL)
+ BN_clear_free(r->dmp1);
+ if (r->dmq1 != NULL)
+ BN_clear_free(r->dmq1);
+ if (r->iqmp != NULL)
+ BN_clear_free(r->iqmp);
+ if (r->blinding != NULL)
+ BN_BLINDING_free(r->blinding);
+ if (r->mt_blinding != NULL)
+ BN_BLINDING_free(r->mt_blinding);
+ if (r->bignum_data != NULL)
+ OPENSSL_free_locked(r->bignum_data);
+ OPENSSL_free(r);
+}
+
+int RSA_up_ref(RSA *r)
+{
+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+ REF_PRINT("RSA", r);
+#endif
+#ifdef REF_CHECK
+ if (i < 2) {
+ fprintf(stderr, "RSA_up_ref, bad reference count\n");
+ abort();
+ }
+#endif
+ return ((i > 1) ? 1 : 0);
+}
+
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
+{
+ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
+
+void *RSA_get_ex_data(const RSA *r, int idx)
+{
+ return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
+
+int RSA_flags(const RSA *r)
+{
+ return ((r == NULL) ? 0 : r->meth->flags);
+}
+
+int RSA_memory_lock(RSA *r)
+{
+ int i, j, k, off;
+ char *p;
+ BIGNUM *bn, **t[6], *b;
+ BN_ULONG *ul;
+
+ if (r->d == NULL)
+ return (1);
+ t[0] = &r->d;
+ t[1] = &r->p;
+ t[2] = &r->q;
+ t[3] = &r->dmp1;
+ t[4] = &r->dmq1;
+ t[5] = &r->iqmp;
+ k = sizeof(BIGNUM) * 6;
+ off = k / sizeof(BN_ULONG) + 1;
+ j = 1;
+ for (i = 0; i < 6; i++)
+ j += (*t[i])->top;
+ if ((p = OPENSSL_malloc_locked((off + j) * sizeof(BN_ULONG))) == NULL) {
+ RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ bn = (BIGNUM *)p;
+ ul = (BN_ULONG *)&(p[off]);
+ for (i = 0; i < 6; i++) {
+ b = *(t[i]);
+ *(t[i]) = &(bn[i]);
+ memcpy((char *)&(bn[i]), (char *)b, sizeof(BIGNUM));
+ bn[i].flags = BN_FLG_STATIC_DATA;
+ bn[i].d = ul;
+ memcpy((char *)ul, b->d, sizeof(BN_ULONG) * b->top);
+ ul += b->top;
+ BN_clear_free(b);
+ }
+
+ /* I should fix this so it can still be done */
+ r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC);
+
+ r->bignum_data = p;
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,180 +0,0 @@
-/* crypto/rsa/rsa_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
-
-static ERR_STRING_DATA RSA_str_functs[]=
- {
-{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"},
-{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"},
-{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
-{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
-{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
-{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
-{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
-{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
-{ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"},
-{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
-{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
-{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
-{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
-{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
-{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
-{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
-{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
-{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
-{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
-{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA RSA_str_reasons[]=
- {
-{ERR_REASON(RSA_R_ALGORITHM_MISMATCH) ,"algorithm mismatch"},
-{ERR_REASON(RSA_R_BAD_E_VALUE) ,"bad e value"},
-{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"},
-{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT) ,"bad pad byte count"},
-{ERR_REASON(RSA_R_BAD_SIGNATURE) ,"bad signature"},
-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01) ,"block type is not 01"},
-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02) ,"block type is not 02"},
-{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE) ,"data too large"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"},
-{ERR_REASON(RSA_R_DATA_TOO_SMALL) ,"data too small"},
-{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"},
-{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"},
-{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
-{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
-{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
-{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"},
-{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"},
-{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
-{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"},
-{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"},
-{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
-{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
-{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
-{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
-{ERR_REASON(RSA_R_NON_FIPS_METHOD) ,"non fips method"},
-{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
-{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
-{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
-{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
-{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
-{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
-{ERR_REASON(RSA_R_PKCS_DECODING_ERROR) ,"pkcs decoding error"},
-{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
-{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
-{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
-{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"},
-{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"},
-{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
-{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
-{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
-{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"},
-{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_RSA_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(RSA_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,RSA_str_functs);
- ERR_load_strings(0,RSA_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,195 @@
+/* crypto/rsa/rsa_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
+
+static ERR_STRING_DATA RSA_str_functs[] = {
+ {ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"},
+ {ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"},
+ {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
+ {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
+ {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
+ {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
+ {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
+ {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
+ {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
+ {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
+ {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
+ {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
+ {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
+ {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"},
+ {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"},
+ {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"},
+ {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"},
+ {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),
+ "RSA_padding_add_PKCS1_OAEP"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),
+ "RSA_padding_add_PKCS1_type_1"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),
+ "RSA_padding_add_PKCS1_type_2"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),
+ "RSA_padding_check_PKCS1_OAEP"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),
+ "RSA_padding_check_PKCS1_type_1"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),
+ "RSA_padding_check_PKCS1_type_2"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
+ {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
+ {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
+ {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
+ {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
+ {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
+ {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
+ {ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
+ {ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
+ {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
+ {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),
+ "RSA_sign_ASN1_OCTET_STRING"},
+ {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
+ {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),
+ "RSA_verify_ASN1_OCTET_STRING"},
+ {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA RSA_str_reasons[] = {
+ {ERR_REASON(RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"},
+ {ERR_REASON(RSA_R_BAD_E_VALUE), "bad e value"},
+ {ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"},
+ {ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"},
+ {ERR_REASON(RSA_R_BAD_SIGNATURE), "bad signature"},
+ {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01), "block type is not 01"},
+ {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02), "block type is not 02"},
+ {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),
+ "data greater than mod len"},
+ {ERR_REASON(RSA_R_DATA_TOO_LARGE), "data too large"},
+ {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
+ "data too large for key size"},
+ {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),
+ "data too large for modulus"},
+ {ERR_REASON(RSA_R_DATA_TOO_SMALL), "data too small"},
+ {ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),
+ "data too small for key size"},
+ {ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),
+ "digest too big for rsa key"},
+ {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"},
+ {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"},
+ {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"},
+ {ERR_REASON(RSA_R_FIRST_OCTET_INVALID), "first octet invalid"},
+ {ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"},
+ {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
+ {ERR_REASON(RSA_R_INVALID_PADDING), "invalid padding"},
+ {ERR_REASON(RSA_R_INVALID_TRAILER), "invalid trailer"},
+ {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q), "iqmp not inverse of q"},
+ {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+ {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
+ {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+ {ERR_REASON(RSA_R_NON_FIPS_METHOD), "non fips method"},
+ {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
+ {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),
+ "null before block missing"},
+ {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"},
+ {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"},
+ {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),
+ "operation not allowed in fips mode"},
+ {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"},
+ {ERR_REASON(RSA_R_PKCS_DECODING_ERROR), "pkcs decoding error"},
+ {ERR_REASON(RSA_R_P_NOT_PRIME), "p not prime"},
+ {ERR_REASON(RSA_R_Q_NOT_PRIME), "q not prime"},
+ {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),
+ "rsa operations not supported"},
+ {ERR_REASON(RSA_R_SLEN_CHECK_FAILED), "salt length check failed"},
+ {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED), "salt length recovery failed"},
+ {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK), "sslv3 rollback attack"},
+ {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+ "the asn1 object identifier is not known for this md"},
+ {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
+ {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
+ {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_RSA_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, RSA_str_functs);
+ ERR_load_strings(0, RSA_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_gen.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_gen.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,222 +0,0 @@
-/* crypto/rsa/rsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-
-/* NB: these functions have been "upgraded", the deprecated versions (which are
- * compatibility wrappers using these functions) are in rsa_depr.c.
- * - Geoff
- */
-
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-#ifndef OPENSSL_FIPS
-
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
-
-/* NB: this wrapper would normally be placed in rsa_lib.c and the static
- * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so
- * that we don't introduce a new linker dependency. Eg. any application that
- * wasn't previously linking object code related to key-generation won't have to
- * now just because key-generation is part of RSA_METHOD. */
-int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
- {
- if(rsa->meth->rsa_keygen)
- return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
- return rsa_builtin_keygen(rsa, bits, e_value, cb);
- }
-
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
- {
- BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
- BIGNUM local_r0,local_d,local_p;
- BIGNUM *pr0,*d,*p;
- int bitsp,bitsq,ok= -1,n=0;
- BN_CTX *ctx=NULL;
-
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- r0 = BN_CTX_get(ctx);
- r1 = BN_CTX_get(ctx);
- r2 = BN_CTX_get(ctx);
- r3 = BN_CTX_get(ctx);
- if (r3 == NULL) goto err;
-
- bitsp=(bits+1)/2;
- bitsq=bits-bitsp;
-
- /* We need the RSA components non-NULL */
- if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
- if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
- if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
- if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
- if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
- if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
- if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
- if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
-
- BN_copy(rsa->e, e_value);
-
- /* generate p and q */
- for (;;)
- {
- if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
- goto err;
- if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
- if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
- if (BN_is_one(r1)) break;
- if(!BN_GENCB_call(cb, 2, n++))
- goto err;
- }
- if(!BN_GENCB_call(cb, 3, 0))
- goto err;
- for (;;)
- {
- /* When generating ridiculously small keys, we can get stuck
- * continually regenerating the same prime values. Check for
- * this and bail if it happens 3 times. */
- unsigned int degenerate = 0;
- do
- {
- if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
- goto err;
- } while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
- if(degenerate == 3)
- {
- ok = 0; /* we set our own err */
- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL);
- goto err;
- }
- if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
- if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
- if (BN_is_one(r1))
- break;
- if(!BN_GENCB_call(cb, 2, n++))
- goto err;
- }
- if(!BN_GENCB_call(cb, 3, 1))
- goto err;
- if (BN_cmp(rsa->p,rsa->q) < 0)
- {
- tmp=rsa->p;
- rsa->p=rsa->q;
- rsa->q=tmp;
- }
-
- /* calculate n */
- if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
-
- /* calculate d */
- if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
- if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
- if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- pr0 = &local_r0;
- BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
- }
- else
- pr0 = r0;
- if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */
-
- /* set up d for correct BN_FLG_CONSTTIME flag */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- d = &local_d;
- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
- }
- else
- d = rsa->d;
-
- /* calculate d mod (p-1) */
- if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;
-
- /* calculate d mod (q-1) */
- if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;
-
- /* calculate inverse of q mod p */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- p = &local_p;
- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
- }
- else
- p = rsa->p;
- if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
-
- ok=1;
-err:
- if (ok == -1)
- {
- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);
- ok=0;
- }
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
-
- return ok;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_gen.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_gen.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_gen.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,238 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * NB: these functions have been "upgraded", the deprecated versions (which
+ * are compatibility wrappers using these functions) are in rsa_depr.c. -
+ * Geoff
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+#ifndef OPENSSL_FIPS
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+ BN_GENCB *cb);
+
+/*
+ * NB: this wrapper would normally be placed in rsa_lib.c and the static
+ * implementation would probably be in rsa_eay.c. Nonetheless, is kept here
+ * so that we don't introduce a new linker dependency. Eg. any application
+ * that wasn't previously linking object code related to key-generation won't
+ * have to now just because key-generation is part of RSA_METHOD.
+ */
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
+{
+ if (rsa->meth->rsa_keygen)
+ return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+ return rsa_builtin_keygen(rsa, bits, e_value, cb);
+}
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+ BN_GENCB *cb)
+{
+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
+ BIGNUM local_r0, local_d, local_p;
+ BIGNUM *pr0, *d, *p;
+ int bitsp, bitsq, ok = -1, n = 0;
+ BN_CTX *ctx = NULL;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ r0 = BN_CTX_get(ctx);
+ r1 = BN_CTX_get(ctx);
+ r2 = BN_CTX_get(ctx);
+ r3 = BN_CTX_get(ctx);
+ if (r3 == NULL)
+ goto err;
+
+ bitsp = (bits + 1) / 2;
+ bitsq = bits - bitsp;
+
+ /* We need the RSA components non-NULL */
+ if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+ goto err;
+ if (!rsa->d && ((rsa->d = BN_new()) == NULL))
+ goto err;
+ if (!rsa->e && ((rsa->e = BN_new()) == NULL))
+ goto err;
+ if (!rsa->p && ((rsa->p = BN_new()) == NULL))
+ goto err;
+ if (!rsa->q && ((rsa->q = BN_new()) == NULL))
+ goto err;
+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
+ goto err;
+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
+ goto err;
+ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
+ goto err;
+
+ BN_copy(rsa->e, e_value);
+
+ /* generate p and q */
+ for (;;) {
+ if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
+ goto err;
+ if (!BN_sub(r2, rsa->p, BN_value_one()))
+ goto err;
+ if (!BN_gcd(r1, r2, rsa->e, ctx))
+ goto err;
+ if (BN_is_one(r1))
+ break;
+ if (!BN_GENCB_call(cb, 2, n++))
+ goto err;
+ }
+ if (!BN_GENCB_call(cb, 3, 0))
+ goto err;
+ for (;;) {
+ /*
+ * When generating ridiculously small keys, we can get stuck
+ * continually regenerating the same prime values. Check for this and
+ * bail if it happens 3 times.
+ */
+ unsigned int degenerate = 0;
+ do {
+ if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+ goto err;
+ } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
+ if (degenerate == 3) {
+ ok = 0; /* we set our own err */
+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+ }
+ if (!BN_sub(r2, rsa->q, BN_value_one()))
+ goto err;
+ if (!BN_gcd(r1, r2, rsa->e, ctx))
+ goto err;
+ if (BN_is_one(r1))
+ break;
+ if (!BN_GENCB_call(cb, 2, n++))
+ goto err;
+ }
+ if (!BN_GENCB_call(cb, 3, 1))
+ goto err;
+ if (BN_cmp(rsa->p, rsa->q) < 0) {
+ tmp = rsa->p;
+ rsa->p = rsa->q;
+ rsa->q = tmp;
+ }
+
+ /* calculate n */
+ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
+ goto err;
+
+ /* calculate d */
+ if (!BN_sub(r1, rsa->p, BN_value_one()))
+ goto err; /* p-1 */
+ if (!BN_sub(r2, rsa->q, BN_value_one()))
+ goto err; /* q-1 */
+ if (!BN_mul(r0, r1, r2, ctx))
+ goto err; /* (p-1)(q-1) */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ pr0 = &local_r0;
+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
+ } else
+ pr0 = r0;
+ if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx))
+ goto err; /* d */
+
+ /* set up d for correct BN_FLG_CONSTTIME flag */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
+
+ /* calculate d mod (p-1) */
+ if (!BN_mod(rsa->dmp1, d, r1, ctx))
+ goto err;
+
+ /* calculate d mod (q-1) */
+ if (!BN_mod(rsa->dmq1, d, r2, ctx))
+ goto err;
+
+ /* calculate inverse of q mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ p = &local_p;
+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+ } else
+ p = rsa->p;
+ if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx))
+ goto err;
+
+ ok = 1;
+ err:
+ if (ok == -1) {
+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
+ ok = 0;
+ }
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+
+ return ok;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,234 +0,0 @@
-/* crypto/rsa/rsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
- RSA *rsa, int padding)
- {
- return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
- }
-
-int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
- RSA *rsa, int padding)
- {
-#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
- {
- RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return 0;
- }
-#endif
- return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
- }
-
-int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
- RSA *rsa, int padding)
- {
- return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
- }
-
-int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
- RSA *rsa, int padding)
- {
-#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
- {
- RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return 0;
- }
-#endif
- return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
- }
-
-int RSA_size(const RSA *r)
- {
- return(BN_num_bytes(r->n));
- }
-
-void RSA_blinding_off(RSA *rsa)
- {
- if (rsa->blinding != NULL)
- {
- BN_BLINDING_free(rsa->blinding);
- rsa->blinding=NULL;
- }
- rsa->flags &= ~RSA_FLAG_BLINDING;
- rsa->flags |= RSA_FLAG_NO_BLINDING;
- }
-
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
- {
- int ret=0;
-
- if (rsa->blinding != NULL)
- RSA_blinding_off(rsa);
-
- rsa->blinding = RSA_setup_blinding(rsa, ctx);
- if (rsa->blinding == NULL)
- goto err;
-
- rsa->flags |= RSA_FLAG_BLINDING;
- rsa->flags &= ~RSA_FLAG_NO_BLINDING;
- ret=1;
-err:
- return(ret);
- }
-
-static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
- const BIGNUM *q, BN_CTX *ctx)
-{
- BIGNUM *ret = NULL, *r0, *r1, *r2;
-
- if (d == NULL || p == NULL || q == NULL)
- return NULL;
-
- BN_CTX_start(ctx);
- r0 = BN_CTX_get(ctx);
- r1 = BN_CTX_get(ctx);
- r2 = BN_CTX_get(ctx);
- if (r2 == NULL)
- goto err;
-
- if (!BN_sub(r1, p, BN_value_one())) goto err;
- if (!BN_sub(r2, q, BN_value_one())) goto err;
- if (!BN_mul(r0, r1, r2, ctx)) goto err;
-
- ret = BN_mod_inverse(NULL, d, r0, ctx);
-err:
- BN_CTX_end(ctx);
- return ret;
-}
-
-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
-{
- BIGNUM local_n;
- BIGNUM *e,*n;
- BN_CTX *ctx;
- BN_BLINDING *ret = NULL;
-
- if (in_ctx == NULL)
- {
- if ((ctx = BN_CTX_new()) == NULL) return 0;
- }
- else
- ctx = in_ctx;
-
- BN_CTX_start(ctx);
- e = BN_CTX_get(ctx);
- if (e == NULL)
- {
- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (rsa->e == NULL)
- {
- e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
- if (e == NULL)
- {
- RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
- goto err;
- }
- }
- else
- e = rsa->e;
-
-
- if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
- {
- /* if PRNG is not properly seeded, resort to secret
- * exponent as unpredictable seed */
- RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
- }
-
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- /* Set BN_FLG_CONSTTIME flag */
- n = &local_n;
- BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
- }
- else
- n = rsa->n;
-
- ret = BN_BLINDING_create_param(NULL, e, n, ctx,
- rsa->meth->bn_mod_exp, rsa->_method_mod_n);
- if (ret == NULL)
- {
- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
- goto err;
- }
- BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());
-err:
- BN_CTX_end(ctx);
- if (in_ctx == NULL)
- BN_CTX_free(ctx);
- if(rsa->e == NULL)
- BN_free(e);
-
- return ret;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,228 @@
+/* crypto/rsa/rsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
+ RSA *rsa, int padding)
+{
+ return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
+}
+
+int RSA_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT,
+ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
+ return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
+}
+
+int RSA_private_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
+}
+
+int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
+ RSA *rsa, int padding)
+{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT,
+ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
+ return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
+}
+
+int RSA_size(const RSA *r)
+{
+ return (BN_num_bytes(r->n));
+}
+
+void RSA_blinding_off(RSA *rsa)
+{
+ if (rsa->blinding != NULL) {
+ BN_BLINDING_free(rsa->blinding);
+ rsa->blinding = NULL;
+ }
+ rsa->flags &= ~RSA_FLAG_BLINDING;
+ rsa->flags |= RSA_FLAG_NO_BLINDING;
+}
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
+{
+ int ret = 0;
+
+ if (rsa->blinding != NULL)
+ RSA_blinding_off(rsa);
+
+ rsa->blinding = RSA_setup_blinding(rsa, ctx);
+ if (rsa->blinding == NULL)
+ goto err;
+
+ rsa->flags |= RSA_FLAG_BLINDING;
+ rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+ ret = 1;
+ err:
+ return (ret);
+}
+
+static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
+ const BIGNUM *q, BN_CTX *ctx)
+{
+ BIGNUM *ret = NULL, *r0, *r1, *r2;
+
+ if (d == NULL || p == NULL || q == NULL)
+ return NULL;
+
+ BN_CTX_start(ctx);
+ r0 = BN_CTX_get(ctx);
+ r1 = BN_CTX_get(ctx);
+ r2 = BN_CTX_get(ctx);
+ if (r2 == NULL)
+ goto err;
+
+ if (!BN_sub(r1, p, BN_value_one()))
+ goto err;
+ if (!BN_sub(r2, q, BN_value_one()))
+ goto err;
+ if (!BN_mul(r0, r1, r2, ctx))
+ goto err;
+
+ ret = BN_mod_inverse(NULL, d, r0, ctx);
+ err:
+ BN_CTX_end(ctx);
+ return ret;
+}
+
+BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
+{
+ BIGNUM local_n;
+ BIGNUM *e, *n;
+ BN_CTX *ctx;
+ BN_BLINDING *ret = NULL;
+
+ if (in_ctx == NULL) {
+ if ((ctx = BN_CTX_new()) == NULL)
+ return 0;
+ } else
+ ctx = in_ctx;
+
+ BN_CTX_start(ctx);
+ e = BN_CTX_get(ctx);
+ if (e == NULL) {
+ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (rsa->e == NULL) {
+ e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
+ if (e == NULL) {
+ RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
+ goto err;
+ }
+ } else
+ e = rsa->e;
+
+ if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) {
+ /*
+ * if PRNG is not properly seeded, resort to secret exponent as
+ * unpredictable seed
+ */
+ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
+ }
+
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ /* Set BN_FLG_CONSTTIME flag */
+ n = &local_n;
+ BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
+ } else
+ n = rsa->n;
+
+ ret = BN_BLINDING_create_param(NULL, e, n, ctx,
+ rsa->meth->bn_mod_exp, rsa->_method_mod_n);
+ if (ret == NULL) {
+ RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
+ goto err;
+ }
+ BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());
+ err:
+ BN_CTX_end(ctx);
+ if (in_ctx == NULL)
+ BN_CTX_free(ctx);
+ if (rsa->e == NULL)
+ BN_free(e);
+
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_none.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_none.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_none.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,98 +0,0 @@
-/* crypto/rsa/rsa_none.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-int RSA_padding_add_none(unsigned char *to, int tlen,
- const unsigned char *from, int flen)
- {
- if (flen > tlen)
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- return(0);
- }
-
- if (flen < tlen)
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
- return(0);
- }
-
- memcpy(to,from,(unsigned int)flen);
- return(1);
- }
-
-int RSA_padding_check_none(unsigned char *to, int tlen,
- const unsigned char *from, int flen, int num)
- {
-
- if (flen > tlen)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE);
- return(-1);
- }
-
- memset(to,0,tlen-flen);
- memcpy(to+tlen-flen,from,flen);
- return(tlen);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_none.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_none.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_none.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_none.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,94 @@
+/* crypto/rsa/rsa_none.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+int RSA_padding_add_none(unsigned char *to, int tlen,
+ const unsigned char *from, int flen)
+{
+ if (flen > tlen) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ return (0);
+ }
+
+ if (flen < tlen) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
+ return (0);
+ }
+
+ memcpy(to, from, (unsigned int)flen);
+ return (1);
+}
+
+int RSA_padding_check_none(unsigned char *to, int tlen,
+ const unsigned char *from, int flen, int num)
+{
+
+ if (flen > tlen) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE);
+ return (-1);
+ }
+
+ memset(to, 0, tlen - flen);
+ memcpy(to + tlen - flen, from, flen);
+ return (tlen);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_null.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_null.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_null.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,151 +0,0 @@
-/* rsa_null.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-/* This is a dummy RSA implementation that just returns errors when called.
- * It is designed to allow some RSA functions to work while stopping those
- * covered by the RSA patent. That is RSA, encryption, decryption, signing
- * and verify is not allowed but RSA key generation, key checking and other
- * operations (like storing RSA keys) are permitted.
- */
-
-static int RSA_null_public_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int RSA_null_private_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int RSA_null_public_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int RSA_null_private_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-#if 0 /* not currently used */
-static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
-#endif
-static int RSA_null_init(RSA *rsa);
-static int RSA_null_finish(RSA *rsa);
-static RSA_METHOD rsa_null_meth={
- "Null RSA",
- RSA_null_public_encrypt,
- RSA_null_public_decrypt,
- RSA_null_private_encrypt,
- RSA_null_private_decrypt,
- NULL,
- NULL,
- RSA_null_init,
- RSA_null_finish,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-
-const RSA_METHOD *RSA_null_method(void)
- {
- return(&rsa_null_meth);
- }
-
-static int RSA_null_public_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
- return -1;
- }
-
-static int RSA_null_private_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
- return -1;
- }
-
-static int RSA_null_private_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
- return -1;
- }
-
-static int RSA_null_public_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
- return -1;
- }
-
-#if 0 /* not currently used */
-static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
- {
- ...err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
- return -1;
- }
-#endif
-
-static int RSA_null_init(RSA *rsa)
- {
- return(1);
- }
-
-static int RSA_null_finish(RSA *rsa)
- {
- return(1);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_null.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_null.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_null.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_null.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,155 @@
+/* rsa_null.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+/*
+ * This is a dummy RSA implementation that just returns errors when called.
+ * It is designed to allow some RSA functions to work while stopping those
+ * covered by the RSA patent. That is RSA, encryption, decryption, signing
+ * and verify is not allowed but RSA key generation, key checking and other
+ * operations (like storing RSA keys) are permitted.
+ */
+
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+#if 0 /* not currently used */
+static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
+#endif
+static int RSA_null_init(RSA *rsa);
+static int RSA_null_finish(RSA *rsa);
+static RSA_METHOD rsa_null_meth = {
+ "Null RSA",
+ RSA_null_public_encrypt,
+ RSA_null_public_decrypt,
+ RSA_null_private_encrypt,
+ RSA_null_private_decrypt,
+ NULL,
+ NULL,
+ RSA_null_init,
+ RSA_null_finish,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+const RSA_METHOD *RSA_null_method(void)
+{
+ return (&rsa_null_meth);
+}
+
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+ return -1;
+}
+
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT,
+ RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+ return -1;
+}
+
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT,
+ RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+ return -1;
+}
+
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+ return -1;
+}
+
+#if 0 /* not currently used */
+static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+{
+ ... err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+ return -1;
+}
+#endif
+
+static int RSA_null_init(RSA *rsa)
+{
+ return (1);
+}
+
+static int RSA_null_finish(RSA *rsa)
+{
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_oaep.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_oaep.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_oaep.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,246 +0,0 @@
-/* crypto/rsa/rsa_oaep.c */
-/* Written by Ulf Moeller. This software is distributed on an "AS IS"
- basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
-
-/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
-
-/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
- * <URL: http://www.shoup.net/papers/oaep.ps.Z>
- * for problems with the security proof for the
- * original OAEP scheme, which EME-OAEP is based on.
- *
- * A new proof can be found in E. Fujisaki, T. Okamoto,
- * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
- * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
- * The new proof has stronger requirements for the
- * underlying permutation: "partial-one-wayness" instead
- * of one-wayness. For the RSA function, this is
- * an equivalent notion.
- */
-
-#include "../constant_time_locl.h"
-
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-int MGF1(unsigned char *mask, long len,
- const unsigned char *seed, long seedlen);
-
-int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
- const unsigned char *from, int flen,
- const unsigned char *param, int plen)
- {
- int i, emlen = tlen - 1;
- unsigned char *db, *seed;
- unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
-
- if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
- RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- return 0;
- }
-
- if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
- return 0;
- }
-
- to[0] = 0;
- seed = to + 1;
- db = to + SHA_DIGEST_LENGTH + 1;
-
- EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL);
- memset(db + SHA_DIGEST_LENGTH, 0,
- emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
- db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
- memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
- if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
- return 0;
-#ifdef PKCS_TESTVECT
- memcpy(seed,
- "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
- 20);
-#endif
-
- dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
- if (dbmask == NULL)
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
- for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
- db[i] ^= dbmask[i];
-
- MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
- for (i = 0; i < SHA_DIGEST_LENGTH; i++)
- seed[i] ^= seedmask[i];
-
- OPENSSL_free(dbmask);
- return 1;
- }
-
-int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
- const unsigned char *from, int flen, int num,
- const unsigned char *param, int plen)
- {
- int i, dblen, mlen = -1, one_index = 0, msg_index;
- unsigned int good, found_one_byte;
- const unsigned char *maskedseed, *maskeddb;
- /* |em| is the encoded message, zero-padded to exactly |num| bytes:
- * em = Y || maskedSeed || maskedDB */
- unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE],
- phash[EVP_MAX_MD_SIZE];
-
- if (tlen <= 0 || flen <= 0)
- return -1;
-
- /*
- * |num| is the length of the modulus; |flen| is the length of the
- * encoded message. Therefore, for any |from| that was obtained by
- * decrypting a ciphertext, we must have |flen| <= |num|. Similarly,
- * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus
- * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2.
- * This does not leak any side-channel information.
- */
- if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2)
- goto decoding_err;
-
- dblen = num - SHA_DIGEST_LENGTH - 1;
- db = OPENSSL_malloc(dblen);
- em = OPENSSL_malloc(num);
- if (db == NULL || em == NULL)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
- goto cleanup;
- }
-
- /*
- * Always do this zero-padding copy (even when num == flen) to avoid
- * leaking that information. The copy still leaks some side-channel
- * information, but it's impossible to have a fixed memory access
- * pattern since we can't read out of the bounds of |from|.
- *
- * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
- */
- memset(em, 0, num);
- memcpy(em + num - flen, from, flen);
-
- /*
- * The first byte must be zero, however we must not leak if this is
- * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA
- * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
- */
- good = constant_time_is_zero(em[0]);
-
- maskedseed = em + 1;
- maskeddb = em + 1 + SHA_DIGEST_LENGTH;
-
- MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
- for (i = 0; i < SHA_DIGEST_LENGTH; i++)
- seed[i] ^= maskedseed[i];
-
- MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
- for (i = 0; i < dblen; i++)
- db[i] ^= maskeddb[i];
-
- EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
-
- good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH));
-
- found_one_byte = 0;
- for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
- {
- /* Padding consists of a number of 0-bytes, followed by a 1. */
- unsigned int equals1 = constant_time_eq(db[i], 1);
- unsigned int equals0 = constant_time_is_zero(db[i]);
- one_index = constant_time_select_int(~found_one_byte & equals1,
- i, one_index);
- found_one_byte |= equals1;
- good &= (found_one_byte | equals0);
- }
-
- good &= found_one_byte;
-
- /*
- * At this point |good| is zero unless the plaintext was valid,
- * so plaintext-awareness ensures timing side-channels are no longer a
- * concern.
- */
- if (!good)
- goto decoding_err;
-
- msg_index = one_index + 1;
- mlen = dblen - msg_index;
-
- if (tlen < mlen)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
- mlen = -1;
- }
- else
- {
- memcpy(to, db + msg_index, mlen);
- goto cleanup;
- }
-
-decoding_err:
- /* To avoid chosen ciphertext attacks, the error message should not reveal
- * which kind of decoding error happened. */
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
-cleanup:
- if (db != NULL) OPENSSL_free(db);
- if (em != NULL) OPENSSL_free(em);
- return mlen;
- }
-
-int PKCS1_MGF1(unsigned char *mask, long len,
- const unsigned char *seed, long seedlen, const EVP_MD *dgst)
- {
- long i, outlen = 0;
- unsigned char cnt[4];
- EVP_MD_CTX c;
- unsigned char md[EVP_MAX_MD_SIZE];
- int mdlen;
-
- EVP_MD_CTX_init(&c);
- mdlen = M_EVP_MD_size(dgst);
- for (i = 0; outlen < len; i++)
- {
- cnt[0] = (unsigned char)((i >> 24) & 255);
- cnt[1] = (unsigned char)((i >> 16) & 255);
- cnt[2] = (unsigned char)((i >> 8)) & 255;
- cnt[3] = (unsigned char)(i & 255);
- EVP_DigestInit_ex(&c,dgst, NULL);
- EVP_DigestUpdate(&c, seed, seedlen);
- EVP_DigestUpdate(&c, cnt, 4);
- if (outlen + mdlen <= len)
- {
- EVP_DigestFinal_ex(&c, mask + outlen, NULL);
- outlen += mdlen;
- }
- else
- {
- EVP_DigestFinal_ex(&c, md, NULL);
- memcpy(mask + outlen, md, len - outlen);
- outlen = len;
- }
- }
- EVP_MD_CTX_cleanup(&c);
- return 0;
- }
-
-int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
- {
- return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_oaep.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_oaep.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_oaep.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_oaep.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,243 @@
+/* crypto/rsa/rsa_oaep.c */
+/*
+ * Written by Ulf Moeller. This software is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied.
+ */
+
+/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
+
+/*
+ * See Victor Shoup, "OAEP reconsidered," Nov. 2000, <URL:
+ * http://www.shoup.net/papers/oaep.ps.Z> for problems with the security
+ * proof for the original OAEP scheme, which EME-OAEP is based on. A new
+ * proof can be found in E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern,
+ * "RSA-OEAP is Still Alive!", Dec. 2000, <URL:
+ * http://eprint.iacr.org/2000/061/>. The new proof has stronger requirements
+ * for the underlying permutation: "partial-one-wayness" instead of
+ * one-wayness. For the RSA function, this is an equivalent notion.
+ */
+
+#include "constant_time_locl.h"
+
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+# include <stdio.h>
+# include "cryptlib.h"
+# include <openssl/bn.h>
+# include <openssl/rsa.h>
+# include <openssl/evp.h>
+# include <openssl/rand.h>
+# include <openssl/sha.h>
+
+int MGF1(unsigned char *mask, long len,
+ const unsigned char *seed, long seedlen);
+
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+ const unsigned char *from, int flen,
+ const unsigned char *param, int plen)
+{
+ int i, emlen = tlen - 1;
+ unsigned char *db, *seed;
+ unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
+
+ if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ return 0;
+ }
+
+ if (emlen < 2 * SHA_DIGEST_LENGTH + 1) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
+ return 0;
+ }
+
+ to[0] = 0;
+ seed = to + 1;
+ db = to + SHA_DIGEST_LENGTH + 1;
+
+ EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL);
+ memset(db + SHA_DIGEST_LENGTH, 0,
+ emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
+ db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
+ memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int)flen);
+ if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
+ return 0;
+# ifdef PKCS_TESTVECT
+ memcpy(seed,
+ "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
+ 20);
+# endif
+
+ dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
+ if (dbmask == NULL) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+ for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
+ db[i] ^= dbmask[i];
+
+ MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+ for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+ seed[i] ^= seedmask[i];
+
+ OPENSSL_free(dbmask);
+ return 1;
+}
+
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+ const unsigned char *from, int flen, int num,
+ const unsigned char *param, int plen)
+{
+ int i, dblen, mlen = -1, one_index = 0, msg_index;
+ unsigned int good, found_one_byte;
+ const unsigned char *maskedseed, *maskeddb;
+ /*
+ * |em| is the encoded message, zero-padded to exactly |num| bytes: em =
+ * Y || maskedSeed || maskedDB
+ */
+ unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE],
+ phash[EVP_MAX_MD_SIZE];
+
+ if (tlen <= 0 || flen <= 0)
+ return -1;
+
+ /*
+ * |num| is the length of the modulus; |flen| is the length of the
+ * encoded message. Therefore, for any |from| that was obtained by
+ * decrypting a ciphertext, we must have |flen| <= |num|. Similarly,
+ * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus
+ * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2.
+ * This does not leak any side-channel information.
+ */
+ if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2)
+ goto decoding_err;
+
+ dblen = num - SHA_DIGEST_LENGTH - 1;
+ db = OPENSSL_malloc(dblen);
+ em = OPENSSL_malloc(num);
+ if (db == NULL || em == NULL) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+ goto cleanup;
+ }
+
+ /*
+ * Always do this zero-padding copy (even when num == flen) to avoid
+ * leaking that information. The copy still leaks some side-channel
+ * information, but it's impossible to have a fixed memory access
+ * pattern since we can't read out of the bounds of |from|.
+ *
+ * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
+ */
+ memset(em, 0, num);
+ memcpy(em + num - flen, from, flen);
+
+ /*
+ * The first byte must be zero, however we must not leak if this is
+ * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA
+ * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
+ */
+ good = constant_time_is_zero(em[0]);
+
+ maskedseed = em + 1;
+ maskeddb = em + 1 + SHA_DIGEST_LENGTH;
+
+ MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+ for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+ seed[i] ^= maskedseed[i];
+
+ MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+ for (i = 0; i < dblen; i++)
+ db[i] ^= maskeddb[i];
+
+ EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
+
+ good &=
+ constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH));
+
+ found_one_byte = 0;
+ for (i = SHA_DIGEST_LENGTH; i < dblen; i++) {
+ /*
+ * Padding consists of a number of 0-bytes, followed by a 1.
+ */
+ unsigned int equals1 = constant_time_eq(db[i], 1);
+ unsigned int equals0 = constant_time_is_zero(db[i]);
+ one_index = constant_time_select_int(~found_one_byte & equals1,
+ i, one_index);
+ found_one_byte |= equals1;
+ good &= (found_one_byte | equals0);
+ }
+
+ good &= found_one_byte;
+
+ /*
+ * At this point |good| is zero unless the plaintext was valid,
+ * so plaintext-awareness ensures timing side-channels are no longer a
+ * concern.
+ */
+ if (!good)
+ goto decoding_err;
+
+ msg_index = one_index + 1;
+ mlen = dblen - msg_index;
+
+ if (tlen < mlen) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
+ mlen = -1;
+ } else {
+ memcpy(to, db + msg_index, mlen);
+ goto cleanup;
+ }
+
+ decoding_err:
+ /*
+ * To avoid chosen ciphertext attacks, the error message should not
+ * reveal which kind of decoding error happened.
+ */
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+ cleanup:
+ if (db != NULL)
+ OPENSSL_free(db);
+ if (em != NULL)
+ OPENSSL_free(em);
+ return mlen;
+}
+
+int PKCS1_MGF1(unsigned char *mask, long len,
+ const unsigned char *seed, long seedlen, const EVP_MD *dgst)
+{
+ long i, outlen = 0;
+ unsigned char cnt[4];
+ EVP_MD_CTX c;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ int mdlen;
+
+ EVP_MD_CTX_init(&c);
+ mdlen = M_EVP_MD_size(dgst);
+ for (i = 0; outlen < len; i++) {
+ cnt[0] = (unsigned char)((i >> 24) & 255);
+ cnt[1] = (unsigned char)((i >> 16) & 255);
+ cnt[2] = (unsigned char)((i >> 8)) & 255;
+ cnt[3] = (unsigned char)(i & 255);
+ EVP_DigestInit_ex(&c, dgst, NULL);
+ EVP_DigestUpdate(&c, seed, seedlen);
+ EVP_DigestUpdate(&c, cnt, 4);
+ if (outlen + mdlen <= len) {
+ EVP_DigestFinal_ex(&c, mask + outlen, NULL);
+ outlen += mdlen;
+ } else {
+ EVP_DigestFinal_ex(&c, md, NULL);
+ memcpy(mask + outlen, md, len - outlen);
+ outlen = len;
+ }
+ }
+ EVP_MD_CTX_cleanup(&c);
+ return 0;
+}
+
+int MGF1(unsigned char *mask, long len, const unsigned char *seed,
+ long seedlen)
+{
+ return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pk1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_pk1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pk1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,269 +0,0 @@
-/* crypto/rsa/rsa_pk1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "../constant_time_locl.h"
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
- const unsigned char *from, int flen)
- {
- int j;
- unsigned char *p;
-
- if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- return(0);
- }
-
- p=(unsigned char *)to;
-
- *(p++)=0;
- *(p++)=1; /* Private Key BT (Block Type) */
-
- /* pad out with 0xff data */
- j=tlen-3-flen;
- memset(p,0xff,j);
- p+=j;
- *(p++)='\0';
- memcpy(p,from,(unsigned int)flen);
- return(1);
- }
-
-int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
- const unsigned char *from, int flen, int num)
- {
- int i,j;
- const unsigned char *p;
-
- p=from;
- if ((num != (flen+1)) || (*(p++) != 01))
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
- return(-1);
- }
-
- /* scan over padding data */
- j=flen-1; /* one for type. */
- for (i=0; i<j; i++)
- {
- if (*p != 0xff) /* should decrypt to 0xff */
- {
- if (*p == 0)
- { p++; break; }
- else {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_FIXED_HEADER_DECRYPT);
- return(-1);
- }
- }
- p++;
- }
-
- if (i == j)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_NULL_BEFORE_BLOCK_MISSING);
- return(-1);
- }
-
- if (i < 8)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_PAD_BYTE_COUNT);
- return(-1);
- }
- i++; /* Skip over the '\0' */
- j-=i;
- if (j > tlen)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);
- return(-1);
- }
- memcpy(to,p,(unsigned int)j);
-
- return(j);
- }
-
-int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
- const unsigned char *from, int flen)
- {
- int i,j;
- unsigned char *p;
-
- if (flen > (tlen-11))
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- return(0);
- }
-
- p=(unsigned char *)to;
-
- *(p++)=0;
- *(p++)=2; /* Public Key BT (Block Type) */
-
- /* pad out with non-zero random data */
- j=tlen-3-flen;
-
- if (RAND_bytes(p,j) <= 0)
- return(0);
- for (i=0; i<j; i++)
- {
- if (*p == '\0')
- do {
- if (RAND_bytes(p,1) <= 0)
- return(0);
- } while (*p == '\0');
- p++;
- }
-
- *(p++)='\0';
-
- memcpy(p,from,(unsigned int)flen);
- return(1);
- }
-
-int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
- const unsigned char *from, int flen, int num)
- {
- int i;
- /* |em| is the encoded message, zero-padded to exactly |num| bytes */
- unsigned char *em = NULL;
- unsigned int good, found_zero_byte;
- int zero_index = 0, msg_index, mlen = -1;
-
- if (tlen < 0 || flen < 0)
- return -1;
-
- /* PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography
- * Standard", section 7.2.2. */
-
- if (flen > num)
- goto err;
-
- if (num < 11)
- goto err;
-
- em = OPENSSL_malloc(num);
- if (em == NULL)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
- return -1;
- }
- memset(em, 0, num);
- /*
- * Always do this zero-padding copy (even when num == flen) to avoid
- * leaking that information. The copy still leaks some side-channel
- * information, but it's impossible to have a fixed memory access
- * pattern since we can't read out of the bounds of |from|.
- *
- * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
- */
- memcpy(em + num - flen, from, flen);
-
- good = constant_time_is_zero(em[0]);
- good &= constant_time_eq(em[1], 2);
-
- found_zero_byte = 0;
- for (i = 2; i < num; i++)
- {
- unsigned int equals0 = constant_time_is_zero(em[i]);
- zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index);
- found_zero_byte |= equals0;
- }
-
- /*
- * PS must be at least 8 bytes long, and it starts two bytes into |em|.
- * If we never found a 0-byte, then |zero_index| is 0 and the check
- * also fails.
- */
- good &= constant_time_ge((unsigned int)(zero_index), 2 + 8);
-
- /* Skip the zero byte. This is incorrect if we never found a zero-byte
- * but in this case we also do not copy the message out. */
- msg_index = zero_index + 1;
- mlen = num - msg_index;
-
- /* For good measure, do this check in constant time as well; it could
- * leak something if |tlen| was assuming valid padding. */
- good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen));
-
- /*
- * We can't continue in constant-time because we need to copy the result
- * and we cannot fake its length. This unavoidably leaks timing
- * information at the API boundary.
- * TODO(emilia): this could be addressed at the call site,
- * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26.
- */
- if (!good)
- {
- mlen = -1;
- goto err;
- }
-
- memcpy(to, em + msg_index, mlen);
-
-err:
- if (em != NULL)
- OPENSSL_free(em);
- if (mlen == -1)
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR);
- return mlen;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pk1.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_pk1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pk1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pk1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,275 @@
+/* crypto/rsa/rsa_pk1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "constant_time_locl.h"
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+ const unsigned char *from, int flen)
+{
+ int j;
+ unsigned char *p;
+
+ if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,
+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ return (0);
+ }
+
+ p = (unsigned char *)to;
+
+ *(p++) = 0;
+ *(p++) = 1; /* Private Key BT (Block Type) */
+
+ /* pad out with 0xff data */
+ j = tlen - 3 - flen;
+ memset(p, 0xff, j);
+ p += j;
+ *(p++) = '\0';
+ memcpy(p, from, (unsigned int)flen);
+ return (1);
+}
+
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+ const unsigned char *from, int flen,
+ int num)
+{
+ int i, j;
+ const unsigned char *p;
+
+ p = from;
+ if ((num != (flen + 1)) || (*(p++) != 01)) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+ RSA_R_BLOCK_TYPE_IS_NOT_01);
+ return (-1);
+ }
+
+ /* scan over padding data */
+ j = flen - 1; /* one for type. */
+ for (i = 0; i < j; i++) {
+ if (*p != 0xff) { /* should decrypt to 0xff */
+ if (*p == 0) {
+ p++;
+ break;
+ } else {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+ RSA_R_BAD_FIXED_HEADER_DECRYPT);
+ return (-1);
+ }
+ }
+ p++;
+ }
+
+ if (i == j) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+ RSA_R_NULL_BEFORE_BLOCK_MISSING);
+ return (-1);
+ }
+
+ if (i < 8) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+ RSA_R_BAD_PAD_BYTE_COUNT);
+ return (-1);
+ }
+ i++; /* Skip over the '\0' */
+ j -= i;
+ if (j > tlen) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_DATA_TOO_LARGE);
+ return (-1);
+ }
+ memcpy(to, p, (unsigned int)j);
+
+ return (j);
+}
+
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+ const unsigned char *from, int flen)
+{
+ int i, j;
+ unsigned char *p;
+
+ if (flen > (tlen - 11)) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ return (0);
+ }
+
+ p = (unsigned char *)to;
+
+ *(p++) = 0;
+ *(p++) = 2; /* Public Key BT (Block Type) */
+
+ /* pad out with non-zero random data */
+ j = tlen - 3 - flen;
+
+ if (RAND_bytes(p, j) <= 0)
+ return (0);
+ for (i = 0; i < j; i++) {
+ if (*p == '\0')
+ do {
+ if (RAND_bytes(p, 1) <= 0)
+ return (0);
+ } while (*p == '\0');
+ p++;
+ }
+
+ *(p++) = '\0';
+
+ memcpy(p, from, (unsigned int)flen);
+ return (1);
+}
+
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+ const unsigned char *from, int flen,
+ int num)
+{
+ int i;
+ /* |em| is the encoded message, zero-padded to exactly |num| bytes */
+ unsigned char *em = NULL;
+ unsigned int good, found_zero_byte;
+ int zero_index = 0, msg_index, mlen = -1;
+
+ if (tlen < 0 || flen < 0)
+ return -1;
+
+ /*
+ * PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard",
+ * section 7.2.2.
+ */
+
+ if (flen > num)
+ goto err;
+
+ if (num < 11)
+ goto err;
+
+ em = OPENSSL_malloc(num);
+ if (em == NULL) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ memset(em, 0, num);
+ /*
+ * Always do this zero-padding copy (even when num == flen) to avoid
+ * leaking that information. The copy still leaks some side-channel
+ * information, but it's impossible to have a fixed memory access
+ * pattern since we can't read out of the bounds of |from|.
+ *
+ * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
+ */
+ memcpy(em + num - flen, from, flen);
+
+ good = constant_time_is_zero(em[0]);
+ good &= constant_time_eq(em[1], 2);
+
+ found_zero_byte = 0;
+ for (i = 2; i < num; i++) {
+ unsigned int equals0 = constant_time_is_zero(em[i]);
+ zero_index =
+ constant_time_select_int(~found_zero_byte & equals0, i,
+ zero_index);
+ found_zero_byte |= equals0;
+ }
+
+ /*
+ * PS must be at least 8 bytes long, and it starts two bytes into |em|.
+ * If we never found a 0-byte, then |zero_index| is 0 and the check
+ * also fails.
+ */
+ good &= constant_time_ge((unsigned int)(zero_index), 2 + 8);
+
+ /*
+ * Skip the zero byte. This is incorrect if we never found a zero-byte
+ * but in this case we also do not copy the message out.
+ */
+ msg_index = zero_index + 1;
+ mlen = num - msg_index;
+
+ /*
+ * For good measure, do this check in constant time as well; it could
+ * leak something if |tlen| was assuming valid padding.
+ */
+ good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen));
+
+ /*
+ * We can't continue in constant-time because we need to copy the result
+ * and we cannot fake its length. This unavoidably leaks timing
+ * information at the API boundary.
+ * TODO(emilia): this could be addressed at the call site,
+ * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26.
+ */
+ if (!good) {
+ mlen = -1;
+ goto err;
+ }
+
+ memcpy(to, em + msg_index, mlen);
+
+ err:
+ if (em != NULL)
+ OPENSSL_free(em);
+ if (mlen == -1)
+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
+ RSA_R_PKCS_DECODING_ERROR);
+ return mlen;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pss.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_pss.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pss.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,269 +0,0 @@
-/* rsa_pss.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
-
-#if defined(_MSC_VER) && defined(_ARM_)
-#pragma optimize("g", off)
-#endif
-
-int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
- const EVP_MD *Hash, const unsigned char *EM, int sLen)
- {
- int i;
- int ret = 0;
- int hLen, maskedDBLen, MSBits, emLen;
- const unsigned char *H;
- unsigned char *DB = NULL;
- EVP_MD_CTX ctx;
- unsigned char H_[EVP_MAX_MD_SIZE];
-
- hLen = M_EVP_MD_size(Hash);
- /*
- * Negative sLen has special meanings:
- * -1 sLen == hLen
- * -2 salt length is autorecovered from signature
- * -N reserved
- */
- if (sLen == -1) sLen = hLen;
- else if (sLen == -2) sLen = -2;
- else if (sLen < -2)
- {
- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
- goto err;
- }
-
- MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
- emLen = RSA_size(rsa);
- if (EM[0] & (0xFF << MSBits))
- {
- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
- goto err;
- }
- if (MSBits == 0)
- {
- EM++;
- emLen--;
- }
- if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */
- {
- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);
- goto err;
- }
- if (EM[emLen - 1] != 0xbc)
- {
- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
- goto err;
- }
- maskedDBLen = emLen - hLen - 1;
- H = EM + maskedDBLen;
- DB = OPENSSL_malloc(maskedDBLen);
- if (!DB)
- {
- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
- for (i = 0; i < maskedDBLen; i++)
- DB[i] ^= EM[i];
- if (MSBits)
- DB[0] &= 0xFF >> (8 - MSBits);
- for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ;
- if (DB[i++] != 0x1)
- {
- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED);
- goto err;
- }
- if (sLen >= 0 && (maskedDBLen - i) != sLen)
- {
- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
- goto err;
- }
- EVP_MD_CTX_init(&ctx);
- EVP_DigestInit_ex(&ctx, Hash, NULL);
- EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
- EVP_DigestUpdate(&ctx, mHash, hLen);
- if (maskedDBLen - i)
- EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i);
- EVP_DigestFinal(&ctx, H_, NULL);
- EVP_MD_CTX_cleanup(&ctx);
- if (memcmp(H_, H, hLen))
- {
- RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE);
- ret = 0;
- }
- else
- ret = 1;
-
- err:
- if (DB)
- OPENSSL_free(DB);
-
- return ret;
-
- }
-
-int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
- const unsigned char *mHash,
- const EVP_MD *Hash, int sLen)
- {
- int i;
- int ret = 0;
- int hLen, maskedDBLen, MSBits, emLen;
- unsigned char *H, *salt = NULL, *p;
- EVP_MD_CTX ctx;
-
- hLen = M_EVP_MD_size(Hash);
- /*
- * Negative sLen has special meanings:
- * -1 sLen == hLen
- * -2 salt length is maximized
- * -N reserved
- */
- if (sLen == -1) sLen = hLen;
- else if (sLen == -2) sLen = -2;
- else if (sLen < -2)
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
- goto err;
- }
-
- MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
- emLen = RSA_size(rsa);
- if (MSBits == 0)
- {
- *EM++ = 0;
- emLen--;
- }
- if (sLen == -2)
- {
- sLen = emLen - hLen - 2;
- }
- else if (emLen < (hLen + sLen + 2))
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
- RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- goto err;
- }
- if (sLen > 0)
- {
- salt = OPENSSL_malloc(sLen);
- if (!salt)
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (RAND_bytes(salt, sLen) <= 0)
- goto err;
- }
- maskedDBLen = emLen - hLen - 1;
- H = EM + maskedDBLen;
- EVP_MD_CTX_init(&ctx);
- EVP_DigestInit_ex(&ctx, Hash, NULL);
- EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
- EVP_DigestUpdate(&ctx, mHash, hLen);
- if (sLen)
- EVP_DigestUpdate(&ctx, salt, sLen);
- EVP_DigestFinal(&ctx, H, NULL);
- EVP_MD_CTX_cleanup(&ctx);
-
- /* Generate dbMask in place then perform XOR on it */
- PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
-
- p = EM;
-
- /* Initial PS XORs with all zeroes which is a NOP so just update
- * pointer. Note from a test above this value is guaranteed to
- * be non-negative.
- */
- p += emLen - sLen - hLen - 2;
- *p++ ^= 0x1;
- if (sLen > 0)
- {
- for (i = 0; i < sLen; i++)
- *p++ ^= salt[i];
- }
- if (MSBits)
- EM[0] &= 0xFF >> (8 - MSBits);
-
- /* H is already in place so just set final 0xbc */
-
- EM[emLen - 1] = 0xbc;
-
- ret = 1;
-
- err:
- if (salt)
- OPENSSL_free(salt);
-
- return ret;
-
- }
-
-#if defined(_MSC_VER)
-#pragma optimize("",on)
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pss.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_pss.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pss.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_pss.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,256 @@
+/* rsa_pss.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
+
+#if defined(_MSC_VER) && defined(_ARM_)
+# pragma optimize("g", off)
+#endif
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+ const EVP_MD *Hash, const unsigned char *EM,
+ int sLen)
+{
+ int i;
+ int ret = 0;
+ int hLen, maskedDBLen, MSBits, emLen;
+ const unsigned char *H;
+ unsigned char *DB = NULL;
+ EVP_MD_CTX ctx;
+ unsigned char H_[EVP_MAX_MD_SIZE];
+
+ hLen = M_EVP_MD_size(Hash);
+ /*-
+ * Negative sLen has special meanings:
+ * -1 sLen == hLen
+ * -2 salt length is autorecovered from signature
+ * -N reserved
+ */
+ if (sLen == -1)
+ sLen = hLen;
+ else if (sLen == -2)
+ sLen = -2;
+ else if (sLen < -2) {
+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+ goto err;
+ }
+
+ MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+ emLen = RSA_size(rsa);
+ if (EM[0] & (0xFF << MSBits)) {
+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
+ goto err;
+ }
+ if (MSBits == 0) {
+ EM++;
+ emLen--;
+ }
+ if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */
+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);
+ goto err;
+ }
+ if (EM[emLen - 1] != 0xbc) {
+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
+ goto err;
+ }
+ maskedDBLen = emLen - hLen - 1;
+ H = EM + maskedDBLen;
+ DB = OPENSSL_malloc(maskedDBLen);
+ if (!DB) {
+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
+ for (i = 0; i < maskedDBLen; i++)
+ DB[i] ^= EM[i];
+ if (MSBits)
+ DB[0] &= 0xFF >> (8 - MSBits);
+ for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) ;
+ if (DB[i++] != 0x1) {
+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED);
+ goto err;
+ }
+ if (sLen >= 0 && (maskedDBLen - i) != sLen) {
+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+ goto err;
+ }
+ EVP_MD_CTX_init(&ctx);
+ EVP_DigestInit_ex(&ctx, Hash, NULL);
+ EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
+ EVP_DigestUpdate(&ctx, mHash, hLen);
+ if (maskedDBLen - i)
+ EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i);
+ EVP_DigestFinal(&ctx, H_, NULL);
+ EVP_MD_CTX_cleanup(&ctx);
+ if (memcmp(H_, H, hLen)) {
+ RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE);
+ ret = 0;
+ } else
+ ret = 1;
+
+ err:
+ if (DB)
+ OPENSSL_free(DB);
+
+ return ret;
+
+}
+
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+ const unsigned char *mHash,
+ const EVP_MD *Hash, int sLen)
+{
+ int i;
+ int ret = 0;
+ int hLen, maskedDBLen, MSBits, emLen;
+ unsigned char *H, *salt = NULL, *p;
+ EVP_MD_CTX ctx;
+
+ hLen = M_EVP_MD_size(Hash);
+ /*-
+ * Negative sLen has special meanings:
+ * -1 sLen == hLen
+ * -2 salt length is maximized
+ * -N reserved
+ */
+ if (sLen == -1)
+ sLen = hLen;
+ else if (sLen == -2)
+ sLen = -2;
+ else if (sLen < -2) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+ goto err;
+ }
+
+ MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+ emLen = RSA_size(rsa);
+ if (MSBits == 0) {
+ *EM++ = 0;
+ emLen--;
+ }
+ if (sLen == -2) {
+ sLen = emLen - hLen - 2;
+ } else if (emLen < (hLen + sLen + 2)) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ goto err;
+ }
+ if (sLen > 0) {
+ salt = OPENSSL_malloc(sLen);
+ if (!salt) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (RAND_bytes(salt, sLen) <= 0)
+ goto err;
+ }
+ maskedDBLen = emLen - hLen - 1;
+ H = EM + maskedDBLen;
+ EVP_MD_CTX_init(&ctx);
+ EVP_DigestInit_ex(&ctx, Hash, NULL);
+ EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
+ EVP_DigestUpdate(&ctx, mHash, hLen);
+ if (sLen)
+ EVP_DigestUpdate(&ctx, salt, sLen);
+ EVP_DigestFinal(&ctx, H, NULL);
+ EVP_MD_CTX_cleanup(&ctx);
+
+ /* Generate dbMask in place then perform XOR on it */
+ PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
+
+ p = EM;
+
+ /*
+ * Initial PS XORs with all zeroes which is a NOP so just update pointer.
+ * Note from a test above this value is guaranteed to be non-negative.
+ */
+ p += emLen - sLen - hLen - 2;
+ *p++ ^= 0x1;
+ if (sLen > 0) {
+ for (i = 0; i < sLen; i++)
+ *p++ ^= salt[i];
+ }
+ if (MSBits)
+ EM[0] &= 0xFF >> (8 - MSBits);
+
+ /* H is already in place so just set final 0xbc */
+
+ EM[emLen - 1] = 0xbc;
+
+ ret = 1;
+
+ err:
+ if (salt)
+ OPENSSL_free(salt);
+
+ return ret;
+
+}
+
+#if defined(_MSC_VER)
+# pragma optimize("",on)
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_saos.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_saos.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_saos.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,150 +0,0 @@
-/* crypto/rsa/rsa_saos.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int RSA_sign_ASN1_OCTET_STRING(int type,
- const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa)
- {
- ASN1_OCTET_STRING sig;
- int i,j,ret=1;
- unsigned char *p,*s;
-
- sig.type=V_ASN1_OCTET_STRING;
- sig.length=m_len;
- sig.data=(unsigned char *)m;
-
- i=i2d_ASN1_OCTET_STRING(&sig,NULL);
- j=RSA_size(rsa);
- if (i > (j-RSA_PKCS1_PADDING_SIZE))
- {
- RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
- return(0);
- }
- s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
- if (s == NULL)
- {
- RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- p=s;
- i2d_ASN1_OCTET_STRING(&sig,&p);
- i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
- if (i <= 0)
- ret=0;
- else
- *siglen=i;
-
- OPENSSL_cleanse(s,(unsigned int)j+1);
- OPENSSL_free(s);
- return(ret);
- }
-
-int RSA_verify_ASN1_OCTET_STRING(int dtype,
- const unsigned char *m,
- unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
- RSA *rsa)
- {
- int i,ret=0;
- unsigned char *s;
- const unsigned char *p;
- ASN1_OCTET_STRING *sig=NULL;
-
- if (siglen != (unsigned int)RSA_size(rsa))
- {
- RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH);
- return(0);
- }
-
- s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
- if (s == NULL)
- {
- RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
-
- if (i <= 0) goto err;
-
- p=s;
- sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i);
- if (sig == NULL) goto err;
-
- if ( ((unsigned int)sig->length != m_len) ||
- (memcmp(m,sig->data,m_len) != 0))
- {
- RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE);
- }
- else
- ret=1;
-err:
- if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
- if (s != NULL)
- {
- OPENSSL_cleanse(s,(unsigned int)siglen);
- OPENSSL_free(s);
- }
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_saos.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_saos.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_saos.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_saos.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,148 @@
+/* crypto/rsa/rsa_saos.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int RSA_sign_ASN1_OCTET_STRING(int type,
+ const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen,
+ RSA *rsa)
+{
+ ASN1_OCTET_STRING sig;
+ int i, j, ret = 1;
+ unsigned char *p, *s;
+
+ sig.type = V_ASN1_OCTET_STRING;
+ sig.length = m_len;
+ sig.data = (unsigned char *)m;
+
+ i = i2d_ASN1_OCTET_STRING(&sig, NULL);
+ j = RSA_size(rsa);
+ if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
+ RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,
+ RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+ return (0);
+ }
+ s = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1);
+ if (s == NULL) {
+ RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ p = s;
+ i2d_ASN1_OCTET_STRING(&sig, &p);
+ i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
+ if (i <= 0)
+ ret = 0;
+ else
+ *siglen = i;
+
+ OPENSSL_cleanse(s, (unsigned int)j + 1);
+ OPENSSL_free(s);
+ return (ret);
+}
+
+int RSA_verify_ASN1_OCTET_STRING(int dtype,
+ const unsigned char *m,
+ unsigned int m_len, unsigned char *sigbuf,
+ unsigned int siglen, RSA *rsa)
+{
+ int i, ret = 0;
+ unsigned char *s;
+ const unsigned char *p;
+ ASN1_OCTET_STRING *sig = NULL;
+
+ if (siglen != (unsigned int)RSA_size(rsa)) {
+ RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
+ RSA_R_WRONG_SIGNATURE_LENGTH);
+ return (0);
+ }
+
+ s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen);
+ if (s == NULL) {
+ RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
+
+ if (i <= 0)
+ goto err;
+
+ p = s;
+ sig = d2i_ASN1_OCTET_STRING(NULL, &p, (long)i);
+ if (sig == NULL)
+ goto err;
+
+ if (((unsigned int)sig->length != m_len) ||
+ (memcmp(m, sig->data, m_len) != 0)) {
+ RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, RSA_R_BAD_SIGNATURE);
+ } else
+ ret = 1;
+ err:
+ if (sig != NULL)
+ M_ASN1_OCTET_STRING_free(sig);
+ if (s != NULL) {
+ OPENSSL_cleanse(s, (unsigned int)siglen);
+ OPENSSL_free(s);
+ }
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_sign.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_sign.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,296 +0,0 @@
-/* crypto/rsa/rsa_sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-/* Size of an SSL signature: MD5+SHA1 */
-#define SSL_SIG_LENGTH 36
-
-int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa)
- {
- X509_SIG sig;
- ASN1_TYPE parameter;
- int i,j,ret=1;
- unsigned char *p, *tmps = NULL;
- const unsigned char *s = NULL;
- X509_ALGOR algor;
- ASN1_OCTET_STRING digest;
- if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
- {
- return rsa->meth->rsa_sign(type, m, m_len,
- sigret, siglen, rsa);
- }
- /* Special case: SSL signature, just check the length */
- if(type == NID_md5_sha1) {
- if(m_len != SSL_SIG_LENGTH) {
- RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);
- return(0);
- }
- i = SSL_SIG_LENGTH;
- s = m;
- } else {
- /* NB: in FIPS mode block anything that isn't a TLS signature */
-#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
- {
- RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return 0;
- }
-#endif
- sig.algor= &algor;
- sig.algor->algorithm=OBJ_nid2obj(type);
- if (sig.algor->algorithm == NULL)
- {
- RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
- return(0);
- }
- if (sig.algor->algorithm->length == 0)
- {
- RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
- return(0);
- }
- parameter.type=V_ASN1_NULL;
- parameter.value.ptr=NULL;
- sig.algor->parameter= ¶meter;
-
- sig.digest= &digest;
- sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */
- sig.digest->length=m_len;
-
- i=i2d_X509_SIG(&sig,NULL);
- }
- j=RSA_size(rsa);
- if (i > (j-RSA_PKCS1_PADDING_SIZE))
- {
- RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
- return(0);
- }
- if(type != NID_md5_sha1) {
- tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
- if (tmps == NULL)
- {
- RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- p=tmps;
- i2d_X509_SIG(&sig,&p);
- s=tmps;
- }
-#ifdef OPENSSL_FIPS
- /* Bypass algorithm blocking: this is allowed if we get this far */
- i=rsa->meth->rsa_priv_enc(i,s,sigret,rsa,RSA_PKCS1_PADDING);
-#else
- i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
-#endif
- if (i <= 0)
- ret=0;
- else
- *siglen=i;
-
- if(type != NID_md5_sha1) {
- OPENSSL_cleanse(tmps,(unsigned int)j+1);
- OPENSSL_free(tmps);
- }
- return(ret);
- }
-
-/*
- * Check DigestInfo structure does not contain extraneous data by reencoding
- * using DER and checking encoding against original.
- */
-static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, int dinfolen)
- {
- unsigned char *der = NULL;
- int derlen;
- int ret = 0;
- derlen = i2d_X509_SIG(sig, &der);
- if (derlen <= 0)
- return 0;
- if (derlen == dinfolen && !memcmp(dinfo, der, derlen))
- ret = 1;
- OPENSSL_cleanse(der, derlen);
- OPENSSL_free(der);
- return ret;
- }
-
-int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
- {
- int i,ret=0,sigtype;
- unsigned char *s;
- X509_SIG *sig=NULL;
-
- if (siglen != (unsigned int)RSA_size(rsa))
- {
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
- return(0);
- }
-
- if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
- {
- return rsa->meth->rsa_verify(dtype, m, m_len,
- sigbuf, siglen, rsa);
- }
-
- s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
- if (s == NULL)
- {
- RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if(dtype == NID_md5_sha1)
- {
- if (m_len != SSL_SIG_LENGTH)
- {
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
- goto err;
- }
- }
- /* NB: in FIPS mode block anything that isn't a TLS signature */
-#ifdef OPENSSL_FIPS
- else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
- {
- RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return 0;
- }
- /* Bypass algorithm blocking: this is allowed */
- i=rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
-#else
- i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
-#endif
-
- if (i <= 0) goto err;
-
- /* Special case: SSL signature */
- if(dtype == NID_md5_sha1) {
- if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
- else ret = 1;
- } else {
- const unsigned char *p=s;
- sig=d2i_X509_SIG(NULL,&p,(long)i);
-
- if (sig == NULL) goto err;
-
- /* Excess data can be used to create forgeries */
- if(p != s+i || !rsa_check_digestinfo(sig, s, i))
- {
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
- goto err;
- }
-
- /* Parameters to the signature algorithm can also be used to
- create forgeries */
- if(sig->algor->parameter
- && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
- {
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
- goto err;
- }
-
- sigtype=OBJ_obj2nid(sig->algor->algorithm);
-
-
- #ifdef RSA_DEBUG
- /* put a backward compatibility flag in EAY */
- fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
- OBJ_nid2ln(dtype));
- #endif
- if (sigtype != dtype)
- {
- if (((dtype == NID_md5) &&
- (sigtype == NID_md5WithRSAEncryption)) ||
- ((dtype == NID_md2) &&
- (sigtype == NID_md2WithRSAEncryption)))
- {
- /* ok, we will let it through */
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
- fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
-#endif
- }
- else
- {
- RSAerr(RSA_F_RSA_VERIFY,
- RSA_R_ALGORITHM_MISMATCH);
- goto err;
- }
- }
- if ( ((unsigned int)sig->digest->length != m_len) ||
- (memcmp(m,sig->digest->data,m_len) != 0))
- {
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
- }
- else
- ret=1;
- }
-err:
- if (sig != NULL) X509_SIG_free(sig);
- if (s != NULL)
- {
- OPENSSL_cleanse(s,(unsigned int)siglen);
- OPENSSL_free(s);
- }
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_sign.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_sign.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_sign.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,280 @@
+/* crypto/rsa/rsa_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+/* Size of an SSL signature: MD5+SHA1 */
+#define SSL_SIG_LENGTH 36
+
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+{
+ X509_SIG sig;
+ ASN1_TYPE parameter;
+ int i, j, ret = 1;
+ unsigned char *p, *tmps = NULL;
+ const unsigned char *s = NULL;
+ X509_ALGOR algor;
+ ASN1_OCTET_STRING digest;
+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+ return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
+ }
+ /* Special case: SSL signature, just check the length */
+ if (type == NID_md5_sha1) {
+ if (m_len != SSL_SIG_LENGTH) {
+ RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
+ return (0);
+ }
+ i = SSL_SIG_LENGTH;
+ s = m;
+ } else {
+ /* NB: in FIPS mode block anything that isn't a TLS signature */
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+ RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+#endif
+ sig.algor = &algor;
+ sig.algor->algorithm = OBJ_nid2obj(type);
+ if (sig.algor->algorithm == NULL) {
+ RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ return (0);
+ }
+ if (sig.algor->algorithm->length == 0) {
+ RSAerr(RSA_F_RSA_SIGN,
+ RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+ return (0);
+ }
+ parameter.type = V_ASN1_NULL;
+ parameter.value.ptr = NULL;
+ sig.algor->parameter = ¶meter;
+
+ sig.digest = &digest;
+ sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */
+ sig.digest->length = m_len;
+
+ i = i2d_X509_SIG(&sig, NULL);
+ }
+ j = RSA_size(rsa);
+ if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
+ RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+ return (0);
+ }
+ if (type != NID_md5_sha1) {
+ tmps = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1);
+ if (tmps == NULL) {
+ RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ p = tmps;
+ i2d_X509_SIG(&sig, &p);
+ s = tmps;
+ }
+#ifdef OPENSSL_FIPS
+ /* Bypass algorithm blocking: this is allowed if we get this far */
+ i = rsa->meth->rsa_priv_enc(i, s, sigret, rsa, RSA_PKCS1_PADDING);
+#else
+ i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
+#endif
+ if (i <= 0)
+ ret = 0;
+ else
+ *siglen = i;
+
+ if (type != NID_md5_sha1) {
+ OPENSSL_cleanse(tmps, (unsigned int)j + 1);
+ OPENSSL_free(tmps);
+ }
+ return (ret);
+}
+
+/*
+ * Check DigestInfo structure does not contain extraneous data by reencoding
+ * using DER and checking encoding against original.
+ */
+static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo,
+ int dinfolen)
+{
+ unsigned char *der = NULL;
+ int derlen;
+ int ret = 0;
+ derlen = i2d_X509_SIG(sig, &der);
+ if (derlen <= 0)
+ return 0;
+ if (derlen == dinfolen && !memcmp(dinfo, der, derlen))
+ ret = 1;
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ return ret;
+}
+
+int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
+ unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
+{
+ int i, ret = 0, sigtype;
+ unsigned char *s;
+ X509_SIG *sig = NULL;
+
+ if (siglen != (unsigned int)RSA_size(rsa)) {
+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
+ return (0);
+ }
+
+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+ return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
+ }
+
+ s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen);
+ if (s == NULL) {
+ RSAerr(RSA_F_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (dtype == NID_md5_sha1) {
+ if (m_len != SSL_SIG_LENGTH) {
+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
+ goto err;
+ }
+ }
+ /* NB: in FIPS mode block anything that isn't a TLS signature */
+#ifdef OPENSSL_FIPS
+ else if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return 0;
+ }
+ /* Bypass algorithm blocking: this is allowed */
+ i = rsa->meth->rsa_pub_dec((int)siglen, sigbuf, s, rsa,
+ RSA_PKCS1_PADDING);
+#else
+ i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
+#endif
+
+ if (i <= 0)
+ goto err;
+
+ /* Special case: SSL signature */
+ if (dtype == NID_md5_sha1) {
+ if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+ else
+ ret = 1;
+ } else {
+ const unsigned char *p = s;
+ sig = d2i_X509_SIG(NULL, &p, (long)i);
+
+ if (sig == NULL)
+ goto err;
+
+ /* Excess data can be used to create forgeries */
+ if (p != s + i || !rsa_check_digestinfo(sig, s, i)) {
+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+ goto err;
+ }
+
+ /*
+ * Parameters to the signature algorithm can also be used to create
+ * forgeries
+ */
+ if (sig->algor->parameter
+ && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+ goto err;
+ }
+
+ sigtype = OBJ_obj2nid(sig->algor->algorithm);
+
+#ifdef RSA_DEBUG
+ /* put a backward compatibility flag in EAY */
+ fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype),
+ OBJ_nid2ln(dtype));
+#endif
+ if (sigtype != dtype) {
+ if (((dtype == NID_md5) &&
+ (sigtype == NID_md5WithRSAEncryption)) ||
+ ((dtype == NID_md2) &&
+ (sigtype == NID_md2WithRSAEncryption))) {
+ /* ok, we will let it through */
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+ fprintf(stderr,
+ "signature has problems, re-make with post SSLeay045\n");
+#endif
+ } else {
+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
+ goto err;
+ }
+ }
+ if (((unsigned int)sig->digest->length != m_len) ||
+ (memcmp(m, sig->digest->data, m_len) != 0)) {
+ RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+ } else
+ ret = 1;
+ }
+ err:
+ if (sig != NULL)
+ X509_SIG_free(sig);
+ if (s != NULL) {
+ OPENSSL_cleanse(s, (unsigned int)siglen);
+ OPENSSL_free(s);
+ }
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_ssl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_ssl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_ssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,154 +0,0 @@
-/* crypto/rsa/rsa_ssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-
-int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
- const unsigned char *from, int flen)
- {
- int i,j;
- unsigned char *p;
-
- if (flen > (tlen-11))
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- return(0);
- }
-
- p=(unsigned char *)to;
-
- *(p++)=0;
- *(p++)=2; /* Public Key BT (Block Type) */
-
- /* pad out with non-zero random data */
- j=tlen-3-8-flen;
-
- if (RAND_bytes(p,j) <= 0)
- return(0);
- for (i=0; i<j; i++)
- {
- if (*p == '\0')
- do {
- if (RAND_bytes(p,1) <= 0)
- return(0);
- } while (*p == '\0');
- p++;
- }
-
- memset(p,3,8);
- p+=8;
- *(p++)='\0';
-
- memcpy(p,from,(unsigned int)flen);
- return(1);
- }
-
-int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
- const unsigned char *from, int flen, int num)
- {
- int i,j,k;
- const unsigned char *p;
-
- p=from;
- if (flen < 10)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL);
- return(-1);
- }
- if ((num != (flen+1)) || (*(p++) != 02))
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02);
- return(-1);
- }
-
- /* scan over padding data */
- j=flen-1; /* one for type */
- for (i=0; i<j; i++)
- if (*(p++) == 0) break;
-
- if ((i == j) || (i < 8))
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);
- return(-1);
- }
- for (k = -9; k<-1; k++)
- {
- if (p[k] != 0x03) break;
- }
- if (k == -1)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
- return(-1);
- }
-
- i++; /* Skip over the '\0' */
- j-=i;
- if (j > tlen)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);
- return(-1);
- }
- memcpy(to,p,(unsigned int)j);
-
- return(j);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_ssl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_ssl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_ssl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_ssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,149 @@
+/* crypto/rsa/rsa_ssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+ const unsigned char *from, int flen)
+{
+ int i, j;
+ unsigned char *p;
+
+ if (flen > (tlen - 11)) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
+ RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ return (0);
+ }
+
+ p = (unsigned char *)to;
+
+ *(p++) = 0;
+ *(p++) = 2; /* Public Key BT (Block Type) */
+
+ /* pad out with non-zero random data */
+ j = tlen - 3 - 8 - flen;
+
+ if (RAND_bytes(p, j) <= 0)
+ return (0);
+ for (i = 0; i < j; i++) {
+ if (*p == '\0')
+ do {
+ if (RAND_bytes(p, 1) <= 0)
+ return (0);
+ } while (*p == '\0');
+ p++;
+ }
+
+ memset(p, 3, 8);
+ p += 8;
+ *(p++) = '\0';
+
+ memcpy(p, from, (unsigned int)flen);
+ return (1);
+}
+
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+ const unsigned char *from, int flen, int num)
+{
+ int i, j, k;
+ const unsigned char *p;
+
+ p = from;
+ if (flen < 10) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
+ return (-1);
+ }
+ if ((num != (flen + 1)) || (*(p++) != 02)) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
+ return (-1);
+ }
+
+ /* scan over padding data */
+ j = flen - 1; /* one for type */
+ for (i = 0; i < j; i++)
+ if (*(p++) == 0)
+ break;
+
+ if ((i == j) || (i < 8)) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
+ RSA_R_NULL_BEFORE_BLOCK_MISSING);
+ return (-1);
+ }
+ for (k = -9; k < -1; k++) {
+ if (p[k] != 0x03)
+ break;
+ }
+ if (k == -1) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK);
+ return (-1);
+ }
+
+ i++; /* Skip over the '\0' */
+ j -= i;
+ if (j > tlen) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE);
+ return (-1);
+ }
+ memcpy(to, p, (unsigned int)j);
+
+ return (j);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,340 +0,0 @@
-/* test vectors from p1ovect1.txt */
-
-#include <stdio.h>
-#include <string.h>
-
-#include "e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-#ifdef OPENSSL_NO_RSA
-int main(int argc, char *argv[])
-{
- printf("No RSA support\n");
- return(0);
-}
-#else
-#include <openssl/rsa.h>
-
-#define SetKey \
- key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
- key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
- key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
- key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
- key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
- key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
- key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
- key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
- memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
- return (sizeof(ctext_ex) - 1);
-
-static int key1(RSA *key, unsigned char *c)
- {
- static unsigned char n[] =
-"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
-"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
-"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
-"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
-"\xF5";
-
- static unsigned char e[] = "\x11";
-
- static unsigned char d[] =
-"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
-"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
-"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
-"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
-
- static unsigned char p[] =
-"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
-"\x0D";
-
- static unsigned char q[] =
-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
-"\x89";
-
- static unsigned char dmp1[] =
-"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
-"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
-
- static unsigned char dmq1[] =
-"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
-"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
-"\x51";
-
- static unsigned char iqmp[] =
-"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
-"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
-
- static unsigned char ctext_ex[] =
-"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
-"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
-"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
-"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
-
- SetKey;
- }
-
-static int key2(RSA *key, unsigned char *c)
- {
- static unsigned char n[] =
-"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
-"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
-"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
-"\x34\x77\xCF";
-
- static unsigned char e[] = "\x3";
-
- static unsigned char d[] =
-"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
-"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
-"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
-"\xE5\xEB";
-
- static unsigned char p[] =
-"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
-"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
-
- static unsigned char q[] =
-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
-
- static unsigned char dmp1[] =
-"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
-"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
-
- static unsigned char dmq1[] =
-"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
-"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
-
- static unsigned char iqmp[] =
-"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
-"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
-
- static unsigned char ctext_ex[] =
-"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
-"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
-"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
-"\x62\x51";
-
- SetKey;
- }
-
-static int key3(RSA *key, unsigned char *c)
- {
- static unsigned char n[] =
-"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
-"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
-"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
-"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
-"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
-"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
-"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
-"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
-"\xCB";
-
- static unsigned char e[] = "\x11";
-
- static unsigned char d[] =
-"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
-"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
-"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
-"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
-"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
-"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
-"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
-"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
-"\xC1";
-
- static unsigned char p[] =
-"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
-"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
-"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
-"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
-"\x99";
-
- static unsigned char q[] =
-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
-"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
-"\x03";
-
- static unsigned char dmp1[] =
-"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
-"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
-"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
-"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
-
- static unsigned char dmq1[] =
-"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
-"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
-"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
-"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
-
- static unsigned char iqmp[] =
-"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
-"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
-"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
-"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
-"\xF7";
-
- static unsigned char ctext_ex[] =
-"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
-"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
-"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
-"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
-"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
-"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
-"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
-"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
-
- SetKey;
- }
-
-static int pad_unknown(void)
-{
- unsigned long l;
- while ((l = ERR_get_error()) != 0)
- if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
- return(1);
- return(0);
-}
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int main(int argc, char *argv[])
- {
- int err=0;
- int v;
- RSA *key;
- unsigned char ptext[256];
- unsigned char ctext[256];
- static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
- unsigned char ctext_ex[256];
- int plen;
- int clen = 0;
- int num;
- int n;
-
- CRYPTO_malloc_debug_init();
- CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
-
- plen = sizeof(ptext_ex) - 1;
-
- for (v = 0; v < 6; v++)
- {
- key = RSA_new();
- switch (v%3) {
- case 0:
- clen = key1(key, ctext_ex);
- break;
- case 1:
- clen = key2(key, ctext_ex);
- break;
- case 2:
- clen = key3(key, ctext_ex);
- break;
- }
- if (v/3 >= 1) key->flags |= RSA_FLAG_NO_CONSTTIME;
-
- num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
- RSA_PKCS1_PADDING);
- if (num != clen)
- {
- printf("PKCS#1 v1.5 encryption failed!\n");
- err=1;
- goto oaep;
- }
-
- num = RSA_private_decrypt(num, ctext, ptext, key,
- RSA_PKCS1_PADDING);
- if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
- {
- printf("PKCS#1 v1.5 decryption failed!\n");
- err=1;
- }
- else
- printf("PKCS #1 v1.5 encryption/decryption ok\n");
-
- oaep:
- ERR_clear_error();
- num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
- RSA_PKCS1_OAEP_PADDING);
- if (num == -1 && pad_unknown())
- {
- printf("No OAEP support\n");
- goto next;
- }
- if (num != clen)
- {
- printf("OAEP encryption failed!\n");
- err=1;
- goto next;
- }
-
- num = RSA_private_decrypt(num, ctext, ptext, key,
- RSA_PKCS1_OAEP_PADDING);
- if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
- {
- printf("OAEP decryption (encrypted data) failed!\n");
- err=1;
- }
- else if (memcmp(ctext, ctext_ex, num) == 0)
- printf("OAEP test vector %d passed!\n", v);
-
- /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
- Try decrypting ctext_ex */
-
- num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
- RSA_PKCS1_OAEP_PADDING);
-
- if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
- {
- printf("OAEP decryption (test vector data) failed!\n");
- err=1;
- }
- else
- printf("OAEP encryption/decryption ok\n");
-
- /* Try decrypting corrupted ciphertexts */
- for(n = 0 ; n < clen ; ++n)
- {
- int b;
- unsigned char saved = ctext[n];
- for(b = 0 ; b < 256 ; ++b)
- {
- if(b == saved)
- continue;
- ctext[n] = b;
- num = RSA_private_decrypt(num, ctext, ptext, key,
- RSA_PKCS1_OAEP_PADDING);
- if(num > 0)
- {
- printf("Corrupt data decrypted!\n");
- err = 1;
- }
- }
- }
- next:
- RSA_free(key);
- }
-
- CRYPTO_cleanup_all_ex_data();
- ERR_remove_state(0);
-
- CRYPTO_mem_leaks_fp(stderr);
-
-#ifdef OPENSSL_SYS_NETWARE
- if (err) printf("ERROR: %d\n", err);
-#endif
- return err;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,331 @@
+/* test vectors from p1ovect1.txt */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#ifdef OPENSSL_NO_RSA
+int main(int argc, char *argv[])
+{
+ printf("No RSA support\n");
+ return (0);
+}
+#else
+# include <openssl/rsa.h>
+
+# define SetKey \
+ key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+ key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
+ key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
+ key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
+ key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
+ key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
+ key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
+ key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
+ memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+ return (sizeof(ctext_ex) - 1);
+
+static int key1(RSA *key, unsigned char *c)
+{
+ static unsigned char n[] =
+ "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+ "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+ "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+ "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+ "\xF5";
+
+ static unsigned char e[] = "\x11";
+
+ static unsigned char d[] =
+ "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+ "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+ "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+ "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+
+ static unsigned char p[] =
+ "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+ "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+ "\x0D";
+
+ static unsigned char q[] =
+ "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+ "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+ "\x89";
+
+ static unsigned char dmp1[] =
+ "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+ "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+
+ static unsigned char dmq1[] =
+ "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+ "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+ "\x51";
+
+ static unsigned char iqmp[] =
+ "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+ "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+
+ static unsigned char ctext_ex[] =
+ "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
+ "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
+ "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
+ "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
+
+ SetKey;
+}
+
+static int key2(RSA *key, unsigned char *c)
+{
+ static unsigned char n[] =
+ "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
+ "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
+ "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
+ "\x34\x77\xCF";
+
+ static unsigned char e[] = "\x3";
+
+ static unsigned char d[] =
+ "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
+ "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
+ "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
+ "\xE5\xEB";
+
+ static unsigned char p[] =
+ "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
+ "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
+
+ static unsigned char q[] =
+ "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+ "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
+
+ static unsigned char dmp1[] =
+ "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
+ "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
+
+ static unsigned char dmq1[] =
+ "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
+ "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
+
+ static unsigned char iqmp[] =
+ "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
+ "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
+
+ static unsigned char ctext_ex[] =
+ "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
+ "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
+ "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
+ "\x62\x51";
+
+ SetKey;
+}
+
+static int key3(RSA *key, unsigned char *c)
+{
+ static unsigned char n[] =
+ "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+ "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+ "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+ "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+ "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+ "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+ "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+ "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+ "\xCB";
+
+ static unsigned char e[] = "\x11";
+
+ static unsigned char d[] =
+ "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+ "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+ "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+ "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+ "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+ "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+ "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+ "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+ "\xC1";
+
+ static unsigned char p[] =
+ "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+ "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+ "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+ "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+ "\x99";
+
+ static unsigned char q[] =
+ "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+ "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+ "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+ "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+ "\x03";
+
+ static unsigned char dmp1[] =
+ "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+ "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+ "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+ "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+
+ static unsigned char dmq1[] =
+ "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+ "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+ "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+ "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+
+ static unsigned char iqmp[] =
+ "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+ "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+ "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+ "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+ "\xF7";
+
+ static unsigned char ctext_ex[] =
+ "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
+ "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
+ "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
+ "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
+ "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
+ "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
+ "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
+ "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
+
+ SetKey;
+}
+
+static int pad_unknown(void)
+{
+ unsigned long l;
+ while ((l = ERR_get_error()) != 0)
+ if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
+ return (1);
+ return (0);
+}
+
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+{
+ int err = 0;
+ int v;
+ RSA *key;
+ unsigned char ptext[256];
+ unsigned char ctext[256];
+ static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
+ unsigned char ctext_ex[256];
+ int plen;
+ int clen = 0;
+ int num;
+ int n;
+
+ CRYPTO_malloc_debug_init();
+ CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
+
+ plen = sizeof(ptext_ex) - 1;
+
+ for (v = 0; v < 6; v++) {
+ key = RSA_new();
+ switch (v % 3) {
+ case 0:
+ clen = key1(key, ctext_ex);
+ break;
+ case 1:
+ clen = key2(key, ctext_ex);
+ break;
+ case 2:
+ clen = key3(key, ctext_ex);
+ break;
+ }
+ if (v / 3 >= 1)
+ key->flags |= RSA_FLAG_NO_CONSTTIME;
+
+ num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+ RSA_PKCS1_PADDING);
+ if (num != clen) {
+ printf("PKCS#1 v1.5 encryption failed!\n");
+ err = 1;
+ goto oaep;
+ }
+
+ num = RSA_private_decrypt(num, ctext, ptext, key, RSA_PKCS1_PADDING);
+ if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
+ printf("PKCS#1 v1.5 decryption failed!\n");
+ err = 1;
+ } else
+ printf("PKCS #1 v1.5 encryption/decryption ok\n");
+
+ oaep:
+ ERR_clear_error();
+ num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+ RSA_PKCS1_OAEP_PADDING);
+ if (num == -1 && pad_unknown()) {
+ printf("No OAEP support\n");
+ goto next;
+ }
+ if (num != clen) {
+ printf("OAEP encryption failed!\n");
+ err = 1;
+ goto next;
+ }
+
+ num = RSA_private_decrypt(num, ctext, ptext, key,
+ RSA_PKCS1_OAEP_PADDING);
+ if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
+ printf("OAEP decryption (encrypted data) failed!\n");
+ err = 1;
+ } else if (memcmp(ctext, ctext_ex, num) == 0)
+ printf("OAEP test vector %d passed!\n", v);
+
+ /*
+ * Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). Try
+ * decrypting ctext_ex
+ */
+
+ num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
+ RSA_PKCS1_OAEP_PADDING);
+
+ if (num != plen || memcmp(ptext, ptext_ex, num) != 0) {
+ printf("OAEP decryption (test vector data) failed!\n");
+ err = 1;
+ } else
+ printf("OAEP encryption/decryption ok\n");
+
+ /* Try decrypting corrupted ciphertexts */
+ for (n = 0; n < clen; ++n) {
+ int b;
+ unsigned char saved = ctext[n];
+ for (b = 0; b < 256; ++b) {
+ if (b == saved)
+ continue;
+ ctext[n] = b;
+ num = RSA_private_decrypt(num, ctext, ptext, key,
+ RSA_PKCS1_OAEP_PADDING);
+ if (num > 0) {
+ printf("Corrupt data decrypted!\n");
+ err = 1;
+ }
+ }
+ }
+ next:
+ RSA_free(key);
+ }
+
+ CRYPTO_cleanup_all_ex_data();
+ ERR_remove_state(0);
+
+ CRYPTO_mem_leaks_fp(stderr);
+
+# ifdef OPENSSL_SYS_NETWARE
+ if (err)
+ printf("ERROR: %d\n", err);
+# endif
+ return err;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_x931.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,177 +0,0 @@
-/* rsa_x931.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-
-int RSA_padding_add_X931(unsigned char *to, int tlen,
- const unsigned char *from, int flen)
- {
- int j;
- unsigned char *p;
-
- /* Absolute minimum amount of padding is 1 header nibble, 1 padding
- * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
- */
-
- j = tlen - flen - 2;
-
- if (j < 0)
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- return -1;
- }
-
- p=(unsigned char *)to;
-
- /* If no padding start and end nibbles are in one byte */
- if (j == 0)
- *p++ = 0x6A;
- else
- {
- *p++ = 0x6B;
- if (j > 1)
- {
- memset(p, 0xBB, j - 1);
- p += j - 1;
- }
- *p++ = 0xBA;
- }
- memcpy(p,from,(unsigned int)flen);
- p += flen;
- *p = 0xCC;
- return(1);
- }
-
-int RSA_padding_check_X931(unsigned char *to, int tlen,
- const unsigned char *from, int flen, int num)
- {
- int i = 0,j;
- const unsigned char *p;
-
- p=from;
- if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B)))
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER);
- return -1;
- }
-
- if (*p++ == 0x6B)
- {
- j=flen-3;
- for (i = 0; i < j; i++)
- {
- unsigned char c = *p++;
- if (c == 0xBA)
- break;
- if (c != 0xBB)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
- RSA_R_INVALID_PADDING);
- return -1;
- }
- }
-
- j -= i;
-
- if (i == 0)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
- return -1;
- }
-
- }
- else j = flen - 2;
-
- if (p[j] != 0xCC)
- {
- RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
- return -1;
- }
-
- memcpy(to,p,(unsigned int)j);
-
- return(j);
- }
-
-/* Translate between X931 hash ids and NIDs */
-
-int RSA_X931_hash_id(int nid)
- {
- switch (nid)
- {
- case NID_sha1:
- return 0x33;
-
- case NID_sha256:
- return 0x34;
-
- case NID_sha384:
- return 0x36;
-
- case NID_sha512:
- return 0x35;
-
- }
- return -1;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_x931.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,167 @@
+/* rsa_x931.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+
+int RSA_padding_add_X931(unsigned char *to, int tlen,
+ const unsigned char *from, int flen)
+{
+ int j;
+ unsigned char *p;
+
+ /*
+ * Absolute minimum amount of padding is 1 header nibble, 1 padding
+ * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
+ */
+
+ j = tlen - flen - 2;
+
+ if (j < 0) {
+ RSAerr(RSA_F_RSA_PADDING_ADD_X931, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ return -1;
+ }
+
+ p = (unsigned char *)to;
+
+ /* If no padding start and end nibbles are in one byte */
+ if (j == 0)
+ *p++ = 0x6A;
+ else {
+ *p++ = 0x6B;
+ if (j > 1) {
+ memset(p, 0xBB, j - 1);
+ p += j - 1;
+ }
+ *p++ = 0xBA;
+ }
+ memcpy(p, from, (unsigned int)flen);
+ p += flen;
+ *p = 0xCC;
+ return (1);
+}
+
+int RSA_padding_check_X931(unsigned char *to, int tlen,
+ const unsigned char *from, int flen, int num)
+{
+ int i = 0, j;
+ const unsigned char *p;
+
+ p = from;
+ if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER);
+ return -1;
+ }
+
+ if (*p++ == 0x6B) {
+ j = flen - 3;
+ for (i = 0; i < j; i++) {
+ unsigned char c = *p++;
+ if (c == 0xBA)
+ break;
+ if (c != 0xBB) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+ return -1;
+ }
+ }
+
+ j -= i;
+
+ if (i == 0) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+ return -1;
+ }
+
+ } else
+ j = flen - 2;
+
+ if (p[j] != 0xCC) {
+ RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
+ return -1;
+ }
+
+ memcpy(to, p, (unsigned int)j);
+
+ return (j);
+}
+
+/* Translate between X931 hash ids and NIDs */
+
+int RSA_X931_hash_id(int nid)
+{
+ switch (nid) {
+ case NID_sha1:
+ return 0x33;
+
+ case NID_sha256:
+ return 0x34;
+
+ case NID_sha384:
+ return 0x36;
+
+ case NID_sha512:
+ return 0x35;
+
+ }
+ return -1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931g.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/rsa/rsa_x931g.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931g.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,255 +0,0 @@
-/* crypto/rsa/rsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-#ifndef OPENSSL_FIPS
-
-/* X9.31 RSA key derivation and generation */
-
-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
- const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
- const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
- const BIGNUM *e, BN_GENCB *cb)
- {
- BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
- BN_CTX *ctx=NULL,*ctx2=NULL;
-
- if (!rsa)
- goto err;
-
- ctx = BN_CTX_new();
- if (!ctx)
- goto err;
- BN_CTX_start(ctx);
-
- r0 = BN_CTX_get(ctx);
- r1 = BN_CTX_get(ctx);
- r2 = BN_CTX_get(ctx);
- r3 = BN_CTX_get(ctx);
-
- if (r3 == NULL)
- goto err;
- if (!rsa->e)
- {
- rsa->e = BN_dup(e);
- if (!rsa->e)
- goto err;
- }
- else
- e = rsa->e;
-
- /* If not all parameters present only calculate what we can.
- * This allows test programs to output selective parameters.
- */
-
- if (Xp && !rsa->p)
- {
- rsa->p = BN_new();
- if (!rsa->p)
- goto err;
-
- if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
- Xp, Xp1, Xp2, e, ctx, cb))
- goto err;
- }
-
- if (Xq && !rsa->q)
- {
- rsa->q = BN_new();
- if (!rsa->q)
- goto err;
- if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
- Xq, Xq1, Xq2, e, ctx, cb))
- goto err;
- }
-
- if (!rsa->p || !rsa->q)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- return 2;
- }
-
- /* Since both primes are set we can now calculate all remaining
- * components.
- */
-
- /* calculate n */
- rsa->n=BN_new();
- if (rsa->n == NULL)
- goto err;
- if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
- goto err;
-
- /* calculate d */
- if (!BN_sub(r1,rsa->p,BN_value_one()))
- goto err; /* p-1 */
- if (!BN_sub(r2,rsa->q,BN_value_one()))
- goto err; /* q-1 */
- if (!BN_mul(r0,r1,r2,ctx))
- goto err; /* (p-1)(q-1) */
-
- if (!BN_gcd(r3, r1, r2, ctx))
- goto err;
-
- if (!BN_div(r0, NULL, r0, r3, ctx))
- goto err; /* LCM((p-1)(q-1)) */
-
- ctx2 = BN_CTX_new();
- if (!ctx2)
- goto err;
-
- rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */
- if (rsa->d == NULL)
- goto err;
-
- /* calculate d mod (p-1) */
- rsa->dmp1=BN_new();
- if (rsa->dmp1 == NULL)
- goto err;
- if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
- goto err;
-
- /* calculate d mod (q-1) */
- rsa->dmq1=BN_new();
- if (rsa->dmq1 == NULL)
- goto err;
- if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
- goto err;
-
- /* calculate inverse of q mod p */
- rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
-
- err:
- if (ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (ctx2)
- BN_CTX_free(ctx2);
- /* If this is set all calls successful */
- if (rsa && rsa->iqmp != NULL)
- return 1;
-
- return 0;
-
- }
-
-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
- {
- int ok = 0;
- BIGNUM *Xp = NULL, *Xq = NULL;
- BN_CTX *ctx = NULL;
-
- ctx = BN_CTX_new();
- if (!ctx)
- goto error;
-
- BN_CTX_start(ctx);
- Xp = BN_CTX_get(ctx);
- Xq = BN_CTX_get(ctx);
- if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
- goto error;
-
- rsa->p = BN_new();
- rsa->q = BN_new();
- if (!rsa->p || !rsa->q)
- goto error;
-
- /* Generate two primes from Xp, Xq */
-
- if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
- e, ctx, cb))
- goto error;
-
- if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
- e, ctx, cb))
- goto error;
-
- /* Since rsa->p and rsa->q are valid this call will just derive
- * remaining RSA components.
- */
-
- if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
- goto error;
-
- ok = 1;
-
- error:
- if (ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
-
- if (ok)
- return 1;
-
- return 0;
-
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931g.c (from rev 6976, vendor-crypto/openssl/dist/crypto/rsa/rsa_x931g.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931g.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/rsa/rsa_x931g.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,252 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+#ifndef OPENSSL_FIPS
+
+/* X9.31 RSA key derivation and generation */
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
+ BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
+ const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb)
+{
+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
+ BN_CTX *ctx = NULL, *ctx2 = NULL;
+
+ if (!rsa)
+ goto err;
+
+ ctx = BN_CTX_new();
+ if (!ctx)
+ goto err;
+ BN_CTX_start(ctx);
+
+ r0 = BN_CTX_get(ctx);
+ r1 = BN_CTX_get(ctx);
+ r2 = BN_CTX_get(ctx);
+ r3 = BN_CTX_get(ctx);
+
+ if (r3 == NULL)
+ goto err;
+ if (!rsa->e) {
+ rsa->e = BN_dup(e);
+ if (!rsa->e)
+ goto err;
+ } else
+ e = rsa->e;
+
+ /*
+ * If not all parameters present only calculate what we can. This allows
+ * test programs to output selective parameters.
+ */
+
+ if (Xp && !rsa->p) {
+ rsa->p = BN_new();
+ if (!rsa->p)
+ goto err;
+
+ if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
+ Xp, Xp1, Xp2, e, ctx, cb))
+ goto err;
+ }
+
+ if (Xq && !rsa->q) {
+ rsa->q = BN_new();
+ if (!rsa->q)
+ goto err;
+ if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
+ Xq, Xq1, Xq2, e, ctx, cb))
+ goto err;
+ }
+
+ if (!rsa->p || !rsa->q) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return 2;
+ }
+
+ /*
+ * Since both primes are set we can now calculate all remaining
+ * components.
+ */
+
+ /* calculate n */
+ rsa->n = BN_new();
+ if (rsa->n == NULL)
+ goto err;
+ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
+ goto err;
+
+ /* calculate d */
+ if (!BN_sub(r1, rsa->p, BN_value_one()))
+ goto err; /* p-1 */
+ if (!BN_sub(r2, rsa->q, BN_value_one()))
+ goto err; /* q-1 */
+ if (!BN_mul(r0, r1, r2, ctx))
+ goto err; /* (p-1)(q-1) */
+
+ if (!BN_gcd(r3, r1, r2, ctx))
+ goto err;
+
+ if (!BN_div(r0, NULL, r0, r3, ctx))
+ goto err; /* LCM((p-1)(q-1)) */
+
+ ctx2 = BN_CTX_new();
+ if (!ctx2)
+ goto err;
+
+ rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */
+ if (rsa->d == NULL)
+ goto err;
+
+ /* calculate d mod (p-1) */
+ rsa->dmp1 = BN_new();
+ if (rsa->dmp1 == NULL)
+ goto err;
+ if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx))
+ goto err;
+
+ /* calculate d mod (q-1) */
+ rsa->dmq1 = BN_new();
+ if (rsa->dmq1 == NULL)
+ goto err;
+ if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx))
+ goto err;
+
+ /* calculate inverse of q mod p */
+ rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
+
+ err:
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (ctx2)
+ BN_CTX_free(ctx2);
+ /* If this is set all calls successful */
+ if (rsa && rsa->iqmp != NULL)
+ return 1;
+
+ return 0;
+
+}
+
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
+ BN_GENCB *cb)
+{
+ int ok = 0;
+ BIGNUM *Xp = NULL, *Xq = NULL;
+ BN_CTX *ctx = NULL;
+
+ ctx = BN_CTX_new();
+ if (!ctx)
+ goto error;
+
+ BN_CTX_start(ctx);
+ Xp = BN_CTX_get(ctx);
+ Xq = BN_CTX_get(ctx);
+ if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+ goto error;
+
+ rsa->p = BN_new();
+ rsa->q = BN_new();
+ if (!rsa->p || !rsa->q)
+ goto error;
+
+ /* Generate two primes from Xp, Xq */
+
+ if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
+ e, ctx, cb))
+ goto error;
+
+ if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
+ e, ctx, cb))
+ goto error;
+
+ /*
+ * Since rsa->p and rsa->q are valid this call will just derive remaining
+ * RSA components.
+ */
+
+ if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
+ goto error;
+
+ ok = 1;
+
+ error:
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+
+ if (ok)
+ return 1;
+
+ return 0;
+
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/seed/seed.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,286 +0,0 @@
-/*
- * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Neither the name of author nor the names of its contributors may
- * be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-#ifndef OPENSSL_NO_SEED
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef WIN32
-#include <memory.h>
-#endif
-
-#include <openssl/seed.h>
-#include "seed_locl.h"
-
-static seed_word SS[4][256] = { {
- 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
- 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
- 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
- 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
- 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8, 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
- 0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354, 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
- 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
- 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380, 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
- 0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8, 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
- 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
- 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140, 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
- 0x1f0f131c, 0x19899198, 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
- 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
- 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c, 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
- 0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4, 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
- 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
- 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288, 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
- 0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4, 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
- 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, 0x36063234, 0x15051114, 0x22022220, 0x38083038,
- 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c, 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
- 0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c, 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
- 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
- 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364, 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
- 0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320, 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
- 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
- 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0, 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
- 0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c, 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
- 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
- 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c, 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
- 0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c, 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
- 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, 0x22426260, 0x29092128, 0x07070304, 0x33033330,
- 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178, 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298
-}, {
- 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2, 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
- 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3, 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
- 0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1, 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
- 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
- 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0, 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
- 0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2, 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
- 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
- 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72, 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
- 0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0, 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
- 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
- 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1, 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
- 0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1, 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
- 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
- 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202, 0x20220222, 0x04040400, 0x68284860, 0x70314171,
- 0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991, 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
- 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
- 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12, 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
- 0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2, 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
- 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
- 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292, 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
- 0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571, 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
- 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
- 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040, 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
- 0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22, 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
- 0x84058581, 0x14140410, 0x88098981, 0x981b8b93, 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
- 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282, 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
- 0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11, 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
- 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
- 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30, 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
- 0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393,
- 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
- 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83, 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3
-}, {
- 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
- 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e, 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
- 0x20282808, 0x40440444, 0x20202000, 0x919c1d8d, 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
- 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
- 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888, 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
- 0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747, 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
- 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
- 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383, 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
- 0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb, 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
- 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
- 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141, 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
- 0x131c1f0f, 0x91981989, 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
- 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
- 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d, 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
- 0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5, 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
- 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, 0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
- 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a, 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
- 0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5, 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
- 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, 0x32343606, 0x11141505, 0x22202202, 0x30383808,
- 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c, 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
- 0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c, 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
- 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
- 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747, 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
- 0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303, 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
- 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
- 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1, 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
- 0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f, 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
- 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
- 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f, 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
- 0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f, 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
- 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, 0x62602242, 0x21282909, 0x03040707, 0x33303303,
- 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949, 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a
-}, {
- 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
- 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407, 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
- 0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435, 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
- 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
- 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828, 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
- 0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416, 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
- 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
- 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a, 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
- 0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000, 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
- 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
- 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829, 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
- 0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405, 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
- 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
- 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002, 0x02222022, 0x04000404, 0x48606828, 0x41717031,
- 0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819, 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
- 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
- 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a, 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
- 0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022, 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
- 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
- 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012, 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
- 0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435, 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
- 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
- 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000, 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
- 0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a, 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
- 0x85818405, 0x04101414, 0x89818809, 0x8b93981b, 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
- 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002, 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
- 0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d, 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
- 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
- 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c, 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
- 0x0e020c0e, 0x40505010, 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013,
- 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
- 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f, 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437
-} };
-
-/* key schedule constants - golden ratio */
-#define KC0 0x9e3779b9
-#define KC1 0x3c6ef373
-#define KC2 0x78dde6e6
-#define KC3 0xf1bbcdcc
-#define KC4 0xe3779b99
-#define KC5 0xc6ef3733
-#define KC6 0x8dde6e67
-#define KC7 0x1bbcdccf
-#define KC8 0x3779b99e
-#define KC9 0x6ef3733c
-#define KC10 0xdde6e678
-#define KC11 0xbbcdccf1
-#define KC12 0x779b99e3
-#define KC13 0xef3733c6
-#define KC14 0xde6e678d
-#define KC15 0xbcdccf1b
-
-
-void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
-{
- seed_word x1, x2, x3, x4;
- seed_word t0, t1;
-
- char2word(rawkey , x1);
- char2word(rawkey+4 , x2);
- char2word(rawkey+8 , x3);
- char2word(rawkey+12, x4);
-
- t0 = (x1 + x3 - KC0) & 0xffffffff;
- t1 = (x2 - x4 + KC0) & 0xffffffff; KEYUPDATE_TEMP(t0, t1, &ks->data[0]);
- KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1); KEYUPDATE_TEMP(t0, t1, &ks->data[2]);
- KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2); KEYUPDATE_TEMP(t0, t1, &ks->data[4]);
- KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3); KEYUPDATE_TEMP(t0, t1, &ks->data[6]);
- KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4); KEYUPDATE_TEMP(t0, t1, &ks->data[8]);
- KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC5); KEYUPDATE_TEMP(t0, t1, &ks->data[10]);
- KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC6); KEYUPDATE_TEMP(t0, t1, &ks->data[12]);
- KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC7); KEYUPDATE_TEMP(t0, t1, &ks->data[14]);
- KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC8); KEYUPDATE_TEMP(t0, t1, &ks->data[16]);
- KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC9); KEYUPDATE_TEMP(t0, t1, &ks->data[18]);
- KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC10); KEYUPDATE_TEMP(t0, t1, &ks->data[20]);
- KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC11); KEYUPDATE_TEMP(t0, t1, &ks->data[22]);
- KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC12); KEYUPDATE_TEMP(t0, t1, &ks->data[24]);
- KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13); KEYUPDATE_TEMP(t0, t1, &ks->data[26]);
- KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14); KEYUPDATE_TEMP(t0, t1, &ks->data[28]);
- KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15); KEYUPDATE_TEMP(t0, t1, &ks->data[30]);
-}
-
-void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks)
-{
- seed_word x1, x2, x3, x4;
- seed_word t0, t1;
-
- char2word(s, x1);
- char2word(s+4, x2);
- char2word(s+8, x3);
- char2word(s+12, x4);
-
- E_SEED(t0, t1, x1, x2, x3, x4, 0);
- E_SEED(t0, t1, x3, x4, x1, x2, 2);
- E_SEED(t0, t1, x1, x2, x3, x4, 4);
- E_SEED(t0, t1, x3, x4, x1, x2, 6);
- E_SEED(t0, t1, x1, x2, x3, x4, 8);
- E_SEED(t0, t1, x3, x4, x1, x2, 10);
- E_SEED(t0, t1, x1, x2, x3, x4, 12);
- E_SEED(t0, t1, x3, x4, x1, x2, 14);
- E_SEED(t0, t1, x1, x2, x3, x4, 16);
- E_SEED(t0, t1, x3, x4, x1, x2, 18);
- E_SEED(t0, t1, x1, x2, x3, x4, 20);
- E_SEED(t0, t1, x3, x4, x1, x2, 22);
- E_SEED(t0, t1, x1, x2, x3, x4, 24);
- E_SEED(t0, t1, x3, x4, x1, x2, 26);
- E_SEED(t0, t1, x1, x2, x3, x4, 28);
- E_SEED(t0, t1, x3, x4, x1, x2, 30);
-
- word2char(x3, d);
- word2char(x4, d+4);
- word2char(x1, d+8);
- word2char(x2, d+12);
-}
-
-void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks)
-{
- seed_word x1, x2, x3, x4;
- seed_word t0, t1;
-
- char2word(s, x1);
- char2word(s+4, x2);
- char2word(s+8, x3);
- char2word(s+12, x4);
-
- E_SEED(t0, t1, x1, x2, x3, x4, 30);
- E_SEED(t0, t1, x3, x4, x1, x2, 28);
- E_SEED(t0, t1, x1, x2, x3, x4, 26);
- E_SEED(t0, t1, x3, x4, x1, x2, 24);
- E_SEED(t0, t1, x1, x2, x3, x4, 22);
- E_SEED(t0, t1, x3, x4, x1, x2, 20);
- E_SEED(t0, t1, x1, x2, x3, x4, 18);
- E_SEED(t0, t1, x3, x4, x1, x2, 16);
- E_SEED(t0, t1, x1, x2, x3, x4, 14);
- E_SEED(t0, t1, x3, x4, x1, x2, 12);
- E_SEED(t0, t1, x1, x2, x3, x4, 10);
- E_SEED(t0, t1, x3, x4, x1, x2, 8);
- E_SEED(t0, t1, x1, x2, x3, x4, 6);
- E_SEED(t0, t1, x3, x4, x1, x2, 4);
- E_SEED(t0, t1, x1, x2, x3, x4, 2);
- E_SEED(t0, t1, x3, x4, x1, x2, 0);
-
- word2char(x3, d);
- word2char(x4, d+4);
- word2char(x1, d+8);
- word2char(x2, d+12);
-}
-
-#endif /* OPENSSL_NO_SEED */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.c (from rev 6976, vendor-crypto/openssl/dist/crypto/seed/seed.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,848 @@
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef OPENSSL_NO_SEED
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# ifdef WIN32
+# include <memory.h>
+# endif
+
+# include <openssl/seed.h>
+# include "seed_locl.h"
+
+static seed_word SS[4][256] = { {
+ 0x2989a1a8, 0x05858184, 0x16c6d2d4,
+ 0x13c3d3d0, 0x14445054, 0x1d0d111c,
+ 0x2c8ca0ac, 0x25052124,
+ 0x1d4d515c, 0x03434340, 0x18081018,
+ 0x1e0e121c, 0x11415150, 0x3cccf0fc,
+ 0x0acac2c8, 0x23436360,
+ 0x28082028, 0x04444044, 0x20002020,
+ 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0,
+ 0x08c8c0c8, 0x17071314,
+ 0x2585a1a4, 0x0f8f838c, 0x03030300,
+ 0x3b4b7378, 0x3b8bb3b8, 0x13031310,
+ 0x12c2d2d0, 0x2ecee2ec,
+ 0x30407070, 0x0c8c808c, 0x3f0f333c,
+ 0x2888a0a8, 0x32023230, 0x1dcdd1dc,
+ 0x36c6f2f4, 0x34447074,
+ 0x2ccce0ec, 0x15859194, 0x0b0b0308,
+ 0x17475354, 0x1c4c505c, 0x1b4b5358,
+ 0x3d8db1bc, 0x01010100,
+ 0x24042024, 0x1c0c101c, 0x33437370,
+ 0x18889098, 0x10001010, 0x0cccc0cc,
+ 0x32c2f2f0, 0x19c9d1d8,
+ 0x2c0c202c, 0x27c7e3e4, 0x32427270,
+ 0x03838380, 0x1b8b9398, 0x11c1d1d0,
+ 0x06868284, 0x09c9c1c8,
+ 0x20406060, 0x10405050, 0x2383a3a0,
+ 0x2bcbe3e8, 0x0d0d010c, 0x3686b2b4,
+ 0x1e8e929c, 0x0f4f434c,
+ 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4,
+ 0x38487078, 0x2686a2a4, 0x12021210,
+ 0x2f8fa3ac, 0x15c5d1d4,
+ 0x21416160, 0x03c3c3c0, 0x3484b0b4,
+ 0x01414140, 0x12425250, 0x3d4d717c,
+ 0x0d8d818c, 0x08080008,
+ 0x1f0f131c, 0x19899198, 0x00000000,
+ 0x19091118, 0x04040004, 0x13435350,
+ 0x37c7f3f4, 0x21c1e1e0,
+ 0x3dcdf1fc, 0x36467274, 0x2f0f232c,
+ 0x27072324, 0x3080b0b0, 0x0b8b8388,
+ 0x0e0e020c, 0x2b8ba3a8,
+ 0x2282a2a0, 0x2e4e626c, 0x13839390,
+ 0x0d4d414c, 0x29496168, 0x3c4c707c,
+ 0x09090108, 0x0a0a0208,
+ 0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0,
+ 0x05c5c1c4, 0x07878384, 0x14041014,
+ 0x3ecef2fc, 0x24446064,
+ 0x1eced2dc, 0x2e0e222c, 0x0b4b4348,
+ 0x1a0a1218, 0x06060204, 0x21012120,
+ 0x2b4b6368, 0x26466264,
+ 0x02020200, 0x35c5f1f4, 0x12829290,
+ 0x0a8a8288, 0x0c0c000c, 0x3383b3b0,
+ 0x3e4e727c, 0x10c0d0d0,
+ 0x3a4a7278, 0x07474344, 0x16869294,
+ 0x25c5e1e4, 0x26062224, 0x00808080,
+ 0x2d8da1ac, 0x1fcfd3dc,
+ 0x2181a1a0, 0x30003030, 0x37073334,
+ 0x2e8ea2ac, 0x36063234, 0x15051114,
+ 0x22022220, 0x38083038,
+ 0x34c4f0f4, 0x2787a3a4, 0x05454144,
+ 0x0c4c404c, 0x01818180, 0x29c9e1e8,
+ 0x04848084, 0x17879394,
+ 0x35053134, 0x0bcbc3c8, 0x0ecec2cc,
+ 0x3c0c303c, 0x31417170, 0x11011110,
+ 0x07c7c3c4, 0x09898188,
+ 0x35457174, 0x3bcbf3f8, 0x1acad2d8,
+ 0x38c8f0f8, 0x14849094, 0x19495158,
+ 0x02828280, 0x04c4c0c4,
+ 0x3fcff3fc, 0x09494148, 0x39093138,
+ 0x27476364, 0x00c0c0c0, 0x0fcfc3cc,
+ 0x17c7d3d4, 0x3888b0b8,
+ 0x0f0f030c, 0x0e8e828c, 0x02424240,
+ 0x23032320, 0x11819190, 0x2c4c606c,
+ 0x1bcbd3d8, 0x2484a0a4,
+ 0x34043034, 0x31c1f1f0, 0x08484048,
+ 0x02c2c2c0, 0x2f4f636c, 0x3d0d313c,
+ 0x2d0d212c, 0x00404040,
+ 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc,
+ 0x01c1c1c0, 0x2a8aa2a8, 0x3a8ab2b8,
+ 0x0e4e424c, 0x15455154,
+ 0x3b0b3338, 0x1cccd0dc, 0x28486068,
+ 0x3f4f737c, 0x1c8c909c, 0x18c8d0d8,
+ 0x0a4a4248, 0x16465254,
+ 0x37477374, 0x2080a0a0, 0x2dcde1ec,
+ 0x06464244, 0x3585b1b4, 0x2b0b2328,
+ 0x25456164, 0x3acaf2f8,
+ 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0,
+ 0x1f8f939c, 0x1e4e525c, 0x39c9f1f8,
+ 0x26c6e2e4, 0x3282b2b0,
+ 0x31013130, 0x2acae2e8, 0x2d4d616c,
+ 0x1f4f535c, 0x24c4e0e4, 0x30c0f0f0,
+ 0x0dcdc1cc, 0x08888088,
+ 0x16061214, 0x3a0a3238, 0x18485058,
+ 0x14c4d0d4, 0x22426260, 0x29092128,
+ 0x07070304, 0x33033330,
+ 0x28c8e0e8, 0x1b0b1318, 0x05050104,
+ 0x39497178, 0x10809090, 0x2a4a6268,
+ 0x2a0a2228, 0x1a8a9298}, {
+ 0x38380830,
+ 0xe828c8e0,
+ 0x2c2d0d21,
+ 0xa42686a2,
+ 0xcc0fcfc3,
+ 0xdc1eced2,
+ 0xb03383b3,
+ 0xb83888b0,
+ 0xac2f8fa3,
+ 0x60204060,
+ 0x54154551,
+ 0xc407c7c3,
+ 0x44044440,
+ 0x6c2f4f63,
+ 0x682b4b63,
+ 0x581b4b53,
+ 0xc003c3c3,
+ 0x60224262,
+ 0x30330333,
+ 0xb43585b1,
+ 0x28290921,
+ 0xa02080a0,
+ 0xe022c2e2,
+ 0xa42787a3,
+ 0xd013c3d3,
+ 0x90118191,
+ 0x10110111,
+ 0x04060602,
+ 0x1c1c0c10,
+ 0xbc3c8cb0,
+ 0x34360632,
+ 0x480b4b43,
+ 0xec2fcfe3,
+ 0x88088880,
+ 0x6c2c4c60,
+ 0xa82888a0,
+ 0x14170713,
+ 0xc404c4c0,
+ 0x14160612,
+ 0xf434c4f0,
+ 0xc002c2c2,
+ 0x44054541,
+ 0xe021c1e1,
+ 0xd416c6d2,
+ 0x3c3f0f33,
+ 0x3c3d0d31,
+ 0x8c0e8e82,
+ 0x98188890,
+ 0x28280820,
+ 0x4c0e4e42,
+ 0xf436c6f2,
+ 0x3c3e0e32,
+ 0xa42585a1,
+ 0xf839c9f1,
+ 0x0c0d0d01,
+ 0xdc1fcfd3,
+ 0xd818c8d0,
+ 0x282b0b23,
+ 0x64264662,
+ 0x783a4a72,
+ 0x24270723,
+ 0x2c2f0f23,
+ 0xf031c1f1,
+ 0x70324272,
+ 0x40024242,
+ 0xd414c4d0,
+ 0x40014141,
+ 0xc000c0c0,
+ 0x70334373,
+ 0x64274763,
+ 0xac2c8ca0,
+ 0x880b8b83,
+ 0xf437c7f3,
+ 0xac2d8da1,
+ 0x80008080,
+ 0x1c1f0f13,
+ 0xc80acac2,
+ 0x2c2c0c20,
+ 0xa82a8aa2,
+ 0x34340430,
+ 0xd012c2d2,
+ 0x080b0b03,
+ 0xec2ecee2,
+ 0xe829c9e1,
+ 0x5c1d4d51,
+ 0x94148490,
+ 0x18180810,
+ 0xf838c8f0,
+ 0x54174753,
+ 0xac2e8ea2,
+ 0x08080800,
+ 0xc405c5c1,
+ 0x10130313,
+ 0xcc0dcdc1,
+ 0x84068682,
+ 0xb83989b1,
+ 0xfc3fcff3,
+ 0x7c3d4d71,
+ 0xc001c1c1,
+ 0x30310131,
+ 0xf435c5f1,
+ 0x880a8a82,
+ 0x682a4a62,
+ 0xb03181b1,
+ 0xd011c1d1,
+ 0x20200020,
+ 0xd417c7d3,
+ 0x00020202,
+ 0x20220222,
+ 0x04040400,
+ 0x68284860,
+ 0x70314171,
+ 0x04070703,
+ 0xd81bcbd3,
+ 0x9c1d8d91,
+ 0x98198991,
+ 0x60214161,
+ 0xbc3e8eb2,
+ 0xe426c6e2,
+ 0x58194951,
+ 0xdc1dcdd1,
+ 0x50114151,
+ 0x90108090,
+ 0xdc1cccd0,
+ 0x981a8a92,
+ 0xa02383a3,
+ 0xa82b8ba3,
+ 0xd010c0d0,
+ 0x80018181,
+ 0x0c0f0f03,
+ 0x44074743,
+ 0x181a0a12,
+ 0xe023c3e3,
+ 0xec2ccce0,
+ 0x8c0d8d81,
+ 0xbc3f8fb3,
+ 0x94168692,
+ 0x783b4b73,
+ 0x5c1c4c50,
+ 0xa02282a2,
+ 0xa02181a1,
+ 0x60234363,
+ 0x20230323,
+ 0x4c0d4d41,
+ 0xc808c8c0,
+ 0x9c1e8e92,
+ 0x9c1c8c90,
+ 0x383a0a32,
+ 0x0c0c0c00,
+ 0x2c2e0e22,
+ 0xb83a8ab2,
+ 0x6c2e4e62,
+ 0x9c1f8f93,
+ 0x581a4a52,
+ 0xf032c2f2,
+ 0x90128292,
+ 0xf033c3f3,
+ 0x48094941,
+ 0x78384870,
+ 0xcc0cccc0,
+ 0x14150511,
+ 0xf83bcbf3,
+ 0x70304070,
+ 0x74354571,
+ 0x7c3f4f73,
+ 0x34350531,
+ 0x10100010,
+ 0x00030303,
+ 0x64244460,
+ 0x6c2d4d61,
+ 0xc406c6c2,
+ 0x74344470,
+ 0xd415c5d1,
+ 0xb43484b0,
+ 0xe82acae2,
+ 0x08090901,
+ 0x74364672,
+ 0x18190911,
+ 0xfc3ecef2,
+ 0x40004040,
+ 0x10120212,
+ 0xe020c0e0,
+ 0xbc3d8db1,
+ 0x04050501,
+ 0xf83acaf2,
+ 0x00010101,
+ 0xf030c0f0,
+ 0x282a0a22,
+ 0x5c1e4e52,
+ 0xa82989a1,
+ 0x54164652,
+ 0x40034343,
+ 0x84058581,
+ 0x14140410,
+ 0x88098981,
+ 0x981b8b93,
+ 0xb03080b0,
+ 0xe425c5e1,
+ 0x48084840,
+ 0x78394971,
+ 0x94178793,
+ 0xfc3cccf0,
+ 0x1c1e0e12,
+ 0x80028282,
+ 0x20210121,
+ 0x8c0c8c80,
+ 0x181b0b13,
+ 0x5c1f4f53,
+ 0x74374773,
+ 0x54144450,
+ 0xb03282b2,
+ 0x1c1d0d11,
+ 0x24250521,
+ 0x4c0f4f43,
+ 0x00000000,
+ 0x44064642,
+ 0xec2dcde1,
+ 0x58184850,
+ 0x50124252,
+ 0xe82bcbe3,
+ 0x7c3e4e72,
+ 0xd81acad2,
+ 0xc809c9c1,
+ 0xfc3dcdf1,
+ 0x30300030,
+ 0x94158591,
+ 0x64254561,
+ 0x3c3c0c30,
+ 0xb43686b2,
+ 0xe424c4e0,
+ 0xb83b8bb3,
+ 0x7c3c4c70,
+ 0x0c0e0e02,
+ 0x50104050,
+ 0x38390931,
+ 0x24260622,
+ 0x30320232,
+ 0x84048480,
+ 0x68294961,
+ 0x90138393,
+ 0x34370733,
+ 0xe427c7e3,
+ 0x24240420,
+ 0xa42484a0,
+ 0xc80bcbc3,
+ 0x50134353,
+ 0x080a0a02,
+ 0x84078783,
+ 0xd819c9d1,
+ 0x4c0c4c40,
+ 0x80038383,
+ 0x8c0f8f83,
+ 0xcc0ecec2,
+ 0x383b0b33,
+ 0x480a4a42,
+ 0xb43787b3}, {
+ 0xa1a82989,
+ 0x81840585,
+ 0xd2d416c6,
+ 0xd3d013c3,
+ 0x50541444,
+ 0x111c1d0d,
+ 0xa0ac2c8c,
+ 0x21242505,
+ 0x515c1d4d,
+ 0x43400343,
+ 0x10181808,
+ 0x121c1e0e,
+ 0x51501141,
+ 0xf0fc3ccc,
+ 0xc2c80aca,
+ 0x63602343,
+ 0x20282808,
+ 0x40440444,
+ 0x20202000,
+ 0x919c1d8d,
+ 0xe0e020c0,
+ 0xe2e022c2,
+ 0xc0c808c8,
+ 0x13141707,
+ 0xa1a42585,
+ 0x838c0f8f,
+ 0x03000303,
+ 0x73783b4b,
+ 0xb3b83b8b,
+ 0x13101303,
+ 0xd2d012c2,
+ 0xe2ec2ece,
+ 0x70703040,
+ 0x808c0c8c,
+ 0x333c3f0f,
+ 0xa0a82888,
+ 0x32303202,
+ 0xd1dc1dcd,
+ 0xf2f436c6,
+ 0x70743444,
+ 0xe0ec2ccc,
+ 0x91941585,
+ 0x03080b0b,
+ 0x53541747,
+ 0x505c1c4c,
+ 0x53581b4b,
+ 0xb1bc3d8d,
+ 0x01000101,
+ 0x20242404,
+ 0x101c1c0c,
+ 0x73703343,
+ 0x90981888,
+ 0x10101000,
+ 0xc0cc0ccc,
+ 0xf2f032c2,
+ 0xd1d819c9,
+ 0x202c2c0c,
+ 0xe3e427c7,
+ 0x72703242,
+ 0x83800383,
+ 0x93981b8b,
+ 0xd1d011c1,
+ 0x82840686,
+ 0xc1c809c9,
+ 0x60602040,
+ 0x50501040,
+ 0xa3a02383,
+ 0xe3e82bcb,
+ 0x010c0d0d,
+ 0xb2b43686,
+ 0x929c1e8e,
+ 0x434c0f4f,
+ 0xb3b43787,
+ 0x52581a4a,
+ 0xc2c406c6,
+ 0x70783848,
+ 0xa2a42686,
+ 0x12101202,
+ 0xa3ac2f8f,
+ 0xd1d415c5,
+ 0x61602141,
+ 0xc3c003c3,
+ 0xb0b43484,
+ 0x41400141,
+ 0x52501242,
+ 0x717c3d4d,
+ 0x818c0d8d,
+ 0x00080808,
+ 0x131c1f0f,
+ 0x91981989,
+ 0x00000000,
+ 0x11181909,
+ 0x00040404,
+ 0x53501343,
+ 0xf3f437c7,
+ 0xe1e021c1,
+ 0xf1fc3dcd,
+ 0x72743646,
+ 0x232c2f0f,
+ 0x23242707,
+ 0xb0b03080,
+ 0x83880b8b,
+ 0x020c0e0e,
+ 0xa3a82b8b,
+ 0xa2a02282,
+ 0x626c2e4e,
+ 0x93901383,
+ 0x414c0d4d,
+ 0x61682949,
+ 0x707c3c4c,
+ 0x01080909,
+ 0x02080a0a,
+ 0xb3bc3f8f,
+ 0xe3ec2fcf,
+ 0xf3f033c3,
+ 0xc1c405c5,
+ 0x83840787,
+ 0x10141404,
+ 0xf2fc3ece,
+ 0x60642444,
+ 0xd2dc1ece,
+ 0x222c2e0e,
+ 0x43480b4b,
+ 0x12181a0a,
+ 0x02040606,
+ 0x21202101,
+ 0x63682b4b,
+ 0x62642646,
+ 0x02000202,
+ 0xf1f435c5,
+ 0x92901282,
+ 0x82880a8a,
+ 0x000c0c0c,
+ 0xb3b03383,
+ 0x727c3e4e,
+ 0xd0d010c0,
+ 0x72783a4a,
+ 0x43440747,
+ 0x92941686,
+ 0xe1e425c5,
+ 0x22242606,
+ 0x80800080,
+ 0xa1ac2d8d,
+ 0xd3dc1fcf,
+ 0xa1a02181,
+ 0x30303000,
+ 0x33343707,
+ 0xa2ac2e8e,
+ 0x32343606,
+ 0x11141505,
+ 0x22202202,
+ 0x30383808,
+ 0xf0f434c4,
+ 0xa3a42787,
+ 0x41440545,
+ 0x404c0c4c,
+ 0x81800181,
+ 0xe1e829c9,
+ 0x80840484,
+ 0x93941787,
+ 0x31343505,
+ 0xc3c80bcb,
+ 0xc2cc0ece,
+ 0x303c3c0c,
+ 0x71703141,
+ 0x11101101,
+ 0xc3c407c7,
+ 0x81880989,
+ 0x71743545,
+ 0xf3f83bcb,
+ 0xd2d81aca,
+ 0xf0f838c8,
+ 0x90941484,
+ 0x51581949,
+ 0x82800282,
+ 0xc0c404c4,
+ 0xf3fc3fcf,
+ 0x41480949,
+ 0x31383909,
+ 0x63642747,
+ 0xc0c000c0,
+ 0xc3cc0fcf,
+ 0xd3d417c7,
+ 0xb0b83888,
+ 0x030c0f0f,
+ 0x828c0e8e,
+ 0x42400242,
+ 0x23202303,
+ 0x91901181,
+ 0x606c2c4c,
+ 0xd3d81bcb,
+ 0xa0a42484,
+ 0x30343404,
+ 0xf1f031c1,
+ 0x40480848,
+ 0xc2c002c2,
+ 0x636c2f4f,
+ 0x313c3d0d,
+ 0x212c2d0d,
+ 0x40400040,
+ 0xb2bc3e8e,
+ 0x323c3e0e,
+ 0xb0bc3c8c,
+ 0xc1c001c1,
+ 0xa2a82a8a,
+ 0xb2b83a8a,
+ 0x424c0e4e,
+ 0x51541545,
+ 0x33383b0b,
+ 0xd0dc1ccc,
+ 0x60682848,
+ 0x737c3f4f,
+ 0x909c1c8c,
+ 0xd0d818c8,
+ 0x42480a4a,
+ 0x52541646,
+ 0x73743747,
+ 0xa0a02080,
+ 0xe1ec2dcd,
+ 0x42440646,
+ 0xb1b43585,
+ 0x23282b0b,
+ 0x61642545,
+ 0xf2f83aca,
+ 0xe3e023c3,
+ 0xb1b83989,
+ 0xb1b03181,
+ 0x939c1f8f,
+ 0x525c1e4e,
+ 0xf1f839c9,
+ 0xe2e426c6,
+ 0xb2b03282,
+ 0x31303101,
+ 0xe2e82aca,
+ 0x616c2d4d,
+ 0x535c1f4f,
+ 0xe0e424c4,
+ 0xf0f030c0,
+ 0xc1cc0dcd,
+ 0x80880888,
+ 0x12141606,
+ 0x32383a0a,
+ 0x50581848,
+ 0xd0d414c4,
+ 0x62602242,
+ 0x21282909,
+ 0x03040707,
+ 0x33303303,
+ 0xe0e828c8,
+ 0x13181b0b,
+ 0x01040505,
+ 0x71783949,
+ 0x90901080,
+ 0x62682a4a,
+ 0x22282a0a,
+ 0x92981a8a},
+{
+ 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, 0xcfc3cc0f, 0xced2dc1e,
+ 0x83b3b033, 0x88b0b838,
+ 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407, 0x44404404, 0x4f636c2f,
+ 0x4b63682b, 0x4b53581b,
+ 0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435, 0x09212829, 0x80a0a020,
+ 0xc2e2e022, 0x87a3a427,
+ 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, 0x0c101c1c, 0x8cb0bc3c,
+ 0x06323436, 0x4b43480b,
+ 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828, 0x07131417, 0xc4c0c404,
+ 0x06121416, 0xc4f0f434,
+ 0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416, 0x0f333c3f, 0x0d313c3d,
+ 0x8e828c0e, 0x88909818,
+ 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, 0x85a1a425, 0xc9f1f839,
+ 0x0d010c0d, 0xcfd3dc1f,
+ 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a, 0x07232427, 0x0f232c2f,
+ 0xc1f1f031, 0x42727032,
+ 0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000, 0x43737033, 0x47636427,
+ 0x8ca0ac2c, 0x8b83880b,
+ 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, 0xcac2c80a, 0x0c202c2c,
+ 0x8aa2a82a, 0x04303434,
+ 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829, 0x4d515c1d, 0x84909414,
+ 0x08101818, 0xc8f0f838,
+ 0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405, 0x03131013, 0xcdc1cc0d,
+ 0x86828406, 0x89b1b839,
+ 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, 0xc5f1f435, 0x8a82880a,
+ 0x4a62682a, 0x81b1b031,
+ 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002, 0x02222022, 0x04000404,
+ 0x48606828, 0x41717031,
+ 0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819, 0x41616021, 0x8eb2bc3e,
+ 0xc6e2e426, 0x49515819,
+ 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, 0x8a92981a, 0x83a3a023,
+ 0x8ba3a82b, 0xc0d0d010,
+ 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a, 0xc3e3e023, 0xcce0ec2c,
+ 0x8d818c0d, 0x8fb3bc3f,
+ 0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022, 0x81a1a021, 0x43636023,
+ 0x03232023, 0x4d414c0d,
+ 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, 0x0c000c0c, 0x0e222c2e,
+ 0x8ab2b83a, 0x4e626c2e,
+ 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012, 0xc3f3f033, 0x49414809,
+ 0x48707838, 0xccc0cc0c,
+ 0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435, 0x4f737c3f, 0x05313435,
+ 0x00101010, 0x03030003,
+ 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, 0xc5d1d415, 0x84b0b434,
+ 0xcae2e82a, 0x09010809,
+ 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000, 0x02121012, 0xc0e0e020,
+ 0x8db1bc3d, 0x05010405,
+ 0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a, 0x4e525c1e, 0x89a1a829,
+ 0x46525416, 0x43434003,
+ 0x85818405, 0x04101414, 0x89818809, 0x8b93981b, 0x80b0b030, 0xc5e1e425,
+ 0x48404808, 0x49717839,
+ 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002, 0x01212021, 0x8c808c0c,
+ 0x0b13181b, 0x4f535c1f,
+ 0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d, 0x05212425, 0x4f434c0f,
+ 0x00000000, 0x46424406,
+ 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, 0x4e727c3e, 0xcad2d81a,
+ 0xc9c1c809, 0xcdf1fc3d,
+ 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c, 0x86b2b436, 0xc4e0e424,
+ 0x8bb3b83b, 0x4c707c3c,
+ 0x0e020c0e, 0x40505010, 0x09313839, 0x06222426, 0x02323032, 0x84808404,
+ 0x49616829, 0x83939013,
+ 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, 0xcbc3c80b, 0x43535013,
+ 0x0a02080a, 0x87838407,
+ 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f, 0xcec2cc0e, 0x0b33383b,
+ 0x4a42480a, 0x87b3b437}
+};
+
+/* key schedule constants - golden ratio */
+# define KC0 0x9e3779b9
+# define KC1 0x3c6ef373
+# define KC2 0x78dde6e6
+# define KC3 0xf1bbcdcc
+# define KC4 0xe3779b99
+# define KC5 0xc6ef3733
+# define KC6 0x8dde6e67
+# define KC7 0x1bbcdccf
+# define KC8 0x3779b99e
+# define KC9 0x6ef3733c
+# define KC10 0xdde6e678
+# define KC11 0xbbcdccf1
+# define KC12 0x779b99e3
+# define KC13 0xef3733c6
+# define KC14 0xde6e678d
+# define KC15 0xbcdccf1b
+
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+ SEED_KEY_SCHEDULE *ks)
+{
+ seed_word x1, x2, x3, x4;
+ seed_word t0, t1;
+
+ char2word(rawkey, x1);
+ char2word(rawkey + 4, x2);
+ char2word(rawkey + 8, x3);
+ char2word(rawkey + 12, x4);
+
+ t0 = (x1 + x3 - KC0) & 0xffffffff;
+ t1 = (x2 - x4 + KC0) & 0xffffffff;
+ KEYUPDATE_TEMP(t0, t1, &ks->data[0]);
+ KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[2]);
+ KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[4]);
+ KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[6]);
+ KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[8]);
+ KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC5);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[10]);
+ KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC6);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[12]);
+ KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC7);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[14]);
+ KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC8);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[16]);
+ KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC9);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[18]);
+ KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC10);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[20]);
+ KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC11);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[22]);
+ KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC12);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[24]);
+ KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[26]);
+ KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[28]);
+ KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15);
+ KEYUPDATE_TEMP(t0, t1, &ks->data[30]);
+}
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+ unsigned char d[SEED_BLOCK_SIZE],
+ const SEED_KEY_SCHEDULE *ks)
+{
+ seed_word x1, x2, x3, x4;
+ seed_word t0, t1;
+
+ char2word(s, x1);
+ char2word(s + 4, x2);
+ char2word(s + 8, x3);
+ char2word(s + 12, x4);
+
+ E_SEED(t0, t1, x1, x2, x3, x4, 0);
+ E_SEED(t0, t1, x3, x4, x1, x2, 2);
+ E_SEED(t0, t1, x1, x2, x3, x4, 4);
+ E_SEED(t0, t1, x3, x4, x1, x2, 6);
+ E_SEED(t0, t1, x1, x2, x3, x4, 8);
+ E_SEED(t0, t1, x3, x4, x1, x2, 10);
+ E_SEED(t0, t1, x1, x2, x3, x4, 12);
+ E_SEED(t0, t1, x3, x4, x1, x2, 14);
+ E_SEED(t0, t1, x1, x2, x3, x4, 16);
+ E_SEED(t0, t1, x3, x4, x1, x2, 18);
+ E_SEED(t0, t1, x1, x2, x3, x4, 20);
+ E_SEED(t0, t1, x3, x4, x1, x2, 22);
+ E_SEED(t0, t1, x1, x2, x3, x4, 24);
+ E_SEED(t0, t1, x3, x4, x1, x2, 26);
+ E_SEED(t0, t1, x1, x2, x3, x4, 28);
+ E_SEED(t0, t1, x3, x4, x1, x2, 30);
+
+ word2char(x3, d);
+ word2char(x4, d + 4);
+ word2char(x1, d + 8);
+ word2char(x2, d + 12);
+}
+
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+ unsigned char d[SEED_BLOCK_SIZE],
+ const SEED_KEY_SCHEDULE *ks)
+{
+ seed_word x1, x2, x3, x4;
+ seed_word t0, t1;
+
+ char2word(s, x1);
+ char2word(s + 4, x2);
+ char2word(s + 8, x3);
+ char2word(s + 12, x4);
+
+ E_SEED(t0, t1, x1, x2, x3, x4, 30);
+ E_SEED(t0, t1, x3, x4, x1, x2, 28);
+ E_SEED(t0, t1, x1, x2, x3, x4, 26);
+ E_SEED(t0, t1, x3, x4, x1, x2, 24);
+ E_SEED(t0, t1, x1, x2, x3, x4, 22);
+ E_SEED(t0, t1, x3, x4, x1, x2, 20);
+ E_SEED(t0, t1, x1, x2, x3, x4, 18);
+ E_SEED(t0, t1, x3, x4, x1, x2, 16);
+ E_SEED(t0, t1, x1, x2, x3, x4, 14);
+ E_SEED(t0, t1, x3, x4, x1, x2, 12);
+ E_SEED(t0, t1, x1, x2, x3, x4, 10);
+ E_SEED(t0, t1, x3, x4, x1, x2, 8);
+ E_SEED(t0, t1, x1, x2, x3, x4, 6);
+ E_SEED(t0, t1, x3, x4, x1, x2, 4);
+ E_SEED(t0, t1, x1, x2, x3, x4, 2);
+ E_SEED(t0, t1, x3, x4, x1, x2, 0);
+
+ word2char(x3, d);
+ word2char(x4, d + 4);
+ word2char(x1, d + 8);
+ word2char(x2, d + 12);
+}
+
+#endif /* OPENSSL_NO_SEED */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/seed/seed.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,135 +0,0 @@
-/*
- * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Neither the name of author nor the names of its contributors may
- * be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#ifndef HEADER_SEED_H
-#define HEADER_SEED_H
-
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_NO_SEED
-#error SEED is disabled.
-#endif
-
-#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */
-# ifndef SEED_LONG
-# define SEED_LONG 1
-# endif
-#endif
-
-#if !defined(NO_SYS_TYPES_H)
-# include <sys/types.h>
-#endif
-
-#define SEED_BLOCK_SIZE 16
-#define SEED_KEY_LENGTH 16
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-typedef struct seed_key_st {
-#ifdef SEED_LONG
- unsigned long data[32];
-#else
- unsigned int data[32];
-#endif
-} SEED_KEY_SCHEDULE;
-
-
-void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
-
-void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
-void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
-
-void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc);
-void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
- size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int enc);
-void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
- size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc);
-void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
- size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* HEADER_SEED_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.h (from rev 6976, vendor-crypto/openssl/dist/crypto/seed/seed.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SEED_H
+# define HEADER_SEED_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_SEED
+# error SEED is disabled.
+# endif
+
+/* look whether we need 'long' to get 32 bits */
+# ifdef AES_LONG
+# ifndef SEED_LONG
+# define SEED_LONG 1
+# endif
+# endif
+
+# if !defined(NO_SYS_TYPES_H)
+# include <sys/types.h>
+# endif
+
+# define SEED_BLOCK_SIZE 16
+# define SEED_KEY_LENGTH 16
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct seed_key_st {
+# ifdef SEED_LONG
+ unsigned long data[32];
+# else
+ unsigned int data[32];
+# endif
+} SEED_KEY_SCHEDULE;
+
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+ SEED_KEY_SCHEDULE *ks);
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+ unsigned char d[SEED_BLOCK_SIZE],
+ const SEED_KEY_SCHEDULE *ks);
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+ unsigned char d[SEED_BLOCK_SIZE],
+ const SEED_KEY_SCHEDULE *ks);
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const SEED_KEY_SCHEDULE *ks, int enc);
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
+ const SEED_KEY_SCHEDULE *ks,
+ unsigned char ivec[SEED_BLOCK_SIZE], int enc);
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const SEED_KEY_SCHEDULE *ks,
+ unsigned char ivec[SEED_BLOCK_SIZE], int *num,
+ int enc);
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const SEED_KEY_SCHEDULE *ks,
+ unsigned char ivec[SEED_BLOCK_SIZE], int *num);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_SEED_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/seed/seed_cbc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,129 +0,0 @@
-/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include "seed_locl.h"
-#include <string.h>
-
-void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
- size_t len, const SEED_KEY_SCHEDULE *ks,
- unsigned char ivec[SEED_BLOCK_SIZE], int enc)
- {
- size_t n;
- unsigned char tmp[SEED_BLOCK_SIZE];
- const unsigned char *iv = ivec;
-
- if (enc)
- {
- while (len >= SEED_BLOCK_SIZE)
- {
- for (n = 0; n < SEED_BLOCK_SIZE; ++n)
- out[n] = in[n] ^ iv[n];
- SEED_encrypt(out, out, ks);
- iv = out;
- len -= SEED_BLOCK_SIZE;
- in += SEED_BLOCK_SIZE;
- out += SEED_BLOCK_SIZE;
- }
- if (len)
- {
- for (n = 0; n < len; ++n)
- out[n] = in[n] ^ iv[n];
- for (n = len; n < SEED_BLOCK_SIZE; ++n)
- out[n] = iv[n];
- SEED_encrypt(out, out, ks);
- iv = out;
- }
- memcpy(ivec, iv, SEED_BLOCK_SIZE);
- }
- else if (in != out) /* decrypt */
- {
- while (len >= SEED_BLOCK_SIZE)
- {
- SEED_decrypt(in, out, ks);
- for (n = 0; n < SEED_BLOCK_SIZE; ++n)
- out[n] ^= iv[n];
- iv = in;
- len -= SEED_BLOCK_SIZE;
- in += SEED_BLOCK_SIZE;
- out += SEED_BLOCK_SIZE;
- }
- if (len)
- {
- SEED_decrypt(in, tmp, ks);
- for (n = 0; n < len; ++n)
- out[n] = tmp[n] ^ iv[n];
- iv = in;
- }
- memcpy(ivec, iv, SEED_BLOCK_SIZE);
- }
- else /* decrypt, overlap */
- {
- while (len >= SEED_BLOCK_SIZE)
- {
- memcpy(tmp, in, SEED_BLOCK_SIZE);
- SEED_decrypt(in, out, ks);
- for (n = 0; n < SEED_BLOCK_SIZE; ++n)
- out[n] ^= ivec[n];
- memcpy(ivec, tmp, SEED_BLOCK_SIZE);
- len -= SEED_BLOCK_SIZE;
- in += SEED_BLOCK_SIZE;
- out += SEED_BLOCK_SIZE;
- }
- if (len)
- {
- memcpy(tmp, in, SEED_BLOCK_SIZE);
- SEED_decrypt(tmp, tmp, ks);
- for (n = 0; n < len; ++n)
- out[n] = tmp[n] ^ ivec[n];
- memcpy(ivec, tmp, SEED_BLOCK_SIZE);
- }
- }
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cbc.c (from rev 6976, vendor-crypto/openssl/dist/crypto/seed/seed_cbc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cbc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,119 @@
+/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include "seed_locl.h"
+#include <string.h>
+
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const SEED_KEY_SCHEDULE *ks,
+ unsigned char ivec[SEED_BLOCK_SIZE], int enc)
+{
+ size_t n;
+ unsigned char tmp[SEED_BLOCK_SIZE];
+ const unsigned char *iv = ivec;
+
+ if (enc) {
+ while (len >= SEED_BLOCK_SIZE) {
+ for (n = 0; n < SEED_BLOCK_SIZE; ++n)
+ out[n] = in[n] ^ iv[n];
+ SEED_encrypt(out, out, ks);
+ iv = out;
+ len -= SEED_BLOCK_SIZE;
+ in += SEED_BLOCK_SIZE;
+ out += SEED_BLOCK_SIZE;
+ }
+ if (len) {
+ for (n = 0; n < len; ++n)
+ out[n] = in[n] ^ iv[n];
+ for (n = len; n < SEED_BLOCK_SIZE; ++n)
+ out[n] = iv[n];
+ SEED_encrypt(out, out, ks);
+ iv = out;
+ }
+ memcpy(ivec, iv, SEED_BLOCK_SIZE);
+ } else if (in != out) { /* decrypt */
+ while (len >= SEED_BLOCK_SIZE) {
+ SEED_decrypt(in, out, ks);
+ for (n = 0; n < SEED_BLOCK_SIZE; ++n)
+ out[n] ^= iv[n];
+ iv = in;
+ len -= SEED_BLOCK_SIZE;
+ in += SEED_BLOCK_SIZE;
+ out += SEED_BLOCK_SIZE;
+ }
+ if (len) {
+ SEED_decrypt(in, tmp, ks);
+ for (n = 0; n < len; ++n)
+ out[n] = tmp[n] ^ iv[n];
+ iv = in;
+ }
+ memcpy(ivec, iv, SEED_BLOCK_SIZE);
+ } else { /* decrypt, overlap */
+
+ while (len >= SEED_BLOCK_SIZE) {
+ memcpy(tmp, in, SEED_BLOCK_SIZE);
+ SEED_decrypt(in, out, ks);
+ for (n = 0; n < SEED_BLOCK_SIZE; ++n)
+ out[n] ^= ivec[n];
+ memcpy(ivec, tmp, SEED_BLOCK_SIZE);
+ len -= SEED_BLOCK_SIZE;
+ in += SEED_BLOCK_SIZE;
+ out += SEED_BLOCK_SIZE;
+ }
+ if (len) {
+ memcpy(tmp, in, SEED_BLOCK_SIZE);
+ SEED_decrypt(tmp, tmp, ks);
+ for (n = 0; n < len; ++n)
+ out[n] = tmp[n] ^ ivec[n];
+ memcpy(ivec, tmp, SEED_BLOCK_SIZE);
+ }
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cfb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/seed/seed_cfb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cfb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,144 +0,0 @@
-/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "seed_locl.h"
-#include <string.h>
-
-void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
- size_t len, const SEED_KEY_SCHEDULE *ks,
- unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc)
- {
- int n;
- unsigned char c;
-
- n = *num;
-
- if (enc)
- {
- while (len--)
- {
- if (n == 0)
- SEED_encrypt(ivec, ivec, ks);
- ivec[n] = *(out++) = *(in++) ^ ivec[n];
- n = (n+1) % SEED_BLOCK_SIZE;
- }
- }
- else
- {
- while (len--)
- {
- if (n == 0)
- SEED_encrypt(ivec, ivec, ks);
- c = *(in);
- *(out++) = *(in++) ^ ivec[n];
- ivec[n] = c;
- n = (n+1) % SEED_BLOCK_SIZE;
- }
- }
-
- *num = n;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cfb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/seed/seed_cfb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cfb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_cfb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,140 @@
+/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "seed_locl.h"
+#include <string.h>
+
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const SEED_KEY_SCHEDULE *ks,
+ unsigned char ivec[SEED_BLOCK_SIZE], int *num,
+ int enc)
+{
+ int n;
+ unsigned char c;
+
+ n = *num;
+
+ if (enc) {
+ while (len--) {
+ if (n == 0)
+ SEED_encrypt(ivec, ivec, ks);
+ ivec[n] = *(out++) = *(in++) ^ ivec[n];
+ n = (n + 1) % SEED_BLOCK_SIZE;
+ }
+ } else {
+ while (len--) {
+ if (n == 0)
+ SEED_encrypt(ivec, ivec, ks);
+ c = *(in);
+ *(out++) = *(in++) ^ ivec[n];
+ ivec[n] = c;
+ n = (n + 1) % SEED_BLOCK_SIZE;
+ }
+ }
+
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ecb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/seed/seed_ecb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,60 +0,0 @@
-/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/seed.h>
-
-void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc)
- {
- if (enc)
- SEED_encrypt(in, out, ks);
- else
- SEED_decrypt(in, out, ks);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ecb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/seed/seed_ecb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ecb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ecb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,61 @@
+/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/seed.h>
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const SEED_KEY_SCHEDULE *ks, int enc)
+{
+ if (enc)
+ SEED_encrypt(in, out, ks);
+ else
+ SEED_decrypt(in, out, ks);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/seed/seed_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,116 +0,0 @@
-/*
- * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Neither the name of author nor the names of its contributors may
- * be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-#ifndef HEADER_SEED_LOCL_H
-#define HEADER_SEED_LOCL_H
-
-#include "openssl/e_os2.h"
-#include <openssl/seed.h>
-
-
-#ifdef SEED_LONG /* need 32-bit type */
-typedef unsigned long seed_word;
-#else
-typedef unsigned int seed_word;
-#endif
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define G_FUNC(v) \
- SS[0][(unsigned char) (v) & 0xff] ^ SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \
- SS[2][(unsigned char)((v)>>16) & 0xff] ^ SS[3][(unsigned char)((v)>>24) & 0xff]
-
-#define char2word(c, i) \
- (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3]))
-
-#define word2char(l, c) \
- *((c)+0) = (unsigned char)((l)>>24) & 0xff; \
- *((c)+1) = (unsigned char)((l)>>16) & 0xff; \
- *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \
- *((c)+3) = (unsigned char)((l)) & 0xff
-
-#define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC) \
- (T0) = (X3); \
- (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff; \
- (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff; \
- (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \
- (T1) = ((X2) + (KC) - (X4)) & 0xffffffff
-
-#define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC) \
- (T0) = (X1); \
- (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff; \
- (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff; \
- (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \
- (T1) = ((X2) + (KC) - (X4)) & 0xffffffff
-
-#define KEYUPDATE_TEMP(T0, T1, K) \
- (K)[0] = G_FUNC((T0)); \
- (K)[1] = G_FUNC((T1))
-
-#define XOR_SEEDBLOCK(DST, SRC) \
- ((DST))[0] ^= ((SRC))[0]; \
- ((DST))[1] ^= ((SRC))[1]; \
- ((DST))[2] ^= ((SRC))[2]; \
- ((DST))[3] ^= ((SRC))[3]
-
-#define MOV_SEEDBLOCK(DST, SRC) \
- ((DST))[0] = ((SRC))[0]; \
- ((DST))[1] = ((SRC))[1]; \
- ((DST))[2] = ((SRC))[2]; \
- ((DST))[3] = ((SRC))[3]
-
-# define CHAR2WORD(C, I) \
- char2word((C), (I)[0]); \
- char2word((C+4), (I)[1]); \
- char2word((C+8), (I)[2]); \
- char2word((C+12), (I)[3])
-
-# define WORD2CHAR(I, C) \
- word2char((I)[0], (C)); \
- word2char((I)[1], (C+4)); \
- word2char((I)[2], (C+8)); \
- word2char((I)[3], (C+12))
-
-# define E_SEED(T0, T1, X1, X2, X3, X4, rbase) \
- (T0) = (X3) ^ (ks->data)[(rbase)]; \
- (T1) = (X4) ^ (ks->data)[(rbase)+1]; \
- (T1) ^= (T0); \
- (T1) = G_FUNC((T1)); \
- (T0) = ((T0) + (T1)) & 0xffffffff; \
- (T0) = G_FUNC((T0)); \
- (T1) = ((T1) + (T0)) & 0xffffffff; \
- (T1) = G_FUNC((T1)); \
- (T0) = ((T0) + (T1)) & 0xffffffff; \
- (X1) ^= (T0); \
- (X2) ^= (T1)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* HEADER_SEED_LOCL_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/seed/seed_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef HEADER_SEED_LOCL_H
+# define HEADER_SEED_LOCL_H
+
+# include "openssl/e_os2.h"
+# include <openssl/seed.h>
+
+# ifdef SEED_LONG /* need 32-bit type */
+typedef unsigned long seed_word;
+# else
+typedef unsigned int seed_word;
+# endif
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define G_FUNC(v) \
+ SS[0][(unsigned char) (v) & 0xff] ^ SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \
+ SS[2][(unsigned char)((v)>>16) & 0xff] ^ SS[3][(unsigned char)((v)>>24) & 0xff]
+
+# define char2word(c, i) \
+ (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3]))
+
+# define word2char(l, c) \
+ *((c)+0) = (unsigned char)((l)>>24) & 0xff; \
+ *((c)+1) = (unsigned char)((l)>>16) & 0xff; \
+ *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \
+ *((c)+3) = (unsigned char)((l)) & 0xff
+
+# define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC) \
+ (T0) = (X3); \
+ (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff; \
+ (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff; \
+ (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \
+ (T1) = ((X2) + (KC) - (X4)) & 0xffffffff
+
+# define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC) \
+ (T0) = (X1); \
+ (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff; \
+ (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff; \
+ (T0) = ((X1) + (X3) - (KC)) & 0xffffffff; \
+ (T1) = ((X2) + (KC) - (X4)) & 0xffffffff
+
+# define KEYUPDATE_TEMP(T0, T1, K) \
+ (K)[0] = G_FUNC((T0)); \
+ (K)[1] = G_FUNC((T1))
+
+# define XOR_SEEDBLOCK(DST, SRC) \
+ ((DST))[0] ^= ((SRC))[0]; \
+ ((DST))[1] ^= ((SRC))[1]; \
+ ((DST))[2] ^= ((SRC))[2]; \
+ ((DST))[3] ^= ((SRC))[3]
+
+# define MOV_SEEDBLOCK(DST, SRC) \
+ ((DST))[0] = ((SRC))[0]; \
+ ((DST))[1] = ((SRC))[1]; \
+ ((DST))[2] = ((SRC))[2]; \
+ ((DST))[3] = ((SRC))[3]
+
+# define CHAR2WORD(C, I) \
+ char2word((C), (I)[0]); \
+ char2word((C+4), (I)[1]); \
+ char2word((C+8), (I)[2]); \
+ char2word((C+12), (I)[3])
+
+# define WORD2CHAR(I, C) \
+ word2char((I)[0], (C)); \
+ word2char((I)[1], (C+4)); \
+ word2char((I)[2], (C+8)); \
+ word2char((I)[3], (C+12))
+
+# define E_SEED(T0, T1, X1, X2, X3, X4, rbase) \
+ (T0) = (X3) ^ (ks->data)[(rbase)]; \
+ (T1) = (X4) ^ (ks->data)[(rbase)+1]; \
+ (T1) ^= (T0); \
+ (T1) = G_FUNC((T1)); \
+ (T0) = ((T0) + (T1)) & 0xffffffff; \
+ (T0) = G_FUNC((T0)); \
+ (T1) = ((T1) + (T0)) & 0xffffffff; \
+ (T1) = G_FUNC((T1)); \
+ (T0) = ((T0) + (T1)) & 0xffffffff; \
+ (X1) ^= (T0); \
+ (X2) ^= (T1)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_SEED_LOCL_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ofb.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/seed/seed_ofb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ofb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,128 +0,0 @@
-/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "seed_locl.h"
-#include <string.h>
-
-void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
- size_t len, const SEED_KEY_SCHEDULE *ks,
- unsigned char ivec[SEED_BLOCK_SIZE], int *num)
- {
- int n;
-
- n = *num;
-
- while (len--)
- {
- if (n == 0)
- SEED_encrypt(ivec, ivec, ks);
- *(out++) = *(in++) ^ ivec[n];
- n = (n+1) % SEED_BLOCK_SIZE;
- }
-
- *num = n;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ofb.c (from rev 6976, vendor-crypto/openssl/dist/crypto/seed/seed_ofb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ofb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/seed/seed_ofb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,127 @@
+/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "seed_locl.h"
+#include <string.h>
+
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+ size_t len, const SEED_KEY_SCHEDULE *ks,
+ unsigned char ivec[SEED_BLOCK_SIZE], int *num)
+{
+ int n;
+
+ n = *num;
+
+ while (len--) {
+ if (n == 0)
+ SEED_encrypt(ivec, ivec, ks);
+ *(out++) = *(in++) ^ ivec[n];
+ n = (n + 1) % SEED_BLOCK_SIZE;
+ }
+
+ *num = n;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,124 +0,0 @@
-/* crypto/sha/sha.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/sha.h>
-
-#define BUFSIZE 1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-int read(int, void *, unsigned int);
-int main(int argc, char **argv)
- {
- int i,err=0;
- FILE *IN;
-
- if (argc == 1)
- {
- do_fp(stdin);
- }
- else
- {
- for (i=1; i<argc; i++)
- {
- IN=fopen(argv[i],"r");
- if (IN == NULL)
- {
- perror(argv[i]);
- err++;
- continue;
- }
- printf("SHA(%s)= ",argv[i]);
- do_fp(IN);
- fclose(IN);
- }
- }
- exit(err);
- }
-
-void do_fp(FILE *f)
- {
- SHA_CTX c;
- unsigned char md[SHA_DIGEST_LENGTH];
- int fd;
- int i;
- unsigned char buf[BUFSIZE];
-
- fd=fileno(f);
- SHA_Init(&c);
- for (;;)
- {
- i=read(fd,buf,BUFSIZE);
- if (i <= 0) break;
- SHA_Update(&c,buf,(unsigned long)i);
- }
- SHA_Final(&(md[0]),&c);
- pt(md);
- }
-
-void pt(unsigned char *md)
- {
- int i;
-
- for (i=0; i<SHA_DIGEST_LENGTH; i++)
- printf("%02x",md[i]);
- printf("\n");
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.c (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,118 @@
+/* crypto/sha/sha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/sha.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+int main(int argc, char **argv)
+{
+ int i, err = 0;
+ FILE *IN;
+
+ if (argc == 1) {
+ do_fp(stdin);
+ } else {
+ for (i = 1; i < argc; i++) {
+ IN = fopen(argv[i], "r");
+ if (IN == NULL) {
+ perror(argv[i]);
+ err++;
+ continue;
+ }
+ printf("SHA(%s)= ", argv[i]);
+ do_fp(IN);
+ fclose(IN);
+ }
+ }
+ exit(err);
+}
+
+void do_fp(FILE *f)
+{
+ SHA_CTX c;
+ unsigned char md[SHA_DIGEST_LENGTH];
+ int fd;
+ int i;
+ unsigned char buf[BUFSIZE];
+
+ fd = fileno(f);
+ SHA_Init(&c);
+ for (;;) {
+ i = read(fd, buf, BUFSIZE);
+ if (i <= 0)
+ break;
+ SHA_Update(&c, buf, (unsigned long)i);
+ }
+ SHA_Final(&(md[0]), &c);
+ pt(md);
+}
+
+void pt(unsigned char *md)
+{
+ int i;
+
+ for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+ printf("%02x", md[i]);
+ printf("\n");
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,203 +0,0 @@
-/* crypto/sha/sha.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SHA_H
-#define HEADER_SHA_H
-
-#include <openssl/e_os2.h>
-#include <stddef.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
-#error SHA is disabled.
-#endif
-
-#if defined(OPENSSL_FIPS)
-#define FIPS_SHA_SIZE_T size_t
-#endif
-
-/*
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
- * ! SHA_LONG_LOG2 has to be defined along. !
- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
- */
-
-#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
-#define SHA_LONG unsigned long
-#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
-#define SHA_LONG unsigned long
-#define SHA_LONG_LOG2 3
-#else
-#define SHA_LONG unsigned int
-#endif
-
-#define SHA_LBLOCK 16
-#define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a
- * contiguous array of 32 bit
- * wide big-endian values. */
-#define SHA_LAST_BLOCK (SHA_CBLOCK-8)
-#define SHA_DIGEST_LENGTH 20
-
-typedef struct SHAstate_st
- {
- SHA_LONG h0,h1,h2,h3,h4;
- SHA_LONG Nl,Nh;
- SHA_LONG data[SHA_LBLOCK];
- unsigned int num;
- } SHA_CTX;
-
-#ifndef OPENSSL_NO_SHA0
-#ifdef OPENSSL_FIPS
-int private_SHA_Init(SHA_CTX *c);
-#endif
-int SHA_Init(SHA_CTX *c);
-int SHA_Update(SHA_CTX *c, const void *data, size_t len);
-int SHA_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
-void SHA_Transform(SHA_CTX *c, const unsigned char *data);
-#endif
-#ifndef OPENSSL_NO_SHA1
-int SHA1_Init(SHA_CTX *c);
-int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
-int SHA1_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
-void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
-#endif
-
-#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a
- * contiguous array of 32 bit
- * wide big-endian values. */
-#define SHA224_DIGEST_LENGTH 28
-#define SHA256_DIGEST_LENGTH 32
-
-typedef struct SHA256state_st
- {
- SHA_LONG h[8];
- SHA_LONG Nl,Nh;
- SHA_LONG data[SHA_LBLOCK];
- unsigned int num,md_len;
- } SHA256_CTX;
-
-#ifndef OPENSSL_NO_SHA256
-int SHA224_Init(SHA256_CTX *c);
-int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
-int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);
-int SHA256_Init(SHA256_CTX *c);
-int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
-int SHA256_Final(unsigned char *md, SHA256_CTX *c);
-unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);
-void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
-#endif
-
-#define SHA384_DIGEST_LENGTH 48
-#define SHA512_DIGEST_LENGTH 64
-
-#ifndef OPENSSL_NO_SHA512
-/*
- * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
- * being exactly 64-bit wide. See Implementation Notes in sha512.c
- * for further details.
- */
-#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a
- * contiguous array of 64 bit
- * wide big-endian values. */
-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-#define SHA_LONG64 unsigned __int64
-#define U64(C) C##UI64
-#elif defined(__arch64__)
-#define SHA_LONG64 unsigned long
-#define U64(C) C##UL
-#else
-#define SHA_LONG64 unsigned long long
-#define U64(C) C##ULL
-#endif
-
-typedef struct SHA512state_st
- {
- SHA_LONG64 h[8];
- SHA_LONG64 Nl,Nh;
- union {
- SHA_LONG64 d[SHA_LBLOCK];
- unsigned char p[SHA512_CBLOCK];
- } u;
- unsigned int num,md_len;
- } SHA512_CTX;
-#endif
-
-#ifndef OPENSSL_NO_SHA512
-int SHA384_Init(SHA512_CTX *c);
-int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
-int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);
-int SHA512_Init(SHA512_CTX *c);
-int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
-int SHA512_Final(unsigned char *md, SHA512_CTX *c);
-unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);
-void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.h (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,203 @@
+/* crypto/sha/sha.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SHA_H
+# define HEADER_SHA_H
+
+# include <openssl/e_os2.h>
+# include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
+# error SHA is disabled.
+# endif
+
+# if defined(OPENSSL_FIPS)
+# define FIPS_SHA_SIZE_T size_t
+# endif
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! SHA_LONG_LOG2 has to be defined along. !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+# if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+# define SHA_LONG unsigned long
+# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+# define SHA_LONG unsigned long
+# define SHA_LONG_LOG2 3
+# else
+# define SHA_LONG unsigned int
+# endif
+
+# define SHA_LBLOCK 16
+# define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a
+ * contiguous array of 32 bit wide
+ * big-endian values. */
+# define SHA_LAST_BLOCK (SHA_CBLOCK-8)
+# define SHA_DIGEST_LENGTH 20
+
+typedef struct SHAstate_st {
+ SHA_LONG h0, h1, h2, h3, h4;
+ SHA_LONG Nl, Nh;
+ SHA_LONG data[SHA_LBLOCK];
+ unsigned int num;
+} SHA_CTX;
+
+# ifndef OPENSSL_NO_SHA0
+# ifdef OPENSSL_FIPS
+int private_SHA_Init(SHA_CTX *c);
+# endif
+int SHA_Init(SHA_CTX *c);
+int SHA_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
+void SHA_Transform(SHA_CTX *c, const unsigned char *data);
+# endif
+# ifndef OPENSSL_NO_SHA1
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
+void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
+# endif
+
+# define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a
+ * contiguous array of 32 bit wide
+ * big-endian values. */
+# define SHA224_DIGEST_LENGTH 28
+# define SHA256_DIGEST_LENGTH 32
+
+typedef struct SHA256state_st {
+ SHA_LONG h[8];
+ SHA_LONG Nl, Nh;
+ SHA_LONG data[SHA_LBLOCK];
+ unsigned int num, md_len;
+} SHA256_CTX;
+
+# ifndef OPENSSL_NO_SHA256
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
+void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
+# endif
+
+# define SHA384_DIGEST_LENGTH 48
+# define SHA512_DIGEST_LENGTH 64
+
+# ifndef OPENSSL_NO_SHA512
+/*
+ * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
+ * being exactly 64-bit wide. See Implementation Notes in sha512.c
+ * for further details.
+ */
+/*
+ * SHA-512 treats input data as a
+ * contiguous array of 64 bit
+ * wide big-endian values.
+ */
+# define SHA512_CBLOCK (SHA_LBLOCK*8)
+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+# define SHA_LONG64 unsigned __int64
+# define U64(C) C##UI64
+# elif defined(__arch64__)
+# define SHA_LONG64 unsigned long
+# define U64(C) C##UL
+# else
+# define SHA_LONG64 unsigned long long
+# define U64(C) C##ULL
+# endif
+
+typedef struct SHA512state_st {
+ SHA_LONG64 h[8];
+ SHA_LONG64 Nl, Nh;
+ union {
+ SHA_LONG64 d[SHA_LBLOCK];
+ unsigned char p[SHA512_CBLOCK];
+ } u;
+ unsigned int num, md_len;
+} SHA512_CTX;
+# endif
+
+# ifndef OPENSSL_NO_SHA512
+int SHA384_Init(SHA512_CTX *c);
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md);
+int SHA512_Init(SHA512_CTX *c);
+int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
+# endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,127 +0,0 @@
-/* crypto/sha/sha1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/sha.h>
-
-#define BUFSIZE 1024*16
-
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-#ifndef _OSD_POSIX
-int read(int, void *, unsigned int);
-#endif
-
-int main(int argc, char **argv)
- {
- int i,err=0;
- FILE *IN;
-
- if (argc == 1)
- {
- do_fp(stdin);
- }
- else
- {
- for (i=1; i<argc; i++)
- {
- IN=fopen(argv[i],"r");
- if (IN == NULL)
- {
- perror(argv[i]);
- err++;
- continue;
- }
- printf("SHA1(%s)= ",argv[i]);
- do_fp(IN);
- fclose(IN);
- }
- }
- exit(err);
- }
-
-void do_fp(FILE *f)
- {
- SHA_CTX c;
- unsigned char md[SHA_DIGEST_LENGTH];
- int fd;
- int i;
- unsigned char buf[BUFSIZE];
-
- fd=fileno(f);
- SHA1_Init(&c);
- for (;;)
- {
- i=read(fd,buf,BUFSIZE);
- if (i <= 0) break;
- SHA1_Update(&c,buf,(unsigned long)i);
- }
- SHA1_Final(&(md[0]),&c);
- pt(md);
- }
-
-void pt(unsigned char *md)
- {
- int i;
-
- for (i=0; i<SHA_DIGEST_LENGTH; i++)
- printf("%02x",md[i]);
- printf("\n");
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1.c (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,121 @@
+/* crypto/sha/sha1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/sha.h>
+
+#define BUFSIZE 1024*16
+
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#ifndef _OSD_POSIX
+int read(int, void *, unsigned int);
+#endif
+
+int main(int argc, char **argv)
+{
+ int i, err = 0;
+ FILE *IN;
+
+ if (argc == 1) {
+ do_fp(stdin);
+ } else {
+ for (i = 1; i < argc; i++) {
+ IN = fopen(argv[i], "r");
+ if (IN == NULL) {
+ perror(argv[i]);
+ err++;
+ continue;
+ }
+ printf("SHA1(%s)= ", argv[i]);
+ do_fp(IN);
+ fclose(IN);
+ }
+ }
+ exit(err);
+}
+
+void do_fp(FILE *f)
+{
+ SHA_CTX c;
+ unsigned char md[SHA_DIGEST_LENGTH];
+ int fd;
+ int i;
+ unsigned char buf[BUFSIZE];
+
+ fd = fileno(f);
+ SHA1_Init(&c);
+ for (;;) {
+ i = read(fd, buf, BUFSIZE);
+ if (i <= 0)
+ break;
+ SHA1_Update(&c, buf, (unsigned long)i);
+ }
+ SHA1_Final(&(md[0]), &c);
+ pt(md);
+}
+
+void pt(unsigned char *md)
+{
+ int i;
+
+ for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+ printf("%02x", md[i]);
+ printf("\n");
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1_one.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha1_one.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,78 +0,0 @@
-/* crypto/sha/sha1_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/sha.h>
-#include <openssl/crypto.h>
-
-#if !defined(OPENSSL_NO_SHA1)
-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
- {
- SHA_CTX c;
- static unsigned char m[SHA_DIGEST_LENGTH];
-
- if (md == NULL) md=m;
- if (!SHA1_Init(&c))
- return NULL;
- SHA1_Update(&c,d,n);
- SHA1_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
- return(md);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1_one.c (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha1_one.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1_one.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,79 @@
+/* crypto/sha/sha1_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/sha.h>
+#include <openssl/crypto.h>
+
+#if !defined(OPENSSL_NO_SHA1)
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
+{
+ SHA_CTX c;
+ static unsigned char m[SHA_DIGEST_LENGTH];
+
+ if (md == NULL)
+ md = m;
+ if (!SHA1_Init(&c))
+ return NULL;
+ SHA1_Update(&c, d, n);
+ SHA1_Final(md, &c);
+ OPENSSL_cleanse(&c, sizeof(c));
+ return (md);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1dgst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha1dgst.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,78 +0,0 @@
-/* crypto/sha/sha1dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
-
-#undef SHA_0
-#define SHA_1
-
-#include <openssl/opensslv.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-
-const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
-
-/* The implementation is in ../md32_common.h */
-
-#include "sha_locl.h"
-
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1dgst.c (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha1dgst.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1dgst.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,76 @@
+/* crypto/sha/sha1dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h>
+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
+
+# undef SHA_0
+# define SHA_1
+
+# include <openssl/opensslv.h>
+# ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+# endif
+
+const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT;
+
+/* The implementation is in ../md32_common.h */
+
+# include "sha_locl.h"
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1test.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha1test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,178 +0,0 @@
-/* crypto/sha/sha1test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#ifdef OPENSSL_NO_SHA
-int main(int argc, char *argv[])
-{
- printf("No SHA support\n");
- return(0);
-}
-#else
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-#undef SHA_0 /* FIPS 180 */
-#define SHA_1 /* FIPS 180-1 */
-
-static char *test[]={
- "abc",
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- NULL,
- };
-
-#ifdef SHA_0
-static char *ret[]={
- "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
- "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
- };
-static char *bigret=
- "3232affa48628a26653b5aaa44541fd90d690603";
-#endif
-#ifdef SHA_1
-static char *ret[]={
- "a9993e364706816aba3e25717850c26c9cd0d89d",
- "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
- };
-static char *bigret=
- "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
-#endif
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
- {
- int i,err=0;
- char **P,**R;
- static unsigned char buf[1000];
- char *p,*r;
- EVP_MD_CTX c;
- unsigned char md[SHA_DIGEST_LENGTH];
-
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(test[0], test[0], strlen(test[0]));
- ebcdic2ascii(test[1], test[1], strlen(test[1]));
-#endif
-
- EVP_MD_CTX_init(&c);
- P=test;
- R=ret;
- i=1;
- while (*P != NULL)
- {
- EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha1(), NULL);
- p=pt(md);
- if (strcmp(p,(char *)*R) != 0)
- {
- printf("error calculating SHA1 on '%s'\n",*P);
- printf("got %s instead of %s\n",p,*R);
- err++;
- }
- else
- printf("test %d ok\n",i);
- i++;
- R++;
- P++;
- }
-
- memset(buf,'a',1000);
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(buf, buf, 1000);
-#endif /*CHARSET_EBCDIC*/
- EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
- for (i=0; i<1000; i++)
- EVP_DigestUpdate(&c,buf,1000);
- EVP_DigestFinal_ex(&c,md,NULL);
- p=pt(md);
-
- r=bigret;
- if (strcmp(p,r) != 0)
- {
- printf("error calculating SHA1 on 'a' * 1000\n");
- printf("got %s instead of %s\n",p,r);
- err++;
- }
- else
- printf("test 3 ok\n");
-
-#ifdef OPENSSL_SYS_NETWARE
- if (err) printf("ERROR: %d\n", err);
-#endif
- EXIT(err);
- EVP_MD_CTX_cleanup(&c);
- return(0);
- }
-
-static char *pt(unsigned char *md)
- {
- int i;
- static char buf[80];
-
- for (i=0; i<SHA_DIGEST_LENGTH; i++)
- sprintf(&(buf[i*2]),"%02x",md[i]);
- return(buf);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1test.c (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha1test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha1test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,174 @@
+/* crypto/sha/sha1test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_SHA
+int main(int argc, char *argv[])
+{
+ printf("No SHA support\n");
+ return (0);
+}
+#else
+# include <openssl/evp.h>
+# include <openssl/sha.h>
+
+# ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+# endif
+
+# undef SHA_0 /* FIPS 180 */
+# define SHA_1 /* FIPS 180-1 */
+
+static char *test[] = {
+ "abc",
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ NULL,
+};
+
+# ifdef SHA_0
+static char *ret[] = {
+ "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+ "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+};
+
+static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603";
+# endif
+# ifdef SHA_1
+static char *ret[] = {
+ "a9993e364706816aba3e25717850c26c9cd0d89d",
+ "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+};
+
+static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+# endif
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+ int i, err = 0;
+ char **P, **R;
+ static unsigned char buf[1000];
+ char *p, *r;
+ EVP_MD_CTX c;
+ unsigned char md[SHA_DIGEST_LENGTH];
+
+# ifdef CHARSET_EBCDIC
+ ebcdic2ascii(test[0], test[0], strlen(test[0]));
+ ebcdic2ascii(test[1], test[1], strlen(test[1]));
+# endif
+
+ EVP_MD_CTX_init(&c);
+ P = test;
+ R = ret;
+ i = 1;
+ while (*P != NULL) {
+ EVP_Digest(*P, strlen((char *)*P), md, NULL, EVP_sha1(), NULL);
+ p = pt(md);
+ if (strcmp(p, (char *)*R) != 0) {
+ printf("error calculating SHA1 on '%s'\n", *P);
+ printf("got %s instead of %s\n", p, *R);
+ err++;
+ } else
+ printf("test %d ok\n", i);
+ i++;
+ R++;
+ P++;
+ }
+
+ memset(buf, 'a', 1000);
+# ifdef CHARSET_EBCDIC
+ ebcdic2ascii(buf, buf, 1000);
+# endif /* CHARSET_EBCDIC */
+ EVP_DigestInit_ex(&c, EVP_sha1(), NULL);
+ for (i = 0; i < 1000; i++)
+ EVP_DigestUpdate(&c, buf, 1000);
+ EVP_DigestFinal_ex(&c, md, NULL);
+ p = pt(md);
+
+ r = bigret;
+ if (strcmp(p, r) != 0) {
+ printf("error calculating SHA1 on 'a' * 1000\n");
+ printf("got %s instead of %s\n", p, r);
+ err++;
+ } else
+ printf("test 3 ok\n");
+
+# ifdef OPENSSL_SYS_NETWARE
+ if (err)
+ printf("ERROR: %d\n", err);
+# endif
+ EXIT(err);
+ EVP_MD_CTX_cleanup(&c);
+ return (0);
+}
+
+static char *pt(unsigned char *md)
+{
+ int i;
+ static char buf[80];
+
+ for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+ sprintf(&(buf[i * 2]), "%02x", md[i]);
+ return (buf);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha256.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,292 +0,0 @@
-/* crypto/sha/sha256.c */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved
- * according to the OpenSSL license [found in ../../LICENSE].
- * ====================================================================
- */
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/crypto.h>
-#include <openssl/sha.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include <openssl/opensslv.h>
-
-const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
-
-int SHA224_Init (SHA256_CTX *c)
- {
-#ifdef OPENSSL_FIPS
- FIPS_selftest_check();
-#endif
- c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL;
- c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL;
- c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL;
- c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL;
- c->Nl=0; c->Nh=0;
- c->num=0; c->md_len=SHA224_DIGEST_LENGTH;
- return 1;
- }
-
-int SHA256_Init (SHA256_CTX *c)
- {
-#ifdef OPENSSL_FIPS
- FIPS_selftest_check();
-#endif
- c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL;
- c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL;
- c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL;
- c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL;
- c->Nl=0; c->Nh=0;
- c->num=0; c->md_len=SHA256_DIGEST_LENGTH;
- return 1;
- }
-
-unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
- {
- SHA256_CTX c;
- static unsigned char m[SHA224_DIGEST_LENGTH];
-
- if (md == NULL) md=m;
- SHA224_Init(&c);
- SHA256_Update(&c,d,n);
- SHA256_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
- return(md);
- }
-
-unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
- {
- SHA256_CTX c;
- static unsigned char m[SHA256_DIGEST_LENGTH];
-
- if (md == NULL) md=m;
- SHA256_Init(&c);
- SHA256_Update(&c,d,n);
- SHA256_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
- return(md);
- }
-
-int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
-{ return SHA256_Update (c,data,len); }
-int SHA224_Final (unsigned char *md, SHA256_CTX *c)
-{ return SHA256_Final (md,c); }
-
-#define DATA_ORDER_IS_BIG_ENDIAN
-
-#define HASH_LONG SHA_LONG
-#define HASH_CTX SHA256_CTX
-#define HASH_CBLOCK SHA_CBLOCK
-/*
- * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
- * default: case below covers for it. It's not clear however if it's
- * permitted to truncate to amount of bytes not divisible by 4. I bet not,
- * but if it is, then default: case shall be extended. For reference.
- * Idea behind separate cases for pre-defined lenghts is to let the
- * compiler decide if it's appropriate to unroll small loops.
- */
-#define HASH_MAKE_STRING(c,s) do { \
- unsigned long ll; \
- unsigned int xn; \
- switch ((c)->md_len) \
- { case SHA224_DIGEST_LENGTH: \
- for (xn=0;xn<SHA224_DIGEST_LENGTH/4;xn++) \
- { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \
- break; \
- case SHA256_DIGEST_LENGTH: \
- for (xn=0;xn<SHA256_DIGEST_LENGTH/4;xn++) \
- { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \
- break; \
- default: \
- if ((c)->md_len > SHA256_DIGEST_LENGTH) \
- return 0; \
- for (xn=0;xn<(c)->md_len/4;xn++) \
- { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \
- break; \
- } \
- } while (0)
-
-#define HASH_UPDATE SHA256_Update
-#define HASH_TRANSFORM SHA256_Transform
-#define HASH_FINAL SHA256_Final
-#define HASH_BLOCK_DATA_ORDER sha256_block_data_order
-#ifndef SHA256_ASM
-static
-#endif
-void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
-
-#include "md32_common.h"
-
-#ifndef SHA256_ASM
-static const SHA_LONG K256[64] = {
- 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,
- 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,
- 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL,
- 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL,
- 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL,
- 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL,
- 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL,
- 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL,
- 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL,
- 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL,
- 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL,
- 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL,
- 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL,
- 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL,
- 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL,
- 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL };
-
-/*
- * FIPS specification refers to right rotations, while our ROTATE macro
- * is left one. This is why you might notice that rotation coefficients
- * differ from those observed in FIPS document by 32-N...
- */
-#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
-#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
-#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
-#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
-
-#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
-#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-
-#ifdef OPENSSL_SMALL_FOOTPRINT
-
-static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num)
- {
- unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;
- SHA_LONG X[16],l;
- int i;
- const unsigned char *data=in;
-
- while (num--) {
-
- a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
- e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
-
- for (i=0;i<16;i++)
- {
- HOST_c2l(data,l); T1 = X[i] = l;
- T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
- T2 = Sigma0(a) + Maj(a,b,c);
- h = g; g = f; f = e; e = d + T1;
- d = c; c = b; b = a; a = T1 + T2;
- }
-
- for (;i<64;i++)
- {
- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
-
- T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
- T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
- T2 = Sigma0(a) + Maj(a,b,c);
- h = g; g = f; f = e; e = d + T1;
- d = c; c = b; b = a; a = T1 + T2;
- }
-
- ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
- ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
-
- }
-}
-
-#else
-
-#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
- T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \
- h = Sigma0(a) + Maj(a,b,c); \
- d += T1; h += T1; } while (0)
-
-#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
- T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
- ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
-
-static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num)
- {
- unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;
- SHA_LONG X[16];
- int i;
- const unsigned char *data=in;
- const union { long one; char little; } is_endian = {1};
-
- while (num--) {
-
- a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
- e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
-
- if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)in%4)==0)
- {
- const SHA_LONG *W=(const SHA_LONG *)data;
-
- T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
- T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
- T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
- T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
- T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
- T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
- T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
- T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
- T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
- T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
- T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
- T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
- T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
- T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
- T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
- T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
-
- data += SHA256_CBLOCK;
- }
- else
- {
- SHA_LONG l;
-
- HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h);
- HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g);
- HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f);
- HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e);
- HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d);
- HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c);
- HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b);
- HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a);
- HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h);
- HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g);
- HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f);
- HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e);
- HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d);
- HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c);
- HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b);
- HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a);
- }
-
- for (i=16;i<64;i+=8)
- {
- ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X);
- ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X);
- ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X);
- ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X);
- ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X);
- ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X);
- ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X);
- ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);
- }
-
- ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
- ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
-
- }
- }
-
-#endif
-#endif /* SHA256_ASM */
-
-#endif /* OPENSSL_NO_SHA256 */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256.c (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha256.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,401 @@
+/* crypto/sha/sha256.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved
+ * according to the OpenSSL license [found in ../../LICENSE].
+ * ====================================================================
+ */
+#include <openssl/opensslconf.h>
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
+
+# include <stdlib.h>
+# include <string.h>
+
+# include <openssl/crypto.h>
+# include <openssl/sha.h>
+# ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+# endif
+
+# include <openssl/opensslv.h>
+
+const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT;
+
+int SHA224_Init(SHA256_CTX *c)
+{
+# ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+# endif
+ c->h[0] = 0xc1059ed8UL;
+ c->h[1] = 0x367cd507UL;
+ c->h[2] = 0x3070dd17UL;
+ c->h[3] = 0xf70e5939UL;
+ c->h[4] = 0xffc00b31UL;
+ c->h[5] = 0x68581511UL;
+ c->h[6] = 0x64f98fa7UL;
+ c->h[7] = 0xbefa4fa4UL;
+ c->Nl = 0;
+ c->Nh = 0;
+ c->num = 0;
+ c->md_len = SHA224_DIGEST_LENGTH;
+ return 1;
+}
+
+int SHA256_Init(SHA256_CTX *c)
+{
+# ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+# endif
+ c->h[0] = 0x6a09e667UL;
+ c->h[1] = 0xbb67ae85UL;
+ c->h[2] = 0x3c6ef372UL;
+ c->h[3] = 0xa54ff53aUL;
+ c->h[4] = 0x510e527fUL;
+ c->h[5] = 0x9b05688cUL;
+ c->h[6] = 0x1f83d9abUL;
+ c->h[7] = 0x5be0cd19UL;
+ c->Nl = 0;
+ c->Nh = 0;
+ c->num = 0;
+ c->md_len = SHA256_DIGEST_LENGTH;
+ return 1;
+}
+
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
+{
+ SHA256_CTX c;
+ static unsigned char m[SHA224_DIGEST_LENGTH];
+
+ if (md == NULL)
+ md = m;
+ SHA224_Init(&c);
+ SHA256_Update(&c, d, n);
+ SHA256_Final(md, &c);
+ OPENSSL_cleanse(&c, sizeof(c));
+ return (md);
+}
+
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
+{
+ SHA256_CTX c;
+ static unsigned char m[SHA256_DIGEST_LENGTH];
+
+ if (md == NULL)
+ md = m;
+ SHA256_Init(&c);
+ SHA256_Update(&c, d, n);
+ SHA256_Final(md, &c);
+ OPENSSL_cleanse(&c, sizeof(c));
+ return (md);
+}
+
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
+{
+ return SHA256_Update(c, data, len);
+}
+
+int SHA224_Final(unsigned char *md, SHA256_CTX *c)
+{
+ return SHA256_Final(md, c);
+}
+
+# define DATA_ORDER_IS_BIG_ENDIAN
+
+# define HASH_LONG SHA_LONG
+# define HASH_CTX SHA256_CTX
+# define HASH_CBLOCK SHA_CBLOCK
+/*
+ * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
+ * default: case below covers for it. It's not clear however if it's
+ * permitted to truncate to amount of bytes not divisible by 4. I bet not,
+ * but if it is, then default: case shall be extended. For reference.
+ * Idea behind separate cases for pre-defined lenghts is to let the
+ * compiler decide if it's appropriate to unroll small loops.
+ */
+# define HASH_MAKE_STRING(c,s) do { \
+ unsigned long ll; \
+ unsigned int xn; \
+ switch ((c)->md_len) \
+ { case SHA224_DIGEST_LENGTH: \
+ for (xn=0;xn<SHA224_DIGEST_LENGTH/4;xn++) \
+ { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \
+ break; \
+ case SHA256_DIGEST_LENGTH: \
+ for (xn=0;xn<SHA256_DIGEST_LENGTH/4;xn++) \
+ { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \
+ break; \
+ default: \
+ if ((c)->md_len > SHA256_DIGEST_LENGTH) \
+ return 0; \
+ for (xn=0;xn<(c)->md_len/4;xn++) \
+ { ll=(c)->h[xn]; HOST_l2c(ll,(s)); } \
+ break; \
+ } \
+ } while (0)
+
+# define HASH_UPDATE SHA256_Update
+# define HASH_TRANSFORM SHA256_Transform
+# define HASH_FINAL SHA256_Final
+# define HASH_BLOCK_DATA_ORDER sha256_block_data_order
+# ifndef SHA256_ASM
+static
+# endif
+void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
+
+# include "md32_common.h"
+
+# ifndef SHA256_ASM
+static const SHA_LONG K256[64] = {
+ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
+ 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
+ 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
+ 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
+ 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
+ 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
+ 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
+ 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
+ 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
+ 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
+ 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
+ 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
+ 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+};
+
+/*
+ * FIPS specification refers to right rotations, while our ROTATE macro
+ * is left one. This is why you might notice that rotation coefficients
+ * differ from those observed in FIPS document by 32-N...
+ */
+# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+
+# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+# ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
+ size_t num)
+{
+ unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2;
+ SHA_LONG X[16], l;
+ int i;
+ const unsigned char *data = in;
+
+ while (num--) {
+
+ a = ctx->h[0];
+ b = ctx->h[1];
+ c = ctx->h[2];
+ d = ctx->h[3];
+ e = ctx->h[4];
+ f = ctx->h[5];
+ g = ctx->h[6];
+ h = ctx->h[7];
+
+ for (i = 0; i < 16; i++) {
+ HOST_c2l(data, l);
+ T1 = X[i] = l;
+ T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
+ T2 = Sigma0(a) + Maj(a, b, c);
+ h = g;
+ g = f;
+ f = e;
+ e = d + T1;
+ d = c;
+ c = b;
+ b = a;
+ a = T1 + T2;
+ }
+
+ for (; i < 64; i++) {
+ s0 = X[(i + 1) & 0x0f];
+ s0 = sigma0(s0);
+ s1 = X[(i + 14) & 0x0f];
+ s1 = sigma1(s1);
+
+ T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];
+ T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
+ T2 = Sigma0(a) + Maj(a, b, c);
+ h = g;
+ g = f;
+ f = e;
+ e = d + T1;
+ d = c;
+ c = b;
+ b = a;
+ a = T1 + T2;
+ }
+
+ ctx->h[0] += a;
+ ctx->h[1] += b;
+ ctx->h[2] += c;
+ ctx->h[3] += d;
+ ctx->h[4] += e;
+ ctx->h[5] += f;
+ ctx->h[6] += g;
+ ctx->h[7] += h;
+
+ }
+}
+
+# else
+
+# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \
+ h = Sigma0(a) + Maj(a,b,c); \
+ d += T1; h += T1; } while (0)
+
+# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
+ T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
+ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
+
+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
+ size_t num)
+{
+ unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;
+ SHA_LONG X[16];
+ int i;
+ const unsigned char *data = in;
+ const union {
+ long one;
+ char little;
+ } is_endian = {
+ 1
+ };
+
+ while (num--) {
+
+ a = ctx->h[0];
+ b = ctx->h[1];
+ c = ctx->h[2];
+ d = ctx->h[3];
+ e = ctx->h[4];
+ f = ctx->h[5];
+ g = ctx->h[6];
+ h = ctx->h[7];
+
+ if (!is_endian.little && sizeof(SHA_LONG) == 4
+ && ((size_t)in % 4) == 0) {
+ const SHA_LONG *W = (const SHA_LONG *)data;
+
+ T1 = X[0] = W[0];
+ ROUND_00_15(0, a, b, c, d, e, f, g, h);
+ T1 = X[1] = W[1];
+ ROUND_00_15(1, h, a, b, c, d, e, f, g);
+ T1 = X[2] = W[2];
+ ROUND_00_15(2, g, h, a, b, c, d, e, f);
+ T1 = X[3] = W[3];
+ ROUND_00_15(3, f, g, h, a, b, c, d, e);
+ T1 = X[4] = W[4];
+ ROUND_00_15(4, e, f, g, h, a, b, c, d);
+ T1 = X[5] = W[5];
+ ROUND_00_15(5, d, e, f, g, h, a, b, c);
+ T1 = X[6] = W[6];
+ ROUND_00_15(6, c, d, e, f, g, h, a, b);
+ T1 = X[7] = W[7];
+ ROUND_00_15(7, b, c, d, e, f, g, h, a);
+ T1 = X[8] = W[8];
+ ROUND_00_15(8, a, b, c, d, e, f, g, h);
+ T1 = X[9] = W[9];
+ ROUND_00_15(9, h, a, b, c, d, e, f, g);
+ T1 = X[10] = W[10];
+ ROUND_00_15(10, g, h, a, b, c, d, e, f);
+ T1 = X[11] = W[11];
+ ROUND_00_15(11, f, g, h, a, b, c, d, e);
+ T1 = X[12] = W[12];
+ ROUND_00_15(12, e, f, g, h, a, b, c, d);
+ T1 = X[13] = W[13];
+ ROUND_00_15(13, d, e, f, g, h, a, b, c);
+ T1 = X[14] = W[14];
+ ROUND_00_15(14, c, d, e, f, g, h, a, b);
+ T1 = X[15] = W[15];
+ ROUND_00_15(15, b, c, d, e, f, g, h, a);
+
+ data += SHA256_CBLOCK;
+ } else {
+ SHA_LONG l;
+
+ HOST_c2l(data, l);
+ T1 = X[0] = l;
+ ROUND_00_15(0, a, b, c, d, e, f, g, h);
+ HOST_c2l(data, l);
+ T1 = X[1] = l;
+ ROUND_00_15(1, h, a, b, c, d, e, f, g);
+ HOST_c2l(data, l);
+ T1 = X[2] = l;
+ ROUND_00_15(2, g, h, a, b, c, d, e, f);
+ HOST_c2l(data, l);
+ T1 = X[3] = l;
+ ROUND_00_15(3, f, g, h, a, b, c, d, e);
+ HOST_c2l(data, l);
+ T1 = X[4] = l;
+ ROUND_00_15(4, e, f, g, h, a, b, c, d);
+ HOST_c2l(data, l);
+ T1 = X[5] = l;
+ ROUND_00_15(5, d, e, f, g, h, a, b, c);
+ HOST_c2l(data, l);
+ T1 = X[6] = l;
+ ROUND_00_15(6, c, d, e, f, g, h, a, b);
+ HOST_c2l(data, l);
+ T1 = X[7] = l;
+ ROUND_00_15(7, b, c, d, e, f, g, h, a);
+ HOST_c2l(data, l);
+ T1 = X[8] = l;
+ ROUND_00_15(8, a, b, c, d, e, f, g, h);
+ HOST_c2l(data, l);
+ T1 = X[9] = l;
+ ROUND_00_15(9, h, a, b, c, d, e, f, g);
+ HOST_c2l(data, l);
+ T1 = X[10] = l;
+ ROUND_00_15(10, g, h, a, b, c, d, e, f);
+ HOST_c2l(data, l);
+ T1 = X[11] = l;
+ ROUND_00_15(11, f, g, h, a, b, c, d, e);
+ HOST_c2l(data, l);
+ T1 = X[12] = l;
+ ROUND_00_15(12, e, f, g, h, a, b, c, d);
+ HOST_c2l(data, l);
+ T1 = X[13] = l;
+ ROUND_00_15(13, d, e, f, g, h, a, b, c);
+ HOST_c2l(data, l);
+ T1 = X[14] = l;
+ ROUND_00_15(14, c, d, e, f, g, h, a, b);
+ HOST_c2l(data, l);
+ T1 = X[15] = l;
+ ROUND_00_15(15, b, c, d, e, f, g, h, a);
+ }
+
+ for (i = 16; i < 64; i += 8) {
+ ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X);
+ ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X);
+ ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X);
+ ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X);
+ ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X);
+ ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X);
+ ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X);
+ ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X);
+ }
+
+ ctx->h[0] += a;
+ ctx->h[1] += b;
+ ctx->h[2] += c;
+ ctx->h[3] += d;
+ ctx->h[4] += e;
+ ctx->h[5] += f;
+ ctx->h[6] += g;
+ ctx->h[7] += h;
+
+ }
+}
+
+# endif
+# endif /* SHA256_ASM */
+
+#endif /* OPENSSL_NO_SHA256 */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256t.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha256t.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256t.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,147 +0,0 @@
-/* crypto/sha/sha256t.c */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- * ====================================================================
- */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256)
-int main(int argc, char *argv[])
-{
- printf("No SHA256 support\n");
- return(0);
-}
-#else
-
-unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
- 0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,
- 0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
- 0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,
- 0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad };
-
-unsigned char app_b2[SHA256_DIGEST_LENGTH] = {
- 0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,
- 0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39,
- 0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,
- 0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1 };
-
-unsigned char app_b3[SHA256_DIGEST_LENGTH] = {
- 0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92,
- 0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67,
- 0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e,
- 0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0 };
-
-unsigned char addenum_1[SHA224_DIGEST_LENGTH] = {
- 0x23,0x09,0x7d,0x22,0x34,0x05,0xd8,0x22,
- 0x86,0x42,0xa4,0x77,0xbd,0xa2,0x55,0xb3,
- 0x2a,0xad,0xbc,0xe4,0xbd,0xa0,0xb3,0xf7,
- 0xe3,0x6c,0x9d,0xa7 };
-
-unsigned char addenum_2[SHA224_DIGEST_LENGTH] = {
- 0x75,0x38,0x8b,0x16,0x51,0x27,0x76,0xcc,
- 0x5d,0xba,0x5d,0xa1,0xfd,0x89,0x01,0x50,
- 0xb0,0xc6,0x45,0x5c,0xb4,0xf5,0x8b,0x19,
- 0x52,0x52,0x25,0x25 };
-
-unsigned char addenum_3[SHA224_DIGEST_LENGTH] = {
- 0x20,0x79,0x46,0x55,0x98,0x0c,0x91,0xd8,
- 0xbb,0xb4,0xc1,0xea,0x97,0x61,0x8a,0x4b,
- 0xf0,0x3f,0x42,0x58,0x19,0x48,0xb2,0xee,
- 0x4e,0xe7,0xad,0x67 };
-
-int main (int argc,char **argv)
-{ unsigned char md[SHA256_DIGEST_LENGTH];
- int i;
- EVP_MD_CTX evp;
-
- fprintf(stdout,"Testing SHA-256 ");
-
- EVP_Digest ("abc",3,md,NULL,EVP_sha256(),NULL);
- if (memcmp(md,app_b1,sizeof(app_b1)))
- { fflush(stdout);
- fprintf(stderr,"\nTEST 1 of 3 failed.\n");
- return 1;
- }
- else
- fprintf(stdout,"."); fflush(stdout);
-
- EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk"
- "ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha256(),NULL);
- if (memcmp(md,app_b2,sizeof(app_b2)))
- { fflush(stdout);
- fprintf(stderr,"\nTEST 2 of 3 failed.\n");
- return 1;
- }
- else
- fprintf(stdout,"."); fflush(stdout);
-
- EVP_MD_CTX_init (&evp);
- EVP_DigestInit_ex (&evp,EVP_sha256(),NULL);
- for (i=0;i<1000000;i+=160)
- EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
- (1000000-i)<160?1000000-i:160);
- EVP_DigestFinal_ex (&evp,md,NULL);
- EVP_MD_CTX_cleanup (&evp);
-
- if (memcmp(md,app_b3,sizeof(app_b3)))
- { fflush(stdout);
- fprintf(stderr,"\nTEST 3 of 3 failed.\n");
- return 1;
- }
- else
- fprintf(stdout,"."); fflush(stdout);
-
- fprintf(stdout," passed.\n"); fflush(stdout);
-
- fprintf(stdout,"Testing SHA-224 ");
-
- EVP_Digest ("abc",3,md,NULL,EVP_sha224(),NULL);
- if (memcmp(md,addenum_1,sizeof(addenum_1)))
- { fflush(stdout);
- fprintf(stderr,"\nTEST 1 of 3 failed.\n");
- return 1;
- }
- else
- fprintf(stdout,"."); fflush(stdout);
-
- EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk"
- "ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha224(),NULL);
- if (memcmp(md,addenum_2,sizeof(addenum_2)))
- { fflush(stdout);
- fprintf(stderr,"\nTEST 2 of 3 failed.\n");
- return 1;
- }
- else
- fprintf(stdout,"."); fflush(stdout);
-
- EVP_MD_CTX_init (&evp);
- EVP_DigestInit_ex (&evp,EVP_sha224(),NULL);
- for (i=0;i<1000000;i+=64)
- EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
- (1000000-i)<64?1000000-i:64);
- EVP_DigestFinal_ex (&evp,md,NULL);
- EVP_MD_CTX_cleanup (&evp);
-
- if (memcmp(md,addenum_3,sizeof(addenum_3)))
- { fflush(stdout);
- fprintf(stderr,"\nTEST 3 of 3 failed.\n");
- return 1;
- }
- else
- fprintf(stdout,"."); fflush(stdout);
-
- fprintf(stdout," passed.\n"); fflush(stdout);
-
- return 0;
-}
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256t.c (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha256t.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256t.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha256t.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,158 @@
+/* crypto/sha/sha256t.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256)
+int main(int argc, char *argv[])
+{
+ printf("No SHA256 support\n");
+ return (0);
+}
+#else
+
+unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
+ 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
+ 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
+ 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
+ 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
+};
+
+unsigned char app_b2[SHA256_DIGEST_LENGTH] = {
+ 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8,
+ 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39,
+ 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67,
+ 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1
+};
+
+unsigned char app_b3[SHA256_DIGEST_LENGTH] = {
+ 0xcd, 0xc7, 0x6e, 0x5c, 0x99, 0x14, 0xfb, 0x92,
+ 0x81, 0xa1, 0xc7, 0xe2, 0x84, 0xd7, 0x3e, 0x67,
+ 0xf1, 0x80, 0x9a, 0x48, 0xa4, 0x97, 0x20, 0x0e,
+ 0x04, 0x6d, 0x39, 0xcc, 0xc7, 0x11, 0x2c, 0xd0
+};
+
+unsigned char addenum_1[SHA224_DIGEST_LENGTH] = {
+ 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, 0x22,
+ 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, 0x55, 0xb3,
+ 0x2a, 0xad, 0xbc, 0xe4, 0xbd, 0xa0, 0xb3, 0xf7,
+ 0xe3, 0x6c, 0x9d, 0xa7
+};
+
+unsigned char addenum_2[SHA224_DIGEST_LENGTH] = {
+ 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, 0xcc,
+ 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, 0x01, 0x50,
+ 0xb0, 0xc6, 0x45, 0x5c, 0xb4, 0xf5, 0x8b, 0x19,
+ 0x52, 0x52, 0x25, 0x25
+};
+
+unsigned char addenum_3[SHA224_DIGEST_LENGTH] = {
+ 0x20, 0x79, 0x46, 0x55, 0x98, 0x0c, 0x91, 0xd8,
+ 0xbb, 0xb4, 0xc1, 0xea, 0x97, 0x61, 0x8a, 0x4b,
+ 0xf0, 0x3f, 0x42, 0x58, 0x19, 0x48, 0xb2, 0xee,
+ 0x4e, 0xe7, 0xad, 0x67
+};
+
+int main(int argc, char **argv)
+{
+ unsigned char md[SHA256_DIGEST_LENGTH];
+ int i;
+ EVP_MD_CTX evp;
+
+ fprintf(stdout, "Testing SHA-256 ");
+
+ EVP_Digest("abc", 3, md, NULL, EVP_sha256(), NULL);
+ if (memcmp(md, app_b1, sizeof(app_b1))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 1 of 3 failed.\n");
+ return 1;
+ } else
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
+ "ijkljklm" "klmnlmno" "mnopnopq", 56, md, NULL, EVP_sha256(),
+ NULL);
+ if (memcmp(md, app_b2, sizeof(app_b2))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 2 of 3 failed.\n");
+ return 1;
+ } else
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ EVP_MD_CTX_init(&evp);
+ EVP_DigestInit_ex(&evp, EVP_sha256(), NULL);
+ for (i = 0; i < 1000000; i += 160)
+ EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+ (1000000 - i) < 160 ? 1000000 - i : 160);
+ EVP_DigestFinal_ex(&evp, md, NULL);
+ EVP_MD_CTX_cleanup(&evp);
+
+ if (memcmp(md, app_b3, sizeof(app_b3))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 3 of 3 failed.\n");
+ return 1;
+ } else
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ fprintf(stdout, " passed.\n");
+ fflush(stdout);
+
+ fprintf(stdout, "Testing SHA-224 ");
+
+ EVP_Digest("abc", 3, md, NULL, EVP_sha224(), NULL);
+ if (memcmp(md, addenum_1, sizeof(addenum_1))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 1 of 3 failed.\n");
+ return 1;
+ } else
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ EVP_Digest("abcdbcde" "cdefdefg" "efghfghi" "ghijhijk"
+ "ijkljklm" "klmnlmno" "mnopnopq", 56, md, NULL, EVP_sha224(),
+ NULL);
+ if (memcmp(md, addenum_2, sizeof(addenum_2))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 2 of 3 failed.\n");
+ return 1;
+ } else
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ EVP_MD_CTX_init(&evp);
+ EVP_DigestInit_ex(&evp, EVP_sha224(), NULL);
+ for (i = 0; i < 1000000; i += 64)
+ EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+ (1000000 - i) < 64 ? 1000000 - i : 64);
+ EVP_DigestFinal_ex(&evp, md, NULL);
+ EVP_MD_CTX_cleanup(&evp);
+
+ if (memcmp(md, addenum_3, sizeof(addenum_3))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 3 of 3 failed.\n");
+ return 1;
+ } else
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ fprintf(stdout, " passed.\n");
+ fflush(stdout);
+
+ return 0;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha512.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,556 +0,0 @@
-/* crypto/sha/sha512.c */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved
- * according to the OpenSSL license [found in ../../LICENSE].
- * ====================================================================
- */
-#include <openssl/opensslconf.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
-/*
- * IMPLEMENTATION NOTES.
- *
- * As you might have noticed 32-bit hash algorithms:
- *
- * - permit SHA_LONG to be wider than 32-bit (case on CRAY);
- * - optimized versions implement two transform functions: one operating
- * on [aligned] data in host byte order and one - on data in input
- * stream byte order;
- * - share common byte-order neutral collector and padding function
- * implementations, ../md32_common.h;
- *
- * Neither of the above applies to this SHA-512 implementations. Reasons
- * [in reverse order] are:
- *
- * - it's the only 64-bit hash algorithm for the moment of this writing,
- * there is no need for common collector/padding implementation [yet];
- * - by supporting only one transform function [which operates on
- * *aligned* data in input stream byte order, big-endian in this case]
- * we minimize burden of maintenance in two ways: a) collector/padding
- * function is simpler; b) only one transform function to stare at;
- * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
- * apply a number of optimizations to mitigate potential performance
- * penalties caused by previous design decision;
- *
- * Caveat lector.
- *
- * Implementation relies on the fact that "long long" is 64-bit on
- * both 32- and 64-bit platforms. If some compiler vendor comes up
- * with 128-bit long long, adjustment to sha.h would be required.
- * As this implementation relies on 64-bit integer type, it's totally
- * inappropriate for platforms which don't support it, most notably
- * 16-bit platforms.
- * <appro at fy.chalmers.se>
- */
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/crypto.h>
-#include <openssl/sha.h>
-#include <openssl/opensslv.h>
-
-#include "cryptlib.h"
-
-const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
-
-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
- defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
- defined(__s390__) || defined(__s390x__) || \
- defined(SHA512_ASM)
-#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
-#endif
-
-int SHA384_Init (SHA512_CTX *c)
- {
-#ifdef OPENSSL_FIPS
- FIPS_selftest_check();
-#endif
- c->h[0]=U64(0xcbbb9d5dc1059ed8);
- c->h[1]=U64(0x629a292a367cd507);
- c->h[2]=U64(0x9159015a3070dd17);
- c->h[3]=U64(0x152fecd8f70e5939);
- c->h[4]=U64(0x67332667ffc00b31);
- c->h[5]=U64(0x8eb44a8768581511);
- c->h[6]=U64(0xdb0c2e0d64f98fa7);
- c->h[7]=U64(0x47b5481dbefa4fa4);
- c->Nl=0; c->Nh=0;
- c->num=0; c->md_len=SHA384_DIGEST_LENGTH;
- return 1;
- }
-
-int SHA512_Init (SHA512_CTX *c)
- {
-#ifdef OPENSSL_FIPS
- FIPS_selftest_check();
-#endif
- c->h[0]=U64(0x6a09e667f3bcc908);
- c->h[1]=U64(0xbb67ae8584caa73b);
- c->h[2]=U64(0x3c6ef372fe94f82b);
- c->h[3]=U64(0xa54ff53a5f1d36f1);
- c->h[4]=U64(0x510e527fade682d1);
- c->h[5]=U64(0x9b05688c2b3e6c1f);
- c->h[6]=U64(0x1f83d9abfb41bd6b);
- c->h[7]=U64(0x5be0cd19137e2179);
- c->Nl=0; c->Nh=0;
- c->num=0; c->md_len=SHA512_DIGEST_LENGTH;
- return 1;
- }
-
-#ifndef SHA512_ASM
-static
-#endif
-void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num);
-
-int SHA512_Final (unsigned char *md, SHA512_CTX *c)
- {
- unsigned char *p=(unsigned char *)c->u.p;
- size_t n=c->num;
-
- p[n]=0x80; /* There always is a room for one */
- n++;
- if (n > (sizeof(c->u)-16))
- memset (p+n,0,sizeof(c->u)-n), n=0,
- sha512_block_data_order (c,p,1);
-
- memset (p+n,0,sizeof(c->u)-16-n);
-#ifdef B_ENDIAN
- c->u.d[SHA_LBLOCK-2] = c->Nh;
- c->u.d[SHA_LBLOCK-1] = c->Nl;
-#else
- p[sizeof(c->u)-1] = (unsigned char)(c->Nl);
- p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8);
- p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16);
- p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24);
- p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32);
- p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40);
- p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48);
- p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56);
- p[sizeof(c->u)-9] = (unsigned char)(c->Nh);
- p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8);
- p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16);
- p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24);
- p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32);
- p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40);
- p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48);
- p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56);
-#endif
-
- sha512_block_data_order (c,p,1);
-
- if (md==0) return 0;
-
- switch (c->md_len)
- {
- /* Let compiler decide if it's appropriate to unroll... */
- case SHA384_DIGEST_LENGTH:
- for (n=0;n<SHA384_DIGEST_LENGTH/8;n++)
- {
- SHA_LONG64 t = c->h[n];
-
- *(md++) = (unsigned char)(t>>56);
- *(md++) = (unsigned char)(t>>48);
- *(md++) = (unsigned char)(t>>40);
- *(md++) = (unsigned char)(t>>32);
- *(md++) = (unsigned char)(t>>24);
- *(md++) = (unsigned char)(t>>16);
- *(md++) = (unsigned char)(t>>8);
- *(md++) = (unsigned char)(t);
- }
- break;
- case SHA512_DIGEST_LENGTH:
- for (n=0;n<SHA512_DIGEST_LENGTH/8;n++)
- {
- SHA_LONG64 t = c->h[n];
-
- *(md++) = (unsigned char)(t>>56);
- *(md++) = (unsigned char)(t>>48);
- *(md++) = (unsigned char)(t>>40);
- *(md++) = (unsigned char)(t>>32);
- *(md++) = (unsigned char)(t>>24);
- *(md++) = (unsigned char)(t>>16);
- *(md++) = (unsigned char)(t>>8);
- *(md++) = (unsigned char)(t);
- }
- break;
- /* ... as well as make sure md_len is not abused. */
- default: return 0;
- }
-
- return 1;
- }
-
-int SHA384_Final (unsigned char *md,SHA512_CTX *c)
-{ return SHA512_Final (md,c); }
-
-int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
- {
- SHA_LONG64 l;
- unsigned char *p=c->u.p;
- const unsigned char *data=(const unsigned char *)_data;
-
- if (len==0) return 1;
-
- l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);
- if (l < c->Nl) c->Nh++;
- if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61);
- c->Nl=l;
-
- if (c->num != 0)
- {
- size_t n = sizeof(c->u) - c->num;
-
- if (len < n)
- {
- memcpy (p+c->num,data,len), c->num += len;
- return 1;
- }
- else {
- memcpy (p+c->num,data,n), c->num = 0;
- len-=n, data+=n;
- sha512_block_data_order (c,p,1);
- }
- }
-
- if (len >= sizeof(c->u))
- {
-#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
- if ((size_t)data%sizeof(c->u.d[0]) != 0)
- while (len >= sizeof(c->u))
- memcpy (p,data,sizeof(c->u)),
- sha512_block_data_order (c,p,1),
- len -= sizeof(c->u),
- data += sizeof(c->u);
- else
-#endif
- sha512_block_data_order (c,data,len/sizeof(c->u)),
- data += len,
- len %= sizeof(c->u),
- data -= len;
- }
-
- if (len != 0) memcpy (p,data,len), c->num = (int)len;
-
- return 1;
- }
-
-int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
-{ return SHA512_Update (c,data,len); }
-
-void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
-{ sha512_block_data_order (c,data,1); }
-
-unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
- {
- SHA512_CTX c;
- static unsigned char m[SHA384_DIGEST_LENGTH];
-
- if (md == NULL) md=m;
- SHA384_Init(&c);
- SHA512_Update(&c,d,n);
- SHA512_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
- return(md);
- }
-
-unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
- {
- SHA512_CTX c;
- static unsigned char m[SHA512_DIGEST_LENGTH];
-
- if (md == NULL) md=m;
- SHA512_Init(&c);
- SHA512_Update(&c,d,n);
- SHA512_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
- return(md);
- }
-
-#ifndef SHA512_ASM
-static const SHA_LONG64 K512[80] = {
- U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),
- U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),
- U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),
- U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),
- U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),
- U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),
- U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),
- U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),
- U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),
- U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),
- U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),
- U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),
- U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),
- U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),
- U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),
- U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),
- U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),
- U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),
- U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),
- U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),
- U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),
- U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),
- U64(0xd192e819d6ef5218),U64(0xd69906245565a910),
- U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),
- U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),
- U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),
- U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),
- U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),
- U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),
- U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),
- U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),
- U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),
- U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),
- U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),
- U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),
- U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),
- U64(0x28db77f523047d84),U64(0x32caab7b40c72493),
- U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),
- U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),
- U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };
-
-#ifndef PEDANTIC
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-# if defined(__x86_64) || defined(__x86_64__)
-# define ROTR(a,n) ({ unsigned long ret; \
- asm ("rorq %1,%0" \
- : "=r"(ret) \
- : "J"(n),"0"(a) \
- : "cc"); ret; })
-# if !defined(B_ENDIAN)
-# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
- asm ("bswapq %0" \
- : "=r"(ret) \
- : "0"(ret)); ret; })
-# endif
-# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
-# if defined(I386_ONLY)
-# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
- unsigned int hi=p[0],lo=p[1]; \
- asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
- "roll $16,%%eax; roll $16,%%edx; "\
- "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \
- : "=a"(lo),"=d"(hi) \
- : "0"(lo),"1"(hi) : "cc"); \
- ((SHA_LONG64)hi)<<32|lo; })
-# else
-# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
- unsigned int hi=p[0],lo=p[1]; \
- asm ("bswapl %0; bswapl %1;" \
- : "=r"(lo),"=r"(hi) \
- : "0"(lo),"1"(hi)); \
- ((SHA_LONG64)hi)<<32|lo; })
-# endif
-# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
-# define ROTR(a,n) ({ unsigned long ret; \
- asm ("rotrdi %0,%1,%2" \
- : "=r"(ret) \
- : "r"(a),"K"(n)); ret; })
-# endif
-# elif defined(_MSC_VER)
-# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
-# define ROTR(a,n) _rotr64((a),n)
-# endif
-# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-# if defined(I386_ONLY)
- static SHA_LONG64 __fastcall __pull64be(const void *x)
- { _asm mov edx, [ecx + 0]
- _asm mov eax, [ecx + 4]
- _asm xchg dh,dl
- _asm xchg ah,al
- _asm rol edx,16
- _asm rol eax,16
- _asm xchg dh,dl
- _asm xchg ah,al
- }
-# else
- static SHA_LONG64 __fastcall __pull64be(const void *x)
- { _asm mov edx, [ecx + 0]
- _asm mov eax, [ecx + 4]
- _asm bswap edx
- _asm bswap eax
- }
-# endif
-# define PULL64(x) __pull64be(&(x))
-# if _MSC_VER<=1200
-# pragma inline_depth(0)
-# endif
-# endif
-# endif
-#endif
-
-#ifndef PULL64
-#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
-#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
-#endif
-
-#ifndef ROTR
-#define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
-#endif
-
-#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
-#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
-#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
-#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
-
-#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
-#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-
-#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
-#define GO_FOR_SSE2(ctx,in,num) do { \
- void sha512_block_sse2(void *,const void *,size_t); \
- if (!(OPENSSL_ia32cap_P & (1<<26))) break; \
- sha512_block_sse2(ctx->h,in,num); return; \
- } while (0)
-#endif
-
-#ifdef OPENSSL_SMALL_FOOTPRINT
-
-static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
- {
- const SHA_LONG64 *W=in;
- SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2;
- SHA_LONG64 X[16];
- int i;
-
-#ifdef GO_FOR_SSE2
- GO_FOR_SSE2(ctx,in,num);
-#endif
-
- while (num--) {
-
- a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
- e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
-
- for (i=0;i<16;i++)
- {
-#ifdef B_ENDIAN
- T1 = X[i] = W[i];
-#else
- T1 = X[i] = PULL64(W[i]);
-#endif
- T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
- T2 = Sigma0(a) + Maj(a,b,c);
- h = g; g = f; f = e; e = d + T1;
- d = c; c = b; b = a; a = T1 + T2;
- }
-
- for (;i<80;i++)
- {
- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0);
- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1);
-
- T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
- T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
- T2 = Sigma0(a) + Maj(a,b,c);
- h = g; g = f; f = e; e = d + T1;
- d = c; c = b; b = a; a = T1 + T2;
- }
-
- ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
- ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
-
- W+=SHA_LBLOCK;
- }
- }
-
-#else
-
-#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
- T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \
- h = Sigma0(a) + Maj(a,b,c); \
- d += T1; h += T1; } while (0)
-
-#define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \
- s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
- s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
- T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
- ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
-
-static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
- {
- const SHA_LONG64 *W=in;
- SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1;
- SHA_LONG64 X[16];
- int i;
-
-#ifdef GO_FOR_SSE2
- GO_FOR_SSE2(ctx,in,num);
-#endif
-
- while (num--) {
-
- a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3];
- e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7];
-
-#ifdef B_ENDIAN
- T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h);
- T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g);
- T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f);
- T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e);
- T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d);
- T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c);
- T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b);
- T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a);
- T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h);
- T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g);
- T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f);
- T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e);
- T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d);
- T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c);
- T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b);
- T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a);
-#else
- T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h);
- T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g);
- T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f);
- T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e);
- T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d);
- T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c);
- T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b);
- T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a);
- T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h);
- T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g);
- T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f);
- T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e);
- T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d);
- T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c);
- T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b);
- T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a);
-#endif
-
- for (i=16;i<80;i+=8)
- {
- ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);
- ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);
- ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);
- ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);
- ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);
- ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);
- ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);
- ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);
- }
-
- ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d;
- ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h;
-
- W+=SHA_LBLOCK;
- }
- }
-
-#endif
-
-#endif /* SHA512_ASM */
-
-#else /* OPENSSL_NO_SHA512 */
-
-/* Sensitive compilers ("Compaq C V6.4-005 on OpenVMS VAX V7.3", for
- * example) dislike a statement-free file, complaining:
- * "%CC-W-EMPTYFILE, Source file does not contain any declarations."
- */
-
-int sha512_dummy();
-
-#endif /* OPENSSL_NO_SHA512 */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512.c (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha512.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,621 @@
+/* crypto/sha/sha512.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved
+ * according to the OpenSSL license [found in ../../LICENSE].
+ * ====================================================================
+ */
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
+/*-
+ * IMPLEMENTATION NOTES.
+ *
+ * As you might have noticed 32-bit hash algorithms:
+ *
+ * - permit SHA_LONG to be wider than 32-bit (case on CRAY);
+ * - optimized versions implement two transform functions: one operating
+ * on [aligned] data in host byte order and one - on data in input
+ * stream byte order;
+ * - share common byte-order neutral collector and padding function
+ * implementations, ../md32_common.h;
+ *
+ * Neither of the above applies to this SHA-512 implementations. Reasons
+ * [in reverse order] are:
+ *
+ * - it's the only 64-bit hash algorithm for the moment of this writing,
+ * there is no need for common collector/padding implementation [yet];
+ * - by supporting only one transform function [which operates on
+ * *aligned* data in input stream byte order, big-endian in this case]
+ * we minimize burden of maintenance in two ways: a) collector/padding
+ * function is simpler; b) only one transform function to stare at;
+ * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
+ * apply a number of optimizations to mitigate potential performance
+ * penalties caused by previous design decision;
+ *
+ * Caveat lector.
+ *
+ * Implementation relies on the fact that "long long" is 64-bit on
+ * both 32- and 64-bit platforms. If some compiler vendor comes up
+ * with 128-bit long long, adjustment to sha.h would be required.
+ * As this implementation relies on 64-bit integer type, it's totally
+ * inappropriate for platforms which don't support it, most notably
+ * 16-bit platforms.
+ * <appro at fy.chalmers.se>
+ */
+# include <stdlib.h>
+# include <string.h>
+
+# include <openssl/crypto.h>
+# include <openssl/sha.h>
+# include <openssl/opensslv.h>
+
+# include "cryptlib.h"
+
+const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT;
+
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+ defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
+ defined(__s390__) || defined(__s390x__) || \
+ defined(SHA512_ASM)
+# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+# endif
+
+int SHA384_Init(SHA512_CTX *c)
+{
+# ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+# endif
+ c->h[0] = U64(0xcbbb9d5dc1059ed8);
+ c->h[1] = U64(0x629a292a367cd507);
+ c->h[2] = U64(0x9159015a3070dd17);
+ c->h[3] = U64(0x152fecd8f70e5939);
+ c->h[4] = U64(0x67332667ffc00b31);
+ c->h[5] = U64(0x8eb44a8768581511);
+ c->h[6] = U64(0xdb0c2e0d64f98fa7);
+ c->h[7] = U64(0x47b5481dbefa4fa4);
+ c->Nl = 0;
+ c->Nh = 0;
+ c->num = 0;
+ c->md_len = SHA384_DIGEST_LENGTH;
+ return 1;
+}
+
+int SHA512_Init(SHA512_CTX *c)
+{
+# ifdef OPENSSL_FIPS
+ FIPS_selftest_check();
+# endif
+ c->h[0] = U64(0x6a09e667f3bcc908);
+ c->h[1] = U64(0xbb67ae8584caa73b);
+ c->h[2] = U64(0x3c6ef372fe94f82b);
+ c->h[3] = U64(0xa54ff53a5f1d36f1);
+ c->h[4] = U64(0x510e527fade682d1);
+ c->h[5] = U64(0x9b05688c2b3e6c1f);
+ c->h[6] = U64(0x1f83d9abfb41bd6b);
+ c->h[7] = U64(0x5be0cd19137e2179);
+ c->Nl = 0;
+ c->Nh = 0;
+ c->num = 0;
+ c->md_len = SHA512_DIGEST_LENGTH;
+ return 1;
+}
+
+# ifndef SHA512_ASM
+static
+# endif
+void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num);
+
+int SHA512_Final(unsigned char *md, SHA512_CTX *c)
+{
+ unsigned char *p = (unsigned char *)c->u.p;
+ size_t n = c->num;
+
+ p[n] = 0x80; /* There always is a room for one */
+ n++;
+ if (n > (sizeof(c->u) - 16))
+ memset(p + n, 0, sizeof(c->u) - n), n = 0,
+ sha512_block_data_order(c, p, 1);
+
+ memset(p + n, 0, sizeof(c->u) - 16 - n);
+# ifdef B_ENDIAN
+ c->u.d[SHA_LBLOCK - 2] = c->Nh;
+ c->u.d[SHA_LBLOCK - 1] = c->Nl;
+# else
+ p[sizeof(c->u) - 1] = (unsigned char)(c->Nl);
+ p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8);
+ p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16);
+ p[sizeof(c->u) - 4] = (unsigned char)(c->Nl >> 24);
+ p[sizeof(c->u) - 5] = (unsigned char)(c->Nl >> 32);
+ p[sizeof(c->u) - 6] = (unsigned char)(c->Nl >> 40);
+ p[sizeof(c->u) - 7] = (unsigned char)(c->Nl >> 48);
+ p[sizeof(c->u) - 8] = (unsigned char)(c->Nl >> 56);
+ p[sizeof(c->u) - 9] = (unsigned char)(c->Nh);
+ p[sizeof(c->u) - 10] = (unsigned char)(c->Nh >> 8);
+ p[sizeof(c->u) - 11] = (unsigned char)(c->Nh >> 16);
+ p[sizeof(c->u) - 12] = (unsigned char)(c->Nh >> 24);
+ p[sizeof(c->u) - 13] = (unsigned char)(c->Nh >> 32);
+ p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40);
+ p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48);
+ p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56);
+# endif
+
+ sha512_block_data_order(c, p, 1);
+
+ if (md == 0)
+ return 0;
+
+ switch (c->md_len) {
+ /* Let compiler decide if it's appropriate to unroll... */
+ case SHA384_DIGEST_LENGTH:
+ for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) {
+ SHA_LONG64 t = c->h[n];
+
+ *(md++) = (unsigned char)(t >> 56);
+ *(md++) = (unsigned char)(t >> 48);
+ *(md++) = (unsigned char)(t >> 40);
+ *(md++) = (unsigned char)(t >> 32);
+ *(md++) = (unsigned char)(t >> 24);
+ *(md++) = (unsigned char)(t >> 16);
+ *(md++) = (unsigned char)(t >> 8);
+ *(md++) = (unsigned char)(t);
+ }
+ break;
+ case SHA512_DIGEST_LENGTH:
+ for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) {
+ SHA_LONG64 t = c->h[n];
+
+ *(md++) = (unsigned char)(t >> 56);
+ *(md++) = (unsigned char)(t >> 48);
+ *(md++) = (unsigned char)(t >> 40);
+ *(md++) = (unsigned char)(t >> 32);
+ *(md++) = (unsigned char)(t >> 24);
+ *(md++) = (unsigned char)(t >> 16);
+ *(md++) = (unsigned char)(t >> 8);
+ *(md++) = (unsigned char)(t);
+ }
+ break;
+ /* ... as well as make sure md_len is not abused. */
+ default:
+ return 0;
+ }
+
+ return 1;
+}
+
+int SHA384_Final(unsigned char *md, SHA512_CTX *c)
+{
+ return SHA512_Final(md, c);
+}
+
+int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len)
+{
+ SHA_LONG64 l;
+ unsigned char *p = c->u.p;
+ const unsigned char *data = (const unsigned char *)_data;
+
+ if (len == 0)
+ return 1;
+
+ l = (c->Nl + (((SHA_LONG64) len) << 3)) & U64(0xffffffffffffffff);
+ if (l < c->Nl)
+ c->Nh++;
+ if (sizeof(len) >= 8)
+ c->Nh += (((SHA_LONG64) len) >> 61);
+ c->Nl = l;
+
+ if (c->num != 0) {
+ size_t n = sizeof(c->u) - c->num;
+
+ if (len < n) {
+ memcpy(p + c->num, data, len), c->num += len;
+ return 1;
+ } else {
+ memcpy(p + c->num, data, n), c->num = 0;
+ len -= n, data += n;
+ sha512_block_data_order(c, p, 1);
+ }
+ }
+
+ if (len >= sizeof(c->u)) {
+# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+ if ((size_t)data % sizeof(c->u.d[0]) != 0)
+ while (len >= sizeof(c->u))
+ memcpy(p, data, sizeof(c->u)),
+ sha512_block_data_order(c, p, 1),
+ len -= sizeof(c->u), data += sizeof(c->u);
+ else
+# endif
+ sha512_block_data_order(c, data, len / sizeof(c->u)),
+ data += len, len %= sizeof(c->u), data -= len;
+ }
+
+ if (len != 0)
+ memcpy(p, data, len), c->num = (int)len;
+
+ return 1;
+}
+
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
+{
+ return SHA512_Update(c, data, len);
+}
+
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
+{
+ sha512_block_data_order(c, data, 1);
+}
+
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
+{
+ SHA512_CTX c;
+ static unsigned char m[SHA384_DIGEST_LENGTH];
+
+ if (md == NULL)
+ md = m;
+ SHA384_Init(&c);
+ SHA512_Update(&c, d, n);
+ SHA512_Final(md, &c);
+ OPENSSL_cleanse(&c, sizeof(c));
+ return (md);
+}
+
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
+{
+ SHA512_CTX c;
+ static unsigned char m[SHA512_DIGEST_LENGTH];
+
+ if (md == NULL)
+ md = m;
+ SHA512_Init(&c);
+ SHA512_Update(&c, d, n);
+ SHA512_Final(md, &c);
+ OPENSSL_cleanse(&c, sizeof(c));
+ return (md);
+}
+
+# ifndef SHA512_ASM
+static const SHA_LONG64 K512[80] = {
+ U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
+ U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
+ U64(0x3956c25bf348b538), U64(0x59f111f1b605d019),
+ U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118),
+ U64(0xd807aa98a3030242), U64(0x12835b0145706fbe),
+ U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2),
+ U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1),
+ U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694),
+ U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3),
+ U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65),
+ U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483),
+ U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5),
+ U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210),
+ U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4),
+ U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725),
+ U64(0x06ca6351e003826f), U64(0x142929670a0e6e70),
+ U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926),
+ U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df),
+ U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8),
+ U64(0x81c2c92e47edaee6), U64(0x92722c851482353b),
+ U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001),
+ U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30),
+ U64(0xd192e819d6ef5218), U64(0xd69906245565a910),
+ U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8),
+ U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53),
+ U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8),
+ U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb),
+ U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3),
+ U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60),
+ U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec),
+ U64(0x90befffa23631e28), U64(0xa4506cebde82bde9),
+ U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b),
+ U64(0xca273eceea26619c), U64(0xd186b8c721c0c207),
+ U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178),
+ U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6),
+ U64(0x113f9804bef90dae), U64(0x1b710b35131c471b),
+ U64(0x28db77f523047d84), U64(0x32caab7b40c72493),
+ U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c),
+ U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a),
+ U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817)
+};
+
+# ifndef PEDANTIC
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__x86_64) || defined(__x86_64__)
+# define ROTR(a,n) ({ unsigned long ret; \
+ asm ("rorq %1,%0" \
+ : "=r"(ret) \
+ : "J"(n),"0"(a) \
+ : "cc"); ret; })
+# if !defined(B_ENDIAN)
+# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \
+ asm ("bswapq %0" \
+ : "=r"(ret) \
+ : "0"(ret)); ret; })
+# endif
+# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
+# if defined(I386_ONLY)
+# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+ unsigned int hi=p[0],lo=p[1]; \
+ asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
+ "roll $16,%%eax; roll $16,%%edx; "\
+ "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \
+ : "=a"(lo),"=d"(hi) \
+ : "0"(lo),"1"(hi) : "cc"); \
+ ((SHA_LONG64)hi)<<32|lo; })
+# else
+# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+ unsigned int hi=p[0],lo=p[1]; \
+ asm ("bswapl %0; bswapl %1;" \
+ : "=r"(lo),"=r"(hi) \
+ : "0"(lo),"1"(hi)); \
+ ((SHA_LONG64)hi)<<32|lo; })
+# endif
+# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
+# define ROTR(a,n) ({ unsigned long ret; \
+ asm ("rotrdi %0,%1,%2" \
+ : "=r"(ret) \
+ : "r"(a),"K"(n)); ret; })
+# endif
+# elif defined(_MSC_VER)
+# if defined(_WIN64) /* applies to both IA-64 and AMD64 */
+# define ROTR(a,n) _rotr64((a),n)
+# endif
+# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(I386_ONLY)
+static SHA_LONG64 __fastcall __pull64be(const void *x)
+{
+ _asm mov edx,[ecx + 0]
+ _asm mov eax,[ecx + 4]
+_asm xchg dh, dl
+ _asm xchg ah, al
+ _asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al}
+# else
+static SHA_LONG64 __fastcall __pull64be(const void *x)
+{
+ _asm mov edx,[ecx + 0]
+ _asm mov eax,[ecx + 4]
+_asm bswap edx _asm bswap eax}
+# endif
+# define PULL64(x) __pull64be(&(x))
+# if _MSC_VER<=1200
+# pragma inline_depth(0)
+# endif
+# endif
+# endif
+# endif
+# ifndef PULL64
+# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
+# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
+# endif
+# ifndef ROTR
+# define ROTR(x,s) (((x)>>s) | (x)<<(64-s))
+# endif
+# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
+# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+# if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
+# define GO_FOR_SSE2(ctx,in,num) do { \
+ void sha512_block_sse2(void *,const void *,size_t); \
+ if (!(OPENSSL_ia32cap_P & (1<<26))) break; \
+ sha512_block_sse2(ctx->h,in,num); return; \
+ } while (0)
+# endif
+# ifdef OPENSSL_SMALL_FOOTPRINT
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+ size_t num)
+{
+ const SHA_LONG64 *W = in;
+ SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2;
+ SHA_LONG64 X[16];
+ int i;
+
+# ifdef GO_FOR_SSE2
+ GO_FOR_SSE2(ctx, in, num);
+# endif
+
+ while (num--) {
+
+ a = ctx->h[0];
+ b = ctx->h[1];
+ c = ctx->h[2];
+ d = ctx->h[3];
+ e = ctx->h[4];
+ f = ctx->h[5];
+ g = ctx->h[6];
+ h = ctx->h[7];
+
+ for (i = 0; i < 16; i++) {
+# ifdef B_ENDIAN
+ T1 = X[i] = W[i];
+# else
+ T1 = X[i] = PULL64(W[i]);
+# endif
+ T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
+ T2 = Sigma0(a) + Maj(a, b, c);
+ h = g;
+ g = f;
+ f = e;
+ e = d + T1;
+ d = c;
+ c = b;
+ b = a;
+ a = T1 + T2;
+ }
+
+ for (; i < 80; i++) {
+ s0 = X[(i + 1) & 0x0f];
+ s0 = sigma0(s0);
+ s1 = X[(i + 14) & 0x0f];
+ s1 = sigma1(s1);
+
+ T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];
+ T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
+ T2 = Sigma0(a) + Maj(a, b, c);
+ h = g;
+ g = f;
+ f = e;
+ e = d + T1;
+ d = c;
+ c = b;
+ b = a;
+ a = T1 + T2;
+ }
+
+ ctx->h[0] += a;
+ ctx->h[1] += b;
+ ctx->h[2] += c;
+ ctx->h[3] += d;
+ ctx->h[4] += e;
+ ctx->h[5] += f;
+ ctx->h[6] += g;
+ ctx->h[7] += h;
+
+ W += SHA_LBLOCK;
+ }
+}
+
+# else
+# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \
+ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \
+ h = Sigma0(a) + Maj(a,b,c); \
+ d += T1; h += T1; } while (0)
+# define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \
+ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \
+ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \
+ T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \
+ ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0)
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+ size_t num)
+{
+ const SHA_LONG64 *W = in;
+ SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1;
+ SHA_LONG64 X[16];
+ int i;
+
+# ifdef GO_FOR_SSE2
+ GO_FOR_SSE2(ctx, in, num);
+# endif
+
+ while (num--) {
+
+ a = ctx->h[0];
+ b = ctx->h[1];
+ c = ctx->h[2];
+ d = ctx->h[3];
+ e = ctx->h[4];
+ f = ctx->h[5];
+ g = ctx->h[6];
+ h = ctx->h[7];
+
+# ifdef B_ENDIAN
+ T1 = X[0] = W[0];
+ ROUND_00_15(0, a, b, c, d, e, f, g, h);
+ T1 = X[1] = W[1];
+ ROUND_00_15(1, h, a, b, c, d, e, f, g);
+ T1 = X[2] = W[2];
+ ROUND_00_15(2, g, h, a, b, c, d, e, f);
+ T1 = X[3] = W[3];
+ ROUND_00_15(3, f, g, h, a, b, c, d, e);
+ T1 = X[4] = W[4];
+ ROUND_00_15(4, e, f, g, h, a, b, c, d);
+ T1 = X[5] = W[5];
+ ROUND_00_15(5, d, e, f, g, h, a, b, c);
+ T1 = X[6] = W[6];
+ ROUND_00_15(6, c, d, e, f, g, h, a, b);
+ T1 = X[7] = W[7];
+ ROUND_00_15(7, b, c, d, e, f, g, h, a);
+ T1 = X[8] = W[8];
+ ROUND_00_15(8, a, b, c, d, e, f, g, h);
+ T1 = X[9] = W[9];
+ ROUND_00_15(9, h, a, b, c, d, e, f, g);
+ T1 = X[10] = W[10];
+ ROUND_00_15(10, g, h, a, b, c, d, e, f);
+ T1 = X[11] = W[11];
+ ROUND_00_15(11, f, g, h, a, b, c, d, e);
+ T1 = X[12] = W[12];
+ ROUND_00_15(12, e, f, g, h, a, b, c, d);
+ T1 = X[13] = W[13];
+ ROUND_00_15(13, d, e, f, g, h, a, b, c);
+ T1 = X[14] = W[14];
+ ROUND_00_15(14, c, d, e, f, g, h, a, b);
+ T1 = X[15] = W[15];
+ ROUND_00_15(15, b, c, d, e, f, g, h, a);
+# else
+ T1 = X[0] = PULL64(W[0]);
+ ROUND_00_15(0, a, b, c, d, e, f, g, h);
+ T1 = X[1] = PULL64(W[1]);
+ ROUND_00_15(1, h, a, b, c, d, e, f, g);
+ T1 = X[2] = PULL64(W[2]);
+ ROUND_00_15(2, g, h, a, b, c, d, e, f);
+ T1 = X[3] = PULL64(W[3]);
+ ROUND_00_15(3, f, g, h, a, b, c, d, e);
+ T1 = X[4] = PULL64(W[4]);
+ ROUND_00_15(4, e, f, g, h, a, b, c, d);
+ T1 = X[5] = PULL64(W[5]);
+ ROUND_00_15(5, d, e, f, g, h, a, b, c);
+ T1 = X[6] = PULL64(W[6]);
+ ROUND_00_15(6, c, d, e, f, g, h, a, b);
+ T1 = X[7] = PULL64(W[7]);
+ ROUND_00_15(7, b, c, d, e, f, g, h, a);
+ T1 = X[8] = PULL64(W[8]);
+ ROUND_00_15(8, a, b, c, d, e, f, g, h);
+ T1 = X[9] = PULL64(W[9]);
+ ROUND_00_15(9, h, a, b, c, d, e, f, g);
+ T1 = X[10] = PULL64(W[10]);
+ ROUND_00_15(10, g, h, a, b, c, d, e, f);
+ T1 = X[11] = PULL64(W[11]);
+ ROUND_00_15(11, f, g, h, a, b, c, d, e);
+ T1 = X[12] = PULL64(W[12]);
+ ROUND_00_15(12, e, f, g, h, a, b, c, d);
+ T1 = X[13] = PULL64(W[13]);
+ ROUND_00_15(13, d, e, f, g, h, a, b, c);
+ T1 = X[14] = PULL64(W[14]);
+ ROUND_00_15(14, c, d, e, f, g, h, a, b);
+ T1 = X[15] = PULL64(W[15]);
+ ROUND_00_15(15, b, c, d, e, f, g, h, a);
+# endif
+
+ for (i = 16; i < 80; i += 8) {
+ ROUND_16_80(i + 0, a, b, c, d, e, f, g, h, X);
+ ROUND_16_80(i + 1, h, a, b, c, d, e, f, g, X);
+ ROUND_16_80(i + 2, g, h, a, b, c, d, e, f, X);
+ ROUND_16_80(i + 3, f, g, h, a, b, c, d, e, X);
+ ROUND_16_80(i + 4, e, f, g, h, a, b, c, d, X);
+ ROUND_16_80(i + 5, d, e, f, g, h, a, b, c, X);
+ ROUND_16_80(i + 6, c, d, e, f, g, h, a, b, X);
+ ROUND_16_80(i + 7, b, c, d, e, f, g, h, a, X);
+ }
+
+ ctx->h[0] += a;
+ ctx->h[1] += b;
+ ctx->h[2] += c;
+ ctx->h[3] += d;
+ ctx->h[4] += e;
+ ctx->h[5] += f;
+ ctx->h[6] += g;
+ ctx->h[7] += h;
+
+ W += SHA_LBLOCK;
+ }
+}
+
+# endif
+
+# endif /* SHA512_ASM */
+
+#else /* OPENSSL_NO_SHA512 */
+
+/*
+ * Sensitive compilers ("Compaq C V6.4-005 on OpenVMS VAX V7.3", for example)
+ * dislike a statement-free file, complaining: "%CC-W-EMPTYFILE, Source file
+ * does not contain any declarations."
+ */
+
+int sha512_dummy();
+
+#endif /* OPENSSL_NO_SHA512 */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512t.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha512t.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512t.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,184 +0,0 @@
-/* crypto/sha/sha512t.c */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- * ====================================================================
- */
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include <openssl/sha.h>
-#include <openssl/evp.h>
-#include <openssl/crypto.h>
-
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512)
-int main(int argc, char *argv[])
-{
- printf("No SHA512 support\n");
- return(0);
-}
-#else
-
-unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
- 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
- 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
- 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
- 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
- 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
- 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
- 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
- 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f };
-
-unsigned char app_c2[SHA512_DIGEST_LENGTH] = {
- 0x8e,0x95,0x9b,0x75,0xda,0xe3,0x13,0xda,
- 0x8c,0xf4,0xf7,0x28,0x14,0xfc,0x14,0x3f,
- 0x8f,0x77,0x79,0xc6,0xeb,0x9f,0x7f,0xa1,
- 0x72,0x99,0xae,0xad,0xb6,0x88,0x90,0x18,
- 0x50,0x1d,0x28,0x9e,0x49,0x00,0xf7,0xe4,
- 0x33,0x1b,0x99,0xde,0xc4,0xb5,0x43,0x3a,
- 0xc7,0xd3,0x29,0xee,0xb6,0xdd,0x26,0x54,
- 0x5e,0x96,0xe5,0x5b,0x87,0x4b,0xe9,0x09 };
-
-unsigned char app_c3[SHA512_DIGEST_LENGTH] = {
- 0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64,
- 0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63,
- 0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28,
- 0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb,
- 0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a,
- 0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b,
- 0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e,
- 0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b };
-
-unsigned char app_d1[SHA384_DIGEST_LENGTH] = {
- 0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b,
- 0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07,
- 0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63,
- 0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed,
- 0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23,
- 0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 };
-
-unsigned char app_d2[SHA384_DIGEST_LENGTH] = {
- 0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8,
- 0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47,
- 0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2,
- 0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12,
- 0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9,
- 0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 };
-
-unsigned char app_d3[SHA384_DIGEST_LENGTH] = {
- 0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb,
- 0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c,
- 0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52,
- 0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b,
- 0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb,
- 0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 };
-
-int main (int argc,char **argv)
-{ unsigned char md[SHA512_DIGEST_LENGTH];
- int i;
- EVP_MD_CTX evp;
-
-#ifdef OPENSSL_IA32_SSE2
- /* Alternative to this is to call OpenSSL_add_all_algorithms...
- * The below code is retained exclusively for debugging purposes. */
- { char *env;
-
- if ((env=getenv("OPENSSL_ia32cap")))
- OPENSSL_ia32cap = strtoul (env,NULL,0);
- }
-#endif
-
- fprintf(stdout,"Testing SHA-512 ");
-
- EVP_Digest ("abc",3,md,NULL,EVP_sha512(),NULL);
- if (memcmp(md,app_c1,sizeof(app_c1)))
- { fflush(stdout);
- fprintf(stderr,"\nTEST 1 of 3 failed.\n");
- return 1;
- }
- else
- fprintf(stdout,"."); fflush(stdout);
-
- EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk"
- "efghijkl""fghijklm""ghijklmn""hijklmno"
- "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
- "mnopqrst""nopqrstu",112,md,NULL,EVP_sha512(),NULL);
- if (memcmp(md,app_c2,sizeof(app_c2)))
- { fflush(stdout);
- fprintf(stderr,"\nTEST 2 of 3 failed.\n");
- return 1;
- }
- else
- fprintf(stdout,"."); fflush(stdout);
-
- EVP_MD_CTX_init (&evp);
- EVP_DigestInit_ex (&evp,EVP_sha512(),NULL);
- for (i=0;i<1000000;i+=288)
- EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
- (1000000-i)<288?1000000-i:288);
- EVP_DigestFinal_ex (&evp,md,NULL);
- EVP_MD_CTX_cleanup (&evp);
-
- if (memcmp(md,app_c3,sizeof(app_c3)))
- { fflush(stdout);
- fprintf(stderr,"\nTEST 3 of 3 failed.\n");
- return 1;
- }
- else
- fprintf(stdout,"."); fflush(stdout);
-
- fprintf(stdout," passed.\n"); fflush(stdout);
-
- fprintf(stdout,"Testing SHA-384 ");
-
- EVP_Digest ("abc",3,md,NULL,EVP_sha384(),NULL);
- if (memcmp(md,app_d1,sizeof(app_d1)))
- { fflush(stdout);
- fprintf(stderr,"\nTEST 1 of 3 failed.\n");
- return 1;
- }
- else
- fprintf(stdout,"."); fflush(stdout);
-
- EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk"
- "efghijkl""fghijklm""ghijklmn""hijklmno"
- "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
- "mnopqrst""nopqrstu",112,md,NULL,EVP_sha384(),NULL);
- if (memcmp(md,app_d2,sizeof(app_d2)))
- { fflush(stdout);
- fprintf(stderr,"\nTEST 2 of 3 failed.\n");
- return 1;
- }
- else
- fprintf(stdout,"."); fflush(stdout);
-
- EVP_MD_CTX_init (&evp);
- EVP_DigestInit_ex (&evp,EVP_sha384(),NULL);
- for (i=0;i<1000000;i+=64)
- EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
- "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
- (1000000-i)<64?1000000-i:64);
- EVP_DigestFinal_ex (&evp,md,NULL);
- EVP_MD_CTX_cleanup (&evp);
-
- if (memcmp(md,app_d3,sizeof(app_d3)))
- { fflush(stdout);
- fprintf(stderr,"\nTEST 3 of 3 failed.\n");
- return 1;
- }
- else
- fprintf(stdout,"."); fflush(stdout);
-
- fprintf(stdout," passed.\n"); fflush(stdout);
-
- return 0;
-}
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512t.c (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha512t.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512t.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha512t.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,196 @@
+/* crypto/sha/sha512t.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512)
+int main(int argc, char *argv[])
+{
+ printf("No SHA512 support\n");
+ return (0);
+}
+#else
+
+unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
+ 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
+ 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
+ 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
+ 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
+ 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
+ 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
+ 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e,
+ 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f
+};
+
+unsigned char app_c2[SHA512_DIGEST_LENGTH] = {
+ 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda,
+ 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f,
+ 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1,
+ 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18,
+ 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4,
+ 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a,
+ 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54,
+ 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09
+};
+
+unsigned char app_c3[SHA512_DIGEST_LENGTH] = {
+ 0xe7, 0x18, 0x48, 0x3d, 0x0c, 0xe7, 0x69, 0x64,
+ 0x4e, 0x2e, 0x42, 0xc7, 0xbc, 0x15, 0xb4, 0x63,
+ 0x8e, 0x1f, 0x98, 0xb1, 0x3b, 0x20, 0x44, 0x28,
+ 0x56, 0x32, 0xa8, 0x03, 0xaf, 0xa9, 0x73, 0xeb,
+ 0xde, 0x0f, 0xf2, 0x44, 0x87, 0x7e, 0xa6, 0x0a,
+ 0x4c, 0xb0, 0x43, 0x2c, 0xe5, 0x77, 0xc3, 0x1b,
+ 0xeb, 0x00, 0x9c, 0x5c, 0x2c, 0x49, 0xaa, 0x2e,
+ 0x4e, 0xad, 0xb2, 0x17, 0xad, 0x8c, 0xc0, 0x9b
+};
+
+unsigned char app_d1[SHA384_DIGEST_LENGTH] = {
+ 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b,
+ 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07,
+ 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63,
+ 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed,
+ 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23,
+ 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7
+};
+
+unsigned char app_d2[SHA384_DIGEST_LENGTH] = {
+ 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8,
+ 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47,
+ 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2,
+ 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12,
+ 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9,
+ 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39
+};
+
+unsigned char app_d3[SHA384_DIGEST_LENGTH] = {
+ 0x9d, 0x0e, 0x18, 0x09, 0x71, 0x64, 0x74, 0xcb,
+ 0x08, 0x6e, 0x83, 0x4e, 0x31, 0x0a, 0x4a, 0x1c,
+ 0xed, 0x14, 0x9e, 0x9c, 0x00, 0xf2, 0x48, 0x52,
+ 0x79, 0x72, 0xce, 0xc5, 0x70, 0x4c, 0x2a, 0x5b,
+ 0x07, 0xb8, 0xb3, 0xdc, 0x38, 0xec, 0xc4, 0xeb,
+ 0xae, 0x97, 0xdd, 0xd8, 0x7f, 0x3d, 0x89, 0x85
+};
+
+int main(int argc, char **argv)
+{
+ unsigned char md[SHA512_DIGEST_LENGTH];
+ int i;
+ EVP_MD_CTX evp;
+
+# ifdef OPENSSL_IA32_SSE2
+ /*
+ * Alternative to this is to call OpenSSL_add_all_algorithms... The below
+ * code is retained exclusively for debugging purposes.
+ */
+ {
+ char *env;
+
+ if ((env = getenv("OPENSSL_ia32cap")))
+ OPENSSL_ia32cap = strtoul(env, NULL, 0);
+ }
+# endif
+
+ fprintf(stdout, "Testing SHA-512 ");
+
+ EVP_Digest("abc", 3, md, NULL, EVP_sha512(), NULL);
+ if (memcmp(md, app_c1, sizeof(app_c1))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 1 of 3 failed.\n");
+ return 1;
+ } else
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
+ "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
+ "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
+ "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha512(), NULL);
+ if (memcmp(md, app_c2, sizeof(app_c2))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 2 of 3 failed.\n");
+ return 1;
+ } else
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ EVP_MD_CTX_init(&evp);
+ EVP_DigestInit_ex(&evp, EVP_sha512(), NULL);
+ for (i = 0; i < 1000000; i += 288)
+ EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+ (1000000 - i) < 288 ? 1000000 - i : 288);
+ EVP_DigestFinal_ex(&evp, md, NULL);
+ EVP_MD_CTX_cleanup(&evp);
+
+ if (memcmp(md, app_c3, sizeof(app_c3))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 3 of 3 failed.\n");
+ return 1;
+ } else
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ fprintf(stdout, " passed.\n");
+ fflush(stdout);
+
+ fprintf(stdout, "Testing SHA-384 ");
+
+ EVP_Digest("abc", 3, md, NULL, EVP_sha384(), NULL);
+ if (memcmp(md, app_d1, sizeof(app_d1))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 1 of 3 failed.\n");
+ return 1;
+ } else
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ EVP_Digest("abcdefgh" "bcdefghi" "cdefghij" "defghijk"
+ "efghijkl" "fghijklm" "ghijklmn" "hijklmno"
+ "ijklmnop" "jklmnopq" "klmnopqr" "lmnopqrs"
+ "mnopqrst" "nopqrstu", 112, md, NULL, EVP_sha384(), NULL);
+ if (memcmp(md, app_d2, sizeof(app_d2))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 2 of 3 failed.\n");
+ return 1;
+ } else
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ EVP_MD_CTX_init(&evp);
+ EVP_DigestInit_ex(&evp, EVP_sha384(), NULL);
+ for (i = 0; i < 1000000; i += 64)
+ EVP_DigestUpdate(&evp, "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa"
+ "aaaaaaaa" "aaaaaaaa" "aaaaaaaa" "aaaaaaaa",
+ (1000000 - i) < 64 ? 1000000 - i : 64);
+ EVP_DigestFinal_ex(&evp, md, NULL);
+ EVP_MD_CTX_cleanup(&evp);
+
+ if (memcmp(md, app_d3, sizeof(app_d3))) {
+ fflush(stdout);
+ fprintf(stderr, "\nTEST 3 of 3 failed.\n");
+ return 1;
+ } else
+ fprintf(stdout, ".");
+ fflush(stdout);
+
+ fprintf(stdout, " passed.\n");
+ fflush(stdout);
+
+ return 0;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_dgst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha_dgst.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,80 +0,0 @@
-/* crypto/sha/sha1dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>
-#include <openssl/crypto.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include <openssl/err.h>
-#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
-
-#undef SHA_1
-#define SHA_0
-
-#include <openssl/opensslv.h>
-
-const char SHA_version[]="SHA" OPENSSL_VERSION_PTEXT;
-
-/* The implementation is in ../md32_common.h */
-
-#include "sha_locl.h"
-
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_dgst.c (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha_dgst.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_dgst.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_dgst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,79 @@
+/* crypto/sha/sha1dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#include <openssl/err.h>
+#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
+
+# undef SHA_1
+# define SHA_0
+
+# include <openssl/opensslv.h>
+
+const char SHA_version[] = "SHA" OPENSSL_VERSION_PTEXT;
+
+/* The implementation is in ../md32_common.h */
+
+# include "sha_locl.h"
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,446 +0,0 @@
-/* crypto/sha/sha_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/opensslconf.h>
-#include <openssl/sha.h>
-
-#define DATA_ORDER_IS_BIG_ENDIAN
-
-#define HASH_LONG SHA_LONG
-#define HASH_CTX SHA_CTX
-#define HASH_CBLOCK SHA_CBLOCK
-#define HASH_MAKE_STRING(c,s) do { \
- unsigned long ll; \
- ll=(c)->h0; HOST_l2c(ll,(s)); \
- ll=(c)->h1; HOST_l2c(ll,(s)); \
- ll=(c)->h2; HOST_l2c(ll,(s)); \
- ll=(c)->h3; HOST_l2c(ll,(s)); \
- ll=(c)->h4; HOST_l2c(ll,(s)); \
- } while (0)
-
-#if defined(SHA_0)
-
-# define HASH_UPDATE SHA_Update
-# define HASH_TRANSFORM SHA_Transform
-# define HASH_FINAL SHA_Final
-# define HASH_INIT SHA_Init
-# define HASH_BLOCK_DATA_ORDER sha_block_data_order
-# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id))
-
-static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
-
-#elif defined(SHA_1)
-
-# define HASH_UPDATE SHA1_Update
-# define HASH_TRANSFORM SHA1_Transform
-# define HASH_FINAL SHA1_Final
-# define HASH_INIT SHA1_Init
-# define HASH_BLOCK_DATA_ORDER sha1_block_data_order
-# if defined(__MWERKS__) && defined(__MC68K__)
- /* Metrowerks for Motorola fails otherwise:-( <appro at fy.chalmers.se> */
-# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \
- ix=(a)=ROTATE((a),1); \
- } while (0)
-# else
-# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \
- ix=(a)=ROTATE((a),1) \
- )
-# endif
-
-#ifndef SHA1_ASM
-static
-#endif
-void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
-
-#else
-# error "Either SHA_0 or SHA_1 must be defined."
-#endif
-
-#include "md32_common.h"
-
-#define INIT_DATA_h0 0x67452301UL
-#define INIT_DATA_h1 0xefcdab89UL
-#define INIT_DATA_h2 0x98badcfeUL
-#define INIT_DATA_h3 0x10325476UL
-#define INIT_DATA_h4 0xc3d2e1f0UL
-
-#if defined(SHA_0) && defined(OPENSSL_FIPS)
-FIPS_NON_FIPS_MD_Init(SHA)
-#else
-int HASH_INIT (SHA_CTX *c)
-#endif
- {
-#if defined(SHA_1) && defined(OPENSSL_FIPS)
- FIPS_selftest_check();
-#endif
- c->h0=INIT_DATA_h0;
- c->h1=INIT_DATA_h1;
- c->h2=INIT_DATA_h2;
- c->h3=INIT_DATA_h3;
- c->h4=INIT_DATA_h4;
- c->Nl=0;
- c->Nh=0;
- c->num=0;
- return 1;
- }
-
-#define K_00_19 0x5a827999UL
-#define K_20_39 0x6ed9eba1UL
-#define K_40_59 0x8f1bbcdcUL
-#define K_60_79 0xca62c1d6UL
-
-/* As pointed out by Wei Dai <weidai at eskimo.com>, F() below can be
- * simplified to the code in F_00_19. Wei attributes these optimisations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- * #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
- * I've just become aware of another tweak to be made, again from Wei Dai,
- * in F_40_59, (x&a)|(y&a) -> (x|y)&a
- */
-#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
-#define F_20_39(b,c,d) ((b) ^ (c) ^ (d))
-#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d)))
-#define F_60_79(b,c,d) F_20_39(b,c,d)
-
-#ifndef OPENSSL_SMALL_FOOTPRINT
-
-#define BODY_00_15(i,a,b,c,d,e,f,xi) \
- (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
- (b)=ROTATE((b),30);
-
-#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
- Xupdate(f,xi,xa,xb,xc,xd); \
- (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
- (b)=ROTATE((b),30);
-
-#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
- Xupdate(f,xi,xa,xb,xc,xd); \
- (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
- (b)=ROTATE((b),30);
-
-#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
- Xupdate(f,xa,xa,xb,xc,xd); \
- (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
- (b)=ROTATE((b),30);
-
-#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
- Xupdate(f,xa,xa,xb,xc,xd); \
- (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
- (b)=ROTATE((b),30);
-
-#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
- Xupdate(f,xa,xa,xb,xc,xd); \
- (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
- (b)=ROTATE((b),30);
-
-#ifdef X
-#undef X
-#endif
-#ifndef MD32_XARRAY
- /*
- * Originally X was an array. As it's automatic it's natural
- * to expect RISC compiler to accomodate at least part of it in
- * the register bank, isn't it? Unfortunately not all compilers
- * "find" this expectation reasonable:-( On order to make such
- * compilers generate better code I replace X[] with a bunch of
- * X0, X1, etc. See the function body below...
- * <appro at fy.chalmers.se>
- */
-# define X(i) XX##i
-#else
- /*
- * However! Some compilers (most notably HP C) get overwhelmed by
- * that many local variables so that we have to have the way to
- * fall down to the original behavior.
- */
-# define X(i) XX[i]
-#endif
-
-#if !defined(SHA_1) || !defined(SHA1_ASM)
-static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
- {
- const unsigned char *data=p;
- register unsigned MD32_REG_T A,B,C,D,E,T,l;
-#ifndef MD32_XARRAY
- unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
- XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-#else
- SHA_LONG XX[16];
-#endif
-
- A=c->h0;
- B=c->h1;
- C=c->h2;
- D=c->h3;
- E=c->h4;
-
- for (;;)
- {
- const union { long one; char little; } is_endian = {1};
-
- if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)p%4)==0)
- {
- const SHA_LONG *W=(const SHA_LONG *)data;
-
- X( 0) = W[0]; X( 1) = W[ 1];
- BODY_00_15( 0,A,B,C,D,E,T,X( 0)); X( 2) = W[ 2];
- BODY_00_15( 1,T,A,B,C,D,E,X( 1)); X( 3) = W[ 3];
- BODY_00_15( 2,E,T,A,B,C,D,X( 2)); X( 4) = W[ 4];
- BODY_00_15( 3,D,E,T,A,B,C,X( 3)); X( 5) = W[ 5];
- BODY_00_15( 4,C,D,E,T,A,B,X( 4)); X( 6) = W[ 6];
- BODY_00_15( 5,B,C,D,E,T,A,X( 5)); X( 7) = W[ 7];
- BODY_00_15( 6,A,B,C,D,E,T,X( 6)); X( 8) = W[ 8];
- BODY_00_15( 7,T,A,B,C,D,E,X( 7)); X( 9) = W[ 9];
- BODY_00_15( 8,E,T,A,B,C,D,X( 8)); X(10) = W[10];
- BODY_00_15( 9,D,E,T,A,B,C,X( 9)); X(11) = W[11];
- BODY_00_15(10,C,D,E,T,A,B,X(10)); X(12) = W[12];
- BODY_00_15(11,B,C,D,E,T,A,X(11)); X(13) = W[13];
- BODY_00_15(12,A,B,C,D,E,T,X(12)); X(14) = W[14];
- BODY_00_15(13,T,A,B,C,D,E,X(13)); X(15) = W[15];
- BODY_00_15(14,E,T,A,B,C,D,X(14));
- BODY_00_15(15,D,E,T,A,B,C,X(15));
-
- data += SHA_CBLOCK;
- }
- else
- {
- HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l;
- BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l;
- BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l;
- BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l;
- BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l;
- BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l;
- BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l;
- BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l;
- BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l;
- BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l;
- BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l;
- BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l;
- BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l;
- BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l;
- BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l;
- BODY_00_15(14,E,T,A,B,C,D,X(14));
- BODY_00_15(15,D,E,T,A,B,C,X(15));
- }
-
- BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
- BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
- BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
- BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
-
- BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
- BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
- BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
- BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
- BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));
- BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));
- BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));
- BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));
- BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));
- BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));
- BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));
- BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));
-
- BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
- BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
- BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
- BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
- BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
- BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
- BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
- BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
-
- BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
- BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
- BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
- BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
- BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
- BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
- BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
- BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
- BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
- BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
- BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
- BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
- BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
- BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
- BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
- BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
- BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
- BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
- BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
- BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
-
- BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
- BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
- BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
- BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
- BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
- BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
- BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
- BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
- BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
- BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
- BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
- BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
- BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
- BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
- BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
- BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
- BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
- BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
- BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
- BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
-
- c->h0=(c->h0+E)&0xffffffffL;
- c->h1=(c->h1+T)&0xffffffffL;
- c->h2=(c->h2+A)&0xffffffffL;
- c->h3=(c->h3+B)&0xffffffffL;
- c->h4=(c->h4+C)&0xffffffffL;
-
- if (--num == 0) break;
-
- A=c->h0;
- B=c->h1;
- C=c->h2;
- D=c->h3;
- E=c->h4;
-
- }
- }
-#endif
-
-#else /* OPENSSL_SMALL_FOOTPRINT */
-
-#define BODY_00_15(xi) do { \
- T=E+K_00_19+F_00_19(B,C,D); \
- E=D, D=C, C=ROTATE(B,30), B=A; \
- A=ROTATE(A,5)+T+xi; } while(0)
-
-#define BODY_16_19(xa,xb,xc,xd) do { \
- Xupdate(T,xa,xa,xb,xc,xd); \
- T+=E+K_00_19+F_00_19(B,C,D); \
- E=D, D=C, C=ROTATE(B,30), B=A; \
- A=ROTATE(A,5)+T; } while(0)
-
-#define BODY_20_39(xa,xb,xc,xd) do { \
- Xupdate(T,xa,xa,xb,xc,xd); \
- T+=E+K_20_39+F_20_39(B,C,D); \
- E=D, D=C, C=ROTATE(B,30), B=A; \
- A=ROTATE(A,5)+T; } while(0)
-
-#define BODY_40_59(xa,xb,xc,xd) do { \
- Xupdate(T,xa,xa,xb,xc,xd); \
- T+=E+K_40_59+F_40_59(B,C,D); \
- E=D, D=C, C=ROTATE(B,30), B=A; \
- A=ROTATE(A,5)+T; } while(0)
-
-#define BODY_60_79(xa,xb,xc,xd) do { \
- Xupdate(T,xa,xa,xb,xc,xd); \
- T=E+K_60_79+F_60_79(B,C,D); \
- E=D, D=C, C=ROTATE(B,30), B=A; \
- A=ROTATE(A,5)+T+xa; } while(0)
-
-#if !defined(SHA_1) || !defined(SHA1_ASM)
-static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
- {
- const unsigned char *data=p;
- register unsigned MD32_REG_T A,B,C,D,E,T,l;
- int i;
- SHA_LONG X[16];
-
- A=c->h0;
- B=c->h1;
- C=c->h2;
- D=c->h3;
- E=c->h4;
-
- for (;;)
- {
- for (i=0;i<16;i++)
- { HOST_c2l(data,l); X[i]=l; BODY_00_15(X[i]); }
- for (i=0;i<4;i++)
- { BODY_16_19(X[i], X[i+2], X[i+8], X[(i+13)&15]); }
- for (;i<24;i++)
- { BODY_20_39(X[i&15], X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); }
- for (i=0;i<20;i++)
- { BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); }
- for (i=4;i<24;i++)
- { BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); }
-
- c->h0=(c->h0+A)&0xffffffffL;
- c->h1=(c->h1+B)&0xffffffffL;
- c->h2=(c->h2+C)&0xffffffffL;
- c->h3=(c->h3+D)&0xffffffffL;
- c->h4=(c->h4+E)&0xffffffffL;
-
- if (--num == 0) break;
-
- A=c->h0;
- B=c->h1;
- C=c->h2;
- D=c->h3;
- E=c->h4;
-
- }
- }
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,505 @@
+/* crypto/sha/sha_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/sha.h>
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG SHA_LONG
+#define HASH_CTX SHA_CTX
+#define HASH_CBLOCK SHA_CBLOCK
+#define HASH_MAKE_STRING(c,s) do { \
+ unsigned long ll; \
+ ll=(c)->h0; HOST_l2c(ll,(s)); \
+ ll=(c)->h1; HOST_l2c(ll,(s)); \
+ ll=(c)->h2; HOST_l2c(ll,(s)); \
+ ll=(c)->h3; HOST_l2c(ll,(s)); \
+ ll=(c)->h4; HOST_l2c(ll,(s)); \
+ } while (0)
+
+#if defined(SHA_0)
+
+# define HASH_UPDATE SHA_Update
+# define HASH_TRANSFORM SHA_Transform
+# define HASH_FINAL SHA_Final
+# define HASH_INIT SHA_Init
+# define HASH_BLOCK_DATA_ORDER sha_block_data_order
+# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id))
+
+static void sha_block_data_order(SHA_CTX *c, const void *p, size_t num);
+
+#elif defined(SHA_1)
+
+# define HASH_UPDATE SHA1_Update
+# define HASH_TRANSFORM SHA1_Transform
+# define HASH_FINAL SHA1_Final
+# define HASH_INIT SHA1_Init
+# define HASH_BLOCK_DATA_ORDER sha1_block_data_order
+# if defined(__MWERKS__) && defined(__MC68K__)
+ /* Metrowerks for Motorola fails otherwise:-( <appro at fy.chalmers.se> */
+# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \
+ ix=(a)=ROTATE((a),1); \
+ } while (0)
+# else
+# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \
+ ix=(a)=ROTATE((a),1) \
+ )
+# endif
+
+# ifndef SHA1_ASM
+static
+# endif
+void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
+
+#else
+# error "Either SHA_0 or SHA_1 must be defined."
+#endif
+
+#include "md32_common.h"
+
+#define INIT_DATA_h0 0x67452301UL
+#define INIT_DATA_h1 0xefcdab89UL
+#define INIT_DATA_h2 0x98badcfeUL
+#define INIT_DATA_h3 0x10325476UL
+#define INIT_DATA_h4 0xc3d2e1f0UL
+
+#if defined(SHA_0) && defined(OPENSSL_FIPS)
+FIPS_NON_FIPS_MD_Init(SHA)
+#else
+int HASH_INIT(SHA_CTX *c)
+#endif
+{
+#if defined(SHA_1) && defined(OPENSSL_FIPS)
+ FIPS_selftest_check();
+#endif
+ c->h0 = INIT_DATA_h0;
+ c->h1 = INIT_DATA_h1;
+ c->h2 = INIT_DATA_h2;
+ c->h3 = INIT_DATA_h3;
+ c->h4 = INIT_DATA_h4;
+ c->Nl = 0;
+ c->Nh = 0;
+ c->num = 0;
+ return 1;
+}
+
+#define K_00_19 0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
+
+/*
+ * As pointed out by Wei Dai <weidai at eskimo.com>, F() below can be simplified
+ * to the code in F_00_19. Wei attributes these optimisations to Peter
+ * Gutmann's SHS code, and he attributes it to Rich Schroeppel. #define
+ * F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) I've just become aware of another
+ * tweak to be made, again from Wei Dai, in F_40_59, (x&a)|(y&a) -> (x|y)&a
+ */
+#define F_00_19(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
+#define F_20_39(b,c,d) ((b) ^ (c) ^ (d))
+#define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d)))
+#define F_60_79(b,c,d) F_20_39(b,c,d)
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+
+# define BODY_00_15(i,a,b,c,d,e,f,xi) \
+ (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+# define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+ Xupdate(f,xi,xa,xb,xc,xd); \
+ (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+# define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+ Xupdate(f,xi,xa,xb,xc,xd); \
+ (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+# define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+ Xupdate(f,xa,xa,xb,xc,xd); \
+ (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+# define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+ Xupdate(f,xa,xa,xb,xc,xd); \
+ (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+# define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+ Xupdate(f,xa,xa,xb,xc,xd); \
+ (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
+ (b)=ROTATE((b),30);
+
+# ifdef X
+# undef X
+# endif
+# ifndef MD32_XARRAY
+ /*
+ * Originally X was an array. As it's automatic it's natural
+ * to expect RISC compiler to accomodate at least part of it in
+ * the register bank, isn't it? Unfortunately not all compilers
+ * "find" this expectation reasonable:-( On order to make such
+ * compilers generate better code I replace X[] with a bunch of
+ * X0, X1, etc. See the function body below...
+ * <appro at fy.chalmers.se>
+ */
+# define X(i) XX##i
+# else
+ /*
+ * However! Some compilers (most notably HP C) get overwhelmed by
+ * that many local variables so that we have to have the way to
+ * fall down to the original behavior.
+ */
+# define X(i) XX[i]
+# endif
+
+# if !defined(SHA_1) || !defined(SHA1_ASM)
+static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
+{
+ const unsigned char *data = p;
+ register unsigned MD32_REG_T A, B, C, D, E, T, l;
+# ifndef MD32_XARRAY
+ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+# else
+ SHA_LONG XX[16];
+# endif
+
+ A = c->h0;
+ B = c->h1;
+ C = c->h2;
+ D = c->h3;
+ E = c->h4;
+
+ for (;;) {
+ const union {
+ long one;
+ char little;
+ } is_endian = {
+ 1
+ };
+
+ if (!is_endian.little && sizeof(SHA_LONG) == 4
+ && ((size_t)p % 4) == 0) {
+ const SHA_LONG *W = (const SHA_LONG *)data;
+
+ X(0) = W[0];
+ X(1) = W[1];
+ BODY_00_15(0, A, B, C, D, E, T, X(0));
+ X(2) = W[2];
+ BODY_00_15(1, T, A, B, C, D, E, X(1));
+ X(3) = W[3];
+ BODY_00_15(2, E, T, A, B, C, D, X(2));
+ X(4) = W[4];
+ BODY_00_15(3, D, E, T, A, B, C, X(3));
+ X(5) = W[5];
+ BODY_00_15(4, C, D, E, T, A, B, X(4));
+ X(6) = W[6];
+ BODY_00_15(5, B, C, D, E, T, A, X(5));
+ X(7) = W[7];
+ BODY_00_15(6, A, B, C, D, E, T, X(6));
+ X(8) = W[8];
+ BODY_00_15(7, T, A, B, C, D, E, X(7));
+ X(9) = W[9];
+ BODY_00_15(8, E, T, A, B, C, D, X(8));
+ X(10) = W[10];
+ BODY_00_15(9, D, E, T, A, B, C, X(9));
+ X(11) = W[11];
+ BODY_00_15(10, C, D, E, T, A, B, X(10));
+ X(12) = W[12];
+ BODY_00_15(11, B, C, D, E, T, A, X(11));
+ X(13) = W[13];
+ BODY_00_15(12, A, B, C, D, E, T, X(12));
+ X(14) = W[14];
+ BODY_00_15(13, T, A, B, C, D, E, X(13));
+ X(15) = W[15];
+ BODY_00_15(14, E, T, A, B, C, D, X(14));
+ BODY_00_15(15, D, E, T, A, B, C, X(15));
+
+ data += SHA_CBLOCK;
+ } else {
+ HOST_c2l(data, l);
+ X(0) = l;
+ HOST_c2l(data, l);
+ X(1) = l;
+ BODY_00_15(0, A, B, C, D, E, T, X(0));
+ HOST_c2l(data, l);
+ X(2) = l;
+ BODY_00_15(1, T, A, B, C, D, E, X(1));
+ HOST_c2l(data, l);
+ X(3) = l;
+ BODY_00_15(2, E, T, A, B, C, D, X(2));
+ HOST_c2l(data, l);
+ X(4) = l;
+ BODY_00_15(3, D, E, T, A, B, C, X(3));
+ HOST_c2l(data, l);
+ X(5) = l;
+ BODY_00_15(4, C, D, E, T, A, B, X(4));
+ HOST_c2l(data, l);
+ X(6) = l;
+ BODY_00_15(5, B, C, D, E, T, A, X(5));
+ HOST_c2l(data, l);
+ X(7) = l;
+ BODY_00_15(6, A, B, C, D, E, T, X(6));
+ HOST_c2l(data, l);
+ X(8) = l;
+ BODY_00_15(7, T, A, B, C, D, E, X(7));
+ HOST_c2l(data, l);
+ X(9) = l;
+ BODY_00_15(8, E, T, A, B, C, D, X(8));
+ HOST_c2l(data, l);
+ X(10) = l;
+ BODY_00_15(9, D, E, T, A, B, C, X(9));
+ HOST_c2l(data, l);
+ X(11) = l;
+ BODY_00_15(10, C, D, E, T, A, B, X(10));
+ HOST_c2l(data, l);
+ X(12) = l;
+ BODY_00_15(11, B, C, D, E, T, A, X(11));
+ HOST_c2l(data, l);
+ X(13) = l;
+ BODY_00_15(12, A, B, C, D, E, T, X(12));
+ HOST_c2l(data, l);
+ X(14) = l;
+ BODY_00_15(13, T, A, B, C, D, E, X(13));
+ HOST_c2l(data, l);
+ X(15) = l;
+ BODY_00_15(14, E, T, A, B, C, D, X(14));
+ BODY_00_15(15, D, E, T, A, B, C, X(15));
+ }
+
+ BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13));
+ BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14));
+ BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15));
+ BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0));
+
+ BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1));
+ BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2));
+ BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3));
+ BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4));
+ BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5));
+ BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6));
+ BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7));
+ BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8));
+ BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9));
+ BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10));
+ BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11));
+ BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12));
+
+ BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13));
+ BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14));
+ BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15));
+ BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0));
+ BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1));
+ BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2));
+ BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3));
+ BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4));
+
+ BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5));
+ BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6));
+ BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7));
+ BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8));
+ BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9));
+ BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10));
+ BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11));
+ BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12));
+ BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13));
+ BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14));
+ BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15));
+ BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0));
+ BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1));
+ BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2));
+ BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3));
+ BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4));
+ BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5));
+ BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6));
+ BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7));
+ BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8));
+
+ BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9));
+ BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10));
+ BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11));
+ BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12));
+ BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13));
+ BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14));
+ BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15));
+ BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0));
+ BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1));
+ BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2));
+ BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3));
+ BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4));
+ BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5));
+ BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6));
+ BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7));
+ BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8));
+ BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9));
+ BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10));
+ BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11));
+ BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12));
+
+ c->h0 = (c->h0 + E) & 0xffffffffL;
+ c->h1 = (c->h1 + T) & 0xffffffffL;
+ c->h2 = (c->h2 + A) & 0xffffffffL;
+ c->h3 = (c->h3 + B) & 0xffffffffL;
+ c->h4 = (c->h4 + C) & 0xffffffffL;
+
+ if (--num == 0)
+ break;
+
+ A = c->h0;
+ B = c->h1;
+ C = c->h2;
+ D = c->h3;
+ E = c->h4;
+
+ }
+}
+# endif
+
+#else /* OPENSSL_SMALL_FOOTPRINT */
+
+# define BODY_00_15(xi) do { \
+ T=E+K_00_19+F_00_19(B,C,D); \
+ E=D, D=C, C=ROTATE(B,30), B=A; \
+ A=ROTATE(A,5)+T+xi; } while(0)
+
+# define BODY_16_19(xa,xb,xc,xd) do { \
+ Xupdate(T,xa,xa,xb,xc,xd); \
+ T+=E+K_00_19+F_00_19(B,C,D); \
+ E=D, D=C, C=ROTATE(B,30), B=A; \
+ A=ROTATE(A,5)+T; } while(0)
+
+# define BODY_20_39(xa,xb,xc,xd) do { \
+ Xupdate(T,xa,xa,xb,xc,xd); \
+ T+=E+K_20_39+F_20_39(B,C,D); \
+ E=D, D=C, C=ROTATE(B,30), B=A; \
+ A=ROTATE(A,5)+T; } while(0)
+
+# define BODY_40_59(xa,xb,xc,xd) do { \
+ Xupdate(T,xa,xa,xb,xc,xd); \
+ T+=E+K_40_59+F_40_59(B,C,D); \
+ E=D, D=C, C=ROTATE(B,30), B=A; \
+ A=ROTATE(A,5)+T; } while(0)
+
+# define BODY_60_79(xa,xb,xc,xd) do { \
+ Xupdate(T,xa,xa,xb,xc,xd); \
+ T=E+K_60_79+F_60_79(B,C,D); \
+ E=D, D=C, C=ROTATE(B,30), B=A; \
+ A=ROTATE(A,5)+T+xa; } while(0)
+
+# if !defined(SHA_1) || !defined(SHA1_ASM)
+static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
+{
+ const unsigned char *data = p;
+ register unsigned MD32_REG_T A, B, C, D, E, T, l;
+ int i;
+ SHA_LONG X[16];
+
+ A = c->h0;
+ B = c->h1;
+ C = c->h2;
+ D = c->h3;
+ E = c->h4;
+
+ for (;;) {
+ for (i = 0; i < 16; i++) {
+ HOST_c2l(data, l);
+ X[i] = l;
+ BODY_00_15(X[i]);
+ }
+ for (i = 0; i < 4; i++) {
+ BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13) & 15]);
+ }
+ for (; i < 24; i++) {
+ BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15],
+ X[(i + 13) & 15]);
+ }
+ for (i = 0; i < 20; i++) {
+ BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
+ X[(i + 5) & 15]);
+ }
+ for (i = 4; i < 24; i++) {
+ BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
+ X[(i + 5) & 15]);
+ }
+
+ c->h0 = (c->h0 + A) & 0xffffffffL;
+ c->h1 = (c->h1 + B) & 0xffffffffL;
+ c->h2 = (c->h2 + C) & 0xffffffffL;
+ c->h3 = (c->h3 + D) & 0xffffffffL;
+ c->h4 = (c->h4 + E) & 0xffffffffL;
+
+ if (--num == 0)
+ break;
+
+ A = c->h0;
+ B = c->h1;
+ C = c->h2;
+ D = c->h3;
+ E = c->h4;
+
+ }
+}
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_one.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/sha_one.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,78 +0,0 @@
-/* crypto/sha/sha_one.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/sha.h>
-#include <openssl/crypto.h>
-
-#ifndef OPENSSL_NO_SHA0
-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md)
- {
- SHA_CTX c;
- static unsigned char m[SHA_DIGEST_LENGTH];
-
- if (md == NULL) md=m;
- if (!SHA_Init(&c))
- return NULL;
- SHA_Update(&c,d,n);
- SHA_Final(md,&c);
- OPENSSL_cleanse(&c,sizeof(c));
- return(md);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_one.c (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/sha_one.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_one.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/sha_one.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,79 @@
+/* crypto/sha/sha_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/sha.h>
+#include <openssl/crypto.h>
+
+#ifndef OPENSSL_NO_SHA0
+unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md)
+{
+ SHA_CTX c;
+ static unsigned char m[SHA_DIGEST_LENGTH];
+
+ if (md == NULL)
+ md = m;
+ if (!SHA_Init(&c))
+ return NULL;
+ SHA_Update(&c, d, n);
+ SHA_Final(md, &c);
+ OPENSSL_cleanse(&c, sizeof(c));
+ return (md);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/sha/shatest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/sha/shatest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/shatest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,178 +0,0 @@
-/* crypto/sha/shatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-
-#include "../e_os.h"
-
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0)
-int main(int argc, char *argv[])
-{
- printf("No SHA0 support\n");
- return(0);
-}
-#else
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-
-#ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
-#endif
-
-#define SHA_0 /* FIPS 180 */
-#undef SHA_1 /* FIPS 180-1 */
-
-static char *test[]={
- "abc",
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
- NULL,
- };
-
-#ifdef SHA_0
-static char *ret[]={
- "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
- "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
- };
-static char *bigret=
- "3232affa48628a26653b5aaa44541fd90d690603";
-#endif
-#ifdef SHA_1
-static char *ret[]={
- "a9993e364706816aba3e25717850c26c9cd0d89d",
- "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
- };
-static char *bigret=
- "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
-#endif
-
-static char *pt(unsigned char *md);
-int main(int argc, char *argv[])
- {
- int i,err=0;
- char **P,**R;
- static unsigned char buf[1000];
- char *p,*r;
- EVP_MD_CTX c;
- unsigned char md[SHA_DIGEST_LENGTH];
-
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(test[0], test[0], strlen(test[0]));
- ebcdic2ascii(test[1], test[1], strlen(test[1]));
-#endif
-
- EVP_MD_CTX_init(&c);
- P=test;
- R=ret;
- i=1;
- while (*P != NULL)
- {
- EVP_Digest(*P,strlen((char *)*P),md,NULL,EVP_sha(), NULL);
- p=pt(md);
- if (strcmp(p,(char *)*R) != 0)
- {
- printf("error calculating SHA on '%s'\n",*P);
- printf("got %s instead of %s\n",p,*R);
- err++;
- }
- else
- printf("test %d ok\n",i);
- i++;
- R++;
- P++;
- }
-
- memset(buf,'a',1000);
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(buf, buf, 1000);
-#endif /*CHARSET_EBCDIC*/
- EVP_DigestInit_ex(&c,EVP_sha(), NULL);
- for (i=0; i<1000; i++)
- EVP_DigestUpdate(&c,buf,1000);
- EVP_DigestFinal_ex(&c,md,NULL);
- p=pt(md);
-
- r=bigret;
- if (strcmp(p,r) != 0)
- {
- printf("error calculating SHA on '%s'\n",p);
- printf("got %s instead of %s\n",p,r);
- err++;
- }
- else
- printf("test 3 ok\n");
-
-#ifdef OPENSSL_SYS_NETWARE
- if (err) printf("ERROR: %d\n", err);
-#endif
- EVP_MD_CTX_cleanup(&c);
- EXIT(err);
- return(0);
- }
-
-static char *pt(unsigned char *md)
- {
- int i;
- static char buf[80];
-
- for (i=0; i<SHA_DIGEST_LENGTH; i++)
- sprintf(&(buf[i*2]),"%02x",md[i]);
- return(buf);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/sha/shatest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/sha/shatest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/sha/shatest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/sha/shatest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,174 @@
+/* crypto/sha/shatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "../e_os.h"
+
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0)
+int main(int argc, char *argv[])
+{
+ printf("No SHA0 support\n");
+ return (0);
+}
+#else
+# include <openssl/evp.h>
+# include <openssl/sha.h>
+
+# ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+# endif
+
+# define SHA_0 /* FIPS 180 */
+# undef SHA_1 /* FIPS 180-1 */
+
+static char *test[] = {
+ "abc",
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ NULL,
+};
+
+# ifdef SHA_0
+static char *ret[] = {
+ "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+ "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+};
+
+static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603";
+# endif
+# ifdef SHA_1
+static char *ret[] = {
+ "a9993e364706816aba3e25717850c26c9cd0d89d",
+ "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+};
+
+static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+# endif
+
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+{
+ int i, err = 0;
+ char **P, **R;
+ static unsigned char buf[1000];
+ char *p, *r;
+ EVP_MD_CTX c;
+ unsigned char md[SHA_DIGEST_LENGTH];
+
+# ifdef CHARSET_EBCDIC
+ ebcdic2ascii(test[0], test[0], strlen(test[0]));
+ ebcdic2ascii(test[1], test[1], strlen(test[1]));
+# endif
+
+ EVP_MD_CTX_init(&c);
+ P = test;
+ R = ret;
+ i = 1;
+ while (*P != NULL) {
+ EVP_Digest(*P, strlen((char *)*P), md, NULL, EVP_sha(), NULL);
+ p = pt(md);
+ if (strcmp(p, (char *)*R) != 0) {
+ printf("error calculating SHA on '%s'\n", *P);
+ printf("got %s instead of %s\n", p, *R);
+ err++;
+ } else
+ printf("test %d ok\n", i);
+ i++;
+ R++;
+ P++;
+ }
+
+ memset(buf, 'a', 1000);
+# ifdef CHARSET_EBCDIC
+ ebcdic2ascii(buf, buf, 1000);
+# endif /* CHARSET_EBCDIC */
+ EVP_DigestInit_ex(&c, EVP_sha(), NULL);
+ for (i = 0; i < 1000; i++)
+ EVP_DigestUpdate(&c, buf, 1000);
+ EVP_DigestFinal_ex(&c, md, NULL);
+ p = pt(md);
+
+ r = bigret;
+ if (strcmp(p, r) != 0) {
+ printf("error calculating SHA on '%s'\n", p);
+ printf("got %s instead of %s\n", p, r);
+ err++;
+ } else
+ printf("test 3 ok\n");
+
+# ifdef OPENSSL_SYS_NETWARE
+ if (err)
+ printf("ERROR: %d\n", err);
+# endif
+ EVP_MD_CTX_cleanup(&c);
+ EXIT(err);
+ return (0);
+}
+
+static char *pt(unsigned char *md)
+{
+ int i;
+ static char buf[80];
+
+ for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+ sprintf(&(buf[i * 2]), "%02x", md[i]);
+ return (buf);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/stack/safestack.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/stack/safestack.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/stack/safestack.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1986 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SAFESTACK_H
-#define HEADER_SAFESTACK_H
-
-#include <openssl/stack.h>
-
-#ifdef DEBUG_SAFESTACK
-
-#ifndef CHECKED_PTR_OF
-#define CHECKED_PTR_OF(type, p) \
- ((void*) (1 ? p : (type*)0))
-#endif
-
-#define CHECKED_SK_FREE_FUNC(type, p) \
- ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))
-
-#define CHECKED_SK_CMP_FUNC(type, p) \
- ((int (*)(const char * const *, const char * const *)) \
- ((1 ? p : (int (*)(const type * const *, const type * const *))0)))
-
-#define STACK_OF(type) struct stack_st_##type
-#define PREDECLARE_STACK_OF(type) STACK_OF(type);
-
-#define DECLARE_STACK_OF(type) \
-STACK_OF(type) \
- { \
- STACK stack; \
- };
-
-#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/
-
-/* SKM_sk_... stack macros are internal to safestack.h:
- * never use them directly, use sk_<type>_... instead */
-#define SKM_sk_new(type, cmp) \
- ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp)))
-#define SKM_sk_new_null(type) \
- ((STACK_OF(type) *)sk_new_null())
-#define SKM_sk_free(type, st) \
- sk_free(CHECKED_PTR_OF(STACK_OF(type), st))
-#define SKM_sk_num(type, st) \
- sk_num(CHECKED_PTR_OF(STACK_OF(type), st))
-#define SKM_sk_value(type, st,i) \
- ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i))
-#define SKM_sk_set(type, st,i,val) \
- sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val))
-#define SKM_sk_zero(type, st) \
- sk_zero(CHECKED_PTR_OF(STACK_OF(type), st))
-#define SKM_sk_push(type, st,val) \
- sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_unshift(type, st,val) \
- sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_find(type, st,val) \
- sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
-#define SKM_sk_delete(type, st,i) \
- (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i)
-#define SKM_sk_delete_ptr(type, st,ptr) \
- (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr))
-#define SKM_sk_insert(type, st,val,i) \
- sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i)
-#define SKM_sk_set_cmp_func(type, st,cmp) \
- ((int (*)(const type * const *,const type * const *)) \
- sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp)))
-#define SKM_sk_dup(type, st) \
- (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st))
-#define SKM_sk_pop_free(type, st,free_func) \
- sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func))
-#define SKM_sk_shift(type, st) \
- (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st))
-#define SKM_sk_pop(type, st) \
- (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st))
-#define SKM_sk_sort(type, st) \
- sk_sort(CHECKED_PTR_OF(STACK_OF(type), st))
-#define SKM_sk_is_sorted(type, st) \
- sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st))
-
-#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type)*, st), \
- pp, length, \
- CHECKED_D2I_OF(type, d2i_func), \
- CHECKED_SK_FREE_FUNC(type, free_func), \
- ex_tag, ex_class)
-
-#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
- i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \
- CHECKED_I2D_OF(type, i2d_func), \
- ex_tag, ex_class, is_set)
-
-#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
- ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \
- CHECKED_I2D_OF(type, i2d_func), buf, len)
-
-#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
- (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func))
-
-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
- (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \
- CHECKED_D2I_OF(type, d2i_func), \
- CHECKED_SK_FREE_FUNC(type, free_func), \
- pass, passlen, oct, seq)
-
-#else
-
-#define STACK_OF(type) STACK
-#define PREDECLARE_STACK_OF(type) /* nada */
-#define DECLARE_STACK_OF(type) /* nada */
-#define IMPLEMENT_STACK_OF(type) /* nada */
-
-#define SKM_sk_new(type, cmp) \
- sk_new((int (*)(const char * const *, const char * const *))(cmp))
-#define SKM_sk_new_null(type) \
- sk_new_null()
-#define SKM_sk_free(type, st) \
- sk_free(st)
-#define SKM_sk_num(type, st) \
- sk_num(st)
-#define SKM_sk_value(type, st,i) \
- ((type *)sk_value(st, i))
-#define SKM_sk_set(type, st,i,val) \
- ((type *)sk_set(st, i,(char *)val))
-#define SKM_sk_zero(type, st) \
- sk_zero(st)
-#define SKM_sk_push(type, st,val) \
- sk_push(st, (char *)val)
-#define SKM_sk_unshift(type, st,val) \
- sk_unshift(st, (char *)val)
-#define SKM_sk_find(type, st,val) \
- sk_find(st, (char *)val)
-#define SKM_sk_delete(type, st,i) \
- ((type *)sk_delete(st, i))
-#define SKM_sk_delete_ptr(type, st,ptr) \
- ((type *)sk_delete_ptr(st,(char *)ptr))
-#define SKM_sk_insert(type, st,val,i) \
- sk_insert(st, (char *)val, i)
-#define SKM_sk_set_cmp_func(type, st,cmp) \
- ((int (*)(const type * const *,const type * const *)) \
- sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp)))
-#define SKM_sk_dup(type, st) \
- sk_dup(st)
-#define SKM_sk_pop_free(type, st,free_func) \
- sk_pop_free(st, (void (*)(void *))free_func)
-#define SKM_sk_shift(type, st) \
- ((type *)sk_shift(st))
-#define SKM_sk_pop(type, st) \
- ((type *)sk_pop(st))
-#define SKM_sk_sort(type, st) \
- sk_sort(st)
-#define SKM_sk_is_sorted(type, st) \
- sk_is_sorted(st)
-
-#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)
-#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
- i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set)
-
-#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
- ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len)
-#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
- ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func)
-
-#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
- ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq))
-
-#endif
-
-/* This block of defines is updated by util/mkstack.pl, please do not touch! */
-#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
-#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))
-#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val))
-#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i))
-#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr))
-#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i))
-#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp))
-#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st)
-#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func))
-#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
-#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))
-
-#define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st))
-#define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange)
-#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st))
-#define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st))
-#define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i))
-#define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val))
-#define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st))
-#define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i))
-#define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr))
-#define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i))
-#define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp))
-#define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st)
-#define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func))
-#define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st))
-#define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st))
-#define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st))
-#define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st))
-
-#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
-#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i))
-#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val))
-#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))
-#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))
-#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))
-#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))
-#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)
-#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))
-#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
-#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st))
-
-#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
-#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i))
-#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val))
-#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i))
-#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr))
-#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i))
-#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp))
-#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st)
-#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func))
-#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
-#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st))
-
-#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)
-#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i))
-#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val))
-#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i))
-#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr))
-#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i))
-#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp))
-#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st)
-#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func))
-#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
-#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st))
-
-#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)
-#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i))
-#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val))
-#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i))
-#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr))
-#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i))
-#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp))
-#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st)
-#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func))
-#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
-#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st))
-
-#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)
-#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i))
-#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val))
-#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i))
-#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr))
-#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i))
-#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp))
-#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st)
-#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func))
-#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
-#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st))
-
-#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)
-#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i))
-#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val))
-#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i))
-#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr))
-#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i))
-#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp))
-#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st)
-#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func))
-#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
-#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st))
-
-#define sk_BIO_new(st) SKM_sk_new(BIO, (st))
-#define sk_BIO_new_null() SKM_sk_new_null(BIO)
-#define sk_BIO_free(st) SKM_sk_free(BIO, (st))
-#define sk_BIO_num(st) SKM_sk_num(BIO, (st))
-#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i))
-#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val))
-#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st))
-#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val))
-#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val))
-#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val))
-#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val))
-#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i))
-#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr))
-#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i))
-#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp))
-#define sk_BIO_dup(st) SKM_sk_dup(BIO, st)
-#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func))
-#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))
-#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
-#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
-#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))
-
-#define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices)
-#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i))
-#define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val))
-#define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i))
-#define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr))
-#define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i))
-#define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp))
-#define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st)
-#define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func))
-#define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st))
-
-#define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo)
-#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i))
-#define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val))
-#define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i))
-#define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr))
-#define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i))
-#define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp))
-#define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st)
-#define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func))
-#define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st))
-
-#define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice)
-#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i))
-#define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val))
-#define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i))
-#define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr))
-#define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i))
-#define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp))
-#define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st)
-#define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func))
-#define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st))
-
-#define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo)
-#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i))
-#define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val))
-#define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i))
-#define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr))
-#define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i))
-#define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp))
-#define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st)
-#define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func))
-#define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st))
-
-#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
-#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i))
-#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val))
-#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))
-#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))
-#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))
-#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))
-#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)
-#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))
-#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
-#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st))
-
-#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st))
-#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
-#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
-#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))
-#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i))
-#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val))
-#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st))
-#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))
-#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))
-#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))
-#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))
-#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)
-#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))
-#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))
-#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))
-#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
-#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st))
-
-#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))
-#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
-#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
-#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))
-#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i))
-#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val))
-#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st))
-#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i))
-#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr))
-#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i))
-#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp))
-#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st)
-#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func))
-#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))
-#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))
-#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
-#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))
-
-#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
-#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))
-#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))
-#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))
-#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)
-#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))
-#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
-#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))
-
-#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
-#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i))
-#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val))
-#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))
-#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))
-#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))
-#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))
-#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)
-#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))
-#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
-#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))
-
-#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st))
-#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
-#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
-#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))
-#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i))
-#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val))
-#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st))
-#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i))
-#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr))
-#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i))
-#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp))
-#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st)
-#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func))
-#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))
-#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))
-#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
-#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st))
-
-#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st))
-#define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)
-#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))
-#define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))
-#define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i))
-#define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val))
-#define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st))
-#define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val))
-#define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val))
-#define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val))
-#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val))
-#define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i))
-#define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr))
-#define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i))
-#define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp))
-#define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st)
-#define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func))
-#define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))
-#define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))
-#define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
-#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st))
-
-#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)
-#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i))
-#define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val))
-#define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i))
-#define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr))
-#define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i))
-#define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp))
-#define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st)
-#define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func))
-#define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
-#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))
-
-#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
-#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i))
-#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val))
-#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i))
-#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr))
-#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i))
-#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp))
-#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st)
-#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
-#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
-#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))
-
-#define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES)
-#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i))
-#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val))
-#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i))
-#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr))
-#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i))
-#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp))
-#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st)
-#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func))
-#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st))
-
-#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)
-#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i))
-#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val))
-#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i))
-#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr))
-#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i))
-#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp))
-#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st)
-#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func))
-#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st))
-
-#define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st))
-#define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily)
-#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st))
-#define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st))
-#define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i))
-#define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val))
-#define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st))
-#define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i))
-#define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr))
-#define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i))
-#define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp))
-#define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st)
-#define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func))
-#define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st))
-#define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st))
-#define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st))
-#define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st))
-
-#define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange)
-#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i))
-#define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val))
-#define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i))
-#define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr))
-#define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i))
-#define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp))
-#define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st)
-#define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func))
-#define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st))
-
-#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
-#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i))
-#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val))
-#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))
-#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))
-#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))
-#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))
-#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)
-#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))
-#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
-#define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))
-
-#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
-#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i))
-#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val))
-#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))
-#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))
-#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))
-#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))
-#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)
-#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))
-#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
-#define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))
-
-#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
-#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i))
-#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val))
-#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))
-#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))
-#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))
-#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))
-#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)
-#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))
-#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
-#define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))
-
-#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
-#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i))
-#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val))
-#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))
-#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))
-#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))
-#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))
-#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)
-#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))
-#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
-#define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))
-
-#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
-#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i))
-#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val))
-#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))
-#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))
-#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))
-#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))
-#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)
-#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))
-#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
-#define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))
-
-#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
-#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i))
-#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val))
-#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))
-#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))
-#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))
-#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))
-#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)
-#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))
-#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
-#define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))
-
-#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
-#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i))
-#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val))
-#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))
-#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))
-#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))
-#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))
-#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)
-#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))
-#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
-#define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))
-
-#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
-#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i))
-#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val))
-#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))
-#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))
-#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))
-#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))
-#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)
-#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))
-#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
-#define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))
-
-#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
-#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
-#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
-#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
-#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
-#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
-#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
-#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
-#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
-#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
-#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
-#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
-#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
-#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
-#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
-#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
-#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
-
-#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
-#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
-#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
-#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
-#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
-#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
-#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
-#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
-#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
-#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
-#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
-#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
-#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
-#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
-#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
-#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
-#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
-
-#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)
-#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i))
-#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val))
-#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i))
-#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr))
-#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i))
-#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp))
-#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st)
-#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func))
-#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
-#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st))
-
-#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
-#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i))
-#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val))
-#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))
-#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))
-#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))
-#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))
-#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)
-#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))
-#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
-#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st))
-
-#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
-#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
-#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
-#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
-#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
-#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
-#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
-#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
-#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
-#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
-#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))
-
-#define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID)
-#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i))
-#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val))
-#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i))
-#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr))
-#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i))
-#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp))
-#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st)
-#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func))
-#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st))
-
-#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
-#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
-#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
-#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
-#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
-#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
-#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
-#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
-#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
-#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
-#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st))
-
-#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
-#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i))
-#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val))
-#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i))
-#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr))
-#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i))
-#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp))
-#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st)
-#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func))
-#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
-#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st))
-
-#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st))
-#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)
-#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))
-#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))
-#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i))
-#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val))
-#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st))
-#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val))
-#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val))
-#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val))
-#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val))
-#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i))
-#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr))
-#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i))
-#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp))
-#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st)
-#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func))
-#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))
-#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))
-#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
-#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st))
-
-#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)
-#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i))
-#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val))
-#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i))
-#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr))
-#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i))
-#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp))
-#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st)
-#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func))
-#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
-#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st))
-
-#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)
-#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i))
-#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val))
-#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i))
-#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr))
-#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i))
-#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp))
-#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st)
-#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func))
-#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
-#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st))
-
-#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st))
-#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)
-#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))
-#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))
-#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i))
-#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val))
-#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st))
-#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i))
-#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr))
-#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i))
-#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp))
-#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st)
-#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func))
-#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))
-#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))
-#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
-#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st))
-
-#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)
-#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i))
-#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val))
-#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i))
-#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr))
-#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i))
-#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp))
-#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st)
-#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func))
-#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
-#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))
-
-#define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING)
-#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i))
-#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val))
-#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i))
-#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr))
-#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i))
-#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp))
-#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st)
-#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func))
-#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))
-
-#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
-#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i))
-#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val))
-#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i))
-#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr))
-#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i))
-#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp))
-#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st)
-#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func))
-#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
-#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st))
-
-#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st))
-#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)
-#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))
-#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))
-#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i))
-#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val))
-#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st))
-#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i))
-#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr))
-#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i))
-#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp))
-#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st)
-#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func))
-#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))
-#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))
-#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
-#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))
-
-#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT)
-#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i))
-#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val))
-#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i))
-#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr))
-#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i))
-#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp))
-#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st)
-#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func))
-#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st))
-
-#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st))
-#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
-#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
-#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))
-#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i))
-#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val))
-#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st))
-#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))
-#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))
-#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))
-#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val))
-#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))
-#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))
-#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))
-#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))
-#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)
-#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))
-#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))
-#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
-#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
-#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))
-
-#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st))
-#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
-#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
-#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))
-#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i))
-#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val))
-#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st))
-#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val))
-#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val))
-#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val))
-#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val))
-#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i))
-#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr))
-#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i))
-#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp))
-#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st)
-#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func))
-#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))
-#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))
-#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
-#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st))
-
-#define sk_X509_new(st) SKM_sk_new(X509, (st))
-#define sk_X509_new_null() SKM_sk_new_null(X509)
-#define sk_X509_free(st) SKM_sk_free(X509, (st))
-#define sk_X509_num(st) SKM_sk_num(X509, (st))
-#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i))
-#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val))
-#define sk_X509_zero(st) SKM_sk_zero(X509, (st))
-#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val))
-#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val))
-#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val))
-#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val))
-#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i))
-#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr))
-#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i))
-#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp))
-#define sk_X509_dup(st) SKM_sk_dup(X509, st)
-#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func))
-#define sk_X509_shift(st) SKM_sk_shift(X509, (st))
-#define sk_X509_pop(st) SKM_sk_pop(X509, (st))
-#define sk_X509_sort(st) SKM_sk_sort(X509, (st))
-#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st))
-
-#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)
-#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i))
-#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val))
-#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i))
-#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr))
-#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i))
-#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp))
-#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st)
-#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func))
-#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
-#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st))
-
-#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st))
-#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)
-#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))
-#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))
-#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i))
-#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val))
-#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st))
-#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i))
-#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr))
-#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i))
-#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp))
-#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st)
-#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func))
-#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))
-#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))
-#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
-#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st))
-
-#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)
-#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i))
-#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val))
-#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i))
-#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr))
-#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i))
-#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp))
-#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st)
-#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func))
-#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
-#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st))
-
-#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st))
-#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)
-#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))
-#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))
-#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i))
-#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val))
-#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st))
-#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val))
-#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val))
-#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val))
-#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val))
-#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i))
-#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr))
-#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i))
-#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp))
-#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st)
-#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func))
-#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))
-#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))
-#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
-#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st))
-
-#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)
-#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i))
-#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val))
-#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i))
-#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr))
-#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i))
-#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp))
-#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st)
-#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func))
-#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
-#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st))
-
-#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st))
-#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)
-#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))
-#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))
-#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i))
-#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val))
-#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st))
-#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val))
-#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val))
-#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val))
-#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val))
-#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i))
-#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr))
-#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i))
-#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp))
-#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st)
-#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func))
-#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))
-#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))
-#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
-#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st))
-
-#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)
-#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i))
-#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val))
-#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i))
-#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr))
-#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i))
-#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp))
-#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st)
-#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func))
-#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
-#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st))
-
-#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st))
-#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
-#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
-#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))
-#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i))
-#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val))
-#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st))
-#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))
-#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val))
-#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val))
-#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val))
-#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i))
-#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr))
-#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i))
-#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp))
-#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st)
-#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func))
-#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))
-#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))
-#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
-#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st))
-
-#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)
-#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i))
-#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val))
-#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i))
-#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr))
-#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i))
-#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp))
-#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st)
-#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func))
-#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
-#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st))
-
-#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st))
-#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)
-#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))
-#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))
-#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i))
-#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val))
-#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st))
-#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i))
-#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr))
-#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i))
-#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp))
-#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st)
-#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func))
-#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))
-#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))
-#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
-#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))
-
-#define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA)
-#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i))
-#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val))
-#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i))
-#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr))
-#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i))
-#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp))
-#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st)
-#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func))
-#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st))
-
-#define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE)
-#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i))
-#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val))
-#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i))
-#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr))
-#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i))
-#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp))
-#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st)
-#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func))
-#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
-
-#define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF)
-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val))
-#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr))
-#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i))
-#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp))
-#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st)
-#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func))
-#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st))
-
-#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
-#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i))
-#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val))
-#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i))
-#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr))
-#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i))
-#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp))
-#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st)
-#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func))
-#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
-#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st))
-
-#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st))
-#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)
-#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))
-#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))
-#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i))
-#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val))
-#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st))
-#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i))
-#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr))
-#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i))
-#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp))
-#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st)
-#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func))
-#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))
-#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))
-#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
-#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st))
-
-#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st))
-#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)
-#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))
-#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))
-#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i))
-#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val))
-#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st))
-#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i))
-#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr))
-#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i))
-#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp))
-#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st)
-#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func))
-#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))
-#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))
-#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
-#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))
-
-#define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM)
-#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i))
-#define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val))
-#define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i))
-#define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr))
-#define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i))
-#define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp))
-#define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st)
-#define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func))
-#define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st))
-
-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func))
-
-#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
- SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \
- SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \
- SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \
- SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))
-
-#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \
- SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-
-#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
- SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-/* End of util/mkstack.pl block, you may now edit :-) */
-
-#endif /* !defined HEADER_SAFESTACK_H */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/stack/safestack.h (from rev 6976, vendor-crypto/openssl/dist/crypto/stack/safestack.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/stack/safestack.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/stack/safestack.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1992 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SAFESTACK_H
+# define HEADER_SAFESTACK_H
+
+# include <openssl/stack.h>
+
+# ifdef DEBUG_SAFESTACK
+
+# ifndef CHECKED_PTR_OF
+# define CHECKED_PTR_OF(type, p) \
+ ((void*) (1 ? p : (type*)0))
+# endif
+
+# define CHECKED_SK_FREE_FUNC(type, p) \
+ ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))
+
+# define CHECKED_SK_CMP_FUNC(type, p) \
+ ((int (*)(const char * const *, const char * const *)) \
+ ((1 ? p : (int (*)(const type * const *, const type * const *))0)))
+
+# define STACK_OF(type) struct stack_st_##type
+# define PREDECLARE_STACK_OF(type) STACK_OF(type);
+
+# define DECLARE_STACK_OF(type) \
+STACK_OF(type) \
+ { \
+ STACK stack; \
+ };
+
+/* nada (obsolete in new safestack approach)*/
+# define IMPLEMENT_STACK_OF(type)
+
+/*
+ * SKM_sk_... stack macros are internal to safestack.h: never use them
+ * directly, use sk_<type>_... instead
+ */
+# define SKM_sk_new(type, cmp) \
+ ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp)))
+# define SKM_sk_new_null(type) \
+ ((STACK_OF(type) *)sk_new_null())
+# define SKM_sk_free(type, st) \
+ sk_free(CHECKED_PTR_OF(STACK_OF(type), st))
+# define SKM_sk_num(type, st) \
+ sk_num(CHECKED_PTR_OF(STACK_OF(type), st))
+# define SKM_sk_value(type, st,i) \
+ ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i))
+# define SKM_sk_set(type, st,i,val) \
+ sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val))
+# define SKM_sk_zero(type, st) \
+ sk_zero(CHECKED_PTR_OF(STACK_OF(type), st))
+# define SKM_sk_push(type, st,val) \
+ sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
+# define SKM_sk_unshift(type, st,val) \
+ sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
+# define SKM_sk_find(type, st,val) \
+ sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
+# define SKM_sk_delete(type, st,i) \
+ (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i)
+# define SKM_sk_delete_ptr(type, st,ptr) \
+ (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr))
+# define SKM_sk_insert(type, st,val,i) \
+ sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i)
+# define SKM_sk_set_cmp_func(type, st,cmp) \
+ ((int (*)(const type * const *,const type * const *)) \
+ sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp)))
+# define SKM_sk_dup(type, st) \
+ (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st))
+# define SKM_sk_pop_free(type, st,free_func) \
+ sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func))
+# define SKM_sk_shift(type, st) \
+ (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st))
+# define SKM_sk_pop(type, st) \
+ (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st))
+# define SKM_sk_sort(type, st) \
+ sk_sort(CHECKED_PTR_OF(STACK_OF(type), st))
+# define SKM_sk_is_sorted(type, st) \
+ sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st))
+
+# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type)*, st), \
+ pp, length, \
+ CHECKED_D2I_OF(type, d2i_func), \
+ CHECKED_SK_FREE_FUNC(type, free_func), \
+ ex_tag, ex_class)
+
+# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \
+ CHECKED_I2D_OF(type, i2d_func), \
+ ex_tag, ex_class, is_set)
+
+# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
+ ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \
+ CHECKED_I2D_OF(type, i2d_func), buf, len)
+
+# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
+ (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func))
+
+# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
+ (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \
+ CHECKED_D2I_OF(type, d2i_func), \
+ CHECKED_SK_FREE_FUNC(type, free_func), \
+ pass, passlen, oct, seq)
+
+# else
+
+# define STACK_OF(type) STACK
+# define PREDECLARE_STACK_OF(type)
+ /* nada */
+# define DECLARE_STACK_OF(type)/* nada */
+# define IMPLEMENT_STACK_OF(type)
+ /* nada */
+
+# define SKM_sk_new(type, cmp) \
+ sk_new((int (*)(const char * const *, const char * const *))(cmp))
+# define SKM_sk_new_null(type) \
+ sk_new_null()
+# define SKM_sk_free(type, st) \
+ sk_free(st)
+# define SKM_sk_num(type, st) \
+ sk_num(st)
+# define SKM_sk_value(type, st,i) \
+ ((type *)sk_value(st, i))
+# define SKM_sk_set(type, st,i,val) \
+ ((type *)sk_set(st, i,(char *)val))
+# define SKM_sk_zero(type, st) \
+ sk_zero(st)
+# define SKM_sk_push(type, st,val) \
+ sk_push(st, (char *)val)
+# define SKM_sk_unshift(type, st,val) \
+ sk_unshift(st, (char *)val)
+# define SKM_sk_find(type, st,val) \
+ sk_find(st, (char *)val)
+# define SKM_sk_delete(type, st,i) \
+ ((type *)sk_delete(st, i))
+# define SKM_sk_delete_ptr(type, st,ptr) \
+ ((type *)sk_delete_ptr(st,(char *)ptr))
+# define SKM_sk_insert(type, st,val,i) \
+ sk_insert(st, (char *)val, i)
+# define SKM_sk_set_cmp_func(type, st,cmp) \
+ ((int (*)(const type * const *,const type * const *)) \
+ sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp)))
+# define SKM_sk_dup(type, st) \
+ sk_dup(st)
+# define SKM_sk_pop_free(type, st,free_func) \
+ sk_pop_free(st, (void (*)(void *))free_func)
+# define SKM_sk_shift(type, st) \
+ ((type *)sk_shift(st))
+# define SKM_sk_pop(type, st) \
+ ((type *)sk_pop(st))
+# define SKM_sk_sort(type, st) \
+ sk_sort(st)
+# define SKM_sk_is_sorted(type, st) \
+ sk_is_sorted(st)
+
+# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)
+# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set)
+
+# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
+ ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len)
+# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
+ ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func)
+
+# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
+ ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq))
+
+# endif
+
+/*
+ * This block of defines is updated by util/mkstack.pl, please do not touch!
+ */
+# define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st))
+# define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
+# define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
+# define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
+# define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))
+# define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val))
+# define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st))
+# define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val))
+# define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val))
+# define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val))
+# define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val))
+# define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i))
+# define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr))
+# define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i))
+# define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp))
+# define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st)
+# define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func))
+# define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))
+# define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
+# define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
+# define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))
+
+# define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st))
+# define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange)
+# define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st))
+# define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st))
+# define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i))
+# define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val))
+# define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st))
+# define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val))
+# define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val))
+# define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val))
+# define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val))
+# define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i))
+# define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr))
+# define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i))
+# define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp))
+# define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st)
+# define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func))
+# define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st))
+# define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st))
+# define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st))
+# define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st))
+
+# define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))
+# define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
+# define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
+# define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))
+# define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i))
+# define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val))
+# define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st))
+# define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))
+# define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))
+# define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))
+# define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val))
+# define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))
+# define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))
+# define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))
+# define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))
+# define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)
+# define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))
+# define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))
+# define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))
+# define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
+# define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st))
+
+# define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))
+# define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
+# define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
+# define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))
+# define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i))
+# define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val))
+# define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st))
+# define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val))
+# define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val))
+# define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val))
+# define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val))
+# define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i))
+# define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr))
+# define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i))
+# define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp))
+# define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st)
+# define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func))
+# define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))
+# define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))
+# define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
+# define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st))
+
+# define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st))
+# define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)
+# define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))
+# define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))
+# define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i))
+# define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val))
+# define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st))
+# define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val))
+# define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val))
+# define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val))
+# define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val))
+# define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i))
+# define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr))
+# define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i))
+# define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp))
+# define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st)
+# define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func))
+# define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))
+# define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))
+# define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
+# define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st))
+
+# define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st))
+# define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)
+# define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))
+# define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))
+# define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i))
+# define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val))
+# define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st))
+# define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val))
+# define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val))
+# define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val))
+# define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val))
+# define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i))
+# define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr))
+# define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i))
+# define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp))
+# define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st)
+# define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func))
+# define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))
+# define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))
+# define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
+# define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st))
+
+# define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st))
+# define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)
+# define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))
+# define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))
+# define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i))
+# define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val))
+# define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st))
+# define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val))
+# define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val))
+# define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val))
+# define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val))
+# define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i))
+# define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr))
+# define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i))
+# define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp))
+# define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st)
+# define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func))
+# define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))
+# define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))
+# define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
+# define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st))
+
+# define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st))
+# define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)
+# define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))
+# define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))
+# define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i))
+# define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val))
+# define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st))
+# define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val))
+# define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val))
+# define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val))
+# define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val))
+# define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i))
+# define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr))
+# define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i))
+# define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp))
+# define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st)
+# define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func))
+# define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))
+# define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))
+# define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
+# define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st))
+
+# define sk_BIO_new(st) SKM_sk_new(BIO, (st))
+# define sk_BIO_new_null() SKM_sk_new_null(BIO)
+# define sk_BIO_free(st) SKM_sk_free(BIO, (st))
+# define sk_BIO_num(st) SKM_sk_num(BIO, (st))
+# define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i))
+# define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val))
+# define sk_BIO_zero(st) SKM_sk_zero(BIO, (st))
+# define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val))
+# define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val))
+# define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val))
+# define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val))
+# define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i))
+# define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr))
+# define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i))
+# define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp))
+# define sk_BIO_dup(st) SKM_sk_dup(BIO, st)
+# define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func))
+# define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))
+# define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
+# define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
+# define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))
+
+# define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st))
+# define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices)
+# define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st))
+# define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st))
+# define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i))
+# define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val))
+# define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st))
+# define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val))
+# define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val))
+# define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val))
+# define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val))
+# define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i))
+# define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr))
+# define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i))
+# define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp))
+# define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st)
+# define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func))
+# define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st))
+# define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st))
+# define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st))
+# define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st))
+
+# define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st))
+# define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo)
+# define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st))
+# define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st))
+# define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i))
+# define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val))
+# define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st))
+# define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val))
+# define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val))
+# define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val))
+# define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val))
+# define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i))
+# define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr))
+# define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i))
+# define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp))
+# define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st)
+# define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func))
+# define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st))
+# define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st))
+# define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st))
+# define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st))
+
+# define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st))
+# define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice)
+# define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st))
+# define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st))
+# define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i))
+# define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val))
+# define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st))
+# define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val))
+# define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val))
+# define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val))
+# define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val))
+# define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i))
+# define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr))
+# define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i))
+# define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp))
+# define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st)
+# define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func))
+# define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st))
+# define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st))
+# define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st))
+# define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st))
+
+# define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st))
+# define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo)
+# define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st))
+# define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st))
+# define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i))
+# define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val))
+# define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st))
+# define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val))
+# define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val))
+# define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val))
+# define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val))
+# define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i))
+# define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr))
+# define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i))
+# define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp))
+# define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st)
+# define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func))
+# define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st))
+# define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st))
+# define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st))
+# define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st))
+
+# define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
+# define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
+# define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
+# define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))
+# define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i))
+# define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val))
+# define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st))
+# define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))
+# define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))
+# define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))
+# define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val))
+# define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))
+# define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))
+# define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))
+# define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))
+# define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)
+# define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))
+# define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))
+# define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))
+# define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
+# define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st))
+
+# define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st))
+# define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
+# define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
+# define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))
+# define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i))
+# define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val))
+# define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st))
+# define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))
+# define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))
+# define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))
+# define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val))
+# define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))
+# define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))
+# define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))
+# define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))
+# define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)
+# define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))
+# define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))
+# define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))
+# define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
+# define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st))
+
+# define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))
+# define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
+# define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
+# define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))
+# define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i))
+# define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val))
+# define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st))
+# define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val))
+# define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val))
+# define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val))
+# define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val))
+# define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i))
+# define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr))
+# define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i))
+# define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp))
+# define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st)
+# define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func))
+# define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))
+# define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))
+# define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
+# define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st))
+
+# define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st))
+# define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
+# define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
+# define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
+# define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))
+# define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))
+# define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st))
+# define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))
+# define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))
+# define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))
+# define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val))
+# define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))
+# define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))
+# define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))
+# define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))
+# define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)
+# define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))
+# define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))
+# define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))
+# define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
+# define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st))
+
+# define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st))
+# define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
+# define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
+# define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))
+# define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i))
+# define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val))
+# define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st))
+# define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))
+# define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))
+# define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))
+# define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val))
+# define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))
+# define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))
+# define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))
+# define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))
+# define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)
+# define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))
+# define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))
+# define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))
+# define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
+# define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st))
+
+# define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st))
+# define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
+# define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
+# define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))
+# define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i))
+# define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val))
+# define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st))
+# define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val))
+# define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val))
+# define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val))
+# define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val))
+# define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i))
+# define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr))
+# define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i))
+# define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp))
+# define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st)
+# define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func))
+# define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))
+# define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))
+# define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
+# define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st))
+
+# define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st))
+# define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)
+# define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))
+# define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))
+# define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i))
+# define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val))
+# define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st))
+# define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val))
+# define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val))
+# define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val))
+# define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val))
+# define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i))
+# define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr))
+# define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i))
+# define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp))
+# define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st)
+# define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func))
+# define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))
+# define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))
+# define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
+# define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st))
+
+# define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st))
+# define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)
+# define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))
+# define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))
+# define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i))
+# define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val))
+# define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st))
+# define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val))
+# define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val))
+# define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val))
+# define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val))
+# define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i))
+# define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr))
+# define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i))
+# define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp))
+# define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st)
+# define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func))
+# define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))
+# define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))
+# define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
+# define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st))
+
+# define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))
+# define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
+# define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
+# define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))
+# define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i))
+# define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val))
+# define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st))
+# define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val))
+# define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val))
+# define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val))
+# define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val))
+# define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i))
+# define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr))
+# define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i))
+# define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp))
+# define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st)
+# define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
+# define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))
+# define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
+# define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
+# define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))
+
+# define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st))
+# define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES)
+# define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st))
+# define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st))
+# define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i))
+# define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val))
+# define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st))
+# define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val))
+# define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val))
+# define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val))
+# define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val))
+# define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i))
+# define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr))
+# define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i))
+# define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp))
+# define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st)
+# define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func))
+# define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st))
+# define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st))
+# define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st))
+# define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st))
+
+# define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st))
+# define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)
+# define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))
+# define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st))
+# define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i))
+# define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val))
+# define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st))
+# define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val))
+# define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val))
+# define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val))
+# define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val))
+# define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i))
+# define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr))
+# define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i))
+# define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp))
+# define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st)
+# define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func))
+# define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st))
+# define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st))
+# define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))
+# define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st))
+
+# define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st))
+# define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily)
+# define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st))
+# define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st))
+# define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i))
+# define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val))
+# define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st))
+# define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val))
+# define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val))
+# define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val))
+# define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val))
+# define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i))
+# define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr))
+# define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i))
+# define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp))
+# define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st)
+# define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func))
+# define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st))
+# define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st))
+# define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st))
+# define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st))
+
+# define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st))
+# define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange)
+# define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st))
+# define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st))
+# define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i))
+# define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val))
+# define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st))
+# define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val))
+# define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val))
+# define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val))
+# define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val))
+# define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i))
+# define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr))
+# define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i))
+# define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp))
+# define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st)
+# define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func))
+# define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st))
+# define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st))
+# define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))
+# define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st))
+
+# define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))
+# define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
+# define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
+# define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))
+# define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i))
+# define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val))
+# define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st))
+# define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))
+# define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))
+# define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))
+# define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val))
+# define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))
+# define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))
+# define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))
+# define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))
+# define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)
+# define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))
+# define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))
+# define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))
+# define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
+# define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st))
+
+# define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st))
+# define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
+# define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
+# define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))
+# define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i))
+# define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val))
+# define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st))
+# define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))
+# define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))
+# define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))
+# define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val))
+# define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))
+# define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))
+# define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))
+# define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))
+# define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)
+# define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))
+# define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))
+# define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))
+# define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
+# define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st))
+
+# define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st))
+# define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
+# define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
+# define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))
+# define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i))
+# define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val))
+# define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st))
+# define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))
+# define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))
+# define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))
+# define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val))
+# define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))
+# define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))
+# define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))
+# define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))
+# define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)
+# define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))
+# define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))
+# define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))
+# define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
+# define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st))
+
+# define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st))
+# define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
+# define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
+# define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))
+# define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i))
+# define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val))
+# define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st))
+# define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))
+# define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))
+# define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))
+# define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val))
+# define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))
+# define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))
+# define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))
+# define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))
+# define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)
+# define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))
+# define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))
+# define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))
+# define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
+# define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st))
+
+# define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st))
+# define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
+# define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
+# define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))
+# define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i))
+# define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val))
+# define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st))
+# define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))
+# define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))
+# define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))
+# define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val))
+# define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))
+# define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))
+# define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))
+# define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))
+# define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)
+# define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))
+# define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))
+# define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))
+# define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
+# define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st))
+
+# define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st))
+# define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
+# define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
+# define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))
+# define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i))
+# define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val))
+# define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st))
+# define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))
+# define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))
+# define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))
+# define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val))
+# define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))
+# define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))
+# define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))
+# define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))
+# define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)
+# define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))
+# define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))
+# define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))
+# define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
+# define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st))
+
+# define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st))
+# define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
+# define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
+# define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))
+# define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i))
+# define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val))
+# define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st))
+# define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))
+# define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))
+# define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))
+# define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val))
+# define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))
+# define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))
+# define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))
+# define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))
+# define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)
+# define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))
+# define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))
+# define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))
+# define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
+# define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st))
+
+# define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st))
+# define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
+# define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
+# define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))
+# define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i))
+# define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val))
+# define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st))
+# define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))
+# define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))
+# define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))
+# define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val))
+# define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))
+# define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))
+# define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))
+# define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))
+# define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)
+# define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))
+# define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))
+# define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))
+# define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
+# define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st))
+
+# define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
+# define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
+# define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
+# define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
+# define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
+# define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
+# define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
+# define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
+# define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
+# define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
+# define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val))
+# define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
+# define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
+# define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
+# define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
+# define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
+# define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
+# define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
+# define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
+# define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
+# define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st))
+
+# define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
+# define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
+# define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
+# define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
+# define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
+# define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
+# define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
+# define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
+# define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
+# define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
+# define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val))
+# define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
+# define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
+# define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
+# define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
+# define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
+# define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
+# define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
+# define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
+# define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
+# define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st))
+
+# define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st))
+# define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)
+# define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))
+# define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))
+# define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i))
+# define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val))
+# define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st))
+# define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val))
+# define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val))
+# define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val))
+# define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val))
+# define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i))
+# define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr))
+# define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i))
+# define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp))
+# define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st)
+# define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func))
+# define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))
+# define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
+# define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
+# define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st))
+
+# define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st))
+# define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
+# define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
+# define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))
+# define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i))
+# define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val))
+# define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st))
+# define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))
+# define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))
+# define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))
+# define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val))
+# define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))
+# define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))
+# define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))
+# define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))
+# define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)
+# define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))
+# define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))
+# define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))
+# define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
+# define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st))
+
+# define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
+# define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
+# define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
+# define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
+# define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
+# define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
+# define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
+# define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
+# define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
+# define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
+# define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val))
+# define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
+# define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
+# define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
+# define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
+# define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
+# define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
+# define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
+# define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
+# define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
+# define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))
+
+# define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st))
+# define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID)
+# define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st))
+# define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st))
+# define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i))
+# define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val))
+# define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st))
+# define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val))
+# define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val))
+# define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val))
+# define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val))
+# define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i))
+# define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr))
+# define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i))
+# define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp))
+# define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st)
+# define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func))
+# define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st))
+# define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st))
+# define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st))
+# define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st))
+
+# define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
+# define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
+# define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
+# define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
+# define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
+# define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
+# define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
+# define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
+# define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
+# define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
+# define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val))
+# define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
+# define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
+# define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
+# define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
+# define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
+# define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
+# define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
+# define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
+# define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
+# define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st))
+
+# define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
+# define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
+# define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
+# define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))
+# define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i))
+# define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val))
+# define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st))
+# define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val))
+# define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val))
+# define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val))
+# define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val))
+# define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i))
+# define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr))
+# define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i))
+# define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp))
+# define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st)
+# define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func))
+# define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))
+# define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))
+# define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
+# define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st))
+
+# define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st))
+# define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)
+# define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))
+# define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))
+# define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i))
+# define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val))
+# define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st))
+# define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val))
+# define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val))
+# define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val))
+# define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val))
+# define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i))
+# define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr))
+# define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i))
+# define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp))
+# define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st)
+# define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func))
+# define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))
+# define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))
+# define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
+# define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st))
+
+# define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st))
+# define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)
+# define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))
+# define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))
+# define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i))
+# define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val))
+# define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st))
+# define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val))
+# define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val))
+# define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val))
+# define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val))
+# define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i))
+# define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr))
+# define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i))
+# define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp))
+# define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st)
+# define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func))
+# define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))
+# define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))
+# define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
+# define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st))
+
+# define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st))
+# define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)
+# define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))
+# define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))
+# define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i))
+# define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val))
+# define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st))
+# define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val))
+# define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val))
+# define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val))
+# define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val))
+# define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i))
+# define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr))
+# define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i))
+# define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp))
+# define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st)
+# define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func))
+# define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))
+# define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))
+# define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
+# define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st))
+
+# define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st))
+# define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)
+# define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))
+# define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))
+# define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i))
+# define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val))
+# define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st))
+# define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val))
+# define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val))
+# define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val))
+# define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val))
+# define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i))
+# define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr))
+# define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i))
+# define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp))
+# define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st)
+# define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func))
+# define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))
+# define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))
+# define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
+# define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st))
+
+# define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st))
+# define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)
+# define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))
+# define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))
+# define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i))
+# define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val))
+# define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st))
+# define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val))
+# define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val))
+# define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val))
+# define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val))
+# define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i))
+# define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr))
+# define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i))
+# define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp))
+# define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st)
+# define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func))
+# define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))
+# define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))
+# define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
+# define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))
+
+# define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st))
+# define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING)
+# define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st))
+# define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st))
+# define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i))
+# define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val))
+# define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st))
+# define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val))
+# define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val))
+# define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val))
+# define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val))
+# define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i))
+# define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr))
+# define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i))
+# define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp))
+# define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st)
+# define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func))
+# define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st))
+# define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st))
+# define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
+# define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))
+
+# define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st))
+# define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
+# define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
+# define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))
+# define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i))
+# define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val))
+# define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st))
+# define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val))
+# define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val))
+# define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val))
+# define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val))
+# define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i))
+# define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr))
+# define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i))
+# define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp))
+# define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st)
+# define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func))
+# define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))
+# define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))
+# define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
+# define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st))
+
+# define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st))
+# define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)
+# define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))
+# define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))
+# define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i))
+# define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val))
+# define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st))
+# define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val))
+# define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val))
+# define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))
+# define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val))
+# define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i))
+# define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr))
+# define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i))
+# define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp))
+# define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st)
+# define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func))
+# define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))
+# define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))
+# define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
+# define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))
+
+# define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st))
+# define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT)
+# define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st))
+# define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st))
+# define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i))
+# define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val))
+# define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st))
+# define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val))
+# define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val))
+# define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val))
+# define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val))
+# define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i))
+# define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr))
+# define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i))
+# define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp))
+# define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st)
+# define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func))
+# define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st))
+# define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st))
+# define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st))
+# define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st))
+
+# define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st))
+# define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
+# define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
+# define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))
+# define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i))
+# define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val))
+# define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st))
+# define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))
+# define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))
+# define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))
+# define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val))
+# define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))
+# define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))
+# define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))
+# define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))
+# define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)
+# define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))
+# define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))
+# define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
+# define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
+# define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st))
+
+# define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st))
+# define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
+# define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
+# define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))
+# define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i))
+# define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val))
+# define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st))
+# define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val))
+# define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val))
+# define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val))
+# define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val))
+# define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i))
+# define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr))
+# define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i))
+# define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp))
+# define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st)
+# define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func))
+# define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))
+# define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))
+# define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
+# define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st))
+
+# define sk_X509_new(st) SKM_sk_new(X509, (st))
+# define sk_X509_new_null() SKM_sk_new_null(X509)
+# define sk_X509_free(st) SKM_sk_free(X509, (st))
+# define sk_X509_num(st) SKM_sk_num(X509, (st))
+# define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i))
+# define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val))
+# define sk_X509_zero(st) SKM_sk_zero(X509, (st))
+# define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val))
+# define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val))
+# define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val))
+# define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val))
+# define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i))
+# define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr))
+# define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i))
+# define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp))
+# define sk_X509_dup(st) SKM_sk_dup(X509, st)
+# define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func))
+# define sk_X509_shift(st) SKM_sk_shift(X509, (st))
+# define sk_X509_pop(st) SKM_sk_pop(X509, (st))
+# define sk_X509_sort(st) SKM_sk_sort(X509, (st))
+# define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st))
+
+# define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st))
+# define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)
+# define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))
+# define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))
+# define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i))
+# define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val))
+# define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st))
+# define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val))
+# define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val))
+# define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val))
+# define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val))
+# define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i))
+# define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr))
+# define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i))
+# define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp))
+# define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st)
+# define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func))
+# define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))
+# define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))
+# define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
+# define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st))
+
+# define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st))
+# define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)
+# define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))
+# define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))
+# define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i))
+# define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val))
+# define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st))
+# define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val))
+# define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val))
+# define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val))
+# define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val))
+# define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i))
+# define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr))
+# define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i))
+# define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp))
+# define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st)
+# define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func))
+# define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))
+# define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))
+# define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
+# define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st))
+
+# define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st))
+# define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)
+# define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))
+# define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))
+# define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i))
+# define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val))
+# define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st))
+# define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val))
+# define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val))
+# define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val))
+# define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val))
+# define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i))
+# define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr))
+# define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i))
+# define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp))
+# define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st)
+# define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func))
+# define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))
+# define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))
+# define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
+# define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st))
+
+# define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st))
+# define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)
+# define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))
+# define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))
+# define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i))
+# define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val))
+# define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st))
+# define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val))
+# define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val))
+# define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val))
+# define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val))
+# define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i))
+# define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr))
+# define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i))
+# define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp))
+# define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st)
+# define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func))
+# define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))
+# define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))
+# define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
+# define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st))
+
+# define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st))
+# define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)
+# define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))
+# define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))
+# define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i))
+# define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val))
+# define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st))
+# define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val))
+# define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val))
+# define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val))
+# define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val))
+# define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i))
+# define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr))
+# define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i))
+# define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp))
+# define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st)
+# define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func))
+# define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))
+# define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))
+# define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
+# define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st))
+
+# define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st))
+# define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)
+# define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))
+# define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))
+# define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i))
+# define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val))
+# define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st))
+# define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val))
+# define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val))
+# define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val))
+# define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val))
+# define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i))
+# define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr))
+# define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i))
+# define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp))
+# define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st)
+# define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func))
+# define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))
+# define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))
+# define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
+# define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st))
+
+# define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st))
+# define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)
+# define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))
+# define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))
+# define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i))
+# define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val))
+# define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st))
+# define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val))
+# define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val))
+# define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val))
+# define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val))
+# define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i))
+# define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr))
+# define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i))
+# define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp))
+# define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st)
+# define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func))
+# define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))
+# define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))
+# define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
+# define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st))
+
+# define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st))
+# define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
+# define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
+# define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))
+# define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i))
+# define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val))
+# define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st))
+# define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))
+# define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val))
+# define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val))
+# define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val))
+# define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i))
+# define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr))
+# define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i))
+# define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp))
+# define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st)
+# define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func))
+# define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))
+# define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))
+# define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
+# define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st))
+
+# define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st))
+# define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)
+# define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))
+# define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))
+# define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i))
+# define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val))
+# define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st))
+# define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val))
+# define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val))
+# define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val))
+# define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val))
+# define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i))
+# define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr))
+# define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i))
+# define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp))
+# define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st)
+# define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func))
+# define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))
+# define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))
+# define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
+# define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st))
+
+# define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st))
+# define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)
+# define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))
+# define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))
+# define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i))
+# define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val))
+# define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st))
+# define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val))
+# define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val))
+# define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val))
+# define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val))
+# define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i))
+# define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr))
+# define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i))
+# define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp))
+# define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st)
+# define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func))
+# define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))
+# define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))
+# define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
+# define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))
+
+# define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st))
+# define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA)
+# define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))
+# define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st))
+# define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i))
+# define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val))
+# define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st))
+# define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val))
+# define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val))
+# define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val))
+# define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val))
+# define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i))
+# define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr))
+# define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i))
+# define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp))
+# define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st)
+# define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func))
+# define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st))
+# define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st))
+# define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))
+# define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st))
+
+# define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st))
+# define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE)
+# define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))
+# define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st))
+# define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i))
+# define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val))
+# define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st))
+# define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val))
+# define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val))
+# define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val))
+# define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val))
+# define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i))
+# define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr))
+# define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i))
+# define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp))
+# define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st)
+# define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func))
+# define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st))
+# define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st))
+# define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
+# define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
+
+# define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st))
+# define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF)
+# define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
+# define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st))
+# define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i))
+# define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val))
+# define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st))
+# define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val))
+# define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val))
+# define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val))
+# define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val))
+# define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i))
+# define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr))
+# define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i))
+# define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp))
+# define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st)
+# define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func))
+# define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st))
+# define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st))
+# define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st))
+# define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st))
+
+# define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st))
+# define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
+# define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
+# define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))
+# define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i))
+# define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val))
+# define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st))
+# define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val))
+# define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val))
+# define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val))
+# define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val))
+# define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i))
+# define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr))
+# define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i))
+# define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp))
+# define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st)
+# define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func))
+# define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))
+# define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))
+# define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
+# define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st))
+
+# define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st))
+# define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)
+# define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))
+# define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))
+# define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i))
+# define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val))
+# define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st))
+# define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val))
+# define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val))
+# define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val))
+# define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val))
+# define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i))
+# define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr))
+# define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i))
+# define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp))
+# define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st)
+# define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func))
+# define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))
+# define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))
+# define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
+# define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st))
+
+# define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st))
+# define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)
+# define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))
+# define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))
+# define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i))
+# define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val))
+# define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st))
+# define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val))
+# define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val))
+# define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val))
+# define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val))
+# define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i))
+# define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr))
+# define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i))
+# define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp))
+# define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st)
+# define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func))
+# define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))
+# define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))
+# define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
+# define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))
+
+# define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st))
+# define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM)
+# define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st))
+# define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st))
+# define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i))
+# define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val))
+# define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st))
+# define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val))
+# define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val))
+# define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val))
+# define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val))
+# define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i))
+# define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr))
+# define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i))
+# define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp))
+# define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st)
+# define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func))
+# define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st))
+# define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st))
+# define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st))
+# define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st))
+
+# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_X509(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func))
+
+# define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+# define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+# define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len))
+# define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))
+
+# define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \
+ SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+
+# define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
+ SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+
+#endif /* !defined HEADER_SAFESTACK_H */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/stack/stack.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,341 +0,0 @@
-/* crypto/stack/stack.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Code for stacks
- * Author - Eric Young v 1.0
- * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the
- * lowest index for the searched item.
- *
- * 1.1 eay - Take from netdb and added to SSLeay
- *
- * 1.0 eay - First version 29/07/92
- */
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/stack.h>
-#include <openssl/objects.h>
-
-#undef MIN_NODES
-#define MIN_NODES 4
-
-const char STACK_version[]="Stack" OPENSSL_VERSION_PTEXT;
-
-#include <errno.h>
-
-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *)))
- (const char * const *, const char * const *)
- {
- int (*old)(const char * const *,const char * const *)=sk->comp;
-
- if (sk->comp != c)
- sk->sorted=0;
- sk->comp=c;
-
- return old;
- }
-
-STACK *sk_dup(STACK *sk)
- {
- STACK *ret;
- char **s;
-
- if ((ret=sk_new(sk->comp)) == NULL) goto err;
- s=(char **)OPENSSL_realloc((char *)ret->data,
- (unsigned int)sizeof(char *)*sk->num_alloc);
- if (s == NULL) goto err;
- ret->data=s;
-
- ret->num=sk->num;
- memcpy(ret->data,sk->data,sizeof(char *)*sk->num);
- ret->sorted=sk->sorted;
- ret->num_alloc=sk->num_alloc;
- ret->comp=sk->comp;
- return(ret);
-err:
- if(ret)
- sk_free(ret);
- return(NULL);
- }
-
-STACK *sk_new_null(void)
- {
- return sk_new((int (*)(const char * const *, const char * const *))0);
- }
-
-STACK *sk_new(int (*c)(const char * const *, const char * const *))
- {
- STACK *ret;
- int i;
-
- if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL)
- goto err;
- if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)
- goto err;
- for (i=0; i<MIN_NODES; i++)
- ret->data[i]=NULL;
- ret->comp=c;
- ret->num_alloc=MIN_NODES;
- ret->num=0;
- ret->sorted=0;
- return(ret);
-err:
- if(ret)
- OPENSSL_free(ret);
- return(NULL);
- }
-
-int sk_insert(STACK *st, char *data, int loc)
- {
- char **s;
-
- if(st == NULL) return 0;
- if (st->num_alloc <= st->num+1)
- {
- s=(char **)OPENSSL_realloc((char *)st->data,
- (unsigned int)sizeof(char *)*st->num_alloc*2);
- if (s == NULL)
- return(0);
- st->data=s;
- st->num_alloc*=2;
- }
- if ((loc >= (int)st->num) || (loc < 0))
- st->data[st->num]=data;
- else
- {
- int i;
- char **f,**t;
-
- f=(char **)st->data;
- t=(char **)&(st->data[1]);
- for (i=st->num; i>=loc; i--)
- t[i]=f[i];
-
-#ifdef undef /* no memmove on sunos :-( */
- memmove( (char *)&(st->data[loc+1]),
- (char *)&(st->data[loc]),
- sizeof(char *)*(st->num-loc));
-#endif
- st->data[loc]=data;
- }
- st->num++;
- st->sorted=0;
- return(st->num);
- }
-
-char *sk_delete_ptr(STACK *st, char *p)
- {
- int i;
-
- for (i=0; i<st->num; i++)
- if (st->data[i] == p)
- return(sk_delete(st,i));
- return(NULL);
- }
-
-char *sk_delete(STACK *st, int loc)
- {
- char *ret;
- int i,j;
-
- if(!st || (loc < 0) || (loc >= st->num)) return NULL;
-
- ret=st->data[loc];
- if (loc != st->num-1)
- {
- j=st->num-1;
- for (i=loc; i<j; i++)
- st->data[i]=st->data[i+1];
- /* In theory memcpy is not safe for this
- * memcpy( &(st->data[loc]),
- * &(st->data[loc+1]),
- * sizeof(char *)*(st->num-loc-1));
- */
- }
- st->num--;
- return(ret);
- }
-
-static int internal_find(STACK *st, char *data, int ret_val_options)
- {
- char **r;
- int i;
- int (*comp_func)(const void *,const void *);
- if(st == NULL) return -1;
-
- if (st->comp == NULL)
- {
- for (i=0; i<st->num; i++)
- if (st->data[i] == data)
- return(i);
- return(-1);
- }
- sk_sort(st);
- if (data == NULL) return(-1);
- /* This (and the "qsort" below) are the two places in OpenSSL
- * where we need to convert from our standard (type **,type **)
- * compare callback type to the (void *,void *) type required by
- * bsearch. However, the "data" it is being called(back) with are
- * not (type *) pointers, but the *pointers* to (type *) pointers,
- * so we get our extra level of pointer dereferencing that way. */
- comp_func=(int (*)(const void *,const void *))(st->comp);
- r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data,
- st->num,sizeof(char *),comp_func,ret_val_options);
- if (r == NULL) return(-1);
- return((int)(r-st->data));
- }
-
-int sk_find(STACK *st, char *data)
- {
- return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
- }
-int sk_find_ex(STACK *st, char *data)
- {
- return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
- }
-
-int sk_push(STACK *st, char *data)
- {
- return(sk_insert(st,data,st->num));
- }
-
-int sk_unshift(STACK *st, char *data)
- {
- return(sk_insert(st,data,0));
- }
-
-char *sk_shift(STACK *st)
- {
- if (st == NULL) return(NULL);
- if (st->num <= 0) return(NULL);
- return(sk_delete(st,0));
- }
-
-char *sk_pop(STACK *st)
- {
- if (st == NULL) return(NULL);
- if (st->num <= 0) return(NULL);
- return(sk_delete(st,st->num-1));
- }
-
-void sk_zero(STACK *st)
- {
- if (st == NULL) return;
- if (st->num <= 0) return;
- memset((char *)st->data,0,sizeof(st->data)*st->num);
- st->num=0;
- }
-
-void sk_pop_free(STACK *st, void (*func)(void *))
- {
- int i;
-
- if (st == NULL) return;
- for (i=0; i<st->num; i++)
- if (st->data[i] != NULL)
- func(st->data[i]);
- sk_free(st);
- }
-
-void sk_free(STACK *st)
- {
- if (st == NULL) return;
- if (st->data != NULL) OPENSSL_free(st->data);
- OPENSSL_free(st);
- }
-
-int sk_num(const STACK *st)
-{
- if(st == NULL) return -1;
- return st->num;
-}
-
-char *sk_value(const STACK *st, int i)
-{
- if(!st || (i < 0) || (i >= st->num)) return NULL;
- return st->data[i];
-}
-
-char *sk_set(STACK *st, int i, char *value)
-{
- if(!st || (i < 0) || (i >= st->num)) return NULL;
- return (st->data[i] = value);
-}
-
-void sk_sort(STACK *st)
- {
- if (st && !st->sorted)
- {
- int (*comp_func)(const void *,const void *);
-
- /* same comment as in sk_find ... previously st->comp was declared
- * as a (void*,void*) callback type, but this made the population
- * of the callback pointer illogical - our callbacks compare
- * type** with type**, so we leave the casting until absolutely
- * necessary (ie. "now"). */
- comp_func=(int (*)(const void *,const void *))(st->comp);
- qsort(st->data,st->num,sizeof(char *), comp_func);
- st->sorted=1;
- }
- }
-
-int sk_is_sorted(const STACK *st)
- {
- if (!st)
- return 1;
- return st->sorted;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.c (from rev 6976, vendor-crypto/openssl/dist/crypto/stack/stack.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,363 @@
+/* crypto/stack/stack.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*-
+ * Code for stacks
+ * Author - Eric Young v 1.0
+ * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the
+ * lowest index for the searched item.
+ *
+ * 1.1 eay - Take from netdb and added to SSLeay
+ *
+ * 1.0 eay - First version 29/07/92
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/stack.h>
+#include <openssl/objects.h>
+
+#undef MIN_NODES
+#define MIN_NODES 4
+
+const char STACK_version[] = "Stack" OPENSSL_VERSION_PTEXT;
+
+#include <errno.h>
+
+int (*sk_set_cmp_func
+ (STACK * sk, int (*c) (const char *const *, const char *const *)))
+ (const char *const *, const char *const *) {
+ int (*old) (const char *const *, const char *const *) = sk->comp;
+
+ if (sk->comp != c)
+ sk->sorted = 0;
+ sk->comp = c;
+
+ return old;
+}
+
+STACK *sk_dup(STACK * sk)
+{
+ STACK *ret;
+ char **s;
+
+ if ((ret = sk_new(sk->comp)) == NULL)
+ goto err;
+ s = (char **)OPENSSL_realloc((char *)ret->data,
+ (unsigned int)sizeof(char *) *
+ sk->num_alloc);
+ if (s == NULL)
+ goto err;
+ ret->data = s;
+
+ ret->num = sk->num;
+ memcpy(ret->data, sk->data, sizeof(char *) * sk->num);
+ ret->sorted = sk->sorted;
+ ret->num_alloc = sk->num_alloc;
+ ret->comp = sk->comp;
+ return (ret);
+ err:
+ if (ret)
+ sk_free(ret);
+ return (NULL);
+}
+
+STACK *sk_new_null(void)
+{
+ return sk_new((int (*)(const char *const *, const char *const *))0);
+}
+
+STACK *sk_new(int (*c) (const char *const *, const char *const *))
+{
+ STACK *ret;
+ int i;
+
+ if ((ret = (STACK *) OPENSSL_malloc(sizeof(STACK))) == NULL)
+ goto err;
+ if ((ret->data =
+ (char **)OPENSSL_malloc(sizeof(char *) * MIN_NODES)) == NULL)
+ goto err;
+ for (i = 0; i < MIN_NODES; i++)
+ ret->data[i] = NULL;
+ ret->comp = c;
+ ret->num_alloc = MIN_NODES;
+ ret->num = 0;
+ ret->sorted = 0;
+ return (ret);
+ err:
+ if (ret)
+ OPENSSL_free(ret);
+ return (NULL);
+}
+
+int sk_insert(STACK * st, char *data, int loc)
+{
+ char **s;
+
+ if (st == NULL)
+ return 0;
+ if (st->num_alloc <= st->num + 1) {
+ s = (char **)OPENSSL_realloc((char *)st->data,
+ (unsigned int)sizeof(char *) *
+ st->num_alloc * 2);
+ if (s == NULL)
+ return (0);
+ st->data = s;
+ st->num_alloc *= 2;
+ }
+ if ((loc >= (int)st->num) || (loc < 0))
+ st->data[st->num] = data;
+ else {
+ int i;
+ char **f, **t;
+
+ f = (char **)st->data;
+ t = (char **)&(st->data[1]);
+ for (i = st->num; i >= loc; i--)
+ t[i] = f[i];
+
+#ifdef undef /* no memmove on sunos :-( */
+ memmove((char *)&(st->data[loc + 1]),
+ (char *)&(st->data[loc]), sizeof(char *) * (st->num - loc));
+#endif
+ st->data[loc] = data;
+ }
+ st->num++;
+ st->sorted = 0;
+ return (st->num);
+}
+
+char *sk_delete_ptr(STACK * st, char *p)
+{
+ int i;
+
+ for (i = 0; i < st->num; i++)
+ if (st->data[i] == p)
+ return (sk_delete(st, i));
+ return (NULL);
+}
+
+char *sk_delete(STACK * st, int loc)
+{
+ char *ret;
+ int i, j;
+
+ if (!st || (loc < 0) || (loc >= st->num))
+ return NULL;
+
+ ret = st->data[loc];
+ if (loc != st->num - 1) {
+ j = st->num - 1;
+ for (i = loc; i < j; i++)
+ st->data[i] = st->data[i + 1];
+ /*
+ * In theory memcpy is not safe for this memcpy( &(st->data[loc]),
+ * &(st->data[loc+1]), sizeof(char *)*(st->num-loc-1));
+ */
+ }
+ st->num--;
+ return (ret);
+}
+
+static int internal_find(STACK * st, char *data, int ret_val_options)
+{
+ char **r;
+ int i;
+ int (*comp_func) (const void *, const void *);
+ if (st == NULL)
+ return -1;
+
+ if (st->comp == NULL) {
+ for (i = 0; i < st->num; i++)
+ if (st->data[i] == data)
+ return (i);
+ return (-1);
+ }
+ sk_sort(st);
+ if (data == NULL)
+ return (-1);
+ /*
+ * This (and the "qsort" below) are the two places in OpenSSL where we
+ * need to convert from our standard (type **,type **) compare callback
+ * type to the (void *,void *) type required by bsearch. However, the
+ * "data" it is being called(back) with are not (type *) pointers, but
+ * the *pointers* to (type *) pointers, so we get our extra level of
+ * pointer dereferencing that way.
+ */
+ comp_func = (int (*)(const void *, const void *))(st->comp);
+ r = (char **)OBJ_bsearch_ex((char *)&data, (char *)st->data,
+ st->num, sizeof(char *), comp_func,
+ ret_val_options);
+ if (r == NULL)
+ return (-1);
+ return ((int)(r - st->data));
+}
+
+int sk_find(STACK * st, char *data)
+{
+ return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
+}
+
+int sk_find_ex(STACK * st, char *data)
+{
+ return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
+}
+
+int sk_push(STACK * st, char *data)
+{
+ return (sk_insert(st, data, st->num));
+}
+
+int sk_unshift(STACK * st, char *data)
+{
+ return (sk_insert(st, data, 0));
+}
+
+char *sk_shift(STACK * st)
+{
+ if (st == NULL)
+ return (NULL);
+ if (st->num <= 0)
+ return (NULL);
+ return (sk_delete(st, 0));
+}
+
+char *sk_pop(STACK * st)
+{
+ if (st == NULL)
+ return (NULL);
+ if (st->num <= 0)
+ return (NULL);
+ return (sk_delete(st, st->num - 1));
+}
+
+void sk_zero(STACK * st)
+{
+ if (st == NULL)
+ return;
+ if (st->num <= 0)
+ return;
+ memset((char *)st->data, 0, sizeof(st->data) * st->num);
+ st->num = 0;
+}
+
+void sk_pop_free(STACK * st, void (*func) (void *))
+{
+ int i;
+
+ if (st == NULL)
+ return;
+ for (i = 0; i < st->num; i++)
+ if (st->data[i] != NULL)
+ func(st->data[i]);
+ sk_free(st);
+}
+
+void sk_free(STACK * st)
+{
+ if (st == NULL)
+ return;
+ if (st->data != NULL)
+ OPENSSL_free(st->data);
+ OPENSSL_free(st);
+}
+
+int sk_num(const STACK * st)
+{
+ if (st == NULL)
+ return -1;
+ return st->num;
+}
+
+char *sk_value(const STACK * st, int i)
+{
+ if (!st || (i < 0) || (i >= st->num))
+ return NULL;
+ return st->data[i];
+}
+
+char *sk_set(STACK * st, int i, char *value)
+{
+ if (!st || (i < 0) || (i >= st->num))
+ return NULL;
+ return (st->data[i] = value);
+}
+
+void sk_sort(STACK * st)
+{
+ if (st && !st->sorted) {
+ int (*comp_func) (const void *, const void *);
+
+ /*
+ * same comment as in sk_find ... previously st->comp was declared as
+ * a (void*,void*) callback type, but this made the population of the
+ * callback pointer illogical - our callbacks compare type** with
+ * type**, so we leave the casting until absolutely necessary (ie.
+ * "now").
+ */
+ comp_func = (int (*)(const void *, const void *))(st->comp);
+ qsort(st->data, st->num, sizeof(char *), comp_func);
+ st->sorted = 1;
+ }
+}
+
+int sk_is_sorted(const STACK * st)
+{
+ if (!st)
+ return 1;
+ return st->sorted;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/stack/stack.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,109 +0,0 @@
-/* crypto/stack/stack.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_STACK_H
-#define HEADER_STACK_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct stack_st
- {
- int num;
- char **data;
- int sorted;
-
- int num_alloc;
- int (*comp)(const char * const *, const char * const *);
- } STACK;
-
-#define M_sk_num(sk) ((sk) ? (sk)->num:-1)
-#define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL)
-
-int sk_num(const STACK *);
-char *sk_value(const STACK *, int);
-
-char *sk_set(STACK *, int, char *);
-
-STACK *sk_new(int (*cmp)(const char * const *, const char * const *));
-STACK *sk_new_null(void);
-void sk_free(STACK *);
-void sk_pop_free(STACK *st, void (*func)(void *));
-int sk_insert(STACK *sk,char *data,int where);
-char *sk_delete(STACK *st,int loc);
-char *sk_delete_ptr(STACK *st, char *p);
-int sk_find(STACK *st,char *data);
-int sk_find_ex(STACK *st,char *data);
-int sk_push(STACK *st,char *data);
-int sk_unshift(STACK *st,char *data);
-char *sk_shift(STACK *st);
-char *sk_pop(STACK *st);
-void sk_zero(STACK *st);
-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,
- const char * const *)))
- (const char * const *, const char * const *);
-STACK *sk_dup(STACK *st);
-void sk_sort(STACK *st);
-int sk_is_sorted(const STACK *st);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.h (from rev 6976, vendor-crypto/openssl/dist/crypto/stack/stack.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/stack/stack.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,107 @@
+/* crypto/stack/stack.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_STACK_H
+# define HEADER_STACK_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct stack_st {
+ int num;
+ char **data;
+ int sorted;
+ int num_alloc;
+ int (*comp) (const char *const *, const char *const *);
+} STACK;
+
+# define M_sk_num(sk) ((sk) ? (sk)->num:-1)
+# define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL)
+
+int sk_num(const STACK *);
+char *sk_value(const STACK *, int);
+
+char *sk_set(STACK *, int, char *);
+
+STACK *sk_new(int (*cmp) (const char *const *, const char *const *));
+STACK *sk_new_null(void);
+void sk_free(STACK *);
+void sk_pop_free(STACK * st, void (*func) (void *));
+int sk_insert(STACK * sk, char *data, int where);
+char *sk_delete(STACK * st, int loc);
+char *sk_delete_ptr(STACK * st, char *p);
+int sk_find(STACK * st, char *data);
+int sk_find_ex(STACK * st, char *data);
+int sk_push(STACK * st, char *data);
+int sk_unshift(STACK * st, char *data);
+char *sk_shift(STACK * st);
+char *sk_pop(STACK * st);
+void sk_zero(STACK * st);
+int (*sk_set_cmp_func(STACK * sk, int (*c) (const char *const *,
+ const char *const *)))
+ (const char *const *, const char *const *);
+STACK *sk_dup(STACK * st);
+void sk_sort(STACK * st);
+int sk_is_sorted(const STACK * st);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/store/store.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/store/store.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/store/store.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,554 +0,0 @@
-/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_STORE_H
-#define HEADER_STORE_H
-
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/x509.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Already defined in ossl_typ.h */
-/* typedef struct store_st STORE; */
-/* typedef struct store_method_st STORE_METHOD; */
-
-
-/* All the following functions return 0, a negative number or NULL on error.
- When everything is fine, they return a positive value or a non-NULL
- pointer, all depending on their purpose. */
-
-/* Creators and destructor. */
-STORE *STORE_new_method(const STORE_METHOD *method);
-STORE *STORE_new_engine(ENGINE *engine);
-void STORE_free(STORE *ui);
-
-
-/* Give a user interface parametrised control commands. This can be used to
- send down an integer, a data pointer or a function pointer, as well as
- be used to get information from a STORE. */
-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void));
-
-/* A control to set the directory with keys and certificates. Used by the
- built-in directory level method. */
-#define STORE_CTRL_SET_DIRECTORY 0x0001
-/* A control to set a file to load. Used by the built-in file level method. */
-#define STORE_CTRL_SET_FILE 0x0002
-/* A control to set a configuration file to load. Can be used by any method
- that wishes to load a configuration file. */
-#define STORE_CTRL_SET_CONF_FILE 0x0003
-/* A control to set a the section of the loaded configuration file. Can be
- used by any method that wishes to load a configuration file. */
-#define STORE_CTRL_SET_CONF_SECTION 0x0004
-
-
-/* Some methods may use extra data */
-#define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg)
-#define STORE_get_app_data(s) STORE_get_ex_data(s,0)
-int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int STORE_set_ex_data(STORE *r,int idx,void *arg);
-void *STORE_get_ex_data(STORE *r, int idx);
-
-/* Use specific methods instead of the built-in one */
-const STORE_METHOD *STORE_get_method(STORE *store);
-const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth);
-
-/* The standard OpenSSL methods. */
-/* This is the in-memory method. It does everything except revoking and updating,
- and is of course volatile. It's used by other methods that have an in-memory
- cache. */
-const STORE_METHOD *STORE_Memory(void);
-#if 0 /* Not yet implemented */
-/* This is the directory store. It does everything except revoking and updating,
- and uses STORE_Memory() to cache things in memory. */
-const STORE_METHOD *STORE_Directory(void);
-/* This is the file store. It does everything except revoking and updating,
- and uses STORE_Memory() to cache things in memory. Certificates are added
- to it with the store operation, and it will only get cached certificates. */
-const STORE_METHOD *STORE_File(void);
-#endif
-
-/* Store functions take a type code for the type of data they should store
- or fetch */
-typedef enum STORE_object_types
- {
- STORE_OBJECT_TYPE_X509_CERTIFICATE= 0x01, /* X509 * */
- STORE_OBJECT_TYPE_X509_CRL= 0x02, /* X509_CRL * */
- STORE_OBJECT_TYPE_PRIVATE_KEY= 0x03, /* EVP_PKEY * */
- STORE_OBJECT_TYPE_PUBLIC_KEY= 0x04, /* EVP_PKEY * */
- STORE_OBJECT_TYPE_NUMBER= 0x05, /* BIGNUM * */
- STORE_OBJECT_TYPE_ARBITRARY= 0x06, /* BUF_MEM * */
- STORE_OBJECT_TYPE_NUM= 0x06 /* The amount of known
- object types */
- } STORE_OBJECT_TYPES;
-/* List of text strings corresponding to the object types. */
-extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1];
-
-/* Some store functions take a parameter list. Those parameters come with
- one of the following codes. The comments following the codes below indicate
- what type the value should be a pointer to. */
-typedef enum STORE_params
- {
- STORE_PARAM_EVP_TYPE= 0x01, /* int */
- STORE_PARAM_BITS= 0x02, /* size_t */
- STORE_PARAM_KEY_PARAMETERS= 0x03, /* ??? */
- STORE_PARAM_KEY_NO_PARAMETERS= 0x04, /* N/A */
- STORE_PARAM_AUTH_PASSPHRASE= 0x05, /* char * */
- STORE_PARAM_AUTH_KRB5_TICKET= 0x06, /* void * */
- STORE_PARAM_TYPE_NUM= 0x06 /* The amount of known
- parameter types */
- } STORE_PARAM_TYPES;
-/* Parameter value sizes. -1 means unknown, anything else is the required size. */
-extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1];
-
-/* Store functions take attribute lists. Those attributes come with codes.
- The comments following the codes below indicate what type the value should
- be a pointer to. */
-typedef enum STORE_attribs
- {
- STORE_ATTR_END= 0x00,
- STORE_ATTR_FRIENDLYNAME= 0x01, /* C string */
- STORE_ATTR_KEYID= 0x02, /* 160 bit string (SHA1) */
- STORE_ATTR_ISSUERKEYID= 0x03, /* 160 bit string (SHA1) */
- STORE_ATTR_SUBJECTKEYID= 0x04, /* 160 bit string (SHA1) */
- STORE_ATTR_ISSUERSERIALHASH= 0x05, /* 160 bit string (SHA1) */
- STORE_ATTR_ISSUER= 0x06, /* X509_NAME * */
- STORE_ATTR_SERIAL= 0x07, /* BIGNUM * */
- STORE_ATTR_SUBJECT= 0x08, /* X509_NAME * */
- STORE_ATTR_CERTHASH= 0x09, /* 160 bit string (SHA1) */
- STORE_ATTR_EMAIL= 0x0a, /* C string */
- STORE_ATTR_FILENAME= 0x0b, /* C string */
- STORE_ATTR_TYPE_NUM= 0x0b, /* The amount of known
- attribute types */
- STORE_ATTR_OR= 0xff /* This is a special
- separator, which
- expresses the OR
- operation. */
- } STORE_ATTR_TYPES;
-/* Attribute value sizes. -1 means unknown, anything else is the required size. */
-extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1];
-
-typedef enum STORE_certificate_status
- {
- STORE_X509_VALID= 0x00,
- STORE_X509_EXPIRED= 0x01,
- STORE_X509_SUSPENDED= 0x02,
- STORE_X509_REVOKED= 0x03
- } STORE_CERTIFICATE_STATUS;
-
-/* Engine store functions will return a structure that contains all the necessary
- * information, including revokation status for certificates. This is really not
- * needed for application authors, as the ENGINE framework functions will extract
- * the OpenSSL-specific information when at all possible. However, for engine
- * authors, it's crucial to know this structure. */
-typedef struct STORE_OBJECT_st
- {
- STORE_OBJECT_TYPES type;
- union
- {
- struct
- {
- STORE_CERTIFICATE_STATUS status;
- X509 *certificate;
- } x509;
- X509_CRL *crl;
- EVP_PKEY *key;
- BIGNUM *number;
- BUF_MEM *arbitrary;
- } data;
- } STORE_OBJECT;
-DECLARE_STACK_OF(STORE_OBJECT)
-STORE_OBJECT *STORE_OBJECT_new(void);
-void STORE_OBJECT_free(STORE_OBJECT *data);
-
-
-
-/* The following functions handle the storage. They return 0, a negative number
- or NULL on error, anything else on success. */
-X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[],
- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-X509 *STORE_list_certificate_next(STORE *e, void *handle);
-int STORE_list_certificate_end(STORE *e, void *handle);
-int STORE_list_certificate_endp(STORE *e, void *handle);
-EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_store_private_key(STORE *e, EVP_PKEY *data,
- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[],
- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle);
-int STORE_list_private_key_end(STORE *e, void *handle);
-int STORE_list_private_key_endp(STORE *e, void *handle);
-EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[],
- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle);
-int STORE_list_public_key_end(STORE *e, void *handle);
-int STORE_list_public_key_endp(STORE *e, void *handle);
-X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[],
- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-X509_CRL *STORE_list_crl_next(STORE *e, void *handle);
-int STORE_list_crl_end(STORE *e, void *handle);
-int STORE_list_crl_endp(STORE *e, void *handle);
-int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[],
- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[],
- OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-
-
-/* Create and manipulate methods */
-STORE_METHOD *STORE_create_method(char *name);
-void STORE_destroy_method(STORE_METHOD *store_method);
-
-/* These callback types are use for store handlers */
-typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *);
-typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *);
-typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle);
-typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle);
-typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
-typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void));
-
-int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f);
-int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f);
-int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f);
-int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f);
-int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f);
-int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f);
-int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f);
-int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f);
-int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f);
-int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f);
-int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f);
-int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
-int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
-int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
-int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f);
-
-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm);
-STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm);
-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm);
-STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm);
-STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm);
-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm);
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm);
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm);
-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm);
-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm);
-STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm);
-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm);
-STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm);
-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm);
-STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm);
-
-/* Method helper structures and functions. */
-
-/* This structure is the result of parsing through the information in a list
- of OPENSSL_ITEMs. It stores all the necessary information in a structured
- way.*/
-typedef struct STORE_attr_info_st STORE_ATTR_INFO;
-
-/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO.
- Note that we do this in the list form, since the list of OPENSSL_ITEMs can
- come in blocks separated with STORE_ATTR_OR. Note that the value returned
- by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */
-void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes);
-STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle);
-int STORE_parse_attrs_end(void *handle);
-int STORE_parse_attrs_endp(void *handle);
-
-/* Creator and destructor */
-STORE_ATTR_INFO *STORE_ATTR_INFO_new(void);
-int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs);
-
-/* Manipulators */
-char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
-unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
- STORE_ATTR_TYPES code);
-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
-int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- char *cstr, size_t cstr_size);
-int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- unsigned char *sha1str, size_t sha1str_size);
-int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- X509_NAME *dn);
-int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- BIGNUM *number);
-int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- char *cstr, size_t cstr_size);
-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- unsigned char *sha1str, size_t sha1str_size);
-int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- X509_NAME *dn);
-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- BIGNUM *number);
-
-/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values
- in each contained attribute. */
-int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
-/* Check if the set of attributes in a is within the range of attributes
- set in b. */
-int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
-/* Check if the set of attributes in a are also set in b. */
-int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
-/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */
-int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_STORE_strings(void);
-
-/* Error codes for the STORE functions. */
-
-/* Function codes. */
-#define STORE_F_MEM_DELETE 134
-#define STORE_F_MEM_GENERATE 135
-#define STORE_F_MEM_LIST_END 168
-#define STORE_F_MEM_LIST_NEXT 136
-#define STORE_F_MEM_LIST_START 137
-#define STORE_F_MEM_MODIFY 169
-#define STORE_F_MEM_STORE 138
-#define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139
-#define STORE_F_STORE_ATTR_INFO_GET0_DN 140
-#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141
-#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142
-#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143
-#define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144
-#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145
-#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146
-#define STORE_F_STORE_ATTR_INFO_SET_CSTR 147
-#define STORE_F_STORE_ATTR_INFO_SET_DN 148
-#define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149
-#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150
-#define STORE_F_STORE_CERTIFICATE 170
-#define STORE_F_STORE_CTRL 161
-#define STORE_F_STORE_DELETE_ARBITRARY 158
-#define STORE_F_STORE_DELETE_CERTIFICATE 102
-#define STORE_F_STORE_DELETE_CRL 103
-#define STORE_F_STORE_DELETE_NUMBER 104
-#define STORE_F_STORE_DELETE_PRIVATE_KEY 105
-#define STORE_F_STORE_DELETE_PUBLIC_KEY 106
-#define STORE_F_STORE_GENERATE_CRL 107
-#define STORE_F_STORE_GENERATE_KEY 108
-#define STORE_F_STORE_GET_ARBITRARY 159
-#define STORE_F_STORE_GET_CERTIFICATE 109
-#define STORE_F_STORE_GET_CRL 110
-#define STORE_F_STORE_GET_NUMBER 111
-#define STORE_F_STORE_GET_PRIVATE_KEY 112
-#define STORE_F_STORE_GET_PUBLIC_KEY 113
-#define STORE_F_STORE_LIST_CERTIFICATE_END 114
-#define STORE_F_STORE_LIST_CERTIFICATE_ENDP 153
-#define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115
-#define STORE_F_STORE_LIST_CERTIFICATE_START 116
-#define STORE_F_STORE_LIST_CRL_END 117
-#define STORE_F_STORE_LIST_CRL_ENDP 154
-#define STORE_F_STORE_LIST_CRL_NEXT 118
-#define STORE_F_STORE_LIST_CRL_START 119
-#define STORE_F_STORE_LIST_PRIVATE_KEY_END 120
-#define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP 155
-#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121
-#define STORE_F_STORE_LIST_PRIVATE_KEY_START 122
-#define STORE_F_STORE_LIST_PUBLIC_KEY_END 123
-#define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156
-#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124
-#define STORE_F_STORE_LIST_PUBLIC_KEY_START 125
-#define STORE_F_STORE_MODIFY_ARBITRARY 162
-#define STORE_F_STORE_MODIFY_CERTIFICATE 163
-#define STORE_F_STORE_MODIFY_CRL 164
-#define STORE_F_STORE_MODIFY_NUMBER 165
-#define STORE_F_STORE_MODIFY_PRIVATE_KEY 166
-#define STORE_F_STORE_MODIFY_PUBLIC_KEY 167
-#define STORE_F_STORE_NEW_ENGINE 133
-#define STORE_F_STORE_NEW_METHOD 132
-#define STORE_F_STORE_PARSE_ATTRS_END 151
-#define STORE_F_STORE_PARSE_ATTRS_ENDP 172
-#define STORE_F_STORE_PARSE_ATTRS_NEXT 152
-#define STORE_F_STORE_PARSE_ATTRS_START 171
-#define STORE_F_STORE_REVOKE_CERTIFICATE 129
-#define STORE_F_STORE_REVOKE_PRIVATE_KEY 130
-#define STORE_F_STORE_REVOKE_PUBLIC_KEY 131
-#define STORE_F_STORE_STORE_ARBITRARY 157
-#define STORE_F_STORE_STORE_CERTIFICATE 100
-#define STORE_F_STORE_STORE_CRL 101
-#define STORE_F_STORE_STORE_NUMBER 126
-#define STORE_F_STORE_STORE_PRIVATE_KEY 127
-#define STORE_F_STORE_STORE_PUBLIC_KEY 128
-
-/* Reason codes. */
-#define STORE_R_ALREADY_HAS_A_VALUE 127
-#define STORE_R_FAILED_DELETING_ARBITRARY 132
-#define STORE_R_FAILED_DELETING_CERTIFICATE 100
-#define STORE_R_FAILED_DELETING_KEY 101
-#define STORE_R_FAILED_DELETING_NUMBER 102
-#define STORE_R_FAILED_GENERATING_CRL 103
-#define STORE_R_FAILED_GENERATING_KEY 104
-#define STORE_R_FAILED_GETTING_ARBITRARY 133
-#define STORE_R_FAILED_GETTING_CERTIFICATE 105
-#define STORE_R_FAILED_GETTING_KEY 106
-#define STORE_R_FAILED_GETTING_NUMBER 107
-#define STORE_R_FAILED_LISTING_CERTIFICATES 108
-#define STORE_R_FAILED_LISTING_KEYS 109
-#define STORE_R_FAILED_MODIFYING_ARBITRARY 138
-#define STORE_R_FAILED_MODIFYING_CERTIFICATE 139
-#define STORE_R_FAILED_MODIFYING_CRL 140
-#define STORE_R_FAILED_MODIFYING_NUMBER 141
-#define STORE_R_FAILED_MODIFYING_PRIVATE_KEY 142
-#define STORE_R_FAILED_MODIFYING_PUBLIC_KEY 143
-#define STORE_R_FAILED_REVOKING_CERTIFICATE 110
-#define STORE_R_FAILED_REVOKING_KEY 111
-#define STORE_R_FAILED_STORING_ARBITRARY 134
-#define STORE_R_FAILED_STORING_CERTIFICATE 112
-#define STORE_R_FAILED_STORING_KEY 113
-#define STORE_R_FAILED_STORING_NUMBER 114
-#define STORE_R_NOT_IMPLEMENTED 128
-#define STORE_R_NO_CONTROL_FUNCTION 144
-#define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135
-#define STORE_R_NO_DELETE_NUMBER_FUNCTION 115
-#define STORE_R_NO_DELETE_OBJECT_FUNCTION 116
-#define STORE_R_NO_GENERATE_CRL_FUNCTION 117
-#define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118
-#define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION 136
-#define STORE_R_NO_GET_OBJECT_FUNCTION 119
-#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120
-#define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131
-#define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121
-#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122
-#define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123
-#define STORE_R_NO_MODIFY_OBJECT_FUNCTION 145
-#define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124
-#define STORE_R_NO_STORE 129
-#define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137
-#define STORE_R_NO_STORE_OBJECT_FUNCTION 125
-#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126
-#define STORE_R_NO_VALUE 130
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/store/store.h (from rev 6976, vendor-crypto/openssl/dist/crypto/store/store.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/store/store.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/store/store.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,651 @@
+/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_STORE_H
+# define HEADER_STORE_H
+
+# include <openssl/ossl_typ.h>
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/x509.h>
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Already defined in ossl_typ.h */
+/* typedef struct store_st STORE; */
+/* typedef struct store_method_st STORE_METHOD; */
+
+/*
+ * All the following functions return 0, a negative number or NULL on error.
+ * When everything is fine, they return a positive value or a non-NULL
+ * pointer, all depending on their purpose.
+ */
+
+/* Creators and destructor. */
+STORE *STORE_new_method(const STORE_METHOD *method);
+STORE *STORE_new_engine(ENGINE *engine);
+void STORE_free(STORE *ui);
+
+/*
+ * Give a user interface parametrised control commands. This can be used to
+ * send down an integer, a data pointer or a function pointer, as well as be
+ * used to get information from a STORE.
+ */
+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void));
+
+/*
+ * A control to set the directory with keys and certificates. Used by the
+ * built-in directory level method.
+ */
+# define STORE_CTRL_SET_DIRECTORY 0x0001
+/*
+ * A control to set a file to load. Used by the built-in file level method.
+ */
+# define STORE_CTRL_SET_FILE 0x0002
+/*
+ * A control to set a configuration file to load. Can be used by any method
+ * that wishes to load a configuration file.
+ */
+# define STORE_CTRL_SET_CONF_FILE 0x0003
+/*
+ * A control to set a the section of the loaded configuration file. Can be
+ * used by any method that wishes to load a configuration file.
+ */
+# define STORE_CTRL_SET_CONF_SECTION 0x0004
+
+/* Some methods may use extra data */
+# define STORE_set_app_data(s,arg) STORE_set_ex_data(s,0,arg)
+# define STORE_get_app_data(s) STORE_get_ex_data(s,0)
+int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+int STORE_set_ex_data(STORE *r, int idx, void *arg);
+void *STORE_get_ex_data(STORE *r, int idx);
+
+/* Use specific methods instead of the built-in one */
+const STORE_METHOD *STORE_get_method(STORE *store);
+const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth);
+
+/* The standard OpenSSL methods. */
+/*
+ * This is the in-memory method. It does everything except revoking and
+ * updating, and is of course volatile. It's used by other methods that have
+ * an in-memory cache.
+ */
+const STORE_METHOD *STORE_Memory(void);
+# if 0 /* Not yet implemented */
+/*
+ * This is the directory store. It does everything except revoking and
+ * updating, and uses STORE_Memory() to cache things in memory.
+ */
+const STORE_METHOD *STORE_Directory(void);
+/*
+ * This is the file store. It does everything except revoking and updating,
+ * and uses STORE_Memory() to cache things in memory. Certificates are added
+ * to it with the store operation, and it will only get cached certificates.
+ */
+const STORE_METHOD *STORE_File(void);
+# endif
+
+/*
+ * Store functions take a type code for the type of data they should store or
+ * fetch
+ */
+typedef enum STORE_object_types {
+ STORE_OBJECT_TYPE_X509_CERTIFICATE = 0x01, /* X509 * */
+ STORE_OBJECT_TYPE_X509_CRL = 0x02, /* X509_CRL * */
+ STORE_OBJECT_TYPE_PRIVATE_KEY = 0x03, /* EVP_PKEY * */
+ STORE_OBJECT_TYPE_PUBLIC_KEY = 0x04, /* EVP_PKEY * */
+ STORE_OBJECT_TYPE_NUMBER = 0x05, /* BIGNUM * */
+ STORE_OBJECT_TYPE_ARBITRARY = 0x06, /* BUF_MEM * */
+ STORE_OBJECT_TYPE_NUM = 0x06 /* The amount of known object types */
+} STORE_OBJECT_TYPES;
+/* List of text strings corresponding to the object types. */
+extern const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1];
+
+/*
+ * Some store functions take a parameter list. Those parameters come with
+ * one of the following codes. The comments following the codes below
+ * indicate what type the value should be a pointer to.
+ */
+typedef enum STORE_params {
+ STORE_PARAM_EVP_TYPE = 0x01, /* int */
+ STORE_PARAM_BITS = 0x02, /* size_t */
+ STORE_PARAM_KEY_PARAMETERS = 0x03, /* ??? */
+ STORE_PARAM_KEY_NO_PARAMETERS = 0x04, /* N/A */
+ STORE_PARAM_AUTH_PASSPHRASE = 0x05, /* char * */
+ STORE_PARAM_AUTH_KRB5_TICKET = 0x06, /* void * */
+ STORE_PARAM_TYPE_NUM = 0x06 /* The amount of known parameter types */
+} STORE_PARAM_TYPES;
+/*
+ * Parameter value sizes. -1 means unknown, anything else is the required
+ * size.
+ */
+extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1];
+
+/*
+ * Store functions take attribute lists. Those attributes come with codes.
+ * The comments following the codes below indicate what type the value should
+ * be a pointer to.
+ */
+typedef enum STORE_attribs {
+ STORE_ATTR_END = 0x00,
+ STORE_ATTR_FRIENDLYNAME = 0x01, /* C string */
+ STORE_ATTR_KEYID = 0x02, /* 160 bit string (SHA1) */
+ STORE_ATTR_ISSUERKEYID = 0x03, /* 160 bit string (SHA1) */
+ STORE_ATTR_SUBJECTKEYID = 0x04, /* 160 bit string (SHA1) */
+ STORE_ATTR_ISSUERSERIALHASH = 0x05, /* 160 bit string (SHA1) */
+ STORE_ATTR_ISSUER = 0x06, /* X509_NAME * */
+ STORE_ATTR_SERIAL = 0x07, /* BIGNUM * */
+ STORE_ATTR_SUBJECT = 0x08, /* X509_NAME * */
+ STORE_ATTR_CERTHASH = 0x09, /* 160 bit string (SHA1) */
+ STORE_ATTR_EMAIL = 0x0a, /* C string */
+ STORE_ATTR_FILENAME = 0x0b, /* C string */
+ STORE_ATTR_TYPE_NUM = 0x0b, /* The amount of known attribute types */
+ STORE_ATTR_OR = 0xff /* This is a special separator, which
+ * expresses the OR operation. */
+} STORE_ATTR_TYPES;
+/*
+ * Attribute value sizes. -1 means unknown, anything else is the required
+ * size.
+ */
+extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1];
+
+typedef enum STORE_certificate_status {
+ STORE_X509_VALID = 0x00,
+ STORE_X509_EXPIRED = 0x01,
+ STORE_X509_SUSPENDED = 0x02,
+ STORE_X509_REVOKED = 0x03
+} STORE_CERTIFICATE_STATUS;
+
+/*
+ * Engine store functions will return a structure that contains all the
+ * necessary information, including revokation status for certificates. This
+ * is really not needed for application authors, as the ENGINE framework
+ * functions will extract the OpenSSL-specific information when at all
+ * possible. However, for engine authors, it's crucial to know this
+ * structure.
+ */
+typedef struct STORE_OBJECT_st {
+ STORE_OBJECT_TYPES type;
+ union {
+ struct {
+ STORE_CERTIFICATE_STATUS status;
+ X509 *certificate;
+ } x509;
+ X509_CRL *crl;
+ EVP_PKEY *key;
+ BIGNUM *number;
+ BUF_MEM *arbitrary;
+ } data;
+} STORE_OBJECT;
+DECLARE_STACK_OF(STORE_OBJECT)
+STORE_OBJECT *STORE_OBJECT_new(void);
+void STORE_OBJECT_free(STORE_OBJECT *data);
+
+/*
+ * The following functions handle the storage. They return 0, a negative
+ * number or NULL on error, anything else on success.
+ */
+X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_attributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+X509 *STORE_list_certificate_next(STORE *e, void *handle);
+int STORE_list_certificate_end(STORE *e, void *handle);
+int STORE_list_certificate_endp(STORE *e, void *handle);
+EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_store_private_key(STORE *e, EVP_PKEY *data,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_sttributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle);
+int STORE_list_private_key_end(STORE *e, void *handle);
+int STORE_list_private_key_endp(STORE *e, void *handle);
+EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_store_public_key(STORE *e, EVP_PKEY *data,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_sttributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle);
+int STORE_list_public_key_end(STORE *e, void *handle);
+int STORE_list_public_key_endp(STORE *e, void *handle);
+X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_sttributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+X509_CRL *STORE_list_crl_next(STORE *e, void *handle);
+int STORE_list_crl_end(STORE *e, void *handle);
+int STORE_list_crl_endp(STORE *e, void *handle);
+int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_sttributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[]);
+BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_sttributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[]);
+BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+
+/* Create and manipulate methods */
+STORE_METHOD *STORE_create_method(char *name);
+void STORE_destroy_method(STORE_METHOD *store_method);
+
+/* These callback types are use for store handlers */
+typedef int (*STORE_INITIALISE_FUNC_PTR) (STORE *);
+typedef void (*STORE_CLEANUP_FUNC_PTR) (STORE *);
+typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *,
+ STORE_OBJECT_TYPES
+ type,
+ OPENSSL_ITEM
+ attributes[],
+ OPENSSL_ITEM
+ parameters[]);
+typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *,
+ STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle);
+typedef int (*STORE_END_OBJECT_FUNC_PTR) (STORE *, void *handle);
+typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+typedef int (*STORE_STORE_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type,
+ STORE_OBJECT *data,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR) (STORE *, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_attributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[]);
+typedef int (*STORE_GENERIC_FUNC_PTR) (STORE *, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+typedef int (*STORE_CTRL_FUNC_PTR) (STORE *, int cmd, long l, void *p,
+ void (*f) (void));
+
+int STORE_method_set_initialise_function(STORE_METHOD *sm,
+ STORE_INITIALISE_FUNC_PTR init_f);
+int STORE_method_set_cleanup_function(STORE_METHOD *sm,
+ STORE_CLEANUP_FUNC_PTR clean_f);
+int STORE_method_set_generate_function(STORE_METHOD *sm,
+ STORE_GENERATE_OBJECT_FUNC_PTR
+ generate_f);
+int STORE_method_set_get_function(STORE_METHOD *sm,
+ STORE_GET_OBJECT_FUNC_PTR get_f);
+int STORE_method_set_store_function(STORE_METHOD *sm,
+ STORE_STORE_OBJECT_FUNC_PTR store_f);
+int STORE_method_set_modify_function(STORE_METHOD *sm,
+ STORE_MODIFY_OBJECT_FUNC_PTR store_f);
+int STORE_method_set_revoke_function(STORE_METHOD *sm,
+ STORE_HANDLE_OBJECT_FUNC_PTR revoke_f);
+int STORE_method_set_delete_function(STORE_METHOD *sm,
+ STORE_HANDLE_OBJECT_FUNC_PTR delete_f);
+int STORE_method_set_list_start_function(STORE_METHOD *sm,
+ STORE_START_OBJECT_FUNC_PTR
+ list_start_f);
+int STORE_method_set_list_next_function(STORE_METHOD *sm,
+ STORE_NEXT_OBJECT_FUNC_PTR
+ list_next_f);
+int STORE_method_set_list_end_function(STORE_METHOD *sm,
+ STORE_END_OBJECT_FUNC_PTR list_end_f);
+int STORE_method_set_update_store_function(STORE_METHOD *sm,
+ STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_lock_store_function(STORE_METHOD *sm,
+ STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_unlock_store_function(STORE_METHOD *sm,
+ STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_ctrl_function(STORE_METHOD *sm,
+ STORE_CTRL_FUNC_PTR ctrl_f);
+
+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD
+ *sm);
+STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm);
+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD
+ *sm);
+STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm);
+STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm);
+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD
+ *sm);
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD
+ *sm);
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD
+ *sm);
+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD
+ *sm);
+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD
+ *sm);
+STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD
+ *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD
+ *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD
+ *sm);
+STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm);
+
+/* Method helper structures and functions. */
+
+/*
+ * This structure is the result of parsing through the information in a list
+ * of OPENSSL_ITEMs. It stores all the necessary information in a structured
+ * way.
+ */
+typedef struct STORE_attr_info_st STORE_ATTR_INFO;
+
+/*
+ * Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO.
+ * Note that we do this in the list form, since the list of OPENSSL_ITEMs can
+ * come in blocks separated with STORE_ATTR_OR. Note that the value returned
+ * by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free().
+ */
+void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes);
+STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle);
+int STORE_parse_attrs_end(void *handle);
+int STORE_parse_attrs_endp(void *handle);
+
+/* Creator and destructor */
+STORE_ATTR_INFO *STORE_ATTR_INFO_new(void);
+int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs);
+
+/* Manipulators */
+char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs,
+ STORE_ATTR_TYPES code);
+unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
+ STORE_ATTR_TYPES code);
+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs,
+ STORE_ATTR_TYPES code);
+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs,
+ STORE_ATTR_TYPES code);
+int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+ char *cstr, size_t cstr_size);
+int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+ unsigned char *sha1str, size_t sha1str_size);
+int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+ X509_NAME *dn);
+int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+ BIGNUM *number);
+int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+ char *cstr, size_t cstr_size);
+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs,
+ STORE_ATTR_TYPES code,
+ unsigned char *sha1str,
+ size_t sha1str_size);
+int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+ X509_NAME *dn);
+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs,
+ STORE_ATTR_TYPES code, BIGNUM *number);
+
+/*
+ * Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values in
+ * each contained attribute.
+ */
+int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/*
+ * Check if the set of attributes in a is within the range of attributes set
+ * in b.
+ */
+int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* Check if the set of attributes in a are also set in b. */
+int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */
+int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_STORE_strings(void);
+
+/* Error codes for the STORE functions. */
+
+/* Function codes. */
+# define STORE_F_MEM_DELETE 134
+# define STORE_F_MEM_GENERATE 135
+# define STORE_F_MEM_LIST_END 168
+# define STORE_F_MEM_LIST_NEXT 136
+# define STORE_F_MEM_LIST_START 137
+# define STORE_F_MEM_MODIFY 169
+# define STORE_F_MEM_STORE 138
+# define STORE_F_STORE_ATTR_INFO_GET0_CSTR 139
+# define STORE_F_STORE_ATTR_INFO_GET0_DN 140
+# define STORE_F_STORE_ATTR_INFO_GET0_NUMBER 141
+# define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR 142
+# define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR 143
+# define STORE_F_STORE_ATTR_INFO_MODIFY_DN 144
+# define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER 145
+# define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR 146
+# define STORE_F_STORE_ATTR_INFO_SET_CSTR 147
+# define STORE_F_STORE_ATTR_INFO_SET_DN 148
+# define STORE_F_STORE_ATTR_INFO_SET_NUMBER 149
+# define STORE_F_STORE_ATTR_INFO_SET_SHA1STR 150
+# define STORE_F_STORE_CERTIFICATE 170
+# define STORE_F_STORE_CTRL 161
+# define STORE_F_STORE_DELETE_ARBITRARY 158
+# define STORE_F_STORE_DELETE_CERTIFICATE 102
+# define STORE_F_STORE_DELETE_CRL 103
+# define STORE_F_STORE_DELETE_NUMBER 104
+# define STORE_F_STORE_DELETE_PRIVATE_KEY 105
+# define STORE_F_STORE_DELETE_PUBLIC_KEY 106
+# define STORE_F_STORE_GENERATE_CRL 107
+# define STORE_F_STORE_GENERATE_KEY 108
+# define STORE_F_STORE_GET_ARBITRARY 159
+# define STORE_F_STORE_GET_CERTIFICATE 109
+# define STORE_F_STORE_GET_CRL 110
+# define STORE_F_STORE_GET_NUMBER 111
+# define STORE_F_STORE_GET_PRIVATE_KEY 112
+# define STORE_F_STORE_GET_PUBLIC_KEY 113
+# define STORE_F_STORE_LIST_CERTIFICATE_END 114
+# define STORE_F_STORE_LIST_CERTIFICATE_ENDP 153
+# define STORE_F_STORE_LIST_CERTIFICATE_NEXT 115
+# define STORE_F_STORE_LIST_CERTIFICATE_START 116
+# define STORE_F_STORE_LIST_CRL_END 117
+# define STORE_F_STORE_LIST_CRL_ENDP 154
+# define STORE_F_STORE_LIST_CRL_NEXT 118
+# define STORE_F_STORE_LIST_CRL_START 119
+# define STORE_F_STORE_LIST_PRIVATE_KEY_END 120
+# define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP 155
+# define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT 121
+# define STORE_F_STORE_LIST_PRIVATE_KEY_START 122
+# define STORE_F_STORE_LIST_PUBLIC_KEY_END 123
+# define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP 156
+# define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT 124
+# define STORE_F_STORE_LIST_PUBLIC_KEY_START 125
+# define STORE_F_STORE_MODIFY_ARBITRARY 162
+# define STORE_F_STORE_MODIFY_CERTIFICATE 163
+# define STORE_F_STORE_MODIFY_CRL 164
+# define STORE_F_STORE_MODIFY_NUMBER 165
+# define STORE_F_STORE_MODIFY_PRIVATE_KEY 166
+# define STORE_F_STORE_MODIFY_PUBLIC_KEY 167
+# define STORE_F_STORE_NEW_ENGINE 133
+# define STORE_F_STORE_NEW_METHOD 132
+# define STORE_F_STORE_PARSE_ATTRS_END 151
+# define STORE_F_STORE_PARSE_ATTRS_ENDP 172
+# define STORE_F_STORE_PARSE_ATTRS_NEXT 152
+# define STORE_F_STORE_PARSE_ATTRS_START 171
+# define STORE_F_STORE_REVOKE_CERTIFICATE 129
+# define STORE_F_STORE_REVOKE_PRIVATE_KEY 130
+# define STORE_F_STORE_REVOKE_PUBLIC_KEY 131
+# define STORE_F_STORE_STORE_ARBITRARY 157
+# define STORE_F_STORE_STORE_CERTIFICATE 100
+# define STORE_F_STORE_STORE_CRL 101
+# define STORE_F_STORE_STORE_NUMBER 126
+# define STORE_F_STORE_STORE_PRIVATE_KEY 127
+# define STORE_F_STORE_STORE_PUBLIC_KEY 128
+
+/* Reason codes. */
+# define STORE_R_ALREADY_HAS_A_VALUE 127
+# define STORE_R_FAILED_DELETING_ARBITRARY 132
+# define STORE_R_FAILED_DELETING_CERTIFICATE 100
+# define STORE_R_FAILED_DELETING_KEY 101
+# define STORE_R_FAILED_DELETING_NUMBER 102
+# define STORE_R_FAILED_GENERATING_CRL 103
+# define STORE_R_FAILED_GENERATING_KEY 104
+# define STORE_R_FAILED_GETTING_ARBITRARY 133
+# define STORE_R_FAILED_GETTING_CERTIFICATE 105
+# define STORE_R_FAILED_GETTING_KEY 106
+# define STORE_R_FAILED_GETTING_NUMBER 107
+# define STORE_R_FAILED_LISTING_CERTIFICATES 108
+# define STORE_R_FAILED_LISTING_KEYS 109
+# define STORE_R_FAILED_MODIFYING_ARBITRARY 138
+# define STORE_R_FAILED_MODIFYING_CERTIFICATE 139
+# define STORE_R_FAILED_MODIFYING_CRL 140
+# define STORE_R_FAILED_MODIFYING_NUMBER 141
+# define STORE_R_FAILED_MODIFYING_PRIVATE_KEY 142
+# define STORE_R_FAILED_MODIFYING_PUBLIC_KEY 143
+# define STORE_R_FAILED_REVOKING_CERTIFICATE 110
+# define STORE_R_FAILED_REVOKING_KEY 111
+# define STORE_R_FAILED_STORING_ARBITRARY 134
+# define STORE_R_FAILED_STORING_CERTIFICATE 112
+# define STORE_R_FAILED_STORING_KEY 113
+# define STORE_R_FAILED_STORING_NUMBER 114
+# define STORE_R_NOT_IMPLEMENTED 128
+# define STORE_R_NO_CONTROL_FUNCTION 144
+# define STORE_R_NO_DELETE_ARBITRARY_FUNCTION 135
+# define STORE_R_NO_DELETE_NUMBER_FUNCTION 115
+# define STORE_R_NO_DELETE_OBJECT_FUNCTION 116
+# define STORE_R_NO_GENERATE_CRL_FUNCTION 117
+# define STORE_R_NO_GENERATE_OBJECT_FUNCTION 118
+# define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION 136
+# define STORE_R_NO_GET_OBJECT_FUNCTION 119
+# define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION 120
+# define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION 131
+# define STORE_R_NO_LIST_OBJECT_END_FUNCTION 121
+# define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION 122
+# define STORE_R_NO_LIST_OBJECT_START_FUNCTION 123
+# define STORE_R_NO_MODIFY_OBJECT_FUNCTION 145
+# define STORE_R_NO_REVOKE_OBJECT_FUNCTION 124
+# define STORE_R_NO_STORE 129
+# define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION 137
+# define STORE_R_NO_STORE_OBJECT_FUNCTION 125
+# define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION 126
+# define STORE_R_NO_VALUE 130
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/store/str_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/store/str_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/store/str_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,211 +0,0 @@
-/* crypto/store/str_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/store.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason)
-
-static ERR_STRING_DATA STORE_str_functs[]=
- {
-{ERR_FUNC(STORE_F_MEM_DELETE), "MEM_DELETE"},
-{ERR_FUNC(STORE_F_MEM_GENERATE), "MEM_GENERATE"},
-{ERR_FUNC(STORE_F_MEM_LIST_END), "MEM_LIST_END"},
-{ERR_FUNC(STORE_F_MEM_LIST_NEXT), "MEM_LIST_NEXT"},
-{ERR_FUNC(STORE_F_MEM_LIST_START), "MEM_LIST_START"},
-{ERR_FUNC(STORE_F_MEM_MODIFY), "MEM_MODIFY"},
-{ERR_FUNC(STORE_F_MEM_STORE), "MEM_STORE"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR), "STORE_ATTR_INFO_get0_cstr"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN), "STORE_ATTR_INFO_get0_dn"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER), "STORE_ATTR_INFO_get0_number"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR), "STORE_ATTR_INFO_get0_sha1str"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR), "STORE_ATTR_INFO_modify_cstr"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN), "STORE_ATTR_INFO_modify_dn"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER), "STORE_ATTR_INFO_modify_number"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR), "STORE_ATTR_INFO_modify_sha1str"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR), "STORE_ATTR_INFO_set_cstr"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN), "STORE_ATTR_INFO_set_dn"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER), "STORE_ATTR_INFO_set_number"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR), "STORE_ATTR_INFO_set_sha1str"},
-{ERR_FUNC(STORE_F_STORE_CERTIFICATE), "STORE_CERTIFICATE"},
-{ERR_FUNC(STORE_F_STORE_CTRL), "STORE_ctrl"},
-{ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY), "STORE_delete_arbitrary"},
-{ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE), "STORE_delete_certificate"},
-{ERR_FUNC(STORE_F_STORE_DELETE_CRL), "STORE_delete_crl"},
-{ERR_FUNC(STORE_F_STORE_DELETE_NUMBER), "STORE_delete_number"},
-{ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY), "STORE_delete_private_key"},
-{ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY), "STORE_delete_public_key"},
-{ERR_FUNC(STORE_F_STORE_GENERATE_CRL), "STORE_generate_crl"},
-{ERR_FUNC(STORE_F_STORE_GENERATE_KEY), "STORE_generate_key"},
-{ERR_FUNC(STORE_F_STORE_GET_ARBITRARY), "STORE_get_arbitrary"},
-{ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE), "STORE_get_certificate"},
-{ERR_FUNC(STORE_F_STORE_GET_CRL), "STORE_get_crl"},
-{ERR_FUNC(STORE_F_STORE_GET_NUMBER), "STORE_get_number"},
-{ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY), "STORE_get_private_key"},
-{ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY), "STORE_get_public_key"},
-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END), "STORE_list_certificate_end"},
-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP), "STORE_list_certificate_endp"},
-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT), "STORE_list_certificate_next"},
-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START), "STORE_list_certificate_start"},
-{ERR_FUNC(STORE_F_STORE_LIST_CRL_END), "STORE_list_crl_end"},
-{ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP), "STORE_list_crl_endp"},
-{ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT), "STORE_list_crl_next"},
-{ERR_FUNC(STORE_F_STORE_LIST_CRL_START), "STORE_list_crl_start"},
-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END), "STORE_list_private_key_end"},
-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP), "STORE_list_private_key_endp"},
-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT), "STORE_list_private_key_next"},
-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START), "STORE_list_private_key_start"},
-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END), "STORE_list_public_key_end"},
-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP), "STORE_list_public_key_endp"},
-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT), "STORE_list_public_key_next"},
-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START), "STORE_list_public_key_start"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY), "STORE_modify_arbitrary"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE), "STORE_modify_certificate"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_CRL), "STORE_modify_crl"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER), "STORE_modify_number"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY), "STORE_modify_private_key"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY), "STORE_modify_public_key"},
-{ERR_FUNC(STORE_F_STORE_NEW_ENGINE), "STORE_new_engine"},
-{ERR_FUNC(STORE_F_STORE_NEW_METHOD), "STORE_new_method"},
-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END), "STORE_parse_attrs_end"},
-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP), "STORE_parse_attrs_endp"},
-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT), "STORE_parse_attrs_next"},
-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START), "STORE_parse_attrs_start"},
-{ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE), "STORE_revoke_certificate"},
-{ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY), "STORE_revoke_private_key"},
-{ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY), "STORE_revoke_public_key"},
-{ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY), "STORE_store_arbitrary"},
-{ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE), "STORE_store_certificate"},
-{ERR_FUNC(STORE_F_STORE_STORE_CRL), "STORE_store_crl"},
-{ERR_FUNC(STORE_F_STORE_STORE_NUMBER), "STORE_store_number"},
-{ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY), "STORE_store_private_key"},
-{ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY), "STORE_store_public_key"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA STORE_str_reasons[]=
- {
-{ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE) ,"already has a value"},
-{ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY),"failed deleting arbitrary"},
-{ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE),"failed deleting certificate"},
-{ERR_REASON(STORE_R_FAILED_DELETING_KEY) ,"failed deleting key"},
-{ERR_REASON(STORE_R_FAILED_DELETING_NUMBER),"failed deleting number"},
-{ERR_REASON(STORE_R_FAILED_GENERATING_CRL),"failed generating crl"},
-{ERR_REASON(STORE_R_FAILED_GENERATING_KEY),"failed generating key"},
-{ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY),"failed getting arbitrary"},
-{ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE),"failed getting certificate"},
-{ERR_REASON(STORE_R_FAILED_GETTING_KEY) ,"failed getting key"},
-{ERR_REASON(STORE_R_FAILED_GETTING_NUMBER),"failed getting number"},
-{ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES),"failed listing certificates"},
-{ERR_REASON(STORE_R_FAILED_LISTING_KEYS) ,"failed listing keys"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY),"failed modifying arbitrary"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE),"failed modifying certificate"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_CRL),"failed modifying crl"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER),"failed modifying number"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY),"failed modifying private key"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY),"failed modifying public key"},
-{ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE),"failed revoking certificate"},
-{ERR_REASON(STORE_R_FAILED_REVOKING_KEY) ,"failed revoking key"},
-{ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY),"failed storing arbitrary"},
-{ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE),"failed storing certificate"},
-{ERR_REASON(STORE_R_FAILED_STORING_KEY) ,"failed storing key"},
-{ERR_REASON(STORE_R_FAILED_STORING_NUMBER),"failed storing number"},
-{ERR_REASON(STORE_R_NOT_IMPLEMENTED) ,"not implemented"},
-{ERR_REASON(STORE_R_NO_CONTROL_FUNCTION) ,"no control function"},
-{ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION),"no delete arbitrary function"},
-{ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION),"no delete number function"},
-{ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION),"no delete object function"},
-{ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION),"no generate crl function"},
-{ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION),"no generate object function"},
-{ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION),"no get object arbitrary function"},
-{ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION),"no get object function"},
-{ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION),"no get object number function"},
-{ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION),"no list object endp function"},
-{ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION),"no list object end function"},
-{ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION),"no list object next function"},
-{ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION),"no list object start function"},
-{ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION),"no modify object function"},
-{ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION),"no revoke object function"},
-{ERR_REASON(STORE_R_NO_STORE) ,"no store"},
-{ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION),"no store object arbitrary function"},
-{ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION),"no store object function"},
-{ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION),"no store object number function"},
-{ERR_REASON(STORE_R_NO_VALUE) ,"no value"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_STORE_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(STORE_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,STORE_str_functs);
- ERR_load_strings(0,STORE_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/store/str_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/store/str_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/store/str_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/store/str_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,258 @@
+/* crypto/store/str_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/store.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason)
+
+static ERR_STRING_DATA STORE_str_functs[] = {
+ {ERR_FUNC(STORE_F_MEM_DELETE), "MEM_DELETE"},
+ {ERR_FUNC(STORE_F_MEM_GENERATE), "MEM_GENERATE"},
+ {ERR_FUNC(STORE_F_MEM_LIST_END), "MEM_LIST_END"},
+ {ERR_FUNC(STORE_F_MEM_LIST_NEXT), "MEM_LIST_NEXT"},
+ {ERR_FUNC(STORE_F_MEM_LIST_START), "MEM_LIST_START"},
+ {ERR_FUNC(STORE_F_MEM_MODIFY), "MEM_MODIFY"},
+ {ERR_FUNC(STORE_F_MEM_STORE), "MEM_STORE"},
+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR),
+ "STORE_ATTR_INFO_get0_cstr"},
+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN), "STORE_ATTR_INFO_get0_dn"},
+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER),
+ "STORE_ATTR_INFO_get0_number"},
+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR),
+ "STORE_ATTR_INFO_get0_sha1str"},
+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR),
+ "STORE_ATTR_INFO_modify_cstr"},
+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN),
+ "STORE_ATTR_INFO_modify_dn"},
+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER),
+ "STORE_ATTR_INFO_modify_number"},
+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR),
+ "STORE_ATTR_INFO_modify_sha1str"},
+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR), "STORE_ATTR_INFO_set_cstr"},
+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN), "STORE_ATTR_INFO_set_dn"},
+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER),
+ "STORE_ATTR_INFO_set_number"},
+ {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR),
+ "STORE_ATTR_INFO_set_sha1str"},
+ {ERR_FUNC(STORE_F_STORE_CERTIFICATE), "STORE_CERTIFICATE"},
+ {ERR_FUNC(STORE_F_STORE_CTRL), "STORE_ctrl"},
+ {ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY), "STORE_delete_arbitrary"},
+ {ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE), "STORE_delete_certificate"},
+ {ERR_FUNC(STORE_F_STORE_DELETE_CRL), "STORE_delete_crl"},
+ {ERR_FUNC(STORE_F_STORE_DELETE_NUMBER), "STORE_delete_number"},
+ {ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY), "STORE_delete_private_key"},
+ {ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY), "STORE_delete_public_key"},
+ {ERR_FUNC(STORE_F_STORE_GENERATE_CRL), "STORE_generate_crl"},
+ {ERR_FUNC(STORE_F_STORE_GENERATE_KEY), "STORE_generate_key"},
+ {ERR_FUNC(STORE_F_STORE_GET_ARBITRARY), "STORE_get_arbitrary"},
+ {ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE), "STORE_get_certificate"},
+ {ERR_FUNC(STORE_F_STORE_GET_CRL), "STORE_get_crl"},
+ {ERR_FUNC(STORE_F_STORE_GET_NUMBER), "STORE_get_number"},
+ {ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY), "STORE_get_private_key"},
+ {ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY), "STORE_get_public_key"},
+ {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END),
+ "STORE_list_certificate_end"},
+ {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP),
+ "STORE_list_certificate_endp"},
+ {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT),
+ "STORE_list_certificate_next"},
+ {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START),
+ "STORE_list_certificate_start"},
+ {ERR_FUNC(STORE_F_STORE_LIST_CRL_END), "STORE_list_crl_end"},
+ {ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP), "STORE_list_crl_endp"},
+ {ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT), "STORE_list_crl_next"},
+ {ERR_FUNC(STORE_F_STORE_LIST_CRL_START), "STORE_list_crl_start"},
+ {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END),
+ "STORE_list_private_key_end"},
+ {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP),
+ "STORE_list_private_key_endp"},
+ {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT),
+ "STORE_list_private_key_next"},
+ {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START),
+ "STORE_list_private_key_start"},
+ {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END),
+ "STORE_list_public_key_end"},
+ {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP),
+ "STORE_list_public_key_endp"},
+ {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT),
+ "STORE_list_public_key_next"},
+ {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START),
+ "STORE_list_public_key_start"},
+ {ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY), "STORE_modify_arbitrary"},
+ {ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE), "STORE_modify_certificate"},
+ {ERR_FUNC(STORE_F_STORE_MODIFY_CRL), "STORE_modify_crl"},
+ {ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER), "STORE_modify_number"},
+ {ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY), "STORE_modify_private_key"},
+ {ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY), "STORE_modify_public_key"},
+ {ERR_FUNC(STORE_F_STORE_NEW_ENGINE), "STORE_new_engine"},
+ {ERR_FUNC(STORE_F_STORE_NEW_METHOD), "STORE_new_method"},
+ {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END), "STORE_parse_attrs_end"},
+ {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP), "STORE_parse_attrs_endp"},
+ {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT), "STORE_parse_attrs_next"},
+ {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START), "STORE_parse_attrs_start"},
+ {ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE), "STORE_revoke_certificate"},
+ {ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY), "STORE_revoke_private_key"},
+ {ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY), "STORE_revoke_public_key"},
+ {ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY), "STORE_store_arbitrary"},
+ {ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE), "STORE_store_certificate"},
+ {ERR_FUNC(STORE_F_STORE_STORE_CRL), "STORE_store_crl"},
+ {ERR_FUNC(STORE_F_STORE_STORE_NUMBER), "STORE_store_number"},
+ {ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY), "STORE_store_private_key"},
+ {ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY), "STORE_store_public_key"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA STORE_str_reasons[] = {
+ {ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE), "already has a value"},
+ {ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY),
+ "failed deleting arbitrary"},
+ {ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE),
+ "failed deleting certificate"},
+ {ERR_REASON(STORE_R_FAILED_DELETING_KEY), "failed deleting key"},
+ {ERR_REASON(STORE_R_FAILED_DELETING_NUMBER), "failed deleting number"},
+ {ERR_REASON(STORE_R_FAILED_GENERATING_CRL), "failed generating crl"},
+ {ERR_REASON(STORE_R_FAILED_GENERATING_KEY), "failed generating key"},
+ {ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY),
+ "failed getting arbitrary"},
+ {ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE),
+ "failed getting certificate"},
+ {ERR_REASON(STORE_R_FAILED_GETTING_KEY), "failed getting key"},
+ {ERR_REASON(STORE_R_FAILED_GETTING_NUMBER), "failed getting number"},
+ {ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES),
+ "failed listing certificates"},
+ {ERR_REASON(STORE_R_FAILED_LISTING_KEYS), "failed listing keys"},
+ {ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY),
+ "failed modifying arbitrary"},
+ {ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE),
+ "failed modifying certificate"},
+ {ERR_REASON(STORE_R_FAILED_MODIFYING_CRL), "failed modifying crl"},
+ {ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER), "failed modifying number"},
+ {ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY),
+ "failed modifying private key"},
+ {ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY),
+ "failed modifying public key"},
+ {ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE),
+ "failed revoking certificate"},
+ {ERR_REASON(STORE_R_FAILED_REVOKING_KEY), "failed revoking key"},
+ {ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY),
+ "failed storing arbitrary"},
+ {ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE),
+ "failed storing certificate"},
+ {ERR_REASON(STORE_R_FAILED_STORING_KEY), "failed storing key"},
+ {ERR_REASON(STORE_R_FAILED_STORING_NUMBER), "failed storing number"},
+ {ERR_REASON(STORE_R_NOT_IMPLEMENTED), "not implemented"},
+ {ERR_REASON(STORE_R_NO_CONTROL_FUNCTION), "no control function"},
+ {ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION),
+ "no delete arbitrary function"},
+ {ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION),
+ "no delete number function"},
+ {ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION),
+ "no delete object function"},
+ {ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION),
+ "no generate crl function"},
+ {ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION),
+ "no generate object function"},
+ {ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION),
+ "no get object arbitrary function"},
+ {ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION), "no get object function"},
+ {ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION),
+ "no get object number function"},
+ {ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION),
+ "no list object endp function"},
+ {ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION),
+ "no list object end function"},
+ {ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION),
+ "no list object next function"},
+ {ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION),
+ "no list object start function"},
+ {ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION),
+ "no modify object function"},
+ {ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION),
+ "no revoke object function"},
+ {ERR_REASON(STORE_R_NO_STORE), "no store"},
+ {ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION),
+ "no store object arbitrary function"},
+ {ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION),
+ "no store object function"},
+ {ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION),
+ "no store object number function"},
+ {ERR_REASON(STORE_R_NO_VALUE), "no value"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_STORE_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(STORE_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, STORE_str_functs);
+ ERR_load_strings(0, STORE_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/store/str_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/store/str_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/store/str_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1824 +0,0 @@
-/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/sha.h>
-#include <openssl/x509.h>
-#include "str_locl.h"
-
-const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] =
- {
- 0,
- "X.509 Certificate",
- "X.509 CRL",
- "Private Key",
- "Public Key",
- "Number",
- "Arbitrary Data"
- };
-
-const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] =
- {
- 0,
- sizeof(int), /* EVP_TYPE */
- sizeof(size_t), /* BITS */
- -1, /* KEY_PARAMETERS */
- 0 /* KEY_NO_PARAMETERS */
- };
-
-const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] =
- {
- 0,
- -1, /* FRIENDLYNAME: C string */
- SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */
- SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */
- SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */
- SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */
- sizeof(X509_NAME *), /* ISSUER: X509_NAME * */
- sizeof(BIGNUM *), /* SERIAL: BIGNUM * */
- sizeof(X509_NAME *), /* SUBJECT: X509_NAME * */
- SHA_DIGEST_LENGTH, /* CERTHASH: SHA1 digest, 160 bits */
- -1, /* EMAIL: C string */
- -1, /* FILENAME: C string */
- };
-
-STORE *STORE_new_method(const STORE_METHOD *method)
- {
- STORE *ret;
-
- if (method == NULL)
- {
- STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
-
- ret=(STORE *)OPENSSL_malloc(sizeof(STORE));
- if (ret == NULL)
- {
- STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- ret->meth=method;
-
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
- if (ret->meth->init && !ret->meth->init(ret))
- {
- STORE_free(ret);
- ret = NULL;
- }
- return ret;
- }
-
-STORE *STORE_new_engine(ENGINE *engine)
- {
- STORE *ret = NULL;
- ENGINE *e = engine;
- const STORE_METHOD *meth = 0;
-
-#ifdef OPENSSL_NO_ENGINE
- e = NULL;
-#else
- if (engine)
- {
- if (!ENGINE_init(engine))
- {
- STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
- return NULL;
- }
- e = engine;
- }
- else
- {
- STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- if(e)
- {
- meth = ENGINE_get_STORE(e);
- if(!meth)
- {
- STOREerr(STORE_F_STORE_NEW_ENGINE,
- ERR_R_ENGINE_LIB);
- ENGINE_finish(e);
- return NULL;
- }
- }
-#endif
-
- ret = STORE_new_method(meth);
- if (ret == NULL)
- {
- STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB);
- return NULL;
- }
-
- ret->engine = e;
-
- return(ret);
- }
-
-void STORE_free(STORE *store)
- {
- if (store == NULL)
- return;
- if (store->meth->clean)
- store->meth->clean(store);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
- OPENSSL_free(store);
- }
-
-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void))
- {
- if (store == NULL)
- {
- STOREerr(STORE_F_STORE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (store->meth->ctrl)
- return store->meth->ctrl(store, cmd, i, p, f);
- STOREerr(STORE_F_STORE_CTRL,STORE_R_NO_CONTROL_FUNCTION);
- return 0;
- }
-
-
-int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int STORE_set_ex_data(STORE *r, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
- }
-
-void *STORE_get_ex_data(STORE *r, int idx)
- {
- return(CRYPTO_get_ex_data(&r->ex_data,idx));
- }
-
-const STORE_METHOD *STORE_get_method(STORE *store)
- {
- return store->meth;
- }
-
-const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
- {
- store->meth=meth;
- return store->meth;
- }
-
-
-/* API helpers */
-
-#define check_store(s,fncode,fnname,fnerrcode) \
- do \
- { \
- if ((s) == NULL || (s)->meth == NULL) \
- { \
- STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
- return 0; \
- } \
- if ((s)->meth->fnname == NULL) \
- { \
- STOREerr((fncode), (fnerrcode)); \
- return 0; \
- } \
- } \
- while(0)
-
-/* API functions */
-
-X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- X509 *x;
-
- check_store(s,STORE_F_STORE_GET_CERTIFICATE,
- get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
-
- object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
- attributes, parameters);
- if (!object || !object->data.x509.certificate)
- {
- STOREerr(STORE_F_STORE_GET_CERTIFICATE,
- STORE_R_FAILED_GETTING_CERTIFICATE);
- return 0;
- }
- CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
- REF_PRINT("X509",data);
-#endif
- x = object->data.x509.certificate;
- STORE_OBJECT_free(object);
- return x;
- }
-
-int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- int i;
-
- check_store(s,STORE_F_STORE_CERTIFICATE,
- store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
-
- object = STORE_OBJECT_new();
- if (!object)
- {
- STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
- REF_PRINT("X509",data);
-#endif
- object->data.x509.certificate = data;
-
- i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
- object, attributes, parameters);
-
- STORE_OBJECT_free(object);
-
- if (!i)
- {
- STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
- STORE_R_FAILED_STORING_CERTIFICATE);
- return 0;
- }
- return 1;
- }
-
-int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],
- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_MODIFY_CERTIFICATE,
- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
- search_attributes, add_attributes, modify_attributes,
- delete_attributes, parameters))
- {
- STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
- STORE_R_FAILED_MODIFYING_CERTIFICATE);
- return 0;
- }
- return 1;
- }
-
-int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE,
- revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
-
- if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
- attributes, parameters))
- {
- STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
- STORE_R_FAILED_REVOKING_CERTIFICATE);
- return 0;
- }
- return 1;
- }
-
-int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_DELETE_CERTIFICATE,
- delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
-
- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
- attributes, parameters))
- {
- STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
- STORE_R_FAILED_DELETING_CERTIFICATE);
- return 0;
- }
- return 1;
- }
-
-void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- void *handle;
-
- check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START,
- list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
- handle = s->meth->list_object_start(s,
- STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes, parameters);
- if (!handle)
- {
- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
- STORE_R_FAILED_LISTING_CERTIFICATES);
- return 0;
- }
- return handle;
- }
-
-X509 *STORE_list_certificate_next(STORE *s, void *handle)
- {
- STORE_OBJECT *object;
- X509 *x;
-
- check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT,
- list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
- object = s->meth->list_object_next(s, handle);
- if (!object || !object->data.x509.certificate)
- {
- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
- STORE_R_FAILED_LISTING_CERTIFICATES);
- return 0;
- }
- CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
- REF_PRINT("X509",data);
-#endif
- x = object->data.x509.certificate;
- STORE_OBJECT_free(object);
- return x;
- }
-
-int STORE_list_certificate_end(STORE *s, void *handle)
- {
- check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END,
- list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
- if (!s->meth->list_object_end(s, handle))
- {
- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
- STORE_R_FAILED_LISTING_CERTIFICATES);
- return 0;
- }
- return 1;
- }
-
-int STORE_list_certificate_endp(STORE *s, void *handle)
- {
- check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP,
- list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
- if (!s->meth->list_object_endp(s, handle))
- {
- STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
- STORE_R_FAILED_LISTING_CERTIFICATES);
- return 0;
- }
- return 1;
- }
-
-EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- EVP_PKEY *pkey;
-
- check_store(s,STORE_F_STORE_GENERATE_KEY,
- generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION);
-
- object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
- attributes, parameters);
- if (!object || !object->data.key)
- {
- STOREerr(STORE_F_STORE_GENERATE_KEY,
- STORE_R_FAILED_GENERATING_KEY);
- return 0;
- }
- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
- REF_PRINT("EVP_PKEY",data);
-#endif
- pkey = object->data.key;
- STORE_OBJECT_free(object);
- return pkey;
- }
-
-EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- EVP_PKEY *pkey;
-
- check_store(s,STORE_F_STORE_GET_PRIVATE_KEY,
- get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
-
- object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
- attributes, parameters);
- if (!object || !object->data.key || !object->data.key)
- {
- STOREerr(STORE_F_STORE_GET_PRIVATE_KEY,
- STORE_R_FAILED_GETTING_KEY);
- return 0;
- }
- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
- REF_PRINT("EVP_PKEY",data);
-#endif
- pkey = object->data.key;
- STORE_OBJECT_free(object);
- return pkey;
- }
-
-int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- int i;
-
- check_store(s,STORE_F_STORE_STORE_PRIVATE_KEY,
- store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
-
- object = STORE_OBJECT_new();
- if (!object)
- {
- STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- object->data.key = EVP_PKEY_new();
- if (!object->data.key)
- {
- STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
- REF_PRINT("EVP_PKEY",data);
-#endif
- object->data.key = data;
-
- i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
- attributes, parameters);
-
- STORE_OBJECT_free(object);
-
- if (!i)
- {
- STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
- STORE_R_FAILED_STORING_KEY);
- return 0;
- }
- return i;
- }
-
-int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],
- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_MODIFY_PRIVATE_KEY,
- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
- search_attributes, add_attributes, modify_attributes,
- delete_attributes, parameters))
- {
- STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
- STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
- return 0;
- }
- return 1;
- }
-
-int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- int i;
-
- check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY,
- revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
-
- i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
- attributes, parameters);
-
- if (!i)
- {
- STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
- STORE_R_FAILED_REVOKING_KEY);
- return 0;
- }
- return i;
- }
-
-int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY,
- delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
-
- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
- attributes, parameters))
- {
- STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
- STORE_R_FAILED_DELETING_KEY);
- return 0;
- }
- return 1;
- }
-
-void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- void *handle;
-
- check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START,
- list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
- handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
- attributes, parameters);
- if (!handle)
- {
- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
- STORE_R_FAILED_LISTING_KEYS);
- return 0;
- }
- return handle;
- }
-
-EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)
- {
- STORE_OBJECT *object;
- EVP_PKEY *pkey;
-
- check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
- list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
- object = s->meth->list_object_next(s, handle);
- if (!object || !object->data.key || !object->data.key)
- {
- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
- STORE_R_FAILED_LISTING_KEYS);
- return 0;
- }
- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
- REF_PRINT("EVP_PKEY",data);
-#endif
- pkey = object->data.key;
- STORE_OBJECT_free(object);
- return pkey;
- }
-
-int STORE_list_private_key_end(STORE *s, void *handle)
- {
- check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END,
- list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
- if (!s->meth->list_object_end(s, handle))
- {
- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
- STORE_R_FAILED_LISTING_KEYS);
- return 0;
- }
- return 1;
- }
-
-int STORE_list_private_key_endp(STORE *s, void *handle)
- {
- check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
- list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
- if (!s->meth->list_object_endp(s, handle))
- {
- STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
- STORE_R_FAILED_LISTING_KEYS);
- return 0;
- }
- return 1;
- }
-
-EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- EVP_PKEY *pkey;
-
- check_store(s,STORE_F_STORE_GET_PUBLIC_KEY,
- get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
-
- object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
- attributes, parameters);
- if (!object || !object->data.key || !object->data.key)
- {
- STOREerr(STORE_F_STORE_GET_PUBLIC_KEY,
- STORE_R_FAILED_GETTING_KEY);
- return 0;
- }
- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
- REF_PRINT("EVP_PKEY",data);
-#endif
- pkey = object->data.key;
- STORE_OBJECT_free(object);
- return pkey;
- }
-
-int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- int i;
-
- check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY,
- store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
-
- object = STORE_OBJECT_new();
- if (!object)
- {
- STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- object->data.key = EVP_PKEY_new();
- if (!object->data.key)
- {
- STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
- REF_PRINT("EVP_PKEY",data);
-#endif
- object->data.key = data;
-
- i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
- attributes, parameters);
-
- STORE_OBJECT_free(object);
-
- if (!i)
- {
- STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
- STORE_R_FAILED_STORING_KEY);
- return 0;
- }
- return i;
- }
-
-int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],
- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_MODIFY_PUBLIC_KEY,
- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
- search_attributes, add_attributes, modify_attributes,
- delete_attributes, parameters))
- {
- STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
- STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
- return 0;
- }
- return 1;
- }
-
-int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- int i;
-
- check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY,
- revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
-
- i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
- attributes, parameters);
-
- if (!i)
- {
- STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
- STORE_R_FAILED_REVOKING_KEY);
- return 0;
- }
- return i;
- }
-
-int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY,
- delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
-
- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
- attributes, parameters))
- {
- STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
- STORE_R_FAILED_DELETING_KEY);
- return 0;
- }
- return 1;
- }
-
-void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- void *handle;
-
- check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START,
- list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
- handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
- attributes, parameters);
- if (!handle)
- {
- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
- STORE_R_FAILED_LISTING_KEYS);
- return 0;
- }
- return handle;
- }
-
-EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)
- {
- STORE_OBJECT *object;
- EVP_PKEY *pkey;
-
- check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
- list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
- object = s->meth->list_object_next(s, handle);
- if (!object || !object->data.key || !object->data.key)
- {
- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
- STORE_R_FAILED_LISTING_KEYS);
- return 0;
- }
- CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
-#ifdef REF_PRINT
- REF_PRINT("EVP_PKEY",data);
-#endif
- pkey = object->data.key;
- STORE_OBJECT_free(object);
- return pkey;
- }
-
-int STORE_list_public_key_end(STORE *s, void *handle)
- {
- check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_END,
- list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
- if (!s->meth->list_object_end(s, handle))
- {
- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
- STORE_R_FAILED_LISTING_KEYS);
- return 0;
- }
- return 1;
- }
-
-int STORE_list_public_key_endp(STORE *s, void *handle)
- {
- check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
- list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
- if (!s->meth->list_object_endp(s, handle))
- {
- STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
- STORE_R_FAILED_LISTING_KEYS);
- return 0;
- }
- return 1;
- }
-
-X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- X509_CRL *crl;
-
- check_store(s,STORE_F_STORE_GENERATE_CRL,
- generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION);
-
- object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
- attributes, parameters);
- if (!object || !object->data.crl)
- {
- STOREerr(STORE_F_STORE_GENERATE_CRL,
- STORE_R_FAILED_GENERATING_CRL);
- return 0;
- }
- CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
- REF_PRINT("X509_CRL",data);
-#endif
- crl = object->data.crl;
- STORE_OBJECT_free(object);
- return crl;
- }
-
-X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- X509_CRL *crl;
-
- check_store(s,STORE_F_STORE_GET_CRL,
- get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
-
- object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
- attributes, parameters);
- if (!object || !object->data.crl)
- {
- STOREerr(STORE_F_STORE_GET_CRL,
- STORE_R_FAILED_GETTING_KEY);
- return 0;
- }
- CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
- REF_PRINT("X509_CRL",data);
-#endif
- crl = object->data.crl;
- STORE_OBJECT_free(object);
- return crl;
- }
-
-int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- int i;
-
- check_store(s,STORE_F_STORE_STORE_CRL,
- store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
-
- object = STORE_OBJECT_new();
- if (!object)
- {
- STOREerr(STORE_F_STORE_STORE_CRL,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
- REF_PRINT("X509_CRL",data);
-#endif
- object->data.crl = data;
-
- i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
- attributes, parameters);
-
- STORE_OBJECT_free(object);
-
- if (!i)
- {
- STOREerr(STORE_F_STORE_STORE_CRL,
- STORE_R_FAILED_STORING_KEY);
- return 0;
- }
- return i;
- }
-
-int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],
- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_MODIFY_CRL,
- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
- search_attributes, add_attributes, modify_attributes,
- delete_attributes, parameters))
- {
- STOREerr(STORE_F_STORE_MODIFY_CRL,
- STORE_R_FAILED_MODIFYING_CRL);
- return 0;
- }
- return 1;
- }
-
-int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_DELETE_CRL,
- delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
-
- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
- attributes, parameters))
- {
- STOREerr(STORE_F_STORE_DELETE_CRL,
- STORE_R_FAILED_DELETING_KEY);
- return 0;
- }
- return 1;
- }
-
-void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- void *handle;
-
- check_store(s,STORE_F_STORE_LIST_CRL_START,
- list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
- handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
- attributes, parameters);
- if (!handle)
- {
- STOREerr(STORE_F_STORE_LIST_CRL_START,
- STORE_R_FAILED_LISTING_KEYS);
- return 0;
- }
- return handle;
- }
-
-X509_CRL *STORE_list_crl_next(STORE *s, void *handle)
- {
- STORE_OBJECT *object;
- X509_CRL *crl;
-
- check_store(s,STORE_F_STORE_LIST_CRL_NEXT,
- list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
- object = s->meth->list_object_next(s, handle);
- if (!object || !object->data.crl)
- {
- STOREerr(STORE_F_STORE_LIST_CRL_NEXT,
- STORE_R_FAILED_LISTING_KEYS);
- return 0;
- }
- CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
- REF_PRINT("X509_CRL",data);
-#endif
- crl = object->data.crl;
- STORE_OBJECT_free(object);
- return crl;
- }
-
-int STORE_list_crl_end(STORE *s, void *handle)
- {
- check_store(s,STORE_F_STORE_LIST_CRL_END,
- list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
- if (!s->meth->list_object_end(s, handle))
- {
- STOREerr(STORE_F_STORE_LIST_CRL_END,
- STORE_R_FAILED_LISTING_KEYS);
- return 0;
- }
- return 1;
- }
-
-int STORE_list_crl_endp(STORE *s, void *handle)
- {
- check_store(s,STORE_F_STORE_LIST_CRL_ENDP,
- list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
- if (!s->meth->list_object_endp(s, handle))
- {
- STOREerr(STORE_F_STORE_LIST_CRL_ENDP,
- STORE_R_FAILED_LISTING_KEYS);
- return 0;
- }
- return 1;
- }
-
-int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- int i;
-
- check_store(s,STORE_F_STORE_STORE_NUMBER,
- store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
-
- object = STORE_OBJECT_new();
- if (!object)
- {
- STOREerr(STORE_F_STORE_STORE_NUMBER,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- object->data.number = data;
-
- i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
- attributes, parameters);
-
- STORE_OBJECT_free(object);
-
- if (!i)
- {
- STOREerr(STORE_F_STORE_STORE_NUMBER,
- STORE_R_FAILED_STORING_NUMBER);
- return 0;
- }
- return 1;
- }
-
-int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],
- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_MODIFY_NUMBER,
- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
- search_attributes, add_attributes, modify_attributes,
- delete_attributes, parameters))
- {
- STOREerr(STORE_F_STORE_MODIFY_NUMBER,
- STORE_R_FAILED_MODIFYING_NUMBER);
- return 0;
- }
- return 1;
- }
-
-BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- BIGNUM *n;
-
- check_store(s,STORE_F_STORE_GET_NUMBER,
- get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
-
- object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
- parameters);
- if (!object || !object->data.number)
- {
- STOREerr(STORE_F_STORE_GET_NUMBER,
- STORE_R_FAILED_GETTING_NUMBER);
- return 0;
- }
- n = object->data.number;
- object->data.number = NULL;
- STORE_OBJECT_free(object);
- return n;
- }
-
-int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_DELETE_NUMBER,
- delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION);
-
- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
- parameters))
- {
- STOREerr(STORE_F_STORE_DELETE_NUMBER,
- STORE_R_FAILED_DELETING_NUMBER);
- return 0;
- }
- return 1;
- }
-
-int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- int i;
-
- check_store(s,STORE_F_STORE_STORE_ARBITRARY,
- store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
-
- object = STORE_OBJECT_new();
- if (!object)
- {
- STOREerr(STORE_F_STORE_STORE_ARBITRARY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- object->data.arbitrary = data;
-
- i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
- attributes, parameters);
-
- STORE_OBJECT_free(object);
-
- if (!i)
- {
- STOREerr(STORE_F_STORE_STORE_ARBITRARY,
- STORE_R_FAILED_STORING_ARBITRARY);
- return 0;
- }
- return 1;
- }
-
-int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],
- OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
- OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_MODIFY_ARBITRARY,
- modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
- if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
- search_attributes, add_attributes, modify_attributes,
- delete_attributes, parameters))
- {
- STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
- STORE_R_FAILED_MODIFYING_ARBITRARY);
- return 0;
- }
- return 1;
- }
-
-BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STORE_OBJECT *object;
- BUF_MEM *b;
-
- check_store(s,STORE_F_STORE_GET_ARBITRARY,
- get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
-
- object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
- attributes, parameters);
- if (!object || !object->data.arbitrary)
- {
- STOREerr(STORE_F_STORE_GET_ARBITRARY,
- STORE_R_FAILED_GETTING_ARBITRARY);
- return 0;
- }
- b = object->data.arbitrary;
- object->data.arbitrary = NULL;
- STORE_OBJECT_free(object);
- return b;
- }
-
-int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- check_store(s,STORE_F_STORE_DELETE_ARBITRARY,
- delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
-
- if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
- parameters))
- {
- STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
- STORE_R_FAILED_DELETING_ARBITRARY);
- return 0;
- }
- return 1;
- }
-
-STORE_OBJECT *STORE_OBJECT_new(void)
- {
- STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT));
- if (object) memset(object, 0, sizeof(STORE_OBJECT));
- return object;
- }
-void STORE_OBJECT_free(STORE_OBJECT *data)
- {
- if (!data) return;
- switch (data->type)
- {
- case STORE_OBJECT_TYPE_X509_CERTIFICATE:
- X509_free(data->data.x509.certificate);
- break;
- case STORE_OBJECT_TYPE_X509_CRL:
- X509_CRL_free(data->data.crl);
- break;
- case STORE_OBJECT_TYPE_PRIVATE_KEY:
- case STORE_OBJECT_TYPE_PUBLIC_KEY:
- EVP_PKEY_free(data->data.key);
- break;
- case STORE_OBJECT_TYPE_NUMBER:
- BN_free(data->data.number);
- break;
- case STORE_OBJECT_TYPE_ARBITRARY:
- BUF_MEM_free(data->data.arbitrary);
- break;
- }
- OPENSSL_free(data);
- }
-
-IMPLEMENT_STACK_OF(STORE_OBJECT*)
-
-
-struct STORE_attr_info_st
- {
- unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
- union
- {
- char *cstring;
- unsigned char *sha1string;
- X509_NAME *dn;
- BIGNUM *number;
- void *any;
- } values[STORE_ATTR_TYPE_NUM+1];
- size_t value_sizes[STORE_ATTR_TYPE_NUM+1];
- };
-
-#define ATTR_IS_SET(a,i) ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
- && ((a)->set[(i) / 8] & (1 << ((i) % 8))))
-#define SET_ATTRBIT(a,i) ((a)->set[(i) / 8] |= (1 << ((i) % 8)))
-#define CLEAR_ATTRBIT(a,i) ((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
-
-STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)
- {
- return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO));
- }
-static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,
- STORE_ATTR_TYPES code)
- {
- if (ATTR_IS_SET(attrs,code))
- {
- switch(code)
- {
- case STORE_ATTR_FRIENDLYNAME:
- case STORE_ATTR_EMAIL:
- case STORE_ATTR_FILENAME:
- STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
- break;
- case STORE_ATTR_KEYID:
- case STORE_ATTR_ISSUERKEYID:
- case STORE_ATTR_SUBJECTKEYID:
- case STORE_ATTR_ISSUERSERIALHASH:
- case STORE_ATTR_CERTHASH:
- STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
- break;
- case STORE_ATTR_ISSUER:
- case STORE_ATTR_SUBJECT:
- STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
- break;
- case STORE_ATTR_SERIAL:
- STORE_ATTR_INFO_modify_number(attrs, code, NULL);
- break;
- default:
- break;
- }
- }
- }
-int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)
- {
- if (attrs)
- {
- STORE_ATTR_TYPES i;
- for(i = 0; i++ < STORE_ATTR_TYPE_NUM;)
- STORE_ATTR_INFO_attr_free(attrs, i);
- OPENSSL_free(attrs);
- }
- return 1;
- }
-char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
- {
- if (!attrs)
- {
- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
- ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- if (ATTR_IS_SET(attrs,code))
- return attrs->values[code].cstring;
- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
- STORE_R_NO_VALUE);
- return NULL;
- }
-unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
- STORE_ATTR_TYPES code)
- {
- if (!attrs)
- {
- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
- ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- if (ATTR_IS_SET(attrs,code))
- return attrs->values[code].sha1string;
- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
- STORE_R_NO_VALUE);
- return NULL;
- }
-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
- {
- if (!attrs)
- {
- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
- ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- if (ATTR_IS_SET(attrs,code))
- return attrs->values[code].dn;
- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
- STORE_R_NO_VALUE);
- return NULL;
- }
-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
- {
- if (!attrs)
- {
- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
- ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- if (ATTR_IS_SET(attrs,code))
- return attrs->values[code].number;
- STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
- STORE_R_NO_VALUE);
- return NULL;
- }
-int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- char *cstr, size_t cstr_size)
- {
- if (!attrs)
- {
- STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (!ATTR_IS_SET(attrs,code))
- {
- if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))
- return 1;
- STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
- return 0;
- }
-int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- unsigned char *sha1str, size_t sha1str_size)
- {
- if (!attrs)
- {
- STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (!ATTR_IS_SET(attrs,code))
- {
- if ((attrs->values[code].sha1string =
- (unsigned char *)BUF_memdup(sha1str,
- sha1str_size)))
- return 1;
- STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, STORE_R_ALREADY_HAS_A_VALUE);
- return 0;
- }
-int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- X509_NAME *dn)
- {
- if (!attrs)
- {
- STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (!ATTR_IS_SET(attrs,code))
- {
- if ((attrs->values[code].dn = X509_NAME_dup(dn)))
- return 1;
- STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
- return 0;
- }
-int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- BIGNUM *number)
- {
- if (!attrs)
- {
- STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (!ATTR_IS_SET(attrs,code))
- {
- if ((attrs->values[code].number = BN_dup(number)))
- return 1;
- STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
- return 0;
- }
-int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- char *cstr, size_t cstr_size)
- {
- if (!attrs)
- {
- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (ATTR_IS_SET(attrs,code))
- {
- OPENSSL_free(attrs->values[code].cstring);
- attrs->values[code].cstring = NULL;
- CLEAR_ATTRBIT(attrs, code);
- }
- return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
- }
-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- unsigned char *sha1str, size_t sha1str_size)
- {
- if (!attrs)
- {
- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (ATTR_IS_SET(attrs,code))
- {
- OPENSSL_free(attrs->values[code].sha1string);
- attrs->values[code].sha1string = NULL;
- CLEAR_ATTRBIT(attrs, code);
- }
- return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
- }
-int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- X509_NAME *dn)
- {
- if (!attrs)
- {
- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (ATTR_IS_SET(attrs,code))
- {
- OPENSSL_free(attrs->values[code].dn);
- attrs->values[code].dn = NULL;
- CLEAR_ATTRBIT(attrs, code);
- }
- return STORE_ATTR_INFO_set_dn(attrs, code, dn);
- }
-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
- BIGNUM *number)
- {
- if (!attrs)
- {
- STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (ATTR_IS_SET(attrs,code))
- {
- OPENSSL_free(attrs->values[code].number);
- attrs->values[code].number = NULL;
- CLEAR_ATTRBIT(attrs, code);
- }
- return STORE_ATTR_INFO_set_number(attrs, code, number);
- }
-
-struct attr_list_ctx_st
- {
- OPENSSL_ITEM *attributes;
- };
-void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)
- {
- if (attributes)
- {
- struct attr_list_ctx_st *context =
- (struct attr_list_ctx_st *)OPENSSL_malloc(sizeof(struct attr_list_ctx_st));
- if (context)
- context->attributes = attributes;
- else
- STOREerr(STORE_F_STORE_PARSE_ATTRS_START,
- ERR_R_MALLOC_FAILURE);
- return context;
- }
- STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)
- {
- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
-
- if (context && context->attributes)
- {
- STORE_ATTR_INFO *attrs = NULL;
-
- while(context->attributes
- && context->attributes->code != STORE_ATTR_OR
- && context->attributes->code != STORE_ATTR_END)
- {
- switch(context->attributes->code)
- {
- case STORE_ATTR_FRIENDLYNAME:
- case STORE_ATTR_EMAIL:
- case STORE_ATTR_FILENAME:
- if (!attrs) attrs = STORE_ATTR_INFO_new();
- if (attrs == NULL)
- {
- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- STORE_ATTR_INFO_set_cstr(attrs,
- context->attributes->code,
- context->attributes->value,
- context->attributes->value_size);
- break;
- case STORE_ATTR_KEYID:
- case STORE_ATTR_ISSUERKEYID:
- case STORE_ATTR_SUBJECTKEYID:
- case STORE_ATTR_ISSUERSERIALHASH:
- case STORE_ATTR_CERTHASH:
- if (!attrs) attrs = STORE_ATTR_INFO_new();
- if (attrs == NULL)
- {
- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- STORE_ATTR_INFO_set_sha1str(attrs,
- context->attributes->code,
- context->attributes->value,
- context->attributes->value_size);
- break;
- case STORE_ATTR_ISSUER:
- case STORE_ATTR_SUBJECT:
- if (!attrs) attrs = STORE_ATTR_INFO_new();
- if (attrs == NULL)
- {
- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- STORE_ATTR_INFO_modify_dn(attrs,
- context->attributes->code,
- context->attributes->value);
- break;
- case STORE_ATTR_SERIAL:
- if (!attrs) attrs = STORE_ATTR_INFO_new();
- if (attrs == NULL)
- {
- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- STORE_ATTR_INFO_modify_number(attrs,
- context->attributes->code,
- context->attributes->value);
- break;
- }
- context->attributes++;
- }
- if (context->attributes->code == STORE_ATTR_OR)
- context->attributes++;
- return attrs;
- err:
- while(context->attributes
- && context->attributes->code != STORE_ATTR_OR
- && context->attributes->code != STORE_ATTR_END)
- context->attributes++;
- if (context->attributes->code == STORE_ATTR_OR)
- context->attributes++;
- return NULL;
- }
- STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
-int STORE_parse_attrs_end(void *handle)
- {
- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
-
- if (context && context->attributes)
- {
-#if 0
- OPENSSL_ITEM *attributes = context->attributes;
-#endif
- OPENSSL_free(context);
- return 1;
- }
- STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
-int STORE_parse_attrs_endp(void *handle)
- {
- struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
-
- if (context && context->attributes)
- {
- return context->attributes->code == STORE_ATTR_END;
- }
- STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
-static int attr_info_compare_compute_range(
- unsigned char *abits, unsigned char *bbits,
- unsigned int *alowp, unsigned int *ahighp,
- unsigned int *blowp, unsigned int *bhighp)
- {
- unsigned int alow = (unsigned int)-1, ahigh = 0;
- unsigned int blow = (unsigned int)-1, bhigh = 0;
- int i, res = 0;
-
- for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)
- {
- if (res == 0)
- {
- if (*abits < *bbits) res = -1;
- if (*abits > *bbits) res = 1;
- }
- if (*abits)
- {
- if (alow == (unsigned int)-1)
- {
- alow = i * 8;
- if (!(*abits & 0x01)) alow++;
- if (!(*abits & 0x02)) alow++;
- if (!(*abits & 0x04)) alow++;
- if (!(*abits & 0x08)) alow++;
- if (!(*abits & 0x10)) alow++;
- if (!(*abits & 0x20)) alow++;
- if (!(*abits & 0x40)) alow++;
- }
- ahigh = i * 8 + 7;
- if (!(*abits & 0x80)) ahigh++;
- if (!(*abits & 0x40)) ahigh++;
- if (!(*abits & 0x20)) ahigh++;
- if (!(*abits & 0x10)) ahigh++;
- if (!(*abits & 0x08)) ahigh++;
- if (!(*abits & 0x04)) ahigh++;
- if (!(*abits & 0x02)) ahigh++;
- }
- if (*bbits)
- {
- if (blow == (unsigned int)-1)
- {
- blow = i * 8;
- if (!(*bbits & 0x01)) blow++;
- if (!(*bbits & 0x02)) blow++;
- if (!(*bbits & 0x04)) blow++;
- if (!(*bbits & 0x08)) blow++;
- if (!(*bbits & 0x10)) blow++;
- if (!(*bbits & 0x20)) blow++;
- if (!(*bbits & 0x40)) blow++;
- }
- bhigh = i * 8 + 7;
- if (!(*bbits & 0x80)) bhigh++;
- if (!(*bbits & 0x40)) bhigh++;
- if (!(*bbits & 0x20)) bhigh++;
- if (!(*bbits & 0x10)) bhigh++;
- if (!(*bbits & 0x08)) bhigh++;
- if (!(*bbits & 0x04)) bhigh++;
- if (!(*bbits & 0x02)) bhigh++;
- }
- }
- if (ahigh + alow < bhigh + blow) res = -1;
- if (ahigh + alow > bhigh + blow) res = 1;
- if (alowp) *alowp = alow;
- if (ahighp) *ahighp = ahigh;
- if (blowp) *blowp = blow;
- if (bhighp) *bhighp = bhigh;
- return res;
- }
-
-int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
- {
- if (a == b) return 0;
- if (!a) return -1;
- if (!b) return 1;
- return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0);
- }
-int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
- {
- unsigned int alow, ahigh, blow, bhigh;
-
- if (a == b) return 1;
- if (!a) return 0;
- if (!b) return 0;
- attr_info_compare_compute_range(a->set, b->set,
- &alow, &ahigh, &blow, &bhigh);
- if (alow >= blow && ahigh <= bhigh)
- return 1;
- return 0;
- }
-int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
- {
- unsigned char *abits, *bbits;
- int i;
-
- if (a == b) return 1;
- if (!a) return 0;
- if (!b) return 0;
- abits = a->set;
- bbits = b->set;
- for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)
- {
- if (*abits && (*bbits & *abits) != *abits)
- return 0;
- }
- return 1;
- }
-int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
- {
- STORE_ATTR_TYPES i;
-
- if (a == b) return 1;
- if (!STORE_ATTR_INFO_in(a, b)) return 0;
- for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
- if (ATTR_IS_SET(a, i))
- {
- switch(i)
- {
- case STORE_ATTR_FRIENDLYNAME:
- case STORE_ATTR_EMAIL:
- case STORE_ATTR_FILENAME:
- if (strcmp(a->values[i].cstring,
- b->values[i].cstring))
- return 0;
- break;
- case STORE_ATTR_KEYID:
- case STORE_ATTR_ISSUERKEYID:
- case STORE_ATTR_SUBJECTKEYID:
- case STORE_ATTR_ISSUERSERIALHASH:
- case STORE_ATTR_CERTHASH:
- if (memcmp(a->values[i].sha1string,
- b->values[i].sha1string,
- a->value_sizes[i]))
- return 0;
- break;
- case STORE_ATTR_ISSUER:
- case STORE_ATTR_SUBJECT:
- if (X509_NAME_cmp(a->values[i].dn,
- b->values[i].dn))
- return 0;
- break;
- case STORE_ATTR_SERIAL:
- if (BN_cmp(a->values[i].number,
- b->values[i].number))
- return 0;
- break;
- default:
- break;
- }
- }
-
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/store/str_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/store/str_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/store/str_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/store/str_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1771 @@
+/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/sha.h>
+#include <openssl/x509.h>
+#include "str_locl.h"
+
+const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1] = {
+ 0,
+ "X.509 Certificate",
+ "X.509 CRL",
+ "Private Key",
+ "Public Key",
+ "Number",
+ "Arbitrary Data"
+};
+
+const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1] = {
+ 0,
+ sizeof(int), /* EVP_TYPE */
+ sizeof(size_t), /* BITS */
+ -1, /* KEY_PARAMETERS */
+ 0 /* KEY_NO_PARAMETERS */
+};
+
+const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1] = {
+ 0,
+ -1, /* FRIENDLYNAME: C string */
+ SHA_DIGEST_LENGTH, /* KEYID: SHA1 digest, 160 bits */
+ SHA_DIGEST_LENGTH, /* ISSUERKEYID: SHA1 digest, 160 bits */
+ SHA_DIGEST_LENGTH, /* SUBJECTKEYID: SHA1 digest, 160 bits */
+ SHA_DIGEST_LENGTH, /* ISSUERSERIALHASH: SHA1 digest, 160 bits */
+ sizeof(X509_NAME *), /* ISSUER: X509_NAME * */
+ sizeof(BIGNUM *), /* SERIAL: BIGNUM * */
+ sizeof(X509_NAME *), /* SUBJECT: X509_NAME * */
+ SHA_DIGEST_LENGTH, /* CERTHASH: SHA1 digest, 160 bits */
+ -1, /* EMAIL: C string */
+ -1, /* FILENAME: C string */
+};
+
+STORE *STORE_new_method(const STORE_METHOD *method)
+{
+ STORE *ret;
+
+ if (method == NULL) {
+ STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+
+ ret = (STORE *)OPENSSL_malloc(sizeof(STORE));
+ if (ret == NULL) {
+ STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ ret->meth = method;
+
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
+ if (ret->meth->init && !ret->meth->init(ret)) {
+ STORE_free(ret);
+ ret = NULL;
+ }
+ return ret;
+}
+
+STORE *STORE_new_engine(ENGINE *engine)
+{
+ STORE *ret = NULL;
+ ENGINE *e = engine;
+ const STORE_METHOD *meth = 0;
+
+#ifdef OPENSSL_NO_ENGINE
+ e = NULL;
+#else
+ if (engine) {
+ if (!ENGINE_init(engine)) {
+ STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
+ return NULL;
+ }
+ e = engine;
+ } else {
+ STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ if (e) {
+ meth = ENGINE_get_STORE(e);
+ if (!meth) {
+ STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
+ ENGINE_finish(e);
+ return NULL;
+ }
+ }
+#endif
+
+ ret = STORE_new_method(meth);
+ if (ret == NULL) {
+ STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_STORE_LIB);
+ return NULL;
+ }
+
+ ret->engine = e;
+
+ return (ret);
+}
+
+void STORE_free(STORE *store)
+{
+ if (store == NULL)
+ return;
+ if (store->meth->clean)
+ store->meth->clean(store);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
+ OPENSSL_free(store);
+}
+
+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void))
+{
+ if (store == NULL) {
+ STOREerr(STORE_F_STORE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (store->meth->ctrl)
+ return store->meth->ctrl(store, cmd, i, p, f);
+ STOREerr(STORE_F_STORE_CTRL, STORE_R_NO_CONTROL_FUNCTION);
+ return 0;
+}
+
+int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int STORE_set_ex_data(STORE *r, int idx, void *arg)
+{
+ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
+
+void *STORE_get_ex_data(STORE *r, int idx)
+{
+ return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
+
+const STORE_METHOD *STORE_get_method(STORE *store)
+{
+ return store->meth;
+}
+
+const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
+{
+ store->meth = meth;
+ return store->meth;
+}
+
+/* API helpers */
+
+#define check_store(s,fncode,fnname,fnerrcode) \
+ do \
+ { \
+ if ((s) == NULL || (s)->meth == NULL) \
+ { \
+ STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
+ return 0; \
+ } \
+ if ((s)->meth->fnname == NULL) \
+ { \
+ STOREerr((fncode), (fnerrcode)); \
+ return 0; \
+ } \
+ } \
+ while(0)
+
+/* API functions */
+
+X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ X509 *x;
+
+ check_store(s, STORE_F_STORE_GET_CERTIFICATE,
+ get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
+
+ object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+ attributes, parameters);
+ if (!object || !object->data.x509.certificate) {
+ STOREerr(STORE_F_STORE_GET_CERTIFICATE,
+ STORE_R_FAILED_GETTING_CERTIFICATE);
+ return 0;
+ }
+ CRYPTO_add(&object->data.x509.certificate->references, 1,
+ CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+ REF_PRINT("X509", data);
+#endif
+ x = object->data.x509.certificate;
+ STORE_OBJECT_free(object);
+ return x;
+}
+
+int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ int i;
+
+ check_store(s, STORE_F_STORE_CERTIFICATE,
+ store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+ object = STORE_OBJECT_new();
+ if (!object) {
+ STOREerr(STORE_F_STORE_STORE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+ REF_PRINT("X509", data);
+#endif
+ object->data.x509.certificate = data;
+
+ i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+ object, attributes, parameters);
+
+ STORE_OBJECT_free(object);
+
+ if (!i) {
+ STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
+ STORE_R_FAILED_STORING_CERTIFICATE);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_attributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_MODIFY_CERTIFICATE,
+ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+ search_attributes, add_attributes,
+ modify_attributes, delete_attributes,
+ parameters)) {
+ STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
+ STORE_R_FAILED_MODIFYING_CERTIFICATE);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_REVOKE_CERTIFICATE,
+ revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+ if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+ attributes, parameters)) {
+ STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
+ STORE_R_FAILED_REVOKING_CERTIFICATE);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_DELETE_CERTIFICATE,
+ delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+ attributes, parameters)) {
+ STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
+ STORE_R_FAILED_DELETING_CERTIFICATE);
+ return 0;
+ }
+ return 1;
+}
+
+void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ void *handle;
+
+ check_store(s, STORE_F_STORE_LIST_CERTIFICATE_START,
+ list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+ handle = s->meth->list_object_start(s,
+ STORE_OBJECT_TYPE_X509_CERTIFICATE,
+ attributes, parameters);
+ if (!handle) {
+ STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
+ STORE_R_FAILED_LISTING_CERTIFICATES);
+ return 0;
+ }
+ return handle;
+}
+
+X509 *STORE_list_certificate_next(STORE *s, void *handle)
+{
+ STORE_OBJECT *object;
+ X509 *x;
+
+ check_store(s, STORE_F_STORE_LIST_CERTIFICATE_NEXT,
+ list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+ object = s->meth->list_object_next(s, handle);
+ if (!object || !object->data.x509.certificate) {
+ STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
+ STORE_R_FAILED_LISTING_CERTIFICATES);
+ return 0;
+ }
+ CRYPTO_add(&object->data.x509.certificate->references, 1,
+ CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+ REF_PRINT("X509", data);
+#endif
+ x = object->data.x509.certificate;
+ STORE_OBJECT_free(object);
+ return x;
+}
+
+int STORE_list_certificate_end(STORE *s, void *handle)
+{
+ check_store(s, STORE_F_STORE_LIST_CERTIFICATE_END,
+ list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+ if (!s->meth->list_object_end(s, handle)) {
+ STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
+ STORE_R_FAILED_LISTING_CERTIFICATES);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_list_certificate_endp(STORE *s, void *handle)
+{
+ check_store(s, STORE_F_STORE_LIST_CERTIFICATE_ENDP,
+ list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+ if (!s->meth->list_object_endp(s, handle)) {
+ STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
+ STORE_R_FAILED_LISTING_CERTIFICATES);
+ return 0;
+ }
+ return 1;
+}
+
+EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ EVP_PKEY *pkey;
+
+ check_store(s, STORE_F_STORE_GENERATE_KEY,
+ generate_object, STORE_R_NO_GENERATE_OBJECT_FUNCTION);
+
+ object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+ attributes, parameters);
+ if (!object || !object->data.key) {
+ STOREerr(STORE_F_STORE_GENERATE_KEY, STORE_R_FAILED_GENERATING_KEY);
+ return 0;
+ }
+ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+ REF_PRINT("EVP_PKEY", data);
+#endif
+ pkey = object->data.key;
+ STORE_OBJECT_free(object);
+ return pkey;
+}
+
+EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ EVP_PKEY *pkey;
+
+ check_store(s, STORE_F_STORE_GET_PRIVATE_KEY,
+ get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
+
+ object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+ attributes, parameters);
+ if (!object || !object->data.key || !object->data.key) {
+ STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, STORE_R_FAILED_GETTING_KEY);
+ return 0;
+ }
+ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+ REF_PRINT("EVP_PKEY", data);
+#endif
+ pkey = object->data.key;
+ STORE_OBJECT_free(object);
+ return pkey;
+}
+
+int STORE_store_private_key(STORE *s, EVP_PKEY *data,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ int i;
+
+ check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY,
+ store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+ object = STORE_OBJECT_new();
+ if (!object) {
+ STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ object->data.key = EVP_PKEY_new();
+ if (!object->data.key) {
+ STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+ REF_PRINT("EVP_PKEY", data);
+#endif
+ object->data.key = data;
+
+ i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
+ attributes, parameters);
+
+ STORE_OBJECT_free(object);
+
+ if (!i) {
+ STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, STORE_R_FAILED_STORING_KEY);
+ return 0;
+ }
+ return i;
+}
+
+int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_attributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_MODIFY_PRIVATE_KEY,
+ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+ search_attributes, add_attributes,
+ modify_attributes, delete_attributes,
+ parameters)) {
+ STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
+ STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ int i;
+
+ check_store(s, STORE_F_STORE_REVOKE_PRIVATE_KEY,
+ revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+ i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+ attributes, parameters);
+
+ if (!i) {
+ STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
+ STORE_R_FAILED_REVOKING_KEY);
+ return 0;
+ }
+ return i;
+}
+
+int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_DELETE_PRIVATE_KEY,
+ delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+ attributes, parameters)) {
+ STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
+ STORE_R_FAILED_DELETING_KEY);
+ return 0;
+ }
+ return 1;
+}
+
+void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ void *handle;
+
+ check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_START,
+ list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+ handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+ attributes, parameters);
+ if (!handle) {
+ STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
+ STORE_R_FAILED_LISTING_KEYS);
+ return 0;
+ }
+ return handle;
+}
+
+EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)
+{
+ STORE_OBJECT *object;
+ EVP_PKEY *pkey;
+
+ check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
+ list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+ object = s->meth->list_object_next(s, handle);
+ if (!object || !object->data.key || !object->data.key) {
+ STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
+ STORE_R_FAILED_LISTING_KEYS);
+ return 0;
+ }
+ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+ REF_PRINT("EVP_PKEY", data);
+#endif
+ pkey = object->data.key;
+ STORE_OBJECT_free(object);
+ return pkey;
+}
+
+int STORE_list_private_key_end(STORE *s, void *handle)
+{
+ check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_END,
+ list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+ if (!s->meth->list_object_end(s, handle)) {
+ STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
+ STORE_R_FAILED_LISTING_KEYS);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_list_private_key_endp(STORE *s, void *handle)
+{
+ check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
+ list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+ if (!s->meth->list_object_endp(s, handle)) {
+ STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
+ STORE_R_FAILED_LISTING_KEYS);
+ return 0;
+ }
+ return 1;
+}
+
+EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ EVP_PKEY *pkey;
+
+ check_store(s, STORE_F_STORE_GET_PUBLIC_KEY,
+ get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
+
+ object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+ attributes, parameters);
+ if (!object || !object->data.key || !object->data.key) {
+ STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, STORE_R_FAILED_GETTING_KEY);
+ return 0;
+ }
+ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+ REF_PRINT("EVP_PKEY", data);
+#endif
+ pkey = object->data.key;
+ STORE_OBJECT_free(object);
+ return pkey;
+}
+
+int STORE_store_public_key(STORE *s, EVP_PKEY *data,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ int i;
+
+ check_store(s, STORE_F_STORE_STORE_PUBLIC_KEY,
+ store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+ object = STORE_OBJECT_new();
+ if (!object) {
+ STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ object->data.key = EVP_PKEY_new();
+ if (!object->data.key) {
+ STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+ REF_PRINT("EVP_PKEY", data);
+#endif
+ object->data.key = data;
+
+ i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
+ attributes, parameters);
+
+ STORE_OBJECT_free(object);
+
+ if (!i) {
+ STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, STORE_R_FAILED_STORING_KEY);
+ return 0;
+ }
+ return i;
+}
+
+int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_attributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_MODIFY_PUBLIC_KEY,
+ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+ search_attributes, add_attributes,
+ modify_attributes, delete_attributes,
+ parameters)) {
+ STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
+ STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ int i;
+
+ check_store(s, STORE_F_STORE_REVOKE_PUBLIC_KEY,
+ revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+ i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+ attributes, parameters);
+
+ if (!i) {
+ STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
+ STORE_R_FAILED_REVOKING_KEY);
+ return 0;
+ }
+ return i;
+}
+
+int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_DELETE_PUBLIC_KEY,
+ delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+ attributes, parameters)) {
+ STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
+ STORE_R_FAILED_DELETING_KEY);
+ return 0;
+ }
+ return 1;
+}
+
+void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ void *handle;
+
+ check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_START,
+ list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+ handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+ attributes, parameters);
+ if (!handle) {
+ STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
+ STORE_R_FAILED_LISTING_KEYS);
+ return 0;
+ }
+ return handle;
+}
+
+EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)
+{
+ STORE_OBJECT *object;
+ EVP_PKEY *pkey;
+
+ check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
+ list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+ object = s->meth->list_object_next(s, handle);
+ if (!object || !object->data.key || !object->data.key) {
+ STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
+ STORE_R_FAILED_LISTING_KEYS);
+ return 0;
+ }
+ CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+ REF_PRINT("EVP_PKEY", data);
+#endif
+ pkey = object->data.key;
+ STORE_OBJECT_free(object);
+ return pkey;
+}
+
+int STORE_list_public_key_end(STORE *s, void *handle)
+{
+ check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_END,
+ list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+ if (!s->meth->list_object_end(s, handle)) {
+ STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
+ STORE_R_FAILED_LISTING_KEYS);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_list_public_key_endp(STORE *s, void *handle)
+{
+ check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
+ list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+ if (!s->meth->list_object_endp(s, handle)) {
+ STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
+ STORE_R_FAILED_LISTING_KEYS);
+ return 0;
+ }
+ return 1;
+}
+
+X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ X509_CRL *crl;
+
+ check_store(s, STORE_F_STORE_GENERATE_CRL,
+ generate_object, STORE_R_NO_GENERATE_CRL_FUNCTION);
+
+ object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
+ attributes, parameters);
+ if (!object || !object->data.crl) {
+ STOREerr(STORE_F_STORE_GENERATE_CRL, STORE_R_FAILED_GENERATING_CRL);
+ return 0;
+ }
+ CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+ REF_PRINT("X509_CRL", data);
+#endif
+ crl = object->data.crl;
+ STORE_OBJECT_free(object);
+ return crl;
+}
+
+X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ X509_CRL *crl;
+
+ check_store(s, STORE_F_STORE_GET_CRL,
+ get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
+
+ object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
+ attributes, parameters);
+ if (!object || !object->data.crl) {
+ STOREerr(STORE_F_STORE_GET_CRL, STORE_R_FAILED_GETTING_KEY);
+ return 0;
+ }
+ CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+ REF_PRINT("X509_CRL", data);
+#endif
+ crl = object->data.crl;
+ STORE_OBJECT_free(object);
+ return crl;
+}
+
+int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ int i;
+
+ check_store(s, STORE_F_STORE_STORE_CRL,
+ store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+ object = STORE_OBJECT_new();
+ if (!object) {
+ STOREerr(STORE_F_STORE_STORE_CRL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+ REF_PRINT("X509_CRL", data);
+#endif
+ object->data.crl = data;
+
+ i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
+ attributes, parameters);
+
+ STORE_OBJECT_free(object);
+
+ if (!i) {
+ STOREerr(STORE_F_STORE_STORE_CRL, STORE_R_FAILED_STORING_KEY);
+ return 0;
+ }
+ return i;
+}
+
+int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_attributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_MODIFY_CRL,
+ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
+ search_attributes, add_attributes,
+ modify_attributes, delete_attributes,
+ parameters)) {
+ STOREerr(STORE_F_STORE_MODIFY_CRL, STORE_R_FAILED_MODIFYING_CRL);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_DELETE_CRL,
+ delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
+ attributes, parameters)) {
+ STOREerr(STORE_F_STORE_DELETE_CRL, STORE_R_FAILED_DELETING_KEY);
+ return 0;
+ }
+ return 1;
+}
+
+void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ void *handle;
+
+ check_store(s, STORE_F_STORE_LIST_CRL_START,
+ list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+ handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
+ attributes, parameters);
+ if (!handle) {
+ STOREerr(STORE_F_STORE_LIST_CRL_START, STORE_R_FAILED_LISTING_KEYS);
+ return 0;
+ }
+ return handle;
+}
+
+X509_CRL *STORE_list_crl_next(STORE *s, void *handle)
+{
+ STORE_OBJECT *object;
+ X509_CRL *crl;
+
+ check_store(s, STORE_F_STORE_LIST_CRL_NEXT,
+ list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+ object = s->meth->list_object_next(s, handle);
+ if (!object || !object->data.crl) {
+ STOREerr(STORE_F_STORE_LIST_CRL_NEXT, STORE_R_FAILED_LISTING_KEYS);
+ return 0;
+ }
+ CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+ REF_PRINT("X509_CRL", data);
+#endif
+ crl = object->data.crl;
+ STORE_OBJECT_free(object);
+ return crl;
+}
+
+int STORE_list_crl_end(STORE *s, void *handle)
+{
+ check_store(s, STORE_F_STORE_LIST_CRL_END,
+ list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+ if (!s->meth->list_object_end(s, handle)) {
+ STOREerr(STORE_F_STORE_LIST_CRL_END, STORE_R_FAILED_LISTING_KEYS);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_list_crl_endp(STORE *s, void *handle)
+{
+ check_store(s, STORE_F_STORE_LIST_CRL_ENDP,
+ list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+ if (!s->meth->list_object_endp(s, handle)) {
+ STOREerr(STORE_F_STORE_LIST_CRL_ENDP, STORE_R_FAILED_LISTING_KEYS);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ int i;
+
+ check_store(s, STORE_F_STORE_STORE_NUMBER,
+ store_object, STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
+
+ object = STORE_OBJECT_new();
+ if (!object) {
+ STOREerr(STORE_F_STORE_STORE_NUMBER, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ object->data.number = data;
+
+ i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
+ attributes, parameters);
+
+ STORE_OBJECT_free(object);
+
+ if (!i) {
+ STOREerr(STORE_F_STORE_STORE_NUMBER, STORE_R_FAILED_STORING_NUMBER);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_attributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_MODIFY_NUMBER,
+ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
+ search_attributes, add_attributes,
+ modify_attributes, delete_attributes,
+ parameters)) {
+ STOREerr(STORE_F_STORE_MODIFY_NUMBER,
+ STORE_R_FAILED_MODIFYING_NUMBER);
+ return 0;
+ }
+ return 1;
+}
+
+BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ BIGNUM *n;
+
+ check_store(s, STORE_F_STORE_GET_NUMBER,
+ get_object, STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
+
+ object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
+ parameters);
+ if (!object || !object->data.number) {
+ STOREerr(STORE_F_STORE_GET_NUMBER, STORE_R_FAILED_GETTING_NUMBER);
+ return 0;
+ }
+ n = object->data.number;
+ object->data.number = NULL;
+ STORE_OBJECT_free(object);
+ return n;
+}
+
+int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_DELETE_NUMBER,
+ delete_object, STORE_R_NO_DELETE_NUMBER_FUNCTION);
+
+ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
+ parameters)) {
+ STOREerr(STORE_F_STORE_DELETE_NUMBER, STORE_R_FAILED_DELETING_NUMBER);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ int i;
+
+ check_store(s, STORE_F_STORE_STORE_ARBITRARY,
+ store_object, STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
+
+ object = STORE_OBJECT_new();
+ if (!object) {
+ STOREerr(STORE_F_STORE_STORE_ARBITRARY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ object->data.arbitrary = data;
+
+ i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
+ attributes, parameters);
+
+ STORE_OBJECT_free(object);
+
+ if (!i) {
+ STOREerr(STORE_F_STORE_STORE_ARBITRARY,
+ STORE_R_FAILED_STORING_ARBITRARY);
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_attributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_MODIFY_ARBITRARY,
+ modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+ if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
+ search_attributes, add_attributes,
+ modify_attributes, delete_attributes,
+ parameters)) {
+ STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
+ STORE_R_FAILED_MODIFYING_ARBITRARY);
+ return 0;
+ }
+ return 1;
+}
+
+BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STORE_OBJECT *object;
+ BUF_MEM *b;
+
+ check_store(s, STORE_F_STORE_GET_ARBITRARY,
+ get_object, STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
+
+ object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
+ attributes, parameters);
+ if (!object || !object->data.arbitrary) {
+ STOREerr(STORE_F_STORE_GET_ARBITRARY,
+ STORE_R_FAILED_GETTING_ARBITRARY);
+ return 0;
+ }
+ b = object->data.arbitrary;
+ object->data.arbitrary = NULL;
+ STORE_OBJECT_free(object);
+ return b;
+}
+
+int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ check_store(s, STORE_F_STORE_DELETE_ARBITRARY,
+ delete_object, STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
+
+ if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
+ parameters)) {
+ STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
+ STORE_R_FAILED_DELETING_ARBITRARY);
+ return 0;
+ }
+ return 1;
+}
+
+STORE_OBJECT *STORE_OBJECT_new(void)
+{
+ STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT));
+ if (object)
+ memset(object, 0, sizeof(STORE_OBJECT));
+ return object;
+}
+
+void STORE_OBJECT_free(STORE_OBJECT *data)
+{
+ if (!data)
+ return;
+ switch (data->type) {
+ case STORE_OBJECT_TYPE_X509_CERTIFICATE:
+ X509_free(data->data.x509.certificate);
+ break;
+ case STORE_OBJECT_TYPE_X509_CRL:
+ X509_CRL_free(data->data.crl);
+ break;
+ case STORE_OBJECT_TYPE_PRIVATE_KEY:
+ case STORE_OBJECT_TYPE_PUBLIC_KEY:
+ EVP_PKEY_free(data->data.key);
+ break;
+ case STORE_OBJECT_TYPE_NUMBER:
+ BN_free(data->data.number);
+ break;
+ case STORE_OBJECT_TYPE_ARBITRARY:
+ BUF_MEM_free(data->data.arbitrary);
+ break;
+ }
+ OPENSSL_free(data);
+}
+
+IMPLEMENT_STACK_OF(STORE_OBJECT*)
+
+struct STORE_attr_info_st {
+ unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
+ union {
+ char *cstring;
+ unsigned char *sha1string;
+ X509_NAME *dn;
+ BIGNUM *number;
+ void *any;
+ } values[STORE_ATTR_TYPE_NUM + 1];
+ size_t value_sizes[STORE_ATTR_TYPE_NUM + 1];
+};
+
+#define ATTR_IS_SET(a,i) ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
+ && ((a)->set[(i) / 8] & (1 << ((i) % 8))))
+#define SET_ATTRBIT(a,i) ((a)->set[(i) / 8] |= (1 << ((i) % 8)))
+#define CLEAR_ATTRBIT(a,i) ((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
+
+STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)
+{
+ return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO));
+}
+
+static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,
+ STORE_ATTR_TYPES code)
+{
+ if (ATTR_IS_SET(attrs, code)) {
+ switch (code) {
+ case STORE_ATTR_FRIENDLYNAME:
+ case STORE_ATTR_EMAIL:
+ case STORE_ATTR_FILENAME:
+ STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
+ break;
+ case STORE_ATTR_KEYID:
+ case STORE_ATTR_ISSUERKEYID:
+ case STORE_ATTR_SUBJECTKEYID:
+ case STORE_ATTR_ISSUERSERIALHASH:
+ case STORE_ATTR_CERTHASH:
+ STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
+ break;
+ case STORE_ATTR_ISSUER:
+ case STORE_ATTR_SUBJECT:
+ STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
+ break;
+ case STORE_ATTR_SERIAL:
+ STORE_ATTR_INFO_modify_number(attrs, code, NULL);
+ break;
+ default:
+ break;
+ }
+ }
+}
+
+int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)
+{
+ if (attrs) {
+ STORE_ATTR_TYPES i;
+ for (i = 0; i++ < STORE_ATTR_TYPE_NUM;)
+ STORE_ATTR_INFO_attr_free(attrs, i);
+ OPENSSL_free(attrs);
+ }
+ return 1;
+}
+
+char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
+{
+ if (!attrs) {
+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ if (ATTR_IS_SET(attrs, code))
+ return attrs->values[code].cstring;
+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, STORE_R_NO_VALUE);
+ return NULL;
+}
+
+unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
+ STORE_ATTR_TYPES code)
+{
+ if (!attrs) {
+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ if (ATTR_IS_SET(attrs, code))
+ return attrs->values[code].sha1string;
+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, STORE_R_NO_VALUE);
+ return NULL;
+}
+
+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs,
+ STORE_ATTR_TYPES code)
+{
+ if (!attrs) {
+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ if (ATTR_IS_SET(attrs, code))
+ return attrs->values[code].dn;
+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, STORE_R_NO_VALUE);
+ return NULL;
+}
+
+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs,
+ STORE_ATTR_TYPES code)
+{
+ if (!attrs) {
+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ if (ATTR_IS_SET(attrs, code))
+ return attrs->values[code].number;
+ STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, STORE_R_NO_VALUE);
+ return NULL;
+}
+
+int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+ char *cstr, size_t cstr_size)
+{
+ if (!attrs) {
+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (!ATTR_IS_SET(attrs, code)) {
+ if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))
+ return 1;
+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
+ return 0;
+}
+
+int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+ unsigned char *sha1str, size_t sha1str_size)
+{
+ if (!attrs) {
+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (!ATTR_IS_SET(attrs, code)) {
+ if ((attrs->values[code].sha1string =
+ (unsigned char *)BUF_memdup(sha1str, sha1str_size)))
+ return 1;
+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
+ STORE_R_ALREADY_HAS_A_VALUE);
+ return 0;
+}
+
+int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+ X509_NAME *dn)
+{
+ if (!attrs) {
+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (!ATTR_IS_SET(attrs, code)) {
+ if ((attrs->values[code].dn = X509_NAME_dup(dn)))
+ return 1;
+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
+ return 0;
+}
+
+int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+ BIGNUM *number)
+{
+ if (!attrs) {
+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (!ATTR_IS_SET(attrs, code)) {
+ if ((attrs->values[code].number = BN_dup(number)))
+ return 1;
+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
+ return 0;
+}
+
+int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+ char *cstr, size_t cstr_size)
+{
+ if (!attrs) {
+ STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (ATTR_IS_SET(attrs, code)) {
+ OPENSSL_free(attrs->values[code].cstring);
+ attrs->values[code].cstring = NULL;
+ CLEAR_ATTRBIT(attrs, code);
+ }
+ return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
+}
+
+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs,
+ STORE_ATTR_TYPES code,
+ unsigned char *sha1str,
+ size_t sha1str_size)
+{
+ if (!attrs) {
+ STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (ATTR_IS_SET(attrs, code)) {
+ OPENSSL_free(attrs->values[code].sha1string);
+ attrs->values[code].sha1string = NULL;
+ CLEAR_ATTRBIT(attrs, code);
+ }
+ return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
+}
+
+int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+ X509_NAME *dn)
+{
+ if (!attrs) {
+ STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (ATTR_IS_SET(attrs, code)) {
+ OPENSSL_free(attrs->values[code].dn);
+ attrs->values[code].dn = NULL;
+ CLEAR_ATTRBIT(attrs, code);
+ }
+ return STORE_ATTR_INFO_set_dn(attrs, code, dn);
+}
+
+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs,
+ STORE_ATTR_TYPES code, BIGNUM *number)
+{
+ if (!attrs) {
+ STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (ATTR_IS_SET(attrs, code)) {
+ OPENSSL_free(attrs->values[code].number);
+ attrs->values[code].number = NULL;
+ CLEAR_ATTRBIT(attrs, code);
+ }
+ return STORE_ATTR_INFO_set_number(attrs, code, number);
+}
+
+struct attr_list_ctx_st {
+ OPENSSL_ITEM *attributes;
+};
+void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)
+{
+ if (attributes) {
+ struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)
+ OPENSSL_malloc(sizeof(struct attr_list_ctx_st));
+ if (context)
+ context->attributes = attributes;
+ else
+ STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_MALLOC_FAILURE);
+ return context;
+ }
+ STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+}
+
+STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)
+{
+ struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+ if (context && context->attributes) {
+ STORE_ATTR_INFO *attrs = NULL;
+
+ while (context->attributes
+ && context->attributes->code != STORE_ATTR_OR
+ && context->attributes->code != STORE_ATTR_END) {
+ switch (context->attributes->code) {
+ case STORE_ATTR_FRIENDLYNAME:
+ case STORE_ATTR_EMAIL:
+ case STORE_ATTR_FILENAME:
+ if (!attrs)
+ attrs = STORE_ATTR_INFO_new();
+ if (attrs == NULL) {
+ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ STORE_ATTR_INFO_set_cstr(attrs,
+ context->attributes->code,
+ context->attributes->value,
+ context->attributes->value_size);
+ break;
+ case STORE_ATTR_KEYID:
+ case STORE_ATTR_ISSUERKEYID:
+ case STORE_ATTR_SUBJECTKEYID:
+ case STORE_ATTR_ISSUERSERIALHASH:
+ case STORE_ATTR_CERTHASH:
+ if (!attrs)
+ attrs = STORE_ATTR_INFO_new();
+ if (attrs == NULL) {
+ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ STORE_ATTR_INFO_set_sha1str(attrs,
+ context->attributes->code,
+ context->attributes->value,
+ context->attributes->value_size);
+ break;
+ case STORE_ATTR_ISSUER:
+ case STORE_ATTR_SUBJECT:
+ if (!attrs)
+ attrs = STORE_ATTR_INFO_new();
+ if (attrs == NULL) {
+ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ STORE_ATTR_INFO_modify_dn(attrs,
+ context->attributes->code,
+ context->attributes->value);
+ break;
+ case STORE_ATTR_SERIAL:
+ if (!attrs)
+ attrs = STORE_ATTR_INFO_new();
+ if (attrs == NULL) {
+ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ STORE_ATTR_INFO_modify_number(attrs,
+ context->attributes->code,
+ context->attributes->value);
+ break;
+ }
+ context->attributes++;
+ }
+ if (context->attributes->code == STORE_ATTR_OR)
+ context->attributes++;
+ return attrs;
+ err:
+ while (context->attributes
+ && context->attributes->code != STORE_ATTR_OR
+ && context->attributes->code != STORE_ATTR_END)
+ context->attributes++;
+ if (context->attributes->code == STORE_ATTR_OR)
+ context->attributes++;
+ return NULL;
+ }
+ STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+}
+
+int STORE_parse_attrs_end(void *handle)
+{
+ struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+ if (context && context->attributes) {
+#if 0
+ OPENSSL_ITEM *attributes = context->attributes;
+#endif
+ OPENSSL_free(context);
+ return 1;
+ }
+ STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+}
+
+int STORE_parse_attrs_endp(void *handle)
+{
+ struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+ if (context && context->attributes) {
+ return context->attributes->code == STORE_ATTR_END;
+ }
+ STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+}
+
+static int attr_info_compare_compute_range(unsigned char *abits,
+ unsigned char *bbits,
+ unsigned int *alowp,
+ unsigned int *ahighp,
+ unsigned int *blowp,
+ unsigned int *bhighp)
+{
+ unsigned int alow = (unsigned int)-1, ahigh = 0;
+ unsigned int blow = (unsigned int)-1, bhigh = 0;
+ int i, res = 0;
+
+ for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
+ if (res == 0) {
+ if (*abits < *bbits)
+ res = -1;
+ if (*abits > *bbits)
+ res = 1;
+ }
+ if (*abits) {
+ if (alow == (unsigned int)-1) {
+ alow = i * 8;
+ if (!(*abits & 0x01))
+ alow++;
+ if (!(*abits & 0x02))
+ alow++;
+ if (!(*abits & 0x04))
+ alow++;
+ if (!(*abits & 0x08))
+ alow++;
+ if (!(*abits & 0x10))
+ alow++;
+ if (!(*abits & 0x20))
+ alow++;
+ if (!(*abits & 0x40))
+ alow++;
+ }
+ ahigh = i * 8 + 7;
+ if (!(*abits & 0x80))
+ ahigh++;
+ if (!(*abits & 0x40))
+ ahigh++;
+ if (!(*abits & 0x20))
+ ahigh++;
+ if (!(*abits & 0x10))
+ ahigh++;
+ if (!(*abits & 0x08))
+ ahigh++;
+ if (!(*abits & 0x04))
+ ahigh++;
+ if (!(*abits & 0x02))
+ ahigh++;
+ }
+ if (*bbits) {
+ if (blow == (unsigned int)-1) {
+ blow = i * 8;
+ if (!(*bbits & 0x01))
+ blow++;
+ if (!(*bbits & 0x02))
+ blow++;
+ if (!(*bbits & 0x04))
+ blow++;
+ if (!(*bbits & 0x08))
+ blow++;
+ if (!(*bbits & 0x10))
+ blow++;
+ if (!(*bbits & 0x20))
+ blow++;
+ if (!(*bbits & 0x40))
+ blow++;
+ }
+ bhigh = i * 8 + 7;
+ if (!(*bbits & 0x80))
+ bhigh++;
+ if (!(*bbits & 0x40))
+ bhigh++;
+ if (!(*bbits & 0x20))
+ bhigh++;
+ if (!(*bbits & 0x10))
+ bhigh++;
+ if (!(*bbits & 0x08))
+ bhigh++;
+ if (!(*bbits & 0x04))
+ bhigh++;
+ if (!(*bbits & 0x02))
+ bhigh++;
+ }
+ }
+ if (ahigh + alow < bhigh + blow)
+ res = -1;
+ if (ahigh + alow > bhigh + blow)
+ res = 1;
+ if (alowp)
+ *alowp = alow;
+ if (ahighp)
+ *ahighp = ahigh;
+ if (blowp)
+ *blowp = blow;
+ if (bhighp)
+ *bhighp = bhigh;
+ return res;
+}
+
+int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+{
+ if (a == b)
+ return 0;
+ if (!a)
+ return -1;
+ if (!b)
+ return 1;
+ return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0);
+}
+
+int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+{
+ unsigned int alow, ahigh, blow, bhigh;
+
+ if (a == b)
+ return 1;
+ if (!a)
+ return 0;
+ if (!b)
+ return 0;
+ attr_info_compare_compute_range(a->set, b->set,
+ &alow, &ahigh, &blow, &bhigh);
+ if (alow >= blow && ahigh <= bhigh)
+ return 1;
+ return 0;
+}
+
+int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+{
+ unsigned char *abits, *bbits;
+ int i;
+
+ if (a == b)
+ return 1;
+ if (!a)
+ return 0;
+ if (!b)
+ return 0;
+ abits = a->set;
+ bbits = b->set;
+ for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
+ if (*abits && (*bbits & *abits) != *abits)
+ return 0;
+ }
+ return 1;
+}
+
+int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+{
+ STORE_ATTR_TYPES i;
+
+ if (a == b)
+ return 1;
+ if (!STORE_ATTR_INFO_in(a, b))
+ return 0;
+ for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
+ if (ATTR_IS_SET(a, i)) {
+ switch (i) {
+ case STORE_ATTR_FRIENDLYNAME:
+ case STORE_ATTR_EMAIL:
+ case STORE_ATTR_FILENAME:
+ if (strcmp(a->values[i].cstring, b->values[i].cstring))
+ return 0;
+ break;
+ case STORE_ATTR_KEYID:
+ case STORE_ATTR_ISSUERKEYID:
+ case STORE_ATTR_SUBJECTKEYID:
+ case STORE_ATTR_ISSUERSERIALHASH:
+ case STORE_ATTR_CERTHASH:
+ if (memcmp(a->values[i].sha1string,
+ b->values[i].sha1string, a->value_sizes[i]))
+ return 0;
+ break;
+ case STORE_ATTR_ISSUER:
+ case STORE_ATTR_SUBJECT:
+ if (X509_NAME_cmp(a->values[i].dn, b->values[i].dn))
+ return 0;
+ break;
+ case STORE_ATTR_SERIAL:
+ if (BN_cmp(a->values[i].number, b->values[i].number))
+ return 0;
+ break;
+ default:
+ break;
+ }
+ }
+
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/store/str_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/store/str_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/store/str_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,124 +0,0 @@
-/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_STORE_LOCL_H
-#define HEADER_STORE_LOCL_H
-
-#include <openssl/crypto.h>
-#include <openssl/store.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct store_method_st
- {
- char *name;
-
- /* All the functions return a positive integer or non-NULL for success
- and 0, a negative integer or NULL for failure */
-
- /* Initialise the STORE with private data */
- STORE_INITIALISE_FUNC_PTR init;
- /* Initialise the STORE with private data */
- STORE_CLEANUP_FUNC_PTR clean;
- /* Generate an object of a given type */
- STORE_GENERATE_OBJECT_FUNC_PTR generate_object;
- /* Get an object of a given type. This function isn't really very
- useful since the listing functions (below) can be used for the
- same purpose and are much more general. */
- STORE_GET_OBJECT_FUNC_PTR get_object;
- /* Store an object of a given type. */
- STORE_STORE_OBJECT_FUNC_PTR store_object;
- /* Modify the attributes bound to an object of a given type. */
- STORE_MODIFY_OBJECT_FUNC_PTR modify_object;
- /* Revoke an object of a given type. */
- STORE_HANDLE_OBJECT_FUNC_PTR revoke_object;
- /* Delete an object of a given type. */
- STORE_HANDLE_OBJECT_FUNC_PTR delete_object;
- /* List a bunch of objects of a given type and with the associated
- attributes. */
- STORE_START_OBJECT_FUNC_PTR list_object_start;
- STORE_NEXT_OBJECT_FUNC_PTR list_object_next;
- STORE_END_OBJECT_FUNC_PTR list_object_end;
- STORE_END_OBJECT_FUNC_PTR list_object_endp;
- /* Store-level function to make any necessary update operations. */
- STORE_GENERIC_FUNC_PTR update_store;
- /* Store-level function to get exclusive access to the store. */
- STORE_GENERIC_FUNC_PTR lock_store;
- /* Store-level function to release exclusive access to the store. */
- STORE_GENERIC_FUNC_PTR unlock_store;
-
- /* Generic control function */
- STORE_CTRL_FUNC_PTR ctrl;
- };
-
-struct store_st
- {
- const STORE_METHOD *meth;
- /* functional reference if 'meth' is ENGINE-provided */
- ENGINE *engine;
-
- CRYPTO_EX_DATA ex_data;
- int references;
- };
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/store/str_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/store/str_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/store/str_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/store/str_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,125 @@
+/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_STORE_LOCL_H
+# define HEADER_STORE_LOCL_H
+
+# include <openssl/crypto.h>
+# include <openssl/store.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct store_method_st {
+ char *name;
+ /*
+ * All the functions return a positive integer or non-NULL for success
+ * and 0, a negative integer or NULL for failure
+ */
+ /* Initialise the STORE with private data */
+ STORE_INITIALISE_FUNC_PTR init;
+ /* Initialise the STORE with private data */
+ STORE_CLEANUP_FUNC_PTR clean;
+ /* Generate an object of a given type */
+ STORE_GENERATE_OBJECT_FUNC_PTR generate_object;
+ /*
+ * Get an object of a given type. This function isn't really very useful
+ * since the listing functions (below) can be used for the same purpose
+ * and are much more general.
+ */
+ STORE_GET_OBJECT_FUNC_PTR get_object;
+ /* Store an object of a given type. */
+ STORE_STORE_OBJECT_FUNC_PTR store_object;
+ /* Modify the attributes bound to an object of a given type. */
+ STORE_MODIFY_OBJECT_FUNC_PTR modify_object;
+ /* Revoke an object of a given type. */
+ STORE_HANDLE_OBJECT_FUNC_PTR revoke_object;
+ /* Delete an object of a given type. */
+ STORE_HANDLE_OBJECT_FUNC_PTR delete_object;
+ /*
+ * List a bunch of objects of a given type and with the associated
+ * attributes.
+ */
+ STORE_START_OBJECT_FUNC_PTR list_object_start;
+ STORE_NEXT_OBJECT_FUNC_PTR list_object_next;
+ STORE_END_OBJECT_FUNC_PTR list_object_end;
+ STORE_END_OBJECT_FUNC_PTR list_object_endp;
+ /* Store-level function to make any necessary update operations. */
+ STORE_GENERIC_FUNC_PTR update_store;
+ /* Store-level function to get exclusive access to the store. */
+ STORE_GENERIC_FUNC_PTR lock_store;
+ /* Store-level function to release exclusive access to the store. */
+ STORE_GENERIC_FUNC_PTR unlock_store;
+ /* Generic control function */
+ STORE_CTRL_FUNC_PTR ctrl;
+};
+
+struct store_st {
+ const STORE_METHOD *meth;
+ /* functional reference if 'meth' is ENGINE-provided */
+ ENGINE *engine;
+ CRYPTO_EX_DATA ex_data;
+ int references;
+};
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/store/str_mem.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/store/str_mem.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/store/str_mem.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,357 +0,0 @@
-/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/err.h>
-#include "str_locl.h"
-
-/* The memory store is currently highly experimental. It's meant to become
- a base store used by other stores for internal caching (for full caching
- support, aging needs to be added).
-
- The database use is meant to support as much attribute association as
- possible, while providing for as small search ranges as possible.
- This is currently provided for by sorting the entries by numbers that
- are composed of bits set at the positions indicated by attribute type
- codes. This provides for ranges determined by the highest attribute
- type code value. A better idea might be to sort by values computed
- from the range of attributes associated with the object (basically,
- the difference between the highest and lowest attribute type code)
- and it's distance from a base (basically, the lowest associated
- attribute type code).
-*/
-
-struct mem_object_data_st
- {
- STORE_OBJECT *object;
- STORE_ATTR_INFO *attr_info;
- int references;
- };
-
-struct mem_data_st
- {
- STACK *data; /* A stack of mem_object_data_st,
- sorted with STORE_ATTR_INFO_compare(). */
- unsigned int compute_components : 1; /* Currently unused, but can
- be used to add attributes
- from parts of the data. */
- };
-
-struct mem_ctx_st
- {
- int type; /* The type we're searching for */
- STACK *search_attributes; /* Sets of attributes to search for.
- Each element is a STORE_ATTR_INFO. */
- int search_index; /* which of the search attributes we found a match
- for, -1 when we still haven't found any */
- int index; /* -1 as long as we're searching for the first */
- };
-
-static int mem_init(STORE *s);
-static void mem_clean(STORE *s);
-static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
- STORE_OBJECT *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
- OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
- OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],
- OPENSSL_ITEM parameters[]);
-static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-static STORE_OBJECT *mem_list_next(STORE *s, void *handle);
-static int mem_list_end(STORE *s, void *handle);
-static int mem_list_endp(STORE *s, void *handle);
-static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[]);
-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void));
-
-static STORE_METHOD store_memory =
- {
- "OpenSSL memory store interface",
- mem_init,
- mem_clean,
- mem_generate,
- mem_get,
- mem_store,
- mem_modify,
- NULL, /* revoke */
- mem_delete,
- mem_list_start,
- mem_list_next,
- mem_list_end,
- mem_list_endp,
- NULL, /* update */
- mem_lock,
- mem_unlock,
- mem_ctrl
- };
-
-const STORE_METHOD *STORE_Memory(void)
- {
- return &store_memory;
- }
-
-static int mem_init(STORE *s)
- {
- return 1;
- }
-
-static void mem_clean(STORE *s)
- {
- return;
- }
-
-static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
- {
- STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED);
- return 0;
- }
-static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
- {
- void *context = mem_list_start(s, type, attributes, parameters);
-
- if (context)
- {
- STORE_OBJECT *object = mem_list_next(s, context);
-
- if (mem_list_end(s, context))
- return object;
- }
- return NULL;
- }
-static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
- STORE_OBJECT *data, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);
- return 0;
- }
-static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
- OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
- OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],
- OPENSSL_ITEM parameters[])
- {
- STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED);
- return 0;
- }
-static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
- {
- STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED);
- return 0;
- }
-
-/* The list functions may be the hardest to understand. Basically,
- mem_list_start compiles a stack of attribute info elements, and
- puts that stack into the context to be returned. mem_list_next
- will then find the first matching element in the store, and then
- walk all the way to the end of the store (since any combination
- of attribute bits above the starting point may match the searched
- for bit pattern...). */
-static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
- OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
- {
- struct mem_ctx_st *context =
- (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st));
- void *attribute_context = NULL;
- STORE_ATTR_INFO *attrs = NULL;
-
- if (!context)
- {
- STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
- return 0;
- }
- memset(context, 0, sizeof(struct mem_ctx_st));
-
- attribute_context = STORE_parse_attrs_start(attributes);
- if (!attribute_context)
- {
- STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB);
- goto err;
- }
-
- while((attrs = STORE_parse_attrs_next(attribute_context)))
- {
- if (context->search_attributes == NULL)
- {
- context->search_attributes =
- sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare);
- if (!context->search_attributes)
- {
- STOREerr(STORE_F_MEM_LIST_START,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- sk_push(context->search_attributes,(char *)attrs);
- }
- if (!STORE_parse_attrs_endp(attribute_context))
- goto err;
- STORE_parse_attrs_end(attribute_context);
- context->search_index = -1;
- context->index = -1;
- return context;
- err:
- if (attribute_context) STORE_parse_attrs_end(attribute_context);
- mem_list_end(s, context);
- return NULL;
- }
-static STORE_OBJECT *mem_list_next(STORE *s, void *handle)
- {
- int i;
- struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
- struct mem_object_data_st key = { 0, 0, 1 };
- struct mem_data_st *store =
- (struct mem_data_st *)STORE_get_ex_data(s, 1);
- int srch;
- int cres = 0;
-
- if (!context)
- {
- STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);
- return NULL;
- }
- if (!store)
- {
- STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE);
- return NULL;
- }
-
- if (context->search_index == -1)
- {
- for (i = 0; i < sk_num(context->search_attributes); i++)
- {
- key.attr_info =
- (STORE_ATTR_INFO *)sk_value(context->search_attributes, i);
- srch = sk_find_ex(store->data, (char *)&key);
-
- if (srch >= 0)
- {
- context->search_index = srch;
- break;
- }
- }
- }
- if (context->search_index < 0)
- return NULL;
-
- key.attr_info =
- (STORE_ATTR_INFO *)sk_value(context->search_attributes,
- context->search_index);
- for(srch = context->search_index;
- srch < sk_num(store->data)
- && STORE_ATTR_INFO_in_range(key.attr_info,
- (STORE_ATTR_INFO *)sk_value(store->data, srch))
- && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info,
- (STORE_ATTR_INFO *)sk_value(store->data, srch)));
- srch++)
- ;
-
- context->search_index = srch;
- if (cres)
- return ((struct mem_object_data_st *)sk_value(store->data,
- srch))->object;
- return NULL;
- }
-static int mem_list_end(STORE *s, void *handle)
- {
- struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
-
- if (!context)
- {
- STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if (context && context->search_attributes)
- sk_free(context->search_attributes);
- if (context) OPENSSL_free(context);
- return 1;
- }
-static int mem_list_endp(STORE *s, void *handle)
- {
- struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
-
- if (!context
- || context->search_index == sk_num(context->search_attributes))
- return 1;
- return 0;
- }
-static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- return 1;
- }
-static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
- OPENSSL_ITEM parameters[])
- {
- return 1;
- }
-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void))
- {
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/store/str_mem.c (from rev 6976, vendor-crypto/openssl/dist/crypto/store/str_mem.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/store/str_mem.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/store/str_mem.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,377 @@
+/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include "str_locl.h"
+
+/*
+ * The memory store is currently highly experimental. It's meant to become a
+ * base store used by other stores for internal caching (for full caching
+ * support, aging needs to be added).
+ *
+ * The database use is meant to support as much attribute association as
+ * possible, while providing for as small search ranges as possible. This is
+ * currently provided for by sorting the entries by numbers that are composed
+ * of bits set at the positions indicated by attribute type codes. This
+ * provides for ranges determined by the highest attribute type code value.
+ * A better idea might be to sort by values computed from the range of
+ * attributes associated with the object (basically, the difference between
+ * the highest and lowest attribute type code) and it's distance from a base
+ * (basically, the lowest associated attribute type code).
+ */
+
+struct mem_object_data_st {
+ STORE_OBJECT *object;
+ STORE_ATTR_INFO *attr_info;
+ int references;
+};
+
+struct mem_data_st {
+ /*
+ * A stack of mem_object_data_st,
+ * sorted with STORE_ATTR_INFO_compare().
+ */
+ STACK *data;
+ /*
+ * Currently unused, but can be used to add attributes from parts of the
+ * data.
+ */
+ unsigned int compute_components:1;
+};
+
+struct mem_ctx_st {
+ /* The type we're searching for */
+ int type;
+ /*
+ * Sets of attributes to search for.
+ * Each element is a STORE_ATTR_INFO.
+ */
+ STACK *search_attributes;
+ /*
+ * which of the search attributes we found a match
+ * for, -1 when we still haven't found any
+ */
+ int search_index;
+ /* -1 as long as we're searching for the first */
+ int index;
+};
+
+static int mem_init(STORE *s);
+static void mem_clean(STORE *s);
+static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type, STORE_OBJECT *data,
+ OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_attributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[]);
+static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+static STORE_OBJECT *mem_list_next(STORE *s, void *handle);
+static int mem_list_end(STORE *s, void *handle);
+static int mem_list_endp(STORE *s, void *handle);
+static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[]);
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void));
+
+static STORE_METHOD store_memory = {
+ "OpenSSL memory store interface",
+ mem_init,
+ mem_clean,
+ mem_generate,
+ mem_get,
+ mem_store,
+ mem_modify,
+ NULL, /* revoke */
+ mem_delete,
+ mem_list_start,
+ mem_list_next,
+ mem_list_end,
+ mem_list_endp,
+ NULL, /* update */
+ mem_lock,
+ mem_unlock,
+ mem_ctrl
+};
+
+const STORE_METHOD *STORE_Memory(void)
+{
+ return &store_memory;
+}
+
+static int mem_init(STORE *s)
+{
+ return 1;
+}
+
+static void mem_clean(STORE *s)
+{
+ return;
+}
+
+static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED);
+ return 0;
+}
+
+static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ void *context = mem_list_start(s, type, attributes, parameters);
+
+ if (context) {
+ STORE_OBJECT *object = mem_list_next(s, context);
+
+ if (mem_list_end(s, context))
+ return object;
+ }
+ return NULL;
+}
+
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
+ STORE_OBJECT *data, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);
+ return 0;
+}
+
+static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM search_attributes[],
+ OPENSSL_ITEM add_attributes[],
+ OPENSSL_ITEM modify_attributes[],
+ OPENSSL_ITEM delete_attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED);
+ return 0;
+}
+
+static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+{
+ STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED);
+ return 0;
+}
+
+/*
+ * The list functions may be the hardest to understand. Basically,
+ * mem_list_start compiles a stack of attribute info elements, and puts that
+ * stack into the context to be returned. mem_list_next will then find the
+ * first matching element in the store, and then walk all the way to the end
+ * of the store (since any combination of attribute bits above the starting
+ * point may match the searched for bit pattern...).
+ */
+static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
+ OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ struct mem_ctx_st *context =
+ (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st));
+ void *attribute_context = NULL;
+ STORE_ATTR_INFO *attrs = NULL;
+
+ if (!context) {
+ STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ memset(context, 0, sizeof(struct mem_ctx_st));
+
+ attribute_context = STORE_parse_attrs_start(attributes);
+ if (!attribute_context) {
+ STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB);
+ goto err;
+ }
+
+ while ((attrs = STORE_parse_attrs_next(attribute_context))) {
+ if (context->search_attributes == NULL) {
+ context->search_attributes =
+ sk_new((int (*)(const char *const *, const char *const *))
+ STORE_ATTR_INFO_compare);
+ if (!context->search_attributes) {
+ STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ sk_push(context->search_attributes, (char *)attrs);
+ }
+ if (!STORE_parse_attrs_endp(attribute_context))
+ goto err;
+ STORE_parse_attrs_end(attribute_context);
+ context->search_index = -1;
+ context->index = -1;
+ return context;
+ err:
+ if (attribute_context)
+ STORE_parse_attrs_end(attribute_context);
+ mem_list_end(s, context);
+ return NULL;
+}
+
+static STORE_OBJECT *mem_list_next(STORE *s, void *handle)
+{
+ int i;
+ struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+ struct mem_object_data_st key = { 0, 0, 1 };
+ struct mem_data_st *store = (struct mem_data_st *)STORE_get_ex_data(s, 1);
+ int srch;
+ int cres = 0;
+
+ if (!context) {
+ STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+ if (!store) {
+ STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE);
+ return NULL;
+ }
+
+ if (context->search_index == -1) {
+ for (i = 0; i < sk_num(context->search_attributes); i++) {
+ key.attr_info =
+ (STORE_ATTR_INFO *)sk_value(context->search_attributes, i);
+ srch = sk_find_ex(store->data, (char *)&key);
+
+ if (srch >= 0) {
+ context->search_index = srch;
+ break;
+ }
+ }
+ }
+ if (context->search_index < 0)
+ return NULL;
+
+ key.attr_info =
+ (STORE_ATTR_INFO *)sk_value(context->search_attributes,
+ context->search_index);
+ for (srch = context->search_index; srch < sk_num(store->data)
+ && STORE_ATTR_INFO_in_range(key.attr_info,
+ (STORE_ATTR_INFO *)sk_value(store->data,
+ srch))
+ && !(cres =
+ STORE_ATTR_INFO_in_ex(key.attr_info,
+ (STORE_ATTR_INFO *)sk_value(store->data,
+ srch)));
+ srch++) ;
+
+ context->search_index = srch;
+ if (cres)
+ return ((struct mem_object_data_st *)sk_value(store->data,
+ srch))->object;
+ return NULL;
+}
+
+static int mem_list_end(STORE *s, void *handle)
+{
+ struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+
+ if (!context) {
+ STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (context && context->search_attributes)
+ sk_free(context->search_attributes);
+ if (context)
+ OPENSSL_free(context);
+ return 1;
+}
+
+static int mem_list_endp(STORE *s, void *handle)
+{
+ struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+
+ if (!context
+ || context->search_index == sk_num(context->search_attributes))
+ return 1;
+ return 0;
+}
+
+static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ return 1;
+}
+
+static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
+ OPENSSL_ITEM parameters[])
+{
+ return 1;
+}
+
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void))
+{
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/store/str_meth.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/store/str_meth.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/store/str_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,250 +0,0 @@
-/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/buffer.h>
-#include "str_locl.h"
-
-STORE_METHOD *STORE_create_method(char *name)
- {
- STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));
-
- if (store_method)
- {
- memset(store_method, 0, sizeof(*store_method));
- store_method->name = BUF_strdup(name);
- }
- return store_method;
- }
-
-/* BIG FSCKING WARNING!!!! If you use this on a statically allocated method
- (that is, it hasn't been allocated using STORE_create_method(), you deserve
- anything Murphy can throw at you and more! You have been warned. */
-void STORE_destroy_method(STORE_METHOD *store_method)
- {
- if (!store_method) return;
- OPENSSL_free(store_method->name);
- store_method->name = NULL;
- OPENSSL_free(store_method);
- }
-
-int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f)
- {
- sm->init = init_f;
- return 1;
- }
-
-int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f)
- {
- sm->clean = clean_f;
- return 1;
- }
-
-int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f)
- {
- sm->generate_object = generate_f;
- return 1;
- }
-
-int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f)
- {
- sm->get_object = get_f;
- return 1;
- }
-
-int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f)
- {
- sm->store_object = store_f;
- return 1;
- }
-
-int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR modify_f)
- {
- sm->modify_object = modify_f;
- return 1;
- }
-
-int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f)
- {
- sm->revoke_object = revoke_f;
- return 1;
- }
-
-int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f)
- {
- sm->delete_object = delete_f;
- return 1;
- }
-
-int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f)
- {
- sm->list_object_start = list_start_f;
- return 1;
- }
-
-int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f)
- {
- sm->list_object_next = list_next_f;
- return 1;
- }
-
-int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f)
- {
- sm->list_object_end = list_end_f;
- return 1;
- }
-
-int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f)
- {
- sm->update_store = update_f;
- return 1;
- }
-
-int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f)
- {
- sm->lock_store = lock_f;
- return 1;
- }
-
-int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f)
- {
- sm->unlock_store = unlock_f;
- return 1;
- }
-
-int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f)
- {
- sm->ctrl = ctrl_f;
- return 1;
- }
-
-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm)
- {
- return sm->init;
- }
-
-STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm)
- {
- return sm->clean;
- }
-
-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm)
- {
- return sm->generate_object;
- }
-
-STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm)
- {
- return sm->get_object;
- }
-
-STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm)
- {
- return sm->store_object;
- }
-
-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm)
- {
- return sm->modify_object;
- }
-
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm)
- {
- return sm->revoke_object;
- }
-
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm)
- {
- return sm->delete_object;
- }
-
-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm)
- {
- return sm->list_object_start;
- }
-
-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm)
- {
- return sm->list_object_next;
- }
-
-STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm)
- {
- return sm->list_object_end;
- }
-
-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm)
- {
- return sm->update_store;
- }
-
-STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm)
- {
- return sm->lock_store;
- }
-
-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm)
- {
- return sm->unlock_store;
- }
-
-STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm)
- {
- return sm->ctrl;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/store/str_meth.c (from rev 6976, vendor-crypto/openssl/dist/crypto/store/str_meth.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/store/str_meth.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/store/str_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,280 @@
+/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/buffer.h>
+#include "str_locl.h"
+
+STORE_METHOD *STORE_create_method(char *name)
+{
+ STORE_METHOD *store_method =
+ (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));
+
+ if (store_method) {
+ memset(store_method, 0, sizeof(*store_method));
+ store_method->name = BUF_strdup(name);
+ }
+ return store_method;
+}
+
+/*
+ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method
+ * (that is, it hasn't been allocated using STORE_create_method(), you
+ * deserve anything Murphy can throw at you and more! You have been warned.
+ */
+void STORE_destroy_method(STORE_METHOD *store_method)
+{
+ if (!store_method)
+ return;
+ OPENSSL_free(store_method->name);
+ store_method->name = NULL;
+ OPENSSL_free(store_method);
+}
+
+int STORE_method_set_initialise_function(STORE_METHOD *sm,
+ STORE_INITIALISE_FUNC_PTR init_f)
+{
+ sm->init = init_f;
+ return 1;
+}
+
+int STORE_method_set_cleanup_function(STORE_METHOD *sm,
+ STORE_CLEANUP_FUNC_PTR clean_f)
+{
+ sm->clean = clean_f;
+ return 1;
+}
+
+int STORE_method_set_generate_function(STORE_METHOD *sm,
+ STORE_GENERATE_OBJECT_FUNC_PTR
+ generate_f)
+{
+ sm->generate_object = generate_f;
+ return 1;
+}
+
+int STORE_method_set_get_function(STORE_METHOD *sm,
+ STORE_GET_OBJECT_FUNC_PTR get_f)
+{
+ sm->get_object = get_f;
+ return 1;
+}
+
+int STORE_method_set_store_function(STORE_METHOD *sm,
+ STORE_STORE_OBJECT_FUNC_PTR store_f)
+{
+ sm->store_object = store_f;
+ return 1;
+}
+
+int STORE_method_set_modify_function(STORE_METHOD *sm,
+ STORE_MODIFY_OBJECT_FUNC_PTR modify_f)
+{
+ sm->modify_object = modify_f;
+ return 1;
+}
+
+int STORE_method_set_revoke_function(STORE_METHOD *sm,
+ STORE_HANDLE_OBJECT_FUNC_PTR revoke_f)
+{
+ sm->revoke_object = revoke_f;
+ return 1;
+}
+
+int STORE_method_set_delete_function(STORE_METHOD *sm,
+ STORE_HANDLE_OBJECT_FUNC_PTR delete_f)
+{
+ sm->delete_object = delete_f;
+ return 1;
+}
+
+int STORE_method_set_list_start_function(STORE_METHOD *sm,
+ STORE_START_OBJECT_FUNC_PTR
+ list_start_f)
+{
+ sm->list_object_start = list_start_f;
+ return 1;
+}
+
+int STORE_method_set_list_next_function(STORE_METHOD *sm,
+ STORE_NEXT_OBJECT_FUNC_PTR
+ list_next_f)
+{
+ sm->list_object_next = list_next_f;
+ return 1;
+}
+
+int STORE_method_set_list_end_function(STORE_METHOD *sm,
+ STORE_END_OBJECT_FUNC_PTR list_end_f)
+{
+ sm->list_object_end = list_end_f;
+ return 1;
+}
+
+int STORE_method_set_update_store_function(STORE_METHOD *sm,
+ STORE_GENERIC_FUNC_PTR update_f)
+{
+ sm->update_store = update_f;
+ return 1;
+}
+
+int STORE_method_set_lock_store_function(STORE_METHOD *sm,
+ STORE_GENERIC_FUNC_PTR lock_f)
+{
+ sm->lock_store = lock_f;
+ return 1;
+}
+
+int STORE_method_set_unlock_store_function(STORE_METHOD *sm,
+ STORE_GENERIC_FUNC_PTR unlock_f)
+{
+ sm->unlock_store = unlock_f;
+ return 1;
+}
+
+int STORE_method_set_ctrl_function(STORE_METHOD *sm,
+ STORE_CTRL_FUNC_PTR ctrl_f)
+{
+ sm->ctrl = ctrl_f;
+ return 1;
+}
+
+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD
+ *sm)
+{
+ return sm->init;
+}
+
+STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm)
+{
+ return sm->clean;
+}
+
+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD
+ *sm)
+{
+ return sm->generate_object;
+}
+
+STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm)
+{
+ return sm->get_object;
+}
+
+STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm)
+{
+ return sm->store_object;
+}
+
+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD
+ *sm)
+{
+ return sm->modify_object;
+}
+
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD
+ *sm)
+{
+ return sm->revoke_object;
+}
+
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD
+ *sm)
+{
+ return sm->delete_object;
+}
+
+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD
+ *sm)
+{
+ return sm->list_object_start;
+}
+
+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD
+ *sm)
+{
+ return sm->list_object_next;
+}
+
+STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm)
+{
+ return sm->list_object_end;
+}
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD
+ *sm)
+{
+ return sm->update_store;
+}
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm)
+{
+ return sm->lock_store;
+}
+
+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD
+ *sm)
+{
+ return sm->unlock_store;
+}
+
+STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm)
+{
+ return sm->ctrl;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/symhacks.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/symhacks.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/symhacks.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,427 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SYMHACKS_H
-#define HEADER_SYMHACKS_H
-
-#include <openssl/e_os2.h>
-
-/* Hacks to solve the problem with linkers incapable of handling very long
- symbol names. In the case of VMS, the limit is 31 characters on VMS for
- VAX. */
-/* Note that this affects util/libeay.num and util/ssleay.num... you may
- change those manually, but that's not recommended, as those files are
- controlled centrally and updated on Unix, and the central definition
- may disagree with yours, which in turn may come with shareable library
- incompatibilities. */
-#ifdef OPENSSL_SYS_VMS
-
-/* Hack a long name in crypto/cryptlib.c */
-#undef int_CRYPTO_set_do_dynlock_callback
-#define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb
-
-/* Hack a long name in crypto/ex_data.c */
-#undef CRYPTO_get_ex_data_implementation
-#define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl
-#undef CRYPTO_set_ex_data_implementation
-#define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl
-
-/* Hack a long name in crypto/asn1/a_mbstr.c */
-#undef ASN1_STRING_set_default_mask_asc
-#define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc
-
-#if 0 /* No longer needed, since safestack macro magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
-#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
-#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF
-#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO
-#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF
-#endif
-
-#if 0 /* No longer needed, since safestack macro magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
-#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
-#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF
-#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO
-#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF
-#endif
-
-#if 0 /* No longer needed, since safestack macro magic does the job */
-/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
-#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
-#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC
-#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION
-#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC
-#endif
-
-/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
-#undef PEM_read_NETSCAPE_CERT_SEQUENCE
-#define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ
-#undef PEM_write_NETSCAPE_CERT_SEQUENCE
-#define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ
-#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE
-#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ
-#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE
-#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ
-#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE
-#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ
-
-/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */
-#undef PEM_read_PKCS8_PRIV_KEY_INFO
-#define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO
-#undef PEM_write_PKCS8_PRIV_KEY_INFO
-#define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO
-#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO
-#define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO
-#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO
-#define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO
-#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO
-#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO
-
-/* Hack other PEM names */
-#undef PEM_write_bio_PKCS8PrivateKey_nid
-#define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid
-
-/* Hack some long X509 names */
-#undef X509_REVOKED_get_ext_by_critical
-#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic
-#undef X509_policy_tree_get0_user_policies
-#define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies
-#undef X509_policy_node_get0_qualifiers
-#define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers
-#undef X509_STORE_CTX_get_explicit_policy
-#define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy
-#undef X509_STORE_CTX_get0_current_issuer
-#define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer
-
-/* Hack some long CRYPTO names */
-#undef CRYPTO_set_dynlock_destroy_callback
-#define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb
-#undef CRYPTO_set_dynlock_create_callback
-#define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb
-#undef CRYPTO_set_dynlock_lock_callback
-#define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb
-#undef CRYPTO_get_dynlock_lock_callback
-#define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb
-#undef CRYPTO_get_dynlock_destroy_callback
-#define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb
-#undef CRYPTO_get_dynlock_create_callback
-#define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb
-#undef CRYPTO_set_locked_mem_ex_functions
-#define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs
-#undef CRYPTO_get_locked_mem_ex_functions
-#define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs
-
-/* Hack some long SSL names */
-#undef SSL_CTX_set_default_verify_paths
-#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths
-#undef SSL_get_ex_data_X509_STORE_CTX_idx
-#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx
-#undef SSL_add_file_cert_subjects_to_stack
-#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk
-#undef SSL_add_dir_cert_subjects_to_stack
-#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk
-#undef SSL_CTX_use_certificate_chain_file
-#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file
-#undef SSL_CTX_set_cert_verify_callback
-#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb
-#undef SSL_CTX_set_default_passwd_cb_userdata
-#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
-#undef SSL_COMP_get_compression_methods
-#define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
-
-#undef ssl_add_clienthello_renegotiate_ext
-#define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext
-#undef ssl_add_serverhello_renegotiate_ext
-#define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext
-#undef ssl_parse_clienthello_renegotiate_ext
-#define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext
-#undef ssl_parse_serverhello_renegotiate_ext
-#define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext
-
-/* Hack some long ENGINE names */
-#undef ENGINE_get_default_BN_mod_exp_crt
-#define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt
-#undef ENGINE_set_default_BN_mod_exp_crt
-#define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt
-#undef ENGINE_set_load_privkey_function
-#define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn
-#undef ENGINE_get_load_privkey_function
-#define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn
-#undef ENGINE_set_load_ssl_client_cert_function
-#define ENGINE_set_load_ssl_client_cert_function \
- ENGINE_set_ld_ssl_clnt_cert_fn
-#undef ENGINE_get_ssl_client_cert_function
-#define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn
-
-/* Hack some long OCSP names */
-#undef OCSP_REQUEST_get_ext_by_critical
-#define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit
-#undef OCSP_BASICRESP_get_ext_by_critical
-#define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit
-#undef OCSP_SINGLERESP_get_ext_by_critical
-#define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit
-
-/* Hack some long DES names */
-#undef _ossl_old_des_ede3_cfb64_encrypt
-#define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt
-#undef _ossl_old_des_ede3_ofb64_encrypt
-#define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt
-
-/* Hack some long EVP names */
-#undef OPENSSL_add_all_algorithms_noconf
-#define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf
-#undef OPENSSL_add_all_algorithms_conf
-#define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf
-
-/* Hack some long EC names */
-#undef EC_GROUP_set_point_conversion_form
-#define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form
-#undef EC_GROUP_get_point_conversion_form
-#define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form
-#undef EC_GROUP_clear_free_all_extra_data
-#define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data
-#undef EC_POINT_set_Jprojective_coordinates_GFp
-#define EC_POINT_set_Jprojective_coordinates_GFp \
- EC_POINT_set_Jproj_coords_GFp
-#undef EC_POINT_get_Jprojective_coordinates_GFp
-#define EC_POINT_get_Jprojective_coordinates_GFp \
- EC_POINT_get_Jproj_coords_GFp
-#undef EC_POINT_set_affine_coordinates_GFp
-#define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp
-#undef EC_POINT_get_affine_coordinates_GFp
-#define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp
-#undef EC_POINT_set_compressed_coordinates_GFp
-#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp
-#undef EC_POINT_set_affine_coordinates_GF2m
-#define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m
-#undef EC_POINT_get_affine_coordinates_GF2m
-#define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m
-#undef EC_POINT_set_compressed_coordinates_GF2m
-#define EC_POINT_set_compressed_coordinates_GF2m \
- EC_POINT_set_compr_coords_GF2m
-#undef ec_GF2m_simple_group_clear_finish
-#define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish
-#undef ec_GF2m_simple_group_check_discriminant
-#define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim
-#undef ec_GF2m_simple_point_clear_finish
-#define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish
-#undef ec_GF2m_simple_point_set_to_infinity
-#define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf
-#undef ec_GF2m_simple_points_make_affine
-#define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine
-#undef ec_GF2m_simple_point_set_affine_coordinates
-#define ec_GF2m_simple_point_set_affine_coordinates \
- ec_GF2m_smp_pt_set_af_coords
-#undef ec_GF2m_simple_point_get_affine_coordinates
-#define ec_GF2m_simple_point_get_affine_coordinates \
- ec_GF2m_smp_pt_get_af_coords
-#undef ec_GF2m_simple_set_compressed_coordinates
-#define ec_GF2m_simple_set_compressed_coordinates \
- ec_GF2m_smp_set_compr_coords
-#undef ec_GFp_simple_group_set_curve_GFp
-#define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp
-#undef ec_GFp_simple_group_get_curve_GFp
-#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp
-#undef ec_GFp_simple_group_clear_finish
-#define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish
-#undef ec_GFp_simple_group_set_generator
-#define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator
-#undef ec_GFp_simple_group_get0_generator
-#define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator
-#undef ec_GFp_simple_group_get_cofactor
-#define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor
-#undef ec_GFp_simple_point_clear_finish
-#define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish
-#undef ec_GFp_simple_point_set_to_infinity
-#define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf
-#undef ec_GFp_simple_points_make_affine
-#define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine
-#undef ec_GFp_simple_set_Jprojective_coordinates_GFp
-#define ec_GFp_simple_set_Jprojective_coordinates_GFp \
- ec_GFp_smp_set_Jproj_coords_GFp
-#undef ec_GFp_simple_get_Jprojective_coordinates_GFp
-#define ec_GFp_simple_get_Jprojective_coordinates_GFp \
- ec_GFp_smp_get_Jproj_coords_GFp
-#undef ec_GFp_simple_point_set_affine_coordinates_GFp
-#define ec_GFp_simple_point_set_affine_coordinates_GFp \
- ec_GFp_smp_pt_set_af_coords_GFp
-#undef ec_GFp_simple_point_get_affine_coordinates_GFp
-#define ec_GFp_simple_point_get_affine_coordinates_GFp \
- ec_GFp_smp_pt_get_af_coords_GFp
-#undef ec_GFp_simple_set_compressed_coordinates_GFp
-#define ec_GFp_simple_set_compressed_coordinates_GFp \
- ec_GFp_smp_set_compr_coords_GFp
-#undef ec_GFp_simple_point_set_affine_coordinates
-#define ec_GFp_simple_point_set_affine_coordinates \
- ec_GFp_smp_pt_set_af_coords
-#undef ec_GFp_simple_point_get_affine_coordinates
-#define ec_GFp_simple_point_get_affine_coordinates \
- ec_GFp_smp_pt_get_af_coords
-#undef ec_GFp_simple_set_compressed_coordinates
-#define ec_GFp_simple_set_compressed_coordinates \
- ec_GFp_smp_set_compr_coords
-#undef ec_GFp_simple_group_check_discriminant
-#define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim
-
-/* Hack som long STORE names */
-#undef STORE_method_set_initialise_function
-#define STORE_method_set_initialise_function STORE_meth_set_initialise_fn
-#undef STORE_method_set_cleanup_function
-#define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn
-#undef STORE_method_set_generate_function
-#define STORE_method_set_generate_function STORE_meth_set_generate_fn
-#undef STORE_method_set_modify_function
-#define STORE_method_set_modify_function STORE_meth_set_modify_fn
-#undef STORE_method_set_revoke_function
-#define STORE_method_set_revoke_function STORE_meth_set_revoke_fn
-#undef STORE_method_set_delete_function
-#define STORE_method_set_delete_function STORE_meth_set_delete_fn
-#undef STORE_method_set_list_start_function
-#define STORE_method_set_list_start_function STORE_meth_set_list_start_fn
-#undef STORE_method_set_list_next_function
-#define STORE_method_set_list_next_function STORE_meth_set_list_next_fn
-#undef STORE_method_set_list_end_function
-#define STORE_method_set_list_end_function STORE_meth_set_list_end_fn
-#undef STORE_method_set_update_store_function
-#define STORE_method_set_update_store_function STORE_meth_set_update_store_fn
-#undef STORE_method_set_lock_store_function
-#define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn
-#undef STORE_method_set_unlock_store_function
-#define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn
-#undef STORE_method_get_initialise_function
-#define STORE_method_get_initialise_function STORE_meth_get_initialise_fn
-#undef STORE_method_get_cleanup_function
-#define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn
-#undef STORE_method_get_generate_function
-#define STORE_method_get_generate_function STORE_meth_get_generate_fn
-#undef STORE_method_get_modify_function
-#define STORE_method_get_modify_function STORE_meth_get_modify_fn
-#undef STORE_method_get_revoke_function
-#define STORE_method_get_revoke_function STORE_meth_get_revoke_fn
-#undef STORE_method_get_delete_function
-#define STORE_method_get_delete_function STORE_meth_get_delete_fn
-#undef STORE_method_get_list_start_function
-#define STORE_method_get_list_start_function STORE_meth_get_list_start_fn
-#undef STORE_method_get_list_next_function
-#define STORE_method_get_list_next_function STORE_meth_get_list_next_fn
-#undef STORE_method_get_list_end_function
-#define STORE_method_get_list_end_function STORE_meth_get_list_end_fn
-#undef STORE_method_get_update_store_function
-#define STORE_method_get_update_store_function STORE_meth_get_update_store_fn
-#undef STORE_method_get_lock_store_function
-#define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn
-#undef STORE_method_get_unlock_store_function
-#define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn
-
-/* Hack some long CMS names */
-#undef CMS_RecipientInfo_ktri_get0_algs
-#define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs
-#undef CMS_RecipientInfo_ktri_get0_signer_id
-#define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id
-#undef CMS_OtherRevocationInfoFormat_it
-#define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it
-#undef CMS_KeyAgreeRecipientIdentifier_it
-#define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it
-#undef CMS_OriginatorIdentifierOrKey_it
-#define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it
-#undef cms_SignerIdentifier_get0_signer_id
-#define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id
-
-/* Hack some long DTLS1 names */
-#undef dtls1_retransmit_buffered_messages
-#define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs
-
-#endif /* defined OPENSSL_SYS_VMS */
-
-
-/* Case insensiteve linking causes problems.... */
-#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
-#undef ERR_load_CRYPTO_strings
-#define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings
-#undef OCSP_crlID_new
-#define OCSP_crlID_new OCSP_crlID2_new
-
-#undef d2i_ECPARAMETERS
-#define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS
-#undef i2d_ECPARAMETERS
-#define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS
-#undef d2i_ECPKPARAMETERS
-#define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS
-#undef i2d_ECPKPARAMETERS
-#define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS
-
-/* These functions do not seem to exist! However, I'm paranoid...
- Original command in x509v3.h:
- These functions are being redefined in another directory,
- and clash when the linker is case-insensitive, so let's
- hide them a little, by giving them an extra 'o' at the
- beginning of the name... */
-#undef X509v3_cleanup_extensions
-#define X509v3_cleanup_extensions oX509v3_cleanup_extensions
-#undef X509v3_add_extension
-#define X509v3_add_extension oX509v3_add_extension
-#undef X509v3_add_netscape_extensions
-#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions
-#undef X509v3_add_standard_extensions
-#define X509v3_add_standard_extensions oX509v3_add_standard_extensions
-
-
-#endif
-
-
-#endif /* ! defined HEADER_VMS_IDHACKS_H */
-/* This one clashes with CMS_data_create */
-#undef cms_Data_create
-#define cms_Data_create priv_cms_Data_create
Copied: vendor-crypto/openssl/0.9.8zf/crypto/symhacks.h (from rev 6976, vendor-crypto/openssl/dist/crypto/symhacks.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/symhacks.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/symhacks.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,438 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SYMHACKS_H
+# define HEADER_SYMHACKS_H
+
+# include <openssl/e_os2.h>
+
+/*
+ * Hacks to solve the problem with linkers incapable of handling very long
+ * symbol names. In the case of VMS, the limit is 31 characters on VMS for
+ * VAX.
+ */
+/*
+ * Note that this affects util/libeay.num and util/ssleay.num... you may
+ * change those manually, but that's not recommended, as those files are
+ * controlled centrally and updated on Unix, and the central definition may
+ * disagree with yours, which in turn may come with shareable library
+ * incompatibilities.
+ */
+# ifdef OPENSSL_SYS_VMS
+
+/* Hack a long name in crypto/cryptlib.c */
+# undef int_CRYPTO_set_do_dynlock_callback
+# define int_CRYPTO_set_do_dynlock_callback int_CRYPTO_set_do_dynlock_cb
+
+/* Hack a long name in crypto/ex_data.c */
+# undef CRYPTO_get_ex_data_implementation
+# define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl
+# undef CRYPTO_set_ex_data_implementation
+# define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl
+
+/* Hack a long name in crypto/asn1/a_mbstr.c */
+# undef ASN1_STRING_set_default_mask_asc
+# define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc
+
+# if 0 /* No longer needed, since safestack macro
+ * magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
+# undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
+# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF
+# undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO
+# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF
+# endif
+
+# if 0 /* No longer needed, since safestack macro
+ * magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
+# undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
+# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF
+# undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO
+# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF
+# endif
+
+# if 0 /* No longer needed, since safestack macro
+ * magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
+# undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
+# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC
+# undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION
+# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC
+# endif
+
+/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
+# undef PEM_read_NETSCAPE_CERT_SEQUENCE
+# define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ
+# undef PEM_write_NETSCAPE_CERT_SEQUENCE
+# define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ
+# undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE
+# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ
+# undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE
+# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ
+# undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE
+# define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ
+
+/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */
+# undef PEM_read_PKCS8_PRIV_KEY_INFO
+# define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO
+# undef PEM_write_PKCS8_PRIV_KEY_INFO
+# define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO
+# undef PEM_read_bio_PKCS8_PRIV_KEY_INFO
+# define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO
+# undef PEM_write_bio_PKCS8_PRIV_KEY_INFO
+# define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO
+# undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO
+# define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO
+
+/* Hack other PEM names */
+# undef PEM_write_bio_PKCS8PrivateKey_nid
+# define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid
+
+/* Hack some long X509 names */
+# undef X509_REVOKED_get_ext_by_critical
+# define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic
+# undef X509_policy_tree_get0_user_policies
+# define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies
+# undef X509_policy_node_get0_qualifiers
+# define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers
+# undef X509_STORE_CTX_get_explicit_policy
+# define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy
+# undef X509_STORE_CTX_get0_current_issuer
+# define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer
+
+/* Hack some long CRYPTO names */
+# undef CRYPTO_set_dynlock_destroy_callback
+# define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb
+# undef CRYPTO_set_dynlock_create_callback
+# define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb
+# undef CRYPTO_set_dynlock_lock_callback
+# define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb
+# undef CRYPTO_get_dynlock_lock_callback
+# define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb
+# undef CRYPTO_get_dynlock_destroy_callback
+# define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb
+# undef CRYPTO_get_dynlock_create_callback
+# define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb
+# undef CRYPTO_set_locked_mem_ex_functions
+# define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs
+# undef CRYPTO_get_locked_mem_ex_functions
+# define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs
+
+/* Hack some long SSL names */
+# undef SSL_CTX_set_default_verify_paths
+# define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths
+# undef SSL_get_ex_data_X509_STORE_CTX_idx
+# define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx
+# undef SSL_add_file_cert_subjects_to_stack
+# define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk
+# undef SSL_add_dir_cert_subjects_to_stack
+# define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk
+# undef SSL_CTX_use_certificate_chain_file
+# define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file
+# undef SSL_CTX_set_cert_verify_callback
+# define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb
+# undef SSL_CTX_set_default_passwd_cb_userdata
+# define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud
+# undef SSL_COMP_get_compression_methods
+# define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods
+
+# undef ssl_add_clienthello_renegotiate_ext
+# define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext
+# undef ssl_add_serverhello_renegotiate_ext
+# define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext
+# undef ssl_parse_clienthello_renegotiate_ext
+# define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext
+# undef ssl_parse_serverhello_renegotiate_ext
+# define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext
+
+# undef ssl3_cbc_record_digest_supported
+# define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support
+# undef ssl_check_clienthello_tlsext_late
+# define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late
+# undef ssl_check_clienthello_tlsext_early
+# define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early
+
+/* Hack some long ENGINE names */
+# undef ENGINE_get_default_BN_mod_exp_crt
+# define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt
+# undef ENGINE_set_default_BN_mod_exp_crt
+# define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt
+# undef ENGINE_set_load_privkey_function
+# define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn
+# undef ENGINE_get_load_privkey_function
+# define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn
+# undef ENGINE_set_load_ssl_client_cert_function
+# define ENGINE_set_load_ssl_client_cert_function \
+ ENGINE_set_ld_ssl_clnt_cert_fn
+# undef ENGINE_get_ssl_client_cert_function
+# define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn
+
+/* Hack some long OCSP names */
+# undef OCSP_REQUEST_get_ext_by_critical
+# define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit
+# undef OCSP_BASICRESP_get_ext_by_critical
+# define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit
+# undef OCSP_SINGLERESP_get_ext_by_critical
+# define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit
+
+/* Hack some long DES names */
+# undef _ossl_old_des_ede3_cfb64_encrypt
+# define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt
+# undef _ossl_old_des_ede3_ofb64_encrypt
+# define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt
+
+/* Hack some long EVP names */
+# undef OPENSSL_add_all_algorithms_noconf
+# define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf
+# undef OPENSSL_add_all_algorithms_conf
+# define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf
+
+/* Hack some long EC names */
+# undef EC_GROUP_set_point_conversion_form
+# define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form
+# undef EC_GROUP_get_point_conversion_form
+# define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form
+# undef EC_GROUP_clear_free_all_extra_data
+# define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data
+# undef EC_POINT_set_Jprojective_coordinates_GFp
+# define EC_POINT_set_Jprojective_coordinates_GFp \
+ EC_POINT_set_Jproj_coords_GFp
+# undef EC_POINT_get_Jprojective_coordinates_GFp
+# define EC_POINT_get_Jprojective_coordinates_GFp \
+ EC_POINT_get_Jproj_coords_GFp
+# undef EC_POINT_set_affine_coordinates_GFp
+# define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp
+# undef EC_POINT_get_affine_coordinates_GFp
+# define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp
+# undef EC_POINT_set_compressed_coordinates_GFp
+# define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp
+# undef EC_POINT_set_affine_coordinates_GF2m
+# define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m
+# undef EC_POINT_get_affine_coordinates_GF2m
+# define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m
+# undef EC_POINT_set_compressed_coordinates_GF2m
+# define EC_POINT_set_compressed_coordinates_GF2m \
+ EC_POINT_set_compr_coords_GF2m
+# undef ec_GF2m_simple_group_clear_finish
+# define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish
+# undef ec_GF2m_simple_group_check_discriminant
+# define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim
+# undef ec_GF2m_simple_point_clear_finish
+# define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish
+# undef ec_GF2m_simple_point_set_to_infinity
+# define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf
+# undef ec_GF2m_simple_points_make_affine
+# define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine
+# undef ec_GF2m_simple_point_set_affine_coordinates
+# define ec_GF2m_simple_point_set_affine_coordinates \
+ ec_GF2m_smp_pt_set_af_coords
+# undef ec_GF2m_simple_point_get_affine_coordinates
+# define ec_GF2m_simple_point_get_affine_coordinates \
+ ec_GF2m_smp_pt_get_af_coords
+# undef ec_GF2m_simple_set_compressed_coordinates
+# define ec_GF2m_simple_set_compressed_coordinates \
+ ec_GF2m_smp_set_compr_coords
+# undef ec_GFp_simple_group_set_curve_GFp
+# define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp
+# undef ec_GFp_simple_group_get_curve_GFp
+# define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp
+# undef ec_GFp_simple_group_clear_finish
+# define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish
+# undef ec_GFp_simple_group_set_generator
+# define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator
+# undef ec_GFp_simple_group_get0_generator
+# define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator
+# undef ec_GFp_simple_group_get_cofactor
+# define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor
+# undef ec_GFp_simple_point_clear_finish
+# define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish
+# undef ec_GFp_simple_point_set_to_infinity
+# define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf
+# undef ec_GFp_simple_points_make_affine
+# define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine
+# undef ec_GFp_simple_set_Jprojective_coordinates_GFp
+# define ec_GFp_simple_set_Jprojective_coordinates_GFp \
+ ec_GFp_smp_set_Jproj_coords_GFp
+# undef ec_GFp_simple_get_Jprojective_coordinates_GFp
+# define ec_GFp_simple_get_Jprojective_coordinates_GFp \
+ ec_GFp_smp_get_Jproj_coords_GFp
+# undef ec_GFp_simple_point_set_affine_coordinates_GFp
+# define ec_GFp_simple_point_set_affine_coordinates_GFp \
+ ec_GFp_smp_pt_set_af_coords_GFp
+# undef ec_GFp_simple_point_get_affine_coordinates_GFp
+# define ec_GFp_simple_point_get_affine_coordinates_GFp \
+ ec_GFp_smp_pt_get_af_coords_GFp
+# undef ec_GFp_simple_set_compressed_coordinates_GFp
+# define ec_GFp_simple_set_compressed_coordinates_GFp \
+ ec_GFp_smp_set_compr_coords_GFp
+# undef ec_GFp_simple_point_set_affine_coordinates
+# define ec_GFp_simple_point_set_affine_coordinates \
+ ec_GFp_smp_pt_set_af_coords
+# undef ec_GFp_simple_point_get_affine_coordinates
+# define ec_GFp_simple_point_get_affine_coordinates \
+ ec_GFp_smp_pt_get_af_coords
+# undef ec_GFp_simple_set_compressed_coordinates
+# define ec_GFp_simple_set_compressed_coordinates \
+ ec_GFp_smp_set_compr_coords
+# undef ec_GFp_simple_group_check_discriminant
+# define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim
+
+/* Hack som long STORE names */
+# undef STORE_method_set_initialise_function
+# define STORE_method_set_initialise_function STORE_meth_set_initialise_fn
+# undef STORE_method_set_cleanup_function
+# define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn
+# undef STORE_method_set_generate_function
+# define STORE_method_set_generate_function STORE_meth_set_generate_fn
+# undef STORE_method_set_modify_function
+# define STORE_method_set_modify_function STORE_meth_set_modify_fn
+# undef STORE_method_set_revoke_function
+# define STORE_method_set_revoke_function STORE_meth_set_revoke_fn
+# undef STORE_method_set_delete_function
+# define STORE_method_set_delete_function STORE_meth_set_delete_fn
+# undef STORE_method_set_list_start_function
+# define STORE_method_set_list_start_function STORE_meth_set_list_start_fn
+# undef STORE_method_set_list_next_function
+# define STORE_method_set_list_next_function STORE_meth_set_list_next_fn
+# undef STORE_method_set_list_end_function
+# define STORE_method_set_list_end_function STORE_meth_set_list_end_fn
+# undef STORE_method_set_update_store_function
+# define STORE_method_set_update_store_function STORE_meth_set_update_store_fn
+# undef STORE_method_set_lock_store_function
+# define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn
+# undef STORE_method_set_unlock_store_function
+# define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn
+# undef STORE_method_get_initialise_function
+# define STORE_method_get_initialise_function STORE_meth_get_initialise_fn
+# undef STORE_method_get_cleanup_function
+# define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn
+# undef STORE_method_get_generate_function
+# define STORE_method_get_generate_function STORE_meth_get_generate_fn
+# undef STORE_method_get_modify_function
+# define STORE_method_get_modify_function STORE_meth_get_modify_fn
+# undef STORE_method_get_revoke_function
+# define STORE_method_get_revoke_function STORE_meth_get_revoke_fn
+# undef STORE_method_get_delete_function
+# define STORE_method_get_delete_function STORE_meth_get_delete_fn
+# undef STORE_method_get_list_start_function
+# define STORE_method_get_list_start_function STORE_meth_get_list_start_fn
+# undef STORE_method_get_list_next_function
+# define STORE_method_get_list_next_function STORE_meth_get_list_next_fn
+# undef STORE_method_get_list_end_function
+# define STORE_method_get_list_end_function STORE_meth_get_list_end_fn
+# undef STORE_method_get_update_store_function
+# define STORE_method_get_update_store_function STORE_meth_get_update_store_fn
+# undef STORE_method_get_lock_store_function
+# define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn
+# undef STORE_method_get_unlock_store_function
+# define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn
+
+/* Hack some long CMS names */
+# undef CMS_RecipientInfo_ktri_get0_algs
+# define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs
+# undef CMS_RecipientInfo_ktri_get0_signer_id
+# define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id
+# undef CMS_OtherRevocationInfoFormat_it
+# define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it
+# undef CMS_KeyAgreeRecipientIdentifier_it
+# define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it
+# undef CMS_OriginatorIdentifierOrKey_it
+# define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it
+# undef cms_SignerIdentifier_get0_signer_id
+# define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id
+
+/* Hack some long DTLS1 names */
+# undef dtls1_retransmit_buffered_messages
+# define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs
+
+# endif /* defined OPENSSL_SYS_VMS */
+
+/* Case insensiteve linking causes problems.... */
+# if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
+# undef ERR_load_CRYPTO_strings
+# define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings
+# undef OCSP_crlID_new
+# define OCSP_crlID_new OCSP_crlID2_new
+
+# undef d2i_ECPARAMETERS
+# define d2i_ECPARAMETERS d2i_UC_ECPARAMETERS
+# undef i2d_ECPARAMETERS
+# define i2d_ECPARAMETERS i2d_UC_ECPARAMETERS
+# undef d2i_ECPKPARAMETERS
+# define d2i_ECPKPARAMETERS d2i_UC_ECPKPARAMETERS
+# undef i2d_ECPKPARAMETERS
+# define i2d_ECPKPARAMETERS i2d_UC_ECPKPARAMETERS
+
+/*
+ * These functions do not seem to exist! However, I'm paranoid... Original
+ * command in x509v3.h: These functions are being redefined in another
+ * directory, and clash when the linker is case-insensitive, so let's hide
+ * them a little, by giving them an extra 'o' at the beginning of the name...
+ */
+# undef X509v3_cleanup_extensions
+# define X509v3_cleanup_extensions oX509v3_cleanup_extensions
+# undef X509v3_add_extension
+# define X509v3_add_extension oX509v3_add_extension
+# undef X509v3_add_netscape_extensions
+# define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions
+# undef X509v3_add_standard_extensions
+# define X509v3_add_standard_extensions oX509v3_add_standard_extensions
+
+# endif
+
+#endif /* ! defined HEADER_VMS_IDHACKS_H */
+/* This one clashes with CMS_data_create */
+#undef cms_Data_create
+#define cms_Data_create priv_cms_Data_create
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/threads/mttest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/threads/mttest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/threads/mttest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1211 +0,0 @@
-/* crypto/threads/mttest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#ifdef LINUX
-#include <typedefs.h>
-#endif
-#ifdef OPENSSL_SYS_WIN32
-#include <windows.h>
-#endif
-#ifdef SOLARIS
-#include <synch.h>
-#include <thread.h>
-#endif
-#ifdef IRIX
-#include <ulocks.h>
-#include <sys/prctl.h>
-#endif
-#ifdef PTHREADS
-#include <pthread.h>
-#endif
-#ifdef OPENSSL_SYS_NETWARE
-#if !defined __int64
-# define __int64 long long
-#endif
-#include <nwmpk.h>
-#endif
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include "../../e_os.h"
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-#ifdef OPENSSL_NO_FP_API
-#define APPS_WIN16
-#include "../buffer/bss_file.c"
-#endif
-
-#ifdef OPENSSL_SYS_NETWARE
-#define TEST_SERVER_CERT "/openssl/apps/server.pem"
-#define TEST_CLIENT_CERT "/openssl/apps/client.pem"
-#else
-#define TEST_SERVER_CERT "../../apps/server.pem"
-#define TEST_CLIENT_CERT "../../apps/client.pem"
-#endif
-
-#define MAX_THREAD_NUMBER 100
-
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *xs);
-void thread_setup(void);
-void thread_cleanup(void);
-void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
-
-void irix_locking_callback(int mode,int type,char *file,int line);
-void solaris_locking_callback(int mode,int type,char *file,int line);
-void win32_locking_callback(int mode,int type,char *file,int line);
-void pthreads_locking_callback(int mode,int type,char *file,int line);
-void netware_locking_callback(int mode,int type,char *file,int line);
-
-unsigned long irix_thread_id(void );
-unsigned long solaris_thread_id(void );
-unsigned long pthreads_thread_id(void );
-unsigned long netware_thread_id(void );
-
-#if defined(OPENSSL_SYS_NETWARE)
-static MPKMutex *lock_cs;
-static MPKSema ThreadSem;
-static long *lock_count;
-#endif
-
-BIO *bio_err=NULL;
-BIO *bio_stdout=NULL;
-
-static char *cipher=NULL;
-int verbose=0;
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-
-int thread_number=10;
-int number_of_loops=10;
-int reconnect=0;
-int cache_stats=0;
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int doit(char *ctx[4]);
-static void print_stats(FILE *fp, SSL_CTX *ctx)
-{
- fprintf(fp,"%4ld items in the session cache\n",
- SSL_CTX_sess_number(ctx));
- fprintf(fp,"%4d client connects (SSL_connect())\n",
- SSL_CTX_sess_connect(ctx));
- fprintf(fp,"%4d client connects that finished\n",
- SSL_CTX_sess_connect_good(ctx));
- fprintf(fp,"%4d server connects (SSL_accept())\n",
- SSL_CTX_sess_accept(ctx));
- fprintf(fp,"%4d server connects that finished\n",
- SSL_CTX_sess_accept_good(ctx));
- fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));
- fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));
- fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
- }
-
-static void sv_usage(void)
- {
- fprintf(stderr,"usage: ssltest [args ...]\n");
- fprintf(stderr,"\n");
- fprintf(stderr," -server_auth - check server certificate\n");
- fprintf(stderr," -client_auth - do client authentication\n");
- fprintf(stderr," -v - more output\n");
- fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
- fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
- fprintf(stderr," -threads arg - number of threads\n");
- fprintf(stderr," -loops arg - number of 'connections', per thread\n");
- fprintf(stderr," -reconnect - reuse session-id's\n");
- fprintf(stderr," -stats - server session-id cache stats\n");
- fprintf(stderr," -cert arg - server certificate/key\n");
- fprintf(stderr," -ccert arg - client certificate/key\n");
- fprintf(stderr," -ssl3 - just SSLv3n\n");
- }
-
-int main(int argc, char *argv[])
- {
- char *CApath=NULL,*CAfile=NULL;
- int badop=0;
- int ret=1;
- int client_auth=0;
- int server_auth=0;
- SSL_CTX *s_ctx=NULL;
- SSL_CTX *c_ctx=NULL;
- char *scert=TEST_SERVER_CERT;
- char *ccert=TEST_CLIENT_CERT;
- SSL_METHOD *ssl_method=SSLv23_method();
-
- RAND_seed(rnd_seed, sizeof rnd_seed);
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
- if (bio_stdout == NULL)
- bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
- argc--;
- argv++;
-
- while (argc >= 1)
- {
- if (strcmp(*argv,"-server_auth") == 0)
- server_auth=1;
- else if (strcmp(*argv,"-client_auth") == 0)
- client_auth=1;
- else if (strcmp(*argv,"-reconnect") == 0)
- reconnect=1;
- else if (strcmp(*argv,"-stats") == 0)
- cache_stats=1;
- else if (strcmp(*argv,"-ssl3") == 0)
- ssl_method=SSLv3_method();
- else if (strcmp(*argv,"-ssl2") == 0)
- ssl_method=SSLv2_method();
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- scert= *(++argv);
- }
- else if (strcmp(*argv,"-ccert") == 0)
- {
- if (--argc < 1) goto bad;
- ccert= *(++argv);
- }
- else if (strcmp(*argv,"-threads") == 0)
- {
- if (--argc < 1) goto bad;
- thread_number= atoi(*(++argv));
- if (thread_number == 0) thread_number=1;
- if (thread_number > MAX_THREAD_NUMBER)
- thread_number=MAX_THREAD_NUMBER;
- }
- else if (strcmp(*argv,"-loops") == 0)
- {
- if (--argc < 1) goto bad;
- number_of_loops= atoi(*(++argv));
- if (number_of_loops == 0) number_of_loops=1;
- }
- else
- {
- fprintf(stderr,"unknown option %s\n",*argv);
- badop=1;
- break;
- }
- argc--;
- argv++;
- }
- if (badop)
- {
-bad:
- sv_usage();
- goto end;
- }
-
- if (cipher == NULL && OPENSSL_issetugid() == 0)
- cipher=getenv("SSL_CIPHER");
-
- SSL_load_error_strings();
- OpenSSL_add_ssl_algorithms();
-
- c_ctx=SSL_CTX_new(ssl_method);
- s_ctx=SSL_CTX_new(ssl_method);
- if ((c_ctx == NULL) || (s_ctx == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- SSL_CTX_set_session_cache_mode(s_ctx,
- SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
- SSL_CTX_set_session_cache_mode(c_ctx,
- SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
-
- if (!SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM))
- {
- ERR_print_errors(bio_err);
- }
- else if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (client_auth)
- {
- SSL_CTX_use_certificate_file(c_ctx,ccert,
- SSL_FILETYPE_PEM);
- SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,
- SSL_FILETYPE_PEM);
- }
-
- if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
- (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(c_ctx)))
- {
- fprintf(stderr,"SSL_load_verify_locations\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (client_auth)
- {
- fprintf(stderr,"client authentication\n");
- SSL_CTX_set_verify(s_ctx,
- SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
- verify_callback);
- }
- if (server_auth)
- {
- fprintf(stderr,"server authentication\n");
- SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
- verify_callback);
- }
-
- thread_setup();
- do_threads(s_ctx,c_ctx);
- thread_cleanup();
-end:
-
- if (c_ctx != NULL)
- {
- fprintf(stderr,"Client SSL_CTX stats then free it\n");
- print_stats(stderr,c_ctx);
- SSL_CTX_free(c_ctx);
- }
- if (s_ctx != NULL)
- {
- fprintf(stderr,"Server SSL_CTX stats then free it\n");
- print_stats(stderr,s_ctx);
- if (cache_stats)
- {
- fprintf(stderr,"-----\n");
- lh_stats(SSL_CTX_sessions(s_ctx),stderr);
- fprintf(stderr,"-----\n");
- /* lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
- fprintf(stderr,"-----\n"); */
- lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
- fprintf(stderr,"-----\n");
- }
- SSL_CTX_free(s_ctx);
- fprintf(stderr,"done free\n");
- }
- exit(ret);
- return(0);
- }
-
-#define W_READ 1
-#define W_WRITE 2
-#define C_DONE 1
-#define S_DONE 2
-
-int ndoit(SSL_CTX *ssl_ctx[2])
- {
- int i;
- int ret;
- char *ctx[4];
-
- ctx[0]=(char *)ssl_ctx[0];
- ctx[1]=(char *)ssl_ctx[1];
-
- if (reconnect)
- {
- ctx[2]=(char *)SSL_new(ssl_ctx[0]);
- ctx[3]=(char *)SSL_new(ssl_ctx[1]);
- }
- else
- {
- ctx[2]=NULL;
- ctx[3]=NULL;
- }
-
- fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
- for (i=0; i<number_of_loops; i++)
- {
-/* fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
- CRYPTO_thread_id(),i,
- ssl_ctx[0]->references,
- ssl_ctx[1]->references); */
- /* pthread_delay_np(&tm);*/
-
- ret=doit(ctx);
- if (ret != 0)
- {
- fprintf(stdout,"error[%d] %lu - %d\n",
- i,CRYPTO_thread_id(),ret);
- return(ret);
- }
- }
- fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());
- if (reconnect)
- {
- SSL_free((SSL *)ctx[2]);
- SSL_free((SSL *)ctx[3]);
- }
-# ifdef OPENSSL_SYS_NETWARE
- MPKSemaphoreSignal(ThreadSem);
-# endif
- return(0);
- }
-
-int doit(char *ctx[4])
- {
- SSL_CTX *s_ctx,*c_ctx;
- static char cbuf[200],sbuf[200];
- SSL *c_ssl=NULL;
- SSL *s_ssl=NULL;
- BIO *c_to_s=NULL;
- BIO *s_to_c=NULL;
- BIO *c_bio=NULL;
- BIO *s_bio=NULL;
- int c_r,c_w,s_r,s_w;
- int c_want,s_want;
- int i;
- int done=0;
- int c_write,s_write;
- int do_server=0,do_client=0;
-
- s_ctx=(SSL_CTX *)ctx[0];
- c_ctx=(SSL_CTX *)ctx[1];
-
- if (ctx[2] != NULL)
- s_ssl=(SSL *)ctx[2];
- else
- s_ssl=SSL_new(s_ctx);
-
- if (ctx[3] != NULL)
- c_ssl=(SSL *)ctx[3];
- else
- c_ssl=SSL_new(c_ctx);
-
- if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;
-
- c_to_s=BIO_new(BIO_s_mem());
- s_to_c=BIO_new(BIO_s_mem());
- if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
-
- c_bio=BIO_new(BIO_f_ssl());
- s_bio=BIO_new(BIO_f_ssl());
- if ((c_bio == NULL) || (s_bio == NULL)) goto err;
-
- SSL_set_connect_state(c_ssl);
- SSL_set_bio(c_ssl,s_to_c,c_to_s);
- BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
-
- SSL_set_accept_state(s_ssl);
- SSL_set_bio(s_ssl,c_to_s,s_to_c);
- BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
-
- c_r=0; s_r=1;
- c_w=1; s_w=0;
- c_want=W_WRITE;
- s_want=0;
- c_write=1,s_write=0;
-
- /* We can always do writes */
- for (;;)
- {
- do_server=0;
- do_client=0;
-
- i=(int)BIO_pending(s_bio);
- if ((i && s_r) || s_w) do_server=1;
-
- i=(int)BIO_pending(c_bio);
- if ((i && c_r) || c_w) do_client=1;
-
- if (do_server && verbose)
- {
- if (SSL_in_init(s_ssl))
- printf("server waiting in SSL_accept - %s\n",
- SSL_state_string_long(s_ssl));
- else if (s_write)
- printf("server:SSL_write()\n");
- else
- printf("server:SSL_read()\n");
- }
-
- if (do_client && verbose)
- {
- if (SSL_in_init(c_ssl))
- printf("client waiting in SSL_connect - %s\n",
- SSL_state_string_long(c_ssl));
- else if (c_write)
- printf("client:SSL_write()\n");
- else
- printf("client:SSL_read()\n");
- }
-
- if (!do_client && !do_server)
- {
- fprintf(stdout,"ERROR IN STARTUP\n");
- break;
- }
- if (do_client && !(done & C_DONE))
- {
- if (c_write)
- {
- i=BIO_write(c_bio,"hello from client\n",18);
- if (i < 0)
- {
- c_r=0;
- c_w=0;
- if (BIO_should_retry(c_bio))
- {
- if (BIO_should_read(c_bio))
- c_r=1;
- if (BIO_should_write(c_bio))
- c_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- ERR_print_errors_fp(stderr);
- return(1);
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- return(1);
- }
- else
- {
- /* ok */
- c_write=0;
- }
- }
- else
- {
- i=BIO_read(c_bio,cbuf,100);
- if (i < 0)
- {
- c_r=0;
- c_w=0;
- if (BIO_should_retry(c_bio))
- {
- if (BIO_should_read(c_bio))
- c_r=1;
- if (BIO_should_write(c_bio))
- c_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- ERR_print_errors_fp(stderr);
- return(1);
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- return(1);
- }
- else
- {
- done|=C_DONE;
-#ifdef undef
- fprintf(stdout,"CLIENT:from server:");
- fwrite(cbuf,1,i,stdout);
- fflush(stdout);
-#endif
- }
- }
- }
-
- if (do_server && !(done & S_DONE))
- {
- if (!s_write)
- {
- i=BIO_read(s_bio,sbuf,100);
- if (i < 0)
- {
- s_r=0;
- s_w=0;
- if (BIO_should_retry(s_bio))
- {
- if (BIO_should_read(s_bio))
- s_r=1;
- if (BIO_should_write(s_bio))
- s_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in SERVER\n");
- ERR_print_errors_fp(stderr);
- return(1);
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
- return(1);
- }
- else
- {
- s_write=1;
- s_w=1;
-#ifdef undef
- fprintf(stdout,"SERVER:from client:");
- fwrite(sbuf,1,i,stdout);
- fflush(stdout);
-#endif
- }
- }
- else
- {
- i=BIO_write(s_bio,"hello from server\n",18);
- if (i < 0)
- {
- s_r=0;
- s_w=0;
- if (BIO_should_retry(s_bio))
- {
- if (BIO_should_read(s_bio))
- s_r=1;
- if (BIO_should_write(s_bio))
- s_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in SERVER\n");
- ERR_print_errors_fp(stderr);
- return(1);
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
- return(1);
- }
- else
- {
- s_write=0;
- s_r=1;
- done|=S_DONE;
- }
- }
- }
-
- if ((done & S_DONE) && (done & C_DONE)) break;
-# if defined(OPENSSL_SYS_NETWARE)
- ThreadSwitchWithDelay();
-# endif
- }
-
- SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
- SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-
-#ifdef undef
- fprintf(stdout,"DONE\n");
-#endif
-err:
- /* We have to set the BIO's to NULL otherwise they will be
- * free()ed twice. Once when th s_ssl is SSL_free()ed and
- * again when c_ssl is SSL_free()ed.
- * This is a hack required because s_ssl and c_ssl are sharing the same
- * BIO structure and SSL_set_bio() and SSL_free() automatically
- * BIO_free non NULL entries.
- * You should not normally do this or be required to do this */
-
- if (s_ssl != NULL)
- {
- s_ssl->rbio=NULL;
- s_ssl->wbio=NULL;
- }
- if (c_ssl != NULL)
- {
- c_ssl->rbio=NULL;
- c_ssl->wbio=NULL;
- }
-
- /* The SSL's are optionally freed in the following calls */
- if (c_to_s != NULL) BIO_free(c_to_s);
- if (s_to_c != NULL) BIO_free(s_to_c);
-
- if (c_bio != NULL) BIO_free(c_bio);
- if (s_bio != NULL) BIO_free(s_bio);
- return(0);
- }
-
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- char *s, buf[256];
-
- if (verbose)
- {
- s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),
- buf,256);
- if (s != NULL)
- {
- if (ok)
- fprintf(stderr,"depth=%d %s\n",
- ctx->error_depth,buf);
- else
- fprintf(stderr,"depth=%d error=%d %s\n",
- ctx->error_depth,ctx->error,buf);
- }
- }
- return(ok);
- }
-
-#define THREAD_STACK_SIZE (16*1024)
-
-#ifdef OPENSSL_SYS_WIN32
-
-static HANDLE *lock_cs;
-
-void thread_setup(void)
- {
- int i;
-
- lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
- }
-
- CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
- /* id callback defined */
- }
-
-void thread_cleanup(void)
- {
- int i;
-
- CRYPTO_set_locking_callback(NULL);
- for (i=0; i<CRYPTO_num_locks(); i++)
- CloseHandle(lock_cs[i]);
- OPENSSL_free(lock_cs);
- }
-
-void win32_locking_callback(int mode, int type, char *file, int line)
- {
- if (mode & CRYPTO_LOCK)
- {
- WaitForSingleObject(lock_cs[type],INFINITE);
- }
- else
- {
- ReleaseMutex(lock_cs[type]);
- }
- }
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
- {
- double ret;
- SSL_CTX *ssl_ctx[2];
- DWORD thread_id[MAX_THREAD_NUMBER];
- HANDLE thread_handle[MAX_THREAD_NUMBER];
- int i;
- SYSTEMTIME start,end;
-
- ssl_ctx[0]=s_ctx;
- ssl_ctx[1]=c_ctx;
-
- GetSystemTime(&start);
- for (i=0; i<thread_number; i++)
- {
- thread_handle[i]=CreateThread(NULL,
- THREAD_STACK_SIZE,
- (LPTHREAD_START_ROUTINE)ndoit,
- (void *)ssl_ctx,
- 0L,
- &(thread_id[i]));
- }
-
- printf("reaping\n");
- for (i=0; i<thread_number; i+=50)
- {
- int j;
-
- j=(thread_number < (i+50))?(thread_number-i):50;
-
- if (WaitForMultipleObjects(j,
- (CONST HANDLE *)&(thread_handle[i]),TRUE,INFINITE)
- == WAIT_FAILED)
- {
- fprintf(stderr,"WaitForMultipleObjects failed:%d\n",GetLastError());
- exit(1);
- }
- }
- GetSystemTime(&end);
-
- if (start.wDayOfWeek > end.wDayOfWeek) end.wDayOfWeek+=7;
- ret=(end.wDayOfWeek-start.wDayOfWeek)*24;
-
- ret=(ret+end.wHour-start.wHour)*60;
- ret=(ret+end.wMinute-start.wMinute)*60;
- ret=(ret+end.wSecond-start.wSecond);
- ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0;
-
- printf("win32 threads done - %.3f seconds\n",ret);
- }
-
-#endif /* OPENSSL_SYS_WIN32 */
-
-#ifdef SOLARIS
-
-static mutex_t *lock_cs;
-/*static rwlock_t *lock_cs; */
-static long *lock_count;
-
-void thread_setup(void)
- {
- int i;
-
- lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
- lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- lock_count[i]=0;
- /* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
- mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
- }
-
- CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
- CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
- }
-
-void thread_cleanup(void)
- {
- int i;
-
- CRYPTO_set_locking_callback(NULL);
-
- fprintf(stderr,"cleanup\n");
-
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- /* rwlock_destroy(&(lock_cs[i])); */
- mutex_destroy(&(lock_cs[i]));
- fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
- }
- OPENSSL_free(lock_cs);
- OPENSSL_free(lock_count);
-
- fprintf(stderr,"done cleanup\n");
-
- }
-
-void solaris_locking_callback(int mode, int type, char *file, int line)
- {
-#ifdef undef
- fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode&CRYPTO_LOCK)?"l":"u",
- (type&CRYPTO_READ)?"r":"w",file,line);
-#endif
-
- /*
- if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(),
- mode,file,line);
- */
- if (mode & CRYPTO_LOCK)
- {
- /* if (mode & CRYPTO_READ)
- rw_rdlock(&(lock_cs[type]));
- else
- rw_wrlock(&(lock_cs[type])); */
-
- mutex_lock(&(lock_cs[type]));
- lock_count[type]++;
- }
- else
- {
-/* rw_unlock(&(lock_cs[type])); */
- mutex_unlock(&(lock_cs[type]));
- }
- }
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
- {
- SSL_CTX *ssl_ctx[2];
- thread_t thread_ctx[MAX_THREAD_NUMBER];
- int i;
-
- ssl_ctx[0]=s_ctx;
- ssl_ctx[1]=c_ctx;
-
- thr_setconcurrency(thread_number);
- for (i=0; i<thread_number; i++)
- {
- thr_create(NULL, THREAD_STACK_SIZE,
- (void *(*)())ndoit,
- (void *)ssl_ctx,
- 0L,
- &(thread_ctx[i]));
- }
-
- printf("reaping\n");
- for (i=0; i<thread_number; i++)
- {
- thr_join(thread_ctx[i],NULL,NULL);
- }
-
- printf("solaris threads done (%d,%d)\n",
- s_ctx->references,c_ctx->references);
- }
-
-unsigned long solaris_thread_id(void)
- {
- unsigned long ret;
-
- ret=(unsigned long)thr_self();
- return(ret);
- }
-#endif /* SOLARIS */
-
-#ifdef IRIX
-
-
-static usptr_t *arena;
-static usema_t **lock_cs;
-
-void thread_setup(void)
- {
- int i;
- char filename[20];
-
- strcpy(filename,"/tmp/mttest.XXXXXX");
- mktemp(filename);
-
- usconfig(CONF_STHREADIOOFF);
- usconfig(CONF_STHREADMALLOCOFF);
- usconfig(CONF_INITUSERS,100);
- usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
- arena=usinit(filename);
- unlink(filename);
-
- lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- lock_cs[i]=usnewsema(arena,1);
- }
-
- CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
- CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
- }
-
-void thread_cleanup(void)
- {
- int i;
-
- CRYPTO_set_locking_callback(NULL);
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- char buf[10];
-
- sprintf(buf,"%2d:",i);
- usdumpsema(lock_cs[i],stdout,buf);
- usfreesema(lock_cs[i],arena);
- }
- OPENSSL_free(lock_cs);
- }
-
-void irix_locking_callback(int mode, int type, char *file, int line)
- {
- if (mode & CRYPTO_LOCK)
- {
- printf("lock %d\n",type);
- uspsema(lock_cs[type]);
- }
- else
- {
- printf("unlock %d\n",type);
- usvsema(lock_cs[type]);
- }
- }
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
- {
- SSL_CTX *ssl_ctx[2];
- int thread_ctx[MAX_THREAD_NUMBER];
- int i;
-
- ssl_ctx[0]=s_ctx;
- ssl_ctx[1]=c_ctx;
-
- for (i=0; i<thread_number; i++)
- {
- thread_ctx[i]=sproc((void (*)())ndoit,
- PR_SADDR|PR_SFDS,(void *)ssl_ctx);
- }
-
- printf("reaping\n");
- for (i=0; i<thread_number; i++)
- {
- wait(NULL);
- }
-
- printf("irix threads done (%d,%d)\n",
- s_ctx->references,c_ctx->references);
- }
-
-unsigned long irix_thread_id(void)
- {
- unsigned long ret;
-
- ret=(unsigned long)getpid();
- return(ret);
- }
-#endif /* IRIX */
-
-#ifdef PTHREADS
-
-static pthread_mutex_t *lock_cs;
-static long *lock_count;
-
-void thread_setup(void)
- {
- int i;
-
- lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
- lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- lock_count[i]=0;
- pthread_mutex_init(&(lock_cs[i]),NULL);
- }
-
- CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
- CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
- }
-
-void thread_cleanup(void)
- {
- int i;
-
- CRYPTO_set_locking_callback(NULL);
- fprintf(stderr,"cleanup\n");
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- pthread_mutex_destroy(&(lock_cs[i]));
- fprintf(stderr,"%8ld:%s\n",lock_count[i],
- CRYPTO_get_lock_name(i));
- }
- OPENSSL_free(lock_cs);
- OPENSSL_free(lock_count);
-
- fprintf(stderr,"done cleanup\n");
- }
-
-void pthreads_locking_callback(int mode, int type, char *file,
- int line)
- {
-#ifdef undef
- fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode&CRYPTO_LOCK)?"l":"u",
- (type&CRYPTO_READ)?"r":"w",file,line);
-#endif
-/*
- if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(),
- mode,file,line);
-*/
- if (mode & CRYPTO_LOCK)
- {
- pthread_mutex_lock(&(lock_cs[type]));
- lock_count[type]++;
- }
- else
- {
- pthread_mutex_unlock(&(lock_cs[type]));
- }
- }
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
- {
- SSL_CTX *ssl_ctx[2];
- pthread_t thread_ctx[MAX_THREAD_NUMBER];
- int i;
-
- ssl_ctx[0]=s_ctx;
- ssl_ctx[1]=c_ctx;
-
- /*
- thr_setconcurrency(thread_number);
- */
- for (i=0; i<thread_number; i++)
- {
- pthread_create(&(thread_ctx[i]), NULL,
- (void *(*)())ndoit, (void *)ssl_ctx);
- }
-
- printf("reaping\n");
- for (i=0; i<thread_number; i++)
- {
- pthread_join(thread_ctx[i],NULL);
- }
-
- printf("pthreads threads done (%d,%d)\n",
- s_ctx->references,c_ctx->references);
- }
-
-unsigned long pthreads_thread_id(void)
- {
- unsigned long ret;
-
- ret=(unsigned long)pthread_self();
- return(ret);
- }
-
-#endif /* PTHREADS */
-
-
-
-#ifdef OPENSSL_SYS_NETWARE
-
-void thread_setup(void)
-{
- int i;
-
- lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(MPKMutex));
- lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- lock_count[i]=0;
- lock_cs[i]=MPKMutexAlloc("OpenSSL mutex");
- }
-
- ThreadSem = MPKSemaphoreAlloc("OpenSSL mttest semaphore", 0 );
-
- CRYPTO_set_id_callback((unsigned long (*)())netware_thread_id);
- CRYPTO_set_locking_callback((void (*)())netware_locking_callback);
-}
-
-void thread_cleanup(void)
-{
- int i;
-
- CRYPTO_set_locking_callback(NULL);
-
- fprintf(stdout,"thread_cleanup\n");
-
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- MPKMutexFree(lock_cs[i]);
- fprintf(stdout,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
- }
- OPENSSL_free(lock_cs);
- OPENSSL_free(lock_count);
-
- MPKSemaphoreFree(ThreadSem);
-
- fprintf(stdout,"done cleanup\n");
-}
-
-void netware_locking_callback(int mode, int type, char *file, int line)
-{
- if (mode & CRYPTO_LOCK)
- {
- MPKMutexLock(lock_cs[type]);
- lock_count[type]++;
- }
- else
- MPKMutexUnlock(lock_cs[type]);
-}
-
-void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
-{
- SSL_CTX *ssl_ctx[2];
- int i;
- ssl_ctx[0]=s_ctx;
- ssl_ctx[1]=c_ctx;
-
- for (i=0; i<thread_number; i++)
- {
- BeginThread( (void(*)(void*))ndoit, NULL, THREAD_STACK_SIZE,
- (void*)ssl_ctx);
- ThreadSwitchWithDelay();
- }
-
- printf("reaping\n");
-
- /* loop until all threads have signaled the semaphore */
- for (i=0; i<thread_number; i++)
- {
- MPKSemaphoreWait(ThreadSem);
- }
- printf("netware threads done (%d,%d)\n",
- s_ctx->references,c_ctx->references);
-}
-
-unsigned long netware_thread_id(void)
-{
- unsigned long ret;
-
- ret=(unsigned long)GetThreadID();
- return(ret);
-}
-#endif /* NETWARE */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/threads/mttest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/threads/mttest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/threads/mttest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/threads/mttest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1115 @@
+/* crypto/threads/mttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef LINUX
+# include <typedefs.h>
+#endif
+#ifdef OPENSSL_SYS_WIN32
+# include <windows.h>
+#endif
+#ifdef SOLARIS
+# include <synch.h>
+# include <thread.h>
+#endif
+#ifdef IRIX
+# include <ulocks.h>
+# include <sys/prctl.h>
+#endif
+#ifdef PTHREADS
+# include <pthread.h>
+#endif
+#ifdef OPENSSL_SYS_NETWARE
+# if !defined __int64
+# define __int64 long long
+# endif
+# include <nwmpk.h>
+#endif
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include "../../e_os.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#ifdef OPENSSL_NO_FP_API
+# define APPS_WIN16
+# include "../buffer/bss_file.c"
+#endif
+
+#ifdef OPENSSL_SYS_NETWARE
+# define TEST_SERVER_CERT "/openssl/apps/server.pem"
+# define TEST_CLIENT_CERT "/openssl/apps/client.pem"
+#else
+# define TEST_SERVER_CERT "../../apps/server.pem"
+# define TEST_CLIENT_CERT "../../apps/client.pem"
+#endif
+
+#define MAX_THREAD_NUMBER 100
+
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *xs);
+void thread_setup(void);
+void thread_cleanup(void);
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx);
+
+void irix_locking_callback(int mode, int type, char *file, int line);
+void solaris_locking_callback(int mode, int type, char *file, int line);
+void win32_locking_callback(int mode, int type, char *file, int line);
+void pthreads_locking_callback(int mode, int type, char *file, int line);
+void netware_locking_callback(int mode, int type, char *file, int line);
+
+unsigned long irix_thread_id(void);
+unsigned long solaris_thread_id(void);
+unsigned long pthreads_thread_id(void);
+unsigned long netware_thread_id(void);
+
+#if defined(OPENSSL_SYS_NETWARE)
+static MPKMutex *lock_cs;
+static MPKSema ThreadSem;
+static long *lock_count;
+#endif
+
+BIO *bio_err = NULL;
+BIO *bio_stdout = NULL;
+
+static char *cipher = NULL;
+int verbose = 0;
+#ifdef FIONBIO
+static int s_nbio = 0;
+#endif
+
+int thread_number = 10;
+int number_of_loops = 10;
+int reconnect = 0;
+int cache_stats = 0;
+
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+
+int doit(char *ctx[4]);
+static void print_stats(FILE *fp, SSL_CTX *ctx)
+{
+ fprintf(fp, "%4ld items in the session cache\n",
+ SSL_CTX_sess_number(ctx));
+ fprintf(fp, "%4d client connects (SSL_connect())\n",
+ SSL_CTX_sess_connect(ctx));
+ fprintf(fp, "%4d client connects that finished\n",
+ SSL_CTX_sess_connect_good(ctx));
+ fprintf(fp, "%4d server connects (SSL_accept())\n",
+ SSL_CTX_sess_accept(ctx));
+ fprintf(fp, "%4d server connects that finished\n",
+ SSL_CTX_sess_accept_good(ctx));
+ fprintf(fp, "%4d session cache hits\n", SSL_CTX_sess_hits(ctx));
+ fprintf(fp, "%4d session cache misses\n", SSL_CTX_sess_misses(ctx));
+ fprintf(fp, "%4d session cache timeouts\n", SSL_CTX_sess_timeouts(ctx));
+}
+
+static void sv_usage(void)
+{
+ fprintf(stderr, "usage: ssltest [args ...]\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, " -server_auth - check server certificate\n");
+ fprintf(stderr, " -client_auth - do client authentication\n");
+ fprintf(stderr, " -v - more output\n");
+ fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
+ fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
+ fprintf(stderr, " -threads arg - number of threads\n");
+ fprintf(stderr, " -loops arg - number of 'connections', per thread\n");
+ fprintf(stderr, " -reconnect - reuse session-id's\n");
+ fprintf(stderr, " -stats - server session-id cache stats\n");
+ fprintf(stderr, " -cert arg - server certificate/key\n");
+ fprintf(stderr, " -ccert arg - client certificate/key\n");
+ fprintf(stderr, " -ssl3 - just SSLv3n\n");
+}
+
+int main(int argc, char *argv[])
+{
+ char *CApath = NULL, *CAfile = NULL;
+ int badop = 0;
+ int ret = 1;
+ int client_auth = 0;
+ int server_auth = 0;
+ SSL_CTX *s_ctx = NULL;
+ SSL_CTX *c_ctx = NULL;
+ char *scert = TEST_SERVER_CERT;
+ char *ccert = TEST_CLIENT_CERT;
+ SSL_METHOD *ssl_method = SSLv23_method();
+
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+
+ if (bio_err == NULL)
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+ if (bio_stdout == NULL)
+ bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
+ argc--;
+ argv++;
+
+ while (argc >= 1) {
+ if (strcmp(*argv, "-server_auth") == 0)
+ server_auth = 1;
+ else if (strcmp(*argv, "-client_auth") == 0)
+ client_auth = 1;
+ else if (strcmp(*argv, "-reconnect") == 0)
+ reconnect = 1;
+ else if (strcmp(*argv, "-stats") == 0)
+ cache_stats = 1;
+ else if (strcmp(*argv, "-ssl3") == 0)
+ ssl_method = SSLv3_method();
+ else if (strcmp(*argv, "-ssl2") == 0)
+ ssl_method = SSLv2_method();
+ else if (strcmp(*argv, "-CApath") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CApath = *(++argv);
+ } else if (strcmp(*argv, "-CAfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAfile = *(++argv);
+ } else if (strcmp(*argv, "-cert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ scert = *(++argv);
+ } else if (strcmp(*argv, "-ccert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ ccert = *(++argv);
+ } else if (strcmp(*argv, "-threads") == 0) {
+ if (--argc < 1)
+ goto bad;
+ thread_number = atoi(*(++argv));
+ if (thread_number == 0)
+ thread_number = 1;
+ if (thread_number > MAX_THREAD_NUMBER)
+ thread_number = MAX_THREAD_NUMBER;
+ } else if (strcmp(*argv, "-loops") == 0) {
+ if (--argc < 1)
+ goto bad;
+ number_of_loops = atoi(*(++argv));
+ if (number_of_loops == 0)
+ number_of_loops = 1;
+ } else {
+ fprintf(stderr, "unknown option %s\n", *argv);
+ badop = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+ if (badop) {
+ bad:
+ sv_usage();
+ goto end;
+ }
+
+ if (cipher == NULL && OPENSSL_issetugid() == 0)
+ cipher = getenv("SSL_CIPHER");
+
+ SSL_load_error_strings();
+ OpenSSL_add_ssl_algorithms();
+
+ c_ctx = SSL_CTX_new(ssl_method);
+ s_ctx = SSL_CTX_new(ssl_method);
+ if ((c_ctx == NULL) || (s_ctx == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ SSL_CTX_set_session_cache_mode(s_ctx,
+ SSL_SESS_CACHE_NO_AUTO_CLEAR |
+ SSL_SESS_CACHE_SERVER);
+ SSL_CTX_set_session_cache_mode(c_ctx,
+ SSL_SESS_CACHE_NO_AUTO_CLEAR |
+ SSL_SESS_CACHE_SERVER);
+
+ if (!SSL_CTX_use_certificate_file(s_ctx, scert, SSL_FILETYPE_PEM)) {
+ ERR_print_errors(bio_err);
+ } else
+ if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx, scert, SSL_FILETYPE_PEM)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (client_auth) {
+ SSL_CTX_use_certificate_file(c_ctx, ccert, SSL_FILETYPE_PEM);
+ SSL_CTX_use_RSAPrivateKey_file(c_ctx, ccert, SSL_FILETYPE_PEM);
+ }
+
+ if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+ (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(c_ctx))) {
+ fprintf(stderr, "SSL_load_verify_locations\n");
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (client_auth) {
+ fprintf(stderr, "client authentication\n");
+ SSL_CTX_set_verify(s_ctx,
+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+ verify_callback);
+ }
+ if (server_auth) {
+ fprintf(stderr, "server authentication\n");
+ SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
+ }
+
+ thread_setup();
+ do_threads(s_ctx, c_ctx);
+ thread_cleanup();
+ end:
+
+ if (c_ctx != NULL) {
+ fprintf(stderr, "Client SSL_CTX stats then free it\n");
+ print_stats(stderr, c_ctx);
+ SSL_CTX_free(c_ctx);
+ }
+ if (s_ctx != NULL) {
+ fprintf(stderr, "Server SSL_CTX stats then free it\n");
+ print_stats(stderr, s_ctx);
+ if (cache_stats) {
+ fprintf(stderr, "-----\n");
+ lh_stats(SSL_CTX_sessions(s_ctx), stderr);
+ fprintf(stderr, "-----\n");
+ /*- lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+ fprintf(stderr,"-----\n"); */
+ lh_node_usage_stats(SSL_CTX_sessions(s_ctx), stderr);
+ fprintf(stderr, "-----\n");
+ }
+ SSL_CTX_free(s_ctx);
+ fprintf(stderr, "done free\n");
+ }
+ exit(ret);
+ return (0);
+}
+
+#define W_READ 1
+#define W_WRITE 2
+#define C_DONE 1
+#define S_DONE 2
+
+int ndoit(SSL_CTX *ssl_ctx[2])
+{
+ int i;
+ int ret;
+ char *ctx[4];
+
+ ctx[0] = (char *)ssl_ctx[0];
+ ctx[1] = (char *)ssl_ctx[1];
+
+ if (reconnect) {
+ ctx[2] = (char *)SSL_new(ssl_ctx[0]);
+ ctx[3] = (char *)SSL_new(ssl_ctx[1]);
+ } else {
+ ctx[2] = NULL;
+ ctx[3] = NULL;
+ }
+
+ fprintf(stdout, "started thread %lu\n", CRYPTO_thread_id());
+ for (i = 0; i < number_of_loops; i++) {
+/*- fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
+ CRYPTO_thread_id(),i,
+ ssl_ctx[0]->references,
+ ssl_ctx[1]->references); */
+/* pthread_delay_np(&tm); */
+
+ ret = doit(ctx);
+ if (ret != 0) {
+ fprintf(stdout, "error[%d] %lu - %d\n",
+ i, CRYPTO_thread_id(), ret);
+ return (ret);
+ }
+ }
+ fprintf(stdout, "DONE %lu\n", CRYPTO_thread_id());
+ if (reconnect) {
+ SSL_free((SSL *)ctx[2]);
+ SSL_free((SSL *)ctx[3]);
+ }
+#ifdef OPENSSL_SYS_NETWARE
+ MPKSemaphoreSignal(ThreadSem);
+#endif
+ return (0);
+}
+
+int doit(char *ctx[4])
+{
+ SSL_CTX *s_ctx, *c_ctx;
+ static char cbuf[200], sbuf[200];
+ SSL *c_ssl = NULL;
+ SSL *s_ssl = NULL;
+ BIO *c_to_s = NULL;
+ BIO *s_to_c = NULL;
+ BIO *c_bio = NULL;
+ BIO *s_bio = NULL;
+ int c_r, c_w, s_r, s_w;
+ int c_want, s_want;
+ int i;
+ int done = 0;
+ int c_write, s_write;
+ int do_server = 0, do_client = 0;
+
+ s_ctx = (SSL_CTX *)ctx[0];
+ c_ctx = (SSL_CTX *)ctx[1];
+
+ if (ctx[2] != NULL)
+ s_ssl = (SSL *)ctx[2];
+ else
+ s_ssl = SSL_new(s_ctx);
+
+ if (ctx[3] != NULL)
+ c_ssl = (SSL *)ctx[3];
+ else
+ c_ssl = SSL_new(c_ctx);
+
+ if ((s_ssl == NULL) || (c_ssl == NULL))
+ goto err;
+
+ c_to_s = BIO_new(BIO_s_mem());
+ s_to_c = BIO_new(BIO_s_mem());
+ if ((s_to_c == NULL) || (c_to_s == NULL))
+ goto err;
+
+ c_bio = BIO_new(BIO_f_ssl());
+ s_bio = BIO_new(BIO_f_ssl());
+ if ((c_bio == NULL) || (s_bio == NULL))
+ goto err;
+
+ SSL_set_connect_state(c_ssl);
+ SSL_set_bio(c_ssl, s_to_c, c_to_s);
+ BIO_set_ssl(c_bio, c_ssl, (ctx[2] == NULL) ? BIO_CLOSE : BIO_NOCLOSE);
+
+ SSL_set_accept_state(s_ssl);
+ SSL_set_bio(s_ssl, c_to_s, s_to_c);
+ BIO_set_ssl(s_bio, s_ssl, (ctx[3] == NULL) ? BIO_CLOSE : BIO_NOCLOSE);
+
+ c_r = 0;
+ s_r = 1;
+ c_w = 1;
+ s_w = 0;
+ c_want = W_WRITE;
+ s_want = 0;
+ c_write = 1, s_write = 0;
+
+ /* We can always do writes */
+ for (;;) {
+ do_server = 0;
+ do_client = 0;
+
+ i = (int)BIO_pending(s_bio);
+ if ((i && s_r) || s_w)
+ do_server = 1;
+
+ i = (int)BIO_pending(c_bio);
+ if ((i && c_r) || c_w)
+ do_client = 1;
+
+ if (do_server && verbose) {
+ if (SSL_in_init(s_ssl))
+ printf("server waiting in SSL_accept - %s\n",
+ SSL_state_string_long(s_ssl));
+ else if (s_write)
+ printf("server:SSL_write()\n");
+ else
+ printf("server:SSL_read()\n");
+ }
+
+ if (do_client && verbose) {
+ if (SSL_in_init(c_ssl))
+ printf("client waiting in SSL_connect - %s\n",
+ SSL_state_string_long(c_ssl));
+ else if (c_write)
+ printf("client:SSL_write()\n");
+ else
+ printf("client:SSL_read()\n");
+ }
+
+ if (!do_client && !do_server) {
+ fprintf(stdout, "ERROR IN STARTUP\n");
+ break;
+ }
+ if (do_client && !(done & C_DONE)) {
+ if (c_write) {
+ i = BIO_write(c_bio, "hello from client\n", 18);
+ if (i < 0) {
+ c_r = 0;
+ c_w = 0;
+ if (BIO_should_retry(c_bio)) {
+ if (BIO_should_read(c_bio))
+ c_r = 1;
+ if (BIO_should_write(c_bio))
+ c_w = 1;
+ } else {
+ fprintf(stderr, "ERROR in CLIENT\n");
+ ERR_print_errors_fp(stderr);
+ return (1);
+ }
+ } else if (i == 0) {
+ fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ return (1);
+ } else {
+ /* ok */
+ c_write = 0;
+ }
+ } else {
+ i = BIO_read(c_bio, cbuf, 100);
+ if (i < 0) {
+ c_r = 0;
+ c_w = 0;
+ if (BIO_should_retry(c_bio)) {
+ if (BIO_should_read(c_bio))
+ c_r = 1;
+ if (BIO_should_write(c_bio))
+ c_w = 1;
+ } else {
+ fprintf(stderr, "ERROR in CLIENT\n");
+ ERR_print_errors_fp(stderr);
+ return (1);
+ }
+ } else if (i == 0) {
+ fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ return (1);
+ } else {
+ done |= C_DONE;
+#ifdef undef
+ fprintf(stdout, "CLIENT:from server:");
+ fwrite(cbuf, 1, i, stdout);
+ fflush(stdout);
+#endif
+ }
+ }
+ }
+
+ if (do_server && !(done & S_DONE)) {
+ if (!s_write) {
+ i = BIO_read(s_bio, sbuf, 100);
+ if (i < 0) {
+ s_r = 0;
+ s_w = 0;
+ if (BIO_should_retry(s_bio)) {
+ if (BIO_should_read(s_bio))
+ s_r = 1;
+ if (BIO_should_write(s_bio))
+ s_w = 1;
+ } else {
+ fprintf(stderr, "ERROR in SERVER\n");
+ ERR_print_errors_fp(stderr);
+ return (1);
+ }
+ } else if (i == 0) {
+ fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+ return (1);
+ } else {
+ s_write = 1;
+ s_w = 1;
+#ifdef undef
+ fprintf(stdout, "SERVER:from client:");
+ fwrite(sbuf, 1, i, stdout);
+ fflush(stdout);
+#endif
+ }
+ } else {
+ i = BIO_write(s_bio, "hello from server\n", 18);
+ if (i < 0) {
+ s_r = 0;
+ s_w = 0;
+ if (BIO_should_retry(s_bio)) {
+ if (BIO_should_read(s_bio))
+ s_r = 1;
+ if (BIO_should_write(s_bio))
+ s_w = 1;
+ } else {
+ fprintf(stderr, "ERROR in SERVER\n");
+ ERR_print_errors_fp(stderr);
+ return (1);
+ }
+ } else if (i == 0) {
+ fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+ return (1);
+ } else {
+ s_write = 0;
+ s_r = 1;
+ done |= S_DONE;
+ }
+ }
+ }
+
+ if ((done & S_DONE) && (done & C_DONE))
+ break;
+#if defined(OPENSSL_SYS_NETWARE)
+ ThreadSwitchWithDelay();
+#endif
+ }
+
+ SSL_set_shutdown(c_ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+ SSL_set_shutdown(s_ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+
+#ifdef undef
+ fprintf(stdout, "DONE\n");
+#endif
+ err:
+ /*
+ * We have to set the BIO's to NULL otherwise they will be free()ed
+ * twice. Once when th s_ssl is SSL_free()ed and again when c_ssl is
+ * SSL_free()ed. This is a hack required because s_ssl and c_ssl are
+ * sharing the same BIO structure and SSL_set_bio() and SSL_free()
+ * automatically BIO_free non NULL entries. You should not normally do
+ * this or be required to do this
+ */
+
+ if (s_ssl != NULL) {
+ s_ssl->rbio = NULL;
+ s_ssl->wbio = NULL;
+ }
+ if (c_ssl != NULL) {
+ c_ssl->rbio = NULL;
+ c_ssl->wbio = NULL;
+ }
+
+ /* The SSL's are optionally freed in the following calls */
+ if (c_to_s != NULL)
+ BIO_free(c_to_s);
+ if (s_to_c != NULL)
+ BIO_free(s_to_c);
+
+ if (c_bio != NULL)
+ BIO_free(c_bio);
+ if (s_bio != NULL)
+ BIO_free(s_bio);
+ return (0);
+}
+
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+ char *s, buf[256];
+
+ if (verbose) {
+ s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),
+ buf, 256);
+ if (s != NULL) {
+ if (ok)
+ fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf);
+ else
+ fprintf(stderr, "depth=%d error=%d %s\n",
+ ctx->error_depth, ctx->error, buf);
+ }
+ }
+ return (ok);
+}
+
+#define THREAD_STACK_SIZE (16*1024)
+
+#ifdef OPENSSL_SYS_WIN32
+
+static HANDLE *lock_cs;
+
+void thread_setup(void)
+{
+ int i;
+
+ lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ lock_cs[i] = CreateMutex(NULL, FALSE, NULL);
+ }
+
+ CRYPTO_set_locking_callback((void (*)(int, int, char *, int))
+ win32_locking_callback);
+ /* id callback defined */
+}
+
+void thread_cleanup(void)
+{
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+ for (i = 0; i < CRYPTO_num_locks(); i++)
+ CloseHandle(lock_cs[i]);
+ OPENSSL_free(lock_cs);
+}
+
+void win32_locking_callback(int mode, int type, char *file, int line)
+{
+ if (mode & CRYPTO_LOCK) {
+ WaitForSingleObject(lock_cs[type], INFINITE);
+ } else {
+ ReleaseMutex(lock_cs[type]);
+ }
+}
+
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+{
+ double ret;
+ SSL_CTX *ssl_ctx[2];
+ DWORD thread_id[MAX_THREAD_NUMBER];
+ HANDLE thread_handle[MAX_THREAD_NUMBER];
+ int i;
+ SYSTEMTIME start, end;
+
+ ssl_ctx[0] = s_ctx;
+ ssl_ctx[1] = c_ctx;
+
+ GetSystemTime(&start);
+ for (i = 0; i < thread_number; i++) {
+ thread_handle[i] = CreateThread(NULL,
+ THREAD_STACK_SIZE,
+ (LPTHREAD_START_ROUTINE) ndoit,
+ (void *)ssl_ctx, 0L, &(thread_id[i]));
+ }
+
+ printf("reaping\n");
+ for (i = 0; i < thread_number; i += 50) {
+ int j;
+
+ j = (thread_number < (i + 50)) ? (thread_number - i) : 50;
+
+ if (WaitForMultipleObjects(j,
+ (CONST HANDLE *) & (thread_handle[i]),
+ TRUE, INFINITE)
+ == WAIT_FAILED) {
+ fprintf(stderr, "WaitForMultipleObjects failed:%d\n",
+ GetLastError());
+ exit(1);
+ }
+ }
+ GetSystemTime(&end);
+
+ if (start.wDayOfWeek > end.wDayOfWeek)
+ end.wDayOfWeek += 7;
+ ret = (end.wDayOfWeek - start.wDayOfWeek) * 24;
+
+ ret = (ret + end.wHour - start.wHour) * 60;
+ ret = (ret + end.wMinute - start.wMinute) * 60;
+ ret = (ret + end.wSecond - start.wSecond);
+ ret += (end.wMilliseconds - start.wMilliseconds) / 1000.0;
+
+ printf("win32 threads done - %.3f seconds\n", ret);
+}
+
+#endif /* OPENSSL_SYS_WIN32 */
+
+#ifdef SOLARIS
+
+static mutex_t *lock_cs;
+/*
+ * static rwlock_t *lock_cs;
+ */
+static long *lock_count;
+
+void thread_setup(void)
+{
+ int i;
+
+ lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
+ lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ lock_count[i] = 0;
+ /* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
+ mutex_init(&(lock_cs[i]), USYNC_THREAD, NULL);
+ }
+
+ CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+ CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+}
+
+void thread_cleanup(void)
+{
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+
+ fprintf(stderr, "cleanup\n");
+
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ /* rwlock_destroy(&(lock_cs[i])); */
+ mutex_destroy(&(lock_cs[i]));
+ fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ }
+ OPENSSL_free(lock_cs);
+ OPENSSL_free(lock_count);
+
+ fprintf(stderr, "done cleanup\n");
+
+}
+
+void solaris_locking_callback(int mode, int type, char *file, int line)
+{
+# ifdef undef
+ fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
+# endif
+
+ /*-
+ if (CRYPTO_LOCK_SSL_CERT == type)
+ fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
+ */
+ if (mode & CRYPTO_LOCK) {
+ /*-
+ if (mode & CRYPTO_READ)
+ rw_rdlock(&(lock_cs[type]));
+ else
+ rw_wrlock(&(lock_cs[type])); */
+
+ mutex_lock(&(lock_cs[type]));
+ lock_count[type]++;
+ } else {
+/* rw_unlock(&(lock_cs[type])); */
+ mutex_unlock(&(lock_cs[type]));
+ }
+}
+
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+{
+ SSL_CTX *ssl_ctx[2];
+ thread_t thread_ctx[MAX_THREAD_NUMBER];
+ int i;
+
+ ssl_ctx[0] = s_ctx;
+ ssl_ctx[1] = c_ctx;
+
+ thr_setconcurrency(thread_number);
+ for (i = 0; i < thread_number; i++) {
+ thr_create(NULL, THREAD_STACK_SIZE,
+ (void *(*)())ndoit, (void *)ssl_ctx, 0L, &(thread_ctx[i]));
+ }
+
+ printf("reaping\n");
+ for (i = 0; i < thread_number; i++) {
+ thr_join(thread_ctx[i], NULL, NULL);
+ }
+
+ printf("solaris threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+}
+
+unsigned long solaris_thread_id(void)
+{
+ unsigned long ret;
+
+ ret = (unsigned long)thr_self();
+ return (ret);
+}
+#endif /* SOLARIS */
+
+#ifdef IRIX
+
+static usptr_t *arena;
+static usema_t **lock_cs;
+
+void thread_setup(void)
+{
+ int i;
+ char filename[20];
+
+ strcpy(filename, "/tmp/mttest.XXXXXX");
+ mktemp(filename);
+
+ usconfig(CONF_STHREADIOOFF);
+ usconfig(CONF_STHREADMALLOCOFF);
+ usconfig(CONF_INITUSERS, 100);
+ usconfig(CONF_LOCKTYPE, US_DEBUGPLUS);
+ arena = usinit(filename);
+ unlink(filename);
+
+ lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ lock_cs[i] = usnewsema(arena, 1);
+ }
+
+ CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
+ CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+}
+
+void thread_cleanup(void)
+{
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ char buf[10];
+
+ sprintf(buf, "%2d:", i);
+ usdumpsema(lock_cs[i], stdout, buf);
+ usfreesema(lock_cs[i], arena);
+ }
+ OPENSSL_free(lock_cs);
+}
+
+void irix_locking_callback(int mode, int type, char *file, int line)
+{
+ if (mode & CRYPTO_LOCK) {
+ printf("lock %d\n", type);
+ uspsema(lock_cs[type]);
+ } else {
+ printf("unlock %d\n", type);
+ usvsema(lock_cs[type]);
+ }
+}
+
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+{
+ SSL_CTX *ssl_ctx[2];
+ int thread_ctx[MAX_THREAD_NUMBER];
+ int i;
+
+ ssl_ctx[0] = s_ctx;
+ ssl_ctx[1] = c_ctx;
+
+ for (i = 0; i < thread_number; i++) {
+ thread_ctx[i] = sproc((void (*)())ndoit,
+ PR_SADDR | PR_SFDS, (void *)ssl_ctx);
+ }
+
+ printf("reaping\n");
+ for (i = 0; i < thread_number; i++) {
+ wait(NULL);
+ }
+
+ printf("irix threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+}
+
+unsigned long irix_thread_id(void)
+{
+ unsigned long ret;
+
+ ret = (unsigned long)getpid();
+ return (ret);
+}
+#endif /* IRIX */
+
+#ifdef PTHREADS
+
+static pthread_mutex_t *lock_cs;
+static long *lock_count;
+
+void thread_setup(void)
+{
+ int i;
+
+ lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+ lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ lock_count[i] = 0;
+ pthread_mutex_init(&(lock_cs[i]), NULL);
+ }
+
+ CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+ CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+}
+
+void thread_cleanup(void)
+{
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+ fprintf(stderr, "cleanup\n");
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ pthread_mutex_destroy(&(lock_cs[i]));
+ fprintf(stderr, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ }
+ OPENSSL_free(lock_cs);
+ OPENSSL_free(lock_count);
+
+ fprintf(stderr, "done cleanup\n");
+}
+
+void pthreads_locking_callback(int mode, int type, char *file, int line)
+{
+# ifdef undef
+ fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
+# endif
+/*-
+ if (CRYPTO_LOCK_SSL_CERT == type)
+ fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(),
+ mode,file,line);
+*/
+ if (mode & CRYPTO_LOCK) {
+ pthread_mutex_lock(&(lock_cs[type]));
+ lock_count[type]++;
+ } else {
+ pthread_mutex_unlock(&(lock_cs[type]));
+ }
+}
+
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+{
+ SSL_CTX *ssl_ctx[2];
+ pthread_t thread_ctx[MAX_THREAD_NUMBER];
+ int i;
+
+ ssl_ctx[0] = s_ctx;
+ ssl_ctx[1] = c_ctx;
+
+ /*
+ * thr_setconcurrency(thread_number);
+ */
+ for (i = 0; i < thread_number; i++) {
+ pthread_create(&(thread_ctx[i]), NULL,
+ (void *(*)())ndoit, (void *)ssl_ctx);
+ }
+
+ printf("reaping\n");
+ for (i = 0; i < thread_number; i++) {
+ pthread_join(thread_ctx[i], NULL);
+ }
+
+ printf("pthreads threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+}
+
+unsigned long pthreads_thread_id(void)
+{
+ unsigned long ret;
+
+ ret = (unsigned long)pthread_self();
+ return (ret);
+}
+
+#endif /* PTHREADS */
+
+#ifdef OPENSSL_SYS_NETWARE
+
+void thread_setup(void)
+{
+ int i;
+
+ lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(MPKMutex));
+ lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ lock_count[i] = 0;
+ lock_cs[i] = MPKMutexAlloc("OpenSSL mutex");
+ }
+
+ ThreadSem = MPKSemaphoreAlloc("OpenSSL mttest semaphore", 0);
+
+ CRYPTO_set_id_callback((unsigned long (*)())netware_thread_id);
+ CRYPTO_set_locking_callback((void (*)())netware_locking_callback);
+}
+
+void thread_cleanup(void)
+{
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+
+ fprintf(stdout, "thread_cleanup\n");
+
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ MPKMutexFree(lock_cs[i]);
+ fprintf(stdout, "%8ld:%s\n", lock_count[i], CRYPTO_get_lock_name(i));
+ }
+ OPENSSL_free(lock_cs);
+ OPENSSL_free(lock_count);
+
+ MPKSemaphoreFree(ThreadSem);
+
+ fprintf(stdout, "done cleanup\n");
+}
+
+void netware_locking_callback(int mode, int type, char *file, int line)
+{
+ if (mode & CRYPTO_LOCK) {
+ MPKMutexLock(lock_cs[type]);
+ lock_count[type]++;
+ } else
+ MPKMutexUnlock(lock_cs[type]);
+}
+
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+{
+ SSL_CTX *ssl_ctx[2];
+ int i;
+ ssl_ctx[0] = s_ctx;
+ ssl_ctx[1] = c_ctx;
+
+ for (i = 0; i < thread_number; i++) {
+ BeginThread((void (*)(void *))ndoit, NULL, THREAD_STACK_SIZE,
+ (void *)ssl_ctx);
+ ThreadSwitchWithDelay();
+ }
+
+ printf("reaping\n");
+
+ /* loop until all threads have signaled the semaphore */
+ for (i = 0; i < thread_number; i++) {
+ MPKSemaphoreWait(ThreadSem);
+ }
+ printf("netware threads done (%d,%d)\n",
+ s_ctx->references, c_ctx->references);
+}
+
+unsigned long netware_thread_id(void)
+{
+ unsigned long ret;
+
+ ret = (unsigned long)GetThreadID();
+ return (ret);
+}
+#endif /* NETWARE */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/threads/th-lock.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/threads/th-lock.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/threads/th-lock.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,387 +0,0 @@
-/* crypto/threads/th-lock.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#ifdef LINUX
-#include <typedefs.h>
-#endif
-#ifdef OPENSSL_SYS_WIN32
-#include <windows.h>
-#endif
-#ifdef SOLARIS
-#include <synch.h>
-#include <thread.h>
-#endif
-#ifdef IRIX
-#include <ulocks.h>
-#include <sys/prctl.h>
-#endif
-#ifdef PTHREADS
-#include <pthread.h>
-#endif
-#include <openssl/lhash.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include "../../e_os.h"
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-void CRYPTO_thread_setup(void);
-void CRYPTO_thread_cleanup(void);
-
-static void irix_locking_callback(int mode,int type,char *file,int line);
-static void solaris_locking_callback(int mode,int type,char *file,int line);
-static void win32_locking_callback(int mode,int type,char *file,int line);
-static void pthreads_locking_callback(int mode,int type,char *file,int line);
-
-static unsigned long irix_thread_id(void );
-static unsigned long solaris_thread_id(void );
-static unsigned long pthreads_thread_id(void );
-
-/* usage:
- * CRYPTO_thread_setup();
- * application code
- * CRYPTO_thread_cleanup();
- */
-
-#define THREAD_STACK_SIZE (16*1024)
-
-#ifdef OPENSSL_SYS_WIN32
-
-static HANDLE *lock_cs;
-
-void CRYPTO_thread_setup(void)
- {
- int i;
-
- lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
- }
-
- CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
- /* id callback defined */
- return(1);
- }
-
-static void CRYPTO_thread_cleanup(void)
- {
- int i;
-
- CRYPTO_set_locking_callback(NULL);
- for (i=0; i<CRYPTO_num_locks(); i++)
- CloseHandle(lock_cs[i]);
- OPENSSL_free(lock_cs);
- }
-
-void win32_locking_callback(int mode, int type, char *file, int line)
- {
- if (mode & CRYPTO_LOCK)
- {
- WaitForSingleObject(lock_cs[type],INFINITE);
- }
- else
- {
- ReleaseMutex(lock_cs[type]);
- }
- }
-
-#endif /* OPENSSL_SYS_WIN32 */
-
-#ifdef SOLARIS
-
-#define USE_MUTEX
-
-#ifdef USE_MUTEX
-static mutex_t *lock_cs;
-#else
-static rwlock_t *lock_cs;
-#endif
-static long *lock_count;
-
-void CRYPTO_thread_setup(void)
- {
- int i;
-
-#ifdef USE_MUTEX
- lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
-#else
- lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t));
-#endif
- lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- lock_count[i]=0;
-#ifdef USE_MUTEX
- mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
-#else
- rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL);
-#endif
- }
-
- CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
- CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
- }
-
-void CRYPTO_thread_cleanup(void)
- {
- int i;
-
- CRYPTO_set_locking_callback(NULL);
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
-#ifdef USE_MUTEX
- mutex_destroy(&(lock_cs[i]));
-#else
- rwlock_destroy(&(lock_cs[i]));
-#endif
- }
- OPENSSL_free(lock_cs);
- OPENSSL_free(lock_count);
- }
-
-void solaris_locking_callback(int mode, int type, char *file, int line)
- {
-#if 0
- fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode&CRYPTO_LOCK)?"l":"u",
- (type&CRYPTO_READ)?"r":"w",file,line);
-#endif
-
-#if 0
- if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(),
- mode,file,line);
-#endif
- if (mode & CRYPTO_LOCK)
- {
-#ifdef USE_MUTEX
- mutex_lock(&(lock_cs[type]));
-#else
- if (mode & CRYPTO_READ)
- rw_rdlock(&(lock_cs[type]));
- else
- rw_wrlock(&(lock_cs[type]));
-#endif
- lock_count[type]++;
- }
- else
- {
-#ifdef USE_MUTEX
- mutex_unlock(&(lock_cs[type]));
-#else
- rw_unlock(&(lock_cs[type]));
-#endif
- }
- }
-
-unsigned long solaris_thread_id(void)
- {
- unsigned long ret;
-
- ret=(unsigned long)thr_self();
- return(ret);
- }
-#endif /* SOLARIS */
-
-#ifdef IRIX
-/* I don't think this works..... */
-
-static usptr_t *arena;
-static usema_t **lock_cs;
-
-void CRYPTO_thread_setup(void)
- {
- int i;
- char filename[20];
-
- strcpy(filename,"/tmp/mttest.XXXXXX");
- mktemp(filename);
-
- usconfig(CONF_STHREADIOOFF);
- usconfig(CONF_STHREADMALLOCOFF);
- usconfig(CONF_INITUSERS,100);
- usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
- arena=usinit(filename);
- unlink(filename);
-
- lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- lock_cs[i]=usnewsema(arena,1);
- }
-
- CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
- CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
- }
-
-void CRYPTO_thread_cleanup(void)
- {
- int i;
-
- CRYPTO_set_locking_callback(NULL);
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- char buf[10];
-
- sprintf(buf,"%2d:",i);
- usdumpsema(lock_cs[i],stdout,buf);
- usfreesema(lock_cs[i],arena);
- }
- OPENSSL_free(lock_cs);
- }
-
-void irix_locking_callback(int mode, int type, char *file, int line)
- {
- if (mode & CRYPTO_LOCK)
- {
- uspsema(lock_cs[type]);
- }
- else
- {
- usvsema(lock_cs[type]);
- }
- }
-
-unsigned long irix_thread_id(void)
- {
- unsigned long ret;
-
- ret=(unsigned long)getpid();
- return(ret);
- }
-#endif /* IRIX */
-
-/* Linux and a few others */
-#ifdef PTHREADS
-
-static pthread_mutex_t *lock_cs;
-static long *lock_count;
-
-void CRYPTO_thread_setup(void)
- {
- int i;
-
- lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
- lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- lock_count[i]=0;
- pthread_mutex_init(&(lock_cs[i]),NULL);
- }
-
- CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
- CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
- }
-
-void thread_cleanup(void)
- {
- int i;
-
- CRYPTO_set_locking_callback(NULL);
- for (i=0; i<CRYPTO_num_locks(); i++)
- {
- pthread_mutex_destroy(&(lock_cs[i]));
- }
- OPENSSL_free(lock_cs);
- OPENSSL_free(lock_count);
- }
-
-void pthreads_locking_callback(int mode, int type, char *file,
- int line)
- {
-#if 0
- fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
- CRYPTO_thread_id(),
- (mode&CRYPTO_LOCK)?"l":"u",
- (type&CRYPTO_READ)?"r":"w",file,line);
-#endif
-#if 0
- if (CRYPTO_LOCK_SSL_CERT == type)
- fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
- CRYPTO_thread_id(),
- mode,file,line);
-#endif
- if (mode & CRYPTO_LOCK)
- {
- pthread_mutex_lock(&(lock_cs[type]));
- lock_count[type]++;
- }
- else
- {
- pthread_mutex_unlock(&(lock_cs[type]));
- }
- }
-
-unsigned long pthreads_thread_id(void)
- {
- unsigned long ret;
-
- ret=(unsigned long)pthread_self();
- return(ret);
- }
-
-#endif /* PTHREADS */
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/threads/th-lock.c (from rev 6976, vendor-crypto/openssl/dist/crypto/threads/th-lock.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/threads/th-lock.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/threads/th-lock.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,368 @@
+/* crypto/threads/th-lock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef LINUX
+# include <typedefs.h>
+#endif
+#ifdef OPENSSL_SYS_WIN32
+# include <windows.h>
+#endif
+#ifdef SOLARIS
+# include <synch.h>
+# include <thread.h>
+#endif
+#ifdef IRIX
+# include <ulocks.h>
+# include <sys/prctl.h>
+#endif
+#ifdef PTHREADS
+# include <pthread.h>
+#endif
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include "../../e_os.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+void CRYPTO_thread_setup(void);
+void CRYPTO_thread_cleanup(void);
+
+static void irix_locking_callback(int mode, int type, char *file, int line);
+static void solaris_locking_callback(int mode, int type, char *file,
+ int line);
+static void win32_locking_callback(int mode, int type, char *file, int line);
+static void pthreads_locking_callback(int mode, int type, char *file,
+ int line);
+
+static unsigned long irix_thread_id(void);
+static unsigned long solaris_thread_id(void);
+static unsigned long pthreads_thread_id(void);
+
+/*-
+ * usage:
+ * CRYPTO_thread_setup();
+ * application code
+ * CRYPTO_thread_cleanup();
+ */
+
+#define THREAD_STACK_SIZE (16*1024)
+
+#ifdef OPENSSL_SYS_WIN32
+
+static HANDLE *lock_cs;
+
+void CRYPTO_thread_setup(void)
+{
+ int i;
+
+ lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ lock_cs[i] = CreateMutex(NULL, FALSE, NULL);
+ }
+
+ CRYPTO_set_locking_callback((void (*)(int, int, char *, int))
+ win32_locking_callback);
+ /* id callback defined */
+ return (1);
+}
+
+static void CRYPTO_thread_cleanup(void)
+{
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+ for (i = 0; i < CRYPTO_num_locks(); i++)
+ CloseHandle(lock_cs[i]);
+ OPENSSL_free(lock_cs);
+}
+
+void win32_locking_callback(int mode, int type, char *file, int line)
+{
+ if (mode & CRYPTO_LOCK) {
+ WaitForSingleObject(lock_cs[type], INFINITE);
+ } else {
+ ReleaseMutex(lock_cs[type]);
+ }
+}
+
+#endif /* OPENSSL_SYS_WIN32 */
+
+#ifdef SOLARIS
+
+# define USE_MUTEX
+
+# ifdef USE_MUTEX
+static mutex_t *lock_cs;
+# else
+static rwlock_t *lock_cs;
+# endif
+static long *lock_count;
+
+void CRYPTO_thread_setup(void)
+{
+ int i;
+
+# ifdef USE_MUTEX
+ lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
+# else
+ lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t));
+# endif
+ lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ lock_count[i] = 0;
+# ifdef USE_MUTEX
+ mutex_init(&(lock_cs[i]), USYNC_THREAD, NULL);
+# else
+ rwlock_init(&(lock_cs[i]), USYNC_THREAD, NULL);
+# endif
+ }
+
+ CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+ CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+}
+
+void CRYPTO_thread_cleanup(void)
+{
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+# ifdef USE_MUTEX
+ mutex_destroy(&(lock_cs[i]));
+# else
+ rwlock_destroy(&(lock_cs[i]));
+# endif
+ }
+ OPENSSL_free(lock_cs);
+ OPENSSL_free(lock_count);
+}
+
+void solaris_locking_callback(int mode, int type, char *file, int line)
+{
+# if 0
+ fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
+# endif
+
+# if 0
+ if (CRYPTO_LOCK_SSL_CERT == type)
+ fprintf(stderr, "(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(), mode, file, line);
+# endif
+ if (mode & CRYPTO_LOCK) {
+# ifdef USE_MUTEX
+ mutex_lock(&(lock_cs[type]));
+# else
+ if (mode & CRYPTO_READ)
+ rw_rdlock(&(lock_cs[type]));
+ else
+ rw_wrlock(&(lock_cs[type]));
+# endif
+ lock_count[type]++;
+ } else {
+# ifdef USE_MUTEX
+ mutex_unlock(&(lock_cs[type]));
+# else
+ rw_unlock(&(lock_cs[type]));
+# endif
+ }
+}
+
+unsigned long solaris_thread_id(void)
+{
+ unsigned long ret;
+
+ ret = (unsigned long)thr_self();
+ return (ret);
+}
+#endif /* SOLARIS */
+
+#ifdef IRIX
+/* I don't think this works..... */
+
+static usptr_t *arena;
+static usema_t **lock_cs;
+
+void CRYPTO_thread_setup(void)
+{
+ int i;
+ char filename[20];
+
+ strcpy(filename, "/tmp/mttest.XXXXXX");
+ mktemp(filename);
+
+ usconfig(CONF_STHREADIOOFF);
+ usconfig(CONF_STHREADMALLOCOFF);
+ usconfig(CONF_INITUSERS, 100);
+ usconfig(CONF_LOCKTYPE, US_DEBUGPLUS);
+ arena = usinit(filename);
+ unlink(filename);
+
+ lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ lock_cs[i] = usnewsema(arena, 1);
+ }
+
+ CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
+ CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+}
+
+void CRYPTO_thread_cleanup(void)
+{
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ char buf[10];
+
+ sprintf(buf, "%2d:", i);
+ usdumpsema(lock_cs[i], stdout, buf);
+ usfreesema(lock_cs[i], arena);
+ }
+ OPENSSL_free(lock_cs);
+}
+
+void irix_locking_callback(int mode, int type, char *file, int line)
+{
+ if (mode & CRYPTO_LOCK) {
+ uspsema(lock_cs[type]);
+ } else {
+ usvsema(lock_cs[type]);
+ }
+}
+
+unsigned long irix_thread_id(void)
+{
+ unsigned long ret;
+
+ ret = (unsigned long)getpid();
+ return (ret);
+}
+#endif /* IRIX */
+
+/* Linux and a few others */
+#ifdef PTHREADS
+
+static pthread_mutex_t *lock_cs;
+static long *lock_count;
+
+void CRYPTO_thread_setup(void)
+{
+ int i;
+
+ lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+ lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ lock_count[i] = 0;
+ pthread_mutex_init(&(lock_cs[i]), NULL);
+ }
+
+ CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+ CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+}
+
+void thread_cleanup(void)
+{
+ int i;
+
+ CRYPTO_set_locking_callback(NULL);
+ for (i = 0; i < CRYPTO_num_locks(); i++) {
+ pthread_mutex_destroy(&(lock_cs[i]));
+ }
+ OPENSSL_free(lock_cs);
+ OPENSSL_free(lock_count);
+}
+
+void pthreads_locking_callback(int mode, int type, char *file, int line)
+{
+# if 0
+ fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n",
+ CRYPTO_thread_id(),
+ (mode & CRYPTO_LOCK) ? "l" : "u",
+ (type & CRYPTO_READ) ? "r" : "w", file, line);
+# endif
+# if 0
+ if (CRYPTO_LOCK_SSL_CERT == type)
+ fprintf(stderr, "(t,m,f,l) %ld %d %s %d\n",
+ CRYPTO_thread_id(), mode, file, line);
+# endif
+ if (mode & CRYPTO_LOCK) {
+ pthread_mutex_lock(&(lock_cs[type]));
+ lock_count[type]++;
+ } else {
+ pthread_mutex_unlock(&(lock_cs[type]));
+ }
+}
+
+unsigned long pthreads_thread_id(void)
+{
+ unsigned long ret;
+
+ ret = (unsigned long)pthread_self();
+ return (ret);
+}
+
+#endif /* PTHREADS */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/tmdiff.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,260 +0,0 @@
-/* crypto/tmdiff.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include "cryptlib.h"
-#include <openssl/tmdiff.h>
-#if !defined(OPENSSL_SYS_MSDOS)
-#include OPENSSL_UNISTD
-#endif
-
-#ifdef TIMEB
-#undef OPENSSL_SYS_WIN32
-#undef TIMES
-#endif
-
-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) && !(defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX_RHAPSODY) && !defined(OPENSSL_SYS_VXWORKS)
-# define TIMES
-#endif
-
-#ifdef OPENSSL_SYS_NETWARE
-#undef TIMES
-#endif
-
-#if !defined(_IRIX) || defined (OPENSSL_SYS_NETWARE)
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
-#include <sys/timeb.h>
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
-#include <windows.h>
-#endif
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# if defined(_SC_CLK_TCK) \
- && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
-/* # define HZ ((double)sysconf(_SC_CLK_TCK)) */
-# define HZ sysconf(_SC_CLK_TCK)
-# else
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-# endif
-#endif
-
-struct ms_tm
- {
-#ifdef TIMES
- struct tms ms_tms;
-#else
-# ifdef OPENSSL_SYS_WIN32
- HANDLE thread_id;
- FILETIME ms_win32;
-# elif defined (OPENSSL_SYS_NETWARE)
- clock_t ms_clock;
-# else
-# ifdef OPENSSL_SYS_VXWORKS
- unsigned long ticks;
-# else
- struct timeb ms_timeb;
-# endif
-# endif
-#endif
- };
-
-MS_TM *ms_time_new(void)
- {
- MS_TM *ret;
-
- ret=(MS_TM *)OPENSSL_malloc(sizeof(MS_TM));
- if (ret == NULL)
- return(NULL);
- memset(ret,0,sizeof(MS_TM));
-#ifdef OPENSSL_SYS_WIN32
- ret->thread_id=GetCurrentThread();
-#endif
- return ret;
- }
-
-void ms_time_free(MS_TM *a)
- {
- if (a != NULL)
- OPENSSL_free(a);
- }
-
-void ms_time_get(MS_TM *tm)
- {
-#ifdef OPENSSL_SYS_WIN32
- FILETIME tmpa,tmpb,tmpc;
-#endif
-
-#ifdef TIMES
- times(&tm->ms_tms);
-#else
-# ifdef OPENSSL_SYS_WIN32
- GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32));
-# elif defined (OPENSSL_SYS_NETWARE)
- tm->ms_clock = clock();
-# else
-# ifdef OPENSSL_SYS_VXWORKS
- tm->ticks = tickGet();
-# else
- ftime(&tm->ms_timeb);
-# endif
-# endif
-#endif
- }
-
-double ms_time_diff(MS_TM *a, MS_TM *b)
- {
- double ret;
-
-#ifdef TIMES
- ret = HZ;
- ret = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / ret;
-#else
-# ifdef OPENSSL_SYS_WIN32
- {
-#ifdef __GNUC__
- signed long long la,lb;
-#else
- signed _int64 la,lb;
-#endif
- la=a->ms_win32.dwHighDateTime;
- lb=b->ms_win32.dwHighDateTime;
- la<<=32;
- lb<<=32;
- la+=a->ms_win32.dwLowDateTime;
- lb+=b->ms_win32.dwLowDateTime;
- ret=((double)(lb-la))/1e7;
- }
-# elif defined (OPENSSL_SYS_NETWARE)
- ret= (double)(b->ms_clock - a->ms_clock);
-# else
-# ifdef OPENSSL_SYS_VXWORKS
- ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet();
-# else
- ret= (double)(b->ms_timeb.time-a->ms_timeb.time)+
- (((double)b->ms_timeb.millitm)-
- ((double)a->ms_timeb.millitm))/1000.0;
-# endif
-# endif
-#endif
- return((ret < 0.0000001)?0.0000001:ret);
- }
-
-int ms_time_cmp(const MS_TM *a, const MS_TM *b)
- {
- double d;
- int ret;
-
-#ifdef TIMES
- d = HZ;
- d = (b->ms_tms.tms_utime-a->ms_tms.tms_utime) / d;
-#else
-# ifdef OPENSSL_SYS_WIN32
- d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7;
- d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
-# elif defined (OPENSSL_SYS_NETWARE)
- d= (double)(b->ms_clock - a->ms_clock);
-# else
-# ifdef OPENSSL_SYS_VXWORKS
- d = (b->ticks - a->ticks);
-# else
- d= (double)(b->ms_timeb.time-a->ms_timeb.time)+
- (((double)b->ms_timeb.millitm)-(double)a->ms_timeb.millitm)/1000.0;
-# endif
-# endif
-#endif
- if (d == 0.0)
- ret=0;
- else if (d < 0)
- ret= -1;
- else
- ret=1;
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.c (from rev 6976, vendor-crypto/openssl/dist/crypto/tmdiff.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,263 @@
+/* crypto/tmdiff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/tmdiff.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+#endif
+
+#ifdef TIMEB
+# undef OPENSSL_SYS_WIN32
+# undef TIMES
+#endif
+
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) && !(defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX_RHAPSODY) && !defined(OPENSSL_SYS_VXWORKS)
+# define TIMES
+#endif
+
+#ifdef OPENSSL_SYS_NETWARE
+# undef TIMES
+#endif
+
+#if !defined(_IRIX) || defined (OPENSSL_SYS_NETWARE)
+# include <time.h>
+#endif
+#ifdef TIMES
+# include <sys/types.h>
+# include <sys/times.h>
+#endif
+
+/*
+ * Depending on the VMS version, the tms structure is perhaps defined. The
+ * __TMS macro will show if it was. If it wasn't defined, we should undefine
+ * TIMES, since that tells the rest of the program how things should be
+ * handled. -- Richard Levitte
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+# undef TIMES
+#endif
+
+#if defined(sun) || defined(__ultrix)
+# define _POSIX_SOURCE
+# include <limits.h>
+# include <sys/param.h>
+#endif
+
+#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
+# include <sys/timeb.h>
+#endif
+
+#ifdef OPENSSL_SYS_WIN32
+# include <windows.h>
+#endif
+
+/* The following if from times(3) man page. It may need to be changed */
+#ifndef HZ
+# if defined(_SC_CLK_TCK) \
+ && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
+/* # define HZ ((double)sysconf(_SC_CLK_TCK)) */
+# define HZ sysconf(_SC_CLK_TCK)
+# else
+# ifndef CLK_TCK
+# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+# define HZ 100.0
+# else /* _BSD_CLK_TCK_ */
+# define HZ ((double)_BSD_CLK_TCK_)
+# endif
+# else /* CLK_TCK */
+# define HZ ((double)CLK_TCK)
+# endif
+# endif
+#endif
+
+struct ms_tm {
+#ifdef TIMES
+ struct tms ms_tms;
+#else
+# ifdef OPENSSL_SYS_WIN32
+ HANDLE thread_id;
+ FILETIME ms_win32;
+# elif defined (OPENSSL_SYS_NETWARE)
+ clock_t ms_clock;
+# else
+# ifdef OPENSSL_SYS_VXWORKS
+ unsigned long ticks;
+# else
+ struct timeb ms_timeb;
+# endif
+# endif
+#endif
+};
+
+MS_TM *ms_time_new(void)
+{
+ MS_TM *ret;
+
+ ret = (MS_TM *) OPENSSL_malloc(sizeof(MS_TM));
+ if (ret == NULL)
+ return (NULL);
+ memset(ret, 0, sizeof(MS_TM));
+#ifdef OPENSSL_SYS_WIN32
+ ret->thread_id = GetCurrentThread();
+#endif
+ return ret;
+}
+
+void ms_time_free(MS_TM * a)
+{
+ if (a != NULL)
+ OPENSSL_free(a);
+}
+
+void ms_time_get(MS_TM * tm)
+{
+#ifdef OPENSSL_SYS_WIN32
+ FILETIME tmpa, tmpb, tmpc;
+#endif
+
+#ifdef TIMES
+ times(&tm->ms_tms);
+#else
+# ifdef OPENSSL_SYS_WIN32
+ GetThreadTimes(tm->thread_id, &tmpa, &tmpb, &tmpc, &(tm->ms_win32));
+# elif defined (OPENSSL_SYS_NETWARE)
+ tm->ms_clock = clock();
+# else
+# ifdef OPENSSL_SYS_VXWORKS
+ tm->ticks = tickGet();
+# else
+ ftime(&tm->ms_timeb);
+# endif
+# endif
+#endif
+}
+
+double ms_time_diff(MS_TM * a, MS_TM * b)
+{
+ double ret;
+
+#ifdef TIMES
+ ret = HZ;
+ ret = (b->ms_tms.tms_utime - a->ms_tms.tms_utime) / ret;
+#else
+# ifdef OPENSSL_SYS_WIN32
+ {
+# ifdef __GNUC__
+ signed long long la, lb;
+# else
+ signed _int64 la, lb;
+# endif
+ la = a->ms_win32.dwHighDateTime;
+ lb = b->ms_win32.dwHighDateTime;
+ la <<= 32;
+ lb <<= 32;
+ la += a->ms_win32.dwLowDateTime;
+ lb += b->ms_win32.dwLowDateTime;
+ ret = ((double)(lb - la)) / 1e7;
+ }
+# elif defined (OPENSSL_SYS_NETWARE)
+ ret = (double)(b->ms_clock - a->ms_clock);
+# else
+# ifdef OPENSSL_SYS_VXWORKS
+ ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet();
+# else
+ ret = (double)(b->ms_timeb.time - a->ms_timeb.time) +
+ (((double)b->ms_timeb.millitm) -
+ ((double)a->ms_timeb.millitm)) / 1000.0;
+# endif
+# endif
+#endif
+ return ((ret < 0.0000001) ? 0.0000001 : ret);
+}
+
+int ms_time_cmp(const MS_TM * a, const MS_TM * b)
+{
+ double d;
+ int ret;
+
+#ifdef TIMES
+ d = HZ;
+ d = (b->ms_tms.tms_utime - a->ms_tms.tms_utime) / d;
+#else
+# ifdef OPENSSL_SYS_WIN32
+ d = (b->ms_win32.dwHighDateTime & 0x000fffff) * 10 +
+ b->ms_win32.dwLowDateTime / 1e7;
+ d -= (a->ms_win32.dwHighDateTime & 0x000fffff) * 10 +
+ a->ms_win32.dwLowDateTime / 1e7;
+# elif defined (OPENSSL_SYS_NETWARE)
+ d = (double)(b->ms_clock - a->ms_clock);
+# else
+# ifdef OPENSSL_SYS_VXWORKS
+ d = (b->ticks - a->ticks);
+# else
+ d = (double)(b->ms_timeb.time - a->ms_timeb.time) +
+ (((double)b->ms_timeb.millitm) -
+ (double)a->ms_timeb.millitm) / 1000.0;
+# endif
+# endif
+#endif
+ if (d == 0.0)
+ ret = 0;
+ else if (d < 0)
+ ret = -1;
+ else
+ ret = 1;
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/tmdiff.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,93 +0,0 @@
-/* crypto/tmdiff.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Header for dynamic hash table routines
- * Author - Eric Young
- */
-/* ... erm yeah, "dynamic hash tables" you say?
- *
- * And what would dynamic hash tables have to do with any of this code *now*?
- * AFAICS, this code is only referenced by crypto/bn/exp.c which is an unused
- * file that I doubt compiles any more. speed.c is the only thing that could
- * use this (and it has nothing to do with hash tables), yet it instead has its
- * own duplication of all this stuff and looks, if anything, more complete. See
- * the corresponding note in apps/speed.c.
- * The Bemused - Geoff
- */
-
-#ifndef HEADER_TMDIFF_H
-#define HEADER_TMDIFF_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct ms_tm MS_TM;
-
-MS_TM *ms_time_new(void );
-void ms_time_free(MS_TM *a);
-void ms_time_get(MS_TM *a);
-double ms_time_diff(MS_TM *start, MS_TM *end);
-int ms_time_cmp(const MS_TM *ap, const MS_TM *bp);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.h (from rev 6976, vendor-crypto/openssl/dist/crypto/tmdiff.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/tmdiff.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,91 @@
+/* crypto/tmdiff.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * Header for dynamic hash table routines Author - Eric Young
+ */
+/*
+ * ... erm yeah, "dynamic hash tables" you say? And what would dynamic hash
+ * tables have to do with any of this code *now*? AFAICS, this code is only
+ * referenced by crypto/bn/exp.c which is an unused file that I doubt
+ * compiles any more. speed.c is the only thing that could use this (and it
+ * has nothing to do with hash tables), yet it instead has its own
+ * duplication of all this stuff and looks, if anything, more complete. See
+ * the corresponding note in apps/speed.c. The Bemused - Geoff
+ */
+
+#ifndef HEADER_TMDIFF_H
+# define HEADER_TMDIFF_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct ms_tm MS_TM;
+
+MS_TM *ms_time_new(void);
+void ms_time_free(MS_TM * a);
+void ms_time_get(MS_TM * a);
+double ms_time_diff(MS_TM * start, MS_TM * end);
+int ms_time_cmp(const MS_TM * ap, const MS_TM * bp);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/txt_db/txt_db.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,386 +0,0 @@
-/* crypto/txt_db/txt_db.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/txt_db.h>
-
-#undef BUFSIZE
-#define BUFSIZE 512
-
-const char TXT_DB_version[]="TXT_DB" OPENSSL_VERSION_PTEXT;
-
-TXT_DB *TXT_DB_read(BIO *in, int num)
- {
- TXT_DB *ret=NULL;
- int er=1;
- int esc=0;
- long ln=0;
- int i,add,n;
- int size=BUFSIZE;
- int offset=0;
- char *p,**pp,*f;
- BUF_MEM *buf=NULL;
-
- if ((buf=BUF_MEM_new()) == NULL) goto err;
- if (!BUF_MEM_grow(buf,size)) goto err;
-
- if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
- goto err;
- ret->num_fields=num;
- ret->index=NULL;
- ret->qual=NULL;
- if ((ret->data=sk_new_null()) == NULL)
- goto err;
- if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL)
- goto err;
- if ((ret->qual=(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **))*num)) == NULL)
- goto err;
- for (i=0; i<num; i++)
- {
- ret->index[i]=NULL;
- ret->qual[i]=NULL;
- }
-
- add=(num+1)*sizeof(char *);
- buf->data[size-1]='\0';
- offset=0;
- for (;;)
- {
- if (offset != 0)
- {
- size+=BUFSIZE;
- if (!BUF_MEM_grow_clean(buf,size)) goto err;
- }
- buf->data[offset]='\0';
- BIO_gets(in,&(buf->data[offset]),size-offset);
- ln++;
- if (buf->data[offset] == '\0') break;
- if ((offset == 0) && (buf->data[0] == '#')) continue;
- i=strlen(&(buf->data[offset]));
- offset+=i;
- if (buf->data[offset-1] != '\n')
- continue;
- else
- {
- buf->data[offset-1]='\0'; /* blat the '\n' */
- if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
- offset=0;
- }
- pp=(char **)p;
- p+=add;
- n=0;
- pp[n++]=p;
- i=0;
- f=buf->data;
-
- esc=0;
- for (;;)
- {
- if (*f == '\0') break;
- if (*f == '\t')
- {
- if (esc)
- p--;
- else
- {
- *(p++)='\0';
- f++;
- if (n >= num) break;
- pp[n++]=p;
- continue;
- }
- }
- esc=(*f == '\\');
- *(p++)= *(f++);
- }
- *(p++)='\0';
- if ((n != num) || (*f != '\0'))
- {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty fix :-( */
- fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f);
-#endif
- er=2;
- goto err;
- }
- pp[n]=p;
- if (!sk_push(ret->data,(char *)pp))
- {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty fix :-( */
- fprintf(stderr,"failure in sk_push\n");
-#endif
- er=2;
- goto err;
- }
- }
- er=0;
-err:
- BUF_MEM_free(buf);
- if (er)
- {
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
- if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n");
-#endif
- if (ret != NULL)
- {
- if (ret->data != NULL) sk_free(ret->data);
- if (ret->index != NULL) OPENSSL_free(ret->index);
- if (ret->qual != NULL) OPENSSL_free(ret->qual);
- if (ret != NULL) OPENSSL_free(ret);
- }
- return(NULL);
- }
- else
- return(ret);
- }
-
-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
- {
- char **ret;
- LHASH *lh;
-
- if (idx >= db->num_fields)
- {
- db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
- return(NULL);
- }
- lh=db->index[idx];
- if (lh == NULL)
- {
- db->error=DB_ERROR_NO_INDEX;
- return(NULL);
- }
- ret=(char **)lh_retrieve(lh,value);
- db->error=DB_ERROR_OK;
- return(ret);
- }
-
-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **),
- LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
- {
- LHASH *idx;
- char **r;
- int i,n;
-
- if (field >= db->num_fields)
- {
- db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
- return(0);
- }
- if ((idx=lh_new(hash,cmp)) == NULL)
- {
- db->error=DB_ERROR_MALLOC;
- return(0);
- }
- n=sk_num(db->data);
- for (i=0; i<n; i++)
- {
- r=(char **)sk_value(db->data,i);
- if ((qual != NULL) && (qual(r) == 0)) continue;
- if ((r=lh_insert(idx,r)) != NULL)
- {
- db->error=DB_ERROR_INDEX_CLASH;
- db->arg1=sk_find(db->data,(char *)r);
- db->arg2=i;
- lh_free(idx);
- return(0);
- }
- }
- if (db->index[field] != NULL) lh_free(db->index[field]);
- db->index[field]=idx;
- db->qual[field]=qual;
- return(1);
- }
-
-long TXT_DB_write(BIO *out, TXT_DB *db)
- {
- long i,j,n,nn,l,tot=0;
- char *p,**pp,*f;
- BUF_MEM *buf=NULL;
- long ret= -1;
-
- if ((buf=BUF_MEM_new()) == NULL)
- goto err;
- n=sk_num(db->data);
- nn=db->num_fields;
- for (i=0; i<n; i++)
- {
- pp=(char **)sk_value(db->data,i);
-
- l=0;
- for (j=0; j<nn; j++)
- {
- if (pp[j] != NULL)
- l+=strlen(pp[j]);
- }
- if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err;
-
- p=buf->data;
- for (j=0; j<nn; j++)
- {
- f=pp[j];
- if (f != NULL)
- for (;;)
- {
- if (*f == '\0') break;
- if (*f == '\t') *(p++)='\\';
- *(p++)= *(f++);
- }
- *(p++)='\t';
- }
- p[-1]='\n';
- j=p-buf->data;
- if (BIO_write(out,buf->data,(int)j) != j)
- goto err;
- tot+=j;
- }
- ret=tot;
-err:
- if (buf != NULL) BUF_MEM_free(buf);
- return(ret);
- }
-
-int TXT_DB_insert(TXT_DB *db, char **row)
- {
- int i;
- char **r;
-
- for (i=0; i<db->num_fields; i++)
- {
- if (db->index[i] != NULL)
- {
- if ((db->qual[i] != NULL) &&
- (db->qual[i](row) == 0)) continue;
- r=(char **)lh_retrieve(db->index[i],row);
- if (r != NULL)
- {
- db->error=DB_ERROR_INDEX_CLASH;
- db->arg1=i;
- db->arg_row=r;
- goto err;
- }
- }
- }
- /* We have passed the index checks, now just append and insert */
- if (!sk_push(db->data,(char *)row))
- {
- db->error=DB_ERROR_MALLOC;
- goto err;
- }
-
- for (i=0; i<db->num_fields; i++)
- {
- if (db->index[i] != NULL)
- {
- if ((db->qual[i] != NULL) &&
- (db->qual[i](row) == 0)) continue;
- lh_insert(db->index[i],row);
- }
- }
- return(1);
-err:
- return(0);
- }
-
-void TXT_DB_free(TXT_DB *db)
- {
- int i,n;
- char **p,*max;
-
- if(db == NULL)
- return;
-
- if (db->index != NULL)
- {
- for (i=db->num_fields-1; i>=0; i--)
- if (db->index[i] != NULL) lh_free(db->index[i]);
- OPENSSL_free(db->index);
- }
- if (db->qual != NULL)
- OPENSSL_free(db->qual);
- if (db->data != NULL)
- {
- for (i=sk_num(db->data)-1; i>=0; i--)
- {
- /* check if any 'fields' have been allocated
- * from outside of the initial block */
- p=(char **)sk_value(db->data,i);
- max=p[db->num_fields]; /* last address */
- if (max == NULL) /* new row */
- {
- for (n=0; n<db->num_fields; n++)
- if (p[n] != NULL) OPENSSL_free(p[n]);
- }
- else
- {
- for (n=0; n<db->num_fields; n++)
- {
- if (((p[n] < (char *)p) || (p[n] > max))
- && (p[n] != NULL))
- OPENSSL_free(p[n]);
- }
- }
- OPENSSL_free(sk_value(db->data,i));
- }
- sk_free(db->data);
- }
- OPENSSL_free(db);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.c (from rev 6976, vendor-crypto/openssl/dist/crypto/txt_db/txt_db.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,381 @@
+/* crypto/txt_db/txt_db.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/txt_db.h>
+
+#undef BUFSIZE
+#define BUFSIZE 512
+
+const char TXT_DB_version[] = "TXT_DB" OPENSSL_VERSION_PTEXT;
+
+TXT_DB *TXT_DB_read(BIO *in, int num)
+{
+ TXT_DB *ret = NULL;
+ int er = 1;
+ int esc = 0;
+ long ln = 0;
+ int i, add, n;
+ int size = BUFSIZE;
+ int offset = 0;
+ char *p, **pp, *f;
+ BUF_MEM *buf = NULL;
+
+ if ((buf = BUF_MEM_new()) == NULL)
+ goto err;
+ if (!BUF_MEM_grow(buf, size))
+ goto err;
+
+ if ((ret = (TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
+ goto err;
+ ret->num_fields = num;
+ ret->index = NULL;
+ ret->qual = NULL;
+ if ((ret->data = sk_new_null()) == NULL)
+ goto err;
+ if ((ret->index =
+ (LHASH **)OPENSSL_malloc(sizeof(LHASH *) * num)) == NULL)
+ goto err;
+ if ((ret->qual =
+ (int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **)) *
+ num)) == NULL)
+ goto err;
+ for (i = 0; i < num; i++) {
+ ret->index[i] = NULL;
+ ret->qual[i] = NULL;
+ }
+
+ add = (num + 1) * sizeof(char *);
+ buf->data[size - 1] = '\0';
+ offset = 0;
+ for (;;) {
+ if (offset != 0) {
+ size += BUFSIZE;
+ if (!BUF_MEM_grow_clean(buf, size))
+ goto err;
+ }
+ buf->data[offset] = '\0';
+ BIO_gets(in, &(buf->data[offset]), size - offset);
+ ln++;
+ if (buf->data[offset] == '\0')
+ break;
+ if ((offset == 0) && (buf->data[0] == '#'))
+ continue;
+ i = strlen(&(buf->data[offset]));
+ offset += i;
+ if (buf->data[offset - 1] != '\n')
+ continue;
+ else {
+ buf->data[offset - 1] = '\0'; /* blat the '\n' */
+ if (!(p = (char *)OPENSSL_malloc(add + offset)))
+ goto err;
+ offset = 0;
+ }
+ pp = (char **)p;
+ p += add;
+ n = 0;
+ pp[n++] = p;
+ i = 0;
+ f = buf->data;
+
+ esc = 0;
+ for (;;) {
+ if (*f == '\0')
+ break;
+ if (*f == '\t') {
+ if (esc)
+ p--;
+ else {
+ *(p++) = '\0';
+ f++;
+ if (n >= num)
+ break;
+ pp[n++] = p;
+ continue;
+ }
+ }
+ esc = (*f == '\\');
+ *(p++) = *(f++);
+ }
+ *(p++) = '\0';
+ if ((n != num) || (*f != '\0')) {
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty
+ * fix :-( */
+ fprintf(stderr,
+ "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",
+ ln, num, n, f);
+#endif
+ er = 2;
+ goto err;
+ }
+ pp[n] = p;
+ if (!sk_push(ret->data, (char *)pp)) {
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty
+ * fix :-( */
+ fprintf(stderr, "failure in sk_push\n");
+#endif
+ er = 2;
+ goto err;
+ }
+ }
+ er = 0;
+ err:
+ BUF_MEM_free(buf);
+ if (er) {
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+ if (er == 1)
+ fprintf(stderr, "OPENSSL_malloc failure\n");
+#endif
+ if (ret != NULL) {
+ if (ret->data != NULL)
+ sk_free(ret->data);
+ if (ret->index != NULL)
+ OPENSSL_free(ret->index);
+ if (ret->qual != NULL)
+ OPENSSL_free(ret->qual);
+ if (ret != NULL)
+ OPENSSL_free(ret);
+ }
+ return (NULL);
+ } else
+ return (ret);
+}
+
+char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
+{
+ char **ret;
+ LHASH *lh;
+
+ if (idx >= db->num_fields) {
+ db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
+ return (NULL);
+ }
+ lh = db->index[idx];
+ if (lh == NULL) {
+ db->error = DB_ERROR_NO_INDEX;
+ return (NULL);
+ }
+ ret = (char **)lh_retrieve(lh, value);
+ db->error = DB_ERROR_OK;
+ return (ret);
+}
+
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (char **),
+ LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
+{
+ LHASH *idx;
+ char **r;
+ int i, n;
+
+ if (field >= db->num_fields) {
+ db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
+ return (0);
+ }
+ if ((idx = lh_new(hash, cmp)) == NULL) {
+ db->error = DB_ERROR_MALLOC;
+ return (0);
+ }
+ n = sk_num(db->data);
+ for (i = 0; i < n; i++) {
+ r = (char **)sk_value(db->data, i);
+ if ((qual != NULL) && (qual(r) == 0))
+ continue;
+ if ((r = lh_insert(idx, r)) != NULL) {
+ db->error = DB_ERROR_INDEX_CLASH;
+ db->arg1 = sk_find(db->data, (char *)r);
+ db->arg2 = i;
+ lh_free(idx);
+ return (0);
+ }
+ }
+ if (db->index[field] != NULL)
+ lh_free(db->index[field]);
+ db->index[field] = idx;
+ db->qual[field] = qual;
+ return (1);
+}
+
+long TXT_DB_write(BIO *out, TXT_DB *db)
+{
+ long i, j, n, nn, l, tot = 0;
+ char *p, **pp, *f;
+ BUF_MEM *buf = NULL;
+ long ret = -1;
+
+ if ((buf = BUF_MEM_new()) == NULL)
+ goto err;
+ n = sk_num(db->data);
+ nn = db->num_fields;
+ for (i = 0; i < n; i++) {
+ pp = (char **)sk_value(db->data, i);
+
+ l = 0;
+ for (j = 0; j < nn; j++) {
+ if (pp[j] != NULL)
+ l += strlen(pp[j]);
+ }
+ if (!BUF_MEM_grow_clean(buf, (int)(l * 2 + nn)))
+ goto err;
+
+ p = buf->data;
+ for (j = 0; j < nn; j++) {
+ f = pp[j];
+ if (f != NULL)
+ for (;;) {
+ if (*f == '\0')
+ break;
+ if (*f == '\t')
+ *(p++) = '\\';
+ *(p++) = *(f++);
+ }
+ *(p++) = '\t';
+ }
+ p[-1] = '\n';
+ j = p - buf->data;
+ if (BIO_write(out, buf->data, (int)j) != j)
+ goto err;
+ tot += j;
+ }
+ ret = tot;
+ err:
+ if (buf != NULL)
+ BUF_MEM_free(buf);
+ return (ret);
+}
+
+int TXT_DB_insert(TXT_DB *db, char **row)
+{
+ int i;
+ char **r;
+
+ for (i = 0; i < db->num_fields; i++) {
+ if (db->index[i] != NULL) {
+ if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+ continue;
+ r = (char **)lh_retrieve(db->index[i], row);
+ if (r != NULL) {
+ db->error = DB_ERROR_INDEX_CLASH;
+ db->arg1 = i;
+ db->arg_row = r;
+ goto err;
+ }
+ }
+ }
+ /* We have passed the index checks, now just append and insert */
+ if (!sk_push(db->data, (char *)row)) {
+ db->error = DB_ERROR_MALLOC;
+ goto err;
+ }
+
+ for (i = 0; i < db->num_fields; i++) {
+ if (db->index[i] != NULL) {
+ if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+ continue;
+ lh_insert(db->index[i], row);
+ }
+ }
+ return (1);
+ err:
+ return (0);
+}
+
+void TXT_DB_free(TXT_DB *db)
+{
+ int i, n;
+ char **p, *max;
+
+ if (db == NULL)
+ return;
+
+ if (db->index != NULL) {
+ for (i = db->num_fields - 1; i >= 0; i--)
+ if (db->index[i] != NULL)
+ lh_free(db->index[i]);
+ OPENSSL_free(db->index);
+ }
+ if (db->qual != NULL)
+ OPENSSL_free(db->qual);
+ if (db->data != NULL) {
+ for (i = sk_num(db->data) - 1; i >= 0; i--) {
+ /*
+ * check if any 'fields' have been allocated from outside of the
+ * initial block
+ */
+ p = (char **)sk_value(db->data, i);
+ max = p[db->num_fields]; /* last address */
+ if (max == NULL) { /* new row */
+ for (n = 0; n < db->num_fields; n++)
+ if (p[n] != NULL)
+ OPENSSL_free(p[n]);
+ } else {
+ for (n = 0; n < db->num_fields; n++) {
+ if (((p[n] < (char *)p) || (p[n] > max))
+ && (p[n] != NULL))
+ OPENSSL_free(p[n]);
+ }
+ }
+ OPENSSL_free(sk_value(db->data, i));
+ }
+ sk_free(db->data);
+ }
+ OPENSSL_free(db);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/txt_db/txt_db.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,109 +0,0 @@
-/* crypto/txt_db/txt_db.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_TXT_DB_H
-#define HEADER_TXT_DB_H
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/stack.h>
-#include <openssl/lhash.h>
-
-#define DB_ERROR_OK 0
-#define DB_ERROR_MALLOC 1
-#define DB_ERROR_INDEX_CLASH 2
-#define DB_ERROR_INDEX_OUT_OF_RANGE 3
-#define DB_ERROR_NO_INDEX 4
-#define DB_ERROR_INSERT_INDEX_CLASH 5
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct txt_db_st
- {
- int num_fields;
- STACK /* char ** */ *data;
- LHASH **index;
- int (**qual)(char **);
- long error;
- long arg1;
- long arg2;
- char **arg_row;
- } TXT_DB;
-
-#ifndef OPENSSL_NO_BIO
-TXT_DB *TXT_DB_read(BIO *in, int num);
-long TXT_DB_write(BIO *out, TXT_DB *db);
-#else
-TXT_DB *TXT_DB_read(char *in, int num);
-long TXT_DB_write(char *out, TXT_DB *db);
-#endif
-int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(char **),
- LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
-void TXT_DB_free(TXT_DB *db);
-char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
-int TXT_DB_insert(TXT_DB *db,char **value);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.h (from rev 6976, vendor-crypto/openssl/dist/crypto/txt_db/txt_db.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/txt_db/txt_db.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,108 @@
+/* crypto/txt_db/txt_db.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_TXT_DB_H
+# define HEADER_TXT_DB_H
+
+# include <openssl/opensslconf.h>
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+# include <openssl/stack.h>
+# include <openssl/lhash.h>
+
+# define DB_ERROR_OK 0
+# define DB_ERROR_MALLOC 1
+# define DB_ERROR_INDEX_CLASH 2
+# define DB_ERROR_INDEX_OUT_OF_RANGE 3
+# define DB_ERROR_NO_INDEX 4
+# define DB_ERROR_INSERT_INDEX_CLASH 5
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct txt_db_st {
+ int num_fields;
+ STACK /* char ** */ * data;
+ LHASH **index;
+ int (**qual) (char **);
+ long error;
+ long arg1;
+ long arg2;
+ char **arg_row;
+} TXT_DB;
+
+# ifndef OPENSSL_NO_BIO
+TXT_DB *TXT_DB_read(BIO *in, int num);
+long TXT_DB_write(BIO *out, TXT_DB *db);
+# else
+TXT_DB *TXT_DB_read(char *in, int num);
+long TXT_DB_write(char *out, TXT_DB *db);
+# endif
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (char **),
+ LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
+void TXT_DB_free(TXT_DB *db);
+char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
+int TXT_DB_insert(TXT_DB *db, char **value);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,381 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_H
-#define HEADER_UI_H
-
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/crypto.h>
-#endif
-#include <openssl/safestack.h>
-#include <openssl/ossl_typ.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Declared already in ossl_typ.h */
-/* typedef struct ui_st UI; */
-/* typedef struct ui_method_st UI_METHOD; */
-
-
-/* All the following functions return -1 or NULL on error and in some cases
- (UI_process()) -2 if interrupted or in some other way cancelled.
- When everything is fine, they return 0, a positive value or a non-NULL
- pointer, all depending on their purpose. */
-
-/* Creators and destructor. */
-UI *UI_new(void);
-UI *UI_new_method(const UI_METHOD *method);
-void UI_free(UI *ui);
-
-/* The following functions are used to add strings to be printed and prompt
- strings to prompt for data. The names are UI_{add,dup}_<function>_string
- and UI_{add,dup}_input_boolean.
-
- UI_{add,dup}_<function>_string have the following meanings:
- add add a text or prompt string. The pointers given to these
- functions are used verbatim, no copying is done.
- dup make a copy of the text or prompt string, then add the copy
- to the collection of strings in the user interface.
- <function>
- The function is a name for the functionality that the given
- string shall be used for. It can be one of:
- input use the string as data prompt.
- verify use the string as verification prompt. This
- is used to verify a previous input.
- info use the string for informational output.
- error use the string for error output.
- Honestly, there's currently no difference between info and error for the
- moment.
-
- UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
- and are typically used when one wants to prompt for a yes/no response.
-
-
- All of the functions in this group take a UI and a prompt string.
- The string input and verify addition functions also take a flag argument,
- a buffer for the result to end up with, a minimum input size and a maximum
- input size (the result buffer MUST be large enough to be able to contain
- the maximum number of characters). Additionally, the verify addition
- functions takes another buffer to compare the result against.
- The boolean input functions take an action description string (which should
- be safe to ignore if the expected user action is obvious, for example with
- a dialog box with an OK button and a Cancel button), a string of acceptable
- characters to mean OK and to mean Cancel. The two last strings are checked
- to make sure they don't have common characters. Additionally, the same
- flag argument as for the string input is taken, as well as a result buffer.
- The result buffer is required to be at least one byte long. Depending on
- the answer, the first character from the OK or the Cancel character strings
- will be stored in the first byte of the result buffer. No NUL will be
- added, so the result is *not* a string.
-
- On success, the all return an index of the added information. That index
- is usefull when retrieving results with UI_get0_result(). */
-int UI_add_input_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize);
-int UI_dup_input_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize);
-int UI_add_verify_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize, const char *test_buf);
-int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize, const char *test_buf);
-int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
- const char *ok_chars, const char *cancel_chars,
- int flags, char *result_buf);
-int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
- const char *ok_chars, const char *cancel_chars,
- int flags, char *result_buf);
-int UI_add_info_string(UI *ui, const char *text);
-int UI_dup_info_string(UI *ui, const char *text);
-int UI_add_error_string(UI *ui, const char *text);
-int UI_dup_error_string(UI *ui, const char *text);
-
-/* These are the possible flags. They can be or'ed together. */
-/* Use to have echoing of input */
-#define UI_INPUT_FLAG_ECHO 0x01
-/* Use a default password. Where that password is found is completely
- up to the application, it might for example be in the user data set
- with UI_add_user_data(). It is not recommended to have more than
- one input in each UI being marked with this flag, or the application
- might get confused. */
-#define UI_INPUT_FLAG_DEFAULT_PWD 0x02
-
-/* The user of these routines may want to define flags of their own. The core
- UI won't look at those, but will pass them on to the method routines. They
- must use higher bits so they don't get confused with the UI bits above.
- UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good
- example of use is this:
-
- #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE)
-
-*/
-#define UI_INPUT_FLAG_USER_BASE 16
-
-
-/* The following function helps construct a prompt. object_desc is a
- textual short description of the object, for example "pass phrase",
- and object_name is the name of the object (might be a card name or
- a file name.
- The returned string shall always be allocated on the heap with
- OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
-
- If the ui_method doesn't contain a pointer to a user-defined prompt
- constructor, a default string is built, looking like this:
-
- "Enter {object_desc} for {object_name}:"
-
- So, if object_desc has the value "pass phrase" and object_name has
- the value "foo.key", the resulting string is:
-
- "Enter pass phrase for foo.key:"
-*/
-char *UI_construct_prompt(UI *ui_method,
- const char *object_desc, const char *object_name);
-
-
-/* The following function is used to store a pointer to user-specific data.
- Any previous such pointer will be returned and replaced.
-
- For callback purposes, this function makes a lot more sense than using
- ex_data, since the latter requires that different parts of OpenSSL or
- applications share the same ex_data index.
-
- Note that the UI_OpenSSL() method completely ignores the user data.
- Other methods may not, however. */
-void *UI_add_user_data(UI *ui, void *user_data);
-/* We need a user data retrieving function as well. */
-void *UI_get0_user_data(UI *ui);
-
-/* Return the result associated with a prompt given with the index i. */
-const char *UI_get0_result(UI *ui, int i);
-
-/* When all strings have been added, process the whole thing. */
-int UI_process(UI *ui);
-
-/* Give a user interface parametrised control commands. This can be used to
- send down an integer, a data pointer or a function pointer, as well as
- be used to get information from a UI. */
-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void));
-
-/* The commands */
-/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
- OpenSSL error stack before printing any info or added error messages and
- before any prompting. */
-#define UI_CTRL_PRINT_ERRORS 1
-/* Check if a UI_process() is possible to do again with the same instance of
- a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0
- if not. */
-#define UI_CTRL_IS_REDOABLE 2
-
-
-/* Some methods may use extra data */
-#define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg)
-#define UI_get_app_data(s) UI_get_ex_data(s,0)
-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int UI_set_ex_data(UI *r,int idx,void *arg);
-void *UI_get_ex_data(UI *r, int idx);
-
-/* Use specific methods instead of the built-in one */
-void UI_set_default_method(const UI_METHOD *meth);
-const UI_METHOD *UI_get_default_method(void);
-const UI_METHOD *UI_get_method(UI *ui);
-const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
-
-/* The method with all the built-in thingies */
-UI_METHOD *UI_OpenSSL(void);
-
-
-/* ---------- For method writers ---------- */
-/* A method contains a number of functions that implement the low level
- of the User Interface. The functions are:
-
- an opener This function starts a session, maybe by opening
- a channel to a tty, or by opening a window.
- a writer This function is called to write a given string,
- maybe to the tty, maybe as a field label in a
- window.
- a flusher This function is called to flush everything that
- has been output so far. It can be used to actually
- display a dialog box after it has been built.
- a reader This function is called to read a given prompt,
- maybe from the tty, maybe from a field in a
- window. Note that it's called wth all string
- structures, not only the prompt ones, so it must
- check such things itself.
- a closer This function closes the session, maybe by closing
- the channel to the tty, or closing the window.
-
- All these functions are expected to return:
-
- 0 on error.
- 1 on success.
- -1 on out-of-band events, for example if some prompting has
- been canceled (by pressing Ctrl-C, for example). This is
- only checked when returned by the flusher or the reader.
-
- The way this is used, the opener is first called, then the writer for all
- strings, then the flusher, then the reader for all strings and finally the
- closer. Note that if you want to prompt from a terminal or other command
- line interface, the best is to have the reader also write the prompts
- instead of having the writer do it. If you want to prompt from a dialog
- box, the writer can be used to build up the contents of the box, and the
- flusher to actually display the box and run the event loop until all data
- has been given, after which the reader only grabs the given data and puts
- them back into the UI strings.
-
- All method functions take a UI as argument. Additionally, the writer and
- the reader take a UI_STRING.
-*/
-
-/* The UI_STRING type is the data structure that contains all the needed info
- about a string or a prompt, including test data for a verification prompt.
-*/
-DECLARE_STACK_OF(UI_STRING)
-typedef struct ui_string_st UI_STRING;
-
-/* The different types of strings that are currently supported.
- This is only needed by method authors. */
-enum UI_string_types
- {
- UIT_NONE=0,
- UIT_PROMPT, /* Prompt for a string */
- UIT_VERIFY, /* Prompt for a string and verify */
- UIT_BOOLEAN, /* Prompt for a yes/no response */
- UIT_INFO, /* Send info to the user */
- UIT_ERROR /* Send an error message to the user */
- };
-
-/* Create and manipulate methods */
-UI_METHOD *UI_create_method(char *name);
-void UI_destroy_method(UI_METHOD *ui_method);
-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui));
-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis));
-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui));
-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));
-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui));
-int (*UI_method_get_opener(UI_METHOD *method))(UI*);
-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);
-int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);
-int (*UI_method_get_closer(UI_METHOD *method))(UI*);
-
-/* The following functions are helpers for method writers to access relevant
- data from a UI_STRING. */
-
-/* Return type of the UI_STRING */
-enum UI_string_types UI_get_string_type(UI_STRING *uis);
-/* Return input flags of the UI_STRING */
-int UI_get_input_flags(UI_STRING *uis);
-/* Return the actual string to output (the prompt, info or error) */
-const char *UI_get0_output_string(UI_STRING *uis);
-/* Return the optional action string to output (the boolean promtp instruction) */
-const char *UI_get0_action_string(UI_STRING *uis);
-/* Return the result of a prompt */
-const char *UI_get0_result_string(UI_STRING *uis);
-/* Return the string to test the result against. Only useful with verifies. */
-const char *UI_get0_test_string(UI_STRING *uis);
-/* Return the required minimum size of the result */
-int UI_get_result_minsize(UI_STRING *uis);
-/* Return the required maximum size of the result */
-int UI_get_result_maxsize(UI_STRING *uis);
-/* Set the result of a UI_STRING. */
-int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
-
-
-/* A couple of popular utility functions */
-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify);
-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
-
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_UI_strings(void);
-
-/* Error codes for the UI functions. */
-
-/* Function codes. */
-#define UI_F_GENERAL_ALLOCATE_BOOLEAN 108
-#define UI_F_GENERAL_ALLOCATE_PROMPT 109
-#define UI_F_GENERAL_ALLOCATE_STRING 100
-#define UI_F_UI_CTRL 111
-#define UI_F_UI_DUP_ERROR_STRING 101
-#define UI_F_UI_DUP_INFO_STRING 102
-#define UI_F_UI_DUP_INPUT_BOOLEAN 110
-#define UI_F_UI_DUP_INPUT_STRING 103
-#define UI_F_UI_DUP_VERIFY_STRING 106
-#define UI_F_UI_GET0_RESULT 107
-#define UI_F_UI_NEW_METHOD 104
-#define UI_F_UI_SET_RESULT 105
-
-/* Reason codes. */
-#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104
-#define UI_R_INDEX_TOO_LARGE 102
-#define UI_R_INDEX_TOO_SMALL 103
-#define UI_R_NO_RESULT_BUFFER 105
-#define UI_R_RESULT_TOO_LARGE 100
-#define UI_R_RESULT_TOO_SMALL 101
-#define UI_R_UNKNOWN_CONTROL_COMMAND 106
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ui/ui.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ui/ui.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,406 @@
+/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_H
+# define HEADER_UI_H
+
+# ifndef OPENSSL_NO_DEPRECATED
+# include <openssl/crypto.h>
+# endif
+# include <openssl/safestack.h>
+# include <openssl/ossl_typ.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Declared already in ossl_typ.h */
+/* typedef struct ui_st UI; */
+/* typedef struct ui_method_st UI_METHOD; */
+
+/*
+ * All the following functions return -1 or NULL on error and in some cases
+ * (UI_process()) -2 if interrupted or in some other way cancelled. When
+ * everything is fine, they return 0, a positive value or a non-NULL pointer,
+ * all depending on their purpose.
+ */
+
+/* Creators and destructor. */
+UI *UI_new(void);
+UI *UI_new_method(const UI_METHOD *method);
+void UI_free(UI *ui);
+
+/*-
+ The following functions are used to add strings to be printed and prompt
+ strings to prompt for data. The names are UI_{add,dup}_<function>_string
+ and UI_{add,dup}_input_boolean.
+
+ UI_{add,dup}_<function>_string have the following meanings:
+ add add a text or prompt string. The pointers given to these
+ functions are used verbatim, no copying is done.
+ dup make a copy of the text or prompt string, then add the copy
+ to the collection of strings in the user interface.
+ <function>
+ The function is a name for the functionality that the given
+ string shall be used for. It can be one of:
+ input use the string as data prompt.
+ verify use the string as verification prompt. This
+ is used to verify a previous input.
+ info use the string for informational output.
+ error use the string for error output.
+ Honestly, there's currently no difference between info and error for the
+ moment.
+
+ UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
+ and are typically used when one wants to prompt for a yes/no response.
+
+ All of the functions in this group take a UI and a prompt string.
+ The string input and verify addition functions also take a flag argument,
+ a buffer for the result to end up with, a minimum input size and a maximum
+ input size (the result buffer MUST be large enough to be able to contain
+ the maximum number of characters). Additionally, the verify addition
+ functions takes another buffer to compare the result against.
+ The boolean input functions take an action description string (which should
+ be safe to ignore if the expected user action is obvious, for example with
+ a dialog box with an OK button and a Cancel button), a string of acceptable
+ characters to mean OK and to mean Cancel. The two last strings are checked
+ to make sure they don't have common characters. Additionally, the same
+ flag argument as for the string input is taken, as well as a result buffer.
+ The result buffer is required to be at least one byte long. Depending on
+ the answer, the first character from the OK or the Cancel character strings
+ will be stored in the first byte of the result buffer. No NUL will be
+ added, so the result is *not* a string.
+
+ On success, the all return an index of the added information. That index
+ is usefull when retrieving results with UI_get0_result(). */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+ char *result_buf, int minsize, int maxsize);
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+ char *result_buf, int minsize, int maxsize);
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+ char *result_buf, int minsize, int maxsize,
+ const char *test_buf);
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+ char *result_buf, int minsize, int maxsize,
+ const char *test_buf);
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+ const char *ok_chars, const char *cancel_chars,
+ int flags, char *result_buf);
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+ const char *ok_chars, const char *cancel_chars,
+ int flags, char *result_buf);
+int UI_add_info_string(UI *ui, const char *text);
+int UI_dup_info_string(UI *ui, const char *text);
+int UI_add_error_string(UI *ui, const char *text);
+int UI_dup_error_string(UI *ui, const char *text);
+
+/* These are the possible flags. They can be or'ed together. */
+/* Use to have echoing of input */
+# define UI_INPUT_FLAG_ECHO 0x01
+/*
+ * Use a default password. Where that password is found is completely up to
+ * the application, it might for example be in the user data set with
+ * UI_add_user_data(). It is not recommended to have more than one input in
+ * each UI being marked with this flag, or the application might get
+ * confused.
+ */
+# define UI_INPUT_FLAG_DEFAULT_PWD 0x02
+
+/*-
+ * The user of these routines may want to define flags of their own. The core
+ * UI won't look at those, but will pass them on to the method routines. They
+ * must use higher bits so they don't get confused with the UI bits above.
+ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good
+ * example of use is this:
+ *
+ * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE)
+ *
+*/
+# define UI_INPUT_FLAG_USER_BASE 16
+
+/*-
+ * The following function helps construct a prompt. object_desc is a
+ * textual short description of the object, for example "pass phrase",
+ * and object_name is the name of the object (might be a card name or
+ * a file name.
+ * The returned string shall always be allocated on the heap with
+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+ *
+ * If the ui_method doesn't contain a pointer to a user-defined prompt
+ * constructor, a default string is built, looking like this:
+ *
+ * "Enter {object_desc} for {object_name}:"
+ *
+ * So, if object_desc has the value "pass phrase" and object_name has
+ * the value "foo.key", the resulting string is:
+ *
+ * "Enter pass phrase for foo.key:"
+*/
+char *UI_construct_prompt(UI *ui_method,
+ const char *object_desc, const char *object_name);
+
+/*
+ * The following function is used to store a pointer to user-specific data.
+ * Any previous such pointer will be returned and replaced.
+ *
+ * For callback purposes, this function makes a lot more sense than using
+ * ex_data, since the latter requires that different parts of OpenSSL or
+ * applications share the same ex_data index.
+ *
+ * Note that the UI_OpenSSL() method completely ignores the user data. Other
+ * methods may not, however.
+ */
+void *UI_add_user_data(UI *ui, void *user_data);
+/* We need a user data retrieving function as well. */
+void *UI_get0_user_data(UI *ui);
+
+/* Return the result associated with a prompt given with the index i. */
+const char *UI_get0_result(UI *ui, int i);
+
+/* When all strings have been added, process the whole thing. */
+int UI_process(UI *ui);
+
+/*
+ * Give a user interface parametrised control commands. This can be used to
+ * send down an integer, a data pointer or a function pointer, as well as be
+ * used to get information from a UI.
+ */
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void));
+
+/* The commands */
+/*
+ * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
+ * OpenSSL error stack before printing any info or added error messages and
+ * before any prompting.
+ */
+# define UI_CTRL_PRINT_ERRORS 1
+/*
+ * Check if a UI_process() is possible to do again with the same instance of
+ * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0
+ * if not.
+ */
+# define UI_CTRL_IS_REDOABLE 2
+
+/* Some methods may use extra data */
+# define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg)
+# define UI_get_app_data(s) UI_get_ex_data(s,0)
+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int UI_set_ex_data(UI *r, int idx, void *arg);
+void *UI_get_ex_data(UI *r, int idx);
+
+/* Use specific methods instead of the built-in one */
+void UI_set_default_method(const UI_METHOD *meth);
+const UI_METHOD *UI_get_default_method(void);
+const UI_METHOD *UI_get_method(UI *ui);
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void);
+
+/* ---------- For method writers ---------- */
+/*-
+ A method contains a number of functions that implement the low level
+ of the User Interface. The functions are:
+
+ an opener This function starts a session, maybe by opening
+ a channel to a tty, or by opening a window.
+ a writer This function is called to write a given string,
+ maybe to the tty, maybe as a field label in a
+ window.
+ a flusher This function is called to flush everything that
+ has been output so far. It can be used to actually
+ display a dialog box after it has been built.
+ a reader This function is called to read a given prompt,
+ maybe from the tty, maybe from a field in a
+ window. Note that it's called wth all string
+ structures, not only the prompt ones, so it must
+ check such things itself.
+ a closer This function closes the session, maybe by closing
+ the channel to the tty, or closing the window.
+
+ All these functions are expected to return:
+
+ 0 on error.
+ 1 on success.
+ -1 on out-of-band events, for example if some prompting has
+ been canceled (by pressing Ctrl-C, for example). This is
+ only checked when returned by the flusher or the reader.
+
+ The way this is used, the opener is first called, then the writer for all
+ strings, then the flusher, then the reader for all strings and finally the
+ closer. Note that if you want to prompt from a terminal or other command
+ line interface, the best is to have the reader also write the prompts
+ instead of having the writer do it. If you want to prompt from a dialog
+ box, the writer can be used to build up the contents of the box, and the
+ flusher to actually display the box and run the event loop until all data
+ has been given, after which the reader only grabs the given data and puts
+ them back into the UI strings.
+
+ All method functions take a UI as argument. Additionally, the writer and
+ the reader take a UI_STRING.
+*/
+
+/*
+ * The UI_STRING type is the data structure that contains all the needed info
+ * about a string or a prompt, including test data for a verification prompt.
+ */
+DECLARE_STACK_OF(UI_STRING)
+typedef struct ui_string_st UI_STRING;
+
+/*
+ * The different types of strings that are currently supported. This is only
+ * needed by method authors.
+ */
+enum UI_string_types {
+ UIT_NONE = 0,
+ UIT_PROMPT, /* Prompt for a string */
+ UIT_VERIFY, /* Prompt for a string and verify */
+ UIT_BOOLEAN, /* Prompt for a yes/no response */
+ UIT_INFO, /* Send info to the user */
+ UIT_ERROR /* Send an error message to the user */
+};
+
+/* Create and manipulate methods */
+UI_METHOD *UI_create_method(char *name);
+void UI_destroy_method(UI_METHOD *ui_method);
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
+int UI_method_set_writer(UI_METHOD *method,
+ int (*writer) (UI *ui, UI_STRING *uis));
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
+int UI_method_set_reader(UI_METHOD *method,
+ int (*reader) (UI *ui, UI_STRING *uis));
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
+int (*UI_method_get_opener(UI_METHOD *method)) (UI *);
+int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_flusher(UI_METHOD *method)) (UI *);
+int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_closer(UI_METHOD *method)) (UI *);
+
+/*
+ * The following functions are helpers for method writers to access relevant
+ * data from a UI_STRING.
+ */
+
+/* Return type of the UI_STRING */
+enum UI_string_types UI_get_string_type(UI_STRING *uis);
+/* Return input flags of the UI_STRING */
+int UI_get_input_flags(UI_STRING *uis);
+/* Return the actual string to output (the prompt, info or error) */
+const char *UI_get0_output_string(UI_STRING *uis);
+/*
+ * Return the optional action string to output (the boolean promtp
+ * instruction)
+ */
+const char *UI_get0_action_string(UI_STRING *uis);
+/* Return the result of a prompt */
+const char *UI_get0_result_string(UI_STRING *uis);
+/*
+ * Return the string to test the result against. Only useful with verifies.
+ */
+const char *UI_get0_test_string(UI_STRING *uis);
+/* Return the required minimum size of the result */
+int UI_get_result_minsize(UI_STRING *uis);
+/* Return the required maximum size of the result */
+int UI_get_result_maxsize(UI_STRING *uis);
+/* Set the result of a UI_STRING. */
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+
+/* A couple of popular utility functions */
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+ int verify);
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+ int verify);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_UI_strings(void);
+
+/* Error codes for the UI functions. */
+
+/* Function codes. */
+# define UI_F_GENERAL_ALLOCATE_BOOLEAN 108
+# define UI_F_GENERAL_ALLOCATE_PROMPT 109
+# define UI_F_GENERAL_ALLOCATE_STRING 100
+# define UI_F_UI_CTRL 111
+# define UI_F_UI_DUP_ERROR_STRING 101
+# define UI_F_UI_DUP_INFO_STRING 102
+# define UI_F_UI_DUP_INPUT_BOOLEAN 110
+# define UI_F_UI_DUP_INPUT_STRING 103
+# define UI_F_UI_DUP_VERIFY_STRING 106
+# define UI_F_UI_GET0_RESULT 107
+# define UI_F_UI_NEW_METHOD 104
+# define UI_F_UI_SET_RESULT 105
+
+/* Reason codes. */
+# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104
+# define UI_R_INDEX_TOO_LARGE 102
+# define UI_R_INDEX_TOO_SMALL 103
+# define UI_R_NO_RESULT_BUFFER 105
+# define UI_R_RESULT_TOO_LARGE 100
+# define UI_R_RESULT_TOO_SMALL 101
+# define UI_R_UNKNOWN_CONTROL_COMMAND 106
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_compat.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,67 +0,0 @@
-/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/ui_compat.h>
-
-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify)
- {
- return UI_UTIL_read_pw_string(buf, length, prompt, verify);
- }
-
-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
- {
- return UI_UTIL_read_pw(buf, buff, size, prompt, verify);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ui/ui_compat.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,69 @@
+/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/ui_compat.h>
+
+int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
+ int verify)
+{
+ return UI_UTIL_read_pw_string(buf, length, prompt, verify);
+}
+
+int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt,
+ int verify)
+{
+ return UI_UTIL_read_pw(buf, buff, size, prompt, verify);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_compat.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,83 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_COMPAT_H
-#define HEADER_UI_COMPAT_H
-
-#include <openssl/opensslconf.h>
-#include <openssl/ui.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* The following functions were previously part of the DES section,
- and are provided here for backward compatibility reasons. */
-
-#define des_read_pw_string(b,l,p,v) \
- _ossl_old_des_read_pw_string((b),(l),(p),(v))
-#define des_read_pw(b,bf,s,p,v) \
- _ossl_old_des_read_pw((b),(bf),(s),(p),(v))
-
-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify);
-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ui/ui_compat.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_compat.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,88 @@
+/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_COMPAT_H
+# define HEADER_UI_COMPAT_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/ui.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * The following functions were previously part of the DES section, and are
+ * provided here for backward compatibility reasons.
+ */
+
+# define des_read_pw_string(b,l,p,v) \
+ _ossl_old_des_read_pw_string((b),(l),(p),(v))
+# define des_read_pw(b,bf,s,p,v) \
+ _ossl_old_des_read_pw((b),(bf),(s),(p),(v))
+
+int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
+ int verify);
+int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt,
+ int verify);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,112 +0,0 @@
-/* crypto/ui/ui_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ui.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
-
-static ERR_STRING_DATA UI_str_functs[]=
- {
-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"},
-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"},
-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"},
-{ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
-{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
-{ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
-{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"},
-{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"},
-{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"},
-{ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
-{ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"},
-{ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA UI_str_reasons[]=
- {
-{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),"common ok and cancel characters"},
-{ERR_REASON(UI_R_INDEX_TOO_LARGE) ,"index too large"},
-{ERR_REASON(UI_R_INDEX_TOO_SMALL) ,"index too small"},
-{ERR_REASON(UI_R_NO_RESULT_BUFFER) ,"no result buffer"},
-{ERR_REASON(UI_R_RESULT_TOO_LARGE) ,"result too large"},
-{ERR_REASON(UI_R_RESULT_TOO_SMALL) ,"result too small"},
-{ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND),"unknown control command"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_UI_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(UI_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,UI_str_functs);
- ERR_load_strings(0,UI_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ui/ui_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,111 @@
+/* crypto/ui/ui_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ui.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
+
+static ERR_STRING_DATA UI_str_functs[] = {
+ {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"},
+ {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"},
+ {ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"},
+ {ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
+ {ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
+ {ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
+ {ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"},
+ {ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"},
+ {ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"},
+ {ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
+ {ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"},
+ {ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA UI_str_reasons[] = {
+ {ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),
+ "common ok and cancel characters"},
+ {ERR_REASON(UI_R_INDEX_TOO_LARGE), "index too large"},
+ {ERR_REASON(UI_R_INDEX_TOO_SMALL), "index too small"},
+ {ERR_REASON(UI_R_NO_RESULT_BUFFER), "no result buffer"},
+ {ERR_REASON(UI_R_RESULT_TOO_LARGE), "result too large"},
+ {ERR_REASON(UI_R_RESULT_TOO_SMALL), "result too small"},
+ {ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND), "unknown control command"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_UI_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(UI_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, UI_str_functs);
+ ERR_load_strings(0, UI_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,905 +0,0 @@
-/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/e_os2.h>
-#include <openssl/buffer.h>
-#include <openssl/ui.h>
-#include <openssl/err.h>
-#include "ui_locl.h"
-
-IMPLEMENT_STACK_OF(UI_STRING_ST)
-
-static const UI_METHOD *default_UI_meth=NULL;
-
-UI *UI_new(void)
- {
- return(UI_new_method(NULL));
- }
-
-UI *UI_new_method(const UI_METHOD *method)
- {
- UI *ret;
-
- ret=(UI *)OPENSSL_malloc(sizeof(UI));
- if (ret == NULL)
- {
- UIerr(UI_F_UI_NEW_METHOD,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- if (method == NULL)
- ret->meth=UI_get_default_method();
- else
- ret->meth=method;
-
- ret->strings=NULL;
- ret->user_data=NULL;
- ret->flags=0;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
- return ret;
- }
-
-static void free_string(UI_STRING *uis)
- {
- if (uis->flags & OUT_STRING_FREEABLE)
- {
- OPENSSL_free((char *)uis->out_string);
- switch(uis->type)
- {
- case UIT_BOOLEAN:
- OPENSSL_free((char *)uis->_.boolean_data.action_desc);
- OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
- OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
- break;
- default:
- break;
- }
- }
- OPENSSL_free(uis);
- }
-
-void UI_free(UI *ui)
- {
- if (ui == NULL)
- return;
- sk_UI_STRING_pop_free(ui->strings,free_string);
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
- OPENSSL_free(ui);
- }
-
-static int allocate_string_stack(UI *ui)
- {
- if (ui->strings == NULL)
- {
- ui->strings=sk_UI_STRING_new_null();
- if (ui->strings == NULL)
- {
- return -1;
- }
- }
- return 0;
- }
-
-static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
- int prompt_freeable, enum UI_string_types type, int input_flags,
- char *result_buf)
- {
- UI_STRING *ret = NULL;
-
- if (prompt == NULL)
- {
- UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,ERR_R_PASSED_NULL_PARAMETER);
- }
- else if ((type == UIT_PROMPT || type == UIT_VERIFY
- || type == UIT_BOOLEAN) && result_buf == NULL)
- {
- UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,UI_R_NO_RESULT_BUFFER);
- }
- else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING))))
- {
- ret->out_string=prompt;
- ret->flags=prompt_freeable ? OUT_STRING_FREEABLE : 0;
- ret->input_flags=input_flags;
- ret->type=type;
- ret->result_buf=result_buf;
- }
- return ret;
- }
-
-static int general_allocate_string(UI *ui, const char *prompt,
- int prompt_freeable, enum UI_string_types type, int input_flags,
- char *result_buf, int minsize, int maxsize, const char *test_buf)
- {
- int ret = -1;
- UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
- type, input_flags, result_buf);
-
- if (s)
- {
- if (allocate_string_stack(ui) >= 0)
- {
- s->_.string_data.result_minsize=minsize;
- s->_.string_data.result_maxsize=maxsize;
- s->_.string_data.test_buf=test_buf;
- ret=sk_UI_STRING_push(ui->strings, s);
- /* sk_push() returns 0 on error. Let's addapt that */
- if (ret <= 0) ret--;
- }
- else
- free_string(s);
- }
- return ret;
- }
-
-static int general_allocate_boolean(UI *ui,
- const char *prompt, const char *action_desc,
- const char *ok_chars, const char *cancel_chars,
- int prompt_freeable, enum UI_string_types type, int input_flags,
- char *result_buf)
- {
- int ret = -1;
- UI_STRING *s;
- const char *p;
-
- if (ok_chars == NULL)
- {
- UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
- }
- else if (cancel_chars == NULL)
- {
- UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
- }
- else
- {
- for(p = ok_chars; *p; p++)
- {
- if (strchr(cancel_chars, *p))
- {
- UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
- UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
- }
- }
-
- s = general_allocate_prompt(ui, prompt, prompt_freeable,
- type, input_flags, result_buf);
-
- if (s)
- {
- if (allocate_string_stack(ui) >= 0)
- {
- s->_.boolean_data.action_desc = action_desc;
- s->_.boolean_data.ok_chars = ok_chars;
- s->_.boolean_data.cancel_chars = cancel_chars;
- ret=sk_UI_STRING_push(ui->strings, s);
- /* sk_push() returns 0 on error.
- Let's addapt that */
- if (ret <= 0) ret--;
- }
- else
- free_string(s);
- }
- }
- return ret;
- }
-
-/* Returns the index to the place in the stack or -1 for error. Uses a
- direct reference to the prompt. */
-int UI_add_input_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize)
- {
- return general_allocate_string(ui, prompt, 0,
- UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
- }
-
-/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
-int UI_dup_input_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize)
- {
- char *prompt_copy=NULL;
-
- if (prompt)
- {
- prompt_copy=BUF_strdup(prompt);
- if (prompt_copy == NULL)
- {
- UIerr(UI_F_UI_DUP_INPUT_STRING,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
-
- return general_allocate_string(ui, prompt_copy, 1,
- UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
- }
-
-int UI_add_verify_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize, const char *test_buf)
- {
- return general_allocate_string(ui, prompt, 0,
- UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
- }
-
-int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize, const char *test_buf)
- {
- char *prompt_copy=NULL;
-
- if (prompt)
- {
- prompt_copy=BUF_strdup(prompt);
- if (prompt_copy == NULL)
- {
- UIerr(UI_F_UI_DUP_VERIFY_STRING,ERR_R_MALLOC_FAILURE);
- return -1;
- }
- }
-
- return general_allocate_string(ui, prompt_copy, 1,
- UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
- }
-
-int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
- const char *ok_chars, const char *cancel_chars,
- int flags, char *result_buf)
- {
- return general_allocate_boolean(ui, prompt, action_desc,
- ok_chars, cancel_chars, 0, UIT_BOOLEAN, flags, result_buf);
- }
-
-int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
- const char *ok_chars, const char *cancel_chars,
- int flags, char *result_buf)
- {
- char *prompt_copy = NULL;
- char *action_desc_copy = NULL;
- char *ok_chars_copy = NULL;
- char *cancel_chars_copy = NULL;
-
- if (prompt)
- {
- prompt_copy=BUF_strdup(prompt);
- if (prompt_copy == NULL)
- {
- UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
-
- if (action_desc)
- {
- action_desc_copy=BUF_strdup(action_desc);
- if (action_desc_copy == NULL)
- {
- UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
-
- if (ok_chars)
- {
- ok_chars_copy=BUF_strdup(ok_chars);
- if (ok_chars_copy == NULL)
- {
- UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
-
- if (cancel_chars)
- {
- cancel_chars_copy=BUF_strdup(cancel_chars);
- if (cancel_chars_copy == NULL)
- {
- UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
-
- return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
- ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags,
- result_buf);
- err:
- if (prompt_copy) OPENSSL_free(prompt_copy);
- if (action_desc_copy) OPENSSL_free(action_desc_copy);
- if (ok_chars_copy) OPENSSL_free(ok_chars_copy);
- if (cancel_chars_copy) OPENSSL_free(cancel_chars_copy);
- return -1;
- }
-
-int UI_add_info_string(UI *ui, const char *text)
- {
- return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
- NULL);
- }
-
-int UI_dup_info_string(UI *ui, const char *text)
- {
- char *text_copy=NULL;
-
- if (text)
- {
- text_copy=BUF_strdup(text);
- if (text_copy == NULL)
- {
- UIerr(UI_F_UI_DUP_INFO_STRING,ERR_R_MALLOC_FAILURE);
- return -1;
- }
- }
-
- return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
- 0, 0, NULL);
- }
-
-int UI_add_error_string(UI *ui, const char *text)
- {
- return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
- NULL);
- }
-
-int UI_dup_error_string(UI *ui, const char *text)
- {
- char *text_copy=NULL;
-
- if (text)
- {
- text_copy=BUF_strdup(text);
- if (text_copy == NULL)
- {
- UIerr(UI_F_UI_DUP_ERROR_STRING,ERR_R_MALLOC_FAILURE);
- return -1;
- }
- }
- return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
- 0, 0, NULL);
- }
-
-char *UI_construct_prompt(UI *ui, const char *object_desc,
- const char *object_name)
- {
- char *prompt = NULL;
-
- if (ui->meth->ui_construct_prompt)
- prompt = ui->meth->ui_construct_prompt(ui,
- object_desc, object_name);
- else
- {
- char prompt1[] = "Enter ";
- char prompt2[] = " for ";
- char prompt3[] = ":";
- int len = 0;
-
- if (object_desc == NULL)
- return NULL;
- len = sizeof(prompt1) - 1 + strlen(object_desc);
- if (object_name)
- len += sizeof(prompt2) - 1 + strlen(object_name);
- len += sizeof(prompt3) - 1;
-
- prompt = (char *)OPENSSL_malloc(len + 1);
- BUF_strlcpy(prompt, prompt1, len + 1);
- BUF_strlcat(prompt, object_desc, len + 1);
- if (object_name)
- {
- BUF_strlcat(prompt, prompt2, len + 1);
- BUF_strlcat(prompt, object_name, len + 1);
- }
- BUF_strlcat(prompt, prompt3, len + 1);
- }
- return prompt;
- }
-
-void *UI_add_user_data(UI *ui, void *user_data)
- {
- void *old_data = ui->user_data;
- ui->user_data = user_data;
- return old_data;
- }
-
-void *UI_get0_user_data(UI *ui)
- {
- return ui->user_data;
- }
-
-const char *UI_get0_result(UI *ui, int i)
- {
- if (i < 0)
- {
- UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_SMALL);
- return NULL;
- }
- if (i >= sk_UI_STRING_num(ui->strings))
- {
- UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_LARGE);
- return NULL;
- }
- return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
- }
-
-static int print_error(const char *str, size_t len, UI *ui)
- {
- UI_STRING uis;
-
- memset(&uis, 0, sizeof(uis));
- uis.type = UIT_ERROR;
- uis.out_string = str;
-
- if (ui->meth->ui_write_string
- && !ui->meth->ui_write_string(ui, &uis))
- return -1;
- return 0;
- }
-
-int UI_process(UI *ui)
- {
- int i, ok=0;
-
- if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
- return -1;
-
- if (ui->flags & UI_FLAG_PRINT_ERRORS)
- ERR_print_errors_cb(
- (int (*)(const char *, size_t, void *))print_error,
- (void *)ui);
-
- for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
- {
- if (ui->meth->ui_write_string
- && !ui->meth->ui_write_string(ui,
- sk_UI_STRING_value(ui->strings, i)))
- {
- ok=-1;
- goto err;
- }
- }
-
- if (ui->meth->ui_flush)
- switch(ui->meth->ui_flush(ui))
- {
- case -1: /* Interrupt/Cancel/something... */
- ok = -2;
- goto err;
- case 0: /* Errors */
- ok = -1;
- goto err;
- default: /* Success */
- ok = 0;
- break;
- }
-
- for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
- {
- if (ui->meth->ui_read_string)
- {
- switch(ui->meth->ui_read_string(ui,
- sk_UI_STRING_value(ui->strings, i)))
- {
- case -1: /* Interrupt/Cancel/something... */
- ok = -2;
- goto err;
- case 0: /* Errors */
- ok = -1;
- goto err;
- default: /* Success */
- ok = 0;
- break;
- }
- }
- }
- err:
- if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
- return -1;
- return ok;
- }
-
-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void))
- {
- if (ui == NULL)
- {
- UIerr(UI_F_UI_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return -1;
- }
- switch(cmd)
- {
- case UI_CTRL_PRINT_ERRORS:
- {
- int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS);
- if (i)
- ui->flags |= UI_FLAG_PRINT_ERRORS;
- else
- ui->flags &= ~UI_FLAG_PRINT_ERRORS;
- return save_flag;
- }
- case UI_CTRL_IS_REDOABLE:
- return !!(ui->flags & UI_FLAG_REDOABLE);
- default:
- break;
- }
- UIerr(UI_F_UI_CTRL,UI_R_UNKNOWN_CONTROL_COMMAND);
- return -1;
- }
-
-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int UI_set_ex_data(UI *r, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
- }
-
-void *UI_get_ex_data(UI *r, int idx)
- {
- return(CRYPTO_get_ex_data(&r->ex_data,idx));
- }
-
-void UI_set_default_method(const UI_METHOD *meth)
- {
- default_UI_meth=meth;
- }
-
-const UI_METHOD *UI_get_default_method(void)
- {
- if (default_UI_meth == NULL)
- {
- default_UI_meth=UI_OpenSSL();
- }
- return default_UI_meth;
- }
-
-const UI_METHOD *UI_get_method(UI *ui)
- {
- return ui->meth;
- }
-
-const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
- {
- ui->meth=meth;
- return ui->meth;
- }
-
-
-UI_METHOD *UI_create_method(char *name)
- {
- UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
-
- if (ui_method)
- {
- memset(ui_method, 0, sizeof(*ui_method));
- ui_method->name = BUF_strdup(name);
- }
- return ui_method;
- }
-
-/* BIG FSCKING WARNING!!!! If you use this on a statically allocated method
- (that is, it hasn't been allocated using UI_create_method(), you deserve
- anything Murphy can throw at you and more! You have been warned. */
-void UI_destroy_method(UI_METHOD *ui_method)
- {
- OPENSSL_free(ui_method->name);
- ui_method->name = NULL;
- OPENSSL_free(ui_method);
- }
-
-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui))
- {
- if (method)
- {
- method->ui_open_session = opener;
- return 0;
- }
- else
- return -1;
- }
-
-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis))
- {
- if (method)
- {
- method->ui_write_string = writer;
- return 0;
- }
- else
- return -1;
- }
-
-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui))
- {
- if (method)
- {
- method->ui_flush = flusher;
- return 0;
- }
- else
- return -1;
- }
-
-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis))
- {
- if (method)
- {
- method->ui_read_string = reader;
- return 0;
- }
- else
- return -1;
- }
-
-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui))
- {
- if (method)
- {
- method->ui_close_session = closer;
- return 0;
- }
- else
- return -1;
- }
-
-int (*UI_method_get_opener(UI_METHOD *method))(UI*)
- {
- if (method)
- return method->ui_open_session;
- else
- return NULL;
- }
-
-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*)
- {
- if (method)
- return method->ui_write_string;
- else
- return NULL;
- }
-
-int (*UI_method_get_flusher(UI_METHOD *method))(UI*)
- {
- if (method)
- return method->ui_flush;
- else
- return NULL;
- }
-
-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*)
- {
- if (method)
- return method->ui_read_string;
- else
- return NULL;
- }
-
-int (*UI_method_get_closer(UI_METHOD *method))(UI*)
- {
- if (method)
- return method->ui_close_session;
- else
- return NULL;
- }
-
-enum UI_string_types UI_get_string_type(UI_STRING *uis)
- {
- if (!uis)
- return UIT_NONE;
- return uis->type;
- }
-
-int UI_get_input_flags(UI_STRING *uis)
- {
- if (!uis)
- return 0;
- return uis->input_flags;
- }
-
-const char *UI_get0_output_string(UI_STRING *uis)
- {
- if (!uis)
- return NULL;
- return uis->out_string;
- }
-
-const char *UI_get0_action_string(UI_STRING *uis)
- {
- if (!uis)
- return NULL;
- switch(uis->type)
- {
- case UIT_PROMPT:
- case UIT_BOOLEAN:
- return uis->_.boolean_data.action_desc;
- default:
- return NULL;
- }
- }
-
-const char *UI_get0_result_string(UI_STRING *uis)
- {
- if (!uis)
- return NULL;
- switch(uis->type)
- {
- case UIT_PROMPT:
- case UIT_VERIFY:
- return uis->result_buf;
- default:
- return NULL;
- }
- }
-
-const char *UI_get0_test_string(UI_STRING *uis)
- {
- if (!uis)
- return NULL;
- switch(uis->type)
- {
- case UIT_VERIFY:
- return uis->_.string_data.test_buf;
- default:
- return NULL;
- }
- }
-
-int UI_get_result_minsize(UI_STRING *uis)
- {
- if (!uis)
- return -1;
- switch(uis->type)
- {
- case UIT_PROMPT:
- case UIT_VERIFY:
- return uis->_.string_data.result_minsize;
- default:
- return -1;
- }
- }
-
-int UI_get_result_maxsize(UI_STRING *uis)
- {
- if (!uis)
- return -1;
- switch(uis->type)
- {
- case UIT_PROMPT:
- case UIT_VERIFY:
- return uis->_.string_data.result_maxsize;
- default:
- return -1;
- }
- }
-
-int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
- {
- int l = strlen(result);
-
- ui->flags &= ~UI_FLAG_REDOABLE;
-
- if (!uis)
- return -1;
- switch (uis->type)
- {
- case UIT_PROMPT:
- case UIT_VERIFY:
- {
- char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1];
- char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1];
-
- BIO_snprintf(number1, sizeof(number1), "%d",
- uis->_.string_data.result_minsize);
- BIO_snprintf(number2, sizeof(number2), "%d",
- uis->_.string_data.result_maxsize);
-
- if (l < uis->_.string_data.result_minsize)
- {
- ui->flags |= UI_FLAG_REDOABLE;
- UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_SMALL);
- ERR_add_error_data(5,"You must type in ",
- number1," to ",number2," characters");
- return -1;
- }
- if (l > uis->_.string_data.result_maxsize)
- {
- ui->flags |= UI_FLAG_REDOABLE;
- UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_LARGE);
- ERR_add_error_data(5,"You must type in ",
- number1," to ",number2," characters");
- return -1;
- }
- }
-
- if (!uis->result_buf)
- {
- UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
- return -1;
- }
-
- BUF_strlcpy(uis->result_buf, result,
- uis->_.string_data.result_maxsize + 1);
- break;
- case UIT_BOOLEAN:
- {
- const char *p;
-
- if (!uis->result_buf)
- {
- UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
- return -1;
- }
-
- uis->result_buf[0] = '\0';
- for(p = result; *p; p++)
- {
- if (strchr(uis->_.boolean_data.ok_chars, *p))
- {
- uis->result_buf[0] =
- uis->_.boolean_data.ok_chars[0];
- break;
- }
- if (strchr(uis->_.boolean_data.cancel_chars, *p))
- {
- uis->result_buf[0] =
- uis->_.boolean_data.cancel_chars[0];
- break;
- }
- }
- }
- default:
- break;
- }
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ui/ui_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,847 @@
+/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/ui.h>
+#include <openssl/err.h>
+#include "ui_locl.h"
+
+IMPLEMENT_STACK_OF(UI_STRING_ST)
+
+static const UI_METHOD *default_UI_meth = NULL;
+
+UI *UI_new(void)
+{
+ return (UI_new_method(NULL));
+}
+
+UI *UI_new_method(const UI_METHOD *method)
+{
+ UI *ret;
+
+ ret = (UI *)OPENSSL_malloc(sizeof(UI));
+ if (ret == NULL) {
+ UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (method == NULL)
+ ret->meth = UI_get_default_method();
+ else
+ ret->meth = method;
+
+ ret->strings = NULL;
+ ret->user_data = NULL;
+ ret->flags = 0;
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
+ return ret;
+}
+
+static void free_string(UI_STRING *uis)
+{
+ if (uis->flags & OUT_STRING_FREEABLE) {
+ OPENSSL_free((char *)uis->out_string);
+ switch (uis->type) {
+ case UIT_BOOLEAN:
+ OPENSSL_free((char *)uis->_.boolean_data.action_desc);
+ OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
+ OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
+ break;
+ default:
+ break;
+ }
+ }
+ OPENSSL_free(uis);
+}
+
+void UI_free(UI *ui)
+{
+ if (ui == NULL)
+ return;
+ sk_UI_STRING_pop_free(ui->strings, free_string);
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
+ OPENSSL_free(ui);
+}
+
+static int allocate_string_stack(UI *ui)
+{
+ if (ui->strings == NULL) {
+ ui->strings = sk_UI_STRING_new_null();
+ if (ui->strings == NULL) {
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
+ int prompt_freeable,
+ enum UI_string_types type,
+ int input_flags, char *result_buf)
+{
+ UI_STRING *ret = NULL;
+
+ if (prompt == NULL) {
+ UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, ERR_R_PASSED_NULL_PARAMETER);
+ } else if ((type == UIT_PROMPT || type == UIT_VERIFY
+ || type == UIT_BOOLEAN) && result_buf == NULL) {
+ UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER);
+ } else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING)))) {
+ ret->out_string = prompt;
+ ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0;
+ ret->input_flags = input_flags;
+ ret->type = type;
+ ret->result_buf = result_buf;
+ }
+ return ret;
+}
+
+static int general_allocate_string(UI *ui, const char *prompt,
+ int prompt_freeable,
+ enum UI_string_types type, int input_flags,
+ char *result_buf, int minsize, int maxsize,
+ const char *test_buf)
+{
+ int ret = -1;
+ UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
+ type, input_flags, result_buf);
+
+ if (s) {
+ if (allocate_string_stack(ui) >= 0) {
+ s->_.string_data.result_minsize = minsize;
+ s->_.string_data.result_maxsize = maxsize;
+ s->_.string_data.test_buf = test_buf;
+ ret = sk_UI_STRING_push(ui->strings, s);
+ /* sk_push() returns 0 on error. Let's addapt that */
+ if (ret <= 0)
+ ret--;
+ } else
+ free_string(s);
+ }
+ return ret;
+}
+
+static int general_allocate_boolean(UI *ui,
+ const char *prompt,
+ const char *action_desc,
+ const char *ok_chars,
+ const char *cancel_chars,
+ int prompt_freeable,
+ enum UI_string_types type,
+ int input_flags, char *result_buf)
+{
+ int ret = -1;
+ UI_STRING *s;
+ const char *p;
+
+ if (ok_chars == NULL) {
+ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
+ } else if (cancel_chars == NULL) {
+ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
+ } else {
+ for (p = ok_chars; *p; p++) {
+ if (strchr(cancel_chars, *p)) {
+ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
+ UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
+ }
+ }
+
+ s = general_allocate_prompt(ui, prompt, prompt_freeable,
+ type, input_flags, result_buf);
+
+ if (s) {
+ if (allocate_string_stack(ui) >= 0) {
+ s->_.boolean_data.action_desc = action_desc;
+ s->_.boolean_data.ok_chars = ok_chars;
+ s->_.boolean_data.cancel_chars = cancel_chars;
+ ret = sk_UI_STRING_push(ui->strings, s);
+ /*
+ * sk_push() returns 0 on error. Let's addapt that
+ */
+ if (ret <= 0)
+ ret--;
+ } else
+ free_string(s);
+ }
+ }
+ return ret;
+}
+
+/*
+ * Returns the index to the place in the stack or -1 for error. Uses a
+ * direct reference to the prompt.
+ */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+ char *result_buf, int minsize, int maxsize)
+{
+ return general_allocate_string(ui, prompt, 0,
+ UIT_PROMPT, flags, result_buf, minsize,
+ maxsize, NULL);
+}
+
+/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+ char *result_buf, int minsize, int maxsize)
+{
+ char *prompt_copy = NULL;
+
+ if (prompt) {
+ prompt_copy = BUF_strdup(prompt);
+ if (prompt_copy == NULL) {
+ UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+
+ return general_allocate_string(ui, prompt_copy, 1,
+ UIT_PROMPT, flags, result_buf, minsize,
+ maxsize, NULL);
+}
+
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+ char *result_buf, int minsize, int maxsize,
+ const char *test_buf)
+{
+ return general_allocate_string(ui, prompt, 0,
+ UIT_VERIFY, flags, result_buf, minsize,
+ maxsize, test_buf);
+}
+
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+ char *result_buf, int minsize, int maxsize,
+ const char *test_buf)
+{
+ char *prompt_copy = NULL;
+
+ if (prompt) {
+ prompt_copy = BUF_strdup(prompt);
+ if (prompt_copy == NULL) {
+ UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ }
+
+ return general_allocate_string(ui, prompt_copy, 1,
+ UIT_VERIFY, flags, result_buf, minsize,
+ maxsize, test_buf);
+}
+
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+ const char *ok_chars, const char *cancel_chars,
+ int flags, char *result_buf)
+{
+ return general_allocate_boolean(ui, prompt, action_desc,
+ ok_chars, cancel_chars, 0, UIT_BOOLEAN,
+ flags, result_buf);
+}
+
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+ const char *ok_chars, const char *cancel_chars,
+ int flags, char *result_buf)
+{
+ char *prompt_copy = NULL;
+ char *action_desc_copy = NULL;
+ char *ok_chars_copy = NULL;
+ char *cancel_chars_copy = NULL;
+
+ if (prompt) {
+ prompt_copy = BUF_strdup(prompt);
+ if (prompt_copy == NULL) {
+ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+
+ if (action_desc) {
+ action_desc_copy = BUF_strdup(action_desc);
+ if (action_desc_copy == NULL) {
+ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+
+ if (ok_chars) {
+ ok_chars_copy = BUF_strdup(ok_chars);
+ if (ok_chars_copy == NULL) {
+ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+
+ if (cancel_chars) {
+ cancel_chars_copy = BUF_strdup(cancel_chars);
+ if (cancel_chars_copy == NULL) {
+ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+
+ return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+ ok_chars_copy, cancel_chars_copy, 1,
+ UIT_BOOLEAN, flags, result_buf);
+ err:
+ if (prompt_copy)
+ OPENSSL_free(prompt_copy);
+ if (action_desc_copy)
+ OPENSSL_free(action_desc_copy);
+ if (ok_chars_copy)
+ OPENSSL_free(ok_chars_copy);
+ if (cancel_chars_copy)
+ OPENSSL_free(cancel_chars_copy);
+ return -1;
+}
+
+int UI_add_info_string(UI *ui, const char *text)
+{
+ return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
+ NULL);
+}
+
+int UI_dup_info_string(UI *ui, const char *text)
+{
+ char *text_copy = NULL;
+
+ if (text) {
+ text_copy = BUF_strdup(text);
+ if (text_copy == NULL) {
+ UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ }
+
+ return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+ 0, 0, NULL);
+}
+
+int UI_add_error_string(UI *ui, const char *text)
+{
+ return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
+ NULL);
+}
+
+int UI_dup_error_string(UI *ui, const char *text)
+{
+ char *text_copy = NULL;
+
+ if (text) {
+ text_copy = BUF_strdup(text);
+ if (text_copy == NULL) {
+ UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ }
+ return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+ 0, 0, NULL);
+}
+
+char *UI_construct_prompt(UI *ui, const char *object_desc,
+ const char *object_name)
+{
+ char *prompt = NULL;
+
+ if (ui->meth->ui_construct_prompt)
+ prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name);
+ else {
+ char prompt1[] = "Enter ";
+ char prompt2[] = " for ";
+ char prompt3[] = ":";
+ int len = 0;
+
+ if (object_desc == NULL)
+ return NULL;
+ len = sizeof(prompt1) - 1 + strlen(object_desc);
+ if (object_name)
+ len += sizeof(prompt2) - 1 + strlen(object_name);
+ len += sizeof(prompt3) - 1;
+
+ prompt = (char *)OPENSSL_malloc(len + 1);
+ BUF_strlcpy(prompt, prompt1, len + 1);
+ BUF_strlcat(prompt, object_desc, len + 1);
+ if (object_name) {
+ BUF_strlcat(prompt, prompt2, len + 1);
+ BUF_strlcat(prompt, object_name, len + 1);
+ }
+ BUF_strlcat(prompt, prompt3, len + 1);
+ }
+ return prompt;
+}
+
+void *UI_add_user_data(UI *ui, void *user_data)
+{
+ void *old_data = ui->user_data;
+ ui->user_data = user_data;
+ return old_data;
+}
+
+void *UI_get0_user_data(UI *ui)
+{
+ return ui->user_data;
+}
+
+const char *UI_get0_result(UI *ui, int i)
+{
+ if (i < 0) {
+ UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL);
+ return NULL;
+ }
+ if (i >= sk_UI_STRING_num(ui->strings)) {
+ UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE);
+ return NULL;
+ }
+ return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
+}
+
+static int print_error(const char *str, size_t len, UI *ui)
+{
+ UI_STRING uis;
+
+ memset(&uis, 0, sizeof(uis));
+ uis.type = UIT_ERROR;
+ uis.out_string = str;
+
+ if (ui->meth->ui_write_string && !ui->meth->ui_write_string(ui, &uis))
+ return -1;
+ return 0;
+}
+
+int UI_process(UI *ui)
+{
+ int i, ok = 0;
+
+ if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
+ return -1;
+
+ if (ui->flags & UI_FLAG_PRINT_ERRORS)
+ ERR_print_errors_cb((int (*)(const char *, size_t, void *))
+ print_error, (void *)ui);
+
+ for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
+ if (ui->meth->ui_write_string
+ && !ui->meth->ui_write_string(ui,
+ sk_UI_STRING_value(ui->strings, i)))
+ {
+ ok = -1;
+ goto err;
+ }
+ }
+
+ if (ui->meth->ui_flush)
+ switch (ui->meth->ui_flush(ui)) {
+ case -1: /* Interrupt/Cancel/something... */
+ ok = -2;
+ goto err;
+ case 0: /* Errors */
+ ok = -1;
+ goto err;
+ default: /* Success */
+ ok = 0;
+ break;
+ }
+
+ for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
+ if (ui->meth->ui_read_string) {
+ switch (ui->meth->ui_read_string(ui,
+ sk_UI_STRING_value(ui->strings,
+ i))) {
+ case -1: /* Interrupt/Cancel/something... */
+ ok = -2;
+ goto err;
+ case 0: /* Errors */
+ ok = -1;
+ goto err;
+ default: /* Success */
+ ok = 0;
+ break;
+ }
+ }
+ }
+ err:
+ if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
+ return -1;
+ return ok;
+}
+
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
+{
+ if (ui == NULL) {
+ UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return -1;
+ }
+ switch (cmd) {
+ case UI_CTRL_PRINT_ERRORS:
+ {
+ int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS);
+ if (i)
+ ui->flags |= UI_FLAG_PRINT_ERRORS;
+ else
+ ui->flags &= ~UI_FLAG_PRINT_ERRORS;
+ return save_flag;
+ }
+ case UI_CTRL_IS_REDOABLE:
+ return ! !(ui->flags & UI_FLAG_REDOABLE);
+ default:
+ break;
+ }
+ UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND);
+ return -1;
+}
+
+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int UI_set_ex_data(UI *r, int idx, void *arg)
+{
+ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
+
+void *UI_get_ex_data(UI *r, int idx)
+{
+ return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
+
+void UI_set_default_method(const UI_METHOD *meth)
+{
+ default_UI_meth = meth;
+}
+
+const UI_METHOD *UI_get_default_method(void)
+{
+ if (default_UI_meth == NULL) {
+ default_UI_meth = UI_OpenSSL();
+ }
+ return default_UI_meth;
+}
+
+const UI_METHOD *UI_get_method(UI *ui)
+{
+ return ui->meth;
+}
+
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
+{
+ ui->meth = meth;
+ return ui->meth;
+}
+
+UI_METHOD *UI_create_method(char *name)
+{
+ UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
+
+ if (ui_method) {
+ memset(ui_method, 0, sizeof(*ui_method));
+ ui_method->name = BUF_strdup(name);
+ }
+ return ui_method;
+}
+
+/*
+ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method
+ * (that is, it hasn't been allocated using UI_create_method(), you deserve
+ * anything Murphy can throw at you and more! You have been warned.
+ */
+void UI_destroy_method(UI_METHOD *ui_method)
+{
+ OPENSSL_free(ui_method->name);
+ ui_method->name = NULL;
+ OPENSSL_free(ui_method);
+}
+
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui))
+{
+ if (method) {
+ method->ui_open_session = opener;
+ return 0;
+ } else
+ return -1;
+}
+
+int UI_method_set_writer(UI_METHOD *method,
+ int (*writer) (UI *ui, UI_STRING *uis))
+{
+ if (method) {
+ method->ui_write_string = writer;
+ return 0;
+ } else
+ return -1;
+}
+
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui))
+{
+ if (method) {
+ method->ui_flush = flusher;
+ return 0;
+ } else
+ return -1;
+}
+
+int UI_method_set_reader(UI_METHOD *method,
+ int (*reader) (UI *ui, UI_STRING *uis))
+{
+ if (method) {
+ method->ui_read_string = reader;
+ return 0;
+ } else
+ return -1;
+}
+
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui))
+{
+ if (method) {
+ method->ui_close_session = closer;
+ return 0;
+ } else
+ return -1;
+}
+
+int (*UI_method_get_opener(UI_METHOD *method)) (UI *) {
+ if (method)
+ return method->ui_open_session;
+ else
+ return NULL;
+}
+
+int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *) {
+ if (method)
+ return method->ui_write_string;
+ else
+ return NULL;
+}
+
+int (*UI_method_get_flusher(UI_METHOD *method)) (UI *) {
+ if (method)
+ return method->ui_flush;
+ else
+ return NULL;
+}
+
+int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *) {
+ if (method)
+ return method->ui_read_string;
+ else
+ return NULL;
+}
+
+int (*UI_method_get_closer(UI_METHOD *method)) (UI *) {
+ if (method)
+ return method->ui_close_session;
+ else
+ return NULL;
+}
+
+enum UI_string_types UI_get_string_type(UI_STRING *uis)
+{
+ if (!uis)
+ return UIT_NONE;
+ return uis->type;
+}
+
+int UI_get_input_flags(UI_STRING *uis)
+{
+ if (!uis)
+ return 0;
+ return uis->input_flags;
+}
+
+const char *UI_get0_output_string(UI_STRING *uis)
+{
+ if (!uis)
+ return NULL;
+ return uis->out_string;
+}
+
+const char *UI_get0_action_string(UI_STRING *uis)
+{
+ if (!uis)
+ return NULL;
+ switch (uis->type) {
+ case UIT_PROMPT:
+ case UIT_BOOLEAN:
+ return uis->_.boolean_data.action_desc;
+ default:
+ return NULL;
+ }
+}
+
+const char *UI_get0_result_string(UI_STRING *uis)
+{
+ if (!uis)
+ return NULL;
+ switch (uis->type) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ return uis->result_buf;
+ default:
+ return NULL;
+ }
+}
+
+const char *UI_get0_test_string(UI_STRING *uis)
+{
+ if (!uis)
+ return NULL;
+ switch (uis->type) {
+ case UIT_VERIFY:
+ return uis->_.string_data.test_buf;
+ default:
+ return NULL;
+ }
+}
+
+int UI_get_result_minsize(UI_STRING *uis)
+{
+ if (!uis)
+ return -1;
+ switch (uis->type) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ return uis->_.string_data.result_minsize;
+ default:
+ return -1;
+ }
+}
+
+int UI_get_result_maxsize(UI_STRING *uis)
+{
+ if (!uis)
+ return -1;
+ switch (uis->type) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ return uis->_.string_data.result_maxsize;
+ default:
+ return -1;
+ }
+}
+
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
+{
+ int l = strlen(result);
+
+ ui->flags &= ~UI_FLAG_REDOABLE;
+
+ if (!uis)
+ return -1;
+ switch (uis->type) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1];
+ char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1];
+
+ BIO_snprintf(number1, sizeof(number1), "%d",
+ uis->_.string_data.result_minsize);
+ BIO_snprintf(number2, sizeof(number2), "%d",
+ uis->_.string_data.result_maxsize);
+
+ if (l < uis->_.string_data.result_minsize) {
+ ui->flags |= UI_FLAG_REDOABLE;
+ UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL);
+ ERR_add_error_data(5, "You must type in ",
+ number1, " to ", number2, " characters");
+ return -1;
+ }
+ if (l > uis->_.string_data.result_maxsize) {
+ ui->flags |= UI_FLAG_REDOABLE;
+ UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE);
+ ERR_add_error_data(5, "You must type in ",
+ number1, " to ", number2, " characters");
+ return -1;
+ }
+ }
+
+ if (!uis->result_buf) {
+ UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+ return -1;
+ }
+
+ BUF_strlcpy(uis->result_buf, result,
+ uis->_.string_data.result_maxsize + 1);
+ break;
+ case UIT_BOOLEAN:
+ {
+ const char *p;
+
+ if (!uis->result_buf) {
+ UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+ return -1;
+ }
+
+ uis->result_buf[0] = '\0';
+ for (p = result; *p; p++) {
+ if (strchr(uis->_.boolean_data.ok_chars, *p)) {
+ uis->result_buf[0] = uis->_.boolean_data.ok_chars[0];
+ break;
+ }
+ if (strchr(uis->_.boolean_data.cancel_chars, *p)) {
+ uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0];
+ break;
+ }
+ }
+ }
+ default:
+ break;
+ }
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_locl.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,153 +0,0 @@
-/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UI_LOCL_H
-#define HEADER_UI_LOCL_H
-
-#include <openssl/ui.h>
-#include <openssl/crypto.h>
-
-#ifdef _
-#undef _
-#endif
-
-struct ui_method_st
- {
- char *name;
-
- /* All the functions return 1 or non-NULL for success and 0 or NULL
- for failure */
-
- /* Open whatever channel for this, be it the console, an X window
- or whatever.
- This function should use the ex_data structure to save
- intermediate data. */
- int (*ui_open_session)(UI *ui);
-
- int (*ui_write_string)(UI *ui, UI_STRING *uis);
-
- /* Flush the output. If a GUI dialog box is used, this function can
- be used to actually display it. */
- int (*ui_flush)(UI *ui);
-
- int (*ui_read_string)(UI *ui, UI_STRING *uis);
-
- int (*ui_close_session)(UI *ui);
-
- /* Construct a prompt in a user-defined manner. object_desc is a
- textual short description of the object, for example "pass phrase",
- and object_name is the name of the object (might be a card name or
- a file name.
- The returned string shall always be allocated on the heap with
- OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). */
- char *(*ui_construct_prompt)(UI *ui, const char *object_desc,
- const char *object_name);
- };
-
-struct ui_string_st
- {
- enum UI_string_types type; /* Input */
- const char *out_string; /* Input */
- int input_flags; /* Flags from the user */
-
- /* The following parameters are completely irrelevant for UIT_INFO,
- and can therefore be set to 0 or NULL */
- char *result_buf; /* Input and Output: If not NULL, user-defined
- with size in result_maxsize. Otherwise, it
- may be allocated by the UI routine, meaning
- result_minsize is going to be overwritten.*/
- union
- {
- struct
- {
- int result_minsize; /* Input: minimum required
- size of the result.
- */
- int result_maxsize; /* Input: maximum permitted
- size of the result */
-
- const char *test_buf; /* Input: test string to verify
- against */
- } string_data;
- struct
- {
- const char *action_desc; /* Input */
- const char *ok_chars; /* Input */
- const char *cancel_chars; /* Input */
- } boolean_data;
- } _;
-
-#define OUT_STRING_FREEABLE 0x01
- int flags; /* flags for internal use */
- };
-
-struct ui_st
- {
- const UI_METHOD *meth;
- STACK_OF(UI_STRING) *strings; /* We might want to prompt for more
- than one thing at a time, and
- with different echoing status. */
- void *user_data;
- CRYPTO_EX_DATA ex_data;
-
-#define UI_FLAG_REDOABLE 0x0001
-#define UI_FLAG_PRINT_ERRORS 0x0100
- int flags;
- };
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_locl.h (from rev 6976, vendor-crypto/openssl/dist/crypto/ui/ui_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,145 @@
+/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_LOCL_H
+# define HEADER_UI_LOCL_H
+
+# include <openssl/ui.h>
+# include <openssl/crypto.h>
+
+# ifdef _
+# undef _
+# endif
+
+struct ui_method_st {
+ char *name;
+ /*
+ * All the functions return 1 or non-NULL for success and 0 or NULL for
+ * failure
+ */
+ /*
+ * Open whatever channel for this, be it the console, an X window or
+ * whatever. This function should use the ex_data structure to save
+ * intermediate data.
+ */
+ int (*ui_open_session) (UI *ui);
+ int (*ui_write_string) (UI *ui, UI_STRING *uis);
+ /*
+ * Flush the output. If a GUI dialog box is used, this function can be
+ * used to actually display it.
+ */
+ int (*ui_flush) (UI *ui);
+ int (*ui_read_string) (UI *ui, UI_STRING *uis);
+ int (*ui_close_session) (UI *ui);
+ /*
+ * Construct a prompt in a user-defined manner. object_desc is a textual
+ * short description of the object, for example "pass phrase", and
+ * object_name is the name of the object (might be a card name or a file
+ * name. The returned string shall always be allocated on the heap with
+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+ */
+ char *(*ui_construct_prompt) (UI *ui, const char *object_desc,
+ const char *object_name);
+};
+
+struct ui_string_st {
+ enum UI_string_types type; /* Input */
+ const char *out_string; /* Input */
+ int input_flags; /* Flags from the user */
+ /*
+ * The following parameters are completely irrelevant for UIT_INFO, and
+ * can therefore be set to 0 or NULL
+ */
+ char *result_buf; /* Input and Output: If not NULL,
+ * user-defined with size in result_maxsize.
+ * Otherwise, it may be allocated by the UI
+ * routine, meaning result_minsize is going
+ * to be overwritten. */
+ union {
+ struct {
+ int result_minsize; /* Input: minimum required size of the
+ * result. */
+ int result_maxsize; /* Input: maximum permitted size of the
+ * result */
+ const char *test_buf; /* Input: test string to verify against */
+ } string_data;
+ struct {
+ const char *action_desc; /* Input */
+ const char *ok_chars; /* Input */
+ const char *cancel_chars; /* Input */
+ } boolean_data;
+ } _;
+
+# define OUT_STRING_FREEABLE 0x01
+ int flags; /* flags for internal use */
+};
+
+struct ui_st {
+ const UI_METHOD *meth;
+ STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than
+ * one thing at a time, and with different
+ * echoing status. */
+ void *user_data;
+ CRYPTO_EX_DATA ex_data;
+# define UI_FLAG_REDOABLE 0x0001
+# define UI_FLAG_PRINT_ERRORS 0x0100
+ int flags;
+};
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_openssl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_openssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,710 +0,0 @@
-/* crypto/ui/ui_openssl.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org) and others
- * for the OpenSSL project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* The lowest level part of this file was previously in crypto/des/read_pwd.c,
- * Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-
-#include <openssl/e_os2.h>
-
-/* need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc
- * [maybe others?], because it masks interfaces not discussed in standard,
- * sigaction and fileno included. -pedantic would be more appropriate for
- * the intended purposes, but we can't prevent users from adding -ansi.
- */
-#define _POSIX_C_SOURCE 1
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
-# ifdef OPENSSL_UNISTD
-# include OPENSSL_UNISTD
-# else
-# include <unistd.h>
-# endif
-/* If unistd.h defines _POSIX_VERSION, we conclude that we
- * are on a POSIX system and have sigaction and termios. */
-# if defined(_POSIX_VERSION)
-
-# define SIGACTION
-# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
-# define TERMIOS
-# endif
-
-# endif
-#endif
-
-#ifdef WIN16TTY
-# undef OPENSSL_SYS_WIN16
-# undef WIN16
-# undef _WINDOWS
-# include <graph.h>
-#endif
-
-/* 06-Apr-92 Luke Brennan Support for VMS */
-#include "ui_locl.h"
-#include "cryptlib.h"
-
-#ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */
-# include <starlet.h>
-# ifdef __DECC
-# pragma message disable DOLLARID
-# endif
-#endif
-
-#ifdef WIN_CONSOLE_BUG
-# include <windows.h>
-#ifndef OPENSSL_SYS_WINCE
-# include <wincon.h>
-#endif
-#endif
-
-
-/* There are 5 types of terminal interface supported,
- * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
- */
-
-#if defined(__sgi) && !defined(TERMIOS)
-# define TERMIOS
-# undef TERMIO
-# undef SGTTY
-#endif
-
-#if defined(linux) && !defined(TERMIO)
-# undef TERMIOS
-# define TERMIO
-# undef SGTTY
-#endif
-
-#ifdef _LIBC
-# undef TERMIOS
-# define TERMIO
-# undef SGTTY
-#endif
-
-#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(MAC_OS_GUSI_SOURCE)
-# undef TERMIOS
-# undef TERMIO
-# define SGTTY
-#endif
-
-#if defined(OPENSSL_SYS_VXWORKS)
-#undef TERMIOS
-#undef TERMIO
-#undef SGTTY
-#endif
-
-#if defined(OPENSSL_SYS_NETWARE)
-#undef TERMIOS
-#undef TERMIO
-#undef SGTTY
-#endif
-
-#ifdef TERMIOS
-# include <termios.h>
-# define TTY_STRUCT struct termios
-# define TTY_FLAGS c_lflag
-# define TTY_get(tty,data) tcgetattr(tty,data)
-# define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data)
-#endif
-
-#ifdef TERMIO
-# include <termio.h>
-# define TTY_STRUCT struct termio
-# define TTY_FLAGS c_lflag
-# define TTY_get(tty,data) ioctl(tty,TCGETA,data)
-# define TTY_set(tty,data) ioctl(tty,TCSETA,data)
-#endif
-
-#ifdef SGTTY
-# include <sgtty.h>
-# define TTY_STRUCT struct sgttyb
-# define TTY_FLAGS sg_flags
-# define TTY_get(tty,data) ioctl(tty,TIOCGETP,data)
-# define TTY_set(tty,data) ioctl(tty,TIOCSETP,data)
-#endif
-
-#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS)
-# include <sys/ioctl.h>
-#endif
-
-#ifdef OPENSSL_SYS_MSDOS
-# include <conio.h>
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-# include <ssdef.h>
-# include <iodef.h>
-# include <ttdef.h>
-# include <descrip.h>
-struct IOSB {
- short iosb$w_value;
- short iosb$w_count;
- long iosb$l_info;
- };
-#endif
-
-#ifdef OPENSSL_SYS_SUNOS
- typedef int sig_atomic_t;
-#endif
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE)
-/*
- * This one needs work. As a matter of fact the code is unoperational
- * and this is only a trick to get it compiled.
- * <appro at fy.chalmers.se>
- */
-# define TTY_STRUCT int
-#endif
-
-#ifndef NX509_SIG
-# define NX509_SIG 32
-#endif
-
-
-/* Define globals. They are protected by a lock */
-#ifdef SIGACTION
-static struct sigaction savsig[NX509_SIG];
-#else
-static void (*savsig[NX509_SIG])(int );
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-static struct IOSB iosb;
-static $DESCRIPTOR(terminal,"TT");
-static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this will always suffice for the actual structures? */
-static long status;
-static unsigned short channel = 0;
-#else
-#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
-static TTY_STRUCT tty_orig,tty_new;
-#endif
-#endif
-static FILE *tty_in, *tty_out;
-static int is_a_tty;
-
-/* Declare static functions */
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-static int read_till_nl(FILE *);
-static void recsig(int);
-static void pushsig(void);
-static void popsig(void);
-#endif
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
-static int noecho_fgets(char *buf, int size, FILE *tty);
-#endif
-static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
-
-static int read_string(UI *ui, UI_STRING *uis);
-static int write_string(UI *ui, UI_STRING *uis);
-
-static int open_console(UI *ui);
-static int echo_console(UI *ui);
-static int noecho_console(UI *ui);
-static int close_console(UI *ui);
-
-static UI_METHOD ui_openssl =
- {
- "OpenSSL default user interface",
- open_console,
- write_string,
- NULL, /* No flusher is needed for command lines */
- read_string,
- close_console,
- NULL
- };
-
-/* The method with all the built-in thingies */
-UI_METHOD *UI_OpenSSL(void)
- {
- return &ui_openssl;
- }
-
-/* The following function makes sure that info and error strings are printed
- before any prompt. */
-static int write_string(UI *ui, UI_STRING *uis)
- {
- switch (UI_get_string_type(uis))
- {
- case UIT_ERROR:
- case UIT_INFO:
- fputs(UI_get0_output_string(uis), tty_out);
- fflush(tty_out);
- break;
- default:
- break;
- }
- return 1;
- }
-
-static int read_string(UI *ui, UI_STRING *uis)
- {
- int ok = 0;
-
- switch (UI_get_string_type(uis))
- {
- case UIT_BOOLEAN:
- fputs(UI_get0_output_string(uis), tty_out);
- fputs(UI_get0_action_string(uis), tty_out);
- fflush(tty_out);
- return read_string_inner(ui, uis,
- UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 0);
- case UIT_PROMPT:
- fputs(UI_get0_output_string(uis), tty_out);
- fflush(tty_out);
- return read_string_inner(ui, uis,
- UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1);
- case UIT_VERIFY:
- fprintf(tty_out,"Verifying - %s",
- UI_get0_output_string(uis));
- fflush(tty_out);
- if ((ok = read_string_inner(ui, uis,
- UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1)) <= 0)
- return ok;
- if (strcmp(UI_get0_result_string(uis),
- UI_get0_test_string(uis)) != 0)
- {
- fprintf(tty_out,"Verify failure\n");
- fflush(tty_out);
- return 0;
- }
- break;
- default:
- break;
- }
- return 1;
- }
-
-
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-/* Internal functions to read a string without echoing */
-static int read_till_nl(FILE *in)
- {
-#define SIZE 4
- char buf[SIZE+1];
-
- do {
- if (!fgets(buf,SIZE,in))
- return 0;
- } while (strchr(buf,'\n') == NULL);
- return 1;
- }
-
-static volatile sig_atomic_t intr_signal;
-#endif
-
-static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
- {
- static int ps;
- int ok;
- char result[BUFSIZ];
- int maxsize = BUFSIZ-1;
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
- char *p;
-
- intr_signal=0;
- ok=0;
- ps=0;
-
- pushsig();
- ps=1;
-
- if (!echo && !noecho_console(ui))
- goto error;
- ps=2;
-
- result[0]='\0';
-#ifdef OPENSSL_SYS_MSDOS
- if (!echo)
- {
- noecho_fgets(result,maxsize,tty_in);
- p=result; /* FIXME: noecho_fgets doesn't return errors */
- }
- else
- p=fgets(result,maxsize,tty_in);
-#else
- p=fgets(result,maxsize,tty_in);
-#endif
- if(!p)
- goto error;
- if (feof(tty_in)) goto error;
- if (ferror(tty_in)) goto error;
- if ((p=(char *)strchr(result,'\n')) != NULL)
- {
- if (strip_nl)
- *p='\0';
- }
- else
- if (!read_till_nl(tty_in))
- goto error;
- if (UI_set_result(ui, uis, result) >= 0)
- ok=1;
-
-error:
- if (intr_signal == SIGINT)
- ok=-1;
- if (!echo) fprintf(tty_out,"\n");
- if (ps >= 2 && !echo && !echo_console(ui))
- ok=0;
-
- if (ps >= 1)
- popsig();
-#else
- ok=1;
-#endif
-
- OPENSSL_cleanse(result,BUFSIZ);
- return ok;
- }
-
-
-/* Internal functions to open, handle and close a channel to the console. */
-static int open_console(UI *ui)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_UI);
- is_a_tty = 1;
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
- tty_in=stdin;
- tty_out=stderr;
-#else
-# ifdef OPENSSL_SYS_MSDOS
-# define DEV_TTY "con"
-# else
-# define DEV_TTY "/dev/tty"
-# endif
- if ((tty_in=fopen(DEV_TTY,"r")) == NULL)
- tty_in=stdin;
- if ((tty_out=fopen(DEV_TTY,"w")) == NULL)
- tty_out=stderr;
-#endif
-
-#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
- if (TTY_get(fileno(tty_in),&tty_orig) == -1)
- {
-#ifdef ENOTTY
- if (errno == ENOTTY)
- is_a_tty=0;
- else
-#endif
-#ifdef EINVAL
- /* Ariel Glenn ariel at columbia.edu reports that solaris
- * can return EINVAL instead. This should be ok */
- if (errno == EINVAL)
- is_a_tty=0;
- else
-#endif
- return 0;
- }
-#endif
-#ifdef OPENSSL_SYS_VMS
- status = sys$assign(&terminal,&channel,0,0);
- if (status != SS$_NORMAL)
- return 0;
- status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
- return 0;
-#endif
- return 1;
- }
-
-static int noecho_console(UI *ui)
- {
-#ifdef TTY_FLAGS
- memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
- tty_new.TTY_FLAGS &= ~ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
- if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))
- return 0;
-#endif
-#ifdef OPENSSL_SYS_VMS
- tty_new[0] = tty_orig[0];
- tty_new[1] = tty_orig[1] | TT$M_NOECHO;
- tty_new[2] = tty_orig[2];
- status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
- return 0;
-#endif
- return 1;
- }
-
-static int echo_console(UI *ui)
- {
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
- memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
- tty_new.TTY_FLAGS |= ECHO;
-#endif
-
-#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
- if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))
- return 0;
-#endif
-#ifdef OPENSSL_SYS_VMS
- tty_new[0] = tty_orig[0];
- tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
- tty_new[2] = tty_orig[2];
- status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
- if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
- return 0;
-#endif
- return 1;
- }
-
-static int close_console(UI *ui)
- {
- if (tty_in != stdin) fclose(tty_in);
- if (tty_out != stderr) fclose(tty_out);
-#ifdef OPENSSL_SYS_VMS
- status = sys$dassgn(channel);
-#endif
- CRYPTO_w_unlock(CRYPTO_LOCK_UI);
-
- return 1;
- }
-
-
-#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-/* Internal functions to handle signals and act on them */
-static void pushsig(void)
- {
-#ifndef OPENSSL_SYS_WIN32
- int i;
-#endif
-#ifdef SIGACTION
- struct sigaction sa;
-
- memset(&sa,0,sizeof sa);
- sa.sa_handler=recsig;
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
- savsig[SIGABRT]=signal(SIGABRT,recsig);
- savsig[SIGFPE]=signal(SIGFPE,recsig);
- savsig[SIGILL]=signal(SIGILL,recsig);
- savsig[SIGINT]=signal(SIGINT,recsig);
- savsig[SIGSEGV]=signal(SIGSEGV,recsig);
- savsig[SIGTERM]=signal(SIGTERM,recsig);
-#else
- for (i=1; i<NX509_SIG; i++)
- {
-#ifdef SIGUSR1
- if (i == SIGUSR1)
- continue;
-#endif
-#ifdef SIGUSR2
- if (i == SIGUSR2)
- continue;
-#endif
-#ifdef SIGKILL
- if (i == SIGKILL) /* We can't make any action on that. */
- continue;
-#endif
-#ifdef SIGACTION
- sigaction(i,&sa,&savsig[i]);
-#else
- savsig[i]=signal(i,recsig);
-#endif
- }
-#endif
-
-#ifdef SIGWINCH
- signal(SIGWINCH,SIG_DFL);
-#endif
- }
-
-static void popsig(void)
- {
-#ifdef OPENSSL_SYS_WIN32
- signal(SIGABRT,savsig[SIGABRT]);
- signal(SIGFPE,savsig[SIGFPE]);
- signal(SIGILL,savsig[SIGILL]);
- signal(SIGINT,savsig[SIGINT]);
- signal(SIGSEGV,savsig[SIGSEGV]);
- signal(SIGTERM,savsig[SIGTERM]);
-#else
- int i;
- for (i=1; i<NX509_SIG; i++)
- {
-#ifdef SIGUSR1
- if (i == SIGUSR1)
- continue;
-#endif
-#ifdef SIGUSR2
- if (i == SIGUSR2)
- continue;
-#endif
-#ifdef SIGACTION
- sigaction(i,&savsig[i],NULL);
-#else
- signal(i,savsig[i]);
-#endif
- }
-#endif
- }
-
-static void recsig(int i)
- {
- intr_signal=i;
- }
-#endif
-
-/* Internal functions specific for Windows */
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
-static int noecho_fgets(char *buf, int size, FILE *tty)
- {
- int i;
- char *p;
-
- p=buf;
- for (;;)
- {
- if (size == 0)
- {
- *p='\0';
- break;
- }
- size--;
-#ifdef WIN16TTY
- i=_inchar();
-#elif defined(_WIN32)
- i=_getch();
-#else
- i=getch();
-#endif
- if (i == '\r') i='\n';
- *(p++)=i;
- if (i == '\n')
- {
- *p='\0';
- break;
- }
- }
-#ifdef WIN_CONSOLE_BUG
-/* Win95 has several evil console bugs: one of these is that the
- * last character read using getch() is passed to the next read: this is
- * usually a CR so this can be trouble. No STDIO fix seems to work but
- * flushing the console appears to do the trick.
- */
- {
- HANDLE inh;
- inh = GetStdHandle(STD_INPUT_HANDLE);
- FlushConsoleInputBuffer(inh);
- }
-#endif
- return(strlen(buf));
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_openssl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ui/ui_openssl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_openssl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_openssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,715 @@
+/* crypto/ui/ui_openssl.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org) and others for the
+ * OpenSSL project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*-
+ * The lowest level part of this file was previously in crypto/des/read_pwd.c,
+ * Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <openssl/e_os2.h>
+
+/*
+ * need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc
+ * [maybe others?], because it masks interfaces not discussed in standard,
+ * sigaction and fileno included. -pedantic would be more appropriate for the
+ * intended purposes, but we can't prevent users from adding -ansi.
+ */
+#define _POSIX_C_SOURCE 1
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+# ifdef OPENSSL_UNISTD
+# include OPENSSL_UNISTD
+# else
+# include <unistd.h>
+# endif
+/*
+ * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX
+ * system and have sigaction and termios.
+ */
+# if defined(_POSIX_VERSION)
+
+# define SIGACTION
+# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+# define TERMIOS
+# endif
+
+# endif
+#endif
+
+#ifdef WIN16TTY
+# undef OPENSSL_SYS_WIN16
+# undef WIN16
+# undef _WINDOWS
+# include <graph.h>
+#endif
+
+/* 06-Apr-92 Luke Brennan Support for VMS */
+#include "ui_locl.h"
+#include "cryptlib.h"
+
+#ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */
+# include <starlet.h>
+# ifdef __DECC
+# pragma message disable DOLLARID
+# endif
+#endif
+
+#ifdef WIN_CONSOLE_BUG
+# include <windows.h>
+# ifndef OPENSSL_SYS_WINCE
+# include <wincon.h>
+# endif
+#endif
+
+/*
+ * There are 5 types of terminal interface supported, TERMIO, TERMIOS, VMS,
+ * MSDOS and SGTTY
+ */
+
+#if defined(__sgi) && !defined(TERMIOS)
+# define TERMIOS
+# undef TERMIO
+# undef SGTTY
+#endif
+
+#if defined(linux) && !defined(TERMIO)
+# undef TERMIOS
+# define TERMIO
+# undef SGTTY
+#endif
+
+#ifdef _LIBC
+# undef TERMIOS
+# define TERMIO
+# undef SGTTY
+#endif
+
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(MAC_OS_GUSI_SOURCE)
+# undef TERMIOS
+# undef TERMIO
+# define SGTTY
+#endif
+
+#if defined(OPENSSL_SYS_VXWORKS)
+# undef TERMIOS
+# undef TERMIO
+# undef SGTTY
+#endif
+
+#if defined(OPENSSL_SYS_NETWARE)
+# undef TERMIOS
+# undef TERMIO
+# undef SGTTY
+#endif
+
+#ifdef TERMIOS
+# include <termios.h>
+# define TTY_STRUCT struct termios
+# define TTY_FLAGS c_lflag
+# define TTY_get(tty,data) tcgetattr(tty,data)
+# define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data)
+#endif
+
+#ifdef TERMIO
+# include <termio.h>
+# define TTY_STRUCT struct termio
+# define TTY_FLAGS c_lflag
+# define TTY_get(tty,data) ioctl(tty,TCGETA,data)
+# define TTY_set(tty,data) ioctl(tty,TCSETA,data)
+#endif
+
+#ifdef SGTTY
+# include <sgtty.h>
+# define TTY_STRUCT struct sgttyb
+# define TTY_FLAGS sg_flags
+# define TTY_get(tty,data) ioctl(tty,TIOCGETP,data)
+# define TTY_set(tty,data) ioctl(tty,TIOCSETP,data)
+#endif
+
+#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS)
+# include <sys/ioctl.h>
+#endif
+
+#ifdef OPENSSL_SYS_MSDOS
+# include <conio.h>
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+# include <ssdef.h>
+# include <iodef.h>
+# include <ttdef.h>
+# include <descrip.h>
+struct IOSB {
+ short iosb$w_value;
+ short iosb$w_count;
+ long iosb$l_info;
+};
+#endif
+
+#ifdef OPENSSL_SYS_SUNOS
+typedef int sig_atomic_t;
+#endif
+
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE)
+/*
+ * This one needs work. As a matter of fact the code is unoperational
+ * and this is only a trick to get it compiled.
+ * <appro at fy.chalmers.se>
+ */
+# define TTY_STRUCT int
+#endif
+
+#ifndef NX509_SIG
+# define NX509_SIG 32
+#endif
+
+/* Define globals. They are protected by a lock */
+#ifdef SIGACTION
+static struct sigaction savsig[NX509_SIG];
+#else
+static void (*savsig[NX509_SIG]) (int);
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+static struct IOSB iosb;
+static $DESCRIPTOR(terminal, "TT");
+static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this
+ * will always suffice for the actual
+ * structures? */
+static long status;
+static unsigned short channel = 0;
+#else
+# if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+static TTY_STRUCT tty_orig, tty_new;
+# endif
+#endif
+static FILE *tty_in, *tty_out;
+static int is_a_tty;
+
+/* Declare static functions */
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+static int read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#endif
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
+
+static int read_string(UI *ui, UI_STRING *uis);
+static int write_string(UI *ui, UI_STRING *uis);
+
+static int open_console(UI *ui);
+static int echo_console(UI *ui);
+static int noecho_console(UI *ui);
+static int close_console(UI *ui);
+
+static UI_METHOD ui_openssl = {
+ "OpenSSL default user interface",
+ open_console,
+ write_string,
+ NULL, /* No flusher is needed for command lines */
+ read_string,
+ close_console,
+ NULL
+};
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void)
+{
+ return &ui_openssl;
+}
+
+/*
+ * The following function makes sure that info and error strings are printed
+ * before any prompt.
+ */
+static int write_string(UI *ui, UI_STRING *uis)
+{
+ switch (UI_get_string_type(uis)) {
+ case UIT_ERROR:
+ case UIT_INFO:
+ fputs(UI_get0_output_string(uis), tty_out);
+ fflush(tty_out);
+ break;
+ default:
+ break;
+ }
+ return 1;
+}
+
+static int read_string(UI *ui, UI_STRING *uis)
+{
+ int ok = 0;
+
+ switch (UI_get_string_type(uis)) {
+ case UIT_BOOLEAN:
+ fputs(UI_get0_output_string(uis), tty_out);
+ fputs(UI_get0_action_string(uis), tty_out);
+ fflush(tty_out);
+ return read_string_inner(ui, uis,
+ UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO,
+ 0);
+ case UIT_PROMPT:
+ fputs(UI_get0_output_string(uis), tty_out);
+ fflush(tty_out);
+ return read_string_inner(ui, uis,
+ UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO,
+ 1);
+ case UIT_VERIFY:
+ fprintf(tty_out, "Verifying - %s", UI_get0_output_string(uis));
+ fflush(tty_out);
+ if ((ok = read_string_inner(ui, uis,
+ UI_get_input_flags(uis) &
+ UI_INPUT_FLAG_ECHO, 1)) <= 0)
+ return ok;
+ if (strcmp(UI_get0_result_string(uis), UI_get0_test_string(uis)) != 0) {
+ fprintf(tty_out, "Verify failure\n");
+ fflush(tty_out);
+ return 0;
+ }
+ break;
+ default:
+ break;
+ }
+ return 1;
+}
+
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to read a string without echoing */
+static int read_till_nl(FILE *in)
+{
+# define SIZE 4
+ char buf[SIZE + 1];
+
+ do {
+ if (!fgets(buf, SIZE, in))
+ return 0;
+ } while (strchr(buf, '\n') == NULL);
+ return 1;
+}
+
+static volatile sig_atomic_t intr_signal;
+#endif
+
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
+{
+ static int ps;
+ int ok;
+ char result[BUFSIZ];
+ int maxsize = BUFSIZ - 1;
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+ char *p;
+
+ intr_signal = 0;
+ ok = 0;
+ ps = 0;
+
+ pushsig();
+ ps = 1;
+
+ if (!echo && !noecho_console(ui))
+ goto error;
+ ps = 2;
+
+ result[0] = '\0';
+# ifdef OPENSSL_SYS_MSDOS
+ if (!echo) {
+ noecho_fgets(result, maxsize, tty_in);
+ p = result; /* FIXME: noecho_fgets doesn't return errors */
+ } else
+ p = fgets(result, maxsize, tty_in);
+# else
+ p = fgets(result, maxsize, tty_in);
+# endif
+ if (!p)
+ goto error;
+ if (feof(tty_in))
+ goto error;
+ if (ferror(tty_in))
+ goto error;
+ if ((p = (char *)strchr(result, '\n')) != NULL) {
+ if (strip_nl)
+ *p = '\0';
+ } else if (!read_till_nl(tty_in))
+ goto error;
+ if (UI_set_result(ui, uis, result) >= 0)
+ ok = 1;
+
+ error:
+ if (intr_signal == SIGINT)
+ ok = -1;
+ if (!echo)
+ fprintf(tty_out, "\n");
+ if (ps >= 2 && !echo && !echo_console(ui))
+ ok = 0;
+
+ if (ps >= 1)
+ popsig();
+#else
+ ok = 1;
+#endif
+
+ OPENSSL_cleanse(result, BUFSIZ);
+ return ok;
+}
+
+/* Internal functions to open, handle and close a channel to the console. */
+static int open_console(UI *ui)
+{
+ CRYPTO_w_lock(CRYPTO_LOCK_UI);
+ is_a_tty = 1;
+
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
+ tty_in = stdin;
+ tty_out = stderr;
+#else
+# ifdef OPENSSL_SYS_MSDOS
+# define DEV_TTY "con"
+# else
+# define DEV_TTY "/dev/tty"
+# endif
+ if ((tty_in = fopen(DEV_TTY, "r")) == NULL)
+ tty_in = stdin;
+ if ((tty_out = fopen(DEV_TTY, "w")) == NULL)
+ tty_out = stderr;
+#endif
+
+#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+ if (TTY_get(fileno(tty_in), &tty_orig) == -1) {
+# ifdef ENOTTY
+ if (errno == ENOTTY)
+ is_a_tty = 0;
+ else
+# endif
+# ifdef EINVAL
+ /*
+ * Ariel Glenn ariel at columbia.edu reports that solaris can return
+ * EINVAL instead. This should be ok
+ */
+ if (errno == EINVAL)
+ is_a_tty = 0;
+ else
+# endif
+ return 0;
+ }
+#endif
+#ifdef OPENSSL_SYS_VMS
+ status = sys$assign(&terminal, &channel, 0, 0);
+ if (status != SS$_NORMAL)
+ return 0;
+ status =
+ sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12, 0, 0,
+ 0, 0);
+ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+ return 0;
+#endif
+ return 1;
+}
+
+static int noecho_console(UI *ui)
+{
+#ifdef TTY_FLAGS
+ memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
+ tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+ if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
+ return 0;
+#endif
+#ifdef OPENSSL_SYS_VMS
+ tty_new[0] = tty_orig[0];
+ tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+ tty_new[2] = tty_orig[2];
+ status =
+ sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
+ 0);
+ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+ return 0;
+#endif
+ return 1;
+}
+
+static int echo_console(UI *ui)
+{
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+ memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
+ tty_new.TTY_FLAGS |= ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+ if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
+ return 0;
+#endif
+#ifdef OPENSSL_SYS_VMS
+ tty_new[0] = tty_orig[0];
+ tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
+ tty_new[2] = tty_orig[2];
+ status =
+ sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12, 0, 0, 0,
+ 0);
+ if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+ return 0;
+#endif
+ return 1;
+}
+
+static int close_console(UI *ui)
+{
+ if (tty_in != stdin)
+ fclose(tty_in);
+ if (tty_out != stderr)
+ fclose(tty_out);
+#ifdef OPENSSL_SYS_VMS
+ status = sys$dassgn(channel);
+#endif
+ CRYPTO_w_unlock(CRYPTO_LOCK_UI);
+
+ return 1;
+}
+
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to handle signals and act on them */
+static void pushsig(void)
+{
+# ifndef OPENSSL_SYS_WIN32
+ int i;
+# endif
+# ifdef SIGACTION
+ struct sigaction sa;
+
+ memset(&sa, 0, sizeof sa);
+ sa.sa_handler = recsig;
+# endif
+
+# ifdef OPENSSL_SYS_WIN32
+ savsig[SIGABRT] = signal(SIGABRT, recsig);
+ savsig[SIGFPE] = signal(SIGFPE, recsig);
+ savsig[SIGILL] = signal(SIGILL, recsig);
+ savsig[SIGINT] = signal(SIGINT, recsig);
+ savsig[SIGSEGV] = signal(SIGSEGV, recsig);
+ savsig[SIGTERM] = signal(SIGTERM, recsig);
+# else
+ for (i = 1; i < NX509_SIG; i++) {
+# ifdef SIGUSR1
+ if (i == SIGUSR1)
+ continue;
+# endif
+# ifdef SIGUSR2
+ if (i == SIGUSR2)
+ continue;
+# endif
+# ifdef SIGKILL
+ if (i == SIGKILL) /* We can't make any action on that. */
+ continue;
+# endif
+# ifdef SIGACTION
+ sigaction(i, &sa, &savsig[i]);
+# else
+ savsig[i] = signal(i, recsig);
+# endif
+ }
+# endif
+
+# ifdef SIGWINCH
+ signal(SIGWINCH, SIG_DFL);
+# endif
+}
+
+static void popsig(void)
+{
+# ifdef OPENSSL_SYS_WIN32
+ signal(SIGABRT, savsig[SIGABRT]);
+ signal(SIGFPE, savsig[SIGFPE]);
+ signal(SIGILL, savsig[SIGILL]);
+ signal(SIGINT, savsig[SIGINT]);
+ signal(SIGSEGV, savsig[SIGSEGV]);
+ signal(SIGTERM, savsig[SIGTERM]);
+# else
+ int i;
+ for (i = 1; i < NX509_SIG; i++) {
+# ifdef SIGUSR1
+ if (i == SIGUSR1)
+ continue;
+# endif
+# ifdef SIGUSR2
+ if (i == SIGUSR2)
+ continue;
+# endif
+# ifdef SIGACTION
+ sigaction(i, &savsig[i], NULL);
+# else
+ signal(i, savsig[i]);
+# endif
+ }
+# endif
+}
+
+static void recsig(int i)
+{
+ intr_signal = i;
+}
+#endif
+
+/* Internal functions specific for Windows */
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+static int noecho_fgets(char *buf, int size, FILE *tty)
+{
+ int i;
+ char *p;
+
+ p = buf;
+ for (;;) {
+ if (size == 0) {
+ *p = '\0';
+ break;
+ }
+ size--;
+# ifdef WIN16TTY
+ i = _inchar();
+# elif defined(_WIN32)
+ i = _getch();
+# else
+ i = getch();
+# endif
+ if (i == '\r')
+ i = '\n';
+ *(p++) = i;
+ if (i == '\n') {
+ *p = '\0';
+ break;
+ }
+ }
+# ifdef WIN_CONSOLE_BUG
+ /*
+ * Win95 has several evil console bugs: one of these is that the last
+ * character read using getch() is passed to the next read: this is
+ * usually a CR so this can be trouble. No STDIO fix seems to work but
+ * flushing the console appears to do the trick.
+ */
+ {
+ HANDLE inh;
+ inh = GetStdHandle(STD_INPUT_HANDLE);
+ FlushConsoleInputBuffer(inh);
+ }
+# endif
+ return (strlen(buf));
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_util.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/ui/ui_util.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_util.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,91 +0,0 @@
-/* crypto/ui/ui_util.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include "ui_locl.h"
-
-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify)
- {
- char buff[BUFSIZ];
- int ret;
-
- ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
- OPENSSL_cleanse(buff,BUFSIZ);
- return(ret);
- }
-
-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
- {
- int ok = 0;
- UI *ui;
-
- if (size < 1)
- return -1;
-
- ui = UI_new();
- if (ui)
- {
- ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);
- if (ok >= 0 && verify)
- ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,
- buf);
- if (ok >= 0)
- ok=UI_process(ui);
- UI_free(ui);
- }
- if (ok > 0)
- ok = 0;
- return(ok);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_util.c (from rev 6976, vendor-crypto/openssl/dist/crypto/ui/ui_util.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_util.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/ui/ui_util.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,93 @@
+/* crypto/ui/ui_util.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include "ui_locl.h"
+
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+ int verify)
+{
+ char buff[BUFSIZ];
+ int ret;
+
+ ret =
+ UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length,
+ prompt, verify);
+ OPENSSL_cleanse(buff, BUFSIZ);
+ return (ret);
+}
+
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+ int verify)
+{
+ int ok = 0;
+ UI *ui;
+
+ if (size < 1)
+ return -1;
+
+ ui = UI_new();
+ if (ui) {
+ ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1);
+ if (ok >= 0 && verify)
+ ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf);
+ if (ok >= 0)
+ ok = UI_process(ui);
+ UI_free(ui);
+ }
+ if (ok > 0)
+ ok = 0;
+ return (ok);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/uid.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/uid.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/uid.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,89 +0,0 @@
-/* crypto/uid.c */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/crypto.h>
-#include <openssl/opensslconf.h>
-
-#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
-
-#include OPENSSL_UNISTD
-
-int OPENSSL_issetugid(void)
- {
- return issetugid();
- }
-
-#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
-
-int OPENSSL_issetugid(void)
- {
- return 0;
- }
-
-#else
-
-#include OPENSSL_UNISTD
-#include <sys/types.h>
-
-int OPENSSL_issetugid(void)
- {
- if (getuid() != geteuid()) return 1;
- if (getgid() != getegid()) return 1;
- return 0;
- }
-#endif
-
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/uid.c (from rev 6976, vendor-crypto/openssl/dist/crypto/uid.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/uid.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/uid.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,88 @@
+/* crypto/uid.c */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
+
+#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
+
+# include OPENSSL_UNISTD
+
+int OPENSSL_issetugid(void)
+{
+ return issetugid();
+}
+
+#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
+
+int OPENSSL_issetugid(void)
+{
+ return 0;
+}
+
+#else
+
+# include OPENSSL_UNISTD
+# include <sys/types.h>
+
+int OPENSSL_issetugid(void)
+{
+ if (getuid() != geteuid())
+ return 1;
+ if (getgid() != getegid())
+ return 1;
+ return 0;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/by_dir.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/by_dir.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/by_dir.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,385 +0,0 @@
-/* crypto/x509/by_dir.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-#ifdef MAC_OS_pre_X
-# include <stat.h>
-#else
-# include <sys/stat.h>
-#endif
-
-#include <openssl/lhash.h>
-#include <openssl/x509.h>
-
-#ifdef _WIN32
-#define stat _stat
-#endif
-
-typedef struct lookup_dir_st
- {
- BUF_MEM *buffer;
- int num_dirs;
- char **dirs;
- int *dirs_type;
- int num_dirs_alloced;
- } BY_DIR;
-
-static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
- char **ret);
-static int new_dir(X509_LOOKUP *lu);
-static void free_dir(X509_LOOKUP *lu);
-static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
-static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
- X509_OBJECT *ret);
-X509_LOOKUP_METHOD x509_dir_lookup=
- {
- "Load certs from files in a directory",
- new_dir, /* new */
- free_dir, /* free */
- NULL, /* init */
- NULL, /* shutdown */
- dir_ctrl, /* ctrl */
- get_cert_by_subject, /* get_by_subject */
- NULL, /* get_by_issuer_serial */
- NULL, /* get_by_fingerprint */
- NULL, /* get_by_alias */
- };
-
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
- {
- return(&x509_dir_lookup);
- }
-
-static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
- char **retp)
- {
- int ret=0;
- BY_DIR *ld;
- char *dir = NULL;
-
- ld=(BY_DIR *)ctx->method_data;
-
- switch (cmd)
- {
- case X509_L_ADD_DIR:
- if (argl == X509_FILETYPE_DEFAULT)
- {
- dir=(char *)Getenv(X509_get_default_cert_dir_env());
- if (dir)
- ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
- else
- ret=add_cert_dir(ld,X509_get_default_cert_dir(),
- X509_FILETYPE_PEM);
- if (!ret)
- {
- X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
- }
- }
- else
- ret=add_cert_dir(ld,argp,(int)argl);
- break;
- }
- return(ret);
- }
-
-static int new_dir(X509_LOOKUP *lu)
- {
- BY_DIR *a;
-
- if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
- return(0);
- if ((a->buffer=BUF_MEM_new()) == NULL)
- {
- OPENSSL_free(a);
- return(0);
- }
- a->num_dirs=0;
- a->dirs=NULL;
- a->dirs_type=NULL;
- a->num_dirs_alloced=0;
- lu->method_data=(char *)a;
- return(1);
- }
-
-static void free_dir(X509_LOOKUP *lu)
- {
- BY_DIR *a;
- int i;
-
- a=(BY_DIR *)lu->method_data;
- for (i=0; i<a->num_dirs; i++)
- if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
- if (a->dirs != NULL) OPENSSL_free(a->dirs);
- if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
- if (a->buffer != NULL) BUF_MEM_free(a->buffer);
- OPENSSL_free(a);
- }
-
-static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
- {
- int j,len;
- int *ip;
- const char *s,*ss,*p;
- char **pp;
-
- if (dir == NULL || !*dir)
- {
- X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
- return 0;
- }
-
- s=dir;
- p=s;
- for (;;p++)
- {
- if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
- {
- ss=s;
- s=p+1;
- len=(int)(p-ss);
- if (len == 0) continue;
- for (j=0; j<ctx->num_dirs; j++)
- if (strlen(ctx->dirs[j]) == (size_t)len &&
- strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
- break;
- if (j<ctx->num_dirs)
- continue;
- if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
- {
- ctx->num_dirs_alloced+=10;
- pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
- sizeof(char *));
- ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
- sizeof(int));
- if ((pp == NULL) || (ip == NULL))
- {
- X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
- sizeof(char *));
- memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
- sizeof(int));
- if (ctx->dirs != NULL)
- OPENSSL_free(ctx->dirs);
- if (ctx->dirs_type != NULL)
- OPENSSL_free(ctx->dirs_type);
- ctx->dirs=pp;
- ctx->dirs_type=ip;
- }
- ctx->dirs_type[ctx->num_dirs]=type;
- ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
- if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
- strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
- ctx->dirs[ctx->num_dirs][len]='\0';
- ctx->num_dirs++;
- }
- if (*p == '\0') break;
- }
- return(1);
- }
-
-static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
- X509_OBJECT *ret)
- {
- BY_DIR *ctx;
- union {
- struct {
- X509 st_x509;
- X509_CINF st_x509_cinf;
- } x509;
- struct {
- X509_CRL st_crl;
- X509_CRL_INFO st_crl_info;
- } crl;
- } data;
- int ok=0;
- int i,j,k;
- unsigned long h;
- BUF_MEM *b=NULL;
- struct stat st;
- X509_OBJECT stmp,*tmp;
- const char *postfix="";
-
- if (name == NULL) return(0);
-
- stmp.type=type;
- if (type == X509_LU_X509)
- {
- data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
- data.x509.st_x509_cinf.subject=name;
- stmp.data.x509= &data.x509.st_x509;
- postfix="";
- }
- else if (type == X509_LU_CRL)
- {
- data.crl.st_crl.crl= &data.crl.st_crl_info;
- data.crl.st_crl_info.issuer=name;
- stmp.data.crl= &data.crl.st_crl;
- postfix="r";
- }
- else
- {
- X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
- goto finish;
- }
-
- if ((b=BUF_MEM_new()) == NULL)
- {
- X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
- goto finish;
- }
-
- ctx=(BY_DIR *)xl->method_data;
-
- h=X509_NAME_hash(name);
- for (i=0; i<ctx->num_dirs; i++)
- {
- j=strlen(ctx->dirs[i])+1+8+6+1+1;
- if (!BUF_MEM_grow(b,j))
- {
- X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
- goto finish;
- }
- k=0;
- for (;;)
- {
- char c = '/';
-#ifdef OPENSSL_SYS_VMS
- c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
- if (c != ':' && c != '>' && c != ']')
- {
- /* If no separator is present, we assume the
- directory specifier is a logical name, and
- add a colon. We really should use better
- VMS routines for merging things like this,
- but this will do for now...
- -- Richard Levitte */
- c = ':';
- }
- else
- {
- c = '\0';
- }
-#endif
- if (c == '\0')
- {
- /* This is special. When c == '\0', no
- directory separator should be added. */
- BIO_snprintf(b->data,b->max,
- "%s%08lx.%s%d",ctx->dirs[i],h,
- postfix,k);
- }
- else
- {
- BIO_snprintf(b->data,b->max,
- "%s%c%08lx.%s%d",ctx->dirs[i],c,h,
- postfix,k);
- }
- k++;
- if (stat(b->data,&st) < 0)
- break;
- /* found one. */
- if (type == X509_LU_X509)
- {
- if ((X509_load_cert_file(xl,b->data,
- ctx->dirs_type[i])) == 0)
- break;
- }
- else if (type == X509_LU_CRL)
- {
- if ((X509_load_crl_file(xl,b->data,
- ctx->dirs_type[i])) == 0)
- break;
- }
- /* else case will caught higher up */
- }
-
- /* we have added it to the cache so now pull
- * it out again */
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
- j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
- if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
- else tmp = NULL;
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
- if (tmp != NULL)
- {
- ok=1;
- ret->type=tmp->type;
- memcpy(&ret->data,&tmp->data,sizeof(ret->data));
- /* If we were going to up the reference count,
- * we would need to do it on a perl 'type'
- * basis */
- /* CRYPTO_add(&tmp->data.x509->references,1,
- CRYPTO_LOCK_X509);*/
- goto finish;
- }
- }
-finish:
- if (b != NULL) BUF_MEM_free(b);
- return(ok);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/by_dir.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/by_dir.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/by_dir.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/by_dir.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,368 @@
+/* crypto/x509/by_dir.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef MAC_OS_pre_X
+# include <stat.h>
+#else
+# include <sys/stat.h>
+#endif
+
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+
+#ifdef _WIN32
+# define stat _stat
+#endif
+
+typedef struct lookup_dir_st {
+ BUF_MEM *buffer;
+ int num_dirs;
+ char **dirs;
+ int *dirs_type;
+ int num_dirs_alloced;
+} BY_DIR;
+
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+ char **ret);
+static int new_dir(X509_LOOKUP *lu);
+static void free_dir(X509_LOOKUP *lu);
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type);
+static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
+ X509_OBJECT *ret);
+X509_LOOKUP_METHOD x509_dir_lookup = {
+ "Load certs from files in a directory",
+ new_dir, /* new */
+ free_dir, /* free */
+ NULL, /* init */
+ NULL, /* shutdown */
+ dir_ctrl, /* ctrl */
+ get_cert_by_subject, /* get_by_subject */
+ NULL, /* get_by_issuer_serial */
+ NULL, /* get_by_fingerprint */
+ NULL, /* get_by_alias */
+};
+
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
+{
+ return (&x509_dir_lookup);
+}
+
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+ char **retp)
+{
+ int ret = 0;
+ BY_DIR *ld;
+ char *dir = NULL;
+
+ ld = (BY_DIR *)ctx->method_data;
+
+ switch (cmd) {
+ case X509_L_ADD_DIR:
+ if (argl == X509_FILETYPE_DEFAULT) {
+ dir = (char *)Getenv(X509_get_default_cert_dir_env());
+ if (dir)
+ ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
+ else
+ ret = add_cert_dir(ld, X509_get_default_cert_dir(),
+ X509_FILETYPE_PEM);
+ if (!ret) {
+ X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR);
+ }
+ } else
+ ret = add_cert_dir(ld, argp, (int)argl);
+ break;
+ }
+ return (ret);
+}
+
+static int new_dir(X509_LOOKUP *lu)
+{
+ BY_DIR *a;
+
+ if ((a = (BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
+ return (0);
+ if ((a->buffer = BUF_MEM_new()) == NULL) {
+ OPENSSL_free(a);
+ return (0);
+ }
+ a->num_dirs = 0;
+ a->dirs = NULL;
+ a->dirs_type = NULL;
+ a->num_dirs_alloced = 0;
+ lu->method_data = (char *)a;
+ return (1);
+}
+
+static void free_dir(X509_LOOKUP *lu)
+{
+ BY_DIR *a;
+ int i;
+
+ a = (BY_DIR *)lu->method_data;
+ for (i = 0; i < a->num_dirs; i++)
+ if (a->dirs[i] != NULL)
+ OPENSSL_free(a->dirs[i]);
+ if (a->dirs != NULL)
+ OPENSSL_free(a->dirs);
+ if (a->dirs_type != NULL)
+ OPENSSL_free(a->dirs_type);
+ if (a->buffer != NULL)
+ BUF_MEM_free(a->buffer);
+ OPENSSL_free(a);
+}
+
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
+{
+ int j, len;
+ int *ip;
+ const char *s, *ss, *p;
+ char **pp;
+
+ if (dir == NULL || !*dir) {
+ X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY);
+ return 0;
+ }
+
+ s = dir;
+ p = s;
+ for (;; p++) {
+ if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) {
+ ss = s;
+ s = p + 1;
+ len = (int)(p - ss);
+ if (len == 0)
+ continue;
+ for (j = 0; j < ctx->num_dirs; j++)
+ if (strlen(ctx->dirs[j]) == (size_t)len &&
+ strncmp(ctx->dirs[j], ss, (unsigned int)len) == 0)
+ break;
+ if (j < ctx->num_dirs)
+ continue;
+ if (ctx->num_dirs_alloced < (ctx->num_dirs + 1)) {
+ ctx->num_dirs_alloced += 10;
+ pp = (char **)OPENSSL_malloc(ctx->num_dirs_alloced *
+ sizeof(char *));
+ ip = (int *)OPENSSL_malloc(ctx->num_dirs_alloced *
+ sizeof(int));
+ if ((pp == NULL) || (ip == NULL)) {
+ X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ memcpy(pp, ctx->dirs, (ctx->num_dirs_alloced - 10) *
+ sizeof(char *));
+ memcpy(ip, ctx->dirs_type, (ctx->num_dirs_alloced - 10) *
+ sizeof(int));
+ if (ctx->dirs != NULL)
+ OPENSSL_free(ctx->dirs);
+ if (ctx->dirs_type != NULL)
+ OPENSSL_free(ctx->dirs_type);
+ ctx->dirs = pp;
+ ctx->dirs_type = ip;
+ }
+ ctx->dirs_type[ctx->num_dirs] = type;
+ ctx->dirs[ctx->num_dirs] =
+ (char *)OPENSSL_malloc((unsigned int)len + 1);
+ if (ctx->dirs[ctx->num_dirs] == NULL)
+ return (0);
+ strncpy(ctx->dirs[ctx->num_dirs], ss, (unsigned int)len);
+ ctx->dirs[ctx->num_dirs][len] = '\0';
+ ctx->num_dirs++;
+ }
+ if (*p == '\0')
+ break;
+ }
+ return (1);
+}
+
+static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
+ X509_OBJECT *ret)
+{
+ BY_DIR *ctx;
+ union {
+ struct {
+ X509 st_x509;
+ X509_CINF st_x509_cinf;
+ } x509;
+ struct {
+ X509_CRL st_crl;
+ X509_CRL_INFO st_crl_info;
+ } crl;
+ } data;
+ int ok = 0;
+ int i, j, k;
+ unsigned long h;
+ BUF_MEM *b = NULL;
+ struct stat st;
+ X509_OBJECT stmp, *tmp;
+ const char *postfix = "";
+
+ if (name == NULL)
+ return (0);
+
+ stmp.type = type;
+ if (type == X509_LU_X509) {
+ data.x509.st_x509.cert_info = &data.x509.st_x509_cinf;
+ data.x509.st_x509_cinf.subject = name;
+ stmp.data.x509 = &data.x509.st_x509;
+ postfix = "";
+ } else if (type == X509_LU_CRL) {
+ data.crl.st_crl.crl = &data.crl.st_crl_info;
+ data.crl.st_crl_info.issuer = name;
+ stmp.data.crl = &data.crl.st_crl;
+ postfix = "r";
+ } else {
+ X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE);
+ goto finish;
+ }
+
+ if ((b = BUF_MEM_new()) == NULL) {
+ X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB);
+ goto finish;
+ }
+
+ ctx = (BY_DIR *)xl->method_data;
+
+ h = X509_NAME_hash(name);
+ for (i = 0; i < ctx->num_dirs; i++) {
+ j = strlen(ctx->dirs[i]) + 1 + 8 + 6 + 1 + 1;
+ if (!BUF_MEM_grow(b, j)) {
+ X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+ goto finish;
+ }
+ k = 0;
+ for (;;) {
+ char c = '/';
+#ifdef OPENSSL_SYS_VMS
+ c = ctx->dirs[i][strlen(ctx->dirs[i]) - 1];
+ if (c != ':' && c != '>' && c != ']') {
+ /*
+ * If no separator is present, we assume the directory
+ * specifier is a logical name, and add a colon. We really
+ * should use better VMS routines for merging things like
+ * this, but this will do for now... -- Richard Levitte
+ */
+ c = ':';
+ } else {
+ c = '\0';
+ }
+#endif
+ if (c == '\0') {
+ /*
+ * This is special. When c == '\0', no directory separator
+ * should be added.
+ */
+ BIO_snprintf(b->data, b->max,
+ "%s%08lx.%s%d", ctx->dirs[i], h, postfix, k);
+ } else {
+ BIO_snprintf(b->data, b->max,
+ "%s%c%08lx.%s%d", ctx->dirs[i], c, h,
+ postfix, k);
+ }
+ k++;
+ if (stat(b->data, &st) < 0)
+ break;
+ /* found one. */
+ if (type == X509_LU_X509) {
+ if ((X509_load_cert_file(xl, b->data,
+ ctx->dirs_type[i])) == 0)
+ break;
+ } else if (type == X509_LU_CRL) {
+ if ((X509_load_crl_file(xl, b->data, ctx->dirs_type[i])) == 0)
+ break;
+ }
+ /* else case will caught higher up */
+ }
+
+ /*
+ * we have added it to the cache so now pull it out again
+ */
+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
+ if (j != -1)
+ tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
+ else
+ tmp = NULL;
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+ if (tmp != NULL) {
+ ok = 1;
+ ret->type = tmp->type;
+ memcpy(&ret->data, &tmp->data, sizeof(ret->data));
+ /*
+ * If we were going to up the reference count, we would need to
+ * do it on a perl 'type' basis
+ */
+ /*- CRYPTO_add(&tmp->data.x509->references,1,
+ CRYPTO_LOCK_X509);*/
+ goto finish;
+ }
+ }
+ finish:
+ if (b != NULL)
+ BUF_MEM_free(b);
+ return (ok);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/by_file.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/by_file.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/by_file.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,300 +0,0 @@
-/* crypto/x509/by_file.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#ifndef OPENSSL_NO_STDIO
-
-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
- long argl, char **ret);
-X509_LOOKUP_METHOD x509_file_lookup=
- {
- "Load file into cache",
- NULL, /* new */
- NULL, /* free */
- NULL, /* init */
- NULL, /* shutdown */
- by_file_ctrl, /* ctrl */
- NULL, /* get_by_subject */
- NULL, /* get_by_issuer_serial */
- NULL, /* get_by_fingerprint */
- NULL, /* get_by_alias */
- };
-
-X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
- {
- return(&x509_file_lookup);
- }
-
-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
- char **ret)
- {
- int ok=0;
- char *file;
-
- switch (cmd)
- {
- case X509_L_FILE_LOAD:
- if (argl == X509_FILETYPE_DEFAULT)
- {
- file = (char *)Getenv(X509_get_default_cert_file_env());
- if (file)
- ok = (X509_load_cert_crl_file(ctx,file,
- X509_FILETYPE_PEM) != 0);
-
- else
- ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
- X509_FILETYPE_PEM) != 0);
-
- if (!ok)
- {
- X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
- }
- }
- else
- {
- if(argl == X509_FILETYPE_PEM)
- ok = (X509_load_cert_crl_file(ctx,argp,
- X509_FILETYPE_PEM) != 0);
- else
- ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
- }
- break;
- }
- return(ok);
- }
-
-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
- {
- int ret=0;
- BIO *in=NULL;
- int i,count=0;
- X509 *x=NULL;
-
- if (file == NULL) return(1);
- in=BIO_new(BIO_s_file_internal());
-
- if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
- {
- X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
- goto err;
- }
-
- if (type == X509_FILETYPE_PEM)
- {
- for (;;)
- {
- x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
- if (x == NULL)
- {
- if ((ERR_GET_REASON(ERR_peek_last_error()) ==
- PEM_R_NO_START_LINE) && (count > 0))
- {
- ERR_clear_error();
- break;
- }
- else
- {
- X509err(X509_F_X509_LOAD_CERT_FILE,
- ERR_R_PEM_LIB);
- goto err;
- }
- }
- i=X509_STORE_add_cert(ctx->store_ctx,x);
- if (!i) goto err;
- count++;
- X509_free(x);
- x=NULL;
- }
- ret=count;
- }
- else if (type == X509_FILETYPE_ASN1)
- {
- x=d2i_X509_bio(in,NULL);
- if (x == NULL)
- {
- X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
- goto err;
- }
- i=X509_STORE_add_cert(ctx->store_ctx,x);
- if (!i) goto err;
- ret=i;
- }
- else
- {
- X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
- goto err;
- }
-err:
- if (x != NULL) X509_free(x);
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-
-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
- {
- int ret=0;
- BIO *in=NULL;
- int i,count=0;
- X509_CRL *x=NULL;
-
- if (file == NULL) return(1);
- in=BIO_new(BIO_s_file_internal());
-
- if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
- {
- X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
- goto err;
- }
-
- if (type == X509_FILETYPE_PEM)
- {
- for (;;)
- {
- x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
- if (x == NULL)
- {
- if ((ERR_GET_REASON(ERR_peek_last_error()) ==
- PEM_R_NO_START_LINE) && (count > 0))
- {
- ERR_clear_error();
- break;
- }
- else
- {
- X509err(X509_F_X509_LOAD_CRL_FILE,
- ERR_R_PEM_LIB);
- goto err;
- }
- }
- i=X509_STORE_add_crl(ctx->store_ctx,x);
- if (!i) goto err;
- count++;
- X509_CRL_free(x);
- x=NULL;
- }
- ret=count;
- }
- else if (type == X509_FILETYPE_ASN1)
- {
- x=d2i_X509_CRL_bio(in,NULL);
- if (x == NULL)
- {
- X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
- goto err;
- }
- i=X509_STORE_add_crl(ctx->store_ctx,x);
- if (!i) goto err;
- ret=i;
- }
- else
- {
- X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
- goto err;
- }
-err:
- if (x != NULL) X509_CRL_free(x);
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-
-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
-{
- STACK_OF(X509_INFO) *inf;
- X509_INFO *itmp;
- BIO *in;
- int i, count = 0;
- if(type != X509_FILETYPE_PEM)
- return X509_load_cert_file(ctx, file, type);
- in = BIO_new_file(file, "r");
- if(!in) {
- X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
- return 0;
- }
- inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
- BIO_free(in);
- if(!inf) {
- X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
- return 0;
- }
- for(i = 0; i < sk_X509_INFO_num(inf); i++) {
- itmp = sk_X509_INFO_value(inf, i);
- if(itmp->x509) {
- X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
- count++;
- }
- if(itmp->crl) {
- X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
- count++;
- }
- }
- sk_X509_INFO_pop_free(inf, X509_INFO_free);
- return count;
-}
-
-
-#endif /* OPENSSL_NO_STDIO */
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/by_file.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/by_file.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/by_file.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/by_file.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,277 @@
+/* crypto/x509/by_file.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#ifndef OPENSSL_NO_STDIO
+
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+ long argl, char **ret);
+X509_LOOKUP_METHOD x509_file_lookup = {
+ "Load file into cache",
+ NULL, /* new */
+ NULL, /* free */
+ NULL, /* init */
+ NULL, /* shutdown */
+ by_file_ctrl, /* ctrl */
+ NULL, /* get_by_subject */
+ NULL, /* get_by_issuer_serial */
+ NULL, /* get_by_fingerprint */
+ NULL, /* get_by_alias */
+};
+
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
+{
+ return (&x509_file_lookup);
+}
+
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
+ long argl, char **ret)
+{
+ int ok = 0;
+ char *file;
+
+ switch (cmd) {
+ case X509_L_FILE_LOAD:
+ if (argl == X509_FILETYPE_DEFAULT) {
+ file = (char *)Getenv(X509_get_default_cert_file_env());
+ if (file)
+ ok = (X509_load_cert_crl_file(ctx, file,
+ X509_FILETYPE_PEM) != 0);
+
+ else
+ ok = (X509_load_cert_crl_file
+ (ctx, X509_get_default_cert_file(),
+ X509_FILETYPE_PEM) != 0);
+
+ if (!ok) {
+ X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS);
+ }
+ } else {
+ if (argl == X509_FILETYPE_PEM)
+ ok = (X509_load_cert_crl_file(ctx, argp,
+ X509_FILETYPE_PEM) != 0);
+ else
+ ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0);
+ }
+ break;
+ }
+ return (ok);
+}
+
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+ int ret = 0;
+ BIO *in = NULL;
+ int i, count = 0;
+ X509 *x = NULL;
+
+ if (file == NULL)
+ return (1);
+ in = BIO_new(BIO_s_file_internal());
+
+ if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
+ X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB);
+ goto err;
+ }
+
+ if (type == X509_FILETYPE_PEM) {
+ for (;;) {
+ x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
+ if (x == NULL) {
+ if ((ERR_GET_REASON(ERR_peek_last_error()) ==
+ PEM_R_NO_START_LINE) && (count > 0)) {
+ ERR_clear_error();
+ break;
+ } else {
+ X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB);
+ goto err;
+ }
+ }
+ i = X509_STORE_add_cert(ctx->store_ctx, x);
+ if (!i)
+ goto err;
+ count++;
+ X509_free(x);
+ x = NULL;
+ }
+ ret = count;
+ } else if (type == X509_FILETYPE_ASN1) {
+ x = d2i_X509_bio(in, NULL);
+ if (x == NULL) {
+ X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ i = X509_STORE_add_cert(ctx->store_ctx, x);
+ if (!i)
+ goto err;
+ ret = i;
+ } else {
+ X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);
+ goto err;
+ }
+ err:
+ if (x != NULL)
+ X509_free(x);
+ if (in != NULL)
+ BIO_free(in);
+ return (ret);
+}
+
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+ int ret = 0;
+ BIO *in = NULL;
+ int i, count = 0;
+ X509_CRL *x = NULL;
+
+ if (file == NULL)
+ return (1);
+ in = BIO_new(BIO_s_file_internal());
+
+ if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
+ X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB);
+ goto err;
+ }
+
+ if (type == X509_FILETYPE_PEM) {
+ for (;;) {
+ x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
+ if (x == NULL) {
+ if ((ERR_GET_REASON(ERR_peek_last_error()) ==
+ PEM_R_NO_START_LINE) && (count > 0)) {
+ ERR_clear_error();
+ break;
+ } else {
+ X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_PEM_LIB);
+ goto err;
+ }
+ }
+ i = X509_STORE_add_crl(ctx->store_ctx, x);
+ if (!i)
+ goto err;
+ count++;
+ X509_CRL_free(x);
+ x = NULL;
+ }
+ ret = count;
+ } else if (type == X509_FILETYPE_ASN1) {
+ x = d2i_X509_CRL_bio(in, NULL);
+ if (x == NULL) {
+ X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ i = X509_STORE_add_crl(ctx->store_ctx, x);
+ if (!i)
+ goto err;
+ ret = i;
+ } else {
+ X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE);
+ goto err;
+ }
+ err:
+ if (x != NULL)
+ X509_CRL_free(x);
+ if (in != NULL)
+ BIO_free(in);
+ return (ret);
+}
+
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+ STACK_OF(X509_INFO) *inf;
+ X509_INFO *itmp;
+ BIO *in;
+ int i, count = 0;
+ if (type != X509_FILETYPE_PEM)
+ return X509_load_cert_file(ctx, file, type);
+ in = BIO_new_file(file, "r");
+ if (!in) {
+ X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
+ return 0;
+ }
+ inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+ BIO_free(in);
+ if (!inf) {
+ X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);
+ return 0;
+ }
+ for (i = 0; i < sk_X509_INFO_num(inf); i++) {
+ itmp = sk_X509_INFO_value(inf, i);
+ if (itmp->x509) {
+ X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
+ count++;
+ }
+ if (itmp->crl) {
+ X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
+ count++;
+ }
+ }
+ sk_X509_INFO_pop_free(inf, X509_INFO_free);
+ return count;
+}
+
+#endif /* OPENSSL_NO_STDIO */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1357 +0,0 @@
-/* crypto/x509/x509.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_X509_H
-#define HEADER_X509_H
-
-#include <openssl/e_os2.h>
-#include <openssl/symhacks.h>
-#ifndef OPENSSL_NO_BUFFER
-#include <openssl/buffer.h>
-#endif
-#ifndef OPENSSL_NO_EVP
-#include <openssl/evp.h>
-#endif
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#include <openssl/stack.h>
-#include <openssl/asn1.h>
-#include <openssl/safestack.h>
-
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-
-#ifndef OPENSSL_NO_DEPRECATED
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#endif
-
-#ifndef OPENSSL_NO_SHA
-#include <openssl/sha.h>
-#endif
-#include <openssl/ossl_typ.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
-#undef X509_NAME
-#undef X509_CERT_PAIR
-#undef X509_EXTENSIONS
-#endif
-
-#define X509_FILETYPE_PEM 1
-#define X509_FILETYPE_ASN1 2
-#define X509_FILETYPE_DEFAULT 3
-
-#define X509v3_KU_DIGITAL_SIGNATURE 0x0080
-#define X509v3_KU_NON_REPUDIATION 0x0040
-#define X509v3_KU_KEY_ENCIPHERMENT 0x0020
-#define X509v3_KU_DATA_ENCIPHERMENT 0x0010
-#define X509v3_KU_KEY_AGREEMENT 0x0008
-#define X509v3_KU_KEY_CERT_SIGN 0x0004
-#define X509v3_KU_CRL_SIGN 0x0002
-#define X509v3_KU_ENCIPHER_ONLY 0x0001
-#define X509v3_KU_DECIPHER_ONLY 0x8000
-#define X509v3_KU_UNDEF 0xffff
-
-typedef struct X509_objects_st
- {
- int nid;
- int (*a2i)(void);
- int (*i2a)(void);
- } X509_OBJECTS;
-
-struct X509_algor_st
- {
- ASN1_OBJECT *algorithm;
- ASN1_TYPE *parameter;
- } /* X509_ALGOR */;
-
-DECLARE_ASN1_SET_OF(X509_ALGOR)
-
-typedef STACK_OF(X509_ALGOR) X509_ALGORS;
-
-typedef struct X509_val_st
- {
- ASN1_TIME *notBefore;
- ASN1_TIME *notAfter;
- } X509_VAL;
-
-typedef struct X509_pubkey_st
- {
- X509_ALGOR *algor;
- ASN1_BIT_STRING *public_key;
- EVP_PKEY *pkey;
- } X509_PUBKEY;
-
-typedef struct X509_sig_st
- {
- X509_ALGOR *algor;
- ASN1_OCTET_STRING *digest;
- } X509_SIG;
-
-typedef struct X509_name_entry_st
- {
- ASN1_OBJECT *object;
- ASN1_STRING *value;
- int set;
- int size; /* temp variable */
- } X509_NAME_ENTRY;
-
-DECLARE_STACK_OF(X509_NAME_ENTRY)
-DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
-
-/* we always keep X509_NAMEs in 2 forms. */
-struct X509_name_st
- {
- STACK_OF(X509_NAME_ENTRY) *entries;
- int modified; /* true if 'bytes' needs to be built */
-#ifndef OPENSSL_NO_BUFFER
- BUF_MEM *bytes;
-#else
- char *bytes;
-#endif
- unsigned long hash; /* Keep the hash around for lookups */
- } /* X509_NAME */;
-
-DECLARE_STACK_OF(X509_NAME)
-
-#define X509_EX_V_NETSCAPE_HACK 0x8000
-#define X509_EX_V_INIT 0x0001
-typedef struct X509_extension_st
- {
- ASN1_OBJECT *object;
- ASN1_BOOLEAN critical;
- ASN1_OCTET_STRING *value;
- } X509_EXTENSION;
-
-typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
-
-DECLARE_STACK_OF(X509_EXTENSION)
-DECLARE_ASN1_SET_OF(X509_EXTENSION)
-
-/* a sequence of these are used */
-typedef struct x509_attributes_st
- {
- ASN1_OBJECT *object;
- int single; /* 0 for a set, 1 for a single item (which is wrong) */
- union {
- char *ptr;
-/* 0 */ STACK_OF(ASN1_TYPE) *set;
-/* 1 */ ASN1_TYPE *single;
- } value;
- } X509_ATTRIBUTE;
-
-DECLARE_STACK_OF(X509_ATTRIBUTE)
-DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
-
-
-typedef struct X509_req_info_st
- {
- ASN1_ENCODING enc;
- ASN1_INTEGER *version;
- X509_NAME *subject;
- X509_PUBKEY *pubkey;
- /* d=2 hl=2 l= 0 cons: cont: 00 */
- STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
- } X509_REQ_INFO;
-
-typedef struct X509_req_st
- {
- X509_REQ_INFO *req_info;
- X509_ALGOR *sig_alg;
- ASN1_BIT_STRING *signature;
- int references;
- } X509_REQ;
-
-typedef struct x509_cinf_st
- {
- ASN1_INTEGER *version; /* [ 0 ] default of v1 */
- ASN1_INTEGER *serialNumber;
- X509_ALGOR *signature;
- X509_NAME *issuer;
- X509_VAL *validity;
- X509_NAME *subject;
- X509_PUBKEY *key;
- ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
- ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
- STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
- ASN1_ENCODING enc;
- } X509_CINF;
-
-/* This stuff is certificate "auxiliary info"
- * it contains details which are useful in certificate
- * stores and databases. When used this is tagged onto
- * the end of the certificate itself
- */
-
-typedef struct x509_cert_aux_st
- {
- STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
- STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
- ASN1_UTF8STRING *alias; /* "friendly name" */
- ASN1_OCTET_STRING *keyid; /* key id of private key */
- STACK_OF(X509_ALGOR) *other; /* other unspecified info */
- } X509_CERT_AUX;
-
-struct x509_st
- {
- X509_CINF *cert_info;
- X509_ALGOR *sig_alg;
- ASN1_BIT_STRING *signature;
- int valid;
- int references;
- char *name;
- CRYPTO_EX_DATA ex_data;
- /* These contain copies of various extension values */
- long ex_pathlen;
- long ex_pcpathlen;
- unsigned long ex_flags;
- unsigned long ex_kusage;
- unsigned long ex_xkusage;
- unsigned long ex_nscert;
- ASN1_OCTET_STRING *skid;
- struct AUTHORITY_KEYID_st *akid;
- X509_POLICY_CACHE *policy_cache;
-#ifndef OPENSSL_NO_RFC3779
- STACK_OF(IPAddressFamily) *rfc3779_addr;
- struct ASIdentifiers_st *rfc3779_asid;
-#endif
-#ifndef OPENSSL_NO_SHA
- unsigned char sha1_hash[SHA_DIGEST_LENGTH];
-#endif
- X509_CERT_AUX *aux;
- } /* X509 */;
-
-DECLARE_STACK_OF(X509)
-DECLARE_ASN1_SET_OF(X509)
-
-/* This is used for a table of trust checking functions */
-
-typedef struct x509_trust_st {
- int trust;
- int flags;
- int (*check_trust)(struct x509_trust_st *, X509 *, int);
- char *name;
- int arg1;
- void *arg2;
-} X509_TRUST;
-
-DECLARE_STACK_OF(X509_TRUST)
-
-typedef struct x509_cert_pair_st {
- X509 *forward;
- X509 *reverse;
-} X509_CERT_PAIR;
-
-/* standard trust ids */
-
-#define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */
-
-#define X509_TRUST_COMPAT 1
-#define X509_TRUST_SSL_CLIENT 2
-#define X509_TRUST_SSL_SERVER 3
-#define X509_TRUST_EMAIL 4
-#define X509_TRUST_OBJECT_SIGN 5
-#define X509_TRUST_OCSP_SIGN 6
-#define X509_TRUST_OCSP_REQUEST 7
-
-/* Keep these up to date! */
-#define X509_TRUST_MIN 1
-#define X509_TRUST_MAX 7
-
-
-/* trust_flags values */
-#define X509_TRUST_DYNAMIC 1
-#define X509_TRUST_DYNAMIC_NAME 2
-
-/* check_trust return codes */
-
-#define X509_TRUST_TRUSTED 1
-#define X509_TRUST_REJECTED 2
-#define X509_TRUST_UNTRUSTED 3
-
-/* Flags for X509_print_ex() */
-
-#define X509_FLAG_COMPAT 0
-#define X509_FLAG_NO_HEADER 1L
-#define X509_FLAG_NO_VERSION (1L << 1)
-#define X509_FLAG_NO_SERIAL (1L << 2)
-#define X509_FLAG_NO_SIGNAME (1L << 3)
-#define X509_FLAG_NO_ISSUER (1L << 4)
-#define X509_FLAG_NO_VALIDITY (1L << 5)
-#define X509_FLAG_NO_SUBJECT (1L << 6)
-#define X509_FLAG_NO_PUBKEY (1L << 7)
-#define X509_FLAG_NO_EXTENSIONS (1L << 8)
-#define X509_FLAG_NO_SIGDUMP (1L << 9)
-#define X509_FLAG_NO_AUX (1L << 10)
-#define X509_FLAG_NO_ATTRIBUTES (1L << 11)
-
-/* Flags specific to X509_NAME_print_ex() */
-
-/* The field separator information */
-
-#define XN_FLAG_SEP_MASK (0xf << 16)
-
-#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */
-#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */
-#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */
-#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */
-#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */
-
-#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */
-
-/* How the field name is shown */
-
-#define XN_FLAG_FN_MASK (0x3 << 21)
-
-#define XN_FLAG_FN_SN 0 /* Object short name */
-#define XN_FLAG_FN_LN (1 << 21) /* Object long name */
-#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */
-#define XN_FLAG_FN_NONE (3 << 21) /* No field names */
-
-#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */
-
-/* This determines if we dump fields we don't recognise:
- * RFC2253 requires this.
- */
-
-#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
-
-#define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 characters */
-
-/* Complete set of RFC2253 flags */
-
-#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
- XN_FLAG_SEP_COMMA_PLUS | \
- XN_FLAG_DN_REV | \
- XN_FLAG_FN_SN | \
- XN_FLAG_DUMP_UNKNOWN_FIELDS)
-
-/* readable oneline form */
-
-#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
- ASN1_STRFLGS_ESC_QUOTE | \
- XN_FLAG_SEP_CPLUS_SPC | \
- XN_FLAG_SPC_EQ | \
- XN_FLAG_FN_SN)
-
-/* readable multiline form */
-
-#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
- ASN1_STRFLGS_ESC_MSB | \
- XN_FLAG_SEP_MULTILINE | \
- XN_FLAG_SPC_EQ | \
- XN_FLAG_FN_LN | \
- XN_FLAG_FN_ALIGN)
-
-typedef struct X509_revoked_st
- {
- ASN1_INTEGER *serialNumber;
- ASN1_TIME *revocationDate;
- STACK_OF(X509_EXTENSION) /* optional */ *extensions;
- int sequence; /* load sequence */
- } X509_REVOKED;
-
-DECLARE_STACK_OF(X509_REVOKED)
-DECLARE_ASN1_SET_OF(X509_REVOKED)
-
-typedef struct X509_crl_info_st
- {
- ASN1_INTEGER *version;
- X509_ALGOR *sig_alg;
- X509_NAME *issuer;
- ASN1_TIME *lastUpdate;
- ASN1_TIME *nextUpdate;
- STACK_OF(X509_REVOKED) *revoked;
- STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
- ASN1_ENCODING enc;
- } X509_CRL_INFO;
-
-struct X509_crl_st
- {
- /* actual signature */
- X509_CRL_INFO *crl;
- X509_ALGOR *sig_alg;
- ASN1_BIT_STRING *signature;
- int references;
- } /* X509_CRL */;
-
-DECLARE_STACK_OF(X509_CRL)
-DECLARE_ASN1_SET_OF(X509_CRL)
-
-typedef struct private_key_st
- {
- int version;
- /* The PKCS#8 data types */
- X509_ALGOR *enc_algor;
- ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
-
- /* When decrypted, the following will not be NULL */
- EVP_PKEY *dec_pkey;
-
- /* used to encrypt and decrypt */
- int key_length;
- char *key_data;
- int key_free; /* true if we should auto free key_data */
-
- /* expanded version of 'enc_algor' */
- EVP_CIPHER_INFO cipher;
-
- int references;
- } X509_PKEY;
-
-#ifndef OPENSSL_NO_EVP
-typedef struct X509_info_st
- {
- X509 *x509;
- X509_CRL *crl;
- X509_PKEY *x_pkey;
-
- EVP_CIPHER_INFO enc_cipher;
- int enc_len;
- char *enc_data;
-
- int references;
- } X509_INFO;
-
-DECLARE_STACK_OF(X509_INFO)
-#endif
-
-/* The next 2 structures and their 8 routines were sent to me by
- * Pat Richard <patr at x509.com> and are used to manipulate
- * Netscapes spki structures - useful if you are writing a CA web page
- */
-typedef struct Netscape_spkac_st
- {
- X509_PUBKEY *pubkey;
- ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
- } NETSCAPE_SPKAC;
-
-typedef struct Netscape_spki_st
- {
- NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
- X509_ALGOR *sig_algor;
- ASN1_BIT_STRING *signature;
- } NETSCAPE_SPKI;
-
-/* Netscape certificate sequence structure */
-typedef struct Netscape_certificate_sequence
- {
- ASN1_OBJECT *type;
- STACK_OF(X509) *certs;
- } NETSCAPE_CERT_SEQUENCE;
-
-/* Unused (and iv length is wrong)
-typedef struct CBCParameter_st
- {
- unsigned char iv[8];
- } CBC_PARAM;
-*/
-
-/* Password based encryption structure */
-
-typedef struct PBEPARAM_st {
-ASN1_OCTET_STRING *salt;
-ASN1_INTEGER *iter;
-} PBEPARAM;
-
-/* Password based encryption V2 structures */
-
-typedef struct PBE2PARAM_st {
-X509_ALGOR *keyfunc;
-X509_ALGOR *encryption;
-} PBE2PARAM;
-
-typedef struct PBKDF2PARAM_st {
-ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */
-ASN1_INTEGER *iter;
-ASN1_INTEGER *keylength;
-X509_ALGOR *prf;
-} PBKDF2PARAM;
-
-
-/* PKCS#8 private key info structure */
-
-typedef struct pkcs8_priv_key_info_st
- {
- int broken; /* Flag for various broken formats */
-#define PKCS8_OK 0
-#define PKCS8_NO_OCTET 1
-#define PKCS8_EMBEDDED_PARAM 2
-#define PKCS8_NS_DB 3
- ASN1_INTEGER *version;
- X509_ALGOR *pkeyalg;
- ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
- STACK_OF(X509_ATTRIBUTE) *attributes;
- } PKCS8_PRIV_KEY_INFO;
-
-#ifdef __cplusplus
-}
-#endif
-
-#include <openssl/x509_vfy.h>
-#include <openssl/pkcs7.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifdef SSLEAY_MACROS
-#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
- a->signature,(char *)a->cert_info,r)
-#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
- a->sig_alg,a->signature,(char *)a->req_info,r)
-#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
- a->sig_alg, a->signature,(char *)a->crl,r)
-
-#define X509_sign(x,pkey,md) \
- ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
- x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
-#define X509_REQ_sign(x,pkey,md) \
- ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
- x->signature, (char *)x->req_info,pkey,md)
-#define X509_CRL_sign(x,pkey,md) \
- ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
- x->signature, (char *)x->crl,pkey,md)
-#define NETSCAPE_SPKI_sign(x,pkey,md) \
- ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
- x->signature, (char *)x->spkac,pkey,md)
-
-#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
- (char *(*)())d2i_X509,(char *)x509)
-#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
- (int (*)())i2d_X509_ATTRIBUTE, \
- (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
-#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
- (int (*)())i2d_X509_EXTENSION, \
- (char *(*)())d2i_X509_EXTENSION,(char *)ex)
-#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
- (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
-#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
-#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
- (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
-#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
-
-#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
- (char *(*)())d2i_X509_CRL,(char *)crl)
-#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
- X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
- (unsigned char **)(crl))
-#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
- (unsigned char *)crl)
-#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
- X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
- (unsigned char **)(crl))
-#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
- (unsigned char *)crl)
-
-#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
- (char *(*)())d2i_PKCS7,(char *)p7)
-#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
- PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
- (unsigned char **)(p7))
-#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
- (unsigned char *)p7)
-#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
- PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
- (unsigned char **)(p7))
-#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
- (unsigned char *)p7)
-
-#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
- (char *(*)())d2i_X509_REQ,(char *)req)
-#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
- X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
- (unsigned char **)(req))
-#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
- (unsigned char *)req)
-#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
- X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
- (unsigned char **)(req))
-#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
- (unsigned char *)req)
-
-#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
- (char *(*)())d2i_RSAPublicKey,(char *)rsa)
-#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
- (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
-
-#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
- RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
- (unsigned char **)(rsa))
-#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
- (unsigned char *)rsa)
-#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
- RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
- (unsigned char **)(rsa))
-#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
- (unsigned char *)rsa)
-
-#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
- RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
- (unsigned char **)(rsa))
-#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
- (unsigned char *)rsa)
-#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
- RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
- (unsigned char **)(rsa))
-#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
- (unsigned char *)rsa)
-
-#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
- DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
- (unsigned char **)(dsa))
-#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
- (unsigned char *)dsa)
-#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
- DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
- (unsigned char **)(dsa))
-#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
- (unsigned char *)dsa)
-
-#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\
- EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \
- (unsigned char **)(ecdsa))
-#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \
- (unsigned char *)ecdsa)
-#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\
- EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \
- (unsigned char **)(ecdsa))
-#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \
- (unsigned char *)ecdsa)
-
-#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
- (char *(*)())d2i_X509_ALGOR,(char *)xn)
-
-#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
- (char *(*)())d2i_X509_NAME,(char *)xn)
-#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
- (int (*)())i2d_X509_NAME_ENTRY, \
- (char *(*)())d2i_X509_NAME_ENTRY,\
- (char *)ne)
-
-#define X509_digest(data,type,md,len) \
- ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
-#define X509_NAME_digest(data,type,md,len) \
- ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
-#ifndef PKCS7_ISSUER_AND_SERIAL_digest
-#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
- ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
- (char *)data,md,len)
-#endif
-#endif
-
-#define X509_EXT_PACK_UNKNOWN 1
-#define X509_EXT_PACK_STRING 2
-
-#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
-/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
-#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
-#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
-#define X509_extract_key(x) X509_get_pubkey(x) /*****/
-#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
-#define X509_REQ_get_subject_name(x) ((x)->req_info->subject)
-#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
-#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
-#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
-
-#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
-#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
-#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
-#define X509_CRL_get_issuer(x) ((x)->crl->issuer)
-#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
-
-/* This one is only used so that a binary form can output, as in
- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
-#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
-
-
-const char *X509_verify_cert_error_string(long n);
-
-#ifndef SSLEAY_MACROS
-#ifndef OPENSSL_NO_EVP
-int X509_verify(X509 *a, EVP_PKEY *r);
-
-int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
-
-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
-EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
-int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
-
-int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
-
-int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
-
-int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
-
-int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
- unsigned char *md, unsigned int *len);
-int X509_digest(const X509 *data,const EVP_MD *type,
- unsigned char *md, unsigned int *len);
-int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
- unsigned char *md, unsigned int *len);
-int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
- unsigned char *md, unsigned int *len);
-int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
- unsigned char *md, unsigned int *len);
-#endif
-
-#ifndef OPENSSL_NO_FP_API
-X509 *d2i_X509_fp(FILE *fp, X509 **x509);
-int i2d_X509_fp(FILE *fp,X509 *x509);
-X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
-int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
-int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
-#ifndef OPENSSL_NO_RSA
-RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
-int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
-RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
-int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
-RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
-int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
-#endif
-#ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
-int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
-#endif
-#ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
-int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
-int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
-#endif
-X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
-int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
- PKCS8_PRIV_KEY_INFO **p8inf);
-int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
-int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
-int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
-int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-X509 *d2i_X509_bio(BIO *bp,X509 **x509);
-int i2d_X509_bio(BIO *bp,X509 *x509);
-X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
-int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
-int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
-#ifndef OPENSSL_NO_RSA
-RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
-int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
-RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
-int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
-RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
-int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
-#endif
-#ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
-int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
-#endif
-#ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
-int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
-int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
-#endif
-X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
-int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
- PKCS8_PRIV_KEY_INFO **p8inf);
-int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
-int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
-int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
-int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
-EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
-#endif
-
-X509 *X509_dup(X509 *x509);
-X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
-X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
-X509_CRL *X509_CRL_dup(X509_CRL *crl);
-X509_REQ *X509_REQ_dup(X509_REQ *req);
-X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
- X509_ALGOR *algor);
-
-X509_NAME *X509_NAME_dup(X509_NAME *xn);
-X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
-
-#endif /* !SSLEAY_MACROS */
-
-int X509_cmp_time(ASN1_TIME *s, time_t *t);
-int X509_cmp_current_time(ASN1_TIME *s);
-ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
-ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj);
-
-const char * X509_get_default_cert_area(void );
-const char * X509_get_default_cert_dir(void );
-const char * X509_get_default_cert_file(void );
-const char * X509_get_default_cert_dir_env(void );
-const char * X509_get_default_cert_file_env(void );
-const char * X509_get_default_private_dir(void );
-
-X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
-X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
-
-DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
-DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
-DECLARE_ASN1_FUNCTIONS(X509_VAL)
-
-DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
-
-int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
-EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key);
-int X509_get_pubkey_parameters(EVP_PKEY *pkey,
- STACK_OF(X509) *chain);
-int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
-EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp,
- long length);
-#ifndef OPENSSL_NO_RSA
-int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
-RSA * d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp,
- long length);
-#endif
-#ifndef OPENSSL_NO_DSA
-int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
-DSA * d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp,
- long length);
-#endif
-#ifndef OPENSSL_NO_EC
-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,
- long length);
-#endif
-
-DECLARE_ASN1_FUNCTIONS(X509_SIG)
-DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
-DECLARE_ASN1_FUNCTIONS(X509_REQ)
-
-DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
-
-DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
-DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
-
-DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
-
-DECLARE_ASN1_FUNCTIONS(X509_NAME)
-
-int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
-
-DECLARE_ASN1_FUNCTIONS(X509_CINF)
-
-DECLARE_ASN1_FUNCTIONS(X509)
-DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
-
-DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)
-
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int X509_set_ex_data(X509 *r, int idx, void *arg);
-void *X509_get_ex_data(X509 *r, int idx);
-int i2d_X509_AUX(X509 *a,unsigned char **pp);
-X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
-
-int X509_alias_set1(X509 *x, unsigned char *name, int len);
-int X509_keyid_set1(X509 *x, unsigned char *id, int len);
-unsigned char * X509_alias_get0(X509 *x, int *len);
-unsigned char * X509_keyid_get0(X509 *x, int *len);
-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
-int X509_TRUST_set(int *t, int trust);
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
-void X509_trust_clear(X509 *x);
-void X509_reject_clear(X509 *x);
-
-DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
-DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
-DECLARE_ASN1_FUNCTIONS(X509_CRL)
-
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
-
-X509_PKEY * X509_PKEY_new(void );
-void X509_PKEY_free(X509_PKEY *a);
-int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
-X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length);
-
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
-DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
-
-#ifndef OPENSSL_NO_EVP
-X509_INFO * X509_INFO_new(void);
-void X509_INFO_free(X509_INFO *a);
-char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
-
-int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
- ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
-
-int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data,
- unsigned char *md,unsigned int *len);
-
-int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
- X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
- char *data,EVP_PKEY *pkey, const EVP_MD *type);
-
-int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
- unsigned char *md,unsigned int *len);
-
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
- ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
-
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
- ASN1_BIT_STRING *signature,
- void *data, EVP_PKEY *pkey, const EVP_MD *type);
-#endif
-
-int X509_set_version(X509 *x,long version);
-int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
-ASN1_INTEGER * X509_get_serialNumber(X509 *x);
-int X509_set_issuer_name(X509 *x, X509_NAME *name);
-X509_NAME * X509_get_issuer_name(X509 *a);
-int X509_set_subject_name(X509 *x, X509_NAME *name);
-X509_NAME * X509_get_subject_name(X509 *a);
-int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
-int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
-int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
-EVP_PKEY * X509_get_pubkey(X509 *x);
-ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
-int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
-
-int X509_REQ_set_version(X509_REQ *x,long version);
-int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
-int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
-EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
-int X509_REQ_extension_nid(int nid);
-int * X509_REQ_get_extension_nids(void);
-void X509_REQ_set_extension_nids(int *nids);
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
-int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
- int nid);
-int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
-int X509_REQ_get_attr_count(const X509_REQ *req);
-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
- int lastpos);
-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
- int lastpos);
-X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
-X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
-int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
- const ASN1_OBJECT *obj, int type,
- const unsigned char *bytes, int len);
-int X509_REQ_add1_attr_by_NID(X509_REQ *req,
- int nid, int type,
- const unsigned char *bytes, int len);
-int X509_REQ_add1_attr_by_txt(X509_REQ *req,
- const char *attrname, int type,
- const unsigned char *bytes, int len);
-
-int X509_CRL_set_version(X509_CRL *x, long version);
-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
-int X509_CRL_sort(X509_CRL *crl);
-
-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
-int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
-
-int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
-
-int X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
-
-int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
-unsigned long X509_issuer_and_serial_hash(X509 *a);
-
-int X509_issuer_name_cmp(const X509 *a, const X509 *b);
-unsigned long X509_issuer_name_hash(X509 *a);
-
-int X509_subject_name_cmp(const X509 *a, const X509 *b);
-unsigned long X509_subject_name_hash(X509 *x);
-
-int X509_cmp(const X509 *a, const X509 *b);
-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
-unsigned long X509_NAME_hash(X509_NAME *x);
-
-int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
-#ifndef OPENSSL_NO_FP_API
-int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
-int X509_print_fp(FILE *bp,X509 *x);
-int X509_CRL_print_fp(FILE *bp,X509_CRL *x);
-int X509_REQ_print_fp(FILE *bp,X509_REQ *req);
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
-#endif
-
-#ifndef OPENSSL_NO_BIO
-int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
-int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
-int X509_print(BIO *bp,X509 *x);
-int X509_ocspid_print(BIO *bp,X509 *x);
-int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
-int X509_CRL_print(BIO *bp,X509_CRL *x);
-int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
-int X509_REQ_print(BIO *bp,X509_REQ *req);
-#endif
-
-int X509_NAME_entry_count(X509_NAME *name);
-int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
- char *buf,int len);
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
- char *buf,int len);
-
-/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
- * lastpos, search after that position on. */
-int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
- int lastpos);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
- int loc, int set);
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
- unsigned char *bytes, int len, int loc, int set);
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
- unsigned char *bytes, int len, int loc, int set);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
- const char *field, int type, const unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
- int type,unsigned char *bytes, int len);
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
- const unsigned char *bytes, int len, int loc, int set);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
- ASN1_OBJECT *obj, int type,const unsigned char *bytes,
- int len);
-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
- ASN1_OBJECT *obj);
-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
- const unsigned char *bytes, int len);
-ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-
-int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
-int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
- int nid, int lastpos);
-int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
- ASN1_OBJECT *obj,int lastpos);
-int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
- int crit, int lastpos);
-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
-X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
-STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
- X509_EXTENSION *ex, int loc);
-
-int X509_get_ext_count(X509 *x);
-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
-int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos);
-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
-X509_EXTENSION *X509_get_ext(X509 *x, int loc);
-X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
-int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
-void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
-int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
- unsigned long flags);
-
-int X509_CRL_get_ext_count(X509_CRL *x);
-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
-int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos);
-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
-X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
-int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
-void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
-int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
- unsigned long flags);
-
-int X509_REVOKED_get_ext_count(X509_REVOKED *x);
-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos);
-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
-int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
-void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
-int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
- unsigned long flags);
-
-X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
- int nid, int crit, ASN1_OCTET_STRING *data);
-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
- ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data);
-int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj);
-int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
-int X509_EXTENSION_set_data(X509_EXTENSION *ex,
- ASN1_OCTET_STRING *data);
-ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex);
-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
-int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
-
-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
- int lastpos);
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
- int lastpos);
-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
- X509_ATTRIBUTE *attr);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
- const ASN1_OBJECT *obj, int type,
- const unsigned char *bytes, int len);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
- int nid, int type,
- const unsigned char *bytes, int len);
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
- const char *attrname, int type,
- const unsigned char *bytes, int len);
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
- ASN1_OBJECT *obj, int lastpos, int type);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
- int atrtype, const void *data, int len);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
- const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
- const char *atrname, int type, const unsigned char *bytes, int len);
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
- int atrtype, void *data);
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
-
-int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
- int lastpos);
-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
- int lastpos);
-X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
-X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
-int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
-int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
- const ASN1_OBJECT *obj, int type,
- const unsigned char *bytes, int len);
-int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
- int nid, int type,
- const unsigned char *bytes, int len);
-int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
- const char *attrname, int type,
- const unsigned char *bytes, int len);
-
-int X509_verify_cert(X509_STORE_CTX *ctx);
-
-/* lookup a cert from a X509 STACK */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
- ASN1_INTEGER *serial);
-X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
-
-DECLARE_ASN1_FUNCTIONS(PBEPARAM)
-DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
-DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
-
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
- unsigned char *salt, int saltlen);
-
-/* PKCS#8 utilities */
-
-DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
-
-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
-PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
-
-int X509_check_trust(X509 *x, int id, int flags);
-int X509_TRUST_get_count(void);
-X509_TRUST * X509_TRUST_get0(int idx);
-int X509_TRUST_get_by_id(int id);
-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
- char *name, int arg1, void *arg2);
-void X509_TRUST_cleanup(void);
-int X509_TRUST_get_flags(X509_TRUST *xp);
-char *X509_TRUST_get0_name(X509_TRUST *xp);
-int X509_TRUST_get_trust(X509_TRUST *xp);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_X509_strings(void);
-
-/* Error codes for the X509 functions. */
-
-/* Function codes. */
-#define X509_F_ADD_CERT_DIR 100
-#define X509_F_BY_FILE_CTRL 101
-#define X509_F_CHECK_POLICY 145
-#define X509_F_DIR_CTRL 102
-#define X509_F_GET_CERT_BY_SUBJECT 103
-#define X509_F_NETSCAPE_SPKI_B64_DECODE 129
-#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130
-#define X509_F_X509AT_ADD1_ATTR 135
-#define X509_F_X509V3_ADD_EXT 104
-#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136
-#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137
-#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140
-#define X509_F_X509_ATTRIBUTE_GET0_DATA 139
-#define X509_F_X509_ATTRIBUTE_SET1_DATA 138
-#define X509_F_X509_CHECK_PRIVATE_KEY 128
-#define X509_F_X509_CRL_PRINT_FP 147
-#define X509_F_X509_EXTENSION_CREATE_BY_NID 108
-#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
-#define X509_F_X509_GET_PUBKEY_PARAMETERS 110
-#define X509_F_X509_LOAD_CERT_CRL_FILE 132
-#define X509_F_X509_LOAD_CERT_FILE 111
-#define X509_F_X509_LOAD_CRL_FILE 112
-#define X509_F_X509_NAME_ADD_ENTRY 113
-#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
-#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131
-#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
-#define X509_F_X509_NAME_ONELINE 116
-#define X509_F_X509_NAME_PRINT 117
-#define X509_F_X509_PRINT_EX_FP 118
-#define X509_F_X509_PUBKEY_GET 119
-#define X509_F_X509_PUBKEY_SET 120
-#define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144
-#define X509_F_X509_REQ_PRINT_EX 121
-#define X509_F_X509_REQ_PRINT_FP 122
-#define X509_F_X509_REQ_TO_X509 123
-#define X509_F_X509_STORE_ADD_CERT 124
-#define X509_F_X509_STORE_ADD_CRL 125
-#define X509_F_X509_STORE_CTX_GET1_ISSUER 146
-#define X509_F_X509_STORE_CTX_INIT 143
-#define X509_F_X509_STORE_CTX_NEW 142
-#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
-#define X509_F_X509_TO_X509_REQ 126
-#define X509_F_X509_TRUST_ADD 133
-#define X509_F_X509_TRUST_SET 141
-#define X509_F_X509_VERIFY_CERT 127
-
-/* Reason codes. */
-#define X509_R_BAD_X509_FILETYPE 100
-#define X509_R_BASE64_DECODE_ERROR 118
-#define X509_R_CANT_CHECK_DH_KEY 114
-#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
-#define X509_R_ERR_ASN1_LIB 102
-#define X509_R_INVALID_DIRECTORY 113
-#define X509_R_INVALID_FIELD_NAME 119
-#define X509_R_INVALID_TRUST 123
-#define X509_R_KEY_TYPE_MISMATCH 115
-#define X509_R_KEY_VALUES_MISMATCH 116
-#define X509_R_LOADING_CERT_DIR 103
-#define X509_R_LOADING_DEFAULTS 104
-#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
-#define X509_R_SHOULD_RETRY 106
-#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
-#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
-#define X509_R_UNKNOWN_KEY_TYPE 117
-#define X509_R_UNKNOWN_NID 109
-#define X509_R_UNKNOWN_PURPOSE_ID 121
-#define X509_R_UNKNOWN_TRUST_ID 120
-#define X509_R_UNSUPPORTED_ALGORITHM 111
-#define X509_R_WRONG_LOOKUP_TYPE 112
-#define X509_R_WRONG_TYPE 122
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509.h (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1362 @@
+/* crypto/x509/x509.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_X509_H
+# define HEADER_X509_H
+
+# include <openssl/e_os2.h>
+# include <openssl/symhacks.h>
+# ifndef OPENSSL_NO_BUFFER
+# include <openssl/buffer.h>
+# endif
+# ifndef OPENSSL_NO_EVP
+# include <openssl/evp.h>
+# endif
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+# include <openssl/stack.h>
+# include <openssl/asn1.h>
+# include <openssl/safestack.h>
+
+# ifndef OPENSSL_NO_EC
+# include <openssl/ec.h>
+# endif
+
+# ifndef OPENSSL_NO_ECDSA
+# include <openssl/ecdsa.h>
+# endif
+
+# ifndef OPENSSL_NO_ECDH
+# include <openssl/ecdh.h>
+# endif
+
+# ifndef OPENSSL_NO_DEPRECATED
+# ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# endif
+# ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+# endif
+# ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+# endif
+# endif
+
+# ifndef OPENSSL_NO_SHA
+# include <openssl/sha.h>
+# endif
+# include <openssl/ossl_typ.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifdef OPENSSL_SYS_WIN32
+/* Under Win32 these are defined in wincrypt.h */
+# undef X509_NAME
+# undef X509_CERT_PAIR
+# undef X509_EXTENSIONS
+# endif
+
+# define X509_FILETYPE_PEM 1
+# define X509_FILETYPE_ASN1 2
+# define X509_FILETYPE_DEFAULT 3
+
+# define X509v3_KU_DIGITAL_SIGNATURE 0x0080
+# define X509v3_KU_NON_REPUDIATION 0x0040
+# define X509v3_KU_KEY_ENCIPHERMENT 0x0020
+# define X509v3_KU_DATA_ENCIPHERMENT 0x0010
+# define X509v3_KU_KEY_AGREEMENT 0x0008
+# define X509v3_KU_KEY_CERT_SIGN 0x0004
+# define X509v3_KU_CRL_SIGN 0x0002
+# define X509v3_KU_ENCIPHER_ONLY 0x0001
+# define X509v3_KU_DECIPHER_ONLY 0x8000
+# define X509v3_KU_UNDEF 0xffff
+
+typedef struct X509_objects_st {
+ int nid;
+ int (*a2i) (void);
+ int (*i2a) (void);
+} X509_OBJECTS;
+
+struct X509_algor_st {
+ ASN1_OBJECT *algorithm;
+ ASN1_TYPE *parameter;
+} /* X509_ALGOR */ ;
+
+DECLARE_ASN1_SET_OF(X509_ALGOR)
+
+typedef STACK_OF(X509_ALGOR) X509_ALGORS;
+
+typedef struct X509_val_st {
+ ASN1_TIME *notBefore;
+ ASN1_TIME *notAfter;
+} X509_VAL;
+
+typedef struct X509_pubkey_st {
+ X509_ALGOR *algor;
+ ASN1_BIT_STRING *public_key;
+ EVP_PKEY *pkey;
+} X509_PUBKEY;
+
+typedef struct X509_sig_st {
+ X509_ALGOR *algor;
+ ASN1_OCTET_STRING *digest;
+} X509_SIG;
+
+typedef struct X509_name_entry_st {
+ ASN1_OBJECT *object;
+ ASN1_STRING *value;
+ int set;
+ int size; /* temp variable */
+} X509_NAME_ENTRY;
+
+DECLARE_STACK_OF(X509_NAME_ENTRY)
+DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
+
+/* we always keep X509_NAMEs in 2 forms. */
+struct X509_name_st {
+ STACK_OF(X509_NAME_ENTRY) *entries;
+ int modified; /* true if 'bytes' needs to be built */
+# ifndef OPENSSL_NO_BUFFER
+ BUF_MEM *bytes;
+# else
+ char *bytes;
+# endif
+ unsigned long hash; /* Keep the hash around for lookups */
+} /* X509_NAME */ ;
+
+DECLARE_STACK_OF(X509_NAME)
+
+# define X509_EX_V_NETSCAPE_HACK 0x8000
+# define X509_EX_V_INIT 0x0001
+typedef struct X509_extension_st {
+ ASN1_OBJECT *object;
+ ASN1_BOOLEAN critical;
+ ASN1_OCTET_STRING *value;
+} X509_EXTENSION;
+
+typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
+
+DECLARE_STACK_OF(X509_EXTENSION)
+DECLARE_ASN1_SET_OF(X509_EXTENSION)
+
+/* a sequence of these are used */
+typedef struct x509_attributes_st {
+ ASN1_OBJECT *object;
+ int single; /* 0 for a set, 1 for a single item (which is
+ * wrong) */
+ union {
+ char *ptr;
+ /*
+ * 0
+ */ STACK_OF(ASN1_TYPE) *set;
+ /*
+ * 1
+ */ ASN1_TYPE *single;
+ } value;
+} X509_ATTRIBUTE;
+
+DECLARE_STACK_OF(X509_ATTRIBUTE)
+DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
+
+typedef struct X509_req_info_st {
+ ASN1_ENCODING enc;
+ ASN1_INTEGER *version;
+ X509_NAME *subject;
+ X509_PUBKEY *pubkey;
+ /* d=2 hl=2 l= 0 cons: cont: 00 */
+ STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+} X509_REQ_INFO;
+
+typedef struct X509_req_st {
+ X509_REQ_INFO *req_info;
+ X509_ALGOR *sig_alg;
+ ASN1_BIT_STRING *signature;
+ int references;
+} X509_REQ;
+
+typedef struct x509_cinf_st {
+ ASN1_INTEGER *version; /* [ 0 ] default of v1 */
+ ASN1_INTEGER *serialNumber;
+ X509_ALGOR *signature;
+ X509_NAME *issuer;
+ X509_VAL *validity;
+ X509_NAME *subject;
+ X509_PUBKEY *key;
+ ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
+ ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
+ STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
+ ASN1_ENCODING enc;
+} X509_CINF;
+
+/*
+ * This stuff is certificate "auxiliary info" it contains details which are
+ * useful in certificate stores and databases. When used this is tagged onto
+ * the end of the certificate itself
+ */
+
+typedef struct x509_cert_aux_st {
+ STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
+ STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
+ ASN1_UTF8STRING *alias; /* "friendly name" */
+ ASN1_OCTET_STRING *keyid; /* key id of private key */
+ STACK_OF(X509_ALGOR) *other; /* other unspecified info */
+} X509_CERT_AUX;
+
+struct x509_st {
+ X509_CINF *cert_info;
+ X509_ALGOR *sig_alg;
+ ASN1_BIT_STRING *signature;
+ int valid;
+ int references;
+ char *name;
+ CRYPTO_EX_DATA ex_data;
+ /* These contain copies of various extension values */
+ long ex_pathlen;
+ long ex_pcpathlen;
+ unsigned long ex_flags;
+ unsigned long ex_kusage;
+ unsigned long ex_xkusage;
+ unsigned long ex_nscert;
+ ASN1_OCTET_STRING *skid;
+ struct AUTHORITY_KEYID_st *akid;
+ X509_POLICY_CACHE *policy_cache;
+# ifndef OPENSSL_NO_RFC3779
+ STACK_OF(IPAddressFamily) *rfc3779_addr;
+ struct ASIdentifiers_st *rfc3779_asid;
+# endif
+# ifndef OPENSSL_NO_SHA
+ unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+# endif
+ X509_CERT_AUX *aux;
+} /* X509 */ ;
+
+DECLARE_STACK_OF(X509)
+DECLARE_ASN1_SET_OF(X509)
+
+/* This is used for a table of trust checking functions */
+
+typedef struct x509_trust_st {
+ int trust;
+ int flags;
+ int (*check_trust) (struct x509_trust_st *, X509 *, int);
+ char *name;
+ int arg1;
+ void *arg2;
+} X509_TRUST;
+
+DECLARE_STACK_OF(X509_TRUST)
+
+typedef struct x509_cert_pair_st {
+ X509 *forward;
+ X509 *reverse;
+} X509_CERT_PAIR;
+
+/* standard trust ids */
+
+# define X509_TRUST_DEFAULT -1/* Only valid in purpose settings */
+
+# define X509_TRUST_COMPAT 1
+# define X509_TRUST_SSL_CLIENT 2
+# define X509_TRUST_SSL_SERVER 3
+# define X509_TRUST_EMAIL 4
+# define X509_TRUST_OBJECT_SIGN 5
+# define X509_TRUST_OCSP_SIGN 6
+# define X509_TRUST_OCSP_REQUEST 7
+
+/* Keep these up to date! */
+# define X509_TRUST_MIN 1
+# define X509_TRUST_MAX 7
+
+/* trust_flags values */
+# define X509_TRUST_DYNAMIC 1
+# define X509_TRUST_DYNAMIC_NAME 2
+
+/* check_trust return codes */
+
+# define X509_TRUST_TRUSTED 1
+# define X509_TRUST_REJECTED 2
+# define X509_TRUST_UNTRUSTED 3
+
+/* Flags for X509_print_ex() */
+
+# define X509_FLAG_COMPAT 0
+# define X509_FLAG_NO_HEADER 1L
+# define X509_FLAG_NO_VERSION (1L << 1)
+# define X509_FLAG_NO_SERIAL (1L << 2)
+# define X509_FLAG_NO_SIGNAME (1L << 3)
+# define X509_FLAG_NO_ISSUER (1L << 4)
+# define X509_FLAG_NO_VALIDITY (1L << 5)
+# define X509_FLAG_NO_SUBJECT (1L << 6)
+# define X509_FLAG_NO_PUBKEY (1L << 7)
+# define X509_FLAG_NO_EXTENSIONS (1L << 8)
+# define X509_FLAG_NO_SIGDUMP (1L << 9)
+# define X509_FLAG_NO_AUX (1L << 10)
+# define X509_FLAG_NO_ATTRIBUTES (1L << 11)
+
+/* Flags specific to X509_NAME_print_ex() */
+
+/* The field separator information */
+
+# define XN_FLAG_SEP_MASK (0xf << 16)
+
+# define XN_FLAG_COMPAT 0/* Traditional SSLeay: use old
+ * X509_NAME_print */
+# define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */
+# define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */
+# define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */
+# define XN_FLAG_SEP_MULTILINE (4 << 16)/* One line per field */
+
+# define XN_FLAG_DN_REV (1 << 20)/* Reverse DN order */
+
+/* How the field name is shown */
+
+# define XN_FLAG_FN_MASK (0x3 << 21)
+
+# define XN_FLAG_FN_SN 0/* Object short name */
+# define XN_FLAG_FN_LN (1 << 21)/* Object long name */
+# define XN_FLAG_FN_OID (2 << 21)/* Always use OIDs */
+# define XN_FLAG_FN_NONE (3 << 21)/* No field names */
+
+# define XN_FLAG_SPC_EQ (1 << 23)/* Put spaces round '=' */
+
+/*
+ * This determines if we dump fields we don't recognise: RFC2253 requires
+ * this.
+ */
+
+# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+
+# define XN_FLAG_FN_ALIGN (1 << 25)/* Align field names to 20
+ * characters */
+
+/* Complete set of RFC2253 flags */
+
+# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
+ XN_FLAG_SEP_COMMA_PLUS | \
+ XN_FLAG_DN_REV | \
+ XN_FLAG_FN_SN | \
+ XN_FLAG_DUMP_UNKNOWN_FIELDS)
+
+/* readable oneline form */
+
+# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
+ ASN1_STRFLGS_ESC_QUOTE | \
+ XN_FLAG_SEP_CPLUS_SPC | \
+ XN_FLAG_SPC_EQ | \
+ XN_FLAG_FN_SN)
+
+/* readable multiline form */
+
+# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
+ ASN1_STRFLGS_ESC_MSB | \
+ XN_FLAG_SEP_MULTILINE | \
+ XN_FLAG_SPC_EQ | \
+ XN_FLAG_FN_LN | \
+ XN_FLAG_FN_ALIGN)
+
+typedef struct X509_revoked_st {
+ ASN1_INTEGER *serialNumber;
+ ASN1_TIME *revocationDate;
+ STACK_OF(X509_EXTENSION) /* optional */ *extensions;
+ int sequence; /* load sequence */
+} X509_REVOKED;
+
+DECLARE_STACK_OF(X509_REVOKED)
+DECLARE_ASN1_SET_OF(X509_REVOKED)
+
+typedef struct X509_crl_info_st {
+ ASN1_INTEGER *version;
+ X509_ALGOR *sig_alg;
+ X509_NAME *issuer;
+ ASN1_TIME *lastUpdate;
+ ASN1_TIME *nextUpdate;
+ STACK_OF(X509_REVOKED) *revoked;
+ STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
+ ASN1_ENCODING enc;
+} X509_CRL_INFO;
+
+struct X509_crl_st {
+ /* actual signature */
+ X509_CRL_INFO *crl;
+ X509_ALGOR *sig_alg;
+ ASN1_BIT_STRING *signature;
+ int references;
+} /* X509_CRL */ ;
+
+DECLARE_STACK_OF(X509_CRL)
+DECLARE_ASN1_SET_OF(X509_CRL)
+
+typedef struct private_key_st {
+ int version;
+ /* The PKCS#8 data types */
+ X509_ALGOR *enc_algor;
+ ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
+ /* When decrypted, the following will not be NULL */
+ EVP_PKEY *dec_pkey;
+ /* used to encrypt and decrypt */
+ int key_length;
+ char *key_data;
+ int key_free; /* true if we should auto free key_data */
+ /* expanded version of 'enc_algor' */
+ EVP_CIPHER_INFO cipher;
+ int references;
+} X509_PKEY;
+
+# ifndef OPENSSL_NO_EVP
+typedef struct X509_info_st {
+ X509 *x509;
+ X509_CRL *crl;
+ X509_PKEY *x_pkey;
+ EVP_CIPHER_INFO enc_cipher;
+ int enc_len;
+ char *enc_data;
+ int references;
+} X509_INFO;
+
+DECLARE_STACK_OF(X509_INFO)
+# endif
+
+/*
+ * The next 2 structures and their 8 routines were sent to me by Pat Richard
+ * <patr at x509.com> and are used to manipulate Netscapes spki structures -
+ * useful if you are writing a CA web page
+ */
+typedef struct Netscape_spkac_st {
+ X509_PUBKEY *pubkey;
+ ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */
+} NETSCAPE_SPKAC;
+
+typedef struct Netscape_spki_st {
+ NETSCAPE_SPKAC *spkac; /* signed public key and challenge */
+ X509_ALGOR *sig_algor;
+ ASN1_BIT_STRING *signature;
+} NETSCAPE_SPKI;
+
+/* Netscape certificate sequence structure */
+typedef struct Netscape_certificate_sequence {
+ ASN1_OBJECT *type;
+ STACK_OF(X509) *certs;
+} NETSCAPE_CERT_SEQUENCE;
+
+/*- Unused (and iv length is wrong)
+typedef struct CBCParameter_st
+ {
+ unsigned char iv[8];
+ } CBC_PARAM;
+*/
+
+/* Password based encryption structure */
+
+typedef struct PBEPARAM_st {
+ ASN1_OCTET_STRING *salt;
+ ASN1_INTEGER *iter;
+} PBEPARAM;
+
+/* Password based encryption V2 structures */
+
+typedef struct PBE2PARAM_st {
+ X509_ALGOR *keyfunc;
+ X509_ALGOR *encryption;
+} PBE2PARAM;
+
+typedef struct PBKDF2PARAM_st {
+/* Usually OCTET STRING but could be anything */
+ ASN1_TYPE *salt;
+ ASN1_INTEGER *iter;
+ ASN1_INTEGER *keylength;
+ X509_ALGOR *prf;
+} PBKDF2PARAM;
+
+/* PKCS#8 private key info structure */
+
+typedef struct pkcs8_priv_key_info_st {
+ /* Flag for various broken formats */
+ int broken;
+# define PKCS8_OK 0
+# define PKCS8_NO_OCTET 1
+# define PKCS8_EMBEDDED_PARAM 2
+# define PKCS8_NS_DB 3
+ ASN1_INTEGER *version;
+ X509_ALGOR *pkeyalg;
+ /* Should be OCTET STRING but some are broken */
+ ASN1_TYPE *pkey;
+ STACK_OF(X509_ATTRIBUTE) *attributes;
+} PKCS8_PRIV_KEY_INFO;
+
+#ifdef __cplusplus
+}
+#endif
+
+# include <openssl/x509_vfy.h>
+# include <openssl/pkcs7.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# ifdef SSLEAY_MACROS
+# define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
+ a->signature,(char *)a->cert_info,r)
+# define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \
+ a->sig_alg,a->signature,(char *)a->req_info,r)
+# define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \
+ a->sig_alg, a->signature,(char *)a->crl,r)
+
+# define X509_sign(x,pkey,md) \
+ ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \
+ x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)
+# define X509_REQ_sign(x,pkey,md) \
+ ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \
+ x->signature, (char *)x->req_info,pkey,md)
+# define X509_CRL_sign(x,pkey,md) \
+ ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \
+ x->signature, (char *)x->crl,pkey,md)
+# define NETSCAPE_SPKI_sign(x,pkey,md) \
+ ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \
+ x->signature, (char *)x->spkac,pkey,md)
+
+# define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \
+ (char *(*)())d2i_X509,(char *)x509)
+# define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\
+ (int (*)())i2d_X509_ATTRIBUTE, \
+ (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa)
+# define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \
+ (int (*)())i2d_X509_EXTENSION, \
+ (char *(*)())d2i_X509_EXTENSION,(char *)ex)
+# define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \
+ (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))
+# define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)
+# define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \
+ (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))
+# define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)
+
+# define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \
+ (char *(*)())d2i_X509_CRL,(char *)crl)
+# define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \
+ X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\
+ (unsigned char **)(crl))
+# define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\
+ (unsigned char *)crl)
+# define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \
+ X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\
+ (unsigned char **)(crl))
+# define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\
+ (unsigned char *)crl)
+
+# define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \
+ (char *(*)())d2i_PKCS7,(char *)p7)
+# define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \
+ PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\
+ (unsigned char **)(p7))
+# define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\
+ (unsigned char *)p7)
+# define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \
+ PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\
+ (unsigned char **)(p7))
+# define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\
+ (unsigned char *)p7)
+
+# define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \
+ (char *(*)())d2i_X509_REQ,(char *)req)
+# define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\
+ X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\
+ (unsigned char **)(req))
+# define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\
+ (unsigned char *)req)
+# define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\
+ X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\
+ (unsigned char **)(req))
+# define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\
+ (unsigned char *)req)
+
+# define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \
+ (char *(*)())d2i_RSAPublicKey,(char *)rsa)
+# define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \
+ (char *(*)())d2i_RSAPrivateKey,(char *)rsa)
+
+# define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
+ RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \
+ (unsigned char **)(rsa))
+# define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \
+ (unsigned char *)rsa)
+# define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
+ RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \
+ (unsigned char **)(rsa))
+# define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \
+ (unsigned char *)rsa)
+
+# define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\
+ RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \
+ (unsigned char **)(rsa))
+# define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \
+ (unsigned char *)rsa)
+# define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\
+ RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \
+ (unsigned char **)(rsa))
+# define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \
+ (unsigned char *)rsa)
+
+# define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\
+ DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \
+ (unsigned char **)(dsa))
+# define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \
+ (unsigned char *)dsa)
+# define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\
+ DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \
+ (unsigned char **)(dsa))
+# define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
+ (unsigned char *)dsa)
+
+# define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\
+ EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \
+ (unsigned char **)(ecdsa))
+# define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \
+ (unsigned char *)ecdsa)
+# define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\
+ EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \
+ (unsigned char **)(ecdsa))
+# define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \
+ (unsigned char *)ecdsa)
+
+# define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
+ (char *(*)())d2i_X509_ALGOR,(char *)xn)
+
+# define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \
+ (char *(*)())d2i_X509_NAME,(char *)xn)
+# define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \
+ (int (*)())i2d_X509_NAME_ENTRY, \
+ (char *(*)())d2i_X509_NAME_ENTRY,\
+ (char *)ne)
+
+# define X509_digest(data,type,md,len) \
+ ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)
+# define X509_NAME_digest(data,type,md,len) \
+ ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)
+# ifndef PKCS7_ISSUER_AND_SERIAL_digest
+# define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
+ ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\
+ (char *)data,md,len)
+# endif
+# endif
+
+# define X509_EXT_PACK_UNKNOWN 1
+# define X509_EXT_PACK_STRING 2
+
+# define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version)
+/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */
+# define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore)
+# define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter)
+# define X509_extract_key(x) X509_get_pubkey(x)/*****/
+# define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version)
+# define X509_REQ_get_subject_name(x) ((x)->req_info->subject)
+# define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
+# define X509_name_cmp(a,b) X509_NAME_cmp((a),(b))
+# define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
+
+# define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
+# define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
+# define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
+# define X509_CRL_get_issuer(x) ((x)->crl->issuer)
+# define X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
+
+/*
+ * This one is only used so that a binary form can output, as in
+ * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf)
+ */
+# define X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
+
+const char *X509_verify_cert_error_string(long n);
+
+# ifndef SSLEAY_MACROS
+# ifndef OPENSSL_NO_EVP
+int X509_verify(X509 *a, EVP_PKEY *r);
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
+
+NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len);
+char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
+
+int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig);
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
+
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+int X509_digest(const X509 *data, const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+ unsigned char *md, unsigned int *len);
+# endif
+
+# ifndef OPENSSL_NO_FP_API
+X509 *d2i_X509_fp(FILE *fp, X509 **x509);
+int i2d_X509_fp(FILE *fp, X509 *x509);
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
+# ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
+# endif
+# ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
+# endif
+# ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
+int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
+EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
+int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
+# endif
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+ PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
+# endif
+
+# ifndef OPENSSL_NO_BIO
+X509 *d2i_X509_bio(BIO *bp, X509 **x509);
+int i2d_X509_bio(BIO *bp, X509 *x509);
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
+# ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
+# endif
+# ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
+# endif
+# ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
+int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
+EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
+int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
+# endif
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+ PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+# endif
+
+X509 *X509_dup(X509 *x509);
+X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
+X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
+X509_CRL *X509_CRL_dup(X509_CRL *crl);
+X509_REQ *X509_REQ_dup(X509_REQ *req);
+X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype,
+ void *pval);
+void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+ X509_ALGOR *algor);
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+
+X509_NAME *X509_NAME_dup(X509_NAME *xn);
+X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
+
+# endif /* !SSLEAY_MACROS */
+
+int X509_cmp_time(ASN1_TIME *s, time_t *t);
+int X509_cmp_current_time(ASN1_TIME *s);
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
+
+const char *X509_get_default_cert_area(void);
+const char *X509_get_default_cert_dir(void);
+const char *X509_get_default_cert_file(void);
+const char *X509_get_default_cert_dir_env(void);
+const char *X509_get_default_cert_file_env(void);
+const char *X509_get_default_private_dir(void);
+
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey);
+
+DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
+DECLARE_ASN1_FUNCTIONS(X509_VAL)
+
+DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
+# ifndef OPENSSL_NO_RSA
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
+# endif
+# ifndef OPENSSL_NO_DSA
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp);
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
+# endif
+# ifndef OPENSSL_NO_EC
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
+# endif
+
+DECLARE_ASN1_FUNCTIONS(X509_SIG)
+DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_REQ)
+
+DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
+
+DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
+
+DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+
+DECLARE_ASN1_FUNCTIONS(X509_NAME)
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(X509_CINF)
+
+DECLARE_ASN1_FUNCTIONS(X509)
+DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)
+
+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int X509_set_ex_data(X509 *r, int idx, void *arg);
+void *X509_get_ex_data(X509 *r, int idx);
+int i2d_X509_AUX(X509 *a, unsigned char **pp);
+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
+
+int X509_alias_set1(X509 *x, unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, unsigned char *id, int len);
+unsigned char *X509_alias_get0(X509 *x, int *len);
+unsigned char *X509_keyid_get0(X509 *x, int *len);
+int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
+ int);
+int X509_TRUST_set(int *t, int trust);
+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
+void X509_trust_clear(X509 *x);
+void X509_reject_clear(X509 *x);
+
+DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
+DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_CRL)
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+
+X509_PKEY *X509_PKEY_new(void);
+void X509_PKEY_free(X509_PKEY *a);
+int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp);
+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp,
+ long length);
+
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
+
+# ifndef OPENSSL_NO_EVP
+X509_INFO *X509_INFO_new(void);
+void X509_INFO_free(X509_INFO *a);
+char *X509_NAME_oneline(X509_NAME *a, char *buf, int size);
+
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
+ ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey);
+
+int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+ unsigned char *md, unsigned int *len);
+
+int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
+ X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+ char *data, EVP_PKEY *pkey, const EVP_MD *type);
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data,
+ unsigned char *md, unsigned int *len);
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
+ ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey);
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
+ X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data,
+ EVP_PKEY *pkey, const EVP_MD *type);
+# endif
+
+int X509_set_version(X509 *x, long version);
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+int X509_set_issuer_name(X509 *x, X509_NAME *name);
+X509_NAME *X509_get_issuer_name(X509 *a);
+int X509_set_subject_name(X509 *x, X509_NAME *name);
+X509_NAME *X509_get_subject_name(X509 *a);
+int X509_set_notBefore(X509 *x, ASN1_TIME *tm);
+int X509_set_notAfter(X509 *x, ASN1_TIME *tm);
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+EVP_PKEY *X509_get_pubkey(X509 *x);
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
+int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ );
+
+int X509_REQ_set_version(X509_REQ *x, long version);
+int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
+int X509_REQ_extension_nid(int nid);
+int *X509_REQ_get_extension_nids(void);
+void X509_REQ_set_extension_nids(int *nids);
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+ int nid);
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
+int X509_REQ_get_attr_count(const X509_REQ *req);
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos);
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
+ int lastpos);
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+ const ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+ int nid, int type,
+ const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+ const char *attrname, int type,
+ const unsigned char *bytes, int len);
+
+int X509_CRL_set_version(X509_CRL *x, long version);
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_sort(X509_CRL *crl);
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+
+int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+
+int X509_check_private_key(X509 *x509, EVP_PKEY *pkey);
+
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
+unsigned long X509_issuer_and_serial_hash(X509 *a);
+
+int X509_issuer_name_cmp(const X509 *a, const X509 *b);
+unsigned long X509_issuer_name_hash(X509 *a);
+
+int X509_subject_name_cmp(const X509 *a, const X509 *b);
+unsigned long X509_subject_name_hash(X509 *x);
+
+int X509_cmp(const X509 *a, const X509 *b);
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
+unsigned long X509_NAME_hash(X509_NAME *x);
+
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+# ifndef OPENSSL_NO_FP_API
+int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
+ unsigned long cflag);
+int X509_print_fp(FILE *bp, X509 *x);
+int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
+int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
+ unsigned long flags);
+# endif
+
+# ifndef OPENSSL_NO_BIO
+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
+ unsigned long flags);
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
+ unsigned long cflag);
+int X509_print(BIO *bp, X509 *x);
+int X509_ocspid_print(BIO *bp, X509 *x);
+int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
+int X509_CRL_print(BIO *bp, X509_CRL *x);
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
+ unsigned long cflag);
+int X509_REQ_print(BIO *bp, X509_REQ *req);
+# endif
+
+int X509_NAME_entry_count(X509_NAME *name);
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+ char *buf, int len);
+
+/*
+ * NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
+ * lastpos, search after that position on.
+ */
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+ int lastpos);
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne,
+ int loc, int set);
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
+ unsigned char *bytes, int len, int loc,
+ int set);
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+ unsigned char *bytes, int len, int loc,
+ int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+ const char *field, int type,
+ const unsigned char *bytes,
+ int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+ int type, unsigned char *bytes,
+ int len);
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+ const unsigned char *bytes, int len, int loc,
+ int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+ ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes,
+ int len);
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+ const unsigned char *bytes, int len);
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+ int nid, int lastpos);
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+ ASN1_OBJECT *obj, int lastpos);
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+ int crit, int lastpos);
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+ X509_EXTENSION *ex, int loc);
+
+int X509_get_ext_count(X509 *x);
+int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
+int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos);
+int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_get_ext(X509 *x, int loc);
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+ unsigned long flags);
+
+int X509_CRL_get_ext_count(X509_CRL *x);
+int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
+int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos);
+int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
+X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+ unsigned long flags);
+
+int X509_REVOKED_get_ext_count(X509_REVOKED *x);
+int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
+int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
+ int lastpos);
+int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
+X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+ unsigned long flags);
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+ int nid, int crit,
+ ASN1_OCTET_STRING *data);
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+ ASN1_OBJECT *obj, int crit,
+ ASN1_OCTET_STRING *data);
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj);
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+ int lastpos);
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
+ ASN1_OBJECT *obj, int lastpos);
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+ X509_ATTRIBUTE *attr);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
+ **x, const ASN1_OBJECT *obj,
+ int type,
+ const unsigned char *bytes,
+ int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
+ **x, int nid, int type,
+ const unsigned char *bytes,
+ int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
+ **x, const char *attrname,
+ int type,
+ const unsigned char *bytes,
+ int len);
+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj,
+ int lastpos, int type);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+ int atrtype, const void *data,
+ int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+ const ASN1_OBJECT *obj,
+ int atrtype, const void *data,
+ int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+ const char *atrname, int type,
+ const unsigned char *bytes,
+ int len);
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+ const void *data, int len);
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,
+ void *data);
+int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
+
+int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos);
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
+ int lastpos);
+X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
+X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
+int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
+int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
+ const ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes, int len);
+int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
+ int nid, int type,
+ const unsigned char *bytes, int len);
+int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
+ const char *attrname, int type,
+ const unsigned char *bytes, int len);
+
+int X509_verify_cert(X509_STORE_CTX *ctx);
+
+/* lookup a cert from a X509 STACK */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+ ASN1_INTEGER *serial);
+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(PBEPARAM)
+DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
+DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
+ int saltlen);
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+ unsigned char *salt, int saltlen);
+
+/* PKCS#8 utilities */
+
+DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+
+EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
+
+int X509_check_trust(X509 *x, int id, int flags);
+int X509_TRUST_get_count(void);
+X509_TRUST *X509_TRUST_get0(int idx);
+int X509_TRUST_get_by_id(int id);
+int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+ char *name, int arg1, void *arg2);
+void X509_TRUST_cleanup(void);
+int X509_TRUST_get_flags(X509_TRUST *xp);
+char *X509_TRUST_get0_name(X509_TRUST *xp);
+int X509_TRUST_get_trust(X509_TRUST *xp);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_X509_strings(void);
+
+/* Error codes for the X509 functions. */
+
+/* Function codes. */
+# define X509_F_ADD_CERT_DIR 100
+# define X509_F_BY_FILE_CTRL 101
+# define X509_F_CHECK_POLICY 145
+# define X509_F_DIR_CTRL 102
+# define X509_F_GET_CERT_BY_SUBJECT 103
+# define X509_F_NETSCAPE_SPKI_B64_DECODE 129
+# define X509_F_NETSCAPE_SPKI_B64_ENCODE 130
+# define X509_F_X509AT_ADD1_ATTR 135
+# define X509_F_X509V3_ADD_EXT 104
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140
+# define X509_F_X509_ATTRIBUTE_GET0_DATA 139
+# define X509_F_X509_ATTRIBUTE_SET1_DATA 138
+# define X509_F_X509_CHECK_PRIVATE_KEY 128
+# define X509_F_X509_CRL_PRINT_FP 147
+# define X509_F_X509_EXTENSION_CREATE_BY_NID 108
+# define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109
+# define X509_F_X509_GET_PUBKEY_PARAMETERS 110
+# define X509_F_X509_LOAD_CERT_CRL_FILE 132
+# define X509_F_X509_LOAD_CERT_FILE 111
+# define X509_F_X509_LOAD_CRL_FILE 112
+# define X509_F_X509_NAME_ADD_ENTRY 113
+# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114
+# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131
+# define X509_F_X509_NAME_ENTRY_SET_OBJECT 115
+# define X509_F_X509_NAME_ONELINE 116
+# define X509_F_X509_NAME_PRINT 117
+# define X509_F_X509_PRINT_EX_FP 118
+# define X509_F_X509_PUBKEY_GET 119
+# define X509_F_X509_PUBKEY_SET 120
+# define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144
+# define X509_F_X509_REQ_PRINT_EX 121
+# define X509_F_X509_REQ_PRINT_FP 122
+# define X509_F_X509_REQ_TO_X509 123
+# define X509_F_X509_STORE_ADD_CERT 124
+# define X509_F_X509_STORE_ADD_CRL 125
+# define X509_F_X509_STORE_CTX_GET1_ISSUER 146
+# define X509_F_X509_STORE_CTX_INIT 143
+# define X509_F_X509_STORE_CTX_NEW 142
+# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134
+# define X509_F_X509_TO_X509_REQ 126
+# define X509_F_X509_TRUST_ADD 133
+# define X509_F_X509_TRUST_SET 141
+# define X509_F_X509_VERIFY_CERT 127
+
+/* Reason codes. */
+# define X509_R_BAD_X509_FILETYPE 100
+# define X509_R_BASE64_DECODE_ERROR 118
+# define X509_R_CANT_CHECK_DH_KEY 114
+# define X509_R_CERT_ALREADY_IN_HASH_TABLE 101
+# define X509_R_ERR_ASN1_LIB 102
+# define X509_R_INVALID_DIRECTORY 113
+# define X509_R_INVALID_FIELD_NAME 119
+# define X509_R_INVALID_TRUST 123
+# define X509_R_KEY_TYPE_MISMATCH 115
+# define X509_R_KEY_VALUES_MISMATCH 116
+# define X509_R_LOADING_CERT_DIR 103
+# define X509_R_LOADING_DEFAULTS 104
+# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105
+# define X509_R_SHOULD_RETRY 106
+# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107
+# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108
+# define X509_R_UNKNOWN_KEY_TYPE 117
+# define X509_R_UNKNOWN_NID 109
+# define X509_R_UNKNOWN_PURPOSE_ID 121
+# define X509_R_UNKNOWN_TRUST_ID 120
+# define X509_R_UNSUPPORTED_ALGORITHM 111
+# define X509_R_WRONG_LOOKUP_TYPE 112
+# define X509_R_WRONG_TYPE 122
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_att.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_att.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_att.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,359 +0,0 @@
-/* crypto/x509/x509_att.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
-{
- return sk_X509_ATTRIBUTE_num(x);
-}
-
-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
- int lastpos)
-{
- ASN1_OBJECT *obj;
-
- obj=OBJ_nid2obj(nid);
- if (obj == NULL) return(-2);
- return(X509at_get_attr_by_OBJ(x,obj,lastpos));
-}
-
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
- int lastpos)
-{
- int n;
- X509_ATTRIBUTE *ex;
-
- if (sk == NULL) return(-1);
- lastpos++;
- if (lastpos < 0)
- lastpos=0;
- n=sk_X509_ATTRIBUTE_num(sk);
- for ( ; lastpos < n; lastpos++)
- {
- ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
- if (OBJ_cmp(ex->object,obj) == 0)
- return(lastpos);
- }
- return(-1);
-}
-
-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
-{
- if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
- return NULL;
- else
- return sk_X509_ATTRIBUTE_value(x,loc);
-}
-
-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
-{
- X509_ATTRIBUTE *ret;
-
- if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
- return(NULL);
- ret=sk_X509_ATTRIBUTE_delete(x,loc);
- return(ret);
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
- X509_ATTRIBUTE *attr)
-{
- X509_ATTRIBUTE *new_attr=NULL;
- STACK_OF(X509_ATTRIBUTE) *sk=NULL;
-
- if (x == NULL)
- {
- X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
- goto err2;
- }
-
- if (*x == NULL)
- {
- if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
- goto err;
- }
- else
- sk= *x;
-
- if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
- goto err2;
- if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
- goto err;
- if (*x == NULL)
- *x=sk;
- return(sk);
-err:
- X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE);
-err2:
- if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
- if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
- return(NULL);
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
- const ASN1_OBJECT *obj, int type,
- const unsigned char *bytes, int len)
-{
- X509_ATTRIBUTE *attr;
- STACK_OF(X509_ATTRIBUTE) *ret;
- attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
- if(!attr) return 0;
- ret = X509at_add1_attr(x, attr);
- X509_ATTRIBUTE_free(attr);
- return ret;
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
- int nid, int type,
- const unsigned char *bytes, int len)
-{
- X509_ATTRIBUTE *attr;
- STACK_OF(X509_ATTRIBUTE) *ret;
- attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
- if(!attr) return 0;
- ret = X509at_add1_attr(x, attr);
- X509_ATTRIBUTE_free(attr);
- return ret;
-}
-
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
- const char *attrname, int type,
- const unsigned char *bytes, int len)
-{
- X509_ATTRIBUTE *attr;
- STACK_OF(X509_ATTRIBUTE) *ret;
- attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
- if(!attr) return 0;
- ret = X509at_add1_attr(x, attr);
- X509_ATTRIBUTE_free(attr);
- return ret;
-}
-
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
- ASN1_OBJECT *obj, int lastpos, int type)
-{
- int i;
- X509_ATTRIBUTE *at;
- i = X509at_get_attr_by_OBJ(x, obj, lastpos);
- if (i == -1)
- return NULL;
- if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
- return NULL;
- at = X509at_get_attr(x, i);
- if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
- return NULL;
- return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
-}
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
- int atrtype, const void *data, int len)
-{
- ASN1_OBJECT *obj;
- X509_ATTRIBUTE *ret;
-
- obj=OBJ_nid2obj(nid);
- if (obj == NULL)
- {
- X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
- return(NULL);
- }
- ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
- if (ret == NULL) ASN1_OBJECT_free(obj);
- return(ret);
-}
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
- const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
-{
- X509_ATTRIBUTE *ret;
-
- if ((attr == NULL) || (*attr == NULL))
- {
- if ((ret=X509_ATTRIBUTE_new()) == NULL)
- {
- X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- }
- else
- ret= *attr;
-
- if (!X509_ATTRIBUTE_set1_object(ret,obj))
- goto err;
- if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
- goto err;
-
- if ((attr != NULL) && (*attr == NULL)) *attr=ret;
- return(ret);
-err:
- if ((attr == NULL) || (ret != *attr))
- X509_ATTRIBUTE_free(ret);
- return(NULL);
-}
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
- const char *atrname, int type, const unsigned char *bytes, int len)
- {
- ASN1_OBJECT *obj;
- X509_ATTRIBUTE *nattr;
-
- obj=OBJ_txt2obj(atrname, 0);
- if (obj == NULL)
- {
- X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
- X509_R_INVALID_FIELD_NAME);
- ERR_add_error_data(2, "name=", atrname);
- return(NULL);
- }
- nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
- ASN1_OBJECT_free(obj);
- return nattr;
- }
-
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
-{
- if ((attr == NULL) || (obj == NULL))
- return(0);
- ASN1_OBJECT_free(attr->object);
- attr->object=OBJ_dup(obj);
- return(1);
-}
-
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
-{
- ASN1_TYPE *ttmp;
- ASN1_STRING *stmp = NULL;
- int atype = 0;
- if (!attr) return 0;
- if(attrtype & MBSTRING_FLAG) {
- stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
- OBJ_obj2nid(attr->object));
- if(!stmp) {
- X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
- return 0;
- }
- atype = stmp->type;
- } else if (len != -1){
- if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
- if(!ASN1_STRING_set(stmp, data, len)) goto err;
- atype = attrtype;
- }
- if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
- attr->single = 0;
- /* This is a bit naughty because the attribute should really have
- * at least one value but some types use and zero length SET and
- * require this.
- */
- if (attrtype == 0)
- return 1;
- if(!(ttmp = ASN1_TYPE_new())) goto err;
- if ((len == -1) && !(attrtype & MBSTRING_FLAG))
- {
- if (!ASN1_TYPE_set1(ttmp, attrtype, data))
- goto err;
- }
- else
- ASN1_TYPE_set(ttmp, atype, stmp);
- if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
- return 1;
- err:
- X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
- return 0;
-}
-
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
-{
- if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
- if(attr->value.single) return 1;
- return 0;
-}
-
-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
-{
- if (attr == NULL) return(NULL);
- return(attr->object);
-}
-
-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
- int atrtype, void *data)
-{
- ASN1_TYPE *ttmp;
- ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
- if(!ttmp) return NULL;
- if(atrtype != ASN1_TYPE_get(ttmp)){
- X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
- return NULL;
- }
- return ttmp->value.ptr;
-}
-
-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
-{
- if (attr == NULL) return(NULL);
- if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
- if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
- else return attr->value.single;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_att.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_att.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_att.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_att.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,384 @@
+/* crypto/x509/x509_att.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
+{
+ return sk_X509_ATTRIBUTE_num(x);
+}
+
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+ int lastpos)
+{
+ ASN1_OBJECT *obj;
+
+ obj = OBJ_nid2obj(nid);
+ if (obj == NULL)
+ return (-2);
+ return (X509at_get_attr_by_OBJ(x, obj, lastpos));
+}
+
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
+ ASN1_OBJECT *obj, int lastpos)
+{
+ int n;
+ X509_ATTRIBUTE *ex;
+
+ if (sk == NULL)
+ return (-1);
+ lastpos++;
+ if (lastpos < 0)
+ lastpos = 0;
+ n = sk_X509_ATTRIBUTE_num(sk);
+ for (; lastpos < n; lastpos++) {
+ ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
+ if (OBJ_cmp(ex->object, obj) == 0)
+ return (lastpos);
+ }
+ return (-1);
+}
+
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+ if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+ return NULL;
+ else
+ return sk_X509_ATTRIBUTE_value(x, loc);
+}
+
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+ X509_ATTRIBUTE *ret;
+
+ if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+ return (NULL);
+ ret = sk_X509_ATTRIBUTE_delete(x, loc);
+ return (ret);
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+ X509_ATTRIBUTE *attr)
+{
+ X509_ATTRIBUTE *new_attr = NULL;
+ STACK_OF(X509_ATTRIBUTE) *sk = NULL;
+
+ if (x == NULL) {
+ X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
+ goto err2;
+ }
+
+ if (*x == NULL) {
+ if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
+ goto err;
+ } else
+ sk = *x;
+
+ if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL)
+ goto err2;
+ if (!sk_X509_ATTRIBUTE_push(sk, new_attr))
+ goto err;
+ if (*x == NULL)
+ *x = sk;
+ return (sk);
+ err:
+ X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
+ err2:
+ if (new_attr != NULL)
+ X509_ATTRIBUTE_free(new_attr);
+ if (sk != NULL)
+ sk_X509_ATTRIBUTE_free(sk);
+ return (NULL);
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
+ **x, const ASN1_OBJECT *obj,
+ int type,
+ const unsigned char *bytes,
+ int len)
+{
+ X509_ATTRIBUTE *attr;
+ STACK_OF(X509_ATTRIBUTE) *ret;
+ attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
+ if (!attr)
+ return 0;
+ ret = X509at_add1_attr(x, attr);
+ X509_ATTRIBUTE_free(attr);
+ return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
+ **x, int nid, int type,
+ const unsigned char *bytes,
+ int len)
+{
+ X509_ATTRIBUTE *attr;
+ STACK_OF(X509_ATTRIBUTE) *ret;
+ attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
+ if (!attr)
+ return 0;
+ ret = X509at_add1_attr(x, attr);
+ X509_ATTRIBUTE_free(attr);
+ return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
+ **x, const char *attrname,
+ int type,
+ const unsigned char *bytes,
+ int len)
+{
+ X509_ATTRIBUTE *attr;
+ STACK_OF(X509_ATTRIBUTE) *ret;
+ attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
+ if (!attr)
+ return 0;
+ ret = X509at_add1_attr(x, attr);
+ X509_ATTRIBUTE_free(attr);
+ return ret;
+}
+
+void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+ ASN1_OBJECT *obj, int lastpos, int type)
+{
+ int i;
+ X509_ATTRIBUTE *at;
+ i = X509at_get_attr_by_OBJ(x, obj, lastpos);
+ if (i == -1)
+ return NULL;
+ if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
+ return NULL;
+ at = X509at_get_attr(x, i);
+ if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
+ return NULL;
+ return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+ int atrtype, const void *data,
+ int len)
+{
+ ASN1_OBJECT *obj;
+ X509_ATTRIBUTE *ret;
+
+ obj = OBJ_nid2obj(nid);
+ if (obj == NULL) {
+ X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+ return (NULL);
+ }
+ ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
+ if (ret == NULL)
+ ASN1_OBJECT_free(obj);
+ return (ret);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+ const ASN1_OBJECT *obj,
+ int atrtype, const void *data,
+ int len)
+{
+ X509_ATTRIBUTE *ret;
+
+ if ((attr == NULL) || (*attr == NULL)) {
+ if ((ret = X509_ATTRIBUTE_new()) == NULL) {
+ X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,
+ ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ } else
+ ret = *attr;
+
+ if (!X509_ATTRIBUTE_set1_object(ret, obj))
+ goto err;
+ if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len))
+ goto err;
+
+ if ((attr != NULL) && (*attr == NULL))
+ *attr = ret;
+ return (ret);
+ err:
+ if ((attr == NULL) || (ret != *attr))
+ X509_ATTRIBUTE_free(ret);
+ return (NULL);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+ const char *atrname, int type,
+ const unsigned char *bytes,
+ int len)
+{
+ ASN1_OBJECT *obj;
+ X509_ATTRIBUTE *nattr;
+
+ obj = OBJ_txt2obj(atrname, 0);
+ if (obj == NULL) {
+ X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
+ X509_R_INVALID_FIELD_NAME);
+ ERR_add_error_data(2, "name=", atrname);
+ return (NULL);
+ }
+ nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
+ ASN1_OBJECT_free(obj);
+ return nattr;
+}
+
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
+{
+ if ((attr == NULL) || (obj == NULL))
+ return (0);
+ ASN1_OBJECT_free(attr->object);
+ attr->object = OBJ_dup(obj);
+ return (1);
+}
+
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+ const void *data, int len)
+{
+ ASN1_TYPE *ttmp;
+ ASN1_STRING *stmp = NULL;
+ int atype = 0;
+ if (!attr)
+ return 0;
+ if (attrtype & MBSTRING_FLAG) {
+ stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
+ OBJ_obj2nid(attr->object));
+ if (!stmp) {
+ X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
+ return 0;
+ }
+ atype = stmp->type;
+ } else if (len != -1) {
+ if (!(stmp = ASN1_STRING_type_new(attrtype)))
+ goto err;
+ if (!ASN1_STRING_set(stmp, data, len))
+ goto err;
+ atype = attrtype;
+ }
+ if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
+ goto err;
+ attr->single = 0;
+ /*
+ * This is a bit naughty because the attribute should really have at
+ * least one value but some types use and zero length SET and require
+ * this.
+ */
+ if (attrtype == 0)
+ return 1;
+ if (!(ttmp = ASN1_TYPE_new()))
+ goto err;
+ if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
+ if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+ goto err;
+ } else
+ ASN1_TYPE_set(ttmp, atype, stmp);
+ if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
+ goto err;
+ return 1;
+ err:
+ X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+ return 0;
+}
+
+int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
+{
+ if (!attr->single)
+ return sk_ASN1_TYPE_num(attr->value.set);
+ if (attr->value.single)
+ return 1;
+ return 0;
+}
+
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
+{
+ if (attr == NULL)
+ return (NULL);
+ return (attr->object);
+}
+
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
+ int atrtype, void *data)
+{
+ ASN1_TYPE *ttmp;
+ ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
+ if (!ttmp)
+ return NULL;
+ if (atrtype != ASN1_TYPE_get(ttmp)) {
+ X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
+ return NULL;
+ }
+ return ttmp->value.ptr;
+}
+
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
+{
+ if (attr == NULL)
+ return (NULL);
+ if (idx >= X509_ATTRIBUTE_count(attr))
+ return NULL;
+ if (!attr->single)
+ return sk_ASN1_TYPE_value(attr->value.set, idx);
+ else
+ return attr->value.single;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_cmp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_cmp.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_cmp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,432 +0,0 @@
-/* crypto/x509/x509_cmp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
- {
- int i;
- X509_CINF *ai,*bi;
-
- ai=a->cert_info;
- bi=b->cert_info;
- i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
- if (i) return(i);
- return(X509_NAME_cmp(ai->issuer,bi->issuer));
- }
-
-#ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_and_serial_hash(X509 *a)
- {
- unsigned long ret=0;
- EVP_MD_CTX ctx;
- unsigned char md[16];
- char *f;
-
- EVP_MD_CTX_init(&ctx);
- f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
- ret=strlen(f);
- EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
- EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
- OPENSSL_free(f);
- EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
- (unsigned long)a->cert_info->serialNumber->length);
- EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
- ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
- ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
- )&0xffffffffL;
- EVP_MD_CTX_cleanup(&ctx);
- return(ret);
- }
-#endif
-
-int X509_issuer_name_cmp(const X509 *a, const X509 *b)
- {
- return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
- }
-
-int X509_subject_name_cmp(const X509 *a, const X509 *b)
- {
- return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
- }
-
-int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
- {
- return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
- }
-
-X509_NAME *X509_get_issuer_name(X509 *a)
- {
- return(a->cert_info->issuer);
- }
-
-unsigned long X509_issuer_name_hash(X509 *x)
- {
- return(X509_NAME_hash(x->cert_info->issuer));
- }
-
-X509_NAME *X509_get_subject_name(X509 *a)
- {
- return(a->cert_info->subject);
- }
-
-ASN1_INTEGER *X509_get_serialNumber(X509 *a)
- {
- return(a->cert_info->serialNumber);
- }
-
-unsigned long X509_subject_name_hash(X509 *x)
- {
- return(X509_NAME_hash(x->cert_info->subject));
- }
-
-#ifndef OPENSSL_NO_SHA
-/* Compare two certificates: they must be identical for
- * this to work. NB: Although "cmp" operations are generally
- * prototyped to take "const" arguments (eg. for use in
- * STACKs), the way X509 handling is - these operations may
- * involve ensuring the hashes are up-to-date and ensuring
- * certain cert information is cached. So this is the point
- * where the "depth-first" constification tree has to halt
- * with an evil cast.
- */
-int X509_cmp(const X509 *a, const X509 *b)
-{
- /* ensure hash is valid */
- X509_check_purpose((X509 *)a, -1, 0);
- X509_check_purpose((X509 *)b, -1, 0);
-
- return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
-}
-#endif
-
-
-/* Case insensitive string comparision */
-static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
-{
- int i;
-
- if (a->length != b->length)
- return (a->length - b->length);
-
- for (i=0; i<a->length; i++)
- {
- int ca, cb;
-
- ca = tolower(a->data[i]);
- cb = tolower(b->data[i]);
-
- if (ca != cb)
- return(ca-cb);
- }
- return 0;
-}
-
-/* Case insensitive string comparision with space normalization
- * Space normalization - ignore leading, trailing spaces,
- * multiple spaces between characters are replaced by single space
- */
-static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
-{
- unsigned char *pa = NULL, *pb = NULL;
- int la, lb;
-
- la = a->length;
- lb = b->length;
- pa = a->data;
- pb = b->data;
-
- /* skip leading spaces */
- while (la > 0 && isspace(*pa))
- {
- la--;
- pa++;
- }
- while (lb > 0 && isspace(*pb))
- {
- lb--;
- pb++;
- }
-
- /* skip trailing spaces */
- while (la > 0 && isspace(pa[la-1]))
- la--;
- while (lb > 0 && isspace(pb[lb-1]))
- lb--;
-
- /* compare strings with space normalization */
- while (la > 0 && lb > 0)
- {
- int ca, cb;
-
- /* compare character */
- ca = tolower(*pa);
- cb = tolower(*pb);
- if (ca != cb)
- return (ca - cb);
-
- pa++; pb++;
- la--; lb--;
-
- if (la <= 0 || lb <= 0)
- break;
-
- /* is white space next character ? */
- if (isspace(*pa) && isspace(*pb))
- {
- /* skip remaining white spaces */
- while (la > 0 && isspace(*pa))
- {
- la--;
- pa++;
- }
- while (lb > 0 && isspace(*pb))
- {
- lb--;
- pb++;
- }
- }
- }
- if (la > 0 || lb > 0)
- return la - lb;
-
- return 0;
-}
-
-static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b)
- {
- int j;
- j = a->length - b->length;
- if (j)
- return j;
- return memcmp(a->data, b->data, a->length);
- }
-
-#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING)
-
-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
- {
- int i,j;
- X509_NAME_ENTRY *na,*nb;
-
- unsigned long nabit, nbbit;
-
- j = sk_X509_NAME_ENTRY_num(a->entries)
- - sk_X509_NAME_ENTRY_num(b->entries);
- if (j)
- return j;
- for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
- {
- na=sk_X509_NAME_ENTRY_value(a->entries,i);
- nb=sk_X509_NAME_ENTRY_value(b->entries,i);
- j=na->value->type-nb->value->type;
- if (j)
- {
- nabit = ASN1_tag2bit(na->value->type);
- nbbit = ASN1_tag2bit(nb->value->type);
- if (!(nabit & STR_TYPE_CMP) ||
- !(nbbit & STR_TYPE_CMP))
- return j;
- if (!asn1_string_memcmp(na->value, nb->value))
- j = 0;
- }
- else if (na->value->type == V_ASN1_PRINTABLESTRING)
- j=nocase_spacenorm_cmp(na->value, nb->value);
- else if (na->value->type == V_ASN1_IA5STRING
- && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
- j=nocase_cmp(na->value, nb->value);
- else
- j = asn1_string_memcmp(na->value, nb->value);
- if (j) return(j);
- j=na->set-nb->set;
- if (j) return(j);
- }
-
- /* We will check the object types after checking the values
- * since the values will more often be different than the object
- * types. */
- for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
- {
- na=sk_X509_NAME_ENTRY_value(a->entries,i);
- nb=sk_X509_NAME_ENTRY_value(b->entries,i);
- j=OBJ_cmp(na->object,nb->object);
- if (j) return(j);
- }
- return(0);
- }
-
-#ifndef OPENSSL_NO_MD5
-/* I now DER encode the name and hash it. Since I cache the DER encoding,
- * this is reasonably efficient. */
-unsigned long X509_NAME_hash(X509_NAME *x)
- {
- unsigned long ret=0;
- unsigned char md[16];
- EVP_MD_CTX md_ctx;
-
- /* Make sure X509_NAME structure contains valid cached encoding */
- i2d_X509_NAME(x,NULL);
- EVP_MD_CTX_init(&md_ctx);
- EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
- EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
- EVP_DigestFinal_ex(&md_ctx,md,NULL);
- EVP_MD_CTX_cleanup(&md_ctx);
-
- ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)|
- ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
- )&0xffffffffL;
- return(ret);
- }
-#endif
-
-/* Search a stack of X509 for a match */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
- ASN1_INTEGER *serial)
- {
- int i;
- X509_CINF cinf;
- X509 x,*x509=NULL;
-
- if(!sk) return NULL;
-
- x.cert_info= &cinf;
- cinf.serialNumber=serial;
- cinf.issuer=name;
-
- for (i=0; i<sk_X509_num(sk); i++)
- {
- x509=sk_X509_value(sk,i);
- if (X509_issuer_and_serial_cmp(x509,&x) == 0)
- return(x509);
- }
- return(NULL);
- }
-
-X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
- {
- X509 *x509;
- int i;
-
- for (i=0; i<sk_X509_num(sk); i++)
- {
- x509=sk_X509_value(sk,i);
- if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
- return(x509);
- }
- return(NULL);
- }
-
-EVP_PKEY *X509_get_pubkey(X509 *x)
- {
- if ((x == NULL) || (x->cert_info == NULL))
- return(NULL);
- return(X509_PUBKEY_get(x->cert_info->key));
- }
-
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
- {
- if(!x) return NULL;
- return x->cert_info->key->public_key;
- }
-
-int X509_check_private_key(X509 *x, EVP_PKEY *k)
- {
- EVP_PKEY *xk=NULL;
- int ok=0;
-
- xk=X509_get_pubkey(x);
- switch (EVP_PKEY_cmp(xk, k))
- {
- case 1:
- ok=1;
- break;
- case 0:
- X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
- break;
- case -1:
- X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
- break;
- case -2:
-#ifndef OPENSSL_NO_EC
- if (k->type == EVP_PKEY_EC)
- {
- X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
- break;
- }
-#endif
-#ifndef OPENSSL_NO_DH
- if (k->type == EVP_PKEY_DH)
- {
- /* No idea */
- X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
- break;
- }
-#endif
- X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
- }
-
- EVP_PKEY_free(xk);
- return(ok);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_cmp.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_cmp.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_cmp.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_cmp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,425 @@
+/* crypto/x509/x509_cmp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
+{
+ int i;
+ X509_CINF *ai, *bi;
+
+ ai = a->cert_info;
+ bi = b->cert_info;
+ i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
+ if (i)
+ return (i);
+ return (X509_NAME_cmp(ai->issuer, bi->issuer));
+}
+
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_and_serial_hash(X509 *a)
+{
+ unsigned long ret = 0;
+ EVP_MD_CTX ctx;
+ unsigned char md[16];
+ char *f;
+
+ EVP_MD_CTX_init(&ctx);
+ f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
+ ret = strlen(f);
+ EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(&ctx, (unsigned char *)f, ret);
+ OPENSSL_free(f);
+ EVP_DigestUpdate(&ctx, (unsigned char *)a->cert_info->serialNumber->data,
+ (unsigned long)a->cert_info->serialNumber->length);
+ EVP_DigestFinal_ex(&ctx, &(md[0]), NULL);
+ ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+ ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+ ) & 0xffffffffL;
+ EVP_MD_CTX_cleanup(&ctx);
+ return (ret);
+}
+#endif
+
+int X509_issuer_name_cmp(const X509 *a, const X509 *b)
+{
+ return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer));
+}
+
+int X509_subject_name_cmp(const X509 *a, const X509 *b)
+{
+ return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject));
+}
+
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
+{
+ return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer));
+}
+
+X509_NAME *X509_get_issuer_name(X509 *a)
+{
+ return (a->cert_info->issuer);
+}
+
+unsigned long X509_issuer_name_hash(X509 *x)
+{
+ return (X509_NAME_hash(x->cert_info->issuer));
+}
+
+X509_NAME *X509_get_subject_name(X509 *a)
+{
+ return (a->cert_info->subject);
+}
+
+ASN1_INTEGER *X509_get_serialNumber(X509 *a)
+{
+ return (a->cert_info->serialNumber);
+}
+
+unsigned long X509_subject_name_hash(X509 *x)
+{
+ return (X509_NAME_hash(x->cert_info->subject));
+}
+
+#ifndef OPENSSL_NO_SHA
+/*
+ * Compare two certificates: they must be identical for this to work. NB:
+ * Although "cmp" operations are generally prototyped to take "const"
+ * arguments (eg. for use in STACKs), the way X509 handling is - these
+ * operations may involve ensuring the hashes are up-to-date and ensuring
+ * certain cert information is cached. So this is the point where the
+ * "depth-first" constification tree has to halt with an evil cast.
+ */
+int X509_cmp(const X509 *a, const X509 *b)
+{
+ /* ensure hash is valid */
+ X509_check_purpose((X509 *)a, -1, 0);
+ X509_check_purpose((X509 *)b, -1, 0);
+
+ return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+}
+#endif
+
+/* Case insensitive string comparision */
+static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+ int i;
+
+ if (a->length != b->length)
+ return (a->length - b->length);
+
+ for (i = 0; i < a->length; i++) {
+ int ca, cb;
+
+ ca = tolower(a->data[i]);
+ cb = tolower(b->data[i]);
+
+ if (ca != cb)
+ return (ca - cb);
+ }
+ return 0;
+}
+
+/*
+ * Case insensitive string comparision with space normalization Space
+ * normalization - ignore leading, trailing spaces, multiple spaces between
+ * characters are replaced by single space
+ */
+static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+ unsigned char *pa = NULL, *pb = NULL;
+ int la, lb;
+
+ la = a->length;
+ lb = b->length;
+ pa = a->data;
+ pb = b->data;
+
+ /* skip leading spaces */
+ while (la > 0 && isspace(*pa)) {
+ la--;
+ pa++;
+ }
+ while (lb > 0 && isspace(*pb)) {
+ lb--;
+ pb++;
+ }
+
+ /* skip trailing spaces */
+ while (la > 0 && isspace(pa[la - 1]))
+ la--;
+ while (lb > 0 && isspace(pb[lb - 1]))
+ lb--;
+
+ /* compare strings with space normalization */
+ while (la > 0 && lb > 0) {
+ int ca, cb;
+
+ /* compare character */
+ ca = tolower(*pa);
+ cb = tolower(*pb);
+ if (ca != cb)
+ return (ca - cb);
+
+ pa++;
+ pb++;
+ la--;
+ lb--;
+
+ if (la <= 0 || lb <= 0)
+ break;
+
+ /* is white space next character ? */
+ if (isspace(*pa) && isspace(*pb)) {
+ /* skip remaining white spaces */
+ while (la > 0 && isspace(*pa)) {
+ la--;
+ pa++;
+ }
+ while (lb > 0 && isspace(*pb)) {
+ lb--;
+ pb++;
+ }
+ }
+ }
+ if (la > 0 || lb > 0)
+ return la - lb;
+
+ return 0;
+}
+
+static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b)
+{
+ int j;
+ j = a->length - b->length;
+ if (j)
+ return j;
+ return memcmp(a->data, b->data, a->length);
+}
+
+#define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING)
+
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+{
+ int i, j;
+ X509_NAME_ENTRY *na, *nb;
+
+ unsigned long nabit, nbbit;
+
+ j = sk_X509_NAME_ENTRY_num(a->entries)
+ - sk_X509_NAME_ENTRY_num(b->entries);
+ if (j)
+ return j;
+ for (i = sk_X509_NAME_ENTRY_num(a->entries) - 1; i >= 0; i--) {
+ na = sk_X509_NAME_ENTRY_value(a->entries, i);
+ nb = sk_X509_NAME_ENTRY_value(b->entries, i);
+ j = na->value->type - nb->value->type;
+ if (j) {
+ nabit = ASN1_tag2bit(na->value->type);
+ nbbit = ASN1_tag2bit(nb->value->type);
+ if (!(nabit & STR_TYPE_CMP) || !(nbbit & STR_TYPE_CMP))
+ return j;
+ if (!asn1_string_memcmp(na->value, nb->value))
+ j = 0;
+ } else if (na->value->type == V_ASN1_PRINTABLESTRING)
+ j = nocase_spacenorm_cmp(na->value, nb->value);
+ else if (na->value->type == V_ASN1_IA5STRING
+ && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
+ j = nocase_cmp(na->value, nb->value);
+ else
+ j = asn1_string_memcmp(na->value, nb->value);
+ if (j)
+ return (j);
+ j = na->set - nb->set;
+ if (j)
+ return (j);
+ }
+
+ /*
+ * We will check the object types after checking the values since the
+ * values will more often be different than the object types.
+ */
+ for (i = sk_X509_NAME_ENTRY_num(a->entries) - 1; i >= 0; i--) {
+ na = sk_X509_NAME_ENTRY_value(a->entries, i);
+ nb = sk_X509_NAME_ENTRY_value(b->entries, i);
+ j = OBJ_cmp(na->object, nb->object);
+ if (j)
+ return (j);
+ }
+ return (0);
+}
+
+#ifndef OPENSSL_NO_MD5
+/*
+ * I now DER encode the name and hash it. Since I cache the DER encoding,
+ * this is reasonably efficient.
+ */
+unsigned long X509_NAME_hash(X509_NAME *x)
+{
+ unsigned long ret = 0;
+ unsigned char md[16];
+ EVP_MD_CTX md_ctx;
+
+ /* Make sure X509_NAME structure contains valid cached encoding */
+ i2d_X509_NAME(x, NULL);
+ EVP_MD_CTX_init(&md_ctx);
+ EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
+ EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
+ EVP_DigestFinal_ex(&md_ctx, md, NULL);
+ EVP_MD_CTX_cleanup(&md_ctx);
+
+ ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+ ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+ ) & 0xffffffffL;
+ return (ret);
+}
+#endif
+
+/* Search a stack of X509 for a match */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+ ASN1_INTEGER *serial)
+{
+ int i;
+ X509_CINF cinf;
+ X509 x, *x509 = NULL;
+
+ if (!sk)
+ return NULL;
+
+ x.cert_info = &cinf;
+ cinf.serialNumber = serial;
+ cinf.issuer = name;
+
+ for (i = 0; i < sk_X509_num(sk); i++) {
+ x509 = sk_X509_value(sk, i);
+ if (X509_issuer_and_serial_cmp(x509, &x) == 0)
+ return (x509);
+ }
+ return (NULL);
+}
+
+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
+{
+ X509 *x509;
+ int i;
+
+ for (i = 0; i < sk_X509_num(sk); i++) {
+ x509 = sk_X509_value(sk, i);
+ if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
+ return (x509);
+ }
+ return (NULL);
+}
+
+EVP_PKEY *X509_get_pubkey(X509 *x)
+{
+ if ((x == NULL) || (x->cert_info == NULL))
+ return (NULL);
+ return (X509_PUBKEY_get(x->cert_info->key));
+}
+
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+{
+ if (!x)
+ return NULL;
+ return x->cert_info->key->public_key;
+}
+
+int X509_check_private_key(X509 *x, EVP_PKEY *k)
+{
+ EVP_PKEY *xk = NULL;
+ int ok = 0;
+
+ xk = X509_get_pubkey(x);
+ switch (EVP_PKEY_cmp(xk, k)) {
+ case 1:
+ ok = 1;
+ break;
+ case 0:
+ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH);
+ break;
+ case -1:
+ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH);
+ break;
+ case -2:
+#ifndef OPENSSL_NO_EC
+ if (k->type == EVP_PKEY_EC) {
+ X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
+ break;
+ }
+#endif
+#ifndef OPENSSL_NO_DH
+ if (k->type == EVP_PKEY_DH) {
+ /* No idea */
+ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_CANT_CHECK_DH_KEY);
+ break;
+ }
+#endif
+ X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
+ }
+
+ EVP_PKEY_free(xk);
+ return (ok);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_d2.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_d2.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_d2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,107 +0,0 @@
-/* crypto/x509/x509_d2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-
-#ifndef OPENSSL_NO_STDIO
-int X509_STORE_set_default_paths(X509_STORE *ctx)
- {
- X509_LOOKUP *lookup;
-
- lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
- if (lookup == NULL) return(0);
- X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
- if (lookup == NULL) return(0);
- X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- /* clear any errors */
- ERR_clear_error();
-
- return(1);
- }
-
-int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
- const char *path)
- {
- X509_LOOKUP *lookup;
-
- if (file != NULL)
- {
- lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
- if (lookup == NULL) return(0);
- if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
- return(0);
- }
- if (path != NULL)
- {
- lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
- if (lookup == NULL) return(0);
- if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
- return(0);
- }
- if ((path == NULL) && (file == NULL))
- return(0);
- return(1);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_d2.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_d2.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_d2.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_d2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,109 @@
+/* crypto/x509/x509_d2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+
+#ifndef OPENSSL_NO_STDIO
+int X509_STORE_set_default_paths(X509_STORE *ctx)
+{
+ X509_LOOKUP *lookup;
+
+ lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
+ if (lookup == NULL)
+ return (0);
+ X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+ lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
+ return (0);
+ X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+ /* clear any errors */
+ ERR_clear_error();
+
+ return (1);
+}
+
+int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
+ const char *path)
+{
+ X509_LOOKUP *lookup;
+
+ if (file != NULL) {
+ lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
+ if (lookup == NULL)
+ return (0);
+ if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1)
+ return (0);
+ }
+ if (path != NULL) {
+ lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
+ if (lookup == NULL)
+ return (0);
+ if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
+ return (0);
+ }
+ if ((path == NULL) && (file == NULL))
+ return (0);
+ return (1);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_def.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_def.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_def.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,81 +0,0 @@
-/* crypto/x509/x509_def.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-
-const char *X509_get_default_private_dir(void)
- { return(X509_PRIVATE_DIR); }
-
-const char *X509_get_default_cert_area(void)
- { return(X509_CERT_AREA); }
-
-const char *X509_get_default_cert_dir(void)
- { return(X509_CERT_DIR); }
-
-const char *X509_get_default_cert_file(void)
- { return(X509_CERT_FILE); }
-
-const char *X509_get_default_cert_dir_env(void)
- { return(X509_CERT_DIR_EVP); }
-
-const char *X509_get_default_cert_file_env(void)
- { return(X509_CERT_FILE_EVP); }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_def.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_def.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_def.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_def.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,92 @@
+/* crypto/x509/x509_def.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+
+const char *X509_get_default_private_dir(void)
+{
+ return (X509_PRIVATE_DIR);
+}
+
+const char *X509_get_default_cert_area(void)
+{
+ return (X509_CERT_AREA);
+}
+
+const char *X509_get_default_cert_dir(void)
+{
+ return (X509_CERT_DIR);
+}
+
+const char *X509_get_default_cert_file(void)
+{
+ return (X509_CERT_FILE);
+}
+
+const char *X509_get_default_cert_dir_env(void)
+{
+ return (X509_CERT_DIR_EVP);
+}
+
+const char *X509_get_default_cert_file_env(void)
+{
+ return (X509_CERT_FILE_EVP);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,161 +0,0 @@
-/* crypto/x509/x509_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
-
-static ERR_STRING_DATA X509_str_functs[]=
- {
-{ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
-{ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
-{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
-{ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
-{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
-{ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
-{ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
-{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
-{ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
-{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS), "X509_get_pubkey_parameters"},
-{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
-{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
-{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
-{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID), "X509_NAME_ENTRY_create_by_NID"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT), "X509_NAME_ENTRY_create_by_txt"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT), "X509_NAME_ENTRY_set_object"},
-{ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
-{ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
-{ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
-{ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
-{ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
-{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), "X509_REQ_check_private_key"},
-{ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
-{ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
-{ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
-{ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
-{ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER), "X509_STORE_CTX_get1_issuer"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT), "X509_STORE_CTX_purpose_inherit"},
-{ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
-{ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
-{ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
-{ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA X509_str_reasons[]=
- {
-{ERR_REASON(X509_R_BAD_X509_FILETYPE) ,"bad x509 filetype"},
-{ERR_REASON(X509_R_BASE64_DECODE_ERROR) ,"base64 decode error"},
-{ERR_REASON(X509_R_CANT_CHECK_DH_KEY) ,"cant check dh key"},
-{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},
-{ERR_REASON(X509_R_ERR_ASN1_LIB) ,"err asn1 lib"},
-{ERR_REASON(X509_R_INVALID_DIRECTORY) ,"invalid directory"},
-{ERR_REASON(X509_R_INVALID_FIELD_NAME) ,"invalid field name"},
-{ERR_REASON(X509_R_INVALID_TRUST) ,"invalid trust"},
-{ERR_REASON(X509_R_KEY_TYPE_MISMATCH) ,"key type mismatch"},
-{ERR_REASON(X509_R_KEY_VALUES_MISMATCH) ,"key values mismatch"},
-{ERR_REASON(X509_R_LOADING_CERT_DIR) ,"loading cert dir"},
-{ERR_REASON(X509_R_LOADING_DEFAULTS) ,"loading defaults"},
-{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
-{ERR_REASON(X509_R_SHOULD_RETRY) ,"should retry"},
-{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
-{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
-{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) ,"unknown key type"},
-{ERR_REASON(X509_R_UNKNOWN_NID) ,"unknown nid"},
-{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) ,"unknown purpose id"},
-{ERR_REASON(X509_R_UNKNOWN_TRUST_ID) ,"unknown trust id"},
-{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},
-{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) ,"wrong lookup type"},
-{ERR_REASON(X509_R_WRONG_TYPE) ,"wrong type"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_X509_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(X509_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,X509_str_functs);
- ERR_load_strings(0,X509_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,175 @@
+/* crypto/x509/x509_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
+
+static ERR_STRING_DATA X509_str_functs[] = {
+ {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
+ {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
+ {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
+ {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
+ {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
+ {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
+ {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
+ {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
+ {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID),
+ "X509_ATTRIBUTE_create_by_NID"},
+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ),
+ "X509_ATTRIBUTE_create_by_OBJ"},
+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT),
+ "X509_ATTRIBUTE_create_by_txt"},
+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
+ {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
+ {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
+ {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
+ {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID),
+ "X509_EXTENSION_create_by_NID"},
+ {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ),
+ "X509_EXTENSION_create_by_OBJ"},
+ {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),
+ "X509_get_pubkey_parameters"},
+ {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
+ {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
+ {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
+ {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
+ {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),
+ "X509_NAME_ENTRY_create_by_NID"},
+ {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),
+ "X509_NAME_ENTRY_create_by_txt"},
+ {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),
+ "X509_NAME_ENTRY_set_object"},
+ {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
+ {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
+ {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
+ {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
+ {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
+ {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),
+ "X509_REQ_check_private_key"},
+ {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
+ {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
+ {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
+ {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
+ {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
+ {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),
+ "X509_STORE_CTX_get1_issuer"},
+ {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
+ {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
+ {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),
+ "X509_STORE_CTX_purpose_inherit"},
+ {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
+ {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
+ {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
+ {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA X509_str_reasons[] = {
+ {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
+ {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"},
+ {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
+ {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),
+ "cert already in hash table"},
+ {ERR_REASON(X509_R_ERR_ASN1_LIB), "err asn1 lib"},
+ {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
+ {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
+ {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"},
+ {ERR_REASON(X509_R_KEY_TYPE_MISMATCH), "key type mismatch"},
+ {ERR_REASON(X509_R_KEY_VALUES_MISMATCH), "key values mismatch"},
+ {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
+ {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
+ {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
+ "no cert set for us to verify"},
+ {ERR_REASON(X509_R_SHOULD_RETRY), "should retry"},
+ {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),
+ "unable to find parameters in chain"},
+ {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),
+ "unable to get certs public key"},
+ {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE), "unknown key type"},
+ {ERR_REASON(X509_R_UNKNOWN_NID), "unknown nid"},
+ {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID), "unknown purpose id"},
+ {ERR_REASON(X509_R_UNKNOWN_TRUST_ID), "unknown trust id"},
+ {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
+ {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"},
+ {ERR_REASON(X509_R_WRONG_TYPE), "wrong type"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_X509_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, X509_str_functs);
+ ERR_load_strings(0, X509_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_ext.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_ext.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_ext.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,210 +0,0 @@
-/* crypto/x509/x509_ext.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-
-int X509_CRL_get_ext_count(X509_CRL *x)
- {
- return(X509v3_get_ext_count(x->crl->extensions));
- }
-
-int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
- {
- return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
- }
-
-int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
- {
- return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
- }
-
-int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
- {
- return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
- }
-
-X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
- {
- return(X509v3_get_ext(x->crl->extensions,loc));
- }
-
-X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
- {
- return(X509v3_delete_ext(x->crl->extensions,loc));
- }
-
-void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
-{
- return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
-}
-
-int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
- unsigned long flags)
-{
- return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
-}
-
-int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
- {
- return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
- }
-
-int X509_get_ext_count(X509 *x)
- {
- return(X509v3_get_ext_count(x->cert_info->extensions));
- }
-
-int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
- {
- return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
- }
-
-int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
- {
- return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
- }
-
-int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
- {
- return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
- }
-
-X509_EXTENSION *X509_get_ext(X509 *x, int loc)
- {
- return(X509v3_get_ext(x->cert_info->extensions,loc));
- }
-
-X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
- {
- return(X509v3_delete_ext(x->cert_info->extensions,loc));
- }
-
-int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
- {
- return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
- }
-
-void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
-{
- return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
-}
-
-int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
- unsigned long flags)
-{
- return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
- flags);
-}
-
-int X509_REVOKED_get_ext_count(X509_REVOKED *x)
- {
- return(X509v3_get_ext_count(x->extensions));
- }
-
-int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
- {
- return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
- }
-
-int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
- int lastpos)
- {
- return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
- }
-
-int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
- {
- return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
- }
-
-X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
- {
- return(X509v3_get_ext(x->extensions,loc));
- }
-
-X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
- {
- return(X509v3_delete_ext(x->extensions,loc));
- }
-
-int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
- {
- return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
- }
-
-void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
-{
- return X509V3_get_d2i(x->extensions, nid, crit, idx);
-}
-
-int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
- unsigned long flags)
-{
- return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
-}
-
-IMPLEMENT_STACK_OF(X509_EXTENSION)
-IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_ext.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_ext.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_ext.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_ext.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,211 @@
+/* crypto/x509/x509_ext.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int X509_CRL_get_ext_count(X509_CRL *x)
+{
+ return (X509v3_get_ext_count(x->crl->extensions));
+}
+
+int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
+{
+ return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos));
+}
+
+int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
+{
+ return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos));
+}
+
+int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
+{
+ return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos));
+}
+
+X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
+{
+ return (X509v3_get_ext(x->crl->extensions, loc));
+}
+
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
+{
+ return (X509v3_delete_ext(x->crl->extensions, loc));
+}
+
+void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
+{
+ return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
+}
+
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+ unsigned long flags)
+{
+ return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
+}
+
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
+{
+ return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL);
+}
+
+int X509_get_ext_count(X509 *x)
+{
+ return (X509v3_get_ext_count(x->cert_info->extensions));
+}
+
+int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
+{
+ return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos));
+}
+
+int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
+{
+ return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos));
+}
+
+int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
+{
+ return (X509v3_get_ext_by_critical
+ (x->cert_info->extensions, crit, lastpos));
+}
+
+X509_EXTENSION *X509_get_ext(X509 *x, int loc)
+{
+ return (X509v3_get_ext(x->cert_info->extensions, loc));
+}
+
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
+{
+ return (X509v3_delete_ext(x->cert_info->extensions, loc));
+}
+
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
+{
+ return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL);
+}
+
+void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
+{
+ return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
+}
+
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+ unsigned long flags)
+{
+ return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
+ flags);
+}
+
+int X509_REVOKED_get_ext_count(X509_REVOKED *x)
+{
+ return (X509v3_get_ext_count(x->extensions));
+}
+
+int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
+{
+ return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
+}
+
+int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
+ int lastpos)
+{
+ return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
+}
+
+int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
+{
+ return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
+}
+
+X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
+{
+ return (X509v3_get_ext(x->extensions, loc));
+}
+
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
+{
+ return (X509v3_delete_ext(x->extensions, loc));
+}
+
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
+{
+ return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
+}
+
+void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
+{
+ return X509V3_get_d2i(x->extensions, nid, crit, idx);
+}
+
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+ unsigned long flags)
+{
+ return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
+}
+
+IMPLEMENT_STACK_OF(X509_EXTENSION)
+
+IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_lu.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_lu.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_lu.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,579 +0,0 @@
-/* crypto/x509/x509_lu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
- {
- X509_LOOKUP *ret;
-
- ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
- if (ret == NULL) return NULL;
-
- ret->init=0;
- ret->skip=0;
- ret->method=method;
- ret->method_data=NULL;
- ret->store_ctx=NULL;
- if ((method->new_item != NULL) && !method->new_item(ret))
- {
- OPENSSL_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void X509_LOOKUP_free(X509_LOOKUP *ctx)
- {
- if (ctx == NULL) return;
- if ( (ctx->method != NULL) &&
- (ctx->method->free != NULL))
- ctx->method->free(ctx);
- OPENSSL_free(ctx);
- }
-
-int X509_LOOKUP_init(X509_LOOKUP *ctx)
- {
- if (ctx->method == NULL) return 0;
- if (ctx->method->init != NULL)
- return ctx->method->init(ctx);
- else
- return 1;
- }
-
-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
- {
- if (ctx->method == NULL) return 0;
- if (ctx->method->shutdown != NULL)
- return ctx->method->shutdown(ctx);
- else
- return 1;
- }
-
-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
- char **ret)
- {
- if (ctx->method == NULL) return -1;
- if (ctx->method->ctrl != NULL)
- return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
- else
- return 1;
- }
-
-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
- X509_OBJECT *ret)
- {
- if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
- return X509_LU_FAIL;
- if (ctx->skip) return 0;
- return ctx->method->get_by_subject(ctx,type,name,ret);
- }
-
-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
- ASN1_INTEGER *serial, X509_OBJECT *ret)
- {
- if ((ctx->method == NULL) ||
- (ctx->method->get_by_issuer_serial == NULL))
- return X509_LU_FAIL;
- return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
- }
-
-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
- unsigned char *bytes, int len, X509_OBJECT *ret)
- {
- if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
- return X509_LU_FAIL;
- return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
- }
-
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
- X509_OBJECT *ret)
- {
- if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
- return X509_LU_FAIL;
- return ctx->method->get_by_alias(ctx,type,str,len,ret);
- }
-
-
-static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
- {
- int ret;
-
- ret=((*a)->type - (*b)->type);
- if (ret) return ret;
- switch ((*a)->type)
- {
- case X509_LU_X509:
- ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
- break;
- case X509_LU_CRL:
- ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
- break;
- default:
- /* abort(); */
- return 0;
- }
- return ret;
- }
-
-X509_STORE *X509_STORE_new(void)
- {
- X509_STORE *ret;
-
- if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
- return NULL;
- ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
- ret->cache=1;
- ret->get_cert_methods=sk_X509_LOOKUP_new_null();
- ret->verify=0;
- ret->verify_cb=0;
-
- if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
- return NULL;
-
- ret->get_issuer = 0;
- ret->check_issued = 0;
- ret->check_revocation = 0;
- ret->get_crl = 0;
- ret->check_crl = 0;
- ret->cert_crl = 0;
- ret->cleanup = 0;
-
- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
- {
- sk_X509_OBJECT_free(ret->objs);
- OPENSSL_free(ret);
- return NULL;
- }
-
- ret->references=1;
- return ret;
- }
-
-static void cleanup(X509_OBJECT *a)
- {
- if (a->type == X509_LU_X509)
- {
- X509_free(a->data.x509);
- }
- else if (a->type == X509_LU_CRL)
- {
- X509_CRL_free(a->data.crl);
- }
- else
- {
- /* abort(); */
- }
-
- OPENSSL_free(a);
- }
-
-void X509_STORE_free(X509_STORE *vfy)
- {
- int i;
- STACK_OF(X509_LOOKUP) *sk;
- X509_LOOKUP *lu;
-
- if (vfy == NULL)
- return;
-
- sk=vfy->get_cert_methods;
- for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
- {
- lu=sk_X509_LOOKUP_value(sk,i);
- X509_LOOKUP_shutdown(lu);
- X509_LOOKUP_free(lu);
- }
- sk_X509_LOOKUP_free(sk);
- sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
- if (vfy->param)
- X509_VERIFY_PARAM_free(vfy->param);
- OPENSSL_free(vfy);
- }
-
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
- {
- int i;
- STACK_OF(X509_LOOKUP) *sk;
- X509_LOOKUP *lu;
-
- sk=v->get_cert_methods;
- for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
- {
- lu=sk_X509_LOOKUP_value(sk,i);
- if (m == lu->method)
- {
- return lu;
- }
- }
- /* a new one */
- lu=X509_LOOKUP_new(m);
- if (lu == NULL)
- return NULL;
- else
- {
- lu->store_ctx=v;
- if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
- return lu;
- else
- {
- X509_LOOKUP_free(lu);
- return NULL;
- }
- }
- }
-
-int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
- X509_OBJECT *ret)
- {
- X509_STORE *ctx=vs->ctx;
- X509_LOOKUP *lu;
- X509_OBJECT stmp,*tmp;
- int i,j;
-
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
- tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
- if (tmp == NULL)
- {
- for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
- {
- lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
- j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
- if (j < 0)
- {
- vs->current_method=j;
- return j;
- }
- else if (j)
- {
- tmp= &stmp;
- break;
- }
- }
- vs->current_method=0;
- if (tmp == NULL)
- return 0;
- }
-
-/* if (ret->data.ptr != NULL)
- X509_OBJECT_free_contents(ret); */
-
- ret->type=tmp->type;
- ret->data.ptr=tmp->data.ptr;
-
- X509_OBJECT_up_ref_count(ret);
-
- return 1;
- }
-
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
- {
- X509_OBJECT *obj;
- int ret=1;
-
- if (x == NULL) return 0;
- obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
- if (obj == NULL)
- {
- X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- obj->type=X509_LU_X509;
- obj->data.x509=x;
-
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
- X509_OBJECT_up_ref_count(obj);
-
- if (X509_OBJECT_retrieve_match(ctx->objs, obj))
- {
- X509_OBJECT_free_contents(obj);
- OPENSSL_free(obj);
- X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
- ret=0;
- }
- else sk_X509_OBJECT_push(ctx->objs, obj);
-
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
- return ret;
- }
-
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
- {
- X509_OBJECT *obj;
- int ret=1;
-
- if (x == NULL) return 0;
- obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
- if (obj == NULL)
- {
- X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- obj->type=X509_LU_CRL;
- obj->data.crl=x;
-
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
- X509_OBJECT_up_ref_count(obj);
-
- if (X509_OBJECT_retrieve_match(ctx->objs, obj))
- {
- X509_OBJECT_free_contents(obj);
- OPENSSL_free(obj);
- X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
- ret=0;
- }
- else sk_X509_OBJECT_push(ctx->objs, obj);
-
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
- return ret;
- }
-
-void X509_OBJECT_up_ref_count(X509_OBJECT *a)
- {
- switch (a->type)
- {
- case X509_LU_X509:
- CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
- break;
- case X509_LU_CRL:
- CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
- break;
- }
- }
-
-void X509_OBJECT_free_contents(X509_OBJECT *a)
- {
- switch (a->type)
- {
- case X509_LU_X509:
- X509_free(a->data.x509);
- break;
- case X509_LU_CRL:
- X509_CRL_free(a->data.crl);
- break;
- }
- }
-
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
- X509_NAME *name)
- {
- X509_OBJECT stmp;
- X509 x509_s;
- X509_CINF cinf_s;
- X509_CRL crl_s;
- X509_CRL_INFO crl_info_s;
-
- stmp.type=type;
- switch (type)
- {
- case X509_LU_X509:
- stmp.data.x509= &x509_s;
- x509_s.cert_info= &cinf_s;
- cinf_s.subject=name;
- break;
- case X509_LU_CRL:
- stmp.data.crl= &crl_s;
- crl_s.crl= &crl_info_s;
- crl_info_s.issuer=name;
- break;
- default:
- /* abort(); */
- return -1;
- }
-
- return sk_X509_OBJECT_find(h,&stmp);
- }
-
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
- X509_NAME *name)
- {
- int idx;
- idx = X509_OBJECT_idx_by_subject(h, type, name);
- if (idx==-1) return NULL;
- return sk_X509_OBJECT_value(h, idx);
- }
-
-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
- {
- int idx, i;
- X509_OBJECT *obj;
- idx = sk_X509_OBJECT_find(h, x);
- if (idx == -1) return NULL;
- if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
- for (i = idx; i < sk_X509_OBJECT_num(h); i++)
- {
- obj = sk_X509_OBJECT_value(h, i);
- if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
- return NULL;
- if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
- return obj;
- }
- return NULL;
- }
-
-
-/* Try to get issuer certificate from store. Due to limitations
- * of the API this can only retrieve a single certificate matching
- * a given subject name. However it will fill the cache with all
- * matching certificates, so we can examine the cache for all
- * matches.
- *
- * Return values are:
- * 1 lookup successful.
- * 0 certificate not found.
- * -1 some other error.
- */
-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
- {
- X509_NAME *xn;
- X509_OBJECT obj, *pobj;
- int i, ok, idx, ret;
- xn=X509_get_issuer_name(x);
- ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
- if (ok != X509_LU_X509)
- {
- if (ok == X509_LU_RETRY)
- {
- X509_OBJECT_free_contents(&obj);
- X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY);
- return -1;
- }
- else if (ok != X509_LU_FAIL)
- {
- X509_OBJECT_free_contents(&obj);
- /* not good :-(, break anyway */
- return -1;
- }
- return 0;
- }
- /* If certificate matches all OK */
- if (ctx->check_issued(ctx, x, obj.data.x509))
- {
- *issuer = obj.data.x509;
- return 1;
- }
- X509_OBJECT_free_contents(&obj);
-
- /* Else find index of first cert accepted by 'check_issued' */
- ret = 0;
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
- idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
- if (idx != -1) /* should be true as we've had at least one match */
- {
- /* Look through all matching certs for suitable issuer */
- for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
- {
- pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
- /* See if we've run past the matches */
- if (pobj->type != X509_LU_X509)
- break;
- if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
- break;
- if (ctx->check_issued(ctx, x, pobj->data.x509))
- {
- *issuer = pobj->data.x509;
- X509_OBJECT_up_ref_count(pobj);
- ret = 1;
- break;
- }
- }
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
- return ret;
- }
-
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
- {
- return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
- }
-
-int X509_STORE_set_depth(X509_STORE *ctx, int depth)
- {
- X509_VERIFY_PARAM_set_depth(ctx->param, depth);
- return 1;
- }
-
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
- {
- return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
- }
-
-int X509_STORE_set_trust(X509_STORE *ctx, int trust)
- {
- return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
- }
-
-int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
- {
- return X509_VERIFY_PARAM_set1(ctx->param, param);
- }
-
-IMPLEMENT_STACK_OF(X509_LOOKUP)
-IMPLEMENT_STACK_OF(X509_OBJECT)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_lu.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_lu.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_lu.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_lu.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,563 @@
+/* crypto/x509/x509_lu.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
+{
+ X509_LOOKUP *ret;
+
+ ret = (X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
+ if (ret == NULL)
+ return NULL;
+
+ ret->init = 0;
+ ret->skip = 0;
+ ret->method = method;
+ ret->method_data = NULL;
+ ret->store_ctx = NULL;
+ if ((method->new_item != NULL) && !method->new_item(ret)) {
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void X509_LOOKUP_free(X509_LOOKUP *ctx)
+{
+ if (ctx == NULL)
+ return;
+ if ((ctx->method != NULL) && (ctx->method->free != NULL))
+ ctx->method->free(ctx);
+ OPENSSL_free(ctx);
+}
+
+int X509_LOOKUP_init(X509_LOOKUP *ctx)
+{
+ if (ctx->method == NULL)
+ return 0;
+ if (ctx->method->init != NULL)
+ return ctx->method->init(ctx);
+ else
+ return 1;
+}
+
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
+{
+ if (ctx->method == NULL)
+ return 0;
+ if (ctx->method->shutdown != NULL)
+ return ctx->method->shutdown(ctx);
+ else
+ return 1;
+}
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+ char **ret)
+{
+ if (ctx->method == NULL)
+ return -1;
+ if (ctx->method->ctrl != NULL)
+ return ctx->method->ctrl(ctx, cmd, argc, argl, ret);
+ else
+ return 1;
+}
+
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+ X509_OBJECT *ret)
+{
+ if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
+ return X509_LU_FAIL;
+ if (ctx->skip)
+ return 0;
+ return ctx->method->get_by_subject(ctx, type, name, ret);
+}
+
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+ ASN1_INTEGER *serial, X509_OBJECT *ret)
+{
+ if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
+ return X509_LU_FAIL;
+ return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
+}
+
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
+ unsigned char *bytes, int len,
+ X509_OBJECT *ret)
+{
+ if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
+ return X509_LU_FAIL;
+ return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
+}
+
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
+ X509_OBJECT *ret)
+{
+ if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
+ return X509_LU_FAIL;
+ return ctx->method->get_by_alias(ctx, type, str, len, ret);
+}
+
+static int x509_object_cmp(const X509_OBJECT *const *a,
+ const X509_OBJECT *const *b)
+{
+ int ret;
+
+ ret = ((*a)->type - (*b)->type);
+ if (ret)
+ return ret;
+ switch ((*a)->type) {
+ case X509_LU_X509:
+ ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);
+ break;
+ case X509_LU_CRL:
+ ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
+ break;
+ default:
+ /* abort(); */
+ return 0;
+ }
+ return ret;
+}
+
+X509_STORE *X509_STORE_new(void)
+{
+ X509_STORE *ret;
+
+ if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
+ return NULL;
+ ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
+ ret->cache = 1;
+ ret->get_cert_methods = sk_X509_LOOKUP_new_null();
+ ret->verify = 0;
+ ret->verify_cb = 0;
+
+ if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
+ return NULL;
+
+ ret->get_issuer = 0;
+ ret->check_issued = 0;
+ ret->check_revocation = 0;
+ ret->get_crl = 0;
+ ret->check_crl = 0;
+ ret->cert_crl = 0;
+ ret->cleanup = 0;
+
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
+ sk_X509_OBJECT_free(ret->objs);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+
+ ret->references = 1;
+ return ret;
+}
+
+static void cleanup(X509_OBJECT *a)
+{
+ if (a->type == X509_LU_X509) {
+ X509_free(a->data.x509);
+ } else if (a->type == X509_LU_CRL) {
+ X509_CRL_free(a->data.crl);
+ } else {
+ /* abort(); */
+ }
+
+ OPENSSL_free(a);
+}
+
+void X509_STORE_free(X509_STORE *vfy)
+{
+ int i;
+ STACK_OF(X509_LOOKUP) *sk;
+ X509_LOOKUP *lu;
+
+ if (vfy == NULL)
+ return;
+
+ sk = vfy->get_cert_methods;
+ for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
+ lu = sk_X509_LOOKUP_value(sk, i);
+ X509_LOOKUP_shutdown(lu);
+ X509_LOOKUP_free(lu);
+ }
+ sk_X509_LOOKUP_free(sk);
+ sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
+ if (vfy->param)
+ X509_VERIFY_PARAM_free(vfy->param);
+ OPENSSL_free(vfy);
+}
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
+{
+ int i;
+ STACK_OF(X509_LOOKUP) *sk;
+ X509_LOOKUP *lu;
+
+ sk = v->get_cert_methods;
+ for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
+ lu = sk_X509_LOOKUP_value(sk, i);
+ if (m == lu->method) {
+ return lu;
+ }
+ }
+ /* a new one */
+ lu = X509_LOOKUP_new(m);
+ if (lu == NULL)
+ return NULL;
+ else {
+ lu->store_ctx = v;
+ if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
+ return lu;
+ else {
+ X509_LOOKUP_free(lu);
+ return NULL;
+ }
+ }
+}
+
+int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
+ X509_OBJECT *ret)
+{
+ X509_STORE *ctx = vs->ctx;
+ X509_LOOKUP *lu;
+ X509_OBJECT stmp, *tmp;
+ int i, j;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+ if (tmp == NULL) {
+ for (i = vs->current_method;
+ i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
+ lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
+ j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
+ if (j < 0) {
+ vs->current_method = j;
+ return j;
+ } else if (j) {
+ tmp = &stmp;
+ break;
+ }
+ }
+ vs->current_method = 0;
+ if (tmp == NULL)
+ return 0;
+ }
+
+/*- if (ret->data.ptr != NULL)
+ X509_OBJECT_free_contents(ret); */
+
+ ret->type = tmp->type;
+ ret->data.ptr = tmp->data.ptr;
+
+ X509_OBJECT_up_ref_count(ret);
+
+ return 1;
+}
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+{
+ X509_OBJECT *obj;
+ int ret = 1;
+
+ if (x == NULL)
+ return 0;
+ obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
+ if (obj == NULL) {
+ X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ obj->type = X509_LU_X509;
+ obj->data.x509 = x;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+ X509_OBJECT_up_ref_count(obj);
+
+ if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
+ X509_OBJECT_free_contents(obj);
+ OPENSSL_free(obj);
+ X509err(X509_F_X509_STORE_ADD_CERT,
+ X509_R_CERT_ALREADY_IN_HASH_TABLE);
+ ret = 0;
+ } else
+ sk_X509_OBJECT_push(ctx->objs, obj);
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+ return ret;
+}
+
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+{
+ X509_OBJECT *obj;
+ int ret = 1;
+
+ if (x == NULL)
+ return 0;
+ obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
+ if (obj == NULL) {
+ X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ obj->type = X509_LU_CRL;
+ obj->data.crl = x;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+ X509_OBJECT_up_ref_count(obj);
+
+ if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
+ X509_OBJECT_free_contents(obj);
+ OPENSSL_free(obj);
+ X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE);
+ ret = 0;
+ } else
+ sk_X509_OBJECT_push(ctx->objs, obj);
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+ return ret;
+}
+
+void X509_OBJECT_up_ref_count(X509_OBJECT *a)
+{
+ switch (a->type) {
+ case X509_LU_X509:
+ CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509);
+ break;
+ case X509_LU_CRL:
+ CRYPTO_add(&a->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
+ break;
+ }
+}
+
+void X509_OBJECT_free_contents(X509_OBJECT *a)
+{
+ switch (a->type) {
+ case X509_LU_X509:
+ X509_free(a->data.x509);
+ break;
+ case X509_LU_CRL:
+ X509_CRL_free(a->data.crl);
+ break;
+ }
+}
+
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+ X509_NAME *name)
+{
+ X509_OBJECT stmp;
+ X509 x509_s;
+ X509_CINF cinf_s;
+ X509_CRL crl_s;
+ X509_CRL_INFO crl_info_s;
+
+ stmp.type = type;
+ switch (type) {
+ case X509_LU_X509:
+ stmp.data.x509 = &x509_s;
+ x509_s.cert_info = &cinf_s;
+ cinf_s.subject = name;
+ break;
+ case X509_LU_CRL:
+ stmp.data.crl = &crl_s;
+ crl_s.crl = &crl_info_s;
+ crl_info_s.issuer = name;
+ break;
+ default:
+ /* abort(); */
+ return -1;
+ }
+
+ return sk_X509_OBJECT_find(h, &stmp);
+}
+
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+ int type, X509_NAME *name)
+{
+ int idx;
+ idx = X509_OBJECT_idx_by_subject(h, type, name);
+ if (idx == -1)
+ return NULL;
+ return sk_X509_OBJECT_value(h, idx);
+}
+
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
+ X509_OBJECT *x)
+{
+ int idx, i;
+ X509_OBJECT *obj;
+ idx = sk_X509_OBJECT_find(h, x);
+ if (idx == -1)
+ return NULL;
+ if (x->type != X509_LU_X509)
+ return sk_X509_OBJECT_value(h, idx);
+ for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
+ obj = sk_X509_OBJECT_value(h, i);
+ if (x509_object_cmp
+ ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+ return NULL;
+ if ((x->type != X509_LU_X509)
+ || !X509_cmp(obj->data.x509, x->data.x509))
+ return obj;
+ }
+ return NULL;
+}
+
+/*-
+ * Try to get issuer certificate from store. Due to limitations
+ * of the API this can only retrieve a single certificate matching
+ * a given subject name. However it will fill the cache with all
+ * matching certificates, so we can examine the cache for all
+ * matches.
+ *
+ * Return values are:
+ * 1 lookup successful.
+ * 0 certificate not found.
+ * -1 some other error.
+ */
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+ X509_NAME *xn;
+ X509_OBJECT obj, *pobj;
+ int i, ok, idx, ret;
+ xn = X509_get_issuer_name(x);
+ ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
+ if (ok != X509_LU_X509) {
+ if (ok == X509_LU_RETRY) {
+ X509_OBJECT_free_contents(&obj);
+ X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY);
+ return -1;
+ } else if (ok != X509_LU_FAIL) {
+ X509_OBJECT_free_contents(&obj);
+ /* not good :-(, break anyway */
+ return -1;
+ }
+ return 0;
+ }
+ /* If certificate matches all OK */
+ if (ctx->check_issued(ctx, x, obj.data.x509)) {
+ *issuer = obj.data.x509;
+ return 1;
+ }
+ X509_OBJECT_free_contents(&obj);
+
+ /* Else find index of first cert accepted by 'check_issued' */
+ ret = 0;
+ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+ idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
+ if (idx != -1) { /* should be true as we've had at least one
+ * match */
+ /* Look through all matching certs for suitable issuer */
+ for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {
+ pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
+ /* See if we've run past the matches */
+ if (pobj->type != X509_LU_X509)
+ break;
+ if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
+ break;
+ if (ctx->check_issued(ctx, x, pobj->data.x509)) {
+ *issuer = pobj->data.x509;
+ X509_OBJECT_up_ref_count(pobj);
+ ret = 1;
+ break;
+ }
+ }
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+ return ret;
+}
+
+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
+{
+ return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+}
+
+int X509_STORE_set_depth(X509_STORE *ctx, int depth)
+{
+ X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+ return 1;
+}
+
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
+{
+ return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
+}
+
+int X509_STORE_set_trust(X509_STORE *ctx, int trust)
+{
+ return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
+}
+
+int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
+{
+ return X509_VERIFY_PARAM_set1(ctx->param, param);
+}
+
+IMPLEMENT_STACK_OF(X509_LOOKUP)
+
+IMPLEMENT_STACK_OF(X509_OBJECT)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_obj.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_obj.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_obj.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,226 +0,0 @@
-/* crypto/x509/x509_obj.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/buffer.h>
-
-char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
- {
- X509_NAME_ENTRY *ne;
-int i;
- int n,lold,l,l1,l2,num,j,type;
- const char *s;
- char *p;
- unsigned char *q;
- BUF_MEM *b=NULL;
- static char hex[17]="0123456789ABCDEF";
- int gs_doit[4];
- char tmp_buf[80];
-#ifdef CHARSET_EBCDIC
- char ebcdic_buf[1024];
-#endif
-
- if (buf == NULL)
- {
- if ((b=BUF_MEM_new()) == NULL) goto err;
- if (!BUF_MEM_grow(b,200)) goto err;
- b->data[0]='\0';
- len=200;
- }
- if (a == NULL)
- {
- if(b)
- {
- buf=b->data;
- OPENSSL_free(b);
- }
- strncpy(buf,"NO X509_NAME",len);
- buf[len-1]='\0';
- return buf;
- }
-
- len--; /* space for '\0' */
- l=0;
- for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
- {
- ne=sk_X509_NAME_ENTRY_value(a->entries,i);
- n=OBJ_obj2nid(ne->object);
- if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
- {
- i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
- s=tmp_buf;
- }
- l1=strlen(s);
-
- type=ne->value->type;
- num=ne->value->length;
- q=ne->value->data;
-#ifdef CHARSET_EBCDIC
- if (type == V_ASN1_GENERALSTRING ||
- type == V_ASN1_VISIBLESTRING ||
- type == V_ASN1_PRINTABLESTRING ||
- type == V_ASN1_TELETEXSTRING ||
- type == V_ASN1_VISIBLESTRING ||
- type == V_ASN1_IA5STRING) {
- ascii2ebcdic(ebcdic_buf, q,
- (num > sizeof ebcdic_buf)
- ? sizeof ebcdic_buf : num);
- q=ebcdic_buf;
- }
-#endif
-
- if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
- {
- gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
- for (j=0; j<num; j++)
- if (q[j] != 0) gs_doit[j&3]=1;
-
- if (gs_doit[0]|gs_doit[1]|gs_doit[2])
- gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
- else
- {
- gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
- gs_doit[3]=1;
- }
- }
- else
- gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
-
- for (l2=j=0; j<num; j++)
- {
- if (!gs_doit[j&3]) continue;
- l2++;
-#ifndef CHARSET_EBCDIC
- if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
-#else
- if ((os_toascii[q[j]] < os_toascii[' ']) ||
- (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
-#endif
- }
-
- lold=l;
- l+=1+l1+1+l2;
- if (b != NULL)
- {
- if (!BUF_MEM_grow(b,l+1)) goto err;
- p= &(b->data[lold]);
- }
- else if (l > len)
- {
- break;
- }
- else
- p= &(buf[lold]);
- *(p++)='/';
- memcpy(p,s,(unsigned int)l1); p+=l1;
- *(p++)='=';
-
-#ifndef CHARSET_EBCDIC /* q was assigned above already. */
- q=ne->value->data;
-#endif
-
- for (j=0; j<num; j++)
- {
- if (!gs_doit[j&3]) continue;
-#ifndef CHARSET_EBCDIC
- n=q[j];
- if ((n < ' ') || (n > '~'))
- {
- *(p++)='\\';
- *(p++)='x';
- *(p++)=hex[(n>>4)&0x0f];
- *(p++)=hex[n&0x0f];
- }
- else
- *(p++)=n;
-#else
- n=os_toascii[q[j]];
- if ((n < os_toascii[' ']) ||
- (n > os_toascii['~']))
- {
- *(p++)='\\';
- *(p++)='x';
- *(p++)=hex[(n>>4)&0x0f];
- *(p++)=hex[n&0x0f];
- }
- else
- *(p++)=q[j];
-#endif
- }
- *p='\0';
- }
- if (b != NULL)
- {
- p=b->data;
- OPENSSL_free(b);
- }
- else
- p=buf;
- if (i == 0)
- *p = '\0';
- return(p);
-err:
- X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
- if (b != NULL) BUF_MEM_free(b);
- return(NULL);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_obj.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_obj.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_obj.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_obj.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,212 @@
+/* crypto/x509/x509_obj.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/buffer.h>
+
+char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
+{
+ X509_NAME_ENTRY *ne;
+ int i;
+ int n, lold, l, l1, l2, num, j, type;
+ const char *s;
+ char *p;
+ unsigned char *q;
+ BUF_MEM *b = NULL;
+ static char hex[17] = "0123456789ABCDEF";
+ int gs_doit[4];
+ char tmp_buf[80];
+#ifdef CHARSET_EBCDIC
+ char ebcdic_buf[1024];
+#endif
+
+ if (buf == NULL) {
+ if ((b = BUF_MEM_new()) == NULL)
+ goto err;
+ if (!BUF_MEM_grow(b, 200))
+ goto err;
+ b->data[0] = '\0';
+ len = 200;
+ }
+ if (a == NULL) {
+ if (b) {
+ buf = b->data;
+ OPENSSL_free(b);
+ }
+ strncpy(buf, "NO X509_NAME", len);
+ buf[len - 1] = '\0';
+ return buf;
+ }
+
+ len--; /* space for '\0' */
+ l = 0;
+ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+ ne = sk_X509_NAME_ENTRY_value(a->entries, i);
+ n = OBJ_obj2nid(ne->object);
+ if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
+ i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
+ s = tmp_buf;
+ }
+ l1 = strlen(s);
+
+ type = ne->value->type;
+ num = ne->value->length;
+ q = ne->value->data;
+#ifdef CHARSET_EBCDIC
+ if (type == V_ASN1_GENERALSTRING ||
+ type == V_ASN1_VISIBLESTRING ||
+ type == V_ASN1_PRINTABLESTRING ||
+ type == V_ASN1_TELETEXSTRING ||
+ type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
+ ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
+ ? sizeof ebcdic_buf : num);
+ q = ebcdic_buf;
+ }
+#endif
+
+ if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
+ gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
+ for (j = 0; j < num; j++)
+ if (q[j] != 0)
+ gs_doit[j & 3] = 1;
+
+ if (gs_doit[0] | gs_doit[1] | gs_doit[2])
+ gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
+ else {
+ gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
+ gs_doit[3] = 1;
+ }
+ } else
+ gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
+
+ for (l2 = j = 0; j < num; j++) {
+ if (!gs_doit[j & 3])
+ continue;
+ l2++;
+#ifndef CHARSET_EBCDIC
+ if ((q[j] < ' ') || (q[j] > '~'))
+ l2 += 3;
+#else
+ if ((os_toascii[q[j]] < os_toascii[' ']) ||
+ (os_toascii[q[j]] > os_toascii['~']))
+ l2 += 3;
+#endif
+ }
+
+ lold = l;
+ l += 1 + l1 + 1 + l2;
+ if (b != NULL) {
+ if (!BUF_MEM_grow(b, l + 1))
+ goto err;
+ p = &(b->data[lold]);
+ } else if (l > len) {
+ break;
+ } else
+ p = &(buf[lold]);
+ *(p++) = '/';
+ memcpy(p, s, (unsigned int)l1);
+ p += l1;
+ *(p++) = '=';
+
+#ifndef CHARSET_EBCDIC /* q was assigned above already. */
+ q = ne->value->data;
+#endif
+
+ for (j = 0; j < num; j++) {
+ if (!gs_doit[j & 3])
+ continue;
+#ifndef CHARSET_EBCDIC
+ n = q[j];
+ if ((n < ' ') || (n > '~')) {
+ *(p++) = '\\';
+ *(p++) = 'x';
+ *(p++) = hex[(n >> 4) & 0x0f];
+ *(p++) = hex[n & 0x0f];
+ } else
+ *(p++) = n;
+#else
+ n = os_toascii[q[j]];
+ if ((n < os_toascii[' ']) || (n > os_toascii['~'])) {
+ *(p++) = '\\';
+ *(p++) = 'x';
+ *(p++) = hex[(n >> 4) & 0x0f];
+ *(p++) = hex[n & 0x0f];
+ } else
+ *(p++) = q[j];
+#endif
+ }
+ *p = '\0';
+ }
+ if (b != NULL) {
+ p = b->data;
+ OPENSSL_free(b);
+ } else
+ p = buf;
+ if (i == 0)
+ *p = '\0';
+ return (p);
+ err:
+ X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
+ if (b != NULL)
+ BUF_MEM_free(b);
+ return (NULL);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_r2x.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_r2x.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_r2x.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,114 +0,0 @@
-/* crypto/x509/x509_r2x.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-
-X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
- {
- X509 *ret=NULL;
- X509_CINF *xi=NULL;
- X509_NAME *xn;
-
- if ((ret=X509_new()) == NULL)
- {
- X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* duplicate the request */
- xi=ret->cert_info;
-
- if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
- {
- if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
- if (!ASN1_INTEGER_set(xi->version,2)) goto err;
-/* xi->extensions=ri->attributes; <- bad, should not ever be done
- ri->attributes=NULL; */
- }
-
- xn=X509_REQ_get_subject_name(r);
- if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0)
- goto err;
- if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0)
- goto err;
-
- if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
- goto err;
- if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)
- goto err;
-
- X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
-
- if (!X509_sign(ret,pkey,EVP_md5()))
- goto err;
- if (0)
- {
-err:
- X509_free(ret);
- ret=NULL;
- }
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_r2x.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_r2x.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_r2x.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_r2x.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,113 @@
+/* crypto/x509/x509_r2x.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
+{
+ X509 *ret = NULL;
+ X509_CINF *xi = NULL;
+ X509_NAME *xn;
+
+ if ((ret = X509_new()) == NULL) {
+ X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* duplicate the request */
+ xi = ret->cert_info;
+
+ if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {
+ if ((xi->version = M_ASN1_INTEGER_new()) == NULL)
+ goto err;
+ if (!ASN1_INTEGER_set(xi->version, 2))
+ goto err;
+/*- xi->extensions=ri->attributes; <- bad, should not ever be done
+ ri->attributes=NULL; */
+ }
+
+ xn = X509_REQ_get_subject_name(r);
+ if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0)
+ goto err;
+ if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)
+ goto err;
+
+ if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
+ goto err;
+ if (X509_gmtime_adj(xi->validity->notAfter, (long)60 * 60 * 24 * days) ==
+ NULL)
+ goto err;
+
+ X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
+
+ if (!X509_sign(ret, pkey, EVP_md5()))
+ goto err;
+ if (0) {
+ err:
+ X509_free(ret);
+ ret = NULL;
+ }
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_req.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_req.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_req.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,324 +0,0 @@
-/* crypto/x509/x509_req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/buffer.h>
-#include <openssl/pem.h>
-
-X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
- {
- X509_REQ *ret;
- X509_REQ_INFO *ri;
- int i;
- EVP_PKEY *pktmp;
-
- ret=X509_REQ_new();
- if (ret == NULL)
- {
- X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- ri=ret->req_info;
-
- ri->version->length=1;
- ri->version->data=(unsigned char *)OPENSSL_malloc(1);
- if (ri->version->data == NULL) goto err;
- ri->version->data[0]=0; /* version == 0 */
-
- if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
- goto err;
-
- pktmp = X509_get_pubkey(x);
- i=X509_REQ_set_pubkey(ret,pktmp);
- EVP_PKEY_free(pktmp);
- if (!i) goto err;
-
- if (pkey != NULL)
- {
- if (!X509_REQ_sign(ret,pkey,md))
- goto err;
- }
- return(ret);
-err:
- X509_REQ_free(ret);
- return(NULL);
- }
-
-EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
- {
- if ((req == NULL) || (req->req_info == NULL))
- return(NULL);
- return(X509_PUBKEY_get(req->req_info->pubkey));
- }
-
-int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
- {
- EVP_PKEY *xk=NULL;
- int ok=0;
-
- xk=X509_REQ_get_pubkey(x);
- switch (EVP_PKEY_cmp(xk, k))
- {
- case 1:
- ok=1;
- break;
- case 0:
- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
- break;
- case -1:
- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
- break;
- case -2:
-#ifndef OPENSSL_NO_EC
- if (k->type == EVP_PKEY_EC)
- {
- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
- break;
- }
-#endif
-#ifndef OPENSSL_NO_DH
- if (k->type == EVP_PKEY_DH)
- {
- /* No idea */
- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
- break;
- }
-#endif
- X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
- }
-
- EVP_PKEY_free(xk);
- return(ok);
- }
-
-/* It seems several organisations had the same idea of including a list of
- * extensions in a certificate request. There are at least two OIDs that are
- * used and there may be more: so the list is configurable.
- */
-
-static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
-
-static int *ext_nids = ext_nid_list;
-
-int X509_REQ_extension_nid(int req_nid)
-{
- int i, nid;
- for(i = 0; ; i++) {
- nid = ext_nids[i];
- if(nid == NID_undef) return 0;
- else if (req_nid == nid) return 1;
- }
-}
-
-int *X509_REQ_get_extension_nids(void)
-{
- return ext_nids;
-}
-
-void X509_REQ_set_extension_nids(int *nids)
-{
- ext_nids = nids;
-}
-
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
- {
- X509_ATTRIBUTE *attr;
- ASN1_TYPE *ext = NULL;
- int idx, *pnid;
- const unsigned char *p;
-
- if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
- return(NULL);
- for (pnid = ext_nids; *pnid != NID_undef; pnid++)
- {
- idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
- if (idx == -1)
- continue;
- attr = X509_REQ_get_attr(req, idx);
- if(attr->single) ext = attr->value.single;
- else if(sk_ASN1_TYPE_num(attr->value.set))
- ext = sk_ASN1_TYPE_value(attr->value.set, 0);
- break;
- }
- if(!ext || (ext->type != V_ASN1_SEQUENCE))
- return NULL;
- p = ext->value.sequence->data;
- return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
- ext->value.sequence->length,
- d2i_X509_EXTENSION, X509_EXTENSION_free,
- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-}
-
-/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
- * in case we want to create a non standard one.
- */
-
-int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
- int nid)
-{
- unsigned char *p = NULL, *q;
- long len;
- ASN1_TYPE *at = NULL;
- X509_ATTRIBUTE *attr = NULL;
- if(!(at = ASN1_TYPE_new()) ||
- !(at->value.sequence = ASN1_STRING_new())) goto err;
-
- at->type = V_ASN1_SEQUENCE;
- /* Generate encoding of extensions */
- len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
- if(!(p = OPENSSL_malloc(len))) goto err;
- q = p;
- i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
- at->value.sequence->data = p;
- p = NULL;
- at->value.sequence->length = len;
- if(!(attr = X509_ATTRIBUTE_new())) goto err;
- if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
- if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
- at = NULL;
- attr->single = 0;
- attr->object = OBJ_nid2obj(nid);
- if (!req->req_info->attributes)
- {
- if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
- goto err;
- }
- if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
- return 1;
- err:
- if(p) OPENSSL_free(p);
- X509_ATTRIBUTE_free(attr);
- ASN1_TYPE_free(at);
- return 0;
-}
-/* This is the normal usage: use the "official" OID */
-int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
-{
- return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
-}
-
-/* Request attribute functions */
-
-int X509_REQ_get_attr_count(const X509_REQ *req)
-{
- return X509at_get_attr_count(req->req_info->attributes);
-}
-
-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
- int lastpos)
-{
- return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
-}
-
-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
- int lastpos)
-{
- return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
-}
-
-X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
-{
- return X509at_get_attr(req->req_info->attributes, loc);
-}
-
-X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
-{
- return X509at_delete_attr(req->req_info->attributes, loc);
-}
-
-int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
-{
- if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
- return 0;
-}
-
-int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
- const ASN1_OBJECT *obj, int type,
- const unsigned char *bytes, int len)
-{
- if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
- type, bytes, len)) return 1;
- return 0;
-}
-
-int X509_REQ_add1_attr_by_NID(X509_REQ *req,
- int nid, int type,
- const unsigned char *bytes, int len)
-{
- if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
- type, bytes, len)) return 1;
- return 0;
-}
-
-int X509_REQ_add1_attr_by_txt(X509_REQ *req,
- const char *attrname, int type,
- const unsigned char *bytes, int len)
-{
- if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
- type, bytes, len)) return 1;
- return 0;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_req.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_req.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_req.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_req.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,341 @@
+/* crypto/x509/x509_req.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/pem.h>
+
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+ X509_REQ *ret;
+ X509_REQ_INFO *ri;
+ int i;
+ EVP_PKEY *pktmp;
+
+ ret = X509_REQ_new();
+ if (ret == NULL) {
+ X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ ri = ret->req_info;
+
+ ri->version->length = 1;
+ ri->version->data = (unsigned char *)OPENSSL_malloc(1);
+ if (ri->version->data == NULL)
+ goto err;
+ ri->version->data[0] = 0; /* version == 0 */
+
+ if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
+ goto err;
+
+ pktmp = X509_get_pubkey(x);
+ if (pktmp == NULL)
+ goto err;
+ i = X509_REQ_set_pubkey(ret, pktmp);
+ EVP_PKEY_free(pktmp);
+ if (!i)
+ goto err;
+
+ if (pkey != NULL) {
+ if (!X509_REQ_sign(ret, pkey, md))
+ goto err;
+ }
+ return (ret);
+ err:
+ X509_REQ_free(ret);
+ return (NULL);
+}
+
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
+{
+ if ((req == NULL) || (req->req_info == NULL))
+ return (NULL);
+ return (X509_PUBKEY_get(req->req_info->pubkey));
+}
+
+int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
+{
+ EVP_PKEY *xk = NULL;
+ int ok = 0;
+
+ xk = X509_REQ_get_pubkey(x);
+ switch (EVP_PKEY_cmp(xk, k)) {
+ case 1:
+ ok = 1;
+ break;
+ case 0:
+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+ X509_R_KEY_VALUES_MISMATCH);
+ break;
+ case -1:
+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH);
+ break;
+ case -2:
+#ifndef OPENSSL_NO_EC
+ if (k->type == EVP_PKEY_EC) {
+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
+ break;
+ }
+#endif
+#ifndef OPENSSL_NO_DH
+ if (k->type == EVP_PKEY_DH) {
+ /* No idea */
+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+ X509_R_CANT_CHECK_DH_KEY);
+ break;
+ }
+#endif
+ X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
+ }
+
+ EVP_PKEY_free(xk);
+ return (ok);
+}
+
+/*
+ * It seems several organisations had the same idea of including a list of
+ * extensions in a certificate request. There are at least two OIDs that are
+ * used and there may be more: so the list is configurable.
+ */
+
+static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef };
+
+static int *ext_nids = ext_nid_list;
+
+int X509_REQ_extension_nid(int req_nid)
+{
+ int i, nid;
+ for (i = 0;; i++) {
+ nid = ext_nids[i];
+ if (nid == NID_undef)
+ return 0;
+ else if (req_nid == nid)
+ return 1;
+ }
+}
+
+int *X509_REQ_get_extension_nids(void)
+{
+ return ext_nids;
+}
+
+void X509_REQ_set_extension_nids(int *nids)
+{
+ ext_nids = nids;
+}
+
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
+{
+ X509_ATTRIBUTE *attr;
+ ASN1_TYPE *ext = NULL;
+ int idx, *pnid;
+ const unsigned char *p;
+
+ if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
+ return (NULL);
+ for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
+ idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
+ if (idx == -1)
+ continue;
+ attr = X509_REQ_get_attr(req, idx);
+ if (attr->single)
+ ext = attr->value.single;
+ else if (sk_ASN1_TYPE_num(attr->value.set))
+ ext = sk_ASN1_TYPE_value(attr->value.set, 0);
+ break;
+ }
+ if (!ext || (ext->type != V_ASN1_SEQUENCE))
+ return NULL;
+ p = ext->value.sequence->data;
+ return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
+ ext->value.sequence->length,
+ d2i_X509_EXTENSION,
+ X509_EXTENSION_free,
+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+/*
+ * Add a STACK_OF extensions to a certificate request: allow alternative OIDs
+ * in case we want to create a non standard one.
+ */
+
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+ int nid)
+{
+ unsigned char *p = NULL, *q;
+ long len;
+ ASN1_TYPE *at = NULL;
+ X509_ATTRIBUTE *attr = NULL;
+ if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new()))
+ goto err;
+
+ at->type = V_ASN1_SEQUENCE;
+ /* Generate encoding of extensions */
+ len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+ IS_SEQUENCE);
+ if (!(p = OPENSSL_malloc(len)))
+ goto err;
+ q = p;
+ i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
+ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+ IS_SEQUENCE);
+ at->value.sequence->data = p;
+ p = NULL;
+ at->value.sequence->length = len;
+ if (!(attr = X509_ATTRIBUTE_new()))
+ goto err;
+ if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
+ goto err;
+ if (!sk_ASN1_TYPE_push(attr->value.set, at))
+ goto err;
+ at = NULL;
+ attr->single = 0;
+ attr->object = OBJ_nid2obj(nid);
+ if (!req->req_info->attributes) {
+ if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
+ goto err;
+ }
+ if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr))
+ goto err;
+ return 1;
+ err:
+ if (p)
+ OPENSSL_free(p);
+ X509_ATTRIBUTE_free(attr);
+ ASN1_TYPE_free(at);
+ return 0;
+}
+
+/* This is the normal usage: use the "official" OID */
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
+{
+ return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
+}
+
+/* Request attribute functions */
+
+int X509_REQ_get_attr_count(const X509_REQ *req)
+{
+ return X509at_get_attr_count(req->req_info->attributes);
+}
+
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)
+{
+ return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
+}
+
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
+ int lastpos)
+{
+ return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
+}
+
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
+{
+ return X509at_get_attr(req->req_info->attributes, loc);
+}
+
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
+{
+ return X509at_delete_attr(req->req_info->attributes, loc);
+}
+
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
+{
+ if (X509at_add1_attr(&req->req_info->attributes, attr))
+ return 1;
+ return 0;
+}
+
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+ const ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes, int len)
+{
+ if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
+ type, bytes, len))
+ return 1;
+ return 0;
+}
+
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+ int nid, int type,
+ const unsigned char *bytes, int len)
+{
+ if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
+ type, bytes, len))
+ return 1;
+ return 0;
+}
+
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+ const char *attrname, int type,
+ const unsigned char *bytes, int len)
+{
+ if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
+ type, bytes, len))
+ return 1;
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_set.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_set.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_set.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,150 +0,0 @@
-/* crypto/x509/x509_set.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_set_version(X509 *x, long version)
- {
- if (x == NULL) return(0);
- if (x->cert_info->version == NULL)
- {
- if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
- return(0);
- }
- return(ASN1_INTEGER_set(x->cert_info->version,version));
- }
-
-int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
- {
- ASN1_INTEGER *in;
-
- if (x == NULL) return(0);
- in=x->cert_info->serialNumber;
- if (in != serial)
- {
- in=M_ASN1_INTEGER_dup(serial);
- if (in != NULL)
- {
- M_ASN1_INTEGER_free(x->cert_info->serialNumber);
- x->cert_info->serialNumber=in;
- }
- }
- return(in != NULL);
- }
-
-int X509_set_issuer_name(X509 *x, X509_NAME *name)
- {
- if ((x == NULL) || (x->cert_info == NULL)) return(0);
- return(X509_NAME_set(&x->cert_info->issuer,name));
- }
-
-int X509_set_subject_name(X509 *x, X509_NAME *name)
- {
- if ((x == NULL) || (x->cert_info == NULL)) return(0);
- return(X509_NAME_set(&x->cert_info->subject,name));
- }
-
-int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
- {
- ASN1_TIME *in;
-
- if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
- in=x->cert_info->validity->notBefore;
- if (in != tm)
- {
- in=M_ASN1_TIME_dup(tm);
- if (in != NULL)
- {
- M_ASN1_TIME_free(x->cert_info->validity->notBefore);
- x->cert_info->validity->notBefore=in;
- }
- }
- return(in != NULL);
- }
-
-int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
- {
- ASN1_TIME *in;
-
- if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
- in=x->cert_info->validity->notAfter;
- if (in != tm)
- {
- in=M_ASN1_TIME_dup(tm);
- if (in != NULL)
- {
- M_ASN1_TIME_free(x->cert_info->validity->notAfter);
- x->cert_info->validity->notAfter=in;
- }
- }
- return(in != NULL);
- }
-
-int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
- {
- if ((x == NULL) || (x->cert_info == NULL)) return(0);
- return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
- }
-
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_set.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_set.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_set.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_set.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,147 @@
+/* crypto/x509/x509_set.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_set_version(X509 *x, long version)
+{
+ if (x == NULL)
+ return (0);
+ if (x->cert_info->version == NULL) {
+ if ((x->cert_info->version = M_ASN1_INTEGER_new()) == NULL)
+ return (0);
+ }
+ return (ASN1_INTEGER_set(x->cert_info->version, version));
+}
+
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
+{
+ ASN1_INTEGER *in;
+
+ if (x == NULL)
+ return (0);
+ in = x->cert_info->serialNumber;
+ if (in != serial) {
+ in = M_ASN1_INTEGER_dup(serial);
+ if (in != NULL) {
+ M_ASN1_INTEGER_free(x->cert_info->serialNumber);
+ x->cert_info->serialNumber = in;
+ }
+ }
+ return (in != NULL);
+}
+
+int X509_set_issuer_name(X509 *x, X509_NAME *name)
+{
+ if ((x == NULL) || (x->cert_info == NULL))
+ return (0);
+ return (X509_NAME_set(&x->cert_info->issuer, name));
+}
+
+int X509_set_subject_name(X509 *x, X509_NAME *name)
+{
+ if ((x == NULL) || (x->cert_info == NULL))
+ return (0);
+ return (X509_NAME_set(&x->cert_info->subject, name));
+}
+
+int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
+{
+ ASN1_TIME *in;
+
+ if ((x == NULL) || (x->cert_info->validity == NULL))
+ return (0);
+ in = x->cert_info->validity->notBefore;
+ if (in != tm) {
+ in = M_ASN1_TIME_dup(tm);
+ if (in != NULL) {
+ M_ASN1_TIME_free(x->cert_info->validity->notBefore);
+ x->cert_info->validity->notBefore = in;
+ }
+ }
+ return (in != NULL);
+}
+
+int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
+{
+ ASN1_TIME *in;
+
+ if ((x == NULL) || (x->cert_info->validity == NULL))
+ return (0);
+ in = x->cert_info->validity->notAfter;
+ if (in != tm) {
+ in = M_ASN1_TIME_dup(tm);
+ if (in != NULL) {
+ M_ASN1_TIME_free(x->cert_info->validity->notAfter);
+ x->cert_info->validity->notAfter = in;
+ }
+ }
+ return (in != NULL);
+}
+
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
+{
+ if ((x == NULL) || (x->cert_info == NULL))
+ return (0);
+ return (X509_PUBKEY_set(&(x->cert_info->key), pkey));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_trs.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_trs.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_trs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,287 +0,0 @@
-/* x509_trs.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-
-
-static int tr_cmp(const X509_TRUST * const *a,
- const X509_TRUST * const *b);
-static void trtable_free(X509_TRUST *p);
-
-static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
-static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
-static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
-
-static int obj_trust(int id, X509 *x, int flags);
-static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
-
-/* WARNING: the following table should be kept in order of trust
- * and without any gaps so we can just subtract the minimum trust
- * value to get an index into the table
- */
-
-static X509_TRUST trstandard[] = {
-{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
-{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
-{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
-{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
-{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
-{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
-{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
-};
-
-#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
-
-IMPLEMENT_STACK_OF(X509_TRUST)
-
-static STACK_OF(X509_TRUST) *trtable = NULL;
-
-static int tr_cmp(const X509_TRUST * const *a,
- const X509_TRUST * const *b)
-{
- return (*a)->trust - (*b)->trust;
-}
-
-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
-{
- int (*oldtrust)(int , X509 *, int);
- oldtrust = default_trust;
- default_trust = trust;
- return oldtrust;
-}
-
-
-int X509_check_trust(X509 *x, int id, int flags)
-{
- X509_TRUST *pt;
- int idx;
- if(id == -1) return 1;
- idx = X509_TRUST_get_by_id(id);
- if(idx == -1) return default_trust(id, x, flags);
- pt = X509_TRUST_get0(idx);
- return pt->check_trust(pt, x, flags);
-}
-
-int X509_TRUST_get_count(void)
-{
- if(!trtable) return X509_TRUST_COUNT;
- return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
-}
-
-X509_TRUST * X509_TRUST_get0(int idx)
-{
- if(idx < 0) return NULL;
- if(idx < (int)X509_TRUST_COUNT) return trstandard + idx;
- return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
-}
-
-int X509_TRUST_get_by_id(int id)
-{
- X509_TRUST tmp;
- int idx;
- if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
- return id - X509_TRUST_MIN;
- tmp.trust = id;
- if(!trtable) return -1;
- idx = sk_X509_TRUST_find(trtable, &tmp);
- if(idx == -1) return -1;
- return idx + X509_TRUST_COUNT;
-}
-
-int X509_TRUST_set(int *t, int trust)
-{
- if(X509_TRUST_get_by_id(trust) == -1) {
- X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
- return 0;
- }
- *t = trust;
- return 1;
-}
-
-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
- char *name, int arg1, void *arg2)
-{
- int idx;
- X509_TRUST *trtmp;
- /* This is set according to what we change: application can't set it */
- flags &= ~X509_TRUST_DYNAMIC;
- /* This will always be set for application modified trust entries */
- flags |= X509_TRUST_DYNAMIC_NAME;
- /* Get existing entry if any */
- idx = X509_TRUST_get_by_id(id);
- /* Need a new entry */
- if(idx == -1) {
- if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
- X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- trtmp->flags = X509_TRUST_DYNAMIC;
- } else trtmp = X509_TRUST_get0(idx);
-
- /* OPENSSL_free existing name if dynamic */
- if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
- /* dup supplied name */
- if(!(trtmp->name = BUF_strdup(name))) {
- X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- /* Keep the dynamic flag of existing entry */
- trtmp->flags &= X509_TRUST_DYNAMIC;
- /* Set all other flags */
- trtmp->flags |= flags;
-
- trtmp->trust = id;
- trtmp->check_trust = ck;
- trtmp->arg1 = arg1;
- trtmp->arg2 = arg2;
-
- /* If its a new entry manage the dynamic table */
- if(idx == -1) {
- if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
- X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if (!sk_X509_TRUST_push(trtable, trtmp)) {
- X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- return 1;
-}
-
-static void trtable_free(X509_TRUST *p)
- {
- if(!p) return;
- if (p->flags & X509_TRUST_DYNAMIC)
- {
- if (p->flags & X509_TRUST_DYNAMIC_NAME)
- OPENSSL_free(p->name);
- OPENSSL_free(p);
- }
- }
-
-void X509_TRUST_cleanup(void)
-{
- unsigned int i;
- for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
- sk_X509_TRUST_pop_free(trtable, trtable_free);
- trtable = NULL;
-}
-
-int X509_TRUST_get_flags(X509_TRUST *xp)
-{
- return xp->flags;
-}
-
-char *X509_TRUST_get0_name(X509_TRUST *xp)
-{
- return xp->name;
-}
-
-int X509_TRUST_get_trust(X509_TRUST *xp)
-{
- return xp->trust;
-}
-
-static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
-{
- if(x->aux && (x->aux->trust || x->aux->reject))
- return obj_trust(trust->arg1, x, flags);
- /* we don't have any trust settings: for compatibility
- * we return trusted if it is self signed
- */
- return trust_compat(trust, x, flags);
-}
-
-static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
-{
- if(x->aux) return obj_trust(trust->arg1, x, flags);
- return X509_TRUST_UNTRUSTED;
-}
-
-static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
-{
- X509_check_purpose(x, -1, 0);
- if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
- else return X509_TRUST_UNTRUSTED;
-}
-
-static int obj_trust(int id, X509 *x, int flags)
-{
- ASN1_OBJECT *obj;
- int i;
- X509_CERT_AUX *ax;
- ax = x->aux;
- if(!ax) return X509_TRUST_UNTRUSTED;
- if(ax->reject) {
- for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
- obj = sk_ASN1_OBJECT_value(ax->reject, i);
- if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
- }
- }
- if(ax->trust) {
- for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
- obj = sk_ASN1_OBJECT_value(ax->trust, i);
- if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
- }
- }
- return X509_TRUST_UNTRUSTED;
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_trs.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_trs.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_trs.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_trs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,308 @@
+/* x509_trs.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
+static void trtable_free(X509_TRUST *p);
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
+static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
+
+static int obj_trust(int id, X509 *x, int flags);
+static int (*default_trust) (int id, X509 *x, int flags) = obj_trust;
+
+/*
+ * WARNING: the following table should be kept in order of trust and without
+ * any gaps so we can just subtract the minimum trust value to get an index
+ * into the table
+ */
+
+static X509_TRUST trstandard[] = {
+ {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
+ {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth,
+ NULL},
+ {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth,
+ NULL},
+ {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect,
+ NULL},
+ {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign,
+ NULL},
+ {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign,
+ NULL},
+ {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
+};
+
+#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST))
+
+IMPLEMENT_STACK_OF(X509_TRUST)
+
+static STACK_OF(X509_TRUST) *trtable = NULL;
+
+static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b)
+{
+ return (*a)->trust - (*b)->trust;
+}
+
+int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
+ int) {
+ int (*oldtrust) (int, X509 *, int);
+ oldtrust = default_trust;
+ default_trust = trust;
+ return oldtrust;
+}
+
+int X509_check_trust(X509 *x, int id, int flags)
+{
+ X509_TRUST *pt;
+ int idx;
+ if (id == -1)
+ return 1;
+ idx = X509_TRUST_get_by_id(id);
+ if (idx == -1)
+ return default_trust(id, x, flags);
+ pt = X509_TRUST_get0(idx);
+ return pt->check_trust(pt, x, flags);
+}
+
+int X509_TRUST_get_count(void)
+{
+ if (!trtable)
+ return X509_TRUST_COUNT;
+ return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
+}
+
+X509_TRUST *X509_TRUST_get0(int idx)
+{
+ if (idx < 0)
+ return NULL;
+ if (idx < (int)X509_TRUST_COUNT)
+ return trstandard + idx;
+ return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
+}
+
+int X509_TRUST_get_by_id(int id)
+{
+ X509_TRUST tmp;
+ int idx;
+ if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
+ return id - X509_TRUST_MIN;
+ tmp.trust = id;
+ if (!trtable)
+ return -1;
+ idx = sk_X509_TRUST_find(trtable, &tmp);
+ if (idx == -1)
+ return -1;
+ return idx + X509_TRUST_COUNT;
+}
+
+int X509_TRUST_set(int *t, int trust)
+{
+ if (X509_TRUST_get_by_id(trust) == -1) {
+ X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
+ return 0;
+ }
+ *t = trust;
+ return 1;
+}
+
+int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+ char *name, int arg1, void *arg2)
+{
+ int idx;
+ X509_TRUST *trtmp;
+ /*
+ * This is set according to what we change: application can't set it
+ */
+ flags &= ~X509_TRUST_DYNAMIC;
+ /* This will always be set for application modified trust entries */
+ flags |= X509_TRUST_DYNAMIC_NAME;
+ /* Get existing entry if any */
+ idx = X509_TRUST_get_by_id(id);
+ /* Need a new entry */
+ if (idx == -1) {
+ if (!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
+ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ trtmp->flags = X509_TRUST_DYNAMIC;
+ } else
+ trtmp = X509_TRUST_get0(idx);
+
+ /* OPENSSL_free existing name if dynamic */
+ if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
+ OPENSSL_free(trtmp->name);
+ /* dup supplied name */
+ if (!(trtmp->name = BUF_strdup(name))) {
+ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /* Keep the dynamic flag of existing entry */
+ trtmp->flags &= X509_TRUST_DYNAMIC;
+ /* Set all other flags */
+ trtmp->flags |= flags;
+
+ trtmp->trust = id;
+ trtmp->check_trust = ck;
+ trtmp->arg1 = arg1;
+ trtmp->arg2 = arg2;
+
+ /* If its a new entry manage the dynamic table */
+ if (idx == -1) {
+ if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
+ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!sk_X509_TRUST_push(trtable, trtmp)) {
+ X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static void trtable_free(X509_TRUST *p)
+{
+ if (!p)
+ return;
+ if (p->flags & X509_TRUST_DYNAMIC) {
+ if (p->flags & X509_TRUST_DYNAMIC_NAME)
+ OPENSSL_free(p->name);
+ OPENSSL_free(p);
+ }
+}
+
+void X509_TRUST_cleanup(void)
+{
+ unsigned int i;
+ for (i = 0; i < X509_TRUST_COUNT; i++)
+ trtable_free(trstandard + i);
+ sk_X509_TRUST_pop_free(trtable, trtable_free);
+ trtable = NULL;
+}
+
+int X509_TRUST_get_flags(X509_TRUST *xp)
+{
+ return xp->flags;
+}
+
+char *X509_TRUST_get0_name(X509_TRUST *xp)
+{
+ return xp->name;
+}
+
+int X509_TRUST_get_trust(X509_TRUST *xp)
+{
+ return xp->trust;
+}
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
+{
+ if (x->aux && (x->aux->trust || x->aux->reject))
+ return obj_trust(trust->arg1, x, flags);
+ /*
+ * we don't have any trust settings: for compatibility we return trusted
+ * if it is self signed
+ */
+ return trust_compat(trust, x, flags);
+}
+
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
+{
+ if (x->aux)
+ return obj_trust(trust->arg1, x, flags);
+ return X509_TRUST_UNTRUSTED;
+}
+
+static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
+{
+ X509_check_purpose(x, -1, 0);
+ if (x->ex_flags & EXFLAG_SS)
+ return X509_TRUST_TRUSTED;
+ else
+ return X509_TRUST_UNTRUSTED;
+}
+
+static int obj_trust(int id, X509 *x, int flags)
+{
+ ASN1_OBJECT *obj;
+ int i;
+ X509_CERT_AUX *ax;
+ ax = x->aux;
+ if (!ax)
+ return X509_TRUST_UNTRUSTED;
+ if (ax->reject) {
+ for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
+ obj = sk_ASN1_OBJECT_value(ax->reject, i);
+ if (OBJ_obj2nid(obj) == id)
+ return X509_TRUST_REJECTED;
+ }
+ }
+ if (ax->trust) {
+ for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
+ obj = sk_ASN1_OBJECT_value(ax->trust, i);
+ if (OBJ_obj2nid(obj) == id)
+ return X509_TRUST_TRUSTED;
+ }
+ }
+ return X509_TRUST_UNTRUSTED;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_txt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_txt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_txt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,173 +0,0 @@
-/* crypto/x509/x509_txt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-
-const char *X509_verify_cert_error_string(long n)
- {
- static char buf[100];
-
- switch ((int)n)
- {
- case X509_V_OK:
- return("ok");
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- return("unable to get issuer certificate");
- case X509_V_ERR_UNABLE_TO_GET_CRL:
- return("unable to get certificate CRL");
- case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
- return("unable to decrypt certificate's signature");
- case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
- return("unable to decrypt CRL's signature");
- case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
- return("unable to decode issuer public key");
- case X509_V_ERR_CERT_SIGNATURE_FAILURE:
- return("certificate signature failure");
- case X509_V_ERR_CRL_SIGNATURE_FAILURE:
- return("CRL signature failure");
- case X509_V_ERR_CERT_NOT_YET_VALID:
- return("certificate is not yet valid");
- case X509_V_ERR_CRL_NOT_YET_VALID:
- return("CRL is not yet valid");
- case X509_V_ERR_CERT_HAS_EXPIRED:
- return("certificate has expired");
- case X509_V_ERR_CRL_HAS_EXPIRED:
- return("CRL has expired");
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- return("format error in certificate's notBefore field");
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- return("format error in certificate's notAfter field");
- case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
- return("format error in CRL's lastUpdate field");
- case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
- return("format error in CRL's nextUpdate field");
- case X509_V_ERR_OUT_OF_MEM:
- return("out of memory");
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- return("self signed certificate");
- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
- return("self signed certificate in certificate chain");
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
- return("unable to get local issuer certificate");
- case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
- return("unable to verify the first certificate");
- case X509_V_ERR_CERT_CHAIN_TOO_LONG:
- return("certificate chain too long");
- case X509_V_ERR_CERT_REVOKED:
- return("certificate revoked");
- case X509_V_ERR_INVALID_CA:
- return ("invalid CA certificate");
- case X509_V_ERR_INVALID_NON_CA:
- return ("invalid non-CA certificate (has CA markings)");
- case X509_V_ERR_PATH_LENGTH_EXCEEDED:
- return ("path length constraint exceeded");
- case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
- return("proxy path length constraint exceeded");
- case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
- return("proxy certificates not allowed, please set the appropriate flag");
- case X509_V_ERR_INVALID_PURPOSE:
- return ("unsupported certificate purpose");
- case X509_V_ERR_CERT_UNTRUSTED:
- return ("certificate not trusted");
- case X509_V_ERR_CERT_REJECTED:
- return ("certificate rejected");
- case X509_V_ERR_APPLICATION_VERIFICATION:
- return("application verification failure");
- case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
- return("subject issuer mismatch");
- case X509_V_ERR_AKID_SKID_MISMATCH:
- return("authority and subject key identifier mismatch");
- case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
- return("authority and issuer serial number mismatch");
- case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
- return("key usage does not include certificate signing");
- case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
- return("unable to get CRL issuer certificate");
- case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
- return("unhandled critical extension");
- case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
- return("key usage does not include CRL signing");
- case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
- return("key usage does not include digital signature");
- case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
- return("unhandled critical CRL extension");
- case X509_V_ERR_INVALID_EXTENSION:
- return("invalid or inconsistent certificate extension");
- case X509_V_ERR_INVALID_POLICY_EXTENSION:
- return("invalid or inconsistent certificate policy extension");
- case X509_V_ERR_NO_EXPLICIT_POLICY:
- return("no explicit policy");
- case X509_V_ERR_UNNESTED_RESOURCE:
- return("RFC 3779 resource not subset of parent's resources");
- default:
- BIO_snprintf(buf,sizeof buf,"error number %ld",n);
- return(buf);
- }
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_txt.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_txt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_txt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_txt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,171 @@
+/* crypto/x509/x509_txt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+const char *X509_verify_cert_error_string(long n)
+{
+ static char buf[100];
+
+ switch ((int)n) {
+ case X509_V_OK:
+ return ("ok");
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+ return ("unable to get issuer certificate");
+ case X509_V_ERR_UNABLE_TO_GET_CRL:
+ return ("unable to get certificate CRL");
+ case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+ return ("unable to decrypt certificate's signature");
+ case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+ return ("unable to decrypt CRL's signature");
+ case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+ return ("unable to decode issuer public key");
+ case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+ return ("certificate signature failure");
+ case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+ return ("CRL signature failure");
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ return ("certificate is not yet valid");
+ case X509_V_ERR_CRL_NOT_YET_VALID:
+ return ("CRL is not yet valid");
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ return ("certificate has expired");
+ case X509_V_ERR_CRL_HAS_EXPIRED:
+ return ("CRL has expired");
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+ return ("format error in certificate's notBefore field");
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+ return ("format error in certificate's notAfter field");
+ case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+ return ("format error in CRL's lastUpdate field");
+ case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+ return ("format error in CRL's nextUpdate field");
+ case X509_V_ERR_OUT_OF_MEM:
+ return ("out of memory");
+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+ return ("self signed certificate");
+ case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+ return ("self signed certificate in certificate chain");
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+ return ("unable to get local issuer certificate");
+ case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+ return ("unable to verify the first certificate");
+ case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+ return ("certificate chain too long");
+ case X509_V_ERR_CERT_REVOKED:
+ return ("certificate revoked");
+ case X509_V_ERR_INVALID_CA:
+ return ("invalid CA certificate");
+ case X509_V_ERR_INVALID_NON_CA:
+ return ("invalid non-CA certificate (has CA markings)");
+ case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+ return ("path length constraint exceeded");
+ case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
+ return ("proxy path length constraint exceeded");
+ case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
+ return
+ ("proxy certificates not allowed, please set the appropriate flag");
+ case X509_V_ERR_INVALID_PURPOSE:
+ return ("unsupported certificate purpose");
+ case X509_V_ERR_CERT_UNTRUSTED:
+ return ("certificate not trusted");
+ case X509_V_ERR_CERT_REJECTED:
+ return ("certificate rejected");
+ case X509_V_ERR_APPLICATION_VERIFICATION:
+ return ("application verification failure");
+ case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+ return ("subject issuer mismatch");
+ case X509_V_ERR_AKID_SKID_MISMATCH:
+ return ("authority and subject key identifier mismatch");
+ case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
+ return ("authority and issuer serial number mismatch");
+ case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
+ return ("key usage does not include certificate signing");
+ case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+ return ("unable to get CRL issuer certificate");
+ case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+ return ("unhandled critical extension");
+ case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
+ return ("key usage does not include CRL signing");
+ case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
+ return ("key usage does not include digital signature");
+ case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
+ return ("unhandled critical CRL extension");
+ case X509_V_ERR_INVALID_EXTENSION:
+ return ("invalid or inconsistent certificate extension");
+ case X509_V_ERR_INVALID_POLICY_EXTENSION:
+ return ("invalid or inconsistent certificate policy extension");
+ case X509_V_ERR_NO_EXPLICIT_POLICY:
+ return ("no explicit policy");
+ case X509_V_ERR_UNNESTED_RESOURCE:
+ return ("RFC 3779 resource not subset of parent's resources");
+ default:
+ BIO_snprintf(buf, sizeof buf, "error number %ld", n);
+ return (buf);
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_v3.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_v3.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_v3.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,274 +0,0 @@
-/* crypto/x509/x509_v3.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
- {
- if (x == NULL) return(0);
- return(sk_X509_EXTENSION_num(x));
- }
-
-int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
- int lastpos)
- {
- ASN1_OBJECT *obj;
-
- obj=OBJ_nid2obj(nid);
- if (obj == NULL) return(-2);
- return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
- }
-
-int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
- int lastpos)
- {
- int n;
- X509_EXTENSION *ex;
-
- if (sk == NULL) return(-1);
- lastpos++;
- if (lastpos < 0)
- lastpos=0;
- n=sk_X509_EXTENSION_num(sk);
- for ( ; lastpos < n; lastpos++)
- {
- ex=sk_X509_EXTENSION_value(sk,lastpos);
- if (OBJ_cmp(ex->object,obj) == 0)
- return(lastpos);
- }
- return(-1);
- }
-
-int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
- int lastpos)
- {
- int n;
- X509_EXTENSION *ex;
-
- if (sk == NULL) return(-1);
- lastpos++;
- if (lastpos < 0)
- lastpos=0;
- n=sk_X509_EXTENSION_num(sk);
- for ( ; lastpos < n; lastpos++)
- {
- ex=sk_X509_EXTENSION_value(sk,lastpos);
- if ( ((ex->critical > 0) && crit) ||
- ((ex->critical <= 0) && !crit))
- return(lastpos);
- }
- return(-1);
- }
-
-X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
- {
- if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
- return NULL;
- else
- return sk_X509_EXTENSION_value(x,loc);
- }
-
-X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
- {
- X509_EXTENSION *ret;
-
- if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
- return(NULL);
- ret=sk_X509_EXTENSION_delete(x,loc);
- return(ret);
- }
-
-STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
- X509_EXTENSION *ex, int loc)
- {
- X509_EXTENSION *new_ex=NULL;
- int n;
- STACK_OF(X509_EXTENSION) *sk=NULL;
-
- if (x == NULL)
- {
- X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER);
- goto err2;
- }
-
- if (*x == NULL)
- {
- if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
- goto err;
- }
- else
- sk= *x;
-
- n=sk_X509_EXTENSION_num(sk);
- if (loc > n) loc=n;
- else if (loc < 0) loc=n;
-
- if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
- goto err2;
- if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
- goto err;
- if (*x == NULL)
- *x=sk;
- return(sk);
-err:
- X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
-err2:
- if (new_ex != NULL) X509_EXTENSION_free(new_ex);
- if (sk != NULL) sk_X509_EXTENSION_free(sk);
- return(NULL);
- }
-
-X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
- int crit, ASN1_OCTET_STRING *data)
- {
- ASN1_OBJECT *obj;
- X509_EXTENSION *ret;
-
- obj=OBJ_nid2obj(nid);
- if (obj == NULL)
- {
- X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
- return(NULL);
- }
- ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
- if (ret == NULL) ASN1_OBJECT_free(obj);
- return(ret);
- }
-
-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
- ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
- {
- X509_EXTENSION *ret;
-
- if ((ex == NULL) || (*ex == NULL))
- {
- if ((ret=X509_EXTENSION_new()) == NULL)
- {
- X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- }
- else
- ret= *ex;
-
- if (!X509_EXTENSION_set_object(ret,obj))
- goto err;
- if (!X509_EXTENSION_set_critical(ret,crit))
- goto err;
- if (!X509_EXTENSION_set_data(ret,data))
- goto err;
-
- if ((ex != NULL) && (*ex == NULL)) *ex=ret;
- return(ret);
-err:
- if ((ex == NULL) || (ret != *ex))
- X509_EXTENSION_free(ret);
- return(NULL);
- }
-
-int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
- {
- if ((ex == NULL) || (obj == NULL))
- return(0);
- ASN1_OBJECT_free(ex->object);
- ex->object=OBJ_dup(obj);
- return(1);
- }
-
-int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
- {
- if (ex == NULL) return(0);
- ex->critical=(crit)?0xFF:-1;
- return(1);
- }
-
-int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
- {
- int i;
-
- if (ex == NULL) return(0);
- i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
- if (!i) return(0);
- return(1);
- }
-
-ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
- {
- if (ex == NULL) return(NULL);
- return(ex->object);
- }
-
-ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
- {
- if (ex == NULL) return(NULL);
- return(ex->value);
- }
-
-int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
- {
- if (ex == NULL) return(0);
- if(ex->critical > 0) return 1;
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_v3.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_v3.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_v3.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_v3.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,284 @@
+/* crypto/x509/x509_v3.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
+{
+ if (x == NULL)
+ return (0);
+ return (sk_X509_EXTENSION_num(x));
+}
+
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
+ int lastpos)
+{
+ ASN1_OBJECT *obj;
+
+ obj = OBJ_nid2obj(nid);
+ if (obj == NULL)
+ return (-2);
+ return (X509v3_get_ext_by_OBJ(x, obj, lastpos));
+}
+
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
+ ASN1_OBJECT *obj, int lastpos)
+{
+ int n;
+ X509_EXTENSION *ex;
+
+ if (sk == NULL)
+ return (-1);
+ lastpos++;
+ if (lastpos < 0)
+ lastpos = 0;
+ n = sk_X509_EXTENSION_num(sk);
+ for (; lastpos < n; lastpos++) {
+ ex = sk_X509_EXTENSION_value(sk, lastpos);
+ if (OBJ_cmp(ex->object, obj) == 0)
+ return (lastpos);
+ }
+ return (-1);
+}
+
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
+ int lastpos)
+{
+ int n;
+ X509_EXTENSION *ex;
+
+ if (sk == NULL)
+ return (-1);
+ lastpos++;
+ if (lastpos < 0)
+ lastpos = 0;
+ n = sk_X509_EXTENSION_num(sk);
+ for (; lastpos < n; lastpos++) {
+ ex = sk_X509_EXTENSION_value(sk, lastpos);
+ if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit))
+ return (lastpos);
+ }
+ return (-1);
+}
+
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
+{
+ if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+ return NULL;
+ else
+ return sk_X509_EXTENSION_value(x, loc);
+}
+
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
+{
+ X509_EXTENSION *ret;
+
+ if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+ return (NULL);
+ ret = sk_X509_EXTENSION_delete(x, loc);
+ return (ret);
+}
+
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+ X509_EXTENSION *ex, int loc)
+{
+ X509_EXTENSION *new_ex = NULL;
+ int n;
+ STACK_OF(X509_EXTENSION) *sk = NULL;
+
+ if (x == NULL) {
+ X509err(X509_F_X509V3_ADD_EXT, ERR_R_PASSED_NULL_PARAMETER);
+ goto err2;
+ }
+
+ if (*x == NULL) {
+ if ((sk = sk_X509_EXTENSION_new_null()) == NULL)
+ goto err;
+ } else
+ sk = *x;
+
+ n = sk_X509_EXTENSION_num(sk);
+ if (loc > n)
+ loc = n;
+ else if (loc < 0)
+ loc = n;
+
+ if ((new_ex = X509_EXTENSION_dup(ex)) == NULL)
+ goto err2;
+ if (!sk_X509_EXTENSION_insert(sk, new_ex, loc))
+ goto err;
+ if (*x == NULL)
+ *x = sk;
+ return (sk);
+ err:
+ X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
+ err2:
+ if (new_ex != NULL)
+ X509_EXTENSION_free(new_ex);
+ if (sk != NULL)
+ sk_X509_EXTENSION_free(sk);
+ return (NULL);
+}
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
+ int crit,
+ ASN1_OCTET_STRING *data)
+{
+ ASN1_OBJECT *obj;
+ X509_EXTENSION *ret;
+
+ obj = OBJ_nid2obj(nid);
+ if (obj == NULL) {
+ X509err(X509_F_X509_EXTENSION_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+ return (NULL);
+ }
+ ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data);
+ if (ret == NULL)
+ ASN1_OBJECT_free(obj);
+ return (ret);
+}
+
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+ ASN1_OBJECT *obj, int crit,
+ ASN1_OCTET_STRING *data)
+{
+ X509_EXTENSION *ret;
+
+ if ((ex == NULL) || (*ex == NULL)) {
+ if ((ret = X509_EXTENSION_new()) == NULL) {
+ X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,
+ ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ } else
+ ret = *ex;
+
+ if (!X509_EXTENSION_set_object(ret, obj))
+ goto err;
+ if (!X509_EXTENSION_set_critical(ret, crit))
+ goto err;
+ if (!X509_EXTENSION_set_data(ret, data))
+ goto err;
+
+ if ((ex != NULL) && (*ex == NULL))
+ *ex = ret;
+ return (ret);
+ err:
+ if ((ex == NULL) || (ret != *ex))
+ X509_EXTENSION_free(ret);
+ return (NULL);
+}
+
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
+{
+ if ((ex == NULL) || (obj == NULL))
+ return (0);
+ ASN1_OBJECT_free(ex->object);
+ ex->object = OBJ_dup(obj);
+ return (1);
+}
+
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
+{
+ if (ex == NULL)
+ return (0);
+ ex->critical = (crit) ? 0xFF : -1;
+ return (1);
+}
+
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
+{
+ int i;
+
+ if (ex == NULL)
+ return (0);
+ i = M_ASN1_OCTET_STRING_set(ex->value, data->data, data->length);
+ if (!i)
+ return (0);
+ return (1);
+}
+
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
+{
+ if (ex == NULL)
+ return (NULL);
+ return (ex->object);
+}
+
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
+{
+ if (ex == NULL)
+ return (NULL);
+ return (ex->value);
+}
+
+int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
+{
+ if (ex == NULL)
+ return (0);
+ if (ex->critical > 0)
+ return 1;
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1545 +0,0 @@
-/* crypto/x509/x509_vfy.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <errno.h>
-
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-
-static int null_callback(int ok,X509_STORE_CTX *e);
-static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
-static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
-static int check_chain_extensions(X509_STORE_CTX *ctx);
-static int check_trust(X509_STORE_CTX *ctx);
-static int check_revocation(X509_STORE_CTX *ctx);
-static int check_cert(X509_STORE_CTX *ctx);
-static int check_policy(X509_STORE_CTX *ctx);
-static int internal_verify(X509_STORE_CTX *ctx);
-const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT;
-
-
-static int null_callback(int ok, X509_STORE_CTX *e)
- {
- return ok;
- }
-
-#if 0
-static int x509_subject_cmp(X509 **a, X509 **b)
- {
- return X509_subject_name_cmp(*a,*b);
- }
-#endif
-
-int X509_verify_cert(X509_STORE_CTX *ctx)
- {
- X509 *x,*xtmp,*chain_ss=NULL;
- int bad_chain = 0;
- X509_VERIFY_PARAM *param = ctx->param;
- int depth,i,ok=0;
- int num;
- int (*cb)(int xok,X509_STORE_CTX *xctx);
- STACK_OF(X509) *sktmp=NULL;
- if (ctx->cert == NULL)
- {
- X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
- return -1;
- }
-
- cb=ctx->verify_cb;
-
- /* first we make sure the chain we are going to build is
- * present and that the first entry is in place */
- if (ctx->chain == NULL)
- {
- if ( ((ctx->chain=sk_X509_new_null()) == NULL) ||
- (!sk_X509_push(ctx->chain,ctx->cert)))
- {
- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
- goto end;
- }
- CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
- ctx->last_untrusted=1;
- }
-
- /* We use a temporary STACK so we can chop and hack at it */
- if (ctx->untrusted != NULL
- && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
- {
- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
- goto end;
- }
-
- num=sk_X509_num(ctx->chain);
- x=sk_X509_value(ctx->chain,num-1);
- depth=param->depth;
-
-
- for (;;)
- {
- /* If we have enough, we break */
- if (depth < num) break; /* FIXME: If this happens, we should take
- * note of it and, if appropriate, use the
- * X509_V_ERR_CERT_CHAIN_TOO_LONG error
- * code later.
- */
-
- /* If we are self signed, we break */
- if (ctx->check_issued(ctx, x,x)) break;
-
- /* If we were passed a cert chain, use it first */
- if (ctx->untrusted != NULL)
- {
- xtmp=find_issuer(ctx, sktmp,x);
- if (xtmp != NULL)
- {
- if (!sk_X509_push(ctx->chain,xtmp))
- {
- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
- goto end;
- }
- CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
- (void)sk_X509_delete_ptr(sktmp,xtmp);
- ctx->last_untrusted++;
- x=xtmp;
- num++;
- /* reparse the full chain for
- * the next one */
- continue;
- }
- }
- break;
- }
-
- /* at this point, chain should contain a list of untrusted
- * certificates. We now need to add at least one trusted one,
- * if possible, otherwise we complain. */
-
- /* Examine last certificate in chain and see if it
- * is self signed.
- */
-
- i=sk_X509_num(ctx->chain);
- x=sk_X509_value(ctx->chain,i-1);
- if (ctx->check_issued(ctx, x, x))
- {
- /* we have a self signed certificate */
- if (sk_X509_num(ctx->chain) == 1)
- {
- /* We have a single self signed certificate: see if
- * we can find it in the store. We must have an exact
- * match to avoid possible impersonation.
- */
- ok = ctx->get_issuer(&xtmp, ctx, x);
- if ((ok <= 0) || X509_cmp(x, xtmp))
- {
- ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
- ctx->current_cert=x;
- ctx->error_depth=i-1;
- if (ok == 1) X509_free(xtmp);
- bad_chain = 1;
- ok=cb(0,ctx);
- if (!ok) goto end;
- }
- else
- {
- /* We have a match: replace certificate with store version
- * so we get any trust settings.
- */
- X509_free(x);
- x = xtmp;
- (void)sk_X509_set(ctx->chain, i - 1, x);
- ctx->last_untrusted=0;
- }
- }
- else
- {
- /* extract and save self signed certificate for later use */
- chain_ss=sk_X509_pop(ctx->chain);
- ctx->last_untrusted--;
- num--;
- x=sk_X509_value(ctx->chain,num-1);
- }
- }
-
- /* We now lookup certs from the certificate store */
- for (;;)
- {
- /* If we have enough, we break */
- if (depth < num) break;
-
- /* If we are self signed, we break */
- if (ctx->check_issued(ctx,x,x)) break;
-
- ok = ctx->get_issuer(&xtmp, ctx, x);
-
- if (ok < 0) return ok;
- if (ok == 0) break;
-
- x = xtmp;
- if (!sk_X509_push(ctx->chain,x))
- {
- X509_free(xtmp);
- X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- num++;
- }
-
- /* we now have our chain, lets check it... */
-
- /* Is last certificate looked up self signed? */
- if (!ctx->check_issued(ctx,x,x))
- {
- if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
- {
- if (ctx->last_untrusted >= num)
- ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
- else
- ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
- ctx->current_cert=x;
- }
- else
- {
-
- sk_X509_push(ctx->chain,chain_ss);
- num++;
- ctx->last_untrusted=num;
- ctx->current_cert=chain_ss;
- ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
- chain_ss=NULL;
- }
-
- ctx->error_depth=num-1;
- bad_chain = 1;
- ok=cb(0,ctx);
- if (!ok) goto end;
- }
-
- /* We have the chain complete: now we need to check its purpose */
- ok = check_chain_extensions(ctx);
-
- if (!ok) goto end;
-
- /* The chain extensions are OK: check trust */
-
- if (param->trust > 0) ok = check_trust(ctx);
-
- if (!ok) goto end;
-
- /* We may as well copy down any DSA parameters that are required */
- X509_get_pubkey_parameters(NULL,ctx->chain);
-
- /* Check revocation status: we do this after copying parameters
- * because they may be needed for CRL signature verification.
- */
-
- ok = ctx->check_revocation(ctx);
- if(!ok) goto end;
-
- /* At this point, we have a chain and need to verify it */
- if (ctx->verify != NULL)
- ok=ctx->verify(ctx);
- else
- ok=internal_verify(ctx);
- if(!ok) goto end;
-
-#ifndef OPENSSL_NO_RFC3779
- /* RFC 3779 path validation, now that CRL check has been done */
- ok = v3_asid_validate_path(ctx);
- if (!ok) goto end;
- ok = v3_addr_validate_path(ctx);
- if (!ok) goto end;
-#endif
-
- /* If we get this far evaluate policies */
- if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
- ok = ctx->check_policy(ctx);
- if(!ok) goto end;
- if (0)
- {
-end:
- X509_get_pubkey_parameters(NULL,ctx->chain);
- }
- if (sktmp != NULL) sk_X509_free(sktmp);
- if (chain_ss != NULL) X509_free(chain_ss);
- return ok;
- }
-
-
-/* Given a STACK_OF(X509) find the issuer of cert (if any)
- */
-
-static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
-{
- int i;
- X509 *issuer;
- for (i = 0; i < sk_X509_num(sk); i++)
- {
- issuer = sk_X509_value(sk, i);
- if (ctx->check_issued(ctx, x, issuer))
- return issuer;
- }
- return NULL;
-}
-
-/* Given a possible certificate and issuer check them */
-
-static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
-{
- int ret;
- ret = X509_check_issued(issuer, x);
- if (ret == X509_V_OK)
- return 1;
- /* If we haven't asked for issuer errors don't set ctx */
- if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
- return 0;
-
- ctx->error = ret;
- ctx->current_cert = x;
- ctx->current_issuer = issuer;
- return ctx->verify_cb(0, ctx);
- return 0;
-}
-
-/* Alternative lookup method: look from a STACK stored in other_ctx */
-
-static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
-{
- *issuer = find_issuer(ctx, ctx->other_ctx, x);
- if (*issuer)
- {
- CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
- return 1;
- }
- else
- return 0;
-}
-
-
-/* Check a certificate chains extensions for consistency
- * with the supplied purpose
- */
-
-static int check_chain_extensions(X509_STORE_CTX *ctx)
-{
-#ifdef OPENSSL_NO_CHAIN_VERIFY
- return 1;
-#else
- int i, ok=0, must_be_ca, plen = 0;
- X509 *x;
- int (*cb)(int xok,X509_STORE_CTX *xctx);
- int proxy_path_length = 0;
- int allow_proxy_certs =
- !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
- cb=ctx->verify_cb;
-
- /* must_be_ca can have 1 of 3 values:
- -1: we accept both CA and non-CA certificates, to allow direct
- use of self-signed certificates (which are marked as CA).
- 0: we only accept non-CA certificates. This is currently not
- used, but the possibility is present for future extensions.
- 1: we only accept CA certificates. This is currently used for
- all certificates in the chain except the leaf certificate.
- */
- must_be_ca = -1;
-
- /* A hack to keep people who don't want to modify their software
- happy */
- if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
- allow_proxy_certs = 1;
-
- /* Check all untrusted certificates */
- for (i = 0; i < ctx->last_untrusted; i++)
- {
- int ret;
- x = sk_X509_value(ctx->chain, i);
- if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
- && (x->ex_flags & EXFLAG_CRITICAL))
- {
- ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
- ctx->error_depth = i;
- ctx->current_cert = x;
- ok=cb(0,ctx);
- if (!ok) goto end;
- }
- if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY))
- {
- ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
- ctx->error_depth = i;
- ctx->current_cert = x;
- ok=cb(0,ctx);
- if (!ok) goto end;
- }
- ret = X509_check_ca(x);
- switch(must_be_ca)
- {
- case -1:
- if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
- && (ret != 1) && (ret != 0))
- {
- ret = 0;
- ctx->error = X509_V_ERR_INVALID_CA;
- }
- else
- ret = 1;
- break;
- case 0:
- if (ret != 0)
- {
- ret = 0;
- ctx->error = X509_V_ERR_INVALID_NON_CA;
- }
- else
- ret = 1;
- break;
- default:
- if ((ret == 0)
- || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
- && (ret != 1)))
- {
- ret = 0;
- ctx->error = X509_V_ERR_INVALID_CA;
- }
- else
- ret = 1;
- break;
- }
- if (ret == 0)
- {
- ctx->error_depth = i;
- ctx->current_cert = x;
- ok=cb(0,ctx);
- if (!ok) goto end;
- }
- if (ctx->param->purpose > 0)
- {
- ret = X509_check_purpose(x, ctx->param->purpose,
- must_be_ca > 0);
- if ((ret == 0)
- || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
- && (ret != 1)))
- {
- ctx->error = X509_V_ERR_INVALID_PURPOSE;
- ctx->error_depth = i;
- ctx->current_cert = x;
- ok=cb(0,ctx);
- if (!ok) goto end;
- }
- }
- /* Check pathlen if not self issued */
- if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
- && (x->ex_pathlen != -1)
- && (plen > (x->ex_pathlen + proxy_path_length + 1)))
- {
- ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
- ctx->error_depth = i;
- ctx->current_cert = x;
- ok=cb(0,ctx);
- if (!ok) goto end;
- }
- /* Increment path length if not self issued */
- if (!(x->ex_flags & EXFLAG_SI))
- plen++;
- /* If this certificate is a proxy certificate, the next
- certificate must be another proxy certificate or a EE
- certificate. If not, the next certificate must be a
- CA certificate. */
- if (x->ex_flags & EXFLAG_PROXY)
- {
- if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen)
- {
- ctx->error =
- X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
- ctx->error_depth = i;
- ctx->current_cert = x;
- ok=cb(0,ctx);
- if (!ok) goto end;
- }
- proxy_path_length++;
- must_be_ca = 0;
- }
- else
- must_be_ca = 1;
- }
- ok = 1;
- end:
- return ok;
-#endif
-}
-
-static int check_trust(X509_STORE_CTX *ctx)
-{
-#ifdef OPENSSL_NO_CHAIN_VERIFY
- return 1;
-#else
- int i, ok;
- X509 *x;
- int (*cb)(int xok,X509_STORE_CTX *xctx);
- cb=ctx->verify_cb;
-/* For now just check the last certificate in the chain */
- i = sk_X509_num(ctx->chain) - 1;
- x = sk_X509_value(ctx->chain, i);
- ok = X509_check_trust(x, ctx->param->trust, 0);
- if (ok == X509_TRUST_TRUSTED)
- return 1;
- ctx->error_depth = i;
- ctx->current_cert = x;
- if (ok == X509_TRUST_REJECTED)
- ctx->error = X509_V_ERR_CERT_REJECTED;
- else
- ctx->error = X509_V_ERR_CERT_UNTRUSTED;
- ok = cb(0, ctx);
- return ok;
-#endif
-}
-
-static int check_revocation(X509_STORE_CTX *ctx)
- {
- int i, last, ok;
- if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
- return 1;
- if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
- last = sk_X509_num(ctx->chain) - 1;
- else
- last = 0;
- for(i = 0; i <= last; i++)
- {
- ctx->error_depth = i;
- ok = check_cert(ctx);
- if (!ok) return ok;
- }
- return 1;
- }
-
-static int check_cert(X509_STORE_CTX *ctx)
- {
- X509_CRL *crl = NULL;
- X509 *x;
- int ok, cnum;
- cnum = ctx->error_depth;
- x = sk_X509_value(ctx->chain, cnum);
- ctx->current_cert = x;
- /* Try to retrieve relevant CRL */
- ok = ctx->get_crl(ctx, &crl, x);
- /* If error looking up CRL, nothing we can do except
- * notify callback
- */
- if(!ok)
- {
- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
- ok = ctx->verify_cb(0, ctx);
- goto err;
- }
- ctx->current_crl = crl;
- ok = ctx->check_crl(ctx, crl);
- if (!ok) goto err;
- ok = ctx->cert_crl(ctx, crl, x);
- err:
- ctx->current_crl = NULL;
- X509_CRL_free(crl);
- return ok;
-
- }
-
-/* Check CRL times against values in X509_STORE_CTX */
-
-static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
- {
- time_t *ptime;
- int i;
- ctx->current_crl = crl;
- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
- ptime = &ctx->param->check_time;
- else
- ptime = NULL;
-
- i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
- if (i == 0)
- {
- ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
- if (!notify || !ctx->verify_cb(0, ctx))
- return 0;
- }
-
- if (i > 0)
- {
- ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
- if (!notify || !ctx->verify_cb(0, ctx))
- return 0;
- }
-
- if(X509_CRL_get_nextUpdate(crl))
- {
- i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
-
- if (i == 0)
- {
- ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
- if (!notify || !ctx->verify_cb(0, ctx))
- return 0;
- }
-
- if (i < 0)
- {
- ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
- if (!notify || !ctx->verify_cb(0, ctx))
- return 0;
- }
- }
-
- ctx->current_crl = NULL;
-
- return 1;
- }
-
-/* Lookup CRLs from the supplied list. Look for matching isser name
- * and validity. If we can't find a valid CRL return the last one
- * with matching name. This gives more meaningful error codes. Otherwise
- * we'd get a CRL not found error if a CRL existed with matching name but
- * was invalid.
- */
-
-static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl,
- X509_NAME *nm, STACK_OF(X509_CRL) *crls)
- {
- int i;
- X509_CRL *crl, *best_crl = NULL;
- for (i = 0; i < sk_X509_CRL_num(crls); i++)
- {
- crl = sk_X509_CRL_value(crls, i);
- if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
- continue;
- if (check_crl_time(ctx, crl, 0))
- {
- *pcrl = crl;
- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509);
- return 1;
- }
- best_crl = crl;
- }
- if (best_crl)
- {
- *pcrl = best_crl;
- CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509);
- }
-
- return 0;
- }
-
-/* Retrieve CRL corresponding to certificate: currently just a
- * subject lookup: maybe use AKID later...
- */
-static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x)
- {
- int ok;
- X509_CRL *crl = NULL;
- X509_OBJECT xobj;
- X509_NAME *nm;
- nm = X509_get_issuer_name(x);
- ok = get_crl_sk(ctx, &crl, nm, ctx->crls);
- if (ok)
- {
- *pcrl = crl;
- return 1;
- }
-
- ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj);
-
- if (!ok)
- {
- /* If we got a near match from get_crl_sk use that */
- if (crl)
- {
- *pcrl = crl;
- return 1;
- }
- return 0;
- }
-
- *pcrl = xobj.data.crl;
- if (crl)
- X509_CRL_free(crl);
- return 1;
- }
-
-/* Check CRL validity */
-static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
- {
- X509 *issuer = NULL;
- EVP_PKEY *ikey = NULL;
- int ok = 0, chnum, cnum;
- cnum = ctx->error_depth;
- chnum = sk_X509_num(ctx->chain) - 1;
- /* Find CRL issuer: if not last certificate then issuer
- * is next certificate in chain.
- */
- if(cnum < chnum)
- issuer = sk_X509_value(ctx->chain, cnum + 1);
- else
- {
- issuer = sk_X509_value(ctx->chain, chnum);
- /* If not self signed, can't check signature */
- if(!ctx->check_issued(ctx, issuer, issuer))
- {
- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
- ok = ctx->verify_cb(0, ctx);
- if(!ok) goto err;
- }
- }
-
- if(issuer)
- {
- /* Check for cRLSign bit if keyUsage present */
- if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
- !(issuer->ex_kusage & KU_CRL_SIGN))
- {
- ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
- ok = ctx->verify_cb(0, ctx);
- if(!ok) goto err;
- }
-
- /* Attempt to get issuer certificate public key */
- ikey = X509_get_pubkey(issuer);
-
- if(!ikey)
- {
- ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
- ok = ctx->verify_cb(0, ctx);
- if (!ok) goto err;
- }
- else
- {
- /* Verify CRL signature */
- if(X509_CRL_verify(crl, ikey) <= 0)
- {
- ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
- ok = ctx->verify_cb(0, ctx);
- if (!ok) goto err;
- }
- }
- }
-
- ok = check_crl_time(ctx, crl, 1);
- if (!ok)
- goto err;
-
- ok = 1;
-
- err:
- EVP_PKEY_free(ikey);
- return ok;
- }
-
-/* Check certificate against CRL */
-static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
- {
- int idx, ok;
- X509_REVOKED rtmp;
- STACK_OF(X509_EXTENSION) *exts;
- X509_EXTENSION *ext;
- /* Look for serial number of certificate in CRL */
- rtmp.serialNumber = X509_get_serialNumber(x);
- /* Sort revoked into serial number order if not already sorted.
- * Do this under a lock to avoid race condition.
- */
- if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
- {
- CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
- sk_X509_REVOKED_sort(crl->crl->revoked);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
- }
- idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
- /* If found assume revoked: want something cleverer than
- * this to handle entry extensions in V2 CRLs.
- */
- if(idx >= 0)
- {
- ctx->error = X509_V_ERR_CERT_REVOKED;
- ok = ctx->verify_cb(0, ctx);
- if (!ok) return 0;
- }
-
- if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
- return 1;
-
- /* See if we have any critical CRL extensions: since we
- * currently don't handle any CRL extensions the CRL must be
- * rejected.
- * This code accesses the X509_CRL structure directly: applications
- * shouldn't do this.
- */
-
- exts = crl->crl->extensions;
-
- for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
- {
- ext = sk_X509_EXTENSION_value(exts, idx);
- if (ext->critical > 0)
- {
- ctx->error =
- X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
- ok = ctx->verify_cb(0, ctx);
- if(!ok) return 0;
- break;
- }
- }
- return 1;
- }
-
-static int check_policy(X509_STORE_CTX *ctx)
- {
- int ret;
- ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
- ctx->param->policies, ctx->param->flags);
- if (ret == 0)
- {
- X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- /* Invalid or inconsistent extensions */
- if (ret == -1)
- {
- /* Locate certificates with bad extensions and notify
- * callback.
- */
- X509 *x;
- int i;
- for (i = 1; i < sk_X509_num(ctx->chain); i++)
- {
- x = sk_X509_value(ctx->chain, i);
- if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
- continue;
- ctx->current_cert = x;
- ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
- ret = ctx->verify_cb(0, ctx);
- }
- return 1;
- }
- if (ret == -2)
- {
- ctx->current_cert = NULL;
- ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
- return ctx->verify_cb(0, ctx);
- }
-
- if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY)
- {
- ctx->current_cert = NULL;
- ctx->error = X509_V_OK;
- if (!ctx->verify_cb(2, ctx))
- return 0;
- }
-
- return 1;
- }
-
-static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
- {
- time_t *ptime;
- int i;
-
- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
- ptime = &ctx->param->check_time;
- else
- ptime = NULL;
-
- i=X509_cmp_time(X509_get_notBefore(x), ptime);
- if (i == 0)
- {
- ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
- ctx->current_cert=x;
- if (!ctx->verify_cb(0, ctx))
- return 0;
- }
-
- if (i > 0)
- {
- ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
- ctx->current_cert=x;
- if (!ctx->verify_cb(0, ctx))
- return 0;
- }
-
- i=X509_cmp_time(X509_get_notAfter(x), ptime);
- if (i == 0)
- {
- ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
- ctx->current_cert=x;
- if (!ctx->verify_cb(0, ctx))
- return 0;
- }
-
- if (i < 0)
- {
- ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
- ctx->current_cert=x;
- if (!ctx->verify_cb(0, ctx))
- return 0;
- }
-
- return 1;
- }
-
-static int internal_verify(X509_STORE_CTX *ctx)
- {
- int ok=0,n;
- X509 *xs,*xi;
- EVP_PKEY *pkey=NULL;
- int (*cb)(int xok,X509_STORE_CTX *xctx);
-
- cb=ctx->verify_cb;
-
- n=sk_X509_num(ctx->chain);
- ctx->error_depth=n-1;
- n--;
- xi=sk_X509_value(ctx->chain,n);
-
- if (ctx->check_issued(ctx, xi, xi))
- xs=xi;
- else
- {
- if (n <= 0)
- {
- ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
- ctx->current_cert=xi;
- ok=cb(0,ctx);
- goto end;
- }
- else
- {
- n--;
- ctx->error_depth=n;
- xs=sk_X509_value(ctx->chain,n);
- }
- }
-
-/* ctx->error=0; not needed */
- while (n >= 0)
- {
- ctx->error_depth=n;
-
- /* Skip signature check for self signed certificates unless
- * explicitly asked for. It doesn't add any security and
- * just wastes time.
- */
- if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)))
- {
- if ((pkey=X509_get_pubkey(xi)) == NULL)
- {
- ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
- ctx->current_cert=xi;
- ok=(*cb)(0,ctx);
- if (!ok) goto end;
- }
- else if (X509_verify(xs,pkey) <= 0)
- {
- ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
- ctx->current_cert=xs;
- ok=(*cb)(0,ctx);
- if (!ok)
- {
- EVP_PKEY_free(pkey);
- goto end;
- }
- }
- EVP_PKEY_free(pkey);
- pkey=NULL;
- }
-
- xs->valid = 1;
-
- ok = check_cert_time(ctx, xs);
- if (!ok)
- goto end;
-
- /* The last error (if any) is still in the error value */
- ctx->current_issuer=xi;
- ctx->current_cert=xs;
- ok=(*cb)(1,ctx);
- if (!ok) goto end;
-
- n--;
- if (n >= 0)
- {
- xi=xs;
- xs=sk_X509_value(ctx->chain,n);
- }
- }
- ok=1;
-end:
- return ok;
- }
-
-int X509_cmp_current_time(ASN1_TIME *ctm)
-{
- return X509_cmp_time(ctm, NULL);
-}
-
-int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
- {
- char *str;
- ASN1_TIME atm;
- long offset;
- char buff1[24],buff2[24],*p;
- int i,j;
-
- p=buff1;
- i=ctm->length;
- str=(char *)ctm->data;
- if (ctm->type == V_ASN1_UTCTIME)
- {
- if ((i < 11) || (i > 17)) return 0;
- memcpy(p,str,10);
- p+=10;
- str+=10;
- }
- else
- {
- if (i < 13) return 0;
- memcpy(p,str,12);
- p+=12;
- str+=12;
- }
-
- if ((*str == 'Z') || (*str == '-') || (*str == '+'))
- { *(p++)='0'; *(p++)='0'; }
- else
- {
- *(p++)= *(str++);
- *(p++)= *(str++);
- /* Skip any fractional seconds... */
- if (*str == '.')
- {
- str++;
- while ((*str >= '0') && (*str <= '9')) str++;
- }
-
- }
- *(p++)='Z';
- *(p++)='\0';
-
- if (*str == 'Z')
- offset=0;
- else
- {
- if ((*str != '+') && (*str != '-'))
- return 0;
- offset=((str[1]-'0')*10+(str[2]-'0'))*60;
- offset+=(str[3]-'0')*10+(str[4]-'0');
- if (*str == '-')
- offset= -offset;
- }
- atm.type=ctm->type;
- atm.length=sizeof(buff2);
- atm.data=(unsigned char *)buff2;
-
- if (X509_time_adj(&atm, offset*60, cmp_time) == NULL)
- return 0;
-
- if (ctm->type == V_ASN1_UTCTIME)
- {
- i=(buff1[0]-'0')*10+(buff1[1]-'0');
- if (i < 50) i+=100; /* cf. RFC 2459 */
- j=(buff2[0]-'0')*10+(buff2[1]-'0');
- if (j < 50) j+=100;
-
- if (i < j) return -1;
- if (i > j) return 1;
- }
- i=strcmp(buff1,buff2);
- if (i == 0) /* wait a second then return younger :-) */
- return -1;
- else
- return i;
- }
-
-ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
-{
- return X509_time_adj(s, adj, NULL);
-}
-
-ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
- {
- time_t t;
- int type = -1;
-
- if (in_tm) t = *in_tm;
- else time(&t);
-
- t+=adj;
- if (s) type = s->type;
- if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
- if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
- return ASN1_TIME_set(s, t);
- }
-
-int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
- {
- EVP_PKEY *ktmp=NULL,*ktmp2;
- int i,j;
-
- if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
-
- for (i=0; i<sk_X509_num(chain); i++)
- {
- ktmp=X509_get_pubkey(sk_X509_value(chain,i));
- if (ktmp == NULL)
- {
- X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
- return 0;
- }
- if (!EVP_PKEY_missing_parameters(ktmp))
- break;
- else
- {
- EVP_PKEY_free(ktmp);
- ktmp=NULL;
- }
- }
- if (ktmp == NULL)
- {
- X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
- return 0;
- }
-
- /* first, populate the other certs */
- for (j=i-1; j >= 0; j--)
- {
- ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
- EVP_PKEY_copy_parameters(ktmp2,ktmp);
- EVP_PKEY_free(ktmp2);
- }
-
- if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
- EVP_PKEY_free(ktmp);
- return 1;
- }
-
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- /* This function is (usually) called only once, by
- * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
- {
- return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
- }
-
-void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
- {
- return CRYPTO_get_ex_data(&ctx->ex_data,idx);
- }
-
-int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
- {
- return ctx->error;
- }
-
-void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
- {
- ctx->error=err;
- }
-
-int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
- {
- return ctx->error_depth;
- }
-
-X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
- {
- return ctx->current_cert;
- }
-
-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
- {
- return ctx->chain;
- }
-
-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
- {
- int i;
- X509 *x;
- STACK_OF(X509) *chain;
- if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
- for (i = 0; i < sk_X509_num(chain); i++)
- {
- x = sk_X509_value(chain, i);
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
- }
- return chain;
- }
-
-void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
- {
- ctx->cert=x;
- }
-
-void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
- {
- ctx->untrusted=sk;
- }
-
-void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
- {
- ctx->crls=sk;
- }
-
-int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
- {
- return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
- }
-
-int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
- {
- return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
- }
-
-/* This function is used to set the X509_STORE_CTX purpose and trust
- * values. This is intended to be used when another structure has its
- * own trust and purpose values which (if set) will be inherited by
- * the ctx. If they aren't set then we will usually have a default
- * purpose in mind which should then be used to set the trust value.
- * An example of this is SSL use: an SSL structure will have its own
- * purpose and trust settings which the application can set: if they
- * aren't set then we use the default of SSL client/server.
- */
-
-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
- int purpose, int trust)
-{
- int idx;
- /* If purpose not set use default */
- if (!purpose) purpose = def_purpose;
- /* If we have a purpose then check it is valid */
- if (purpose)
- {
- X509_PURPOSE *ptmp;
- idx = X509_PURPOSE_get_by_id(purpose);
- if (idx == -1)
- {
- X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
- X509_R_UNKNOWN_PURPOSE_ID);
- return 0;
- }
- ptmp = X509_PURPOSE_get0(idx);
- if (ptmp->trust == X509_TRUST_DEFAULT)
- {
- idx = X509_PURPOSE_get_by_id(def_purpose);
- if (idx == -1)
- {
- X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
- X509_R_UNKNOWN_PURPOSE_ID);
- return 0;
- }
- ptmp = X509_PURPOSE_get0(idx);
- }
- /* If trust not set then get from purpose default */
- if (!trust) trust = ptmp->trust;
- }
- if (trust)
- {
- idx = X509_TRUST_get_by_id(trust);
- if (idx == -1)
- {
- X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
- X509_R_UNKNOWN_TRUST_ID);
- return 0;
- }
- }
-
- if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose;
- if (trust && !ctx->param->trust) ctx->param->trust = trust;
- return 1;
-}
-
-X509_STORE_CTX *X509_STORE_CTX_new(void)
-{
- X509_STORE_CTX *ctx;
- ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
- if (!ctx)
- {
- X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- memset(ctx, 0, sizeof(X509_STORE_CTX));
- return ctx;
-}
-
-void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
-{
- X509_STORE_CTX_cleanup(ctx);
- OPENSSL_free(ctx);
-}
-
-int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
- STACK_OF(X509) *chain)
- {
- int ret = 1;
- ctx->ctx=store;
- ctx->current_method=0;
- ctx->cert=x509;
- ctx->untrusted=chain;
- ctx->crls = NULL;
- ctx->last_untrusted=0;
- ctx->other_ctx=NULL;
- ctx->valid=0;
- ctx->chain=NULL;
- ctx->error=0;
- ctx->explicit_policy=0;
- ctx->error_depth=0;
- ctx->current_cert=NULL;
- ctx->current_issuer=NULL;
- ctx->tree = NULL;
-
- ctx->param = X509_VERIFY_PARAM_new();
-
- if (!ctx->param)
- {
- X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- /* Inherit callbacks and flags from X509_STORE if not set
- * use defaults.
- */
-
-
- if (store)
- ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
- else
- ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
-
- if (store)
- {
- ctx->verify_cb = store->verify_cb;
- ctx->cleanup = store->cleanup;
- }
- else
- ctx->cleanup = 0;
-
- if (ret)
- ret = X509_VERIFY_PARAM_inherit(ctx->param,
- X509_VERIFY_PARAM_lookup("default"));
-
- if (ret == 0)
- {
- X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- if (store && store->check_issued)
- ctx->check_issued = store->check_issued;
- else
- ctx->check_issued = check_issued;
-
- if (store && store->get_issuer)
- ctx->get_issuer = store->get_issuer;
- else
- ctx->get_issuer = X509_STORE_CTX_get1_issuer;
-
- if (store && store->verify_cb)
- ctx->verify_cb = store->verify_cb;
- else
- ctx->verify_cb = null_callback;
-
- if (store && store->verify)
- ctx->verify = store->verify;
- else
- ctx->verify = internal_verify;
-
- if (store && store->check_revocation)
- ctx->check_revocation = store->check_revocation;
- else
- ctx->check_revocation = check_revocation;
-
- if (store && store->get_crl)
- ctx->get_crl = store->get_crl;
- else
- ctx->get_crl = get_crl;
-
- if (store && store->check_crl)
- ctx->check_crl = store->check_crl;
- else
- ctx->check_crl = check_crl;
-
- if (store && store->cert_crl)
- ctx->cert_crl = store->cert_crl;
- else
- ctx->cert_crl = cert_crl;
-
- ctx->check_policy = check_policy;
-
-
- /* This memset() can't make any sense anyway, so it's removed. As
- * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
- * corresponding "new" here and remove this bogus initialisation. */
- /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
- if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
- &(ctx->ex_data)))
- {
- OPENSSL_free(ctx);
- X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- return 1;
- }
-
-/* Set alternative lookup method: just a STACK of trusted certificates.
- * This avoids X509_STORE nastiness where it isn't needed.
- */
-
-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-{
- ctx->other_ctx = sk;
- ctx->get_issuer = get_issuer_sk;
-}
-
-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
- {
- if (ctx->cleanup) ctx->cleanup(ctx);
- if (ctx->param != NULL)
- {
- X509_VERIFY_PARAM_free(ctx->param);
- ctx->param=NULL;
- }
- if (ctx->tree != NULL)
- {
- X509_policy_tree_free(ctx->tree);
- ctx->tree=NULL;
- }
- if (ctx->chain != NULL)
- {
- sk_X509_pop_free(ctx->chain,X509_free);
- ctx->chain=NULL;
- }
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
- memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
- }
-
-void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
- {
- X509_VERIFY_PARAM_set_depth(ctx->param, depth);
- }
-
-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
- {
- X509_VERIFY_PARAM_set_flags(ctx->param, flags);
- }
-
-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t)
- {
- X509_VERIFY_PARAM_set_time(ctx->param, t);
- }
-
-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
- int (*verify_cb)(int, X509_STORE_CTX *))
- {
- ctx->verify_cb=verify_cb;
- }
-
-X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
- {
- return ctx->tree;
- }
-
-int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
- {
- return ctx->explicit_policy;
- }
-
-int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
- {
- const X509_VERIFY_PARAM *param;
- param = X509_VERIFY_PARAM_lookup(name);
- if (!param)
- return 0;
- return X509_VERIFY_PARAM_inherit(ctx->param, param);
- }
-
-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
- {
- return ctx->param;
- }
-
-void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
- {
- if (ctx->param)
- X509_VERIFY_PARAM_free(ctx->param);
- ctx->param = param;
- }
-
-IMPLEMENT_STACK_OF(X509)
-IMPLEMENT_ASN1_SET_OF(X509)
-
-IMPLEMENT_STACK_OF(X509_NAME)
-
-IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
-IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_vfy.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1511 @@
+/* crypto/x509/x509_vfy.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+
+static int null_callback(int ok, X509_STORE_CTX *e);
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
+static int check_chain_extensions(X509_STORE_CTX *ctx);
+static int check_trust(X509_STORE_CTX *ctx);
+static int check_revocation(X509_STORE_CTX *ctx);
+static int check_cert(X509_STORE_CTX *ctx);
+static int check_policy(X509_STORE_CTX *ctx);
+static int internal_verify(X509_STORE_CTX *ctx);
+const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT;
+
+static int null_callback(int ok, X509_STORE_CTX *e)
+{
+ return ok;
+}
+
+#if 0
+static int x509_subject_cmp(X509 **a, X509 **b)
+{
+ return X509_subject_name_cmp(*a, *b);
+}
+#endif
+
+int X509_verify_cert(X509_STORE_CTX *ctx)
+{
+ X509 *x, *xtmp, *chain_ss = NULL;
+ int bad_chain = 0;
+ X509_VERIFY_PARAM *param = ctx->param;
+ int depth, i, ok = 0;
+ int num;
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
+ STACK_OF(X509) *sktmp = NULL;
+ if (ctx->cert == NULL) {
+ X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+ return -1;
+ }
+
+ cb = ctx->verify_cb;
+
+ /*
+ * first we make sure the chain we are going to build is present and that
+ * the first entry is in place
+ */
+ if (ctx->chain == NULL) {
+ if (((ctx->chain = sk_X509_new_null()) == NULL) ||
+ (!sk_X509_push(ctx->chain, ctx->cert))) {
+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+ CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
+ ctx->last_untrusted = 1;
+ }
+
+ /* We use a temporary STACK so we can chop and hack at it */
+ if (ctx->untrusted != NULL
+ && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+
+ num = sk_X509_num(ctx->chain);
+ x = sk_X509_value(ctx->chain, num - 1);
+ depth = param->depth;
+
+ for (;;) {
+ /* If we have enough, we break */
+ if (depth < num)
+ break; /* FIXME: If this happens, we should take
+ * note of it and, if appropriate, use the
+ * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
+ * later. */
+
+ /* If we are self signed, we break */
+ if (ctx->check_issued(ctx, x, x))
+ break;
+
+ /* If we were passed a cert chain, use it first */
+ if (ctx->untrusted != NULL) {
+ xtmp = find_issuer(ctx, sktmp, x);
+ if (xtmp != NULL) {
+ if (!sk_X509_push(ctx->chain, xtmp)) {
+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+ CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509);
+ (void)sk_X509_delete_ptr(sktmp, xtmp);
+ ctx->last_untrusted++;
+ x = xtmp;
+ num++;
+ /*
+ * reparse the full chain for the next one
+ */
+ continue;
+ }
+ }
+ break;
+ }
+
+ /*
+ * at this point, chain should contain a list of untrusted certificates.
+ * We now need to add at least one trusted one, if possible, otherwise we
+ * complain.
+ */
+
+ /*
+ * Examine last certificate in chain and see if it is self signed.
+ */
+
+ i = sk_X509_num(ctx->chain);
+ x = sk_X509_value(ctx->chain, i - 1);
+ if (ctx->check_issued(ctx, x, x)) {
+ /* we have a self signed certificate */
+ if (sk_X509_num(ctx->chain) == 1) {
+ /*
+ * We have a single self signed certificate: see if we can find
+ * it in the store. We must have an exact match to avoid possible
+ * impersonation.
+ */
+ ok = ctx->get_issuer(&xtmp, ctx, x);
+ if ((ok <= 0) || X509_cmp(x, xtmp)) {
+ ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
+ ctx->current_cert = x;
+ ctx->error_depth = i - 1;
+ if (ok == 1)
+ X509_free(xtmp);
+ bad_chain = 1;
+ ok = cb(0, ctx);
+ if (!ok)
+ goto end;
+ } else {
+ /*
+ * We have a match: replace certificate with store version so
+ * we get any trust settings.
+ */
+ X509_free(x);
+ x = xtmp;
+ (void)sk_X509_set(ctx->chain, i - 1, x);
+ ctx->last_untrusted = 0;
+ }
+ } else {
+ /*
+ * extract and save self signed certificate for later use
+ */
+ chain_ss = sk_X509_pop(ctx->chain);
+ ctx->last_untrusted--;
+ num--;
+ x = sk_X509_value(ctx->chain, num - 1);
+ }
+ }
+
+ /* We now lookup certs from the certificate store */
+ for (;;) {
+ /* If we have enough, we break */
+ if (depth < num)
+ break;
+
+ /* If we are self signed, we break */
+ if (ctx->check_issued(ctx, x, x))
+ break;
+
+ ok = ctx->get_issuer(&xtmp, ctx, x);
+
+ if (ok < 0)
+ return ok;
+ if (ok == 0)
+ break;
+
+ x = xtmp;
+ if (!sk_X509_push(ctx->chain, x)) {
+ X509_free(xtmp);
+ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ num++;
+ }
+
+ /* we now have our chain, lets check it... */
+
+ /* Is last certificate looked up self signed? */
+ if (!ctx->check_issued(ctx, x, x)) {
+ if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
+ if (ctx->last_untrusted >= num)
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
+ else
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
+ ctx->current_cert = x;
+ } else {
+
+ sk_X509_push(ctx->chain, chain_ss);
+ num++;
+ ctx->last_untrusted = num;
+ ctx->current_cert = chain_ss;
+ ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
+ chain_ss = NULL;
+ }
+
+ ctx->error_depth = num - 1;
+ bad_chain = 1;
+ ok = cb(0, ctx);
+ if (!ok)
+ goto end;
+ }
+
+ /* We have the chain complete: now we need to check its purpose */
+ ok = check_chain_extensions(ctx);
+
+ if (!ok)
+ goto end;
+
+ /* The chain extensions are OK: check trust */
+
+ if (param->trust > 0)
+ ok = check_trust(ctx);
+
+ if (!ok)
+ goto end;
+
+ /* We may as well copy down any DSA parameters that are required */
+ X509_get_pubkey_parameters(NULL, ctx->chain);
+
+ /*
+ * Check revocation status: we do this after copying parameters because
+ * they may be needed for CRL signature verification.
+ */
+
+ ok = ctx->check_revocation(ctx);
+ if (!ok)
+ goto end;
+
+ /* At this point, we have a chain and need to verify it */
+ if (ctx->verify != NULL)
+ ok = ctx->verify(ctx);
+ else
+ ok = internal_verify(ctx);
+ if (!ok)
+ goto end;
+
+#ifndef OPENSSL_NO_RFC3779
+ /* RFC 3779 path validation, now that CRL check has been done */
+ ok = v3_asid_validate_path(ctx);
+ if (!ok)
+ goto end;
+ ok = v3_addr_validate_path(ctx);
+ if (!ok)
+ goto end;
+#endif
+
+ /* If we get this far evaluate policies */
+ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
+ ok = ctx->check_policy(ctx);
+ if (!ok)
+ goto end;
+ if (0) {
+ end:
+ X509_get_pubkey_parameters(NULL, ctx->chain);
+ }
+ if (sktmp != NULL)
+ sk_X509_free(sktmp);
+ if (chain_ss != NULL)
+ X509_free(chain_ss);
+ return ok;
+}
+
+/*
+ * Given a STACK_OF(X509) find the issuer of cert (if any)
+ */
+
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
+{
+ int i;
+ X509 *issuer;
+ for (i = 0; i < sk_X509_num(sk); i++) {
+ issuer = sk_X509_value(sk, i);
+ if (ctx->check_issued(ctx, x, issuer))
+ return issuer;
+ }
+ return NULL;
+}
+
+/* Given a possible certificate and issuer check them */
+
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
+{
+ int ret;
+ ret = X509_check_issued(issuer, x);
+ if (ret == X509_V_OK)
+ return 1;
+ /* If we haven't asked for issuer errors don't set ctx */
+ if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+ return 0;
+
+ ctx->error = ret;
+ ctx->current_cert = x;
+ ctx->current_issuer = issuer;
+ return ctx->verify_cb(0, ctx);
+ return 0;
+}
+
+/* Alternative lookup method: look from a STACK stored in other_ctx */
+
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+ *issuer = find_issuer(ctx, ctx->other_ctx, x);
+ if (*issuer) {
+ CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509);
+ return 1;
+ } else
+ return 0;
+}
+
+/*
+ * Check a certificate chains extensions for consistency with the supplied
+ * purpose
+ */
+
+static int check_chain_extensions(X509_STORE_CTX *ctx)
+{
+#ifdef OPENSSL_NO_CHAIN_VERIFY
+ return 1;
+#else
+ int i, ok = 0, must_be_ca, plen = 0;
+ X509 *x;
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
+ int proxy_path_length = 0;
+ int allow_proxy_certs =
+ ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+ cb = ctx->verify_cb;
+
+ /*-
+ * must_be_ca can have 1 of 3 values:
+ * -1: we accept both CA and non-CA certificates, to allow direct
+ * use of self-signed certificates (which are marked as CA).
+ * 0: we only accept non-CA certificates. This is currently not
+ * used, but the possibility is present for future extensions.
+ * 1: we only accept CA certificates. This is currently used for
+ * all certificates in the chain except the leaf certificate.
+ */
+ must_be_ca = -1;
+
+ /*
+ * A hack to keep people who don't want to modify their software happy
+ */
+ if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+ allow_proxy_certs = 1;
+
+ /* Check all untrusted certificates */
+ for (i = 0; i < ctx->last_untrusted; i++) {
+ int ret;
+ x = sk_X509_value(ctx->chain, i);
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+ && (x->ex_flags & EXFLAG_CRITICAL)) {
+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
+ ctx->error_depth = i;
+ ctx->current_cert = x;
+ ok = cb(0, ctx);
+ if (!ok)
+ goto end;
+ }
+ if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
+ ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
+ ctx->error_depth = i;
+ ctx->current_cert = x;
+ ok = cb(0, ctx);
+ if (!ok)
+ goto end;
+ }
+ ret = X509_check_ca(x);
+ switch (must_be_ca) {
+ case -1:
+ if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+ && (ret != 1) && (ret != 0)) {
+ ret = 0;
+ ctx->error = X509_V_ERR_INVALID_CA;
+ } else
+ ret = 1;
+ break;
+ case 0:
+ if (ret != 0) {
+ ret = 0;
+ ctx->error = X509_V_ERR_INVALID_NON_CA;
+ } else
+ ret = 1;
+ break;
+ default:
+ if ((ret == 0)
+ || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+ && (ret != 1))) {
+ ret = 0;
+ ctx->error = X509_V_ERR_INVALID_CA;
+ } else
+ ret = 1;
+ break;
+ }
+ if (ret == 0) {
+ ctx->error_depth = i;
+ ctx->current_cert = x;
+ ok = cb(0, ctx);
+ if (!ok)
+ goto end;
+ }
+ if (ctx->param->purpose > 0) {
+ ret = X509_check_purpose(x, ctx->param->purpose, must_be_ca > 0);
+ if ((ret == 0)
+ || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+ && (ret != 1))) {
+ ctx->error = X509_V_ERR_INVALID_PURPOSE;
+ ctx->error_depth = i;
+ ctx->current_cert = x;
+ ok = cb(0, ctx);
+ if (!ok)
+ goto end;
+ }
+ }
+ /* Check pathlen if not self issued */
+ if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
+ && (x->ex_pathlen != -1)
+ && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+ ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
+ ctx->error_depth = i;
+ ctx->current_cert = x;
+ ok = cb(0, ctx);
+ if (!ok)
+ goto end;
+ }
+ /* Increment path length if not self issued */
+ if (!(x->ex_flags & EXFLAG_SI))
+ plen++;
+ /*
+ * If this certificate is a proxy certificate, the next certificate
+ * must be another proxy certificate or a EE certificate. If not,
+ * the next certificate must be a CA certificate.
+ */
+ if (x->ex_flags & EXFLAG_PROXY) {
+ if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) {
+ ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
+ ctx->error_depth = i;
+ ctx->current_cert = x;
+ ok = cb(0, ctx);
+ if (!ok)
+ goto end;
+ }
+ proxy_path_length++;
+ must_be_ca = 0;
+ } else
+ must_be_ca = 1;
+ }
+ ok = 1;
+ end:
+ return ok;
+#endif
+}
+
+static int check_trust(X509_STORE_CTX *ctx)
+{
+#ifdef OPENSSL_NO_CHAIN_VERIFY
+ return 1;
+#else
+ int i, ok;
+ X509 *x;
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
+ cb = ctx->verify_cb;
+/* For now just check the last certificate in the chain */
+ i = sk_X509_num(ctx->chain) - 1;
+ x = sk_X509_value(ctx->chain, i);
+ ok = X509_check_trust(x, ctx->param->trust, 0);
+ if (ok == X509_TRUST_TRUSTED)
+ return 1;
+ ctx->error_depth = i;
+ ctx->current_cert = x;
+ if (ok == X509_TRUST_REJECTED)
+ ctx->error = X509_V_ERR_CERT_REJECTED;
+ else
+ ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+ ok = cb(0, ctx);
+ return ok;
+#endif
+}
+
+static int check_revocation(X509_STORE_CTX *ctx)
+{
+ int i, last, ok;
+ if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
+ return 1;
+ if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
+ last = sk_X509_num(ctx->chain) - 1;
+ else
+ last = 0;
+ for (i = 0; i <= last; i++) {
+ ctx->error_depth = i;
+ ok = check_cert(ctx);
+ if (!ok)
+ return ok;
+ }
+ return 1;
+}
+
+static int check_cert(X509_STORE_CTX *ctx)
+{
+ X509_CRL *crl = NULL;
+ X509 *x;
+ int ok, cnum;
+ cnum = ctx->error_depth;
+ x = sk_X509_value(ctx->chain, cnum);
+ ctx->current_cert = x;
+ /* Try to retrieve relevant CRL */
+ ok = ctx->get_crl(ctx, &crl, x);
+ /*
+ * If error looking up CRL, nothing we can do except notify callback
+ */
+ if (!ok) {
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+ ok = ctx->verify_cb(0, ctx);
+ goto err;
+ }
+ ctx->current_crl = crl;
+ ok = ctx->check_crl(ctx, crl);
+ if (!ok)
+ goto err;
+ ok = ctx->cert_crl(ctx, crl, x);
+ err:
+ ctx->current_crl = NULL;
+ X509_CRL_free(crl);
+ return ok;
+
+}
+
+/* Check CRL times against values in X509_STORE_CTX */
+
+static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
+{
+ time_t *ptime;
+ int i;
+ ctx->current_crl = crl;
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+ ptime = &ctx->param->check_time;
+ else
+ ptime = NULL;
+
+ i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
+ if (i == 0) {
+ ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
+ if (!notify || !ctx->verify_cb(0, ctx))
+ return 0;
+ }
+
+ if (i > 0) {
+ ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
+ if (!notify || !ctx->verify_cb(0, ctx))
+ return 0;
+ }
+
+ if (X509_CRL_get_nextUpdate(crl)) {
+ i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
+
+ if (i == 0) {
+ ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
+ if (!notify || !ctx->verify_cb(0, ctx))
+ return 0;
+ }
+
+ if (i < 0) {
+ ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
+ if (!notify || !ctx->verify_cb(0, ctx))
+ return 0;
+ }
+ }
+
+ ctx->current_crl = NULL;
+
+ return 1;
+}
+
+/*
+ * Lookup CRLs from the supplied list. Look for matching isser name and
+ * validity. If we can't find a valid CRL return the last one with matching
+ * name. This gives more meaningful error codes. Otherwise we'd get a CRL not
+ * found error if a CRL existed with matching name but was invalid.
+ */
+
+static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl,
+ X509_NAME *nm, STACK_OF(X509_CRL) *crls)
+{
+ int i;
+ X509_CRL *crl, *best_crl = NULL;
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+ crl = sk_X509_CRL_value(crls, i);
+ if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
+ continue;
+ if (check_crl_time(ctx, crl, 0)) {
+ *pcrl = crl;
+ CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509);
+ return 1;
+ }
+ best_crl = crl;
+ }
+ if (best_crl) {
+ *pcrl = best_crl;
+ CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509);
+ }
+
+ return 0;
+}
+
+/*
+ * Retrieve CRL corresponding to certificate: currently just a subject
+ * lookup: maybe use AKID later...
+ */
+static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x)
+{
+ int ok;
+ X509_CRL *crl = NULL;
+ X509_OBJECT xobj;
+ X509_NAME *nm;
+ nm = X509_get_issuer_name(x);
+ ok = get_crl_sk(ctx, &crl, nm, ctx->crls);
+ if (ok) {
+ *pcrl = crl;
+ return 1;
+ }
+
+ ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj);
+
+ if (!ok) {
+ /* If we got a near match from get_crl_sk use that */
+ if (crl) {
+ *pcrl = crl;
+ return 1;
+ }
+ return 0;
+ }
+
+ *pcrl = xobj.data.crl;
+ if (crl)
+ X509_CRL_free(crl);
+ return 1;
+}
+
+/* Check CRL validity */
+static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
+{
+ X509 *issuer = NULL;
+ EVP_PKEY *ikey = NULL;
+ int ok = 0, chnum, cnum;
+ cnum = ctx->error_depth;
+ chnum = sk_X509_num(ctx->chain) - 1;
+ /*
+ * Find CRL issuer: if not last certificate then issuer is next
+ * certificate in chain.
+ */
+ if (cnum < chnum)
+ issuer = sk_X509_value(ctx->chain, cnum + 1);
+ else {
+ issuer = sk_X509_value(ctx->chain, chnum);
+ /* If not self signed, can't check signature */
+ if (!ctx->check_issued(ctx, issuer, issuer)) {
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
+ ok = ctx->verify_cb(0, ctx);
+ if (!ok)
+ goto err;
+ }
+ }
+
+ if (issuer) {
+ /* Check for cRLSign bit if keyUsage present */
+ if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
+ !(issuer->ex_kusage & KU_CRL_SIGN)) {
+ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
+ ok = ctx->verify_cb(0, ctx);
+ if (!ok)
+ goto err;
+ }
+
+ /* Attempt to get issuer certificate public key */
+ ikey = X509_get_pubkey(issuer);
+
+ if (!ikey) {
+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+ ok = ctx->verify_cb(0, ctx);
+ if (!ok)
+ goto err;
+ } else {
+ /* Verify CRL signature */
+ if (X509_CRL_verify(crl, ikey) <= 0) {
+ ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
+ ok = ctx->verify_cb(0, ctx);
+ if (!ok)
+ goto err;
+ }
+ }
+ }
+
+ ok = check_crl_time(ctx, crl, 1);
+ if (!ok)
+ goto err;
+
+ ok = 1;
+
+ err:
+ EVP_PKEY_free(ikey);
+ return ok;
+}
+
+/* Check certificate against CRL */
+static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
+{
+ int idx, ok;
+ X509_REVOKED rtmp;
+ STACK_OF(X509_EXTENSION) *exts;
+ X509_EXTENSION *ext;
+ /* Look for serial number of certificate in CRL */
+ rtmp.serialNumber = X509_get_serialNumber(x);
+ /*
+ * Sort revoked into serial number order if not already sorted. Do this
+ * under a lock to avoid race condition.
+ */
+ if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) {
+ CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
+ sk_X509_REVOKED_sort(crl->crl->revoked);
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
+ }
+ idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+ /*
+ * If found assume revoked: want something cleverer than this to handle
+ * entry extensions in V2 CRLs.
+ */
+ if (idx >= 0) {
+ ctx->error = X509_V_ERR_CERT_REVOKED;
+ ok = ctx->verify_cb(0, ctx);
+ if (!ok)
+ return 0;
+ }
+
+ if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+ return 1;
+
+ /*
+ * See if we have any critical CRL extensions: since we currently don't
+ * handle any CRL extensions the CRL must be rejected. This code
+ * accesses the X509_CRL structure directly: applications shouldn't do
+ * this.
+ */
+
+ exts = crl->crl->extensions;
+
+ for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
+ ext = sk_X509_EXTENSION_value(exts, idx);
+ if (ext->critical > 0) {
+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
+ ok = ctx->verify_cb(0, ctx);
+ if (!ok)
+ return 0;
+ break;
+ }
+ }
+ return 1;
+}
+
+static int check_policy(X509_STORE_CTX *ctx)
+{
+ int ret;
+ ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
+ ctx->param->policies, ctx->param->flags);
+ if (ret == 0) {
+ X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /* Invalid or inconsistent extensions */
+ if (ret == -1) {
+ /*
+ * Locate certificates with bad extensions and notify callback.
+ */
+ X509 *x;
+ int i;
+ for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+ x = sk_X509_value(ctx->chain, i);
+ if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
+ continue;
+ ctx->current_cert = x;
+ ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
+ ret = ctx->verify_cb(0, ctx);
+ }
+ return 1;
+ }
+ if (ret == -2) {
+ ctx->current_cert = NULL;
+ ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
+ return ctx->verify_cb(0, ctx);
+ }
+
+ if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
+ ctx->current_cert = NULL;
+ ctx->error = X509_V_OK;
+ if (!ctx->verify_cb(2, ctx))
+ return 0;
+ }
+
+ return 1;
+}
+
+static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
+{
+ time_t *ptime;
+ int i;
+
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+ ptime = &ctx->param->check_time;
+ else
+ ptime = NULL;
+
+ i = X509_cmp_time(X509_get_notBefore(x), ptime);
+ if (i == 0) {
+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
+ ctx->current_cert = x;
+ if (!ctx->verify_cb(0, ctx))
+ return 0;
+ }
+
+ if (i > 0) {
+ ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
+ ctx->current_cert = x;
+ if (!ctx->verify_cb(0, ctx))
+ return 0;
+ }
+
+ i = X509_cmp_time(X509_get_notAfter(x), ptime);
+ if (i == 0) {
+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
+ ctx->current_cert = x;
+ if (!ctx->verify_cb(0, ctx))
+ return 0;
+ }
+
+ if (i < 0) {
+ ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
+ ctx->current_cert = x;
+ if (!ctx->verify_cb(0, ctx))
+ return 0;
+ }
+
+ return 1;
+}
+
+static int internal_verify(X509_STORE_CTX *ctx)
+{
+ int ok = 0, n;
+ X509 *xs, *xi;
+ EVP_PKEY *pkey = NULL;
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
+
+ cb = ctx->verify_cb;
+
+ n = sk_X509_num(ctx->chain);
+ ctx->error_depth = n - 1;
+ n--;
+ xi = sk_X509_value(ctx->chain, n);
+
+ if (ctx->check_issued(ctx, xi, xi))
+ xs = xi;
+ else {
+ if (n <= 0) {
+ ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
+ ctx->current_cert = xi;
+ ok = cb(0, ctx);
+ goto end;
+ } else {
+ n--;
+ ctx->error_depth = n;
+ xs = sk_X509_value(ctx->chain, n);
+ }
+ }
+
+/* ctx->error=0; not needed */
+ while (n >= 0) {
+ ctx->error_depth = n;
+
+ /*
+ * Skip signature check for self signed certificates unless
+ * explicitly asked for. It doesn't add any security and just wastes
+ * time.
+ */
+ if (!xs->valid
+ && (xs != xi
+ || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) {
+ if ((pkey = X509_get_pubkey(xi)) == NULL) {
+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+ ctx->current_cert = xi;
+ ok = (*cb) (0, ctx);
+ if (!ok)
+ goto end;
+ } else if (X509_verify(xs, pkey) <= 0) {
+ ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
+ ctx->current_cert = xs;
+ ok = (*cb) (0, ctx);
+ if (!ok) {
+ EVP_PKEY_free(pkey);
+ goto end;
+ }
+ }
+ EVP_PKEY_free(pkey);
+ pkey = NULL;
+ }
+
+ xs->valid = 1;
+
+ ok = check_cert_time(ctx, xs);
+ if (!ok)
+ goto end;
+
+ /* The last error (if any) is still in the error value */
+ ctx->current_issuer = xi;
+ ctx->current_cert = xs;
+ ok = (*cb) (1, ctx);
+ if (!ok)
+ goto end;
+
+ n--;
+ if (n >= 0) {
+ xi = xs;
+ xs = sk_X509_value(ctx->chain, n);
+ }
+ }
+ ok = 1;
+ end:
+ return ok;
+}
+
+int X509_cmp_current_time(ASN1_TIME *ctm)
+{
+ return X509_cmp_time(ctm, NULL);
+}
+
+int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
+{
+ char *str;
+ ASN1_TIME atm;
+ long offset;
+ char buff1[24], buff2[24], *p;
+ int i, j;
+
+ p = buff1;
+ i = ctm->length;
+ str = (char *)ctm->data;
+ if (ctm->type == V_ASN1_UTCTIME) {
+ if ((i < 11) || (i > 17))
+ return 0;
+ memcpy(p, str, 10);
+ p += 10;
+ str += 10;
+ } else {
+ if (i < 13)
+ return 0;
+ memcpy(p, str, 12);
+ p += 12;
+ str += 12;
+ }
+
+ if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
+ *(p++) = '0';
+ *(p++) = '0';
+ } else {
+ *(p++) = *(str++);
+ *(p++) = *(str++);
+ /* Skip any fractional seconds... */
+ if (*str == '.') {
+ str++;
+ while ((*str >= '0') && (*str <= '9'))
+ str++;
+ }
+
+ }
+ *(p++) = 'Z';
+ *(p++) = '\0';
+
+ if (*str == 'Z')
+ offset = 0;
+ else {
+ if ((*str != '+') && (*str != '-'))
+ return 0;
+ offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
+ offset += (str[3] - '0') * 10 + (str[4] - '0');
+ if (*str == '-')
+ offset = -offset;
+ }
+ atm.type = ctm->type;
+ atm.length = sizeof(buff2);
+ atm.data = (unsigned char *)buff2;
+
+ if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
+ return 0;
+
+ if (ctm->type == V_ASN1_UTCTIME) {
+ i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
+ if (i < 50)
+ i += 100; /* cf. RFC 2459 */
+ j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
+ if (j < 50)
+ j += 100;
+
+ if (i < j)
+ return -1;
+ if (i > j)
+ return 1;
+ }
+ i = strcmp(buff1, buff2);
+ if (i == 0) /* wait a second then return younger :-) */
+ return -1;
+ else
+ return i;
+}
+
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
+{
+ return X509_time_adj(s, adj, NULL);
+}
+
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
+{
+ time_t t;
+ int type = -1;
+
+ if (in_tm)
+ t = *in_tm;
+ else
+ time(&t);
+
+ t += adj;
+ if (s)
+ type = s->type;
+ if (type == V_ASN1_UTCTIME)
+ return ASN1_UTCTIME_set(s, t);
+ if (type == V_ASN1_GENERALIZEDTIME)
+ return ASN1_GENERALIZEDTIME_set(s, t);
+ return ASN1_TIME_set(s, t);
+}
+
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
+{
+ EVP_PKEY *ktmp = NULL, *ktmp2;
+ int i, j;
+
+ if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey))
+ return 1;
+
+ for (i = 0; i < sk_X509_num(chain); i++) {
+ ktmp = X509_get_pubkey(sk_X509_value(chain, i));
+ if (ktmp == NULL) {
+ X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
+ X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
+ return 0;
+ }
+ if (!EVP_PKEY_missing_parameters(ktmp))
+ break;
+ else {
+ EVP_PKEY_free(ktmp);
+ ktmp = NULL;
+ }
+ }
+ if (ktmp == NULL) {
+ X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
+ X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
+ return 0;
+ }
+
+ /* first, populate the other certs */
+ for (j = i - 1; j >= 0; j--) {
+ ktmp2 = X509_get_pubkey(sk_X509_value(chain, j));
+ EVP_PKEY_copy_parameters(ktmp2, ktmp);
+ EVP_PKEY_free(ktmp2);
+ }
+
+ if (pkey != NULL)
+ EVP_PKEY_copy_parameters(pkey, ktmp);
+ EVP_PKEY_free(ktmp);
+ return 1;
+}
+
+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func)
+{
+ /*
+ * This function is (usually) called only once, by
+ * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
+ */
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
+{
+ return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+}
+
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
+{
+ return CRYPTO_get_ex_data(&ctx->ex_data, idx);
+}
+
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
+{
+ return ctx->error;
+}
+
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
+{
+ ctx->error = err;
+}
+
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
+{
+ return ctx->error_depth;
+}
+
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
+{
+ return ctx->current_cert;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
+{
+ return ctx->chain;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
+{
+ int i;
+ X509 *x;
+ STACK_OF(X509) *chain;
+ if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain)))
+ return NULL;
+ for (i = 0; i < sk_X509_num(chain); i++) {
+ x = sk_X509_value(chain, i);
+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ }
+ return chain;
+}
+
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
+{
+ ctx->cert = x;
+}
+
+void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+ ctx->untrusted = sk;
+}
+
+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
+{
+ ctx->crls = sk;
+}
+
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
+{
+ return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
+}
+
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
+{
+ return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
+}
+
+/*
+ * This function is used to set the X509_STORE_CTX purpose and trust values.
+ * This is intended to be used when another structure has its own trust and
+ * purpose values which (if set) will be inherited by the ctx. If they aren't
+ * set then we will usually have a default purpose in mind which should then
+ * be used to set the trust value. An example of this is SSL use: an SSL
+ * structure will have its own purpose and trust settings which the
+ * application can set: if they aren't set then we use the default of SSL
+ * client/server.
+ */
+
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+ int purpose, int trust)
+{
+ int idx;
+ /* If purpose not set use default */
+ if (!purpose)
+ purpose = def_purpose;
+ /* If we have a purpose then check it is valid */
+ if (purpose) {
+ X509_PURPOSE *ptmp;
+ idx = X509_PURPOSE_get_by_id(purpose);
+ if (idx == -1) {
+ X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+ X509_R_UNKNOWN_PURPOSE_ID);
+ return 0;
+ }
+ ptmp = X509_PURPOSE_get0(idx);
+ if (ptmp->trust == X509_TRUST_DEFAULT) {
+ idx = X509_PURPOSE_get_by_id(def_purpose);
+ if (idx == -1) {
+ X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+ X509_R_UNKNOWN_PURPOSE_ID);
+ return 0;
+ }
+ ptmp = X509_PURPOSE_get0(idx);
+ }
+ /* If trust not set then get from purpose default */
+ if (!trust)
+ trust = ptmp->trust;
+ }
+ if (trust) {
+ idx = X509_TRUST_get_by_id(trust);
+ if (idx == -1) {
+ X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+ X509_R_UNKNOWN_TRUST_ID);
+ return 0;
+ }
+ }
+
+ if (purpose && !ctx->param->purpose)
+ ctx->param->purpose = purpose;
+ if (trust && !ctx->param->trust)
+ ctx->param->trust = trust;
+ return 1;
+}
+
+X509_STORE_CTX *X509_STORE_CTX_new(void)
+{
+ X509_STORE_CTX *ctx;
+ ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
+ if (!ctx) {
+ X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ memset(ctx, 0, sizeof(X509_STORE_CTX));
+ return ctx;
+}
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
+{
+ X509_STORE_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+}
+
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+ STACK_OF(X509) *chain)
+{
+ int ret = 1;
+ ctx->ctx = store;
+ ctx->current_method = 0;
+ ctx->cert = x509;
+ ctx->untrusted = chain;
+ ctx->crls = NULL;
+ ctx->last_untrusted = 0;
+ ctx->other_ctx = NULL;
+ ctx->valid = 0;
+ ctx->chain = NULL;
+ ctx->error = 0;
+ ctx->explicit_policy = 0;
+ ctx->error_depth = 0;
+ ctx->current_cert = NULL;
+ ctx->current_issuer = NULL;
+ ctx->tree = NULL;
+
+ ctx->param = X509_VERIFY_PARAM_new();
+
+ if (!ctx->param) {
+ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ /*
+ * Inherit callbacks and flags from X509_STORE if not set use defaults.
+ */
+
+ if (store)
+ ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
+ else
+ ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
+
+ if (store) {
+ ctx->verify_cb = store->verify_cb;
+ ctx->cleanup = store->cleanup;
+ } else
+ ctx->cleanup = 0;
+
+ if (ret)
+ ret = X509_VERIFY_PARAM_inherit(ctx->param,
+ X509_VERIFY_PARAM_lookup("default"));
+
+ if (ret == 0) {
+ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if (store && store->check_issued)
+ ctx->check_issued = store->check_issued;
+ else
+ ctx->check_issued = check_issued;
+
+ if (store && store->get_issuer)
+ ctx->get_issuer = store->get_issuer;
+ else
+ ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+
+ if (store && store->verify_cb)
+ ctx->verify_cb = store->verify_cb;
+ else
+ ctx->verify_cb = null_callback;
+
+ if (store && store->verify)
+ ctx->verify = store->verify;
+ else
+ ctx->verify = internal_verify;
+
+ if (store && store->check_revocation)
+ ctx->check_revocation = store->check_revocation;
+ else
+ ctx->check_revocation = check_revocation;
+
+ if (store && store->get_crl)
+ ctx->get_crl = store->get_crl;
+ else
+ ctx->get_crl = get_crl;
+
+ if (store && store->check_crl)
+ ctx->check_crl = store->check_crl;
+ else
+ ctx->check_crl = check_crl;
+
+ if (store && store->cert_crl)
+ ctx->cert_crl = store->cert_crl;
+ else
+ ctx->cert_crl = cert_crl;
+
+ ctx->check_policy = check_policy;
+
+ /*
+ * This memset() can't make any sense anyway, so it's removed. As
+ * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
+ * corresponding "new" here and remove this bogus initialisation.
+ */
+ /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+ &(ctx->ex_data))) {
+ OPENSSL_free(ctx);
+ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ * Set alternative lookup method: just a STACK of trusted certificates. This
+ * avoids X509_STORE nastiness where it isn't needed.
+ */
+
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+ ctx->other_ctx = sk;
+ ctx->get_issuer = get_issuer_sk;
+}
+
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
+{
+ if (ctx->cleanup)
+ ctx->cleanup(ctx);
+ if (ctx->param != NULL) {
+ X509_VERIFY_PARAM_free(ctx->param);
+ ctx->param = NULL;
+ }
+ if (ctx->tree != NULL) {
+ X509_policy_tree_free(ctx->tree);
+ ctx->tree = NULL;
+ }
+ if (ctx->chain != NULL) {
+ sk_X509_pop_free(ctx->chain, X509_free);
+ ctx->chain = NULL;
+ }
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
+ memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
+}
+
+void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
+{
+ X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+}
+
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
+{
+ X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+}
+
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+ time_t t)
+{
+ X509_VERIFY_PARAM_set_time(ctx->param, t);
+}
+
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+ int (*verify_cb) (int, X509_STORE_CTX *))
+{
+ ctx->verify_cb = verify_cb;
+}
+
+X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
+{
+ return ctx->tree;
+}
+
+int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
+{
+ return ctx->explicit_policy;
+}
+
+int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
+{
+ const X509_VERIFY_PARAM *param;
+ param = X509_VERIFY_PARAM_lookup(name);
+ if (!param)
+ return 0;
+ return X509_VERIFY_PARAM_inherit(ctx->param, param);
+}
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
+{
+ return ctx->param;
+}
+
+void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
+{
+ if (ctx->param)
+ X509_VERIFY_PARAM_free(ctx->param);
+ ctx->param = param;
+}
+
+IMPLEMENT_STACK_OF(X509)
+
+IMPLEMENT_ASN1_SET_OF(X509)
+
+IMPLEMENT_STACK_OF(X509_NAME)
+
+IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
+
+IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_vfy.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,534 +0,0 @@
-/* crypto/x509/x509_vfy.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_X509_H
-#include <openssl/x509.h>
-/* openssl/x509.h ends up #include-ing this file at about the only
- * appropriate moment. */
-#endif
-
-#ifndef HEADER_X509_VFY_H
-#define HEADER_X509_VFY_H
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_LHASH
-#include <openssl/lhash.h>
-#endif
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/symhacks.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Outer object */
-typedef struct x509_hash_dir_st
- {
- int num_dirs;
- char **dirs;
- int *dirs_type;
- int num_dirs_alloced;
- } X509_HASH_DIR_CTX;
-
-typedef struct x509_file_st
- {
- int num_paths; /* number of paths to files or directories */
- int num_alloced;
- char **paths; /* the list of paths or directories */
- int *path_type;
- } X509_CERT_FILE_CTX;
-
-/*******************************/
-/*
-SSL_CTX -> X509_STORE
- -> X509_LOOKUP
- ->X509_LOOKUP_METHOD
- -> X509_LOOKUP
- ->X509_LOOKUP_METHOD
-
-SSL -> X509_STORE_CTX
- ->X509_STORE
-
-The X509_STORE holds the tables etc for verification stuff.
-A X509_STORE_CTX is used while validating a single certificate.
-The X509_STORE has X509_LOOKUPs for looking up certs.
-The X509_STORE then calls a function to actually verify the
-certificate chain.
-*/
-
-#define X509_LU_RETRY -1
-#define X509_LU_FAIL 0
-#define X509_LU_X509 1
-#define X509_LU_CRL 2
-#define X509_LU_PKEY 3
-
-typedef struct x509_object_st
- {
- /* one of the above types */
- int type;
- union {
- char *ptr;
- X509 *x509;
- X509_CRL *crl;
- EVP_PKEY *pkey;
- } data;
- } X509_OBJECT;
-
-typedef struct x509_lookup_st X509_LOOKUP;
-
-DECLARE_STACK_OF(X509_LOOKUP)
-DECLARE_STACK_OF(X509_OBJECT)
-
-/* This is a static that defines the function interface */
-typedef struct x509_lookup_method_st
- {
- const char *name;
- int (*new_item)(X509_LOOKUP *ctx);
- void (*free)(X509_LOOKUP *ctx);
- int (*init)(X509_LOOKUP *ctx);
- int (*shutdown)(X509_LOOKUP *ctx);
- int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
- char **ret);
- int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
- X509_OBJECT *ret);
- int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
- ASN1_INTEGER *serial,X509_OBJECT *ret);
- int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
- unsigned char *bytes,int len,
- X509_OBJECT *ret);
- int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
- X509_OBJECT *ret);
- } X509_LOOKUP_METHOD;
-
-/* This structure hold all parameters associated with a verify operation
- * by including an X509_VERIFY_PARAM structure in related structures the
- * parameters used can be customized
- */
-
-typedef struct X509_VERIFY_PARAM_st
- {
- char *name;
- time_t check_time; /* Time to use */
- unsigned long inh_flags; /* Inheritance flags */
- unsigned long flags; /* Various verify flags */
- int purpose; /* purpose to check untrusted certificates */
- int trust; /* trust setting to check */
- int depth; /* Verify depth */
- STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
- } X509_VERIFY_PARAM;
-
-DECLARE_STACK_OF(X509_VERIFY_PARAM)
-
-/* This is used to hold everything. It is used for all certificate
- * validation. Once we have a certificate chain, the 'verify'
- * function is then called to actually check the cert chain. */
-struct x509_store_st
- {
- /* The following is a cache of trusted certs */
- int cache; /* if true, stash any hits */
- STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
-
- /* These are external lookup methods */
- STACK_OF(X509_LOOKUP) *get_cert_methods;
-
- X509_VERIFY_PARAM *param;
-
- /* Callbacks for various operations */
- int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
- int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
- int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
- int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
- int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
- int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
- int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
- int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
- int (*cleanup)(X509_STORE_CTX *ctx);
-
- CRYPTO_EX_DATA ex_data;
- int references;
- } /* X509_STORE */;
-
-int X509_STORE_set_depth(X509_STORE *store, int depth);
-
-#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
-
-/* This is the functions plus an instance of the local variables. */
-struct x509_lookup_st
- {
- int init; /* have we been started */
- int skip; /* don't use us. */
- X509_LOOKUP_METHOD *method; /* the functions */
- char *method_data; /* method data */
-
- X509_STORE *store_ctx; /* who owns us */
- } /* X509_LOOKUP */;
-
-/* This is a used when verifying cert chains. Since the
- * gathering of the cert chain can take some time (and have to be
- * 'retried', this needs to be kept and passed around. */
-struct x509_store_ctx_st /* X509_STORE_CTX */
- {
- X509_STORE *ctx;
- int current_method; /* used when looking up certs */
-
- /* The following are set by the caller */
- X509 *cert; /* The cert to check */
- STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */
- STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */
-
- X509_VERIFY_PARAM *param;
- void *other_ctx; /* Other info for use with get_issuer() */
-
- /* Callbacks for various operations */
- int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
- int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
- int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
- int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
- int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
- int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
- int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
- int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
- int (*check_policy)(X509_STORE_CTX *ctx);
- int (*cleanup)(X509_STORE_CTX *ctx);
-
- /* The following is built up */
- int valid; /* if 0, rebuild chain */
- int last_untrusted; /* index of last untrusted cert */
- STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */
- X509_POLICY_TREE *tree; /* Valid policy tree */
-
- int explicit_policy; /* Require explicit policy value */
-
- /* When something goes wrong, this is why */
- int error_depth;
- int error;
- X509 *current_cert;
- X509 *current_issuer; /* cert currently being tested as valid issuer */
- X509_CRL *current_crl; /* current CRL */
-
- CRYPTO_EX_DATA ex_data;
- } /* X509_STORE_CTX */;
-
-void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
-
-#define X509_STORE_CTX_set_app_data(ctx,data) \
- X509_STORE_CTX_set_ex_data(ctx,0,data)
-#define X509_STORE_CTX_get_app_data(ctx) \
- X509_STORE_CTX_get_ex_data(ctx,0)
-
-#define X509_L_FILE_LOAD 1
-#define X509_L_ADD_DIR 2
-
-#define X509_LOOKUP_load_file(x,name,type) \
- X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
-
-#define X509_LOOKUP_add_dir(x,name,type) \
- X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
-
-#define X509_V_OK 0
-/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
-
-#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
-#define X509_V_ERR_UNABLE_TO_GET_CRL 3
-#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
-#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
-#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
-#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
-#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
-#define X509_V_ERR_CERT_NOT_YET_VALID 9
-#define X509_V_ERR_CERT_HAS_EXPIRED 10
-#define X509_V_ERR_CRL_NOT_YET_VALID 11
-#define X509_V_ERR_CRL_HAS_EXPIRED 12
-#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
-#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
-#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
-#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
-#define X509_V_ERR_OUT_OF_MEM 17
-#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
-#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
-#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
-#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
-#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
-#define X509_V_ERR_CERT_REVOKED 23
-#define X509_V_ERR_INVALID_CA 24
-#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
-#define X509_V_ERR_INVALID_PURPOSE 26
-#define X509_V_ERR_CERT_UNTRUSTED 27
-#define X509_V_ERR_CERT_REJECTED 28
-/* These are 'informational' when looking for issuer cert */
-#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
-#define X509_V_ERR_AKID_SKID_MISMATCH 30
-#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
-#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
-
-#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
-#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
-#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
-#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
-#define X509_V_ERR_INVALID_NON_CA 37
-#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
-#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
-#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
-
-#define X509_V_ERR_INVALID_EXTENSION 41
-#define X509_V_ERR_INVALID_POLICY_EXTENSION 42
-#define X509_V_ERR_NO_EXPLICIT_POLICY 43
-
-#define X509_V_ERR_UNNESTED_RESOURCE 44
-
-/* The application is not happy */
-#define X509_V_ERR_APPLICATION_VERIFICATION 50
-
-/* Certificate verify flags */
-
-/* Send issuer+subject checks to verify_cb */
-#define X509_V_FLAG_CB_ISSUER_CHECK 0x1
-/* Use check time instead of current time */
-#define X509_V_FLAG_USE_CHECK_TIME 0x2
-/* Lookup CRLs */
-#define X509_V_FLAG_CRL_CHECK 0x4
-/* Lookup CRLs for whole chain */
-#define X509_V_FLAG_CRL_CHECK_ALL 0x8
-/* Ignore unhandled critical extensions */
-#define X509_V_FLAG_IGNORE_CRITICAL 0x10
-/* Disable workarounds for broken certificates */
-#define X509_V_FLAG_X509_STRICT 0x20
-/* Enable proxy certificate validation */
-#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40
-/* Enable policy checking */
-#define X509_V_FLAG_POLICY_CHECK 0x80
-/* Policy variable require-explicit-policy */
-#define X509_V_FLAG_EXPLICIT_POLICY 0x100
-/* Policy variable inhibit-any-policy */
-#define X509_V_FLAG_INHIBIT_ANY 0x200
-/* Policy variable inhibit-policy-mapping */
-#define X509_V_FLAG_INHIBIT_MAP 0x400
-/* Notify callback that policy is OK */
-#define X509_V_FLAG_NOTIFY_POLICY 0x800
-
-/* Check selfsigned CA signature */
-#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
-
-#define X509_VP_FLAG_DEFAULT 0x1
-#define X509_VP_FLAG_OVERWRITE 0x2
-#define X509_VP_FLAG_RESET_FLAGS 0x4
-#define X509_VP_FLAG_LOCKED 0x8
-#define X509_VP_FLAG_ONCE 0x10
-
-/* Internal use: mask of policy related options */
-#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
- | X509_V_FLAG_EXPLICIT_POLICY \
- | X509_V_FLAG_INHIBIT_ANY \
- | X509_V_FLAG_INHIBIT_MAP)
-
-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
- X509_NAME *name);
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
-void X509_OBJECT_up_ref_count(X509_OBJECT *a);
-void X509_OBJECT_free_contents(X509_OBJECT *a);
-X509_STORE *X509_STORE_new(void );
-void X509_STORE_free(X509_STORE *v);
-
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
-int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
-int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
-
-X509_STORE_CTX *X509_STORE_CTX_new(void);
-
-int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
-
-void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
-int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
- X509 *x509, STACK_OF(X509) *chain);
-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
-void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
-
-X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
-
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
-X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
-
-int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
-int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
-
-int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
- X509_OBJECT *ret);
-
-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
- long argl, char **ret);
-
-#ifndef OPENSSL_NO_STDIO
-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
-#endif
-
-
-X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
-void X509_LOOKUP_free(X509_LOOKUP *ctx);
-int X509_LOOKUP_init(X509_LOOKUP *ctx);
-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
- X509_OBJECT *ret);
-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
- ASN1_INTEGER *serial, X509_OBJECT *ret);
-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
- unsigned char *bytes, int len, X509_OBJECT *ret);
-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
- int len, X509_OBJECT *ret);
-int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
-
-#ifndef OPENSSL_NO_STDIO
-int X509_STORE_load_locations (X509_STORE *ctx,
- const char *file, const char *dir);
-int X509_STORE_set_default_paths(X509_STORE *ctx);
-#endif
-
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
-void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
-int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
-int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
-X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
-STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
-STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
-void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
-void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk);
-int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
-int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
-int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
- int purpose, int trust);
-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
- time_t t);
-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
- int (*verify_cb)(int, X509_STORE_CTX *));
-
-X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
-int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
-
-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
-int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
-
-/* X509_VERIFY_PARAM functions */
-
-X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
-void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
-int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
- const X509_VERIFY_PARAM *from);
-int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
- const X509_VERIFY_PARAM *from);
-int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
-int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
-int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
- unsigned long flags);
-unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
-int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
-int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
-void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
-void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
-int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
- ASN1_OBJECT *policy);
-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
- STACK_OF(ASN1_OBJECT) *policies);
-int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
-
-int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
-const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
-void X509_VERIFY_PARAM_table_cleanup(void);
-
-int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
- STACK_OF(X509) *certs,
- STACK_OF(ASN1_OBJECT) *policy_oids,
- unsigned int flags);
-
-void X509_policy_tree_free(X509_POLICY_TREE *tree);
-
-int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
-X509_POLICY_LEVEL *
- X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);
-
-STACK_OF(X509_POLICY_NODE) *
- X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);
-
-STACK_OF(X509_POLICY_NODE) *
- X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);
-
-int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
-
-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i);
-
-const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
-
-STACK_OF(POLICYQUALINFO) *
- X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);
-const X509_POLICY_NODE *
- X509_policy_node_get0_parent(const X509_POLICY_NODE *node);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.h (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_vfy.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vfy.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,556 @@
+/* crypto/x509/x509_vfy.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_X509_H
+# include <openssl/x509.h>
+/*
+ * openssl/x509.h ends up #include-ing this file at about the only
+ * appropriate moment.
+ */
+#endif
+
+#ifndef HEADER_X509_VFY_H
+# define HEADER_X509_VFY_H
+
+# include <openssl/opensslconf.h>
+# ifndef OPENSSL_NO_LHASH
+# include <openssl/lhash.h>
+# endif
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/symhacks.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Outer object */
+typedef struct x509_hash_dir_st {
+ int num_dirs;
+ char **dirs;
+ int *dirs_type;
+ int num_dirs_alloced;
+} X509_HASH_DIR_CTX;
+
+typedef struct x509_file_st {
+ int num_paths; /* number of paths to files or directories */
+ int num_alloced;
+ char **paths; /* the list of paths or directories */
+ int *path_type;
+} X509_CERT_FILE_CTX;
+
+/*******************************/
+/*-
+SSL_CTX -> X509_STORE
+ -> X509_LOOKUP
+ ->X509_LOOKUP_METHOD
+ -> X509_LOOKUP
+ ->X509_LOOKUP_METHOD
+
+SSL -> X509_STORE_CTX
+ ->X509_STORE
+
+The X509_STORE holds the tables etc for verification stuff.
+A X509_STORE_CTX is used while validating a single certificate.
+The X509_STORE has X509_LOOKUPs for looking up certs.
+The X509_STORE then calls a function to actually verify the
+certificate chain.
+*/
+
+# define X509_LU_RETRY -1
+# define X509_LU_FAIL 0
+# define X509_LU_X509 1
+# define X509_LU_CRL 2
+# define X509_LU_PKEY 3
+
+typedef struct x509_object_st {
+ /* one of the above types */
+ int type;
+ union {
+ char *ptr;
+ X509 *x509;
+ X509_CRL *crl;
+ EVP_PKEY *pkey;
+ } data;
+} X509_OBJECT;
+
+typedef struct x509_lookup_st X509_LOOKUP;
+
+DECLARE_STACK_OF(X509_LOOKUP)
+DECLARE_STACK_OF(X509_OBJECT)
+
+/* This is a static that defines the function interface */
+typedef struct x509_lookup_method_st {
+ const char *name;
+ int (*new_item) (X509_LOOKUP *ctx);
+ void (*free) (X509_LOOKUP *ctx);
+ int (*init) (X509_LOOKUP *ctx);
+ int (*shutdown) (X509_LOOKUP *ctx);
+ int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+ char **ret);
+ int (*get_by_subject) (X509_LOOKUP *ctx, int type, X509_NAME *name,
+ X509_OBJECT *ret);
+ int (*get_by_issuer_serial) (X509_LOOKUP *ctx, int type, X509_NAME *name,
+ ASN1_INTEGER *serial, X509_OBJECT *ret);
+ int (*get_by_fingerprint) (X509_LOOKUP *ctx, int type,
+ unsigned char *bytes, int len,
+ X509_OBJECT *ret);
+ int (*get_by_alias) (X509_LOOKUP *ctx, int type, char *str, int len,
+ X509_OBJECT *ret);
+} X509_LOOKUP_METHOD;
+
+/*
+ * This structure hold all parameters associated with a verify operation by
+ * including an X509_VERIFY_PARAM structure in related structures the
+ * parameters used can be customized
+ */
+
+typedef struct X509_VERIFY_PARAM_st {
+ char *name;
+ time_t check_time; /* Time to use */
+ unsigned long inh_flags; /* Inheritance flags */
+ unsigned long flags; /* Various verify flags */
+ int purpose; /* purpose to check untrusted certificates */
+ int trust; /* trust setting to check */
+ int depth; /* Verify depth */
+ STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
+} X509_VERIFY_PARAM;
+
+DECLARE_STACK_OF(X509_VERIFY_PARAM)
+
+/*
+ * This is used to hold everything. It is used for all certificate
+ * validation. Once we have a certificate chain, the 'verify' function is
+ * then called to actually check the cert chain.
+ */
+struct x509_store_st {
+ /* The following is a cache of trusted certs */
+ int cache; /* if true, stash any hits */
+ STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
+ /* These are external lookup methods */
+ STACK_OF(X509_LOOKUP) *get_cert_methods;
+ X509_VERIFY_PARAM *param;
+ /* Callbacks for various operations */
+ /* called to verify a certificate */
+ int (*verify) (X509_STORE_CTX *ctx);
+ /* error callback */
+ int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+ /* get issuers cert from ctx */
+ int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+ /* check issued */
+ int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+ /* Check revocation status of chain */
+ int (*check_revocation) (X509_STORE_CTX *ctx);
+ /* retrieve CRL */
+ int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+ /* Check CRL validity */
+ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+ /* Check certificate against CRL */
+ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+ int (*cleanup) (X509_STORE_CTX *ctx);
+ CRYPTO_EX_DATA ex_data;
+ int references;
+} /* X509_STORE */ ;
+
+int X509_STORE_set_depth(X509_STORE *store, int depth);
+
+# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
+# define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
+
+/* This is the functions plus an instance of the local variables. */
+struct x509_lookup_st {
+ int init; /* have we been started */
+ int skip; /* don't use us. */
+ X509_LOOKUP_METHOD *method; /* the functions */
+ char *method_data; /* method data */
+ X509_STORE *store_ctx; /* who owns us */
+} /* X509_LOOKUP */ ;
+
+/*
+ * This is a used when verifying cert chains. Since the gathering of the
+ * cert chain can take some time (and have to be 'retried', this needs to be
+ * kept and passed around.
+ */
+struct x509_store_ctx_st { /* X509_STORE_CTX */
+ X509_STORE *ctx;
+ /* used when looking up certs */
+ int current_method;
+ /* The following are set by the caller */
+ /* The cert to check */
+ X509 *cert;
+ /* chain of X509s - untrusted - passed in */
+ STACK_OF(X509) *untrusted;
+ /* set of CRLs passed in */
+ STACK_OF(X509_CRL) *crls;
+ X509_VERIFY_PARAM *param;
+ /* Other info for use with get_issuer() */
+ void *other_ctx;
+ /* Callbacks for various operations */
+ /* called to verify a certificate */
+ int (*verify) (X509_STORE_CTX *ctx);
+ /* error callback */
+ int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+ /* get issuers cert from ctx */
+ int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+ /* check issued */
+ int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+ /* Check revocation status of chain */
+ int (*check_revocation) (X509_STORE_CTX *ctx);
+ /* retrieve CRL */
+ int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+ /* Check CRL validity */
+ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+ /* Check certificate against CRL */
+ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+ int (*check_policy) (X509_STORE_CTX *ctx);
+ int (*cleanup) (X509_STORE_CTX *ctx);
+ /* The following is built up */
+ /* if 0, rebuild chain */
+ int valid;
+ /* index of last untrusted cert */
+ int last_untrusted;
+ /* chain of X509s - built up and trusted */
+ STACK_OF(X509) *chain;
+ /* Valid policy tree */
+ X509_POLICY_TREE *tree;
+ /* Require explicit policy value */
+ int explicit_policy;
+ /* When something goes wrong, this is why */
+ int error_depth;
+ int error;
+ X509 *current_cert;
+ /* cert currently being tested as valid issuer */
+ X509 *current_issuer;
+ /* current CRL */
+ X509_CRL *current_crl;
+ CRYPTO_EX_DATA ex_data;
+} /* X509_STORE_CTX */ ;
+
+void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
+
+# define X509_STORE_CTX_set_app_data(ctx,data) \
+ X509_STORE_CTX_set_ex_data(ctx,0,data)
+# define X509_STORE_CTX_get_app_data(ctx) \
+ X509_STORE_CTX_get_ex_data(ctx,0)
+
+# define X509_L_FILE_LOAD 1
+# define X509_L_ADD_DIR 2
+
+# define X509_LOOKUP_load_file(x,name,type) \
+ X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
+
+# define X509_LOOKUP_add_dir(x,name,type) \
+ X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
+
+# define X509_V_OK 0
+/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
+
+# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
+# define X509_V_ERR_UNABLE_TO_GET_CRL 3
+# define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
+# define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
+# define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
+# define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
+# define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
+# define X509_V_ERR_CERT_NOT_YET_VALID 9
+# define X509_V_ERR_CERT_HAS_EXPIRED 10
+# define X509_V_ERR_CRL_NOT_YET_VALID 11
+# define X509_V_ERR_CRL_HAS_EXPIRED 12
+# define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
+# define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
+# define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
+# define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
+# define X509_V_ERR_OUT_OF_MEM 17
+# define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
+# define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
+# define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
+# define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
+# define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
+# define X509_V_ERR_CERT_REVOKED 23
+# define X509_V_ERR_INVALID_CA 24
+# define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
+# define X509_V_ERR_INVALID_PURPOSE 26
+# define X509_V_ERR_CERT_UNTRUSTED 27
+# define X509_V_ERR_CERT_REJECTED 28
+/* These are 'informational' when looking for issuer cert */
+# define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
+# define X509_V_ERR_AKID_SKID_MISMATCH 30
+# define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
+# define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
+
+# define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
+# define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
+# define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
+# define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
+# define X509_V_ERR_INVALID_NON_CA 37
+# define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
+# define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
+# define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
+
+# define X509_V_ERR_INVALID_EXTENSION 41
+# define X509_V_ERR_INVALID_POLICY_EXTENSION 42
+# define X509_V_ERR_NO_EXPLICIT_POLICY 43
+
+# define X509_V_ERR_UNNESTED_RESOURCE 44
+
+/* The application is not happy */
+# define X509_V_ERR_APPLICATION_VERIFICATION 50
+
+/* Certificate verify flags */
+
+/* Send issuer+subject checks to verify_cb */
+# define X509_V_FLAG_CB_ISSUER_CHECK 0x1
+/* Use check time instead of current time */
+# define X509_V_FLAG_USE_CHECK_TIME 0x2
+/* Lookup CRLs */
+# define X509_V_FLAG_CRL_CHECK 0x4
+/* Lookup CRLs for whole chain */
+# define X509_V_FLAG_CRL_CHECK_ALL 0x8
+/* Ignore unhandled critical extensions */
+# define X509_V_FLAG_IGNORE_CRITICAL 0x10
+/* Disable workarounds for broken certificates */
+# define X509_V_FLAG_X509_STRICT 0x20
+/* Enable proxy certificate validation */
+# define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40
+/* Enable policy checking */
+# define X509_V_FLAG_POLICY_CHECK 0x80
+/* Policy variable require-explicit-policy */
+# define X509_V_FLAG_EXPLICIT_POLICY 0x100
+/* Policy variable inhibit-any-policy */
+# define X509_V_FLAG_INHIBIT_ANY 0x200
+/* Policy variable inhibit-policy-mapping */
+# define X509_V_FLAG_INHIBIT_MAP 0x400
+/* Notify callback that policy is OK */
+# define X509_V_FLAG_NOTIFY_POLICY 0x800
+
+/* Check selfsigned CA signature */
+# define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
+
+# define X509_VP_FLAG_DEFAULT 0x1
+# define X509_VP_FLAG_OVERWRITE 0x2
+# define X509_VP_FLAG_RESET_FLAGS 0x4
+# define X509_VP_FLAG_LOCKED 0x8
+# define X509_VP_FLAG_ONCE 0x10
+
+/* Internal use: mask of policy related options */
+# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
+ | X509_V_FLAG_EXPLICIT_POLICY \
+ | X509_V_FLAG_INHIBIT_ANY \
+ | X509_V_FLAG_INHIBIT_MAP)
+
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+ X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+ int type, X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
+ X509_OBJECT *x);
+void X509_OBJECT_up_ref_count(X509_OBJECT *a);
+void X509_OBJECT_free_contents(X509_OBJECT *a);
+X509_STORE *X509_STORE_new(void);
+void X509_STORE_free(X509_STORE *v);
+
+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
+int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+
+X509_STORE_CTX *X509_STORE_CTX_new(void);
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+ X509 *x509, STACK_OF(X509) *chain);
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+
+int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
+ X509_OBJECT *ret);
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+ long argl, char **ret);
+
+# ifndef OPENSSL_NO_STDIO
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+# endif
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+void X509_LOOKUP_free(X509_LOOKUP *ctx);
+int X509_LOOKUP_init(X509_LOOKUP *ctx);
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+ X509_OBJECT *ret);
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+ ASN1_INTEGER *serial, X509_OBJECT *ret);
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
+ unsigned char *bytes, int len,
+ X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
+ X509_OBJECT *ret);
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+
+# ifndef OPENSSL_NO_STDIO
+int X509_STORE_load_locations(X509_STORE *ctx,
+ const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *ctx);
+# endif
+
+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data);
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
+void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk);
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+ int purpose, int trust);
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+ time_t t);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+ int (*verify_cb) (int, X509_STORE_CTX *));
+
+X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+
+/* X509_VERIFY_PARAM functions */
+
+X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
+void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
+ const X509_VERIFY_PARAM *from);
+int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
+ const X509_VERIFY_PARAM *from);
+int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
+ unsigned long flags);
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+ unsigned long flags);
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
+void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+ ASN1_OBJECT *policy);
+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+ STACK_OF(ASN1_OBJECT) *policies);
+int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
+void X509_VERIFY_PARAM_table_cleanup(void);
+
+int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+ STACK_OF(X509) *certs,
+ STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags);
+
+void X509_policy_tree_free(X509_POLICY_TREE *tree);
+
+int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
+ int i);
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
+ X509_POLICY_TREE
+ *tree);
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
+ X509_POLICY_TREE
+ *tree);
+
+int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
+
+X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level,
+ int i);
+
+const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
+
+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
+ X509_POLICY_NODE
+ *node);
+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
+ *node);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vpm.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509_vpm.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vpm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,434 +0,0 @@
-/* x509_vpm.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-
-#include "cryptlib.h"
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-/* X509_VERIFY_PARAM functions */
-
-static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
- {
- if (!param)
- return;
- param->name = NULL;
- param->purpose = 0;
- param->trust = 0;
- param->inh_flags = 0;
- param->flags = 0;
- param->depth = -1;
- if (param->policies)
- {
- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
- param->policies = NULL;
- }
- }
-
-X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
- {
- X509_VERIFY_PARAM *param;
- param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
- memset(param, 0, sizeof(X509_VERIFY_PARAM));
- x509_verify_param_zero(param);
- return param;
- }
-
-void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
- {
- x509_verify_param_zero(param);
- OPENSSL_free(param);
- }
-
-/* This function determines how parameters are "inherited" from one structure
- * to another. There are several different ways this can happen.
- *
- * 1. If a child structure needs to have its values initialized from a parent
- * they are simply copied across. For example SSL_CTX copied to SSL.
- * 2. If the structure should take on values only if they are currently unset.
- * For example the values in an SSL structure will take appropriate value
- * for SSL servers or clients but only if the application has not set new
- * ones.
- *
- * The "inh_flags" field determines how this function behaves.
- *
- * Normally any values which are set in the default are not copied from the
- * destination and verify flags are ORed together.
- *
- * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
- * to the destination. Effectively the values in "to" become default values
- * which will be used only if nothing new is set in "from".
- *
- * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
- * they are set or not. Flags is still Ored though.
- *
- * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
- * of ORed.
- *
- * If X509_VP_FLAG_LOCKED is set then no values are copied.
- *
- * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
- * after the next call.
- */
-
-/* Macro to test if a field should be copied from src to dest */
-
-#define test_x509_verify_param_copy(field, def) \
- (to_overwrite || \
- ((src->field != def) && (to_default || (dest->field == def))))
-
-/* Macro to test and copy a field if necessary */
-
-#define x509_verify_param_copy(field, def) \
- if (test_x509_verify_param_copy(field, def)) \
- dest->field = src->field
-
-
-int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
- const X509_VERIFY_PARAM *src)
- {
- unsigned long inh_flags;
- int to_default, to_overwrite;
- if (!src)
- return 1;
- inh_flags = dest->inh_flags | src->inh_flags;
-
- if (inh_flags & X509_VP_FLAG_ONCE)
- dest->inh_flags = 0;
-
- if (inh_flags & X509_VP_FLAG_LOCKED)
- return 1;
-
- if (inh_flags & X509_VP_FLAG_DEFAULT)
- to_default = 1;
- else
- to_default = 0;
-
- if (inh_flags & X509_VP_FLAG_OVERWRITE)
- to_overwrite = 1;
- else
- to_overwrite = 0;
-
- x509_verify_param_copy(purpose, 0);
- x509_verify_param_copy(trust, 0);
- x509_verify_param_copy(depth, -1);
-
- /* If overwrite or check time not set, copy across */
-
- if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME))
- {
- dest->check_time = src->check_time;
- dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
- /* Don't need to copy flag: that is done below */
- }
-
- if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
- dest->flags = 0;
-
- dest->flags |= src->flags;
-
- if (test_x509_verify_param_copy(policies, NULL))
- {
- if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
- return 0;
- }
-
- return 1;
- }
-
-int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
- const X509_VERIFY_PARAM *from)
- {
- unsigned long save_flags = to->inh_flags;
- int ret;
- to->inh_flags |= X509_VP_FLAG_DEFAULT;
- ret = X509_VERIFY_PARAM_inherit(to, from);
- to->inh_flags = save_flags;
- return ret;
- }
-
-int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
- {
- if (param->name)
- OPENSSL_free(param->name);
- param->name = BUF_strdup(name);
- if (param->name)
- return 1;
- return 0;
- }
-
-int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
- {
- param->flags |= flags;
- if (flags & X509_V_FLAG_POLICY_MASK)
- param->flags |= X509_V_FLAG_POLICY_CHECK;
- return 1;
- }
-
-int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags)
- {
- param->flags &= ~flags;
- return 1;
- }
-
-unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
- {
- return param->flags;
- }
-
-int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
- {
- return X509_PURPOSE_set(¶m->purpose, purpose);
- }
-
-int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
- {
- return X509_TRUST_set(¶m->trust, trust);
- }
-
-void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
- {
- param->depth = depth;
- }
-
-void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
- {
- param->check_time = t;
- param->flags |= X509_V_FLAG_USE_CHECK_TIME;
- }
-
-int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy)
- {
- if (!param->policies)
- {
- param->policies = sk_ASN1_OBJECT_new_null();
- if (!param->policies)
- return 0;
- }
- if (!sk_ASN1_OBJECT_push(param->policies, policy))
- return 0;
- return 1;
- }
-
-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
- STACK_OF(ASN1_OBJECT) *policies)
- {
- int i;
- ASN1_OBJECT *oid, *doid;
- if (!param)
- return 0;
- if (param->policies)
- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
-
- if (!policies)
- {
- param->policies = NULL;
- return 1;
- }
-
- param->policies = sk_ASN1_OBJECT_new_null();
- if (!param->policies)
- return 0;
-
- for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++)
- {
- oid = sk_ASN1_OBJECT_value(policies, i);
- doid = OBJ_dup(oid);
- if (!doid)
- return 0;
- if (!sk_ASN1_OBJECT_push(param->policies, doid))
- {
- ASN1_OBJECT_free(doid);
- return 0;
- }
- }
- param->flags |= X509_V_FLAG_POLICY_CHECK;
- return 1;
- }
-
-int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
- {
- return param->depth;
- }
-
-/* Default verify parameters: these are used for various
- * applications and can be overridden by the user specified table.
- * NB: the 'name' field *must* be in alphabetical order because it
- * will be searched using OBJ_search.
- */
-
-static const X509_VERIFY_PARAM default_table[] = {
- {
- "default", /* X509 default parameters */
- 0, /* Check time */
- 0, /* internal flags */
- 0, /* flags */
- 0, /* purpose */
- 0, /* trust */
- 100, /* depth */
- NULL /* policies */
- },
- {
- "pkcs7", /* S/MIME signing parameters */
- 0, /* Check time */
- 0, /* internal flags */
- 0, /* flags */
- X509_PURPOSE_SMIME_SIGN, /* purpose */
- X509_TRUST_EMAIL, /* trust */
- -1, /* depth */
- NULL /* policies */
- },
- {
- "smime_sign", /* S/MIME signing parameters */
- 0, /* Check time */
- 0, /* internal flags */
- 0, /* flags */
- X509_PURPOSE_SMIME_SIGN, /* purpose */
- X509_TRUST_EMAIL, /* trust */
- -1, /* depth */
- NULL /* policies */
- },
- {
- "ssl_client", /* SSL/TLS client parameters */
- 0, /* Check time */
- 0, /* internal flags */
- 0, /* flags */
- X509_PURPOSE_SSL_CLIENT, /* purpose */
- X509_TRUST_SSL_CLIENT, /* trust */
- -1, /* depth */
- NULL /* policies */
- },
- {
- "ssl_server", /* SSL/TLS server parameters */
- 0, /* Check time */
- 0, /* internal flags */
- 0, /* flags */
- X509_PURPOSE_SSL_SERVER, /* purpose */
- X509_TRUST_SSL_SERVER, /* trust */
- -1, /* depth */
- NULL /* policies */
- }};
-
-static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
-
-static int table_cmp(const void *pa, const void *pb)
- {
- const X509_VERIFY_PARAM *a = pa, *b = pb;
- return strcmp(a->name, b->name);
- }
-
-static int param_cmp(const X509_VERIFY_PARAM * const *a,
- const X509_VERIFY_PARAM * const *b)
- {
- return strcmp((*a)->name, (*b)->name);
- }
-
-int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
- {
- int idx;
- X509_VERIFY_PARAM *ptmp;
- if (!param_table)
- {
- param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
- if (!param_table)
- return 0;
- }
- else
- {
- idx = sk_X509_VERIFY_PARAM_find(param_table, param);
- if (idx != -1)
- {
- ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
- X509_VERIFY_PARAM_free(ptmp);
- (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
- }
- }
- if (!sk_X509_VERIFY_PARAM_push(param_table, param))
- return 0;
- return 1;
- }
-
-const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
- {
- int idx;
- X509_VERIFY_PARAM pm;
- pm.name = (char *)name;
- if (param_table)
- {
- idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
- if (idx != -1)
- return sk_X509_VERIFY_PARAM_value(param_table, idx);
- }
- return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm,
- (char *)&default_table,
- sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
- sizeof(X509_VERIFY_PARAM),
- table_cmp);
- }
-
-void X509_VERIFY_PARAM_table_cleanup(void)
- {
- if (param_table)
- sk_X509_VERIFY_PARAM_pop_free(param_table,
- X509_VERIFY_PARAM_free);
- param_table = NULL;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vpm.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509_vpm.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vpm.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509_vpm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,426 @@
+/* x509_vpm.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/* X509_VERIFY_PARAM functions */
+
+static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
+{
+ if (!param)
+ return;
+ param->name = NULL;
+ param->purpose = 0;
+ param->trust = 0;
+ param->inh_flags = 0;
+ param->flags = 0;
+ param->depth = -1;
+ if (param->policies) {
+ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+ param->policies = NULL;
+ }
+}
+
+X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
+{
+ X509_VERIFY_PARAM *param;
+ param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
+ memset(param, 0, sizeof(X509_VERIFY_PARAM));
+ x509_verify_param_zero(param);
+ return param;
+}
+
+void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
+{
+ x509_verify_param_zero(param);
+ OPENSSL_free(param);
+}
+
+/*-
+ * This function determines how parameters are "inherited" from one structure
+ * to another. There are several different ways this can happen.
+ *
+ * 1. If a child structure needs to have its values initialized from a parent
+ * they are simply copied across. For example SSL_CTX copied to SSL.
+ * 2. If the structure should take on values only if they are currently unset.
+ * For example the values in an SSL structure will take appropriate value
+ * for SSL servers or clients but only if the application has not set new
+ * ones.
+ *
+ * The "inh_flags" field determines how this function behaves.
+ *
+ * Normally any values which are set in the default are not copied from the
+ * destination and verify flags are ORed together.
+ *
+ * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
+ * to the destination. Effectively the values in "to" become default values
+ * which will be used only if nothing new is set in "from".
+ *
+ * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
+ * they are set or not. Flags is still Ored though.
+ *
+ * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
+ * of ORed.
+ *
+ * If X509_VP_FLAG_LOCKED is set then no values are copied.
+ *
+ * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
+ * after the next call.
+ */
+
+/* Macro to test if a field should be copied from src to dest */
+
+#define test_x509_verify_param_copy(field, def) \
+ (to_overwrite || \
+ ((src->field != def) && (to_default || (dest->field == def))))
+
+/* Macro to test and copy a field if necessary */
+
+#define x509_verify_param_copy(field, def) \
+ if (test_x509_verify_param_copy(field, def)) \
+ dest->field = src->field
+
+int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
+ const X509_VERIFY_PARAM *src)
+{
+ unsigned long inh_flags;
+ int to_default, to_overwrite;
+ if (!src)
+ return 1;
+ inh_flags = dest->inh_flags | src->inh_flags;
+
+ if (inh_flags & X509_VP_FLAG_ONCE)
+ dest->inh_flags = 0;
+
+ if (inh_flags & X509_VP_FLAG_LOCKED)
+ return 1;
+
+ if (inh_flags & X509_VP_FLAG_DEFAULT)
+ to_default = 1;
+ else
+ to_default = 0;
+
+ if (inh_flags & X509_VP_FLAG_OVERWRITE)
+ to_overwrite = 1;
+ else
+ to_overwrite = 0;
+
+ x509_verify_param_copy(purpose, 0);
+ x509_verify_param_copy(trust, 0);
+ x509_verify_param_copy(depth, -1);
+
+ /* If overwrite or check time not set, copy across */
+
+ if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
+ dest->check_time = src->check_time;
+ dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
+ /* Don't need to copy flag: that is done below */
+ }
+
+ if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
+ dest->flags = 0;
+
+ dest->flags |= src->flags;
+
+ if (test_x509_verify_param_copy(policies, NULL)) {
+ if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
+ return 0;
+ }
+
+ return 1;
+}
+
+int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
+ const X509_VERIFY_PARAM *from)
+{
+ unsigned long save_flags = to->inh_flags;
+ int ret;
+ to->inh_flags |= X509_VP_FLAG_DEFAULT;
+ ret = X509_VERIFY_PARAM_inherit(to, from);
+ to->inh_flags = save_flags;
+ return ret;
+}
+
+int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
+{
+ if (param->name)
+ OPENSSL_free(param->name);
+ param->name = BUF_strdup(name);
+ if (param->name)
+ return 1;
+ return 0;
+}
+
+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
+{
+ param->flags |= flags;
+ if (flags & X509_V_FLAG_POLICY_MASK)
+ param->flags |= X509_V_FLAG_POLICY_CHECK;
+ return 1;
+}
+
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+ unsigned long flags)
+{
+ param->flags &= ~flags;
+ return 1;
+}
+
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
+{
+ return param->flags;
+}
+
+int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
+{
+ return X509_PURPOSE_set(¶m->purpose, purpose);
+}
+
+int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
+{
+ return X509_TRUST_set(¶m->trust, trust);
+}
+
+void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
+{
+ param->depth = depth;
+}
+
+void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
+{
+ param->check_time = t;
+ param->flags |= X509_V_FLAG_USE_CHECK_TIME;
+}
+
+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+ ASN1_OBJECT *policy)
+{
+ if (!param->policies) {
+ param->policies = sk_ASN1_OBJECT_new_null();
+ if (!param->policies)
+ return 0;
+ }
+ if (!sk_ASN1_OBJECT_push(param->policies, policy))
+ return 0;
+ return 1;
+}
+
+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+ STACK_OF(ASN1_OBJECT) *policies)
+{
+ int i;
+ ASN1_OBJECT *oid, *doid;
+ if (!param)
+ return 0;
+ if (param->policies)
+ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+
+ if (!policies) {
+ param->policies = NULL;
+ return 1;
+ }
+
+ param->policies = sk_ASN1_OBJECT_new_null();
+ if (!param->policies)
+ return 0;
+
+ for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
+ oid = sk_ASN1_OBJECT_value(policies, i);
+ doid = OBJ_dup(oid);
+ if (!doid)
+ return 0;
+ if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
+ ASN1_OBJECT_free(doid);
+ return 0;
+ }
+ }
+ param->flags |= X509_V_FLAG_POLICY_CHECK;
+ return 1;
+}
+
+int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
+{
+ return param->depth;
+}
+
+/*
+ * Default verify parameters: these are used for various applications and can
+ * be overridden by the user specified table. NB: the 'name' field *must* be
+ * in alphabetical order because it will be searched using OBJ_search.
+ */
+
+static const X509_VERIFY_PARAM default_table[] = {
+ {
+ "default", /* X509 default parameters */
+ 0, /* Check time */
+ 0, /* internal flags */
+ 0, /* flags */
+ 0, /* purpose */
+ 0, /* trust */
+ 100, /* depth */
+ NULL /* policies */
+ },
+ {
+ "pkcs7", /* S/MIME signing parameters */
+ 0, /* Check time */
+ 0, /* internal flags */
+ 0, /* flags */
+ X509_PURPOSE_SMIME_SIGN, /* purpose */
+ X509_TRUST_EMAIL, /* trust */
+ -1, /* depth */
+ NULL /* policies */
+ },
+ {
+ "smime_sign", /* S/MIME signing parameters */
+ 0, /* Check time */
+ 0, /* internal flags */
+ 0, /* flags */
+ X509_PURPOSE_SMIME_SIGN, /* purpose */
+ X509_TRUST_EMAIL, /* trust */
+ -1, /* depth */
+ NULL /* policies */
+ },
+ {
+ "ssl_client", /* SSL/TLS client parameters */
+ 0, /* Check time */
+ 0, /* internal flags */
+ 0, /* flags */
+ X509_PURPOSE_SSL_CLIENT, /* purpose */
+ X509_TRUST_SSL_CLIENT, /* trust */
+ -1, /* depth */
+ NULL /* policies */
+ },
+ {
+ "ssl_server", /* SSL/TLS server parameters */
+ 0, /* Check time */
+ 0, /* internal flags */
+ 0, /* flags */
+ X509_PURPOSE_SSL_SERVER, /* purpose */
+ X509_TRUST_SSL_SERVER, /* trust */
+ -1, /* depth */
+ NULL /* policies */
+ }
+};
+
+static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
+
+static int table_cmp(const void *pa, const void *pb)
+{
+ const X509_VERIFY_PARAM *a = pa, *b = pb;
+ return strcmp(a->name, b->name);
+}
+
+static int param_cmp(const X509_VERIFY_PARAM *const *a,
+ const X509_VERIFY_PARAM *const *b)
+{
+ return strcmp((*a)->name, (*b)->name);
+}
+
+int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
+{
+ int idx;
+ X509_VERIFY_PARAM *ptmp;
+ if (!param_table) {
+ param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
+ if (!param_table)
+ return 0;
+ } else {
+ idx = sk_X509_VERIFY_PARAM_find(param_table, param);
+ if (idx != -1) {
+ ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
+ X509_VERIFY_PARAM_free(ptmp);
+ (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
+ }
+ }
+ if (!sk_X509_VERIFY_PARAM_push(param_table, param))
+ return 0;
+ return 1;
+}
+
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
+{
+ int idx;
+ X509_VERIFY_PARAM pm;
+ pm.name = (char *)name;
+ if (param_table) {
+ idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
+ if (idx != -1)
+ return sk_X509_VERIFY_PARAM_value(param_table, idx);
+ }
+ return (const X509_VERIFY_PARAM *)OBJ_bsearch((char *)&pm,
+ (char *)&default_table,
+ sizeof(default_table) /
+ sizeof(X509_VERIFY_PARAM),
+ sizeof(X509_VERIFY_PARAM),
+ table_cmp);
+}
+
+void X509_VERIFY_PARAM_table_cleanup(void)
+{
+ if (param_table)
+ sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
+ param_table = NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509cset.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509cset.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509cset.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,170 +0,0 @@
-/* crypto/x509/x509cset.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_CRL_set_version(X509_CRL *x, long version)
- {
- if (x == NULL) return(0);
- if (x->crl->version == NULL)
- {
- if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
- return(0);
- }
- return(ASN1_INTEGER_set(x->crl->version,version));
- }
-
-int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
- {
- if ((x == NULL) || (x->crl == NULL)) return(0);
- return(X509_NAME_set(&x->crl->issuer,name));
- }
-
-
-int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
- {
- ASN1_TIME *in;
-
- if (x == NULL) return(0);
- in=x->crl->lastUpdate;
- if (in != tm)
- {
- in=M_ASN1_TIME_dup(tm);
- if (in != NULL)
- {
- M_ASN1_TIME_free(x->crl->lastUpdate);
- x->crl->lastUpdate=in;
- }
- }
- return(in != NULL);
- }
-
-int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
- {
- ASN1_TIME *in;
-
- if (x == NULL) return(0);
- in=x->crl->nextUpdate;
- if (in != tm)
- {
- in=M_ASN1_TIME_dup(tm);
- if (in != NULL)
- {
- M_ASN1_TIME_free(x->crl->nextUpdate);
- x->crl->nextUpdate=in;
- }
- }
- return(in != NULL);
- }
-
-int X509_CRL_sort(X509_CRL *c)
- {
- int i;
- X509_REVOKED *r;
- /* sort the data so it will be written in serial
- * number order */
- sk_X509_REVOKED_sort(c->crl->revoked);
- for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
- {
- r=sk_X509_REVOKED_value(c->crl->revoked,i);
- r->sequence=i;
- }
- c->crl->enc.modified = 1;
- return 1;
- }
-
-int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
- {
- ASN1_TIME *in;
-
- if (x == NULL) return(0);
- in=x->revocationDate;
- if (in != tm)
- {
- in=M_ASN1_TIME_dup(tm);
- if (in != NULL)
- {
- M_ASN1_TIME_free(x->revocationDate);
- x->revocationDate=in;
- }
- }
- return(in != NULL);
- }
-
-int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
- {
- ASN1_INTEGER *in;
-
- if (x == NULL) return(0);
- in=x->serialNumber;
- if (in != serial)
- {
- in=M_ASN1_INTEGER_dup(serial);
- if (in != NULL)
- {
- M_ASN1_INTEGER_free(x->serialNumber);
- x->serialNumber=in;
- }
- }
- return(in != NULL);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509cset.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509cset.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509cset.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509cset.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,167 @@
+/* crypto/x509/x509cset.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_CRL_set_version(X509_CRL *x, long version)
+{
+ if (x == NULL)
+ return (0);
+ if (x->crl->version == NULL) {
+ if ((x->crl->version = M_ASN1_INTEGER_new()) == NULL)
+ return (0);
+ }
+ return (ASN1_INTEGER_set(x->crl->version, version));
+}
+
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
+{
+ if ((x == NULL) || (x->crl == NULL))
+ return (0);
+ return (X509_NAME_set(&x->crl->issuer, name));
+}
+
+int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
+{
+ ASN1_TIME *in;
+
+ if (x == NULL)
+ return (0);
+ in = x->crl->lastUpdate;
+ if (in != tm) {
+ in = M_ASN1_TIME_dup(tm);
+ if (in != NULL) {
+ M_ASN1_TIME_free(x->crl->lastUpdate);
+ x->crl->lastUpdate = in;
+ }
+ }
+ return (in != NULL);
+}
+
+int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
+{
+ ASN1_TIME *in;
+
+ if (x == NULL)
+ return (0);
+ in = x->crl->nextUpdate;
+ if (in != tm) {
+ in = M_ASN1_TIME_dup(tm);
+ if (in != NULL) {
+ M_ASN1_TIME_free(x->crl->nextUpdate);
+ x->crl->nextUpdate = in;
+ }
+ }
+ return (in != NULL);
+}
+
+int X509_CRL_sort(X509_CRL *c)
+{
+ int i;
+ X509_REVOKED *r;
+ /*
+ * sort the data so it will be written in serial number order
+ */
+ sk_X509_REVOKED_sort(c->crl->revoked);
+ for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) {
+ r = sk_X509_REVOKED_value(c->crl->revoked, i);
+ r->sequence = i;
+ }
+ c->crl->enc.modified = 1;
+ return 1;
+}
+
+int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
+{
+ ASN1_TIME *in;
+
+ if (x == NULL)
+ return (0);
+ in = x->revocationDate;
+ if (in != tm) {
+ in = M_ASN1_TIME_dup(tm);
+ if (in != NULL) {
+ M_ASN1_TIME_free(x->revocationDate);
+ x->revocationDate = in;
+ }
+ }
+ return (in != NULL);
+}
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
+{
+ ASN1_INTEGER *in;
+
+ if (x == NULL)
+ return (0);
+ in = x->serialNumber;
+ if (in != serial) {
+ in = M_ASN1_INTEGER_dup(serial);
+ if (in != NULL) {
+ M_ASN1_INTEGER_free(x->serialNumber);
+ x->serialNumber = in;
+ }
+ }
+ return (in != NULL);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509name.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509name.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509name.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,383 +0,0 @@
-/* crypto/x509/x509name.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
- {
- ASN1_OBJECT *obj;
-
- obj=OBJ_nid2obj(nid);
- if (obj == NULL) return(-1);
- return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
- }
-
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
- int len)
- {
- int i;
- ASN1_STRING *data;
-
- i=X509_NAME_get_index_by_OBJ(name,obj,-1);
- if (i < 0) return(-1);
- data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
- i=(data->length > (len-1))?(len-1):data->length;
- if (buf == NULL) return(data->length);
- memcpy(buf,data->data,i);
- buf[i]='\0';
- return(i);
- }
-
-int X509_NAME_entry_count(X509_NAME *name)
- {
- if (name == NULL) return(0);
- return(sk_X509_NAME_ENTRY_num(name->entries));
- }
-
-int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
- {
- ASN1_OBJECT *obj;
-
- obj=OBJ_nid2obj(nid);
- if (obj == NULL) return(-2);
- return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
- }
-
-/* NOTE: you should be passsing -1, not 0 as lastpos */
-int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
- int lastpos)
- {
- int n;
- X509_NAME_ENTRY *ne;
- STACK_OF(X509_NAME_ENTRY) *sk;
-
- if (name == NULL) return(-1);
- if (lastpos < 0)
- lastpos= -1;
- sk=name->entries;
- n=sk_X509_NAME_ENTRY_num(sk);
- for (lastpos++; lastpos < n; lastpos++)
- {
- ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
- if (OBJ_cmp(ne->object,obj) == 0)
- return(lastpos);
- }
- return(-1);
- }
-
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
- {
- if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
- || loc < 0)
- return(NULL);
- else
- return(sk_X509_NAME_ENTRY_value(name->entries,loc));
- }
-
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
- {
- X509_NAME_ENTRY *ret;
- int i,n,set_prev,set_next;
- STACK_OF(X509_NAME_ENTRY) *sk;
-
- if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
- || loc < 0)
- return(NULL);
- sk=name->entries;
- ret=sk_X509_NAME_ENTRY_delete(sk,loc);
- n=sk_X509_NAME_ENTRY_num(sk);
- name->modified=1;
- if (loc == n) return(ret);
-
- /* else we need to fixup the set field */
- if (loc != 0)
- set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
- else
- set_prev=ret->set-1;
- set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
-
- /* set_prev is the previous set
- * set is the current set
- * set_next is the following
- * prev 1 1 1 1 1 1 1 1
- * set 1 1 2 2
- * next 1 1 2 2 2 2 3 2
- * so basically only if prev and next differ by 2, then
- * re-number down by 1 */
- if (set_prev+1 < set_next)
- for (i=loc; i<n; i++)
- sk_X509_NAME_ENTRY_value(sk,i)->set--;
- return(ret);
- }
-
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
- unsigned char *bytes, int len, int loc, int set)
-{
- X509_NAME_ENTRY *ne;
- int ret;
- ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
- if(!ne) return 0;
- ret = X509_NAME_add_entry(name, ne, loc, set);
- X509_NAME_ENTRY_free(ne);
- return ret;
-}
-
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
- unsigned char *bytes, int len, int loc, int set)
-{
- X509_NAME_ENTRY *ne;
- int ret;
- ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
- if(!ne) return 0;
- ret = X509_NAME_add_entry(name, ne, loc, set);
- X509_NAME_ENTRY_free(ne);
- return ret;
-}
-
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
- const unsigned char *bytes, int len, int loc, int set)
-{
- X509_NAME_ENTRY *ne;
- int ret;
- ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
- if(!ne) return 0;
- ret = X509_NAME_add_entry(name, ne, loc, set);
- X509_NAME_ENTRY_free(ne);
- return ret;
-}
-
-/* if set is -1, append to previous set, 0 'a new one', and 1,
- * prepend to the guy we are about to stomp on. */
-int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
- int set)
- {
- X509_NAME_ENTRY *new_name=NULL;
- int n,i,inc;
- STACK_OF(X509_NAME_ENTRY) *sk;
-
- if (name == NULL) return(0);
- sk=name->entries;
- n=sk_X509_NAME_ENTRY_num(sk);
- if (loc > n) loc=n;
- else if (loc < 0) loc=n;
-
- name->modified=1;
-
- if (set == -1)
- {
- if (loc == 0)
- {
- set=0;
- inc=1;
- }
- else
- {
- set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
- inc=0;
- }
- }
- else /* if (set >= 0) */
- {
- if (loc >= n)
- {
- if (loc != 0)
- set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
- else
- set=0;
- }
- else
- set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
- inc=(set == 0)?1:0;
- }
-
- if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
- goto err;
- new_name->set=set;
- if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
- {
- X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (inc)
- {
- n=sk_X509_NAME_ENTRY_num(sk);
- for (i=loc+1; i<n; i++)
- sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
- }
- return(1);
-err:
- if (new_name != NULL)
- X509_NAME_ENTRY_free(new_name);
- return(0);
- }
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
- const char *field, int type, const unsigned char *bytes, int len)
- {
- ASN1_OBJECT *obj;
- X509_NAME_ENTRY *nentry;
-
- obj=OBJ_txt2obj(field, 0);
- if (obj == NULL)
- {
- X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
- X509_R_INVALID_FIELD_NAME);
- ERR_add_error_data(2, "name=", field);
- return(NULL);
- }
- nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
- ASN1_OBJECT_free(obj);
- return nentry;
- }
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
- int type, unsigned char *bytes, int len)
- {
- ASN1_OBJECT *obj;
- X509_NAME_ENTRY *nentry;
-
- obj=OBJ_nid2obj(nid);
- if (obj == NULL)
- {
- X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
- return(NULL);
- }
- nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
- ASN1_OBJECT_free(obj);
- return nentry;
- }
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
- ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len)
- {
- X509_NAME_ENTRY *ret;
-
- if ((ne == NULL) || (*ne == NULL))
- {
- if ((ret=X509_NAME_ENTRY_new()) == NULL)
- return(NULL);
- }
- else
- ret= *ne;
-
- if (!X509_NAME_ENTRY_set_object(ret,obj))
- goto err;
- if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
- goto err;
-
- if ((ne != NULL) && (*ne == NULL)) *ne=ret;
- return(ret);
-err:
- if ((ne == NULL) || (ret != *ne))
- X509_NAME_ENTRY_free(ret);
- return(NULL);
- }
-
-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
- {
- if ((ne == NULL) || (obj == NULL))
- {
- X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- ASN1_OBJECT_free(ne->object);
- ne->object=OBJ_dup(obj);
- return((ne->object == NULL)?0:1);
- }
-
-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
- const unsigned char *bytes, int len)
- {
- int i;
-
- if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
- if((type > 0) && (type & MBSTRING_FLAG))
- return ASN1_STRING_set_by_NID(&ne->value, bytes,
- len, type,
- OBJ_obj2nid(ne->object)) ? 1 : 0;
- if (len < 0) len=strlen((char *)bytes);
- i=ASN1_STRING_set(ne->value,bytes,len);
- if (!i) return(0);
- if (type != V_ASN1_UNDEF)
- {
- if (type == V_ASN1_APP_CHOOSE)
- ne->value->type=ASN1_PRINTABLE_type(bytes,len);
- else
- ne->value->type=type;
- }
- return(1);
- }
-
-ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
- {
- if (ne == NULL) return(NULL);
- return(ne->object);
- }
-
-ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
- {
- if (ne == NULL) return(NULL);
- return(ne->value);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509name.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509name.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509name.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509name.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,397 @@
+/* crypto/x509/x509name.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
+{
+ ASN1_OBJECT *obj;
+
+ obj = OBJ_nid2obj(nid);
+ if (obj == NULL)
+ return (-1);
+ return (X509_NAME_get_text_by_OBJ(name, obj, buf, len));
+}
+
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
+ int len)
+{
+ int i;
+ ASN1_STRING *data;
+
+ i = X509_NAME_get_index_by_OBJ(name, obj, -1);
+ if (i < 0)
+ return (-1);
+ data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
+ i = (data->length > (len - 1)) ? (len - 1) : data->length;
+ if (buf == NULL)
+ return (data->length);
+ memcpy(buf, data->data, i);
+ buf[i] = '\0';
+ return (i);
+}
+
+int X509_NAME_entry_count(X509_NAME *name)
+{
+ if (name == NULL)
+ return (0);
+ return (sk_X509_NAME_ENTRY_num(name->entries));
+}
+
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
+{
+ ASN1_OBJECT *obj;
+
+ obj = OBJ_nid2obj(nid);
+ if (obj == NULL)
+ return (-2);
+ return (X509_NAME_get_index_by_OBJ(name, obj, lastpos));
+}
+
+/* NOTE: you should be passsing -1, not 0 as lastpos */
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos)
+{
+ int n;
+ X509_NAME_ENTRY *ne;
+ STACK_OF(X509_NAME_ENTRY) *sk;
+
+ if (name == NULL)
+ return (-1);
+ if (lastpos < 0)
+ lastpos = -1;
+ sk = name->entries;
+ n = sk_X509_NAME_ENTRY_num(sk);
+ for (lastpos++; lastpos < n; lastpos++) {
+ ne = sk_X509_NAME_ENTRY_value(sk, lastpos);
+ if (OBJ_cmp(ne->object, obj) == 0)
+ return (lastpos);
+ }
+ return (-1);
+}
+
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
+{
+ if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+ || loc < 0)
+ return (NULL);
+ else
+ return (sk_X509_NAME_ENTRY_value(name->entries, loc));
+}
+
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
+{
+ X509_NAME_ENTRY *ret;
+ int i, n, set_prev, set_next;
+ STACK_OF(X509_NAME_ENTRY) *sk;
+
+ if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+ || loc < 0)
+ return (NULL);
+ sk = name->entries;
+ ret = sk_X509_NAME_ENTRY_delete(sk, loc);
+ n = sk_X509_NAME_ENTRY_num(sk);
+ name->modified = 1;
+ if (loc == n)
+ return (ret);
+
+ /* else we need to fixup the set field */
+ if (loc != 0)
+ set_prev = (sk_X509_NAME_ENTRY_value(sk, loc - 1))->set;
+ else
+ set_prev = ret->set - 1;
+ set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set;
+
+ /*-
+ * set_prev is the previous set
+ * set is the current set
+ * set_next is the following
+ * prev 1 1 1 1 1 1 1 1
+ * set 1 1 2 2
+ * next 1 1 2 2 2 2 3 2
+ * so basically only if prev and next differ by 2, then
+ * re-number down by 1
+ */
+ if (set_prev + 1 < set_next)
+ for (i = loc; i < n; i++)
+ sk_X509_NAME_ENTRY_value(sk, i)->set--;
+ return (ret);
+}
+
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
+ unsigned char *bytes, int len, int loc,
+ int set)
+{
+ X509_NAME_ENTRY *ne;
+ int ret;
+ ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
+ if (!ne)
+ return 0;
+ ret = X509_NAME_add_entry(name, ne, loc, set);
+ X509_NAME_ENTRY_free(ne);
+ return ret;
+}
+
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+ unsigned char *bytes, int len, int loc,
+ int set)
+{
+ X509_NAME_ENTRY *ne;
+ int ret;
+ ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
+ if (!ne)
+ return 0;
+ ret = X509_NAME_add_entry(name, ne, loc, set);
+ X509_NAME_ENTRY_free(ne);
+ return ret;
+}
+
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+ const unsigned char *bytes, int len, int loc,
+ int set)
+{
+ X509_NAME_ENTRY *ne;
+ int ret;
+ ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
+ if (!ne)
+ return 0;
+ ret = X509_NAME_add_entry(name, ne, loc, set);
+ X509_NAME_ENTRY_free(ne);
+ return ret;
+}
+
+/*
+ * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the
+ * guy we are about to stomp on.
+ */
+int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
+ int set)
+{
+ X509_NAME_ENTRY *new_name = NULL;
+ int n, i, inc;
+ STACK_OF(X509_NAME_ENTRY) *sk;
+
+ if (name == NULL)
+ return (0);
+ sk = name->entries;
+ n = sk_X509_NAME_ENTRY_num(sk);
+ if (loc > n)
+ loc = n;
+ else if (loc < 0)
+ loc = n;
+
+ name->modified = 1;
+
+ if (set == -1) {
+ if (loc == 0) {
+ set = 0;
+ inc = 1;
+ } else {
+ set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set;
+ inc = 0;
+ }
+ } else { /* if (set >= 0) */
+
+ if (loc >= n) {
+ if (loc != 0)
+ set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1;
+ else
+ set = 0;
+ } else
+ set = sk_X509_NAME_ENTRY_value(sk, loc)->set;
+ inc = (set == 0) ? 1 : 0;
+ }
+
+ if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL)
+ goto err;
+ new_name->set = set;
+ if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
+ X509err(X509_F_X509_NAME_ADD_ENTRY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (inc) {
+ n = sk_X509_NAME_ENTRY_num(sk);
+ for (i = loc + 1; i < n; i++)
+ sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1;
+ }
+ return (1);
+ err:
+ if (new_name != NULL)
+ X509_NAME_ENTRY_free(new_name);
+ return (0);
+}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+ const char *field, int type,
+ const unsigned char *bytes,
+ int len)
+{
+ ASN1_OBJECT *obj;
+ X509_NAME_ENTRY *nentry;
+
+ obj = OBJ_txt2obj(field, 0);
+ if (obj == NULL) {
+ X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
+ X509_R_INVALID_FIELD_NAME);
+ ERR_add_error_data(2, "name=", field);
+ return (NULL);
+ }
+ nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
+ ASN1_OBJECT_free(obj);
+ return nentry;
+}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+ int type, unsigned char *bytes,
+ int len)
+{
+ ASN1_OBJECT *obj;
+ X509_NAME_ENTRY *nentry;
+
+ obj = OBJ_nid2obj(nid);
+ if (obj == NULL) {
+ X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+ return (NULL);
+ }
+ nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
+ ASN1_OBJECT_free(obj);
+ return nentry;
+}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+ ASN1_OBJECT *obj, int type,
+ const unsigned char *bytes,
+ int len)
+{
+ X509_NAME_ENTRY *ret;
+
+ if ((ne == NULL) || (*ne == NULL)) {
+ if ((ret = X509_NAME_ENTRY_new()) == NULL)
+ return (NULL);
+ } else
+ ret = *ne;
+
+ if (!X509_NAME_ENTRY_set_object(ret, obj))
+ goto err;
+ if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len))
+ goto err;
+
+ if ((ne != NULL) && (*ne == NULL))
+ *ne = ret;
+ return (ret);
+ err:
+ if ((ne == NULL) || (ret != *ne))
+ X509_NAME_ENTRY_free(ret);
+ return (NULL);
+}
+
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
+{
+ if ((ne == NULL) || (obj == NULL)) {
+ X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ ASN1_OBJECT_free(ne->object);
+ ne->object = OBJ_dup(obj);
+ return ((ne->object == NULL) ? 0 : 1);
+}
+
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+ const unsigned char *bytes, int len)
+{
+ int i;
+
+ if ((ne == NULL) || ((bytes == NULL) && (len != 0)))
+ return (0);
+ if ((type > 0) && (type & MBSTRING_FLAG))
+ return ASN1_STRING_set_by_NID(&ne->value, bytes,
+ len, type,
+ OBJ_obj2nid(ne->object)) ? 1 : 0;
+ if (len < 0)
+ len = strlen((char *)bytes);
+ i = ASN1_STRING_set(ne->value, bytes, len);
+ if (!i)
+ return (0);
+ if (type != V_ASN1_UNDEF) {
+ if (type == V_ASN1_APP_CHOOSE)
+ ne->value->type = ASN1_PRINTABLE_type(bytes, len);
+ else
+ ne->value->type = type;
+ }
+ return (1);
+}
+
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
+{
+ if (ne == NULL)
+ return (NULL);
+ return (ne->object);
+}
+
+ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
+{
+ if (ne == NULL)
+ return (NULL);
+ return (ne->value);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509rset.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509rset.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509rset.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,83 +0,0 @@
-/* crypto/x509/x509rset.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-int X509_REQ_set_version(X509_REQ *x, long version)
- {
- if (x == NULL) return(0);
- return(ASN1_INTEGER_set(x->req_info->version,version));
- }
-
-int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
- {
- if ((x == NULL) || (x->req_info == NULL)) return(0);
- return(X509_NAME_set(&x->req_info->subject,name));
- }
-
-int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
- {
- if ((x == NULL) || (x->req_info == NULL)) return(0);
- return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509rset.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509rset.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509rset.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509rset.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,85 @@
+/* crypto/x509/x509rset.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_REQ_set_version(X509_REQ *x, long version)
+{
+ if (x == NULL)
+ return (0);
+ return (ASN1_INTEGER_set(x->req_info->version, version));
+}
+
+int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
+{
+ if ((x == NULL) || (x->req_info == NULL))
+ return (0);
+ return (X509_NAME_set(&x->req_info->subject, name));
+}
+
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
+{
+ if ((x == NULL) || (x->req_info == NULL))
+ return (0);
+ return (X509_PUBKEY_set(&x->req_info->pubkey, pkey));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509spki.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509spki.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509spki.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,121 +0,0 @@
-/* x509spki.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509.h>
-
-int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
-{
- if ((x == NULL) || (x->spkac == NULL)) return(0);
- return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
-}
-
-EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
-{
- if ((x == NULL) || (x->spkac == NULL))
- return(NULL);
- return(X509_PUBKEY_get(x->spkac->pubkey));
-}
-
-/* Load a Netscape SPKI from a base64 encoded string */
-
-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
-{
- unsigned char *spki_der;
- const unsigned char *p;
- int spki_len;
- NETSCAPE_SPKI *spki;
- if(len <= 0) len = strlen(str);
- if (!(spki_der = OPENSSL_malloc(len + 1))) {
- X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
- if(spki_len < 0) {
- X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
- X509_R_BASE64_DECODE_ERROR);
- OPENSSL_free(spki_der);
- return NULL;
- }
- p = spki_der;
- spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
- OPENSSL_free(spki_der);
- return spki;
-}
-
-/* Generate a base64 encoded string from an SPKI */
-
-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
-{
- unsigned char *der_spki, *p;
- char *b64_str;
- int der_len;
- der_len = i2d_NETSCAPE_SPKI(spki, NULL);
- der_spki = OPENSSL_malloc(der_len);
- b64_str = OPENSSL_malloc(der_len * 2);
- if(!der_spki || !b64_str) {
- X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- p = der_spki;
- i2d_NETSCAPE_SPKI(spki, &p);
- EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
- OPENSSL_free(der_spki);
- return b64_str;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509spki.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509spki.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509spki.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509spki.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,123 @@
+/* x509spki.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
+{
+ if ((x == NULL) || (x->spkac == NULL))
+ return (0);
+ return (X509_PUBKEY_set(&(x->spkac->pubkey), pkey));
+}
+
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
+{
+ if ((x == NULL) || (x->spkac == NULL))
+ return (NULL);
+ return (X509_PUBKEY_get(x->spkac->pubkey));
+}
+
+/* Load a Netscape SPKI from a base64 encoded string */
+
+NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len)
+{
+ unsigned char *spki_der;
+ const unsigned char *p;
+ int spki_len;
+ NETSCAPE_SPKI *spki;
+ if (len <= 0)
+ len = strlen(str);
+ if (!(spki_der = OPENSSL_malloc(len + 1))) {
+ X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
+ if (spki_len < 0) {
+ X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, X509_R_BASE64_DECODE_ERROR);
+ OPENSSL_free(spki_der);
+ return NULL;
+ }
+ p = spki_der;
+ spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
+ OPENSSL_free(spki_der);
+ return spki;
+}
+
+/* Generate a base64 encoded string from an SPKI */
+
+char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
+{
+ unsigned char *der_spki, *p;
+ char *b64_str;
+ int der_len;
+ der_len = i2d_NETSCAPE_SPKI(spki, NULL);
+ der_spki = OPENSSL_malloc(der_len);
+ b64_str = OPENSSL_malloc(der_len * 2);
+ if (!der_spki || !b64_str) {
+ X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ p = der_spki;
+ i2d_NETSCAPE_SPKI(spki, &p);
+ EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
+ OPENSSL_free(der_spki);
+ return b64_str;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509type.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x509type.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509type.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,121 +0,0 @@
-/* crypto/x509/x509type.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
- {
- EVP_PKEY *pk;
- int ret=0,i;
-
- if (x == NULL) return(0);
-
- if (pkey == NULL)
- pk=X509_get_pubkey(x);
- else
- pk=pkey;
-
- if (pk == NULL) return(0);
-
- switch (pk->type)
- {
- case EVP_PKEY_RSA:
- ret=EVP_PK_RSA|EVP_PKT_SIGN;
-/* if (!sign only extension) */
- ret|=EVP_PKT_ENC;
- break;
- case EVP_PKEY_DSA:
- ret=EVP_PK_DSA|EVP_PKT_SIGN;
- break;
- case EVP_PKEY_EC:
- ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH;
- break;
- case EVP_PKEY_DH:
- ret=EVP_PK_DH|EVP_PKT_EXCH;
- break;
- default:
- break;
- }
-
- i=X509_get_signature_type(x);
- switch (i)
- {
- case EVP_PKEY_RSA:
- ret|=EVP_PKS_RSA;
- break;
- case EVP_PKEY_DSA:
- ret|=EVP_PKS_DSA;
- break;
- case EVP_PKEY_EC:
- ret|=EVP_PKS_EC;
- break;
- default:
- break;
- }
-
- if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
- for, not bytes */
- ret|=EVP_PKT_EXP;
- if(pkey==NULL) EVP_PKEY_free(pk);
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x509type.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x509type.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x509type.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x509type.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,121 @@
+/* crypto/x509/x509type.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
+{
+ EVP_PKEY *pk;
+ int ret = 0, i;
+
+ if (x == NULL)
+ return (0);
+
+ if (pkey == NULL)
+ pk = X509_get_pubkey(x);
+ else
+ pk = pkey;
+
+ if (pk == NULL)
+ return (0);
+
+ switch (pk->type) {
+ case EVP_PKEY_RSA:
+ ret = EVP_PK_RSA | EVP_PKT_SIGN;
+/* if (!sign only extension) */
+ ret |= EVP_PKT_ENC;
+ break;
+ case EVP_PKEY_DSA:
+ ret = EVP_PK_DSA | EVP_PKT_SIGN;
+ break;
+ case EVP_PKEY_EC:
+ ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
+ break;
+ case EVP_PKEY_DH:
+ ret = EVP_PK_DH | EVP_PKT_EXCH;
+ break;
+ default:
+ break;
+ }
+
+ i = X509_get_signature_type(x);
+ switch (i) {
+ case EVP_PKEY_RSA:
+ ret |= EVP_PKS_RSA;
+ break;
+ case EVP_PKEY_DSA:
+ ret |= EVP_PKS_DSA;
+ break;
+ case EVP_PKEY_EC:
+ ret |= EVP_PKS_EC;
+ break;
+ default:
+ break;
+ }
+
+ /* /8 because it's 1024 bits we look for, not bytes */
+ if (EVP_PKEY_size(pk) <= 1024 / 8)
+ ret |= EVP_PKT_EXP;
+ if (pkey == NULL)
+ EVP_PKEY_free(pk);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509/x_all.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509/x_all.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x_all.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,523 +0,0 @@
-/* crypto/x509/x_all.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#undef SSLEAY_MACROS
-#include <openssl/stack.h>
-#include "cryptlib.h"
-#include <openssl/buffer.h>
-#include <openssl/asn1.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-int X509_verify(X509 *a, EVP_PKEY *r)
- {
- return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
- a->signature,a->cert_info,r));
- }
-
-int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
- {
- return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
- a->sig_alg,a->signature,a->req_info,r));
- }
-
-int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
- {
- return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
- a->sig_alg, a->signature,a->crl,r));
- }
-
-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
- {
- return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
- a->sig_algor,a->signature,a->spkac,r));
- }
-
-int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
- {
- x->cert_info->enc.modified = 1;
- return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
- x->sig_alg, x->signature, x->cert_info,pkey,md));
- }
-
-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
- {
- return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
- x->signature, x->req_info,pkey,md));
- }
-
-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
- {
- x->crl->enc.modified = 1;
- return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
- x->sig_alg, x->signature, x->crl,pkey,md));
- }
-
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
- {
- return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
- x->signature, x->spkac,pkey,md));
- }
-
-#ifndef OPENSSL_NO_FP_API
-X509 *d2i_X509_fp(FILE *fp, X509 **x509)
- {
- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
- }
-
-int i2d_X509_fp(FILE *fp, X509 *x509)
- {
- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
- }
-#endif
-
-X509 *d2i_X509_bio(BIO *bp, X509 **x509)
- {
- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
- }
-
-int i2d_X509_bio(BIO *bp, X509 *x509)
- {
- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
- }
-
-#ifndef OPENSSL_NO_FP_API
-X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
- {
- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
- }
-
-int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
- {
- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
- }
-#endif
-
-X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
- {
- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
- }
-
-int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
- {
- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
- }
-
-#ifndef OPENSSL_NO_FP_API
-PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
- {
- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
- }
-
-int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
- {
- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
- }
-#endif
-
-PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
- {
- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
- }
-
-int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
- {
- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
- }
-
-#ifndef OPENSSL_NO_FP_API
-X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
- {
- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
- }
-
-int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
- {
- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
- }
-#endif
-
-X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
- {
- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
- }
-
-int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
- {
- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
- }
-
-#ifndef OPENSSL_NO_RSA
-
-#ifndef OPENSSL_NO_FP_API
-RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
- {
- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
- }
-
-int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
- {
- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
- }
-
-RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
- {
- return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
- }
-
-
-RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
- {
- return ASN1_d2i_fp((void *(*)(void))
- RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp,
- (void **)rsa);
- }
-
-int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
- {
- return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
- }
-
-int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
- {
- return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa);
- }
-#endif
-
-RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
- {
- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
- }
-
-int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
- {
- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
- }
-
-RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
- {
- return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
- }
-
-
-RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
- {
- return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa);
- }
-
-int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
- {
- return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
- }
-
-int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
- {
- return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa);
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
- {
- return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa);
- }
-
-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
- {
- return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa);
- }
-
-DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
- {
- return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa);
- }
-
-int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
- {
- return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa);
- }
-#endif
-
-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
- {
- return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa
-);
- }
-
-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
- {
- return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa);
- }
-
-DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
- {
- return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa);
- }
-
-int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
- {
- return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa);
- }
-
-#endif
-
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
- {
- return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey);
- }
-
-int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
- {
- return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey);
- }
-
-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
- {
- return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey);
- }
-
-int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
- {
- return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey);
- }
-#endif
-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
- {
- return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey);
- }
-
-int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
- {
- return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa);
- }
-
-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
- {
- return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey);
- }
-
-int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
- {
- return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey);
- }
-#endif
-
-
-int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
- unsigned int *len)
- {
- ASN1_BIT_STRING *key;
- key = X509_get0_pubkey_bitstr(data);
- if(!key) return 0;
- return EVP_Digest(key->data, key->length, md, len, type, NULL);
- }
-
-int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
- unsigned int *len)
- {
- return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
- }
-
-int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
- unsigned int *len)
- {
- return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
- }
-
-int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
- unsigned int *len)
- {
- return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
- }
-
-int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
- unsigned int *len)
- {
- return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
- }
-
-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
- unsigned char *md, unsigned int *len)
- {
- return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
- (char *)data,md,len));
- }
-
-
-#ifndef OPENSSL_NO_FP_API
-X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
- {
- return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8);
- }
-
-int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
- {
- return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8);
- }
-#endif
-
-X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
- {
- return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8);
- }
-
-int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
- {
- return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8);
- }
-
-#ifndef OPENSSL_NO_FP_API
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
- PKCS8_PRIV_KEY_INFO **p8inf)
- {
- return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
- d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf);
- }
-
-int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
- {
- return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp,
- p8inf);
- }
-
-int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
- {
- PKCS8_PRIV_KEY_INFO *p8inf;
- int ret;
- p8inf = EVP_PKEY2PKCS8(key);
- if(!p8inf) return 0;
- ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- return ret;
- }
-
-int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
- {
- return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey);
- }
-
-EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
-{
- return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a);
-}
-
-int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
- {
- return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey);
- }
-
-EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
-{
- return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a);
-}
-
-#endif
-
-PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
- PKCS8_PRIV_KEY_INFO **p8inf)
- {
- return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
- d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf);
- }
-
-int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
- {
- return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp,
- p8inf);
- }
-
-int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
- {
- PKCS8_PRIV_KEY_INFO *p8inf;
- int ret;
- p8inf = EVP_PKEY2PKCS8(key);
- if(!p8inf) return 0;
- ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- return ret;
- }
-
-int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
- {
- return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey);
- }
-
-EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
- {
- return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a);
- }
-
-int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
- {
- return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey);
- }
-
-EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
- {
- return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509/x_all.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509/x_all.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509/x_all.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509/x_all.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,528 @@
+/* crypto/x509/x_all.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+int X509_verify(X509 *a, EVP_PKEY *r)
+{
+ if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
+ return 0;
+ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg,
+ a->signature, a->cert_info, r));
+}
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
+{
+ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
+ a->sig_alg, a->signature, a->req_info, r));
+}
+
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
+{
+ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
+ a->sig_alg, a->signature, a->crl, r));
+}
+
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
+{
+ return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
+ a->sig_algor, a->signature, a->spkac, r));
+}
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+ x->cert_info->enc.modified = 1;
+ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
+ x->sig_alg, x->signature, x->cert_info, pkey, md));
+}
+
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL,
+ x->signature, x->req_info, pkey, md));
+}
+
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+ x->crl->enc.modified = 1;
+ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg,
+ x->sig_alg, x->signature, x->crl, pkey, md));
+}
+
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+ return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL,
+ x->signature, x->spkac, pkey, md));
+}
+
+#ifndef OPENSSL_NO_FP_API
+X509 *d2i_X509_fp(FILE *fp, X509 **x509)
+{
+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
+}
+
+int i2d_X509_fp(FILE *fp, X509 *x509)
+{
+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
+}
+#endif
+
+X509 *d2i_X509_bio(BIO *bp, X509 **x509)
+{
+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
+}
+
+int i2d_X509_bio(BIO *bp, X509 *x509)
+{
+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
+}
+
+#ifndef OPENSSL_NO_FP_API
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
+{
+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+}
+
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
+{
+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+}
+#endif
+
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
+{
+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+}
+
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
+{
+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+}
+
+#ifndef OPENSSL_NO_FP_API
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
+{
+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
+}
+
+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
+{
+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
+}
+#endif
+
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
+{
+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
+}
+
+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
+{
+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
+}
+
+#ifndef OPENSSL_NO_FP_API
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
+{
+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+}
+
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
+{
+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+}
+#endif
+
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
+{
+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+}
+
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
+{
+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+}
+
+#ifndef OPENSSL_NO_RSA
+
+# ifndef OPENSSL_NO_FP_API
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
+{
+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
+}
+
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
+{
+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
+}
+
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
+{
+ return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
+}
+
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
+{
+ return ASN1_d2i_fp((void *(*)(void))
+ RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
+ (void **)rsa);
+}
+
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
+{
+ return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
+}
+
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
+{
+ return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
+}
+# endif
+
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
+{
+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
+}
+
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
+{
+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
+}
+
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
+{
+ return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
+}
+
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
+{
+ return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
+}
+
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
+{
+ return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
+}
+
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
+{
+ return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_FP_API
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
+{
+ return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
+}
+
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
+{
+ return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa);
+}
+
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
+{
+ return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
+}
+
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
+{
+ return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
+}
+# endif
+
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
+{
+ return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
+}
+
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
+{
+ return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa);
+}
+
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
+{
+ return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
+}
+
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
+{
+ return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
+}
+
+#endif
+
+#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_FP_API
+EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
+{
+ return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
+}
+
+int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
+{
+ return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
+}
+
+EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
+{
+ return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
+}
+
+int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
+{
+ return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
+}
+# endif
+EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
+{
+ return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
+}
+
+int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
+{
+ return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
+}
+
+EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
+{
+ return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
+}
+
+int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
+{
+ return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
+}
+#endif
+
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+ unsigned char *md, unsigned int *len)
+{
+ ASN1_BIT_STRING *key;
+ key = X509_get0_pubkey_bitstr(data);
+ if (!key)
+ return 0;
+ return EVP_Digest(key->data, key->length, md, len, type, NULL);
+}
+
+int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+ unsigned int *len)
+{
+ return (ASN1_item_digest
+ (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
+}
+
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
+ unsigned char *md, unsigned int *len)
+{
+ return (ASN1_item_digest
+ (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
+}
+
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+ unsigned char *md, unsigned int *len)
+{
+ return (ASN1_item_digest
+ (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len));
+}
+
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+ unsigned char *md, unsigned int *len)
+{
+ return (ASN1_item_digest
+ (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len));
+}
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+ const EVP_MD *type, unsigned char *md,
+ unsigned int *len)
+{
+ return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
+ (char *)data, md, len));
+}
+
+#ifndef OPENSSL_NO_FP_API
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
+{
+ return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
+}
+
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
+{
+ return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
+}
+#endif
+
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
+{
+ return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
+}
+
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
+{
+ return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
+}
+
+#ifndef OPENSSL_NO_FP_API
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+ PKCS8_PRIV_KEY_INFO **p8inf)
+{
+ return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
+ d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
+}
+
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
+{
+ return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
+ p8inf);
+}
+
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
+{
+ PKCS8_PRIV_KEY_INFO *p8inf;
+ int ret;
+ p8inf = EVP_PKEY2PKCS8(key);
+ if (!p8inf)
+ return 0;
+ ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ return ret;
+}
+
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
+{
+ return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
+}
+
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
+{
+ return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
+}
+
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
+{
+ return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
+}
+
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
+{
+ return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
+}
+
+#endif
+
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+ PKCS8_PRIV_KEY_INFO **p8inf)
+{
+ return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
+ d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
+}
+
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
+{
+ return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
+ p8inf);
+}
+
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
+{
+ PKCS8_PRIV_KEY_INFO *p8inf;
+ int ret;
+ p8inf = EVP_PKEY2PKCS8(key);
+ if (!p8inf)
+ return 0;
+ ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+ PKCS8_PRIV_KEY_INFO_free(p8inf);
+ return ret;
+}
+
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
+{
+ return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
+}
+
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
+{
+ return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
+}
+
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
+{
+ return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
+}
+
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
+{
+ return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/ext_dat.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/ext_dat.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/ext_dat.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,131 +0,0 @@
-/* ext_dat.h */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* This file contains a table of "standard" extensions */
-
-extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
-extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
-extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
-extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
-extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
-extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
-extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
-extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
-extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp;
-#ifndef OPENSSL_NO_RFC3779
-extern X509V3_EXT_METHOD v3_addr, v3_asid;
-#endif
-
-/* This table will be searched using OBJ_bsearch so it *must* kept in
- * order of the ext_nid values.
- */
-
-static X509V3_EXT_METHOD *standard_exts[] = {
-&v3_nscert,
-&v3_ns_ia5_list[0],
-&v3_ns_ia5_list[1],
-&v3_ns_ia5_list[2],
-&v3_ns_ia5_list[3],
-&v3_ns_ia5_list[4],
-&v3_ns_ia5_list[5],
-&v3_ns_ia5_list[6],
-&v3_skey_id,
-&v3_key_usage,
-&v3_pkey_usage_period,
-&v3_alt[0],
-&v3_alt[1],
-&v3_bcons,
-&v3_crl_num,
-&v3_cpols,
-&v3_akey_id,
-&v3_crld,
-&v3_ext_ku,
-&v3_delta_crl,
-&v3_crl_reason,
-#ifndef OPENSSL_NO_OCSP
-&v3_crl_invdate,
-#endif
-&v3_sxnet,
-&v3_info,
-#ifndef OPENSSL_NO_RFC3779
-&v3_addr,
-&v3_asid,
-#endif
-#ifndef OPENSSL_NO_OCSP
-&v3_ocsp_nonce,
-&v3_ocsp_crlid,
-&v3_ocsp_accresp,
-&v3_ocsp_nocheck,
-&v3_ocsp_acutoff,
-&v3_ocsp_serviceloc,
-#endif
-&v3_sinfo,
-&v3_policy_constraints,
-#ifndef OPENSSL_NO_OCSP
-&v3_crl_hold,
-#endif
-&v3_pci,
-&v3_name_constraints,
-&v3_policy_mappings,
-&v3_inhibit_anyp
-};
-
-/* Number of standard extensions */
-
-#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/ext_dat.h (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/ext_dat.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/ext_dat.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/ext_dat.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,132 @@
+/* ext_dat.h */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* This file contains a table of "standard" extensions */
+
+extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
+extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
+extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
+extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
+extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
+extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
+extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp;
+#ifndef OPENSSL_NO_RFC3779
+extern X509V3_EXT_METHOD v3_addr, v3_asid;
+#endif
+
+/*
+ * This table will be searched using OBJ_bsearch so it *must* kept in order
+ * of the ext_nid values.
+ */
+
+static X509V3_EXT_METHOD *standard_exts[] = {
+ &v3_nscert,
+ &v3_ns_ia5_list[0],
+ &v3_ns_ia5_list[1],
+ &v3_ns_ia5_list[2],
+ &v3_ns_ia5_list[3],
+ &v3_ns_ia5_list[4],
+ &v3_ns_ia5_list[5],
+ &v3_ns_ia5_list[6],
+ &v3_skey_id,
+ &v3_key_usage,
+ &v3_pkey_usage_period,
+ &v3_alt[0],
+ &v3_alt[1],
+ &v3_bcons,
+ &v3_crl_num,
+ &v3_cpols,
+ &v3_akey_id,
+ &v3_crld,
+ &v3_ext_ku,
+ &v3_delta_crl,
+ &v3_crl_reason,
+#ifndef OPENSSL_NO_OCSP
+ &v3_crl_invdate,
+#endif
+ &v3_sxnet,
+ &v3_info,
+#ifndef OPENSSL_NO_RFC3779
+ &v3_addr,
+ &v3_asid,
+#endif
+#ifndef OPENSSL_NO_OCSP
+ &v3_ocsp_nonce,
+ &v3_ocsp_crlid,
+ &v3_ocsp_accresp,
+ &v3_ocsp_nocheck,
+ &v3_ocsp_acutoff,
+ &v3_ocsp_serviceloc,
+#endif
+ &v3_sinfo,
+ &v3_policy_constraints,
+#ifndef OPENSSL_NO_OCSP
+ &v3_crl_hold,
+#endif
+ &v3_pci,
+ &v3_name_constraints,
+ &v3_policy_mappings,
+ &v3_inhibit_anyp
+};
+
+/* Number of standard extensions */
+
+#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_cache.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/pcy_cache.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_cache.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,287 +0,0 @@
-/* pcy_cache.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-static int policy_data_cmp(const X509_POLICY_DATA * const *a,
- const X509_POLICY_DATA * const *b);
-static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
-
-/* Set cache entry according to CertificatePolicies extension.
- * Note: this destroys the passed CERTIFICATEPOLICIES structure.
- */
-
-static int policy_cache_create(X509 *x,
- CERTIFICATEPOLICIES *policies, int crit)
- {
- int i;
- int ret = 0;
- X509_POLICY_CACHE *cache = x->policy_cache;
- X509_POLICY_DATA *data = NULL;
- POLICYINFO *policy;
- if (sk_POLICYINFO_num(policies) == 0)
- goto bad_policy;
- cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
- if (!cache->data)
- goto bad_policy;
- for (i = 0; i < sk_POLICYINFO_num(policies); i++)
- {
- policy = sk_POLICYINFO_value(policies, i);
- data = policy_data_new(policy, NULL, crit);
- if (!data)
- goto bad_policy;
- /* Duplicate policy OIDs are illegal: reject if matches
- * found.
- */
- if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)
- {
- if (cache->anyPolicy)
- {
- ret = -1;
- goto bad_policy;
- }
- cache->anyPolicy = data;
- }
- else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1)
- {
- ret = -1;
- goto bad_policy;
- }
- else if (!sk_X509_POLICY_DATA_push(cache->data, data))
- goto bad_policy;
- data = NULL;
- }
- ret = 1;
- bad_policy:
- if (ret == -1)
- x->ex_flags |= EXFLAG_INVALID_POLICY;
- if (data)
- policy_data_free(data);
- sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
- if (ret <= 0)
- {
- sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
- cache->data = NULL;
- }
- return ret;
- }
-
-
-static int policy_cache_new(X509 *x)
- {
- X509_POLICY_CACHE *cache;
- ASN1_INTEGER *ext_any = NULL;
- POLICY_CONSTRAINTS *ext_pcons = NULL;
- CERTIFICATEPOLICIES *ext_cpols = NULL;
- POLICY_MAPPINGS *ext_pmaps = NULL;
- int i;
- cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE));
- if (!cache)
- return 0;
- cache->anyPolicy = NULL;
- cache->data = NULL;
- cache->maps = NULL;
- cache->any_skip = -1;
- cache->explicit_skip = -1;
- cache->map_skip = -1;
-
- x->policy_cache = cache;
-
- /* Handle requireExplicitPolicy *first*. Need to process this
- * even if we don't have any policies.
- */
- ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
-
- if (!ext_pcons)
- {
- if (i != -1)
- goto bad_cache;
- }
- else
- {
- if (!ext_pcons->requireExplicitPolicy
- && !ext_pcons->inhibitPolicyMapping)
- goto bad_cache;
- if (!policy_cache_set_int(&cache->explicit_skip,
- ext_pcons->requireExplicitPolicy))
- goto bad_cache;
- if (!policy_cache_set_int(&cache->map_skip,
- ext_pcons->inhibitPolicyMapping))
- goto bad_cache;
- }
-
- /* Process CertificatePolicies */
-
- ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
- /* If no CertificatePolicies extension or problem decoding then
- * there is no point continuing because the valid policies will be
- * NULL.
- */
- if (!ext_cpols)
- {
- /* If not absent some problem with extension */
- if (i != -1)
- goto bad_cache;
- return 1;
- }
-
- i = policy_cache_create(x, ext_cpols, i);
-
- /* NB: ext_cpols freed by policy_cache_set_policies */
-
- if (i <= 0)
- return i;
-
- ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
-
- if (!ext_pmaps)
- {
- /* If not absent some problem with extension */
- if (i != -1)
- goto bad_cache;
- }
- else
- {
- i = policy_cache_set_mapping(x, ext_pmaps);
- if (i <= 0)
- goto bad_cache;
- }
-
- ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
-
- if (!ext_any)
- {
- if (i != -1)
- goto bad_cache;
- }
- else if (!policy_cache_set_int(&cache->any_skip, ext_any))
- goto bad_cache;
-
- if (0)
- {
- bad_cache:
- x->ex_flags |= EXFLAG_INVALID_POLICY;
- }
-
- if(ext_pcons)
- POLICY_CONSTRAINTS_free(ext_pcons);
-
- if (ext_any)
- ASN1_INTEGER_free(ext_any);
-
- return 1;
-
-
-}
-
-void policy_cache_free(X509_POLICY_CACHE *cache)
- {
- if (!cache)
- return;
- if (cache->anyPolicy)
- policy_data_free(cache->anyPolicy);
- if (cache->data)
- sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
- OPENSSL_free(cache);
- }
-
-const X509_POLICY_CACHE *policy_cache_set(X509 *x)
- {
-
- if (x->policy_cache == NULL)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
- policy_cache_new(x);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
- }
-
- return x->policy_cache;
-
- }
-
-X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
- const ASN1_OBJECT *id)
- {
- int idx;
- X509_POLICY_DATA tmp;
- tmp.valid_policy = (ASN1_OBJECT *)id;
- idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
- if (idx == -1)
- return NULL;
- return sk_X509_POLICY_DATA_value(cache->data, idx);
- }
-
-static int policy_data_cmp(const X509_POLICY_DATA * const *a,
- const X509_POLICY_DATA * const *b)
- {
- return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
- }
-
-static int policy_cache_set_int(long *out, ASN1_INTEGER *value)
- {
- if (value == NULL)
- return 1;
- if (value->type == V_ASN1_NEG_INTEGER)
- return 0;
- *out = ASN1_INTEGER_get(value);
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_cache.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/pcy_cache.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_cache.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_cache.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,270 @@
+/* pcy_cache.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+static int policy_data_cmp(const X509_POLICY_DATA *const *a,
+ const X509_POLICY_DATA *const *b);
+static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
+
+/*
+ * Set cache entry according to CertificatePolicies extension. Note: this
+ * destroys the passed CERTIFICATEPOLICIES structure.
+ */
+
+static int policy_cache_create(X509 *x,
+ CERTIFICATEPOLICIES *policies, int crit)
+{
+ int i;
+ int ret = 0;
+ X509_POLICY_CACHE *cache = x->policy_cache;
+ X509_POLICY_DATA *data = NULL;
+ POLICYINFO *policy;
+ if (sk_POLICYINFO_num(policies) == 0)
+ goto bad_policy;
+ cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
+ if (!cache->data)
+ goto bad_policy;
+ for (i = 0; i < sk_POLICYINFO_num(policies); i++) {
+ policy = sk_POLICYINFO_value(policies, i);
+ data = policy_data_new(policy, NULL, crit);
+ if (!data)
+ goto bad_policy;
+ /*
+ * Duplicate policy OIDs are illegal: reject if matches found.
+ */
+ if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+ if (cache->anyPolicy) {
+ ret = -1;
+ goto bad_policy;
+ }
+ cache->anyPolicy = data;
+ } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) {
+ ret = -1;
+ goto bad_policy;
+ } else if (!sk_X509_POLICY_DATA_push(cache->data, data))
+ goto bad_policy;
+ data = NULL;
+ }
+ ret = 1;
+ bad_policy:
+ if (ret == -1)
+ x->ex_flags |= EXFLAG_INVALID_POLICY;
+ if (data)
+ policy_data_free(data);
+ sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
+ if (ret <= 0) {
+ sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+ cache->data = NULL;
+ }
+ return ret;
+}
+
+static int policy_cache_new(X509 *x)
+{
+ X509_POLICY_CACHE *cache;
+ ASN1_INTEGER *ext_any = NULL;
+ POLICY_CONSTRAINTS *ext_pcons = NULL;
+ CERTIFICATEPOLICIES *ext_cpols = NULL;
+ POLICY_MAPPINGS *ext_pmaps = NULL;
+ int i;
+ cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE));
+ if (!cache)
+ return 0;
+ cache->anyPolicy = NULL;
+ cache->data = NULL;
+ cache->maps = NULL;
+ cache->any_skip = -1;
+ cache->explicit_skip = -1;
+ cache->map_skip = -1;
+
+ x->policy_cache = cache;
+
+ /*
+ * Handle requireExplicitPolicy *first*. Need to process this even if we
+ * don't have any policies.
+ */
+ ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
+
+ if (!ext_pcons) {
+ if (i != -1)
+ goto bad_cache;
+ } else {
+ if (!ext_pcons->requireExplicitPolicy
+ && !ext_pcons->inhibitPolicyMapping)
+ goto bad_cache;
+ if (!policy_cache_set_int(&cache->explicit_skip,
+ ext_pcons->requireExplicitPolicy))
+ goto bad_cache;
+ if (!policy_cache_set_int(&cache->map_skip,
+ ext_pcons->inhibitPolicyMapping))
+ goto bad_cache;
+ }
+
+ /* Process CertificatePolicies */
+
+ ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
+ /*
+ * If no CertificatePolicies extension or problem decoding then there is
+ * no point continuing because the valid policies will be NULL.
+ */
+ if (!ext_cpols) {
+ /* If not absent some problem with extension */
+ if (i != -1)
+ goto bad_cache;
+ return 1;
+ }
+
+ i = policy_cache_create(x, ext_cpols, i);
+
+ /* NB: ext_cpols freed by policy_cache_set_policies */
+
+ if (i <= 0)
+ return i;
+
+ ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
+
+ if (!ext_pmaps) {
+ /* If not absent some problem with extension */
+ if (i != -1)
+ goto bad_cache;
+ } else {
+ i = policy_cache_set_mapping(x, ext_pmaps);
+ if (i <= 0)
+ goto bad_cache;
+ }
+
+ ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
+
+ if (!ext_any) {
+ if (i != -1)
+ goto bad_cache;
+ } else if (!policy_cache_set_int(&cache->any_skip, ext_any))
+ goto bad_cache;
+
+ if (0) {
+ bad_cache:
+ x->ex_flags |= EXFLAG_INVALID_POLICY;
+ }
+
+ if (ext_pcons)
+ POLICY_CONSTRAINTS_free(ext_pcons);
+
+ if (ext_any)
+ ASN1_INTEGER_free(ext_any);
+
+ return 1;
+
+}
+
+void policy_cache_free(X509_POLICY_CACHE *cache)
+{
+ if (!cache)
+ return;
+ if (cache->anyPolicy)
+ policy_data_free(cache->anyPolicy);
+ if (cache->data)
+ sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+ OPENSSL_free(cache);
+}
+
+const X509_POLICY_CACHE *policy_cache_set(X509 *x)
+{
+
+ if (x->policy_cache == NULL) {
+ CRYPTO_w_lock(CRYPTO_LOCK_X509);
+ policy_cache_new(x);
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+ }
+
+ return x->policy_cache;
+
+}
+
+X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
+ const ASN1_OBJECT *id)
+{
+ int idx;
+ X509_POLICY_DATA tmp;
+ tmp.valid_policy = (ASN1_OBJECT *)id;
+ idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
+ if (idx == -1)
+ return NULL;
+ return sk_X509_POLICY_DATA_value(cache->data, idx);
+}
+
+static int policy_data_cmp(const X509_POLICY_DATA *const *a,
+ const X509_POLICY_DATA *const *b)
+{
+ return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
+}
+
+static int policy_cache_set_int(long *out, ASN1_INTEGER *value)
+{
+ if (value == NULL)
+ return 1;
+ if (value->type == V_ASN1_NEG_INTEGER)
+ return 0;
+ *out = ASN1_INTEGER_get(value);
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_data.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/pcy_data.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_data.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,131 +0,0 @@
-/* pcy_data.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-/* Policy Node routines */
-
-void policy_data_free(X509_POLICY_DATA *data)
- {
- ASN1_OBJECT_free(data->valid_policy);
- /* Don't free qualifiers if shared */
- if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
- sk_POLICYQUALINFO_pop_free(data->qualifier_set,
- POLICYQUALINFO_free);
- sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);
- OPENSSL_free(data);
- }
-
-/* Create a data based on an existing policy. If 'id' is NULL use the
- * oid in the policy, otherwise use 'id'. This behaviour covers the two
- * types of data in RFC3280: data with from a CertificatePolcies extension
- * and additional data with just the qualifiers of anyPolicy and ID from
- * another source.
- */
-
-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit)
- {
- X509_POLICY_DATA *ret;
- if (!policy && !id)
- return NULL;
- if (id)
- {
- id = OBJ_dup(id);
- if (!id)
- return NULL;
- }
- ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
- if (!ret)
- return NULL;
- ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
- if (!ret->expected_policy_set)
- {
- OPENSSL_free(ret);
- if (id)
- ASN1_OBJECT_free(id);
- return NULL;
- }
-
- if (crit)
- ret->flags = POLICY_DATA_FLAG_CRITICAL;
- else
- ret->flags = 0;
-
- if (id)
- ret->valid_policy = id;
- else
- {
- ret->valid_policy = policy->policyid;
- policy->policyid = NULL;
- }
-
- if (policy)
- {
- ret->qualifier_set = policy->qualifiers;
- policy->qualifiers = NULL;
- }
- else
- ret->qualifier_set = NULL;
-
- return ret;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_data.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/pcy_data.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_data.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_data.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,127 @@
+/* pcy_data.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+/* Policy Node routines */
+
+void policy_data_free(X509_POLICY_DATA *data)
+{
+ ASN1_OBJECT_free(data->valid_policy);
+ /* Don't free qualifiers if shared */
+ if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
+ sk_POLICYQUALINFO_pop_free(data->qualifier_set, POLICYQUALINFO_free);
+ sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);
+ OPENSSL_free(data);
+}
+
+/*
+ * Create a data based on an existing policy. If 'id' is NULL use the oid in
+ * the policy, otherwise use 'id'. This behaviour covers the two types of
+ * data in RFC3280: data with from a CertificatePolcies extension and
+ * additional data with just the qualifiers of anyPolicy and ID from another
+ * source.
+ */
+
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id,
+ int crit)
+{
+ X509_POLICY_DATA *ret;
+ if (!policy && !id)
+ return NULL;
+ if (id) {
+ id = OBJ_dup(id);
+ if (!id)
+ return NULL;
+ }
+ ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
+ if (!ret)
+ return NULL;
+ ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
+ if (!ret->expected_policy_set) {
+ OPENSSL_free(ret);
+ if (id)
+ ASN1_OBJECT_free(id);
+ return NULL;
+ }
+
+ if (crit)
+ ret->flags = POLICY_DATA_FLAG_CRITICAL;
+ else
+ ret->flags = 0;
+
+ if (id)
+ ret->valid_policy = id;
+ else {
+ ret->valid_policy = policy->policyid;
+ policy->policyid = NULL;
+ }
+
+ if (policy) {
+ ret->qualifier_set = policy->qualifiers;
+ policy->qualifiers = NULL;
+ } else
+ ret->qualifier_set = NULL;
+
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_int.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/pcy_int.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_int.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,223 +0,0 @@
-/* pcy_int.h */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-DECLARE_STACK_OF(X509_POLICY_DATA)
-DECLARE_STACK_OF(X509_POLICY_REF)
-DECLARE_STACK_OF(X509_POLICY_NODE)
-
-typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
-typedef struct X509_POLICY_REF_st X509_POLICY_REF;
-
-/* Internal structures */
-
-/* This structure and the field names correspond to the Policy 'node' of
- * RFC3280. NB this structure contains no pointers to parent or child
- * data: X509_POLICY_NODE contains that. This means that the main policy data
- * can be kept static and cached with the certificate.
- */
-
-struct X509_POLICY_DATA_st
- {
- unsigned int flags;
- /* Policy OID and qualifiers for this data */
- ASN1_OBJECT *valid_policy;
- STACK_OF(POLICYQUALINFO) *qualifier_set;
- STACK_OF(ASN1_OBJECT) *expected_policy_set;
- };
-
-/* X509_POLICY_DATA flags values */
-
-/* This flag indicates the structure has been mapped using a policy mapping
- * extension. If policy mapping is not active its references get deleted.
- */
-
-#define POLICY_DATA_FLAG_MAPPED 0x1
-
-/* This flag indicates the data doesn't correspond to a policy in Certificate
- * Policies: it has been mapped to any policy.
- */
-
-#define POLICY_DATA_FLAG_MAPPED_ANY 0x2
-
-/* AND with flags to see if any mapping has occurred */
-
-#define POLICY_DATA_FLAG_MAP_MASK 0x3
-
-/* qualifiers are shared and shouldn't be freed */
-
-#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4
-
-/* Parent node is an extra node and should be freed */
-
-#define POLICY_DATA_FLAG_EXTRA_NODE 0x8
-
-/* Corresponding CertificatePolicies is critical */
-
-#define POLICY_DATA_FLAG_CRITICAL 0x10
-
-/* This structure is an entry from a table of mapped policies which
- * cross reference the policy it refers to.
- */
-
-struct X509_POLICY_REF_st
- {
- ASN1_OBJECT *subjectDomainPolicy;
- const X509_POLICY_DATA *data;
- };
-
-/* This structure is cached with a certificate */
-
-struct X509_POLICY_CACHE_st {
- /* anyPolicy data or NULL if no anyPolicy */
- X509_POLICY_DATA *anyPolicy;
- /* other policy data */
- STACK_OF(X509_POLICY_DATA) *data;
- /* If policyMappings extension present a table of mapped policies */
- STACK_OF(X509_POLICY_REF) *maps;
- /* If InhibitAnyPolicy present this is its value or -1 if absent. */
- long any_skip;
- /* If policyConstraints and requireExplicitPolicy present this is its
- * value or -1 if absent.
- */
- long explicit_skip;
- /* If policyConstraints and policyMapping present this is its
- * value or -1 if absent.
- */
- long map_skip;
- };
-
-/*#define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL*/
-
-/* This structure represents the relationship between nodes */
-
-struct X509_POLICY_NODE_st
- {
- /* node data this refers to */
- const X509_POLICY_DATA *data;
- /* Parent node */
- X509_POLICY_NODE *parent;
- /* Number of child nodes */
- int nchild;
- };
-
-struct X509_POLICY_LEVEL_st
- {
- /* Cert for this level */
- X509 *cert;
- /* nodes at this level */
- STACK_OF(X509_POLICY_NODE) *nodes;
- /* anyPolicy node */
- X509_POLICY_NODE *anyPolicy;
- /* Extra data */
- /*STACK_OF(X509_POLICY_DATA) *extra_data;*/
- unsigned int flags;
- };
-
-struct X509_POLICY_TREE_st
- {
- /* This is the tree 'level' data */
- X509_POLICY_LEVEL *levels;
- int nlevel;
- /* Extra policy data when additional nodes (not from the certificate)
- * are required.
- */
- STACK_OF(X509_POLICY_DATA) *extra_data;
- /* This is the authority constained policy set */
- STACK_OF(X509_POLICY_NODE) *auth_policies;
- STACK_OF(X509_POLICY_NODE) *user_policies;
- unsigned int flags;
- };
-
-/* Set if anyPolicy present in user policies */
-#define POLICY_FLAG_ANY_POLICY 0x2
-
-/* Useful macros */
-
-#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
-#define node_critical(node) node_data_critical(node->data)
-
-/* Internal functions */
-
-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id,
- int crit);
-void policy_data_free(X509_POLICY_DATA *data);
-
-X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
- const ASN1_OBJECT *id);
-int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
-
-
-STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
-
-void policy_cache_init(void);
-
-void policy_cache_free(X509_POLICY_CACHE *cache);
-
-X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
- const ASN1_OBJECT *id);
-
-X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
- const ASN1_OBJECT *id);
-
-X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
- X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
- X509_POLICY_TREE *tree);
-void policy_node_free(X509_POLICY_NODE *node);
-
-const X509_POLICY_CACHE *policy_cache_set(X509 *x);
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_int.h (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/pcy_int.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_int.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_int.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,229 @@
+/* pcy_int.h */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+DECLARE_STACK_OF(X509_POLICY_DATA)
+DECLARE_STACK_OF(X509_POLICY_REF)
+DECLARE_STACK_OF(X509_POLICY_NODE)
+
+typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
+typedef struct X509_POLICY_REF_st X509_POLICY_REF;
+
+/* Internal structures */
+
+/*
+ * This structure and the field names correspond to the Policy 'node' of
+ * RFC3280. NB this structure contains no pointers to parent or child data:
+ * X509_POLICY_NODE contains that. This means that the main policy data can
+ * be kept static and cached with the certificate.
+ */
+
+struct X509_POLICY_DATA_st {
+ unsigned int flags;
+ /* Policy OID and qualifiers for this data */
+ ASN1_OBJECT *valid_policy;
+ STACK_OF(POLICYQUALINFO) *qualifier_set;
+ STACK_OF(ASN1_OBJECT) *expected_policy_set;
+};
+
+/* X509_POLICY_DATA flags values */
+
+/*
+ * This flag indicates the structure has been mapped using a policy mapping
+ * extension. If policy mapping is not active its references get deleted.
+ */
+
+#define POLICY_DATA_FLAG_MAPPED 0x1
+
+/*
+ * This flag indicates the data doesn't correspond to a policy in Certificate
+ * Policies: it has been mapped to any policy.
+ */
+
+#define POLICY_DATA_FLAG_MAPPED_ANY 0x2
+
+/* AND with flags to see if any mapping has occurred */
+
+#define POLICY_DATA_FLAG_MAP_MASK 0x3
+
+/* qualifiers are shared and shouldn't be freed */
+
+#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4
+
+/* Parent node is an extra node and should be freed */
+
+#define POLICY_DATA_FLAG_EXTRA_NODE 0x8
+
+/* Corresponding CertificatePolicies is critical */
+
+#define POLICY_DATA_FLAG_CRITICAL 0x10
+
+/*
+ * This structure is an entry from a table of mapped policies which cross
+ * reference the policy it refers to.
+ */
+
+struct X509_POLICY_REF_st {
+ ASN1_OBJECT *subjectDomainPolicy;
+ const X509_POLICY_DATA *data;
+};
+
+/* This structure is cached with a certificate */
+
+struct X509_POLICY_CACHE_st {
+ /* anyPolicy data or NULL if no anyPolicy */
+ X509_POLICY_DATA *anyPolicy;
+ /* other policy data */
+ STACK_OF(X509_POLICY_DATA) *data;
+ /* If policyMappings extension present a table of mapped policies */
+ STACK_OF(X509_POLICY_REF) *maps;
+ /* If InhibitAnyPolicy present this is its value or -1 if absent. */
+ long any_skip;
+ /*
+ * If policyConstraints and requireExplicitPolicy present this is its
+ * value or -1 if absent.
+ */
+ long explicit_skip;
+ /*
+ * If policyConstraints and policyMapping present this is its value or -1
+ * if absent.
+ */
+ long map_skip;
+};
+
+/*
+ * #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL
+ */
+
+/* This structure represents the relationship between nodes */
+
+struct X509_POLICY_NODE_st {
+ /* node data this refers to */
+ const X509_POLICY_DATA *data;
+ /* Parent node */
+ X509_POLICY_NODE *parent;
+ /* Number of child nodes */
+ int nchild;
+};
+
+struct X509_POLICY_LEVEL_st {
+ /* Cert for this level */
+ X509 *cert;
+ /* nodes at this level */
+ STACK_OF(X509_POLICY_NODE) *nodes;
+ /* anyPolicy node */
+ X509_POLICY_NODE *anyPolicy;
+ /* Extra data */
+ /*
+ * STACK_OF(X509_POLICY_DATA) *extra_data;
+ */
+ unsigned int flags;
+};
+
+struct X509_POLICY_TREE_st {
+ /* This is the tree 'level' data */
+ X509_POLICY_LEVEL *levels;
+ int nlevel;
+ /*
+ * Extra policy data when additional nodes (not from the certificate) are
+ * required.
+ */
+ STACK_OF(X509_POLICY_DATA) *extra_data;
+ /* This is the authority constained policy set */
+ STACK_OF(X509_POLICY_NODE) *auth_policies;
+ STACK_OF(X509_POLICY_NODE) *user_policies;
+ unsigned int flags;
+};
+
+/* Set if anyPolicy present in user policies */
+#define POLICY_FLAG_ANY_POLICY 0x2
+
+/* Useful macros */
+
+#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
+#define node_critical(node) node_data_critical(node->data)
+
+/* Internal functions */
+
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id,
+ int crit);
+void policy_data_free(X509_POLICY_DATA *data);
+
+X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
+ const ASN1_OBJECT *id);
+int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
+
+STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
+
+void policy_cache_init(void);
+
+void policy_cache_free(X509_POLICY_CACHE *cache);
+
+X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+ const ASN1_OBJECT *id);
+
+X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+ const ASN1_OBJECT *id);
+
+X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+ X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+ X509_POLICY_TREE *tree);
+void policy_node_free(X509_POLICY_NODE *node);
+
+const X509_POLICY_CACHE *policy_cache_set(X509 *x);
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/pcy_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,167 +0,0 @@
-/* pcy_lib.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-/* accessor functions */
-
-/* X509_POLICY_TREE stuff */
-
-int X509_policy_tree_level_count(const X509_POLICY_TREE *tree)
- {
- if (!tree)
- return 0;
- return tree->nlevel;
- }
-
-X509_POLICY_LEVEL *
- X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i)
- {
- if (!tree || (i < 0) || (i >= tree->nlevel))
- return NULL;
- return tree->levels + i;
- }
-
-STACK_OF(X509_POLICY_NODE) *
- X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree)
- {
- if (!tree)
- return NULL;
- return tree->auth_policies;
- }
-
-STACK_OF(X509_POLICY_NODE) *
- X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree)
- {
- if (!tree)
- return NULL;
- if (tree->flags & POLICY_FLAG_ANY_POLICY)
- return tree->auth_policies;
- else
- return tree->user_policies;
- }
-
-/* X509_POLICY_LEVEL stuff */
-
-int X509_policy_level_node_count(X509_POLICY_LEVEL *level)
- {
- int n;
- if (!level)
- return 0;
- if (level->anyPolicy)
- n = 1;
- else
- n = 0;
- if (level->nodes)
- n += sk_X509_POLICY_NODE_num(level->nodes);
- return n;
- }
-
-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i)
- {
- if (!level)
- return NULL;
- if (level->anyPolicy)
- {
- if (i == 0)
- return level->anyPolicy;
- i--;
- }
- return sk_X509_POLICY_NODE_value(level->nodes, i);
- }
-
-/* X509_POLICY_NODE stuff */
-
-const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node)
- {
- if (!node)
- return NULL;
- return node->data->valid_policy;
- }
-
-#if 0
-int X509_policy_node_get_critical(const X509_POLICY_NODE *node)
- {
- if (node_critical(node))
- return 1;
- return 0;
- }
-#endif
-
-STACK_OF(POLICYQUALINFO) *
- X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node)
- {
- if (!node)
- return NULL;
- return node->data->qualifier_set;
- }
-
-const X509_POLICY_NODE *
- X509_policy_node_get0_parent(const X509_POLICY_NODE *node)
- {
- if (!node)
- return NULL;
- return node->parent;
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/pcy_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,167 @@
+/* pcy_lib.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+/* accessor functions */
+
+/* X509_POLICY_TREE stuff */
+
+int X509_policy_tree_level_count(const X509_POLICY_TREE *tree)
+{
+ if (!tree)
+ return 0;
+ return tree->nlevel;
+}
+
+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
+ int i)
+{
+ if (!tree || (i < 0) || (i >= tree->nlevel))
+ return NULL;
+ return tree->levels + i;
+}
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
+ X509_POLICY_TREE
+ *tree)
+{
+ if (!tree)
+ return NULL;
+ return tree->auth_policies;
+}
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
+ X509_POLICY_TREE
+ *tree)
+{
+ if (!tree)
+ return NULL;
+ if (tree->flags & POLICY_FLAG_ANY_POLICY)
+ return tree->auth_policies;
+ else
+ return tree->user_policies;
+}
+
+/* X509_POLICY_LEVEL stuff */
+
+int X509_policy_level_node_count(X509_POLICY_LEVEL *level)
+{
+ int n;
+ if (!level)
+ return 0;
+ if (level->anyPolicy)
+ n = 1;
+ else
+ n = 0;
+ if (level->nodes)
+ n += sk_X509_POLICY_NODE_num(level->nodes);
+ return n;
+}
+
+X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i)
+{
+ if (!level)
+ return NULL;
+ if (level->anyPolicy) {
+ if (i == 0)
+ return level->anyPolicy;
+ i--;
+ }
+ return sk_X509_POLICY_NODE_value(level->nodes, i);
+}
+
+/* X509_POLICY_NODE stuff */
+
+const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node)
+{
+ if (!node)
+ return NULL;
+ return node->data->valid_policy;
+}
+
+#if 0
+int X509_policy_node_get_critical(const X509_POLICY_NODE *node)
+{
+ if (node_critical(node))
+ return 1;
+ return 0;
+}
+#endif
+
+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
+ X509_POLICY_NODE
+ *node)
+{
+ if (!node)
+ return NULL;
+ return node->data->qualifier_set;
+}
+
+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
+ *node)
+{
+ if (!node)
+ return NULL;
+ return node->parent;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_map.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/pcy_map.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_map.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,188 +0,0 @@
-/* pcy_map.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-static int ref_cmp(const X509_POLICY_REF * const *a,
- const X509_POLICY_REF * const *b)
- {
- return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy);
- }
-
-static void policy_map_free(X509_POLICY_REF *map)
- {
- OPENSSL_free(map);
- }
-
-static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id)
- {
- X509_POLICY_REF tmp;
- int idx;
- tmp.subjectDomainPolicy = id;
-
- idx = sk_X509_POLICY_REF_find(cache->maps, &tmp);
- if (idx == -1)
- return NULL;
- return sk_X509_POLICY_REF_value(cache->maps, idx);
- }
-
-/* Set policy mapping entries in cache.
- * Note: this modifies the passed POLICY_MAPPINGS structure
- */
-
-int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
- {
- POLICY_MAPPING *map;
- X509_POLICY_REF *ref = NULL;
- ASN1_OBJECT *subjectDomainPolicyRef;
- X509_POLICY_DATA *data;
- X509_POLICY_CACHE *cache = x->policy_cache;
- int i;
- int ret = 0;
- if (sk_POLICY_MAPPING_num(maps) == 0)
- {
- ret = -1;
- goto bad_mapping;
- }
- cache->maps = sk_X509_POLICY_REF_new(ref_cmp);
- for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++)
- {
- map = sk_POLICY_MAPPING_value(maps, i);
- /* Reject if map to or from anyPolicy */
- if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
- || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy))
- {
- ret = -1;
- goto bad_mapping;
- }
-
- /* If we've already mapped from this OID bad mapping */
- if (policy_map_find(cache, map->subjectDomainPolicy) != NULL)
- {
- ret = -1;
- goto bad_mapping;
- }
-
- /* Attempt to find matching policy data */
- data = policy_cache_find_data(cache, map->issuerDomainPolicy);
- /* If we don't have anyPolicy can't map */
- if (!data && !cache->anyPolicy)
- continue;
-
- /* Create a NODE from anyPolicy */
- if (!data)
- {
- data = policy_data_new(NULL, map->issuerDomainPolicy,
- cache->anyPolicy->flags
- & POLICY_DATA_FLAG_CRITICAL);
- if (!data)
- goto bad_mapping;
- data->qualifier_set = cache->anyPolicy->qualifier_set;
- map->issuerDomainPolicy = NULL;
- data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
- if (!sk_X509_POLICY_DATA_push(cache->data, data))
- {
- policy_data_free(data);
- goto bad_mapping;
- }
- }
- else
- data->flags |= POLICY_DATA_FLAG_MAPPED;
-
- if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
- map->subjectDomainPolicy))
- goto bad_mapping;
- /* map->subjectDomainPolicy will be freed when
- * cache->data is freed. Set it to NULL to avoid double-free. */
- subjectDomainPolicyRef = map->subjectDomainPolicy;
- map->subjectDomainPolicy = NULL;
-
- ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
- if (!ref)
- goto bad_mapping;
-
- ref->subjectDomainPolicy = subjectDomainPolicyRef;
- ref->data = data;
-
- if (!sk_X509_POLICY_REF_push(cache->maps, ref))
- goto bad_mapping;
-
- ref = NULL;
-
- }
-
- ret = 1;
- bad_mapping:
- if (ret == -1)
- x->ex_flags |= EXFLAG_INVALID_POLICY;
- if (ref)
- policy_map_free(ref);
- if (ret <= 0)
- {
- sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free);
- cache->maps = NULL;
- }
- sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
- return ret;
-
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_map.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/pcy_map.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_map.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_map.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,185 @@
+/* pcy_map.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+static int ref_cmp(const X509_POLICY_REF * const *a,
+ const X509_POLICY_REF * const *b)
+{
+ return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy);
+}
+
+static void policy_map_free(X509_POLICY_REF * map)
+{
+ OPENSSL_free(map);
+}
+
+static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache,
+ ASN1_OBJECT *id)
+{
+ X509_POLICY_REF tmp;
+ int idx;
+ tmp.subjectDomainPolicy = id;
+
+ idx = sk_X509_POLICY_REF_find(cache->maps, &tmp);
+ if (idx == -1)
+ return NULL;
+ return sk_X509_POLICY_REF_value(cache->maps, idx);
+}
+
+/*
+ * Set policy mapping entries in cache. Note: this modifies the passed
+ * POLICY_MAPPINGS structure
+ */
+
+int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
+{
+ POLICY_MAPPING *map;
+ X509_POLICY_REF *ref = NULL;
+ ASN1_OBJECT *subjectDomainPolicyRef;
+ X509_POLICY_DATA *data;
+ X509_POLICY_CACHE *cache = x->policy_cache;
+ int i;
+ int ret = 0;
+ if (sk_POLICY_MAPPING_num(maps) == 0) {
+ ret = -1;
+ goto bad_mapping;
+ }
+ cache->maps = sk_X509_POLICY_REF_new(ref_cmp);
+ for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) {
+ map = sk_POLICY_MAPPING_value(maps, i);
+ /* Reject if map to or from anyPolicy */
+ if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
+ || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) {
+ ret = -1;
+ goto bad_mapping;
+ }
+
+ /* If we've already mapped from this OID bad mapping */
+ if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) {
+ ret = -1;
+ goto bad_mapping;
+ }
+
+ /* Attempt to find matching policy data */
+ data = policy_cache_find_data(cache, map->issuerDomainPolicy);
+ /* If we don't have anyPolicy can't map */
+ if (!data && !cache->anyPolicy)
+ continue;
+
+ /* Create a NODE from anyPolicy */
+ if (!data) {
+ data = policy_data_new(NULL, map->issuerDomainPolicy,
+ cache->anyPolicy->flags
+ & POLICY_DATA_FLAG_CRITICAL);
+ if (!data)
+ goto bad_mapping;
+ data->qualifier_set = cache->anyPolicy->qualifier_set;
+ map->issuerDomainPolicy = NULL;
+ data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
+ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+ if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
+ policy_data_free(data);
+ goto bad_mapping;
+ }
+ } else
+ data->flags |= POLICY_DATA_FLAG_MAPPED;
+
+ if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
+ map->subjectDomainPolicy))
+ goto bad_mapping;
+ /*
+ * map->subjectDomainPolicy will be freed when cache->data is freed.
+ * Set it to NULL to avoid double-free.
+ */
+ subjectDomainPolicyRef = map->subjectDomainPolicy;
+ map->subjectDomainPolicy = NULL;
+
+ ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
+ if (!ref)
+ goto bad_mapping;
+
+ ref->subjectDomainPolicy = subjectDomainPolicyRef;
+ ref->data = data;
+
+ if (!sk_X509_POLICY_REF_push(cache->maps, ref))
+ goto bad_mapping;
+
+ ref = NULL;
+
+ }
+
+ ret = 1;
+ bad_mapping:
+ if (ret == -1)
+ x->ex_flags |= EXFLAG_INVALID_POLICY;
+ if (ref)
+ policy_map_free(ref);
+ if (ret <= 0) {
+ sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free);
+ cache->maps = NULL;
+ }
+ sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
+ return ret;
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_node.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/pcy_node.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_node.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,158 +0,0 @@
-/* pcy_node.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-static int node_cmp(const X509_POLICY_NODE * const *a,
- const X509_POLICY_NODE * const *b)
- {
- return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
- }
-
-STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
- {
- return sk_X509_POLICY_NODE_new(node_cmp);
- }
-
-X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
- const ASN1_OBJECT *id)
- {
- X509_POLICY_DATA n;
- X509_POLICY_NODE l;
- int idx;
-
- n.valid_policy = (ASN1_OBJECT *)id;
- l.data = &n;
-
- idx = sk_X509_POLICY_NODE_find(nodes, &l);
- if (idx == -1)
- return NULL;
-
- return sk_X509_POLICY_NODE_value(nodes, idx);
-
- }
-
-X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
- const ASN1_OBJECT *id)
- {
- return tree_find_sk(level->nodes, id);
- }
-
-X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
- X509_POLICY_DATA *data,
- X509_POLICY_NODE *parent,
- X509_POLICY_TREE *tree)
- {
- X509_POLICY_NODE *node;
- node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));
- if (!node)
- return NULL;
- node->data = data;
- node->parent = parent;
- node->nchild = 0;
- if (level)
- {
- if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)
- {
- if (level->anyPolicy)
- goto node_error;
- level->anyPolicy = node;
- }
- else
- {
-
- if (!level->nodes)
- level->nodes = policy_node_cmp_new();
- if (!level->nodes)
- goto node_error;
- if (!sk_X509_POLICY_NODE_push(level->nodes, node))
- goto node_error;
- }
- }
-
- if (tree)
- {
- if (!tree->extra_data)
- tree->extra_data = sk_X509_POLICY_DATA_new_null();
- if (!tree->extra_data)
- goto node_error;
- if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
- goto node_error;
- }
-
- if (parent)
- parent->nchild++;
-
- return node;
-
- node_error:
- policy_node_free(node);
- return 0;
-
- }
-
-void policy_node_free(X509_POLICY_NODE *node)
- {
- OPENSSL_free(node);
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_node.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/pcy_node.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_node.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_node.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,152 @@
+/* pcy_node.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+static int node_cmp(const X509_POLICY_NODE *const *a,
+ const X509_POLICY_NODE *const *b)
+{
+ return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
+}
+
+STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
+{
+ return sk_X509_POLICY_NODE_new(node_cmp);
+}
+
+X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
+ const ASN1_OBJECT *id)
+{
+ X509_POLICY_DATA n;
+ X509_POLICY_NODE l;
+ int idx;
+
+ n.valid_policy = (ASN1_OBJECT *)id;
+ l.data = &n;
+
+ idx = sk_X509_POLICY_NODE_find(nodes, &l);
+ if (idx == -1)
+ return NULL;
+
+ return sk_X509_POLICY_NODE_value(nodes, idx);
+
+}
+
+X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+ const ASN1_OBJECT *id)
+{
+ return tree_find_sk(level->nodes, id);
+}
+
+X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+ X509_POLICY_DATA *data,
+ X509_POLICY_NODE *parent,
+ X509_POLICY_TREE *tree)
+{
+ X509_POLICY_NODE *node;
+ node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));
+ if (!node)
+ return NULL;
+ node->data = data;
+ node->parent = parent;
+ node->nchild = 0;
+ if (level) {
+ if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+ if (level->anyPolicy)
+ goto node_error;
+ level->anyPolicy = node;
+ } else {
+
+ if (!level->nodes)
+ level->nodes = policy_node_cmp_new();
+ if (!level->nodes)
+ goto node_error;
+ if (!sk_X509_POLICY_NODE_push(level->nodes, node))
+ goto node_error;
+ }
+ }
+
+ if (tree) {
+ if (!tree->extra_data)
+ tree->extra_data = sk_X509_POLICY_DATA_new_null();
+ if (!tree->extra_data)
+ goto node_error;
+ if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
+ goto node_error;
+ }
+
+ if (parent)
+ parent->nchild++;
+
+ return node;
+
+ node_error:
+ policy_node_free(node);
+ return 0;
+
+}
+
+void policy_node_free(X509_POLICY_NODE *node)
+{
+ OPENSSL_free(node);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_tree.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/pcy_tree.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_tree.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,697 +0,0 @@
-/* pcy_tree.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2004.
- */
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "cryptlib.h"
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-/* Initialize policy tree. Return values:
- * 0 Some internal error occured.
- * -1 Inconsistent or invalid extensions in certificates.
- * 1 Tree initialized OK.
- * 2 Policy tree is empty.
- * 5 Tree OK and requireExplicitPolicy true.
- * 6 Tree empty and requireExplicitPolicy true.
- */
-
-static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
- unsigned int flags)
- {
- X509_POLICY_TREE *tree;
- X509_POLICY_LEVEL *level;
- const X509_POLICY_CACHE *cache;
- X509_POLICY_DATA *data = NULL;
- X509 *x;
- int ret = 1;
- int i, n;
- int explicit_policy;
- int any_skip;
- int map_skip;
- *ptree = NULL;
- n = sk_X509_num(certs);
-
- /* Disable policy mapping for now... */
- flags |= X509_V_FLAG_INHIBIT_MAP;
-
- if (flags & X509_V_FLAG_EXPLICIT_POLICY)
- explicit_policy = 0;
- else
- explicit_policy = n + 1;
-
- if (flags & X509_V_FLAG_INHIBIT_ANY)
- any_skip = 0;
- else
- any_skip = n + 1;
-
- if (flags & X509_V_FLAG_INHIBIT_MAP)
- map_skip = 0;
- else
- map_skip = n + 1;
-
- /* Can't do anything with just a trust anchor */
- if (n == 1)
- return 1;
- /* First setup policy cache in all certificates apart from the
- * trust anchor. Note any bad cache results on the way. Also can
- * calculate explicit_policy value at this point.
- */
- for (i = n - 2; i >= 0; i--)
- {
- x = sk_X509_value(certs, i);
- X509_check_purpose(x, -1, -1);
- cache = policy_cache_set(x);
- /* If cache NULL something bad happened: return immediately */
- if (cache == NULL)
- return 0;
- /* If inconsistent extensions keep a note of it but continue */
- if (x->ex_flags & EXFLAG_INVALID_POLICY)
- ret = -1;
- /* Otherwise if we have no data (hence no CertificatePolicies)
- * and haven't already set an inconsistent code note it.
- */
- else if ((ret == 1) && !cache->data)
- ret = 2;
- if (explicit_policy > 0)
- {
- if (!(x->ex_flags & EXFLAG_SI))
- explicit_policy--;
- if ((cache->explicit_skip != -1)
- && (cache->explicit_skip < explicit_policy))
- explicit_policy = cache->explicit_skip;
- }
- }
-
- if (ret != 1)
- {
- if (ret == 2 && !explicit_policy)
- return 6;
- return ret;
- }
-
-
- /* If we get this far initialize the tree */
-
- tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE));
-
- if (!tree)
- return 0;
-
- tree->flags = 0;
- tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n);
- tree->nlevel = 0;
- tree->extra_data = NULL;
- tree->auth_policies = NULL;
- tree->user_policies = NULL;
-
- if (!tree->levels)
- {
- OPENSSL_free(tree);
- return 0;
- }
-
- memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL));
-
- tree->nlevel = n;
-
- level = tree->levels;
-
- /* Root data: initialize to anyPolicy */
-
- data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0);
-
- if (!data || !level_add_node(level, data, NULL, tree))
- goto bad_tree;
-
- for (i = n - 2; i >= 0; i--)
- {
- level++;
- x = sk_X509_value(certs, i);
- cache = policy_cache_set(x);
-
- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
- level->cert = x;
-
- if (!cache->anyPolicy)
- level->flags |= X509_V_FLAG_INHIBIT_ANY;
-
- /* Determine inhibit any and inhibit map flags */
- if (any_skip == 0)
- {
- /* Any matching allowed if certificate is self
- * issued and not the last in the chain.
- */
- if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
- level->flags |= X509_V_FLAG_INHIBIT_ANY;
- }
- else
- {
- if (!(x->ex_flags & EXFLAG_SI))
- any_skip--;
- if ((cache->any_skip >= 0)
- && (cache->any_skip < any_skip))
- any_skip = cache->any_skip;
- }
-
- if (map_skip == 0)
- level->flags |= X509_V_FLAG_INHIBIT_MAP;
- else
- {
- map_skip--;
- if ((cache->map_skip >= 0)
- && (cache->map_skip < map_skip))
- map_skip = cache->map_skip;
- }
-
-
- }
-
- *ptree = tree;
-
- if (explicit_policy)
- return 1;
- else
- return 5;
-
- bad_tree:
-
- X509_policy_tree_free(tree);
-
- return 0;
-
- }
-
-/* This corresponds to RFC3280 XXXX XXXXX:
- * link any data from CertificatePolicies onto matching parent
- * or anyPolicy if no match.
- */
-
-static int tree_link_nodes(X509_POLICY_LEVEL *curr,
- const X509_POLICY_CACHE *cache)
- {
- int i;
- X509_POLICY_LEVEL *last;
- X509_POLICY_DATA *data;
- X509_POLICY_NODE *parent;
- last = curr - 1;
- for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++)
- {
- data = sk_X509_POLICY_DATA_value(cache->data, i);
- /* If a node is mapped any it doesn't have a corresponding
- * CertificatePolicies entry.
- * However such an identical node would be created
- * if anyPolicy matching is enabled because there would be
- * no match with the parent valid_policy_set. So we create
- * link because then it will have the mapping flags
- * right and we can prune it later.
- */
- if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY)
- && !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
- continue;
- /* Look for matching node in parent */
- parent = level_find_node(last, data->valid_policy);
- /* If no match link to anyPolicy */
- if (!parent)
- parent = last->anyPolicy;
- if (parent && !level_add_node(curr, data, parent, NULL))
- return 0;
- }
- return 1;
- }
-
-/* This corresponds to RFC3280 XXXX XXXXX:
- * Create new data for any unmatched policies in the parent and link
- * to anyPolicy.
- */
-
-static int tree_link_any(X509_POLICY_LEVEL *curr,
- const X509_POLICY_CACHE *cache,
- X509_POLICY_TREE *tree)
- {
- int i;
- X509_POLICY_DATA *data;
- X509_POLICY_NODE *node;
- X509_POLICY_LEVEL *last;
-
- last = curr - 1;
-
- for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++)
- {
- node = sk_X509_POLICY_NODE_value(last->nodes, i);
-
- /* Skip any node with any children: we only want unmathced
- * nodes.
- *
- * Note: need something better for policy mapping
- * because each node may have multiple children
- */
- if (node->nchild)
- continue;
- /* Create a new node with qualifiers from anyPolicy and
- * id from unmatched node.
- */
- data = policy_data_new(NULL, node->data->valid_policy,
- node_critical(node));
-
- if (data == NULL)
- return 0;
- /* Curr may not have anyPolicy */
- data->qualifier_set = cache->anyPolicy->qualifier_set;
- data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
- if (!level_add_node(curr, data, node, tree))
- {
- policy_data_free(data);
- return 0;
- }
- }
- /* Finally add link to anyPolicy */
- if (last->anyPolicy)
- {
- if (!level_add_node(curr, cache->anyPolicy,
- last->anyPolicy, NULL))
- return 0;
- }
- return 1;
- }
-
-/* Prune the tree: delete any child mapped child data on the current level
- * then proceed up the tree deleting any data with no children. If we ever
- * have no data on a level we can halt because the tree will be empty.
- */
-
-static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
- {
- X509_POLICY_NODE *node;
- int i;
- for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--)
- {
- node = sk_X509_POLICY_NODE_value(curr->nodes, i);
- /* Delete any mapped data: see RFC3280 XXXX */
- if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK)
- {
- node->parent->nchild--;
- OPENSSL_free(node);
- (void)sk_X509_POLICY_NODE_delete(curr->nodes, i);
- }
- }
-
- for(;;) {
- --curr;
- for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--)
- {
- node = sk_X509_POLICY_NODE_value(curr->nodes, i);
- if (node->nchild == 0)
- {
- node->parent->nchild--;
- OPENSSL_free(node);
- (void)sk_X509_POLICY_NODE_delete(curr->nodes, i);
- }
- }
- if (curr->anyPolicy && !curr->anyPolicy->nchild)
- {
- if (curr->anyPolicy->parent)
- curr->anyPolicy->parent->nchild--;
- OPENSSL_free(curr->anyPolicy);
- curr->anyPolicy = NULL;
- }
- if (curr == tree->levels)
- {
- /* If we zapped anyPolicy at top then tree is empty */
- if (!curr->anyPolicy)
- return 2;
- return 1;
- }
- }
-
- return 1;
-
- }
-
-static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
- X509_POLICY_NODE *pcy)
- {
- if (!*pnodes)
- {
- *pnodes = policy_node_cmp_new();
- if (!*pnodes)
- return 0;
- }
- else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1)
- return 1;
-
- if (!sk_X509_POLICY_NODE_push(*pnodes, pcy))
- return 0;
-
- return 1;
-
- }
-
-/* Calculate the authority set based on policy tree.
- * The 'pnodes' parameter is used as a store for the set of policy nodes
- * used to calculate the user set. If the authority set is not anyPolicy
- * then pnodes will just point to the authority set. If however the authority
- * set is anyPolicy then the set of valid policies (other than anyPolicy)
- * is store in pnodes. The return value of '2' is used in this case to indicate
- * that pnodes should be freed.
- */
-
-static int tree_calculate_authority_set(X509_POLICY_TREE *tree,
- STACK_OF(X509_POLICY_NODE) **pnodes)
- {
- X509_POLICY_LEVEL *curr;
- X509_POLICY_NODE *node, *anyptr;
- STACK_OF(X509_POLICY_NODE) **addnodes;
- int i, j;
- curr = tree->levels + tree->nlevel - 1;
-
- /* If last level contains anyPolicy set is anyPolicy */
- if (curr->anyPolicy)
- {
- if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy))
- return 0;
- addnodes = pnodes;
- }
- else
- /* Add policies to authority set */
- addnodes = &tree->auth_policies;
-
- curr = tree->levels;
- for (i = 1; i < tree->nlevel; i++)
- {
- /* If no anyPolicy node on this this level it can't
- * appear on lower levels so end search.
- */
- if (!(anyptr = curr->anyPolicy))
- break;
- curr++;
- for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++)
- {
- node = sk_X509_POLICY_NODE_value(curr->nodes, j);
- if ((node->parent == anyptr)
- && !tree_add_auth_node(addnodes, node))
- return 0;
- }
- }
-
- if (addnodes == pnodes)
- return 2;
-
- *pnodes = tree->auth_policies;
-
- return 1;
- }
-
-static int tree_calculate_user_set(X509_POLICY_TREE *tree,
- STACK_OF(ASN1_OBJECT) *policy_oids,
- STACK_OF(X509_POLICY_NODE) *auth_nodes)
- {
- int i;
- X509_POLICY_NODE *node;
- ASN1_OBJECT *oid;
-
- X509_POLICY_NODE *anyPolicy;
- X509_POLICY_DATA *extra;
-
- /* Check if anyPolicy present in authority constrained policy set:
- * this will happen if it is a leaf node.
- */
-
- if (sk_ASN1_OBJECT_num(policy_oids) <= 0)
- return 1;
-
- anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy;
-
- for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++)
- {
- oid = sk_ASN1_OBJECT_value(policy_oids, i);
- if (OBJ_obj2nid(oid) == NID_any_policy)
- {
- tree->flags |= POLICY_FLAG_ANY_POLICY;
- return 1;
- }
- }
-
- for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++)
- {
- oid = sk_ASN1_OBJECT_value(policy_oids, i);
- node = tree_find_sk(auth_nodes, oid);
- if (!node)
- {
- if (!anyPolicy)
- continue;
- /* Create a new node with policy ID from user set
- * and qualifiers from anyPolicy.
- */
- extra = policy_data_new(NULL, oid,
- node_critical(anyPolicy));
- if (!extra)
- return 0;
- extra->qualifier_set = anyPolicy->data->qualifier_set;
- extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
- | POLICY_DATA_FLAG_EXTRA_NODE;
- node = level_add_node(NULL, extra, anyPolicy->parent,
- tree);
- }
- if (!tree->user_policies)
- {
- tree->user_policies = sk_X509_POLICY_NODE_new_null();
- if (!tree->user_policies)
- return 1;
- }
- if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
- return 0;
- }
- return 1;
-
- }
-
-static int tree_evaluate(X509_POLICY_TREE *tree)
- {
- int ret, i;
- X509_POLICY_LEVEL *curr = tree->levels + 1;
- const X509_POLICY_CACHE *cache;
-
- for(i = 1; i < tree->nlevel; i++, curr++)
- {
- cache = policy_cache_set(curr->cert);
- if (!tree_link_nodes(curr, cache))
- return 0;
-
- if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
- && !tree_link_any(curr, cache, tree))
- return 0;
- ret = tree_prune(tree, curr);
- if (ret != 1)
- return ret;
- }
-
- return 1;
-
- }
-
-static void exnode_free(X509_POLICY_NODE *node)
- {
- if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE))
- OPENSSL_free(node);
- }
-
-
-void X509_policy_tree_free(X509_POLICY_TREE *tree)
- {
- X509_POLICY_LEVEL *curr;
- int i;
-
- if (!tree)
- return;
-
- sk_X509_POLICY_NODE_free(tree->auth_policies);
- sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
-
- for(i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++)
- {
- if (curr->cert)
- X509_free(curr->cert);
- if (curr->nodes)
- sk_X509_POLICY_NODE_pop_free(curr->nodes,
- policy_node_free);
- if (curr->anyPolicy)
- policy_node_free(curr->anyPolicy);
- }
-
- if (tree->extra_data)
- sk_X509_POLICY_DATA_pop_free(tree->extra_data,
- policy_data_free);
-
- OPENSSL_free(tree->levels);
- OPENSSL_free(tree);
-
- }
-
-/* Application policy checking function.
- * Return codes:
- * 0 Internal Error.
- * 1 Successful.
- * -1 One or more certificates contain invalid or inconsistent extensions
- * -2 User constrained policy set empty and requireExplicit true.
- */
-
-int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
- STACK_OF(X509) *certs,
- STACK_OF(ASN1_OBJECT) *policy_oids,
- unsigned int flags)
- {
- int ret;
- X509_POLICY_TREE *tree = NULL;
- STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
- *ptree = NULL;
-
- *pexplicit_policy = 0;
- ret = tree_init(&tree, certs, flags);
-
-
- switch (ret)
- {
-
- /* Tree empty requireExplicit False: OK */
- case 2:
- return 1;
-
- /* Some internal error */
- case -1:
- return -1;
-
- /* Some internal error */
- case 0:
- return 0;
-
- /* Tree empty requireExplicit True: Error */
-
- case 6:
- *pexplicit_policy = 1;
- return -2;
-
- /* Tree OK requireExplicit True: OK and continue */
- case 5:
- *pexplicit_policy = 1;
- break;
-
- /* Tree OK: continue */
-
- case 1:
- if (!tree)
- /*
- * tree_init() returns success and a null tree
- * if it's just looking at a trust anchor.
- * I'm not sure that returning success here is
- * correct, but I'm sure that reporting this
- * as an internal error which our caller
- * interprets as a malloc failure is wrong.
- */
- return 1;
- break;
- }
-
- if (!tree) goto error;
- ret = tree_evaluate(tree);
-
- if (ret <= 0)
- goto error;
-
- /* Return value 2 means tree empty */
- if (ret == 2)
- {
- X509_policy_tree_free(tree);
- if (*pexplicit_policy)
- return -2;
- else
- return 1;
- }
-
- /* Tree is not empty: continue */
-
- ret = tree_calculate_authority_set(tree, &auth_nodes);
-
- if (!ret)
- goto error;
-
- if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
- goto error;
-
- if (ret == 2)
- sk_X509_POLICY_NODE_free(auth_nodes);
-
- if (tree)
- *ptree = tree;
-
- if (*pexplicit_policy)
- {
- nodes = X509_policy_tree_get0_user_policies(tree);
- if (sk_X509_POLICY_NODE_num(nodes) <= 0)
- return -2;
- }
-
- return 1;
-
- error:
-
- X509_policy_tree_free(tree);
-
- return 0;
-
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_tree.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/pcy_tree.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_tree.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/pcy_tree.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,665 @@
+/* pcy_tree.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+/*-
+ * Initialize policy tree. Return values:
+ * 0 Some internal error occured.
+ * -1 Inconsistent or invalid extensions in certificates.
+ * 1 Tree initialized OK.
+ * 2 Policy tree is empty.
+ * 5 Tree OK and requireExplicitPolicy true.
+ * 6 Tree empty and requireExplicitPolicy true.
+ */
+
+static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+ unsigned int flags)
+{
+ X509_POLICY_TREE *tree;
+ X509_POLICY_LEVEL *level;
+ const X509_POLICY_CACHE *cache;
+ X509_POLICY_DATA *data = NULL;
+ X509 *x;
+ int ret = 1;
+ int i, n;
+ int explicit_policy;
+ int any_skip;
+ int map_skip;
+ *ptree = NULL;
+ n = sk_X509_num(certs);
+
+ /* Disable policy mapping for now... */
+ flags |= X509_V_FLAG_INHIBIT_MAP;
+
+ if (flags & X509_V_FLAG_EXPLICIT_POLICY)
+ explicit_policy = 0;
+ else
+ explicit_policy = n + 1;
+
+ if (flags & X509_V_FLAG_INHIBIT_ANY)
+ any_skip = 0;
+ else
+ any_skip = n + 1;
+
+ if (flags & X509_V_FLAG_INHIBIT_MAP)
+ map_skip = 0;
+ else
+ map_skip = n + 1;
+
+ /* Can't do anything with just a trust anchor */
+ if (n == 1)
+ return 1;
+ /*
+ * First setup policy cache in all certificates apart from the trust
+ * anchor. Note any bad cache results on the way. Also can calculate
+ * explicit_policy value at this point.
+ */
+ for (i = n - 2; i >= 0; i--) {
+ x = sk_X509_value(certs, i);
+ X509_check_purpose(x, -1, -1);
+ cache = policy_cache_set(x);
+ /* If cache NULL something bad happened: return immediately */
+ if (cache == NULL)
+ return 0;
+ /*
+ * If inconsistent extensions keep a note of it but continue
+ */
+ if (x->ex_flags & EXFLAG_INVALID_POLICY)
+ ret = -1;
+ /*
+ * Otherwise if we have no data (hence no CertificatePolicies) and
+ * haven't already set an inconsistent code note it.
+ */
+ else if ((ret == 1) && !cache->data)
+ ret = 2;
+ if (explicit_policy > 0) {
+ if (!(x->ex_flags & EXFLAG_SI))
+ explicit_policy--;
+ if ((cache->explicit_skip != -1)
+ && (cache->explicit_skip < explicit_policy))
+ explicit_policy = cache->explicit_skip;
+ }
+ }
+
+ if (ret != 1) {
+ if (ret == 2 && !explicit_policy)
+ return 6;
+ return ret;
+ }
+
+ /* If we get this far initialize the tree */
+
+ tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE));
+
+ if (!tree)
+ return 0;
+
+ tree->flags = 0;
+ tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n);
+ tree->nlevel = 0;
+ tree->extra_data = NULL;
+ tree->auth_policies = NULL;
+ tree->user_policies = NULL;
+
+ if (!tree->levels) {
+ OPENSSL_free(tree);
+ return 0;
+ }
+
+ memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL));
+
+ tree->nlevel = n;
+
+ level = tree->levels;
+
+ /* Root data: initialize to anyPolicy */
+
+ data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0);
+
+ if (!data || !level_add_node(level, data, NULL, tree))
+ goto bad_tree;
+
+ for (i = n - 2; i >= 0; i--) {
+ level++;
+ x = sk_X509_value(certs, i);
+ cache = policy_cache_set(x);
+
+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ level->cert = x;
+
+ if (!cache->anyPolicy)
+ level->flags |= X509_V_FLAG_INHIBIT_ANY;
+
+ /* Determine inhibit any and inhibit map flags */
+ if (any_skip == 0) {
+ /*
+ * Any matching allowed if certificate is self issued and not the
+ * last in the chain.
+ */
+ if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
+ level->flags |= X509_V_FLAG_INHIBIT_ANY;
+ } else {
+ if (!(x->ex_flags & EXFLAG_SI))
+ any_skip--;
+ if ((cache->any_skip >= 0)
+ && (cache->any_skip < any_skip))
+ any_skip = cache->any_skip;
+ }
+
+ if (map_skip == 0)
+ level->flags |= X509_V_FLAG_INHIBIT_MAP;
+ else {
+ map_skip--;
+ if ((cache->map_skip >= 0)
+ && (cache->map_skip < map_skip))
+ map_skip = cache->map_skip;
+ }
+
+ }
+
+ *ptree = tree;
+
+ if (explicit_policy)
+ return 1;
+ else
+ return 5;
+
+ bad_tree:
+
+ X509_policy_tree_free(tree);
+
+ return 0;
+
+}
+
+/*
+ * This corresponds to RFC3280 XXXX XXXXX: link any data from
+ * CertificatePolicies onto matching parent or anyPolicy if no match.
+ */
+
+static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+ const X509_POLICY_CACHE *cache)
+{
+ int i;
+ X509_POLICY_LEVEL *last;
+ X509_POLICY_DATA *data;
+ X509_POLICY_NODE *parent;
+ last = curr - 1;
+ for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
+ data = sk_X509_POLICY_DATA_value(cache->data, i);
+ /*
+ * If a node is mapped any it doesn't have a corresponding
+ * CertificatePolicies entry. However such an identical node would
+ * be created if anyPolicy matching is enabled because there would be
+ * no match with the parent valid_policy_set. So we create link
+ * because then it will have the mapping flags right and we can prune
+ * it later.
+ */
+ if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY)
+ && !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
+ continue;
+ /* Look for matching node in parent */
+ parent = level_find_node(last, data->valid_policy);
+ /* If no match link to anyPolicy */
+ if (!parent)
+ parent = last->anyPolicy;
+ if (parent && !level_add_node(curr, data, parent, NULL))
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ * This corresponds to RFC3280 XXXX XXXXX: Create new data for any unmatched
+ * policies in the parent and link to anyPolicy.
+ */
+
+static int tree_link_any(X509_POLICY_LEVEL *curr,
+ const X509_POLICY_CACHE *cache,
+ X509_POLICY_TREE *tree)
+{
+ int i;
+ X509_POLICY_DATA *data;
+ X509_POLICY_NODE *node;
+ X509_POLICY_LEVEL *last;
+
+ last = curr - 1;
+
+ for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) {
+ node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+ /*
+ * Skip any node with any children: we only want unmathced nodes.
+ * Note: need something better for policy mapping because each node
+ * may have multiple children
+ */
+ if (node->nchild)
+ continue;
+ /*
+ * Create a new node with qualifiers from anyPolicy and id from
+ * unmatched node.
+ */
+ data = policy_data_new(NULL, node->data->valid_policy,
+ node_critical(node));
+
+ if (data == NULL)
+ return 0;
+ /* Curr may not have anyPolicy */
+ data->qualifier_set = cache->anyPolicy->qualifier_set;
+ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+ if (!level_add_node(curr, data, node, tree)) {
+ policy_data_free(data);
+ return 0;
+ }
+ }
+ /* Finally add link to anyPolicy */
+ if (last->anyPolicy) {
+ if (!level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL))
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ * Prune the tree: delete any child mapped child data on the current level
+ * then proceed up the tree deleting any data with no children. If we ever
+ * have no data on a level we can halt because the tree will be empty.
+ */
+
+static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
+{
+ X509_POLICY_NODE *node;
+ int i;
+ for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) {
+ node = sk_X509_POLICY_NODE_value(curr->nodes, i);
+ /* Delete any mapped data: see RFC3280 XXXX */
+ if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) {
+ node->parent->nchild--;
+ OPENSSL_free(node);
+ (void)sk_X509_POLICY_NODE_delete(curr->nodes, i);
+ }
+ }
+
+ for (;;) {
+ --curr;
+ for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) {
+ node = sk_X509_POLICY_NODE_value(curr->nodes, i);
+ if (node->nchild == 0) {
+ node->parent->nchild--;
+ OPENSSL_free(node);
+ (void)sk_X509_POLICY_NODE_delete(curr->nodes, i);
+ }
+ }
+ if (curr->anyPolicy && !curr->anyPolicy->nchild) {
+ if (curr->anyPolicy->parent)
+ curr->anyPolicy->parent->nchild--;
+ OPENSSL_free(curr->anyPolicy);
+ curr->anyPolicy = NULL;
+ }
+ if (curr == tree->levels) {
+ /* If we zapped anyPolicy at top then tree is empty */
+ if (!curr->anyPolicy)
+ return 2;
+ return 1;
+ }
+ }
+
+ return 1;
+
+}
+
+static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
+ X509_POLICY_NODE *pcy)
+{
+ if (!*pnodes) {
+ *pnodes = policy_node_cmp_new();
+ if (!*pnodes)
+ return 0;
+ } else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1)
+ return 1;
+
+ if (!sk_X509_POLICY_NODE_push(*pnodes, pcy))
+ return 0;
+
+ return 1;
+
+}
+
+/*
+ * Calculate the authority set based on policy tree. The 'pnodes' parameter
+ * is used as a store for the set of policy nodes used to calculate the user
+ * set. If the authority set is not anyPolicy then pnodes will just point to
+ * the authority set. If however the authority set is anyPolicy then the set
+ * of valid policies (other than anyPolicy) is store in pnodes. The return
+ * value of '2' is used in this case to indicate that pnodes should be freed.
+ */
+
+static int tree_calculate_authority_set(X509_POLICY_TREE *tree,
+ STACK_OF(X509_POLICY_NODE) **pnodes)
+{
+ X509_POLICY_LEVEL *curr;
+ X509_POLICY_NODE *node, *anyptr;
+ STACK_OF(X509_POLICY_NODE) **addnodes;
+ int i, j;
+ curr = tree->levels + tree->nlevel - 1;
+
+ /* If last level contains anyPolicy set is anyPolicy */
+ if (curr->anyPolicy) {
+ if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy))
+ return 0;
+ addnodes = pnodes;
+ } else
+ /* Add policies to authority set */
+ addnodes = &tree->auth_policies;
+
+ curr = tree->levels;
+ for (i = 1; i < tree->nlevel; i++) {
+ /*
+ * If no anyPolicy node on this this level it can't appear on lower
+ * levels so end search.
+ */
+ if (!(anyptr = curr->anyPolicy))
+ break;
+ curr++;
+ for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) {
+ node = sk_X509_POLICY_NODE_value(curr->nodes, j);
+ if ((node->parent == anyptr)
+ && !tree_add_auth_node(addnodes, node))
+ return 0;
+ }
+ }
+
+ if (addnodes == pnodes)
+ return 2;
+
+ *pnodes = tree->auth_policies;
+
+ return 1;
+}
+
+static int tree_calculate_user_set(X509_POLICY_TREE *tree,
+ STACK_OF(ASN1_OBJECT) *policy_oids,
+ STACK_OF(X509_POLICY_NODE) *auth_nodes)
+{
+ int i;
+ X509_POLICY_NODE *node;
+ ASN1_OBJECT *oid;
+
+ X509_POLICY_NODE *anyPolicy;
+ X509_POLICY_DATA *extra;
+
+ /*
+ * Check if anyPolicy present in authority constrained policy set: this
+ * will happen if it is a leaf node.
+ */
+
+ if (sk_ASN1_OBJECT_num(policy_oids) <= 0)
+ return 1;
+
+ anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy;
+
+ for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) {
+ oid = sk_ASN1_OBJECT_value(policy_oids, i);
+ if (OBJ_obj2nid(oid) == NID_any_policy) {
+ tree->flags |= POLICY_FLAG_ANY_POLICY;
+ return 1;
+ }
+ }
+
+ for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) {
+ oid = sk_ASN1_OBJECT_value(policy_oids, i);
+ node = tree_find_sk(auth_nodes, oid);
+ if (!node) {
+ if (!anyPolicy)
+ continue;
+ /*
+ * Create a new node with policy ID from user set and qualifiers
+ * from anyPolicy.
+ */
+ extra = policy_data_new(NULL, oid, node_critical(anyPolicy));
+ if (!extra)
+ return 0;
+ extra->qualifier_set = anyPolicy->data->qualifier_set;
+ extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
+ | POLICY_DATA_FLAG_EXTRA_NODE;
+ node = level_add_node(NULL, extra, anyPolicy->parent, tree);
+ }
+ if (!tree->user_policies) {
+ tree->user_policies = sk_X509_POLICY_NODE_new_null();
+ if (!tree->user_policies)
+ return 1;
+ }
+ if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
+ return 0;
+ }
+ return 1;
+
+}
+
+static int tree_evaluate(X509_POLICY_TREE *tree)
+{
+ int ret, i;
+ X509_POLICY_LEVEL *curr = tree->levels + 1;
+ const X509_POLICY_CACHE *cache;
+
+ for (i = 1; i < tree->nlevel; i++, curr++) {
+ cache = policy_cache_set(curr->cert);
+ if (!tree_link_nodes(curr, cache))
+ return 0;
+
+ if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
+ && !tree_link_any(curr, cache, tree))
+ return 0;
+ ret = tree_prune(tree, curr);
+ if (ret != 1)
+ return ret;
+ }
+
+ return 1;
+
+}
+
+static void exnode_free(X509_POLICY_NODE *node)
+{
+ if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE))
+ OPENSSL_free(node);
+}
+
+void X509_policy_tree_free(X509_POLICY_TREE *tree)
+{
+ X509_POLICY_LEVEL *curr;
+ int i;
+
+ if (!tree)
+ return;
+
+ sk_X509_POLICY_NODE_free(tree->auth_policies);
+ sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
+
+ for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
+ if (curr->cert)
+ X509_free(curr->cert);
+ if (curr->nodes)
+ sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
+ if (curr->anyPolicy)
+ policy_node_free(curr->anyPolicy);
+ }
+
+ if (tree->extra_data)
+ sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
+
+ OPENSSL_free(tree->levels);
+ OPENSSL_free(tree);
+
+}
+
+/*-
+ * Application policy checking function.
+ * Return codes:
+ * 0 Internal Error.
+ * 1 Successful.
+ * -1 One or more certificates contain invalid or inconsistent extensions
+ * -2 User constrained policy set empty and requireExplicit true.
+ */
+
+int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+ STACK_OF(X509) *certs,
+ STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
+{
+ int ret;
+ X509_POLICY_TREE *tree = NULL;
+ STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
+ *ptree = NULL;
+
+ *pexplicit_policy = 0;
+ ret = tree_init(&tree, certs, flags);
+
+ switch (ret) {
+
+ /* Tree empty requireExplicit False: OK */
+ case 2:
+ return 1;
+
+ /* Some internal error */
+ case -1:
+ return -1;
+
+ /* Some internal error */
+ case 0:
+ return 0;
+
+ /* Tree empty requireExplicit True: Error */
+
+ case 6:
+ *pexplicit_policy = 1;
+ return -2;
+
+ /* Tree OK requireExplicit True: OK and continue */
+ case 5:
+ *pexplicit_policy = 1;
+ break;
+
+ /* Tree OK: continue */
+
+ case 1:
+ if (!tree)
+ /*
+ * tree_init() returns success and a null tree
+ * if it's just looking at a trust anchor.
+ * I'm not sure that returning success here is
+ * correct, but I'm sure that reporting this
+ * as an internal error which our caller
+ * interprets as a malloc failure is wrong.
+ */
+ return 1;
+ break;
+ }
+
+ if (!tree)
+ goto error;
+ ret = tree_evaluate(tree);
+
+ if (ret <= 0)
+ goto error;
+
+ /* Return value 2 means tree empty */
+ if (ret == 2) {
+ X509_policy_tree_free(tree);
+ if (*pexplicit_policy)
+ return -2;
+ else
+ return 1;
+ }
+
+ /* Tree is not empty: continue */
+
+ ret = tree_calculate_authority_set(tree, &auth_nodes);
+
+ if (!ret)
+ goto error;
+
+ if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
+ goto error;
+
+ if (ret == 2)
+ sk_X509_POLICY_NODE_free(auth_nodes);
+
+ if (tree)
+ *ptree = tree;
+
+ if (*pexplicit_policy) {
+ nodes = X509_policy_tree_get0_user_policies(tree);
+ if (sk_X509_POLICY_NODE_num(nodes) <= 0)
+ return -2;
+ }
+
+ return 1;
+
+ error:
+
+ X509_policy_tree_free(tree);
+
+ return 0;
+
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/tabtest.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/tabtest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/tabtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,88 +0,0 @@
-/* tabtest.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* Simple program to check the ext_dat.h is correct and print out
- * problems if it is not.
- */
-
-#include <stdio.h>
-
-#include <openssl/x509v3.h>
-
-#include "ext_dat.h"
-
-main()
-{
- int i, prev = -1, bad = 0;
- X509V3_EXT_METHOD **tmp;
- i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *);
- if(i != STANDARD_EXTENSION_COUNT)
- fprintf(stderr, "Extension number invalid expecting %d\n", i);
- tmp = standard_exts;
- for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) {
- if((*tmp)->ext_nid < prev) bad = 1;
- prev = (*tmp)->ext_nid;
-
- }
- if(bad) {
- tmp = standard_exts;
- fprintf(stderr, "Extensions out of order!\n");
- for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
- printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
- } else fprintf(stderr, "Order OK\n");
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/tabtest.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/tabtest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/tabtest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/tabtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,92 @@
+/* tabtest.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * Simple program to check the ext_dat.h is correct and print out problems if
+ * it is not.
+ */
+
+#include <stdio.h>
+
+#include <openssl/x509v3.h>
+
+#include "ext_dat.h"
+
+main()
+{
+ int i, prev = -1, bad = 0;
+ X509V3_EXT_METHOD **tmp;
+ i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *);
+ if (i != STANDARD_EXTENSION_COUNT)
+ fprintf(stderr, "Extension number invalid expecting %d\n", i);
+ tmp = standard_exts;
+ for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) {
+ if ((*tmp)->ext_nid < prev)
+ bad = 1;
+ prev = (*tmp)->ext_nid;
+
+ }
+ if (bad) {
+ tmp = standard_exts;
+ fprintf(stderr, "Extensions out of order!\n");
+ for (i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
+ printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
+ } else
+ fprintf(stderr, "Order OK\n");
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_addr.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_addr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_addr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1337 +0,0 @@
-/*
- * Contributed to the OpenSSL Project by the American Registry for
- * Internet Numbers ("ARIN").
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- */
-
-/*
- * Implementation of RFC 3779 section 2.2.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/buffer.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_NO_RFC3779
-
-/*
- * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
- */
-
-ASN1_SEQUENCE(IPAddressRange) = {
- ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
- ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(IPAddressRange)
-
-ASN1_CHOICE(IPAddressOrRange) = {
- ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
- ASN1_SIMPLE(IPAddressOrRange, u.addressRange, IPAddressRange)
-} ASN1_CHOICE_END(IPAddressOrRange)
-
-ASN1_CHOICE(IPAddressChoice) = {
- ASN1_SIMPLE(IPAddressChoice, u.inherit, ASN1_NULL),
- ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
-} ASN1_CHOICE_END(IPAddressChoice)
-
-ASN1_SEQUENCE(IPAddressFamily) = {
- ASN1_SIMPLE(IPAddressFamily, addressFamily, ASN1_OCTET_STRING),
- ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
-} ASN1_SEQUENCE_END(IPAddressFamily)
-
-ASN1_ITEM_TEMPLATE(IPAddrBlocks) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
- IPAddrBlocks, IPAddressFamily)
-ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
-
-IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
-IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
-IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)
-IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
-
-/*
- * How much buffer space do we need for a raw address?
- */
-#define ADDR_RAW_BUF_LEN 16
-
-/*
- * What's the address length associated with this AFI?
- */
-static int length_from_afi(const unsigned afi)
-{
- switch (afi) {
- case IANA_AFI_IPV4:
- return 4;
- case IANA_AFI_IPV6:
- return 16;
- default:
- return 0;
- }
-}
-
-/*
- * Extract the AFI from an IPAddressFamily.
- */
-unsigned int v3_addr_get_afi(const IPAddressFamily *f)
-{
- return ((f != NULL &&
- f->addressFamily != NULL &&
- f->addressFamily->data != NULL)
- ? ((f->addressFamily->data[0] << 8) |
- (f->addressFamily->data[1]))
- : 0);
-}
-
-/*
- * Expand the bitstring form of an address into a raw byte array.
- * At the moment this is coded for simplicity, not speed.
- */
-static int addr_expand(unsigned char *addr,
- const ASN1_BIT_STRING *bs,
- const int length,
- const unsigned char fill)
-{
- if (bs->length < 0 || bs->length > length)
- return 0;
- if (bs->length > 0) {
- memcpy(addr, bs->data, bs->length);
- if ((bs->flags & 7) != 0) {
- unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
- if (fill == 0)
- addr[bs->length - 1] &= ~mask;
- else
- addr[bs->length - 1] |= mask;
- }
- }
- memset(addr + bs->length, fill, length - bs->length);
- return 1;
-}
-
-/*
- * Extract the prefix length from a bitstring.
- */
-#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
-
-/*
- * i2r handler for one address bitstring.
- */
-static int i2r_address(BIO *out,
- const unsigned afi,
- const unsigned char fill,
- const ASN1_BIT_STRING *bs)
-{
- unsigned char addr[ADDR_RAW_BUF_LEN];
- int i, n;
-
- if (bs->length < 0)
- return 0;
- switch (afi) {
- case IANA_AFI_IPV4:
- if (!addr_expand(addr, bs, 4, fill))
- return 0;
- BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
- break;
- case IANA_AFI_IPV6:
- if (!addr_expand(addr, bs, 16, fill))
- return 0;
- for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
- ;
- for (i = 0; i < n; i += 2)
- BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : ""));
- if (i < 16)
- BIO_puts(out, ":");
- if (i == 0)
- BIO_puts(out, ":");
- break;
- default:
- for (i = 0; i < bs->length; i++)
- BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
- BIO_printf(out, "[%d]", (int) (bs->flags & 7));
- break;
- }
- return 1;
-}
-
-/*
- * i2r handler for a sequence of addresses and ranges.
- */
-static int i2r_IPAddressOrRanges(BIO *out,
- const int indent,
- const IPAddressOrRanges *aors,
- const unsigned afi)
-{
- int i;
- for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
- const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
- BIO_printf(out, "%*s", indent, "");
- switch (aor->type) {
- case IPAddressOrRange_addressPrefix:
- if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
- return 0;
- BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
- continue;
- case IPAddressOrRange_addressRange:
- if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
- return 0;
- BIO_puts(out, "-");
- if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
- return 0;
- BIO_puts(out, "\n");
- continue;
- }
- }
- return 1;
-}
-
-/*
- * i2r handler for an IPAddrBlocks extension.
- */
-static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
- void *ext,
- BIO *out,
- int indent)
-{
- const IPAddrBlocks *addr = ext;
- int i;
- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
- IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
- const unsigned int afi = v3_addr_get_afi(f);
- switch (afi) {
- case IANA_AFI_IPV4:
- BIO_printf(out, "%*sIPv4", indent, "");
- break;
- case IANA_AFI_IPV6:
- BIO_printf(out, "%*sIPv6", indent, "");
- break;
- default:
- BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
- break;
- }
- if (f->addressFamily->length > 2) {
- switch (f->addressFamily->data[2]) {
- case 1:
- BIO_puts(out, " (Unicast)");
- break;
- case 2:
- BIO_puts(out, " (Multicast)");
- break;
- case 3:
- BIO_puts(out, " (Unicast/Multicast)");
- break;
- case 4:
- BIO_puts(out, " (MPLS)");
- break;
- case 64:
- BIO_puts(out, " (Tunnel)");
- break;
- case 65:
- BIO_puts(out, " (VPLS)");
- break;
- case 66:
- BIO_puts(out, " (BGP MDT)");
- break;
- case 128:
- BIO_puts(out, " (MPLS-labeled VPN)");
- break;
- default:
- BIO_printf(out, " (Unknown SAFI %u)",
- (unsigned) f->addressFamily->data[2]);
- break;
- }
- }
- switch (f->ipAddressChoice->type) {
- case IPAddressChoice_inherit:
- BIO_puts(out, ": inherit\n");
- break;
- case IPAddressChoice_addressesOrRanges:
- BIO_puts(out, ":\n");
- if (!i2r_IPAddressOrRanges(out,
- indent + 2,
- f->ipAddressChoice->u.addressesOrRanges,
- afi))
- return 0;
- break;
- }
- }
- return 1;
-}
-
-/*
- * Sort comparison function for a sequence of IPAddressOrRange
- * elements.
- *
- * There's no sane answer we can give if addr_expand() fails, and an
- * assertion failure on externally supplied data is seriously uncool,
- * so we just arbitrarily declare that if given invalid inputs this
- * function returns -1. If this messes up your preferred sort order
- * for garbage input, tough noogies.
- */
-static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
- const IPAddressOrRange *b,
- const int length)
-{
- unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
- int prefixlen_a = 0;
- int prefixlen_b = 0;
- int r;
-
- switch (a->type) {
- case IPAddressOrRange_addressPrefix:
- if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
- return -1;
- prefixlen_a = addr_prefixlen(a->u.addressPrefix);
- break;
- case IPAddressOrRange_addressRange:
- if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
- return -1;
- prefixlen_a = length * 8;
- break;
- }
-
- switch (b->type) {
- case IPAddressOrRange_addressPrefix:
- if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
- return -1;
- prefixlen_b = addr_prefixlen(b->u.addressPrefix);
- break;
- case IPAddressOrRange_addressRange:
- if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
- return -1;
- prefixlen_b = length * 8;
- break;
- }
-
- if ((r = memcmp(addr_a, addr_b, length)) != 0)
- return r;
- else
- return prefixlen_a - prefixlen_b;
-}
-
-/*
- * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
- * comparision routines are only allowed two arguments.
- */
-static int v4IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
- const IPAddressOrRange * const *b)
-{
- return IPAddressOrRange_cmp(*a, *b, 4);
-}
-
-/*
- * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
- * comparision routines are only allowed two arguments.
- */
-static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
- const IPAddressOrRange * const *b)
-{
- return IPAddressOrRange_cmp(*a, *b, 16);
-}
-
-/*
- * Calculate whether a range collapses to a prefix.
- * See last paragraph of RFC 3779 2.2.3.7.
- */
-static int range_should_be_prefix(const unsigned char *min,
- const unsigned char *max,
- const int length)
-{
- unsigned char mask;
- int i, j;
-
- OPENSSL_assert(memcmp(min, max, length) <= 0);
- for (i = 0; i < length && min[i] == max[i]; i++)
- ;
- for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)
- ;
- if (i < j)
- return -1;
- if (i > j)
- return i * 8;
- mask = min[i] ^ max[i];
- switch (mask) {
- case 0x01: j = 7; break;
- case 0x03: j = 6; break;
- case 0x07: j = 5; break;
- case 0x0F: j = 4; break;
- case 0x1F: j = 3; break;
- case 0x3F: j = 2; break;
- case 0x7F: j = 1; break;
- default: return -1;
- }
- if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
- return -1;
- else
- return i * 8 + j;
-}
-
-/*
- * Construct a prefix.
- */
-static int make_addressPrefix(IPAddressOrRange **result,
- unsigned char *addr,
- const int prefixlen)
-{
- int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
- IPAddressOrRange *aor = IPAddressOrRange_new();
-
- if (aor == NULL)
- return 0;
- aor->type = IPAddressOrRange_addressPrefix;
- if (aor->u.addressPrefix == NULL &&
- (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
- goto err;
- if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
- goto err;
- aor->u.addressPrefix->flags &= ~7;
- aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
- if (bitlen > 0) {
- aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
- aor->u.addressPrefix->flags |= 8 - bitlen;
- }
-
- *result = aor;
- return 1;
-
- err:
- IPAddressOrRange_free(aor);
- return 0;
-}
-
-/*
- * Construct a range. If it can be expressed as a prefix,
- * return a prefix instead. Doing this here simplifies
- * the rest of the code considerably.
- */
-static int make_addressRange(IPAddressOrRange **result,
- unsigned char *min,
- unsigned char *max,
- const int length)
-{
- IPAddressOrRange *aor;
- int i, prefixlen;
-
- if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
- return make_addressPrefix(result, min, prefixlen);
-
- if ((aor = IPAddressOrRange_new()) == NULL)
- return 0;
- aor->type = IPAddressOrRange_addressRange;
- OPENSSL_assert(aor->u.addressRange == NULL);
- if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
- goto err;
- if (aor->u.addressRange->min == NULL &&
- (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
- goto err;
- if (aor->u.addressRange->max == NULL &&
- (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
- goto err;
-
- for (i = length; i > 0 && min[i - 1] == 0x00; --i)
- ;
- if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
- goto err;
- aor->u.addressRange->min->flags &= ~7;
- aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
- if (i > 0) {
- unsigned char b = min[i - 1];
- int j = 1;
- while ((b & (0xFFU >> j)) != 0)
- ++j;
- aor->u.addressRange->min->flags |= 8 - j;
- }
-
- for (i = length; i > 0 && max[i - 1] == 0xFF; --i)
- ;
- if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
- goto err;
- aor->u.addressRange->max->flags &= ~7;
- aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
- if (i > 0) {
- unsigned char b = max[i - 1];
- int j = 1;
- while ((b & (0xFFU >> j)) != (0xFFU >> j))
- ++j;
- aor->u.addressRange->max->flags |= 8 - j;
- }
-
- *result = aor;
- return 1;
-
- err:
- IPAddressOrRange_free(aor);
- return 0;
-}
-
-/*
- * Construct a new address family or find an existing one.
- */
-static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
- const unsigned afi,
- const unsigned *safi)
-{
- IPAddressFamily *f;
- unsigned char key[3];
- unsigned keylen;
- int i;
-
- key[0] = (afi >> 8) & 0xFF;
- key[1] = afi & 0xFF;
- if (safi != NULL) {
- key[2] = *safi & 0xFF;
- keylen = 3;
- } else {
- keylen = 2;
- }
-
- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
- f = sk_IPAddressFamily_value(addr, i);
- OPENSSL_assert(f->addressFamily->data != NULL);
- if (f->addressFamily->length == keylen &&
- !memcmp(f->addressFamily->data, key, keylen))
- return f;
- }
-
- if ((f = IPAddressFamily_new()) == NULL)
- goto err;
- if (f->ipAddressChoice == NULL &&
- (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
- goto err;
- if (f->addressFamily == NULL &&
- (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
- goto err;
- if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
- goto err;
- if (!sk_IPAddressFamily_push(addr, f))
- goto err;
-
- return f;
-
- err:
- IPAddressFamily_free(f);
- return NULL;
-}
-
-/*
- * Add an inheritance element.
- */
-int v3_addr_add_inherit(IPAddrBlocks *addr,
- const unsigned afi,
- const unsigned *safi)
-{
- IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
- if (f == NULL ||
- f->ipAddressChoice == NULL ||
- (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
- f->ipAddressChoice->u.addressesOrRanges != NULL))
- return 0;
- if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
- f->ipAddressChoice->u.inherit != NULL)
- return 1;
- if (f->ipAddressChoice->u.inherit == NULL &&
- (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
- return 0;
- f->ipAddressChoice->type = IPAddressChoice_inherit;
- return 1;
-}
-
-/*
- * Construct an IPAddressOrRange sequence, or return an existing one.
- */
-static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
- const unsigned afi,
- const unsigned *safi)
-{
- IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
- IPAddressOrRanges *aors = NULL;
-
- if (f == NULL ||
- f->ipAddressChoice == NULL ||
- (f->ipAddressChoice->type == IPAddressChoice_inherit &&
- f->ipAddressChoice->u.inherit != NULL))
- return NULL;
- if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
- aors = f->ipAddressChoice->u.addressesOrRanges;
- if (aors != NULL)
- return aors;
- if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
- return NULL;
- switch (afi) {
- case IANA_AFI_IPV4:
- (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
- break;
- case IANA_AFI_IPV6:
- (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
- break;
- }
- f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
- f->ipAddressChoice->u.addressesOrRanges = aors;
- return aors;
-}
-
-/*
- * Add a prefix.
- */
-int v3_addr_add_prefix(IPAddrBlocks *addr,
- const unsigned afi,
- const unsigned *safi,
- unsigned char *a,
- const int prefixlen)
-{
- IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
- IPAddressOrRange *aor;
- if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
- return 0;
- if (sk_IPAddressOrRange_push(aors, aor))
- return 1;
- IPAddressOrRange_free(aor);
- return 0;
-}
-
-/*
- * Add a range.
- */
-int v3_addr_add_range(IPAddrBlocks *addr,
- const unsigned afi,
- const unsigned *safi,
- unsigned char *min,
- unsigned char *max)
-{
- IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
- IPAddressOrRange *aor;
- int length = length_from_afi(afi);
- if (aors == NULL)
- return 0;
- if (!make_addressRange(&aor, min, max, length))
- return 0;
- if (sk_IPAddressOrRange_push(aors, aor))
- return 1;
- IPAddressOrRange_free(aor);
- return 0;
-}
-
-/*
- * Extract min and max values from an IPAddressOrRange.
- */
-static int extract_min_max(IPAddressOrRange *aor,
- unsigned char *min,
- unsigned char *max,
- int length)
-{
- if (aor == NULL || min == NULL || max == NULL)
- return 0;
- switch (aor->type) {
- case IPAddressOrRange_addressPrefix:
- return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
- addr_expand(max, aor->u.addressPrefix, length, 0xFF));
- case IPAddressOrRange_addressRange:
- return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
- addr_expand(max, aor->u.addressRange->max, length, 0xFF));
- }
- return 0;
-}
-
-/*
- * Public wrapper for extract_min_max().
- */
-int v3_addr_get_range(IPAddressOrRange *aor,
- const unsigned afi,
- unsigned char *min,
- unsigned char *max,
- const int length)
-{
- int afi_length = length_from_afi(afi);
- if (aor == NULL || min == NULL || max == NULL ||
- afi_length == 0 || length < afi_length ||
- (aor->type != IPAddressOrRange_addressPrefix &&
- aor->type != IPAddressOrRange_addressRange) ||
- !extract_min_max(aor, min, max, afi_length))
- return 0;
-
- return afi_length;
-}
-
-/*
- * Sort comparision function for a sequence of IPAddressFamily.
- *
- * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
- * the ordering: I can read it as meaning that IPv6 without a SAFI
- * comes before IPv4 with a SAFI, which seems pretty weird. The
- * examples in appendix B suggest that the author intended the
- * null-SAFI rule to apply only within a single AFI, which is what I
- * would have expected and is what the following code implements.
- */
-static int IPAddressFamily_cmp(const IPAddressFamily * const *a_,
- const IPAddressFamily * const *b_)
-{
- const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
- const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
- int len = ((a->length <= b->length) ? a->length : b->length);
- int cmp = memcmp(a->data, b->data, len);
- return cmp ? cmp : a->length - b->length;
-}
-
-/*
- * Check whether an IPAddrBLocks is in canonical form.
- */
-int v3_addr_is_canonical(IPAddrBlocks *addr)
-{
- unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
- unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
- IPAddressOrRanges *aors;
- int i, j, k;
-
- /*
- * Empty extension is cannonical.
- */
- if (addr == NULL)
- return 1;
-
- /*
- * Check whether the top-level list is in order.
- */
- for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
- const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
- const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
- if (IPAddressFamily_cmp(&a, &b) >= 0)
- return 0;
- }
-
- /*
- * Top level's ok, now check each address family.
- */
- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
- IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
- int length = length_from_afi(v3_addr_get_afi(f));
-
- /*
- * Inheritance is canonical. Anything other than inheritance or
- * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
- */
- if (f == NULL || f->ipAddressChoice == NULL)
- return 0;
- switch (f->ipAddressChoice->type) {
- case IPAddressChoice_inherit:
- continue;
- case IPAddressChoice_addressesOrRanges:
- break;
- default:
- return 0;
- }
-
- /*
- * It's an IPAddressOrRanges sequence, check it.
- */
- aors = f->ipAddressChoice->u.addressesOrRanges;
- if (sk_IPAddressOrRange_num(aors) == 0)
- return 0;
- for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
- IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
-
- if (!extract_min_max(a, a_min, a_max, length) ||
- !extract_min_max(b, b_min, b_max, length))
- return 0;
-
- /*
- * Punt misordered list, overlapping start, or inverted range.
- */
- if (memcmp(a_min, b_min, length) >= 0 ||
- memcmp(a_min, a_max, length) > 0 ||
- memcmp(b_min, b_max, length) > 0)
- return 0;
-
- /*
- * Punt if adjacent or overlapping. Check for adjacency by
- * subtracting one from b_min first.
- */
- for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--)
- ;
- if (memcmp(a_max, b_min, length) >= 0)
- return 0;
-
- /*
- * Check for range that should be expressed as a prefix.
- */
- if (a->type == IPAddressOrRange_addressRange &&
- range_should_be_prefix(a_min, a_max, length) >= 0)
- return 0;
- }
-
- /*
- * Check range to see if it's inverted or should be a
- * prefix.
- */
- j = sk_IPAddressOrRange_num(aors) - 1;
- {
- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
- if (a != NULL && a->type == IPAddressOrRange_addressRange) {
- if (!extract_min_max(a, a_min, a_max, length))
- return 0;
- if (memcmp(a_min, a_max, length) > 0 ||
- range_should_be_prefix(a_min, a_max, length) >= 0)
- return 0;
- }
- }
- }
-
- /*
- * If we made it through all that, we're happy.
- */
- return 1;
-}
-
-/*
- * Whack an IPAddressOrRanges into canonical form.
- */
-static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
- const unsigned afi)
-{
- int i, j, length = length_from_afi(afi);
-
- /*
- * Sort the IPAddressOrRanges sequence.
- */
- sk_IPAddressOrRange_sort(aors);
-
- /*
- * Clean up representation issues, punt on duplicates or overlaps.
- */
- for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
- IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
- unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
- unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
-
- if (!extract_min_max(a, a_min, a_max, length) ||
- !extract_min_max(b, b_min, b_max, length))
- return 0;
-
- /*
- * Punt inverted ranges.
- */
- if (memcmp(a_min, a_max, length) > 0 ||
- memcmp(b_min, b_max, length) > 0)
- return 0;
-
- /*
- * Punt overlaps.
- */
- if (memcmp(a_max, b_min, length) >= 0)
- return 0;
-
- /*
- * Merge if a and b are adjacent. We check for
- * adjacency by subtracting one from b_min first.
- */
- for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--)
- ;
- if (memcmp(a_max, b_min, length) == 0) {
- IPAddressOrRange *merged;
- if (!make_addressRange(&merged, a_min, b_max, length))
- return 0;
- sk_IPAddressOrRange_set(aors, i, merged);
- (void)sk_IPAddressOrRange_delete(aors, i + 1);
- IPAddressOrRange_free(a);
- IPAddressOrRange_free(b);
- --i;
- continue;
- }
- }
-
- /*
- * Check for inverted final range.
- */
- j = sk_IPAddressOrRange_num(aors) - 1;
- {
- IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
- if (a != NULL && a->type == IPAddressOrRange_addressRange) {
- unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
- extract_min_max(a, a_min, a_max, length);
- if (memcmp(a_min, a_max, length) > 0)
- return 0;
- }
- }
-
- return 1;
-}
-
-/*
- * Whack an IPAddrBlocks extension into canonical form.
- */
-int v3_addr_canonize(IPAddrBlocks *addr)
-{
- int i;
- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
- IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
- if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
- !IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges,
- v3_addr_get_afi(f)))
- return 0;
- }
- (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
- sk_IPAddressFamily_sort(addr);
- OPENSSL_assert(v3_addr_is_canonical(addr));
- return 1;
-}
-
-/*
- * v2i handler for the IPAddrBlocks extension.
- */
-static void *v2i_IPAddrBlocks(struct v3_ext_method *method,
- struct v3_ext_ctx *ctx,
- STACK_OF(CONF_VALUE) *values)
-{
- static const char v4addr_chars[] = "0123456789.";
- static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
- IPAddrBlocks *addr = NULL;
- char *s = NULL, *t;
- int i;
-
- if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
- CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
- unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
- unsigned afi, *safi = NULL, safi_;
- const char *addr_chars;
- int prefixlen, i1, i2, delim, length;
-
- if ( !name_cmp(val->name, "IPv4")) {
- afi = IANA_AFI_IPV4;
- } else if (!name_cmp(val->name, "IPv6")) {
- afi = IANA_AFI_IPV6;
- } else if (!name_cmp(val->name, "IPv4-SAFI")) {
- afi = IANA_AFI_IPV4;
- safi = &safi_;
- } else if (!name_cmp(val->name, "IPv6-SAFI")) {
- afi = IANA_AFI_IPV6;
- safi = &safi_;
- } else {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_NAME_ERROR);
- X509V3_conf_err(val);
- goto err;
- }
-
- switch (afi) {
- case IANA_AFI_IPV4:
- addr_chars = v4addr_chars;
- break;
- case IANA_AFI_IPV6:
- addr_chars = v6addr_chars;
- break;
- }
-
- length = length_from_afi(afi);
-
- /*
- * Handle SAFI, if any, and BUF_strdup() so we can null-terminate
- * the other input values.
- */
- if (safi != NULL) {
- *safi = strtoul(val->value, &t, 0);
- t += strspn(t, " \t");
- if (*safi > 0xFF || *t++ != ':') {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
- X509V3_conf_err(val);
- goto err;
- }
- t += strspn(t, " \t");
- s = BUF_strdup(t);
- } else {
- s = BUF_strdup(val->value);
- }
- if (s == NULL) {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /*
- * Check for inheritance. Not worth additional complexity to
- * optimize this (seldom-used) case.
- */
- if (!strcmp(s, "inherit")) {
- if (!v3_addr_add_inherit(addr, afi, safi)) {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE);
- X509V3_conf_err(val);
- goto err;
- }
- OPENSSL_free(s);
- s = NULL;
- continue;
- }
-
- i1 = strspn(s, addr_chars);
- i2 = i1 + strspn(s + i1, " \t");
- delim = s[i2++];
- s[i1] = '\0';
-
- if (a2i_ipadd(min, s) != length) {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
- X509V3_conf_err(val);
- goto err;
- }
-
- switch (delim) {
- case '/':
- prefixlen = (int) strtoul(s + i2, &t, 10);
- if (t == s + i2 || *t != '\0') {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
- X509V3_conf_err(val);
- goto err;
- }
- if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- break;
- case '-':
- i1 = i2 + strspn(s + i2, " \t");
- i2 = i1 + strspn(s + i1, addr_chars);
- if (i1 == i2 || s[i2] != '\0') {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
- X509V3_conf_err(val);
- goto err;
- }
- if (a2i_ipadd(max, s + i1) != length) {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
- X509V3_conf_err(val);
- goto err;
- }
- if (memcmp(min, max, length_from_afi(afi)) > 0) {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
- X509V3_conf_err(val);
- goto err;
- }
- if (!v3_addr_add_range(addr, afi, safi, min, max)) {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- break;
- case '\0':
- if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- break;
- default:
- X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
- X509V3_conf_err(val);
- goto err;
- }
-
- OPENSSL_free(s);
- s = NULL;
- }
-
- /*
- * Canonize the result, then we're done.
- */
- if (!v3_addr_canonize(addr))
- goto err;
- return addr;
-
- err:
- OPENSSL_free(s);
- sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
- return NULL;
-}
-
-/*
- * OpenSSL dispatch
- */
-const X509V3_EXT_METHOD v3_addr = {
- NID_sbgp_ipAddrBlock, /* nid */
- 0, /* flags */
- ASN1_ITEM_ref(IPAddrBlocks), /* template */
- 0, 0, 0, 0, /* old functions, ignored */
- 0, /* i2s */
- 0, /* s2i */
- 0, /* i2v */
- v2i_IPAddrBlocks, /* v2i */
- i2r_IPAddrBlocks, /* i2r */
- 0, /* r2i */
- NULL /* extension-specific data */
-};
-
-/*
- * Figure out whether extension sues inheritance.
- */
-int v3_addr_inherits(IPAddrBlocks *addr)
-{
- int i;
- if (addr == NULL)
- return 0;
- for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
- IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
- if (f->ipAddressChoice->type == IPAddressChoice_inherit)
- return 1;
- }
- return 0;
-}
-
-/*
- * Figure out whether parent contains child.
- */
-static int addr_contains(IPAddressOrRanges *parent,
- IPAddressOrRanges *child,
- int length)
-{
- unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
- unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
- int p, c;
-
- if (child == NULL || parent == child)
- return 1;
- if (parent == NULL)
- return 0;
-
- p = 0;
- for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
- if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
- c_min, c_max, length))
- return -1;
- for (;; p++) {
- if (p >= sk_IPAddressOrRange_num(parent))
- return 0;
- if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
- p_min, p_max, length))
- return 0;
- if (memcmp(p_max, c_max, length) < 0)
- continue;
- if (memcmp(p_min, c_min, length) > 0)
- return 0;
- break;
- }
- }
-
- return 1;
-}
-
-/*
- * Test whether a is a subset of b.
- */
-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
-{
- int i;
- if (a == NULL || a == b)
- return 1;
- if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
- return 0;
- (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
- for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
- IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
- int j = sk_IPAddressFamily_find(b, fa);
- IPAddressFamily *fb;
- fb = sk_IPAddressFamily_value(b, j);
- if (fb == NULL)
- return 0;
- if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
- fa->ipAddressChoice->u.addressesOrRanges,
- length_from_afi(v3_addr_get_afi(fb))))
- return 0;
- }
- return 1;
-}
-
-/*
- * Validation error handling via callback.
- */
-#define validation_err(_err_) \
- do { \
- if (ctx != NULL) { \
- ctx->error = _err_; \
- ctx->error_depth = i; \
- ctx->current_cert = x; \
- ret = ctx->verify_cb(0, ctx); \
- } else { \
- ret = 0; \
- } \
- if (!ret) \
- goto done; \
- } while (0)
-
-/*
- * Core code for RFC 3779 2.3 path validation.
- */
-static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
- STACK_OF(X509) *chain,
- IPAddrBlocks *ext)
-{
- IPAddrBlocks *child = NULL;
- int i, j, ret = 1;
- X509 *x = NULL;
-
- OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
- OPENSSL_assert(ctx != NULL || ext != NULL);
- OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
-
- /*
- * Figure out where to start. If we don't have an extension to
- * check, we're done. Otherwise, check canonical form and
- * set up for walking up the chain.
- */
- if (ext != NULL) {
- i = -1;
- } else {
- i = 0;
- x = sk_X509_value(chain, i);
- OPENSSL_assert(x != NULL);
- if ((ext = x->rfc3779_addr) == NULL)
- goto done;
- }
- if (!v3_addr_is_canonical(ext))
- validation_err(X509_V_ERR_INVALID_EXTENSION);
- (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
- if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
- X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
- ret = 0;
- goto done;
- }
-
- /*
- * Now walk up the chain. No cert may list resources that its
- * parent doesn't list.
- */
- for (i++; i < sk_X509_num(chain); i++) {
- x = sk_X509_value(chain, i);
- OPENSSL_assert(x != NULL);
- if (!v3_addr_is_canonical(x->rfc3779_addr))
- validation_err(X509_V_ERR_INVALID_EXTENSION);
- if (x->rfc3779_addr == NULL) {
- for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
- IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
- if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
- validation_err(X509_V_ERR_UNNESTED_RESOURCE);
- break;
- }
- }
- continue;
- }
- (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
- for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
- IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
- int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
- IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k);
- if (fp == NULL) {
- if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
- validation_err(X509_V_ERR_UNNESTED_RESOURCE);
- break;
- }
- continue;
- }
- if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
- if (fc->ipAddressChoice->type == IPAddressChoice_inherit ||
- addr_contains(fp->ipAddressChoice->u.addressesOrRanges,
- fc->ipAddressChoice->u.addressesOrRanges,
- length_from_afi(v3_addr_get_afi(fc))))
- sk_IPAddressFamily_set(child, j, fp);
- else
- validation_err(X509_V_ERR_UNNESTED_RESOURCE);
- }
- }
- }
-
- /*
- * Trust anchor can't inherit.
- */
- if (x->rfc3779_addr != NULL) {
- for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
- IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j);
- if (fp->ipAddressChoice->type == IPAddressChoice_inherit &&
- sk_IPAddressFamily_find(child, fp) >= 0)
- validation_err(X509_V_ERR_UNNESTED_RESOURCE);
- }
- }
-
- done:
- sk_IPAddressFamily_free(child);
- return ret;
-}
-
-#undef validation_err
-
-/*
- * RFC 3779 2.3 path validation -- called from X509_verify_cert().
- */
-int v3_addr_validate_path(X509_STORE_CTX *ctx)
-{
- return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);
-}
-
-/*
- * RFC 3779 2.3 path validation of an extension.
- * Test whether chain covers extension.
- */
-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
- IPAddrBlocks *ext,
- int allow_inheritance)
-{
- if (ext == NULL)
- return 1;
- if (chain == NULL || sk_X509_num(chain) == 0)
- return 0;
- if (!allow_inheritance && v3_addr_inherits(ext))
- return 0;
- return v3_addr_validate_path_internal(NULL, chain, ext);
-}
-
-#endif /* OPENSSL_NO_RFC3779 */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_addr.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_addr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_addr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_addr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1343 @@
+/*
+ * Contributed to the OpenSSL Project by the American Registry for
+ * Internet Numbers ("ARIN").
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ */
+
+/*
+ * Implementation of RFC 3779 section 2.2.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/buffer.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
+ */
+
+ASN1_SEQUENCE(IPAddressRange) = {
+ ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
+ ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(IPAddressRange)
+
+ASN1_CHOICE(IPAddressOrRange) = {
+ ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
+ ASN1_SIMPLE(IPAddressOrRange, u.addressRange, IPAddressRange)
+} ASN1_CHOICE_END(IPAddressOrRange)
+
+ASN1_CHOICE(IPAddressChoice) = {
+ ASN1_SIMPLE(IPAddressChoice, u.inherit, ASN1_NULL),
+ ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
+} ASN1_CHOICE_END(IPAddressChoice)
+
+ASN1_SEQUENCE(IPAddressFamily) = {
+ ASN1_SIMPLE(IPAddressFamily, addressFamily, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
+} ASN1_SEQUENCE_END(IPAddressFamily)
+
+ASN1_ITEM_TEMPLATE(IPAddrBlocks) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
+ IPAddrBlocks, IPAddressFamily)
+ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
+
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
+
+/*
+ * How much buffer space do we need for a raw address?
+ */
+# define ADDR_RAW_BUF_LEN 16
+
+/*
+ * What's the address length associated with this AFI?
+ */
+static int length_from_afi(const unsigned afi)
+{
+ switch (afi) {
+ case IANA_AFI_IPV4:
+ return 4;
+ case IANA_AFI_IPV6:
+ return 16;
+ default:
+ return 0;
+ }
+}
+
+/*
+ * Extract the AFI from an IPAddressFamily.
+ */
+unsigned int v3_addr_get_afi(const IPAddressFamily *f)
+{
+ return ((f != NULL &&
+ f->addressFamily != NULL && f->addressFamily->data != NULL)
+ ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+ : 0);
+}
+
+/*
+ * Expand the bitstring form of an address into a raw byte array.
+ * At the moment this is coded for simplicity, not speed.
+ */
+static int addr_expand(unsigned char *addr,
+ const ASN1_BIT_STRING *bs,
+ const int length, const unsigned char fill)
+{
+ if (bs->length < 0 || bs->length > length)
+ return 0;
+ if (bs->length > 0) {
+ memcpy(addr, bs->data, bs->length);
+ if ((bs->flags & 7) != 0) {
+ unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
+ if (fill == 0)
+ addr[bs->length - 1] &= ~mask;
+ else
+ addr[bs->length - 1] |= mask;
+ }
+ }
+ memset(addr + bs->length, fill, length - bs->length);
+ return 1;
+}
+
+/*
+ * Extract the prefix length from a bitstring.
+ */
+# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+
+/*
+ * i2r handler for one address bitstring.
+ */
+static int i2r_address(BIO *out,
+ const unsigned afi,
+ const unsigned char fill, const ASN1_BIT_STRING *bs)
+{
+ unsigned char addr[ADDR_RAW_BUF_LEN];
+ int i, n;
+
+ if (bs->length < 0)
+ return 0;
+ switch (afi) {
+ case IANA_AFI_IPV4:
+ if (!addr_expand(addr, bs, 4, fill))
+ return 0;
+ BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
+ break;
+ case IANA_AFI_IPV6:
+ if (!addr_expand(addr, bs, 16, fill))
+ return 0;
+ for (n = 16; n > 1 && addr[n - 1] == 0x00 && addr[n - 2] == 0x00;
+ n -= 2) ;
+ for (i = 0; i < n; i += 2)
+ BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i + 1],
+ (i < 14 ? ":" : ""));
+ if (i < 16)
+ BIO_puts(out, ":");
+ if (i == 0)
+ BIO_puts(out, ":");
+ break;
+ default:
+ for (i = 0; i < bs->length; i++)
+ BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
+ BIO_printf(out, "[%d]", (int)(bs->flags & 7));
+ break;
+ }
+ return 1;
+}
+
+/*
+ * i2r handler for a sequence of addresses and ranges.
+ */
+static int i2r_IPAddressOrRanges(BIO *out,
+ const int indent,
+ const IPAddressOrRanges *aors,
+ const unsigned afi)
+{
+ int i;
+ for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
+ const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
+ BIO_printf(out, "%*s", indent, "");
+ switch (aor->type) {
+ case IPAddressOrRange_addressPrefix:
+ if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
+ return 0;
+ BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
+ continue;
+ case IPAddressOrRange_addressRange:
+ if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
+ return 0;
+ BIO_puts(out, "-");
+ if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
+ return 0;
+ BIO_puts(out, "\n");
+ continue;
+ }
+ }
+ return 1;
+}
+
+/*
+ * i2r handler for an IPAddrBlocks extension.
+ */
+static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
+ void *ext, BIO *out, int indent)
+{
+ const IPAddrBlocks *addr = ext;
+ int i;
+ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+ IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+ const unsigned int afi = v3_addr_get_afi(f);
+ switch (afi) {
+ case IANA_AFI_IPV4:
+ BIO_printf(out, "%*sIPv4", indent, "");
+ break;
+ case IANA_AFI_IPV6:
+ BIO_printf(out, "%*sIPv6", indent, "");
+ break;
+ default:
+ BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
+ break;
+ }
+ if (f->addressFamily->length > 2) {
+ switch (f->addressFamily->data[2]) {
+ case 1:
+ BIO_puts(out, " (Unicast)");
+ break;
+ case 2:
+ BIO_puts(out, " (Multicast)");
+ break;
+ case 3:
+ BIO_puts(out, " (Unicast/Multicast)");
+ break;
+ case 4:
+ BIO_puts(out, " (MPLS)");
+ break;
+ case 64:
+ BIO_puts(out, " (Tunnel)");
+ break;
+ case 65:
+ BIO_puts(out, " (VPLS)");
+ break;
+ case 66:
+ BIO_puts(out, " (BGP MDT)");
+ break;
+ case 128:
+ BIO_puts(out, " (MPLS-labeled VPN)");
+ break;
+ default:
+ BIO_printf(out, " (Unknown SAFI %u)",
+ (unsigned)f->addressFamily->data[2]);
+ break;
+ }
+ }
+ switch (f->ipAddressChoice->type) {
+ case IPAddressChoice_inherit:
+ BIO_puts(out, ": inherit\n");
+ break;
+ case IPAddressChoice_addressesOrRanges:
+ BIO_puts(out, ":\n");
+ if (!i2r_IPAddressOrRanges(out,
+ indent + 2,
+ f->ipAddressChoice->
+ u.addressesOrRanges, afi))
+ return 0;
+ break;
+ }
+ }
+ return 1;
+}
+
+/*
+ * Sort comparison function for a sequence of IPAddressOrRange
+ * elements.
+ *
+ * There's no sane answer we can give if addr_expand() fails, and an
+ * assertion failure on externally supplied data is seriously uncool,
+ * so we just arbitrarily declare that if given invalid inputs this
+ * function returns -1. If this messes up your preferred sort order
+ * for garbage input, tough noogies.
+ */
+static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
+ const IPAddressOrRange *b, const int length)
+{
+ unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
+ int prefixlen_a = 0;
+ int prefixlen_b = 0;
+ int r;
+
+ switch (a->type) {
+ case IPAddressOrRange_addressPrefix:
+ if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
+ return -1;
+ prefixlen_a = addr_prefixlen(a->u.addressPrefix);
+ break;
+ case IPAddressOrRange_addressRange:
+ if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
+ return -1;
+ prefixlen_a = length * 8;
+ break;
+ }
+
+ switch (b->type) {
+ case IPAddressOrRange_addressPrefix:
+ if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
+ return -1;
+ prefixlen_b = addr_prefixlen(b->u.addressPrefix);
+ break;
+ case IPAddressOrRange_addressRange:
+ if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
+ return -1;
+ prefixlen_b = length * 8;
+ break;
+ }
+
+ if ((r = memcmp(addr_a, addr_b, length)) != 0)
+ return r;
+ else
+ return prefixlen_a - prefixlen_b;
+}
+
+/*
+ * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparision routines are only allowed two arguments.
+ */
+static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
+ const IPAddressOrRange *const *b)
+{
+ return IPAddressOrRange_cmp(*a, *b, 4);
+}
+
+/*
+ * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparision routines are only allowed two arguments.
+ */
+static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
+ const IPAddressOrRange *const *b)
+{
+ return IPAddressOrRange_cmp(*a, *b, 16);
+}
+
+/*
+ * Calculate whether a range collapses to a prefix.
+ * See last paragraph of RFC 3779 2.2.3.7.
+ */
+static int range_should_be_prefix(const unsigned char *min,
+ const unsigned char *max, const int length)
+{
+ unsigned char mask;
+ int i, j;
+
+ OPENSSL_assert(memcmp(min, max, length) <= 0);
+ for (i = 0; i < length && min[i] == max[i]; i++) ;
+ for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
+ if (i < j)
+ return -1;
+ if (i > j)
+ return i * 8;
+ mask = min[i] ^ max[i];
+ switch (mask) {
+ case 0x01:
+ j = 7;
+ break;
+ case 0x03:
+ j = 6;
+ break;
+ case 0x07:
+ j = 5;
+ break;
+ case 0x0F:
+ j = 4;
+ break;
+ case 0x1F:
+ j = 3;
+ break;
+ case 0x3F:
+ j = 2;
+ break;
+ case 0x7F:
+ j = 1;
+ break;
+ default:
+ return -1;
+ }
+ if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
+ return -1;
+ else
+ return i * 8 + j;
+}
+
+/*
+ * Construct a prefix.
+ */
+static int make_addressPrefix(IPAddressOrRange **result,
+ unsigned char *addr, const int prefixlen)
+{
+ int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
+ IPAddressOrRange *aor = IPAddressOrRange_new();
+
+ if (aor == NULL)
+ return 0;
+ aor->type = IPAddressOrRange_addressPrefix;
+ if (aor->u.addressPrefix == NULL &&
+ (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
+ goto err;
+ if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
+ goto err;
+ aor->u.addressPrefix->flags &= ~7;
+ aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ if (bitlen > 0) {
+ aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
+ aor->u.addressPrefix->flags |= 8 - bitlen;
+ }
+
+ *result = aor;
+ return 1;
+
+ err:
+ IPAddressOrRange_free(aor);
+ return 0;
+}
+
+/*
+ * Construct a range. If it can be expressed as a prefix,
+ * return a prefix instead. Doing this here simplifies
+ * the rest of the code considerably.
+ */
+static int make_addressRange(IPAddressOrRange **result,
+ unsigned char *min,
+ unsigned char *max, const int length)
+{
+ IPAddressOrRange *aor;
+ int i, prefixlen;
+
+ if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
+ return make_addressPrefix(result, min, prefixlen);
+
+ if ((aor = IPAddressOrRange_new()) == NULL)
+ return 0;
+ aor->type = IPAddressOrRange_addressRange;
+ OPENSSL_assert(aor->u.addressRange == NULL);
+ if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
+ goto err;
+ if (aor->u.addressRange->min == NULL &&
+ (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
+ goto err;
+ if (aor->u.addressRange->max == NULL &&
+ (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
+ goto err;
+
+ for (i = length; i > 0 && min[i - 1] == 0x00; --i) ;
+ if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
+ goto err;
+ aor->u.addressRange->min->flags &= ~7;
+ aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ if (i > 0) {
+ unsigned char b = min[i - 1];
+ int j = 1;
+ while ((b & (0xFFU >> j)) != 0)
+ ++j;
+ aor->u.addressRange->min->flags |= 8 - j;
+ }
+
+ for (i = length; i > 0 && max[i - 1] == 0xFF; --i) ;
+ if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
+ goto err;
+ aor->u.addressRange->max->flags &= ~7;
+ aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ if (i > 0) {
+ unsigned char b = max[i - 1];
+ int j = 1;
+ while ((b & (0xFFU >> j)) != (0xFFU >> j))
+ ++j;
+ aor->u.addressRange->max->flags |= 8 - j;
+ }
+
+ *result = aor;
+ return 1;
+
+ err:
+ IPAddressOrRange_free(aor);
+ return 0;
+}
+
+/*
+ * Construct a new address family or find an existing one.
+ */
+static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
+ const unsigned afi,
+ const unsigned *safi)
+{
+ IPAddressFamily *f;
+ unsigned char key[3];
+ unsigned keylen;
+ int i;
+
+ key[0] = (afi >> 8) & 0xFF;
+ key[1] = afi & 0xFF;
+ if (safi != NULL) {
+ key[2] = *safi & 0xFF;
+ keylen = 3;
+ } else {
+ keylen = 2;
+ }
+
+ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+ f = sk_IPAddressFamily_value(addr, i);
+ OPENSSL_assert(f->addressFamily->data != NULL);
+ if (f->addressFamily->length == keylen &&
+ !memcmp(f->addressFamily->data, key, keylen))
+ return f;
+ }
+
+ if ((f = IPAddressFamily_new()) == NULL)
+ goto err;
+ if (f->ipAddressChoice == NULL &&
+ (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
+ goto err;
+ if (f->addressFamily == NULL &&
+ (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
+ goto err;
+ if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
+ goto err;
+ if (!sk_IPAddressFamily_push(addr, f))
+ goto err;
+
+ return f;
+
+ err:
+ IPAddressFamily_free(f);
+ return NULL;
+}
+
+/*
+ * Add an inheritance element.
+ */
+int v3_addr_add_inherit(IPAddrBlocks *addr,
+ const unsigned afi, const unsigned *safi)
+{
+ IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+ if (f == NULL ||
+ f->ipAddressChoice == NULL ||
+ (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+ f->ipAddressChoice->u.addressesOrRanges != NULL))
+ return 0;
+ if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+ f->ipAddressChoice->u.inherit != NULL)
+ return 1;
+ if (f->ipAddressChoice->u.inherit == NULL &&
+ (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
+ return 0;
+ f->ipAddressChoice->type = IPAddressChoice_inherit;
+ return 1;
+}
+
+/*
+ * Construct an IPAddressOrRange sequence, or return an existing one.
+ */
+static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
+ const unsigned afi,
+ const unsigned *safi)
+{
+ IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+ IPAddressOrRanges *aors = NULL;
+
+ if (f == NULL ||
+ f->ipAddressChoice == NULL ||
+ (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+ f->ipAddressChoice->u.inherit != NULL))
+ return NULL;
+ if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
+ aors = f->ipAddressChoice->u.addressesOrRanges;
+ if (aors != NULL)
+ return aors;
+ if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
+ return NULL;
+ switch (afi) {
+ case IANA_AFI_IPV4:
+ (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
+ break;
+ case IANA_AFI_IPV6:
+ (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
+ break;
+ }
+ f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
+ f->ipAddressChoice->u.addressesOrRanges = aors;
+ return aors;
+}
+
+/*
+ * Add a prefix.
+ */
+int v3_addr_add_prefix(IPAddrBlocks *addr,
+ const unsigned afi,
+ const unsigned *safi,
+ unsigned char *a, const int prefixlen)
+{
+ IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+ IPAddressOrRange *aor;
+ if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
+ return 0;
+ if (sk_IPAddressOrRange_push(aors, aor))
+ return 1;
+ IPAddressOrRange_free(aor);
+ return 0;
+}
+
+/*
+ * Add a range.
+ */
+int v3_addr_add_range(IPAddrBlocks *addr,
+ const unsigned afi,
+ const unsigned *safi,
+ unsigned char *min, unsigned char *max)
+{
+ IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+ IPAddressOrRange *aor;
+ int length = length_from_afi(afi);
+ if (aors == NULL)
+ return 0;
+ if (!make_addressRange(&aor, min, max, length))
+ return 0;
+ if (sk_IPAddressOrRange_push(aors, aor))
+ return 1;
+ IPAddressOrRange_free(aor);
+ return 0;
+}
+
+/*
+ * Extract min and max values from an IPAddressOrRange.
+ */
+static int extract_min_max(IPAddressOrRange *aor,
+ unsigned char *min, unsigned char *max, int length)
+{
+ if (aor == NULL || min == NULL || max == NULL)
+ return 0;
+ switch (aor->type) {
+ case IPAddressOrRange_addressPrefix:
+ return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
+ addr_expand(max, aor->u.addressPrefix, length, 0xFF));
+ case IPAddressOrRange_addressRange:
+ return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
+ addr_expand(max, aor->u.addressRange->max, length, 0xFF));
+ }
+ return 0;
+}
+
+/*
+ * Public wrapper for extract_min_max().
+ */
+int v3_addr_get_range(IPAddressOrRange *aor,
+ const unsigned afi,
+ unsigned char *min,
+ unsigned char *max, const int length)
+{
+ int afi_length = length_from_afi(afi);
+ if (aor == NULL || min == NULL || max == NULL ||
+ afi_length == 0 || length < afi_length ||
+ (aor->type != IPAddressOrRange_addressPrefix &&
+ aor->type != IPAddressOrRange_addressRange) ||
+ !extract_min_max(aor, min, max, afi_length))
+ return 0;
+
+ return afi_length;
+}
+
+/*
+ * Sort comparision function for a sequence of IPAddressFamily.
+ *
+ * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
+ * the ordering: I can read it as meaning that IPv6 without a SAFI
+ * comes before IPv4 with a SAFI, which seems pretty weird. The
+ * examples in appendix B suggest that the author intended the
+ * null-SAFI rule to apply only within a single AFI, which is what I
+ * would have expected and is what the following code implements.
+ */
+static int IPAddressFamily_cmp(const IPAddressFamily *const *a_,
+ const IPAddressFamily *const *b_)
+{
+ const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
+ const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
+ int len = ((a->length <= b->length) ? a->length : b->length);
+ int cmp = memcmp(a->data, b->data, len);
+ return cmp ? cmp : a->length - b->length;
+}
+
+/*
+ * Check whether an IPAddrBLocks is in canonical form.
+ */
+int v3_addr_is_canonical(IPAddrBlocks *addr)
+{
+ unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+ unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+ IPAddressOrRanges *aors;
+ int i, j, k;
+
+ /*
+ * Empty extension is cannonical.
+ */
+ if (addr == NULL)
+ return 1;
+
+ /*
+ * Check whether the top-level list is in order.
+ */
+ for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
+ const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
+ const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
+ if (IPAddressFamily_cmp(&a, &b) >= 0)
+ return 0;
+ }
+
+ /*
+ * Top level's ok, now check each address family.
+ */
+ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+ IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+ int length = length_from_afi(v3_addr_get_afi(f));
+
+ /*
+ * Inheritance is canonical. Anything other than inheritance or
+ * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
+ */
+ if (f == NULL || f->ipAddressChoice == NULL)
+ return 0;
+ switch (f->ipAddressChoice->type) {
+ case IPAddressChoice_inherit:
+ continue;
+ case IPAddressChoice_addressesOrRanges:
+ break;
+ default:
+ return 0;
+ }
+
+ /*
+ * It's an IPAddressOrRanges sequence, check it.
+ */
+ aors = f->ipAddressChoice->u.addressesOrRanges;
+ if (sk_IPAddressOrRange_num(aors) == 0)
+ return 0;
+ for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
+ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+ IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
+
+ if (!extract_min_max(a, a_min, a_max, length) ||
+ !extract_min_max(b, b_min, b_max, length))
+ return 0;
+
+ /*
+ * Punt misordered list, overlapping start, or inverted range.
+ */
+ if (memcmp(a_min, b_min, length) >= 0 ||
+ memcmp(a_min, a_max, length) > 0 ||
+ memcmp(b_min, b_max, length) > 0)
+ return 0;
+
+ /*
+ * Punt if adjacent or overlapping. Check for adjacency by
+ * subtracting one from b_min first.
+ */
+ for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) ;
+ if (memcmp(a_max, b_min, length) >= 0)
+ return 0;
+
+ /*
+ * Check for range that should be expressed as a prefix.
+ */
+ if (a->type == IPAddressOrRange_addressRange &&
+ range_should_be_prefix(a_min, a_max, length) >= 0)
+ return 0;
+ }
+
+ /*
+ * Check range to see if it's inverted or should be a
+ * prefix.
+ */
+ j = sk_IPAddressOrRange_num(aors) - 1;
+ {
+ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+ if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+ if (!extract_min_max(a, a_min, a_max, length))
+ return 0;
+ if (memcmp(a_min, a_max, length) > 0 ||
+ range_should_be_prefix(a_min, a_max, length) >= 0)
+ return 0;
+ }
+ }
+ }
+
+ /*
+ * If we made it through all that, we're happy.
+ */
+ return 1;
+}
+
+/*
+ * Whack an IPAddressOrRanges into canonical form.
+ */
+static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
+ const unsigned afi)
+{
+ int i, j, length = length_from_afi(afi);
+
+ /*
+ * Sort the IPAddressOrRanges sequence.
+ */
+ sk_IPAddressOrRange_sort(aors);
+
+ /*
+ * Clean up representation issues, punt on duplicates or overlaps.
+ */
+ for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
+ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
+ IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
+ unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+ unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+
+ if (!extract_min_max(a, a_min, a_max, length) ||
+ !extract_min_max(b, b_min, b_max, length))
+ return 0;
+
+ /*
+ * Punt inverted ranges.
+ */
+ if (memcmp(a_min, a_max, length) > 0 ||
+ memcmp(b_min, b_max, length) > 0)
+ return 0;
+
+ /*
+ * Punt overlaps.
+ */
+ if (memcmp(a_max, b_min, length) >= 0)
+ return 0;
+
+ /*
+ * Merge if a and b are adjacent. We check for
+ * adjacency by subtracting one from b_min first.
+ */
+ for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) ;
+ if (memcmp(a_max, b_min, length) == 0) {
+ IPAddressOrRange *merged;
+ if (!make_addressRange(&merged, a_min, b_max, length))
+ return 0;
+ sk_IPAddressOrRange_set(aors, i, merged);
+ (void)sk_IPAddressOrRange_delete(aors, i + 1);
+ IPAddressOrRange_free(a);
+ IPAddressOrRange_free(b);
+ --i;
+ continue;
+ }
+ }
+
+ /*
+ * Check for inverted final range.
+ */
+ j = sk_IPAddressOrRange_num(aors) - 1;
+ {
+ IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+ if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+ unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+ extract_min_max(a, a_min, a_max, length);
+ if (memcmp(a_min, a_max, length) > 0)
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+/*
+ * Whack an IPAddrBlocks extension into canonical form.
+ */
+int v3_addr_canonize(IPAddrBlocks *addr)
+{
+ int i;
+ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+ IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+ if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+ !IPAddressOrRanges_canonize(f->ipAddressChoice->
+ u.addressesOrRanges,
+ v3_addr_get_afi(f)))
+ return 0;
+ }
+ (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
+ sk_IPAddressFamily_sort(addr);
+ OPENSSL_assert(v3_addr_is_canonical(addr));
+ return 1;
+}
+
+/*
+ * v2i handler for the IPAddrBlocks extension.
+ */
+static void *v2i_IPAddrBlocks(struct v3_ext_method *method,
+ struct v3_ext_ctx *ctx,
+ STACK_OF(CONF_VALUE) *values)
+{
+ static const char v4addr_chars[] = "0123456789.";
+ static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
+ IPAddrBlocks *addr = NULL;
+ char *s = NULL, *t;
+ int i;
+
+ if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+ CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+ unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
+ unsigned afi, *safi = NULL, safi_;
+ const char *addr_chars;
+ int prefixlen, i1, i2, delim, length;
+
+ if (!name_cmp(val->name, "IPv4")) {
+ afi = IANA_AFI_IPV4;
+ } else if (!name_cmp(val->name, "IPv6")) {
+ afi = IANA_AFI_IPV6;
+ } else if (!name_cmp(val->name, "IPv4-SAFI")) {
+ afi = IANA_AFI_IPV4;
+ safi = &safi_;
+ } else if (!name_cmp(val->name, "IPv6-SAFI")) {
+ afi = IANA_AFI_IPV6;
+ safi = &safi_;
+ } else {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+ X509V3_R_EXTENSION_NAME_ERROR);
+ X509V3_conf_err(val);
+ goto err;
+ }
+
+ switch (afi) {
+ case IANA_AFI_IPV4:
+ addr_chars = v4addr_chars;
+ break;
+ case IANA_AFI_IPV6:
+ addr_chars = v6addr_chars;
+ break;
+ }
+
+ length = length_from_afi(afi);
+
+ /*
+ * Handle SAFI, if any, and BUF_strdup() so we can null-terminate
+ * the other input values.
+ */
+ if (safi != NULL) {
+ *safi = strtoul(val->value, &t, 0);
+ t += strspn(t, " \t");
+ if (*safi > 0xFF || *t++ != ':') {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ t += strspn(t, " \t");
+ s = BUF_strdup(t);
+ } else {
+ s = BUF_strdup(val->value);
+ }
+ if (s == NULL) {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /*
+ * Check for inheritance. Not worth additional complexity to
+ * optimize this (seldom-used) case.
+ */
+ if (!strcmp(s, "inherit")) {
+ if (!v3_addr_add_inherit(addr, afi, safi)) {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+ X509V3_R_INVALID_INHERITANCE);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ OPENSSL_free(s);
+ s = NULL;
+ continue;
+ }
+
+ i1 = strspn(s, addr_chars);
+ i2 = i1 + strspn(s + i1, " \t");
+ delim = s[i2++];
+ s[i1] = '\0';
+
+ if (a2i_ipadd(min, s) != length) {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
+ X509V3_conf_err(val);
+ goto err;
+ }
+
+ switch (delim) {
+ case '/':
+ prefixlen = (int)strtoul(s + i2, &t, 10);
+ if (t == s + i2 || *t != '\0') {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+ X509V3_R_EXTENSION_VALUE_ERROR);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ break;
+ case '-':
+ i1 = i2 + strspn(s + i2, " \t");
+ i2 = i1 + strspn(s + i1, addr_chars);
+ if (i1 == i2 || s[i2] != '\0') {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+ X509V3_R_EXTENSION_VALUE_ERROR);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ if (a2i_ipadd(max, s + i1) != length) {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+ X509V3_R_INVALID_IPADDRESS);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ if (memcmp(min, max, length_from_afi(afi)) > 0) {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+ X509V3_R_EXTENSION_VALUE_ERROR);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ if (!v3_addr_add_range(addr, afi, safi, min, max)) {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ break;
+ case '\0':
+ if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ break;
+ default:
+ X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+ X509V3_R_EXTENSION_VALUE_ERROR);
+ X509V3_conf_err(val);
+ goto err;
+ }
+
+ OPENSSL_free(s);
+ s = NULL;
+ }
+
+ /*
+ * Canonize the result, then we're done.
+ */
+ if (!v3_addr_canonize(addr))
+ goto err;
+ return addr;
+
+ err:
+ OPENSSL_free(s);
+ sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
+ return NULL;
+}
+
+/*
+ * OpenSSL dispatch
+ */
+const X509V3_EXT_METHOD v3_addr = {
+ NID_sbgp_ipAddrBlock, /* nid */
+ 0, /* flags */
+ ASN1_ITEM_ref(IPAddrBlocks), /* template */
+ 0, 0, 0, 0, /* old functions, ignored */
+ 0, /* i2s */
+ 0, /* s2i */
+ 0, /* i2v */
+ v2i_IPAddrBlocks, /* v2i */
+ i2r_IPAddrBlocks, /* i2r */
+ 0, /* r2i */
+ NULL /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension sues inheritance.
+ */
+int v3_addr_inherits(IPAddrBlocks *addr)
+{
+ int i;
+ if (addr == NULL)
+ return 0;
+ for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+ IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+ if (f->ipAddressChoice->type == IPAddressChoice_inherit)
+ return 1;
+ }
+ return 0;
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int addr_contains(IPAddressOrRanges *parent,
+ IPAddressOrRanges *child, int length)
+{
+ unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
+ unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
+ int p, c;
+
+ if (child == NULL || parent == child)
+ return 1;
+ if (parent == NULL)
+ return 0;
+
+ p = 0;
+ for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
+ if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
+ c_min, c_max, length))
+ return -1;
+ for (;; p++) {
+ if (p >= sk_IPAddressOrRange_num(parent))
+ return 0;
+ if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
+ p_min, p_max, length))
+ return 0;
+ if (memcmp(p_max, c_max, length) < 0)
+ continue;
+ if (memcmp(p_min, c_min, length) > 0)
+ return 0;
+ break;
+ }
+ }
+
+ return 1;
+}
+
+/*
+ * Test whether a is a subset of b.
+ */
+int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
+{
+ int i;
+ if (a == NULL || a == b)
+ return 1;
+ if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
+ return 0;
+ (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
+ for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
+ IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
+ int j = sk_IPAddressFamily_find(b, fa);
+ IPAddressFamily *fb;
+ fb = sk_IPAddressFamily_value(b, j);
+ if (fb == NULL)
+ return 0;
+ if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
+ fa->ipAddressChoice->u.addressesOrRanges,
+ length_from_afi(v3_addr_get_afi(fb))))
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ * Validation error handling via callback.
+ */
+# define validation_err(_err_) \
+ do { \
+ if (ctx != NULL) { \
+ ctx->error = _err_; \
+ ctx->error_depth = i; \
+ ctx->current_cert = x; \
+ ret = ctx->verify_cb(0, ctx); \
+ } else { \
+ ret = 0; \
+ } \
+ if (!ret) \
+ goto done; \
+ } while (0)
+
+/*
+ * Core code for RFC 3779 2.3 path validation.
+ */
+static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
+ STACK_OF(X509) *chain,
+ IPAddrBlocks *ext)
+{
+ IPAddrBlocks *child = NULL;
+ int i, j, ret = 1;
+ X509 *x = NULL;
+
+ OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+ OPENSSL_assert(ctx != NULL || ext != NULL);
+ OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+
+ /*
+ * Figure out where to start. If we don't have an extension to
+ * check, we're done. Otherwise, check canonical form and
+ * set up for walking up the chain.
+ */
+ if (ext != NULL) {
+ i = -1;
+ } else {
+ i = 0;
+ x = sk_X509_value(chain, i);
+ OPENSSL_assert(x != NULL);
+ if ((ext = x->rfc3779_addr) == NULL)
+ goto done;
+ }
+ if (!v3_addr_is_canonical(ext))
+ validation_err(X509_V_ERR_INVALID_EXTENSION);
+ (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
+ if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
+ X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL,
+ ERR_R_MALLOC_FAILURE);
+ ret = 0;
+ goto done;
+ }
+
+ /*
+ * Now walk up the chain. No cert may list resources that its
+ * parent doesn't list.
+ */
+ for (i++; i < sk_X509_num(chain); i++) {
+ x = sk_X509_value(chain, i);
+ OPENSSL_assert(x != NULL);
+ if (!v3_addr_is_canonical(x->rfc3779_addr))
+ validation_err(X509_V_ERR_INVALID_EXTENSION);
+ if (x->rfc3779_addr == NULL) {
+ for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+ IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+ if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
+ validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+ break;
+ }
+ }
+ continue;
+ }
+ (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr,
+ IPAddressFamily_cmp);
+ for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+ IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+ int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
+ IPAddressFamily *fp =
+ sk_IPAddressFamily_value(x->rfc3779_addr, k);
+ if (fp == NULL) {
+ if (fc->ipAddressChoice->type ==
+ IPAddressChoice_addressesOrRanges) {
+ validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+ break;
+ }
+ continue;
+ }
+ if (fp->ipAddressChoice->type ==
+ IPAddressChoice_addressesOrRanges) {
+ if (fc->ipAddressChoice->type == IPAddressChoice_inherit
+ || addr_contains(fp->ipAddressChoice->u.addressesOrRanges,
+ fc->ipAddressChoice->u.addressesOrRanges,
+ length_from_afi(v3_addr_get_afi(fc))))
+ sk_IPAddressFamily_set(child, j, fp);
+ else
+ validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+ }
+ }
+ }
+
+ /*
+ * Trust anchor can't inherit.
+ */
+ if (x->rfc3779_addr != NULL) {
+ for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
+ IPAddressFamily *fp =
+ sk_IPAddressFamily_value(x->rfc3779_addr, j);
+ if (fp->ipAddressChoice->type == IPAddressChoice_inherit
+ && sk_IPAddressFamily_find(child, fp) >= 0)
+ validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+ }
+ }
+
+ done:
+ sk_IPAddressFamily_free(child);
+ return ret;
+}
+
+# undef validation_err
+
+/*
+ * RFC 3779 2.3 path validation -- called from X509_verify_cert().
+ */
+int v3_addr_validate_path(X509_STORE_CTX *ctx)
+{
+ return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 2.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+ IPAddrBlocks *ext, int allow_inheritance)
+{
+ if (ext == NULL)
+ return 1;
+ if (chain == NULL || sk_X509_num(chain) == 0)
+ return 0;
+ if (!allow_inheritance && v3_addr_inherits(ext))
+ return 0;
+ return v3_addr_validate_path_internal(NULL, chain, ext);
+}
+
+#endif /* OPENSSL_NO_RFC3779 */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_akey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,208 +0,0 @@
-/* v3_akey.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
- AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
-static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-
-const X509V3_EXT_METHOD v3_akey_id =
- {
- NID_authority_key_identifier,
- X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
- 0,0,0,0,
- 0,0,
- (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
- (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
- 0,0,
- NULL
- };
-
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
- AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
-{
- char *tmp;
- if(akeyid->keyid) {
- tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
- X509V3_add_value("keyid", tmp, &extlist);
- OPENSSL_free(tmp);
- }
- if(akeyid->issuer)
- extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
- if(akeyid->serial) {
- tmp = hex_to_string(akeyid->serial->data,
- akeyid->serial->length);
- X509V3_add_value("serial", tmp, &extlist);
- OPENSSL_free(tmp);
- }
- return extlist;
-}
-
-/* Currently two options:
- * keyid: use the issuers subject keyid, the value 'always' means its is
- * an error if the issuer certificate doesn't have a key id.
- * issuer: use the issuers cert issuer and serial number. The default is
- * to only use this if keyid is not present. With the option 'always'
- * this is always included.
- */
-
-static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
- {
- char keyid=0, issuer=0;
- int i;
- CONF_VALUE *cnf;
- ASN1_OCTET_STRING *ikeyid = NULL;
- X509_NAME *isname = NULL;
- GENERAL_NAMES * gens = NULL;
- GENERAL_NAME *gen = NULL;
- ASN1_INTEGER *serial = NULL;
- X509_EXTENSION *ext;
- X509 *cert;
- AUTHORITY_KEYID *akeyid;
-
- for(i = 0; i < sk_CONF_VALUE_num(values); i++)
- {
- cnf = sk_CONF_VALUE_value(values, i);
- if(!strcmp(cnf->name, "keyid"))
- {
- keyid = 1;
- if(cnf->value && !strcmp(cnf->value, "always"))
- keyid = 2;
- }
- else if(!strcmp(cnf->name, "issuer"))
- {
- issuer = 1;
- if(cnf->value && !strcmp(cnf->value, "always"))
- issuer = 2;
- }
- else
- {
- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
- ERR_add_error_data(2, "name=", cnf->name);
- return NULL;
- }
- }
-
- if(!ctx || !ctx->issuer_cert)
- {
- if(ctx && (ctx->flags==CTX_TEST))
- return AUTHORITY_KEYID_new();
- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
- return NULL;
- }
-
- cert = ctx->issuer_cert;
-
- if(keyid)
- {
- i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
- if((i >= 0) && (ext = X509_get_ext(cert, i)))
- ikeyid = X509V3_EXT_d2i(ext);
- if(keyid==2 && !ikeyid)
- {
- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
- return NULL;
- }
- }
-
- if((issuer && !ikeyid) || (issuer == 2))
- {
- isname = X509_NAME_dup(X509_get_issuer_name(cert));
- serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
- if(!isname || !serial)
- {
- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
- goto err;
- }
- }
-
- if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
-
- if(isname)
- {
- if(!(gens = sk_GENERAL_NAME_new_null())
- || !(gen = GENERAL_NAME_new())
- || !sk_GENERAL_NAME_push(gens, gen))
- {
- X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- gen->type = GEN_DIRNAME;
- gen->d.dirn = isname;
- }
-
- akeyid->issuer = gens;
- akeyid->serial = serial;
- akeyid->keyid = ikeyid;
-
- return akeyid;
-
- err:
- X509_NAME_free(isname);
- M_ASN1_INTEGER_free(serial);
- M_ASN1_OCTET_STRING_free(ikeyid);
- return NULL;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_akey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,205 @@
+/* v3_akey.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+ AUTHORITY_KEYID *akeyid,
+ STACK_OF(CONF_VALUE)
+ *extlist);
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_akey_id = {
+ NID_authority_key_identifier,
+ X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
+ 0, 0, 0, 0,
+ 0, 0,
+ (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID,
+ (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+ 0, 0,
+ NULL
+};
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+ AUTHORITY_KEYID *akeyid,
+ STACK_OF(CONF_VALUE)
+ *extlist)
+{
+ char *tmp;
+ if (akeyid->keyid) {
+ tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
+ X509V3_add_value("keyid", tmp, &extlist);
+ OPENSSL_free(tmp);
+ }
+ if (akeyid->issuer)
+ extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
+ if (akeyid->serial) {
+ tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length);
+ X509V3_add_value("serial", tmp, &extlist);
+ OPENSSL_free(tmp);
+ }
+ return extlist;
+}
+
+/*-
+ * Currently two options:
+ * keyid: use the issuers subject keyid, the value 'always' means its is
+ * an error if the issuer certificate doesn't have a key id.
+ * issuer: use the issuers cert issuer and serial number. The default is
+ * to only use this if keyid is not present. With the option 'always'
+ * this is always included.
+ */
+
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *values)
+{
+ char keyid = 0, issuer = 0;
+ int i;
+ CONF_VALUE *cnf;
+ ASN1_OCTET_STRING *ikeyid = NULL;
+ X509_NAME *isname = NULL;
+ GENERAL_NAMES *gens = NULL;
+ GENERAL_NAME *gen = NULL;
+ ASN1_INTEGER *serial = NULL;
+ X509_EXTENSION *ext;
+ X509 *cert;
+ AUTHORITY_KEYID *akeyid;
+
+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+ cnf = sk_CONF_VALUE_value(values, i);
+ if (!strcmp(cnf->name, "keyid")) {
+ keyid = 1;
+ if (cnf->value && !strcmp(cnf->value, "always"))
+ keyid = 2;
+ } else if (!strcmp(cnf->name, "issuer")) {
+ issuer = 1;
+ if (cnf->value && !strcmp(cnf->value, "always"))
+ issuer = 2;
+ } else {
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION);
+ ERR_add_error_data(2, "name=", cnf->name);
+ return NULL;
+ }
+ }
+
+ if (!ctx || !ctx->issuer_cert) {
+ if (ctx && (ctx->flags == CTX_TEST))
+ return AUTHORITY_KEYID_new();
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+ X509V3_R_NO_ISSUER_CERTIFICATE);
+ return NULL;
+ }
+
+ cert = ctx->issuer_cert;
+
+ if (keyid) {
+ i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+ if ((i >= 0) && (ext = X509_get_ext(cert, i)))
+ ikeyid = X509V3_EXT_d2i(ext);
+ if (keyid == 2 && !ikeyid) {
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+ X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+ return NULL;
+ }
+ }
+
+ if ((issuer && !ikeyid) || (issuer == 2)) {
+ isname = X509_NAME_dup(X509_get_issuer_name(cert));
+ serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+ if (!isname || !serial) {
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+ X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+ goto err;
+ }
+ }
+
+ if (!(akeyid = AUTHORITY_KEYID_new()))
+ goto err;
+
+ if (isname) {
+ if (!(gens = sk_GENERAL_NAME_new_null())
+ || !(gen = GENERAL_NAME_new())
+ || !sk_GENERAL_NAME_push(gens, gen)) {
+ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ gen->type = GEN_DIRNAME;
+ gen->d.dirn = isname;
+ }
+
+ akeyid->issuer = gens;
+ akeyid->serial = serial;
+ akeyid->keyid = ikeyid;
+
+ return akeyid;
+
+ err:
+ X509_NAME_free(isname);
+ M_ASN1_INTEGER_free(serial);
+ M_ASN1_OCTET_STRING_free(ikeyid);
+ return NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akeya.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_akeya.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akeya.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,72 +0,0 @@
-/* v3_akey_asn1.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE(AUTHORITY_KEYID) = {
- ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
- ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
- ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
-} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
-
-IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akeya.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_akeya.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akeya.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_akeya.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,73 @@
+/* v3_akey_asn1.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(AUTHORITY_KEYID) = {
+ ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
+ ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
+ ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
+} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_alt.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_alt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_alt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,585 +0,0 @@
-/* v3_alt.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
-static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
-
-const X509V3_EXT_METHOD v3_alt[] = {
-{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
-(X509V3_EXT_V2I)v2i_subject_alt,
-NULL, NULL, NULL},
-
-{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
-(X509V3_EXT_V2I)v2i_issuer_alt,
-NULL, NULL, NULL},
-};
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
- GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
-{
- int i;
- GENERAL_NAME *gen;
- for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
- gen = sk_GENERAL_NAME_value(gens, i);
- ret = i2v_GENERAL_NAME(method, gen, ret);
- }
- if(!ret) return sk_CONF_VALUE_new_null();
- return ret;
-}
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
- GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
-{
- unsigned char *p;
- char oline[256], htmp[5];
- int i;
- switch (gen->type)
- {
- case GEN_OTHERNAME:
- X509V3_add_value("othername","<unsupported>", &ret);
- break;
-
- case GEN_X400:
- X509V3_add_value("X400Name","<unsupported>", &ret);
- break;
-
- case GEN_EDIPARTY:
- X509V3_add_value("EdiPartyName","<unsupported>", &ret);
- break;
-
- case GEN_EMAIL:
- X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
- break;
-
- case GEN_DNS:
- X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
- break;
-
- case GEN_URI:
- X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
- break;
-
- case GEN_DIRNAME:
- X509_NAME_oneline(gen->d.dirn, oline, 256);
- X509V3_add_value("DirName",oline, &ret);
- break;
-
- case GEN_IPADD:
- p = gen->d.ip->data;
- if(gen->d.ip->length == 4)
- BIO_snprintf(oline, sizeof oline,
- "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
- else if(gen->d.ip->length == 16)
- {
- oline[0] = 0;
- for (i = 0; i < 8; i++)
- {
- BIO_snprintf(htmp, sizeof htmp,
- "%X", p[0] << 8 | p[1]);
- p += 2;
- strcat(oline, htmp);
- if (i != 7)
- strcat(oline, ":");
- }
- }
- else
- {
- X509V3_add_value("IP Address","<invalid>", &ret);
- break;
- }
- X509V3_add_value("IP Address",oline, &ret);
- break;
-
- case GEN_RID:
- i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
- X509V3_add_value("Registered ID",oline, &ret);
- break;
- }
- return ret;
-}
-
-int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
-{
- unsigned char *p;
- int i;
- switch (gen->type)
- {
- case GEN_OTHERNAME:
- BIO_printf(out, "othername:<unsupported>");
- break;
-
- case GEN_X400:
- BIO_printf(out, "X400Name:<unsupported>");
- break;
-
- case GEN_EDIPARTY:
- /* Maybe fix this: it is supported now */
- BIO_printf(out, "EdiPartyName:<unsupported>");
- break;
-
- case GEN_EMAIL:
- BIO_printf(out, "email:%s",gen->d.ia5->data);
- break;
-
- case GEN_DNS:
- BIO_printf(out, "DNS:%s",gen->d.ia5->data);
- break;
-
- case GEN_URI:
- BIO_printf(out, "URI:%s",gen->d.ia5->data);
- break;
-
- case GEN_DIRNAME:
- BIO_printf(out, "DirName: ");
- X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
- break;
-
- case GEN_IPADD:
- p = gen->d.ip->data;
- if(gen->d.ip->length == 4)
- BIO_printf(out, "IP Address:%d.%d.%d.%d",
- p[0], p[1], p[2], p[3]);
- else if(gen->d.ip->length == 16)
- {
- BIO_printf(out, "IP Address");
- for (i = 0; i < 8; i++)
- {
- BIO_printf(out, ":%X", p[0] << 8 | p[1]);
- p += 2;
- }
- BIO_puts(out, "\n");
- }
- else
- {
- BIO_printf(out,"IP Address:<invalid>");
- break;
- }
- break;
-
- case GEN_RID:
- BIO_printf(out, "Registered ID");
- i2a_ASN1_OBJECT(out, gen->d.rid);
- break;
- }
- return 1;
-}
-
-static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
- GENERAL_NAMES *gens = NULL;
- CONF_VALUE *cnf;
- int i;
- if(!(gens = sk_GENERAL_NAME_new_null())) {
- X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- cnf = sk_CONF_VALUE_value(nval, i);
- if(!name_cmp(cnf->name, "issuer") && cnf->value &&
- !strcmp(cnf->value, "copy")) {
- if(!copy_issuer(ctx, gens)) goto err;
- } else {
- GENERAL_NAME *gen;
- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
- goto err;
- sk_GENERAL_NAME_push(gens, gen);
- }
- }
- return gens;
- err:
- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
- return NULL;
-}
-
-/* Append subject altname of issuer to issuer alt name of subject */
-
-static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
-{
- GENERAL_NAMES *ialt;
- GENERAL_NAME *gen;
- X509_EXTENSION *ext;
- int i;
- if(ctx && (ctx->flags == CTX_TEST)) return 1;
- if(!ctx || !ctx->issuer_cert) {
- X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
- goto err;
- }
- i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
- if(i < 0) return 1;
- if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
- !(ialt = X509V3_EXT_d2i(ext)) ) {
- X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
- goto err;
- }
-
- for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
- gen = sk_GENERAL_NAME_value(ialt, i);
- if(!sk_GENERAL_NAME_push(gens, gen)) {
- X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- sk_GENERAL_NAME_free(ialt);
-
- return 1;
-
- err:
- return 0;
-
-}
-
-static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
- GENERAL_NAMES *gens = NULL;
- CONF_VALUE *cnf;
- int i;
- if(!(gens = sk_GENERAL_NAME_new_null())) {
- X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- cnf = sk_CONF_VALUE_value(nval, i);
- if(!name_cmp(cnf->name, "email") && cnf->value &&
- !strcmp(cnf->value, "copy")) {
- if(!copy_email(ctx, gens, 0)) goto err;
- } else if(!name_cmp(cnf->name, "email") && cnf->value &&
- !strcmp(cnf->value, "move")) {
- if(!copy_email(ctx, gens, 1)) goto err;
- } else {
- GENERAL_NAME *gen;
- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
- goto err;
- sk_GENERAL_NAME_push(gens, gen);
- }
- }
- return gens;
- err:
- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
- return NULL;
-}
-
-/* Copy any email addresses in a certificate or request to
- * GENERAL_NAMES
- */
-
-static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
-{
- X509_NAME *nm;
- ASN1_IA5STRING *email = NULL;
- X509_NAME_ENTRY *ne;
- GENERAL_NAME *gen = NULL;
- int i;
- if(ctx != NULL && ctx->flags == CTX_TEST)
- return 1;
- if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
- X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
- goto err;
- }
- /* Find the subject name */
- if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
- else nm = X509_REQ_get_subject_name(ctx->subject_req);
-
- /* Now add any email address(es) to STACK */
- i = -1;
- while((i = X509_NAME_get_index_by_NID(nm,
- NID_pkcs9_emailAddress, i)) >= 0) {
- ne = X509_NAME_get_entry(nm, i);
- email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
- if (move_p)
- {
- X509_NAME_delete_entry(nm, i);
- X509_NAME_ENTRY_free(ne);
- i--;
- }
- if(!email || !(gen = GENERAL_NAME_new())) {
- X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- gen->d.ia5 = email;
- email = NULL;
- gen->type = GEN_EMAIL;
- if(!sk_GENERAL_NAME_push(gens, gen)) {
- X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- gen = NULL;
- }
-
-
- return 1;
-
- err:
- GENERAL_NAME_free(gen);
- M_ASN1_IA5STRING_free(email);
- return 0;
-
-}
-
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
- GENERAL_NAME *gen;
- GENERAL_NAMES *gens = NULL;
- CONF_VALUE *cnf;
- int i;
- if(!(gens = sk_GENERAL_NAME_new_null())) {
- X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- cnf = sk_CONF_VALUE_value(nval, i);
- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
- sk_GENERAL_NAME_push(gens, gen);
- }
- return gens;
- err:
- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
- return NULL;
-}
-
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
- CONF_VALUE *cnf)
- {
- return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
- }
-
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
- X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
- CONF_VALUE *cnf, int is_nc)
- {
- char is_string = 0;
- int type;
- GENERAL_NAME *gen = NULL;
-
- char *name, *value;
-
- name = cnf->name;
- value = cnf->value;
-
- if(!value)
- {
- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
- return NULL;
- }
-
- if (out)
- gen = out;
- else
- {
- gen = GENERAL_NAME_new();
- if(gen == NULL)
- {
- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- }
-
- if(!name_cmp(name, "email"))
- {
- is_string = 1;
- type = GEN_EMAIL;
- }
- else if(!name_cmp(name, "URI"))
- {
- is_string = 1;
- type = GEN_URI;
- }
- else if(!name_cmp(name, "DNS"))
- {
- is_string = 1;
- type = GEN_DNS;
- }
- else if(!name_cmp(name, "RID"))
- {
- ASN1_OBJECT *obj;
- if(!(obj = OBJ_txt2obj(value,0)))
- {
- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT);
- ERR_add_error_data(2, "value=", value);
- goto err;
- }
- gen->d.rid = obj;
- type = GEN_RID;
- }
- else if(!name_cmp(name, "IP"))
- {
- if (is_nc)
- gen->d.ip = a2i_IPADDRESS_NC(value);
- else
- gen->d.ip = a2i_IPADDRESS(value);
- if(gen->d.ip == NULL)
- {
- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS);
- ERR_add_error_data(2, "value=", value);
- goto err;
- }
- type = GEN_IPADD;
- }
- else if(!name_cmp(name, "dirName"))
- {
- type = GEN_DIRNAME;
- if (!do_dirname(gen, value, ctx))
- {
- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR);
- goto err;
- }
- }
- else if(!name_cmp(name, "otherName"))
- {
- if (!do_othername(gen, value, ctx))
- {
- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR);
- goto err;
- }
- type = GEN_OTHERNAME;
- }
- else
- {
- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
- ERR_add_error_data(2, "name=", name);
- goto err;
- }
-
- if(is_string)
- {
- if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
- !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
- strlen(value)))
- {
- X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
-
- gen->type = type;
-
- return gen;
-
- err:
- if (!out)
- GENERAL_NAME_free(gen);
- return NULL;
- }
-
-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
- {
- char *objtmp = NULL, *p;
- int objlen;
- if (!(p = strchr(value, ';')))
- return 0;
- if (!(gen->d.otherName = OTHERNAME_new()))
- return 0;
- /* Free this up because we will overwrite it.
- * no need to free type_id because it is static
- */
- ASN1_TYPE_free(gen->d.otherName->value);
- if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
- return 0;
- objlen = p - value;
- objtmp = OPENSSL_malloc(objlen + 1);
- strncpy(objtmp, value, objlen);
- objtmp[objlen] = 0;
- gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
- OPENSSL_free(objtmp);
- if (!gen->d.otherName->type_id)
- return 0;
- return 1;
- }
-
-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
- {
- int ret;
- STACK_OF(CONF_VALUE) *sk;
- X509_NAME *nm;
- if (!(nm = X509_NAME_new()))
- return 0;
- sk = X509V3_get_section(ctx, value);
- if (!sk)
- {
- X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND);
- ERR_add_error_data(2, "section=", value);
- X509_NAME_free(nm);
- return 0;
- }
- /* FIXME: should allow other character types... */
- ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
- if (!ret)
- X509_NAME_free(nm);
- gen->d.dirn = nm;
-
- X509V3_section_free(ctx, sk);
-
- return ret;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_alt.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_alt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_alt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_alt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,565 @@
+/* v3_alt.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval);
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval);
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
+static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
+static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
+
+const X509V3_EXT_METHOD v3_alt[] = {
+ {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+ 0, 0, 0, 0,
+ 0, 0,
+ (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+ (X509V3_EXT_V2I)v2i_subject_alt,
+ NULL, NULL, NULL},
+
+ {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+ 0, 0, 0, 0,
+ 0, 0,
+ (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+ (X509V3_EXT_V2I)v2i_issuer_alt,
+ NULL, NULL, NULL},
+};
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+ GENERAL_NAMES *gens,
+ STACK_OF(CONF_VALUE) *ret)
+{
+ int i;
+ GENERAL_NAME *gen;
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+ gen = sk_GENERAL_NAME_value(gens, i);
+ ret = i2v_GENERAL_NAME(method, gen, ret);
+ }
+ if (!ret)
+ return sk_CONF_VALUE_new_null();
+ return ret;
+}
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+ GENERAL_NAME *gen,
+ STACK_OF(CONF_VALUE) *ret)
+{
+ unsigned char *p;
+ char oline[256], htmp[5];
+ int i;
+ switch (gen->type) {
+ case GEN_OTHERNAME:
+ X509V3_add_value("othername", "<unsupported>", &ret);
+ break;
+
+ case GEN_X400:
+ X509V3_add_value("X400Name", "<unsupported>", &ret);
+ break;
+
+ case GEN_EDIPARTY:
+ X509V3_add_value("EdiPartyName", "<unsupported>", &ret);
+ break;
+
+ case GEN_EMAIL:
+ X509V3_add_value_uchar("email", gen->d.ia5->data, &ret);
+ break;
+
+ case GEN_DNS:
+ X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret);
+ break;
+
+ case GEN_URI:
+ X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret);
+ break;
+
+ case GEN_DIRNAME:
+ X509_NAME_oneline(gen->d.dirn, oline, 256);
+ X509V3_add_value("DirName", oline, &ret);
+ break;
+
+ case GEN_IPADD:
+ p = gen->d.ip->data;
+ if (gen->d.ip->length == 4)
+ BIO_snprintf(oline, sizeof oline,
+ "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+ else if (gen->d.ip->length == 16) {
+ oline[0] = 0;
+ for (i = 0; i < 8; i++) {
+ BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]);
+ p += 2;
+ strcat(oline, htmp);
+ if (i != 7)
+ strcat(oline, ":");
+ }
+ } else {
+ X509V3_add_value("IP Address", "<invalid>", &ret);
+ break;
+ }
+ X509V3_add_value("IP Address", oline, &ret);
+ break;
+
+ case GEN_RID:
+ i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
+ X509V3_add_value("Registered ID", oline, &ret);
+ break;
+ }
+ return ret;
+}
+
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
+{
+ unsigned char *p;
+ int i;
+ switch (gen->type) {
+ case GEN_OTHERNAME:
+ BIO_printf(out, "othername:<unsupported>");
+ break;
+
+ case GEN_X400:
+ BIO_printf(out, "X400Name:<unsupported>");
+ break;
+
+ case GEN_EDIPARTY:
+ /* Maybe fix this: it is supported now */
+ BIO_printf(out, "EdiPartyName:<unsupported>");
+ break;
+
+ case GEN_EMAIL:
+ BIO_printf(out, "email:%s", gen->d.ia5->data);
+ break;
+
+ case GEN_DNS:
+ BIO_printf(out, "DNS:%s", gen->d.ia5->data);
+ break;
+
+ case GEN_URI:
+ BIO_printf(out, "URI:%s", gen->d.ia5->data);
+ break;
+
+ case GEN_DIRNAME:
+ BIO_printf(out, "DirName: ");
+ X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
+ break;
+
+ case GEN_IPADD:
+ p = gen->d.ip->data;
+ if (gen->d.ip->length == 4)
+ BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+ else if (gen->d.ip->length == 16) {
+ BIO_printf(out, "IP Address");
+ for (i = 0; i < 8; i++) {
+ BIO_printf(out, ":%X", p[0] << 8 | p[1]);
+ p += 2;
+ }
+ BIO_puts(out, "\n");
+ } else {
+ BIO_printf(out, "IP Address:<invalid>");
+ break;
+ }
+ break;
+
+ case GEN_RID:
+ BIO_printf(out, "Registered ID");
+ i2a_ASN1_OBJECT(out, gen->d.rid);
+ break;
+ }
+ return 1;
+}
+
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval)
+{
+ GENERAL_NAMES *gens = NULL;
+ CONF_VALUE *cnf;
+ int i;
+ if (!(gens = sk_GENERAL_NAME_new_null())) {
+ X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ cnf = sk_CONF_VALUE_value(nval, i);
+ if (!name_cmp(cnf->name, "issuer") && cnf->value &&
+ !strcmp(cnf->value, "copy")) {
+ if (!copy_issuer(ctx, gens))
+ goto err;
+ } else {
+ GENERAL_NAME *gen;
+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+ goto err;
+ sk_GENERAL_NAME_push(gens, gen);
+ }
+ }
+ return gens;
+ err:
+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+ return NULL;
+}
+
+/* Append subject altname of issuer to issuer alt name of subject */
+
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
+{
+ GENERAL_NAMES *ialt;
+ GENERAL_NAME *gen;
+ X509_EXTENSION *ext;
+ int i;
+ if (ctx && (ctx->flags == CTX_TEST))
+ return 1;
+ if (!ctx || !ctx->issuer_cert) {
+ X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_NO_ISSUER_DETAILS);
+ goto err;
+ }
+ i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
+ if (i < 0)
+ return 1;
+ if (!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
+ !(ialt = X509V3_EXT_d2i(ext))) {
+ X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR);
+ goto err;
+ }
+
+ for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
+ gen = sk_GENERAL_NAME_value(ialt, i);
+ if (!sk_GENERAL_NAME_push(gens, gen)) {
+ X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ sk_GENERAL_NAME_free(ialt);
+
+ return 1;
+
+ err:
+ return 0;
+
+}
+
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval)
+{
+ GENERAL_NAMES *gens = NULL;
+ CONF_VALUE *cnf;
+ int i;
+ if (!(gens = sk_GENERAL_NAME_new_null())) {
+ X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ cnf = sk_CONF_VALUE_value(nval, i);
+ if (!name_cmp(cnf->name, "email") && cnf->value &&
+ !strcmp(cnf->value, "copy")) {
+ if (!copy_email(ctx, gens, 0))
+ goto err;
+ } else if (!name_cmp(cnf->name, "email") && cnf->value &&
+ !strcmp(cnf->value, "move")) {
+ if (!copy_email(ctx, gens, 1))
+ goto err;
+ } else {
+ GENERAL_NAME *gen;
+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+ goto err;
+ sk_GENERAL_NAME_push(gens, gen);
+ }
+ }
+ return gens;
+ err:
+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+ return NULL;
+}
+
+/*
+ * Copy any email addresses in a certificate or request to GENERAL_NAMES
+ */
+
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
+{
+ X509_NAME *nm;
+ ASN1_IA5STRING *email = NULL;
+ X509_NAME_ENTRY *ne;
+ GENERAL_NAME *gen = NULL;
+ int i;
+ if (ctx != NULL && ctx->flags == CTX_TEST)
+ return 1;
+ if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
+ X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS);
+ goto err;
+ }
+ /* Find the subject name */
+ if (ctx->subject_cert)
+ nm = X509_get_subject_name(ctx->subject_cert);
+ else
+ nm = X509_REQ_get_subject_name(ctx->subject_req);
+
+ /* Now add any email address(es) to STACK */
+ i = -1;
+ while ((i = X509_NAME_get_index_by_NID(nm,
+ NID_pkcs9_emailAddress, i)) >= 0) {
+ ne = X509_NAME_get_entry(nm, i);
+ email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
+ if (move_p) {
+ X509_NAME_delete_entry(nm, i);
+ X509_NAME_ENTRY_free(ne);
+ i--;
+ }
+ if (!email || !(gen = GENERAL_NAME_new())) {
+ X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ gen->d.ia5 = email;
+ email = NULL;
+ gen->type = GEN_EMAIL;
+ if (!sk_GENERAL_NAME_push(gens, gen)) {
+ X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ gen = NULL;
+ }
+
+ return 1;
+
+ err:
+ GENERAL_NAME_free(gen);
+ M_ASN1_IA5STRING_free(email);
+ return 0;
+
+}
+
+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+ GENERAL_NAME *gen;
+ GENERAL_NAMES *gens = NULL;
+ CONF_VALUE *cnf;
+ int i;
+ if (!(gens = sk_GENERAL_NAME_new_null())) {
+ X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ cnf = sk_CONF_VALUE_value(nval, i);
+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+ goto err;
+ sk_GENERAL_NAME_push(gens, gen);
+ }
+ return gens;
+ err:
+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+ return NULL;
+}
+
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ CONF_VALUE *cnf)
+{
+ return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
+}
+
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+ X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ CONF_VALUE *cnf, int is_nc)
+{
+ char is_string = 0;
+ int type;
+ GENERAL_NAME *gen = NULL;
+
+ char *name, *value;
+
+ name = cnf->name;
+ value = cnf->value;
+
+ if (!value) {
+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE);
+ return NULL;
+ }
+
+ if (out)
+ gen = out;
+ else {
+ gen = GENERAL_NAME_new();
+ if (gen == NULL) {
+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ }
+
+ if (!name_cmp(name, "email")) {
+ is_string = 1;
+ type = GEN_EMAIL;
+ } else if (!name_cmp(name, "URI")) {
+ is_string = 1;
+ type = GEN_URI;
+ } else if (!name_cmp(name, "DNS")) {
+ is_string = 1;
+ type = GEN_DNS;
+ } else if (!name_cmp(name, "RID")) {
+ ASN1_OBJECT *obj;
+ if (!(obj = OBJ_txt2obj(value, 0))) {
+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_BAD_OBJECT);
+ ERR_add_error_data(2, "value=", value);
+ goto err;
+ }
+ gen->d.rid = obj;
+ type = GEN_RID;
+ } else if (!name_cmp(name, "IP")) {
+ if (is_nc)
+ gen->d.ip = a2i_IPADDRESS_NC(value);
+ else
+ gen->d.ip = a2i_IPADDRESS(value);
+ if (gen->d.ip == NULL) {
+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_BAD_IP_ADDRESS);
+ ERR_add_error_data(2, "value=", value);
+ goto err;
+ }
+ type = GEN_IPADD;
+ } else if (!name_cmp(name, "dirName")) {
+ type = GEN_DIRNAME;
+ if (!do_dirname(gen, value, ctx)) {
+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_DIRNAME_ERROR);
+ goto err;
+ }
+ } else if (!name_cmp(name, "otherName")) {
+ if (!do_othername(gen, value, ctx)) {
+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_OTHERNAME_ERROR);
+ goto err;
+ }
+ type = GEN_OTHERNAME;
+ } else {
+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_UNSUPPORTED_OPTION);
+ ERR_add_error_data(2, "name=", name);
+ goto err;
+ }
+
+ if (is_string) {
+ if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
+ !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
+ strlen(value))) {
+ X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+
+ gen->type = type;
+
+ return gen;
+
+ err:
+ if (!out)
+ GENERAL_NAME_free(gen);
+ return NULL;
+}
+
+static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+{
+ char *objtmp = NULL, *p;
+ int objlen;
+ if (!(p = strchr(value, ';')))
+ return 0;
+ if (!(gen->d.otherName = OTHERNAME_new()))
+ return 0;
+ /*
+ * Free this up because we will overwrite it. no need to free type_id
+ * because it is static
+ */
+ ASN1_TYPE_free(gen->d.otherName->value);
+ if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
+ return 0;
+ objlen = p - value;
+ objtmp = OPENSSL_malloc(objlen + 1);
+ strncpy(objtmp, value, objlen);
+ objtmp[objlen] = 0;
+ gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
+ OPENSSL_free(objtmp);
+ if (!gen->d.otherName->type_id)
+ return 0;
+ return 1;
+}
+
+static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+{
+ int ret;
+ STACK_OF(CONF_VALUE) *sk;
+ X509_NAME *nm;
+ if (!(nm = X509_NAME_new()))
+ return 0;
+ sk = X509V3_get_section(ctx, value);
+ if (!sk) {
+ X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);
+ ERR_add_error_data(2, "section=", value);
+ X509_NAME_free(nm);
+ return 0;
+ }
+ /* FIXME: should allow other character types... */
+ ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
+ if (!ret)
+ X509_NAME_free(nm);
+ gen->d.dirn = nm;
+
+ X509V3_section_free(ctx, sk);
+
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_asid.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_asid.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_asid.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,888 +0,0 @@
-/*
- * Contributed to the OpenSSL Project by the American Registry for
- * Internet Numbers ("ARIN").
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- */
-
-/*
- * Implementation of RFC 3779 section 3.2.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-#include <openssl/x509.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_RFC3779
-
-/*
- * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
- */
-
-ASN1_SEQUENCE(ASRange) = {
- ASN1_SIMPLE(ASRange, min, ASN1_INTEGER),
- ASN1_SIMPLE(ASRange, max, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(ASRange)
-
-ASN1_CHOICE(ASIdOrRange) = {
- ASN1_SIMPLE(ASIdOrRange, u.id, ASN1_INTEGER),
- ASN1_SIMPLE(ASIdOrRange, u.range, ASRange)
-} ASN1_CHOICE_END(ASIdOrRange)
-
-ASN1_CHOICE(ASIdentifierChoice) = {
- ASN1_SIMPLE(ASIdentifierChoice, u.inherit, ASN1_NULL),
- ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange)
-} ASN1_CHOICE_END(ASIdentifierChoice)
-
-ASN1_SEQUENCE(ASIdentifiers) = {
- ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0),
- ASN1_EXP_OPT(ASIdentifiers, rdi, ASIdentifierChoice, 1)
-} ASN1_SEQUENCE_END(ASIdentifiers)
-
-IMPLEMENT_ASN1_FUNCTIONS(ASRange)
-IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
-IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
-IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
-
-/*
- * i2r method for an ASIdentifierChoice.
- */
-static int i2r_ASIdentifierChoice(BIO *out,
- ASIdentifierChoice *choice,
- int indent,
- const char *msg)
-{
- int i;
- char *s;
- if (choice == NULL)
- return 1;
- BIO_printf(out, "%*s%s:\n", indent, "", msg);
- switch (choice->type) {
- case ASIdentifierChoice_inherit:
- BIO_printf(out, "%*sinherit\n", indent + 2, "");
- break;
- case ASIdentifierChoice_asIdsOrRanges:
- for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {
- ASIdOrRange *aor = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
- switch (aor->type) {
- case ASIdOrRange_id:
- if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)
- return 0;
- BIO_printf(out, "%*s%s\n", indent + 2, "", s);
- OPENSSL_free(s);
- break;
- case ASIdOrRange_range:
- if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)
- return 0;
- BIO_printf(out, "%*s%s-", indent + 2, "", s);
- OPENSSL_free(s);
- if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)
- return 0;
- BIO_printf(out, "%s\n", s);
- OPENSSL_free(s);
- break;
- default:
- return 0;
- }
- }
- break;
- default:
- return 0;
- }
- return 1;
-}
-
-/*
- * i2r method for an ASIdentifier extension.
- */
-static int i2r_ASIdentifiers(X509V3_EXT_METHOD *method,
- void *ext,
- BIO *out,
- int indent)
-{
- ASIdentifiers *asid = ext;
- return (i2r_ASIdentifierChoice(out, asid->asnum, indent,
- "Autonomous System Numbers") &&
- i2r_ASIdentifierChoice(out, asid->rdi, indent,
- "Routing Domain Identifiers"));
-}
-
-/*
- * Sort comparision function for a sequence of ASIdOrRange elements.
- */
-static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
- const ASIdOrRange * const *b_)
-{
- const ASIdOrRange *a = *a_, *b = *b_;
-
- OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
- (a->type == ASIdOrRange_range && a->u.range != NULL &&
- a->u.range->min != NULL && a->u.range->max != NULL));
-
- OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
- (b->type == ASIdOrRange_range && b->u.range != NULL &&
- b->u.range->min != NULL && b->u.range->max != NULL));
-
- if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
- return ASN1_INTEGER_cmp(a->u.id, b->u.id);
-
- if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {
- int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);
- return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, b->u.range->max);
- }
-
- if (a->type == ASIdOrRange_id)
- return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);
- else
- return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);
-}
-
-/*
- * Add an inherit element.
- */
-int v3_asid_add_inherit(ASIdentifiers *asid, int which)
-{
- ASIdentifierChoice **choice;
- if (asid == NULL)
- return 0;
- switch (which) {
- case V3_ASID_ASNUM:
- choice = &asid->asnum;
- break;
- case V3_ASID_RDI:
- choice = &asid->rdi;
- break;
- default:
- return 0;
- }
- if (*choice == NULL) {
- if ((*choice = ASIdentifierChoice_new()) == NULL)
- return 0;
- OPENSSL_assert((*choice)->u.inherit == NULL);
- if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
- return 0;
- (*choice)->type = ASIdentifierChoice_inherit;
- }
- return (*choice)->type == ASIdentifierChoice_inherit;
-}
-
-/*
- * Add an ID or range to an ASIdentifierChoice.
- */
-int v3_asid_add_id_or_range(ASIdentifiers *asid,
- int which,
- ASN1_INTEGER *min,
- ASN1_INTEGER *max)
-{
- ASIdentifierChoice **choice;
- ASIdOrRange *aor;
- if (asid == NULL)
- return 0;
- switch (which) {
- case V3_ASID_ASNUM:
- choice = &asid->asnum;
- break;
- case V3_ASID_RDI:
- choice = &asid->rdi;
- break;
- default:
- return 0;
- }
- if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
- return 0;
- if (*choice == NULL) {
- if ((*choice = ASIdentifierChoice_new()) == NULL)
- return 0;
- OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
- (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
- if ((*choice)->u.asIdsOrRanges == NULL)
- return 0;
- (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
- }
- if ((aor = ASIdOrRange_new()) == NULL)
- return 0;
- if (max == NULL) {
- aor->type = ASIdOrRange_id;
- aor->u.id = min;
- } else {
- aor->type = ASIdOrRange_range;
- if ((aor->u.range = ASRange_new()) == NULL)
- goto err;
- ASN1_INTEGER_free(aor->u.range->min);
- aor->u.range->min = min;
- ASN1_INTEGER_free(aor->u.range->max);
- aor->u.range->max = max;
- }
- if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
- goto err;
- return 1;
-
- err:
- ASIdOrRange_free(aor);
- return 0;
-}
-
-/*
- * Extract min and max values from an ASIdOrRange.
- */
-static void extract_min_max(ASIdOrRange *aor,
- ASN1_INTEGER **min,
- ASN1_INTEGER **max)
-{
- OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
- switch (aor->type) {
- case ASIdOrRange_id:
- *min = aor->u.id;
- *max = aor->u.id;
- return;
- case ASIdOrRange_range:
- *min = aor->u.range->min;
- *max = aor->u.range->max;
- return;
- }
-}
-
-/*
- * Check whether an ASIdentifierChoice is in canonical form.
- */
-static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
-{
- ASN1_INTEGER *a_max_plus_one = NULL;
- BIGNUM *bn = NULL;
- int i, ret = 0;
-
- /*
- * Empty element or inheritance is canonical.
- */
- if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
- return 1;
-
- /*
- * If not a list, or if empty list, it's broken.
- */
- if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
- sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
- return 0;
-
- /*
- * It's a list, check it.
- */
- for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
- ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
- ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
- ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
-
- extract_min_max(a, &a_min, &a_max);
- extract_min_max(b, &b_min, &b_max);
-
- /*
- * Punt misordered list, overlapping start, or inverted range.
- */
- if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
- ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
- ASN1_INTEGER_cmp(b_min, b_max) > 0)
- goto done;
-
- /*
- * Calculate a_max + 1 to check for adjacency.
- */
- if ((bn == NULL && (bn = BN_new()) == NULL) ||
- ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
- !BN_add_word(bn, 1) ||
- (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
- ERR_R_MALLOC_FAILURE);
- goto done;
- }
-
- /*
- * Punt if adjacent or overlapping.
- */
- if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
- goto done;
- }
-
- /*
- * Check for inverted range.
- */
- i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
- {
- ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
- ASN1_INTEGER *a_min, *a_max;
- if (a != NULL && a->type == ASIdOrRange_range) {
- extract_min_max(a, &a_min, &a_max);
- if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
- goto done;
- }
- }
-
- ret = 1;
-
- done:
- ASN1_INTEGER_free(a_max_plus_one);
- BN_free(bn);
- return ret;
-}
-
-/*
- * Check whether an ASIdentifier extension is in canonical form.
- */
-int v3_asid_is_canonical(ASIdentifiers *asid)
-{
- return (asid == NULL ||
- (ASIdentifierChoice_is_canonical(asid->asnum) &&
- ASIdentifierChoice_is_canonical(asid->rdi)));
-}
-
-/*
- * Whack an ASIdentifierChoice into canonical form.
- */
-static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
-{
- ASN1_INTEGER *a_max_plus_one = NULL;
- BIGNUM *bn = NULL;
- int i, ret = 0;
-
- /*
- * Nothing to do for empty element or inheritance.
- */
- if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
- return 1;
-
- /*
- * If not a list, or if empty list, it's broken.
- */
- if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
- sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
- X509V3_R_EXTENSION_VALUE_ERROR);
- return 0;
- }
-
- /*
- * We have a non-empty list. Sort it.
- */
- sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
-
- /*
- * Now check for errors and suboptimal encoding, rejecting the
- * former and fixing the latter.
- */
- for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
- ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
- ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
- ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
-
- extract_min_max(a, &a_min, &a_max);
- extract_min_max(b, &b_min, &b_max);
-
- /*
- * Make sure we're properly sorted (paranoia).
- */
- OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
-
- /*
- * Punt inverted ranges.
- */
- if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
- ASN1_INTEGER_cmp(b_min, b_max) > 0)
- goto done;
-
- /*
- * Check for overlaps.
- */
- if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
- X509V3_R_EXTENSION_VALUE_ERROR);
- goto done;
- }
-
- /*
- * Calculate a_max + 1 to check for adjacency.
- */
- if ((bn == NULL && (bn = BN_new()) == NULL) ||
- ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
- !BN_add_word(bn, 1) ||
- (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE);
- goto done;
- }
-
- /*
- * If a and b are adjacent, merge them.
- */
- if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
- ASRange *r;
- switch (a->type) {
- case ASIdOrRange_id:
- if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) {
- X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
- ERR_R_MALLOC_FAILURE);
- goto done;
- }
- r->min = a_min;
- r->max = b_max;
- a->type = ASIdOrRange_range;
- a->u.range = r;
- break;
- case ASIdOrRange_range:
- ASN1_INTEGER_free(a->u.range->max);
- a->u.range->max = b_max;
- break;
- }
- switch (b->type) {
- case ASIdOrRange_id:
- b->u.id = NULL;
- break;
- case ASIdOrRange_range:
- b->u.range->max = NULL;
- break;
- }
- ASIdOrRange_free(b);
- (void) sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
- i--;
- continue;
- }
- }
-
- /*
- * Check for final inverted range.
- */
- i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
- {
- ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
- ASN1_INTEGER *a_min, *a_max;
- if (a != NULL && a->type == ASIdOrRange_range) {
- extract_min_max(a, &a_min, &a_max);
- if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
- goto done;
- }
- }
-
- OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
-
- ret = 1;
-
- done:
- ASN1_INTEGER_free(a_max_plus_one);
- BN_free(bn);
- return ret;
-}
-
-/*
- * Whack an ASIdentifier extension into canonical form.
- */
-int v3_asid_canonize(ASIdentifiers *asid)
-{
- return (asid == NULL ||
- (ASIdentifierChoice_canonize(asid->asnum) &&
- ASIdentifierChoice_canonize(asid->rdi)));
-}
-
-/*
- * v2i method for an ASIdentifier extension.
- */
-static void *v2i_ASIdentifiers(struct v3_ext_method *method,
- struct v3_ext_ctx *ctx,
- STACK_OF(CONF_VALUE) *values)
-{
- ASN1_INTEGER *min = NULL, *max = NULL;
- ASIdentifiers *asid = NULL;
- int i;
-
- if ((asid = ASIdentifiers_new()) == NULL) {
- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
- CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
- int i1, i2, i3, is_range, which;
-
- /*
- * Figure out whether this is an AS or an RDI.
- */
- if ( !name_cmp(val->name, "AS")) {
- which = V3_ASID_ASNUM;
- } else if (!name_cmp(val->name, "RDI")) {
- which = V3_ASID_RDI;
- } else {
- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_NAME_ERROR);
- X509V3_conf_err(val);
- goto err;
- }
-
- /*
- * Handle inheritance.
- */
- if (!strcmp(val->value, "inherit")) {
- if (v3_asid_add_inherit(asid, which))
- continue;
- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE);
- X509V3_conf_err(val);
- goto err;
- }
-
- /*
- * Number, range, or mistake, pick it apart and figure out which.
- */
- i1 = strspn(val->value, "0123456789");
- if (val->value[i1] == '\0') {
- is_range = 0;
- } else {
- is_range = 1;
- i2 = i1 + strspn(val->value + i1, " \t");
- if (val->value[i2] != '-') {
- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASNUMBER);
- X509V3_conf_err(val);
- goto err;
- }
- i2++;
- i2 = i2 + strspn(val->value + i2, " \t");
- i3 = i2 + strspn(val->value + i2, "0123456789");
- if (val->value[i3] != '\0') {
- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASRANGE);
- X509V3_conf_err(val);
- goto err;
- }
- }
-
- /*
- * Syntax is ok, read and add it.
- */
- if (!is_range) {
- if (!X509V3_get_value_int(val, &min)) {
- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- } else {
- char *s = BUF_strdup(val->value);
- if (s == NULL) {
- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- s[i1] = '\0';
- min = s2i_ASN1_INTEGER(NULL, s);
- max = s2i_ASN1_INTEGER(NULL, s + i2);
- OPENSSL_free(s);
- if (min == NULL || max == NULL) {
- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (ASN1_INTEGER_cmp(min, max) > 0) {
- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR);
- goto err;
- }
- }
- if (!v3_asid_add_id_or_range(asid, which, min, max)) {
- X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- min = max = NULL;
- }
-
- /*
- * Canonize the result, then we're done.
- */
- if (!v3_asid_canonize(asid))
- goto err;
- return asid;
-
- err:
- ASIdentifiers_free(asid);
- ASN1_INTEGER_free(min);
- ASN1_INTEGER_free(max);
- return NULL;
-}
-
-/*
- * OpenSSL dispatch.
- */
-const X509V3_EXT_METHOD v3_asid = {
- NID_sbgp_autonomousSysNum, /* nid */
- 0, /* flags */
- ASN1_ITEM_ref(ASIdentifiers), /* template */
- 0, 0, 0, 0, /* old functions, ignored */
- 0, /* i2s */
- 0, /* s2i */
- 0, /* i2v */
- v2i_ASIdentifiers, /* v2i */
- i2r_ASIdentifiers, /* i2r */
- 0, /* r2i */
- NULL /* extension-specific data */
-};
-
-/*
- * Figure out whether extension uses inheritance.
- */
-int v3_asid_inherits(ASIdentifiers *asid)
-{
- return (asid != NULL &&
- ((asid->asnum != NULL &&
- asid->asnum->type == ASIdentifierChoice_inherit) ||
- (asid->rdi != NULL &&
- asid->rdi->type == ASIdentifierChoice_inherit)));
-}
-
-/*
- * Figure out whether parent contains child.
- */
-static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
-{
- ASN1_INTEGER *p_min, *p_max, *c_min, *c_max;
- int p, c;
-
- if (child == NULL || parent == child)
- return 1;
- if (parent == NULL)
- return 0;
-
- p = 0;
- for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
- extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);
- for (;; p++) {
- if (p >= sk_ASIdOrRange_num(parent))
- return 0;
- extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);
- if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
- continue;
- if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
- return 0;
- break;
- }
- }
-
- return 1;
-}
-
-/*
- * Test whether a is a subet of b.
- */
-int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
-{
- return (a == NULL ||
- a == b ||
- (b != NULL &&
- !v3_asid_inherits(a) &&
- !v3_asid_inherits(b) &&
- asid_contains(b->asnum->u.asIdsOrRanges,
- a->asnum->u.asIdsOrRanges) &&
- asid_contains(b->rdi->u.asIdsOrRanges,
- a->rdi->u.asIdsOrRanges)));
-}
-
-/*
- * Validation error handling via callback.
- */
-#define validation_err(_err_) \
- do { \
- if (ctx != NULL) { \
- ctx->error = _err_; \
- ctx->error_depth = i; \
- ctx->current_cert = x; \
- ret = ctx->verify_cb(0, ctx); \
- } else { \
- ret = 0; \
- } \
- if (!ret) \
- goto done; \
- } while (0)
-
-/*
- * Core code for RFC 3779 3.3 path validation.
- */
-static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
- STACK_OF(X509) *chain,
- ASIdentifiers *ext)
-{
- ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
- int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
- X509 *x = NULL;
-
- OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
- OPENSSL_assert(ctx != NULL || ext != NULL);
- OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
-
- /*
- * Figure out where to start. If we don't have an extension to
- * check, we're done. Otherwise, check canonical form and
- * set up for walking up the chain.
- */
- if (ext != NULL) {
- i = -1;
- } else {
- i = 0;
- x = sk_X509_value(chain, i);
- OPENSSL_assert(x != NULL);
- if ((ext = x->rfc3779_asid) == NULL)
- goto done;
- }
- if (!v3_asid_is_canonical(ext))
- validation_err(X509_V_ERR_INVALID_EXTENSION);
- if (ext->asnum != NULL) {
- switch (ext->asnum->type) {
- case ASIdentifierChoice_inherit:
- inherit_as = 1;
- break;
- case ASIdentifierChoice_asIdsOrRanges:
- child_as = ext->asnum->u.asIdsOrRanges;
- break;
- }
- }
- if (ext->rdi != NULL) {
- switch (ext->rdi->type) {
- case ASIdentifierChoice_inherit:
- inherit_rdi = 1;
- break;
- case ASIdentifierChoice_asIdsOrRanges:
- child_rdi = ext->rdi->u.asIdsOrRanges;
- break;
- }
- }
-
- /*
- * Now walk up the chain. Extensions must be in canonical form, no
- * cert may list resources that its parent doesn't list.
- */
- for (i++; i < sk_X509_num(chain); i++) {
- x = sk_X509_value(chain, i);
- OPENSSL_assert(x != NULL);
- if (x->rfc3779_asid == NULL) {
- if (child_as != NULL || child_rdi != NULL)
- validation_err(X509_V_ERR_UNNESTED_RESOURCE);
- continue;
- }
- if (!v3_asid_is_canonical(x->rfc3779_asid))
- validation_err(X509_V_ERR_INVALID_EXTENSION);
- if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
- validation_err(X509_V_ERR_UNNESTED_RESOURCE);
- child_as = NULL;
- inherit_as = 0;
- }
- if (x->rfc3779_asid->asnum != NULL &&
- x->rfc3779_asid->asnum->type == ASIdentifierChoice_asIdsOrRanges) {
- if (inherit_as ||
- asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, child_as)) {
- child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;
- inherit_as = 0;
- } else {
- validation_err(X509_V_ERR_UNNESTED_RESOURCE);
- }
- }
- if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {
- validation_err(X509_V_ERR_UNNESTED_RESOURCE);
- child_rdi = NULL;
- inherit_rdi = 0;
- }
- if (x->rfc3779_asid->rdi != NULL &&
- x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {
- if (inherit_rdi ||
- asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, child_rdi)) {
- child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;
- inherit_rdi = 0;
- } else {
- validation_err(X509_V_ERR_UNNESTED_RESOURCE);
- }
- }
- }
-
- /*
- * Trust anchor can't inherit.
- */
- if (x->rfc3779_asid != NULL) {
- if (x->rfc3779_asid->asnum != NULL &&
- x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
- validation_err(X509_V_ERR_UNNESTED_RESOURCE);
- if (x->rfc3779_asid->rdi != NULL &&
- x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)
- validation_err(X509_V_ERR_UNNESTED_RESOURCE);
- }
-
- done:
- return ret;
-}
-
-#undef validation_err
-
-/*
- * RFC 3779 3.3 path validation -- called from X509_verify_cert().
- */
-int v3_asid_validate_path(X509_STORE_CTX *ctx)
-{
- return v3_asid_validate_path_internal(ctx, ctx->chain, NULL);
-}
-
-/*
- * RFC 3779 3.3 path validation of an extension.
- * Test whether chain covers extension.
- */
-int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
- ASIdentifiers *ext,
- int allow_inheritance)
-{
- if (ext == NULL)
- return 1;
- if (chain == NULL || sk_X509_num(chain) == 0)
- return 0;
- if (!allow_inheritance && v3_asid_inherits(ext))
- return 0;
- return v3_asid_validate_path_internal(NULL, chain, ext);
-}
-
-#endif /* OPENSSL_NO_RFC3779 */
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_asid.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_asid.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_asid.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_asid.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,894 @@
+/*
+ * Contributed to the OpenSSL Project by the American Registry for
+ * Internet Numbers ("ARIN").
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ */
+
+/*
+ * Implementation of RFC 3779 section 3.2.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include <openssl/x509.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
+ */
+
+ASN1_SEQUENCE(ASRange) = {
+ ASN1_SIMPLE(ASRange, min, ASN1_INTEGER),
+ ASN1_SIMPLE(ASRange, max, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ASRange)
+
+ASN1_CHOICE(ASIdOrRange) = {
+ ASN1_SIMPLE(ASIdOrRange, u.id, ASN1_INTEGER),
+ ASN1_SIMPLE(ASIdOrRange, u.range, ASRange)
+} ASN1_CHOICE_END(ASIdOrRange)
+
+ASN1_CHOICE(ASIdentifierChoice) = {
+ ASN1_SIMPLE(ASIdentifierChoice, u.inherit, ASN1_NULL),
+ ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange)
+} ASN1_CHOICE_END(ASIdentifierChoice)
+
+ASN1_SEQUENCE(ASIdentifiers) = {
+ ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0),
+ ASN1_EXP_OPT(ASIdentifiers, rdi, ASIdentifierChoice, 1)
+} ASN1_SEQUENCE_END(ASIdentifiers)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
+
+/*
+ * i2r method for an ASIdentifierChoice.
+ */
+static int i2r_ASIdentifierChoice(BIO *out,
+ ASIdentifierChoice *choice,
+ int indent, const char *msg)
+{
+ int i;
+ char *s;
+ if (choice == NULL)
+ return 1;
+ BIO_printf(out, "%*s%s:\n", indent, "", msg);
+ switch (choice->type) {
+ case ASIdentifierChoice_inherit:
+ BIO_printf(out, "%*sinherit\n", indent + 2, "");
+ break;
+ case ASIdentifierChoice_asIdsOrRanges:
+ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {
+ ASIdOrRange *aor =
+ sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+ switch (aor->type) {
+ case ASIdOrRange_id:
+ if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)
+ return 0;
+ BIO_printf(out, "%*s%s\n", indent + 2, "", s);
+ OPENSSL_free(s);
+ break;
+ case ASIdOrRange_range:
+ if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)
+ return 0;
+ BIO_printf(out, "%*s%s-", indent + 2, "", s);
+ OPENSSL_free(s);
+ if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)
+ return 0;
+ BIO_printf(out, "%s\n", s);
+ OPENSSL_free(s);
+ break;
+ default:
+ return 0;
+ }
+ }
+ break;
+ default:
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ * i2r method for an ASIdentifier extension.
+ */
+static int i2r_ASIdentifiers(X509V3_EXT_METHOD *method,
+ void *ext, BIO *out, int indent)
+{
+ ASIdentifiers *asid = ext;
+ return (i2r_ASIdentifierChoice(out, asid->asnum, indent,
+ "Autonomous System Numbers") &&
+ i2r_ASIdentifierChoice(out, asid->rdi, indent,
+ "Routing Domain Identifiers"));
+}
+
+/*
+ * Sort comparision function for a sequence of ASIdOrRange elements.
+ */
+static int ASIdOrRange_cmp(const ASIdOrRange *const *a_,
+ const ASIdOrRange *const *b_)
+{
+ const ASIdOrRange *a = *a_, *b = *b_;
+
+ OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+ (a->type == ASIdOrRange_range && a->u.range != NULL &&
+ a->u.range->min != NULL && a->u.range->max != NULL));
+
+ OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+ (b->type == ASIdOrRange_range && b->u.range != NULL &&
+ b->u.range->min != NULL && b->u.range->max != NULL));
+
+ if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
+ return ASN1_INTEGER_cmp(a->u.id, b->u.id);
+
+ if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {
+ int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);
+ return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max,
+ b->u.range->max);
+ }
+
+ if (a->type == ASIdOrRange_id)
+ return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);
+ else
+ return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);
+}
+
+/*
+ * Add an inherit element.
+ */
+int v3_asid_add_inherit(ASIdentifiers *asid, int which)
+{
+ ASIdentifierChoice **choice;
+ if (asid == NULL)
+ return 0;
+ switch (which) {
+ case V3_ASID_ASNUM:
+ choice = &asid->asnum;
+ break;
+ case V3_ASID_RDI:
+ choice = &asid->rdi;
+ break;
+ default:
+ return 0;
+ }
+ if (*choice == NULL) {
+ if ((*choice = ASIdentifierChoice_new()) == NULL)
+ return 0;
+ OPENSSL_assert((*choice)->u.inherit == NULL);
+ if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+ return 0;
+ (*choice)->type = ASIdentifierChoice_inherit;
+ }
+ return (*choice)->type == ASIdentifierChoice_inherit;
+}
+
+/*
+ * Add an ID or range to an ASIdentifierChoice.
+ */
+int v3_asid_add_id_or_range(ASIdentifiers *asid,
+ int which, ASN1_INTEGER *min, ASN1_INTEGER *max)
+{
+ ASIdentifierChoice **choice;
+ ASIdOrRange *aor;
+ if (asid == NULL)
+ return 0;
+ switch (which) {
+ case V3_ASID_ASNUM:
+ choice = &asid->asnum;
+ break;
+ case V3_ASID_RDI:
+ choice = &asid->rdi;
+ break;
+ default:
+ return 0;
+ }
+ if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
+ return 0;
+ if (*choice == NULL) {
+ if ((*choice = ASIdentifierChoice_new()) == NULL)
+ return 0;
+ OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
+ (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
+ if ((*choice)->u.asIdsOrRanges == NULL)
+ return 0;
+ (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
+ }
+ if ((aor = ASIdOrRange_new()) == NULL)
+ return 0;
+ if (max == NULL) {
+ aor->type = ASIdOrRange_id;
+ aor->u.id = min;
+ } else {
+ aor->type = ASIdOrRange_range;
+ if ((aor->u.range = ASRange_new()) == NULL)
+ goto err;
+ ASN1_INTEGER_free(aor->u.range->min);
+ aor->u.range->min = min;
+ ASN1_INTEGER_free(aor->u.range->max);
+ aor->u.range->max = max;
+ }
+ if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
+ goto err;
+ return 1;
+
+ err:
+ ASIdOrRange_free(aor);
+ return 0;
+}
+
+/*
+ * Extract min and max values from an ASIdOrRange.
+ */
+static void extract_min_max(ASIdOrRange *aor,
+ ASN1_INTEGER **min, ASN1_INTEGER **max)
+{
+ OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
+ switch (aor->type) {
+ case ASIdOrRange_id:
+ *min = aor->u.id;
+ *max = aor->u.id;
+ return;
+ case ASIdOrRange_range:
+ *min = aor->u.range->min;
+ *max = aor->u.range->max;
+ return;
+ }
+}
+
+/*
+ * Check whether an ASIdentifierChoice is in canonical form.
+ */
+static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
+{
+ ASN1_INTEGER *a_max_plus_one = NULL;
+ BIGNUM *bn = NULL;
+ int i, ret = 0;
+
+ /*
+ * Empty element or inheritance is canonical.
+ */
+ if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+ return 1;
+
+ /*
+ * If not a list, or if empty list, it's broken.
+ */
+ if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+ sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
+ return 0;
+
+ /*
+ * It's a list, check it.
+ */
+ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+ ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+ ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
+
+ extract_min_max(a, &a_min, &a_max);
+ extract_min_max(b, &b_min, &b_max);
+
+ /*
+ * Punt misordered list, overlapping start, or inverted range.
+ */
+ if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
+ ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+ ASN1_INTEGER_cmp(b_min, b_max) > 0)
+ goto done;
+
+ /*
+ * Calculate a_max + 1 to check for adjacency.
+ */
+ if ((bn == NULL && (bn = BN_new()) == NULL) ||
+ ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+ !BN_add_word(bn, 1) ||
+ (a_max_plus_one =
+ BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
+ ERR_R_MALLOC_FAILURE);
+ goto done;
+ }
+
+ /*
+ * Punt if adjacent or overlapping.
+ */
+ if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
+ goto done;
+ }
+
+ /*
+ * Check for inverted range.
+ */
+ i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+ {
+ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+ ASN1_INTEGER *a_min, *a_max;
+ if (a != NULL && a->type == ASIdOrRange_range) {
+ extract_min_max(a, &a_min, &a_max);
+ if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+ goto done;
+ }
+ }
+
+ ret = 1;
+
+ done:
+ ASN1_INTEGER_free(a_max_plus_one);
+ BN_free(bn);
+ return ret;
+}
+
+/*
+ * Check whether an ASIdentifier extension is in canonical form.
+ */
+int v3_asid_is_canonical(ASIdentifiers *asid)
+{
+ return (asid == NULL ||
+ (ASIdentifierChoice_is_canonical(asid->asnum) &&
+ ASIdentifierChoice_is_canonical(asid->rdi)));
+}
+
+/*
+ * Whack an ASIdentifierChoice into canonical form.
+ */
+static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
+{
+ ASN1_INTEGER *a_max_plus_one = NULL;
+ BIGNUM *bn = NULL;
+ int i, ret = 0;
+
+ /*
+ * Nothing to do for empty element or inheritance.
+ */
+ if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+ return 1;
+
+ /*
+ * If not a list, or if empty list, it's broken.
+ */
+ if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+ sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+ X509V3_R_EXTENSION_VALUE_ERROR);
+ return 0;
+ }
+
+ /*
+ * We have a non-empty list. Sort it.
+ */
+ sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
+
+ /*
+ * Now check for errors and suboptimal encoding, rejecting the
+ * former and fixing the latter.
+ */
+ for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+ ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+ ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
+
+ extract_min_max(a, &a_min, &a_max);
+ extract_min_max(b, &b_min, &b_max);
+
+ /*
+ * Make sure we're properly sorted (paranoia).
+ */
+ OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+
+ /*
+ * Punt inverted ranges.
+ */
+ if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+ ASN1_INTEGER_cmp(b_min, b_max) > 0)
+ goto done;
+
+ /*
+ * Check for overlaps.
+ */
+ if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+ X509V3_R_EXTENSION_VALUE_ERROR);
+ goto done;
+ }
+
+ /*
+ * Calculate a_max + 1 to check for adjacency.
+ */
+ if ((bn == NULL && (bn = BN_new()) == NULL) ||
+ ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+ !BN_add_word(bn, 1) ||
+ (a_max_plus_one =
+ BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+ ERR_R_MALLOC_FAILURE);
+ goto done;
+ }
+
+ /*
+ * If a and b are adjacent, merge them.
+ */
+ if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
+ ASRange *r;
+ switch (a->type) {
+ case ASIdOrRange_id:
+ if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) {
+ X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+ ERR_R_MALLOC_FAILURE);
+ goto done;
+ }
+ r->min = a_min;
+ r->max = b_max;
+ a->type = ASIdOrRange_range;
+ a->u.range = r;
+ break;
+ case ASIdOrRange_range:
+ ASN1_INTEGER_free(a->u.range->max);
+ a->u.range->max = b_max;
+ break;
+ }
+ switch (b->type) {
+ case ASIdOrRange_id:
+ b->u.id = NULL;
+ break;
+ case ASIdOrRange_range:
+ b->u.range->max = NULL;
+ break;
+ }
+ ASIdOrRange_free(b);
+ (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+ i--;
+ continue;
+ }
+ }
+
+ /*
+ * Check for final inverted range.
+ */
+ i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+ {
+ ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+ ASN1_INTEGER *a_min, *a_max;
+ if (a != NULL && a->type == ASIdOrRange_range) {
+ extract_min_max(a, &a_min, &a_max);
+ if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+ goto done;
+ }
+ }
+
+ OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+
+ ret = 1;
+
+ done:
+ ASN1_INTEGER_free(a_max_plus_one);
+ BN_free(bn);
+ return ret;
+}
+
+/*
+ * Whack an ASIdentifier extension into canonical form.
+ */
+int v3_asid_canonize(ASIdentifiers *asid)
+{
+ return (asid == NULL ||
+ (ASIdentifierChoice_canonize(asid->asnum) &&
+ ASIdentifierChoice_canonize(asid->rdi)));
+}
+
+/*
+ * v2i method for an ASIdentifier extension.
+ */
+static void *v2i_ASIdentifiers(struct v3_ext_method *method,
+ struct v3_ext_ctx *ctx,
+ STACK_OF(CONF_VALUE) *values)
+{
+ ASN1_INTEGER *min = NULL, *max = NULL;
+ ASIdentifiers *asid = NULL;
+ int i;
+
+ if ((asid = ASIdentifiers_new()) == NULL) {
+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+ CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+ int i1, i2, i3, is_range, which;
+
+ /*
+ * Figure out whether this is an AS or an RDI.
+ */
+ if (!name_cmp(val->name, "AS")) {
+ which = V3_ASID_ASNUM;
+ } else if (!name_cmp(val->name, "RDI")) {
+ which = V3_ASID_RDI;
+ } else {
+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+ X509V3_R_EXTENSION_NAME_ERROR);
+ X509V3_conf_err(val);
+ goto err;
+ }
+
+ /*
+ * Handle inheritance.
+ */
+ if (!strcmp(val->value, "inherit")) {
+ if (v3_asid_add_inherit(asid, which))
+ continue;
+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+ X509V3_R_INVALID_INHERITANCE);
+ X509V3_conf_err(val);
+ goto err;
+ }
+
+ /*
+ * Number, range, or mistake, pick it apart and figure out which.
+ */
+ i1 = strspn(val->value, "0123456789");
+ if (val->value[i1] == '\0') {
+ is_range = 0;
+ } else {
+ is_range = 1;
+ i2 = i1 + strspn(val->value + i1, " \t");
+ if (val->value[i2] != '-') {
+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+ X509V3_R_INVALID_ASNUMBER);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ i2++;
+ i2 = i2 + strspn(val->value + i2, " \t");
+ i3 = i2 + strspn(val->value + i2, "0123456789");
+ if (val->value[i3] != '\0') {
+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+ X509V3_R_INVALID_ASRANGE);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ }
+
+ /*
+ * Syntax is ok, read and add it.
+ */
+ if (!is_range) {
+ if (!X509V3_get_value_int(val, &min)) {
+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ } else {
+ char *s = BUF_strdup(val->value);
+ if (s == NULL) {
+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ s[i1] = '\0';
+ min = s2i_ASN1_INTEGER(NULL, s);
+ max = s2i_ASN1_INTEGER(NULL, s + i2);
+ OPENSSL_free(s);
+ if (min == NULL || max == NULL) {
+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (ASN1_INTEGER_cmp(min, max) > 0) {
+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+ X509V3_R_EXTENSION_VALUE_ERROR);
+ goto err;
+ }
+ }
+ if (!v3_asid_add_id_or_range(asid, which, min, max)) {
+ X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ min = max = NULL;
+ }
+
+ /*
+ * Canonize the result, then we're done.
+ */
+ if (!v3_asid_canonize(asid))
+ goto err;
+ return asid;
+
+ err:
+ ASIdentifiers_free(asid);
+ ASN1_INTEGER_free(min);
+ ASN1_INTEGER_free(max);
+ return NULL;
+}
+
+/*
+ * OpenSSL dispatch.
+ */
+const X509V3_EXT_METHOD v3_asid = {
+ NID_sbgp_autonomousSysNum, /* nid */
+ 0, /* flags */
+ ASN1_ITEM_ref(ASIdentifiers), /* template */
+ 0, 0, 0, 0, /* old functions, ignored */
+ 0, /* i2s */
+ 0, /* s2i */
+ 0, /* i2v */
+ v2i_ASIdentifiers, /* v2i */
+ i2r_ASIdentifiers, /* i2r */
+ 0, /* r2i */
+ NULL /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension uses inheritance.
+ */
+int v3_asid_inherits(ASIdentifiers *asid)
+{
+ return (asid != NULL &&
+ ((asid->asnum != NULL &&
+ asid->asnum->type == ASIdentifierChoice_inherit) ||
+ (asid->rdi != NULL &&
+ asid->rdi->type == ASIdentifierChoice_inherit)));
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
+{
+ ASN1_INTEGER *p_min, *p_max, *c_min, *c_max;
+ int p, c;
+
+ if (child == NULL || parent == child)
+ return 1;
+ if (parent == NULL)
+ return 0;
+
+ p = 0;
+ for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
+ extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);
+ for (;; p++) {
+ if (p >= sk_ASIdOrRange_num(parent))
+ return 0;
+ extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);
+ if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
+ continue;
+ if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
+ return 0;
+ break;
+ }
+ }
+
+ return 1;
+}
+
+/*
+ * Test whether a is a subet of b.
+ */
+int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
+{
+ return (a == NULL ||
+ a == b ||
+ (b != NULL &&
+ !v3_asid_inherits(a) &&
+ !v3_asid_inherits(b) &&
+ asid_contains(b->asnum->u.asIdsOrRanges,
+ a->asnum->u.asIdsOrRanges) &&
+ asid_contains(b->rdi->u.asIdsOrRanges,
+ a->rdi->u.asIdsOrRanges)));
+}
+
+/*
+ * Validation error handling via callback.
+ */
+# define validation_err(_err_) \
+ do { \
+ if (ctx != NULL) { \
+ ctx->error = _err_; \
+ ctx->error_depth = i; \
+ ctx->current_cert = x; \
+ ret = ctx->verify_cb(0, ctx); \
+ } else { \
+ ret = 0; \
+ } \
+ if (!ret) \
+ goto done; \
+ } while (0)
+
+/*
+ * Core code for RFC 3779 3.3 path validation.
+ */
+static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
+ STACK_OF(X509) *chain,
+ ASIdentifiers *ext)
+{
+ ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
+ int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
+ X509 *x = NULL;
+
+ OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+ OPENSSL_assert(ctx != NULL || ext != NULL);
+ OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+
+ /*
+ * Figure out where to start. If we don't have an extension to
+ * check, we're done. Otherwise, check canonical form and
+ * set up for walking up the chain.
+ */
+ if (ext != NULL) {
+ i = -1;
+ } else {
+ i = 0;
+ x = sk_X509_value(chain, i);
+ OPENSSL_assert(x != NULL);
+ if ((ext = x->rfc3779_asid) == NULL)
+ goto done;
+ }
+ if (!v3_asid_is_canonical(ext))
+ validation_err(X509_V_ERR_INVALID_EXTENSION);
+ if (ext->asnum != NULL) {
+ switch (ext->asnum->type) {
+ case ASIdentifierChoice_inherit:
+ inherit_as = 1;
+ break;
+ case ASIdentifierChoice_asIdsOrRanges:
+ child_as = ext->asnum->u.asIdsOrRanges;
+ break;
+ }
+ }
+ if (ext->rdi != NULL) {
+ switch (ext->rdi->type) {
+ case ASIdentifierChoice_inherit:
+ inherit_rdi = 1;
+ break;
+ case ASIdentifierChoice_asIdsOrRanges:
+ child_rdi = ext->rdi->u.asIdsOrRanges;
+ break;
+ }
+ }
+
+ /*
+ * Now walk up the chain. Extensions must be in canonical form, no
+ * cert may list resources that its parent doesn't list.
+ */
+ for (i++; i < sk_X509_num(chain); i++) {
+ x = sk_X509_value(chain, i);
+ OPENSSL_assert(x != NULL);
+ if (x->rfc3779_asid == NULL) {
+ if (child_as != NULL || child_rdi != NULL)
+ validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+ continue;
+ }
+ if (!v3_asid_is_canonical(x->rfc3779_asid))
+ validation_err(X509_V_ERR_INVALID_EXTENSION);
+ if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
+ validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+ child_as = NULL;
+ inherit_as = 0;
+ }
+ if (x->rfc3779_asid->asnum != NULL &&
+ x->rfc3779_asid->asnum->type ==
+ ASIdentifierChoice_asIdsOrRanges) {
+ if (inherit_as
+ || asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges,
+ child_as)) {
+ child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;
+ inherit_as = 0;
+ } else {
+ validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+ }
+ }
+ if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {
+ validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+ child_rdi = NULL;
+ inherit_rdi = 0;
+ }
+ if (x->rfc3779_asid->rdi != NULL &&
+ x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {
+ if (inherit_rdi ||
+ asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges,
+ child_rdi)) {
+ child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;
+ inherit_rdi = 0;
+ } else {
+ validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+ }
+ }
+ }
+
+ /*
+ * Trust anchor can't inherit.
+ */
+ if (x->rfc3779_asid != NULL) {
+ if (x->rfc3779_asid->asnum != NULL &&
+ x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
+ validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+ if (x->rfc3779_asid->rdi != NULL &&
+ x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)
+ validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+ }
+
+ done:
+ return ret;
+}
+
+# undef validation_err
+
+/*
+ * RFC 3779 3.3 path validation -- called from X509_verify_cert().
+ */
+int v3_asid_validate_path(X509_STORE_CTX *ctx)
+{
+ return v3_asid_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 3.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+ ASIdentifiers *ext, int allow_inheritance)
+{
+ if (ext == NULL)
+ return 1;
+ if (chain == NULL || sk_X509_num(chain) == 0)
+ return 0;
+ if (!allow_inheritance && v3_asid_inherits(ext))
+ return 0;
+ return v3_asid_validate_path_internal(NULL, chain, ext);
+}
+
+#endif /* OPENSSL_NO_RFC3779 */
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bcons.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_bcons.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bcons.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,124 +0,0 @@
-/* v3_bcons.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-
-const X509V3_EXT_METHOD v3_bcons = {
-NID_basic_constraints, 0,
-ASN1_ITEM_ref(BASIC_CONSTRAINTS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
-(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
-NULL,NULL,
-NULL
-};
-
-ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
- ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
- ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
-
-IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
-
-
-static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
- BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
-{
- X509V3_add_value_bool("CA", bcons->ca, &extlist);
- X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
- return extlist;
-}
-
-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
-{
- BASIC_CONSTRAINTS *bcons=NULL;
- CONF_VALUE *val;
- int i;
- if(!(bcons = BASIC_CONSTRAINTS_new())) {
- X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
- val = sk_CONF_VALUE_value(values, i);
- if(!strcmp(val->name, "CA")) {
- if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
- } else if(!strcmp(val->name, "pathlen")) {
- if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
- } else {
- X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
- X509V3_conf_err(val);
- goto err;
- }
- }
- return bcons;
- err:
- BASIC_CONSTRAINTS_free(bcons);
- return NULL;
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bcons.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_bcons.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bcons.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bcons.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,132 @@
+/* v3_bcons.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+ BASIC_CONSTRAINTS *bcons,
+ STACK_OF(CONF_VALUE)
+ *extlist);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_bcons = {
+ NID_basic_constraints, 0,
+ ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+ 0, 0, 0, 0,
+ 0, 0,
+ (X509V3_EXT_I2V) i2v_BASIC_CONSTRAINTS,
+ (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+ NULL, NULL,
+ NULL
+};
+
+ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
+ ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
+ ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+ BASIC_CONSTRAINTS *bcons,
+ STACK_OF(CONF_VALUE)
+ *extlist)
+{
+ X509V3_add_value_bool("CA", bcons->ca, &extlist);
+ X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+ return extlist;
+}
+
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *values)
+{
+ BASIC_CONSTRAINTS *bcons = NULL;
+ CONF_VALUE *val;
+ int i;
+ if (!(bcons = BASIC_CONSTRAINTS_new())) {
+ X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+ val = sk_CONF_VALUE_value(values, i);
+ if (!strcmp(val->name, "CA")) {
+ if (!X509V3_get_value_bool(val, &bcons->ca))
+ goto err;
+ } else if (!strcmp(val->name, "pathlen")) {
+ if (!X509V3_get_value_int(val, &bcons->pathlen))
+ goto err;
+ } else {
+ X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ }
+ return bcons;
+ err:
+ BASIC_CONSTRAINTS_free(bcons);
+ return NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bitst.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_bitst.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bitst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,141 +0,0 @@
-/* v3_bitst.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static BIT_STRING_BITNAME ns_cert_type_table[] = {
-{0, "SSL Client", "client"},
-{1, "SSL Server", "server"},
-{2, "S/MIME", "email"},
-{3, "Object Signing", "objsign"},
-{4, "Unused", "reserved"},
-{5, "SSL CA", "sslCA"},
-{6, "S/MIME CA", "emailCA"},
-{7, "Object Signing CA", "objCA"},
-{-1, NULL, NULL}
-};
-
-static BIT_STRING_BITNAME key_usage_type_table[] = {
-{0, "Digital Signature", "digitalSignature"},
-{1, "Non Repudiation", "nonRepudiation"},
-{2, "Key Encipherment", "keyEncipherment"},
-{3, "Data Encipherment", "dataEncipherment"},
-{4, "Key Agreement", "keyAgreement"},
-{5, "Certificate Sign", "keyCertSign"},
-{6, "CRL Sign", "cRLSign"},
-{7, "Encipher Only", "encipherOnly"},
-{8, "Decipher Only", "decipherOnly"},
-{-1, NULL, NULL}
-};
-
-
-
-const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
-const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
-
-STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
- ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
-{
- BIT_STRING_BITNAME *bnam;
- for(bnam =method->usr_data; bnam->lname; bnam++) {
- if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
- X509V3_add_value(bnam->lname, NULL, &ret);
- }
- return ret;
-}
-
-ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
- CONF_VALUE *val;
- ASN1_BIT_STRING *bs;
- int i;
- BIT_STRING_BITNAME *bnam;
- if(!(bs = M_ASN1_BIT_STRING_new())) {
- X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- val = sk_CONF_VALUE_value(nval, i);
- for(bnam = method->usr_data; bnam->lname; bnam++) {
- if(!strcmp(bnam->sname, val->name) ||
- !strcmp(bnam->lname, val->name) ) {
- if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
- X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
- ERR_R_MALLOC_FAILURE);
- M_ASN1_BIT_STRING_free(bs);
- return NULL;
- }
- break;
- }
- }
- if(!bnam->lname) {
- X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
- X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
- X509V3_conf_err(val);
- M_ASN1_BIT_STRING_free(bs);
- return NULL;
- }
- }
- return bs;
-}
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bitst.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_bitst.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bitst.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_bitst.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,142 @@
+/* v3_bitst.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static BIT_STRING_BITNAME ns_cert_type_table[] = {
+ {0, "SSL Client", "client"},
+ {1, "SSL Server", "server"},
+ {2, "S/MIME", "email"},
+ {3, "Object Signing", "objsign"},
+ {4, "Unused", "reserved"},
+ {5, "SSL CA", "sslCA"},
+ {6, "S/MIME CA", "emailCA"},
+ {7, "Object Signing CA", "objCA"},
+ {-1, NULL, NULL}
+};
+
+static BIT_STRING_BITNAME key_usage_type_table[] = {
+ {0, "Digital Signature", "digitalSignature"},
+ {1, "Non Repudiation", "nonRepudiation"},
+ {2, "Key Encipherment", "keyEncipherment"},
+ {3, "Data Encipherment", "dataEncipherment"},
+ {4, "Key Agreement", "keyAgreement"},
+ {5, "Certificate Sign", "keyCertSign"},
+ {6, "CRL Sign", "cRLSign"},
+ {7, "Encipher Only", "encipherOnly"},
+ {8, "Decipher Only", "decipherOnly"},
+ {-1, NULL, NULL}
+};
+
+const X509V3_EXT_METHOD v3_nscert =
+EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+const X509V3_EXT_METHOD v3_key_usage =
+EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+
+STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+ ASN1_BIT_STRING *bits,
+ STACK_OF(CONF_VALUE) *ret)
+{
+ BIT_STRING_BITNAME *bnam;
+ for (bnam = method->usr_data; bnam->lname; bnam++) {
+ if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
+ X509V3_add_value(bnam->lname, NULL, &ret);
+ }
+ return ret;
+}
+
+ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval)
+{
+ CONF_VALUE *val;
+ ASN1_BIT_STRING *bs;
+ int i;
+ BIT_STRING_BITNAME *bnam;
+ if (!(bs = M_ASN1_BIT_STRING_new())) {
+ X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ val = sk_CONF_VALUE_value(nval, i);
+ for (bnam = method->usr_data; bnam->lname; bnam++) {
+ if (!strcmp(bnam->sname, val->name) ||
+ !strcmp(bnam->lname, val->name)) {
+ if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
+ X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+ ERR_R_MALLOC_FAILURE);
+ M_ASN1_BIT_STRING_free(bs);
+ return NULL;
+ }
+ break;
+ }
+ }
+ if (!bnam->lname) {
+ X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+ X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+ X509V3_conf_err(val);
+ M_ASN1_BIT_STRING_free(bs);
+ return NULL;
+ }
+ }
+ return bs;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_conf.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_conf.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_conf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,524 +0,0 @@
-/* v3_conf.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* extension creation utilities */
-
-
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-static int v3_check_critical(char **value);
-static int v3_check_generic(char **value);
-static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
-static char *conf_lhash_get_string(void *db, char *section, char *value);
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
- int crit, void *ext_struc);
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
-/* CONF *conf: Config file */
-/* char *name: Name */
-/* char *value: Value */
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
- char *value)
- {
- int crit;
- int ext_type;
- X509_EXTENSION *ret;
- crit = v3_check_critical(&value);
- if ((ext_type = v3_check_generic(&value)))
- return v3_generic_extension(name, value, crit, ext_type, ctx);
- ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
- if (!ret)
- {
- X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION);
- ERR_add_error_data(4,"name=", name, ", value=", value);
- }
- return ret;
- }
-
-/* CONF *conf: Config file */
-/* char *value: Value */
-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
- char *value)
- {
- int crit;
- int ext_type;
- crit = v3_check_critical(&value);
- if ((ext_type = v3_check_generic(&value)))
- return v3_generic_extension(OBJ_nid2sn(ext_nid),
- value, crit, ext_type, ctx);
- return do_ext_nconf(conf, ctx, ext_nid, crit, value);
- }
-
-/* CONF *conf: Config file */
-/* char *value: Value */
-static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
- int crit, char *value)
- {
- X509V3_EXT_METHOD *method;
- X509_EXTENSION *ext;
- STACK_OF(CONF_VALUE) *nval;
- void *ext_struc;
- if (ext_nid == NID_undef)
- {
- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
- return NULL;
- }
- if (!(method = X509V3_EXT_get_nid(ext_nid)))
- {
- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION);
- return NULL;
- }
- /* Now get internal extension representation based on type */
- if (method->v2i)
- {
- if(*value == '@') nval = NCONF_get_section(conf, value + 1);
- else nval = X509V3_parse_list(value);
- if(sk_CONF_VALUE_num(nval) <= 0)
- {
- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING);
- ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
- return NULL;
- }
- ext_struc = method->v2i(method, ctx, nval);
- if(*value != '@') sk_CONF_VALUE_pop_free(nval,
- X509V3_conf_free);
- if(!ext_struc) return NULL;
- }
- else if(method->s2i)
- {
- if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
- }
- else if(method->r2i)
- {
- if(!ctx->db || !ctx->db_meth)
- {
- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE);
- return NULL;
- }
- if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
- }
- else
- {
- X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
- ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
- return NULL;
- }
-
- ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
- if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
- else method->ext_free(ext_struc);
- return ext;
-
- }
-
-static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
- int crit, void *ext_struc)
- {
- unsigned char *ext_der;
- int ext_len;
- ASN1_OCTET_STRING *ext_oct;
- X509_EXTENSION *ext;
- /* Convert internal representation to DER */
- if (method->it)
- {
- ext_der = NULL;
- ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
- if (ext_len < 0) goto merr;
- }
- else
- {
- unsigned char *p;
- ext_len = method->i2d(ext_struc, NULL);
- if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
- p = ext_der;
- method->i2d(ext_struc, &p);
- }
- if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
- ext_oct->data = ext_der;
- ext_oct->length = ext_len;
-
- ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
- if (!ext) goto merr;
- M_ASN1_OCTET_STRING_free(ext_oct);
-
- return ext;
-
- merr:
- X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
- return NULL;
-
- }
-
-/* Given an internal structure, nid and critical flag create an extension */
-
-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
- {
- X509V3_EXT_METHOD *method;
- if (!(method = X509V3_EXT_get_nid(ext_nid))) {
- X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
- return NULL;
- }
- return do_ext_i2d(method, ext_nid, crit, ext_struc);
-}
-
-/* Check the extension string for critical flag */
-static int v3_check_critical(char **value)
-{
- char *p = *value;
- if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
- p+=9;
- while(isspace((unsigned char)*p)) p++;
- *value = p;
- return 1;
-}
-
-/* Check extension string for generic extension and return the type */
-static int v3_check_generic(char **value)
-{
- int gen_type = 0;
- char *p = *value;
- if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4))
- {
- p+=4;
- gen_type = 1;
- }
- else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5))
- {
- p+=5;
- gen_type = 2;
- }
- else
- return 0;
-
- while (isspace((unsigned char)*p)) p++;
- *value = p;
- return gen_type;
-}
-
-/* Create a generic extension: for now just handle DER type */
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
- int crit, int gen_type, X509V3_CTX *ctx)
- {
- unsigned char *ext_der=NULL;
- long ext_len;
- ASN1_OBJECT *obj=NULL;
- ASN1_OCTET_STRING *oct=NULL;
- X509_EXTENSION *extension=NULL;
- if (!(obj = OBJ_txt2obj(ext, 0)))
- {
- X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
- ERR_add_error_data(2, "name=", ext);
- goto err;
- }
-
- if (gen_type == 1)
- ext_der = string_to_hex(value, &ext_len);
- else if (gen_type == 2)
- ext_der = generic_asn1(value, ctx, &ext_len);
-
- if (ext_der == NULL)
- {
- X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
- ERR_add_error_data(2, "value=", value);
- goto err;
- }
-
- if (!(oct = M_ASN1_OCTET_STRING_new()))
- {
- X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- oct->data = ext_der;
- oct->length = ext_len;
- ext_der = NULL;
-
- extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
-
- err:
- ASN1_OBJECT_free(obj);
- M_ASN1_OCTET_STRING_free(oct);
- if(ext_der) OPENSSL_free(ext_der);
- return extension;
-
- }
-
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
- {
- ASN1_TYPE *typ;
- unsigned char *ext_der = NULL;
- typ = ASN1_generate_v3(value, ctx);
- if (typ == NULL)
- return NULL;
- *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
- ASN1_TYPE_free(typ);
- return ext_der;
- }
-
-/* This is the main function: add a bunch of extensions based on a config file
- * section to an extension STACK.
- */
-
-
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
- STACK_OF(X509_EXTENSION) **sk)
- {
- X509_EXTENSION *ext;
- STACK_OF(CONF_VALUE) *nval;
- CONF_VALUE *val;
- int i;
- if (!(nval = NCONF_get_section(conf, section))) return 0;
- for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
- {
- val = sk_CONF_VALUE_value(nval, i);
- if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
- return 0;
- if (sk) X509v3_add_ext(sk, ext, -1);
- X509_EXTENSION_free(ext);
- }
- return 1;
- }
-
-/* Convenience functions to add extensions to a certificate, CRL and request */
-
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
- X509 *cert)
- {
- STACK_OF(X509_EXTENSION) **sk = NULL;
- if (cert)
- sk = &cert->cert_info->extensions;
- return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
- }
-
-/* Same as above but for a CRL */
-
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
- X509_CRL *crl)
- {
- STACK_OF(X509_EXTENSION) **sk = NULL;
- if (crl)
- sk = &crl->crl->extensions;
- return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
- }
-
-/* Add extensions to certificate request */
-
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
- X509_REQ *req)
- {
- STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
- int i;
- if (req)
- sk = &extlist;
- i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
- if (!i || !sk)
- return i;
- i = X509_REQ_add_extensions(req, extlist);
- sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
- return i;
- }
-
-/* Config database functions */
-
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
- {
- if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string)
- {
- X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED);
- return NULL;
- }
- if (ctx->db_meth->get_string)
- return ctx->db_meth->get_string(ctx->db, name, section);
- return NULL;
- }
-
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
- {
- if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section)
- {
- X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED);
- return NULL;
- }
- if (ctx->db_meth->get_section)
- return ctx->db_meth->get_section(ctx->db, section);
- return NULL;
- }
-
-void X509V3_string_free(X509V3_CTX *ctx, char *str)
- {
- if (!str) return;
- if (ctx->db_meth->free_string)
- ctx->db_meth->free_string(ctx->db, str);
- }
-
-void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
- {
- if (!section) return;
- if (ctx->db_meth->free_section)
- ctx->db_meth->free_section(ctx->db, section);
- }
-
-static char *nconf_get_string(void *db, char *section, char *value)
- {
- return NCONF_get_string(db, section, value);
- }
-
-static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
- {
- return NCONF_get_section(db, section);
- }
-
-static X509V3_CONF_METHOD nconf_method = {
-nconf_get_string,
-nconf_get_section,
-NULL,
-NULL
-};
-
-void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
- {
- ctx->db_meth = &nconf_method;
- ctx->db = conf;
- }
-
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
- X509_CRL *crl, int flags)
- {
- ctx->issuer_cert = issuer;
- ctx->subject_cert = subj;
- ctx->crl = crl;
- ctx->subject_req = req;
- ctx->flags = flags;
- }
-
-/* Old conf compatibility functions */
-
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
- char *value)
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
- return X509V3_EXT_nconf(&ctmp, ctx, name, value);
- }
-
-/* LHASH *conf: Config file */
-/* char *value: Value */
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
- char *value)
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
- return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
- }
-
-static char *conf_lhash_get_string(void *db, char *section, char *value)
- {
- return CONF_get_string(db, section, value);
- }
-
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
- {
- return CONF_get_section(db, section);
- }
-
-static X509V3_CONF_METHOD conf_lhash_method = {
-conf_lhash_get_string,
-conf_lhash_get_section,
-NULL,
-NULL
-};
-
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
- {
- ctx->db_meth = &conf_lhash_method;
- ctx->db = lhash;
- }
-
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
- X509 *cert)
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
- return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
- }
-
-/* Same as above but for a CRL */
-
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
- X509_CRL *crl)
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
- return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
- }
-
-/* Add extensions to certificate request */
-
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
- X509_REQ *req)
- {
- CONF ctmp;
- CONF_set_nconf(&ctmp, conf);
- return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_conf.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_conf.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_conf.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_conf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,532 @@
+/* v3_conf.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* extension creation utilities */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+static int v3_check_critical(char **value);
+static int v3_check_generic(char **value);
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+ int crit, char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+ int crit, int type,
+ X509V3_CTX *ctx);
+static char *conf_lhash_get_string(void *db, char *section, char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+ int crit, void *ext_struc);
+static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
+ long *ext_len);
+/* CONF *conf: Config file */
+/* char *name: Name */
+/* char *value: Value */
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
+ char *value)
+{
+ int crit;
+ int ext_type;
+ X509_EXTENSION *ret;
+ crit = v3_check_critical(&value);
+ if ((ext_type = v3_check_generic(&value)))
+ return v3_generic_extension(name, value, crit, ext_type, ctx);
+ ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
+ if (!ret) {
+ X509V3err(X509V3_F_X509V3_EXT_NCONF, X509V3_R_ERROR_IN_EXTENSION);
+ ERR_add_error_data(4, "name=", name, ", value=", value);
+ }
+ return ret;
+}
+
+/* CONF *conf: Config file */
+/* char *value: Value */
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+ char *value)
+{
+ int crit;
+ int ext_type;
+ crit = v3_check_critical(&value);
+ if ((ext_type = v3_check_generic(&value)))
+ return v3_generic_extension(OBJ_nid2sn(ext_nid),
+ value, crit, ext_type, ctx);
+ return do_ext_nconf(conf, ctx, ext_nid, crit, value);
+}
+
+/* CONF *conf: Config file */
+/* char *value: Value */
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+ int crit, char *value)
+{
+ X509V3_EXT_METHOD *method;
+ X509_EXTENSION *ext;
+ STACK_OF(CONF_VALUE) *nval;
+ void *ext_struc;
+ if (ext_nid == NID_undef) {
+ X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME);
+ return NULL;
+ }
+ if (!(method = X509V3_EXT_get_nid(ext_nid))) {
+ X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
+ return NULL;
+ }
+ /* Now get internal extension representation based on type */
+ if (method->v2i) {
+ if (*value == '@')
+ nval = NCONF_get_section(conf, value + 1);
+ else
+ nval = X509V3_parse_list(value);
+ if (sk_CONF_VALUE_num(nval) <= 0) {
+ X509V3err(X509V3_F_DO_EXT_NCONF,
+ X509V3_R_INVALID_EXTENSION_STRING);
+ ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
+ value);
+ return NULL;
+ }
+ ext_struc = method->v2i(method, ctx, nval);
+ if (*value != '@')
+ sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+ if (!ext_struc)
+ return NULL;
+ } else if (method->s2i) {
+ if (!(ext_struc = method->s2i(method, ctx, value)))
+ return NULL;
+ } else if (method->r2i) {
+ if (!ctx->db || !ctx->db_meth) {
+ X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE);
+ return NULL;
+ }
+ if (!(ext_struc = method->r2i(method, ctx, value)))
+ return NULL;
+ } else {
+ X509V3err(X509V3_F_DO_EXT_NCONF,
+ X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+ ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
+ return NULL;
+ }
+
+ ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
+ if (method->it)
+ ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
+ else
+ method->ext_free(ext_struc);
+ return ext;
+
+}
+
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+ int crit, void *ext_struc)
+{
+ unsigned char *ext_der;
+ int ext_len;
+ ASN1_OCTET_STRING *ext_oct;
+ X509_EXTENSION *ext;
+ /* Convert internal representation to DER */
+ if (method->it) {
+ ext_der = NULL;
+ ext_len =
+ ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
+ if (ext_len < 0)
+ goto merr;
+ } else {
+ unsigned char *p;
+ ext_len = method->i2d(ext_struc, NULL);
+ if (!(ext_der = OPENSSL_malloc(ext_len)))
+ goto merr;
+ p = ext_der;
+ method->i2d(ext_struc, &p);
+ }
+ if (!(ext_oct = M_ASN1_OCTET_STRING_new()))
+ goto merr;
+ ext_oct->data = ext_der;
+ ext_oct->length = ext_len;
+
+ ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+ if (!ext)
+ goto merr;
+ M_ASN1_OCTET_STRING_free(ext_oct);
+
+ return ext;
+
+ merr:
+ X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);
+ return NULL;
+
+}
+
+/* Given an internal structure, nid and critical flag create an extension */
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
+{
+ X509V3_EXT_METHOD *method;
+ if (!(method = X509V3_EXT_get_nid(ext_nid))) {
+ X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION);
+ return NULL;
+ }
+ return do_ext_i2d(method, ext_nid, crit, ext_struc);
+}
+
+/* Check the extension string for critical flag */
+static int v3_check_critical(char **value)
+{
+ char *p = *value;
+ if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
+ return 0;
+ p += 9;
+ while (isspace((unsigned char)*p))
+ p++;
+ *value = p;
+ return 1;
+}
+
+/* Check extension string for generic extension and return the type */
+static int v3_check_generic(char **value)
+{
+ int gen_type = 0;
+ char *p = *value;
+ if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
+ p += 4;
+ gen_type = 1;
+ } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) {
+ p += 5;
+ gen_type = 2;
+ } else
+ return 0;
+
+ while (isspace((unsigned char)*p))
+ p++;
+ *value = p;
+ return gen_type;
+}
+
+/* Create a generic extension: for now just handle DER type */
+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+ int crit, int gen_type,
+ X509V3_CTX *ctx)
+{
+ unsigned char *ext_der = NULL;
+ long ext_len;
+ ASN1_OBJECT *obj = NULL;
+ ASN1_OCTET_STRING *oct = NULL;
+ X509_EXTENSION *extension = NULL;
+ if (!(obj = OBJ_txt2obj(ext, 0))) {
+ X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
+ X509V3_R_EXTENSION_NAME_ERROR);
+ ERR_add_error_data(2, "name=", ext);
+ goto err;
+ }
+
+ if (gen_type == 1)
+ ext_der = string_to_hex(value, &ext_len);
+ else if (gen_type == 2)
+ ext_der = generic_asn1(value, ctx, &ext_len);
+
+ if (ext_der == NULL) {
+ X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
+ X509V3_R_EXTENSION_VALUE_ERROR);
+ ERR_add_error_data(2, "value=", value);
+ goto err;
+ }
+
+ if (!(oct = M_ASN1_OCTET_STRING_new())) {
+ X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ oct->data = ext_der;
+ oct->length = ext_len;
+ ext_der = NULL;
+
+ extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+
+ err:
+ ASN1_OBJECT_free(obj);
+ M_ASN1_OCTET_STRING_free(oct);
+ if (ext_der)
+ OPENSSL_free(ext_der);
+ return extension;
+
+}
+
+static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
+ long *ext_len)
+{
+ ASN1_TYPE *typ;
+ unsigned char *ext_der = NULL;
+ typ = ASN1_generate_v3(value, ctx);
+ if (typ == NULL)
+ return NULL;
+ *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
+ ASN1_TYPE_free(typ);
+ return ext_der;
+}
+
+/*
+ * This is the main function: add a bunch of extensions based on a config
+ * file section to an extension STACK.
+ */
+
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+ STACK_OF(X509_EXTENSION) **sk)
+{
+ X509_EXTENSION *ext;
+ STACK_OF(CONF_VALUE) *nval;
+ CONF_VALUE *val;
+ int i;
+ if (!(nval = NCONF_get_section(conf, section)))
+ return 0;
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ val = sk_CONF_VALUE_value(nval, i);
+ if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
+ return 0;
+ if (sk)
+ X509v3_add_ext(sk, ext, -1);
+ X509_EXTENSION_free(ext);
+ }
+ return 1;
+}
+
+/*
+ * Convenience functions to add extensions to a certificate, CRL and request
+ */
+
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+ X509 *cert)
+{
+ STACK_OF(X509_EXTENSION) **sk = NULL;
+ if (cert)
+ sk = &cert->cert_info->extensions;
+ return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+ X509_CRL *crl)
+{
+ STACK_OF(X509_EXTENSION) **sk = NULL;
+ if (crl)
+ sk = &crl->crl->extensions;
+ return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+}
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+ X509_REQ *req)
+{
+ STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
+ int i;
+ if (req)
+ sk = &extlist;
+ i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+ if (!i || !sk)
+ return i;
+ i = X509_REQ_add_extensions(req, extlist);
+ sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
+ return i;
+}
+
+/* Config database functions */
+
+char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
+{
+ if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
+ X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED);
+ return NULL;
+ }
+ if (ctx->db_meth->get_string)
+ return ctx->db_meth->get_string(ctx->db, name, section);
+ return NULL;
+}
+
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section)
+{
+ if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
+ X509V3err(X509V3_F_X509V3_GET_SECTION,
+ X509V3_R_OPERATION_NOT_DEFINED);
+ return NULL;
+ }
+ if (ctx->db_meth->get_section)
+ return ctx->db_meth->get_section(ctx->db, section);
+ return NULL;
+}
+
+void X509V3_string_free(X509V3_CTX *ctx, char *str)
+{
+ if (!str)
+ return;
+ if (ctx->db_meth->free_string)
+ ctx->db_meth->free_string(ctx->db, str);
+}
+
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
+{
+ if (!section)
+ return;
+ if (ctx->db_meth->free_section)
+ ctx->db_meth->free_section(ctx->db, section);
+}
+
+static char *nconf_get_string(void *db, char *section, char *value)
+{
+ return NCONF_get_string(db, section, value);
+}
+
+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
+{
+ return NCONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD nconf_method = {
+ nconf_get_string,
+ nconf_get_section,
+ NULL,
+ NULL
+};
+
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
+{
+ ctx->db_meth = &nconf_method;
+ ctx->db = conf;
+}
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+ X509_CRL *crl, int flags)
+{
+ ctx->issuer_cert = issuer;
+ ctx->subject_cert = subj;
+ ctx->crl = crl;
+ ctx->subject_req = req;
+ ctx->flags = flags;
+}
+
+/* Old conf compatibility functions */
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+ char *value)
+{
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+}
+
+/* LHASH *conf: Config file */
+/* char *value: Value */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+ char *value)
+{
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+}
+
+static char *conf_lhash_get_string(void *db, char *section, char *value)
+{
+ return CONF_get_string(db, section, value);
+}
+
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
+{
+ return CONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD conf_lhash_method = {
+ conf_lhash_get_string,
+ conf_lhash_get_section,
+ NULL,
+ NULL
+};
+
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
+{
+ ctx->db_meth = &conf_lhash_method;
+ ctx->db = lhash;
+}
+
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+ X509 *cert)
+{
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
+}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+ X509_CRL *crl)
+{
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+}
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+ X509_REQ *req)
+{
+ CONF ctmp;
+ CONF_set_nconf(&ctmp, conf);
+ return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_cpols.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_cpols.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_cpols.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,454 +0,0 @@
-/* v3_cpols.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-#include "pcy_int.h"
-
-/* Certificate policies extension support: this one is a bit complex... */
-
-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
-static void print_notice(BIO *out, USERNOTICE *notice, int indent);
-static POLICYINFO *policy_section(X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *polstrs, int ia5org);
-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *unot, int ia5org);
-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
-
-const X509V3_EXT_METHOD v3_cpols = {
-NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
-0,0,0,0,
-0,0,
-0,0,
-(X509V3_EXT_I2R)i2r_certpol,
-(X509V3_EXT_R2I)r2i_certpol,
-NULL
-};
-
-ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
-ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
-
-IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
-
-ASN1_SEQUENCE(POLICYINFO) = {
- ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
- ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
-} ASN1_SEQUENCE_END(POLICYINFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
-
-ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
-
-ASN1_ADB(POLICYQUALINFO) = {
- ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
- ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
-} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
-
-ASN1_SEQUENCE(POLICYQUALINFO) = {
- ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
- ASN1_ADB_OBJECT(POLICYQUALINFO)
-} ASN1_SEQUENCE_END(POLICYQUALINFO)
-
-IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
-
-ASN1_SEQUENCE(USERNOTICE) = {
- ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
- ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
-} ASN1_SEQUENCE_END(USERNOTICE)
-
-IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
-
-ASN1_SEQUENCE(NOTICEREF) = {
- ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
- ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(NOTICEREF)
-
-IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
-
-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *value)
-{
- STACK_OF(POLICYINFO) *pols = NULL;
- char *pstr;
- POLICYINFO *pol;
- ASN1_OBJECT *pobj;
- STACK_OF(CONF_VALUE) *vals;
- CONF_VALUE *cnf;
- int i, ia5org;
- pols = sk_POLICYINFO_new_null();
- if (pols == NULL) {
- X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- vals = X509V3_parse_list(value);
- if (vals == NULL) {
- X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
- goto err;
- }
- ia5org = 0;
- for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
- cnf = sk_CONF_VALUE_value(vals, i);
- if(cnf->value || !cnf->name ) {
- X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
- X509V3_conf_err(cnf);
- goto err;
- }
- pstr = cnf->name;
- if(!strcmp(pstr,"ia5org")) {
- ia5org = 1;
- continue;
- } else if(*pstr == '@') {
- STACK_OF(CONF_VALUE) *polsect;
- polsect = X509V3_get_section(ctx, pstr + 1);
- if(!polsect) {
- X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
-
- X509V3_conf_err(cnf);
- goto err;
- }
- pol = policy_section(ctx, polsect, ia5org);
- X509V3_section_free(ctx, polsect);
- if(!pol) goto err;
- } else {
- if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
- X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
- X509V3_conf_err(cnf);
- goto err;
- }
- pol = POLICYINFO_new();
- pol->policyid = pobj;
- }
- if (!sk_POLICYINFO_push(pols, pol)){
- POLICYINFO_free(pol);
- X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
- return pols;
- err:
- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
- sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
- return NULL;
-}
-
-static POLICYINFO *policy_section(X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *polstrs, int ia5org)
-{
- int i;
- CONF_VALUE *cnf;
- POLICYINFO *pol;
- POLICYQUALINFO *qual;
- if(!(pol = POLICYINFO_new())) goto merr;
- for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
- cnf = sk_CONF_VALUE_value(polstrs, i);
- if(!strcmp(cnf->name, "policyIdentifier")) {
- ASN1_OBJECT *pobj;
- if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
- X509V3_conf_err(cnf);
- goto err;
- }
- pol->policyid = pobj;
-
- } else if(!name_cmp(cnf->name, "CPS")) {
- if(!pol->qualifiers) pol->qualifiers =
- sk_POLICYQUALINFO_new_null();
- if(!(qual = POLICYQUALINFO_new())) goto merr;
- if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
- goto merr;
- qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
- qual->d.cpsuri = M_ASN1_IA5STRING_new();
- if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
- strlen(cnf->value))) goto merr;
- } else if(!name_cmp(cnf->name, "userNotice")) {
- STACK_OF(CONF_VALUE) *unot;
- if(*cnf->value != '@') {
- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
- X509V3_conf_err(cnf);
- goto err;
- }
- unot = X509V3_get_section(ctx, cnf->value + 1);
- if(!unot) {
- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
-
- X509V3_conf_err(cnf);
- goto err;
- }
- qual = notice_section(ctx, unot, ia5org);
- X509V3_section_free(ctx, unot);
- if(!qual) goto err;
- if(!pol->qualifiers) pol->qualifiers =
- sk_POLICYQUALINFO_new_null();
- if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
- goto merr;
- } else {
- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
-
- X509V3_conf_err(cnf);
- goto err;
- }
- }
- if(!pol->policyid) {
- X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
- goto err;
- }
-
- return pol;
-
- merr:
- X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
-
- err:
- POLICYINFO_free(pol);
- return NULL;
-
-
-}
-
-static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *unot, int ia5org)
-{
- int i, ret;
- CONF_VALUE *cnf;
- USERNOTICE *not;
- POLICYQUALINFO *qual;
- if(!(qual = POLICYQUALINFO_new())) goto merr;
- qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
- if(!(not = USERNOTICE_new())) goto merr;
- qual->d.usernotice = not;
- for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
- cnf = sk_CONF_VALUE_value(unot, i);
- if(!strcmp(cnf->name, "explicitText")) {
- not->exptext = M_ASN1_VISIBLESTRING_new();
- if(!ASN1_STRING_set(not->exptext, cnf->value,
- strlen(cnf->value))) goto merr;
- } else if(!strcmp(cnf->name, "organization")) {
- NOTICEREF *nref;
- if(!not->noticeref) {
- if(!(nref = NOTICEREF_new())) goto merr;
- not->noticeref = nref;
- } else nref = not->noticeref;
- if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
- else nref->organization->type = V_ASN1_VISIBLESTRING;
- if(!ASN1_STRING_set(nref->organization, cnf->value,
- strlen(cnf->value))) goto merr;
- } else if(!strcmp(cnf->name, "noticeNumbers")) {
- NOTICEREF *nref;
- STACK_OF(CONF_VALUE) *nos;
- if(!not->noticeref) {
- if(!(nref = NOTICEREF_new())) goto merr;
- not->noticeref = nref;
- } else nref = not->noticeref;
- nos = X509V3_parse_list(cnf->value);
- if(!nos || !sk_CONF_VALUE_num(nos)) {
- X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
- X509V3_conf_err(cnf);
- goto err;
- }
- ret = nref_nos(nref->noticenos, nos);
- sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
- if (!ret)
- goto err;
- } else {
- X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
- X509V3_conf_err(cnf);
- goto err;
- }
- }
-
- if(not->noticeref &&
- (!not->noticeref->noticenos || !not->noticeref->organization)) {
- X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
- goto err;
- }
-
- return qual;
-
- merr:
- X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
-
- err:
- POLICYQUALINFO_free(qual);
- return NULL;
-}
-
-static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
-{
- CONF_VALUE *cnf;
- ASN1_INTEGER *aint;
-
- int i;
-
- for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
- cnf = sk_CONF_VALUE_value(nos, i);
- if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
- X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
- goto err;
- }
- if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
- }
- return 1;
-
- merr:
- X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE);
-
- err:
- sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
- return 0;
-}
-
-
-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
- BIO *out, int indent)
-{
- int i;
- POLICYINFO *pinfo;
- /* First print out the policy OIDs */
- for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
- pinfo = sk_POLICYINFO_value(pol, i);
- BIO_printf(out, "%*sPolicy: ", indent, "");
- i2a_ASN1_OBJECT(out, pinfo->policyid);
- BIO_puts(out, "\n");
- if(pinfo->qualifiers)
- print_qualifiers(out, pinfo->qualifiers, indent + 2);
- }
- return 1;
-}
-
-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
- int indent)
-{
- POLICYQUALINFO *qualinfo;
- int i;
- for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
- qualinfo = sk_POLICYQUALINFO_value(quals, i);
- switch(OBJ_obj2nid(qualinfo->pqualid))
- {
- case NID_id_qt_cps:
- BIO_printf(out, "%*sCPS: %s\n", indent, "",
- qualinfo->d.cpsuri->data);
- break;
-
- case NID_id_qt_unotice:
- BIO_printf(out, "%*sUser Notice:\n", indent, "");
- print_notice(out, qualinfo->d.usernotice, indent + 2);
- break;
-
- default:
- BIO_printf(out, "%*sUnknown Qualifier: ",
- indent + 2, "");
-
- i2a_ASN1_OBJECT(out, qualinfo->pqualid);
- BIO_puts(out, "\n");
- break;
- }
- }
-}
-
-static void print_notice(BIO *out, USERNOTICE *notice, int indent)
-{
- int i;
- if(notice->noticeref) {
- NOTICEREF *ref;
- ref = notice->noticeref;
- BIO_printf(out, "%*sOrganization: %s\n", indent, "",
- ref->organization->data);
- BIO_printf(out, "%*sNumber%s: ", indent, "",
- sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
- for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
- ASN1_INTEGER *num;
- char *tmp;
- num = sk_ASN1_INTEGER_value(ref->noticenos, i);
- if(i) BIO_puts(out, ", ");
- tmp = i2s_ASN1_INTEGER(NULL, num);
- BIO_puts(out, tmp);
- OPENSSL_free(tmp);
- }
- BIO_puts(out, "\n");
- }
- if(notice->exptext)
- BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
- notice->exptext->data);
-}
-
-void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
- {
- const X509_POLICY_DATA *dat = node->data;
-
- BIO_printf(out, "%*sPolicy: ", indent, "");
-
- i2a_ASN1_OBJECT(out, dat->valid_policy);
- BIO_puts(out, "\n");
- BIO_printf(out, "%*s%s\n", indent + 2, "",
- node_data_critical(dat) ? "Critical" : "Non Critical");
- if (dat->qualifier_set)
- print_qualifiers(out, dat->qualifier_set, indent + 2);
- else
- BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
- }
-
-IMPLEMENT_STACK_OF(X509_POLICY_NODE)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_cpols.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_cpols.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_cpols.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_cpols.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,476 @@
+/* v3_cpols.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_int.h"
+
+/* Certificate policies extension support: this one is a bit complex... */
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+ BIO *out, int indent);
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, char *value);
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+ int indent);
+static void print_notice(BIO *out, USERNOTICE *notice, int indent);
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *polstrs, int ia5org);
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *unot, int ia5org);
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
+
+const X509V3_EXT_METHOD v3_cpols = {
+ NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ (X509V3_EXT_I2R)i2r_certpol,
+ (X509V3_EXT_R2I)r2i_certpol,
+ NULL
+};
+
+ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
+ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
+
+IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+
+ASN1_SEQUENCE(POLICYINFO) = {
+ ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
+ ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
+
+ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
+
+ASN1_ADB(POLICYQUALINFO) = {
+ ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
+ ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
+} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
+
+ASN1_SEQUENCE(POLICYQUALINFO) = {
+ ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
+ ASN1_ADB_OBJECT(POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYQUALINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
+
+ASN1_SEQUENCE(USERNOTICE) = {
+ ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
+ ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
+} ASN1_SEQUENCE_END(USERNOTICE)
+
+IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
+
+ASN1_SEQUENCE(NOTICEREF) = {
+ ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
+ ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(NOTICEREF)
+
+IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
+
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, char *value)
+{
+ STACK_OF(POLICYINFO) *pols = NULL;
+ char *pstr;
+ POLICYINFO *pol;
+ ASN1_OBJECT *pobj;
+ STACK_OF(CONF_VALUE) *vals;
+ CONF_VALUE *cnf;
+ int i, ia5org;
+ pols = sk_POLICYINFO_new_null();
+ if (pols == NULL) {
+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ vals = X509V3_parse_list(value);
+ if (vals == NULL) {
+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
+ goto err;
+ }
+ ia5org = 0;
+ for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+ cnf = sk_CONF_VALUE_value(vals, i);
+ if (cnf->value || !cnf->name) {
+ X509V3err(X509V3_F_R2I_CERTPOL,
+ X509V3_R_INVALID_POLICY_IDENTIFIER);
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ pstr = cnf->name;
+ if (!strcmp(pstr, "ia5org")) {
+ ia5org = 1;
+ continue;
+ } else if (*pstr == '@') {
+ STACK_OF(CONF_VALUE) *polsect;
+ polsect = X509V3_get_section(ctx, pstr + 1);
+ if (!polsect) {
+ X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_SECTION);
+
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ pol = policy_section(ctx, polsect, ia5org);
+ X509V3_section_free(ctx, polsect);
+ if (!pol)
+ goto err;
+ } else {
+ if (!(pobj = OBJ_txt2obj(cnf->name, 0))) {
+ X509V3err(X509V3_F_R2I_CERTPOL,
+ X509V3_R_INVALID_OBJECT_IDENTIFIER);
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ pol = POLICYINFO_new();
+ pol->policyid = pobj;
+ }
+ if (!sk_POLICYINFO_push(pols, pol)) {
+ POLICYINFO_free(pol);
+ X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+ return pols;
+ err:
+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+ sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
+ return NULL;
+}
+
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *polstrs, int ia5org)
+{
+ int i;
+ CONF_VALUE *cnf;
+ POLICYINFO *pol;
+ POLICYQUALINFO *qual;
+ if (!(pol = POLICYINFO_new()))
+ goto merr;
+ for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
+ cnf = sk_CONF_VALUE_value(polstrs, i);
+ if (!strcmp(cnf->name, "policyIdentifier")) {
+ ASN1_OBJECT *pobj;
+ if (!(pobj = OBJ_txt2obj(cnf->value, 0))) {
+ X509V3err(X509V3_F_POLICY_SECTION,
+ X509V3_R_INVALID_OBJECT_IDENTIFIER);
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ pol->policyid = pobj;
+
+ } else if (!name_cmp(cnf->name, "CPS")) {
+ if (!pol->qualifiers)
+ pol->qualifiers = sk_POLICYQUALINFO_new_null();
+ if (!(qual = POLICYQUALINFO_new()))
+ goto merr;
+ if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+ goto merr;
+ qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
+ qual->d.cpsuri = M_ASN1_IA5STRING_new();
+ if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
+ strlen(cnf->value)))
+ goto merr;
+ } else if (!name_cmp(cnf->name, "userNotice")) {
+ STACK_OF(CONF_VALUE) *unot;
+ if (*cnf->value != '@') {
+ X509V3err(X509V3_F_POLICY_SECTION,
+ X509V3_R_EXPECTED_A_SECTION_NAME);
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ unot = X509V3_get_section(ctx, cnf->value + 1);
+ if (!unot) {
+ X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_SECTION);
+
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ qual = notice_section(ctx, unot, ia5org);
+ X509V3_section_free(ctx, unot);
+ if (!qual)
+ goto err;
+ if (!pol->qualifiers)
+ pol->qualifiers = sk_POLICYQUALINFO_new_null();
+ if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+ goto merr;
+ } else {
+ X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OPTION);
+
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ }
+ if (!pol->policyid) {
+ X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_NO_POLICY_IDENTIFIER);
+ goto err;
+ }
+
+ return pol;
+
+ merr:
+ X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);
+
+ err:
+ POLICYINFO_free(pol);
+ return NULL;
+
+}
+
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *unot, int ia5org)
+{
+ int i, ret;
+ CONF_VALUE *cnf;
+ USERNOTICE *not;
+ POLICYQUALINFO *qual;
+ if (!(qual = POLICYQUALINFO_new()))
+ goto merr;
+ qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
+ if (!(not = USERNOTICE_new()))
+ goto merr;
+ qual->d.usernotice = not;
+ for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
+ cnf = sk_CONF_VALUE_value(unot, i);
+ if (!strcmp(cnf->name, "explicitText")) {
+ not->exptext = M_ASN1_VISIBLESTRING_new();
+ if (!ASN1_STRING_set(not->exptext, cnf->value,
+ strlen(cnf->value)))
+ goto merr;
+ } else if (!strcmp(cnf->name, "organization")) {
+ NOTICEREF *nref;
+ if (!not->noticeref) {
+ if (!(nref = NOTICEREF_new()))
+ goto merr;
+ not->noticeref = nref;
+ } else
+ nref = not->noticeref;
+ if (ia5org)
+ nref->organization->type = V_ASN1_IA5STRING;
+ else
+ nref->organization->type = V_ASN1_VISIBLESTRING;
+ if (!ASN1_STRING_set(nref->organization, cnf->value,
+ strlen(cnf->value)))
+ goto merr;
+ } else if (!strcmp(cnf->name, "noticeNumbers")) {
+ NOTICEREF *nref;
+ STACK_OF(CONF_VALUE) *nos;
+ if (!not->noticeref) {
+ if (!(nref = NOTICEREF_new()))
+ goto merr;
+ not->noticeref = nref;
+ } else
+ nref = not->noticeref;
+ nos = X509V3_parse_list(cnf->value);
+ if (!nos || !sk_CONF_VALUE_num(nos)) {
+ X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ ret = nref_nos(nref->noticenos, nos);
+ sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+ if (!ret)
+ goto err;
+ } else {
+ X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_OPTION);
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ }
+
+ if (not->noticeref &&
+ (!not->noticeref->noticenos || !not->noticeref->organization)) {
+ X509V3err(X509V3_F_NOTICE_SECTION,
+ X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
+ goto err;
+ }
+
+ return qual;
+
+ merr:
+ X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE);
+
+ err:
+ POLICYQUALINFO_free(qual);
+ return NULL;
+}
+
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
+{
+ CONF_VALUE *cnf;
+ ASN1_INTEGER *aint;
+
+ int i;
+
+ for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
+ cnf = sk_CONF_VALUE_value(nos, i);
+ if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
+ X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
+ goto err;
+ }
+ if (!sk_ASN1_INTEGER_push(nnums, aint))
+ goto merr;
+ }
+ return 1;
+
+ merr:
+ X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE);
+
+ err:
+ sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
+ return 0;
+}
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+ BIO *out, int indent)
+{
+ int i;
+ POLICYINFO *pinfo;
+ /* First print out the policy OIDs */
+ for (i = 0; i < sk_POLICYINFO_num(pol); i++) {
+ pinfo = sk_POLICYINFO_value(pol, i);
+ BIO_printf(out, "%*sPolicy: ", indent, "");
+ i2a_ASN1_OBJECT(out, pinfo->policyid);
+ BIO_puts(out, "\n");
+ if (pinfo->qualifiers)
+ print_qualifiers(out, pinfo->qualifiers, indent + 2);
+ }
+ return 1;
+}
+
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+ int indent)
+{
+ POLICYQUALINFO *qualinfo;
+ int i;
+ for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
+ qualinfo = sk_POLICYQUALINFO_value(quals, i);
+ switch (OBJ_obj2nid(qualinfo->pqualid)) {
+ case NID_id_qt_cps:
+ BIO_printf(out, "%*sCPS: %s\n", indent, "",
+ qualinfo->d.cpsuri->data);
+ break;
+
+ case NID_id_qt_unotice:
+ BIO_printf(out, "%*sUser Notice:\n", indent, "");
+ print_notice(out, qualinfo->d.usernotice, indent + 2);
+ break;
+
+ default:
+ BIO_printf(out, "%*sUnknown Qualifier: ", indent + 2, "");
+
+ i2a_ASN1_OBJECT(out, qualinfo->pqualid);
+ BIO_puts(out, "\n");
+ break;
+ }
+ }
+}
+
+static void print_notice(BIO *out, USERNOTICE *notice, int indent)
+{
+ int i;
+ if (notice->noticeref) {
+ NOTICEREF *ref;
+ ref = notice->noticeref;
+ BIO_printf(out, "%*sOrganization: %s\n", indent, "",
+ ref->organization->data);
+ BIO_printf(out, "%*sNumber%s: ", indent, "",
+ sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
+ for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
+ ASN1_INTEGER *num;
+ char *tmp;
+ num = sk_ASN1_INTEGER_value(ref->noticenos, i);
+ if (i)
+ BIO_puts(out, ", ");
+ tmp = i2s_ASN1_INTEGER(NULL, num);
+ BIO_puts(out, tmp);
+ OPENSSL_free(tmp);
+ }
+ BIO_puts(out, "\n");
+ }
+ if (notice->exptext)
+ BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
+ notice->exptext->data);
+}
+
+void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
+{
+ const X509_POLICY_DATA *dat = node->data;
+
+ BIO_printf(out, "%*sPolicy: ", indent, "");
+
+ i2a_ASN1_OBJECT(out, dat->valid_policy);
+ BIO_puts(out, "\n");
+ BIO_printf(out, "%*s%s\n", indent + 2, "",
+ node_data_critical(dat) ? "Critical" : "Non Critical");
+ if (dat->qualifier_set)
+ print_qualifiers(out, dat->qualifier_set, indent + 2);
+ else
+ BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
+}
+
+IMPLEMENT_STACK_OF(X509_POLICY_NODE)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_crld.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_crld.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_crld.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,162 +0,0 @@
-/* v3_crld.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
- STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
-static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-
-const X509V3_EXT_METHOD v3_crld = {
-NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_crld,
-(X509V3_EXT_V2I)v2i_crld,
-0,0,
-NULL
-};
-
-static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
- STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
-{
- DIST_POINT *point;
- int i;
- for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
- point = sk_DIST_POINT_value(crld, i);
- if(point->distpoint) {
- if(point->distpoint->type == 0)
- exts = i2v_GENERAL_NAMES(NULL,
- point->distpoint->name.fullname, exts);
- else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
- }
- if(point->reasons)
- X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
- if(point->CRLissuer)
- X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
- }
- return exts;
-}
-
-static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
- STACK_OF(DIST_POINT) *crld = NULL;
- GENERAL_NAMES *gens = NULL;
- GENERAL_NAME *gen = NULL;
- CONF_VALUE *cnf;
- int i;
- if(!(crld = sk_DIST_POINT_new_null())) goto merr;
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- DIST_POINT *point;
- cnf = sk_CONF_VALUE_value(nval, i);
- if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err;
- if(!(gens = GENERAL_NAMES_new())) goto merr;
- if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
- gen = NULL;
- if(!(point = DIST_POINT_new())) goto merr;
- if(!sk_DIST_POINT_push(crld, point)) {
- DIST_POINT_free(point);
- goto merr;
- }
- if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
- point->distpoint->name.fullname = gens;
- point->distpoint->type = 0;
- gens = NULL;
- }
- return crld;
-
- merr:
- X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
- err:
- GENERAL_NAME_free(gen);
- GENERAL_NAMES_free(gens);
- sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
- return NULL;
-}
-
-IMPLEMENT_STACK_OF(DIST_POINT)
-IMPLEMENT_ASN1_SET_OF(DIST_POINT)
-
-
-ASN1_CHOICE(DIST_POINT_NAME) = {
- ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
- ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
-} ASN1_CHOICE_END(DIST_POINT_NAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
-
-ASN1_SEQUENCE(DIST_POINT) = {
- ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
- ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
- ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
-} ASN1_SEQUENCE_END(DIST_POINT)
-
-IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
-
-ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
-ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
-
-IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_crld.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_crld.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_crld.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_crld.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,177 @@
+/* v3_crld.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+ STACK_OF(DIST_POINT) *crld,
+ STACK_OF(CONF_VALUE) *extlist);
+static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval);
+
+const X509V3_EXT_METHOD v3_crld = {
+ NID_crl_distribution_points, X509V3_EXT_MULTILINE,
+ ASN1_ITEM_ref(CRL_DIST_POINTS),
+ 0, 0, 0, 0,
+ 0, 0,
+ (X509V3_EXT_I2V) i2v_crld,
+ (X509V3_EXT_V2I)v2i_crld,
+ 0, 0,
+ NULL
+};
+
+static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+ STACK_OF(DIST_POINT) *crld,
+ STACK_OF(CONF_VALUE) *exts)
+{
+ DIST_POINT *point;
+ int i;
+ for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
+ point = sk_DIST_POINT_value(crld, i);
+ if (point->distpoint) {
+ if (point->distpoint->type == 0)
+ exts = i2v_GENERAL_NAMES(NULL,
+ point->distpoint->name.fullname,
+ exts);
+ else
+ X509V3_add_value("RelativeName", "<UNSUPPORTED>", &exts);
+ }
+ if (point->reasons)
+ X509V3_add_value("reasons", "<UNSUPPORTED>", &exts);
+ if (point->CRLissuer)
+ X509V3_add_value("CRLissuer", "<UNSUPPORTED>", &exts);
+ }
+ return exts;
+}
+
+static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval)
+{
+ STACK_OF(DIST_POINT) *crld = NULL;
+ GENERAL_NAMES *gens = NULL;
+ GENERAL_NAME *gen = NULL;
+ CONF_VALUE *cnf;
+ int i;
+ if (!(crld = sk_DIST_POINT_new_null()))
+ goto merr;
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ DIST_POINT *point;
+ cnf = sk_CONF_VALUE_value(nval, i);
+ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+ goto err;
+ if (!(gens = GENERAL_NAMES_new()))
+ goto merr;
+ if (!sk_GENERAL_NAME_push(gens, gen))
+ goto merr;
+ gen = NULL;
+ if (!(point = DIST_POINT_new()))
+ goto merr;
+ if (!sk_DIST_POINT_push(crld, point)) {
+ DIST_POINT_free(point);
+ goto merr;
+ }
+ if (!(point->distpoint = DIST_POINT_NAME_new()))
+ goto merr;
+ point->distpoint->name.fullname = gens;
+ point->distpoint->type = 0;
+ gens = NULL;
+ }
+ return crld;
+
+ merr:
+ X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE);
+ err:
+ GENERAL_NAME_free(gen);
+ GENERAL_NAMES_free(gens);
+ sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
+ return NULL;
+}
+
+IMPLEMENT_STACK_OF(DIST_POINT)
+
+IMPLEMENT_ASN1_SET_OF(DIST_POINT)
+
+
+ASN1_CHOICE(DIST_POINT_NAME) = {
+ ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
+ ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
+} ASN1_CHOICE_END(DIST_POINT_NAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
+
+ASN1_SEQUENCE(DIST_POINT) = {
+ ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+ ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
+ ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
+} ASN1_SEQUENCE_END(DIST_POINT)
+
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
+
+ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
+ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_enum.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_enum.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_enum.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,94 +0,0 @@
-/* v3_enum.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-
-static ENUMERATED_NAMES crl_reasons[] = {
-{0, "Unspecified", "unspecified"},
-{1, "Key Compromise", "keyCompromise"},
-{2, "CA Compromise", "CACompromise"},
-{3, "Affiliation Changed", "affiliationChanged"},
-{4, "Superseded", "superseded"},
-{5, "Cessation Of Operation", "cessationOfOperation"},
-{6, "Certificate Hold", "certificateHold"},
-{8, "Remove From CRL", "removeFromCRL"},
-{-1, NULL, NULL}
-};
-
-const X509V3_EXT_METHOD v3_crl_reason = {
-NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
-0,0,0,0,
-(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
-0,
-0,0,0,0,
-crl_reasons};
-
-
-char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
- ASN1_ENUMERATED *e)
-{
- ENUMERATED_NAMES *enam;
- long strval;
- strval = ASN1_ENUMERATED_get(e);
- for(enam = method->usr_data; enam->lname; enam++) {
- if(strval == enam->bitnum) return BUF_strdup(enam->lname);
- }
- return i2s_ASN1_ENUMERATED(method, e);
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_enum.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_enum.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_enum.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_enum.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,95 @@
+/* v3_enum.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+static ENUMERATED_NAMES crl_reasons[] = {
+ {0, "Unspecified", "unspecified"},
+ {1, "Key Compromise", "keyCompromise"},
+ {2, "CA Compromise", "CACompromise"},
+ {3, "Affiliation Changed", "affiliationChanged"},
+ {4, "Superseded", "superseded"},
+ {5, "Cessation Of Operation", "cessationOfOperation"},
+ {6, "Certificate Hold", "certificateHold"},
+ {8, "Remove From CRL", "removeFromCRL"},
+ {-1, NULL, NULL}
+};
+
+const X509V3_EXT_METHOD v3_crl_reason = {
+ NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
+ 0, 0, 0, 0,
+ (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+ 0,
+ 0, 0, 0, 0,
+ crl_reasons
+};
+
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e)
+{
+ ENUMERATED_NAMES *enam;
+ long strval;
+ strval = ASN1_ENUMERATED_get(e);
+ for (enam = method->usr_data; enam->lname; enam++) {
+ if (strval == enam->bitnum)
+ return BUF_strdup(enam->lname);
+ }
+ return i2s_ASN1_ENUMERATED(method, e);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_extku.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_extku.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_extku.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,142 +0,0 @@
-/* v3_extku.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
- void *eku, STACK_OF(CONF_VALUE) *extlist);
-
-const X509V3_EXT_METHOD v3_ext_ku = {
- NID_ext_key_usage, 0,
- ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
- 0,0,0,0,
- 0,0,
- i2v_EXTENDED_KEY_USAGE,
- v2i_EXTENDED_KEY_USAGE,
- 0,0,
- NULL
-};
-
-/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
-const X509V3_EXT_METHOD v3_ocsp_accresp = {
- NID_id_pkix_OCSP_acceptableResponses, 0,
- ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
- 0,0,0,0,
- 0,0,
- i2v_EXTENDED_KEY_USAGE,
- v2i_EXTENDED_KEY_USAGE,
- 0,0,
- NULL
-};
-
-ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
-ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
-
-IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
-
-static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
- void *a, STACK_OF(CONF_VALUE) *ext_list)
-{
- EXTENDED_KEY_USAGE *eku = a;
- int i;
- ASN1_OBJECT *obj;
- char obj_tmp[80];
- for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
- obj = sk_ASN1_OBJECT_value(eku, i);
- i2t_ASN1_OBJECT(obj_tmp, 80, obj);
- X509V3_add_value(NULL, obj_tmp, &ext_list);
- }
- return ext_list;
-}
-
-static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
- EXTENDED_KEY_USAGE *extku;
- char *extval;
- ASN1_OBJECT *objtmp;
- CONF_VALUE *val;
- int i;
-
- if(!(extku = sk_ASN1_OBJECT_new_null())) {
- X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- val = sk_CONF_VALUE_value(nval, i);
- if(val->value) extval = val->value;
- else extval = val->name;
- if(!(objtmp = OBJ_txt2obj(extval, 0))) {
- sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
- X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
- X509V3_conf_err(val);
- return NULL;
- }
- sk_ASN1_OBJECT_push(extku, objtmp);
- }
- return extku;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_extku.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_extku.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_extku.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_extku.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,151 @@
+/* v3_extku.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+ void *eku,
+ STACK_OF(CONF_VALUE)
+ *extlist);
+
+const X509V3_EXT_METHOD v3_ext_ku = {
+ NID_ext_key_usage, 0,
+ ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+ 0, 0, 0, 0,
+ 0, 0,
+ i2v_EXTENDED_KEY_USAGE,
+ v2i_EXTENDED_KEY_USAGE,
+ 0, 0,
+ NULL
+};
+
+/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
+const X509V3_EXT_METHOD v3_ocsp_accresp = {
+ NID_id_pkix_OCSP_acceptableResponses, 0,
+ ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+ 0, 0, 0, 0,
+ 0, 0,
+ i2v_EXTENDED_KEY_USAGE,
+ v2i_EXTENDED_KEY_USAGE,
+ 0, 0,
+ NULL
+};
+
+ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
+ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
+
+IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+ void *a,
+ STACK_OF(CONF_VALUE)
+ *ext_list)
+{
+ EXTENDED_KEY_USAGE *eku = a;
+ int i;
+ ASN1_OBJECT *obj;
+ char obj_tmp[80];
+ for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+ obj = sk_ASN1_OBJECT_value(eku, i);
+ i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+ X509V3_add_value(NULL, obj_tmp, &ext_list);
+ }
+ return ext_list;
+}
+
+static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval)
+{
+ EXTENDED_KEY_USAGE *extku;
+ char *extval;
+ ASN1_OBJECT *objtmp;
+ CONF_VALUE *val;
+ int i;
+
+ if (!(extku = sk_ASN1_OBJECT_new_null())) {
+ X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ val = sk_CONF_VALUE_value(nval, i);
+ if (val->value)
+ extval = val->value;
+ else
+ extval = val->name;
+ if (!(objtmp = OBJ_txt2obj(extval, 0))) {
+ sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
+ X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,
+ X509V3_R_INVALID_OBJECT_IDENTIFIER);
+ X509V3_conf_err(val);
+ return NULL;
+ }
+ sk_ASN1_OBJECT_push(extku, objtmp);
+ }
+ return extku;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_genn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_genn.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_genn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,101 +0,0 @@
-/* v3_genn.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE(OTHERNAME) = {
- ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
- /* Maybe have a true ANY DEFINED BY later */
- ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
-} ASN1_SEQUENCE_END(OTHERNAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
-
-ASN1_SEQUENCE(EDIPARTYNAME) = {
- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
-} ASN1_SEQUENCE_END(EDIPARTYNAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
-
-ASN1_CHOICE(GENERAL_NAME) = {
- ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
- ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
- ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
- /* Don't decode this */
- ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
- /* X509_NAME is a CHOICE type so use EXPLICIT */
- ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
- ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
- ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
- ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
- ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
-} ASN1_CHOICE_END(GENERAL_NAME)
-
-IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
-
-ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
-ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
-
-IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_genn.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_genn.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_genn.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_genn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,101 @@
+/* v3_genn.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(OTHERNAME) = {
+ ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
+ /* Maybe have a true ANY DEFINED BY later */
+ ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
+} ASN1_SEQUENCE_END(OTHERNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
+
+ASN1_SEQUENCE(EDIPARTYNAME) = {
+ ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+ ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+} ASN1_SEQUENCE_END(EDIPARTYNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
+
+ASN1_CHOICE(GENERAL_NAME) = {
+ ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
+ ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
+ ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
+ /* Don't decode this */
+ ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
+ /* X509_NAME is a CHOICE type so use EXPLICIT */
+ ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
+ ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
+ ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
+ ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
+ ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
+} ASN1_CHOICE_END(GENERAL_NAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
+
+ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
+ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ia5.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_ia5.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ia5.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,116 +0,0 @@
-/* v3_ia5.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
-EXT_IA5STRING(NID_netscape_base_url),
-EXT_IA5STRING(NID_netscape_revocation_url),
-EXT_IA5STRING(NID_netscape_ca_revocation_url),
-EXT_IA5STRING(NID_netscape_renewal_url),
-EXT_IA5STRING(NID_netscape_ca_policy_url),
-EXT_IA5STRING(NID_netscape_ssl_server_name),
-EXT_IA5STRING(NID_netscape_comment),
-EXT_END
-};
-
-
-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
- ASN1_IA5STRING *ia5)
-{
- char *tmp;
- if(!ia5 || !ia5->length) return NULL;
- if(!(tmp = OPENSSL_malloc(ia5->length + 1))) {
- X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- memcpy(tmp, ia5->data, ia5->length);
- tmp[ia5->length] = 0;
- return tmp;
-}
-
-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *str)
-{
- ASN1_IA5STRING *ia5;
- if(!str) {
- X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
- return NULL;
- }
- if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
- if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
- strlen(str))) {
- M_ASN1_IA5STRING_free(ia5);
- goto err;
- }
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(ia5->data, ia5->data, ia5->length);
-#endif /*CHARSET_EBCDIC*/
- return ia5;
- err:
- X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
- return NULL;
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ia5.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_ia5.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ia5.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ia5.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,119 @@
+/* v3_ia5.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+ ASN1_IA5STRING *ia5);
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, char *str);
+const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
+ EXT_IA5STRING(NID_netscape_base_url),
+ EXT_IA5STRING(NID_netscape_revocation_url),
+ EXT_IA5STRING(NID_netscape_ca_revocation_url),
+ EXT_IA5STRING(NID_netscape_renewal_url),
+ EXT_IA5STRING(NID_netscape_ca_policy_url),
+ EXT_IA5STRING(NID_netscape_ssl_server_name),
+ EXT_IA5STRING(NID_netscape_comment),
+ EXT_END
+};
+
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+ ASN1_IA5STRING *ia5)
+{
+ char *tmp;
+ if (!ia5 || !ia5->length)
+ return NULL;
+ if (!(tmp = OPENSSL_malloc(ia5->length + 1))) {
+ X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ memcpy(tmp, ia5->data, ia5->length);
+ tmp[ia5->length] = 0;
+ return tmp;
+}
+
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, char *str)
+{
+ ASN1_IA5STRING *ia5;
+ if (!str) {
+ X509V3err(X509V3_F_S2I_ASN1_IA5STRING,
+ X509V3_R_INVALID_NULL_ARGUMENT);
+ return NULL;
+ }
+ if (!(ia5 = M_ASN1_IA5STRING_new()))
+ goto err;
+ if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str,
+ strlen(str))) {
+ M_ASN1_IA5STRING_free(ia5);
+ goto err;
+ }
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(ia5->data, ia5->data, ia5->length);
+#endif /* CHARSET_EBCDIC */
+ return ia5;
+ err:
+ X509V3err(X509V3_F_S2I_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
+ return NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_info.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_info.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_info.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,193 +0,0 @@
-/* v3_info.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
- AUTHORITY_INFO_ACCESS *ainfo,
- STACK_OF(CONF_VALUE) *ret);
-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-
-const X509V3_EXT_METHOD v3_info =
-{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
-(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
-0,0,
-NULL};
-
-const X509V3_EXT_METHOD v3_sinfo =
-{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
-(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
-0,0,
-NULL};
-
-ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
- ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
- ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
-} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
-
-IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
-
-ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
-ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
-
-IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
-
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
- AUTHORITY_INFO_ACCESS *ainfo,
- STACK_OF(CONF_VALUE) *ret)
-{
- ACCESS_DESCRIPTION *desc;
- int i,nlen;
- char objtmp[80], *ntmp;
- CONF_VALUE *vtmp;
- for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
- desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
- ret = i2v_GENERAL_NAME(method, desc->location, ret);
- if(!ret) break;
- vtmp = sk_CONF_VALUE_value(ret, i);
- i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
- nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
- ntmp = OPENSSL_malloc(nlen);
- if(!ntmp) {
- X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
- ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- BUF_strlcpy(ntmp, objtmp, nlen);
- BUF_strlcat(ntmp, " - ", nlen);
- BUF_strlcat(ntmp, vtmp->name, nlen);
- OPENSSL_free(vtmp->name);
- vtmp->name = ntmp;
-
- }
- if(!ret) return sk_CONF_VALUE_new_null();
- return ret;
-}
-
-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
- AUTHORITY_INFO_ACCESS *ainfo = NULL;
- CONF_VALUE *cnf, ctmp;
- ACCESS_DESCRIPTION *acc;
- int i, objlen;
- char *objtmp, *ptmp;
- if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- cnf = sk_CONF_VALUE_value(nval, i);
- if(!(acc = ACCESS_DESCRIPTION_new())
- || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ptmp = strchr(cnf->name, ';');
- if(!ptmp) {
- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_INVALID_SYNTAX);
- goto err;
- }
- objlen = ptmp - cnf->name;
- ctmp.name = ptmp + 1;
- ctmp.value = cnf->value;
- if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
- goto err;
- if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- strncpy(objtmp, cnf->name, objlen);
- objtmp[objlen] = 0;
- acc->method = OBJ_txt2obj(objtmp, 0);
- if(!acc->method) {
- X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_BAD_OBJECT);
- ERR_add_error_data(2, "value=", objtmp);
- OPENSSL_free(objtmp);
- goto err;
- }
- OPENSSL_free(objtmp);
-
- }
- return ainfo;
- err:
- sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
- return NULL;
-}
-
-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
- {
- i2a_ASN1_OBJECT(bp, a->method);
-#ifdef UNDEF
- i2a_GENERAL_NAME(bp, a->location);
-#endif
- return 2;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_info.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_info.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_info.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_info.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,210 @@
+/* v3_info.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+ *method, AUTHORITY_INFO_ACCESS
+ *ainfo, STACK_OF(CONF_VALUE)
+ *ret);
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+ *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE)
+ *nval);
+
+const X509V3_EXT_METHOD v3_info = { NID_info_access, X509V3_EXT_MULTILINE,
+ ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+ 0, 0, 0, 0,
+ 0, 0,
+ (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS,
+ (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+ 0, 0,
+ NULL
+};
+
+const X509V3_EXT_METHOD v3_sinfo = { NID_sinfo_access, X509V3_EXT_MULTILINE,
+ ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+ 0, 0, 0, 0,
+ 0, 0,
+ (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS,
+ (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+ 0, 0,
+ NULL
+};
+
+ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
+ ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
+ ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
+} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
+
+IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+
+ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
+ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+ *method, AUTHORITY_INFO_ACCESS
+ *ainfo, STACK_OF(CONF_VALUE)
+ *ret)
+{
+ ACCESS_DESCRIPTION *desc;
+ int i, nlen;
+ char objtmp[80], *ntmp;
+ CONF_VALUE *vtmp;
+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
+ desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
+ ret = i2v_GENERAL_NAME(method, desc->location, ret);
+ if (!ret)
+ break;
+ vtmp = sk_CONF_VALUE_value(ret, i);
+ i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
+ nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
+ ntmp = OPENSSL_malloc(nlen);
+ if (!ntmp) {
+ X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
+ ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ BUF_strlcpy(ntmp, objtmp, nlen);
+ BUF_strlcat(ntmp, " - ", nlen);
+ BUF_strlcat(ntmp, vtmp->name, nlen);
+ OPENSSL_free(vtmp->name);
+ vtmp->name = ntmp;
+
+ }
+ if (!ret)
+ return sk_CONF_VALUE_new_null();
+ return ret;
+}
+
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+ *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE)
+ *nval)
+{
+ AUTHORITY_INFO_ACCESS *ainfo = NULL;
+ CONF_VALUE *cnf, ctmp;
+ ACCESS_DESCRIPTION *acc;
+ int i, objlen;
+ char *objtmp, *ptmp;
+ if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
+ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ cnf = sk_CONF_VALUE_value(nval, i);
+ if (!(acc = ACCESS_DESCRIPTION_new())
+ || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
+ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ptmp = strchr(cnf->name, ';');
+ if (!ptmp) {
+ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+ X509V3_R_INVALID_SYNTAX);
+ goto err;
+ }
+ objlen = ptmp - cnf->name;
+ ctmp.name = ptmp + 1;
+ ctmp.value = cnf->value;
+ if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
+ goto err;
+ if (!(objtmp = OPENSSL_malloc(objlen + 1))) {
+ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ strncpy(objtmp, cnf->name, objlen);
+ objtmp[objlen] = 0;
+ acc->method = OBJ_txt2obj(objtmp, 0);
+ if (!acc->method) {
+ X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+ X509V3_R_BAD_OBJECT);
+ ERR_add_error_data(2, "value=", objtmp);
+ OPENSSL_free(objtmp);
+ goto err;
+ }
+ OPENSSL_free(objtmp);
+
+ }
+ return ainfo;
+ err:
+ sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
+ return NULL;
+}
+
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a)
+{
+ i2a_ASN1_OBJECT(bp, a->method);
+#ifdef UNDEF
+ i2a_GENERAL_NAME(bp, a->location);
+#endif
+ return 2;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_int.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_int.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_int.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,89 +0,0 @@
-/* v3_int.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-
-const X509V3_EXT_METHOD v3_crl_num = {
- NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
- 0,0,0,0,
- (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
- 0,
- 0,0,0,0, NULL};
-
-const X509V3_EXT_METHOD v3_delta_crl = {
- NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
- 0,0,0,0,
- (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
- 0,
- 0,0,0,0, NULL};
-
-static void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value)
- {
- return s2i_ASN1_INTEGER(meth, value);
- }
-
-const X509V3_EXT_METHOD v3_inhibit_anyp = {
- NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
- 0,0,0,0,
- (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
- (X509V3_EXT_S2I)s2i_asn1_int,
- 0,0,0,0, NULL};
-
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_int.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_int.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_int.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_int.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,92 @@
+/* v3_int.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+const X509V3_EXT_METHOD v3_crl_num = {
+ NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+ 0, 0, 0, 0,
+ (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+ 0,
+ 0, 0, 0, 0, NULL
+};
+
+const X509V3_EXT_METHOD v3_delta_crl = {
+ NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+ 0, 0, 0, 0,
+ (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+ 0,
+ 0, 0, 0, 0, NULL
+};
+
+static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx,
+ char *value)
+{
+ return s2i_ASN1_INTEGER(meth, value);
+}
+
+const X509V3_EXT_METHOD v3_inhibit_anyp = {
+ NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+ 0, 0, 0, 0,
+ (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+ (X509V3_EXT_S2I)s2i_asn1_int,
+ 0, 0, 0, 0, NULL
+};
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_lib.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,303 +0,0 @@
-/* v3_lib.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* X509 v3 extension utilities */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-#include "ext_dat.h"
-
-static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
-
-static int ext_cmp(const X509V3_EXT_METHOD * const *a,
- const X509V3_EXT_METHOD * const *b);
-static void ext_list_free(X509V3_EXT_METHOD *ext);
-
-int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
-{
- if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
- X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
- X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- return 1;
-}
-
-static int ext_cmp(const X509V3_EXT_METHOD * const *a,
- const X509V3_EXT_METHOD * const *b)
-{
- return ((*a)->ext_nid - (*b)->ext_nid);
-}
-
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
-{
- X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
- int idx;
- if(nid < 0) return NULL;
- tmp.ext_nid = nid;
- ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
- (char *)standard_exts, STANDARD_EXTENSION_COUNT,
- sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
- if(ret) return *ret;
- if(!ext_list) return NULL;
- idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
- if(idx == -1) return NULL;
- return sk_X509V3_EXT_METHOD_value(ext_list, idx);
-}
-
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
-{
- int nid;
- if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
- return X509V3_EXT_get_nid(nid);
-}
-
-
-int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
-{
- for(;extlist->ext_nid!=-1;extlist++)
- if(!X509V3_EXT_add(extlist)) return 0;
- return 1;
-}
-
-int X509V3_EXT_add_alias(int nid_to, int nid_from)
-{
- X509V3_EXT_METHOD *ext, *tmpext;
- if(!(ext = X509V3_EXT_get_nid(nid_from))) {
- X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
- return 0;
- }
- if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
- X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- *tmpext = *ext;
- tmpext->ext_nid = nid_to;
- tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
- return X509V3_EXT_add(tmpext);
-}
-
-void X509V3_EXT_cleanup(void)
-{
- sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
- ext_list = NULL;
-}
-
-static void ext_list_free(X509V3_EXT_METHOD *ext)
-{
- if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);
-}
-
-/* Legacy function: we don't need to add standard extensions
- * any more because they are now kept in ext_dat.h.
- */
-
-int X509V3_add_standard_extensions(void)
-{
- return 1;
-}
-
-/* Return an extension internal structure */
-
-void *X509V3_EXT_d2i(X509_EXTENSION *ext)
-{
- X509V3_EXT_METHOD *method;
- const unsigned char *p;
-
- if(!(method = X509V3_EXT_get(ext))) return NULL;
- p = ext->value->data;
- if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
- return method->d2i(NULL, &p, ext->value->length);
-}
-
-/* Get critical flag and decoded version of extension from a NID.
- * The "idx" variable returns the last found extension and can
- * be used to retrieve multiple extensions of the same NID.
- * However multiple extensions with the same NID is usually
- * due to a badly encoded certificate so if idx is NULL we
- * choke if multiple extensions exist.
- * The "crit" variable is set to the critical value.
- * The return value is the decoded extension or NULL on
- * error. The actual error can have several different causes,
- * the value of *crit reflects the cause:
- * >= 0, extension found but not decoded (reflects critical value).
- * -1 extension not found.
- * -2 extension occurs more than once.
- */
-
-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
-{
- int lastpos, i;
- X509_EXTENSION *ex, *found_ex = NULL;
- if(!x) {
- if(idx) *idx = -1;
- if(crit) *crit = -1;
- return NULL;
- }
- if(idx) lastpos = *idx + 1;
- else lastpos = 0;
- if(lastpos < 0) lastpos = 0;
- for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
- {
- ex = sk_X509_EXTENSION_value(x, i);
- if(OBJ_obj2nid(ex->object) == nid) {
- if(idx) {
- *idx = i;
- found_ex = ex;
- break;
- } else if(found_ex) {
- /* Found more than one */
- if(crit) *crit = -2;
- return NULL;
- }
- found_ex = ex;
- }
- }
- if(found_ex) {
- /* Found it */
- if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
- return X509V3_EXT_d2i(found_ex);
- }
-
- /* Extension not found */
- if(idx) *idx = -1;
- if(crit) *crit = -1;
- return NULL;
-}
-
-/* This function is a general extension append, replace and delete utility.
- * The precise operation is governed by the 'flags' value. The 'crit' and
- * 'value' arguments (if relevant) are the extensions internal structure.
- */
-
-int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
- int crit, unsigned long flags)
-{
- int extidx = -1;
- int errcode;
- X509_EXTENSION *ext, *extmp;
- unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
-
- /* If appending we don't care if it exists, otherwise
- * look for existing extension.
- */
- if(ext_op != X509V3_ADD_APPEND)
- extidx = X509v3_get_ext_by_NID(*x, nid, -1);
-
- /* See if extension exists */
- if(extidx >= 0) {
- /* If keep existing, nothing to do */
- if(ext_op == X509V3_ADD_KEEP_EXISTING)
- return 1;
- /* If default then its an error */
- if(ext_op == X509V3_ADD_DEFAULT) {
- errcode = X509V3_R_EXTENSION_EXISTS;
- goto err;
- }
- /* If delete, just delete it */
- if(ext_op == X509V3_ADD_DELETE) {
- if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
- return 1;
- }
- } else {
- /* If replace existing or delete, error since
- * extension must exist
- */
- if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
- (ext_op == X509V3_ADD_DELETE)) {
- errcode = X509V3_R_EXTENSION_NOT_FOUND;
- goto err;
- }
- }
-
- /* If we get this far then we have to create an extension:
- * could have some flags for alternative encoding schemes...
- */
-
- ext = X509V3_EXT_i2d(nid, crit, value);
-
- if(!ext) {
- X509V3err(X509V3_F_X509V3_ADD1_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
- return 0;
- }
-
- /* If extension exists replace it.. */
- if(extidx >= 0) {
- extmp = sk_X509_EXTENSION_value(*x, extidx);
- X509_EXTENSION_free(extmp);
- if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
- return 1;
- }
-
- if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
- if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
-
- return 1;
-
- err:
- if(!(flags & X509V3_ADD_SILENT))
- X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
- return 0;
-}
-
-IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_lib.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,339 @@
+/* v3_lib.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+#include "ext_dat.h"
+
+static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
+
+static int ext_cmp(const X509V3_EXT_METHOD *const *a,
+ const X509V3_EXT_METHOD *const *b);
+static void ext_list_free(X509V3_EXT_METHOD *ext);
+
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
+{
+ if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
+ X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
+ X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return 1;
+}
+
+static int ext_cmp(const X509V3_EXT_METHOD *const *a,
+ const X509V3_EXT_METHOD *const *b)
+{
+ return ((*a)->ext_nid - (*b)->ext_nid);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+{
+ X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
+ int idx;
+ if (nid < 0)
+ return NULL;
+ tmp.ext_nid = nid;
+ ret = (X509V3_EXT_METHOD **)OBJ_bsearch((char *)&t,
+ (char *)standard_exts,
+ STANDARD_EXTENSION_COUNT,
+ sizeof(X509V3_EXT_METHOD *),
+ (int (*)
+ (const void *,
+ const void *))ext_cmp);
+ if (ret)
+ return *ret;
+ if (!ext_list)
+ return NULL;
+ idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
+ if (idx == -1)
+ return NULL;
+ return sk_X509V3_EXT_METHOD_value(ext_list, idx);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+{
+ int nid;
+ if ((nid = OBJ_obj2nid(ext->object)) == NID_undef)
+ return NULL;
+ return X509V3_EXT_get_nid(nid);
+}
+
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
+{
+ for (; extlist->ext_nid != -1; extlist++)
+ if (!X509V3_EXT_add(extlist))
+ return 0;
+ return 1;
+}
+
+int X509V3_EXT_add_alias(int nid_to, int nid_from)
+{
+ X509V3_EXT_METHOD *ext, *tmpext;
+ if (!(ext = X509V3_EXT_get_nid(nid_from))) {
+ X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,
+ X509V3_R_EXTENSION_NOT_FOUND);
+ return 0;
+ }
+ if (!
+ (tmpext =
+ (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
+ X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ *tmpext = *ext;
+ tmpext->ext_nid = nid_to;
+ tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
+ return X509V3_EXT_add(tmpext);
+}
+
+void X509V3_EXT_cleanup(void)
+{
+ sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
+ ext_list = NULL;
+}
+
+static void ext_list_free(X509V3_EXT_METHOD *ext)
+{
+ if (ext->ext_flags & X509V3_EXT_DYNAMIC)
+ OPENSSL_free(ext);
+}
+
+/*
+ * Legacy function: we don't need to add standard extensions any more because
+ * they are now kept in ext_dat.h.
+ */
+
+int X509V3_add_standard_extensions(void)
+{
+ return 1;
+}
+
+/* Return an extension internal structure */
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext)
+{
+ X509V3_EXT_METHOD *method;
+ const unsigned char *p;
+
+ if (!(method = X509V3_EXT_get(ext)))
+ return NULL;
+ p = ext->value->data;
+ if (method->it)
+ return ASN1_item_d2i(NULL, &p, ext->value->length,
+ ASN1_ITEM_ptr(method->it));
+ return method->d2i(NULL, &p, ext->value->length);
+}
+
+/*-
+ * Get critical flag and decoded version of extension from a NID.
+ * The "idx" variable returns the last found extension and can
+ * be used to retrieve multiple extensions of the same NID.
+ * However multiple extensions with the same NID is usually
+ * due to a badly encoded certificate so if idx is NULL we
+ * choke if multiple extensions exist.
+ * The "crit" variable is set to the critical value.
+ * The return value is the decoded extension or NULL on
+ * error. The actual error can have several different causes,
+ * the value of *crit reflects the cause:
+ * >= 0, extension found but not decoded (reflects critical value).
+ * -1 extension not found.
+ * -2 extension occurs more than once.
+ */
+
+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+ int *idx)
+{
+ int lastpos, i;
+ X509_EXTENSION *ex, *found_ex = NULL;
+ if (!x) {
+ if (idx)
+ *idx = -1;
+ if (crit)
+ *crit = -1;
+ return NULL;
+ }
+ if (idx)
+ lastpos = *idx + 1;
+ else
+ lastpos = 0;
+ if (lastpos < 0)
+ lastpos = 0;
+ for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) {
+ ex = sk_X509_EXTENSION_value(x, i);
+ if (OBJ_obj2nid(ex->object) == nid) {
+ if (idx) {
+ *idx = i;
+ found_ex = ex;
+ break;
+ } else if (found_ex) {
+ /* Found more than one */
+ if (crit)
+ *crit = -2;
+ return NULL;
+ }
+ found_ex = ex;
+ }
+ }
+ if (found_ex) {
+ /* Found it */
+ if (crit)
+ *crit = X509_EXTENSION_get_critical(found_ex);
+ return X509V3_EXT_d2i(found_ex);
+ }
+
+ /* Extension not found */
+ if (idx)
+ *idx = -1;
+ if (crit)
+ *crit = -1;
+ return NULL;
+}
+
+/*
+ * This function is a general extension append, replace and delete utility.
+ * The precise operation is governed by the 'flags' value. The 'crit' and
+ * 'value' arguments (if relevant) are the extensions internal structure.
+ */
+
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+ int crit, unsigned long flags)
+{
+ int extidx = -1;
+ int errcode;
+ X509_EXTENSION *ext, *extmp;
+ unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
+
+ /*
+ * If appending we don't care if it exists, otherwise look for existing
+ * extension.
+ */
+ if (ext_op != X509V3_ADD_APPEND)
+ extidx = X509v3_get_ext_by_NID(*x, nid, -1);
+
+ /* See if extension exists */
+ if (extidx >= 0) {
+ /* If keep existing, nothing to do */
+ if (ext_op == X509V3_ADD_KEEP_EXISTING)
+ return 1;
+ /* If default then its an error */
+ if (ext_op == X509V3_ADD_DEFAULT) {
+ errcode = X509V3_R_EXTENSION_EXISTS;
+ goto err;
+ }
+ /* If delete, just delete it */
+ if (ext_op == X509V3_ADD_DELETE) {
+ if (!sk_X509_EXTENSION_delete(*x, extidx))
+ return -1;
+ return 1;
+ }
+ } else {
+ /*
+ * If replace existing or delete, error since extension must exist
+ */
+ if ((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
+ (ext_op == X509V3_ADD_DELETE)) {
+ errcode = X509V3_R_EXTENSION_NOT_FOUND;
+ goto err;
+ }
+ }
+
+ /*
+ * If we get this far then we have to create an extension: could have
+ * some flags for alternative encoding schemes...
+ */
+
+ ext = X509V3_EXT_i2d(nid, crit, value);
+
+ if (!ext) {
+ X509V3err(X509V3_F_X509V3_ADD1_I2D,
+ X509V3_R_ERROR_CREATING_EXTENSION);
+ return 0;
+ }
+
+ /* If extension exists replace it.. */
+ if (extidx >= 0) {
+ extmp = sk_X509_EXTENSION_value(*x, extidx);
+ X509_EXTENSION_free(extmp);
+ if (!sk_X509_EXTENSION_set(*x, extidx, ext))
+ return -1;
+ return 1;
+ }
+
+ if (!*x && !(*x = sk_X509_EXTENSION_new_null()))
+ return -1;
+ if (!sk_X509_EXTENSION_push(*x, ext))
+ return -1;
+
+ return 1;
+
+ err:
+ if (!(flags & X509V3_ADD_SILENT))
+ X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
+ return 0;
+}
+
+IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ncons.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_ncons.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ncons.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,219 +0,0 @@
-/* v3_ncons.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
- void *a, BIO *bp, int ind);
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
- STACK_OF(GENERAL_SUBTREE) *trees,
- BIO *bp, int ind, char *name);
-static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
-
-const X509V3_EXT_METHOD v3_name_constraints = {
- NID_name_constraints, 0,
- ASN1_ITEM_ref(NAME_CONSTRAINTS),
- 0,0,0,0,
- 0,0,
- 0, v2i_NAME_CONSTRAINTS,
- i2r_NAME_CONSTRAINTS,0,
- NULL
-};
-
-ASN1_SEQUENCE(GENERAL_SUBTREE) = {
- ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
- ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
- ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1)
-} ASN1_SEQUENCE_END(GENERAL_SUBTREE)
-
-ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
- ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
- GENERAL_SUBTREE, 0),
- ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
- GENERAL_SUBTREE, 1),
-} ASN1_SEQUENCE_END(NAME_CONSTRAINTS)
-
-
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
-
-static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
- {
- int i;
- CONF_VALUE tval, *val;
- STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
- NAME_CONSTRAINTS *ncons = NULL;
- GENERAL_SUBTREE *sub = NULL;
- ncons = NAME_CONSTRAINTS_new();
- if (!ncons)
- goto memerr;
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
- {
- val = sk_CONF_VALUE_value(nval, i);
- if (!strncmp(val->name, "permitted", 9) && val->name[9])
- {
- ptree = &ncons->permittedSubtrees;
- tval.name = val->name + 10;
- }
- else if (!strncmp(val->name, "excluded", 8) && val->name[8])
- {
- ptree = &ncons->excludedSubtrees;
- tval.name = val->name + 9;
- }
- else
- {
- X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);
- goto err;
- }
- tval.value = val->value;
- sub = GENERAL_SUBTREE_new();
- if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
- goto err;
- if (!*ptree)
- *ptree = sk_GENERAL_SUBTREE_new_null();
- if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
- goto memerr;
- sub = NULL;
- }
-
- return ncons;
-
- memerr:
- X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
- err:
- if (ncons)
- NAME_CONSTRAINTS_free(ncons);
- if (sub)
- GENERAL_SUBTREE_free(sub);
-
- return NULL;
- }
-
-
-
-
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
- void *a, BIO *bp, int ind)
- {
- NAME_CONSTRAINTS *ncons = a;
- do_i2r_name_constraints(method, ncons->permittedSubtrees,
- bp, ind, "Permitted");
- do_i2r_name_constraints(method, ncons->excludedSubtrees,
- bp, ind, "Excluded");
- return 1;
- }
-
-static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
- STACK_OF(GENERAL_SUBTREE) *trees,
- BIO *bp, int ind, char *name)
- {
- GENERAL_SUBTREE *tree;
- int i;
- if (sk_GENERAL_SUBTREE_num(trees) > 0)
- BIO_printf(bp, "%*s%s:\n", ind, "", name);
- for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++)
- {
- tree = sk_GENERAL_SUBTREE_value(trees, i);
- BIO_printf(bp, "%*s", ind + 2, "");
- if (tree->base->type == GEN_IPADD)
- print_nc_ipadd(bp, tree->base->d.ip);
- else
- GENERAL_NAME_print(bp, tree->base);
- BIO_puts(bp, "\n");
- }
- return 1;
- }
-
-static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
- {
- int i, len;
- unsigned char *p;
- p = ip->data;
- len = ip->length;
- BIO_puts(bp, "IP:");
- if(len == 8)
- {
- BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",
- p[0], p[1], p[2], p[3],
- p[4], p[5], p[6], p[7]);
- }
- else if(len == 32)
- {
- for (i = 0; i < 16; i++)
- {
- BIO_printf(bp, "%X", p[0] << 8 | p[1]);
- p += 2;
- if (i == 7)
- BIO_puts(bp, "/");
- else if (i != 15)
- BIO_puts(bp, ":");
- }
- }
- else
- BIO_printf(bp, "IP Address:<invalid>");
- return 1;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ncons.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_ncons.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ncons.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ncons.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,203 @@
+/* v3_ncons.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, void *a, BIO *bp,
+ int ind);
+static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
+ STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp,
+ int ind, char *name);
+static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
+
+const X509V3_EXT_METHOD v3_name_constraints = {
+ NID_name_constraints, 0,
+ ASN1_ITEM_ref(NAME_CONSTRAINTS),
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, v2i_NAME_CONSTRAINTS,
+ i2r_NAME_CONSTRAINTS, 0,
+ NULL
+};
+
+ASN1_SEQUENCE(GENERAL_SUBTREE) = {
+ ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
+ ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
+ ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1)
+} ASN1_SEQUENCE_END(GENERAL_SUBTREE)
+
+ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
+ ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
+ GENERAL_SUBTREE, 0),
+ ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
+ GENERAL_SUBTREE, 1),
+} ASN1_SEQUENCE_END(NAME_CONSTRAINTS)
+
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+
+static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+ int i;
+ CONF_VALUE tval, *val;
+ STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
+ NAME_CONSTRAINTS *ncons = NULL;
+ GENERAL_SUBTREE *sub = NULL;
+ ncons = NAME_CONSTRAINTS_new();
+ if (!ncons)
+ goto memerr;
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ val = sk_CONF_VALUE_value(nval, i);
+ if (!strncmp(val->name, "permitted", 9) && val->name[9]) {
+ ptree = &ncons->permittedSubtrees;
+ tval.name = val->name + 10;
+ } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) {
+ ptree = &ncons->excludedSubtrees;
+ tval.name = val->name + 9;
+ } else {
+ X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);
+ goto err;
+ }
+ tval.value = val->value;
+ sub = GENERAL_SUBTREE_new();
+ if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
+ goto err;
+ if (!*ptree)
+ *ptree = sk_GENERAL_SUBTREE_new_null();
+ if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
+ goto memerr;
+ sub = NULL;
+ }
+
+ return ncons;
+
+ memerr:
+ X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+ err:
+ if (ncons)
+ NAME_CONSTRAINTS_free(ncons);
+ if (sub)
+ GENERAL_SUBTREE_free(sub);
+
+ return NULL;
+}
+
+static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
+ void *a, BIO *bp, int ind)
+{
+ NAME_CONSTRAINTS *ncons = a;
+ do_i2r_name_constraints(method, ncons->permittedSubtrees,
+ bp, ind, "Permitted");
+ do_i2r_name_constraints(method, ncons->excludedSubtrees,
+ bp, ind, "Excluded");
+ return 1;
+}
+
+static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
+ STACK_OF(GENERAL_SUBTREE) *trees,
+ BIO *bp, int ind, char *name)
+{
+ GENERAL_SUBTREE *tree;
+ int i;
+ if (sk_GENERAL_SUBTREE_num(trees) > 0)
+ BIO_printf(bp, "%*s%s:\n", ind, "", name);
+ for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) {
+ tree = sk_GENERAL_SUBTREE_value(trees, i);
+ BIO_printf(bp, "%*s", ind + 2, "");
+ if (tree->base->type == GEN_IPADD)
+ print_nc_ipadd(bp, tree->base->d.ip);
+ else
+ GENERAL_NAME_print(bp, tree->base);
+ BIO_puts(bp, "\n");
+ }
+ return 1;
+}
+
+static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
+{
+ int i, len;
+ unsigned char *p;
+ p = ip->data;
+ len = ip->length;
+ BIO_puts(bp, "IP:");
+ if (len == 8) {
+ BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",
+ p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
+ } else if (len == 32) {
+ for (i = 0; i < 16; i++) {
+ BIO_printf(bp, "%X", p[0] << 8 | p[1]);
+ p += 2;
+ if (i == 7)
+ BIO_puts(bp, "/");
+ else if (i != 15)
+ BIO_puts(bp, ":");
+ }
+ } else
+ BIO_printf(bp, "IP Address:<invalid>");
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ocsp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_ocsp.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ocsp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,275 +0,0 @@
-/* v3_ocsp.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef OPENSSL_NO_OCSP
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/ocsp.h>
-#include <openssl/x509v3.h>
-
-/* OCSP extensions and a couple of CRL entry extensions
- */
-
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
-
-static void *ocsp_nonce_new(void);
-static int i2d_ocsp_nonce(void *a, unsigned char **pp);
-static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
-static void ocsp_nonce_free(void *a);
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
-
-const X509V3_EXT_METHOD v3_ocsp_crlid = {
- NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_ocsp_crlid,0,
- NULL
-};
-
-const X509V3_EXT_METHOD v3_ocsp_acutoff = {
- NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_ocsp_acutoff,0,
- NULL
-};
-
-const X509V3_EXT_METHOD v3_crl_invdate = {
- NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_ocsp_acutoff,0,
- NULL
-};
-
-const X509V3_EXT_METHOD v3_crl_hold = {
- NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_object,0,
- NULL
-};
-
-const X509V3_EXT_METHOD v3_ocsp_nonce = {
- NID_id_pkix_OCSP_Nonce, 0, NULL,
- ocsp_nonce_new,
- ocsp_nonce_free,
- d2i_ocsp_nonce,
- i2d_ocsp_nonce,
- 0,0,
- 0,0,
- i2r_ocsp_nonce,0,
- NULL
-};
-
-const X509V3_EXT_METHOD v3_ocsp_nocheck = {
- NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
- 0,0,0,0,
- 0,s2i_ocsp_nocheck,
- 0,0,
- i2r_ocsp_nocheck,0,
- NULL
-};
-
-const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
- NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
- 0,0,0,0,
- 0,0,
- 0,0,
- i2r_ocsp_serviceloc,0,
- NULL
-};
-
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
-{
- OCSP_CRLID *a = in;
- if (a->crlUrl)
- {
- if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err;
- if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
- if (BIO_write(bp, "\n", 1) <= 0) goto err;
- }
- if (a->crlNum)
- {
- if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err;
- if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err;
- if (BIO_write(bp, "\n", 1) <= 0) goto err;
- }
- if (a->crlTime)
- {
- if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err;
- if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
- if (BIO_write(bp, "\n", 1) <= 0) goto err;
- }
- return 1;
- err:
- return 0;
-}
-
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
-{
- if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
- if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
- return 1;
-}
-
-
-static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
-{
- if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
- if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0;
- return 1;
-}
-
-/* OCSP nonce. This is needs special treatment because it doesn't have
- * an ASN1 encoding at all: it just contains arbitrary data.
- */
-
-static void *ocsp_nonce_new(void)
-{
- return ASN1_OCTET_STRING_new();
-}
-
-static int i2d_ocsp_nonce(void *a, unsigned char **pp)
-{
- ASN1_OCTET_STRING *os = a;
- if(pp) {
- memcpy(*pp, os->data, os->length);
- *pp += os->length;
- }
- return os->length;
-}
-
-static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
-{
- ASN1_OCTET_STRING *os, **pos;
- pos = a;
- if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
- else os = *pos;
- if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
-
- *pp += length;
-
- if(pos) *pos = os;
- return os;
-
- err:
- if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
- OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
- return NULL;
-}
-
-static void ocsp_nonce_free(void *a)
-{
- M_ASN1_OCTET_STRING_free(a);
-}
-
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
-{
- if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
- if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
- return 1;
-}
-
-/* Nocheck is just a single NULL. Don't print anything and always set it */
-
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
-{
- return 1;
-}
-
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
-{
- return ASN1_NULL_new();
-}
-
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
- {
- int i;
- OCSP_SERVICELOC *a = in;
- ACCESS_DESCRIPTION *ad;
-
- if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
- if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
- {
- ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
- if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0)
- goto err;
- if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
- if(BIO_puts(bp, " - ") <= 0) goto err;
- if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
- }
- return 1;
-err:
- return 0;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ocsp.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_ocsp.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ocsp.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_ocsp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,311 @@
+/* v3_ocsp.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef OPENSSL_NO_OCSP
+
+# include <stdio.h>
+# include "cryptlib.h"
+# include <openssl/conf.h>
+# include <openssl/asn1.h>
+# include <openssl/ocsp.h>
+# include <openssl/x509v3.h>
+
+/*
+ * OCSP extensions and a couple of CRL entry extensions
+ */
+
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out,
+ int indent);
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out,
+ int indent);
+static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out,
+ int indent);
+
+static void *ocsp_nonce_new(void);
+static int i2d_ocsp_nonce(void *a, unsigned char **pp);
+static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
+static void ocsp_nonce_free(void *a);
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out,
+ int indent);
+
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck,
+ BIO *out, int indent);
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ const char *str);
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp,
+ int ind);
+
+const X509V3_EXT_METHOD v3_ocsp_crlid = {
+ NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_crlid, 0,
+ NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_acutoff = {
+ NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_acutoff, 0,
+ NULL
+};
+
+const X509V3_EXT_METHOD v3_crl_invdate = {
+ NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_acutoff, 0,
+ NULL
+};
+
+const X509V3_EXT_METHOD v3_crl_hold = {
+ NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_object, 0,
+ NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_nonce = {
+ NID_id_pkix_OCSP_Nonce, 0, NULL,
+ ocsp_nonce_new,
+ ocsp_nonce_free,
+ d2i_ocsp_nonce,
+ i2d_ocsp_nonce,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_nonce, 0,
+ NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_nocheck = {
+ NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
+ 0, 0, 0, 0,
+ 0, s2i_ocsp_nocheck,
+ 0, 0,
+ i2r_ocsp_nocheck, 0,
+ NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
+ NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
+ 0, 0, 0, 0,
+ 0, 0,
+ 0, 0,
+ i2r_ocsp_serviceloc, 0,
+ NULL
+};
+
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp,
+ int ind)
+{
+ OCSP_CRLID *a = in;
+ if (a->crlUrl) {
+ if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0)
+ goto err;
+ if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl))
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ if (a->crlNum) {
+ if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0)
+ goto err;
+ if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0)
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ if (a->crlTime) {
+ if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0)
+ goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime))
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0)
+ goto err;
+ }
+ return 1;
+ err:
+ return 0;
+}
+
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp,
+ int ind)
+{
+ if (BIO_printf(bp, "%*s", ind, "") <= 0)
+ return 0;
+ if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
+ return 0;
+ return 1;
+}
+
+static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
+{
+ if (BIO_printf(bp, "%*s", ind, "") <= 0)
+ return 0;
+ if (i2a_ASN1_OBJECT(bp, oid) <= 0)
+ return 0;
+ return 1;
+}
+
+/*
+ * OCSP nonce. This is needs special treatment because it doesn't have an
+ * ASN1 encoding at all: it just contains arbitrary data.
+ */
+
+static void *ocsp_nonce_new(void)
+{
+ return ASN1_OCTET_STRING_new();
+}
+
+static int i2d_ocsp_nonce(void *a, unsigned char **pp)
+{
+ ASN1_OCTET_STRING *os = a;
+ if (pp) {
+ memcpy(*pp, os->data, os->length);
+ *pp += os->length;
+ }
+ return os->length;
+}
+
+static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
+{
+ ASN1_OCTET_STRING *os, **pos;
+ pos = a;
+ if (!pos || !*pos)
+ os = ASN1_OCTET_STRING_new();
+ else
+ os = *pos;
+ if (!ASN1_OCTET_STRING_set(os, *pp, length))
+ goto err;
+
+ *pp += length;
+
+ if (pos)
+ *pos = os;
+ return os;
+
+ err:
+ if (os && (!pos || (*pos != os)))
+ M_ASN1_OCTET_STRING_free(os);
+ OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+}
+
+static void ocsp_nonce_free(void *a)
+{
+ M_ASN1_OCTET_STRING_free(a);
+}
+
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out,
+ int indent)
+{
+ if (BIO_printf(out, "%*s", indent, "") <= 0)
+ return 0;
+ if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0)
+ return 0;
+ return 1;
+}
+
+/* Nocheck is just a single NULL. Don't print anything and always set it */
+
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck,
+ BIO *out, int indent)
+{
+ return 1;
+}
+
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ const char *str)
+{
+ return ASN1_NULL_new();
+}
+
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp,
+ int ind)
+{
+ int i;
+ OCSP_SERVICELOC *a = in;
+ ACCESS_DESCRIPTION *ad;
+
+ if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0)
+ goto err;
+ if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0)
+ goto err;
+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) {
+ ad = sk_ACCESS_DESCRIPTION_value(a->locator, i);
+ if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0)
+ goto err;
+ if (i2a_ASN1_OBJECT(bp, ad->method) <= 0)
+ goto err;
+ if (BIO_puts(bp, " - ") <= 0)
+ goto err;
+ if (GENERAL_NAME_print(bp, ad->location) <= 0)
+ goto err;
+ }
+ return 1;
+ err:
+ return 0;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pci.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_pci.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pci.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,328 +0,0 @@
-/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
-/* Contributed to the OpenSSL Project 2004
- * by Richard Levitte (richard at levitte.org)
- */
-/* Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
- BIO *out, int indent);
-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *str);
-
-const X509V3_EXT_METHOD v3_pci =
- { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
- 0,0,0,0,
- 0,0,
- NULL, NULL,
- (X509V3_EXT_I2R)i2r_pci,
- (X509V3_EXT_R2I)r2i_pci,
- NULL,
- };
-
-static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
- BIO *out, int indent)
- {
- BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
- if (pci->pcPathLengthConstraint)
- i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
- else
- BIO_printf(out, "infinite");
- BIO_puts(out, "\n");
- BIO_printf(out, "%*sPolicy Language: ", indent, "");
- i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
- BIO_puts(out, "\n");
- if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
- BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
- pci->proxyPolicy->policy->data);
- return 1;
- }
-
-static int process_pci_value(CONF_VALUE *val,
- ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
- ASN1_OCTET_STRING **policy)
- {
- int free_policy = 0;
-
- if (strcmp(val->name, "language") == 0)
- {
- if (*language)
- {
- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
- X509V3_conf_err(val);
- return 0;
- }
- if (!(*language = OBJ_txt2obj(val->value, 0)))
- {
- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
- X509V3_conf_err(val);
- return 0;
- }
- }
- else if (strcmp(val->name, "pathlen") == 0)
- {
- if (*pathlen)
- {
- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
- X509V3_conf_err(val);
- return 0;
- }
- if (!X509V3_get_value_int(val, pathlen))
- {
- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH);
- X509V3_conf_err(val);
- return 0;
- }
- }
- else if (strcmp(val->name, "policy") == 0)
- {
- unsigned char *tmp_data = NULL;
- long val_len;
- if (!*policy)
- {
- *policy = ASN1_OCTET_STRING_new();
- if (!*policy)
- {
- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
- X509V3_conf_err(val);
- return 0;
- }
- free_policy = 1;
- }
- if (strncmp(val->value, "hex:", 4) == 0)
- {
- unsigned char *tmp_data2 =
- string_to_hex(val->value + 4, &val_len);
-
- if (!tmp_data2)
- {
- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
- X509V3_conf_err(val);
- goto err;
- }
-
- tmp_data = OPENSSL_realloc((*policy)->data,
- (*policy)->length + val_len + 1);
- if (tmp_data)
- {
- (*policy)->data = tmp_data;
- memcpy(&(*policy)->data[(*policy)->length],
- tmp_data2, val_len);
- (*policy)->length += val_len;
- (*policy)->data[(*policy)->length] = '\0';
- }
- else
- {
- OPENSSL_free(tmp_data2);
- /* realloc failure implies the original data space is b0rked too! */
- (*policy)->data = NULL;
- (*policy)->length = 0;
- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
- X509V3_conf_err(val);
- goto err;
- }
- OPENSSL_free(tmp_data2);
- }
- else if (strncmp(val->value, "file:", 5) == 0)
- {
- unsigned char buf[2048];
- int n;
- BIO *b = BIO_new_file(val->value + 5, "r");
- if (!b)
- {
- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
- X509V3_conf_err(val);
- goto err;
- }
- while((n = BIO_read(b, buf, sizeof(buf))) > 0
- || (n == 0 && BIO_should_retry(b)))
- {
- if (!n) continue;
-
- tmp_data = OPENSSL_realloc((*policy)->data,
- (*policy)->length + n + 1);
-
- if (!tmp_data)
- break;
-
- (*policy)->data = tmp_data;
- memcpy(&(*policy)->data[(*policy)->length],
- buf, n);
- (*policy)->length += n;
- (*policy)->data[(*policy)->length] = '\0';
- }
- BIO_free_all(b);
-
- if (n < 0)
- {
- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
- X509V3_conf_err(val);
- goto err;
- }
- }
- else if (strncmp(val->value, "text:", 5) == 0)
- {
- val_len = strlen(val->value + 5);
- tmp_data = OPENSSL_realloc((*policy)->data,
- (*policy)->length + val_len + 1);
- if (tmp_data)
- {
- (*policy)->data = tmp_data;
- memcpy(&(*policy)->data[(*policy)->length],
- val->value + 5, val_len);
- (*policy)->length += val_len;
- (*policy)->data[(*policy)->length] = '\0';
- }
- else
- {
- /* realloc failure implies the original data space is b0rked too! */
- (*policy)->data = NULL;
- (*policy)->length = 0;
- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
- X509V3_conf_err(val);
- goto err;
- }
- }
- else
- {
- X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
- X509V3_conf_err(val);
- goto err;
- }
- if (!tmp_data)
- {
- X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
- X509V3_conf_err(val);
- goto err;
- }
- }
- return 1;
-err:
- if (free_policy)
- {
- ASN1_OCTET_STRING_free(*policy);
- *policy = NULL;
- }
- return 0;
- }
-
-static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *value)
- {
- PROXY_CERT_INFO_EXTENSION *pci = NULL;
- STACK_OF(CONF_VALUE) *vals;
- ASN1_OBJECT *language = NULL;
- ASN1_INTEGER *pathlen = NULL;
- ASN1_OCTET_STRING *policy = NULL;
- int i, j;
-
- vals = X509V3_parse_list(value);
- for (i = 0; i < sk_CONF_VALUE_num(vals); i++)
- {
- CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
- if (!cnf->name || (*cnf->name != '@' && !cnf->value))
- {
- X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
- X509V3_conf_err(cnf);
- goto err;
- }
- if (*cnf->name == '@')
- {
- STACK_OF(CONF_VALUE) *sect;
- int success_p = 1;
-
- sect = X509V3_get_section(ctx, cnf->name + 1);
- if (!sect)
- {
- X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
- X509V3_conf_err(cnf);
- goto err;
- }
- for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)
- {
- success_p =
- process_pci_value(sk_CONF_VALUE_value(sect, j),
- &language, &pathlen, &policy);
- }
- X509V3_section_free(ctx, sect);
- if (!success_p)
- goto err;
- }
- else
- {
- if (!process_pci_value(cnf,
- &language, &pathlen, &policy))
- {
- X509V3_conf_err(cnf);
- goto err;
- }
- }
- }
-
- /* Language is mandatory */
- if (!language)
- {
- X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
- goto err;
- }
- i = OBJ_obj2nid(language);
- if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)
- {
- X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
- goto err;
- }
-
- pci = PROXY_CERT_INFO_EXTENSION_new();
- if (!pci)
- {
- X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- pci->proxyPolicy->policyLanguage = language; language = NULL;
- pci->proxyPolicy->policy = policy; policy = NULL;
- pci->pcPathLengthConstraint = pathlen; pathlen = NULL;
- goto end;
-err:
- if (language) { ASN1_OBJECT_free(language); language = NULL; }
- if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
- if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
- if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
-end:
- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
- return pci;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pci.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_pci.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pci.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pci.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,317 @@
+/* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Contributed to the OpenSSL Project 2004 by Richard Levitte
+ * (richard at levitte.org)
+ */
+/* Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
+ BIO *out, int indent);
+static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, char *str);
+
+const X509V3_EXT_METHOD v3_pci =
+ { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+ 0, 0, 0, 0,
+ 0, 0,
+ NULL, NULL,
+ (X509V3_EXT_I2R)i2r_pci,
+ (X509V3_EXT_R2I)r2i_pci,
+ NULL,
+};
+
+static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
+ BIO *out, int indent)
+{
+ BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
+ if (pci->pcPathLengthConstraint)
+ i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
+ else
+ BIO_printf(out, "infinite");
+ BIO_puts(out, "\n");
+ BIO_printf(out, "%*sPolicy Language: ", indent, "");
+ i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
+ BIO_puts(out, "\n");
+ if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
+ BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
+ pci->proxyPolicy->policy->data);
+ return 1;
+}
+
+static int process_pci_value(CONF_VALUE *val,
+ ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
+ ASN1_OCTET_STRING **policy)
+{
+ int free_policy = 0;
+
+ if (strcmp(val->name, "language") == 0) {
+ if (*language) {
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+ X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
+ X509V3_conf_err(val);
+ return 0;
+ }
+ if (!(*language = OBJ_txt2obj(val->value, 0))) {
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+ X509V3_R_INVALID_OBJECT_IDENTIFIER);
+ X509V3_conf_err(val);
+ return 0;
+ }
+ } else if (strcmp(val->name, "pathlen") == 0) {
+ if (*pathlen) {
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+ X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
+ X509V3_conf_err(val);
+ return 0;
+ }
+ if (!X509V3_get_value_int(val, pathlen)) {
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+ X509V3_R_POLICY_PATH_LENGTH);
+ X509V3_conf_err(val);
+ return 0;
+ }
+ } else if (strcmp(val->name, "policy") == 0) {
+ unsigned char *tmp_data = NULL;
+ long val_len;
+ if (!*policy) {
+ *policy = ASN1_OCTET_STRING_new();
+ if (!*policy) {
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+ X509V3_conf_err(val);
+ return 0;
+ }
+ free_policy = 1;
+ }
+ if (strncmp(val->value, "hex:", 4) == 0) {
+ unsigned char *tmp_data2 =
+ string_to_hex(val->value + 4, &val_len);
+
+ if (!tmp_data2) {
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+ X509V3_R_ILLEGAL_HEX_DIGIT);
+ X509V3_conf_err(val);
+ goto err;
+ }
+
+ tmp_data = OPENSSL_realloc((*policy)->data,
+ (*policy)->length + val_len + 1);
+ if (tmp_data) {
+ (*policy)->data = tmp_data;
+ memcpy(&(*policy)->data[(*policy)->length],
+ tmp_data2, val_len);
+ (*policy)->length += val_len;
+ (*policy)->data[(*policy)->length] = '\0';
+ } else {
+ OPENSSL_free(tmp_data2);
+ /*
+ * realloc failure implies the original data space is b0rked
+ * too!
+ */
+ (*policy)->data = NULL;
+ (*policy)->length = 0;
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ OPENSSL_free(tmp_data2);
+ } else if (strncmp(val->value, "file:", 5) == 0) {
+ unsigned char buf[2048];
+ int n;
+ BIO *b = BIO_new_file(val->value + 5, "r");
+ if (!b) {
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ while ((n = BIO_read(b, buf, sizeof(buf))) > 0
+ || (n == 0 && BIO_should_retry(b))) {
+ if (!n)
+ continue;
+
+ tmp_data = OPENSSL_realloc((*policy)->data,
+ (*policy)->length + n + 1);
+
+ if (!tmp_data)
+ break;
+
+ (*policy)->data = tmp_data;
+ memcpy(&(*policy)->data[(*policy)->length], buf, n);
+ (*policy)->length += n;
+ (*policy)->data[(*policy)->length] = '\0';
+ }
+ BIO_free_all(b);
+
+ if (n < 0) {
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ } else if (strncmp(val->value, "text:", 5) == 0) {
+ val_len = strlen(val->value + 5);
+ tmp_data = OPENSSL_realloc((*policy)->data,
+ (*policy)->length + val_len + 1);
+ if (tmp_data) {
+ (*policy)->data = tmp_data;
+ memcpy(&(*policy)->data[(*policy)->length],
+ val->value + 5, val_len);
+ (*policy)->length += val_len;
+ (*policy)->data[(*policy)->length] = '\0';
+ } else {
+ /*
+ * realloc failure implies the original data space is b0rked
+ * too!
+ */
+ (*policy)->data = NULL;
+ (*policy)->length = 0;
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ } else {
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+ X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ if (!tmp_data) {
+ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ }
+ return 1;
+ err:
+ if (free_policy) {
+ ASN1_OCTET_STRING_free(*policy);
+ *policy = NULL;
+ }
+ return 0;
+}
+
+static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, char *value)
+{
+ PROXY_CERT_INFO_EXTENSION *pci = NULL;
+ STACK_OF(CONF_VALUE) *vals;
+ ASN1_OBJECT *language = NULL;
+ ASN1_INTEGER *pathlen = NULL;
+ ASN1_OCTET_STRING *policy = NULL;
+ int i, j;
+
+ vals = X509V3_parse_list(value);
+ for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+ CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
+ if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {
+ X509V3err(X509V3_F_R2I_PCI,
+ X509V3_R_INVALID_PROXY_POLICY_SETTING);
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ if (*cnf->name == '@') {
+ STACK_OF(CONF_VALUE) *sect;
+ int success_p = 1;
+
+ sect = X509V3_get_section(ctx, cnf->name + 1);
+ if (!sect) {
+ X509V3err(X509V3_F_R2I_PCI, X509V3_R_INVALID_SECTION);
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) {
+ success_p =
+ process_pci_value(sk_CONF_VALUE_value(sect, j),
+ &language, &pathlen, &policy);
+ }
+ X509V3_section_free(ctx, sect);
+ if (!success_p)
+ goto err;
+ } else {
+ if (!process_pci_value(cnf, &language, &pathlen, &policy)) {
+ X509V3_conf_err(cnf);
+ goto err;
+ }
+ }
+ }
+
+ /* Language is mandatory */
+ if (!language) {
+ X509V3err(X509V3_F_R2I_PCI,
+ X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
+ goto err;
+ }
+ i = OBJ_obj2nid(language);
+ if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {
+ X509V3err(X509V3_F_R2I_PCI,
+ X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
+ goto err;
+ }
+
+ pci = PROXY_CERT_INFO_EXTENSION_new();
+ if (!pci) {
+ X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ pci->proxyPolicy->policyLanguage = language;
+ language = NULL;
+ pci->proxyPolicy->policy = policy;
+ policy = NULL;
+ pci->pcPathLengthConstraint = pathlen;
+ pathlen = NULL;
+ goto end;
+ err:
+ if (language) {
+ ASN1_OBJECT_free(language);
+ language = NULL;
+ }
+ if (pathlen) {
+ ASN1_INTEGER_free(pathlen);
+ pathlen = NULL;
+ }
+ if (policy) {
+ ASN1_OCTET_STRING_free(policy);
+ policy = NULL;
+ }
+ if (pci) {
+ PROXY_CERT_INFO_EXTENSION_free(pci);
+ pci = NULL;
+ }
+ end:
+ sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+ return pci;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcia.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_pcia.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcia.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,55 +0,0 @@
-/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */
-/* Contributed to the OpenSSL Project 2004
- * by Richard Levitte (richard at levitte.org)
- */
-/* Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the Institute nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-ASN1_SEQUENCE(PROXY_POLICY) =
- {
- ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
- ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(PROXY_POLICY)
-
-IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
-
-ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
- {
- ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
- ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
-} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
-
-IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcia.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_pcia.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcia.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcia.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,56 @@
+/* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */
+/*
+ * Contributed to the OpenSSL Project 2004 by Richard Levitte
+ * (richard at levitte.org)
+ */
+/* Copyright (c) 2004 Kungliga Tekniska H\xF6gskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(PROXY_POLICY) =
+ {
+ ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
+ ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(PROXY_POLICY)
+
+IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
+
+ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
+ {
+ ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
+ ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
+} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
+
+IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcons.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_pcons.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcons.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,136 +0,0 @@
-/* v3_pcons.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
- void *bcons, STACK_OF(CONF_VALUE) *extlist);
-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-
-const X509V3_EXT_METHOD v3_policy_constraints = {
-NID_policy_constraints, 0,
-ASN1_ITEM_ref(POLICY_CONSTRAINTS),
-0,0,0,0,
-0,0,
-i2v_POLICY_CONSTRAINTS,
-v2i_POLICY_CONSTRAINTS,
-NULL,NULL,
-NULL
-};
-
-ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
- ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
- ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
-} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
-
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
-
-
-static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
- void *a, STACK_OF(CONF_VALUE) *extlist)
-{
- POLICY_CONSTRAINTS *pcons = a;
- X509V3_add_value_int("Require Explicit Policy",
- pcons->requireExplicitPolicy, &extlist);
- X509V3_add_value_int("Inhibit Policy Mapping",
- pcons->inhibitPolicyMapping, &extlist);
- return extlist;
-}
-
-static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
-{
- POLICY_CONSTRAINTS *pcons=NULL;
- CONF_VALUE *val;
- int i;
- if(!(pcons = POLICY_CONSTRAINTS_new())) {
- X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
- val = sk_CONF_VALUE_value(values, i);
- if(!strcmp(val->name, "requireExplicitPolicy")) {
- if(!X509V3_get_value_int(val,
- &pcons->requireExplicitPolicy)) goto err;
- } else if(!strcmp(val->name, "inhibitPolicyMapping")) {
- if(!X509V3_get_value_int(val,
- &pcons->inhibitPolicyMapping)) goto err;
- } else {
- X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);
- X509V3_conf_err(val);
- goto err;
- }
- }
- if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
- X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_ILLEGAL_EMPTY_EXTENSION);
- goto err;
- }
-
- return pcons;
- err:
- POLICY_CONSTRAINTS_free(pcons);
- return NULL;
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcons.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_pcons.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcons.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pcons.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,141 @@
+/* v3_pcons.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
+ void *bcons,
+ STACK_OF(CONF_VALUE)
+ *extlist);
+static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_policy_constraints = {
+ NID_policy_constraints, 0,
+ ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+ 0, 0, 0, 0,
+ 0, 0,
+ i2v_POLICY_CONSTRAINTS,
+ v2i_POLICY_CONSTRAINTS,
+ NULL, NULL,
+ NULL
+};
+
+ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
+ ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
+ ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
+} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
+
+static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
+ void *a,
+ STACK_OF(CONF_VALUE)
+ *extlist)
+{
+ POLICY_CONSTRAINTS *pcons = a;
+ X509V3_add_value_int("Require Explicit Policy",
+ pcons->requireExplicitPolicy, &extlist);
+ X509V3_add_value_int("Inhibit Policy Mapping",
+ pcons->inhibitPolicyMapping, &extlist);
+ return extlist;
+}
+
+static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *values)
+{
+ POLICY_CONSTRAINTS *pcons = NULL;
+ CONF_VALUE *val;
+ int i;
+ if (!(pcons = POLICY_CONSTRAINTS_new())) {
+ X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+ val = sk_CONF_VALUE_value(values, i);
+ if (!strcmp(val->name, "requireExplicitPolicy")) {
+ if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy))
+ goto err;
+ } else if (!strcmp(val->name, "inhibitPolicyMapping")) {
+ if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping))
+ goto err;
+ } else {
+ X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);
+ X509V3_conf_err(val);
+ goto err;
+ }
+ }
+ if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
+ X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
+ X509V3_R_ILLEGAL_EMPTY_EXTENSION);
+ goto err;
+ }
+
+ return pcons;
+ err:
+ POLICY_CONSTRAINTS_free(pcons);
+ return NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pku.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_pku.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pku.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,108 +0,0 @@
-/* v3_pku.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
-/*
-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-*/
-const X509V3_EXT_METHOD v3_pkey_usage_period = {
-NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
-0,0,0,0,
-0,0,0,0,
-(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
-NULL
-};
-
-ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
- ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
- ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
-} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
-
-IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
-
-static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
- PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
-{
- BIO_printf(out, "%*s", indent, "");
- if(usage->notBefore) {
- BIO_write(out, "Not Before: ", 12);
- ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
- if(usage->notAfter) BIO_write(out, ", ", 2);
- }
- if(usage->notAfter) {
- BIO_write(out, "Not After: ", 11);
- ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
- }
- return 1;
-}
-
-/*
-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
-X509V3_EXT_METHOD *method;
-X509V3_CTX *ctx;
-STACK_OF(CONF_VALUE) *values;
-{
-return NULL;
-}
-*/
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pku.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_pku.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pku.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pku.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,114 @@
+/* v3_pku.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+ PKEY_USAGE_PERIOD *usage, BIO *out,
+ int indent);
+/*
+ * static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+ * X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+ */
+const X509V3_EXT_METHOD v3_pkey_usage_period = {
+ NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+ 0, 0, 0, 0,
+ 0, 0, 0, 0,
+ (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
+ NULL
+};
+
+ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
+ ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
+ ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
+} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+ PKEY_USAGE_PERIOD *usage, BIO *out,
+ int indent)
+{
+ BIO_printf(out, "%*s", indent, "");
+ if (usage->notBefore) {
+ BIO_write(out, "Not Before: ", 12);
+ ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
+ if (usage->notAfter)
+ BIO_write(out, ", ", 2);
+ }
+ if (usage->notAfter) {
+ BIO_write(out, "Not After: ", 11);
+ ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
+ }
+ return 1;
+}
+
+/*-
+static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK_OF(CONF_VALUE) *values;
+{
+return NULL;
+}
+*/
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pmaps.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_pmaps.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pmaps.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,153 +0,0 @@
-/* v3_pmaps.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1t.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
- void *pmps, STACK_OF(CONF_VALUE) *extlist);
-
-const X509V3_EXT_METHOD v3_policy_mappings = {
- NID_policy_mappings, 0,
- ASN1_ITEM_ref(POLICY_MAPPINGS),
- 0,0,0,0,
- 0,0,
- i2v_POLICY_MAPPINGS,
- v2i_POLICY_MAPPINGS,
- 0,0,
- NULL
-};
-
-ASN1_SEQUENCE(POLICY_MAPPING) = {
- ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT),
- ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT)
-} ASN1_SEQUENCE_END(POLICY_MAPPING)
-
-ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) =
- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS,
- POLICY_MAPPING)
-ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
-
-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
-
-
-static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
- void *a, STACK_OF(CONF_VALUE) *ext_list)
-{
- POLICY_MAPPINGS *pmaps = a;
- POLICY_MAPPING *pmap;
- int i;
- char obj_tmp1[80];
- char obj_tmp2[80];
- for(i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
- pmap = sk_POLICY_MAPPING_value(pmaps, i);
- i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);
- i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy);
- X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list);
- }
- return ext_list;
-}
-
-static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-{
- POLICY_MAPPINGS *pmaps;
- POLICY_MAPPING *pmap;
- ASN1_OBJECT *obj1, *obj2;
- CONF_VALUE *val;
- int i;
-
- if(!(pmaps = sk_POLICY_MAPPING_new_null())) {
- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- val = sk_CONF_VALUE_value(nval, i);
- if(!val->value || !val->name) {
- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER);
- X509V3_conf_err(val);
- return NULL;
- }
- obj1 = OBJ_txt2obj(val->name, 0);
- obj2 = OBJ_txt2obj(val->value, 0);
- if(!obj1 || !obj2) {
- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER);
- X509V3_conf_err(val);
- return NULL;
- }
- pmap = POLICY_MAPPING_new();
- if (!pmap) {
- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
- X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- pmap->issuerDomainPolicy = obj1;
- pmap->subjectDomainPolicy = obj2;
- sk_POLICY_MAPPING_push(pmaps, pmap);
- }
- return pmaps;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pmaps.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_pmaps.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pmaps.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_pmaps.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,157 @@
+/* v3_pmaps.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
+ void *pmps,
+ STACK_OF(CONF_VALUE)
+ *extlist);
+
+const X509V3_EXT_METHOD v3_policy_mappings = {
+ NID_policy_mappings, 0,
+ ASN1_ITEM_ref(POLICY_MAPPINGS),
+ 0, 0, 0, 0,
+ 0, 0,
+ i2v_POLICY_MAPPINGS,
+ v2i_POLICY_MAPPINGS,
+ 0, 0,
+ NULL
+};
+
+ASN1_SEQUENCE(POLICY_MAPPING) = {
+ ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT),
+ ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT)
+} ASN1_SEQUENCE_END(POLICY_MAPPING)
+
+ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) =
+ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS,
+ POLICY_MAPPING)
+ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
+
+static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
+ void *a, STACK_OF(CONF_VALUE)
+ *ext_list)
+{
+ POLICY_MAPPINGS *pmaps = a;
+ POLICY_MAPPING *pmap;
+ int i;
+ char obj_tmp1[80];
+ char obj_tmp2[80];
+ for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
+ pmap = sk_POLICY_MAPPING_value(pmaps, i);
+ i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);
+ i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy);
+ X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list);
+ }
+ return ext_list;
+}
+
+static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+ POLICY_MAPPINGS *pmaps;
+ POLICY_MAPPING *pmap;
+ ASN1_OBJECT *obj1, *obj2;
+ CONF_VALUE *val;
+ int i;
+
+ if (!(pmaps = sk_POLICY_MAPPING_new_null())) {
+ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ val = sk_CONF_VALUE_value(nval, i);
+ if (!val->value || !val->name) {
+ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
+ X509V3_R_INVALID_OBJECT_IDENTIFIER);
+ X509V3_conf_err(val);
+ return NULL;
+ }
+ obj1 = OBJ_txt2obj(val->name, 0);
+ obj2 = OBJ_txt2obj(val->value, 0);
+ if (!obj1 || !obj2) {
+ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
+ X509V3_R_INVALID_OBJECT_IDENTIFIER);
+ X509V3_conf_err(val);
+ return NULL;
+ }
+ pmap = POLICY_MAPPING_new();
+ if (!pmap) {
+ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+ X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ pmap->issuerDomainPolicy = obj1;
+ pmap->subjectDomainPolicy = obj2;
+ sk_POLICY_MAPPING_push(pmaps, pmap);
+ }
+ return pmaps;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_prn.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_prn.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_prn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,234 +0,0 @@
-/* v3_prn.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* X509 v3 extension utilities */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-/* Extension printing routines */
-
-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
-
-/* Print out a name+value stack */
-
-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
-{
- int i;
- CONF_VALUE *nval;
- if(!val) return;
- if(!ml || !sk_CONF_VALUE_num(val)) {
- BIO_printf(out, "%*s", indent, "");
- if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
- }
- for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
- if(ml) BIO_printf(out, "%*s", indent, "");
- else if(i > 0) BIO_printf(out, ", ");
- nval = sk_CONF_VALUE_value(val, i);
- if(!nval->name) BIO_puts(out, nval->value);
- else if(!nval->value) BIO_puts(out, nval->name);
-#ifndef CHARSET_EBCDIC
- else BIO_printf(out, "%s:%s", nval->name, nval->value);
-#else
- else {
- int len;
- char *tmp;
- len = strlen(nval->value)+1;
- tmp = OPENSSL_malloc(len);
- if (tmp)
- {
- ascii2ebcdic(tmp, nval->value, len);
- BIO_printf(out, "%s:%s", nval->name, tmp);
- OPENSSL_free(tmp);
- }
- }
-#endif
- if(ml) BIO_puts(out, "\n");
- }
-}
-
-/* Main routine: print out a general extension */
-
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
-{
- void *ext_str = NULL;
- char *value = NULL;
- const unsigned char *p;
- X509V3_EXT_METHOD *method;
- STACK_OF(CONF_VALUE) *nval = NULL;
- int ok = 1;
-
- if(!(method = X509V3_EXT_get(ext)))
- return unknown_ext_print(out, ext, flag, indent, 0);
- p = ext->value->data;
- if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
- else ext_str = method->d2i(NULL, &p, ext->value->length);
-
- if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
-
- if(method->i2s) {
- if(!(value = method->i2s(method, ext_str))) {
- ok = 0;
- goto err;
- }
-#ifndef CHARSET_EBCDIC
- BIO_printf(out, "%*s%s", indent, "", value);
-#else
- {
- int len;
- char *tmp;
- len = strlen(value)+1;
- tmp = OPENSSL_malloc(len);
- if (tmp)
- {
- ascii2ebcdic(tmp, value, len);
- BIO_printf(out, "%*s%s", indent, "", tmp);
- OPENSSL_free(tmp);
- }
- }
-#endif
- } else if(method->i2v) {
- if(!(nval = method->i2v(method, ext_str, NULL))) {
- ok = 0;
- goto err;
- }
- X509V3_EXT_val_prn(out, nval, indent,
- method->ext_flags & X509V3_EXT_MULTILINE);
- } else if(method->i2r) {
- if(!method->i2r(method, ext_str, out, indent)) ok = 0;
- } else ok = 0;
-
- err:
- sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
- if(value) OPENSSL_free(value);
- if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
- else method->ext_free(ext_str);
- return ok;
-}
-
-int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
-{
- int i, j;
-
- if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
-
- if(title)
- {
- BIO_printf(bp,"%*s%s:\n",indent, "", title);
- indent += 4;
- }
-
- for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
- {
- ASN1_OBJECT *obj;
- X509_EXTENSION *ex;
- ex=sk_X509_EXTENSION_value(exts, i);
- if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
- obj=X509_EXTENSION_get_object(ex);
- i2a_ASN1_OBJECT(bp,obj);
- j=X509_EXTENSION_get_critical(ex);
- if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
- return 0;
- if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
- {
- BIO_printf(bp, "%*s", indent + 4, "");
- M_ASN1_OCTET_STRING_print(bp,ex->value);
- }
- if (BIO_write(bp,"\n",1) <= 0) return 0;
- }
- return 1;
-}
-
-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
-{
- switch(flag & X509V3_EXT_UNKNOWN_MASK) {
-
- case X509V3_EXT_DEFAULT:
- return 0;
-
- case X509V3_EXT_ERROR_UNKNOWN:
- if(supported)
- BIO_printf(out, "%*s<Parse Error>", indent, "");
- else
- BIO_printf(out, "%*s<Not Supported>", indent, "");
- return 1;
-
- case X509V3_EXT_PARSE_UNKNOWN:
- return ASN1_parse_dump(out,
- ext->value->data, ext->value->length, indent, -1);
- case X509V3_EXT_DUMP_UNKNOWN:
- return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
-
- default:
- return 1;
- }
-}
-
-
-#ifndef OPENSSL_NO_FP_API
-int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
-{
- BIO *bio_tmp;
- int ret;
- if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
- ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
- BIO_free(bio_tmp);
- return ret;
-}
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_prn.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_prn.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_prn.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_prn.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,259 @@
+/* v3_prn.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+/* Extension printing routines */
+
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext,
+ unsigned long flag, int indent, int supported);
+
+/* Print out a name+value stack */
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+ int ml)
+{
+ int i;
+ CONF_VALUE *nval;
+ if (!val)
+ return;
+ if (!ml || !sk_CONF_VALUE_num(val)) {
+ BIO_printf(out, "%*s", indent, "");
+ if (!sk_CONF_VALUE_num(val))
+ BIO_puts(out, "<EMPTY>\n");
+ }
+ for (i = 0; i < sk_CONF_VALUE_num(val); i++) {
+ if (ml)
+ BIO_printf(out, "%*s", indent, "");
+ else if (i > 0)
+ BIO_printf(out, ", ");
+ nval = sk_CONF_VALUE_value(val, i);
+ if (!nval->name)
+ BIO_puts(out, nval->value);
+ else if (!nval->value)
+ BIO_puts(out, nval->name);
+#ifndef CHARSET_EBCDIC
+ else
+ BIO_printf(out, "%s:%s", nval->name, nval->value);
+#else
+ else {
+ int len;
+ char *tmp;
+ len = strlen(nval->value) + 1;
+ tmp = OPENSSL_malloc(len);
+ if (tmp) {
+ ascii2ebcdic(tmp, nval->value, len);
+ BIO_printf(out, "%s:%s", nval->name, tmp);
+ OPENSSL_free(tmp);
+ }
+ }
+#endif
+ if (ml)
+ BIO_puts(out, "\n");
+ }
+}
+
+/* Main routine: print out a general extension */
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+ int indent)
+{
+ void *ext_str = NULL;
+ char *value = NULL;
+ const unsigned char *p;
+ X509V3_EXT_METHOD *method;
+ STACK_OF(CONF_VALUE) *nval = NULL;
+ int ok = 1;
+
+ if (!(method = X509V3_EXT_get(ext)))
+ return unknown_ext_print(out, ext, flag, indent, 0);
+ p = ext->value->data;
+ if (method->it)
+ ext_str =
+ ASN1_item_d2i(NULL, &p, ext->value->length,
+ ASN1_ITEM_ptr(method->it));
+ else
+ ext_str = method->d2i(NULL, &p, ext->value->length);
+
+ if (!ext_str)
+ return unknown_ext_print(out, ext, flag, indent, 1);
+
+ if (method->i2s) {
+ if (!(value = method->i2s(method, ext_str))) {
+ ok = 0;
+ goto err;
+ }
+#ifndef CHARSET_EBCDIC
+ BIO_printf(out, "%*s%s", indent, "", value);
+#else
+ {
+ int len;
+ char *tmp;
+ len = strlen(value) + 1;
+ tmp = OPENSSL_malloc(len);
+ if (tmp) {
+ ascii2ebcdic(tmp, value, len);
+ BIO_printf(out, "%*s%s", indent, "", tmp);
+ OPENSSL_free(tmp);
+ }
+ }
+#endif
+ } else if (method->i2v) {
+ if (!(nval = method->i2v(method, ext_str, NULL))) {
+ ok = 0;
+ goto err;
+ }
+ X509V3_EXT_val_prn(out, nval, indent,
+ method->ext_flags & X509V3_EXT_MULTILINE);
+ } else if (method->i2r) {
+ if (!method->i2r(method, ext_str, out, indent))
+ ok = 0;
+ } else
+ ok = 0;
+
+ err:
+ sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+ if (value)
+ OPENSSL_free(value);
+ if (method->it)
+ ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
+ else
+ method->ext_free(ext_str);
+ return ok;
+}
+
+int X509V3_extensions_print(BIO *bp, char *title,
+ STACK_OF(X509_EXTENSION) *exts,
+ unsigned long flag, int indent)
+{
+ int i, j;
+
+ if (sk_X509_EXTENSION_num(exts) <= 0)
+ return 1;
+
+ if (title) {
+ BIO_printf(bp, "%*s%s:\n", indent, "", title);
+ indent += 4;
+ }
+
+ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+ ASN1_OBJECT *obj;
+ X509_EXTENSION *ex;
+ ex = sk_X509_EXTENSION_value(exts, i);
+ if (indent && BIO_printf(bp, "%*s", indent, "") <= 0)
+ return 0;
+ obj = X509_EXTENSION_get_object(ex);
+ i2a_ASN1_OBJECT(bp, obj);
+ j = X509_EXTENSION_get_critical(ex);
+ if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0)
+ return 0;
+ if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) {
+ BIO_printf(bp, "%*s", indent + 4, "");
+ M_ASN1_OCTET_STRING_print(bp, ex->value);
+ }
+ if (BIO_write(bp, "\n", 1) <= 0)
+ return 0;
+ }
+ return 1;
+}
+
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext,
+ unsigned long flag, int indent, int supported)
+{
+ switch (flag & X509V3_EXT_UNKNOWN_MASK) {
+
+ case X509V3_EXT_DEFAULT:
+ return 0;
+
+ case X509V3_EXT_ERROR_UNKNOWN:
+ if (supported)
+ BIO_printf(out, "%*s<Parse Error>", indent, "");
+ else
+ BIO_printf(out, "%*s<Not Supported>", indent, "");
+ return 1;
+
+ case X509V3_EXT_PARSE_UNKNOWN:
+ return ASN1_parse_dump(out,
+ ext->value->data, ext->value->length, indent,
+ -1);
+ case X509V3_EXT_DUMP_UNKNOWN:
+ return BIO_dump_indent(out, (char *)ext->value->data,
+ ext->value->length, indent);
+
+ default:
+ return 1;
+ }
+}
+
+#ifndef OPENSSL_NO_FP_API
+int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
+{
+ BIO *bio_tmp;
+ int ret;
+ if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)))
+ return 0;
+ ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
+ BIO_free(bio_tmp);
+ return ret;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_purp.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_purp.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_purp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,663 +0,0 @@
-/* v3_purp.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-#include <openssl/x509_vfy.h>
-
-static void x509v3_cache_extensions(X509 *x);
-
-static int check_ssl_ca(const X509 *x);
-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int purpose_smime(const X509 *x, int ca);
-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
-
-static int xp_cmp(const X509_PURPOSE * const *a,
- const X509_PURPOSE * const *b);
-static void xptable_free(X509_PURPOSE *p);
-
-static X509_PURPOSE xstandard[] = {
- {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
- {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
- {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
- {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
- {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
- {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
- {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
- {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
-};
-
-#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
-
-IMPLEMENT_STACK_OF(X509_PURPOSE)
-
-static STACK_OF(X509_PURPOSE) *xptable = NULL;
-
-static int xp_cmp(const X509_PURPOSE * const *a,
- const X509_PURPOSE * const *b)
-{
- return (*a)->purpose - (*b)->purpose;
-}
-
-/* As much as I'd like to make X509_check_purpose use a "const" X509*
- * I really can't because it does recalculate hashes and do other non-const
- * things. */
-int X509_check_purpose(X509 *x, int id, int ca)
-{
- int idx;
- const X509_PURPOSE *pt;
- if(!(x->ex_flags & EXFLAG_SET)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
- x509v3_cache_extensions(x);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
- }
- if(id == -1) return 1;
- idx = X509_PURPOSE_get_by_id(id);
- if(idx == -1) return -1;
- pt = X509_PURPOSE_get0(idx);
- return pt->check_purpose(pt, x, ca);
-}
-
-int X509_PURPOSE_set(int *p, int purpose)
-{
- if(X509_PURPOSE_get_by_id(purpose) == -1) {
- X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
- return 0;
- }
- *p = purpose;
- return 1;
-}
-
-int X509_PURPOSE_get_count(void)
-{
- if(!xptable) return X509_PURPOSE_COUNT;
- return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
-}
-
-X509_PURPOSE * X509_PURPOSE_get0(int idx)
-{
- if(idx < 0) return NULL;
- if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx;
- return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
-}
-
-int X509_PURPOSE_get_by_sname(char *sname)
-{
- int i;
- X509_PURPOSE *xptmp;
- for(i = 0; i < X509_PURPOSE_get_count(); i++) {
- xptmp = X509_PURPOSE_get0(i);
- if(!strcmp(xptmp->sname, sname)) return i;
- }
- return -1;
-}
-
-int X509_PURPOSE_get_by_id(int purpose)
-{
- X509_PURPOSE tmp;
- int idx;
- if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
- return purpose - X509_PURPOSE_MIN;
- tmp.purpose = purpose;
- if(!xptable) return -1;
- idx = sk_X509_PURPOSE_find(xptable, &tmp);
- if(idx == -1) return -1;
- return idx + X509_PURPOSE_COUNT;
-}
-
-int X509_PURPOSE_add(int id, int trust, int flags,
- int (*ck)(const X509_PURPOSE *, const X509 *, int),
- char *name, char *sname, void *arg)
-{
- int idx;
- X509_PURPOSE *ptmp;
- /* This is set according to what we change: application can't set it */
- flags &= ~X509_PURPOSE_DYNAMIC;
- /* This will always be set for application modified trust entries */
- flags |= X509_PURPOSE_DYNAMIC_NAME;
- /* Get existing entry if any */
- idx = X509_PURPOSE_get_by_id(id);
- /* Need a new entry */
- if(idx == -1) {
- if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
- X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- ptmp->flags = X509_PURPOSE_DYNAMIC;
- } else ptmp = X509_PURPOSE_get0(idx);
-
- /* OPENSSL_free existing name if dynamic */
- if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
- OPENSSL_free(ptmp->name);
- OPENSSL_free(ptmp->sname);
- }
- /* dup supplied name */
- ptmp->name = BUF_strdup(name);
- ptmp->sname = BUF_strdup(sname);
- if(!ptmp->name || !ptmp->sname) {
- X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- /* Keep the dynamic flag of existing entry */
- ptmp->flags &= X509_PURPOSE_DYNAMIC;
- /* Set all other flags */
- ptmp->flags |= flags;
-
- ptmp->purpose = id;
- ptmp->trust = trust;
- ptmp->check_purpose = ck;
- ptmp->usr_data = arg;
-
- /* If its a new entry manage the dynamic table */
- if(idx == -1) {
- if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
- X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
- X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
- return 1;
-}
-
-static void xptable_free(X509_PURPOSE *p)
- {
- if(!p) return;
- if (p->flags & X509_PURPOSE_DYNAMIC)
- {
- if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
- OPENSSL_free(p->name);
- OPENSSL_free(p->sname);
- }
- OPENSSL_free(p);
- }
- }
-
-void X509_PURPOSE_cleanup(void)
-{
- unsigned int i;
- sk_X509_PURPOSE_pop_free(xptable, xptable_free);
- for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
- xptable = NULL;
-}
-
-int X509_PURPOSE_get_id(X509_PURPOSE *xp)
-{
- return xp->purpose;
-}
-
-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
-{
- return xp->name;
-}
-
-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
-{
- return xp->sname;
-}
-
-int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
-{
- return xp->trust;
-}
-
-static int nid_cmp(int *a, int *b)
- {
- return *a - *b;
- }
-
-int X509_supported_extension(X509_EXTENSION *ex)
- {
- /* This table is a list of the NIDs of supported extensions:
- * that is those which are used by the verify process. If
- * an extension is critical and doesn't appear in this list
- * then the verify process will normally reject the certificate.
- * The list must be kept in numerical order because it will be
- * searched using bsearch.
- */
-
- static int supported_nids[] = {
- NID_netscape_cert_type, /* 71 */
- NID_key_usage, /* 83 */
- NID_subject_alt_name, /* 85 */
- NID_basic_constraints, /* 87 */
- NID_certificate_policies, /* 89 */
- NID_ext_key_usage, /* 126 */
-#ifndef OPENSSL_NO_RFC3779
- NID_sbgp_ipAddrBlock, /* 290 */
- NID_sbgp_autonomousSysNum, /* 291 */
-#endif
- NID_policy_constraints, /* 401 */
- NID_proxyCertInfo, /* 661 */
- NID_inhibit_any_policy /* 748 */
- };
-
- int ex_nid;
-
- ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
-
- if (ex_nid == NID_undef)
- return 0;
-
- if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
- sizeof(supported_nids)/sizeof(int), sizeof(int),
- (int (*)(const void *, const void *))nid_cmp))
- return 1;
- return 0;
- }
-
-
-static void x509v3_cache_extensions(X509 *x)
-{
- BASIC_CONSTRAINTS *bs;
- PROXY_CERT_INFO_EXTENSION *pci;
- ASN1_BIT_STRING *usage;
- ASN1_BIT_STRING *ns;
- EXTENDED_KEY_USAGE *extusage;
- X509_EXTENSION *ex;
-
- int i;
- if(x->ex_flags & EXFLAG_SET) return;
-#ifndef OPENSSL_NO_SHA
- X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
-#endif
- /* Does subject name match issuer ? */
- if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
- x->ex_flags |= EXFLAG_SI;
- /* V1 should mean no extensions ... */
- if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
- /* Handle basic constraints */
- if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
- if(bs->ca) x->ex_flags |= EXFLAG_CA;
- if(bs->pathlen) {
- if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
- || !bs->ca) {
- x->ex_flags |= EXFLAG_INVALID;
- x->ex_pathlen = 0;
- } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
- } else x->ex_pathlen = -1;
- BASIC_CONSTRAINTS_free(bs);
- x->ex_flags |= EXFLAG_BCONS;
- }
- /* Handle proxy certificates */
- if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
- if (x->ex_flags & EXFLAG_CA
- || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
- || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
- x->ex_flags |= EXFLAG_INVALID;
- }
- if (pci->pcPathLengthConstraint) {
- x->ex_pcpathlen =
- ASN1_INTEGER_get(pci->pcPathLengthConstraint);
- } else x->ex_pcpathlen = -1;
- PROXY_CERT_INFO_EXTENSION_free(pci);
- x->ex_flags |= EXFLAG_PROXY;
- }
- /* Handle key usage */
- if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
- if(usage->length > 0) {
- x->ex_kusage = usage->data[0];
- if(usage->length > 1)
- x->ex_kusage |= usage->data[1] << 8;
- } else x->ex_kusage = 0;
- x->ex_flags |= EXFLAG_KUSAGE;
- ASN1_BIT_STRING_free(usage);
- }
- x->ex_xkusage = 0;
- if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
- x->ex_flags |= EXFLAG_XKUSAGE;
- for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
- switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
- case NID_server_auth:
- x->ex_xkusage |= XKU_SSL_SERVER;
- break;
-
- case NID_client_auth:
- x->ex_xkusage |= XKU_SSL_CLIENT;
- break;
-
- case NID_email_protect:
- x->ex_xkusage |= XKU_SMIME;
- break;
-
- case NID_code_sign:
- x->ex_xkusage |= XKU_CODE_SIGN;
- break;
-
- case NID_ms_sgc:
- case NID_ns_sgc:
- x->ex_xkusage |= XKU_SGC;
- break;
-
- case NID_OCSP_sign:
- x->ex_xkusage |= XKU_OCSP_SIGN;
- break;
-
- case NID_time_stamp:
- x->ex_xkusage |= XKU_TIMESTAMP;
- break;
-
- case NID_dvcs:
- x->ex_xkusage |= XKU_DVCS;
- break;
- }
- }
- sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
- }
-
- if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
- if(ns->length > 0) x->ex_nscert = ns->data[0];
- else x->ex_nscert = 0;
- x->ex_flags |= EXFLAG_NSCERT;
- ASN1_BIT_STRING_free(ns);
- }
- x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
- x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
-#ifndef OPENSSL_NO_RFC3779
- x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
- x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
- NULL, NULL);
-#endif
- for (i = 0; i < X509_get_ext_count(x); i++)
- {
- ex = X509_get_ext(x, i);
- if (!X509_EXTENSION_get_critical(ex))
- continue;
- if (!X509_supported_extension(ex))
- {
- x->ex_flags |= EXFLAG_CRITICAL;
- break;
- }
- }
- x->ex_flags |= EXFLAG_SET;
-}
-
-/* CA checks common to all purposes
- * return codes:
- * 0 not a CA
- * 1 is a CA
- * 2 basicConstraints absent so "maybe" a CA
- * 3 basicConstraints absent but self signed V1.
- * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
- */
-
-#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
-#define ku_reject(x, usage) \
- (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-#define xku_reject(x, usage) \
- (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
-#define ns_reject(x, usage) \
- (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
-
-static int check_ca(const X509 *x)
-{
- /* keyUsage if present should allow cert signing */
- if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
- if(x->ex_flags & EXFLAG_BCONS) {
- if(x->ex_flags & EXFLAG_CA) return 1;
- /* If basicConstraints says not a CA then say so */
- else return 0;
- } else {
- /* we support V1 roots for... uh, I don't really know why. */
- if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
- /* If key usage present it must have certSign so tolerate it */
- else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
- /* Older certificates could have Netscape-specific CA types */
- else if (x->ex_flags & EXFLAG_NSCERT
- && x->ex_nscert & NS_ANY_CA) return 5;
- /* can this still be regarded a CA certificate? I doubt it */
- return 0;
- }
-}
-
-int X509_check_ca(X509 *x)
-{
- if(!(x->ex_flags & EXFLAG_SET)) {
- CRYPTO_w_lock(CRYPTO_LOCK_X509);
- x509v3_cache_extensions(x);
- CRYPTO_w_unlock(CRYPTO_LOCK_X509);
- }
-
- return check_ca(x);
-}
-
-/* Check SSL CA: common checks for SSL client and server */
-static int check_ssl_ca(const X509 *x)
-{
- int ca_ret;
- ca_ret = check_ca(x);
- if(!ca_ret) return 0;
- /* check nsCertType if present */
- if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret;
- else return 0;
-}
-
-
-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
- if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
- if(ca) return check_ssl_ca(x);
- /* We need to do digital signatures with it */
- if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
- /* nsCertType if present should allow SSL client use */
- if(ns_reject(x, NS_SSL_CLIENT)) return 0;
- return 1;
-}
-
-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
- if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
- if(ca) return check_ssl_ca(x);
-
- if(ns_reject(x, NS_SSL_SERVER)) return 0;
- /* Now as for keyUsage: we'll at least need to sign OR encipher */
- if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
-
- return 1;
-
-}
-
-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
- int ret;
- ret = check_purpose_ssl_server(xp, x, ca);
- if(!ret || ca) return ret;
- /* We need to encipher or Netscape complains */
- if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
- return ret;
-}
-
-/* common S/MIME checks */
-static int purpose_smime(const X509 *x, int ca)
-{
- if(xku_reject(x,XKU_SMIME)) return 0;
- if(ca) {
- int ca_ret;
- ca_ret = check_ca(x);
- if(!ca_ret) return 0;
- /* check nsCertType if present */
- if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret;
- else return 0;
- }
- if(x->ex_flags & EXFLAG_NSCERT) {
- if(x->ex_nscert & NS_SMIME) return 1;
- /* Workaround for some buggy certificates */
- if(x->ex_nscert & NS_SSL_CLIENT) return 2;
- return 0;
- }
- return 1;
-}
-
-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
- int ret;
- ret = purpose_smime(x, ca);
- if(!ret || ca) return ret;
- if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
- return ret;
-}
-
-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
- int ret;
- ret = purpose_smime(x, ca);
- if(!ret || ca) return ret;
- if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
- return ret;
-}
-
-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
- if(ca) {
- int ca_ret;
- if((ca_ret = check_ca(x)) != 2) return ca_ret;
- else return 0;
- }
- if(ku_reject(x, KU_CRL_SIGN)) return 0;
- return 1;
-}
-
-/* OCSP helper: this is *not* a full OCSP check. It just checks that
- * each CA is valid. Additional checks must be made on the chain.
- */
-
-static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
- /* Must be a valid CA. Should we really support the "I don't know"
- value (2)? */
- if(ca) return check_ca(x);
- /* leaf certificate is checked in OCSP_verify() */
- return 1;
-}
-
-static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
-{
- return 1;
-}
-
-/* Various checks to see if one certificate issued the second.
- * This can be used to prune a set of possible issuer certificates
- * which have been looked up using some simple method such as by
- * subject name.
- * These are:
- * 1. Check issuer_name(subject) == subject_name(issuer)
- * 2. If akid(subject) exists check it matches issuer
- * 3. If key_usage(issuer) exists check it supports certificate signing
- * returns 0 for OK, positive for reason for mismatch, reasons match
- * codes for X509_verify_cert()
- */
-
-int X509_check_issued(X509 *issuer, X509 *subject)
-{
- if(X509_NAME_cmp(X509_get_subject_name(issuer),
- X509_get_issuer_name(subject)))
- return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
- x509v3_cache_extensions(issuer);
- x509v3_cache_extensions(subject);
- if(subject->akid) {
- /* Check key ids (if present) */
- if(subject->akid->keyid && issuer->skid &&
- ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
- return X509_V_ERR_AKID_SKID_MISMATCH;
- /* Check serial number */
- if(subject->akid->serial &&
- ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
- subject->akid->serial))
- return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
- /* Check issuer name */
- if(subject->akid->issuer) {
- /* Ugh, for some peculiar reason AKID includes
- * SEQUENCE OF GeneralName. So look for a DirName.
- * There may be more than one but we only take any
- * notice of the first.
- */
- GENERAL_NAMES *gens;
- GENERAL_NAME *gen;
- X509_NAME *nm = NULL;
- int i;
- gens = subject->akid->issuer;
- for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
- gen = sk_GENERAL_NAME_value(gens, i);
- if(gen->type == GEN_DIRNAME) {
- nm = gen->d.dirn;
- break;
- }
- }
- if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
- return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
- }
- }
- if(subject->ex_flags & EXFLAG_PROXY)
- {
- if(ku_reject(issuer, KU_DIGITAL_SIGNATURE))
- return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
- }
- else if(ku_reject(issuer, KU_KEY_CERT_SIGN))
- return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
- return X509_V_OK;
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_purp.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_purp.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_purp.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_purp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,736 @@
+/* v3_purp.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+#include <openssl/x509_vfy.h>
+
+static void x509v3_cache_extensions(X509 *x);
+
+static int check_ssl_ca(const X509 *x);
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
+ int ca);
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+ int ca);
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+ int ca);
+static int purpose_smime(const X509 *x, int ca);
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
+ int ca);
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
+ int ca);
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
+ int ca);
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
+
+static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b);
+static void xptable_free(X509_PURPOSE *p);
+
+static X509_PURPOSE xstandard[] = {
+ {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0,
+ check_purpose_ssl_client, "SSL client", "sslclient", NULL},
+ {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
+ check_purpose_ssl_server, "SSL server", "sslserver", NULL},
+ {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
+ check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
+ {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign,
+ "S/MIME signing", "smimesign", NULL},
+ {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0,
+ check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
+ {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign,
+ "CRL signing", "crlsign", NULL},
+ {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any",
+ NULL},
+ {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper,
+ "OCSP helper", "ocsphelper", NULL},
+};
+
+#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
+
+IMPLEMENT_STACK_OF(X509_PURPOSE)
+
+static STACK_OF(X509_PURPOSE) *xptable = NULL;
+
+static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b)
+{
+ return (*a)->purpose - (*b)->purpose;
+}
+
+/*
+ * As much as I'd like to make X509_check_purpose use a "const" X509* I
+ * really can't because it does recalculate hashes and do other non-const
+ * things.
+ */
+int X509_check_purpose(X509 *x, int id, int ca)
+{
+ int idx;
+ const X509_PURPOSE *pt;
+ if (!(x->ex_flags & EXFLAG_SET)) {
+ CRYPTO_w_lock(CRYPTO_LOCK_X509);
+ x509v3_cache_extensions(x);
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+ }
+ if (id == -1)
+ return 1;
+ idx = X509_PURPOSE_get_by_id(id);
+ if (idx == -1)
+ return -1;
+ pt = X509_PURPOSE_get0(idx);
+ return pt->check_purpose(pt, x, ca);
+}
+
+int X509_PURPOSE_set(int *p, int purpose)
+{
+ if (X509_PURPOSE_get_by_id(purpose) == -1) {
+ X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
+ return 0;
+ }
+ *p = purpose;
+ return 1;
+}
+
+int X509_PURPOSE_get_count(void)
+{
+ if (!xptable)
+ return X509_PURPOSE_COUNT;
+ return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
+}
+
+X509_PURPOSE *X509_PURPOSE_get0(int idx)
+{
+ if (idx < 0)
+ return NULL;
+ if (idx < (int)X509_PURPOSE_COUNT)
+ return xstandard + idx;
+ return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
+}
+
+int X509_PURPOSE_get_by_sname(char *sname)
+{
+ int i;
+ X509_PURPOSE *xptmp;
+ for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+ xptmp = X509_PURPOSE_get0(i);
+ if (!strcmp(xptmp->sname, sname))
+ return i;
+ }
+ return -1;
+}
+
+int X509_PURPOSE_get_by_id(int purpose)
+{
+ X509_PURPOSE tmp;
+ int idx;
+ if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
+ return purpose - X509_PURPOSE_MIN;
+ tmp.purpose = purpose;
+ if (!xptable)
+ return -1;
+ idx = sk_X509_PURPOSE_find(xptable, &tmp);
+ if (idx == -1)
+ return -1;
+ return idx + X509_PURPOSE_COUNT;
+}
+
+int X509_PURPOSE_add(int id, int trust, int flags,
+ int (*ck) (const X509_PURPOSE *, const X509 *, int),
+ char *name, char *sname, void *arg)
+{
+ int idx;
+ X509_PURPOSE *ptmp;
+ /*
+ * This is set according to what we change: application can't set it
+ */
+ flags &= ~X509_PURPOSE_DYNAMIC;
+ /* This will always be set for application modified trust entries */
+ flags |= X509_PURPOSE_DYNAMIC_NAME;
+ /* Get existing entry if any */
+ idx = X509_PURPOSE_get_by_id(id);
+ /* Need a new entry */
+ if (idx == -1) {
+ if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ptmp->flags = X509_PURPOSE_DYNAMIC;
+ } else
+ ptmp = X509_PURPOSE_get0(idx);
+
+ /* OPENSSL_free existing name if dynamic */
+ if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
+ OPENSSL_free(ptmp->name);
+ OPENSSL_free(ptmp->sname);
+ }
+ /* dup supplied name */
+ ptmp->name = BUF_strdup(name);
+ ptmp->sname = BUF_strdup(sname);
+ if (!ptmp->name || !ptmp->sname) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ /* Keep the dynamic flag of existing entry */
+ ptmp->flags &= X509_PURPOSE_DYNAMIC;
+ /* Set all other flags */
+ ptmp->flags |= flags;
+
+ ptmp->purpose = id;
+ ptmp->trust = trust;
+ ptmp->check_purpose = ck;
+ ptmp->usr_data = arg;
+
+ /* If its a new entry manage the dynamic table */
+ if (idx == -1) {
+ if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
+ X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static void xptable_free(X509_PURPOSE *p)
+{
+ if (!p)
+ return;
+ if (p->flags & X509_PURPOSE_DYNAMIC) {
+ if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
+ OPENSSL_free(p->name);
+ OPENSSL_free(p->sname);
+ }
+ OPENSSL_free(p);
+ }
+}
+
+void X509_PURPOSE_cleanup(void)
+{
+ unsigned int i;
+ sk_X509_PURPOSE_pop_free(xptable, xptable_free);
+ for (i = 0; i < X509_PURPOSE_COUNT; i++)
+ xptable_free(xstandard + i);
+ xptable = NULL;
+}
+
+int X509_PURPOSE_get_id(X509_PURPOSE *xp)
+{
+ return xp->purpose;
+}
+
+char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
+{
+ return xp->name;
+}
+
+char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
+{
+ return xp->sname;
+}
+
+int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
+{
+ return xp->trust;
+}
+
+static int nid_cmp(int *a, int *b)
+{
+ return *a - *b;
+}
+
+int X509_supported_extension(X509_EXTENSION *ex)
+{
+ /*
+ * This table is a list of the NIDs of supported extensions: that is
+ * those which are used by the verify process. If an extension is
+ * critical and doesn't appear in this list then the verify process will
+ * normally reject the certificate. The list must be kept in numerical
+ * order because it will be searched using bsearch.
+ */
+
+ static int supported_nids[] = {
+ NID_netscape_cert_type, /* 71 */
+ NID_key_usage, /* 83 */
+ NID_subject_alt_name, /* 85 */
+ NID_basic_constraints, /* 87 */
+ NID_certificate_policies, /* 89 */
+ NID_ext_key_usage, /* 126 */
+#ifndef OPENSSL_NO_RFC3779
+ NID_sbgp_ipAddrBlock, /* 290 */
+ NID_sbgp_autonomousSysNum, /* 291 */
+#endif
+ NID_policy_constraints, /* 401 */
+ NID_proxyCertInfo, /* 661 */
+ NID_inhibit_any_policy /* 748 */
+ };
+
+ int ex_nid;
+
+ ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+
+ if (ex_nid == NID_undef)
+ return 0;
+
+ if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
+ sizeof(supported_nids) / sizeof(int), sizeof(int),
+ (int (*)(const void *, const void *))nid_cmp))
+ return 1;
+ return 0;
+}
+
+static void x509v3_cache_extensions(X509 *x)
+{
+ BASIC_CONSTRAINTS *bs;
+ PROXY_CERT_INFO_EXTENSION *pci;
+ ASN1_BIT_STRING *usage;
+ ASN1_BIT_STRING *ns;
+ EXTENDED_KEY_USAGE *extusage;
+ X509_EXTENSION *ex;
+
+ int i;
+ if (x->ex_flags & EXFLAG_SET)
+ return;
+#ifndef OPENSSL_NO_SHA
+ X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
+#endif
+ /* Does subject name match issuer ? */
+ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
+ x->ex_flags |= EXFLAG_SI;
+ /* V1 should mean no extensions ... */
+ if (!X509_get_version(x))
+ x->ex_flags |= EXFLAG_V1;
+ /* Handle basic constraints */
+ if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
+ if (bs->ca)
+ x->ex_flags |= EXFLAG_CA;
+ if (bs->pathlen) {
+ if ((bs->pathlen->type == V_ASN1_NEG_INTEGER)
+ || !bs->ca) {
+ x->ex_flags |= EXFLAG_INVALID;
+ x->ex_pathlen = 0;
+ } else
+ x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
+ } else
+ x->ex_pathlen = -1;
+ BASIC_CONSTRAINTS_free(bs);
+ x->ex_flags |= EXFLAG_BCONS;
+ }
+ /* Handle proxy certificates */
+ if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
+ if (x->ex_flags & EXFLAG_CA
+ || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
+ || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
+ x->ex_flags |= EXFLAG_INVALID;
+ }
+ if (pci->pcPathLengthConstraint) {
+ x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint);
+ } else
+ x->ex_pcpathlen = -1;
+ PROXY_CERT_INFO_EXTENSION_free(pci);
+ x->ex_flags |= EXFLAG_PROXY;
+ }
+ /* Handle key usage */
+ if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
+ if (usage->length > 0) {
+ x->ex_kusage = usage->data[0];
+ if (usage->length > 1)
+ x->ex_kusage |= usage->data[1] << 8;
+ } else
+ x->ex_kusage = 0;
+ x->ex_flags |= EXFLAG_KUSAGE;
+ ASN1_BIT_STRING_free(usage);
+ }
+ x->ex_xkusage = 0;
+ if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
+ x->ex_flags |= EXFLAG_XKUSAGE;
+ for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
+ switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
+ case NID_server_auth:
+ x->ex_xkusage |= XKU_SSL_SERVER;
+ break;
+
+ case NID_client_auth:
+ x->ex_xkusage |= XKU_SSL_CLIENT;
+ break;
+
+ case NID_email_protect:
+ x->ex_xkusage |= XKU_SMIME;
+ break;
+
+ case NID_code_sign:
+ x->ex_xkusage |= XKU_CODE_SIGN;
+ break;
+
+ case NID_ms_sgc:
+ case NID_ns_sgc:
+ x->ex_xkusage |= XKU_SGC;
+ break;
+
+ case NID_OCSP_sign:
+ x->ex_xkusage |= XKU_OCSP_SIGN;
+ break;
+
+ case NID_time_stamp:
+ x->ex_xkusage |= XKU_TIMESTAMP;
+ break;
+
+ case NID_dvcs:
+ x->ex_xkusage |= XKU_DVCS;
+ break;
+ }
+ }
+ sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
+ }
+
+ if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
+ if (ns->length > 0)
+ x->ex_nscert = ns->data[0];
+ else
+ x->ex_nscert = 0;
+ x->ex_flags |= EXFLAG_NSCERT;
+ ASN1_BIT_STRING_free(ns);
+ }
+ x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
+ x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+#ifndef OPENSSL_NO_RFC3779
+ x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
+ x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
+ NULL, NULL);
+#endif
+ for (i = 0; i < X509_get_ext_count(x); i++) {
+ ex = X509_get_ext(x, i);
+ if (!X509_EXTENSION_get_critical(ex))
+ continue;
+ if (!X509_supported_extension(ex)) {
+ x->ex_flags |= EXFLAG_CRITICAL;
+ break;
+ }
+ }
+ x->ex_flags |= EXFLAG_SET;
+}
+
+/*-
+ * CA checks common to all purposes
+ * return codes:
+ * 0 not a CA
+ * 1 is a CA
+ * 2 basicConstraints absent so "maybe" a CA
+ * 3 basicConstraints absent but self signed V1.
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+ */
+
+#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
+#define ku_reject(x, usage) \
+ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+#define xku_reject(x, usage) \
+ (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
+#define ns_reject(x, usage) \
+ (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
+
+static int check_ca(const X509 *x)
+{
+ /* keyUsage if present should allow cert signing */
+ if (ku_reject(x, KU_KEY_CERT_SIGN))
+ return 0;
+ if (x->ex_flags & EXFLAG_BCONS) {
+ if (x->ex_flags & EXFLAG_CA)
+ return 1;
+ /* If basicConstraints says not a CA then say so */
+ else
+ return 0;
+ } else {
+ /* we support V1 roots for... uh, I don't really know why. */
+ if ((x->ex_flags & V1_ROOT) == V1_ROOT)
+ return 3;
+ /*
+ * If key usage present it must have certSign so tolerate it
+ */
+ else if (x->ex_flags & EXFLAG_KUSAGE)
+ return 4;
+ /* Older certificates could have Netscape-specific CA types */
+ else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA)
+ return 5;
+ /* can this still be regarded a CA certificate? I doubt it */
+ return 0;
+ }
+}
+
+int X509_check_ca(X509 *x)
+{
+ if (!(x->ex_flags & EXFLAG_SET)) {
+ CRYPTO_w_lock(CRYPTO_LOCK_X509);
+ x509v3_cache_extensions(x);
+ CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+ }
+
+ return check_ca(x);
+}
+
+/* Check SSL CA: common checks for SSL client and server */
+static int check_ssl_ca(const X509 *x)
+{
+ int ca_ret;
+ ca_ret = check_ca(x);
+ if (!ca_ret)
+ return 0;
+ /* check nsCertType if present */
+ if (ca_ret != 5 || x->ex_nscert & NS_SSL_CA)
+ return ca_ret;
+ else
+ return 0;
+}
+
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
+ int ca)
+{
+ if (xku_reject(x, XKU_SSL_CLIENT))
+ return 0;
+ if (ca)
+ return check_ssl_ca(x);
+ /* We need to do digital signatures with it */
+ if (ku_reject(x, KU_DIGITAL_SIGNATURE))
+ return 0;
+ /* nsCertType if present should allow SSL client use */
+ if (ns_reject(x, NS_SSL_CLIENT))
+ return 0;
+ return 1;
+}
+
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+ int ca)
+{
+ if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC))
+ return 0;
+ if (ca)
+ return check_ssl_ca(x);
+
+ if (ns_reject(x, NS_SSL_SERVER))
+ return 0;
+ /* Now as for keyUsage: we'll at least need to sign OR encipher */
+ if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_ENCIPHERMENT))
+ return 0;
+
+ return 1;
+
+}
+
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+ int ca)
+{
+ int ret;
+ ret = check_purpose_ssl_server(xp, x, ca);
+ if (!ret || ca)
+ return ret;
+ /* We need to encipher or Netscape complains */
+ if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+ return 0;
+ return ret;
+}
+
+/* common S/MIME checks */
+static int purpose_smime(const X509 *x, int ca)
+{
+ if (xku_reject(x, XKU_SMIME))
+ return 0;
+ if (ca) {
+ int ca_ret;
+ ca_ret = check_ca(x);
+ if (!ca_ret)
+ return 0;
+ /* check nsCertType if present */
+ if (ca_ret != 5 || x->ex_nscert & NS_SMIME_CA)
+ return ca_ret;
+ else
+ return 0;
+ }
+ if (x->ex_flags & EXFLAG_NSCERT) {
+ if (x->ex_nscert & NS_SMIME)
+ return 1;
+ /* Workaround for some buggy certificates */
+ if (x->ex_nscert & NS_SSL_CLIENT)
+ return 2;
+ return 0;
+ }
+ return 1;
+}
+
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
+ int ca)
+{
+ int ret;
+ ret = purpose_smime(x, ca);
+ if (!ret || ca)
+ return ret;
+ if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION))
+ return 0;
+ return ret;
+}
+
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
+ int ca)
+{
+ int ret;
+ ret = purpose_smime(x, ca);
+ if (!ret || ca)
+ return ret;
+ if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+ return 0;
+ return ret;
+}
+
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
+ int ca)
+{
+ if (ca) {
+ int ca_ret;
+ if ((ca_ret = check_ca(x)) != 2)
+ return ca_ret;
+ else
+ return 0;
+ }
+ if (ku_reject(x, KU_CRL_SIGN))
+ return 0;
+ return 1;
+}
+
+/*
+ * OCSP helper: this is *not* a full OCSP check. It just checks that each CA
+ * is valid. Additional checks must be made on the chain.
+ */
+
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+ /*
+ * Must be a valid CA. Should we really support the "I don't know" value
+ * (2)?
+ */
+ if (ca)
+ return check_ca(x);
+ /* leaf certificate is checked in OCSP_verify() */
+ return 1;
+}
+
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+ return 1;
+}
+
+/*-
+ * Various checks to see if one certificate issued the second.
+ * This can be used to prune a set of possible issuer certificates
+ * which have been looked up using some simple method such as by
+ * subject name.
+ * These are:
+ * 1. Check issuer_name(subject) == subject_name(issuer)
+ * 2. If akid(subject) exists check it matches issuer
+ * 3. If key_usage(issuer) exists check it supports certificate signing
+ * returns 0 for OK, positive for reason for mismatch, reasons match
+ * codes for X509_verify_cert()
+ */
+
+int X509_check_issued(X509 *issuer, X509 *subject)
+{
+ if (X509_NAME_cmp(X509_get_subject_name(issuer),
+ X509_get_issuer_name(subject)))
+ return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+ x509v3_cache_extensions(issuer);
+ x509v3_cache_extensions(subject);
+ if (subject->akid) {
+ /* Check key ids (if present) */
+ if (subject->akid->keyid && issuer->skid &&
+ ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid))
+ return X509_V_ERR_AKID_SKID_MISMATCH;
+ /* Check serial number */
+ if (subject->akid->serial &&
+ ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
+ subject->akid->serial))
+ return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+ /* Check issuer name */
+ if (subject->akid->issuer) {
+ /*
+ * Ugh, for some peculiar reason AKID includes SEQUENCE OF
+ * GeneralName. So look for a DirName. There may be more than one
+ * but we only take any notice of the first.
+ */
+ GENERAL_NAMES *gens;
+ GENERAL_NAME *gen;
+ X509_NAME *nm = NULL;
+ int i;
+ gens = subject->akid->issuer;
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+ gen = sk_GENERAL_NAME_value(gens, i);
+ if (gen->type == GEN_DIRNAME) {
+ nm = gen->d.dirn;
+ break;
+ }
+ }
+ if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
+ return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+ }
+ }
+ if (subject->ex_flags & EXFLAG_PROXY) {
+ if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
+ return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
+ } else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
+ return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
+ return X509_V_OK;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_skey.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_skey.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,144 +0,0 @@
-/* v3_skey.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/x509v3.h>
-
-static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_skey_id = {
-NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
-0,0,0,0,
-(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
-(X509V3_EXT_S2I)s2i_skey_id,
-0,0,0,0,
-NULL};
-
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
- ASN1_OCTET_STRING *oct)
-{
- return hex_to_string(oct->data, oct->length);
-}
-
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *str)
-{
- ASN1_OCTET_STRING *oct;
- long length;
-
- if(!(oct = M_ASN1_OCTET_STRING_new())) {
- X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- if(!(oct->data = string_to_hex(str, &length))) {
- M_ASN1_OCTET_STRING_free(oct);
- return NULL;
- }
-
- oct->length = length;
-
- return oct;
-
-}
-
-static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *str)
-{
- ASN1_OCTET_STRING *oct;
- ASN1_BIT_STRING *pk;
- unsigned char pkey_dig[EVP_MAX_MD_SIZE];
- unsigned int diglen;
-
- if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
-
- if(!(oct = M_ASN1_OCTET_STRING_new())) {
- X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- if(ctx && (ctx->flags == CTX_TEST)) return oct;
-
- if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
- X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
- goto err;
- }
-
- if(ctx->subject_req)
- pk = ctx->subject_req->req_info->pubkey->public_key;
- else pk = ctx->subject_cert->cert_info->key->public_key;
-
- if(!pk) {
- X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
- goto err;
- }
-
- EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
-
- if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
- X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- return oct;
-
- err:
- M_ASN1_OCTET_STRING_free(oct);
- return NULL;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_skey.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_skey.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_skey.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_skey.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,148 @@
+/* v3_skey.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, char *str);
+const X509V3_EXT_METHOD v3_skey_id = {
+ NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
+ 0, 0, 0, 0,
+ (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+ (X509V3_EXT_S2I)s2i_skey_id,
+ 0, 0, 0, 0,
+ NULL
+};
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct)
+{
+ return hex_to_string(oct->data, oct->length);
+}
+
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, char *str)
+{
+ ASN1_OCTET_STRING *oct;
+ long length;
+
+ if (!(oct = M_ASN1_OCTET_STRING_new())) {
+ X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ if (!(oct->data = string_to_hex(str, &length))) {
+ M_ASN1_OCTET_STRING_free(oct);
+ return NULL;
+ }
+
+ oct->length = length;
+
+ return oct;
+
+}
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, char *str)
+{
+ ASN1_OCTET_STRING *oct;
+ ASN1_BIT_STRING *pk;
+ unsigned char pkey_dig[EVP_MAX_MD_SIZE];
+ unsigned int diglen;
+
+ if (strcmp(str, "hash"))
+ return s2i_ASN1_OCTET_STRING(method, ctx, str);
+
+ if (!(oct = M_ASN1_OCTET_STRING_new())) {
+ X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ if (ctx && (ctx->flags == CTX_TEST))
+ return oct;
+
+ if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
+ X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
+ goto err;
+ }
+
+ if (ctx->subject_req)
+ pk = ctx->subject_req->req_info->pubkey->public_key;
+ else
+ pk = ctx->subject_cert->cert_info->key->public_key;
+
+ if (!pk) {
+ X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
+ goto err;
+ }
+
+ EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
+
+ if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+ X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ return oct;
+
+ err:
+ M_ASN1_OCTET_STRING_free(oct);
+ return NULL;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_sxnet.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_sxnet.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_sxnet.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,262 +0,0 @@
-/* v3_sxnet.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-/* Support for Thawte strong extranet extension */
-
-#define SXNET_TEST
-
-static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
-#ifdef SXNET_TEST
-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *nval);
-#endif
-const X509V3_EXT_METHOD v3_sxnet = {
-NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
-0,0,0,0,
-0,0,
-0,
-#ifdef SXNET_TEST
-(X509V3_EXT_V2I)sxnet_v2i,
-#else
-0,
-#endif
-(X509V3_EXT_I2R)sxnet_i2r,
-0,
-NULL
-};
-
-ASN1_SEQUENCE(SXNETID) = {
- ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
- ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(SXNETID)
-
-IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
-
-ASN1_SEQUENCE(SXNET) = {
- ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
- ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
-} ASN1_SEQUENCE_END(SXNET)
-
-IMPLEMENT_ASN1_FUNCTIONS(SXNET)
-
-static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
- int indent)
-{
- long v;
- char *tmp;
- SXNETID *id;
- int i;
- v = ASN1_INTEGER_get(sx->version);
- BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
- for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
- id = sk_SXNETID_value(sx->ids, i);
- tmp = i2s_ASN1_INTEGER(NULL, id->zone);
- BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
- OPENSSL_free(tmp);
- M_ASN1_OCTET_STRING_print(out, id->user);
- }
- return 1;
-}
-
-#ifdef SXNET_TEST
-
-/* NBB: this is used for testing only. It should *not* be used for anything
- * else because it will just take static IDs from the configuration file and
- * they should really be separate values for each user.
- */
-
-
-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
- STACK_OF(CONF_VALUE) *nval)
-{
- CONF_VALUE *cnf;
- SXNET *sx = NULL;
- int i;
- for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- cnf = sk_CONF_VALUE_value(nval, i);
- if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
- return NULL;
- }
- return sx;
-}
-
-
-#endif
-
-/* Strong Extranet utility functions */
-
-/* Add an id given the zone as an ASCII number */
-
-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
- int userlen)
-{
- ASN1_INTEGER *izone = NULL;
- if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
- X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
- return 0;
- }
- return SXNET_add_id_INTEGER(psx, izone, user, userlen);
-}
-
-/* Add an id given the zone as an unsigned long */
-
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
- int userlen)
-{
- ASN1_INTEGER *izone = NULL;
- if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
- X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
- M_ASN1_INTEGER_free(izone);
- return 0;
- }
- return SXNET_add_id_INTEGER(psx, izone, user, userlen);
-
-}
-
-/* Add an id given the zone as an ASN1_INTEGER.
- * Note this version uses the passed integer and doesn't make a copy so don't
- * free it up afterwards.
- */
-
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
- int userlen)
-{
- SXNET *sx = NULL;
- SXNETID *id = NULL;
- if(!psx || !zone || !user) {
- X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
- return 0;
- }
- if(userlen == -1) userlen = strlen(user);
- if(userlen > 64) {
- X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
- return 0;
- }
- if(!*psx) {
- if(!(sx = SXNET_new())) goto err;
- if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
- *psx = sx;
- } else sx = *psx;
- if(SXNET_get_id_INTEGER(sx, zone)) {
- X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
- return 0;
- }
-
- if(!(id = SXNETID_new())) goto err;
- if(userlen == -1) userlen = strlen(user);
-
- if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
- if(!sk_SXNETID_push(sx->ids, id)) goto err;
- id->zone = zone;
- return 1;
-
- err:
- X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
- SXNETID_free(id);
- SXNET_free(sx);
- *psx = NULL;
- return 0;
-}
-
-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
-{
- ASN1_INTEGER *izone = NULL;
- ASN1_OCTET_STRING *oct;
- if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
- X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
- return NULL;
- }
- oct = SXNET_get_id_INTEGER(sx, izone);
- M_ASN1_INTEGER_free(izone);
- return oct;
-}
-
-ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
-{
- ASN1_INTEGER *izone = NULL;
- ASN1_OCTET_STRING *oct;
- if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
- X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
- M_ASN1_INTEGER_free(izone);
- return NULL;
- }
- oct = SXNET_get_id_INTEGER(sx, izone);
- M_ASN1_INTEGER_free(izone);
- return oct;
-}
-
-ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
-{
- SXNETID *id;
- int i;
- for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
- id = sk_SXNETID_value(sx->ids, i);
- if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
- }
- return NULL;
-}
-
-IMPLEMENT_STACK_OF(SXNETID)
-IMPLEMENT_ASN1_SET_OF(SXNETID)
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_sxnet.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_sxnet.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_sxnet.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_sxnet.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,273 @@
+/* v3_sxnet.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+/* Support for Thawte strong extranet extension */
+
+#define SXNET_TEST
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+ int indent);
+#ifdef SXNET_TEST
+static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval);
+#endif
+const X509V3_EXT_METHOD v3_sxnet = {
+ NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
+ 0, 0, 0, 0,
+ 0, 0,
+ 0,
+#ifdef SXNET_TEST
+ (X509V3_EXT_V2I)sxnet_v2i,
+#else
+ 0,
+#endif
+ (X509V3_EXT_I2R)sxnet_i2r,
+ 0,
+ NULL
+};
+
+ASN1_SEQUENCE(SXNETID) = {
+ ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
+ ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(SXNETID)
+
+IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
+
+ASN1_SEQUENCE(SXNET) = {
+ ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
+ ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
+} ASN1_SEQUENCE_END(SXNET)
+
+IMPLEMENT_ASN1_FUNCTIONS(SXNET)
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+ int indent)
+{
+ long v;
+ char *tmp;
+ SXNETID *id;
+ int i;
+ v = ASN1_INTEGER_get(sx->version);
+ BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
+ for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+ id = sk_SXNETID_value(sx->ids, i);
+ tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+ BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
+ OPENSSL_free(tmp);
+ M_ASN1_OCTET_STRING_print(out, id->user);
+ }
+ return 1;
+}
+
+#ifdef SXNET_TEST
+
+/*
+ * NBB: this is used for testing only. It should *not* be used for anything
+ * else because it will just take static IDs from the configuration file and
+ * they should really be separate values for each user.
+ */
+
+static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval)
+{
+ CONF_VALUE *cnf;
+ SXNET *sx = NULL;
+ int i;
+ for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ cnf = sk_CONF_VALUE_value(nval, i);
+ if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
+ return NULL;
+ }
+ return sx;
+}
+
+#endif
+
+/* Strong Extranet utility functions */
+
+/* Add an id given the zone as an ASCII number */
+
+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
+{
+ ASN1_INTEGER *izone = NULL;
+ if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+ X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
+ return 0;
+ }
+ return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+}
+
+/* Add an id given the zone as an unsigned long */
+
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
+ int userlen)
+{
+ ASN1_INTEGER *izone = NULL;
+ if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+ X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
+ M_ASN1_INTEGER_free(izone);
+ return 0;
+ }
+ return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+
+}
+
+/*
+ * Add an id given the zone as an ASN1_INTEGER. Note this version uses the
+ * passed integer and doesn't make a copy so don't free it up afterwards.
+ */
+
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
+ int userlen)
+{
+ SXNET *sx = NULL;
+ SXNETID *id = NULL;
+ if (!psx || !zone || !user) {
+ X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
+ X509V3_R_INVALID_NULL_ARGUMENT);
+ return 0;
+ }
+ if (userlen == -1)
+ userlen = strlen(user);
+ if (userlen > 64) {
+ X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG);
+ return 0;
+ }
+ if (!*psx) {
+ if (!(sx = SXNET_new()))
+ goto err;
+ if (!ASN1_INTEGER_set(sx->version, 0))
+ goto err;
+ *psx = sx;
+ } else
+ sx = *psx;
+ if (SXNET_get_id_INTEGER(sx, zone)) {
+ X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID);
+ return 0;
+ }
+
+ if (!(id = SXNETID_new()))
+ goto err;
+ if (userlen == -1)
+ userlen = strlen(user);
+
+ if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen))
+ goto err;
+ if (!sk_SXNETID_push(sx->ids, id))
+ goto err;
+ id->zone = zone;
+ return 1;
+
+ err:
+ X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE);
+ SXNETID_free(id);
+ SXNET_free(sx);
+ *psx = NULL;
+ return 0;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
+{
+ ASN1_INTEGER *izone = NULL;
+ ASN1_OCTET_STRING *oct;
+ if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+ X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
+ return NULL;
+ }
+ oct = SXNET_get_id_INTEGER(sx, izone);
+ M_ASN1_INTEGER_free(izone);
+ return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
+{
+ ASN1_INTEGER *izone = NULL;
+ ASN1_OCTET_STRING *oct;
+ if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+ X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
+ M_ASN1_INTEGER_free(izone);
+ return NULL;
+ }
+ oct = SXNET_get_id_INTEGER(sx, izone);
+ M_ASN1_INTEGER_free(izone);
+ return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
+{
+ SXNETID *id;
+ int i;
+ for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+ id = sk_SXNETID_value(sx->ids, i);
+ if (!M_ASN1_INTEGER_cmp(id->zone, zone))
+ return id->user;
+ }
+ return NULL;
+}
+
+IMPLEMENT_STACK_OF(SXNETID)
+
+IMPLEMENT_ASN1_SET_OF(SXNETID)
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_utl.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3_utl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_utl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,871 +0,0 @@
-/* v3_utl.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* X509 v3 extension utilities */
-
-
-#include <stdio.h>
-#include <ctype.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-#include <openssl/bn.h>
-
-static char *strip_spaces(char *name);
-static int sk_strcmp(const char * const *a, const char * const *b);
-static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
-static void str_free(void *str);
-static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
-
-static int ipv4_from_asc(unsigned char *v4, const char *in);
-static int ipv6_from_asc(unsigned char *v6, const char *in);
-static int ipv6_cb(const char *elem, int len, void *usr);
-static int ipv6_hex(unsigned char *out, const char *in, int inlen);
-
-/* Add a CONF_VALUE name value pair to stack */
-
-int X509V3_add_value(const char *name, const char *value,
- STACK_OF(CONF_VALUE) **extlist)
-{
- CONF_VALUE *vtmp = NULL;
- char *tname = NULL, *tvalue = NULL;
- if(name && !(tname = BUF_strdup(name))) goto err;
- if(value && !(tvalue = BUF_strdup(value))) goto err;
- if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
- if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
- vtmp->section = NULL;
- vtmp->name = tname;
- vtmp->value = tvalue;
- if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
- return 1;
- err:
- X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
- if(vtmp) OPENSSL_free(vtmp);
- if(tname) OPENSSL_free(tname);
- if(tvalue) OPENSSL_free(tvalue);
- return 0;
-}
-
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
- STACK_OF(CONF_VALUE) **extlist)
- {
- return X509V3_add_value(name,(const char *)value,extlist);
- }
-
-/* Free function for STACK_OF(CONF_VALUE) */
-
-void X509V3_conf_free(CONF_VALUE *conf)
-{
- if(!conf) return;
- if(conf->name) OPENSSL_free(conf->name);
- if(conf->value) OPENSSL_free(conf->value);
- if(conf->section) OPENSSL_free(conf->section);
- OPENSSL_free(conf);
-}
-
-int X509V3_add_value_bool(const char *name, int asn1_bool,
- STACK_OF(CONF_VALUE) **extlist)
-{
- if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
- return X509V3_add_value(name, "FALSE", extlist);
-}
-
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
- STACK_OF(CONF_VALUE) **extlist)
-{
- if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
- return 1;
-}
-
-
-char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
-{
- BIGNUM *bntmp = NULL;
- char *strtmp = NULL;
- if(!a) return NULL;
- if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
- !(strtmp = BN_bn2dec(bntmp)) )
- X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
- BN_free(bntmp);
- return strtmp;
-}
-
-char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
-{
- BIGNUM *bntmp = NULL;
- char *strtmp = NULL;
- if(!a) return NULL;
- if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
- !(strtmp = BN_bn2dec(bntmp)) )
- X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
- BN_free(bntmp);
- return strtmp;
-}
-
-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
-{
- BIGNUM *bn = NULL;
- ASN1_INTEGER *aint;
- int isneg, ishex;
- int ret;
- if (!value) {
- X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
- return 0;
- }
- bn = BN_new();
- if (value[0] == '-') {
- value++;
- isneg = 1;
- } else isneg = 0;
-
- if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
- value += 2;
- ishex = 1;
- } else ishex = 0;
-
- if (ishex) ret = BN_hex2bn(&bn, value);
- else ret = BN_dec2bn(&bn, value);
-
- if (!ret || value[ret]) {
- BN_free(bn);
- X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
- return 0;
- }
-
- if (isneg && BN_is_zero(bn)) isneg = 0;
-
- aint = BN_to_ASN1_INTEGER(bn, NULL);
- BN_free(bn);
- if (!aint) {
- X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
- return 0;
- }
- if (isneg) aint->type |= V_ASN1_NEG;
- return aint;
-}
-
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
- STACK_OF(CONF_VALUE) **extlist)
-{
- char *strtmp;
- int ret;
- if(!aint) return 1;
- if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
- ret = X509V3_add_value(name, strtmp, extlist);
- OPENSSL_free(strtmp);
- return ret;
-}
-
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
-{
- char *btmp;
- if(!(btmp = value->value)) goto err;
- if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
- || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
- || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
- *asn1_bool = 0xff;
- return 1;
- } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
- || !strcmp(btmp, "N") || !strcmp(btmp, "n")
- || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
- *asn1_bool = 0;
- return 1;
- }
- err:
- X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
- X509V3_conf_err(value);
- return 0;
-}
-
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
-{
- ASN1_INTEGER *itmp;
- if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
- X509V3_conf_err(value);
- return 0;
- }
- *aint = itmp;
- return 1;
-}
-
-#define HDR_NAME 1
-#define HDR_VALUE 2
-
-/*#define DEBUG*/
-
-STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
-{
- char *p, *q, c;
- char *ntmp, *vtmp;
- STACK_OF(CONF_VALUE) *values = NULL;
- char *linebuf;
- int state;
- /* We are going to modify the line so copy it first */
- linebuf = BUF_strdup(line);
- state = HDR_NAME;
- ntmp = NULL;
- /* Go through all characters */
- for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
-
- switch(state) {
- case HDR_NAME:
- if(c == ':') {
- state = HDR_VALUE;
- *p = 0;
- ntmp = strip_spaces(q);
- if(!ntmp) {
- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
- goto err;
- }
- q = p + 1;
- } else if(c == ',') {
- *p = 0;
- ntmp = strip_spaces(q);
- q = p + 1;
-#if 0
- printf("%s\n", ntmp);
-#endif
- if(!ntmp) {
- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
- goto err;
- }
- X509V3_add_value(ntmp, NULL, &values);
- }
- break ;
-
- case HDR_VALUE:
- if(c == ',') {
- state = HDR_NAME;
- *p = 0;
- vtmp = strip_spaces(q);
-#if 0
- printf("%s\n", ntmp);
-#endif
- if(!vtmp) {
- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
- goto err;
- }
- X509V3_add_value(ntmp, vtmp, &values);
- ntmp = NULL;
- q = p + 1;
- }
-
- }
- }
-
- if(state == HDR_VALUE) {
- vtmp = strip_spaces(q);
-#if 0
- printf("%s=%s\n", ntmp, vtmp);
-#endif
- if(!vtmp) {
- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
- goto err;
- }
- X509V3_add_value(ntmp, vtmp, &values);
- } else {
- ntmp = strip_spaces(q);
-#if 0
- printf("%s\n", ntmp);
-#endif
- if(!ntmp) {
- X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
- goto err;
- }
- X509V3_add_value(ntmp, NULL, &values);
- }
-OPENSSL_free(linebuf);
-return values;
-
-err:
-OPENSSL_free(linebuf);
-sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
-return NULL;
-
-}
-
-/* Delete leading and trailing spaces from a string */
-static char *strip_spaces(char *name)
-{
- char *p, *q;
- /* Skip over leading spaces */
- p = name;
- while(*p && isspace((unsigned char)*p)) p++;
- if(!*p) return NULL;
- q = p + strlen(p) - 1;
- while((q != p) && isspace((unsigned char)*q)) q--;
- if(p != q) q[1] = 0;
- if(!*p) return NULL;
- return p;
-}
-
-/* hex string utilities */
-
-/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
- * hex representation
- * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
- */
-
-char *hex_to_string(unsigned char *buffer, long len)
-{
- char *tmp, *q;
- unsigned char *p;
- int i;
- const static char hexdig[] = "0123456789ABCDEF";
- if(!buffer || !len) return NULL;
- if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
- X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- q = tmp;
- for(i = 0, p = buffer; i < len; i++,p++) {
- *q++ = hexdig[(*p >> 4) & 0xf];
- *q++ = hexdig[*p & 0xf];
- *q++ = ':';
- }
- q[-1] = 0;
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(tmp, tmp, q - tmp - 1);
-#endif
-
- return tmp;
-}
-
-/* Give a string of hex digits convert to
- * a buffer
- */
-
-unsigned char *string_to_hex(char *str, long *len)
-{
- unsigned char *hexbuf, *q;
- unsigned char ch, cl, *p;
- if(!str) {
- X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
- return NULL;
- }
- if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
- for(p = (unsigned char *)str, q = hexbuf; *p;) {
- ch = *p++;
-#ifdef CHARSET_EBCDIC
- ch = os_toebcdic[ch];
-#endif
- if(ch == ':') continue;
- cl = *p++;
-#ifdef CHARSET_EBCDIC
- cl = os_toebcdic[cl];
-#endif
- if(!cl) {
- X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
- OPENSSL_free(hexbuf);
- return NULL;
- }
- if(isupper(ch)) ch = tolower(ch);
- if(isupper(cl)) cl = tolower(cl);
-
- if((ch >= '0') && (ch <= '9')) ch -= '0';
- else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
- else goto badhex;
-
- if((cl >= '0') && (cl <= '9')) cl -= '0';
- else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
- else goto badhex;
-
- *q++ = (ch << 4) | cl;
- }
-
- if(len) *len = q - hexbuf;
-
- return hexbuf;
-
- err:
- if(hexbuf) OPENSSL_free(hexbuf);
- X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
- return NULL;
-
- badhex:
- OPENSSL_free(hexbuf);
- X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
- return NULL;
-
-}
-
-/* V2I name comparison function: returns zero if 'name' matches
- * cmp or cmp.*
- */
-
-int name_cmp(const char *name, const char *cmp)
-{
- int len, ret;
- char c;
- len = strlen(cmp);
- if((ret = strncmp(name, cmp, len))) return ret;
- c = name[len];
- if(!c || (c=='.')) return 0;
- return 1;
-}
-
-static int sk_strcmp(const char * const *a, const char * const *b)
-{
- return strcmp(*a, *b);
-}
-
-STACK *X509_get1_email(X509 *x)
-{
- GENERAL_NAMES *gens;
- STACK *ret;
- gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
- ret = get_email(X509_get_subject_name(x), gens);
- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
- return ret;
-}
-
-STACK *X509_get1_ocsp(X509 *x)
-{
- AUTHORITY_INFO_ACCESS *info;
- STACK *ret = NULL;
- int i;
- info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
- if (!info)
- return NULL;
- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++)
- {
- ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
- if (OBJ_obj2nid(ad->method) == NID_ad_OCSP)
- {
- if (ad->location->type == GEN_URI)
- {
- if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier))
- break;
- }
- }
- }
- AUTHORITY_INFO_ACCESS_free(info);
- return ret;
-}
-
-STACK *X509_REQ_get1_email(X509_REQ *x)
-{
- GENERAL_NAMES *gens;
- STACK_OF(X509_EXTENSION) *exts;
- STACK *ret;
- exts = X509_REQ_get_extensions(x);
- gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
- ret = get_email(X509_REQ_get_subject_name(x), gens);
- sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
- return ret;
-}
-
-
-static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
-{
- STACK *ret = NULL;
- X509_NAME_ENTRY *ne;
- ASN1_IA5STRING *email;
- GENERAL_NAME *gen;
- int i;
- /* Now add any email address(es) to STACK */
- i = -1;
- /* First supplied X509_NAME */
- while((i = X509_NAME_get_index_by_NID(name,
- NID_pkcs9_emailAddress, i)) >= 0) {
- ne = X509_NAME_get_entry(name, i);
- email = X509_NAME_ENTRY_get_data(ne);
- if(!append_ia5(&ret, email)) return NULL;
- }
- for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
- {
- gen = sk_GENERAL_NAME_value(gens, i);
- if(gen->type != GEN_EMAIL) continue;
- if(!append_ia5(&ret, gen->d.ia5)) return NULL;
- }
- return ret;
-}
-
-static void str_free(void *str)
-{
- OPENSSL_free(str);
-}
-
-static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
-{
- char *emtmp;
- /* First some sanity checks */
- if(email->type != V_ASN1_IA5STRING) return 1;
- if(!email->data || !email->length) return 1;
- if(!*sk) *sk = sk_new(sk_strcmp);
- if(!*sk) return 0;
- /* Don't add duplicates */
- if(sk_find(*sk, (char *)email->data) != -1) return 1;
- emtmp = BUF_strdup((char *)email->data);
- if(!emtmp || !sk_push(*sk, emtmp)) {
- X509_email_free(*sk);
- *sk = NULL;
- return 0;
- }
- return 1;
-}
-
-void X509_email_free(STACK *sk)
-{
- sk_pop_free(sk, str_free);
-}
-
-/* Convert IP addresses both IPv4 and IPv6 into an
- * OCTET STRING compatible with RFC3280.
- */
-
-ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
- {
- unsigned char ipout[16];
- ASN1_OCTET_STRING *ret;
- int iplen;
-
- /* If string contains a ':' assume IPv6 */
-
- iplen = a2i_ipadd(ipout, ipasc);
-
- if (!iplen)
- return NULL;
-
- ret = ASN1_OCTET_STRING_new();
- if (!ret)
- return NULL;
- if (!ASN1_OCTET_STRING_set(ret, ipout, iplen))
- {
- ASN1_OCTET_STRING_free(ret);
- return NULL;
- }
- return ret;
- }
-
-ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
- {
- ASN1_OCTET_STRING *ret = NULL;
- unsigned char ipout[32];
- char *iptmp = NULL, *p;
- int iplen1, iplen2;
- p = strchr(ipasc,'/');
- if (!p)
- return NULL;
- iptmp = BUF_strdup(ipasc);
- if (!iptmp)
- return NULL;
- p = iptmp + (p - ipasc);
- *p++ = 0;
-
- iplen1 = a2i_ipadd(ipout, iptmp);
-
- if (!iplen1)
- goto err;
-
- iplen2 = a2i_ipadd(ipout + iplen1, p);
-
- OPENSSL_free(iptmp);
- iptmp = NULL;
-
- if (!iplen2 || (iplen1 != iplen2))
- goto err;
-
- ret = ASN1_OCTET_STRING_new();
- if (!ret)
- goto err;
- if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
- goto err;
-
- return ret;
-
- err:
- if (iptmp)
- OPENSSL_free(iptmp);
- if (ret)
- ASN1_OCTET_STRING_free(ret);
- return NULL;
- }
-
-
-int a2i_ipadd(unsigned char *ipout, const char *ipasc)
- {
- /* If string contains a ':' assume IPv6 */
-
- if (strchr(ipasc, ':'))
- {
- if (!ipv6_from_asc(ipout, ipasc))
- return 0;
- return 16;
- }
- else
- {
- if (!ipv4_from_asc(ipout, ipasc))
- return 0;
- return 4;
- }
- }
-
-static int ipv4_from_asc(unsigned char *v4, const char *in)
- {
- int a0, a1, a2, a3;
- if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
- return 0;
- if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
- || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
- return 0;
- v4[0] = a0;
- v4[1] = a1;
- v4[2] = a2;
- v4[3] = a3;
- return 1;
- }
-
-typedef struct {
- /* Temporary store for IPV6 output */
- unsigned char tmp[16];
- /* Total number of bytes in tmp */
- int total;
- /* The position of a zero (corresponding to '::') */
- int zero_pos;
- /* Number of zeroes */
- int zero_cnt;
- } IPV6_STAT;
-
-
-static int ipv6_from_asc(unsigned char *v6, const char *in)
- {
- IPV6_STAT v6stat;
- v6stat.total = 0;
- v6stat.zero_pos = -1;
- v6stat.zero_cnt = 0;
- /* Treat the IPv6 representation as a list of values
- * separated by ':'. The presence of a '::' will parse
- * as one, two or three zero length elements.
- */
- if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
- return 0;
-
- /* Now for some sanity checks */
-
- if (v6stat.zero_pos == -1)
- {
- /* If no '::' must have exactly 16 bytes */
- if (v6stat.total != 16)
- return 0;
- }
- else
- {
- /* If '::' must have less than 16 bytes */
- if (v6stat.total == 16)
- return 0;
- /* More than three zeroes is an error */
- if (v6stat.zero_cnt > 3)
- return 0;
- /* Can only have three zeroes if nothing else present */
- else if (v6stat.zero_cnt == 3)
- {
- if (v6stat.total > 0)
- return 0;
- }
- /* Can only have two zeroes if at start or end */
- else if (v6stat.zero_cnt == 2)
- {
- if ((v6stat.zero_pos != 0)
- && (v6stat.zero_pos != v6stat.total))
- return 0;
- }
- else
- /* Can only have one zero if *not* start or end */
- {
- if ((v6stat.zero_pos == 0)
- || (v6stat.zero_pos == v6stat.total))
- return 0;
- }
- }
-
- /* Format result */
-
- if (v6stat.zero_pos >= 0)
- {
- /* Copy initial part */
- memcpy(v6, v6stat.tmp, v6stat.zero_pos);
- /* Zero middle */
- memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
- /* Copy final part */
- if (v6stat.total != v6stat.zero_pos)
- memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
- v6stat.tmp + v6stat.zero_pos,
- v6stat.total - v6stat.zero_pos);
- }
- else
- memcpy(v6, v6stat.tmp, 16);
-
- return 1;
- }
-
-static int ipv6_cb(const char *elem, int len, void *usr)
- {
- IPV6_STAT *s = usr;
- /* Error if 16 bytes written */
- if (s->total == 16)
- return 0;
- if (len == 0)
- {
- /* Zero length element, corresponds to '::' */
- if (s->zero_pos == -1)
- s->zero_pos = s->total;
- /* If we've already got a :: its an error */
- else if (s->zero_pos != s->total)
- return 0;
- s->zero_cnt++;
- }
- else
- {
- /* If more than 4 characters could be final a.b.c.d form */
- if (len > 4)
- {
- /* Need at least 4 bytes left */
- if (s->total > 12)
- return 0;
- /* Must be end of string */
- if (elem[len])
- return 0;
- if (!ipv4_from_asc(s->tmp + s->total, elem))
- return 0;
- s->total += 4;
- }
- else
- {
- if (!ipv6_hex(s->tmp + s->total, elem, len))
- return 0;
- s->total += 2;
- }
- }
- return 1;
- }
-
-/* Convert a string of up to 4 hex digits into the corresponding
- * IPv6 form.
- */
-
-static int ipv6_hex(unsigned char *out, const char *in, int inlen)
- {
- unsigned char c;
- unsigned int num = 0;
- if (inlen > 4)
- return 0;
- while(inlen--)
- {
- c = *in++;
- num <<= 4;
- if ((c >= '0') && (c <= '9'))
- num |= c - '0';
- else if ((c >= 'A') && (c <= 'F'))
- num |= c - 'A' + 10;
- else if ((c >= 'a') && (c <= 'f'))
- num |= c - 'a' + 10;
- else
- return 0;
- }
- out[0] = num >> 8;
- out[1] = num & 0xff;
- return 1;
- }
-
-
-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
- unsigned long chtype)
- {
- CONF_VALUE *v;
- int i, mval;
- char *p, *type;
- if (!nm)
- return 0;
-
- for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
- {
- v=sk_CONF_VALUE_value(dn_sk,i);
- type=v->name;
- /* Skip past any leading X. X: X, etc to allow for
- * multiple instances
- */
- for(p = type; *p ; p++)
-#ifndef CHARSET_EBCDIC
- if ((*p == ':') || (*p == ',') || (*p == '.'))
-#else
- if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.']))
-#endif
- {
- p++;
- if(*p) type = p;
- break;
- }
-#ifndef CHARSET_EBCDIC
- if (*type == '+')
-#else
- if (*type == os_toascii['+'])
-#endif
- {
- mval = -1;
- type++;
- }
- else
- mval = 0;
- if (!X509_NAME_add_entry_by_txt(nm,type, chtype,
- (unsigned char *) v->value,-1,-1,mval))
- return 0;
-
- }
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_utl.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3_utl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_utl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3_utl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,910 @@
+/* v3_utl.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include <openssl/bn.h>
+
+static char *strip_spaces(char *name);
+static int sk_strcmp(const char *const *a, const char *const *b);
+static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
+static void str_free(void *str);
+static int append_ia5(STACK ** sk, ASN1_IA5STRING *email);
+
+static int ipv4_from_asc(unsigned char *v4, const char *in);
+static int ipv6_from_asc(unsigned char *v6, const char *in);
+static int ipv6_cb(const char *elem, int len, void *usr);
+static int ipv6_hex(unsigned char *out, const char *in, int inlen);
+
+/* Add a CONF_VALUE name value pair to stack */
+
+int X509V3_add_value(const char *name, const char *value,
+ STACK_OF(CONF_VALUE) **extlist)
+{
+ CONF_VALUE *vtmp = NULL;
+ char *tname = NULL, *tvalue = NULL;
+ if (name && !(tname = BUF_strdup(name)))
+ goto err;
+ if (value && !(tvalue = BUF_strdup(value)))
+ goto err;
+ if (!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))
+ goto err;
+ if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null()))
+ goto err;
+ vtmp->section = NULL;
+ vtmp->name = tname;
+ vtmp->value = tvalue;
+ if (!sk_CONF_VALUE_push(*extlist, vtmp))
+ goto err;
+ return 1;
+ err:
+ X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
+ if (vtmp)
+ OPENSSL_free(vtmp);
+ if (tname)
+ OPENSSL_free(tname);
+ if (tvalue)
+ OPENSSL_free(tvalue);
+ return 0;
+}
+
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+ STACK_OF(CONF_VALUE) **extlist)
+{
+ return X509V3_add_value(name, (const char *)value, extlist);
+}
+
+/* Free function for STACK_OF(CONF_VALUE) */
+
+void X509V3_conf_free(CONF_VALUE *conf)
+{
+ if (!conf)
+ return;
+ if (conf->name)
+ OPENSSL_free(conf->name);
+ if (conf->value)
+ OPENSSL_free(conf->value);
+ if (conf->section)
+ OPENSSL_free(conf->section);
+ OPENSSL_free(conf);
+}
+
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+ STACK_OF(CONF_VALUE) **extlist)
+{
+ if (asn1_bool)
+ return X509V3_add_value(name, "TRUE", extlist);
+ return X509V3_add_value(name, "FALSE", extlist);
+}
+
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+ STACK_OF(CONF_VALUE) **extlist)
+{
+ if (asn1_bool)
+ return X509V3_add_value(name, "TRUE", extlist);
+ return 1;
+}
+
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
+{
+ BIGNUM *bntmp = NULL;
+ char *strtmp = NULL;
+ if (!a)
+ return NULL;
+ if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
+ !(strtmp = BN_bn2dec(bntmp)))
+ X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
+ BN_free(bntmp);
+ return strtmp;
+}
+
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
+{
+ BIGNUM *bntmp = NULL;
+ char *strtmp = NULL;
+ if (!a)
+ return NULL;
+ if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
+ !(strtmp = BN_bn2dec(bntmp)))
+ X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+ BN_free(bntmp);
+ return strtmp;
+}
+
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
+{
+ BIGNUM *bn = NULL;
+ ASN1_INTEGER *aint;
+ int isneg, ishex;
+ int ret;
+ if (!value) {
+ X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE);
+ return 0;
+ }
+ bn = BN_new();
+ if (value[0] == '-') {
+ value++;
+ isneg = 1;
+ } else
+ isneg = 0;
+
+ if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
+ value += 2;
+ ishex = 1;
+ } else
+ ishex = 0;
+
+ if (ishex)
+ ret = BN_hex2bn(&bn, value);
+ else
+ ret = BN_dec2bn(&bn, value);
+
+ if (!ret || value[ret]) {
+ BN_free(bn);
+ X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR);
+ return 0;
+ }
+
+ if (isneg && BN_is_zero(bn))
+ isneg = 0;
+
+ aint = BN_to_ASN1_INTEGER(bn, NULL);
+ BN_free(bn);
+ if (!aint) {
+ X509V3err(X509V3_F_S2I_ASN1_INTEGER,
+ X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+ return 0;
+ }
+ if (isneg)
+ aint->type |= V_ASN1_NEG;
+ return aint;
+}
+
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+ STACK_OF(CONF_VALUE) **extlist)
+{
+ char *strtmp;
+ int ret;
+ if (!aint)
+ return 1;
+ if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint)))
+ return 0;
+ ret = X509V3_add_value(name, strtmp, extlist);
+ OPENSSL_free(strtmp);
+ return ret;
+}
+
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
+{
+ char *btmp;
+ if (!(btmp = value->value))
+ goto err;
+ if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
+ || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
+ || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
+ *asn1_bool = 0xff;
+ return 1;
+ } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
+ || !strcmp(btmp, "N") || !strcmp(btmp, "n")
+ || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
+ *asn1_bool = 0;
+ return 1;
+ }
+ err:
+ X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,
+ X509V3_R_INVALID_BOOLEAN_STRING);
+ X509V3_conf_err(value);
+ return 0;
+}
+
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
+{
+ ASN1_INTEGER *itmp;
+ if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
+ X509V3_conf_err(value);
+ return 0;
+ }
+ *aint = itmp;
+ return 1;
+}
+
+#define HDR_NAME 1
+#define HDR_VALUE 2
+
+/*
+ * #define DEBUG
+ */
+
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
+{
+ char *p, *q, c;
+ char *ntmp, *vtmp;
+ STACK_OF(CONF_VALUE) *values = NULL;
+ char *linebuf;
+ int state;
+ /* We are going to modify the line so copy it first */
+ linebuf = BUF_strdup(line);
+ state = HDR_NAME;
+ ntmp = NULL;
+ /* Go through all characters */
+ for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n');
+ p++) {
+
+ switch (state) {
+ case HDR_NAME:
+ if (c == ':') {
+ state = HDR_VALUE;
+ *p = 0;
+ ntmp = strip_spaces(q);
+ if (!ntmp) {
+ X509V3err(X509V3_F_X509V3_PARSE_LIST,
+ X509V3_R_INVALID_NULL_NAME);
+ goto err;
+ }
+ q = p + 1;
+ } else if (c == ',') {
+ *p = 0;
+ ntmp = strip_spaces(q);
+ q = p + 1;
+#if 0
+ printf("%s\n", ntmp);
+#endif
+ if (!ntmp) {
+ X509V3err(X509V3_F_X509V3_PARSE_LIST,
+ X509V3_R_INVALID_NULL_NAME);
+ goto err;
+ }
+ X509V3_add_value(ntmp, NULL, &values);
+ }
+ break;
+
+ case HDR_VALUE:
+ if (c == ',') {
+ state = HDR_NAME;
+ *p = 0;
+ vtmp = strip_spaces(q);
+#if 0
+ printf("%s\n", ntmp);
+#endif
+ if (!vtmp) {
+ X509V3err(X509V3_F_X509V3_PARSE_LIST,
+ X509V3_R_INVALID_NULL_VALUE);
+ goto err;
+ }
+ X509V3_add_value(ntmp, vtmp, &values);
+ ntmp = NULL;
+ q = p + 1;
+ }
+
+ }
+ }
+
+ if (state == HDR_VALUE) {
+ vtmp = strip_spaces(q);
+#if 0
+ printf("%s=%s\n", ntmp, vtmp);
+#endif
+ if (!vtmp) {
+ X509V3err(X509V3_F_X509V3_PARSE_LIST,
+ X509V3_R_INVALID_NULL_VALUE);
+ goto err;
+ }
+ X509V3_add_value(ntmp, vtmp, &values);
+ } else {
+ ntmp = strip_spaces(q);
+#if 0
+ printf("%s\n", ntmp);
+#endif
+ if (!ntmp) {
+ X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+ goto err;
+ }
+ X509V3_add_value(ntmp, NULL, &values);
+ }
+ OPENSSL_free(linebuf);
+ return values;
+
+ err:
+ OPENSSL_free(linebuf);
+ sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
+ return NULL;
+
+}
+
+/* Delete leading and trailing spaces from a string */
+static char *strip_spaces(char *name)
+{
+ char *p, *q;
+ /* Skip over leading spaces */
+ p = name;
+ while (*p && isspace((unsigned char)*p))
+ p++;
+ if (!*p)
+ return NULL;
+ q = p + strlen(p) - 1;
+ while ((q != p) && isspace((unsigned char)*q))
+ q--;
+ if (p != q)
+ q[1] = 0;
+ if (!*p)
+ return NULL;
+ return p;
+}
+
+/* hex string utilities */
+
+/*
+ * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
+ * hex representation @@@ (Contents of buffer are always kept in ASCII, also
+ * on EBCDIC machines)
+ */
+
+char *hex_to_string(unsigned char *buffer, long len)
+{
+ char *tmp, *q;
+ unsigned char *p;
+ int i;
+ const static char hexdig[] = "0123456789ABCDEF";
+ if (!buffer || !len)
+ return NULL;
+ if (!(tmp = OPENSSL_malloc(len * 3 + 1))) {
+ X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ q = tmp;
+ for (i = 0, p = buffer; i < len; i++, p++) {
+ *q++ = hexdig[(*p >> 4) & 0xf];
+ *q++ = hexdig[*p & 0xf];
+ *q++ = ':';
+ }
+ q[-1] = 0;
+#ifdef CHARSET_EBCDIC
+ ebcdic2ascii(tmp, tmp, q - tmp - 1);
+#endif
+
+ return tmp;
+}
+
+/*
+ * Give a string of hex digits convert to a buffer
+ */
+
+unsigned char *string_to_hex(char *str, long *len)
+{
+ unsigned char *hexbuf, *q;
+ unsigned char ch, cl, *p;
+ if (!str) {
+ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_INVALID_NULL_ARGUMENT);
+ return NULL;
+ }
+ if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1)))
+ goto err;
+ for (p = (unsigned char *)str, q = hexbuf; *p;) {
+ ch = *p++;
+#ifdef CHARSET_EBCDIC
+ ch = os_toebcdic[ch];
+#endif
+ if (ch == ':')
+ continue;
+ cl = *p++;
+#ifdef CHARSET_EBCDIC
+ cl = os_toebcdic[cl];
+#endif
+ if (!cl) {
+ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ODD_NUMBER_OF_DIGITS);
+ OPENSSL_free(hexbuf);
+ return NULL;
+ }
+ if (isupper(ch))
+ ch = tolower(ch);
+ if (isupper(cl))
+ cl = tolower(cl);
+
+ if ((ch >= '0') && (ch <= '9'))
+ ch -= '0';
+ else if ((ch >= 'a') && (ch <= 'f'))
+ ch -= 'a' - 10;
+ else
+ goto badhex;
+
+ if ((cl >= '0') && (cl <= '9'))
+ cl -= '0';
+ else if ((cl >= 'a') && (cl <= 'f'))
+ cl -= 'a' - 10;
+ else
+ goto badhex;
+
+ *q++ = (ch << 4) | cl;
+ }
+
+ if (len)
+ *len = q - hexbuf;
+
+ return hexbuf;
+
+ err:
+ if (hexbuf)
+ OPENSSL_free(hexbuf);
+ X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE);
+ return NULL;
+
+ badhex:
+ OPENSSL_free(hexbuf);
+ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT);
+ return NULL;
+
+}
+
+/*
+ * V2I name comparison function: returns zero if 'name' matches cmp or cmp.*
+ */
+
+int name_cmp(const char *name, const char *cmp)
+{
+ int len, ret;
+ char c;
+ len = strlen(cmp);
+ if ((ret = strncmp(name, cmp, len)))
+ return ret;
+ c = name[len];
+ if (!c || (c == '.'))
+ return 0;
+ return 1;
+}
+
+static int sk_strcmp(const char *const *a, const char *const *b)
+{
+ return strcmp(*a, *b);
+}
+
+STACK *X509_get1_email(X509 *x)
+{
+ GENERAL_NAMES *gens;
+ STACK *ret;
+ gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+ ret = get_email(X509_get_subject_name(x), gens);
+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+ return ret;
+}
+
+STACK *X509_get1_ocsp(X509 *x)
+{
+ AUTHORITY_INFO_ACCESS *info;
+ STACK *ret = NULL;
+ int i;
+ info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
+ if (!info)
+ return NULL;
+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
+ ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
+ if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) {
+ if (ad->location->type == GEN_URI) {
+ if (!append_ia5
+ (&ret, ad->location->d.uniformResourceIdentifier))
+ break;
+ }
+ }
+ }
+ AUTHORITY_INFO_ACCESS_free(info);
+ return ret;
+}
+
+STACK *X509_REQ_get1_email(X509_REQ *x)
+{
+ GENERAL_NAMES *gens;
+ STACK_OF(X509_EXTENSION) *exts;
+ STACK *ret;
+ exts = X509_REQ_get_extensions(x);
+ gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
+ ret = get_email(X509_REQ_get_subject_name(x), gens);
+ sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+ return ret;
+}
+
+static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
+{
+ STACK *ret = NULL;
+ X509_NAME_ENTRY *ne;
+ ASN1_IA5STRING *email;
+ GENERAL_NAME *gen;
+ int i;
+ /* Now add any email address(es) to STACK */
+ i = -1;
+ /* First supplied X509_NAME */
+ while ((i = X509_NAME_get_index_by_NID(name,
+ NID_pkcs9_emailAddress, i)) >= 0) {
+ ne = X509_NAME_get_entry(name, i);
+ email = X509_NAME_ENTRY_get_data(ne);
+ if (!append_ia5(&ret, email))
+ return NULL;
+ }
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+ gen = sk_GENERAL_NAME_value(gens, i);
+ if (gen->type != GEN_EMAIL)
+ continue;
+ if (!append_ia5(&ret, gen->d.ia5))
+ return NULL;
+ }
+ return ret;
+}
+
+static void str_free(void *str)
+{
+ OPENSSL_free(str);
+}
+
+static int append_ia5(STACK ** sk, ASN1_IA5STRING *email)
+{
+ char *emtmp;
+ /* First some sanity checks */
+ if (email->type != V_ASN1_IA5STRING)
+ return 1;
+ if (!email->data || !email->length)
+ return 1;
+ if (!*sk)
+ *sk = sk_new(sk_strcmp);
+ if (!*sk)
+ return 0;
+ /* Don't add duplicates */
+ if (sk_find(*sk, (char *)email->data) != -1)
+ return 1;
+ emtmp = BUF_strdup((char *)email->data);
+ if (!emtmp || !sk_push(*sk, emtmp)) {
+ X509_email_free(*sk);
+ *sk = NULL;
+ return 0;
+ }
+ return 1;
+}
+
+void X509_email_free(STACK * sk)
+{
+ sk_pop_free(sk, str_free);
+}
+
+/*
+ * Convert IP addresses both IPv4 and IPv6 into an OCTET STRING compatible
+ * with RFC3280.
+ */
+
+ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
+{
+ unsigned char ipout[16];
+ ASN1_OCTET_STRING *ret;
+ int iplen;
+
+ /* If string contains a ':' assume IPv6 */
+
+ iplen = a2i_ipadd(ipout, ipasc);
+
+ if (!iplen)
+ return NULL;
+
+ ret = ASN1_OCTET_STRING_new();
+ if (!ret)
+ return NULL;
+ if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) {
+ ASN1_OCTET_STRING_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
+{
+ ASN1_OCTET_STRING *ret = NULL;
+ unsigned char ipout[32];
+ char *iptmp = NULL, *p;
+ int iplen1, iplen2;
+ p = strchr(ipasc, '/');
+ if (!p)
+ return NULL;
+ iptmp = BUF_strdup(ipasc);
+ if (!iptmp)
+ return NULL;
+ p = iptmp + (p - ipasc);
+ *p++ = 0;
+
+ iplen1 = a2i_ipadd(ipout, iptmp);
+
+ if (!iplen1)
+ goto err;
+
+ iplen2 = a2i_ipadd(ipout + iplen1, p);
+
+ OPENSSL_free(iptmp);
+ iptmp = NULL;
+
+ if (!iplen2 || (iplen1 != iplen2))
+ goto err;
+
+ ret = ASN1_OCTET_STRING_new();
+ if (!ret)
+ goto err;
+ if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
+ goto err;
+
+ return ret;
+
+ err:
+ if (iptmp)
+ OPENSSL_free(iptmp);
+ if (ret)
+ ASN1_OCTET_STRING_free(ret);
+ return NULL;
+}
+
+int a2i_ipadd(unsigned char *ipout, const char *ipasc)
+{
+ /* If string contains a ':' assume IPv6 */
+
+ if (strchr(ipasc, ':')) {
+ if (!ipv6_from_asc(ipout, ipasc))
+ return 0;
+ return 16;
+ } else {
+ if (!ipv4_from_asc(ipout, ipasc))
+ return 0;
+ return 4;
+ }
+}
+
+static int ipv4_from_asc(unsigned char *v4, const char *in)
+{
+ int a0, a1, a2, a3;
+ if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
+ return 0;
+ if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
+ || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
+ return 0;
+ v4[0] = a0;
+ v4[1] = a1;
+ v4[2] = a2;
+ v4[3] = a3;
+ return 1;
+}
+
+typedef struct {
+ /* Temporary store for IPV6 output */
+ unsigned char tmp[16];
+ /* Total number of bytes in tmp */
+ int total;
+ /* The position of a zero (corresponding to '::') */
+ int zero_pos;
+ /* Number of zeroes */
+ int zero_cnt;
+} IPV6_STAT;
+
+static int ipv6_from_asc(unsigned char *v6, const char *in)
+{
+ IPV6_STAT v6stat;
+ v6stat.total = 0;
+ v6stat.zero_pos = -1;
+ v6stat.zero_cnt = 0;
+ /*
+ * Treat the IPv6 representation as a list of values separated by ':'.
+ * The presence of a '::' will parse as one, two or three zero length
+ * elements.
+ */
+ if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
+ return 0;
+
+ /* Now for some sanity checks */
+
+ if (v6stat.zero_pos == -1) {
+ /* If no '::' must have exactly 16 bytes */
+ if (v6stat.total != 16)
+ return 0;
+ } else {
+ /* If '::' must have less than 16 bytes */
+ if (v6stat.total == 16)
+ return 0;
+ /* More than three zeroes is an error */
+ if (v6stat.zero_cnt > 3)
+ return 0;
+ /* Can only have three zeroes if nothing else present */
+ else if (v6stat.zero_cnt == 3) {
+ if (v6stat.total > 0)
+ return 0;
+ }
+ /* Can only have two zeroes if at start or end */
+ else if (v6stat.zero_cnt == 2) {
+ if ((v6stat.zero_pos != 0)
+ && (v6stat.zero_pos != v6stat.total))
+ return 0;
+ } else
+ /* Can only have one zero if *not* start or end */
+ {
+ if ((v6stat.zero_pos == 0)
+ || (v6stat.zero_pos == v6stat.total))
+ return 0;
+ }
+ }
+
+ /* Format result */
+
+ if (v6stat.zero_pos >= 0) {
+ /* Copy initial part */
+ memcpy(v6, v6stat.tmp, v6stat.zero_pos);
+ /* Zero middle */
+ memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
+ /* Copy final part */
+ if (v6stat.total != v6stat.zero_pos)
+ memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
+ v6stat.tmp + v6stat.zero_pos,
+ v6stat.total - v6stat.zero_pos);
+ } else
+ memcpy(v6, v6stat.tmp, 16);
+
+ return 1;
+}
+
+static int ipv6_cb(const char *elem, int len, void *usr)
+{
+ IPV6_STAT *s = usr;
+ /* Error if 16 bytes written */
+ if (s->total == 16)
+ return 0;
+ if (len == 0) {
+ /* Zero length element, corresponds to '::' */
+ if (s->zero_pos == -1)
+ s->zero_pos = s->total;
+ /* If we've already got a :: its an error */
+ else if (s->zero_pos != s->total)
+ return 0;
+ s->zero_cnt++;
+ } else {
+ /* If more than 4 characters could be final a.b.c.d form */
+ if (len > 4) {
+ /* Need at least 4 bytes left */
+ if (s->total > 12)
+ return 0;
+ /* Must be end of string */
+ if (elem[len])
+ return 0;
+ if (!ipv4_from_asc(s->tmp + s->total, elem))
+ return 0;
+ s->total += 4;
+ } else {
+ if (!ipv6_hex(s->tmp + s->total, elem, len))
+ return 0;
+ s->total += 2;
+ }
+ }
+ return 1;
+}
+
+/*
+ * Convert a string of up to 4 hex digits into the corresponding IPv6 form.
+ */
+
+static int ipv6_hex(unsigned char *out, const char *in, int inlen)
+{
+ unsigned char c;
+ unsigned int num = 0;
+ if (inlen > 4)
+ return 0;
+ while (inlen--) {
+ c = *in++;
+ num <<= 4;
+ if ((c >= '0') && (c <= '9'))
+ num |= c - '0';
+ else if ((c >= 'A') && (c <= 'F'))
+ num |= c - 'A' + 10;
+ else if ((c >= 'a') && (c <= 'f'))
+ num |= c - 'a' + 10;
+ else
+ return 0;
+ }
+ out[0] = num >> 8;
+ out[1] = num & 0xff;
+ return 1;
+}
+
+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
+ unsigned long chtype)
+{
+ CONF_VALUE *v;
+ int i, mval;
+ char *p, *type;
+ if (!nm)
+ return 0;
+
+ for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
+ v = sk_CONF_VALUE_value(dn_sk, i);
+ type = v->name;
+ /*
+ * Skip past any leading X. X: X, etc to allow for multiple instances
+ */
+ for (p = type; *p; p++)
+#ifndef CHARSET_EBCDIC
+ if ((*p == ':') || (*p == ',') || (*p == '.'))
+#else
+ if ((*p == os_toascii[':']) || (*p == os_toascii[','])
+ || (*p == os_toascii['.']))
+#endif
+ {
+ p++;
+ if (*p)
+ type = p;
+ break;
+ }
+#ifndef CHARSET_EBCDIC
+ if (*type == '+')
+#else
+ if (*type == os_toascii['+'])
+#endif
+ {
+ mval = -1;
+ type++;
+ } else
+ mval = 0;
+ if (!X509_NAME_add_entry_by_txt(nm, type, chtype,
+ (unsigned char *)v->value, -1, -1,
+ mval))
+ return 0;
+
+ }
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3conf.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3conf.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3conf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,127 +0,0 @@
-/* v3conf.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/asn1.h>
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-/* Test application to add extensions from a config file */
-
-int main(int argc, char **argv)
-{
- LHASH *conf;
- X509 *cert;
- FILE *inf;
- char *conf_file;
- int i;
- int count;
- X509_EXTENSION *ext;
- X509V3_add_standard_extensions();
- ERR_load_crypto_strings();
- if(!argv[1]) {
- fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
- exit(1);
- }
- conf_file = argv[2];
- if(!conf_file) conf_file = "test.cnf";
- conf = CONF_load(NULL, "test.cnf", NULL);
- if(!conf) {
- fprintf(stderr, "Error opening Config file %s\n", conf_file);
- ERR_print_errors_fp(stderr);
- exit(1);
- }
-
- inf = fopen(argv[1], "r");
- if(!inf) {
- fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
- exit(1);
- }
- cert = PEM_read_X509(inf, NULL, NULL);
- if(!cert) {
- fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
- exit(1);
- }
- fclose(inf);
-
- sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
- cert->cert_info->extensions = NULL;
-
- if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
- fprintf(stderr, "Error adding extensions\n");
- ERR_print_errors_fp(stderr);
- exit(1);
- }
-
- count = X509_get_ext_count(cert);
- printf("%d extensions\n", count);
- for(i = 0; i < count; i++) {
- ext = X509_get_ext(cert, i);
- printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
- if(ext->critical) printf(",critical:\n");
- else printf(":\n");
- X509V3_EXT_print_fp(stdout, ext, 0, 0);
- printf("\n");
-
- }
- return 0;
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3conf.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3conf.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3conf.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3conf.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,129 @@
+/* v3conf.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/* Test application to add extensions from a config file */
+
+int main(int argc, char **argv)
+{
+ LHASH *conf;
+ X509 *cert;
+ FILE *inf;
+ char *conf_file;
+ int i;
+ int count;
+ X509_EXTENSION *ext;
+ X509V3_add_standard_extensions();
+ ERR_load_crypto_strings();
+ if (!argv[1]) {
+ fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
+ exit(1);
+ }
+ conf_file = argv[2];
+ if (!conf_file)
+ conf_file = "test.cnf";
+ conf = CONF_load(NULL, "test.cnf", NULL);
+ if (!conf) {
+ fprintf(stderr, "Error opening Config file %s\n", conf_file);
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+
+ inf = fopen(argv[1], "r");
+ if (!inf) {
+ fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
+ exit(1);
+ }
+ cert = PEM_read_X509(inf, NULL, NULL);
+ if (!cert) {
+ fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
+ exit(1);
+ }
+ fclose(inf);
+
+ sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
+ cert->cert_info->extensions = NULL;
+
+ if (!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
+ fprintf(stderr, "Error adding extensions\n");
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+
+ count = X509_get_ext_count(cert);
+ printf("%d extensions\n", count);
+ for (i = 0; i < count; i++) {
+ ext = X509_get_ext(cert, i);
+ printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+ if (ext->critical)
+ printf(",critical:\n");
+ else
+ printf(":\n");
+ X509V3_EXT_print_fp(stdout, ext, 0, 0);
+ printf("\n");
+
+ }
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3err.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,219 +0,0 @@
-/* crypto/x509v3/v3err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
-
-static ERR_STRING_DATA X509V3_str_functs[]=
- {
-{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), "ASIDENTIFIERCHOICE_CANONIZE"},
-{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), "ASIDENTIFIERCHOICE_IS_CANONICAL"},
-{ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
-{ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"},
-{ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"},
-{ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"},
-{ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
-{ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"},
-{ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
-{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
-{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
-{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
-{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"},
-{ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"},
-{ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"},
-{ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"},
-{ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"},
-{ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"},
-{ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
-{ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"},
-{ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
-{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
-{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
-{ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"},
-{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"},
-{ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), "V2I_AUTHORITY_INFO_ACCESS"},
-{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"},
-{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"},
-{ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"},
-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"},
-{ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"},
-{ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"},
-{ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"},
-{ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"},
-{ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), "V3_ADDR_VALIDATE_PATH_INTERNAL"},
-{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"},
-{ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"},
-{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"},
-{ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"},
-{ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"},
-{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
-{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
-{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
-{ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA X509V3_str_reasons[]=
- {
-{ERR_REASON(X509V3_R_BAD_IP_ADDRESS) ,"bad ip address"},
-{ERR_REASON(X509V3_R_BAD_OBJECT) ,"bad object"},
-{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) ,"bn dec2bn error"},
-{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
-{ERR_REASON(X509V3_R_DIRNAME_ERROR) ,"dirname error"},
-{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) ,"duplicate zone id"},
-{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
-{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
-{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"},
-{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"},
-{ERR_REASON(X509V3_R_EXTENSION_EXISTS) ,"extension exists"},
-{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"},
-{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},
-{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},
-{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},
-{ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"},
-{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) ,"illegal hex digit"},
-{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
-{ERR_REASON(X509V3_R_INVALID_ASNUMBER) ,"invalid asnumber"},
-{ERR_REASON(X509V3_R_INVALID_ASRANGE) ,"invalid asrange"},
-{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
-{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},
-{ERR_REASON(X509V3_R_INVALID_INHERITANCE),"invalid inheritance"},
-{ERR_REASON(X509V3_R_INVALID_IPADDRESS) ,"invalid ipaddress"},
-{ERR_REASON(X509V3_R_INVALID_NAME) ,"invalid name"},
-{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
-{ERR_REASON(X509V3_R_INVALID_NULL_NAME) ,"invalid null name"},
-{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"},
-{ERR_REASON(X509V3_R_INVALID_NUMBER) ,"invalid number"},
-{ERR_REASON(X509V3_R_INVALID_NUMBERS) ,"invalid numbers"},
-{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},
-{ERR_REASON(X509V3_R_INVALID_OPTION) ,"invalid option"},
-{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},
-{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},
-{ERR_REASON(X509V3_R_INVALID_PURPOSE) ,"invalid purpose"},
-{ERR_REASON(X509V3_R_INVALID_SAFI) ,"invalid safi"},
-{ERR_REASON(X509V3_R_INVALID_SECTION) ,"invalid section"},
-{ERR_REASON(X509V3_R_INVALID_SYNTAX) ,"invalid syntax"},
-{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},
-{ERR_REASON(X509V3_R_MISSING_VALUE) ,"missing value"},
-{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"},
-{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"},
-{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"},
-{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) ,"no issuer details"},
-{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"},
-{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"},
-{ERR_REASON(X509V3_R_NO_PUBLIC_KEY) ,"no public key"},
-{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},
-{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
-{ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"},
-{ERR_REASON(X509V3_R_OTHERNAME_ERROR) ,"othername error"},
-{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
-{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
-{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
-{ERR_REASON(X509V3_R_SECTION_NOT_FOUND) ,"section not found"},
-{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},
-{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},
-{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},
-{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) ,"unknown extension"},
-{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
-{ERR_REASON(X509V3_R_UNKNOWN_OPTION) ,"unknown option"},
-{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
-{ERR_REASON(X509V3_R_USER_TOO_LONG) ,"user too long"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_X509V3_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,X509V3_str_functs);
- ERR_load_strings(0,X509V3_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3err.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,239 @@
+/* crypto/x509v3/v3err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
+
+static ERR_STRING_DATA X509V3_str_functs[] = {
+ {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),
+ "ASIDENTIFIERCHOICE_CANONIZE"},
+ {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),
+ "ASIDENTIFIERCHOICE_IS_CANONICAL"},
+ {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
+ {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"},
+ {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"},
+ {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"},
+ {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
+ {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"},
+ {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"},
+ {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
+ {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
+ {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
+ {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
+ {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS),
+ "I2V_AUTHORITY_INFO_ACCESS"},
+ {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"},
+ {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"},
+ {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"},
+ {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"},
+ {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"},
+ {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"},
+ {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
+ {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
+ {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
+ {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
+ {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"},
+ {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
+ {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"},
+ {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
+ {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
+ {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
+ {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
+ {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"},
+ {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"},
+ {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS),
+ "V2I_AUTHORITY_INFO_ACCESS"},
+ {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"},
+ {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"},
+ {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"},
+ {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"},
+ {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
+ {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"},
+ {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"},
+ {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"},
+ {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"},
+ {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"},
+ {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"},
+ {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"},
+ {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL),
+ "V3_ADDR_VALIDATE_PATH_INTERNAL"},
+ {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"},
+ {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"},
+ {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
+ {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
+ {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
+ {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"},
+ {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
+ {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"},
+ {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"},
+ {ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"},
+ {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
+ {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
+ {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
+ {ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA X509V3_str_reasons[] = {
+ {ERR_REASON(X509V3_R_BAD_IP_ADDRESS), "bad ip address"},
+ {ERR_REASON(X509V3_R_BAD_OBJECT), "bad object"},
+ {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"},
+ {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),
+ "bn to asn1 integer error"},
+ {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"},
+ {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"},
+ {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE), "error converting zone"},
+ {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),
+ "error creating extension"},
+ {ERR_REASON(X509V3_R_ERROR_IN_EXTENSION), "error in extension"},
+ {ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME), "expected a section name"},
+ {ERR_REASON(X509V3_R_EXTENSION_EXISTS), "extension exists"},
+ {ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR), "extension name error"},
+ {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND), "extension not found"},
+ {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),
+ "extension setting not supported"},
+ {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"},
+ {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"},
+ {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"},
+ {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),
+ "incorrect policy syntax tag"},
+ {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"},
+ {ERR_REASON(X509V3_R_INVALID_ASRANGE), "invalid asrange"},
+ {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING), "invalid boolean string"},
+ {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),
+ "invalid extension string"},
+ {ERR_REASON(X509V3_R_INVALID_INHERITANCE), "invalid inheritance"},
+ {ERR_REASON(X509V3_R_INVALID_IPADDRESS), "invalid ipaddress"},
+ {ERR_REASON(X509V3_R_INVALID_NAME), "invalid name"},
+ {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
+ {ERR_REASON(X509V3_R_INVALID_NULL_NAME), "invalid null name"},
+ {ERR_REASON(X509V3_R_INVALID_NULL_VALUE), "invalid null value"},
+ {ERR_REASON(X509V3_R_INVALID_NUMBER), "invalid number"},
+ {ERR_REASON(X509V3_R_INVALID_NUMBERS), "invalid numbers"},
+ {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),
+ "invalid object identifier"},
+ {ERR_REASON(X509V3_R_INVALID_OPTION), "invalid option"},
+ {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),
+ "invalid policy identifier"},
+ {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),
+ "invalid proxy policy setting"},
+ {ERR_REASON(X509V3_R_INVALID_PURPOSE), "invalid purpose"},
+ {ERR_REASON(X509V3_R_INVALID_SAFI), "invalid safi"},
+ {ERR_REASON(X509V3_R_INVALID_SECTION), "invalid section"},
+ {ERR_REASON(X509V3_R_INVALID_SYNTAX), "invalid syntax"},
+ {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR), "issuer decode error"},
+ {ERR_REASON(X509V3_R_MISSING_VALUE), "missing value"},
+ {ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),
+ "need organization and numbers"},
+ {ERR_REASON(X509V3_R_NO_CONFIG_DATABASE), "no config database"},
+ {ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE), "no issuer certificate"},
+ {ERR_REASON(X509V3_R_NO_ISSUER_DETAILS), "no issuer details"},
+ {ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER), "no policy identifier"},
+ {ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),
+ "no proxy cert policy language defined"},
+ {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"},
+ {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"},
+ {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"},
+ {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"},
+ {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"},
+ {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),
+ "policy language alreadty defined"},
+ {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"},
+ {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),
+ "policy path length alreadty defined"},
+ {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),
+ "policy syntax not currently supported"},
+ {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),
+ "policy when proxy language requires no policy"},
+ {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"},
+ {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),
+ "unable to get issuer details"},
+ {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),
+ "unable to get issuer keyid"},
+ {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),
+ "unknown bit string argument"},
+ {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION), "unknown extension"},
+ {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME), "unknown extension name"},
+ {ERR_REASON(X509V3_R_UNKNOWN_OPTION), "unknown option"},
+ {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION), "unsupported option"},
+ {ERR_REASON(X509V3_R_USER_TOO_LONG), "user too long"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_X509V3_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, X509V3_str_functs);
+ ERR_load_strings(0, X509V3_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3prin.c
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/v3prin.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3prin.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,99 +0,0 @@
-/* v3prin.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-
-#include <stdio.h>
-#include <openssl/asn1.h>
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-int main(int argc, char **argv)
-{
- X509 *cert;
- FILE *inf;
- int i, count;
- X509_EXTENSION *ext;
- X509V3_add_standard_extensions();
- ERR_load_crypto_strings();
- if(!argv[1]) {
- fprintf(stderr, "Usage v3prin cert.pem\n");
- exit(1);
- }
- if(!(inf = fopen(argv[1], "r"))) {
- fprintf(stderr, "Can't open %s\n", argv[1]);
- exit(1);
- }
- if(!(cert = PEM_read_X509(inf, NULL, NULL))) {
- fprintf(stderr, "Can't read certificate %s\n", argv[1]);
- ERR_print_errors_fp(stderr);
- exit(1);
- }
- fclose(inf);
- count = X509_get_ext_count(cert);
- printf("%d extensions\n", count);
- for(i = 0; i < count; i++) {
- ext = X509_get_ext(cert, i);
- printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
- if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr);
- printf("\n");
-
- }
- return 0;
-}
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3prin.c (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/v3prin.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3prin.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/v3prin.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,99 @@
+/* v3prin.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int main(int argc, char **argv)
+{
+ X509 *cert;
+ FILE *inf;
+ int i, count;
+ X509_EXTENSION *ext;
+ X509V3_add_standard_extensions();
+ ERR_load_crypto_strings();
+ if (!argv[1]) {
+ fprintf(stderr, "Usage v3prin cert.pem\n");
+ exit(1);
+ }
+ if (!(inf = fopen(argv[1], "r"))) {
+ fprintf(stderr, "Can't open %s\n", argv[1]);
+ exit(1);
+ }
+ if (!(cert = PEM_read_X509(inf, NULL, NULL))) {
+ fprintf(stderr, "Can't read certificate %s\n", argv[1]);
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ fclose(inf);
+ count = X509_get_ext_count(cert);
+ printf("%d extensions\n", count);
+ for (i = 0; i < count; i++) {
+ ext = X509_get_ext(cert, i);
+ printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+ if (!X509V3_EXT_print_fp(stdout, ext, 0, 0))
+ ERR_print_errors_fp(stderr);
+ printf("\n");
+
+ }
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/x509v3.h
===================================================================
--- vendor-crypto/openssl/dist/crypto/x509v3/x509v3.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/x509v3.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,922 +0,0 @@
-/* x509v3.h */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#ifndef HEADER_X509V3_H
-#define HEADER_X509V3_H
-
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/conf.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Forward reference */
-struct v3_ext_method;
-struct v3_ext_ctx;
-
-/* Useful typedefs */
-
-typedef void * (*X509V3_EXT_NEW)(void);
-typedef void (*X509V3_EXT_FREE)(void *);
-typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
-typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
-typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
-typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
-typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
-typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
-typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
-
-/* V3 extension structure */
-
-struct v3_ext_method {
-int ext_nid;
-int ext_flags;
-/* If this is set the following four fields are ignored */
-ASN1_ITEM_EXP *it;
-/* Old style ASN1 calls */
-X509V3_EXT_NEW ext_new;
-X509V3_EXT_FREE ext_free;
-X509V3_EXT_D2I d2i;
-X509V3_EXT_I2D i2d;
-
-/* The following pair is used for string extensions */
-X509V3_EXT_I2S i2s;
-X509V3_EXT_S2I s2i;
-
-/* The following pair is used for multi-valued extensions */
-X509V3_EXT_I2V i2v;
-X509V3_EXT_V2I v2i;
-
-/* The following are used for raw extensions */
-X509V3_EXT_I2R i2r;
-X509V3_EXT_R2I r2i;
-
-void *usr_data; /* Any extension specific data */
-};
-
-typedef struct X509V3_CONF_METHOD_st {
-char * (*get_string)(void *db, char *section, char *value);
-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
-void (*free_string)(void *db, char * string);
-void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
-} X509V3_CONF_METHOD;
-
-/* Context specific info */
-struct v3_ext_ctx {
-#define CTX_TEST 0x1
-int flags;
-X509 *issuer_cert;
-X509 *subject_cert;
-X509_REQ *subject_req;
-X509_CRL *crl;
-X509V3_CONF_METHOD *db_meth;
-void *db;
-/* Maybe more here */
-};
-
-typedef struct v3_ext_method X509V3_EXT_METHOD;
-
-DECLARE_STACK_OF(X509V3_EXT_METHOD)
-
-/* ext_flags values */
-#define X509V3_EXT_DYNAMIC 0x1
-#define X509V3_EXT_CTX_DEP 0x2
-#define X509V3_EXT_MULTILINE 0x4
-
-typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
-
-typedef struct BASIC_CONSTRAINTS_st {
-int ca;
-ASN1_INTEGER *pathlen;
-} BASIC_CONSTRAINTS;
-
-
-typedef struct PKEY_USAGE_PERIOD_st {
-ASN1_GENERALIZEDTIME *notBefore;
-ASN1_GENERALIZEDTIME *notAfter;
-} PKEY_USAGE_PERIOD;
-
-typedef struct otherName_st {
-ASN1_OBJECT *type_id;
-ASN1_TYPE *value;
-} OTHERNAME;
-
-typedef struct EDIPartyName_st {
- ASN1_STRING *nameAssigner;
- ASN1_STRING *partyName;
-} EDIPARTYNAME;
-
-typedef struct GENERAL_NAME_st {
-
-#define GEN_OTHERNAME 0
-#define GEN_EMAIL 1
-#define GEN_DNS 2
-#define GEN_X400 3
-#define GEN_DIRNAME 4
-#define GEN_EDIPARTY 5
-#define GEN_URI 6
-#define GEN_IPADD 7
-#define GEN_RID 8
-
-int type;
-union {
- char *ptr;
- OTHERNAME *otherName; /* otherName */
- ASN1_IA5STRING *rfc822Name;
- ASN1_IA5STRING *dNSName;
- ASN1_TYPE *x400Address;
- X509_NAME *directoryName;
- EDIPARTYNAME *ediPartyName;
- ASN1_IA5STRING *uniformResourceIdentifier;
- ASN1_OCTET_STRING *iPAddress;
- ASN1_OBJECT *registeredID;
-
- /* Old names */
- ASN1_OCTET_STRING *ip; /* iPAddress */
- X509_NAME *dirn; /* dirn */
- ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
- ASN1_OBJECT *rid; /* registeredID */
- ASN1_TYPE *other; /* x400Address */
-} d;
-} GENERAL_NAME;
-
-typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
-
-typedef struct ACCESS_DESCRIPTION_st {
- ASN1_OBJECT *method;
- GENERAL_NAME *location;
-} ACCESS_DESCRIPTION;
-
-typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
-
-typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
-
-DECLARE_STACK_OF(GENERAL_NAME)
-DECLARE_ASN1_SET_OF(GENERAL_NAME)
-
-DECLARE_STACK_OF(ACCESS_DESCRIPTION)
-DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
-
-typedef struct DIST_POINT_NAME_st {
-int type;
-union {
- GENERAL_NAMES *fullname;
- STACK_OF(X509_NAME_ENTRY) *relativename;
-} name;
-} DIST_POINT_NAME;
-
-typedef struct DIST_POINT_st {
-DIST_POINT_NAME *distpoint;
-ASN1_BIT_STRING *reasons;
-GENERAL_NAMES *CRLissuer;
-} DIST_POINT;
-
-typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
-
-DECLARE_STACK_OF(DIST_POINT)
-DECLARE_ASN1_SET_OF(DIST_POINT)
-
-typedef struct AUTHORITY_KEYID_st {
-ASN1_OCTET_STRING *keyid;
-GENERAL_NAMES *issuer;
-ASN1_INTEGER *serial;
-} AUTHORITY_KEYID;
-
-/* Strong extranet structures */
-
-typedef struct SXNET_ID_st {
- ASN1_INTEGER *zone;
- ASN1_OCTET_STRING *user;
-} SXNETID;
-
-DECLARE_STACK_OF(SXNETID)
-DECLARE_ASN1_SET_OF(SXNETID)
-
-typedef struct SXNET_st {
- ASN1_INTEGER *version;
- STACK_OF(SXNETID) *ids;
-} SXNET;
-
-typedef struct NOTICEREF_st {
- ASN1_STRING *organization;
- STACK_OF(ASN1_INTEGER) *noticenos;
-} NOTICEREF;
-
-typedef struct USERNOTICE_st {
- NOTICEREF *noticeref;
- ASN1_STRING *exptext;
-} USERNOTICE;
-
-typedef struct POLICYQUALINFO_st {
- ASN1_OBJECT *pqualid;
- union {
- ASN1_IA5STRING *cpsuri;
- USERNOTICE *usernotice;
- ASN1_TYPE *other;
- } d;
-} POLICYQUALINFO;
-
-DECLARE_STACK_OF(POLICYQUALINFO)
-DECLARE_ASN1_SET_OF(POLICYQUALINFO)
-
-typedef struct POLICYINFO_st {
- ASN1_OBJECT *policyid;
- STACK_OF(POLICYQUALINFO) *qualifiers;
-} POLICYINFO;
-
-typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
-
-DECLARE_STACK_OF(POLICYINFO)
-DECLARE_ASN1_SET_OF(POLICYINFO)
-
-typedef struct POLICY_MAPPING_st {
- ASN1_OBJECT *issuerDomainPolicy;
- ASN1_OBJECT *subjectDomainPolicy;
-} POLICY_MAPPING;
-
-DECLARE_STACK_OF(POLICY_MAPPING)
-
-typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
-
-typedef struct GENERAL_SUBTREE_st {
- GENERAL_NAME *base;
- ASN1_INTEGER *minimum;
- ASN1_INTEGER *maximum;
-} GENERAL_SUBTREE;
-
-DECLARE_STACK_OF(GENERAL_SUBTREE)
-
-typedef struct NAME_CONSTRAINTS_st {
- STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
- STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
-} NAME_CONSTRAINTS;
-
-typedef struct POLICY_CONSTRAINTS_st {
- ASN1_INTEGER *requireExplicitPolicy;
- ASN1_INTEGER *inhibitPolicyMapping;
-} POLICY_CONSTRAINTS;
-
-/* Proxy certificate structures, see RFC 3820 */
-typedef struct PROXY_POLICY_st
- {
- ASN1_OBJECT *policyLanguage;
- ASN1_OCTET_STRING *policy;
- } PROXY_POLICY;
-
-typedef struct PROXY_CERT_INFO_EXTENSION_st
- {
- ASN1_INTEGER *pcPathLengthConstraint;
- PROXY_POLICY *proxyPolicy;
- } PROXY_CERT_INFO_EXTENSION;
-
-DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
-DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
-
-
-#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
-",name:", val->name, ",value:", val->value);
-
-#define X509V3_set_ctx_test(ctx) \
- X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
-#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
-
-#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
- 0,0,0,0, \
- 0,0, \
- (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
- (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
- NULL, NULL, \
- table}
-
-#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
- 0,0,0,0, \
- (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
- (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
- 0,0,0,0, \
- NULL}
-
-#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
-
-
-/* X509_PURPOSE stuff */
-
-#define EXFLAG_BCONS 0x1
-#define EXFLAG_KUSAGE 0x2
-#define EXFLAG_XKUSAGE 0x4
-#define EXFLAG_NSCERT 0x8
-
-#define EXFLAG_CA 0x10
-/* Really self issued not necessarily self signed */
-#define EXFLAG_SI 0x20
-#define EXFLAG_SS 0x20
-#define EXFLAG_V1 0x40
-#define EXFLAG_INVALID 0x80
-#define EXFLAG_SET 0x100
-#define EXFLAG_CRITICAL 0x200
-#define EXFLAG_PROXY 0x400
-
-#define EXFLAG_INVALID_POLICY 0x800
-
-#define KU_DIGITAL_SIGNATURE 0x0080
-#define KU_NON_REPUDIATION 0x0040
-#define KU_KEY_ENCIPHERMENT 0x0020
-#define KU_DATA_ENCIPHERMENT 0x0010
-#define KU_KEY_AGREEMENT 0x0008
-#define KU_KEY_CERT_SIGN 0x0004
-#define KU_CRL_SIGN 0x0002
-#define KU_ENCIPHER_ONLY 0x0001
-#define KU_DECIPHER_ONLY 0x8000
-
-#define NS_SSL_CLIENT 0x80
-#define NS_SSL_SERVER 0x40
-#define NS_SMIME 0x20
-#define NS_OBJSIGN 0x10
-#define NS_SSL_CA 0x04
-#define NS_SMIME_CA 0x02
-#define NS_OBJSIGN_CA 0x01
-#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
-
-#define XKU_SSL_SERVER 0x1
-#define XKU_SSL_CLIENT 0x2
-#define XKU_SMIME 0x4
-#define XKU_CODE_SIGN 0x8
-#define XKU_SGC 0x10
-#define XKU_OCSP_SIGN 0x20
-#define XKU_TIMESTAMP 0x40
-#define XKU_DVCS 0x80
-
-#define X509_PURPOSE_DYNAMIC 0x1
-#define X509_PURPOSE_DYNAMIC_NAME 0x2
-
-typedef struct x509_purpose_st {
- int purpose;
- int trust; /* Default trust ID */
- int flags;
- int (*check_purpose)(const struct x509_purpose_st *,
- const X509 *, int);
- char *name;
- char *sname;
- void *usr_data;
-} X509_PURPOSE;
-
-#define X509_PURPOSE_SSL_CLIENT 1
-#define X509_PURPOSE_SSL_SERVER 2
-#define X509_PURPOSE_NS_SSL_SERVER 3
-#define X509_PURPOSE_SMIME_SIGN 4
-#define X509_PURPOSE_SMIME_ENCRYPT 5
-#define X509_PURPOSE_CRL_SIGN 6
-#define X509_PURPOSE_ANY 7
-#define X509_PURPOSE_OCSP_HELPER 8
-
-#define X509_PURPOSE_MIN 1
-#define X509_PURPOSE_MAX 8
-
-/* Flags for X509V3_EXT_print() */
-
-#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
-/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT 0
-/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
-/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
-/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
-
-/* Flags for X509V3_add1_i2d */
-
-#define X509V3_ADD_OP_MASK 0xfL
-#define X509V3_ADD_DEFAULT 0L
-#define X509V3_ADD_APPEND 1L
-#define X509V3_ADD_REPLACE 2L
-#define X509V3_ADD_REPLACE_EXISTING 3L
-#define X509V3_ADD_KEEP_EXISTING 4L
-#define X509V3_ADD_DELETE 5L
-#define X509V3_ADD_SILENT 0x10
-
-DECLARE_STACK_OF(X509_PURPOSE)
-
-DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
-
-DECLARE_ASN1_FUNCTIONS(SXNET)
-DECLARE_ASN1_FUNCTIONS(SXNETID)
-
-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen);
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen);
-
-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
-ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
-ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
-
-DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
-
-DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
-
-DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
-
-
-ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
- ASN1_BIT_STRING *bits,
- STACK_OF(CONF_VALUE) *extlist);
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
-int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
-
-DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
-
-STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
- GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
-GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-
-DECLARE_ASN1_FUNCTIONS(OTHERNAME)
-DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
-
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-
-DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
-
-DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
-DECLARE_ASN1_FUNCTIONS(POLICYINFO)
-DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
-DECLARE_ASN1_FUNCTIONS(USERNOTICE)
-DECLARE_ASN1_FUNCTIONS(NOTICEREF)
-
-DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
-DECLARE_ASN1_FUNCTIONS(DIST_POINT)
-DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
-
-DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
-DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
-
-DECLARE_ASN1_ITEM(POLICY_MAPPING)
-DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
-DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
-
-DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
-DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
-
-DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
-DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
-
-DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
-DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
-
-#ifdef HEADER_CONF_H
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
- CONF_VALUE *cnf);
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
-void X509V3_conf_free(CONF_VALUE *val);
-
-X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-
-X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
-int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
-
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
- STACK_OF(CONF_VALUE) **extlist);
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
-void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
-#endif
-
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
-void X509V3_string_free(X509V3_CTX *ctx, char *str);
-void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
- X509_REQ *req, X509_CRL *crl, int flags);
-
-int X509V3_add_value(const char *name, const char *value,
- STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
- STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_bool(const char *name, int asn1_bool,
- STACK_OF(CONF_VALUE) **extlist);
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
- STACK_OF(CONF_VALUE) **extlist);
-char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
-ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
-char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
-int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
-int X509V3_EXT_add_alias(int nid_to, int nid_from);
-void X509V3_EXT_cleanup(void);
-
-X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
-X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
-int X509V3_add_standard_extensions(void);
-STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
-void *X509V3_EXT_d2i(X509_EXTENSION *ext);
-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
-
-
-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
-int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
-
-char *hex_to_string(unsigned char *buffer, long len);
-unsigned char *string_to_hex(char *str, long *len);
-int name_cmp(const char *name, const char *cmp);
-
-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
- int ml);
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
-int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
-int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
-
-int X509_check_ca(X509 *x);
-int X509_check_purpose(X509 *x, int id, int ca);
-int X509_supported_extension(X509_EXTENSION *ex);
-int X509_PURPOSE_set(int *p, int purpose);
-int X509_check_issued(X509 *issuer, X509 *subject);
-int X509_PURPOSE_get_count(void);
-X509_PURPOSE * X509_PURPOSE_get0(int idx);
-int X509_PURPOSE_get_by_sname(char *sname);
-int X509_PURPOSE_get_by_id(int id);
-int X509_PURPOSE_add(int id, int trust, int flags,
- int (*ck)(const X509_PURPOSE *, const X509 *, int),
- char *name, char *sname, void *arg);
-char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
-char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
-int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
-void X509_PURPOSE_cleanup(void);
-int X509_PURPOSE_get_id(X509_PURPOSE *);
-
-STACK *X509_get1_email(X509 *x);
-STACK *X509_REQ_get1_email(X509_REQ *x);
-void X509_email_free(STACK *sk);
-STACK *X509_get1_ocsp(X509 *x);
-
-ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
-ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
-int a2i_ipadd(unsigned char *ipout, const char *ipasc);
-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
- unsigned long chtype);
-
-void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
-
-#ifndef OPENSSL_NO_RFC3779
-
-typedef struct ASRange_st {
- ASN1_INTEGER *min, *max;
-} ASRange;
-
-#define ASIdOrRange_id 0
-#define ASIdOrRange_range 1
-
-typedef struct ASIdOrRange_st {
- int type;
- union {
- ASN1_INTEGER *id;
- ASRange *range;
- } u;
-} ASIdOrRange;
-
-typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
-DECLARE_STACK_OF(ASIdOrRange)
-
-#define ASIdentifierChoice_inherit 0
-#define ASIdentifierChoice_asIdsOrRanges 1
-
-typedef struct ASIdentifierChoice_st {
- int type;
- union {
- ASN1_NULL *inherit;
- ASIdOrRanges *asIdsOrRanges;
- } u;
-} ASIdentifierChoice;
-
-typedef struct ASIdentifiers_st {
- ASIdentifierChoice *asnum, *rdi;
-} ASIdentifiers;
-
-DECLARE_ASN1_FUNCTIONS(ASRange)
-DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
-DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
-DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
-
-
-typedef struct IPAddressRange_st {
- ASN1_BIT_STRING *min, *max;
-} IPAddressRange;
-
-#define IPAddressOrRange_addressPrefix 0
-#define IPAddressOrRange_addressRange 1
-
-typedef struct IPAddressOrRange_st {
- int type;
- union {
- ASN1_BIT_STRING *addressPrefix;
- IPAddressRange *addressRange;
- } u;
-} IPAddressOrRange;
-
-typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
-DECLARE_STACK_OF(IPAddressOrRange)
-
-#define IPAddressChoice_inherit 0
-#define IPAddressChoice_addressesOrRanges 1
-
-typedef struct IPAddressChoice_st {
- int type;
- union {
- ASN1_NULL *inherit;
- IPAddressOrRanges *addressesOrRanges;
- } u;
-} IPAddressChoice;
-
-typedef struct IPAddressFamily_st {
- ASN1_OCTET_STRING *addressFamily;
- IPAddressChoice *ipAddressChoice;
-} IPAddressFamily;
-
-typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
-DECLARE_STACK_OF(IPAddressFamily)
-
-DECLARE_ASN1_FUNCTIONS(IPAddressRange)
-DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
-DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
-DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
-
-/*
- * API tag for elements of the ASIdentifer SEQUENCE.
- */
-#define V3_ASID_ASNUM 0
-#define V3_ASID_RDI 1
-
-/*
- * AFI values, assigned by IANA. It'd be nice to make the AFI
- * handling code totally generic, but there are too many little things
- * that would need to be defined for other address families for it to
- * be worth the trouble.
- */
-#define IANA_AFI_IPV4 1
-#define IANA_AFI_IPV6 2
-
-/*
- * Utilities to construct and extract values from RFC3779 extensions,
- * since some of the encodings (particularly for IP address prefixes
- * and ranges) are a bit tedious to work with directly.
- */
-int v3_asid_add_inherit(ASIdentifiers *asid, int which);
-int v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
- ASN1_INTEGER *min, ASN1_INTEGER *max);
-int v3_addr_add_inherit(IPAddrBlocks *addr,
- const unsigned afi, const unsigned *safi);
-int v3_addr_add_prefix(IPAddrBlocks *addr,
- const unsigned afi, const unsigned *safi,
- unsigned char *a, const int prefixlen);
-int v3_addr_add_range(IPAddrBlocks *addr,
- const unsigned afi, const unsigned *safi,
- unsigned char *min, unsigned char *max);
-unsigned v3_addr_get_afi(const IPAddressFamily *f);
-int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
- unsigned char *min, unsigned char *max,
- const int length);
-
-/*
- * Canonical forms.
- */
-int v3_asid_is_canonical(ASIdentifiers *asid);
-int v3_addr_is_canonical(IPAddrBlocks *addr);
-int v3_asid_canonize(ASIdentifiers *asid);
-int v3_addr_canonize(IPAddrBlocks *addr);
-
-/*
- * Tests for inheritance and containment.
- */
-int v3_asid_inherits(ASIdentifiers *asid);
-int v3_addr_inherits(IPAddrBlocks *addr);
-int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
-
-/*
- * Check whether RFC 3779 extensions nest properly in chains.
- */
-int v3_asid_validate_path(X509_STORE_CTX *);
-int v3_addr_validate_path(X509_STORE_CTX *);
-int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
- ASIdentifiers *ext,
- int allow_inheritance);
-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
- IPAddrBlocks *ext,
- int allow_inheritance);
-
-#endif /* OPENSSL_NO_RFC3779 */
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_X509V3_strings(void);
-
-/* Error codes for the X509V3 functions. */
-
-/* Function codes. */
-#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156
-#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157
-#define X509V3_F_COPY_EMAIL 122
-#define X509V3_F_COPY_ISSUER 123
-#define X509V3_F_DO_DIRNAME 144
-#define X509V3_F_DO_EXT_CONF 124
-#define X509V3_F_DO_EXT_I2D 135
-#define X509V3_F_DO_EXT_NCONF 151
-#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148
-#define X509V3_F_HEX_TO_STRING 111
-#define X509V3_F_I2S_ASN1_ENUMERATED 121
-#define X509V3_F_I2S_ASN1_IA5STRING 149
-#define X509V3_F_I2S_ASN1_INTEGER 120
-#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
-#define X509V3_F_NOTICE_SECTION 132
-#define X509V3_F_NREF_NOS 133
-#define X509V3_F_POLICY_SECTION 131
-#define X509V3_F_PROCESS_PCI_VALUE 150
-#define X509V3_F_R2I_CERTPOL 130
-#define X509V3_F_R2I_PCI 155
-#define X509V3_F_S2I_ASN1_IA5STRING 100
-#define X509V3_F_S2I_ASN1_INTEGER 108
-#define X509V3_F_S2I_ASN1_OCTET_STRING 112
-#define X509V3_F_S2I_ASN1_SKEY_ID 114
-#define X509V3_F_S2I_SKEY_ID 115
-#define X509V3_F_STRING_TO_HEX 113
-#define X509V3_F_SXNET_ADD_ID_ASC 125
-#define X509V3_F_SXNET_ADD_ID_INTEGER 126
-#define X509V3_F_SXNET_ADD_ID_ULONG 127
-#define X509V3_F_SXNET_GET_ID_ASC 128
-#define X509V3_F_SXNET_GET_ID_ULONG 129
-#define X509V3_F_V2I_ASIDENTIFIERS 158
-#define X509V3_F_V2I_ASN1_BIT_STRING 101
-#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139
-#define X509V3_F_V2I_AUTHORITY_KEYID 119
-#define X509V3_F_V2I_BASIC_CONSTRAINTS 102
-#define X509V3_F_V2I_CRLD 134
-#define X509V3_F_V2I_EXTENDED_KEY_USAGE 103
-#define X509V3_F_V2I_GENERAL_NAMES 118
-#define X509V3_F_V2I_GENERAL_NAME_EX 117
-#define X509V3_F_V2I_IPADDRBLOCKS 159
-#define X509V3_F_V2I_ISSUER_ALT 153
-#define X509V3_F_V2I_NAME_CONSTRAINTS 147
-#define X509V3_F_V2I_POLICY_CONSTRAINTS 146
-#define X509V3_F_V2I_POLICY_MAPPINGS 145
-#define X509V3_F_V2I_SUBJECT_ALT 154
-#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160
-#define X509V3_F_V3_GENERIC_EXTENSION 116
-#define X509V3_F_X509V3_ADD1_I2D 140
-#define X509V3_F_X509V3_ADD_VALUE 105
-#define X509V3_F_X509V3_EXT_ADD 104
-#define X509V3_F_X509V3_EXT_ADD_ALIAS 106
-#define X509V3_F_X509V3_EXT_CONF 107
-#define X509V3_F_X509V3_EXT_I2D 136
-#define X509V3_F_X509V3_EXT_NCONF 152
-#define X509V3_F_X509V3_GET_SECTION 142
-#define X509V3_F_X509V3_GET_STRING 143
-#define X509V3_F_X509V3_GET_VALUE_BOOL 110
-#define X509V3_F_X509V3_PARSE_LIST 109
-#define X509V3_F_X509_PURPOSE_ADD 137
-#define X509V3_F_X509_PURPOSE_SET 141
-
-/* Reason codes. */
-#define X509V3_R_BAD_IP_ADDRESS 118
-#define X509V3_R_BAD_OBJECT 119
-#define X509V3_R_BN_DEC2BN_ERROR 100
-#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
-#define X509V3_R_DIRNAME_ERROR 149
-#define X509V3_R_DUPLICATE_ZONE_ID 133
-#define X509V3_R_ERROR_CONVERTING_ZONE 131
-#define X509V3_R_ERROR_CREATING_EXTENSION 144
-#define X509V3_R_ERROR_IN_EXTENSION 128
-#define X509V3_R_EXPECTED_A_SECTION_NAME 137
-#define X509V3_R_EXTENSION_EXISTS 145
-#define X509V3_R_EXTENSION_NAME_ERROR 115
-#define X509V3_R_EXTENSION_NOT_FOUND 102
-#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103
-#define X509V3_R_EXTENSION_VALUE_ERROR 116
-#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151
-#define X509V3_R_ILLEGAL_HEX_DIGIT 113
-#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152
-#define X509V3_R_INVALID_ASNUMBER 160
-#define X509V3_R_INVALID_ASRANGE 161
-#define X509V3_R_INVALID_BOOLEAN_STRING 104
-#define X509V3_R_INVALID_EXTENSION_STRING 105
-#define X509V3_R_INVALID_INHERITANCE 162
-#define X509V3_R_INVALID_IPADDRESS 163
-#define X509V3_R_INVALID_NAME 106
-#define X509V3_R_INVALID_NULL_ARGUMENT 107
-#define X509V3_R_INVALID_NULL_NAME 108
-#define X509V3_R_INVALID_NULL_VALUE 109
-#define X509V3_R_INVALID_NUMBER 140
-#define X509V3_R_INVALID_NUMBERS 141
-#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
-#define X509V3_R_INVALID_OPTION 138
-#define X509V3_R_INVALID_POLICY_IDENTIFIER 134
-#define X509V3_R_INVALID_PROXY_POLICY_SETTING 153
-#define X509V3_R_INVALID_PURPOSE 146
-#define X509V3_R_INVALID_SAFI 164
-#define X509V3_R_INVALID_SECTION 135
-#define X509V3_R_INVALID_SYNTAX 143
-#define X509V3_R_ISSUER_DECODE_ERROR 126
-#define X509V3_R_MISSING_VALUE 124
-#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142
-#define X509V3_R_NO_CONFIG_DATABASE 136
-#define X509V3_R_NO_ISSUER_CERTIFICATE 121
-#define X509V3_R_NO_ISSUER_DETAILS 127
-#define X509V3_R_NO_POLICY_IDENTIFIER 139
-#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154
-#define X509V3_R_NO_PUBLIC_KEY 114
-#define X509V3_R_NO_SUBJECT_DETAILS 125
-#define X509V3_R_ODD_NUMBER_OF_DIGITS 112
-#define X509V3_R_OPERATION_NOT_DEFINED 148
-#define X509V3_R_OTHERNAME_ERROR 147
-#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155
-#define X509V3_R_POLICY_PATH_LENGTH 156
-#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157
-#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158
-#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
-#define X509V3_R_SECTION_NOT_FOUND 150
-#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
-#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123
-#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111
-#define X509V3_R_UNKNOWN_EXTENSION 129
-#define X509V3_R_UNKNOWN_EXTENSION_NAME 130
-#define X509V3_R_UNKNOWN_OPTION 120
-#define X509V3_R_UNSUPPORTED_OPTION 117
-#define X509V3_R_USER_TOO_LONG 132
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/crypto/x509v3/x509v3.h (from rev 6976, vendor-crypto/openssl/dist/crypto/x509v3/x509v3.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/crypto/x509v3/x509v3.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/crypto/x509v3/x509v3.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,941 @@
+/* x509v3.h */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#ifndef HEADER_X509V3_H
+# define HEADER_X509V3_H
+
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+# include <openssl/conf.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Forward reference */
+struct v3_ext_method;
+struct v3_ext_ctx;
+
+/* Useful typedefs */
+
+typedef void *(*X509V3_EXT_NEW)(void);
+typedef void (*X509V3_EXT_FREE) (void *);
+typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
+typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
+typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V) (struct v3_ext_method *method,
+ void *ext,
+ STACK_OF(CONF_VALUE)
+ *extlist);
+typedef void *(*X509V3_EXT_V2I)(struct v3_ext_method *method,
+ struct v3_ext_ctx *ctx,
+ STACK_OF(CONF_VALUE) *values);
+typedef char *(*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
+typedef void *(*X509V3_EXT_S2I)(struct v3_ext_method *method,
+ struct v3_ext_ctx *ctx, const char *str);
+typedef int (*X509V3_EXT_I2R) (struct v3_ext_method *method, void *ext,
+ BIO *out, int indent);
+typedef void *(*X509V3_EXT_R2I)(struct v3_ext_method *method,
+ struct v3_ext_ctx *ctx, const char *str);
+
+/* V3 extension structure */
+
+struct v3_ext_method {
+ int ext_nid;
+ int ext_flags;
+/* If this is set the following four fields are ignored */
+ ASN1_ITEM_EXP *it;
+/* Old style ASN1 calls */
+ X509V3_EXT_NEW ext_new;
+ X509V3_EXT_FREE ext_free;
+ X509V3_EXT_D2I d2i;
+ X509V3_EXT_I2D i2d;
+/* The following pair is used for string extensions */
+ X509V3_EXT_I2S i2s;
+ X509V3_EXT_S2I s2i;
+/* The following pair is used for multi-valued extensions */
+ X509V3_EXT_I2V i2v;
+ X509V3_EXT_V2I v2i;
+/* The following are used for raw extensions */
+ X509V3_EXT_I2R i2r;
+ X509V3_EXT_R2I r2i;
+ void *usr_data; /* Any extension specific data */
+};
+
+typedef struct X509V3_CONF_METHOD_st {
+ char *(*get_string) (void *db, char *section, char *value);
+ STACK_OF(CONF_VALUE) *(*get_section) (void *db, char *section);
+ void (*free_string) (void *db, char *string);
+ void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
+} X509V3_CONF_METHOD;
+
+/* Context specific info */
+struct v3_ext_ctx {
+# define CTX_TEST 0x1
+ int flags;
+ X509 *issuer_cert;
+ X509 *subject_cert;
+ X509_REQ *subject_req;
+ X509_CRL *crl;
+ X509V3_CONF_METHOD *db_meth;
+ void *db;
+/* Maybe more here */
+};
+
+typedef struct v3_ext_method X509V3_EXT_METHOD;
+
+DECLARE_STACK_OF(X509V3_EXT_METHOD)
+
+/* ext_flags values */
+# define X509V3_EXT_DYNAMIC 0x1
+# define X509V3_EXT_CTX_DEP 0x2
+# define X509V3_EXT_MULTILINE 0x4
+
+typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
+
+typedef struct BASIC_CONSTRAINTS_st {
+ int ca;
+ ASN1_INTEGER *pathlen;
+} BASIC_CONSTRAINTS;
+
+typedef struct PKEY_USAGE_PERIOD_st {
+ ASN1_GENERALIZEDTIME *notBefore;
+ ASN1_GENERALIZEDTIME *notAfter;
+} PKEY_USAGE_PERIOD;
+
+typedef struct otherName_st {
+ ASN1_OBJECT *type_id;
+ ASN1_TYPE *value;
+} OTHERNAME;
+
+typedef struct EDIPartyName_st {
+ ASN1_STRING *nameAssigner;
+ ASN1_STRING *partyName;
+} EDIPARTYNAME;
+
+typedef struct GENERAL_NAME_st {
+# define GEN_OTHERNAME 0
+# define GEN_EMAIL 1
+# define GEN_DNS 2
+# define GEN_X400 3
+# define GEN_DIRNAME 4
+# define GEN_EDIPARTY 5
+# define GEN_URI 6
+# define GEN_IPADD 7
+# define GEN_RID 8
+ int type;
+ union {
+ char *ptr;
+ OTHERNAME *otherName; /* otherName */
+ ASN1_IA5STRING *rfc822Name;
+ ASN1_IA5STRING *dNSName;
+ ASN1_TYPE *x400Address;
+ X509_NAME *directoryName;
+ EDIPARTYNAME *ediPartyName;
+ ASN1_IA5STRING *uniformResourceIdentifier;
+ ASN1_OCTET_STRING *iPAddress;
+ ASN1_OBJECT *registeredID;
+ /* Old names */
+ ASN1_OCTET_STRING *ip; /* iPAddress */
+ X509_NAME *dirn; /* dirn */
+ ASN1_IA5STRING *ia5; /* rfc822Name, dNSName,
+ * uniformResourceIdentifier */
+ ASN1_OBJECT *rid; /* registeredID */
+ ASN1_TYPE *other; /* x400Address */
+ } d;
+} GENERAL_NAME;
+
+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
+
+typedef struct ACCESS_DESCRIPTION_st {
+ ASN1_OBJECT *method;
+ GENERAL_NAME *location;
+} ACCESS_DESCRIPTION;
+
+typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
+
+typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
+
+DECLARE_STACK_OF(GENERAL_NAME)
+DECLARE_ASN1_SET_OF(GENERAL_NAME)
+
+DECLARE_STACK_OF(ACCESS_DESCRIPTION)
+DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
+
+typedef struct DIST_POINT_NAME_st {
+ int type;
+ union {
+ GENERAL_NAMES *fullname;
+ STACK_OF(X509_NAME_ENTRY) *relativename;
+ } name;
+} DIST_POINT_NAME;
+
+typedef struct DIST_POINT_st {
+ DIST_POINT_NAME *distpoint;
+ ASN1_BIT_STRING *reasons;
+ GENERAL_NAMES *CRLissuer;
+} DIST_POINT;
+
+typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
+
+DECLARE_STACK_OF(DIST_POINT)
+DECLARE_ASN1_SET_OF(DIST_POINT)
+
+typedef struct AUTHORITY_KEYID_st {
+ ASN1_OCTET_STRING *keyid;
+ GENERAL_NAMES *issuer;
+ ASN1_INTEGER *serial;
+} AUTHORITY_KEYID;
+
+/* Strong extranet structures */
+
+typedef struct SXNET_ID_st {
+ ASN1_INTEGER *zone;
+ ASN1_OCTET_STRING *user;
+} SXNETID;
+
+DECLARE_STACK_OF(SXNETID)
+DECLARE_ASN1_SET_OF(SXNETID)
+
+typedef struct SXNET_st {
+ ASN1_INTEGER *version;
+ STACK_OF(SXNETID) *ids;
+} SXNET;
+
+typedef struct NOTICEREF_st {
+ ASN1_STRING *organization;
+ STACK_OF(ASN1_INTEGER) *noticenos;
+} NOTICEREF;
+
+typedef struct USERNOTICE_st {
+ NOTICEREF *noticeref;
+ ASN1_STRING *exptext;
+} USERNOTICE;
+
+typedef struct POLICYQUALINFO_st {
+ ASN1_OBJECT *pqualid;
+ union {
+ ASN1_IA5STRING *cpsuri;
+ USERNOTICE *usernotice;
+ ASN1_TYPE *other;
+ } d;
+} POLICYQUALINFO;
+
+DECLARE_STACK_OF(POLICYQUALINFO)
+DECLARE_ASN1_SET_OF(POLICYQUALINFO)
+
+typedef struct POLICYINFO_st {
+ ASN1_OBJECT *policyid;
+ STACK_OF(POLICYQUALINFO) *qualifiers;
+} POLICYINFO;
+
+typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
+
+DECLARE_STACK_OF(POLICYINFO)
+DECLARE_ASN1_SET_OF(POLICYINFO)
+
+typedef struct POLICY_MAPPING_st {
+ ASN1_OBJECT *issuerDomainPolicy;
+ ASN1_OBJECT *subjectDomainPolicy;
+} POLICY_MAPPING;
+
+DECLARE_STACK_OF(POLICY_MAPPING)
+
+typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
+
+typedef struct GENERAL_SUBTREE_st {
+ GENERAL_NAME *base;
+ ASN1_INTEGER *minimum;
+ ASN1_INTEGER *maximum;
+} GENERAL_SUBTREE;
+
+DECLARE_STACK_OF(GENERAL_SUBTREE)
+
+typedef struct NAME_CONSTRAINTS_st {
+ STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
+ STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
+} NAME_CONSTRAINTS;
+
+typedef struct POLICY_CONSTRAINTS_st {
+ ASN1_INTEGER *requireExplicitPolicy;
+ ASN1_INTEGER *inhibitPolicyMapping;
+} POLICY_CONSTRAINTS;
+
+/* Proxy certificate structures, see RFC 3820 */
+typedef struct PROXY_POLICY_st {
+ ASN1_OBJECT *policyLanguage;
+ ASN1_OCTET_STRING *policy;
+} PROXY_POLICY;
+
+typedef struct PROXY_CERT_INFO_EXTENSION_st {
+ ASN1_INTEGER *pcPathLengthConstraint;
+ PROXY_POLICY *proxyPolicy;
+} PROXY_CERT_INFO_EXTENSION;
+
+DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
+DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
+
+# define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
+",name:", val->name, ",value:", val->value);
+
+# define X509V3_set_ctx_test(ctx) \
+ X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
+
+# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
+ 0,0,0,0, \
+ 0,0, \
+ (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
+ (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
+ NULL, NULL, \
+ table}
+
+# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
+ 0,0,0,0, \
+ (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
+ (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
+ 0,0,0,0, \
+ NULL}
+
+# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
+
+/* X509_PURPOSE stuff */
+
+# define EXFLAG_BCONS 0x1
+# define EXFLAG_KUSAGE 0x2
+# define EXFLAG_XKUSAGE 0x4
+# define EXFLAG_NSCERT 0x8
+
+# define EXFLAG_CA 0x10
+/* Really self issued not necessarily self signed */
+# define EXFLAG_SI 0x20
+# define EXFLAG_SS 0x20
+# define EXFLAG_V1 0x40
+# define EXFLAG_INVALID 0x80
+# define EXFLAG_SET 0x100
+# define EXFLAG_CRITICAL 0x200
+# define EXFLAG_PROXY 0x400
+
+# define EXFLAG_INVALID_POLICY 0x800
+
+# define KU_DIGITAL_SIGNATURE 0x0080
+# define KU_NON_REPUDIATION 0x0040
+# define KU_KEY_ENCIPHERMENT 0x0020
+# define KU_DATA_ENCIPHERMENT 0x0010
+# define KU_KEY_AGREEMENT 0x0008
+# define KU_KEY_CERT_SIGN 0x0004
+# define KU_CRL_SIGN 0x0002
+# define KU_ENCIPHER_ONLY 0x0001
+# define KU_DECIPHER_ONLY 0x8000
+
+# define NS_SSL_CLIENT 0x80
+# define NS_SSL_SERVER 0x40
+# define NS_SMIME 0x20
+# define NS_OBJSIGN 0x10
+# define NS_SSL_CA 0x04
+# define NS_SMIME_CA 0x02
+# define NS_OBJSIGN_CA 0x01
+# define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
+
+# define XKU_SSL_SERVER 0x1
+# define XKU_SSL_CLIENT 0x2
+# define XKU_SMIME 0x4
+# define XKU_CODE_SIGN 0x8
+# define XKU_SGC 0x10
+# define XKU_OCSP_SIGN 0x20
+# define XKU_TIMESTAMP 0x40
+# define XKU_DVCS 0x80
+
+# define X509_PURPOSE_DYNAMIC 0x1
+# define X509_PURPOSE_DYNAMIC_NAME 0x2
+
+typedef struct x509_purpose_st {
+ int purpose;
+ int trust; /* Default trust ID */
+ int flags;
+ int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int);
+ char *name;
+ char *sname;
+ void *usr_data;
+} X509_PURPOSE;
+
+# define X509_PURPOSE_SSL_CLIENT 1
+# define X509_PURPOSE_SSL_SERVER 2
+# define X509_PURPOSE_NS_SSL_SERVER 3
+# define X509_PURPOSE_SMIME_SIGN 4
+# define X509_PURPOSE_SMIME_ENCRYPT 5
+# define X509_PURPOSE_CRL_SIGN 6
+# define X509_PURPOSE_ANY 7
+# define X509_PURPOSE_OCSP_HELPER 8
+
+# define X509_PURPOSE_MIN 1
+# define X509_PURPOSE_MAX 8
+
+/* Flags for X509V3_EXT_print() */
+
+# define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
+/* Return error for unknown extensions */
+# define X509V3_EXT_DEFAULT 0
+/* Print error for unknown extensions */
+# define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
+/* ASN1 parse unknown extensions */
+# define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
+/* BIO_dump unknown extensions */
+# define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
+
+/* Flags for X509V3_add1_i2d */
+
+# define X509V3_ADD_OP_MASK 0xfL
+# define X509V3_ADD_DEFAULT 0L
+# define X509V3_ADD_APPEND 1L
+# define X509V3_ADD_REPLACE 2L
+# define X509V3_ADD_REPLACE_EXISTING 3L
+# define X509V3_ADD_KEEP_EXISTING 4L
+# define X509V3_ADD_DELETE 5L
+# define X509V3_ADD_SILENT 0x10
+
+DECLARE_STACK_OF(X509_PURPOSE)
+
+DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+
+DECLARE_ASN1_FUNCTIONS(SXNET)
+DECLARE_ASN1_FUNCTIONS(SXNETID)
+
+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen);
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
+ int userlen);
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user,
+ int userlen);
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
+
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
+
+DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
+
+ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval);
+STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+ ASN1_BIT_STRING *bits,
+ STACK_OF(CONF_VALUE) *extlist);
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+ GENERAL_NAME *gen,
+ STACK_OF(CONF_VALUE) *ret);
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+ GENERAL_NAMES *gen,
+ STACK_OF(CONF_VALUE) *extlist);
+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ STACK_OF(CONF_VALUE) *nval);
+
+DECLARE_ASN1_FUNCTIONS(OTHERNAME)
+DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+ ASN1_OCTET_STRING *ia5);
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+ X509V3_CTX *ctx, char *str);
+
+DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a);
+
+DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+DECLARE_ASN1_FUNCTIONS(POLICYINFO)
+DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
+DECLARE_ASN1_FUNCTIONS(USERNOTICE)
+DECLARE_ASN1_FUNCTIONS(NOTICEREF)
+
+DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
+
+DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+
+DECLARE_ASN1_ITEM(POLICY_MAPPING)
+DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
+DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
+
+DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
+DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
+
+DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
+DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
+DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
+
+# ifdef HEADER_CONF_H
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ CONF_VALUE *cnf);
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+ X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+ CONF_VALUE *cnf, int is_nc);
+void X509V3_conf_free(CONF_VALUE *val);
+
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+ char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
+ char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+ STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+ X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+ X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+ X509_CRL *crl);
+
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+ char *value);
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+ char *value);
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+ X509 *cert);
+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+ X509_REQ *req);
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+ X509_CRL *crl);
+
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+ STACK_OF(CONF_VALUE) **extlist);
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+# endif
+
+char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section);
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+ X509_REQ *req, X509_CRL *crl, int flags);
+
+int X509V3_add_value(const char *name, const char *value,
+ STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+ STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+ STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+ STACK_OF(CONF_VALUE) **extlist);
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
+ ASN1_ENUMERATED *aint);
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+void X509V3_EXT_cleanup(void);
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+int X509V3_add_standard_extensions(void);
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+ int *idx);
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+ int crit, unsigned long flags);
+
+char *hex_to_string(unsigned char *buffer, long len);
+unsigned char *string_to_hex(char *str, long *len);
+int name_cmp(const char *name, const char *cmp);
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+ int ml);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+ int indent);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+
+int X509V3_extensions_print(BIO *out, char *title,
+ STACK_OF(X509_EXTENSION) *exts,
+ unsigned long flag, int indent);
+
+int X509_check_ca(X509 *x);
+int X509_check_purpose(X509 *x, int id, int ca);
+int X509_supported_extension(X509_EXTENSION *ex);
+int X509_PURPOSE_set(int *p, int purpose);
+int X509_check_issued(X509 *issuer, X509 *subject);
+int X509_PURPOSE_get_count(void);
+X509_PURPOSE *X509_PURPOSE_get0(int idx);
+int X509_PURPOSE_get_by_sname(char *sname);
+int X509_PURPOSE_get_by_id(int id);
+int X509_PURPOSE_add(int id, int trust, int flags,
+ int (*ck) (const X509_PURPOSE *, const X509 *, int),
+ char *name, char *sname, void *arg);
+char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
+char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
+int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
+void X509_PURPOSE_cleanup(void);
+int X509_PURPOSE_get_id(X509_PURPOSE *);
+
+STACK *X509_get1_email(X509 *x);
+STACK *X509_REQ_get1_email(X509_REQ *x);
+void X509_email_free(STACK * sk);
+STACK *X509_get1_ocsp(X509 *x);
+
+ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
+ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
+int a2i_ipadd(unsigned char *ipout, const char *ipasc);
+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
+ unsigned long chtype);
+
+void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
+
+# ifndef OPENSSL_NO_RFC3779
+
+typedef struct ASRange_st {
+ ASN1_INTEGER *min, *max;
+} ASRange;
+
+# define ASIdOrRange_id 0
+# define ASIdOrRange_range 1
+
+typedef struct ASIdOrRange_st {
+ int type;
+ union {
+ ASN1_INTEGER *id;
+ ASRange *range;
+ } u;
+} ASIdOrRange;
+
+typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
+DECLARE_STACK_OF(ASIdOrRange)
+
+# define ASIdentifierChoice_inherit 0
+# define ASIdentifierChoice_asIdsOrRanges 1
+
+typedef struct ASIdentifierChoice_st {
+ int type;
+ union {
+ ASN1_NULL *inherit;
+ ASIdOrRanges *asIdsOrRanges;
+ } u;
+} ASIdentifierChoice;
+
+typedef struct ASIdentifiers_st {
+ ASIdentifierChoice *asnum, *rdi;
+} ASIdentifiers;
+
+DECLARE_ASN1_FUNCTIONS(ASRange)
+DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
+DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
+DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
+
+typedef struct IPAddressRange_st {
+ ASN1_BIT_STRING *min, *max;
+} IPAddressRange;
+
+# define IPAddressOrRange_addressPrefix 0
+# define IPAddressOrRange_addressRange 1
+
+typedef struct IPAddressOrRange_st {
+ int type;
+ union {
+ ASN1_BIT_STRING *addressPrefix;
+ IPAddressRange *addressRange;
+ } u;
+} IPAddressOrRange;
+
+typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
+DECLARE_STACK_OF(IPAddressOrRange)
+
+# define IPAddressChoice_inherit 0
+# define IPAddressChoice_addressesOrRanges 1
+
+typedef struct IPAddressChoice_st {
+ int type;
+ union {
+ ASN1_NULL *inherit;
+ IPAddressOrRanges *addressesOrRanges;
+ } u;
+} IPAddressChoice;
+
+typedef struct IPAddressFamily_st {
+ ASN1_OCTET_STRING *addressFamily;
+ IPAddressChoice *ipAddressChoice;
+} IPAddressFamily;
+
+typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
+DECLARE_STACK_OF(IPAddressFamily)
+
+DECLARE_ASN1_FUNCTIONS(IPAddressRange)
+DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
+DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
+DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
+
+/*
+ * API tag for elements of the ASIdentifer SEQUENCE.
+ */
+# define V3_ASID_ASNUM 0
+# define V3_ASID_RDI 1
+
+/*
+ * AFI values, assigned by IANA. It'd be nice to make the AFI
+ * handling code totally generic, but there are too many little things
+ * that would need to be defined for other address families for it to
+ * be worth the trouble.
+ */
+# define IANA_AFI_IPV4 1
+# define IANA_AFI_IPV6 2
+
+/*
+ * Utilities to construct and extract values from RFC3779 extensions,
+ * since some of the encodings (particularly for IP address prefixes
+ * and ranges) are a bit tedious to work with directly.
+ */
+int v3_asid_add_inherit(ASIdentifiers *asid, int which);
+int v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
+ ASN1_INTEGER *min, ASN1_INTEGER *max);
+int v3_addr_add_inherit(IPAddrBlocks *addr,
+ const unsigned afi, const unsigned *safi);
+int v3_addr_add_prefix(IPAddrBlocks *addr,
+ const unsigned afi, const unsigned *safi,
+ unsigned char *a, const int prefixlen);
+int v3_addr_add_range(IPAddrBlocks *addr,
+ const unsigned afi, const unsigned *safi,
+ unsigned char *min, unsigned char *max);
+unsigned v3_addr_get_afi(const IPAddressFamily *f);
+int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
+ unsigned char *min, unsigned char *max,
+ const int length);
+
+/*
+ * Canonical forms.
+ */
+int v3_asid_is_canonical(ASIdentifiers *asid);
+int v3_addr_is_canonical(IPAddrBlocks *addr);
+int v3_asid_canonize(ASIdentifiers *asid);
+int v3_addr_canonize(IPAddrBlocks *addr);
+
+/*
+ * Tests for inheritance and containment.
+ */
+int v3_asid_inherits(ASIdentifiers *asid);
+int v3_addr_inherits(IPAddrBlocks *addr);
+int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
+int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
+
+/*
+ * Check whether RFC 3779 extensions nest properly in chains.
+ */
+int v3_asid_validate_path(X509_STORE_CTX *);
+int v3_addr_validate_path(X509_STORE_CTX *);
+int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+ ASIdentifiers *ext, int allow_inheritance);
+int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+ IPAddrBlocks *ext, int allow_inheritance);
+
+# endif /* OPENSSL_NO_RFC3779 */
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_X509V3_strings(void);
+
+/* Error codes for the X509V3 functions. */
+
+/* Function codes. */
+# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 156
+# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 157
+# define X509V3_F_COPY_EMAIL 122
+# define X509V3_F_COPY_ISSUER 123
+# define X509V3_F_DO_DIRNAME 144
+# define X509V3_F_DO_EXT_CONF 124
+# define X509V3_F_DO_EXT_I2D 135
+# define X509V3_F_DO_EXT_NCONF 151
+# define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148
+# define X509V3_F_HEX_TO_STRING 111
+# define X509V3_F_I2S_ASN1_ENUMERATED 121
+# define X509V3_F_I2S_ASN1_IA5STRING 149
+# define X509V3_F_I2S_ASN1_INTEGER 120
+# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138
+# define X509V3_F_NOTICE_SECTION 132
+# define X509V3_F_NREF_NOS 133
+# define X509V3_F_POLICY_SECTION 131
+# define X509V3_F_PROCESS_PCI_VALUE 150
+# define X509V3_F_R2I_CERTPOL 130
+# define X509V3_F_R2I_PCI 155
+# define X509V3_F_S2I_ASN1_IA5STRING 100
+# define X509V3_F_S2I_ASN1_INTEGER 108
+# define X509V3_F_S2I_ASN1_OCTET_STRING 112
+# define X509V3_F_S2I_ASN1_SKEY_ID 114
+# define X509V3_F_S2I_SKEY_ID 115
+# define X509V3_F_STRING_TO_HEX 113
+# define X509V3_F_SXNET_ADD_ID_ASC 125
+# define X509V3_F_SXNET_ADD_ID_INTEGER 126
+# define X509V3_F_SXNET_ADD_ID_ULONG 127
+# define X509V3_F_SXNET_GET_ID_ASC 128
+# define X509V3_F_SXNET_GET_ID_ULONG 129
+# define X509V3_F_V2I_ASIDENTIFIERS 158
+# define X509V3_F_V2I_ASN1_BIT_STRING 101
+# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139
+# define X509V3_F_V2I_AUTHORITY_KEYID 119
+# define X509V3_F_V2I_BASIC_CONSTRAINTS 102
+# define X509V3_F_V2I_CRLD 134
+# define X509V3_F_V2I_EXTENDED_KEY_USAGE 103
+# define X509V3_F_V2I_GENERAL_NAMES 118
+# define X509V3_F_V2I_GENERAL_NAME_EX 117
+# define X509V3_F_V2I_IPADDRBLOCKS 159
+# define X509V3_F_V2I_ISSUER_ALT 153
+# define X509V3_F_V2I_NAME_CONSTRAINTS 147
+# define X509V3_F_V2I_POLICY_CONSTRAINTS 146
+# define X509V3_F_V2I_POLICY_MAPPINGS 145
+# define X509V3_F_V2I_SUBJECT_ALT 154
+# define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160
+# define X509V3_F_V3_GENERIC_EXTENSION 116
+# define X509V3_F_X509V3_ADD1_I2D 140
+# define X509V3_F_X509V3_ADD_VALUE 105
+# define X509V3_F_X509V3_EXT_ADD 104
+# define X509V3_F_X509V3_EXT_ADD_ALIAS 106
+# define X509V3_F_X509V3_EXT_CONF 107
+# define X509V3_F_X509V3_EXT_I2D 136
+# define X509V3_F_X509V3_EXT_NCONF 152
+# define X509V3_F_X509V3_GET_SECTION 142
+# define X509V3_F_X509V3_GET_STRING 143
+# define X509V3_F_X509V3_GET_VALUE_BOOL 110
+# define X509V3_F_X509V3_PARSE_LIST 109
+# define X509V3_F_X509_PURPOSE_ADD 137
+# define X509V3_F_X509_PURPOSE_SET 141
+
+/* Reason codes. */
+# define X509V3_R_BAD_IP_ADDRESS 118
+# define X509V3_R_BAD_OBJECT 119
+# define X509V3_R_BN_DEC2BN_ERROR 100
+# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101
+# define X509V3_R_DIRNAME_ERROR 149
+# define X509V3_R_DUPLICATE_ZONE_ID 133
+# define X509V3_R_ERROR_CONVERTING_ZONE 131
+# define X509V3_R_ERROR_CREATING_EXTENSION 144
+# define X509V3_R_ERROR_IN_EXTENSION 128
+# define X509V3_R_EXPECTED_A_SECTION_NAME 137
+# define X509V3_R_EXTENSION_EXISTS 145
+# define X509V3_R_EXTENSION_NAME_ERROR 115
+# define X509V3_R_EXTENSION_NOT_FOUND 102
+# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103
+# define X509V3_R_EXTENSION_VALUE_ERROR 116
+# define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151
+# define X509V3_R_ILLEGAL_HEX_DIGIT 113
+# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152
+# define X509V3_R_INVALID_ASNUMBER 160
+# define X509V3_R_INVALID_ASRANGE 161
+# define X509V3_R_INVALID_BOOLEAN_STRING 104
+# define X509V3_R_INVALID_EXTENSION_STRING 105
+# define X509V3_R_INVALID_INHERITANCE 162
+# define X509V3_R_INVALID_IPADDRESS 163
+# define X509V3_R_INVALID_NAME 106
+# define X509V3_R_INVALID_NULL_ARGUMENT 107
+# define X509V3_R_INVALID_NULL_NAME 108
+# define X509V3_R_INVALID_NULL_VALUE 109
+# define X509V3_R_INVALID_NUMBER 140
+# define X509V3_R_INVALID_NUMBERS 141
+# define X509V3_R_INVALID_OBJECT_IDENTIFIER 110
+# define X509V3_R_INVALID_OPTION 138
+# define X509V3_R_INVALID_POLICY_IDENTIFIER 134
+# define X509V3_R_INVALID_PROXY_POLICY_SETTING 153
+# define X509V3_R_INVALID_PURPOSE 146
+# define X509V3_R_INVALID_SAFI 164
+# define X509V3_R_INVALID_SECTION 135
+# define X509V3_R_INVALID_SYNTAX 143
+# define X509V3_R_ISSUER_DECODE_ERROR 126
+# define X509V3_R_MISSING_VALUE 124
+# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142
+# define X509V3_R_NO_CONFIG_DATABASE 136
+# define X509V3_R_NO_ISSUER_CERTIFICATE 121
+# define X509V3_R_NO_ISSUER_DETAILS 127
+# define X509V3_R_NO_POLICY_IDENTIFIER 139
+# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154
+# define X509V3_R_NO_PUBLIC_KEY 114
+# define X509V3_R_NO_SUBJECT_DETAILS 125
+# define X509V3_R_ODD_NUMBER_OF_DIGITS 112
+# define X509V3_R_OPERATION_NOT_DEFINED 148
+# define X509V3_R_OTHERNAME_ERROR 147
+# define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED 155
+# define X509V3_R_POLICY_PATH_LENGTH 156
+# define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED 157
+# define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158
+# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
+# define X509V3_R_SECTION_NOT_FOUND 150
+# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122
+# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123
+# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111
+# define X509V3_R_UNKNOWN_EXTENSION 129
+# define X509V3_R_UNKNOWN_EXTENSION_NAME 130
+# define X509V3_R_UNKNOWN_OPTION 120
+# define X509V3_R_UNSUPPORTED_OPTION 117
+# define X509V3_R_USER_TOO_LONG 132
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/demos/asn1/ocsp.c
===================================================================
--- vendor-crypto/openssl/dist/demos/asn1/ocsp.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/asn1/ocsp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,366 +0,0 @@
-/* ocsp.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-
-
-
-/* Example of new ASN1 code, OCSP request
-
- OCSPRequest ::= SEQUENCE {
- tbsRequest TBSRequest,
- optionalSignature [0] EXPLICIT Signature OPTIONAL }
-
- TBSRequest ::= SEQUENCE {
- version [0] EXPLICIT Version DEFAULT v1,
- requestorName [1] EXPLICIT GeneralName OPTIONAL,
- requestList SEQUENCE OF Request,
- requestExtensions [2] EXPLICIT Extensions OPTIONAL }
-
- Signature ::= SEQUENCE {
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING,
- certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-
- Version ::= INTEGER { v1(0) }
-
- Request ::= SEQUENCE {
- reqCert CertID,
- singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
-
- CertID ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- issuerNameHash OCTET STRING, -- Hash of Issuer's DN
- issuerKeyHash OCTET STRING, -- Hash of Issuers public key
- serialNumber CertificateSerialNumber }
-
- OCSPResponse ::= SEQUENCE {
- responseStatus OCSPResponseStatus,
- responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
-
- OCSPResponseStatus ::= ENUMERATED {
- successful (0), --Response has valid confirmations
- malformedRequest (1), --Illegal confirmation request
- internalError (2), --Internal error in issuer
- tryLater (3), --Try again later
- --(4) is not used
- sigRequired (5), --Must sign the request
- unauthorized (6) --Request unauthorized
- }
-
- ResponseBytes ::= SEQUENCE {
- responseType OBJECT IDENTIFIER,
- response OCTET STRING }
-
- BasicOCSPResponse ::= SEQUENCE {
- tbsResponseData ResponseData,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING,
- certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-
- ResponseData ::= SEQUENCE {
- version [0] EXPLICIT Version DEFAULT v1,
- responderID ResponderID,
- producedAt GeneralizedTime,
- responses SEQUENCE OF SingleResponse,
- responseExtensions [1] EXPLICIT Extensions OPTIONAL }
-
- ResponderID ::= CHOICE {
- byName [1] Name, --EXPLICIT
- byKey [2] KeyHash }
-
- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
- --(excluding the tag and length fields)
-
- SingleResponse ::= SEQUENCE {
- certID CertID,
- certStatus CertStatus,
- thisUpdate GeneralizedTime,
- nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
- singleExtensions [1] EXPLICIT Extensions OPTIONAL }
-
- CertStatus ::= CHOICE {
- good [0] IMPLICIT NULL,
- revoked [1] IMPLICIT RevokedInfo,
- unknown [2] IMPLICIT UnknownInfo }
-
- RevokedInfo ::= SEQUENCE {
- revocationTime GeneralizedTime,
- revocationReason [0] EXPLICIT CRLReason OPTIONAL }
-
- UnknownInfo ::= NULL -- this can be replaced with an enumeration
-
- ArchiveCutoff ::= GeneralizedTime
-
- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
-
- ServiceLocator ::= SEQUENCE {
- issuer Name,
- locator AuthorityInfoAccessSyntax }
-
- -- Object Identifiers
-
- id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
- id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
- id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
- id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
- id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
- id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
- id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
- id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
-
-*/
-
-/* Request Structures */
-
-DECLARE_STACK_OF(Request)
-
-typedef struct {
- ASN1_INTEGER *version;
- GENERAL_NAME *requestorName;
- STACK_OF(Request) *requestList;
- STACK_OF(X509_EXTENSION) *requestExtensions;
-} TBSRequest;
-
-typedef struct {
- X509_ALGOR *signatureAlgorithm;
- ASN1_BIT_STRING *signature;
- STACK_OF(X509) *certs;
-} Signature;
-
-typedef struct {
- TBSRequest *tbsRequest;
- Signature *optionalSignature;
-} OCSPRequest;
-
-typedef struct {
- X509_ALGOR *hashAlgorithm;
- ASN1_OCTET_STRING *issuerNameHash;
- ASN1_OCTET_STRING *issuerKeyHash;
- ASN1_INTEGER *certificateSerialNumber;
-} CertID;
-
-typedef struct {
- CertID *reqCert;
- STACK_OF(X509_EXTENSION) *singleRequestExtensions;
-} Request;
-
-/* Response structures */
-
-typedef struct {
- ASN1_OBJECT *responseType;
- ASN1_OCTET_STRING *response;
-} ResponseBytes;
-
-typedef struct {
- ASN1_ENUMERATED *responseStatus;
- ResponseBytes *responseBytes;
-} OCSPResponse;
-
-typedef struct {
- int type;
- union {
- X509_NAME *byName;
- ASN1_OCTET_STRING *byKey;
- }d;
-} ResponderID;
-
-typedef struct {
- ASN1_INTEGER *version;
- ResponderID *responderID;
- ASN1_GENERALIZEDTIME *producedAt;
- STACK_OF(SingleResponse) *responses;
- STACK_OF(X509_EXTENSION) *responseExtensions;
-} ResponseData;
-
-typedef struct {
- ResponseData *tbsResponseData;
- X509_ALGOR *signatureAlgorithm;
- ASN1_BIT_STRING *signature;
- STACK_OF(X509) *certs;
-} BasicOCSPResponse;
-
-typedef struct {
- ASN1_GENERALIZEDTIME *revocationTime;
- ASN1_ENUMERATED * revocationReason;
-} RevokedInfo;
-
-typedef struct {
- int type;
- union {
- ASN1_NULL *good;
- RevokedInfo *revoked;
- ASN1_NULL *unknown;
- } d;
-} CertStatus;
-
-typedef struct {
- CertID *certID;
- CertStatus *certStatus;
- ASN1_GENERALIZEDTIME *thisUpdate;
- ASN1_GENERALIZEDTIME *nextUpdate;
- STACK_OF(X509_EXTENSION) *singleExtensions;
-} SingleResponse;
-
-
-typedef struct {
- X509_NAME *issuer;
- STACK_OF(ACCESS_DESCRIPTION) *locator;
-} ServiceLocator;
-
-
-/* Now the ASN1 templates */
-
-IMPLEMENT_COMPAT_ASN1(X509);
-IMPLEMENT_COMPAT_ASN1(X509_ALGOR);
-//IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
-IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);
-IMPLEMENT_COMPAT_ASN1(X509_NAME);
-
-ASN1_SEQUENCE(X509_EXTENSION) = {
- ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
- ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
- ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(X509_EXTENSION);
-
-
-ASN1_SEQUENCE(Signature) = {
- ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
- ASN1_SEQUENCE_OF(Signature, certs, X509)
-} ASN1_SEQUENCE_END(Signature);
-
-ASN1_SEQUENCE(CertID) = {
- ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
- ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
- ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(CertID);
-
-ASN1_SEQUENCE(Request) = {
- ASN1_SIMPLE(Request, reqCert, CertID),
- ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END(Request);
-
-ASN1_SEQUENCE(TBSRequest) = {
- ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
- ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
- ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
- ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
-} ASN1_SEQUENCE_END(TBSRequest);
-
-ASN1_SEQUENCE(OCSPRequest) = {
- ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
- ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
-} ASN1_SEQUENCE_END(OCSPRequest);
-
-
-/* Response templates */
-
-ASN1_SEQUENCE(ResponseBytes) = {
- ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
- ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(ResponseBytes);
-
-ASN1_SEQUENCE(OCSPResponse) = {
- ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
- ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
-} ASN1_SEQUENCE_END(OCSPResponse);
-
-ASN1_CHOICE(ResponderID) = {
- ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
- ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
-} ASN1_CHOICE_END(ResponderID);
-
-ASN1_SEQUENCE(RevokedInfo) = {
- ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
- ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
-} ASN1_SEQUENCE_END(RevokedInfo);
-
-ASN1_CHOICE(CertStatus) = {
- ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
- ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
- ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
-} ASN1_CHOICE_END(CertStatus);
-
-ASN1_SEQUENCE(SingleResponse) = {
- ASN1_SIMPLE(SingleResponse, certID, CertID),
- ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
- ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
- ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
- ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(SingleResponse);
-
-ASN1_SEQUENCE(ResponseData) = {
- ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
- ASN1_SIMPLE(ResponseData, responderID, ResponderID),
- ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
- ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
- ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(ResponseData);
-
-ASN1_SEQUENCE(BasicOCSPResponse) = {
- ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
- ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
- ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
-} ASN1_SEQUENCE_END(BasicOCSPResponse);
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/asn1/ocsp.c (from rev 6976, vendor-crypto/openssl/dist/demos/asn1/ocsp.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/asn1/ocsp.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/asn1/ocsp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,361 @@
+/* ocsp.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+/*-
+ Example of new ASN1 code, OCSP request
+
+ OCSPRequest ::= SEQUENCE {
+ tbsRequest TBSRequest,
+ optionalSignature [0] EXPLICIT Signature OPTIONAL }
+
+ TBSRequest ::= SEQUENCE {
+ version [0] EXPLICIT Version DEFAULT v1,
+ requestorName [1] EXPLICIT GeneralName OPTIONAL,
+ requestList SEQUENCE OF Request,
+ requestExtensions [2] EXPLICIT Extensions OPTIONAL }
+
+ Signature ::= SEQUENCE {
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING,
+ certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+ Version ::= INTEGER { v1(0) }
+
+ Request ::= SEQUENCE {
+ reqCert CertID,
+ singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
+
+ CertID ::= SEQUENCE {
+ hashAlgorithm AlgorithmIdentifier,
+ issuerNameHash OCTET STRING, -- Hash of Issuer's DN
+ issuerKeyHash OCTET STRING, -- Hash of Issuers public key
+ serialNumber CertificateSerialNumber }
+
+ OCSPResponse ::= SEQUENCE {
+ responseStatus OCSPResponseStatus,
+ responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
+
+ OCSPResponseStatus ::= ENUMERATED {
+ successful (0), --Response has valid confirmations
+ malformedRequest (1), --Illegal confirmation request
+ internalError (2), --Internal error in issuer
+ tryLater (3), --Try again later
+ --(4) is not used
+ sigRequired (5), --Must sign the request
+ unauthorized (6) --Request unauthorized
+ }
+
+ ResponseBytes ::= SEQUENCE {
+ responseType OBJECT IDENTIFIER,
+ response OCTET STRING }
+
+ BasicOCSPResponse ::= SEQUENCE {
+ tbsResponseData ResponseData,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING,
+ certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+ ResponseData ::= SEQUENCE {
+ version [0] EXPLICIT Version DEFAULT v1,
+ responderID ResponderID,
+ producedAt GeneralizedTime,
+ responses SEQUENCE OF SingleResponse,
+ responseExtensions [1] EXPLICIT Extensions OPTIONAL }
+
+ ResponderID ::= CHOICE {
+ byName [1] Name, --EXPLICIT
+ byKey [2] KeyHash }
+
+ KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ --(excluding the tag and length fields)
+
+ SingleResponse ::= SEQUENCE {
+ certID CertID,
+ certStatus CertStatus,
+ thisUpdate GeneralizedTime,
+ nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
+ singleExtensions [1] EXPLICIT Extensions OPTIONAL }
+
+ CertStatus ::= CHOICE {
+ good [0] IMPLICIT NULL,
+ revoked [1] IMPLICIT RevokedInfo,
+ unknown [2] IMPLICIT UnknownInfo }
+
+ RevokedInfo ::= SEQUENCE {
+ revocationTime GeneralizedTime,
+ revocationReason [0] EXPLICIT CRLReason OPTIONAL }
+
+ UnknownInfo ::= NULL -- this can be replaced with an enumeration
+
+ ArchiveCutoff ::= GeneralizedTime
+
+ AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
+
+ ServiceLocator ::= SEQUENCE {
+ issuer Name,
+ locator AuthorityInfoAccessSyntax }
+
+ -- Object Identifiers
+
+ id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
+ id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
+ id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
+ id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
+ id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
+ id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
+ id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+ id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
+ id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
+
+*/
+
+/* Request Structures */
+
+DECLARE_STACK_OF(Request)
+
+typedef struct {
+ ASN1_INTEGER *version;
+ GENERAL_NAME *requestorName;
+ STACK_OF(Request) *requestList;
+ STACK_OF(X509_EXTENSION) *requestExtensions;
+} TBSRequest;
+
+typedef struct {
+ X509_ALGOR *signatureAlgorithm;
+ ASN1_BIT_STRING *signature;
+ STACK_OF(X509) *certs;
+} Signature;
+
+typedef struct {
+ TBSRequest *tbsRequest;
+ Signature *optionalSignature;
+} OCSPRequest;
+
+typedef struct {
+ X509_ALGOR *hashAlgorithm;
+ ASN1_OCTET_STRING *issuerNameHash;
+ ASN1_OCTET_STRING *issuerKeyHash;
+ ASN1_INTEGER *certificateSerialNumber;
+} CertID;
+
+typedef struct {
+ CertID *reqCert;
+ STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+} Request;
+
+/* Response structures */
+
+typedef struct {
+ ASN1_OBJECT *responseType;
+ ASN1_OCTET_STRING *response;
+} ResponseBytes;
+
+typedef struct {
+ ASN1_ENUMERATED *responseStatus;
+ ResponseBytes *responseBytes;
+} OCSPResponse;
+
+typedef struct {
+ int type;
+ union {
+ X509_NAME *byName;
+ ASN1_OCTET_STRING *byKey;
+ } d;
+} ResponderID;
+
+typedef struct {
+ ASN1_INTEGER *version;
+ ResponderID *responderID;
+ ASN1_GENERALIZEDTIME *producedAt;
+ STACK_OF(SingleResponse) *responses;
+ STACK_OF(X509_EXTENSION) *responseExtensions;
+} ResponseData;
+
+typedef struct {
+ ResponseData *tbsResponseData;
+ X509_ALGOR *signatureAlgorithm;
+ ASN1_BIT_STRING *signature;
+ STACK_OF(X509) *certs;
+} BasicOCSPResponse;
+
+typedef struct {
+ ASN1_GENERALIZEDTIME *revocationTime;
+ ASN1_ENUMERATED *revocationReason;
+} RevokedInfo;
+
+typedef struct {
+ int type;
+ union {
+ ASN1_NULL *good;
+ RevokedInfo *revoked;
+ ASN1_NULL *unknown;
+ } d;
+} CertStatus;
+
+typedef struct {
+ CertID *certID;
+ CertStatus *certStatus;
+ ASN1_GENERALIZEDTIME *thisUpdate;
+ ASN1_GENERALIZEDTIME *nextUpdate;
+ STACK_OF(X509_EXTENSION) *singleExtensions;
+} SingleResponse;
+
+typedef struct {
+ X509_NAME *issuer;
+ STACK_OF(ACCESS_DESCRIPTION) *locator;
+} ServiceLocator;
+
+/* Now the ASN1 templates */
+
+IMPLEMENT_COMPAT_ASN1(X509);
+IMPLEMENT_COMPAT_ASN1(X509_ALGOR);
+// IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
+IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);
+IMPLEMENT_COMPAT_ASN1(X509_NAME);
+
+ASN1_SEQUENCE(X509_EXTENSION) = {
+ ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+ ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+ ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION);
+
+
+ASN1_SEQUENCE(Signature) = {
+ ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
+ ASN1_SEQUENCE_OF(Signature, certs, X509)
+} ASN1_SEQUENCE_END(Signature);
+
+ASN1_SEQUENCE(CertID) = {
+ ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
+ ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(CertID);
+
+ASN1_SEQUENCE(Request) = {
+ ASN1_SIMPLE(Request, reqCert, CertID),
+ ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END(Request);
+
+ASN1_SEQUENCE(TBSRequest) = {
+ ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
+ ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
+ ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
+ ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
+} ASN1_SEQUENCE_END(TBSRequest);
+
+ASN1_SEQUENCE(OCSPRequest) = {
+ ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
+ ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
+} ASN1_SEQUENCE_END(OCSPRequest);
+
+/* Response templates */
+
+ASN1_SEQUENCE(ResponseBytes) = {
+ ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
+ ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(ResponseBytes);
+
+ASN1_SEQUENCE(OCSPResponse) = {
+ ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
+ ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
+} ASN1_SEQUENCE_END(OCSPResponse);
+
+ASN1_CHOICE(ResponderID) = {
+ ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
+ ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
+} ASN1_CHOICE_END(ResponderID);
+
+ASN1_SEQUENCE(RevokedInfo) = {
+ ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
+ ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
+} ASN1_SEQUENCE_END(RevokedInfo);
+
+ASN1_CHOICE(CertStatus) = {
+ ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
+ ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
+ ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
+} ASN1_CHOICE_END(CertStatus);
+
+ASN1_SEQUENCE(SingleResponse) = {
+ ASN1_SIMPLE(SingleResponse, certID, CertID),
+ ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
+ ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
+ ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+ ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(SingleResponse);
+
+ASN1_SEQUENCE(ResponseData) = {
+ ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
+ ASN1_SIMPLE(ResponseData, responderID, ResponderID),
+ ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
+ ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
+ ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(ResponseData);
+
+ASN1_SEQUENCE(BasicOCSPResponse) = {
+ ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
+ ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
+ ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
+ ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
+} ASN1_SEQUENCE_END(BasicOCSPResponse);
Deleted: vendor-crypto/openssl/0.9.8zf/demos/b64.c
===================================================================
--- vendor-crypto/openssl/dist/demos/b64.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/b64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,268 +0,0 @@
-/* demos/b64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "../apps/apps.h"
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef SIZE
-#undef BSIZE
-#undef PROG
-
-#define SIZE (512)
-#define BSIZE (8*1024)
-#define PROG enc_main
-
-int main(argc,argv)
-int argc;
-char **argv;
- {
- char *strbuf=NULL;
- unsigned char *buff=NULL,*bufsize=NULL;
- int bsize=BSIZE,verbose=0;
- int ret=1,inl;
- char *str=NULL;
- char *hkey=NULL,*hiv=NULL;
- int enc=1,printkey=0,i,base64=0;
- int debug=0;
- EVP_CIPHER *cipher=NULL,*c;
- char *inf=NULL,*outf=NULL;
- BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
-#define PROG_NAME_SIZE 39
-
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
-
- base64=1;
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-e") == 0)
- enc=1;
- if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- inf= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outf= *(++argv);
- }
- else if (strcmp(*argv,"-d") == 0)
- enc=0;
- else if (strcmp(*argv,"-v") == 0)
- verbose=1;
- else if (strcmp(*argv,"-debug") == 0)
- debug=1;
- else if (strcmp(*argv,"-bufsize") == 0)
- {
- if (--argc < 1) goto bad;
- bufsize=(unsigned char *)*(++argv);
- }
- else
- {
- BIO_printf(bio_err,"unknown option '%s'\n",*argv);
-bad:
- BIO_printf(bio_err,"options are\n");
- BIO_printf(bio_err,"%-14s input file\n","-in <file>");
- BIO_printf(bio_err,"%-14s output file\n","-out <file>");
- BIO_printf(bio_err,"%-14s encode\n","-e");
- BIO_printf(bio_err,"%-14s decode\n","-d");
- BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
-
- goto end;
- }
- argc--;
- argv++;
- }
-
- if (bufsize != NULL)
- {
- int i;
- unsigned long n;
-
- for (n=0; *bufsize; bufsize++)
- {
- i= *bufsize;
- if ((i <= '9') && (i >= '0'))
- n=n*10+i-'0';
- else if (i == 'k')
- {
- n*=1024;
- bufsize++;
- break;
- }
- }
- if (*bufsize != '\0')
- {
- BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
- goto end;
- }
-
- /* It must be large enough for a base64 encoded line */
- if (n < 80) n=80;
-
- bsize=(int)n;
- if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
- }
-
- strbuf=OPENSSL_malloc(SIZE);
- buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
- if ((buff == NULL) || (strbuf == NULL))
- {
- BIO_printf(bio_err,"OPENSSL_malloc failure\n");
- goto end;
- }
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (debug)
- {
- BIO_set_callback(in,BIO_debug_callback);
- BIO_set_callback(out,BIO_debug_callback);
- BIO_set_callback_arg(in,bio_err);
- BIO_set_callback_arg(out,bio_err);
- }
-
- if (inf == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,inf) <= 0)
- {
- perror(inf);
- goto end;
- }
- }
-
- if (outf == NULL)
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
- else
- {
- if (BIO_write_filename(out,outf) <= 0)
- {
- perror(outf);
- goto end;
- }
- }
-
- rbio=in;
- wbio=out;
-
- if (base64)
- {
- if ((b64=BIO_new(BIO_f_base64())) == NULL)
- goto end;
- if (debug)
- {
- BIO_set_callback(b64,BIO_debug_callback);
- BIO_set_callback_arg(b64,bio_err);
- }
- if (enc)
- wbio=BIO_push(b64,wbio);
- else
- rbio=BIO_push(b64,rbio);
- }
-
- for (;;)
- {
- inl=BIO_read(rbio,(char *)buff,bsize);
- if (inl <= 0) break;
- if (BIO_write(wbio,(char *)buff,inl) != inl)
- {
- BIO_printf(bio_err,"error writing output file\n");
- goto end;
- }
- }
- BIO_flush(wbio);
-
- ret=0;
- if (verbose)
- {
- BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
- BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
- }
-end:
- if (strbuf != NULL) OPENSSL_free(strbuf);
- if (buff != NULL) OPENSSL_free(buff);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free(out);
- if (benc != NULL) BIO_free(benc);
- if (b64 != NULL) BIO_free(b64);
- EXIT(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/b64.c (from rev 6976, vendor-crypto/openssl/dist/demos/b64.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/b64.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/b64.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,255 @@
+/* demos/b64.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "../apps/apps.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#undef SIZE
+#undef BSIZE
+#undef PROG
+
+#define SIZE (512)
+#define BSIZE (8*1024)
+#define PROG enc_main
+
+int main(argc, argv)
+int argc;
+char **argv;
+{
+ char *strbuf = NULL;
+ unsigned char *buff = NULL, *bufsize = NULL;
+ int bsize = BSIZE, verbose = 0;
+ int ret = 1, inl;
+ char *str = NULL;
+ char *hkey = NULL, *hiv = NULL;
+ int enc = 1, printkey = 0, i, base64 = 0;
+ int debug = 0;
+ EVP_CIPHER *cipher = NULL, *c;
+ char *inf = NULL, *outf = NULL;
+ BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
+ NULL, *wbio = NULL;
+#define PROG_NAME_SIZE 39
+
+ apps_startup();
+
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE);
+
+ base64 = 1;
+
+ argc--;
+ argv++;
+ while (argc >= 1) {
+ if (strcmp(*argv, "-e") == 0)
+ enc = 1;
+ if (strcmp(*argv, "-in") == 0) {
+ if (--argc < 1)
+ goto bad;
+ inf = *(++argv);
+ } else if (strcmp(*argv, "-out") == 0) {
+ if (--argc < 1)
+ goto bad;
+ outf = *(++argv);
+ } else if (strcmp(*argv, "-d") == 0)
+ enc = 0;
+ else if (strcmp(*argv, "-v") == 0)
+ verbose = 1;
+ else if (strcmp(*argv, "-debug") == 0)
+ debug = 1;
+ else if (strcmp(*argv, "-bufsize") == 0) {
+ if (--argc < 1)
+ goto bad;
+ bufsize = (unsigned char *)*(++argv);
+ } else {
+ BIO_printf(bio_err, "unknown option '%s'\n", *argv);
+ bad:
+ BIO_printf(bio_err, "options are\n");
+ BIO_printf(bio_err, "%-14s input file\n", "-in <file>");
+ BIO_printf(bio_err, "%-14s output file\n", "-out <file>");
+ BIO_printf(bio_err, "%-14s encode\n", "-e");
+ BIO_printf(bio_err, "%-14s decode\n", "-d");
+ BIO_printf(bio_err, "%-14s buffer size\n", "-bufsize <n>");
+
+ goto end;
+ }
+ argc--;
+ argv++;
+ }
+
+ if (bufsize != NULL) {
+ int i;
+ unsigned long n;
+
+ for (n = 0; *bufsize; bufsize++) {
+ i = *bufsize;
+ if ((i <= '9') && (i >= '0'))
+ n = n * 10 + i - '0';
+ else if (i == 'k') {
+ n *= 1024;
+ bufsize++;
+ break;
+ }
+ }
+ if (*bufsize != '\0') {
+ BIO_printf(bio_err, "invalid 'bufsize' specified.\n");
+ goto end;
+ }
+
+ /* It must be large enough for a base64 encoded line */
+ if (n < 80)
+ n = 80;
+
+ bsize = (int)n;
+ if (verbose)
+ BIO_printf(bio_err, "bufsize=%d\n", bsize);
+ }
+
+ strbuf = OPENSSL_malloc(SIZE);
+ buff = (unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
+ if ((buff == NULL) || (strbuf == NULL)) {
+ BIO_printf(bio_err, "OPENSSL_malloc failure\n");
+ goto end;
+ }
+
+ in = BIO_new(BIO_s_file());
+ out = BIO_new(BIO_s_file());
+ if ((in == NULL) || (out == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ if (debug) {
+ BIO_set_callback(in, BIO_debug_callback);
+ BIO_set_callback(out, BIO_debug_callback);
+ BIO_set_callback_arg(in, bio_err);
+ BIO_set_callback_arg(out, bio_err);
+ }
+
+ if (inf == NULL)
+ BIO_set_fp(in, stdin, BIO_NOCLOSE);
+ else {
+ if (BIO_read_filename(in, inf) <= 0) {
+ perror(inf);
+ goto end;
+ }
+ }
+
+ if (outf == NULL)
+ BIO_set_fp(out, stdout, BIO_NOCLOSE);
+ else {
+ if (BIO_write_filename(out, outf) <= 0) {
+ perror(outf);
+ goto end;
+ }
+ }
+
+ rbio = in;
+ wbio = out;
+
+ if (base64) {
+ if ((b64 = BIO_new(BIO_f_base64())) == NULL)
+ goto end;
+ if (debug) {
+ BIO_set_callback(b64, BIO_debug_callback);
+ BIO_set_callback_arg(b64, bio_err);
+ }
+ if (enc)
+ wbio = BIO_push(b64, wbio);
+ else
+ rbio = BIO_push(b64, rbio);
+ }
+
+ for (;;) {
+ inl = BIO_read(rbio, (char *)buff, bsize);
+ if (inl <= 0)
+ break;
+ if (BIO_write(wbio, (char *)buff, inl) != inl) {
+ BIO_printf(bio_err, "error writing output file\n");
+ goto end;
+ }
+ }
+ BIO_flush(wbio);
+
+ ret = 0;
+ if (verbose) {
+ BIO_printf(bio_err, "bytes read :%8ld\n", BIO_number_read(in));
+ BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out));
+ }
+ end:
+ if (strbuf != NULL)
+ OPENSSL_free(strbuf);
+ if (buff != NULL)
+ OPENSSL_free(buff);
+ if (in != NULL)
+ BIO_free(in);
+ if (out != NULL)
+ BIO_free(out);
+ if (benc != NULL)
+ BIO_free(benc);
+ if (b64 != NULL)
+ BIO_free(b64);
+ EXIT(ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/bio/saccept.c
===================================================================
--- vendor-crypto/openssl/dist/demos/bio/saccept.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/bio/saccept.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,112 +0,0 @@
-/* NOCW */
-/* demos/bio/saccept.c */
-
-/* A minimal program to server an SSL connection.
- * It uses blocking.
- * saccept host:port
- * host is the interface IP to use. If any interface, use *:port
- * The default it *:4433
- *
- * cc -I../../include saccept.c -L../.. -lssl -lcrypto
- */
-
-#include <stdio.h>
-#include <signal.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-#define CERT_FILE "server.pem"
-
-BIO *in=NULL;
-
-void close_up()
- {
- if (in != NULL)
- BIO_free(in);
- }
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- char *port=NULL;
- BIO *ssl_bio,*tmp;
- SSL_CTX *ctx;
- SSL *ssl;
- char buf[512];
- int ret=1,i;
-
- if (argc <= 1)
- port="*:4433";
- else
- port=argv[1];
-
- signal(SIGINT,close_up);
-
- SSL_load_error_strings();
-
-#ifdef WATT32
- dbug_init();
- sock_init();
-#endif
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
-
- ctx=SSL_CTX_new(SSLv23_server_method());
- if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
- goto err;
- if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
- goto err;
- if (!SSL_CTX_check_private_key(ctx))
- goto err;
-
- /* Setup server side SSL bio */
- ssl=SSL_new(ctx);
- ssl_bio=BIO_new_ssl(ctx,0);
-
- if ((in=BIO_new_accept(port)) == NULL) goto err;
-
- /* This means that when a new connection is acceptede on 'in',
- * The ssl_bio will be 'dupilcated' and have the new socket
- * BIO push into it. Basically it means the SSL BIO will be
- * automatically setup */
- BIO_set_accept_bios(in,ssl_bio);
-
-again:
- /* The first call will setup the accept socket, and the second
- * will get a socket. In this loop, the first actual accept
- * will occur in the BIO_read() function. */
-
- if (BIO_do_accept(in) <= 0) goto err;
-
- for (;;)
- {
- i=BIO_read(in,buf,512);
- if (i == 0)
- {
- /* If we have finished, remove the underlying
- * BIO stack so the next time we call any function
- * for this BIO, it will attempt to do an
- * accept */
- printf("Done\n");
- tmp=BIO_pop(in);
- BIO_free_all(tmp);
- goto again;
- }
- if (i < 0) goto err;
- fwrite(buf,1,i,stdout);
- fflush(stdout);
- }
-
- ret=0;
-err:
- if (ret)
- {
- ERR_print_errors_fp(stderr);
- }
- if (in != NULL) BIO_free(in);
- exit(ret);
- return(!ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/bio/saccept.c (from rev 6976, vendor-crypto/openssl/dist/demos/bio/saccept.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/bio/saccept.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/bio/saccept.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,117 @@
+/* NOCW */
+/* demos/bio/saccept.c */
+
+/*-
+ * A minimal program to server an SSL connection.
+ * It uses blocking.
+ * saccept host:port
+ * host is the interface IP to use. If any interface, use *:port
+ * The default it *:4433
+ *
+ * cc -I../../include saccept.c -L../.. -lssl -lcrypto
+ */
+
+#include <stdio.h>
+#include <signal.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+#define CERT_FILE "server.pem"
+
+BIO *in = NULL;
+
+void close_up()
+{
+ if (in != NULL)
+ BIO_free(in);
+}
+
+int main(argc, argv)
+int argc;
+char *argv[];
+{
+ char *port = NULL;
+ BIO *ssl_bio, *tmp;
+ SSL_CTX *ctx;
+ SSL *ssl;
+ char buf[512];
+ int ret = 1, i;
+
+ if (argc <= 1)
+ port = "*:4433";
+ else
+ port = argv[1];
+
+ signal(SIGINT, close_up);
+
+ SSL_load_error_strings();
+
+#ifdef WATT32
+ dbug_init();
+ sock_init();
+#endif
+
+ /* Add ciphers and message digests */
+ OpenSSL_add_ssl_algorithms();
+
+ ctx = SSL_CTX_new(SSLv23_server_method());
+ if (!SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
+ goto err;
+ if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
+ goto err;
+ if (!SSL_CTX_check_private_key(ctx))
+ goto err;
+
+ /* Setup server side SSL bio */
+ ssl = SSL_new(ctx);
+ ssl_bio = BIO_new_ssl(ctx, 0);
+
+ if ((in = BIO_new_accept(port)) == NULL)
+ goto err;
+
+ /*
+ * This means that when a new connection is acceptede on 'in', The
+ * ssl_bio will be 'dupilcated' and have the new socket BIO push into it.
+ * Basically it means the SSL BIO will be automatically setup
+ */
+ BIO_set_accept_bios(in, ssl_bio);
+
+ again:
+ /*
+ * The first call will setup the accept socket, and the second will get a
+ * socket. In this loop, the first actual accept will occur in the
+ * BIO_read() function.
+ */
+
+ if (BIO_do_accept(in) <= 0)
+ goto err;
+
+ for (;;) {
+ i = BIO_read(in, buf, 512);
+ if (i == 0) {
+ /*
+ * If we have finished, remove the underlying BIO stack so the
+ * next time we call any function for this BIO, it will attempt
+ * to do an accept
+ */
+ printf("Done\n");
+ tmp = BIO_pop(in);
+ BIO_free_all(tmp);
+ goto again;
+ }
+ if (i < 0)
+ goto err;
+ fwrite(buf, 1, i, stdout);
+ fflush(stdout);
+ }
+
+ ret = 0;
+ err:
+ if (ret) {
+ ERR_print_errors_fp(stderr);
+ }
+ if (in != NULL)
+ BIO_free(in);
+ exit(ret);
+ return (!ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/bio/sconnect.c
===================================================================
--- vendor-crypto/openssl/dist/demos/bio/sconnect.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/bio/sconnect.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,121 +0,0 @@
-/* NOCW */
-/* demos/bio/sconnect.c */
-
-/* A minimal program to do SSL to a passed host and port.
- * It is actually using non-blocking IO but in a very simple manner
- * sconnect host:port - it does a 'GET / HTTP/1.0'
- *
- * cc -I../../include sconnect.c -L../.. -lssl -lcrypto
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-extern int errno;
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- char *host;
- BIO *out;
- char buf[1024*10],*p;
- SSL_CTX *ssl_ctx=NULL;
- SSL *ssl;
- BIO *ssl_bio;
- int i,len,off,ret=1;
-
- if (argc <= 1)
- host="localhost:4433";
- else
- host=argv[1];
-
-#ifdef WATT32
- dbug_init();
- sock_init();
-#endif
-
- /* Lets get nice error messages */
- SSL_load_error_strings();
-
- /* Setup all the global SSL stuff */
- OpenSSL_add_ssl_algorithms();
- ssl_ctx=SSL_CTX_new(SSLv23_client_method());
-
- /* Lets make a SSL structure */
- ssl=SSL_new(ssl_ctx);
- SSL_set_connect_state(ssl);
-
- /* Use it inside an SSL BIO */
- ssl_bio=BIO_new(BIO_f_ssl());
- BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
-
- /* Lets use a connect BIO under the SSL BIO */
- out=BIO_new(BIO_s_connect());
- BIO_set_conn_hostname(out,host);
- BIO_set_nbio(out,1);
- out=BIO_push(ssl_bio,out);
-
- p="GET / HTTP/1.0\r\n\r\n";
- len=strlen(p);
-
- off=0;
- for (;;)
- {
- i=BIO_write(out,&(p[off]),len);
- if (i <= 0)
- {
- if (BIO_should_retry(out))
- {
- fprintf(stderr,"write DELAY\n");
- sleep(1);
- continue;
- }
- else
- {
- goto err;
- }
- }
- off+=i;
- len-=i;
- if (len <= 0) break;
- }
-
- for (;;)
- {
- i=BIO_read(out,buf,sizeof(buf));
- if (i == 0) break;
- if (i < 0)
- {
- if (BIO_should_retry(out))
- {
- fprintf(stderr,"read DELAY\n");
- sleep(1);
- continue;
- }
- goto err;
- }
- fwrite(buf,1,i,stdout);
- }
-
- ret=1;
-
- if (0)
- {
-err:
- if (ERR_peek_error() == 0) /* system call error */
- {
- fprintf(stderr,"errno=%d ",errno);
- perror("error");
- }
- else
- ERR_print_errors_fp(stderr);
- }
- BIO_free_all(out);
- if (ssl_ctx != NULL) SSL_CTX_free(ssl_ctx);
- exit(!ret);
- return(ret);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/bio/sconnect.c (from rev 6976, vendor-crypto/openssl/dist/demos/bio/sconnect.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/bio/sconnect.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/bio/sconnect.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,113 @@
+/* NOCW */
+/* demos/bio/sconnect.c */
+
+/*-
+ * A minimal program to do SSL to a passed host and port.
+ * It is actually using non-blocking IO but in a very simple manner
+ * sconnect host:port - it does a 'GET / HTTP/1.0'
+ *
+ * cc -I../../include sconnect.c -L../.. -lssl -lcrypto
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+extern int errno;
+
+int main(argc, argv)
+int argc;
+char *argv[];
+{
+ char *host;
+ BIO *out;
+ char buf[1024 * 10], *p;
+ SSL_CTX *ssl_ctx = NULL;
+ SSL *ssl;
+ BIO *ssl_bio;
+ int i, len, off, ret = 1;
+
+ if (argc <= 1)
+ host = "localhost:4433";
+ else
+ host = argv[1];
+
+#ifdef WATT32
+ dbug_init();
+ sock_init();
+#endif
+
+ /* Lets get nice error messages */
+ SSL_load_error_strings();
+
+ /* Setup all the global SSL stuff */
+ OpenSSL_add_ssl_algorithms();
+ ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+
+ /* Lets make a SSL structure */
+ ssl = SSL_new(ssl_ctx);
+ SSL_set_connect_state(ssl);
+
+ /* Use it inside an SSL BIO */
+ ssl_bio = BIO_new(BIO_f_ssl());
+ BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE);
+
+ /* Lets use a connect BIO under the SSL BIO */
+ out = BIO_new(BIO_s_connect());
+ BIO_set_conn_hostname(out, host);
+ BIO_set_nbio(out, 1);
+ out = BIO_push(ssl_bio, out);
+
+ p = "GET / HTTP/1.0\r\n\r\n";
+ len = strlen(p);
+
+ off = 0;
+ for (;;) {
+ i = BIO_write(out, &(p[off]), len);
+ if (i <= 0) {
+ if (BIO_should_retry(out)) {
+ fprintf(stderr, "write DELAY\n");
+ sleep(1);
+ continue;
+ } else {
+ goto err;
+ }
+ }
+ off += i;
+ len -= i;
+ if (len <= 0)
+ break;
+ }
+
+ for (;;) {
+ i = BIO_read(out, buf, sizeof(buf));
+ if (i == 0)
+ break;
+ if (i < 0) {
+ if (BIO_should_retry(out)) {
+ fprintf(stderr, "read DELAY\n");
+ sleep(1);
+ continue;
+ }
+ goto err;
+ }
+ fwrite(buf, 1, i, stdout);
+ }
+
+ ret = 1;
+
+ if (0) {
+ err:
+ if (ERR_peek_error() == 0) { /* system call error */
+ fprintf(stderr, "errno=%d ", errno);
+ perror("error");
+ } else
+ ERR_print_errors_fp(stderr);
+ }
+ BIO_free_all(out);
+ if (ssl_ctx != NULL)
+ SSL_CTX_free(ssl_ctx);
+ exit(!ret);
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.c
===================================================================
--- vendor-crypto/openssl/dist/demos/easy_tls/easy-tls.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1240 +0,0 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
-/*
- * easy-tls.c -- generic TLS proxy.
- * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $
- */
-/*
- (c) Copyright 1999 Bodo Moeller. All rights reserved.
-
- This is free software; you can redistributed and/or modify it
- unter the terms of either
- - the GNU General Public License as published by the
- Free Software Foundation, version 1, or (at your option)
- any later version,
- or
- - the following license:
-*/
-/*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that each of the following
- * conditions is met:
- *
- * 1. Redistributions qualify as "freeware" or "Open Source Software" under
- * one of the following terms:
- *
- * (a) Redistributions are made at no charge beyond the reasonable cost of
- * materials and delivery.
- *
- * (b) Redistributions are accompanied by a copy of the Source Code
- * or by an irrevocable offer to provide a copy of the Source Code
- * for up to three years at the cost of materials and delivery.
- * Such redistributions must allow further use, modification, and
- * redistribution of the Source Code under substantially the same
- * terms as this license.
- *
- * 2. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 3. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 4. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by Bodo Moeller."
- * (If available, substitute umlauted o for oe.)
- *
- * 5. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Bodo Moeller."
- *
- * THIS SOFTWARE IS PROVIDED BY BODO MOELLER ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BODO MOELLER OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-/*
- * Attribution for OpenSSL library:
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- * This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)
- */
-
-static char const rcsid[] =
-"$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $";
-
-#include <assert.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <limits.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/select.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/utsname.h>
-#include <unistd.h>
-
-#include <openssl/crypto.h>
-#include <openssl/dh.h>
-#include <openssl/dsa.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/opensslv.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#ifndef NO_RSA
- #include <openssl/rsa.h>
-#endif
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-#include <openssl/x509_vfy.h>
-
-#if OPENSSL_VERSION_NUMBER < 0x00904000L /* 0.9.4-dev */
-# error "This program needs OpenSSL 0.9.4 or later."
-#endif
-
-#include "easy-tls.h" /* include after <openssl/ssl.h> if both are needed */
-
-#if TLS_INFO_SIZE > PIPE_BUF
-# if PIPE_BUF < 512
-# error "PIPE_BUF < 512" /* non-POSIX */
-# endif
-# error "TLS_INFO_SIZE > PIPE_BUF"
-#endif
-
-/*****************************************************************************/
-
-#ifdef TLS_APP
-# include TLS_APP
-#endif
-
-/* Applications can define:
- * TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
- * TLS_CUMULATE_ERRORS
- * TLS_ERROR_BUFSIZ
- * TLS_APP_ERRFLUSH -- void ...(int child_p, char *, size_t, void *apparg)
- */
-
-#ifndef TLS_APP_PROCESS_INIT
-# define TLS_APP_PROCESS_INIT(fd, client_p, apparg) ((void) 0)
-#endif
-
-#ifndef TLS_ERROR_BUFSIZ
-# define TLS_ERROR_BUFSIZ (10*160)
-#endif
-#if TLS_ERROR_BUFSIZ < 2 /* {'\n',0} */
-# error "TLS_ERROR_BUFSIZE is too small."
-#endif
-
-#ifndef TLS_APP_ERRFLUSH
-# define TLS_APP_ERRFLUSH tls_app_errflush
-static void
-tls_app_errflush(int child_p, char *errbuf, size_t num, void *apparg)
-{
- fputs(errbuf, stderr);
-}
-#endif
-
-/*****************************************************************************/
-
-#ifdef DEBUG_TLS
-# define DEBUG_MSG(x) fprintf(stderr," %s\n",x)
-# define DEBUG_MSG2(x,y) fprintf(stderr, " %s: %d\n",x,y)
-static int tls_loop_count = 0;
-static int tls_select_count = 0;
-#else
-# define DEBUG_MSG(x) (void)0
-# define DEBUG_MSG2(x,y) (void)0
-#endif
-
-static void tls_rand_seed_uniquely(void);
-static void tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p);
-static int tls_socket_nonblocking(int fd);
-
-static int tls_child_p = 0;
-static void *tls_child_apparg;
-
-
-struct tls_start_proxy_args
-tls_start_proxy_defaultargs(void)
-{
- struct tls_start_proxy_args ret;
-
- ret.fd = -1;
- ret.client_p = -1;
- ret.ctx = NULL;
- ret.pid = NULL;
- ret.infofd = NULL;
-
- return ret;
-}
-
-/* Slice in TLS proxy process at fd.
- * Return value:
- * 0 ok (*pid is set to child's PID if pid != NULL),
- * < 0 look at errno
- * > 0 other error
- * (return value encodes place of error)
- *
- */
-int
-tls_start_proxy(struct tls_start_proxy_args a, void *apparg)
-{
- int fds[2] = {-1, -1};
- int infofds[2] = {-1, -1};
- int r, getfd, getfl;
- int ret;
-
- DEBUG_MSG2("tls_start_proxy fd", a.fd);
- DEBUG_MSG2("tls_start_proxy client_p", a.client_p);
-
- if (a.fd == -1 || a.client_p == -1 || a.ctx == NULL)
- return 1;
-
- if (a.pid != NULL) {
- *a.pid = 0;
- }
- if (a.infofd != NULL) {
- *a.infofd = -1;
- }
-
- r = socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
- if (r == -1)
- return -1;
- if (a.fd >= FD_SETSIZE || fds[0] >= FD_SETSIZE) {
- ret = 2;
- goto err;
- }
- if (a.infofd != NULL) {
- r = pipe(infofds);
- if (r == -1) {
- ret = -3;
- goto err;
- }
- }
-
- r = fork();
- if (r == -1) {
- ret = -4;
- goto err;
- }
- if (r == 0) {
- DEBUG_MSG("fork");
- tls_child_p = 1;
- tls_child_apparg = apparg;
- close(fds[1]);
- if (infofds[0] != -1)
- close(infofds[0]);
- TLS_APP_PROCESS_INIT(a.fd, a.client_p, apparg);
- DEBUG_MSG("TLS_APP_PROCESS_INIT");
- tls_proxy(fds[0], a.fd, infofds[1], a.ctx, a.client_p);
- exit(0);
- }
- if (a.pid != NULL)
- *a.pid = r;
- if (infofds[1] != -1) {
- close(infofds[1]);
- infofds[1] = -1;
- }
- /* install fds[1] in place of fd: */
- close(fds[0]);
- fds[0] = -1;
- getfd = fcntl(a.fd, F_GETFD);
- getfl = fcntl(a.fd, F_GETFL);
- r = dup2(fds[1], a.fd);
- close(fds[1]);
- fds[1] = -1;
- if (r == -1) {
- ret = -5;
- goto err;
- }
- if (getfd != 1)
- fcntl(a.fd, F_SETFD, getfd);
- if (getfl & O_NONBLOCK)
- (void)tls_socket_nonblocking(a.fd);
- if (a.infofd != NULL)
- *a.infofd = infofds[0];
- return 0;
-
- err:
- if (fds[0] != -1)
- close(fds[0]);
- if (fds[1] != -1)
- close(fds[1]);
- if (infofds[0] != -1)
- close(infofds[0]);
- if (infofds[1] != -1)
- close(infofds[1]);
- return ret;
-}
-
-/*****************************************************************************/
-
-static char errbuf[TLS_ERROR_BUFSIZ];
-static size_t errbuf_i = 0;
-
-static void
-tls_errflush(void *apparg)
-{
- if (errbuf_i == 0)
- return;
-
- assert(errbuf_i < sizeof errbuf);
- assert(errbuf[errbuf_i] == 0);
- if (errbuf_i == sizeof errbuf - 1) {
- /* make sure we have a newline, even if string has been truncated */
- errbuf[errbuf_i - 1] = '\n';
- }
-
- /* TLS_APP_ERRFLUSH may modify the string as needed,
- * e.g. substitute other characters for \n for convenience */
- TLS_APP_ERRFLUSH(tls_child_p, errbuf, errbuf_i, apparg);
-
- errbuf_i = 0;
-}
-
-static void
-tls_errprintf(int flush, void *apparg, const char *fmt, ...)
-{
- va_list args;
- int r;
-
- if (errbuf_i < sizeof errbuf - 1) {
- size_t n;
-
- va_start(args, fmt);
- n = (sizeof errbuf) - errbuf_i;
- r = vsnprintf(errbuf + errbuf_i, n, fmt, args);
- if (r >= n)
- r = n - 1;
- if (r >= 0) {
- errbuf_i += r;
- } else {
- errbuf_i = sizeof errbuf - 1;
- errbuf[errbuf_i] = '\0';
- }
- assert(errbuf_i < sizeof errbuf);
- assert(errbuf[errbuf_i] == 0);
- }
-#ifndef TLS_CUMULATE_ERRORS
- tls_errflush(apparg);
-#else
- if (flush)
- tls_errflush(apparg);
-#endif
-}
-
-/* app_prefix.. are for additional information provided by caller.
- * If OpenSSL error queue is empty, print default_text ("???" if NULL).
- */
-static char *
-tls_openssl_errors(const char *app_prefix_1, const char *app_prefix_2, const char *default_text, void *apparg)
-{
- static char reasons[255];
- size_t reasons_i;
- unsigned long err;
- const char *file;
- int line;
- const char *data;
- int flags;
- char *errstring;
- int printed_something = 0;
-
- reasons_i = 0;
-
- assert(app_prefix_1 != NULL);
- assert(app_prefix_2 != NULL);
-
- if (default_text == NULL)
- default_text = "?""?""?";
-
- while ((err = ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) {
- if (reasons_i < sizeof reasons) {
- size_t n;
- int r;
-
- n = (sizeof reasons) - reasons_i;
- r = snprintf(reasons + reasons_i, n, "%s%s", (reasons_i > 0 ? ", " : ""), ERR_reason_error_string(err));
- if (r >= n)
- r = n - 1;
- if (r >= 0) {
- reasons_i += r;
- } else {
- reasons_i = sizeof reasons;
- }
- assert(reasons_i <= sizeof reasons);
- }
-
- errstring = ERR_error_string(err, NULL);
- assert(errstring != NULL);
- tls_errprintf(0, apparg, "OpenSSL error%s%s: %s:%s:%d:%s\n", app_prefix_1, app_prefix_2, errstring, file, line, (flags & ERR_TXT_STRING) ? data : "");
- printed_something = 1;
- }
-
- if (!printed_something) {
- assert(reasons_i == 0);
- snprintf(reasons, sizeof reasons, "%s", default_text);
- tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1, app_prefix_2, default_text);
- }
-
-#ifdef TLS_CUMULATE_ERRORS
- tls_errflush(apparg);
-#endif
- assert(errbuf_i == 0);
-
- return reasons;
-}
-
-/*****************************************************************************/
-
-static int tls_init_done = 0;
-
-static int
-tls_init(void *apparg)
-{
- if (tls_init_done)
- return 0;
-
- SSL_load_error_strings();
- if (!SSL_library_init() /* aka SSLeay_add_ssl_algorithms() */ ) {
- tls_errprintf(1, apparg, "SSL_library_init failed.\n");
- return -1;
- }
- tls_init_done = 1;
- tls_rand_seed();
- return 0;
-}
-
-/*****************************************************************************/
-
-static void
-tls_rand_seed_uniquely(void)
-{
- struct {
- pid_t pid;
- time_t time;
- void *stack;
- } data;
-
- data.pid = getpid();
- data.time = time(NULL);
- data.stack = (void *)&data;
-
- RAND_seed((const void *)&data, sizeof data);
-}
-
-void
-tls_rand_seed(void)
-{
- struct {
- struct utsname uname;
- int uname_1;
- int uname_2;
- uid_t uid;
- uid_t euid;
- gid_t gid;
- gid_t egid;
- } data;
-
- data.uname_1 = uname(&data.uname);
- data.uname_2 = errno; /* Let's hope that uname fails randomly :-) */
-
- data.uid = getuid();
- data.euid = geteuid();
- data.gid = getgid();
- data.egid = getegid();
-
- RAND_seed((const void *)&data, sizeof data);
- tls_rand_seed_uniquely();
-}
-
-static int tls_rand_seeded_p = 0;
-
-#define my_MIN_SEED_BYTES 256 /* struct stat can be larger than 128 */
-int
-tls_rand_seed_from_file(const char *filename, size_t n, void *apparg)
-{
- /* Seed OpenSSL's random number generator from file.
- Try to read n bytes if n > 0, whole file if n == 0. */
-
- int r;
-
- if (tls_init(apparg) == -1)
- return -1;
- tls_rand_seed();
-
- r = RAND_load_file(filename, (n > 0 && n < LONG_MAX) ? (long)n : LONG_MAX);
- /* r is the number of bytes filled into the random number generator,
- * which are taken from "stat(filename, ...)" in addition to the
- * file contents.
- */
- assert(1 < my_MIN_SEED_BYTES);
- /* We need to detect at least those cases when the file does not exist
- * at all. With current versions of OpenSSL, this should do it: */
- if (n == 0)
- n = my_MIN_SEED_BYTES;
- if (r < n) {
- tls_errprintf(1, apparg, "rand_seed_from_file: could not read %d bytes from %s.\n", n, filename);
- return -1;
- } else {
- tls_rand_seeded_p = 1;
- return 0;
- }
-}
-
-void
-tls_rand_seed_from_memory(const void *buf, size_t n)
-{
- size_t i = 0;
-
- while (i < n) {
- size_t rest = n - i;
- int chunk = rest < INT_MAX ? (int)rest : INT_MAX;
- RAND_seed((const char *)buf + i, chunk);
- i += chunk;
- }
- tls_rand_seeded_p = 1;
-}
-
-
-/*****************************************************************************/
-
-struct tls_x509_name_string {
- char str[100];
-};
-
-static void
-tls_get_x509_subject_name_oneline(X509 *cert, struct tls_x509_name_string *namestring)
-{
- X509_NAME *name;
-
- if (cert == NULL) {
- namestring->str[0] = '\0';
- return;
- }
-
- name = X509_get_subject_name(cert); /* does not increment any reference counter */
-
- assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */
-
- if (name == NULL) {
- namestring->str[0] = '?';
- namestring->str[1] = 0;
- } else {
- size_t len;
-
- X509_NAME_oneline(name, namestring->str, sizeof namestring->str);
- len = strlen(namestring->str);
- assert(namestring->str[len] == 0);
- assert(len < sizeof namestring->str);
-
- if (len+1 == sizeof namestring->str) {
- /* (Probably something was cut off.)
- * Does not really work -- X509_NAME_oneline truncates after
- * name components, we cannot tell from the result whether
- * anything is missing. */
-
- assert(namestring->str[len] == 0);
- namestring->str[--len] = '.';
- namestring->str[--len] = '.';
- namestring->str[--len] = '.';
- }
- }
-}
-
-/*****************************************************************************/
-
-/* to hinder OpenSSL from asking for passphrases */
-static int
-no_passphrase_callback(char *buf, int num, int w, void *arg)
-{
- return -1;
-}
-
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-static int
-verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)
-#else
-static int
-verify_dont_fail_cb(X509_STORE_CTX *c)
-#endif
-{
- int i;
-
- i = X509_verify_cert(c); /* sets c->error */
-#if OPENSSL_VERSION_NUMBER >= 0x00905000L /* don't allow unverified
- * certificates -- they could
- * survive session reuse, but
- * OpenSSL < 0.9.5-dev does not
- * preserve their verify_result */
- if (i == 0)
- return 1;
- else
-#endif
- return i;
-}
-
-static DH *tls_dhe1024 = NULL; /* generating these takes a while, so do it just once */
-
-void
-tls_set_dhe1024(int i, void *apparg)
-{
- DSA *dsaparams;
- DH *dhparams;
- const char *seed[] = { ";-) :-( :-) :-( ",
- ";-) :-( :-) :-( ",
- "Random String no. 12",
- ";-) :-( :-) :-( ",
- "hackers have even mo", /* from jargon file */
- };
- unsigned char seedbuf[20];
-
- tls_init(apparg);
- if (i >= 0) {
- i %= sizeof seed / sizeof seed[0];
- assert(strlen(seed[i]) == 20);
- memcpy(seedbuf, seed[i], 20);
- dsaparams = DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL);
- } else {
- /* random parameters (may take a while) */
- dsaparams = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
- }
-
- if (dsaparams == NULL) {
- tls_openssl_errors("", "", NULL, apparg);
- return;
- }
- dhparams = DSA_dup_DH(dsaparams);
- DSA_free(dsaparams);
- if (dhparams == NULL) {
- tls_openssl_errors("", "", NULL, apparg);
- return;
- }
- if (tls_dhe1024 != NULL)
- DH_free(tls_dhe1024);
- tls_dhe1024 = dhparams;
-}
-
-struct tls_create_ctx_args
-tls_create_ctx_defaultargs(void)
-{
- struct tls_create_ctx_args ret;
-
- ret.client_p = 0;
- ret.certificate_file = NULL;
- ret.key_file = NULL;
- ret.ca_file = NULL;
- ret.verify_depth = -1;
- ret.fail_unless_verified = 0;
- ret.export_p = 0;
-
- return ret;
-}
-
-SSL_CTX *
-tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
-{
- int r;
- static long context_num = 0;
- SSL_CTX *ret;
- const char *err_pref_1 = "", *err_pref_2 = "";
-
- if (tls_init(apparg) == -1)
- return NULL;
-
- ret = SSL_CTX_new((a.client_p? SSLv23_client_method:SSLv23_server_method)());
-
- if (ret == NULL)
- goto err;
-
- SSL_CTX_set_default_passwd_cb(ret, no_passphrase_callback);
- SSL_CTX_set_mode(ret, SSL_MODE_ENABLE_PARTIAL_WRITE);
-
- if ((a.certificate_file != NULL) || (a.key_file != NULL)) {
- if (a.key_file == NULL) {
- tls_errprintf(1, apparg, "Need a key file.\n");
- goto err_return;
- }
- if (a.certificate_file == NULL) {
- tls_errprintf(1, apparg, "Need a certificate chain file.\n");
- goto err_return;
- }
-
- if (!SSL_CTX_use_PrivateKey_file(ret, a.key_file, SSL_FILETYPE_PEM))
- goto err;
- if (!tls_rand_seeded_p) {
- /* particularly paranoid people may not like this --
- * so provide your own random seeding before calling this */
- if (tls_rand_seed_from_file(a.key_file, 0, apparg) == -1)
- goto err_return;
- }
- if (!SSL_CTX_use_certificate_chain_file(ret, a.certificate_file))
- goto err;
- if (!SSL_CTX_check_private_key(ret)) {
- tls_errprintf(1, apparg, "Private key \"%s\" does not match certificate \"%s\".\n", a.key_file, a.certificate_file);
- goto err_peek;
- }
- }
-
- if ((a.ca_file != NULL) || (a.verify_depth > 0)) {
- context_num++;
- r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num, (unsigned int)sizeof context_num);
- if (!r)
- goto err;
-
- SSL_CTX_set_verify(ret, SSL_VERIFY_PEER | (a.fail_unless_verified ? SSL_VERIFY_FAIL_IF_NO_PEER_CERT : 0), 0);
- if (!a.fail_unless_verified)
- SSL_CTX_set_cert_verify_callback(ret, verify_dont_fail_cb, NULL);
-
- if (a.verify_depth > 0)
- SSL_CTX_set_verify_depth(ret, a.verify_depth);
-
- if (a.ca_file != NULL) {
- r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL /* no CA-directory */); /* does not report failure if file does not exist ... */
- if (!r) {
- err_pref_1 = " while processing certificate file ";
- err_pref_2 = a.ca_file;
- goto err;
- }
-
- if (!a.client_p) {
- /* SSL_load_client_CA_file is a misnomer, it just creates a list of CNs. */
- SSL_CTX_set_client_CA_list(ret, SSL_load_client_CA_file(a.ca_file));
- /* SSL_CTX_set_client_CA_list does not have a return value;
- * it does not really need one, but make sure
- * (we really test if SSL_load_client_CA_file worked) */
- if (SSL_CTX_get_client_CA_list(ret) == NULL) {
- tls_errprintf(1, apparg, "Could not set client CA list from \"%s\".\n", a.ca_file);
- goto err_peek;
- }
- }
- }
- }
-
- if (!a.client_p) {
- if (tls_dhe1024 == NULL) {
- int i;
-
- RAND_bytes((unsigned char *) &i, sizeof i);
- /* make sure that i is non-negative -- pick one of the provided
- * seeds */
- if (i < 0)
- i = -i;
- if (i < 0)
- i = 0;
- tls_set_dhe1024(i, apparg);
- if (tls_dhe1024 == NULL)
- goto err_return;
- }
-
- if (!SSL_CTX_set_tmp_dh(ret, tls_dhe1024))
- goto err;
-
- /* avoid small subgroup attacks: */
- SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE);
- }
-
-#ifndef NO_RSA
- if (!a.client_p && a.export_p) {
- RSA *tmpkey;
-
- tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL);
- if (tmpkey == NULL)
- goto err;
- if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) {
- RSA_free(tmpkey);
- goto err;
- }
- RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */
- }
-#endif
-
- return ret;
-
- err_peek:
- if (!ERR_peek_error())
- goto err_return;
- err:
- tls_openssl_errors(err_pref_1, err_pref_2, NULL, apparg);
- err_return:
- if (ret != NULL)
- SSL_CTX_free(ret);
- return NULL;
-}
-
-
-/*****************************************************************************/
-
-static int
-tls_socket_nonblocking(int fd)
-{
- int v, r;
-
- v = fcntl(fd, F_GETFL, 0);
- if (v == -1) {
- if (errno == EINVAL)
- return 0; /* already shut down -- ignore */
- return -1;
- }
- r = fcntl(fd, F_SETFL, v | O_NONBLOCK);
- if (r == -1) {
- if (errno == EINVAL)
- return 0; /* already shut down -- ignore */
- return -1;
- }
- return 0;
-}
-
-static int
-max(int a, int b)
-{
- return a > b ? a : b;
-}
-
-static void
-tls_sockets_select(int read_select_1, int read_select_2, int write_select_1, int write_select_2, int seconds /* timeout, -1 means no timeout */)
-{
- int maxfd, n;
- fd_set reads, writes;
- struct timeval timeout;
- struct timeval *timeout_p;
-
- assert(read_select_1 >= -1 && read_select_2 >= -1 && write_select_1 >= -1 && write_select_2 >= -1);
- assert(read_select_1 < FD_SETSIZE && read_select_2 < FD_SETSIZE -1 && write_select_1 < FD_SETSIZE -1 && write_select_2 < FD_SETSIZE -1);
-
- maxfd = max(max(read_select_1, read_select_2), max(write_select_1, write_select_2));
- assert(maxfd >= 0);
-
- FD_ZERO(&reads);
- FD_ZERO(&writes);
-
- for(n = 0; n < 4; ++n) {
- int i = n % 2;
- int w = n >= 2;
- /* loop over all (i, w) in {0,1}x{0,1} */
- int fd;
-
- if (i == 0 && w == 0)
- fd = read_select_1;
- else if (i == 1 && w == 0)
- fd = read_select_2;
- else if (i == 0 && w == 1)
- fd = write_select_1;
- else {
- assert(i == 1 && w == 1);
- fd = write_select_2;
- }
-
- if (fd >= 0) {
- if (w == 0)
- FD_SET(fd, &reads);
- else /* w == 1 */
- FD_SET(fd, &writes);
- }
- }
-
- if (seconds >= 0) {
- timeout.tv_sec = seconds;
- timeout.tv_usec = 0;
- timeout_p = &timeout;
- } else
- timeout_p = NULL;
-
- DEBUG_MSG2("select no.", ++tls_select_count);
- select(maxfd + 1, &reads, &writes, (fd_set *) NULL, timeout_p);
- DEBUG_MSG("cont.");
-}
-
-/*****************************************************************************/
-
-#define TUNNELBUFSIZE (16*1024)
-struct tunnelbuf {
- char buf[TUNNELBUFSIZE];
- size_t len;
- size_t offset;
-};
-
-static int tls_connect_attempt(SSL *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
-
-static int tls_accept_attempt(SSL *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
-
-static int tls_write_attempt(SSL *, struct tunnelbuf *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
-
-static int tls_read_attempt(SSL *, struct tunnelbuf *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
-
-static int write_attempt(int fd, struct tunnelbuf *, int *select, int *closed, int *progress);
-
-static int read_attempt(int fd, struct tunnelbuf *, int *select, int *closed, int *progress);
-
-static void write_info(SSL *ssl, int *info_fd)
-{
- if (*info_fd != -1) {
- long v;
- int v_ok;
- struct tls_x509_name_string peer;
- char infobuf[TLS_INFO_SIZE];
- int r;
-
- DEBUG_MSG("write_info");
- v = SSL_get_verify_result(ssl);
- v_ok = (v == X509_V_OK) ? 'A' : 'E'; /* Auth./Error */
- {
- X509 *peercert;
-
- peercert = SSL_get_peer_certificate(ssl);
- tls_get_x509_subject_name_oneline(peercert, &peer);
- if (peercert != NULL)
- X509_free(peercert);
- }
- if (peer.str[0] == '\0')
- v_ok = '0'; /* no cert at all */
- else
- if (strchr(peer.str, '\n')) {
- /* should not happen, but make sure */
- *strchr(peer.str, '\n') = '\0';
- }
- r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok, X509_verify_cert_error_string(v), peer.str);
- DEBUG_MSG2("snprintf", r);
- if (r == -1 || r >= sizeof infobuf)
- r = sizeof infobuf - 1;
- write(*info_fd, infobuf, r);
- close (*info_fd);
- *info_fd = -1;
- }
-}
-
-
-/* tls_proxy expects that all fds are closed after return */
-static void
-tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p)
-{
- struct tunnelbuf clear_to_tls, tls_to_clear;
- SSL *ssl;
- BIO *rbio, *wbio;
- int closed, in_handshake;
- const char *err_pref_1 = "", *err_pref_2 = "";
- const char *err_def = NULL;
-
- assert(clear_fd != -1);
- assert(tls_fd != -1);
- assert(clear_fd < FD_SETSIZE);
- assert(tls_fd < FD_SETSIZE);
- /* info_fd may be -1 */
- assert(ctx != NULL);
-
- tls_rand_seed_uniquely();
-
- tls_socket_nonblocking(clear_fd);
- DEBUG_MSG2("clear_fd", clear_fd);
- tls_socket_nonblocking(tls_fd);
- DEBUG_MSG2("tls_fd", tls_fd);
-
- ssl = SSL_new(ctx);
- if (ssl == NULL)
- goto err;
- DEBUG_MSG("SSL_new");
- if (!SSL_set_fd(ssl, tls_fd))
- goto err;
- rbio = SSL_get_rbio(ssl);
- wbio = SSL_get_wbio(ssl); /* should be the same, but who cares */
- assert(rbio != NULL);
- assert(wbio != NULL);
- if (client_p)
- SSL_set_connect_state(ssl);
- else
- SSL_set_accept_state(ssl);
-
- closed = 0;
- in_handshake = 1;
- tls_to_clear.len = 0;
- tls_to_clear.offset = 0;
- clear_to_tls.len = 0;
- clear_to_tls.offset = 0;
-
- err_def = "I/O error";
-
- /* loop finishes as soon as we detect that one side closed;
- * when all (program and OS) buffers have enough space,
- * the data from the last succesful read in each direction is transferred
- * before close */
- do {
- int clear_read_select = 0, clear_write_select = 0,
- tls_read_select = 0, tls_write_select = 0,
- progress = 0;
- int r;
- unsigned long num_read = BIO_number_read(rbio),
- num_written = BIO_number_written(wbio);
-
- DEBUG_MSG2("loop iteration", ++tls_loop_count);
-
- if (in_handshake) {
- DEBUG_MSG("in_handshake");
- if (client_p)
- r = tls_connect_attempt(ssl, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
- else
- r = tls_accept_attempt(ssl, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
- if (r != 0) {
- write_info(ssl, &info_fd);
- goto err;
- }
- if (closed)
- goto err_return;
- if (!SSL_in_init(ssl)) {
- in_handshake = 0;
- write_info(ssl, &info_fd);
- }
- }
-
- if (clear_to_tls.len != 0 && !in_handshake) {
- assert(!closed);
-
- r = tls_write_attempt(ssl, &clear_to_tls, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
- if (r != 0)
- goto err;
- if (closed) {
- assert(progress);
- tls_to_clear.offset = 0;
- tls_to_clear.len = 0;
- }
- }
-
- if (tls_to_clear.len != 0) {
- assert(!closed);
-
- r = write_attempt(clear_fd, &tls_to_clear, &clear_write_select, &closed, &progress);
- if (r != 0)
- goto err_return;
- if (closed) {
- assert(progress);
- clear_to_tls.offset = 0;
- clear_to_tls.len = 0;
- }
- }
-
- if (!closed) {
- if (clear_to_tls.offset + clear_to_tls.len < sizeof clear_to_tls.buf) {
- r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select, &closed, &progress);
- if (r != 0)
- goto err_return;
- if (closed) {
- r = SSL_shutdown(ssl);
- DEBUG_MSG2("SSL_shutdown", r);
- }
- }
- }
-
- if (!closed && !in_handshake) {
- if (tls_to_clear.offset + tls_to_clear.len < sizeof tls_to_clear.buf) {
- r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
- if (r != 0)
- goto err;
- if (closed) {
- r = SSL_shutdown(ssl);
- DEBUG_MSG2("SSL_shutdown", r);
- }
- }
- }
-
- if (!progress) {
- DEBUG_MSG("!progress?");
- if (num_read != BIO_number_read(rbio) || num_written != BIO_number_written(wbio))
- progress = 1;
-
- if (!progress) {
- DEBUG_MSG("!progress");
- assert(clear_read_select || tls_read_select || clear_write_select || tls_write_select);
- tls_sockets_select(clear_read_select ? clear_fd : -1, tls_read_select ? tls_fd : -1, clear_write_select ? clear_fd : -1, tls_write_select ? tls_fd : -1, -1);
- }
- }
- } while (!closed);
- return;
-
- err:
- tls_openssl_errors(err_pref_1, err_pref_2, err_def, tls_child_apparg);
- err_return:
- return;
-}
-
-
-static int
-tls_get_error(SSL *ssl, int r, int *write_select, int *read_select, int *closed, int *progress)
-{
- int err = SSL_get_error(ssl, r);
-
- if (err == SSL_ERROR_NONE) {
- assert(r > 0);
- *progress = 1;
- return 0;
- }
-
- assert(r <= 0);
-
- switch (err) {
- case SSL_ERROR_ZERO_RETURN:
- assert(r == 0);
- *closed = 1;
- *progress = 1;
- return 0;
-
- case SSL_ERROR_WANT_WRITE:
- *write_select = 1;
- return 0;
-
- case SSL_ERROR_WANT_READ:
- *read_select = 1;
- return 0;
- }
-
- return -1;
-}
-
-static int
-tls_connect_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
-{
- int n, r;
-
- DEBUG_MSG("tls_connect_attempt");
- n = SSL_connect(ssl);
- DEBUG_MSG2("SSL_connect",n);
- r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
- if (r == -1)
- *err_pref = " during SSL_connect";
- return r;
-}
-
-static int
-tls_accept_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
-{
- int n, r;
-
- DEBUG_MSG("tls_accept_attempt");
- n = SSL_accept(ssl);
- DEBUG_MSG2("SSL_accept",n);
- r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
- if (r == -1)
- *err_pref = " during SSL_accept";
- return r;
-}
-
-static int
-tls_write_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
-{
- int n, r;
-
- DEBUG_MSG("tls_write_attempt");
- n = SSL_write(ssl, buf->buf + buf->offset, buf->len);
- DEBUG_MSG2("SSL_write",n);
- r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
- if (n > 0) {
- buf->len -= n;
- assert(buf->len >= 0);
- if (buf->len == 0)
- buf->offset = 0;
- else
- buf->offset += n;
- }
- if (r == -1)
- *err_pref = " during SSL_write";
- return r;
-}
-
-static int
-tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
-{
- int n, r;
- size_t total;
-
- DEBUG_MSG("tls_read_attempt");
- total = buf->offset + buf->len;
- assert(total < sizeof buf->buf);
- n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total);
- DEBUG_MSG2("SSL_read",n);
- r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
- if (n > 0) {
- buf->len += n;
- assert(buf->offset + buf->len <= sizeof buf->buf);
- }
- if (r == -1)
- *err_pref = " during SSL_read";
- return r;
-}
-
-static int
-get_error(int r, int *select, int *closed, int *progress)
-{
- if (r >= 0) {
- *progress = 1;
- if (r == 0)
- *closed = 1;
- return 0;
- } else {
- assert(r == -1);
- if (errno == EAGAIN || errno == EWOULDBLOCK) {
- *select = 1;
- return 0;
- } else if (errno == EPIPE) {
- *progress = 1;
- *closed = 1;
- return 0;
- } else
- return -1;
- }
-}
-
-static int write_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, int *progress)
-{
- int n, r;
-
- DEBUG_MSG("write_attempt");
- n = write(fd, buf->buf + buf->offset, buf->len);
- DEBUG_MSG2("write",n);
- r = get_error(n, select, closed, progress);
- if (n > 0) {
- buf->len -= n;
- assert(buf->len >= 0);
- if (buf->len == 0)
- buf->offset = 0;
- else
- buf->offset += n;
- }
- if (r == -1)
- tls_errprintf(1, tls_child_apparg, "write error: %s\n", strerror(errno));
- return r;
-}
-
-static int
-read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, int *progress)
-{
- int n, r;
- size_t total;
-
- DEBUG_MSG("read_attempt");
- total = buf->offset + buf->len;
- assert(total < sizeof buf->buf);
- n = read(fd, buf->buf + total, (sizeof buf->buf) - total);
- DEBUG_MSG2("read",n);
- r = get_error(n, select, closed, progress);
- if (n > 0) {
- buf->len += n;
- assert(buf->offset + buf->len <= sizeof buf->buf);
- }
- if (r == -1)
- tls_errprintf(1, tls_child_apparg, "read error: %s\n", strerror(errno));
- return r;
-}
Copied: vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.c (from rev 6976, vendor-crypto/openssl/dist/demos/easy_tls/easy-tls.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1310 @@
+/* -*- Mode: C; c-file-style: "bsd" -*- */
+/*-
+ * easy-tls.c -- generic TLS proxy.
+ * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $
+ */
+/*-
+ (c) Copyright 1999 Bodo Moeller. All rights reserved.
+
+ This is free software; you can redistributed and/or modify it
+ unter the terms of either
+ - the GNU General Public License as published by the
+ Free Software Foundation, version 1, or (at your option)
+ any later version,
+ or
+ - the following license:
+*/
+/*-
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that each of the following
+ * conditions is met:
+ *
+ * 1. Redistributions qualify as "freeware" or "Open Source Software" under
+ * one of the following terms:
+ *
+ * (a) Redistributions are made at no charge beyond the reasonable cost of
+ * materials and delivery.
+ *
+ * (b) Redistributions are accompanied by a copy of the Source Code
+ * or by an irrevocable offer to provide a copy of the Source Code
+ * for up to three years at the cost of materials and delivery.
+ * Such redistributions must allow further use, modification, and
+ * redistribution of the Source Code under substantially the same
+ * terms as this license.
+ *
+ * 2. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 3. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 4. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by Bodo Moeller."
+ * (If available, substitute umlauted o for oe.)
+ *
+ * 5. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Bodo Moeller."
+ *
+ * THIS SOFTWARE IS PROVIDED BY BODO MOELLER ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BODO MOELLER OR
+ * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*-
+ * Attribution for OpenSSL library:
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ * This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)
+ */
+
+static char const rcsid[] =
+ "$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $";
+
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/utsname.h>
+#include <unistd.h>
+
+#include <openssl/crypto.h>
+#include <openssl/dh.h>
+#include <openssl/dsa.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/opensslv.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#ifndef NO_RSA
+# include <openssl/rsa.h>
+#endif
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+#include <openssl/x509_vfy.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x00904000L /* 0.9.4-dev */
+# error "This program needs OpenSSL 0.9.4 or later."
+#endif
+
+#include "easy-tls.h" /* include after <openssl/ssl.h> if both are
+ * needed */
+
+#if TLS_INFO_SIZE > PIPE_BUF
+# if PIPE_BUF < 512
+# error "PIPE_BUF < 512" /* non-POSIX */
+# endif
+# error "TLS_INFO_SIZE > PIPE_BUF"
+#endif
+
+/*****************************************************************************/
+
+#ifdef TLS_APP
+# include TLS_APP
+#endif
+
+/*-
+ * Applications can define:
+ * TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
+ * TLS_CUMULATE_ERRORS
+ * TLS_ERROR_BUFSIZ
+ * TLS_APP_ERRFLUSH -- void ...(int child_p, char *, size_t, void *apparg)
+ */
+
+#ifndef TLS_APP_PROCESS_INIT
+# define TLS_APP_PROCESS_INIT(fd, client_p, apparg) ((void) 0)
+#endif
+
+#ifndef TLS_ERROR_BUFSIZ
+# define TLS_ERROR_BUFSIZ (10*160)
+#endif
+#if TLS_ERROR_BUFSIZ < 2 /* {'\n',0} */
+# error "TLS_ERROR_BUFSIZE is too small."
+#endif
+
+#ifndef TLS_APP_ERRFLUSH
+# define TLS_APP_ERRFLUSH tls_app_errflush
+static void
+tls_app_errflush(int child_p, char *errbuf, size_t num, void *apparg)
+{
+ fputs(errbuf, stderr);
+}
+#endif
+
+/*****************************************************************************/
+
+#ifdef DEBUG_TLS
+# define DEBUG_MSG(x) fprintf(stderr," %s\n",x)
+# define DEBUG_MSG2(x,y) fprintf(stderr, " %s: %d\n",x,y)
+static int tls_loop_count = 0;
+static int tls_select_count = 0;
+#else
+# define DEBUG_MSG(x) (void)0
+# define DEBUG_MSG2(x,y) (void)0
+#endif
+
+static void tls_rand_seed_uniquely(void);
+static void tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx,
+ int client_p);
+static int tls_socket_nonblocking(int fd);
+
+static int tls_child_p = 0;
+static void *tls_child_apparg;
+
+struct tls_start_proxy_args tls_start_proxy_defaultargs(void)
+{
+ struct tls_start_proxy_args ret;
+
+ ret.fd = -1;
+ ret.client_p = -1;
+ ret.ctx = NULL;
+ ret.pid = NULL;
+ ret.infofd = NULL;
+
+ return ret;
+}
+
+/*-
+ * Slice in TLS proxy process at fd.
+ * Return value:
+ * 0 ok (*pid is set to child's PID if pid != NULL),
+ * < 0 look at errno
+ * > 0 other error
+ * (return value encodes place of error)
+ *
+ */
+int tls_start_proxy(struct tls_start_proxy_args a, void *apparg)
+{
+ int fds[2] = { -1, -1 };
+ int infofds[2] = { -1, -1 };
+ int r, getfd, getfl;
+ int ret;
+
+ DEBUG_MSG2("tls_start_proxy fd", a.fd);
+ DEBUG_MSG2("tls_start_proxy client_p", a.client_p);
+
+ if (a.fd == -1 || a.client_p == -1 || a.ctx == NULL)
+ return 1;
+
+ if (a.pid != NULL) {
+ *a.pid = 0;
+ }
+ if (a.infofd != NULL) {
+ *a.infofd = -1;
+ }
+
+ r = socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
+ if (r == -1)
+ return -1;
+ if (a.fd >= FD_SETSIZE || fds[0] >= FD_SETSIZE) {
+ ret = 2;
+ goto err;
+ }
+ if (a.infofd != NULL) {
+ r = pipe(infofds);
+ if (r == -1) {
+ ret = -3;
+ goto err;
+ }
+ }
+
+ r = fork();
+ if (r == -1) {
+ ret = -4;
+ goto err;
+ }
+ if (r == 0) {
+ DEBUG_MSG("fork");
+ tls_child_p = 1;
+ tls_child_apparg = apparg;
+ close(fds[1]);
+ if (infofds[0] != -1)
+ close(infofds[0]);
+ TLS_APP_PROCESS_INIT(a.fd, a.client_p, apparg);
+ DEBUG_MSG("TLS_APP_PROCESS_INIT");
+ tls_proxy(fds[0], a.fd, infofds[1], a.ctx, a.client_p);
+ exit(0);
+ }
+ if (a.pid != NULL)
+ *a.pid = r;
+ if (infofds[1] != -1) {
+ close(infofds[1]);
+ infofds[1] = -1;
+ }
+ /* install fds[1] in place of fd: */
+ close(fds[0]);
+ fds[0] = -1;
+ getfd = fcntl(a.fd, F_GETFD);
+ getfl = fcntl(a.fd, F_GETFL);
+ r = dup2(fds[1], a.fd);
+ close(fds[1]);
+ fds[1] = -1;
+ if (r == -1) {
+ ret = -5;
+ goto err;
+ }
+ if (getfd != 1)
+ fcntl(a.fd, F_SETFD, getfd);
+ if (getfl & O_NONBLOCK)
+ (void)tls_socket_nonblocking(a.fd);
+ if (a.infofd != NULL)
+ *a.infofd = infofds[0];
+ return 0;
+
+ err:
+ if (fds[0] != -1)
+ close(fds[0]);
+ if (fds[1] != -1)
+ close(fds[1]);
+ if (infofds[0] != -1)
+ close(infofds[0]);
+ if (infofds[1] != -1)
+ close(infofds[1]);
+ return ret;
+}
+
+/*****************************************************************************/
+
+static char errbuf[TLS_ERROR_BUFSIZ];
+static size_t errbuf_i = 0;
+
+static void tls_errflush(void *apparg)
+{
+ if (errbuf_i == 0)
+ return;
+
+ assert(errbuf_i < sizeof errbuf);
+ assert(errbuf[errbuf_i] == 0);
+ if (errbuf_i == sizeof errbuf - 1) {
+ /* make sure we have a newline, even if string has been truncated */
+ errbuf[errbuf_i - 1] = '\n';
+ }
+
+ /*
+ * TLS_APP_ERRFLUSH may modify the string as needed, e.g. substitute
+ * other characters for \n for convenience
+ */
+ TLS_APP_ERRFLUSH(tls_child_p, errbuf, errbuf_i, apparg);
+
+ errbuf_i = 0;
+}
+
+static void tls_errprintf(int flush, void *apparg, const char *fmt, ...)
+{
+ va_list args;
+ int r;
+
+ if (errbuf_i < sizeof errbuf - 1) {
+ size_t n;
+
+ va_start(args, fmt);
+ n = (sizeof errbuf) - errbuf_i;
+ r = vsnprintf(errbuf + errbuf_i, n, fmt, args);
+ if (r >= n)
+ r = n - 1;
+ if (r >= 0) {
+ errbuf_i += r;
+ } else {
+ errbuf_i = sizeof errbuf - 1;
+ errbuf[errbuf_i] = '\0';
+ }
+ assert(errbuf_i < sizeof errbuf);
+ assert(errbuf[errbuf_i] == 0);
+ }
+#ifndef TLS_CUMULATE_ERRORS
+ tls_errflush(apparg);
+#else
+ if (flush)
+ tls_errflush(apparg);
+#endif
+}
+
+/*
+ * app_prefix.. are for additional information provided by caller. If OpenSSL
+ * error queue is empty, print default_text ("???" if NULL).
+ */
+static char *tls_openssl_errors(const char *app_prefix_1,
+ const char *app_prefix_2,
+ const char *default_text, void *apparg)
+{
+ static char reasons[255];
+ size_t reasons_i;
+ unsigned long err;
+ const char *file;
+ int line;
+ const char *data;
+ int flags;
+ char *errstring;
+ int printed_something = 0;
+
+ reasons_i = 0;
+
+ assert(app_prefix_1 != NULL);
+ assert(app_prefix_2 != NULL);
+
+ if (default_text == NULL)
+ default_text = "?" "?" "?";
+
+ while ((err = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
+ if (reasons_i < sizeof reasons) {
+ size_t n;
+ int r;
+
+ n = (sizeof reasons) - reasons_i;
+ r = snprintf(reasons + reasons_i, n, "%s%s",
+ (reasons_i > 0 ? ", " : ""),
+ ERR_reason_error_string(err));
+ if (r >= n)
+ r = n - 1;
+ if (r >= 0) {
+ reasons_i += r;
+ } else {
+ reasons_i = sizeof reasons;
+ }
+ assert(reasons_i <= sizeof reasons);
+ }
+
+ errstring = ERR_error_string(err, NULL);
+ assert(errstring != NULL);
+ tls_errprintf(0, apparg, "OpenSSL error%s%s: %s:%s:%d:%s\n",
+ app_prefix_1, app_prefix_2, errstring, file, line,
+ (flags & ERR_TXT_STRING) ? data : "");
+ printed_something = 1;
+ }
+
+ if (!printed_something) {
+ assert(reasons_i == 0);
+ snprintf(reasons, sizeof reasons, "%s", default_text);
+ tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1,
+ app_prefix_2, default_text);
+ }
+#ifdef TLS_CUMULATE_ERRORS
+ tls_errflush(apparg);
+#endif
+ assert(errbuf_i == 0);
+
+ return reasons;
+}
+
+/*****************************************************************************/
+
+static int tls_init_done = 0;
+
+static int tls_init(void *apparg)
+{
+ if (tls_init_done)
+ return 0;
+
+ SSL_load_error_strings();
+ if (!SSL_library_init() /* aka SSLeay_add_ssl_algorithms() */ ) {
+ tls_errprintf(1, apparg, "SSL_library_init failed.\n");
+ return -1;
+ }
+ tls_init_done = 1;
+ tls_rand_seed();
+ return 0;
+}
+
+/*****************************************************************************/
+
+static void tls_rand_seed_uniquely(void)
+{
+ struct {
+ pid_t pid;
+ time_t time;
+ void *stack;
+ } data;
+
+ data.pid = getpid();
+ data.time = time(NULL);
+ data.stack = (void *)&data;
+
+ RAND_seed((const void *)&data, sizeof data);
+}
+
+void tls_rand_seed(void)
+{
+ struct {
+ struct utsname uname;
+ int uname_1;
+ int uname_2;
+ uid_t uid;
+ uid_t euid;
+ gid_t gid;
+ gid_t egid;
+ } data;
+
+ data.uname_1 = uname(&data.uname);
+ data.uname_2 = errno; /* Let's hope that uname fails randomly :-) */
+
+ data.uid = getuid();
+ data.euid = geteuid();
+ data.gid = getgid();
+ data.egid = getegid();
+
+ RAND_seed((const void *)&data, sizeof data);
+ tls_rand_seed_uniquely();
+}
+
+static int tls_rand_seeded_p = 0;
+
+#define my_MIN_SEED_BYTES 256 /* struct stat can be larger than 128 */
+int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg)
+{
+ /*
+ * Seed OpenSSL's random number generator from file. Try to read n bytes
+ * if n > 0, whole file if n == 0.
+ */
+
+ int r;
+
+ if (tls_init(apparg) == -1)
+ return -1;
+ tls_rand_seed();
+
+ r = RAND_load_file(filename,
+ (n > 0 && n < LONG_MAX) ? (long)n : LONG_MAX);
+ /*
+ * r is the number of bytes filled into the random number generator,
+ * which are taken from "stat(filename, ...)" in addition to the file
+ * contents.
+ */
+ assert(1 < my_MIN_SEED_BYTES);
+ /*
+ * We need to detect at least those cases when the file does not exist at
+ * all. With current versions of OpenSSL, this should do it:
+ */
+ if (n == 0)
+ n = my_MIN_SEED_BYTES;
+ if (r < n) {
+ tls_errprintf(1, apparg,
+ "rand_seed_from_file: could not read %d bytes from %s.\n",
+ n, filename);
+ return -1;
+ } else {
+ tls_rand_seeded_p = 1;
+ return 0;
+ }
+}
+
+void tls_rand_seed_from_memory(const void *buf, size_t n)
+{
+ size_t i = 0;
+
+ while (i < n) {
+ size_t rest = n - i;
+ int chunk = rest < INT_MAX ? (int)rest : INT_MAX;
+ RAND_seed((const char *)buf + i, chunk);
+ i += chunk;
+ }
+ tls_rand_seeded_p = 1;
+}
+
+/*****************************************************************************/
+
+struct tls_x509_name_string {
+ char str[100];
+};
+
+static void
+tls_get_x509_subject_name_oneline(X509 *cert,
+ struct tls_x509_name_string *namestring)
+{
+ X509_NAME *name;
+
+ if (cert == NULL) {
+ namestring->str[0] = '\0';
+ return;
+ }
+
+ name = X509_get_subject_name(cert); /* does not increment any reference
+ * counter */
+
+ assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */
+
+ if (name == NULL) {
+ namestring->str[0] = '?';
+ namestring->str[1] = 0;
+ } else {
+ size_t len;
+
+ X509_NAME_oneline(name, namestring->str, sizeof namestring->str);
+ len = strlen(namestring->str);
+ assert(namestring->str[len] == 0);
+ assert(len < sizeof namestring->str);
+
+ if (len + 1 == sizeof namestring->str) {
+ /*
+ * (Probably something was cut off.) Does not really work --
+ * X509_NAME_oneline truncates after name components, we cannot
+ * tell from the result whether anything is missing.
+ */
+
+ assert(namestring->str[len] == 0);
+ namestring->str[--len] = '.';
+ namestring->str[--len] = '.';
+ namestring->str[--len] = '.';
+ }
+ }
+}
+
+/*****************************************************************************/
+
+/* to hinder OpenSSL from asking for passphrases */
+static int no_passphrase_callback(char *buf, int num, int w, void *arg)
+{
+ return -1;
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+static int verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)
+#else
+static int verify_dont_fail_cb(X509_STORE_CTX *c)
+#endif
+{
+ int i;
+
+ i = X509_verify_cert(c); /* sets c->error */
+#if OPENSSL_VERSION_NUMBER >= 0x00905000L /* don't allow unverified
+ * certificates -- they could
+ * survive session reuse, but
+ * OpenSSL < 0.9.5-dev does not
+ * preserve their verify_result */
+ if (i == 0)
+ return 1;
+ else
+#endif
+ return i;
+}
+
+static DH *tls_dhe1024 = NULL; /* generating these takes a while, so do it
+ * just once */
+
+void tls_set_dhe1024(int i, void *apparg)
+{
+ DSA *dsaparams;
+ DH *dhparams;
+ const char *seed[] = { ";-) :-( :-) :-( ",
+ ";-) :-( :-) :-( ",
+ "Random String no. 12",
+ ";-) :-( :-) :-( ",
+ "hackers have even mo", /* from jargon file */
+ };
+ unsigned char seedbuf[20];
+
+ tls_init(apparg);
+ if (i >= 0) {
+ i %= sizeof seed / sizeof seed[0];
+ assert(strlen(seed[i]) == 20);
+ memcpy(seedbuf, seed[i], 20);
+ dsaparams =
+ DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL);
+ } else {
+ /* random parameters (may take a while) */
+ dsaparams =
+ DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
+ }
+
+ if (dsaparams == NULL) {
+ tls_openssl_errors("", "", NULL, apparg);
+ return;
+ }
+ dhparams = DSA_dup_DH(dsaparams);
+ DSA_free(dsaparams);
+ if (dhparams == NULL) {
+ tls_openssl_errors("", "", NULL, apparg);
+ return;
+ }
+ if (tls_dhe1024 != NULL)
+ DH_free(tls_dhe1024);
+ tls_dhe1024 = dhparams;
+}
+
+struct tls_create_ctx_args tls_create_ctx_defaultargs(void)
+{
+ struct tls_create_ctx_args ret;
+
+ ret.client_p = 0;
+ ret.certificate_file = NULL;
+ ret.key_file = NULL;
+ ret.ca_file = NULL;
+ ret.verify_depth = -1;
+ ret.fail_unless_verified = 0;
+ ret.export_p = 0;
+
+ return ret;
+}
+
+SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
+{
+ int r;
+ static long context_num = 0;
+ SSL_CTX *ret;
+ const char *err_pref_1 = "", *err_pref_2 = "";
+
+ if (tls_init(apparg) == -1)
+ return NULL;
+
+ ret =
+ SSL_CTX_new((a.client_p ? SSLv23_client_method :
+ SSLv23_server_method) ());
+
+ if (ret == NULL)
+ goto err;
+
+ SSL_CTX_set_default_passwd_cb(ret, no_passphrase_callback);
+ SSL_CTX_set_mode(ret, SSL_MODE_ENABLE_PARTIAL_WRITE);
+
+ if ((a.certificate_file != NULL) || (a.key_file != NULL)) {
+ if (a.key_file == NULL) {
+ tls_errprintf(1, apparg, "Need a key file.\n");
+ goto err_return;
+ }
+ if (a.certificate_file == NULL) {
+ tls_errprintf(1, apparg, "Need a certificate chain file.\n");
+ goto err_return;
+ }
+
+ if (!SSL_CTX_use_PrivateKey_file(ret, a.key_file, SSL_FILETYPE_PEM))
+ goto err;
+ if (!tls_rand_seeded_p) {
+ /*
+ * particularly paranoid people may not like this -- so provide
+ * your own random seeding before calling this
+ */
+ if (tls_rand_seed_from_file(a.key_file, 0, apparg) == -1)
+ goto err_return;
+ }
+ if (!SSL_CTX_use_certificate_chain_file(ret, a.certificate_file))
+ goto err;
+ if (!SSL_CTX_check_private_key(ret)) {
+ tls_errprintf(1, apparg,
+ "Private key \"%s\" does not match certificate \"%s\".\n",
+ a.key_file, a.certificate_file);
+ goto err_peek;
+ }
+ }
+
+ if ((a.ca_file != NULL) || (a.verify_depth > 0)) {
+ context_num++;
+ r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num,
+ (unsigned int)sizeof context_num);
+ if (!r)
+ goto err;
+
+ SSL_CTX_set_verify(ret,
+ SSL_VERIFY_PEER | (a.fail_unless_verified ?
+ SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+ : 0), 0);
+ if (!a.fail_unless_verified)
+ SSL_CTX_set_cert_verify_callback(ret, verify_dont_fail_cb, NULL);
+
+ if (a.verify_depth > 0)
+ SSL_CTX_set_verify_depth(ret, a.verify_depth);
+
+ if (a.ca_file != NULL) {
+ /* does not report failure if file does not exist ... */
+ /* NULL argument means no CA-directory */
+ r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL);
+ if (!r) {
+ err_pref_1 = " while processing certificate file ";
+ err_pref_2 = a.ca_file;
+ goto err;
+ }
+
+ if (!a.client_p) {
+ /*
+ * SSL_load_client_CA_file is a misnomer, it just creates a
+ * list of CNs.
+ */
+ SSL_CTX_set_client_CA_list(ret,
+ SSL_load_client_CA_file
+ (a.ca_file));
+ /*
+ * SSL_CTX_set_client_CA_list does not have a return value;
+ * it does not really need one, but make sure (we really test
+ * if SSL_load_client_CA_file worked)
+ */
+ if (SSL_CTX_get_client_CA_list(ret) == NULL) {
+ tls_errprintf(1, apparg,
+ "Could not set client CA list from \"%s\".\n",
+ a.ca_file);
+ goto err_peek;
+ }
+ }
+ }
+ }
+
+ if (!a.client_p) {
+ if (tls_dhe1024 == NULL) {
+ int i;
+
+ RAND_bytes((unsigned char *)&i, sizeof i);
+ /*
+ * make sure that i is non-negative -- pick one of the provided
+ * seeds
+ */
+ if (i < 0)
+ i = -i;
+ if (i < 0)
+ i = 0;
+ tls_set_dhe1024(i, apparg);
+ if (tls_dhe1024 == NULL)
+ goto err_return;
+ }
+
+ if (!SSL_CTX_set_tmp_dh(ret, tls_dhe1024))
+ goto err;
+
+ /* avoid small subgroup attacks: */
+ SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE);
+ }
+#ifndef NO_RSA
+ if (!a.client_p && a.export_p) {
+ RSA *tmpkey;
+
+ tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL);
+ if (tmpkey == NULL)
+ goto err;
+ if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) {
+ RSA_free(tmpkey);
+ goto err;
+ }
+ RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */
+ }
+#endif
+
+ return ret;
+
+ err_peek:
+ if (!ERR_peek_error())
+ goto err_return;
+ err:
+ tls_openssl_errors(err_pref_1, err_pref_2, NULL, apparg);
+ err_return:
+ if (ret != NULL)
+ SSL_CTX_free(ret);
+ return NULL;
+}
+
+/*****************************************************************************/
+
+static int tls_socket_nonblocking(int fd)
+{
+ int v, r;
+
+ v = fcntl(fd, F_GETFL, 0);
+ if (v == -1) {
+ if (errno == EINVAL)
+ return 0; /* already shut down -- ignore */
+ return -1;
+ }
+ r = fcntl(fd, F_SETFL, v | O_NONBLOCK);
+ if (r == -1) {
+ if (errno == EINVAL)
+ return 0; /* already shut down -- ignore */
+ return -1;
+ }
+ return 0;
+}
+
+static int max(int a, int b)
+{
+ return a > b ? a : b;
+}
+
+/* timeout, -1 means no timeout */
+static void
+tls_sockets_select(int read_select_1, int read_select_2, int write_select_1,
+ int write_select_2, int seconds)
+{
+ int maxfd, n;
+ fd_set reads, writes;
+ struct timeval timeout;
+ struct timeval *timeout_p;
+
+ assert(read_select_1 >= -1 && read_select_2 >= -1 && write_select_1 >= -1
+ && write_select_2 >= -1);
+ assert(read_select_1 < FD_SETSIZE && read_select_2 < FD_SETSIZE - 1
+ && write_select_1 < FD_SETSIZE - 1
+ && write_select_2 < FD_SETSIZE - 1);
+
+ maxfd =
+ max(max(read_select_1, read_select_2),
+ max(write_select_1, write_select_2));
+ assert(maxfd >= 0);
+
+ FD_ZERO(&reads);
+ FD_ZERO(&writes);
+
+ for (n = 0; n < 4; ++n) {
+ int i = n % 2;
+ int w = n >= 2;
+ /* loop over all (i, w) in {0,1}x{0,1} */
+ int fd;
+
+ if (i == 0 && w == 0)
+ fd = read_select_1;
+ else if (i == 1 && w == 0)
+ fd = read_select_2;
+ else if (i == 0 && w == 1)
+ fd = write_select_1;
+ else {
+ assert(i == 1 && w == 1);
+ fd = write_select_2;
+ }
+
+ if (fd >= 0) {
+ if (w == 0)
+ FD_SET(fd, &reads);
+ else /* w == 1 */
+ FD_SET(fd, &writes);
+ }
+ }
+
+ if (seconds >= 0) {
+ timeout.tv_sec = seconds;
+ timeout.tv_usec = 0;
+ timeout_p = &timeout;
+ } else
+ timeout_p = NULL;
+
+ DEBUG_MSG2("select no.", ++tls_select_count);
+ select(maxfd + 1, &reads, &writes, (fd_set *) NULL, timeout_p);
+ DEBUG_MSG("cont.");
+}
+
+/*****************************************************************************/
+
+#define TUNNELBUFSIZE (16*1024)
+struct tunnelbuf {
+ char buf[TUNNELBUFSIZE];
+ size_t len;
+ size_t offset;
+};
+
+static int tls_connect_attempt(SSL *, int *write_select, int *read_select,
+ int *closed, int *progress,
+ const char **err_pref);
+
+static int tls_accept_attempt(SSL *, int *write_select, int *read_select,
+ int *closed, int *progress,
+ const char **err_pref);
+
+static int tls_write_attempt(SSL *, struct tunnelbuf *, int *write_select,
+ int *read_select, int *closed, int *progress,
+ const char **err_pref);
+
+static int tls_read_attempt(SSL *, struct tunnelbuf *, int *write_select,
+ int *read_select, int *closed, int *progress,
+ const char **err_pref);
+
+static int write_attempt(int fd, struct tunnelbuf *, int *select, int *closed,
+ int *progress);
+
+static int read_attempt(int fd, struct tunnelbuf *, int *select, int *closed,
+ int *progress);
+
+static void write_info(SSL *ssl, int *info_fd)
+{
+ if (*info_fd != -1) {
+ long v;
+ int v_ok;
+ struct tls_x509_name_string peer;
+ char infobuf[TLS_INFO_SIZE];
+ int r;
+
+ DEBUG_MSG("write_info");
+ v = SSL_get_verify_result(ssl);
+ v_ok = (v == X509_V_OK) ? 'A' : 'E'; /* Auth./Error */
+ {
+ X509 *peercert;
+
+ peercert = SSL_get_peer_certificate(ssl);
+ tls_get_x509_subject_name_oneline(peercert, &peer);
+ if (peercert != NULL)
+ X509_free(peercert);
+ }
+ if (peer.str[0] == '\0')
+ v_ok = '0'; /* no cert at all */
+ else if (strchr(peer.str, '\n')) {
+ /* should not happen, but make sure */
+ *strchr(peer.str, '\n') = '\0';
+ }
+ r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok,
+ X509_verify_cert_error_string(v), peer.str);
+ DEBUG_MSG2("snprintf", r);
+ if (r == -1 || r >= sizeof infobuf)
+ r = sizeof infobuf - 1;
+ write(*info_fd, infobuf, r);
+ close(*info_fd);
+ *info_fd = -1;
+ }
+}
+
+/* tls_proxy expects that all fds are closed after return */
+static void
+tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p)
+{
+ struct tunnelbuf clear_to_tls, tls_to_clear;
+ SSL *ssl;
+ BIO *rbio, *wbio;
+ int closed, in_handshake;
+ const char *err_pref_1 = "", *err_pref_2 = "";
+ const char *err_def = NULL;
+
+ assert(clear_fd != -1);
+ assert(tls_fd != -1);
+ assert(clear_fd < FD_SETSIZE);
+ assert(tls_fd < FD_SETSIZE);
+ /* info_fd may be -1 */
+ assert(ctx != NULL);
+
+ tls_rand_seed_uniquely();
+
+ tls_socket_nonblocking(clear_fd);
+ DEBUG_MSG2("clear_fd", clear_fd);
+ tls_socket_nonblocking(tls_fd);
+ DEBUG_MSG2("tls_fd", tls_fd);
+
+ ssl = SSL_new(ctx);
+ if (ssl == NULL)
+ goto err;
+ DEBUG_MSG("SSL_new");
+ if (!SSL_set_fd(ssl, tls_fd))
+ goto err;
+ rbio = SSL_get_rbio(ssl);
+ wbio = SSL_get_wbio(ssl); /* should be the same, but who cares */
+ assert(rbio != NULL);
+ assert(wbio != NULL);
+ if (client_p)
+ SSL_set_connect_state(ssl);
+ else
+ SSL_set_accept_state(ssl);
+
+ closed = 0;
+ in_handshake = 1;
+ tls_to_clear.len = 0;
+ tls_to_clear.offset = 0;
+ clear_to_tls.len = 0;
+ clear_to_tls.offset = 0;
+
+ err_def = "I/O error";
+
+ /*
+ * loop finishes as soon as we detect that one side closed; when all
+ * (program and OS) buffers have enough space, the data from the last
+ * succesful read in each direction is transferred before close
+ */
+ do {
+ int clear_read_select = 0, clear_write_select = 0,
+ tls_read_select = 0, tls_write_select = 0, progress = 0;
+ int r;
+ unsigned long num_read = BIO_number_read(rbio),
+ num_written = BIO_number_written(wbio);
+
+ DEBUG_MSG2("loop iteration", ++tls_loop_count);
+
+ if (in_handshake) {
+ DEBUG_MSG("in_handshake");
+ if (client_p)
+ r = tls_connect_attempt(ssl, &tls_write_select,
+ &tls_read_select, &closed, &progress,
+ &err_pref_1);
+ else
+ r = tls_accept_attempt(ssl, &tls_write_select,
+ &tls_read_select, &closed, &progress,
+ &err_pref_1);
+ if (r != 0) {
+ write_info(ssl, &info_fd);
+ goto err;
+ }
+ if (closed)
+ goto err_return;
+ if (!SSL_in_init(ssl)) {
+ in_handshake = 0;
+ write_info(ssl, &info_fd);
+ }
+ }
+
+ if (clear_to_tls.len != 0 && !in_handshake) {
+ assert(!closed);
+
+ r = tls_write_attempt(ssl, &clear_to_tls, &tls_write_select,
+ &tls_read_select, &closed, &progress,
+ &err_pref_1);
+ if (r != 0)
+ goto err;
+ if (closed) {
+ assert(progress);
+ tls_to_clear.offset = 0;
+ tls_to_clear.len = 0;
+ }
+ }
+
+ if (tls_to_clear.len != 0) {
+ assert(!closed);
+
+ r = write_attempt(clear_fd, &tls_to_clear, &clear_write_select,
+ &closed, &progress);
+ if (r != 0)
+ goto err_return;
+ if (closed) {
+ assert(progress);
+ clear_to_tls.offset = 0;
+ clear_to_tls.len = 0;
+ }
+ }
+
+ if (!closed) {
+ if (clear_to_tls.offset + clear_to_tls.len <
+ sizeof clear_to_tls.buf) {
+ r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select,
+ &closed, &progress);
+ if (r != 0)
+ goto err_return;
+ if (closed) {
+ r = SSL_shutdown(ssl);
+ DEBUG_MSG2("SSL_shutdown", r);
+ }
+ }
+ }
+
+ if (!closed && !in_handshake) {
+ if (tls_to_clear.offset + tls_to_clear.len <
+ sizeof tls_to_clear.buf) {
+ r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select,
+ &tls_read_select, &closed, &progress,
+ &err_pref_1);
+ if (r != 0)
+ goto err;
+ if (closed) {
+ r = SSL_shutdown(ssl);
+ DEBUG_MSG2("SSL_shutdown", r);
+ }
+ }
+ }
+
+ if (!progress) {
+ DEBUG_MSG("!progress?");
+ if (num_read != BIO_number_read(rbio)
+ || num_written != BIO_number_written(wbio))
+ progress = 1;
+
+ if (!progress) {
+ DEBUG_MSG("!progress");
+ assert(clear_read_select || tls_read_select
+ || clear_write_select || tls_write_select);
+ tls_sockets_select(clear_read_select ? clear_fd : -1,
+ tls_read_select ? tls_fd : -1,
+ clear_write_select ? clear_fd : -1,
+ tls_write_select ? tls_fd : -1, -1);
+ }
+ }
+ } while (!closed);
+ return;
+
+ err:
+ tls_openssl_errors(err_pref_1, err_pref_2, err_def, tls_child_apparg);
+ err_return:
+ return;
+}
+
+static int
+tls_get_error(SSL *ssl, int r, int *write_select, int *read_select,
+ int *closed, int *progress)
+{
+ int err = SSL_get_error(ssl, r);
+
+ if (err == SSL_ERROR_NONE) {
+ assert(r > 0);
+ *progress = 1;
+ return 0;
+ }
+
+ assert(r <= 0);
+
+ switch (err) {
+ case SSL_ERROR_ZERO_RETURN:
+ assert(r == 0);
+ *closed = 1;
+ *progress = 1;
+ return 0;
+
+ case SSL_ERROR_WANT_WRITE:
+ *write_select = 1;
+ return 0;
+
+ case SSL_ERROR_WANT_READ:
+ *read_select = 1;
+ return 0;
+ }
+
+ return -1;
+}
+
+static int
+tls_connect_attempt(SSL *ssl, int *write_select, int *read_select,
+ int *closed, int *progress, const char **err_pref)
+{
+ int n, r;
+
+ DEBUG_MSG("tls_connect_attempt");
+ n = SSL_connect(ssl);
+ DEBUG_MSG2("SSL_connect", n);
+ r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+ if (r == -1)
+ *err_pref = " during SSL_connect";
+ return r;
+}
+
+static int
+tls_accept_attempt(SSL *ssl, int *write_select, int *read_select, int *closed,
+ int *progress, const char **err_pref)
+{
+ int n, r;
+
+ DEBUG_MSG("tls_accept_attempt");
+ n = SSL_accept(ssl);
+ DEBUG_MSG2("SSL_accept", n);
+ r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+ if (r == -1)
+ *err_pref = " during SSL_accept";
+ return r;
+}
+
+static int
+tls_write_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select,
+ int *read_select, int *closed, int *progress,
+ const char **err_pref)
+{
+ int n, r;
+
+ DEBUG_MSG("tls_write_attempt");
+ n = SSL_write(ssl, buf->buf + buf->offset, buf->len);
+ DEBUG_MSG2("SSL_write", n);
+ r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+ if (n > 0) {
+ buf->len -= n;
+ assert(buf->len >= 0);
+ if (buf->len == 0)
+ buf->offset = 0;
+ else
+ buf->offset += n;
+ }
+ if (r == -1)
+ *err_pref = " during SSL_write";
+ return r;
+}
+
+static int
+tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select,
+ int *read_select, int *closed, int *progress,
+ const char **err_pref)
+{
+ int n, r;
+ size_t total;
+
+ DEBUG_MSG("tls_read_attempt");
+ total = buf->offset + buf->len;
+ assert(total < sizeof buf->buf);
+ n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total);
+ DEBUG_MSG2("SSL_read", n);
+ r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+ if (n > 0) {
+ buf->len += n;
+ assert(buf->offset + buf->len <= sizeof buf->buf);
+ }
+ if (r == -1)
+ *err_pref = " during SSL_read";
+ return r;
+}
+
+static int get_error(int r, int *select, int *closed, int *progress)
+{
+ if (r >= 0) {
+ *progress = 1;
+ if (r == 0)
+ *closed = 1;
+ return 0;
+ } else {
+ assert(r == -1);
+ if (errno == EAGAIN || errno == EWOULDBLOCK) {
+ *select = 1;
+ return 0;
+ } else if (errno == EPIPE) {
+ *progress = 1;
+ *closed = 1;
+ return 0;
+ } else
+ return -1;
+ }
+}
+
+static int write_attempt(int fd, struct tunnelbuf *buf, int *select,
+ int *closed, int *progress)
+{
+ int n, r;
+
+ DEBUG_MSG("write_attempt");
+ n = write(fd, buf->buf + buf->offset, buf->len);
+ DEBUG_MSG2("write", n);
+ r = get_error(n, select, closed, progress);
+ if (n > 0) {
+ buf->len -= n;
+ assert(buf->len >= 0);
+ if (buf->len == 0)
+ buf->offset = 0;
+ else
+ buf->offset += n;
+ }
+ if (r == -1)
+ tls_errprintf(1, tls_child_apparg, "write error: %s\n",
+ strerror(errno));
+ return r;
+}
+
+static int
+read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed,
+ int *progress)
+{
+ int n, r;
+ size_t total;
+
+ DEBUG_MSG("read_attempt");
+ total = buf->offset + buf->len;
+ assert(total < sizeof buf->buf);
+ n = read(fd, buf->buf + total, (sizeof buf->buf) - total);
+ DEBUG_MSG2("read", n);
+ r = get_error(n, select, closed, progress);
+ if (n > 0) {
+ buf->len += n;
+ assert(buf->offset + buf->len <= sizeof buf->buf);
+ }
+ if (r == -1)
+ tls_errprintf(1, tls_child_apparg, "read error: %s\n",
+ strerror(errno));
+ return r;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.h
===================================================================
--- vendor-crypto/openssl/dist/demos/easy_tls/easy-tls.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,57 +0,0 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
-/*
- * easy-tls.h -- generic TLS proxy.
- * $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
- */
-/*
- * (c) Copyright 1999 Bodo Moeller. All rights reserved.
- */
-
-#ifndef HEADER_TLS_H
-#define HEADER_TLS_H
-
-#ifndef HEADER_SSL_H
-typedef struct ssl_ctx_st SSL_CTX;
-#endif
-
-#define TLS_INFO_SIZE 512 /* max. # of bytes written to infofd */
-
-void tls_set_dhe1024(int i, void* apparg);
-/* Generate DHE parameters:
- * i >= 0 deterministic (i selects seed), i < 0 random (may take a while).
- * tls_create_ctx calls this with random non-negative i if the application
- * has never called it.*/
-
-void tls_rand_seed(void);
-int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);
-void tls_rand_seed_from_memory(const void *buf, size_t n);
-
-struct tls_create_ctx_args
-{
- int client_p;
- const char *certificate_file;
- const char *key_file;
- const char *ca_file;
- int verify_depth;
- int fail_unless_verified;
- int export_p;
-};
-struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
-/* struct tls_create_ctx_args is similar to a conventional argument list,
- * but it can provide default values and allows for future extension. */
-SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);
-
-struct tls_start_proxy_args
-{
- int fd;
- int client_p;
- SSL_CTX *ctx;
- pid_t *pid;
- int *infofd;
-};
-struct tls_start_proxy_args tls_start_proxy_defaultargs(void);
-/* tls_start_proxy return value *MUST* be checked!
- * 0 means ok, otherwise we've probably run out of some resources. */
-int tls_start_proxy(struct tls_start_proxy_args, void *apparg);
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.h (from rev 6976, vendor-crypto/openssl/dist/demos/easy_tls/easy-tls.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/easy_tls/easy-tls.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,60 @@
+/* -*- Mode: C; c-file-style: "bsd" -*- */
+/*-
+ * easy-tls.h -- generic TLS proxy.
+ * $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
+ */
+/*
+ * (c) Copyright 1999 Bodo Moeller. All rights reserved.
+ */
+
+#ifndef HEADER_TLS_H
+# define HEADER_TLS_H
+
+# ifndef HEADER_SSL_H
+typedef struct ssl_ctx_st SSL_CTX;
+# endif
+
+# define TLS_INFO_SIZE 512 /* max. # of bytes written to infofd */
+
+void tls_set_dhe1024(int i, void *apparg);
+/*
+ * Generate DHE parameters: i >= 0 deterministic (i selects seed), i < 0
+ * random (may take a while). tls_create_ctx calls this with random
+ * non-negative i if the application has never called it.
+ */
+
+void tls_rand_seed(void);
+int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);
+void tls_rand_seed_from_memory(const void *buf, size_t n);
+
+struct tls_create_ctx_args {
+ int client_p;
+ const char *certificate_file;
+ const char *key_file;
+ const char *ca_file;
+ int verify_depth;
+ int fail_unless_verified;
+ int export_p;
+};
+struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
+/*
+ * struct tls_create_ctx_args is similar to a conventional argument list, but
+ * it can provide default values and allows for future extension.
+ */
+SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);
+
+struct tls_start_proxy_args {
+ int fd;
+ int client_p;
+ SSL_CTX *ctx;
+ pid_t *pid;
+ int *infofd;
+};
+struct tls_start_proxy_args tls_start_proxy_defaultargs(void);
+/*
+ * tls_start_proxy return value *MUST* be checked! 0 means ok, otherwise
+ * we've probably run out of some resources.
+ */
+int tls_start_proxy(struct tls_start_proxy_args, void *apparg);
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.c
===================================================================
--- vendor-crypto/openssl/dist/demos/easy_tls/test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,244 +0,0 @@
-/* test.c */
-/* $Id: test.c,v 1.1 2001/09/17 19:06:59 bodo Exp $ */
-
-#define L_PORT 9999
-#define C_PORT 443
-
-#include <arpa/inet.h>
-#include <assert.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/select.h>
-#include <sys/socket.h>
-#include <unistd.h>
-
-#include "test.h"
-#include "easy-tls.h"
-
-void
-test_process_init(int fd, int client_p, void *apparg)
-{
- fprintf(stderr, "test_process_init(fd = %d, client_p = %d, apparg = %p)\n", fd, client_p, apparg);
-}
-
-void
-test_errflush(int child_p, char *errbuf, size_t num, void *apparg)
-{
- fputs(errbuf, stderr);
-}
-
-
-int
-main(int argc, char *argv[])
-{
- int s, fd, r;
- FILE *conn_in;
- FILE *conn_out;
- char buf[256];
- SSL_CTX *ctx;
- int client_p = 0;
- int port;
- int tls = 0;
- char infobuf[TLS_INFO_SIZE + 1];
-
- if (argc > 1 && argv[1][0] == '-') {
- fputs("Usage: test [port] -- server\n"
- " test num.num.num.num [port] -- client\n",
- stderr);
- exit(1);
- }
-
- if (argc > 1) {
- if (strchr(argv[1], '.')) {
- client_p = 1;
- }
- }
-
- fputs(client_p ? "Client\n" : "Server\n", stderr);
-
- {
- struct tls_create_ctx_args a = tls_create_ctx_defaultargs();
- a.client_p = client_p;
- a.certificate_file = "cert.pem";
- a.key_file = "cert.pem";
- a.ca_file = "cacerts.pem";
-
- ctx = tls_create_ctx(a, NULL);
- if (ctx == NULL)
- exit(1);
- }
-
- s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
- if (s == -1) {
- perror("socket");
- exit(1);
- }
-
- if (client_p) {
- struct sockaddr_in addr;
- size_t addr_len = sizeof addr;
-
- addr.sin_family = AF_INET;
- assert(argc > 1);
- if (argc > 2)
- sscanf(argv[2], "%d", &port);
- else
- port = C_PORT;
- addr.sin_port = htons(port);
- addr.sin_addr.s_addr = inet_addr(argv[1]);
-
- r = connect(s, &addr, addr_len);
- if (r != 0) {
- perror("connect");
- exit(1);
- }
- fd = s;
- fprintf(stderr, "Connect (fd = %d).\n", fd);
- } else {
- /* server */
- {
- int i = 1;
-
- r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *) &i, sizeof i);
- if (r == -1) {
- perror("setsockopt");
- exit(1);
- }
- }
-
- {
- struct sockaddr_in addr;
- size_t addr_len = sizeof addr;
-
- if (argc > 1)
- sscanf(argv[1], "%d", &port);
- else
- port = L_PORT;
- addr.sin_family = AF_INET;
- addr.sin_port = htons(port);
- addr.sin_addr.s_addr = INADDR_ANY;
-
- r = bind(s, &addr, addr_len);
- if (r != 0) {
- perror("bind");
- exit(1);
- }
- }
-
- r = listen(s, 1);
- if (r == -1) {
- perror("listen");
- exit(1);
- }
-
- fprintf(stderr, "Listening at port %i.\n", port);
-
- fd = accept(s, NULL, 0);
- if (fd == -1) {
- perror("accept");
- exit(1);
- }
-
- fprintf(stderr, "Accept (fd = %d).\n", fd);
- }
-
- conn_in = fdopen(fd, "r");
- if (conn_in == NULL) {
- perror("fdopen");
- exit(1);
- }
- conn_out = fdopen(fd, "w");
- if (conn_out == NULL) {
- perror("fdopen");
- exit(1);
- }
-
- setvbuf(conn_in, NULL, _IOLBF, 256);
- setvbuf(conn_out, NULL, _IOLBF, 256);
-
- while (fgets(buf, sizeof buf, stdin) != NULL) {
- if (buf[0] == 'W') {
- fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1), buf + 1);
- fprintf(stderr, ">>> %.*s\n", (int)(strlen(buf + 1) - 1), buf + 1);
- } else if (buf[0] == 'C') {
- fprintf(stderr, "Closing.\n");
- fclose(conn_in);
- fclose(conn_out);
- exit(0);
- } else if (buf[0] == 'R') {
- int lines = 0;
-
- sscanf(buf + 1, "%d", &lines);
- do {
- if (fgets(buf, sizeof buf, conn_in) == NULL) {
- if (ferror(conn_in)) {
- fprintf(stderr, "ERROR\n");
- exit(1);
- }
- fprintf(stderr, "CLOSED\n");
- return 0;
- }
- fprintf(stderr, "<<< %s", buf);
- } while (--lines > 0);
- } else if (buf[0] == 'T') {
- int infofd;
-
- tls++;
- {
- struct tls_start_proxy_args a = tls_start_proxy_defaultargs();
- a.fd = fd;
- a.client_p = client_p;
- a.ctx = ctx;
- a.infofd = &infofd;
- r = tls_start_proxy(a, NULL);
- }
- assert(r != 1);
- if (r != 0) {
- fprintf(stderr, "tls_start_proxy failed: %d\n", r);
- switch (r) {
- case -1:
- fputs("socketpair", stderr); break;
- case 2:
- fputs("FD_SETSIZE exceeded", stderr); break;
- case -3:
- fputs("pipe", stderr); break;
- case -4:
- fputs("fork", stderr); break;
- case -5:
- fputs("dup2", stderr); break;
- default:
- fputs("?", stderr);
- }
- if (r < 0)
- perror("");
- else
- fputc('\n', stderr);
- exit(1);
- }
-
- r = read(infofd, infobuf, sizeof infobuf - 1);
- if (r > 0) {
- const char *info = infobuf;
- const char *eol;
-
- infobuf[r] = '\0';
- while ((eol = strchr(info, '\n')) != NULL) {
- fprintf(stderr, "+++ `%.*s'\n", eol - info, info);
- info = eol+1;
- }
- close (infofd);
- }
- } else {
- fprintf(stderr, "W... write line to network\n"
- "R[n] read line (n lines) from network\n"
- "C close\n"
- "T start %sTLS proxy\n", tls ? "another " : "");
- }
- }
- return 0;
-}
Copied: vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.c (from rev 6976, vendor-crypto/openssl/dist/demos/easy_tls/test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,248 @@
+/* test.c */
+/* $Id: test.c,v 1.1 2001/09/17 19:06:59 bodo Exp $ */
+
+#define L_PORT 9999
+#define C_PORT 443
+
+#include <arpa/inet.h>
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+#include "test.h"
+#include "easy-tls.h"
+
+void test_process_init(int fd, int client_p, void *apparg)
+{
+ fprintf(stderr,
+ "test_process_init(fd = %d, client_p = %d, apparg = %p)\n", fd,
+ client_p, apparg);
+}
+
+void test_errflush(int child_p, char *errbuf, size_t num, void *apparg)
+{
+ fputs(errbuf, stderr);
+}
+
+int main(int argc, char *argv[])
+{
+ int s, fd, r;
+ FILE *conn_in;
+ FILE *conn_out;
+ char buf[256];
+ SSL_CTX *ctx;
+ int client_p = 0;
+ int port;
+ int tls = 0;
+ char infobuf[TLS_INFO_SIZE + 1];
+
+ if (argc > 1 && argv[1][0] == '-') {
+ fputs("Usage: test [port] -- server\n"
+ " test num.num.num.num [port] -- client\n", stderr);
+ exit(1);
+ }
+
+ if (argc > 1) {
+ if (strchr(argv[1], '.')) {
+ client_p = 1;
+ }
+ }
+
+ fputs(client_p ? "Client\n" : "Server\n", stderr);
+
+ {
+ struct tls_create_ctx_args a = tls_create_ctx_defaultargs();
+ a.client_p = client_p;
+ a.certificate_file = "cert.pem";
+ a.key_file = "cert.pem";
+ a.ca_file = "cacerts.pem";
+
+ ctx = tls_create_ctx(a, NULL);
+ if (ctx == NULL)
+ exit(1);
+ }
+
+ s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+ if (s == -1) {
+ perror("socket");
+ exit(1);
+ }
+
+ if (client_p) {
+ struct sockaddr_in addr;
+ size_t addr_len = sizeof addr;
+
+ addr.sin_family = AF_INET;
+ assert(argc > 1);
+ if (argc > 2)
+ sscanf(argv[2], "%d", &port);
+ else
+ port = C_PORT;
+ addr.sin_port = htons(port);
+ addr.sin_addr.s_addr = inet_addr(argv[1]);
+
+ r = connect(s, &addr, addr_len);
+ if (r != 0) {
+ perror("connect");
+ exit(1);
+ }
+ fd = s;
+ fprintf(stderr, "Connect (fd = %d).\n", fd);
+ } else {
+ /* server */
+ {
+ int i = 1;
+
+ r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&i, sizeof i);
+ if (r == -1) {
+ perror("setsockopt");
+ exit(1);
+ }
+ }
+
+ {
+ struct sockaddr_in addr;
+ size_t addr_len = sizeof addr;
+
+ if (argc > 1)
+ sscanf(argv[1], "%d", &port);
+ else
+ port = L_PORT;
+ addr.sin_family = AF_INET;
+ addr.sin_port = htons(port);
+ addr.sin_addr.s_addr = INADDR_ANY;
+
+ r = bind(s, &addr, addr_len);
+ if (r != 0) {
+ perror("bind");
+ exit(1);
+ }
+ }
+
+ r = listen(s, 1);
+ if (r == -1) {
+ perror("listen");
+ exit(1);
+ }
+
+ fprintf(stderr, "Listening at port %i.\n", port);
+
+ fd = accept(s, NULL, 0);
+ if (fd == -1) {
+ perror("accept");
+ exit(1);
+ }
+
+ fprintf(stderr, "Accept (fd = %d).\n", fd);
+ }
+
+ conn_in = fdopen(fd, "r");
+ if (conn_in == NULL) {
+ perror("fdopen");
+ exit(1);
+ }
+ conn_out = fdopen(fd, "w");
+ if (conn_out == NULL) {
+ perror("fdopen");
+ exit(1);
+ }
+
+ setvbuf(conn_in, NULL, _IOLBF, 256);
+ setvbuf(conn_out, NULL, _IOLBF, 256);
+
+ while (fgets(buf, sizeof buf, stdin) != NULL) {
+ if (buf[0] == 'W') {
+ fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1),
+ buf + 1);
+ fprintf(stderr, ">>> %.*s\n", (int)(strlen(buf + 1) - 1),
+ buf + 1);
+ } else if (buf[0] == 'C') {
+ fprintf(stderr, "Closing.\n");
+ fclose(conn_in);
+ fclose(conn_out);
+ exit(0);
+ } else if (buf[0] == 'R') {
+ int lines = 0;
+
+ sscanf(buf + 1, "%d", &lines);
+ do {
+ if (fgets(buf, sizeof buf, conn_in) == NULL) {
+ if (ferror(conn_in)) {
+ fprintf(stderr, "ERROR\n");
+ exit(1);
+ }
+ fprintf(stderr, "CLOSED\n");
+ return 0;
+ }
+ fprintf(stderr, "<<< %s", buf);
+ } while (--lines > 0);
+ } else if (buf[0] == 'T') {
+ int infofd;
+
+ tls++;
+ {
+ struct tls_start_proxy_args a = tls_start_proxy_defaultargs();
+ a.fd = fd;
+ a.client_p = client_p;
+ a.ctx = ctx;
+ a.infofd = &infofd;
+ r = tls_start_proxy(a, NULL);
+ }
+ assert(r != 1);
+ if (r != 0) {
+ fprintf(stderr, "tls_start_proxy failed: %d\n", r);
+ switch (r) {
+ case -1:
+ fputs("socketpair", stderr);
+ break;
+ case 2:
+ fputs("FD_SETSIZE exceeded", stderr);
+ break;
+ case -3:
+ fputs("pipe", stderr);
+ break;
+ case -4:
+ fputs("fork", stderr);
+ break;
+ case -5:
+ fputs("dup2", stderr);
+ break;
+ default:
+ fputs("?", stderr);
+ }
+ if (r < 0)
+ perror("");
+ else
+ fputc('\n', stderr);
+ exit(1);
+ }
+
+ r = read(infofd, infobuf, sizeof infobuf - 1);
+ if (r > 0) {
+ const char *info = infobuf;
+ const char *eol;
+
+ infobuf[r] = '\0';
+ while ((eol = strchr(info, '\n')) != NULL) {
+ fprintf(stderr, "+++ `%.*s'\n", eol - info, info);
+ info = eol + 1;
+ }
+ close(infofd);
+ }
+ } else {
+ fprintf(stderr, "W... write line to network\n"
+ "R[n] read line (n lines) from network\n"
+ "C close\n"
+ "T start %sTLS proxy\n", tls ? "another " : "");
+ }
+ }
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.h
===================================================================
--- vendor-crypto/openssl/dist/demos/easy_tls/test.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,11 +0,0 @@
-/* test.h */
-/* $Id: test.h,v 1.1 2001/09/17 19:07:00 bodo Exp $ */
-
-
-void test_process_init(int fd, int client_p, void *apparg);
-#define TLS_APP_PROCESS_INIT test_process_init
-
-#undef TLS_CUMULATE_ERRORS
-
-void test_errflush(int child_p, char *errbuf, size_t num, void *apparg);
-#define TLS_APP_ERRFLUSH test_errflush
Copied: vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.h (from rev 6976, vendor-crypto/openssl/dist/demos/easy_tls/test.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/easy_tls/test.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,10 @@
+/* test.h */
+/* $Id: test.h,v 1.1 2001/09/17 19:07:00 bodo Exp $ */
+
+void test_process_init(int fd, int client_p, void *apparg);
+#define TLS_APP_PROCESS_INIT test_process_init
+
+#undef TLS_CUMULATE_ERRORS
+
+void test_errflush(int child_p, char *errbuf, size_t num, void *apparg);
+#define TLS_APP_ERRFLUSH test_errflush
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/cluster_labs.h
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/cluster_labs/cluster_labs.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/cluster_labs.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,35 +0,0 @@
-typedef int cl_engine_init(void);
-typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *cgx);
-typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
- const BIGNUM *iqmp, BN_CTX *ctx);
-typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
-typedef int cl_rsa_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-typedef int cl_rsa_pub_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-typedef int cl_rsa_priv_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-typedef int cl_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-typedef int cl_rand_bytes(unsigned char *buf, int num);
-typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-
-
-static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs";
-static const char *CLUSTER_LABS_F1 = "hw_engine_init";
-static const char *CLUSTER_LABS_F2 = "hw_mod_exp";
-static const char *CLUSTER_LABS_F3 = "hw_mod_exp_crt";
-static const char *CLUSTER_LABS_F4 = "hw_rsa_mod_exp";
-static const char *CLUSTER_LABS_F5 = "hw_rsa_priv_enc";
-static const char *CLUSTER_LABS_F6 = "hw_rsa_priv_dec";
-static const char *CLUSTER_LABS_F7 = "hw_rsa_pub_enc";
-static const char *CLUSTER_LABS_F8 = "hw_rsa_pub_dec";
-static const char *CLUSTER_LABS_F20 = "hw_rand_bytes";
-static const char *CLUSTER_LABS_F30 = "hw_dsa_sign";
-static const char *CLUSTER_LABS_F31 = "hw_dsa_verify";
-
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/cluster_labs.h (from rev 6976, vendor-crypto/openssl/dist/demos/engines/cluster_labs/cluster_labs.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/cluster_labs.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/cluster_labs.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,33 @@
+typedef int cl_engine_init(void);
+typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *cgx);
+typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp,
+ BN_CTX *ctx);
+typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+typedef int cl_rsa_pub_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+typedef int cl_rsa_pub_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+typedef int cl_rsa_priv_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+typedef int cl_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+typedef int cl_rand_bytes(unsigned char *buf, int num);
+typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+
+static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs";
+static const char *CLUSTER_LABS_F1 = "hw_engine_init";
+static const char *CLUSTER_LABS_F2 = "hw_mod_exp";
+static const char *CLUSTER_LABS_F3 = "hw_mod_exp_crt";
+static const char *CLUSTER_LABS_F4 = "hw_rsa_mod_exp";
+static const char *CLUSTER_LABS_F5 = "hw_rsa_priv_enc";
+static const char *CLUSTER_LABS_F6 = "hw_rsa_priv_dec";
+static const char *CLUSTER_LABS_F7 = "hw_rsa_pub_enc";
+static const char *CLUSTER_LABS_F8 = "hw_rsa_pub_dec";
+static const char *CLUSTER_LABS_F20 = "hw_rand_bytes";
+static const char *CLUSTER_LABS_F30 = "hw_dsa_sign";
+static const char *CLUSTER_LABS_F31 = "hw_dsa_verify";
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs.c
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/cluster_labs/hw_cluster_labs.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,721 +0,0 @@
-/* crypto/engine/hw_cluster_labs.c */
-/* Written by Jan Tschirschwitz (jan.tschirschwitz at cluster-labs.com
- * for the OpenSSL project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#define MSC_VER /* only used cryptic.h */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/des.h>
-#include <openssl/engine.h>
-
-#ifndef NO_HW
-#ifndef NO_HW_CLUSTER_LABS
-
-#ifdef FLAT_INC
-#include "cluster_labs.h"
-#else
-#include "vendor_defns/cluster_labs.h"
-#endif
-
-#define CL_LIB_NAME "cluster_labs engine"
-#include "hw_cluster_labs_err.c"
-
-
-static int cluster_labs_destroy(ENGINE *e);
-static int cluster_labs_init(ENGINE *e);
-static int cluster_labs_finish(ENGINE *e);
-static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
-
-
-/* BIGNUM stuff */
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
-/* RSA stuff */
-#ifndef OPENSSL_NO_RSA
-static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
-#endif
-
-/* DSA stuff */
-#ifndef OPENSSL_NO_DSA
-static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
-static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
-
-/* DH stuff */
-#ifndef OPENSSL_NO_DH
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* RANDOM stuff */
-static int cluster_labs_rand_bytes(unsigned char *buf, int num);
-
-/* The definitions for control commands specific to this engine */
-#define CLUSTER_LABS_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN cluster_labs_cmd_defns[] =
- {
- { CLUSTER_LABS_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'cluster labs' shared library",
- ENGINE_CMD_FLAG_STRING
- },
- {0, NULL, NULL, 0}
- };
-
-/* Our internal RSA_METHOD that we provide pointers to */
-#ifndef OPENSSL_NO_RSA
-static RSA_METHOD cluster_labs_rsa =
- {
- "Cluster Labs RSA method",
- cluster_labs_rsa_pub_enc, /* rsa_pub_enc */
- cluster_labs_rsa_pub_dec, /* rsa_pub_dec */
- cluster_labs_rsa_priv_enc, /* rsa_priv_enc */
- cluster_labs_rsa_priv_dec, /* rsa_priv_dec */
- cluster_labs_rsa_mod_exp, /* rsa_mod_exp */
- cluster_labs_mod_exp_mont, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* apps_data */
- NULL, /* rsa_sign */
- NULL /* rsa_verify */
- };
-#endif
-
-/* Our internal DSA_METHOD that we provide pointers to */
-#ifndef OPENSSL_NO_DSA
-static DSA_METHOD cluster_labs_dsa =
- {
- "Cluster Labs DSA method",
- cluster_labs_dsa_sign, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- cluster_labs_dsa_verify, /* dsa_do_verify */
- cluster_labs_dsa_mod_exp, /* dsa_mod_exp */
- cluster_labs_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL /* app_data */
- };
-#endif
-
-/* Our internal DH_METHOD that we provide pointers to */
-#ifndef OPENSSL_NO_DH
-static DH_METHOD cluster_labs_dh =
- {
- "Cluster Labs DH method",
- NULL, /* generate key */
- NULL, /* compute key */
- cluster_labs_mod_exp_dh, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL /* app_data */
- };
-#endif
-
-static RAND_METHOD cluster_labs_rand =
- {
- /* "Cluster Labs RAND method", */
- NULL, /* seed */
- cluster_labs_rand_bytes, /* bytes */
- NULL, /* cleanup */
- NULL, /* add */
- cluster_labs_rand_bytes, /* pseudorand */
- NULL, /* status */
- };
-
-static const char *engine_cluster_labs_id = "cluster_labs";
-static const char *engine_cluster_labs_name = "Cluster Labs hardware engine support";
-
-/* engine implementation */
-/*-----------------------*/
-static int bind_helper(ENGINE *e)
- {
-
- if(!ENGINE_set_id(e, engine_cluster_labs_id) ||
- !ENGINE_set_name(e, engine_cluster_labs_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &cluster_labs_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &cluster_labs_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &cluster_labs_dh) ||
-#endif
- !ENGINE_set_RAND(e, &cluster_labs_rand) ||
- !ENGINE_set_destroy_function(e, cluster_labs_destroy) ||
- !ENGINE_set_init_function(e, cluster_labs_init) ||
- !ENGINE_set_finish_function(e, cluster_labs_finish) ||
- !ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||
- !ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))
- return 0;
- /* Ensure the error handling is set up */
- ERR_load_CL_strings();
- return 1;
- }
-
-#ifndef ENGINE_DYNAMIC_SUPPORT
-static ENGINE *engine_cluster_labs(void)
- {
- ENGINE *ret = ENGINE_new();
-
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static
-#endif
-void ENGINE_load_cluster_labs(void)
- {
-
- ENGINE *cluster_labs = engine_cluster_labs();
-
- if(!cluster_labs) return;
- ENGINE_add(cluster_labs);
- ENGINE_free(cluster_labs);
- ERR_clear_error();
- }
-#endif /* !ENGINE_DYNAMIC_SUPPORT */
-
-static int cluster_labs_destroy(ENGINE *e)
- {
-
- ERR_unload_CL_strings();
- return 1;
- }
-
-
-
-/* This is a process-global DSO handle used for loading and unloading
- * the Cluster Labs library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *cluster_labs_dso = NULL;
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-static cl_engine_init *p_cl_engine_init = NULL;
-static cl_mod_exp *p_cl_mod_exp = NULL;
-static cl_mod_exp_crt *p_cl_mod_exp_crt = NULL;
-static cl_rsa_mod_exp *p_cl_rsa_mod_exp = NULL;
-static cl_rsa_priv_enc *p_cl_rsa_priv_enc = NULL;
-static cl_rsa_priv_dec *p_cl_rsa_priv_dec = NULL;
-static cl_rsa_pub_enc *p_cl_rsa_pub_enc = NULL;
-static cl_rsa_pub_dec *p_cl_rsa_pub_dec = NULL;
-static cl_rand_bytes *p_cl_rand_bytes = NULL;
-static cl_dsa_sign *p_cl_dsa_sign = NULL;
-static cl_dsa_verify *p_cl_dsa_verify = NULL;
-
-
-int cluster_labs_init(ENGINE *e)
- {
-
- cl_engine_init *p1;
- cl_mod_exp *p2;
- cl_mod_exp_crt *p3;
- cl_rsa_mod_exp *p4;
- cl_rsa_priv_enc *p5;
- cl_rsa_priv_dec *p6;
- cl_rsa_pub_enc *p7;
- cl_rsa_pub_dec *p8;
- cl_rand_bytes *p20;
- cl_dsa_sign *p30;
- cl_dsa_verify *p31;
-
- /* engine already loaded */
- if(cluster_labs_dso != NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_ALREADY_LOADED);
- goto err;
- }
- /* try to load engine */
- cluster_labs_dso = DSO_load(NULL, CLUSTER_LABS_LIB_NAME, NULL,0);
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
- goto err;
- }
- /* bind functions */
- if( !(p1 = (cl_engine_init *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F1)) ||
- !(p2 = (cl_mod_exp *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F2)) ||
- !(p3 = (cl_mod_exp_crt *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F3)) ||
- !(p4 = (cl_rsa_mod_exp *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F4)) ||
- !(p5 = (cl_rsa_priv_enc *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F5)) ||
- !(p6 = (cl_rsa_priv_dec *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F6)) ||
- !(p7 = (cl_rsa_pub_enc *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F7)) ||
- !(p8 = (cl_rsa_pub_dec *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F8)) ||
- !(p20= (cl_rand_bytes *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F20)) ||
- !(p30= (cl_dsa_sign *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F30)) ||
- !(p31= (cl_dsa_verify *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F31)))
- {
- CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
- goto err;
- }
-
- /* copy function pointers */
- p_cl_engine_init = p1;
- p_cl_mod_exp = p2;
- p_cl_mod_exp_crt = p3;
- p_cl_rsa_mod_exp = p4;
- p_cl_rsa_priv_enc = p5;
- p_cl_rsa_priv_dec = p6;
- p_cl_rsa_pub_enc = p7;
- p_cl_rsa_pub_dec = p8;
- p_cl_rand_bytes = p20;
- p_cl_dsa_sign = p30;
- p_cl_dsa_verify = p31;
-
-
-
- /* cluster labs engine init */
- if(p_cl_engine_init()== 0){
- CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_INIT_FAILED);
- goto err;
- }
-
- return(1);
-
-err:
- /* reset all pointers */
- if(cluster_labs_dso)
- DSO_free(cluster_labs_dso);
-
- cluster_labs_dso = NULL;
- p_cl_engine_init = NULL;
- p_cl_mod_exp = NULL;
- p_cl_mod_exp_crt = NULL;
- p_cl_rsa_mod_exp = NULL;
- p_cl_rsa_priv_enc = NULL;
- p_cl_rsa_priv_dec = NULL;
- p_cl_rsa_pub_enc = NULL;
- p_cl_rsa_pub_dec = NULL;
- p_cl_rand_bytes = NULL;
- p_cl_dsa_sign = NULL;
- p_cl_dsa_verify = NULL;
-
- return(0);
- }
-
-
-static int cluster_labs_finish(ENGINE *e)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(cluster_labs_dso))
- {
- CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_DSO_FAILURE);
- return 0;
- }
-
- cluster_labs_dso = NULL;
- p_cl_engine_init = NULL;
- p_cl_mod_exp = NULL;
- p_cl_rsa_mod_exp = NULL;
- p_cl_mod_exp_crt = NULL;
- p_cl_rsa_priv_enc = NULL;
- p_cl_rsa_priv_dec = NULL;
- p_cl_rsa_pub_enc = NULL;
- p_cl_rsa_pub_dec = NULL;
- p_cl_rand_bytes = NULL;
- p_cl_dsa_sign = NULL;
- p_cl_dsa_verify = NULL;
-
- return(1);
-
- }
-
-static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
- {
- int initialised = ((cluster_labs_dso == NULL) ? 0 : 1);
-
- switch(cmd)
- {
- case CLUSTER_LABS_CMD_SO_PATH:
- if(p == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_ALREADY_LOADED);
- return 0;
- }
- CLUSTER_LABS_LIB_NAME = (const char *)p;
- return 1;
- default:
- break;
- }
- CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-
-static int cluster_labs_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_mod_exp == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_mod_exp(r, a, p, m, ctx);
-
- }
-
-static int cluster_labs_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
- const BIGNUM *iqmp, BN_CTX *ctx)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_mod_exp_crt == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_mod_exp_crt(r, a, p, q,dmp1, dmq1, iqmp, ctx);
-
- }
-
-static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_rsa_mod_exp == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_rsa_mod_exp(r0, I, rsa);
-
- }
-
-static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_dsa_sign == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_dsa_sign(dgst, dlen, dsa);
-
- }
-
-static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_NOT_LOADED);
- return 0;
- }
-
- if(p_cl_dsa_verify == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_dsa_verify(dgst, dgst_len, sig, dsa);
-
- }
-
-static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int status = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!cluster_labs_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!cluster_labs_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- status = 1;
-end:
- BN_free(&t);
-
- return(1);
-
- }
-
-static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return cluster_labs_mod_exp(r, a, p, m, ctx);
- }
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return cluster_labs_mod_exp(r, a, p, m, ctx);
- }
-
-
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return cluster_labs_mod_exp(r, a, p, m, ctx);
- }
-
-
-static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_rsa_priv_enc == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_rsa_pub_enc(flen, from, to, rsa, padding);
-
- }
-
-static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_rsa_priv_enc == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_rsa_pub_dec(flen, from, to, rsa, padding);
-
- }
-
-
-static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_NOT_LOADED);
- return 0;
- }
-
- if(p_cl_rsa_priv_enc == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_rsa_priv_enc(flen, from, to, rsa, padding);
-
- }
-
-static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_rsa_priv_dec == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_rsa_priv_dec(flen, from, to, rsa, padding);
-
- }
-
-/************************************************************************************
-* Symmetric algorithms
-************************************************************************************/
-/* this will be come soon! */
-
-/************************************************************************************
-* Random generator
-************************************************************************************/
-
-static int cluster_labs_rand_bytes(unsigned char *buf, int num){
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_mod_exp_crt == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_rand_bytes(buf, num);
-
-}
-
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int bind_fn(ENGINE *e, const char *id)
- {
- fprintf(stderr, "bind_fn CLUSTER_LABS\n");
- if(id && (strcmp(id, engine_cluster_labs_id) != 0)) {
- fprintf(stderr, "bind_fn return(0) first\n");
- return 0;
- }
- if(!bind_helper(e)) {
- fprintf(stderr, "bind_fn return(1) first\n");
- return 0;
- }
- fprintf(stderr, "bind_fn return(1)\n");
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
-
-#endif /* !NO_HW_CLUSTER_LABS */
-#endif /* !NO_HW */
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs.c (from rev 6976, vendor-crypto/openssl/dist/demos/engines/cluster_labs/hw_cluster_labs.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,692 @@
+/* crypto/engine/hw_cluster_labs.c */
+/*
+ * Written by Jan Tschirschwitz (jan.tschirschwitz at cluster-labs.com for the
+ * OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#define MSC_VER /* only used cryptic.h */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/des.h>
+#include <openssl/engine.h>
+
+#ifndef NO_HW
+# ifndef NO_HW_CLUSTER_LABS
+
+# ifdef FLAT_INC
+# include "cluster_labs.h"
+# else
+# include "vendor_defns/cluster_labs.h"
+# endif
+
+# define CL_LIB_NAME "cluster_labs engine"
+# include "hw_cluster_labs_err.c"
+
+static int cluster_labs_destroy(ENGINE *e);
+static int cluster_labs_init(ENGINE *e);
+static int cluster_labs_finish(ENGINE *e);
+static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) ());
+
+/* BIGNUM stuff */
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* RSA stuff */
+# ifndef OPENSSL_NO_RSA
+static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,
+ int padding);
+static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa,
+ int padding);
+static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+# endif
+
+/* DSA stuff */
+# ifndef OPENSSL_NO_DSA
+static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa);
+static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
+ BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont);
+static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+# endif
+
+/* DH stuff */
+# ifndef OPENSSL_NO_DH
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+# endif
+
+/* RANDOM stuff */
+static int cluster_labs_rand_bytes(unsigned char *buf, int num);
+
+/* The definitions for control commands specific to this engine */
+# define CLUSTER_LABS_CMD_SO_PATH ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN cluster_labs_cmd_defns[] = {
+ {CLUSTER_LABS_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'cluster labs' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+/* Our internal RSA_METHOD that we provide pointers to */
+# ifndef OPENSSL_NO_RSA
+static RSA_METHOD cluster_labs_rsa = {
+ "Cluster Labs RSA method",
+ cluster_labs_rsa_pub_enc, /* rsa_pub_enc */
+ cluster_labs_rsa_pub_dec, /* rsa_pub_dec */
+ cluster_labs_rsa_priv_enc, /* rsa_priv_enc */
+ cluster_labs_rsa_priv_dec, /* rsa_priv_dec */
+ cluster_labs_rsa_mod_exp, /* rsa_mod_exp */
+ cluster_labs_mod_exp_mont, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* apps_data */
+ NULL, /* rsa_sign */
+ NULL /* rsa_verify */
+};
+# endif
+
+/* Our internal DSA_METHOD that we provide pointers to */
+# ifndef OPENSSL_NO_DSA
+static DSA_METHOD cluster_labs_dsa = {
+ "Cluster Labs DSA method",
+ cluster_labs_dsa_sign, /* dsa_do_sign */
+ NULL, /* dsa_sign_setup */
+ cluster_labs_dsa_verify, /* dsa_do_verify */
+ cluster_labs_dsa_mod_exp, /* dsa_mod_exp */
+ cluster_labs_mod_exp_dsa, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL /* app_data */
+};
+# endif
+
+/* Our internal DH_METHOD that we provide pointers to */
+# ifndef OPENSSL_NO_DH
+static DH_METHOD cluster_labs_dh = {
+ "Cluster Labs DH method",
+ NULL, /* generate key */
+ NULL, /* compute key */
+ cluster_labs_mod_exp_dh, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL /* app_data */
+};
+# endif
+
+static RAND_METHOD cluster_labs_rand = {
+ /* "Cluster Labs RAND method", */
+ NULL, /* seed */
+ cluster_labs_rand_bytes, /* bytes */
+ NULL, /* cleanup */
+ NULL, /* add */
+ cluster_labs_rand_bytes, /* pseudorand */
+ NULL, /* status */
+};
+
+static const char *engine_cluster_labs_id = "cluster_labs";
+static const char *engine_cluster_labs_name =
+ "Cluster Labs hardware engine support";
+
+/* engine implementation */
+/* ---------------------*/
+static int bind_helper(ENGINE *e)
+{
+
+ if (!ENGINE_set_id(e, engine_cluster_labs_id) ||
+ !ENGINE_set_name(e, engine_cluster_labs_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &cluster_labs_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &cluster_labs_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &cluster_labs_dh) ||
+# endif
+ !ENGINE_set_RAND(e, &cluster_labs_rand) ||
+ !ENGINE_set_destroy_function(e, cluster_labs_destroy) ||
+ !ENGINE_set_init_function(e, cluster_labs_init) ||
+ !ENGINE_set_finish_function(e, cluster_labs_finish) ||
+ !ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||
+ !ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))
+ return 0;
+ /* Ensure the error handling is set up */
+ ERR_load_CL_strings();
+ return 1;
+}
+
+# ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_cluster_labs(void)
+{
+ ENGINE *ret = ENGINE_new();
+
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+# ifdef ENGINE_DYNAMIC_SUPPORT
+static
+# endif
+void ENGINE_load_cluster_labs(void)
+{
+
+ ENGINE *cluster_labs = engine_cluster_labs();
+
+ if (!cluster_labs)
+ return;
+ ENGINE_add(cluster_labs);
+ ENGINE_free(cluster_labs);
+ ERR_clear_error();
+}
+# endif /* !ENGINE_DYNAMIC_SUPPORT */
+
+static int cluster_labs_destroy(ENGINE *e)
+{
+
+ ERR_unload_CL_strings();
+ return 1;
+}
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * Cluster Labs library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
+static DSO *cluster_labs_dso = NULL;
+
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
+static cl_engine_init *p_cl_engine_init = NULL;
+static cl_mod_exp *p_cl_mod_exp = NULL;
+static cl_mod_exp_crt *p_cl_mod_exp_crt = NULL;
+static cl_rsa_mod_exp *p_cl_rsa_mod_exp = NULL;
+static cl_rsa_priv_enc *p_cl_rsa_priv_enc = NULL;
+static cl_rsa_priv_dec *p_cl_rsa_priv_dec = NULL;
+static cl_rsa_pub_enc *p_cl_rsa_pub_enc = NULL;
+static cl_rsa_pub_dec *p_cl_rsa_pub_dec = NULL;
+static cl_rand_bytes *p_cl_rand_bytes = NULL;
+static cl_dsa_sign *p_cl_dsa_sign = NULL;
+static cl_dsa_verify *p_cl_dsa_verify = NULL;
+
+int cluster_labs_init(ENGINE *e)
+{
+
+ cl_engine_init *p1;
+ cl_mod_exp *p2;
+ cl_mod_exp_crt *p3;
+ cl_rsa_mod_exp *p4;
+ cl_rsa_priv_enc *p5;
+ cl_rsa_priv_dec *p6;
+ cl_rsa_pub_enc *p7;
+ cl_rsa_pub_dec *p8;
+ cl_rand_bytes *p20;
+ cl_dsa_sign *p30;
+ cl_dsa_verify *p31;
+
+ /* engine already loaded */
+ if (cluster_labs_dso != NULL) {
+ CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_ALREADY_LOADED);
+ goto err;
+ }
+ /* try to load engine */
+ cluster_labs_dso = DSO_load(NULL, CLUSTER_LABS_LIB_NAME, NULL, 0);
+ if (cluster_labs_dso == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_DSO_FAILURE);
+ goto err;
+ }
+ /* bind functions */
+ if (!
+ (p1 =
+ (cl_engine_init *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F1))
+|| !(p2 = (cl_mod_exp *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F2))
+|| !(p3 = (cl_mod_exp_crt *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F3))
+|| !(p4 = (cl_rsa_mod_exp *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F4))
+|| !(p5 =
+ (cl_rsa_priv_enc *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F5))
+|| !(p6 =
+ (cl_rsa_priv_dec *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F6))
+|| !(p7 = (cl_rsa_pub_enc *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F7))
+|| !(p8 = (cl_rsa_pub_dec *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F8))
+|| !(p20 =
+ (cl_rand_bytes *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F20))
+|| !(p30 = (cl_dsa_sign *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F30))
+|| !(p31 =
+ (cl_dsa_verify *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F31))) {
+ CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_DSO_FAILURE);
+ goto err;
+ }
+
+ /* copy function pointers */
+ p_cl_engine_init = p1;
+ p_cl_mod_exp = p2;
+ p_cl_mod_exp_crt = p3;
+ p_cl_rsa_mod_exp = p4;
+ p_cl_rsa_priv_enc = p5;
+ p_cl_rsa_priv_dec = p6;
+ p_cl_rsa_pub_enc = p7;
+ p_cl_rsa_pub_dec = p8;
+ p_cl_rand_bytes = p20;
+ p_cl_dsa_sign = p30;
+ p_cl_dsa_verify = p31;
+
+ /* cluster labs engine init */
+ if (p_cl_engine_init() == 0) {
+ CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_INIT_FAILED);
+ goto err;
+ }
+
+ return (1);
+
+ err:
+ /* reset all pointers */
+ if (cluster_labs_dso)
+ DSO_free(cluster_labs_dso);
+
+ cluster_labs_dso = NULL;
+ p_cl_engine_init = NULL;
+ p_cl_mod_exp = NULL;
+ p_cl_mod_exp_crt = NULL;
+ p_cl_rsa_mod_exp = NULL;
+ p_cl_rsa_priv_enc = NULL;
+ p_cl_rsa_priv_dec = NULL;
+ p_cl_rsa_pub_enc = NULL;
+ p_cl_rsa_pub_dec = NULL;
+ p_cl_rand_bytes = NULL;
+ p_cl_dsa_sign = NULL;
+ p_cl_dsa_verify = NULL;
+
+ return (0);
+}
+
+static int cluster_labs_finish(ENGINE *e)
+{
+
+ if (cluster_labs_dso == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_FINISH, CL_R_NOT_LOADED);
+ return 0;
+ }
+ if (!DSO_free(cluster_labs_dso)) {
+ CLerr(CL_F_CLUSTER_LABS_FINISH, CL_R_DSO_FAILURE);
+ return 0;
+ }
+
+ cluster_labs_dso = NULL;
+ p_cl_engine_init = NULL;
+ p_cl_mod_exp = NULL;
+ p_cl_rsa_mod_exp = NULL;
+ p_cl_mod_exp_crt = NULL;
+ p_cl_rsa_priv_enc = NULL;
+ p_cl_rsa_priv_dec = NULL;
+ p_cl_rsa_pub_enc = NULL;
+ p_cl_rsa_pub_dec = NULL;
+ p_cl_rand_bytes = NULL;
+ p_cl_dsa_sign = NULL;
+ p_cl_dsa_verify = NULL;
+
+ return (1);
+
+}
+
+static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) ())
+{
+ int initialised = ((cluster_labs_dso == NULL) ? 0 : 1);
+
+ switch (cmd) {
+ case CLUSTER_LABS_CMD_SO_PATH:
+ if (p == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ CLerr(CL_F_CLUSTER_LABS_CTRL, CL_R_ALREADY_LOADED);
+ return 0;
+ }
+ CLUSTER_LABS_LIB_NAME = (const char *)p;
+ return 1;
+ default:
+ break;
+ }
+ CLerr(CL_F_CLUSTER_LABS_CTRL, CL_R_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
+
+static int cluster_labs_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+
+ if (cluster_labs_dso == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_MOD_EXP, CL_R_NOT_LOADED);
+ return 0;
+ }
+ if (p_cl_mod_exp == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_MOD_EXP, CL_R_FUNCTION_NOT_BINDED);
+ return 0;
+ }
+
+ return p_cl_mod_exp(r, a, p, m, ctx);
+
+}
+
+static int cluster_labs_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp,
+ BN_CTX *ctx)
+{
+
+ if (cluster_labs_dso == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT, CL_R_NOT_LOADED);
+ return 0;
+ }
+ if (p_cl_mod_exp_crt == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT, CL_R_FUNCTION_NOT_BINDED);
+ return 0;
+ }
+
+ return p_cl_mod_exp_crt(r, a, p, q, dmp1, dmq1, iqmp, ctx);
+
+}
+
+static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+
+ if (cluster_labs_dso == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP, CL_R_NOT_LOADED);
+ return 0;
+ }
+ if (p_cl_rsa_mod_exp == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP, CL_R_FUNCTION_NOT_BINDED);
+ return 0;
+ }
+
+ return p_cl_rsa_mod_exp(r0, I, rsa);
+
+}
+
+static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa)
+{
+
+ if (cluster_labs_dso == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_DSA_SIGN, CL_R_NOT_LOADED);
+ return 0;
+ }
+ if (p_cl_dsa_sign == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_DSA_SIGN, CL_R_FUNCTION_NOT_BINDED);
+ return 0;
+ }
+
+ return p_cl_dsa_sign(dgst, dlen, dsa);
+
+}
+
+static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa)
+{
+
+ if (cluster_labs_dso == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY, CL_R_NOT_LOADED);
+ return 0;
+ }
+
+ if (p_cl_dsa_verify == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY, CL_R_FUNCTION_NOT_BINDED);
+ return 0;
+ }
+
+ return p_cl_dsa_verify(dgst, dgst_len, sig, dsa);
+
+}
+
+static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
+ BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont)
+{
+ BIGNUM t;
+ int status = 0;
+
+ BN_init(&t);
+ /* let rr = a1 ^ p1 mod m */
+ if (!cluster_labs_mod_exp(rr, a1, p1, m, ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!cluster_labs_mod_exp(&t, a2, p2, m, ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr, rr, &t, m, ctx))
+ goto end;
+ status = 1;
+ end:
+ BN_free(&t);
+
+ return (1);
+
+}
+
+static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return cluster_labs_mod_exp(r, a, p, m, ctx);
+}
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return cluster_labs_mod_exp(r, a, p, m, ctx);
+}
+
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return cluster_labs_mod_exp(r, a, p, m, ctx);
+}
+
+static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+
+ if (cluster_labs_dso == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC, CL_R_NOT_LOADED);
+ return 0;
+ }
+ if (p_cl_rsa_priv_enc == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC, CL_R_FUNCTION_NOT_BINDED);
+ return 0;
+ }
+
+ return p_cl_rsa_pub_enc(flen, from, to, rsa, padding);
+
+}
+
+static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+
+ if (cluster_labs_dso == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC, CL_R_NOT_LOADED);
+ return 0;
+ }
+ if (p_cl_rsa_priv_enc == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC, CL_R_FUNCTION_NOT_BINDED);
+ return 0;
+ }
+
+ return p_cl_rsa_pub_dec(flen, from, to, rsa, padding);
+
+}
+
+static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+
+ if (cluster_labs_dso == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC, CL_R_NOT_LOADED);
+ return 0;
+ }
+
+ if (p_cl_rsa_priv_enc == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC, CL_R_FUNCTION_NOT_BINDED);
+ return 0;
+ }
+
+ return p_cl_rsa_priv_enc(flen, from, to, rsa, padding);
+
+}
+
+static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+
+ if (cluster_labs_dso == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC, CL_R_NOT_LOADED);
+ return 0;
+ }
+ if (p_cl_rsa_priv_dec == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC, CL_R_FUNCTION_NOT_BINDED);
+ return 0;
+ }
+
+ return p_cl_rsa_priv_dec(flen, from, to, rsa, padding);
+
+}
+
+/************************************************************************************
+* Symmetric algorithms
+************************************************************************************/
+/* this will be come soon! */
+
+/************************************************************************************
+* Random generator
+************************************************************************************/
+
+static int cluster_labs_rand_bytes(unsigned char *buf, int num)
+{
+
+ if (cluster_labs_dso == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_RAND_BYTES, CL_R_NOT_LOADED);
+ return 0;
+ }
+ if (p_cl_mod_exp_crt == NULL) {
+ CLerr(CL_F_CLUSTER_LABS_RAND_BYTES, CL_R_FUNCTION_NOT_BINDED);
+ return 0;
+ }
+
+ return p_cl_rand_bytes(buf, num);
+
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+{
+ fprintf(stderr, "bind_fn CLUSTER_LABS\n");
+ if (id && (strcmp(id, engine_cluster_labs_id) != 0)) {
+ fprintf(stderr, "bind_fn return(0) first\n");
+ return 0;
+ }
+ if (!bind_helper(e)) {
+ fprintf(stderr, "bind_fn return(1) first\n");
+ return 0;
+ }
+ fprintf(stderr, "bind_fn return(1)\n");
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* ENGINE_DYNAMIC_SUPPORT */
+# endif /* !NO_HW_CLUSTER_LABS */
+#endif /* !NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.c
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/cluster_labs/hw_cluster_labs_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,151 +0,0 @@
-/* hw_cluster_labs_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "hw_cluster_labs_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA CL_str_functs[]=
- {
-{ERR_PACK(0,CL_F_CLUSTER_LABS_CTRL,0), "CLUSTER_LABS_CTRL"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_SIGN,0), "CLUSTER_LABS_DSA_SIGN"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_VERIFY,0), "CLUSTER_LABS_DSA_VERIFY"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_FINISH,0), "CLUSTER_LABS_FINISH"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_INIT,0), "CLUSTER_LABS_INIT"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP,0), "CLUSTER_LABS_MOD_EXP"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP_CRT,0), "CLUSTER_LABS_MOD_EXP_CRT"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_RAND_BYTES,0), "CLUSTER_LABS_RAND_BYTES"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_MOD_EXP,0), "CLUSTER_LABS_RSA_MOD_EXP"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_DEC,0), "CLUSTER_LABS_RSA_PRIV_DEC"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_ENC,0), "CLUSTER_LABS_RSA_PRIV_ENC"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_DEC,0), "CLUSTER_LABS_RSA_PUB_DEC"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_ENC,0), "CLUSTER_LABS_RSA_PUB_ENC"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CL_str_reasons[]=
- {
-{CL_R_ALREADY_LOADED ,"already loaded"},
-{CL_R_COMMAND_NOT_IMPLEMENTED ,"command not implemented"},
-{CL_R_DSO_FAILURE ,"dso failure"},
-{CL_R_FUNCTION_NOT_BINDED ,"function not binded"},
-{CL_R_INIT_FAILED ,"init failed"},
-{CL_R_NOT_LOADED ,"not loaded"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef CL_LIB_NAME
-static ERR_STRING_DATA CL_lib_name[]=
- {
-{0 ,CL_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int CL_lib_error_code=0;
-static int CL_error_init=1;
-
-static void ERR_load_CL_strings(void)
- {
- if (CL_lib_error_code == 0)
- CL_lib_error_code=ERR_get_next_error_library();
-
- if (CL_error_init)
- {
- CL_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(CL_lib_error_code,CL_str_functs);
- ERR_load_strings(CL_lib_error_code,CL_str_reasons);
-#endif
-
-#ifdef CL_LIB_NAME
- CL_lib_name->error = ERR_PACK(CL_lib_error_code,0,0);
- ERR_load_strings(0,CL_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_CL_strings(void)
- {
- if (CL_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(CL_lib_error_code,CL_str_functs);
- ERR_unload_strings(CL_lib_error_code,CL_str_reasons);
-#endif
-
-#ifdef CL_LIB_NAME
- ERR_unload_strings(0,CL_lib_name);
-#endif
- CL_error_init=1;
- }
- }
-
-static void ERR_CL_error(int function, int reason, char *file, int line)
- {
- if (CL_lib_error_code == 0)
- CL_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(CL_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.c (from rev 6976, vendor-crypto/openssl/dist/demos/engines/cluster_labs/hw_cluster_labs_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,152 @@
+/* hw_cluster_labs_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_cluster_labs_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CL_str_functs[] = {
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_CTRL, 0), "CLUSTER_LABS_CTRL"},
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_DSA_SIGN, 0), "CLUSTER_LABS_DSA_SIGN"},
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_DSA_VERIFY, 0), "CLUSTER_LABS_DSA_VERIFY"},
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_FINISH, 0), "CLUSTER_LABS_FINISH"},
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_INIT, 0), "CLUSTER_LABS_INIT"},
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_MOD_EXP, 0), "CLUSTER_LABS_MOD_EXP"},
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_MOD_EXP_CRT, 0),
+ "CLUSTER_LABS_MOD_EXP_CRT"},
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_RAND_BYTES, 0), "CLUSTER_LABS_RAND_BYTES"},
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_MOD_EXP, 0),
+ "CLUSTER_LABS_RSA_MOD_EXP"},
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PRIV_DEC, 0),
+ "CLUSTER_LABS_RSA_PRIV_DEC"},
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PRIV_ENC, 0),
+ "CLUSTER_LABS_RSA_PRIV_ENC"},
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PUB_DEC, 0),
+ "CLUSTER_LABS_RSA_PUB_DEC"},
+ {ERR_PACK(0, CL_F_CLUSTER_LABS_RSA_PUB_ENC, 0),
+ "CLUSTER_LABS_RSA_PUB_ENC"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA CL_str_reasons[] = {
+ {CL_R_ALREADY_LOADED, "already loaded"},
+ {CL_R_COMMAND_NOT_IMPLEMENTED, "command not implemented"},
+ {CL_R_DSO_FAILURE, "dso failure"},
+ {CL_R_FUNCTION_NOT_BINDED, "function not binded"},
+ {CL_R_INIT_FAILED, "init failed"},
+ {CL_R_NOT_LOADED, "not loaded"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef CL_LIB_NAME
+static ERR_STRING_DATA CL_lib_name[] = {
+ {0, CL_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int CL_lib_error_code = 0;
+static int CL_error_init = 1;
+
+static void ERR_load_CL_strings(void)
+{
+ if (CL_lib_error_code == 0)
+ CL_lib_error_code = ERR_get_next_error_library();
+
+ if (CL_error_init) {
+ CL_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(CL_lib_error_code, CL_str_functs);
+ ERR_load_strings(CL_lib_error_code, CL_str_reasons);
+#endif
+
+#ifdef CL_LIB_NAME
+ CL_lib_name->error = ERR_PACK(CL_lib_error_code, 0, 0);
+ ERR_load_strings(0, CL_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_CL_strings(void)
+{
+ if (CL_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(CL_lib_error_code, CL_str_functs);
+ ERR_unload_strings(CL_lib_error_code, CL_str_reasons);
+#endif
+
+#ifdef CL_LIB_NAME
+ ERR_unload_strings(0, CL_lib_name);
+#endif
+ CL_error_init = 1;
+ }
+}
+
+static void ERR_CL_error(int function, int reason, char *file, int line)
+{
+ if (CL_lib_error_code == 0)
+ CL_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(CL_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.h
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/cluster_labs/hw_cluster_labs_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,99 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_CL_ERR_H
-#define HEADER_CL_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_CL_strings(void);
-static void ERR_unload_CL_strings(void);
-static void ERR_CL_error(int function, int reason, char *file, int line);
-#define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the CL functions. */
-
-/* Function codes. */
-#define CL_F_CLUSTER_LABS_CTRL 100
-#define CL_F_CLUSTER_LABS_DSA_SIGN 101
-#define CL_F_CLUSTER_LABS_DSA_VERIFY 102
-#define CL_F_CLUSTER_LABS_FINISH 103
-#define CL_F_CLUSTER_LABS_INIT 104
-#define CL_F_CLUSTER_LABS_MOD_EXP 105
-#define CL_F_CLUSTER_LABS_MOD_EXP_CRT 106
-#define CL_F_CLUSTER_LABS_RAND_BYTES 107
-#define CL_F_CLUSTER_LABS_RSA_MOD_EXP 108
-#define CL_F_CLUSTER_LABS_RSA_PRIV_DEC 109
-#define CL_F_CLUSTER_LABS_RSA_PRIV_ENC 110
-#define CL_F_CLUSTER_LABS_RSA_PUB_DEC 111
-#define CL_F_CLUSTER_LABS_RSA_PUB_ENC 112
-
-/* Reason codes. */
-#define CL_R_ALREADY_LOADED 100
-#define CL_R_COMMAND_NOT_IMPLEMENTED 101
-#define CL_R_DSO_FAILURE 102
-#define CL_R_FUNCTION_NOT_BINDED 103
-#define CL_R_INIT_FAILED 104
-#define CL_R_NOT_LOADED 105
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.h (from rev 6976, vendor-crypto/openssl/dist/demos/engines/cluster_labs/hw_cluster_labs_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/cluster_labs/hw_cluster_labs_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,100 @@
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_CL_ERR_H
+# define HEADER_CL_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CL_strings(void);
+static void ERR_unload_CL_strings(void);
+static void ERR_CL_error(int function, int reason, char *file, int line);
+# define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the CL functions. */
+
+/* Function codes. */
+# define CL_F_CLUSTER_LABS_CTRL 100
+# define CL_F_CLUSTER_LABS_DSA_SIGN 101
+# define CL_F_CLUSTER_LABS_DSA_VERIFY 102
+# define CL_F_CLUSTER_LABS_FINISH 103
+# define CL_F_CLUSTER_LABS_INIT 104
+# define CL_F_CLUSTER_LABS_MOD_EXP 105
+# define CL_F_CLUSTER_LABS_MOD_EXP_CRT 106
+# define CL_F_CLUSTER_LABS_RAND_BYTES 107
+# define CL_F_CLUSTER_LABS_RSA_MOD_EXP 108
+# define CL_F_CLUSTER_LABS_RSA_PRIV_DEC 109
+# define CL_F_CLUSTER_LABS_RSA_PRIV_ENC 110
+# define CL_F_CLUSTER_LABS_RSA_PUB_DEC 111
+# define CL_F_CLUSTER_LABS_RSA_PUB_ENC 112
+
+/* Reason codes. */
+# define CL_R_ALREADY_LOADED 100
+# define CL_R_COMMAND_NOT_IMPLEMENTED 101
+# define CL_R_DSO_FAILURE 102
+# define CL_R_FUNCTION_NOT_BINDED 103
+# define CL_R_INIT_FAILED 104
+# define CL_R_NOT_LOADED 105
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca.c
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/ibmca/hw_ibmca.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,920 +0,0 @@
-/* crypto/engine/hw_ibmca.c */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* (C) COPYRIGHT International Business Machines Corp. 2001 */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_IBMCA
-
-#ifdef FLAT_INC
-#include "ica_openssl_api.h"
-#else
-#include "vendor_defns/ica_openssl_api.h"
-#endif
-
-#define IBMCA_LIB_NAME "ibmca engine"
-#include "hw_ibmca_err.c"
-
-static int ibmca_destroy(ENGINE *e);
-static int ibmca_init(ENGINE *e);
-static int ibmca_finish(ENGINE *e);
-static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
-
-static const char *IBMCA_F1 = "icaOpenAdapter";
-static const char *IBMCA_F2 = "icaCloseAdapter";
-static const char *IBMCA_F3 = "icaRsaModExpo";
-static const char *IBMCA_F4 = "icaRandomNumberGenerate";
-static const char *IBMCA_F5 = "icaRsaCrt";
-
-ICA_ADAPTER_HANDLE handle=0;
-
-/* BIGNUM stuff */
-static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-
-static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
- const BIGNUM *iqmp, BN_CTX *ctx);
-
-#ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
-#endif
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
-#ifndef OPENSSL_NO_DSA
-/* DSA stuff */
-static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
-static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int ibmca_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* RAND stuff */
-static int ibmca_rand_bytes(unsigned char *buf, int num);
-static int ibmca_rand_status(void);
-
-
-/* WJH - check for more commands, like in nuron */
-
-/* The definitions for control commands specific to this engine */
-#define IBMCA_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = {
- {IBMCA_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'atasi' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD ibmca_rsa =
- {
- "Ibmca RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- ibmca_rsa_mod_exp,
- ibmca_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD ibmca_dsa =
- {
- "Ibmca DSA method",
- NULL, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- NULL, /* dsa_do_verify */
- ibmca_dsa_mod_exp, /* dsa_mod_exp */
- ibmca_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL /* app_data */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD ibmca_dh =
- {
- "Ibmca DH method",
- NULL,
- NULL,
- ibmca_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL
- };
-#endif
-
-static RAND_METHOD ibmca_rand =
- {
- /* "IBMCA RAND method", */
- NULL,
- ibmca_rand_bytes,
- NULL,
- NULL,
- ibmca_rand_bytes,
- ibmca_rand_status,
- };
-
-/* Constants used when creating the ENGINE */
-static const char *engine_ibmca_id = "ibmca";
-static const char *engine_ibmca_name = "Ibmca hardware engine support";
-
-/* This internal function is used by ENGINE_ibmca() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
- if(!ENGINE_set_id(e, engine_ibmca_id) ||
- !ENGINE_set_name(e, engine_ibmca_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &ibmca_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &ibmca_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &ibmca_dh) ||
-#endif
- !ENGINE_set_RAND(e, &ibmca_rand) ||
- !ENGINE_set_destroy_function(e, ibmca_destroy) ||
- !ENGINE_set_init_function(e, ibmca_init) ||
- !ENGINE_set_finish_function(e, ibmca_finish) ||
- !ENGINE_set_ctrl_function(e, ibmca_ctrl) ||
- !ENGINE_set_cmd_defns(e, ibmca_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the ibmca-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2 = DSA_OpenSSL();
- ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign;
- ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
- ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- ibmca_dh.generate_key = meth3->generate_key;
- ibmca_dh.compute_key = meth3->compute_key;
-#endif
-
- /* Ensure the ibmca error handling is set up */
- ERR_load_IBMCA_strings();
- return 1;
- }
-
-static ENGINE *engine_ibmca(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static
-#endif
-void ENGINE_load_ibmca(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_ibmca();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-
-/* Destructor (complements the "ENGINE_ibmca()" constructor) */
-static int ibmca_destroy(ENGINE *e)
- {
- /* Unload the ibmca error strings so any error state including our
- * functs or reasons won't lead to a segfault (they simply get displayed
- * without corresponding string data because none will be found). */
- ERR_unload_IBMCA_strings();
- return 1;
- }
-
-
-/* This is a process-global DSO handle used for loading and unloading
- * the Ibmca library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-
-static DSO *ibmca_dso = NULL;
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-
-static unsigned int (ICA_CALL *p_icaOpenAdapter)();
-static unsigned int (ICA_CALL *p_icaCloseAdapter)();
-static unsigned int (ICA_CALL *p_icaRsaModExpo)();
-static unsigned int (ICA_CALL *p_icaRandomNumberGenerate)();
-static unsigned int (ICA_CALL *p_icaRsaCrt)();
-
-/* utility function to obtain a context */
-static int get_context(ICA_ADAPTER_HANDLE *p_handle)
- {
- unsigned int status=0;
-
- status = p_icaOpenAdapter(0, p_handle);
- if(status != 0)
- return 0;
- return 1;
- }
-
-/* similarly to release one. */
-static void release_context(ICA_ADAPTER_HANDLE handle)
- {
- p_icaCloseAdapter(handle);
- }
-
-/* (de)initialisation functions. */
-static int ibmca_init(ENGINE *e)
- {
-
- void (*p1)();
- void (*p2)();
- void (*p3)();
- void (*p4)();
- void (*p5)();
-
- if(ibmca_dso != NULL)
- {
- IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
- * changed unfortunately because the Ibmca drivers don't have
- * standard library names that can be platform-translated well. */
- /* TODO: Work out how to actually map to the names the Ibmca
- * drivers really use - for now a symbollic link needs to be
- * created on the host system from libatasi.so to atasi.so on
- * unix variants. */
-
- /* WJH XXX check name translation */
-
- ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL,
- /* DSO_FLAG_NAME_TRANSLATION */ 0);
- if(ibmca_dso == NULL)
- {
- IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);
- goto err;
- }
-
- if(!(p1 = DSO_bind_func(
- ibmca_dso, IBMCA_F1)) ||
- !(p2 = DSO_bind_func(
- ibmca_dso, IBMCA_F2)) ||
- !(p3 = DSO_bind_func(
- ibmca_dso, IBMCA_F3)) ||
- !(p4 = DSO_bind_func(
- ibmca_dso, IBMCA_F4)) ||
- !(p5 = DSO_bind_func(
- ibmca_dso, IBMCA_F5)))
- {
- IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);
- goto err;
- }
-
- /* Copy the pointers */
-
- p_icaOpenAdapter = (unsigned int (ICA_CALL *)())p1;
- p_icaCloseAdapter = (unsigned int (ICA_CALL *)())p2;
- p_icaRsaModExpo = (unsigned int (ICA_CALL *)())p3;
- p_icaRandomNumberGenerate = (unsigned int (ICA_CALL *)())p4;
- p_icaRsaCrt = (unsigned int (ICA_CALL *)())p5;
-
- if(!get_context(&handle))
- {
- IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_UNIT_FAILURE);
- goto err;
- }
-
- return 1;
- err:
- if(ibmca_dso)
- DSO_free(ibmca_dso);
-
- p_icaOpenAdapter = NULL;
- p_icaCloseAdapter = NULL;
- p_icaRsaModExpo = NULL;
- p_icaRandomNumberGenerate = NULL;
-
- return 0;
- }
-
-static int ibmca_finish(ENGINE *e)
- {
- if(ibmca_dso == NULL)
- {
- IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_NOT_LOADED);
- return 0;
- }
- release_context(handle);
- if(!DSO_free(ibmca_dso))
- {
- IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_DSO_FAILURE);
- return 0;
- }
- ibmca_dso = NULL;
-
- return 1;
- }
-
-static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
- {
- int initialised = ((ibmca_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case IBMCA_CMD_SO_PATH:
- if(p == NULL)
- {
- IBMCAerr(IBMCA_F_IBMCA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_ALREADY_LOADED);
- return 0;
- }
- IBMCA_LIBNAME = (const char *)p;
- return 1;
- default:
- break;
- }
- IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-
-static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- /* I need somewhere to store temporary serialised values for
- * use with the Ibmca API calls. A neat cheat - I'll use
- * BIGNUMs from the BN_CTX but access their arrays directly as
- * byte arrays <grin>. This way I don't have to clean anything
- * up. */
-
- BIGNUM *argument=NULL;
- BIGNUM *result=NULL;
- BIGNUM *key=NULL;
- int to_return;
- int inLen, outLen, tmpLen;
-
-
- ICA_KEY_RSA_MODEXPO *publKey=NULL;
- unsigned int rc;
-
- to_return = 0; /* expect failure */
-
- if(!ibmca_dso)
- {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_NOT_LOADED);
- goto err;
- }
- /* Prepare the params */
- BN_CTX_start(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- key = BN_CTX_get(ctx);
-
- if( !argument || !result || !key)
- {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_CTX_FULL);
- goto err;
- }
-
-
- if(!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||
- !bn_wexpand(key, sizeof(*publKey)/BN_BYTES))
-
- {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- publKey = (ICA_KEY_RSA_MODEXPO *)key->d;
-
- if (publKey == NULL)
- {
- goto err;
- }
- memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));
-
- publKey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE);
- publKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));
- publKey->expOffset = (char *) publKey->keyRecord - (char *) publKey;
-
- /* A quirk of the card: the exponent length has to be the same
- as the modulus (key) length */
-
- outLen = BN_num_bytes(m);
-
-/* check for modulus length SAB*/
- if (outLen > 256 ) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_MEXP_LENGTH_TO_LARGE);
- goto err;
- }
-/* check for modulus length SAB*/
-
-
- publKey->expLength = publKey->nLength = outLen;
-/* SAB Check for underflow condition
- the size of the exponent is less than the size of the parameter
- then we have a big problem and will underflow the keyRecord
- buffer. Bad stuff could happen then
-*/
-if (outLen < BN_num_bytes(p)){
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_UNDERFLOW_KEYRECORD);
- goto err;
-}
-/* SAB End check for underflow */
-
-
- BN_bn2bin(p, &publKey->keyRecord[publKey->expLength -
- BN_num_bytes(p)]);
- BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);
-
-
-
- publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8);
- publKey->nOffset = CORRECT_ENDIANNESS(publKey->expOffset +
- publKey->expLength);
-
- publKey->expOffset = CORRECT_ENDIANNESS((char *) publKey->keyRecord -
- (char *) publKey);
-
- tmpLen = outLen;
- publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);
-
- /* Prepare the argument */
-
- memset(argument->d, 0, outLen);
- BN_bn2bin(a, (unsigned char *)argument->d + outLen -
- BN_num_bytes(a));
-
- inLen = outLen;
-
- /* Perform the operation */
-
- if( (rc = p_icaRsaModExpo(handle, inLen,(unsigned char *)argument->d,
- publKey, &outLen, (unsigned char *)result->d))
- !=0 )
-
- {
- printf("rc = %d\n", rc);
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_REQUEST_FAILED);
- goto err;
- }
-
-
- /* Convert the response */
- BN_bin2bn((unsigned char *)result->d, outLen, r);
- to_return = 1;
- err:
- BN_CTX_end(ctx);
- return to_return;
- }
-
-#ifndef OPENSSL_NO_RSA
-static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
- {
- BN_CTX *ctx;
- int to_return = 0;
-
- if((ctx = BN_CTX_new()) == NULL)
- goto err;
- if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- if(!rsa->d || !rsa->n)
- {
- IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP,
- IBMCA_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
- to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx);
- }
- else
- {
- to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
- rsa->dmq1, rsa->iqmp, ctx);
- }
- err:
- if(ctx)
- BN_CTX_free(ctx);
- return to_return;
- }
-#endif
-
-/* Ein kleines chinesisches "Restessen" */
-static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1,
- const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
- {
-
- BIGNUM *argument = NULL;
- BIGNUM *result = NULL;
- BIGNUM *key = NULL;
-
- int to_return = 0; /* expect failure */
-
- char *pkey=NULL;
- ICA_KEY_RSA_CRT *privKey=NULL;
- int inLen, outLen;
-
- int rc;
- unsigned int offset, pSize, qSize;
-/* SAB New variables */
- unsigned int keyRecordSize;
- unsigned int pbytes = BN_num_bytes(p);
- unsigned int qbytes = BN_num_bytes(q);
- unsigned int dmp1bytes = BN_num_bytes(dmp1);
- unsigned int dmq1bytes = BN_num_bytes(dmq1);
- unsigned int iqmpbytes = BN_num_bytes(iqmp);
-
- /* Prepare the params */
-
- BN_CTX_start(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- key = BN_CTX_get(ctx);
-
- if(!argument || !result || !key)
- {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_CTX_FULL);
- goto err;
- }
-
- if(!bn_wexpand(argument, p->top + q->top) ||
- !bn_wexpand(result, p->top + q->top) ||
- !bn_wexpand(key, sizeof(*privKey)/BN_BYTES ))
- {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_EXPAND_FAIL);
- goto err;
- }
-
-
- privKey = (ICA_KEY_RSA_CRT *)key->d;
-/* SAB Add check for total size in bytes of the parms does not exceed
- the buffer space we have
- do this first
-*/
- keyRecordSize = pbytes+qbytes+dmp1bytes+dmq1bytes+iqmpbytes;
- if ( keyRecordSize > sizeof(privKey->keyRecord )) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
- goto err;
- }
-
- if ( (qbytes + dmq1bytes) > 256 ){
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
- goto err;
- }
-
- if ( pbytes + dmp1bytes > 256 ) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
- goto err;
- }
-
-/* end SAB additions */
-
- memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));
- privKey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE);
- privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));
- privKey->modulusBitLength =
- CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);
-
- /*
- * p,dp & qInv are 1 QWORD Larger
- */
- privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p)+8);
- privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));
- privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1)+8);
- privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));
- privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp)+8);
-
- offset = (char *) privKey->keyRecord
- - (char *) privKey;
-
- qSize = BN_num_bytes(q);
- pSize = qSize + 8; /* 1 QWORD larger */
-
-
-/* SAB probably aittle redundant, but we'll verify that each of the
- components which make up a key record sent ot the card does not exceed
- the space that is allocated for it. this handles the case where even if
- the total length does not exceed keyrecord zied, if the operands are funny sized
-they could cause potential side affects on either the card or the result */
-
- if ( (pbytes > pSize) || (dmp1bytes > pSize) ||
- (iqmpbytes > pSize) || ( qbytes >qSize) ||
- (dmq1bytes > qSize) ) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
- goto err;
-
- }
-
-
- privKey->dpOffset = CORRECT_ENDIANNESS(offset);
-
- offset += pSize;
- privKey->dqOffset = CORRECT_ENDIANNESS(offset);
-
- offset += qSize;
- privKey->pOffset = CORRECT_ENDIANNESS(offset);
-
- offset += pSize;
- privKey->qOffset = CORRECT_ENDIANNESS(offset);
-
- offset += qSize;
- privKey->qInvOffset = CORRECT_ENDIANNESS(offset);
-
- pkey = (char *) privKey->keyRecord;
-
-
-/* SAB first check that we don;t under flow the buffer */
- if ( pSize < pbytes ) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);
- goto err;
- }
-
- /* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */
- pkey += pSize - BN_num_bytes(dmp1);
- BN_bn2bin(dmp1, pkey);
- pkey += BN_num_bytes(dmp1); /* move the pointer */
-
- BN_bn2bin(dmq1, pkey); /* Copy over dmq1 */
-
- pkey += qSize; /* move pointer */
- pkey += pSize - BN_num_bytes(p); /* set up for zero padding of next field */
-
- BN_bn2bin(p, pkey);
- pkey += BN_num_bytes(p); /* increment pointer by number of bytes moved */
-
- BN_bn2bin(q, pkey);
- pkey += qSize ; /* move the pointer */
- pkey += pSize - BN_num_bytes(iqmp); /* Adjust for padding */
- BN_bn2bin(iqmp, pkey);
-
- /* Prepare the argument and response */
-
- outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2; /* Correct endianess is used
- because the fields were converted above */
-
- if (outLen > 256) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OUTLEN_TO_LARGE);
- goto err;
- }
-
- /* SAB check for underflow here on the argeument */
- if ( outLen < BN_num_bytes(a)) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_UNDERFLOW_CONDITION);
- goto err;
- }
-
- BN_bn2bin(a, (unsigned char *)argument->d + outLen -
- BN_num_bytes(a));
- inLen = outLen;
-
- memset(result->d, 0, outLen);
-
- /* Perform the operation */
-
- if ( (rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d,
- privKey, &outLen, (unsigned char *)result->d)) != 0)
- {
- printf("rc = %d\n", rc);
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_REQUEST_FAILED);
- goto err;
- }
-
- /* Convert the response */
-
- BN_bin2bn((unsigned char *)result->d, outLen, r);
- to_return = 1;
-
- err:
- BN_CTX_end(ctx);
- return to_return;
-
- }
-
-#ifndef OPENSSL_NO_DSA
-/* This code was liberated and adapted from the commented-out code in
- * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration
- * (it doesn't have a CRT form for RSA), this function means that an
- * Ibmca system running with a DSA server certificate can handshake
- * around 5 or 6 times faster/more than an equivalent system running with
- * RSA. Just check out the "signs" statistics from the RSA and DSA parts
- * of "openssl speed -engine ibmca dsa1024 rsa1024". */
-static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!ibmca_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!ibmca_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
- end:
- BN_free(&t);
- return to_return;
- }
-
-
-static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return ibmca_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return ibmca_mod_exp(r, a, p, m, ctx);
- }
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return ibmca_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* Random bytes are good */
-static int ibmca_rand_bytes(unsigned char *buf, int num)
- {
- int to_return = 0; /* assume failure */
- unsigned int ret;
-
-
- if(handle == 0)
- {
- IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_NOT_INITIALISED);
- goto err;
- }
-
- ret = p_icaRandomNumberGenerate(handle, num, buf);
- if (ret < 0)
- {
- IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_REQUEST_FAILED);
- goto err;
- }
- to_return = 1;
- err:
- return to_return;
- }
-
-static int ibmca_rand_status(void)
- {
- return 1;
- }
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_ibmca_id) != 0)) /* WJH XXX */
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
-
-
-#endif /* !OPENSSL_NO_HW_IBMCA */
-#endif /* !OPENSSL_NO_HW */
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca.c (from rev 6976, vendor-crypto/openssl/dist/demos/engines/ibmca/hw_ibmca.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,900 @@
+/* crypto/engine/hw_ibmca.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* (C) COPYRIGHT International Business Machines Corp. 2001 */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_IBMCA
+
+# ifdef FLAT_INC
+# include "ica_openssl_api.h"
+# else
+# include "vendor_defns/ica_openssl_api.h"
+# endif
+
+# define IBMCA_LIB_NAME "ibmca engine"
+# include "hw_ibmca_err.c"
+
+static int ibmca_destroy(ENGINE *e);
+static int ibmca_init(ENGINE *e);
+static int ibmca_finish(ENGINE *e);
+static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ());
+
+static const char *IBMCA_F1 = "icaOpenAdapter";
+static const char *IBMCA_F2 = "icaCloseAdapter";
+static const char *IBMCA_F3 = "icaRsaModExpo";
+static const char *IBMCA_F4 = "icaRandomNumberGenerate";
+static const char *IBMCA_F5 = "icaRsaCrt";
+
+ICA_ADAPTER_HANDLE handle = 0;
+
+/* BIGNUM stuff */
+static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp,
+ BN_CTX *ctx);
+
+# ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+# endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+
+# ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int ibmca_mod_exp_dh(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+# endif
+
+/* RAND stuff */
+static int ibmca_rand_bytes(unsigned char *buf, int num);
+static int ibmca_rand_status(void);
+
+/* WJH - check for more commands, like in nuron */
+
+/* The definitions for control commands specific to this engine */
+# define IBMCA_CMD_SO_PATH ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = {
+ {IBMCA_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'atasi' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD ibmca_rsa = {
+ "Ibmca RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ ibmca_rsa_mod_exp,
+ ibmca_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD ibmca_dsa = {
+ "Ibmca DSA method",
+ NULL, /* dsa_do_sign */
+ NULL, /* dsa_sign_setup */
+ NULL, /* dsa_do_verify */
+ ibmca_dsa_mod_exp, /* dsa_mod_exp */
+ ibmca_mod_exp_dsa, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL /* app_data */
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD ibmca_dh = {
+ "Ibmca DH method",
+ NULL,
+ NULL,
+ ibmca_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL
+};
+# endif
+
+static RAND_METHOD ibmca_rand = {
+ /* "IBMCA RAND method", */
+ NULL,
+ ibmca_rand_bytes,
+ NULL,
+ NULL,
+ ibmca_rand_bytes,
+ ibmca_rand_status,
+};
+
+/* Constants used when creating the ENGINE */
+static const char *engine_ibmca_id = "ibmca";
+static const char *engine_ibmca_name = "Ibmca hardware engine support";
+
+/*
+ * This internal function is used by ENGINE_ibmca() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DSA
+ const DSA_METHOD *meth2;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth3;
+# endif
+ if (!ENGINE_set_id(e, engine_ibmca_id) ||
+ !ENGINE_set_name(e, engine_ibmca_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &ibmca_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &ibmca_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &ibmca_dh) ||
+# endif
+ !ENGINE_set_RAND(e, &ibmca_rand) ||
+ !ENGINE_set_destroy_function(e, ibmca_destroy) ||
+ !ENGINE_set_init_function(e, ibmca_init) ||
+ !ENGINE_set_finish_function(e, ibmca_finish) ||
+ !ENGINE_set_ctrl_function(e, ibmca_ctrl) ||
+ !ENGINE_set_cmd_defns(e, ibmca_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * ibmca-specific mod_exp and mod_exp_crt so we use those functions. NB:
+ * We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ /*
+ * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
+ */
+ meth2 = DSA_OpenSSL();
+ ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign;
+ ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+ ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify;
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth3 = DH_OpenSSL();
+ ibmca_dh.generate_key = meth3->generate_key;
+ ibmca_dh.compute_key = meth3->compute_key;
+# endif
+
+ /* Ensure the ibmca error handling is set up */
+ ERR_load_IBMCA_strings();
+ return 1;
+}
+
+static ENGINE *engine_ibmca(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+# ifdef ENGINE_DYNAMIC_SUPPORT
+static
+# endif
+void ENGINE_load_ibmca(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_ibmca();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+
+/* Destructor (complements the "ENGINE_ibmca()" constructor) */
+static int ibmca_destroy(ENGINE *e)
+{
+ /*
+ * Unload the ibmca error strings so any error state including our functs
+ * or reasons won't lead to a segfault (they simply get displayed without
+ * corresponding string data because none will be found).
+ */
+ ERR_unload_IBMCA_strings();
+ return 1;
+}
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * Ibmca library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
+
+static DSO *ibmca_dso = NULL;
+
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
+
+static unsigned int (ICA_CALL * p_icaOpenAdapter) ();
+static unsigned int (ICA_CALL * p_icaCloseAdapter) ();
+static unsigned int (ICA_CALL * p_icaRsaModExpo) ();
+static unsigned int (ICA_CALL * p_icaRandomNumberGenerate) ();
+static unsigned int (ICA_CALL * p_icaRsaCrt) ();
+
+/* utility function to obtain a context */
+static int get_context(ICA_ADAPTER_HANDLE * p_handle)
+{
+ unsigned int status = 0;
+
+ status = p_icaOpenAdapter(0, p_handle);
+ if (status != 0)
+ return 0;
+ return 1;
+}
+
+/* similarly to release one. */
+static void release_context(ICA_ADAPTER_HANDLE handle)
+{
+ p_icaCloseAdapter(handle);
+}
+
+/* (de)initialisation functions. */
+static int ibmca_init(ENGINE *e)
+{
+
+ void (*p1) ();
+ void (*p2) ();
+ void (*p3) ();
+ void (*p4) ();
+ void (*p5) ();
+
+ if (ibmca_dso != NULL) {
+ IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_ALREADY_LOADED);
+ goto err;
+ }
+ /*
+ * Attempt to load libatasi.so/atasi.dll/whatever. Needs to be changed
+ * unfortunately because the Ibmca drivers don't have standard library
+ * names that can be platform-translated well.
+ */
+ /*
+ * TODO: Work out how to actually map to the names the Ibmca drivers
+ * really use - for now a symbollic link needs to be created on the host
+ * system from libatasi.so to atasi.so on unix variants.
+ */
+
+ /* WJH XXX check name translation */
+
+ ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL,
+ /*
+ * DSO_FLAG_NAME_TRANSLATION
+ */ 0);
+ if (ibmca_dso == NULL) {
+ IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_DSO_FAILURE);
+ goto err;
+ }
+
+ if (!(p1 = DSO_bind_func(ibmca_dso, IBMCA_F1)) ||
+ !(p2 = DSO_bind_func(ibmca_dso, IBMCA_F2)) ||
+ !(p3 = DSO_bind_func(ibmca_dso, IBMCA_F3)) ||
+ !(p4 = DSO_bind_func(ibmca_dso, IBMCA_F4)) ||
+ !(p5 = DSO_bind_func(ibmca_dso, IBMCA_F5))) {
+ IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_DSO_FAILURE);
+ goto err;
+ }
+
+ /* Copy the pointers */
+
+ p_icaOpenAdapter = (unsigned int (ICA_CALL *) ())p1;
+ p_icaCloseAdapter = (unsigned int (ICA_CALL *) ())p2;
+ p_icaRsaModExpo = (unsigned int (ICA_CALL *) ())p3;
+ p_icaRandomNumberGenerate = (unsigned int (ICA_CALL *) ())p4;
+ p_icaRsaCrt = (unsigned int (ICA_CALL *) ())p5;
+
+ if (!get_context(&handle)) {
+ IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_UNIT_FAILURE);
+ goto err;
+ }
+
+ return 1;
+ err:
+ if (ibmca_dso)
+ DSO_free(ibmca_dso);
+
+ p_icaOpenAdapter = NULL;
+ p_icaCloseAdapter = NULL;
+ p_icaRsaModExpo = NULL;
+ p_icaRandomNumberGenerate = NULL;
+
+ return 0;
+}
+
+static int ibmca_finish(ENGINE *e)
+{
+ if (ibmca_dso == NULL) {
+ IBMCAerr(IBMCA_F_IBMCA_FINISH, IBMCA_R_NOT_LOADED);
+ return 0;
+ }
+ release_context(handle);
+ if (!DSO_free(ibmca_dso)) {
+ IBMCAerr(IBMCA_F_IBMCA_FINISH, IBMCA_R_DSO_FAILURE);
+ return 0;
+ }
+ ibmca_dso = NULL;
+
+ return 1;
+}
+
+static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ())
+{
+ int initialised = ((ibmca_dso == NULL) ? 0 : 1);
+ switch (cmd) {
+ case IBMCA_CMD_SO_PATH:
+ if (p == NULL) {
+ IBMCAerr(IBMCA_F_IBMCA_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ IBMCAerr(IBMCA_F_IBMCA_CTRL, IBMCA_R_ALREADY_LOADED);
+ return 0;
+ }
+ IBMCA_LIBNAME = (const char *)p;
+ return 1;
+ default:
+ break;
+ }
+ IBMCAerr(IBMCA_F_IBMCA_CTRL, IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
+
+static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ /*
+ * I need somewhere to store temporary serialised values for use with the
+ * Ibmca API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX but
+ * access their arrays directly as byte arrays <grin>. This way I don't
+ * have to clean anything up.
+ */
+
+ BIGNUM *argument = NULL;
+ BIGNUM *result = NULL;
+ BIGNUM *key = NULL;
+ int to_return;
+ int inLen, outLen, tmpLen;
+
+ ICA_KEY_RSA_MODEXPO *publKey = NULL;
+ unsigned int rc;
+
+ to_return = 0; /* expect failure */
+
+ if (!ibmca_dso) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_NOT_LOADED);
+ goto err;
+ }
+ /* Prepare the params */
+ BN_CTX_start(ctx);
+ argument = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ key = BN_CTX_get(ctx);
+
+ if (!argument || !result || !key) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_BN_CTX_FULL);
+ goto err;
+ }
+
+ if (!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||
+ !bn_wexpand(key, sizeof(*publKey) / BN_BYTES)) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
+ publKey = (ICA_KEY_RSA_MODEXPO *)key->d;
+
+ if (publKey == NULL) {
+ goto err;
+ }
+ memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));
+
+ publKey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE);
+ publKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));
+ publKey->expOffset = (char *)publKey->keyRecord - (char *)publKey;
+
+ /*
+ * A quirk of the card: the exponent length has to be the same as the
+ * modulus (key) length
+ */
+
+ outLen = BN_num_bytes(m);
+
+/* check for modulus length SAB*/
+ if (outLen > 256) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_MEXP_LENGTH_TO_LARGE);
+ goto err;
+ }
+/* check for modulus length SAB*/
+
+ publKey->expLength = publKey->nLength = outLen;
+ /*
+ * SAB Check for underflow condition the size of the exponent is less
+ * than the size of the parameter then we have a big problem and will
+ * underflow the keyRecord buffer. Bad stuff could happen then
+ */
+ if (outLen < BN_num_bytes(p)) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_UNDERFLOW_KEYRECORD);
+ goto err;
+ }
+/* SAB End check for underflow */
+
+ BN_bn2bin(p, &publKey->keyRecord[publKey->expLength - BN_num_bytes(p)]);
+ BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);
+
+ publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8);
+ publKey->nOffset = CORRECT_ENDIANNESS(publKey->expOffset +
+ publKey->expLength);
+
+ publKey->expOffset = CORRECT_ENDIANNESS((char *)publKey->keyRecord -
+ (char *)publKey);
+
+ tmpLen = outLen;
+ publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);
+
+ /* Prepare the argument */
+
+ memset(argument->d, 0, outLen);
+ BN_bn2bin(a, (unsigned char *)argument->d + outLen - BN_num_bytes(a));
+
+ inLen = outLen;
+
+ /* Perform the operation */
+
+ if ((rc = p_icaRsaModExpo(handle, inLen, (unsigned char *)argument->d,
+ publKey, &outLen, (unsigned char *)result->d))
+ != 0) {
+ printf("rc = %d\n", rc);
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP, IBMCA_R_REQUEST_FAILED);
+ goto err;
+ }
+
+ /* Convert the response */
+ BN_bin2bn((unsigned char *)result->d, outLen, r);
+ to_return = 1;
+ err:
+ BN_CTX_end(ctx);
+ return to_return;
+}
+
+# ifndef OPENSSL_NO_RSA
+static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+ BN_CTX *ctx;
+ int to_return = 0;
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ if (!rsa->d || !rsa->n) {
+ IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP,
+ IBMCA_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+ to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+ } else {
+ to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+ rsa->dmq1, rsa->iqmp, ctx);
+ }
+ err:
+ if (ctx)
+ BN_CTX_free(ctx);
+ return to_return;
+}
+# endif
+
+/* Ein kleines chinesisches "Restessen" */
+static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp,
+ BN_CTX *ctx)
+{
+
+ BIGNUM *argument = NULL;
+ BIGNUM *result = NULL;
+ BIGNUM *key = NULL;
+
+ int to_return = 0; /* expect failure */
+
+ char *pkey = NULL;
+ ICA_KEY_RSA_CRT *privKey = NULL;
+ int inLen, outLen;
+
+ int rc;
+ unsigned int offset, pSize, qSize;
+/* SAB New variables */
+ unsigned int keyRecordSize;
+ unsigned int pbytes = BN_num_bytes(p);
+ unsigned int qbytes = BN_num_bytes(q);
+ unsigned int dmp1bytes = BN_num_bytes(dmp1);
+ unsigned int dmq1bytes = BN_num_bytes(dmq1);
+ unsigned int iqmpbytes = BN_num_bytes(iqmp);
+
+ /* Prepare the params */
+
+ BN_CTX_start(ctx);
+ argument = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ key = BN_CTX_get(ctx);
+
+ if (!argument || !result || !key) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_BN_CTX_FULL);
+ goto err;
+ }
+
+ if (!bn_wexpand(argument, p->top + q->top) ||
+ !bn_wexpand(result, p->top + q->top) ||
+ !bn_wexpand(key, sizeof(*privKey) / BN_BYTES)) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
+ privKey = (ICA_KEY_RSA_CRT *)key->d;
+ /*
+ * SAB Add check for total size in bytes of the parms does not exceed the
+ * buffer space we have do this first
+ */
+ keyRecordSize = pbytes + qbytes + dmp1bytes + dmq1bytes + iqmpbytes;
+ if (keyRecordSize > sizeof(privKey->keyRecord)) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
+ goto err;
+ }
+
+ if ((qbytes + dmq1bytes) > 256) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
+ goto err;
+ }
+
+ if (pbytes + dmp1bytes > 256) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
+ goto err;
+ }
+
+/* end SAB additions */
+
+ memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));
+ privKey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE);
+ privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));
+ privKey->modulusBitLength = CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);
+
+ /*
+ * p,dp & qInv are 1 QWORD Larger
+ */
+ privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p) + 8);
+ privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));
+ privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1) + 8);
+ privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));
+ privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp) + 8);
+
+ offset = (char *)privKey->keyRecord - (char *)privKey;
+
+ qSize = BN_num_bytes(q);
+ pSize = qSize + 8; /* 1 QWORD larger */
+
+ /*
+ * SAB probably aittle redundant, but we'll verify that each of the
+ * components which make up a key record sent ot the card does not exceed
+ * the space that is allocated for it. this handles the case where even
+ * if the total length does not exceed keyrecord zied, if the operands are
+ * funny sized they could cause potential side affects on either the card
+ * or the result
+ */
+
+ if ((pbytes > pSize) || (dmp1bytes > pSize) ||
+ (iqmpbytes > pSize) || (qbytes > qSize) || (dmq1bytes > qSize)) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
+ goto err;
+
+ }
+
+ privKey->dpOffset = CORRECT_ENDIANNESS(offset);
+
+ offset += pSize;
+ privKey->dqOffset = CORRECT_ENDIANNESS(offset);
+
+ offset += qSize;
+ privKey->pOffset = CORRECT_ENDIANNESS(offset);
+
+ offset += pSize;
+ privKey->qOffset = CORRECT_ENDIANNESS(offset);
+
+ offset += qSize;
+ privKey->qInvOffset = CORRECT_ENDIANNESS(offset);
+
+ pkey = (char *)privKey->keyRecord;
+
+/* SAB first check that we don;t under flow the buffer */
+ if (pSize < pbytes) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);
+ goto err;
+ }
+
+ /* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */
+ pkey += pSize - BN_num_bytes(dmp1);
+ BN_bn2bin(dmp1, pkey);
+ pkey += BN_num_bytes(dmp1); /* move the pointer */
+
+ BN_bn2bin(dmq1, pkey); /* Copy over dmq1 */
+
+ pkey += qSize; /* move pointer */
+ /* set up for zero padding of next field */
+ pkey += pSize - BN_num_bytes(p);
+
+ BN_bn2bin(p, pkey);
+ /* increment pointer by number of bytes moved */
+ pkey += BN_num_bytes(p);
+
+ BN_bn2bin(q, pkey);
+ pkey += qSize; /* move the pointer */
+ pkey += pSize - BN_num_bytes(iqmp); /* Adjust for padding */
+ BN_bn2bin(iqmp, pkey);
+
+ /* Prepare the argument and response */
+
+ /*
+ * Correct endianess is used because the fields were converted above
+ */
+ outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2;
+
+ if (outLen > 256) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OUTLEN_TO_LARGE);
+ goto err;
+ }
+
+ /* SAB check for underflow here on the argeument */
+ if (outLen < BN_num_bytes(a)) {
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);
+ goto err;
+ }
+
+ BN_bn2bin(a, (unsigned char *)argument->d + outLen - BN_num_bytes(a));
+ inLen = outLen;
+
+ memset(result->d, 0, outLen);
+
+ /* Perform the operation */
+
+ if ((rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d,
+ privKey, &outLen, (unsigned char *)result->d)) != 0)
+ {
+ printf("rc = %d\n", rc);
+ IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_REQUEST_FAILED);
+ goto err;
+ }
+
+ /* Convert the response */
+
+ BN_bin2bn((unsigned char *)result->d, outLen, r);
+ to_return = 1;
+
+ err:
+ BN_CTX_end(ctx);
+ return to_return;
+
+}
+
+# ifndef OPENSSL_NO_DSA
+/*
+ * This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration (it
+ * doesn't have a CRT form for RSA), this function means that an Ibmca system
+ * running with a DSA server certificate can handshake around 5 or 6 times
+ * faster/more than an equivalent system running with RSA. Just check out the
+ * "signs" statistics from the RSA and DSA parts of "openssl speed -engine
+ * ibmca dsa1024 rsa1024".
+ */
+static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ BIGNUM t;
+ int to_return = 0;
+
+ BN_init(&t);
+ /* let rr = a1 ^ p1 mod m */
+ if (!ibmca_mod_exp(rr, a1, p1, m, ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!ibmca_mod_exp(&t, a2, p2, m, ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr, rr, &t, m, ctx))
+ goto end;
+ to_return = 1;
+ end:
+ BN_free(&t);
+ return to_return;
+}
+
+static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return ibmca_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return ibmca_mod_exp(r, a, p, m, ctx);
+}
+
+# ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return ibmca_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+/* Random bytes are good */
+static int ibmca_rand_bytes(unsigned char *buf, int num)
+{
+ int to_return = 0; /* assume failure */
+ unsigned int ret;
+
+ if (handle == 0) {
+ IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES, IBMCA_R_NOT_INITIALISED);
+ goto err;
+ }
+
+ ret = p_icaRandomNumberGenerate(handle, num, buf);
+ if (ret < 0) {
+ IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES, IBMCA_R_REQUEST_FAILED);
+ goto err;
+ }
+ to_return = 1;
+ err:
+ return to_return;
+}
+
+static int ibmca_rand_status(void)
+{
+ return 1;
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_ibmca_id) != 0)) /* WJH XXX */
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* ENGINE_DYNAMIC_SUPPORT */
+# endif /* !OPENSSL_NO_HW_IBMCA */
+#endif /* !OPENSSL_NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.c
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/ibmca/hw_ibmca_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,154 +0,0 @@
-/* hw_ibmca_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "hw_ibmca_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA IBMCA_str_functs[]=
- {
-{ERR_PACK(0,IBMCA_F_IBMCA_CTRL,0), "IBMCA_CTRL"},
-{ERR_PACK(0,IBMCA_F_IBMCA_FINISH,0), "IBMCA_FINISH"},
-{ERR_PACK(0,IBMCA_F_IBMCA_INIT,0), "IBMCA_INIT"},
-{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP,0), "IBMCA_MOD_EXP"},
-{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP_CRT,0), "IBMCA_MOD_EXP_CRT"},
-{ERR_PACK(0,IBMCA_F_IBMCA_RAND_BYTES,0), "IBMCA_RAND_BYTES"},
-{ERR_PACK(0,IBMCA_F_IBMCA_RSA_MOD_EXP,0), "IBMCA_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA IBMCA_str_reasons[]=
- {
-{IBMCA_R_ALREADY_LOADED ,"already loaded"},
-{IBMCA_R_BN_CTX_FULL ,"bn ctx full"},
-{IBMCA_R_BN_EXPAND_FAIL ,"bn expand fail"},
-{IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
-{IBMCA_R_DSO_FAILURE ,"dso failure"},
-{IBMCA_R_MEXP_LENGTH_TO_LARGE ,"mexp length to large"},
-{IBMCA_R_MISSING_KEY_COMPONENTS ,"missing key components"},
-{IBMCA_R_NOT_INITIALISED ,"not initialised"},
-{IBMCA_R_NOT_LOADED ,"not loaded"},
-{IBMCA_R_OPERANDS_TO_LARGE ,"operands to large"},
-{IBMCA_R_OUTLEN_TO_LARGE ,"outlen to large"},
-{IBMCA_R_REQUEST_FAILED ,"request failed"},
-{IBMCA_R_UNDERFLOW_CONDITION ,"underflow condition"},
-{IBMCA_R_UNDERFLOW_KEYRECORD ,"underflow keyrecord"},
-{IBMCA_R_UNIT_FAILURE ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef IBMCA_LIB_NAME
-static ERR_STRING_DATA IBMCA_lib_name[]=
- {
-{0 ,IBMCA_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int IBMCA_lib_error_code=0;
-static int IBMCA_error_init=1;
-
-static void ERR_load_IBMCA_strings(void)
- {
- if (IBMCA_lib_error_code == 0)
- IBMCA_lib_error_code=ERR_get_next_error_library();
-
- if (IBMCA_error_init)
- {
- IBMCA_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_functs);
- ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
-#endif
-
-#ifdef IBMCA_LIB_NAME
- IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code,0,0);
- ERR_load_strings(0,IBMCA_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_IBMCA_strings(void)
- {
- if (IBMCA_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_functs);
- ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
-#endif
-
-#ifdef IBMCA_LIB_NAME
- ERR_unload_strings(0,IBMCA_lib_name);
-#endif
- IBMCA_error_init=1;
- }
- }
-
-static void ERR_IBMCA_error(int function, int reason, char *file, int line)
- {
- if (IBMCA_lib_error_code == 0)
- IBMCA_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(IBMCA_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.c (from rev 6976, vendor-crypto/openssl/dist/demos/engines/ibmca/hw_ibmca_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,149 @@
+/* hw_ibmca_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_ibmca_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA IBMCA_str_functs[] = {
+ {ERR_PACK(0, IBMCA_F_IBMCA_CTRL, 0), "IBMCA_CTRL"},
+ {ERR_PACK(0, IBMCA_F_IBMCA_FINISH, 0), "IBMCA_FINISH"},
+ {ERR_PACK(0, IBMCA_F_IBMCA_INIT, 0), "IBMCA_INIT"},
+ {ERR_PACK(0, IBMCA_F_IBMCA_MOD_EXP, 0), "IBMCA_MOD_EXP"},
+ {ERR_PACK(0, IBMCA_F_IBMCA_MOD_EXP_CRT, 0), "IBMCA_MOD_EXP_CRT"},
+ {ERR_PACK(0, IBMCA_F_IBMCA_RAND_BYTES, 0), "IBMCA_RAND_BYTES"},
+ {ERR_PACK(0, IBMCA_F_IBMCA_RSA_MOD_EXP, 0), "IBMCA_RSA_MOD_EXP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA IBMCA_str_reasons[] = {
+ {IBMCA_R_ALREADY_LOADED, "already loaded"},
+ {IBMCA_R_BN_CTX_FULL, "bn ctx full"},
+ {IBMCA_R_BN_EXPAND_FAIL, "bn expand fail"},
+ {IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctrl command not implemented"},
+ {IBMCA_R_DSO_FAILURE, "dso failure"},
+ {IBMCA_R_MEXP_LENGTH_TO_LARGE, "mexp length to large"},
+ {IBMCA_R_MISSING_KEY_COMPONENTS, "missing key components"},
+ {IBMCA_R_NOT_INITIALISED, "not initialised"},
+ {IBMCA_R_NOT_LOADED, "not loaded"},
+ {IBMCA_R_OPERANDS_TO_LARGE, "operands to large"},
+ {IBMCA_R_OUTLEN_TO_LARGE, "outlen to large"},
+ {IBMCA_R_REQUEST_FAILED, "request failed"},
+ {IBMCA_R_UNDERFLOW_CONDITION, "underflow condition"},
+ {IBMCA_R_UNDERFLOW_KEYRECORD, "underflow keyrecord"},
+ {IBMCA_R_UNIT_FAILURE, "unit failure"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef IBMCA_LIB_NAME
+static ERR_STRING_DATA IBMCA_lib_name[] = {
+ {0, IBMCA_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int IBMCA_lib_error_code = 0;
+static int IBMCA_error_init = 1;
+
+static void ERR_load_IBMCA_strings(void)
+{
+ if (IBMCA_lib_error_code == 0)
+ IBMCA_lib_error_code = ERR_get_next_error_library();
+
+ if (IBMCA_error_init) {
+ IBMCA_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(IBMCA_lib_error_code, IBMCA_str_functs);
+ ERR_load_strings(IBMCA_lib_error_code, IBMCA_str_reasons);
+#endif
+
+#ifdef IBMCA_LIB_NAME
+ IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code, 0, 0);
+ ERR_load_strings(0, IBMCA_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_IBMCA_strings(void)
+{
+ if (IBMCA_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(IBMCA_lib_error_code, IBMCA_str_functs);
+ ERR_unload_strings(IBMCA_lib_error_code, IBMCA_str_reasons);
+#endif
+
+#ifdef IBMCA_LIB_NAME
+ ERR_unload_strings(0, IBMCA_lib_name);
+#endif
+ IBMCA_error_init = 1;
+ }
+}
+
+static void ERR_IBMCA_error(int function, int reason, char *file, int line)
+{
+ if (IBMCA_lib_error_code == 0)
+ IBMCA_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(IBMCA_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.h
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/ibmca/hw_ibmca_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,102 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_IBMCA_ERR_H
-#define HEADER_IBMCA_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_IBMCA_strings(void);
-static void ERR_unload_IBMCA_strings(void);
-static void ERR_IBMCA_error(int function, int reason, char *file, int line);
-#define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the IBMCA functions. */
-
-/* Function codes. */
-#define IBMCA_F_IBMCA_CTRL 100
-#define IBMCA_F_IBMCA_FINISH 101
-#define IBMCA_F_IBMCA_INIT 102
-#define IBMCA_F_IBMCA_MOD_EXP 103
-#define IBMCA_F_IBMCA_MOD_EXP_CRT 104
-#define IBMCA_F_IBMCA_RAND_BYTES 105
-#define IBMCA_F_IBMCA_RSA_MOD_EXP 106
-
-/* Reason codes. */
-#define IBMCA_R_ALREADY_LOADED 100
-#define IBMCA_R_BN_CTX_FULL 101
-#define IBMCA_R_BN_EXPAND_FAIL 102
-#define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define IBMCA_R_DSO_FAILURE 104
-#define IBMCA_R_MEXP_LENGTH_TO_LARGE 105
-#define IBMCA_R_MISSING_KEY_COMPONENTS 106
-#define IBMCA_R_NOT_INITIALISED 107
-#define IBMCA_R_NOT_LOADED 108
-#define IBMCA_R_OPERANDS_TO_LARGE 109
-#define IBMCA_R_OUTLEN_TO_LARGE 110
-#define IBMCA_R_REQUEST_FAILED 111
-#define IBMCA_R_UNDERFLOW_CONDITION 112
-#define IBMCA_R_UNDERFLOW_KEYRECORD 113
-#define IBMCA_R_UNIT_FAILURE 114
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.h (from rev 6976, vendor-crypto/openssl/dist/demos/engines/ibmca/hw_ibmca_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/hw_ibmca_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,103 @@
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_IBMCA_ERR_H
+# define HEADER_IBMCA_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_IBMCA_strings(void);
+static void ERR_unload_IBMCA_strings(void);
+static void ERR_IBMCA_error(int function, int reason, char *file, int line);
+# define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the IBMCA functions. */
+
+/* Function codes. */
+# define IBMCA_F_IBMCA_CTRL 100
+# define IBMCA_F_IBMCA_FINISH 101
+# define IBMCA_F_IBMCA_INIT 102
+# define IBMCA_F_IBMCA_MOD_EXP 103
+# define IBMCA_F_IBMCA_MOD_EXP_CRT 104
+# define IBMCA_F_IBMCA_RAND_BYTES 105
+# define IBMCA_F_IBMCA_RSA_MOD_EXP 106
+
+/* Reason codes. */
+# define IBMCA_R_ALREADY_LOADED 100
+# define IBMCA_R_BN_CTX_FULL 101
+# define IBMCA_R_BN_EXPAND_FAIL 102
+# define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
+# define IBMCA_R_DSO_FAILURE 104
+# define IBMCA_R_MEXP_LENGTH_TO_LARGE 105
+# define IBMCA_R_MISSING_KEY_COMPONENTS 106
+# define IBMCA_R_NOT_INITIALISED 107
+# define IBMCA_R_NOT_LOADED 108
+# define IBMCA_R_OPERANDS_TO_LARGE 109
+# define IBMCA_R_OUTLEN_TO_LARGE 110
+# define IBMCA_R_REQUEST_FAILED 111
+# define IBMCA_R_UNDERFLOW_CONDITION 112
+# define IBMCA_R_UNDERFLOW_KEYRECORD 113
+# define IBMCA_R_UNIT_FAILURE 114
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/ica_openssl_api.h
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/ibmca/ica_openssl_api.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/ica_openssl_api.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,189 +0,0 @@
-
-#ifndef __ICA_OPENSSL_API_H__
-#define __ICA_OPENSSL_API_H__
-
-/**
- ** abstract data types for API
- **/
-
-#define ICA_ADAPTER_HANDLE int
-
-#if defined(linux) || defined (_AIX)
-#define ICA_CALL
-#endif
-
-#if defined(WIN32) || defined(_WIN32)
-#define ICA_CALL __stdcall
-#endif
-
-/*------------------------------------------------*
- | RSA defines and typedefs |
- *------------------------------------------------*/
- /*
- * All data elements of the RSA key are in big-endian format
- * Modulus-Exponent form of key
- *
- */
- #define MAX_EXP_SIZE 256
- #define MAX_MODULUS_SIZE 256
- #define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
-
- #define MAX_OPERAND_SIZE MAX_EXP_SIZE
-
- typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
- /*
- * All data elements of the RSA key are in big-endian format
- * Chinese Remainder Thereom(CRT) form of key
- * Used only for Decrypt, the encrypt form is typically Modulus-Exponent
- *
- */
- #define MAX_BP_SIZE 136
- #define MAX_BQ_SIZE 128
- #define MAX_NP_SIZE 136
- #define MAX_NQ_SIZE 128
- #define MAX_QINV_SIZE 136
- #define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
-
-#define RSA_GEN_OPERAND_MAX 256 /* bytes */
-
-typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
-/*------------------------------------------------*
- | RSA key token types |
- *------------------------------------------------*/
-
-#define RSA_PUBLIC_MODULUS_EXPONENT 3
-#define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
-
-#define KEYTYPE_MODEXPO 1
-#define KEYTYPE_PKCSCRT 2
-
-
-/*------------------------------------------------*
- | RSA Key Token format |
- *------------------------------------------------*/
-
-/*
- * NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
- * (lengths, offsets, exponents, modulus, etc.) are
- * stored in big-endian format
- */
-
-typedef struct _ICA_KEY_RSA_MODEXPO
-{ unsigned int keyType; /* RSA key type. */
- unsigned int keyLength; /* Total length of the token. */
- unsigned int modulusBitLength; /* Modulus n bit length. */
- /* -- Start of the data length.*/
- unsigned int nLength; /* Modulus n = p * q */
- unsigned int expLength; /* exponent (public or private)*/
- /* e = 1/d * mod(p-1)(q-1) */
- /* -- Start of the data offsets*/
- unsigned int nOffset; /* Modulus n . */
- unsigned int expOffset; /* exponent (public or private)*/
- unsigned char reserved[112]; /* reserved area */
- /* -- Start of the variable -- */
- /* -- length token data. -- */
- ICA_KEY_RSA_MODEXPO_REC keyRecord;
-} ICA_KEY_RSA_MODEXPO;
-#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
-
-/*
- * NOTE: All the fields in the ICA_KEY_RSA_CRT structure
- * (lengths, offsets, exponents, modulus, etc.) are
- * stored in big-endian format
- */
-
-typedef struct _ICA_KEY_RSA_CRT
-{ unsigned int keyType; /* RSA key type. */
- unsigned int keyLength; /* Total length of the token. */
- unsigned int modulusBitLength; /* Modulus n bit length. */
- /* -- Start of the data length.*/
-#if _AIX
- unsigned int nLength; /* Modulus n = p * q */
-#endif
- unsigned int pLength; /* Prime number p . */
- unsigned int qLength; /* Prime number q . */
- unsigned int dpLength; /* dp = d * mod(p-1) . */
- unsigned int dqLength; /* dq = d * mod(q-1) . */
- unsigned int qInvLength; /* PKCS: qInv = Ap/q */
- /* -- Start of the data offsets*/
-#if _AIX
- unsigned int nOffset; /* Modulus n . */
-#endif
- unsigned int pOffset; /* Prime number p . */
- unsigned int qOffset; /* Prime number q . */
- unsigned int dpOffset; /* dp . */
- unsigned int dqOffset; /* dq . */
- unsigned int qInvOffset; /* qInv for PKCS */
-#if _AIX
- unsigned char reserved[80]; /* reserved area */
-#else
- unsigned char reserved[88]; /* reserved area */
-#endif
- /* -- Start of the variable -- */
- /* -- length token data. -- */
- ICA_KEY_RSA_CRT_REC keyRecord;
-} ICA_KEY_RSA_CRT;
-#define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
-
-unsigned int
-icaOpenAdapter( unsigned int adapterId,
- ICA_ADAPTER_HANDLE *pAdapterHandle );
-
-unsigned int
-icaCloseAdapter( ICA_ADAPTER_HANDLE adapterHandle );
-
-unsigned int
-icaRsaModExpo( ICA_ADAPTER_HANDLE hAdapterHandle,
- unsigned int inputDataLength,
- unsigned char *pInputData,
- ICA_KEY_RSA_MODEXPO *pKeyModExpo,
- unsigned int *pOutputDataLength,
- unsigned char *pOutputData );
-
-unsigned int
-icaRsaCrt( ICA_ADAPTER_HANDLE hAdapterHandle,
- unsigned int inputDataLength,
- unsigned char *pInputData,
- ICA_KEY_RSA_CRT *pKeyCrt,
- unsigned int *pOutputDataLength,
- unsigned char *pOutputData );
-
-unsigned int
-icaRandomNumberGenerate( ICA_ADAPTER_HANDLE hAdapterHandle,
- unsigned int outputDataLength,
- unsigned char *pOutputData );
-
-/* Specific macros and definitions to not have IFDEF;s all over the
- main code */
-
-#if (_AIX)
-static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
-#elif (WIN32)
-static const char *IBMCA_LIBNAME = "cryptica";
-#else
-static const char *IBMCA_LIBNAME = "ica";
-#endif
-
-#if (WIN32)
-/*
- The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and
- offsets must be in big-endian format.
-
-*/
-#define CORRECT_ENDIANNESS(b) ( \
- (((unsigned long) (b) & 0x000000ff) << 24) | \
- (((unsigned long) (b) & 0x0000ff00) << 8) | \
- (((unsigned long) (b) & 0x00ff0000) >> 8) | \
- (((unsigned long) (b) & 0xff000000) >> 24) \
- )
-#define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
-#define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
-#else
-#define CORRECT_ENDIANNESS(b) (b)
-#define CRT_KEY_TYPE KEYTYPE_PKCSCRT
-#define ME_KEY_TYPE KEYTYPE_MODEXPO
-#endif
-
-
-
-#endif /* __ICA_OPENSSL_API_H__ */
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/ica_openssl_api.h (from rev 6976, vendor-crypto/openssl/dist/demos/engines/ibmca/ica_openssl_api.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/ica_openssl_api.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/ibmca/ica_openssl_api.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,183 @@
+
+#ifndef __ICA_OPENSSL_API_H__
+# define __ICA_OPENSSL_API_H__
+
+/**
+ ** abstract data types for API
+ **/
+
+# define ICA_ADAPTER_HANDLE int
+
+# if defined(linux) || defined (_AIX)
+# define ICA_CALL
+# endif
+
+# if defined(WIN32) || defined(_WIN32)
+# define ICA_CALL __stdcall
+# endif
+
+/* -----------------------------------------------*
+ | RSA defines and typedefs |
+ *------------------------------------------------*/
+ /*
+ * All data elements of the RSA key are in big-endian format
+ * Modulus-Exponent form of key
+ *
+ */
+# define MAX_EXP_SIZE 256
+# define MAX_MODULUS_SIZE 256
+# define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
+
+# define MAX_OPERAND_SIZE MAX_EXP_SIZE
+
+typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
+ /*
+ * All data elements of the RSA key are in big-endian format
+ * Chinese Remainder Thereom(CRT) form of key
+ * Used only for Decrypt, the encrypt form is typically Modulus-Exponent
+ *
+ */
+# define MAX_BP_SIZE 136
+# define MAX_BQ_SIZE 128
+# define MAX_NP_SIZE 136
+# define MAX_NQ_SIZE 128
+# define MAX_QINV_SIZE 136
+# define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
+
+# define RSA_GEN_OPERAND_MAX 256/* bytes */
+
+typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
+/* -----------------------------------------------*
+ | RSA key token types |
+ *------------------------------------------------*/
+
+# define RSA_PUBLIC_MODULUS_EXPONENT 3
+# define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
+
+# define KEYTYPE_MODEXPO 1
+# define KEYTYPE_PKCSCRT 2
+
+/* -----------------------------------------------*
+ | RSA Key Token format |
+ *------------------------------------------------*/
+
+/*-
+ * NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
+ * (lengths, offsets, exponents, modulus, etc.) are
+ * stored in big-endian format
+ */
+
+typedef struct _ICA_KEY_RSA_MODEXPO {
+ unsigned int keyType; /* RSA key type. */
+ unsigned int keyLength; /* Total length of the token. */
+ unsigned int modulusBitLength; /* Modulus n bit length. */
+ /* -- Start of the data length. */
+ unsigned int nLength; /* Modulus n = p * q */
+ unsigned int expLength; /* exponent (public or private) */
+ /* e = 1/d * mod(p-1)(q-1) */
+ /* -- Start of the data offsets */
+ unsigned int nOffset; /* Modulus n . */
+ unsigned int expOffset; /* exponent (public or private) */
+ unsigned char reserved[112]; /* reserved area */
+ /* -- Start of the variable -- */
+ /* -- length token data. -- */
+ ICA_KEY_RSA_MODEXPO_REC keyRecord;
+} ICA_KEY_RSA_MODEXPO;
+# define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
+
+/*-
+ * NOTE: All the fields in the ICA_KEY_RSA_CRT structure
+ * (lengths, offsets, exponents, modulus, etc.) are
+ * stored in big-endian format
+ */
+
+typedef struct _ICA_KEY_RSA_CRT {
+ unsigned int keyType; /* RSA key type. */
+ unsigned int keyLength; /* Total length of the token. */
+ unsigned int modulusBitLength; /* Modulus n bit length. */
+ /* -- Start of the data length. */
+# if _AIX
+ unsigned int nLength; /* Modulus n = p * q */
+# endif
+ unsigned int pLength; /* Prime number p . */
+ unsigned int qLength; /* Prime number q . */
+ unsigned int dpLength; /* dp = d * mod(p-1) . */
+ unsigned int dqLength; /* dq = d * mod(q-1) . */
+ unsigned int qInvLength; /* PKCS: qInv = Ap/q */
+ /* -- Start of the data offsets */
+# if _AIX
+ unsigned int nOffset; /* Modulus n . */
+# endif
+ unsigned int pOffset; /* Prime number p . */
+ unsigned int qOffset; /* Prime number q . */
+ unsigned int dpOffset; /* dp . */
+ unsigned int dqOffset; /* dq . */
+ unsigned int qInvOffset; /* qInv for PKCS */
+# if _AIX
+ unsigned char reserved[80]; /* reserved area */
+# else
+ unsigned char reserved[88]; /* reserved area */
+# endif
+ /* -- Start of the variable -- */
+ /* -- length token data. -- */
+ ICA_KEY_RSA_CRT_REC keyRecord;
+} ICA_KEY_RSA_CRT;
+# define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
+
+unsigned int
+icaOpenAdapter(unsigned int adapterId, ICA_ADAPTER_HANDLE * pAdapterHandle);
+
+unsigned int icaCloseAdapter(ICA_ADAPTER_HANDLE adapterHandle);
+
+unsigned int
+icaRsaModExpo(ICA_ADAPTER_HANDLE hAdapterHandle,
+ unsigned int inputDataLength,
+ unsigned char *pInputData,
+ ICA_KEY_RSA_MODEXPO *pKeyModExpo,
+ unsigned int *pOutputDataLength, unsigned char *pOutputData);
+
+unsigned int
+icaRsaCrt(ICA_ADAPTER_HANDLE hAdapterHandle,
+ unsigned int inputDataLength,
+ unsigned char *pInputData,
+ ICA_KEY_RSA_CRT *pKeyCrt,
+ unsigned int *pOutputDataLength, unsigned char *pOutputData);
+
+unsigned int
+icaRandomNumberGenerate(ICA_ADAPTER_HANDLE hAdapterHandle,
+ unsigned int outputDataLength,
+ unsigned char *pOutputData);
+
+/*
+ * Specific macros and definitions to not have IFDEF;s all over the main code
+ */
+
+# if (_AIX)
+static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
+# elif (WIN32)
+static const char *IBMCA_LIBNAME = "cryptica";
+# else
+static const char *IBMCA_LIBNAME = "ica";
+# endif
+
+# if (WIN32)
+/*
+ * The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and offsets must be in
+ * big-endian format.
+ *
+ */
+# define CORRECT_ENDIANNESS(b) ( \
+ (((unsigned long) (b) & 0x000000ff) << 24) | \
+ (((unsigned long) (b) & 0x0000ff00) << 8) | \
+ (((unsigned long) (b) & 0x00ff0000) >> 8) | \
+ (((unsigned long) (b) & 0xff000000) >> 24) \
+ )
+# define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
+# define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
+# else
+# define CORRECT_ENDIANNESS(b) (b)
+# define CRT_KEY_TYPE KEYTYPE_PKCSCRT
+# define ME_KEY_TYPE KEYTYPE_MODEXPO
+# endif
+
+#endif /* __ICA_OPENSSL_API_H__ */
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref.c
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/rsaref/rsaref.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,685 +0,0 @@
-/* Demo of how to construct your own engine and using it. The basis of this
- engine is RSAref, an old reference of the RSA algorithm which can still
- be found a little here and there. */
-
-#include <stdio.h>
-#include <string.h>
-#include "./source/global.h"
-#include "./source/rsaref.h"
-#include "./source/rsa.h"
-#include "./source/des.h"
-#include <openssl/err.h>
-#define OPENSSL_NO_MD2
-#define OPENSSL_NO_MD5
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/engine.h>
-
-#define RSAREF_LIB_NAME "rsaref engine"
-#include "rsaref_err.c"
-
-/*****************************************************************************
- *** Function declarations and global variable definitions ***
- *****************************************************************************/
-
-/*****************************************************************************
- * Constants used when creating the ENGINE
- **/
-static const char *engine_rsaref_id = "rsaref";
-static const char *engine_rsaref_name = "RSAref engine support";
-
-/*****************************************************************************
- * Functions to handle the engine
- **/
-static int rsaref_destroy(ENGINE *e);
-static int rsaref_init(ENGINE *e);
-static int rsaref_finish(ENGINE *e);
-#if 0
-static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
-#endif
-
-/*****************************************************************************
- * Engine commands
- **/
-static const ENGINE_CMD_DEFN rsaref_cmd_defns[] = {
- {0, NULL, NULL, 0}
- };
-
-/*****************************************************************************
- * RSA functions
- **/
-static int rsaref_private_decrypt(int len, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int rsaref_private_encrypt(int len, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int rsaref_public_encrypt(int len, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int rsaref_public_decrypt(int len, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int bnref_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
-
-/*****************************************************************************
- * Our RSA method
- **/
-static RSA_METHOD rsaref_rsa =
-{
- "RSAref PKCS#1 RSA",
- rsaref_public_encrypt,
- rsaref_public_decrypt,
- rsaref_private_encrypt,
- rsaref_private_decrypt,
- rsaref_mod_exp,
- bnref_mod_exp,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL
-};
-
-/*****************************************************************************
- * Symetric cipher and digest function registrars
- **/
-static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid);
-static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid);
-
-static int rsaref_cipher_nids[] =
- { NID_des_cbc, NID_des_ede3_cbc, NID_desx_cbc, 0 };
-static int rsaref_digest_nids[] =
- { NID_md2, NID_md5, 0 };
-
-/*****************************************************************************
- * DES functions
- **/
-static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl);
-static int cipher_des_cbc_clean(EVP_CIPHER_CTX *);
-static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl);
-static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *);
-static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc);
-static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl);
-static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *);
-
-/*****************************************************************************
- * Our DES ciphers
- **/
-static const EVP_CIPHER cipher_des_cbc =
- {
- NID_des_cbc,
- 8, 8, 8,
- 0 | EVP_CIPH_CBC_MODE,
- cipher_des_cbc_init,
- cipher_des_cbc_code,
- cipher_des_cbc_clean,
- sizeof(DES_CBC_CTX),
- NULL,
- NULL,
- NULL,
- NULL
- };
-
-static const EVP_CIPHER cipher_des_ede3_cbc =
- {
- NID_des_ede3_cbc,
- 8, 24, 8,
- 0 | EVP_CIPH_CBC_MODE,
- cipher_des_ede3_cbc_init,
- cipher_des_ede3_cbc_code,
- cipher_des_ede3_cbc_clean,
- sizeof(DES3_CBC_CTX),
- NULL,
- NULL,
- NULL,
- NULL
- };
-
-static const EVP_CIPHER cipher_desx_cbc =
- {
- NID_desx_cbc,
- 8, 24, 8,
- 0 | EVP_CIPH_CBC_MODE,
- cipher_desx_cbc_init,
- cipher_desx_cbc_code,
- cipher_desx_cbc_clean,
- sizeof(DESX_CBC_CTX),
- NULL,
- NULL,
- NULL,
- NULL
- };
-
-/*****************************************************************************
- * MD functions
- **/
-static int digest_md2_init(EVP_MD_CTX *ctx);
-static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,
- unsigned long count);
-static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md);
-static int digest_md5_init(EVP_MD_CTX *ctx);
-static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,
- unsigned long count);
-static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md);
-
-/*****************************************************************************
- * Our MD digests
- **/
-static const EVP_MD digest_md2 =
- {
- NID_md2,
- NID_md2WithRSAEncryption,
- 16,
- 0,
- digest_md2_init,
- digest_md2_update,
- digest_md2_final,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- 16,
- sizeof(MD2_CTX)
- };
-
-static const EVP_MD digest_md5 =
- {
- NID_md5,
- NID_md5WithRSAEncryption,
- 16,
- 0,
- digest_md5_init,
- digest_md5_update,
- digest_md5_final,
- NULL,
- NULL,
- EVP_PKEY_RSA_method,
- 64,
- sizeof(MD5_CTX)
- };
-
-/*****************************************************************************
- *** Function definitions ***
- *****************************************************************************/
-
-/*****************************************************************************
- * Functions to handle the engine
- **/
-
-static int bind_rsaref(ENGINE *e)
- {
- const RSA_METHOD *meth1;
- if(!ENGINE_set_id(e, engine_rsaref_id)
- || !ENGINE_set_name(e, engine_rsaref_name)
- || !ENGINE_set_RSA(e, &rsaref_rsa)
- || !ENGINE_set_ciphers(e, rsaref_ciphers)
- || !ENGINE_set_digests(e, rsaref_digests)
- || !ENGINE_set_destroy_function(e, rsaref_destroy)
- || !ENGINE_set_init_function(e, rsaref_init)
- || !ENGINE_set_finish_function(e, rsaref_finish)
- /* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */
- /* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns) */)
- return 0;
-
- /* Ensure the rsaref error handling is set up */
- ERR_load_RSAREF_strings();
- return 1;
- }
-
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int bind_helper(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_rsaref_id) != 0))
- return 0;
- if(!bind_rsaref(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-#else
-static ENGINE *engine_rsaref(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_rsaref(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_rsaref(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_rsaref();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* Initiator which is only present to make sure this engine looks available */
-static int rsaref_init(ENGINE *e)
- {
- return 1;
- }
-
-/* Finisher which is only present to make sure this engine looks available */
-static int rsaref_finish(ENGINE *e)
- {
- return 1;
- }
-
-/* Destructor (complements the "ENGINE_ncipher()" constructor) */
-static int rsaref_destroy(ENGINE *e)
- {
- ERR_unload_RSAREF_strings();
- return 1;
- }
-
-/*****************************************************************************
- * RSA functions
- **/
-
-static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
- {
- RSAREFerr(RSAREF_F_RSAREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
-
-static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- RSAREFerr(RSAREF_F_BNREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
-
-/* unsigned char *to: [max] */
-static int RSAref_bn2bin(BIGNUM *from, unsigned char *to, int max)
- {
- int i;
-
- i=BN_num_bytes(from);
- if (i > max)
- {
- RSAREFerr(RSAREF_F_RSAREF_BN2BIN,RSAREF_R_LEN);
- return(0);
- }
-
- memset(to,0,(unsigned int)max);
- if (!BN_bn2bin(from,&(to[max-i])))
- return(0);
- return(1);
- }
-
-#ifdef undef
-/* unsigned char *from: [max] */
-static BIGNUM *RSAref_bin2bn(unsigned char *from, BIGNUM *to, int max)
- {
- int i;
- BIGNUM *ret;
-
- for (i=0; i<max; i++)
- if (from[i]) break;
-
- ret=BN_bin2bn(&(from[i]),max-i,to);
- return(ret);
- }
-
-static int RSAref_Public_ref2eay(RSArefPublicKey *from, RSA *to)
- {
- to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN);
- to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN);
- if ((to->n == NULL) || (to->e == NULL)) return(0);
- return(1);
- }
-#endif
-
-static int RSAref_Public_eay2ref(RSA *from, R_RSA_PUBLIC_KEY *to)
- {
- to->bits=BN_num_bits(from->n);
- if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);
- if (!RSAref_bn2bin(from->e,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);
- return(1);
- }
-
-#ifdef undef
-static int RSAref_Private_ref2eay(RSArefPrivateKey *from, RSA *to)
- {
- if ((to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN)) == NULL)
- return(0);
- if ((to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN)) == NULL)
- return(0);
- if ((to->d=RSAref_bin2bn(from->d,NULL,RSAref_MAX_LEN)) == NULL)
- return(0);
- if ((to->p=RSAref_bin2bn(from->prime[0],NULL,RSAref_MAX_PLEN)) == NULL)
- return(0);
- if ((to->q=RSAref_bin2bn(from->prime[1],NULL,RSAref_MAX_PLEN)) == NULL)
- return(0);
- if ((to->dmp1=RSAref_bin2bn(from->pexp[0],NULL,RSAref_MAX_PLEN))
- == NULL)
- return(0);
- if ((to->dmq1=RSAref_bin2bn(from->pexp[1],NULL,RSAref_MAX_PLEN))
- == NULL)
- return(0);
- if ((to->iqmp=RSAref_bin2bn(from->coef,NULL,RSAref_MAX_PLEN)) == NULL)
- return(0);
- return(1);
- }
-#endif
-
-static int RSAref_Private_eay2ref(RSA *from, R_RSA_PRIVATE_KEY *to)
- {
- to->bits=BN_num_bits(from->n);
- if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);
- if (!RSAref_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN)) return(0);
- if (!RSAref_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);
- if (!RSAref_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN)) return(0);
- if (!RSAref_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN)) return(0);
- if (!RSAref_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN)) return(0);
- if (!RSAref_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN)) return(0);
- if (!RSAref_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN)) return(0);
- return(1);
- }
-
-static int rsaref_private_decrypt(int len, const unsigned char *from, unsigned char *to,
- RSA *rsa, int padding)
- {
- int i,outlen= -1;
- R_RSA_PRIVATE_KEY RSAkey;
-
- if (!RSAref_Private_eay2ref(rsa,&RSAkey))
- goto err;
- if ((i=RSAPrivateDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
- {
- RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT,i);
- outlen= -1;
- }
-err:
- memset(&RSAkey,0,sizeof(RSAkey));
- return(outlen);
- }
-
-static int rsaref_private_encrypt(int len, const unsigned char *from, unsigned char *to,
- RSA *rsa, int padding)
- {
- int i,outlen= -1;
- R_RSA_PRIVATE_KEY RSAkey;
-
- if (padding != RSA_PKCS1_PADDING)
- {
- RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
- if (!RSAref_Private_eay2ref(rsa,&RSAkey))
- goto err;
- if ((i=RSAPrivateEncrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
- {
- RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,i);
- outlen= -1;
- }
-err:
- memset(&RSAkey,0,sizeof(RSAkey));
- return(outlen);
- }
-
-static int rsaref_public_decrypt(int len, const unsigned char *from, unsigned char *to,
- RSA *rsa, int padding)
- {
- int i,outlen= -1;
- R_RSA_PUBLIC_KEY RSAkey;
-
- if (!RSAref_Public_eay2ref(rsa,&RSAkey))
- goto err;
- if ((i=RSAPublicDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
- {
- RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT,i);
- outlen= -1;
- }
-err:
- memset(&RSAkey,0,sizeof(RSAkey));
- return(outlen);
- }
-
-static int rsaref_public_encrypt(int len, const unsigned char *from, unsigned char *to,
- RSA *rsa, int padding)
- {
- int outlen= -1;
- int i;
- R_RSA_PUBLIC_KEY RSAkey;
- R_RANDOM_STRUCT rnd;
- unsigned char buf[16];
-
- if (padding != RSA_PKCS1_PADDING && padding != RSA_SSLV23_PADDING)
- {
- RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
-
- R_RandomInit(&rnd);
- R_GetRandomBytesNeeded((unsigned int *)&i,&rnd);
- while (i > 0)
- {
- if (RAND_bytes(buf,16) <= 0)
- goto err;
- R_RandomUpdate(&rnd,buf,(unsigned int)((i>16)?16:i));
- i-=16;
- }
-
- if (!RSAref_Public_eay2ref(rsa,&RSAkey))
- goto err;
- if ((i=RSAPublicEncrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0)
- {
- RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT,i);
- outlen= -1;
- goto err;
- }
-err:
- memset(&RSAkey,0,sizeof(RSAkey));
- R_RandomFinal(&rnd);
- memset(&rnd,0,sizeof(rnd));
- return(outlen);
- }
-
-/*****************************************************************************
- * Symetric cipher and digest function registrars
- **/
-static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
- const int **nids, int nid)
- {
- int ok = 1;
- if(!cipher)
- {
- /* We are returning a list of supported nids */
- *nids = rsaref_cipher_nids;
- return (sizeof(rsaref_cipher_nids)-1)/sizeof(rsaref_cipher_nids[0]);
- }
- /* We are being asked for a specific cipher */
- switch (nid)
- {
- case NID_des_cbc:
- *cipher = &cipher_des_cbc; break;
- case NID_des_ede3_cbc:
- *cipher = &cipher_des_ede3_cbc; break;
- case NID_desx_cbc:
- *cipher = &cipher_desx_cbc; break;
- default:
- ok = 0;
- *cipher = NULL;
- break;
- }
- return ok;
- }
-static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
- const int **nids, int nid)
- {
- int ok = 1;
- if(!digest)
- {
- /* We are returning a list of supported nids */
- *nids = rsaref_digest_nids;
- return (sizeof(rsaref_digest_nids)-1)/sizeof(rsaref_digest_nids[0]);
- }
- /* We are being asked for a specific digest */
- switch (nid)
- {
- case NID_md2:
- *digest = &digest_md2; break;
- case NID_md5:
- *digest = &digest_md5; break;
- default:
- ok = 0;
- *digest = NULL;
- break;
- }
- return ok;
- }
-
-/*****************************************************************************
- * DES functions
- **/
-#undef data
-#define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data)
-static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
- return 1;
- }
-static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
- int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
- switch (ret)
- {
- case RE_LEN:
- RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
- break;
- case 0:
- break;
- default:
- RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
- }
- return !ret;
- }
-static int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx)
- {
- memset(data(ctx), 0, ctx->cipher->ctx_size);
- return 1;
- }
-
-#undef data
-#define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data)
-static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
- enc);
- return 1;
- }
-static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
- int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
- switch (ret)
- {
- case RE_LEN:
- RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
- break;
- case 0:
- break;
- default:
- RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
- }
- return !ret;
- }
-static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx)
- {
- memset(data(ctx), 0, ctx->cipher->ctx_size);
- return 1;
- }
-
-#undef data
-#define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data)
-static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
- const unsigned char *iv, int enc)
- {
- DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
- enc);
- return 1;
- }
-static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
- const unsigned char *in, unsigned int inl)
- {
- int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
- switch (ret)
- {
- case RE_LEN:
- RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
- break;
- case 0:
- break;
- default:
- RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
- }
- return !ret;
- }
-static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx)
- {
- memset(data(ctx), 0, ctx->cipher->ctx_size);
- return 1;
- }
-
-/*****************************************************************************
- * MD functions
- **/
-#undef data
-#define data(ctx) ((MD2_CTX *)(ctx)->md_data)
-static int digest_md2_init(EVP_MD_CTX *ctx)
- {
- MD2Init(data(ctx));
- return 1;
- }
-static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,
- unsigned long count)
- {
- MD2Update(data(ctx), (unsigned char *)data, (unsigned int)count);
- return 1;
- }
-static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md)
- {
- MD2Final(md, data(ctx));
- return 1;
- }
-
-#undef data
-#define data(ctx) ((MD5_CTX *)(ctx)->md_data)
-static int digest_md5_init(EVP_MD_CTX *ctx)
- {
- MD5Init(data(ctx));
- return 1;
- }
-static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,
- unsigned long count)
- {
- MD5Update(data(ctx), (unsigned char *)data, (unsigned int)count);
- return 1;
- }
-static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
- {
- MD5Final(md, data(ctx));
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref.c (from rev 6976, vendor-crypto/openssl/dist/demos/engines/rsaref/rsaref.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,713 @@
+/*
+ * Demo of how to construct your own engine and using it. The basis of this
+ * engine is RSAref, an old reference of the RSA algorithm which can still be
+ * found a little here and there.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "./source/global.h"
+#include "./source/rsaref.h"
+#include "./source/rsa.h"
+#include "./source/des.h"
+#include <openssl/err.h>
+#define OPENSSL_NO_MD2
+#define OPENSSL_NO_MD5
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/engine.h>
+
+#define RSAREF_LIB_NAME "rsaref engine"
+#include "rsaref_err.c"
+
+/*****************************************************************************
+ *** Function declarations and global variable definitions ***
+ *****************************************************************************/
+
+/*****************************************************************************
+ * Constants used when creating the ENGINE
+ **/
+static const char *engine_rsaref_id = "rsaref";
+static const char *engine_rsaref_name = "RSAref engine support";
+
+/*****************************************************************************
+ * Functions to handle the engine
+ **/
+static int rsaref_destroy(ENGINE *e);
+static int rsaref_init(ENGINE *e);
+static int rsaref_finish(ENGINE *e);
+#if 0
+static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ());
+#endif
+
+/*****************************************************************************
+ * Engine commands
+ **/
+static const ENGINE_CMD_DEFN rsaref_cmd_defns[] = {
+ {0, NULL, NULL, 0}
+};
+
+/*****************************************************************************
+ * RSA functions
+ **/
+static int rsaref_private_decrypt(int len, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int rsaref_private_encrypt(int len, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int rsaref_public_encrypt(int len, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int rsaref_public_decrypt(int len, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+
+/*****************************************************************************
+ * Our RSA method
+ **/
+static RSA_METHOD rsaref_rsa = {
+ "RSAref PKCS#1 RSA",
+ rsaref_public_encrypt,
+ rsaref_public_decrypt,
+ rsaref_private_encrypt,
+ rsaref_private_decrypt,
+ rsaref_mod_exp,
+ bnref_mod_exp,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL
+};
+
+/*****************************************************************************
+ * Symetric cipher and digest function registrars
+ **/
+static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ const int **nids, int nid);
+static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
+ const int **nids, int nid);
+
+static int rsaref_cipher_nids[] =
+ { NID_des_cbc, NID_des_ede3_cbc, NID_desx_cbc, 0 };
+static int rsaref_digest_nids[] = { NID_md2, NID_md5, 0 };
+
+/*****************************************************************************
+ * DES functions
+ **/
+static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl);
+static int cipher_des_cbc_clean(EVP_CIPHER_CTX *);
+static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in,
+ unsigned int inl);
+static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *);
+static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl);
+static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *);
+
+/*****************************************************************************
+ * Our DES ciphers
+ **/
+static const EVP_CIPHER cipher_des_cbc = {
+ NID_des_cbc,
+ 8, 8, 8,
+ 0 | EVP_CIPH_CBC_MODE,
+ cipher_des_cbc_init,
+ cipher_des_cbc_code,
+ cipher_des_cbc_clean,
+ sizeof(DES_CBC_CTX),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+static const EVP_CIPHER cipher_des_ede3_cbc = {
+ NID_des_ede3_cbc,
+ 8, 24, 8,
+ 0 | EVP_CIPH_CBC_MODE,
+ cipher_des_ede3_cbc_init,
+ cipher_des_ede3_cbc_code,
+ cipher_des_ede3_cbc_clean,
+ sizeof(DES3_CBC_CTX),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+static const EVP_CIPHER cipher_desx_cbc = {
+ NID_desx_cbc,
+ 8, 24, 8,
+ 0 | EVP_CIPH_CBC_MODE,
+ cipher_desx_cbc_init,
+ cipher_desx_cbc_code,
+ cipher_desx_cbc_clean,
+ sizeof(DESX_CBC_CTX),
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+
+/*****************************************************************************
+ * MD functions
+ **/
+static int digest_md2_init(EVP_MD_CTX *ctx);
+static int digest_md2_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count);
+static int digest_md2_final(EVP_MD_CTX *ctx, unsigned char *md);
+static int digest_md5_init(EVP_MD_CTX *ctx);
+static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count);
+static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+/*****************************************************************************
+ * Our MD digests
+ **/
+static const EVP_MD digest_md2 = {
+ NID_md2,
+ NID_md2WithRSAEncryption,
+ 16,
+ 0,
+ digest_md2_init,
+ digest_md2_update,
+ digest_md2_final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ 16,
+ sizeof(MD2_CTX)
+};
+
+static const EVP_MD digest_md5 = {
+ NID_md5,
+ NID_md5WithRSAEncryption,
+ 16,
+ 0,
+ digest_md5_init,
+ digest_md5_update,
+ digest_md5_final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_method,
+ 64,
+ sizeof(MD5_CTX)
+};
+
+/*****************************************************************************
+ *** Function definitions ***
+ *****************************************************************************/
+
+/*****************************************************************************
+ * Functions to handle the engine
+ **/
+
+static int bind_rsaref(ENGINE *e)
+{
+ const RSA_METHOD *meth1;
+ if (!ENGINE_set_id(e, engine_rsaref_id)
+ || !ENGINE_set_name(e, engine_rsaref_name)
+ || !ENGINE_set_RSA(e, &rsaref_rsa)
+ || !ENGINE_set_ciphers(e, rsaref_ciphers)
+ || !ENGINE_set_digests(e, rsaref_digests)
+ || !ENGINE_set_destroy_function(e, rsaref_destroy)
+ || !ENGINE_set_init_function(e, rsaref_init)
+ || !ENGINE_set_finish_function(e, rsaref_finish)
+ /* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */
+ /*
+ * || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns)
+ */ )
+ return 0;
+
+ /* Ensure the rsaref error handling is set up */
+ ERR_load_RSAREF_strings();
+ return 1;
+}
+
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_helper(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_rsaref_id) != 0))
+ return 0;
+ if (!bind_rsaref(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_rsaref(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_rsaref(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_rsaref(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_rsaref();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+#endif
+
+/* Initiator which is only present to make sure this engine looks available */
+static int rsaref_init(ENGINE *e)
+{
+ return 1;
+}
+
+/* Finisher which is only present to make sure this engine looks available */
+static int rsaref_finish(ENGINE *e)
+{
+ return 1;
+}
+
+/* Destructor (complements the "ENGINE_ncipher()" constructor) */
+static int rsaref_destroy(ENGINE *e)
+{
+ ERR_unload_RSAREF_strings();
+ return 1;
+}
+
+/*****************************************************************************
+ * RSA functions
+ **/
+
+static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+ RSAREFerr(RSAREF_F_RSAREF_MOD_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (0);
+}
+
+static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ RSAREFerr(RSAREF_F_BNREF_MOD_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (0);
+}
+
+/* unsigned char *to: [max] */
+static int RSAref_bn2bin(BIGNUM *from, unsigned char *to, int max)
+{
+ int i;
+
+ i = BN_num_bytes(from);
+ if (i > max) {
+ RSAREFerr(RSAREF_F_RSAREF_BN2BIN, RSAREF_R_LEN);
+ return (0);
+ }
+
+ memset(to, 0, (unsigned int)max);
+ if (!BN_bn2bin(from, &(to[max - i])))
+ return (0);
+ return (1);
+}
+
+#ifdef undef
+/* unsigned char *from: [max] */
+static BIGNUM *RSAref_bin2bn(unsigned char *from, BIGNUM *to, int max)
+{
+ int i;
+ BIGNUM *ret;
+
+ for (i = 0; i < max; i++)
+ if (from[i])
+ break;
+
+ ret = BN_bin2bn(&(from[i]), max - i, to);
+ return (ret);
+}
+
+static int RSAref_Public_ref2eay(RSArefPublicKey * from, RSA *to)
+{
+ to->n = RSAref_bin2bn(from->m, NULL, RSAref_MAX_LEN);
+ to->e = RSAref_bin2bn(from->e, NULL, RSAref_MAX_LEN);
+ if ((to->n == NULL) || (to->e == NULL))
+ return (0);
+ return (1);
+}
+#endif
+
+static int RSAref_Public_eay2ref(RSA *from, R_RSA_PUBLIC_KEY * to)
+{
+ to->bits = BN_num_bits(from->n);
+ if (!RSAref_bn2bin(from->n, to->modulus, MAX_RSA_MODULUS_LEN))
+ return (0);
+ if (!RSAref_bn2bin(from->e, to->exponent, MAX_RSA_MODULUS_LEN))
+ return (0);
+ return (1);
+}
+
+#ifdef undef
+static int RSAref_Private_ref2eay(RSArefPrivateKey * from, RSA *to)
+{
+ if ((to->n = RSAref_bin2bn(from->m, NULL, RSAref_MAX_LEN)) == NULL)
+ return (0);
+ if ((to->e = RSAref_bin2bn(from->e, NULL, RSAref_MAX_LEN)) == NULL)
+ return (0);
+ if ((to->d = RSAref_bin2bn(from->d, NULL, RSAref_MAX_LEN)) == NULL)
+ return (0);
+ if ((to->p =
+ RSAref_bin2bn(from->prime[0], NULL, RSAref_MAX_PLEN)) == NULL)
+ return (0);
+ if ((to->q =
+ RSAref_bin2bn(from->prime[1], NULL, RSAref_MAX_PLEN)) == NULL)
+ return (0);
+ if ((to->dmp1 = RSAref_bin2bn(from->pexp[0], NULL, RSAref_MAX_PLEN))
+ == NULL)
+ return (0);
+ if ((to->dmq1 = RSAref_bin2bn(from->pexp[1], NULL, RSAref_MAX_PLEN))
+ == NULL)
+ return (0);
+ if ((to->iqmp = RSAref_bin2bn(from->coef, NULL, RSAref_MAX_PLEN)) == NULL)
+ return (0);
+ return (1);
+}
+#endif
+
+static int RSAref_Private_eay2ref(RSA *from, R_RSA_PRIVATE_KEY * to)
+{
+ to->bits = BN_num_bits(from->n);
+ if (!RSAref_bn2bin(from->n, to->modulus, MAX_RSA_MODULUS_LEN))
+ return (0);
+ if (!RSAref_bn2bin(from->e, to->publicExponent, MAX_RSA_MODULUS_LEN))
+ return (0);
+ if (!RSAref_bn2bin(from->d, to->exponent, MAX_RSA_MODULUS_LEN))
+ return (0);
+ if (!RSAref_bn2bin(from->p, to->prime[0], MAX_RSA_PRIME_LEN))
+ return (0);
+ if (!RSAref_bn2bin(from->q, to->prime[1], MAX_RSA_PRIME_LEN))
+ return (0);
+ if (!RSAref_bn2bin(from->dmp1, to->primeExponent[0], MAX_RSA_PRIME_LEN))
+ return (0);
+ if (!RSAref_bn2bin(from->dmq1, to->primeExponent[1], MAX_RSA_PRIME_LEN))
+ return (0);
+ if (!RSAref_bn2bin(from->iqmp, to->coefficient, MAX_RSA_PRIME_LEN))
+ return (0);
+ return (1);
+}
+
+static int rsaref_private_decrypt(int len, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ int i, outlen = -1;
+ R_RSA_PRIVATE_KEY RSAkey;
+
+ if (!RSAref_Private_eay2ref(rsa, &RSAkey))
+ goto err;
+ if ((i =
+ RSAPrivateDecrypt(to, (unsigned int *)&outlen, (unsigned char *)from,
+ len, &RSAkey)) != 0) {
+ RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT, i);
+ outlen = -1;
+ }
+ err:
+ memset(&RSAkey, 0, sizeof(RSAkey));
+ return (outlen);
+}
+
+static int rsaref_private_encrypt(int len, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ int i, outlen = -1;
+ R_RSA_PRIVATE_KEY RSAkey;
+
+ if (padding != RSA_PKCS1_PADDING) {
+ RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,
+ RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (!RSAref_Private_eay2ref(rsa, &RSAkey))
+ goto err;
+ if ((i =
+ RSAPrivateEncrypt(to, (unsigned int *)&outlen, (unsigned char *)from,
+ len, &RSAkey)) != 0) {
+ RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT, i);
+ outlen = -1;
+ }
+ err:
+ memset(&RSAkey, 0, sizeof(RSAkey));
+ return (outlen);
+}
+
+static int rsaref_public_decrypt(int len, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ int i, outlen = -1;
+ R_RSA_PUBLIC_KEY RSAkey;
+
+ if (!RSAref_Public_eay2ref(rsa, &RSAkey))
+ goto err;
+ if ((i =
+ RSAPublicDecrypt(to, (unsigned int *)&outlen, (unsigned char *)from,
+ len, &RSAkey)) != 0) {
+ RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT, i);
+ outlen = -1;
+ }
+ err:
+ memset(&RSAkey, 0, sizeof(RSAkey));
+ return (outlen);
+}
+
+static int rsaref_public_encrypt(int len, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ int outlen = -1;
+ int i;
+ R_RSA_PUBLIC_KEY RSAkey;
+ R_RANDOM_STRUCT rnd;
+ unsigned char buf[16];
+
+ if (padding != RSA_PKCS1_PADDING && padding != RSA_SSLV23_PADDING) {
+ RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+
+ R_RandomInit(&rnd);
+ R_GetRandomBytesNeeded((unsigned int *)&i, &rnd);
+ while (i > 0) {
+ if (RAND_bytes(buf, 16) <= 0)
+ goto err;
+ R_RandomUpdate(&rnd, buf, (unsigned int)((i > 16) ? 16 : i));
+ i -= 16;
+ }
+
+ if (!RSAref_Public_eay2ref(rsa, &RSAkey))
+ goto err;
+ if ((i =
+ RSAPublicEncrypt(to, (unsigned int *)&outlen, (unsigned char *)from,
+ len, &RSAkey, &rnd)) != 0) {
+ RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, i);
+ outlen = -1;
+ goto err;
+ }
+ err:
+ memset(&RSAkey, 0, sizeof(RSAkey));
+ R_RandomFinal(&rnd);
+ memset(&rnd, 0, sizeof(rnd));
+ return (outlen);
+}
+
+/*****************************************************************************
+ * Symetric cipher and digest function registrars
+ **/
+static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ const int **nids, int nid)
+{
+ int ok = 1;
+ if (!cipher) {
+ /* We are returning a list of supported nids */
+ *nids = rsaref_cipher_nids;
+ return (sizeof(rsaref_cipher_nids) -
+ 1) / sizeof(rsaref_cipher_nids[0]);
+ }
+ /* We are being asked for a specific cipher */
+ switch (nid) {
+ case NID_des_cbc:
+ *cipher = &cipher_des_cbc;
+ break;
+ case NID_des_ede3_cbc:
+ *cipher = &cipher_des_ede3_cbc;
+ break;
+ case NID_desx_cbc:
+ *cipher = &cipher_desx_cbc;
+ break;
+ default:
+ ok = 0;
+ *cipher = NULL;
+ break;
+ }
+ return ok;
+}
+
+static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
+ const int **nids, int nid)
+{
+ int ok = 1;
+ if (!digest) {
+ /* We are returning a list of supported nids */
+ *nids = rsaref_digest_nids;
+ return (sizeof(rsaref_digest_nids) -
+ 1) / sizeof(rsaref_digest_nids[0]);
+ }
+ /* We are being asked for a specific digest */
+ switch (nid) {
+ case NID_md2:
+ *digest = &digest_md2;
+ break;
+ case NID_md5:
+ *digest = &digest_md5;
+ break;
+ default:
+ ok = 0;
+ *digest = NULL;
+ break;
+ }
+ return ok;
+}
+
+/*****************************************************************************
+ * DES functions
+ **/
+#undef data
+#define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data)
+static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
+ return 1;
+}
+
+static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
+ switch (ret) {
+ case RE_LEN:
+ RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,
+ RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
+ break;
+ case 0:
+ break;
+ default:
+ RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE, RSAREF_R_UNKNOWN_FAULT);
+ }
+ return !ret;
+}
+
+static int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx)
+{
+ memset(data(ctx), 0, ctx->cipher->ctx_size);
+ return 1;
+}
+
+#undef data
+#define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data)
+static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
+ return 1;
+}
+
+static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
+ switch (ret) {
+ case RE_LEN:
+ RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,
+ RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
+ break;
+ case 0:
+ break;
+ default:
+ RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE, RSAREF_R_UNKNOWN_FAULT);
+ }
+ return !ret;
+}
+
+static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx)
+{
+ memset(data(ctx), 0, ctx->cipher->ctx_size);
+ return 1;
+}
+
+#undef data
+#define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data)
+static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
+ return 1;
+}
+
+static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+ int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
+ switch (ret) {
+ case RE_LEN:
+ RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,
+ RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
+ break;
+ case 0:
+ break;
+ default:
+ RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE, RSAREF_R_UNKNOWN_FAULT);
+ }
+ return !ret;
+}
+
+static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx)
+{
+ memset(data(ctx), 0, ctx->cipher->ctx_size);
+ return 1;
+}
+
+/*****************************************************************************
+ * MD functions
+ **/
+#undef data
+#define data(ctx) ((MD2_CTX *)(ctx)->md_data)
+static int digest_md2_init(EVP_MD_CTX *ctx)
+{
+ MD2Init(data(ctx));
+ return 1;
+}
+
+static int digest_md2_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count)
+{
+ MD2Update(data(ctx), (unsigned char *)data, (unsigned int)count);
+ return 1;
+}
+
+static int digest_md2_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ MD2Final(md, data(ctx));
+ return 1;
+}
+
+#undef data
+#define data(ctx) ((MD5_CTX *)(ctx)->md_data)
+static int digest_md5_init(EVP_MD_CTX *ctx)
+{
+ MD5Init(data(ctx));
+ return 1;
+}
+
+static int digest_md5_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count)
+{
+ MD5Update(data(ctx), (unsigned char *)data, (unsigned int)count);
+ return 1;
+}
+
+static int digest_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ MD5Final(md, data(ctx));
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.c
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/rsaref/rsaref_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,161 +0,0 @@
-/* rsaref_err.c */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "rsaref_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA RSAREF_str_functs[]=
- {
-{ERR_PACK(0,RSAREF_F_BNREF_MOD_EXP,0), "BNREF_MOD_EXP"},
-{ERR_PACK(0,RSAREF_F_CIPHER_DES_CBC_CODE,0), "CIPHER_DES_CBC_CODE"},
-{ERR_PACK(0,RSAREF_F_RSAREF_BN2BIN,0), "RSAREF_BN2BIN"},
-{ERR_PACK(0,RSAREF_F_RSAREF_MOD_EXP,0), "RSAREF_MOD_EXP"},
-{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_DECRYPT,0), "RSAREF_PRIVATE_DECRYPT"},
-{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_ENCRYPT,0), "RSAREF_PRIVATE_ENCRYPT"},
-{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_DECRYPT,0), "RSAREF_PUBLIC_DECRYPT"},
-{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_ENCRYPT,0), "RSAREF_PUBLIC_ENCRYPT"},
-{ERR_PACK(0,RSAREF_F_RSA_BN2BIN,0), "RSA_BN2BIN"},
-{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_DECRYPT,0), "RSA_PRIVATE_DECRYPT"},
-{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_ENCRYPT,0), "RSA_PRIVATE_ENCRYPT"},
-{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_DECRYPT,0), "RSA_PUBLIC_DECRYPT"},
-{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_ENCRYPT,0), "RSA_PUBLIC_ENCRYPT"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA RSAREF_str_reasons[]=
- {
-{RSAREF_R_CONTENT_ENCODING ,"content encoding"},
-{RSAREF_R_DATA ,"data"},
-{RSAREF_R_DIGEST_ALGORITHM ,"digest algorithm"},
-{RSAREF_R_ENCODING ,"encoding"},
-{RSAREF_R_ENCRYPTION_ALGORITHM ,"encryption algorithm"},
-{RSAREF_R_KEY ,"key"},
-{RSAREF_R_KEY_ENCODING ,"key encoding"},
-{RSAREF_R_LEN ,"len"},
-{RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED ,"length not block aligned"},
-{RSAREF_R_MODULUS_LEN ,"modulus len"},
-{RSAREF_R_NEED_RANDOM ,"need random"},
-{RSAREF_R_PRIVATE_KEY ,"private key"},
-{RSAREF_R_PUBLIC_KEY ,"public key"},
-{RSAREF_R_SIGNATURE ,"signature"},
-{RSAREF_R_SIGNATURE_ENCODING ,"signature encoding"},
-{RSAREF_R_UNKNOWN_FAULT ,"unknown fault"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef RSAREF_LIB_NAME
-static ERR_STRING_DATA RSAREF_lib_name[]=
- {
-{0 ,RSAREF_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int RSAREF_lib_error_code=0;
-static int RSAREF_error_init=1;
-
-static void ERR_load_RSAREF_strings(void)
- {
- if (RSAREF_lib_error_code == 0)
- RSAREF_lib_error_code=ERR_get_next_error_library();
-
- if (RSAREF_error_init)
- {
- RSAREF_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_functs);
- ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_reasons);
-#endif
-
-#ifdef RSAREF_LIB_NAME
- RSAREF_lib_name->error = ERR_PACK(RSAREF_lib_error_code,0,0);
- ERR_load_strings(0,RSAREF_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_RSAREF_strings(void)
- {
- if (RSAREF_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_functs);
- ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_reasons);
-#endif
-
-#ifdef RSAREF_LIB_NAME
- ERR_unload_strings(0,RSAREF_lib_name);
-#endif
- RSAREF_error_init=1;
- }
- }
-
-static void ERR_RSAREF_error(int function, int reason, char *file, int line)
- {
- if (RSAREF_lib_error_code == 0)
- RSAREF_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(RSAREF_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.c (from rev 6976, vendor-crypto/openssl/dist/demos/engines/rsaref/rsaref_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,158 @@
+/* rsaref_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "rsaref_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA RSAREF_str_functs[] = {
+ {ERR_PACK(0, RSAREF_F_BNREF_MOD_EXP, 0), "BNREF_MOD_EXP"},
+ {ERR_PACK(0, RSAREF_F_CIPHER_DES_CBC_CODE, 0), "CIPHER_DES_CBC_CODE"},
+ {ERR_PACK(0, RSAREF_F_RSAREF_BN2BIN, 0), "RSAREF_BN2BIN"},
+ {ERR_PACK(0, RSAREF_F_RSAREF_MOD_EXP, 0), "RSAREF_MOD_EXP"},
+ {ERR_PACK(0, RSAREF_F_RSAREF_PRIVATE_DECRYPT, 0),
+ "RSAREF_PRIVATE_DECRYPT"},
+ {ERR_PACK(0, RSAREF_F_RSAREF_PRIVATE_ENCRYPT, 0),
+ "RSAREF_PRIVATE_ENCRYPT"},
+ {ERR_PACK(0, RSAREF_F_RSAREF_PUBLIC_DECRYPT, 0), "RSAREF_PUBLIC_DECRYPT"},
+ {ERR_PACK(0, RSAREF_F_RSAREF_PUBLIC_ENCRYPT, 0), "RSAREF_PUBLIC_ENCRYPT"},
+ {ERR_PACK(0, RSAREF_F_RSA_BN2BIN, 0), "RSA_BN2BIN"},
+ {ERR_PACK(0, RSAREF_F_RSA_PRIVATE_DECRYPT, 0), "RSA_PRIVATE_DECRYPT"},
+ {ERR_PACK(0, RSAREF_F_RSA_PRIVATE_ENCRYPT, 0), "RSA_PRIVATE_ENCRYPT"},
+ {ERR_PACK(0, RSAREF_F_RSA_PUBLIC_DECRYPT, 0), "RSA_PUBLIC_DECRYPT"},
+ {ERR_PACK(0, RSAREF_F_RSA_PUBLIC_ENCRYPT, 0), "RSA_PUBLIC_ENCRYPT"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA RSAREF_str_reasons[] = {
+ {RSAREF_R_CONTENT_ENCODING, "content encoding"},
+ {RSAREF_R_DATA, "data"},
+ {RSAREF_R_DIGEST_ALGORITHM, "digest algorithm"},
+ {RSAREF_R_ENCODING, "encoding"},
+ {RSAREF_R_ENCRYPTION_ALGORITHM, "encryption algorithm"},
+ {RSAREF_R_KEY, "key"},
+ {RSAREF_R_KEY_ENCODING, "key encoding"},
+ {RSAREF_R_LEN, "len"},
+ {RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED, "length not block aligned"},
+ {RSAREF_R_MODULUS_LEN, "modulus len"},
+ {RSAREF_R_NEED_RANDOM, "need random"},
+ {RSAREF_R_PRIVATE_KEY, "private key"},
+ {RSAREF_R_PUBLIC_KEY, "public key"},
+ {RSAREF_R_SIGNATURE, "signature"},
+ {RSAREF_R_SIGNATURE_ENCODING, "signature encoding"},
+ {RSAREF_R_UNKNOWN_FAULT, "unknown fault"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef RSAREF_LIB_NAME
+static ERR_STRING_DATA RSAREF_lib_name[] = {
+ {0, RSAREF_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int RSAREF_lib_error_code = 0;
+static int RSAREF_error_init = 1;
+
+static void ERR_load_RSAREF_strings(void)
+{
+ if (RSAREF_lib_error_code == 0)
+ RSAREF_lib_error_code = ERR_get_next_error_library();
+
+ if (RSAREF_error_init) {
+ RSAREF_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(RSAREF_lib_error_code, RSAREF_str_functs);
+ ERR_load_strings(RSAREF_lib_error_code, RSAREF_str_reasons);
+#endif
+
+#ifdef RSAREF_LIB_NAME
+ RSAREF_lib_name->error = ERR_PACK(RSAREF_lib_error_code, 0, 0);
+ ERR_load_strings(0, RSAREF_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_RSAREF_strings(void)
+{
+ if (RSAREF_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(RSAREF_lib_error_code, RSAREF_str_functs);
+ ERR_unload_strings(RSAREF_lib_error_code, RSAREF_str_reasons);
+#endif
+
+#ifdef RSAREF_LIB_NAME
+ ERR_unload_strings(0, RSAREF_lib_name);
+#endif
+ RSAREF_error_init = 1;
+ }
+}
+
+static void ERR_RSAREF_error(int function, int reason, char *file, int line)
+{
+ if (RSAREF_lib_error_code == 0)
+ RSAREF_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(RSAREF_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.h
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/rsaref/rsaref_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,109 +0,0 @@
-/* rsaref_err.h */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_RSAREF_ERR_H
-#define HEADER_RSAREF_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_RSAREF_strings(void);
-static void ERR_unload_RSAREF_strings(void);
-static void ERR_RSAREF_error(int function, int reason, char *file, int line);
-#define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
-/* Error codes for the RSAREF functions. */
-
-/* Function codes. */
-#define RSAREF_F_BNREF_MOD_EXP 100
-#define RSAREF_F_CIPHER_DES_CBC_CODE 112
-#define RSAREF_F_RSAREF_BN2BIN 101
-#define RSAREF_F_RSAREF_MOD_EXP 102
-#define RSAREF_F_RSAREF_PRIVATE_DECRYPT 103
-#define RSAREF_F_RSAREF_PRIVATE_ENCRYPT 104
-#define RSAREF_F_RSAREF_PUBLIC_DECRYPT 105
-#define RSAREF_F_RSAREF_PUBLIC_ENCRYPT 106
-#define RSAREF_F_RSA_BN2BIN 107
-#define RSAREF_F_RSA_PRIVATE_DECRYPT 108
-#define RSAREF_F_RSA_PRIVATE_ENCRYPT 109
-#define RSAREF_F_RSA_PUBLIC_DECRYPT 110
-#define RSAREF_F_RSA_PUBLIC_ENCRYPT 111
-
-/* Reason codes. */
-#define RSAREF_R_CONTENT_ENCODING 100
-#define RSAREF_R_DATA 101
-#define RSAREF_R_DIGEST_ALGORITHM 102
-#define RSAREF_R_ENCODING 103
-#define RSAREF_R_ENCRYPTION_ALGORITHM 104
-#define RSAREF_R_KEY 105
-#define RSAREF_R_KEY_ENCODING 106
-#define RSAREF_R_LEN 107
-#define RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED 114
-#define RSAREF_R_MODULUS_LEN 108
-#define RSAREF_R_NEED_RANDOM 109
-#define RSAREF_R_PRIVATE_KEY 110
-#define RSAREF_R_PUBLIC_KEY 111
-#define RSAREF_R_SIGNATURE 112
-#define RSAREF_R_SIGNATURE_ENCODING 113
-#define RSAREF_R_UNKNOWN_FAULT 115
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.h (from rev 6976, vendor-crypto/openssl/dist/demos/engines/rsaref/rsaref_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/rsaref/rsaref_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,110 @@
+/* rsaref_err.h */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_RSAREF_ERR_H
+# define HEADER_RSAREF_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_RSAREF_strings(void);
+static void ERR_unload_RSAREF_strings(void);
+static void ERR_RSAREF_error(int function, int reason, char *file, int line);
+# define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
+/* Error codes for the RSAREF functions. */
+
+/* Function codes. */
+# define RSAREF_F_BNREF_MOD_EXP 100
+# define RSAREF_F_CIPHER_DES_CBC_CODE 112
+# define RSAREF_F_RSAREF_BN2BIN 101
+# define RSAREF_F_RSAREF_MOD_EXP 102
+# define RSAREF_F_RSAREF_PRIVATE_DECRYPT 103
+# define RSAREF_F_RSAREF_PRIVATE_ENCRYPT 104
+# define RSAREF_F_RSAREF_PUBLIC_DECRYPT 105
+# define RSAREF_F_RSAREF_PUBLIC_ENCRYPT 106
+# define RSAREF_F_RSA_BN2BIN 107
+# define RSAREF_F_RSA_PRIVATE_DECRYPT 108
+# define RSAREF_F_RSA_PRIVATE_ENCRYPT 109
+# define RSAREF_F_RSA_PUBLIC_DECRYPT 110
+# define RSAREF_F_RSA_PUBLIC_ENCRYPT 111
+
+/* Reason codes. */
+# define RSAREF_R_CONTENT_ENCODING 100
+# define RSAREF_R_DATA 101
+# define RSAREF_R_DIGEST_ALGORITHM 102
+# define RSAREF_R_ENCODING 103
+# define RSAREF_R_ENCRYPTION_ALGORITHM 104
+# define RSAREF_R_KEY 105
+# define RSAREF_R_KEY_ENCODING 106
+# define RSAREF_R_LEN 107
+# define RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED 114
+# define RSAREF_R_MODULUS_LEN 108
+# define RSAREF_R_NEED_RANDOM 109
+# define RSAREF_R_PRIVATE_KEY 110
+# define RSAREF_R_PUBLIC_KEY 111
+# define RSAREF_R_SIGNATURE 112
+# define RSAREF_R_SIGNATURE_ENCODING 113
+# define RSAREF_R_UNKNOWN_FAULT 115
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.c
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1739 +0,0 @@
-/* crypto/engine/hw_zencod.c */
- /* Written by Fred Donnat (frederic.donnat at zencod.com) for "zencod"
- * engine integration in order to redirect crypto computing on a crypto
- * hardware accelerator zenssl32 ;-)
- *
- * Date : 25 jun 2002
- * Revision : 17 Ju7 2002
- * Version : zencod_engine-0.9.7
- */
-
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-/* ENGINE general include */
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_ZENCOD
-
-#ifdef FLAT_INC
-# include "hw_zencod.h"
-#else
-# include "vendor_defns/hw_zencod.h"
-#endif
-
-#define ZENCOD_LIB_NAME "zencod engine"
-#include "hw_zencod_err.c"
-
-#define FAIL_TO_SOFTWARE -15
-
-#define ZEN_LIBRARY "zenbridge"
-
-#if 0
-# define PERROR(s) perror(s)
-# define CHEESE() fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr)
-#else
-# define PERROR(s)
-# define CHEESE()
-#endif
-
-
-/* Sorry ;) */
-#ifndef WIN32
-static inline void esrever ( unsigned char *d, int l )
-{
- for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
-}
-
-static inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
-{
- for(d+=l;l--;)*--d=*s++;
-}
-#else
-static __inline void esrever ( unsigned char *d, int l )
-{
- for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
-}
-
-static __inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
-{
- for(d+=l;l--;)*--d=*s++;
-}
-#endif
-
-
-#define BIGNUM2ZEN(n, bn) (ptr_zencod_init_number((n), \
- (unsigned long) ((bn)->top * BN_BITS2), \
- (unsigned char *) ((bn)->d)))
-
-#define ZEN_BITS(n, bytes) (ptr_zencod_bytes2bits((unsigned char *) (n), (unsigned long) (bytes)))
-#define ZEN_BYTES(bits) (ptr_zencod_bits2bytes((unsigned long) (bits)))
-
-
-/* Function for ENGINE detection and control */
-static int zencod_destroy ( ENGINE *e ) ;
-static int zencod_init ( ENGINE *e ) ;
-static int zencod_finish ( ENGINE *e ) ;
-static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () ) ;
-
-/* BIGNUM stuff */
-static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx ) ;
-
-/* RSA stuff */
-#ifndef OPENSSL_NO_RSA
-static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *I, RSA *rsa ) ;
-static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx ) ;
-#endif
-
-/* DSA stuff */
-#ifndef OPENSSL_NO_DSA
-static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx ) ;
-
-static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa ) ;
-static int DSA_zencod_do_verify ( const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
- DSA *dsa ) ;
-#endif
-
-/* DH stuff */
-#ifndef OPENSSL_NO_DH
-static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx ) ;
-static int DH_zencod_generate_key ( DH *dh ) ;
-static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh ) ;
-#endif
-
-/* Rand stuff */
-static void RAND_zencod_seed ( const void *buf, int num ) ;
-static int RAND_zencod_rand_bytes ( unsigned char *buf, int num ) ;
-static int RAND_zencod_rand_status ( void ) ;
-
-/* Digest Stuff */
-static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid ) ;
-
-/* Cipher Stuff */
-static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid ) ;
-
-
-#define ZENCOD_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN zencod_cmd_defns [ ] =
-{
- { ZENCOD_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'zenbridge' shared library",
- ENGINE_CMD_FLAG_STRING},
- { 0, NULL, NULL, 0 }
-} ;
-
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD specific to zencod ENGINE providing pointers to our function */
-static RSA_METHOD zencod_rsa =
-{
- "ZENCOD RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- RSA_zencod_rsa_mod_exp,
- RSA_zencod_bn_mod_exp,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL
-} ;
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD specific to zencod ENGINE providing pointers to our function */
-static DSA_METHOD zencod_dsa =
-{
- "ZENCOD DSA method",
- DSA_zencod_do_sign,
- NULL,
- DSA_zencod_do_verify,
- NULL,
- DSA_zencod_bn_mod_exp,
- NULL,
- NULL,
- 0,
- NULL
-} ;
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD specific to zencod ENGINE providing pointers to our function */
-static DH_METHOD zencod_dh =
-{
- "ZENCOD DH method",
- DH_zencod_generate_key,
- DH_zencod_compute_key,
- DH_zencod_bn_mod_exp,
- NULL,
- NULL,
- 0,
- NULL
-} ;
-#endif
-
-/* Our internal RAND_meth specific to zencod ZNGINE providing pointers to our function */
-static RAND_METHOD zencod_rand =
-{
- RAND_zencod_seed,
- RAND_zencod_rand_bytes,
- NULL,
- NULL,
- RAND_zencod_rand_bytes,
- RAND_zencod_rand_status
-} ;
-
-
-/* Constants used when creating the ENGINE */
-static const char *engine_zencod_id = "zencod";
-static const char *engine_zencod_name = "ZENCOD hardware engine support";
-
-
-/* This internal function is used by ENGINE_zencod () and possibly by the
- * "dynamic" ENGINE support too ;-)
- */
-static int bind_helper ( ENGINE *e )
-{
-
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth_rsa ;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth_dsa ;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth_dh ;
-#endif
-
- const RAND_METHOD *meth_rand ;
-
-
- if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
- !ENGINE_set_name ( e, engine_zencod_name ) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA ( e, &zencod_rsa ) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA ( e, &zencod_dsa ) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH ( e, &zencod_dh ) ||
-#endif
- !ENGINE_set_RAND ( e, &zencod_rand ) ||
-
- !ENGINE_set_destroy_function ( e, zencod_destroy ) ||
- !ENGINE_set_init_function ( e, zencod_init ) ||
- !ENGINE_set_finish_function ( e, zencod_finish ) ||
- !ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
- !ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
- !ENGINE_set_digests ( e, engine_digests ) ||
- !ENGINE_set_ciphers ( e, engine_ciphers ) ) {
- return 0 ;
- }
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the Zencod-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway!
- */
- meth_rsa = RSA_PKCS1_SSLeay () ;
-
- zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
- zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
- zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
- zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
- /* meth_rsa->rsa_mod_exp */
- /* meth_rsa->bn_mod_exp */
- zencod_rsa.init = meth_rsa->init ;
- zencod_rsa.finish = meth_rsa->finish ;
-#endif
-
-#ifndef OPENSSL_NO_DSA
- /* We use OpenSSL meth to supply what we don't provide ;-*)
- */
- meth_dsa = DSA_OpenSSL () ;
-
- /* meth_dsa->dsa_do_sign */
- zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
- /* meth_dsa->dsa_do_verify */
- zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
- /* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
- zencod_dsa.init = meth_dsa->init ;
- zencod_dsa.finish = meth_dsa->finish ;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* We use OpenSSL meth to supply what we don't provide ;-*)
- */
- meth_dh = DH_OpenSSL () ;
-
- /* zencod_dh.generate_key = meth_dh->generate_key ; */
- /* zencod_dh.compute_key = meth_dh->compute_key ; */
- /* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
- zencod_dh.init = meth_dh->init ;
- zencod_dh.finish = meth_dh->finish ;
-
-#endif
-
- /* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
- */
- meth_rand = RAND_SSLeay () ;
-
- /* meth_rand->seed ; */
- /* zencod_rand.seed = meth_rand->seed ; */
- /* meth_rand->bytes ; */
- /* zencod_rand.bytes = meth_rand->bytes ; */
- zencod_rand.cleanup = meth_rand->cleanup ;
- zencod_rand.add = meth_rand->add ;
- /* meth_rand->pseudorand ; */
- /* zencod_rand.pseudorand = meth_rand->pseudorand ; */
- /* zencod_rand.status = meth_rand->status ; */
- /* meth_rand->status ; */
-
- /* Ensure the zencod error handling is set up */
- ERR_load_ZENCOD_strings () ;
- return 1 ;
-}
-
-
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!)
- */
-static ENGINE *ENGINE_zencod ( void )
-{
-
- ENGINE *eng = ENGINE_new () ;
-
- if ( !eng ) {
- return NULL ;
- }
- if ( !bind_helper ( eng ) ) {
- ENGINE_free ( eng ) ;
- return NULL ;
- }
-
- return eng ;
-}
-
-
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static
-#endif
-void ENGINE_load_zencod ( void )
-{
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = ENGINE_zencod ( ) ;
- if ( !toadd ) return ;
- ENGINE_add ( toadd ) ;
- ENGINE_free ( toadd ) ;
- ERR_clear_error ( ) ;
-}
-
-
-/* This is a process-global DSO handle used for loading and unloading
- * the ZENBRIDGE library.
- * NB: This is only set (or unset) during an * init () or finish () call
- * (reference counts permitting) and they're * operating with global locks,
- * so this should be thread-safe * implicitly.
- */
-static DSO *zencod_dso = NULL ;
-
-static t_zencod_test *ptr_zencod_test = NULL ;
-static t_zencod_bytes2bits *ptr_zencod_bytes2bits = NULL ;
-static t_zencod_bits2bytes *ptr_zencod_bits2bytes = NULL ;
-static t_zencod_new_number *ptr_zencod_new_number = NULL ;
-static t_zencod_init_number *ptr_zencod_init_number = NULL ;
-
-static t_zencod_rsa_mod_exp *ptr_zencod_rsa_mod_exp = NULL ;
-static t_zencod_rsa_mod_exp_crt *ptr_zencod_rsa_mod_exp_crt = NULL ;
-static t_zencod_dsa_do_sign *ptr_zencod_dsa_do_sign = NULL ;
-static t_zencod_dsa_do_verify *ptr_zencod_dsa_do_verify = NULL ;
-static t_zencod_dh_generate_key *ptr_zencod_dh_generate_key = NULL ;
-static t_zencod_dh_compute_key *ptr_zencod_dh_compute_key = NULL ;
-static t_zencod_rand_bytes *ptr_zencod_rand_bytes = NULL ;
-static t_zencod_math_mod_exp *ptr_zencod_math_mod_exp = NULL ;
-
-static t_zencod_md5_init *ptr_zencod_md5_init = NULL ;
-static t_zencod_md5_update *ptr_zencod_md5_update = NULL ;
-static t_zencod_md5_do_final *ptr_zencod_md5_do_final = NULL ;
-static t_zencod_sha1_init *ptr_zencod_sha1_init = NULL ;
-static t_zencod_sha1_update *ptr_zencod_sha1_update = NULL ;
-static t_zencod_sha1_do_final *ptr_zencod_sha1_do_final = NULL ;
-
-static t_zencod_xdes_cipher *ptr_zencod_xdes_cipher = NULL ;
-static t_zencod_rc4_cipher *ptr_zencod_rc4_cipher = NULL ;
-
-/* These are the static string constants for the DSO file name and the function
- * symbol names to bind to.
- */
-static const char *ZENCOD_LIBNAME = ZEN_LIBRARY ;
-
-static const char *ZENCOD_Fct_0 = "test_device" ;
-static const char *ZENCOD_Fct_1 = "zenbridge_bytes2bits" ;
-static const char *ZENCOD_Fct_2 = "zenbridge_bits2bytes" ;
-static const char *ZENCOD_Fct_3 = "zenbridge_new_number" ;
-static const char *ZENCOD_Fct_4 = "zenbridge_init_number" ;
-
-static const char *ZENCOD_Fct_exp_1 = "zenbridge_rsa_mod_exp" ;
-static const char *ZENCOD_Fct_exp_2 = "zenbridge_rsa_mod_exp_crt" ;
-static const char *ZENCOD_Fct_dsa_1 = "zenbridge_dsa_do_sign" ;
-static const char *ZENCOD_Fct_dsa_2 = "zenbridge_dsa_do_verify" ;
-static const char *ZENCOD_Fct_dh_1 = "zenbridge_dh_generate_key" ;
-static const char *ZENCOD_Fct_dh_2 = "zenbridge_dh_compute_key" ;
-static const char *ZENCOD_Fct_rand_1 = "zenbridge_rand_bytes" ;
-static const char *ZENCOD_Fct_math_1 = "zenbridge_math_mod_exp" ;
-
-static const char *ZENCOD_Fct_md5_1 = "zenbridge_md5_init" ;
-static const char *ZENCOD_Fct_md5_2 = "zenbridge_md5_update" ;
-static const char *ZENCOD_Fct_md5_3 = "zenbridge_md5_do_final" ;
-static const char *ZENCOD_Fct_sha1_1 = "zenbridge_sha1_init" ;
-static const char *ZENCOD_Fct_sha1_2 = "zenbridge_sha1_update" ;
-static const char *ZENCOD_Fct_sha1_3 = "zenbridge_sha1_do_final" ;
-
-static const char *ZENCOD_Fct_xdes_1 = "zenbridge_xdes_cipher" ;
-static const char *ZENCOD_Fct_rc4_1 = "zenbridge_rc4_cipher" ;
-
-/* Destructor (complements the "ENGINE_zencod ()" constructor)
- */
-static int zencod_destroy (ENGINE *e )
-{
-
- ERR_unload_ZENCOD_strings () ;
-
- return 1 ;
-}
-
-
-/* (de)initialisation functions. Control Function
- */
-static int zencod_init ( ENGINE *e )
-{
-
- t_zencod_test *ptr_0 ;
- t_zencod_bytes2bits *ptr_1 ;
- t_zencod_bits2bytes *ptr_2 ;
- t_zencod_new_number *ptr_3 ;
- t_zencod_init_number *ptr_4 ;
- t_zencod_rsa_mod_exp *ptr_exp_1 ;
- t_zencod_rsa_mod_exp_crt *ptr_exp_2 ;
- t_zencod_dsa_do_sign *ptr_dsa_1 ;
- t_zencod_dsa_do_verify *ptr_dsa_2 ;
- t_zencod_dh_generate_key *ptr_dh_1 ;
- t_zencod_dh_compute_key *ptr_dh_2 ;
- t_zencod_rand_bytes *ptr_rand_1 ;
- t_zencod_math_mod_exp *ptr_math_1 ;
- t_zencod_md5_init *ptr_md5_1 ;
- t_zencod_md5_update *ptr_md5_2 ;
- t_zencod_md5_do_final *ptr_md5_3 ;
- t_zencod_sha1_init *ptr_sha1_1 ;
- t_zencod_sha1_update *ptr_sha1_2 ;
- t_zencod_sha1_do_final *ptr_sha1_3 ;
- t_zencod_xdes_cipher *ptr_xdes_1 ;
- t_zencod_rc4_cipher *ptr_rc4_1 ;
-
- CHEESE () ;
-
- /*
- * We Should add some tests for non NULL parameters or bad value !!
- * Stuff to be done ...
- */
-
- if ( zencod_dso != NULL ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_ALREADY_LOADED ) ;
- goto err ;
- }
- /* Trying to load the Library "cryptozen"
- */
- zencod_dso = DSO_load ( NULL, ZENCOD_LIBNAME, NULL, 0 ) ;
- if ( zencod_dso == NULL ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
- goto err ;
- }
-
- /* Trying to load Function from the Library
- */
- if ( ! ( ptr_1 = (t_zencod_bytes2bits*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_1 ) ) ||
- ! ( ptr_2 = (t_zencod_bits2bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_2 ) ) ||
- ! ( ptr_3 = (t_zencod_new_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_3 ) ) ||
- ! ( ptr_4 = (t_zencod_init_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_4 ) ) ||
- ! ( ptr_exp_1 = (t_zencod_rsa_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_1 ) ) ||
- ! ( ptr_exp_2 = (t_zencod_rsa_mod_exp_crt*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_2 ) ) ||
- ! ( ptr_dsa_1 = (t_zencod_dsa_do_sign*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_1 ) ) ||
- ! ( ptr_dsa_2 = (t_zencod_dsa_do_verify*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_2 ) ) ||
- ! ( ptr_dh_1 = (t_zencod_dh_generate_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_1 ) ) ||
- ! ( ptr_dh_2 = (t_zencod_dh_compute_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_2 ) ) ||
- ! ( ptr_rand_1 = (t_zencod_rand_bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rand_1 ) ) ||
- ! ( ptr_math_1 = (t_zencod_math_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_math_1 ) ) ||
- ! ( ptr_0 = (t_zencod_test *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_0 ) ) ||
- ! ( ptr_md5_1 = (t_zencod_md5_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_1 ) ) ||
- ! ( ptr_md5_2 = (t_zencod_md5_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_2 ) ) ||
- ! ( ptr_md5_3 = (t_zencod_md5_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_3 ) ) ||
- ! ( ptr_sha1_1 = (t_zencod_sha1_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_1 ) ) ||
- ! ( ptr_sha1_2 = (t_zencod_sha1_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_2 ) ) ||
- ! ( ptr_sha1_3 = (t_zencod_sha1_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_3 ) ) ||
- ! ( ptr_xdes_1 = (t_zencod_xdes_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_xdes_1 ) ) ||
- ! ( ptr_rc4_1 = (t_zencod_rc4_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rc4_1 ) ) ) {
-
- ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
- goto err ;
- }
-
- /* The function from "cryptozen" Library have been correctly loaded so copy them
- */
- ptr_zencod_test = ptr_0 ;
- ptr_zencod_bytes2bits = ptr_1 ;
- ptr_zencod_bits2bytes = ptr_2 ;
- ptr_zencod_new_number = ptr_3 ;
- ptr_zencod_init_number = ptr_4 ;
- ptr_zencod_rsa_mod_exp = ptr_exp_1 ;
- ptr_zencod_rsa_mod_exp_crt = ptr_exp_2 ;
- ptr_zencod_dsa_do_sign = ptr_dsa_1 ;
- ptr_zencod_dsa_do_verify = ptr_dsa_2 ;
- ptr_zencod_dh_generate_key = ptr_dh_1 ;
- ptr_zencod_dh_compute_key = ptr_dh_2 ;
- ptr_zencod_rand_bytes = ptr_rand_1 ;
- ptr_zencod_math_mod_exp = ptr_math_1 ;
- ptr_zencod_test = ptr_0 ;
- ptr_zencod_md5_init = ptr_md5_1 ;
- ptr_zencod_md5_update = ptr_md5_2 ;
- ptr_zencod_md5_do_final = ptr_md5_3 ;
- ptr_zencod_sha1_init = ptr_sha1_1 ;
- ptr_zencod_sha1_update = ptr_sha1_2 ;
- ptr_zencod_sha1_do_final = ptr_sha1_3 ;
- ptr_zencod_xdes_cipher = ptr_xdes_1 ;
- ptr_zencod_rc4_cipher = ptr_rc4_1 ;
-
- /* We should peform a test to see if there is actually any unit runnig on the system ...
- * Even if the cryptozen library is loaded the module coul not be loaded on the system ...
- * For now we may just open and close the device !!
- */
-
- if ( ptr_zencod_test () != 0 ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_UNIT_FAILURE ) ;
- goto err ;
- }
-
- return 1 ;
-err :
- if ( zencod_dso ) {
- DSO_free ( zencod_dso ) ;
- }
- zencod_dso = NULL ;
- ptr_zencod_bytes2bits = NULL ;
- ptr_zencod_bits2bytes = NULL ;
- ptr_zencod_new_number = NULL ;
- ptr_zencod_init_number = NULL ;
- ptr_zencod_rsa_mod_exp = NULL ;
- ptr_zencod_rsa_mod_exp_crt = NULL ;
- ptr_zencod_dsa_do_sign = NULL ;
- ptr_zencod_dsa_do_verify = NULL ;
- ptr_zencod_dh_generate_key = NULL ;
- ptr_zencod_dh_compute_key = NULL ;
- ptr_zencod_rand_bytes = NULL ;
- ptr_zencod_math_mod_exp = NULL ;
- ptr_zencod_test = NULL ;
- ptr_zencod_md5_init = NULL ;
- ptr_zencod_md5_update = NULL ;
- ptr_zencod_md5_do_final = NULL ;
- ptr_zencod_sha1_init = NULL ;
- ptr_zencod_sha1_update = NULL ;
- ptr_zencod_sha1_do_final = NULL ;
- ptr_zencod_xdes_cipher = NULL ;
- ptr_zencod_rc4_cipher = NULL ;
-
- return 0 ;
-}
-
-
-static int zencod_finish ( ENGINE *e )
-{
-
- CHEESE () ;
-
- /*
- * We Should add some tests for non NULL parameters or bad value !!
- * Stuff to be done ...
- */
- if ( zencod_dso == NULL ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_NOT_LOADED ) ;
- return 0 ;
- }
- if ( !DSO_free ( zencod_dso ) ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_DSO_FAILURE ) ;
- return 0 ;
- }
-
- zencod_dso = NULL ;
-
- ptr_zencod_bytes2bits = NULL ;
- ptr_zencod_bits2bytes = NULL ;
- ptr_zencod_new_number = NULL ;
- ptr_zencod_init_number = NULL ;
- ptr_zencod_rsa_mod_exp = NULL ;
- ptr_zencod_rsa_mod_exp_crt = NULL ;
- ptr_zencod_dsa_do_sign = NULL ;
- ptr_zencod_dsa_do_verify = NULL ;
- ptr_zencod_dh_generate_key = NULL ;
- ptr_zencod_dh_compute_key = NULL ;
- ptr_zencod_rand_bytes = NULL ;
- ptr_zencod_math_mod_exp = NULL ;
- ptr_zencod_test = NULL ;
- ptr_zencod_md5_init = NULL ;
- ptr_zencod_md5_update = NULL ;
- ptr_zencod_md5_do_final = NULL ;
- ptr_zencod_sha1_init = NULL ;
- ptr_zencod_sha1_update = NULL ;
- ptr_zencod_sha1_do_final = NULL ;
- ptr_zencod_xdes_cipher = NULL ;
- ptr_zencod_rc4_cipher = NULL ;
-
- return 1 ;
-}
-
-
-static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () )
-{
-
- int initialised = ( ( zencod_dso == NULL ) ? 0 : 1 ) ;
-
- CHEESE () ;
-
- /*
- * We Should add some tests for non NULL parameters or bad value !!
- * Stuff to be done ...
- */
- switch ( cmd ) {
- case ZENCOD_CMD_SO_PATH :
- if ( p == NULL ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ERR_R_PASSED_NULL_PARAMETER ) ;
- return 0 ;
- }
- if ( initialised ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_ALREADY_LOADED ) ;
- return 0 ;
- }
- ZENCOD_LIBNAME = (const char *) p ;
- return 1 ;
- default :
- break ;
- }
-
- ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ) ;
-
- return 0 ;
-}
-
-
-/* BIGNUM stuff Functions
- */
-static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx )
-{
- zen_nb_t y, x, e, n;
- int ret;
-
- CHEESE () ;
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- if ( !bn_wexpand(r, m->top + 1) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
- return 0;
- }
-
- memset(r->d, 0, BN_num_bytes(m));
-
- ptr_zencod_init_number ( &y, (r->dmax - 1) * sizeof (BN_ULONG) * 8, (unsigned char *) r->d ) ;
- BIGNUM2ZEN ( &x, a ) ;
- BIGNUM2ZEN ( &e, p ) ;
- BIGNUM2ZEN ( &n, m ) ;
-
- /* Must invert x and e parameter due to BN mod exp prototype ... */
- ret = ptr_zencod_math_mod_exp ( &y, &e, &x, &n ) ;
-
- if ( ret ) {
- PERROR("zenbridge_math_mod_exp");
- ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
-
- return 1;
-}
-
-
-/* RSA stuff Functions
- */
-#ifndef OPENSSL_NO_RSA
-static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *i, RSA *rsa )
-{
-
- CHEESE () ;
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- if ( !rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp ) {
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BAD_KEY_COMPONENTS);
- return 0;
- }
-
- /* Do in software if argument is too large for hardware */
- if ( RSA_size(rsa) * 8 > ZENBRIDGE_MAX_KEYSIZE_RSA_CRT ) {
- const RSA_METHOD *meth;
-
- meth = RSA_PKCS1_SSLeay();
- return meth->rsa_mod_exp(r0, i, rsa);
- } else {
- zen_nb_t y, x, p, q, dmp1, dmq1, iqmp;
-
- if ( !bn_expand(r0, RSA_size(rsa) * 8) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BN_EXPAND_FAIL);
- return 0;
- }
- r0->top = (RSA_size(rsa) * 8 + BN_BITS2 - 1) / BN_BITS2;
-
- BIGNUM2ZEN ( &x, i ) ;
- BIGNUM2ZEN ( &y, r0 ) ;
- BIGNUM2ZEN ( &p, rsa->p ) ;
- BIGNUM2ZEN ( &q, rsa->q ) ;
- BIGNUM2ZEN ( &dmp1, rsa->dmp1 ) ;
- BIGNUM2ZEN ( &dmq1, rsa->dmq1 ) ;
- BIGNUM2ZEN ( &iqmp, rsa->iqmp ) ;
-
- if ( ptr_zencod_rsa_mod_exp_crt ( &y, &x, &p, &q, &dmp1, &dmq1, &iqmp ) < 0 ) {
- PERROR("zenbridge_rsa_mod_exp_crt");
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- return 1;
- }
-}
-
-
-/* This function is aliased to RSA_mod_exp (with the mont stuff dropped).
- */
-static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx )
-{
-
- CHEESE () ;
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- /* Do in software if argument is too large for hardware */
- if ( BN_num_bits(m) > ZENBRIDGE_MAX_KEYSIZE_RSA ) {
- const RSA_METHOD *meth;
-
- meth = RSA_PKCS1_SSLeay();
- return meth->bn_mod_exp(r, a, p, m, ctx, m_ctx);
- } else {
- zen_nb_t y, x, e, n;
-
- if ( !bn_expand(r, BN_num_bits(m)) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
- return 0;
- }
- r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
-
- BIGNUM2ZEN ( &x, a ) ;
- BIGNUM2ZEN ( &y, r ) ;
- BIGNUM2ZEN ( &e, p ) ;
- BIGNUM2ZEN ( &n, m ) ;
-
- if ( ptr_zencod_rsa_mod_exp ( &y, &x, &n, &e ) < 0 ) {
- PERROR("zenbridge_rsa_mod_exp");
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- return 1;
- }
-}
-#endif /* !OPENSSL_NO_RSA */
-
-
-#ifndef OPENSSL_NO_DSA
-/* DSA stuff Functions
- */
-static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa )
-{
- zen_nb_t p, q, g, x, y, r, s, data;
- DSA_SIG *sig;
- BIGNUM *bn_r = NULL;
- BIGNUM *bn_s = NULL;
- char msg[20];
-
- CHEESE();
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_NOT_LOADED);
- goto FAILED;
- }
-
- if ( dlen > 160 ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
- goto FAILED;
- }
-
- /* Do in software if argument is too large for hardware */
- if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
- BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
- const DSA_METHOD *meth;
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
- meth = DSA_OpenSSL();
- return meth->dsa_do_sign(dgst, dlen, dsa);
- }
-
- if ( !(bn_s = BN_new()) || !(bn_r = BN_new()) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
- goto FAILED;
- }
-
- if ( !bn_expand(bn_r, 160) || !bn_expand(bn_s, 160) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BN_EXPAND_FAIL);
- goto FAILED;
- }
-
- bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
- BIGNUM2ZEN ( &p, dsa->p ) ;
- BIGNUM2ZEN ( &q, dsa->q ) ;
- BIGNUM2ZEN ( &g, dsa->g ) ;
- BIGNUM2ZEN ( &x, dsa->priv_key ) ;
- BIGNUM2ZEN ( &y, dsa->pub_key ) ;
- BIGNUM2ZEN ( &r, bn_r ) ;
- BIGNUM2ZEN ( &s, bn_s ) ;
- q.len = x.len = 160;
-
- ypcmem(msg, dgst, 20);
- ptr_zencod_init_number ( &data, 160, msg ) ;
-
- if ( ptr_zencod_dsa_do_sign ( 0, &data, &y, &p, &q, &g, &x, &r, &s ) < 0 ) {
- PERROR("zenbridge_dsa_do_sign");
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
- goto FAILED;
- }
-
- if ( !( sig = DSA_SIG_new () ) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
- goto FAILED;
- }
- sig->r = bn_r;
- sig->s = bn_s;
- return sig;
-
- FAILED:
- if (bn_r)
- BN_free(bn_r);
- if (bn_s)
- BN_free(bn_s);
- return NULL;
-}
-
-
-static int DSA_zencod_do_verify ( const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa )
-{
- zen_nb_t data, p, q, g, y, r, s, v;
- char msg[20];
- char v_data[20];
- int ret;
-
- CHEESE();
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- if ( dlen > 160 ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- /* Do in software if argument is too large for hardware */
- if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
- BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
- const DSA_METHOD *meth;
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
- meth = DSA_OpenSSL();
- return meth->dsa_do_verify(dgst, dlen, sig, dsa);
- }
-
- BIGNUM2ZEN ( &p, dsa->p ) ;
- BIGNUM2ZEN ( &q, dsa->q ) ;
- BIGNUM2ZEN ( &g, dsa->g ) ;
- BIGNUM2ZEN ( &y, dsa->pub_key ) ;
- BIGNUM2ZEN ( &r, sig->r ) ;
- BIGNUM2ZEN ( &s, sig->s ) ;
- ptr_zencod_init_number ( &v, 160, v_data ) ;
- ypcmem(msg, dgst, 20);
- ptr_zencod_init_number ( &data, 160, msg ) ;
-
- if ( ( ret = ptr_zencod_dsa_do_verify ( 0, &data, &p, &q, &g, &y, &r, &s, &v ) ) < 0 ) {
- PERROR("zenbridge_dsa_do_verify");
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- return ( ( ret == 0 ) ? 1 : ret ) ;
-}
-
-
-static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *m_ctx )
-{
- CHEESE () ;
-
- return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
-}
-#endif /* !OPENSSL_NO_DSA */
-
-
-#ifndef OPENSSl_NO_DH
-/* DH stuff Functions
- */
-static int DH_zencod_generate_key ( DH *dh )
-{
- BIGNUM *bn_prv = NULL;
- BIGNUM *bn_pub = NULL;
- zen_nb_t y, x, g, p;
- int generate_x;
-
- CHEESE();
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- /* Private key */
- if ( dh->priv_key ) {
- bn_prv = dh->priv_key;
- generate_x = 0;
- } else {
- if (!(bn_prv = BN_new())) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
- goto FAILED;
- }
- generate_x = 1;
- }
-
- /* Public key */
- if ( dh->pub_key )
- bn_pub = dh->pub_key;
- else
- if ( !( bn_pub = BN_new () ) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
- goto FAILED;
- }
-
- /* Expand */
- if ( !bn_wexpand ( bn_prv, dh->p->dmax ) ||
- !bn_wexpand ( bn_pub, dh->p->dmax ) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
- goto FAILED;
- }
- bn_prv->top = dh->p->top;
- bn_pub->top = dh->p->top;
-
- /* Convert all keys */
- BIGNUM2ZEN ( &p, dh->p ) ;
- BIGNUM2ZEN ( &g, dh->g ) ;
- BIGNUM2ZEN ( &y, bn_pub ) ;
- BIGNUM2ZEN ( &x, bn_prv ) ;
- x.len = DH_size(dh) * 8;
-
- /* Adjust the lengths of P and G */
- p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
- g.len = ptr_zencod_bytes2bits ( g.data, ZEN_BYTES ( g.len ) ) ;
-
- /* Send the request to the driver */
- if ( ptr_zencod_dh_generate_key ( &y, &x, &g, &p, generate_x ) < 0 ) {
- perror("zenbridge_dh_generate_key");
- ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_REQUEST_FAILED);
- goto FAILED;
- }
-
- dh->priv_key = bn_prv;
- dh->pub_key = bn_pub;
-
- return 1;
-
- FAILED:
- if (!dh->priv_key && bn_prv)
- BN_free(bn_prv);
- if (!dh->pub_key && bn_pub)
- BN_free(bn_pub);
-
- return 0;
-}
-
-
-static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh )
-{
- zen_nb_t y, x, p, k;
-
- CHEESE();
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- if ( !dh->priv_key ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_BAD_KEY_COMPONENTS);
- return 0;
- }
-
- /* Convert all keys */
- BIGNUM2ZEN ( &y, pub_key ) ;
- BIGNUM2ZEN ( &x, dh->priv_key ) ;
- BIGNUM2ZEN ( &p, dh->p ) ;
- ptr_zencod_init_number ( &k, p.len, key ) ;
-
- /* Adjust the lengths */
- p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
- y.len = ptr_zencod_bytes2bits ( y.data, ZEN_BYTES ( y.len ) ) ;
- x.len = ptr_zencod_bytes2bits ( x.data, ZEN_BYTES ( x.len ) ) ;
-
- /* Call the hardware */
- if ( ptr_zencod_dh_compute_key ( &k, &y, &x, &p ) < 0 ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- /* The key must be written MSB -> LSB */
- k.len = ptr_zencod_bytes2bits ( k.data, ZEN_BYTES ( k.len ) ) ;
- esrever ( key, ZEN_BYTES ( k.len ) ) ;
-
- return ZEN_BYTES ( k.len ) ;
-}
-
-
-static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx )
-{
- CHEESE () ;
-
- return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
-}
-#endif /* !OPENSSL_NO_DH */
-
-
-/* RAND stuff Functions
- */
-static void RAND_zencod_seed ( const void *buf, int num )
-{
- /* Nothing to do cause our crypto accelerator provide a true random generator */
-}
-
-
-static int RAND_zencod_rand_bytes ( unsigned char *buf, int num )
-{
- zen_nb_t r;
-
- CHEESE();
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- ptr_zencod_init_number ( &r, num * 8, buf ) ;
-
- if ( ptr_zencod_rand_bytes ( &r, ZENBRIDGE_RNG_DIRECT ) < 0 ) {
- PERROR("zenbridge_rand_bytes");
- ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- return 1;
-}
-
-
-static int RAND_zencod_rand_status ( void )
-{
- CHEESE () ;
-
- return 1;
-}
-
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library.
- */
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int bind_fn ( ENGINE *e, const char *id )
-{
-
- if ( id && ( strcmp ( id, engine_zencod_id ) != 0 ) ) {
- return 0 ;
- }
- if ( !bind_helper ( e ) ) {
- return 0 ;
- }
-
- return 1 ;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN ()
-IMPLEMENT_DYNAMIC_BIND_FN ( bind_fn )
-#endif /* ENGINE_DYNAMIC_SUPPORT */
-
-
-
-
-/*
- * Adding "Digest" and "Cipher" tools ...
- * This is in development ... ;-)
- * In orfer to code this, i refer to hw_openbsd_dev_crypto and openssl engine made by Geoff Thorpe (if i'm rigth),
- * and evp, sha md5 definitions etc ...
- */
-/* First add some include ... */
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-#include <openssl/md5.h>
-#include <openssl/rc4.h>
-#include <openssl/des.h>
-
-
-/* Some variables declaration ... */
-/* DONS:
- * Disable symetric computation except DES and 3DES, but let part of the code
- */
-/* static int engine_digest_nids [ ] = { NID_sha1, NID_md5 } ; */
-static int engine_digest_nids [ ] = { } ;
-static int engine_digest_nids_num = 0 ;
-/* static int engine_cipher_nids [ ] = { NID_rc4, NID_rc4_40, NID_des_cbc, NID_des_ede3_cbc } ; */
-static int engine_cipher_nids [ ] = { NID_des_cbc, NID_des_ede3_cbc } ;
-static int engine_cipher_nids_num = 2 ;
-
-
-/* Function prototype ... */
-/* SHA stuff */
-static int engine_sha1_init ( EVP_MD_CTX *ctx ) ;
-static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
-static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
-
-/* MD5 stuff */
-static int engine_md5_init ( EVP_MD_CTX *ctx ) ;
-static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
-static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
-
-static int engine_md_cleanup ( EVP_MD_CTX *ctx ) ;
-static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from ) ;
-
-
-/* RC4 Stuff */
-static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
-static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
-
-/* DES Stuff */
-static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
-static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
-
-/* 3DES Stuff */
-static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
-static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out,const unsigned char *in, unsigned int inl ) ;
-
-static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx ) ; /* cleanup ctx */
-
-
-/* The one for SHA ... */
-static const EVP_MD engine_sha1_md =
-{
- NID_sha1,
- NID_sha1WithRSAEncryption,
- SHA_DIGEST_LENGTH,
- EVP_MD_FLAG_ONESHOT,
- /* 0, */ /* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
- * XXX: set according to device info ... */
- engine_sha1_init,
- engine_sha1_update,
- engine_sha1_final,
- engine_md_copy, /* dev_crypto_sha_copy */
- engine_md_cleanup, /* dev_crypto_sha_cleanup */
- EVP_PKEY_RSA_method,
- SHA_CBLOCK,
- /* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */
- sizeof ( ZEN_MD_DATA )
- /* sizeof ( MD_CTX_DATA ) The message digest data structure ... */
-} ;
-
-/* The one for MD5 ... */
-static const EVP_MD engine_md5_md =
-{
- NID_md5,
- NID_md5WithRSAEncryption,
- MD5_DIGEST_LENGTH,
- EVP_MD_FLAG_ONESHOT,
- /* 0, */ /* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
- * XXX: set according to device info ... */
- engine_md5_init,
- engine_md5_update,
- engine_md5_final,
- engine_md_copy, /* dev_crypto_md5_copy */
- engine_md_cleanup, /* dev_crypto_md5_cleanup */
- EVP_PKEY_RSA_method,
- MD5_CBLOCK,
- /* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */
- sizeof ( ZEN_MD_DATA )
- /* sizeof ( MD_CTX_DATA ) The message digest data structure ... */
-} ;
-
-
-/* The one for RC4 ... */
-#define EVP_RC4_KEY_SIZE 16
-
-/* Try something static ... */
-typedef struct
-{
- unsigned int len ;
- unsigned int first ;
- unsigned char rc4_state [ 260 ] ;
-} NEW_ZEN_RC4_KEY ;
-
-#define rc4_data(ctx) ( (EVP_RC4_KEY *) ( ctx )->cipher_data )
-
-static const EVP_CIPHER engine_rc4 =
-{
- NID_rc4,
- 1,
- 16, /* EVP_RC4_KEY_SIZE should be 128 bits */
- 0, /* FIXME: key should be up to 256 bytes */
- EVP_CIPH_VARIABLE_LENGTH,
- engine_rc4_init_key,
- engine_rc4_cipher,
- engine_cipher_cleanup,
- sizeof ( NEW_ZEN_RC4_KEY ),
- NULL,
- NULL,
- NULL
-} ;
-
-/* The one for RC4_40 ... */
-static const EVP_CIPHER engine_rc4_40 =
-{
- NID_rc4_40,
- 1,
- 5, /* 40 bits */
- 0,
- EVP_CIPH_VARIABLE_LENGTH,
- engine_rc4_init_key,
- engine_rc4_cipher,
- engine_cipher_cleanup,
- sizeof ( NEW_ZEN_RC4_KEY ),
- NULL,
- NULL,
- NULL
-} ;
-
-/* The one for DES ... */
-
-/* Try something static ... */
-typedef struct
-{
- unsigned char des_key [ 24 ] ;
- unsigned char des_iv [ 8 ] ;
-} ZEN_DES_KEY ;
-
-static const EVP_CIPHER engine_des_cbc =
- {
- NID_des_cbc,
- 8, 8, 8,
- 0 | EVP_CIPH_CBC_MODE,
- engine_des_init_key,
- engine_des_cbc_cipher,
- engine_cipher_cleanup,
- sizeof(ZEN_DES_KEY),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL,
- NULL
- };
-
-/* The one for 3DES ... */
-
-/* Try something static ... */
-typedef struct
-{
- unsigned char des3_key [ 24 ] ;
- unsigned char des3_iv [ 8 ] ;
-} ZEN_3DES_KEY ;
-
-#define des_data(ctx) ( (DES_EDE_KEY *) ( ctx )->cipher_data )
-
-static const EVP_CIPHER engine_des_ede3_cbc =
- {
- NID_des_ede3_cbc,
- 8, 8, 8,
- 0 | EVP_CIPH_CBC_MODE,
- engine_des_ede3_init_key,
- engine_des_ede3_cbc_cipher,
- engine_cipher_cleanup,
- sizeof(ZEN_3DES_KEY),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL,
- NULL
- };
-
-
-/* General function cloned on hw_openbsd_dev_crypto one ... */
-static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid )
-{
-
-#ifdef DEBUG_ZENCOD_MD
- fprintf ( stderr, "\t=>Function : static int engine_digests () called !\n" ) ;
-#endif
-
- if ( !digest ) {
- /* We are returning a list of supported nids */
- *nids = engine_digest_nids ;
- return engine_digest_nids_num ;
- }
- /* We are being asked for a specific digest */
- if ( nid == NID_md5 ) {
- *digest = &engine_md5_md ;
- }
- else if ( nid == NID_sha1 ) {
- *digest = &engine_sha1_md ;
- }
- else {
- *digest = NULL ;
- return 0 ;
- }
- return 1 ;
-}
-
-
-/* SHA stuff Functions
- */
-static int engine_sha1_init ( EVP_MD_CTX *ctx )
-{
-
- int to_return = 0 ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_sha1_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
- to_return = !to_return ;
-
- return to_return ;
-}
-
-
-static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
-{
-
- zen_nb_t input ;
- int to_return = 0 ;
-
- /* Convert parameters ... */
- input.len = count ;
- input.data = (unsigned char *) data ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_sha1_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
- to_return = !to_return ;
-
- return to_return ;
-}
-
-
-static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md )
-{
-
- zen_nb_t output ;
- int to_return = 0 ;
-
- /* Convert parameters ... */
- output.len = SHA_DIGEST_LENGTH ;
- output.data = md ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_sha1_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
- to_return = !to_return ;
-
- return to_return ;
-}
-
-
-
-/* MD5 stuff Functions
- */
-static int engine_md5_init ( EVP_MD_CTX *ctx )
-{
-
- int to_return = 0 ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_md5_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
- to_return = !to_return ;
-
- return to_return ;
-}
-
-
-static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
-{
-
- zen_nb_t input ;
- int to_return = 0 ;
-
- /* Convert parameters ... */
- input.len = count ;
- input.data = (unsigned char *) data ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_md5_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
- to_return = !to_return ;
-
- return to_return ;
-}
-
-
-static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md )
-{
-
- zen_nb_t output ;
- int to_return = 0 ;
-
- /* Convert parameters ... */
- output.len = MD5_DIGEST_LENGTH ;
- output.data = md ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_md5_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
- to_return = !to_return ;
-
- return to_return ;
-}
-
-
-static int engine_md_cleanup ( EVP_MD_CTX *ctx )
-{
-
- ZEN_MD_DATA *zen_md_data = (ZEN_MD_DATA *) ctx->md_data ;
-
- if ( zen_md_data->HashBuffer != NULL ) {
- OPENSSL_free ( zen_md_data->HashBuffer ) ;
- zen_md_data->HashBufferSize = 0 ;
- ctx->md_data = NULL ;
- }
-
- return 1 ;
-}
-
-
-static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from )
-{
- const ZEN_MD_DATA *from_md = (ZEN_MD_DATA *) from->md_data ;
- ZEN_MD_DATA *to_md = (ZEN_MD_DATA *) to->md_data ;
-
- to_md->HashBuffer = OPENSSL_malloc ( from_md->HashBufferSize ) ;
- memcpy ( to_md->HashBuffer, from_md->HashBuffer, from_md->HashBufferSize ) ;
-
- return 1;
-}
-
-
-/* General function cloned on hw_openbsd_dev_crypto one ... */
-static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid )
-{
-
- if ( !cipher ) {
- /* We are returning a list of supported nids */
- *nids = engine_cipher_nids ;
- return engine_cipher_nids_num ;
- }
- /* We are being asked for a specific cipher */
- if ( nid == NID_rc4 ) {
- *cipher = &engine_rc4 ;
- }
- else if ( nid == NID_rc4_40 ) {
- *cipher = &engine_rc4_40 ;
- }
- else if ( nid == NID_des_cbc ) {
- *cipher = &engine_des_cbc ;
- }
- else if ( nid == NID_des_ede3_cbc ) {
- *cipher = &engine_des_ede3_cbc ;
- }
- else {
- *cipher = NULL ;
- return 0 ;
- }
-
- return 1 ;
-}
-
-
-static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
-{
- int to_return = 0 ;
- int i = 0 ;
- int nb = 0 ;
- NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
-
- tmp_rc4_key = (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ;
- tmp_rc4_key->first = 0 ;
- tmp_rc4_key->len = ctx->key_len ;
- tmp_rc4_key->rc4_state [ 0 ] = 0x00 ;
- tmp_rc4_key->rc4_state [ 2 ] = 0x00 ;
- nb = 256 / ctx->key_len ;
- for ( i = 0; i < nb ; i++ ) {
- memcpy ( &( tmp_rc4_key->rc4_state [ 4 + i*ctx->key_len ] ), key, ctx->key_len ) ;
- }
-
- to_return = 1 ;
-
- return to_return ;
-}
-
-
-static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int in_len )
-{
-
- zen_nb_t output, input ;
- zen_nb_t rc4key ;
- int to_return = 0 ;
- NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
-
- /* Convert parameters ... */
- input.len = in_len ;
- input.data = (unsigned char *) in ;
- output.len = in_len ;
- output.data = (unsigned char *) out ;
-
- tmp_rc4_key = ( (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ) ;
- rc4key.len = 260 ;
- rc4key.data = &( tmp_rc4_key->rc4_state [ 0 ] ) ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_rc4_cipher ( &output, &input, (const zen_nb_t *) &rc4key, &( tmp_rc4_key->rc4_state [0] ), &( tmp_rc4_key->rc4_state [3] ), !tmp_rc4_key->first ) ;
- to_return = !to_return ;
-
- /* Update encryption state ... */
- tmp_rc4_key->first = 1 ;
- tmp_rc4_key = NULL ;
-
- return to_return ;
-}
-
-
-static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
-{
-
- ZEN_DES_KEY *tmp_des_key = NULL ;
- int to_return = 0 ;
-
- tmp_des_key = (ZEN_DES_KEY *) ( ctx->cipher_data ) ;
- memcpy ( &( tmp_des_key->des_key [ 0 ] ), key, 8 ) ;
- memcpy ( &( tmp_des_key->des_key [ 8 ] ), key, 8 ) ;
- memcpy ( &( tmp_des_key->des_key [ 16 ] ), key, 8 ) ;
- memcpy ( &( tmp_des_key->des_iv [ 0 ] ), iv, 8 ) ;
-
- to_return = 1 ;
-
- return to_return ;
-}
-
-
-static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl )
-{
-
- zen_nb_t output, input ;
- zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
- int to_return = 0 ;
-
- /* Convert parameters ... */
- input.len = inl ;
- input.data = (unsigned char *) in ;
- output.len = inl ;
- output.data = out ;
-
- /* Set key parameters ... */
- deskey_1.len = 8 ;
- deskey_2.len = 8 ;
- deskey_3.len = 8 ;
- deskey_1.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key ;
- deskey_2.data = (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 8 ] ;
- deskey_3.data = (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 16 ] ;
-
- /* Key correct iv ... */
- memcpy ( ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv, ctx->iv, 8 ) ;
- iv.len = 8 ;
- iv.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv ;
-
- if ( ctx->encrypt == 0 ) {
- memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
- }
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_xdes_cipher ( &output, &input,
- (zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
- to_return = !to_return ;
-
- /* But we need to set up the rigth iv ...
- * Test ENCRYPT or DECRYPT mode to set iv ... */
- if ( ctx->encrypt == 1 ) {
- memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
- }
-
- return to_return ;
-}
-
-
-static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
-{
-
- ZEN_3DES_KEY *tmp_3des_key = NULL ;
- int to_return = 0 ;
-
- tmp_3des_key = (ZEN_3DES_KEY *) ( ctx->cipher_data ) ;
- memcpy ( &( tmp_3des_key->des3_key [ 0 ] ), key, 24 ) ;
- memcpy ( &( tmp_3des_key->des3_iv [ 0 ] ), iv, 8 ) ;
-
- to_return = 1;
-
- return to_return ;
-}
-
-
-static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
- unsigned int in_len )
-{
-
- zen_nb_t output, input ;
- zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
- int to_return = 0 ;
-
- /* Convert parameters ... */
- input.len = in_len ;
- input.data = (unsigned char *) in ;
- output.len = in_len ;
- output.data = out ;
-
- /* Set key ... */
- deskey_1.len = 8 ;
- deskey_2.len = 8 ;
- deskey_3.len = 8 ;
- deskey_1.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key ;
- deskey_2.data = (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 8 ] ;
- deskey_3.data = (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 16 ] ;
-
- /* Key correct iv ... */
- memcpy ( ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv, ctx->iv, 8 ) ;
- iv.len = 8 ;
- iv.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv ;
-
- if ( ctx->encrypt == 0 ) {
- memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
- }
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_xdes_cipher ( &output, &input,
- (zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
- to_return = !to_return ;
-
- if ( ctx->encrypt == 1 ) {
- memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
- }
-
- return to_return ;
-}
-
-
-static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx )
-{
-
- /* Set the key pointer ... */
- if ( ctx->cipher->nid == NID_rc4 || ctx->cipher->nid == NID_rc4_40 ) {
- }
- else if ( ctx->cipher->nid == NID_des_cbc ) {
- }
- else if ( ctx->cipher->nid == NID_des_ede3_cbc ) {
- }
-
- return 1 ;
-}
-
-
-#endif /* !OPENSSL_NO_HW_ZENCOD */
-#endif /* !OPENSSL_NO_HW */
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.c (from rev 6976, vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1809 @@
+/* crypto/engine/hw_zencod.c */
+ /*
+ * Written by Fred Donnat (frederic.donnat at zencod.com) for "zencod" * engine
+ * integration in order to redirect crypto computing on a crypto * hardware
+ * accelerator zenssl32 ;-) * * Date : 25 jun 2002 * Revision : 17 Ju7 2002
+ * * Version : zencod_engine-0.9.7
+ */
+
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/* ENGINE general include */
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_ZENCOD
+
+# ifdef FLAT_INC
+# include "hw_zencod.h"
+# else
+# include "vendor_defns/hw_zencod.h"
+# endif
+
+# define ZENCOD_LIB_NAME "zencod engine"
+# include "hw_zencod_err.c"
+
+# define FAIL_TO_SOFTWARE -15
+
+# define ZEN_LIBRARY "zenbridge"
+
+# if 0
+# define PERROR(s) perror(s)
+# define CHEESE() fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr)
+# else
+# define PERROR(s)
+# define CHEESE()
+# endif
+
+/* Sorry ;) */
+# ifndef WIN32
+static inline void esrever(unsigned char *d, int l)
+{
+ for (; --l > 0; --l, d++) {
+ *d ^= *(d + l);
+ *(d + l) ^= *d;
+ *d ^= *(d + l);
+ }
+}
+
+static inline void ypcmem(unsigned char *d, const unsigned char *s, int l)
+{
+ for (d += l; l--;)
+ *--d = *s++;
+}
+# else
+static __inline void esrever(unsigned char *d, int l)
+{
+ for (; --l > 0; --l, d++) {
+ *d ^= *(d + l);
+ *(d + l) ^= *d;
+ *d ^= *(d + l);
+ }
+}
+
+static __inline void ypcmem(unsigned char *d, const unsigned char *s, int l)
+{
+ for (d += l; l--;)
+ *--d = *s++;
+}
+# endif
+
+# define BIGNUM2ZEN(n, bn) (ptr_zencod_init_number((n), \
+ (unsigned long) ((bn)->top * BN_BITS2), \
+ (unsigned char *) ((bn)->d)))
+
+# define ZEN_BITS(n, bytes) (ptr_zencod_bytes2bits((unsigned char *) (n), (unsigned long) (bytes)))
+# define ZEN_BYTES(bits) (ptr_zencod_bits2bytes((unsigned long) (bits)))
+
+/* Function for ENGINE detection and control */
+static int zencod_destroy(ENGINE *e);
+static int zencod_init(ENGINE *e);
+static int zencod_finish(ENGINE *e);
+static int zencod_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ());
+
+/* BIGNUM stuff */
+static int zencod_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+/* RSA stuff */
+# ifndef OPENSSL_NO_RSA
+static int RSA_zencod_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+static int RSA_zencod_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+
+/* DSA stuff */
+# ifndef OPENSSL_NO_DSA
+static int DSA_zencod_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+static DSA_SIG *DSA_zencod_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa);
+static int DSA_zencod_do_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+# endif
+
+/* DH stuff */
+# ifndef OPENSSL_NO_DH
+static int DH_zencod_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+static int DH_zencod_generate_key(DH *dh);
+static int DH_zencod_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ DH *dh);
+# endif
+
+/* Rand stuff */
+static void RAND_zencod_seed(const void *buf, int num);
+static int RAND_zencod_rand_bytes(unsigned char *buf, int num);
+static int RAND_zencod_rand_status(void);
+
+/* Digest Stuff */
+static int engine_digests(ENGINE *e, const EVP_MD **digest, const int **nids,
+ int nid);
+
+/* Cipher Stuff */
+static int engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ const int **nids, int nid);
+
+# define ZENCOD_CMD_SO_PATH ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN zencod_cmd_defns[] = {
+ {ZENCOD_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'zenbridge' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
+/*
+ * Our internal RSA_METHOD specific to zencod ENGINE providing pointers to
+ * our function
+ */
+static RSA_METHOD zencod_rsa = {
+ "ZENCOD RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ RSA_zencod_rsa_mod_exp,
+ RSA_zencod_bn_mod_exp,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/*
+ * Our internal DSA_METHOD specific to zencod ENGINE providing pointers to
+ * our function
+ */
+static DSA_METHOD zencod_dsa = {
+ "ZENCOD DSA method",
+ DSA_zencod_do_sign,
+ NULL,
+ DSA_zencod_do_verify,
+ NULL,
+ DSA_zencod_bn_mod_exp,
+ NULL,
+ NULL,
+ 0,
+ NULL
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
+/*
+ * Our internal DH_METHOD specific to zencod ENGINE providing pointers to our
+ * function
+ */
+static DH_METHOD zencod_dh = {
+ "ZENCOD DH method",
+ DH_zencod_generate_key,
+ DH_zencod_compute_key,
+ DH_zencod_bn_mod_exp,
+ NULL,
+ NULL,
+ 0,
+ NULL
+};
+# endif
+
+/*
+ * Our internal RAND_meth specific to zencod ZNGINE providing pointers to our
+ * function
+ */
+static RAND_METHOD zencod_rand = {
+ RAND_zencod_seed,
+ RAND_zencod_rand_bytes,
+ NULL,
+ NULL,
+ RAND_zencod_rand_bytes,
+ RAND_zencod_rand_status
+};
+
+/* Constants used when creating the ENGINE */
+static const char *engine_zencod_id = "zencod";
+static const char *engine_zencod_name = "ZENCOD hardware engine support";
+
+/*
+ * This internal function is used by ENGINE_zencod () and possibly by the
+ * "dynamic" ENGINE support too ;-)
+ */
+static int bind_helper(ENGINE *e)
+{
+
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth_rsa;
+# endif
+# ifndef OPENSSL_NO_DSA
+ const DSA_METHOD *meth_dsa;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth_dh;
+# endif
+
+ const RAND_METHOD *meth_rand;
+
+ if (!ENGINE_set_id(e, engine_zencod_id) ||
+ !ENGINE_set_name(e, engine_zencod_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &zencod_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &zencod_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &zencod_dh) ||
+# endif
+ !ENGINE_set_RAND(e, &zencod_rand) ||
+ !ENGINE_set_destroy_function(e, zencod_destroy) ||
+ !ENGINE_set_init_function(e, zencod_init) ||
+ !ENGINE_set_finish_function(e, zencod_finish) ||
+ !ENGINE_set_ctrl_function(e, zencod_ctrl) ||
+ !ENGINE_set_cmd_defns(e, zencod_cmd_defns) ||
+ !ENGINE_set_digests(e, engine_digests) ||
+ !ENGINE_set_ciphers(e, engine_ciphers)) {
+ return 0;
+ }
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * Zencod-specific mod_exp and mod_exp_crt so we use those functions. NB:
+ * We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth_rsa = RSA_PKCS1_SSLeay();
+
+ zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc;
+ zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec;
+ zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc;
+ zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec;
+ /* meth_rsa->rsa_mod_exp */
+ /* meth_rsa->bn_mod_exp */
+ zencod_rsa.init = meth_rsa->init;
+ zencod_rsa.finish = meth_rsa->finish;
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ /*
+ * We use OpenSSL meth to supply what we don't provide ;-*)
+ */
+ meth_dsa = DSA_OpenSSL();
+
+ /* meth_dsa->dsa_do_sign */
+ zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup;
+ /* meth_dsa->dsa_do_verify */
+ zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp;
+ /* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
+ zencod_dsa.init = meth_dsa->init;
+ zencod_dsa.finish = meth_dsa->finish;
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /*
+ * We use OpenSSL meth to supply what we don't provide ;-*)
+ */
+ meth_dh = DH_OpenSSL();
+
+ /* zencod_dh.generate_key = meth_dh->generate_key ; */
+ /* zencod_dh.compute_key = meth_dh->compute_key ; */
+ /* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
+ zencod_dh.init = meth_dh->init;
+ zencod_dh.finish = meth_dh->finish;
+
+# endif
+
+ /*
+ * We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
+ */
+ meth_rand = RAND_SSLeay();
+
+ /* meth_rand->seed ; */
+ /* zencod_rand.seed = meth_rand->seed ; */
+ /* meth_rand->bytes ; */
+ /* zencod_rand.bytes = meth_rand->bytes ; */
+ zencod_rand.cleanup = meth_rand->cleanup;
+ zencod_rand.add = meth_rand->add;
+ /* meth_rand->pseudorand ; */
+ /* zencod_rand.pseudorand = meth_rand->pseudorand ; */
+ /* zencod_rand.status = meth_rand->status ; */
+ /* meth_rand->status ; */
+
+ /* Ensure the zencod error handling is set up */
+ ERR_load_ZENCOD_strings();
+ return 1;
+}
+
+/*
+ * As this is only ever called once, there's no need for locking (indeed -
+ * the lock will already be held by our caller!!!)
+ */
+static ENGINE *ENGINE_zencod(void)
+{
+
+ ENGINE *eng = ENGINE_new();
+
+ if (!eng) {
+ return NULL;
+ }
+ if (!bind_helper(eng)) {
+ ENGINE_free(eng);
+ return NULL;
+ }
+
+ return eng;
+}
+
+# ifdef ENGINE_DYNAMIC_SUPPORT
+static
+# endif
+void ENGINE_load_zencod(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = ENGINE_zencod();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * ZENBRIDGE library. NB: This is only set (or unset) during an * init () or
+ * finish () call (reference counts permitting) and they're * operating with
+ * global locks, so this should be thread-safe * implicitly.
+ */
+static DSO *zencod_dso = NULL;
+
+static t_zencod_test *ptr_zencod_test = NULL;
+static t_zencod_bytes2bits *ptr_zencod_bytes2bits = NULL;
+static t_zencod_bits2bytes *ptr_zencod_bits2bytes = NULL;
+static t_zencod_new_number *ptr_zencod_new_number = NULL;
+static t_zencod_init_number *ptr_zencod_init_number = NULL;
+
+static t_zencod_rsa_mod_exp *ptr_zencod_rsa_mod_exp = NULL;
+static t_zencod_rsa_mod_exp_crt *ptr_zencod_rsa_mod_exp_crt = NULL;
+static t_zencod_dsa_do_sign *ptr_zencod_dsa_do_sign = NULL;
+static t_zencod_dsa_do_verify *ptr_zencod_dsa_do_verify = NULL;
+static t_zencod_dh_generate_key *ptr_zencod_dh_generate_key = NULL;
+static t_zencod_dh_compute_key *ptr_zencod_dh_compute_key = NULL;
+static t_zencod_rand_bytes *ptr_zencod_rand_bytes = NULL;
+static t_zencod_math_mod_exp *ptr_zencod_math_mod_exp = NULL;
+
+static t_zencod_md5_init *ptr_zencod_md5_init = NULL;
+static t_zencod_md5_update *ptr_zencod_md5_update = NULL;
+static t_zencod_md5_do_final *ptr_zencod_md5_do_final = NULL;
+static t_zencod_sha1_init *ptr_zencod_sha1_init = NULL;
+static t_zencod_sha1_update *ptr_zencod_sha1_update = NULL;
+static t_zencod_sha1_do_final *ptr_zencod_sha1_do_final = NULL;
+
+static t_zencod_xdes_cipher *ptr_zencod_xdes_cipher = NULL;
+static t_zencod_rc4_cipher *ptr_zencod_rc4_cipher = NULL;
+
+/*
+ * These are the static string constants for the DSO file name and the
+ * function symbol names to bind to.
+ */
+static const char *ZENCOD_LIBNAME = ZEN_LIBRARY;
+
+static const char *ZENCOD_Fct_0 = "test_device";
+static const char *ZENCOD_Fct_1 = "zenbridge_bytes2bits";
+static const char *ZENCOD_Fct_2 = "zenbridge_bits2bytes";
+static const char *ZENCOD_Fct_3 = "zenbridge_new_number";
+static const char *ZENCOD_Fct_4 = "zenbridge_init_number";
+
+static const char *ZENCOD_Fct_exp_1 = "zenbridge_rsa_mod_exp";
+static const char *ZENCOD_Fct_exp_2 = "zenbridge_rsa_mod_exp_crt";
+static const char *ZENCOD_Fct_dsa_1 = "zenbridge_dsa_do_sign";
+static const char *ZENCOD_Fct_dsa_2 = "zenbridge_dsa_do_verify";
+static const char *ZENCOD_Fct_dh_1 = "zenbridge_dh_generate_key";
+static const char *ZENCOD_Fct_dh_2 = "zenbridge_dh_compute_key";
+static const char *ZENCOD_Fct_rand_1 = "zenbridge_rand_bytes";
+static const char *ZENCOD_Fct_math_1 = "zenbridge_math_mod_exp";
+
+static const char *ZENCOD_Fct_md5_1 = "zenbridge_md5_init";
+static const char *ZENCOD_Fct_md5_2 = "zenbridge_md5_update";
+static const char *ZENCOD_Fct_md5_3 = "zenbridge_md5_do_final";
+static const char *ZENCOD_Fct_sha1_1 = "zenbridge_sha1_init";
+static const char *ZENCOD_Fct_sha1_2 = "zenbridge_sha1_update";
+static const char *ZENCOD_Fct_sha1_3 = "zenbridge_sha1_do_final";
+
+static const char *ZENCOD_Fct_xdes_1 = "zenbridge_xdes_cipher";
+static const char *ZENCOD_Fct_rc4_1 = "zenbridge_rc4_cipher";
+
+/*
+ * Destructor (complements the "ENGINE_zencod ()" constructor)
+ */
+static int zencod_destroy(ENGINE *e)
+{
+
+ ERR_unload_ZENCOD_strings();
+
+ return 1;
+}
+
+/*
+ * (de)initialisation functions. Control Function
+ */
+static int zencod_init(ENGINE *e)
+{
+
+ t_zencod_test *ptr_0;
+ t_zencod_bytes2bits *ptr_1;
+ t_zencod_bits2bytes *ptr_2;
+ t_zencod_new_number *ptr_3;
+ t_zencod_init_number *ptr_4;
+ t_zencod_rsa_mod_exp *ptr_exp_1;
+ t_zencod_rsa_mod_exp_crt *ptr_exp_2;
+ t_zencod_dsa_do_sign *ptr_dsa_1;
+ t_zencod_dsa_do_verify *ptr_dsa_2;
+ t_zencod_dh_generate_key *ptr_dh_1;
+ t_zencod_dh_compute_key *ptr_dh_2;
+ t_zencod_rand_bytes *ptr_rand_1;
+ t_zencod_math_mod_exp *ptr_math_1;
+ t_zencod_md5_init *ptr_md5_1;
+ t_zencod_md5_update *ptr_md5_2;
+ t_zencod_md5_do_final *ptr_md5_3;
+ t_zencod_sha1_init *ptr_sha1_1;
+ t_zencod_sha1_update *ptr_sha1_2;
+ t_zencod_sha1_do_final *ptr_sha1_3;
+ t_zencod_xdes_cipher *ptr_xdes_1;
+ t_zencod_rc4_cipher *ptr_rc4_1;
+
+ CHEESE();
+
+ /*
+ * We Should add some tests for non NULL parameters or bad value !!
+ * Stuff to be done ...
+ */
+
+ if (zencod_dso != NULL) {
+ ZENCODerr(ZENCOD_F_ZENCOD_INIT, ZENCOD_R_ALREADY_LOADED);
+ goto err;
+ }
+ /*
+ * Trying to load the Library "cryptozen"
+ */
+ zencod_dso = DSO_load(NULL, ZENCOD_LIBNAME, NULL, 0);
+ if (zencod_dso == NULL) {
+ ZENCODerr(ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE);
+ goto err;
+ }
+
+ /*
+ * Trying to load Function from the Library
+ */
+ if (!
+ (ptr_1 =
+ (t_zencod_bytes2bits *) DSO_bind_func(zencod_dso, ZENCOD_Fct_1))
+|| !(ptr_2 = (t_zencod_bits2bytes *) DSO_bind_func(zencod_dso, ZENCOD_Fct_2))
+|| !(ptr_3 = (t_zencod_new_number *) DSO_bind_func(zencod_dso, ZENCOD_Fct_3))
+|| !(ptr_4 = (t_zencod_init_number *) DSO_bind_func(zencod_dso, ZENCOD_Fct_4))
+|| !(ptr_exp_1 =
+ (t_zencod_rsa_mod_exp *) DSO_bind_func(zencod_dso, ZENCOD_Fct_exp_1))
+|| !(ptr_exp_2 =
+ (t_zencod_rsa_mod_exp_crt *) DSO_bind_func(zencod_dso, ZENCOD_Fct_exp_2))
+|| !(ptr_dsa_1 =
+ (t_zencod_dsa_do_sign *) DSO_bind_func(zencod_dso, ZENCOD_Fct_dsa_1))
+|| !(ptr_dsa_2 =
+ (t_zencod_dsa_do_verify *) DSO_bind_func(zencod_dso, ZENCOD_Fct_dsa_2))
+|| !(ptr_dh_1 =
+ (t_zencod_dh_generate_key *) DSO_bind_func(zencod_dso, ZENCOD_Fct_dh_1))
+|| !(ptr_dh_2 =
+ (t_zencod_dh_compute_key *) DSO_bind_func(zencod_dso, ZENCOD_Fct_dh_2))
+|| !(ptr_rand_1 =
+ (t_zencod_rand_bytes *) DSO_bind_func(zencod_dso, ZENCOD_Fct_rand_1))
+|| !(ptr_math_1 =
+ (t_zencod_math_mod_exp *) DSO_bind_func(zencod_dso, ZENCOD_Fct_math_1))
+|| !(ptr_0 = (t_zencod_test *) DSO_bind_func(zencod_dso, ZENCOD_Fct_0))
+|| !(ptr_md5_1 =
+ (t_zencod_md5_init *) DSO_bind_func(zencod_dso, ZENCOD_Fct_md5_1))
+|| !(ptr_md5_2 =
+ (t_zencod_md5_update *) DSO_bind_func(zencod_dso, ZENCOD_Fct_md5_2))
+|| !(ptr_md5_3 =
+ (t_zencod_md5_do_final *) DSO_bind_func(zencod_dso, ZENCOD_Fct_md5_3))
+|| !(ptr_sha1_1 =
+ (t_zencod_sha1_init *) DSO_bind_func(zencod_dso, ZENCOD_Fct_sha1_1))
+|| !(ptr_sha1_2 =
+ (t_zencod_sha1_update *) DSO_bind_func(zencod_dso, ZENCOD_Fct_sha1_2))
+|| !(ptr_sha1_3 =
+ (t_zencod_sha1_do_final *) DSO_bind_func(zencod_dso, ZENCOD_Fct_sha1_3))
+|| !(ptr_xdes_1 =
+ (t_zencod_xdes_cipher *) DSO_bind_func(zencod_dso, ZENCOD_Fct_xdes_1))
+|| !(ptr_rc4_1 =
+ (t_zencod_rc4_cipher *) DSO_bind_func(zencod_dso, ZENCOD_Fct_rc4_1))) {
+
+ ZENCODerr(ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE);
+ goto err;
+ }
+
+ /*
+ * The function from "cryptozen" Library have been correctly loaded so
+ * copy them
+ */
+ ptr_zencod_test = ptr_0;
+ ptr_zencod_bytes2bits = ptr_1;
+ ptr_zencod_bits2bytes = ptr_2;
+ ptr_zencod_new_number = ptr_3;
+ ptr_zencod_init_number = ptr_4;
+ ptr_zencod_rsa_mod_exp = ptr_exp_1;
+ ptr_zencod_rsa_mod_exp_crt = ptr_exp_2;
+ ptr_zencod_dsa_do_sign = ptr_dsa_1;
+ ptr_zencod_dsa_do_verify = ptr_dsa_2;
+ ptr_zencod_dh_generate_key = ptr_dh_1;
+ ptr_zencod_dh_compute_key = ptr_dh_2;
+ ptr_zencod_rand_bytes = ptr_rand_1;
+ ptr_zencod_math_mod_exp = ptr_math_1;
+ ptr_zencod_test = ptr_0;
+ ptr_zencod_md5_init = ptr_md5_1;
+ ptr_zencod_md5_update = ptr_md5_2;
+ ptr_zencod_md5_do_final = ptr_md5_3;
+ ptr_zencod_sha1_init = ptr_sha1_1;
+ ptr_zencod_sha1_update = ptr_sha1_2;
+ ptr_zencod_sha1_do_final = ptr_sha1_3;
+ ptr_zencod_xdes_cipher = ptr_xdes_1;
+ ptr_zencod_rc4_cipher = ptr_rc4_1;
+
+ /*
+ * We should peform a test to see if there is actually any unit runnig on
+ * the system ... Even if the cryptozen library is loaded the module coul
+ * not be loaded on the system ... For now we may just open and close the
+ * device !!
+ */
+
+ if (ptr_zencod_test() != 0) {
+ ZENCODerr(ZENCOD_F_ZENCOD_INIT, ZENCOD_R_UNIT_FAILURE);
+ goto err;
+ }
+
+ return 1;
+ err:
+ if (zencod_dso) {
+ DSO_free(zencod_dso);
+ }
+ zencod_dso = NULL;
+ ptr_zencod_bytes2bits = NULL;
+ ptr_zencod_bits2bytes = NULL;
+ ptr_zencod_new_number = NULL;
+ ptr_zencod_init_number = NULL;
+ ptr_zencod_rsa_mod_exp = NULL;
+ ptr_zencod_rsa_mod_exp_crt = NULL;
+ ptr_zencod_dsa_do_sign = NULL;
+ ptr_zencod_dsa_do_verify = NULL;
+ ptr_zencod_dh_generate_key = NULL;
+ ptr_zencod_dh_compute_key = NULL;
+ ptr_zencod_rand_bytes = NULL;
+ ptr_zencod_math_mod_exp = NULL;
+ ptr_zencod_test = NULL;
+ ptr_zencod_md5_init = NULL;
+ ptr_zencod_md5_update = NULL;
+ ptr_zencod_md5_do_final = NULL;
+ ptr_zencod_sha1_init = NULL;
+ ptr_zencod_sha1_update = NULL;
+ ptr_zencod_sha1_do_final = NULL;
+ ptr_zencod_xdes_cipher = NULL;
+ ptr_zencod_rc4_cipher = NULL;
+
+ return 0;
+}
+
+static int zencod_finish(ENGINE *e)
+{
+
+ CHEESE();
+
+ /*
+ * We Should add some tests for non NULL parameters or bad value !!
+ * Stuff to be done ...
+ */
+ if (zencod_dso == NULL) {
+ ZENCODerr(ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_NOT_LOADED);
+ return 0;
+ }
+ if (!DSO_free(zencod_dso)) {
+ ZENCODerr(ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_DSO_FAILURE);
+ return 0;
+ }
+
+ zencod_dso = NULL;
+
+ ptr_zencod_bytes2bits = NULL;
+ ptr_zencod_bits2bytes = NULL;
+ ptr_zencod_new_number = NULL;
+ ptr_zencod_init_number = NULL;
+ ptr_zencod_rsa_mod_exp = NULL;
+ ptr_zencod_rsa_mod_exp_crt = NULL;
+ ptr_zencod_dsa_do_sign = NULL;
+ ptr_zencod_dsa_do_verify = NULL;
+ ptr_zencod_dh_generate_key = NULL;
+ ptr_zencod_dh_compute_key = NULL;
+ ptr_zencod_rand_bytes = NULL;
+ ptr_zencod_math_mod_exp = NULL;
+ ptr_zencod_test = NULL;
+ ptr_zencod_md5_init = NULL;
+ ptr_zencod_md5_update = NULL;
+ ptr_zencod_md5_do_final = NULL;
+ ptr_zencod_sha1_init = NULL;
+ ptr_zencod_sha1_update = NULL;
+ ptr_zencod_sha1_do_final = NULL;
+ ptr_zencod_xdes_cipher = NULL;
+ ptr_zencod_rc4_cipher = NULL;
+
+ return 1;
+}
+
+static int zencod_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ())
+{
+
+ int initialised = ((zencod_dso == NULL) ? 0 : 1);
+
+ CHEESE();
+
+ /*
+ * We Should add some tests for non NULL parameters or bad value !!
+ * Stuff to be done ...
+ */
+ switch (cmd) {
+ case ZENCOD_CMD_SO_PATH:
+ if (p == NULL) {
+ ZENCODerr(ZENCOD_F_ZENCOD_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ ZENCODerr(ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_ALREADY_LOADED);
+ return 0;
+ }
+ ZENCOD_LIBNAME = (const char *)p;
+ return 1;
+ default:
+ break;
+ }
+
+ ZENCODerr(ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+
+ return 0;
+}
+
+/*
+ * BIGNUM stuff Functions
+ */
+static int zencod_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ zen_nb_t y, x, e, n;
+ int ret;
+
+ CHEESE();
+
+ if (!zencod_dso) {
+ ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_NOT_LOADED);
+ return 0;
+ }
+
+ if (!bn_wexpand(r, m->top + 1)) {
+ ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
+ return 0;
+ }
+
+ memset(r->d, 0, BN_num_bytes(m));
+
+ ptr_zencod_init_number(&y, (r->dmax - 1) * sizeof(BN_ULONG) * 8,
+ (unsigned char *)r->d);
+ BIGNUM2ZEN(&x, a);
+ BIGNUM2ZEN(&e, p);
+ BIGNUM2ZEN(&n, m);
+
+ /* Must invert x and e parameter due to BN mod exp prototype ... */
+ ret = ptr_zencod_math_mod_exp(&y, &e, &x, &n);
+
+ if (ret) {
+ PERROR("zenbridge_math_mod_exp");
+ ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
+ return 0;
+ }
+
+ r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
+
+ return 1;
+}
+
+/*
+ * RSA stuff Functions
+ */
+# ifndef OPENSSL_NO_RSA
+static int RSA_zencod_rsa_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa)
+{
+
+ CHEESE();
+
+ if (!zencod_dso) {
+ ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_NOT_LOADED);
+ return 0;
+ }
+
+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,
+ ZENCOD_R_BAD_KEY_COMPONENTS);
+ return 0;
+ }
+
+ /* Do in software if argument is too large for hardware */
+ if (RSA_size(rsa) * 8 > ZENBRIDGE_MAX_KEYSIZE_RSA_CRT) {
+ const RSA_METHOD *meth;
+
+ meth = RSA_PKCS1_SSLeay();
+ return meth->rsa_mod_exp(r0, i, rsa);
+ } else {
+ zen_nb_t y, x, p, q, dmp1, dmq1, iqmp;
+
+ if (!bn_expand(r0, RSA_size(rsa) * 8)) {
+ ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,
+ ZENCOD_R_BN_EXPAND_FAIL);
+ return 0;
+ }
+ r0->top = (RSA_size(rsa) * 8 + BN_BITS2 - 1) / BN_BITS2;
+
+ BIGNUM2ZEN(&x, i);
+ BIGNUM2ZEN(&y, r0);
+ BIGNUM2ZEN(&p, rsa->p);
+ BIGNUM2ZEN(&q, rsa->q);
+ BIGNUM2ZEN(&dmp1, rsa->dmp1);
+ BIGNUM2ZEN(&dmq1, rsa->dmq1);
+ BIGNUM2ZEN(&iqmp, rsa->iqmp);
+
+ if (ptr_zencod_rsa_mod_exp_crt(&y, &x, &p, &q, &dmp1, &dmq1, &iqmp) <
+ 0) {
+ PERROR("zenbridge_rsa_mod_exp_crt");
+ ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,
+ ZENCOD_R_REQUEST_FAILED);
+ return 0;
+ }
+
+ return 1;
+ }
+}
+
+/*
+ * This function is aliased to RSA_mod_exp (with the mont stuff dropped).
+ */
+static int RSA_zencod_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+
+ CHEESE();
+
+ if (!zencod_dso) {
+ ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_NOT_LOADED);
+ return 0;
+ }
+
+ /* Do in software if argument is too large for hardware */
+ if (BN_num_bits(m) > ZENBRIDGE_MAX_KEYSIZE_RSA) {
+ const RSA_METHOD *meth;
+
+ meth = RSA_PKCS1_SSLeay();
+ return meth->bn_mod_exp(r, a, p, m, ctx, m_ctx);
+ } else {
+ zen_nb_t y, x, e, n;
+
+ if (!bn_expand(r, BN_num_bits(m))) {
+ ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
+ return 0;
+ }
+ r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
+
+ BIGNUM2ZEN(&x, a);
+ BIGNUM2ZEN(&y, r);
+ BIGNUM2ZEN(&e, p);
+ BIGNUM2ZEN(&n, m);
+
+ if (ptr_zencod_rsa_mod_exp(&y, &x, &n, &e) < 0) {
+ PERROR("zenbridge_rsa_mod_exp");
+ ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
+ return 0;
+ }
+
+ return 1;
+ }
+}
+# endif /* !OPENSSL_NO_RSA */
+
+# ifndef OPENSSL_NO_DSA
+/*
+ * DSA stuff Functions
+ */
+static DSA_SIG *DSA_zencod_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa)
+{
+ zen_nb_t p, q, g, x, y, r, s, data;
+ DSA_SIG *sig;
+ BIGNUM *bn_r = NULL;
+ BIGNUM *bn_s = NULL;
+ char msg[20];
+
+ CHEESE();
+
+ if (!zencod_dso) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_NOT_LOADED);
+ goto FAILED;
+ }
+
+ if (dlen > 160) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
+ goto FAILED;
+ }
+
+ /* Do in software if argument is too large for hardware */
+ if (BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
+ BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN) {
+ const DSA_METHOD *meth;
+ ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
+ meth = DSA_OpenSSL();
+ return meth->dsa_do_sign(dgst, dlen, dsa);
+ }
+
+ if (!(bn_s = BN_new()) || !(bn_r = BN_new())) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
+ goto FAILED;
+ }
+
+ if (!bn_expand(bn_r, 160) || !bn_expand(bn_s, 160)) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BN_EXPAND_FAIL);
+ goto FAILED;
+ }
+
+ bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
+ BIGNUM2ZEN(&p, dsa->p);
+ BIGNUM2ZEN(&q, dsa->q);
+ BIGNUM2ZEN(&g, dsa->g);
+ BIGNUM2ZEN(&x, dsa->priv_key);
+ BIGNUM2ZEN(&y, dsa->pub_key);
+ BIGNUM2ZEN(&r, bn_r);
+ BIGNUM2ZEN(&s, bn_s);
+ q.len = x.len = 160;
+
+ ypcmem(msg, dgst, 20);
+ ptr_zencod_init_number(&data, 160, msg);
+
+ if (ptr_zencod_dsa_do_sign(0, &data, &y, &p, &q, &g, &x, &r, &s) < 0) {
+ PERROR("zenbridge_dsa_do_sign");
+ ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
+ goto FAILED;
+ }
+
+ if (!(sig = DSA_SIG_new())) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
+ goto FAILED;
+ }
+ sig->r = bn_r;
+ sig->s = bn_s;
+ return sig;
+
+ FAILED:
+ if (bn_r)
+ BN_free(bn_r);
+ if (bn_s)
+ BN_free(bn_s);
+ return NULL;
+}
+
+static int DSA_zencod_do_verify(const unsigned char *dgst, int dlen,
+ DSA_SIG *sig, DSA *dsa)
+{
+ zen_nb_t data, p, q, g, y, r, s, v;
+ char msg[20];
+ char v_data[20];
+ int ret;
+
+ CHEESE();
+
+ if (!zencod_dso) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED);
+ return 0;
+ }
+
+ if (dlen > 160) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
+ return 0;
+ }
+
+ /* Do in software if argument is too large for hardware */
+ if (BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
+ BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN) {
+ const DSA_METHOD *meth;
+ ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
+ meth = DSA_OpenSSL();
+ return meth->dsa_do_verify(dgst, dlen, sig, dsa);
+ }
+
+ BIGNUM2ZEN(&p, dsa->p);
+ BIGNUM2ZEN(&q, dsa->q);
+ BIGNUM2ZEN(&g, dsa->g);
+ BIGNUM2ZEN(&y, dsa->pub_key);
+ BIGNUM2ZEN(&r, sig->r);
+ BIGNUM2ZEN(&s, sig->s);
+ ptr_zencod_init_number(&v, 160, v_data);
+ ypcmem(msg, dgst, 20);
+ ptr_zencod_init_number(&data, 160, msg);
+
+ if ((ret =
+ ptr_zencod_dsa_do_verify(0, &data, &p, &q, &g, &y, &r, &s,
+ &v)) < 0) {
+ PERROR("zenbridge_dsa_do_verify");
+ ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED);
+ return 0;
+ }
+
+ return ((ret == 0) ? 1 : ret);
+}
+
+static int DSA_zencod_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ CHEESE();
+
+ return zencod_bn_mod_exp(r, a, p, m, ctx);
+}
+# endif /* !OPENSSL_NO_DSA */
+
+# ifndef OPENSSl_NO_DH
+/*
+ * DH stuff Functions
+ */
+static int DH_zencod_generate_key(DH *dh)
+{
+ BIGNUM *bn_prv = NULL;
+ BIGNUM *bn_pub = NULL;
+ zen_nb_t y, x, g, p;
+ int generate_x;
+
+ CHEESE();
+
+ if (!zencod_dso) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_NOT_LOADED);
+ return 0;
+ }
+
+ /* Private key */
+ if (dh->priv_key) {
+ bn_prv = dh->priv_key;
+ generate_x = 0;
+ } else {
+ if (!(bn_prv = BN_new())) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
+ goto FAILED;
+ }
+ generate_x = 1;
+ }
+
+ /* Public key */
+ if (dh->pub_key)
+ bn_pub = dh->pub_key;
+ else if (!(bn_pub = BN_new())) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
+ goto FAILED;
+ }
+
+ /* Expand */
+ if (!bn_wexpand(bn_prv, dh->p->dmax) || !bn_wexpand(bn_pub, dh->p->dmax)) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
+ goto FAILED;
+ }
+ bn_prv->top = dh->p->top;
+ bn_pub->top = dh->p->top;
+
+ /* Convert all keys */
+ BIGNUM2ZEN(&p, dh->p);
+ BIGNUM2ZEN(&g, dh->g);
+ BIGNUM2ZEN(&y, bn_pub);
+ BIGNUM2ZEN(&x, bn_prv);
+ x.len = DH_size(dh) * 8;
+
+ /* Adjust the lengths of P and G */
+ p.len = ptr_zencod_bytes2bits(p.data, ZEN_BYTES(p.len));
+ g.len = ptr_zencod_bytes2bits(g.data, ZEN_BYTES(g.len));
+
+ /* Send the request to the driver */
+ if (ptr_zencod_dh_generate_key(&y, &x, &g, &p, generate_x) < 0) {
+ perror("zenbridge_dh_generate_key");
+ ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_REQUEST_FAILED);
+ goto FAILED;
+ }
+
+ dh->priv_key = bn_prv;
+ dh->pub_key = bn_pub;
+
+ return 1;
+
+ FAILED:
+ if (!dh->priv_key && bn_prv)
+ BN_free(bn_prv);
+ if (!dh->pub_key && bn_pub)
+ BN_free(bn_pub);
+
+ return 0;
+}
+
+static int DH_zencod_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ DH *dh)
+{
+ zen_nb_t y, x, p, k;
+
+ CHEESE();
+
+ if (!zencod_dso) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_NOT_LOADED);
+ return 0;
+ }
+
+ if (!dh->priv_key) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_BAD_KEY_COMPONENTS);
+ return 0;
+ }
+
+ /* Convert all keys */
+ BIGNUM2ZEN(&y, pub_key);
+ BIGNUM2ZEN(&x, dh->priv_key);
+ BIGNUM2ZEN(&p, dh->p);
+ ptr_zencod_init_number(&k, p.len, key);
+
+ /* Adjust the lengths */
+ p.len = ptr_zencod_bytes2bits(p.data, ZEN_BYTES(p.len));
+ y.len = ptr_zencod_bytes2bits(y.data, ZEN_BYTES(y.len));
+ x.len = ptr_zencod_bytes2bits(x.data, ZEN_BYTES(x.len));
+
+ /* Call the hardware */
+ if (ptr_zencod_dh_compute_key(&k, &y, &x, &p) < 0) {
+ ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_REQUEST_FAILED);
+ return 0;
+ }
+
+ /* The key must be written MSB -> LSB */
+ k.len = ptr_zencod_bytes2bits(k.data, ZEN_BYTES(k.len));
+ esrever(key, ZEN_BYTES(k.len));
+
+ return ZEN_BYTES(k.len);
+}
+
+static int DH_zencod_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ CHEESE();
+
+ return zencod_bn_mod_exp(r, a, p, m, ctx);
+}
+# endif /* !OPENSSL_NO_DH */
+
+/*
+ * RAND stuff Functions
+ */
+static void RAND_zencod_seed(const void *buf, int num)
+{
+ /*
+ * Nothing to do cause our crypto accelerator provide a true random
+ * generator
+ */
+}
+
+static int RAND_zencod_rand_bytes(unsigned char *buf, int num)
+{
+ zen_nb_t r;
+
+ CHEESE();
+
+ if (!zencod_dso) {
+ ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_NOT_LOADED);
+ return 0;
+ }
+
+ ptr_zencod_init_number(&r, num * 8, buf);
+
+ if (ptr_zencod_rand_bytes(&r, ZENBRIDGE_RNG_DIRECT) < 0) {
+ PERROR("zenbridge_rand_bytes");
+ ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_REQUEST_FAILED);
+ return 0;
+ }
+
+ return 1;
+}
+
+static int RAND_zencod_rand_status(void)
+{
+ CHEESE();
+
+ return 1;
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+{
+
+ if (id && (strcmp(id, engine_zencod_id) != 0)) {
+ return 0;
+ }
+ if (!bind_helper(e)) {
+ return 0;
+ }
+
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* ENGINE_DYNAMIC_SUPPORT */
+ /*
+ * Adding "Digest" and "Cipher" tools ...
+ * This is in development ... ;-)
+ * In orfer to code this, i refer to hw_openbsd_dev_crypto and openssl engine made by Geoff Thorpe (if i'm rigth),
+ * and evp, sha md5 definitions etc ...
+ */
+/* First add some include ... */
+# include <openssl/evp.h>
+# include <openssl/sha.h>
+# include <openssl/md5.h>
+# include <openssl/rc4.h>
+# include <openssl/des.h>
+/* Some variables declaration ... */
+ /*
+ * DONS: Disable symetric computation except DES and 3DES, but let part
+ * of the code
+ */
+/* static int engine_digest_nids [ ] = { NID_sha1, NID_md5 } ; */
+static int engine_digest_nids[] = { };
+
+static int engine_digest_nids_num = 0;
+/*
+ * static int engine_cipher_nids [ ] = { NID_rc4, NID_rc4_40, NID_des_cbc,
+ * NID_des_ede3_cbc } ;
+ */
+static int engine_cipher_nids[] = { NID_des_cbc, NID_des_ede3_cbc };
+
+static int engine_cipher_nids_num = 2;
+
+/* Function prototype ... */
+/* SHA stuff */
+static int engine_sha1_init(EVP_MD_CTX *ctx);
+static int engine_sha1_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count);
+static int engine_sha1_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+/* MD5 stuff */
+static int engine_md5_init(EVP_MD_CTX *ctx);
+static int engine_md5_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count);
+static int engine_md5_final(EVP_MD_CTX *ctx, unsigned char *md);
+
+static int engine_md_cleanup(EVP_MD_CTX *ctx);
+static int engine_md_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from);
+
+/* RC4 Stuff */
+static int engine_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int engine_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl);
+
+/* DES Stuff */
+static int engine_des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int engine_des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl);
+
+/* 3DES Stuff */
+static int engine_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc);
+static int engine_des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in,
+ unsigned int inl);
+
+static int engine_cipher_cleanup(EVP_CIPHER_CTX *ctx); /* cleanup ctx */
+
+/* The one for SHA ... */
+static const EVP_MD engine_sha1_md = {
+ NID_sha1,
+ NID_sha1WithRSAEncryption,
+ SHA_DIGEST_LENGTH,
+ EVP_MD_FLAG_ONESHOT,
+ /*
+ * 0,
+ *//*
+ * EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block *
+ * XXX: set according to device info ...
+ */
+ engine_sha1_init,
+ engine_sha1_update,
+ engine_sha1_final,
+ engine_md_copy, /* dev_crypto_sha_copy */
+ engine_md_cleanup, /* dev_crypto_sha_cleanup */
+ EVP_PKEY_RSA_method,
+ SHA_CBLOCK,
+ /* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */
+ sizeof(ZEN_MD_DATA)
+ /*
+ * sizeof ( MD_CTX_DATA ) The message digest data structure ...
+ */
+};
+
+/* The one for MD5 ... */
+static const EVP_MD engine_md5_md = {
+ NID_md5,
+ NID_md5WithRSAEncryption,
+ MD5_DIGEST_LENGTH,
+ EVP_MD_FLAG_ONESHOT,
+ /*
+ * 0,
+ *//*
+ * EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block *
+ * XXX: set according to device info ...
+ */
+ engine_md5_init,
+ engine_md5_update,
+ engine_md5_final,
+ engine_md_copy, /* dev_crypto_md5_copy */
+ engine_md_cleanup, /* dev_crypto_md5_cleanup */
+ EVP_PKEY_RSA_method,
+ MD5_CBLOCK,
+ /* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */
+ sizeof(ZEN_MD_DATA)
+ /*
+ * sizeof ( MD_CTX_DATA ) The message digest data structure ...
+ */
+};
+
+/* The one for RC4 ... */
+# define EVP_RC4_KEY_SIZE 16
+
+/* Try something static ... */
+typedef struct {
+ unsigned int len;
+ unsigned int first;
+ unsigned char rc4_state[260];
+} NEW_ZEN_RC4_KEY;
+
+# define rc4_data(ctx) ( (EVP_RC4_KEY *) ( ctx )->cipher_data )
+
+static const EVP_CIPHER engine_rc4 = {
+ NID_rc4,
+ 1,
+ 16, /* EVP_RC4_KEY_SIZE should be 128 bits */
+ 0, /* FIXME: key should be up to 256 bytes */
+ EVP_CIPH_VARIABLE_LENGTH,
+ engine_rc4_init_key,
+ engine_rc4_cipher,
+ engine_cipher_cleanup,
+ sizeof(NEW_ZEN_RC4_KEY),
+ NULL,
+ NULL,
+ NULL
+};
+
+/* The one for RC4_40 ... */
+static const EVP_CIPHER engine_rc4_40 = {
+ NID_rc4_40,
+ 1,
+ 5, /* 40 bits */
+ 0,
+ EVP_CIPH_VARIABLE_LENGTH,
+ engine_rc4_init_key,
+ engine_rc4_cipher,
+ engine_cipher_cleanup,
+ sizeof(NEW_ZEN_RC4_KEY),
+ NULL,
+ NULL,
+ NULL
+};
+
+/* The one for DES ... */
+
+/* Try something static ... */
+typedef struct {
+ unsigned char des_key[24];
+ unsigned char des_iv[8];
+} ZEN_DES_KEY;
+
+static const EVP_CIPHER engine_des_cbc = {
+ NID_des_cbc,
+ 8, 8, 8,
+ 0 | EVP_CIPH_CBC_MODE,
+ engine_des_init_key,
+ engine_des_cbc_cipher,
+ engine_cipher_cleanup,
+ sizeof(ZEN_DES_KEY),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL,
+ NULL
+};
+
+/* The one for 3DES ... */
+
+/* Try something static ... */
+typedef struct {
+ unsigned char des3_key[24];
+ unsigned char des3_iv[8];
+} ZEN_3DES_KEY;
+
+# define des_data(ctx) ( (DES_EDE_KEY *) ( ctx )->cipher_data )
+
+static const EVP_CIPHER engine_des_ede3_cbc = {
+ NID_des_ede3_cbc,
+ 8, 8, 8,
+ 0 | EVP_CIPH_CBC_MODE,
+ engine_des_ede3_init_key,
+ engine_des_ede3_cbc_cipher,
+ engine_cipher_cleanup,
+ sizeof(ZEN_3DES_KEY),
+ EVP_CIPHER_set_asn1_iv,
+ EVP_CIPHER_get_asn1_iv,
+ NULL,
+ NULL
+};
+
+/* General function cloned on hw_openbsd_dev_crypto one ... */
+static int engine_digests(ENGINE *e, const EVP_MD **digest, const int **nids,
+ int nid)
+{
+
+# ifdef DEBUG_ZENCOD_MD
+ fprintf(stderr, "\t=>Function : static int engine_digests () called !\n");
+# endif
+
+ if (!digest) {
+ /* We are returning a list of supported nids */
+ *nids = engine_digest_nids;
+ return engine_digest_nids_num;
+ }
+ /* We are being asked for a specific digest */
+ if (nid == NID_md5) {
+ *digest = &engine_md5_md;
+ } else if (nid == NID_sha1) {
+ *digest = &engine_sha1_md;
+ } else {
+ *digest = NULL;
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ * SHA stuff Functions
+ */
+static int engine_sha1_init(EVP_MD_CTX *ctx)
+{
+
+ int to_return = 0;
+
+ /* Test with zenbridge library ... */
+ to_return = ptr_zencod_sha1_init((ZEN_MD_DATA *)ctx->md_data);
+ to_return = !to_return;
+
+ return to_return;
+}
+
+static int engine_sha1_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count)
+{
+
+ zen_nb_t input;
+ int to_return = 0;
+
+ /* Convert parameters ... */
+ input.len = count;
+ input.data = (unsigned char *)data;
+
+ /* Test with zenbridge library ... */
+ to_return =
+ ptr_zencod_sha1_update((ZEN_MD_DATA *)ctx->md_data,
+ (const zen_nb_t *)&input);
+ to_return = !to_return;
+
+ return to_return;
+}
+
+static int engine_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+
+ zen_nb_t output;
+ int to_return = 0;
+
+ /* Convert parameters ... */
+ output.len = SHA_DIGEST_LENGTH;
+ output.data = md;
+
+ /* Test with zenbridge library ... */
+ to_return =
+ ptr_zencod_sha1_do_final((ZEN_MD_DATA *)ctx->md_data,
+ (zen_nb_t *) & output);
+ to_return = !to_return;
+
+ return to_return;
+}
+
+/*
+ * MD5 stuff Functions
+ */
+static int engine_md5_init(EVP_MD_CTX *ctx)
+{
+
+ int to_return = 0;
+
+ /* Test with zenbridge library ... */
+ to_return = ptr_zencod_md5_init((ZEN_MD_DATA *)ctx->md_data);
+ to_return = !to_return;
+
+ return to_return;
+}
+
+static int engine_md5_update(EVP_MD_CTX *ctx, const void *data,
+ unsigned long count)
+{
+
+ zen_nb_t input;
+ int to_return = 0;
+
+ /* Convert parameters ... */
+ input.len = count;
+ input.data = (unsigned char *)data;
+
+ /* Test with zenbridge library ... */
+ to_return =
+ ptr_zencod_md5_update((ZEN_MD_DATA *)ctx->md_data,
+ (const zen_nb_t *)&input);
+ to_return = !to_return;
+
+ return to_return;
+}
+
+static int engine_md5_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+
+ zen_nb_t output;
+ int to_return = 0;
+
+ /* Convert parameters ... */
+ output.len = MD5_DIGEST_LENGTH;
+ output.data = md;
+
+ /* Test with zenbridge library ... */
+ to_return =
+ ptr_zencod_md5_do_final((ZEN_MD_DATA *)ctx->md_data,
+ (zen_nb_t *) & output);
+ to_return = !to_return;
+
+ return to_return;
+}
+
+static int engine_md_cleanup(EVP_MD_CTX *ctx)
+{
+
+ ZEN_MD_DATA *zen_md_data = (ZEN_MD_DATA *)ctx->md_data;
+
+ if (zen_md_data->HashBuffer != NULL) {
+ OPENSSL_free(zen_md_data->HashBuffer);
+ zen_md_data->HashBufferSize = 0;
+ ctx->md_data = NULL;
+ }
+
+ return 1;
+}
+
+static int engine_md_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
+{
+ const ZEN_MD_DATA *from_md = (ZEN_MD_DATA *)from->md_data;
+ ZEN_MD_DATA *to_md = (ZEN_MD_DATA *)to->md_data;
+
+ to_md->HashBuffer = OPENSSL_malloc(from_md->HashBufferSize);
+ memcpy(to_md->HashBuffer, from_md->HashBuffer, from_md->HashBufferSize);
+
+ return 1;
+}
+
+/* General function cloned on hw_openbsd_dev_crypto one ... */
+static int engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+ const int **nids, int nid)
+{
+
+ if (!cipher) {
+ /* We are returning a list of supported nids */
+ *nids = engine_cipher_nids;
+ return engine_cipher_nids_num;
+ }
+ /* We are being asked for a specific cipher */
+ if (nid == NID_rc4) {
+ *cipher = &engine_rc4;
+ } else if (nid == NID_rc4_40) {
+ *cipher = &engine_rc4_40;
+ } else if (nid == NID_des_cbc) {
+ *cipher = &engine_des_cbc;
+ } else if (nid == NID_des_ede3_cbc) {
+ *cipher = &engine_des_ede3_cbc;
+ } else {
+ *cipher = NULL;
+ return 0;
+ }
+
+ return 1;
+}
+
+static int engine_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+ int to_return = 0;
+ int i = 0;
+ int nb = 0;
+ NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL;
+
+ tmp_rc4_key = (NEW_ZEN_RC4_KEY *) (ctx->cipher_data);
+ tmp_rc4_key->first = 0;
+ tmp_rc4_key->len = ctx->key_len;
+ tmp_rc4_key->rc4_state[0] = 0x00;
+ tmp_rc4_key->rc4_state[2] = 0x00;
+ nb = 256 / ctx->key_len;
+ for (i = 0; i < nb; i++) {
+ memcpy(&(tmp_rc4_key->rc4_state[4 + i * ctx->key_len]), key,
+ ctx->key_len);
+ }
+
+ to_return = 1;
+
+ return to_return;
+}
+
+static int engine_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int in_len)
+{
+
+ zen_nb_t output, input;
+ zen_nb_t rc4key;
+ int to_return = 0;
+ NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL;
+
+ /* Convert parameters ... */
+ input.len = in_len;
+ input.data = (unsigned char *)in;
+ output.len = in_len;
+ output.data = (unsigned char *)out;
+
+ tmp_rc4_key = ((NEW_ZEN_RC4_KEY *) (ctx->cipher_data));
+ rc4key.len = 260;
+ rc4key.data = &(tmp_rc4_key->rc4_state[0]);
+
+ /* Test with zenbridge library ... */
+ to_return =
+ ptr_zencod_rc4_cipher(&output, &input, (const zen_nb_t *)&rc4key,
+ &(tmp_rc4_key->rc4_state[0]),
+ &(tmp_rc4_key->rc4_state[3]),
+ !tmp_rc4_key->first);
+ to_return = !to_return;
+
+ /* Update encryption state ... */
+ tmp_rc4_key->first = 1;
+ tmp_rc4_key = NULL;
+
+ return to_return;
+}
+
+static int engine_des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+
+ ZEN_DES_KEY *tmp_des_key = NULL;
+ int to_return = 0;
+
+ tmp_des_key = (ZEN_DES_KEY *) (ctx->cipher_data);
+ memcpy(&(tmp_des_key->des_key[0]), key, 8);
+ memcpy(&(tmp_des_key->des_key[8]), key, 8);
+ memcpy(&(tmp_des_key->des_key[16]), key, 8);
+ memcpy(&(tmp_des_key->des_iv[0]), iv, 8);
+
+ to_return = 1;
+
+ return to_return;
+}
+
+static int engine_des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in, unsigned int inl)
+{
+
+ zen_nb_t output, input;
+ zen_nb_t deskey_1, deskey_2, deskey_3, iv;
+ int to_return = 0;
+
+ /* Convert parameters ... */
+ input.len = inl;
+ input.data = (unsigned char *)in;
+ output.len = inl;
+ output.data = out;
+
+ /* Set key parameters ... */
+ deskey_1.len = 8;
+ deskey_2.len = 8;
+ deskey_3.len = 8;
+ deskey_1.data =
+ (unsigned char *)((ZEN_DES_KEY *) (ctx->cipher_data))->des_key;
+ deskey_2.data =
+ (unsigned char *)&((ZEN_DES_KEY *) (ctx->cipher_data))->des_key[8];
+ deskey_3.data =
+ (unsigned char *)&((ZEN_DES_KEY *) (ctx->cipher_data))->des_key[16];
+
+ /* Key correct iv ... */
+ memcpy(((ZEN_DES_KEY *) (ctx->cipher_data))->des_iv, ctx->iv, 8);
+ iv.len = 8;
+ iv.data = (unsigned char *)((ZEN_DES_KEY *) (ctx->cipher_data))->des_iv;
+
+ if (ctx->encrypt == 0) {
+ memcpy(ctx->iv, &(input.data[input.len - 8]), 8);
+ }
+
+ /* Test with zenbridge library ... */
+ to_return = ptr_zencod_xdes_cipher(&output, &input,
+ (zen_nb_t *) & deskey_1,
+ (zen_nb_t *) & deskey_2,
+ (zen_nb_t *) & deskey_3, &iv,
+ ctx->encrypt);
+ to_return = !to_return;
+
+ /*
+ * But we need to set up the rigth iv ... Test ENCRYPT or DECRYPT mode to
+ * set iv ...
+ */
+ if (ctx->encrypt == 1) {
+ memcpy(ctx->iv, &(output.data[output.len - 8]), 8);
+ }
+
+ return to_return;
+}
+
+static int engine_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv, int enc)
+{
+
+ ZEN_3DES_KEY *tmp_3des_key = NULL;
+ int to_return = 0;
+
+ tmp_3des_key = (ZEN_3DES_KEY *) (ctx->cipher_data);
+ memcpy(&(tmp_3des_key->des3_key[0]), key, 24);
+ memcpy(&(tmp_3des_key->des3_iv[0]), iv, 8);
+
+ to_return = 1;
+
+ return to_return;
+}
+
+static int engine_des_ede3_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+ const unsigned char *in,
+ unsigned int in_len)
+{
+
+ zen_nb_t output, input;
+ zen_nb_t deskey_1, deskey_2, deskey_3, iv;
+ int to_return = 0;
+
+ /* Convert parameters ... */
+ input.len = in_len;
+ input.data = (unsigned char *)in;
+ output.len = in_len;
+ output.data = out;
+
+ /* Set key ... */
+ deskey_1.len = 8;
+ deskey_2.len = 8;
+ deskey_3.len = 8;
+ deskey_1.data =
+ (unsigned char *)((ZEN_3DES_KEY *) (ctx->cipher_data))->des3_key;
+ deskey_2.data =
+ (unsigned char *)&((ZEN_3DES_KEY *) (ctx->cipher_data))->des3_key[8];
+ deskey_3.data =
+ (unsigned char *)&((ZEN_3DES_KEY *) (ctx->cipher_data))->des3_key[16];
+
+ /* Key correct iv ... */
+ memcpy(((ZEN_3DES_KEY *) (ctx->cipher_data))->des3_iv, ctx->iv, 8);
+ iv.len = 8;
+ iv.data = (unsigned char *)((ZEN_3DES_KEY *) (ctx->cipher_data))->des3_iv;
+
+ if (ctx->encrypt == 0) {
+ memcpy(ctx->iv, &(input.data[input.len - 8]), 8);
+ }
+
+ /* Test with zenbridge library ... */
+ to_return = ptr_zencod_xdes_cipher(&output, &input,
+ (zen_nb_t *) & deskey_1,
+ (zen_nb_t *) & deskey_2,
+ (zen_nb_t *) & deskey_3, &iv,
+ ctx->encrypt);
+ to_return = !to_return;
+
+ if (ctx->encrypt == 1) {
+ memcpy(ctx->iv, &(output.data[output.len - 8]), 8);
+ }
+
+ return to_return;
+}
+
+static int engine_cipher_cleanup(EVP_CIPHER_CTX *ctx)
+{
+
+ /* Set the key pointer ... */
+ if (ctx->cipher->nid == NID_rc4 || ctx->cipher->nid == NID_rc4_40) {
+ } else if (ctx->cipher->nid == NID_des_cbc) {
+ } else if (ctx->cipher->nid == NID_des_ede3_cbc) {
+ }
+
+ return 1;
+}
+
+# endif /* !OPENSSL_NO_HW_ZENCOD */
+#endif /* !OPENSSL_NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.h
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,160 +0,0 @@
-/* File : /crypto/engine/vendor_defns/hw_zencod.h */
-/* ====================================================================
- * Written by Donnat Frederic (frederic.donnat at zencod.com) from ZENCOD
- * for "zencod" ENGINE integration in OpenSSL project.
- */
-
-
- #ifndef _HW_ZENCOD_H_
-#define _HW_ZENCOD_H_
-
-#include <stdio.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-#define ZENBRIDGE_MAX_KEYSIZE_RSA 2048
-#define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT 1024
-#define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN 1024
-#define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY 1024
-
-/* Library version computation */
-#define ZENBRIDGE_VERSION_MAJOR(x) (((x) >> 16) | 0xff)
-#define ZENBRIDGE_VERSION_MINOR(x) (((x) >> 8) | 0xff)
-#define ZENBRIDGE_VERSION_PATCH(x) (((x) >> 0) | 0xff)
-#define ZENBRIDGE_VERSION(x, y, z) ((x) << 16 | (y) << 8 | (z))
-
-/*
- * Memory type
- */
-typedef struct zencod_number_s {
- unsigned long len;
- unsigned char *data;
-} zen_nb_t;
-
-#define KEY zen_nb_t
-
-
-/*
- * Misc
- */
-typedef int t_zencod_lib_version (void);
-typedef int t_zencod_hw_version (void);
-typedef int t_zencod_test (void);
-typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key);
-
-
-/*
- * Key management tools
- */
-typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data);
-typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data);
-typedef unsigned long t_zencod_bytes2bits (unsigned char *n, unsigned long bytes);
-typedef unsigned long t_zencod_bits2bytes (unsigned long bits);
-
-
-/*
- * RSA API
- */
-/* Compute modular exponential : y = x**e | n */
-typedef int t_zencod_rsa_mod_exp (KEY *y, KEY *x, KEY *n, KEY *e);
-/* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp | p, y = y2 + (qinv * (y1 - y2) | p) * q */
-typedef int t_zencod_rsa_mod_exp_crt (KEY *y, KEY *x, KEY *p, KEY *q,
- KEY *edp, KEY *edq, KEY *qinv);
-
-
-/*
- * DSA API
- */
-typedef int t_zencod_dsa_do_sign (unsigned int hash, KEY *data, KEY *random,
- KEY *p, KEY *q, KEY *g, KEY *x, KEY *r, KEY *s);
-typedef int t_zencod_dsa_do_verify (unsigned int hash, KEY *data,
- KEY *p, KEY *q, KEY *g, KEY *y,
- KEY *r, KEY *s, KEY *v);
-
-
-/*
- * DH API
- */
- /* Key generation : compute public value y = g**x | n */
-typedef int t_zencod_dh_generate_key (KEY *y, KEY *x, KEY *g, KEY *n, int gen_x);
-typedef int t_zencod_dh_compute_key (KEY *k, KEY *y, KEY *x, KEY *n);
-
-
-/*
- * RNG API
- */
-#define ZENBRIDGE_RNG_DIRECT 0
-#define ZENBRIDGE_RNG_SHA1 1
-typedef int t_zencod_rand_bytes (KEY *rand, unsigned int flags);
-
-
-/*
- * Math API
- */
-typedef int t_zencod_math_mod_exp (KEY *r, KEY *a, KEY *e, KEY *n);
-
-
-
-
-/*
- * Symetric API
- */
-/* Define a data structure for digests operations */
-typedef struct ZEN_data_st
-{
- unsigned int HashBufferSize ;
- unsigned char *HashBuffer ;
-} ZEN_MD_DATA ;
-
-/*
- * Functions for Digest (MD5, SHA1) stuff
- */
-/* output : output data buffer */
-/* input : input data buffer */
-/* algo : hash algorithm, MD5 or SHA1 */
-/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
- * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
- */
-/* For now separate this stuff that mad it easier to test */
-typedef int t_zencod_md5_init ( ZEN_MD_DATA *data ) ;
-typedef int t_zencod_md5_update ( ZEN_MD_DATA *data, const KEY *input ) ;
-typedef int t_zencod_md5_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
-
-typedef int t_zencod_sha1_init ( ZEN_MD_DATA *data ) ;
-typedef int t_zencod_sha1_update ( ZEN_MD_DATA *data, const KEY *input ) ;
-typedef int t_zencod_sha1_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
-
-
-/*
- * Functions for Cipher (RC4, DES, 3DES) stuff
- */
-/* output : output data buffer */
-/* input : input data buffer */
-/* key : rc4 key data */
-/* index_1 : value of index x from RC4 key structure */
-/* index_2 : value of index y from RC4 key structure */
-/* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
-typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
- unsigned char *index_1, unsigned char *index_2, int mode ) ;
-
-/* output : output data buffer */
-/* input : input data buffer */
-/* key_1 : des first key data */
-/* key_2 : des second key data */
-/* key_3 : des third key data */
-/* iv : initial vector */
-/* mode : xdes mode (encrypt or decrypt) */
-/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
-typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1,
- const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ;
-
-
-#undef KEY
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* !_HW_ZENCOD_H_ */
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.h (from rev 6976, vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,159 @@
+/* File : /crypto/engine/vendor_defns/hw_zencod.h */
+/* ====================================================================
+ * Written by Donnat Frederic (frederic.donnat at zencod.com) from ZENCOD
+ * for "zencod" ENGINE integration in OpenSSL project.
+ */
+
+#ifndef _HW_ZENCOD_H_
+# define _HW_ZENCOD_H_
+
+# include <stdio.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif /* __cplusplus */
+
+# define ZENBRIDGE_MAX_KEYSIZE_RSA 2048
+# define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT 1024
+# define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN 1024
+# define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY 1024
+
+/* Library version computation */
+# define ZENBRIDGE_VERSION_MAJOR(x) (((x) >> 16) | 0xff)
+# define ZENBRIDGE_VERSION_MINOR(x) (((x) >> 8) | 0xff)
+# define ZENBRIDGE_VERSION_PATCH(x) (((x) >> 0) | 0xff)
+# define ZENBRIDGE_VERSION(x, y, z) ((x) << 16 | (y) << 8 | (z))
+
+ /*
+ * Memory type
+ */
+ typedef struct zencod_number_s {
+ unsigned long len;
+ unsigned char *data;
+ } zen_nb_t;
+
+# define KEY zen_nb_t
+
+ /*
+ * Misc
+ */
+ typedef int t_zencod_lib_version(void);
+ typedef int t_zencod_hw_version(void);
+ typedef int t_zencod_test(void);
+ typedef int t_zencod_dump_key(FILE *stream, char *msg, KEY * key);
+
+ /*
+ * Key management tools
+ */
+ typedef KEY *t_zencod_new_number(unsigned long len, unsigned char *data);
+ typedef int t_zencod_init_number(KEY * n, unsigned long len,
+ unsigned char *data);
+ typedef unsigned long t_zencod_bytes2bits(unsigned char *n,
+ unsigned long bytes);
+ typedef unsigned long t_zencod_bits2bytes(unsigned long bits);
+
+ /*
+ * RSA API
+ */
+/* Compute modular exponential : y = x**e | n */
+ typedef int t_zencod_rsa_mod_exp(KEY * y, KEY * x, KEY * n, KEY * e);
+ /*
+ * Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp
+ * | p, y = y2 + (qinv * (y1 - y2) | p) * q
+ */
+ typedef int t_zencod_rsa_mod_exp_crt(KEY * y, KEY * x, KEY * p, KEY * q,
+ KEY * edp, KEY * edq, KEY * qinv);
+
+ /*
+ * DSA API
+ */
+ typedef int t_zencod_dsa_do_sign(unsigned int hash, KEY * data,
+ KEY * random, KEY * p, KEY * q, KEY * g,
+ KEY * x, KEY * r, KEY * s);
+ typedef int t_zencod_dsa_do_verify(unsigned int hash, KEY * data, KEY * p,
+ KEY * q, KEY * g, KEY * y, KEY * r,
+ KEY * s, KEY * v);
+
+ /*
+ * DH API
+ */
+ /* Key generation : compute public value y = g**x | n */
+ typedef int t_zencod_dh_generate_key(KEY * y, KEY * x, KEY * g, KEY * n,
+ int gen_x);
+ typedef int t_zencod_dh_compute_key(KEY * k, KEY * y, KEY * x, KEY * n);
+
+ /*
+ * RNG API
+ */
+# define ZENBRIDGE_RNG_DIRECT 0
+# define ZENBRIDGE_RNG_SHA1 1
+ typedef int t_zencod_rand_bytes(KEY * rand, unsigned int flags);
+
+ /*
+ * Math API
+ */
+ typedef int t_zencod_math_mod_exp(KEY * r, KEY * a, KEY * e, KEY * n);
+
+ /*
+ * Symetric API
+ */
+/* Define a data structure for digests operations */
+ typedef struct ZEN_data_st {
+ unsigned int HashBufferSize;
+ unsigned char *HashBuffer;
+ } ZEN_MD_DATA;
+
+ /*
+ * Functions for Digest (MD5, SHA1) stuff
+ */
+ /* output : output data buffer */
+ /* input : input data buffer */
+ /* algo : hash algorithm, MD5 or SHA1 */
+ /*-
+ * typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
+ * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
+ */
+ /* For now separate this stuff that mad it easier to test */
+ typedef int t_zencod_md5_init(ZEN_MD_DATA *data);
+ typedef int t_zencod_md5_update(ZEN_MD_DATA *data, const KEY * input);
+ typedef int t_zencod_md5_do_final(ZEN_MD_DATA *data, KEY * output);
+
+ typedef int t_zencod_sha1_init(ZEN_MD_DATA *data);
+ typedef int t_zencod_sha1_update(ZEN_MD_DATA *data, const KEY * input);
+ typedef int t_zencod_sha1_do_final(ZEN_MD_DATA *data, KEY * output);
+
+ /*
+ * Functions for Cipher (RC4, DES, 3DES) stuff
+ */
+/* output : output data buffer */
+/* input : input data buffer */
+/* key : rc4 key data */
+/* index_1 : value of index x from RC4 key structure */
+/* index_2 : value of index y from RC4 key structure */
+ /*
+ * Be carefull : RC4 key should be expanded before calling this method
+ * (Should we provide an expand function ??)
+ */
+ typedef int t_zencod_rc4_cipher(KEY * output, const KEY * input,
+ const KEY * key, unsigned char *index_1,
+ unsigned char *index_2, int mode);
+
+/* output : output data buffer */
+/* input : input data buffer */
+/* key_1 : des first key data */
+/* key_2 : des second key data */
+/* key_3 : des third key data */
+/* iv : initial vector */
+/* mode : xdes mode (encrypt or decrypt) */
+/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
+ typedef int t_zencod_xdes_cipher(KEY * output, const KEY * input,
+ const KEY * key_1, const KEY * key_2,
+ const KEY * key_3, const KEY * iv,
+ int mode);
+
+# undef KEY
+
+# ifdef __cplusplus
+}
+# endif /* __cplusplus */
+#endif /* !_HW_ZENCOD_H_ */
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.c
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,151 +0,0 @@
-/* hw_zencod_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "hw_zencod_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA ZENCOD_str_functs[]=
- {
-{ERR_PACK(0,ZENCOD_F_ZENCOD_BN_MOD_EXP,0), "ZENCOD_BN_MOD_EXP"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_CTRL,0), "ZENCOD_CTRL"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_COMPUTE,0), "ZENCOD_DH_COMPUTE"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_GENERATE,0), "ZENCOD_DH_GENERATE"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_SIGN,0), "ZENCOD_DSA_DO_SIGN"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_VERIFY,0), "ZENCOD_DSA_DO_VERIFY"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_FINISH,0), "ZENCOD_FINISH"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_INIT,0), "ZENCOD_INIT"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_RAND,0), "ZENCOD_RAND"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP,0), "ZENCOD_RSA_MOD_EXP"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,0), "ZENCOD_RSA_MOD_EXP_CRT"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA ZENCOD_str_reasons[]=
- {
-{ZENCOD_R_ALREADY_LOADED ,"already loaded"},
-{ZENCOD_R_BAD_KEY_COMPONENTS ,"bad key components"},
-{ZENCOD_R_BN_EXPAND_FAIL ,"bn expand fail"},
-{ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
-{ZENCOD_R_DSO_FAILURE ,"dso failure"},
-{ZENCOD_R_NOT_LOADED ,"not loaded"},
-{ZENCOD_R_REQUEST_FAILED ,"request failed"},
-{ZENCOD_R_UNIT_FAILURE ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef ZENCOD_LIB_NAME
-static ERR_STRING_DATA ZENCOD_lib_name[]=
- {
-{0 ,ZENCOD_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int ZENCOD_lib_error_code=0;
-static int ZENCOD_error_init=1;
-
-static void ERR_load_ZENCOD_strings(void)
- {
- if (ZENCOD_lib_error_code == 0)
- ZENCOD_lib_error_code=ERR_get_next_error_library();
-
- if (ZENCOD_error_init)
- {
- ZENCOD_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
- ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
-#endif
-
-#ifdef ZENCOD_LIB_NAME
- ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code,0,0);
- ERR_load_strings(0,ZENCOD_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_ZENCOD_strings(void)
- {
- if (ZENCOD_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
- ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
-#endif
-
-#ifdef ZENCOD_LIB_NAME
- ERR_unload_strings(0,ZENCOD_lib_name);
-#endif
- ZENCOD_error_init=1;
- }
- }
-
-static void ERR_ZENCOD_error(int function, int reason, char *file, int line)
- {
- if (ZENCOD_lib_error_code == 0)
- ZENCOD_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(ZENCOD_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.c (from rev 6976, vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,147 @@
+/* hw_zencod_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_zencod_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ZENCOD_str_functs[] = {
+ {ERR_PACK(0, ZENCOD_F_ZENCOD_BN_MOD_EXP, 0), "ZENCOD_BN_MOD_EXP"},
+ {ERR_PACK(0, ZENCOD_F_ZENCOD_CTRL, 0), "ZENCOD_CTRL"},
+ {ERR_PACK(0, ZENCOD_F_ZENCOD_DH_COMPUTE, 0), "ZENCOD_DH_COMPUTE"},
+ {ERR_PACK(0, ZENCOD_F_ZENCOD_DH_GENERATE, 0), "ZENCOD_DH_GENERATE"},
+ {ERR_PACK(0, ZENCOD_F_ZENCOD_DSA_DO_SIGN, 0), "ZENCOD_DSA_DO_SIGN"},
+ {ERR_PACK(0, ZENCOD_F_ZENCOD_DSA_DO_VERIFY, 0), "ZENCOD_DSA_DO_VERIFY"},
+ {ERR_PACK(0, ZENCOD_F_ZENCOD_FINISH, 0), "ZENCOD_FINISH"},
+ {ERR_PACK(0, ZENCOD_F_ZENCOD_INIT, 0), "ZENCOD_INIT"},
+ {ERR_PACK(0, ZENCOD_F_ZENCOD_RAND, 0), "ZENCOD_RAND"},
+ {ERR_PACK(0, ZENCOD_F_ZENCOD_RSA_MOD_EXP, 0), "ZENCOD_RSA_MOD_EXP"},
+ {ERR_PACK(0, ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, 0),
+ "ZENCOD_RSA_MOD_EXP_CRT"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA ZENCOD_str_reasons[] = {
+ {ZENCOD_R_ALREADY_LOADED, "already loaded"},
+ {ZENCOD_R_BAD_KEY_COMPONENTS, "bad key components"},
+ {ZENCOD_R_BN_EXPAND_FAIL, "bn expand fail"},
+ {ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED, "ctrl command not implemented"},
+ {ZENCOD_R_DSO_FAILURE, "dso failure"},
+ {ZENCOD_R_NOT_LOADED, "not loaded"},
+ {ZENCOD_R_REQUEST_FAILED, "request failed"},
+ {ZENCOD_R_UNIT_FAILURE, "unit failure"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef ZENCOD_LIB_NAME
+static ERR_STRING_DATA ZENCOD_lib_name[] = {
+ {0, ZENCOD_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int ZENCOD_lib_error_code = 0;
+static int ZENCOD_error_init = 1;
+
+static void ERR_load_ZENCOD_strings(void)
+{
+ if (ZENCOD_lib_error_code == 0)
+ ZENCOD_lib_error_code = ERR_get_next_error_library();
+
+ if (ZENCOD_error_init) {
+ ZENCOD_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(ZENCOD_lib_error_code, ZENCOD_str_functs);
+ ERR_load_strings(ZENCOD_lib_error_code, ZENCOD_str_reasons);
+#endif
+
+#ifdef ZENCOD_LIB_NAME
+ ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code, 0, 0);
+ ERR_load_strings(0, ZENCOD_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_ZENCOD_strings(void)
+{
+ if (ZENCOD_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(ZENCOD_lib_error_code, ZENCOD_str_functs);
+ ERR_unload_strings(ZENCOD_lib_error_code, ZENCOD_str_reasons);
+#endif
+
+#ifdef ZENCOD_LIB_NAME
+ ERR_unload_strings(0, ZENCOD_lib_name);
+#endif
+ ZENCOD_error_init = 1;
+ }
+}
+
+static void ERR_ZENCOD_error(int function, int reason, char *file, int line)
+{
+ if (ZENCOD_lib_error_code == 0)
+ ZENCOD_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(ZENCOD_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.h
===================================================================
--- vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,99 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ZENCOD_ERR_H
-#define HEADER_ZENCOD_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_ZENCOD_strings(void);
-static void ERR_unload_ZENCOD_strings(void);
-static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
-#define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the ZENCOD functions. */
-
-/* Function codes. */
-#define ZENCOD_F_ZENCOD_BN_MOD_EXP 100
-#define ZENCOD_F_ZENCOD_CTRL 101
-#define ZENCOD_F_ZENCOD_DH_COMPUTE 102
-#define ZENCOD_F_ZENCOD_DH_GENERATE 103
-#define ZENCOD_F_ZENCOD_DSA_DO_SIGN 104
-#define ZENCOD_F_ZENCOD_DSA_DO_VERIFY 105
-#define ZENCOD_F_ZENCOD_FINISH 106
-#define ZENCOD_F_ZENCOD_INIT 107
-#define ZENCOD_F_ZENCOD_RAND 108
-#define ZENCOD_F_ZENCOD_RSA_MOD_EXP 109
-#define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT 110
-
-/* Reason codes. */
-#define ZENCOD_R_ALREADY_LOADED 100
-#define ZENCOD_R_BAD_KEY_COMPONENTS 101
-#define ZENCOD_R_BN_EXPAND_FAIL 102
-#define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define ZENCOD_R_DSO_FAILURE 104
-#define ZENCOD_R_NOT_LOADED 105
-#define ZENCOD_R_REQUEST_FAILED 106
-#define ZENCOD_R_UNIT_FAILURE 107
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.h (from rev 6976, vendor-crypto/openssl/dist/demos/engines/zencod/hw_zencod_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/engines/zencod/hw_zencod_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,100 @@
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ZENCOD_ERR_H
+# define HEADER_ZENCOD_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_ZENCOD_strings(void);
+static void ERR_unload_ZENCOD_strings(void);
+static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
+# define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the ZENCOD functions. */
+
+/* Function codes. */
+# define ZENCOD_F_ZENCOD_BN_MOD_EXP 100
+# define ZENCOD_F_ZENCOD_CTRL 101
+# define ZENCOD_F_ZENCOD_DH_COMPUTE 102
+# define ZENCOD_F_ZENCOD_DH_GENERATE 103
+# define ZENCOD_F_ZENCOD_DSA_DO_SIGN 104
+# define ZENCOD_F_ZENCOD_DSA_DO_VERIFY 105
+# define ZENCOD_F_ZENCOD_FINISH 106
+# define ZENCOD_F_ZENCOD_INIT 107
+# define ZENCOD_F_ZENCOD_RAND 108
+# define ZENCOD_F_ZENCOD_RSA_MOD_EXP 109
+# define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT 110
+
+/* Reason codes. */
+# define ZENCOD_R_ALREADY_LOADED 100
+# define ZENCOD_R_BAD_KEY_COMPONENTS 101
+# define ZENCOD_R_BN_EXPAND_FAIL 102
+# define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
+# define ZENCOD_R_DSO_FAILURE 104
+# define ZENCOD_R_NOT_LOADED 105
+# define ZENCOD_R_REQUEST_FAILED 106
+# define ZENCOD_R_UNIT_FAILURE 107
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/demos/jpake/jpakedemo.c
===================================================================
--- vendor-crypto/openssl/dist/demos/jpake/jpakedemo.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/jpake/jpakedemo.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,469 +0,0 @@
-#include "openssl/bn.h"
-#include "openssl/sha.h"
-#include <assert.h>
-#include <string.h>
-#include <stdlib.h>
-
-/* Copyright (C) 2008 Ben Laurie (ben at links.org) */
-
-/*
- * Implement J-PAKE, as described in
- * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
- *
- * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
- */
-
-static void showbn(const char *name, const BIGNUM *bn)
- {
- fputs(name, stdout);
- fputs(" = ", stdout);
- BN_print_fp(stdout, bn);
- putc('\n', stdout);
- }
-
-typedef struct
- {
- BN_CTX *ctx; // Perhaps not the best place for this?
- BIGNUM *p;
- BIGNUM *q;
- BIGNUM *g;
- } JPakeParameters;
-
-static void JPakeParametersInit(JPakeParameters *params)
- {
- params->ctx = BN_CTX_new();
-
- // For now use p, q, g from Java sample code. Later, generate them.
- params->p = NULL;
- BN_hex2bn(¶ms->p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7");
- params->q = NULL;
- BN_hex2bn(¶ms->q, "9760508f15230bccb292b982a2eb840bf0581cf5");
- params->g = NULL;
- BN_hex2bn(¶ms->g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a");
-
- showbn("p", params->p);
- showbn("q", params->q);
- showbn("g", params->g);
- }
-
-typedef struct
- {
- BIGNUM *gr; // g^r (r random)
- BIGNUM *b; // b = r - x*h, h=hash(g, g^r, g^x, name)
- } JPakeZKP;
-
-typedef struct
- {
- BIGNUM *gx; // g^x
- JPakeZKP zkpx; // ZKP(x)
- } JPakeStep1;
-
-typedef struct
- {
- BIGNUM *X; // g^(xa + xc + xd) * xb * s
- JPakeZKP zkpxbs; // ZKP(xb * s)
- } JPakeStep2;
-
-typedef struct
- {
- const char *name; // Must be unique
- int base; // 1 for Alice, 3 for Bob. Only used for printing stuff.
- JPakeStep1 s1c; // Alice's g^x3, ZKP(x3) or Bob's g^x1, ZKP(x1)
- JPakeStep1 s1d; // Alice's g^x4, ZKP(x4) or Bob's g^x2, ZKP(x2)
- JPakeStep2 s2; // Alice's A, ZKP(x2 * s) or Bob's B, ZKP(x4 * s)
- } JPakeUserPublic;
-
-/*
- * The user structure. In the definition, (xa, xb, xc, xd) are Alice's
- * (x1, x2, x3, x4) or Bob's (x3, x4, x1, x2). If you see what I mean.
- */
-typedef struct
- {
- JPakeUserPublic p;
- BIGNUM *secret; // The shared secret
- BIGNUM *key; // The calculated (shared) key
- BIGNUM *xa; // Alice's x1 or Bob's x3
- BIGNUM *xb; // Alice's x2 or Bob's x4
- } JPakeUser;
-
-// Generate each party's random numbers. xa is in [0, q), xb is in [1, q).
-static void genrand(JPakeUser *user, const JPakeParameters *params)
- {
- BIGNUM *qm1;
-
- // xa in [0, q)
- user->xa = BN_new();
- BN_rand_range(user->xa, params->q);
-
- // q-1
- qm1 = BN_new();
- BN_copy(qm1, params->q);
- BN_sub_word(qm1, 1);
-
- // ... and xb in [0, q-1)
- user->xb = BN_new();
- BN_rand_range(user->xb, qm1);
- // [1, q)
- BN_add_word(user->xb, 1);
-
- // cleanup
- BN_free(qm1);
-
- // Show
- printf("x%d", user->p.base);
- showbn("", user->xa);
- printf("x%d", user->p.base+1);
- showbn("", user->xb);
- }
-
-static void hashlength(SHA_CTX *sha, size_t l)
- {
- unsigned char b[2];
-
- assert(l <= 0xffff);
- b[0] = l >> 8;
- b[1] = l&0xff;
- SHA1_Update(sha, b, 2);
- }
-
-static void hashstring(SHA_CTX *sha, const char *string)
- {
- size_t l = strlen(string);
-
- hashlength(sha, l);
- SHA1_Update(sha, string, l);
- }
-
-static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
- {
- size_t l = BN_num_bytes(bn);
- unsigned char *bin = alloca(l);
-
- hashlength(sha, l);
- BN_bn2bin(bn, bin);
- SHA1_Update(sha, bin, l);
- }
-
-// h=hash(g, g^r, g^x, name)
-static void zkpHash(BIGNUM *h, const JPakeZKP *zkp, const BIGNUM *gx,
- const JPakeUserPublic *from, const JPakeParameters *params)
- {
- unsigned char md[SHA_DIGEST_LENGTH];
- SHA_CTX sha;
-
- // XXX: hash should not allow moving of the boundaries - Java code
- // is flawed in this respect. Length encoding seems simplest.
- SHA1_Init(&sha);
- hashbn(&sha, params->g);
- hashbn(&sha, zkp->gr);
- hashbn(&sha, gx);
- hashstring(&sha, from->name);
- SHA1_Final(md, &sha);
- BN_bin2bn(md, SHA_DIGEST_LENGTH, h);
- }
-
-// Prove knowledge of x
-// Note that we don't send g^x because, as it happens, we've always
-// sent it elsewhere. Also note that because of that, we could avoid
-// calculating it here, but we don't, for clarity...
-static void CreateZKP(JPakeZKP *zkp, const BIGNUM *x, const JPakeUser *us,
- const BIGNUM *zkpg, const JPakeParameters *params,
- int n, const char *suffix)
- {
- BIGNUM *r = BN_new();
- BIGNUM *gx = BN_new();
- BIGNUM *h = BN_new();
- BIGNUM *t = BN_new();
-
- // r in [0,q)
- // XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
- BN_rand_range(r, params->q);
- // g^r
- zkp->gr = BN_new();
- BN_mod_exp(zkp->gr, zkpg, r, params->p, params->ctx);
- // g^x
- BN_mod_exp(gx, zkpg, x, params->p, params->ctx);
-
- // h=hash...
- zkpHash(h, zkp, gx, &us->p, params);
-
- // b = r - x*h
- BN_mod_mul(t, x, h, params->q, params->ctx);
- zkp->b = BN_new();
- BN_mod_sub(zkp->b, r, t, params->q, params->ctx);
-
- // show
- printf(" ZKP(x%d%s)\n", n, suffix);
- showbn(" zkpg", zkpg);
- showbn(" g^x", gx);
- showbn(" g^r", zkp->gr);
- showbn(" b", zkp->b);
-
- // cleanup
- BN_free(t);
- BN_free(h);
- BN_free(gx);
- BN_free(r);
- }
-
-static int VerifyZKP(const JPakeZKP *zkp, BIGNUM *gx,
- const JPakeUserPublic *them, const BIGNUM *zkpg,
- const JPakeParameters *params, int n, const char *suffix)
- {
- BIGNUM *h = BN_new();
- BIGNUM *t1 = BN_new();
- BIGNUM *t2 = BN_new();
- BIGNUM *t3 = BN_new();
- int ret = 0;
-
- zkpHash(h, zkp, gx, them, params);
-
- // t1 = g^b
- BN_mod_exp(t1, zkpg, zkp->b, params->p, params->ctx);
- // t2 = (g^x)^h = g^{hx}
- BN_mod_exp(t2, gx, h, params->p, params->ctx);
- // t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly)
- BN_mod_mul(t3, t1, t2, params->p, params->ctx);
-
- printf(" ZKP(x%d%s)\n", n, suffix);
- showbn(" zkpg", zkpg);
- showbn(" g^r'", t3);
-
- // verify t3 == g^r
- if(BN_cmp(t3, zkp->gr) == 0)
- ret = 1;
-
- // cleanup
- BN_free(t3);
- BN_free(t2);
- BN_free(t1);
- BN_free(h);
-
- if(ret)
- puts(" OK");
- else
- puts(" FAIL");
-
- return ret;
- }
-
-static void sendstep1_substep(JPakeStep1 *s1, const BIGNUM *x,
- const JPakeUser *us,
- const JPakeParameters *params, int n)
- {
- s1->gx = BN_new();
- BN_mod_exp(s1->gx, params->g, x, params->p, params->ctx);
- printf(" g^{x%d}", n);
- showbn("", s1->gx);
-
- CreateZKP(&s1->zkpx, x, us, params->g, params, n, "");
- }
-
-static void sendstep1(const JPakeUser *us, JPakeUserPublic *them,
- const JPakeParameters *params)
- {
- printf("\n%s sends %s:\n\n", us->p.name, them->name);
-
- // from's g^xa (which becomes to's g^xc) and ZKP(xa)
- sendstep1_substep(&them->s1c, us->xa, us, params, us->p.base);
- // from's g^xb (which becomes to's g^xd) and ZKP(xb)
- sendstep1_substep(&them->s1d, us->xb, us, params, us->p.base+1);
- }
-
-static int verifystep1(const JPakeUser *us, const JPakeUserPublic *them,
- const JPakeParameters *params)
- {
- printf("\n%s verifies %s:\n\n", us->p.name, them->name);
-
- // verify their ZKP(xc)
- if(!VerifyZKP(&us->p.s1c.zkpx, us->p.s1c.gx, them, params->g, params,
- them->base, ""))
- return 0;
-
- // verify their ZKP(xd)
- if(!VerifyZKP(&us->p.s1d.zkpx, us->p.s1d.gx, them, params->g, params,
- them->base+1, ""))
- return 0;
-
- // g^xd != 1
- printf(" g^{x%d} != 1: ", them->base+1);
- if(BN_is_one(us->p.s1d.gx))
- {
- puts("FAIL");
- return 0;
- }
- puts("OK");
-
- return 1;
- }
-
-static void sendstep2(const JPakeUser *us, JPakeUserPublic *them,
- const JPakeParameters *params)
- {
- BIGNUM *t1 = BN_new();
- BIGNUM *t2 = BN_new();
-
- printf("\n%s sends %s:\n\n", us->p.name, them->name);
-
- // X = g^{(xa + xc + xd) * xb * s}
- // t1 = g^xa
- BN_mod_exp(t1, params->g, us->xa, params->p, params->ctx);
- // t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc}
- BN_mod_mul(t2, t1, us->p.s1c.gx, params->p, params->ctx);
- // t1 = t2 * g^{xd} = g^{xa + xc + xd}
- BN_mod_mul(t1, t2, us->p.s1d.gx, params->p, params->ctx);
- // t2 = xb * s
- BN_mod_mul(t2, us->xb, us->secret, params->q, params->ctx);
- // X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
- them->s2.X = BN_new();
- BN_mod_exp(them->s2.X, t1, t2, params->p, params->ctx);
-
- // Show
- printf(" g^{(x%d + x%d + x%d) * x%d * s)", us->p.base, them->base,
- them->base+1, us->p.base+1);
- showbn("", them->s2.X);
-
- // ZKP(xb * s)
- // XXX: this is kinda funky, because we're using
- //
- // g' = g^{xa + xc + xd}
- //
- // as the generator, which means X is g'^{xb * s}
- CreateZKP(&them->s2.zkpxbs, t2, us, t1, params, us->p.base+1, " * s");
-
- // cleanup
- BN_free(t1);
- BN_free(t2);
- }
-
-static int verifystep2(const JPakeUser *us, const JPakeUserPublic *them,
- const JPakeParameters *params)
- {
- BIGNUM *t1 = BN_new();
- BIGNUM *t2 = BN_new();
- int ret = 0;
-
- printf("\n%s verifies %s:\n\n", us->p.name, them->name);
-
- // g' = g^{xc + xa + xb} [from our POV]
- // t1 = xa + xb
- BN_mod_add(t1, us->xa, us->xb, params->q, params->ctx);
- // t2 = g^{t1} = g^{xa+xb}
- BN_mod_exp(t2, params->g, t1, params->p, params->ctx);
- // t1 = g^{xc} * t2 = g^{xc + xa + xb}
- BN_mod_mul(t1, us->p.s1c.gx, t2, params->p, params->ctx);
-
- if(VerifyZKP(&us->p.s2.zkpxbs, us->p.s2.X, them, t1, params, them->base+1,
- " * s"))
- ret = 1;
-
- // cleanup
- BN_free(t2);
- BN_free(t1);
-
- return ret;
- }
-
-static void computekey(JPakeUser *us, const JPakeParameters *params)
- {
- BIGNUM *t1 = BN_new();
- BIGNUM *t2 = BN_new();
- BIGNUM *t3 = BN_new();
-
- printf("\n%s calculates the shared key:\n\n", us->p.name);
-
- // K = (X/g^{xb * xd * s})^{xb}
- // = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
- // = (g^{(xa + xc) * xd * s})^{xb}
- // = g^{(xa + xc) * xb * xd * s}
- // [which is the same regardless of who calculates it]
-
- // t1 = (g^{xd})^{xb} = g^{xb * xd}
- BN_mod_exp(t1, us->p.s1d.gx, us->xb, params->p, params->ctx);
- // t2 = -s = q-s
- BN_sub(t2, params->q, us->secret);
- // t3 = t1^t2 = g^{-xb * xd * s}
- BN_mod_exp(t3, t1, t2, params->p, params->ctx);
- // t1 = X * t3 = X/g^{xb * xd * s}
- BN_mod_mul(t1, us->p.s2.X, t3, params->p, params->ctx);
- // K = t1^{xb}
- us->key = BN_new();
- BN_mod_exp(us->key, t1, us->xb, params->p, params->ctx);
-
- // show
- showbn(" K", us->key);
-
- // cleanup
- BN_free(t3);
- BN_free(t2);
- BN_free(t1);
- }
-
-int main(int argc, char **argv)
- {
- JPakeParameters params;
- JPakeUser alice, bob;
-
- alice.p.name = "Alice";
- alice.p.base = 1;
- bob.p.name = "Bob";
- bob.p.base = 3;
-
- JPakeParametersInit(¶ms);
-
- // Shared secret
- alice.secret = BN_new();
- BN_rand(alice.secret, 32, -1, 0);
- bob.secret = alice.secret;
- showbn("secret", alice.secret);
-
- assert(BN_cmp(alice.secret, params.q) < 0);
-
- // Alice's x1, x2
- genrand(&alice, ¶ms);
-
- // Bob's x3, x4
- genrand(&bob, ¶ms);
-
- // Now send stuff to each other...
- sendstep1(&alice, &bob.p, ¶ms);
- sendstep1(&bob, &alice.p, ¶ms);
-
- // And verify what each other sent
- if(!verifystep1(&alice, &bob.p, ¶ms))
- return 1;
- if(!verifystep1(&bob, &alice.p, ¶ms))
- return 2;
-
- // Second send
- sendstep2(&alice, &bob.p, ¶ms);
- sendstep2(&bob, &alice.p, ¶ms);
-
- // And second verify
- if(!verifystep2(&alice, &bob.p, ¶ms))
- return 3;
- if(!verifystep2(&bob, &alice.p, ¶ms))
- return 4;
-
- // Compute common key
- computekey(&alice, ¶ms);
- computekey(&bob, ¶ms);
-
- // Confirm the common key is identical
- // XXX: if the two secrets are not the same, everything works up
- // to this point, so the only way to detect a failure is by the
- // difference in the calculated keys.
- // Since we're all the same code, just compare them directly. In a
- // real system, Alice sends Bob H(H(K)), Bob checks it, then sends
- // back H(K), which Alice checks, or something equivalent.
- puts("\nAlice and Bob check keys are the same:");
- if(BN_cmp(alice.key, bob.key) == 0)
- puts(" OK");
- else
- {
- puts(" FAIL");
- return 5;
- }
-
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/demos/jpake/jpakedemo.c (from rev 6976, vendor-crypto/openssl/dist/demos/jpake/jpakedemo.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/jpake/jpakedemo.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/jpake/jpakedemo.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,470 @@
+#include "openssl/bn.h"
+#include "openssl/sha.h"
+#include <assert.h>
+#include <string.h>
+#include <stdlib.h>
+
+/* Copyright (C) 2008 Ben Laurie (ben at links.org) */
+
+/*
+ * Implement J-PAKE, as described in
+ * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf
+ *
+ * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java.
+ */
+
+static void showbn(const char *name, const BIGNUM *bn)
+{
+ fputs(name, stdout);
+ fputs(" = ", stdout);
+ BN_print_fp(stdout, bn);
+ putc('\n', stdout);
+}
+
+typedef struct {
+ BN_CTX *ctx; // Perhaps not the best place for this?
+ BIGNUM *p;
+ BIGNUM *q;
+ BIGNUM *g;
+} JPakeParameters;
+
+static void JPakeParametersInit(JPakeParameters * params)
+{
+ params->ctx = BN_CTX_new();
+
+ // For now use p, q, g from Java sample code. Later, generate them.
+ params->p = NULL;
+ BN_hex2bn(¶ms->p,
+ "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7");
+ params->q = NULL;
+ BN_hex2bn(¶ms->q, "9760508f15230bccb292b982a2eb840bf0581cf5");
+ params->g = NULL;
+ BN_hex2bn(¶ms->g,
+ "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a");
+
+ showbn("p", params->p);
+ showbn("q", params->q);
+ showbn("g", params->g);
+}
+
+typedef struct {
+ BIGNUM *gr; // g^r (r random)
+ BIGNUM *b; // b = r - x*h, h=hash(g, g^r, g^x, name)
+} JPakeZKP;
+
+typedef struct {
+ BIGNUM *gx; // g^x
+ JPakeZKP zkpx; // ZKP(x)
+} JPakeStep1;
+
+typedef struct {
+ BIGNUM *X; // g^(xa + xc + xd) * xb * s
+ JPakeZKP zkpxbs; // ZKP(xb * s)
+} JPakeStep2;
+
+typedef struct {
+ const char *name; // Must be unique
+ int base; // 1 for Alice, 3 for Bob. Only used for
+ // printing stuff.
+ JPakeStep1 s1c; // Alice's g^x3, ZKP(x3) or Bob's g^x1,
+ // ZKP(x1)
+ JPakeStep1 s1d; // Alice's g^x4, ZKP(x4) or Bob's g^x2,
+ // ZKP(x2)
+ JPakeStep2 s2; // Alice's A, ZKP(x2 * s) or Bob's B, ZKP(x4
+ // * s)
+} JPakeUserPublic;
+
+/*
+ * The user structure. In the definition, (xa, xb, xc, xd) are Alice's
+ * (x1, x2, x3, x4) or Bob's (x3, x4, x1, x2). If you see what I mean.
+ */
+typedef struct {
+ JPakeUserPublic p;
+ BIGNUM *secret; // The shared secret
+ BIGNUM *key; // The calculated (shared) key
+ BIGNUM *xa; // Alice's x1 or Bob's x3
+ BIGNUM *xb; // Alice's x2 or Bob's x4
+} JPakeUser;
+
+// Generate each party's random numbers. xa is in [0, q), xb is in [1, q).
+static void genrand(JPakeUser * user, const JPakeParameters * params)
+{
+ BIGNUM *qm1;
+
+ // xa in [0, q)
+ user->xa = BN_new();
+ BN_rand_range(user->xa, params->q);
+
+ // q-1
+ qm1 = BN_new();
+ BN_copy(qm1, params->q);
+ BN_sub_word(qm1, 1);
+
+ // ... and xb in [0, q-1)
+ user->xb = BN_new();
+ BN_rand_range(user->xb, qm1);
+ // [1, q)
+ BN_add_word(user->xb, 1);
+
+ // cleanup
+ BN_free(qm1);
+
+ // Show
+ printf("x%d", user->p.base);
+ showbn("", user->xa);
+ printf("x%d", user->p.base + 1);
+ showbn("", user->xb);
+}
+
+static void hashlength(SHA_CTX *sha, size_t l)
+{
+ unsigned char b[2];
+
+ assert(l <= 0xffff);
+ b[0] = l >> 8;
+ b[1] = l & 0xff;
+ SHA1_Update(sha, b, 2);
+}
+
+static void hashstring(SHA_CTX *sha, const char *string)
+{
+ size_t l = strlen(string);
+
+ hashlength(sha, l);
+ SHA1_Update(sha, string, l);
+}
+
+static void hashbn(SHA_CTX *sha, const BIGNUM *bn)
+{
+ size_t l = BN_num_bytes(bn);
+ unsigned char *bin = alloca(l);
+
+ hashlength(sha, l);
+ BN_bn2bin(bn, bin);
+ SHA1_Update(sha, bin, l);
+}
+
+// h=hash(g, g^r, g^x, name)
+static void zkpHash(BIGNUM *h, const JPakeZKP * zkp, const BIGNUM *gx,
+ const JPakeUserPublic * from,
+ const JPakeParameters * params)
+{
+ unsigned char md[SHA_DIGEST_LENGTH];
+ SHA_CTX sha;
+
+ // XXX: hash should not allow moving of the boundaries - Java code
+ // is flawed in this respect. Length encoding seems simplest.
+ SHA1_Init(&sha);
+ hashbn(&sha, params->g);
+ hashbn(&sha, zkp->gr);
+ hashbn(&sha, gx);
+ hashstring(&sha, from->name);
+ SHA1_Final(md, &sha);
+ BN_bin2bn(md, SHA_DIGEST_LENGTH, h);
+}
+
+// Prove knowledge of x
+// Note that we don't send g^x because, as it happens, we've always
+// sent it elsewhere. Also note that because of that, we could avoid
+// calculating it here, but we don't, for clarity...
+static void CreateZKP(JPakeZKP * zkp, const BIGNUM *x, const JPakeUser * us,
+ const BIGNUM *zkpg, const JPakeParameters * params,
+ int n, const char *suffix)
+{
+ BIGNUM *r = BN_new();
+ BIGNUM *gx = BN_new();
+ BIGNUM *h = BN_new();
+ BIGNUM *t = BN_new();
+
+ // r in [0,q)
+ // XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform
+ BN_rand_range(r, params->q);
+ // g^r
+ zkp->gr = BN_new();
+ BN_mod_exp(zkp->gr, zkpg, r, params->p, params->ctx);
+ // g^x
+ BN_mod_exp(gx, zkpg, x, params->p, params->ctx);
+
+ // h=hash...
+ zkpHash(h, zkp, gx, &us->p, params);
+
+ // b = r - x*h
+ BN_mod_mul(t, x, h, params->q, params->ctx);
+ zkp->b = BN_new();
+ BN_mod_sub(zkp->b, r, t, params->q, params->ctx);
+
+ // show
+ printf(" ZKP(x%d%s)\n", n, suffix);
+ showbn(" zkpg", zkpg);
+ showbn(" g^x", gx);
+ showbn(" g^r", zkp->gr);
+ showbn(" b", zkp->b);
+
+ // cleanup
+ BN_free(t);
+ BN_free(h);
+ BN_free(gx);
+ BN_free(r);
+}
+
+static int VerifyZKP(const JPakeZKP * zkp, BIGNUM *gx,
+ const JPakeUserPublic * them, const BIGNUM *zkpg,
+ const JPakeParameters * params, int n,
+ const char *suffix)
+{
+ BIGNUM *h = BN_new();
+ BIGNUM *t1 = BN_new();
+ BIGNUM *t2 = BN_new();
+ BIGNUM *t3 = BN_new();
+ int ret = 0;
+
+ zkpHash(h, zkp, gx, them, params);
+
+ // t1 = g^b
+ BN_mod_exp(t1, zkpg, zkp->b, params->p, params->ctx);
+ // t2 = (g^x)^h = g^{hx}
+ BN_mod_exp(t2, gx, h, params->p, params->ctx);
+ // t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly)
+ BN_mod_mul(t3, t1, t2, params->p, params->ctx);
+
+ printf(" ZKP(x%d%s)\n", n, suffix);
+ showbn(" zkpg", zkpg);
+ showbn(" g^r'", t3);
+
+ // verify t3 == g^r
+ if (BN_cmp(t3, zkp->gr) == 0)
+ ret = 1;
+
+ // cleanup
+ BN_free(t3);
+ BN_free(t2);
+ BN_free(t1);
+ BN_free(h);
+
+ if (ret)
+ puts(" OK");
+ else
+ puts(" FAIL");
+
+ return ret;
+}
+
+static void sendstep1_substep(JPakeStep1 * s1, const BIGNUM *x,
+ const JPakeUser * us,
+ const JPakeParameters * params, int n)
+{
+ s1->gx = BN_new();
+ BN_mod_exp(s1->gx, params->g, x, params->p, params->ctx);
+ printf(" g^{x%d}", n);
+ showbn("", s1->gx);
+
+ CreateZKP(&s1->zkpx, x, us, params->g, params, n, "");
+}
+
+static void sendstep1(const JPakeUser * us, JPakeUserPublic * them,
+ const JPakeParameters * params)
+{
+ printf("\n%s sends %s:\n\n", us->p.name, them->name);
+
+ // from's g^xa (which becomes to's g^xc) and ZKP(xa)
+ sendstep1_substep(&them->s1c, us->xa, us, params, us->p.base);
+ // from's g^xb (which becomes to's g^xd) and ZKP(xb)
+ sendstep1_substep(&them->s1d, us->xb, us, params, us->p.base + 1);
+}
+
+static int verifystep1(const JPakeUser * us, const JPakeUserPublic * them,
+ const JPakeParameters * params)
+{
+ printf("\n%s verifies %s:\n\n", us->p.name, them->name);
+
+ // verify their ZKP(xc)
+ if (!VerifyZKP(&us->p.s1c.zkpx, us->p.s1c.gx, them, params->g, params,
+ them->base, ""))
+ return 0;
+
+ // verify their ZKP(xd)
+ if (!VerifyZKP(&us->p.s1d.zkpx, us->p.s1d.gx, them, params->g, params,
+ them->base + 1, ""))
+ return 0;
+
+ // g^xd != 1
+ printf(" g^{x%d} != 1: ", them->base + 1);
+ if (BN_is_one(us->p.s1d.gx)) {
+ puts("FAIL");
+ return 0;
+ }
+ puts("OK");
+
+ return 1;
+}
+
+static void sendstep2(const JPakeUser * us, JPakeUserPublic * them,
+ const JPakeParameters * params)
+{
+ BIGNUM *t1 = BN_new();
+ BIGNUM *t2 = BN_new();
+
+ printf("\n%s sends %s:\n\n", us->p.name, them->name);
+
+ // X = g^{(xa + xc + xd) * xb * s}
+ // t1 = g^xa
+ BN_mod_exp(t1, params->g, us->xa, params->p, params->ctx);
+ // t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc}
+ BN_mod_mul(t2, t1, us->p.s1c.gx, params->p, params->ctx);
+ // t1 = t2 * g^{xd} = g^{xa + xc + xd}
+ BN_mod_mul(t1, t2, us->p.s1d.gx, params->p, params->ctx);
+ // t2 = xb * s
+ BN_mod_mul(t2, us->xb, us->secret, params->q, params->ctx);
+ // X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s}
+ them->s2.X = BN_new();
+ BN_mod_exp(them->s2.X, t1, t2, params->p, params->ctx);
+
+ // Show
+ printf(" g^{(x%d + x%d + x%d) * x%d * s)", us->p.base, them->base,
+ them->base + 1, us->p.base + 1);
+ showbn("", them->s2.X);
+
+ // ZKP(xb * s)
+ // XXX: this is kinda funky, because we're using
+ //
+ // g' = g^{xa + xc + xd}
+ //
+ // as the generator, which means X is g'^{xb * s}
+ CreateZKP(&them->s2.zkpxbs, t2, us, t1, params, us->p.base + 1, " * s");
+
+ // cleanup
+ BN_free(t1);
+ BN_free(t2);
+}
+
+static int verifystep2(const JPakeUser * us, const JPakeUserPublic * them,
+ const JPakeParameters * params)
+{
+ BIGNUM *t1 = BN_new();
+ BIGNUM *t2 = BN_new();
+ int ret = 0;
+
+ printf("\n%s verifies %s:\n\n", us->p.name, them->name);
+
+ // g' = g^{xc + xa + xb} [from our POV]
+ // t1 = xa + xb
+ BN_mod_add(t1, us->xa, us->xb, params->q, params->ctx);
+ // t2 = g^{t1} = g^{xa+xb}
+ BN_mod_exp(t2, params->g, t1, params->p, params->ctx);
+ // t1 = g^{xc} * t2 = g^{xc + xa + xb}
+ BN_mod_mul(t1, us->p.s1c.gx, t2, params->p, params->ctx);
+
+ if (VerifyZKP
+ (&us->p.s2.zkpxbs, us->p.s2.X, them, t1, params, them->base + 1,
+ " * s"))
+ ret = 1;
+
+ // cleanup
+ BN_free(t2);
+ BN_free(t1);
+
+ return ret;
+}
+
+static void computekey(JPakeUser * us, const JPakeParameters * params)
+{
+ BIGNUM *t1 = BN_new();
+ BIGNUM *t2 = BN_new();
+ BIGNUM *t3 = BN_new();
+
+ printf("\n%s calculates the shared key:\n\n", us->p.name);
+
+ // K = (X/g^{xb * xd * s})^{xb}
+ // = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb}
+ // = (g^{(xa + xc) * xd * s})^{xb}
+ // = g^{(xa + xc) * xb * xd * s}
+ // [which is the same regardless of who calculates it]
+
+ // t1 = (g^{xd})^{xb} = g^{xb * xd}
+ BN_mod_exp(t1, us->p.s1d.gx, us->xb, params->p, params->ctx);
+ // t2 = -s = q-s
+ BN_sub(t2, params->q, us->secret);
+ // t3 = t1^t2 = g^{-xb * xd * s}
+ BN_mod_exp(t3, t1, t2, params->p, params->ctx);
+ // t1 = X * t3 = X/g^{xb * xd * s}
+ BN_mod_mul(t1, us->p.s2.X, t3, params->p, params->ctx);
+ // K = t1^{xb}
+ us->key = BN_new();
+ BN_mod_exp(us->key, t1, us->xb, params->p, params->ctx);
+
+ // show
+ showbn(" K", us->key);
+
+ // cleanup
+ BN_free(t3);
+ BN_free(t2);
+ BN_free(t1);
+}
+
+int main(int argc, char **argv)
+{
+ JPakeParameters params;
+ JPakeUser alice, bob;
+
+ alice.p.name = "Alice";
+ alice.p.base = 1;
+ bob.p.name = "Bob";
+ bob.p.base = 3;
+
+ JPakeParametersInit(¶ms);
+
+ // Shared secret
+ alice.secret = BN_new();
+ BN_rand(alice.secret, 32, -1, 0);
+ bob.secret = alice.secret;
+ showbn("secret", alice.secret);
+
+ assert(BN_cmp(alice.secret, params.q) < 0);
+
+ // Alice's x1, x2
+ genrand(&alice, ¶ms);
+
+ // Bob's x3, x4
+ genrand(&bob, ¶ms);
+
+ // Now send stuff to each other...
+ sendstep1(&alice, &bob.p, ¶ms);
+ sendstep1(&bob, &alice.p, ¶ms);
+
+ // And verify what each other sent
+ if (!verifystep1(&alice, &bob.p, ¶ms))
+ return 1;
+ if (!verifystep1(&bob, &alice.p, ¶ms))
+ return 2;
+
+ // Second send
+ sendstep2(&alice, &bob.p, ¶ms);
+ sendstep2(&bob, &alice.p, ¶ms);
+
+ // And second verify
+ if (!verifystep2(&alice, &bob.p, ¶ms))
+ return 3;
+ if (!verifystep2(&bob, &alice.p, ¶ms))
+ return 4;
+
+ // Compute common key
+ computekey(&alice, ¶ms);
+ computekey(&bob, ¶ms);
+
+ // Confirm the common key is identical
+ // XXX: if the two secrets are not the same, everything works up
+ // to this point, so the only way to detect a failure is by the
+ // difference in the calculated keys.
+ // Since we're all the same code, just compare them directly. In a
+ // real system, Alice sends Bob H(H(K)), Bob checks it, then sends
+ // back H(K), which Alice checks, or something equivalent.
+ puts("\nAlice and Bob check keys are the same:");
+ if (BN_cmp(alice.key, bob.key) == 0)
+ puts(" OK");
+ else {
+ puts(" FAIL");
+ return 5;
+ }
+
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkread.c
===================================================================
--- vendor-crypto/openssl/dist/demos/pkcs12/pkread.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkread.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,61 +0,0 @@
-/* pkread.c */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/pkcs12.h>
-
-/* Simple PKCS#12 file reader */
-
-int main(int argc, char **argv)
-{
- FILE *fp;
- EVP_PKEY *pkey;
- X509 *cert;
- STACK_OF(X509) *ca = NULL;
- PKCS12 *p12;
- int i;
- if (argc != 4) {
- fprintf(stderr, "Usage: pkread p12file password opfile\n");
- exit (1);
- }
- SSLeay_add_all_algorithms();
- ERR_load_crypto_strings();
- if (!(fp = fopen(argv[1], "rb"))) {
- fprintf(stderr, "Error opening file %s\n", argv[1]);
- exit(1);
- }
- p12 = d2i_PKCS12_fp(fp, NULL);
- fclose (fp);
- if (!p12) {
- fprintf(stderr, "Error reading PKCS#12 file\n");
- ERR_print_errors_fp(stderr);
- exit (1);
- }
- if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
- fprintf(stderr, "Error parsing PKCS#12 file\n");
- ERR_print_errors_fp(stderr);
- exit (1);
- }
- PKCS12_free(p12);
- if (!(fp = fopen(argv[3], "w"))) {
- fprintf(stderr, "Error opening file %s\n", argv[1]);
- exit(1);
- }
- if (pkey) {
- fprintf(fp, "***Private Key***\n");
- PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
- }
- if (cert) {
- fprintf(fp, "***User Certificate***\n");
- PEM_write_X509_AUX(fp, cert);
- }
- if (ca && sk_num(ca)) {
- fprintf(fp, "***Other Certificates***\n");
- for (i = 0; i < sk_X509_num(ca); i++)
- PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
- }
- fclose(fp);
- return 0;
-}
Copied: vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkread.c (from rev 6976, vendor-crypto/openssl/dist/demos/pkcs12/pkread.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkread.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkread.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,61 @@
+/* pkread.c */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* Simple PKCS#12 file reader */
+
+int main(int argc, char **argv)
+{
+ FILE *fp;
+ EVP_PKEY *pkey;
+ X509 *cert;
+ STACK_OF(X509) *ca = NULL;
+ PKCS12 *p12;
+ int i;
+ if (argc != 4) {
+ fprintf(stderr, "Usage: pkread p12file password opfile\n");
+ exit(1);
+ }
+ SSLeay_add_all_algorithms();
+ ERR_load_crypto_strings();
+ if (!(fp = fopen(argv[1], "rb"))) {
+ fprintf(stderr, "Error opening file %s\n", argv[1]);
+ exit(1);
+ }
+ p12 = d2i_PKCS12_fp(fp, NULL);
+ fclose(fp);
+ if (!p12) {
+ fprintf(stderr, "Error reading PKCS#12 file\n");
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
+ fprintf(stderr, "Error parsing PKCS#12 file\n");
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ PKCS12_free(p12);
+ if (!(fp = fopen(argv[3], "w"))) {
+ fprintf(stderr, "Error opening file %s\n", argv[1]);
+ exit(1);
+ }
+ if (pkey) {
+ fprintf(fp, "***Private Key***\n");
+ PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
+ }
+ if (cert) {
+ fprintf(fp, "***User Certificate***\n");
+ PEM_write_X509_AUX(fp, cert);
+ }
+ if (ca && sk_num(ca)) {
+ fprintf(fp, "***Other Certificates***\n");
+ for (i = 0; i < sk_X509_num(ca); i++)
+ PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
+ }
+ fclose(fp);
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkwrite.c
===================================================================
--- vendor-crypto/openssl/dist/demos/pkcs12/pkwrite.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkwrite.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,46 +0,0 @@
-/* pkwrite.c */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/pkcs12.h>
-
-/* Simple PKCS#12 file creator */
-
-int main(int argc, char **argv)
-{
- FILE *fp;
- EVP_PKEY *pkey;
- X509 *cert;
- PKCS12 *p12;
- if (argc != 5) {
- fprintf(stderr, "Usage: pkwrite infile password name p12file\n");
- exit(1);
- }
- SSLeay_add_all_algorithms();
- ERR_load_crypto_strings();
- if (!(fp = fopen(argv[1], "r"))) {
- fprintf(stderr, "Error opening file %s\n", argv[1]);
- exit(1);
- }
- cert = PEM_read_X509(fp, NULL, NULL, NULL);
- rewind(fp);
- pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
- fclose(fp);
- p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0,0,0,0,0);
- if(!p12) {
- fprintf(stderr, "Error creating PKCS#12 structure\n");
- ERR_print_errors_fp(stderr);
- exit(1);
- }
- if (!(fp = fopen(argv[4], "wb"))) {
- fprintf(stderr, "Error opening file %s\n", argv[1]);
- ERR_print_errors_fp(stderr);
- exit(1);
- }
- i2d_PKCS12_fp(fp, p12);
- PKCS12_free(p12);
- fclose(fp);
- return 0;
-}
Copied: vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkwrite.c (from rev 6976, vendor-crypto/openssl/dist/demos/pkcs12/pkwrite.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkwrite.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/pkcs12/pkwrite.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,46 @@
+/* pkwrite.c */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* Simple PKCS#12 file creator */
+
+int main(int argc, char **argv)
+{
+ FILE *fp;
+ EVP_PKEY *pkey;
+ X509 *cert;
+ PKCS12 *p12;
+ if (argc != 5) {
+ fprintf(stderr, "Usage: pkwrite infile password name p12file\n");
+ exit(1);
+ }
+ SSLeay_add_all_algorithms();
+ ERR_load_crypto_strings();
+ if (!(fp = fopen(argv[1], "r"))) {
+ fprintf(stderr, "Error opening file %s\n", argv[1]);
+ exit(1);
+ }
+ cert = PEM_read_X509(fp, NULL, NULL, NULL);
+ rewind(fp);
+ pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
+ fclose(fp);
+ p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0, 0, 0, 0, 0);
+ if (!p12) {
+ fprintf(stderr, "Error creating PKCS#12 structure\n");
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ if (!(fp = fopen(argv[4], "wb"))) {
+ fprintf(stderr, "Error opening file %s\n", argv[1]);
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ i2d_PKCS12_fp(fp, p12);
+ PKCS12_free(p12);
+ fclose(fp);
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/prime/prime.c
===================================================================
--- vendor-crypto/openssl/dist/demos/prime/prime.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/prime/prime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,101 +0,0 @@
-/* demos/prime/prime.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/bn.h>
-
-void callback(type,num)
-int type,num;
- {
- if (type == 0)
- fprintf(stderr,".");
- else if (type == 1)
- fprintf(stderr,"+");
- else if (type == 2)
- fprintf(stderr,"*");
- fflush(stderr);
- }
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- BIGNUM *rand;
- int num=256;
-
- /* we should really call RAND_seed(char *bytes,int num);
- * to fully initalise the random number generator */
- if (argc >= 2)
- {
- num=atoi(argv[1]);
- if (num == 0) num=256;
- }
-
- fprintf(stderr,"generate a strong prime\n");
- rand=BN_generate_prime(NULL,num,1,NULL,NULL,callback,NULL);
- /* change the third parameter to 1 for a strong prime */
- fprintf(stderr,"\n");
-
- BN_print_fp(stdout,rand);
- fprintf(stdout,"\n");
- BN_free(rand);
- exit(0);
- return(0);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/prime/prime.c (from rev 6976, vendor-crypto/openssl/dist/demos/prime/prime.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/prime/prime.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/prime/prime.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,102 @@
+/* demos/prime/prime.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bn.h>
+
+void callback(type, num)
+int type, num;
+{
+ if (type == 0)
+ fprintf(stderr, ".");
+ else if (type == 1)
+ fprintf(stderr, "+");
+ else if (type == 2)
+ fprintf(stderr, "*");
+ fflush(stderr);
+}
+
+int main(argc, argv)
+int argc;
+char *argv[];
+{
+ BIGNUM *rand;
+ int num = 256;
+
+ /*
+ * we should really call RAND_seed(char *bytes,int num); to fully
+ * initalise the random number generator
+ */
+ if (argc >= 2) {
+ num = atoi(argv[1]);
+ if (num == 0)
+ num = 256;
+ }
+
+ fprintf(stderr, "generate a strong prime\n");
+ rand = BN_generate_prime(NULL, num, 1, NULL, NULL, callback, NULL);
+ /* change the third parameter to 1 for a strong prime */
+ fprintf(stderr, "\n");
+
+ BN_print_fp(stdout, rand);
+ fprintf(stdout, "\n");
+ BN_free(rand);
+ exit(0);
+ return (0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/selfsign.c
===================================================================
--- vendor-crypto/openssl/dist/demos/selfsign.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/selfsign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,180 +0,0 @@
-/* NOCW */
-/* cc -o ssdemo -I../include selfsign.c ../libcrypto.a */
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <openssl/pem.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
-
-int main()
- {
- BIO *bio_err;
- X509 *x509=NULL;
- EVP_PKEY *pkey=NULL;
-
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
-
- mkit(&x509,&pkey,512,0,365);
-
- RSA_print_fp(stdout,pkey->pkey.rsa,0);
- X509_print_fp(stdout,x509);
-
- PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
- PEM_write_X509(stdout,x509);
-
- X509_free(x509);
- EVP_PKEY_free(pkey);
-
-#ifdef CUSTOM_EXT
- /* Only needed if we add objects or custom extensions */
- X509V3_EXT_cleanup();
- OBJ_cleanup();
-#endif
-
- CRYPTO_mem_leaks(bio_err);
- BIO_free(bio_err);
- return(0);
- }
-
-#ifdef WIN16
-# define MS_CALLBACK _far _loadds
-# define MS_FAR _far
-#else
-# define MS_CALLBACK
-# define MS_FAR
-#endif
-
-static void MS_CALLBACK callback(p, n, arg)
-int p;
-int n;
-void *arg;
- {
- char c='B';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- fputc(c,stderr);
- }
-
-int mkit(x509p,pkeyp,bits,serial,days)
-X509 **x509p;
-EVP_PKEY **pkeyp;
-int bits;
-int serial;
-int days;
- {
- X509 *x;
- EVP_PKEY *pk;
- RSA *rsa;
- X509_NAME *name=NULL;
- X509_NAME_ENTRY *ne=NULL;
- X509_EXTENSION *ex=NULL;
-
-
- if ((pkeyp == NULL) || (*pkeyp == NULL))
- {
- if ((pk=EVP_PKEY_new()) == NULL)
- {
- abort();
- return(0);
- }
- }
- else
- pk= *pkeyp;
-
- if ((x509p == NULL) || (*x509p == NULL))
- {
- if ((x=X509_new()) == NULL)
- goto err;
- }
- else
- x= *x509p;
-
- rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
- if (!EVP_PKEY_assign_RSA(pk,rsa))
- {
- abort();
- goto err;
- }
- rsa=NULL;
-
- X509_set_version(x,3);
- ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
- X509_gmtime_adj(X509_get_notBefore(x),0);
- X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
- X509_set_pubkey(x,pk);
-
- name=X509_get_subject_name(x);
-
- /* This function creates and adds the entry, working out the
- * correct string type and performing checks on its length.
- * Normally we'd check the return value for errors...
- */
- X509_NAME_add_entry_by_txt(name,"C",
- MBSTRING_ASC, "UK", -1, -1, 0);
- X509_NAME_add_entry_by_txt(name,"CN",
- MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
-
- X509_set_issuer_name(x,name);
-
- /* Add extension using V3 code: we can set the config file as NULL
- * because we wont reference any other sections. We can also set
- * the context to NULL because none of these extensions below will need
- * to access it.
- */
-
- ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
- X509_add_ext(x,ex,-1);
- X509_EXTENSION_free(ex);
-
- ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
- "example comment extension");
- X509_add_ext(x,ex,-1);
- X509_EXTENSION_free(ex);
-
- ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
- "www.openssl.org");
-
- X509_add_ext(x,ex,-1);
- X509_EXTENSION_free(ex);
-
-#if 0
- /* might want something like this too.... */
- ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
- "critical,CA:TRUE");
-
-
- X509_add_ext(x,ex,-1);
- X509_EXTENSION_free(ex);
-#endif
-
-#ifdef CUSTOM_EXT
- /* Maybe even add our own extension based on existing */
- {
- int nid;
- nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
- X509V3_EXT_add_alias(nid, NID_netscape_comment);
- ex = X509V3_EXT_conf_nid(NULL, NULL, nid,
- "example comment alias");
- X509_add_ext(x,ex,-1);
- X509_EXTENSION_free(ex);
- }
-#endif
-
- if (!X509_sign(x,pk,EVP_md5()))
- goto err;
-
- *x509p=x;
- *pkeyp=pk;
- return(1);
-err:
- return(0);
- }
Copied: vendor-crypto/openssl/0.9.8zf/demos/selfsign.c (from rev 6976, vendor-crypto/openssl/dist/demos/selfsign.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/selfsign.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/selfsign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,176 @@
+/* NOCW */
+/* cc -o ssdemo -I../include selfsign.c ../libcrypto.a */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+
+int main()
+{
+ BIO *bio_err;
+ X509 *x509 = NULL;
+ EVP_PKEY *pkey = NULL;
+
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ mkit(&x509, &pkey, 512, 0, 365);
+
+ RSA_print_fp(stdout, pkey->pkey.rsa, 0);
+ X509_print_fp(stdout, x509);
+
+ PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
+ PEM_write_X509(stdout, x509);
+
+ X509_free(x509);
+ EVP_PKEY_free(pkey);
+
+#ifdef CUSTOM_EXT
+ /* Only needed if we add objects or custom extensions */
+ X509V3_EXT_cleanup();
+ OBJ_cleanup();
+#endif
+
+ CRYPTO_mem_leaks(bio_err);
+ BIO_free(bio_err);
+ return (0);
+}
+
+#ifdef WIN16
+# define MS_CALLBACK _far _loadds
+# define MS_FAR _far
+#else
+# define MS_CALLBACK
+# define MS_FAR
+#endif
+
+static void MS_CALLBACK callback(p, n, arg)
+int p;
+int n;
+void *arg;
+{
+ char c = 'B';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ fputc(c, stderr);
+}
+
+int mkit(x509p, pkeyp, bits, serial, days)
+X509 **x509p;
+EVP_PKEY **pkeyp;
+int bits;
+int serial;
+int days;
+{
+ X509 *x;
+ EVP_PKEY *pk;
+ RSA *rsa;
+ X509_NAME *name = NULL;
+ X509_NAME_ENTRY *ne = NULL;
+ X509_EXTENSION *ex = NULL;
+
+ if ((pkeyp == NULL) || (*pkeyp == NULL)) {
+ if ((pk = EVP_PKEY_new()) == NULL) {
+ abort();
+ return (0);
+ }
+ } else
+ pk = *pkeyp;
+
+ if ((x509p == NULL) || (*x509p == NULL)) {
+ if ((x = X509_new()) == NULL)
+ goto err;
+ } else
+ x = *x509p;
+
+ rsa = RSA_generate_key(bits, RSA_F4, callback, NULL);
+ if (!EVP_PKEY_assign_RSA(pk, rsa)) {
+ abort();
+ goto err;
+ }
+ rsa = NULL;
+
+ X509_set_version(x, 3);
+ ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
+ X509_gmtime_adj(X509_get_notBefore(x), 0);
+ X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days);
+ X509_set_pubkey(x, pk);
+
+ name = X509_get_subject_name(x);
+
+ /*
+ * This function creates and adds the entry, working out the correct
+ * string type and performing checks on its length. Normally we'd check
+ * the return value for errors...
+ */
+ X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "UK", -1, -1, 0);
+ X509_NAME_add_entry_by_txt(name, "CN",
+ MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
+
+ X509_set_issuer_name(x, name);
+
+ /*
+ * Add extension using V3 code: we can set the config file as NULL
+ * because we wont reference any other sections. We can also set the
+ * context to NULL because none of these extensions below will need to
+ * access it.
+ */
+
+ ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
+ X509_add_ext(x, ex, -1);
+ X509_EXTENSION_free(ex);
+
+ ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
+ "example comment extension");
+ X509_add_ext(x, ex, -1);
+ X509_EXTENSION_free(ex);
+
+ ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
+ "www.openssl.org");
+
+ X509_add_ext(x, ex, -1);
+ X509_EXTENSION_free(ex);
+
+#if 0
+ /* might want something like this too.... */
+ ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
+ "critical,CA:TRUE");
+
+ X509_add_ext(x, ex, -1);
+ X509_EXTENSION_free(ex);
+#endif
+
+#ifdef CUSTOM_EXT
+ /* Maybe even add our own extension based on existing */
+ {
+ int nid;
+ nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
+ X509V3_EXT_add_alias(nid, NID_netscape_comment);
+ ex = X509V3_EXT_conf_nid(NULL, NULL, nid, "example comment alias");
+ X509_add_ext(x, ex, -1);
+ X509_EXTENSION_free(ex);
+ }
+#endif
+
+ if (!X509_sign(x, pk, EVP_md5()))
+ goto err;
+
+ *x509p = x;
+ *pkeyp = pk;
+ return (1);
+ err:
+ return (0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/sign/sign.c
===================================================================
--- vendor-crypto/openssl/dist/demos/sign/sign.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/sign/sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,153 +0,0 @@
-/* demos/sign/sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
- 29.9.1996, Sampo Kellomaki <sampo at iki.fi> */
-
-/* converted to C - eay :-) */
-
-/* reformated a bit and converted to use the more common functions: this was
- * initially written at the dawn of time :-) - Steve.
- */
-
-#include <stdio.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-
-int main ()
-{
- int err;
- int sig_len;
- unsigned char sig_buf [4096];
- static char certfile[] = "cert.pem";
- static char keyfile[] = "key.pem";
- static char data[] = "I owe you...";
- EVP_MD_CTX md_ctx;
- EVP_PKEY * pkey;
- FILE * fp;
- X509 * x509;
-
- /* Just load the crypto library error strings,
- * SSL_load_error_strings() loads the crypto AND the SSL ones */
- /* SSL_load_error_strings();*/
- ERR_load_crypto_strings();
-
- /* Read private key */
-
- fp = fopen (keyfile, "r");
- if (fp == NULL) exit (1);
- pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
- fclose (fp);
-
- if (pkey == NULL) {
- ERR_print_errors_fp (stderr);
- exit (1);
- }
-
- /* Do the signature */
-
- EVP_SignInit (&md_ctx, EVP_sha1());
- EVP_SignUpdate (&md_ctx, data, strlen(data));
- sig_len = sizeof(sig_buf);
- err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey);
-
- if (err != 1) {
- ERR_print_errors_fp(stderr);
- exit (1);
- }
-
- EVP_PKEY_free (pkey);
-
- /* Read public key */
-
- fp = fopen (certfile, "r");
- if (fp == NULL) exit (1);
- x509 = PEM_read_X509(fp, NULL, NULL, NULL);
- fclose (fp);
-
- if (x509 == NULL) {
- ERR_print_errors_fp (stderr);
- exit (1);
- }
-
- /* Get public key - eay */
- pkey=X509_get_pubkey(x509);
- if (pkey == NULL) {
- ERR_print_errors_fp (stderr);
- exit (1);
- }
-
- /* Verify the signature */
-
- EVP_VerifyInit (&md_ctx, EVP_sha1());
- EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
- err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey);
- EVP_PKEY_free (pkey);
-
- if (err != 1) {
- ERR_print_errors_fp (stderr);
- exit (1);
- }
- printf ("Signature Verified Ok.\n");
- return(0);
-}
Copied: vendor-crypto/openssl/0.9.8zf/demos/sign/sign.c (from rev 6976, vendor-crypto/openssl/dist/demos/sign/sign.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/sign/sign.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/sign/sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,160 @@
+/* demos/sign/sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * sign-it.cpp - Simple test app using SSLeay envelopes to sign data
+ * 29.9.1996, Sampo Kellomaki <sampo at iki.fi>
+ */
+
+/* converted to C - eay :-) */
+
+/*
+ * reformated a bit and converted to use the more common functions: this was
+ * initially written at the dawn of time :-) - Steve.
+ */
+
+#include <stdio.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+
+int main()
+{
+ int err;
+ int sig_len;
+ unsigned char sig_buf[4096];
+ static char certfile[] = "cert.pem";
+ static char keyfile[] = "key.pem";
+ static char data[] = "I owe you...";
+ EVP_MD_CTX md_ctx;
+ EVP_PKEY *pkey;
+ FILE *fp;
+ X509 *x509;
+
+ /*
+ * Just load the crypto library error strings, SSL_load_error_strings()
+ * loads the crypto AND the SSL ones
+ */
+ /* SSL_load_error_strings(); */
+ ERR_load_crypto_strings();
+
+ /* Read private key */
+
+ fp = fopen(keyfile, "r");
+ if (fp == NULL)
+ exit(1);
+ pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
+ fclose(fp);
+
+ if (pkey == NULL) {
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+
+ /* Do the signature */
+
+ EVP_SignInit(&md_ctx, EVP_sha1());
+ EVP_SignUpdate(&md_ctx, data, strlen(data));
+ sig_len = sizeof(sig_buf);
+ err = EVP_SignFinal(&md_ctx, sig_buf, &sig_len, pkey);
+
+ if (err != 1) {
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+
+ EVP_PKEY_free(pkey);
+
+ /* Read public key */
+
+ fp = fopen(certfile, "r");
+ if (fp == NULL)
+ exit(1);
+ x509 = PEM_read_X509(fp, NULL, NULL, NULL);
+ fclose(fp);
+
+ if (x509 == NULL) {
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+
+ /* Get public key - eay */
+ pkey = X509_get_pubkey(x509);
+ if (pkey == NULL) {
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+
+ /* Verify the signature */
+
+ EVP_VerifyInit(&md_ctx, EVP_sha1());
+ EVP_VerifyUpdate(&md_ctx, data, strlen((char *)data));
+ err = EVP_VerifyFinal(&md_ctx, sig_buf, sig_len, pkey);
+ EVP_PKEY_free(pkey);
+
+ if (err != 1) {
+ ERR_print_errors_fp(stderr);
+ exit(1);
+ }
+ printf("Signature Verified Ok.\n");
+ return (0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/spkigen.c
===================================================================
--- vendor-crypto/openssl/dist/demos/spkigen.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/spkigen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,161 +0,0 @@
-/* NOCW */
-/* demos/spkigen.c
- * 18-Mar-1997 - eay - A quick hack :-)
- * version 1.1, it would probably help to save or load the
- * private key :-)
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/err.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-/* The following two don't exist in SSLeay but they are in here as
- * examples */
-#define PEM_write_SPKI(fp,x) \
- PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\
- (char *)x,NULL,NULL,0,NULL)
-int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
-
-/* These are defined in the next version of SSLeay */
-int EVP_PKEY_assign(EVP_PKEY *pkey, int type,char *key);
-#define RSA_F4 0x10001
-#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
- (char *)(rsa))
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- RSA *rsa=NULL;
- NETSCAPE_SPKI *spki=NULL;
- EVP_PKEY *pkey=NULL;
- char buf[128];
- int ok=0,i;
- FILE *fp;
-
- pkey=EVP_PKEY_new();
-
- if (argc < 2)
- {
- /* Generate an RSA key, the random state should have been seeded
- * with lots of calls to RAND_seed(....) */
- fprintf(stderr,"generating RSA key, could take some time...\n");
- if ((rsa=RSA_generate_key(512,RSA_F4,NULL)) == NULL) goto err;
- }
- else
- {
- if ((fp=fopen(argv[1],"r")) == NULL)
- { perror(argv[1]); goto err; }
- if ((rsa=PEM_read_RSAPrivateKey(fp,NULL,NULL)) == NULL)
- goto err;
- fclose(fp);
- }
-
- if (!EVP_PKEY_assign_RSA(pkey,rsa)) goto err;
- rsa=NULL;
-
- /* lets make the spki and set the public key and challenge */
- if ((spki=NETSCAPE_SPKI_new()) == NULL) goto err;
-
- if (!SPKI_set_pubkey(spki,pkey)) goto err;
-
- fprintf(stderr,"please enter challenge string:");
- fflush(stderr);
- buf[0]='\0';
- fgets(buf,sizeof buf,stdin);
- i=strlen(buf);
- if (i > 0) buf[--i]='\0';
- if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge,
- buf,i)) goto err;
-
- if (!NETSCAPE_SPKI_sign(spki,pkey,EVP_md5())) goto err;
- PEM_write_SPKI(stdout,spki);
- if (argc < 2)
- PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL);
-
- ok=1;
-err:
- if (!ok)
- {
- fprintf(stderr,"something bad happened....");
- ERR_print_errors_fp(stderr);
- }
- NETSCAPE_SPKI_free(spki);
- EVP_PKEY_free(pkey);
- exit(!ok);
- }
-
-/* This function is in the next version of SSLeay */
-int EVP_PKEY_assign(pkey,type,key)
-EVP_PKEY *pkey;
-int type;
-char *key;
- {
- if (pkey == NULL) return(0);
- if (pkey->pkey.ptr != NULL)
- {
- if (pkey->type == EVP_PKEY_RSA)
- RSA_free(pkey->pkey.rsa);
- /* else memory leak */
- }
- pkey->type=type;
- pkey->pkey.ptr=key;
- return(1);
- }
-
-/* While I have a
- * X509_set_pubkey() and X509_REQ_set_pubkey(), SPKI_set_pubkey() does
- * not currently exist so here is a version of it.
- * The next SSLeay release will probably have
- * X509_set_pubkey(),
- * X509_REQ_set_pubkey() and
- * NETSCAPE_SPKI_set_pubkey()
- * as macros calling the same function */
-int SPKI_set_pubkey(x,pkey)
-NETSCAPE_SPKI *x;
-EVP_PKEY *pkey;
- {
- int ok=0;
- X509_PUBKEY *pk;
- X509_ALGOR *a;
- ASN1_OBJECT *o;
- unsigned char *s,*p;
- int i;
-
- if (x == NULL) return(0);
-
- if ((pk=X509_PUBKEY_new()) == NULL) goto err;
- a=pk->algor;
-
- /* set the algorithm id */
- if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
- ASN1_OBJECT_free(a->algorithm);
- a->algorithm=o;
-
- /* Set the parameter list */
- if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL))
- {
- ASN1_TYPE_free(a->parameter);
- a->parameter=ASN1_TYPE_new();
- a->parameter->type=V_ASN1_NULL;
- }
- i=i2d_PublicKey(pkey,NULL);
- if ((s=(unsigned char *)malloc(i+1)) == NULL) goto err;
- p=s;
- i2d_PublicKey(pkey,&p);
- if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
- free(s);
-
- X509_PUBKEY_free(x->spkac->pubkey);
- x->spkac->pubkey=pk;
- pk=NULL;
- ok=1;
-err:
- if (pk != NULL) X509_PUBKEY_free(pk);
- return(ok);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/spkigen.c (from rev 6976, vendor-crypto/openssl/dist/demos/spkigen.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/spkigen.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/spkigen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,172 @@
+/* NOCW */
+/*-
+ * demos/spkigen.c
+ * 18-Mar-1997 - eay - A quick hack :-)
+ * version 1.1, it would probably help to save or load the
+ * private key :-)
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+/*
+ * The following two don't exist in SSLeay but they are in here as examples
+ */
+#define PEM_write_SPKI(fp,x) \
+ PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\
+ (char *)x,NULL,NULL,0,NULL)
+int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
+
+/* These are defined in the next version of SSLeay */
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key);
+#define RSA_F4 0x10001
+#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
+ (char *)(rsa))
+
+int main(argc, argv)
+int argc;
+char *argv[];
+{
+ RSA *rsa = NULL;
+ NETSCAPE_SPKI *spki = NULL;
+ EVP_PKEY *pkey = NULL;
+ char buf[128];
+ int ok = 0, i;
+ FILE *fp;
+
+ pkey = EVP_PKEY_new();
+
+ if (argc < 2) {
+ /*
+ * Generate an RSA key, the random state should have been seeded with
+ * lots of calls to RAND_seed(....)
+ */
+ fprintf(stderr, "generating RSA key, could take some time...\n");
+ if ((rsa = RSA_generate_key(512, RSA_F4, NULL)) == NULL)
+ goto err;
+ } else {
+ if ((fp = fopen(argv[1], "r")) == NULL) {
+ perror(argv[1]);
+ goto err;
+ }
+ if ((rsa = PEM_read_RSAPrivateKey(fp, NULL, NULL)) == NULL)
+ goto err;
+ fclose(fp);
+ }
+
+ if (!EVP_PKEY_assign_RSA(pkey, rsa))
+ goto err;
+ rsa = NULL;
+
+ /* lets make the spki and set the public key and challenge */
+ if ((spki = NETSCAPE_SPKI_new()) == NULL)
+ goto err;
+
+ if (!SPKI_set_pubkey(spki, pkey))
+ goto err;
+
+ fprintf(stderr, "please enter challenge string:");
+ fflush(stderr);
+ buf[0] = '\0';
+ fgets(buf, sizeof buf, stdin);
+ i = strlen(buf);
+ if (i > 0)
+ buf[--i] = '\0';
+ if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge, buf, i))
+ goto err;
+
+ if (!NETSCAPE_SPKI_sign(spki, pkey, EVP_md5()))
+ goto err;
+ PEM_write_SPKI(stdout, spki);
+ if (argc < 2)
+ PEM_write_RSAPrivateKey(stdout, pkey->pkey.rsa, NULL, NULL, 0, NULL);
+
+ ok = 1;
+ err:
+ if (!ok) {
+ fprintf(stderr, "something bad happened....");
+ ERR_print_errors_fp(stderr);
+ }
+ NETSCAPE_SPKI_free(spki);
+ EVP_PKEY_free(pkey);
+ exit(!ok);
+}
+
+/* This function is in the next version of SSLeay */
+int EVP_PKEY_assign(pkey, type, key)
+EVP_PKEY *pkey;
+int type;
+char *key;
+{
+ if (pkey == NULL)
+ return (0);
+ if (pkey->pkey.ptr != NULL) {
+ if (pkey->type == EVP_PKEY_RSA)
+ RSA_free(pkey->pkey.rsa);
+ /* else memory leak */
+ }
+ pkey->type = type;
+ pkey->pkey.ptr = key;
+ return (1);
+}
+
+/*
+ * While I have a X509_set_pubkey() and X509_REQ_set_pubkey(),
+ * SPKI_set_pubkey() does not currently exist so here is a version of it. The
+ * next SSLeay release will probably have X509_set_pubkey(),
+ * X509_REQ_set_pubkey() and NETSCAPE_SPKI_set_pubkey() as macros calling the
+ * same function
+ */
+int SPKI_set_pubkey(x, pkey)
+NETSCAPE_SPKI *x;
+EVP_PKEY *pkey;
+{
+ int ok = 0;
+ X509_PUBKEY *pk;
+ X509_ALGOR *a;
+ ASN1_OBJECT *o;
+ unsigned char *s, *p;
+ int i;
+
+ if (x == NULL)
+ return (0);
+
+ if ((pk = X509_PUBKEY_new()) == NULL)
+ goto err;
+ a = pk->algor;
+
+ /* set the algorithm id */
+ if ((o = OBJ_nid2obj(pkey->type)) == NULL)
+ goto err;
+ ASN1_OBJECT_free(a->algorithm);
+ a->algorithm = o;
+
+ /* Set the parameter list */
+ if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) {
+ ASN1_TYPE_free(a->parameter);
+ a->parameter = ASN1_TYPE_new();
+ a->parameter->type = V_ASN1_NULL;
+ }
+ i = i2d_PublicKey(pkey, NULL);
+ if ((s = (unsigned char *)malloc(i + 1)) == NULL)
+ goto err;
+ p = s;
+ i2d_PublicKey(pkey, &p);
+ if (!ASN1_BIT_STRING_set(pk->public_key, s, i))
+ goto err;
+ free(s);
+
+ X509_PUBKEY_free(x->spkac->pubkey);
+ x->spkac->pubkey = pk;
+ pk = NULL;
+ ok = 1;
+ err:
+ if (pk != NULL)
+ X509_PUBKEY_free(pk);
+ return (ok);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/state_machine/state_machine.c
===================================================================
--- vendor-crypto/openssl/dist/demos/state_machine/state_machine.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/state_machine/state_machine.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,416 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
- * Nuron, a leader in hardware encryption technology, generously
- * sponsored the development of this demo by Ben Laurie.
- *
- * See http://www.nuron.com/.
- */
-
-/*
- * the aim of this demo is to provide a fully working state-machine
- * style SSL implementation, i.e. one where the main loop acquires
- * some data, then converts it from or to SSL by feeding it into the
- * SSL state machine. It then does any I/O required by the state machine
- * and loops.
- *
- * In order to keep things as simple as possible, this implementation
- * listens on a TCP socket, which it expects to get an SSL connection
- * on (for example, from s_client) and from then on writes decrypted
- * data to stdout and encrypts anything arriving on stdin. Verbose
- * commentary is written to stderr.
- *
- * This implementation acts as a server, but it can also be done for a client. */
-
-#include <openssl/ssl.h>
-#include <assert.h>
-#include <unistd.h>
-#include <string.h>
-#include <openssl/err.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-
-/* die_unless is intended to work like assert, except that it happens
- always, even if NDEBUG is defined. Use assert as a stopgap. */
-
-#define die_unless(x) assert(x)
-
-typedef struct
- {
- SSL_CTX *pCtx;
- BIO *pbioRead;
- BIO *pbioWrite;
- SSL *pSSL;
- } SSLStateMachine;
-
-void SSLStateMachine_print_error(SSLStateMachine *pMachine,const char *szErr)
- {
- unsigned long l;
-
- fprintf(stderr,"%s\n",szErr);
- while((l=ERR_get_error()))
- {
- char buf[1024];
-
- ERR_error_string_n(l,buf,sizeof buf);
- fprintf(stderr,"Error %lx: %s\n",l,buf);
- }
- }
-
-SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile,
- const char *szKeyFile)
- {
- SSLStateMachine *pMachine=malloc(sizeof *pMachine);
- int n;
-
- die_unless(pMachine);
-
- pMachine->pCtx=SSL_CTX_new(SSLv23_server_method());
- die_unless(pMachine->pCtx);
-
- n=SSL_CTX_use_certificate_file(pMachine->pCtx,szCertificateFile,
- SSL_FILETYPE_PEM);
- die_unless(n > 0);
-
- n=SSL_CTX_use_PrivateKey_file(pMachine->pCtx,szKeyFile,SSL_FILETYPE_PEM);
- die_unless(n > 0);
-
- pMachine->pSSL=SSL_new(pMachine->pCtx);
- die_unless(pMachine->pSSL);
-
- pMachine->pbioRead=BIO_new(BIO_s_mem());
-
- pMachine->pbioWrite=BIO_new(BIO_s_mem());
-
- SSL_set_bio(pMachine->pSSL,pMachine->pbioRead,pMachine->pbioWrite);
-
- SSL_set_accept_state(pMachine->pSSL);
-
- return pMachine;
- }
-
-void SSLStateMachine_read_inject(SSLStateMachine *pMachine,
- const unsigned char *aucBuf,int nBuf)
- {
- int n=BIO_write(pMachine->pbioRead,aucBuf,nBuf);
- /* If it turns out this assert fails, then buffer the data here
- * and just feed it in in churn instead. Seems to me that it
- * should be guaranteed to succeed, though.
- */
- assert(n == nBuf);
- fprintf(stderr,"%d bytes of encrypted data fed to state machine\n",n);
- }
-
-int SSLStateMachine_read_extract(SSLStateMachine *pMachine,
- unsigned char *aucBuf,int nBuf)
- {
- int n;
-
- if(!SSL_is_init_finished(pMachine->pSSL))
- {
- fprintf(stderr,"Doing SSL_accept\n");
- n=SSL_accept(pMachine->pSSL);
- if(n == 0)
- fprintf(stderr,"SSL_accept returned zero\n");
- if(n < 0)
- {
- int err;
-
- if((err=SSL_get_error(pMachine->pSSL,n)) == SSL_ERROR_WANT_READ)
- {
- fprintf(stderr,"SSL_accept wants more data\n");
- return 0;
- }
-
- SSLStateMachine_print_error(pMachine,"SSL_accept error");
- exit(7);
- }
- return 0;
- }
-
- n=SSL_read(pMachine->pSSL,aucBuf,nBuf);
- if(n < 0)
- {
- int err=SSL_get_error(pMachine->pSSL,n);
-
- if(err == SSL_ERROR_WANT_READ)
- {
- fprintf(stderr,"SSL_read wants more data\n");
- return 0;
- }
-
- SSLStateMachine_print_error(pMachine,"SSL_read error");
- exit(8);
- }
-
- fprintf(stderr,"%d bytes of decrypted data read from state machine\n",n);
- return n;
- }
-
-int SSLStateMachine_write_can_extract(SSLStateMachine *pMachine)
- {
- int n=BIO_pending(pMachine->pbioWrite);
- if(n)
- fprintf(stderr,"There is encrypted data available to write\n");
- else
- fprintf(stderr,"There is no encrypted data available to write\n");
-
- return n;
- }
-
-int SSLStateMachine_write_extract(SSLStateMachine *pMachine,
- unsigned char *aucBuf,int nBuf)
- {
- int n;
-
- n=BIO_read(pMachine->pbioWrite,aucBuf,nBuf);
- fprintf(stderr,"%d bytes of encrypted data read from state machine\n",n);
- return n;
- }
-
-void SSLStateMachine_write_inject(SSLStateMachine *pMachine,
- const unsigned char *aucBuf,int nBuf)
- {
- int n=SSL_write(pMachine->pSSL,aucBuf,nBuf);
- /* If it turns out this assert fails, then buffer the data here
- * and just feed it in in churn instead. Seems to me that it
- * should be guaranteed to succeed, though.
- */
- assert(n == nBuf);
- fprintf(stderr,"%d bytes of unencrypted data fed to state machine\n",n);
- }
-
-int OpenSocket(int nPort)
- {
- int nSocket;
- struct sockaddr_in saServer;
- struct sockaddr_in saClient;
- int one=1;
- int nSize;
- int nFD;
- int nLen;
-
- nSocket=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
- if(nSocket < 0)
- {
- perror("socket");
- exit(1);
- }
-
- if(setsockopt(nSocket,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof one) < 0)
- {
- perror("setsockopt");
- exit(2);
- }
-
- memset(&saServer,0,sizeof saServer);
- saServer.sin_family=AF_INET;
- saServer.sin_port=htons(nPort);
- nSize=sizeof saServer;
- if(bind(nSocket,(struct sockaddr *)&saServer,nSize) < 0)
- {
- perror("bind");
- exit(3);
- }
-
- if(listen(nSocket,512) < 0)
- {
- perror("listen");
- exit(4);
- }
-
- nLen=sizeof saClient;
- nFD=accept(nSocket,(struct sockaddr *)&saClient,&nLen);
- if(nFD < 0)
- {
- perror("accept");
- exit(5);
- }
-
- fprintf(stderr,"Incoming accepted on port %d\n",nPort);
-
- return nFD;
- }
-
-int main(int argc,char **argv)
- {
- SSLStateMachine *pMachine;
- int nPort;
- int nFD;
- const char *szCertificateFile;
- const char *szKeyFile;
- char rbuf[1];
- int nrbuf=0;
-
- if(argc != 4)
- {
- fprintf(stderr,"%s <port> <certificate file> <key file>\n",argv[0]);
- exit(6);
- }
-
- nPort=atoi(argv[1]);
- szCertificateFile=argv[2];
- szKeyFile=argv[3];
-
- SSL_library_init();
- OpenSSL_add_ssl_algorithms();
- SSL_load_error_strings();
- ERR_load_crypto_strings();
-
- nFD=OpenSocket(nPort);
-
- pMachine=SSLStateMachine_new(szCertificateFile,szKeyFile);
-
- for( ; ; )
- {
- fd_set rfds,wfds;
- unsigned char buf[1024];
- int n;
-
- FD_ZERO(&rfds);
- FD_ZERO(&wfds);
-
- /* Select socket for input */
- FD_SET(nFD,&rfds);
-
- /* check whether there's decrypted data */
- if(!nrbuf)
- nrbuf=SSLStateMachine_read_extract(pMachine,rbuf,1);
-
- /* if there's decrypted data, check whether we can write it */
- if(nrbuf)
- FD_SET(1,&wfds);
-
- /* Select socket for output */
- if(SSLStateMachine_write_can_extract(pMachine))
- FD_SET(nFD,&wfds);
-
- /* Select stdin for input */
- FD_SET(0,&rfds);
-
- /* Wait for something to do something */
- n=select(nFD+1,&rfds,&wfds,NULL,NULL);
- assert(n > 0);
-
- /* Socket is ready for input */
- if(FD_ISSET(nFD,&rfds))
- {
- n=read(nFD,buf,sizeof buf);
- if(n == 0)
- {
- fprintf(stderr,"Got EOF on socket\n");
- exit(0);
- }
- assert(n > 0);
-
- SSLStateMachine_read_inject(pMachine,buf,n);
- }
-
- /* stdout is ready for output (and hence we have some to send it) */
- if(FD_ISSET(1,&wfds))
- {
- assert(nrbuf == 1);
- buf[0]=rbuf[0];
- nrbuf=0;
-
- n=SSLStateMachine_read_extract(pMachine,buf+1,sizeof buf-1);
- if(n < 0)
- {
- SSLStateMachine_print_error(pMachine,"read extract failed");
- break;
- }
- assert(n >= 0);
- ++n;
- if(n > 0) /* FIXME: has to be true now */
- {
- int w;
-
- w=write(1,buf,n);
- /* FIXME: we should push back any unwritten data */
- assert(w == n);
- }
- }
-
- /* Socket is ready for output (and therefore we have output to send) */
- if(FD_ISSET(nFD,&wfds))
- {
- int w;
-
- n=SSLStateMachine_write_extract(pMachine,buf,sizeof buf);
- assert(n > 0);
-
- w=write(nFD,buf,n);
- /* FIXME: we should push back any unwritten data */
- assert(w == n);
- }
-
- /* Stdin is ready for input */
- if(FD_ISSET(0,&rfds))
- {
- n=read(0,buf,sizeof buf);
- if(n == 0)
- {
- fprintf(stderr,"Got EOF on stdin\n");
- exit(0);
- }
- assert(n > 0);
-
- SSLStateMachine_write_inject(pMachine,buf,n);
- }
- }
- /* not reached */
- return 0;
- }
Copied: vendor-crypto/openssl/0.9.8zf/demos/state_machine/state_machine.c (from rev 6976, vendor-crypto/openssl/dist/demos/state_machine/state_machine.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/state_machine/state_machine.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/state_machine/state_machine.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,407 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * Nuron, a leader in hardware encryption technology, generously
+ * sponsored the development of this demo by Ben Laurie.
+ *
+ * See http://www.nuron.com/.
+ */
+
+/*
+ * the aim of this demo is to provide a fully working state-machine
+ * style SSL implementation, i.e. one where the main loop acquires
+ * some data, then converts it from or to SSL by feeding it into the
+ * SSL state machine. It then does any I/O required by the state machine
+ * and loops.
+ *
+ * In order to keep things as simple as possible, this implementation
+ * listens on a TCP socket, which it expects to get an SSL connection
+ * on (for example, from s_client) and from then on writes decrypted
+ * data to stdout and encrypts anything arriving on stdin. Verbose
+ * commentary is written to stderr.
+ *
+ * This implementation acts as a server, but it can also be done for a client. */
+
+#include <openssl/ssl.h>
+#include <assert.h>
+#include <unistd.h>
+#include <string.h>
+#include <openssl/err.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+/*
+ * die_unless is intended to work like assert, except that it happens always,
+ * even if NDEBUG is defined. Use assert as a stopgap.
+ */
+
+#define die_unless(x) assert(x)
+
+typedef struct {
+ SSL_CTX *pCtx;
+ BIO *pbioRead;
+ BIO *pbioWrite;
+ SSL *pSSL;
+} SSLStateMachine;
+
+void SSLStateMachine_print_error(SSLStateMachine * pMachine,
+ const char *szErr)
+{
+ unsigned long l;
+
+ fprintf(stderr, "%s\n", szErr);
+ while ((l = ERR_get_error())) {
+ char buf[1024];
+
+ ERR_error_string_n(l, buf, sizeof buf);
+ fprintf(stderr, "Error %lx: %s\n", l, buf);
+ }
+}
+
+SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile,
+ const char *szKeyFile)
+{
+ SSLStateMachine *pMachine = malloc(sizeof *pMachine);
+ int n;
+
+ die_unless(pMachine);
+
+ pMachine->pCtx = SSL_CTX_new(SSLv23_server_method());
+ die_unless(pMachine->pCtx);
+
+ n = SSL_CTX_use_certificate_file(pMachine->pCtx, szCertificateFile,
+ SSL_FILETYPE_PEM);
+ die_unless(n > 0);
+
+ n = SSL_CTX_use_PrivateKey_file(pMachine->pCtx, szKeyFile,
+ SSL_FILETYPE_PEM);
+ die_unless(n > 0);
+
+ pMachine->pSSL = SSL_new(pMachine->pCtx);
+ die_unless(pMachine->pSSL);
+
+ pMachine->pbioRead = BIO_new(BIO_s_mem());
+
+ pMachine->pbioWrite = BIO_new(BIO_s_mem());
+
+ SSL_set_bio(pMachine->pSSL, pMachine->pbioRead, pMachine->pbioWrite);
+
+ SSL_set_accept_state(pMachine->pSSL);
+
+ return pMachine;
+}
+
+void SSLStateMachine_read_inject(SSLStateMachine * pMachine,
+ const unsigned char *aucBuf, int nBuf)
+{
+ int n = BIO_write(pMachine->pbioRead, aucBuf, nBuf);
+ /*
+ * If it turns out this assert fails, then buffer the data here and just
+ * feed it in in churn instead. Seems to me that it should be guaranteed
+ * to succeed, though.
+ */
+ assert(n == nBuf);
+ fprintf(stderr, "%d bytes of encrypted data fed to state machine\n", n);
+}
+
+int SSLStateMachine_read_extract(SSLStateMachine * pMachine,
+ unsigned char *aucBuf, int nBuf)
+{
+ int n;
+
+ if (!SSL_is_init_finished(pMachine->pSSL)) {
+ fprintf(stderr, "Doing SSL_accept\n");
+ n = SSL_accept(pMachine->pSSL);
+ if (n == 0)
+ fprintf(stderr, "SSL_accept returned zero\n");
+ if (n < 0) {
+ int err;
+
+ if ((err =
+ SSL_get_error(pMachine->pSSL, n)) == SSL_ERROR_WANT_READ) {
+ fprintf(stderr, "SSL_accept wants more data\n");
+ return 0;
+ }
+
+ SSLStateMachine_print_error(pMachine, "SSL_accept error");
+ exit(7);
+ }
+ return 0;
+ }
+
+ n = SSL_read(pMachine->pSSL, aucBuf, nBuf);
+ if (n < 0) {
+ int err = SSL_get_error(pMachine->pSSL, n);
+
+ if (err == SSL_ERROR_WANT_READ) {
+ fprintf(stderr, "SSL_read wants more data\n");
+ return 0;
+ }
+
+ SSLStateMachine_print_error(pMachine, "SSL_read error");
+ exit(8);
+ }
+
+ fprintf(stderr, "%d bytes of decrypted data read from state machine\n",
+ n);
+ return n;
+}
+
+int SSLStateMachine_write_can_extract(SSLStateMachine * pMachine)
+{
+ int n = BIO_pending(pMachine->pbioWrite);
+ if (n)
+ fprintf(stderr, "There is encrypted data available to write\n");
+ else
+ fprintf(stderr, "There is no encrypted data available to write\n");
+
+ return n;
+}
+
+int SSLStateMachine_write_extract(SSLStateMachine * pMachine,
+ unsigned char *aucBuf, int nBuf)
+{
+ int n;
+
+ n = BIO_read(pMachine->pbioWrite, aucBuf, nBuf);
+ fprintf(stderr, "%d bytes of encrypted data read from state machine\n",
+ n);
+ return n;
+}
+
+void SSLStateMachine_write_inject(SSLStateMachine * pMachine,
+ const unsigned char *aucBuf, int nBuf)
+{
+ int n = SSL_write(pMachine->pSSL, aucBuf, nBuf);
+ /*
+ * If it turns out this assert fails, then buffer the data here and just
+ * feed it in in churn instead. Seems to me that it should be guaranteed
+ * to succeed, though.
+ */
+ assert(n == nBuf);
+ fprintf(stderr, "%d bytes of unencrypted data fed to state machine\n", n);
+}
+
+int OpenSocket(int nPort)
+{
+ int nSocket;
+ struct sockaddr_in saServer;
+ struct sockaddr_in saClient;
+ int one = 1;
+ int nSize;
+ int nFD;
+ int nLen;
+
+ nSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+ if (nSocket < 0) {
+ perror("socket");
+ exit(1);
+ }
+
+ if (setsockopt
+ (nSocket, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof one) < 0) {
+ perror("setsockopt");
+ exit(2);
+ }
+
+ memset(&saServer, 0, sizeof saServer);
+ saServer.sin_family = AF_INET;
+ saServer.sin_port = htons(nPort);
+ nSize = sizeof saServer;
+ if (bind(nSocket, (struct sockaddr *)&saServer, nSize) < 0) {
+ perror("bind");
+ exit(3);
+ }
+
+ if (listen(nSocket, 512) < 0) {
+ perror("listen");
+ exit(4);
+ }
+
+ nLen = sizeof saClient;
+ nFD = accept(nSocket, (struct sockaddr *)&saClient, &nLen);
+ if (nFD < 0) {
+ perror("accept");
+ exit(5);
+ }
+
+ fprintf(stderr, "Incoming accepted on port %d\n", nPort);
+
+ return nFD;
+}
+
+int main(int argc, char **argv)
+{
+ SSLStateMachine *pMachine;
+ int nPort;
+ int nFD;
+ const char *szCertificateFile;
+ const char *szKeyFile;
+ char rbuf[1];
+ int nrbuf = 0;
+
+ if (argc != 4) {
+ fprintf(stderr, "%s <port> <certificate file> <key file>\n", argv[0]);
+ exit(6);
+ }
+
+ nPort = atoi(argv[1]);
+ szCertificateFile = argv[2];
+ szKeyFile = argv[3];
+
+ SSL_library_init();
+ OpenSSL_add_ssl_algorithms();
+ SSL_load_error_strings();
+ ERR_load_crypto_strings();
+
+ nFD = OpenSocket(nPort);
+
+ pMachine = SSLStateMachine_new(szCertificateFile, szKeyFile);
+
+ for (;;) {
+ fd_set rfds, wfds;
+ unsigned char buf[1024];
+ int n;
+
+ FD_ZERO(&rfds);
+ FD_ZERO(&wfds);
+
+ /* Select socket for input */
+ FD_SET(nFD, &rfds);
+
+ /* check whether there's decrypted data */
+ if (!nrbuf)
+ nrbuf = SSLStateMachine_read_extract(pMachine, rbuf, 1);
+
+ /* if there's decrypted data, check whether we can write it */
+ if (nrbuf)
+ FD_SET(1, &wfds);
+
+ /* Select socket for output */
+ if (SSLStateMachine_write_can_extract(pMachine))
+ FD_SET(nFD, &wfds);
+
+ /* Select stdin for input */
+ FD_SET(0, &rfds);
+
+ /* Wait for something to do something */
+ n = select(nFD + 1, &rfds, &wfds, NULL, NULL);
+ assert(n > 0);
+
+ /* Socket is ready for input */
+ if (FD_ISSET(nFD, &rfds)) {
+ n = read(nFD, buf, sizeof buf);
+ if (n == 0) {
+ fprintf(stderr, "Got EOF on socket\n");
+ exit(0);
+ }
+ assert(n > 0);
+
+ SSLStateMachine_read_inject(pMachine, buf, n);
+ }
+
+ /* stdout is ready for output (and hence we have some to send it) */
+ if (FD_ISSET(1, &wfds)) {
+ assert(nrbuf == 1);
+ buf[0] = rbuf[0];
+ nrbuf = 0;
+
+ n = SSLStateMachine_read_extract(pMachine, buf + 1,
+ sizeof buf - 1);
+ if (n < 0) {
+ SSLStateMachine_print_error(pMachine, "read extract failed");
+ break;
+ }
+ assert(n >= 0);
+ ++n;
+ if (n > 0) { /* FIXME: has to be true now */
+ int w;
+
+ w = write(1, buf, n);
+ /* FIXME: we should push back any unwritten data */
+ assert(w == n);
+ }
+ }
+
+ /*
+ * Socket is ready for output (and therefore we have output to send)
+ */
+ if (FD_ISSET(nFD, &wfds)) {
+ int w;
+
+ n = SSLStateMachine_write_extract(pMachine, buf, sizeof buf);
+ assert(n > 0);
+
+ w = write(nFD, buf, n);
+ /* FIXME: we should push back any unwritten data */
+ assert(w == n);
+ }
+
+ /* Stdin is ready for input */
+ if (FD_ISSET(0, &rfds)) {
+ n = read(0, buf, sizeof buf);
+ if (n == 0) {
+ fprintf(stderr, "Got EOF on stdin\n");
+ exit(0);
+ }
+ assert(n > 0);
+
+ SSLStateMachine_write_inject(pMachine, buf, n);
+ }
+ }
+ /* not reached */
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/tunala/breakage.c
===================================================================
--- vendor-crypto/openssl/dist/demos/tunala/breakage.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/breakage.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,66 +0,0 @@
-#include "tunala.h"
-
-int int_strtoul(const char *str, unsigned long *val)
-{
-#ifdef HAVE_STRTOUL
- char *tmp;
- unsigned long ret = strtoul(str, &tmp, 10);
- if((str == tmp) || (*tmp != '\0'))
- /* The value didn't parse cleanly */
- return 0;
- if(ret == ULONG_MAX)
- /* We hit a limit */
- return 0;
- *val = ret;
- return 1;
-#else
- char buf[2];
- unsigned long ret = 0;
- buf[1] = '\0';
- if(str == '\0')
- /* An empty string ... */
- return 0;
- while(*str != '\0') {
- /* We have to multiply 'ret' by 10 before absorbing the next
- * digit. If this will overflow, catch it now. */
- if(ret && (((ULONG_MAX + 10) / ret) < 10))
- return 0;
- ret *= 10;
- if(!isdigit(*str))
- return 0;
- buf[0] = *str;
- ret += atoi(buf);
- str++;
- }
- *val = ret;
- return 1;
-#endif
-}
-
-#ifndef HAVE_STRSTR
-char *int_strstr(const char *haystack, const char *needle)
-{
- const char *sub_haystack = haystack, *sub_needle = needle;
- unsigned int offset = 0;
- if(!needle)
- return haystack;
- if(!haystack)
- return NULL;
- while((*sub_haystack != '\0') && (*sub_needle != '\0')) {
- if(sub_haystack[offset] == sub_needle) {
- /* sub_haystack is still a candidate */
- offset++;
- sub_needle++;
- } else {
- /* sub_haystack is no longer a possibility */
- sub_haystack++;
- offset = 0;
- sub_needle = needle;
- }
- }
- if(*sub_haystack == '\0')
- /* Found nothing */
- return NULL;
- return sub_haystack;
-}
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/demos/tunala/breakage.c (from rev 6976, vendor-crypto/openssl/dist/demos/tunala/breakage.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/tunala/breakage.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/breakage.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,68 @@
+#include "tunala.h"
+
+int int_strtoul(const char *str, unsigned long *val)
+{
+#ifdef HAVE_STRTOUL
+ char *tmp;
+ unsigned long ret = strtoul(str, &tmp, 10);
+ if ((str == tmp) || (*tmp != '\0'))
+ /* The value didn't parse cleanly */
+ return 0;
+ if (ret == ULONG_MAX)
+ /* We hit a limit */
+ return 0;
+ *val = ret;
+ return 1;
+#else
+ char buf[2];
+ unsigned long ret = 0;
+ buf[1] = '\0';
+ if (str == '\0')
+ /* An empty string ... */
+ return 0;
+ while (*str != '\0') {
+ /*
+ * We have to multiply 'ret' by 10 before absorbing the next digit.
+ * If this will overflow, catch it now.
+ */
+ if (ret && (((ULONG_MAX + 10) / ret) < 10))
+ return 0;
+ ret *= 10;
+ if (!isdigit(*str))
+ return 0;
+ buf[0] = *str;
+ ret += atoi(buf);
+ str++;
+ }
+ *val = ret;
+ return 1;
+#endif
+}
+
+#ifndef HAVE_STRSTR
+char *int_strstr(const char *haystack, const char *needle)
+{
+ const char *sub_haystack = haystack, *sub_needle = needle;
+ unsigned int offset = 0;
+ if (!needle)
+ return haystack;
+ if (!haystack)
+ return NULL;
+ while ((*sub_haystack != '\0') && (*sub_needle != '\0')) {
+ if (sub_haystack[offset] == sub_needle) {
+ /* sub_haystack is still a candidate */
+ offset++;
+ sub_needle++;
+ } else {
+ /* sub_haystack is no longer a possibility */
+ sub_haystack++;
+ offset = 0;
+ sub_needle = needle;
+ }
+ }
+ if (*sub_haystack == '\0')
+ /* Found nothing */
+ return NULL;
+ return sub_haystack;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/demos/tunala/buffer.c
===================================================================
--- vendor-crypto/openssl/dist/demos/tunala/buffer.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/buffer.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,205 +0,0 @@
-#include "tunala.h"
-
-#ifndef NO_BUFFER
-
-void buffer_init(buffer_t *buf)
-{
- buf->used = 0;
- buf->total_in = buf->total_out = 0;
-}
-
-void buffer_close(buffer_t *buf)
-{
- /* Our data is static - nothing needs "release", just reset it */
- buf->used = 0;
-}
-
-/* Code these simple ones in compact form */
-unsigned int buffer_used(buffer_t *buf) {
- return buf->used; }
-unsigned int buffer_unused(buffer_t *buf) {
- return (MAX_DATA_SIZE - buf->used); }
-int buffer_full(buffer_t *buf) {
- return (buf->used == MAX_DATA_SIZE ? 1 : 0); }
-int buffer_notfull(buffer_t *buf) {
- return (buf->used < MAX_DATA_SIZE ? 1 : 0); }
-int buffer_empty(buffer_t *buf) {
- return (buf->used == 0 ? 1 : 0); }
-int buffer_notempty(buffer_t *buf) {
- return (buf->used > 0 ? 1 : 0); }
-unsigned long buffer_total_in(buffer_t *buf) {
- return buf->total_in; }
-unsigned long buffer_total_out(buffer_t *buf) {
- return buf->total_out; }
-
-/* These 3 static (internal) functions don't adjust the "total" variables as
- * it's not sure when they're called how it should be interpreted. Only the
- * higher-level "buffer_[to|from]_[fd|SSL|BIO]" functions should alter these
- * values. */
-#if 0 /* To avoid "unused" warnings */
-static unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
- unsigned int size)
-{
- unsigned int added = MAX_DATA_SIZE - buf->used;
- if(added > size)
- added = size;
- if(added == 0)
- return 0;
- memcpy(buf->data + buf->used, ptr, added);
- buf->used += added;
- buf->total_in += added;
- return added;
-}
-
-static unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap)
-{
- unsigned int moved, tomove = from->used;
- if((int)tomove > cap)
- tomove = cap;
- if(tomove == 0)
- return 0;
- moved = buffer_adddata(to, from->data, tomove);
- if(moved == 0)
- return 0;
- buffer_takedata(from, NULL, moved);
- return moved;
-}
-#endif
-
-static unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
- unsigned int size)
-{
- unsigned int taken = buf->used;
- if(taken > size)
- taken = size;
- if(taken == 0)
- return 0;
- if(ptr)
- memcpy(ptr, buf->data, taken);
- buf->used -= taken;
- /* Do we have to scroll? */
- if(buf->used > 0)
- memmove(buf->data, buf->data + taken, buf->used);
- return taken;
-}
-
-#ifndef NO_IP
-
-int buffer_from_fd(buffer_t *buf, int fd)
-{
- int toread = buffer_unused(buf);
- if(toread == 0)
- /* Shouldn't be called in this case! */
- abort();
- toread = read(fd, buf->data + buf->used, toread);
- if(toread > 0) {
- buf->used += toread;
- buf->total_in += toread;
- }
- return toread;
-}
-
-int buffer_to_fd(buffer_t *buf, int fd)
-{
- int towrite = buffer_used(buf);
- if(towrite == 0)
- /* Shouldn't be called in this case! */
- abort();
- towrite = write(fd, buf->data, towrite);
- if(towrite > 0) {
- buffer_takedata(buf, NULL, towrite);
- buf->total_out += towrite;
- }
- return towrite;
-}
-
-#endif /* !defined(NO_IP) */
-
-#ifndef NO_OPENSSL
-
-static void int_ssl_check(SSL *s, int ret)
-{
- int e = SSL_get_error(s, ret);
- switch(e) {
- /* These seem to be harmless and already "dealt with" by our
- * non-blocking environment. NB: "ZERO_RETURN" is the clean
- * "error" indicating a successfully closed SSL tunnel. We let
- * this happen because our IO loop should not appear to have
- * broken on this condition - and outside the IO loop, the
- * "shutdown" state is checked. */
- case SSL_ERROR_NONE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
- case SSL_ERROR_WANT_X509_LOOKUP:
- case SSL_ERROR_ZERO_RETURN:
- return;
- /* These seem to be indications of a genuine error that should
- * result in the SSL tunnel being regarded as "dead". */
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- SSL_set_app_data(s, (char *)1);
- return;
- default:
- break;
- }
- /* For any other errors that (a) exist, and (b) crop up - we need to
- * interpret what to do with them - so "politely inform" the caller that
- * the code needs updating here. */
- abort();
-}
-
-void buffer_from_SSL(buffer_t *buf, SSL *ssl)
-{
- int ret;
- if(!ssl || buffer_full(buf))
- return;
- ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf));
- if(ret > 0) {
- buf->used += ret;
- buf->total_in += ret;
- }
- if(ret < 0)
- int_ssl_check(ssl, ret);
-}
-
-void buffer_to_SSL(buffer_t *buf, SSL *ssl)
-{
- int ret;
- if(!ssl || buffer_empty(buf))
- return;
- ret = SSL_write(ssl, buf->data, buf->used);
- if(ret > 0) {
- buffer_takedata(buf, NULL, ret);
- buf->total_out += ret;
- }
- if(ret < 0)
- int_ssl_check(ssl, ret);
-}
-
-void buffer_from_BIO(buffer_t *buf, BIO *bio)
-{
- int ret;
- if(!bio || buffer_full(buf))
- return;
- ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf));
- if(ret > 0) {
- buf->used += ret;
- buf->total_in += ret;
- }
-}
-
-void buffer_to_BIO(buffer_t *buf, BIO *bio)
-{
- int ret;
- if(!bio || buffer_empty(buf))
- return;
- ret = BIO_write(bio, buf->data, buf->used);
- if(ret > 0) {
- buffer_takedata(buf, NULL, ret);
- buf->total_out += ret;
- }
-}
-
-#endif /* !defined(NO_OPENSSL) */
-
-#endif /* !defined(NO_BUFFER) */
Copied: vendor-crypto/openssl/0.9.8zf/demos/tunala/buffer.c (from rev 6976, vendor-crypto/openssl/dist/demos/tunala/buffer.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/tunala/buffer.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/buffer.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,236 @@
+#include "tunala.h"
+
+#ifndef NO_BUFFER
+
+void buffer_init(buffer_t * buf)
+{
+ buf->used = 0;
+ buf->total_in = buf->total_out = 0;
+}
+
+void buffer_close(buffer_t * buf)
+{
+ /* Our data is static - nothing needs "release", just reset it */
+ buf->used = 0;
+}
+
+/* Code these simple ones in compact form */
+unsigned int buffer_used(buffer_t * buf)
+{
+ return buf->used;
+}
+
+unsigned int buffer_unused(buffer_t * buf)
+{
+ return (MAX_DATA_SIZE - buf->used);
+}
+
+int buffer_full(buffer_t * buf)
+{
+ return (buf->used == MAX_DATA_SIZE ? 1 : 0);
+}
+
+int buffer_notfull(buffer_t * buf)
+{
+ return (buf->used < MAX_DATA_SIZE ? 1 : 0);
+}
+
+int buffer_empty(buffer_t * buf)
+{
+ return (buf->used == 0 ? 1 : 0);
+}
+
+int buffer_notempty(buffer_t * buf)
+{
+ return (buf->used > 0 ? 1 : 0);
+}
+
+unsigned long buffer_total_in(buffer_t * buf)
+{
+ return buf->total_in;
+}
+
+unsigned long buffer_total_out(buffer_t * buf)
+{
+ return buf->total_out;
+}
+
+/*
+ * These 3 static (internal) functions don't adjust the "total" variables as
+ * it's not sure when they're called how it should be interpreted. Only the
+ * higher-level "buffer_[to|from]_[fd|SSL|BIO]" functions should alter these
+ * values.
+ */
+# if 0 /* To avoid "unused" warnings */
+static unsigned int buffer_adddata(buffer_t * buf, const unsigned char *ptr,
+ unsigned int size)
+{
+ unsigned int added = MAX_DATA_SIZE - buf->used;
+ if (added > size)
+ added = size;
+ if (added == 0)
+ return 0;
+ memcpy(buf->data + buf->used, ptr, added);
+ buf->used += added;
+ buf->total_in += added;
+ return added;
+}
+
+static unsigned int buffer_tobuffer(buffer_t * to, buffer_t * from, int cap)
+{
+ unsigned int moved, tomove = from->used;
+ if ((int)tomove > cap)
+ tomove = cap;
+ if (tomove == 0)
+ return 0;
+ moved = buffer_adddata(to, from->data, tomove);
+ if (moved == 0)
+ return 0;
+ buffer_takedata(from, NULL, moved);
+ return moved;
+}
+# endif
+
+static unsigned int buffer_takedata(buffer_t * buf, unsigned char *ptr,
+ unsigned int size)
+{
+ unsigned int taken = buf->used;
+ if (taken > size)
+ taken = size;
+ if (taken == 0)
+ return 0;
+ if (ptr)
+ memcpy(ptr, buf->data, taken);
+ buf->used -= taken;
+ /* Do we have to scroll? */
+ if (buf->used > 0)
+ memmove(buf->data, buf->data + taken, buf->used);
+ return taken;
+}
+
+# ifndef NO_IP
+
+int buffer_from_fd(buffer_t * buf, int fd)
+{
+ int toread = buffer_unused(buf);
+ if (toread == 0)
+ /* Shouldn't be called in this case! */
+ abort();
+ toread = read(fd, buf->data + buf->used, toread);
+ if (toread > 0) {
+ buf->used += toread;
+ buf->total_in += toread;
+ }
+ return toread;
+}
+
+int buffer_to_fd(buffer_t * buf, int fd)
+{
+ int towrite = buffer_used(buf);
+ if (towrite == 0)
+ /* Shouldn't be called in this case! */
+ abort();
+ towrite = write(fd, buf->data, towrite);
+ if (towrite > 0) {
+ buffer_takedata(buf, NULL, towrite);
+ buf->total_out += towrite;
+ }
+ return towrite;
+}
+
+# endif /* !defined(NO_IP) */
+
+# ifndef NO_OPENSSL
+
+static void int_ssl_check(SSL *s, int ret)
+{
+ int e = SSL_get_error(s, ret);
+ switch (e) {
+ /*
+ * These seem to be harmless and already "dealt with" by our
+ * non-blocking environment. NB: "ZERO_RETURN" is the clean "error"
+ * indicating a successfully closed SSL tunnel. We let this happen
+ * because our IO loop should not appear to have broken on this
+ * condition - and outside the IO loop, the "shutdown" state is
+ * checked.
+ */
+ case SSL_ERROR_NONE:
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ case SSL_ERROR_ZERO_RETURN:
+ return;
+ /*
+ * These seem to be indications of a genuine error that should result
+ * in the SSL tunnel being regarded as "dead".
+ */
+ case SSL_ERROR_SYSCALL:
+ case SSL_ERROR_SSL:
+ SSL_set_app_data(s, (char *)1);
+ return;
+ default:
+ break;
+ }
+ /*
+ * For any other errors that (a) exist, and (b) crop up - we need to
+ * interpret what to do with them - so "politely inform" the caller that
+ * the code needs updating here.
+ */
+ abort();
+}
+
+void buffer_from_SSL(buffer_t * buf, SSL *ssl)
+{
+ int ret;
+ if (!ssl || buffer_full(buf))
+ return;
+ ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf));
+ if (ret > 0) {
+ buf->used += ret;
+ buf->total_in += ret;
+ }
+ if (ret < 0)
+ int_ssl_check(ssl, ret);
+}
+
+void buffer_to_SSL(buffer_t * buf, SSL *ssl)
+{
+ int ret;
+ if (!ssl || buffer_empty(buf))
+ return;
+ ret = SSL_write(ssl, buf->data, buf->used);
+ if (ret > 0) {
+ buffer_takedata(buf, NULL, ret);
+ buf->total_out += ret;
+ }
+ if (ret < 0)
+ int_ssl_check(ssl, ret);
+}
+
+void buffer_from_BIO(buffer_t * buf, BIO *bio)
+{
+ int ret;
+ if (!bio || buffer_full(buf))
+ return;
+ ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf));
+ if (ret > 0) {
+ buf->used += ret;
+ buf->total_in += ret;
+ }
+}
+
+void buffer_to_BIO(buffer_t * buf, BIO *bio)
+{
+ int ret;
+ if (!bio || buffer_empty(buf))
+ return;
+ ret = BIO_write(bio, buf->data, buf->used);
+ if (ret > 0) {
+ buffer_takedata(buf, NULL, ret);
+ buf->total_out += ret;
+ }
+}
+
+# endif /* !defined(NO_OPENSSL) */
+
+#endif /* !defined(NO_BUFFER) */
Deleted: vendor-crypto/openssl/0.9.8zf/demos/tunala/cb.c
===================================================================
--- vendor-crypto/openssl/dist/demos/tunala/cb.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/cb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,143 +0,0 @@
-#include "tunala.h"
-
-#ifndef NO_OPENSSL
-
-/* For callbacks generating output, here are their file-descriptors. */
-static FILE *fp_cb_ssl_info = NULL;
-static FILE *fp_cb_ssl_verify = NULL;
-/* Output level:
- * 0 = nothing,
- * 1 = minimal, just errors,
- * 2 = minimal, all steps,
- * 3 = detail, all steps */
-static unsigned int cb_ssl_verify_level = 1;
-
-/* Other static rubbish (to mirror s_cb.c where required) */
-static int int_verify_depth = 10;
-
-/* This function is largely borrowed from the one used in OpenSSL's "s_client"
- * and "s_server" utilities. */
-void cb_ssl_info(const SSL *s, int where, int ret)
-{
- const char *str1, *str2;
- int w;
-
- if(!fp_cb_ssl_info)
- return;
-
- w = where & ~SSL_ST_MASK;
- str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ?
- "SSL_accept" : "undefined")),
- str2 = SSL_state_string_long(s);
-
- if (where & SSL_CB_LOOP)
- fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2);
- else if (where & SSL_CB_EXIT) {
- if (ret == 0)
- fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2);
-/* In a non-blocking model, we get a few of these "error"s simply because we're
- * calling "reads" and "writes" on the state-machine that are virtual NOPs
- * simply to avoid wasting the time seeing if we *should* call them. Removing
- * this case makes the "-out_state" output a lot easier on the eye. */
-#if 0
- else if (ret < 0)
- fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2);
-#endif
- }
-}
-
-void cb_ssl_info_set_output(FILE *fp)
-{
- fp_cb_ssl_info = fp;
-}
-
-static const char *int_reason_no_issuer = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT";
-static const char *int_reason_not_yet = "X509_V_ERR_CERT_NOT_YET_VALID";
-static const char *int_reason_before = "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD";
-static const char *int_reason_expired = "X509_V_ERR_CERT_HAS_EXPIRED";
-static const char *int_reason_after = "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD";
-
-/* Stolen wholesale from apps/s_cb.c :-) And since then, mutilated ... */
-int cb_ssl_verify(int ok, X509_STORE_CTX *ctx)
-{
- char buf1[256]; /* Used for the subject name */
- char buf2[256]; /* Used for the issuer name */
- const char *reason = NULL; /* Error reason (if any) */
- X509 *err_cert;
- int err, depth;
-
- if(!fp_cb_ssl_verify || (cb_ssl_verify_level == 0))
- return ok;
- err_cert = X509_STORE_CTX_get_current_cert(ctx);
- err = X509_STORE_CTX_get_error(ctx);
- depth = X509_STORE_CTX_get_error_depth(ctx);
-
- buf1[0] = buf2[0] = '\0';
- /* Fill buf1 */
- X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256);
- /* Fill buf2 */
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256);
- switch (ctx->error) {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- reason = int_reason_no_issuer;
- break;
- case X509_V_ERR_CERT_NOT_YET_VALID:
- reason = int_reason_not_yet;
- break;
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- reason = int_reason_before;
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- reason = int_reason_expired;
- break;
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- reason = int_reason_after;
- break;
- }
-
- if((cb_ssl_verify_level == 1) && ok)
- return ok;
- fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth);
- if(reason)
- fprintf(fp_cb_ssl_verify, "error=%s\n", reason);
- else
- fprintf(fp_cb_ssl_verify, "error=%d\n", err);
- if(cb_ssl_verify_level < 3)
- return ok;
- fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1);
- fprintf(fp_cb_ssl_verify, "--> issuer = %s\n", buf2);
- if(!ok)
- fprintf(fp_cb_ssl_verify,"--> verify error:num=%d:%s\n",err,
- X509_verify_cert_error_string(err));
- fprintf(fp_cb_ssl_verify, "--> verify return:%d\n",ok);
- return ok;
-}
-
-void cb_ssl_verify_set_output(FILE *fp)
-{
- fp_cb_ssl_verify = fp;
-}
-
-void cb_ssl_verify_set_depth(unsigned int verify_depth)
-{
- int_verify_depth = verify_depth;
-}
-
-void cb_ssl_verify_set_level(unsigned int level)
-{
- if(level < 4)
- cb_ssl_verify_level = level;
-}
-
-RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength)
-{
- /* TODO: Perhaps make it so our global key can be generated on-the-fly
- * after certain intervals? */
- static RSA *rsa_tmp = NULL;
- if(!rsa_tmp)
- rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
- return rsa_tmp;
-}
-
-#endif /* !defined(NO_OPENSSL) */
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/tunala/cb.c (from rev 6976, vendor-crypto/openssl/dist/demos/tunala/cb.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/tunala/cb.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/cb.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,154 @@
+#include "tunala.h"
+
+#ifndef NO_OPENSSL
+
+/* For callbacks generating output, here are their file-descriptors. */
+static FILE *fp_cb_ssl_info = NULL;
+static FILE *fp_cb_ssl_verify = NULL;
+/*-
+ * Output level:
+ * 0 = nothing,
+ * 1 = minimal, just errors,
+ * 2 = minimal, all steps,
+ * 3 = detail, all steps */
+static unsigned int cb_ssl_verify_level = 1;
+
+/* Other static rubbish (to mirror s_cb.c where required) */
+static int int_verify_depth = 10;
+
+/*
+ * This function is largely borrowed from the one used in OpenSSL's
+ * "s_client" and "s_server" utilities.
+ */
+void cb_ssl_info(const SSL *s, int where, int ret)
+{
+ const char *str1, *str2;
+ int w;
+
+ if (!fp_cb_ssl_info)
+ return;
+
+ w = where & ~SSL_ST_MASK;
+ str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ?
+ "SSL_accept" :
+ "undefined")), str2 =
+ SSL_state_string_long(s);
+
+ if (where & SSL_CB_LOOP)
+ fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2);
+ else if (where & SSL_CB_EXIT) {
+ if (ret == 0)
+ fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2);
+ /*
+ * In a non-blocking model, we get a few of these "error"s simply
+ * because we're calling "reads" and "writes" on the state-machine
+ * that are virtual NOPs simply to avoid wasting the time seeing if
+ * we *should* call them. Removing this case makes the "-out_state"
+ * output a lot easier on the eye.
+ */
+# if 0
+ else if (ret < 0)
+ fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2);
+# endif
+ }
+}
+
+void cb_ssl_info_set_output(FILE *fp)
+{
+ fp_cb_ssl_info = fp;
+}
+
+static const char *int_reason_no_issuer =
+ "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT";
+static const char *int_reason_not_yet = "X509_V_ERR_CERT_NOT_YET_VALID";
+static const char *int_reason_before =
+ "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD";
+static const char *int_reason_expired = "X509_V_ERR_CERT_HAS_EXPIRED";
+static const char *int_reason_after =
+ "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD";
+
+/* Stolen wholesale from apps/s_cb.c :-) And since then, mutilated ... */
+int cb_ssl_verify(int ok, X509_STORE_CTX *ctx)
+{
+ char buf1[256]; /* Used for the subject name */
+ char buf2[256]; /* Used for the issuer name */
+ const char *reason = NULL; /* Error reason (if any) */
+ X509 *err_cert;
+ int err, depth;
+
+ if (!fp_cb_ssl_verify || (cb_ssl_verify_level == 0))
+ return ok;
+ err_cert = X509_STORE_CTX_get_current_cert(ctx);
+ err = X509_STORE_CTX_get_error(ctx);
+ depth = X509_STORE_CTX_get_error_depth(ctx);
+
+ buf1[0] = buf2[0] = '\0';
+ /* Fill buf1 */
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256);
+ /* Fill buf2 */
+ X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256);
+ switch (ctx->error) {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+ reason = int_reason_no_issuer;
+ break;
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ reason = int_reason_not_yet;
+ break;
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+ reason = int_reason_before;
+ break;
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ reason = int_reason_expired;
+ break;
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+ reason = int_reason_after;
+ break;
+ }
+
+ if ((cb_ssl_verify_level == 1) && ok)
+ return ok;
+ fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth);
+ if (reason)
+ fprintf(fp_cb_ssl_verify, "error=%s\n", reason);
+ else
+ fprintf(fp_cb_ssl_verify, "error=%d\n", err);
+ if (cb_ssl_verify_level < 3)
+ return ok;
+ fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1);
+ fprintf(fp_cb_ssl_verify, "--> issuer = %s\n", buf2);
+ if (!ok)
+ fprintf(fp_cb_ssl_verify, "--> verify error:num=%d:%s\n", err,
+ X509_verify_cert_error_string(err));
+ fprintf(fp_cb_ssl_verify, "--> verify return:%d\n", ok);
+ return ok;
+}
+
+void cb_ssl_verify_set_output(FILE *fp)
+{
+ fp_cb_ssl_verify = fp;
+}
+
+void cb_ssl_verify_set_depth(unsigned int verify_depth)
+{
+ int_verify_depth = verify_depth;
+}
+
+void cb_ssl_verify_set_level(unsigned int level)
+{
+ if (level < 4)
+ cb_ssl_verify_level = level;
+}
+
+RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength)
+{
+ /*
+ * TODO: Perhaps make it so our global key can be generated on-the-fly
+ * after certain intervals?
+ */
+ static RSA *rsa_tmp = NULL;
+ if (!rsa_tmp)
+ rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
+ return rsa_tmp;
+}
+
+#endif /* !defined(NO_OPENSSL) */
Deleted: vendor-crypto/openssl/0.9.8zf/demos/tunala/ip.c
===================================================================
--- vendor-crypto/openssl/dist/demos/tunala/ip.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/ip.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,146 +0,0 @@
-#include "tunala.h"
-
-#ifndef NO_IP
-
-#define IP_LISTENER_BACKLOG 511 /* So if it gets masked by 256 or some other
- such value it'll still be respectable */
-
-/* Any IP-related initialisations. For now, this means blocking SIGPIPE */
-int ip_initialise(void)
-{
- struct sigaction sa;
-
- sa.sa_handler = SIG_IGN;
- sa.sa_flags = 0;
- sigemptyset(&sa.sa_mask);
- if(sigaction(SIGPIPE, &sa, NULL) != 0)
- return 0;
- return 1;
-}
-
-int ip_create_listener_split(const char *ip, unsigned short port)
-{
- struct sockaddr_in in_addr;
- int fd = -1;
- int reuseVal = 1;
-
- /* Create the socket */
- if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
- goto err;
- /* Set the SO_REUSEADDR flag - servers act weird without it */
- if(setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal),
- sizeof(reuseVal)) != 0)
- goto err;
- /* Prepare the listen address stuff */
- in_addr.sin_family = AF_INET;
- memcpy(&in_addr.sin_addr.s_addr, ip, 4);
- in_addr.sin_port = htons(port);
- /* Bind to the required port/address/interface */
- if(bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) != 0)
- goto err;
- /* Start "listening" */
- if(listen(fd, IP_LISTENER_BACKLOG) != 0)
- goto err;
- return fd;
-err:
- if(fd != -1)
- close(fd);
- return -1;
-}
-
-int ip_create_connection_split(const char *ip, unsigned short port)
-{
- struct sockaddr_in in_addr;
- int flags, fd = -1;
-
- /* Create the socket */
- if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
- goto err;
- /* Make it non-blocking */
- if(((flags = fcntl(fd, F_GETFL, 0)) < 0) ||
- (fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0))
- goto err;
- /* Prepare the connection address stuff */
- in_addr.sin_family = AF_INET;
- memcpy(&in_addr.sin_addr.s_addr, ip, 4);
- in_addr.sin_port = htons(port);
- /* Start a connect (non-blocking, in all likelihood) */
- if((connect(fd, (struct sockaddr *)&in_addr,
- sizeof(struct sockaddr_in)) != 0) &&
- (errno != EINPROGRESS))
- goto err;
- return fd;
-err:
- if(fd != -1)
- close(fd);
- return -1;
-}
-
-static char all_local_ip[] = {0x00,0x00,0x00,0x00};
-
-int ip_parse_address(const char *address, const char **parsed_ip,
- unsigned short *parsed_port, int accept_all_ip)
-{
- char buf[256];
- struct hostent *lookup;
- unsigned long port;
- const char *ptr = strstr(address, ":");
- const char *ip = all_local_ip;
-
- if(!ptr) {
- /* We assume we're listening on all local interfaces and have
- * only specified a port. */
- if(!accept_all_ip)
- return 0;
- ptr = address;
- goto determine_port;
- }
- if((ptr - address) > 255)
- return 0;
- memset(buf, 0, 256);
- memcpy(buf, address, ptr - address);
- ptr++;
- if((lookup = gethostbyname(buf)) == NULL) {
- /* Spit a message to differentiate between lookup failures and
- * bad strings. */
- fprintf(stderr, "hostname lookup for '%s' failed\n", buf);
- return 0;
- }
- ip = lookup->h_addr_list[0];
-determine_port:
- if(strlen(ptr) < 1)
- return 0;
- if(!int_strtoul(ptr, &port) || (port > 65535))
- return 0;
- *parsed_ip = ip;
- *parsed_port = (unsigned short)port;
- return 1;
-}
-
-int ip_create_listener(const char *address)
-{
- const char *ip;
- unsigned short port;
-
- if(!ip_parse_address(address, &ip, &port, 1))
- return -1;
- return ip_create_listener_split(ip, port);
-}
-
-int ip_create_connection(const char *address)
-{
- const char *ip;
- unsigned short port;
-
- if(!ip_parse_address(address, &ip, &port, 0))
- return -1;
- return ip_create_connection_split(ip, port);
-}
-
-int ip_accept_connection(int listen_fd)
-{
- return accept(listen_fd, NULL, NULL);
-}
-
-#endif /* !defined(NO_IP) */
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/tunala/ip.c (from rev 6976, vendor-crypto/openssl/dist/demos/tunala/ip.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/tunala/ip.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/ip.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,149 @@
+#include "tunala.h"
+
+#ifndef NO_IP
+
+# define IP_LISTENER_BACKLOG 511/* So if it gets masked by 256 or some other
+ * such value it'll still be respectable */
+
+/* Any IP-related initialisations. For now, this means blocking SIGPIPE */
+int ip_initialise(void)
+{
+ struct sigaction sa;
+
+ sa.sa_handler = SIG_IGN;
+ sa.sa_flags = 0;
+ sigemptyset(&sa.sa_mask);
+ if (sigaction(SIGPIPE, &sa, NULL) != 0)
+ return 0;
+ return 1;
+}
+
+int ip_create_listener_split(const char *ip, unsigned short port)
+{
+ struct sockaddr_in in_addr;
+ int fd = -1;
+ int reuseVal = 1;
+
+ /* Create the socket */
+ if ((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
+ goto err;
+ /* Set the SO_REUSEADDR flag - servers act weird without it */
+ if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal),
+ sizeof(reuseVal)) != 0)
+ goto err;
+ /* Prepare the listen address stuff */
+ in_addr.sin_family = AF_INET;
+ memcpy(&in_addr.sin_addr.s_addr, ip, 4);
+ in_addr.sin_port = htons(port);
+ /* Bind to the required port/address/interface */
+ if (bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) !=
+ 0)
+ goto err;
+ /* Start "listening" */
+ if (listen(fd, IP_LISTENER_BACKLOG) != 0)
+ goto err;
+ return fd;
+ err:
+ if (fd != -1)
+ close(fd);
+ return -1;
+}
+
+int ip_create_connection_split(const char *ip, unsigned short port)
+{
+ struct sockaddr_in in_addr;
+ int flags, fd = -1;
+
+ /* Create the socket */
+ if ((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
+ goto err;
+ /* Make it non-blocking */
+ if (((flags = fcntl(fd, F_GETFL, 0)) < 0) ||
+ (fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0))
+ goto err;
+ /* Prepare the connection address stuff */
+ in_addr.sin_family = AF_INET;
+ memcpy(&in_addr.sin_addr.s_addr, ip, 4);
+ in_addr.sin_port = htons(port);
+ /* Start a connect (non-blocking, in all likelihood) */
+ if ((connect(fd, (struct sockaddr *)&in_addr,
+ sizeof(struct sockaddr_in)) != 0) && (errno != EINPROGRESS))
+ goto err;
+ return fd;
+ err:
+ if (fd != -1)
+ close(fd);
+ return -1;
+}
+
+static char all_local_ip[] = { 0x00, 0x00, 0x00, 0x00 };
+
+int ip_parse_address(const char *address, const char **parsed_ip,
+ unsigned short *parsed_port, int accept_all_ip)
+{
+ char buf[256];
+ struct hostent *lookup;
+ unsigned long port;
+ const char *ptr = strstr(address, ":");
+ const char *ip = all_local_ip;
+
+ if (!ptr) {
+ /*
+ * We assume we're listening on all local interfaces and have only
+ * specified a port.
+ */
+ if (!accept_all_ip)
+ return 0;
+ ptr = address;
+ goto determine_port;
+ }
+ if ((ptr - address) > 255)
+ return 0;
+ memset(buf, 0, 256);
+ memcpy(buf, address, ptr - address);
+ ptr++;
+ if ((lookup = gethostbyname(buf)) == NULL) {
+ /*
+ * Spit a message to differentiate between lookup failures and bad
+ * strings.
+ */
+ fprintf(stderr, "hostname lookup for '%s' failed\n", buf);
+ return 0;
+ }
+ ip = lookup->h_addr_list[0];
+ determine_port:
+ if (strlen(ptr) < 1)
+ return 0;
+ if (!int_strtoul(ptr, &port) || (port > 65535))
+ return 0;
+ *parsed_ip = ip;
+ *parsed_port = (unsigned short)port;
+ return 1;
+}
+
+int ip_create_listener(const char *address)
+{
+ const char *ip;
+ unsigned short port;
+
+ if (!ip_parse_address(address, &ip, &port, 1))
+ return -1;
+ return ip_create_listener_split(ip, port);
+}
+
+int ip_create_connection(const char *address)
+{
+ const char *ip;
+ unsigned short port;
+
+ if (!ip_parse_address(address, &ip, &port, 0))
+ return -1;
+ return ip_create_connection_split(ip, port);
+}
+
+int ip_accept_connection(int listen_fd)
+{
+ return accept(listen_fd, NULL, NULL);
+}
+
+#endif /* !defined(NO_IP) */
Deleted: vendor-crypto/openssl/0.9.8zf/demos/tunala/sm.c
===================================================================
--- vendor-crypto/openssl/dist/demos/tunala/sm.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/sm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,151 +0,0 @@
-#include "tunala.h"
-
-#ifndef NO_TUNALA
-
-void state_machine_init(state_machine_t *machine)
-{
- machine->ssl = NULL;
- machine->bio_intossl = machine->bio_fromssl = NULL;
- buffer_init(&machine->clean_in);
- buffer_init(&machine->clean_out);
- buffer_init(&machine->dirty_in);
- buffer_init(&machine->dirty_out);
-}
-
-void state_machine_close(state_machine_t *machine)
-{
- if(machine->ssl)
- SSL_free(machine->ssl);
-/* SSL_free seems to decrement the reference counts already so doing this goes
- * kaboom. */
-#if 0
- if(machine->bio_intossl)
- BIO_free(machine->bio_intossl);
- if(machine->bio_fromssl)
- BIO_free(machine->bio_fromssl);
-#endif
- buffer_close(&machine->clean_in);
- buffer_close(&machine->clean_out);
- buffer_close(&machine->dirty_in);
- buffer_close(&machine->dirty_out);
- state_machine_init(machine);
-}
-
-buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type)
-{
- switch(type) {
- case SM_CLEAN_IN:
- return &machine->clean_in;
- case SM_CLEAN_OUT:
- return &machine->clean_out;
- case SM_DIRTY_IN:
- return &machine->dirty_in;
- case SM_DIRTY_OUT:
- return &machine->dirty_out;
- default:
- break;
- }
- /* Should never get here */
- abort();
- return NULL;
-}
-
-SSL *state_machine_get_SSL(state_machine_t *machine)
-{
- return machine->ssl;
-}
-
-int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server)
-{
- if(machine->ssl)
- /* Shouldn't ever be set twice */
- abort();
- machine->ssl = ssl;
- /* Create the BIOs to handle the dirty side of the SSL */
- if((machine->bio_intossl = BIO_new(BIO_s_mem())) == NULL)
- abort();
- if((machine->bio_fromssl = BIO_new(BIO_s_mem())) == NULL)
- abort();
- /* Hook up the BIOs on the dirty side of the SSL */
- SSL_set_bio(machine->ssl, machine->bio_intossl, machine->bio_fromssl);
- if(is_server)
- SSL_set_accept_state(machine->ssl);
- else
- SSL_set_connect_state(machine->ssl);
- /* If we're the first one to generate traffic - do it now otherwise we
- * go into the next select empty-handed and our peer will not send data
- * but will similarly wait for us. */
- return state_machine_churn(machine);
-}
-
-/* Performs the data-IO loop and returns zero if the machine should close */
-int state_machine_churn(state_machine_t *machine)
-{
- unsigned int loop;
- if(machine->ssl == NULL) {
- if(buffer_empty(&machine->clean_out))
- /* Time to close this state-machine altogether */
- return 0;
- else
- /* Still buffered data on the clean side to go out */
- return 1;
- }
- /* Do this loop twice to cover any dependencies about which precise
- * order of reads and writes is required. */
- for(loop = 0; loop < 2; loop++) {
- buffer_to_SSL(&machine->clean_in, machine->ssl);
- buffer_to_BIO(&machine->dirty_in, machine->bio_intossl);
- buffer_from_SSL(&machine->clean_out, machine->ssl);
- buffer_from_BIO(&machine->dirty_out, machine->bio_fromssl);
- }
- /* We close on the SSL side if the info callback noticed some problems
- * or an SSL shutdown was underway and shutdown traffic had all been
- * sent. */
- if(SSL_get_app_data(machine->ssl) || (SSL_get_shutdown(machine->ssl) &&
- buffer_empty(&machine->dirty_out))) {
- /* Great, we can seal off the dirty side completely */
- if(!state_machine_close_dirty(machine))
- return 0;
- }
- /* Either the SSL is alive and well, or the closing process still has
- * outgoing data waiting to be sent */
- return 1;
-}
-
-/* Called when the clean side of the SSL has lost its connection */
-int state_machine_close_clean(state_machine_t *machine)
-{
- /* Well, first thing to do is null out the clean-side buffers - they're
- * no use any more. */
- buffer_close(&machine->clean_in);
- buffer_close(&machine->clean_out);
- /* And start an SSL shutdown */
- if(machine->ssl)
- SSL_shutdown(machine->ssl);
- /* This is an "event", so flush the SSL of any generated traffic */
- state_machine_churn(machine);
- if(buffer_empty(&machine->dirty_in) &&
- buffer_empty(&machine->dirty_out))
- return 0;
- return 1;
-}
-
-/* Called when the dirty side of the SSL has lost its connection. This is pretty
- * terminal as all that can be left to do is send any buffered output on the
- * clean side - after that, we're done. */
-int state_machine_close_dirty(state_machine_t *machine)
-{
- buffer_close(&machine->dirty_in);
- buffer_close(&machine->dirty_out);
- buffer_close(&machine->clean_in);
- if(machine->ssl)
- SSL_free(machine->ssl);
- machine->ssl = NULL;
- machine->bio_intossl = machine->bio_fromssl = NULL;
- if(buffer_empty(&machine->clean_out))
- return 0;
- return 1;
-}
-
-#endif /* !defined(NO_TUNALA) */
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/tunala/sm.c (from rev 6976, vendor-crypto/openssl/dist/demos/tunala/sm.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/tunala/sm.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/sm.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,164 @@
+#include "tunala.h"
+
+#ifndef NO_TUNALA
+
+void state_machine_init(state_machine_t * machine)
+{
+ machine->ssl = NULL;
+ machine->bio_intossl = machine->bio_fromssl = NULL;
+ buffer_init(&machine->clean_in);
+ buffer_init(&machine->clean_out);
+ buffer_init(&machine->dirty_in);
+ buffer_init(&machine->dirty_out);
+}
+
+void state_machine_close(state_machine_t * machine)
+{
+ if (machine->ssl)
+ SSL_free(machine->ssl);
+ /*
+ * SSL_free seems to decrement the reference counts already so doing this
+ * goes kaboom.
+ */
+# if 0
+ if (machine->bio_intossl)
+ BIO_free(machine->bio_intossl);
+ if (machine->bio_fromssl)
+ BIO_free(machine->bio_fromssl);
+# endif
+ buffer_close(&machine->clean_in);
+ buffer_close(&machine->clean_out);
+ buffer_close(&machine->dirty_in);
+ buffer_close(&machine->dirty_out);
+ state_machine_init(machine);
+}
+
+buffer_t *state_machine_get_buffer(state_machine_t * machine,
+ sm_buffer_t type)
+{
+ switch (type) {
+ case SM_CLEAN_IN:
+ return &machine->clean_in;
+ case SM_CLEAN_OUT:
+ return &machine->clean_out;
+ case SM_DIRTY_IN:
+ return &machine->dirty_in;
+ case SM_DIRTY_OUT:
+ return &machine->dirty_out;
+ default:
+ break;
+ }
+ /* Should never get here */
+ abort();
+ return NULL;
+}
+
+SSL *state_machine_get_SSL(state_machine_t * machine)
+{
+ return machine->ssl;
+}
+
+int state_machine_set_SSL(state_machine_t * machine, SSL *ssl, int is_server)
+{
+ if (machine->ssl)
+ /* Shouldn't ever be set twice */
+ abort();
+ machine->ssl = ssl;
+ /* Create the BIOs to handle the dirty side of the SSL */
+ if ((machine->bio_intossl = BIO_new(BIO_s_mem())) == NULL)
+ abort();
+ if ((machine->bio_fromssl = BIO_new(BIO_s_mem())) == NULL)
+ abort();
+ /* Hook up the BIOs on the dirty side of the SSL */
+ SSL_set_bio(machine->ssl, machine->bio_intossl, machine->bio_fromssl);
+ if (is_server)
+ SSL_set_accept_state(machine->ssl);
+ else
+ SSL_set_connect_state(machine->ssl);
+ /*
+ * If we're the first one to generate traffic - do it now otherwise we go
+ * into the next select empty-handed and our peer will not send data but
+ * will similarly wait for us.
+ */
+ return state_machine_churn(machine);
+}
+
+/* Performs the data-IO loop and returns zero if the machine should close */
+int state_machine_churn(state_machine_t * machine)
+{
+ unsigned int loop;
+ if (machine->ssl == NULL) {
+ if (buffer_empty(&machine->clean_out))
+ /* Time to close this state-machine altogether */
+ return 0;
+ else
+ /* Still buffered data on the clean side to go out */
+ return 1;
+ }
+ /*
+ * Do this loop twice to cover any dependencies about which precise order
+ * of reads and writes is required.
+ */
+ for (loop = 0; loop < 2; loop++) {
+ buffer_to_SSL(&machine->clean_in, machine->ssl);
+ buffer_to_BIO(&machine->dirty_in, machine->bio_intossl);
+ buffer_from_SSL(&machine->clean_out, machine->ssl);
+ buffer_from_BIO(&machine->dirty_out, machine->bio_fromssl);
+ }
+ /*
+ * We close on the SSL side if the info callback noticed some problems or
+ * an SSL shutdown was underway and shutdown traffic had all been sent.
+ */
+ if (SSL_get_app_data(machine->ssl) || (SSL_get_shutdown(machine->ssl) &&
+ buffer_empty(&machine->dirty_out)))
+ {
+ /* Great, we can seal off the dirty side completely */
+ if (!state_machine_close_dirty(machine))
+ return 0;
+ }
+ /*
+ * Either the SSL is alive and well, or the closing process still has
+ * outgoing data waiting to be sent
+ */
+ return 1;
+}
+
+/* Called when the clean side of the SSL has lost its connection */
+int state_machine_close_clean(state_machine_t * machine)
+{
+ /*
+ * Well, first thing to do is null out the clean-side buffers - they're
+ * no use any more.
+ */
+ buffer_close(&machine->clean_in);
+ buffer_close(&machine->clean_out);
+ /* And start an SSL shutdown */
+ if (machine->ssl)
+ SSL_shutdown(machine->ssl);
+ /* This is an "event", so flush the SSL of any generated traffic */
+ state_machine_churn(machine);
+ if (buffer_empty(&machine->dirty_in) && buffer_empty(&machine->dirty_out))
+ return 0;
+ return 1;
+}
+
+/*
+ * Called when the dirty side of the SSL has lost its connection. This is
+ * pretty terminal as all that can be left to do is send any buffered output
+ * on the clean side - after that, we're done.
+ */
+int state_machine_close_dirty(state_machine_t * machine)
+{
+ buffer_close(&machine->dirty_in);
+ buffer_close(&machine->dirty_out);
+ buffer_close(&machine->clean_in);
+ if (machine->ssl)
+ SSL_free(machine->ssl);
+ machine->ssl = NULL;
+ machine->bio_intossl = machine->bio_fromssl = NULL;
+ if (buffer_empty(&machine->clean_out))
+ return 0;
+ return 1;
+}
+
+#endif /* !defined(NO_TUNALA) */
Deleted: vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.c
===================================================================
--- vendor-crypto/openssl/dist/demos/tunala/tunala.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1107 +0,0 @@
-#if defined(NO_BUFFER) || defined(NO_IP) || defined(NO_OPENSSL)
-#error "Badness, NO_BUFFER, NO_IP or NO_OPENSSL is defined, turn them *off*"
-#endif
-
-/* Include our bits'n'pieces */
-#include "tunala.h"
-
-
-/********************************************/
-/* Our local types that specify our "world" */
-/********************************************/
-
-/* These represent running "tunnels". Eg. if you wanted to do SSL in a
- * "message-passing" scanario, the "int" file-descriptors might be replaced by
- * thread or process IDs, and the "select" code might be replaced by message
- * handling code. Whatever. */
-typedef struct _tunala_item_t {
- /* The underlying SSL state machine. This is a data-only processing unit
- * and we communicate with it by talking to its four "buffers". */
- state_machine_t sm;
- /* The file-descriptors for the "dirty" (encrypted) side of the SSL
- * setup. In actuality, this is typically a socket and both values are
- * identical. */
- int dirty_read, dirty_send;
- /* The file-descriptors for the "clean" (unencrypted) side of the SSL
- * setup. These could be stdin/stdout, a socket (both values the same),
- * or whatever you like. */
- int clean_read, clean_send;
-} tunala_item_t;
-
-/* This structure is used as the data for running the main loop. Namely, in a
- * network format such as this, it is stuff for select() - but as pointed out,
- * when moving the real-world to somewhere else, this might be replaced by
- * something entirely different. It's basically the stuff that controls when
- * it's time to do some "work". */
-typedef struct _select_sets_t {
- int max; /* As required as the first argument to select() */
- fd_set reads, sends, excepts; /* As passed to select() */
-} select_sets_t;
-typedef struct _tunala_selector_t {
- select_sets_t last_selected; /* Results of the last select() */
- select_sets_t next_select; /* What we'll next select on */
-} tunala_selector_t;
-
-/* This structure is *everything*. We do it to avoid the use of globals so that,
- * for example, it would be easier to shift things around between async-IO,
- * thread-based, or multi-fork()ed (or combinations thereof). */
-typedef struct _tunala_world_t {
- /* The file-descriptor we "listen" on for new connections */
- int listen_fd;
- /* The array of tunnels */
- tunala_item_t *tunnels;
- /* the number of tunnels in use and allocated, respectively */
- unsigned int tunnels_used, tunnels_size;
- /* Our outside "loop" context stuff */
- tunala_selector_t selector;
- /* Our SSL_CTX, which is configured as the SSL client or server and has
- * the various cert-settings and callbacks configured. */
- SSL_CTX *ssl_ctx;
- /* Simple flag with complex logic :-) Indicates whether we're an SSL
- * server or an SSL client. */
- int server_mode;
-} tunala_world_t;
-
-/*****************************/
-/* Internal static functions */
-/*****************************/
-
-static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
- const char *CAfile, const char *cert, const char *key,
- const char *dcert, const char *dkey, const char *cipher_list,
- const char *dh_file, const char *dh_special, int tmp_rsa,
- int ctx_options, int out_state, int out_verify, int verify_mode,
- unsigned int verify_depth);
-static void selector_init(tunala_selector_t *selector);
-static void selector_add_listener(tunala_selector_t *selector, int fd);
-static void selector_add_tunala(tunala_selector_t *selector, tunala_item_t *t);
-static int selector_select(tunala_selector_t *selector);
-/* This returns -1 for error, 0 for no new connections, or 1 for success, in
- * which case *newfd is populated. */
-static int selector_get_listener(tunala_selector_t *selector, int fd, int *newfd);
-static int tunala_world_new_item(tunala_world_t *world, int fd,
- const char *ip, unsigned short port, int flipped);
-static void tunala_world_del_item(tunala_world_t *world, unsigned int idx);
-static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item);
-
-/*********************************************/
-/* MAIN FUNCTION (and its utility functions) */
-/*********************************************/
-
-static const char *def_proxyhost = "127.0.0.1:443";
-static const char *def_listenhost = "127.0.0.1:8080";
-static int def_max_tunnels = 50;
-static const char *def_cacert = NULL;
-static const char *def_cert = NULL;
-static const char *def_key = NULL;
-static const char *def_dcert = NULL;
-static const char *def_dkey = NULL;
-static const char *def_engine_id = NULL;
-static int def_server_mode = 0;
-static int def_flipped = 0;
-static const char *def_cipher_list = NULL;
-static const char *def_dh_file = NULL;
-static const char *def_dh_special = NULL;
-static int def_tmp_rsa = 1;
-static int def_ctx_options = 0;
-static int def_verify_mode = 0;
-static unsigned int def_verify_depth = 10;
-static int def_out_state = 0;
-static unsigned int def_out_verify = 0;
-static int def_out_totals = 0;
-static int def_out_conns = 0;
-
-static const char *helpstring =
-"\n'Tunala' (A tunneler with a New Zealand accent)\n"
-"Usage: tunala [options], where options are from;\n"
-" -listen [host:]<port> (default = 127.0.0.1:8080)\n"
-" -proxy <host>:<port> (default = 127.0.0.1:443)\n"
-" -maxtunnels <num> (default = 50)\n"
-" -cacert <path|NULL> (default = NULL)\n"
-" -cert <path|NULL> (default = NULL)\n"
-" -key <path|NULL> (default = whatever '-cert' is)\n"
-" -dcert <path|NULL> (usually for DSA, default = NULL)\n"
-" -dkey <path|NULL> (usually for DSA, default = whatever '-dcert' is)\n"
-" -engine <id|NULL> (default = NULL)\n"
-" -server <0|1> (default = 0, ie. an SSL client)\n"
-" -flipped <0|1> (makes SSL servers be network clients, and vice versa)\n"
-" -cipher <list> (specifies cipher list to use)\n"
-" -dh_file <path> (a PEM file containing DH parameters to use)\n"
-" -dh_special <NULL|generate|standard> (see below: def=NULL)\n"
-" -no_tmp_rsa (don't generate temporary RSA keys)\n"
-" -no_ssl2 (disable SSLv2)\n"
-" -no_ssl3 (disable SSLv3)\n"
-" -no_tls1 (disable TLSv1)\n"
-" -v_peer (verify the peer certificate)\n"
-" -v_strict (do not continue if peer doesn't authenticate)\n"
-" -v_once (no verification in renegotiates)\n"
-" -v_depth <num> (limit certificate chain depth, default = 10)\n"
-" -out_conns (prints client connections and disconnections)\n"
-" -out_state (prints SSL handshake states)\n"
-" -out_verify <0|1|2|3> (prints certificate verification states: def=1)\n"
-" -out_totals (prints out byte-totals when a tunnel closes)\n"
-" -<h|help|?> (displays this help screen)\n"
-"Notes:\n"
-"(1) It is recommended to specify a cert+key when operating as an SSL server.\n"
-" If you only specify '-cert', the same file must contain a matching\n"
-" private key.\n"
-"(2) Either dh_file or dh_special can be used to specify where DH parameters\n"
-" will be obtained from (or '-dh_special NULL' for the default choice) but\n"
-" you cannot specify both. For dh_special, 'generate' will create new DH\n"
-" parameters on startup, and 'standard' will use embedded parameters\n"
-" instead.\n"
-"(3) Normally an ssl client connects to an ssl server - so that an 'ssl client\n"
-" tunala' listens for 'clean' client connections and proxies ssl, and an\n"
-" 'ssl server tunala' listens for ssl connections and proxies 'clean'. With\n"
-" '-flipped 1', this behaviour is reversed so that an 'ssl server tunala'\n"
-" listens for clean client connections and proxies ssl (but participating\n"
-" as an ssl *server* in the SSL/TLS protocol), and an 'ssl client tunala'\n"
-" listens for ssl connections (participating as an ssl *client* in the\n"
-" SSL/TLS protocol) and proxies 'clean' to the end destination. This can\n"
-" be useful for allowing network access to 'servers' where only the server\n"
-" needs to authenticate the client (ie. the other way is not required).\n"
-" Even with client and server authentication, this 'technique' mitigates\n"
-" some DoS (denial-of-service) potential as it will be the network client\n"
-" having to perform the first private key operation rather than the other\n"
-" way round.\n"
-"(4) The 'technique' used by setting '-flipped 1' is probably compatible with\n"
-" absolutely nothing except another complimentary instance of 'tunala'\n"
-" running with '-flipped 1'. :-)\n";
-
-/* Default DH parameters for use with "-dh_special standard" ... stolen striaght
- * from s_server. */
-static unsigned char dh512_p[]={
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
- 0x47,0x74,0xE8,0x33,
- };
-static unsigned char dh512_g[]={
- 0x02,
- };
-
-/* And the function that parses the above "standard" parameters, again, straight
- * out of s_server. */
-static DH *get_dh512(void)
- {
- DH *dh=NULL;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- return(NULL);
- return(dh);
- }
-
-/* Various help/error messages used by main() */
-static int usage(const char *errstr, int isunknownarg)
-{
- if(isunknownarg)
- fprintf(stderr, "Error: unknown argument '%s'\n", errstr);
- else
- fprintf(stderr, "Error: %s\n", errstr);
- fprintf(stderr, "%s\n", helpstring);
- return 1;
-}
-
-static int err_str0(const char *str0)
-{
- fprintf(stderr, "%s\n", str0);
- return 1;
-}
-
-static int err_str1(const char *fmt, const char *str1)
-{
- fprintf(stderr, fmt, str1);
- fprintf(stderr, "\n");
- return 1;
-}
-
-static int parse_max_tunnels(const char *s, unsigned int *maxtunnels)
-{
- unsigned long l;
- if(!int_strtoul(s, &l) || (l < 1) || (l > 1024)) {
- fprintf(stderr, "Error, '%s' is an invalid value for "
- "maxtunnels\n", s);
- return 0;
- }
- *maxtunnels = (unsigned int)l;
- return 1;
-}
-
-static int parse_server_mode(const char *s, int *servermode)
-{
- unsigned long l;
- if(!int_strtoul(s, &l) || (l > 1)) {
- fprintf(stderr, "Error, '%s' is an invalid value for the "
- "server mode\n", s);
- return 0;
- }
- *servermode = (int)l;
- return 1;
-}
-
-static int parse_dh_special(const char *s, const char **dh_special)
-{
- if((strcmp(s, "NULL") == 0) || (strcmp(s, "generate") == 0) ||
- (strcmp(s, "standard") == 0)) {
- *dh_special = s;
- return 1;
- }
- fprintf(stderr, "Error, '%s' is an invalid value for 'dh_special'\n", s);
- return 0;
-}
-
-static int parse_verify_level(const char *s, unsigned int *verify_level)
-{
- unsigned long l;
- if(!int_strtoul(s, &l) || (l > 3)) {
- fprintf(stderr, "Error, '%s' is an invalid value for "
- "out_verify\n", s);
- return 0;
- }
- *verify_level = (unsigned int)l;
- return 1;
-}
-
-static int parse_verify_depth(const char *s, unsigned int *verify_depth)
-{
- unsigned long l;
- if(!int_strtoul(s, &l) || (l < 1) || (l > 50)) {
- fprintf(stderr, "Error, '%s' is an invalid value for "
- "verify_depth\n", s);
- return 0;
- }
- *verify_depth = (unsigned int)l;
- return 1;
-}
-
-/* Some fprintf format strings used when tunnels close */
-static const char *io_stats_dirty =
-" SSL traffic; %8lu bytes in, %8lu bytes out\n";
-static const char *io_stats_clean =
-" clear traffic; %8lu bytes in, %8lu bytes out\n";
-
-int main(int argc, char *argv[])
-{
- unsigned int loop;
- int newfd;
- tunala_world_t world;
- tunala_item_t *t_item;
- const char *proxy_ip;
- unsigned short proxy_port;
- /* Overridables */
- const char *proxyhost = def_proxyhost;
- const char *listenhost = def_listenhost;
- unsigned int max_tunnels = def_max_tunnels;
- const char *cacert = def_cacert;
- const char *cert = def_cert;
- const char *key = def_key;
- const char *dcert = def_dcert;
- const char *dkey = def_dkey;
- const char *engine_id = def_engine_id;
- int server_mode = def_server_mode;
- int flipped = def_flipped;
- const char *cipher_list = def_cipher_list;
- const char *dh_file = def_dh_file;
- const char *dh_special = def_dh_special;
- int tmp_rsa = def_tmp_rsa;
- int ctx_options = def_ctx_options;
- int verify_mode = def_verify_mode;
- unsigned int verify_depth = def_verify_depth;
- int out_state = def_out_state;
- unsigned int out_verify = def_out_verify;
- int out_totals = def_out_totals;
- int out_conns = def_out_conns;
-
-/* Parse command-line arguments */
-next_arg:
- argc--; argv++;
- if(argc > 0) {
- if(strcmp(*argv, "-listen") == 0) {
- if(argc < 2)
- return usage("-listen requires an argument", 0);
- argc--; argv++;
- listenhost = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-proxy") == 0) {
- if(argc < 2)
- return usage("-proxy requires an argument", 0);
- argc--; argv++;
- proxyhost = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-maxtunnels") == 0) {
- if(argc < 2)
- return usage("-maxtunnels requires an argument", 0);
- argc--; argv++;
- if(!parse_max_tunnels(*argv, &max_tunnels))
- return 1;
- goto next_arg;
- } else if(strcmp(*argv, "-cacert") == 0) {
- if(argc < 2)
- return usage("-cacert requires an argument", 0);
- argc--; argv++;
- if(strcmp(*argv, "NULL") == 0)
- cacert = NULL;
- else
- cacert = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-cert") == 0) {
- if(argc < 2)
- return usage("-cert requires an argument", 0);
- argc--; argv++;
- if(strcmp(*argv, "NULL") == 0)
- cert = NULL;
- else
- cert = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-key") == 0) {
- if(argc < 2)
- return usage("-key requires an argument", 0);
- argc--; argv++;
- if(strcmp(*argv, "NULL") == 0)
- key = NULL;
- else
- key = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-dcert") == 0) {
- if(argc < 2)
- return usage("-dcert requires an argument", 0);
- argc--; argv++;
- if(strcmp(*argv, "NULL") == 0)
- dcert = NULL;
- else
- dcert = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-dkey") == 0) {
- if(argc < 2)
- return usage("-dkey requires an argument", 0);
- argc--; argv++;
- if(strcmp(*argv, "NULL") == 0)
- dkey = NULL;
- else
- dkey = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-engine") == 0) {
- if(argc < 2)
- return usage("-engine requires an argument", 0);
- argc--; argv++;
- engine_id = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-server") == 0) {
- if(argc < 2)
- return usage("-server requires an argument", 0);
- argc--; argv++;
- if(!parse_server_mode(*argv, &server_mode))
- return 1;
- goto next_arg;
- } else if(strcmp(*argv, "-flipped") == 0) {
- if(argc < 2)
- return usage("-flipped requires an argument", 0);
- argc--; argv++;
- if(!parse_server_mode(*argv, &flipped))
- return 1;
- goto next_arg;
- } else if(strcmp(*argv, "-cipher") == 0) {
- if(argc < 2)
- return usage("-cipher requires an argument", 0);
- argc--; argv++;
- cipher_list = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-dh_file") == 0) {
- if(argc < 2)
- return usage("-dh_file requires an argument", 0);
- if(dh_special)
- return usage("cannot mix -dh_file with "
- "-dh_special", 0);
- argc--; argv++;
- dh_file = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-dh_special") == 0) {
- if(argc < 2)
- return usage("-dh_special requires an argument", 0);
- if(dh_file)
- return usage("cannot mix -dh_file with "
- "-dh_special", 0);
- argc--; argv++;
- if(!parse_dh_special(*argv, &dh_special))
- return 1;
- goto next_arg;
- } else if(strcmp(*argv, "-no_tmp_rsa") == 0) {
- tmp_rsa = 0;
- goto next_arg;
- } else if(strcmp(*argv, "-no_ssl2") == 0) {
- ctx_options |= SSL_OP_NO_SSLv2;
- goto next_arg;
- } else if(strcmp(*argv, "-no_ssl3") == 0) {
- ctx_options |= SSL_OP_NO_SSLv3;
- goto next_arg;
- } else if(strcmp(*argv, "-no_tls1") == 0) {
- ctx_options |= SSL_OP_NO_TLSv1;
- goto next_arg;
- } else if(strcmp(*argv, "-v_peer") == 0) {
- verify_mode |= SSL_VERIFY_PEER;
- goto next_arg;
- } else if(strcmp(*argv, "-v_strict") == 0) {
- verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
- goto next_arg;
- } else if(strcmp(*argv, "-v_once") == 0) {
- verify_mode |= SSL_VERIFY_CLIENT_ONCE;
- goto next_arg;
- } else if(strcmp(*argv, "-v_depth") == 0) {
- if(argc < 2)
- return usage("-v_depth requires an argument", 0);
- argc--; argv++;
- if(!parse_verify_depth(*argv, &verify_depth))
- return 1;
- goto next_arg;
- } else if(strcmp(*argv, "-out_state") == 0) {
- out_state = 1;
- goto next_arg;
- } else if(strcmp(*argv, "-out_verify") == 0) {
- if(argc < 2)
- return usage("-out_verify requires an argument", 0);
- argc--; argv++;
- if(!parse_verify_level(*argv, &out_verify))
- return 1;
- goto next_arg;
- } else if(strcmp(*argv, "-out_totals") == 0) {
- out_totals = 1;
- goto next_arg;
- } else if(strcmp(*argv, "-out_conns") == 0) {
- out_conns = 1;
- goto next_arg;
- } else if((strcmp(*argv, "-h") == 0) ||
- (strcmp(*argv, "-help") == 0) ||
- (strcmp(*argv, "-?") == 0)) {
- fprintf(stderr, "%s\n", helpstring);
- return 0;
- } else
- return usage(*argv, 1);
- }
- /* Run any sanity checks we want here */
- if(!cert && !dcert && server_mode)
- fprintf(stderr, "WARNING: you are running an SSL server without "
- "a certificate - this may not work!\n");
-
- /* Initialise network stuff */
- if(!ip_initialise())
- return err_str0("ip_initialise failed");
- /* Create the SSL_CTX */
- if((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id,
- cacert, cert, key, dcert, dkey, cipher_list, dh_file,
- dh_special, tmp_rsa, ctx_options, out_state, out_verify,
- verify_mode, verify_depth)) == NULL)
- return err_str1("initialise_ssl_ctx(engine_id=%s) failed",
- (engine_id == NULL) ? "NULL" : engine_id);
- if(engine_id)
- fprintf(stderr, "Info, engine '%s' initialised\n", engine_id);
- /* Create the listener */
- if((world.listen_fd = ip_create_listener(listenhost)) == -1)
- return err_str1("ip_create_listener(%s) failed", listenhost);
- fprintf(stderr, "Info, listening on '%s'\n", listenhost);
- if(!ip_parse_address(proxyhost, &proxy_ip, &proxy_port, 0))
- return err_str1("ip_parse_address(%s) failed", proxyhost);
- fprintf(stderr, "Info, proxying to '%s' (%d.%d.%d.%d:%d)\n", proxyhost,
- (int)proxy_ip[0], (int)proxy_ip[1],
- (int)proxy_ip[2], (int)proxy_ip[3], (int)proxy_port);
- fprintf(stderr, "Info, set maxtunnels to %d\n", (int)max_tunnels);
- fprintf(stderr, "Info, set to operate as an SSL %s\n",
- (server_mode ? "server" : "client"));
- /* Initialise the rest of the stuff */
- world.tunnels_used = world.tunnels_size = 0;
- world.tunnels = NULL;
- world.server_mode = server_mode;
- selector_init(&world.selector);
-
-/* We're ready to loop */
-main_loop:
- /* Should we listen for *new* tunnels? */
- if(world.tunnels_used < max_tunnels)
- selector_add_listener(&world.selector, world.listen_fd);
- /* We should add in our existing tunnels */
- for(loop = 0; loop < world.tunnels_used; loop++)
- selector_add_tunala(&world.selector, world.tunnels + loop);
- /* Now do the select */
- switch(selector_select(&world.selector)) {
- case -1:
- if(errno != EINTR) {
- fprintf(stderr, "selector_select returned a "
- "badness error.\n");
- goto shouldnt_happen;
- }
- fprintf(stderr, "Warn, selector interrupted by a signal\n");
- goto main_loop;
- case 0:
- fprintf(stderr, "Warn, selector_select returned 0 - signal?""?\n");
- goto main_loop;
- default:
- break;
- }
- /* Accept new connection if we should and can */
- if((world.tunnels_used < max_tunnels) && (selector_get_listener(
- &world.selector, world.listen_fd,
- &newfd) == 1)) {
- /* We have a new connection */
- if(!tunala_world_new_item(&world, newfd, proxy_ip,
- proxy_port, flipped))
- fprintf(stderr, "tunala_world_new_item failed\n");
- else if(out_conns)
- fprintf(stderr, "Info, new tunnel opened, now up to "
- "%d\n", world.tunnels_used);
- }
- /* Give each tunnel its moment, note the while loop is because it makes
- * the logic easier than with "for" to deal with an array that may shift
- * because of deletes. */
- loop = 0;
- t_item = world.tunnels;
- while(loop < world.tunnels_used) {
- if(!tunala_item_io(&world.selector, t_item)) {
- /* We're closing whether for reasons of an error or a
- * natural close. Don't increment loop or t_item because
- * the next item is moving to us! */
- if(!out_totals)
- goto skip_totals;
- fprintf(stderr, "Tunnel closing, traffic stats follow\n");
- /* Display the encrypted (over the network) stats */
- fprintf(stderr, io_stats_dirty,
- buffer_total_in(state_machine_get_buffer(
- &t_item->sm,SM_DIRTY_IN)),
- buffer_total_out(state_machine_get_buffer(
- &t_item->sm,SM_DIRTY_OUT)));
- /* Display the local (tunnelled) stats. NB: Data we
- * *receive* is data sent *out* of the state_machine on
- * its 'clean' side. Hence the apparent back-to-front
- * OUT/IN mixup here :-) */
- fprintf(stderr, io_stats_clean,
- buffer_total_out(state_machine_get_buffer(
- &t_item->sm,SM_CLEAN_OUT)),
- buffer_total_in(state_machine_get_buffer(
- &t_item->sm,SM_CLEAN_IN)));
-skip_totals:
- tunala_world_del_item(&world, loop);
- if(out_conns)
- fprintf(stderr, "Info, tunnel closed, down to %d\n",
- world.tunnels_used);
- }
- else {
- /* Move to the next item */
- loop++;
- t_item++;
- }
- }
- goto main_loop;
- /* Should never get here */
-shouldnt_happen:
- abort();
- return 1;
-}
-
-/****************/
-/* OpenSSL bits */
-/****************/
-
-static int ctx_set_cert(SSL_CTX *ctx, const char *cert, const char *key)
-{
- FILE *fp = NULL;
- X509 *x509 = NULL;
- EVP_PKEY *pkey = NULL;
- int toret = 0; /* Assume an error */
-
- /* cert */
- if(cert) {
- if((fp = fopen(cert, "r")) == NULL) {
- fprintf(stderr, "Error opening cert file '%s'\n", cert);
- goto err;
- }
- if(!PEM_read_X509(fp, &x509, NULL, NULL)) {
- fprintf(stderr, "Error reading PEM cert from '%s'\n",
- cert);
- goto err;
- }
- if(!SSL_CTX_use_certificate(ctx, x509)) {
- fprintf(stderr, "Error, cert in '%s' can not be used\n",
- cert);
- goto err;
- }
- /* Clear the FILE* for reuse in the "key" code */
- fclose(fp);
- fp = NULL;
- fprintf(stderr, "Info, operating with cert in '%s'\n", cert);
- /* If a cert was given without matching key, we assume the same
- * file contains the required key. */
- if(!key)
- key = cert;
- } else {
- if(key)
- fprintf(stderr, "Error, can't specify a key without a "
- "corresponding certificate\n");
- else
- fprintf(stderr, "Error, ctx_set_cert called with "
- "NULLs!\n");
- goto err;
- }
- /* key */
- if(key) {
- if((fp = fopen(key, "r")) == NULL) {
- fprintf(stderr, "Error opening key file '%s'\n", key);
- goto err;
- }
- if(!PEM_read_PrivateKey(fp, &pkey, NULL, NULL)) {
- fprintf(stderr, "Error reading PEM key from '%s'\n",
- key);
- goto err;
- }
- if(!SSL_CTX_use_PrivateKey(ctx, pkey)) {
- fprintf(stderr, "Error, key in '%s' can not be used\n",
- key);
- goto err;
- }
- fprintf(stderr, "Info, operating with key in '%s'\n", key);
- } else
- fprintf(stderr, "Info, operating without a cert or key\n");
- /* Success */
- toret = 1; err:
- if(x509)
- X509_free(x509);
- if(pkey)
- EVP_PKEY_free(pkey);
- if(fp)
- fclose(fp);
- return toret;
-}
-
-static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file, const char *dh_special)
-{
- DH *dh = NULL;
- FILE *fp = NULL;
-
- if(dh_special) {
- if(strcmp(dh_special, "NULL") == 0)
- return 1;
- if(strcmp(dh_special, "standard") == 0) {
- if((dh = get_dh512()) == NULL) {
- fprintf(stderr, "Error, can't parse 'standard'"
- " DH parameters\n");
- return 0;
- }
- fprintf(stderr, "Info, using 'standard' DH parameters\n");
- goto do_it;
- }
- if(strcmp(dh_special, "generate") != 0)
- /* This shouldn't happen - screening values is handled
- * in main(). */
- abort();
- fprintf(stderr, "Info, generating DH parameters ... ");
- fflush(stderr);
- if((dh = DH_generate_parameters(512, DH_GENERATOR_5,
- NULL, NULL)) == NULL) {
- fprintf(stderr, "error!\n");
- return 0;
- }
- fprintf(stderr, "complete\n");
- goto do_it;
- }
- /* So, we're loading dh_file */
- if((fp = fopen(dh_file, "r")) == NULL) {
- fprintf(stderr, "Error, couldn't open '%s' for DH parameters\n",
- dh_file);
- return 0;
- }
- dh = PEM_read_DHparams(fp, NULL, NULL, NULL);
- fclose(fp);
- if(dh == NULL) {
- fprintf(stderr, "Error, could not parse DH parameters from '%s'\n",
- dh_file);
- return 0;
- }
- fprintf(stderr, "Info, using DH parameters from file '%s'\n", dh_file);
-do_it:
- SSL_CTX_set_tmp_dh(ctx, dh);
- DH_free(dh);
- return 1;
-}
-
-static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
- const char *CAfile, const char *cert, const char *key,
- const char *dcert, const char *dkey, const char *cipher_list,
- const char *dh_file, const char *dh_special, int tmp_rsa,
- int ctx_options, int out_state, int out_verify, int verify_mode,
- unsigned int verify_depth)
-{
- SSL_CTX *ctx = NULL, *ret = NULL;
- SSL_METHOD *meth;
- ENGINE *e = NULL;
-
- OpenSSL_add_ssl_algorithms();
- SSL_load_error_strings();
-
- meth = (server_mode ? SSLv23_server_method() : SSLv23_client_method());
- if(meth == NULL)
- goto err;
- if(engine_id) {
- ENGINE_load_builtin_engines();
- if((e = ENGINE_by_id(engine_id)) == NULL) {
- fprintf(stderr, "Error obtaining '%s' engine, openssl "
- "errors follow\n", engine_id);
- goto err;
- }
- if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
- fprintf(stderr, "Error assigning '%s' engine, openssl "
- "errors follow\n", engine_id);
- goto err;
- }
- ENGINE_free(e);
- }
- if((ctx = SSL_CTX_new(meth)) == NULL)
- goto err;
- /* cacert */
- if(CAfile) {
- if(!X509_STORE_load_locations(SSL_CTX_get_cert_store(ctx),
- CAfile, NULL)) {
- fprintf(stderr, "Error loading CA cert(s) in '%s'\n",
- CAfile);
- goto err;
- }
- fprintf(stderr, "Info, operating with CA cert(s) in '%s'\n",
- CAfile);
- } else
- fprintf(stderr, "Info, operating without a CA cert(-list)\n");
- if(!SSL_CTX_set_default_verify_paths(ctx)) {
- fprintf(stderr, "Error setting default verify paths\n");
- goto err;
- }
-
- /* cert and key */
- if((cert || key) && !ctx_set_cert(ctx, cert, key))
- goto err;
- /* dcert and dkey */
- if((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey))
- goto err;
- /* temporary RSA key generation */
- if(tmp_rsa)
- SSL_CTX_set_tmp_rsa_callback(ctx, cb_generate_tmp_rsa);
-
- /* cipher_list */
- if(cipher_list) {
- if(!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
- fprintf(stderr, "Error setting cipher list '%s'\n",
- cipher_list);
- goto err;
- }
- fprintf(stderr, "Info, set cipher list '%s'\n", cipher_list);
- } else
- fprintf(stderr, "Info, operating with default cipher list\n");
-
- /* dh_file & dh_special */
- if((dh_file || dh_special) && !ctx_set_dh(ctx, dh_file, dh_special))
- goto err;
-
- /* ctx_options */
- SSL_CTX_set_options(ctx, ctx_options);
-
- /* out_state (output of SSL handshake states to screen). */
- if(out_state)
- cb_ssl_info_set_output(stderr);
-
- /* out_verify */
- if(out_verify > 0) {
- cb_ssl_verify_set_output(stderr);
- cb_ssl_verify_set_level(out_verify);
- }
-
- /* verify_depth */
- cb_ssl_verify_set_depth(verify_depth);
-
- /* Success! (includes setting verify_mode) */
- SSL_CTX_set_info_callback(ctx, cb_ssl_info);
- SSL_CTX_set_verify(ctx, verify_mode, cb_ssl_verify);
- ret = ctx;
-err:
- if(!ret) {
- ERR_print_errors_fp(stderr);
- if(ctx)
- SSL_CTX_free(ctx);
- }
- return ret;
-}
-
-/*****************/
-/* Selector bits */
-/*****************/
-
-static void selector_sets_init(select_sets_t *s)
-{
- s->max = 0;
- FD_ZERO(&s->reads);
- FD_ZERO(&s->sends);
- FD_ZERO(&s->excepts);
-}
-static void selector_init(tunala_selector_t *selector)
-{
- selector_sets_init(&selector->last_selected);
- selector_sets_init(&selector->next_select);
-}
-
-#define SEL_EXCEPTS 0x00
-#define SEL_READS 0x01
-#define SEL_SENDS 0x02
-static void selector_add_raw_fd(tunala_selector_t *s, int fd, int flags)
-{
- FD_SET(fd, &s->next_select.excepts);
- if(flags & SEL_READS)
- FD_SET(fd, &s->next_select.reads);
- if(flags & SEL_SENDS)
- FD_SET(fd, &s->next_select.sends);
- /* Adjust "max" */
- if(s->next_select.max < (fd + 1))
- s->next_select.max = fd + 1;
-}
-
-static void selector_add_listener(tunala_selector_t *selector, int fd)
-{
- selector_add_raw_fd(selector, fd, SEL_READS);
-}
-
-static void selector_add_tunala(tunala_selector_t *s, tunala_item_t *t)
-{
- /* Set clean read if sm.clean_in is not full */
- if(t->clean_read != -1) {
- selector_add_raw_fd(s, t->clean_read,
- (buffer_full(state_machine_get_buffer(&t->sm,
- SM_CLEAN_IN)) ? SEL_EXCEPTS : SEL_READS));
- }
- /* Set clean send if sm.clean_out is not empty */
- if(t->clean_send != -1) {
- selector_add_raw_fd(s, t->clean_send,
- (buffer_empty(state_machine_get_buffer(&t->sm,
- SM_CLEAN_OUT)) ? SEL_EXCEPTS : SEL_SENDS));
- }
- /* Set dirty read if sm.dirty_in is not full */
- if(t->dirty_read != -1) {
- selector_add_raw_fd(s, t->dirty_read,
- (buffer_full(state_machine_get_buffer(&t->sm,
- SM_DIRTY_IN)) ? SEL_EXCEPTS : SEL_READS));
- }
- /* Set dirty send if sm.dirty_out is not empty */
- if(t->dirty_send != -1) {
- selector_add_raw_fd(s, t->dirty_send,
- (buffer_empty(state_machine_get_buffer(&t->sm,
- SM_DIRTY_OUT)) ? SEL_EXCEPTS : SEL_SENDS));
- }
-}
-
-static int selector_select(tunala_selector_t *selector)
-{
- memcpy(&selector->last_selected, &selector->next_select,
- sizeof(select_sets_t));
- selector_sets_init(&selector->next_select);
- return select(selector->last_selected.max,
- &selector->last_selected.reads,
- &selector->last_selected.sends,
- &selector->last_selected.excepts, NULL);
-}
-
-/* This returns -1 for error, 0 for no new connections, or 1 for success, in
- * which case *newfd is populated. */
-static int selector_get_listener(tunala_selector_t *selector, int fd, int *newfd)
-{
- if(FD_ISSET(fd, &selector->last_selected.excepts))
- return -1;
- if(!FD_ISSET(fd, &selector->last_selected.reads))
- return 0;
- if((*newfd = ip_accept_connection(fd)) == -1)
- return -1;
- return 1;
-}
-
-/************************/
-/* "Tunala" world stuff */
-/************************/
-
-static int tunala_world_make_room(tunala_world_t *world)
-{
- unsigned int newsize;
- tunala_item_t *newarray;
-
- if(world->tunnels_used < world->tunnels_size)
- return 1;
- newsize = (world->tunnels_size == 0 ? 16 :
- ((world->tunnels_size * 3) / 2));
- if((newarray = malloc(newsize * sizeof(tunala_item_t))) == NULL)
- return 0;
- memset(newarray, 0, newsize * sizeof(tunala_item_t));
- if(world->tunnels_used > 0)
- memcpy(newarray, world->tunnels,
- world->tunnels_used * sizeof(tunala_item_t));
- if(world->tunnels_size > 0)
- free(world->tunnels);
- /* migrate */
- world->tunnels = newarray;
- world->tunnels_size = newsize;
- return 1;
-}
-
-static int tunala_world_new_item(tunala_world_t *world, int fd,
- const char *ip, unsigned short port, int flipped)
-{
- tunala_item_t *item;
- int newfd;
- SSL *new_ssl = NULL;
-
- if(!tunala_world_make_room(world))
- return 0;
- if((new_ssl = SSL_new(world->ssl_ctx)) == NULL) {
- fprintf(stderr, "Error creating new SSL\n");
- ERR_print_errors_fp(stderr);
- return 0;
- }
- item = world->tunnels + (world->tunnels_used++);
- state_machine_init(&item->sm);
- item->clean_read = item->clean_send =
- item->dirty_read = item->dirty_send = -1;
- if((newfd = ip_create_connection_split(ip, port)) == -1)
- goto err;
- /* Which way round? If we're a server, "fd" is the dirty side and the
- * connection we open is the clean one. For a client, it's the other way
- * around. Unless, of course, we're "flipped" in which case everything
- * gets reversed. :-) */
- if((world->server_mode && !flipped) ||
- (!world->server_mode && flipped)) {
- item->dirty_read = item->dirty_send = fd;
- item->clean_read = item->clean_send = newfd;
- } else {
- item->clean_read = item->clean_send = fd;
- item->dirty_read = item->dirty_send = newfd;
- }
- /* We use the SSL's "app_data" to indicate a call-back induced "kill" */
- SSL_set_app_data(new_ssl, NULL);
- if(!state_machine_set_SSL(&item->sm, new_ssl, world->server_mode))
- goto err;
- return 1;
-err:
- tunala_world_del_item(world, world->tunnels_used - 1);
- return 0;
-
-}
-
-static void tunala_world_del_item(tunala_world_t *world, unsigned int idx)
-{
- tunala_item_t *item = world->tunnels + idx;
- if(item->clean_read != -1)
- close(item->clean_read);
- if(item->clean_send != item->clean_read)
- close(item->clean_send);
- item->clean_read = item->clean_send = -1;
- if(item->dirty_read != -1)
- close(item->dirty_read);
- if(item->dirty_send != item->dirty_read)
- close(item->dirty_send);
- item->dirty_read = item->dirty_send = -1;
- state_machine_close(&item->sm);
- /* OK, now we fix the item array */
- if(idx + 1 < world->tunnels_used)
- /* We need to scroll entries to the left */
- memmove(world->tunnels + idx,
- world->tunnels + (idx + 1),
- (world->tunnels_used - (idx + 1)) *
- sizeof(tunala_item_t));
- world->tunnels_used--;
-}
-
-static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item)
-{
- int c_r, c_s, d_r, d_s; /* Four boolean flags */
-
- /* Take ourselves out of the gene-pool if there was an except */
- if((item->clean_read != -1) && FD_ISSET(item->clean_read,
- &selector->last_selected.excepts))
- return 0;
- if((item->clean_send != -1) && FD_ISSET(item->clean_send,
- &selector->last_selected.excepts))
- return 0;
- if((item->dirty_read != -1) && FD_ISSET(item->dirty_read,
- &selector->last_selected.excepts))
- return 0;
- if((item->dirty_send != -1) && FD_ISSET(item->dirty_send,
- &selector->last_selected.excepts))
- return 0;
- /* Grab our 4 IO flags */
- c_r = c_s = d_r = d_s = 0;
- if(item->clean_read != -1)
- c_r = FD_ISSET(item->clean_read, &selector->last_selected.reads);
- if(item->clean_send != -1)
- c_s = FD_ISSET(item->clean_send, &selector->last_selected.sends);
- if(item->dirty_read != -1)
- d_r = FD_ISSET(item->dirty_read, &selector->last_selected.reads);
- if(item->dirty_send != -1)
- d_s = FD_ISSET(item->dirty_send, &selector->last_selected.sends);
- /* If no IO has happened for us, skip needless data looping */
- if(!c_r && !c_s && !d_r && !d_s)
- return 1;
- if(c_r)
- c_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
- SM_CLEAN_IN), item->clean_read) <= 0);
- if(c_s)
- c_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
- SM_CLEAN_OUT), item->clean_send) <= 0);
- if(d_r)
- d_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
- SM_DIRTY_IN), item->dirty_read) <= 0);
- if(d_s)
- d_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
- SM_DIRTY_OUT), item->dirty_send) <= 0);
- /* If any of the flags is non-zero, that means they need closing */
- if(c_r) {
- close(item->clean_read);
- if(item->clean_send == item->clean_read)
- item->clean_send = -1;
- item->clean_read = -1;
- }
- if(c_s && (item->clean_send != -1)) {
- close(item->clean_send);
- if(item->clean_send == item->clean_read)
- item->clean_read = -1;
- item->clean_send = -1;
- }
- if(d_r) {
- close(item->dirty_read);
- if(item->dirty_send == item->dirty_read)
- item->dirty_send = -1;
- item->dirty_read = -1;
- }
- if(d_s && (item->dirty_send != -1)) {
- close(item->dirty_send);
- if(item->dirty_send == item->dirty_read)
- item->dirty_read = -1;
- item->dirty_send = -1;
- }
- /* This function name is attributed to the term donated by David
- * Schwartz on openssl-dev, message-ID:
- * <NCBBLIEPOCNJOAEKBEAKEEDGLIAA.davids at webmaster.com>. :-) */
- if(!state_machine_churn(&item->sm))
- /* If the SSL closes, it will also zero-out the _in buffers
- * and will in future process just outgoing data. As and
- * when the outgoing data has gone, it will return zero
- * here to tell us to bail out. */
- return 0;
- /* Otherwise, we return zero if both sides are dead. */
- if(((item->clean_read == -1) || (item->clean_send == -1)) &&
- ((item->dirty_read == -1) || (item->dirty_send == -1)))
- return 0;
- /* If only one side closed, notify the SSL of this so it can take
- * appropriate action. */
- if((item->clean_read == -1) || (item->clean_send == -1)) {
- if(!state_machine_close_clean(&item->sm))
- return 0;
- }
- if((item->dirty_read == -1) || (item->dirty_send == -1)) {
- if(!state_machine_close_dirty(&item->sm))
- return 0;
- }
- return 1;
-}
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.c (from rev 6976, vendor-crypto/openssl/dist/demos/tunala/tunala.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1180 @@
+#if defined(NO_BUFFER) || defined(NO_IP) || defined(NO_OPENSSL)
+# error "Badness, NO_BUFFER, NO_IP or NO_OPENSSL is defined, turn them *off*"
+#endif
+
+/* Include our bits'n'pieces */
+#include "tunala.h"
+
+/********************************************/
+/* Our local types that specify our "world" */
+/********************************************/
+
+/*
+ * These represent running "tunnels". Eg. if you wanted to do SSL in a
+ * "message-passing" scanario, the "int" file-descriptors might be replaced
+ * by thread or process IDs, and the "select" code might be replaced by
+ * message handling code. Whatever.
+ */
+typedef struct _tunala_item_t {
+ /*
+ * The underlying SSL state machine. This is a data-only processing unit
+ * and we communicate with it by talking to its four "buffers".
+ */
+ state_machine_t sm;
+ /*
+ * The file-descriptors for the "dirty" (encrypted) side of the SSL
+ * setup. In actuality, this is typically a socket and both values are
+ * identical.
+ */
+ int dirty_read, dirty_send;
+ /*
+ * The file-descriptors for the "clean" (unencrypted) side of the SSL
+ * setup. These could be stdin/stdout, a socket (both values the same),
+ * or whatever you like.
+ */
+ int clean_read, clean_send;
+} tunala_item_t;
+
+/*
+ * This structure is used as the data for running the main loop. Namely, in a
+ * network format such as this, it is stuff for select() - but as pointed out,
+ * when moving the real-world to somewhere else, this might be replaced by
+ * something entirely different. It's basically the stuff that controls when
+ * it's time to do some "work".
+ */
+typedef struct _select_sets_t {
+ int max; /* As required as the first argument to
+ * select() */
+ fd_set reads, sends, excepts; /* As passed to select() */
+} select_sets_t;
+typedef struct _tunala_selector_t {
+ select_sets_t last_selected; /* Results of the last select() */
+ select_sets_t next_select; /* What we'll next select on */
+} tunala_selector_t;
+
+/*
+ * This structure is *everything*. We do it to avoid the use of globals so
+ * that, for example, it would be easier to shift things around between
+ * async-IO, thread-based, or multi-fork()ed (or combinations thereof).
+ */
+typedef struct _tunala_world_t {
+ /* The file-descriptor we "listen" on for new connections */
+ int listen_fd;
+ /* The array of tunnels */
+ tunala_item_t *tunnels;
+ /* the number of tunnels in use and allocated, respectively */
+ unsigned int tunnels_used, tunnels_size;
+ /* Our outside "loop" context stuff */
+ tunala_selector_t selector;
+ /*
+ * Our SSL_CTX, which is configured as the SSL client or server and has
+ * the various cert-settings and callbacks configured.
+ */
+ SSL_CTX *ssl_ctx;
+ /*
+ * Simple flag with complex logic :-) Indicates whether we're an SSL
+ * server or an SSL client.
+ */
+ int server_mode;
+} tunala_world_t;
+
+/*****************************/
+/* Internal static functions */
+/*****************************/
+
+static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
+ const char *CAfile, const char *cert,
+ const char *key, const char *dcert,
+ const char *dkey, const char *cipher_list,
+ const char *dh_file,
+ const char *dh_special, int tmp_rsa,
+ int ctx_options, int out_state,
+ int out_verify, int verify_mode,
+ unsigned int verify_depth);
+static void selector_init(tunala_selector_t * selector);
+static void selector_add_listener(tunala_selector_t * selector, int fd);
+static void selector_add_tunala(tunala_selector_t * selector,
+ tunala_item_t * t);
+static int selector_select(tunala_selector_t * selector);
+/*
+ * This returns -1 for error, 0 for no new connections, or 1 for success, in
+ * which case *newfd is populated.
+ */
+static int selector_get_listener(tunala_selector_t * selector, int fd,
+ int *newfd);
+static int tunala_world_new_item(tunala_world_t * world, int fd,
+ const char *ip, unsigned short port,
+ int flipped);
+static void tunala_world_del_item(tunala_world_t * world, unsigned int idx);
+static int tunala_item_io(tunala_selector_t * selector, tunala_item_t * item);
+
+/*********************************************/
+/* MAIN FUNCTION (and its utility functions) */
+/*********************************************/
+
+static const char *def_proxyhost = "127.0.0.1:443";
+static const char *def_listenhost = "127.0.0.1:8080";
+static int def_max_tunnels = 50;
+static const char *def_cacert = NULL;
+static const char *def_cert = NULL;
+static const char *def_key = NULL;
+static const char *def_dcert = NULL;
+static const char *def_dkey = NULL;
+static const char *def_engine_id = NULL;
+static int def_server_mode = 0;
+static int def_flipped = 0;
+static const char *def_cipher_list = NULL;
+static const char *def_dh_file = NULL;
+static const char *def_dh_special = NULL;
+static int def_tmp_rsa = 1;
+static int def_ctx_options = 0;
+static int def_verify_mode = 0;
+static unsigned int def_verify_depth = 10;
+static int def_out_state = 0;
+static unsigned int def_out_verify = 0;
+static int def_out_totals = 0;
+static int def_out_conns = 0;
+
+static const char *helpstring =
+ "\n'Tunala' (A tunneler with a New Zealand accent)\n"
+ "Usage: tunala [options], where options are from;\n"
+ " -listen [host:]<port> (default = 127.0.0.1:8080)\n"
+ " -proxy <host>:<port> (default = 127.0.0.1:443)\n"
+ " -maxtunnels <num> (default = 50)\n"
+ " -cacert <path|NULL> (default = NULL)\n"
+ " -cert <path|NULL> (default = NULL)\n"
+ " -key <path|NULL> (default = whatever '-cert' is)\n"
+ " -dcert <path|NULL> (usually for DSA, default = NULL)\n"
+ " -dkey <path|NULL> (usually for DSA, default = whatever '-dcert' is)\n"
+ " -engine <id|NULL> (default = NULL)\n"
+ " -server <0|1> (default = 0, ie. an SSL client)\n"
+ " -flipped <0|1> (makes SSL servers be network clients, and vice versa)\n"
+ " -cipher <list> (specifies cipher list to use)\n"
+ " -dh_file <path> (a PEM file containing DH parameters to use)\n"
+ " -dh_special <NULL|generate|standard> (see below: def=NULL)\n"
+ " -no_tmp_rsa (don't generate temporary RSA keys)\n"
+ " -no_ssl2 (disable SSLv2)\n"
+ " -no_ssl3 (disable SSLv3)\n"
+ " -no_tls1 (disable TLSv1)\n"
+ " -v_peer (verify the peer certificate)\n"
+ " -v_strict (do not continue if peer doesn't authenticate)\n"
+ " -v_once (no verification in renegotiates)\n"
+ " -v_depth <num> (limit certificate chain depth, default = 10)\n"
+ " -out_conns (prints client connections and disconnections)\n"
+ " -out_state (prints SSL handshake states)\n"
+ " -out_verify <0|1|2|3> (prints certificate verification states: def=1)\n"
+ " -out_totals (prints out byte-totals when a tunnel closes)\n"
+ " -<h|help|?> (displays this help screen)\n"
+ "Notes:\n"
+ "(1) It is recommended to specify a cert+key when operating as an SSL server.\n"
+ " If you only specify '-cert', the same file must contain a matching\n"
+ " private key.\n"
+ "(2) Either dh_file or dh_special can be used to specify where DH parameters\n"
+ " will be obtained from (or '-dh_special NULL' for the default choice) but\n"
+ " you cannot specify both. For dh_special, 'generate' will create new DH\n"
+ " parameters on startup, and 'standard' will use embedded parameters\n"
+ " instead.\n"
+ "(3) Normally an ssl client connects to an ssl server - so that an 'ssl client\n"
+ " tunala' listens for 'clean' client connections and proxies ssl, and an\n"
+ " 'ssl server tunala' listens for ssl connections and proxies 'clean'. With\n"
+ " '-flipped 1', this behaviour is reversed so that an 'ssl server tunala'\n"
+ " listens for clean client connections and proxies ssl (but participating\n"
+ " as an ssl *server* in the SSL/TLS protocol), and an 'ssl client tunala'\n"
+ " listens for ssl connections (participating as an ssl *client* in the\n"
+ " SSL/TLS protocol) and proxies 'clean' to the end destination. This can\n"
+ " be useful for allowing network access to 'servers' where only the server\n"
+ " needs to authenticate the client (ie. the other way is not required).\n"
+ " Even with client and server authentication, this 'technique' mitigates\n"
+ " some DoS (denial-of-service) potential as it will be the network client\n"
+ " having to perform the first private key operation rather than the other\n"
+ " way round.\n"
+ "(4) The 'technique' used by setting '-flipped 1' is probably compatible with\n"
+ " absolutely nothing except another complimentary instance of 'tunala'\n"
+ " running with '-flipped 1'. :-)\n";
+
+/*
+ * Default DH parameters for use with "-dh_special standard" ... stolen
+ * striaght from s_server.
+ */
+static unsigned char dh512_p[] = {
+ 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75,
+ 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F,
+ 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3,
+ 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12,
+ 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C,
+ 0x47, 0x74, 0xE8, 0x33,
+};
+
+static unsigned char dh512_g[] = {
+ 0x02,
+};
+
+/*
+ * And the function that parses the above "standard" parameters, again,
+ * straight out of s_server.
+ */
+static DH *get_dh512(void)
+{
+ DH *dh = NULL;
+
+ if ((dh = DH_new()) == NULL)
+ return (NULL);
+ dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+ dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+ if ((dh->p == NULL) || (dh->g == NULL))
+ return (NULL);
+ return (dh);
+}
+
+/* Various help/error messages used by main() */
+static int usage(const char *errstr, int isunknownarg)
+{
+ if (isunknownarg)
+ fprintf(stderr, "Error: unknown argument '%s'\n", errstr);
+ else
+ fprintf(stderr, "Error: %s\n", errstr);
+ fprintf(stderr, "%s\n", helpstring);
+ return 1;
+}
+
+static int err_str0(const char *str0)
+{
+ fprintf(stderr, "%s\n", str0);
+ return 1;
+}
+
+static int err_str1(const char *fmt, const char *str1)
+{
+ fprintf(stderr, fmt, str1);
+ fprintf(stderr, "\n");
+ return 1;
+}
+
+static int parse_max_tunnels(const char *s, unsigned int *maxtunnels)
+{
+ unsigned long l;
+ if (!int_strtoul(s, &l) || (l < 1) || (l > 1024)) {
+ fprintf(stderr, "Error, '%s' is an invalid value for "
+ "maxtunnels\n", s);
+ return 0;
+ }
+ *maxtunnels = (unsigned int)l;
+ return 1;
+}
+
+static int parse_server_mode(const char *s, int *servermode)
+{
+ unsigned long l;
+ if (!int_strtoul(s, &l) || (l > 1)) {
+ fprintf(stderr, "Error, '%s' is an invalid value for the "
+ "server mode\n", s);
+ return 0;
+ }
+ *servermode = (int)l;
+ return 1;
+}
+
+static int parse_dh_special(const char *s, const char **dh_special)
+{
+ if ((strcmp(s, "NULL") == 0) || (strcmp(s, "generate") == 0) ||
+ (strcmp(s, "standard") == 0)) {
+ *dh_special = s;
+ return 1;
+ }
+ fprintf(stderr, "Error, '%s' is an invalid value for 'dh_special'\n", s);
+ return 0;
+}
+
+static int parse_verify_level(const char *s, unsigned int *verify_level)
+{
+ unsigned long l;
+ if (!int_strtoul(s, &l) || (l > 3)) {
+ fprintf(stderr, "Error, '%s' is an invalid value for "
+ "out_verify\n", s);
+ return 0;
+ }
+ *verify_level = (unsigned int)l;
+ return 1;
+}
+
+static int parse_verify_depth(const char *s, unsigned int *verify_depth)
+{
+ unsigned long l;
+ if (!int_strtoul(s, &l) || (l < 1) || (l > 50)) {
+ fprintf(stderr, "Error, '%s' is an invalid value for "
+ "verify_depth\n", s);
+ return 0;
+ }
+ *verify_depth = (unsigned int)l;
+ return 1;
+}
+
+/* Some fprintf format strings used when tunnels close */
+static const char *io_stats_dirty =
+ " SSL traffic; %8lu bytes in, %8lu bytes out\n";
+static const char *io_stats_clean =
+ " clear traffic; %8lu bytes in, %8lu bytes out\n";
+
+int main(int argc, char *argv[])
+{
+ unsigned int loop;
+ int newfd;
+ tunala_world_t world;
+ tunala_item_t *t_item;
+ const char *proxy_ip;
+ unsigned short proxy_port;
+ /* Overridables */
+ const char *proxyhost = def_proxyhost;
+ const char *listenhost = def_listenhost;
+ unsigned int max_tunnels = def_max_tunnels;
+ const char *cacert = def_cacert;
+ const char *cert = def_cert;
+ const char *key = def_key;
+ const char *dcert = def_dcert;
+ const char *dkey = def_dkey;
+ const char *engine_id = def_engine_id;
+ int server_mode = def_server_mode;
+ int flipped = def_flipped;
+ const char *cipher_list = def_cipher_list;
+ const char *dh_file = def_dh_file;
+ const char *dh_special = def_dh_special;
+ int tmp_rsa = def_tmp_rsa;
+ int ctx_options = def_ctx_options;
+ int verify_mode = def_verify_mode;
+ unsigned int verify_depth = def_verify_depth;
+ int out_state = def_out_state;
+ unsigned int out_verify = def_out_verify;
+ int out_totals = def_out_totals;
+ int out_conns = def_out_conns;
+
+/* Parse command-line arguments */
+ next_arg:
+ argc--;
+ argv++;
+ if (argc > 0) {
+ if (strcmp(*argv, "-listen") == 0) {
+ if (argc < 2)
+ return usage("-listen requires an argument", 0);
+ argc--;
+ argv++;
+ listenhost = *argv;
+ goto next_arg;
+ } else if (strcmp(*argv, "-proxy") == 0) {
+ if (argc < 2)
+ return usage("-proxy requires an argument", 0);
+ argc--;
+ argv++;
+ proxyhost = *argv;
+ goto next_arg;
+ } else if (strcmp(*argv, "-maxtunnels") == 0) {
+ if (argc < 2)
+ return usage("-maxtunnels requires an argument", 0);
+ argc--;
+ argv++;
+ if (!parse_max_tunnels(*argv, &max_tunnels))
+ return 1;
+ goto next_arg;
+ } else if (strcmp(*argv, "-cacert") == 0) {
+ if (argc < 2)
+ return usage("-cacert requires an argument", 0);
+ argc--;
+ argv++;
+ if (strcmp(*argv, "NULL") == 0)
+ cacert = NULL;
+ else
+ cacert = *argv;
+ goto next_arg;
+ } else if (strcmp(*argv, "-cert") == 0) {
+ if (argc < 2)
+ return usage("-cert requires an argument", 0);
+ argc--;
+ argv++;
+ if (strcmp(*argv, "NULL") == 0)
+ cert = NULL;
+ else
+ cert = *argv;
+ goto next_arg;
+ } else if (strcmp(*argv, "-key") == 0) {
+ if (argc < 2)
+ return usage("-key requires an argument", 0);
+ argc--;
+ argv++;
+ if (strcmp(*argv, "NULL") == 0)
+ key = NULL;
+ else
+ key = *argv;
+ goto next_arg;
+ } else if (strcmp(*argv, "-dcert") == 0) {
+ if (argc < 2)
+ return usage("-dcert requires an argument", 0);
+ argc--;
+ argv++;
+ if (strcmp(*argv, "NULL") == 0)
+ dcert = NULL;
+ else
+ dcert = *argv;
+ goto next_arg;
+ } else if (strcmp(*argv, "-dkey") == 0) {
+ if (argc < 2)
+ return usage("-dkey requires an argument", 0);
+ argc--;
+ argv++;
+ if (strcmp(*argv, "NULL") == 0)
+ dkey = NULL;
+ else
+ dkey = *argv;
+ goto next_arg;
+ } else if (strcmp(*argv, "-engine") == 0) {
+ if (argc < 2)
+ return usage("-engine requires an argument", 0);
+ argc--;
+ argv++;
+ engine_id = *argv;
+ goto next_arg;
+ } else if (strcmp(*argv, "-server") == 0) {
+ if (argc < 2)
+ return usage("-server requires an argument", 0);
+ argc--;
+ argv++;
+ if (!parse_server_mode(*argv, &server_mode))
+ return 1;
+ goto next_arg;
+ } else if (strcmp(*argv, "-flipped") == 0) {
+ if (argc < 2)
+ return usage("-flipped requires an argument", 0);
+ argc--;
+ argv++;
+ if (!parse_server_mode(*argv, &flipped))
+ return 1;
+ goto next_arg;
+ } else if (strcmp(*argv, "-cipher") == 0) {
+ if (argc < 2)
+ return usage("-cipher requires an argument", 0);
+ argc--;
+ argv++;
+ cipher_list = *argv;
+ goto next_arg;
+ } else if (strcmp(*argv, "-dh_file") == 0) {
+ if (argc < 2)
+ return usage("-dh_file requires an argument", 0);
+ if (dh_special)
+ return usage("cannot mix -dh_file with " "-dh_special", 0);
+ argc--;
+ argv++;
+ dh_file = *argv;
+ goto next_arg;
+ } else if (strcmp(*argv, "-dh_special") == 0) {
+ if (argc < 2)
+ return usage("-dh_special requires an argument", 0);
+ if (dh_file)
+ return usage("cannot mix -dh_file with " "-dh_special", 0);
+ argc--;
+ argv++;
+ if (!parse_dh_special(*argv, &dh_special))
+ return 1;
+ goto next_arg;
+ } else if (strcmp(*argv, "-no_tmp_rsa") == 0) {
+ tmp_rsa = 0;
+ goto next_arg;
+ } else if (strcmp(*argv, "-no_ssl2") == 0) {
+ ctx_options |= SSL_OP_NO_SSLv2;
+ goto next_arg;
+ } else if (strcmp(*argv, "-no_ssl3") == 0) {
+ ctx_options |= SSL_OP_NO_SSLv3;
+ goto next_arg;
+ } else if (strcmp(*argv, "-no_tls1") == 0) {
+ ctx_options |= SSL_OP_NO_TLSv1;
+ goto next_arg;
+ } else if (strcmp(*argv, "-v_peer") == 0) {
+ verify_mode |= SSL_VERIFY_PEER;
+ goto next_arg;
+ } else if (strcmp(*argv, "-v_strict") == 0) {
+ verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+ goto next_arg;
+ } else if (strcmp(*argv, "-v_once") == 0) {
+ verify_mode |= SSL_VERIFY_CLIENT_ONCE;
+ goto next_arg;
+ } else if (strcmp(*argv, "-v_depth") == 0) {
+ if (argc < 2)
+ return usage("-v_depth requires an argument", 0);
+ argc--;
+ argv++;
+ if (!parse_verify_depth(*argv, &verify_depth))
+ return 1;
+ goto next_arg;
+ } else if (strcmp(*argv, "-out_state") == 0) {
+ out_state = 1;
+ goto next_arg;
+ } else if (strcmp(*argv, "-out_verify") == 0) {
+ if (argc < 2)
+ return usage("-out_verify requires an argument", 0);
+ argc--;
+ argv++;
+ if (!parse_verify_level(*argv, &out_verify))
+ return 1;
+ goto next_arg;
+ } else if (strcmp(*argv, "-out_totals") == 0) {
+ out_totals = 1;
+ goto next_arg;
+ } else if (strcmp(*argv, "-out_conns") == 0) {
+ out_conns = 1;
+ goto next_arg;
+ } else if ((strcmp(*argv, "-h") == 0) ||
+ (strcmp(*argv, "-help") == 0) ||
+ (strcmp(*argv, "-?") == 0)) {
+ fprintf(stderr, "%s\n", helpstring);
+ return 0;
+ } else
+ return usage(*argv, 1);
+ }
+ /* Run any sanity checks we want here */
+ if (!cert && !dcert && server_mode)
+ fprintf(stderr, "WARNING: you are running an SSL server without "
+ "a certificate - this may not work!\n");
+
+ /* Initialise network stuff */
+ if (!ip_initialise())
+ return err_str0("ip_initialise failed");
+ /* Create the SSL_CTX */
+ if ((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id,
+ cacert, cert, key, dcert, dkey,
+ cipher_list, dh_file, dh_special,
+ tmp_rsa, ctx_options, out_state,
+ out_verify, verify_mode,
+ verify_depth)) == NULL)
+ return err_str1("initialise_ssl_ctx(engine_id=%s) failed",
+ (engine_id == NULL) ? "NULL" : engine_id);
+ if (engine_id)
+ fprintf(stderr, "Info, engine '%s' initialised\n", engine_id);
+ /* Create the listener */
+ if ((world.listen_fd = ip_create_listener(listenhost)) == -1)
+ return err_str1("ip_create_listener(%s) failed", listenhost);
+ fprintf(stderr, "Info, listening on '%s'\n", listenhost);
+ if (!ip_parse_address(proxyhost, &proxy_ip, &proxy_port, 0))
+ return err_str1("ip_parse_address(%s) failed", proxyhost);
+ fprintf(stderr, "Info, proxying to '%s' (%d.%d.%d.%d:%d)\n", proxyhost,
+ (int)proxy_ip[0], (int)proxy_ip[1],
+ (int)proxy_ip[2], (int)proxy_ip[3], (int)proxy_port);
+ fprintf(stderr, "Info, set maxtunnels to %d\n", (int)max_tunnels);
+ fprintf(stderr, "Info, set to operate as an SSL %s\n",
+ (server_mode ? "server" : "client"));
+ /* Initialise the rest of the stuff */
+ world.tunnels_used = world.tunnels_size = 0;
+ world.tunnels = NULL;
+ world.server_mode = server_mode;
+ selector_init(&world.selector);
+
+/* We're ready to loop */
+ main_loop:
+ /* Should we listen for *new* tunnels? */
+ if (world.tunnels_used < max_tunnels)
+ selector_add_listener(&world.selector, world.listen_fd);
+ /* We should add in our existing tunnels */
+ for (loop = 0; loop < world.tunnels_used; loop++)
+ selector_add_tunala(&world.selector, world.tunnels + loop);
+ /* Now do the select */
+ switch (selector_select(&world.selector)) {
+ case -1:
+ if (errno != EINTR) {
+ fprintf(stderr, "selector_select returned a " "badness error.\n");
+ goto shouldnt_happen;
+ }
+ fprintf(stderr, "Warn, selector interrupted by a signal\n");
+ goto main_loop;
+ case 0:
+ fprintf(stderr, "Warn, selector_select returned 0 - signal?" "?\n");
+ goto main_loop;
+ default:
+ break;
+ }
+ /* Accept new connection if we should and can */
+ if ((world.tunnels_used < max_tunnels)
+ && (selector_get_listener(&world.selector, world.listen_fd, &newfd) ==
+ 1)) {
+ /* We have a new connection */
+ if (!tunala_world_new_item(&world, newfd, proxy_ip,
+ proxy_port, flipped))
+ fprintf(stderr, "tunala_world_new_item failed\n");
+ else if (out_conns)
+ fprintf(stderr, "Info, new tunnel opened, now up to "
+ "%d\n", world.tunnels_used);
+ }
+ /*
+ * Give each tunnel its moment, note the while loop is because it makes
+ * the logic easier than with "for" to deal with an array that may shift
+ * because of deletes.
+ */
+ loop = 0;
+ t_item = world.tunnels;
+ while (loop < world.tunnels_used) {
+ if (!tunala_item_io(&world.selector, t_item)) {
+ /*
+ * We're closing whether for reasons of an error or a natural
+ * close. Don't increment loop or t_item because the next item is
+ * moving to us!
+ */
+ if (!out_totals)
+ goto skip_totals;
+ fprintf(stderr, "Tunnel closing, traffic stats follow\n");
+ /* Display the encrypted (over the network) stats */
+ fprintf(stderr, io_stats_dirty,
+ buffer_total_in(state_machine_get_buffer
+ (&t_item->sm, SM_DIRTY_IN)),
+ buffer_total_out(state_machine_get_buffer
+ (&t_item->sm, SM_DIRTY_OUT)));
+ /*
+ * Display the local (tunnelled) stats. NB: Data we *receive* is
+ * data sent *out* of the state_machine on its 'clean' side.
+ * Hence the apparent back-to-front OUT/IN mixup here :-)
+ */
+ fprintf(stderr, io_stats_clean,
+ buffer_total_out(state_machine_get_buffer
+ (&t_item->sm, SM_CLEAN_OUT)),
+ buffer_total_in(state_machine_get_buffer
+ (&t_item->sm, SM_CLEAN_IN)));
+ skip_totals:
+ tunala_world_del_item(&world, loop);
+ if (out_conns)
+ fprintf(stderr, "Info, tunnel closed, down to %d\n",
+ world.tunnels_used);
+ } else {
+ /* Move to the next item */
+ loop++;
+ t_item++;
+ }
+ }
+ goto main_loop;
+ /* Should never get here */
+ shouldnt_happen:
+ abort();
+ return 1;
+}
+
+/****************/
+/* OpenSSL bits */
+/****************/
+
+static int ctx_set_cert(SSL_CTX *ctx, const char *cert, const char *key)
+{
+ FILE *fp = NULL;
+ X509 *x509 = NULL;
+ EVP_PKEY *pkey = NULL;
+ int toret = 0; /* Assume an error */
+
+ /* cert */
+ if (cert) {
+ if ((fp = fopen(cert, "r")) == NULL) {
+ fprintf(stderr, "Error opening cert file '%s'\n", cert);
+ goto err;
+ }
+ if (!PEM_read_X509(fp, &x509, NULL, NULL)) {
+ fprintf(stderr, "Error reading PEM cert from '%s'\n", cert);
+ goto err;
+ }
+ if (!SSL_CTX_use_certificate(ctx, x509)) {
+ fprintf(stderr, "Error, cert in '%s' can not be used\n", cert);
+ goto err;
+ }
+ /* Clear the FILE* for reuse in the "key" code */
+ fclose(fp);
+ fp = NULL;
+ fprintf(stderr, "Info, operating with cert in '%s'\n", cert);
+ /*
+ * If a cert was given without matching key, we assume the same file
+ * contains the required key.
+ */
+ if (!key)
+ key = cert;
+ } else {
+ if (key)
+ fprintf(stderr, "Error, can't specify a key without a "
+ "corresponding certificate\n");
+ else
+ fprintf(stderr, "Error, ctx_set_cert called with " "NULLs!\n");
+ goto err;
+ }
+ /* key */
+ if (key) {
+ if ((fp = fopen(key, "r")) == NULL) {
+ fprintf(stderr, "Error opening key file '%s'\n", key);
+ goto err;
+ }
+ if (!PEM_read_PrivateKey(fp, &pkey, NULL, NULL)) {
+ fprintf(stderr, "Error reading PEM key from '%s'\n", key);
+ goto err;
+ }
+ if (!SSL_CTX_use_PrivateKey(ctx, pkey)) {
+ fprintf(stderr, "Error, key in '%s' can not be used\n", key);
+ goto err;
+ }
+ fprintf(stderr, "Info, operating with key in '%s'\n", key);
+ } else
+ fprintf(stderr, "Info, operating without a cert or key\n");
+ /* Success */
+ toret = 1;
+ err:
+ if (x509)
+ X509_free(x509);
+ if (pkey)
+ EVP_PKEY_free(pkey);
+ if (fp)
+ fclose(fp);
+ return toret;
+}
+
+static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file,
+ const char *dh_special)
+{
+ DH *dh = NULL;
+ FILE *fp = NULL;
+
+ if (dh_special) {
+ if (strcmp(dh_special, "NULL") == 0)
+ return 1;
+ if (strcmp(dh_special, "standard") == 0) {
+ if ((dh = get_dh512()) == NULL) {
+ fprintf(stderr, "Error, can't parse 'standard'"
+ " DH parameters\n");
+ return 0;
+ }
+ fprintf(stderr, "Info, using 'standard' DH parameters\n");
+ goto do_it;
+ }
+ if (strcmp(dh_special, "generate") != 0)
+ /*
+ * This shouldn't happen - screening values is handled in main().
+ */
+ abort();
+ fprintf(stderr, "Info, generating DH parameters ... ");
+ fflush(stderr);
+ if ((dh = DH_generate_parameters(512, DH_GENERATOR_5,
+ NULL, NULL)) == NULL) {
+ fprintf(stderr, "error!\n");
+ return 0;
+ }
+ fprintf(stderr, "complete\n");
+ goto do_it;
+ }
+ /* So, we're loading dh_file */
+ if ((fp = fopen(dh_file, "r")) == NULL) {
+ fprintf(stderr, "Error, couldn't open '%s' for DH parameters\n",
+ dh_file);
+ return 0;
+ }
+ dh = PEM_read_DHparams(fp, NULL, NULL, NULL);
+ fclose(fp);
+ if (dh == NULL) {
+ fprintf(stderr, "Error, could not parse DH parameters from '%s'\n",
+ dh_file);
+ return 0;
+ }
+ fprintf(stderr, "Info, using DH parameters from file '%s'\n", dh_file);
+ do_it:
+ SSL_CTX_set_tmp_dh(ctx, dh);
+ DH_free(dh);
+ return 1;
+}
+
+static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
+ const char *CAfile, const char *cert,
+ const char *key, const char *dcert,
+ const char *dkey, const char *cipher_list,
+ const char *dh_file,
+ const char *dh_special, int tmp_rsa,
+ int ctx_options, int out_state,
+ int out_verify, int verify_mode,
+ unsigned int verify_depth)
+{
+ SSL_CTX *ctx = NULL, *ret = NULL;
+ SSL_METHOD *meth;
+ ENGINE *e = NULL;
+
+ OpenSSL_add_ssl_algorithms();
+ SSL_load_error_strings();
+
+ meth = (server_mode ? SSLv23_server_method() : SSLv23_client_method());
+ if (meth == NULL)
+ goto err;
+ if (engine_id) {
+ ENGINE_load_builtin_engines();
+ if ((e = ENGINE_by_id(engine_id)) == NULL) {
+ fprintf(stderr, "Error obtaining '%s' engine, openssl "
+ "errors follow\n", engine_id);
+ goto err;
+ }
+ if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+ fprintf(stderr, "Error assigning '%s' engine, openssl "
+ "errors follow\n", engine_id);
+ goto err;
+ }
+ ENGINE_free(e);
+ }
+ if ((ctx = SSL_CTX_new(meth)) == NULL)
+ goto err;
+ /* cacert */
+ if (CAfile) {
+ if (!X509_STORE_load_locations(SSL_CTX_get_cert_store(ctx),
+ CAfile, NULL)) {
+ fprintf(stderr, "Error loading CA cert(s) in '%s'\n", CAfile);
+ goto err;
+ }
+ fprintf(stderr, "Info, operating with CA cert(s) in '%s'\n", CAfile);
+ } else
+ fprintf(stderr, "Info, operating without a CA cert(-list)\n");
+ if (!SSL_CTX_set_default_verify_paths(ctx)) {
+ fprintf(stderr, "Error setting default verify paths\n");
+ goto err;
+ }
+
+ /* cert and key */
+ if ((cert || key) && !ctx_set_cert(ctx, cert, key))
+ goto err;
+ /* dcert and dkey */
+ if ((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey))
+ goto err;
+ /* temporary RSA key generation */
+ if (tmp_rsa)
+ SSL_CTX_set_tmp_rsa_callback(ctx, cb_generate_tmp_rsa);
+
+ /* cipher_list */
+ if (cipher_list) {
+ if (!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
+ fprintf(stderr, "Error setting cipher list '%s'\n", cipher_list);
+ goto err;
+ }
+ fprintf(stderr, "Info, set cipher list '%s'\n", cipher_list);
+ } else
+ fprintf(stderr, "Info, operating with default cipher list\n");
+
+ /* dh_file & dh_special */
+ if ((dh_file || dh_special) && !ctx_set_dh(ctx, dh_file, dh_special))
+ goto err;
+
+ /* ctx_options */
+ SSL_CTX_set_options(ctx, ctx_options);
+
+ /* out_state (output of SSL handshake states to screen). */
+ if (out_state)
+ cb_ssl_info_set_output(stderr);
+
+ /* out_verify */
+ if (out_verify > 0) {
+ cb_ssl_verify_set_output(stderr);
+ cb_ssl_verify_set_level(out_verify);
+ }
+
+ /* verify_depth */
+ cb_ssl_verify_set_depth(verify_depth);
+
+ /* Success! (includes setting verify_mode) */
+ SSL_CTX_set_info_callback(ctx, cb_ssl_info);
+ SSL_CTX_set_verify(ctx, verify_mode, cb_ssl_verify);
+ ret = ctx;
+ err:
+ if (!ret) {
+ ERR_print_errors_fp(stderr);
+ if (ctx)
+ SSL_CTX_free(ctx);
+ }
+ return ret;
+}
+
+/*****************/
+/* Selector bits */
+/*****************/
+
+static void selector_sets_init(select_sets_t * s)
+{
+ s->max = 0;
+ FD_ZERO(&s->reads);
+ FD_ZERO(&s->sends);
+ FD_ZERO(&s->excepts);
+}
+
+static void selector_init(tunala_selector_t * selector)
+{
+ selector_sets_init(&selector->last_selected);
+ selector_sets_init(&selector->next_select);
+}
+
+#define SEL_EXCEPTS 0x00
+#define SEL_READS 0x01
+#define SEL_SENDS 0x02
+static void selector_add_raw_fd(tunala_selector_t * s, int fd, int flags)
+{
+ FD_SET(fd, &s->next_select.excepts);
+ if (flags & SEL_READS)
+ FD_SET(fd, &s->next_select.reads);
+ if (flags & SEL_SENDS)
+ FD_SET(fd, &s->next_select.sends);
+ /* Adjust "max" */
+ if (s->next_select.max < (fd + 1))
+ s->next_select.max = fd + 1;
+}
+
+static void selector_add_listener(tunala_selector_t * selector, int fd)
+{
+ selector_add_raw_fd(selector, fd, SEL_READS);
+}
+
+static void selector_add_tunala(tunala_selector_t * s, tunala_item_t * t)
+{
+ /* Set clean read if sm.clean_in is not full */
+ if (t->clean_read != -1) {
+ selector_add_raw_fd(s, t->clean_read,
+ (buffer_full(state_machine_get_buffer(&t->sm,
+ SM_CLEAN_IN))
+ ? SEL_EXCEPTS : SEL_READS));
+ }
+ /* Set clean send if sm.clean_out is not empty */
+ if (t->clean_send != -1) {
+ selector_add_raw_fd(s, t->clean_send,
+ (buffer_empty(state_machine_get_buffer(&t->sm,
+ SM_CLEAN_OUT))
+ ? SEL_EXCEPTS : SEL_SENDS));
+ }
+ /* Set dirty read if sm.dirty_in is not full */
+ if (t->dirty_read != -1) {
+ selector_add_raw_fd(s, t->dirty_read,
+ (buffer_full(state_machine_get_buffer(&t->sm,
+ SM_DIRTY_IN))
+ ? SEL_EXCEPTS : SEL_READS));
+ }
+ /* Set dirty send if sm.dirty_out is not empty */
+ if (t->dirty_send != -1) {
+ selector_add_raw_fd(s, t->dirty_send,
+ (buffer_empty(state_machine_get_buffer(&t->sm,
+ SM_DIRTY_OUT))
+ ? SEL_EXCEPTS : SEL_SENDS));
+ }
+}
+
+static int selector_select(tunala_selector_t * selector)
+{
+ memcpy(&selector->last_selected, &selector->next_select,
+ sizeof(select_sets_t));
+ selector_sets_init(&selector->next_select);
+ return select(selector->last_selected.max,
+ &selector->last_selected.reads,
+ &selector->last_selected.sends,
+ &selector->last_selected.excepts, NULL);
+}
+
+/*
+ * This returns -1 for error, 0 for no new connections, or 1 for success, in
+ * which case *newfd is populated.
+ */
+static int selector_get_listener(tunala_selector_t * selector, int fd,
+ int *newfd)
+{
+ if (FD_ISSET(fd, &selector->last_selected.excepts))
+ return -1;
+ if (!FD_ISSET(fd, &selector->last_selected.reads))
+ return 0;
+ if ((*newfd = ip_accept_connection(fd)) == -1)
+ return -1;
+ return 1;
+}
+
+/************************/
+/* "Tunala" world stuff */
+/************************/
+
+static int tunala_world_make_room(tunala_world_t * world)
+{
+ unsigned int newsize;
+ tunala_item_t *newarray;
+
+ if (world->tunnels_used < world->tunnels_size)
+ return 1;
+ newsize = (world->tunnels_size == 0 ? 16 :
+ ((world->tunnels_size * 3) / 2));
+ if ((newarray = malloc(newsize * sizeof(tunala_item_t))) == NULL)
+ return 0;
+ memset(newarray, 0, newsize * sizeof(tunala_item_t));
+ if (world->tunnels_used > 0)
+ memcpy(newarray, world->tunnels,
+ world->tunnels_used * sizeof(tunala_item_t));
+ if (world->tunnels_size > 0)
+ free(world->tunnels);
+ /* migrate */
+ world->tunnels = newarray;
+ world->tunnels_size = newsize;
+ return 1;
+}
+
+static int tunala_world_new_item(tunala_world_t * world, int fd,
+ const char *ip, unsigned short port,
+ int flipped)
+{
+ tunala_item_t *item;
+ int newfd;
+ SSL *new_ssl = NULL;
+
+ if (!tunala_world_make_room(world))
+ return 0;
+ if ((new_ssl = SSL_new(world->ssl_ctx)) == NULL) {
+ fprintf(stderr, "Error creating new SSL\n");
+ ERR_print_errors_fp(stderr);
+ return 0;
+ }
+ item = world->tunnels + (world->tunnels_used++);
+ state_machine_init(&item->sm);
+ item->clean_read = item->clean_send =
+ item->dirty_read = item->dirty_send = -1;
+ if ((newfd = ip_create_connection_split(ip, port)) == -1)
+ goto err;
+ /*
+ * Which way round? If we're a server, "fd" is the dirty side and the
+ * connection we open is the clean one. For a client, it's the other way
+ * around. Unless, of course, we're "flipped" in which case everything
+ * gets reversed. :-)
+ */
+ if ((world->server_mode && !flipped) || (!world->server_mode && flipped)) {
+ item->dirty_read = item->dirty_send = fd;
+ item->clean_read = item->clean_send = newfd;
+ } else {
+ item->clean_read = item->clean_send = fd;
+ item->dirty_read = item->dirty_send = newfd;
+ }
+ /*
+ * We use the SSL's "app_data" to indicate a call-back induced "kill"
+ */
+ SSL_set_app_data(new_ssl, NULL);
+ if (!state_machine_set_SSL(&item->sm, new_ssl, world->server_mode))
+ goto err;
+ return 1;
+ err:
+ tunala_world_del_item(world, world->tunnels_used - 1);
+ return 0;
+
+}
+
+static void tunala_world_del_item(tunala_world_t * world, unsigned int idx)
+{
+ tunala_item_t *item = world->tunnels + idx;
+ if (item->clean_read != -1)
+ close(item->clean_read);
+ if (item->clean_send != item->clean_read)
+ close(item->clean_send);
+ item->clean_read = item->clean_send = -1;
+ if (item->dirty_read != -1)
+ close(item->dirty_read);
+ if (item->dirty_send != item->dirty_read)
+ close(item->dirty_send);
+ item->dirty_read = item->dirty_send = -1;
+ state_machine_close(&item->sm);
+ /* OK, now we fix the item array */
+ if (idx + 1 < world->tunnels_used)
+ /* We need to scroll entries to the left */
+ memmove(world->tunnels + idx,
+ world->tunnels + (idx + 1),
+ (world->tunnels_used - (idx + 1)) * sizeof(tunala_item_t));
+ world->tunnels_used--;
+}
+
+static int tunala_item_io(tunala_selector_t * selector, tunala_item_t * item)
+{
+ int c_r, c_s, d_r, d_s; /* Four boolean flags */
+
+ /* Take ourselves out of the gene-pool if there was an except */
+ if ((item->clean_read != -1) && FD_ISSET(item->clean_read,
+ &selector->
+ last_selected.excepts))
+ return 0;
+ if ((item->clean_send != -1) && FD_ISSET(item->clean_send,
+ &selector->
+ last_selected.excepts))
+ return 0;
+ if ((item->dirty_read != -1) && FD_ISSET(item->dirty_read,
+ &selector->
+ last_selected.excepts))
+ return 0;
+ if ((item->dirty_send != -1) && FD_ISSET(item->dirty_send,
+ &selector->
+ last_selected.excepts))
+ return 0;
+ /* Grab our 4 IO flags */
+ c_r = c_s = d_r = d_s = 0;
+ if (item->clean_read != -1)
+ c_r = FD_ISSET(item->clean_read, &selector->last_selected.reads);
+ if (item->clean_send != -1)
+ c_s = FD_ISSET(item->clean_send, &selector->last_selected.sends);
+ if (item->dirty_read != -1)
+ d_r = FD_ISSET(item->dirty_read, &selector->last_selected.reads);
+ if (item->dirty_send != -1)
+ d_s = FD_ISSET(item->dirty_send, &selector->last_selected.sends);
+ /* If no IO has happened for us, skip needless data looping */
+ if (!c_r && !c_s && !d_r && !d_s)
+ return 1;
+ if (c_r)
+ c_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
+ SM_CLEAN_IN),
+ item->clean_read) <= 0);
+ if (c_s)
+ c_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
+ SM_CLEAN_OUT),
+ item->clean_send) <= 0);
+ if (d_r)
+ d_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
+ SM_DIRTY_IN),
+ item->dirty_read) <= 0);
+ if (d_s)
+ d_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
+ SM_DIRTY_OUT),
+ item->dirty_send) <= 0);
+ /* If any of the flags is non-zero, that means they need closing */
+ if (c_r) {
+ close(item->clean_read);
+ if (item->clean_send == item->clean_read)
+ item->clean_send = -1;
+ item->clean_read = -1;
+ }
+ if (c_s && (item->clean_send != -1)) {
+ close(item->clean_send);
+ if (item->clean_send == item->clean_read)
+ item->clean_read = -1;
+ item->clean_send = -1;
+ }
+ if (d_r) {
+ close(item->dirty_read);
+ if (item->dirty_send == item->dirty_read)
+ item->dirty_send = -1;
+ item->dirty_read = -1;
+ }
+ if (d_s && (item->dirty_send != -1)) {
+ close(item->dirty_send);
+ if (item->dirty_send == item->dirty_read)
+ item->dirty_read = -1;
+ item->dirty_send = -1;
+ }
+ /*
+ * This function name is attributed to the term donated by David Schwartz
+ * on openssl-dev, message-ID:
+ * <NCBBLIEPOCbmasEKBEAKEEDGLIAA.davids at webmaster.com>. :-)
+ */
+ if (!state_machine_churn(&item->sm))
+ /*
+ * If the SSL closes, it will also zero-out the _in buffers and will
+ * in future process just outgoing data. As and when the outgoing
+ * data has gone, it will return zero here to tell us to bail out.
+ */
+ return 0;
+ /* Otherwise, we return zero if both sides are dead. */
+ if (((item->clean_read == -1) || (item->clean_send == -1)) &&
+ ((item->dirty_read == -1) || (item->dirty_send == -1)))
+ return 0;
+ /*
+ * If only one side closed, notify the SSL of this so it can take
+ * appropriate action.
+ */
+ if ((item->clean_read == -1) || (item->clean_send == -1)) {
+ if (!state_machine_close_clean(&item->sm))
+ return 0;
+ }
+ if ((item->dirty_read == -1) || (item->dirty_send == -1)) {
+ if (!state_machine_close_dirty(&item->sm))
+ return 0;
+ }
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.h
===================================================================
--- vendor-crypto/openssl/dist/demos/tunala/tunala.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,215 +0,0 @@
-/* Tunala ("Tunneler with a New Zealand accent")
- *
- * Written by Geoff Thorpe, but endorsed/supported by noone. Please use this is
- * if it's useful or informative to you, but it's only here as a scratchpad for
- * ideas about how you might (or might not) program with OpenSSL. If you deploy
- * this is in a mission-critical environment, and have not read, understood,
- * audited, and modified this code to your satisfaction, and the result is that
- * all hell breaks loose and you are looking for a new employer, then it proves
- * nothing except perhaps that Darwinism is alive and well. Let's just say, *I*
- * don't use this in a mission-critical environment, so it would be stupid for
- * anyone to assume that it is solid and/or tested enough when even its author
- * doesn't place that much trust in it. You have been warned.
- *
- * With thanks to Cryptographic Appliances, Inc.
- */
-
-#ifndef _TUNALA_H
-#define _TUNALA_H
-
-/* pull in autoconf fluff */
-#ifndef NO_CONFIG_H
-#include "config.h"
-#else
-/* We don't have autoconf, we have to set all of these unless a tweaked Makefile
- * tells us not to ... */
-/* headers */
-#ifndef NO_HAVE_SELECT
-#define HAVE_SELECT
-#endif
-#ifndef NO_HAVE_SOCKET
-#define HAVE_SOCKET
-#endif
-#ifndef NO_HAVE_UNISTD_H
-#define HAVE_UNISTD_H
-#endif
-#ifndef NO_HAVE_FCNTL_H
-#define HAVE_FCNTL_H
-#endif
-#ifndef NO_HAVE_LIMITS_H
-#define HAVE_LIMITS_H
-#endif
-/* features */
-#ifndef NO_HAVE_STRSTR
-#define HAVE_STRSTR
-#endif
-#ifndef NO_HAVE_STRTOUL
-#define HAVE_STRTOUL
-#endif
-#endif
-
-#if !defined(HAVE_SELECT) || !defined(HAVE_SOCKET)
-#error "can't build without some network basics like select() and socket()"
-#endif
-
-#include <stdlib.h>
-#ifndef NO_SYSTEM_H
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-#include <netdb.h>
-#include <signal.h>
-#include <sys/socket.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#endif /* !defined(NO_SYSTEM_H) */
-
-#ifndef NO_OPENSSL
-#include <openssl/err.h>
-#include <openssl/engine.h>
-#include <openssl/ssl.h>
-#endif /* !defined(NO_OPENSSL) */
-
-#ifndef OPENSSL_NO_BUFFER
-/* This is the generic "buffer" type that is used when feeding the
- * state-machine. It's basically a FIFO with respect to the "adddata" &
- * "takedata" type functions that operate on it. */
-#define MAX_DATA_SIZE 16384
-typedef struct _buffer_t {
- unsigned char data[MAX_DATA_SIZE];
- unsigned int used;
- /* Statistical values - counts the total number of bytes read in and
- * read out (respectively) since "buffer_init()" */
- unsigned long total_in, total_out;
-} buffer_t;
-
-/* Initialise a buffer structure before use */
-void buffer_init(buffer_t *buf);
-/* Cleanup a buffer structure - presently not needed, but if buffer_t is
- * converted to using dynamic allocation, this would be required - so should be
- * called to protect against an explosion of memory leaks later if the change is
- * made. */
-void buffer_close(buffer_t *buf);
-
-/* Basic functions to manipulate buffers */
-
-unsigned int buffer_used(buffer_t *buf); /* How much data in the buffer */
-unsigned int buffer_unused(buffer_t *buf); /* How much space in the buffer */
-int buffer_full(buffer_t *buf); /* Boolean, is it full? */
-int buffer_notfull(buffer_t *buf); /* Boolean, is it not full? */
-int buffer_empty(buffer_t *buf); /* Boolean, is it empty? */
-int buffer_notempty(buffer_t *buf); /* Boolean, is it not empty? */
-unsigned long buffer_total_in(buffer_t *buf); /* Total bytes written to buffer */
-unsigned long buffer_total_out(buffer_t *buf); /* Total bytes read from buffer */
-
-#if 0 /* Currently used only within buffer.c - better to expose only
- * higher-level functions anyway */
-/* Add data to the tail of the buffer, returns the amount that was actually
- * added (so, you need to check if return value is less than size) */
-unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
- unsigned int size);
-
-/* Take data from the front of the buffer (and scroll the rest forward). If
- * "ptr" is NULL, this just removes data off the front of the buffer. Return
- * value is the amount actually removed (can be less than size if the buffer has
- * too little data). */
-unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
- unsigned int size);
-
-/* Flushes as much data as possible out of the "from" buffer into the "to"
- * buffer. Return value is the amount moved. The amount moved can be restricted
- * to a maximum by specifying "cap" - setting it to -1 means no limit. */
-unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap);
-#endif
-
-#ifndef NO_IP
-/* Read or write between a file-descriptor and a buffer */
-int buffer_from_fd(buffer_t *buf, int fd);
-int buffer_to_fd(buffer_t *buf, int fd);
-#endif /* !defined(NO_IP) */
-
-#ifndef NO_OPENSSL
-/* Read or write between an SSL or BIO and a buffer */
-void buffer_from_SSL(buffer_t *buf, SSL *ssl);
-void buffer_to_SSL(buffer_t *buf, SSL *ssl);
-void buffer_from_BIO(buffer_t *buf, BIO *bio);
-void buffer_to_BIO(buffer_t *buf, BIO *bio);
-
-/* Callbacks */
-void cb_ssl_info(const SSL *s, int where, int ret);
-void cb_ssl_info_set_output(FILE *fp); /* Called if output should be sent too */
-int cb_ssl_verify(int ok, X509_STORE_CTX *ctx);
-void cb_ssl_verify_set_output(FILE *fp);
-void cb_ssl_verify_set_depth(unsigned int verify_depth);
-void cb_ssl_verify_set_level(unsigned int level);
-RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength);
-#endif /* !defined(NO_OPENSSL) */
-#endif /* !defined(OPENSSL_NO_BUFFER) */
-
-#ifndef NO_TUNALA
-#ifdef OPENSSL_NO_BUFFER
-#error "TUNALA section of tunala.h requires BUFFER support"
-#endif
-typedef struct _state_machine_t {
- SSL *ssl;
- BIO *bio_intossl;
- BIO *bio_fromssl;
- buffer_t clean_in, clean_out;
- buffer_t dirty_in, dirty_out;
-} state_machine_t;
-typedef enum {
- SM_CLEAN_IN, SM_CLEAN_OUT,
- SM_DIRTY_IN, SM_DIRTY_OUT
-} sm_buffer_t;
-void state_machine_init(state_machine_t *machine);
-void state_machine_close(state_machine_t *machine);
-buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type);
-SSL *state_machine_get_SSL(state_machine_t *machine);
-int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server);
-/* Performs the data-IO loop and returns zero if the machine should close */
-int state_machine_churn(state_machine_t *machine);
-/* Is used to handle closing conditions - namely when one side of the tunnel has
- * closed but the other should finish flushing. */
-int state_machine_close_clean(state_machine_t *machine);
-int state_machine_close_dirty(state_machine_t *machine);
-#endif /* !defined(NO_TUNALA) */
-
-#ifndef NO_IP
-/* Initialise anything related to the networking. This includes blocking pesky
- * SIGPIPE signals. */
-int ip_initialise(void);
-/* ip is the 4-byte ip address (eg. 127.0.0.1 is {0x7F,0x00,0x00,0x01}), port is
- * the port to listen on (host byte order), and the return value is the
- * file-descriptor or -1 on error. */
-int ip_create_listener_split(const char *ip, unsigned short port);
-/* Same semantics as above. */
-int ip_create_connection_split(const char *ip, unsigned short port);
-/* Converts a string into the ip/port before calling the above */
-int ip_create_listener(const char *address);
-int ip_create_connection(const char *address);
-/* Just does a string conversion on its own. NB: If accept_all_ip is non-zero,
- * then the address string could be just a port. Ie. it's suitable for a
- * listening address but not a connecting address. */
-int ip_parse_address(const char *address, const char **parsed_ip,
- unsigned short *port, int accept_all_ip);
-/* Accepts an incoming connection through the listener. Assumes selects and
- * what-not have deemed it an appropriate thing to do. */
-int ip_accept_connection(int listen_fd);
-#endif /* !defined(NO_IP) */
-
-/* These functions wrap up things that can be portability hassles. */
-int int_strtoul(const char *str, unsigned long *val);
-#ifdef HAVE_STRSTR
-#define int_strstr strstr
-#else
-char *int_strstr(const char *haystack, const char *needle);
-#endif
-
-#endif /* !defined(_TUNALA_H) */
Copied: vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.h (from rev 6976, vendor-crypto/openssl/dist/demos/tunala/tunala.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/tunala/tunala.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,244 @@
+/*
+ * Tunala ("Tunneler with a New Zealand accent") Written by Geoff Thorpe,
+ * but endorsed/supported by noone. Please use this is if it's useful or
+ * informative to you, but it's only here as a scratchpad for ideas about how
+ * you might (or might not) program with OpenSSL. If you deploy this is in a
+ * mission-critical environment, and have not read, understood, audited, and
+ * modified this code to your satisfaction, and the result is that all hell
+ * breaks loose and you are looking for a new employer, then it proves
+ * nothing except perhaps that Darwinism is alive and well. Let's just say,
+ * *I* don't use this in a mission-critical environment, so it would be
+ * stupid for anyone to assume that it is solid and/or tested enough when
+ * even its author doesn't place that much trust in it. You have been warned.
+ * With thanks to Cryptographic Appliances, Inc.
+ */
+
+#ifndef _TUNALA_H
+# define _TUNALA_H
+
+/* pull in autoconf fluff */
+# ifndef NO_CONFIG_H
+# include "config.h"
+# else
+/*
+ * We don't have autoconf, we have to set all of these unless a tweaked
+ * Makefile tells us not to ...
+ */
+/* headers */
+# ifndef NO_HAVE_SELECT
+# define HAVE_SELECT
+# endif
+# ifndef NO_HAVE_SOCKET
+# define HAVE_SOCKET
+# endif
+# ifndef NO_HAVE_UNISTD_H
+# define HAVE_UNISTD_H
+# endif
+# ifndef NO_HAVE_FCNTL_H
+# define HAVE_FCNTL_H
+# endif
+# ifndef NO_HAVE_LIMITS_H
+# define HAVE_LIMITS_H
+# endif
+/* features */
+# ifndef NO_HAVE_STRSTR
+# define HAVE_STRSTR
+# endif
+# ifndef NO_HAVE_STRTOUL
+# define HAVE_STRTOUL
+# endif
+# endif
+
+# if !defined(HAVE_SELECT) || !defined(HAVE_SOCKET)
+# error "can't build without some network basics like select() and socket()"
+# endif
+
+# include <stdlib.h>
+# ifndef NO_SYSTEM_H
+# include <string.h>
+# ifdef HAVE_UNISTD_H
+# include <unistd.h>
+# endif
+# ifdef HAVE_FCNTL_H
+# include <fcntl.h>
+# endif
+# ifdef HAVE_LIMITS_H
+# include <limits.h>
+# endif
+# include <netdb.h>
+# include <signal.h>
+# include <sys/socket.h>
+# include <sys/types.h>
+# include <netinet/in.h>
+# endif /* !defined(NO_SYSTEM_H) */
+
+# ifndef NO_OPENSSL
+# include <openssl/err.h>
+# include <openssl/engine.h>
+# include <openssl/ssl.h>
+# endif /* !defined(NO_OPENSSL) */
+
+# ifndef OPENSSL_NO_BUFFER
+/*
+ * This is the generic "buffer" type that is used when feeding the
+ * state-machine. It's basically a FIFO with respect to the "adddata" &
+ * "takedata" type functions that operate on it.
+ */
+# define MAX_DATA_SIZE 16384
+typedef struct _buffer_t {
+ unsigned char data[MAX_DATA_SIZE];
+ unsigned int used;
+ /*
+ * Statistical values - counts the total number of bytes read in and read
+ * out (respectively) since "buffer_init()"
+ */
+ unsigned long total_in, total_out;
+} buffer_t;
+
+/* Initialise a buffer structure before use */
+void buffer_init(buffer_t * buf);
+/*
+ * Cleanup a buffer structure - presently not needed, but if buffer_t is
+ * converted to using dynamic allocation, this would be required - so should
+ * be called to protect against an explosion of memory leaks later if the
+ * change is made.
+ */
+void buffer_close(buffer_t * buf);
+
+/* Basic functions to manipulate buffers */
+
+unsigned int buffer_used(buffer_t * buf); /* How much data in the buffer */
+unsigned int buffer_unused(buffer_t * buf); /* How much space in the buffer */
+int buffer_full(buffer_t * buf); /* Boolean, is it full? */
+int buffer_notfull(buffer_t * buf); /* Boolean, is it not full? */
+int buffer_empty(buffer_t * buf); /* Boolean, is it empty? */
+int buffer_notempty(buffer_t * buf); /* Boolean, is it not empty? */
+unsigned long buffer_total_in(buffer_t * buf); /* Total bytes written to
+ * buffer */
+unsigned long buffer_total_out(buffer_t * buf); /* Total bytes read from
+ * buffer */
+
+# if 0 /* Currently used only within buffer.c -
+ * better to expose only higher-level
+ * functions anyway */
+/*
+ * Add data to the tail of the buffer, returns the amount that was actually
+ * added (so, you need to check if return value is less than size)
+ */
+unsigned int buffer_adddata(buffer_t * buf, const unsigned char *ptr,
+ unsigned int size);
+
+/*
+ * Take data from the front of the buffer (and scroll the rest forward). If
+ * "ptr" is NULL, this just removes data off the front of the buffer. Return
+ * value is the amount actually removed (can be less than size if the buffer
+ * has too little data).
+ */
+unsigned int buffer_takedata(buffer_t * buf, unsigned char *ptr,
+ unsigned int size);
+
+/*
+ * Flushes as much data as possible out of the "from" buffer into the "to"
+ * buffer. Return value is the amount moved. The amount moved can be
+ * restricted to a maximum by specifying "cap" - setting it to -1 means no
+ * limit.
+ */
+unsigned int buffer_tobuffer(buffer_t * to, buffer_t * from, int cap);
+# endif
+
+# ifndef NO_IP
+/* Read or write between a file-descriptor and a buffer */
+int buffer_from_fd(buffer_t * buf, int fd);
+int buffer_to_fd(buffer_t * buf, int fd);
+# endif /* !defined(NO_IP) */
+
+# ifndef NO_OPENSSL
+/* Read or write between an SSL or BIO and a buffer */
+void buffer_from_SSL(buffer_t * buf, SSL *ssl);
+void buffer_to_SSL(buffer_t * buf, SSL *ssl);
+void buffer_from_BIO(buffer_t * buf, BIO *bio);
+void buffer_to_BIO(buffer_t * buf, BIO *bio);
+
+/* Callbacks */
+void cb_ssl_info(const SSL *s, int where, int ret);
+/* Called if output should be sent too */
+void cb_ssl_info_set_output(FILE *fp);
+int cb_ssl_verify(int ok, X509_STORE_CTX *ctx);
+void cb_ssl_verify_set_output(FILE *fp);
+void cb_ssl_verify_set_depth(unsigned int verify_depth);
+void cb_ssl_verify_set_level(unsigned int level);
+RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength);
+# endif /* !defined(NO_OPENSSL) */
+# endif /* !defined(OPENSSL_NO_BUFFER) */
+
+# ifndef NO_TUNALA
+# ifdef OPENSSL_NO_BUFFER
+# error "TUNALA section of tunala.h requires BUFFER support"
+# endif
+typedef struct _state_machine_t {
+ SSL *ssl;
+ BIO *bio_intossl;
+ BIO *bio_fromssl;
+ buffer_t clean_in, clean_out;
+ buffer_t dirty_in, dirty_out;
+} state_machine_t;
+typedef enum {
+ SM_CLEAN_IN, SM_CLEAN_OUT,
+ SM_DIRTY_IN, SM_DIRTY_OUT
+} sm_buffer_t;
+void state_machine_init(state_machine_t * machine);
+void state_machine_close(state_machine_t * machine);
+buffer_t *state_machine_get_buffer(state_machine_t * machine,
+ sm_buffer_t type);
+SSL *state_machine_get_SSL(state_machine_t * machine);
+int state_machine_set_SSL(state_machine_t * machine, SSL *ssl, int is_server);
+/* Performs the data-IO loop and returns zero if the machine should close */
+int state_machine_churn(state_machine_t * machine);
+/*
+ * Is used to handle closing conditions - namely when one side of the tunnel
+ * has closed but the other should finish flushing.
+ */
+int state_machine_close_clean(state_machine_t * machine);
+int state_machine_close_dirty(state_machine_t * machine);
+# endif /* !defined(NO_TUNALA) */
+
+# ifndef NO_IP
+/*
+ * Initialise anything related to the networking. This includes blocking
+ * pesky SIGPIPE signals.
+ */
+int ip_initialise(void);
+/*
+ * ip is the 4-byte ip address (eg. 127.0.0.1 is {0x7F,0x00,0x00,0x01}), port
+ * is the port to listen on (host byte order), and the return value is the
+ * file-descriptor or -1 on error.
+ */
+int ip_create_listener_split(const char *ip, unsigned short port);
+/* Same semantics as above. */
+int ip_create_connection_split(const char *ip, unsigned short port);
+/* Converts a string into the ip/port before calling the above */
+int ip_create_listener(const char *address);
+int ip_create_connection(const char *address);
+/*
+ * Just does a string conversion on its own. NB: If accept_all_ip is
+ * non-zero, then the address string could be just a port. Ie. it's suitable
+ * for a listening address but not a connecting address.
+ */
+int ip_parse_address(const char *address, const char **parsed_ip,
+ unsigned short *port, int accept_all_ip);
+/*
+ * Accepts an incoming connection through the listener. Assumes selects and
+ * what-not have deemed it an appropriate thing to do.
+ */
+int ip_accept_connection(int listen_fd);
+# endif /* !defined(NO_IP) */
+
+/* These functions wrap up things that can be portability hassles. */
+int int_strtoul(const char *str, unsigned long *val);
+# ifdef HAVE_STRSTR
+# define int_strstr strstr
+# else
+char *int_strstr(const char *haystack, const char *needle);
+# endif
+
+#endif /* !defined(_TUNALA_H) */
Deleted: vendor-crypto/openssl/0.9.8zf/demos/x509/mkcert.c
===================================================================
--- vendor-crypto/openssl/dist/demos/x509/mkcert.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/x509/mkcert.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,172 +0,0 @@
-/* Certificate creation. Demonstrates some certificate related
- * operations.
- */
-
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <openssl/pem.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
-int add_ext(X509 *cert, int nid, char *value);
-
-int main(int argc, char **argv)
- {
- BIO *bio_err;
- X509 *x509=NULL;
- EVP_PKEY *pkey=NULL;
-
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
-
- mkcert(&x509,&pkey,512,0,365);
-
- RSA_print_fp(stdout,pkey->pkey.rsa,0);
- X509_print_fp(stdout,x509);
-
- PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
- PEM_write_X509(stdout,x509);
-
- X509_free(x509);
- EVP_PKEY_free(pkey);
-
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif
- CRYPTO_cleanup_all_ex_data();
-
- CRYPTO_mem_leaks(bio_err);
- BIO_free(bio_err);
- return(0);
- }
-
-static void callback(int p, int n, void *arg)
- {
- char c='B';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- fputc(c,stderr);
- }
-
-int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
- {
- X509 *x;
- EVP_PKEY *pk;
- RSA *rsa;
- X509_NAME *name=NULL;
-
- if ((pkeyp == NULL) || (*pkeyp == NULL))
- {
- if ((pk=EVP_PKEY_new()) == NULL)
- {
- abort();
- return(0);
- }
- }
- else
- pk= *pkeyp;
-
- if ((x509p == NULL) || (*x509p == NULL))
- {
- if ((x=X509_new()) == NULL)
- goto err;
- }
- else
- x= *x509p;
-
- rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
- if (!EVP_PKEY_assign_RSA(pk,rsa))
- {
- abort();
- goto err;
- }
- rsa=NULL;
-
- X509_set_version(x,2);
- ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
- X509_gmtime_adj(X509_get_notBefore(x),0);
- X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
- X509_set_pubkey(x,pk);
-
- name=X509_get_subject_name(x);
-
- /* This function creates and adds the entry, working out the
- * correct string type and performing checks on its length.
- * Normally we'd check the return value for errors...
- */
- X509_NAME_add_entry_by_txt(name,"C",
- MBSTRING_ASC, "UK", -1, -1, 0);
- X509_NAME_add_entry_by_txt(name,"CN",
- MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
-
- /* Its self signed so set the issuer name to be the same as the
- * subject.
- */
- X509_set_issuer_name(x,name);
-
- /* Add various extensions: standard extensions */
- add_ext(x, NID_basic_constraints, "critical,CA:TRUE");
- add_ext(x, NID_key_usage, "critical,keyCertSign,cRLSign");
-
- add_ext(x, NID_subject_key_identifier, "hash");
-
- /* Some Netscape specific extensions */
- add_ext(x, NID_netscape_cert_type, "sslCA");
-
- add_ext(x, NID_netscape_comment, "example comment extension");
-
-
-#ifdef CUSTOM_EXT
- /* Maybe even add our own extension based on existing */
- {
- int nid;
- nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
- X509V3_EXT_add_alias(nid, NID_netscape_comment);
- add_ext(x, nid, "example comment alias");
- }
-#endif
-
- if (!X509_sign(x,pk,EVP_sha1()))
- goto err;
-
- *x509p=x;
- *pkeyp=pk;
- return(1);
-err:
- return(0);
- }
-
-/* Add extension using V3 code: we can set the config file as NULL
- * because we wont reference any other sections.
- */
-
-int add_ext(X509 *cert, int nid, char *value)
- {
- X509_EXTENSION *ex;
- X509V3_CTX ctx;
- /* This sets the 'context' of the extensions. */
- /* No configuration database */
- X509V3_set_ctx_nodb(&ctx);
- /* Issuer and subject certs: both the target since it is self signed,
- * no request and no CRL
- */
- X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
- ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
- if (!ex)
- return 0;
-
- X509_add_ext(cert,ex,-1);
- X509_EXTENSION_free(ex);
- return 1;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/x509/mkcert.c (from rev 6976, vendor-crypto/openssl/dist/demos/x509/mkcert.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/x509/mkcert.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/x509/mkcert.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,169 @@
+/*
+ * Certificate creation. Demonstrates some certificate related operations.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+int add_ext(X509 *cert, int nid, char *value);
+
+int main(int argc, char **argv)
+{
+ BIO *bio_err;
+ X509 *x509 = NULL;
+ EVP_PKEY *pkey = NULL;
+
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ mkcert(&x509, &pkey, 512, 0, 365);
+
+ RSA_print_fp(stdout, pkey->pkey.rsa, 0);
+ X509_print_fp(stdout, x509);
+
+ PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
+ PEM_write_X509(stdout, x509);
+
+ X509_free(x509);
+ EVP_PKEY_free(pkey);
+
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+#endif
+ CRYPTO_cleanup_all_ex_data();
+
+ CRYPTO_mem_leaks(bio_err);
+ BIO_free(bio_err);
+ return (0);
+}
+
+static void callback(int p, int n, void *arg)
+{
+ char c = 'B';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ fputc(c, stderr);
+}
+
+int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
+{
+ X509 *x;
+ EVP_PKEY *pk;
+ RSA *rsa;
+ X509_NAME *name = NULL;
+
+ if ((pkeyp == NULL) || (*pkeyp == NULL)) {
+ if ((pk = EVP_PKEY_new()) == NULL) {
+ abort();
+ return (0);
+ }
+ } else
+ pk = *pkeyp;
+
+ if ((x509p == NULL) || (*x509p == NULL)) {
+ if ((x = X509_new()) == NULL)
+ goto err;
+ } else
+ x = *x509p;
+
+ rsa = RSA_generate_key(bits, RSA_F4, callback, NULL);
+ if (!EVP_PKEY_assign_RSA(pk, rsa)) {
+ abort();
+ goto err;
+ }
+ rsa = NULL;
+
+ X509_set_version(x, 2);
+ ASN1_INTEGER_set(X509_get_serialNumber(x), serial);
+ X509_gmtime_adj(X509_get_notBefore(x), 0);
+ X509_gmtime_adj(X509_get_notAfter(x), (long)60 * 60 * 24 * days);
+ X509_set_pubkey(x, pk);
+
+ name = X509_get_subject_name(x);
+
+ /*
+ * This function creates and adds the entry, working out the correct
+ * string type and performing checks on its length. Normally we'd check
+ * the return value for errors...
+ */
+ X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "UK", -1, -1, 0);
+ X509_NAME_add_entry_by_txt(name, "CN",
+ MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
+
+ /*
+ * Its self signed so set the issuer name to be the same as the subject.
+ */
+ X509_set_issuer_name(x, name);
+
+ /* Add various extensions: standard extensions */
+ add_ext(x, NID_basic_constraints, "critical,CA:TRUE");
+ add_ext(x, NID_key_usage, "critical,keyCertSign,cRLSign");
+
+ add_ext(x, NID_subject_key_identifier, "hash");
+
+ /* Some Netscape specific extensions */
+ add_ext(x, NID_netscape_cert_type, "sslCA");
+
+ add_ext(x, NID_netscape_comment, "example comment extension");
+
+#ifdef CUSTOM_EXT
+ /* Maybe even add our own extension based on existing */
+ {
+ int nid;
+ nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
+ X509V3_EXT_add_alias(nid, NID_netscape_comment);
+ add_ext(x, nid, "example comment alias");
+ }
+#endif
+
+ if (!X509_sign(x, pk, EVP_sha1()))
+ goto err;
+
+ *x509p = x;
+ *pkeyp = pk;
+ return (1);
+ err:
+ return (0);
+}
+
+/*
+ * Add extension using V3 code: we can set the config file as NULL because we
+ * wont reference any other sections.
+ */
+
+int add_ext(X509 *cert, int nid, char *value)
+{
+ X509_EXTENSION *ex;
+ X509V3_CTX ctx;
+ /* This sets the 'context' of the extensions. */
+ /* No configuration database */
+ X509V3_set_ctx_nodb(&ctx);
+ /*
+ * Issuer and subject certs: both the target since it is self signed, no
+ * request and no CRL
+ */
+ X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
+ ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
+ if (!ex)
+ return 0;
+
+ X509_add_ext(cert, ex, -1);
+ X509_EXTENSION_free(ex);
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/demos/x509/mkreq.c
===================================================================
--- vendor-crypto/openssl/dist/demos/x509/mkreq.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/demos/x509/mkreq.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,162 +0,0 @@
-/* Certificate request creation. Demonstrates some request related
- * operations.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <openssl/pem.h>
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
-int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value);
-
-int main(int argc, char **argv)
- {
- BIO *bio_err;
- X509_REQ *req=NULL;
- EVP_PKEY *pkey=NULL;
-
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
-
- mkreq(&req,&pkey,512,0,365);
-
- RSA_print_fp(stdout,pkey->pkey.rsa,0);
- X509_REQ_print_fp(stdout,req);
-
- PEM_write_X509_REQ(stdout,req);
-
- X509_REQ_free(req);
- EVP_PKEY_free(pkey);
-
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif
- CRYPTO_cleanup_all_ex_data();
-
- CRYPTO_mem_leaks(bio_err);
- BIO_free(bio_err);
- return(0);
- }
-
-static void callback(int p, int n, void *arg)
- {
- char c='B';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- fputc(c,stderr);
- }
-
-int mkreq(X509_REQ **req, EVP_PKEY **pkeyp, int bits, int serial, int days)
- {
- X509_REQ *x;
- EVP_PKEY *pk;
- RSA *rsa;
- X509_NAME *name=NULL;
- STACK_OF(X509_EXTENSION) *exts = NULL;
-
- if ((pk=EVP_PKEY_new()) == NULL)
- goto err;
-
- if ((x=X509_REQ_new()) == NULL)
- goto err;
-
- rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
- if (!EVP_PKEY_assign_RSA(pk,rsa))
- goto err;
-
- rsa=NULL;
-
- X509_REQ_set_pubkey(x,pk);
-
- name=X509_REQ_get_subject_name(x);
-
- /* This function creates and adds the entry, working out the
- * correct string type and performing checks on its length.
- * Normally we'd check the return value for errors...
- */
- X509_NAME_add_entry_by_txt(name,"C",
- MBSTRING_ASC, "UK", -1, -1, 0);
- X509_NAME_add_entry_by_txt(name,"CN",
- MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
-
-#ifdef REQUEST_EXTENSIONS
- /* Certificate requests can contain extensions, which can be used
- * to indicate the extensions the requestor would like added to
- * their certificate. CAs might ignore them however or even choke
- * if they are present.
- */
-
- /* For request extensions they are all packed in a single attribute.
- * We save them in a STACK and add them all at once later...
- */
-
- exts = sk_X509_EXTENSION_new_null();
- /* Standard extenions */
-
- add_ext(exts, NID_key_usage, "critical,digitalSignature,keyEncipherment");
-
- /* This is a typical use for request extensions: requesting a value for
- * subject alternative name.
- */
-
- add_ext(exts, NID_subject_alt_name, "email:steve at openssl.org");
-
- /* Some Netscape specific extensions */
- add_ext(exts, NID_netscape_cert_type, "client,email");
-
-
-
-#ifdef CUSTOM_EXT
- /* Maybe even add our own extension based on existing */
- {
- int nid;
- nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
- X509V3_EXT_add_alias(nid, NID_netscape_comment);
- add_ext(x, nid, "example comment alias");
- }
-#endif
-
- /* Now we've created the extensions we add them to the request */
-
- X509_REQ_add_extensions(x, exts);
-
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-
-#endif
-
- if (!X509_REQ_sign(x,pk,EVP_sha1()))
- goto err;
-
- *req=x;
- *pkeyp=pk;
- return(1);
-err:
- return(0);
- }
-
-/* Add extension using V3 code: we can set the config file as NULL
- * because we wont reference any other sections.
- */
-
-int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value)
- {
- X509_EXTENSION *ex;
- ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
- if (!ex)
- return 0;
- sk_X509_EXTENSION_push(sk, ex);
-
- return 1;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/demos/x509/mkreq.c (from rev 6976, vendor-crypto/openssl/dist/demos/x509/mkreq.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/demos/x509/mkreq.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/demos/x509/mkreq.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,168 @@
+/*
+ * Certificate request creation. Demonstrates some request related
+ * operations.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value);
+
+int main(int argc, char **argv)
+{
+ BIO *bio_err;
+ X509_REQ *req = NULL;
+ EVP_PKEY *pkey = NULL;
+
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ mkreq(&req, &pkey, 512, 0, 365);
+
+ RSA_print_fp(stdout, pkey->pkey.rsa, 0);
+ X509_REQ_print_fp(stdout, req);
+
+ PEM_write_X509_REQ(stdout, req);
+
+ X509_REQ_free(req);
+ EVP_PKEY_free(pkey);
+
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+#endif
+ CRYPTO_cleanup_all_ex_data();
+
+ CRYPTO_mem_leaks(bio_err);
+ BIO_free(bio_err);
+ return (0);
+}
+
+static void callback(int p, int n, void *arg)
+{
+ char c = 'B';
+
+ if (p == 0)
+ c = '.';
+ if (p == 1)
+ c = '+';
+ if (p == 2)
+ c = '*';
+ if (p == 3)
+ c = '\n';
+ fputc(c, stderr);
+}
+
+int mkreq(X509_REQ **req, EVP_PKEY **pkeyp, int bits, int serial, int days)
+{
+ X509_REQ *x;
+ EVP_PKEY *pk;
+ RSA *rsa;
+ X509_NAME *name = NULL;
+ STACK_OF(X509_EXTENSION) *exts = NULL;
+
+ if ((pk = EVP_PKEY_new()) == NULL)
+ goto err;
+
+ if ((x = X509_REQ_new()) == NULL)
+ goto err;
+
+ rsa = RSA_generate_key(bits, RSA_F4, callback, NULL);
+ if (!EVP_PKEY_assign_RSA(pk, rsa))
+ goto err;
+
+ rsa = NULL;
+
+ X509_REQ_set_pubkey(x, pk);
+
+ name = X509_REQ_get_subject_name(x);
+
+ /*
+ * This function creates and adds the entry, working out the correct
+ * string type and performing checks on its length. Normally we'd check
+ * the return value for errors...
+ */
+ X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, "UK", -1, -1, 0);
+ X509_NAME_add_entry_by_txt(name, "CN",
+ MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
+
+#ifdef REQUEST_EXTENSIONS
+ /*
+ * Certificate requests can contain extensions, which can be used to
+ * indicate the extensions the requestor would like added to their
+ * certificate. CAs might ignore them however or even choke if they are
+ * present.
+ */
+
+ /*
+ * For request extensions they are all packed in a single attribute. We
+ * save them in a STACK and add them all at once later...
+ */
+
+ exts = sk_X509_EXTENSION_new_null();
+ /* Standard extenions */
+
+ add_ext(exts, NID_key_usage, "critical,digitalSignature,keyEncipherment");
+
+ /*
+ * This is a typical use for request extensions: requesting a value for
+ * subject alternative name.
+ */
+
+ add_ext(exts, NID_subject_alt_name, "email:steve at openssl.org");
+
+ /* Some Netscape specific extensions */
+ add_ext(exts, NID_netscape_cert_type, "client,email");
+
+# ifdef CUSTOM_EXT
+ /* Maybe even add our own extension based on existing */
+ {
+ int nid;
+ nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
+ X509V3_EXT_add_alias(nid, NID_netscape_comment);
+ add_ext(x, nid, "example comment alias");
+ }
+# endif
+
+ /* Now we've created the extensions we add them to the request */
+
+ X509_REQ_add_extensions(x, exts);
+
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+#endif
+
+ if (!X509_REQ_sign(x, pk, EVP_sha1()))
+ goto err;
+
+ *req = x;
+ *pkeyp = pk;
+ return (1);
+ err:
+ return (0);
+}
+
+/*
+ * Add extension using V3 code: we can set the config file as NULL because we
+ * wont reference any other sections.
+ */
+
+int add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, char *value)
+{
+ X509_EXTENSION *ex;
+ ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
+ if (!ex)
+ return 0;
+ sk_X509_EXTENSION_push(sk, ex);
+
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/doc/apps/ciphers.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/apps/ciphers.pod 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/doc/apps/ciphers.pod 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,434 +0,0 @@
-=pod
-
-=head1 NAME
-
-ciphers - SSL cipher display and cipher list tool.
-
-=head1 SYNOPSIS
-
-B<openssl> B<ciphers>
-[B<-v>]
-[B<-ssl2>]
-[B<-ssl3>]
-[B<-tls1>]
-[B<cipherlist>]
-
-=head1 DESCRIPTION
-
-The B<cipherlist> command converts OpenSSL cipher lists into ordered
-SSL cipher preference lists. It can be used as a test tool to determine
-the appropriate cipherlist.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-v>
-
-verbose option. List ciphers with a complete description of
-protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
-authentication, encryption and mac algorithms used along with any key size
-restrictions and whether the algorithm is classed as an "export" cipher.
-Note that without the B<-v> option, ciphers may seem to appear twice
-in a cipher list; this is when similar ciphers are available for
-SSL v2 and for SSL v3/TLS v1.
-
-=item B<-ssl3>
-
-only include SSL v3 ciphers.
-
-=item B<-ssl2>
-
-only include SSL v2 ciphers.
-
-=item B<-tls1>
-
-only include TLS v1 ciphers.
-
-=item B<-h>, B<-?>
-
-print a brief usage message.
-
-=item B<cipherlist>
-
-a cipher list to convert to a cipher preference list. If it is not included
-then the default cipher list will be used. The format is described below.
-
-=back
-
-=head1 CIPHER LIST FORMAT
-
-The cipher list consists of one or more I<cipher strings> separated by colons.
-Commas or spaces are also acceptable separators but colons are normally used.
-
-The actual cipher string can take several different forms.
-
-It can consist of a single cipher suite such as B<RC4-SHA>.
-
-It can represent a list of cipher suites containing a certain algorithm, or
-cipher suites of a certain type. For example B<SHA1> represents all ciphers
-suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
-algorithms.
-
-Lists of cipher suites can be combined in a single cipher string using the
-B<+> character. This is used as a logical B<and> operation. For example
-B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
-algorithms.
-
-Each cipher string can be optionally preceded by the characters B<!>,
-B<-> or B<+>.
-
-If B<!> is used then the ciphers are permanently deleted from the list.
-The ciphers deleted can never reappear in the list even if they are
-explicitly stated.
-
-If B<-> is used then the ciphers are deleted from the list, but some or
-all of the ciphers can be added again by later options.
-
-If B<+> is used then the ciphers are moved to the end of the list. This
-option doesn't add any new ciphers it just moves matching existing ones.
-
-If none of these characters is present then the string is just interpreted
-as a list of ciphers to be appended to the current preference list. If the
-list includes any ciphers already present they will be ignored: that is they
-will not moved to the end of the list.
-
-Additionally the cipher string B<@STRENGTH> can be used at any point to sort
-the current cipher list in order of encryption algorithm key length.
-
-=head1 CIPHER STRINGS
-
-The following is a list of all permitted cipher strings and their meanings.
-
-=over 4
-
-=item B<DEFAULT>
-
-the default cipher list. This is determined at compile time and is normally
-B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string
-specified.
-
-=item B<COMPLEMENTOFDEFAULT>
-
-the ciphers included in B<ALL>, but not enabled by default. Currently
-this is B<ADH>. Note that this rule does not cover B<eNULL>, which is
-not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
-
-=item B<ALL>
-
-all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled.
-
-=item B<COMPLEMENTOFALL>
-
-the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
-
-=item B<HIGH>
-
-"high" encryption cipher suites. This currently means those with key lengths larger
-than 128 bits, and some cipher suites with 128-bit keys.
-
-=item B<MEDIUM>
-
-"medium" encryption cipher suites, currently some of those using 128 bit encryption.
-
-=item B<LOW>
-
-"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
-but excluding export cipher suites.
-
-=item B<EXP>, B<EXPORT>
-
-export encryption algorithms. Including 40 and 56 bits algorithms.
-
-=item B<EXPORT40>
-
-40 bit export encryption algorithms
-
-=item B<EXPORT56>
-
-56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
-56 bit export ciphers is empty unless OpenSSL has been explicitly configured
-with support for experimental ciphers.
-
-=item B<eNULL>, B<NULL>
-
-the "NULL" ciphers that is those offering no encryption. Because these offer no
-encryption at all and are a security risk they are disabled unless explicitly
-included.
-
-=item B<aNULL>
-
-the cipher suites offering no authentication. This is currently the anonymous
-DH algorithms. These cipher suites are vulnerable to a "man in the middle"
-attack and so their use is normally discouraged.
-
-=item B<kRSA>, B<RSA>
-
-cipher suites using RSA key exchange.
-
-=item B<kEDH>
-
-cipher suites using ephemeral DH key agreement.
-
-=item B<kDHr>, B<kDHd>
-
-cipher suites using DH key agreement and DH certificates signed by CAs with RSA
-and DSS keys respectively. Not implemented.
-
-=item B<aRSA>
-
-cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
-
-=item B<aDSS>, B<DSS>
-
-cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
-
-=item B<aDH>
-
-cipher suites effectively using DH authentication, i.e. the certificates carry
-DH keys. Not implemented.
-
-=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
-
-ciphers suites using FORTEZZA key exchange, authentication, encryption or all
-FORTEZZA algorithms. Not implemented.
-
-=item B<TLSv1>, B<SSLv3>, B<SSLv2>
-
-TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
-
-=item B<DH>
-
-cipher suites using DH, including anonymous DH.
-
-=item B<ADH>
-
-anonymous DH cipher suites.
-
-=item B<AES>
-
-cipher suites using AES.
-
-=item B<CAMELLIA>
-
-cipher suites using Camellia.
-
-=item B<3DES>
-
-cipher suites using triple DES.
-
-=item B<DES>
-
-cipher suites using DES (not triple DES).
-
-=item B<RC4>
-
-cipher suites using RC4.
-
-=item B<RC2>
-
-cipher suites using RC2.
-
-=item B<IDEA>
-
-cipher suites using IDEA.
-
-=item B<SEED>
-
-cipher suites using SEED.
-
-=item B<MD5>
-
-cipher suites using MD5.
-
-=item B<SHA1>, B<SHA>
-
-cipher suites using SHA1.
-
-=back
-
-=head1 CIPHER SUITE NAMES
-
-The following lists give the SSL or TLS cipher suites names from the
-relevant specification and their OpenSSL equivalents. It should be noted,
-that several cipher suite names do not include the authentication used,
-e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
-
-=head2 SSL v3.0 cipher suites.
-
- SSL_RSA_WITH_NULL_MD5 NULL-MD5
- SSL_RSA_WITH_NULL_SHA NULL-SHA
- SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
- SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
- SSL_RSA_WITH_RC4_128_SHA RC4-SHA
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
- SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
- SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
- SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
- SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
-
- SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
- SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.
- SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
- SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
- SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.
- SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
- SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
- SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
- SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
- SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
-
- SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
- SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
- SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
- SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
- SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
-
- SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
- SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
- SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
-
-=head2 TLS v1.0 cipher suites.
-
- TLS_RSA_WITH_NULL_MD5 NULL-MD5
- TLS_RSA_WITH_NULL_SHA NULL-SHA
- TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
- TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
- TLS_RSA_WITH_RC4_128_SHA RC4-SHA
- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
- TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
- TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
- TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
-
- TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
- TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
- TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
- TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
- TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
- TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
- TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
- TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
-
- TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
- TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
- TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
- TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
-
-=head2 AES ciphersuites from RFC3268, extending TLS v1.0
-
- TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
- TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
-
- TLS_DH_DSS_WITH_AES_128_CBC_SHA Not implemented.
- TLS_DH_DSS_WITH_AES_256_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_AES_128_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_AES_256_CBC_SHA Not implemented.
-
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA
-
- TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
- TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
-
-=head2 Camellia ciphersuites from RFC4132, extending TLS v1.0
-
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA
-
- TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA Not implemented.
- TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA Not implemented.
-
- TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA
- TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA
-
- TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA
- TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA
-
-=head2 SEED ciphersuites from RFC4162, extending TLS v1.0
-
- TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA
-
- TLS_DH_DSS_WITH_SEED_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_SEED_CBC_SHA Not implemented.
-
- TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA
- TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA
-
- TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA
-
-=head2 Additional Export 1024 and other cipher suites
-
-Note: these ciphers can also be used in SSL v3.
-
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA
- TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
- TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
- TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
-
-=head2 SSL v2.0 cipher suites.
-
- SSL_CK_RC4_128_WITH_MD5 RC4-MD5
- SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5
- SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5
- SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5
- SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5
-
-=head1 NOTES
-
-The non-ephemeral DH modes are currently unimplemented in OpenSSL
-because there is no support for DH certificates.
-
-Some compiled versions of OpenSSL may not include all the ciphers
-listed here because some ciphers were excluded at compile time.
-
-=head1 EXAMPLES
-
-Verbose listing of all OpenSSL ciphers including NULL ciphers:
-
- openssl ciphers -v 'ALL:eNULL'
-
-Include all ciphers except NULL and anonymous DH then sort by
-strength:
-
- openssl ciphers -v 'ALL:!ADH:@STRENGTH'
-
-Include only 3DES ciphers and then place RSA ciphers last:
-
- openssl ciphers -v '3DES:+RSA'
-
-Include all RC4 ciphers but leave out those without authentication:
-
- openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
-
-Include all chiphers with RSA authentication but leave out ciphers without
-encryption.
-
- openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
-
-=head1 SEE ALSO
-
-L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
-
-=head1 HISTORY
-
-The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were
-added in version 0.9.7.
-
-=cut
Copied: vendor-crypto/openssl/0.9.8zf/doc/apps/ciphers.pod (from rev 6976, vendor-crypto/openssl/dist/doc/apps/ciphers.pod)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/doc/apps/ciphers.pod (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/doc/apps/ciphers.pod 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,434 @@
+=pod
+
+=head1 NAME
+
+ciphers - SSL cipher display and cipher list tool.
+
+=head1 SYNOPSIS
+
+B<openssl> B<ciphers>
+[B<-v>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<cipherlist>]
+
+=head1 DESCRIPTION
+
+The B<cipherlist> command converts OpenSSL cipher lists into ordered
+SSL cipher preference lists. It can be used as a test tool to determine
+the appropriate cipherlist.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-v>
+
+verbose option. List ciphers with a complete description of
+protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
+authentication, encryption and mac algorithms used along with any key size
+restrictions and whether the algorithm is classed as an "export" cipher.
+Note that without the B<-v> option, ciphers may seem to appear twice
+in a cipher list; this is when similar ciphers are available for
+SSL v2 and for SSL v3/TLS v1.
+
+=item B<-ssl3>
+
+only include SSL v3 ciphers.
+
+=item B<-ssl2>
+
+only include SSL v2 ciphers.
+
+=item B<-tls1>
+
+only include TLS v1 ciphers.
+
+=item B<-h>, B<-?>
+
+print a brief usage message.
+
+=item B<cipherlist>
+
+a cipher list to convert to a cipher preference list. If it is not included
+then the default cipher list will be used. The format is described below.
+
+=back
+
+=head1 CIPHER LIST FORMAT
+
+The cipher list consists of one or more I<cipher strings> separated by colons.
+Commas or spaces are also acceptable separators but colons are normally used.
+
+The actual cipher string can take several different forms.
+
+It can consist of a single cipher suite such as B<RC4-SHA>.
+
+It can represent a list of cipher suites containing a certain algorithm, or
+cipher suites of a certain type. For example B<SHA1> represents all ciphers
+suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
+algorithms.
+
+Lists of cipher suites can be combined in a single cipher string using the
+B<+> character. This is used as a logical B<and> operation. For example
+B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
+algorithms.
+
+Each cipher string can be optionally preceded by the characters B<!>,
+B<-> or B<+>.
+
+If B<!> is used then the ciphers are permanently deleted from the list.
+The ciphers deleted can never reappear in the list even if they are
+explicitly stated.
+
+If B<-> is used then the ciphers are deleted from the list, but some or
+all of the ciphers can be added again by later options.
+
+If B<+> is used then the ciphers are moved to the end of the list. This
+option doesn't add any new ciphers it just moves matching existing ones.
+
+If none of these characters is present then the string is just interpreted
+as a list of ciphers to be appended to the current preference list. If the
+list includes any ciphers already present they will be ignored: that is they
+will not moved to the end of the list.
+
+Additionally the cipher string B<@STRENGTH> can be used at any point to sort
+the current cipher list in order of encryption algorithm key length.
+
+=head1 CIPHER STRINGS
+
+The following is a list of all permitted cipher strings and their meanings.
+
+=over 4
+
+=item B<DEFAULT>
+
+the default cipher list. This is determined at compile time and is normally
+B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH>. This must be the first cipher string
+specified.
+
+=item B<COMPLEMENTOFDEFAULT>
+
+the ciphers included in B<ALL>, but not enabled by default. Currently
+this is B<ADH>. Note that this rule does not cover B<eNULL>, which is
+not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
+
+=item B<ALL>
+
+all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled.
+
+=item B<COMPLEMENTOFALL>
+
+the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
+
+=item B<HIGH>
+
+"high" encryption cipher suites. This currently means those with key lengths larger
+than 128 bits, and some cipher suites with 128-bit keys.
+
+=item B<MEDIUM>
+
+"medium" encryption cipher suites, currently some of those using 128 bit encryption.
+
+=item B<LOW>
+
+"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
+but excluding export cipher suites.
+
+=item B<EXP>, B<EXPORT>
+
+export encryption algorithms. Including 40 and 56 bits algorithms.
+
+=item B<EXPORT40>
+
+40 bit export encryption algorithms
+
+=item B<EXPORT56>
+
+56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
+56 bit export ciphers is empty unless OpenSSL has been explicitly configured
+with support for experimental ciphers.
+
+=item B<eNULL>, B<NULL>
+
+the "NULL" ciphers that is those offering no encryption. Because these offer no
+encryption at all and are a security risk they are disabled unless explicitly
+included.
+
+=item B<aNULL>
+
+the cipher suites offering no authentication. This is currently the anonymous
+DH algorithms. These cipher suites are vulnerable to a "man in the middle"
+attack and so their use is normally discouraged.
+
+=item B<kRSA>, B<RSA>
+
+cipher suites using RSA key exchange.
+
+=item B<kEDH>
+
+cipher suites using ephemeral DH key agreement.
+
+=item B<kDHr>, B<kDHd>
+
+cipher suites using DH key agreement and DH certificates signed by CAs with RSA
+and DSS keys respectively. Not implemented.
+
+=item B<aRSA>
+
+cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
+
+=item B<aDSS>, B<DSS>
+
+cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
+
+=item B<aDH>
+
+cipher suites effectively using DH authentication, i.e. the certificates carry
+DH keys. Not implemented.
+
+=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
+
+ciphers suites using FORTEZZA key exchange, authentication, encryption or all
+FORTEZZA algorithms. Not implemented.
+
+=item B<TLSv1>, B<SSLv3>, B<SSLv2>
+
+TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
+
+=item B<DH>
+
+cipher suites using DH, including anonymous DH.
+
+=item B<ADH>
+
+anonymous DH cipher suites.
+
+=item B<AES>
+
+cipher suites using AES.
+
+=item B<CAMELLIA>
+
+cipher suites using Camellia.
+
+=item B<3DES>
+
+cipher suites using triple DES.
+
+=item B<DES>
+
+cipher suites using DES (not triple DES).
+
+=item B<RC4>
+
+cipher suites using RC4.
+
+=item B<RC2>
+
+cipher suites using RC2.
+
+=item B<IDEA>
+
+cipher suites using IDEA.
+
+=item B<SEED>
+
+cipher suites using SEED.
+
+=item B<MD5>
+
+cipher suites using MD5.
+
+=item B<SHA1>, B<SHA>
+
+cipher suites using SHA1.
+
+=back
+
+=head1 CIPHER SUITE NAMES
+
+The following lists give the SSL or TLS cipher suites names from the
+relevant specification and their OpenSSL equivalents. It should be noted,
+that several cipher suite names do not include the authentication used,
+e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
+
+=head2 SSL v3.0 cipher suites.
+
+ SSL_RSA_WITH_NULL_MD5 NULL-MD5
+ SSL_RSA_WITH_NULL_SHA NULL-SHA
+ SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
+ SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
+ SSL_RSA_WITH_RC4_128_SHA RC4-SHA
+ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
+ SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
+ SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
+ SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
+
+ SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
+ SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.
+ SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
+ SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
+ SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.
+ SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
+ SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
+ SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
+ SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
+ SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
+ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
+
+ SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
+ SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
+ SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
+ SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
+ SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
+
+ SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
+ SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
+ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
+
+=head2 TLS v1.0 cipher suites.
+
+ TLS_RSA_WITH_NULL_MD5 NULL-MD5
+ TLS_RSA_WITH_NULL_SHA NULL-SHA
+ TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
+ TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
+ TLS_RSA_WITH_RC4_128_SHA RC4-SHA
+ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
+ TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
+ TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
+ TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
+
+ TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
+ TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
+ TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
+ TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
+ TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
+ TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
+ TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
+ TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
+ TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
+
+ TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
+ TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
+ TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
+ TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
+
+=head2 AES ciphersuites from RFC3268, extending TLS v1.0
+
+ TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
+ TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
+
+ TLS_DH_DSS_WITH_AES_128_CBC_SHA Not implemented.
+ TLS_DH_DSS_WITH_AES_256_CBC_SHA Not implemented.
+ TLS_DH_RSA_WITH_AES_128_CBC_SHA Not implemented.
+ TLS_DH_RSA_WITH_AES_256_CBC_SHA Not implemented.
+
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA
+
+ TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
+ TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
+
+=head2 Camellia ciphersuites from RFC4132, extending TLS v1.0
+
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA
+
+ TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA Not implemented.
+ TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA Not implemented.
+ TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA Not implemented.
+ TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA Not implemented.
+
+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA
+
+ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA
+
+=head2 SEED ciphersuites from RFC4162, extending TLS v1.0
+
+ TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA
+
+ TLS_DH_DSS_WITH_SEED_CBC_SHA Not implemented.
+ TLS_DH_RSA_WITH_SEED_CBC_SHA Not implemented.
+
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA
+
+ TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA
+
+=head2 Additional Export 1024 and other cipher suites
+
+Note: these ciphers can also be used in SSL v3.
+
+ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA
+ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA
+ TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
+ TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
+ TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
+
+=head2 SSL v2.0 cipher suites.
+
+ SSL_CK_RC4_128_WITH_MD5 RC4-MD5
+ SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5
+ SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5
+ SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5
+ SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5
+ SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5
+ SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5
+
+=head1 NOTES
+
+The non-ephemeral DH modes are currently unimplemented in OpenSSL
+because there is no support for DH certificates.
+
+Some compiled versions of OpenSSL may not include all the ciphers
+listed here because some ciphers were excluded at compile time.
+
+=head1 EXAMPLES
+
+Verbose listing of all OpenSSL ciphers including NULL ciphers:
+
+ openssl ciphers -v 'ALL:eNULL'
+
+Include all ciphers except NULL and anonymous DH then sort by
+strength:
+
+ openssl ciphers -v 'ALL:!ADH:@STRENGTH'
+
+Include only 3DES ciphers and then place RSA ciphers last:
+
+ openssl ciphers -v '3DES:+RSA'
+
+Include all RC4 ciphers but leave out those without authentication:
+
+ openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
+
+Include all chiphers with RSA authentication but leave out ciphers without
+encryption.
+
+ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
+
+=head1 SEE ALSO
+
+L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
+
+=head1 HISTORY
+
+The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were
+added in version 0.9.7.
+
+=cut
Deleted: vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_mode.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_mode.pod 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_mode.pod 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,87 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
- long SSL_set_mode(SSL *ssl, long mode);
-
- long SSL_CTX_get_mode(SSL_CTX *ctx);
- long SSL_get_mode(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_mode() adds the mode set via bitmask in B<mode> to B<ctx>.
-Options already set before are not cleared.
-
-SSL_set_mode() adds the mode set via bitmask in B<mode> to B<ssl>.
-Options already set before are not cleared.
-
-SSL_CTX_get_mode() returns the mode set for B<ctx>.
-
-SSL_get_mode() returns the mode set for B<ssl>.
-
-=head1 NOTES
-
-The following mode changes are available:
-
-=over 4
-
-=item SSL_MODE_ENABLE_PARTIAL_WRITE
-
-Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
-when just a single record has been written). When not set (the default),
-SSL_write() will only report success once the complete chunk was written.
-Once SSL_write() returns with r, r bytes have been successfully written
-and the next call to SSL_write() must only send the n-r bytes left,
-imitating the behaviour of write().
-
-=item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
-
-Make it possible to retry SSL_write() with changed buffer location
-(the buffer contents must stay the same). This is not the default to avoid
-the misconception that non-blocking SSL_write() behaves like
-non-blocking write().
-
-=item SSL_MODE_AUTO_RETRY
-
-Never bother the application with retries if the transport is blocking.
-If a renegotiation take place during normal operation, a
-L<SSL_read(3)|SSL_read(3)> or L<SSL_write(3)|SSL_write(3)> would return
-with -1 and indicate the need to retry with SSL_ERROR_WANT_READ.
-In a non-blocking environment applications must be prepared to handle
-incomplete read/write operations.
-In a blocking environment, applications are not always prepared to
-deal with read/write operations returning without success report. The
-flag SSL_MODE_AUTO_RETRY will cause read/write operations to only
-return after the handshake and successful completion.
-
-=item SSL_MODE_FALLBACK_SCSV
-
-Send TLS_FALLBACK_SCSV in the ClientHello.
-To be set by applications that reconnect with a downgraded protocol
-version; see draft-ietf-tls-downgrade-scsv-00 for details.
-
-=back
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask
-after adding B<mode>.
-
-SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_read(3)|SSL_read(3)>, L<SSL_write(3)|SSL_write(3)>
-
-=head1 HISTORY
-
-SSL_MODE_AUTO_RETRY as been added in OpenSSL 0.9.6.
-
-=cut
Copied: vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_mode.pod (from rev 6969, vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_mode.pod)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_mode.pod (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_mode.pod 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,91 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
+ long SSL_set_mode(SSL *ssl, long mode);
+
+ long SSL_CTX_get_mode(SSL_CTX *ctx);
+ long SSL_get_mode(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_mode() adds the mode set via bitmask in B<mode> to B<ctx>.
+Options already set before are not cleared.
+
+SSL_set_mode() adds the mode set via bitmask in B<mode> to B<ssl>.
+Options already set before are not cleared.
+
+SSL_CTX_get_mode() returns the mode set for B<ctx>.
+
+SSL_get_mode() returns the mode set for B<ssl>.
+
+=head1 NOTES
+
+The following mode changes are available:
+
+=over 4
+
+=item SSL_MODE_ENABLE_PARTIAL_WRITE
+
+Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+when just a single record has been written). When not set (the default),
+SSL_write() will only report success once the complete chunk was written.
+Once SSL_write() returns with r, r bytes have been successfully written
+and the next call to SSL_write() must only send the n-r bytes left,
+imitating the behaviour of write().
+
+=item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
+
+Make it possible to retry SSL_write() with changed buffer location
+(the buffer contents must stay the same). This is not the default to avoid
+the misconception that non-blocking SSL_write() behaves like
+non-blocking write().
+
+=item SSL_MODE_AUTO_RETRY
+
+Never bother the application with retries if the transport is blocking.
+If a renegotiation take place during normal operation, a
+L<SSL_read(3)|SSL_read(3)> or L<SSL_write(3)|SSL_write(3)> would return
+with -1 and indicate the need to retry with SSL_ERROR_WANT_READ.
+In a non-blocking environment applications must be prepared to handle
+incomplete read/write operations.
+In a blocking environment, applications are not always prepared to
+deal with read/write operations returning without success report. The
+flag SSL_MODE_AUTO_RETRY will cause read/write operations to only
+return after the handshake and successful completion.
+
+=item SSL_MODE_SEND_FALLBACK_SCSV
+
+Send TLS_FALLBACK_SCSV in the ClientHello.
+To be set only by applications that reconnect with a downgraded protocol
+version; see draft-ietf-tls-downgrade-scsv-00 for details.
+
+DO NOT ENABLE THIS if your application attempts a normal handshake.
+Only use this in explicit fallback retries, following the guidance
+in draft-ietf-tls-downgrade-scsv-00.
+
+=back
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask
+after adding B<mode>.
+
+SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_read(3)|SSL_read(3)>, L<SSL_write(3)|SSL_write(3)>
+
+=head1 HISTORY
+
+SSL_MODE_AUTO_RETRY as been added in OpenSSL 0.9.6.
+
+=cut
Deleted: vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_options.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_options.pod 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_options.pod 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,348 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_CTX_set_options(SSL_CTX *ctx, long options);
- long SSL_set_options(SSL *ssl, long options);
-
- long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
- long SSL_clear_options(SSL *ssl, long options);
-
- long SSL_CTX_get_options(SSL_CTX *ctx);
- long SSL_get_options(SSL *ssl);
-
- long SSL_get_secure_renegotiation_support(SSL *ssl);
-
-=head1 DESCRIPTION
-
-Note: all these functions are implemented using macros.
-
-SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
-Options already set before are not cleared!
-
-SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
-Options already set before are not cleared!
-
-SSL_CTX_clear_options() clears the options set via bitmask in B<options>
-to B<ctx>.
-
-SSL_clear_options() clears the options set via bitmask in B<options> to B<ssl>.
-
-SSL_CTX_get_options() returns the options set for B<ctx>.
-
-SSL_get_options() returns the options set for B<ssl>.
-
-SSL_get_secure_renegotiation_support() indicates whether the peer supports
-secure renegotiation.
-
-=head1 NOTES
-
-The behaviour of the SSL library can be changed by setting several options.
-The options are coded as bitmasks and can be combined by a logical B<or>
-operation (|).
-
-SSL_CTX_set_options() and SSL_set_options() affect the (external)
-protocol behaviour of the SSL library. The (internal) behaviour of
-the API can be changed by using the similar
-L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and SSL_set_mode() functions.
-
-During a handshake, the option settings of the SSL object are used. When
-a new SSL object is created from a context using SSL_new(), the current
-option setting is copied. Changes to B<ctx> do not affect already created
-SSL objects. SSL_clear() does not affect the settings.
-
-The following B<bug workaround> options are available:
-
-=over 4
-
-=item SSL_OP_MICROSOFT_SESS_ID_BUG
-
-www.microsoft.com - when talking SSLv2, if session-id reuse is
-performed, the session-id passed back in the server-finished message
-is different from the one decided upon.
-
-=item SSL_OP_NETSCAPE_CHALLENGE_BUG
-
-Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
-challenge but then appears to only use 16 bytes when generating the
-encryption keys. Using 16 bytes is ok but it should be ok to use 32.
-According to the SSLv3 spec, one should use 32 bytes for the challenge
-when operating in SSLv2/v3 compatibility mode, but as mentioned above,
-this breaks this server so 16 bytes is the way to go.
-
-=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
-
-As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
-
-=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
-
-...
-
-=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
-
-...
-
-=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
-
-Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
-OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
-
-=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-
-...
-
-=item SSL_OP_TLS_D5_BUG
-
-...
-
-=item SSL_OP_TLS_BLOCK_PADDING_BUG
-
-...
-
-=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-
-Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
-vulnerability affecting CBC ciphers, which cannot be handled by some
-broken SSL implementations. This option has no effect for connections
-using other ciphers.
-
-=item SSL_OP_ALL
-
-All of the above bug workarounds.
-
-=back
-
-It is usually safe to use B<SSL_OP_ALL> to enable the bug workaround
-options if compatibility with somewhat broken implementations is
-desired.
-
-The following B<modifying> options are available:
-
-=over 4
-
-=item SSL_OP_TLS_ROLLBACK_BUG
-
-Disable version rollback attack detection.
-
-During the client key exchange, the client must send the same information
-about acceptable SSL/TLS protocol levels as during the first hello. Some
-clients violate this rule by adapting to the server's answer. (Example:
-the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
-only understands up to SSLv3. In this case the client must still use the
-same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
-to the server's answer and violate the version rollback protection.)
-
-=item SSL_OP_SINGLE_DH_USE
-
-Always create a new key when using temporary/ephemeral DH parameters
-(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
-This option must be used to prevent small subgroup attacks, when
-the DH parameters were not generated using "strong" primes
-(e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>).
-If "strong" primes were used, it is not strictly necessary to generate
-a new DH key during each handshake but it is also recommended.
-B<SSL_OP_SINGLE_DH_USE> should therefore be enabled whenever
-temporary/ephemeral DH parameters are used.
-
-=item SSL_OP_EPHEMERAL_RSA
-
-Always use ephemeral (temporary) RSA key when doing RSA operations
-(see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
-According to the specifications this is only done, when a RSA key
-can only be used for signature operations (namely under export ciphers
-with restricted RSA keylength). By setting this option, ephemeral
-RSA keys are always used. This option breaks compatibility with the
-SSL/TLS specifications and may lead to interoperability problems with
-clients and should therefore never be used. Ciphers with EDH (ephemeral
-Diffie-Hellman) key exchange should be used instead.
-
-=item SSL_OP_CIPHER_SERVER_PREFERENCE
-
-When choosing a cipher, use the server's preferences instead of the client
-preferences. When not set, the SSL server will always follow the clients
-preferences. When set, the SSLv3/TLSv1 server will choose following its
-own preferences. Because of the different protocol, for SSLv2 the server
-will send its list of preferences to the client and the client chooses.
-
-=item SSL_OP_PKCS1_CHECK_1
-
-...
-
-=item SSL_OP_PKCS1_CHECK_2
-
-...
-
-=item SSL_OP_NETSCAPE_CA_DN_BUG
-
-If we accept a netscape connection, demand a client cert, have a
-non-self-signed CA which does not have its CA in netscape, and the
-browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
-
-=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
-
-...
-
-=item SSL_OP_NO_SSLv2
-
-Do not use the SSLv2 protocol.
-
-=item SSL_OP_NO_SSLv3
-
-Do not use the SSLv3 protocol.
-
-=item SSL_OP_NO_TLSv1
-
-Do not use the TLSv1 protocol.
-
-=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
-
-When performing renegotiation as a server, always start a new session
-(i.e., session resumption requests are only accepted in the initial
-handshake). This option is not needed for clients.
-
-=item SSL_OP_NO_TICKET
-
-Normally clients and servers will, where possible, transparently make use
-of RFC4507bis tickets for stateless session resumption if extension support
-is explicitly set when OpenSSL is compiled.
-
-If this option is set this functionality is disabled and tickets will
-not be used by clients or servers.
-
-=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
-
-Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
-servers. See the B<SECURE RENEGOTIATION> section for more details.
-
-=item SSL_OP_LEGACY_SERVER_CONNECT
-
-Allow legacy insecure renegotiation between OpenSSL and unpatched servers
-B<only>: this option is currently set by default. See the
-B<SECURE RENEGOTIATION> section for more details.
-
-=back
-
-=head1 SECURE RENEGOTIATION
-
-OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
-described in RFC5746. This counters the prefix attack described in
-CVE-2009-3555 and elsewhere.
-
-The deprecated and highly broken SSLv2 protocol does not support
-renegotiation at all: its use is B<strongly> discouraged.
-
-This attack has far reaching consequences which application writers should be
-aware of. In the description below an implementation supporting secure
-renegotiation is referred to as I<patched>. A server not supporting secure
-renegotiation is referred to as I<unpatched>.
-
-The following sections describe the operations permitted by OpenSSL's secure
-renegotiation implementation.
-
-=head2 Patched client and server
-
-Connections and renegotiation are always permitted by OpenSSL implementations.
-
-=head2 Unpatched client and patched OpenSSL server
-
-The initial connection succeeds but client renegotiation is denied by the
-server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal
-B<handshake_failure> alert in SSL v3.0.
-
-If the patched OpenSSL server attempts to renegotiate a fatal
-B<handshake_failure> alert is sent. This is because the server code may be
-unaware of the unpatched nature of the client.
-
-If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then
-renegotiation B<always> succeeds.
-
-B<NB:> a bug in OpenSSL clients earlier than 0.9.8m (all of which are
-unpatched) will result in the connection hanging if it receives a
-B<no_renegotiation> alert. OpenSSL versions 0.9.8m and later will regard
-a B<no_renegotiation> alert as fatal and respond with a fatal
-B<handshake_failure> alert. This is because the OpenSSL API currently has
-no provision to indicate to an application that a renegotiation attempt
-was refused.
-
-=head2 Patched OpenSSL client and unpatched server.
-
-If the option B<SSL_OP_LEGACY_SERVER_CONNECT> or
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then initial connections
-and renegotiation between patched OpenSSL clients and unpatched servers
-succeeds. If neither option is set then initial connections to unpatched
-servers will fail.
-
-The option B<SSL_OP_LEGACY_SERVER_CONNECT> is currently set by default even
-though it has security implications: otherwise it would be impossible to
-connect to unpatched servers (i.e. all of them initially) and this is clearly
-not acceptable. Renegotiation is permitted because this does not add any
-additional security issues: during an attack clients do not see any
-renegotiations anyway.
-
-As more servers become patched the option B<SSL_OP_LEGACY_SERVER_CONNECT> will
-B<not> be set by default in a future version of OpenSSL.
-
-OpenSSL client applications wishing to ensure they can connect to unpatched
-servers should always B<set> B<SSL_OP_LEGACY_SERVER_CONNECT>
-
-OpenSSL client applications that want to ensure they can B<not> connect to
-unpatched servers (and thus avoid any security issues) should always B<clear>
-B<SSL_OP_LEGACY_SERVER_CONNECT> using SSL_CTX_clear_options() or
-SSL_clear_options().
-
-The difference between the B<SSL_OP_LEGACY_SERVER_CONNECT> and
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> options is that
-B<SSL_OP_LEGACY_SERVER_CONNECT> enables initial connections and secure
-renegotiation between OpenSSL clients and unpatched servers B<only>, while
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> allows initial connections
-and renegotiation between OpenSSL and unpatched clients or servers.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
-after adding B<options>.
-
-SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask
-after clearing B<options>.
-
-SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
-
-SSL_get_secure_renegotiation_support() returns 1 is the peer supports
-secure renegotiation and 0 if it does not.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
-L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
-L<dhparam(1)|dhparam(1)>
-
-=head1 HISTORY
-
-B<SSL_OP_CIPHER_SERVER_PREFERENCE> and
-B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> have been added in
-OpenSSL 0.9.7.
-
-B<SSL_OP_TLS_ROLLBACK_BUG> has been added in OpenSSL 0.9.6 and was automatically
-enabled with B<SSL_OP_ALL>. As of 0.9.7, it is no longer included in B<SSL_OP_ALL>
-and must be explicitly set.
-
-B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> has been added in OpenSSL 0.9.6e.
-Versions up to OpenSSL 0.9.6c do not include the countermeasure that
-can be disabled with this option (in OpenSSL 0.9.6d, it was always
-enabled).
-
-SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL
-0.9.8m.
-
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>, B<SSL_OP_LEGACY_SERVER_CONNECT>
-and the function SSL_get_secure_renegotiation_support() were first added in
-OpenSSL 0.9.8m.
-
-=cut
Copied: vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_options.pod (from rev 6969, vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_options.pod)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_options.pod (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_options.pod 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,340 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_options, SSL_set_options, SSL_CTX_clear_options, SSL_clear_options, SSL_CTX_get_options, SSL_get_options, SSL_get_secure_renegotiation_support - manipulate SSL options
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_options(SSL_CTX *ctx, long options);
+ long SSL_set_options(SSL *ssl, long options);
+
+ long SSL_CTX_clear_options(SSL_CTX *ctx, long options);
+ long SSL_clear_options(SSL *ssl, long options);
+
+ long SSL_CTX_get_options(SSL_CTX *ctx);
+ long SSL_get_options(SSL *ssl);
+
+ long SSL_get_secure_renegotiation_support(SSL *ssl);
+
+=head1 DESCRIPTION
+
+Note: all these functions are implemented using macros.
+
+SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
+Options already set before are not cleared!
+
+SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
+Options already set before are not cleared!
+
+SSL_CTX_clear_options() clears the options set via bitmask in B<options>
+to B<ctx>.
+
+SSL_clear_options() clears the options set via bitmask in B<options> to B<ssl>.
+
+SSL_CTX_get_options() returns the options set for B<ctx>.
+
+SSL_get_options() returns the options set for B<ssl>.
+
+SSL_get_secure_renegotiation_support() indicates whether the peer supports
+secure renegotiation.
+
+=head1 NOTES
+
+The behaviour of the SSL library can be changed by setting several options.
+The options are coded as bitmasks and can be combined by a logical B<or>
+operation (|).
+
+SSL_CTX_set_options() and SSL_set_options() affect the (external)
+protocol behaviour of the SSL library. The (internal) behaviour of
+the API can be changed by using the similar
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and SSL_set_mode() functions.
+
+During a handshake, the option settings of the SSL object are used. When
+a new SSL object is created from a context using SSL_new(), the current
+option setting is copied. Changes to B<ctx> do not affect already created
+SSL objects. SSL_clear() does not affect the settings.
+
+The following B<bug workaround> options are available:
+
+=over 4
+
+=item SSL_OP_MICROSOFT_SESS_ID_BUG
+
+www.microsoft.com - when talking SSLv2, if session-id reuse is
+performed, the session-id passed back in the server-finished message
+is different from the one decided upon.
+
+=item SSL_OP_NETSCAPE_CHALLENGE_BUG
+
+Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
+challenge but then appears to only use 16 bytes when generating the
+encryption keys. Using 16 bytes is ok but it should be ok to use 32.
+According to the SSLv3 spec, one should use 32 bytes for the challenge
+when operating in SSLv2/v3 compatibility mode, but as mentioned above,
+this breaks this server so 16 bytes is the way to go.
+
+=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+
+As of OpenSSL 0.9.8q and 1.0.0c, this option has no effect.
+
+=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+
+...
+
+=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+
+...
+
+=item SSL_OP_SAFARI_ECDHE_ECDSA_BUG
+
+Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
+OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
+
+=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+
+...
+
+=item SSL_OP_TLS_D5_BUG
+
+...
+
+=item SSL_OP_TLS_BLOCK_PADDING_BUG
+
+...
+
+=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+
+Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
+vulnerability affecting CBC ciphers, which cannot be handled by some
+broken SSL implementations. This option has no effect for connections
+using other ciphers.
+
+=item SSL_OP_ALL
+
+All of the above bug workarounds.
+
+=back
+
+It is usually safe to use B<SSL_OP_ALL> to enable the bug workaround
+options if compatibility with somewhat broken implementations is
+desired.
+
+The following B<modifying> options are available:
+
+=over 4
+
+=item SSL_OP_TLS_ROLLBACK_BUG
+
+Disable version rollback attack detection.
+
+During the client key exchange, the client must send the same information
+about acceptable SSL/TLS protocol levels as during the first hello. Some
+clients violate this rule by adapting to the server's answer. (Example:
+the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
+only understands up to SSLv3. In this case the client must still use the
+same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
+to the server's answer and violate the version rollback protection.)
+
+=item SSL_OP_SINGLE_DH_USE
+
+Always create a new key when using temporary/ephemeral DH parameters
+(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+This option must be used to prevent small subgroup attacks, when
+the DH parameters were not generated using "strong" primes
+(e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>).
+If "strong" primes were used, it is not strictly necessary to generate
+a new DH key during each handshake but it is also recommended.
+B<SSL_OP_SINGLE_DH_USE> should therefore be enabled whenever
+temporary/ephemeral DH parameters are used.
+
+=item SSL_OP_EPHEMERAL_RSA
+
+This option is no longer implemented and is treated as no op.
+
+=item SSL_OP_CIPHER_SERVER_PREFERENCE
+
+When choosing a cipher, use the server's preferences instead of the client
+preferences. When not set, the SSL server will always follow the clients
+preferences. When set, the SSLv3/TLSv1 server will choose following its
+own preferences. Because of the different protocol, for SSLv2 the server
+will send its list of preferences to the client and the client chooses.
+
+=item SSL_OP_PKCS1_CHECK_1
+
+...
+
+=item SSL_OP_PKCS1_CHECK_2
+
+...
+
+=item SSL_OP_NETSCAPE_CA_DN_BUG
+
+If we accept a netscape connection, demand a client cert, have a
+non-self-signed CA which does not have its CA in netscape, and the
+browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
+
+=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+
+...
+
+=item SSL_OP_NO_SSLv2
+
+Do not use the SSLv2 protocol.
+
+=item SSL_OP_NO_SSLv3
+
+Do not use the SSLv3 protocol.
+
+=item SSL_OP_NO_TLSv1
+
+Do not use the TLSv1 protocol.
+
+=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+
+When performing renegotiation as a server, always start a new session
+(i.e., session resumption requests are only accepted in the initial
+handshake). This option is not needed for clients.
+
+=item SSL_OP_NO_TICKET
+
+Normally clients and servers will, where possible, transparently make use
+of RFC4507bis tickets for stateless session resumption if extension support
+is explicitly set when OpenSSL is compiled.
+
+If this option is set this functionality is disabled and tickets will
+not be used by clients or servers.
+
+=item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+
+Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
+servers. See the B<SECURE RENEGOTIATION> section for more details.
+
+=item SSL_OP_LEGACY_SERVER_CONNECT
+
+Allow legacy insecure renegotiation between OpenSSL and unpatched servers
+B<only>: this option is currently set by default. See the
+B<SECURE RENEGOTIATION> section for more details.
+
+=back
+
+=head1 SECURE RENEGOTIATION
+
+OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
+described in RFC5746. This counters the prefix attack described in
+CVE-2009-3555 and elsewhere.
+
+The deprecated and highly broken SSLv2 protocol does not support
+renegotiation at all: its use is B<strongly> discouraged.
+
+This attack has far reaching consequences which application writers should be
+aware of. In the description below an implementation supporting secure
+renegotiation is referred to as I<patched>. A server not supporting secure
+renegotiation is referred to as I<unpatched>.
+
+The following sections describe the operations permitted by OpenSSL's secure
+renegotiation implementation.
+
+=head2 Patched client and server
+
+Connections and renegotiation are always permitted by OpenSSL implementations.
+
+=head2 Unpatched client and patched OpenSSL server
+
+The initial connection succeeds but client renegotiation is denied by the
+server with a B<no_renegotiation> warning alert if TLS v1.0 is used or a fatal
+B<handshake_failure> alert in SSL v3.0.
+
+If the patched OpenSSL server attempts to renegotiate a fatal
+B<handshake_failure> alert is sent. This is because the server code may be
+unaware of the unpatched nature of the client.
+
+If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then
+renegotiation B<always> succeeds.
+
+B<NB:> a bug in OpenSSL clients earlier than 0.9.8m (all of which are
+unpatched) will result in the connection hanging if it receives a
+B<no_renegotiation> alert. OpenSSL versions 0.9.8m and later will regard
+a B<no_renegotiation> alert as fatal and respond with a fatal
+B<handshake_failure> alert. This is because the OpenSSL API currently has
+no provision to indicate to an application that a renegotiation attempt
+was refused.
+
+=head2 Patched OpenSSL client and unpatched server.
+
+If the option B<SSL_OP_LEGACY_SERVER_CONNECT> or
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then initial connections
+and renegotiation between patched OpenSSL clients and unpatched servers
+succeeds. If neither option is set then initial connections to unpatched
+servers will fail.
+
+The option B<SSL_OP_LEGACY_SERVER_CONNECT> is currently set by default even
+though it has security implications: otherwise it would be impossible to
+connect to unpatched servers (i.e. all of them initially) and this is clearly
+not acceptable. Renegotiation is permitted because this does not add any
+additional security issues: during an attack clients do not see any
+renegotiations anyway.
+
+As more servers become patched the option B<SSL_OP_LEGACY_SERVER_CONNECT> will
+B<not> be set by default in a future version of OpenSSL.
+
+OpenSSL client applications wishing to ensure they can connect to unpatched
+servers should always B<set> B<SSL_OP_LEGACY_SERVER_CONNECT>
+
+OpenSSL client applications that want to ensure they can B<not> connect to
+unpatched servers (and thus avoid any security issues) should always B<clear>
+B<SSL_OP_LEGACY_SERVER_CONNECT> using SSL_CTX_clear_options() or
+SSL_clear_options().
+
+The difference between the B<SSL_OP_LEGACY_SERVER_CONNECT> and
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> options is that
+B<SSL_OP_LEGACY_SERVER_CONNECT> enables initial connections and secure
+renegotiation between OpenSSL clients and unpatched servers B<only>, while
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> allows initial connections
+and renegotiation between OpenSSL and unpatched clients or servers.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
+after adding B<options>.
+
+SSL_CTX_clear_options() and SSL_clear_options() return the new options bitmask
+after clearing B<options>.
+
+SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
+
+SSL_get_secure_renegotiation_support() returns 1 is the peer supports
+secure renegotiation and 0 if it does not.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
+L<dhparam(1)|dhparam(1)>
+
+=head1 HISTORY
+
+B<SSL_OP_CIPHER_SERVER_PREFERENCE> and
+B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> have been added in
+OpenSSL 0.9.7.
+
+B<SSL_OP_TLS_ROLLBACK_BUG> has been added in OpenSSL 0.9.6 and was automatically
+enabled with B<SSL_OP_ALL>. As of 0.9.7, it is no longer included in B<SSL_OP_ALL>
+and must be explicitly set.
+
+B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> has been added in OpenSSL 0.9.6e.
+Versions up to OpenSSL 0.9.6c do not include the countermeasure that
+can be disabled with this option (in OpenSSL 0.9.6d, it was always
+enabled).
+
+SSL_CTX_clear_options() and SSL_clear_options() were first added in OpenSSL
+0.9.8m.
+
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>, B<SSL_OP_LEGACY_SERVER_CONNECT>
+and the function SSL_get_secure_renegotiation_support() were first added in
+OpenSSL 0.9.8m.
+
+=cut
Deleted: vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
===================================================================
--- vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,166 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
- RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
- long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
- long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
-
- void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
- RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
- long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
- long SSL_need_tmp_rsa(SSL *ssl)
-
- RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be
-used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>.
-The callback is inherited by all SSL objects newly created from B<ctx>
-with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
-
-SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be
-B<rsa>. The key is inherited by all SSL objects newly created from B<ctx>
-with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
-
-SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed
-for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
-with a keysize larger than 512 bits is installed.
-
-SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>.
-
-SSL_set_tmp_rsa() sets the key only for B<ssl>.
-
-SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed,
-for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
-with a keysize larger than 512 bits is installed.
-
-These functions apply to SSL/TLS servers only.
-
-=head1 NOTES
-
-When using a cipher with RSA authentication, an ephemeral RSA key exchange
-can take place. In this case the session data are negotiated using the
-ephemeral/temporary RSA key and the RSA key supplied and certified
-by the certificate chain is only used for signing.
-
-Under previous export restrictions, ciphers with RSA keys shorter (512 bits)
-than the usual key length of 1024 bits were created. To use these ciphers
-with RSA keys of usual length, an ephemeral key exchange must be performed,
-as the normal (certified) key cannot be directly used.
-
-Using ephemeral RSA key exchange yields forward secrecy, as the connection
-can only be decrypted, when the RSA key is known. By generating a temporary
-RSA key inside the server application that is lost when the application
-is left, it becomes impossible for an attacker to decrypt past sessions,
-even if he gets hold of the normal (certified) RSA key, as this key was
-used for signing only. The downside is that creating a RSA key is
-computationally expensive.
-
-Additionally, the use of ephemeral RSA key exchange is only allowed in
-the TLS standard, when the RSA key can be used for signing only, that is
-for export ciphers. Using ephemeral RSA key exchange for other purposes
-violates the standard and can break interoperability with clients.
-It is therefore strongly recommended to not use ephemeral RSA key
-exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead
-in order to achieve forward secrecy (see
-L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
-
-On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
-and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL
-standard. When ephemeral RSA key exchange is required for export ciphers,
-it will automatically be used without this option!
-
-An application may either directly specify the key or can supply the key via
-a callback function. The callback approach has the advantage, that the
-callback may generate the key only in case it is actually needed. As the
-generation of a RSA key is however costly, it will lead to a significant
-delay in the handshake procedure. Another advantage of the callback function
-is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA
-usage) while the explicit setting of the key is only useful for key size of
-512 bits to satisfy the export restricted ciphers and does give away key length
-if a longer key would be allowed.
-
-The B<tmp_rsa_callback> is called with the B<keylength> needed and
-the B<is_export> information. The B<is_export> flag is set, when the
-ephemeral RSA key exchange is performed with an export cipher.
-
-=head1 EXAMPLES
-
-Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the
-generation of a RSA key costs a lot of computer time, they saved for later
-reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
-respectively are generated.
-
- ...
- /* Set up ephemeral RSA stuff */
- RSA *rsa_512 = NULL;
- RSA *rsa_1024 = NULL;
-
- rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
- if (rsa_512 == NULL)
- evaluate_error_queue();
-
- rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
- if (rsa_1024 == NULL)
- evaluate_error_queue();
-
- ...
-
- RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
- {
- RSA *rsa_tmp=NULL;
-
- switch (keylength) {
- case 512:
- if (rsa_512)
- rsa_tmp = rsa_512;
- else { /* generate on the fly, should not happen in this example */
- rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
- rsa_512 = rsa_tmp; /* Remember for later reuse */
- }
- break;
- case 1024:
- if (rsa_1024)
- rsa_tmp=rsa_1024;
- else
- should_not_happen_in_this_example();
- break;
- default:
- /* Generating a key on the fly is very costly, so use what is there */
- if (rsa_1024)
- rsa_tmp=rsa_1024;
- else
- rsa_tmp=rsa_512; /* Use at least a shorter key */
- }
- return(rsa_tmp);
- }
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return
-diagnostic output.
-
-SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0
-on failure. Check the error queue to find out the reason of failure.
-
-SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary
-RSA key is needed and 0 otherwise.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
-L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
-L<SSL_new(3)|SSL_new(3)>, L<ciphers(1)|ciphers(1)>
-
-=cut
Copied: vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod (from rev 6969, vendor-crypto/openssl/dist/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,159 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
+ RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
+ long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
+ long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
+
+ void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
+ RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
+ long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
+ long SSL_need_tmp_rsa(SSL *ssl)
+
+ RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be
+used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>.
+The callback is inherited by all SSL objects newly created from B<ctx>
+with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
+
+SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be
+B<rsa>. The key is inherited by all SSL objects newly created from B<ctx>
+with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
+
+SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed
+for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
+with a keysize larger than 512 bits is installed.
+
+SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>.
+
+SSL_set_tmp_rsa() sets the key only for B<ssl>.
+
+SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed,
+for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
+with a keysize larger than 512 bits is installed.
+
+These functions apply to SSL/TLS servers only.
+
+=head1 NOTES
+
+When using a cipher with RSA authentication, an ephemeral RSA key exchange
+can take place. In this case the session data are negotiated using the
+ephemeral/temporary RSA key and the RSA key supplied and certified
+by the certificate chain is only used for signing.
+
+Under previous export restrictions, ciphers with RSA keys shorter (512 bits)
+than the usual key length of 1024 bits were created. To use these ciphers
+with RSA keys of usual length, an ephemeral key exchange must be performed,
+as the normal (certified) key cannot be directly used.
+
+Using ephemeral RSA key exchange yields forward secrecy, as the connection
+can only be decrypted, when the RSA key is known. By generating a temporary
+RSA key inside the server application that is lost when the application
+is left, it becomes impossible for an attacker to decrypt past sessions,
+even if he gets hold of the normal (certified) RSA key, as this key was
+used for signing only. The downside is that creating a RSA key is
+computationally expensive.
+
+Additionally, the use of ephemeral RSA key exchange is only allowed in
+the TLS standard, when the RSA key can be used for signing only, that is
+for export ciphers. Using ephemeral RSA key exchange for other purposes
+violates the standard and can break interoperability with clients.
+It is therefore strongly recommended to not use ephemeral RSA key
+exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead
+in order to achieve forward secrecy (see
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+
+An application may either directly specify the key or can supply the key via a
+callback function. The callback approach has the advantage, that the callback
+may generate the key only in case it is actually needed. As the generation of a
+RSA key is however costly, it will lead to a significant delay in the handshake
+procedure. Another advantage of the callback function is that it can supply
+keys of different size while the explicit setting of the key is only useful for
+key size of 512 bits to satisfy the export restricted ciphers and does give
+away key length if a longer key would be allowed.
+
+The B<tmp_rsa_callback> is called with the B<keylength> needed and
+the B<is_export> information. The B<is_export> flag is set, when the
+ephemeral RSA key exchange is performed with an export cipher.
+
+=head1 EXAMPLES
+
+Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the
+generation of a RSA key costs a lot of computer time, they saved for later
+reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
+respectively are generated.
+
+ ...
+ /* Set up ephemeral RSA stuff */
+ RSA *rsa_512 = NULL;
+ RSA *rsa_1024 = NULL;
+
+ rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
+ if (rsa_512 == NULL)
+ evaluate_error_queue();
+
+ rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
+ if (rsa_1024 == NULL)
+ evaluate_error_queue();
+
+ ...
+
+ RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
+ {
+ RSA *rsa_tmp=NULL;
+
+ switch (keylength) {
+ case 512:
+ if (rsa_512)
+ rsa_tmp = rsa_512;
+ else { /* generate on the fly, should not happen in this example */
+ rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
+ rsa_512 = rsa_tmp; /* Remember for later reuse */
+ }
+ break;
+ case 1024:
+ if (rsa_1024)
+ rsa_tmp=rsa_1024;
+ else
+ should_not_happen_in_this_example();
+ break;
+ default:
+ /* Generating a key on the fly is very costly, so use what is there */
+ if (rsa_1024)
+ rsa_tmp=rsa_1024;
+ else
+ rsa_tmp=rsa_512; /* Use at least a shorter key */
+ }
+ return(rsa_tmp);
+ }
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return
+diagnostic output.
+
+SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0
+on failure. Check the error queue to find out the reason of failure.
+
+SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary
+RSA key is needed and 0 otherwise.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_new(3)|SSL_new(3)>, L<ciphers(1)|ciphers(1)>
+
+=cut
Deleted: vendor-crypto/openssl/0.9.8zf/e_os.h
===================================================================
--- vendor-crypto/openssl/dist/e_os.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/e_os.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,718 +0,0 @@
-/* e_os.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_E_OS_H
-#define HEADER_E_OS_H
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/e_os2.h>
-/* <openssl/e_os2.h> contains what we can justify to make visible
- * to the outside; this file e_os.h is not part of the exported
- * interface. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Used to checking reference counts, most while doing perl5 stuff :-) */
-#ifdef REF_PRINT
-#undef REF_PRINT
-#define REF_PRINT(a,b) fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a)
-#endif
-
-#ifndef DEVRANDOM
-/* set this to a comma-separated list of 'random' device files to try out.
- * My default, we will try to read at least one of these files */
-#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
-#endif
-#ifndef DEVRANDOM_EGD
-/* set this to a comma-seperated list of 'egd' sockets to try out. These
- * sockets will be tried in the order listed in case accessing the device files
- * listed in DEVRANDOM did not return enough entropy. */
-#define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
-#endif
-
-#if defined(OPENSSL_SYS_VXWORKS)
-# define NO_SYS_PARAM_H
-# define NO_CHMOD
-# define NO_SYSLOG
-#endif
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
-# if macintosh==1
-# ifndef MAC_OS_GUSI_SOURCE
-# define MAC_OS_pre_X
-# define NO_SYS_TYPES_H
- typedef long ssize_t;
-# endif
-# define NO_SYS_PARAM_H
-# define NO_CHMOD
-# define NO_SYSLOG
-# undef DEVRANDOM
-# define GETPID_IS_MEANINGLESS
-# endif
-#endif
-
-/********************************************************************
- The Microsoft section
- ********************************************************************/
-/* The following is used becaue of the small stack in some
- * Microsoft operating systems */
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)
-# define MS_STATIC static
-#else
-# define MS_STATIC
-#endif
-
-#if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
-# define WIN32
-#endif
-#if defined(OPENSSL_SYS_WIN16) && !defined(WIN16)
-# define WIN16
-#endif
-#if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
-# define WINDOWS
-#endif
-#if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)
-# define MSDOS
-#endif
-
-#if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
-# define GETPID_IS_MEANINGLESS
-#endif
-
-#ifdef WIN32
-#define get_last_sys_error() GetLastError()
-#define clear_sys_error() SetLastError(0)
-#if !defined(WINNT)
-#define WIN_CONSOLE_BUG
-#endif
-#else
-#define get_last_sys_error() errno
-#define clear_sys_error() errno=0
-#endif
-
-#if defined(WINDOWS)
-#define get_last_socket_error() WSAGetLastError()
-#define clear_socket_error() WSASetLastError(0)
-#define readsocket(s,b,n) recv((s),(b),(n),0)
-#define writesocket(s,b,n) send((s),(b),(n),0)
-#elif defined(__DJGPP__)
-#define WATT32
-#define get_last_socket_error() errno
-#define clear_socket_error() errno=0
-#define closesocket(s) close_s(s)
-#define readsocket(s,b,n) read_s(s,b,n)
-#define writesocket(s,b,n) send(s,b,n,0)
-#elif defined(MAC_OS_pre_X)
-#define get_last_socket_error() errno
-#define clear_socket_error() errno=0
-#define closesocket(s) MacSocket_close(s)
-#define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true)
-#define writesocket(s,b,n) MacSocket_send((s),(b),(n))
-#elif defined(OPENSSL_SYS_VMS)
-#define get_last_socket_error() errno
-#define clear_socket_error() errno=0
-#define ioctlsocket(a,b,c) ioctl(a,b,c)
-#define closesocket(s) close(s)
-#define readsocket(s,b,n) recv((s),(b),(n),0)
-#define writesocket(s,b,n) send((s),(b),(n),0)
-#elif defined(OPENSSL_SYS_VXWORKS)
-#define get_last_socket_error() errno
-#define clear_socket_error() errno=0
-#define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c))
-#define closesocket(s) close(s)
-#define readsocket(s,b,n) read((s),(b),(n))
-#define writesocket(s,b,n) write((s),(char *)(b),(n))
-#elif defined(OPENSSL_SYS_NETWARE)
-#if defined(NETWARE_BSDSOCK)
-#define get_last_socket_error() errno
-#define clear_socket_error() errno=0
-#define closesocket(s) close(s)
-#define ioctlsocket(a,b,c) ioctl(a,b,c)
-#if defined(NETWARE_LIBC)
-#define readsocket(s,b,n) recv((s),(b),(n),0)
-#define writesocket(s,b,n) send((s),(b),(n),0)
-#else
-#define readsocket(s,b,n) recv((s),(char*)(b),(n),0)
-#define writesocket(s,b,n) send((s),(char*)(b),(n),0)
-#endif
-#else
-#define get_last_socket_error() WSAGetLastError()
-#define clear_socket_error() WSASetLastError(0)
-#define readsocket(s,b,n) recv((s),(b),(n),0)
-#define writesocket(s,b,n) send((s),(b),(n),0)
-#endif
-#else
-#define get_last_socket_error() errno
-#define clear_socket_error() errno=0
-#define ioctlsocket(a,b,c) ioctl(a,b,c)
-#define closesocket(s) close(s)
-#define readsocket(s,b,n) read((s),(b),(n))
-#define writesocket(s,b,n) write((s),(b),(n))
-#endif
-
-#ifdef WIN16
-# define MS_CALLBACK _far _loadds
-# define MS_FAR _far
-#else
-# define MS_CALLBACK
-# define MS_FAR
-#endif
-
-#ifdef OPENSSL_NO_STDIO
-# undef OPENSSL_NO_FP_API
-# define OPENSSL_NO_FP_API
-#endif
-
-#if (defined(WINDOWS) || defined(MSDOS))
-
-# ifdef __DJGPP__
-# include <unistd.h>
-# include <sys/stat.h>
-# include <sys/socket.h>
-# include <tcp.h>
-# include <netdb.h>
-# define _setmode setmode
-# define _O_TEXT O_TEXT
-# define _O_BINARY O_BINARY
-# undef DEVRANDOM
-# define DEVRANDOM "/dev/urandom\x24"
-# endif /* __DJGPP__ */
-
-# ifndef S_IFDIR
-# define S_IFDIR _S_IFDIR
-# endif
-
-# ifndef S_IFMT
-# define S_IFMT _S_IFMT
-# endif
-
-# if !defined(WINNT) && !defined(__DJGPP__)
-# define NO_SYSLOG
-# endif
-# define NO_DIRENT
-
-# ifdef WINDOWS
-# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT)
- /*
- * Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
- * Most notably we ought to check for availability of each specific
- * routine with GetProcAddress() and/or quard NT-specific calls with
- * GetVersion() < 0x80000000. One can argue that in latter "or" case
- * we ought to /DELAYLOAD some .DLLs in order to protect ourselves
- * against run-time link errors. This doesn't seem to be necessary,
- * because it turned out that already Windows 95, first non-NT Win32
- * implementation, is equipped with at least NT 3.51 stubs, dummy
- * routines with same name, but which do nothing. Meaning that it's
- * apparently appropriate to guard generic NT calls with GetVersion
- * alone, while NT 4.0 and above calls ought to be additionally
- * checked upon with GetProcAddress.
- */
-# define _WIN32_WINNT 0x0400
-# endif
-# include <windows.h>
-# include <stdio.h>
-# include <stddef.h>
-# include <errno.h>
-# include <string.h>
-# ifdef _WIN64
-# define strlen(s) _strlen31(s)
-/* cut strings to 2GB */
-static unsigned int _strlen31(const char *str)
- {
- unsigned int len=0;
- while (*str && len<0x80000000U) str++, len++;
- return len&0x7FFFFFFF;
- }
-# endif
-# include <malloc.h>
-# if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace)
- /* compensate for bug in VC6 ctype.h */
-# undef isspace
-# undef isdigit
-# undef isalnum
-# undef isupper
-# undef isxdigit
-# endif
-# if defined(_MSC_VER) && !defined(_DLL) && defined(stdin)
-# if _MSC_VER>=1300
-# undef stdin
-# undef stdout
-# undef stderr
- FILE *__iob_func();
-# define stdin (&__iob_func()[0])
-# define stdout (&__iob_func()[1])
-# define stderr (&__iob_func()[2])
-# elif defined(I_CAN_LIVE_WITH_LNK4049)
-# undef stdin
-# undef stdout
-# undef stderr
- /* pre-1300 has __p__iob(), but it's available only in msvcrt.lib,
- * or in other words with /MD. Declaring implicit import, i.e.
- * with _imp_ prefix, works correctly with all compiler options,
- * but without /MD results in LINK warning LNK4049:
- * 'locally defined symbol "__iob" imported'.
- */
- extern FILE *_imp___iob;
-# define stdin (&_imp___iob[0])
-# define stdout (&_imp___iob[1])
-# define stderr (&_imp___iob[2])
-# endif
-# endif
-# endif
-# include <io.h>
-# include <fcntl.h>
-
-# ifdef OPENSSL_SYS_WINCE
-# include <winsock_extras.h>
-# endif
-
-# define ssize_t long
-
-# if defined (__BORLANDC__)
-# define _setmode setmode
-# define _O_TEXT O_TEXT
-# define _O_BINARY O_BINARY
-# define _int64 __int64
-# define _kbhit kbhit
-# endif
-
-# if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
-# define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
-# define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
-# else
-# define EXIT(n) exit(n)
-# endif
-# define LIST_SEPARATOR_CHAR ';'
-# ifndef X_OK
-# define X_OK 0
-# endif
-# ifndef W_OK
-# define W_OK 2
-# endif
-# ifndef R_OK
-# define R_OK 4
-# endif
-# define OPENSSL_CONF "openssl.cnf"
-# define SSLEAY_CONF OPENSSL_CONF
-# define NUL_DEV "nul"
-# define RFILE ".rnd"
-# ifdef OPENSSL_SYS_WINCE
-# define DEFAULT_HOME ""
-# else
-# define DEFAULT_HOME "C:"
-# endif
-
-/*
- * Visual Studio: inline is available in C++ only, however
- * __inline is available for C, see
- * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
- */
-#if defined(_MSC_VER) && !defined(__cplusplus) && !defined(inline)
-# define inline __inline
-#endif
-
-#else /* The non-microsoft world */
-
-# ifdef OPENSSL_SYS_VMS
-# define VMS 1
- /* some programs don't include stdlib, so exit() and others give implicit
- function warnings */
-# include <stdlib.h>
-# if defined(__DECC)
-# include <unistd.h>
-# else
-# include <unixlib.h>
-# endif
-# define OPENSSL_CONF "openssl.cnf"
-# define SSLEAY_CONF OPENSSL_CONF
-# define RFILE ".rnd"
-# define LIST_SEPARATOR_CHAR ','
-# define NUL_DEV "NLA0:"
- /* We don't have any well-defined random devices on VMS, yet... */
-# undef DEVRANDOM
- /* We need to do this since VMS has the following coding on status codes:
-
- Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...
- The important thing to know is that odd numbers are considered
- good, while even ones are considered errors.
- Bits 3-15: actual status number
- Bits 16-27: facility number. 0 is considered "unknown"
- Bits 28-31: control bits. If bit 28 is set, the shell won't try to
- output the message (which, for random codes, just looks ugly)
-
- So, what we do here is to change 0 to 1 to get the default success status,
- and everything else is shifted up to fit into the status number field, and
- the status is tagged as an error, which I believe is what is wanted here.
- -- Richard Levitte
- */
-# define EXIT(n) do { int __VMS_EXIT = n; \
- if (__VMS_EXIT == 0) \
- __VMS_EXIT = 1; \
- else \
- __VMS_EXIT = (n << 3) | 2; \
- __VMS_EXIT |= 0x10000000; \
- exit(__VMS_EXIT); } while(0)
-# define NO_SYS_PARAM_H
-
-# elif defined(OPENSSL_SYS_NETWARE)
-# include <fcntl.h>
-# include <unistd.h>
-# define NO_SYS_TYPES_H
-# undef DEVRANDOM
-# ifdef NETWARE_CLIB
-# define getpid GetThreadID
- extern int GetThreadID(void);
-/* # include <conio.h> */
- extern int kbhit(void);
- extern void delay(unsigned milliseconds);
-# else
-# include <screen.h>
-# endif
-# define NO_SYSLOG
-# define _setmode setmode
-# define _kbhit kbhit
-# define _O_TEXT O_TEXT
-# define _O_BINARY O_BINARY
-# define OPENSSL_CONF "openssl.cnf"
-# define SSLEAY_CONF OPENSSL_CONF
-# define RFILE ".rnd"
-# define LIST_SEPARATOR_CHAR ';'
-# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); }
-
-# else
- /* !defined VMS */
-# ifdef OPENSSL_SYS_MPE
-# define NO_SYS_PARAM_H
-# endif
-# ifdef OPENSSL_UNISTD
-# include OPENSSL_UNISTD
-# else
-# include <unistd.h>
-# endif
-# ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-# endif
-# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4)
-# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
- * (unless when compiling with -D_POSIX_SOURCE,
- * which doesn't work for us) */
-# endif
-# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
-# define ssize_t int /* ditto */
-# endif
-# ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */
-# define setvbuf(a, b, c, d) setbuffer((a), (b), (d))
- typedef unsigned long clock_t;
-# endif
-
-# define OPENSSL_CONF "openssl.cnf"
-# define SSLEAY_CONF OPENSSL_CONF
-# define RFILE ".rnd"
-# define LIST_SEPARATOR_CHAR ':'
-# define NUL_DEV "/dev/null"
-# define EXIT(n) exit(n)
-# endif
-
-# define SSLeay_getpid() getpid()
-
-#endif
-
-
-/*************/
-
-#ifdef USE_SOCKETS
-# if defined(WINDOWS) || defined(MSDOS)
- /* windows world */
-
-# ifdef OPENSSL_NO_SOCK
-# define SSLeay_Write(a,b,c) (-1)
-# define SSLeay_Read(a,b,c) (-1)
-# define SHUTDOWN(fd) close(fd)
-# define SHUTDOWN2(fd) close(fd)
-# elif !defined(__DJGPP__)
-# include <winsock.h>
-extern HINSTANCE _hInstance;
-# ifdef _WIN64
-/*
- * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because
- * the value constitutes an index in per-process table of limited size
- * and not a real pointer.
- */
-# define socket(d,t,p) ((int)socket(d,t,p))
-# define accept(s,f,l) ((int)accept(s,f,l))
-# endif
-# define SSLeay_Write(a,b,c) send((a),(b),(c),0)
-# define SSLeay_Read(a,b,c) recv((a),(b),(c),0)
-# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); }
-# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); }
-# else
-# define SSLeay_Write(a,b,c) write_s(a,b,c,0)
-# define SSLeay_Read(a,b,c) read_s(a,b,c)
-# define SHUTDOWN(fd) close_s(fd)
-# define SHUTDOWN2(fd) close_s(fd)
-# endif
-
-# elif defined(MAC_OS_pre_X)
-
-# include "MacSocket.h"
-# define SSLeay_Write(a,b,c) MacSocket_send((a),(b),(c))
-# define SSLeay_Read(a,b,c) MacSocket_recv((a),(b),(c),true)
-# define SHUTDOWN(fd) MacSocket_close(fd)
-# define SHUTDOWN2(fd) MacSocket_close(fd)
-
-# elif defined(OPENSSL_SYS_NETWARE)
- /* NetWare uses the WinSock2 interfaces by default, but can be configured for BSD
- */
-# if defined(NETWARE_BSDSOCK)
-# include <sys/socket.h>
-# include <netinet/in.h>
-# include <sys/time.h>
-# if defined(NETWARE_CLIB)
-# include <sys/bsdskt.h>
-# else
-# include <sys/select.h>
-# endif
-# define INVALID_SOCKET (int)(~0)
-# else
-# include <novsock2.h>
-# endif
-# define SSLeay_Write(a,b,c) send((a),(b),(c),0)
-# define SSLeay_Read(a,b,c) recv((a),(b),(c),0)
-# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); }
-# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); }
-
-# else
-
-# ifndef NO_SYS_PARAM_H
-# include <sys/param.h>
-# endif
-# ifdef OPENSSL_SYS_VXWORKS
-# include <time.h>
-# elif !defined(OPENSSL_SYS_MPE)
-# include <sys/time.h> /* Needed under linux for FD_XXX */
-# endif
-
-# include <netdb.h>
-# if defined(OPENSSL_SYS_VMS_NODECC)
-# include <socket.h>
-# include <in.h>
-# include <inet.h>
-# else
-# include <sys/socket.h>
-# ifdef FILIO_H
-# include <sys/filio.h> /* Added for FIONBIO under unixware */
-# endif
-# include <netinet/in.h>
-# include <arpa/inet.h>
-# endif
-
-# if defined(NeXT) || defined(_NEXT_SOURCE)
-# include <sys/fcntl.h>
-# include <sys/types.h>
-# endif
-
-# ifdef OPENSSL_SYS_AIX
-# include <sys/select.h>
-# endif
-
-# ifdef __QNX__
-# include <sys/select.h>
-# endif
-
-# if defined(sun)
-# include <sys/filio.h>
-# else
-# ifndef VMS
-# include <sys/ioctl.h>
-# else
- /* ioctl is only in VMS > 7.0 and when socketshr is not used */
-# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
-# include <sys/ioctl.h>
-# endif
-# endif
-# endif
-
-# ifdef VMS
-# include <unixio.h>
-# if defined(TCPIP_TYPE_SOCKETSHR)
-# include <socketshr.h>
-# endif
-# endif
-
-# define SSLeay_Read(a,b,c) read((a),(b),(c))
-# define SSLeay_Write(a,b,c) write((a),(b),(c))
-# define SHUTDOWN(fd) { shutdown((fd),0); closesocket((fd)); }
-# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); }
-# ifndef INVALID_SOCKET
-# define INVALID_SOCKET (-1)
-# endif /* INVALID_SOCKET */
-# endif
-#endif
-
-#if defined(__ultrix)
-# ifndef ssize_t
-# define ssize_t int
-# endif
-#endif
-
-#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
- /* include headers first, so our defines don't break it */
-#include <stdlib.h>
-#include <string.h>
- /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
-# define memmove(s1,s2,n) bcopy((s2),(s1),(n))
-# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
-extern char *sys_errlist[]; extern int sys_nerr;
-# define strerror(errnum) \
- (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
- /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */
-#include "crypto/o_str.h"
-# define memcmp OPENSSL_memcmp
-#endif
-
-#ifndef OPENSSL_EXIT
-# if defined(MONOLITH) && !defined(OPENSSL_C)
-# define OPENSSL_EXIT(n) return(n)
-# else
-# define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
-# endif
-#endif
-
-/***********************************************/
-
-/* do we need to do this for getenv.
- * Just define getenv for use under windows */
-
-#ifdef WIN16
-/* How to do this needs to be thought out a bit more.... */
-/*char *GETENV(char *);
-#define Getenv GETENV*/
-#define Getenv getenv
-#else
-#define Getenv getenv
-#endif
-
-#define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */
-
-#ifdef sgi
-#define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */
-#endif
-#ifdef OPENSSL_SYS_SNI
-#define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from the same bug.*/
-#endif
-
-#if defined(OPENSSL_SYS_WINDOWS)
-# define strcasecmp _stricmp
-# define strncasecmp _strnicmp
-#elif defined(OPENSSL_SYS_VMS)
-/* VMS below version 7.0 doesn't have strcasecmp() */
-# include "o_str.h"
-# define strcasecmp OPENSSL_strcasecmp
-# define strncasecmp OPENSSL_strncasecmp
-# define OPENSSL_IMPLEMENTS_strncasecmp
-#elif defined(OPENSSL_SYS_OS2) && defined(__EMX__)
-# define strcasecmp stricmp
-# define strncasecmp strnicmp
-#elif defined(OPENSSL_SYS_NETWARE)
-# include <string.h>
-# if defined(NETWARE_CLIB)
-# define strcasecmp stricmp
-# define strncasecmp strnicmp
-# endif /* NETWARE_CLIB */
-#endif
-
-#if defined(OPENSSL_SYS_OS2) && defined(__EMX__)
-# include <io.h>
-# include <fcntl.h>
-# define NO_SYSLOG
-#endif
-
-/* vxworks */
-#if defined(OPENSSL_SYS_VXWORKS)
-#include <ioLib.h>
-#include <tickLib.h>
-#include <sysLib.h>
-
-#define TTY_STRUCT int
-
-#define sleep(a) taskDelay((a) * sysClkRateGet())
-
-#include <vxWorks.h>
-#include <sockLib.h>
-#include <taskLib.h>
-
-#define getpid taskIdSelf
-
-/* NOTE: these are implemented by helpers in database app!
- * if the database is not linked, we need to implement them
- * elswhere */
-struct hostent *gethostbyname(const char *name);
-struct hostent *gethostbyaddr(const char *addr, int length, int type);
-struct servent *getservbyname(const char *name, const char *proto);
-
-#endif
-/* end vxworks */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/e_os.h (from rev 6976, vendor-crypto/openssl/dist/e_os.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/e_os.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/e_os.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,754 @@
+/* e_os.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_E_OS_H
+# define HEADER_E_OS_H
+
+# include <openssl/opensslconf.h>
+
+# include <openssl/e_os2.h>
+/*
+ * <openssl/e_os2.h> contains what we can justify to make visible to the
+ * outside; this file e_os.h is not part of the exported interface.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Used to checking reference counts, most while doing perl5 stuff :-) */
+# ifdef REF_PRINT
+# undef REF_PRINT
+# define REF_PRINT(a,b) fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a)
+# endif
+
+# ifndef DEVRANDOM
+/*
+ * set this to a comma-separated list of 'random' device files to try out. My
+ * default, we will try to read at least one of these files
+ */
+# define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
+# endif
+# ifndef DEVRANDOM_EGD
+/*
+ * set this to a comma-seperated list of 'egd' sockets to try out. These
+ * sockets will be tried in the order listed in case accessing the device
+ * files listed in DEVRANDOM did not return enough entropy.
+ */
+# define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
+# endif
+
+# if defined(OPENSSL_SYS_VXWORKS)
+# define NO_SYS_PARAM_H
+# define NO_CHMOD
+# define NO_SYSLOG
+# endif
+
+# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+# if macintosh==1
+# ifndef MAC_OS_GUSI_SOURCE
+# define MAC_OS_pre_X
+# define NO_SYS_TYPES_H
+typedef long ssize_t;
+# endif
+# define NO_SYS_PARAM_H
+# define NO_CHMOD
+# define NO_SYSLOG
+# undef DEVRANDOM
+# define GETPID_IS_MEANINGLESS
+# endif
+# endif
+
+/********************************************************************
+ The Microsoft section
+ ********************************************************************/
+/*
+ * The following is used becaue of the small stack in some Microsoft
+ * operating systems
+ */
+# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)
+# define MS_STATIC static
+# else
+# define MS_STATIC
+# endif
+
+# if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
+# define WIN32
+# endif
+# if defined(OPENSSL_SYS_WIN16) && !defined(WIN16)
+# define WIN16
+# endif
+# if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
+# define WINDOWS
+# endif
+# if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)
+# define MSDOS
+# endif
+
+# if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
+# define GETPID_IS_MEANINGLESS
+# endif
+
+# ifdef WIN32
+# define get_last_sys_error() GetLastError()
+# define clear_sys_error() SetLastError(0)
+# if !defined(WINNT)
+# define WIN_CONSOLE_BUG
+# endif
+# else
+# define get_last_sys_error() errno
+# define clear_sys_error() errno=0
+# endif
+
+# if defined(WINDOWS)
+# define get_last_socket_error() WSAGetLastError()
+# define clear_socket_error() WSASetLastError(0)
+# define readsocket(s,b,n) recv((s),(b),(n),0)
+# define writesocket(s,b,n) send((s),(b),(n),0)
+# elif defined(__DJGPP__)
+# define WATT32
+# define get_last_socket_error() errno
+# define clear_socket_error() errno=0
+# define closesocket(s) close_s(s)
+# define readsocket(s,b,n) read_s(s,b,n)
+# define writesocket(s,b,n) send(s,b,n,0)
+# elif defined(MAC_OS_pre_X)
+# define get_last_socket_error() errno
+# define clear_socket_error() errno=0
+# define closesocket(s) MacSocket_close(s)
+# define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true)
+# define writesocket(s,b,n) MacSocket_send((s),(b),(n))
+# elif defined(OPENSSL_SYS_VMS)
+# define get_last_socket_error() errno
+# define clear_socket_error() errno=0
+# define ioctlsocket(a,b,c) ioctl(a,b,c)
+# define closesocket(s) close(s)
+# define readsocket(s,b,n) recv((s),(b),(n),0)
+# define writesocket(s,b,n) send((s),(b),(n),0)
+# elif defined(OPENSSL_SYS_VXWORKS)
+# define get_last_socket_error() errno
+# define clear_socket_error() errno=0
+# define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c))
+# define closesocket(s) close(s)
+# define readsocket(s,b,n) read((s),(b),(n))
+# define writesocket(s,b,n) write((s),(char *)(b),(n))
+# elif defined(OPENSSL_SYS_NETWARE)
+# if defined(NETWARE_BSDSOCK)
+# define get_last_socket_error() errno
+# define clear_socket_error() errno=0
+# define closesocket(s) close(s)
+# define ioctlsocket(a,b,c) ioctl(a,b,c)
+# if defined(NETWARE_LIBC)
+# define readsocket(s,b,n) recv((s),(b),(n),0)
+# define writesocket(s,b,n) send((s),(b),(n),0)
+# else
+# define readsocket(s,b,n) recv((s),(char*)(b),(n),0)
+# define writesocket(s,b,n) send((s),(char*)(b),(n),0)
+# endif
+# else
+# define get_last_socket_error() WSAGetLastError()
+# define clear_socket_error() WSASetLastError(0)
+# define readsocket(s,b,n) recv((s),(b),(n),0)
+# define writesocket(s,b,n) send((s),(b),(n),0)
+# endif
+# else
+# define get_last_socket_error() errno
+# define clear_socket_error() errno=0
+# define ioctlsocket(a,b,c) ioctl(a,b,c)
+# define closesocket(s) close(s)
+# define readsocket(s,b,n) read((s),(b),(n))
+# define writesocket(s,b,n) write((s),(b),(n))
+# endif
+
+# ifdef WIN16
+# define MS_CALLBACK _far _loadds
+# define MS_FAR _far
+# else
+# define MS_CALLBACK
+# define MS_FAR
+# endif
+
+# ifdef OPENSSL_NO_STDIO
+# undef OPENSSL_NO_FP_API
+# define OPENSSL_NO_FP_API
+# endif
+
+# if (defined(WINDOWS) || defined(MSDOS))
+
+# ifdef __DJGPP__
+# include <unistd.h>
+# include <sys/stat.h>
+# include <sys/socket.h>
+# include <tcp.h>
+# include <netdb.h>
+# define _setmode setmode
+# define _O_TEXT O_TEXT
+# define _O_BINARY O_BINARY
+# undef DEVRANDOM
+# define DEVRANDOM "/dev/urandom\x24"
+# endif /* __DJGPP__ */
+
+# ifndef S_IFDIR
+# define S_IFDIR _S_IFDIR
+# endif
+
+# ifndef S_IFMT
+# define S_IFMT _S_IFMT
+# endif
+
+# if !defined(WINNT) && !defined(__DJGPP__)
+# define NO_SYSLOG
+# endif
+# define NO_DIRENT
+
+# ifdef WINDOWS
+# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT)
+ /*
+ * Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
+ * Most notably we ought to check for availability of each specific
+ * routine with GetProcAddress() and/or quard NT-specific calls with
+ * GetVersion() < 0x80000000. One can argue that in latter "or" case
+ * we ought to /DELAYLOAD some .DLLs in order to protect ourselves
+ * against run-time link errors. This doesn't seem to be necessary,
+ * because it turned out that already Windows 95, first non-NT Win32
+ * implementation, is equipped with at least NT 3.51 stubs, dummy
+ * routines with same name, but which do nothing. Meaning that it's
+ * apparently appropriate to guard generic NT calls with GetVersion
+ * alone, while NT 4.0 and above calls ought to be additionally
+ * checked upon with GetProcAddress.
+ */
+# define _WIN32_WINNT 0x0400
+# endif
+# include <windows.h>
+# include <stdio.h>
+# include <stddef.h>
+# include <errno.h>
+# include <string.h>
+# ifdef _WIN64
+# define strlen(s) _strlen31(s)
+/* cut strings to 2GB */
+static __inline unsigned int _strlen31(const char *str)
+{
+ unsigned int len = 0;
+ while (*str && len < 0x80000000U)
+ str++, len++;
+ return len & 0x7FFFFFFF;
+}
+# endif
+# include <malloc.h>
+# if defined(_MSC_VER) && _MSC_VER<=1200 && defined(_MT) && defined(isspace)
+ /* compensate for bug in VC6 ctype.h */
+# undef isspace
+# undef isdigit
+# undef isalnum
+# undef isupper
+# undef isxdigit
+# endif
+# if defined(_MSC_VER) && !defined(_DLL) && defined(stdin)
+# if _MSC_VER>=1300
+# undef stdin
+# undef stdout
+# undef stderr
+FILE *__iob_func();
+# define stdin (&__iob_func()[0])
+# define stdout (&__iob_func()[1])
+# define stderr (&__iob_func()[2])
+# elif defined(I_CAN_LIVE_WITH_LNK4049)
+# undef stdin
+# undef stdout
+# undef stderr
+ /*
+ * pre-1300 has __p__iob(), but it's available only in msvcrt.lib,
+ * or in other words with /MD. Declaring implicit import, i.e. with
+ * _imp_ prefix, works correctly with all compiler options, but
+ * without /MD results in LINK warning LNK4049: 'locally defined
+ * symbol "__iob" imported'.
+ */
+extern FILE *_imp___iob;
+# define stdin (&_imp___iob[0])
+# define stdout (&_imp___iob[1])
+# define stderr (&_imp___iob[2])
+# endif
+# endif
+# endif
+# include <io.h>
+# include <fcntl.h>
+
+# ifdef OPENSSL_SYS_WINCE
+# include <winsock_extras.h>
+# endif
+
+# define ssize_t long
+
+# if defined (__BORLANDC__)
+# define _setmode setmode
+# define _O_TEXT O_TEXT
+# define _O_BINARY O_BINARY
+# define _int64 __int64
+# define _kbhit kbhit
+# endif
+
+# if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+# define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
+# define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
+# else
+# define EXIT(n) exit(n)
+# endif
+# define LIST_SEPARATOR_CHAR ';'
+# ifndef X_OK
+# define X_OK 0
+# endif
+# ifndef W_OK
+# define W_OK 2
+# endif
+# ifndef R_OK
+# define R_OK 4
+# endif
+# define OPENSSL_CONF "openssl.cnf"
+# define SSLEAY_CONF OPENSSL_CONF
+# define NUL_DEV "nul"
+# define RFILE ".rnd"
+# ifdef OPENSSL_SYS_WINCE
+# define DEFAULT_HOME ""
+# else
+# define DEFAULT_HOME "C:"
+# endif
+
+/* Avoid Visual Studio 13 GetVersion deprecated problems */
+# if defined(_MSC_VER) && _MSC_VER>=1800
+# define check_winnt() (1)
+# define check_win_minplat(x) (1)
+# else
+# define check_winnt() (GetVersion() < 0x80000000)
+# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x))
+# endif
+
+# else /* The non-microsoft world */
+
+# ifdef OPENSSL_SYS_VMS
+# define VMS 1
+ /*
+ * some programs don't include stdlib, so exit() and others give implicit
+ * function warnings
+ */
+# include <stdlib.h>
+# if defined(__DECC)
+# include <unistd.h>
+# else
+# include <unixlib.h>
+# endif
+# define OPENSSL_CONF "openssl.cnf"
+# define SSLEAY_CONF OPENSSL_CONF
+# define RFILE ".rnd"
+# define LIST_SEPARATOR_CHAR ','
+# define NUL_DEV "NLA0:"
+ /* We don't have any well-defined random devices on VMS, yet... */
+# undef DEVRANDOM
+ /*-
+ We need to do this since VMS has the following coding on status codes:
+
+ Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...
+ The important thing to know is that odd numbers are considered
+ good, while even ones are considered errors.
+ Bits 3-15: actual status number
+ Bits 16-27: facility number. 0 is considered "unknown"
+ Bits 28-31: control bits. If bit 28 is set, the shell won't try to
+ output the message (which, for random codes, just looks ugly)
+
+ So, what we do here is to change 0 to 1 to get the default success status,
+ and everything else is shifted up to fit into the status number field, and
+ the status is tagged as an error, which I believe is what is wanted here.
+ -- Richard Levitte
+ */
+# define EXIT(n) do { int __VMS_EXIT = n; \
+ if (__VMS_EXIT == 0) \
+ __VMS_EXIT = 1; \
+ else \
+ __VMS_EXIT = (n << 3) | 2; \
+ __VMS_EXIT |= 0x10000000; \
+ exit(__VMS_EXIT); } while(0)
+# define NO_SYS_PARAM_H
+
+# elif defined(OPENSSL_SYS_NETWARE)
+# include <fcntl.h>
+# include <unistd.h>
+# define NO_SYS_TYPES_H
+# undef DEVRANDOM
+# ifdef NETWARE_CLIB
+# define getpid GetThreadID
+extern int GetThreadID(void);
+/* # include <conio.h> */
+extern int kbhit(void);
+extern void delay(unsigned milliseconds);
+# else
+# include <screen.h>
+# endif
+# define NO_SYSLOG
+# define _setmode setmode
+# define _kbhit kbhit
+# define _O_TEXT O_TEXT
+# define _O_BINARY O_BINARY
+# define OPENSSL_CONF "openssl.cnf"
+# define SSLEAY_CONF OPENSSL_CONF
+# define RFILE ".rnd"
+# define LIST_SEPARATOR_CHAR ';'
+# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); }
+
+# else
+ /* !defined VMS */
+# ifdef OPENSSL_SYS_MPE
+# define NO_SYS_PARAM_H
+# endif
+# ifdef OPENSSL_UNISTD
+# include OPENSSL_UNISTD
+# else
+# include <unistd.h>
+# endif
+# ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+# endif
+# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4)
+# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
+ * (unless when compiling with
+ * -D_POSIX_SOURCE, which doesn't work for
+ * us) */
+# endif
+# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
+# define ssize_t int /* ditto */
+# endif
+# ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */
+# define setvbuf(a, b, c, d) setbuffer((a), (b), (d))
+typedef unsigned long clock_t;
+# endif
+
+# define OPENSSL_CONF "openssl.cnf"
+# define SSLEAY_CONF OPENSSL_CONF
+# define RFILE ".rnd"
+# define LIST_SEPARATOR_CHAR ':'
+# define NUL_DEV "/dev/null"
+# define EXIT(n) exit(n)
+# endif
+
+# define SSLeay_getpid() getpid()
+
+# endif
+
+/*************/
+
+# ifdef USE_SOCKETS
+# if defined(WINDOWS) || defined(MSDOS)
+ /* windows world */
+
+# ifdef OPENSSL_NO_SOCK
+# define SSLeay_Write(a,b,c) (-1)
+# define SSLeay_Read(a,b,c) (-1)
+# define SHUTDOWN(fd) close(fd)
+# define SHUTDOWN2(fd) close(fd)
+# elif !defined(__DJGPP__)
+# include <winsock.h>
+extern HINSTANCE _hInstance;
+# ifdef _WIN64
+/*
+ * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because
+ * the value constitutes an index in per-process table of limited size
+ * and not a real pointer.
+ */
+# define socket(d,t,p) ((int)socket(d,t,p))
+# define accept(s,f,l) ((int)accept(s,f,l))
+# endif
+# define SSLeay_Write(a,b,c) send((a),(b),(c),0)
+# define SSLeay_Read(a,b,c) recv((a),(b),(c),0)
+# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); }
+# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); }
+# else
+# define SSLeay_Write(a,b,c) write_s(a,b,c,0)
+# define SSLeay_Read(a,b,c) read_s(a,b,c)
+# define SHUTDOWN(fd) close_s(fd)
+# define SHUTDOWN2(fd) close_s(fd)
+# endif
+
+# elif defined(MAC_OS_pre_X)
+
+# include "MacSocket.h"
+# define SSLeay_Write(a,b,c) MacSocket_send((a),(b),(c))
+# define SSLeay_Read(a,b,c) MacSocket_recv((a),(b),(c),true)
+# define SHUTDOWN(fd) MacSocket_close(fd)
+# define SHUTDOWN2(fd) MacSocket_close(fd)
+
+# elif defined(OPENSSL_SYS_NETWARE)
+ /*
+ * NetWare uses the WinSock2 interfaces by default, but can be
+ * configured for BSD
+ */
+# if defined(NETWARE_BSDSOCK)
+# include <sys/socket.h>
+# include <netinet/in.h>
+# include <sys/time.h>
+# if defined(NETWARE_CLIB)
+# include <sys/bsdskt.h>
+# else
+# include <sys/select.h>
+# endif
+# define INVALID_SOCKET (int)(~0)
+# else
+# include <novsock2.h>
+# endif
+# define SSLeay_Write(a,b,c) send((a),(b),(c),0)
+# define SSLeay_Read(a,b,c) recv((a),(b),(c),0)
+# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); }
+# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); }
+
+# else
+
+# ifndef NO_SYS_PARAM_H
+# include <sys/param.h>
+# endif
+# ifdef OPENSSL_SYS_VXWORKS
+# include <time.h>
+# elif !defined(OPENSSL_SYS_MPE)
+# include <sys/time.h> /* Needed under linux for FD_XXX */
+# endif
+
+# include <netdb.h>
+# if defined(OPENSSL_SYS_VMS_NODECC)
+# include <socket.h>
+# include <in.h>
+# include <inet.h>
+# else
+# include <sys/socket.h>
+# ifdef FILIO_H
+# include <sys/filio.h> /* Added for FIONBIO under unixware */
+# endif
+# include <netinet/in.h>
+# include <arpa/inet.h>
+# endif
+
+# if defined(NeXT) || defined(_NEXT_SOURCE)
+# include <sys/fcntl.h>
+# include <sys/types.h>
+# endif
+
+# ifdef OPENSSL_SYS_AIX
+# include <sys/select.h>
+# endif
+
+# ifdef __QNX__
+# include <sys/select.h>
+# endif
+
+# if defined(sun)
+# include <sys/filio.h>
+# else
+# ifndef VMS
+# include <sys/ioctl.h>
+# else
+ /* ioctl is only in VMS > 7.0 and when socketshr is not used */
+# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
+# include <sys/ioctl.h>
+# endif
+# endif
+# endif
+
+# ifdef VMS
+# include <unixio.h>
+# if defined(TCPIP_TYPE_SOCKETSHR)
+# include <socketshr.h>
+# endif
+# endif
+
+# define SSLeay_Read(a,b,c) read((a),(b),(c))
+# define SSLeay_Write(a,b,c) write((a),(b),(c))
+# define SHUTDOWN(fd) { shutdown((fd),0); closesocket((fd)); }
+# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); }
+# ifndef INVALID_SOCKET
+# define INVALID_SOCKET (-1)
+# endif /* INVALID_SOCKET */
+# endif
+# endif
+
+# if defined(__ultrix)
+# ifndef ssize_t
+# define ssize_t int
+# endif
+# endif
+
+# if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
+ /* include headers first, so our defines don't break it */
+# include <stdlib.h>
+# include <string.h>
+ /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
+# define memmove(s1,s2,n) bcopy((s2),(s1),(n))
+# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
+extern char *sys_errlist[];
+extern int sys_nerr;
+# define strerror(errnum) \
+ (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
+ /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */
+# include "crypto/o_str.h"
+# define memcmp OPENSSL_memcmp
+# endif
+
+# ifndef OPENSSL_EXIT
+# if defined(MONOLITH) && !defined(OPENSSL_C)
+# define OPENSSL_EXIT(n) return(n)
+# else
+# define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
+# endif
+# endif
+
+/***********************************************/
+
+/*
+ * do we need to do this for getenv. Just define getenv for use under windows
+ */
+
+# ifdef WIN16
+/* How to do this needs to be thought out a bit more.... */
+/*
+ * char *GETENV(char *); #define Getenv GETENV
+ */
+# define Getenv getenv
+# else
+# define Getenv getenv
+# endif
+
+# define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */
+
+# ifdef sgi
+# define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */
+# endif
+# ifdef OPENSSL_SYS_SNI
+# define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from
+ * the same bug. */
+# endif
+
+# if defined(OPENSSL_SYS_WINDOWS)
+# define strcasecmp _stricmp
+# define strncasecmp _strnicmp
+# elif defined(OPENSSL_SYS_VMS)
+/* VMS below version 7.0 doesn't have strcasecmp() */
+# include "o_str.h"
+# define strcasecmp OPENSSL_strcasecmp
+# define strncasecmp OPENSSL_strncasecmp
+# define OPENSSL_IMPLEMENTS_strncasecmp
+# elif defined(OPENSSL_SYS_OS2) && defined(__EMX__)
+# define strcasecmp stricmp
+# define strncasecmp strnicmp
+# elif defined(OPENSSL_SYS_NETWARE)
+# include <string.h>
+# if defined(NETWARE_CLIB)
+# define strcasecmp stricmp
+# define strncasecmp strnicmp
+# endif /* NETWARE_CLIB */
+# endif
+
+# if defined(OPENSSL_SYS_OS2) && defined(__EMX__)
+# include <io.h>
+# include <fcntl.h>
+# define NO_SYSLOG
+# endif
+
+/* vxworks */
+# if defined(OPENSSL_SYS_VXWORKS)
+# include <ioLib.h>
+# include <tickLib.h>
+# include <sysLib.h>
+
+# define TTY_STRUCT int
+
+# define sleep(a) taskDelay((a) * sysClkRateGet())
+
+# include <vxWorks.h>
+# include <sockLib.h>
+# include <taskLib.h>
+
+# define getpid taskIdSelf
+
+/*
+ * NOTE: these are implemented by helpers in database app! if the database is
+ * not linked, we need to implement them elswhere
+ */
+struct hostent *gethostbyname(const char *name);
+struct hostent *gethostbyaddr(const char *addr, int length, int type);
+struct servent *getservbyname(const char *name, const char *proto);
+
+# endif
+/* end vxworks */
+
+# if !defined(inline) && !defined(__cplusplus)
+# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L
+ /* do nothing, inline works */
+# elif defined(__GNUC__) && __GNUC__>=2
+# define inline __inline__
+# elif defined(_MSC_VER)
+ /*
+ * Visual Studio: inline is available in C++ only, however
+ * __inline is available for C, see
+ * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
+ */
+# define inline __inline
+# else
+# define inline
+# endif
+# endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/e_os2.h
===================================================================
--- vendor-crypto/openssl/dist/e_os2.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/e_os2.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,279 +0,0 @@
-/* e_os2.h */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-
-#ifndef HEADER_E_OS2_H
-#define HEADER_E_OS2_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/******************************************************************************
- * Detect operating systems. This probably needs completing.
- * The result is that at least one OPENSSL_SYS_os macro should be defined.
- * However, if none is defined, Unix is assumed.
- **/
-
-#define OPENSSL_SYS_UNIX
-
-/* ----------------------- Macintosh, before MacOS X ----------------------- */
-#if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_MACINTOSH_CLASSIC
-#endif
-
-/* ----------------------- NetWare ----------------------------------------- */
-#if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_NETWARE
-#endif
-
-/* ---------------------- Microsoft operating systems ---------------------- */
-
-/* Note that MSDOS actually denotes 32-bit environments running on top of
- MS-DOS, such as DJGPP one. */
-#if defined(OPENSSL_SYSNAME_MSDOS)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_MSDOS
-#endif
-
-/* For 32 bit environment, there seems to be the CygWin environment and then
- all the others that try to do the same thing Microsoft does... */
-#if defined(OPENSSL_SYSNAME_UWIN)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WIN32_UWIN
-#else
-# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WIN32_CYGWIN
-# else
-# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WIN32
-# endif
-# if defined(OPENSSL_SYSNAME_WINNT)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WINNT
-# endif
-# if defined(OPENSSL_SYSNAME_WINCE)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WINCE
-# endif
-# endif
-#endif
-
-/* Anything that tries to look like Microsoft is "Windows" */
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WINDOWS
-# ifndef OPENSSL_SYS_MSDOS
-# define OPENSSL_SYS_MSDOS
-# endif
-#endif
-
-/* DLL settings. This part is a bit tough, because it's up to the application
- implementor how he or she will link the application, so it requires some
- macro to be used. */
-#ifdef OPENSSL_SYS_WINDOWS
-# ifndef OPENSSL_OPT_WINDLL
-# if defined(_WINDLL) /* This is used when building OpenSSL to indicate that
- DLL linkage should be used */
-# define OPENSSL_OPT_WINDLL
-# endif
-# endif
-#endif
-
-/* -------------------------------- OpenVMS -------------------------------- */
-#if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_VMS
-# if defined(__DECC)
-# define OPENSSL_SYS_VMS_DECC
-# elif defined(__DECCXX)
-# define OPENSSL_SYS_VMS_DECC
-# define OPENSSL_SYS_VMS_DECCXX
-# else
-# define OPENSSL_SYS_VMS_NODECC
-# endif
-#endif
-
-/* --------------------------------- OS/2 ---------------------------------- */
-#if defined(__EMX__) || defined(__OS2__)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_OS2
-#endif
-
-/* --------------------------------- Unix ---------------------------------- */
-#ifdef OPENSSL_SYS_UNIX
-# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX)
-# define OPENSSL_SYS_LINUX
-# endif
-# ifdef OPENSSL_SYSNAME_MPE
-# define OPENSSL_SYS_MPE
-# endif
-# ifdef OPENSSL_SYSNAME_SNI
-# define OPENSSL_SYS_SNI
-# endif
-# ifdef OPENSSL_SYSNAME_ULTRASPARC
-# define OPENSSL_SYS_ULTRASPARC
-# endif
-# ifdef OPENSSL_SYSNAME_NEWS4
-# define OPENSSL_SYS_NEWS4
-# endif
-# ifdef OPENSSL_SYSNAME_MACOSX
-# define OPENSSL_SYS_MACOSX
-# endif
-# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY
-# define OPENSSL_SYS_MACOSX_RHAPSODY
-# define OPENSSL_SYS_MACOSX
-# endif
-# ifdef OPENSSL_SYSNAME_SUNOS
-# define OPENSSL_SYS_SUNOS
-#endif
-# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY)
-# define OPENSSL_SYS_CRAY
-# endif
-# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX)
-# define OPENSSL_SYS_AIX
-# endif
-#endif
-
-/* --------------------------------- VOS ----------------------------------- */
-#ifdef OPENSSL_SYSNAME_VOS
-# define OPENSSL_SYS_VOS
-#endif
-
-/* ------------------------------- VxWorks --------------------------------- */
-#ifdef OPENSSL_SYSNAME_VXWORKS
-# define OPENSSL_SYS_VXWORKS
-#endif
-
-/**
- * That's it for OS-specific stuff
- *****************************************************************************/
-
-
-/* Specials for I/O an exit */
-#ifdef OPENSSL_SYS_MSDOS
-# define OPENSSL_UNISTD_IO <io.h>
-# define OPENSSL_DECLARE_EXIT extern void exit(int);
-#else
-# define OPENSSL_UNISTD_IO OPENSSL_UNISTD
-# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */
-#endif
-
-/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
- certain global symbols that, with some compilers under VMS, have to be
- defined and declared explicitely with globaldef and globalref.
- Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
- DLL exports and imports for compilers under Win32. These are a little
- more complicated to use. Basically, for any library that exports some
- global variables, the following code must be present in the header file
- that declares them, before OPENSSL_EXTERN is used:
-
- #ifdef SOME_BUILD_FLAG_MACRO
- # undef OPENSSL_EXTERN
- # define OPENSSL_EXTERN OPENSSL_EXPORT
- #endif
-
- The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL
- have some generally sensible values, and for OPENSSL_EXTERN to have the
- value OPENSSL_IMPORT.
-*/
-
-#if defined(OPENSSL_SYS_VMS_NODECC)
-# define OPENSSL_EXPORT globalref
-# define OPENSSL_IMPORT globalref
-# define OPENSSL_GLOBAL globaldef
-#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
-# define OPENSSL_EXPORT extern __declspec(dllexport)
-# define OPENSSL_IMPORT extern __declspec(dllimport)
-# define OPENSSL_GLOBAL
-#else
-# define OPENSSL_EXPORT extern
-# define OPENSSL_IMPORT extern
-# define OPENSSL_GLOBAL
-#endif
-#define OPENSSL_EXTERN OPENSSL_IMPORT
-
-/* Macros to allow global variables to be reached through function calls when
- required (if a shared library version requvres it, for example.
- The way it's done allows definitions like this:
-
- // in foobar.c
- OPENSSL_IMPLEMENT_GLOBAL(int,foobar) = 0;
- // in foobar.h
- OPENSSL_DECLARE_GLOBAL(int,foobar);
- #define foobar OPENSSL_GLOBAL_REF(foobar)
-*/
-#ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name) \
- extern type _hide_##name; \
- type *_shadow_##name(void) { return &_hide_##name; } \
- static type _hide_##name
-# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
-# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
-#else
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name
-# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
-# define OPENSSL_GLOBAL_REF(name) _shadow_##name
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/e_os2.h (from rev 6976, vendor-crypto/openssl/dist/e_os2.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/e_os2.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/e_os2.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,286 @@
+/* e_os2.h */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+
+#ifndef HEADER_E_OS2_H
+# define HEADER_E_OS2_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/******************************************************************************
+ * Detect operating systems. This probably needs completing.
+ * The result is that at least one OPENSSL_SYS_os macro should be defined.
+ * However, if none is defined, Unix is assumed.
+ **/
+
+# define OPENSSL_SYS_UNIX
+
+/* ---------------------- Macintosh, before MacOS X ----------------------- */
+# if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_MACINTOSH_CLASSIC
+# endif
+
+/* ---------------------- NetWare ----------------------------------------- */
+# if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_NETWARE
+# endif
+
+/* --------------------- Microsoft operating systems ---------------------- */
+
+/*
+ * Note that MSDOS actually denotes 32-bit environments running on top of
+ * MS-DOS, such as DJGPP one.
+ */
+# if defined(OPENSSL_SYSNAME_MSDOS)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_MSDOS
+# endif
+
+/*
+ * For 32 bit environment, there seems to be the CygWin environment and then
+ * all the others that try to do the same thing Microsoft does...
+ */
+# if defined(OPENSSL_SYSNAME_UWIN)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WIN32_UWIN
+# else
+# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WIN32_CYGWIN
+# else
+# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WIN32
+# endif
+# if defined(OPENSSL_SYSNAME_WINNT)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WINNT
+# endif
+# if defined(OPENSSL_SYSNAME_WINCE)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WINCE
+# endif
+# endif
+# endif
+
+/* Anything that tries to look like Microsoft is "Windows" */
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WINDOWS
+# ifndef OPENSSL_SYS_MSDOS
+# define OPENSSL_SYS_MSDOS
+# endif
+# endif
+
+/*
+ * DLL settings. This part is a bit tough, because it's up to the
+ * application implementor how he or she will link the application, so it
+ * requires some macro to be used.
+ */
+# ifdef OPENSSL_SYS_WINDOWS
+# ifndef OPENSSL_OPT_WINDLL
+# if defined(_WINDLL) /* This is used when building OpenSSL to
+ * indicate that DLL linkage should be used */
+# define OPENSSL_OPT_WINDLL
+# endif
+# endif
+# endif
+
+/* ------------------------------- OpenVMS -------------------------------- */
+# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_VMS
+# if defined(__DECC)
+# define OPENSSL_SYS_VMS_DECC
+# elif defined(__DECCXX)
+# define OPENSSL_SYS_VMS_DECC
+# define OPENSSL_SYS_VMS_DECCXX
+# else
+# define OPENSSL_SYS_VMS_NODECC
+# endif
+# endif
+
+/* -------------------------------- OS/2 ---------------------------------- */
+# if defined(__EMX__) || defined(__OS2__)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_OS2
+# endif
+
+/* -------------------------------- Unix ---------------------------------- */
+# ifdef OPENSSL_SYS_UNIX
+# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX)
+# define OPENSSL_SYS_LINUX
+# endif
+# ifdef OPENSSL_SYSNAME_MPE
+# define OPENSSL_SYS_MPE
+# endif
+# ifdef OPENSSL_SYSNAME_SNI
+# define OPENSSL_SYS_SNI
+# endif
+# ifdef OPENSSL_SYSNAME_ULTRASPARC
+# define OPENSSL_SYS_ULTRASPARC
+# endif
+# ifdef OPENSSL_SYSNAME_NEWS4
+# define OPENSSL_SYS_NEWS4
+# endif
+# ifdef OPENSSL_SYSNAME_MACOSX
+# define OPENSSL_SYS_MACOSX
+# endif
+# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY
+# define OPENSSL_SYS_MACOSX_RHAPSODY
+# define OPENSSL_SYS_MACOSX
+# endif
+# ifdef OPENSSL_SYSNAME_SUNOS
+# define OPENSSL_SYS_SUNOS
+# endif
+# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY)
+# define OPENSSL_SYS_CRAY
+# endif
+# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX)
+# define OPENSSL_SYS_AIX
+# endif
+# endif
+
+/* -------------------------------- VOS ----------------------------------- */
+# ifdef OPENSSL_SYSNAME_VOS
+# define OPENSSL_SYS_VOS
+# endif
+
+/* ------------------------------ VxWorks --------------------------------- */
+# ifdef OPENSSL_SYSNAME_VXWORKS
+# define OPENSSL_SYS_VXWORKS
+# endif
+
+/**
+ * That's it for OS-specific stuff
+ *****************************************************************************/
+
+/* Specials for I/O an exit */
+# ifdef OPENSSL_SYS_MSDOS
+# define OPENSSL_UNISTD_IO <io.h>
+# define OPENSSL_DECLARE_EXIT extern void exit(int);
+# else
+# define OPENSSL_UNISTD_IO OPENSSL_UNISTD
+# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */
+# endif
+
+/*-
+ * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
+ * certain global symbols that, with some compilers under VMS, have to be
+ * defined and declared explicitely with globaldef and globalref.
+ * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
+ * DLL exports and imports for compilers under Win32. These are a little
+ * more complicated to use. Basically, for any library that exports some
+ * global variables, the following code must be present in the header file
+ * that declares them, before OPENSSL_EXTERN is used:
+ *
+ * #ifdef SOME_BUILD_FLAG_MACRO
+ * # undef OPENSSL_EXTERN
+ * # define OPENSSL_EXTERN OPENSSL_EXPORT
+ * #endif
+ *
+ * The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL
+ * have some generally sensible values, and for OPENSSL_EXTERN to have the
+ * value OPENSSL_IMPORT.
+ */
+
+# if defined(OPENSSL_SYS_VMS_NODECC)
+# define OPENSSL_EXPORT globalref
+# define OPENSSL_IMPORT globalref
+# define OPENSSL_GLOBAL globaldef
+# elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
+# define OPENSSL_EXPORT extern __declspec(dllexport)
+# define OPENSSL_IMPORT extern __declspec(dllimport)
+# define OPENSSL_GLOBAL
+# else
+# define OPENSSL_EXPORT extern
+# define OPENSSL_IMPORT extern
+# define OPENSSL_GLOBAL
+# endif
+# define OPENSSL_EXTERN OPENSSL_IMPORT
+
+/*-
+ * Macros to allow global variables to be reached through function calls when
+ * required (if a shared library version requires it, for example.
+ * The way it's done allows definitions like this:
+ *
+ * // in foobar.c
+ * OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
+ * // in foobar.h
+ * OPENSSL_DECLARE_GLOBAL(int,foobar);
+ * #define foobar OPENSSL_GLOBAL_REF(foobar)
+ */
+# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
+# define OPENSSL_IMPLEMENT_GLOBAL(type,name) \
+ extern type _hide_##name; \
+ type *_shadow_##name(void) { return &_hide_##name; } \
+ static type _hide_##name
+# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
+# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
+# else
+# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name
+# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
+# define OPENSSL_GLOBAL_REF(name) _shadow_##name
+# endif
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_4758cca.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_4758cca.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_4758cca.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,994 +0,0 @@
-/* Author: Maurice Gittens <maurice at gittens.nl> */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/engine.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_4758_CCA
-
-#ifdef FLAT_INC
-#include "hw_4758_cca.h"
-#else
-#include "vendor_defns/hw_4758_cca.h"
-#endif
-
-#include "e_4758cca_err.c"
-
-static int ibm_4758_cca_destroy(ENGINE *e);
-static int ibm_4758_cca_init(ENGINE *e);
-static int ibm_4758_cca_finish(ENGINE *e);
-static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-/* rsa functions */
-/*---------------*/
-#ifndef OPENSSL_NO_RSA
-static int cca_rsa_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int cca_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
-
-/* utility functions */
-/*-----------------------*/
-static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*,
- UI_METHOD *ui_method, void *callback_data);
-static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*,
- UI_METHOD *ui_method, void *callback_data);
-
-static int getModulusAndExponent(const unsigned char *token, long *exponentLength,
- unsigned char *exponent, long *modulusLength,
- long *modulusFieldLength, unsigned char *modulus);
-#endif
-
-/* RAND number functions */
-/*-----------------------*/
-static int cca_get_random_bytes(unsigned char*, int );
-static int cca_random_status(void);
-
-#ifndef OPENSSL_NO_RSA
-static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp);
-#endif
-
-/* Function pointers for CCA verbs */
-/*---------------------------------*/
-#ifndef OPENSSL_NO_RSA
-static F_KEYRECORDREAD keyRecordRead;
-static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
-static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
-static F_PUBLICKEYEXTRACT publicKeyExtract;
-static F_PKAENCRYPT pkaEncrypt;
-static F_PKADECRYPT pkaDecrypt;
-#endif
-static F_RANDOMNUMBERGENERATE randomNumberGenerate;
-
-/* static variables */
-/*------------------*/
-static const char *CCA4758_LIB_NAME = NULL;
-static const char *get_CCA4758_LIB_NAME(void)
- {
- if(CCA4758_LIB_NAME)
- return CCA4758_LIB_NAME;
- return CCA_LIB_NAME;
- }
-static void free_CCA4758_LIB_NAME(void)
- {
- if(CCA4758_LIB_NAME)
- OPENSSL_free((void*)CCA4758_LIB_NAME);
- CCA4758_LIB_NAME = NULL;
- }
-static long set_CCA4758_LIB_NAME(const char *name)
- {
- free_CCA4758_LIB_NAME();
- return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-#ifndef OPENSSL_NO_RSA
-static const char* n_keyRecordRead = CSNDKRR;
-static const char* n_digitalSignatureGenerate = CSNDDSG;
-static const char* n_digitalSignatureVerify = CSNDDSV;
-static const char* n_publicKeyExtract = CSNDPKX;
-static const char* n_pkaEncrypt = CSNDPKE;
-static const char* n_pkaDecrypt = CSNDPKD;
-#endif
-static const char* n_randomNumberGenerate = CSNBRNG;
-
-#ifndef OPENSSL_NO_RSA
-static int hndidx = -1;
-#endif
-static DSO *dso = NULL;
-
-/* openssl engine initialization structures */
-/*------------------------------------------*/
-
-#define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = {
- {CCA4758_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the '4758cca' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-static RSA_METHOD ibm_4758_cca_rsa =
- {
- "IBM 4758 CCA RSA method",
- cca_rsa_pub_enc,
- NULL,
- NULL,
- cca_rsa_priv_dec,
- NULL, /*rsa_mod_exp,*/
- NULL, /*mod_exp_mont,*/
- NULL, /* init */
- NULL, /* finish */
- RSA_FLAG_SIGN_VER, /* flags */
- NULL, /* app_data */
- cca_rsa_sign, /* rsa_sign */
- cca_rsa_verify, /* rsa_verify */
- NULL /* rsa_keygen */
- };
-#endif
-
-static RAND_METHOD ibm_4758_cca_rand =
- {
- /* "IBM 4758 RAND method", */
- NULL, /* seed */
- cca_get_random_bytes, /* get random bytes from the card */
- NULL, /* cleanup */
- NULL, /* add */
- cca_get_random_bytes, /* pseudo rand */
- cca_random_status, /* status */
- };
-
-static const char *engine_4758_cca_id = "4758cca";
-static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support";
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-/* Compatibility hack, the dynamic library uses this form in the path */
-static const char *engine_4758_cca_id_alt = "4758_cca";
-#endif
-
-/* engine implementation */
-/*-----------------------*/
-static int bind_helper(ENGINE *e)
- {
- if(!ENGINE_set_id(e, engine_4758_cca_id) ||
- !ENGINE_set_name(e, engine_4758_cca_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
-#endif
- !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
- !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
- !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
- !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
- !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
- !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
-#endif
- !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
- return 0;
- /* Ensure the error handling is set up */
- ERR_load_CCA4758_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_4758_cca(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_4758cca(void)
- {
- ENGINE *e_4758 = engine_4758_cca();
- if (!e_4758) return;
- ENGINE_add(e_4758);
- ENGINE_free(e_4758);
- ERR_clear_error();
- }
-#endif
-
-static int ibm_4758_cca_destroy(ENGINE *e)
- {
- ERR_unload_CCA4758_strings();
- free_CCA4758_LIB_NAME();
- return 1;
- }
-
-static int ibm_4758_cca_init(ENGINE *e)
- {
- if(dso)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED);
- goto err;
- }
-
- dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
- if(!dso)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
- goto err;
- }
-
-#ifndef OPENSSL_NO_RSA
- if(!(keyRecordRead = (F_KEYRECORDREAD)
- DSO_bind_func(dso, n_keyRecordRead)) ||
- !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
- DSO_bind_func(dso, n_randomNumberGenerate)) ||
- !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
- DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
- !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
- DSO_bind_func(dso, n_digitalSignatureVerify)) ||
- !(publicKeyExtract = (F_PUBLICKEYEXTRACT)
- DSO_bind_func(dso, n_publicKeyExtract)) ||
- !(pkaEncrypt = (F_PKAENCRYPT)
- DSO_bind_func(dso, n_pkaEncrypt)) ||
- !(pkaDecrypt = (F_PKADECRYPT)
- DSO_bind_func(dso, n_pkaDecrypt)))
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
- goto err;
- }
-#else
- if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
- DSO_bind_func(dso, n_randomNumberGenerate)))
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
- goto err;
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
- hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
- NULL, NULL, cca_ex_free);
-#endif
-
- return 1;
-err:
- if(dso)
- DSO_free(dso);
- dso = NULL;
-
-#ifndef OPENSSL_NO_RSA
- keyRecordRead = (F_KEYRECORDREAD)0;
- digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
- digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
- publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
- pkaEncrypt = (F_PKAENCRYPT)0;
- pkaDecrypt = (F_PKADECRYPT)0;
-#endif
- randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
- return 0;
- }
-
-static int ibm_4758_cca_finish(ENGINE *e)
- {
- free_CCA4758_LIB_NAME();
- if(!dso)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
- CCA4758_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(dso))
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
- CCA4758_R_UNIT_FAILURE);
- return 0;
- }
- dso = NULL;
-#ifndef OPENSSL_NO_RSA
- keyRecordRead = (F_KEYRECORDREAD)0;
- randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
- digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
- digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
- publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
- pkaEncrypt = (F_PKAENCRYPT)0;
- pkaDecrypt = (F_PKADECRYPT)0;
-#endif
- randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
- return 1;
- }
-
-static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case CCA4758_CMD_SO_PATH:
- if(p == NULL)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
- CCA4758_R_ALREADY_LOADED);
- return 0;
- }
- return set_CCA4758_LIB_NAME((const char *)p);
- default:
- break;
- }
- CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
- CCA4758_R_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-#ifndef OPENSSL_NO_RSA
-
-#define MAX_CCA_PKA_TOKEN_SIZE 2500
-
-static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- RSA *rtmp = NULL;
- EVP_PKEY *res = NULL;
- unsigned char* keyToken = NULL;
- unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
- long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
- long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
- long returnCode;
- long reasonCode;
- long exitDataLength = 0;
- long ruleArrayLength = 0;
- unsigned char exitData[8];
- unsigned char ruleArray[8];
- unsigned char keyLabel[64];
- unsigned long keyLabelLength = strlen(key_id);
- unsigned char modulus[256];
- long modulusFieldLength = sizeof(modulus);
- long modulusLength = 0;
- unsigned char exponent[256];
- long exponentLength = sizeof(exponent);
-
- if (keyLabelLength > sizeof(keyLabel))
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return NULL;
- }
-
- memset(keyLabel,' ', sizeof(keyLabel));
- memcpy(keyLabel, key_id, keyLabelLength);
-
- keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
- if (!keyToken)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
- exitData, &ruleArrayLength, ruleArray, keyLabel,
- &keyTokenLength, keyToken+sizeof(long));
-
- if (returnCode)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
- goto err;
- }
-
- publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
- exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
- keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken);
-
- if (returnCode)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
- goto err;
- }
-
- if (!getModulusAndExponent(pubKeyToken, &exponentLength,
- exponent, &modulusLength, &modulusFieldLength,
- modulus))
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
- goto err;
- }
-
- (*(long*)keyToken) = keyTokenLength;
- rtmp = RSA_new_method(e);
- RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
-
- rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
- rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
- rtmp->flags |= RSA_FLAG_EXT_PKEY;
-
- res = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(res, rtmp);
-
- return res;
-err:
- if (keyToken)
- OPENSSL_free(keyToken);
- if (res)
- EVP_PKEY_free(res);
- if (rtmp)
- RSA_free(rtmp);
- return NULL;
- }
-
-static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- RSA *rtmp = NULL;
- EVP_PKEY *res = NULL;
- unsigned char* keyToken = NULL;
- long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
- long returnCode;
- long reasonCode;
- long exitDataLength = 0;
- long ruleArrayLength = 0;
- unsigned char exitData[8];
- unsigned char ruleArray[8];
- unsigned char keyLabel[64];
- unsigned long keyLabelLength = strlen(key_id);
- unsigned char modulus[512];
- long modulusFieldLength = sizeof(modulus);
- long modulusLength = 0;
- unsigned char exponent[512];
- long exponentLength = sizeof(exponent);
-
- if (keyLabelLength > sizeof(keyLabel))
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return NULL;
- }
-
- memset(keyLabel,' ', sizeof(keyLabel));
- memcpy(keyLabel, key_id, keyLabelLength);
-
- keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
- if (!keyToken)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
- &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
- keyToken+sizeof(long));
-
- if (returnCode)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength,
- exponent, &modulusLength, &modulusFieldLength, modulus))
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
- CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
- goto err;
- }
-
- (*(long*)keyToken) = keyTokenLength;
- rtmp = RSA_new_method(e);
- RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
- rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
- rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
- rtmp->flags |= RSA_FLAG_EXT_PKEY;
- res = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(res, rtmp);
-
- return res;
-err:
- if (keyToken)
- OPENSSL_free(keyToken);
- if (res)
- EVP_PKEY_free(res);
- if (rtmp)
- RSA_free(rtmp);
- return NULL;
- }
-
-static int cca_rsa_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding)
- {
- long returnCode;
- long reasonCode;
- long lflen = flen;
- long exitDataLength = 0;
- unsigned char exitData[8];
- long ruleArrayLength = 1;
- unsigned char ruleArray[8] = "PKCS-1.2";
- long dataStructureLength = 0;
- unsigned char dataStructure[8];
- long outputLength = RSA_size(rsa);
- long keyTokenLength;
- unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
-
- keyTokenLength = *(long*)keyToken;
- keyToken+=sizeof(long);
-
- pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
- &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
- &dataStructureLength, dataStructure, &keyTokenLength,
- keyToken, &outputLength, to);
-
- if (returnCode || reasonCode)
- return -(returnCode << 16 | reasonCode);
- return outputLength;
- }
-
-static int cca_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding)
- {
- long returnCode;
- long reasonCode;
- long lflen = flen;
- long exitDataLength = 0;
- unsigned char exitData[8];
- long ruleArrayLength = 1;
- unsigned char ruleArray[8] = "PKCS-1.2";
- long dataStructureLength = 0;
- unsigned char dataStructure[8];
- long outputLength = RSA_size(rsa);
- long keyTokenLength;
- unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
-
- keyTokenLength = *(long*)keyToken;
- keyToken+=sizeof(long);
-
- pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
- &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
- &dataStructureLength, dataStructure, &keyTokenLength,
- keyToken, &outputLength, to);
-
- return (returnCode | reasonCode) ? 0 : 1;
- }
-
-#define SSL_SIG_LEN 36
-
-static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
- {
- long returnCode;
- long reasonCode;
- long lsiglen = siglen;
- long exitDataLength = 0;
- unsigned char exitData[8];
- long ruleArrayLength = 1;
- unsigned char ruleArray[8] = "PKCS-1.1";
- long keyTokenLength;
- unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
- long length = SSL_SIG_LEN;
- long keyLength ;
- unsigned char *hashBuffer = NULL;
- X509_SIG sig;
- ASN1_TYPE parameter;
- X509_ALGOR algorithm;
- ASN1_OCTET_STRING digest;
-
- keyTokenLength = *(long*)keyToken;
- keyToken+=sizeof(long);
-
- if (type == NID_md5 || type == NID_sha1)
- {
- sig.algor = &algorithm;
- algorithm.algorithm = OBJ_nid2obj(type);
-
- if (!algorithm.algorithm)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
- return 0;
- }
-
- if (!algorithm.algorithm->length)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
- return 0;
- }
-
- parameter.type = V_ASN1_NULL;
- parameter.value.ptr = NULL;
- algorithm.parameter = ¶meter;
-
- sig.digest = &digest;
- sig.digest->data = (unsigned char*)m;
- sig.digest->length = m_len;
-
- length = i2d_X509_SIG(&sig, NULL);
- }
-
- keyLength = RSA_size(rsa);
-
- if (length - RSA_PKCS1_PADDING > keyLength)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return 0;
- }
-
- switch (type)
- {
- case NID_md5_sha1 :
- if (m_len != SSL_SIG_LEN)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return 0;
- }
-
- hashBuffer = (unsigned char *)m;
- length = m_len;
- break;
- case NID_md5 :
- {
- unsigned char *ptr;
- ptr = hashBuffer = OPENSSL_malloc(
- (unsigned int)keyLength+1);
- if (!hashBuffer)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- i2d_X509_SIG(&sig, &ptr);
- }
- break;
- case NID_sha1 :
- {
- unsigned char *ptr;
- ptr = hashBuffer = OPENSSL_malloc(
- (unsigned int)keyLength+1);
- if (!hashBuffer)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- i2d_X509_SIG(&sig, &ptr);
- }
- break;
- default:
- return 0;
- }
-
- digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
- exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
- keyToken, &length, hashBuffer, &lsiglen, sigbuf);
-
- if (type == NID_sha1 || type == NID_md5)
- {
- OPENSSL_cleanse(hashBuffer, keyLength+1);
- OPENSSL_free(hashBuffer);
- }
-
- return ((returnCode || reasonCode) ? 0 : 1);
- }
-
-#define SSL_SIG_LEN 36
-
-static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
- {
- long returnCode;
- long reasonCode;
- long exitDataLength = 0;
- unsigned char exitData[8];
- long ruleArrayLength = 1;
- unsigned char ruleArray[8] = "PKCS-1.1";
- long outputLength=256;
- long outputBitLength;
- long keyTokenLength;
- unsigned char *hashBuffer = NULL;
- unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
- long length = SSL_SIG_LEN;
- long keyLength ;
- X509_SIG sig;
- ASN1_TYPE parameter;
- X509_ALGOR algorithm;
- ASN1_OCTET_STRING digest;
-
- keyTokenLength = *(long*)keyToken;
- keyToken+=sizeof(long);
-
- if (type == NID_md5 || type == NID_sha1)
- {
- sig.algor = &algorithm;
- algorithm.algorithm = OBJ_nid2obj(type);
-
- if (!algorithm.algorithm)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
- return 0;
- }
-
- if (!algorithm.algorithm->length)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
- return 0;
- }
-
- parameter.type = V_ASN1_NULL;
- parameter.value.ptr = NULL;
- algorithm.parameter = ¶meter;
-
- sig.digest = &digest;
- sig.digest->data = (unsigned char*)m;
- sig.digest->length = m_len;
-
- length = i2d_X509_SIG(&sig, NULL);
- }
-
- keyLength = RSA_size(rsa);
-
- if (length - RSA_PKCS1_PADDING > keyLength)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return 0;
- }
-
- switch (type)
- {
- case NID_md5_sha1 :
- if (m_len != SSL_SIG_LEN)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return 0;
- }
- hashBuffer = (unsigned char*)m;
- length = m_len;
- break;
- case NID_md5 :
- {
- unsigned char *ptr;
- ptr = hashBuffer = OPENSSL_malloc(
- (unsigned int)keyLength+1);
- if (!hashBuffer)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- i2d_X509_SIG(&sig, &ptr);
- }
- break;
- case NID_sha1 :
- {
- unsigned char *ptr;
- ptr = hashBuffer = OPENSSL_malloc(
- (unsigned int)keyLength+1);
- if (!hashBuffer)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- i2d_X509_SIG(&sig, &ptr);
- }
- break;
- default:
- return 0;
- }
-
- digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
- exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
- keyToken, &length, hashBuffer, &outputLength, &outputBitLength,
- sigret);
-
- if (type == NID_sha1 || type == NID_md5)
- {
- OPENSSL_cleanse(hashBuffer, keyLength+1);
- OPENSSL_free(hashBuffer);
- }
-
- *siglen = outputLength;
-
- return ((returnCode || reasonCode) ? 0 : 1);
- }
-
-static int getModulusAndExponent(const unsigned char*token, long *exponentLength,
- unsigned char *exponent, long *modulusLength, long *modulusFieldLength,
- unsigned char *modulus)
- {
- unsigned long len;
-
- if (*token++ != (char)0x1E) /* internal PKA token? */
- return 0;
-
- if (*token++) /* token version must be zero */
- return 0;
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- token += 4; /* skip reserved bytes */
-
- if (*token++ == (char)0x04)
- {
- if (*token++) /* token version must be zero */
- return 0;
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- token+=2; /* skip reserved section */
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- *exponentLength = len;
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- *modulusLength = len;
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- *modulusFieldLength = len;
-
- memcpy(exponent, token, *exponentLength);
- token+= *exponentLength;
-
- memcpy(modulus, token, *modulusFieldLength);
- return 1;
- }
- return 0;
- }
-
-#endif /* OPENSSL_NO_RSA */
-
-static int cca_random_status(void)
- {
- return 1;
- }
-
-static int cca_get_random_bytes(unsigned char* buf, int num)
- {
- long ret_code;
- long reason_code;
- long exit_data_length;
- unsigned char exit_data[4];
- unsigned char form[] = "RANDOM ";
- unsigned char rand_buf[8];
-
- while(num >= (int)sizeof(rand_buf))
- {
- randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
- exit_data, form, rand_buf);
- if (ret_code)
- return 0;
- num -= sizeof(rand_buf);
- memcpy(buf, rand_buf, sizeof(rand_buf));
- buf += sizeof(rand_buf);
- }
-
- if (num)
- {
- randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
- form, rand_buf);
- if (ret_code)
- return 0;
- memcpy(buf, rand_buf, num);
- }
-
- return 1;
- }
-
-#ifndef OPENSSL_NO_RSA
-static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
- long argl, void *argp)
- {
- if (item)
- OPENSSL_free(item);
- }
-#endif
-
-/* Goo to handle building as a dynamic engine */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_4758_cca_id) != 0) &&
- (strcmp(id, engine_4758_cca_id_alt) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW_4758_CCA */
-#endif /* !OPENSSL_NO_HW */
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_4758cca.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_4758cca.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_4758cca.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_4758cca.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,960 @@
+/* Author: Maurice Gittens <maurice at gittens.nl> */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_4758_CCA
+
+# ifdef FLAT_INC
+# include "hw_4758_cca.h"
+# else
+# include "vendor_defns/hw_4758_cca.h"
+# endif
+
+# include "e_4758cca_err.c"
+
+static int ibm_4758_cca_destroy(ENGINE *e);
+static int ibm_4758_cca_init(ENGINE *e);
+static int ibm_4758_cca_finish(ENGINE *e);
+static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) (void));
+
+/* rsa functions */
+/* -------------*/
+# ifndef OPENSSL_NO_RSA
+static int cca_rsa_pub_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int cca_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen,
+ const RSA *rsa);
+static int cca_rsa_verify(int dtype, const unsigned char *m,
+ unsigned int m_len, unsigned char *sigbuf,
+ unsigned int siglen, const RSA *rsa);
+
+/* utility functions */
+/* ---------------------*/
+static EVP_PKEY *ibm_4758_load_privkey(ENGINE *, const char *,
+ UI_METHOD *ui_method,
+ void *callback_data);
+static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *, const char *,
+ UI_METHOD *ui_method,
+ void *callback_data);
+
+static int getModulusAndExponent(const unsigned char *token,
+ long *exponentLength,
+ unsigned char *exponent, long *modulusLength,
+ long *modulusFieldLength,
+ unsigned char *modulus);
+# endif
+
+/* RAND number functions */
+/* ---------------------*/
+static int cca_get_random_bytes(unsigned char *, int);
+static int cca_random_status(void);
+
+# ifndef OPENSSL_NO_RSA
+static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+# endif
+
+/* Function pointers for CCA verbs */
+/* -------------------------------*/
+# ifndef OPENSSL_NO_RSA
+static F_KEYRECORDREAD keyRecordRead;
+static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
+static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
+static F_PUBLICKEYEXTRACT publicKeyExtract;
+static F_PKAENCRYPT pkaEncrypt;
+static F_PKADECRYPT pkaDecrypt;
+# endif
+static F_RANDOMNUMBERGENERATE randomNumberGenerate;
+
+/* static variables */
+/* ----------------*/
+static const char *CCA4758_LIB_NAME = NULL;
+static const char *get_CCA4758_LIB_NAME(void)
+{
+ if (CCA4758_LIB_NAME)
+ return CCA4758_LIB_NAME;
+ return CCA_LIB_NAME;
+}
+
+static void free_CCA4758_LIB_NAME(void)
+{
+ if (CCA4758_LIB_NAME)
+ OPENSSL_free((void *)CCA4758_LIB_NAME);
+ CCA4758_LIB_NAME = NULL;
+}
+
+static long set_CCA4758_LIB_NAME(const char *name)
+{
+ free_CCA4758_LIB_NAME();
+ return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
+# ifndef OPENSSL_NO_RSA
+static const char *n_keyRecordRead = CSNDKRR;
+static const char *n_digitalSignatureGenerate = CSNDDSG;
+static const char *n_digitalSignatureVerify = CSNDDSV;
+static const char *n_publicKeyExtract = CSNDPKX;
+static const char *n_pkaEncrypt = CSNDPKE;
+static const char *n_pkaDecrypt = CSNDPKD;
+# endif
+static const char *n_randomNumberGenerate = CSNBRNG;
+
+# ifndef OPENSSL_NO_RSA
+static int hndidx = -1;
+# endif
+static DSO *dso = NULL;
+
+/* openssl engine initialization structures */
+/* ----------------------------------------*/
+
+# define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = {
+ {CCA4758_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the '4758cca' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
+static RSA_METHOD ibm_4758_cca_rsa = {
+ "IBM 4758 CCA RSA method",
+ cca_rsa_pub_enc,
+ NULL,
+ NULL,
+ cca_rsa_priv_dec,
+ NULL, /* rsa_mod_exp, */
+ NULL, /* mod_exp_mont, */
+ NULL, /* init */
+ NULL, /* finish */
+ RSA_FLAG_SIGN_VER, /* flags */
+ NULL, /* app_data */
+ cca_rsa_sign, /* rsa_sign */
+ cca_rsa_verify, /* rsa_verify */
+ NULL /* rsa_keygen */
+};
+# endif
+
+static RAND_METHOD ibm_4758_cca_rand = {
+ /* "IBM 4758 RAND method", */
+ NULL, /* seed */
+ cca_get_random_bytes, /* get random bytes from the card */
+ NULL, /* cleanup */
+ NULL, /* add */
+ cca_get_random_bytes, /* pseudo rand */
+ cca_random_status, /* status */
+};
+
+static const char *engine_4758_cca_id = "4758cca";
+static const char *engine_4758_cca_name =
+ "IBM 4758 CCA hardware engine support";
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+/* Compatibility hack, the dynamic library uses this form in the path */
+static const char *engine_4758_cca_id_alt = "4758_cca";
+# endif
+
+/* engine implementation */
+/* ---------------------*/
+static int bind_helper(ENGINE *e)
+{
+ if (!ENGINE_set_id(e, engine_4758_cca_id) ||
+ !ENGINE_set_name(e, engine_4758_cca_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
+# endif
+ !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
+ !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
+ !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
+ !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
+ !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
+ !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
+# endif
+ !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
+ return 0;
+ /* Ensure the error handling is set up */
+ ERR_load_CCA4758_strings();
+ return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_4758_cca(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_4758cca(void)
+{
+ ENGINE *e_4758 = engine_4758_cca();
+ if (!e_4758)
+ return;
+ ENGINE_add(e_4758);
+ ENGINE_free(e_4758);
+ ERR_clear_error();
+}
+# endif
+
+static int ibm_4758_cca_destroy(ENGINE *e)
+{
+ ERR_unload_CCA4758_strings();
+ free_CCA4758_LIB_NAME();
+ return 1;
+}
+
+static int ibm_4758_cca_init(ENGINE *e)
+{
+ if (dso) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_ALREADY_LOADED);
+ goto err;
+ }
+
+ dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
+ if (!dso) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
+ goto err;
+ }
+# ifndef OPENSSL_NO_RSA
+ if (!(keyRecordRead = (F_KEYRECORDREAD)
+ DSO_bind_func(dso, n_keyRecordRead)) ||
+ !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
+ DSO_bind_func(dso, n_randomNumberGenerate)) ||
+ !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
+ DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
+ !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
+ DSO_bind_func(dso, n_digitalSignatureVerify)) ||
+ !(publicKeyExtract = (F_PUBLICKEYEXTRACT)
+ DSO_bind_func(dso, n_publicKeyExtract)) ||
+ !(pkaEncrypt = (F_PKAENCRYPT)
+ DSO_bind_func(dso, n_pkaEncrypt)) || !(pkaDecrypt = (F_PKADECRYPT)
+ DSO_bind_func(dso,
+ n_pkaDecrypt)))
+ {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
+ goto err;
+ }
+# else
+ if (!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
+ DSO_bind_func(dso, n_randomNumberGenerate))) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE);
+ goto err;
+ }
+# endif
+
+# ifndef OPENSSL_NO_RSA
+ hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
+ NULL, NULL, cca_ex_free);
+# endif
+
+ return 1;
+ err:
+ if (dso)
+ DSO_free(dso);
+ dso = NULL;
+
+# ifndef OPENSSL_NO_RSA
+ keyRecordRead = (F_KEYRECORDREAD) 0;
+ digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0;
+ digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
+ publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
+ pkaEncrypt = (F_PKAENCRYPT) 0;
+ pkaDecrypt = (F_PKADECRYPT) 0;
+# endif
+ randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
+ return 0;
+}
+
+static int ibm_4758_cca_finish(ENGINE *e)
+{
+ free_CCA4758_LIB_NAME();
+ if (!dso) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_NOT_LOADED);
+ return 0;
+ }
+ if (!DSO_free(dso)) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, CCA4758_R_UNIT_FAILURE);
+ return 0;
+ }
+ dso = NULL;
+# ifndef OPENSSL_NO_RSA
+ keyRecordRead = (F_KEYRECORDREAD) 0;
+ randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
+ digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) 0;
+ digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
+ publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
+ pkaEncrypt = (F_PKAENCRYPT) 0;
+ pkaDecrypt = (F_PKADECRYPT) 0;
+# endif
+ randomNumberGenerate = (F_RANDOMNUMBERGENERATE) 0;
+ return 1;
+}
+
+static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) (void))
+{
+ int initialised = ((dso == NULL) ? 0 : 1);
+ switch (cmd) {
+ case CCA4758_CMD_SO_PATH:
+ if (p == NULL) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+ ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, CCA4758_R_ALREADY_LOADED);
+ return 0;
+ }
+ return set_CCA4758_LIB_NAME((const char *)p);
+ default:
+ break;
+ }
+ CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+ CCA4758_R_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
+
+# ifndef OPENSSL_NO_RSA
+
+# define MAX_CCA_PKA_TOKEN_SIZE 2500
+
+static EVP_PKEY *ibm_4758_load_privkey(ENGINE *e, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data)
+{
+ RSA *rtmp = NULL;
+ EVP_PKEY *res = NULL;
+ unsigned char *keyToken = NULL;
+ unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
+ long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+ long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+ long returnCode;
+ long reasonCode;
+ long exitDataLength = 0;
+ long ruleArrayLength = 0;
+ unsigned char exitData[8];
+ unsigned char ruleArray[8];
+ unsigned char keyLabel[64];
+ unsigned long keyLabelLength = strlen(key_id);
+ unsigned char modulus[256];
+ long modulusFieldLength = sizeof(modulus);
+ long modulusLength = 0;
+ unsigned char exponent[256];
+ long exponentLength = sizeof(exponent);
+
+ if (keyLabelLength > sizeof(keyLabel)) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
+ CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return NULL;
+ }
+
+ memset(keyLabel, ' ', sizeof(keyLabel));
+ memcpy(keyLabel, key_id, keyLabelLength);
+
+ keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
+ if (!keyToken) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
+ exitData, &ruleArrayLength, ruleArray, keyLabel,
+ &keyTokenLength, keyToken + sizeof(long));
+
+ if (returnCode) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
+ CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+ goto err;
+ }
+
+ publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
+ exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+ keyToken + sizeof(long), &pubKeyTokenLength,
+ pubKeyToken);
+
+ if (returnCode) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
+ CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+ goto err;
+ }
+
+ if (!getModulusAndExponent(pubKeyToken, &exponentLength,
+ exponent, &modulusLength, &modulusFieldLength,
+ modulus)) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
+ CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+ goto err;
+ }
+
+ (*(long *)keyToken) = keyTokenLength;
+ rtmp = RSA_new_method(e);
+ RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
+
+ rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
+ rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
+ rtmp->flags |= RSA_FLAG_EXT_PKEY;
+
+ res = EVP_PKEY_new();
+ EVP_PKEY_assign_RSA(res, rtmp);
+
+ return res;
+ err:
+ if (keyToken)
+ OPENSSL_free(keyToken);
+ if (res)
+ EVP_PKEY_free(res);
+ if (rtmp)
+ RSA_free(rtmp);
+ return NULL;
+}
+
+static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *e, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data)
+{
+ RSA *rtmp = NULL;
+ EVP_PKEY *res = NULL;
+ unsigned char *keyToken = NULL;
+ long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+ long returnCode;
+ long reasonCode;
+ long exitDataLength = 0;
+ long ruleArrayLength = 0;
+ unsigned char exitData[8];
+ unsigned char ruleArray[8];
+ unsigned char keyLabel[64];
+ unsigned long keyLabelLength = strlen(key_id);
+ unsigned char modulus[512];
+ long modulusFieldLength = sizeof(modulus);
+ long modulusLength = 0;
+ unsigned char exponent[512];
+ long exponentLength = sizeof(exponent);
+
+ if (keyLabelLength > sizeof(keyLabel)) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
+ CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return NULL;
+ }
+
+ memset(keyLabel, ' ', sizeof(keyLabel));
+ memcpy(keyLabel, key_id, keyLabelLength);
+
+ keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
+ if (!keyToken) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
+ &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
+ keyToken + sizeof(long));
+
+ if (returnCode) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!getModulusAndExponent(keyToken + sizeof(long), &exponentLength,
+ exponent, &modulusLength, &modulusFieldLength,
+ modulus)) {
+ CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
+ CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
+ goto err;
+ }
+
+ (*(long *)keyToken) = keyTokenLength;
+ rtmp = RSA_new_method(e);
+ RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
+ rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
+ rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
+ rtmp->flags |= RSA_FLAG_EXT_PKEY;
+ res = EVP_PKEY_new();
+ EVP_PKEY_assign_RSA(res, rtmp);
+
+ return res;
+ err:
+ if (keyToken)
+ OPENSSL_free(keyToken);
+ if (res)
+ EVP_PKEY_free(res);
+ if (rtmp)
+ RSA_free(rtmp);
+ return NULL;
+}
+
+static int cca_rsa_pub_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ long returnCode;
+ long reasonCode;
+ long lflen = flen;
+ long exitDataLength = 0;
+ unsigned char exitData[8];
+ long ruleArrayLength = 1;
+ unsigned char ruleArray[8] = "PKCS-1.2";
+ long dataStructureLength = 0;
+ unsigned char dataStructure[8];
+ long outputLength = RSA_size(rsa);
+ long keyTokenLength;
+ unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
+
+ keyTokenLength = *(long *)keyToken;
+ keyToken += sizeof(long);
+
+ pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
+ &ruleArrayLength, ruleArray, &lflen, (unsigned char *)from,
+ &dataStructureLength, dataStructure, &keyTokenLength,
+ keyToken, &outputLength, to);
+
+ if (returnCode || reasonCode)
+ return -(returnCode << 16 | reasonCode);
+ return outputLength;
+}
+
+static int cca_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ long returnCode;
+ long reasonCode;
+ long lflen = flen;
+ long exitDataLength = 0;
+ unsigned char exitData[8];
+ long ruleArrayLength = 1;
+ unsigned char ruleArray[8] = "PKCS-1.2";
+ long dataStructureLength = 0;
+ unsigned char dataStructure[8];
+ long outputLength = RSA_size(rsa);
+ long keyTokenLength;
+ unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
+
+ keyTokenLength = *(long *)keyToken;
+ keyToken += sizeof(long);
+
+ pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
+ &ruleArrayLength, ruleArray, &lflen, (unsigned char *)from,
+ &dataStructureLength, dataStructure, &keyTokenLength,
+ keyToken, &outputLength, to);
+
+ return (returnCode | reasonCode) ? 0 : 1;
+}
+
+# define SSL_SIG_LEN 36
+
+static int cca_rsa_verify(int type, const unsigned char *m,
+ unsigned int m_len, unsigned char *sigbuf,
+ unsigned int siglen, const RSA *rsa)
+{
+ long returnCode;
+ long reasonCode;
+ long lsiglen = siglen;
+ long exitDataLength = 0;
+ unsigned char exitData[8];
+ long ruleArrayLength = 1;
+ unsigned char ruleArray[8] = "PKCS-1.1";
+ long keyTokenLength;
+ unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
+ long length = SSL_SIG_LEN;
+ long keyLength;
+ unsigned char *hashBuffer = NULL;
+ X509_SIG sig;
+ ASN1_TYPE parameter;
+ X509_ALGOR algorithm;
+ ASN1_OCTET_STRING digest;
+
+ keyTokenLength = *(long *)keyToken;
+ keyToken += sizeof(long);
+
+ if (type == NID_md5 || type == NID_sha1) {
+ sig.algor = &algorithm;
+ algorithm.algorithm = OBJ_nid2obj(type);
+
+ if (!algorithm.algorithm) {
+ CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
+ CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
+ return 0;
+ }
+
+ if (!algorithm.algorithm->length) {
+ CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
+ CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
+ return 0;
+ }
+
+ parameter.type = V_ASN1_NULL;
+ parameter.value.ptr = NULL;
+ algorithm.parameter = ¶meter;
+
+ sig.digest = &digest;
+ sig.digest->data = (unsigned char *)m;
+ sig.digest->length = m_len;
+
+ length = i2d_X509_SIG(&sig, NULL);
+ }
+
+ keyLength = RSA_size(rsa);
+
+ if (length - RSA_PKCS1_PADDING > keyLength) {
+ CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
+ CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return 0;
+ }
+
+ switch (type) {
+ case NID_md5_sha1:
+ if (m_len != SSL_SIG_LEN) {
+ CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
+ CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return 0;
+ }
+
+ hashBuffer = (unsigned char *)m;
+ length = m_len;
+ break;
+ case NID_md5:
+ {
+ unsigned char *ptr;
+ ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
+ if (!hashBuffer) {
+ CCA4758err(CCA4758_F_CCA_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ i2d_X509_SIG(&sig, &ptr);
+ }
+ break;
+ case NID_sha1:
+ {
+ unsigned char *ptr;
+ ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
+ if (!hashBuffer) {
+ CCA4758err(CCA4758_F_CCA_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ i2d_X509_SIG(&sig, &ptr);
+ }
+ break;
+ default:
+ return 0;
+ }
+
+ digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
+ exitData, &ruleArrayLength, ruleArray,
+ &keyTokenLength, keyToken, &length, hashBuffer,
+ &lsiglen, sigbuf);
+
+ if (type == NID_sha1 || type == NID_md5) {
+ OPENSSL_cleanse(hashBuffer, keyLength + 1);
+ OPENSSL_free(hashBuffer);
+ }
+
+ return ((returnCode || reasonCode) ? 0 : 1);
+}
+
+# define SSL_SIG_LEN 36
+
+static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen,
+ const RSA *rsa)
+{
+ long returnCode;
+ long reasonCode;
+ long exitDataLength = 0;
+ unsigned char exitData[8];
+ long ruleArrayLength = 1;
+ unsigned char ruleArray[8] = "PKCS-1.1";
+ long outputLength = 256;
+ long outputBitLength;
+ long keyTokenLength;
+ unsigned char *hashBuffer = NULL;
+ unsigned char *keyToken = (unsigned char *)RSA_get_ex_data(rsa, hndidx);
+ long length = SSL_SIG_LEN;
+ long keyLength;
+ X509_SIG sig;
+ ASN1_TYPE parameter;
+ X509_ALGOR algorithm;
+ ASN1_OCTET_STRING digest;
+
+ keyTokenLength = *(long *)keyToken;
+ keyToken += sizeof(long);
+
+ if (type == NID_md5 || type == NID_sha1) {
+ sig.algor = &algorithm;
+ algorithm.algorithm = OBJ_nid2obj(type);
+
+ if (!algorithm.algorithm) {
+ CCA4758err(CCA4758_F_CCA_RSA_SIGN,
+ CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
+ return 0;
+ }
+
+ if (!algorithm.algorithm->length) {
+ CCA4758err(CCA4758_F_CCA_RSA_SIGN,
+ CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
+ return 0;
+ }
+
+ parameter.type = V_ASN1_NULL;
+ parameter.value.ptr = NULL;
+ algorithm.parameter = ¶meter;
+
+ sig.digest = &digest;
+ sig.digest->data = (unsigned char *)m;
+ sig.digest->length = m_len;
+
+ length = i2d_X509_SIG(&sig, NULL);
+ }
+
+ keyLength = RSA_size(rsa);
+
+ if (length - RSA_PKCS1_PADDING > keyLength) {
+ CCA4758err(CCA4758_F_CCA_RSA_SIGN,
+ CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return 0;
+ }
+
+ switch (type) {
+ case NID_md5_sha1:
+ if (m_len != SSL_SIG_LEN) {
+ CCA4758err(CCA4758_F_CCA_RSA_SIGN,
+ CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return 0;
+ }
+ hashBuffer = (unsigned char *)m;
+ length = m_len;
+ break;
+ case NID_md5:
+ {
+ unsigned char *ptr;
+ ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
+ if (!hashBuffer) {
+ CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ i2d_X509_SIG(&sig, &ptr);
+ }
+ break;
+ case NID_sha1:
+ {
+ unsigned char *ptr;
+ ptr = hashBuffer = OPENSSL_malloc((unsigned int)keyLength + 1);
+ if (!hashBuffer) {
+ CCA4758err(CCA4758_F_CCA_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ i2d_X509_SIG(&sig, &ptr);
+ }
+ break;
+ default:
+ return 0;
+ }
+
+ digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
+ exitData, &ruleArrayLength, ruleArray,
+ &keyTokenLength, keyToken, &length, hashBuffer,
+ &outputLength, &outputBitLength, sigret);
+
+ if (type == NID_sha1 || type == NID_md5) {
+ OPENSSL_cleanse(hashBuffer, keyLength + 1);
+ OPENSSL_free(hashBuffer);
+ }
+
+ *siglen = outputLength;
+
+ return ((returnCode || reasonCode) ? 0 : 1);
+}
+
+static int getModulusAndExponent(const unsigned char *token,
+ long *exponentLength,
+ unsigned char *exponent, long *modulusLength,
+ long *modulusFieldLength,
+ unsigned char *modulus)
+{
+ unsigned long len;
+
+ if (*token++ != (char)0x1E) /* internal PKA token? */
+ return 0;
+
+ if (*token++) /* token version must be zero */
+ return 0;
+
+ len = *token++;
+ len = len << 8;
+ len |= (unsigned char)*token++;
+
+ token += 4; /* skip reserved bytes */
+
+ if (*token++ == (char)0x04) {
+ if (*token++) /* token version must be zero */
+ return 0;
+
+ len = *token++;
+ len = len << 8;
+ len |= (unsigned char)*token++;
+
+ token += 2; /* skip reserved section */
+
+ len = *token++;
+ len = len << 8;
+ len |= (unsigned char)*token++;
+
+ *exponentLength = len;
+
+ len = *token++;
+ len = len << 8;
+ len |= (unsigned char)*token++;
+
+ *modulusLength = len;
+
+ len = *token++;
+ len = len << 8;
+ len |= (unsigned char)*token++;
+
+ *modulusFieldLength = len;
+
+ memcpy(exponent, token, *exponentLength);
+ token += *exponentLength;
+
+ memcpy(modulus, token, *modulusFieldLength);
+ return 1;
+ }
+ return 0;
+}
+
+# endif /* OPENSSL_NO_RSA */
+
+static int cca_random_status(void)
+{
+ return 1;
+}
+
+static int cca_get_random_bytes(unsigned char *buf, int num)
+{
+ long ret_code;
+ long reason_code;
+ long exit_data_length;
+ unsigned char exit_data[4];
+ unsigned char form[] = "RANDOM ";
+ unsigned char rand_buf[8];
+
+ while (num >= (int)sizeof(rand_buf)) {
+ randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
+ exit_data, form, rand_buf);
+ if (ret_code)
+ return 0;
+ num -= sizeof(rand_buf);
+ memcpy(buf, rand_buf, sizeof(rand_buf));
+ buf += sizeof(rand_buf);
+ }
+
+ if (num) {
+ randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
+ form, rand_buf);
+ if (ret_code)
+ return 0;
+ memcpy(buf, rand_buf, num);
+ }
+
+ return 1;
+}
+
+# ifndef OPENSSL_NO_RSA
+static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
+ long argl, void *argp)
+{
+ if (item)
+ OPENSSL_free(item);
+}
+# endif
+
+/* Goo to handle building as a dynamic engine */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_4758_cca_id) != 0) &&
+ (strcmp(id, engine_4758_cca_id_alt) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_HW_4758_CCA */
+#endif /* !OPENSSL_NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_4758cca_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,153 +0,0 @@
-/* e_4758cca_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_4758cca_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA CCA4758_str_functs[]=
- {
-{ERR_FUNC(CCA4758_F_CCA_RSA_SIGN), "CCA_RSA_SIGN"},
-{ERR_FUNC(CCA4758_F_CCA_RSA_VERIFY), "CCA_RSA_VERIFY"},
-{ERR_FUNC(CCA4758_F_IBM_4758_CCA_CTRL), "IBM_4758_CCA_CTRL"},
-{ERR_FUNC(CCA4758_F_IBM_4758_CCA_FINISH), "IBM_4758_CCA_FINISH"},
-{ERR_FUNC(CCA4758_F_IBM_4758_CCA_INIT), "IBM_4758_CCA_INIT"},
-{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PRIVKEY), "IBM_4758_LOAD_PRIVKEY"},
-{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PUBKEY), "IBM_4758_LOAD_PUBKEY"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CCA4758_str_reasons[]=
- {
-{ERR_REASON(CCA4758_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD),"asn1 oid unknown for md"},
-{ERR_REASON(CCA4758_R_COMMAND_NOT_IMPLEMENTED),"command not implemented"},
-{ERR_REASON(CCA4758_R_DSO_FAILURE) ,"dso failure"},
-{ERR_REASON(CCA4758_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
-{ERR_REASON(CCA4758_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
-{ERR_REASON(CCA4758_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
-{ERR_REASON(CCA4758_R_UNIT_FAILURE) ,"unit failure"},
-{ERR_REASON(CCA4758_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef CCA4758_LIB_NAME
-static ERR_STRING_DATA CCA4758_lib_name[]=
- {
-{0 ,CCA4758_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int CCA4758_lib_error_code=0;
-static int CCA4758_error_init=1;
-
-static void ERR_load_CCA4758_strings(void)
- {
- if (CCA4758_lib_error_code == 0)
- CCA4758_lib_error_code=ERR_get_next_error_library();
-
- if (CCA4758_error_init)
- {
- CCA4758_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs);
- ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
-#endif
-
-#ifdef CCA4758_LIB_NAME
- CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0);
- ERR_load_strings(0,CCA4758_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_CCA4758_strings(void)
- {
- if (CCA4758_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs);
- ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
-#endif
-
-#ifdef CCA4758_LIB_NAME
- ERR_unload_strings(0,CCA4758_lib_name);
-#endif
- CCA4758_error_init=1;
- }
- }
-
-static void ERR_CCA4758_error(int function, int reason, char *file, int line)
- {
- if (CCA4758_lib_error_code == 0)
- CCA4758_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_4758cca_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,153 @@
+/* e_4758cca_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_4758cca_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA CCA4758_str_functs[] = {
+ {ERR_FUNC(CCA4758_F_CCA_RSA_SIGN), "CCA_RSA_SIGN"},
+ {ERR_FUNC(CCA4758_F_CCA_RSA_VERIFY), "CCA_RSA_VERIFY"},
+ {ERR_FUNC(CCA4758_F_IBM_4758_CCA_CTRL), "IBM_4758_CCA_CTRL"},
+ {ERR_FUNC(CCA4758_F_IBM_4758_CCA_FINISH), "IBM_4758_CCA_FINISH"},
+ {ERR_FUNC(CCA4758_F_IBM_4758_CCA_INIT), "IBM_4758_CCA_INIT"},
+ {ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PRIVKEY), "IBM_4758_LOAD_PRIVKEY"},
+ {ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PUBKEY), "IBM_4758_LOAD_PUBKEY"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA CCA4758_str_reasons[] = {
+ {ERR_REASON(CCA4758_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD),
+ "asn1 oid unknown for md"},
+ {ERR_REASON(CCA4758_R_COMMAND_NOT_IMPLEMENTED),
+ "command not implemented"},
+ {ERR_REASON(CCA4758_R_DSO_FAILURE), "dso failure"},
+ {ERR_REASON(CCA4758_R_FAILED_LOADING_PRIVATE_KEY),
+ "failed loading private key"},
+ {ERR_REASON(CCA4758_R_FAILED_LOADING_PUBLIC_KEY),
+ "failed loading public key"},
+ {ERR_REASON(CCA4758_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
+ "size too large or too small"},
+ {ERR_REASON(CCA4758_R_UNIT_FAILURE), "unit failure"},
+ {ERR_REASON(CCA4758_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef CCA4758_LIB_NAME
+static ERR_STRING_DATA CCA4758_lib_name[] = {
+ {0, CCA4758_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int CCA4758_lib_error_code = 0;
+static int CCA4758_error_init = 1;
+
+static void ERR_load_CCA4758_strings(void)
+{
+ if (CCA4758_lib_error_code == 0)
+ CCA4758_lib_error_code = ERR_get_next_error_library();
+
+ if (CCA4758_error_init) {
+ CCA4758_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(CCA4758_lib_error_code, CCA4758_str_functs);
+ ERR_load_strings(CCA4758_lib_error_code, CCA4758_str_reasons);
+#endif
+
+#ifdef CCA4758_LIB_NAME
+ CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code, 0, 0);
+ ERR_load_strings(0, CCA4758_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_CCA4758_strings(void)
+{
+ if (CCA4758_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(CCA4758_lib_error_code, CCA4758_str_functs);
+ ERR_unload_strings(CCA4758_lib_error_code, CCA4758_str_reasons);
+#endif
+
+#ifdef CCA4758_LIB_NAME
+ ERR_unload_strings(0, CCA4758_lib_name);
+#endif
+ CCA4758_error_init = 1;
+ }
+}
+
+static void ERR_CCA4758_error(int function, int reason, char *file, int line)
+{
+ if (CCA4758_lib_error_code == 0)
+ CCA4758_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(CCA4758_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.h
===================================================================
--- vendor-crypto/openssl/dist/engines/e_4758cca_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,97 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_CCA4758_ERR_H
-#define HEADER_CCA4758_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_CCA4758_strings(void);
-static void ERR_unload_CCA4758_strings(void);
-static void ERR_CCA4758_error(int function, int reason, char *file, int line);
-#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the CCA4758 functions. */
-
-/* Function codes. */
-#define CCA4758_F_CCA_RSA_SIGN 105
-#define CCA4758_F_CCA_RSA_VERIFY 106
-#define CCA4758_F_IBM_4758_CCA_CTRL 100
-#define CCA4758_F_IBM_4758_CCA_FINISH 101
-#define CCA4758_F_IBM_4758_CCA_INIT 102
-#define CCA4758_F_IBM_4758_LOAD_PRIVKEY 103
-#define CCA4758_F_IBM_4758_LOAD_PUBKEY 104
-
-/* Reason codes. */
-#define CCA4758_R_ALREADY_LOADED 100
-#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101
-#define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102
-#define CCA4758_R_DSO_FAILURE 103
-#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104
-#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105
-#define CCA4758_R_NOT_LOADED 106
-#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
-#define CCA4758_R_UNIT_FAILURE 108
-#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.h (from rev 6976, vendor-crypto/openssl/dist/engines/e_4758cca_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_4758cca_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,98 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_CCA4758_ERR_H
+# define HEADER_CCA4758_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CCA4758_strings(void);
+static void ERR_unload_CCA4758_strings(void);
+static void ERR_CCA4758_error(int function, int reason, char *file, int line);
+# define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the CCA4758 functions. */
+
+/* Function codes. */
+# define CCA4758_F_CCA_RSA_SIGN 105
+# define CCA4758_F_CCA_RSA_VERIFY 106
+# define CCA4758_F_IBM_4758_CCA_CTRL 100
+# define CCA4758_F_IBM_4758_CCA_FINISH 101
+# define CCA4758_F_IBM_4758_CCA_INIT 102
+# define CCA4758_F_IBM_4758_LOAD_PRIVKEY 103
+# define CCA4758_F_IBM_4758_LOAD_PUBKEY 104
+
+/* Reason codes. */
+# define CCA4758_R_ALREADY_LOADED 100
+# define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101
+# define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102
+# define CCA4758_R_DSO_FAILURE 103
+# define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104
+# define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105
+# define CCA4758_R_NOT_LOADED 106
+# define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
+# define CCA4758_R_UNIT_FAILURE 108
+# define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_aep.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_aep.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_aep.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1144 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <string.h>
-
-#include <openssl/e_os2.h>
-#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
-#include <sys/types.h>
-#include <unistd.h>
-#else
-#include <process.h>
-typedef int pid_t;
-#endif
-
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-#define getpid GetThreadID
-extern int GetThreadID(void);
-#endif
-
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#include <openssl/buffer.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_AEP
-#ifdef FLAT_INC
-#include "aep.h"
-#else
-#include "vendor_defns/aep.h"
-#endif
-
-#define AEP_LIB_NAME "aep engine"
-#define FAIL_TO_SW 0x10101010
-
-#include "e_aep_err.c"
-
-static int aep_init(ENGINE *e);
-static int aep_finish(ENGINE *e);
-static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-static int aep_destroy(ENGINE *e);
-
-static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
-static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
-static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
-static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
-
-/* BIGNUM stuff */
-#ifndef OPENSSL_NO_RSA
-static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-
-static AEP_RV aep_mod_exp_crt(BIGNUM *r,const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1,
- const BIGNUM *iqmp, BN_CTX *ctx);
-#endif
-
-/* RSA stuff */
-#ifndef OPENSSL_NO_RSA
-static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-#ifndef OPENSSL_NO_RSA
-static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* DSA stuff */
-#ifndef OPENSSL_NO_DSA
-static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
-
-static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
-
-/* DH stuff */
-/* This function is aliased to mod_exp (with the DH and mont dropped). */
-#ifndef OPENSSL_NO_DH
-static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* rand stuff */
-#ifdef AEPRAND
-static int aep_rand(unsigned char *buf, int num);
-static int aep_rand_status(void);
-#endif
-
-/* Bignum conversion stuff */
-static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize);
-static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
- unsigned char* AEP_BigNum);
-static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
- unsigned char* AEP_BigNum);
-
-/* The definitions for control commands specific to this engine */
-#define AEP_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN aep_cmd_defns[] =
- {
- { AEP_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'aep' shared library",
- ENGINE_CMD_FLAG_STRING
- },
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD aep_rsa =
- {
- "Aep RSA method",
- NULL, /*rsa_pub_encrypt*/
- NULL, /*rsa_pub_decrypt*/
- NULL, /*rsa_priv_encrypt*/
- NULL, /*rsa_priv_encrypt*/
- aep_rsa_mod_exp, /*rsa_mod_exp*/
- aep_mod_exp_mont, /*bn_mod_exp*/
- NULL, /*init*/
- NULL, /*finish*/
- 0, /*flags*/
- NULL, /*app_data*/
- NULL, /*rsa_sign*/
- NULL, /*rsa_verify*/
- NULL /*rsa_keygen*/
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD aep_dsa =
- {
- "Aep DSA method",
- NULL, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- NULL, /* dsa_do_verify */
- aep_dsa_mod_exp, /* dsa_mod_exp */
- aep_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD aep_dh =
- {
- "Aep DH method",
- NULL,
- NULL,
- aep_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-#ifdef AEPRAND
-/* our internal RAND_method that we provide pointers to */
-static RAND_METHOD aep_random =
- {
- /*"AEP RAND method", */
- NULL,
- aep_rand,
- NULL,
- NULL,
- aep_rand,
- aep_rand_status,
- };
-#endif
-
-/*Define an array of structures to hold connections*/
-static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
-
-/*Used to determine if this is a new process*/
-static pid_t recorded_pid = 0;
-
-#ifdef AEPRAND
-static AEP_U8 rand_block[RAND_BLK_SIZE];
-static AEP_U32 rand_block_bytes = 0;
-#endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_aep_id = "aep";
-static const char *engine_aep_name = "Aep hardware engine support";
-
-static int max_key_len = 2176;
-
-
-/* This internal function is used by ENGINE_aep() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_aep(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
-
- if(!ENGINE_set_id(e, engine_aep_id) ||
- !ENGINE_set_name(e, engine_aep_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &aep_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &aep_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &aep_dh) ||
-#endif
-#ifdef AEPRAND
- !ENGINE_set_RAND(e, &aep_random) ||
-#endif
- !ENGINE_set_init_function(e, aep_init) ||
- !ENGINE_set_destroy_function(e, aep_destroy) ||
- !ENGINE_set_finish_function(e, aep_finish) ||
- !ENGINE_set_ctrl_function(e, aep_ctrl) ||
- !ENGINE_set_cmd_defns(e, aep_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the aep-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2 = DSA_OpenSSL();
- aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
- aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
- aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
-
- aep_dsa = *DSA_get_default_method();
- aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
- aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- aep_dh.generate_key = meth3->generate_key;
- aep_dh.compute_key = meth3->compute_key;
- aep_dh.bn_mod_exp = meth3->bn_mod_exp;
-#endif
-
- /* Ensure the aep error handling is set up */
- ERR_load_AEPHK_strings();
-
- return 1;
-}
-
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_helper(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_aep_id) != 0))
- return 0;
- if(!bind_aep(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-#else
-static ENGINE *engine_aep(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_aep(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_aep(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_aep();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the Aep library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *aep_dso = NULL;
-
-/* These are the static string constants for the DSO file name and the function
- * symbol names to bind to.
-*/
-static const char *AEP_LIBNAME = NULL;
-static const char *get_AEP_LIBNAME(void)
- {
- if(AEP_LIBNAME)
- return AEP_LIBNAME;
- return "aep";
- }
-static void free_AEP_LIBNAME(void)
- {
- if(AEP_LIBNAME)
- OPENSSL_free((void*)AEP_LIBNAME);
- AEP_LIBNAME = NULL;
- }
-static long set_AEP_LIBNAME(const char *name)
- {
- free_AEP_LIBNAME();
- return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
- }
-
-static const char *AEP_F1 = "AEP_ModExp";
-static const char *AEP_F2 = "AEP_ModExpCrt";
-#ifdef AEPRAND
-static const char *AEP_F3 = "AEP_GenRandom";
-#endif
-static const char *AEP_F4 = "AEP_Finalize";
-static const char *AEP_F5 = "AEP_Initialize";
-static const char *AEP_F6 = "AEP_OpenConnection";
-static const char *AEP_F7 = "AEP_SetBNCallBacks";
-static const char *AEP_F8 = "AEP_CloseConnection";
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-static t_AEP_OpenConnection *p_AEP_OpenConnection = NULL;
-static t_AEP_CloseConnection *p_AEP_CloseConnection = NULL;
-static t_AEP_ModExp *p_AEP_ModExp = NULL;
-static t_AEP_ModExpCrt *p_AEP_ModExpCrt = NULL;
-#ifdef AEPRAND
-static t_AEP_GenRandom *p_AEP_GenRandom = NULL;
-#endif
-static t_AEP_Initialize *p_AEP_Initialize = NULL;
-static t_AEP_Finalize *p_AEP_Finalize = NULL;
-static t_AEP_SetBNCallBacks *p_AEP_SetBNCallBacks = NULL;
-
-/* (de)initialisation functions. */
-static int aep_init(ENGINE *e)
- {
- t_AEP_ModExp *p1;
- t_AEP_ModExpCrt *p2;
-#ifdef AEPRAND
- t_AEP_GenRandom *p3;
-#endif
- t_AEP_Finalize *p4;
- t_AEP_Initialize *p5;
- t_AEP_OpenConnection *p6;
- t_AEP_SetBNCallBacks *p7;
- t_AEP_CloseConnection *p8;
-
- int to_return = 0;
-
- if(aep_dso != NULL)
- {
- AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libaep.so. */
-
- aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
-
- if(aep_dso == NULL)
- {
- AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
- goto err;
- }
-
- if( !(p1 = (t_AEP_ModExp *) DSO_bind_func( aep_dso,AEP_F1)) ||
- !(p2 = (t_AEP_ModExpCrt*) DSO_bind_func( aep_dso,AEP_F2)) ||
-#ifdef AEPRAND
- !(p3 = (t_AEP_GenRandom*) DSO_bind_func( aep_dso,AEP_F3)) ||
-#endif
- !(p4 = (t_AEP_Finalize*) DSO_bind_func( aep_dso,AEP_F4)) ||
- !(p5 = (t_AEP_Initialize*) DSO_bind_func( aep_dso,AEP_F5)) ||
- !(p6 = (t_AEP_OpenConnection*) DSO_bind_func( aep_dso,AEP_F6)) ||
- !(p7 = (t_AEP_SetBNCallBacks*) DSO_bind_func( aep_dso,AEP_F7)) ||
- !(p8 = (t_AEP_CloseConnection*) DSO_bind_func( aep_dso,AEP_F8)))
- {
- AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
- goto err;
- }
-
- /* Copy the pointers */
-
- p_AEP_ModExp = p1;
- p_AEP_ModExpCrt = p2;
-#ifdef AEPRAND
- p_AEP_GenRandom = p3;
-#endif
- p_AEP_Finalize = p4;
- p_AEP_Initialize = p5;
- p_AEP_OpenConnection = p6;
- p_AEP_SetBNCallBacks = p7;
- p_AEP_CloseConnection = p8;
-
- to_return = 1;
-
- return to_return;
-
- err:
-
- if(aep_dso)
- DSO_free(aep_dso);
- aep_dso = NULL;
-
- p_AEP_OpenConnection = NULL;
- p_AEP_ModExp = NULL;
- p_AEP_ModExpCrt = NULL;
-#ifdef AEPRAND
- p_AEP_GenRandom = NULL;
-#endif
- p_AEP_Initialize = NULL;
- p_AEP_Finalize = NULL;
- p_AEP_SetBNCallBacks = NULL;
- p_AEP_CloseConnection = NULL;
-
- return to_return;
- }
-
-/* Destructor (complements the "ENGINE_aep()" constructor) */
-static int aep_destroy(ENGINE *e)
- {
- free_AEP_LIBNAME();
- ERR_unload_AEPHK_strings();
- return 1;
- }
-
-static int aep_finish(ENGINE *e)
- {
- int to_return = 0, in_use;
- AEP_RV rv;
-
- if(aep_dso == NULL)
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_NOT_LOADED);
- goto err;
- }
-
- rv = aep_close_all_connections(0, &in_use);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CLOSE_HANDLES_FAILED);
- goto err;
- }
- if (in_use)
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CONNECTIONS_IN_USE);
- goto err;
- }
-
- rv = p_AEP_Finalize();
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_FINALIZE_FAILED);
- goto err;
- }
-
- if(!DSO_free(aep_dso))
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_UNIT_FAILURE);
- goto err;
- }
-
- aep_dso = NULL;
- p_AEP_CloseConnection = NULL;
- p_AEP_OpenConnection = NULL;
- p_AEP_ModExp = NULL;
- p_AEP_ModExpCrt = NULL;
-#ifdef AEPRAND
- p_AEP_GenRandom = NULL;
-#endif
- p_AEP_Initialize = NULL;
- p_AEP_Finalize = NULL;
- p_AEP_SetBNCallBacks = NULL;
-
- to_return = 1;
- err:
- return to_return;
- }
-
-static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((aep_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case AEP_CMD_SO_PATH:
- if(p == NULL)
- {
- AEPHKerr(AEPHK_F_AEP_CTRL,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- AEPHKerr(AEPHK_F_AEP_CTRL,
- AEPHK_R_ALREADY_LOADED);
- return 0;
- }
- return set_AEP_LIBNAME((const char*)p);
- default:
- break;
- }
- AEPHKerr(AEPHK_F_AEP_CTRL,AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- int to_return = 0;
- int r_len = 0;
- AEP_CONNECTION_HNDL hConnection;
- AEP_RV rv;
-
- r_len = BN_num_bits(m);
-
- /* Perform in software if modulus is too large for hardware. */
-
- if (r_len > max_key_len){
- AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- /*Grab a connection from the pool*/
- rv = aep_get_connection(&hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- /*To the card with the mod exp*/
- rv = p_AEP_ModExp(hConnection,(void*)a, (void*)p,(void*)m, (void*)r,NULL);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED);
- rv = aep_close_connection(hConnection);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- /*Return the connection to the pool*/
- rv = aep_return_connection(hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_RETURN_CONNECTION_FAILED);
- goto err;
- }
-
- to_return = 1;
- err:
- return to_return;
- }
-
-#ifndef OPENSSL_NO_RSA
-static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1,
- const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)
- {
- AEP_RV rv = AEP_R_OK;
- AEP_CONNECTION_HNDL hConnection;
-
- /*Grab a connection from the pool*/
- rv = aep_get_connection(&hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED);
- return FAIL_TO_SW;
- }
-
- /*To the card with the mod exp*/
- rv = p_AEP_ModExpCrt(hConnection,(void*)a, (void*)p, (void*)q, (void*)dmp1,(void*)dmq1,
- (void*)iqmp,(void*)r,NULL);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED);
- rv = aep_close_connection(hConnection);
- return FAIL_TO_SW;
- }
-
- /*Return the connection to the pool*/
- rv = aep_return_connection(hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_RETURN_CONNECTION_FAILED);
- goto err;
- }
-
- err:
- return rv;
- }
-#endif
-
-
-#ifdef AEPRAND
-static int aep_rand(unsigned char *buf,int len )
- {
- AEP_RV rv = AEP_R_OK;
- AEP_CONNECTION_HNDL hConnection;
-
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
- /*Can the request be serviced with what's already in the buffer?*/
- if (len <= rand_block_bytes)
- {
- memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
- rand_block_bytes -= len;
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- }
- else
- /*If not the get another block of random bytes*/
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
- rv = aep_get_connection(&hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_HANDLE_FAILED);
- goto err_nounlock;
- }
-
- if (len > RAND_BLK_SIZE)
- {
- rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED);
- goto err_nounlock;
- }
- }
- else
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
- rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED);
-
- goto err;
- }
-
- rand_block_bytes = RAND_BLK_SIZE;
-
- memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
- rand_block_bytes -= len;
-
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- }
-
- rv = aep_return_connection(hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED);
-
- goto err_nounlock;
- }
- }
-
- return 1;
- err:
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- err_nounlock:
- return 0;
- }
-
-static int aep_rand_status(void)
-{
- return 1;
-}
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int to_return = 0;
- AEP_RV rv = AEP_R_OK;
-
- if (!aep_dso)
- {
- AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED);
- goto err;
- }
-
- /*See if we have all the necessary bits for a crt*/
- if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp)
- {
- rv = aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);
-
- if (rv == FAIL_TO_SW){
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
- goto err;
- }
- else if (rv != AEP_R_OK)
- goto err;
- }
- else
- {
- if (!rsa->d || !rsa->n)
- {
- AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- rv = aep_mod_exp(r0,I,rsa->d,rsa->n,ctx);
- if (rv != AEP_R_OK)
- goto err;
-
- }
-
- to_return = 1;
-
- err:
- return to_return;
-}
-#endif
-
-#ifndef OPENSSL_NO_DSA
-static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
- BN_init(&t);
-
- /* let rr = a1 ^ p1 mod m */
- if (!aep_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!aep_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
- end:
- BN_free(&t);
- return to_return;
- }
-
-static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return aep_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return aep_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return aep_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
- {
- int count;
- AEP_RV rv = AEP_R_OK;
-
- /*Get the current process id*/
- pid_t curr_pid;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-
-#ifdef NETWARE_CLIB
- curr_pid = GetThreadID();
-#elif defined(_WIN32)
- curr_pid = _getpid();
-#else
- curr_pid = getpid();
-#endif
-
- /*Check if this is the first time this is being called from the current
- process*/
- if (recorded_pid != curr_pid)
- {
- /*Remember our pid so we can check if we're in a new process*/
- recorded_pid = curr_pid;
-
- /*Call Finalize to make sure we have not inherited some data
- from a parent process*/
- p_AEP_Finalize();
-
- /*Initialise the AEP API*/
- rv = p_AEP_Initialize(NULL);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_INIT_FAILURE);
- recorded_pid = 0;
- goto end;
- }
-
- /*Set the AEP big num call back functions*/
- rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
- &ConvertAEPBigNum);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_SETBNCALLBACK_FAILURE);
- recorded_pid = 0;
- goto end;
- }
-
-#ifdef AEPRAND
- /*Reset the rand byte count*/
- rand_block_bytes = 0;
-#endif
-
- /*Init the structures*/
- for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- aep_app_conn_table[count].conn_state = NotConnected;
- aep_app_conn_table[count].conn_hndl = 0;
- }
-
- /*Open a connection*/
- rv = p_AEP_OpenConnection(phConnection);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
- recorded_pid = 0;
- goto end;
- }
-
- aep_app_conn_table[0].conn_state = InUse;
- aep_app_conn_table[0].conn_hndl = *phConnection;
- goto end;
- }
- /*Check the existing connections to see if we can find a free one*/
- for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- if (aep_app_conn_table[count].conn_state == Connected)
- {
- aep_app_conn_table[count].conn_state = InUse;
- *phConnection = aep_app_conn_table[count].conn_hndl;
- goto end;
- }
- }
- /*If no connections available, we're going to have to try
- to open a new one*/
- for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- if (aep_app_conn_table[count].conn_state == NotConnected)
- {
- /*Open a connection*/
- rv = p_AEP_OpenConnection(phConnection);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
- goto end;
- }
-
- aep_app_conn_table[count].conn_state = InUse;
- aep_app_conn_table[count].conn_hndl = *phConnection;
- goto end;
- }
- }
- rv = AEP_R_GENERAL_ERROR;
- end:
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return rv;
- }
-
-
-static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
- {
- int count;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-
- /*Find the connection item that matches this connection handle*/
- for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- if (aep_app_conn_table[count].conn_hndl == hConnection)
- {
- aep_app_conn_table[count].conn_state = Connected;
- break;
- }
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-
- return AEP_R_OK;
- }
-
-static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
- {
- int count;
- AEP_RV rv = AEP_R_OK;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-
- /*Find the connection item that matches this connection handle*/
- for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- if (aep_app_conn_table[count].conn_hndl == hConnection)
- {
- rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
- if (rv != AEP_R_OK)
- goto end;
- aep_app_conn_table[count].conn_state = NotConnected;
- aep_app_conn_table[count].conn_hndl = 0;
- break;
- }
- }
-
- end:
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return rv;
- }
-
-static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
- {
- int count;
- AEP_RV rv = AEP_R_OK;
-
- *in_use = 0;
- if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- switch (aep_app_conn_table[count].conn_state)
- {
- case Connected:
- rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
- if (rv != AEP_R_OK)
- goto end;
- aep_app_conn_table[count].conn_state = NotConnected;
- aep_app_conn_table[count].conn_hndl = 0;
- break;
- case InUse:
- (*in_use)++;
- break;
- case NotConnected:
- break;
- }
- }
- end:
- if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return rv;
- }
-
-/*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums.
- Note only 32bit Openssl build support*/
-
-static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)
- {
- BIGNUM* bn;
-
- /*Cast the ArbBigNum pointer to our BIGNUM struct*/
- bn = (BIGNUM*) ArbBigNum;
-
-#ifdef SIXTY_FOUR_BIT_LONG
- *BigNumSize = bn->top << 3;
-#else
- /*Size of the bignum in bytes is equal to the bn->top (no of 32 bit
- words) multiplies by 4*/
- *BigNumSize = bn->top << 2;
-#endif
-
- return AEP_R_OK;
- }
-
-static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
- unsigned char* AEP_BigNum)
- {
- BIGNUM* bn;
-
-#ifndef SIXTY_FOUR_BIT_LONG
- unsigned char* buf;
- int i;
-#endif
-
- /*Cast the ArbBigNum pointer to our BIGNUM struct*/
- bn = (BIGNUM*) ArbBigNum;
-
-#ifdef SIXTY_FOUR_BIT_LONG
- memcpy(AEP_BigNum, bn->d, BigNumSize);
-#else
- /*Must copy data into a (monotone) least significant byte first format
- performing endian conversion if necessary*/
- for(i=0;i<bn->top;i++)
- {
- buf = (unsigned char*)&bn->d[i];
-
- *((AEP_U32*)AEP_BigNum) = (AEP_U32)
- ((unsigned) buf[1] << 8 | buf[0]) |
- ((unsigned) buf[3] << 8 | buf[2]) << 16;
-
- AEP_BigNum += 4;
- }
-#endif
-
- return AEP_R_OK;
- }
-
-/*Turn an AEP Big Num back to a user big num*/
-static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
- unsigned char* AEP_BigNum)
- {
- BIGNUM* bn;
-#ifndef SIXTY_FOUR_BIT_LONG
- int i;
-#endif
-
- bn = (BIGNUM*)ArbBigNum;
-
- /*Expand the result bn so that it can hold our big num.
- Size is in bits*/
- bn_expand(bn, (int)(BigNumSize << 3));
-
-#ifdef SIXTY_FOUR_BIT_LONG
- bn->top = BigNumSize >> 3;
-
- if((BigNumSize & 7) != 0)
- bn->top++;
-
- memset(bn->d, 0, bn->top << 3);
-
- memcpy(bn->d, AEP_BigNum, BigNumSize);
-#else
- bn->top = BigNumSize >> 2;
-
- for(i=0;i<bn->top;i++)
- {
- bn->d[i] = (AEP_U32)
- ((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
- ((unsigned) AEP_BigNum[1] << 8 | AEP_BigNum[0]);
- AEP_BigNum += 4;
- }
-#endif
-
- return AEP_R_OK;
-}
-
-#endif /* !OPENSSL_NO_HW_AEP */
-#endif /* !OPENSSL_NO_HW */
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_aep.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_aep.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_aep.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_aep.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1171 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <string.h>
+
+#include <openssl/e_os2.h>
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+# include <sys/types.h>
+# include <unistd.h>
+#else
+# include <process.h>
+typedef int pid_t;
+#endif
+
+#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
+# define getpid GetThreadID
+extern int GetThreadID(void);
+#endif
+
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/buffer.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_AEP
+# ifdef FLAT_INC
+# include "aep.h"
+# else
+# include "vendor_defns/aep.h"
+# endif
+
+# define AEP_LIB_NAME "aep engine"
+# define FAIL_TO_SW 0x10101010
+
+# include "e_aep_err.c"
+
+static int aep_init(ENGINE *e);
+static int aep_finish(ENGINE *e);
+static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+static int aep_destroy(ENGINE *e);
+
+static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
+static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
+static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
+static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
+
+/* BIGNUM stuff */
+# ifndef OPENSSL_NO_RSA
+static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp,
+ BN_CTX *ctx);
+# endif
+
+/* RSA stuff */
+# ifndef OPENSSL_NO_RSA
+static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
+# endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+# ifndef OPENSSL_NO_RSA
+static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+# endif
+
+/* DSA stuff */
+# ifndef OPENSSL_NO_DSA
+static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont);
+
+static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+
+/* DH stuff */
+/* This function is aliased to mod_exp (with the DH and mont dropped). */
+# ifndef OPENSSL_NO_DH
+static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+
+/* rand stuff */
+# ifdef AEPRAND
+static int aep_rand(unsigned char *buf, int num);
+static int aep_rand_status(void);
+# endif
+
+/* Bignum conversion stuff */
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32 *BigNumSize);
+static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
+ unsigned char *AEP_BigNum);
+static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize,
+ unsigned char *AEP_BigNum);
+
+/* The definitions for control commands specific to this engine */
+# define AEP_CMD_SO_PATH ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN aep_cmd_defns[] = {
+ {AEP_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'aep' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD aep_rsa = {
+ "Aep RSA method",
+ NULL, /* rsa_pub_encrypt */
+ NULL, /* rsa_pub_decrypt */
+ NULL, /* rsa_priv_encrypt */
+ NULL, /* rsa_priv_encrypt */
+ aep_rsa_mod_exp, /* rsa_mod_exp */
+ aep_mod_exp_mont, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* rsa_sign */
+ NULL, /* rsa_verify */
+ NULL /* rsa_keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD aep_dsa = {
+ "Aep DSA method",
+ NULL, /* dsa_do_sign */
+ NULL, /* dsa_sign_setup */
+ NULL, /* dsa_do_verify */
+ aep_dsa_mod_exp, /* dsa_mod_exp */
+ aep_mod_exp_dsa, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* dsa_paramgen */
+ NULL /* dsa_keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD aep_dh = {
+ "Aep DH method",
+ NULL,
+ NULL,
+ aep_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL
+};
+# endif
+
+# ifdef AEPRAND
+/* our internal RAND_method that we provide pointers to */
+static RAND_METHOD aep_random = {
+ /*
+ * "AEP RAND method",
+ */
+ NULL,
+ aep_rand,
+ NULL,
+ NULL,
+ aep_rand,
+ aep_rand_status,
+};
+# endif
+
+/*
+ * Define an array of structures to hold connections
+ */
+static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
+
+/*
+ * Used to determine if this is a new process
+ */
+static pid_t recorded_pid = 0;
+
+# ifdef AEPRAND
+static AEP_U8 rand_block[RAND_BLK_SIZE];
+static AEP_U32 rand_block_bytes = 0;
+# endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_aep_id = "aep";
+static const char *engine_aep_name = "Aep hardware engine support";
+
+static int max_key_len = 2176;
+
+/*
+ * This internal function is used by ENGINE_aep() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_aep(ENGINE *e)
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DSA
+ const DSA_METHOD *meth2;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth3;
+# endif
+
+ if (!ENGINE_set_id(e, engine_aep_id) ||
+ !ENGINE_set_name(e, engine_aep_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &aep_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &aep_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &aep_dh) ||
+# endif
+# ifdef AEPRAND
+ !ENGINE_set_RAND(e, &aep_random) ||
+# endif
+ !ENGINE_set_init_function(e, aep_init) ||
+ !ENGINE_set_destroy_function(e, aep_destroy) ||
+ !ENGINE_set_finish_function(e, aep_finish) ||
+ !ENGINE_set_ctrl_function(e, aep_ctrl) ||
+ !ENGINE_set_cmd_defns(e, aep_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * aep-specific mod_exp and mod_exp_crt so we use those functions. NB: We
+ * don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ /*
+ * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
+ */
+ meth2 = DSA_OpenSSL();
+ aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
+ aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+ aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
+
+ aep_dsa = *DSA_get_default_method();
+ aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
+ aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth3 = DH_OpenSSL();
+ aep_dh.generate_key = meth3->generate_key;
+ aep_dh.compute_key = meth3->compute_key;
+ aep_dh.bn_mod_exp = meth3->bn_mod_exp;
+# endif
+
+ /* Ensure the aep error handling is set up */
+ ERR_load_AEPHK_strings();
+
+ return 1;
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_aep_id) != 0))
+ return 0;
+ if (!bind_aep(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# else
+static ENGINE *engine_aep(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_aep(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_aep(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_aep();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the Aep
+ * library. NB: This is only set (or unset) during an init() or finish() call
+ * (reference counts permitting) and they're operating with global locks, so
+ * this should be thread-safe implicitly.
+ */
+static DSO *aep_dso = NULL;
+
+/*
+ * These are the static string constants for the DSO file name and the
+ * function symbol names to bind to.
+ */
+static const char *AEP_LIBNAME = NULL;
+static const char *get_AEP_LIBNAME(void)
+{
+ if (AEP_LIBNAME)
+ return AEP_LIBNAME;
+ return "aep";
+}
+
+static void free_AEP_LIBNAME(void)
+{
+ if (AEP_LIBNAME)
+ OPENSSL_free((void *)AEP_LIBNAME);
+ AEP_LIBNAME = NULL;
+}
+
+static long set_AEP_LIBNAME(const char *name)
+{
+ free_AEP_LIBNAME();
+ return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
+}
+
+static const char *AEP_F1 = "AEP_ModExp";
+static const char *AEP_F2 = "AEP_ModExpCrt";
+# ifdef AEPRAND
+static const char *AEP_F3 = "AEP_GenRandom";
+# endif
+static const char *AEP_F4 = "AEP_Finalize";
+static const char *AEP_F5 = "AEP_Initialize";
+static const char *AEP_F6 = "AEP_OpenConnection";
+static const char *AEP_F7 = "AEP_SetBNCallBacks";
+static const char *AEP_F8 = "AEP_CloseConnection";
+
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
+static t_AEP_OpenConnection *p_AEP_OpenConnection = NULL;
+static t_AEP_CloseConnection *p_AEP_CloseConnection = NULL;
+static t_AEP_ModExp *p_AEP_ModExp = NULL;
+static t_AEP_ModExpCrt *p_AEP_ModExpCrt = NULL;
+# ifdef AEPRAND
+static t_AEP_GenRandom *p_AEP_GenRandom = NULL;
+# endif
+static t_AEP_Initialize *p_AEP_Initialize = NULL;
+static t_AEP_Finalize *p_AEP_Finalize = NULL;
+static t_AEP_SetBNCallBacks *p_AEP_SetBNCallBacks = NULL;
+
+/* (de)initialisation functions. */
+static int aep_init(ENGINE *e)
+{
+ t_AEP_ModExp *p1;
+ t_AEP_ModExpCrt *p2;
+# ifdef AEPRAND
+ t_AEP_GenRandom *p3;
+# endif
+ t_AEP_Finalize *p4;
+ t_AEP_Initialize *p5;
+ t_AEP_OpenConnection *p6;
+ t_AEP_SetBNCallBacks *p7;
+ t_AEP_CloseConnection *p8;
+
+ int to_return = 0;
+
+ if (aep_dso != NULL) {
+ AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_ALREADY_LOADED);
+ goto err;
+ }
+ /* Attempt to load libaep.so. */
+
+ aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
+
+ if (aep_dso == NULL) {
+ AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED);
+ goto err;
+ }
+
+ if (!(p1 = (t_AEP_ModExp *) DSO_bind_func(aep_dso, AEP_F1)) ||
+ !(p2 = (t_AEP_ModExpCrt *) DSO_bind_func(aep_dso, AEP_F2)) ||
+# ifdef AEPRAND
+ !(p3 = (t_AEP_GenRandom *) DSO_bind_func(aep_dso, AEP_F3)) ||
+# endif
+ !(p4 = (t_AEP_Finalize *) DSO_bind_func(aep_dso, AEP_F4)) ||
+ !(p5 = (t_AEP_Initialize *) DSO_bind_func(aep_dso, AEP_F5)) ||
+ !(p6 = (t_AEP_OpenConnection *) DSO_bind_func(aep_dso, AEP_F6)) ||
+ !(p7 = (t_AEP_SetBNCallBacks *) DSO_bind_func(aep_dso, AEP_F7)) ||
+ !(p8 = (t_AEP_CloseConnection *) DSO_bind_func(aep_dso, AEP_F8))) {
+ AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED);
+ goto err;
+ }
+
+ /* Copy the pointers */
+
+ p_AEP_ModExp = p1;
+ p_AEP_ModExpCrt = p2;
+# ifdef AEPRAND
+ p_AEP_GenRandom = p3;
+# endif
+ p_AEP_Finalize = p4;
+ p_AEP_Initialize = p5;
+ p_AEP_OpenConnection = p6;
+ p_AEP_SetBNCallBacks = p7;
+ p_AEP_CloseConnection = p8;
+
+ to_return = 1;
+
+ return to_return;
+
+ err:
+
+ if (aep_dso)
+ DSO_free(aep_dso);
+ aep_dso = NULL;
+
+ p_AEP_OpenConnection = NULL;
+ p_AEP_ModExp = NULL;
+ p_AEP_ModExpCrt = NULL;
+# ifdef AEPRAND
+ p_AEP_GenRandom = NULL;
+# endif
+ p_AEP_Initialize = NULL;
+ p_AEP_Finalize = NULL;
+ p_AEP_SetBNCallBacks = NULL;
+ p_AEP_CloseConnection = NULL;
+
+ return to_return;
+}
+
+/* Destructor (complements the "ENGINE_aep()" constructor) */
+static int aep_destroy(ENGINE *e)
+{
+ free_AEP_LIBNAME();
+ ERR_unload_AEPHK_strings();
+ return 1;
+}
+
+static int aep_finish(ENGINE *e)
+{
+ int to_return = 0, in_use;
+ AEP_RV rv;
+
+ if (aep_dso == NULL) {
+ AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_NOT_LOADED);
+ goto err;
+ }
+
+ rv = aep_close_all_connections(0, &in_use);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_CLOSE_HANDLES_FAILED);
+ goto err;
+ }
+ if (in_use) {
+ AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_CONNECTIONS_IN_USE);
+ goto err;
+ }
+
+ rv = p_AEP_Finalize();
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_FINALIZE_FAILED);
+ goto err;
+ }
+
+ if (!DSO_free(aep_dso)) {
+ AEPHKerr(AEPHK_F_AEP_FINISH, AEPHK_R_UNIT_FAILURE);
+ goto err;
+ }
+
+ aep_dso = NULL;
+ p_AEP_CloseConnection = NULL;
+ p_AEP_OpenConnection = NULL;
+ p_AEP_ModExp = NULL;
+ p_AEP_ModExpCrt = NULL;
+# ifdef AEPRAND
+ p_AEP_GenRandom = NULL;
+# endif
+ p_AEP_Initialize = NULL;
+ p_AEP_Finalize = NULL;
+ p_AEP_SetBNCallBacks = NULL;
+
+ to_return = 1;
+ err:
+ return to_return;
+}
+
+static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int initialised = ((aep_dso == NULL) ? 0 : 1);
+ switch (cmd) {
+ case AEP_CMD_SO_PATH:
+ if (p == NULL) {
+ AEPHKerr(AEPHK_F_AEP_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ AEPHKerr(AEPHK_F_AEP_CTRL, AEPHK_R_ALREADY_LOADED);
+ return 0;
+ }
+ return set_AEP_LIBNAME((const char *)p);
+ default:
+ break;
+ }
+ AEPHKerr(AEPHK_F_AEP_CTRL, AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
+
+static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ int to_return = 0;
+ int r_len = 0;
+ AEP_CONNECTION_HNDL hConnection;
+ AEP_RV rv;
+
+ r_len = BN_num_bits(m);
+
+ /* Perform in software if modulus is too large for hardware. */
+
+ if (r_len > max_key_len) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
+
+ /*
+ * Grab a connection from the pool
+ */
+ rv = aep_get_connection(&hConnection);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_GET_HANDLE_FAILED);
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
+
+ /*
+ * To the card with the mod exp
+ */
+ rv = p_AEP_ModExp(hConnection, (void *)a, (void *)p, (void *)m, (void *)r,
+ NULL);
+
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_MOD_EXP_FAILED);
+ rv = aep_close_connection(hConnection);
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
+
+ /*
+ * Return the connection to the pool
+ */
+ rv = aep_return_connection(hConnection);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_RETURN_CONNECTION_FAILED);
+ goto err;
+ }
+
+ to_return = 1;
+ err:
+ return to_return;
+}
+
+# ifndef OPENSSL_NO_RSA
+static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp,
+ BN_CTX *ctx)
+{
+ AEP_RV rv = AEP_R_OK;
+ AEP_CONNECTION_HNDL hConnection;
+
+ /*
+ * Grab a connection from the pool
+ */
+ rv = aep_get_connection(&hConnection);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_GET_HANDLE_FAILED);
+ return FAIL_TO_SW;
+ }
+
+ /*
+ * To the card with the mod exp
+ */
+ rv = p_AEP_ModExpCrt(hConnection, (void *)a, (void *)p, (void *)q,
+ (void *)dmp1, (void *)dmq1, (void *)iqmp, (void *)r,
+ NULL);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_MOD_EXP_CRT_FAILED);
+ rv = aep_close_connection(hConnection);
+ return FAIL_TO_SW;
+ }
+
+ /*
+ * Return the connection to the pool
+ */
+ rv = aep_return_connection(hConnection);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT, AEPHK_R_RETURN_CONNECTION_FAILED);
+ goto err;
+ }
+
+ err:
+ return rv;
+}
+# endif
+
+# ifdef AEPRAND
+static int aep_rand(unsigned char *buf, int len)
+{
+ AEP_RV rv = AEP_R_OK;
+ AEP_CONNECTION_HNDL hConnection;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+ /*
+ * Can the request be serviced with what's already in the buffer?
+ */
+ if (len <= rand_block_bytes) {
+ memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+ rand_block_bytes -= len;
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ } else
+ /*
+ * If not the get another block of random bytes
+ */
+ {
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+ rv = aep_get_connection(&hConnection);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_HANDLE_FAILED);
+ goto err_nounlock;
+ }
+
+ if (len > RAND_BLK_SIZE) {
+ rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_RANDOM_FAILED);
+ goto err_nounlock;
+ }
+ } else {
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+ rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2,
+ &rand_block[0], NULL);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_GET_RANDOM_FAILED);
+
+ goto err;
+ }
+
+ rand_block_bytes = RAND_BLK_SIZE;
+
+ memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+ rand_block_bytes -= len;
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ }
+
+ rv = aep_return_connection(hConnection);
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_RAND, AEPHK_R_RETURN_CONNECTION_FAILED);
+
+ goto err_nounlock;
+ }
+ }
+
+ return 1;
+ err:
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ err_nounlock:
+ return 0;
+}
+
+static int aep_rand_status(void)
+{
+ return 1;
+}
+# endif
+
+# ifndef OPENSSL_NO_RSA
+static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+ int to_return = 0;
+ AEP_RV rv = AEP_R_OK;
+
+ if (!aep_dso) {
+ AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP, AEPHK_R_NOT_LOADED);
+ goto err;
+ }
+
+ /*
+ * See if we have all the necessary bits for a crt
+ */
+ if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) {
+ rv = aep_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, rsa->dmq1,
+ rsa->iqmp, ctx);
+
+ if (rv == FAIL_TO_SW) {
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ to_return = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+ goto err;
+ } else if (rv != AEP_R_OK)
+ goto err;
+ } else {
+ if (!rsa->d || !rsa->n) {
+ AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP, AEPHK_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+
+ rv = aep_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+ if (rv != AEP_R_OK)
+ goto err;
+
+ }
+
+ to_return = 1;
+
+ err:
+ return to_return;
+}
+# endif
+
+# ifndef OPENSSL_NO_DSA
+static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ BIGNUM t;
+ int to_return = 0;
+ BN_init(&t);
+
+ /* let rr = a1 ^ p1 mod m */
+ if (!aep_mod_exp(rr, a1, p1, m, ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!aep_mod_exp(&t, a2, p2, m, ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr, rr, &t, m, ctx))
+ goto end;
+ to_return = 1;
+ end:
+ BN_free(&t);
+ return to_return;
+}
+
+static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return aep_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_RSA
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return aep_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return aep_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
+{
+ int count;
+ AEP_RV rv = AEP_R_OK;
+
+ /*
+ * Get the current process id
+ */
+ pid_t curr_pid;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+# ifdef NETWARE_CLIB
+ curr_pid = GetThreadID();
+# elif defined(_WIN32)
+ curr_pid = _getpid();
+# else
+ curr_pid = getpid();
+# endif
+
+ /*
+ * Check if this is the first time this is being called from the current
+ * process
+ */
+ if (recorded_pid != curr_pid) {
+ /*
+ * Remember our pid so we can check if we're in a new process
+ */
+ recorded_pid = curr_pid;
+
+ /*
+ * Call Finalize to make sure we have not inherited some data from a
+ * parent process
+ */
+ p_AEP_Finalize();
+
+ /*
+ * Initialise the AEP API
+ */
+ rv = p_AEP_Initialize(NULL);
+
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_INIT_FAILURE);
+ recorded_pid = 0;
+ goto end;
+ }
+
+ /*
+ * Set the AEP big num call back functions
+ */
+ rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
+ &ConvertAEPBigNum);
+
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,
+ AEPHK_R_SETBNCALLBACK_FAILURE);
+ recorded_pid = 0;
+ goto end;
+ }
+# ifdef AEPRAND
+ /*
+ * Reset the rand byte count
+ */
+ rand_block_bytes = 0;
+# endif
+
+ /*
+ * Init the structures
+ */
+ for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
+ aep_app_conn_table[count].conn_state = NotConnected;
+ aep_app_conn_table[count].conn_hndl = 0;
+ }
+
+ /*
+ * Open a connection
+ */
+ rv = p_AEP_OpenConnection(phConnection);
+
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_UNIT_FAILURE);
+ recorded_pid = 0;
+ goto end;
+ }
+
+ aep_app_conn_table[0].conn_state = InUse;
+ aep_app_conn_table[0].conn_hndl = *phConnection;
+ goto end;
+ }
+ /*
+ * Check the existing connections to see if we can find a free one
+ */
+ for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
+ if (aep_app_conn_table[count].conn_state == Connected) {
+ aep_app_conn_table[count].conn_state = InUse;
+ *phConnection = aep_app_conn_table[count].conn_hndl;
+ goto end;
+ }
+ }
+ /*
+ * If no connections available, we're going to have to try to open a new
+ * one
+ */
+ for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
+ if (aep_app_conn_table[count].conn_state == NotConnected) {
+ /*
+ * Open a connection
+ */
+ rv = p_AEP_OpenConnection(phConnection);
+
+ if (rv != AEP_R_OK) {
+ AEPHKerr(AEPHK_F_AEP_GET_CONNECTION, AEPHK_R_UNIT_FAILURE);
+ goto end;
+ }
+
+ aep_app_conn_table[count].conn_state = InUse;
+ aep_app_conn_table[count].conn_hndl = *phConnection;
+ goto end;
+ }
+ }
+ rv = AEP_R_GENERAL_ERROR;
+ end:
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return rv;
+}
+
+static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
+{
+ int count;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+ /*
+ * Find the connection item that matches this connection handle
+ */
+ for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
+ if (aep_app_conn_table[count].conn_hndl == hConnection) {
+ aep_app_conn_table[count].conn_state = Connected;
+ break;
+ }
+ }
+
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+
+ return AEP_R_OK;
+}
+
+static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
+{
+ int count;
+ AEP_RV rv = AEP_R_OK;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+ /*
+ * Find the connection item that matches this connection handle
+ */
+ for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
+ if (aep_app_conn_table[count].conn_hndl == hConnection) {
+ rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+ if (rv != AEP_R_OK)
+ goto end;
+ aep_app_conn_table[count].conn_state = NotConnected;
+ aep_app_conn_table[count].conn_hndl = 0;
+ break;
+ }
+ }
+
+ end:
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return rv;
+}
+
+static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
+{
+ int count;
+ AEP_RV rv = AEP_R_OK;
+
+ *in_use = 0;
+ if (use_engine_lock)
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ for (count = 0; count < MAX_PROCESS_CONNECTIONS; count++) {
+ switch (aep_app_conn_table[count].conn_state) {
+ case Connected:
+ rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+ if (rv != AEP_R_OK)
+ goto end;
+ aep_app_conn_table[count].conn_state = NotConnected;
+ aep_app_conn_table[count].conn_hndl = 0;
+ break;
+ case InUse:
+ (*in_use)++;
+ break;
+ case NotConnected:
+ break;
+ }
+ }
+ end:
+ if (use_engine_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ return rv;
+}
+
+/*
+ * BigNum call back functions, used to convert OpenSSL bignums into AEP
+ * bignums. Note only 32bit Openssl build support
+ */
+
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32 *BigNumSize)
+{
+ BIGNUM *bn;
+
+ /*
+ * Cast the ArbBigNum pointer to our BIGNUM struct
+ */
+ bn = (BIGNUM *)ArbBigNum;
+
+# ifdef SIXTY_FOUR_BIT_LONG
+ *BigNumSize = bn->top << 3;
+# else
+ /*
+ * Size of the bignum in bytes is equal to the bn->top (no of 32 bit
+ * words) multiplies by 4
+ */
+ *BigNumSize = bn->top << 2;
+# endif
+
+ return AEP_R_OK;
+}
+
+static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
+ unsigned char *AEP_BigNum)
+{
+ BIGNUM *bn;
+
+# ifndef SIXTY_FOUR_BIT_LONG
+ unsigned char *buf;
+ int i;
+# endif
+
+ /*
+ * Cast the ArbBigNum pointer to our BIGNUM struct
+ */
+ bn = (BIGNUM *)ArbBigNum;
+
+# ifdef SIXTY_FOUR_BIT_LONG
+ memcpy(AEP_BigNum, bn->d, BigNumSize);
+# else
+ /*
+ * Must copy data into a (monotone) least significant byte first format
+ * performing endian conversion if necessary
+ */
+ for (i = 0; i < bn->top; i++) {
+ buf = (unsigned char *)&bn->d[i];
+
+ *((AEP_U32 *)AEP_BigNum) = (AEP_U32)
+ ((unsigned)buf[1] << 8 | buf[0]) |
+ ((unsigned)buf[3] << 8 | buf[2]) << 16;
+
+ AEP_BigNum += 4;
+ }
+# endif
+
+ return AEP_R_OK;
+}
+
+/*
+ * Turn an AEP Big Num back to a user big num
+ */
+static AEP_RV ConvertAEPBigNum(void *ArbBigNum, AEP_U32 BigNumSize,
+ unsigned char *AEP_BigNum)
+{
+ BIGNUM *bn;
+# ifndef SIXTY_FOUR_BIT_LONG
+ int i;
+# endif
+
+ bn = (BIGNUM *)ArbBigNum;
+
+ /*
+ * Expand the result bn so that it can hold our big num. Size is in bits
+ */
+ bn_expand(bn, (int)(BigNumSize << 3));
+
+# ifdef SIXTY_FOUR_BIT_LONG
+ bn->top = BigNumSize >> 3;
+
+ if ((BigNumSize & 7) != 0)
+ bn->top++;
+
+ memset(bn->d, 0, bn->top << 3);
+
+ memcpy(bn->d, AEP_BigNum, BigNumSize);
+# else
+ bn->top = BigNumSize >> 2;
+
+ for (i = 0; i < bn->top; i++) {
+ bn->d[i] = (AEP_U32)
+ ((unsigned)AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
+ ((unsigned)AEP_BigNum[1] << 8 | AEP_BigNum[0]);
+ AEP_BigNum += 4;
+ }
+# endif
+
+ return AEP_R_OK;
+}
+
+# endif /* !OPENSSL_NO_HW_AEP */
+#endif /* !OPENSSL_NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_aep_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,161 +0,0 @@
-/* e_aep_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_aep_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA AEPHK_str_functs[]=
- {
-{ERR_FUNC(AEPHK_F_AEP_CTRL), "AEP_CTRL"},
-{ERR_FUNC(AEPHK_F_AEP_FINISH), "AEP_FINISH"},
-{ERR_FUNC(AEPHK_F_AEP_GET_CONNECTION), "AEP_GET_CONNECTION"},
-{ERR_FUNC(AEPHK_F_AEP_INIT), "AEP_INIT"},
-{ERR_FUNC(AEPHK_F_AEP_MOD_EXP), "AEP_MOD_EXP"},
-{ERR_FUNC(AEPHK_F_AEP_MOD_EXP_CRT), "AEP_MOD_EXP_CRT"},
-{ERR_FUNC(AEPHK_F_AEP_RAND), "AEP_RAND"},
-{ERR_FUNC(AEPHK_F_AEP_RSA_MOD_EXP), "AEP_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA AEPHK_str_reasons[]=
- {
-{ERR_REASON(AEPHK_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(AEPHK_R_CLOSE_HANDLES_FAILED),"close handles failed"},
-{ERR_REASON(AEPHK_R_CONNECTIONS_IN_USE) ,"connections in use"},
-{ERR_REASON(AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(AEPHK_R_FINALIZE_FAILED) ,"finalize failed"},
-{ERR_REASON(AEPHK_R_GET_HANDLE_FAILED) ,"get handle failed"},
-{ERR_REASON(AEPHK_R_GET_RANDOM_FAILED) ,"get random failed"},
-{ERR_REASON(AEPHK_R_INIT_FAILURE) ,"init failure"},
-{ERR_REASON(AEPHK_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(AEPHK_R_MOD_EXP_CRT_FAILED) ,"mod exp crt failed"},
-{ERR_REASON(AEPHK_R_MOD_EXP_FAILED) ,"mod exp failed"},
-{ERR_REASON(AEPHK_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(AEPHK_R_OK) ,"ok"},
-{ERR_REASON(AEPHK_R_RETURN_CONNECTION_FAILED),"return connection failed"},
-{ERR_REASON(AEPHK_R_SETBNCALLBACK_FAILURE),"setbncallback failure"},
-{ERR_REASON(AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
-{ERR_REASON(AEPHK_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef AEPHK_LIB_NAME
-static ERR_STRING_DATA AEPHK_lib_name[]=
- {
-{0 ,AEPHK_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int AEPHK_lib_error_code=0;
-static int AEPHK_error_init=1;
-
-static void ERR_load_AEPHK_strings(void)
- {
- if (AEPHK_lib_error_code == 0)
- AEPHK_lib_error_code=ERR_get_next_error_library();
-
- if (AEPHK_error_init)
- {
- AEPHK_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_functs);
- ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
-#endif
-
-#ifdef AEPHK_LIB_NAME
- AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code,0,0);
- ERR_load_strings(0,AEPHK_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_AEPHK_strings(void)
- {
- if (AEPHK_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_functs);
- ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
-#endif
-
-#ifdef AEPHK_LIB_NAME
- ERR_unload_strings(0,AEPHK_lib_name);
-#endif
- AEPHK_error_init=1;
- }
- }
-
-static void ERR_AEPHK_error(int function, int reason, char *file, int line)
- {
- if (AEPHK_lib_error_code == 0)
- AEPHK_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(AEPHK_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_aep_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,159 @@
+/* e_aep_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_aep_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA AEPHK_str_functs[] = {
+ {ERR_FUNC(AEPHK_F_AEP_CTRL), "AEP_CTRL"},
+ {ERR_FUNC(AEPHK_F_AEP_FINISH), "AEP_FINISH"},
+ {ERR_FUNC(AEPHK_F_AEP_GET_CONNECTION), "AEP_GET_CONNECTION"},
+ {ERR_FUNC(AEPHK_F_AEP_INIT), "AEP_INIT"},
+ {ERR_FUNC(AEPHK_F_AEP_MOD_EXP), "AEP_MOD_EXP"},
+ {ERR_FUNC(AEPHK_F_AEP_MOD_EXP_CRT), "AEP_MOD_EXP_CRT"},
+ {ERR_FUNC(AEPHK_F_AEP_RAND), "AEP_RAND"},
+ {ERR_FUNC(AEPHK_F_AEP_RSA_MOD_EXP), "AEP_RSA_MOD_EXP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA AEPHK_str_reasons[] = {
+ {ERR_REASON(AEPHK_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(AEPHK_R_CLOSE_HANDLES_FAILED), "close handles failed"},
+ {ERR_REASON(AEPHK_R_CONNECTIONS_IN_USE), "connections in use"},
+ {ERR_REASON(AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(AEPHK_R_FINALIZE_FAILED), "finalize failed"},
+ {ERR_REASON(AEPHK_R_GET_HANDLE_FAILED), "get handle failed"},
+ {ERR_REASON(AEPHK_R_GET_RANDOM_FAILED), "get random failed"},
+ {ERR_REASON(AEPHK_R_INIT_FAILURE), "init failure"},
+ {ERR_REASON(AEPHK_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {ERR_REASON(AEPHK_R_MOD_EXP_CRT_FAILED), "mod exp crt failed"},
+ {ERR_REASON(AEPHK_R_MOD_EXP_FAILED), "mod exp failed"},
+ {ERR_REASON(AEPHK_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(AEPHK_R_OK), "ok"},
+ {ERR_REASON(AEPHK_R_RETURN_CONNECTION_FAILED),
+ "return connection failed"},
+ {ERR_REASON(AEPHK_R_SETBNCALLBACK_FAILURE), "setbncallback failure"},
+ {ERR_REASON(AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
+ "size too large or too small"},
+ {ERR_REASON(AEPHK_R_UNIT_FAILURE), "unit failure"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef AEPHK_LIB_NAME
+static ERR_STRING_DATA AEPHK_lib_name[] = {
+ {0, AEPHK_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int AEPHK_lib_error_code = 0;
+static int AEPHK_error_init = 1;
+
+static void ERR_load_AEPHK_strings(void)
+{
+ if (AEPHK_lib_error_code == 0)
+ AEPHK_lib_error_code = ERR_get_next_error_library();
+
+ if (AEPHK_error_init) {
+ AEPHK_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(AEPHK_lib_error_code, AEPHK_str_functs);
+ ERR_load_strings(AEPHK_lib_error_code, AEPHK_str_reasons);
+#endif
+
+#ifdef AEPHK_LIB_NAME
+ AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code, 0, 0);
+ ERR_load_strings(0, AEPHK_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_AEPHK_strings(void)
+{
+ if (AEPHK_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(AEPHK_lib_error_code, AEPHK_str_functs);
+ ERR_unload_strings(AEPHK_lib_error_code, AEPHK_str_reasons);
+#endif
+
+#ifdef AEPHK_LIB_NAME
+ ERR_unload_strings(0, AEPHK_lib_name);
+#endif
+ AEPHK_error_init = 1;
+ }
+}
+
+static void ERR_AEPHK_error(int function, int reason, char *file, int line)
+{
+ if (AEPHK_lib_error_code == 0)
+ AEPHK_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(AEPHK_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.h
===================================================================
--- vendor-crypto/openssl/dist/engines/e_aep_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,105 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_AEPHK_ERR_H
-#define HEADER_AEPHK_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_AEPHK_strings(void);
-static void ERR_unload_AEPHK_strings(void);
-static void ERR_AEPHK_error(int function, int reason, char *file, int line);
-#define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the AEPHK functions. */
-
-/* Function codes. */
-#define AEPHK_F_AEP_CTRL 100
-#define AEPHK_F_AEP_FINISH 101
-#define AEPHK_F_AEP_GET_CONNECTION 102
-#define AEPHK_F_AEP_INIT 103
-#define AEPHK_F_AEP_MOD_EXP 104
-#define AEPHK_F_AEP_MOD_EXP_CRT 105
-#define AEPHK_F_AEP_RAND 106
-#define AEPHK_F_AEP_RSA_MOD_EXP 107
-
-/* Reason codes. */
-#define AEPHK_R_ALREADY_LOADED 100
-#define AEPHK_R_CLOSE_HANDLES_FAILED 101
-#define AEPHK_R_CONNECTIONS_IN_USE 102
-#define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define AEPHK_R_FINALIZE_FAILED 104
-#define AEPHK_R_GET_HANDLE_FAILED 105
-#define AEPHK_R_GET_RANDOM_FAILED 106
-#define AEPHK_R_INIT_FAILURE 107
-#define AEPHK_R_MISSING_KEY_COMPONENTS 108
-#define AEPHK_R_MOD_EXP_CRT_FAILED 109
-#define AEPHK_R_MOD_EXP_FAILED 110
-#define AEPHK_R_NOT_LOADED 111
-#define AEPHK_R_OK 112
-#define AEPHK_R_RETURN_CONNECTION_FAILED 113
-#define AEPHK_R_SETBNCALLBACK_FAILURE 114
-#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL 116
-#define AEPHK_R_UNIT_FAILURE 115
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.h (from rev 6976, vendor-crypto/openssl/dist/engines/e_aep_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_aep_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,106 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_AEPHK_ERR_H
+# define HEADER_AEPHK_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_AEPHK_strings(void);
+static void ERR_unload_AEPHK_strings(void);
+static void ERR_AEPHK_error(int function, int reason, char *file, int line);
+# define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the AEPHK functions. */
+
+/* Function codes. */
+# define AEPHK_F_AEP_CTRL 100
+# define AEPHK_F_AEP_FINISH 101
+# define AEPHK_F_AEP_GET_CONNECTION 102
+# define AEPHK_F_AEP_INIT 103
+# define AEPHK_F_AEP_MOD_EXP 104
+# define AEPHK_F_AEP_MOD_EXP_CRT 105
+# define AEPHK_F_AEP_RAND 106
+# define AEPHK_F_AEP_RSA_MOD_EXP 107
+
+/* Reason codes. */
+# define AEPHK_R_ALREADY_LOADED 100
+# define AEPHK_R_CLOSE_HANDLES_FAILED 101
+# define AEPHK_R_CONNECTIONS_IN_USE 102
+# define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
+# define AEPHK_R_FINALIZE_FAILED 104
+# define AEPHK_R_GET_HANDLE_FAILED 105
+# define AEPHK_R_GET_RANDOM_FAILED 106
+# define AEPHK_R_INIT_FAILURE 107
+# define AEPHK_R_MISSING_KEY_COMPONENTS 108
+# define AEPHK_R_MOD_EXP_CRT_FAILED 109
+# define AEPHK_R_MOD_EXP_FAILED 110
+# define AEPHK_R_NOT_LOADED 111
+# define AEPHK_R_OK 112
+# define AEPHK_R_RETURN_CONNECTION_FAILED 113
+# define AEPHK_R_SETBNCALLBACK_FAILURE 114
+# define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL 116
+# define AEPHK_R_UNIT_FAILURE 115
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_atalla.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_atalla.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_atalla.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,607 +0,0 @@
-/* crypto/engine/hw_atalla.c */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_ATALLA
-
-#ifdef FLAT_INC
-#include "atalla.h"
-#else
-#include "vendor_defns/atalla.h"
-#endif
-
-#define ATALLA_LIB_NAME "atalla engine"
-#include "e_atalla_err.c"
-
-static int atalla_destroy(ENGINE *e);
-static int atalla_init(ENGINE *e);
-static int atalla_finish(ENGINE *e);
-static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-/* BIGNUM stuff */
-static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-
-#ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* DSA stuff */
-static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
-static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* The definitions for control commands specific to this engine */
-#define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
- {ATALLA_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'atasi' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD atalla_rsa =
- {
- "Atalla RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- atalla_rsa_mod_exp,
- atalla_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD atalla_dsa =
- {
- "Atalla DSA method",
- NULL, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- NULL, /* dsa_do_verify */
- atalla_dsa_mod_exp, /* dsa_mod_exp */
- atalla_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD atalla_dh =
- {
- "Atalla DH method",
- NULL,
- NULL,
- atalla_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_atalla_id = "atalla";
-static const char *engine_atalla_name = "Atalla hardware engine support";
-
-/* This internal function is used by ENGINE_atalla() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
- if(!ENGINE_set_id(e, engine_atalla_id) ||
- !ENGINE_set_name(e, engine_atalla_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &atalla_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &atalla_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &atalla_dh) ||
-#endif
- !ENGINE_set_destroy_function(e, atalla_destroy) ||
- !ENGINE_set_init_function(e, atalla_init) ||
- !ENGINE_set_finish_function(e, atalla_finish) ||
- !ENGINE_set_ctrl_function(e, atalla_ctrl) ||
- !ENGINE_set_cmd_defns(e, atalla_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the atalla-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2 = DSA_OpenSSL();
- atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
- atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
- atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- atalla_dh.generate_key = meth3->generate_key;
- atalla_dh.compute_key = meth3->compute_key;
-#endif
-
- /* Ensure the atalla error handling is set up */
- ERR_load_ATALLA_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_atalla(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_atalla(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_atalla();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the Atalla library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *atalla_dso = NULL;
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
-static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
-static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
-
-/* These are the static string constants for the DSO file name and the function
- * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
- * "atasi.so" rather than something more consistent like "libatasi.so". At the
- * time of writing, I'm not sure what the file name on win32 is but clearly
- * native name translation is not possible (eg libatasi.so on *nix, and
- * atasi.dll on win32). For the purposes of testing, I have created a symbollic
- * link called "libatasi.so" so that we can use native name-translation - a
- * better solution will be needed. */
-static const char *ATALLA_LIBNAME = NULL;
-static const char *get_ATALLA_LIBNAME(void)
- {
- if(ATALLA_LIBNAME)
- return ATALLA_LIBNAME;
- return "atasi";
- }
-static void free_ATALLA_LIBNAME(void)
- {
- if(ATALLA_LIBNAME)
- OPENSSL_free((void*)ATALLA_LIBNAME);
- ATALLA_LIBNAME = NULL;
- }
-static long set_ATALLA_LIBNAME(const char *name)
- {
- free_ATALLA_LIBNAME();
- return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
-static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
-static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
-
-/* Destructor (complements the "ENGINE_atalla()" constructor) */
-static int atalla_destroy(ENGINE *e)
- {
- free_ATALLA_LIBNAME();
- /* Unload the atalla error strings so any error state including our
- * functs or reasons won't lead to a segfault (they simply get displayed
- * without corresponding string data because none will be found). */
- ERR_unload_ATALLA_strings();
- return 1;
- }
-
-/* (de)initialisation functions. */
-static int atalla_init(ENGINE *e)
- {
- tfnASI_GetHardwareConfig *p1;
- tfnASI_RSAPrivateKeyOpFn *p2;
- tfnASI_GetPerformanceStatistics *p3;
- /* Not sure of the origin of this magic value, but Ben's code had it
- * and it seemed to have been working for a few people. :-) */
- unsigned int config_buf[1024];
-
- if(atalla_dso != NULL)
- {
- ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
- * changed unfortunately because the Atalla drivers don't have
- * standard library names that can be platform-translated well. */
- /* TODO: Work out how to actually map to the names the Atalla
- * drivers really use - for now a symbollic link needs to be
- * created on the host system from libatasi.so to atasi.so on
- * unix variants. */
- atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
- if(atalla_dso == NULL)
- {
- ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
- goto err;
- }
- if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
- atalla_dso, ATALLA_F1)) ||
- !(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
- atalla_dso, ATALLA_F2)) ||
- !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
- atalla_dso, ATALLA_F3)))
- {
- ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
- goto err;
- }
- /* Copy the pointers */
- p_Atalla_GetHardwareConfig = p1;
- p_Atalla_RSAPrivateKeyOpFn = p2;
- p_Atalla_GetPerformanceStatistics = p3;
- /* Perform a basic test to see if there's actually any unit
- * running. */
- if(p1(0L, config_buf) != 0)
- {
- ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE);
- goto err;
- }
- /* Everything's fine. */
- return 1;
-err:
- if(atalla_dso)
- DSO_free(atalla_dso);
- atalla_dso = NULL;
- p_Atalla_GetHardwareConfig = NULL;
- p_Atalla_RSAPrivateKeyOpFn = NULL;
- p_Atalla_GetPerformanceStatistics = NULL;
- return 0;
- }
-
-static int atalla_finish(ENGINE *e)
- {
- free_ATALLA_LIBNAME();
- if(atalla_dso == NULL)
- {
- ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(atalla_dso))
- {
- ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE);
- return 0;
- }
- atalla_dso = NULL;
- p_Atalla_GetHardwareConfig = NULL;
- p_Atalla_RSAPrivateKeyOpFn = NULL;
- p_Atalla_GetPerformanceStatistics = NULL;
- return 1;
- }
-
-static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((atalla_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case ATALLA_CMD_SO_PATH:
- if(p == NULL)
- {
- ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED);
- return 0;
- }
- return set_ATALLA_LIBNAME((const char *)p);
- default:
- break;
- }
- ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- /* I need somewhere to store temporary serialised values for
- * use with the Atalla API calls. A neat cheat - I'll use
- * BIGNUMs from the BN_CTX but access their arrays directly as
- * byte arrays <grin>. This way I don't have to clean anything
- * up. */
- BIGNUM *modulus;
- BIGNUM *exponent;
- BIGNUM *argument;
- BIGNUM *result;
- RSAPrivateKey keydata;
- int to_return, numbytes;
-
- modulus = exponent = argument = result = NULL;
- to_return = 0; /* expect failure */
-
- if(!atalla_dso)
- {
- ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED);
- goto err;
- }
- /* Prepare the params */
- BN_CTX_start(ctx);
- modulus = BN_CTX_get(ctx);
- exponent = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if (!result)
- {
- ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL);
- goto err;
- }
- if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
- !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
- {
- ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL);
- goto err;
- }
- /* Prepare the key-data */
- memset(&keydata, 0,sizeof keydata);
- numbytes = BN_num_bytes(m);
- memset(exponent->d, 0, numbytes);
- memset(modulus->d, 0, numbytes);
- BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
- BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
- keydata.privateExponent.data = (unsigned char *)exponent->d;
- keydata.privateExponent.len = numbytes;
- keydata.modulus.data = (unsigned char *)modulus->d;
- keydata.modulus.len = numbytes;
- /* Prepare the argument */
- memset(argument->d, 0, numbytes);
- memset(result->d, 0, numbytes);
- BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
- /* Perform the operation */
- if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
- (unsigned char *)argument->d,
- keydata.modulus.len) != 0)
- {
- ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED);
- goto err;
- }
- /* Convert the response */
- BN_bin2bn((unsigned char *)result->d, numbytes, r);
- to_return = 1;
-err:
- BN_CTX_end(ctx);
- return to_return;
- }
-
-#ifndef OPENSSL_NO_RSA
-static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int to_return = 0;
-
- if(!atalla_dso)
- {
- ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED);
- goto err;
- }
- if(!rsa->d || !rsa->n)
- {
- ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
- to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
-err:
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* This code was liberated and adapted from the commented-out code in
- * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
- * (it doesn't have a CRT form for RSA), this function means that an
- * Atalla system running with a DSA server certificate can handshake
- * around 5 or 6 times faster/more than an equivalent system running with
- * RSA. Just check out the "signs" statistics from the RSA and DSA parts
- * of "openssl speed -engine atalla dsa1024 rsa1024". */
-static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
-end:
- BN_free(&t);
- return to_return;
- }
-
-static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return atalla_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return atalla_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return atalla_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_atalla_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW_ATALLA */
-#endif /* !OPENSSL_NO_HW */
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_atalla.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_atalla.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_atalla.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_atalla.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,626 @@
+/* crypto/engine/hw_atalla.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_ATALLA
+
+# ifdef FLAT_INC
+# include "atalla.h"
+# else
+# include "vendor_defns/atalla.h"
+# endif
+
+# define ATALLA_LIB_NAME "atalla engine"
+# include "e_atalla_err.c"
+
+static int atalla_destroy(ENGINE *e);
+static int atalla_init(ENGINE *e);
+static int atalla_finish(ENGINE *e);
+static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+
+/* BIGNUM stuff */
+static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+# ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+
+/* The definitions for control commands specific to this engine */
+# define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
+ {ATALLA_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'atasi' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD atalla_rsa = {
+ "Atalla RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ atalla_rsa_mod_exp,
+ atalla_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD atalla_dsa = {
+ "Atalla DSA method",
+ NULL, /* dsa_do_sign */
+ NULL, /* dsa_sign_setup */
+ NULL, /* dsa_do_verify */
+ atalla_dsa_mod_exp, /* dsa_mod_exp */
+ atalla_mod_exp_dsa, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* dsa_paramgen */
+ NULL /* dsa_keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD atalla_dh = {
+ "Atalla DH method",
+ NULL,
+ NULL,
+ atalla_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL
+};
+# endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_atalla_id = "atalla";
+static const char *engine_atalla_name = "Atalla hardware engine support";
+
+/*
+ * This internal function is used by ENGINE_atalla() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DSA
+ const DSA_METHOD *meth2;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth3;
+# endif
+ if (!ENGINE_set_id(e, engine_atalla_id) ||
+ !ENGINE_set_name(e, engine_atalla_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &atalla_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &atalla_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &atalla_dh) ||
+# endif
+ !ENGINE_set_destroy_function(e, atalla_destroy) ||
+ !ENGINE_set_init_function(e, atalla_init) ||
+ !ENGINE_set_finish_function(e, atalla_finish) ||
+ !ENGINE_set_ctrl_function(e, atalla_ctrl) ||
+ !ENGINE_set_cmd_defns(e, atalla_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * atalla-specific mod_exp and mod_exp_crt so we use those functions. NB:
+ * We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ /*
+ * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
+ */
+ meth2 = DSA_OpenSSL();
+ atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
+ atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+ atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth3 = DH_OpenSSL();
+ atalla_dh.generate_key = meth3->generate_key;
+ atalla_dh.compute_key = meth3->compute_key;
+# endif
+
+ /* Ensure the atalla error handling is set up */
+ ERR_load_ATALLA_strings();
+ return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_atalla(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_atalla(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_atalla();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * Atalla library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
+static DSO *atalla_dso = NULL;
+
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
+static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
+static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
+static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics =
+ NULL;
+
+/*
+ * These are the static string constants for the DSO file name and the
+ * function symbol names to bind to. Regrettably, the DSO name on *nix
+ * appears to be "atasi.so" rather than something more consistent like
+ * "libatasi.so". At the time of writing, I'm not sure what the file name on
+ * win32 is but clearly native name translation is not possible (eg
+ * libatasi.so on *nix, and atasi.dll on win32). For the purposes of testing,
+ * I have created a symbollic link called "libatasi.so" so that we can use
+ * native name-translation - a better solution will be needed.
+ */
+static const char *ATALLA_LIBNAME = NULL;
+static const char *get_ATALLA_LIBNAME(void)
+{
+ if (ATALLA_LIBNAME)
+ return ATALLA_LIBNAME;
+ return "atasi";
+}
+
+static void free_ATALLA_LIBNAME(void)
+{
+ if (ATALLA_LIBNAME)
+ OPENSSL_free((void *)ATALLA_LIBNAME);
+ ATALLA_LIBNAME = NULL;
+}
+
+static long set_ATALLA_LIBNAME(const char *name)
+{
+ free_ATALLA_LIBNAME();
+ return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
+static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
+static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
+static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
+
+/* Destructor (complements the "ENGINE_atalla()" constructor) */
+static int atalla_destroy(ENGINE *e)
+{
+ free_ATALLA_LIBNAME();
+ /*
+ * Unload the atalla error strings so any error state including our
+ * functs or reasons won't lead to a segfault (they simply get displayed
+ * without corresponding string data because none will be found).
+ */
+ ERR_unload_ATALLA_strings();
+ return 1;
+}
+
+/* (de)initialisation functions. */
+static int atalla_init(ENGINE *e)
+{
+ tfnASI_GetHardwareConfig *p1;
+ tfnASI_RSAPrivateKeyOpFn *p2;
+ tfnASI_GetPerformanceStatistics *p3;
+ /*
+ * Not sure of the origin of this magic value, but Ben's code had it and
+ * it seemed to have been working for a few people. :-)
+ */
+ unsigned int config_buf[1024];
+
+ if (atalla_dso != NULL) {
+ ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_ALREADY_LOADED);
+ goto err;
+ }
+ /*
+ * Attempt to load libatasi.so/atasi.dll/whatever. Needs to be changed
+ * unfortunately because the Atalla drivers don't have standard library
+ * names that can be platform-translated well.
+ */
+ /*
+ * TODO: Work out how to actually map to the names the Atalla drivers
+ * really use - for now a symbollic link needs to be created on the host
+ * system from libatasi.so to atasi.so on unix variants.
+ */
+ atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
+ if (atalla_dso == NULL) {
+ ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED);
+ goto err;
+ }
+ if (!
+ (p1 =
+ (tfnASI_GetHardwareConfig *) DSO_bind_func(atalla_dso, ATALLA_F1))
+|| !(p2 = (tfnASI_RSAPrivateKeyOpFn *) DSO_bind_func(atalla_dso, ATALLA_F2))
+|| !(p3 =
+ (tfnASI_GetPerformanceStatistics *) DSO_bind_func(atalla_dso,
+ ATALLA_F3))) {
+ ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED);
+ goto err;
+ }
+ /* Copy the pointers */
+ p_Atalla_GetHardwareConfig = p1;
+ p_Atalla_RSAPrivateKeyOpFn = p2;
+ p_Atalla_GetPerformanceStatistics = p3;
+ /*
+ * Perform a basic test to see if there's actually any unit running.
+ */
+ if (p1(0L, config_buf) != 0) {
+ ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_UNIT_FAILURE);
+ goto err;
+ }
+ /* Everything's fine. */
+ return 1;
+ err:
+ if (atalla_dso)
+ DSO_free(atalla_dso);
+ atalla_dso = NULL;
+ p_Atalla_GetHardwareConfig = NULL;
+ p_Atalla_RSAPrivateKeyOpFn = NULL;
+ p_Atalla_GetPerformanceStatistics = NULL;
+ return 0;
+}
+
+static int atalla_finish(ENGINE *e)
+{
+ free_ATALLA_LIBNAME();
+ if (atalla_dso == NULL) {
+ ATALLAerr(ATALLA_F_ATALLA_FINISH, ATALLA_R_NOT_LOADED);
+ return 0;
+ }
+ if (!DSO_free(atalla_dso)) {
+ ATALLAerr(ATALLA_F_ATALLA_FINISH, ATALLA_R_UNIT_FAILURE);
+ return 0;
+ }
+ atalla_dso = NULL;
+ p_Atalla_GetHardwareConfig = NULL;
+ p_Atalla_RSAPrivateKeyOpFn = NULL;
+ p_Atalla_GetPerformanceStatistics = NULL;
+ return 1;
+}
+
+static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int initialised = ((atalla_dso == NULL) ? 0 : 1);
+ switch (cmd) {
+ case ATALLA_CMD_SO_PATH:
+ if (p == NULL) {
+ ATALLAerr(ATALLA_F_ATALLA_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ ATALLAerr(ATALLA_F_ATALLA_CTRL, ATALLA_R_ALREADY_LOADED);
+ return 0;
+ }
+ return set_ATALLA_LIBNAME((const char *)p);
+ default:
+ break;
+ }
+ ATALLAerr(ATALLA_F_ATALLA_CTRL, ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
+
+static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ /*
+ * I need somewhere to store temporary serialised values for use with the
+ * Atalla API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX but
+ * access their arrays directly as byte arrays <grin>. This way I don't
+ * have to clean anything up.
+ */
+ BIGNUM *modulus;
+ BIGNUM *exponent;
+ BIGNUM *argument;
+ BIGNUM *result;
+ RSAPrivateKey keydata;
+ int to_return, numbytes;
+
+ modulus = exponent = argument = result = NULL;
+ to_return = 0; /* expect failure */
+
+ if (!atalla_dso) {
+ ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_NOT_LOADED);
+ goto err;
+ }
+ /* Prepare the params */
+ BN_CTX_start(ctx);
+ modulus = BN_CTX_get(ctx);
+ exponent = BN_CTX_get(ctx);
+ argument = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ if (!result) {
+ ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_BN_CTX_FULL);
+ goto err;
+ }
+ if (!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
+ !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top)) {
+ ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ /* Prepare the key-data */
+ memset(&keydata, 0, sizeof keydata);
+ numbytes = BN_num_bytes(m);
+ memset(exponent->d, 0, numbytes);
+ memset(modulus->d, 0, numbytes);
+ BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
+ BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
+ keydata.privateExponent.data = (unsigned char *)exponent->d;
+ keydata.privateExponent.len = numbytes;
+ keydata.modulus.data = (unsigned char *)modulus->d;
+ keydata.modulus.len = numbytes;
+ /* Prepare the argument */
+ memset(argument->d, 0, numbytes);
+ memset(result->d, 0, numbytes);
+ BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
+ /* Perform the operation */
+ if (p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
+ (unsigned char *)argument->d,
+ keydata.modulus.len) != 0) {
+ ATALLAerr(ATALLA_F_ATALLA_MOD_EXP, ATALLA_R_REQUEST_FAILED);
+ goto err;
+ }
+ /* Convert the response */
+ BN_bin2bn((unsigned char *)result->d, numbytes, r);
+ to_return = 1;
+ err:
+ BN_CTX_end(ctx);
+ return to_return;
+}
+
+# ifndef OPENSSL_NO_RSA
+static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ int to_return = 0;
+
+ if (!atalla_dso) {
+ ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP, ATALLA_R_NOT_LOADED);
+ goto err;
+ }
+ if (!rsa->d || !rsa->n) {
+ ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,
+ ATALLA_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+ to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+ err:
+ return to_return;
+}
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/*
+ * This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it
+ * doesn't have a CRT form for RSA), this function means that an Atalla
+ * system running with a DSA server certificate can handshake around 5 or 6
+ * times faster/more than an equivalent system running with RSA. Just check
+ * out the "signs" statistics from the RSA and DSA parts of "openssl speed
+ * -engine atalla dsa1024 rsa1024".
+ */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ BIGNUM t;
+ int to_return = 0;
+
+ BN_init(&t);
+ /* let rr = a1 ^ p1 mod m */
+ if (!atalla_mod_exp(rr, a1, p1, m, ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!atalla_mod_exp(&t, a2, p2, m, ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr, rr, &t, m, ctx))
+ goto end;
+ to_return = 1;
+ end:
+ BN_free(&t);
+ return to_return;
+}
+
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return atalla_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_RSA
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return atalla_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return atalla_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_atalla_id) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_HW_ATALLA */
+#endif /* !OPENSSL_NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_atalla_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,149 +0,0 @@
-/* e_atalla_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_atalla_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA ATALLA_str_functs[]=
- {
-{ERR_FUNC(ATALLA_F_ATALLA_CTRL), "ATALLA_CTRL"},
-{ERR_FUNC(ATALLA_F_ATALLA_FINISH), "ATALLA_FINISH"},
-{ERR_FUNC(ATALLA_F_ATALLA_INIT), "ATALLA_INIT"},
-{ERR_FUNC(ATALLA_F_ATALLA_MOD_EXP), "ATALLA_MOD_EXP"},
-{ERR_FUNC(ATALLA_F_ATALLA_RSA_MOD_EXP), "ATALLA_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA ATALLA_str_reasons[]=
- {
-{ERR_REASON(ATALLA_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(ATALLA_R_BN_CTX_FULL) ,"bn ctx full"},
-{ERR_REASON(ATALLA_R_BN_EXPAND_FAIL) ,"bn expand fail"},
-{ERR_REASON(ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(ATALLA_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(ATALLA_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(ATALLA_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(ATALLA_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef ATALLA_LIB_NAME
-static ERR_STRING_DATA ATALLA_lib_name[]=
- {
-{0 ,ATALLA_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int ATALLA_lib_error_code=0;
-static int ATALLA_error_init=1;
-
-static void ERR_load_ATALLA_strings(void)
- {
- if (ATALLA_lib_error_code == 0)
- ATALLA_lib_error_code=ERR_get_next_error_library();
-
- if (ATALLA_error_init)
- {
- ATALLA_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_functs);
- ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
-#endif
-
-#ifdef ATALLA_LIB_NAME
- ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code,0,0);
- ERR_load_strings(0,ATALLA_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_ATALLA_strings(void)
- {
- if (ATALLA_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_functs);
- ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
-#endif
-
-#ifdef ATALLA_LIB_NAME
- ERR_unload_strings(0,ATALLA_lib_name);
-#endif
- ATALLA_error_init=1;
- }
- }
-
-static void ERR_ATALLA_error(int function, int reason, char *file, int line)
- {
- if (ATALLA_lib_error_code == 0)
- ATALLA_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(ATALLA_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_atalla_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,145 @@
+/* e_atalla_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_atalla_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA ATALLA_str_functs[] = {
+ {ERR_FUNC(ATALLA_F_ATALLA_CTRL), "ATALLA_CTRL"},
+ {ERR_FUNC(ATALLA_F_ATALLA_FINISH), "ATALLA_FINISH"},
+ {ERR_FUNC(ATALLA_F_ATALLA_INIT), "ATALLA_INIT"},
+ {ERR_FUNC(ATALLA_F_ATALLA_MOD_EXP), "ATALLA_MOD_EXP"},
+ {ERR_FUNC(ATALLA_F_ATALLA_RSA_MOD_EXP), "ATALLA_RSA_MOD_EXP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA ATALLA_str_reasons[] = {
+ {ERR_REASON(ATALLA_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(ATALLA_R_BN_CTX_FULL), "bn ctx full"},
+ {ERR_REASON(ATALLA_R_BN_EXPAND_FAIL), "bn expand fail"},
+ {ERR_REASON(ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(ATALLA_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {ERR_REASON(ATALLA_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(ATALLA_R_REQUEST_FAILED), "request failed"},
+ {ERR_REASON(ATALLA_R_UNIT_FAILURE), "unit failure"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef ATALLA_LIB_NAME
+static ERR_STRING_DATA ATALLA_lib_name[] = {
+ {0, ATALLA_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int ATALLA_lib_error_code = 0;
+static int ATALLA_error_init = 1;
+
+static void ERR_load_ATALLA_strings(void)
+{
+ if (ATALLA_lib_error_code == 0)
+ ATALLA_lib_error_code = ERR_get_next_error_library();
+
+ if (ATALLA_error_init) {
+ ATALLA_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(ATALLA_lib_error_code, ATALLA_str_functs);
+ ERR_load_strings(ATALLA_lib_error_code, ATALLA_str_reasons);
+#endif
+
+#ifdef ATALLA_LIB_NAME
+ ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code, 0, 0);
+ ERR_load_strings(0, ATALLA_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_ATALLA_strings(void)
+{
+ if (ATALLA_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(ATALLA_lib_error_code, ATALLA_str_functs);
+ ERR_unload_strings(ATALLA_lib_error_code, ATALLA_str_reasons);
+#endif
+
+#ifdef ATALLA_LIB_NAME
+ ERR_unload_strings(0, ATALLA_lib_name);
+#endif
+ ATALLA_error_init = 1;
+ }
+}
+
+static void ERR_ATALLA_error(int function, int reason, char *file, int line)
+{
+ if (ATALLA_lib_error_code == 0)
+ ATALLA_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(ATALLA_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.h
===================================================================
--- vendor-crypto/openssl/dist/engines/e_atalla_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,93 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ATALLA_ERR_H
-#define HEADER_ATALLA_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_ATALLA_strings(void);
-static void ERR_unload_ATALLA_strings(void);
-static void ERR_ATALLA_error(int function, int reason, char *file, int line);
-#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the ATALLA functions. */
-
-/* Function codes. */
-#define ATALLA_F_ATALLA_CTRL 100
-#define ATALLA_F_ATALLA_FINISH 101
-#define ATALLA_F_ATALLA_INIT 102
-#define ATALLA_F_ATALLA_MOD_EXP 103
-#define ATALLA_F_ATALLA_RSA_MOD_EXP 104
-
-/* Reason codes. */
-#define ATALLA_R_ALREADY_LOADED 100
-#define ATALLA_R_BN_CTX_FULL 101
-#define ATALLA_R_BN_EXPAND_FAIL 102
-#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define ATALLA_R_MISSING_KEY_COMPONENTS 104
-#define ATALLA_R_NOT_LOADED 105
-#define ATALLA_R_REQUEST_FAILED 106
-#define ATALLA_R_UNIT_FAILURE 107
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.h (from rev 6976, vendor-crypto/openssl/dist/engines/e_atalla_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_atalla_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,94 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ATALLA_ERR_H
+# define HEADER_ATALLA_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_ATALLA_strings(void);
+static void ERR_unload_ATALLA_strings(void);
+static void ERR_ATALLA_error(int function, int reason, char *file, int line);
+# define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the ATALLA functions. */
+
+/* Function codes. */
+# define ATALLA_F_ATALLA_CTRL 100
+# define ATALLA_F_ATALLA_FINISH 101
+# define ATALLA_F_ATALLA_INIT 102
+# define ATALLA_F_ATALLA_MOD_EXP 103
+# define ATALLA_F_ATALLA_RSA_MOD_EXP 104
+
+/* Reason codes. */
+# define ATALLA_R_ALREADY_LOADED 100
+# define ATALLA_R_BN_CTX_FULL 101
+# define ATALLA_R_BN_EXPAND_FAIL 102
+# define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
+# define ATALLA_R_MISSING_KEY_COMPONENTS 104
+# define ATALLA_R_NOT_LOADED 105
+# define ATALLA_R_REQUEST_FAILED 106
+# define ATALLA_R_UNIT_FAILURE 107
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_capi.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_capi.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_capi.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1816 +0,0 @@
-/* engines/e_capi.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_SYS_WIN32
-#ifndef OPENSSL_NO_CAPIENG
-
-#include <openssl/rsa.h>
-
-#include <windows.h>
-
-#ifndef _WIN32_WINNT
-#define _WIN32_WINNT 0x0400
-#endif
-
-#include <wincrypt.h>
-
-#undef X509_EXTENSIONS
-#undef X509_CERT_PAIR
-
-/* Definitions which may be missing from earlier version of headers */
-#ifndef CERT_STORE_OPEN_EXISTING_FLAG
-#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
-#endif
-
-#ifndef CERT_STORE_CREATE_NEW_FLAG
-#define CERT_STORE_CREATE_NEW_FLAG 0x00002000
-#endif
-
-#ifndef CERT_SYSTEM_STORE_CURRENT_USER
-#define CERT_SYSTEM_STORE_CURRENT_USER 0x00010000
-#endif
-
-#include <openssl/engine.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-
-#include "e_capi_err.h"
-#include "e_capi_err.c"
-
-
-static const char *engine_capi_id = "capi";
-static const char *engine_capi_name = "CryptoAPI ENGINE";
-
-typedef struct CAPI_CTX_st CAPI_CTX;
-typedef struct CAPI_KEY_st CAPI_KEY;
-
-static void capi_addlasterror(void);
-static void capi_adderror(DWORD err);
-
-static void CAPI_trace(CAPI_CTX *ctx, char *format, ...);
-
-static int capi_list_providers(CAPI_CTX *ctx, BIO *out);
-static int capi_list_containers(CAPI_CTX *ctx, BIO *out);
-int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename);
-void capi_free_key(CAPI_KEY *key);
-
-static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore);
-
-CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id);
-
-static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-static int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-static int capi_rsa_priv_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int capi_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int capi_rsa_free(RSA *rsa);
-
-static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
- DSA *dsa);
-static int capi_dsa_free(DSA *dsa);
-
-static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
- STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data);
-
-static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
-#ifdef OPENSSL_CAPIENG_DIALOG
-static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
-#endif
-
-typedef PCCERT_CONTEXT (WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR,
- LPCWSTR, DWORD, DWORD,
- void *);
-typedef HWND (WINAPI *GETCONSWIN)(void);
-
-/* This structure contains CAPI ENGINE specific data:
- * it contains various global options and affects how
- * other functions behave.
- */
-
-#define CAPI_DBG_TRACE 2
-#define CAPI_DBG_ERROR 1
-
-struct CAPI_CTX_st {
- int debug_level;
- char *debug_file;
- /* Parameters to use for container lookup */
- DWORD keytype;
- LPSTR cspname;
- DWORD csptype;
- /* Certificate store name to use */
- LPSTR storename;
- LPSTR ssl_client_store;
- /* System store flags */
- DWORD store_flags;
-
-/* Lookup string meanings in load_private_key */
-/* Substring of subject: uses "storename" */
-#define CAPI_LU_SUBSTR 1
-/* Friendly name: uses storename */
-#define CAPI_LU_FNAME 2
-/* Container name: uses cspname, keytype */
-#define CAPI_LU_CONTNAME 3
- int lookup_method;
-/* Info to dump with dumpcerts option */
-/* Issuer and serial name strings */
-#define CAPI_DMP_SUMMARY 0x1
-/* Friendly name */
-#define CAPI_DMP_FNAME 0x2
-/* Full X509_print dump */
-#define CAPI_DMP_FULL 0x4
-/* Dump PEM format certificate */
-#define CAPI_DMP_PEM 0x8
-/* Dump pseudo key (if possible) */
-#define CAPI_DMP_PSKEY 0x10
-/* Dump key info (if possible) */
-#define CAPI_DMP_PKEYINFO 0x20
-
- DWORD dump_flags;
- int (*client_cert_select)(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
-
- CERTDLG certselectdlg;
- GETCONSWIN getconswindow;
-};
-
-
-static CAPI_CTX *capi_ctx_new();
-static void capi_ctx_free(CAPI_CTX *ctx);
-static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check);
-static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx);
-
-#define CAPI_CMD_LIST_CERTS ENGINE_CMD_BASE
-#define CAPI_CMD_LOOKUP_CERT (ENGINE_CMD_BASE + 1)
-#define CAPI_CMD_DEBUG_LEVEL (ENGINE_CMD_BASE + 2)
-#define CAPI_CMD_DEBUG_FILE (ENGINE_CMD_BASE + 3)
-#define CAPI_CMD_KEYTYPE (ENGINE_CMD_BASE + 4)
-#define CAPI_CMD_LIST_CSPS (ENGINE_CMD_BASE + 5)
-#define CAPI_CMD_SET_CSP_IDX (ENGINE_CMD_BASE + 6)
-#define CAPI_CMD_SET_CSP_NAME (ENGINE_CMD_BASE + 7)
-#define CAPI_CMD_SET_CSP_TYPE (ENGINE_CMD_BASE + 8)
-#define CAPI_CMD_LIST_CONTAINERS (ENGINE_CMD_BASE + 9)
-#define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10)
-#define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11)
-#define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12)
-#define CAPI_CMD_STORE_FLAGS (ENGINE_CMD_BASE + 13)
-
-static const ENGINE_CMD_DEFN capi_cmd_defns[] = {
- {CAPI_CMD_LIST_CERTS,
- "list_certs",
- "List all certificates in store",
- ENGINE_CMD_FLAG_NO_INPUT},
- {CAPI_CMD_LOOKUP_CERT,
- "lookup_cert",
- "Lookup and output certificates",
- ENGINE_CMD_FLAG_STRING},
- {CAPI_CMD_DEBUG_LEVEL,
- "debug_level",
- "debug level (1=errors, 2=trace)",
- ENGINE_CMD_FLAG_NUMERIC},
- {CAPI_CMD_DEBUG_FILE,
- "debug_file",
- "debugging filename)",
- ENGINE_CMD_FLAG_STRING},
- {CAPI_CMD_KEYTYPE,
- "key_type",
- "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE",
- ENGINE_CMD_FLAG_NUMERIC},
- {CAPI_CMD_LIST_CSPS,
- "list_csps",
- "List all CSPs",
- ENGINE_CMD_FLAG_NO_INPUT},
- {CAPI_CMD_SET_CSP_IDX,
- "csp_idx",
- "Set CSP by index",
- ENGINE_CMD_FLAG_NUMERIC},
- {CAPI_CMD_SET_CSP_NAME,
- "csp_name",
- "Set CSP name, (default CSP used if not specified)",
- ENGINE_CMD_FLAG_STRING},
- {CAPI_CMD_SET_CSP_TYPE,
- "csp_type",
- "Set CSP type, (default RSA_PROV_FULL)",
- ENGINE_CMD_FLAG_NUMERIC},
- {CAPI_CMD_LIST_CONTAINERS,
- "list_containers",
- "list container names",
- ENGINE_CMD_FLAG_NO_INPUT},
- {CAPI_CMD_LIST_OPTIONS,
- "list_options",
- "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, "
- "32=private key info)",
- ENGINE_CMD_FLAG_NUMERIC},
- {CAPI_CMD_LOOKUP_METHOD,
- "lookup_method",
- "Set key lookup method (1=substring, 2=friendlyname, 3=container name)",
- ENGINE_CMD_FLAG_NUMERIC},
- {CAPI_CMD_STORE_NAME,
- "store_name",
- "certificate store name, default \"MY\"",
- ENGINE_CMD_FLAG_STRING},
- {CAPI_CMD_STORE_FLAGS,
- "store_flags",
- "Certificate store flags: 1 = system store",
- ENGINE_CMD_FLAG_NUMERIC},
-
- {0, NULL, NULL, 0}
- };
-
-static int capi_idx = -1;
-static int rsa_capi_idx = -1;
-static int dsa_capi_idx = -1;
-static int cert_capi_idx = -1;
-
-static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int ret = 1;
- CAPI_CTX *ctx;
- BIO *out;
- if (capi_idx == -1)
- {
- CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
- return 0;
- }
- ctx = ENGINE_get_ex_data(e, capi_idx);
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
- switch (cmd)
- {
- case CAPI_CMD_LIST_CSPS:
- ret = capi_list_providers(ctx, out);
- break;
-
- case CAPI_CMD_LIST_CERTS:
- ret = capi_list_certs(ctx, out, NULL);
- break;
-
- case CAPI_CMD_LOOKUP_CERT:
- ret = capi_list_certs(ctx, out, p);
- break;
-
- case CAPI_CMD_LIST_CONTAINERS:
- ret = capi_list_containers(ctx, out);
- break;
-
- case CAPI_CMD_STORE_NAME:
- if (ctx->storename)
- OPENSSL_free(ctx->storename);
- ctx->storename = BUF_strdup(p);
- CAPI_trace(ctx, "Setting store name to %s\n", p);
- break;
-
- case CAPI_CMD_STORE_FLAGS:
- if (i & 1)
- {
- ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE;
- ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER;
- }
- else
- {
- ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER;
- ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE;
- }
- CAPI_trace(ctx, "Setting flags to %d\n", i);
- break;
-
- case CAPI_CMD_DEBUG_LEVEL:
- ctx->debug_level = (int)i;
- CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level);
- break;
-
- case CAPI_CMD_DEBUG_FILE:
- ctx->debug_file = BUF_strdup(p);
- CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
- break;
-
- case CAPI_CMD_KEYTYPE:
- ctx->keytype = i;
- CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype);
- break;
-
- case CAPI_CMD_SET_CSP_IDX:
- ret = capi_ctx_set_provname_idx(ctx, i);
- break;
-
- case CAPI_CMD_LIST_OPTIONS:
- ctx->dump_flags = i;
- break;
-
- case CAPI_CMD_LOOKUP_METHOD:
- if (i < 1 || i > 3)
- {
- CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
- return 0;
- }
- ctx->lookup_method = i;
- break;
-
- case CAPI_CMD_SET_CSP_NAME:
- ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1);
- break;
-
- case CAPI_CMD_SET_CSP_TYPE:
- ctx->csptype = i;
- break;
-
- default:
- CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND);
- ret = 0;
- }
-
- BIO_free(out);
- return ret;
-
- }
-
-static RSA_METHOD capi_rsa_method =
- {
- "CryptoAPI RSA method",
- 0, /* pub_enc */
- 0, /* pub_dec */
- capi_rsa_priv_enc, /* priv_enc */
- capi_rsa_priv_dec, /* priv_dec */
- 0, /* rsa_mod_exp */
- 0, /* bn_mod_exp */
- 0, /* init */
- capi_rsa_free, /* finish */
- RSA_FLAG_SIGN_VER, /* flags */
- NULL, /* app_data */
- capi_rsa_sign, /* rsa_sign */
- 0 /* rsa_verify */
- };
-
-static DSA_METHOD capi_dsa_method =
- {
- "CryptoAPI DSA method",
- capi_dsa_do_sign, /* dsa_do_sign */
- 0, /* dsa_sign_setup */
- 0, /* dsa_do_verify */
- 0, /* dsa_mod_exp */
- 0, /* bn_mod_exp */
- 0, /* init */
- capi_dsa_free, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- 0, /* dsa_paramgen */
- 0 /* dsa_keygen */
- };
-
-static int capi_init(ENGINE *e)
- {
- CAPI_CTX *ctx;
- const RSA_METHOD *ossl_rsa_meth;
- const DSA_METHOD *ossl_dsa_meth;
-
- if (capi_idx < 0)
- {
- capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
- if (capi_idx < 0)
- goto memerr;
-
- cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
-
- /* Setup RSA_METHOD */
- rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
- ossl_rsa_meth = RSA_PKCS1_SSLeay();
- capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
- capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
- capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
- capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
-
- /* Setup DSA Method */
- dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
- ossl_dsa_meth = DSA_OpenSSL();
- capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
- capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
- capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
- }
-
- ctx = capi_ctx_new();
- if (!ctx)
- goto memerr;
-
- ENGINE_set_ex_data(e, capi_idx, ctx);
-
-#ifdef OPENSSL_CAPIENG_DIALOG
- {
- HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
- HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
- if (cryptui)
- ctx->certselectdlg = (CERTDLG)GetProcAddress(cryptui, "CryptUIDlgSelectCertificateFromStore");
- if (kernel)
- ctx->getconswindow = (GETCONSWIN)GetProcAddress(kernel, "GetConsoleWindow");
- if (cryptui && !OPENSSL_isservice())
- ctx->client_cert_select = cert_select_dialog;
- }
-#endif
-
-
- return 1;
-
- memerr:
- CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
- return 0;
-
- return 1;
- }
-
-static int capi_destroy(ENGINE *e)
- {
- ERR_unload_CAPI_strings();
- return 1;
- }
-
-static int capi_finish(ENGINE *e)
- {
- CAPI_CTX *ctx;
- ctx = ENGINE_get_ex_data(e, capi_idx);
- capi_ctx_free(ctx);
- ENGINE_set_ex_data(e, capi_idx, NULL);
- return 1;
- }
-
-
-/* CryptoAPI key application data. This contains
- * a handle to the private key container (for sign operations)
- * and a handle to the key (for decrypt operations).
- */
-
-struct CAPI_KEY_st
- {
- /* Associated certificate context (if any) */
- PCCERT_CONTEXT pcert;
- HCRYPTPROV hprov;
- HCRYPTKEY key;
- DWORD keyspec;
- };
-
-static int bind_capi(ENGINE *e)
- {
- if (!ENGINE_set_id(e, engine_capi_id)
- || !ENGINE_set_name(e, engine_capi_name)
- || !ENGINE_set_init_function(e, capi_init)
- || !ENGINE_set_finish_function(e, capi_finish)
- || !ENGINE_set_destroy_function(e, capi_destroy)
- || !ENGINE_set_RSA(e, &capi_rsa_method)
- || !ENGINE_set_DSA(e, &capi_dsa_method)
- || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
- || !ENGINE_set_load_ssl_client_cert_function(e,
- capi_load_ssl_client_cert)
- || !ENGINE_set_cmd_defns(e, capi_cmd_defns)
- || !ENGINE_set_ctrl_function(e, capi_ctrl))
- return 0;
- ERR_load_CAPI_strings();
-
- return 1;
-
- }
-
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_helper(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_capi_id) != 0))
- return 0;
- if(!bind_capi(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-#else
-static ENGINE *engine_capi(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_capi(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_capi(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_capi();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-
-static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen)
- {
- int i;
- /* Reverse buffer in place: since this is a keyblob structure
- * that will be freed up after conversion anyway it doesn't
- * matter if we change it.
- */
- for(i = 0; i < binlen / 2; i++)
- {
- unsigned char c;
- c = bin[i];
- bin[i] = bin[binlen - i - 1];
- bin[binlen - i - 1] = c;
- }
-
- if (!BN_bin2bn(bin, binlen, bn))
- return 0;
- return 1;
- }
-
-/* Given a CAPI_KEY get an EVP_PKEY structure */
-
-static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
- {
- unsigned char *pubkey = NULL;
- DWORD len;
- BLOBHEADER *bh;
- RSA *rkey = NULL;
- DSA *dkey = NULL;
- EVP_PKEY *ret = NULL;
- if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len))
- {
- CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
- capi_addlasterror();
- return NULL;
- }
-
- pubkey = OPENSSL_malloc(len);
-
- if (!pubkey)
- goto memerr;
-
- if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len))
- {
- CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
- capi_addlasterror();
- goto err;
- }
-
- bh = (BLOBHEADER *)pubkey;
- if (bh->bType != PUBLICKEYBLOB)
- {
- CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
- goto err;
- }
- if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX)
- {
- RSAPUBKEY *rp;
- DWORD rsa_modlen;
- unsigned char *rsa_modulus;
- rp = (RSAPUBKEY *)(bh + 1);
- if (rp->magic != 0x31415352)
- {
- char magstr[10];
- BIO_snprintf(magstr, 10, "%lx", rp->magic);
- CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
- ERR_add_error_data(2, "magic=0x", magstr);
- goto err;
- }
- rsa_modulus = (unsigned char *)(rp + 1);
- rkey = RSA_new_method(eng);
- if (!rkey)
- goto memerr;
-
- rkey->e = BN_new();
- rkey->n = BN_new();
-
- if (!rkey->e || !rkey->n)
- goto memerr;
-
- if (!BN_set_word(rkey->e, rp->pubexp))
- goto memerr;
-
- rsa_modlen = rp->bitlen / 8;
- if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
- goto memerr;
-
- RSA_set_ex_data(rkey, rsa_capi_idx, key);
-
- if (!(ret = EVP_PKEY_new()))
- goto memerr;
-
- EVP_PKEY_assign_RSA(ret, rkey);
- rkey = NULL;
-
- }
- else if (bh->aiKeyAlg == CALG_DSS_SIGN)
- {
- DSSPUBKEY *dp;
- DWORD dsa_plen;
- unsigned char *btmp;
- dp = (DSSPUBKEY *)(bh + 1);
- if (dp->magic != 0x31535344)
- {
- char magstr[10];
- BIO_snprintf(magstr, 10, "%lx", dp->magic);
- CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
- ERR_add_error_data(2, "magic=0x", magstr);
- goto err;
- }
- dsa_plen = dp->bitlen / 8;
- btmp = (unsigned char *)(dp + 1);
- dkey = DSA_new_method(eng);
- if (!dkey)
- goto memerr;
- dkey->p = BN_new();
- dkey->q = BN_new();
- dkey->g = BN_new();
- dkey->pub_key = BN_new();
- if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
- goto memerr;
- if (!lend_tobn(dkey->p, btmp, dsa_plen))
- goto memerr;
- btmp += dsa_plen;
- if (!lend_tobn(dkey->q, btmp, 20))
- goto memerr;
- btmp += 20;
- if (!lend_tobn(dkey->g, btmp, dsa_plen))
- goto memerr;
- btmp += dsa_plen;
- if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
- goto memerr;
- btmp += dsa_plen;
-
- DSA_set_ex_data(dkey, dsa_capi_idx, key);
-
- if (!(ret = EVP_PKEY_new()))
- goto memerr;
-
- EVP_PKEY_assign_DSA(ret, dkey);
- dkey = NULL;
- }
- else
- {
- char algstr[10];
- BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
- CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
- ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
- goto err;
- }
-
-
- err:
- if (pubkey)
- OPENSSL_free(pubkey);
- if (!ret)
- {
- if (rkey)
- RSA_free(rkey);
- if (dkey)
- DSA_free(dkey);
- }
-
- return ret;
-
-memerr:
- CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
- goto err;
-
- }
-
-static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- CAPI_CTX *ctx;
- CAPI_KEY *key;
- EVP_PKEY *ret;
- ctx = ENGINE_get_ex_data(eng, capi_idx);
-
- if (!ctx)
- {
- CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT);
- return NULL;
- }
-
- key = capi_find_key(ctx, key_id);
-
- if (!key)
- return NULL;
-
- ret = capi_get_pkey(eng, key);
-
- if (!ret)
- capi_free_key(key);
- return ret;
-
- }
-
-/* CryptoAPI RSA operations */
-
-int capi_rsa_priv_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED);
- return -1;
- }
-
-int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
- {
- ALG_ID alg;
- HCRYPTHASH hash;
- DWORD slen;
- unsigned int i;
- int ret = -1;
- CAPI_KEY *capi_key;
- CAPI_CTX *ctx;
-
- ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
-
- CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
-
- capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
- if (!capi_key)
- {
- CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
- return -1;
- }
-/* Convert the signature type to a CryptoAPI algorithm ID */
- switch(dtype)
- {
- case NID_sha1:
- alg = CALG_SHA1;
- break;
-
- case NID_md5:
- alg = CALG_MD5;
- break;
-
- case NID_md5_sha1:
- alg = CALG_SSL3_SHAMD5;
- break;
- default:
- {
- char algstr[10];
- BIO_snprintf(algstr, 10, "%lx", dtype);
- CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
- ERR_add_error_data(2, "NID=0x", algstr);
- return -1;
- }
- }
-
-
-
-/* Create the hash object */
- if(!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash))
- {
- CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
- capi_addlasterror();
- return -1;
- }
-/* Set the hash value to the value passed */
-
- if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0))
- {
- CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
- capi_addlasterror();
- goto err;
- }
-
-
-/* Finally sign it */
- slen = RSA_size(rsa);
- if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, sigret, &slen))
- {
- CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
- capi_addlasterror();
- goto err;
- }
- else
- {
- ret = 1;
- /* Inplace byte reversal of signature */
- for(i = 0; i < slen / 2; i++)
- {
- unsigned char c;
- c = sigret[i];
- sigret[i] = sigret[slen - i - 1];
- sigret[slen - i - 1] = c;
- }
- *siglen = slen;
- }
-
- /* Now cleanup */
-
-err:
- CryptDestroyHash(hash);
-
- return ret;
- }
-
-int capi_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- int i;
- unsigned char *tmpbuf;
- CAPI_KEY *capi_key;
- CAPI_CTX *ctx;
- ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
-
- CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
-
-
- capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
- if (!capi_key)
- {
- CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);
- return -1;
- }
-
- if(padding != RSA_PKCS1_PADDING)
- {
- char errstr[10];
- BIO_snprintf(errstr, 10, "%d", padding);
- CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
- ERR_add_error_data(2, "padding=", errstr);
- return -1;
- }
-
- /* Create temp reverse order version of input */
- if(!(tmpbuf = OPENSSL_malloc(flen)) )
- {
- CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
- return -1;
- }
- for(i = 0; i < flen; i++)
- tmpbuf[flen - i - 1] = from[i];
-
- /* Finally decrypt it */
- if(!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen))
- {
- CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
- capi_addlasterror();
- OPENSSL_free(tmpbuf);
- return -1;
- }
- else memcpy(to, tmpbuf, flen);
-
- OPENSSL_free(tmpbuf);
-
- return flen;
- }
-
-static int capi_rsa_free(RSA *rsa)
- {
- CAPI_KEY *capi_key;
- capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
- capi_free_key(capi_key);
- RSA_set_ex_data(rsa, rsa_capi_idx, 0);
- return 1;
- }
-
-/* CryptoAPI DSA operations */
-
-static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
- DSA *dsa)
- {
- HCRYPTHASH hash;
- DWORD slen;
- DSA_SIG *ret = NULL;
- CAPI_KEY *capi_key;
- CAPI_CTX *ctx;
- unsigned char csigbuf[40];
-
- ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
-
- CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
-
- capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
-
- if (!capi_key)
- {
- CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY);
- return NULL;
- }
-
- if (dlen != 20)
- {
- CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH);
- return NULL;
- }
-
- /* Create the hash object */
- if(!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash))
- {
- CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
- capi_addlasterror();
- return NULL;
- }
-
- /* Set the hash value to the value passed */
- if(!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0))
- {
- CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
- capi_addlasterror();
- goto err;
- }
-
-
- /* Finally sign it */
- slen = sizeof(csigbuf);
- if(!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen))
- {
- CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
- capi_addlasterror();
- goto err;
- }
- else
- {
- ret = DSA_SIG_new();
- if (!ret)
- goto err;
- ret->r = BN_new();
- ret->s = BN_new();
- if (!ret->r || !ret->s)
- goto err;
- if (!lend_tobn(ret->r, csigbuf, 20)
- || !lend_tobn(ret->s, csigbuf + 20, 20))
- {
- DSA_SIG_free(ret);
- ret = NULL;
- goto err;
- }
- }
-
- /* Now cleanup */
-
-err:
- OPENSSL_cleanse(csigbuf, 40);
- CryptDestroyHash(hash);
- return ret;
- }
-
-static int capi_dsa_free(DSA *dsa)
- {
- CAPI_KEY *capi_key;
- capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
- capi_free_key(capi_key);
- DSA_set_ex_data(dsa, dsa_capi_idx, 0);
- return 1;
- }
-
-static void capi_vtrace(CAPI_CTX *ctx, int level, char *format, va_list argptr)
- {
- BIO *out;
-
- if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
- return;
- out = BIO_new_file(ctx->debug_file, "a+");
- BIO_vprintf(out, format, argptr);
- BIO_free(out);
- }
-
-static void CAPI_trace(CAPI_CTX *ctx, char *format, ...)
- {
- va_list args;
- va_start(args, format);
- capi_vtrace(ctx, CAPI_DBG_TRACE, format, args);
- va_end(args);
- }
-
-static void capi_addlasterror(void)
- {
- capi_adderror(GetLastError());
- }
-
-static void capi_adderror(DWORD err)
- {
- char errstr[10];
- BIO_snprintf(errstr, 10, "%lX", err);
- ERR_add_error_data(2, "Error code= 0x", errstr);
- }
-
-static char *wide_to_asc(LPWSTR wstr)
- {
- char *str;
- int len_0,sz;
-
- if (!wstr)
- return NULL;
- len_0 = (int)wcslen(wstr)+1; /* WideCharToMultiByte expects int */
- sz = WideCharToMultiByte(CP_ACP,0,wstr,len_0,NULL,0,NULL,NULL);
- if (!sz)
- {
- CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
- return NULL;
- }
- str = OPENSSL_malloc(sz);
- if (!str)
- {
- CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- if (!WideCharToMultiByte(CP_ACP,0,wstr,len_0,str,sz,NULL,NULL))
- {
- OPENSSL_free(str);
- CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
- return NULL;
- }
- return str;
- }
-
-static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype, DWORD idx)
- {
- LPSTR name;
- DWORD len, err;
- CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
- if (!CryptEnumProvidersA(idx, NULL, 0, ptype, NULL, &len))
- {
- err = GetLastError();
- if (err == ERROR_NO_MORE_ITEMS)
- return 2;
- CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
- capi_adderror(err);
- return 0;
- }
- name = OPENSSL_malloc(len);
- if (!CryptEnumProvidersA(idx, NULL, 0, ptype, name, &len))
- {
- err = GetLastError();
- if (err == ERROR_NO_MORE_ITEMS)
- return 2;
- CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
- capi_adderror(err);
- return 0;
- }
- *pname = name;
- CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name, *ptype);
-
- return 1;
- }
-
-static int capi_list_providers(CAPI_CTX *ctx, BIO *out)
- {
- DWORD idx, ptype;
- int ret;
- LPSTR provname = NULL;
- CAPI_trace(ctx, "capi_list_providers\n");
- BIO_printf(out, "Available CSPs:\n");
- for(idx = 0; ; idx++)
- {
- ret = capi_get_provname(ctx, &provname, &ptype, idx);
- if (ret == 2)
- break;
- if (ret == 0)
- break;
- BIO_printf(out, "%d. %s, type %d\n", idx, provname, ptype);
- OPENSSL_free(provname);
- }
- return 1;
- }
-
-static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
- {
- int ret = 1;
- HCRYPTPROV hprov;
- DWORD err, idx, flags, buflen = 0, clen;
- LPSTR cname;
- CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname, ctx->csptype);
- if (!CryptAcquireContextA(&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT))
- {
- CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
- capi_addlasterror();
- return 0;
- }
- if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST))
- {
- CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
- capi_addlasterror();
- CryptReleaseContext(hprov, 0);
- return 0;
- }
- CAPI_trace(ctx, "Got max container len %d\n", buflen);
- if (buflen == 0)
- buflen = 1024;
- cname = OPENSSL_malloc(buflen);
- if (!cname)
- {
- CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- for (idx = 0;;idx++)
- {
- clen = buflen;
- cname[0] = 0;
-
- if (idx == 0)
- flags = CRYPT_FIRST;
- else
- flags = 0;
- if(!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags))
- {
- err = GetLastError();
- if (err == ERROR_NO_MORE_ITEMS)
- goto done;
- CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
- capi_adderror(err);
- goto err;
- }
- CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n", cname, clen, idx, flags);
- if (!cname[0] && (clen == buflen))
- {
- CAPI_trace(ctx, "Enumerate bug: using workaround\n");
- goto done;
- }
- BIO_printf(out, "%d. %s\n", idx, cname);
- }
- err:
-
- ret = 0;
-
- done:
- if (cname)
- OPENSSL_free(cname);
- CryptReleaseContext(hprov, 0);
-
- return ret;
- }
-
-CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
- {
- DWORD len;
- CRYPT_KEY_PROV_INFO *pinfo;
-
- if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len))
- return NULL;
- pinfo = OPENSSL_malloc(len);
- if (!pinfo)
- {
- CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len))
- {
- CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO);
- capi_addlasterror();
- OPENSSL_free(pinfo);
- return NULL;
- }
- return pinfo;
- }
-
-static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out, CRYPT_KEY_PROV_INFO *pinfo)
- {
- char *provname = NULL, *contname = NULL;
- if (!pinfo)
- {
- BIO_printf(out, " No Private Key\n");
- return;
- }
- provname = wide_to_asc(pinfo->pwszProvName);
- contname = wide_to_asc(pinfo->pwszContainerName);
- if (!provname || !contname)
- goto err;
-
- BIO_printf(out, " Private Key Info:\n");
- BIO_printf(out, " Provider Name: %s, Provider Type %d\n", provname, pinfo->dwProvType);
- BIO_printf(out, " Container Name: %s, Key Type %d\n", contname, pinfo->dwKeySpec);
- err:
- if (provname)
- OPENSSL_free(provname);
- if (contname)
- OPENSSL_free(contname);
- }
-
-char * capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
- {
- LPWSTR wfname;
- DWORD dlen;
-
- CAPI_trace(ctx, "capi_cert_get_fname\n");
- if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))
- return NULL;
- wfname = OPENSSL_malloc(dlen);
- if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen))
- {
- char *fname = wide_to_asc(wfname);
- OPENSSL_free(wfname);
- return fname;
- }
- CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME);
- capi_addlasterror();
-
- OPENSSL_free(wfname);
- return NULL;
- }
-
-
-void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert)
- {
- X509 *x;
- unsigned char *p;
- unsigned long flags = ctx->dump_flags;
- if (flags & CAPI_DMP_FNAME)
- {
- char *fname;
- fname = capi_cert_get_fname(ctx, cert);
- if (fname)
- {
- BIO_printf(out, " Friendly Name \"%s\"\n", fname);
- OPENSSL_free(fname);
- }
- else
- BIO_printf(out, " <No Friendly Name>\n");
- }
-
- p = cert->pbCertEncoded;
- x = d2i_X509(NULL, &p, cert->cbCertEncoded);
- if (!x)
- BIO_printf(out, " <Can't parse certificate>\n");
- if (flags & CAPI_DMP_SUMMARY)
- {
- BIO_printf(out, " Subject: ");
- X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
- BIO_printf(out, "\n Issuer: ");
- X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
- BIO_printf(out, "\n");
- }
- if (flags & CAPI_DMP_FULL)
- X509_print_ex(out, x, XN_FLAG_ONELINE,0);
-
- if (flags & CAPI_DMP_PKEYINFO)
- {
- CRYPT_KEY_PROV_INFO *pinfo;
- pinfo = capi_get_prov_info(ctx, cert);
- capi_dump_prov_info(ctx, out, pinfo);
- if (pinfo)
- OPENSSL_free(pinfo);
- }
-
- if (flags & CAPI_DMP_PEM)
- PEM_write_bio_X509(out, x);
- X509_free(x);
- }
-
-HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename)
- {
- HCERTSTORE hstore;
-
- if (!storename)
- storename = ctx->storename;
- if (!storename)
- storename = "MY";
- CAPI_trace(ctx, "Opening certificate store %s\n", storename);
-
- hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
- ctx->store_flags, storename);
- if (!hstore)
- {
- CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);
- capi_addlasterror();
- }
- return hstore;
- }
-
-int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id)
- {
- char *storename;
- int idx;
- int ret = 1;
- HCERTSTORE hstore;
- PCCERT_CONTEXT cert = NULL;
-
- storename = ctx->storename;
- if (!storename)
- storename = "MY";
- CAPI_trace(ctx, "Listing certs for store %s\n", storename);
-
- hstore = capi_open_store(ctx, storename);
- if (!hstore)
- return 0;
- if (id)
- {
- cert = capi_find_cert(ctx, id, hstore);
- if (!cert)
- {
- ret = 0;
- goto err;
- }
- capi_dump_cert(ctx, out, cert);
- CertFreeCertificateContext(cert);
- }
- else
- {
- for(idx = 0;;idx++)
- {
- LPWSTR fname = NULL;
- cert = CertEnumCertificatesInStore(hstore, cert);
- if (!cert)
- break;
- BIO_printf(out, "Certificate %d\n", idx);
- capi_dump_cert(ctx, out, cert);
- }
- }
- err:
- CertCloseStore(hstore, 0);
- return ret;
- }
-
-static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE hstore)
- {
- PCCERT_CONTEXT cert = NULL;
- char *fname = NULL;
- int match;
- switch(ctx->lookup_method)
- {
- case CAPI_LU_SUBSTR:
- return CertFindCertificateInStore(hstore,
- X509_ASN_ENCODING, 0,
- CERT_FIND_SUBJECT_STR_A, id, NULL);
- case CAPI_LU_FNAME:
- for(;;)
- {
- cert = CertEnumCertificatesInStore(hstore, cert);
- if (!cert)
- return NULL;
- fname = capi_cert_get_fname(ctx, cert);
- if (fname)
- {
- if (strcmp(fname, id))
- match = 0;
- else
- match = 1;
- OPENSSL_free(fname);
- if (match)
- return cert;
- }
- }
- default:
- return NULL;
- }
- }
-
-static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
- {
- CAPI_KEY *key;
- DWORD dwFlags = 0;
- key = OPENSSL_malloc(sizeof(CAPI_KEY));
- CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
- contname, provname, ptype);
- if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
- dwFlags = CRYPT_MACHINE_KEYSET;
- if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags))
- {
- CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
- capi_addlasterror();
- goto err;
- }
- if (!CryptGetUserKey(key->hprov, keyspec, &key->key))
- {
- CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);
- capi_addlasterror();
- CryptReleaseContext(key->hprov, 0);
- goto err;
- }
- key->keyspec = keyspec;
- key->pcert = NULL;
- return key;
-
- err:
- OPENSSL_free(key);
- return NULL;
- }
-
-static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
- {
- CAPI_KEY *key = NULL;
- CRYPT_KEY_PROV_INFO *pinfo = NULL;
- char *provname = NULL, *contname = NULL;
- pinfo = capi_get_prov_info(ctx, cert);
- if (!pinfo)
- goto err;
- provname = wide_to_asc(pinfo->pwszProvName);
- contname = wide_to_asc(pinfo->pwszContainerName);
- if (!provname || !contname)
- goto err;
- key = capi_get_key(ctx, contname, provname,
- pinfo->dwProvType, pinfo->dwKeySpec);
-
- err:
- if (pinfo)
- OPENSSL_free(pinfo);
- if (provname)
- OPENSSL_free(provname);
- if (contname)
- OPENSSL_free(contname);
- return key;
- }
-
-CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id)
- {
- PCCERT_CONTEXT cert;
- HCERTSTORE hstore;
- CAPI_KEY *key = NULL;
- switch (ctx->lookup_method)
- {
- case CAPI_LU_SUBSTR:
- case CAPI_LU_FNAME:
- hstore = capi_open_store(ctx, NULL);
- if (!hstore)
- return NULL;
- cert = capi_find_cert(ctx, id, hstore);
- if (cert)
- {
- key = capi_get_cert_key(ctx, cert);
- CertFreeCertificateContext(cert);
- }
- CertCloseStore(hstore, 0);
- break;
-
- case CAPI_LU_CONTNAME:
- key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype,
- ctx->keytype);
- break;
- }
-
- return key;
- }
-
-void capi_free_key(CAPI_KEY *key)
- {
- if (!key)
- return;
- CryptDestroyKey(key->key);
- CryptReleaseContext(key->hprov, 0);
- if (key->pcert)
- CertFreeCertificateContext(key->pcert);
- OPENSSL_free(key);
- }
-
-
-/* Initialize a CAPI_CTX structure */
-
-static CAPI_CTX *capi_ctx_new()
- {
- CAPI_CTX *ctx;
- ctx = OPENSSL_malloc(sizeof(CAPI_CTX));
- if (!ctx)
- {
- CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
- ctx->cspname = NULL;
- ctx->csptype = PROV_RSA_FULL;
- ctx->dump_flags = CAPI_DMP_SUMMARY|CAPI_DMP_FNAME;
- ctx->keytype = AT_KEYEXCHANGE;
- ctx->storename = NULL;
- ctx->ssl_client_store = NULL;
- ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |
- CERT_STORE_READONLY_FLAG |
- CERT_SYSTEM_STORE_CURRENT_USER;
- ctx->lookup_method = CAPI_LU_SUBSTR;
- ctx->debug_level = 0;
- ctx->debug_file = NULL;
- ctx->client_cert_select = cert_select_simple;
- return ctx;
- }
-
-static void capi_ctx_free(CAPI_CTX *ctx)
- {
- CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
- if (!ctx)
- return;
- if (ctx->cspname)
- OPENSSL_free(ctx->cspname);
- if (ctx->debug_file)
- OPENSSL_free(ctx->debug_file);
- if (ctx->storename)
- OPENSSL_free(ctx->storename);
- if (ctx->ssl_client_store)
- OPENSSL_free(ctx->ssl_client_store);
- OPENSSL_free(ctx);
- }
-
-static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int check)
- {
- CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
- if (check)
- {
- HCRYPTPROV hprov;
- if (!CryptAcquireContextA(&hprov, NULL, pname, type,
- CRYPT_VERIFYCONTEXT))
- {
- CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
- capi_addlasterror();
- return 0;
- }
- CryptReleaseContext(hprov, 0);
- }
- if (ctx->cspname)
- OPENSSL_free(ctx->cspname);
- ctx->cspname = BUF_strdup(pname);
- ctx->csptype = type;
- return 1;
- }
-
-static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
- {
- LPSTR pname;
- DWORD type;
- int res;
- if (capi_get_provname(ctx, &pname, &type, idx) != 1)
- return 0;
- res = capi_ctx_set_provname(ctx, pname, type, 0);
- OPENSSL_free(pname);
- return res;
- }
-
-static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
- {
- int i;
- X509_NAME *nm;
- /* Special case: empty list: match anything */
- if (sk_X509_NAME_num(ca_dn) <= 0)
- return 1;
- for (i = 0; i < sk_X509_NAME_num(ca_dn); i++)
- {
- nm = sk_X509_NAME_value(ca_dn, i);
- if (!X509_NAME_cmp(nm, X509_get_issuer_name(x)))
- return 1;
- }
- return 0;
- }
-
-
-
-static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
- STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey,
- STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
- {
- STACK_OF(X509) *certs = NULL;
- X509 *x;
- char *storename;
- const char *p;
- int i, client_cert_idx;
- HCERTSTORE hstore;
- PCCERT_CONTEXT cert = NULL, excert = NULL;
- CAPI_CTX *ctx;
- CAPI_KEY *key;
- ctx = ENGINE_get_ex_data(e, capi_idx);
-
- *pcert = NULL;
- *pkey = NULL;
-
- storename = ctx->ssl_client_store;
- if (!storename)
- storename = "MY";
-
- hstore = capi_open_store(ctx, storename);
- if (!hstore)
- return 0;
- /* Enumerate all certificates collect any matches */
- for(i = 0;;i++)
- {
- cert = CertEnumCertificatesInStore(hstore, cert);
- if (!cert)
- break;
- p = cert->pbCertEncoded;
- x = d2i_X509(NULL, &p, cert->cbCertEncoded);
- if (!x)
- {
- CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
- continue;
- }
- if (cert_issuer_match(ca_dn, x)
- && X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0))
- {
- key = capi_get_cert_key(ctx, cert);
- if (!key)
- {
- X509_free(x);
- continue;
- }
- /* Match found: attach extra data to it so
- * we can retrieve the key later.
- */
- excert = CertDuplicateCertificateContext(cert);
- key->pcert = excert;
- X509_set_ex_data(x, cert_capi_idx, key);
-
- if (!certs)
- certs = sk_X509_new_null();
-
- sk_X509_push(certs, x);
- }
- else
- X509_free(x);
-
- }
-
- if (cert)
- CertFreeCertificateContext(cert);
- if (hstore)
- CertCloseStore(hstore, 0);
-
- if (!certs)
- return 0;
-
-
- /* Select the appropriate certificate */
-
- client_cert_idx = ctx->client_cert_select(e, ssl, certs);
-
- /* Set the selected certificate and free the rest */
-
- for(i = 0; i < sk_X509_num(certs); i++)
- {
- x = sk_X509_value(certs, i);
- if (i == client_cert_idx)
- *pcert = x;
- else
- {
- key = X509_get_ex_data(x, cert_capi_idx);
- capi_free_key(key);
- X509_free(x);
- }
- }
-
- sk_X509_free(certs);
-
- if (!*pcert)
- return 0;
-
- /* Setup key for selected certificate */
-
- key = X509_get_ex_data(*pcert, cert_capi_idx);
- *pkey = capi_get_pkey(e, key);
- X509_set_ex_data(*pcert, cert_capi_idx, NULL);
-
- return 1;
-
- }
-
-
-/* Simple client cert selection function: always select first */
-
-static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
- {
- return 0;
- }
-
-#ifdef OPENSSL_CAPIENG_DIALOG
-
-/* More complex cert selection function, using standard function
- * CryptUIDlgSelectCertificateFromStore() to produce a dialog box.
- */
-
-/* Definitions which are in cryptuiapi.h but this is not present in older
- * versions of headers.
- */
-
-#ifndef CRYPTUI_SELECT_LOCATION_COLUMN
-#define CRYPTUI_SELECT_LOCATION_COLUMN 0x000000010
-#define CRYPTUI_SELECT_INTENDEDUSE_COLUMN 0x000000004
-#endif
-
-#define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
-#define dlg_prompt L"Select a certificate to use for authentication"
-#define dlg_columns CRYPTUI_SELECT_LOCATION_COLUMN \
- |CRYPTUI_SELECT_INTENDEDUSE_COLUMN
-
-static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
- {
- X509 *x;
- HCERTSTORE dstore;
- PCCERT_CONTEXT cert;
- CAPI_CTX *ctx;
- CAPI_KEY *key;
- HWND hwnd;
- int i, idx = -1;
- if (sk_X509_num(certs) == 1)
- return 0;
- ctx = ENGINE_get_ex_data(e, capi_idx);
- /* Create an in memory store of certificates */
- dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
- CERT_STORE_CREATE_NEW_FLAG, NULL);
- if (!dstore)
- {
- CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE);
- capi_addlasterror();
- goto err;
- }
- /* Add all certificates to store */
- for(i = 0; i < sk_X509_num(certs); i++)
- {
- x = sk_X509_value(certs, i);
- key = X509_get_ex_data(x, cert_capi_idx);
-
- if (!CertAddCertificateContextToStore(dstore, key->pcert,
- CERT_STORE_ADD_NEW, NULL))
- {
- CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT);
- capi_addlasterror();
- goto err;
- }
-
- }
- hwnd = GetForegroundWindow();
- if (!hwnd)
- hwnd = GetActiveWindow();
- if (!hwnd && ctx->getconswindow)
- hwnd = ctx->getconswindow();
- /* Call dialog to select one */
- cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt,
- dlg_columns, 0, NULL);
-
- /* Find matching cert from list */
- if (cert)
- {
- for(i = 0; i < sk_X509_num(certs); i++)
- {
- x = sk_X509_value(certs, i);
- key = X509_get_ex_data(x, cert_capi_idx);
- if (CertCompareCertificate(
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
- cert->pCertInfo,
- key->pcert->pCertInfo))
- {
- idx = i;
- break;
- }
- }
- }
-
- err:
- if (dstore)
- CertCloseStore(dstore, 0);
- return idx;
-
- }
-#endif
-
-#endif
-#else /* !WIN32 */
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-OPENSSL_EXPORT
-int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_capi.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_capi.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_capi.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_capi.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1742 @@
+/* engines/e_capi.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_SYS_WIN32
+# ifndef OPENSSL_NO_CAPIENG
+
+# include <openssl/rsa.h>
+
+# include <windows.h>
+
+# ifndef _WIN32_WINNT
+# define _WIN32_WINNT 0x0400
+# endif
+
+# include <wincrypt.h>
+
+# undef X509_EXTENSIONS
+# undef X509_CERT_PAIR
+
+/* Definitions which may be missing from earlier version of headers */
+# ifndef CERT_STORE_OPEN_EXISTING_FLAG
+# define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000
+# endif
+
+# ifndef CERT_STORE_CREATE_NEW_FLAG
+# define CERT_STORE_CREATE_NEW_FLAG 0x00002000
+# endif
+
+# ifndef CERT_SYSTEM_STORE_CURRENT_USER
+# define CERT_SYSTEM_STORE_CURRENT_USER 0x00010000
+# endif
+
+# include <openssl/engine.h>
+# include <openssl/pem.h>
+# include <openssl/x509v3.h>
+
+# include "e_capi_err.h"
+# include "e_capi_err.c"
+
+static const char *engine_capi_id = "capi";
+static const char *engine_capi_name = "CryptoAPI ENGINE";
+
+typedef struct CAPI_CTX_st CAPI_CTX;
+typedef struct CAPI_KEY_st CAPI_KEY;
+
+static void capi_addlasterror(void);
+static void capi_adderror(DWORD err);
+
+static void CAPI_trace(CAPI_CTX * ctx, char *format, ...);
+
+static int capi_list_providers(CAPI_CTX * ctx, BIO *out);
+static int capi_list_containers(CAPI_CTX * ctx, BIO *out);
+int capi_list_certs(CAPI_CTX * ctx, BIO *out, char *storename);
+void capi_free_key(CAPI_KEY * key);
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id,
+ HCERTSTORE hstore);
+
+CAPI_KEY *capi_find_key(CAPI_CTX * ctx, const char *id);
+
+static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
+ UI_METHOD *ui_method, void *callback_data);
+static int capi_rsa_sign(int dtype, const unsigned char *m,
+ unsigned int m_len, unsigned char *sigret,
+ unsigned int *siglen, const RSA *rsa);
+static int capi_rsa_priv_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int capi_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int capi_rsa_free(RSA *rsa);
+
+static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+ DSA *dsa);
+static int capi_dsa_free(DSA *dsa);
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+ EVP_PKEY **pkey, STACK_OF(X509) **pother,
+ UI_METHOD *ui_method,
+ void *callback_data);
+
+static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+# ifdef OPENSSL_CAPIENG_DIALOG
+static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+# endif
+
+typedef PCCERT_CONTEXT(WINAPI *CERTDLG) (HCERTSTORE, HWND, LPCWSTR,
+ LPCWSTR, DWORD, DWORD, void *);
+typedef HWND(WINAPI *GETCONSWIN) (void);
+
+/*
+ * This structure contains CAPI ENGINE specific data: it contains various
+ * global options and affects how other functions behave.
+ */
+
+# define CAPI_DBG_TRACE 2
+# define CAPI_DBG_ERROR 1
+
+struct CAPI_CTX_st {
+ int debug_level;
+ char *debug_file;
+ /* Parameters to use for container lookup */
+ DWORD keytype;
+ LPSTR cspname;
+ DWORD csptype;
+ /* Certificate store name to use */
+ LPSTR storename;
+ LPSTR ssl_client_store;
+ /* System store flags */
+ DWORD store_flags;
+/* Lookup string meanings in load_private_key */
+/* Substring of subject: uses "storename" */
+# define CAPI_LU_SUBSTR 1
+/* Friendly name: uses storename */
+# define CAPI_LU_FNAME 2
+/* Container name: uses cspname, keytype */
+# define CAPI_LU_CONTNAME 3
+ int lookup_method;
+/* Info to dump with dumpcerts option */
+/* Issuer and serial name strings */
+# define CAPI_DMP_SUMMARY 0x1
+/* Friendly name */
+# define CAPI_DMP_FNAME 0x2
+/* Full X509_print dump */
+# define CAPI_DMP_FULL 0x4
+/* Dump PEM format certificate */
+# define CAPI_DMP_PEM 0x8
+/* Dump pseudo key (if possible) */
+# define CAPI_DMP_PSKEY 0x10
+/* Dump key info (if possible) */
+# define CAPI_DMP_PKEYINFO 0x20
+ DWORD dump_flags;
+ int (*client_cert_select) (ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+ CERTDLG certselectdlg;
+ GETCONSWIN getconswindow;
+};
+
+static CAPI_CTX *capi_ctx_new();
+static void capi_ctx_free(CAPI_CTX * ctx);
+static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
+ int check);
+static int capi_ctx_set_provname_idx(CAPI_CTX * ctx, int idx);
+
+# define CAPI_CMD_LIST_CERTS ENGINE_CMD_BASE
+# define CAPI_CMD_LOOKUP_CERT (ENGINE_CMD_BASE + 1)
+# define CAPI_CMD_DEBUG_LEVEL (ENGINE_CMD_BASE + 2)
+# define CAPI_CMD_DEBUG_FILE (ENGINE_CMD_BASE + 3)
+# define CAPI_CMD_KEYTYPE (ENGINE_CMD_BASE + 4)
+# define CAPI_CMD_LIST_CSPS (ENGINE_CMD_BASE + 5)
+# define CAPI_CMD_SET_CSP_IDX (ENGINE_CMD_BASE + 6)
+# define CAPI_CMD_SET_CSP_NAME (ENGINE_CMD_BASE + 7)
+# define CAPI_CMD_SET_CSP_TYPE (ENGINE_CMD_BASE + 8)
+# define CAPI_CMD_LIST_CONTAINERS (ENGINE_CMD_BASE + 9)
+# define CAPI_CMD_LIST_OPTIONS (ENGINE_CMD_BASE + 10)
+# define CAPI_CMD_LOOKUP_METHOD (ENGINE_CMD_BASE + 11)
+# define CAPI_CMD_STORE_NAME (ENGINE_CMD_BASE + 12)
+# define CAPI_CMD_STORE_FLAGS (ENGINE_CMD_BASE + 13)
+
+static const ENGINE_CMD_DEFN capi_cmd_defns[] = {
+ {CAPI_CMD_LIST_CERTS,
+ "list_certs",
+ "List all certificates in store",
+ ENGINE_CMD_FLAG_NO_INPUT},
+ {CAPI_CMD_LOOKUP_CERT,
+ "lookup_cert",
+ "Lookup and output certificates",
+ ENGINE_CMD_FLAG_STRING},
+ {CAPI_CMD_DEBUG_LEVEL,
+ "debug_level",
+ "debug level (1=errors, 2=trace)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_DEBUG_FILE,
+ "debug_file",
+ "debugging filename)",
+ ENGINE_CMD_FLAG_STRING},
+ {CAPI_CMD_KEYTYPE,
+ "key_type",
+ "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_LIST_CSPS,
+ "list_csps",
+ "List all CSPs",
+ ENGINE_CMD_FLAG_NO_INPUT},
+ {CAPI_CMD_SET_CSP_IDX,
+ "csp_idx",
+ "Set CSP by index",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_SET_CSP_NAME,
+ "csp_name",
+ "Set CSP name, (default CSP used if not specified)",
+ ENGINE_CMD_FLAG_STRING},
+ {CAPI_CMD_SET_CSP_TYPE,
+ "csp_type",
+ "Set CSP type, (default RSA_PROV_FULL)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_LIST_CONTAINERS,
+ "list_containers",
+ "list container names",
+ ENGINE_CMD_FLAG_NO_INPUT},
+ {CAPI_CMD_LIST_OPTIONS,
+ "list_options",
+ "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, "
+ "32=private key info)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_LOOKUP_METHOD,
+ "lookup_method",
+ "Set key lookup method (1=substring, 2=friendlyname, 3=container name)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {CAPI_CMD_STORE_NAME,
+ "store_name",
+ "certificate store name, default \"MY\"",
+ ENGINE_CMD_FLAG_STRING},
+ {CAPI_CMD_STORE_FLAGS,
+ "store_flags",
+ "Certificate store flags: 1 = system store",
+ ENGINE_CMD_FLAG_NUMERIC},
+
+ {0, NULL, NULL, 0}
+};
+
+static int capi_idx = -1;
+static int rsa_capi_idx = -1;
+static int dsa_capi_idx = -1;
+static int cert_capi_idx = -1;
+
+static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int ret = 1;
+ CAPI_CTX *ctx;
+ BIO *out;
+ if (capi_idx == -1) {
+ CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
+ return 0;
+ }
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ switch (cmd) {
+ case CAPI_CMD_LIST_CSPS:
+ ret = capi_list_providers(ctx, out);
+ break;
+
+ case CAPI_CMD_LIST_CERTS:
+ ret = capi_list_certs(ctx, out, NULL);
+ break;
+
+ case CAPI_CMD_LOOKUP_CERT:
+ ret = capi_list_certs(ctx, out, p);
+ break;
+
+ case CAPI_CMD_LIST_CONTAINERS:
+ ret = capi_list_containers(ctx, out);
+ break;
+
+ case CAPI_CMD_STORE_NAME:
+ if (ctx->storename)
+ OPENSSL_free(ctx->storename);
+ ctx->storename = BUF_strdup(p);
+ CAPI_trace(ctx, "Setting store name to %s\n", p);
+ break;
+
+ case CAPI_CMD_STORE_FLAGS:
+ if (i & 1) {
+ ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE;
+ ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER;
+ } else {
+ ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER;
+ ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE;
+ }
+ CAPI_trace(ctx, "Setting flags to %d\n", i);
+ break;
+
+ case CAPI_CMD_DEBUG_LEVEL:
+ ctx->debug_level = (int)i;
+ CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level);
+ break;
+
+ case CAPI_CMD_DEBUG_FILE:
+ ctx->debug_file = BUF_strdup(p);
+ CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
+ break;
+
+ case CAPI_CMD_KEYTYPE:
+ ctx->keytype = i;
+ CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype);
+ break;
+
+ case CAPI_CMD_SET_CSP_IDX:
+ ret = capi_ctx_set_provname_idx(ctx, i);
+ break;
+
+ case CAPI_CMD_LIST_OPTIONS:
+ ctx->dump_flags = i;
+ break;
+
+ case CAPI_CMD_LOOKUP_METHOD:
+ if (i < 1 || i > 3) {
+ CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
+ return 0;
+ }
+ ctx->lookup_method = i;
+ break;
+
+ case CAPI_CMD_SET_CSP_NAME:
+ ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1);
+ break;
+
+ case CAPI_CMD_SET_CSP_TYPE:
+ ctx->csptype = i;
+ break;
+
+ default:
+ CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND);
+ ret = 0;
+ }
+
+ BIO_free(out);
+ return ret;
+
+}
+
+static RSA_METHOD capi_rsa_method = {
+ "CryptoAPI RSA method",
+ 0, /* pub_enc */
+ 0, /* pub_dec */
+ capi_rsa_priv_enc, /* priv_enc */
+ capi_rsa_priv_dec, /* priv_dec */
+ 0, /* rsa_mod_exp */
+ 0, /* bn_mod_exp */
+ 0, /* init */
+ capi_rsa_free, /* finish */
+ RSA_FLAG_SIGN_VER, /* flags */
+ NULL, /* app_data */
+ capi_rsa_sign, /* rsa_sign */
+ 0 /* rsa_verify */
+};
+
+static DSA_METHOD capi_dsa_method = {
+ "CryptoAPI DSA method",
+ capi_dsa_do_sign, /* dsa_do_sign */
+ 0, /* dsa_sign_setup */
+ 0, /* dsa_do_verify */
+ 0, /* dsa_mod_exp */
+ 0, /* bn_mod_exp */
+ 0, /* init */
+ capi_dsa_free, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ 0, /* dsa_paramgen */
+ 0 /* dsa_keygen */
+};
+
+static int capi_init(ENGINE *e)
+{
+ CAPI_CTX *ctx;
+ const RSA_METHOD *ossl_rsa_meth;
+ const DSA_METHOD *ossl_dsa_meth;
+
+ if (capi_idx < 0) {
+ capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
+ if (capi_idx < 0)
+ goto memerr;
+
+ cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+
+ /* Setup RSA_METHOD */
+ rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+ ossl_rsa_meth = RSA_PKCS1_SSLeay();
+ capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
+ capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
+ capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
+ capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
+
+ /* Setup DSA Method */
+ dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+ ossl_dsa_meth = DSA_OpenSSL();
+ capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
+ capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
+ capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
+ }
+
+ ctx = capi_ctx_new();
+ if (!ctx)
+ goto memerr;
+
+ ENGINE_set_ex_data(e, capi_idx, ctx);
+
+# ifdef OPENSSL_CAPIENG_DIALOG
+ {
+ HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
+ HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
+ if (cryptui)
+ ctx->certselectdlg =
+ (CERTDLG) GetProcAddress(cryptui,
+ "CryptUIDlgSelectCertificateFromStore");
+ if (kernel)
+ ctx->getconswindow =
+ (GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow");
+ if (cryptui && !OPENSSL_isservice())
+ ctx->client_cert_select = cert_select_dialog;
+ }
+# endif
+
+ return 1;
+
+ memerr:
+ CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
+ return 0;
+
+ return 1;
+}
+
+static int capi_destroy(ENGINE *e)
+{
+ ERR_unload_CAPI_strings();
+ return 1;
+}
+
+static int capi_finish(ENGINE *e)
+{
+ CAPI_CTX *ctx;
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+ capi_ctx_free(ctx);
+ ENGINE_set_ex_data(e, capi_idx, NULL);
+ return 1;
+}
+
+/*
+ * CryptoAPI key application data. This contains a handle to the private key
+ * container (for sign operations) and a handle to the key (for decrypt
+ * operations).
+ */
+
+struct CAPI_KEY_st {
+ /* Associated certificate context (if any) */
+ PCCERT_CONTEXT pcert;
+ HCRYPTPROV hprov;
+ HCRYPTKEY key;
+ DWORD keyspec;
+};
+
+static int bind_capi(ENGINE *e)
+{
+ if (!ENGINE_set_id(e, engine_capi_id)
+ || !ENGINE_set_name(e, engine_capi_name)
+ || !ENGINE_set_init_function(e, capi_init)
+ || !ENGINE_set_finish_function(e, capi_finish)
+ || !ENGINE_set_destroy_function(e, capi_destroy)
+ || !ENGINE_set_RSA(e, &capi_rsa_method)
+ || !ENGINE_set_DSA(e, &capi_dsa_method)
+ || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
+ || !ENGINE_set_load_ssl_client_cert_function(e,
+ capi_load_ssl_client_cert)
+ || !ENGINE_set_cmd_defns(e, capi_cmd_defns)
+ || !ENGINE_set_ctrl_function(e, capi_ctrl))
+ return 0;
+ ERR_load_CAPI_strings();
+
+ return 1;
+
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_capi_id) != 0))
+ return 0;
+ if (!bind_capi(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# else
+static ENGINE *engine_capi(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_capi(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_capi(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_capi();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
+
+static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen)
+{
+ int i;
+ /*
+ * Reverse buffer in place: since this is a keyblob structure that will
+ * be freed up after conversion anyway it doesn't matter if we change
+ * it.
+ */
+ for (i = 0; i < binlen / 2; i++) {
+ unsigned char c;
+ c = bin[i];
+ bin[i] = bin[binlen - i - 1];
+ bin[binlen - i - 1] = c;
+ }
+
+ if (!BN_bin2bn(bin, binlen, bn))
+ return 0;
+ return 1;
+}
+
+/* Given a CAPI_KEY get an EVP_PKEY structure */
+
+static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key)
+{
+ unsigned char *pubkey = NULL;
+ DWORD len;
+ BLOBHEADER *bh;
+ RSA *rkey = NULL;
+ DSA *dkey = NULL;
+ EVP_PKEY *ret = NULL;
+ if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len)) {
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
+ capi_addlasterror();
+ return NULL;
+ }
+
+ pubkey = OPENSSL_malloc(len);
+
+ if (!pubkey)
+ goto memerr;
+
+ if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len)) {
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
+ capi_addlasterror();
+ goto err;
+ }
+
+ bh = (BLOBHEADER *) pubkey;
+ if (bh->bType != PUBLICKEYBLOB) {
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
+ goto err;
+ }
+ if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX) {
+ RSAPUBKEY *rp;
+ DWORD rsa_modlen;
+ unsigned char *rsa_modulus;
+ rp = (RSAPUBKEY *) (bh + 1);
+ if (rp->magic != 0x31415352) {
+ char magstr[10];
+ BIO_snprintf(magstr, 10, "%lx", rp->magic);
+ CAPIerr(CAPI_F_CAPI_GET_PKEY,
+ CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+ ERR_add_error_data(2, "magic=0x", magstr);
+ goto err;
+ }
+ rsa_modulus = (unsigned char *)(rp + 1);
+ rkey = RSA_new_method(eng);
+ if (!rkey)
+ goto memerr;
+
+ rkey->e = BN_new();
+ rkey->n = BN_new();
+
+ if (!rkey->e || !rkey->n)
+ goto memerr;
+
+ if (!BN_set_word(rkey->e, rp->pubexp))
+ goto memerr;
+
+ rsa_modlen = rp->bitlen / 8;
+ if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
+ goto memerr;
+
+ RSA_set_ex_data(rkey, rsa_capi_idx, key);
+
+ if (!(ret = EVP_PKEY_new()))
+ goto memerr;
+
+ EVP_PKEY_assign_RSA(ret, rkey);
+ rkey = NULL;
+
+ } else if (bh->aiKeyAlg == CALG_DSS_SIGN) {
+ DSSPUBKEY *dp;
+ DWORD dsa_plen;
+ unsigned char *btmp;
+ dp = (DSSPUBKEY *) (bh + 1);
+ if (dp->magic != 0x31535344) {
+ char magstr[10];
+ BIO_snprintf(magstr, 10, "%lx", dp->magic);
+ CAPIerr(CAPI_F_CAPI_GET_PKEY,
+ CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+ ERR_add_error_data(2, "magic=0x", magstr);
+ goto err;
+ }
+ dsa_plen = dp->bitlen / 8;
+ btmp = (unsigned char *)(dp + 1);
+ dkey = DSA_new_method(eng);
+ if (!dkey)
+ goto memerr;
+ dkey->p = BN_new();
+ dkey->q = BN_new();
+ dkey->g = BN_new();
+ dkey->pub_key = BN_new();
+ if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
+ goto memerr;
+ if (!lend_tobn(dkey->p, btmp, dsa_plen))
+ goto memerr;
+ btmp += dsa_plen;
+ if (!lend_tobn(dkey->q, btmp, 20))
+ goto memerr;
+ btmp += 20;
+ if (!lend_tobn(dkey->g, btmp, dsa_plen))
+ goto memerr;
+ btmp += dsa_plen;
+ if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
+ goto memerr;
+ btmp += dsa_plen;
+
+ DSA_set_ex_data(dkey, dsa_capi_idx, key);
+
+ if (!(ret = EVP_PKEY_new()))
+ goto memerr;
+
+ EVP_PKEY_assign_DSA(ret, dkey);
+ dkey = NULL;
+ } else {
+ char algstr[10];
+ BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
+ CAPIerr(CAPI_F_CAPI_GET_PKEY,
+ CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
+ ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
+ goto err;
+ }
+
+ err:
+ if (pubkey)
+ OPENSSL_free(pubkey);
+ if (!ret) {
+ if (rkey)
+ RSA_free(rkey);
+ if (dkey)
+ DSA_free(dkey);
+ }
+
+ return ret;
+
+ memerr:
+ CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+
+}
+
+static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
+ UI_METHOD *ui_method, void *callback_data)
+{
+ CAPI_CTX *ctx;
+ CAPI_KEY *key;
+ EVP_PKEY *ret;
+ ctx = ENGINE_get_ex_data(eng, capi_idx);
+
+ if (!ctx) {
+ CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT);
+ return NULL;
+ }
+
+ key = capi_find_key(ctx, key_id);
+
+ if (!key)
+ return NULL;
+
+ ret = capi_get_pkey(eng, key);
+
+ if (!ret)
+ capi_free_key(key);
+ return ret;
+
+}
+
+/* CryptoAPI RSA operations */
+
+int capi_rsa_priv_enc(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED);
+ return -1;
+}
+
+int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+{
+ ALG_ID alg;
+ HCRYPTHASH hash;
+ DWORD slen;
+ unsigned int i;
+ int ret = -1;
+ CAPI_KEY *capi_key;
+ CAPI_CTX *ctx;
+
+ ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
+
+ CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
+
+ capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+ if (!capi_key) {
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
+ return -1;
+ }
+/* Convert the signature type to a CryptoAPI algorithm ID */
+ switch (dtype) {
+ case NID_sha1:
+ alg = CALG_SHA1;
+ break;
+
+ case NID_md5:
+ alg = CALG_MD5;
+ break;
+
+ case NID_md5_sha1:
+ alg = CALG_SSL3_SHAMD5;
+ break;
+ default:
+ {
+ char algstr[10];
+ BIO_snprintf(algstr, 10, "%lx", dtype);
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
+ ERR_add_error_data(2, "NID=0x", algstr);
+ return -1;
+ }
+ }
+
+/* Create the hash object */
+ if (!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash)) {
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+ capi_addlasterror();
+ return -1;
+ }
+/* Set the hash value to the value passed */
+
+ if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0)) {
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+ capi_addlasterror();
+ goto err;
+ }
+
+/* Finally sign it */
+ slen = RSA_size(rsa);
+ if (!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) {
+ CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+ capi_addlasterror();
+ goto err;
+ } else {
+ ret = 1;
+ /* Inplace byte reversal of signature */
+ for (i = 0; i < slen / 2; i++) {
+ unsigned char c;
+ c = sigret[i];
+ sigret[i] = sigret[slen - i - 1];
+ sigret[slen - i - 1] = c;
+ }
+ *siglen = slen;
+ }
+
+ /* Now cleanup */
+
+ err:
+ CryptDestroyHash(hash);
+
+ return ret;
+}
+
+int capi_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ int i;
+ unsigned char *tmpbuf;
+ CAPI_KEY *capi_key;
+ CAPI_CTX *ctx;
+ ctx = ENGINE_get_ex_data(rsa->engine, capi_idx);
+
+ CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
+
+ capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+ if (!capi_key) {
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);
+ return -1;
+ }
+
+ if (padding != RSA_PKCS1_PADDING) {
+ char errstr[10];
+ BIO_snprintf(errstr, 10, "%d", padding);
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
+ ERR_add_error_data(2, "padding=", errstr);
+ return -1;
+ }
+
+ /* Create temp reverse order version of input */
+ if (!(tmpbuf = OPENSSL_malloc(flen))) {
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ for (i = 0; i < flen; i++)
+ tmpbuf[flen - i - 1] = from[i];
+
+ /* Finally decrypt it */
+ if (!CryptDecrypt(capi_key->key, 0, TRUE, 0, tmpbuf, &flen)) {
+ CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
+ capi_addlasterror();
+ OPENSSL_free(tmpbuf);
+ return -1;
+ } else
+ memcpy(to, tmpbuf, flen);
+
+ OPENSSL_free(tmpbuf);
+
+ return flen;
+}
+
+static int capi_rsa_free(RSA *rsa)
+{
+ CAPI_KEY *capi_key;
+ capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+ capi_free_key(capi_key);
+ RSA_set_ex_data(rsa, rsa_capi_idx, 0);
+ return 1;
+}
+
+/* CryptoAPI DSA operations */
+
+static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+ DSA *dsa)
+{
+ HCRYPTHASH hash;
+ DWORD slen;
+ DSA_SIG *ret = NULL;
+ CAPI_KEY *capi_key;
+ CAPI_CTX *ctx;
+ unsigned char csigbuf[40];
+
+ ctx = ENGINE_get_ex_data(dsa->engine, capi_idx);
+
+ CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
+
+ capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+
+ if (!capi_key) {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY);
+ return NULL;
+ }
+
+ if (dlen != 20) {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH);
+ return NULL;
+ }
+
+ /* Create the hash object */
+ if (!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash)) {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+ capi_addlasterror();
+ return NULL;
+ }
+
+ /* Set the hash value to the value passed */
+ if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0)) {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+ capi_addlasterror();
+ goto err;
+ }
+
+ /* Finally sign it */
+ slen = sizeof(csigbuf);
+ if (!CryptSignHashA(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen)) {
+ CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+ capi_addlasterror();
+ goto err;
+ } else {
+ ret = DSA_SIG_new();
+ if (!ret)
+ goto err;
+ ret->r = BN_new();
+ ret->s = BN_new();
+ if (!ret->r || !ret->s)
+ goto err;
+ if (!lend_tobn(ret->r, csigbuf, 20)
+ || !lend_tobn(ret->s, csigbuf + 20, 20)) {
+ DSA_SIG_free(ret);
+ ret = NULL;
+ goto err;
+ }
+ }
+
+ /* Now cleanup */
+
+ err:
+ OPENSSL_cleanse(csigbuf, 40);
+ CryptDestroyHash(hash);
+ return ret;
+}
+
+static int capi_dsa_free(DSA *dsa)
+{
+ CAPI_KEY *capi_key;
+ capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+ capi_free_key(capi_key);
+ DSA_set_ex_data(dsa, dsa_capi_idx, 0);
+ return 1;
+}
+
+static void capi_vtrace(CAPI_CTX * ctx, int level, char *format,
+ va_list argptr)
+{
+ BIO *out;
+
+ if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
+ return;
+ out = BIO_new_file(ctx->debug_file, "a+");
+ BIO_vprintf(out, format, argptr);
+ BIO_free(out);
+}
+
+static void CAPI_trace(CAPI_CTX * ctx, char *format, ...)
+{
+ va_list args;
+ va_start(args, format);
+ capi_vtrace(ctx, CAPI_DBG_TRACE, format, args);
+ va_end(args);
+}
+
+static void capi_addlasterror(void)
+{
+ capi_adderror(GetLastError());
+}
+
+static void capi_adderror(DWORD err)
+{
+ char errstr[10];
+ BIO_snprintf(errstr, 10, "%lX", err);
+ ERR_add_error_data(2, "Error code= 0x", errstr);
+}
+
+static char *wide_to_asc(LPWSTR wstr)
+{
+ char *str;
+ int len_0, sz;
+
+ if (!wstr)
+ return NULL;
+ len_0 = (int)wcslen(wstr) + 1; /* WideCharToMultiByte expects int */
+ sz = WideCharToMultiByte(CP_ACP, 0, wstr, len_0, NULL, 0, NULL, NULL);
+ if (!sz) {
+ CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
+ return NULL;
+ }
+ str = OPENSSL_malloc(sz);
+ if (!str) {
+ CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (!WideCharToMultiByte(CP_ACP, 0, wstr, len_0, str, sz, NULL, NULL)) {
+ OPENSSL_free(str);
+ CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
+ return NULL;
+ }
+ return str;
+}
+
+static int capi_get_provname(CAPI_CTX * ctx, LPSTR * pname, DWORD * ptype,
+ DWORD idx)
+{
+ LPSTR name;
+ DWORD len, err;
+ CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
+ if (!CryptEnumProvidersA(idx, NULL, 0, ptype, NULL, &len)) {
+ err = GetLastError();
+ if (err == ERROR_NO_MORE_ITEMS)
+ return 2;
+ CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+ capi_adderror(err);
+ return 0;
+ }
+ name = OPENSSL_malloc(len);
+ if (!CryptEnumProvidersA(idx, NULL, 0, ptype, name, &len)) {
+ err = GetLastError();
+ if (err == ERROR_NO_MORE_ITEMS)
+ return 2;
+ CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+ capi_adderror(err);
+ return 0;
+ }
+ *pname = name;
+ CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", name,
+ *ptype);
+
+ return 1;
+}
+
+static int capi_list_providers(CAPI_CTX * ctx, BIO *out)
+{
+ DWORD idx, ptype;
+ int ret;
+ LPSTR provname = NULL;
+ CAPI_trace(ctx, "capi_list_providers\n");
+ BIO_printf(out, "Available CSPs:\n");
+ for (idx = 0;; idx++) {
+ ret = capi_get_provname(ctx, &provname, &ptype, idx);
+ if (ret == 2)
+ break;
+ if (ret == 0)
+ break;
+ BIO_printf(out, "%d. %s, type %d\n", idx, provname, ptype);
+ OPENSSL_free(provname);
+ }
+ return 1;
+}
+
+static int capi_list_containers(CAPI_CTX * ctx, BIO *out)
+{
+ int ret = 1;
+ HCRYPTPROV hprov;
+ DWORD err, idx, flags, buflen = 0, clen;
+ LPSTR cname;
+ CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname,
+ ctx->csptype);
+ if (!CryptAcquireContextA
+ (&hprov, NULL, ctx->cspname, ctx->csptype, CRYPT_VERIFYCONTEXT)) {
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS,
+ CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ capi_addlasterror();
+ return 0;
+ }
+ if (!CryptGetProvParam
+ (hprov, PP_ENUMCONTAINERS, NULL, &buflen, CRYPT_FIRST)) {
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+ capi_addlasterror();
+ CryptReleaseContext(hprov, 0);
+ return 0;
+ }
+ CAPI_trace(ctx, "Got max container len %d\n", buflen);
+ if (buflen == 0)
+ buflen = 1024;
+ cname = OPENSSL_malloc(buflen);
+ if (!cname) {
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ for (idx = 0;; idx++) {
+ clen = buflen;
+ cname[0] = 0;
+
+ if (idx == 0)
+ flags = CRYPT_FIRST;
+ else
+ flags = 0;
+ if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, cname, &clen, flags)) {
+ err = GetLastError();
+ if (err == ERROR_NO_MORE_ITEMS)
+ goto done;
+ CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+ capi_adderror(err);
+ goto err;
+ }
+ CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n",
+ cname, clen, idx, flags);
+ if (!cname[0] && (clen == buflen)) {
+ CAPI_trace(ctx, "Enumerate bug: using workaround\n");
+ goto done;
+ }
+ BIO_printf(out, "%d. %s\n", idx, cname);
+ }
+ err:
+
+ ret = 0;
+
+ done:
+ if (cname)
+ OPENSSL_free(cname);
+ CryptReleaseContext(hprov, 0);
+
+ return ret;
+}
+
+CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
+{
+ DWORD len;
+ CRYPT_KEY_PROV_INFO *pinfo;
+
+ if (!CertGetCertificateContextProperty
+ (cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &len))
+ return NULL;
+ pinfo = OPENSSL_malloc(len);
+ if (!pinfo) {
+ CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ if (!CertGetCertificateContextProperty
+ (cert, CERT_KEY_PROV_INFO_PROP_ID, pinfo, &len)) {
+ CAPIerr(CAPI_F_CAPI_GET_PROV_INFO,
+ CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO);
+ capi_addlasterror();
+ OPENSSL_free(pinfo);
+ return NULL;
+ }
+ return pinfo;
+}
+
+static void capi_dump_prov_info(CAPI_CTX * ctx, BIO *out,
+ CRYPT_KEY_PROV_INFO * pinfo)
+{
+ char *provname = NULL, *contname = NULL;
+ if (!pinfo) {
+ BIO_printf(out, " No Private Key\n");
+ return;
+ }
+ provname = wide_to_asc(pinfo->pwszProvName);
+ contname = wide_to_asc(pinfo->pwszContainerName);
+ if (!provname || !contname)
+ goto err;
+
+ BIO_printf(out, " Private Key Info:\n");
+ BIO_printf(out, " Provider Name: %s, Provider Type %d\n", provname,
+ pinfo->dwProvType);
+ BIO_printf(out, " Container Name: %s, Key Type %d\n", contname,
+ pinfo->dwKeySpec);
+ err:
+ if (provname)
+ OPENSSL_free(provname);
+ if (contname)
+ OPENSSL_free(contname);
+}
+
+char *capi_cert_get_fname(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
+{
+ LPWSTR wfname;
+ DWORD dlen;
+
+ CAPI_trace(ctx, "capi_cert_get_fname\n");
+ if (!CertGetCertificateContextProperty
+ (cert, CERT_FRIENDLY_NAME_PROP_ID, NULL, &dlen))
+ return NULL;
+ wfname = OPENSSL_malloc(dlen);
+ if (CertGetCertificateContextProperty
+ (cert, CERT_FRIENDLY_NAME_PROP_ID, wfname, &dlen)) {
+ char *fname = wide_to_asc(wfname);
+ OPENSSL_free(wfname);
+ return fname;
+ }
+ CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME);
+ capi_addlasterror();
+
+ OPENSSL_free(wfname);
+ return NULL;
+}
+
+void capi_dump_cert(CAPI_CTX * ctx, BIO *out, PCCERT_CONTEXT cert)
+{
+ X509 *x;
+ unsigned char *p;
+ unsigned long flags = ctx->dump_flags;
+ if (flags & CAPI_DMP_FNAME) {
+ char *fname;
+ fname = capi_cert_get_fname(ctx, cert);
+ if (fname) {
+ BIO_printf(out, " Friendly Name \"%s\"\n", fname);
+ OPENSSL_free(fname);
+ } else
+ BIO_printf(out, " <No Friendly Name>\n");
+ }
+
+ p = cert->pbCertEncoded;
+ x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+ if (!x)
+ BIO_printf(out, " <Can't parse certificate>\n");
+ if (flags & CAPI_DMP_SUMMARY) {
+ BIO_printf(out, " Subject: ");
+ X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
+ BIO_printf(out, "\n Issuer: ");
+ X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
+ BIO_printf(out, "\n");
+ }
+ if (flags & CAPI_DMP_FULL)
+ X509_print_ex(out, x, XN_FLAG_ONELINE, 0);
+
+ if (flags & CAPI_DMP_PKEYINFO) {
+ CRYPT_KEY_PROV_INFO *pinfo;
+ pinfo = capi_get_prov_info(ctx, cert);
+ capi_dump_prov_info(ctx, out, pinfo);
+ if (pinfo)
+ OPENSSL_free(pinfo);
+ }
+
+ if (flags & CAPI_DMP_PEM)
+ PEM_write_bio_X509(out, x);
+ X509_free(x);
+}
+
+HCERTSTORE capi_open_store(CAPI_CTX * ctx, char *storename)
+{
+ HCERTSTORE hstore;
+
+ if (!storename)
+ storename = ctx->storename;
+ if (!storename)
+ storename = "MY";
+ CAPI_trace(ctx, "Opening certificate store %s\n", storename);
+
+ hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
+ ctx->store_flags, storename);
+ if (!hstore) {
+ CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);
+ capi_addlasterror();
+ }
+ return hstore;
+}
+
+int capi_list_certs(CAPI_CTX * ctx, BIO *out, char *id)
+{
+ char *storename;
+ int idx;
+ int ret = 1;
+ HCERTSTORE hstore;
+ PCCERT_CONTEXT cert = NULL;
+
+ storename = ctx->storename;
+ if (!storename)
+ storename = "MY";
+ CAPI_trace(ctx, "Listing certs for store %s\n", storename);
+
+ hstore = capi_open_store(ctx, storename);
+ if (!hstore)
+ return 0;
+ if (id) {
+ cert = capi_find_cert(ctx, id, hstore);
+ if (!cert) {
+ ret = 0;
+ goto err;
+ }
+ capi_dump_cert(ctx, out, cert);
+ CertFreeCertificateContext(cert);
+ } else {
+ for (idx = 0;; idx++) {
+ LPWSTR fname = NULL;
+ cert = CertEnumCertificatesInStore(hstore, cert);
+ if (!cert)
+ break;
+ BIO_printf(out, "Certificate %d\n", idx);
+ capi_dump_cert(ctx, out, cert);
+ }
+ }
+ err:
+ CertCloseStore(hstore, 0);
+ return ret;
+}
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id,
+ HCERTSTORE hstore)
+{
+ PCCERT_CONTEXT cert = NULL;
+ char *fname = NULL;
+ int match;
+ switch (ctx->lookup_method) {
+ case CAPI_LU_SUBSTR:
+ return CertFindCertificateInStore(hstore,
+ X509_ASN_ENCODING, 0,
+ CERT_FIND_SUBJECT_STR_A, id, NULL);
+ case CAPI_LU_FNAME:
+ for (;;) {
+ cert = CertEnumCertificatesInStore(hstore, cert);
+ if (!cert)
+ return NULL;
+ fname = capi_cert_get_fname(ctx, cert);
+ if (fname) {
+ if (strcmp(fname, id))
+ match = 0;
+ else
+ match = 1;
+ OPENSSL_free(fname);
+ if (match)
+ return cert;
+ }
+ }
+ default:
+ return NULL;
+ }
+}
+
+static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const char *contname,
+ char *provname, DWORD ptype, DWORD keyspec)
+{
+ CAPI_KEY *key;
+ DWORD dwFlags = 0;
+ key = OPENSSL_malloc(sizeof(CAPI_KEY));
+ CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
+ contname, provname, ptype);
+ if (ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
+ dwFlags = CRYPT_MACHINE_KEYSET;
+ if (!CryptAcquireContextA
+ (&key->hprov, contname, provname, ptype, dwFlags)) {
+ CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ capi_addlasterror();
+ goto err;
+ }
+ if (!CryptGetUserKey(key->hprov, keyspec, &key->key)) {
+ CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);
+ capi_addlasterror();
+ CryptReleaseContext(key->hprov, 0);
+ goto err;
+ }
+ key->keyspec = keyspec;
+ key->pcert = NULL;
+ return key;
+
+ err:
+ OPENSSL_free(key);
+ return NULL;
+}
+
+static CAPI_KEY *capi_get_cert_key(CAPI_CTX * ctx, PCCERT_CONTEXT cert)
+{
+ CAPI_KEY *key = NULL;
+ CRYPT_KEY_PROV_INFO *pinfo = NULL;
+ char *provname = NULL, *contname = NULL;
+ pinfo = capi_get_prov_info(ctx, cert);
+ if (!pinfo)
+ goto err;
+ provname = wide_to_asc(pinfo->pwszProvName);
+ contname = wide_to_asc(pinfo->pwszContainerName);
+ if (!provname || !contname)
+ goto err;
+ key = capi_get_key(ctx, contname, provname,
+ pinfo->dwProvType, pinfo->dwKeySpec);
+
+ err:
+ if (pinfo)
+ OPENSSL_free(pinfo);
+ if (provname)
+ OPENSSL_free(provname);
+ if (contname)
+ OPENSSL_free(contname);
+ return key;
+}
+
+CAPI_KEY *capi_find_key(CAPI_CTX * ctx, const char *id)
+{
+ PCCERT_CONTEXT cert;
+ HCERTSTORE hstore;
+ CAPI_KEY *key = NULL;
+ switch (ctx->lookup_method) {
+ case CAPI_LU_SUBSTR:
+ case CAPI_LU_FNAME:
+ hstore = capi_open_store(ctx, NULL);
+ if (!hstore)
+ return NULL;
+ cert = capi_find_cert(ctx, id, hstore);
+ if (cert) {
+ key = capi_get_cert_key(ctx, cert);
+ CertFreeCertificateContext(cert);
+ }
+ CertCloseStore(hstore, 0);
+ break;
+
+ case CAPI_LU_CONTNAME:
+ key = capi_get_key(ctx, id, ctx->cspname, ctx->csptype, ctx->keytype);
+ break;
+ }
+
+ return key;
+}
+
+void capi_free_key(CAPI_KEY * key)
+{
+ if (!key)
+ return;
+ CryptDestroyKey(key->key);
+ CryptReleaseContext(key->hprov, 0);
+ if (key->pcert)
+ CertFreeCertificateContext(key->pcert);
+ OPENSSL_free(key);
+}
+
+/* Initialize a CAPI_CTX structure */
+
+static CAPI_CTX *capi_ctx_new()
+{
+ CAPI_CTX *ctx;
+ ctx = OPENSSL_malloc(sizeof(CAPI_CTX));
+ if (!ctx) {
+ CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+ ctx->cspname = NULL;
+ ctx->csptype = PROV_RSA_FULL;
+ ctx->dump_flags = CAPI_DMP_SUMMARY | CAPI_DMP_FNAME;
+ ctx->keytype = AT_KEYEXCHANGE;
+ ctx->storename = NULL;
+ ctx->ssl_client_store = NULL;
+ ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |
+ CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_CURRENT_USER;
+ ctx->lookup_method = CAPI_LU_SUBSTR;
+ ctx->debug_level = 0;
+ ctx->debug_file = NULL;
+ ctx->client_cert_select = cert_select_simple;
+ return ctx;
+}
+
+static void capi_ctx_free(CAPI_CTX * ctx)
+{
+ CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
+ if (!ctx)
+ return;
+ if (ctx->cspname)
+ OPENSSL_free(ctx->cspname);
+ if (ctx->debug_file)
+ OPENSSL_free(ctx->debug_file);
+ if (ctx->storename)
+ OPENSSL_free(ctx->storename);
+ if (ctx->ssl_client_store)
+ OPENSSL_free(ctx->ssl_client_store);
+ OPENSSL_free(ctx);
+}
+
+static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type,
+ int check)
+{
+ CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
+ if (check) {
+ HCRYPTPROV hprov;
+ if (!CryptAcquireContextA(&hprov, NULL, pname, type,
+ CRYPT_VERIFYCONTEXT)) {
+ CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME,
+ CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+ capi_addlasterror();
+ return 0;
+ }
+ CryptReleaseContext(hprov, 0);
+ }
+ if (ctx->cspname)
+ OPENSSL_free(ctx->cspname);
+ ctx->cspname = BUF_strdup(pname);
+ ctx->csptype = type;
+ return 1;
+}
+
+static int capi_ctx_set_provname_idx(CAPI_CTX * ctx, int idx)
+{
+ LPSTR pname;
+ DWORD type;
+ int res;
+ if (capi_get_provname(ctx, &pname, &type, idx) != 1)
+ return 0;
+ res = capi_ctx_set_provname(ctx, pname, type, 0);
+ OPENSSL_free(pname);
+ return res;
+}
+
+static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
+{
+ int i;
+ X509_NAME *nm;
+ /* Special case: empty list: match anything */
+ if (sk_X509_NAME_num(ca_dn) <= 0)
+ return 1;
+ for (i = 0; i < sk_X509_NAME_num(ca_dn); i++) {
+ nm = sk_X509_NAME_value(ca_dn, i);
+ if (!X509_NAME_cmp(nm, X509_get_issuer_name(x)))
+ return 1;
+ }
+ return 0;
+}
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+ STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+ EVP_PKEY **pkey, STACK_OF(X509) **pother,
+ UI_METHOD *ui_method,
+ void *callback_data)
+{
+ STACK_OF(X509) *certs = NULL;
+ X509 *x;
+ char *storename;
+ const char *p;
+ int i, client_cert_idx;
+ HCERTSTORE hstore;
+ PCCERT_CONTEXT cert = NULL, excert = NULL;
+ CAPI_CTX *ctx;
+ CAPI_KEY *key;
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+
+ *pcert = NULL;
+ *pkey = NULL;
+
+ storename = ctx->ssl_client_store;
+ if (!storename)
+ storename = "MY";
+
+ hstore = capi_open_store(ctx, storename);
+ if (!hstore)
+ return 0;
+ /* Enumerate all certificates collect any matches */
+ for (i = 0;; i++) {
+ cert = CertEnumCertificatesInStore(hstore, cert);
+ if (!cert)
+ break;
+ p = cert->pbCertEncoded;
+ x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+ if (!x) {
+ CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
+ continue;
+ }
+ if (cert_issuer_match(ca_dn, x)
+ && X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0)) {
+ key = capi_get_cert_key(ctx, cert);
+ if (!key) {
+ X509_free(x);
+ continue;
+ }
+ /*
+ * Match found: attach extra data to it so we can retrieve the
+ * key later.
+ */
+ excert = CertDuplicateCertificateContext(cert);
+ key->pcert = excert;
+ X509_set_ex_data(x, cert_capi_idx, key);
+
+ if (!certs)
+ certs = sk_X509_new_null();
+
+ sk_X509_push(certs, x);
+ } else
+ X509_free(x);
+
+ }
+
+ if (cert)
+ CertFreeCertificateContext(cert);
+ if (hstore)
+ CertCloseStore(hstore, 0);
+
+ if (!certs)
+ return 0;
+
+ /* Select the appropriate certificate */
+
+ client_cert_idx = ctx->client_cert_select(e, ssl, certs);
+
+ /* Set the selected certificate and free the rest */
+
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ if (i == client_cert_idx)
+ *pcert = x;
+ else {
+ key = X509_get_ex_data(x, cert_capi_idx);
+ capi_free_key(key);
+ X509_free(x);
+ }
+ }
+
+ sk_X509_free(certs);
+
+ if (!*pcert)
+ return 0;
+
+ /* Setup key for selected certificate */
+
+ key = X509_get_ex_data(*pcert, cert_capi_idx);
+ *pkey = capi_get_pkey(e, key);
+ X509_set_ex_data(*pcert, cert_capi_idx, NULL);
+
+ return 1;
+
+}
+
+/* Simple client cert selection function: always select first */
+
+static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
+{
+ return 0;
+}
+
+# ifdef OPENSSL_CAPIENG_DIALOG
+
+/*
+ * More complex cert selection function, using standard function
+ * CryptUIDlgSelectCertificateFromStore() to produce a dialog box.
+ */
+
+/*
+ * Definitions which are in cryptuiapi.h but this is not present in older
+ * versions of headers.
+ */
+
+# ifndef CRYPTUI_SELECT_LOCATION_COLUMN
+# define CRYPTUI_SELECT_LOCATION_COLUMN 0x000000010
+# define CRYPTUI_SELECT_INTENDEDUSE_COLUMN 0x000000004
+# endif
+
+# define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
+# define dlg_prompt L"Select a certificate to use for authentication"
+# define dlg_columns CRYPTUI_SELECT_LOCATION_COLUMN \
+ |CRYPTUI_SELECT_INTENDEDUSE_COLUMN
+
+static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
+{
+ X509 *x;
+ HCERTSTORE dstore;
+ PCCERT_CONTEXT cert;
+ CAPI_CTX *ctx;
+ CAPI_KEY *key;
+ HWND hwnd;
+ int i, idx = -1;
+ if (sk_X509_num(certs) == 1)
+ return 0;
+ ctx = ENGINE_get_ex_data(e, capi_idx);
+ /* Create an in memory store of certificates */
+ dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
+ CERT_STORE_CREATE_NEW_FLAG, NULL);
+ if (!dstore) {
+ CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE);
+ capi_addlasterror();
+ goto err;
+ }
+ /* Add all certificates to store */
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ key = X509_get_ex_data(x, cert_capi_idx);
+
+ if (!CertAddCertificateContextToStore(dstore, key->pcert,
+ CERT_STORE_ADD_NEW, NULL)) {
+ CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT);
+ capi_addlasterror();
+ goto err;
+ }
+
+ }
+ hwnd = GetForegroundWindow();
+ if (!hwnd)
+ hwnd = GetActiveWindow();
+ if (!hwnd && ctx->getconswindow)
+ hwnd = ctx->getconswindow();
+ /* Call dialog to select one */
+ cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt,
+ dlg_columns, 0, NULL);
+
+ /* Find matching cert from list */
+ if (cert) {
+ for (i = 0; i < sk_X509_num(certs); i++) {
+ x = sk_X509_value(certs, i);
+ key = X509_get_ex_data(x, cert_capi_idx);
+ if (CertCompareCertificate
+ (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo,
+ key->pcert->pCertInfo)) {
+ idx = i;
+ break;
+ }
+ }
+ }
+
+ err:
+ if (dstore)
+ CertCloseStore(dstore, 0);
+ return idx;
+
+}
+# endif
+
+# endif
+#else /* !WIN32 */
+# include <openssl/engine.h>
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+OPENSSL_EXPORT
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
+{
+ return 0;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_capi_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,184 +0,0 @@
-/* e_capi_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_capi_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA CAPI_str_functs[]=
- {
-{ERR_FUNC(CAPI_F_CAPI_CERT_GET_FNAME), "CAPI_CERT_GET_FNAME"},
-{ERR_FUNC(CAPI_F_CAPI_CTRL), "CAPI_CTRL"},
-{ERR_FUNC(CAPI_F_CAPI_CTX_NEW), "CAPI_CTX_NEW"},
-{ERR_FUNC(CAPI_F_CAPI_CTX_SET_PROVNAME), "CAPI_CTX_SET_PROVNAME"},
-{ERR_FUNC(CAPI_F_CAPI_DSA_DO_SIGN), "CAPI_DSA_DO_SIGN"},
-{ERR_FUNC(CAPI_F_CAPI_GET_KEY), "CAPI_GET_KEY"},
-{ERR_FUNC(CAPI_F_CAPI_GET_PKEY), "CAPI_GET_PKEY"},
-{ERR_FUNC(CAPI_F_CAPI_GET_PROVNAME), "CAPI_GET_PROVNAME"},
-{ERR_FUNC(CAPI_F_CAPI_GET_PROV_INFO), "CAPI_GET_PROV_INFO"},
-{ERR_FUNC(CAPI_F_CAPI_INIT), "CAPI_INIT"},
-{ERR_FUNC(CAPI_F_CAPI_LIST_CONTAINERS), "CAPI_LIST_CONTAINERS"},
-{ERR_FUNC(CAPI_F_CAPI_LOAD_PRIVKEY), "CAPI_LOAD_PRIVKEY"},
-{ERR_FUNC(CAPI_F_CAPI_OPEN_STORE), "CAPI_OPEN_STORE"},
-{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC), "CAPI_RSA_PRIV_DEC"},
-{ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC), "CAPI_RSA_PRIV_ENC"},
-{ERR_FUNC(CAPI_F_CAPI_RSA_SIGN), "CAPI_RSA_SIGN"},
-{ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG), "CERT_SELECT_DIALOG"},
-{ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT), "CLIENT_CERT_SELECT"},
-{ERR_FUNC(CAPI_F_WIDE_TO_ASC), "WIDE_TO_ASC"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CAPI_str_reasons[]=
- {
-{ERR_REASON(CAPI_R_CANT_CREATE_HASH_OBJECT),"cant create hash object"},
-{ERR_REASON(CAPI_R_CANT_FIND_CAPI_CONTEXT),"cant find capi context"},
-{ERR_REASON(CAPI_R_CANT_GET_KEY) ,"cant get key"},
-{ERR_REASON(CAPI_R_CANT_SET_HASH_VALUE) ,"cant set hash value"},
-{ERR_REASON(CAPI_R_CRYPTACQUIRECONTEXT_ERROR),"cryptacquirecontext error"},
-{ERR_REASON(CAPI_R_CRYPTENUMPROVIDERS_ERROR),"cryptenumproviders error"},
-{ERR_REASON(CAPI_R_DECRYPT_ERROR) ,"decrypt error"},
-{ERR_REASON(CAPI_R_ENGINE_NOT_INITIALIZED),"engine not initialized"},
-{ERR_REASON(CAPI_R_ENUMCONTAINERS_ERROR) ,"enumcontainers error"},
-{ERR_REASON(CAPI_R_ERROR_ADDING_CERT) ,"error adding cert"},
-{ERR_REASON(CAPI_R_ERROR_CREATING_STORE) ,"error creating store"},
-{ERR_REASON(CAPI_R_ERROR_GETTING_FRIENDLY_NAME),"error getting friendly name"},
-{ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),"error getting key provider info"},
-{ERR_REASON(CAPI_R_ERROR_OPENING_STORE) ,"error opening store"},
-{ERR_REASON(CAPI_R_ERROR_SIGNING_HASH) ,"error signing hash"},
-{ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED),"function not supported"},
-{ERR_REASON(CAPI_R_GETUSERKEY_ERROR) ,"getuserkey error"},
-{ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH),"invalid digest length"},
-{ERR_REASON(CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),"invalid dsa public key blob magic number"},
-{ERR_REASON(CAPI_R_INVALID_LOOKUP_METHOD),"invalid lookup method"},
-{ERR_REASON(CAPI_R_INVALID_PUBLIC_KEY_BLOB),"invalid public key blob"},
-{ERR_REASON(CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),"invalid rsa public key blob magic number"},
-{ERR_REASON(CAPI_R_PUBKEY_EXPORT_ERROR) ,"pubkey export error"},
-{ERR_REASON(CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),"pubkey export length error"},
-{ERR_REASON(CAPI_R_UNKNOWN_COMMAND) ,"unknown command"},
-{ERR_REASON(CAPI_R_UNSUPPORTED_ALGORITHM_NID),"unsupported algorithm nid"},
-{ERR_REASON(CAPI_R_UNSUPPORTED_PADDING) ,"unsupported padding"},
-{ERR_REASON(CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),"unsupported public key algorithm"},
-{ERR_REASON(CAPI_R_WIN32_ERROR) ,"win32 error"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef CAPI_LIB_NAME
-static ERR_STRING_DATA CAPI_lib_name[]=
- {
-{0 ,CAPI_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int CAPI_lib_error_code=0;
-static int CAPI_error_init=1;
-
-static void ERR_load_CAPI_strings(void)
- {
- if (CAPI_lib_error_code == 0)
- CAPI_lib_error_code=ERR_get_next_error_library();
-
- if (CAPI_error_init)
- {
- CAPI_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(CAPI_lib_error_code,CAPI_str_functs);
- ERR_load_strings(CAPI_lib_error_code,CAPI_str_reasons);
-#endif
-
-#ifdef CAPI_LIB_NAME
- CAPI_lib_name->error = ERR_PACK(CAPI_lib_error_code,0,0);
- ERR_load_strings(0,CAPI_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_CAPI_strings(void)
- {
- if (CAPI_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(CAPI_lib_error_code,CAPI_str_functs);
- ERR_unload_strings(CAPI_lib_error_code,CAPI_str_reasons);
-#endif
-
-#ifdef CAPI_LIB_NAME
- ERR_unload_strings(0,CAPI_lib_name);
-#endif
- CAPI_error_init=1;
- }
- }
-
-static void ERR_CAPI_error(int function, int reason, char *file, int line)
- {
- if (CAPI_lib_error_code == 0)
- CAPI_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(CAPI_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_capi_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,187 @@
+/* e_capi_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_capi_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA CAPI_str_functs[] = {
+ {ERR_FUNC(CAPI_F_CAPI_CERT_GET_FNAME), "CAPI_CERT_GET_FNAME"},
+ {ERR_FUNC(CAPI_F_CAPI_CTRL), "CAPI_CTRL"},
+ {ERR_FUNC(CAPI_F_CAPI_CTX_NEW), "CAPI_CTX_NEW"},
+ {ERR_FUNC(CAPI_F_CAPI_CTX_SET_PROVNAME), "CAPI_CTX_SET_PROVNAME"},
+ {ERR_FUNC(CAPI_F_CAPI_DSA_DO_SIGN), "CAPI_DSA_DO_SIGN"},
+ {ERR_FUNC(CAPI_F_CAPI_GET_KEY), "CAPI_GET_KEY"},
+ {ERR_FUNC(CAPI_F_CAPI_GET_PKEY), "CAPI_GET_PKEY"},
+ {ERR_FUNC(CAPI_F_CAPI_GET_PROVNAME), "CAPI_GET_PROVNAME"},
+ {ERR_FUNC(CAPI_F_CAPI_GET_PROV_INFO), "CAPI_GET_PROV_INFO"},
+ {ERR_FUNC(CAPI_F_CAPI_INIT), "CAPI_INIT"},
+ {ERR_FUNC(CAPI_F_CAPI_LIST_CONTAINERS), "CAPI_LIST_CONTAINERS"},
+ {ERR_FUNC(CAPI_F_CAPI_LOAD_PRIVKEY), "CAPI_LOAD_PRIVKEY"},
+ {ERR_FUNC(CAPI_F_CAPI_OPEN_STORE), "CAPI_OPEN_STORE"},
+ {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_DEC), "CAPI_RSA_PRIV_DEC"},
+ {ERR_FUNC(CAPI_F_CAPI_RSA_PRIV_ENC), "CAPI_RSA_PRIV_ENC"},
+ {ERR_FUNC(CAPI_F_CAPI_RSA_SIGN), "CAPI_RSA_SIGN"},
+ {ERR_FUNC(CAPI_F_CERT_SELECT_DIALOG), "CERT_SELECT_DIALOG"},
+ {ERR_FUNC(CAPI_F_CLIENT_CERT_SELECT), "CLIENT_CERT_SELECT"},
+ {ERR_FUNC(CAPI_F_WIDE_TO_ASC), "WIDE_TO_ASC"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA CAPI_str_reasons[] = {
+ {ERR_REASON(CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"},
+ {ERR_REASON(CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"},
+ {ERR_REASON(CAPI_R_CANT_GET_KEY), "cant get key"},
+ {ERR_REASON(CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"},
+ {ERR_REASON(CAPI_R_CRYPTACQUIRECONTEXT_ERROR),
+ "cryptacquirecontext error"},
+ {ERR_REASON(CAPI_R_CRYPTENUMPROVIDERS_ERROR), "cryptenumproviders error"},
+ {ERR_REASON(CAPI_R_DECRYPT_ERROR), "decrypt error"},
+ {ERR_REASON(CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"},
+ {ERR_REASON(CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"},
+ {ERR_REASON(CAPI_R_ERROR_ADDING_CERT), "error adding cert"},
+ {ERR_REASON(CAPI_R_ERROR_CREATING_STORE), "error creating store"},
+ {ERR_REASON(CAPI_R_ERROR_GETTING_FRIENDLY_NAME),
+ "error getting friendly name"},
+ {ERR_REASON(CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),
+ "error getting key provider info"},
+ {ERR_REASON(CAPI_R_ERROR_OPENING_STORE), "error opening store"},
+ {ERR_REASON(CAPI_R_ERROR_SIGNING_HASH), "error signing hash"},
+ {ERR_REASON(CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"},
+ {ERR_REASON(CAPI_R_GETUSERKEY_ERROR), "getuserkey error"},
+ {ERR_REASON(CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
+ {ERR_REASON(CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
+ "invalid dsa public key blob magic number"},
+ {ERR_REASON(CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"},
+ {ERR_REASON(CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"},
+ {ERR_REASON(CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
+ "invalid rsa public key blob magic number"},
+ {ERR_REASON(CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"},
+ {ERR_REASON(CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),
+ "pubkey export length error"},
+ {ERR_REASON(CAPI_R_UNKNOWN_COMMAND), "unknown command"},
+ {ERR_REASON(CAPI_R_UNSUPPORTED_ALGORITHM_NID),
+ "unsupported algorithm nid"},
+ {ERR_REASON(CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"},
+ {ERR_REASON(CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),
+ "unsupported public key algorithm"},
+ {ERR_REASON(CAPI_R_WIN32_ERROR), "win32 error"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef CAPI_LIB_NAME
+static ERR_STRING_DATA CAPI_lib_name[] = {
+ {0, CAPI_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int CAPI_lib_error_code = 0;
+static int CAPI_error_init = 1;
+
+static void ERR_load_CAPI_strings(void)
+{
+ if (CAPI_lib_error_code == 0)
+ CAPI_lib_error_code = ERR_get_next_error_library();
+
+ if (CAPI_error_init) {
+ CAPI_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(CAPI_lib_error_code, CAPI_str_functs);
+ ERR_load_strings(CAPI_lib_error_code, CAPI_str_reasons);
+#endif
+
+#ifdef CAPI_LIB_NAME
+ CAPI_lib_name->error = ERR_PACK(CAPI_lib_error_code, 0, 0);
+ ERR_load_strings(0, CAPI_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_CAPI_strings(void)
+{
+ if (CAPI_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(CAPI_lib_error_code, CAPI_str_functs);
+ ERR_unload_strings(CAPI_lib_error_code, CAPI_str_reasons);
+#endif
+
+#ifdef CAPI_LIB_NAME
+ ERR_unload_strings(0, CAPI_lib_name);
+#endif
+ CAPI_error_init = 1;
+ }
+}
+
+static void ERR_CAPI_error(int function, int reason, char *file, int line)
+{
+ if (CAPI_lib_error_code == 0)
+ CAPI_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(CAPI_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.h
===================================================================
--- vendor-crypto/openssl/dist/engines/e_capi_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,128 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_CAPI_ERR_H
-#define HEADER_CAPI_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_CAPI_strings(void);
-static void ERR_unload_CAPI_strings(void);
-static void ERR_CAPI_error(int function, int reason, char *file, int line);
-#define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the CAPI functions. */
-
-/* Function codes. */
-#define CAPI_F_CAPI_CERT_GET_FNAME 99
-#define CAPI_F_CAPI_CTRL 100
-#define CAPI_F_CAPI_CTX_NEW 101
-#define CAPI_F_CAPI_CTX_SET_PROVNAME 102
-#define CAPI_F_CAPI_DSA_DO_SIGN 114
-#define CAPI_F_CAPI_GET_KEY 103
-#define CAPI_F_CAPI_GET_PKEY 115
-#define CAPI_F_CAPI_GET_PROVNAME 104
-#define CAPI_F_CAPI_GET_PROV_INFO 105
-#define CAPI_F_CAPI_INIT 106
-#define CAPI_F_CAPI_LIST_CONTAINERS 107
-#define CAPI_F_CAPI_LOAD_PRIVKEY 108
-#define CAPI_F_CAPI_OPEN_STORE 109
-#define CAPI_F_CAPI_RSA_PRIV_DEC 110
-#define CAPI_F_CAPI_RSA_PRIV_ENC 111
-#define CAPI_F_CAPI_RSA_SIGN 112
-#define CAPI_F_CERT_SELECT_DIALOG 117
-#define CAPI_F_CLIENT_CERT_SELECT 116
-#define CAPI_F_WIDE_TO_ASC 113
-
-/* Reason codes. */
-#define CAPI_R_CANT_CREATE_HASH_OBJECT 99
-#define CAPI_R_CANT_FIND_CAPI_CONTEXT 100
-#define CAPI_R_CANT_GET_KEY 101
-#define CAPI_R_CANT_SET_HASH_VALUE 102
-#define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 103
-#define CAPI_R_CRYPTENUMPROVIDERS_ERROR 104
-#define CAPI_R_DECRYPT_ERROR 105
-#define CAPI_R_ENGINE_NOT_INITIALIZED 106
-#define CAPI_R_ENUMCONTAINERS_ERROR 107
-#define CAPI_R_ERROR_ADDING_CERT 125
-#define CAPI_R_ERROR_CREATING_STORE 126
-#define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 108
-#define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 109
-#define CAPI_R_ERROR_OPENING_STORE 110
-#define CAPI_R_ERROR_SIGNING_HASH 111
-#define CAPI_R_FUNCTION_NOT_SUPPORTED 112
-#define CAPI_R_GETUSERKEY_ERROR 113
-#define CAPI_R_INVALID_DIGEST_LENGTH 124
-#define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122
-#define CAPI_R_INVALID_LOOKUP_METHOD 114
-#define CAPI_R_INVALID_PUBLIC_KEY_BLOB 115
-#define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 123
-#define CAPI_R_PUBKEY_EXPORT_ERROR 116
-#define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 117
-#define CAPI_R_UNKNOWN_COMMAND 118
-#define CAPI_R_UNSUPPORTED_ALGORITHM_NID 119
-#define CAPI_R_UNSUPPORTED_PADDING 120
-#define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 121
-#define CAPI_R_WIN32_ERROR 127
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.h (from rev 6976, vendor-crypto/openssl/dist/engines/e_capi_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_capi_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,129 @@
+/* ====================================================================
+ * Copyright (c) 2001-2008 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_CAPI_ERR_H
+# define HEADER_CAPI_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CAPI_strings(void);
+static void ERR_unload_CAPI_strings(void);
+static void ERR_CAPI_error(int function, int reason, char *file, int line);
+# define CAPIerr(f,r) ERR_CAPI_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the CAPI functions. */
+
+/* Function codes. */
+# define CAPI_F_CAPI_CERT_GET_FNAME 99
+# define CAPI_F_CAPI_CTRL 100
+# define CAPI_F_CAPI_CTX_NEW 101
+# define CAPI_F_CAPI_CTX_SET_PROVNAME 102
+# define CAPI_F_CAPI_DSA_DO_SIGN 114
+# define CAPI_F_CAPI_GET_KEY 103
+# define CAPI_F_CAPI_GET_PKEY 115
+# define CAPI_F_CAPI_GET_PROVNAME 104
+# define CAPI_F_CAPI_GET_PROV_INFO 105
+# define CAPI_F_CAPI_INIT 106
+# define CAPI_F_CAPI_LIST_CONTAINERS 107
+# define CAPI_F_CAPI_LOAD_PRIVKEY 108
+# define CAPI_F_CAPI_OPEN_STORE 109
+# define CAPI_F_CAPI_RSA_PRIV_DEC 110
+# define CAPI_F_CAPI_RSA_PRIV_ENC 111
+# define CAPI_F_CAPI_RSA_SIGN 112
+# define CAPI_F_CERT_SELECT_DIALOG 117
+# define CAPI_F_CLIENT_CERT_SELECT 116
+# define CAPI_F_WIDE_TO_ASC 113
+
+/* Reason codes. */
+# define CAPI_R_CANT_CREATE_HASH_OBJECT 99
+# define CAPI_R_CANT_FIND_CAPI_CONTEXT 100
+# define CAPI_R_CANT_GET_KEY 101
+# define CAPI_R_CANT_SET_HASH_VALUE 102
+# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR 103
+# define CAPI_R_CRYPTENUMPROVIDERS_ERROR 104
+# define CAPI_R_DECRYPT_ERROR 105
+# define CAPI_R_ENGINE_NOT_INITIALIZED 106
+# define CAPI_R_ENUMCONTAINERS_ERROR 107
+# define CAPI_R_ERROR_ADDING_CERT 125
+# define CAPI_R_ERROR_CREATING_STORE 126
+# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME 108
+# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO 109
+# define CAPI_R_ERROR_OPENING_STORE 110
+# define CAPI_R_ERROR_SIGNING_HASH 111
+# define CAPI_R_FUNCTION_NOT_SUPPORTED 112
+# define CAPI_R_GETUSERKEY_ERROR 113
+# define CAPI_R_INVALID_DIGEST_LENGTH 124
+# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 122
+# define CAPI_R_INVALID_LOOKUP_METHOD 114
+# define CAPI_R_INVALID_PUBLIC_KEY_BLOB 115
+# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER 123
+# define CAPI_R_PUBKEY_EXPORT_ERROR 116
+# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR 117
+# define CAPI_R_UNKNOWN_COMMAND 118
+# define CAPI_R_UNSUPPORTED_ALGORITHM_NID 119
+# define CAPI_R_UNSUPPORTED_PADDING 120
+# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM 121
+# define CAPI_R_WIN32_ERROR 127
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_chil.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_chil.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_chil.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1359 +0,0 @@
-/* crypto/engine/e_chil.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard at levitte.org), Geoff Thorpe
- * (geoff at geoffthorpe.net) and Dr Stephen N Henson (steve at openssl.org)
- * for the OpenSSL project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/pem.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#include <openssl/ui.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_CHIL
-
-/* Attribution notice: nCipher have said several times that it's OK for
- * us to implement a general interface to their boxes, and recently declared
- * their HWCryptoHook to be public, and therefore available for us to use.
- * Thanks, nCipher.
- *
- * The hwcryptohook.h included here is from May 2000.
- * [Richard Levitte]
- */
-#ifdef FLAT_INC
-#include "hwcryptohook.h"
-#else
-#include "vendor_defns/hwcryptohook.h"
-#endif
-
-#define HWCRHK_LIB_NAME "CHIL engine"
-#include "e_chil_err.c"
-
-static int hwcrhk_destroy(ENGINE *e);
-static int hwcrhk_init(ENGINE *e);
-static int hwcrhk_finish(ENGINE *e);
-static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-/* Functions to handle mutexes */
-static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
-static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);
-static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
-static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
-
-/* BIGNUM stuff */
-static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-
-#ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int hwcrhk_rsa_finish(RSA *rsa);
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* RAND stuff */
-static int hwcrhk_rand_bytes(unsigned char *buf, int num);
-static int hwcrhk_rand_status(void);
-
-/* KM stuff */
-static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-
-/* Interaction stuff */
-static int hwcrhk_insert_card(const char *prompt_info,
- const char *wrong_info,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx);
-static int hwcrhk_get_pass(const char *prompt_info,
- int *len_io, char *buf,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx);
-static void hwcrhk_log_message(void *logstr, const char *message);
-
-/* The definitions for control commands specific to this engine */
-#define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE
-#define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1)
-#define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2)
-#define HWCRHK_CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 3)
-#define HWCRHK_CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 4)
-static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
- {HWCRHK_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'hwcrhk' shared library",
- ENGINE_CMD_FLAG_STRING},
- {HWCRHK_CMD_FORK_CHECK,
- "FORK_CHECK",
- "Turns fork() checking on (non-zero) or off (zero)",
- ENGINE_CMD_FLAG_NUMERIC},
- {HWCRHK_CMD_THREAD_LOCKING,
- "THREAD_LOCKING",
- "Turns thread-safe locking on (zero) or off (non-zero)",
- ENGINE_CMD_FLAG_NUMERIC},
- {HWCRHK_CMD_SET_USER_INTERFACE,
- "SET_USER_INTERFACE",
- "Set the global user interface (internal)",
- ENGINE_CMD_FLAG_INTERNAL},
- {HWCRHK_CMD_SET_CALLBACK_DATA,
- "SET_CALLBACK_DATA",
- "Set the global user interface extra data (internal)",
- ENGINE_CMD_FLAG_INTERNAL},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD hwcrhk_rsa =
- {
- "CHIL RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- hwcrhk_rsa_mod_exp,
- hwcrhk_mod_exp_mont,
- NULL,
- hwcrhk_rsa_finish,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD hwcrhk_dh =
- {
- "CHIL DH method",
- NULL,
- NULL,
- hwcrhk_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-static RAND_METHOD hwcrhk_rand =
- {
- /* "CHIL RAND method", */
- NULL,
- hwcrhk_rand_bytes,
- NULL,
- NULL,
- hwcrhk_rand_bytes,
- hwcrhk_rand_status,
- };
-
-/* Constants used when creating the ENGINE */
-static const char *engine_hwcrhk_id = "chil";
-static const char *engine_hwcrhk_name = "CHIL hardware engine support";
-
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-/* Compatibility hack, the dynamic library uses this form in the path */
-static const char *engine_hwcrhk_id_alt = "ncipher";
-#endif
-
-/* Internal stuff for HWCryptoHook */
-
-/* Some structures needed for proper use of thread locks */
-/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
- into HWCryptoHook_Mutex */
-struct HWCryptoHook_MutexValue
- {
- int lockid;
- };
-
-/* hwcryptohook.h has some typedefs that turn
- struct HWCryptoHook_PassphraseContextValue
- into HWCryptoHook_PassphraseContext */
-struct HWCryptoHook_PassphraseContextValue
- {
- UI_METHOD *ui_method;
- void *callback_data;
- };
-
-/* hwcryptohook.h has some typedefs that turn
- struct HWCryptoHook_CallerContextValue
- into HWCryptoHook_CallerContext */
-struct HWCryptoHook_CallerContextValue
- {
- pem_password_cb *password_callback; /* Deprecated! Only present for
- backward compatibility! */
- UI_METHOD *ui_method;
- void *callback_data;
- };
-
-/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
- BIGNUM's, so lets define a couple of conversion macros */
-#define BN2MPI(mp, bn) \
- {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
-#define MPI2BN(bn, mp) \
- {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
-
-static BIO *logstream = NULL;
-static int disable_mutex_callbacks = 0;
-
-/* One might wonder why these are needed, since one can pass down at least
- a UI_METHOD and a pointer to callback data to the key-loading functions.
- The thing is that the ModExp and RSAImmed functions can load keys as well,
- if the data they get is in a special, nCipher-defined format (hint: if you
- look at the private exponent of the RSA data as a string, you'll see this
- string: "nCipher KM tool key id", followed by some bytes, followed a key
- identity string, followed by more bytes. This happens when you use "embed"
- keys instead of "hwcrhk" keys). Unfortunately, those functions do not take
- any passphrase or caller context, and our functions can't really take any
- callback data either. Still, the "insert_card" and "get_passphrase"
- callbacks may be called down the line, and will need to know what user
- interface callbacks to call, and having callback data from the application
- may be a nice thing as well, so we need to keep track of that globally. */
-static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
-
-/* Stuff to pass to the HWCryptoHook library */
-static HWCryptoHook_InitInfo hwcrhk_globals = {
- HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
- &logstream, /* logstream */
- sizeof(BN_ULONG), /* limbsize */
- 0, /* mslimb first: false for BNs */
- -1, /* msbyte first: use native */
- 0, /* Max mutexes, 0 = no small limit */
- 0, /* Max simultaneous, 0 = default */
-
- /* The next few are mutex stuff: we write wrapper functions
- around the OS mutex functions. We initialise them to 0
- here, and change that to actual function pointers in hwcrhk_init()
- if dynamic locks are supported (that is, if the application
- programmer has made sure of setting up callbacks bafore starting
- this engine) *and* if disable_mutex_callbacks hasn't been set by
- a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */
- sizeof(HWCryptoHook_Mutex),
- 0,
- 0,
- 0,
- 0,
-
- /* The next few are condvar stuff: we write wrapper functions
- round the OS functions. Currently not implemented and not
- and absolute necessity even in threaded programs, therefore
- 0'ed. Will hopefully be implemented some day, since it
- enhances the efficiency of HWCryptoHook. */
- 0, /* sizeof(HWCryptoHook_CondVar), */
- 0, /* hwcrhk_cv_init, */
- 0, /* hwcrhk_cv_wait, */
- 0, /* hwcrhk_cv_signal, */
- 0, /* hwcrhk_cv_broadcast, */
- 0, /* hwcrhk_cv_destroy, */
-
- hwcrhk_get_pass, /* pass phrase */
- hwcrhk_insert_card, /* insert a card */
- hwcrhk_log_message /* Log message */
-};
-
-
-/* Now, to our own code */
-
-/* This internal function is used by ENGINE_chil() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth2;
-#endif
- if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
- !ENGINE_set_name(e, engine_hwcrhk_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &hwcrhk_dh) ||
-#endif
- !ENGINE_set_RAND(e, &hwcrhk_rand) ||
- !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
- !ENGINE_set_init_function(e, hwcrhk_init) ||
- !ENGINE_set_finish_function(e, hwcrhk_finish) ||
- !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
- !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
- !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
- !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the cswift-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth2 = DH_OpenSSL();
- hwcrhk_dh.generate_key = meth2->generate_key;
- hwcrhk_dh.compute_key = meth2->compute_key;
-#endif
-
- /* Ensure the hwcrhk error handling is set up */
- ERR_load_HWCRHK_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_chil(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_chil(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_chil();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the HWCryptoHook library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *hwcrhk_dso = NULL;
-static HWCryptoHook_ContextHandle hwcrhk_context = 0;
-#ifndef OPENSSL_NO_RSA
-static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */
-#endif
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
-static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
-static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
-#ifndef OPENSSL_NO_RSA
-static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
-#endif
-static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
-#ifndef OPENSSL_NO_RSA
-static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
-static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
-static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
-#endif
-static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
-
-/* Used in the DSO operations. */
-static const char *HWCRHK_LIBNAME = NULL;
-static void free_HWCRHK_LIBNAME(void)
- {
- if(HWCRHK_LIBNAME)
- OPENSSL_free((void*)HWCRHK_LIBNAME);
- HWCRHK_LIBNAME = NULL;
- }
-static const char *get_HWCRHK_LIBNAME(void)
- {
- if(HWCRHK_LIBNAME)
- return HWCRHK_LIBNAME;
- return "nfhwcrhk";
- }
-static long set_HWCRHK_LIBNAME(const char *name)
- {
- free_HWCRHK_LIBNAME();
- return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
-static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
-static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
-#ifndef OPENSSL_NO_RSA
-static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
-#endif
-static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
-#ifndef OPENSSL_NO_RSA
-static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
-static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
-static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
-#endif
-static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
-
-/* HWCryptoHook library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no
- * error checking, take a look lower down where these functions are
- * called, the checking and error handling is probably down there. */
-
-/* utility function to obtain a context */
-static int get_context(HWCryptoHook_ContextHandle *hac,
- HWCryptoHook_CallerContext *cac)
- {
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
- *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
- cac);
- if (!*hac)
- return 0;
- return 1;
- }
-
-/* similarly to release one. */
-static void release_context(HWCryptoHook_ContextHandle hac)
- {
- p_hwcrhk_Finish(hac);
- }
-
-/* Destructor (complements the "ENGINE_chil()" constructor) */
-static int hwcrhk_destroy(ENGINE *e)
- {
- free_HWCRHK_LIBNAME();
- ERR_unload_HWCRHK_strings();
- return 1;
- }
-
-/* (de)initialisation functions. */
-static int hwcrhk_init(ENGINE *e)
- {
- HWCryptoHook_Init_t *p1;
- HWCryptoHook_Finish_t *p2;
- HWCryptoHook_ModExp_t *p3;
-#ifndef OPENSSL_NO_RSA
- HWCryptoHook_RSA_t *p4;
- HWCryptoHook_RSALoadKey_t *p5;
- HWCryptoHook_RSAGetPublicKey_t *p6;
- HWCryptoHook_RSAUnloadKey_t *p7;
-#endif
- HWCryptoHook_RandomBytes_t *p8;
- HWCryptoHook_ModExpCRT_t *p9;
-
- if(hwcrhk_dso != NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
- hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
- if(hwcrhk_dso == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
- goto err;
- }
- if(!(p1 = (HWCryptoHook_Init_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
- !(p2 = (HWCryptoHook_Finish_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
- !(p3 = (HWCryptoHook_ModExp_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
-#ifndef OPENSSL_NO_RSA
- !(p4 = (HWCryptoHook_RSA_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
- !(p5 = (HWCryptoHook_RSALoadKey_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
- !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
- !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
-#endif
- !(p8 = (HWCryptoHook_RandomBytes_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
- !(p9 = (HWCryptoHook_ModExpCRT_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
- goto err;
- }
- /* Copy the pointers */
- p_hwcrhk_Init = p1;
- p_hwcrhk_Finish = p2;
- p_hwcrhk_ModExp = p3;
-#ifndef OPENSSL_NO_RSA
- p_hwcrhk_RSA = p4;
- p_hwcrhk_RSALoadKey = p5;
- p_hwcrhk_RSAGetPublicKey = p6;
- p_hwcrhk_RSAUnloadKey = p7;
-#endif
- p_hwcrhk_RandomBytes = p8;
- p_hwcrhk_ModExpCRT = p9;
-
- /* Check if the application decided to support dynamic locks,
- and if it does, use them. */
- if (disable_mutex_callbacks == 0)
- {
- if (CRYPTO_get_dynlock_create_callback() != NULL &&
- CRYPTO_get_dynlock_lock_callback() != NULL &&
- CRYPTO_get_dynlock_destroy_callback() != NULL)
- {
- hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
- hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
- hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
- hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
- }
- }
-
- /* Try and get a context - if not, we may have a DSO but no
- * accelerator! */
- if(!get_context(&hwcrhk_context, &password_context))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
- goto err;
- }
- /* Everything's fine. */
-#ifndef OPENSSL_NO_RSA
- if (hndidx_rsa == -1)
- hndidx_rsa = RSA_get_ex_new_index(0,
- "nFast HWCryptoHook RSA key handle",
- NULL, NULL, NULL);
-#endif
- return 1;
-err:
- if(hwcrhk_dso)
- DSO_free(hwcrhk_dso);
- hwcrhk_dso = NULL;
- p_hwcrhk_Init = NULL;
- p_hwcrhk_Finish = NULL;
- p_hwcrhk_ModExp = NULL;
-#ifndef OPENSSL_NO_RSA
- p_hwcrhk_RSA = NULL;
- p_hwcrhk_RSALoadKey = NULL;
- p_hwcrhk_RSAGetPublicKey = NULL;
- p_hwcrhk_RSAUnloadKey = NULL;
-#endif
- p_hwcrhk_ModExpCRT = NULL;
- p_hwcrhk_RandomBytes = NULL;
- return 0;
- }
-
-static int hwcrhk_finish(ENGINE *e)
- {
- int to_return = 1;
- free_HWCRHK_LIBNAME();
- if(hwcrhk_dso == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED);
- to_return = 0;
- goto err;
- }
- release_context(hwcrhk_context);
- if(!DSO_free(hwcrhk_dso))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE);
- to_return = 0;
- goto err;
- }
- err:
- if (logstream)
- BIO_free(logstream);
- hwcrhk_dso = NULL;
- p_hwcrhk_Init = NULL;
- p_hwcrhk_Finish = NULL;
- p_hwcrhk_ModExp = NULL;
-#ifndef OPENSSL_NO_RSA
- p_hwcrhk_RSA = NULL;
- p_hwcrhk_RSALoadKey = NULL;
- p_hwcrhk_RSAGetPublicKey = NULL;
- p_hwcrhk_RSAUnloadKey = NULL;
-#endif
- p_hwcrhk_ModExpCRT = NULL;
- p_hwcrhk_RandomBytes = NULL;
- return to_return;
- }
-
-static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int to_return = 1;
-
- switch(cmd)
- {
- case HWCRHK_CMD_SO_PATH:
- if(hwcrhk_dso)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);
- return 0;
- }
- if(p == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- return set_HWCRHK_LIBNAME((const char *)p);
- case ENGINE_CTRL_SET_LOGSTREAM:
- {
- BIO *bio = (BIO *)p;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if (logstream)
- {
- BIO_free(logstream);
- logstream = NULL;
- }
- if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
- logstream = bio;
- else
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- password_context.password_callback = (pem_password_cb *)f;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- case ENGINE_CTRL_SET_USER_INTERFACE:
- case HWCRHK_CMD_SET_USER_INTERFACE:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- password_context.ui_method = (UI_METHOD *)p;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- case ENGINE_CTRL_SET_CALLBACK_DATA:
- case HWCRHK_CMD_SET_CALLBACK_DATA:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- password_context.callback_data = p;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- /* this enables or disables the "SimpleForkCheck" flag used in the
- * initialisation structure. */
- case ENGINE_CTRL_CHIL_SET_FORKCHECK:
- case HWCRHK_CMD_FORK_CHECK:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(i)
- hwcrhk_globals.flags |=
- HWCryptoHook_InitFlags_SimpleForkCheck;
- else
- hwcrhk_globals.flags &=
- ~HWCryptoHook_InitFlags_SimpleForkCheck;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- /* This will prevent the initialisation function from "installing"
- * the mutex-handling callbacks, even if they are available from
- * within the library (or were provided to the library from the
- * calling application). This is to remove any baggage for
- * applications not using multithreading. */
- case ENGINE_CTRL_CHIL_NO_LOCKING:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- disable_mutex_callbacks = 1;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- case HWCRHK_CMD_THREAD_LOCKING:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- disable_mutex_callbacks = ((i == 0) ? 0 : 1);
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
-
- /* The command isn't understood by this engine */
- default:
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
- HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- to_return = 0;
- break;
- }
-
- return to_return;
- }
-
-static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
-#ifndef OPENSSL_NO_RSA
- RSA *rtmp = NULL;
-#endif
- EVP_PKEY *res = NULL;
-#ifndef OPENSSL_NO_RSA
- HWCryptoHook_MPI e, n;
- HWCryptoHook_RSAKeyHandle *hptr;
-#endif
-#if !defined(OPENSSL_NO_RSA)
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
- HWCryptoHook_PassphraseContext ppctx;
-#endif
-
-#if !defined(OPENSSL_NO_RSA)
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-#endif
-
- if(!hwcrhk_context)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_NOT_INITIALISED);
- goto err;
- }
-#ifndef OPENSSL_NO_RSA
- hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
- if (!hptr)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ppctx.ui_method = ui_method;
- ppctx.callback_data = callback_data;
- if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
- &rmsg, &ppctx))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_CHIL_ERROR);
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- if (!*hptr)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_NO_KEY);
- goto err;
- }
-#endif
-#ifndef OPENSSL_NO_RSA
- rtmp = RSA_new_method(eng);
- RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
- rtmp->e = BN_new();
- rtmp->n = BN_new();
- rtmp->flags |= RSA_FLAG_EXT_PKEY;
- MPI2BN(rtmp->e, e);
- MPI2BN(rtmp->n, n);
- if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
- != HWCRYPTOHOOK_ERROR_MPISIZE)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,HWCRHK_R_CHIL_ERROR);
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
-
- bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
- bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
- MPI2BN(rtmp->e, e);
- MPI2BN(rtmp->n, n);
-
- if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_CHIL_ERROR);
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- rtmp->e->top = e.size / sizeof(BN_ULONG);
- bn_fix_top(rtmp->e);
- rtmp->n->top = n.size / sizeof(BN_ULONG);
- bn_fix_top(rtmp->n);
-
- res = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(res, rtmp);
-#endif
-
- if (!res)
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
-
- return res;
- err:
- if (res)
- EVP_PKEY_free(res);
-#ifndef OPENSSL_NO_RSA
- if (rtmp)
- RSA_free(rtmp);
-#endif
- return NULL;
- }
-
-static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- EVP_PKEY *res = NULL;
-
-#ifndef OPENSSL_NO_RSA
- res = hwcrhk_load_privkey(eng, key_id,
- ui_method, callback_data);
-#endif
-
- if (res)
- switch(res->type)
- {
-#ifndef OPENSSL_NO_RSA
- case EVP_PKEY_RSA:
- {
- RSA *rsa = NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
- rsa = res->pkey.rsa;
- res->pkey.rsa = RSA_new();
- res->pkey.rsa->n = rsa->n;
- res->pkey.rsa->e = rsa->e;
- rsa->n = NULL;
- rsa->e = NULL;
- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
- RSA_free(rsa);
- }
- break;
-#endif
- default:
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
- HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- goto err;
- }
-
- return res;
- err:
- if (res)
- EVP_PKEY_free(res);
- return NULL;
- }
-
-/* A little mod_exp */
-static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
- /* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's,
- we use them directly, plus a little macro magic. We only
- thing we need to make sure of is that enough space is allocated. */
- HWCryptoHook_MPI m_a, m_p, m_n, m_r;
- int to_return, ret;
-
- to_return = 0; /* expect failure */
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
- if(!hwcrhk_context)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
- goto err;
- }
- /* Prepare the params */
- bn_expand2(r, m->top); /* Check for error !! */
- BN2MPI(m_a, a);
- BN2MPI(m_p, p);
- BN2MPI(m_n, m);
- MPI2BN(r, m_r);
-
- /* Perform the operation */
- ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
-
- /* Convert the response */
- r->top = m_r.size / sizeof(BN_ULONG);
- bn_fix_top(r);
-
- if (ret < 0)
- {
- /* FIXME: When this error is returned, HWCryptoHook is
- telling us that falling back to software computation
- might be a good thing. */
- if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK);
- }
- else
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED);
- }
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
-
- to_return = 1;
-err:
- return to_return;
- }
-
-#ifndef OPENSSL_NO_RSA
-static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
- HWCryptoHook_RSAKeyHandle *hptr;
- int to_return = 0, ret;
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
- if(!hwcrhk_context)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
- goto err;
- }
-
- /* This provides support for nForce keys. Since that's opaque data
- all we do is provide a handle to the proper key and let HWCryptoHook
- take care of the rest. */
- if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
- != NULL)
- {
- HWCryptoHook_MPI m_a, m_r;
-
- if(!rsa->n)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- /* Prepare the params */
- bn_expand2(r, rsa->n->top); /* Check for error !! */
- BN2MPI(m_a, I);
- MPI2BN(r, m_r);
-
- /* Perform the operation */
- ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
-
- /* Convert the response */
- r->top = m_r.size / sizeof(BN_ULONG);
- bn_fix_top(r);
-
- if (ret < 0)
- {
- /* FIXME: When this error is returned, HWCryptoHook is
- telling us that falling back to software computation
- might be a good thing. */
- if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_REQUEST_FALLBACK);
- }
- else
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_REQUEST_FAILED);
- }
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- }
- else
- {
- HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
-
- if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- /* Prepare the params */
- bn_expand2(r, rsa->n->top); /* Check for error !! */
- BN2MPI(m_a, I);
- BN2MPI(m_p, rsa->p);
- BN2MPI(m_q, rsa->q);
- BN2MPI(m_dmp1, rsa->dmp1);
- BN2MPI(m_dmq1, rsa->dmq1);
- BN2MPI(m_iqmp, rsa->iqmp);
- MPI2BN(r, m_r);
-
- /* Perform the operation */
- ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
- m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
-
- /* Convert the response */
- r->top = m_r.size / sizeof(BN_ULONG);
- bn_fix_top(r);
-
- if (ret < 0)
- {
- /* FIXME: When this error is returned, HWCryptoHook is
- telling us that falling back to software computation
- might be a good thing. */
- if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_REQUEST_FALLBACK);
- }
- else
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_REQUEST_FAILED);
- }
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- }
- /* If we're here, we must be here with some semblance of success :-) */
- to_return = 1;
-err:
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return hwcrhk_mod_exp(r, a, p, m, ctx);
- }
-
-static int hwcrhk_rsa_finish(RSA *rsa)
- {
- HWCryptoHook_RSAKeyHandle *hptr;
-
- hptr = RSA_get_ex_data(rsa, hndidx_rsa);
- if (hptr)
- {
- p_hwcrhk_RSAUnloadKey(*hptr, NULL);
- OPENSSL_free(hptr);
- RSA_set_ex_data(rsa, hndidx_rsa, NULL);
- }
- return 1;
- }
-
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return hwcrhk_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* Random bytes are good */
-static int hwcrhk_rand_bytes(unsigned char *buf, int num)
- {
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
- int to_return = 0; /* assume failure */
- int ret;
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
- if(!hwcrhk_context)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED);
- goto err;
- }
-
- ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
- if (ret < 0)
- {
- /* FIXME: When this error is returned, HWCryptoHook is
- telling us that falling back to software computation
- might be a good thing. */
- if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
- HWCRHK_R_REQUEST_FALLBACK);
- }
- else
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
- HWCRHK_R_REQUEST_FAILED);
- }
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- to_return = 1;
- err:
- return to_return;
- }
-
-static int hwcrhk_rand_status(void)
- {
- return 1;
- }
-
-/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
- * these just wrap the POSIX functions and add some logging.
- */
-
-static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,
- HWCryptoHook_CallerContext *cactx)
- {
- mt->lockid = CRYPTO_get_new_dynlockid();
- if (mt->lockid == 0)
- return 1; /* failure */
- return 0; /* success */
- }
-
-static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)
- {
- CRYPTO_w_lock(mt->lockid);
- return 0;
- }
-
-static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
- {
- CRYPTO_w_unlock(mt->lockid);
- }
-
-static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
- {
- CRYPTO_destroy_dynlockid(mt->lockid);
- }
-
-static int hwcrhk_get_pass(const char *prompt_info,
- int *len_io, char *buf,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx)
- {
- pem_password_cb *callback = NULL;
- void *callback_data = NULL;
- UI_METHOD *ui_method = NULL;
- /* Despite what the documentation says prompt_info can be
- * an empty string.
- */
- if (prompt_info && !*prompt_info)
- prompt_info = NULL;
-
- if (cactx)
- {
- if (cactx->ui_method)
- ui_method = cactx->ui_method;
- if (cactx->password_callback)
- callback = cactx->password_callback;
- if (cactx->callback_data)
- callback_data = cactx->callback_data;
- }
- if (ppctx)
- {
- if (ppctx->ui_method)
- {
- ui_method = ppctx->ui_method;
- callback = NULL;
- }
- if (ppctx->callback_data)
- callback_data = ppctx->callback_data;
- }
- if (callback == NULL && ui_method == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
- return -1;
- }
-
- if (ui_method)
- {
- UI *ui = UI_new_method(ui_method);
- if (ui)
- {
- int ok;
- char *prompt = UI_construct_prompt(ui,
- "pass phrase", prompt_info);
-
- ok = UI_add_input_string(ui,prompt,
- UI_INPUT_FLAG_DEFAULT_PWD,
- buf,0,(*len_io) - 1);
- UI_add_user_data(ui, callback_data);
- UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
-
- if (ok >= 0)
- do
- {
- ok=UI_process(ui);
- }
- while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
-
- if (ok >= 0)
- *len_io = strlen(buf);
-
- UI_free(ui);
- OPENSSL_free(prompt);
- }
- }
- else
- {
- *len_io = callback(buf, *len_io, 0, callback_data);
- }
- if(!*len_io)
- return -1;
- return 0;
- }
-
-static int hwcrhk_insert_card(const char *prompt_info,
- const char *wrong_info,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx)
- {
- int ok = -1;
- UI *ui;
- void *callback_data = NULL;
- UI_METHOD *ui_method = NULL;
-
- if (cactx)
- {
- if (cactx->ui_method)
- ui_method = cactx->ui_method;
- if (cactx->callback_data)
- callback_data = cactx->callback_data;
- }
- if (ppctx)
- {
- if (ppctx->ui_method)
- ui_method = ppctx->ui_method;
- if (ppctx->callback_data)
- callback_data = ppctx->callback_data;
- }
- if (ui_method == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
- HWCRHK_R_NO_CALLBACK);
- return -1;
- }
-
- ui = UI_new_method(ui_method);
-
- if (ui)
- {
- char answer;
- char buf[BUFSIZ];
- /* Despite what the documentation says wrong_info can be
- * an empty string.
- */
- if (wrong_info && *wrong_info)
- BIO_snprintf(buf, sizeof(buf)-1,
- "Current card: \"%s\"\n", wrong_info);
- else
- buf[0] = 0;
- ok = UI_dup_info_string(ui, buf);
- if (ok >= 0 && prompt_info)
- {
- BIO_snprintf(buf, sizeof(buf)-1,
- "Insert card \"%s\"", prompt_info);
- ok = UI_dup_input_boolean(ui, buf,
- "\n then hit <enter> or C<enter> to cancel\n",
- "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
- }
- UI_add_user_data(ui, callback_data);
-
- if (ok >= 0)
- ok = UI_process(ui);
- UI_free(ui);
-
- if (ok == -2 || (ok >= 0 && answer == 'C'))
- ok = 1;
- else if (ok < 0)
- ok = -1;
- else
- ok = 0;
- }
- return ok;
- }
-
-static void hwcrhk_log_message(void *logstr, const char *message)
- {
- BIO *lstream = NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_BIO);
- if (logstr)
- lstream=*(BIO **)logstr;
- if (lstream)
- {
- BIO_printf(lstream, "%s\n", message);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
- }
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_hwcrhk_id) != 0) &&
- (strcmp(id, engine_hwcrhk_id_alt) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW_CHIL */
-#endif /* !OPENSSL_NO_HW */
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_chil.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_chil.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_chil.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_chil.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1342 @@
+/* crypto/engine/e_chil.c -*- mode: C; c-file-style: "eay" -*- */
+/*
+ * Written by Richard Levitte (richard at levitte.org), Geoff Thorpe
+ * (geoff at geoffthorpe.net) and Dr Stephen N Henson (steve at openssl.org) for
+ * the OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/ui.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_CHIL
+
+/*-
+ * Attribution notice: nCipher have said several times that it's OK for
+ * us to implement a general interface to their boxes, and recently declared
+ * their HWCryptoHook to be public, and therefore available for us to use.
+ * Thanks, nCipher.
+ *
+ * The hwcryptohook.h included here is from May 2000.
+ * [Richard Levitte]
+ */
+# ifdef FLAT_INC
+# include "hwcryptohook.h"
+# else
+# include "vendor_defns/hwcryptohook.h"
+# endif
+
+# define HWCRHK_LIB_NAME "CHIL engine"
+# include "e_chil_err.c"
+
+static int hwcrhk_destroy(ENGINE *e);
+static int hwcrhk_init(ENGINE *e);
+static int hwcrhk_finish(ENGINE *e);
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+
+/* Functions to handle mutexes */
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex *,
+ HWCryptoHook_CallerContext *);
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *);
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex *);
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *);
+
+/* BIGNUM stuff */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+# ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+static int hwcrhk_rsa_finish(RSA *rsa);
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+
+/* RAND stuff */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num);
+static int hwcrhk_rand_status(void);
+
+/* KM stuff */
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data);
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data);
+
+/* Interaction stuff */
+static int hwcrhk_insert_card(const char *prompt_info,
+ const char *wrong_info,
+ HWCryptoHook_PassphraseContext * ppctx,
+ HWCryptoHook_CallerContext * cactx);
+static int hwcrhk_get_pass(const char *prompt_info,
+ int *len_io, char *buf,
+ HWCryptoHook_PassphraseContext * ppctx,
+ HWCryptoHook_CallerContext * cactx);
+static void hwcrhk_log_message(void *logstr, const char *message);
+
+/* The definitions for control commands specific to this engine */
+# define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE
+# define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1)
+# define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2)
+# define HWCRHK_CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 3)
+# define HWCRHK_CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 4)
+static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
+ {HWCRHK_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'hwcrhk' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {HWCRHK_CMD_FORK_CHECK,
+ "FORK_CHECK",
+ "Turns fork() checking on (non-zero) or off (zero)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {HWCRHK_CMD_THREAD_LOCKING,
+ "THREAD_LOCKING",
+ "Turns thread-safe locking on (zero) or off (non-zero)",
+ ENGINE_CMD_FLAG_NUMERIC},
+ {HWCRHK_CMD_SET_USER_INTERFACE,
+ "SET_USER_INTERFACE",
+ "Set the global user interface (internal)",
+ ENGINE_CMD_FLAG_INTERNAL},
+ {HWCRHK_CMD_SET_CALLBACK_DATA,
+ "SET_CALLBACK_DATA",
+ "Set the global user interface extra data (internal)",
+ ENGINE_CMD_FLAG_INTERNAL},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD hwcrhk_rsa = {
+ "CHIL RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ hwcrhk_rsa_mod_exp,
+ hwcrhk_mod_exp_mont,
+ NULL,
+ hwcrhk_rsa_finish,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD hwcrhk_dh = {
+ "CHIL DH method",
+ NULL,
+ NULL,
+ hwcrhk_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL
+};
+# endif
+
+static RAND_METHOD hwcrhk_rand = {
+ /* "CHIL RAND method", */
+ NULL,
+ hwcrhk_rand_bytes,
+ NULL,
+ NULL,
+ hwcrhk_rand_bytes,
+ hwcrhk_rand_status,
+};
+
+/* Constants used when creating the ENGINE */
+static const char *engine_hwcrhk_id = "chil";
+static const char *engine_hwcrhk_name = "CHIL hardware engine support";
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+/* Compatibility hack, the dynamic library uses this form in the path */
+static const char *engine_hwcrhk_id_alt = "ncipher";
+# endif
+
+/* Internal stuff for HWCryptoHook */
+
+/* Some structures needed for proper use of thread locks */
+/*
+ * hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
+ * into HWCryptoHook_Mutex
+ */
+struct HWCryptoHook_MutexValue {
+ int lockid;
+};
+
+/*
+ * hwcryptohook.h has some typedefs that turn struct
+ * HWCryptoHook_PassphraseContextValue into HWCryptoHook_PassphraseContext
+ */
+struct HWCryptoHook_PassphraseContextValue {
+ UI_METHOD *ui_method;
+ void *callback_data;
+};
+
+/*
+ * hwcryptohook.h has some typedefs that turn struct
+ * HWCryptoHook_CallerContextValue into HWCryptoHook_CallerContext
+ */
+struct HWCryptoHook_CallerContextValue {
+ pem_password_cb *password_callback; /* Deprecated! Only present for
+ * backward compatibility! */
+ UI_METHOD *ui_method;
+ void *callback_data;
+};
+
+/*
+ * The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
+ * BIGNUM's, so lets define a couple of conversion macros
+ */
+# define BN2MPI(mp, bn) \
+ {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+# define MPI2BN(bn, mp) \
+ {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+
+static BIO *logstream = NULL;
+static int disable_mutex_callbacks = 0;
+
+/*
+ * One might wonder why these are needed, since one can pass down at least a
+ * UI_METHOD and a pointer to callback data to the key-loading functions. The
+ * thing is that the ModExp and RSAImmed functions can load keys as well, if
+ * the data they get is in a special, nCipher-defined format (hint: if you
+ * look at the private exponent of the RSA data as a string, you'll see this
+ * string: "nCipher KM tool key id", followed by some bytes, followed a key
+ * identity string, followed by more bytes. This happens when you use
+ * "embed" keys instead of "hwcrhk" keys). Unfortunately, those functions do
+ * not take any passphrase or caller context, and our functions can't really
+ * take any callback data either. Still, the "insert_card" and
+ * "get_passphrase" callbacks may be called down the line, and will need to
+ * know what user interface callbacks to call, and having callback data from
+ * the application may be a nice thing as well, so we need to keep track of
+ * that globally.
+ */
+static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
+
+/* Stuff to pass to the HWCryptoHook library */
+static HWCryptoHook_InitInfo hwcrhk_globals = {
+ HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
+ &logstream, /* logstream */
+ sizeof(BN_ULONG), /* limbsize */
+ 0, /* mslimb first: false for BNs */
+ -1, /* msbyte first: use native */
+ 0, /* Max mutexes, 0 = no small limit */
+ 0, /* Max simultaneous, 0 = default */
+
+ /*
+ * The next few are mutex stuff: we write wrapper functions around the OS
+ * mutex functions. We initialise them to 0 here, and change that to
+ * actual function pointers in hwcrhk_init() if dynamic locks are
+ * supported (that is, if the application programmer has made sure of
+ * setting up callbacks bafore starting this engine) *and* if
+ * disable_mutex_callbacks hasn't been set by a call to
+ * ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING).
+ */
+ sizeof(HWCryptoHook_Mutex),
+ 0,
+ 0,
+ 0,
+ 0,
+
+ /*
+ * The next few are condvar stuff: we write wrapper functions round the
+ * OS functions. Currently not implemented and not and absolute
+ * necessity even in threaded programs, therefore 0'ed. Will hopefully
+ * be implemented some day, since it enhances the efficiency of
+ * HWCryptoHook.
+ */
+ 0, /* sizeof(HWCryptoHook_CondVar), */
+ 0, /* hwcrhk_cv_init, */
+ 0, /* hwcrhk_cv_wait, */
+ 0, /* hwcrhk_cv_signal, */
+ 0, /* hwcrhk_cv_broadcast, */
+ 0, /* hwcrhk_cv_destroy, */
+
+ hwcrhk_get_pass, /* pass phrase */
+ hwcrhk_insert_card, /* insert a card */
+ hwcrhk_log_message /* Log message */
+};
+
+/* Now, to our own code */
+
+/*
+ * This internal function is used by ENGINE_chil() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth2;
+# endif
+ if (!ENGINE_set_id(e, engine_hwcrhk_id) ||
+ !ENGINE_set_name(e, engine_hwcrhk_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &hwcrhk_dh) ||
+# endif
+ !ENGINE_set_RAND(e, &hwcrhk_rand) ||
+ !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
+ !ENGINE_set_init_function(e, hwcrhk_init) ||
+ !ENGINE_set_finish_function(e, hwcrhk_finish) ||
+ !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
+ !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
+ !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
+ !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
+ * We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth2 = DH_OpenSSL();
+ hwcrhk_dh.generate_key = meth2->generate_key;
+ hwcrhk_dh.compute_key = meth2->compute_key;
+# endif
+
+ /* Ensure the hwcrhk error handling is set up */
+ ERR_load_HWCRHK_strings();
+ return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_chil(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_chil(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_chil();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * HWCryptoHook library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
+static DSO *hwcrhk_dso = NULL;
+static HWCryptoHook_ContextHandle hwcrhk_context = 0;
+# ifndef OPENSSL_NO_RSA
+/* Index for KM handle. Not really used yet. */
+static int hndidx_rsa = -1;
+# endif
+
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
+static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
+static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
+static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
+# ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
+# endif
+static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
+# ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
+static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
+static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
+# endif
+static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
+
+/* Used in the DSO operations. */
+static const char *HWCRHK_LIBNAME = NULL;
+static void free_HWCRHK_LIBNAME(void)
+{
+ if (HWCRHK_LIBNAME)
+ OPENSSL_free((void *)HWCRHK_LIBNAME);
+ HWCRHK_LIBNAME = NULL;
+}
+
+static const char *get_HWCRHK_LIBNAME(void)
+{
+ if (HWCRHK_LIBNAME)
+ return HWCRHK_LIBNAME;
+ return "nfhwcrhk";
+}
+
+static long set_HWCRHK_LIBNAME(const char *name)
+{
+ free_HWCRHK_LIBNAME();
+ return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
+static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
+static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
+static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
+# ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
+# endif
+static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
+# ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
+static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
+static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
+# endif
+static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
+
+/*
+ * HWCryptoHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no error
+ * checking, take a look lower down where these functions are called, the
+ * checking and error handling is probably down there.
+ */
+
+/* utility function to obtain a context */
+static int get_context(HWCryptoHook_ContextHandle * hac,
+ HWCryptoHook_CallerContext * cac)
+{
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+
+ rmsg.buf = tempbuf;
+ rmsg.size = sizeof(tempbuf);
+
+ *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg, cac);
+ if (!*hac)
+ return 0;
+ return 1;
+}
+
+/* similarly to release one. */
+static void release_context(HWCryptoHook_ContextHandle hac)
+{
+ p_hwcrhk_Finish(hac);
+}
+
+/* Destructor (complements the "ENGINE_chil()" constructor) */
+static int hwcrhk_destroy(ENGINE *e)
+{
+ free_HWCRHK_LIBNAME();
+ ERR_unload_HWCRHK_strings();
+ return 1;
+}
+
+/* (de)initialisation functions. */
+static int hwcrhk_init(ENGINE *e)
+{
+ HWCryptoHook_Init_t *p1;
+ HWCryptoHook_Finish_t *p2;
+ HWCryptoHook_ModExp_t *p3;
+# ifndef OPENSSL_NO_RSA
+ HWCryptoHook_RSA_t *p4;
+ HWCryptoHook_RSALoadKey_t *p5;
+ HWCryptoHook_RSAGetPublicKey_t *p6;
+ HWCryptoHook_RSAUnloadKey_t *p7;
+# endif
+ HWCryptoHook_RandomBytes_t *p8;
+ HWCryptoHook_ModExpCRT_t *p9;
+
+ if (hwcrhk_dso != NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_ALREADY_LOADED);
+ goto err;
+ }
+ /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
+ hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
+ if (hwcrhk_dso == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
+ goto err;
+ }
+ if (!(p1 = (HWCryptoHook_Init_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
+ !(p2 = (HWCryptoHook_Finish_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
+ !(p3 = (HWCryptoHook_ModExp_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
+# ifndef OPENSSL_NO_RSA
+ !(p4 = (HWCryptoHook_RSA_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
+ !(p5 = (HWCryptoHook_RSALoadKey_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
+ !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
+ !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
+# endif
+ !(p8 = (HWCryptoHook_RandomBytes_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
+ !(p9 = (HWCryptoHook_ModExpCRT_t *)
+ DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE);
+ goto err;
+ }
+ /* Copy the pointers */
+ p_hwcrhk_Init = p1;
+ p_hwcrhk_Finish = p2;
+ p_hwcrhk_ModExp = p3;
+# ifndef OPENSSL_NO_RSA
+ p_hwcrhk_RSA = p4;
+ p_hwcrhk_RSALoadKey = p5;
+ p_hwcrhk_RSAGetPublicKey = p6;
+ p_hwcrhk_RSAUnloadKey = p7;
+# endif
+ p_hwcrhk_RandomBytes = p8;
+ p_hwcrhk_ModExpCRT = p9;
+
+ /*
+ * Check if the application decided to support dynamic locks, and if it
+ * does, use them.
+ */
+ if (disable_mutex_callbacks == 0) {
+ if (CRYPTO_get_dynlock_create_callback() != NULL &&
+ CRYPTO_get_dynlock_lock_callback() != NULL &&
+ CRYPTO_get_dynlock_destroy_callback() != NULL) {
+ hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
+ hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
+ hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
+ hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
+ }
+ }
+
+ /*
+ * Try and get a context - if not, we may have a DSO but no accelerator!
+ */
+ if (!get_context(&hwcrhk_context, &password_context)) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_UNIT_FAILURE);
+ goto err;
+ }
+ /* Everything's fine. */
+# ifndef OPENSSL_NO_RSA
+ if (hndidx_rsa == -1)
+ hndidx_rsa = RSA_get_ex_new_index(0,
+ "nFast HWCryptoHook RSA key handle",
+ NULL, NULL, NULL);
+# endif
+ return 1;
+ err:
+ if (hwcrhk_dso)
+ DSO_free(hwcrhk_dso);
+ hwcrhk_dso = NULL;
+ p_hwcrhk_Init = NULL;
+ p_hwcrhk_Finish = NULL;
+ p_hwcrhk_ModExp = NULL;
+# ifndef OPENSSL_NO_RSA
+ p_hwcrhk_RSA = NULL;
+ p_hwcrhk_RSALoadKey = NULL;
+ p_hwcrhk_RSAGetPublicKey = NULL;
+ p_hwcrhk_RSAUnloadKey = NULL;
+# endif
+ p_hwcrhk_ModExpCRT = NULL;
+ p_hwcrhk_RandomBytes = NULL;
+ return 0;
+}
+
+static int hwcrhk_finish(ENGINE *e)
+{
+ int to_return = 1;
+ free_HWCRHK_LIBNAME();
+ if (hwcrhk_dso == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_NOT_LOADED);
+ to_return = 0;
+ goto err;
+ }
+ release_context(hwcrhk_context);
+ if (!DSO_free(hwcrhk_dso)) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_FINISH, HWCRHK_R_DSO_FAILURE);
+ to_return = 0;
+ goto err;
+ }
+ err:
+ if (logstream)
+ BIO_free(logstream);
+ hwcrhk_dso = NULL;
+ p_hwcrhk_Init = NULL;
+ p_hwcrhk_Finish = NULL;
+ p_hwcrhk_ModExp = NULL;
+# ifndef OPENSSL_NO_RSA
+ p_hwcrhk_RSA = NULL;
+ p_hwcrhk_RSALoadKey = NULL;
+ p_hwcrhk_RSAGetPublicKey = NULL;
+ p_hwcrhk_RSAUnloadKey = NULL;
+# endif
+ p_hwcrhk_ModExpCRT = NULL;
+ p_hwcrhk_RandomBytes = NULL;
+ return to_return;
+}
+
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int to_return = 1;
+
+ switch (cmd) {
+ case HWCRHK_CMD_SO_PATH:
+ if (hwcrhk_dso) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_ALREADY_LOADED);
+ return 0;
+ }
+ if (p == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ return set_HWCRHK_LIBNAME((const char *)p);
+ case ENGINE_CTRL_SET_LOGSTREAM:
+ {
+ BIO *bio = (BIO *)p;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (logstream) {
+ BIO_free(logstream);
+ logstream = NULL;
+ }
+ if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
+ logstream = bio;
+ else
+ HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, HWCRHK_R_BIO_WAS_FREED);
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ password_context.password_callback = (pem_password_cb *)f;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ case ENGINE_CTRL_SET_USER_INTERFACE:
+ case HWCRHK_CMD_SET_USER_INTERFACE:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ password_context.ui_method = (UI_METHOD *)p;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ case ENGINE_CTRL_SET_CALLBACK_DATA:
+ case HWCRHK_CMD_SET_CALLBACK_DATA:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ password_context.callback_data = p;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ /*
+ * this enables or disables the "SimpleForkCheck" flag used in the
+ * initialisation structure.
+ */
+ case ENGINE_CTRL_CHIL_SET_FORKCHECK:
+ case HWCRHK_CMD_FORK_CHECK:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (i)
+ hwcrhk_globals.flags |= HWCryptoHook_InitFlags_SimpleForkCheck;
+ else
+ hwcrhk_globals.flags &= ~HWCryptoHook_InitFlags_SimpleForkCheck;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ /*
+ * This will prevent the initialisation function from "installing"
+ * the mutex-handling callbacks, even if they are available from
+ * within the library (or were provided to the library from the
+ * calling application). This is to remove any baggage for
+ * applications not using multithreading.
+ */
+ case ENGINE_CTRL_CHIL_NO_LOCKING:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ disable_mutex_callbacks = 1;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ case HWCRHK_CMD_THREAD_LOCKING:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ disable_mutex_callbacks = ((i == 0) ? 0 : 1);
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+
+ /* The command isn't understood by this engine */
+ default:
+ HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
+ HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ to_return = 0;
+ break;
+ }
+
+ return to_return;
+}
+
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data)
+{
+# ifndef OPENSSL_NO_RSA
+ RSA *rtmp = NULL;
+# endif
+ EVP_PKEY *res = NULL;
+# ifndef OPENSSL_NO_RSA
+ HWCryptoHook_MPI e, n;
+ HWCryptoHook_RSAKeyHandle *hptr;
+# endif
+# if !defined(OPENSSL_NO_RSA)
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+ HWCryptoHook_PassphraseContext ppctx;
+# endif
+
+# if !defined(OPENSSL_NO_RSA)
+ rmsg.buf = tempbuf;
+ rmsg.size = sizeof(tempbuf);
+# endif
+
+ if (!hwcrhk_context) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NOT_INITIALISED);
+ goto err;
+ }
+# ifndef OPENSSL_NO_RSA
+ hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
+ if (!hptr) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ ppctx.ui_method = ui_method;
+ ppctx.callback_data = callback_data;
+ if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, &rmsg, &ppctx)) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+ if (!*hptr) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NO_KEY);
+ goto err;
+ }
+# endif
+# ifndef OPENSSL_NO_RSA
+ rtmp = RSA_new_method(eng);
+ RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
+ rtmp->e = BN_new();
+ rtmp->n = BN_new();
+ rtmp->flags |= RSA_FLAG_EXT_PKEY;
+ MPI2BN(rtmp->e, e);
+ MPI2BN(rtmp->n, n);
+ if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
+ != HWCRYPTOHOOK_ERROR_MPISIZE) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+
+ bn_expand2(rtmp->e, e.size / sizeof(BN_ULONG));
+ bn_expand2(rtmp->n, n.size / sizeof(BN_ULONG));
+ MPI2BN(rtmp->e, e);
+ MPI2BN(rtmp->n, n);
+
+ if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR);
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+ rtmp->e->top = e.size / sizeof(BN_ULONG);
+ bn_fix_top(rtmp->e);
+ rtmp->n->top = n.size / sizeof(BN_ULONG);
+ bn_fix_top(rtmp->n);
+
+ res = EVP_PKEY_new();
+ EVP_PKEY_assign_RSA(res, rtmp);
+# endif
+
+ if (!res)
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+ HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
+
+ return res;
+ err:
+ if (res)
+ EVP_PKEY_free(res);
+# ifndef OPENSSL_NO_RSA
+ if (rtmp)
+ RSA_free(rtmp);
+# endif
+ return NULL;
+}
+
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+ UI_METHOD *ui_method, void *callback_data)
+{
+ EVP_PKEY *res = NULL;
+
+# ifndef OPENSSL_NO_RSA
+ res = hwcrhk_load_privkey(eng, key_id, ui_method, callback_data);
+# endif
+
+ if (res)
+ switch (res->type) {
+# ifndef OPENSSL_NO_RSA
+ case EVP_PKEY_RSA:
+ {
+ RSA *rsa = NULL;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+ rsa = res->pkey.rsa;
+ res->pkey.rsa = RSA_new();
+ res->pkey.rsa->n = rsa->n;
+ res->pkey.rsa->e = rsa->e;
+ rsa->n = NULL;
+ rsa->e = NULL;
+ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+ RSA_free(rsa);
+ }
+ break;
+# endif
+ default:
+ HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+ HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ goto err;
+ }
+
+ return res;
+ err:
+ if (res)
+ EVP_PKEY_free(res);
+ return NULL;
+}
+
+/* A little mod_exp */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+ /*
+ * Since HWCryptoHook_MPI is pretty compatible with BIGNUM's, we use them
+ * directly, plus a little macro magic. We only thing we need to make
+ * sure of is that enough space is allocated.
+ */
+ HWCryptoHook_MPI m_a, m_p, m_n, m_r;
+ int to_return, ret;
+
+ to_return = 0; /* expect failure */
+ rmsg.buf = tempbuf;
+ rmsg.size = sizeof(tempbuf);
+
+ if (!hwcrhk_context) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_NOT_INITIALISED);
+ goto err;
+ }
+ /* Prepare the params */
+ bn_expand2(r, m->top); /* Check for error !! */
+ BN2MPI(m_a, a);
+ BN2MPI(m_p, p);
+ BN2MPI(m_n, m);
+ MPI2BN(r, m_r);
+
+ /* Perform the operation */
+ ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
+
+ /* Convert the response */
+ r->top = m_r.size / sizeof(BN_ULONG);
+ bn_fix_top(r);
+
+ if (ret < 0) {
+ /*
+ * FIXME: When this error is returned, HWCryptoHook is telling us
+ * that falling back to software computation might be a good thing.
+ */
+ if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FALLBACK);
+ } else {
+ HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP, HWCRHK_R_REQUEST_FAILED);
+ }
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+
+ to_return = 1;
+ err:
+ return to_return;
+}
+
+# ifndef OPENSSL_NO_RSA
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+ HWCryptoHook_RSAKeyHandle *hptr;
+ int to_return = 0, ret;
+
+ rmsg.buf = tempbuf;
+ rmsg.size = sizeof(tempbuf);
+
+ if (!hwcrhk_context) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, HWCRHK_R_NOT_INITIALISED);
+ goto err;
+ }
+
+ /*
+ * This provides support for nForce keys. Since that's opaque data all
+ * we do is provide a handle to the proper key and let HWCryptoHook take
+ * care of the rest.
+ */
+ if ((hptr =
+ (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
+ != NULL) {
+ HWCryptoHook_MPI m_a, m_r;
+
+ if (!rsa->n) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+ HWCRHK_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+
+ /* Prepare the params */
+ bn_expand2(r, rsa->n->top); /* Check for error !! */
+ BN2MPI(m_a, I);
+ MPI2BN(r, m_r);
+
+ /* Perform the operation */
+ ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
+
+ /* Convert the response */
+ r->top = m_r.size / sizeof(BN_ULONG);
+ bn_fix_top(r);
+
+ if (ret < 0) {
+ /*
+ * FIXME: When this error is returned, HWCryptoHook is telling us
+ * that falling back to software computation might be a good
+ * thing.
+ */
+ if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+ HWCRHK_R_REQUEST_FALLBACK);
+ } else {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+ HWCRHK_R_REQUEST_FAILED);
+ }
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+ } else {
+ HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
+
+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+ HWCRHK_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+
+ /* Prepare the params */
+ bn_expand2(r, rsa->n->top); /* Check for error !! */
+ BN2MPI(m_a, I);
+ BN2MPI(m_p, rsa->p);
+ BN2MPI(m_q, rsa->q);
+ BN2MPI(m_dmp1, rsa->dmp1);
+ BN2MPI(m_dmq1, rsa->dmq1);
+ BN2MPI(m_iqmp, rsa->iqmp);
+ MPI2BN(r, m_r);
+
+ /* Perform the operation */
+ ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
+ m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
+
+ /* Convert the response */
+ r->top = m_r.size / sizeof(BN_ULONG);
+ bn_fix_top(r);
+
+ if (ret < 0) {
+ /*
+ * FIXME: When this error is returned, HWCryptoHook is telling us
+ * that falling back to software computation might be a good
+ * thing.
+ */
+ if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+ HWCRHK_R_REQUEST_FALLBACK);
+ } else {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+ HWCRHK_R_REQUEST_FAILED);
+ }
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+ }
+ /*
+ * If we're here, we must be here with some semblance of success :-)
+ */
+ to_return = 1;
+ err:
+ return to_return;
+}
+# endif
+
+# ifndef OPENSSL_NO_RSA
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return hwcrhk_mod_exp(r, a, p, m, ctx);
+}
+
+static int hwcrhk_rsa_finish(RSA *rsa)
+{
+ HWCryptoHook_RSAKeyHandle *hptr;
+
+ hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+ if (hptr) {
+ p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+ OPENSSL_free(hptr);
+ RSA_set_ex_data(rsa, hndidx_rsa, NULL);
+ }
+ return 1;
+}
+
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return hwcrhk_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+/* Random bytes are good */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num)
+{
+ char tempbuf[1024];
+ HWCryptoHook_ErrMsgBuf rmsg;
+ int to_return = 0; /* assume failure */
+ int ret;
+
+ rmsg.buf = tempbuf;
+ rmsg.size = sizeof(tempbuf);
+
+ if (!hwcrhk_context) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_NOT_INITIALISED);
+ goto err;
+ }
+
+ ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
+ if (ret < 0) {
+ /*
+ * FIXME: When this error is returned, HWCryptoHook is telling us
+ * that falling back to software computation might be a good thing.
+ */
+ if (ret == HWCRYPTOHOOK_ERROR_FALLBACK) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FALLBACK);
+ } else {
+ HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, HWCRHK_R_REQUEST_FAILED);
+ }
+ ERR_add_error_data(1, rmsg.buf);
+ goto err;
+ }
+ to_return = 1;
+ err:
+ return to_return;
+}
+
+static int hwcrhk_rand_status(void)
+{
+ return 1;
+}
+
+/*
+ * Mutex calls: since the HWCryptoHook model closely follows the POSIX model
+ * these just wrap the POSIX functions and add some logging.
+ */
+
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex * mt,
+ HWCryptoHook_CallerContext * cactx)
+{
+ mt->lockid = CRYPTO_get_new_dynlockid();
+ if (mt->lockid == 0)
+ return 1; /* failure */
+ return 0; /* success */
+}
+
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex * mt)
+{
+ CRYPTO_w_lock(mt->lockid);
+ return 0;
+}
+
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
+{
+ CRYPTO_w_unlock(mt->lockid);
+}
+
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex * mt)
+{
+ CRYPTO_destroy_dynlockid(mt->lockid);
+}
+
+static int hwcrhk_get_pass(const char *prompt_info,
+ int *len_io, char *buf,
+ HWCryptoHook_PassphraseContext * ppctx,
+ HWCryptoHook_CallerContext * cactx)
+{
+ pem_password_cb *callback = NULL;
+ void *callback_data = NULL;
+ UI_METHOD *ui_method = NULL;
+ /*
+ * Despite what the documentation says prompt_info can be an empty
+ * string.
+ */
+ if (prompt_info && !*prompt_info)
+ prompt_info = NULL;
+
+ if (cactx) {
+ if (cactx->ui_method)
+ ui_method = cactx->ui_method;
+ if (cactx->password_callback)
+ callback = cactx->password_callback;
+ if (cactx->callback_data)
+ callback_data = cactx->callback_data;
+ }
+ if (ppctx) {
+ if (ppctx->ui_method) {
+ ui_method = ppctx->ui_method;
+ callback = NULL;
+ }
+ if (ppctx->callback_data)
+ callback_data = ppctx->callback_data;
+ }
+ if (callback == NULL && ui_method == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS, HWCRHK_R_NO_CALLBACK);
+ return -1;
+ }
+
+ if (ui_method) {
+ UI *ui = UI_new_method(ui_method);
+ if (ui) {
+ int ok;
+ char *prompt = UI_construct_prompt(ui,
+ "pass phrase", prompt_info);
+
+ ok = UI_add_input_string(ui, prompt,
+ UI_INPUT_FLAG_DEFAULT_PWD,
+ buf, 0, (*len_io) - 1);
+ UI_add_user_data(ui, callback_data);
+ UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+ if (ok >= 0)
+ do {
+ ok = UI_process(ui);
+ }
+ while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+ if (ok >= 0)
+ *len_io = strlen(buf);
+
+ UI_free(ui);
+ OPENSSL_free(prompt);
+ }
+ } else {
+ *len_io = callback(buf, *len_io, 0, callback_data);
+ }
+ if (!*len_io)
+ return -1;
+ return 0;
+}
+
+static int hwcrhk_insert_card(const char *prompt_info,
+ const char *wrong_info,
+ HWCryptoHook_PassphraseContext * ppctx,
+ HWCryptoHook_CallerContext * cactx)
+{
+ int ok = -1;
+ UI *ui;
+ void *callback_data = NULL;
+ UI_METHOD *ui_method = NULL;
+
+ if (cactx) {
+ if (cactx->ui_method)
+ ui_method = cactx->ui_method;
+ if (cactx->callback_data)
+ callback_data = cactx->callback_data;
+ }
+ if (ppctx) {
+ if (ppctx->ui_method)
+ ui_method = ppctx->ui_method;
+ if (ppctx->callback_data)
+ callback_data = ppctx->callback_data;
+ }
+ if (ui_method == NULL) {
+ HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, HWCRHK_R_NO_CALLBACK);
+ return -1;
+ }
+
+ ui = UI_new_method(ui_method);
+
+ if (ui) {
+ char answer;
+ char buf[BUFSIZ];
+ /*
+ * Despite what the documentation says wrong_info can be an empty
+ * string.
+ */
+ if (wrong_info && *wrong_info)
+ BIO_snprintf(buf, sizeof(buf) - 1,
+ "Current card: \"%s\"\n", wrong_info);
+ else
+ buf[0] = 0;
+ ok = UI_dup_info_string(ui, buf);
+ if (ok >= 0 && prompt_info) {
+ BIO_snprintf(buf, sizeof(buf) - 1,
+ "Insert card \"%s\"", prompt_info);
+ ok = UI_dup_input_boolean(ui, buf,
+ "\n then hit <enter> or C<enter> to cancel\n",
+ "\r\n", "Cc", UI_INPUT_FLAG_ECHO,
+ &answer);
+ }
+ UI_add_user_data(ui, callback_data);
+
+ if (ok >= 0)
+ ok = UI_process(ui);
+ UI_free(ui);
+
+ if (ok == -2 || (ok >= 0 && answer == 'C'))
+ ok = 1;
+ else if (ok < 0)
+ ok = -1;
+ else
+ ok = 0;
+ }
+ return ok;
+}
+
+static void hwcrhk_log_message(void *logstr, const char *message)
+{
+ BIO *lstream = NULL;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+ if (logstr)
+ lstream = *(BIO **)logstr;
+ if (lstream) {
+ BIO_printf(lstream, "%s\n", message);
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_hwcrhk_id) != 0) &&
+ (strcmp(id, engine_hwcrhk_id_alt) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_HW_CHIL */
+#endif /* !OPENSSL_NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_chil_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,160 +0,0 @@
-/* e_chil_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_chil_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA HWCRHK_str_functs[]=
- {
-{ERR_FUNC(HWCRHK_F_HWCRHK_CTRL), "HWCRHK_CTRL"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_FINISH), "HWCRHK_FINISH"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_GET_PASS), "HWCRHK_GET_PASS"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_INIT), "HWCRHK_INIT"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_INSERT_CARD), "HWCRHK_INSERT_CARD"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PRIVKEY), "HWCRHK_LOAD_PRIVKEY"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PUBKEY), "HWCRHK_LOAD_PUBKEY"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_MOD_EXP), "HWCRHK_MOD_EXP"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_RAND_BYTES), "HWCRHK_RAND_BYTES"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_RSA_MOD_EXP), "HWCRHK_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA HWCRHK_str_reasons[]=
- {
-{ERR_REASON(HWCRHK_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(HWCRHK_R_BIO_WAS_FREED) ,"bio was freed"},
-{ERR_REASON(HWCRHK_R_CHIL_ERROR) ,"chil error"},
-{ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(HWCRHK_R_DSO_FAILURE) ,"dso failure"},
-{ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(HWCRHK_R_NOT_INITIALISED) ,"not initialised"},
-{ERR_REASON(HWCRHK_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(HWCRHK_R_NO_CALLBACK) ,"no callback"},
-{ERR_REASON(HWCRHK_R_NO_KEY) ,"no key"},
-{ERR_REASON(HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED),"private key algorithms disabled"},
-{ERR_REASON(HWCRHK_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(HWCRHK_R_REQUEST_FALLBACK) ,"request fallback"},
-{ERR_REASON(HWCRHK_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef HWCRHK_LIB_NAME
-static ERR_STRING_DATA HWCRHK_lib_name[]=
- {
-{0 ,HWCRHK_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int HWCRHK_lib_error_code=0;
-static int HWCRHK_error_init=1;
-
-static void ERR_load_HWCRHK_strings(void)
- {
- if (HWCRHK_lib_error_code == 0)
- HWCRHK_lib_error_code=ERR_get_next_error_library();
-
- if (HWCRHK_error_init)
- {
- HWCRHK_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
- ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
-#endif
-
-#ifdef HWCRHK_LIB_NAME
- HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code,0,0);
- ERR_load_strings(0,HWCRHK_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_HWCRHK_strings(void)
- {
- if (HWCRHK_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
- ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
-#endif
-
-#ifdef HWCRHK_LIB_NAME
- ERR_unload_strings(0,HWCRHK_lib_name);
-#endif
- HWCRHK_error_init=1;
- }
- }
-
-static void ERR_HWCRHK_error(int function, int reason, char *file, int line)
- {
- if (HWCRHK_lib_error_code == 0)
- HWCRHK_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(HWCRHK_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_chil_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,157 @@
+/* e_chil_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_chil_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA HWCRHK_str_functs[] = {
+ {ERR_FUNC(HWCRHK_F_HWCRHK_CTRL), "HWCRHK_CTRL"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_FINISH), "HWCRHK_FINISH"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_GET_PASS), "HWCRHK_GET_PASS"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_INIT), "HWCRHK_INIT"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_INSERT_CARD), "HWCRHK_INSERT_CARD"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PRIVKEY), "HWCRHK_LOAD_PRIVKEY"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PUBKEY), "HWCRHK_LOAD_PUBKEY"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_MOD_EXP), "HWCRHK_MOD_EXP"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_RAND_BYTES), "HWCRHK_RAND_BYTES"},
+ {ERR_FUNC(HWCRHK_F_HWCRHK_RSA_MOD_EXP), "HWCRHK_RSA_MOD_EXP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA HWCRHK_str_reasons[] = {
+ {ERR_REASON(HWCRHK_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(HWCRHK_R_BIO_WAS_FREED), "bio was freed"},
+ {ERR_REASON(HWCRHK_R_CHIL_ERROR), "chil error"},
+ {ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(HWCRHK_R_DSO_FAILURE), "dso failure"},
+ {ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {ERR_REASON(HWCRHK_R_NOT_INITIALISED), "not initialised"},
+ {ERR_REASON(HWCRHK_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(HWCRHK_R_NO_CALLBACK), "no callback"},
+ {ERR_REASON(HWCRHK_R_NO_KEY), "no key"},
+ {ERR_REASON(HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED),
+ "private key algorithms disabled"},
+ {ERR_REASON(HWCRHK_R_REQUEST_FAILED), "request failed"},
+ {ERR_REASON(HWCRHK_R_REQUEST_FALLBACK), "request fallback"},
+ {ERR_REASON(HWCRHK_R_UNIT_FAILURE), "unit failure"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+static ERR_STRING_DATA HWCRHK_lib_name[] = {
+ {0, HWCRHK_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int HWCRHK_lib_error_code = 0;
+static int HWCRHK_error_init = 1;
+
+static void ERR_load_HWCRHK_strings(void)
+{
+ if (HWCRHK_lib_error_code == 0)
+ HWCRHK_lib_error_code = ERR_get_next_error_library();
+
+ if (HWCRHK_error_init) {
+ HWCRHK_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(HWCRHK_lib_error_code, HWCRHK_str_functs);
+ ERR_load_strings(HWCRHK_lib_error_code, HWCRHK_str_reasons);
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+ HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code, 0, 0);
+ ERR_load_strings(0, HWCRHK_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_HWCRHK_strings(void)
+{
+ if (HWCRHK_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(HWCRHK_lib_error_code, HWCRHK_str_functs);
+ ERR_unload_strings(HWCRHK_lib_error_code, HWCRHK_str_reasons);
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+ ERR_unload_strings(0, HWCRHK_lib_name);
+#endif
+ HWCRHK_error_init = 1;
+ }
+}
+
+static void ERR_HWCRHK_error(int function, int reason, char *file, int line)
+{
+ if (HWCRHK_lib_error_code == 0)
+ HWCRHK_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(HWCRHK_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.h
===================================================================
--- vendor-crypto/openssl/dist/engines/e_chil_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,104 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_HWCRHK_ERR_H
-#define HEADER_HWCRHK_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_HWCRHK_strings(void);
-static void ERR_unload_HWCRHK_strings(void);
-static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
-#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the HWCRHK functions. */
-
-/* Function codes. */
-#define HWCRHK_F_HWCRHK_CTRL 100
-#define HWCRHK_F_HWCRHK_FINISH 101
-#define HWCRHK_F_HWCRHK_GET_PASS 102
-#define HWCRHK_F_HWCRHK_INIT 103
-#define HWCRHK_F_HWCRHK_INSERT_CARD 104
-#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105
-#define HWCRHK_F_HWCRHK_LOAD_PUBKEY 106
-#define HWCRHK_F_HWCRHK_MOD_EXP 107
-#define HWCRHK_F_HWCRHK_RAND_BYTES 108
-#define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109
-
-/* Reason codes. */
-#define HWCRHK_R_ALREADY_LOADED 100
-#define HWCRHK_R_BIO_WAS_FREED 101
-#define HWCRHK_R_CHIL_ERROR 102
-#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define HWCRHK_R_DSO_FAILURE 104
-#define HWCRHK_R_MISSING_KEY_COMPONENTS 105
-#define HWCRHK_R_NOT_INITIALISED 106
-#define HWCRHK_R_NOT_LOADED 107
-#define HWCRHK_R_NO_CALLBACK 108
-#define HWCRHK_R_NO_KEY 109
-#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 110
-#define HWCRHK_R_REQUEST_FAILED 111
-#define HWCRHK_R_REQUEST_FALLBACK 112
-#define HWCRHK_R_UNIT_FAILURE 113
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.h (from rev 6976, vendor-crypto/openssl/dist/engines/e_chil_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_chil_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,105 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_HWCRHK_ERR_H
+# define HEADER_HWCRHK_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_HWCRHK_strings(void);
+static void ERR_unload_HWCRHK_strings(void);
+static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
+# define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the HWCRHK functions. */
+
+/* Function codes. */
+# define HWCRHK_F_HWCRHK_CTRL 100
+# define HWCRHK_F_HWCRHK_FINISH 101
+# define HWCRHK_F_HWCRHK_GET_PASS 102
+# define HWCRHK_F_HWCRHK_INIT 103
+# define HWCRHK_F_HWCRHK_INSERT_CARD 104
+# define HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105
+# define HWCRHK_F_HWCRHK_LOAD_PUBKEY 106
+# define HWCRHK_F_HWCRHK_MOD_EXP 107
+# define HWCRHK_F_HWCRHK_RAND_BYTES 108
+# define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109
+
+/* Reason codes. */
+# define HWCRHK_R_ALREADY_LOADED 100
+# define HWCRHK_R_BIO_WAS_FREED 101
+# define HWCRHK_R_CHIL_ERROR 102
+# define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
+# define HWCRHK_R_DSO_FAILURE 104
+# define HWCRHK_R_MISSING_KEY_COMPONENTS 105
+# define HWCRHK_R_NOT_INITIALISED 106
+# define HWCRHK_R_NOT_LOADED 107
+# define HWCRHK_R_NO_CALLBACK 108
+# define HWCRHK_R_NO_KEY 109
+# define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 110
+# define HWCRHK_R_REQUEST_FAILED 111
+# define HWCRHK_R_REQUEST_FALLBACK 112
+# define HWCRHK_R_UNIT_FAILURE 113
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_cswift.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_cswift.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_cswift.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1129 +0,0 @@
-/* crypto/engine/hw_cswift.c */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_CSWIFT
-
-/* Attribution notice: Rainbow have generously allowed me to reproduce
- * the necessary definitions here from their API. This means the support
- * can build independently of whether application builders have the
- * API or hardware. This will allow developers to easily produce software
- * that has latent hardware support for any users that have accelerators
- * installed, without the developers themselves needing anything extra.
- *
- * I have only clipped the parts from the CryptoSwift header files that
- * are (or seem) relevant to the CryptoSwift support code. This is
- * simply to keep the file sizes reasonable.
- * [Geoff]
- */
-#ifdef FLAT_INC
-#include "cswift.h"
-#else
-#include "vendor_defns/cswift.h"
-#endif
-
-#define CSWIFT_LIB_NAME "cswift engine"
-#include "e_cswift_err.c"
-
-#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
-
-static int cswift_destroy(ENGINE *e);
-static int cswift_init(ENGINE *e);
-static int cswift_finish(ENGINE *e);
-static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-#ifndef OPENSSL_NO_RSA
-static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
-#endif
-
-/* BIGNUM stuff */
-static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
-static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
- const BIGNUM *iqmp, BN_CTX *ctx);
-#endif
-
-#ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* DSA stuff */
-static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* RAND stuff */
-static int cswift_rand_bytes(unsigned char *buf, int num);
-static int cswift_rand_status(void);
-
-/* The definitions for control commands specific to this engine */
-#define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
- {CSWIFT_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'cswift' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD cswift_rsa =
- {
- "CryptoSwift RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- cswift_rsa_mod_exp,
- cswift_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD cswift_dsa =
- {
- "CryptoSwift DSA method",
- cswift_dsa_sign,
- NULL, /* dsa_sign_setup */
- cswift_dsa_verify,
- NULL, /* dsa_mod_exp */
- NULL, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD cswift_dh =
- {
- "CryptoSwift DH method",
- NULL,
- NULL,
- cswift_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-static RAND_METHOD cswift_random =
- {
- /* "CryptoSwift RAND method", */
- NULL,
- cswift_rand_bytes,
- NULL,
- NULL,
- cswift_rand_bytes,
- cswift_rand_status,
- };
-
-
-/* Constants used when creating the ENGINE */
-static const char *engine_cswift_id = "cswift";
-static const char *engine_cswift_name = "CryptoSwift hardware engine support";
-
-/* This internal function is used by ENGINE_cswift() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth2;
-#endif
- if(!ENGINE_set_id(e, engine_cswift_id) ||
- !ENGINE_set_name(e, engine_cswift_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &cswift_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &cswift_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &cswift_dh) ||
-#endif
- !ENGINE_set_RAND(e, &cswift_random) ||
- !ENGINE_set_destroy_function(e, cswift_destroy) ||
- !ENGINE_set_init_function(e, cswift_init) ||
- !ENGINE_set_finish_function(e, cswift_finish) ||
- !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
- !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the cswift-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth2 = DH_OpenSSL();
- cswift_dh.generate_key = meth2->generate_key;
- cswift_dh.compute_key = meth2->compute_key;
-#endif
-
- /* Ensure the cswift error handling is set up */
- ERR_load_CSWIFT_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_cswift(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_cswift(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_cswift();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the CryptoSwift library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *cswift_dso = NULL;
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
-t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
-t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
-t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
-
-/* Used in the DSO operations. */
-static const char *CSWIFT_LIBNAME = NULL;
-static const char *get_CSWIFT_LIBNAME(void)
- {
- if(CSWIFT_LIBNAME)
- return CSWIFT_LIBNAME;
- return "swift";
- }
-static void free_CSWIFT_LIBNAME(void)
- {
- if(CSWIFT_LIBNAME)
- OPENSSL_free((void*)CSWIFT_LIBNAME);
- CSWIFT_LIBNAME = NULL;
- }
-static long set_CSWIFT_LIBNAME(const char *name)
- {
- free_CSWIFT_LIBNAME();
- return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-static const char *CSWIFT_F1 = "swAcquireAccContext";
-static const char *CSWIFT_F2 = "swAttachKeyParam";
-static const char *CSWIFT_F3 = "swSimpleRequest";
-static const char *CSWIFT_F4 = "swReleaseAccContext";
-
-
-/* CryptoSwift library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no
- * error checking, take a look lower down where these functions are
- * called, the checking and error handling is probably down there. */
-
-/* utility function to obtain a context */
-static int get_context(SW_CONTEXT_HANDLE *hac)
- {
- SW_STATUS status;
-
- status = p_CSwift_AcquireAccContext(hac);
- if(status != SW_OK)
- return 0;
- return 1;
- }
-
-/* similarly to release one. */
-static void release_context(SW_CONTEXT_HANDLE hac)
- {
- p_CSwift_ReleaseAccContext(hac);
- }
-
-/* Destructor (complements the "ENGINE_cswift()" constructor) */
-static int cswift_destroy(ENGINE *e)
- {
- free_CSWIFT_LIBNAME();
- ERR_unload_CSWIFT_strings();
- return 1;
- }
-
-/* (de)initialisation functions. */
-static int cswift_init(ENGINE *e)
- {
- SW_CONTEXT_HANDLE hac;
- t_swAcquireAccContext *p1;
- t_swAttachKeyParam *p2;
- t_swSimpleRequest *p3;
- t_swReleaseAccContext *p4;
-
- if(cswift_dso != NULL)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libswift.so/swift.dll/whatever. */
- cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
- if(cswift_dso == NULL)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
- goto err;
- }
- if(!(p1 = (t_swAcquireAccContext *)
- DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
- !(p2 = (t_swAttachKeyParam *)
- DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
- !(p3 = (t_swSimpleRequest *)
- DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
- !(p4 = (t_swReleaseAccContext *)
- DSO_bind_func(cswift_dso, CSWIFT_F4)))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
- goto err;
- }
- /* Copy the pointers */
- p_CSwift_AcquireAccContext = p1;
- p_CSwift_AttachKeyParam = p2;
- p_CSwift_SimpleRequest = p3;
- p_CSwift_ReleaseAccContext = p4;
- /* Try and get a context - if not, we may have a DSO but no
- * accelerator! */
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- release_context(hac);
- /* Everything's fine. */
- return 1;
-err:
- if(cswift_dso)
- {
- DSO_free(cswift_dso);
- cswift_dso = NULL;
- }
- p_CSwift_AcquireAccContext = NULL;
- p_CSwift_AttachKeyParam = NULL;
- p_CSwift_SimpleRequest = NULL;
- p_CSwift_ReleaseAccContext = NULL;
- return 0;
- }
-
-static int cswift_finish(ENGINE *e)
- {
- free_CSWIFT_LIBNAME();
- if(cswift_dso == NULL)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(cswift_dso))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);
- return 0;
- }
- cswift_dso = NULL;
- p_CSwift_AcquireAccContext = NULL;
- p_CSwift_AttachKeyParam = NULL;
- p_CSwift_SimpleRequest = NULL;
- p_CSwift_ReleaseAccContext = NULL;
- return 1;
- }
-
-static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((cswift_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case CSWIFT_CMD_SO_PATH:
- if(p == NULL)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);
- return 0;
- }
- return set_CSWIFT_LIBNAME((const char *)p);
- default:
- break;
- }
- CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-/* Un petit mod_exp */
-static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- /* I need somewhere to store temporary serialised values for
- * use with the CryptoSwift API calls. A neat cheat - I'll use
- * BIGNUMs from the BN_CTX but access their arrays directly as
- * byte arrays <grin>. This way I don't have to clean anything
- * up. */
- BIGNUM *modulus;
- BIGNUM *exponent;
- BIGNUM *argument;
- BIGNUM *result;
- SW_STATUS sw_status;
- SW_LARGENUMBER arg, res;
- SW_PARAM sw_param;
- SW_CONTEXT_HANDLE hac;
- int to_return, acquired;
-
- modulus = exponent = argument = result = NULL;
- to_return = 0; /* expect failure */
- acquired = 0;
-
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
- /* Prepare the params */
- BN_CTX_start(ctx);
- modulus = BN_CTX_get(ctx);
- exponent = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if(!result)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
- goto err;
- }
- if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
- !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- sw_param.type = SW_ALG_EXP;
- sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
- (unsigned char *)modulus->d);
- sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
- sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
- (unsigned char *)exponent->d);
- sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
- /* Attach the key params */
- sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
- switch(sw_status)
- {
- case SW_OK:
- break;
- case SW_ERR_INPUT_SIZE:
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
- goto err;
- default:
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- }
- goto err;
- }
- /* Prepare the argument and response */
- arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
- arg.value = (unsigned char *)argument->d;
- res.nbytes = BN_num_bytes(m);
- memset(result->d, 0, res.nbytes);
- res.value = (unsigned char *)result->d;
- /* Perform the operation */
- if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
- &res, 1)) != SW_OK)
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- goto err;
- }
- /* Convert the response */
- BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
- to_return = 1;
-err:
- if(acquired)
- release_context(hac);
- BN_CTX_end(ctx);
- return to_return;
- }
-
-
-#ifndef OPENSSL_NO_RSA
-int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
-{
- int mod;
- int numbytes = BN_num_bytes(in);
-
- mod = 0;
- while( ((out->nbytes = (numbytes+mod)) % 32) )
- {
- mod++;
- }
- out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
- if(!out->value)
- {
- return 0;
- }
- BN_bn2bin(in, &out->value[mod]);
- if(mod)
- memset(out->value, 0, mod);
-
- return 1;
-}
-#endif
-
-#ifndef OPENSSL_NO_RSA
-/* Un petit mod_exp chinois */
-static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1,
- const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
- {
- SW_STATUS sw_status;
- SW_LARGENUMBER arg, res;
- SW_PARAM sw_param;
- SW_CONTEXT_HANDLE hac;
- BIGNUM *result = NULL;
- BIGNUM *argument = NULL;
- int to_return = 0; /* expect failure */
- int acquired = 0;
-
- sw_param.up.crt.p.value = NULL;
- sw_param.up.crt.q.value = NULL;
- sw_param.up.crt.dmp1.value = NULL;
- sw_param.up.crt.dmq1.value = NULL;
- sw_param.up.crt.iqmp.value = NULL;
-
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
-
- /* Prepare the params */
- argument = BN_new();
- result = BN_new();
- if(!result || !argument)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
- goto err;
- }
-
-
- sw_param.type = SW_ALG_CRT;
- /************************************************************************/
- /* 04/02/2003 */
- /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
- /* limitation of cswift with values not a multiple of 32 */
- /************************************************************************/
- if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if( !bn_wexpand(argument, a->top) ||
- !bn_wexpand(result, p->top + q->top))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- /* Attach the key params */
- sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
- switch(sw_status)
- {
- case SW_OK:
- break;
- case SW_ERR_INPUT_SIZE:
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
- goto err;
- default:
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- }
- goto err;
- }
- /* Prepare the argument and response */
- arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
- arg.value = (unsigned char *)argument->d;
- res.nbytes = 2 * BN_num_bytes(p);
- memset(result->d, 0, res.nbytes);
- res.value = (unsigned char *)result->d;
- /* Perform the operation */
- if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
- &res, 1)) != SW_OK)
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- goto err;
- }
- /* Convert the response */
- BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
- to_return = 1;
-err:
- if(sw_param.up.crt.p.value)
- OPENSSL_free(sw_param.up.crt.p.value);
- if(sw_param.up.crt.q.value)
- OPENSSL_free(sw_param.up.crt.q.value);
- if(sw_param.up.crt.dmp1.value)
- OPENSSL_free(sw_param.up.crt.dmp1.value);
- if(sw_param.up.crt.dmq1.value)
- OPENSSL_free(sw_param.up.crt.dmq1.value);
- if(sw_param.up.crt.iqmp.value)
- OPENSSL_free(sw_param.up.crt.iqmp.value);
- if(result)
- BN_free(result);
- if(argument)
- BN_free(argument);
- if(acquired)
- release_context(hac);
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int to_return = 0;
- const RSA_METHOD * def_rsa_method;
-
- if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- /* Try the limits of RSA (2048 bits) */
- if(BN_num_bytes(rsa->p) > 128 ||
- BN_num_bytes(rsa->q) > 128 ||
- BN_num_bytes(rsa->dmp1) > 128 ||
- BN_num_bytes(rsa->dmq1) > 128 ||
- BN_num_bytes(rsa->iqmp) > 128)
- {
-#ifdef RSA_NULL
- def_rsa_method=RSA_null_method();
-#else
-#if 0
- def_rsa_method=RSA_PKCS1_RSAref();
-#else
- def_rsa_method=RSA_PKCS1_SSLeay();
-#endif
-#endif
- if(def_rsa_method)
- return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx);
- }
-
- to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
- rsa->dmq1, rsa->iqmp, ctx);
-err:
- return to_return;
- }
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- const RSA_METHOD * def_rsa_method;
-
- /* Try the limits of RSA (2048 bits) */
- if(BN_num_bytes(r) > 256 ||
- BN_num_bytes(a) > 256 ||
- BN_num_bytes(m) > 256)
- {
-#ifdef RSA_NULL
- def_rsa_method=RSA_null_method();
-#else
-#if 0
- def_rsa_method=RSA_PKCS1_RSAref();
-#else
- def_rsa_method=RSA_PKCS1_SSLeay();
-#endif
-#endif
- if(def_rsa_method)
- return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
- }
-
- return cswift_mod_exp(r, a, p, m, ctx);
- }
-#endif /* OPENSSL_NO_RSA */
-
-#ifndef OPENSSL_NO_DSA
-static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
- SW_CONTEXT_HANDLE hac;
- SW_PARAM sw_param;
- SW_STATUS sw_status;
- SW_LARGENUMBER arg, res;
- BN_CTX *ctx;
- BIGNUM *dsa_p = NULL;
- BIGNUM *dsa_q = NULL;
- BIGNUM *dsa_g = NULL;
- BIGNUM *dsa_key = NULL;
- BIGNUM *result = NULL;
- DSA_SIG *to_return = NULL;
- int acquired = 0;
-
- if((ctx = BN_CTX_new()) == NULL)
- goto err;
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
- /* Prepare the params */
- BN_CTX_start(ctx);
- dsa_p = BN_CTX_get(ctx);
- dsa_q = BN_CTX_get(ctx);
- dsa_g = BN_CTX_get(ctx);
- dsa_key = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if(!result)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
- goto err;
- }
- if(!bn_wexpand(dsa_p, dsa->p->top) ||
- !bn_wexpand(dsa_q, dsa->q->top) ||
- !bn_wexpand(dsa_g, dsa->g->top) ||
- !bn_wexpand(dsa_key, dsa->priv_key->top) ||
- !bn_wexpand(result, dsa->p->top))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- sw_param.type = SW_ALG_DSA;
- sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
- (unsigned char *)dsa_p->d);
- sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
- sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
- (unsigned char *)dsa_q->d);
- sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
- sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
- (unsigned char *)dsa_g->d);
- sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
- sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
- (unsigned char *)dsa_key->d);
- sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
- /* Attach the key params */
- sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
- switch(sw_status)
- {
- case SW_OK:
- break;
- case SW_ERR_INPUT_SIZE:
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
- goto err;
- default:
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- }
- goto err;
- }
- /* Prepare the argument and response */
- arg.nbytes = dlen;
- arg.value = (unsigned char *)dgst;
- res.nbytes = BN_num_bytes(dsa->p);
- memset(result->d, 0, res.nbytes);
- res.value = (unsigned char *)result->d;
- /* Perform the operation */
- sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
- &res, 1);
- if(sw_status != SW_OK)
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- goto err;
- }
- /* Convert the response */
- if((to_return = DSA_SIG_new()) == NULL)
- goto err;
- to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
- to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
-
-err:
- if(acquired)
- release_context(hac);
- if(ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return to_return;
- }
-
-static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa)
- {
- SW_CONTEXT_HANDLE hac;
- SW_PARAM sw_param;
- SW_STATUS sw_status;
- SW_LARGENUMBER arg[2], res;
- unsigned long sig_result;
- BN_CTX *ctx;
- BIGNUM *dsa_p = NULL;
- BIGNUM *dsa_q = NULL;
- BIGNUM *dsa_g = NULL;
- BIGNUM *dsa_key = NULL;
- BIGNUM *argument = NULL;
- int to_return = -1;
- int acquired = 0;
-
- if((ctx = BN_CTX_new()) == NULL)
- goto err;
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
- /* Prepare the params */
- BN_CTX_start(ctx);
- dsa_p = BN_CTX_get(ctx);
- dsa_q = BN_CTX_get(ctx);
- dsa_g = BN_CTX_get(ctx);
- dsa_key = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- if(!argument)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
- goto err;
- }
- if(!bn_wexpand(dsa_p, dsa->p->top) ||
- !bn_wexpand(dsa_q, dsa->q->top) ||
- !bn_wexpand(dsa_g, dsa->g->top) ||
- !bn_wexpand(dsa_key, dsa->pub_key->top) ||
- !bn_wexpand(argument, 40))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- sw_param.type = SW_ALG_DSA;
- sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
- (unsigned char *)dsa_p->d);
- sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
- sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
- (unsigned char *)dsa_q->d);
- sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
- sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
- (unsigned char *)dsa_g->d);
- sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
- sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
- (unsigned char *)dsa_key->d);
- sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
- /* Attach the key params */
- sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
- switch(sw_status)
- {
- case SW_OK:
- break;
- case SW_ERR_INPUT_SIZE:
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
- goto err;
- default:
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- }
- goto err;
- }
- /* Prepare the argument and response */
- arg[0].nbytes = dgst_len;
- arg[0].value = (unsigned char *)dgst;
- arg[1].nbytes = 40;
- arg[1].value = (unsigned char *)argument->d;
- memset(arg[1].value, 0, 40);
- BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
- BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
- res.nbytes = 4; /* unsigned long */
- res.value = (unsigned char *)(&sig_result);
- /* Perform the operation */
- sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
- &res, 1);
- if(sw_status != SW_OK)
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- goto err;
- }
- /* Convert the response */
- to_return = ((sig_result == 0) ? 0 : 1);
-
-err:
- if(acquired)
- release_context(hac);
- if(ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return cswift_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* Random bytes are good */
-static int cswift_rand_bytes(unsigned char *buf, int num)
-{
- SW_CONTEXT_HANDLE hac;
- SW_STATUS swrc;
- SW_LARGENUMBER largenum;
- int acquired = 0;
- int to_return = 0; /* assume failure */
- unsigned char buf32[1024];
-
-
- if (!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
-
- /************************************************************************/
- /* 04/02/2003 */
- /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
- /* limitation of cswift with values not a multiple of 32 */
- /************************************************************************/
-
- while(num >= (int)sizeof(buf32))
- {
- largenum.value = buf;
- largenum.nbytes = sizeof(buf32);
- /* tell CryptoSwift how many bytes we want and where we want it.
- * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
- * - CryptoSwift can only do multiple of 32-bits. */
- swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
- if (swrc != SW_OK)
- {
- char tmpbuf[20];
- CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", swrc);
- ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
- goto err;
- }
- buf += sizeof(buf32);
- num -= sizeof(buf32);
- }
- if(num)
- {
- largenum.nbytes = sizeof(buf32);
- largenum.value = buf32;
- swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
- if (swrc != SW_OK)
- {
- char tmpbuf[20];
- CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", swrc);
- ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
- goto err;
- }
- memcpy(buf, largenum.value, num);
- }
-
- to_return = 1; /* success */
-err:
- if (acquired)
- release_context(hac);
-
- return to_return;
-}
-
-static int cswift_rand_status(void)
-{
- return 1;
-}
-
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_cswift_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW_CSWIFT */
-#endif /* !OPENSSL_NO_HW */
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_cswift.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_cswift.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_cswift.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_cswift.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1103 @@
+/* crypto/engine/hw_cswift.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_CSWIFT
+
+/*
+ * Attribution notice: Rainbow have generously allowed me to reproduce the
+ * necessary definitions here from their API. This means the support can
+ * build independently of whether application builders have the API or
+ * hardware. This will allow developers to easily produce software that has
+ * latent hardware support for any users that have accelerators installed,
+ * without the developers themselves needing anything extra. I have only
+ * clipped the parts from the CryptoSwift header files that are (or seem)
+ * relevant to the CryptoSwift support code. This is simply to keep the file
+ * sizes reasonable. [Geoff]
+ */
+# ifdef FLAT_INC
+# include "cswift.h"
+# else
+# include "vendor_defns/cswift.h"
+# endif
+
+# define CSWIFT_LIB_NAME "cswift engine"
+# include "e_cswift_err.c"
+
+# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
+
+static int cswift_destroy(ENGINE *e);
+static int cswift_init(ENGINE *e);
+static int cswift_finish(ENGINE *e);
+static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+# ifndef OPENSSL_NO_RSA
+static int cswift_bn_32copy(SW_LARGENUMBER *out, const BIGNUM *in);
+# endif
+
+/* BIGNUM stuff */
+static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+# ifndef OPENSSL_NO_RSA
+static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp,
+ BN_CTX *ctx);
+# endif
+
+# ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa);
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+
+/* RAND stuff */
+static int cswift_rand_bytes(unsigned char *buf, int num);
+static int cswift_rand_status(void);
+
+/* The definitions for control commands specific to this engine */
+# define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
+ {CSWIFT_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'cswift' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD cswift_rsa = {
+ "CryptoSwift RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ cswift_rsa_mod_exp,
+ cswift_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD cswift_dsa = {
+ "CryptoSwift DSA method",
+ cswift_dsa_sign,
+ NULL, /* dsa_sign_setup */
+ cswift_dsa_verify,
+ NULL, /* dsa_mod_exp */
+ NULL, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* dsa_paramgen */
+ NULL /* dsa_keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD cswift_dh = {
+ "CryptoSwift DH method",
+ NULL,
+ NULL,
+ cswift_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL
+};
+# endif
+
+static RAND_METHOD cswift_random = {
+ /* "CryptoSwift RAND method", */
+ NULL,
+ cswift_rand_bytes,
+ NULL,
+ NULL,
+ cswift_rand_bytes,
+ cswift_rand_status,
+};
+
+/* Constants used when creating the ENGINE */
+static const char *engine_cswift_id = "cswift";
+static const char *engine_cswift_name = "CryptoSwift hardware engine support";
+
+/*
+ * This internal function is used by ENGINE_cswift() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth2;
+# endif
+ if (!ENGINE_set_id(e, engine_cswift_id) ||
+ !ENGINE_set_name(e, engine_cswift_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &cswift_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &cswift_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &cswift_dh) ||
+# endif
+ !ENGINE_set_RAND(e, &cswift_random) ||
+ !ENGINE_set_destroy_function(e, cswift_destroy) ||
+ !ENGINE_set_init_function(e, cswift_init) ||
+ !ENGINE_set_finish_function(e, cswift_finish) ||
+ !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
+ !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
+ * We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth2 = DH_OpenSSL();
+ cswift_dh.generate_key = meth2->generate_key;
+ cswift_dh.compute_key = meth2->compute_key;
+# endif
+
+ /* Ensure the cswift error handling is set up */
+ ERR_load_CSWIFT_strings();
+ return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_cswift(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_cswift(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_cswift();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * CryptoSwift library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
+static DSO *cswift_dso = NULL;
+
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
+t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
+t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
+t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
+t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
+
+/* Used in the DSO operations. */
+static const char *CSWIFT_LIBNAME = NULL;
+static const char *get_CSWIFT_LIBNAME(void)
+{
+ if (CSWIFT_LIBNAME)
+ return CSWIFT_LIBNAME;
+ return "swift";
+}
+
+static void free_CSWIFT_LIBNAME(void)
+{
+ if (CSWIFT_LIBNAME)
+ OPENSSL_free((void *)CSWIFT_LIBNAME);
+ CSWIFT_LIBNAME = NULL;
+}
+
+static long set_CSWIFT_LIBNAME(const char *name)
+{
+ free_CSWIFT_LIBNAME();
+ return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
+static const char *CSWIFT_F1 = "swAcquireAccContext";
+static const char *CSWIFT_F2 = "swAttachKeyParam";
+static const char *CSWIFT_F3 = "swSimpleRequest";
+static const char *CSWIFT_F4 = "swReleaseAccContext";
+
+/*
+ * CryptoSwift library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no error
+ * checking, take a look lower down where these functions are called, the
+ * checking and error handling is probably down there.
+ */
+
+/* utility function to obtain a context */
+static int get_context(SW_CONTEXT_HANDLE *hac)
+{
+ SW_STATUS status;
+
+ status = p_CSwift_AcquireAccContext(hac);
+ if (status != SW_OK)
+ return 0;
+ return 1;
+}
+
+/* similarly to release one. */
+static void release_context(SW_CONTEXT_HANDLE hac)
+{
+ p_CSwift_ReleaseAccContext(hac);
+}
+
+/* Destructor (complements the "ENGINE_cswift()" constructor) */
+static int cswift_destroy(ENGINE *e)
+{
+ free_CSWIFT_LIBNAME();
+ ERR_unload_CSWIFT_strings();
+ return 1;
+}
+
+/* (de)initialisation functions. */
+static int cswift_init(ENGINE *e)
+{
+ SW_CONTEXT_HANDLE hac;
+ t_swAcquireAccContext *p1;
+ t_swAttachKeyParam *p2;
+ t_swSimpleRequest *p3;
+ t_swReleaseAccContext *p4;
+
+ if (cswift_dso != NULL) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_ALREADY_LOADED);
+ goto err;
+ }
+ /* Attempt to load libswift.so/swift.dll/whatever. */
+ cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
+ if (cswift_dso == NULL) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_NOT_LOADED);
+ goto err;
+ }
+ if (!(p1 = (t_swAcquireAccContext *)
+ DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
+ !(p2 = (t_swAttachKeyParam *)
+ DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
+ !(p3 = (t_swSimpleRequest *)
+ DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
+ !(p4 = (t_swReleaseAccContext *)
+ DSO_bind_func(cswift_dso, CSWIFT_F4))) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_NOT_LOADED);
+ goto err;
+ }
+ /* Copy the pointers */
+ p_CSwift_AcquireAccContext = p1;
+ p_CSwift_AttachKeyParam = p2;
+ p_CSwift_SimpleRequest = p3;
+ p_CSwift_ReleaseAccContext = p4;
+ /*
+ * Try and get a context - if not, we may have a DSO but no accelerator!
+ */
+ if (!get_context(&hac)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ release_context(hac);
+ /* Everything's fine. */
+ return 1;
+ err:
+ if (cswift_dso) {
+ DSO_free(cswift_dso);
+ cswift_dso = NULL;
+ }
+ p_CSwift_AcquireAccContext = NULL;
+ p_CSwift_AttachKeyParam = NULL;
+ p_CSwift_SimpleRequest = NULL;
+ p_CSwift_ReleaseAccContext = NULL;
+ return 0;
+}
+
+static int cswift_finish(ENGINE *e)
+{
+ free_CSWIFT_LIBNAME();
+ if (cswift_dso == NULL) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_FINISH, CSWIFT_R_NOT_LOADED);
+ return 0;
+ }
+ if (!DSO_free(cswift_dso)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_FINISH, CSWIFT_R_UNIT_FAILURE);
+ return 0;
+ }
+ cswift_dso = NULL;
+ p_CSwift_AcquireAccContext = NULL;
+ p_CSwift_AttachKeyParam = NULL;
+ p_CSwift_SimpleRequest = NULL;
+ p_CSwift_ReleaseAccContext = NULL;
+ return 1;
+}
+
+static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int initialised = ((cswift_dso == NULL) ? 0 : 1);
+ switch (cmd) {
+ case CSWIFT_CMD_SO_PATH:
+ if (p == NULL) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_ALREADY_LOADED);
+ return 0;
+ }
+ return set_CSWIFT_LIBNAME((const char *)p);
+ default:
+ break;
+ }
+ CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
+
+/* Un petit mod_exp */
+static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ /*
+ * I need somewhere to store temporary serialised values for use with the
+ * CryptoSwift API calls. A neat cheat - I'll use BIGNUMs from the BN_CTX
+ * but access their arrays directly as byte arrays <grin>. This way I
+ * don't have to clean anything up.
+ */
+ BIGNUM *modulus;
+ BIGNUM *exponent;
+ BIGNUM *argument;
+ BIGNUM *result;
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg, res;
+ SW_PARAM sw_param;
+ SW_CONTEXT_HANDLE hac;
+ int to_return, acquired;
+
+ modulus = exponent = argument = result = NULL;
+ to_return = 0; /* expect failure */
+ acquired = 0;
+
+ if (!get_context(&hac)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ acquired = 1;
+ /* Prepare the params */
+ BN_CTX_start(ctx);
+ modulus = BN_CTX_get(ctx);
+ exponent = BN_CTX_get(ctx);
+ argument = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ if (!result) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BN_CTX_FULL);
+ goto err;
+ }
+ if (!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
+ !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ sw_param.type = SW_ALG_EXP;
+ sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
+ (unsigned char *)modulus->d);
+ sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
+ sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
+ (unsigned char *)exponent->d);
+ sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
+ /* Attach the key params */
+ sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+ switch (sw_status) {
+ case SW_OK:
+ break;
+ case SW_ERR_INPUT_SIZE:
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_BAD_KEY_SIZE);
+ goto err;
+ default:
+ {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ }
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+ arg.value = (unsigned char *)argument->d;
+ res.nbytes = BN_num_bytes(m);
+ memset(result->d, 0, res.nbytes);
+ res.value = (unsigned char *)result->d;
+ /* Perform the operation */
+ if ((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
+ &res, 1)) != SW_OK) {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ /* Convert the response */
+ BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+ to_return = 1;
+ err:
+ if (acquired)
+ release_context(hac);
+ BN_CTX_end(ctx);
+ return to_return;
+}
+
+# ifndef OPENSSL_NO_RSA
+int cswift_bn_32copy(SW_LARGENUMBER *out, const BIGNUM *in)
+{
+ int mod;
+ int numbytes = BN_num_bytes(in);
+
+ mod = 0;
+ while (((out->nbytes = (numbytes + mod)) % 32)) {
+ mod++;
+ }
+ out->value = (unsigned char *)OPENSSL_malloc(out->nbytes);
+ if (!out->value) {
+ return 0;
+ }
+ BN_bn2bin(in, &out->value[mod]);
+ if (mod)
+ memset(out->value, 0, mod);
+
+ return 1;
+}
+# endif
+
+# ifndef OPENSSL_NO_RSA
+/* Un petit mod_exp chinois */
+static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dmp1,
+ const BIGNUM *dmq1, const BIGNUM *iqmp,
+ BN_CTX *ctx)
+{
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg, res;
+ SW_PARAM sw_param;
+ SW_CONTEXT_HANDLE hac;
+ BIGNUM *result = NULL;
+ BIGNUM *argument = NULL;
+ int to_return = 0; /* expect failure */
+ int acquired = 0;
+
+ sw_param.up.crt.p.value = NULL;
+ sw_param.up.crt.q.value = NULL;
+ sw_param.up.crt.dmp1.value = NULL;
+ sw_param.up.crt.dmq1.value = NULL;
+ sw_param.up.crt.iqmp.value = NULL;
+
+ if (!get_context(&hac)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ acquired = 1;
+
+ /* Prepare the params */
+ argument = BN_new();
+ result = BN_new();
+ if (!result || !argument) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_CTX_FULL);
+ goto err;
+ }
+
+ sw_param.type = SW_ALG_CRT;
+ /************************************************************************/
+ /*
+ * 04/02/2003
+ */
+ /*
+ * Modified by Frederic Giudicelli (deny-all.com) to overcome the
+ */
+ /*
+ * limitation of cswift with values not a multiple of 32
+ */
+ /************************************************************************/
+ if (!cswift_bn_32copy(&sw_param.up.crt.p, p)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if (!cswift_bn_32copy(&sw_param.up.crt.q, q)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if (!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if (!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if (!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ if (!bn_wexpand(argument, a->top) || !bn_wexpand(result, p->top + q->top)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
+ /* Attach the key params */
+ sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+ switch (sw_status) {
+ case SW_OK:
+ break;
+ case SW_ERR_INPUT_SIZE:
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_BAD_KEY_SIZE);
+ goto err;
+ default:
+ {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ }
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+ arg.value = (unsigned char *)argument->d;
+ res.nbytes = 2 * BN_num_bytes(p);
+ memset(result->d, 0, res.nbytes);
+ res.value = (unsigned char *)result->d;
+ /* Perform the operation */
+ if ((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
+ &res, 1)) != SW_OK) {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ /* Convert the response */
+ BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+ to_return = 1;
+ err:
+ if (sw_param.up.crt.p.value)
+ OPENSSL_free(sw_param.up.crt.p.value);
+ if (sw_param.up.crt.q.value)
+ OPENSSL_free(sw_param.up.crt.q.value);
+ if (sw_param.up.crt.dmp1.value)
+ OPENSSL_free(sw_param.up.crt.dmp1.value);
+ if (sw_param.up.crt.dmq1.value)
+ OPENSSL_free(sw_param.up.crt.dmq1.value);
+ if (sw_param.up.crt.iqmp.value)
+ OPENSSL_free(sw_param.up.crt.iqmp.value);
+ if (result)
+ BN_free(result);
+ if (argument)
+ BN_free(argument);
+ if (acquired)
+ release_context(hac);
+ return to_return;
+}
+# endif
+
+# ifndef OPENSSL_NO_RSA
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ int to_return = 0;
+ const RSA_METHOD *def_rsa_method;
+
+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,
+ CSWIFT_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+
+ /* Try the limits of RSA (2048 bits) */
+ if (BN_num_bytes(rsa->p) > 128 ||
+ BN_num_bytes(rsa->q) > 128 ||
+ BN_num_bytes(rsa->dmp1) > 128 ||
+ BN_num_bytes(rsa->dmq1) > 128 || BN_num_bytes(rsa->iqmp) > 128) {
+# ifdef RSA_NULL
+ def_rsa_method = RSA_null_method();
+# else
+# if 0
+ def_rsa_method = RSA_PKCS1_RSAref();
+# else
+ def_rsa_method = RSA_PKCS1_SSLeay();
+# endif
+# endif
+ if (def_rsa_method)
+ return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx);
+ }
+
+ to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+ rsa->dmq1, rsa->iqmp, ctx);
+ err:
+ return to_return;
+}
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ const RSA_METHOD *def_rsa_method;
+
+ /* Try the limits of RSA (2048 bits) */
+ if (BN_num_bytes(r) > 256 ||
+ BN_num_bytes(a) > 256 || BN_num_bytes(m) > 256) {
+# ifdef RSA_NULL
+ def_rsa_method = RSA_null_method();
+# else
+# if 0
+ def_rsa_method = RSA_PKCS1_RSAref();
+# else
+ def_rsa_method = RSA_PKCS1_SSLeay();
+# endif
+# endif
+ if (def_rsa_method)
+ return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
+ }
+
+ return cswift_mod_exp(r, a, p, m, ctx);
+}
+# endif /* OPENSSL_NO_RSA */
+
+# ifndef OPENSSL_NO_DSA
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+ SW_CONTEXT_HANDLE hac;
+ SW_PARAM sw_param;
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg, res;
+ BN_CTX *ctx;
+ BIGNUM *dsa_p = NULL;
+ BIGNUM *dsa_q = NULL;
+ BIGNUM *dsa_g = NULL;
+ BIGNUM *dsa_key = NULL;
+ BIGNUM *result = NULL;
+ DSA_SIG *to_return = NULL;
+ int acquired = 0;
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ if (!get_context(&hac)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ acquired = 1;
+ /* Prepare the params */
+ BN_CTX_start(ctx);
+ dsa_p = BN_CTX_get(ctx);
+ dsa_q = BN_CTX_get(ctx);
+ dsa_g = BN_CTX_get(ctx);
+ dsa_key = BN_CTX_get(ctx);
+ result = BN_CTX_get(ctx);
+ if (!result) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BN_CTX_FULL);
+ goto err;
+ }
+ if (!bn_wexpand(dsa_p, dsa->p->top) ||
+ !bn_wexpand(dsa_q, dsa->q->top) ||
+ !bn_wexpand(dsa_g, dsa->g->top) ||
+ !bn_wexpand(dsa_key, dsa->priv_key->top) ||
+ !bn_wexpand(result, dsa->p->top)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ sw_param.type = SW_ALG_DSA;
+ sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, (unsigned char *)dsa_p->d);
+ sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+ sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, (unsigned char *)dsa_q->d);
+ sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+ sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, (unsigned char *)dsa_g->d);
+ sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+ sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
+ (unsigned char *)dsa_key->d);
+ sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+ /* Attach the key params */
+ sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+ switch (sw_status) {
+ case SW_OK:
+ break;
+ case SW_ERR_INPUT_SIZE:
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_BAD_KEY_SIZE);
+ goto err;
+ default:
+ {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ }
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg.nbytes = dlen;
+ arg.value = (unsigned char *)dgst;
+ res.nbytes = BN_num_bytes(dsa->p);
+ memset(result->d, 0, res.nbytes);
+ res.value = (unsigned char *)result->d;
+ /* Perform the operation */
+ sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
+ &res, 1);
+ if (sw_status != SW_OK) {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ /* Convert the response */
+ if ((to_return = DSA_SIG_new()) == NULL)
+ goto err;
+ to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
+ to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
+
+ err:
+ if (acquired)
+ release_context(hac);
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return to_return;
+}
+
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa)
+{
+ SW_CONTEXT_HANDLE hac;
+ SW_PARAM sw_param;
+ SW_STATUS sw_status;
+ SW_LARGENUMBER arg[2], res;
+ unsigned long sig_result;
+ BN_CTX *ctx;
+ BIGNUM *dsa_p = NULL;
+ BIGNUM *dsa_q = NULL;
+ BIGNUM *dsa_g = NULL;
+ BIGNUM *dsa_key = NULL;
+ BIGNUM *argument = NULL;
+ int to_return = -1;
+ int acquired = 0;
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ if (!get_context(&hac)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ acquired = 1;
+ /* Prepare the params */
+ BN_CTX_start(ctx);
+ dsa_p = BN_CTX_get(ctx);
+ dsa_q = BN_CTX_get(ctx);
+ dsa_g = BN_CTX_get(ctx);
+ dsa_key = BN_CTX_get(ctx);
+ argument = BN_CTX_get(ctx);
+ if (!argument) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BN_CTX_FULL);
+ goto err;
+ }
+ if (!bn_wexpand(dsa_p, dsa->p->top) ||
+ !bn_wexpand(dsa_q, dsa->q->top) ||
+ !bn_wexpand(dsa_g, dsa->g->top) ||
+ !bn_wexpand(dsa_key, dsa->pub_key->top) ||
+ !bn_wexpand(argument, 40)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+ sw_param.type = SW_ALG_DSA;
+ sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, (unsigned char *)dsa_p->d);
+ sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+ sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, (unsigned char *)dsa_q->d);
+ sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+ sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, (unsigned char *)dsa_g->d);
+ sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+ sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
+ (unsigned char *)dsa_key->d);
+ sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+ /* Attach the key params */
+ sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+ switch (sw_status) {
+ case SW_OK:
+ break;
+ case SW_ERR_INPUT_SIZE:
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_BAD_KEY_SIZE);
+ goto err;
+ default:
+ {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ }
+ goto err;
+ }
+ /* Prepare the argument and response */
+ arg[0].nbytes = dgst_len;
+ arg[0].value = (unsigned char *)dgst;
+ arg[1].nbytes = 40;
+ arg[1].value = (unsigned char *)argument->d;
+ memset(arg[1].value, 0, 40);
+ BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
+ BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
+ res.nbytes = 4; /* unsigned long */
+ res.value = (unsigned char *)(&sig_result);
+ /* Perform the operation */
+ sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
+ &res, 1);
+ if (sw_status != SW_OK) {
+ char tmpbuf[DECIMAL_SIZE(sw_status) + 1];
+ CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", sw_status);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ /* Convert the response */
+ to_return = ((sig_result == 0) ? 0 : 1);
+
+ err:
+ if (acquired)
+ release_context(hac);
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return to_return;
+}
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return cswift_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+/* Random bytes are good */
+static int cswift_rand_bytes(unsigned char *buf, int num)
+{
+ SW_CONTEXT_HANDLE hac;
+ SW_STATUS swrc;
+ SW_LARGENUMBER largenum;
+ int acquired = 0;
+ int to_return = 0; /* assume failure */
+ unsigned char buf32[1024];
+
+ if (!get_context(&hac)) {
+ CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_UNIT_FAILURE);
+ goto err;
+ }
+ acquired = 1;
+
+ /************************************************************************/
+ /*
+ * 04/02/2003
+ */
+ /*
+ * Modified by Frederic Giudicelli (deny-all.com) to overcome the
+ */
+ /*
+ * limitation of cswift with values not a multiple of 32
+ */
+ /************************************************************************/
+
+ while (num >= (int)sizeof(buf32)) {
+ largenum.value = buf;
+ largenum.nbytes = sizeof(buf32);
+ /*-
+ * tell CryptoSwift how many bytes we want and where we want it.
+ * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
+ * - CryptoSwift can only do multiple of 32-bits.
+ */
+ swrc =
+ p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+ if (swrc != SW_OK) {
+ char tmpbuf[20];
+ CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", swrc);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ buf += sizeof(buf32);
+ num -= sizeof(buf32);
+ }
+ if (num) {
+ largenum.nbytes = sizeof(buf32);
+ largenum.value = buf32;
+ swrc =
+ p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+ if (swrc != SW_OK) {
+ char tmpbuf[20];
+ CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
+ sprintf(tmpbuf, "%ld", swrc);
+ ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+ goto err;
+ }
+ memcpy(buf, largenum.value, num);
+ }
+
+ to_return = 1; /* success */
+ err:
+ if (acquired)
+ release_context(hac);
+
+ return to_return;
+}
+
+static int cswift_rand_status(void)
+{
+ return 1;
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_cswift_id) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_HW_CSWIFT */
+#endif /* !OPENSSL_NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_cswift_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,154 +0,0 @@
-/* e_cswift_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_cswift_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA CSWIFT_str_functs[]=
- {
-{ERR_FUNC(CSWIFT_F_CSWIFT_CTRL), "CSWIFT_CTRL"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_DSA_SIGN), "CSWIFT_DSA_SIGN"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_DSA_VERIFY), "CSWIFT_DSA_VERIFY"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_FINISH), "CSWIFT_FINISH"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_INIT), "CSWIFT_INIT"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP), "CSWIFT_MOD_EXP"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP_CRT), "CSWIFT_MOD_EXP_CRT"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_RAND_BYTES), "CSWIFT_RAND_BYTES"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_RSA_MOD_EXP), "CSWIFT_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CSWIFT_str_reasons[]=
- {
-{ERR_REASON(CSWIFT_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(CSWIFT_R_BAD_KEY_SIZE) ,"bad key size"},
-{ERR_REASON(CSWIFT_R_BN_CTX_FULL) ,"bn ctx full"},
-{ERR_REASON(CSWIFT_R_BN_EXPAND_FAIL) ,"bn expand fail"},
-{ERR_REASON(CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(CSWIFT_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(CSWIFT_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(CSWIFT_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(CSWIFT_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef CSWIFT_LIB_NAME
-static ERR_STRING_DATA CSWIFT_lib_name[]=
- {
-{0 ,CSWIFT_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int CSWIFT_lib_error_code=0;
-static int CSWIFT_error_init=1;
-
-static void ERR_load_CSWIFT_strings(void)
- {
- if (CSWIFT_lib_error_code == 0)
- CSWIFT_lib_error_code=ERR_get_next_error_library();
-
- if (CSWIFT_error_init)
- {
- CSWIFT_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
- ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
-#endif
-
-#ifdef CSWIFT_LIB_NAME
- CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code,0,0);
- ERR_load_strings(0,CSWIFT_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_CSWIFT_strings(void)
- {
- if (CSWIFT_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
- ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
-#endif
-
-#ifdef CSWIFT_LIB_NAME
- ERR_unload_strings(0,CSWIFT_lib_name);
-#endif
- CSWIFT_error_init=1;
- }
- }
-
-static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
- {
- if (CSWIFT_lib_error_code == 0)
- CSWIFT_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(CSWIFT_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_cswift_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,150 @@
+/* e_cswift_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_cswift_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA CSWIFT_str_functs[] = {
+ {ERR_FUNC(CSWIFT_F_CSWIFT_CTRL), "CSWIFT_CTRL"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_DSA_SIGN), "CSWIFT_DSA_SIGN"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_DSA_VERIFY), "CSWIFT_DSA_VERIFY"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_FINISH), "CSWIFT_FINISH"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_INIT), "CSWIFT_INIT"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP), "CSWIFT_MOD_EXP"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP_CRT), "CSWIFT_MOD_EXP_CRT"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_RAND_BYTES), "CSWIFT_RAND_BYTES"},
+ {ERR_FUNC(CSWIFT_F_CSWIFT_RSA_MOD_EXP), "CSWIFT_RSA_MOD_EXP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA CSWIFT_str_reasons[] = {
+ {ERR_REASON(CSWIFT_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(CSWIFT_R_BAD_KEY_SIZE), "bad key size"},
+ {ERR_REASON(CSWIFT_R_BN_CTX_FULL), "bn ctx full"},
+ {ERR_REASON(CSWIFT_R_BN_EXPAND_FAIL), "bn expand fail"},
+ {ERR_REASON(CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(CSWIFT_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {ERR_REASON(CSWIFT_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(CSWIFT_R_REQUEST_FAILED), "request failed"},
+ {ERR_REASON(CSWIFT_R_UNIT_FAILURE), "unit failure"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef CSWIFT_LIB_NAME
+static ERR_STRING_DATA CSWIFT_lib_name[] = {
+ {0, CSWIFT_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int CSWIFT_lib_error_code = 0;
+static int CSWIFT_error_init = 1;
+
+static void ERR_load_CSWIFT_strings(void)
+{
+ if (CSWIFT_lib_error_code == 0)
+ CSWIFT_lib_error_code = ERR_get_next_error_library();
+
+ if (CSWIFT_error_init) {
+ CSWIFT_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(CSWIFT_lib_error_code, CSWIFT_str_functs);
+ ERR_load_strings(CSWIFT_lib_error_code, CSWIFT_str_reasons);
+#endif
+
+#ifdef CSWIFT_LIB_NAME
+ CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code, 0, 0);
+ ERR_load_strings(0, CSWIFT_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_CSWIFT_strings(void)
+{
+ if (CSWIFT_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(CSWIFT_lib_error_code, CSWIFT_str_functs);
+ ERR_unload_strings(CSWIFT_lib_error_code, CSWIFT_str_reasons);
+#endif
+
+#ifdef CSWIFT_LIB_NAME
+ ERR_unload_strings(0, CSWIFT_lib_name);
+#endif
+ CSWIFT_error_init = 1;
+ }
+}
+
+static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
+{
+ if (CSWIFT_lib_error_code == 0)
+ CSWIFT_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(CSWIFT_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.h
===================================================================
--- vendor-crypto/openssl/dist/engines/e_cswift_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,98 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_CSWIFT_ERR_H
-#define HEADER_CSWIFT_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_CSWIFT_strings(void);
-static void ERR_unload_CSWIFT_strings(void);
-static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
-#define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the CSWIFT functions. */
-
-/* Function codes. */
-#define CSWIFT_F_CSWIFT_CTRL 100
-#define CSWIFT_F_CSWIFT_DSA_SIGN 101
-#define CSWIFT_F_CSWIFT_DSA_VERIFY 102
-#define CSWIFT_F_CSWIFT_FINISH 103
-#define CSWIFT_F_CSWIFT_INIT 104
-#define CSWIFT_F_CSWIFT_MOD_EXP 105
-#define CSWIFT_F_CSWIFT_MOD_EXP_CRT 106
-#define CSWIFT_F_CSWIFT_RAND_BYTES 108
-#define CSWIFT_F_CSWIFT_RSA_MOD_EXP 107
-
-/* Reason codes. */
-#define CSWIFT_R_ALREADY_LOADED 100
-#define CSWIFT_R_BAD_KEY_SIZE 101
-#define CSWIFT_R_BN_CTX_FULL 102
-#define CSWIFT_R_BN_EXPAND_FAIL 103
-#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED 104
-#define CSWIFT_R_MISSING_KEY_COMPONENTS 105
-#define CSWIFT_R_NOT_LOADED 106
-#define CSWIFT_R_REQUEST_FAILED 107
-#define CSWIFT_R_UNIT_FAILURE 108
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.h (from rev 6976, vendor-crypto/openssl/dist/engines/e_cswift_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_cswift_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,99 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_CSWIFT_ERR_H
+# define HEADER_CSWIFT_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CSWIFT_strings(void);
+static void ERR_unload_CSWIFT_strings(void);
+static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
+# define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the CSWIFT functions. */
+
+/* Function codes. */
+# define CSWIFT_F_CSWIFT_CTRL 100
+# define CSWIFT_F_CSWIFT_DSA_SIGN 101
+# define CSWIFT_F_CSWIFT_DSA_VERIFY 102
+# define CSWIFT_F_CSWIFT_FINISH 103
+# define CSWIFT_F_CSWIFT_INIT 104
+# define CSWIFT_F_CSWIFT_MOD_EXP 105
+# define CSWIFT_F_CSWIFT_MOD_EXP_CRT 106
+# define CSWIFT_F_CSWIFT_RAND_BYTES 108
+# define CSWIFT_F_CSWIFT_RSA_MOD_EXP 107
+
+/* Reason codes. */
+# define CSWIFT_R_ALREADY_LOADED 100
+# define CSWIFT_R_BAD_KEY_SIZE 101
+# define CSWIFT_R_BN_CTX_FULL 102
+# define CSWIFT_R_BN_EXPAND_FAIL 103
+# define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED 104
+# define CSWIFT_R_MISSING_KEY_COMPONENTS 105
+# define CSWIFT_R_NOT_LOADED 106
+# define CSWIFT_R_REQUEST_FAILED 107
+# define CSWIFT_R_UNIT_FAILURE 108
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_gmp.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_gmp.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_gmp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,476 +0,0 @@
-/* crypto/engine/e_gmp.c */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* This engine is not (currently) compiled in by default. Do enable it,
- * reconfigure OpenSSL with "enable-gmp -lgmp". The GMP libraries and
- * headers must reside in one of the paths searched by the compiler/linker,
- * otherwise paths must be specified - eg. try configuring with
- * "enable-gmp -I<includepath> -L<libpath> -lgmp". YMMV. */
-
-/* As for what this does - it's a largely unoptimised implementation of an
- * ENGINE that uses the GMP library to perform RSA private key operations. To
- * obtain more information about what "unoptimised" means, see my original mail
- * on the subject (though ignore the build instructions which have since
- * changed);
- *
- * http://www.mail-archive.com/openssl-dev@openssl.org/msg12227.html
- *
- * On my athlon system at least, it appears the builtin OpenSSL code is now
- * slightly faster, which is to say that the RSA-related MPI performance
- * between OpenSSL's BIGNUM and GMP's mpz implementations is probably pretty
- * balanced for this chip, and so the performance degradation in this ENGINE by
- * having to convert to/from GMP formats (and not being able to cache
- * montgomery forms) is probably the difference. However, if some unconfirmed
- * reports from users is anything to go by, the situation on some other
- * chipsets might be a good deal more favourable to the GMP version (eg. PPC).
- * Feedback welcome. */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/engine.h>
-#include <openssl/rsa.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_GMP
-
-#include <gmp.h>
-
-#define E_GMP_LIB_NAME "gmp engine"
-#include "e_gmp_err.c"
-
-static int e_gmp_destroy(ENGINE *e);
-static int e_gmp_init(ENGINE *e);
-static int e_gmp_finish(ENGINE *e);
-static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-#ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-static int e_gmp_rsa_finish(RSA *r);
-#endif
-
-/* The definitions for control commands specific to this engine */
-/* #define E_GMP_CMD_SO_PATH ENGINE_CMD_BASE */
-static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = {
-#if 0
- {E_GMP_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'e_gmp' shared library",
- ENGINE_CMD_FLAG_STRING},
-#endif
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD e_gmp_rsa =
- {
- "GMP RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- e_gmp_rsa_mod_exp,
- NULL,
- NULL,
- e_gmp_rsa_finish,
- /* These flags initialise montgomery crud that GMP ignores, however it
- * makes sure the public key ops (which are done in openssl) don't seem
- * *slower* than usual :-) */
- RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_e_gmp_id = "gmp";
-static const char *engine_e_gmp_name = "GMP engine support";
-
-/* This internal function is used by ENGINE_gmp() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
- if(!ENGINE_set_id(e, engine_e_gmp_id) ||
- !ENGINE_set_name(e, engine_e_gmp_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &e_gmp_rsa) ||
-#endif
- !ENGINE_set_destroy_function(e, e_gmp_destroy) ||
- !ENGINE_set_init_function(e, e_gmp_init) ||
- !ENGINE_set_finish_function(e, e_gmp_finish) ||
- !ENGINE_set_ctrl_function(e, e_gmp_ctrl) ||
- !ENGINE_set_cmd_defns(e, e_gmp_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- meth1 = RSA_PKCS1_SSLeay();
- e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
- e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp;
-#endif
-
- /* Ensure the e_gmp error handling is set up */
- ERR_load_GMP_strings();
- return 1;
- }
-
-static ENGINE *engine_gmp(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_gmp(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_gmp();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-
-#ifndef OPENSSL_NO_RSA
-/* Used to attach our own key-data to an RSA structure */
-static int hndidx_rsa = -1;
-#endif
-
-static int e_gmp_destroy(ENGINE *e)
- {
- ERR_unload_GMP_strings();
- return 1;
- }
-
-/* (de)initialisation functions. */
-static int e_gmp_init(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- if (hndidx_rsa == -1)
- hndidx_rsa = RSA_get_ex_new_index(0,
- "GMP-based RSA key handle",
- NULL, NULL, NULL);
-#endif
- if (hndidx_rsa == -1)
- return 0;
- return 1;
- }
-
-static int e_gmp_finish(ENGINE *e)
- {
- return 1;
- }
-
-static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int to_return = 1;
-
- switch(cmd)
- {
-#if 0
- case E_GMP_CMD_SO_PATH:
- /* ... */
-#endif
- /* The command isn't understood by this engine */
- default:
- GMPerr(GMP_F_E_GMP_CTRL,
- GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- to_return = 0;
- break;
- }
-
- return to_return;
- }
-
-
-/* Most often limb sizes will be the same. If not, we use hex conversion
- * which is neat, but extremely inefficient. */
-static int bn2gmp(const BIGNUM *bn, mpz_t g)
- {
- bn_check_top(bn);
- if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
- (BN_BITS2 == GMP_NUMB_BITS))
- {
- /* The common case */
- if(!_mpz_realloc (g, bn->top))
- return 0;
- memcpy(&g->_mp_d[0], &bn->d[0], bn->top * sizeof(bn->d[0]));
- g->_mp_size = bn->top;
- if(bn->neg)
- g->_mp_size = -g->_mp_size;
- return 1;
- }
- else
- {
- int toret;
- char *tmpchar = BN_bn2hex(bn);
- if(!tmpchar) return 0;
- toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
- OPENSSL_free(tmpchar);
- return toret;
- }
- }
-
-static int gmp2bn(mpz_t g, BIGNUM *bn)
- {
- if(((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
- (BN_BITS2 == GMP_NUMB_BITS))
- {
- /* The common case */
- int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size;
- BN_zero(bn);
- if(bn_expand2 (bn, s) == NULL)
- return 0;
- bn->top = s;
- memcpy(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0]));
- bn_correct_top(bn);
- bn->neg = g->_mp_size >= 0 ? 0 : 1;
- return 1;
- }
- else
- {
- int toret;
- char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
- if(!tmpchar) return 0;
- mpz_get_str(tmpchar, 16, g);
- toret = BN_hex2bn(&bn, tmpchar);
- OPENSSL_free(tmpchar);
- return toret;
- }
- }
-
-#ifndef OPENSSL_NO_RSA
-typedef struct st_e_gmp_rsa_ctx
- {
- int public_only;
- mpz_t n;
- mpz_t d;
- mpz_t e;
- mpz_t p;
- mpz_t q;
- mpz_t dmp1;
- mpz_t dmq1;
- mpz_t iqmp;
- mpz_t r0, r1, I0, m1;
- } E_GMP_RSA_CTX;
-
-static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa)
- {
- E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
- if(hptr) return hptr;
- hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX));
- if(!hptr) return NULL;
- /* These inits could probably be replaced by more intelligent
- * mpz_init2() versions, to reduce malloc-thrashing. */
- mpz_init(hptr->n);
- mpz_init(hptr->d);
- mpz_init(hptr->e);
- mpz_init(hptr->p);
- mpz_init(hptr->q);
- mpz_init(hptr->dmp1);
- mpz_init(hptr->dmq1);
- mpz_init(hptr->iqmp);
- mpz_init(hptr->r0);
- mpz_init(hptr->r1);
- mpz_init(hptr->I0);
- mpz_init(hptr->m1);
- if(!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e))
- goto err;
- if(!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- hptr->public_only = 1;
- return hptr;
- }
- if(!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) ||
- !bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) ||
- !bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp))
- goto err;
- hptr->public_only = 0;
- RSA_set_ex_data(rsa, hndidx_rsa, hptr);
- return hptr;
-err:
- mpz_clear(hptr->n);
- mpz_clear(hptr->d);
- mpz_clear(hptr->e);
- mpz_clear(hptr->p);
- mpz_clear(hptr->q);
- mpz_clear(hptr->dmp1);
- mpz_clear(hptr->dmq1);
- mpz_clear(hptr->iqmp);
- mpz_clear(hptr->r0);
- mpz_clear(hptr->r1);
- mpz_clear(hptr->I0);
- mpz_clear(hptr->m1);
- OPENSSL_free(hptr);
- return NULL;
- }
-
-static int e_gmp_rsa_finish(RSA *rsa)
- {
- E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
- if(!hptr) return 0;
- mpz_clear(hptr->n);
- mpz_clear(hptr->d);
- mpz_clear(hptr->e);
- mpz_clear(hptr->p);
- mpz_clear(hptr->q);
- mpz_clear(hptr->dmp1);
- mpz_clear(hptr->dmq1);
- mpz_clear(hptr->iqmp);
- mpz_clear(hptr->r0);
- mpz_clear(hptr->r1);
- mpz_clear(hptr->I0);
- mpz_clear(hptr->m1);
- OPENSSL_free(hptr);
- RSA_set_ex_data(rsa, hndidx_rsa, NULL);
- return 1;
- }
-
-static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- E_GMP_RSA_CTX *hptr;
- int to_return = 0;
-
- hptr = e_gmp_get_rsa(rsa);
- if(!hptr)
- {
- GMPerr(GMP_F_E_GMP_RSA_MOD_EXP,
- GMP_R_KEY_CONTEXT_ERROR);
- return 0;
- }
- if(hptr->public_only)
- {
- GMPerr(GMP_F_E_GMP_RSA_MOD_EXP,
- GMP_R_MISSING_KEY_COMPONENTS);
- return 0;
- }
-
- /* ugh!!! */
- if(!bn2gmp(I, hptr->I0))
- return 0;
-
- /* This is basically the CRT logic in crypto/rsa/rsa_eay.c reworded into
- * GMP-speak. It may be that GMP's API facilitates cleaner formulations
- * of this stuff, eg. better handling of negatives, or functions that
- * combine operations. */
-
- mpz_mod(hptr->r1, hptr->I0, hptr->q);
- mpz_powm(hptr->m1, hptr->r1, hptr->dmq1, hptr->q);
-
- mpz_mod(hptr->r1, hptr->I0, hptr->p);
- mpz_powm(hptr->r0, hptr->r1, hptr->dmp1, hptr->p);
-
- mpz_sub(hptr->r0, hptr->r0, hptr->m1);
-
- if(mpz_sgn(hptr->r0) < 0)
- mpz_add(hptr->r0, hptr->r0, hptr->p);
- mpz_mul(hptr->r1, hptr->r0, hptr->iqmp);
- mpz_mod(hptr->r0, hptr->r1, hptr->p);
-
- if(mpz_sgn(hptr->r0) < 0)
- mpz_add(hptr->r0, hptr->r0, hptr->p);
- mpz_mul(hptr->r1, hptr->r0, hptr->q);
- mpz_add(hptr->r0, hptr->r1, hptr->m1);
-
- /* ugh!!! */
- if(gmp2bn(hptr->r0, r))
- to_return = 1;
-
- return 1;
- }
-#endif
-
-#endif /* !OPENSSL_NO_GMP */
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-IMPLEMENT_DYNAMIC_CHECK_FN()
-#ifndef OPENSSL_NO_GMP
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_e_gmp_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#else
-OPENSSL_EXPORT
-int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { return 0; }
-#endif
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW */
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_gmp.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_gmp.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_gmp.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_gmp.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,488 @@
+/* crypto/engine/e_gmp.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * This engine is not (currently) compiled in by default. Do enable it,
+ * reconfigure OpenSSL with "enable-gmp -lgmp". The GMP libraries and headers
+ * must reside in one of the paths searched by the compiler/linker, otherwise
+ * paths must be specified - eg. try configuring with "enable-gmp
+ * -I<includepath> -L<libpath> -lgmp". YMMV.
+ */
+
+/*-
+ * As for what this does - it's a largely unoptimised implementation of an
+ * ENGINE that uses the GMP library to perform RSA private key operations. To
+ * obtain more information about what "unoptimised" means, see my original mail
+ * on the subject (though ignore the build instructions which have since
+ * changed);
+ *
+ * http://www.mail-archive.com/openssl-dev@openssl.org/msg12227.html
+ *
+ * On my athlon system at least, it appears the builtin OpenSSL code is now
+ * slightly faster, which is to say that the RSA-related MPI performance
+ * between OpenSSL's BIGNUM and GMP's mpz implementations is probably pretty
+ * balanced for this chip, and so the performance degradation in this ENGINE by
+ * having to convert to/from GMP formats (and not being able to cache
+ * montgomery forms) is probably the difference. However, if some unconfirmed
+ * reports from users is anything to go by, the situation on some other
+ * chipsets might be a good deal more favourable to the GMP version (eg. PPC).
+ * Feedback welcome. */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/engine.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_GMP
+
+# include <gmp.h>
+
+# define E_GMP_LIB_NAME "gmp engine"
+# include "e_gmp_err.c"
+
+static int e_gmp_destroy(ENGINE *e);
+static int e_gmp_init(ENGINE *e);
+static int e_gmp_finish(ENGINE *e);
+static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+
+# ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
+static int e_gmp_rsa_finish(RSA *r);
+# endif
+
+/* The definitions for control commands specific to this engine */
+/* #define E_GMP_CMD_SO_PATH ENGINE_CMD_BASE */
+static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = {
+# if 0
+ {E_GMP_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'e_gmp' shared library",
+ ENGINE_CMD_FLAG_STRING},
+# endif
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD e_gmp_rsa = {
+ "GMP RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ e_gmp_rsa_mod_exp,
+ NULL,
+ NULL,
+ e_gmp_rsa_finish,
+ /*
+ * These flags initialise montgomery crud that GMP ignores, however it
+ * makes sure the public key ops (which are done in openssl) don't seem
+ * *slower* than usual :-)
+ */
+ RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_e_gmp_id = "gmp";
+static const char *engine_e_gmp_name = "GMP engine support";
+
+/*
+ * This internal function is used by ENGINE_gmp() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+ if (!ENGINE_set_id(e, engine_e_gmp_id) ||
+ !ENGINE_set_name(e, engine_e_gmp_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &e_gmp_rsa) ||
+# endif
+ !ENGINE_set_destroy_function(e, e_gmp_destroy) ||
+ !ENGINE_set_init_function(e, e_gmp_init) ||
+ !ENGINE_set_finish_function(e, e_gmp_finish) ||
+ !ENGINE_set_ctrl_function(e, e_gmp_ctrl) ||
+ !ENGINE_set_cmd_defns(e, e_gmp_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ meth1 = RSA_PKCS1_SSLeay();
+ e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+ e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp;
+# endif
+
+ /* Ensure the e_gmp error handling is set up */
+ ERR_load_GMP_strings();
+ return 1;
+}
+
+static ENGINE *engine_gmp(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_gmp(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_gmp();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+
+# ifndef OPENSSL_NO_RSA
+/* Used to attach our own key-data to an RSA structure */
+static int hndidx_rsa = -1;
+# endif
+
+static int e_gmp_destroy(ENGINE *e)
+{
+ ERR_unload_GMP_strings();
+ return 1;
+}
+
+/* (de)initialisation functions. */
+static int e_gmp_init(ENGINE *e)
+{
+# ifndef OPENSSL_NO_RSA
+ if (hndidx_rsa == -1)
+ hndidx_rsa = RSA_get_ex_new_index(0,
+ "GMP-based RSA key handle",
+ NULL, NULL, NULL);
+# endif
+ if (hndidx_rsa == -1)
+ return 0;
+ return 1;
+}
+
+static int e_gmp_finish(ENGINE *e)
+{
+ return 1;
+}
+
+static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int to_return = 1;
+
+ switch (cmd) {
+# if 0
+ case E_GMP_CMD_SO_PATH:
+ /* ... */
+# endif
+ /* The command isn't understood by this engine */
+ default:
+ GMPerr(GMP_F_E_GMP_CTRL, GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ to_return = 0;
+ break;
+ }
+
+ return to_return;
+}
+
+/*
+ * Most often limb sizes will be the same. If not, we use hex conversion
+ * which is neat, but extremely inefficient.
+ */
+static int bn2gmp(const BIGNUM *bn, mpz_t g)
+{
+ bn_check_top(bn);
+ if (((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
+ (BN_BITS2 == GMP_NUMB_BITS)) {
+ /* The common case */
+ if (!_mpz_realloc(g, bn->top))
+ return 0;
+ memcpy(&g->_mp_d[0], &bn->d[0], bn->top * sizeof(bn->d[0]));
+ g->_mp_size = bn->top;
+ if (bn->neg)
+ g->_mp_size = -g->_mp_size;
+ return 1;
+ } else {
+ int toret;
+ char *tmpchar = BN_bn2hex(bn);
+ if (!tmpchar)
+ return 0;
+ toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
+ OPENSSL_free(tmpchar);
+ return toret;
+ }
+}
+
+static int gmp2bn(mpz_t g, BIGNUM *bn)
+{
+ if (((sizeof(bn->d[0]) * 8) == GMP_NUMB_BITS) &&
+ (BN_BITS2 == GMP_NUMB_BITS)) {
+ /* The common case */
+ int s = (g->_mp_size >= 0) ? g->_mp_size : -g->_mp_size;
+ BN_zero(bn);
+ if (bn_expand2(bn, s) == NULL)
+ return 0;
+ bn->top = s;
+ memcpy(&bn->d[0], &g->_mp_d[0], s * sizeof(bn->d[0]));
+ bn_correct_top(bn);
+ bn->neg = g->_mp_size >= 0 ? 0 : 1;
+ return 1;
+ } else {
+ int toret;
+ char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
+ if (!tmpchar)
+ return 0;
+ mpz_get_str(tmpchar, 16, g);
+ toret = BN_hex2bn(&bn, tmpchar);
+ OPENSSL_free(tmpchar);
+ return toret;
+ }
+}
+
+# ifndef OPENSSL_NO_RSA
+typedef struct st_e_gmp_rsa_ctx {
+ int public_only;
+ mpz_t n;
+ mpz_t d;
+ mpz_t e;
+ mpz_t p;
+ mpz_t q;
+ mpz_t dmp1;
+ mpz_t dmq1;
+ mpz_t iqmp;
+ mpz_t r0, r1, I0, m1;
+} E_GMP_RSA_CTX;
+
+static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa)
+{
+ E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+ if (hptr)
+ return hptr;
+ hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX));
+ if (!hptr)
+ return NULL;
+ /*
+ * These inits could probably be replaced by more intelligent mpz_init2()
+ * versions, to reduce malloc-thrashing.
+ */
+ mpz_init(hptr->n);
+ mpz_init(hptr->d);
+ mpz_init(hptr->e);
+ mpz_init(hptr->p);
+ mpz_init(hptr->q);
+ mpz_init(hptr->dmp1);
+ mpz_init(hptr->dmq1);
+ mpz_init(hptr->iqmp);
+ mpz_init(hptr->r0);
+ mpz_init(hptr->r1);
+ mpz_init(hptr->I0);
+ mpz_init(hptr->m1);
+ if (!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e))
+ goto err;
+ if (!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1
+ || !rsa->iqmp) {
+ hptr->public_only = 1;
+ return hptr;
+ }
+ if (!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) ||
+ !bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) ||
+ !bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp))
+ goto err;
+ hptr->public_only = 0;
+ RSA_set_ex_data(rsa, hndidx_rsa, hptr);
+ return hptr;
+ err:
+ mpz_clear(hptr->n);
+ mpz_clear(hptr->d);
+ mpz_clear(hptr->e);
+ mpz_clear(hptr->p);
+ mpz_clear(hptr->q);
+ mpz_clear(hptr->dmp1);
+ mpz_clear(hptr->dmq1);
+ mpz_clear(hptr->iqmp);
+ mpz_clear(hptr->r0);
+ mpz_clear(hptr->r1);
+ mpz_clear(hptr->I0);
+ mpz_clear(hptr->m1);
+ OPENSSL_free(hptr);
+ return NULL;
+}
+
+static int e_gmp_rsa_finish(RSA *rsa)
+{
+ E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
+ if (!hptr)
+ return 0;
+ mpz_clear(hptr->n);
+ mpz_clear(hptr->d);
+ mpz_clear(hptr->e);
+ mpz_clear(hptr->p);
+ mpz_clear(hptr->q);
+ mpz_clear(hptr->dmp1);
+ mpz_clear(hptr->dmq1);
+ mpz_clear(hptr->iqmp);
+ mpz_clear(hptr->r0);
+ mpz_clear(hptr->r1);
+ mpz_clear(hptr->I0);
+ mpz_clear(hptr->m1);
+ OPENSSL_free(hptr);
+ RSA_set_ex_data(rsa, hndidx_rsa, NULL);
+ return 1;
+}
+
+static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ E_GMP_RSA_CTX *hptr;
+ int to_return = 0;
+
+ hptr = e_gmp_get_rsa(rsa);
+ if (!hptr) {
+ GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, GMP_R_KEY_CONTEXT_ERROR);
+ return 0;
+ }
+ if (hptr->public_only) {
+ GMPerr(GMP_F_E_GMP_RSA_MOD_EXP, GMP_R_MISSING_KEY_COMPONENTS);
+ return 0;
+ }
+
+ /* ugh!!! */
+ if (!bn2gmp(I, hptr->I0))
+ return 0;
+
+ /*
+ * This is basically the CRT logic in crypto/rsa/rsa_eay.c reworded into
+ * GMP-speak. It may be that GMP's API facilitates cleaner formulations
+ * of this stuff, eg. better handling of negatives, or functions that
+ * combine operations.
+ */
+
+ mpz_mod(hptr->r1, hptr->I0, hptr->q);
+ mpz_powm(hptr->m1, hptr->r1, hptr->dmq1, hptr->q);
+
+ mpz_mod(hptr->r1, hptr->I0, hptr->p);
+ mpz_powm(hptr->r0, hptr->r1, hptr->dmp1, hptr->p);
+
+ mpz_sub(hptr->r0, hptr->r0, hptr->m1);
+
+ if (mpz_sgn(hptr->r0) < 0)
+ mpz_add(hptr->r0, hptr->r0, hptr->p);
+ mpz_mul(hptr->r1, hptr->r0, hptr->iqmp);
+ mpz_mod(hptr->r0, hptr->r1, hptr->p);
+
+ if (mpz_sgn(hptr->r0) < 0)
+ mpz_add(hptr->r0, hptr->r0, hptr->p);
+ mpz_mul(hptr->r1, hptr->r0, hptr->q);
+ mpz_add(hptr->r0, hptr->r1, hptr->m1);
+
+ /* ugh!!! */
+ if (gmp2bn(hptr->r0, r))
+ to_return = 1;
+
+ return 1;
+}
+# endif
+
+# endif /* !OPENSSL_NO_GMP */
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+IMPLEMENT_DYNAMIC_CHECK_FN()
+# ifndef OPENSSL_NO_GMP
+static int bind_fn(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_e_gmp_id) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# else
+OPENSSL_EXPORT
+ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
+{
+ return 0;
+}
+# endif
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+
+#endif /* !OPENSSL_NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_gmp_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,141 +0,0 @@
-/* e_gmp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_gmp_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA GMP_str_functs[]=
- {
-{ERR_FUNC(GMP_F_E_GMP_CTRL), "E_GMP_CTRL"},
-{ERR_FUNC(GMP_F_E_GMP_RSA_MOD_EXP), "E_GMP_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA GMP_str_reasons[]=
- {
-{ERR_REASON(GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(GMP_R_KEY_CONTEXT_ERROR) ,"key context error"},
-{ERR_REASON(GMP_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef GMP_LIB_NAME
-static ERR_STRING_DATA GMP_lib_name[]=
- {
-{0 ,GMP_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int GMP_lib_error_code=0;
-static int GMP_error_init=1;
-
-static void ERR_load_GMP_strings(void)
- {
- if (GMP_lib_error_code == 0)
- GMP_lib_error_code=ERR_get_next_error_library();
-
- if (GMP_error_init)
- {
- GMP_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(GMP_lib_error_code,GMP_str_functs);
- ERR_load_strings(GMP_lib_error_code,GMP_str_reasons);
-#endif
-
-#ifdef GMP_LIB_NAME
- GMP_lib_name->error = ERR_PACK(GMP_lib_error_code,0,0);
- ERR_load_strings(0,GMP_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_GMP_strings(void)
- {
- if (GMP_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(GMP_lib_error_code,GMP_str_functs);
- ERR_unload_strings(GMP_lib_error_code,GMP_str_reasons);
-#endif
-
-#ifdef GMP_LIB_NAME
- ERR_unload_strings(0,GMP_lib_name);
-#endif
- GMP_error_init=1;
- }
- }
-
-static void ERR_GMP_error(int function, int reason, char *file, int line)
- {
- if (GMP_lib_error_code == 0)
- GMP_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(GMP_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_gmp_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,137 @@
+/* e_gmp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_gmp_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA GMP_str_functs[] = {
+ {ERR_FUNC(GMP_F_E_GMP_CTRL), "E_GMP_CTRL"},
+ {ERR_FUNC(GMP_F_E_GMP_RSA_MOD_EXP), "E_GMP_RSA_MOD_EXP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA GMP_str_reasons[] = {
+ {ERR_REASON(GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(GMP_R_KEY_CONTEXT_ERROR), "key context error"},
+ {ERR_REASON(GMP_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef GMP_LIB_NAME
+static ERR_STRING_DATA GMP_lib_name[] = {
+ {0, GMP_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int GMP_lib_error_code = 0;
+static int GMP_error_init = 1;
+
+static void ERR_load_GMP_strings(void)
+{
+ if (GMP_lib_error_code == 0)
+ GMP_lib_error_code = ERR_get_next_error_library();
+
+ if (GMP_error_init) {
+ GMP_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(GMP_lib_error_code, GMP_str_functs);
+ ERR_load_strings(GMP_lib_error_code, GMP_str_reasons);
+#endif
+
+#ifdef GMP_LIB_NAME
+ GMP_lib_name->error = ERR_PACK(GMP_lib_error_code, 0, 0);
+ ERR_load_strings(0, GMP_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_GMP_strings(void)
+{
+ if (GMP_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(GMP_lib_error_code, GMP_str_functs);
+ ERR_unload_strings(GMP_lib_error_code, GMP_str_reasons);
+#endif
+
+#ifdef GMP_LIB_NAME
+ ERR_unload_strings(0, GMP_lib_name);
+#endif
+ GMP_error_init = 1;
+ }
+}
+
+static void ERR_GMP_error(int function, int reason, char *file, int line)
+{
+ if (GMP_lib_error_code == 0)
+ GMP_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(GMP_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.h
===================================================================
--- vendor-crypto/openssl/dist/engines/e_gmp_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,85 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_GMP_ERR_H
-#define HEADER_GMP_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_GMP_strings(void);
-static void ERR_unload_GMP_strings(void);
-static void ERR_GMP_error(int function, int reason, char *file, int line);
-#define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the GMP functions. */
-
-/* Function codes. */
-#define GMP_F_E_GMP_CTRL 100
-#define GMP_F_E_GMP_RSA_MOD_EXP 101
-
-/* Reason codes. */
-#define GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED 100
-#define GMP_R_KEY_CONTEXT_ERROR 101
-#define GMP_R_MISSING_KEY_COMPONENTS 102
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.h (from rev 6976, vendor-crypto/openssl/dist/engines/e_gmp_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_gmp_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,86 @@
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_GMP_ERR_H
+# define HEADER_GMP_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_GMP_strings(void);
+static void ERR_unload_GMP_strings(void);
+static void ERR_GMP_error(int function, int reason, char *file, int line);
+# define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the GMP functions. */
+
+/* Function codes. */
+# define GMP_F_E_GMP_CTRL 100
+# define GMP_F_E_GMP_RSA_MOD_EXP 101
+
+/* Reason codes. */
+# define GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED 100
+# define GMP_R_KEY_CONTEXT_ERROR 101
+# define GMP_R_MISSING_KEY_COMPONENTS 102
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_nuron.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_nuron.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_nuron.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,434 +0,0 @@
-/* crypto/engine/hw_nuron.c */
-/* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
- * Thorpe's Atalla implementation.
- */
-/* ====================================================================
- * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_NURON
-
-#define NURON_LIB_NAME "nuron engine"
-#include "e_nuron_err.c"
-
-static const char *NURON_LIBNAME = NULL;
-static const char *get_NURON_LIBNAME(void)
- {
- if(NURON_LIBNAME)
- return NURON_LIBNAME;
- return "nuronssl";
- }
-static void free_NURON_LIBNAME(void)
- {
- if(NURON_LIBNAME)
- OPENSSL_free((void*)NURON_LIBNAME);
- NURON_LIBNAME = NULL;
- }
-static long set_NURON_LIBNAME(const char *name)
- {
- free_NURON_LIBNAME();
- return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-static const char *NURON_F1 = "nuron_mod_exp";
-
-/* The definitions for control commands specific to this engine */
-#define NURON_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
- {NURON_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'nuronssl' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m);
-static tfnModExp *pfnModExp = NULL;
-
-static DSO *pvDSOHandle = NULL;
-
-static int nuron_destroy(ENGINE *e)
- {
- free_NURON_LIBNAME();
- ERR_unload_NURON_strings();
- return 1;
- }
-
-static int nuron_init(ENGINE *e)
- {
- if(pvDSOHandle != NULL)
- {
- NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED);
- return 0;
- }
-
- pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
- DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
- if(!pvDSOHandle)
- {
- NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND);
- return 0;
- }
-
- pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1);
- if(!pfnModExp)
- {
- NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND);
- return 0;
- }
-
- return 1;
- }
-
-static int nuron_finish(ENGINE *e)
- {
- free_NURON_LIBNAME();
- if(pvDSOHandle == NULL)
- {
- NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(pvDSOHandle))
- {
- NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE);
- return 0;
- }
- pvDSOHandle=NULL;
- pfnModExp=NULL;
- return 1;
- }
-
-static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
- switch(cmd)
- {
- case NURON_CMD_SO_PATH:
- if(p == NULL)
- {
- NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED);
- return 0;
- }
- return set_NURON_LIBNAME((const char *)p);
- default:
- break;
- }
- NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
-}
-
-static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
- const BIGNUM *m,BN_CTX *ctx)
- {
- if(!pvDSOHandle)
- {
- NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED);
- return 0;
- }
- return pfnModExp(r,a,p,m);
- }
-
-#ifndef OPENSSL_NO_RSA
-static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- return nuron_mod_exp(r0,I,rsa->d,rsa->n,ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* This code was liberated and adapted from the commented-out code in
- * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
- * (it doesn't have a CRT form for RSA), this function means that an
- * Atalla system running with a DSA server certificate can handshake
- * around 5 or 6 times faster/more than an equivalent system running with
- * RSA. Just check out the "signs" statistics from the RSA and DSA parts
- * of "openssl speed -engine atalla dsa1024 rsa1024". */
-static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!nuron_mod_exp(rr,a1,p1,m,ctx))
- goto end;
- /* let t = a2 ^ p2 mod m */
- if (!nuron_mod_exp(&t,a2,p2,m,ctx))
- goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx))
- goto end;
- to_return = 1;
-end:
- BN_free(&t);
- return to_return;
- }
-
-
-static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return nuron_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-#ifndef OPENSSL_NO_RSA
-static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return nuron_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return nuron_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static RSA_METHOD nuron_rsa =
- {
- "Nuron RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- nuron_rsa_mod_exp,
- nuron_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-static DSA_METHOD nuron_dsa =
- {
- "Nuron DSA method",
- NULL, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- NULL, /* dsa_do_verify */
- nuron_dsa_mod_exp, /* dsa_mod_exp */
- nuron_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-static DH_METHOD nuron_dh =
- {
- "Nuron DH method",
- NULL,
- NULL,
- nuron_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_nuron_id = "nuron";
-static const char *engine_nuron_name = "Nuron hardware engine support";
-
-/* This internal function is used by ENGINE_nuron() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
- if(!ENGINE_set_id(e, engine_nuron_id) ||
- !ENGINE_set_name(e, engine_nuron_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &nuron_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &nuron_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &nuron_dh) ||
-#endif
- !ENGINE_set_destroy_function(e, nuron_destroy) ||
- !ENGINE_set_init_function(e, nuron_init) ||
- !ENGINE_set_finish_function(e, nuron_finish) ||
- !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
- !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the nuron-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1=RSA_PKCS1_SSLeay();
- nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc;
- nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
- nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
- nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2=DSA_OpenSSL();
- nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
- nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
- nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3=DH_OpenSSL();
- nuron_dh.generate_key=meth3->generate_key;
- nuron_dh.compute_key=meth3->compute_key;
-#endif
-
- /* Ensure the nuron error handling is set up */
- ERR_load_NURON_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_nuron(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_nuron(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_nuron();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_nuron_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW_NURON */
-#endif /* !OPENSSL_NO_HW */
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_nuron.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_nuron.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_nuron.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_nuron.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,436 @@
+/* crypto/engine/hw_nuron.c */
+/*
+ * Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
+ * Thorpe's Atalla implementation.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_NURON
+
+# define NURON_LIB_NAME "nuron engine"
+# include "e_nuron_err.c"
+
+static const char *NURON_LIBNAME = NULL;
+static const char *get_NURON_LIBNAME(void)
+{
+ if (NURON_LIBNAME)
+ return NURON_LIBNAME;
+ return "nuronssl";
+}
+
+static void free_NURON_LIBNAME(void)
+{
+ if (NURON_LIBNAME)
+ OPENSSL_free((void *)NURON_LIBNAME);
+ NURON_LIBNAME = NULL;
+}
+
+static long set_NURON_LIBNAME(const char *name)
+{
+ free_NURON_LIBNAME();
+ return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
+static const char *NURON_F1 = "nuron_mod_exp";
+
+/* The definitions for control commands specific to this engine */
+# define NURON_CMD_SO_PATH ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
+ {NURON_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'nuronssl' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+typedef int tfnModExp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m);
+static tfnModExp *pfnModExp = NULL;
+
+static DSO *pvDSOHandle = NULL;
+
+static int nuron_destroy(ENGINE *e)
+{
+ free_NURON_LIBNAME();
+ ERR_unload_NURON_strings();
+ return 1;
+}
+
+static int nuron_init(ENGINE *e)
+{
+ if (pvDSOHandle != NULL) {
+ NURONerr(NURON_F_NURON_INIT, NURON_R_ALREADY_LOADED);
+ return 0;
+ }
+
+ pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
+ DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
+ if (!pvDSOHandle) {
+ NURONerr(NURON_F_NURON_INIT, NURON_R_DSO_NOT_FOUND);
+ return 0;
+ }
+
+ pfnModExp = (tfnModExp *) DSO_bind_func(pvDSOHandle, NURON_F1);
+ if (!pfnModExp) {
+ NURONerr(NURON_F_NURON_INIT, NURON_R_DSO_FUNCTION_NOT_FOUND);
+ return 0;
+ }
+
+ return 1;
+}
+
+static int nuron_finish(ENGINE *e)
+{
+ free_NURON_LIBNAME();
+ if (pvDSOHandle == NULL) {
+ NURONerr(NURON_F_NURON_FINISH, NURON_R_NOT_LOADED);
+ return 0;
+ }
+ if (!DSO_free(pvDSOHandle)) {
+ NURONerr(NURON_F_NURON_FINISH, NURON_R_DSO_FAILURE);
+ return 0;
+ }
+ pvDSOHandle = NULL;
+ pfnModExp = NULL;
+ return 1;
+}
+
+static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
+ switch (cmd) {
+ case NURON_CMD_SO_PATH:
+ if (p == NULL) {
+ NURONerr(NURON_F_NURON_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ NURONerr(NURON_F_NURON_CTRL, NURON_R_ALREADY_LOADED);
+ return 0;
+ }
+ return set_NURON_LIBNAME((const char *)p);
+ default:
+ break;
+ }
+ NURONerr(NURON_F_NURON_CTRL, NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
+
+static int nuron_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ if (!pvDSOHandle) {
+ NURONerr(NURON_F_NURON_MOD_EXP, NURON_R_NOT_LOADED);
+ return 0;
+ }
+ return pfnModExp(r, a, p, m);
+}
+
+# ifndef OPENSSL_NO_RSA
+static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ return nuron_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/*
+ * This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration (it
+ * doesn't have a CRT form for RSA), this function means that an Atalla
+ * system running with a DSA server certificate can handshake around 5 or 6
+ * times faster/more than an equivalent system running with RSA. Just check
+ * out the "signs" statistics from the RSA and DSA parts of "openssl speed
+ * -engine atalla dsa1024 rsa1024".
+ */
+static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ BIGNUM t;
+ int to_return = 0;
+
+ BN_init(&t);
+ /* let rr = a1 ^ p1 mod m */
+ if (!nuron_mod_exp(rr, a1, p1, m, ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!nuron_mod_exp(&t, a2, p2, m, ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr, rr, &t, m, ctx))
+ goto end;
+ to_return = 1;
+ end:
+ BN_free(&t);
+ return to_return;
+}
+
+static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return nuron_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+# ifndef OPENSSL_NO_RSA
+static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return nuron_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return nuron_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_RSA
+static RSA_METHOD nuron_rsa = {
+ "Nuron RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ nuron_rsa_mod_exp,
+ nuron_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
+
+# ifndef OPENSSL_NO_DSA
+static DSA_METHOD nuron_dsa = {
+ "Nuron DSA method",
+ NULL, /* dsa_do_sign */
+ NULL, /* dsa_sign_setup */
+ NULL, /* dsa_do_verify */
+ nuron_dsa_mod_exp, /* dsa_mod_exp */
+ nuron_mod_exp_dsa, /* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* dsa_paramgen */
+ NULL /* dsa_keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
+static DH_METHOD nuron_dh = {
+ "Nuron DH method",
+ NULL,
+ NULL,
+ nuron_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL
+};
+# endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_nuron_id = "nuron";
+static const char *engine_nuron_name = "Nuron hardware engine support";
+
+/*
+ * This internal function is used by ENGINE_nuron() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DSA
+ const DSA_METHOD *meth2;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth3;
+# endif
+ if (!ENGINE_set_id(e, engine_nuron_id) ||
+ !ENGINE_set_name(e, engine_nuron_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &nuron_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &nuron_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &nuron_dh) ||
+# endif
+ !ENGINE_set_destroy_function(e, nuron_destroy) ||
+ !ENGINE_set_init_function(e, nuron_init) ||
+ !ENGINE_set_finish_function(e, nuron_finish) ||
+ !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
+ !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * nuron-specific mod_exp and mod_exp_crt so we use those functions. NB:
+ * We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ nuron_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ nuron_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ nuron_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ nuron_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ /*
+ * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
+ */
+ meth2 = DSA_OpenSSL();
+ nuron_dsa.dsa_do_sign = meth2->dsa_do_sign;
+ nuron_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+ nuron_dsa.dsa_do_verify = meth2->dsa_do_verify;
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth3 = DH_OpenSSL();
+ nuron_dh.generate_key = meth3->generate_key;
+ nuron_dh.compute_key = meth3->compute_key;
+# endif
+
+ /* Ensure the nuron error handling is set up */
+ ERR_load_NURON_strings();
+ return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_nuron(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_nuron(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_nuron();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_nuron_id) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_HW_NURON */
+#endif /* !OPENSSL_NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_nuron_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,146 +0,0 @@
-/* e_nuron_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_nuron_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA NURON_str_functs[]=
- {
-{ERR_FUNC(NURON_F_NURON_CTRL), "NURON_CTRL"},
-{ERR_FUNC(NURON_F_NURON_FINISH), "NURON_FINISH"},
-{ERR_FUNC(NURON_F_NURON_INIT), "NURON_INIT"},
-{ERR_FUNC(NURON_F_NURON_MOD_EXP), "NURON_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA NURON_str_reasons[]=
- {
-{ERR_REASON(NURON_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(NURON_R_DSO_FAILURE) ,"dso failure"},
-{ERR_REASON(NURON_R_DSO_FUNCTION_NOT_FOUND),"dso function not found"},
-{ERR_REASON(NURON_R_DSO_NOT_FOUND) ,"dso not found"},
-{ERR_REASON(NURON_R_NOT_LOADED) ,"not loaded"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef NURON_LIB_NAME
-static ERR_STRING_DATA NURON_lib_name[]=
- {
-{0 ,NURON_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int NURON_lib_error_code=0;
-static int NURON_error_init=1;
-
-static void ERR_load_NURON_strings(void)
- {
- if (NURON_lib_error_code == 0)
- NURON_lib_error_code=ERR_get_next_error_library();
-
- if (NURON_error_init)
- {
- NURON_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(NURON_lib_error_code,NURON_str_functs);
- ERR_load_strings(NURON_lib_error_code,NURON_str_reasons);
-#endif
-
-#ifdef NURON_LIB_NAME
- NURON_lib_name->error = ERR_PACK(NURON_lib_error_code,0,0);
- ERR_load_strings(0,NURON_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_NURON_strings(void)
- {
- if (NURON_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(NURON_lib_error_code,NURON_str_functs);
- ERR_unload_strings(NURON_lib_error_code,NURON_str_reasons);
-#endif
-
-#ifdef NURON_LIB_NAME
- ERR_unload_strings(0,NURON_lib_name);
-#endif
- NURON_error_init=1;
- }
- }
-
-static void ERR_NURON_error(int function, int reason, char *file, int line)
- {
- if (NURON_lib_error_code == 0)
- NURON_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(NURON_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_nuron_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,142 @@
+/* e_nuron_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_nuron_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA NURON_str_functs[] = {
+ {ERR_FUNC(NURON_F_NURON_CTRL), "NURON_CTRL"},
+ {ERR_FUNC(NURON_F_NURON_FINISH), "NURON_FINISH"},
+ {ERR_FUNC(NURON_F_NURON_INIT), "NURON_INIT"},
+ {ERR_FUNC(NURON_F_NURON_MOD_EXP), "NURON_MOD_EXP"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA NURON_str_reasons[] = {
+ {ERR_REASON(NURON_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(NURON_R_DSO_FAILURE), "dso failure"},
+ {ERR_REASON(NURON_R_DSO_FUNCTION_NOT_FOUND), "dso function not found"},
+ {ERR_REASON(NURON_R_DSO_NOT_FOUND), "dso not found"},
+ {ERR_REASON(NURON_R_NOT_LOADED), "not loaded"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef NURON_LIB_NAME
+static ERR_STRING_DATA NURON_lib_name[] = {
+ {0, NURON_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int NURON_lib_error_code = 0;
+static int NURON_error_init = 1;
+
+static void ERR_load_NURON_strings(void)
+{
+ if (NURON_lib_error_code == 0)
+ NURON_lib_error_code = ERR_get_next_error_library();
+
+ if (NURON_error_init) {
+ NURON_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(NURON_lib_error_code, NURON_str_functs);
+ ERR_load_strings(NURON_lib_error_code, NURON_str_reasons);
+#endif
+
+#ifdef NURON_LIB_NAME
+ NURON_lib_name->error = ERR_PACK(NURON_lib_error_code, 0, 0);
+ ERR_load_strings(0, NURON_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_NURON_strings(void)
+{
+ if (NURON_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(NURON_lib_error_code, NURON_str_functs);
+ ERR_unload_strings(NURON_lib_error_code, NURON_str_reasons);
+#endif
+
+#ifdef NURON_LIB_NAME
+ ERR_unload_strings(0, NURON_lib_name);
+#endif
+ NURON_error_init = 1;
+ }
+}
+
+static void ERR_NURON_error(int function, int reason, char *file, int line)
+{
+ if (NURON_lib_error_code == 0)
+ NURON_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(NURON_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.h
===================================================================
--- vendor-crypto/openssl/dist/engines/e_nuron_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,90 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_NURON_ERR_H
-#define HEADER_NURON_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_NURON_strings(void);
-static void ERR_unload_NURON_strings(void);
-static void ERR_NURON_error(int function, int reason, char *file, int line);
-#define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the NURON functions. */
-
-/* Function codes. */
-#define NURON_F_NURON_CTRL 100
-#define NURON_F_NURON_FINISH 101
-#define NURON_F_NURON_INIT 102
-#define NURON_F_NURON_MOD_EXP 103
-
-/* Reason codes. */
-#define NURON_R_ALREADY_LOADED 100
-#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED 101
-#define NURON_R_DSO_FAILURE 102
-#define NURON_R_DSO_FUNCTION_NOT_FOUND 103
-#define NURON_R_DSO_NOT_FOUND 104
-#define NURON_R_NOT_LOADED 105
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.h (from rev 6976, vendor-crypto/openssl/dist/engines/e_nuron_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_nuron_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,91 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_NURON_ERR_H
+# define HEADER_NURON_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_NURON_strings(void);
+static void ERR_unload_NURON_strings(void);
+static void ERR_NURON_error(int function, int reason, char *file, int line);
+# define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the NURON functions. */
+
+/* Function codes. */
+# define NURON_F_NURON_CTRL 100
+# define NURON_F_NURON_FINISH 101
+# define NURON_F_NURON_INIT 102
+# define NURON_F_NURON_MOD_EXP 103
+
+/* Reason codes. */
+# define NURON_R_ALREADY_LOADED 100
+# define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED 101
+# define NURON_R_DSO_FAILURE 102
+# define NURON_R_DSO_FUNCTION_NOT_FOUND 103
+# define NURON_R_DSO_NOT_FOUND 104
+# define NURON_R_NOT_LOADED 105
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_sureware.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_sureware.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_sureware.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1057 +0,0 @@
-/* Written by Corinne Dive-Reclus(cdive at baltimore.com)
-*
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions
-* are met:
-*
-* 1. Redistributions of source code must retain the above copyright
-* notice, this list of conditions and the following disclaimer.
-*
-* 2. Redistributions in binary form must reproduce the above copyright
-* notice, this list of conditions and the following disclaimer in
-* the documentation and/or other materials provided with the
-* distribution.
-*
-* 3. All advertising materials mentioning features or use of this
-* software must display the following acknowledgment:
-* "This product includes software developed by the OpenSSL Project
-* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-*
-* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-* endorse or promote products derived from this software without
-* prior written permission. For written permission, please contact
-* licensing at OpenSSL.org.
-*
-* 5. Products derived from this software may not be called "OpenSSL"
-* nor may "OpenSSL" appear in their names without prior written
-* permission of the OpenSSL Project.
-*
-* 6. Redistributions of any form whatsoever must retain the following
-* acknowledgment:
-* "This product includes software developed by the OpenSSL Project
-* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-*
-* Written by Corinne Dive-Reclus(cdive at baltimore.com)
-*
-* Copyright at 2001 Baltimore Technologies Ltd.
-* All right Reserved.
-* *
-* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
-* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
-* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
-* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
-* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
-* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
-* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
-* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
-* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
-* SUCH DAMAGE. *
-====================================================================*/
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/pem.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_SUREWARE
-
-#ifdef FLAT_INC
-#include "sureware.h"
-#else
-#include "vendor_defns/sureware.h"
-#endif
-
-#define SUREWARE_LIB_NAME "sureware engine"
-#include "e_sureware_err.c"
-
-static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-static int surewarehk_destroy(ENGINE *e);
-static int surewarehk_init(ENGINE *e);
-static int surewarehk_finish(ENGINE *e);
-static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-
-/* RSA stuff */
-#ifndef OPENSSL_NO_RSA
-static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
- RSA *rsa,int padding);
-static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
- RSA *rsa,int padding);
-#endif
-
-/* RAND stuff */
-static int surewarehk_rand_bytes(unsigned char *buf, int num);
-static void surewarehk_rand_seed(const void *buf, int num);
-static void surewarehk_rand_add(const void *buf, int num, double entropy);
-
-/* KM stuff */
-static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp);
-#if 0
-static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp);
-#endif
-
-#ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
- return surewarehk_modexp(r, a, p, m, ctx);
-}
-
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD surewarehk_rsa =
- {
- "SureWare RSA method",
- NULL, /* pub_enc*/
- NULL, /* pub_dec*/
- surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
- surewarehk_rsa_priv_dec, /* priv_dec*/
- NULL, /*mod_exp*/
- surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
- NULL, /* init*/
- NULL, /* finish*/
- 0, /* RSA flag*/
- NULL,
- NULL, /* OpenSSL sign*/
- NULL, /* OpenSSL verify*/
- NULL /* keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
- return surewarehk_modexp(r, a, p, m, ctx);
-}
-
-static DH_METHOD surewarehk_dh =
- {
- "SureWare DH method",
- NULL,/*gen_key*/
- NULL,/*agree,*/
- surewarehk_modexp_dh, /*dh mod exp*/
- NULL, /* init*/
- NULL, /* finish*/
- 0, /* flags*/
- NULL,
- NULL
- };
-#endif
-
-static RAND_METHOD surewarehk_rand =
- {
- /* "SureWare RAND method", */
- surewarehk_rand_seed,
- surewarehk_rand_bytes,
- NULL,/*cleanup*/
- surewarehk_rand_add,
- surewarehk_rand_bytes,
- NULL,/*rand_status*/
- };
-
-#ifndef OPENSSL_NO_DSA
-/* DSA stuff */
-static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
- BIGNUM t;
- int to_return = 0;
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
-end:
- BN_free(&t);
- return to_return;
-}
-
-static DSA_METHOD surewarehk_dsa =
- {
- "SureWare DSA method",
- surewarehk_dsa_do_sign,
- NULL,/*sign setup*/
- NULL,/*verify,*/
- surewarehk_dsa_mod_exp,/*mod exp*/
- NULL,/*bn mod exp*/
- NULL, /*init*/
- NULL,/*finish*/
- 0,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-static const char *engine_sureware_id = "sureware";
-static const char *engine_sureware_name = "SureWare hardware engine support";
-
-/* Now, to our own code */
-
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-static int bind_sureware(ENGINE *e)
-{
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
-
- if(!ENGINE_set_id(e, engine_sureware_id) ||
- !ENGINE_set_name(e, engine_sureware_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &surewarehk_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &surewarehk_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &surewarehk_dh) ||
-#endif
- !ENGINE_set_RAND(e, &surewarehk_rand) ||
- !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
- !ENGINE_set_init_function(e, surewarehk_init) ||
- !ENGINE_set_finish_function(e, surewarehk_finish) ||
- !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
- !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
- !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the cswift-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- if (meth1)
- {
- surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2 = DSA_OpenSSL();
- if (meth2)
- {
- surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- if (meth3)
- {
- surewarehk_dh.generate_key = meth3->generate_key;
- surewarehk_dh.compute_key = meth3->compute_key;
- }
-#endif
-
- /* Ensure the sureware error handling is set up */
- ERR_load_SUREWARE_strings();
- return 1;
-}
-
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_helper(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_sureware_id) != 0))
- return 0;
- if(!bind_sureware(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-#else
-static ENGINE *engine_sureware(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_sureware(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_sureware(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_sureware();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the SureWareHook library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *surewarehk_dso = NULL;
-#ifndef OPENSSL_NO_RSA
-static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */
-#endif
-#ifndef OPENSSL_NO_DSA
-static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */
-#endif
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-static SureWareHook_Init_t *p_surewarehk_Init = NULL;
-static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
-static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
-static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
-static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
-static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
-static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
-static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
-static SureWareHook_Free_t *p_surewarehk_Free=NULL;
-static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
-static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
-static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
-static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
-
-/* Used in the DSO operations. */
-static const char *surewarehk_LIBNAME = "SureWareHook";
-static const char *n_surewarehk_Init = "SureWareHook_Init";
-static const char *n_surewarehk_Finish = "SureWareHook_Finish";
-static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
-static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
-static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
-static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
-static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
-static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
-static const char *n_surewarehk_Free="SureWareHook_Free";
-static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
-static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
-static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
-static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
-static BIO *logstream = NULL;
-
-/* SureWareHook library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no
- * error checking, take a look lower down where these functions are
- * called, the checking and error handling is probably down there.
-*/
-static int threadsafe=1;
-static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-{
- int to_return = 1;
-
- switch(cmd)
- {
- case ENGINE_CTRL_SET_LOGSTREAM:
- {
- BIO *bio = (BIO *)p;
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if (logstream)
- {
- BIO_free(logstream);
- logstream = NULL;
- }
- if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
- logstream = bio;
- else
- SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- /* This will prevent the initialisation function from "installing"
- * the mutex-handling callbacks, even if they are available from
- * within the library (or were provided to the library from the
- * calling application). This is to remove any baggage for
- * applications not using multithreading. */
- case ENGINE_CTRL_CHIL_NO_LOCKING:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- threadsafe = 0;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
-
- /* The command isn't understood by this engine */
- default:
- SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
- ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- to_return = 0;
- break;
- }
-
- return to_return;
-}
-
-/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
-static int surewarehk_destroy(ENGINE *e)
-{
- ERR_unload_SUREWARE_strings();
- return 1;
-}
-
-/* (de)initialisation functions. */
-static int surewarehk_init(ENGINE *e)
-{
- char msg[64]="ENGINE_init";
- SureWareHook_Init_t *p1=NULL;
- SureWareHook_Finish_t *p2=NULL;
- SureWareHook_Rand_Bytes_t *p3=NULL;
- SureWareHook_Rand_Seed_t *p4=NULL;
- SureWareHook_Load_Privkey_t *p5=NULL;
- SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
- SureWareHook_Free_t *p7=NULL;
- SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
- SureWareHook_Rsa_Sign_t *p9=NULL;
- SureWareHook_Dsa_Sign_t *p12=NULL;
- SureWareHook_Info_Pubkey_t *p13=NULL;
- SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
- SureWareHook_Mod_Exp_t *p15=NULL;
-
- if(surewarehk_dso != NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
- surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
- if(surewarehk_dso == NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
- goto err;
- }
- if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
- !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
- !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
- !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
- !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
- !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
- !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
- !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
- !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
- !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
- !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
- !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
- !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
- goto err;
- }
- /* Copy the pointers */
- p_surewarehk_Init = p1;
- p_surewarehk_Finish = p2;
- p_surewarehk_Rand_Bytes = p3;
- p_surewarehk_Rand_Seed = p4;
- p_surewarehk_Load_Privkey = p5;
- p_surewarehk_Load_Rsa_Pubkey = p6;
- p_surewarehk_Free = p7;
- p_surewarehk_Rsa_Priv_Dec = p8;
- p_surewarehk_Rsa_Sign = p9;
- p_surewarehk_Dsa_Sign = p12;
- p_surewarehk_Info_Pubkey = p13;
- p_surewarehk_Load_Dsa_Pubkey = p14;
- p_surewarehk_Mod_Exp = p15;
- /* Contact the hardware and initialises it. */
- if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
- goto err;
- }
- if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
- goto err;
- }
- /* try to load the default private key, if failed does not return a failure but
- wait for an explicit ENGINE_load_privakey */
- surewarehk_load_privkey(e,NULL,NULL,NULL);
-
- /* Everything's fine. */
-#ifndef OPENSSL_NO_RSA
- if (rsaHndidx == -1)
- rsaHndidx = RSA_get_ex_new_index(0,
- "SureWareHook RSA key handle",
- NULL, NULL, surewarehk_ex_free);
-#endif
-#ifndef OPENSSL_NO_DSA
- if (dsaHndidx == -1)
- dsaHndidx = DSA_get_ex_new_index(0,
- "SureWareHook DSA key handle",
- NULL, NULL, surewarehk_ex_free);
-#endif
-
- return 1;
-err:
- if(surewarehk_dso)
- DSO_free(surewarehk_dso);
- surewarehk_dso = NULL;
- p_surewarehk_Init = NULL;
- p_surewarehk_Finish = NULL;
- p_surewarehk_Rand_Bytes = NULL;
- p_surewarehk_Rand_Seed = NULL;
- p_surewarehk_Load_Privkey = NULL;
- p_surewarehk_Load_Rsa_Pubkey = NULL;
- p_surewarehk_Free = NULL;
- p_surewarehk_Rsa_Priv_Dec = NULL;
- p_surewarehk_Rsa_Sign = NULL;
- p_surewarehk_Dsa_Sign = NULL;
- p_surewarehk_Info_Pubkey = NULL;
- p_surewarehk_Load_Dsa_Pubkey = NULL;
- p_surewarehk_Mod_Exp = NULL;
- return 0;
-}
-
-static int surewarehk_finish(ENGINE *e)
-{
- int to_return = 1;
- if(surewarehk_dso == NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
- to_return = 0;
- goto err;
- }
- p_surewarehk_Finish();
- if(!DSO_free(surewarehk_dso))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
- to_return = 0;
- goto err;
- }
- err:
- if (logstream)
- BIO_free(logstream);
- surewarehk_dso = NULL;
- p_surewarehk_Init = NULL;
- p_surewarehk_Finish = NULL;
- p_surewarehk_Rand_Bytes = NULL;
- p_surewarehk_Rand_Seed = NULL;
- p_surewarehk_Load_Privkey = NULL;
- p_surewarehk_Load_Rsa_Pubkey = NULL;
- p_surewarehk_Free = NULL;
- p_surewarehk_Rsa_Priv_Dec = NULL;
- p_surewarehk_Rsa_Sign = NULL;
- p_surewarehk_Dsa_Sign = NULL;
- p_surewarehk_Info_Pubkey = NULL;
- p_surewarehk_Load_Dsa_Pubkey = NULL;
- p_surewarehk_Mod_Exp = NULL;
- return to_return;
-}
-
-static void surewarehk_error_handling(char *const msg,int func,int ret)
-{
- switch (ret)
- {
- case SUREWAREHOOK_ERROR_UNIT_FAILURE:
- ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
- break;
- case SUREWAREHOOK_ERROR_FALLBACK:
- ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
- break;
- case SUREWAREHOOK_ERROR_DATA_SIZE:
- ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- break;
- case SUREWAREHOOK_ERROR_INVALID_PAD:
- ENGINEerr(func,SUREWARE_R_PADDING_CHECK_FAILED);
- break;
- default:
- ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
- break;
- case 1:/*nothing*/
- msg[0]='\0';
- }
- if (*msg)
- {
- ERR_add_error_data(1,msg);
- if (logstream)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_BIO);
- BIO_write(logstream, msg, strlen(msg));
- CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
- }
- }
-}
-
-static int surewarehk_rand_bytes(unsigned char *buf, int num)
-{
- int ret=0;
- char msg[64]="ENGINE_rand_bytes";
- if(!p_surewarehk_Rand_Bytes)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- ret = p_surewarehk_Rand_Bytes(msg,buf, num);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
- }
- return ret==1 ? 1 : 0;
-}
-
-static void surewarehk_rand_seed(const void *buf, int num)
-{
- int ret=0;
- char msg[64]="ENGINE_rand_seed";
- if(!p_surewarehk_Rand_Seed)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- ret = p_surewarehk_Rand_Seed(msg,buf, num);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
- }
-}
-
-static void surewarehk_rand_add(const void *buf, int num, double entropy)
-{
- surewarehk_rand_seed(buf,num);
-}
-
-static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
-{
- EVP_PKEY *res = NULL;
-#ifndef OPENSSL_NO_RSA
- RSA *rsatmp = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
- DSA *dsatmp=NULL;
-#endif
- char msg[64]="sureware_load_public";
- int ret=0;
- if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
- {
- SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_NOT_INITIALISED);
- goto err;
- }
- switch (keytype)
- {
-#ifndef OPENSSL_NO_RSA
- case 1: /*RSA*/
- /* set private external reference */
- rsatmp = RSA_new_method(e);
- RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
- rsatmp->flags |= RSA_FLAG_EXT_PKEY;
-
- /* set public big nums*/
- rsatmp->e = BN_new();
- rsatmp->n = BN_new();
- bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
- bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
- if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||
- !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
- goto err;
- ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
- (unsigned long *)rsatmp->n->d,
- (unsigned long *)rsatmp->e->d);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
- if (ret!=1)
- {
- SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
- goto err;
- }
- /* normalise pub e and pub n */
- rsatmp->e->top=el/sizeof(BN_ULONG);
- bn_fix_top(rsatmp->e);
- rsatmp->n->top=el/sizeof(BN_ULONG);
- bn_fix_top(rsatmp->n);
- /* create an EVP object: engine + rsa key */
- res = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(res, rsatmp);
- break;
-#endif
-
-#ifndef OPENSSL_NO_DSA
- case 2:/*DSA*/
- /* set private/public external reference */
- dsatmp = DSA_new_method(e);
- DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
- /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
-
- /* set public key*/
- dsatmp->pub_key = BN_new();
- dsatmp->p = BN_new();
- dsatmp->q = BN_new();
- dsatmp->g = BN_new();
- bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
- bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
- bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
- bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
- if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||
- !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
- !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
- !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
- goto err;
-
- ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
- (unsigned long *)dsatmp->pub_key->d,
- (unsigned long *)dsatmp->p->d,
- (unsigned long *)dsatmp->q->d,
- (unsigned long *)dsatmp->g->d);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
- if (ret!=1)
- {
- SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
- goto err;
- }
- /* set parameters */
- /* normalise pubkey and parameters in case of */
- dsatmp->pub_key->top=el/sizeof(BN_ULONG);
- bn_fix_top(dsatmp->pub_key);
- dsatmp->p->top=el/sizeof(BN_ULONG);
- bn_fix_top(dsatmp->p);
- dsatmp->q->top=20/sizeof(BN_ULONG);
- bn_fix_top(dsatmp->q);
- dsatmp->g->top=el/sizeof(BN_ULONG);
- bn_fix_top(dsatmp->g);
-
- /* create an EVP object: engine + rsa key */
- res = EVP_PKEY_new();
- EVP_PKEY_assign_DSA(res, dsatmp);
- break;
-#endif
-
- default:
- SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- goto err;
- }
- return res;
- err:
- if (res)
- EVP_PKEY_free(res);
-#ifndef OPENSSL_NO_RSA
- if (rsatmp)
- RSA_free(rsatmp);
-#endif
-#ifndef OPENSSL_NO_DSA
- if (dsatmp)
- DSA_free(dsatmp);
-#endif
- return NULL;
-}
-
-static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
-{
- EVP_PKEY *res = NULL;
- int ret=0;
- unsigned long el=0;
- char *hptr=NULL;
- char keytype=0;
- char msg[64]="ENGINE_load_privkey";
-
- if(!p_surewarehk_Load_Privkey)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
- if (ret!=1)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- ERR_add_error_data(1,msg);
- }
- else
- res=sureware_load_public(e,key_id,hptr,el,keytype);
- }
- return res;
-}
-
-static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
-{
- EVP_PKEY *res = NULL;
- int ret=0;
- unsigned long el=0;
- char *hptr=NULL;
- char keytype=0;
- char msg[64]="ENGINE_load_pubkey";
-
- if(!p_surewarehk_Info_Pubkey)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- /* call once to identify if DSA or RSA */
- ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
- if (ret!=1)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
- ERR_add_error_data(1,msg);
- }
- else
- res=sureware_load_public(e,key_id,hptr,el,keytype);
- }
- return res;
-}
-
-/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
-, called when ex_data is freed */
-static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp)
-{
- if(!p_surewarehk_Free)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
- }
- else
- p_surewarehk_Free((char *)item,0);
-}
-
-#if 0
-/* not currently used (bug?) */
-/* This cleans up an DH KM key (destroys the key into hardware),
-called when ex_data is freed */
-static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp)
-{
- if(!p_surewarehk_Free)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE,ENGINE_R_NOT_INITIALISED);
- }
- else
- p_surewarehk_Free((char *)item,1);
-}
-#endif
-
-/*
-* return number of decrypted bytes
-*/
-#ifndef OPENSSL_NO_RSA
-static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
- RSA *rsa,int padding)
-{
- int ret=0,tlen;
- char *buf=NULL,*hptr=NULL;
- char msg[64]="ENGINE_rsa_priv_dec";
- if (!p_surewarehk_Rsa_Priv_Dec)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
- }
- /* extract ref to private key */
- else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
- /* analyse what padding we can do into the hardware */
- if (padding==RSA_PKCS1_PADDING)
- {
- /* do it one shot */
- ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
- if (ret!=1)
- goto err;
- ret=tlen;
- }
- else /* do with no padding into hardware */
- {
- ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
- if (ret!=1)
- goto err;
- /* intermediate buffer for padding */
- if ((buf=OPENSSL_malloc(tlen)) == NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- memcpy(buf,to,tlen);/* transfert to into buf */
- switch (padding) /* check padding in software */
- {
-#ifndef OPENSSL_NO_SHA
- case RSA_PKCS1_OAEP_PADDING:
- ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
- break;
-#endif
- case RSA_SSLV23_PADDING:
- ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
- break;
- case RSA_NO_PADDING:
- ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
- break;
- default:
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
- if (ret < 0)
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_PADDING_CHECK_FAILED);
- }
-err:
- if (buf)
- {
- OPENSSL_cleanse(buf,tlen);
- OPENSSL_free(buf);
- }
- return ret;
-}
-
-/*
-* Does what OpenSSL rsa_priv_enc does.
-*/
-static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
- RSA *rsa,int padding)
-{
- int ret=0,tlen;
- char *hptr=NULL;
- char msg[64]="ENGINE_rsa_sign";
- if (!p_surewarehk_Rsa_Sign)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,ENGINE_R_NOT_INITIALISED);
- }
- /* extract ref to private key */
- else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
- }
- else
- {
- switch (padding)
- {
- case RSA_PKCS1_PADDING: /* do it in one shot */
- ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_SIGN,ret);
- break;
- case RSA_NO_PADDING:
- default:
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_UNKNOWN_PADDING_TYPE);
- }
- }
- return ret==1 ? tlen : ret;
-}
-
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* DSA sign and verify */
-static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
-{
- int ret=0;
- char *hptr=NULL;
- DSA_SIG *psign=NULL;
- char msg[64]="ENGINE_dsa_do_sign";
- if (!p_surewarehk_Dsa_Sign)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
- goto err;
- }
- /* extract ref to private key */
- else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
- else
- {
- if((psign = DSA_SIG_new()) == NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- psign->r=BN_new();
- psign->s=BN_new();
- bn_expand2(psign->r, 20/sizeof(BN_ULONG));
- bn_expand2(psign->s, 20/sizeof(BN_ULONG));
- if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
- !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
- goto err;
- ret=p_surewarehk_Dsa_Sign(msg,flen,from,
- (unsigned long *)psign->r->d,
- (unsigned long *)psign->s->d,
- hptr);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
- }
- psign->r->top=20/sizeof(BN_ULONG);
- bn_fix_top(psign->r);
- psign->s->top=20/sizeof(BN_ULONG);
- bn_fix_top(psign->s);
-
-err:
- if (psign)
- {
- DSA_SIG_free(psign);
- psign=NULL;
- }
- return psign;
-}
-#endif
-
-static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
-{
- int ret=0;
- char msg[64]="ENGINE_modexp";
- if (!p_surewarehk_Mod_Exp)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- bn_expand2(r,m->top);
- if (r && r->dmax==m->top)
- {
- /* do it*/
- ret=p_surewarehk_Mod_Exp(msg,
- m->top*sizeof(BN_ULONG),
- (unsigned long *)m->d,
- p->top*sizeof(BN_ULONG),
- (unsigned long *)p->d,
- a->top*sizeof(BN_ULONG),
- (unsigned long *)a->d,
- (unsigned long *)r->d);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MODEXP,ret);
- if (ret==1)
- {
- /* normalise result */
- r->top=m->top;
- bn_fix_top(r);
- }
- }
- }
- return ret;
-}
-#endif /* !OPENSSL_NO_HW_SureWare */
-#endif /* !OPENSSL_NO_HW */
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_sureware.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_sureware.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_sureware.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_sureware.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1098 @@
+/*-
+* Written by Corinne Dive-Reclus(cdive at baltimore.com)
+*
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+*
+* 1. Redistributions of source code must retain the above copyright
+* notice, this list of conditions and the following disclaimer.
+*
+* 2. Redistributions in binary form must reproduce the above copyright
+* notice, this list of conditions and the following disclaimer in
+* the documentation and/or other materials provided with the
+* distribution.
+*
+* 3. All advertising materials mentioning features or use of this
+* software must display the following acknowledgment:
+* "This product includes software developed by the OpenSSL Project
+* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+*
+* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+* endorse or promote products derived from this software without
+* prior written permission. For written permission, please contact
+* licensing at OpenSSL.org.
+*
+* 5. Products derived from this software may not be called "OpenSSL"
+* nor may "OpenSSL" appear in their names without prior written
+* permission of the OpenSSL Project.
+*
+* 6. Redistributions of any form whatsoever must retain the following
+* acknowledgment:
+* "This product includes software developed by the OpenSSL Project
+* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+*
+* Written by Corinne Dive-Reclus(cdive at baltimore.com)
+*
+* Copyright at 2001 Baltimore Technologies Ltd.
+* All right Reserved.
+* *
+* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
+* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
+* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
+* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
+* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
+* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
+* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
+* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
+* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
+* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
+* SUCH DAMAGE. *
+====================================================================*/
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_SUREWARE
+
+# ifdef FLAT_INC
+# include "sureware.h"
+# else
+# include "vendor_defns/sureware.h"
+# endif
+
+# define SUREWARE_LIB_NAME "sureware engine"
+# include "e_sureware_err.c"
+
+static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) (void));
+static int surewarehk_destroy(ENGINE *e);
+static int surewarehk_init(ENGINE *e);
+static int surewarehk_finish(ENGINE *e);
+static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+
+/* RSA stuff */
+# ifndef OPENSSL_NO_RSA
+static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int surewarehk_rsa_sign(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+# endif
+
+/* RAND stuff */
+static int surewarehk_rand_bytes(unsigned char *buf, int num);
+static void surewarehk_rand_seed(const void *buf, int num);
+static void surewarehk_rand_add(const void *buf, int num, double entropy);
+
+/* KM stuff */
+static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data);
+static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data);
+static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+# if 0
+static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp);
+# endif
+
+# ifndef OPENSSL_NO_RSA
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return surewarehk_modexp(r, a, p, m, ctx);
+}
+
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD surewarehk_rsa = {
+ "SureWare RSA method",
+ NULL, /* pub_enc */
+ NULL, /* pub_dec */
+ surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc */
+ surewarehk_rsa_priv_dec, /* priv_dec */
+ NULL, /* mod_exp */
+ surewarehk_mod_exp_mont, /* mod_exp_mongomery */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* RSA flag */
+ NULL,
+ NULL, /* OpenSSL sign */
+ NULL, /* OpenSSL verify */
+ NULL /* keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return surewarehk_modexp(r, a, p, m, ctx);
+}
+
+static DH_METHOD surewarehk_dh = {
+ "SureWare DH method",
+ NULL, /* gen_key */
+ NULL, /* agree, */
+ surewarehk_modexp_dh, /* dh mod exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL,
+ NULL
+};
+# endif
+
+static RAND_METHOD surewarehk_rand = {
+ /* "SureWare RAND method", */
+ surewarehk_rand_seed,
+ surewarehk_rand_bytes,
+ NULL, /* cleanup */
+ surewarehk_rand_add,
+ surewarehk_rand_bytes,
+ NULL, /* rand_status */
+};
+
+# ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa);
+static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2,
+ BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont)
+{
+ BIGNUM t;
+ int to_return = 0;
+ BN_init(&t);
+ /* let rr = a1 ^ p1 mod m */
+ if (!surewarehk_modexp(rr, a1, p1, m, ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!surewarehk_modexp(&t, a2, p2, m, ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr, rr, &t, m, ctx))
+ goto end;
+ to_return = 1;
+ end:
+ BN_free(&t);
+ return to_return;
+}
+
+static DSA_METHOD surewarehk_dsa = {
+ "SureWare DSA method",
+ surewarehk_dsa_do_sign,
+ NULL, /* sign setup */
+ NULL, /* verify, */
+ surewarehk_dsa_mod_exp, /* mod exp */
+ NULL, /* bn mod exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
+
+static const char *engine_sureware_id = "sureware";
+static const char *engine_sureware_name = "SureWare hardware engine support";
+
+/* Now, to our own code */
+
+/*
+ * As this is only ever called once, there's no need for locking (indeed -
+ * the lock will already be held by our caller!!!)
+ */
+static int bind_sureware(ENGINE *e)
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DSA
+ const DSA_METHOD *meth2;
+# endif
+# ifndef OPENSSL_NO_DH
+ const DH_METHOD *meth3;
+# endif
+
+ if (!ENGINE_set_id(e, engine_sureware_id) ||
+ !ENGINE_set_name(e, engine_sureware_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &surewarehk_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &surewarehk_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &surewarehk_dh) ||
+# endif
+ !ENGINE_set_RAND(e, &surewarehk_rand) ||
+ !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
+ !ENGINE_set_init_function(e, surewarehk_init) ||
+ !ENGINE_set_finish_function(e, surewarehk_finish) ||
+ !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
+ !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
+ !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * cswift-specific mod_exp and mod_exp_crt so we use those functions. NB:
+ * We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ if (meth1) {
+ surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ }
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ /*
+ * Use the DSA_OpenSSL() method and just hook the mod_exp-ish bits.
+ */
+ meth2 = DSA_OpenSSL();
+ if (meth2) {
+ surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
+ }
+# endif
+
+# ifndef OPENSSL_NO_DH
+ /* Much the same for Diffie-Hellman */
+ meth3 = DH_OpenSSL();
+ if (meth3) {
+ surewarehk_dh.generate_key = meth3->generate_key;
+ surewarehk_dh.compute_key = meth3->compute_key;
+ }
+# endif
+
+ /* Ensure the sureware error handling is set up */
+ ERR_load_SUREWARE_strings();
+ return 1;
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_sureware_id) != 0))
+ return 0;
+ if (!bind_sureware(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# else
+static ENGINE *engine_sureware(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_sureware(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_sureware(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_sureware();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * SureWareHook library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
+static DSO *surewarehk_dso = NULL;
+# ifndef OPENSSL_NO_RSA
+/* Index for KM handle. Not really used yet. */
+static int rsaHndidx = -1;
+# endif
+# ifndef OPENSSL_NO_DSA
+/* Index for KM handle. Not really used yet. */
+static int dsaHndidx = -1;
+# endif
+
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
+static SureWareHook_Init_t *p_surewarehk_Init = NULL;
+static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
+static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
+static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
+static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
+static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
+static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
+static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
+static SureWareHook_Free_t *p_surewarehk_Free = NULL;
+static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec = NULL;
+static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign = NULL;
+static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign = NULL;
+static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp = NULL;
+
+/* Used in the DSO operations. */
+static const char *surewarehk_LIBNAME = "SureWareHook";
+static const char *n_surewarehk_Init = "SureWareHook_Init";
+static const char *n_surewarehk_Finish = "SureWareHook_Finish";
+static const char *n_surewarehk_Rand_Bytes = "SureWareHook_Rand_Bytes";
+static const char *n_surewarehk_Rand_Seed = "SureWareHook_Rand_Seed";
+static const char *n_surewarehk_Load_Privkey = "SureWareHook_Load_Privkey";
+static const char *n_surewarehk_Info_Pubkey = "SureWareHook_Info_Pubkey";
+static const char *n_surewarehk_Load_Rsa_Pubkey =
+ "SureWareHook_Load_Rsa_Pubkey";
+static const char *n_surewarehk_Load_Dsa_Pubkey =
+ "SureWareHook_Load_Dsa_Pubkey";
+static const char *n_surewarehk_Free = "SureWareHook_Free";
+static const char *n_surewarehk_Rsa_Priv_Dec = "SureWareHook_Rsa_Priv_Dec";
+static const char *n_surewarehk_Rsa_Sign = "SureWareHook_Rsa_Sign";
+static const char *n_surewarehk_Dsa_Sign = "SureWareHook_Dsa_Sign";
+static const char *n_surewarehk_Mod_Exp = "SureWareHook_Mod_Exp";
+static BIO *logstream = NULL;
+
+/*
+ * SureWareHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no error
+ * checking, take a look lower down where these functions are called, the
+ * checking and error handling is probably down there.
+ */
+static int threadsafe = 1;
+static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p,
+ void (*f) (void))
+{
+ int to_return = 1;
+
+ switch (cmd) {
+ case ENGINE_CTRL_SET_LOGSTREAM:
+ {
+ BIO *bio = (BIO *)p;
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ if (logstream) {
+ BIO_free(logstream);
+ logstream = NULL;
+ }
+ if (CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO) > 1)
+ logstream = bio;
+ else
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
+ SUREWARE_R_BIO_WAS_FREED);
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+ /*
+ * This will prevent the initialisation function from "installing"
+ * the mutex-handling callbacks, even if they are available from
+ * within the library (or were provided to the library from the
+ * calling application). This is to remove any baggage for
+ * applications not using multithreading.
+ */
+ case ENGINE_CTRL_CHIL_NO_LOCKING:
+ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+ threadsafe = 0;
+ CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+ break;
+
+ /* The command isn't understood by this engine */
+ default:
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
+ ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ to_return = 0;
+ break;
+ }
+
+ return to_return;
+}
+
+/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
+static int surewarehk_destroy(ENGINE *e)
+{
+ ERR_unload_SUREWARE_strings();
+ return 1;
+}
+
+/* (de)initialisation functions. */
+static int surewarehk_init(ENGINE *e)
+{
+ char msg[64] = "ENGINE_init";
+ SureWareHook_Init_t *p1 = NULL;
+ SureWareHook_Finish_t *p2 = NULL;
+ SureWareHook_Rand_Bytes_t *p3 = NULL;
+ SureWareHook_Rand_Seed_t *p4 = NULL;
+ SureWareHook_Load_Privkey_t *p5 = NULL;
+ SureWareHook_Load_Rsa_Pubkey_t *p6 = NULL;
+ SureWareHook_Free_t *p7 = NULL;
+ SureWareHook_Rsa_Priv_Dec_t *p8 = NULL;
+ SureWareHook_Rsa_Sign_t *p9 = NULL;
+ SureWareHook_Dsa_Sign_t *p12 = NULL;
+ SureWareHook_Info_Pubkey_t *p13 = NULL;
+ SureWareHook_Load_Dsa_Pubkey_t *p14 = NULL;
+ SureWareHook_Mod_Exp_t *p15 = NULL;
+
+ if (surewarehk_dso != NULL) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_ALREADY_LOADED);
+ goto err;
+ }
+ /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
+ surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
+ if (surewarehk_dso == NULL) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE);
+ goto err;
+ }
+ if (!
+ (p1 =
+ (SureWareHook_Init_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Init))
+|| !(p2 =
+ (SureWareHook_Finish_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Finish))
+|| !(p3 =
+ (SureWareHook_Rand_Bytes_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Rand_Bytes))
+|| !(p4 =
+ (SureWareHook_Rand_Seed_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Rand_Seed))
+|| !(p5 =
+ (SureWareHook_Load_Privkey_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Load_Privkey))
+|| !(p6 =
+ (SureWareHook_Load_Rsa_Pubkey_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Load_Rsa_Pubkey))
+|| !(p7 =
+ (SureWareHook_Free_t *) DSO_bind_func(surewarehk_dso, n_surewarehk_Free))
+|| !(p8 =
+ (SureWareHook_Rsa_Priv_Dec_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Rsa_Priv_Dec))
+|| !(p9 =
+ (SureWareHook_Rsa_Sign_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Rsa_Sign))
+|| !(p12 =
+ (SureWareHook_Dsa_Sign_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Dsa_Sign))
+|| !(p13 =
+ (SureWareHook_Info_Pubkey_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Info_Pubkey))
+|| !(p14 =
+ (SureWareHook_Load_Dsa_Pubkey_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Load_Dsa_Pubkey))
+|| !(p15 =
+ (SureWareHook_Mod_Exp_t *) DSO_bind_func(surewarehk_dso,
+ n_surewarehk_Mod_Exp))) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, ENGINE_R_DSO_FAILURE);
+ goto err;
+ }
+ /* Copy the pointers */
+ p_surewarehk_Init = p1;
+ p_surewarehk_Finish = p2;
+ p_surewarehk_Rand_Bytes = p3;
+ p_surewarehk_Rand_Seed = p4;
+ p_surewarehk_Load_Privkey = p5;
+ p_surewarehk_Load_Rsa_Pubkey = p6;
+ p_surewarehk_Free = p7;
+ p_surewarehk_Rsa_Priv_Dec = p8;
+ p_surewarehk_Rsa_Sign = p9;
+ p_surewarehk_Dsa_Sign = p12;
+ p_surewarehk_Info_Pubkey = p13;
+ p_surewarehk_Load_Dsa_Pubkey = p14;
+ p_surewarehk_Mod_Exp = p15;
+ /* Contact the hardware and initialises it. */
+ if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE);
+ goto err;
+ }
+ if (p_surewarehk_Init(msg, threadsafe) == SUREWAREHOOK_ERROR_UNIT_FAILURE) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT, SUREWARE_R_UNIT_FAILURE);
+ goto err;
+ }
+ /*
+ * try to load the default private key, if failed does not return a
+ * failure but wait for an explicit ENGINE_load_privakey
+ */
+ surewarehk_load_privkey(e, NULL, NULL, NULL);
+
+ /* Everything's fine. */
+# ifndef OPENSSL_NO_RSA
+ if (rsaHndidx == -1)
+ rsaHndidx = RSA_get_ex_new_index(0,
+ "SureWareHook RSA key handle",
+ NULL, NULL, surewarehk_ex_free);
+# endif
+# ifndef OPENSSL_NO_DSA
+ if (dsaHndidx == -1)
+ dsaHndidx = DSA_get_ex_new_index(0,
+ "SureWareHook DSA key handle",
+ NULL, NULL, surewarehk_ex_free);
+# endif
+
+ return 1;
+ err:
+ if (surewarehk_dso)
+ DSO_free(surewarehk_dso);
+ surewarehk_dso = NULL;
+ p_surewarehk_Init = NULL;
+ p_surewarehk_Finish = NULL;
+ p_surewarehk_Rand_Bytes = NULL;
+ p_surewarehk_Rand_Seed = NULL;
+ p_surewarehk_Load_Privkey = NULL;
+ p_surewarehk_Load_Rsa_Pubkey = NULL;
+ p_surewarehk_Free = NULL;
+ p_surewarehk_Rsa_Priv_Dec = NULL;
+ p_surewarehk_Rsa_Sign = NULL;
+ p_surewarehk_Dsa_Sign = NULL;
+ p_surewarehk_Info_Pubkey = NULL;
+ p_surewarehk_Load_Dsa_Pubkey = NULL;
+ p_surewarehk_Mod_Exp = NULL;
+ return 0;
+}
+
+static int surewarehk_finish(ENGINE *e)
+{
+ int to_return = 1;
+ if (surewarehk_dso == NULL) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_NOT_LOADED);
+ to_return = 0;
+ goto err;
+ }
+ p_surewarehk_Finish();
+ if (!DSO_free(surewarehk_dso)) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH, ENGINE_R_DSO_FAILURE);
+ to_return = 0;
+ goto err;
+ }
+ err:
+ if (logstream)
+ BIO_free(logstream);
+ surewarehk_dso = NULL;
+ p_surewarehk_Init = NULL;
+ p_surewarehk_Finish = NULL;
+ p_surewarehk_Rand_Bytes = NULL;
+ p_surewarehk_Rand_Seed = NULL;
+ p_surewarehk_Load_Privkey = NULL;
+ p_surewarehk_Load_Rsa_Pubkey = NULL;
+ p_surewarehk_Free = NULL;
+ p_surewarehk_Rsa_Priv_Dec = NULL;
+ p_surewarehk_Rsa_Sign = NULL;
+ p_surewarehk_Dsa_Sign = NULL;
+ p_surewarehk_Info_Pubkey = NULL;
+ p_surewarehk_Load_Dsa_Pubkey = NULL;
+ p_surewarehk_Mod_Exp = NULL;
+ return to_return;
+}
+
+static void surewarehk_error_handling(char *const msg, int func, int ret)
+{
+ switch (ret) {
+ case SUREWAREHOOK_ERROR_UNIT_FAILURE:
+ ENGINEerr(func, SUREWARE_R_UNIT_FAILURE);
+ break;
+ case SUREWAREHOOK_ERROR_FALLBACK:
+ ENGINEerr(func, SUREWARE_R_REQUEST_FALLBACK);
+ break;
+ case SUREWAREHOOK_ERROR_DATA_SIZE:
+ ENGINEerr(func, SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ break;
+ case SUREWAREHOOK_ERROR_INVALID_PAD:
+ ENGINEerr(func, SUREWARE_R_PADDING_CHECK_FAILED);
+ break;
+ default:
+ ENGINEerr(func, SUREWARE_R_REQUEST_FAILED);
+ break;
+ case 1: /* nothing */
+ msg[0] = '\0';
+ }
+ if (*msg) {
+ ERR_add_error_data(1, msg);
+ if (logstream) {
+ CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+ BIO_write(logstream, msg, strlen(msg));
+ CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+ }
+ }
+}
+
+static int surewarehk_rand_bytes(unsigned char *buf, int num)
+{
+ int ret = 0;
+ char msg[64] = "ENGINE_rand_bytes";
+ if (!p_surewarehk_Rand_Bytes) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,
+ ENGINE_R_NOT_INITIALISED);
+ } else {
+ ret = p_surewarehk_Rand_Bytes(msg, buf, num);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_BYTES, ret);
+ }
+ return ret == 1 ? 1 : 0;
+}
+
+static void surewarehk_rand_seed(const void *buf, int num)
+{
+ int ret = 0;
+ char msg[64] = "ENGINE_rand_seed";
+ if (!p_surewarehk_Rand_Seed) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,
+ ENGINE_R_NOT_INITIALISED);
+ } else {
+ ret = p_surewarehk_Rand_Seed(msg, buf, num);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RAND_SEED, ret);
+ }
+}
+
+static void surewarehk_rand_add(const void *buf, int num, double entropy)
+{
+ surewarehk_rand_seed(buf, num);
+}
+
+static EVP_PKEY *sureware_load_public(ENGINE *e, const char *key_id,
+ char *hptr, unsigned long el,
+ char keytype)
+{
+ EVP_PKEY *res = NULL;
+# ifndef OPENSSL_NO_RSA
+ RSA *rsatmp = NULL;
+# endif
+# ifndef OPENSSL_NO_DSA
+ DSA *dsatmp = NULL;
+# endif
+ char msg[64] = "sureware_load_public";
+ int ret = 0;
+ if (!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey) {
+ SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
+ ENGINE_R_NOT_INITIALISED);
+ goto err;
+ }
+ switch (keytype) {
+# ifndef OPENSSL_NO_RSA
+ case 1:
+ /*RSA*/
+ /* set private external reference */
+ rsatmp = RSA_new_method(e);
+ RSA_set_ex_data(rsatmp, rsaHndidx, hptr);
+ rsatmp->flags |= RSA_FLAG_EXT_PKEY;
+
+ /* set public big nums */
+ rsatmp->e = BN_new();
+ rsatmp->n = BN_new();
+ bn_expand2(rsatmp->e, el / sizeof(BN_ULONG));
+ bn_expand2(rsatmp->n, el / sizeof(BN_ULONG));
+ if (!rsatmp->e || rsatmp->e->dmax != (int)(el / sizeof(BN_ULONG)) ||
+ !rsatmp->n || rsatmp->n->dmax != (int)(el / sizeof(BN_ULONG)))
+ goto err;
+ ret = p_surewarehk_Load_Rsa_Pubkey(msg, key_id, el,
+ (unsigned long *)rsatmp->n->d,
+ (unsigned long *)rsatmp->e->d);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret);
+ if (ret != 1) {
+ SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
+ ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+ goto err;
+ }
+ /* normalise pub e and pub n */
+ rsatmp->e->top = el / sizeof(BN_ULONG);
+ bn_fix_top(rsatmp->e);
+ rsatmp->n->top = el / sizeof(BN_ULONG);
+ bn_fix_top(rsatmp->n);
+ /* create an EVP object: engine + rsa key */
+ res = EVP_PKEY_new();
+ EVP_PKEY_assign_RSA(res, rsatmp);
+ break;
+# endif
+
+# ifndef OPENSSL_NO_DSA
+ case 2:
+ /*DSA*/
+ /* set private/public external reference */
+ dsatmp = DSA_new_method(e);
+ DSA_set_ex_data(dsatmp, dsaHndidx, hptr);
+ /*
+ * dsatmp->flags |= DSA_FLAG_EXT_PKEY;
+ */
+
+ /* set public key */
+ dsatmp->pub_key = BN_new();
+ dsatmp->p = BN_new();
+ dsatmp->q = BN_new();
+ dsatmp->g = BN_new();
+ bn_expand2(dsatmp->pub_key, el / sizeof(BN_ULONG));
+ bn_expand2(dsatmp->p, el / sizeof(BN_ULONG));
+ bn_expand2(dsatmp->q, 20 / sizeof(BN_ULONG));
+ bn_expand2(dsatmp->g, el / sizeof(BN_ULONG));
+ if (!dsatmp->pub_key
+ || dsatmp->pub_key->dmax != (int)(el / sizeof(BN_ULONG))
+ || !dsatmp->p || dsatmp->p->dmax != (int)(el / sizeof(BN_ULONG))
+ || !dsatmp->q || dsatmp->q->dmax != 20 / sizeof(BN_ULONG)
+ || !dsatmp->g || dsatmp->g->dmax != (int)(el / sizeof(BN_ULONG)))
+ goto err;
+
+ ret = p_surewarehk_Load_Dsa_Pubkey(msg, key_id, el,
+ (unsigned long *)dsatmp->
+ pub_key->d,
+ (unsigned long *)dsatmp->p->d,
+ (unsigned long *)dsatmp->q->d,
+ (unsigned long *)dsatmp->g->d);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWARE_LOAD_PUBLIC, ret);
+ if (ret != 1) {
+ SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
+ ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+ goto err;
+ }
+ /* set parameters */
+ /* normalise pubkey and parameters in case of */
+ dsatmp->pub_key->top = el / sizeof(BN_ULONG);
+ bn_fix_top(dsatmp->pub_key);
+ dsatmp->p->top = el / sizeof(BN_ULONG);
+ bn_fix_top(dsatmp->p);
+ dsatmp->q->top = 20 / sizeof(BN_ULONG);
+ bn_fix_top(dsatmp->q);
+ dsatmp->g->top = el / sizeof(BN_ULONG);
+ bn_fix_top(dsatmp->g);
+
+ /* create an EVP object: engine + rsa key */
+ res = EVP_PKEY_new();
+ EVP_PKEY_assign_DSA(res, dsatmp);
+ break;
+# endif
+
+ default:
+ SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,
+ ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+ goto err;
+ }
+ return res;
+ err:
+ if (res)
+ EVP_PKEY_free(res);
+# ifndef OPENSSL_NO_RSA
+ if (rsatmp)
+ RSA_free(rsatmp);
+# endif
+# ifndef OPENSSL_NO_DSA
+ if (dsatmp)
+ DSA_free(dsatmp);
+# endif
+ return NULL;
+}
+
+static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data)
+{
+ EVP_PKEY *res = NULL;
+ int ret = 0;
+ unsigned long el = 0;
+ char *hptr = NULL;
+ char keytype = 0;
+ char msg[64] = "ENGINE_load_privkey";
+
+ if (!p_surewarehk_Load_Privkey) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,
+ ENGINE_R_NOT_INITIALISED);
+ } else {
+ ret = p_surewarehk_Load_Privkey(msg, key_id, &hptr, &el, &keytype);
+ if (ret != 1) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,
+ ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+ ERR_add_error_data(1, msg);
+ } else
+ res = sureware_load_public(e, key_id, hptr, el, keytype);
+ }
+ return res;
+}
+
+static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
+ UI_METHOD *ui_method,
+ void *callback_data)
+{
+ EVP_PKEY *res = NULL;
+ int ret = 0;
+ unsigned long el = 0;
+ char *hptr = NULL;
+ char keytype = 0;
+ char msg[64] = "ENGINE_load_pubkey";
+
+ if (!p_surewarehk_Info_Pubkey) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,
+ ENGINE_R_NOT_INITIALISED);
+ } else {
+ /* call once to identify if DSA or RSA */
+ ret = p_surewarehk_Info_Pubkey(msg, key_id, &el, &keytype);
+ if (ret != 1) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,
+ ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+ ERR_add_error_data(1, msg);
+ } else
+ res = sureware_load_public(e, key_id, hptr, el, keytype);
+ }
+ return res;
+}
+
+/*
+ * This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
+ * , called when ex_data is freed
+ */
+static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp)
+{
+ if (!p_surewarehk_Free) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE, ENGINE_R_NOT_INITIALISED);
+ } else
+ p_surewarehk_Free((char *)item, 0);
+}
+
+# if 0
+/* not currently used (bug?) */
+/*
+ * This cleans up an DH KM key (destroys the key into hardware), called when
+ * ex_data is freed
+ */
+static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp)
+{
+ if (!p_surewarehk_Free) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE,
+ ENGINE_R_NOT_INITIALISED);
+ } else
+ p_surewarehk_Free((char *)item, 1);
+}
+# endif
+
+/*
+ * return number of decrypted bytes
+ */
+# ifndef OPENSSL_NO_RSA
+static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ int ret = 0, tlen;
+ char *buf = NULL, *hptr = NULL;
+ char msg[64] = "ENGINE_rsa_priv_dec";
+ if (!p_surewarehk_Rsa_Priv_Dec) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ ENGINE_R_NOT_INITIALISED);
+ }
+ /* extract ref to private key */
+ else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ SUREWARE_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+ /* analyse what padding we can do into the hardware */
+ if (padding == RSA_PKCS1_PADDING) {
+ /* do it one shot */
+ ret =
+ p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen,
+ to, hptr, SUREWARE_PKCS1_PAD);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ ret);
+ if (ret != 1)
+ goto err;
+ ret = tlen;
+ } else { /* do with no padding into hardware */
+
+ ret =
+ p_surewarehk_Rsa_Priv_Dec(msg, flen, (unsigned char *)from, &tlen,
+ to, hptr, SUREWARE_NO_PAD);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ ret);
+ if (ret != 1)
+ goto err;
+ /* intermediate buffer for padding */
+ if ((buf = OPENSSL_malloc(tlen)) == NULL) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ memcpy(buf, to, tlen); /* transfert to into buf */
+ switch (padding) { /* check padding in software */
+# ifndef OPENSSL_NO_SHA
+ case RSA_PKCS1_OAEP_PADDING:
+ ret =
+ RSA_padding_check_PKCS1_OAEP(to, tlen, (unsigned char *)buf,
+ tlen, tlen, NULL, 0);
+ break;
+# endif
+ case RSA_SSLV23_PADDING:
+ ret =
+ RSA_padding_check_SSLv23(to, tlen, (unsigned char *)buf, flen,
+ tlen);
+ break;
+ case RSA_NO_PADDING:
+ ret =
+ RSA_padding_check_none(to, tlen, (unsigned char *)buf, flen,
+ tlen);
+ break;
+ default:
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ SUREWARE_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (ret < 0)
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,
+ SUREWARE_R_PADDING_CHECK_FAILED);
+ }
+ err:
+ if (buf) {
+ OPENSSL_cleanse(buf, tlen);
+ OPENSSL_free(buf);
+ }
+ return ret;
+}
+
+/*
+ * Does what OpenSSL rsa_priv_enc does.
+ */
+static int surewarehk_rsa_sign(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ int ret = 0, tlen;
+ char *hptr = NULL;
+ char msg[64] = "ENGINE_rsa_sign";
+ if (!p_surewarehk_Rsa_Sign) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, ENGINE_R_NOT_INITIALISED);
+ }
+ /* extract ref to private key */
+ else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,
+ SUREWARE_R_MISSING_KEY_COMPONENTS);
+ } else {
+ switch (padding) {
+ case RSA_PKCS1_PADDING: /* do it in one shot */
+ ret =
+ p_surewarehk_Rsa_Sign(msg, flen, (unsigned char *)from, &tlen,
+ to, hptr, SUREWARE_PKCS1_PAD);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_RSA_SIGN,
+ ret);
+ break;
+ case RSA_NO_PADDING:
+ default:
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,
+ SUREWARE_R_UNKNOWN_PADDING_TYPE);
+ }
+ }
+ return ret == 1 ? tlen : ret;
+}
+
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/* DSA sign and verify */
+static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen,
+ DSA *dsa)
+{
+ int ret = 0;
+ char *hptr = NULL;
+ DSA_SIG *psign = NULL;
+ char msg[64] = "ENGINE_dsa_do_sign";
+ if (!p_surewarehk_Dsa_Sign) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
+ ENGINE_R_NOT_INITIALISED);
+ goto err;
+ }
+ /* extract ref to private key */
+ else if (!(hptr = DSA_get_ex_data(dsa, dsaHndidx))) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
+ SUREWARE_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ } else {
+ if ((psign = DSA_SIG_new()) == NULL) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ psign->r = BN_new();
+ psign->s = BN_new();
+ bn_expand2(psign->r, 20 / sizeof(BN_ULONG));
+ bn_expand2(psign->s, 20 / sizeof(BN_ULONG));
+ if (!psign->r || psign->r->dmax != 20 / sizeof(BN_ULONG) ||
+ !psign->s || psign->s->dmax != 20 / sizeof(BN_ULONG))
+ goto err;
+ ret = p_surewarehk_Dsa_Sign(msg, flen, from,
+ (unsigned long *)psign->r->d,
+ (unsigned long *)psign->s->d, hptr);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,
+ ret);
+ }
+ psign->r->top = 20 / sizeof(BN_ULONG);
+ bn_fix_top(psign->r);
+ psign->s->top = 20 / sizeof(BN_ULONG);
+ bn_fix_top(psign->s);
+
+ err:
+ if (psign) {
+ DSA_SIG_free(psign);
+ psign = NULL;
+ }
+ return psign;
+}
+# endif
+
+static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ int ret = 0;
+ char msg[64] = "ENGINE_modexp";
+ if (!p_surewarehk_Mod_Exp) {
+ SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP, ENGINE_R_NOT_INITIALISED);
+ } else {
+ bn_expand2(r, m->top);
+ if (r && r->dmax == m->top) {
+ /* do it */
+ ret = p_surewarehk_Mod_Exp(msg,
+ m->top * sizeof(BN_ULONG),
+ (unsigned long *)m->d,
+ p->top * sizeof(BN_ULONG),
+ (unsigned long *)p->d,
+ a->top * sizeof(BN_ULONG),
+ (unsigned long *)a->d,
+ (unsigned long *)r->d);
+ surewarehk_error_handling(msg, SUREWARE_F_SUREWAREHK_MODEXP, ret);
+ if (ret == 1) {
+ /* normalise result */
+ r->top = m->top;
+ bn_fix_top(r);
+ }
+ }
+ }
+ return ret;
+}
+# endif /* !OPENSSL_NO_HW_SureWare */
+#endif /* !OPENSSL_NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_sureware_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,158 +0,0 @@
-/* e_sureware_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_sureware_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA SUREWARE_str_functs[]=
- {
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_CTRL), "SUREWAREHK_CTRL"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_DH_EX_FREE), "SUREWAREHK_DH_EX_FREE"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN), "SUREWAREHK_DSA_DO_SIGN"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_EX_FREE), "SUREWAREHK_EX_FREE"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_FINISH), "SUREWAREHK_FINISH"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_INIT), "SUREWAREHK_INIT"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY), "SUREWAREHK_LOAD_PRIVKEY"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY), "SUREWAREHK_LOAD_PUBKEY"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_MODEXP), "SUREWAREHK_MODEXP"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_BYTES), "SUREWAREHK_RAND_BYTES"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_SEED), "SUREWAREHK_RAND_SEED"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC), "SUREWAREHK_RSA_PRIV_DEC"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_SIGN), "SUREWAREHK_RSA_SIGN"},
-{ERR_FUNC(SUREWARE_F_SUREWARE_LOAD_PUBLIC), "SUREWARE_LOAD_PUBLIC"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA SUREWARE_str_reasons[]=
- {
-{ERR_REASON(SUREWARE_R_BIO_WAS_FREED) ,"bio was freed"},
-{ERR_REASON(SUREWARE_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(SUREWARE_R_PADDING_CHECK_FAILED),"padding check failed"},
-{ERR_REASON(SUREWARE_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(SUREWARE_R_REQUEST_FALLBACK) ,"request fallback"},
-{ERR_REASON(SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
-{ERR_REASON(SUREWARE_R_UNIT_FAILURE) ,"unit failure"},
-{ERR_REASON(SUREWARE_R_UNKNOWN_PADDING_TYPE),"unknown padding type"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef SUREWARE_LIB_NAME
-static ERR_STRING_DATA SUREWARE_lib_name[]=
- {
-{0 ,SUREWARE_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int SUREWARE_lib_error_code=0;
-static int SUREWARE_error_init=1;
-
-static void ERR_load_SUREWARE_strings(void)
- {
- if (SUREWARE_lib_error_code == 0)
- SUREWARE_lib_error_code=ERR_get_next_error_library();
-
- if (SUREWARE_error_init)
- {
- SUREWARE_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
- ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
-#endif
-
-#ifdef SUREWARE_LIB_NAME
- SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code,0,0);
- ERR_load_strings(0,SUREWARE_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_SUREWARE_strings(void)
- {
- if (SUREWARE_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
- ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
-#endif
-
-#ifdef SUREWARE_LIB_NAME
- ERR_unload_strings(0,SUREWARE_lib_name);
-#endif
- SUREWARE_error_init=1;
- }
- }
-
-static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
- {
- if (SUREWARE_lib_error_code == 0)
- SUREWARE_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(SUREWARE_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_sureware_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,154 @@
+/* e_sureware_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_sureware_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA SUREWARE_str_functs[] = {
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_CTRL), "SUREWAREHK_CTRL"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_DH_EX_FREE), "SUREWAREHK_DH_EX_FREE"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN), "SUREWAREHK_DSA_DO_SIGN"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_EX_FREE), "SUREWAREHK_EX_FREE"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_FINISH), "SUREWAREHK_FINISH"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_INIT), "SUREWAREHK_INIT"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY), "SUREWAREHK_LOAD_PRIVKEY"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY), "SUREWAREHK_LOAD_PUBKEY"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_MODEXP), "SUREWAREHK_MODEXP"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_BYTES), "SUREWAREHK_RAND_BYTES"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_SEED), "SUREWAREHK_RAND_SEED"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC), "SUREWAREHK_RSA_PRIV_DEC"},
+ {ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_SIGN), "SUREWAREHK_RSA_SIGN"},
+ {ERR_FUNC(SUREWARE_F_SUREWARE_LOAD_PUBLIC), "SUREWARE_LOAD_PUBLIC"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA SUREWARE_str_reasons[] = {
+ {ERR_REASON(SUREWARE_R_BIO_WAS_FREED), "bio was freed"},
+ {ERR_REASON(SUREWARE_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {ERR_REASON(SUREWARE_R_PADDING_CHECK_FAILED), "padding check failed"},
+ {ERR_REASON(SUREWARE_R_REQUEST_FAILED), "request failed"},
+ {ERR_REASON(SUREWARE_R_REQUEST_FALLBACK), "request fallback"},
+ {ERR_REASON(SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
+ "size too large or too small"},
+ {ERR_REASON(SUREWARE_R_UNIT_FAILURE), "unit failure"},
+ {ERR_REASON(SUREWARE_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef SUREWARE_LIB_NAME
+static ERR_STRING_DATA SUREWARE_lib_name[] = {
+ {0, SUREWARE_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int SUREWARE_lib_error_code = 0;
+static int SUREWARE_error_init = 1;
+
+static void ERR_load_SUREWARE_strings(void)
+{
+ if (SUREWARE_lib_error_code == 0)
+ SUREWARE_lib_error_code = ERR_get_next_error_library();
+
+ if (SUREWARE_error_init) {
+ SUREWARE_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(SUREWARE_lib_error_code, SUREWARE_str_functs);
+ ERR_load_strings(SUREWARE_lib_error_code, SUREWARE_str_reasons);
+#endif
+
+#ifdef SUREWARE_LIB_NAME
+ SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code, 0, 0);
+ ERR_load_strings(0, SUREWARE_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_SUREWARE_strings(void)
+{
+ if (SUREWARE_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(SUREWARE_lib_error_code, SUREWARE_str_functs);
+ ERR_unload_strings(SUREWARE_lib_error_code, SUREWARE_str_reasons);
+#endif
+
+#ifdef SUREWARE_LIB_NAME
+ ERR_unload_strings(0, SUREWARE_lib_name);
+#endif
+ SUREWARE_error_init = 1;
+ }
+}
+
+static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
+{
+ if (SUREWARE_lib_error_code == 0)
+ SUREWARE_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(SUREWARE_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.h
===================================================================
--- vendor-crypto/openssl/dist/engines/e_sureware_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,102 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SUREWARE_ERR_H
-#define HEADER_SUREWARE_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_SUREWARE_strings(void);
-static void ERR_unload_SUREWARE_strings(void);
-static void ERR_SUREWARE_error(int function, int reason, char *file, int line);
-#define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the SUREWARE functions. */
-
-/* Function codes. */
-#define SUREWARE_F_SUREWAREHK_CTRL 100
-#define SUREWARE_F_SUREWAREHK_DH_EX_FREE 112
-#define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN 101
-#define SUREWARE_F_SUREWAREHK_EX_FREE 102
-#define SUREWARE_F_SUREWAREHK_FINISH 103
-#define SUREWARE_F_SUREWAREHK_INIT 104
-#define SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY 105
-#define SUREWARE_F_SUREWAREHK_LOAD_PUBKEY 113
-#define SUREWARE_F_SUREWAREHK_MODEXP 107
-#define SUREWARE_F_SUREWAREHK_RAND_BYTES 108
-#define SUREWARE_F_SUREWAREHK_RAND_SEED 109
-#define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC 110
-#define SUREWARE_F_SUREWAREHK_RSA_SIGN 111
-#define SUREWARE_F_SUREWARE_LOAD_PUBLIC 106
-
-/* Reason codes. */
-#define SUREWARE_R_BIO_WAS_FREED 100
-#define SUREWARE_R_MISSING_KEY_COMPONENTS 105
-#define SUREWARE_R_PADDING_CHECK_FAILED 106
-#define SUREWARE_R_REQUEST_FAILED 101
-#define SUREWARE_R_REQUEST_FALLBACK 102
-#define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 103
-#define SUREWARE_R_UNIT_FAILURE 104
-#define SUREWARE_R_UNKNOWN_PADDING_TYPE 107
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.h (from rev 6976, vendor-crypto/openssl/dist/engines/e_sureware_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_sureware_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,104 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SUREWARE_ERR_H
+# define HEADER_SUREWARE_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_SUREWARE_strings(void);
+static void ERR_unload_SUREWARE_strings(void);
+static void ERR_SUREWARE_error(int function, int reason, char *file,
+ int line);
+# define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the SUREWARE functions. */
+
+/* Function codes. */
+# define SUREWARE_F_SUREWAREHK_CTRL 100
+# define SUREWARE_F_SUREWAREHK_DH_EX_FREE 112
+# define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN 101
+# define SUREWARE_F_SUREWAREHK_EX_FREE 102
+# define SUREWARE_F_SUREWAREHK_FINISH 103
+# define SUREWARE_F_SUREWAREHK_INIT 104
+# define SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY 105
+# define SUREWARE_F_SUREWAREHK_LOAD_PUBKEY 113
+# define SUREWARE_F_SUREWAREHK_MODEXP 107
+# define SUREWARE_F_SUREWAREHK_RAND_BYTES 108
+# define SUREWARE_F_SUREWAREHK_RAND_SEED 109
+# define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC 110
+# define SUREWARE_F_SUREWAREHK_RSA_SIGN 111
+# define SUREWARE_F_SUREWARE_LOAD_PUBLIC 106
+
+/* Reason codes. */
+# define SUREWARE_R_BIO_WAS_FREED 100
+# define SUREWARE_R_MISSING_KEY_COMPONENTS 105
+# define SUREWARE_R_PADDING_CHECK_FAILED 106
+# define SUREWARE_R_REQUEST_FAILED 101
+# define SUREWARE_R_REQUEST_FALLBACK 102
+# define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 103
+# define SUREWARE_R_UNIT_FAILURE 104
+# define SUREWARE_R_UNKNOWN_PADDING_TYPE 107
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_ubsec.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_ubsec.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_ubsec.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1068 +0,0 @@
-/* crypto/engine/hw_ubsec.c */
-/* Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL
- * project 2000.
- *
- * Cloned shamelessly by Joe Tardo.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_UBSEC
-
-#ifdef FLAT_INC
-#include "hw_ubsec.h"
-#else
-#include "vendor_defns/hw_ubsec.h"
-#endif
-
-#define UBSEC_LIB_NAME "ubsec engine"
-#include "e_ubsec_err.c"
-
-#define FAIL_TO_SOFTWARE -15
-
-static int ubsec_destroy(ENGINE *e);
-static int ubsec_init(ENGINE *e);
-static int ubsec_finish(ENGINE *e);
-static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dp,
- const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
-static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
-static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#ifndef OPENSSL_NO_DSA
-#ifdef NOT_USED
-static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
-static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
-static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-#endif
-#ifndef OPENSSL_NO_DH
-static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-static int ubsec_dh_generate_key(DH *dh);
-#endif
-
-#ifdef NOT_USED
-static int ubsec_rand_bytes(unsigned char *buf, int num);
-static int ubsec_rand_status(void);
-#endif
-
-#define UBSEC_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
- {UBSEC_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'ubsec' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD ubsec_rsa =
- {
- "UBSEC RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- ubsec_rsa_mod_exp,
- ubsec_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD ubsec_dsa =
- {
- "UBSEC DSA method",
- ubsec_dsa_do_sign, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- ubsec_dsa_verify, /* dsa_do_verify */
- NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
- NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD ubsec_dh =
- {
- "UBSEC DH method",
- ubsec_dh_generate_key,
- ubsec_dh_compute_key,
- ubsec_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_ubsec_id = "ubsec";
-static const char *engine_ubsec_name = "UBSEC hardware engine support";
-
-/* This internal function is used by ENGINE_ubsec() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DH
-#ifndef HAVE_UBSEC_DH
- const DH_METHOD *meth3;
-#endif /* HAVE_UBSEC_DH */
-#endif
- if(!ENGINE_set_id(e, engine_ubsec_id) ||
- !ENGINE_set_name(e, engine_ubsec_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &ubsec_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &ubsec_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &ubsec_dh) ||
-#endif
- !ENGINE_set_destroy_function(e, ubsec_destroy) ||
- !ENGINE_set_init_function(e, ubsec_init) ||
- !ENGINE_set_finish_function(e, ubsec_finish) ||
- !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
- !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the Broadcom-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DH
-#ifndef HAVE_UBSEC_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- ubsec_dh.generate_key = meth3->generate_key;
- ubsec_dh.compute_key = meth3->compute_key;
-#endif /* HAVE_UBSEC_DH */
-#endif
-
- /* Ensure the ubsec error handling is set up */
- ERR_load_UBSEC_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_ubsec(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_ubsec(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_ubsec();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the UBSEC library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-
-static DSO *ubsec_dso = NULL;
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-
-static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
-static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
-static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
-static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
-#ifndef OPENSSL_NO_DH
-static t_UBSEC_diffie_hellman_generate_ioctl
- *p_UBSEC_diffie_hellman_generate_ioctl = NULL;
-static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
-#endif
-/* #ifndef OPENSSL_NO_RSA */
-static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
-static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-/* #endif */
-#ifndef OPENSSL_NO_DSA
-static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
-static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
-#endif
-static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
-static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
-static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
-
-static int max_key_len = 1024; /* ??? */
-
-/*
- * These are the static string constants for the DSO file name and the function
- * symbol names to bind to.
- */
-
-static const char *UBSEC_LIBNAME = NULL;
-static const char *get_UBSEC_LIBNAME(void)
- {
- if(UBSEC_LIBNAME)
- return UBSEC_LIBNAME;
- return "ubsec";
- }
-static void free_UBSEC_LIBNAME(void)
- {
- if(UBSEC_LIBNAME)
- OPENSSL_free((void*)UBSEC_LIBNAME);
- UBSEC_LIBNAME = NULL;
- }
-static long set_UBSEC_LIBNAME(const char *name)
- {
- free_UBSEC_LIBNAME();
- return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
-static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
-static const char *UBSEC_F3 = "ubsec_open";
-static const char *UBSEC_F4 = "ubsec_close";
-#ifndef OPENSSL_NO_DH
-static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
-static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
-#endif
-/* #ifndef OPENSSL_NO_RSA */
-static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
-static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
-/* #endif */
-#ifndef OPENSSL_NO_DSA
-static const char *UBSEC_F9 = "dsa_sign_ioctl";
-static const char *UBSEC_F10 = "dsa_verify_ioctl";
-#endif
-static const char *UBSEC_F11 = "math_accelerate_ioctl";
-static const char *UBSEC_F12 = "rng_ioctl";
-static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
-
-/* Destructor (complements the "ENGINE_ubsec()" constructor) */
-static int ubsec_destroy(ENGINE *e)
- {
- free_UBSEC_LIBNAME();
- ERR_unload_UBSEC_strings();
- return 1;
- }
-
-/* (de)initialisation functions. */
-static int ubsec_init(ENGINE *e)
- {
- t_UBSEC_ubsec_bytes_to_bits *p1;
- t_UBSEC_ubsec_bits_to_bytes *p2;
- t_UBSEC_ubsec_open *p3;
- t_UBSEC_ubsec_close *p4;
-#ifndef OPENSSL_NO_DH
- t_UBSEC_diffie_hellman_generate_ioctl *p5;
- t_UBSEC_diffie_hellman_agree_ioctl *p6;
-#endif
-/* #ifndef OPENSSL_NO_RSA */
- t_UBSEC_rsa_mod_exp_ioctl *p7;
- t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
-/* #endif */
-#ifndef OPENSSL_NO_DSA
- t_UBSEC_dsa_sign_ioctl *p9;
- t_UBSEC_dsa_verify_ioctl *p10;
-#endif
- t_UBSEC_math_accelerate_ioctl *p11;
- t_UBSEC_rng_ioctl *p12;
- t_UBSEC_max_key_len_ioctl *p13;
- int fd = 0;
-
- if(ubsec_dso != NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
- goto err;
- }
- /*
- * Attempt to load libubsec.so/ubsec.dll/whatever.
- */
- ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
- if(ubsec_dso == NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
- goto err;
- }
-
- if (
- !(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||
- !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
- !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
- !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
-#ifndef OPENSSL_NO_DH
- !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *)
- DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
- !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *)
- DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
-#endif
-/* #ifndef OPENSSL_NO_RSA */
- !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
- !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
-/* #endif */
-#ifndef OPENSSL_NO_DSA
- !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
- !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
-#endif
- !(p11 = (t_UBSEC_math_accelerate_ioctl *)
- DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
- !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) ||
- !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13)))
- {
- UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
- goto err;
- }
-
- /* Copy the pointers */
- p_UBSEC_ubsec_bytes_to_bits = p1;
- p_UBSEC_ubsec_bits_to_bytes = p2;
- p_UBSEC_ubsec_open = p3;
- p_UBSEC_ubsec_close = p4;
-#ifndef OPENSSL_NO_DH
- p_UBSEC_diffie_hellman_generate_ioctl = p5;
- p_UBSEC_diffie_hellman_agree_ioctl = p6;
-#endif
-#ifndef OPENSSL_NO_RSA
- p_UBSEC_rsa_mod_exp_ioctl = p7;
- p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
-#endif
-#ifndef OPENSSL_NO_DSA
- p_UBSEC_dsa_sign_ioctl = p9;
- p_UBSEC_dsa_verify_ioctl = p10;
-#endif
- p_UBSEC_math_accelerate_ioctl = p11;
- p_UBSEC_rng_ioctl = p12;
- p_UBSEC_max_key_len_ioctl = p13;
-
- /* Perform an open to see if there's actually any unit running. */
- if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0))
- {
- p_UBSEC_ubsec_close(fd);
- return 1;
- }
- else
- {
- UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
- }
-
-err:
- if(ubsec_dso)
- DSO_free(ubsec_dso);
- ubsec_dso = NULL;
- p_UBSEC_ubsec_bytes_to_bits = NULL;
- p_UBSEC_ubsec_bits_to_bytes = NULL;
- p_UBSEC_ubsec_open = NULL;
- p_UBSEC_ubsec_close = NULL;
-#ifndef OPENSSL_NO_DH
- p_UBSEC_diffie_hellman_generate_ioctl = NULL;
- p_UBSEC_diffie_hellman_agree_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_RSA
- p_UBSEC_rsa_mod_exp_ioctl = NULL;
- p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
- p_UBSEC_dsa_sign_ioctl = NULL;
- p_UBSEC_dsa_verify_ioctl = NULL;
-#endif
- p_UBSEC_math_accelerate_ioctl = NULL;
- p_UBSEC_rng_ioctl = NULL;
- p_UBSEC_max_key_len_ioctl = NULL;
-
- return 0;
- }
-
-static int ubsec_finish(ENGINE *e)
- {
- free_UBSEC_LIBNAME();
- if(ubsec_dso == NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(ubsec_dso))
- {
- UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
- return 0;
- }
- ubsec_dso = NULL;
- p_UBSEC_ubsec_bytes_to_bits = NULL;
- p_UBSEC_ubsec_bits_to_bytes = NULL;
- p_UBSEC_ubsec_open = NULL;
- p_UBSEC_ubsec_close = NULL;
-#ifndef OPENSSL_NO_DH
- p_UBSEC_diffie_hellman_generate_ioctl = NULL;
- p_UBSEC_diffie_hellman_agree_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_RSA
- p_UBSEC_rsa_mod_exp_ioctl = NULL;
- p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
- p_UBSEC_dsa_sign_ioctl = NULL;
- p_UBSEC_dsa_verify_ioctl = NULL;
-#endif
- p_UBSEC_math_accelerate_ioctl = NULL;
- p_UBSEC_rng_ioctl = NULL;
- p_UBSEC_max_key_len_ioctl = NULL;
- return 1;
- }
-
-static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((ubsec_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case UBSEC_CMD_SO_PATH:
- if(p == NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
- return 0;
- }
- return set_UBSEC_LIBNAME((const char *)p);
- default:
- break;
- }
- UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- int y_len = 0;
- int fd;
-
- if(ubsec_dso == NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
- return 0;
- }
-
- /* Check if hardware can't handle this argument. */
- y_len = BN_num_bits(m);
- if (y_len > max_key_len) {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- if(!bn_wexpand(r, m->top))
- {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
- return 0;
- }
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
- fd = 0;
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_UNIT_FAILURE);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
- (unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d,
- BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
- {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- p_UBSEC_ubsec_close(fd);
-
- r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;
- return 1;
- }
-
-#ifndef OPENSSL_NO_RSA
-static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int to_return = 0;
-
- if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
- rsa->dmq1, rsa->iqmp, ctx);
- if (to_return == FAIL_TO_SOFTWARE)
- {
- /*
- * Do in software as hardware failed.
- */
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
- }
-err:
- return to_return;
- }
-#endif
-
-static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dp,
- const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
- {
- int y_len,
- fd;
-
- y_len = BN_num_bits(p) + BN_num_bits(q);
-
- /* Check if hardware can't handle this argument. */
- if (y_len > max_key_len) {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return FAIL_TO_SOFTWARE;
- }
-
- if (!bn_wexpand(r, p->top + q->top + 1)) {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
- return 0;
- }
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
- fd = 0;
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_UNIT_FAILURE);
- return FAIL_TO_SOFTWARE;
- }
-
- if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
- (unsigned char *)a->d, BN_num_bits(a),
- (unsigned char *)qinv->d, BN_num_bits(qinv),
- (unsigned char *)dp->d, BN_num_bits(dp),
- (unsigned char *)p->d, BN_num_bits(p),
- (unsigned char *)dq->d, BN_num_bits(dq),
- (unsigned char *)q->d, BN_num_bits(q),
- (unsigned char *)r->d, &y_len) != 0) {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
- return FAIL_TO_SOFTWARE;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
- return 1;
-}
-
-#ifndef OPENSSL_NO_DSA
-#ifdef NOT_USED
-static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
-end:
- BN_free(&t);
- return to_return;
- }
-
-static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return ubsec_mod_exp(r, a, p, m, ctx);
- }
-#endif
-#endif
-
-/*
- * This function is aliased to mod_exp (with the mont stuff dropped).
- */
-static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- int ret = 0;
-
-#ifndef OPENSSL_NO_RSA
- /* Do in software if the key is too large for the hardware. */
- if (BN_num_bits(m) > max_key_len)
- {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
- }
- else
-#endif
- {
- ret = ubsec_mod_exp(r, a, p, m, ctx);
- }
-
- return ret;
- }
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return ubsec_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
- DSA_SIG *to_return = NULL;
- int s_len = 160, r_len = 160, d_len, fd;
- BIGNUM m, *r=NULL, *s=NULL;
-
- BN_init(&m);
-
- s = BN_new();
- r = BN_new();
- if ((s == NULL) || (r==NULL))
- goto err;
-
- d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
-
- if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
- (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- if (BN_bin2bn(dgst,dlen,&m) == NULL) {
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
- const DSA_METHOD *meth;
- fd = 0;
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE);
- meth = DSA_OpenSSL();
- to_return = meth->dsa_do_sign(dgst, dlen, dsa);
- goto err;
- }
-
- if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
- (unsigned char *)dgst, d_len,
- NULL, 0, /* compute random value */
- (unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
- (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
- (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
- (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
- (unsigned char *)r->d, &r_len,
- (unsigned char *)s->d, &s_len ) != 0) {
- const DSA_METHOD *meth;
-
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
- meth = DSA_OpenSSL();
- to_return = meth->dsa_do_sign(dgst, dlen, dsa);
-
- goto err;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- r->top = (160+BN_BITS2-1)/BN_BITS2;
- s->top = (160+BN_BITS2-1)/BN_BITS2;
-
- to_return = DSA_SIG_new();
- if(to_return == NULL) {
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- to_return->r = r;
- to_return->s = s;
-
-err:
- if (!to_return) {
- if (r) BN_free(r);
- if (s) BN_free(s);
- }
- BN_clear_free(&m);
- return to_return;
-}
-
-static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa)
- {
- int v_len, d_len;
- int to_return = 0;
- int fd;
- BIGNUM v, *pv = &v;
-
- BN_init(&v);
-
- if(!bn_wexpand(pv, dsa->p->top)) {
- UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- v_len = BN_num_bits(dsa->p);
-
- d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
- const DSA_METHOD *meth;
- fd = 0;
- UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE);
- meth = DSA_OpenSSL();
- to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
- goto err;
- }
-
- if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
- (unsigned char *)dgst, d_len,
- (unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
- (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
- (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
- (unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
- (unsigned char *)sig->r->d, BN_num_bits(sig->r),
- (unsigned char *)sig->s->d, BN_num_bits(sig->s),
- (unsigned char *)v.d, &v_len) != 0) {
- const DSA_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- meth = DSA_OpenSSL();
- to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
-
- goto err;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- to_return = 1;
-err:
- BN_clear_free(&v);
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh)
- {
- int ret = -1,
- k_len,
- fd;
-
- k_len = BN_num_bits(dh->p);
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
- {
- const DH_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_UNIT_FAILURE);
- meth = DH_OpenSSL();
- ret = meth->compute_key(key, pub_key, dh);
- goto err;
- }
-
- if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
- (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key),
- (unsigned char *)pub_key->d, BN_num_bits(pub_key),
- (unsigned char *)dh->p->d, BN_num_bits(dh->p),
- key, &k_len) != 0)
- {
- /* Hardware's a no go, failover to software */
- const DH_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- meth = DH_OpenSSL();
- ret = meth->compute_key(key, pub_key, dh);
-
- goto err;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
-err:
- return ret;
- }
-
-static int ubsec_dh_generate_key(DH *dh)
- {
- int ret = 0,
- random_bits = 0,
- pub_key_len = 0,
- priv_key_len = 0,
- fd;
- BIGNUM *pub_key = NULL;
- BIGNUM *priv_key = NULL;
-
- /*
- * How many bits should Random x be? dh_key.c
- * sets the range from 0 to num_bits(modulus) ???
- */
-
- if (dh->priv_key == NULL)
- {
- priv_key = BN_new();
- if (priv_key == NULL) goto err;
- priv_key_len = BN_num_bits(dh->p);
- if(bn_wexpand(priv_key, dh->p->top) == NULL) goto err;
- do
- if (!BN_rand_range(priv_key, dh->p)) goto err;
- while (BN_is_zero(priv_key));
- random_bits = BN_num_bits(priv_key);
- }
- else
- {
- priv_key = dh->priv_key;
- }
-
- if (dh->pub_key == NULL)
- {
- pub_key = BN_new();
- pub_key_len = BN_num_bits(dh->p);
- if(bn_wexpand(pub_key, dh->p->top) == NULL) goto err;
- if(pub_key == NULL) goto err;
- }
- else
- {
- pub_key = dh->pub_key;
- }
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
- {
- const DH_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_UNIT_FAILURE);
- meth = DH_OpenSSL();
- ret = meth->generate_key(dh);
- goto err;
- }
-
- if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
- (unsigned char *)priv_key->d, &priv_key_len,
- (unsigned char *)pub_key->d, &pub_key_len,
- (unsigned char *)dh->g->d, BN_num_bits(dh->g),
- (unsigned char *)dh->p->d, BN_num_bits(dh->p),
- 0, 0, random_bits) != 0)
- {
- /* Hardware's a no go, failover to software */
- const DH_METHOD *meth;
-
- UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- meth = DH_OpenSSL();
- ret = meth->generate_key(dh);
-
- goto err;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- dh->pub_key = pub_key;
- dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2;
- dh->priv_key = priv_key;
- dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2;
-
- ret = 1;
-err:
- return ret;
- }
-#endif
-
-#ifdef NOT_USED
-static int ubsec_rand_bytes(unsigned char * buf,
- int num)
- {
- int ret = 0,
- fd;
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
- {
- const RAND_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE);
- num = p_UBSEC_ubsec_bits_to_bytes(num);
- meth = RAND_SSLeay();
- meth->seed(buf, num);
- ret = meth->bytes(buf, num);
- goto err;
- }
-
- num *= 8; /* bytes to bits */
-
- if (p_UBSEC_rng_ioctl(fd,
- UBSEC_RNG_DIRECT,
- buf,
- &num) != 0)
- {
- /* Hardware's a no go, failover to software */
- const RAND_METHOD *meth;
-
- UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- num = p_UBSEC_ubsec_bits_to_bytes(num);
- meth = RAND_SSLeay();
- meth->seed(buf, num);
- ret = meth->bytes(buf, num);
-
- goto err;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- ret = 1;
-err:
- return(ret);
- }
-
-
-static int ubsec_rand_status(void)
- {
- return 0;
- }
-#endif
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_ubsec_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW_UBSEC */
-#endif /* !OPENSSL_NO_HW */
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_ubsec.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_ubsec.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_ubsec.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_ubsec.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1085 @@
+/* crypto/engine/hw_ubsec.c */
+/*
+ * Written by Geoff Thorpe (geoff at geoffthorpe.net) for the OpenSSL project
+ * 2000. Cloned shamelessly by Joe Tardo.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_UBSEC
+
+# ifdef FLAT_INC
+# include "hw_ubsec.h"
+# else
+# include "vendor_defns/hw_ubsec.h"
+# endif
+
+# define UBSEC_LIB_NAME "ubsec engine"
+# include "e_ubsec_err.c"
+
+# define FAIL_TO_SOFTWARE -15
+
+static int ubsec_destroy(ENGINE *e);
+static int ubsec_init(ENGINE *e);
+static int ubsec_finish(ENGINE *e);
+static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx);
+static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dp,
+ const BIGNUM *dq, const BIGNUM *qinv,
+ BN_CTX *ctx);
+# ifndef OPENSSL_NO_RSA
+static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx);
+# endif
+static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# ifndef OPENSSL_NO_DSA
+# ifdef NOT_USED
+static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+# endif
+static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa);
+static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+# endif
+# ifndef OPENSSL_NO_DH
+static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx);
+static int ubsec_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ DH *dh);
+static int ubsec_dh_generate_key(DH *dh);
+# endif
+
+# ifdef NOT_USED
+static int ubsec_rand_bytes(unsigned char *buf, int num);
+static int ubsec_rand_status(void);
+# endif
+
+# define UBSEC_CMD_SO_PATH ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
+ {UBSEC_CMD_SO_PATH,
+ "SO_PATH",
+ "Specifies the path to the 'ubsec' shared library",
+ ENGINE_CMD_FLAG_STRING},
+ {0, NULL, NULL, 0}
+};
+
+# ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD ubsec_rsa = {
+ "UBSEC RSA method",
+ NULL,
+ NULL,
+ NULL,
+ NULL,
+ ubsec_rsa_mod_exp,
+ ubsec_mod_exp_mont,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL,
+ NULL,
+ NULL
+};
+# endif
+
+# ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD ubsec_dsa = {
+ "UBSEC DSA method",
+ ubsec_dsa_do_sign, /* dsa_do_sign */
+ NULL, /* dsa_sign_setup */
+ ubsec_dsa_verify, /* dsa_do_verify */
+ NULL, /* ubsec_dsa_mod_exp *//* dsa_mod_exp */
+ NULL, /* ubsec_mod_exp_dsa *//* bn_mod_exp */
+ NULL, /* init */
+ NULL, /* finish */
+ 0, /* flags */
+ NULL, /* app_data */
+ NULL, /* dsa_paramgen */
+ NULL /* dsa_keygen */
+};
+# endif
+
+# ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD ubsec_dh = {
+ "UBSEC DH method",
+ ubsec_dh_generate_key,
+ ubsec_dh_compute_key,
+ ubsec_mod_exp_dh,
+ NULL,
+ NULL,
+ 0,
+ NULL,
+ NULL
+};
+# endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_ubsec_id = "ubsec";
+static const char *engine_ubsec_name = "UBSEC hardware engine support";
+
+/*
+ * This internal function is used by ENGINE_ubsec() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+# ifndef OPENSSL_NO_RSA
+ const RSA_METHOD *meth1;
+# endif
+# ifndef OPENSSL_NO_DH
+# ifndef HAVE_UBSEC_DH
+ const DH_METHOD *meth3;
+# endif /* HAVE_UBSEC_DH */
+# endif
+ if (!ENGINE_set_id(e, engine_ubsec_id) ||
+ !ENGINE_set_name(e, engine_ubsec_name) ||
+# ifndef OPENSSL_NO_RSA
+ !ENGINE_set_RSA(e, &ubsec_rsa) ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ !ENGINE_set_DSA(e, &ubsec_dsa) ||
+# endif
+# ifndef OPENSSL_NO_DH
+ !ENGINE_set_DH(e, &ubsec_dh) ||
+# endif
+ !ENGINE_set_destroy_function(e, ubsec_destroy) ||
+ !ENGINE_set_init_function(e, ubsec_init) ||
+ !ENGINE_set_finish_function(e, ubsec_finish) ||
+ !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
+ !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
+ return 0;
+
+# ifndef OPENSSL_NO_RSA
+ /*
+ * We know that the "PKCS1_SSLeay()" functions hook properly to the
+ * Broadcom-specific mod_exp and mod_exp_crt so we use those functions.
+ * NB: We don't use ENGINE_openssl() or anything "more generic" because
+ * something like the RSAref code may not hook properly, and if you own
+ * one of these cards then you have the right to do RSA operations on it
+ * anyway!
+ */
+ meth1 = RSA_PKCS1_SSLeay();
+ ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+ ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+ ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+ ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+# endif
+
+# ifndef OPENSSL_NO_DH
+# ifndef HAVE_UBSEC_DH
+ /* Much the same for Diffie-Hellman */
+ meth3 = DH_OpenSSL();
+ ubsec_dh.generate_key = meth3->generate_key;
+ ubsec_dh.compute_key = meth3->compute_key;
+# endif /* HAVE_UBSEC_DH */
+# endif
+
+ /* Ensure the ubsec error handling is set up */
+ ERR_load_UBSEC_strings();
+ return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_ubsec(void)
+{
+ ENGINE *ret = ENGINE_new();
+ if (!ret)
+ return NULL;
+ if (!bind_helper(ret)) {
+ ENGINE_free(ret);
+ return NULL;
+ }
+ return ret;
+}
+
+void ENGINE_load_ubsec(void)
+{
+ /* Copied from eng_[openssl|dyn].c */
+ ENGINE *toadd = engine_ubsec();
+ if (!toadd)
+ return;
+ ENGINE_add(toadd);
+ ENGINE_free(toadd);
+ ERR_clear_error();
+}
+# endif
+
+/*
+ * This is a process-global DSO handle used for loading and unloading the
+ * UBSEC library. NB: This is only set (or unset) during an init() or
+ * finish() call (reference counts permitting) and they're operating with
+ * global locks, so this should be thread-safe implicitly.
+ */
+
+static DSO *ubsec_dso = NULL;
+
+/*
+ * These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded.
+ */
+
+static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
+static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
+static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
+static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
+# ifndef OPENSSL_NO_DH
+static t_UBSEC_diffie_hellman_generate_ioctl
+ * p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl
+ = NULL;
+# endif
+/* #ifndef OPENSSL_NO_RSA */
+static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
+static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+/* #endif */
+# ifndef OPENSSL_NO_DSA
+static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
+static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
+# endif
+static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
+static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
+static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
+
+static int max_key_len = 1024; /* ??? */
+
+/*
+ * These are the static string constants for the DSO file name and the function
+ * symbol names to bind to.
+ */
+
+static const char *UBSEC_LIBNAME = NULL;
+static const char *get_UBSEC_LIBNAME(void)
+{
+ if (UBSEC_LIBNAME)
+ return UBSEC_LIBNAME;
+ return "ubsec";
+}
+
+static void free_UBSEC_LIBNAME(void)
+{
+ if (UBSEC_LIBNAME)
+ OPENSSL_free((void *)UBSEC_LIBNAME);
+ UBSEC_LIBNAME = NULL;
+}
+
+static long set_UBSEC_LIBNAME(const char *name)
+{
+ free_UBSEC_LIBNAME();
+ return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+}
+
+static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
+static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
+static const char *UBSEC_F3 = "ubsec_open";
+static const char *UBSEC_F4 = "ubsec_close";
+# ifndef OPENSSL_NO_DH
+static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
+static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
+# endif
+/* #ifndef OPENSSL_NO_RSA */
+static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
+static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
+/* #endif */
+# ifndef OPENSSL_NO_DSA
+static const char *UBSEC_F9 = "dsa_sign_ioctl";
+static const char *UBSEC_F10 = "dsa_verify_ioctl";
+# endif
+static const char *UBSEC_F11 = "math_accelerate_ioctl";
+static const char *UBSEC_F12 = "rng_ioctl";
+static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
+
+/* Destructor (complements the "ENGINE_ubsec()" constructor) */
+static int ubsec_destroy(ENGINE *e)
+{
+ free_UBSEC_LIBNAME();
+ ERR_unload_UBSEC_strings();
+ return 1;
+}
+
+/* (de)initialisation functions. */
+static int ubsec_init(ENGINE *e)
+{
+ t_UBSEC_ubsec_bytes_to_bits *p1;
+ t_UBSEC_ubsec_bits_to_bytes *p2;
+ t_UBSEC_ubsec_open *p3;
+ t_UBSEC_ubsec_close *p4;
+# ifndef OPENSSL_NO_DH
+ t_UBSEC_diffie_hellman_generate_ioctl *p5;
+ t_UBSEC_diffie_hellman_agree_ioctl *p6;
+# endif
+/* #ifndef OPENSSL_NO_RSA */
+ t_UBSEC_rsa_mod_exp_ioctl *p7;
+ t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
+/* #endif */
+# ifndef OPENSSL_NO_DSA
+ t_UBSEC_dsa_sign_ioctl *p9;
+ t_UBSEC_dsa_verify_ioctl *p10;
+# endif
+ t_UBSEC_math_accelerate_ioctl *p11;
+ t_UBSEC_rng_ioctl *p12;
+ t_UBSEC_max_key_len_ioctl *p13;
+ int fd = 0;
+
+ if (ubsec_dso != NULL) {
+ UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
+ goto err;
+ }
+ /*
+ * Attempt to load libubsec.so/ubsec.dll/whatever.
+ */
+ ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
+ if (ubsec_dso == NULL) {
+ UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
+ goto err;
+ }
+
+ if (!(p1 = (t_UBSEC_ubsec_bytes_to_bits *)
+ DSO_bind_func(ubsec_dso, UBSEC_F1))
+ || !(p2 = (t_UBSEC_ubsec_bits_to_bytes *)
+ DSO_bind_func(ubsec_dso, UBSEC_F2))
+ || !(p3 = (t_UBSEC_ubsec_open *)
+ DSO_bind_func(ubsec_dso, UBSEC_F3))
+ || !(p4 = (t_UBSEC_ubsec_close *)
+ DSO_bind_func(ubsec_dso, UBSEC_F4))
+# ifndef OPENSSL_NO_DH
+ || !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F5))
+ || !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F6))
+# endif
+/* #ifndef OPENSSL_NO_RSA */
+ || !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F7))
+ || !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F8))
+/* #endif */
+# ifndef OPENSSL_NO_DSA
+ || !(p9 = (t_UBSEC_dsa_sign_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F9))
+ || !(p10 = (t_UBSEC_dsa_verify_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F10))
+# endif
+ || !(p11 = (t_UBSEC_math_accelerate_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F11))
+ || !(p12 = (t_UBSEC_rng_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F12))
+ || !(p13 = (t_UBSEC_max_key_len_ioctl *)
+ DSO_bind_func(ubsec_dso, UBSEC_F13))) {
+ UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
+ goto err;
+ }
+
+ /* Copy the pointers */
+ p_UBSEC_ubsec_bytes_to_bits = p1;
+ p_UBSEC_ubsec_bits_to_bytes = p2;
+ p_UBSEC_ubsec_open = p3;
+ p_UBSEC_ubsec_close = p4;
+# ifndef OPENSSL_NO_DH
+ p_UBSEC_diffie_hellman_generate_ioctl = p5;
+ p_UBSEC_diffie_hellman_agree_ioctl = p6;
+# endif
+# ifndef OPENSSL_NO_RSA
+ p_UBSEC_rsa_mod_exp_ioctl = p7;
+ p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
+# endif
+# ifndef OPENSSL_NO_DSA
+ p_UBSEC_dsa_sign_ioctl = p9;
+ p_UBSEC_dsa_verify_ioctl = p10;
+# endif
+ p_UBSEC_math_accelerate_ioctl = p11;
+ p_UBSEC_rng_ioctl = p12;
+ p_UBSEC_max_key_len_ioctl = p13;
+
+ /* Perform an open to see if there's actually any unit running. */
+ if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0)
+ && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0)) {
+ p_UBSEC_ubsec_close(fd);
+ return 1;
+ } else {
+ UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+ }
+
+ err:
+ if (ubsec_dso)
+ DSO_free(ubsec_dso);
+ ubsec_dso = NULL;
+ p_UBSEC_ubsec_bytes_to_bits = NULL;
+ p_UBSEC_ubsec_bits_to_bytes = NULL;
+ p_UBSEC_ubsec_open = NULL;
+ p_UBSEC_ubsec_close = NULL;
+# ifndef OPENSSL_NO_DH
+ p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+ p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+# endif
+# ifndef OPENSSL_NO_RSA
+ p_UBSEC_rsa_mod_exp_ioctl = NULL;
+ p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+# endif
+# ifndef OPENSSL_NO_DSA
+ p_UBSEC_dsa_sign_ioctl = NULL;
+ p_UBSEC_dsa_verify_ioctl = NULL;
+# endif
+ p_UBSEC_math_accelerate_ioctl = NULL;
+ p_UBSEC_rng_ioctl = NULL;
+ p_UBSEC_max_key_len_ioctl = NULL;
+
+ return 0;
+}
+
+static int ubsec_finish(ENGINE *e)
+{
+ free_UBSEC_LIBNAME();
+ if (ubsec_dso == NULL) {
+ UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
+ return 0;
+ }
+ if (!DSO_free(ubsec_dso)) {
+ UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
+ return 0;
+ }
+ ubsec_dso = NULL;
+ p_UBSEC_ubsec_bytes_to_bits = NULL;
+ p_UBSEC_ubsec_bits_to_bytes = NULL;
+ p_UBSEC_ubsec_open = NULL;
+ p_UBSEC_ubsec_close = NULL;
+# ifndef OPENSSL_NO_DH
+ p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+ p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+# endif
+# ifndef OPENSSL_NO_RSA
+ p_UBSEC_rsa_mod_exp_ioctl = NULL;
+ p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+# endif
+# ifndef OPENSSL_NO_DSA
+ p_UBSEC_dsa_sign_ioctl = NULL;
+ p_UBSEC_dsa_verify_ioctl = NULL;
+# endif
+ p_UBSEC_math_accelerate_ioctl = NULL;
+ p_UBSEC_rng_ioctl = NULL;
+ p_UBSEC_max_key_len_ioctl = NULL;
+ return 1;
+}
+
+static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+ int initialised = ((ubsec_dso == NULL) ? 0 : 1);
+ switch (cmd) {
+ case UBSEC_CMD_SO_PATH:
+ if (p == NULL) {
+ UBSECerr(UBSEC_F_UBSEC_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ if (initialised) {
+ UBSECerr(UBSEC_F_UBSEC_CTRL, UBSEC_R_ALREADY_LOADED);
+ return 0;
+ }
+ return set_UBSEC_LIBNAME((const char *)p);
+ default:
+ break;
+ }
+ UBSECerr(UBSEC_F_UBSEC_CTRL, UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+ return 0;
+}
+
+static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx)
+{
+ int y_len = 0;
+ int fd;
+
+ if (ubsec_dso == NULL) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
+ return 0;
+ }
+
+ /* Check if hardware can't handle this argument. */
+ y_len = BN_num_bits(m);
+ if (y_len > max_key_len) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
+
+ if (!bn_wexpand(r, m->top)) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
+ return 0;
+ }
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ fd = 0;
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_UNIT_FAILURE);
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
+
+ if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
+ (unsigned char *)m->d, BN_num_bits(m),
+ (unsigned char *)p->d, BN_num_bits(p),
+ (unsigned char *)r->d, &y_len) != 0) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
+
+ return BN_mod_exp(r, a, p, m, ctx);
+ }
+
+ p_UBSEC_ubsec_close(fd);
+
+ r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
+ return 1;
+}
+
+# ifndef OPENSSL_NO_RSA
+static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+ BN_CTX *ctx)
+{
+ int to_return = 0;
+
+ if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+ UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
+ goto err;
+ }
+
+ to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+ rsa->dmq1, rsa->iqmp, ctx);
+ if (to_return == FAIL_TO_SOFTWARE) {
+ /*
+ * Do in software as hardware failed.
+ */
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ to_return = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+ }
+ err:
+ return to_return;
+}
+# endif
+
+static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *q, const BIGNUM *dp,
+ const BIGNUM *dq, const BIGNUM *qinv,
+ BN_CTX *ctx)
+{
+ int y_len, fd;
+
+ y_len = BN_num_bits(p) + BN_num_bits(q);
+
+ /* Check if hardware can't handle this argument. */
+ if (y_len > max_key_len) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT,
+ UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+ return FAIL_TO_SOFTWARE;
+ }
+
+ if (!bn_wexpand(r, p->top + q->top + 1)) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
+ return 0;
+ }
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ fd = 0;
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_UNIT_FAILURE);
+ return FAIL_TO_SOFTWARE;
+ }
+
+ if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
+ (unsigned char *)a->d, BN_num_bits(a),
+ (unsigned char *)qinv->d,
+ BN_num_bits(qinv),
+ (unsigned char *)dp->d, BN_num_bits(dp),
+ (unsigned char *)p->d, BN_num_bits(p),
+ (unsigned char *)dq->d, BN_num_bits(dq),
+ (unsigned char *)q->d, BN_num_bits(q),
+ (unsigned char *)r->d, &y_len) != 0) {
+ UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
+ return FAIL_TO_SOFTWARE;
+ }
+
+ p_UBSEC_ubsec_close(fd);
+
+ r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1) / BN_BITS2;
+ return 1;
+}
+
+# ifndef OPENSSL_NO_DSA
+# ifdef NOT_USED
+static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+ BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+ BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+ BIGNUM t;
+ int to_return = 0;
+
+ BN_init(&t);
+ /* let rr = a1 ^ p1 mod m */
+ if (!ubsec_mod_exp(rr, a1, p1, m, ctx))
+ goto end;
+ /* let t = a2 ^ p2 mod m */
+ if (!ubsec_mod_exp(&t, a2, p2, m, ctx))
+ goto end;
+ /* let rr = rr * t mod m */
+ if (!BN_mod_mul(rr, rr, &t, m, ctx))
+ goto end;
+ to_return = 1;
+ end:
+ BN_free(&t);
+ return to_return;
+}
+
+static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return ubsec_mod_exp(r, a, p, m, ctx);
+}
+# endif
+# endif
+
+/*
+ * This function is aliased to mod_exp (with the mont stuff dropped).
+ */
+static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ int ret = 0;
+
+# ifndef OPENSSL_NO_RSA
+ /* Do in software if the key is too large for the hardware. */
+ if (BN_num_bits(m) > max_key_len) {
+ const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+ ret = (*meth->bn_mod_exp) (r, a, p, m, ctx, m_ctx);
+ } else
+# endif
+ {
+ ret = ubsec_mod_exp(r, a, p, m, ctx);
+ }
+
+ return ret;
+}
+
+# ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *m_ctx)
+{
+ return ubsec_mod_exp(r, a, p, m, ctx);
+}
+# endif
+
+# ifndef OPENSSL_NO_DSA
+static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen,
+ DSA *dsa)
+{
+ DSA_SIG *to_return = NULL;
+ int s_len = 160, r_len = 160, d_len, fd;
+ BIGNUM m, *r = NULL, *s = NULL;
+
+ BN_init(&m);
+
+ s = BN_new();
+ r = BN_new();
+ if ((s == NULL) || (r == NULL))
+ goto err;
+
+ d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
+
+ if (!bn_wexpand(r, (160 + BN_BITS2 - 1) / BN_BITS2) ||
+ (!bn_wexpand(s, (160 + BN_BITS2 - 1) / BN_BITS2))) {
+ UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
+ if (BN_bin2bn(dgst, dlen, &m) == NULL) {
+ UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ const DSA_METHOD *meth;
+ fd = 0;
+ UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE);
+ meth = DSA_OpenSSL();
+ to_return = meth->dsa_do_sign(dgst, dlen, dsa);
+ goto err;
+ }
+
+ if (p_UBSEC_dsa_sign_ioctl(fd,
+ /* compute hash before signing */
+ 0, (unsigned char *)dgst, d_len, NULL,
+ /* compute random value */
+ 0,
+ (unsigned char *)dsa->p->d,
+ BN_num_bits(dsa->p),
+ (unsigned char *)dsa->q->d,
+ BN_num_bits(dsa->q),
+ (unsigned char *)dsa->g->d,
+ BN_num_bits(dsa->g),
+ (unsigned char *)dsa->priv_key->d,
+ BN_num_bits(dsa->priv_key),
+ (unsigned char *)r->d, &r_len,
+ (unsigned char *)s->d, &s_len) != 0) {
+ const DSA_METHOD *meth;
+
+ UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
+ meth = DSA_OpenSSL();
+ to_return = meth->dsa_do_sign(dgst, dlen, dsa);
+
+ goto err;
+ }
+
+ p_UBSEC_ubsec_close(fd);
+
+ r->top = (160 + BN_BITS2 - 1) / BN_BITS2;
+ s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
+
+ to_return = DSA_SIG_new();
+ if (to_return == NULL) {
+ UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
+ to_return->r = r;
+ to_return->s = s;
+
+ err:
+ if (!to_return) {
+ if (r)
+ BN_free(r);
+ if (s)
+ BN_free(s);
+ }
+ BN_clear_free(&m);
+ return to_return;
+}
+
+static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
+ DSA_SIG *sig, DSA *dsa)
+{
+ int v_len, d_len;
+ int to_return = 0;
+ int fd;
+ BIGNUM v, *pv = &v;
+
+ BN_init(&v);
+
+ if (!bn_wexpand(pv, dsa->p->top)) {
+ UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL);
+ goto err;
+ }
+
+ v_len = BN_num_bits(dsa->p);
+
+ d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ const DSA_METHOD *meth;
+ fd = 0;
+ UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE);
+ meth = DSA_OpenSSL();
+ to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+ goto err;
+ }
+
+ if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
+ (unsigned char *)dgst, d_len,
+ (unsigned char *)dsa->p->d,
+ BN_num_bits(dsa->p),
+ (unsigned char *)dsa->q->d,
+ BN_num_bits(dsa->q),
+ (unsigned char *)dsa->g->d,
+ BN_num_bits(dsa->g),
+ (unsigned char *)dsa->pub_key->d,
+ BN_num_bits(dsa->pub_key),
+ (unsigned char *)sig->r->d,
+ BN_num_bits(sig->r),
+ (unsigned char *)sig->s->d,
+ BN_num_bits(sig->s), (unsigned char *)v.d,
+ &v_len) != 0) {
+ const DSA_METHOD *meth;
+ UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
+
+ meth = DSA_OpenSSL();
+ to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+
+ goto err;
+ }
+
+ p_UBSEC_ubsec_close(fd);
+
+ to_return = 1;
+ err:
+ BN_clear_free(&v);
+ return to_return;
+}
+# endif
+
+# ifndef OPENSSL_NO_DH
+static int ubsec_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+ DH *dh)
+{
+ int ret = -1, k_len, fd;
+
+ k_len = BN_num_bits(dh->p);
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ const DH_METHOD *meth;
+ UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_UNIT_FAILURE);
+ meth = DH_OpenSSL();
+ ret = meth->compute_key(key, pub_key, dh);
+ goto err;
+ }
+
+ if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
+ (unsigned char *)dh->priv_key->d,
+ BN_num_bits(dh->priv_key),
+ (unsigned char *)pub_key->d,
+ BN_num_bits(pub_key),
+ (unsigned char *)dh->p->d,
+ BN_num_bits(dh->p), key,
+ &k_len) != 0) {
+ /* Hardware's a no go, failover to software */
+ const DH_METHOD *meth;
+ UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
+
+ meth = DH_OpenSSL();
+ ret = meth->compute_key(key, pub_key, dh);
+
+ goto err;
+ }
+
+ p_UBSEC_ubsec_close(fd);
+
+ ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
+ err:
+ return ret;
+}
+
+static int ubsec_dh_generate_key(DH *dh)
+{
+ int ret = 0, random_bits = 0, pub_key_len = 0, priv_key_len = 0, fd;
+ BIGNUM *pub_key = NULL;
+ BIGNUM *priv_key = NULL;
+
+ /*
+ * How many bits should Random x be? dh_key.c
+ * sets the range from 0 to num_bits(modulus) ???
+ */
+
+ if (dh->priv_key == NULL) {
+ priv_key = BN_new();
+ if (priv_key == NULL)
+ goto err;
+ priv_key_len = BN_num_bits(dh->p);
+ if (bn_wexpand(priv_key, dh->p->top) == NULL)
+ goto err;
+ do
+ if (!BN_rand_range(priv_key, dh->p))
+ goto err;
+ while (BN_is_zero(priv_key)) ;
+ random_bits = BN_num_bits(priv_key);
+ } else {
+ priv_key = dh->priv_key;
+ }
+
+ if (dh->pub_key == NULL) {
+ pub_key = BN_new();
+ pub_key_len = BN_num_bits(dh->p);
+ if (bn_wexpand(pub_key, dh->p->top) == NULL)
+ goto err;
+ if (pub_key == NULL)
+ goto err;
+ } else {
+ pub_key = dh->pub_key;
+ }
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ const DH_METHOD *meth;
+ UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_UNIT_FAILURE);
+ meth = DH_OpenSSL();
+ ret = meth->generate_key(dh);
+ goto err;
+ }
+
+ if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
+ (unsigned char *)priv_key->d,
+ &priv_key_len,
+ (unsigned char *)pub_key->d,
+ &pub_key_len,
+ (unsigned char *)dh->g->d,
+ BN_num_bits(dh->g),
+ (unsigned char *)dh->p->d,
+ BN_num_bits(dh->p), 0, 0,
+ random_bits) != 0) {
+ /* Hardware's a no go, failover to software */
+ const DH_METHOD *meth;
+
+ UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
+
+ meth = DH_OpenSSL();
+ ret = meth->generate_key(dh);
+
+ goto err;
+ }
+
+ p_UBSEC_ubsec_close(fd);
+
+ dh->pub_key = pub_key;
+ dh->pub_key->top = (pub_key_len + BN_BITS2 - 1) / BN_BITS2;
+ dh->priv_key = priv_key;
+ dh->priv_key->top = (priv_key_len + BN_BITS2 - 1) / BN_BITS2;
+
+ ret = 1;
+ err:
+ return ret;
+}
+# endif
+
+# ifdef NOT_USED
+static int ubsec_rand_bytes(unsigned char *buf, int num)
+{
+ int ret = 0, fd;
+
+ if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+ const RAND_METHOD *meth;
+ UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE);
+ num = p_UBSEC_ubsec_bits_to_bytes(num);
+ meth = RAND_SSLeay();
+ meth->seed(buf, num);
+ ret = meth->bytes(buf, num);
+ goto err;
+ }
+
+ num *= 8; /* bytes to bits */
+
+ if (p_UBSEC_rng_ioctl(fd, UBSEC_RNG_DIRECT, buf, &num) != 0) {
+ /* Hardware's a no go, failover to software */
+ const RAND_METHOD *meth;
+
+ UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED);
+ p_UBSEC_ubsec_close(fd);
+
+ num = p_UBSEC_ubsec_bits_to_bytes(num);
+ meth = RAND_SSLeay();
+ meth->seed(buf, num);
+ ret = meth->bytes(buf, num);
+
+ goto err;
+ }
+
+ p_UBSEC_ubsec_close(fd);
+
+ ret = 1;
+ err:
+ return (ret);
+}
+
+static int ubsec_rand_status(void)
+{
+ return 0;
+}
+# endif
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+{
+ if (id && (strcmp(id, engine_ubsec_id) != 0))
+ return 0;
+ if (!bind_helper(e))
+ return 0;
+ return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+# endif /* !OPENSSL_NO_HW_UBSEC */
+#endif /* !OPENSSL_NO_HW */
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.c
===================================================================
--- vendor-crypto/openssl/dist/engines/e_ubsec_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,157 +0,0 @@
-/* e_ubsec_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_ubsec_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA UBSEC_str_functs[]=
- {
-{ERR_FUNC(UBSEC_F_UBSEC_CTRL), "UBSEC_CTRL"},
-{ERR_FUNC(UBSEC_F_UBSEC_DH_COMPUTE_KEY), "UBSEC_DH_COMPUTE_KEY"},
-{ERR_FUNC(UBSEC_F_UBSEC_DH_GENERATE_KEY), "UBSEC_DH_GENERATE_KEY"},
-{ERR_FUNC(UBSEC_F_UBSEC_DSA_DO_SIGN), "UBSEC_DSA_DO_SIGN"},
-{ERR_FUNC(UBSEC_F_UBSEC_DSA_VERIFY), "UBSEC_DSA_VERIFY"},
-{ERR_FUNC(UBSEC_F_UBSEC_FINISH), "UBSEC_FINISH"},
-{ERR_FUNC(UBSEC_F_UBSEC_INIT), "UBSEC_INIT"},
-{ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP), "UBSEC_MOD_EXP"},
-{ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP_CRT), "UBSEC_MOD_EXP_CRT"},
-{ERR_FUNC(UBSEC_F_UBSEC_RAND_BYTES), "UBSEC_RAND_BYTES"},
-{ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP), "UBSEC_RSA_MOD_EXP"},
-{ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT), "UBSEC_RSA_MOD_EXP_CRT"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA UBSEC_str_reasons[]=
- {
-{ERR_REASON(UBSEC_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(UBSEC_R_BN_EXPAND_FAIL) ,"bn expand fail"},
-{ERR_REASON(UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(UBSEC_R_DSO_FAILURE) ,"dso failure"},
-{ERR_REASON(UBSEC_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(UBSEC_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(UBSEC_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
-{ERR_REASON(UBSEC_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef UBSEC_LIB_NAME
-static ERR_STRING_DATA UBSEC_lib_name[]=
- {
-{0 ,UBSEC_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int UBSEC_lib_error_code=0;
-static int UBSEC_error_init=1;
-
-static void ERR_load_UBSEC_strings(void)
- {
- if (UBSEC_lib_error_code == 0)
- UBSEC_lib_error_code=ERR_get_next_error_library();
-
- if (UBSEC_error_init)
- {
- UBSEC_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_functs);
- ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
-#endif
-
-#ifdef UBSEC_LIB_NAME
- UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code,0,0);
- ERR_load_strings(0,UBSEC_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_UBSEC_strings(void)
- {
- if (UBSEC_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_functs);
- ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
-#endif
-
-#ifdef UBSEC_LIB_NAME
- ERR_unload_strings(0,UBSEC_lib_name);
-#endif
- UBSEC_error_init=1;
- }
- }
-
-static void ERR_UBSEC_error(int function, int reason, char *file, int line)
- {
- if (UBSEC_lib_error_code == 0)
- UBSEC_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(UBSEC_lib_error_code,function,reason,file,line);
- }
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.c (from rev 6976, vendor-crypto/openssl/dist/engines/e_ubsec_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,154 @@
+/* e_ubsec_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_ubsec_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA UBSEC_str_functs[] = {
+ {ERR_FUNC(UBSEC_F_UBSEC_CTRL), "UBSEC_CTRL"},
+ {ERR_FUNC(UBSEC_F_UBSEC_DH_COMPUTE_KEY), "UBSEC_DH_COMPUTE_KEY"},
+ {ERR_FUNC(UBSEC_F_UBSEC_DH_GENERATE_KEY), "UBSEC_DH_GENERATE_KEY"},
+ {ERR_FUNC(UBSEC_F_UBSEC_DSA_DO_SIGN), "UBSEC_DSA_DO_SIGN"},
+ {ERR_FUNC(UBSEC_F_UBSEC_DSA_VERIFY), "UBSEC_DSA_VERIFY"},
+ {ERR_FUNC(UBSEC_F_UBSEC_FINISH), "UBSEC_FINISH"},
+ {ERR_FUNC(UBSEC_F_UBSEC_INIT), "UBSEC_INIT"},
+ {ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP), "UBSEC_MOD_EXP"},
+ {ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP_CRT), "UBSEC_MOD_EXP_CRT"},
+ {ERR_FUNC(UBSEC_F_UBSEC_RAND_BYTES), "UBSEC_RAND_BYTES"},
+ {ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP), "UBSEC_RSA_MOD_EXP"},
+ {ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT), "UBSEC_RSA_MOD_EXP_CRT"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA UBSEC_str_reasons[] = {
+ {ERR_REASON(UBSEC_R_ALREADY_LOADED), "already loaded"},
+ {ERR_REASON(UBSEC_R_BN_EXPAND_FAIL), "bn expand fail"},
+ {ERR_REASON(UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+ "ctrl command not implemented"},
+ {ERR_REASON(UBSEC_R_DSO_FAILURE), "dso failure"},
+ {ERR_REASON(UBSEC_R_MISSING_KEY_COMPONENTS), "missing key components"},
+ {ERR_REASON(UBSEC_R_NOT_LOADED), "not loaded"},
+ {ERR_REASON(UBSEC_R_REQUEST_FAILED), "request failed"},
+ {ERR_REASON(UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL),
+ "size too large or too small"},
+ {ERR_REASON(UBSEC_R_UNIT_FAILURE), "unit failure"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef UBSEC_LIB_NAME
+static ERR_STRING_DATA UBSEC_lib_name[] = {
+ {0, UBSEC_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int UBSEC_lib_error_code = 0;
+static int UBSEC_error_init = 1;
+
+static void ERR_load_UBSEC_strings(void)
+{
+ if (UBSEC_lib_error_code == 0)
+ UBSEC_lib_error_code = ERR_get_next_error_library();
+
+ if (UBSEC_error_init) {
+ UBSEC_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(UBSEC_lib_error_code, UBSEC_str_functs);
+ ERR_load_strings(UBSEC_lib_error_code, UBSEC_str_reasons);
+#endif
+
+#ifdef UBSEC_LIB_NAME
+ UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code, 0, 0);
+ ERR_load_strings(0, UBSEC_lib_name);
+#endif
+ }
+}
+
+static void ERR_unload_UBSEC_strings(void)
+{
+ if (UBSEC_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(UBSEC_lib_error_code, UBSEC_str_functs);
+ ERR_unload_strings(UBSEC_lib_error_code, UBSEC_str_reasons);
+#endif
+
+#ifdef UBSEC_LIB_NAME
+ ERR_unload_strings(0, UBSEC_lib_name);
+#endif
+ UBSEC_error_init = 1;
+ }
+}
+
+static void ERR_UBSEC_error(int function, int reason, char *file, int line)
+{
+ if (UBSEC_lib_error_code == 0)
+ UBSEC_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(UBSEC_lib_error_code, function, reason, file, line);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.h
===================================================================
--- vendor-crypto/openssl/dist/engines/e_ubsec_err.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,101 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UBSEC_ERR_H
-#define HEADER_UBSEC_ERR_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_UBSEC_strings(void);
-static void ERR_unload_UBSEC_strings(void);
-static void ERR_UBSEC_error(int function, int reason, char *file, int line);
-#define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the UBSEC functions. */
-
-/* Function codes. */
-#define UBSEC_F_UBSEC_CTRL 100
-#define UBSEC_F_UBSEC_DH_COMPUTE_KEY 101
-#define UBSEC_F_UBSEC_DH_GENERATE_KEY 111
-#define UBSEC_F_UBSEC_DSA_DO_SIGN 102
-#define UBSEC_F_UBSEC_DSA_VERIFY 103
-#define UBSEC_F_UBSEC_FINISH 104
-#define UBSEC_F_UBSEC_INIT 105
-#define UBSEC_F_UBSEC_MOD_EXP 106
-#define UBSEC_F_UBSEC_MOD_EXP_CRT 110
-#define UBSEC_F_UBSEC_RAND_BYTES 107
-#define UBSEC_F_UBSEC_RSA_MOD_EXP 108
-#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT 109
-
-/* Reason codes. */
-#define UBSEC_R_ALREADY_LOADED 100
-#define UBSEC_R_BN_EXPAND_FAIL 101
-#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED 102
-#define UBSEC_R_DSO_FAILURE 103
-#define UBSEC_R_MISSING_KEY_COMPONENTS 104
-#define UBSEC_R_NOT_LOADED 105
-#define UBSEC_R_REQUEST_FAILED 106
-#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
-#define UBSEC_R_UNIT_FAILURE 108
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.h (from rev 6976, vendor-crypto/openssl/dist/engines/e_ubsec_err.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/e_ubsec_err.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,102 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UBSEC_ERR_H
+# define HEADER_UBSEC_ERR_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_UBSEC_strings(void);
+static void ERR_unload_UBSEC_strings(void);
+static void ERR_UBSEC_error(int function, int reason, char *file, int line);
+# define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the UBSEC functions. */
+
+/* Function codes. */
+# define UBSEC_F_UBSEC_CTRL 100
+# define UBSEC_F_UBSEC_DH_COMPUTE_KEY 101
+# define UBSEC_F_UBSEC_DH_GENERATE_KEY 111
+# define UBSEC_F_UBSEC_DSA_DO_SIGN 102
+# define UBSEC_F_UBSEC_DSA_VERIFY 103
+# define UBSEC_F_UBSEC_FINISH 104
+# define UBSEC_F_UBSEC_INIT 105
+# define UBSEC_F_UBSEC_MOD_EXP 106
+# define UBSEC_F_UBSEC_MOD_EXP_CRT 110
+# define UBSEC_F_UBSEC_RAND_BYTES 107
+# define UBSEC_F_UBSEC_RSA_MOD_EXP 108
+# define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT 109
+
+/* Reason codes. */
+# define UBSEC_R_ALREADY_LOADED 100
+# define UBSEC_R_BN_EXPAND_FAIL 101
+# define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED 102
+# define UBSEC_R_DSO_FAILURE 103
+# define UBSEC_R_MISSING_KEY_COMPONENTS 104
+# define UBSEC_R_NOT_LOADED 105
+# define UBSEC_R_REQUEST_FAILED 106
+# define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
+# define UBSEC_R_UNIT_FAILURE 108
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/aep.h
===================================================================
--- vendor-crypto/openssl/dist/engines/vendor_defns/aep.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/aep.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,178 +0,0 @@
-/* This header declares the necessary definitions for using the exponentiation
- * acceleration capabilities, and rnd number generation of the AEP card.
- *
- */
-
-/*
- *
- * Some AEP defines
- *
- */
-
-/*Successful return value*/
-#define AEP_R_OK 0x00000000
-
-/*Miscelleanous unsuccessful return value*/
-#define AEP_R_GENERAL_ERROR 0x10000001
-
-/*Insufficient host memory*/
-#define AEP_R_HOST_MEMORY 0x10000002
-
-#define AEP_R_FUNCTION_FAILED 0x10000006
-
-/*Invalid arguments in function call*/
-#define AEP_R_ARGUMENTS_BAD 0x10020000
-
-#define AEP_R_NO_TARGET_RESOURCES 0x10030000
-
-/*Error occuring on socket operation*/
-#define AEP_R_SOCKERROR 0x10000010
-
-/*Socket has been closed from the other end*/
-#define AEP_R_SOCKEOF 0x10000011
-
-/*Invalid handles*/
-#define AEP_R_CONNECTION_HANDLE_INVALID 0x100000B3
-
-#define AEP_R_TRANSACTION_HANDLE_INVALID 0x10040000
-
-/*Transaction has not yet returned from accelerator*/
-#define AEP_R_TRANSACTION_NOT_READY 0x00010000
-
-/*There is already a thread waiting on this transaction*/
-#define AEP_R_TRANSACTION_CLAIMED 0x10050000
-
-/*The transaction timed out*/
-#define AEP_R_TIMED_OUT 0x10060000
-
-#define AEP_R_FXN_NOT_IMPLEMENTED 0x10070000
-
-#define AEP_R_TARGET_ERROR 0x10080000
-
-/*Error in the AEP daemon process*/
-#define AEP_R_DAEMON_ERROR 0x10090000
-
-/*Invalid ctx id*/
-#define AEP_R_INVALID_CTX_ID 0x10009000
-
-#define AEP_R_NO_KEY_MANAGER 0x1000a000
-
-/*Error obtaining a mutex*/
-#define AEP_R_MUTEX_BAD 0x000001A0
-
-/*Fxn call before AEP_Initialise ot after AEP_Finialise*/
-#define AEP_R_AEPAPI_NOT_INITIALIZED 0x10000190
-
-/*AEP_Initialise has already been called*/
-#define AEP_R_AEPAPI_ALREADY_INITIALIZED 0x10000191
-
-/*Maximum number of connections to daemon reached*/
-#define AEP_R_NO_MORE_CONNECTION_HNDLS 0x10000200
-
-/*
- *
- * Some AEP Type definitions
- *
- */
-
-/* an unsigned 8-bit value */
-typedef unsigned char AEP_U8;
-
-/* an unsigned 8-bit character */
-typedef char AEP_CHAR;
-
-/* a BYTE-sized Boolean flag */
-typedef AEP_U8 AEP_BBOOL;
-
-/*Unsigned value, at least 16 bits long*/
-typedef unsigned short AEP_U16;
-
-/* an unsigned value, at least 32 bits long */
-#ifdef SIXTY_FOUR_BIT_LONG
-typedef unsigned int AEP_U32;
-#else
-typedef unsigned long AEP_U32;
-#endif
-
-#ifdef SIXTY_FOUR_BIT_LONG
-typedef unsigned long AEP_U64;
-#else
-typedef struct { unsigned long l1, l2; } AEP_U64;
-#endif
-
-/* at least 32 bits; each bit is a Boolean flag */
-typedef AEP_U32 AEP_FLAGS;
-
-typedef AEP_U8 *AEP_U8_PTR;
-typedef AEP_CHAR *AEP_CHAR_PTR;
-typedef AEP_U32 *AEP_U32_PTR;
-typedef AEP_U64 *AEP_U64_PTR;
-typedef void *AEP_VOID_PTR;
-
-/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
-typedef AEP_VOID_PTR *AEP_VOID_PTR_PTR;
-
-/*Used to identify an AEP connection handle*/
-typedef AEP_U32 AEP_CONNECTION_HNDL;
-
-/*Pointer to an AEP connection handle*/
-typedef AEP_CONNECTION_HNDL *AEP_CONNECTION_HNDL_PTR;
-
-/*Used by an application (in conjunction with the apps process id) to
-identify an individual transaction*/
-typedef AEP_U32 AEP_TRANSACTION_ID;
-
-/*Pointer to an applications transaction identifier*/
-typedef AEP_TRANSACTION_ID *AEP_TRANSACTION_ID_PTR;
-
-/*Return value type*/
-typedef AEP_U32 AEP_RV;
-
-#define MAX_PROCESS_CONNECTIONS 256
-
-#define RAND_BLK_SIZE 1024
-
-typedef enum{
- NotConnected= 0,
- Connected= 1,
- InUse= 2
-} AEP_CONNECTION_STATE;
-
-
-typedef struct AEP_CONNECTION_ENTRY{
- AEP_CONNECTION_STATE conn_state;
- AEP_CONNECTION_HNDL conn_hndl;
-} AEP_CONNECTION_ENTRY;
-
-
-typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
-typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
-
-typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
- AEP_VOID_PTR pA, AEP_VOID_PTR pP,
- AEP_VOID_PTR pN,
- AEP_VOID_PTR pResult,
- AEP_TRANSACTION_ID* pidTransID);
-
-typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
- AEP_VOID_PTR pA, AEP_VOID_PTR pP,
- AEP_VOID_PTR pQ,
- AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
- AEP_VOID_PTR pIqmp,
- AEP_VOID_PTR pResult,
- AEP_TRANSACTION_ID* pidTransID);
-
-#ifdef AEPRAND
-typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
- AEP_U32 Len,
- AEP_U32 Type,
- AEP_VOID_PTR pResult,
- AEP_TRANSACTION_ID* pidTransID);
-#endif
-
-typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
-typedef AEP_RV t_AEP_Finalize(void);
-typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize),
- AEP_RV (*MakeAEPBigNumFunc)(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum),
- AEP_RV (*ConverAEPBigNumFunc)(void* ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum));
-
Copied: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/aep.h (from rev 6976, vendor-crypto/openssl/dist/engines/vendor_defns/aep.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/aep.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/aep.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,235 @@
+/*
+ * This header declares the necessary definitions for using the
+ * exponentiation acceleration capabilities, and rnd number generation of the
+ * AEP card.
+ */
+
+/*
+ *
+ * Some AEP defines
+ *
+ */
+
+/*
+ * Successful return value
+ */
+#define AEP_R_OK 0x00000000
+
+/*
+ * Miscelleanous unsuccessful return value
+ */
+#define AEP_R_GENERAL_ERROR 0x10000001
+
+/*
+ * Insufficient host memory
+ */
+#define AEP_R_HOST_MEMORY 0x10000002
+
+#define AEP_R_FUNCTION_FAILED 0x10000006
+
+/*
+ * Invalid arguments in function call
+ */
+#define AEP_R_ARGUMENTS_BAD 0x10020000
+
+#define AEP_R_NO_TARGET_RESOURCES 0x10030000
+
+/*
+ * Error occuring on socket operation
+ */
+#define AEP_R_SOCKERROR 0x10000010
+
+/*
+ * Socket has been closed from the other end
+ */
+#define AEP_R_SOCKEOF 0x10000011
+
+/*
+ * Invalid handles
+ */
+#define AEP_R_CONNECTION_HANDLE_INVALID 0x100000B3
+
+#define AEP_R_TRANSACTION_HANDLE_INVALID 0x10040000
+
+/*
+ * Transaction has not yet returned from accelerator
+ */
+#define AEP_R_TRANSACTION_NOT_READY 0x00010000
+
+/*
+ * There is already a thread waiting on this transaction
+ */
+#define AEP_R_TRANSACTION_CLAIMED 0x10050000
+
+/*
+ * The transaction timed out
+ */
+#define AEP_R_TIMED_OUT 0x10060000
+
+#define AEP_R_FXN_NOT_IMPLEMENTED 0x10070000
+
+#define AEP_R_TARGET_ERROR 0x10080000
+
+/*
+ * Error in the AEP daemon process
+ */
+#define AEP_R_DAEMON_ERROR 0x10090000
+
+/*
+ * Invalid ctx id
+ */
+#define AEP_R_INVALID_CTX_ID 0x10009000
+
+#define AEP_R_NO_KEY_MANAGER 0x1000a000
+
+/*
+ * Error obtaining a mutex
+ */
+#define AEP_R_MUTEX_BAD 0x000001A0
+
+/*
+ * Fxn call before AEP_Initialise ot after AEP_Finialise
+ */
+#define AEP_R_AEPAPI_NOT_INITIALIZED 0x10000190
+
+/*
+ * AEP_Initialise has already been called
+ */
+#define AEP_R_AEPAPI_ALREADY_INITIALIZED 0x10000191
+
+/*
+ * Maximum number of connections to daemon reached
+ */
+#define AEP_R_NO_MORE_CONNECTION_HNDLS 0x10000200
+
+/*
+ *
+ * Some AEP Type definitions
+ *
+ */
+
+/* an unsigned 8-bit value */
+typedef unsigned char AEP_U8;
+
+/* an unsigned 8-bit character */
+typedef char AEP_CHAR;
+
+/* a BYTE-sized Boolean flag */
+typedef AEP_U8 AEP_BBOOL;
+
+/*
+ * Unsigned value, at least 16 bits long
+ */
+typedef unsigned short AEP_U16;
+
+/* an unsigned value, at least 32 bits long */
+#ifdef SIXTY_FOUR_BIT_LONG
+typedef unsigned int AEP_U32;
+#else
+typedef unsigned long AEP_U32;
+#endif
+
+#ifdef SIXTY_FOUR_BIT_LONG
+typedef unsigned long AEP_U64;
+#else
+typedef struct {
+ unsigned long l1, l2;
+} AEP_U64;
+#endif
+
+/* at least 32 bits; each bit is a Boolean flag */
+typedef AEP_U32 AEP_FLAGS;
+
+typedef AEP_U8 *AEP_U8_PTR;
+typedef AEP_CHAR *AEP_CHAR_PTR;
+typedef AEP_U32 *AEP_U32_PTR;
+typedef AEP_U64 *AEP_U64_PTR;
+typedef void *AEP_VOID_PTR;
+
+/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
+typedef AEP_VOID_PTR *AEP_VOID_PTR_PTR;
+
+/*
+ * Used to identify an AEP connection handle
+ */
+typedef AEP_U32 AEP_CONNECTION_HNDL;
+
+/*
+ * Pointer to an AEP connection handle
+ */
+typedef AEP_CONNECTION_HNDL *AEP_CONNECTION_HNDL_PTR;
+
+/*
+ * Used by an application (in conjunction with the apps process id) to
+ * identify an individual transaction
+ */
+typedef AEP_U32 AEP_TRANSACTION_ID;
+
+/*
+ * Pointer to an applications transaction identifier
+ */
+typedef AEP_TRANSACTION_ID *AEP_TRANSACTION_ID_PTR;
+
+/*
+ * Return value type
+ */
+typedef AEP_U32 AEP_RV;
+
+#define MAX_PROCESS_CONNECTIONS 256
+
+#define RAND_BLK_SIZE 1024
+
+typedef enum {
+ NotConnected = 0,
+ Connected = 1,
+ InUse = 2
+} AEP_CONNECTION_STATE;
+
+typedef struct AEP_CONNECTION_ENTRY {
+ AEP_CONNECTION_STATE conn_state;
+ AEP_CONNECTION_HNDL conn_hndl;
+} AEP_CONNECTION_ENTRY;
+
+typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
+typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
+
+typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
+ AEP_VOID_PTR pA, AEP_VOID_PTR pP,
+ AEP_VOID_PTR pN,
+ AEP_VOID_PTR pResult,
+ AEP_TRANSACTION_ID *pidTransID);
+
+typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
+ AEP_VOID_PTR pA, AEP_VOID_PTR pP,
+ AEP_VOID_PTR pQ,
+ AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
+ AEP_VOID_PTR pIqmp,
+ AEP_VOID_PTR pResult,
+ AEP_TRANSACTION_ID *pidTransID);
+
+#ifdef AEPRAND
+typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
+ AEP_U32 Len,
+ AEP_U32 Type,
+ AEP_VOID_PTR pResult,
+ AEP_TRANSACTION_ID *pidTransID);
+#endif
+
+typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
+typedef AEP_RV t_AEP_Finalize(void);
+typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)
+ (AEP_VOID_PTR ArbBigNum,
+ AEP_U32 *BigNumSize),
+ AEP_RV (*MakeAEPBigNumFunc) (AEP_VOID_PTR
+ ArbBigNum,
+ AEP_U32
+ BigNumSize,
+ unsigned char
+ *AEP_BigNum),
+ AEP_RV (*ConverAEPBigNumFunc) (void
+ *ArbBigNum,
+ AEP_U32
+ BigNumSize,
+ unsigned
+ char
+ *AEP_BigNum));
Deleted: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/atalla.h
===================================================================
--- vendor-crypto/openssl/dist/engines/vendor_defns/atalla.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/atalla.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,48 +0,0 @@
-/* This header declares the necessary definitions for using the exponentiation
- * acceleration capabilities of Atalla cards. The only cryptographic operation
- * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
- * defines an "RSA private key". However, it is really only performing a
- * regular mod_exp using the supplied modulus and exponent - no CRT form is
- * being used. Hence, it is a generic mod_exp function in disguise, and we use
- * it as such.
- *
- * Thanks to the people at Atalla for letting me know these definitions are
- * fine and that they can be reproduced here.
- *
- * Geoff.
- */
-
-typedef struct ItemStr
- {
- unsigned char *data;
- int len;
- } Item;
-
-typedef struct RSAPrivateKeyStr
- {
- void *reserved;
- Item version;
- Item modulus;
- Item publicExponent;
- Item privateExponent;
- Item prime[2];
- Item exponent[2];
- Item coefficient;
- } RSAPrivateKey;
-
-/* Predeclare the function pointer types that we dynamically load from the DSO.
- * These use the same names and form that Ben's original support code had (in
- * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
- * somewhere along the way!
- */
-
-typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
- unsigned int *ret_buf);
-
-typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
-
-typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
- unsigned char *output,
- unsigned char *input,
- unsigned int modulus_len);
-
Copied: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/atalla.h (from rev 6976, vendor-crypto/openssl/dist/engines/vendor_defns/atalla.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/atalla.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/atalla.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,44 @@
+/*
+ * This header declares the necessary definitions for using the
+ * exponentiation acceleration capabilities of Atalla cards. The only
+ * cryptographic operation is performed by "ASI_RSAPrivateKeyOpFn" and this
+ * takes a structure that defines an "RSA private key". However, it is really
+ * only performing a regular mod_exp using the supplied modulus and exponent
+ * - no CRT form is being used. Hence, it is a generic mod_exp function in
+ * disguise, and we use it as such. Thanks to the people at Atalla for
+ * letting me know these definitions are fine and that they can be reproduced
+ * here. Geoff.
+ */
+
+typedef struct ItemStr {
+ unsigned char *data;
+ int len;
+} Item;
+
+typedef struct RSAPrivateKeyStr {
+ void *reserved;
+ Item version;
+ Item modulus;
+ Item publicExponent;
+ Item privateExponent;
+ Item prime[2];
+ Item exponent[2];
+ Item coefficient;
+} RSAPrivateKey;
+
+/*
+ * Predeclare the function pointer types that we dynamically load from the
+ * DSO. These use the same names and form that Ben's original support code
+ * had (in crypto/bn/bn_exp.c) unless of course I've inadvertently changed
+ * the style somewhere along the way!
+ */
+
+typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
+ unsigned int *ret_buf);
+
+typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
+
+typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
+ unsigned char *output,
+ unsigned char *input,
+ unsigned int modulus_len);
Deleted: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/cswift.h
===================================================================
--- vendor-crypto/openssl/dist/engines/vendor_defns/cswift.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/cswift.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,234 +0,0 @@
-/* Attribution notice: Rainbow have generously allowed me to reproduce
- * the necessary definitions here from their API. This means the support
- * can build independently of whether application builders have the
- * API or hardware. This will allow developers to easily produce software
- * that has latent hardware support for any users that have accelertors
- * installed, without the developers themselves needing anything extra.
- *
- * I have only clipped the parts from the CryptoSwift header files that
- * are (or seem) relevant to the CryptoSwift support code. This is
- * simply to keep the file sizes reasonable.
- * [Geoff]
- */
-
-
-/* NB: These type widths do *not* seem right in general, in particular
- * they're not terribly friendly to 64-bit architectures (unsigned long)
- * will be 64-bit on IA-64 for a start. I'm leaving these alone as they
- * agree with Rainbow's API and this will only be called into question
- * on platforms with Rainbow support anyway! ;-) */
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-typedef long SW_STATUS; /* status */
-typedef unsigned char SW_BYTE; /* 8 bit byte */
-typedef unsigned short SW_U16; /* 16 bit number */
-#if defined(_IRIX)
-#include <sgidefs.h>
-typedef __uint32_t SW_U32;
-#else
-typedef unsigned long SW_U32; /* 32 bit integer */
-#endif
-
-#if defined(OPENSSL_SYS_WIN32)
- typedef struct _SW_U64 {
- SW_U32 low32;
- SW_U32 high32;
- } SW_U64; /* 64 bit integer */
-#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
- typedef longlong SW_U64
-#else /* Unix variants */
- typedef struct _SW_U64 {
- SW_U32 low32;
- SW_U32 high32;
- } SW_U64; /* 64 bit integer */
-#endif
-
-/* status codes */
-#define SW_OK (0L)
-#define SW_ERR_BASE (-10000L)
-#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */
-#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */
- /* up yet */
-#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */
- /* time out */
-#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */
- /* execute the command */
-#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */
- /* NULL */
-#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */
- /* small, too large. */
-#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */
- /* handle */
-#define SW_ERR_PENDING (SW_ERR_BASE-8) /* A request is already out- */
- /* standing at this */
- /* context handle */
-#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */
-#define SW_ERR_NO_PENDING (SW_ERR_BASE-10)/* No request is pending. */
-#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11)/* Not enough memory */
-#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12)/* Invalid algorithm type */
- /* in SW_PARAM structure */
-#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13)/* No key is associated with */
- /* context. */
- /* swAttachKeyParam() is */
- /* not called. */
-#define SW_ERR_KEY_CMD_MISMATCH \
- (SW_ERR_BASE-14)/* Cannot perform requested */
- /* SW_COMMAND_CODE since */
- /* key attached via */
- /* swAttachKeyParam() */
- /* cannot be used for this*/
- /* SW_COMMAND_CODE. */
-#define SW_ERR_NOT_IMPLEMENTED \
- (SW_ERR_BASE-15)/* Not implemented */
-#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16)/* Bad command code */
-#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17)/* too small or too large in */
- /* the "initems" or */
- /* "outitems". */
-#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18)/* Bad accelerator number */
-#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19)/* At least one of the self */
- /* test fail, look at the */
- /* selfTestBitmap in */
- /* SW_ACCELERATOR_INFO for*/
- /* details. */
-#define SW_ERR_MISALIGN (SW_ERR_BASE-20)/* Certain alogrithms require*/
- /* key materials aligned */
- /* in certain order, e.g. */
- /* 128 bit for CRT */
-#define SW_ERR_OUTPUT_NULL_PTR \
- (SW_ERR_BASE-21)/* a required pointer is */
- /* NULL */
-#define SW_ERR_OUTPUT_SIZE \
- (SW_ERR_BASE-22)/* size is invalid, too */
- /* small, too large. */
-#define SW_ERR_FIRMWARE_CHECKSUM \
- (SW_ERR_BASE-23)/* firmware checksum mismatch*/
- /* download failed. */
-#define SW_ERR_UNKNOWN_FIRMWARE \
- (SW_ERR_BASE-24)/* unknown firmware error */
-#define SW_ERR_INTERRUPT (SW_ERR_BASE-25)/* request is abort when */
- /* it's waiting to be */
- /* completed. */
-#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26)/* error in writing to Non- */
- /* volatile memory */
-#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27)/* out of range error in */
- /* writing to NV memory */
-#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28)/* Random Number Generation */
- /* failure */
-#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/
-#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math */
- /* calculations */
-#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on - */
- /* board memory */
-#define SW_ERR_FIRMWARE_VERSION \
- (SW_ERR_BASE-32)/* Wrong version in firmware */
- /* update */
-#define SW_ERR_ZERO_WORKING_ACCELERATOR \
- (SW_ERR_BASE-44)/* All accelerators are bad */
-
-
- /* algorithm type */
-#define SW_ALG_CRT 1
-#define SW_ALG_EXP 2
-#define SW_ALG_DSA 3
-#define SW_ALG_NVDATA 4
-
- /* command code */
-#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */
- /* Chinese Remainder Theorem (CRT) */
-#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */
-#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */
-#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */
-#define SW_CMD_RAND 5 /* perform random number generation */
-#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */
-#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */
-
-typedef SW_U32 SW_ALGTYPE; /* alogrithm type */
-typedef SW_U32 SW_STATE; /* state */
-typedef SW_U32 SW_COMMAND_CODE; /* command code */
-typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */
-
-typedef struct _SW_LARGENUMBER {
- SW_U32 nbytes; /* number of bytes in the buffer "value" */
- SW_BYTE* value; /* the large integer as a string of */
- /* bytes in network (big endian) order */
-} SW_LARGENUMBER;
-
-#if defined(OPENSSL_SYS_WIN32)
- #include <windows.h>
- typedef HANDLE SW_OSHANDLE; /* handle to kernel object */
- #define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE
- #define SW_CALLCONV _stdcall
-#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
- /* async callback mechanisms */
- /* swiftCallbackLevel */
- #define SW_MAC_CALLBACK_LEVEL_NO 0
- #define SW_MAC_CALLBACK_LEVEL_HARDWARE 1 /* from the hardware ISR */
- #define SW_MAC_CALLBACK_LEVEL_SECONDARY 2 /* as secondary ISR */
- typedef int SW_MAC_CALLBACK_LEVEL;
- typedef int SW_OSHANDLE;
- #define SW_OS_INVALID_HANDLE (-1)
- #define SW_CALLCONV
-#else /* Unix variants */
- typedef int SW_OSHANDLE; /* handle to driver */
- #define SW_OS_INVALID_HANDLE (-1)
- #define SW_CALLCONV
-#endif
-
-typedef struct _SW_CRT {
- SW_LARGENUMBER p; /* prime number p */
- SW_LARGENUMBER q; /* prime number q */
- SW_LARGENUMBER dmp1; /* exponent1 */
- SW_LARGENUMBER dmq1; /* exponent2 */
- SW_LARGENUMBER iqmp; /* CRT coefficient */
-} SW_CRT;
-
-typedef struct _SW_EXP {
- SW_LARGENUMBER modulus; /* modulus */
- SW_LARGENUMBER exponent;/* exponent */
-} SW_EXP;
-
-typedef struct _SW_DSA {
- SW_LARGENUMBER p; /* */
- SW_LARGENUMBER q; /* */
- SW_LARGENUMBER g; /* */
- SW_LARGENUMBER key; /* private/public key */
-} SW_DSA;
-
-typedef struct _SW_NVDATA {
- SW_U32 accnum; /* accelerator board number */
- SW_U32 offset; /* offset in byte */
-} SW_NVDATA;
-
-typedef struct _SW_PARAM {
- SW_ALGTYPE type; /* type of the alogrithm */
- union {
- SW_CRT crt;
- SW_EXP exp;
- SW_DSA dsa;
- SW_NVDATA nvdata;
- } up;
-} SW_PARAM;
-
-typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
-
-
-/* Now the OpenSSL bits, these function types are the for the function
- * pointers that will bound into the Rainbow shared libraries. */
-typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
-typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
- SW_PARAM *key_params);
-typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
- SW_COMMAND_CODE cmd,
- SW_LARGENUMBER pin[],
- SW_U32 pin_count,
- SW_LARGENUMBER pout[],
- SW_U32 pout_count);
-typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
Copied: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/cswift.h (from rev 6976, vendor-crypto/openssl/dist/engines/vendor_defns/cswift.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/cswift.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/cswift.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,235 @@
+/*
+ * Attribution notice: Rainbow have generously allowed me to reproduce the
+ * necessary definitions here from their API. This means the support can
+ * build independently of whether application builders have the API or
+ * hardware. This will allow developers to easily produce software that has
+ * latent hardware support for any users that have accelertors installed,
+ * without the developers themselves needing anything extra. I have only
+ * clipped the parts from the CryptoSwift header files that are (or seem)
+ * relevant to the CryptoSwift support code. This is simply to keep the file
+ * sizes reasonable. [Geoff]
+ */
+
+/*
+ * NB: These type widths do *not* seem right in general, in particular
+ * they're not terribly friendly to 64-bit architectures (unsigned long) will
+ * be 64-bit on IA-64 for a start. I'm leaving these alone as they agree with
+ * Rainbow's API and this will only be called into question on platforms with
+ * Rainbow support anyway! ;-)
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+ typedef long SW_STATUS; /* status */
+ typedef unsigned char SW_BYTE; /* 8 bit byte */
+ typedef unsigned short SW_U16; /* 16 bit number */
+#if defined(_IRIX)
+# include <sgidefs.h>
+ typedef __uint32_t SW_U32;
+#else
+ typedef unsigned long SW_U32; /* 32 bit integer */
+#endif
+
+#if defined(OPENSSL_SYS_WIN32)
+ typedef struct _SW_U64 {
+ SW_U32 low32;
+ SW_U32 high32;
+ } SW_U64; /* 64 bit integer */
+#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+ typedef longlong SW_U64
+#else /* Unix variants */
+ typedef struct _SW_U64 {
+ SW_U32 low32;
+ SW_U32 high32;
+ } SW_U64; /* 64 bit integer */
+#endif
+
+/* status codes */
+#define SW_OK (0L)
+#define SW_ERR_BASE (-10000L)
+#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */
+#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */
+ /* up yet */
+#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */
+ /* time out */
+#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */
+ /* execute the command */
+#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */
+ /* NULL */
+#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */
+ /* small, too large. */
+#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */
+ /* handle */
+#define SW_ERR_PENDING (SW_ERR_BASE-8) /* A request is already out- */
+ /* standing at this */
+ /* context handle */
+#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */
+#define SW_ERR_NO_PENDING (SW_ERR_BASE-10) /* No request is pending. */
+#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11) /* Not enough memory */
+#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12) /* Invalid algorithm type */
+ /* in SW_PARAM structure */
+#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13) /* No key is associated with */
+ /* context. */
+ /* swAttachKeyParam() is */
+ /* not called. */
+#define SW_ERR_KEY_CMD_MISMATCH \
+ (SW_ERR_BASE-14) /* Cannot perform requested */
+ /* SW_COMMAND_CODE since */
+ /* key attached via */
+ /* swAttachKeyParam() */
+ /* cannot be used for this */
+ /* SW_COMMAND_CODE. */
+#define SW_ERR_NOT_IMPLEMENTED \
+ (SW_ERR_BASE-15) /* Not implemented */
+#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16) /* Bad command code */
+#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17) /* too small or too large in */
+ /* the "initems" or */
+ /* "outitems". */
+#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18) /* Bad accelerator number */
+#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19) /* At least one of the self */
+ /* test fail, look at the */
+ /* selfTestBitmap in */
+ /* SW_ACCELERATOR_INFO for */
+ /* details. */
+#define SW_ERR_MISALIGN (SW_ERR_BASE-20) /* Certain alogrithms require */
+ /* key materials aligned */
+ /* in certain order, e.g. */
+ /* 128 bit for CRT */
+#define SW_ERR_OUTPUT_NULL_PTR \
+ (SW_ERR_BASE-21) /* a required pointer is */
+ /* NULL */
+#define SW_ERR_OUTPUT_SIZE \
+ (SW_ERR_BASE-22) /* size is invalid, too */
+ /* small, too large. */
+#define SW_ERR_FIRMWARE_CHECKSUM \
+ (SW_ERR_BASE-23) /* firmware checksum mismatch */
+ /* download failed. */
+#define SW_ERR_UNKNOWN_FIRMWARE \
+ (SW_ERR_BASE-24) /* unknown firmware error */
+#define SW_ERR_INTERRUPT (SW_ERR_BASE-25) /* request is abort when */
+ /* it's waiting to be */
+ /* completed. */
+#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26) /* error in writing to Non- */
+ /* volatile memory */
+#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27) /* out of range error in */
+ /* writing to NV memory */
+#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28) /* Random Number Generation */
+ /* failure */
+#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29) /* DSS Sign or Verify failure */
+#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30) /* Failure in various math */
+ /* calculations */
+#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31) /* Error in accessing on - */
+ /* board memory */
+#define SW_ERR_FIRMWARE_VERSION \
+ (SW_ERR_BASE-32) /* Wrong version in firmware */
+ /* update */
+#define SW_ERR_ZERO_WORKING_ACCELERATOR \
+ (SW_ERR_BASE-44) /* All accelerators are bad */
+
+ /* algorithm type */
+#define SW_ALG_CRT 1
+#define SW_ALG_EXP 2
+#define SW_ALG_DSA 3
+#define SW_ALG_NVDATA 4
+
+ /* command code */
+#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */
+ /* Chinese Remainder Theorem (CRT) */
+#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */
+#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */
+#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */
+#define SW_CMD_RAND 5 /* perform random number generation */
+#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */
+#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */
+
+ typedef SW_U32 SW_ALGTYPE; /* alogrithm type */
+ typedef SW_U32 SW_STATE; /* state */
+ typedef SW_U32 SW_COMMAND_CODE; /* command code */
+ typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */
+
+ typedef struct _SW_LARGENUMBER {
+ SW_U32 nbytes; /* number of bytes in the buffer "value" */
+ SW_BYTE *value; /* the large integer as a string of */
+ /* bytes in network (big endian) order */
+ } SW_LARGENUMBER;
+
+#if defined(OPENSSL_SYS_WIN32)
+# include <windows.h>
+ typedef HANDLE SW_OSHANDLE; /* handle to kernel object */
+# define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE
+# define SW_CALLCONV _stdcall
+#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+ /* async callback mechanisms */
+ /* swiftCallbackLevel */
+# define SW_MAC_CALLBACK_LEVEL_NO 0
+# define SW_MAC_CALLBACK_LEVEL_HARDWARE 1/* from the hardware ISR */
+# define SW_MAC_CALLBACK_LEVEL_SECONDARY 2/* as secondary ISR */
+ typedef int SW_MAC_CALLBACK_LEVEL;
+ typedef int SW_OSHANDLE;
+# define SW_OS_INVALID_HANDLE (-1)
+# define SW_CALLCONV
+#else /* Unix variants */
+ typedef int SW_OSHANDLE; /* handle to driver */
+# define SW_OS_INVALID_HANDLE (-1)
+# define SW_CALLCONV
+#endif
+
+ typedef struct _SW_CRT {
+ SW_LARGENUMBER p; /* prime number p */
+ SW_LARGENUMBER q; /* prime number q */
+ SW_LARGENUMBER dmp1; /* exponent1 */
+ SW_LARGENUMBER dmq1; /* exponent2 */
+ SW_LARGENUMBER iqmp; /* CRT coefficient */
+ } SW_CRT;
+
+ typedef struct _SW_EXP {
+ SW_LARGENUMBER modulus; /* modulus */
+ SW_LARGENUMBER exponent; /* exponent */
+ } SW_EXP;
+
+ typedef struct _SW_DSA {
+ SW_LARGENUMBER p; /* */
+ SW_LARGENUMBER q; /* */
+ SW_LARGENUMBER g; /* */
+ SW_LARGENUMBER key; /* private/public key */
+ } SW_DSA;
+
+ typedef struct _SW_NVDATA {
+ SW_U32 accnum; /* accelerator board number */
+ SW_U32 offset; /* offset in byte */
+ } SW_NVDATA;
+
+ typedef struct _SW_PARAM {
+ SW_ALGTYPE type; /* type of the alogrithm */
+ union {
+ SW_CRT crt;
+ SW_EXP exp;
+ SW_DSA dsa;
+ SW_NVDATA nvdata;
+ } up;
+ } SW_PARAM;
+
+ typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
+
+ /*
+ * Now the OpenSSL bits, these function types are the for the function
+ * pointers that will bound into the Rainbow shared libraries.
+ */
+ typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE
+ *hac);
+ typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
+ SW_PARAM *key_params);
+ typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
+ SW_COMMAND_CODE cmd,
+ SW_LARGENUMBER pin[],
+ SW_U32 pin_count,
+ SW_LARGENUMBER pout[],
+ SW_U32 pout_count);
+ typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE
+ hac);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
Deleted: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_4758_cca.h
===================================================================
--- vendor-crypto/openssl/dist/engines/vendor_defns/hw_4758_cca.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_4758_cca.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,149 +0,0 @@
-/**********************************************************************/
-/* */
-/* Prototypes of the CCA verbs used by the 4758 CCA openssl driver */
-/* */
-/* Maurice Gittens <maurice at gittens.nl> */
-/* */
-/**********************************************************************/
-
-#ifndef __HW_4758_CCA__
-#define __HW_4758_CCA__
-
-/*
- * Only WIN32 support for now
- */
-#if defined(WIN32)
-
- #define CCA_LIB_NAME "CSUNSAPI"
-
- #define CSNDPKX "CSNDPKX_32"
- #define CSNDKRR "CSNDKRR_32"
- #define CSNDPKE "CSNDPKE_32"
- #define CSNDPKD "CSNDPKD_32"
- #define CSNDDSV "CSNDDSV_32"
- #define CSNDDSG "CSNDDSG_32"
- #define CSNBRNG "CSNBRNG_32"
-
- #define SECURITYAPI __stdcall
-#else
- /* Fixme!!
- Find out the values of these constants for other platforms.
- */
- #define CCA_LIB_NAME "CSUNSAPI"
-
- #define CSNDPKX "CSNDPKX"
- #define CSNDKRR "CSNDKRR"
- #define CSNDPKE "CSNDPKE"
- #define CSNDPKD "CSNDPKD"
- #define CSNDDSV "CSNDDSV"
- #define CSNDDSG "CSNDDSG"
- #define CSNBRNG "CSNBRNG"
-
- #define SECURITYAPI
-#endif
-
-/*
- * security API prototypes
- */
-
-/* PKA Key Record Read */
-typedef void (SECURITYAPI *F_KEYRECORDREAD)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- unsigned char * key_label,
- long * key_token_length,
- unsigned char * key_token);
-
-/* Random Number Generate */
-typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- unsigned char * form,
- unsigned char * random_number);
-
-/* Digital Signature Generate */
-typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * PKA_private_key_id_length,
- unsigned char * PKA_private_key_id,
- long * hash_length,
- unsigned char * hash,
- long * signature_field_length,
- long * signature_bit_length,
- unsigned char * signature_field);
-
-/* Digital Signature Verify */
-typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)(
- long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * PKA_public_key_id_length,
- unsigned char * PKA_public_key_id,
- long * hash_length,
- unsigned char * hash,
- long * signature_field_length,
- unsigned char * signature_field);
-
-/* PKA Public Key Extract */
-typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)(
- long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * source_key_identifier_length,
- unsigned char * source_key_identifier,
- long * target_key_token_length,
- unsigned char * target_key_token);
-
-/* PKA Encrypt */
-typedef void (SECURITYAPI *F_PKAENCRYPT)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * key_value_length,
- unsigned char * key_value,
- long * data_struct_length,
- unsigned char * data_struct,
- long * RSA_public_key_length,
- unsigned char * RSA_public_key,
- long * RSA_encipher_length,
- unsigned char * RSA_encipher );
-
-/* PKA Decrypt */
-typedef void (SECURITYAPI *F_PKADECRYPT)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * enciphered_key_length,
- unsigned char * enciphered_key,
- long * data_struct_length,
- unsigned char * data_struct,
- long * RSA_private_key_length,
- unsigned char * RSA_private_key,
- long * key_value_length,
- unsigned char * key_value );
-
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_4758_cca.h (from rev 6976, vendor-crypto/openssl/dist/engines/vendor_defns/hw_4758_cca.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_4758_cca.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_4758_cca.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,150 @@
+/**********************************************************************/
+/* */
+/* Prototypes of the CCA verbs used by the 4758 CCA openssl driver */
+/* */
+/* Maurice Gittens <maurice at gittens.nl> */
+/* */
+/**********************************************************************/
+
+#ifndef __HW_4758_CCA__
+# define __HW_4758_CCA__
+
+/*
+ * Only WIN32 support for now
+ */
+# if defined(WIN32)
+
+# define CCA_LIB_NAME "CSUNSAPI"
+
+# define CSNDPKX "CSNDPKX_32"
+# define CSNDKRR "CSNDKRR_32"
+# define CSNDPKE "CSNDPKE_32"
+# define CSNDPKD "CSNDPKD_32"
+# define CSNDDSV "CSNDDSV_32"
+# define CSNDDSG "CSNDDSG_32"
+# define CSNBRNG "CSNBRNG_32"
+
+# define SECURITYAPI __stdcall
+# else
+ /*
+ * Fixme!! Find out the values of these constants for other platforms.
+ */
+# define CCA_LIB_NAME "CSUNSAPI"
+
+# define CSNDPKX "CSNDPKX"
+# define CSNDKRR "CSNDKRR"
+# define CSNDPKE "CSNDPKE"
+# define CSNDPKD "CSNDPKD"
+# define CSNDDSV "CSNDDSV"
+# define CSNDDSG "CSNDDSG"
+# define CSNBRNG "CSNBRNG"
+
+# define SECURITYAPI
+# endif
+
+/*
+ * security API prototypes
+ */
+
+/* PKA Key Record Read */
+typedef void (SECURITYAPI * F_KEYRECORDREAD)
+ (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char *exit_data,
+ long *rule_array_count,
+ unsigned char *rule_array,
+ unsigned char *key_label, long *key_token_length, unsigned char *key_token);
+
+/* Random Number Generate */
+typedef void (SECURITYAPI * F_RANDOMNUMBERGENERATE)
+ (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char *exit_data,
+ unsigned char *form, unsigned char *random_number);
+
+/* Digital Signature Generate */
+typedef void (SECURITYAPI * F_DIGITALSIGNATUREGENERATE)
+ (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char *exit_data,
+ long *rule_array_count,
+ unsigned char *rule_array,
+ long *PKA_private_key_id_length,
+ unsigned char *PKA_private_key_id,
+ long *hash_length,
+ unsigned char *hash,
+ long *signature_field_length,
+ long *signature_bit_length, unsigned char *signature_field);
+
+/* Digital Signature Verify */
+typedef void (SECURITYAPI * F_DIGITALSIGNATUREVERIFY) (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char
+ *exit_data,
+ long *rule_array_count,
+ unsigned char
+ *rule_array,
+ long
+ *PKA_public_key_id_length,
+ unsigned char
+ *PKA_public_key_id,
+ long *hash_length,
+ unsigned char *hash,
+ long
+ *signature_field_length,
+ unsigned char
+ *signature_field);
+
+/* PKA Public Key Extract */
+typedef void (SECURITYAPI * F_PUBLICKEYEXTRACT) (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char *exit_data,
+ long *rule_array_count,
+ unsigned char *rule_array,
+ long
+ *source_key_identifier_length,
+ unsigned char
+ *source_key_identifier,
+ long
+ *target_key_token_length,
+ unsigned char
+ *target_key_token);
+
+/* PKA Encrypt */
+typedef void (SECURITYAPI * F_PKAENCRYPT)
+ (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char *exit_data,
+ long *rule_array_count,
+ unsigned char *rule_array,
+ long *key_value_length,
+ unsigned char *key_value,
+ long *data_struct_length,
+ unsigned char *data_struct,
+ long *RSA_public_key_length,
+ unsigned char *RSA_public_key,
+ long *RSA_encipher_length, unsigned char *RSA_encipher);
+
+/* PKA Decrypt */
+typedef void (SECURITYAPI * F_PKADECRYPT)
+ (long *return_code,
+ long *reason_code,
+ long *exit_data_length,
+ unsigned char *exit_data,
+ long *rule_array_count,
+ unsigned char *rule_array,
+ long *enciphered_key_length,
+ unsigned char *enciphered_key,
+ long *data_struct_length,
+ unsigned char *data_struct,
+ long *RSA_private_key_length,
+ unsigned char *RSA_private_key,
+ long *key_value_length, unsigned char *key_value);
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_ubsec.h
===================================================================
--- vendor-crypto/openssl/dist/engines/vendor_defns/hw_ubsec.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_ubsec.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,100 +0,0 @@
-/******************************************************************************
- *
- * Copyright 2000
- * Broadcom Corporation
- * 16215 Alton Parkway
- * PO Box 57013
- * Irvine CA 92619-7013
- *
- *****************************************************************************/
-/*
- * Broadcom Corporation uBSec SDK
- */
-/*
- * Character device header file.
- */
-/*
- * Revision History:
- *
- * October 2000 JTT Created.
- */
-
-#define MAX_PUBLIC_KEY_BITS (1024)
-#define MAX_PUBLIC_KEY_BYTES (1024/8)
-#define SHA_BIT_SIZE (160)
-#define MAX_CRYPTO_KEY_LENGTH 24
-#define MAX_MAC_KEY_LENGTH 64
-#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
-#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
-
-/* Math command types. */
-#define UBSEC_MATH_MODADD 0x0001
-#define UBSEC_MATH_MODSUB 0x0002
-#define UBSEC_MATH_MODMUL 0x0004
-#define UBSEC_MATH_MODEXP 0x0008
-#define UBSEC_MATH_MODREM 0x0010
-#define UBSEC_MATH_MODINV 0x0020
-
-typedef long ubsec_MathCommand_t;
-typedef long ubsec_RNGCommand_t;
-
-typedef struct ubsec_crypto_context_s {
- unsigned int flags;
- unsigned char crypto[MAX_CRYPTO_KEY_LENGTH];
- unsigned char auth[MAX_MAC_KEY_LENGTH];
-} ubsec_crypto_context_t, *ubsec_crypto_context_p;
-
-/*
- * Predeclare the function pointer types that we dynamically load from the DSO.
- */
-
-typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
-
-typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
-
-typedef int t_UBSEC_ubsec_open(unsigned char *device);
-
-typedef int t_UBSEC_ubsec_close(int fd);
-
-typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,
- unsigned char *x, int *x_len, unsigned char *y, int *y_len,
- unsigned char *g, int g_len, unsigned char *m, int m_len,
- unsigned char *userX, int userX_len, int random_bits);
-
-typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,
- unsigned char *x, int x_len, unsigned char *y, int y_len,
- unsigned char *m, int m_len, unsigned char *k, int *k_len);
-
-typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,
- unsigned char *x, int x_len, unsigned char *m, int m_len,
- unsigned char *e, int e_len, unsigned char *y, int *y_len);
-
-typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,
- unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,
- unsigned char *edq, int edq_len, unsigned char *q, int q_len,
- unsigned char *edp, int edp_len, unsigned char *p, int p_len,
- unsigned char *y, int *y_len);
-
-typedef int t_UBSEC_dsa_sign_ioctl (int fd,
- int hash, unsigned char *data, int data_len,
- unsigned char *rndom, int random_len,
- unsigned char *p, int p_len, unsigned char *q, int q_len,
- unsigned char *g, int g_len, unsigned char *key, int key_len,
- unsigned char *r, int *r_len, unsigned char *s, int *s_len);
-
-typedef int t_UBSEC_dsa_verify_ioctl (int fd,
- int hash, unsigned char *data, int data_len,
- unsigned char *p, int p_len, unsigned char *q, int q_len,
- unsigned char *g, int g_len, unsigned char *key, int key_len,
- unsigned char *r, int r_len, unsigned char *s, int s_len,
- unsigned char *v, int *v_len);
-
-typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
- unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len,
- unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,
- unsigned char *Result, int *Result_len);
-
-typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
- unsigned char *Result, int *Result_len);
-
-typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
Copied: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_ubsec.h (from rev 6976, vendor-crypto/openssl/dist/engines/vendor_defns/hw_ubsec.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_ubsec.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hw_ubsec.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,124 @@
+/******************************************************************************
+ *
+ * Copyright 2000
+ * Broadcom Corporation
+ * 16215 Alton Parkway
+ * PO Box 57013
+ * Irvine CA 92619-7013
+ *
+ *****************************************************************************/
+/*
+ * Broadcom Corporation uBSec SDK
+ */
+/*
+ * Character device header file.
+ */
+/*
+ * Revision History:
+ *
+ * October 2000 JTT Created.
+ */
+
+#define MAX_PUBLIC_KEY_BITS (1024)
+#define MAX_PUBLIC_KEY_BYTES (1024/8)
+#define SHA_BIT_SIZE (160)
+#define MAX_CRYPTO_KEY_LENGTH 24
+#define MAX_MAC_KEY_LENGTH 64
+#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
+#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
+
+/* Math command types. */
+#define UBSEC_MATH_MODADD 0x0001
+#define UBSEC_MATH_MODSUB 0x0002
+#define UBSEC_MATH_MODMUL 0x0004
+#define UBSEC_MATH_MODEXP 0x0008
+#define UBSEC_MATH_MODREM 0x0010
+#define UBSEC_MATH_MODINV 0x0020
+
+typedef long ubsec_MathCommand_t;
+typedef long ubsec_RNGCommand_t;
+
+typedef struct ubsec_crypto_context_s {
+ unsigned int flags;
+ unsigned char crypto[MAX_CRYPTO_KEY_LENGTH];
+ unsigned char auth[MAX_MAC_KEY_LENGTH];
+} ubsec_crypto_context_t, *ubsec_crypto_context_p;
+
+/*
+ * Predeclare the function pointer types that we dynamically load from the DSO.
+ */
+
+typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
+
+typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
+
+typedef int t_UBSEC_ubsec_open(unsigned char *device);
+
+typedef int t_UBSEC_ubsec_close(int fd);
+
+typedef int t_UBSEC_diffie_hellman_generate_ioctl(int fd,
+ unsigned char *x,
+ int *x_len,
+ unsigned char *y,
+ int *y_len,
+ unsigned char *g, int g_len,
+ unsigned char *m, int m_len,
+ unsigned char *userX,
+ int userX_len,
+ int random_bits);
+
+typedef int t_UBSEC_diffie_hellman_agree_ioctl(int fd,
+ unsigned char *x, int x_len,
+ unsigned char *y, int y_len,
+ unsigned char *m, int m_len,
+ unsigned char *k, int *k_len);
+
+typedef int t_UBSEC_rsa_mod_exp_ioctl(int fd,
+ unsigned char *x, int x_len,
+ unsigned char *m, int m_len,
+ unsigned char *e, int e_len,
+ unsigned char *y, int *y_len);
+
+typedef int t_UBSEC_rsa_mod_exp_crt_ioctl(int fd,
+ unsigned char *x, int x_len,
+ unsigned char *qinv, int qinv_len,
+ unsigned char *edq, int edq_len,
+ unsigned char *q, int q_len,
+ unsigned char *edp, int edp_len,
+ unsigned char *p, int p_len,
+ unsigned char *y, int *y_len);
+
+typedef int t_UBSEC_dsa_sign_ioctl(int fd,
+ int hash, unsigned char *data,
+ int data_len, unsigned char *rndom,
+ int random_len, unsigned char *p,
+ int p_len, unsigned char *q, int q_len,
+ unsigned char *g, int g_len,
+ unsigned char *key, int key_len,
+ unsigned char *r, int *r_len,
+ unsigned char *s, int *s_len);
+
+typedef int t_UBSEC_dsa_verify_ioctl(int fd,
+ int hash, unsigned char *data,
+ int data_len, unsigned char *p,
+ int p_len, unsigned char *q, int q_len,
+ unsigned char *g, int g_len,
+ unsigned char *key, int key_len,
+ unsigned char *r, int r_len,
+ unsigned char *s, int s_len,
+ unsigned char *v, int *v_len);
+
+typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
+ unsigned char *ModN, int *ModN_len,
+ unsigned char *ExpE, int *ExpE_len,
+ unsigned char *ParamA,
+ int *ParamA_len,
+ unsigned char *ParamB,
+ int *ParamB_len,
+ unsigned char *Result,
+ int *Result_len);
+
+typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
+ unsigned char *Result, int *Result_len);
+
+typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
Deleted: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hwcryptohook.h
===================================================================
--- vendor-crypto/openssl/dist/engines/vendor_defns/hwcryptohook.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hwcryptohook.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,486 +0,0 @@
-/*
- * ModExp / RSA (with/without KM) plugin API
- *
- * The application will load a dynamic library which
- * exports entrypoint(s) defined in this file.
- *
- * This set of entrypoints provides only a multithreaded,
- * synchronous-within-each-thread, facility.
- *
- *
- * This file is Copyright 1998-2000 nCipher Corporation Limited.
- *
- * Redistribution and use in source and binary forms, with opr without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the copyright notice,
- * this list of conditions, and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions, and the following
- * disclaimer, in the documentation and/or other materials provided
- * with the distribution
- *
- * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
- * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
- * damages arising directly or indirectly from this file, its use or
- * this licence. Without prejudice to the generality of the
- * foregoing: all liability shall be excluded for direct, indirect,
- * special, incidental, consequential or other damages or any loss of
- * profits, business, revenue goodwill or anticipated savings;
- * liability shall be excluded even if nCipher or anyone else has been
- * advised of the possibility of damage. In any event, if the
- * exclusion of liability is not effective, the liability of nCipher
- * or any author or distributor shall be limited to the lesser of the
- * price paid and 1,000 pounds sterling. This licence only fails to
- * exclude or limit liability for death or personal injury arising out
- * of negligence, and only to the extent that such an exclusion or
- * limitation is not effective.
- *
- * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
- * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
- * limited to, any implied warranties of merchantability, fitness for
- * a particular purpose, satisfactory quality, and/or non-infringement
- * of any third party rights.
- *
- * US Government use: This software and documentation is Commercial
- * Computer Software and Computer Software Documentation, as defined in
- * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
- * Noncommercial Computer Software and Noncommercial Computer Software
- * Documentation." Use, duplication or disclosure by the Government is
- * subject to the terms and conditions specified here.
- *
- * By using or distributing this file you will be accepting these
- * terms and conditions, including the limitation of liability and
- * lack of warranty. If you do not wish to accept these terms and
- * conditions, DO NOT USE THE FILE.
- *
- *
- * The actual dynamically loadable plugin, and the library files for
- * static linking, which are also provided in some distributions, are
- * not covered by the licence described above. You should have
- * received a separate licence with terms and conditions for these
- * library files; if you received the library files without a licence,
- * please contact nCipher.
- *
- *
- * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
- */
-
-#ifndef HWCRYPTOHOOK_H
-#define HWCRYPTOHOOK_H
-
-#include <sys/types.h>
-#include <stdio.h>
-
-#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
-#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
-#endif
-
-#define HWCRYPTOHOOK_ERROR_FAILED -1
-#define HWCRYPTOHOOK_ERROR_FALLBACK -2
-#define HWCRYPTOHOOK_ERROR_MPISIZE -3
-
-#if HWCRYPTOHOOK_DECLARE_APPTYPES
-
-/* These structs are defined by the application and opaque to the
- * crypto plugin. The application may define these as it sees fit.
- * Default declarations are provided here, but the application may
- * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
- * to prevent these declarations, and instead provide its own
- * declarations of these types. (Pointers to them must still be
- * ordinary pointers to structs or unions, or the resulting combined
- * program will have a type inconsistency.)
- */
-typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
-typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
-typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
-typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
-
-#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
-
-/* These next two structs are opaque to the application. The crypto
- * plugin will return pointers to them; the caller simply manipulates
- * the pointers.
- */
-typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
-typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
-
-typedef struct {
- char *buf;
- size_t size;
-} HWCryptoHook_ErrMsgBuf;
-/* Used for error reporting. When a HWCryptoHook function fails it
- * will return a sentinel value (0 for pointer-valued functions, or a
- * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
- * integer-valued ones). It will, if an ErrMsgBuf is passed, also put
- * an error message there.
- *
- * size is the size of the buffer, and will not be modified. If you
- * pass 0 for size you must pass 0 for buf, and nothing will be
- * recorded (just as if you passed 0 for the struct pointer).
- * Messages written to the buffer will always be null-terminated, even
- * when truncated to fit within size bytes.
- *
- * The contents of the buffer are not defined if there is no error.
- */
-
-typedef struct HWCryptoHook_MPIStruct {
- unsigned char *buf;
- size_t size;
-} HWCryptoHook_MPI;
-/* When one of these is returned, a pointer is passed to the function.
- * At call, size is the space available. Afterwards it is updated to
- * be set to the actual length (which may be more than the space available,
- * if there was not enough room and the result was truncated).
- * buf (the pointer) is not updated.
- *
- * size is in bytes and may be zero at call or return, but must be a
- * multiple of the limb size. Zero limbs at the MS end are not
- * permitted.
- */
-
-#define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
-#define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
-/* Enable requesting fallback to software in case of problems with the
- * hardware support. This indicates to the crypto provider that the
- * application is prepared to fall back to software operation if the
- * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
- * Without this flag those calls will never return
- * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
- * provider to avoid repeatedly attempting to contact dead hardware
- * within a short interval, if appropriate.
- */
-
-#define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
-/* Without _SimpleForkCheck the library is allowed to assume that the
- * application will not fork and call the library in the child(ren).
- *
- * When it is specified, this is allowed. However, after a fork
- * neither parent nor child may unload any loaded keys or call
- * _Finish. Instead, they should call exit (or die with a signal)
- * without calling _Finish. After all the children have died the
- * parent may unload keys or call _Finish.
- *
- * This flag only has any effect on UN*X platforms.
- */
-
-typedef struct {
- unsigned long flags;
- void *logstream; /* usually a FILE*. See below. */
-
- size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
- int mslimbfirst; /* 0 or 1 */
- int msbytefirst; /* 0 or 1; -1 = native */
-
- /* All the callback functions should return 0 on success, or a
- * nonzero integer (whose value will be visible in the error message
- * put in the buffer passed to the call).
- *
- * If a callback is not available pass a null function pointer.
- *
- * The callbacks may not call down again into the crypto plugin.
- */
-
- /* For thread-safety. Set everything to 0 if you promise only to be
- * singlethreaded. maxsimultaneous is the number of calls to
- * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
- * put there then say 0 and the hook library will use a default.
- *
- * maxmutexes is a small limit on the number of simultaneous mutexes
- * which will be requested by the library. If there is no small
- * limit, set it to 0. If the crypto plugin cannot create the
- * advertised number of mutexes the calls to its functions may fail.
- * If a low number of mutexes is advertised the plugin will try to
- * do the best it can. Making larger numbers of mutexes available
- * may improve performance and parallelism by reducing contention
- * over critical sections. Unavailability of any mutexes, implying
- * single-threaded operation, should be indicated by the setting
- * mutex_init et al to 0.
- */
- int maxmutexes;
- int maxsimultaneous;
- size_t mutexsize;
- int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
- int (*mutex_acquire)(HWCryptoHook_Mutex*);
- void (*mutex_release)(HWCryptoHook_Mutex*);
- void (*mutex_destroy)(HWCryptoHook_Mutex*);
-
- /* For greater efficiency, can use condition vars internally for
- * synchronisation. In this case maxsimultaneous is ignored, but
- * the other mutex stuff must be available. In singlethreaded
- * programs, set everything to 0.
- */
- size_t condvarsize;
- int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
- int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
- void (*condvar_signal)(HWCryptoHook_CondVar*);
- void (*condvar_broadcast)(HWCryptoHook_CondVar*);
- void (*condvar_destroy)(HWCryptoHook_CondVar*);
-
- /* The semantics of acquiring and releasing mutexes and broadcasting
- * and waiting on condition variables are expected to be those from
- * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
- * fast mutexes, recursive mutexes, or nonrecursive ones.
- *
- * The _release/_signal/_broadcast and _destroy functions must
- * always succeed when given a valid argument; if they are given an
- * invalid argument then the program (crypto plugin + application)
- * has an internal error, and they should abort the program.
- */
-
- int (*getpassphrase)(const char *prompt_info,
- int *len_io, char *buf,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx);
- /* Passphrases and the prompt_info, if they contain high-bit-set
- * characters, are UTF-8. The prompt_info may be a null pointer if
- * no prompt information is available (it should not be an empty
- * string). It will not contain text like `enter passphrase';
- * instead it might say something like `Operator Card for John
- * Smith' or `SmartCard in nFast Module #1, Slot #1'.
- *
- * buf points to a buffer in which to return the passphrase; on
- * entry *len_io is the length of the buffer. It should be updated
- * by the callback. The returned passphrase should not be
- * null-terminated by the callback.
- */
-
- int (*getphystoken)(const char *prompt_info,
- const char *wrong_info,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx);
- /* Requests that the human user physically insert a different
- * smartcard, DataKey, etc. The plugin should check whether the
- * currently inserted token(s) are appropriate, and if they are it
- * should not make this call.
- *
- * prompt_info is as before. wrong_info is a description of the
- * currently inserted token(s) so that the user is told what
- * something is. wrong_info, like prompt_info, may be null, but
- * should not be an empty string. Its contents should be
- * syntactically similar to that of prompt_info.
- */
-
- /* Note that a single LoadKey operation might cause several calls to
- * getpassphrase and/or requestphystoken. If requestphystoken is
- * not provided (ie, a null pointer is passed) then the plugin may
- * not support loading keys for which authorisation by several cards
- * is required. If getpassphrase is not provided then cards with
- * passphrases may not be supported.
- *
- * getpassphrase and getphystoken do not need to check that the
- * passphrase has been entered correctly or the correct token
- * inserted; the crypto plugin will do that. If this is not the
- * case then the crypto plugin is responsible for calling these
- * routines again as appropriate until the correct token(s) and
- * passphrase(s) are supplied as required, or until any retry limits
- * implemented by the crypto plugin are reached.
- *
- * In either case, the application must allow the user to say `no'
- * or `cancel' to indicate that they do not know the passphrase or
- * have the appropriate token; this should cause the callback to
- * return nonzero indicating error.
- */
-
- void (*logmessage)(void *logstream, const char *message);
- /* A log message will be generated at least every time something goes
- * wrong and an ErrMsgBuf is filled in (or would be if one was
- * provided). Other diagnostic information may be written there too,
- * including more detailed reasons for errors which are reported in an
- * ErrMsgBuf.
- *
- * When a log message is generated, this callback is called. It
- * should write a message to the relevant logging arrangements.
- *
- * The message string passed will be null-terminated and may be of arbitrary
- * length. It will not be prefixed by the time and date, nor by the
- * name of the library that is generating it - if this is required,
- * the logmessage callback must do it. The message will not have a
- * trailing newline (though it may contain internal newlines).
- *
- * If a null pointer is passed for logmessage a default function is
- * used. The default function treats logstream as a FILE* which has
- * been converted to a void*. If logstream is 0 it does nothing.
- * Otherwise it prepends the date and time and library name and
- * writes the message to logstream. Each line will be prefixed by a
- * descriptive string containing the date, time and identity of the
- * crypto plugin. Errors on the logstream are not reported
- * anywhere, and the default function doesn't flush the stream, so
- * the application must set the buffering how it wants it.
- *
- * The crypto plugin may also provide a facility to have copies of
- * log messages sent elsewhere, and or for adjusting the verbosity
- * of the log messages; any such facilities will be configured by
- * external means.
- */
-
-} HWCryptoHook_InitInfo;
-
-typedef
-HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
- size_t initinfosize,
- const HWCryptoHook_ErrMsgBuf *errors,
- HWCryptoHook_CallerContext *cactx);
-extern HWCryptoHook_Init_t HWCryptoHook_Init;
-
-/* Caller should set initinfosize to the size of the HWCryptoHook struct,
- * so it can be extended later.
- *
- * On success, a message for display or logging by the server,
- * including the name and version number of the plugin, will be filled
- * in into *errors; on failure *errors is used for error handling, as
- * usual.
- */
-
-/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
- * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
- * the output MPI buffer(s) was too small; the sizes of all have been
- * set to the desired size (and for those where the buffer was large
- * enough, the value may have been copied in), and no error message
- * has been recorded.
- *
- * You may pass 0 for the errors struct. In any case, unless you set
- * _NoStderr at init time then messages may be reported to stderr.
- */
-
-/* The RSAImmed* functions (and key managed RSA) only work with
- * modules which have an RSA patent licence - currently that means KM
- * units; the ModExp* ones work with all modules, so you need a patent
- * licence in the software in the US. They are otherwise identical.
- */
-
-typedef
-void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
-extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
-/* You must not have any calls going or keys loaded when you call this. */
-
-typedef
-int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
- unsigned char *buf, size_t len,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
-
-typedef
-int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
- HWCryptoHook_MPI a,
- HWCryptoHook_MPI p,
- HWCryptoHook_MPI n,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
-
-typedef
-int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
- HWCryptoHook_MPI m,
- HWCryptoHook_MPI e,
- HWCryptoHook_MPI n,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
-
-typedef
-int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
- HWCryptoHook_MPI a,
- HWCryptoHook_MPI p,
- HWCryptoHook_MPI q,
- HWCryptoHook_MPI dmp1,
- HWCryptoHook_MPI dmq1,
- HWCryptoHook_MPI iqmp,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
-
-typedef
-int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
- HWCryptoHook_MPI m,
- HWCryptoHook_MPI p,
- HWCryptoHook_MPI q,
- HWCryptoHook_MPI dmp1,
- HWCryptoHook_MPI dmq1,
- HWCryptoHook_MPI iqmp,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
-
-/* The RSAImmed* and ModExp* functions may return E_FAILED or
- * E_FALLBACK for failure.
- *
- * E_FAILED means the failure is permanent and definite and there
- * should be no attempt to fall back to software. (Eg, for some
- * applications, which support only the acceleration-only
- * functions, the `key material' may actually be an encoded key
- * identifier, and doing the operation in software would give wrong
- * answers.)
- *
- * E_FALLBACK means that doing the computation in software would seem
- * reasonable. If an application pays attention to this and is
- * able to fall back, it should also set the Fallback init flags.
- */
-
-typedef
-int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
- const char *key_ident,
- HWCryptoHook_RSAKeyHandle *keyhandle_r,
- const HWCryptoHook_ErrMsgBuf *errors,
- HWCryptoHook_PassphraseContext *ppctx);
-extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
-/* The key_ident is a null-terminated string configured by the
- * user via the application's usual configuration mechanisms.
- * It is provided to the user by the crypto provider's key management
- * system. The user must be able to enter at least any string of between
- * 1 and 1023 characters inclusive, consisting of printable 7-bit
- * ASCII characters. The provider should avoid using
- * any characters except alphanumerics and the punctuation
- * characters _ - + . / @ ~ (the user is expected to be able
- * to enter these without quoting). The string may be case-sensitive.
- * The application may allow the user to enter other NULL-terminated strings,
- * and the provider must cope (returning an error if the string is not
- * valid).
- *
- * If the key does not exist, no error is recorded and 0 is returned;
- * keyhandle_r will be set to 0 instead of to a key handle.
- */
-
-typedef
-int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
- HWCryptoHook_MPI *n,
- HWCryptoHook_MPI *e,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
-/* The crypto plugin will not store certificates.
- *
- * Although this function for acquiring the public key value is
- * provided, it is not the purpose of this API to deal fully with the
- * handling of the public key.
- *
- * It is expected that the crypto supplier's key generation program
- * will provide general facilities for producing X.509
- * self-certificates and certificate requests in PEM format. These
- * will be given to the user so that they can configure them in the
- * application, send them to CAs, or whatever.
- *
- * In case this kind of certificate handling is not appropriate, the
- * crypto supplier's key generation program should be able to be
- * configured not to generate such a self-certificate or certificate
- * request. Then the application will need to do all of this, and
- * will need to store and handle the public key and certificates
- * itself.
- */
-
-typedef
-int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
-/* Might fail due to locking problems, or other serious internal problems. */
-
-typedef
-int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
- HWCryptoHook_RSAKeyHandle k,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
-/* RSA private key operation (sign or decrypt) - raw, unpadded. */
-
-#endif /*HWCRYPTOHOOK_H*/
Copied: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hwcryptohook.h (from rev 6976, vendor-crypto/openssl/dist/engines/vendor_defns/hwcryptohook.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hwcryptohook.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/hwcryptohook.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,502 @@
+/*-
+ * ModExp / RSA (with/without KM) plugin API
+ *
+ * The application will load a dynamic library which
+ * exports entrypoint(s) defined in this file.
+ *
+ * This set of entrypoints provides only a multithreaded,
+ * synchronous-within-each-thread, facility.
+ *
+ *
+ * This file is Copyright 1998-2000 nCipher Corporation Limited.
+ *
+ * Redistribution and use in source and binary forms, with opr without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the copyright notice,
+ * this list of conditions, and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions, and the following
+ * disclaimer, in the documentation and/or other materials provided
+ * with the distribution
+ *
+ * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
+ * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
+ * damages arising directly or indirectly from this file, its use or
+ * this licence. Without prejudice to the generality of the
+ * foregoing: all liability shall be excluded for direct, indirect,
+ * special, incidental, consequential or other damages or any loss of
+ * profits, business, revenue goodwill or anticipated savings;
+ * liability shall be excluded even if nCipher or anyone else has been
+ * advised of the possibility of damage. In any event, if the
+ * exclusion of liability is not effective, the liability of nCipher
+ * or any author or distributor shall be limited to the lesser of the
+ * price paid and 1,000 pounds sterling. This licence only fails to
+ * exclude or limit liability for death or personal injury arising out
+ * of negligence, and only to the extent that such an exclusion or
+ * limitation is not effective.
+ *
+ * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
+ * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
+ * limited to, any implied warranties of merchantability, fitness for
+ * a particular purpose, satisfactory quality, and/or non-infringement
+ * of any third party rights.
+ *
+ * US Government use: This software and documentation is Commercial
+ * Computer Software and Computer Software Documentation, as defined in
+ * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
+ * Noncommercial Computer Software and Noncommercial Computer Software
+ * Documentation." Use, duplication or disclosure by the Government is
+ * subject to the terms and conditions specified here.
+ *
+ * By using or distributing this file you will be accepting these
+ * terms and conditions, including the limitation of liability and
+ * lack of warranty. If you do not wish to accept these terms and
+ * conditions, DO NOT USE THE FILE.
+ *
+ *
+ * The actual dynamically loadable plugin, and the library files for
+ * static linking, which are also provided in some distributions, are
+ * not covered by the licence described above. You should have
+ * received a separate licence with terms and conditions for these
+ * library files; if you received the library files without a licence,
+ * please contact nCipher.
+ *
+ *
+ * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
+ */
+
+#ifndef HWCRYPTOHOOK_H
+# define HWCRYPTOHOOK_H
+
+# include <sys/types.h>
+# include <stdio.h>
+
+# ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
+# define HWCRYPTOHOOK_DECLARE_APPTYPES 1
+# endif
+
+# define HWCRYPTOHOOK_ERROR_FAILED -1
+# define HWCRYPTOHOOK_ERROR_FALLBACK -2
+# define HWCRYPTOHOOK_ERROR_MPISIZE -3
+
+# if HWCRYPTOHOOK_DECLARE_APPTYPES
+
+/*-
+ * These structs are defined by the application and opaque to the
+ * crypto plugin. The application may define these as it sees fit.
+ * Default declarations are provided here, but the application may
+ * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
+ * to prevent these declarations, and instead provide its own
+ * declarations of these types. (Pointers to them must still be
+ * ordinary pointers to structs or unions, or the resulting combined
+ * program will have a type inconsistency.)
+ */
+typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
+typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
+typedef struct HWCryptoHook_PassphraseContextValue
+ HWCryptoHook_PassphraseContext;
+typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
+
+# endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
+
+/*-
+ * These next two structs are opaque to the application. The crypto
+ * plugin will return pointers to them; the caller simply manipulates
+ * the pointers.
+ */
+typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
+typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
+
+typedef struct {
+ char *buf;
+ size_t size;
+} HWCryptoHook_ErrMsgBuf;
+/*-
+ * Used for error reporting. When a HWCryptoHook function fails it
+ * will return a sentinel value (0 for pointer-valued functions, or a
+ * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
+ * integer-valued ones). It will, if an ErrMsgBuf is passed, also put
+ * an error message there.
+ *
+ * size is the size of the buffer, and will not be modified. If you
+ * pass 0 for size you must pass 0 for buf, and nothing will be
+ * recorded (just as if you passed 0 for the struct pointer).
+ * Messages written to the buffer will always be null-terminated, even
+ * when truncated to fit within size bytes.
+ *
+ * The contents of the buffer are not defined if there is no error.
+ */
+
+typedef struct HWCryptoHook_MPIStruct {
+ unsigned char *buf;
+ size_t size;
+} HWCryptoHook_MPI;
+/*-
+ * When one of these is returned, a pointer is passed to the function.
+ * At call, size is the space available. Afterwards it is updated to
+ * be set to the actual length (which may be more than the space available,
+ * if there was not enough room and the result was truncated).
+ * buf (the pointer) is not updated.
+ *
+ * size is in bytes and may be zero at call or return, but must be a
+ * multiple of the limb size. Zero limbs at the MS end are not
+ * permitted.
+ */
+
+# define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
+# define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
+/*-
+ * Enable requesting fallback to software in case of problems with the
+ * hardware support. This indicates to the crypto provider that the
+ * application is prepared to fall back to software operation if the
+ * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
+ * Without this flag those calls will never return
+ * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
+ * provider to avoid repeatedly attempting to contact dead hardware
+ * within a short interval, if appropriate.
+ */
+
+# define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
+/*-
+ * Without _SimpleForkCheck the library is allowed to assume that the
+ * application will not fork and call the library in the child(ren).
+ *
+ * When it is specified, this is allowed. However, after a fork
+ * neither parent nor child may unload any loaded keys or call
+ * _Finish. Instead, they should call exit (or die with a signal)
+ * without calling _Finish. After all the children have died the
+ * parent may unload keys or call _Finish.
+ *
+ * This flag only has any effect on UN*X platforms.
+ */
+
+typedef struct {
+ unsigned long flags;
+ void *logstream; /* usually a FILE*. See below. */
+ size_t limbsize; /* bignum format - size of radix type, must
+ * be power of 2 */
+ int mslimbfirst; /* 0 or 1 */
+ int msbytefirst; /* 0 or 1; -1 = native */
+ /*-
+ * All the callback functions should return 0 on success, or a
+ * nonzero integer (whose value will be visible in the error message
+ * put in the buffer passed to the call).
+ *
+ * If a callback is not available pass a null function pointer.
+ *
+ * The callbacks may not call down again into the crypto plugin.
+ */
+ /*-
+ * For thread-safety. Set everything to 0 if you promise only to be
+ * singlethreaded. maxsimultaneous is the number of calls to
+ * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
+ * put there then say 0 and the hook library will use a default.
+ *
+ * maxmutexes is a small limit on the number of simultaneous mutexes
+ * which will be requested by the library. If there is no small
+ * limit, set it to 0. If the crypto plugin cannot create the
+ * advertised number of mutexes the calls to its functions may fail.
+ * If a low number of mutexes is advertised the plugin will try to
+ * do the best it can. Making larger numbers of mutexes available
+ * may improve performance and parallelism by reducing contention
+ * over critical sections. Unavailability of any mutexes, implying
+ * single-threaded operation, should be indicated by the setting
+ * mutex_init et al to 0.
+ */
+ int maxmutexes;
+ int maxsimultaneous;
+ size_t mutexsize;
+ int (*mutex_init) (HWCryptoHook_Mutex *,
+ HWCryptoHook_CallerContext * cactx);
+ int (*mutex_acquire) (HWCryptoHook_Mutex *);
+ void (*mutex_release) (HWCryptoHook_Mutex *);
+ void (*mutex_destroy) (HWCryptoHook_Mutex *);
+ /*-
+ * For greater efficiency, can use condition vars internally for
+ * synchronisation. In this case maxsimultaneous is ignored, but
+ * the other mutex stuff must be available. In singlethreaded
+ * programs, set everything to 0.
+ */
+ size_t condvarsize;
+ int (*condvar_init) (HWCryptoHook_CondVar *,
+ HWCryptoHook_CallerContext * cactx);
+ int (*condvar_wait) (HWCryptoHook_CondVar *, HWCryptoHook_Mutex *);
+ void (*condvar_signal) (HWCryptoHook_CondVar *);
+ void (*condvar_broadcast) (HWCryptoHook_CondVar *);
+ void (*condvar_destroy) (HWCryptoHook_CondVar *);
+ /*-
+ * The semantics of acquiring and releasing mutexes and broadcasting
+ * and waiting on condition variables are expected to be those from
+ * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
+ * fast mutexes, recursive mutexes, or nonrecursive ones.
+ *
+ * The _release/_signal/_broadcast and _destroy functions must
+ * always succeed when given a valid argument; if they are given an
+ * invalid argument then the program (crypto plugin + application)
+ * has an internal error, and they should abort the program.
+ */
+ int (*getpassphrase) (const char *prompt_info,
+ int *len_io, char *buf,
+ HWCryptoHook_PassphraseContext * ppctx,
+ HWCryptoHook_CallerContext * cactx);
+ /*-
+ * Passphrases and the prompt_info, if they contain high-bit-set
+ * characters, are UTF-8. The prompt_info may be a null pointer if
+ * no prompt information is available (it should not be an empty
+ * string). It will not contain text like `enter passphrase';
+ * instead it might say something like `Operator Card for John
+ * Smith' or `SmartCard in nFast Module #1, Slot #1'.
+ *
+ * buf points to a buffer in which to return the passphrase; on
+ * entry *len_io is the length of the buffer. It should be updated
+ * by the callback. The returned passphrase should not be
+ * null-terminated by the callback.
+ */
+ int (*getphystoken) (const char *prompt_info,
+ const char *wrong_info,
+ HWCryptoHook_PassphraseContext * ppctx,
+ HWCryptoHook_CallerContext * cactx);
+ /*-
+ * Requests that the human user physically insert a different
+ * smartcard, DataKey, etc. The plugin should check whether the
+ * currently inserted token(s) are appropriate, and if they are it
+ * should not make this call.
+ *
+ * prompt_info is as before. wrong_info is a description of the
+ * currently inserted token(s) so that the user is told what
+ * something is. wrong_info, like prompt_info, may be null, but
+ * should not be an empty string. Its contents should be
+ * syntactically similar to that of prompt_info.
+ */
+ /*-
+ * Note that a single LoadKey operation might cause several calls to
+ * getpassphrase and/or requestphystoken. If requestphystoken is
+ * not provided (ie, a null pointer is passed) then the plugin may
+ * not support loading keys for which authorisation by several cards
+ * is required. If getpassphrase is not provided then cards with
+ * passphrases may not be supported.
+ *
+ * getpassphrase and getphystoken do not need to check that the
+ * passphrase has been entered correctly or the correct token
+ * inserted; the crypto plugin will do that. If this is not the
+ * case then the crypto plugin is responsible for calling these
+ * routines again as appropriate until the correct token(s) and
+ * passphrase(s) are supplied as required, or until any retry limits
+ * implemented by the crypto plugin are reached.
+ *
+ * In either case, the application must allow the user to say `no'
+ * or `cancel' to indicate that they do not know the passphrase or
+ * have the appropriate token; this should cause the callback to
+ * return nonzero indicating error.
+ */
+ void (*logmessage) (void *logstream, const char *message);
+ /*-
+ * A log message will be generated at least every time something goes
+ * wrong and an ErrMsgBuf is filled in (or would be if one was
+ * provided). Other diagnostic information may be written there too,
+ * including more detailed reasons for errors which are reported in an
+ * ErrMsgBuf.
+ *
+ * When a log message is generated, this callback is called. It
+ * should write a message to the relevant logging arrangements.
+ *
+ * The message string passed will be null-terminated and may be of arbitrary
+ * length. It will not be prefixed by the time and date, nor by the
+ * name of the library that is generating it - if this is required,
+ * the logmessage callback must do it. The message will not have a
+ * trailing newline (though it may contain internal newlines).
+ *
+ * If a null pointer is passed for logmessage a default function is
+ * used. The default function treats logstream as a FILE* which has
+ * been converted to a void*. If logstream is 0 it does nothing.
+ * Otherwise it prepends the date and time and library name and
+ * writes the message to logstream. Each line will be prefixed by a
+ * descriptive string containing the date, time and identity of the
+ * crypto plugin. Errors on the logstream are not reported
+ * anywhere, and the default function doesn't flush the stream, so
+ * the application must set the buffering how it wants it.
+ *
+ * The crypto plugin may also provide a facility to have copies of
+ * log messages sent elsewhere, and or for adjusting the verbosity
+ * of the log messages; any such facilities will be configured by
+ * external means.
+ */
+} HWCryptoHook_InitInfo;
+
+typedef
+HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *
+ initinfo, size_t initinfosize,
+ const HWCryptoHook_ErrMsgBuf *
+ errors,
+ HWCryptoHook_CallerContext *
+ cactx);
+extern HWCryptoHook_Init_t HWCryptoHook_Init;
+
+/*-
+ * Caller should set initinfosize to the size of the HWCryptoHook struct,
+ * so it can be extended later.
+ *
+ * On success, a message for display or logging by the server,
+ * including the name and version number of the plugin, will be filled
+ * in into *errors; on failure *errors is used for error handling, as
+ * usual.
+ */
+
+/*-
+ * All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
+ * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
+ * the output MPI buffer(s) was too small; the sizes of all have been
+ * set to the desired size (and for those where the buffer was large
+ * enough, the value may have been copied in), and no error message
+ * has been recorded.
+ *
+ * You may pass 0 for the errors struct. In any case, unless you set
+ * _NoStderr at init time then messages may be reported to stderr.
+ */
+
+/*-
+ * The RSAImmed* functions (and key managed RSA) only work with
+ * modules which have an RSA patent licence - currently that means KM
+ * units; the ModExp* ones work with all modules, so you need a patent
+ * licence in the software in the US. They are otherwise identical.
+ */
+
+typedef
+void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
+extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
+/* You must not have any calls going or keys loaded when you call this. */
+
+typedef
+int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
+ unsigned char *buf, size_t len,
+ const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
+
+typedef
+int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
+ HWCryptoHook_MPI a,
+ HWCryptoHook_MPI p,
+ HWCryptoHook_MPI n,
+ HWCryptoHook_MPI * r,
+ const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
+
+typedef
+int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
+ HWCryptoHook_MPI m,
+ HWCryptoHook_MPI e,
+ HWCryptoHook_MPI n,
+ HWCryptoHook_MPI * r,
+ const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
+
+typedef
+int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
+ HWCryptoHook_MPI a,
+ HWCryptoHook_MPI p,
+ HWCryptoHook_MPI q,
+ HWCryptoHook_MPI dmp1,
+ HWCryptoHook_MPI dmq1,
+ HWCryptoHook_MPI iqmp,
+ HWCryptoHook_MPI * r,
+ const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
+
+typedef
+int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
+ HWCryptoHook_MPI m,
+ HWCryptoHook_MPI p,
+ HWCryptoHook_MPI q,
+ HWCryptoHook_MPI dmp1,
+ HWCryptoHook_MPI dmq1,
+ HWCryptoHook_MPI iqmp,
+ HWCryptoHook_MPI * r,
+ const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
+
+/*-
+ * The RSAImmed* and ModExp* functions may return E_FAILED or
+ * E_FALLBACK for failure.
+ *
+ * E_FAILED means the failure is permanent and definite and there
+ * should be no attempt to fall back to software. (Eg, for some
+ * applications, which support only the acceleration-only
+ * functions, the `key material' may actually be an encoded key
+ * identifier, and doing the operation in software would give wrong
+ * answers.)
+ *
+ * E_FALLBACK means that doing the computation in software would seem
+ * reasonable. If an application pays attention to this and is
+ * able to fall back, it should also set the Fallback init flags.
+ */
+
+typedef
+int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
+ const char *key_ident,
+ HWCryptoHook_RSAKeyHandle * keyhandle_r,
+ const HWCryptoHook_ErrMsgBuf * errors,
+ HWCryptoHook_PassphraseContext * ppctx);
+extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
+/*-
+ * The key_ident is a null-terminated string configured by the
+ * user via the application's usual configuration mechanisms.
+ * It is provided to the user by the crypto provider's key management
+ * system. The user must be able to enter at least any string of between
+ * 1 and 1023 characters inclusive, consisting of printable 7-bit
+ * ASCII characters. The provider should avoid using
+ * any characters except alphanumerics and the punctuation
+ * characters _ - + . / @ ~ (the user is expected to be able
+ * to enter these without quoting). The string may be case-sensitive.
+ * The application may allow the user to enter other NULL-terminated strings,
+ * and the provider must cope (returning an error if the string is not
+ * valid).
+ *
+ * If the key does not exist, no error is recorded and 0 is returned;
+ * keyhandle_r will be set to 0 instead of to a key handle.
+ */
+
+typedef
+int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
+ HWCryptoHook_MPI * n,
+ HWCryptoHook_MPI * e,
+ const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
+/*-
+ * The crypto plugin will not store certificates.
+ *
+ * Although this function for acquiring the public key value is
+ * provided, it is not the purpose of this API to deal fully with the
+ * handling of the public key.
+ *
+ * It is expected that the crypto supplier's key generation program
+ * will provide general facilities for producing X.509
+ * self-certificates and certificate requests in PEM format. These
+ * will be given to the user so that they can configure them in the
+ * application, send them to CAs, or whatever.
+ *
+ * In case this kind of certificate handling is not appropriate, the
+ * crypto supplier's key generation program should be able to be
+ * configured not to generate such a self-certificate or certificate
+ * request. Then the application will need to do all of this, and
+ * will need to store and handle the public key and certificates
+ * itself.
+ */
+
+typedef
+int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
+ const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
+/* Might fail due to locking problems, or other serious internal problems. */
+
+typedef
+int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
+ HWCryptoHook_RSAKeyHandle k,
+ HWCryptoHook_MPI * r,
+ const HWCryptoHook_ErrMsgBuf * errors);
+extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
+/* RSA private key operation (sign or decrypt) - raw, unpadded. */
+
+#endif /* HWCRYPTOHOOK_H */
Deleted: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/sureware.h
===================================================================
--- vendor-crypto/openssl/dist/engines/vendor_defns/sureware.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/sureware.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,239 +0,0 @@
-/*
-* Written by Corinne Dive-Reclus(cdive at baltimore.com)
-*
-* Copyright at 2001 Baltimore Technologies Ltd.
-* *
-* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
-* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
-* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
-* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
-* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
-* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
-* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
-* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
-* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
-* SUCH DAMAGE. *
-*
-*
-*/
-#ifdef WIN32
-#define SW_EXPORT __declspec ( dllexport )
-#else
-#define SW_EXPORT
-#endif
-
-/*
-* List of exposed SureWare errors
-*/
-#define SUREWAREHOOK_ERROR_FAILED -1
-#define SUREWAREHOOK_ERROR_FALLBACK -2
-#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
-#define SUREWAREHOOK_ERROR_DATA_SIZE -4
-#define SUREWAREHOOK_ERROR_INVALID_PAD -5
-/*
-* -----------------WARNING-----------------------------------
-* In all the following functions:
-* msg is a string with at least 24 bytes free.
-* A 24 bytes string will be concatenated to the existing content of msg.
-*/
-/*
-* SureWare Initialisation function
-* in param threadsafe, if !=0, thread safe enabled
-* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
-*/
-typedef int SureWareHook_Init_t(char*const msg,int threadsafe);
-extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
-/*
-* SureWare Finish function
-*/
-typedef void SureWareHook_Finish_t(void);
-extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
-/*
-* PRE_CONDITION:
-* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
-*/
-/*
-* SureWare RAND Bytes function
-* In case of failure, the content of buf is unpredictable.
-* return 1 if success
-* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-* in/out param buf : a num bytes long buffer where random bytes will be put
-* in param num : the number of bytes into buf
-*/
-typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);
-extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
-
-/*
-* SureWare RAND Seed function
-* Adds some seed to the Hardware Random Number Generator
-* return 1 if success
-* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-* in param buf : the seed to add into the HRNG
-* in param num : the number of bytes into buf
-*/
-typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);
-extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
-
-/*
-* SureWare Load Private Key function
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* No hardware is contact for this function.
-*
-* in param key_id :the name of the private protected key file without the extension
- ".sws"
-* out param hptr : a pointer to a buffer allocated by SureWare_Hook
-* out param num: the effective key length in bytes
-* out param keytype: 1 if RSA 2 if DSA
-*/
-typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);
-extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
-
-/*
-* SureWare Info Public Key function
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* No hardware is contact for this function.
-*
-* in param key_id :the name of the private protected key file without the extension
- ".swp"
-* out param hptr : a pointer to a buffer allocated by SureWare_Hook
-* out param num: the effective key length in bytes
-* out param keytype: 1 if RSA 2 if DSA
-*/
-typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num,
- char *keytype);
-extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
-
-/*
-* SureWare Load Public Key function
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* No hardware is contact for this function.
-*
-* in param key_id :the name of the public protected key file without the extension
- ".swp"
-* in param num : the bytes size of n and e
-* out param n: where to write modulus in bn format
-* out param e: where to write exponent in bn format
-*/
-typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
- unsigned long *n, unsigned long *e);
-extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
-
-/*
-* SureWare Load DSA Public Key function
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* No hardware is contact for this function.
-*
-* in param key_id :the name of the public protected key file without the extension
- ".swp"
-* in param num : the bytes size of n and e
-* out param pub: where to write pub key in bn format
-* out param p: where to write prime in bn format
-* out param q: where to write sunprime (length 20 bytes) in bn format
-* out param g: where to write base in bn format
-*/
-typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
- unsigned long *pub, unsigned long *p,unsigned long*q,
- unsigned long *g);
-extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
-
-/*
-* SureWare Free function
-* Destroy the key into the hardware if destroy==1
-*/
-typedef void SureWareHook_Free_t(char *p,int destroy);
-extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
-
-#define SUREWARE_PKCS1_PAD 1
-#define SUREWARE_ISO9796_PAD 2
-#define SUREWARE_NO_PAD 0
-/*
-* SureWare RSA Private Decryption
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-* in param flen : byte size of from and to
-* in param from : encrypted data buffer, should be a not-null valid pointer
-* out param tlen: byte size of decrypted data, if error, unexpected value
-* out param to : decrypted data buffer, should be a not-null valid pointer
-* in param prsa: a protected key pointer, should be a not-null valid pointer
-* int padding: padding id as follow
-* SUREWARE_PKCS1_PAD
-* SUREWARE_NO_PAD
-*
-*/
-typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from,
- int *tlen,unsigned char *to,
- char *prsa,int padding);
-extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
-/*
-* SureWare RSA Signature
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-* in param flen : byte size of from and to
-* in param from : encrypted data buffer, should be a not-null valid pointer
-* out param tlen: byte size of decrypted data, if error, unexpected value
-* out param to : decrypted data buffer, should be a not-null valid pointer
-* in param prsa: a protected key pointer, should be a not-null valid pointer
-* int padding: padding id as follow
-* SUREWARE_PKCS1_PAD
-* SUREWARE_ISO9796_PAD
-*
-*/
-typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from,
- int *tlen,unsigned char *to,
- char *prsa,int padding);
-extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
-/*
-* SureWare DSA Signature
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-* in param flen : byte size of from and to
-* in param from : encrypted data buffer, should be a not-null valid pointer
-* out param to : decrypted data buffer, should be a 40bytes valid pointer
-* in param pdsa: a protected key pointer, should be a not-null valid pointer
-*
-*/
-typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from,
- unsigned long *r,unsigned long *s,char *pdsa);
-extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
-
-
-/*
-* SureWare Mod Exp
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-* mod and res are mlen bytes long.
-* exp is elen bytes long
-* data is dlen bytes long
-* mlen,elen and dlen are all multiple of sizeof(unsigned long)
-*/
-typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod,
- int elen,const unsigned long *exponent,
- int dlen,unsigned long *data,
- unsigned long *res);
-extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
-
Copied: vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/sureware.h (from rev 6976, vendor-crypto/openssl/dist/engines/vendor_defns/sureware.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/sureware.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/engines/vendor_defns/sureware.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,250 @@
+/*-
+ * Written by Corinne Dive-Reclus(cdive at baltimore.com)
+ *
+ * Copyright at 2001 Baltimore Technologies Ltd.
+ *
+ * THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifdef WIN32
+# define SW_EXPORT __declspec ( dllexport )
+#else
+# define SW_EXPORT
+#endif
+
+/*
+ * List of exposed SureWare errors
+ */
+#define SUREWAREHOOK_ERROR_FAILED -1
+#define SUREWAREHOOK_ERROR_FALLBACK -2
+#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
+#define SUREWAREHOOK_ERROR_DATA_SIZE -4
+#define SUREWAREHOOK_ERROR_INVALID_PAD -5
+/*-
+* -----------------WARNING-----------------------------------
+* In all the following functions:
+* msg is a string with at least 24 bytes free.
+* A 24 bytes string will be concatenated to the existing content of msg.
+*/
+/*-
+* SureWare Initialisation function
+* in param threadsafe, if !=0, thread safe enabled
+* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
+*/
+typedef int SureWareHook_Init_t(char *const msg, int threadsafe);
+extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
+/*-
+* SureWare Finish function
+*/
+typedef void SureWareHook_Finish_t(void);
+extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
+/*-
+* PRE_CONDITION:
+* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
+*/
+/*-
+* SureWare RAND Bytes function
+* In case of failure, the content of buf is unpredictable.
+* return 1 if success
+* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
+* SureWareHOOK_ERROR_FAILED if error while processing
+* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+* in/out param buf : a num bytes long buffer where random bytes will be put
+* in param num : the number of bytes into buf
+*/
+typedef int SureWareHook_Rand_Bytes_t(char *const msg, unsigned char *buf,
+ int num);
+extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
+
+/*-
+* SureWare RAND Seed function
+* Adds some seed to the Hardware Random Number Generator
+* return 1 if success
+* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
+* SureWareHOOK_ERROR_FAILED if error while processing
+* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+* in param buf : the seed to add into the HRNG
+* in param num : the number of bytes into buf
+*/
+typedef int SureWareHook_Rand_Seed_t(char *const msg, const void *buf,
+ int num);
+extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
+
+/*-
+* SureWare Load Private Key function
+* return 1 if success
+* SureWareHOOK_ERROR_FAILED if error while processing
+* No hardware is contact for this function.
+*
+* in param key_id :the name of the private protected key file without the extension
+ ".sws"
+* out param hptr : a pointer to a buffer allocated by SureWare_Hook
+* out param num: the effective key length in bytes
+* out param keytype: 1 if RSA 2 if DSA
+*/
+typedef int SureWareHook_Load_Privkey_t(char *const msg, const char *key_id,
+ char **hptr, unsigned long *num,
+ char *keytype);
+extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
+
+/*-
+* SureWare Info Public Key function
+* return 1 if success
+* SureWareHOOK_ERROR_FAILED if error while processing
+* No hardware is contact for this function.
+*
+* in param key_id :the name of the private protected key file without the extension
+ ".swp"
+* out param hptr : a pointer to a buffer allocated by SureWare_Hook
+* out param num: the effective key length in bytes
+* out param keytype: 1 if RSA 2 if DSA
+*/
+typedef int SureWareHook_Info_Pubkey_t(char *const msg, const char *key_id,
+ unsigned long *num, char *keytype);
+extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
+
+/*-
+* SureWare Load Public Key function
+* return 1 if success
+* SureWareHOOK_ERROR_FAILED if error while processing
+* No hardware is contact for this function.
+*
+* in param key_id :the name of the public protected key file without the extension
+ ".swp"
+* in param num : the bytes size of n and e
+* out param n: where to write modulus in bn format
+* out param e: where to write exponent in bn format
+*/
+typedef int SureWareHook_Load_Rsa_Pubkey_t(char *const msg,
+ const char *key_id,
+ unsigned long num,
+ unsigned long *n,
+ unsigned long *e);
+extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
+
+/*-
+* SureWare Load DSA Public Key function
+* return 1 if success
+* SureWareHOOK_ERROR_FAILED if error while processing
+* No hardware is contact for this function.
+*
+* in param key_id :the name of the public protected key file without the extension
+ ".swp"
+* in param num : the bytes size of n and e
+* out param pub: where to write pub key in bn format
+* out param p: where to write prime in bn format
+* out param q: where to write sunprime (length 20 bytes) in bn format
+* out param g: where to write base in bn format
+*/
+typedef int SureWareHook_Load_Dsa_Pubkey_t(char *const msg,
+ const char *key_id,
+ unsigned long num,
+ unsigned long *pub,
+ unsigned long *p, unsigned long *q,
+ unsigned long *g);
+extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
+
+/*-
+* SureWare Free function
+* Destroy the key into the hardware if destroy==1
+*/
+typedef void SureWareHook_Free_t(char *p, int destroy);
+extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
+
+#define SUREWARE_PKCS1_PAD 1
+#define SUREWARE_ISO9796_PAD 2
+#define SUREWARE_NO_PAD 0
+/*-
+* SureWare RSA Private Decryption
+* return 1 if success
+* SureWareHOOK_ERROR_FAILED if error while processing
+* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+* in param flen : byte size of from and to
+* in param from : encrypted data buffer, should be a not-null valid pointer
+* out param tlen: byte size of decrypted data, if error, unexpected value
+* out param to : decrypted data buffer, should be a not-null valid pointer
+* in param prsa: a protected key pointer, should be a not-null valid pointer
+* int padding: padding id as follow
+* SUREWARE_PKCS1_PAD
+* SUREWARE_NO_PAD
+*
+*/
+typedef int SureWareHook_Rsa_Priv_Dec_t(char *const msg, int flen,
+ unsigned char *from, int *tlen,
+ unsigned char *to, char *prsa,
+ int padding);
+extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
+/*-
+* SureWare RSA Signature
+* return 1 if success
+* SureWareHOOK_ERROR_FAILED if error while processing
+* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+* in param flen : byte size of from and to
+* in param from : encrypted data buffer, should be a not-null valid pointer
+* out param tlen: byte size of decrypted data, if error, unexpected value
+* out param to : decrypted data buffer, should be a not-null valid pointer
+* in param prsa: a protected key pointer, should be a not-null valid pointer
+* int padding: padding id as follow
+* SUREWARE_PKCS1_PAD
+* SUREWARE_ISO9796_PAD
+*
+*/
+typedef int SureWareHook_Rsa_Sign_t(char *const msg, int flen,
+ unsigned char *from, int *tlen,
+ unsigned char *to, char *prsa,
+ int padding);
+extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
+/*-
+* SureWare DSA Signature
+* return 1 if success
+* SureWareHOOK_ERROR_FAILED if error while processing
+* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+* in param flen : byte size of from and to
+* in param from : encrypted data buffer, should be a not-null valid pointer
+* out param to : decrypted data buffer, should be a 40bytes valid pointer
+* in param pdsa: a protected key pointer, should be a not-null valid pointer
+*
+*/
+typedef int SureWareHook_Dsa_Sign_t(char *const msg, int flen,
+ const unsigned char *from,
+ unsigned long *r, unsigned long *s,
+ char *pdsa);
+extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
+
+/*-
+* SureWare Mod Exp
+* return 1 if success
+* SureWareHOOK_ERROR_FAILED if error while processing
+* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+* mod and res are mlen bytes long.
+* exp is elen bytes long
+* data is dlen bytes long
+* mlen,elen and dlen are all multiple of sizeof(unsigned long)
+*/
+typedef int SureWareHook_Mod_Exp_t(char *const msg, int mlen,
+ const unsigned long *mod, int elen,
+ const unsigned long *exponent, int dlen,
+ unsigned long *data, unsigned long *res);
+extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
Deleted: vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aes_selftest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/aes/fips_aes_selftest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aes_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,101 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/evp.h>
-
-#ifdef OPENSSL_FIPS
-static struct
- {
- unsigned char key[16];
- unsigned char plaintext[16];
- unsigned char ciphertext[16];
- } tests[]=
- {
- {
- { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
- { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
- 0x88,0x99,0xAA,0xBB,0xCC,0xDD,0xEE,0xFF },
- { 0x69,0xC4,0xE0,0xD8,0x6A,0x7B,0x04,0x30,
- 0xD8,0xCD,0xB7,0x80,0x70,0xB4,0xC5,0x5A },
- },
- };
-
-void FIPS_corrupt_aes()
- {
- tests[0].key[0]++;
- }
-
-int FIPS_selftest_aes()
- {
- int n;
- int ret = 0;
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
-
- for(n=0 ; n < 1 ; ++n)
- {
- if (fips_cipher_test(&ctx, EVP_aes_128_ecb(),
- tests[n].key, NULL,
- tests[n].plaintext,
- tests[n].ciphertext,
- 16) <= 0)
- goto err;
- }
- ret = 1;
- err:
- EVP_CIPHER_CTX_cleanup(&ctx);
- if (ret == 0)
- FIPSerr(FIPS_F_FIPS_SELFTEST_AES,FIPS_R_SELFTEST_FAILED);
- return ret;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aes_selftest.c (from rev 6976, vendor-crypto/openssl/dist/fips/aes/fips_aes_selftest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aes_selftest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aes_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/evp.h>
+
+#ifdef OPENSSL_FIPS
+static struct {
+ unsigned char key[16];
+ unsigned char plaintext[16];
+ unsigned char ciphertext[16];
+} tests[] = {
+ {
+ {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A,
+ 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+ }, {
+ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA,
+ 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
+ }, {
+ 0x69, 0xC4, 0xE0, 0xD8, 0x6A, 0x7B, 0x04, 0x30, 0xD8, 0xCD, 0xB7,
+ 0x80, 0x70, 0xB4, 0xC5, 0x5A
+ },
+ },
+};
+
+void FIPS_corrupt_aes()
+{
+ tests[0].key[0]++;
+}
+
+int FIPS_selftest_aes()
+{
+ int n;
+ int ret = 0;
+ EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX_init(&ctx);
+
+ for (n = 0; n < 1; ++n) {
+ if (fips_cipher_test(&ctx, EVP_aes_128_ecb(),
+ tests[n].key, NULL,
+ tests[n].plaintext,
+ tests[n].ciphertext, 16) <= 0)
+ goto err;
+ }
+ ret = 1;
+ err:
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ if (ret == 0)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_AES, FIPS_R_SELFTEST_FAILED);
+ return ret;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aesavs.c
===================================================================
--- vendor-crypto/openssl/dist/fips/aes/fips_aesavs.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aesavs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,939 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-/*---------------------------------------------
- NIST AES Algorithm Validation Suite
- Test Program
-
- Donated to OpenSSL by:
- V-ONE Corporation
- 20250 Century Blvd, Suite 300
- Germantown, MD 20874
- U.S.A.
- ----------------------------------------------*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <assert.h>
-#include <ctype.h>
-#include <openssl/aes.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#include <openssl/err.h>
-#include "e_os.h"
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS AES support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/fips.h>
-#include "fips_utl.h"
-
-#define AES_BLOCK_SIZE 16
-
-#define VERBOSE 0
-
-/*-----------------------------------------------*/
-
-static int AESTest(EVP_CIPHER_CTX *ctx,
- char *amode, int akeysz, unsigned char *aKey,
- unsigned char *iVec,
- int dir, /* 0 = decrypt, 1 = encrypt */
- unsigned char *plaintext, unsigned char *ciphertext, int len)
- {
- const EVP_CIPHER *cipher = NULL;
-
- if (strcasecmp(amode, "CBC") == 0)
- {
- switch (akeysz)
- {
- case 128:
- cipher = EVP_aes_128_cbc();
- break;
-
- case 192:
- cipher = EVP_aes_192_cbc();
- break;
-
- case 256:
- cipher = EVP_aes_256_cbc();
- break;
- }
-
- }
- else if (strcasecmp(amode, "ECB") == 0)
- {
- switch (akeysz)
- {
- case 128:
- cipher = EVP_aes_128_ecb();
- break;
-
- case 192:
- cipher = EVP_aes_192_ecb();
- break;
-
- case 256:
- cipher = EVP_aes_256_ecb();
- break;
- }
- }
- else if (strcasecmp(amode, "CFB128") == 0)
- {
- switch (akeysz)
- {
- case 128:
- cipher = EVP_aes_128_cfb128();
- break;
-
- case 192:
- cipher = EVP_aes_192_cfb128();
- break;
-
- case 256:
- cipher = EVP_aes_256_cfb128();
- break;
- }
-
- }
- else if (strncasecmp(amode, "OFB", 3) == 0)
- {
- switch (akeysz)
- {
- case 128:
- cipher = EVP_aes_128_ofb();
- break;
-
- case 192:
- cipher = EVP_aes_192_ofb();
- break;
-
- case 256:
- cipher = EVP_aes_256_ofb();
- break;
- }
- }
- else if(!strcasecmp(amode,"CFB1"))
- {
- switch (akeysz)
- {
- case 128:
- cipher = EVP_aes_128_cfb1();
- break;
-
- case 192:
- cipher = EVP_aes_192_cfb1();
- break;
-
- case 256:
- cipher = EVP_aes_256_cfb1();
- break;
- }
- }
- else if(!strcasecmp(amode,"CFB8"))
- {
- switch (akeysz)
- {
- case 128:
- cipher = EVP_aes_128_cfb8();
- break;
-
- case 192:
- cipher = EVP_aes_192_cfb8();
- break;
-
- case 256:
- cipher = EVP_aes_256_cfb8();
- break;
- }
- }
- else
- {
- printf("Unknown mode: %s\n", amode);
- return 0;
- }
- if (!cipher)
- {
- printf("Invalid key size: %d\n", akeysz);
- return 0;
- }
- if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
- return 0;
- if(!strcasecmp(amode,"CFB1"))
- M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
- if (dir)
- EVP_Cipher(ctx, ciphertext, plaintext, len);
- else
- EVP_Cipher(ctx, plaintext, ciphertext, len);
- return 1;
- }
-
-/*-----------------------------------------------*/
-char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
-char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB128"};
-enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB128};
-enum XCrypt {XDECRYPT, XENCRYPT};
-
-/*=============================*/
-/* Monte Carlo Tests */
-/*-----------------------------*/
-
-/*#define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)*/
-/*#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) << ((b)%8)))*/
-
-#define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
-#define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
-
-static int do_mct(char *amode,
- int akeysz, unsigned char *aKey,unsigned char *iVec,
- int dir, unsigned char *text, int len,
- FILE *rfp)
- {
- int ret = 0;
- unsigned char key[101][32];
- unsigned char iv[101][AES_BLOCK_SIZE];
- unsigned char ptext[1001][32];
- unsigned char ctext[1001][32];
- unsigned char ciphertext[64+4];
- int i, j, n, n1, n2;
- int imode = 0, nkeysz = akeysz/8;
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
-
- if (len > 32)
- {
- printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n",
- amode, akeysz);
- return -1;
- }
- for (imode = 0; imode < 6; ++imode)
- if (strcmp(amode, t_mode[imode]) == 0)
- break;
- if (imode == 6)
- {
- printf("Unrecognized mode: %s\n", amode);
- return -1;
- }
-
- memcpy(key[0], aKey, nkeysz);
- if (iVec)
- memcpy(iv[0], iVec, AES_BLOCK_SIZE);
- if (dir == XENCRYPT)
- memcpy(ptext[0], text, len);
- else
- memcpy(ctext[0], text, len);
- for (i = 0; i < 100; ++i)
- {
- /* printf("Iteration %d\n", i); */
- if (i > 0)
- {
- fprintf(rfp,"COUNT = %d\n",i);
- OutputValue("KEY",key[i],nkeysz,rfp,0);
- if (imode != ECB) /* ECB */
- OutputValue("IV",iv[i],AES_BLOCK_SIZE,rfp,0);
- /* Output Ciphertext | Plaintext */
- OutputValue(t_tag[dir^1],dir ? ptext[0] : ctext[0],len,rfp,
- imode == CFB1);
- }
- for (j = 0; j < 1000; ++j)
- {
- switch (imode)
- {
- case ECB:
- if (j == 0)
- { /* set up encryption */
- ret = AESTest(&ctx, amode, akeysz, key[i], NULL,
- dir, /* 0 = decrypt, 1 = encrypt */
- ptext[j], ctext[j], len);
- if (dir == XENCRYPT)
- memcpy(ptext[j+1], ctext[j], len);
- else
- memcpy(ctext[j+1], ptext[j], len);
- }
- else
- {
- if (dir == XENCRYPT)
- {
- EVP_Cipher(&ctx, ctext[j], ptext[j], len);
- memcpy(ptext[j+1], ctext[j], len);
- }
- else
- {
- EVP_Cipher(&ctx, ptext[j], ctext[j], len);
- memcpy(ctext[j+1], ptext[j], len);
- }
- }
- break;
-
- case CBC:
- case OFB:
- case CFB128:
- if (j == 0)
- {
- ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
- dir, /* 0 = decrypt, 1 = encrypt */
- ptext[j], ctext[j], len);
- if (dir == XENCRYPT)
- memcpy(ptext[j+1], iv[i], len);
- else
- memcpy(ctext[j+1], iv[i], len);
- }
- else
- {
- if (dir == XENCRYPT)
- {
- EVP_Cipher(&ctx, ctext[j], ptext[j], len);
- memcpy(ptext[j+1], ctext[j-1], len);
- }
- else
- {
- EVP_Cipher(&ctx, ptext[j], ctext[j], len);
- memcpy(ctext[j+1], ptext[j-1], len);
- }
- }
- break;
-
- case CFB8:
- if (j == 0)
- {
- ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
- dir, /* 0 = decrypt, 1 = encrypt */
- ptext[j], ctext[j], len);
- }
- else
- {
- if (dir == XENCRYPT)
- EVP_Cipher(&ctx, ctext[j], ptext[j], len);
- else
- EVP_Cipher(&ctx, ptext[j], ctext[j], len);
- }
- if (dir == XENCRYPT)
- {
- if (j < 16)
- memcpy(ptext[j+1], &iv[i][j], len);
- else
- memcpy(ptext[j+1], ctext[j-16], len);
- }
- else
- {
- if (j < 16)
- memcpy(ctext[j+1], &iv[i][j], len);
- else
- memcpy(ctext[j+1], ptext[j-16], len);
- }
- break;
-
- case CFB1:
- if(j == 0)
- {
-#if 0
- /* compensate for wrong endianness of input file */
- if(i == 0)
- ptext[0][0]<<=7;
-#endif
- ret = AESTest(&ctx,amode,akeysz,key[i],iv[i],dir,
- ptext[j], ctext[j], len);
- }
- else
- {
- if (dir == XENCRYPT)
- EVP_Cipher(&ctx, ctext[j], ptext[j], len);
- else
- EVP_Cipher(&ctx, ptext[j], ctext[j], len);
-
- }
- if(dir == XENCRYPT)
- {
- if(j < 128)
- sb(ptext[j+1],0,gb(iv[i],j));
- else
- sb(ptext[j+1],0,gb(ctext[j-128],0));
- }
- else
- {
- if(j < 128)
- sb(ctext[j+1],0,gb(iv[i],j));
- else
- sb(ctext[j+1],0,gb(ptext[j-128],0));
- }
- break;
- }
- }
- --j; /* reset to last of range */
- /* Output Ciphertext | Plaintext */
- OutputValue(t_tag[dir],dir ? ctext[j] : ptext[j],len,rfp,
- imode == CFB1);
- fprintf(rfp, "\n"); /* add separator */
-
- /* Compute next KEY */
- if (dir == XENCRYPT)
- {
- if (imode == CFB8)
- { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
- for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
- ciphertext[n1] = ctext[j-n2][0];
- }
- else if(imode == CFB1)
- {
- for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
- sb(ciphertext,n1,gb(ctext[j-n2],0));
- }
- else
- switch (akeysz)
- {
- case 128:
- memcpy(ciphertext, ctext[j], 16);
- break;
- case 192:
- memcpy(ciphertext, ctext[j-1]+8, 8);
- memcpy(ciphertext+8, ctext[j], 16);
- break;
- case 256:
- memcpy(ciphertext, ctext[j-1], 16);
- memcpy(ciphertext+16, ctext[j], 16);
- break;
- }
- }
- else
- {
- if (imode == CFB8)
- { /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
- for (n1 = 0, n2 = nkeysz-1; n1 < nkeysz; ++n1, --n2)
- ciphertext[n1] = ptext[j-n2][0];
- }
- else if(imode == CFB1)
- {
- for(n1=0,n2=akeysz-1 ; n1 < akeysz ; ++n1,--n2)
- sb(ciphertext,n1,gb(ptext[j-n2],0));
- }
- else
- switch (akeysz)
- {
- case 128:
- memcpy(ciphertext, ptext[j], 16);
- break;
- case 192:
- memcpy(ciphertext, ptext[j-1]+8, 8);
- memcpy(ciphertext+8, ptext[j], 16);
- break;
- case 256:
- memcpy(ciphertext, ptext[j-1], 16);
- memcpy(ciphertext+16, ptext[j], 16);
- break;
- }
- }
- /* Compute next key: Key[i+1] = Key[i] xor ct */
- for (n = 0; n < nkeysz; ++n)
- key[i+1][n] = key[i][n] ^ ciphertext[n];
-
- /* Compute next IV and text */
- if (dir == XENCRYPT)
- {
- switch (imode)
- {
- case ECB:
- memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
- break;
- case CBC:
- case OFB:
- case CFB128:
- memcpy(iv[i+1], ctext[j], AES_BLOCK_SIZE);
- memcpy(ptext[0], ctext[j-1], AES_BLOCK_SIZE);
- break;
- case CFB8:
- /* IV[i+1] = ct */
- for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
- iv[i+1][n1] = ctext[j-n2][0];
- ptext[0][0] = ctext[j-16][0];
- break;
- case CFB1:
- for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
- sb(iv[i+1],n1,gb(ctext[j-n2],0));
- ptext[0][0]=ctext[j-128][0]&0x80;
- break;
- }
- }
- else
- {
- switch (imode)
- {
- case ECB:
- memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
- break;
- case CBC:
- case OFB:
- case CFB128:
- memcpy(iv[i+1], ptext[j], AES_BLOCK_SIZE);
- memcpy(ctext[0], ptext[j-1], AES_BLOCK_SIZE);
- break;
- case CFB8:
- for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
- iv[i+1][n1] = ptext[j-n2][0];
- ctext[0][0] = ptext[j-16][0];
- break;
- case CFB1:
- for(n1=0,n2=127 ; n1 < 128 ; ++n1,--n2)
- sb(iv[i+1],n1,gb(ptext[j-n2],0));
- ctext[0][0]=ptext[j-128][0]&0x80;
- break;
- }
- }
- }
-
- return ret;
- }
-
-/*================================================*/
-/*----------------------------
- # Config info for v-one
- # AESVS MMT test data for ECB
- # State : Encrypt and Decrypt
- # Key Length : 256
- # Fri Aug 30 04:07:22 PM
- ----------------------------*/
-
-static int proc_file(char *rqfile, char *rspfile)
- {
- char afn[256], rfn[256];
- FILE *afp = NULL, *rfp = NULL;
- char ibuf[2048];
- char tbuf[2048];
- int ilen, len, ret = 0;
- char algo[8] = "";
- char amode[8] = "";
- char atest[8] = "";
- int akeysz = 0;
- unsigned char iVec[20], aKey[40];
- int dir = -1, err = 0, step = 0;
- unsigned char plaintext[2048];
- unsigned char ciphertext[2048];
- char *rp;
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
-
- if (!rqfile || !(*rqfile))
- {
- printf("No req file\n");
- return -1;
- }
- strcpy(afn, rqfile);
-
- if ((afp = fopen(afn, "r")) == NULL)
- {
- printf("Cannot open file: %s, %s\n",
- afn, strerror(errno));
- return -1;
- }
- if (!rspfile)
- {
- strcpy(rfn,afn);
- rp=strstr(rfn,"req/");
-#ifdef OPENSSL_SYS_WIN32
- if (!rp)
- rp=strstr(rfn,"req\\");
-#endif
- assert(rp);
- memcpy(rp,"rsp",3);
- rp = strstr(rfn, ".req");
- memcpy(rp, ".rsp", 4);
- rspfile = rfn;
- }
- if ((rfp = fopen(rspfile, "w")) == NULL)
- {
- printf("Cannot open file: %s, %s\n",
- rfn, strerror(errno));
- fclose(afp);
- afp = NULL;
- return -1;
- }
- while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
- {
- tidy_line(tbuf, ibuf);
- ilen = strlen(ibuf);
- /* printf("step=%d ibuf=%s",step,ibuf); */
- switch (step)
- {
- case 0: /* read preamble */
- if (ibuf[0] == '\n')
- { /* end of preamble */
- if ((*algo == '\0') ||
- (*amode == '\0') ||
- (akeysz == 0))
- {
- printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
- algo,amode,akeysz);
- err = 1;
- }
- else
- {
- fputs(ibuf, rfp);
- ++ step;
- }
- }
- else if (ibuf[0] != '#')
- {
- printf("Invalid preamble item: %s\n", ibuf);
- err = 1;
- }
- else
- { /* process preamble */
- char *xp, *pp = ibuf+2;
- int n;
- if (akeysz)
- { /* insert current time & date */
- time_t rtim = time(0);
- fprintf(rfp, "# %s", ctime(&rtim));
- }
- else
- {
- fputs(ibuf, rfp);
- if (strncmp(pp, "AESVS ", 6) == 0)
- {
- strcpy(algo, "AES");
- /* get test type */
- pp += 6;
- xp = strchr(pp, ' ');
- n = xp-pp;
- strncpy(atest, pp, n);
- atest[n] = '\0';
- /* get mode */
- xp = strrchr(pp, ' '); /* get mode" */
- n = strlen(xp+1)-1;
- strncpy(amode, xp+1, n);
- amode[n] = '\0';
- /* amode[3] = '\0'; */
- if (VERBOSE)
- printf("Test = %s, Mode = %s\n", atest, amode);
- }
- else if (strncasecmp(pp, "Key Length : ", 13) == 0)
- {
- akeysz = atoi(pp+13);
- if (VERBOSE)
- printf("Key size = %d\n", akeysz);
- }
- }
- }
- break;
-
- case 1: /* [ENCRYPT] | [DECRYPT] */
- if (ibuf[0] == '[')
- {
- fputs(ibuf, rfp);
- ++step;
- if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
- dir = 1;
- else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
- dir = 0;
- else
- {
- printf("Invalid keyword: %s\n", ibuf);
- err = 1;
- }
- break;
- }
- else if (dir == -1)
- {
- err = 1;
- printf("Missing ENCRYPT/DECRYPT keyword\n");
- break;
- }
- else
- step = 2;
-
- case 2: /* KEY = xxxx */
- fputs(ibuf, rfp);
- if(*ibuf == '\n')
- break;
- if(!strncasecmp(ibuf,"COUNT = ",8))
- break;
-
- if (strncasecmp(ibuf, "KEY = ", 6) != 0)
- {
- printf("Missing KEY\n");
- err = 1;
- }
- else
- {
- len = hex2bin((char*)ibuf+6, aKey);
- if (len < 0)
- {
- printf("Invalid KEY\n");
- err =1;
- break;
- }
- PrintValue("KEY", aKey, len);
- if (strcmp(amode, "ECB") == 0)
- {
- memset(iVec, 0, sizeof(iVec));
- step = (dir)? 4: 5; /* no ivec for ECB */
- }
- else
- ++step;
- }
- break;
-
- case 3: /* IV = xxxx */
- fputs(ibuf, rfp);
- if (strncasecmp(ibuf, "IV = ", 5) != 0)
- {
- printf("Missing IV\n");
- err = 1;
- }
- else
- {
- len = hex2bin((char*)ibuf+5, iVec);
- if (len < 0)
- {
- printf("Invalid IV\n");
- err =1;
- break;
- }
- PrintValue("IV", iVec, len);
- step = (dir)? 4: 5;
- }
- break;
-
- case 4: /* PLAINTEXT = xxxx */
- fputs(ibuf, rfp);
- if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
- {
- printf("Missing PLAINTEXT\n");
- err = 1;
- }
- else
- {
- int nn = strlen(ibuf+12);
- if(!strcmp(amode,"CFB1"))
- len=bint2bin(ibuf+12,nn-1,plaintext);
- else
- len=hex2bin(ibuf+12, plaintext);
- if (len < 0)
- {
- printf("Invalid PLAINTEXT: %s", ibuf+12);
- err =1;
- break;
- }
- if (len >= (int)sizeof(plaintext))
- {
- printf("Buffer overflow\n");
- }
- PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
- if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
- {
- if(do_mct(amode, akeysz, aKey, iVec,
- dir, (unsigned char*)plaintext, len,
- rfp) < 0)
- EXIT(1);
- }
- else
- {
- ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
- dir, /* 0 = decrypt, 1 = encrypt */
- plaintext, ciphertext, len);
- OutputValue("CIPHERTEXT",ciphertext,len,rfp,
- !strcmp(amode,"CFB1"));
- }
- step = 6;
- }
- break;
-
- case 5: /* CIPHERTEXT = xxxx */
- fputs(ibuf, rfp);
- if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
- {
- printf("Missing KEY\n");
- err = 1;
- }
- else
- {
- if(!strcmp(amode,"CFB1"))
- len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
- else
- len = hex2bin(ibuf+13,ciphertext);
- if (len < 0)
- {
- printf("Invalid CIPHERTEXT\n");
- err =1;
- break;
- }
-
- PrintValue("CIPHERTEXT", ciphertext, len);
- if (strcmp(atest, "MCT") == 0) /* Monte Carlo Test */
- {
- do_mct(amode, akeysz, aKey, iVec,
- dir, ciphertext, len, rfp);
- }
- else
- {
- ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
- dir, /* 0 = decrypt, 1 = encrypt */
- plaintext, ciphertext, len);
- OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
- !strcmp(amode,"CFB1"));
- }
- step = 6;
- }
- break;
-
- case 6:
- if (ibuf[0] != '\n')
- {
- err = 1;
- printf("Missing terminator\n");
- }
- else if (strcmp(atest, "MCT") != 0)
- { /* MCT already added terminating nl */
- fputs(ibuf, rfp);
- }
- step = 1;
- break;
- }
- }
- if (rfp)
- fclose(rfp);
- if (afp)
- fclose(afp);
- return err;
- }
-
-/*--------------------------------------------------
- Processes either a single file or
- a set of files whose names are passed in a file.
- A single file is specified as:
- aes_test -f xxx.req
- A set of files is specified as:
- aes_test -d xxxxx.xxx
- The default is: -d req.txt
---------------------------------------------------*/
-int main(int argc, char **argv)
- {
- char *rqlist = "req.txt", *rspfile = NULL;
- FILE *fp = NULL;
- char fn[250] = "", rfn[256] = "";
- int f_opt = 0, d_opt = 1;
-
-#ifdef OPENSSL_FIPS
- if(!FIPS_mode_set(1))
- {
- do_print_errors();
- EXIT(1);
- }
-#endif
- if (argc > 1)
- {
- if (strcasecmp(argv[1], "-d") == 0)
- {
- d_opt = 1;
- }
- else if (strcasecmp(argv[1], "-f") == 0)
- {
- f_opt = 1;
- d_opt = 0;
- }
- else
- {
- printf("Invalid parameter: %s\n", argv[1]);
- return 0;
- }
- if (argc < 3)
- {
- printf("Missing parameter\n");
- return 0;
- }
- if (d_opt)
- rqlist = argv[2];
- else
- {
- strcpy(fn, argv[2]);
- rspfile = argv[3];
- }
- }
- if (d_opt)
- { /* list of files (directory) */
- if (!(fp = fopen(rqlist, "r")))
- {
- printf("Cannot open req list file\n");
- return -1;
- }
- while (fgets(fn, sizeof(fn), fp))
- {
- strtok(fn, "\r\n");
- strcpy(rfn, fn);
- if (VERBOSE)
- printf("Processing: %s\n", rfn);
- if (proc_file(rfn, rspfile))
- {
- printf(">>> Processing failed for: %s <<<\n", rfn);
- EXIT(1);
- }
- }
- fclose(fp);
- }
- else /* single file */
- {
- if (VERBOSE)
- printf("Processing: %s\n", fn);
- if (proc_file(fn, rspfile))
- {
- printf(">>> Processing failed for: %s <<<\n", fn);
- }
- }
- EXIT(0);
- return 0;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aesavs.c (from rev 6976, vendor-crypto/openssl/dist/fips/aes/fips_aesavs.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aesavs.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/aes/fips_aesavs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,808 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/* --------------------------------------------
+ NIST AES Algorithm Validation Suite
+ Test Program
+
+ Donated to OpenSSL by:
+ V-ONE Corporation
+ 20250 Century Blvd, Suite 300
+ Germantown, MD 20874
+ U.S.A.
+ ----------------------------------------------*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <ctype.h>
+#include <openssl/aes.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#include <openssl/err.h>
+#include "e_os.h"
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS AES support\n");
+ return (0);
+}
+
+#else
+
+# include <openssl/fips.h>
+# include "fips_utl.h"
+
+# define AES_BLOCK_SIZE 16
+
+# define VERBOSE 0
+
+/* ---------------------------------------------*/
+
+static int AESTest(EVP_CIPHER_CTX *ctx,
+ char *amode, int akeysz, unsigned char *aKey,
+ unsigned char *iVec,
+ /* 0 = decrypt, 1 = encrypt */
+ int dir,
+ unsigned char *plaintext, unsigned char *ciphertext,
+ int len)
+{
+ const EVP_CIPHER *cipher = NULL;
+
+ if (strcasecmp(amode, "CBC") == 0) {
+ switch (akeysz) {
+ case 128:
+ cipher = EVP_aes_128_cbc();
+ break;
+
+ case 192:
+ cipher = EVP_aes_192_cbc();
+ break;
+
+ case 256:
+ cipher = EVP_aes_256_cbc();
+ break;
+ }
+
+ } else if (strcasecmp(amode, "ECB") == 0) {
+ switch (akeysz) {
+ case 128:
+ cipher = EVP_aes_128_ecb();
+ break;
+
+ case 192:
+ cipher = EVP_aes_192_ecb();
+ break;
+
+ case 256:
+ cipher = EVP_aes_256_ecb();
+ break;
+ }
+ } else if (strcasecmp(amode, "CFB128") == 0) {
+ switch (akeysz) {
+ case 128:
+ cipher = EVP_aes_128_cfb128();
+ break;
+
+ case 192:
+ cipher = EVP_aes_192_cfb128();
+ break;
+
+ case 256:
+ cipher = EVP_aes_256_cfb128();
+ break;
+ }
+
+ } else if (strncasecmp(amode, "OFB", 3) == 0) {
+ switch (akeysz) {
+ case 128:
+ cipher = EVP_aes_128_ofb();
+ break;
+
+ case 192:
+ cipher = EVP_aes_192_ofb();
+ break;
+
+ case 256:
+ cipher = EVP_aes_256_ofb();
+ break;
+ }
+ } else if (!strcasecmp(amode, "CFB1")) {
+ switch (akeysz) {
+ case 128:
+ cipher = EVP_aes_128_cfb1();
+ break;
+
+ case 192:
+ cipher = EVP_aes_192_cfb1();
+ break;
+
+ case 256:
+ cipher = EVP_aes_256_cfb1();
+ break;
+ }
+ } else if (!strcasecmp(amode, "CFB8")) {
+ switch (akeysz) {
+ case 128:
+ cipher = EVP_aes_128_cfb8();
+ break;
+
+ case 192:
+ cipher = EVP_aes_192_cfb8();
+ break;
+
+ case 256:
+ cipher = EVP_aes_256_cfb8();
+ break;
+ }
+ } else {
+ printf("Unknown mode: %s\n", amode);
+ return 0;
+ }
+ if (!cipher) {
+ printf("Invalid key size: %d\n", akeysz);
+ return 0;
+ }
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
+ return 0;
+ if (!strcasecmp(amode, "CFB1"))
+ M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
+ if (dir)
+ EVP_Cipher(ctx, ciphertext, plaintext, len);
+ else
+ EVP_Cipher(ctx, plaintext, ciphertext, len);
+ return 1;
+}
+
+/* ---------------------------------------------*/
+char *t_tag[2] = { "PLAINTEXT", "CIPHERTEXT" };
+char *t_mode[6] = { "CBC", "ECB", "OFB", "CFB1", "CFB8", "CFB128" };
+enum Mode { CBC, ECB, OFB, CFB1, CFB8, CFB128 };
+enum XCrypt { XDECRYPT, XENCRYPT };
+
+/*=============================*/
+/* Monte Carlo Tests */
+/* ---------------------------*/
+
+/*
+ * #define gb(a,b) (((a)[(b)/8] >> ((b)%8))&1)
+ */
+/*
+ * #define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << ((b)%8)))|(!!(v) <<
+ * ((b)%8)))
+ */
+
+# define gb(a,b) (((a)[(b)/8] >> (7-(b)%8))&1)
+# define sb(a,b,v) ((a)[(b)/8]=((a)[(b)/8]&~(1 << (7-(b)%8)))|(!!(v) << (7-(b)%8)))
+
+static int do_mct(char *amode,
+ int akeysz, unsigned char *aKey, unsigned char *iVec,
+ int dir, unsigned char *text, int len, FILE *rfp)
+{
+ int ret = 0;
+ unsigned char key[101][32];
+ unsigned char iv[101][AES_BLOCK_SIZE];
+ unsigned char ptext[1001][32];
+ unsigned char ctext[1001][32];
+ unsigned char ciphertext[64 + 4];
+ int i, j, n, n1, n2;
+ int imode = 0, nkeysz = akeysz / 8;
+ EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX_init(&ctx);
+
+ if (len > 32) {
+ printf("\n>>>> Length exceeds 32 for %s %d <<<<\n\n", amode, akeysz);
+ return -1;
+ }
+ for (imode = 0; imode < 6; ++imode)
+ if (strcmp(amode, t_mode[imode]) == 0)
+ break;
+ if (imode == 6) {
+ printf("Unrecognized mode: %s\n", amode);
+ return -1;
+ }
+
+ memcpy(key[0], aKey, nkeysz);
+ if (iVec)
+ memcpy(iv[0], iVec, AES_BLOCK_SIZE);
+ if (dir == XENCRYPT)
+ memcpy(ptext[0], text, len);
+ else
+ memcpy(ctext[0], text, len);
+ for (i = 0; i < 100; ++i) {
+ /* printf("Iteration %d\n", i); */
+ if (i > 0) {
+ fprintf(rfp, "COUNT = %d\n", i);
+ OutputValue("KEY", key[i], nkeysz, rfp, 0);
+ if (imode != ECB) /* ECB */
+ OutputValue("IV", iv[i], AES_BLOCK_SIZE, rfp, 0);
+ /* Output Ciphertext | Plaintext */
+ OutputValue(t_tag[dir ^ 1], dir ? ptext[0] : ctext[0], len, rfp,
+ imode == CFB1);
+ }
+ for (j = 0; j < 1000; ++j) {
+ switch (imode) {
+ case ECB:
+ if (j == 0) { /* set up encryption */
+ ret = AESTest(&ctx, amode, akeysz, key[i], NULL,
+ /* 0 = decrypt, 1 = encrypt */
+ dir, ptext[j], ctext[j], len);
+ if (dir == XENCRYPT)
+ memcpy(ptext[j + 1], ctext[j], len);
+ else
+ memcpy(ctext[j + 1], ptext[j], len);
+ } else {
+ if (dir == XENCRYPT) {
+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+ memcpy(ptext[j + 1], ctext[j], len);
+ } else {
+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+ memcpy(ctext[j + 1], ptext[j], len);
+ }
+ }
+ break;
+
+ case CBC:
+ case OFB:
+ case CFB128:
+ if (j == 0) {
+ ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
+ /* 0 = decrypt, 1 = encrypt */
+ dir, ptext[j], ctext[j], len);
+ if (dir == XENCRYPT)
+ memcpy(ptext[j + 1], iv[i], len);
+ else
+ memcpy(ctext[j + 1], iv[i], len);
+ } else {
+ if (dir == XENCRYPT) {
+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+ memcpy(ptext[j + 1], ctext[j - 1], len);
+ } else {
+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+ memcpy(ctext[j + 1], ptext[j - 1], len);
+ }
+ }
+ break;
+
+ case CFB8:
+ if (j == 0) {
+ ret = AESTest(&ctx, amode, akeysz, key[i], iv[i],
+ /* 0 = decrypt, 1 = encrypt */
+ dir, ptext[j], ctext[j], len);
+ } else {
+ if (dir == XENCRYPT)
+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+ else
+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+ }
+ if (dir == XENCRYPT) {
+ if (j < 16)
+ memcpy(ptext[j + 1], &iv[i][j], len);
+ else
+ memcpy(ptext[j + 1], ctext[j - 16], len);
+ } else {
+ if (j < 16)
+ memcpy(ctext[j + 1], &iv[i][j], len);
+ else
+ memcpy(ctext[j + 1], ptext[j - 16], len);
+ }
+ break;
+
+ case CFB1:
+ if (j == 0) {
+# if 0
+ /* compensate for wrong endianness of input file */
+ if (i == 0)
+ ptext[0][0] <<= 7;
+# endif
+ ret = AESTest(&ctx, amode, akeysz, key[i], iv[i], dir,
+ ptext[j], ctext[j], len);
+ } else {
+ if (dir == XENCRYPT)
+ EVP_Cipher(&ctx, ctext[j], ptext[j], len);
+ else
+ EVP_Cipher(&ctx, ptext[j], ctext[j], len);
+
+ }
+ if (dir == XENCRYPT) {
+ if (j < 128)
+ sb(ptext[j + 1], 0, gb(iv[i], j));
+ else
+ sb(ptext[j + 1], 0, gb(ctext[j - 128], 0));
+ } else {
+ if (j < 128)
+ sb(ctext[j + 1], 0, gb(iv[i], j));
+ else
+ sb(ctext[j + 1], 0, gb(ptext[j - 128], 0));
+ }
+ break;
+ }
+ }
+ --j; /* reset to last of range */
+ /* Output Ciphertext | Plaintext */
+ OutputValue(t_tag[dir], dir ? ctext[j] : ptext[j], len, rfp,
+ imode == CFB1);
+ fprintf(rfp, "\n"); /* add separator */
+
+ /* Compute next KEY */
+ if (dir == XENCRYPT) {
+ if (imode == CFB8) {
+ /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
+ for (n1 = 0, n2 = nkeysz - 1; n1 < nkeysz; ++n1, --n2)
+ ciphertext[n1] = ctext[j - n2][0];
+ } else if (imode == CFB1) {
+ for (n1 = 0, n2 = akeysz - 1; n1 < akeysz; ++n1, --n2)
+ sb(ciphertext, n1, gb(ctext[j - n2], 0));
+ } else
+ switch (akeysz) {
+ case 128:
+ memcpy(ciphertext, ctext[j], 16);
+ break;
+ case 192:
+ memcpy(ciphertext, ctext[j - 1] + 8, 8);
+ memcpy(ciphertext + 8, ctext[j], 16);
+ break;
+ case 256:
+ memcpy(ciphertext, ctext[j - 1], 16);
+ memcpy(ciphertext + 16, ctext[j], 16);
+ break;
+ }
+ } else {
+ if (imode == CFB8) {
+ /* ct = CT[j-15] || CT[j-14] || ... || CT[j] */
+ for (n1 = 0, n2 = nkeysz - 1; n1 < nkeysz; ++n1, --n2)
+ ciphertext[n1] = ptext[j - n2][0];
+ } else if (imode == CFB1) {
+ for (n1 = 0, n2 = akeysz - 1; n1 < akeysz; ++n1, --n2)
+ sb(ciphertext, n1, gb(ptext[j - n2], 0));
+ } else
+ switch (akeysz) {
+ case 128:
+ memcpy(ciphertext, ptext[j], 16);
+ break;
+ case 192:
+ memcpy(ciphertext, ptext[j - 1] + 8, 8);
+ memcpy(ciphertext + 8, ptext[j], 16);
+ break;
+ case 256:
+ memcpy(ciphertext, ptext[j - 1], 16);
+ memcpy(ciphertext + 16, ptext[j], 16);
+ break;
+ }
+ }
+ /* Compute next key: Key[i+1] = Key[i] xor ct */
+ for (n = 0; n < nkeysz; ++n)
+ key[i + 1][n] = key[i][n] ^ ciphertext[n];
+
+ /* Compute next IV and text */
+ if (dir == XENCRYPT) {
+ switch (imode) {
+ case ECB:
+ memcpy(ptext[0], ctext[j], AES_BLOCK_SIZE);
+ break;
+ case CBC:
+ case OFB:
+ case CFB128:
+ memcpy(iv[i + 1], ctext[j], AES_BLOCK_SIZE);
+ memcpy(ptext[0], ctext[j - 1], AES_BLOCK_SIZE);
+ break;
+ case CFB8:
+ /* IV[i+1] = ct */
+ for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
+ iv[i + 1][n1] = ctext[j - n2][0];
+ ptext[0][0] = ctext[j - 16][0];
+ break;
+ case CFB1:
+ for (n1 = 0, n2 = 127; n1 < 128; ++n1, --n2)
+ sb(iv[i + 1], n1, gb(ctext[j - n2], 0));
+ ptext[0][0] = ctext[j - 128][0] & 0x80;
+ break;
+ }
+ } else {
+ switch (imode) {
+ case ECB:
+ memcpy(ctext[0], ptext[j], AES_BLOCK_SIZE);
+ break;
+ case CBC:
+ case OFB:
+ case CFB128:
+ memcpy(iv[i + 1], ptext[j], AES_BLOCK_SIZE);
+ memcpy(ctext[0], ptext[j - 1], AES_BLOCK_SIZE);
+ break;
+ case CFB8:
+ for (n1 = 0, n2 = 15; n1 < 16; ++n1, --n2)
+ iv[i + 1][n1] = ptext[j - n2][0];
+ ctext[0][0] = ptext[j - 16][0];
+ break;
+ case CFB1:
+ for (n1 = 0, n2 = 127; n1 < 128; ++n1, --n2)
+ sb(iv[i + 1], n1, gb(ptext[j - n2], 0));
+ ctext[0][0] = ptext[j - 128][0] & 0x80;
+ break;
+ }
+ }
+ }
+
+ return ret;
+}
+
+/*================================================*/
+/* ---------------------------
+ # Config info for v-one
+ # AESVS MMT test data for ECB
+ # State : Encrypt and Decrypt
+ # Key Length : 256
+ # Fri Aug 30 04:07:22 PM
+ ----------------------------*/
+
+static int proc_file(char *rqfile, char *rspfile)
+{
+ char afn[256], rfn[256];
+ FILE *afp = NULL, *rfp = NULL;
+ char ibuf[2048];
+ char tbuf[2048];
+ int ilen, len, ret = 0;
+ char algo[8] = "";
+ char amode[8] = "";
+ char atest[8] = "";
+ int akeysz = 0;
+ unsigned char iVec[20], aKey[40];
+ int dir = -1, err = 0, step = 0;
+ unsigned char plaintext[2048];
+ unsigned char ciphertext[2048];
+ char *rp;
+ EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX_init(&ctx);
+
+ if (!rqfile || !(*rqfile)) {
+ printf("No req file\n");
+ return -1;
+ }
+ strcpy(afn, rqfile);
+
+ if ((afp = fopen(afn, "r")) == NULL) {
+ printf("Cannot open file: %s, %s\n", afn, strerror(errno));
+ return -1;
+ }
+ if (!rspfile) {
+ strcpy(rfn, afn);
+ rp = strstr(rfn, "req/");
+# ifdef OPENSSL_SYS_WIN32
+ if (!rp)
+ rp = strstr(rfn, "req\\");
+# endif
+ assert(rp);
+ memcpy(rp, "rsp", 3);
+ rp = strstr(rfn, ".req");
+ memcpy(rp, ".rsp", 4);
+ rspfile = rfn;
+ }
+ if ((rfp = fopen(rspfile, "w")) == NULL) {
+ printf("Cannot open file: %s, %s\n", rfn, strerror(errno));
+ fclose(afp);
+ afp = NULL;
+ return -1;
+ }
+ while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL) {
+ tidy_line(tbuf, ibuf);
+ ilen = strlen(ibuf);
+ /* printf("step=%d ibuf=%s",step,ibuf); */
+ switch (step) {
+ case 0: /* read preamble */
+ if (ibuf[0] == '\n') { /* end of preamble */
+ if ((*algo == '\0') || (*amode == '\0') || (akeysz == 0)) {
+ printf("Missing Algorithm, Mode or KeySize (%s/%s/%d)\n",
+ algo, amode, akeysz);
+ err = 1;
+ } else {
+ fputs(ibuf, rfp);
+ ++step;
+ }
+ } else if (ibuf[0] != '#') {
+ printf("Invalid preamble item: %s\n", ibuf);
+ err = 1;
+ } else { /* process preamble */
+ char *xp, *pp = ibuf + 2;
+ int n;
+ if (akeysz) { /* insert current time & date */
+ time_t rtim = time(0);
+ fprintf(rfp, "# %s", ctime(&rtim));
+ } else {
+ fputs(ibuf, rfp);
+ if (strncmp(pp, "AESVS ", 6) == 0) {
+ strcpy(algo, "AES");
+ /* get test type */
+ pp += 6;
+ xp = strchr(pp, ' ');
+ n = xp - pp;
+ strncpy(atest, pp, n);
+ atest[n] = '\0';
+ /* get mode */
+ xp = strrchr(pp, ' '); /* get mode" */
+ n = strlen(xp + 1) - 1;
+ strncpy(amode, xp + 1, n);
+ amode[n] = '\0';
+ /* amode[3] = '\0'; */
+ if (VERBOSE)
+ printf("Test = %s, Mode = %s\n", atest, amode);
+ } else if (strncasecmp(pp, "Key Length : ", 13) == 0) {
+ akeysz = atoi(pp + 13);
+ if (VERBOSE)
+ printf("Key size = %d\n", akeysz);
+ }
+ }
+ }
+ break;
+
+ case 1: /* [ENCRYPT] | [DECRYPT] */
+ if (ibuf[0] == '[') {
+ fputs(ibuf, rfp);
+ ++step;
+ if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
+ dir = 1;
+ else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
+ dir = 0;
+ else {
+ printf("Invalid keyword: %s\n", ibuf);
+ err = 1;
+ }
+ break;
+ } else if (dir == -1) {
+ err = 1;
+ printf("Missing ENCRYPT/DECRYPT keyword\n");
+ break;
+ } else
+ step = 2;
+
+ case 2: /* KEY = xxxx */
+ fputs(ibuf, rfp);
+ if (*ibuf == '\n')
+ break;
+ if (!strncasecmp(ibuf, "COUNT = ", 8))
+ break;
+
+ if (strncasecmp(ibuf, "KEY = ", 6) != 0) {
+ printf("Missing KEY\n");
+ err = 1;
+ } else {
+ len = hex2bin((char *)ibuf + 6, aKey);
+ if (len < 0) {
+ printf("Invalid KEY\n");
+ err = 1;
+ break;
+ }
+ PrintValue("KEY", aKey, len);
+ if (strcmp(amode, "ECB") == 0) {
+ memset(iVec, 0, sizeof(iVec));
+ step = (dir) ? 4 : 5; /* no ivec for ECB */
+ } else
+ ++step;
+ }
+ break;
+
+ case 3: /* IV = xxxx */
+ fputs(ibuf, rfp);
+ if (strncasecmp(ibuf, "IV = ", 5) != 0) {
+ printf("Missing IV\n");
+ err = 1;
+ } else {
+ len = hex2bin((char *)ibuf + 5, iVec);
+ if (len < 0) {
+ printf("Invalid IV\n");
+ err = 1;
+ break;
+ }
+ PrintValue("IV", iVec, len);
+ step = (dir) ? 4 : 5;
+ }
+ break;
+
+ case 4: /* PLAINTEXT = xxxx */
+ fputs(ibuf, rfp);
+ if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0) {
+ printf("Missing PLAINTEXT\n");
+ err = 1;
+ } else {
+ int nn = strlen(ibuf + 12);
+ if (!strcmp(amode, "CFB1"))
+ len = bint2bin(ibuf + 12, nn - 1, plaintext);
+ else
+ len = hex2bin(ibuf + 12, plaintext);
+ if (len < 0) {
+ printf("Invalid PLAINTEXT: %s", ibuf + 12);
+ err = 1;
+ break;
+ }
+ if (len >= (int)sizeof(plaintext)) {
+ printf("Buffer overflow\n");
+ }
+ PrintValue("PLAINTEXT", (unsigned char *)plaintext, len);
+ if (strcmp(atest, "MCT") == 0) { /* Monte Carlo Test */
+ if (do_mct(amode, akeysz, aKey, iVec,
+ dir, (unsigned char *)plaintext, len, rfp) < 0)
+ EXIT(1);
+ } else {
+ ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
+ /* 0 = decrypt, 1 = encrypt */
+ dir, plaintext, ciphertext, len);
+ OutputValue("CIPHERTEXT", ciphertext, len, rfp,
+ !strcmp(amode, "CFB1"));
+ }
+ step = 6;
+ }
+ break;
+
+ case 5: /* CIPHERTEXT = xxxx */
+ fputs(ibuf, rfp);
+ if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0) {
+ printf("Missing KEY\n");
+ err = 1;
+ } else {
+ if (!strcmp(amode, "CFB1"))
+ len =
+ bint2bin(ibuf + 13, strlen(ibuf + 13) - 1,
+ ciphertext);
+ else
+ len = hex2bin(ibuf + 13, ciphertext);
+ if (len < 0) {
+ printf("Invalid CIPHERTEXT\n");
+ err = 1;
+ break;
+ }
+
+ PrintValue("CIPHERTEXT", ciphertext, len);
+ if (strcmp(atest, "MCT") == 0) { /* Monte Carlo Test */
+ do_mct(amode, akeysz, aKey, iVec,
+ dir, ciphertext, len, rfp);
+ } else {
+ ret = AESTest(&ctx, amode, akeysz, aKey, iVec,
+ /* 0 = decrypt, 1 = encrypt */
+ dir, plaintext, ciphertext, len);
+ OutputValue("PLAINTEXT", (unsigned char *)plaintext, len,
+ rfp, !strcmp(amode, "CFB1"));
+ }
+ step = 6;
+ }
+ break;
+
+ case 6:
+ if (ibuf[0] != '\n') {
+ err = 1;
+ printf("Missing terminator\n");
+ } else if (strcmp(atest, "MCT") != 0) { /* MCT already added
+ * terminating nl */
+ fputs(ibuf, rfp);
+ }
+ step = 1;
+ break;
+ }
+ }
+ if (rfp)
+ fclose(rfp);
+ if (afp)
+ fclose(afp);
+ return err;
+}
+
+/* -------------------------------------------------
+ Processes either a single file or
+ a set of files whose names are passed in a file.
+ A single file is specified as:
+ aes_test -f xxx.req
+ A set of files is specified as:
+ aes_test -d xxxxx.xxx
+ The default is: -d req.txt
+--------------------------------------------------*/
+int main(int argc, char **argv)
+{
+ char *rqlist = "req.txt", *rspfile = NULL;
+ FILE *fp = NULL;
+ char fn[250] = "", rfn[256] = "";
+ int f_opt = 0, d_opt = 1;
+
+# ifdef OPENSSL_FIPS
+ if (!FIPS_mode_set(1)) {
+ do_print_errors();
+ EXIT(1);
+ }
+# endif
+ if (argc > 1) {
+ if (strcasecmp(argv[1], "-d") == 0) {
+ d_opt = 1;
+ } else if (strcasecmp(argv[1], "-f") == 0) {
+ f_opt = 1;
+ d_opt = 0;
+ } else {
+ printf("Invalid parameter: %s\n", argv[1]);
+ return 0;
+ }
+ if (argc < 3) {
+ printf("Missing parameter\n");
+ return 0;
+ }
+ if (d_opt)
+ rqlist = argv[2];
+ else {
+ strcpy(fn, argv[2]);
+ rspfile = argv[3];
+ }
+ }
+ if (d_opt) { /* list of files (directory) */
+ if (!(fp = fopen(rqlist, "r"))) {
+ printf("Cannot open req list file\n");
+ return -1;
+ }
+ while (fgets(fn, sizeof(fn), fp)) {
+ strtok(fn, "\r\n");
+ strcpy(rfn, fn);
+ if (VERBOSE)
+ printf("Processing: %s\n", rfn);
+ if (proc_file(rfn, rspfile)) {
+ printf(">>> Processing failed for: %s <<<\n", rfn);
+ EXIT(1);
+ }
+ }
+ fclose(fp);
+ } else { /* single file */
+
+ if (VERBOSE)
+ printf("Processing: %s\n", fn);
+ if (proc_file(fn, rspfile)) {
+ printf(">>> Processing failed for: %s <<<\n", fn);
+ }
+ }
+ EXIT(0);
+ return 0;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/des/fips_des_selftest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/des/fips_des_selftest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/des/fips_des_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,137 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/evp.h>
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-
-static struct
- {
- unsigned char key[16];
- unsigned char plaintext[8];
- unsigned char ciphertext[8];
- } tests2[]=
- {
- {
- { 0x7c,0x4f,0x6e,0xf7,0xa2,0x04,0x16,0xec,
- 0x0b,0x6b,0x7c,0x9e,0x5e,0x19,0xa7,0xc4 },
- { 0x06,0xa7,0xd8,0x79,0xaa,0xce,0x69,0xef },
- { 0x4c,0x11,0x17,0x55,0xbf,0xc4,0x4e,0xfd }
- },
- {
- { 0x5d,0x9e,0x01,0xd3,0x25,0xc7,0x3e,0x34,
- 0x01,0x16,0x7c,0x85,0x23,0xdf,0xe0,0x68 },
- { 0x9c,0x50,0x09,0x0f,0x5e,0x7d,0x69,0x7e },
- { 0xd2,0x0b,0x18,0xdf,0xd9,0x0d,0x9e,0xff },
- }
- };
-
-static struct
- {
- unsigned char key[24];
- unsigned char plaintext[8];
- unsigned char ciphertext[8];
- } tests3[]=
- {
- {
- { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
- 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0 },
- { 0x8f,0x8f,0xbf,0x9b,0x5d,0x48,0xb4,0x1c },
- { 0x59,0x8c,0xe5,0xd3,0x6c,0xa2,0xea,0x1b },
- },
- {
- { 0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,0xFE,
- 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
- 0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4 },
- { 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF },
- { 0x11,0x25,0xb0,0x35,0xbe,0xa0,0x82,0x86 },
- },
- };
-
-void FIPS_corrupt_des()
- {
- tests2[0].plaintext[0]++;
- }
-
-int FIPS_selftest_des()
- {
- int n, ret = 0;
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
- for(n=0 ; n < 2 ; ++n)
- {
- if (!fips_cipher_test(&ctx, EVP_des_ede_ecb(),
- tests2[n].key, NULL,
- tests2[n].plaintext, tests2[n].ciphertext, 8))
- goto err;
- }
-
- /* Encrypt/decrypt with 3DES and compare to known answers */
- for(n=0 ; n < 2 ; ++n)
- {
- if (!fips_cipher_test(&ctx, EVP_des_ede3_ecb(),
- tests3[n].key, NULL,
- tests3[n].plaintext, tests3[n].ciphertext, 8))
- goto err;
- }
- ret = 1;
- err:
- EVP_CIPHER_CTX_cleanup(&ctx);
- if (ret == 0)
- FIPSerr(FIPS_F_FIPS_SELFTEST_DES,FIPS_R_SELFTEST_FAILED);
-
- return ret;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/des/fips_des_selftest.c (from rev 6976, vendor-crypto/openssl/dist/fips/des/fips_des_selftest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/des/fips_des_selftest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/des/fips_des_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,147 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/evp.h>
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
+
+static struct {
+ unsigned char key[16];
+ unsigned char plaintext[8];
+ unsigned char ciphertext[8];
+} tests2[] = {
+ {
+ {
+ 0x7c, 0x4f, 0x6e, 0xf7, 0xa2, 0x04, 0x16, 0xec, 0x0b, 0x6b, 0x7c,
+ 0x9e, 0x5e, 0x19, 0xa7, 0xc4
+ }, {
+ 0x06, 0xa7, 0xd8, 0x79, 0xaa, 0xce, 0x69, 0xef
+ }, {
+ 0x4c, 0x11, 0x17, 0x55, 0xbf, 0xc4, 0x4e, 0xfd
+ }
+ },
+ {
+ {
+ 0x5d, 0x9e, 0x01, 0xd3, 0x25, 0xc7, 0x3e, 0x34, 0x01, 0x16, 0x7c,
+ 0x85, 0x23, 0xdf, 0xe0, 0x68
+ }, {
+ 0x9c, 0x50, 0x09, 0x0f, 0x5e, 0x7d, 0x69, 0x7e
+ }, {
+ 0xd2, 0x0b, 0x18, 0xdf, 0xd9, 0x0d, 0x9e, 0xff
+ },
+ }
+};
+
+static struct {
+ unsigned char key[24];
+ unsigned char plaintext[8];
+ unsigned char ciphertext[8];
+} tests3[] = {
+ {
+ {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFE, 0xDC, 0xBA,
+ 0x98, 0x76, 0x54, 0x32, 0x10, 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc,
+ 0xde, 0xf0
+ }, {
+ 0x8f, 0x8f, 0xbf, 0x9b, 0x5d, 0x48, 0xb4, 0x1c
+ }, {
+ 0x59, 0x8c, 0xe5, 0xd3, 0x6c, 0xa2, 0xea, 0x1b
+ },
+ },
+ {
+ {
+ 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10, 0xFE, 0x01, 0x23, 0x45,
+ 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0xED, 0x39, 0xD9, 0x50, 0xFA, 0x74,
+ 0xBC, 0xC4
+ }, {
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
+ }, {
+ 0x11, 0x25, 0xb0, 0x35, 0xbe, 0xa0, 0x82, 0x86
+ },
+ },
+};
+
+void FIPS_corrupt_des()
+{
+ tests2[0].plaintext[0]++;
+}
+
+int FIPS_selftest_des()
+{
+ int n, ret = 0;
+ EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX_init(&ctx);
+ /* Encrypt/decrypt with 2-key 3DES and compare to known answers */
+ for (n = 0; n < 2; ++n) {
+ if (!fips_cipher_test(&ctx, EVP_des_ede_ecb(),
+ tests2[n].key, NULL,
+ tests2[n].plaintext, tests2[n].ciphertext, 8))
+ goto err;
+ }
+
+ /* Encrypt/decrypt with 3DES and compare to known answers */
+ for (n = 0; n < 2; ++n) {
+ if (!fips_cipher_test(&ctx, EVP_des_ede3_ecb(),
+ tests3[n].key, NULL,
+ tests3[n].plaintext, tests3[n].ciphertext, 8))
+ goto err;
+ }
+ ret = 1;
+ err:
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ if (ret == 0)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DES, FIPS_R_SELFTEST_FAILED);
+
+ return ret;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/des/fips_desmovs.c
===================================================================
--- vendor-crypto/openssl/dist/fips/des/fips_desmovs.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/des/fips_desmovs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,702 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-/*---------------------------------------------
- NIST DES Modes of Operation Validation System
- Test Program
-
- Based on the AES Validation Suite, which was:
- Donated to OpenSSL by:
- V-ONE Corporation
- 20250 Century Blvd, Suite 300
- Germantown, MD 20874
- U.S.A.
- ----------------------------------------------*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <assert.h>
-#include <ctype.h>
-#include <openssl/des.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#include <openssl/err.h>
-#include "e_os.h"
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS DES support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/fips.h>
-#include "fips_utl.h"
-
-#define DES_BLOCK_SIZE 8
-
-#define VERBOSE 0
-
-static int DESTest(EVP_CIPHER_CTX *ctx,
- char *amode, int akeysz, unsigned char *aKey,
- unsigned char *iVec,
- int dir, /* 0 = decrypt, 1 = encrypt */
- unsigned char *out, unsigned char *in, int len)
- {
- const EVP_CIPHER *cipher = NULL;
-
- if (akeysz != 192)
- {
- printf("Invalid key size: %d\n", akeysz);
- EXIT(1);
- }
-
- if (strcasecmp(amode, "CBC") == 0)
- cipher = EVP_des_ede3_cbc();
- else if (strcasecmp(amode, "ECB") == 0)
- cipher = EVP_des_ede3_ecb();
- else if (strcasecmp(amode, "CFB64") == 0)
- cipher = EVP_des_ede3_cfb64();
- else if (strncasecmp(amode, "OFB", 3) == 0)
- cipher = EVP_des_ede3_ofb();
- else if(!strcasecmp(amode,"CFB8"))
- cipher = EVP_des_ede3_cfb8();
- else if(!strcasecmp(amode,"CFB1"))
- cipher = EVP_des_ede3_cfb1();
- else
- {
- printf("Unknown mode: %s\n", amode);
- EXIT(1);
- }
-
- if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
- return 0;
- if(!strcasecmp(amode,"CFB1"))
- M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
- EVP_Cipher(ctx, out, in, len);
-
- return 1;
- }
-#if 0
-static void DebugValue(char *tag, unsigned char *val, int len)
- {
- char obuf[2048];
- int olen;
- olen = bin2hex(val, len, obuf);
- printf("%s = %.*s\n", tag, olen, obuf);
- }
-#endif
-static void shiftin(unsigned char *dst,unsigned char *src,int nbits)
- {
- int n;
-
- /* move the bytes... */
- memmove(dst,dst+nbits/8,3*8-nbits/8);
- /* append new data */
- memcpy(dst+3*8-nbits/8,src,(nbits+7)/8);
- /* left shift the bits */
- if(nbits%8)
- for(n=0 ; n < 3*8 ; ++n)
- dst[n]=(dst[n] << (nbits%8))|(dst[n+1] >> (8-nbits%8));
- }
-
-/*-----------------------------------------------*/
-char *t_tag[2] = {"PLAINTEXT", "CIPHERTEXT"};
-char *t_mode[6] = {"CBC","ECB","OFB","CFB1","CFB8","CFB64"};
-enum Mode {CBC, ECB, OFB, CFB1, CFB8, CFB64};
-int Sizes[6]={64,64,64,1,8,64};
-
-static void do_mct(char *amode,
- int akeysz, int numkeys, unsigned char *akey,unsigned char *ivec,
- int dir, unsigned char *text, int len,
- FILE *rfp)
- {
- int i,imode;
- unsigned char nk[4*8]; /* longest key+8 */
- unsigned char text0[8];
-
- for (imode=0 ; imode < 6 ; ++imode)
- if(!strcmp(amode,t_mode[imode]))
- break;
- if (imode == 6)
- {
- printf("Unrecognized mode: %s\n", amode);
- EXIT(1);
- }
-
- for(i=0 ; i < 400 ; ++i)
- {
- int j;
- int n;
- int kp=akeysz/64;
- unsigned char old_iv[8];
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
-
- fprintf(rfp,"\nCOUNT = %d\n",i);
- if(kp == 1)
- OutputValue("KEY",akey,8,rfp,0);
- else
- for(n=0 ; n < kp ; ++n)
- {
- fprintf(rfp,"KEY%d",n+1);
- OutputValue("",akey+n*8,8,rfp,0);
- }
-
- if(imode != ECB)
- OutputValue("IV",ivec,8,rfp,0);
- OutputValue(t_tag[dir^1],text,len,rfp,imode == CFB1);
-#if 0
- /* compensate for endianness */
- if(imode == CFB1)
- text[0]<<=7;
-#endif
- memcpy(text0,text,8);
-
- for(j=0 ; j < 10000 ; ++j)
- {
- unsigned char old_text[8];
-
- memcpy(old_text,text,8);
- if(j == 0)
- {
- memcpy(old_iv,ivec,8);
- DESTest(&ctx,amode,akeysz,akey,ivec,dir,text,text,len);
- }
- else
- {
- memcpy(old_iv,ctx.iv,8);
- EVP_Cipher(&ctx,text,text,len);
- }
- if(j == 9999)
- {
- OutputValue(t_tag[dir],text,len,rfp,imode == CFB1);
- /* memcpy(ivec,text,8); */
- }
- /* DebugValue("iv",ctx.iv,8); */
- /* accumulate material for the next key */
- shiftin(nk,text,Sizes[imode]);
- /* DebugValue("nk",nk,24);*/
- if((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
- || imode == CBC)) || imode == OFB)
- memcpy(text,old_iv,8);
-
- if(!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64))
- {
- /* the test specifies using the output of the raw DES operation
- which we don't have, so reconstruct it... */
- for(n=0 ; n < 8 ; ++n)
- text[n]^=old_text[n];
- }
- }
- for(n=0 ; n < 8 ; ++n)
- akey[n]^=nk[16+n];
- for(n=0 ; n < 8 ; ++n)
- akey[8+n]^=nk[8+n];
- for(n=0 ; n < 8 ; ++n)
- akey[16+n]^=nk[n];
- if(numkeys < 3)
- memcpy(&akey[2*8],akey,8);
- if(numkeys < 2)
- memcpy(&akey[8],akey,8);
- DES_set_odd_parity((DES_cblock *)akey);
- DES_set_odd_parity((DES_cblock *)(akey+8));
- DES_set_odd_parity((DES_cblock *)(akey+16));
- memcpy(ivec,ctx.iv,8);
-
- /* pointless exercise - the final text doesn't depend on the
- initial text in OFB mode, so who cares what it is? (Who
- designed these tests?) */
- if(imode == OFB)
- for(n=0 ; n < 8 ; ++n)
- text[n]=text0[n]^old_iv[n];
- }
- }
-
-static int proc_file(char *rqfile, char *rspfile)
- {
- char afn[256], rfn[256];
- FILE *afp = NULL, *rfp = NULL;
- char ibuf[2048], tbuf[2048];
- int ilen, len, ret = 0;
- char amode[8] = "";
- char atest[100] = "";
- int akeysz=0;
- unsigned char iVec[20], aKey[40];
- int dir = -1, err = 0, step = 0;
- unsigned char plaintext[2048];
- unsigned char ciphertext[2048];
- char *rp;
- EVP_CIPHER_CTX ctx;
- int numkeys=1;
- EVP_CIPHER_CTX_init(&ctx);
-
- if (!rqfile || !(*rqfile))
- {
- printf("No req file\n");
- return -1;
- }
- strcpy(afn, rqfile);
-
- if ((afp = fopen(afn, "r")) == NULL)
- {
- printf("Cannot open file: %s, %s\n",
- afn, strerror(errno));
- return -1;
- }
- if (!rspfile)
- {
- strcpy(rfn,afn);
- rp=strstr(rfn,"req/");
-#ifdef OPENSSL_SYS_WIN32
- if (!rp)
- rp=strstr(rfn,"req\\");
-#endif
- assert(rp);
- memcpy(rp,"rsp",3);
- rp = strstr(rfn, ".req");
- memcpy(rp, ".rsp", 4);
- rspfile = rfn;
- }
- if ((rfp = fopen(rspfile, "w")) == NULL)
- {
- printf("Cannot open file: %s, %s\n",
- rfn, strerror(errno));
- fclose(afp);
- afp = NULL;
- return -1;
- }
- while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL)
- {
- tidy_line(tbuf, ibuf);
- ilen = strlen(ibuf);
- /* printf("step=%d ibuf=%s",step,ibuf);*/
- if(step == 3 && !strcmp(amode,"ECB"))
- {
- memset(iVec, 0, sizeof(iVec));
- step = (dir)? 4: 5; /* no ivec for ECB */
- }
- switch (step)
- {
- case 0: /* read preamble */
- if (ibuf[0] == '\n')
- { /* end of preamble */
- if (*amode == '\0')
- {
- printf("Missing Mode\n");
- err = 1;
- }
- else
- {
- fputs(ibuf, rfp);
- ++ step;
- }
- }
- else if (ibuf[0] != '#')
- {
- printf("Invalid preamble item: %s\n", ibuf);
- err = 1;
- }
- else
- { /* process preamble */
- char *xp, *pp = ibuf+2;
- int n;
- if(*amode)
- { /* insert current time & date */
- time_t rtim = time(0);
- fprintf(rfp, "# %s", ctime(&rtim));
- }
- else
- {
- fputs(ibuf, rfp);
- if(!strncmp(pp,"INVERSE ",8) || !strncmp(pp,"DES ",4)
- || !strncmp(pp,"TDES ",5)
- || !strncmp(pp,"PERMUTATION ",12)
- || !strncmp(pp,"SUBSTITUTION ",13)
- || !strncmp(pp,"VARIABLE ",9))
- {
- /* get test type */
- if(!strncmp(pp,"DES ",4))
- pp+=4;
- else if(!strncmp(pp,"TDES ",5))
- pp+=5;
- xp = strchr(pp, ' ');
- n = xp-pp;
- strncpy(atest, pp, n);
- atest[n] = '\0';
- /* get mode */
- xp = strrchr(pp, ' '); /* get mode" */
- n = strlen(xp+1)-1;
- strncpy(amode, xp+1, n);
- amode[n] = '\0';
- /* amode[3] = '\0'; */
- if (VERBOSE)
- printf("Test=%s, Mode=%s\n",atest,amode);
- }
- }
- }
- break;
-
- case 1: /* [ENCRYPT] | [DECRYPT] */
- if(ibuf[0] == '\n')
- break;
- if (ibuf[0] == '[')
- {
- fputs(ibuf, rfp);
- ++step;
- if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
- dir = 1;
- else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
- dir = 0;
- else
- {
- printf("Invalid keyword: %s\n", ibuf);
- err = 1;
- }
- break;
- }
- else if (dir == -1)
- {
- err = 1;
- printf("Missing ENCRYPT/DECRYPT keyword\n");
- break;
- }
- else
- step = 2;
-
- case 2: /* KEY = xxxx */
- if(*ibuf == '\n')
- {
- fputs(ibuf, rfp);
- break;
- }
- if(!strncasecmp(ibuf,"COUNT = ",8))
- {
- fputs(ibuf, rfp);
- break;
- }
- if(!strncasecmp(ibuf,"COUNT=",6))
- {
- fputs(ibuf, rfp);
- break;
- }
- if(!strncasecmp(ibuf,"NumKeys = ",10))
- {
- numkeys=atoi(ibuf+10);
- break;
- }
-
- fputs(ibuf, rfp);
- if(!strncasecmp(ibuf,"KEY = ",6))
- {
- akeysz=64;
- len = hex2bin((char*)ibuf+6, aKey);
- if (len < 0)
- {
- printf("Invalid KEY\n");
- err=1;
- break;
- }
- PrintValue("KEY", aKey, len);
- ++step;
- }
- else if(!strncasecmp(ibuf,"KEYs = ",7))
- {
- akeysz=64*3;
- len=hex2bin(ibuf+7,aKey);
- if(len != 8)
- {
- printf("Invalid KEY\n");
- err=1;
- break;
- }
- memcpy(aKey+8,aKey,8);
- memcpy(aKey+16,aKey,8);
- ibuf[4]='\0';
- PrintValue("KEYs",aKey,len);
- ++step;
- }
- else if(!strncasecmp(ibuf,"KEY",3))
- {
- int n=ibuf[3]-'1';
-
- akeysz=64*3;
- len=hex2bin(ibuf+7,aKey+n*8);
- if(len != 8)
- {
- printf("Invalid KEY\n");
- err=1;
- break;
- }
- ibuf[4]='\0';
- PrintValue(ibuf,aKey,len);
- if(n == 2)
- ++step;
- }
- else
- {
- printf("Missing KEY\n");
- err = 1;
- }
- break;
-
- case 3: /* IV = xxxx */
- fputs(ibuf, rfp);
- if (strncasecmp(ibuf, "IV = ", 5) != 0)
- {
- printf("Missing IV\n");
- err = 1;
- }
- else
- {
- len = hex2bin((char*)ibuf+5, iVec);
- if (len < 0)
- {
- printf("Invalid IV\n");
- err =1;
- break;
- }
- PrintValue("IV", iVec, len);
- step = (dir)? 4: 5;
- }
- break;
-
- case 4: /* PLAINTEXT = xxxx */
- fputs(ibuf, rfp);
- if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0)
- {
- printf("Missing PLAINTEXT\n");
- err = 1;
- }
- else
- {
- int nn = strlen(ibuf+12);
- if(!strcmp(amode,"CFB1"))
- len=bint2bin(ibuf+12,nn-1,plaintext);
- else
- len=hex2bin(ibuf+12, plaintext);
- if (len < 0)
- {
- printf("Invalid PLAINTEXT: %s", ibuf+12);
- err =1;
- break;
- }
- if (len >= (int)sizeof(plaintext))
- {
- printf("Buffer overflow\n");
- }
- PrintValue("PLAINTEXT", (unsigned char*)plaintext, len);
- if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
- {
- do_mct(amode,akeysz,numkeys,aKey,iVec,dir,plaintext,len,rfp);
- }
- else
- {
- assert(dir == 1);
- ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
- dir, /* 0 = decrypt, 1 = encrypt */
- ciphertext, plaintext, len);
- OutputValue("CIPHERTEXT",ciphertext,len,rfp,
- !strcmp(amode,"CFB1"));
- }
- step = 6;
- }
- break;
-
- case 5: /* CIPHERTEXT = xxxx */
- fputs(ibuf, rfp);
- if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0)
- {
- printf("Missing KEY\n");
- err = 1;
- }
- else
- {
- if(!strcmp(amode,"CFB1"))
- len=bint2bin(ibuf+13,strlen(ibuf+13)-1,ciphertext);
- else
- len = hex2bin(ibuf+13,ciphertext);
- if (len < 0)
- {
- printf("Invalid CIPHERTEXT\n");
- err =1;
- break;
- }
-
- PrintValue("CIPHERTEXT", ciphertext, len);
- if (strcmp(atest, "Monte") == 0) /* Monte Carlo Test */
- {
- do_mct(amode, akeysz, numkeys, aKey, iVec,
- dir, ciphertext, len, rfp);
- }
- else
- {
- assert(dir == 0);
- ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
- dir, /* 0 = decrypt, 1 = encrypt */
- plaintext, ciphertext, len);
- OutputValue("PLAINTEXT",(unsigned char *)plaintext,len,rfp,
- !strcmp(amode,"CFB1"));
- }
- step = 6;
- }
- break;
-
- case 6:
- if (ibuf[0] != '\n')
- {
- err = 1;
- printf("Missing terminator\n");
- }
- else if (strcmp(atest, "MCT") != 0)
- { /* MCT already added terminating nl */
- fputs(ibuf, rfp);
- }
- step = 1;
- break;
- }
- }
- if (rfp)
- fclose(rfp);
- if (afp)
- fclose(afp);
- return err;
- }
-
-/*--------------------------------------------------
- Processes either a single file or
- a set of files whose names are passed in a file.
- A single file is specified as:
- aes_test -f xxx.req
- A set of files is specified as:
- aes_test -d xxxxx.xxx
- The default is: -d req.txt
---------------------------------------------------*/
-int main(int argc, char **argv)
- {
- char *rqlist = "req.txt", *rspfile = NULL;
- FILE *fp = NULL;
- char fn[250] = "", rfn[256] = "";
- int f_opt = 0, d_opt = 1;
-
-#ifdef OPENSSL_FIPS
- if(!FIPS_mode_set(1))
- {
- do_print_errors();
- EXIT(1);
- }
-#endif
- if (argc > 1)
- {
- if (strcasecmp(argv[1], "-d") == 0)
- {
- d_opt = 1;
- }
- else if (strcasecmp(argv[1], "-f") == 0)
- {
- f_opt = 1;
- d_opt = 0;
- }
- else
- {
- printf("Invalid parameter: %s\n", argv[1]);
- return 0;
- }
- if (argc < 3)
- {
- printf("Missing parameter\n");
- return 0;
- }
- if (d_opt)
- rqlist = argv[2];
- else
- {
- strcpy(fn, argv[2]);
- rspfile = argv[3];
- }
- }
- if (d_opt)
- { /* list of files (directory) */
- if (!(fp = fopen(rqlist, "r")))
- {
- printf("Cannot open req list file\n");
- return -1;
- }
- while (fgets(fn, sizeof(fn), fp))
- {
- strtok(fn, "\r\n");
- strcpy(rfn, fn);
- printf("Processing: %s\n", rfn);
- if (proc_file(rfn, rspfile))
- {
- printf(">>> Processing failed for: %s <<<\n", rfn);
- EXIT(1);
- }
- }
- fclose(fp);
- }
- else /* single file */
- {
- if (VERBOSE)
- printf("Processing: %s\n", fn);
- if (proc_file(fn, rspfile))
- {
- printf(">>> Processing failed for: %s <<<\n", fn);
- }
- }
- EXIT(0);
- return 0;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/des/fips_desmovs.c (from rev 6976, vendor-crypto/openssl/dist/fips/des/fips_desmovs.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/des/fips_desmovs.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/des/fips_desmovs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,625 @@
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+/* --------------------------------------------
+ NIST DES Modes of Operation Validation System
+ Test Program
+
+ Based on the AES Validation Suite, which was:
+ Donated to OpenSSL by:
+ V-ONE Corporation
+ 20250 Century Blvd, Suite 300
+ Germantown, MD 20874
+ U.S.A.
+ ----------------------------------------------*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include <ctype.h>
+#include <openssl/des.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#include <openssl/err.h>
+#include "e_os.h"
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS DES support\n");
+ return (0);
+}
+
+#else
+
+# include <openssl/fips.h>
+# include "fips_utl.h"
+
+# define DES_BLOCK_SIZE 8
+
+# define VERBOSE 0
+
+static int DESTest(EVP_CIPHER_CTX *ctx,
+ char *amode, int akeysz, unsigned char *aKey,
+ unsigned char *iVec,
+ /* 0 = decrypt, 1 = encrypt */
+ int dir, unsigned char *out, unsigned char *in, int len)
+{
+ const EVP_CIPHER *cipher = NULL;
+
+ if (akeysz != 192) {
+ printf("Invalid key size: %d\n", akeysz);
+ EXIT(1);
+ }
+
+ if (strcasecmp(amode, "CBC") == 0)
+ cipher = EVP_des_ede3_cbc();
+ else if (strcasecmp(amode, "ECB") == 0)
+ cipher = EVP_des_ede3_ecb();
+ else if (strcasecmp(amode, "CFB64") == 0)
+ cipher = EVP_des_ede3_cfb64();
+ else if (strncasecmp(amode, "OFB", 3) == 0)
+ cipher = EVP_des_ede3_ofb();
+ else if (!strcasecmp(amode, "CFB8"))
+ cipher = EVP_des_ede3_cfb8();
+ else if (!strcasecmp(amode, "CFB1"))
+ cipher = EVP_des_ede3_cfb1();
+ else {
+ printf("Unknown mode: %s\n", amode);
+ EXIT(1);
+ }
+
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, aKey, iVec, dir) <= 0)
+ return 0;
+ if (!strcasecmp(amode, "CFB1"))
+ M_EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS);
+ EVP_Cipher(ctx, out, in, len);
+
+ return 1;
+}
+
+# if 0
+static void DebugValue(char *tag, unsigned char *val, int len)
+{
+ char obuf[2048];
+ int olen;
+ olen = bin2hex(val, len, obuf);
+ printf("%s = %.*s\n", tag, olen, obuf);
+}
+# endif
+static void shiftin(unsigned char *dst, unsigned char *src, int nbits)
+{
+ int n;
+
+ /* move the bytes... */
+ memmove(dst, dst + nbits / 8, 3 * 8 - nbits / 8);
+ /* append new data */
+ memcpy(dst + 3 * 8 - nbits / 8, src, (nbits + 7) / 8);
+ /* left shift the bits */
+ if (nbits % 8)
+ for (n = 0; n < 3 * 8; ++n)
+ dst[n] =
+ (dst[n] << (nbits % 8)) | (dst[n + 1] >> (8 - nbits % 8));
+}
+
+/* ---------------------------------------------*/
+char *t_tag[2] = { "PLAINTEXT", "CIPHERTEXT" };
+char *t_mode[6] = { "CBC", "ECB", "OFB", "CFB1", "CFB8", "CFB64" };
+enum Mode { CBC, ECB, OFB, CFB1, CFB8, CFB64 };
+int Sizes[6] = { 64, 64, 64, 1, 8, 64 };
+
+static void do_mct(char *amode,
+ int akeysz, int numkeys, unsigned char *akey,
+ unsigned char *ivec, int dir, unsigned char *text, int len,
+ FILE *rfp)
+{
+ int i, imode;
+ unsigned char nk[4 * 8]; /* longest key+8 */
+ unsigned char text0[8];
+
+ for (imode = 0; imode < 6; ++imode)
+ if (!strcmp(amode, t_mode[imode]))
+ break;
+ if (imode == 6) {
+ printf("Unrecognized mode: %s\n", amode);
+ EXIT(1);
+ }
+
+ for (i = 0; i < 400; ++i) {
+ int j;
+ int n;
+ int kp = akeysz / 64;
+ unsigned char old_iv[8];
+ EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX_init(&ctx);
+
+ fprintf(rfp, "\nCOUNT = %d\n", i);
+ if (kp == 1)
+ OutputValue("KEY", akey, 8, rfp, 0);
+ else
+ for (n = 0; n < kp; ++n) {
+ fprintf(rfp, "KEY%d", n + 1);
+ OutputValue("", akey + n * 8, 8, rfp, 0);
+ }
+
+ if (imode != ECB)
+ OutputValue("IV", ivec, 8, rfp, 0);
+ OutputValue(t_tag[dir ^ 1], text, len, rfp, imode == CFB1);
+# if 0
+ /* compensate for endianness */
+ if (imode == CFB1)
+ text[0] <<= 7;
+# endif
+ memcpy(text0, text, 8);
+
+ for (j = 0; j < 10000; ++j) {
+ unsigned char old_text[8];
+
+ memcpy(old_text, text, 8);
+ if (j == 0) {
+ memcpy(old_iv, ivec, 8);
+ DESTest(&ctx, amode, akeysz, akey, ivec, dir, text, text,
+ len);
+ } else {
+ memcpy(old_iv, ctx.iv, 8);
+ EVP_Cipher(&ctx, text, text, len);
+ }
+ if (j == 9999) {
+ OutputValue(t_tag[dir], text, len, rfp, imode == CFB1);
+ /* memcpy(ivec,text,8); */
+ }
+ /* DebugValue("iv",ctx.iv,8); */
+ /* accumulate material for the next key */
+ shiftin(nk, text, Sizes[imode]);
+ /* DebugValue("nk",nk,24); */
+ if ((dir && (imode == CFB1 || imode == CFB8 || imode == CFB64
+ || imode == CBC)) || imode == OFB)
+ memcpy(text, old_iv, 8);
+
+ if (!dir && (imode == CFB1 || imode == CFB8 || imode == CFB64)) {
+ /*
+ * the test specifies using the output of the raw DES
+ * operation which we don't have, so reconstruct it...
+ */
+ for (n = 0; n < 8; ++n)
+ text[n] ^= old_text[n];
+ }
+ }
+ for (n = 0; n < 8; ++n)
+ akey[n] ^= nk[16 + n];
+ for (n = 0; n < 8; ++n)
+ akey[8 + n] ^= nk[8 + n];
+ for (n = 0; n < 8; ++n)
+ akey[16 + n] ^= nk[n];
+ if (numkeys < 3)
+ memcpy(&akey[2 * 8], akey, 8);
+ if (numkeys < 2)
+ memcpy(&akey[8], akey, 8);
+ DES_set_odd_parity((DES_cblock *)akey);
+ DES_set_odd_parity((DES_cblock *)(akey + 8));
+ DES_set_odd_parity((DES_cblock *)(akey + 16));
+ memcpy(ivec, ctx.iv, 8);
+
+ /*
+ * pointless exercise - the final text doesn't depend on the initial
+ * text in OFB mode, so who cares what it is? (Who designed these
+ * tests?)
+ */
+ if (imode == OFB)
+ for (n = 0; n < 8; ++n)
+ text[n] = text0[n] ^ old_iv[n];
+ }
+}
+
+static int proc_file(char *rqfile, char *rspfile)
+{
+ char afn[256], rfn[256];
+ FILE *afp = NULL, *rfp = NULL;
+ char ibuf[2048], tbuf[2048];
+ int ilen, len, ret = 0;
+ char amode[8] = "";
+ char atest[100] = "";
+ int akeysz = 0;
+ unsigned char iVec[20], aKey[40];
+ int dir = -1, err = 0, step = 0;
+ unsigned char plaintext[2048];
+ unsigned char ciphertext[2048];
+ char *rp;
+ EVP_CIPHER_CTX ctx;
+ int numkeys = 1;
+ EVP_CIPHER_CTX_init(&ctx);
+
+ if (!rqfile || !(*rqfile)) {
+ printf("No req file\n");
+ return -1;
+ }
+ strcpy(afn, rqfile);
+
+ if ((afp = fopen(afn, "r")) == NULL) {
+ printf("Cannot open file: %s, %s\n", afn, strerror(errno));
+ return -1;
+ }
+ if (!rspfile) {
+ strcpy(rfn, afn);
+ rp = strstr(rfn, "req/");
+# ifdef OPENSSL_SYS_WIN32
+ if (!rp)
+ rp = strstr(rfn, "req\\");
+# endif
+ assert(rp);
+ memcpy(rp, "rsp", 3);
+ rp = strstr(rfn, ".req");
+ memcpy(rp, ".rsp", 4);
+ rspfile = rfn;
+ }
+ if ((rfp = fopen(rspfile, "w")) == NULL) {
+ printf("Cannot open file: %s, %s\n", rfn, strerror(errno));
+ fclose(afp);
+ afp = NULL;
+ return -1;
+ }
+ while (!err && (fgets(ibuf, sizeof(ibuf), afp)) != NULL) {
+ tidy_line(tbuf, ibuf);
+ ilen = strlen(ibuf);
+ /* printf("step=%d ibuf=%s",step,ibuf); */
+ if (step == 3 && !strcmp(amode, "ECB")) {
+ memset(iVec, 0, sizeof(iVec));
+ step = (dir) ? 4 : 5; /* no ivec for ECB */
+ }
+ switch (step) {
+ case 0: /* read preamble */
+ if (ibuf[0] == '\n') { /* end of preamble */
+ if (*amode == '\0') {
+ printf("Missing Mode\n");
+ err = 1;
+ } else {
+ fputs(ibuf, rfp);
+ ++step;
+ }
+ } else if (ibuf[0] != '#') {
+ printf("Invalid preamble item: %s\n", ibuf);
+ err = 1;
+ } else { /* process preamble */
+ char *xp, *pp = ibuf + 2;
+ int n;
+ if (*amode) { /* insert current time & date */
+ time_t rtim = time(0);
+ fprintf(rfp, "# %s", ctime(&rtim));
+ } else {
+ fputs(ibuf, rfp);
+ if (!strncmp(pp, "INVERSE ", 8) || !strncmp(pp, "DES ", 4)
+ || !strncmp(pp, "TDES ", 5)
+ || !strncmp(pp, "PERMUTATION ", 12)
+ || !strncmp(pp, "SUBSTITUTION ", 13)
+ || !strncmp(pp, "VARIABLE ", 9)) {
+ /* get test type */
+ if (!strncmp(pp, "DES ", 4))
+ pp += 4;
+ else if (!strncmp(pp, "TDES ", 5))
+ pp += 5;
+ xp = strchr(pp, ' ');
+ n = xp - pp;
+ strncpy(atest, pp, n);
+ atest[n] = '\0';
+ /* get mode */
+ xp = strrchr(pp, ' '); /* get mode" */
+ n = strlen(xp + 1) - 1;
+ strncpy(amode, xp + 1, n);
+ amode[n] = '\0';
+ /* amode[3] = '\0'; */
+ if (VERBOSE)
+ printf("Test=%s, Mode=%s\n", atest, amode);
+ }
+ }
+ }
+ break;
+
+ case 1: /* [ENCRYPT] | [DECRYPT] */
+ if (ibuf[0] == '\n')
+ break;
+ if (ibuf[0] == '[') {
+ fputs(ibuf, rfp);
+ ++step;
+ if (strncasecmp(ibuf, "[ENCRYPT]", 9) == 0)
+ dir = 1;
+ else if (strncasecmp(ibuf, "[DECRYPT]", 9) == 0)
+ dir = 0;
+ else {
+ printf("Invalid keyword: %s\n", ibuf);
+ err = 1;
+ }
+ break;
+ } else if (dir == -1) {
+ err = 1;
+ printf("Missing ENCRYPT/DECRYPT keyword\n");
+ break;
+ } else
+ step = 2;
+
+ case 2: /* KEY = xxxx */
+ if (*ibuf == '\n') {
+ fputs(ibuf, rfp);
+ break;
+ }
+ if (!strncasecmp(ibuf, "COUNT = ", 8)) {
+ fputs(ibuf, rfp);
+ break;
+ }
+ if (!strncasecmp(ibuf, "COUNT=", 6)) {
+ fputs(ibuf, rfp);
+ break;
+ }
+ if (!strncasecmp(ibuf, "NumKeys = ", 10)) {
+ numkeys = atoi(ibuf + 10);
+ break;
+ }
+
+ fputs(ibuf, rfp);
+ if (!strncasecmp(ibuf, "KEY = ", 6)) {
+ akeysz = 64;
+ len = hex2bin((char *)ibuf + 6, aKey);
+ if (len < 0) {
+ printf("Invalid KEY\n");
+ err = 1;
+ break;
+ }
+ PrintValue("KEY", aKey, len);
+ ++step;
+ } else if (!strncasecmp(ibuf, "KEYs = ", 7)) {
+ akeysz = 64 * 3;
+ len = hex2bin(ibuf + 7, aKey);
+ if (len != 8) {
+ printf("Invalid KEY\n");
+ err = 1;
+ break;
+ }
+ memcpy(aKey + 8, aKey, 8);
+ memcpy(aKey + 16, aKey, 8);
+ ibuf[4] = '\0';
+ PrintValue("KEYs", aKey, len);
+ ++step;
+ } else if (!strncasecmp(ibuf, "KEY", 3)) {
+ int n = ibuf[3] - '1';
+
+ akeysz = 64 * 3;
+ len = hex2bin(ibuf + 7, aKey + n * 8);
+ if (len != 8) {
+ printf("Invalid KEY\n");
+ err = 1;
+ break;
+ }
+ ibuf[4] = '\0';
+ PrintValue(ibuf, aKey, len);
+ if (n == 2)
+ ++step;
+ } else {
+ printf("Missing KEY\n");
+ err = 1;
+ }
+ break;
+
+ case 3: /* IV = xxxx */
+ fputs(ibuf, rfp);
+ if (strncasecmp(ibuf, "IV = ", 5) != 0) {
+ printf("Missing IV\n");
+ err = 1;
+ } else {
+ len = hex2bin((char *)ibuf + 5, iVec);
+ if (len < 0) {
+ printf("Invalid IV\n");
+ err = 1;
+ break;
+ }
+ PrintValue("IV", iVec, len);
+ step = (dir) ? 4 : 5;
+ }
+ break;
+
+ case 4: /* PLAINTEXT = xxxx */
+ fputs(ibuf, rfp);
+ if (strncasecmp(ibuf, "PLAINTEXT = ", 12) != 0) {
+ printf("Missing PLAINTEXT\n");
+ err = 1;
+ } else {
+ int nn = strlen(ibuf + 12);
+ if (!strcmp(amode, "CFB1"))
+ len = bint2bin(ibuf + 12, nn - 1, plaintext);
+ else
+ len = hex2bin(ibuf + 12, plaintext);
+ if (len < 0) {
+ printf("Invalid PLAINTEXT: %s", ibuf + 12);
+ err = 1;
+ break;
+ }
+ if (len >= (int)sizeof(plaintext)) {
+ printf("Buffer overflow\n");
+ }
+ PrintValue("PLAINTEXT", (unsigned char *)plaintext, len);
+ if (strcmp(atest, "Monte") == 0) { /* Monte Carlo Test */
+ do_mct(amode, akeysz, numkeys, aKey, iVec, dir, plaintext,
+ len, rfp);
+ } else {
+ assert(dir == 1);
+ ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
+ /* 0 = decrypt, 1 = encrypt */
+ dir, ciphertext, plaintext, len);
+ OutputValue("CIPHERTEXT", ciphertext, len, rfp,
+ !strcmp(amode, "CFB1"));
+ }
+ step = 6;
+ }
+ break;
+
+ case 5: /* CIPHERTEXT = xxxx */
+ fputs(ibuf, rfp);
+ if (strncasecmp(ibuf, "CIPHERTEXT = ", 13) != 0) {
+ printf("Missing KEY\n");
+ err = 1;
+ } else {
+ if (!strcmp(amode, "CFB1"))
+ len =
+ bint2bin(ibuf + 13, strlen(ibuf + 13) - 1,
+ ciphertext);
+ else
+ len = hex2bin(ibuf + 13, ciphertext);
+ if (len < 0) {
+ printf("Invalid CIPHERTEXT\n");
+ err = 1;
+ break;
+ }
+
+ PrintValue("CIPHERTEXT", ciphertext, len);
+ if (strcmp(atest, "Monte") == 0) { /* Monte Carlo Test */
+ do_mct(amode, akeysz, numkeys, aKey, iVec,
+ dir, ciphertext, len, rfp);
+ } else {
+ assert(dir == 0);
+ ret = DESTest(&ctx, amode, akeysz, aKey, iVec,
+ /* 0 = decrypt, 1 = encrypt */
+ dir, plaintext, ciphertext, len);
+ OutputValue("PLAINTEXT", (unsigned char *)plaintext, len,
+ rfp, !strcmp(amode, "CFB1"));
+ }
+ step = 6;
+ }
+ break;
+
+ case 6:
+ if (ibuf[0] != '\n') {
+ err = 1;
+ printf("Missing terminator\n");
+ } else if (strcmp(atest, "MCT") != 0) { /* MCT already added
+ * terminating nl */
+ fputs(ibuf, rfp);
+ }
+ step = 1;
+ break;
+ }
+ }
+ if (rfp)
+ fclose(rfp);
+ if (afp)
+ fclose(afp);
+ return err;
+}
+
+/* -------------------------------------------------
+ Processes either a single file or
+ a set of files whose names are passed in a file.
+ A single file is specified as:
+ aes_test -f xxx.req
+ A set of files is specified as:
+ aes_test -d xxxxx.xxx
+ The default is: -d req.txt
+--------------------------------------------------*/
+int main(int argc, char **argv)
+{
+ char *rqlist = "req.txt", *rspfile = NULL;
+ FILE *fp = NULL;
+ char fn[250] = "", rfn[256] = "";
+ int f_opt = 0, d_opt = 1;
+
+# ifdef OPENSSL_FIPS
+ if (!FIPS_mode_set(1)) {
+ do_print_errors();
+ EXIT(1);
+ }
+# endif
+ if (argc > 1) {
+ if (strcasecmp(argv[1], "-d") == 0) {
+ d_opt = 1;
+ } else if (strcasecmp(argv[1], "-f") == 0) {
+ f_opt = 1;
+ d_opt = 0;
+ } else {
+ printf("Invalid parameter: %s\n", argv[1]);
+ return 0;
+ }
+ if (argc < 3) {
+ printf("Missing parameter\n");
+ return 0;
+ }
+ if (d_opt)
+ rqlist = argv[2];
+ else {
+ strcpy(fn, argv[2]);
+ rspfile = argv[3];
+ }
+ }
+ if (d_opt) { /* list of files (directory) */
+ if (!(fp = fopen(rqlist, "r"))) {
+ printf("Cannot open req list file\n");
+ return -1;
+ }
+ while (fgets(fn, sizeof(fn), fp)) {
+ strtok(fn, "\r\n");
+ strcpy(rfn, fn);
+ printf("Processing: %s\n", rfn);
+ if (proc_file(rfn, rspfile)) {
+ printf(">>> Processing failed for: %s <<<\n", rfn);
+ EXIT(1);
+ }
+ }
+ fclose(fp);
+ } else { /* single file */
+
+ if (VERBOSE)
+ printf("Processing: %s\n", fn);
+ if (proc_file(fn, rspfile)) {
+ printf(">>> Processing failed for: %s <<<\n", fn);
+ }
+ }
+ EXIT(0);
+ return 0;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dh/dh_gen.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dh/dh_gen.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dh/dh_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,179 +0,0 @@
-/* crypto/dh/dh_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* NB: These functions have been upgraded - the previous prototypes are in
- * dh_depr.c as wrappers to these ones.
- * - Geoff
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-#ifndef OPENSSL_FIPS
-
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
-
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
- {
- if(ret->meth->generate_params)
- return ret->meth->generate_params(ret, prime_len, generator, cb);
- return dh_builtin_genparams(ret, prime_len, generator, cb);
- }
-
-/* We generate DH parameters as follows
- * find a prime q which is prime_len/2 bits long.
- * p=(2*q)+1 or (p-1)/2 = q
- * For this case, g is a generator if
- * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
- * Since the factors of p-1 are q and 2, we just need to check
- * g^2 mod p != 1 and g^q mod p != 1.
- *
- * Having said all that,
- * there is another special case method for the generators 2, 3 and 5.
- * for 2, p mod 24 == 11
- * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
- * for 5, p mod 10 == 3 or 7
- *
- * Thanks to Phil Karn <karn at qualcomm.com> for the pointers about the
- * special generators and for answering some of my questions.
- *
- * I've implemented the second simple method :-).
- * Since DH should be using a safe prime (both p and q are prime),
- * this generator function can take a very very long time to run.
- */
-/* Actually there is no reason to insist that 'generator' be a generator.
- * It's just as OK (and in some sense better) to use a generator of the
- * order-q subgroup.
- */
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
- {
- BIGNUM *t1,*t2;
- int g,ok= -1;
- BN_CTX *ctx=NULL;
-
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- t1 = BN_CTX_get(ctx);
- t2 = BN_CTX_get(ctx);
- if (t1 == NULL || t2 == NULL) goto err;
-
- /* Make sure 'ret' has the necessary elements */
- if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
- if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
-
- if (generator <= 1)
- {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
- goto err;
- }
- if (generator == DH_GENERATOR_2)
- {
- if (!BN_set_word(t1,24)) goto err;
- if (!BN_set_word(t2,11)) goto err;
- g=2;
- }
-#if 0 /* does not work for safe primes */
- else if (generator == DH_GENERATOR_3)
- {
- if (!BN_set_word(t1,12)) goto err;
- if (!BN_set_word(t2,5)) goto err;
- g=3;
- }
-#endif
- else if (generator == DH_GENERATOR_5)
- {
- if (!BN_set_word(t1,10)) goto err;
- if (!BN_set_word(t2,3)) goto err;
- /* BN_set_word(t3,7); just have to miss
- * out on these ones :-( */
- g=5;
- }
- else
- {
- /* in the general case, don't worry if 'generator' is a
- * generator or not: since we are using safe primes,
- * it will generate either an order-q or an order-2q group,
- * which both is OK */
- if (!BN_set_word(t1,2)) goto err;
- if (!BN_set_word(t2,1)) goto err;
- g=generator;
- }
-
- if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
- if(!BN_GENCB_call(cb, 3, 0)) goto err;
- if (!BN_set_word(ret->g,g)) goto err;
- ok=1;
-err:
- if (ok == -1)
- {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
- ok=0;
- }
-
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return ok;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/dh/dh_gen.c (from rev 6976, vendor-crypto/openssl/dist/fips/dh/dh_gen.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dh/dh_gen.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dh/dh_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,193 @@
+/* crypto/dh/dh_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones. - Geoff
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+#ifndef OPENSSL_FIPS
+
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb);
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb)
+{
+ if (ret->meth->generate_params)
+ return ret->meth->generate_params(ret, prime_len, generator, cb);
+ return dh_builtin_genparams(ret, prime_len, generator, cb);
+}
+
+/*-
+ * We generate DH parameters as follows
+ * find a prime q which is prime_len/2 bits long.
+ * p=(2*q)+1 or (p-1)/2 = q
+ * For this case, g is a generator if
+ * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
+ * Since the factors of p-1 are q and 2, we just need to check
+ * g^2 mod p != 1 and g^q mod p != 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
+ * for 5, p mod 10 == 3 or 7
+ *
+ * Thanks to Phil Karn <karn at qualcomm.com> for the pointers about the
+ * special generators and for answering some of my questions.
+ *
+ * I've implemented the second simple method :-).
+ * Since DH should be using a safe prime (both p and q are prime),
+ * this generator function can take a very very long time to run.
+ */
+/*
+ * Actually there is no reason to insist that 'generator' be a generator.
+ * It's just as OK (and in some sense better) to use a generator of the
+ * order-q subgroup.
+ */
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb)
+{
+ BIGNUM *t1, *t2;
+ int g, ok = -1;
+ BN_CTX *ctx = NULL;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ t2 = BN_CTX_get(ctx);
+ if (t1 == NULL || t2 == NULL)
+ goto err;
+
+ /* Make sure 'ret' has the necessary elements */
+ if (!ret->p && ((ret->p = BN_new()) == NULL))
+ goto err;
+ if (!ret->g && ((ret->g = BN_new()) == NULL))
+ goto err;
+
+ if (generator <= 1) {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
+ goto err;
+ }
+ if (generator == DH_GENERATOR_2) {
+ if (!BN_set_word(t1, 24))
+ goto err;
+ if (!BN_set_word(t2, 11))
+ goto err;
+ g = 2;
+ }
+# if 0 /* does not work for safe primes */
+ else if (generator == DH_GENERATOR_3) {
+ if (!BN_set_word(t1, 12))
+ goto err;
+ if (!BN_set_word(t2, 5))
+ goto err;
+ g = 3;
+ }
+# endif
+ else if (generator == DH_GENERATOR_5) {
+ if (!BN_set_word(t1, 10))
+ goto err;
+ if (!BN_set_word(t2, 3))
+ goto err;
+ /*
+ * BN_set_word(t3,7); just have to miss out on these ones :-(
+ */
+ g = 5;
+ } else {
+ /*
+ * in the general case, don't worry if 'generator' is a generator or
+ * not: since we are using safe primes, it will generate either an
+ * order-q or an order-2q group, which both is OK
+ */
+ if (!BN_set_word(t1, 2))
+ goto err;
+ if (!BN_set_word(t2, 1))
+ goto err;
+ g = generator;
+ }
+
+ if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
+ goto err;
+ if (!BN_GENCB_call(cb, 3, 0))
+ goto err;
+ if (!BN_set_word(ret->g, g))
+ goto err;
+ ok = 1;
+ err:
+ if (ok == -1) {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
+ ok = 0;
+ }
+
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return ok;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_check.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dh/fips_dh_check.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_check.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,147 +0,0 @@
-/* crypto/dh/dh_check.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-
-/* Check that p is a safe prime and
- * if g is 2, 3 or 5, check that is is a suitable generator
- * where
- * for 2, p mod 24 == 11
- * for 3, p mod 12 == 5
- * for 5, p mod 10 == 3 or 7
- * should hold.
- */
-
-#ifdef OPENSSL_FIPS
-
-int DH_check(const DH *dh, int *ret)
- {
- int ok=0;
- BN_CTX *ctx=NULL;
- BN_ULONG l;
- BIGNUM *q=NULL;
-
- *ret=0;
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
- q=BN_new();
- if (q == NULL) goto err;
-
- if (BN_is_word(dh->g,DH_GENERATOR_2))
- {
- l=BN_mod_word(dh->p,24);
- if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
-#if 0
- else if (BN_is_word(dh->g,DH_GENERATOR_3))
- {
- l=BN_mod_word(dh->p,12);
- if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
-#endif
- else if (BN_is_word(dh->g,DH_GENERATOR_5))
- {
- l=BN_mod_word(dh->p,10);
- if ((l != 3) && (l != 7))
- *ret|=DH_NOT_SUITABLE_GENERATOR;
- }
- else
- *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
-
- if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
- *ret|=DH_CHECK_P_NOT_PRIME;
- else
- {
- if (!BN_rshift1(q,dh->p)) goto err;
- if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
- *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
- }
- ok=1;
-err:
- if (ctx != NULL) BN_CTX_free(ctx);
- if (q != NULL) BN_free(q);
- return(ok);
- }
-
-int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
- {
- int ok=0;
- BIGNUM *q=NULL;
-
- *ret=0;
- q=BN_new();
- if (q == NULL) goto err;
- BN_set_word(q,1);
- if (BN_cmp(pub_key,q) <= 0)
- *ret|=DH_CHECK_PUBKEY_TOO_SMALL;
- BN_copy(q,dh->p);
- BN_sub_word(q,1);
- if (BN_cmp(pub_key,q) >= 0)
- *ret|=DH_CHECK_PUBKEY_TOO_LARGE;
-
- ok = 1;
-err:
- if (q != NULL) BN_free(q);
- return(ok);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_check.c (from rev 6976, vendor-crypto/openssl/dist/fips/dh/fips_dh_check.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_check.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_check.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,152 @@
+/* crypto/dh/dh_check.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+/*-
+ * Check that p is a safe prime and
+ * if g is 2, 3 or 5, check that is is a suitable generator
+ * where
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5
+ * for 5, p mod 10 == 3 or 7
+ * should hold.
+ */
+
+#ifdef OPENSSL_FIPS
+
+int DH_check(const DH *dh, int *ret)
+{
+ int ok = 0;
+ BN_CTX *ctx = NULL;
+ BN_ULONG l;
+ BIGNUM *q = NULL;
+
+ *ret = 0;
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ q = BN_new();
+ if (q == NULL)
+ goto err;
+
+ if (BN_is_word(dh->g, DH_GENERATOR_2)) {
+ l = BN_mod_word(dh->p, 24);
+ if (l != 11)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ }
+# if 0
+ else if (BN_is_word(dh->g, DH_GENERATOR_3)) {
+ l = BN_mod_word(dh->p, 12);
+ if (l != 5)
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ }
+# endif
+ else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
+ l = BN_mod_word(dh->p, 10);
+ if ((l != 3) && (l != 7))
+ *ret |= DH_NOT_SUITABLE_GENERATOR;
+ } else
+ *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
+
+ if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
+ *ret |= DH_CHECK_P_NOT_PRIME;
+ else {
+ if (!BN_rshift1(q, dh->p))
+ goto err;
+ if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL))
+ *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
+ }
+ ok = 1;
+ err:
+ if (ctx != NULL)
+ BN_CTX_free(ctx);
+ if (q != NULL)
+ BN_free(q);
+ return (ok);
+}
+
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+{
+ int ok = 0;
+ BIGNUM *q = NULL;
+
+ *ret = 0;
+ q = BN_new();
+ if (q == NULL)
+ goto err;
+ BN_set_word(q, 1);
+ if (BN_cmp(pub_key, q) <= 0)
+ *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
+ BN_copy(q, dh->p);
+ BN_sub_word(q, 1);
+ if (BN_cmp(pub_key, q) >= 0)
+ *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
+
+ ok = 1;
+ err:
+ if (q != NULL)
+ BN_free(q);
+ return (ok);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_gen.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dh/fips_dh_gen.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,192 +0,0 @@
-/* crypto/dh/dh_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* NB: These functions have been upgraded - the previous prototypes are in
- * dh_depr.c as wrappers to these ones.
- * - Geoff
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-
-#ifdef OPENSSL_FIPS
-
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
-
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
- {
- if(ret->meth->generate_params)
- return ret->meth->generate_params(ret, prime_len, generator, cb);
- return dh_builtin_genparams(ret, prime_len, generator, cb);
- }
-
-/* We generate DH parameters as follows
- * find a prime q which is prime_len/2 bits long.
- * p=(2*q)+1 or (p-1)/2 = q
- * For this case, g is a generator if
- * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
- * Since the factors of p-1 are q and 2, we just need to check
- * g^2 mod p != 1 and g^q mod p != 1.
- *
- * Having said all that,
- * there is another special case method for the generators 2, 3 and 5.
- * for 2, p mod 24 == 11
- * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
- * for 5, p mod 10 == 3 or 7
- *
- * Thanks to Phil Karn <karn at qualcomm.com> for the pointers about the
- * special generators and for answering some of my questions.
- *
- * I've implemented the second simple method :-).
- * Since DH should be using a safe prime (both p and q are prime),
- * this generator function can take a very very long time to run.
- */
-/* Actually there is no reason to insist that 'generator' be a generator.
- * It's just as OK (and in some sense better) to use a generator of the
- * order-q subgroup.
- */
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
- {
- BIGNUM *t1,*t2;
- int g,ok= -1;
- BN_CTX *ctx=NULL;
-
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS,FIPS_R_FIPS_SELFTEST_FAILED);
- return 0;
- }
-
- if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
- {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
- goto err;
- }
-
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- t1 = BN_CTX_get(ctx);
- t2 = BN_CTX_get(ctx);
- if (t1 == NULL || t2 == NULL) goto err;
-
- /* Make sure 'ret' has the necessary elements */
- if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
- if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
-
- if (generator <= 1)
- {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
- goto err;
- }
- if (generator == DH_GENERATOR_2)
- {
- if (!BN_set_word(t1,24)) goto err;
- if (!BN_set_word(t2,11)) goto err;
- g=2;
- }
-#if 0 /* does not work for safe primes */
- else if (generator == DH_GENERATOR_3)
- {
- if (!BN_set_word(t1,12)) goto err;
- if (!BN_set_word(t2,5)) goto err;
- g=3;
- }
-#endif
- else if (generator == DH_GENERATOR_5)
- {
- if (!BN_set_word(t1,10)) goto err;
- if (!BN_set_word(t2,3)) goto err;
- /* BN_set_word(t3,7); just have to miss
- * out on these ones :-( */
- g=5;
- }
- else
- {
- /* in the general case, don't worry if 'generator' is a
- * generator or not: since we are using safe primes,
- * it will generate either an order-q or an order-2q group,
- * which both is OK */
- if (!BN_set_word(t1,2)) goto err;
- if (!BN_set_word(t2,1)) goto err;
- g=generator;
- }
-
- if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
- if(!BN_GENCB_call(cb, 3, 0)) goto err;
- if (!BN_set_word(ret->g,g)) goto err;
- ok=1;
-err:
- if (ok == -1)
- {
- DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
- ok=0;
- }
-
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return ok;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_gen.c (from rev 6976, vendor-crypto/openssl/dist/fips/dh/fips_dh_gen.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_gen.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,204 @@
+/* crypto/dh/dh_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones. - Geoff
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb);
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb)
+{
+ if (ret->meth->generate_params)
+ return ret->meth->generate_params(ret, prime_len, generator, cb);
+ return dh_builtin_genparams(ret, prime_len, generator, cb);
+}
+
+/*-
+ * We generate DH parameters as follows
+ * find a prime q which is prime_len/2 bits long.
+ * p=(2*q)+1 or (p-1)/2 = q
+ * For this case, g is a generator if
+ * g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
+ * Since the factors of p-1 are q and 2, we just need to check
+ * g^2 mod p != 1 and g^q mod p != 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * for 2, p mod 24 == 11
+ * for 3, p mod 12 == 5 <<<<< does not work for safe primes.
+ * for 5, p mod 10 == 3 or 7
+ *
+ * Thanks to Phil Karn <karn at qualcomm.com> for the pointers about the
+ * special generators and for answering some of my questions.
+ *
+ * I've implemented the second simple method :-).
+ * Since DH should be using a safe prime (both p and q are prime),
+ * this generator function can take a very very long time to run.
+ */
+/*
+ * Actually there is no reason to insist that 'generator' be a generator.
+ * It's just as OK (and in some sense better) to use a generator of the
+ * order-q subgroup.
+ */
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+ BN_GENCB *cb)
+{
+ BIGNUM *t1, *t2;
+ int g, ok = -1;
+ BN_CTX *ctx = NULL;
+
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_DH_BUILTIN_GENPARAMS, FIPS_R_FIPS_SELFTEST_FAILED);
+ return 0;
+ }
+
+ if (FIPS_mode() && (prime_len < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ t1 = BN_CTX_get(ctx);
+ t2 = BN_CTX_get(ctx);
+ if (t1 == NULL || t2 == NULL)
+ goto err;
+
+ /* Make sure 'ret' has the necessary elements */
+ if (!ret->p && ((ret->p = BN_new()) == NULL))
+ goto err;
+ if (!ret->g && ((ret->g = BN_new()) == NULL))
+ goto err;
+
+ if (generator <= 1) {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
+ goto err;
+ }
+ if (generator == DH_GENERATOR_2) {
+ if (!BN_set_word(t1, 24))
+ goto err;
+ if (!BN_set_word(t2, 11))
+ goto err;
+ g = 2;
+ }
+# if 0 /* does not work for safe primes */
+ else if (generator == DH_GENERATOR_3) {
+ if (!BN_set_word(t1, 12))
+ goto err;
+ if (!BN_set_word(t2, 5))
+ goto err;
+ g = 3;
+ }
+# endif
+ else if (generator == DH_GENERATOR_5) {
+ if (!BN_set_word(t1, 10))
+ goto err;
+ if (!BN_set_word(t2, 3))
+ goto err;
+ /*
+ * BN_set_word(t3,7); just have to miss out on these ones :-(
+ */
+ g = 5;
+ } else {
+ /*
+ * in the general case, don't worry if 'generator' is a generator or
+ * not: since we are using safe primes, it will generate either an
+ * order-q or an order-2q group, which both is OK
+ */
+ if (!BN_set_word(t1, 2))
+ goto err;
+ if (!BN_set_word(t2, 1))
+ goto err;
+ g = generator;
+ }
+
+ if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
+ goto err;
+ if (!BN_GENCB_call(cb, 3, 0))
+ goto err;
+ if (!BN_set_word(ret->g, g))
+ goto err;
+ ok = 1;
+ err:
+ if (ok == -1) {
+ DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
+ ok = 0;
+ }
+
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ return ok;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_key.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dh/fips_dh_key.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,276 +0,0 @@
-/* crypto/dh/dh_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RAND
-#include <openssl/rand.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#include <openssl/fips.h>
-
-#ifdef OPENSSL_FIPS
-
-static int generate_key(DH *dh);
-static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-static int dh_init(DH *dh);
-static int dh_finish(DH *dh);
-
-int DH_generate_key(DH *dh)
- {
- return dh->meth->generate_key(dh);
- }
-
-int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- return dh->meth->compute_key(key, pub_key, dh);
- }
-
-static const DH_METHOD dh_ossl = {
-"OpenSSL DH Method",
-generate_key,
-compute_key,
-dh_bn_mod_exp,
-dh_init,
-dh_finish,
-0,
-NULL
-};
-
-const DH_METHOD *DH_OpenSSL(void)
-{
- return &dh_ossl;
-}
-
-static int generate_key(DH *dh)
- {
- int ok=0;
- int generate_new_key=0;
- unsigned l;
- BN_CTX *ctx;
- BN_MONT_CTX *mont=NULL;
- BIGNUM *pub_key=NULL,*priv_key=NULL;
-
- if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
- {
- DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
- return 0;
- }
-
- ctx = BN_CTX_new();
- if (ctx == NULL) goto err;
-
- if (dh->priv_key == NULL)
- {
- priv_key=BN_new();
- if (priv_key == NULL) goto err;
- generate_new_key=1;
- }
- else
- priv_key=dh->priv_key;
-
- if (dh->pub_key == NULL)
- {
- pub_key=BN_new();
- if (pub_key == NULL) goto err;
- }
- else
- pub_key=dh->pub_key;
-
- if (dh->flags & DH_FLAG_CACHE_MONT_P)
- {
- mont = BN_MONT_CTX_set_locked(
- (BN_MONT_CTX **)&dh->method_mont_p,
- CRYPTO_LOCK_DH, dh->p, ctx);
- if (!mont)
- goto err;
- }
-
- if (generate_new_key)
- {
- l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
- if (!BN_rand(priv_key, l, 0, 0)) goto err;
- }
-
- {
- BIGNUM local_prk;
- BIGNUM *prk;
-
- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- BN_init(&local_prk);
- prk = &local_prk;
- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
- }
- else
- prk = priv_key;
-
- if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont))
- goto err;
- }
-
- dh->pub_key=pub_key;
- dh->priv_key=priv_key;
- ok=1;
-err:
- if (ok != 1)
- DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
-
- if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key);
- if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
- BN_CTX_free(ctx);
- return(ok);
- }
-
-static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- {
- BN_CTX *ctx;
- BN_MONT_CTX *mont=NULL;
- BIGNUM *tmp;
- int ret= -1;
-
- ctx = BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- tmp = BN_CTX_get(ctx);
-
- if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
- {
- DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
- goto err;
- }
-
- if (FIPS_mode() && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS))
- {
- DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
- goto err;
- }
-
- if (dh->priv_key == NULL)
- {
- DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
- goto err;
- }
-
- if (dh->flags & DH_FLAG_CACHE_MONT_P)
- {
- mont = BN_MONT_CTX_set_locked(
- (BN_MONT_CTX **)&dh->method_mont_p,
- CRYPTO_LOCK_DH, dh->p, ctx);
- if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- /* XXX */
- BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
- }
- if (!mont)
- goto err;
- }
-
- if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
- {
- DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
- goto err;
- }
-
- ret=BN_bn2bin(tmp,key);
-err:
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- return(ret);
- }
-
-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- /* If a is only one word long and constant time is false, use the faster
- * exponenentiation function.
- */
- if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
- {
- BN_ULONG A = a->d[0];
- return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
- }
- else
- return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
- }
-
-
-static int dh_init(DH *dh)
- {
- FIPS_selftest_check();
- dh->flags |= DH_FLAG_CACHE_MONT_P;
- return(1);
- }
-
-static int dh_finish(DH *dh)
- {
- if(dh->method_mont_p)
- BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
- return(1);
- }
-
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_key.c (from rev 6976, vendor-crypto/openssl/dist/fips/dh/fips_dh_key.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_key.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,267 @@
+/* crypto/dh/dh_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RAND
+# include <openssl/rand.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+# include <openssl/fips.h>
+
+# ifdef OPENSSL_FIPS
+
+static int generate_key(DH *dh);
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int dh_init(DH *dh);
+static int dh_finish(DH *dh);
+
+int DH_generate_key(DH *dh)
+{
+ return dh->meth->generate_key(dh);
+}
+
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+ return dh->meth->compute_key(key, pub_key, dh);
+}
+
+static const DH_METHOD dh_ossl = {
+ "OpenSSL DH Method",
+ generate_key,
+ compute_key,
+ dh_bn_mod_exp,
+ dh_init,
+ dh_finish,
+ 0,
+ NULL
+};
+
+const DH_METHOD *DH_OpenSSL(void)
+{
+ return &dh_ossl;
+}
+
+static int generate_key(DH *dh)
+{
+ int ok = 0;
+ int generate_new_key = 0;
+ unsigned l;
+ BN_CTX *ctx;
+ BN_MONT_CTX *mont = NULL;
+ BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+ if (FIPS_mode()
+ && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
+ DHerr(DH_F_GENERATE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
+ return 0;
+ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+
+ if (dh->priv_key == NULL) {
+ priv_key = BN_new();
+ if (priv_key == NULL)
+ goto err;
+ generate_new_key = 1;
+ } else
+ priv_key = dh->priv_key;
+
+ if (dh->pub_key == NULL) {
+ pub_key = BN_new();
+ if (pub_key == NULL)
+ goto err;
+ } else
+ pub_key = dh->pub_key;
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if (!mont)
+ goto err;
+ }
+
+ if (generate_new_key) {
+ l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; /* secret
+ * exponent
+ * length */
+ if (!BN_rand(priv_key, l, 0, 0))
+ goto err;
+ }
+
+ {
+ BIGNUM local_prk;
+ BIGNUM *prk;
+
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+ BN_init(&local_prk);
+ prk = &local_prk;
+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+ } else
+ prk = priv_key;
+
+ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont))
+ goto err;
+ }
+
+ dh->pub_key = pub_key;
+ dh->priv_key = priv_key;
+ ok = 1;
+ err:
+ if (ok != 1)
+ DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
+
+ if ((pub_key != NULL) && (dh->pub_key == NULL))
+ BN_free(pub_key);
+ if ((priv_key != NULL) && (dh->priv_key == NULL))
+ BN_free(priv_key);
+ BN_CTX_free(ctx);
+ return (ok);
+}
+
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+ BN_CTX *ctx;
+ BN_MONT_CTX *mont = NULL;
+ BIGNUM *tmp;
+ int ret = -1;
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ tmp = BN_CTX_get(ctx);
+
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
+ goto err;
+ }
+
+ if (FIPS_mode()
+ && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+ }
+
+ if (dh->priv_key == NULL) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
+ goto err;
+ }
+
+ if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dh->method_mont_p,
+ CRYPTO_LOCK_DH, dh->p, ctx);
+ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+ /* XXX */
+ BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+ }
+ if (!mont)
+ goto err;
+ }
+
+ if (!dh->
+ meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) {
+ DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
+ goto err;
+ }
+
+ ret = BN_bn2bin(tmp, key);
+ err:
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return (ret);
+}
+
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+ const BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ /*
+ * If a is only one word long and constant time is false, use the faster
+ * exponenentiation function.
+ */
+ if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) {
+ BN_ULONG A = a->d[0];
+ return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
+ } else
+ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+
+static int dh_init(DH *dh)
+{
+ FIPS_selftest_check();
+ dh->flags |= DH_FLAG_CACHE_MONT_P;
+ return (1);
+}
+
+static int dh_finish(DH *dh)
+{
+ if (dh->method_mont_p)
+ BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
+ return (1);
+}
+
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_lib.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dh/fips_dh_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,95 +0,0 @@
-/* fips_dh_lib.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
-/* Minimal FIPS versions of FIPS_dh_new() and FIPS_dh_free(): to
- * reduce external dependencies.
- */
-
-DH *FIPS_dh_new(void)
- {
- DH *ret;
- ret = OPENSSL_malloc(sizeof(DH));
- if (!ret)
- return NULL;
- memset(ret, 0, sizeof(DH));
- ret->meth = DH_OpenSSL();
- if (ret->meth->init)
- ret->meth->init(ret);
- return ret;
- }
-
-void FIPS_dh_free(DH *r)
- {
- if (!r)
- return;
- if (r->meth->finish)
- r->meth->finish(r);
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->g != NULL) BN_clear_free(r->g);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->j != NULL) BN_clear_free(r->j);
- if (r->seed) OPENSSL_free(r->seed);
- if (r->counter != NULL) BN_clear_free(r->counter);
- if (r->pub_key != NULL) BN_clear_free(r->pub_key);
- if (r->priv_key != NULL) BN_clear_free(r->priv_key);
- OPENSSL_free(r);
- }
Copied: vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_lib.c (from rev 6976, vendor-crypto/openssl/dist/fips/dh/fips_dh_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dh/fips_dh_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,105 @@
+/* fips_dh_lib.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
+/*
+ * Minimal FIPS versions of FIPS_dh_new() and FIPS_dh_free(): to reduce
+ * external dependencies.
+ */
+
+DH *FIPS_dh_new(void)
+{
+ DH *ret;
+ ret = OPENSSL_malloc(sizeof(DH));
+ if (!ret)
+ return NULL;
+ memset(ret, 0, sizeof(DH));
+ ret->meth = DH_OpenSSL();
+ if (ret->meth->init)
+ ret->meth->init(ret);
+ return ret;
+}
+
+void FIPS_dh_free(DH *r)
+{
+ if (!r)
+ return;
+ if (r->meth->finish)
+ r->meth->finish(r);
+ if (r->p != NULL)
+ BN_clear_free(r->p);
+ if (r->g != NULL)
+ BN_clear_free(r->g);
+ if (r->q != NULL)
+ BN_clear_free(r->q);
+ if (r->j != NULL)
+ BN_clear_free(r->j);
+ if (r->seed)
+ OPENSSL_free(r->seed);
+ if (r->counter != NULL)
+ BN_clear_free(r->counter);
+ if (r->pub_key != NULL)
+ BN_clear_free(r->pub_key);
+ if (r->priv_key != NULL)
+ BN_clear_free(r->priv_key);
+ OPENSSL_free(r);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_gen.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dsa/fips_dsa_gen.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,339 +0,0 @@
-/* crypto/dsa/dsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#undef GENUINE_DSA
-
-#ifdef GENUINE_DSA
-/* Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH EVP_sha()
-#else
-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
- * FIPS PUB 180-1) */
-#define HASH EVP_sha1()
-#endif
-
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
-
-#ifndef OPENSSL_NO_SHA
-
-#include <stdio.h>
-#include <time.h>
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-#include <openssl/err.h>
-
-#ifdef OPENSSL_FIPS
-
-static int dsa_builtin_paramgen(DSA *ret, int bits,
- unsigned char *seed_in, int seed_len,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-
-int DSA_generate_parameters_ex(DSA *ret, int bits,
- unsigned char *seed_in, int seed_len,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
- {
- if(ret->meth->dsa_paramgen)
- return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
- counter_ret, h_ret, cb);
- return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
- counter_ret, h_ret, cb);
- }
-
-static int dsa_builtin_paramgen(DSA *ret, int bits,
- unsigned char *seed_in, int seed_len,
- int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
- {
- int ok=0;
- unsigned char seed[SHA_DIGEST_LENGTH];
- unsigned char md[SHA_DIGEST_LENGTH];
- unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
- BIGNUM *r0,*W,*X,*c,*test;
- BIGNUM *g=NULL,*q=NULL,*p=NULL;
- BN_MONT_CTX *mont=NULL;
- int k,n=0,i,b,m=0;
- int counter=0;
- int r=0;
- BN_CTX *ctx=NULL;
- unsigned int h=2;
-
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN,
- FIPS_R_FIPS_SELFTEST_FAILED);
- goto err;
- }
-
- if (FIPS_mode() && (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
- {
- DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL);
- goto err;
- }
-
- if (bits < 512) bits=512;
- bits=(bits+63)/64*64;
-
- /* NB: seed_len == 0 is special case: copy generated seed to
- * seed_in if it is not NULL.
- */
- if (seed_len && (seed_len < 20))
- seed_in = NULL; /* seed buffer too small -- ignore */
- if (seed_len > 20)
- seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
- * but our internal buffers are restricted to 160 bits*/
- if ((seed_in != NULL) && (seed_len == 20))
- {
- memcpy(seed,seed_in,seed_len);
- /* set seed_in to NULL to avoid it being copied back */
- seed_in = NULL;
- }
-
- if ((ctx=BN_CTX_new()) == NULL) goto err;
-
- if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-
- BN_CTX_start(ctx);
- r0 = BN_CTX_get(ctx);
- g = BN_CTX_get(ctx);
- W = BN_CTX_get(ctx);
- q = BN_CTX_get(ctx);
- X = BN_CTX_get(ctx);
- c = BN_CTX_get(ctx);
- p = BN_CTX_get(ctx);
- test = BN_CTX_get(ctx);
-
- if (!BN_lshift(test,BN_value_one(),bits-1))
- goto err;
-
- for (;;)
- {
- for (;;) /* find q */
- {
- int seed_is_random;
-
- /* step 1 */
- if(!BN_GENCB_call(cb, 0, m++))
- goto err;
-
- if (!seed_len)
- {
- RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
- seed_is_random = 1;
- }
- else
- {
- seed_is_random = 0;
- seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
- }
- memcpy(buf,seed,SHA_DIGEST_LENGTH);
- memcpy(buf2,seed,SHA_DIGEST_LENGTH);
- /* precompute "SEED + 1" for step 7: */
- for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
- {
- buf[i]++;
- if (buf[i] != 0) break;
- }
-
- /* step 2 */
- EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
- EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
- for (i=0; i<SHA_DIGEST_LENGTH; i++)
- md[i]^=buf2[i];
-
- /* step 3 */
- md[0]|=0x80;
- md[SHA_DIGEST_LENGTH-1]|=0x01;
- if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
-
- /* step 4 */
- r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
- seed_is_random, cb);
- if (r > 0)
- break;
- if (r != 0)
- goto err;
-
- /* do a callback call */
- /* step 5 */
- }
-
- if(!BN_GENCB_call(cb, 2, 0)) goto err;
- if(!BN_GENCB_call(cb, 3, 0)) goto err;
-
- /* step 6 */
- counter=0;
- /* "offset = 2" */
-
- n=(bits-1)/160;
- b=(bits-1)-n*160;
-
- for (;;)
- {
- if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
- goto err;
-
- /* step 7 */
- BN_zero(W);
- /* now 'buf' contains "SEED + offset - 1" */
- for (k=0; k<=n; k++)
- {
- /* obtain "SEED + offset + k" by incrementing: */
- for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
- {
- buf[i]++;
- if (buf[i] != 0) break;
- }
-
- EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
-
- /* step 8 */
- if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
- goto err;
- if (!BN_lshift(r0,r0,160*k)) goto err;
- if (!BN_add(W,W,r0)) goto err;
- }
-
- /* more of step 8 */
- if (!BN_mask_bits(W,bits-1)) goto err;
- if (!BN_copy(X,W)) goto err;
- if (!BN_add(X,X,test)) goto err;
-
- /* step 9 */
- if (!BN_lshift1(r0,q)) goto err;
- if (!BN_mod(c,X,r0,ctx)) goto err;
- if (!BN_sub(r0,c,BN_value_one())) goto err;
- if (!BN_sub(p,X,r0)) goto err;
-
- /* step 10 */
- if (BN_cmp(p,test) >= 0)
- {
- /* step 11 */
- r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
- ctx, 1, cb);
- if (r > 0)
- goto end; /* found it */
- if (r != 0)
- goto err;
- }
-
- /* step 13 */
- counter++;
- /* "offset = offset + n + 1" */
-
- /* step 14 */
- if (counter >= 4096) break;
- }
- }
-end:
- if(!BN_GENCB_call(cb, 2, 1))
- goto err;
-
- /* We now need to generate g */
- /* Set r0=(p-1)/q */
- if (!BN_sub(test,p,BN_value_one())) goto err;
- if (!BN_div(r0,NULL,test,q,ctx)) goto err;
-
- if (!BN_set_word(test,h)) goto err;
- if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;
-
- for (;;)
- {
- /* g=test^r0%p */
- if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;
- if (!BN_is_one(g)) break;
- if (!BN_add(test,test,BN_value_one())) goto err;
- h++;
- }
-
- if(!BN_GENCB_call(cb, 3, 1))
- goto err;
-
- ok=1;
-err:
- if (ok)
- {
- if(ret->p) BN_free(ret->p);
- if(ret->q) BN_free(ret->q);
- if(ret->g) BN_free(ret->g);
- ret->p=BN_dup(p);
- ret->q=BN_dup(q);
- ret->g=BN_dup(g);
- if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
- {
- ok=0;
- goto err;
- }
- if (seed_in != NULL) memcpy(seed_in,seed,20);
- if (counter_ret != NULL) *counter_ret=counter;
- if (h_ret != NULL) *h_ret=h;
- }
- if(ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (mont != NULL) BN_MONT_CTX_free(mont);
- return ok;
- }
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_gen.c (from rev 6976, vendor-crypto/openssl/dist/fips/dsa/fips_dsa_gen.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_gen.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,364 @@
+/* crypto/dsa/dsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#undef GENUINE_DSA
+
+#ifdef GENUINE_DSA
+/*
+ * Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
+ */
+# define HASH EVP_sha()
+#else
+/*
+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
+ * 180-1)
+ */
+# define HASH EVP_sha1()
+#endif
+
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
+
+#ifndef OPENSSL_NO_SHA
+
+# include <stdio.h>
+# include <time.h>
+# include <string.h>
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/rand.h>
+# include <openssl/sha.h>
+# include <openssl/err.h>
+
+# ifdef OPENSSL_FIPS
+
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+ unsigned char *seed_in, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb);
+
+int DSA_generate_parameters_ex(DSA *ret, int bits,
+ unsigned char *seed_in, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb)
+{
+ if (ret->meth->dsa_paramgen)
+ return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+ counter_ret, h_ret, cb);
+ return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
+ counter_ret, h_ret, cb);
+}
+
+static int dsa_builtin_paramgen(DSA *ret, int bits,
+ unsigned char *seed_in, int seed_len,
+ int *counter_ret, unsigned long *h_ret,
+ BN_GENCB *cb)
+{
+ int ok = 0;
+ unsigned char seed[SHA_DIGEST_LENGTH];
+ unsigned char md[SHA_DIGEST_LENGTH];
+ unsigned char buf[SHA_DIGEST_LENGTH], buf2[SHA_DIGEST_LENGTH];
+ BIGNUM *r0, *W, *X, *c, *test;
+ BIGNUM *g = NULL, *q = NULL, *p = NULL;
+ BN_MONT_CTX *mont = NULL;
+ int k, n = 0, i, b, m = 0;
+ int counter = 0;
+ int r = 0;
+ BN_CTX *ctx = NULL;
+ unsigned int h = 2;
+
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_DSA_BUILTIN_PARAMGEN, FIPS_R_FIPS_SELFTEST_FAILED);
+ goto err;
+ }
+
+ if (FIPS_mode() && (bits < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
+ DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+ }
+
+ if (bits < 512)
+ bits = 512;
+ bits = (bits + 63) / 64 * 64;
+
+ /*
+ * NB: seed_len == 0 is special case: copy generated seed to seed_in if
+ * it is not NULL.
+ */
+ if (seed_len && (seed_len < 20))
+ seed_in = NULL; /* seed buffer too small -- ignore */
+ if (seed_len > 20)
+ seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger
+ * SEED, but our internal buffers are
+ * restricted to 160 bits */
+ if ((seed_in != NULL) && (seed_len == 20)) {
+ memcpy(seed, seed_in, seed_len);
+ /* set seed_in to NULL to avoid it being copied back */
+ seed_in = NULL;
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+
+ if ((mont = BN_MONT_CTX_new()) == NULL)
+ goto err;
+
+ BN_CTX_start(ctx);
+ r0 = BN_CTX_get(ctx);
+ g = BN_CTX_get(ctx);
+ W = BN_CTX_get(ctx);
+ q = BN_CTX_get(ctx);
+ X = BN_CTX_get(ctx);
+ c = BN_CTX_get(ctx);
+ p = BN_CTX_get(ctx);
+ test = BN_CTX_get(ctx);
+
+ if (!BN_lshift(test, BN_value_one(), bits - 1))
+ goto err;
+
+ for (;;) {
+ for (;;) { /* find q */
+ int seed_is_random;
+
+ /* step 1 */
+ if (!BN_GENCB_call(cb, 0, m++))
+ goto err;
+
+ if (!seed_len) {
+ RAND_pseudo_bytes(seed, SHA_DIGEST_LENGTH);
+ seed_is_random = 1;
+ } else {
+ seed_is_random = 0;
+ seed_len = 0; /* use random seed if 'seed_in' turns out to
+ * be bad */
+ }
+ memcpy(buf, seed, SHA_DIGEST_LENGTH);
+ memcpy(buf2, seed, SHA_DIGEST_LENGTH);
+ /* precompute "SEED + 1" for step 7: */
+ for (i = SHA_DIGEST_LENGTH - 1; i >= 0; i--) {
+ buf[i]++;
+ if (buf[i] != 0)
+ break;
+ }
+
+ /* step 2 */
+ EVP_Digest(seed, SHA_DIGEST_LENGTH, md, NULL, HASH, NULL);
+ EVP_Digest(buf, SHA_DIGEST_LENGTH, buf2, NULL, HASH, NULL);
+ for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+ md[i] ^= buf2[i];
+
+ /* step 3 */
+ md[0] |= 0x80;
+ md[SHA_DIGEST_LENGTH - 1] |= 0x01;
+ if (!BN_bin2bn(md, SHA_DIGEST_LENGTH, q))
+ goto err;
+
+ /* step 4 */
+ r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+ seed_is_random, cb);
+ if (r > 0)
+ break;
+ if (r != 0)
+ goto err;
+
+ /* do a callback call */
+ /* step 5 */
+ }
+
+ if (!BN_GENCB_call(cb, 2, 0))
+ goto err;
+ if (!BN_GENCB_call(cb, 3, 0))
+ goto err;
+
+ /* step 6 */
+ counter = 0;
+ /* "offset = 2" */
+
+ n = (bits - 1) / 160;
+ b = (bits - 1) - n * 160;
+
+ for (;;) {
+ if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+ goto err;
+
+ /* step 7 */
+ BN_zero(W);
+ /* now 'buf' contains "SEED + offset - 1" */
+ for (k = 0; k <= n; k++) {
+ /*
+ * obtain "SEED + offset + k" by incrementing:
+ */
+ for (i = SHA_DIGEST_LENGTH - 1; i >= 0; i--) {
+ buf[i]++;
+ if (buf[i] != 0)
+ break;
+ }
+
+ EVP_Digest(buf, SHA_DIGEST_LENGTH, md, NULL, HASH, NULL);
+
+ /* step 8 */
+ if (!BN_bin2bn(md, SHA_DIGEST_LENGTH, r0))
+ goto err;
+ if (!BN_lshift(r0, r0, 160 * k))
+ goto err;
+ if (!BN_add(W, W, r0))
+ goto err;
+ }
+
+ /* more of step 8 */
+ if (!BN_mask_bits(W, bits - 1))
+ goto err;
+ if (!BN_copy(X, W))
+ goto err;
+ if (!BN_add(X, X, test))
+ goto err;
+
+ /* step 9 */
+ if (!BN_lshift1(r0, q))
+ goto err;
+ if (!BN_mod(c, X, r0, ctx))
+ goto err;
+ if (!BN_sub(r0, c, BN_value_one()))
+ goto err;
+ if (!BN_sub(p, X, r0))
+ goto err;
+
+ /* step 10 */
+ if (BN_cmp(p, test) >= 0) {
+ /* step 11 */
+ r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+ if (r > 0)
+ goto end; /* found it */
+ if (r != 0)
+ goto err;
+ }
+
+ /* step 13 */
+ counter++;
+ /* "offset = offset + n + 1" */
+
+ /* step 14 */
+ if (counter >= 4096)
+ break;
+ }
+ }
+ end:
+ if (!BN_GENCB_call(cb, 2, 1))
+ goto err;
+
+ /* We now need to generate g */
+ /* Set r0=(p-1)/q */
+ if (!BN_sub(test, p, BN_value_one()))
+ goto err;
+ if (!BN_div(r0, NULL, test, q, ctx))
+ goto err;
+
+ if (!BN_set_word(test, h))
+ goto err;
+ if (!BN_MONT_CTX_set(mont, p, ctx))
+ goto err;
+
+ for (;;) {
+ /* g=test^r0%p */
+ if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+ goto err;
+ if (!BN_is_one(g))
+ break;
+ if (!BN_add(test, test, BN_value_one()))
+ goto err;
+ h++;
+ }
+
+ if (!BN_GENCB_call(cb, 3, 1))
+ goto err;
+
+ ok = 1;
+ err:
+ if (ok) {
+ if (ret->p)
+ BN_free(ret->p);
+ if (ret->q)
+ BN_free(ret->q);
+ if (ret->g)
+ BN_free(ret->g);
+ ret->p = BN_dup(p);
+ ret->q = BN_dup(q);
+ ret->g = BN_dup(g);
+ if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+ ok = 0;
+ goto err;
+ }
+ if (seed_in != NULL)
+ memcpy(seed_in, seed, 20);
+ if (counter_ret != NULL)
+ *counter_ret = counter;
+ if (h_ret != NULL)
+ *h_ret = h;
+ }
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (mont != NULL)
+ BN_MONT_CTX_free(mont);
+ return ok;
+}
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_key.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dsa/fips_dsa_key.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,169 +0,0 @@
-/* crypto/dsa/dsa_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <time.h>
-#ifndef OPENSSL_NO_SHA
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/fips.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-
-static int fips_dsa_pairwise_fail = 0;
-
-void FIPS_corrupt_dsa_keygen(void)
- {
- fips_dsa_pairwise_fail = 1;
- }
-
-static int dsa_builtin_keygen(DSA *dsa);
-
-static int fips_check_dsa(DSA *dsa)
- {
- EVP_PKEY pk;
- unsigned char tbs[] = "DSA Pairwise Check Data";
- pk.type = EVP_PKEY_DSA;
- pk.pkey.dsa = dsa;
-
- if (!fips_pkey_signature_test(&pk, tbs, -1,
- NULL, 0, EVP_dss1(), 0, NULL))
- {
- FIPSerr(FIPS_F_FIPS_CHECK_DSA,FIPS_R_PAIRWISE_TEST_FAILED);
- fips_set_selftest_fail();
- return 0;
- }
- return 1;
- }
-
-int DSA_generate_key(DSA *dsa)
- {
- if(dsa->meth->dsa_keygen)
- return dsa->meth->dsa_keygen(dsa);
- return dsa_builtin_keygen(dsa);
- }
-
-static int dsa_builtin_keygen(DSA *dsa)
- {
- int ok=0;
- BN_CTX *ctx=NULL;
- BIGNUM *pub_key=NULL,*priv_key=NULL;
-
- if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
- {
- DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
- goto err;
- }
-
- if ((ctx=BN_CTX_new()) == NULL) goto err;
-
- if (dsa->priv_key == NULL)
- {
- if ((priv_key=BN_new()) == NULL) goto err;
- }
- else
- priv_key=dsa->priv_key;
-
- do
- if (!BN_rand_range(priv_key,dsa->q)) goto err;
- while (BN_is_zero(priv_key));
-
- if (dsa->pub_key == NULL)
- {
- if ((pub_key=BN_new()) == NULL) goto err;
- }
- else
- pub_key=dsa->pub_key;
-
- {
- BIGNUM local_prk;
- BIGNUM *prk;
-
- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- BN_init(&local_prk);
- prk = &local_prk;
- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
- }
- else
- prk = priv_key;
-
- if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
- }
-
- dsa->priv_key=priv_key;
- dsa->pub_key=pub_key;
- if (fips_dsa_pairwise_fail)
- BN_add_word(dsa->pub_key, 1);
- if(!fips_check_dsa(dsa))
- goto err;
- ok=1;
-
-err:
- if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
- if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
- if (ctx != NULL) BN_CTX_free(ctx);
- return(ok);
- }
-#endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_key.c (from rev 6976, vendor-crypto/openssl/dist/fips/dsa/fips_dsa_key.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_key.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_key.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,169 @@
+/* crypto/dsa/dsa_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <time.h>
+#ifndef OPENSSL_NO_SHA
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/rand.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/fips.h>
+# include "fips_locl.h"
+
+# ifdef OPENSSL_FIPS
+
+static int fips_dsa_pairwise_fail = 0;
+
+void FIPS_corrupt_dsa_keygen(void)
+{
+ fips_dsa_pairwise_fail = 1;
+}
+
+static int dsa_builtin_keygen(DSA *dsa);
+
+static int fips_check_dsa(DSA *dsa)
+{
+ EVP_PKEY pk;
+ unsigned char tbs[] = "DSA Pairwise Check Data";
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
+
+ if (!fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, EVP_dss1(), 0, NULL)) {
+ FIPSerr(FIPS_F_FIPS_CHECK_DSA, FIPS_R_PAIRWISE_TEST_FAILED);
+ fips_set_selftest_fail();
+ return 0;
+ }
+ return 1;
+}
+
+int DSA_generate_key(DSA *dsa)
+{
+ if (dsa->meth->dsa_keygen)
+ return dsa->meth->dsa_keygen(dsa);
+ return dsa_builtin_keygen(dsa);
+}
+
+static int dsa_builtin_keygen(DSA *dsa)
+{
+ int ok = 0;
+ BN_CTX *ctx = NULL;
+ BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+ if (FIPS_mode()
+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
+ DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+
+ if (dsa->priv_key == NULL) {
+ if ((priv_key = BN_new()) == NULL)
+ goto err;
+ } else
+ priv_key = dsa->priv_key;
+
+ do
+ if (!BN_rand_range(priv_key, dsa->q))
+ goto err;
+ while (BN_is_zero(priv_key)) ;
+
+ if (dsa->pub_key == NULL) {
+ if ((pub_key = BN_new()) == NULL)
+ goto err;
+ } else
+ pub_key = dsa->pub_key;
+
+ {
+ BIGNUM local_prk;
+ BIGNUM *prk;
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+ BN_init(&local_prk);
+ prk = &local_prk;
+ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+ } else
+ prk = priv_key;
+
+ if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx))
+ goto err;
+ }
+
+ dsa->priv_key = priv_key;
+ dsa->pub_key = pub_key;
+ if (fips_dsa_pairwise_fail)
+ BN_add_word(dsa->pub_key, 1);
+ if (!fips_check_dsa(dsa))
+ goto err;
+ ok = 1;
+
+ err:
+ if ((pub_key != NULL) && (dsa->pub_key == NULL))
+ BN_free(pub_key);
+ if ((priv_key != NULL) && (dsa->priv_key == NULL))
+ BN_free(priv_key);
+ if (ctx != NULL)
+ BN_CTX_free(ctx);
+ return (ok);
+}
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_lib.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dsa/fips_dsa_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,95 +0,0 @@
-/* fips_dsa_lib.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/dsa.h>
-#include <openssl/bn.h>
-
-/* Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to
- * reduce external dependencies.
- */
-
-DSA *FIPS_dsa_new(void)
- {
- DSA *ret;
- ret = OPENSSL_malloc(sizeof(DSA));
- if (!ret)
- return NULL;
- memset(ret, 0, sizeof(DSA));
- ret->meth = DSA_OpenSSL();
- if (ret->meth->init)
- ret->meth->init(ret);
- return ret;
- }
-
-void FIPS_dsa_free(DSA *r)
- {
- if (!r)
- return;
- if (r->meth->finish)
- r->meth->finish(r);
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->g != NULL) BN_clear_free(r->g);
- if (r->pub_key != NULL) BN_clear_free(r->pub_key);
- if (r->priv_key != NULL) BN_clear_free(r->priv_key);
- if (r->kinv != NULL) BN_clear_free(r->kinv);
- if (r->r != NULL) BN_clear_free(r->r);
- OPENSSL_free(r);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_lib.c (from rev 6976, vendor-crypto/openssl/dist/fips/dsa/fips_dsa_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,103 @@
+/* fips_dsa_lib.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
+
+/*
+ * Minimal FIPS versions of FIPS_dsa_new() and FIPS_dsa_free: to reduce
+ * external dependencies.
+ */
+
+DSA *FIPS_dsa_new(void)
+{
+ DSA *ret;
+ ret = OPENSSL_malloc(sizeof(DSA));
+ if (!ret)
+ return NULL;
+ memset(ret, 0, sizeof(DSA));
+ ret->meth = DSA_OpenSSL();
+ if (ret->meth->init)
+ ret->meth->init(ret);
+ return ret;
+}
+
+void FIPS_dsa_free(DSA *r)
+{
+ if (!r)
+ return;
+ if (r->meth->finish)
+ r->meth->finish(r);
+ if (r->p != NULL)
+ BN_clear_free(r->p);
+ if (r->q != NULL)
+ BN_clear_free(r->q);
+ if (r->g != NULL)
+ BN_clear_free(r->g);
+ if (r->pub_key != NULL)
+ BN_clear_free(r->pub_key);
+ if (r->priv_key != NULL)
+ BN_clear_free(r->priv_key);
+ if (r->kinv != NULL)
+ BN_clear_free(r->kinv);
+ if (r->r != NULL)
+ BN_clear_free(r->r);
+ OPENSSL_free(r);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_ossl.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dsa/fips_dsa_ossl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_ossl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,435 +0,0 @@
-/* crypto/dsa/dsa_ossl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#include <openssl/err.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/fips.h>
-
-#ifdef OPENSSL_FIPS
-
-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA *dsa);
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
-static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DSA_SIG *sig,
- DSA *dsa);
-static int dsa_init(DSA *dsa);
-static int dsa_finish(DSA *dsa);
-static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
- BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *in_mont);
-static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-
-static const DSA_METHOD openssl_dsa_meth = {
-"OpenSSL FIPS DSA method",
-dsa_do_sign,
-dsa_sign_setup,
-dsa_do_verify,
-dsa_mod_exp,
-dsa_bn_mod_exp,
-dsa_init,
-dsa_finish,
-DSA_FLAG_FIPS_METHOD,
-NULL
-};
-#if 0
-int FIPS_dsa_check(struct dsa_st *dsa)
- {
- if(dsa->meth != &openssl_dsa_meth || dsa->meth->dsa_do_sign != dsa_do_sign
- || dsa->meth->dsa_sign_setup != dsa_sign_setup
- || dsa->meth->dsa_mod_exp != dsa_mod_exp
- || dsa->meth->bn_mod_exp != dsa_bn_mod_exp
- || dsa->meth->init != dsa_init
- || dsa->meth->finish != dsa_finish)
- {
- FIPSerr(FIPS_F_FIPS_DSA_CHECK,FIPS_R_NON_FIPS_METHOD);
- return 0;
- }
- return 1;
- }
-#endif
-
-const DSA_METHOD *DSA_OpenSSL(void)
-{
- return &openssl_dsa_meth;
-}
-
-static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen, DSA *dsa)
- {
- BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
- BIGNUM m;
- BIGNUM xr;
- BN_CTX *ctx=NULL;
- int i,reason=ERR_R_BN_LIB;
- DSA_SIG *ret=NULL;
-
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_DSA_DO_SIGN,FIPS_R_FIPS_SELFTEST_FAILED);
- return NULL;
- }
-
- if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
- {
- DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
- return NULL;
- }
-
- BN_init(&m);
- BN_init(&xr);
-
- if (!dsa->p || !dsa->q || !dsa->g)
- {
- reason=DSA_R_MISSING_PARAMETERS;
- goto err;
- }
-
- s=BN_new();
- if (s == NULL) goto err;
-
- i=BN_num_bytes(dsa->q); /* should be 20 */
- if ((dlen > i) || (dlen > 50))
- {
- reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
- goto err;
- }
-
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
-
- if (!dsa->meth->dsa_sign_setup(dsa,ctx,&kinv,&r)) goto err;
-
- if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
-
- /* Compute s = inv(k) (m + xr) mod q */
- if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
- if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
- if (BN_cmp(s,dsa->q) > 0)
- BN_sub(s,s,dsa->q);
- if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
-
- ret= DSA_SIG_new();
- if (ret == NULL) goto err;
- ret->r = r;
- ret->s = s;
-
-err:
- if (!ret)
- {
- DSAerr(DSA_F_DSA_DO_SIGN,reason);
- BN_free(r);
- BN_free(s);
- }
- if (ctx != NULL) BN_CTX_free(ctx);
- BN_clear_free(&m);
- BN_clear_free(&xr);
- if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
- BN_clear_free(kinv);
- return(ret);
- }
-
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
- {
- BN_CTX *ctx;
- BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
- int ret=0;
-
- if (!dsa->p || !dsa->q || !dsa->g)
- {
- DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
- return 0;
- }
-
- BN_init(&k);
- BN_init(&kq);
-
- if (ctx_in == NULL)
- {
- if ((ctx=BN_CTX_new()) == NULL) goto err;
- }
- else
- ctx=ctx_in;
-
- if ((r=BN_new()) == NULL) goto err;
-
- /* Get random k */
- do
- if (!BN_rand_range(&k, dsa->q)) goto err;
- while (BN_is_zero(&k));
- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- BN_set_flags(&k, BN_FLG_CONSTTIME);
- }
-
- if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
- {
- if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
- CRYPTO_LOCK_DSA,
- dsa->p, ctx))
- goto err;
- }
-
- /* Compute r = (g^k mod p) mod q */
-
- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
- {
- if (!BN_copy(&kq, &k)) goto err;
-
- /* We do not want timing information to leak the length of k,
- * so we compute g^k using an equivalent exponent of fixed length.
- *
- * (This is a kludge that we need because the BN_mod_exp_mont()
- * does not let us specify the desired timing behaviour.) */
-
- if (!BN_add(&kq, &kq, dsa->q)) goto err;
- if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
- {
- if (!BN_add(&kq, &kq, dsa->q)) goto err;
- }
-
- K = &kq;
- }
- else
- {
- K = &k;
- }
- if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
- (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
- if (!BN_mod(r,r,dsa->q,ctx)) goto err;
-
- /* Compute part of 's = inv(k) (m + xr) mod q' */
- if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
-
- if (*kinvp != NULL) BN_clear_free(*kinvp);
- *kinvp=kinv;
- kinv=NULL;
- if (*rp != NULL) BN_clear_free(*rp);
- *rp=r;
- ret=1;
-err:
- if (!ret)
- {
- DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
- if (kinv != NULL) BN_clear_free(kinv);
- if (r != NULL) BN_clear_free(r);
- }
- if (ctx_in == NULL) BN_CTX_free(ctx);
- if (kinv != NULL) BN_clear_free(kinv);
- BN_clear_free(&k);
- BN_clear_free(&kq);
- return(ret);
- }
-
-static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len, DSA_SIG *sig,
- DSA *dsa)
- {
- BN_CTX *ctx;
- BIGNUM u1,u2,t1;
- BN_MONT_CTX *mont=NULL;
- int ret = -1;
-
- if (!dsa->p || !dsa->q || !dsa->g)
- {
- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
- return -1;
- }
-
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_DSA_DO_VERIFY,FIPS_R_FIPS_SELFTEST_FAILED);
- return -1;
- }
-
- if (BN_num_bits(dsa->q) != 160)
- {
- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
- return -1;
- }
-
- if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
- {
- DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
- return -1;
- }
-
- if (FIPS_mode() && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS))
- {
- DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
- return -1;
- }
-
- BN_init(&u1);
- BN_init(&u2);
- BN_init(&t1);
-
- if ((ctx=BN_CTX_new()) == NULL) goto err;
-
- if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
- {
- ret = 0;
- goto err;
- }
- if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
- {
- ret = 0;
- goto err;
- }
-
- /* Calculate W = inv(S) mod Q
- * save W in u2 */
- if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
-
- /* save M in u1 */
- if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
-
- /* u1 = M * w mod q */
- if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
-
- /* u2 = r * w mod q */
- if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
-
-
- if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
- {
- mont = BN_MONT_CTX_set_locked(
- (BN_MONT_CTX **)&dsa->method_mont_p,
- CRYPTO_LOCK_DSA, dsa->p, ctx);
- if (!mont)
- goto err;
- }
-
-#if 0
- {
- BIGNUM t2;
-
- BN_init(&t2);
- /* v = ( g^u1 * y^u2 mod p ) mod q */
- /* let t1 = g ^ u1 mod p */
- if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
- /* let t2 = y ^ u2 mod p */
- if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
- /* let u1 = t1 * t2 mod p */
- if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
- BN_free(&t2);
- }
- /* let u1 = u1 mod q */
- if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
-#else
- {
- if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
- dsa->p,ctx,mont)) goto err;
- /* BN_copy(&u1,&t1); */
- /* let u1 = u1 mod q */
- if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
- }
-#endif
- /* V is now in u1. If the signature is correct, it will be
- * equal to R. */
- ret=(BN_ucmp(&u1, sig->r) == 0);
-
- err:
- if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
- if (ctx != NULL) BN_CTX_free(ctx);
- BN_free(&u1);
- BN_free(&u2);
- BN_free(&t1);
- return(ret);
- }
-
-static int dsa_init(DSA *dsa)
-{
- FIPS_selftest_check();
- dsa->flags|=DSA_FLAG_CACHE_MONT_P;
- return(1);
-}
-
-static int dsa_finish(DSA *dsa)
-{
- if(dsa->method_mont_p)
- BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
- return(1);
-}
-
-static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
- BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *in_mont)
-{
- return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
-}
-
-static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
-{
- return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
-}
-
-#else /* ndef OPENSSL_FIPS */
-
-static void *dummy=&dummy;
-
-#endif /* ndef OPENSSL_FIPS */
Copied: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_ossl.c (from rev 6976, vendor-crypto/openssl/dist/fips/dsa/fips_dsa_ossl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_ossl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_ossl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,452 @@
+/* crypto/dsa/dsa_ossl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch at sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen,
+ DSA *dsa);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp);
+static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len,
+ DSA_SIG *sig, DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont);
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+static const DSA_METHOD openssl_dsa_meth = {
+ "OpenSSL FIPS DSA method",
+ dsa_do_sign,
+ dsa_sign_setup,
+ dsa_do_verify,
+ dsa_mod_exp,
+ dsa_bn_mod_exp,
+ dsa_init,
+ dsa_finish,
+ DSA_FLAG_FIPS_METHOD,
+ NULL
+};
+
+# if 0
+int FIPS_dsa_check(struct dsa_st *dsa)
+{
+ if (dsa->meth != &openssl_dsa_meth
+ || dsa->meth->dsa_do_sign != dsa_do_sign
+ || dsa->meth->dsa_sign_setup != dsa_sign_setup
+ || dsa->meth->dsa_mod_exp != dsa_mod_exp
+ || dsa->meth->bn_mod_exp != dsa_bn_mod_exp
+ || dsa->meth->init != dsa_init || dsa->meth->finish != dsa_finish) {
+ FIPSerr(FIPS_F_FIPS_DSA_CHECK, FIPS_R_NON_FIPS_METHOD);
+ return 0;
+ }
+ return 1;
+}
+# endif
+
+const DSA_METHOD *DSA_OpenSSL(void)
+{
+ return &openssl_dsa_meth;
+}
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, FIPS_DSA_SIZE_T dlen,
+ DSA *dsa)
+{
+ BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
+ BIGNUM m;
+ BIGNUM xr;
+ BN_CTX *ctx = NULL;
+ int i, reason = ERR_R_BN_LIB;
+ DSA_SIG *ret = NULL;
+
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_DSA_DO_SIGN, FIPS_R_FIPS_SELFTEST_FAILED);
+ return NULL;
+ }
+
+ if (FIPS_mode()
+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
+ DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_KEY_SIZE_TOO_SMALL);
+ return NULL;
+ }
+
+ BN_init(&m);
+ BN_init(&xr);
+
+ if (!dsa->p || !dsa->q || !dsa->g) {
+ reason = DSA_R_MISSING_PARAMETERS;
+ goto err;
+ }
+
+ s = BN_new();
+ if (s == NULL)
+ goto err;
+
+ i = BN_num_bytes(dsa->q); /* should be 20 */
+ if ((dlen > i) || (dlen > 50)) {
+ reason = DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+ goto err;
+ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+
+ if (!dsa->meth->dsa_sign_setup(dsa, ctx, &kinv, &r))
+ goto err;
+
+ if (BN_bin2bn(dgst, dlen, &m) == NULL)
+ goto err;
+
+ /* Compute s = inv(k) (m + xr) mod q */
+ if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx))
+ goto err; /* s = xr */
+ if (!BN_add(s, &xr, &m))
+ goto err; /* s = m + xr */
+ if (BN_cmp(s, dsa->q) > 0)
+ BN_sub(s, s, dsa->q);
+ if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
+ goto err;
+
+ ret = DSA_SIG_new();
+ if (ret == NULL)
+ goto err;
+ ret->r = r;
+ ret->s = s;
+
+ err:
+ if (!ret) {
+ DSAerr(DSA_F_DSA_DO_SIGN, reason);
+ BN_free(r);
+ BN_free(s);
+ }
+ if (ctx != NULL)
+ BN_CTX_free(ctx);
+ BN_clear_free(&m);
+ BN_clear_free(&xr);
+ if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
+ BN_clear_free(kinv);
+ return (ret);
+}
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+ BIGNUM **rp)
+{
+ BN_CTX *ctx;
+ BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
+ int ret = 0;
+
+ if (!dsa->p || !dsa->q || !dsa->g) {
+ DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
+ return 0;
+ }
+
+ BN_init(&k);
+ BN_init(&kq);
+
+ if (ctx_in == NULL) {
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ } else
+ ctx = ctx_in;
+
+ if ((r = BN_new()) == NULL)
+ goto err;
+
+ /* Get random k */
+ do
+ if (!BN_rand_range(&k, dsa->q))
+ goto err;
+ while (BN_is_zero(&k)) ;
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+ BN_set_flags(&k, BN_FLG_CONSTTIME);
+ }
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+ if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA, dsa->p, ctx))
+ goto err;
+ }
+
+ /* Compute r = (g^k mod p) mod q */
+
+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+ if (!BN_copy(&kq, &k))
+ goto err;
+
+ /*
+ * We do not want timing information to leak the length of k, so we
+ * compute g^k using an equivalent exponent of fixed length. (This
+ * is a kludge that we need because the BN_mod_exp_mont() does not
+ * let us specify the desired timing behaviour.)
+ */
+
+ if (!BN_add(&kq, &kq, dsa->q))
+ goto err;
+ if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
+ if (!BN_add(&kq, &kq, dsa->q))
+ goto err;
+ }
+
+ K = &kq;
+ } else {
+ K = &k;
+ }
+ if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, K, dsa->p, ctx,
+ (BN_MONT_CTX *)dsa->method_mont_p))
+ goto err;
+ if (!BN_mod(r, r, dsa->q, ctx))
+ goto err;
+
+ /* Compute part of 's = inv(k) (m + xr) mod q' */
+ if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL)
+ goto err;
+
+ if (*kinvp != NULL)
+ BN_clear_free(*kinvp);
+ *kinvp = kinv;
+ kinv = NULL;
+ if (*rp != NULL)
+ BN_clear_free(*rp);
+ *rp = r;
+ ret = 1;
+ err:
+ if (!ret) {
+ DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
+ if (kinv != NULL)
+ BN_clear_free(kinv);
+ if (r != NULL)
+ BN_clear_free(r);
+ }
+ if (ctx_in == NULL)
+ BN_CTX_free(ctx);
+ if (kinv != NULL)
+ BN_clear_free(kinv);
+ BN_clear_free(&k);
+ BN_clear_free(&kq);
+ return (ret);
+}
+
+static int dsa_do_verify(const unsigned char *dgst, FIPS_DSA_SIZE_T dgst_len,
+ DSA_SIG *sig, DSA *dsa)
+{
+ BN_CTX *ctx;
+ BIGNUM u1, u2, t1;
+ BN_MONT_CTX *mont = NULL;
+ int ret = -1;
+
+ if (!dsa->p || !dsa->q || !dsa->g) {
+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
+ return -1;
+ }
+
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_DSA_DO_VERIFY, FIPS_R_FIPS_SELFTEST_FAILED);
+ return -1;
+ }
+
+ if (BN_num_bits(dsa->q) != 160) {
+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
+ return -1;
+ }
+
+ if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
+ if (FIPS_mode()
+ && (BN_num_bits(dsa->p) < OPENSSL_DSA_FIPS_MIN_MODULUS_BITS)) {
+ DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_KEY_SIZE_TOO_SMALL);
+ return -1;
+ }
+
+ BN_init(&u1);
+ BN_init(&u2);
+ BN_init(&t1);
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+
+ if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) {
+ ret = 0;
+ goto err;
+ }
+ if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) {
+ ret = 0;
+ goto err;
+ }
+
+ /*
+ * Calculate W = inv(S) mod Q save W in u2
+ */
+ if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL)
+ goto err;
+
+ /* save M in u1 */
+ if (BN_bin2bn(dgst, dgst_len, &u1) == NULL)
+ goto err;
+
+ /* u1 = M * w mod q */
+ if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))
+ goto err;
+
+ /* u2 = r * w mod q */
+ if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))
+ goto err;
+
+ if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+ mont = BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
+ CRYPTO_LOCK_DSA, dsa->p, ctx);
+ if (!mont)
+ goto err;
+ }
+# if 0
+ {
+ BIGNUM t2;
+
+ BN_init(&t2);
+ /* v = ( g^u1 * y^u2 mod p ) mod q */
+ /* let t1 = g ^ u1 mod p */
+ if (!BN_mod_exp_mont(&t1, dsa->g, &u1, dsa->p, ctx, mont))
+ goto err;
+ /* let t2 = y ^ u2 mod p */
+ if (!BN_mod_exp_mont(&t2, dsa->pub_key, &u2, dsa->p, ctx, mont))
+ goto err;
+ /* let u1 = t1 * t2 mod p */
+ if (!BN_mod_mul(&u1, &t1, &t2, dsa->p, ctx))
+ goto err_bn;
+ BN_free(&t2);
+ }
+ /* let u1 = u1 mod q */
+ if (!BN_mod(&u1, &u1, dsa->q, ctx))
+ goto err;
+# else
+ {
+ if (!dsa->meth->dsa_mod_exp(dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2,
+ dsa->p, ctx, mont))
+ goto err;
+ /* BN_copy(&u1,&t1); */
+ /* let u1 = u1 mod q */
+ if (!BN_mod(&u1, &t1, dsa->q, ctx))
+ goto err;
+ }
+# endif
+ /*
+ * V is now in u1. If the signature is correct, it will be equal to R.
+ */
+ ret = (BN_ucmp(&u1, sig->r) == 0);
+
+ err:
+ if (ret != 1)
+ DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
+ if (ctx != NULL)
+ BN_CTX_free(ctx);
+ BN_free(&u1);
+ BN_free(&u2);
+ BN_free(&t1);
+ return (ret);
+}
+
+static int dsa_init(DSA *dsa)
+{
+ FIPS_selftest_check();
+ dsa->flags |= DSA_FLAG_CACHE_MONT_P;
+ return (1);
+}
+
+static int dsa_finish(DSA *dsa)
+{
+ if (dsa->method_mont_p)
+ BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
+ return (1);
+}
+
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+ BN_MONT_CTX *in_mont)
+{
+ return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
+}
+
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+
+#else /* ndef OPENSSL_FIPS */
+
+static void *dummy = &dummy;
+
+#endif /* ndef OPENSSL_FIPS */
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_selftest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dsa/fips_dsa_selftest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,180 +0,0 @@
-/* crypto/dsa/dsatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_FIPS
-
-/* seed, out_p, out_q, out_g are taken the NIST test vectors */
-
-static unsigned char seed[20] = {
- 0x77, 0x8f, 0x40, 0x74, 0x6f, 0x66, 0xbe, 0x33, 0xce, 0xbe, 0x99, 0x34,
- 0x4c, 0xfc, 0xf3, 0x28, 0xaa, 0x70, 0x2d, 0x3a
- };
-
-static unsigned char out_p[] = {
- 0xf7, 0x7c, 0x1b, 0x83, 0xd8, 0xe8, 0x5c, 0x7f, 0x85, 0x30, 0x17, 0x57,
- 0x21, 0x95, 0xfe, 0x26, 0x04, 0xeb, 0x47, 0x4c, 0x3a, 0x4a, 0x81, 0x4b,
- 0x71, 0x2e, 0xed, 0x6e, 0x4f, 0x3d, 0x11, 0x0f, 0x7c, 0xfe, 0x36, 0x43,
- 0x51, 0xd9, 0x81, 0x39, 0x17, 0xdf, 0x62, 0xf6, 0x9c, 0x01, 0xa8, 0x69,
- 0x71, 0xdd, 0x29, 0x7f, 0x47, 0xe6, 0x65, 0xa6, 0x22, 0xe8, 0x6a, 0x12,
- 0x2b, 0xc2, 0x81, 0xff, 0x32, 0x70, 0x2f, 0x9e, 0xca, 0x53, 0x26, 0x47,
- 0x0f, 0x59, 0xd7, 0x9e, 0x2c, 0xa5, 0x07, 0xc4, 0x49, 0x52, 0xa3, 0xe4,
- 0x6b, 0x04, 0x00, 0x25, 0x49, 0xe2, 0xe6, 0x7f, 0x28, 0x78, 0x97, 0xb8,
- 0x3a, 0x32, 0x14, 0x38, 0xa2, 0x51, 0x33, 0x22, 0x44, 0x7e, 0xd7, 0xef,
- 0x45, 0xdb, 0x06, 0x4a, 0xd2, 0x82, 0x4a, 0x82, 0x2c, 0xb1, 0xd7, 0xd8,
- 0xb6, 0x73, 0x00, 0x4d, 0x94, 0x77, 0x94, 0xef
- };
-
-static unsigned char out_q[] = {
- 0xd4, 0x0a, 0xac, 0x9f, 0xbd, 0x8c, 0x80, 0xc2, 0x38, 0x7e, 0x2e, 0x0c,
- 0x52, 0x5c, 0xea, 0x34, 0xa1, 0x83, 0x32, 0xf3
- };
-
-static unsigned char out_g[] = {
- 0x34, 0x73, 0x8b, 0x57, 0x84, 0x8e, 0x55, 0xbf, 0x57, 0xcc, 0x41, 0xbb,
- 0x5e, 0x2b, 0xd5, 0x42, 0xdd, 0x24, 0x22, 0x2a, 0x09, 0xea, 0x26, 0x1e,
- 0x17, 0x65, 0xcb, 0x1a, 0xb3, 0x12, 0x44, 0xa3, 0x9e, 0x99, 0xe9, 0x63,
- 0xeb, 0x30, 0xb1, 0x78, 0x7b, 0x09, 0x40, 0x30, 0xfa, 0x83, 0xc2, 0x35,
- 0xe1, 0xc4, 0x2d, 0x74, 0x1a, 0xb1, 0x83, 0x54, 0xd8, 0x29, 0xf4, 0xcf,
- 0x7f, 0x6f, 0x67, 0x1c, 0x36, 0x49, 0xee, 0x6c, 0xa2, 0x3c, 0x2d, 0x6a,
- 0xe9, 0xd3, 0x9a, 0xf6, 0x57, 0x78, 0x6f, 0xfd, 0x33, 0xcd, 0x3c, 0xed,
- 0xfd, 0xd4, 0x41, 0xe6, 0x5c, 0x8b, 0xe0, 0x68, 0x31, 0x47, 0x47, 0xaf,
- 0x12, 0xa7, 0xf9, 0x32, 0x0d, 0x94, 0x15, 0x48, 0xd0, 0x54, 0x85, 0xb2,
- 0x04, 0xb5, 0x4d, 0xd4, 0x9d, 0x05, 0x22, 0x25, 0xd9, 0xfd, 0x6c, 0x36,
- 0xef, 0xbe, 0x69, 0x6c, 0x55, 0xf4, 0xee, 0xec
- };
-
-static const unsigned char str1[]="12345678901234567890";
-
-void FIPS_corrupt_dsa()
- {
- ++seed[0];
- }
-
-int FIPS_selftest_dsa()
- {
- DSA *dsa=NULL;
- int counter,i,j, ret = 0;
- unsigned int slen;
- unsigned char buf[256];
- unsigned long h;
- EVP_MD_CTX mctx;
- EVP_PKEY pk;
-
- EVP_MD_CTX_init(&mctx);
-
- dsa = FIPS_dsa_new();
-
- if(dsa == NULL)
- goto err;
- if(!DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,NULL))
- goto err;
- if (counter != 378)
- goto err;
- if (h != 2)
- goto err;
- i=BN_bn2bin(dsa->q,buf);
- j=sizeof(out_q);
- if (i != j || memcmp(buf,out_q,i) != 0)
- goto err;
-
- i=BN_bn2bin(dsa->p,buf);
- j=sizeof(out_p);
- if (i != j || memcmp(buf,out_p,i) != 0)
- goto err;
-
- i=BN_bn2bin(dsa->g,buf);
- j=sizeof(out_g);
- if (i != j || memcmp(buf,out_g,i) != 0)
- goto err;
- DSA_generate_key(dsa);
- pk.type = EVP_PKEY_DSA;
- pk.pkey.dsa = dsa;
-
- if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
- goto err;
- if (!EVP_SignUpdate(&mctx, str1, 20))
- goto err;
- if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
- goto err;
-
- if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
- goto err;
- if (!EVP_VerifyUpdate(&mctx, str1, 20))
- goto err;
- if (EVP_VerifyFinal(&mctx, buf, slen, &pk) != 1)
- goto err;
-
- ret = 1;
-
- err:
- EVP_MD_CTX_cleanup(&mctx);
- if (dsa)
- FIPS_dsa_free(dsa);
- if (ret == 0)
- FIPSerr(FIPS_F_FIPS_SELFTEST_DSA,FIPS_R_SELFTEST_FAILED);
- return ret;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_selftest.c (from rev 6976, vendor-crypto/openssl/dist/fips/dsa/fips_dsa_selftest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_selftest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,180 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/dsa.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_FIPS
+
+/* seed, out_p, out_q, out_g are taken the NIST test vectors */
+
+static unsigned char seed[20] = {
+ 0x77, 0x8f, 0x40, 0x74, 0x6f, 0x66, 0xbe, 0x33, 0xce, 0xbe, 0x99, 0x34,
+ 0x4c, 0xfc, 0xf3, 0x28, 0xaa, 0x70, 0x2d, 0x3a
+};
+
+static unsigned char out_p[] = {
+ 0xf7, 0x7c, 0x1b, 0x83, 0xd8, 0xe8, 0x5c, 0x7f, 0x85, 0x30, 0x17, 0x57,
+ 0x21, 0x95, 0xfe, 0x26, 0x04, 0xeb, 0x47, 0x4c, 0x3a, 0x4a, 0x81, 0x4b,
+ 0x71, 0x2e, 0xed, 0x6e, 0x4f, 0x3d, 0x11, 0x0f, 0x7c, 0xfe, 0x36, 0x43,
+ 0x51, 0xd9, 0x81, 0x39, 0x17, 0xdf, 0x62, 0xf6, 0x9c, 0x01, 0xa8, 0x69,
+ 0x71, 0xdd, 0x29, 0x7f, 0x47, 0xe6, 0x65, 0xa6, 0x22, 0xe8, 0x6a, 0x12,
+ 0x2b, 0xc2, 0x81, 0xff, 0x32, 0x70, 0x2f, 0x9e, 0xca, 0x53, 0x26, 0x47,
+ 0x0f, 0x59, 0xd7, 0x9e, 0x2c, 0xa5, 0x07, 0xc4, 0x49, 0x52, 0xa3, 0xe4,
+ 0x6b, 0x04, 0x00, 0x25, 0x49, 0xe2, 0xe6, 0x7f, 0x28, 0x78, 0x97, 0xb8,
+ 0x3a, 0x32, 0x14, 0x38, 0xa2, 0x51, 0x33, 0x22, 0x44, 0x7e, 0xd7, 0xef,
+ 0x45, 0xdb, 0x06, 0x4a, 0xd2, 0x82, 0x4a, 0x82, 0x2c, 0xb1, 0xd7, 0xd8,
+ 0xb6, 0x73, 0x00, 0x4d, 0x94, 0x77, 0x94, 0xef
+};
+
+static unsigned char out_q[] = {
+ 0xd4, 0x0a, 0xac, 0x9f, 0xbd, 0x8c, 0x80, 0xc2, 0x38, 0x7e, 0x2e, 0x0c,
+ 0x52, 0x5c, 0xea, 0x34, 0xa1, 0x83, 0x32, 0xf3
+};
+
+static unsigned char out_g[] = {
+ 0x34, 0x73, 0x8b, 0x57, 0x84, 0x8e, 0x55, 0xbf, 0x57, 0xcc, 0x41, 0xbb,
+ 0x5e, 0x2b, 0xd5, 0x42, 0xdd, 0x24, 0x22, 0x2a, 0x09, 0xea, 0x26, 0x1e,
+ 0x17, 0x65, 0xcb, 0x1a, 0xb3, 0x12, 0x44, 0xa3, 0x9e, 0x99, 0xe9, 0x63,
+ 0xeb, 0x30, 0xb1, 0x78, 0x7b, 0x09, 0x40, 0x30, 0xfa, 0x83, 0xc2, 0x35,
+ 0xe1, 0xc4, 0x2d, 0x74, 0x1a, 0xb1, 0x83, 0x54, 0xd8, 0x29, 0xf4, 0xcf,
+ 0x7f, 0x6f, 0x67, 0x1c, 0x36, 0x49, 0xee, 0x6c, 0xa2, 0x3c, 0x2d, 0x6a,
+ 0xe9, 0xd3, 0x9a, 0xf6, 0x57, 0x78, 0x6f, 0xfd, 0x33, 0xcd, 0x3c, 0xed,
+ 0xfd, 0xd4, 0x41, 0xe6, 0x5c, 0x8b, 0xe0, 0x68, 0x31, 0x47, 0x47, 0xaf,
+ 0x12, 0xa7, 0xf9, 0x32, 0x0d, 0x94, 0x15, 0x48, 0xd0, 0x54, 0x85, 0xb2,
+ 0x04, 0xb5, 0x4d, 0xd4, 0x9d, 0x05, 0x22, 0x25, 0xd9, 0xfd, 0x6c, 0x36,
+ 0xef, 0xbe, 0x69, 0x6c, 0x55, 0xf4, 0xee, 0xec
+};
+
+static const unsigned char str1[] = "12345678901234567890";
+
+void FIPS_corrupt_dsa()
+{
+ ++seed[0];
+}
+
+int FIPS_selftest_dsa()
+{
+ DSA *dsa = NULL;
+ int counter, i, j, ret = 0;
+ unsigned int slen;
+ unsigned char buf[256];
+ unsigned long h;
+ EVP_MD_CTX mctx;
+ EVP_PKEY pk;
+
+ EVP_MD_CTX_init(&mctx);
+
+ dsa = FIPS_dsa_new();
+
+ if (dsa == NULL)
+ goto err;
+ if (!DSA_generate_parameters_ex(dsa, 1024, seed, 20, &counter, &h, NULL))
+ goto err;
+ if (counter != 378)
+ goto err;
+ if (h != 2)
+ goto err;
+ i = BN_bn2bin(dsa->q, buf);
+ j = sizeof(out_q);
+ if (i != j || memcmp(buf, out_q, i) != 0)
+ goto err;
+
+ i = BN_bn2bin(dsa->p, buf);
+ j = sizeof(out_p);
+ if (i != j || memcmp(buf, out_p, i) != 0)
+ goto err;
+
+ i = BN_bn2bin(dsa->g, buf);
+ j = sizeof(out_g);
+ if (i != j || memcmp(buf, out_g, i) != 0)
+ goto err;
+ DSA_generate_key(dsa);
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
+
+ if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
+ goto err;
+ if (!EVP_SignUpdate(&mctx, str1, 20))
+ goto err;
+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
+ goto err;
+
+ if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
+ goto err;
+ if (!EVP_VerifyUpdate(&mctx, str1, 20))
+ goto err;
+ if (EVP_VerifyFinal(&mctx, buf, slen, &pk) != 1)
+ goto err;
+
+ ret = 1;
+
+ err:
+ EVP_MD_CTX_cleanup(&mctx);
+ if (dsa)
+ FIPS_dsa_free(dsa);
+ if (ret == 0)
+ FIPSerr(FIPS_F_FIPS_SELFTEST_DSA, FIPS_R_SELFTEST_FAILED);
+ return ret;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_sign.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dsa/fips_dsa_sign.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,258 +0,0 @@
-/* fips_dsa_sign.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/dsa.h>
-#include <openssl/err.h>
-#include <openssl/sha.h>
-#include <openssl/bn.h>
-
-#ifdef OPENSSL_FIPS
-
-/* FIPS versions of DSA_sign() and DSA_verify().
- * These include a tiny ASN1 encoder/decoder to handle the specific
- * case of a DSA signature.
- */
-
-#if 0
-int FIPS_dsa_size(DSA *r)
- {
- int ilen;
- ilen = BN_num_bytes(r->q);
- if (ilen > 20)
- return -1;
- /* If MSB set need padding byte */
- ilen ++;
- /* Also need 2 bytes INTEGER header for r and s plus
- * 2 bytes SEQUENCE header making 6 in total.
- */
- return ilen * 2 + 6;
- }
-#endif
-
-/* Tiny ASN1 encoder for DSA_SIG structure. We can assume r, s smaller than
- * 0x80 octets as by the DSA standards they will be less than 2^160
- */
-
-int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig)
- {
- int rlen, slen, rpad, spad, seqlen;
- rlen = BN_num_bytes(sig->r);
- if (rlen > 20)
- return -1;
- if (BN_num_bits(sig->r) & 0x7)
- rpad = 0;
- else
- rpad = 1;
- slen = BN_num_bytes(sig->s);
- if (slen > 20)
- return -1;
- if (BN_num_bits(sig->s) & 0x7)
- spad = 0;
- else
- spad = 1;
- /* Length of SEQUENCE, (1 tag + 1 len octet) * 2 + content octets */
- seqlen = rlen + rpad + slen + spad + 4;
- /* Actual encoded length: include SEQUENCE header */
- if (!out)
- return seqlen + 2;
-
- /* Output SEQUENCE header */
- *out++ = V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED;
- *out++ = (unsigned char)seqlen;
-
- /* Output r */
- *out++ = V_ASN1_INTEGER;
- *out++ = (unsigned char)(rlen + rpad);
- if (rpad)
- *out++ = 0;
- BN_bn2bin(sig->r, out);
- out += rlen;
-
- /* Output s */
- *out++ = V_ASN1_INTEGER;
- *out++ = (unsigned char)(slen + spad);
- if (spad)
- *out++ = 0;
- BN_bn2bin(sig->s, out);
- return seqlen + 2;
- }
-
-/* Companion DSA_SIG decoder */
-
-int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen)
- {
- int seqlen, rlen, slen;
- const unsigned char *rbin;
- /* Sanity check */
-
- /* Need SEQUENCE tag */
- if (*in++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
- return 0;
- /* Get length octet */
- seqlen = *in++;
- /* Check sensible length value */
- if (seqlen < 4 || seqlen > 0x7F)
- return 0;
- /* Check INTEGER tag */
- if (*in++ != V_ASN1_INTEGER)
- return 0;
- rlen = *in++;
- seqlen -= 2 + rlen;
- /* Check sensible seqlen value */
- if (seqlen < 2)
- return 0;
- rbin = in;
- in += rlen;
- /* Check INTEGER tag */
- if (*in++ != V_ASN1_INTEGER)
- return 0;
- slen = *in++;
- /* Remaining bytes of SEQUENCE should exactly match
- * encoding of s
- */
- if (seqlen != (slen + 2))
- return 0;
- if (!sig->r && !(sig->r = BN_new()))
- return 0;
- if (!sig->s && !(sig->s = BN_new()))
- return 0;
- if (!BN_bin2bn(rbin, rlen, sig->r))
- return 0;
- if (!BN_bin2bn(in, slen, sig->s))
- return 0;
- return 1;
- }
-
-static int fips_dsa_sign(int type, const unsigned char *x, int y,
- unsigned char *sig, unsigned int *siglen, EVP_MD_SVCTX *sv)
- {
- DSA *dsa = sv->key;
- unsigned char dig[EVP_MAX_MD_SIZE];
- unsigned int dlen;
- DSA_SIG *s;
- EVP_DigestFinal_ex(sv->mctx, dig, &dlen);
- s=dsa->meth->dsa_do_sign(dig,dlen,dsa);
- OPENSSL_cleanse(dig, dlen);
- if (s == NULL)
- {
- *siglen=0;
- return 0;
- }
- *siglen= FIPS_dsa_sig_encode(sig, s);
- DSA_SIG_free(s);
- if (*siglen < 0)
- return 0;
- return 1;
- }
-
-static int fips_dsa_verify(int type, const unsigned char *x, int y,
- const unsigned char *sigbuf, unsigned int siglen, EVP_MD_SVCTX *sv)
- {
- DSA *dsa = sv->key;
- DSA_SIG *s;
- int ret=-1;
- unsigned char dig[EVP_MAX_MD_SIZE];
- unsigned int dlen;
-
- s = DSA_SIG_new();
- if (s == NULL)
- return ret;
- if (!FIPS_dsa_sig_decode(s,sigbuf,siglen))
- goto err;
- EVP_DigestFinal_ex(sv->mctx, dig, &dlen);
- ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
- OPENSSL_cleanse(dig, dlen);
-err:
- DSA_SIG_free(s);
- return ret;
- }
-
-static int init(EVP_MD_CTX *ctx)
- { return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return SHA1_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD dss1_md=
- {
- NID_dsa,
- NID_dsaWithSHA1,
- SHA_DIGEST_LENGTH,
- EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
- init,
- update,
- final,
- NULL,
- NULL,
- (evp_sign_method *)fips_dsa_sign,
- (evp_verify_method *)fips_dsa_verify,
- {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, EVP_PKEY_DSA4,0},
- SHA_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA_CTX),
- };
-
-const EVP_MD *EVP_dss1(void)
- {
- return(&dss1_md);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_sign.c (from rev 6976, vendor-crypto/openssl/dist/fips/dsa/fips_dsa_sign.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_sign.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsa_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,267 @@
+/* fips_dsa_sign.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/dsa.h>
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/bn.h>
+
+#ifdef OPENSSL_FIPS
+
+/*
+ * FIPS versions of DSA_sign() and DSA_verify(). These include a tiny ASN1
+ * encoder/decoder to handle the specific case of a DSA signature.
+ */
+
+# if 0
+int FIPS_dsa_size(DSA *r)
+{
+ int ilen;
+ ilen = BN_num_bytes(r->q);
+ if (ilen > 20)
+ return -1;
+ /* If MSB set need padding byte */
+ ilen++;
+ /*
+ * Also need 2 bytes INTEGER header for r and s plus 2 bytes SEQUENCE
+ * header making 6 in total.
+ */
+ return ilen * 2 + 6;
+}
+# endif
+
+/*
+ * Tiny ASN1 encoder for DSA_SIG structure. We can assume r, s smaller than
+ * 0x80 octets as by the DSA standards they will be less than 2^160
+ */
+
+int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig)
+{
+ int rlen, slen, rpad, spad, seqlen;
+ rlen = BN_num_bytes(sig->r);
+ if (rlen > 20)
+ return -1;
+ if (BN_num_bits(sig->r) & 0x7)
+ rpad = 0;
+ else
+ rpad = 1;
+ slen = BN_num_bytes(sig->s);
+ if (slen > 20)
+ return -1;
+ if (BN_num_bits(sig->s) & 0x7)
+ spad = 0;
+ else
+ spad = 1;
+ /* Length of SEQUENCE, (1 tag + 1 len octet) * 2 + content octets */
+ seqlen = rlen + rpad + slen + spad + 4;
+ /* Actual encoded length: include SEQUENCE header */
+ if (!out)
+ return seqlen + 2;
+
+ /* Output SEQUENCE header */
+ *out++ = V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED;
+ *out++ = (unsigned char)seqlen;
+
+ /* Output r */
+ *out++ = V_ASN1_INTEGER;
+ *out++ = (unsigned char)(rlen + rpad);
+ if (rpad)
+ *out++ = 0;
+ BN_bn2bin(sig->r, out);
+ out += rlen;
+
+ /* Output s */
+ *out++ = V_ASN1_INTEGER;
+ *out++ = (unsigned char)(slen + spad);
+ if (spad)
+ *out++ = 0;
+ BN_bn2bin(sig->s, out);
+ return seqlen + 2;
+}
+
+/* Companion DSA_SIG decoder */
+
+int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen)
+{
+ int seqlen, rlen, slen;
+ const unsigned char *rbin;
+ /* Sanity check */
+
+ /* Need SEQUENCE tag */
+ if (*in++ != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED))
+ return 0;
+ /* Get length octet */
+ seqlen = *in++;
+ /* Check sensible length value */
+ if (seqlen < 4 || seqlen > 0x7F)
+ return 0;
+ /* Check INTEGER tag */
+ if (*in++ != V_ASN1_INTEGER)
+ return 0;
+ rlen = *in++;
+ seqlen -= 2 + rlen;
+ /* Check sensible seqlen value */
+ if (seqlen < 2)
+ return 0;
+ rbin = in;
+ in += rlen;
+ /* Check INTEGER tag */
+ if (*in++ != V_ASN1_INTEGER)
+ return 0;
+ slen = *in++;
+ /*
+ * Remaining bytes of SEQUENCE should exactly match encoding of s
+ */
+ if (seqlen != (slen + 2))
+ return 0;
+ if (!sig->r && !(sig->r = BN_new()))
+ return 0;
+ if (!sig->s && !(sig->s = BN_new()))
+ return 0;
+ if (!BN_bin2bn(rbin, rlen, sig->r))
+ return 0;
+ if (!BN_bin2bn(in, slen, sig->s))
+ return 0;
+ return 1;
+}
+
+static int fips_dsa_sign(int type, const unsigned char *x, int y,
+ unsigned char *sig, unsigned int *siglen,
+ EVP_MD_SVCTX * sv)
+{
+ DSA *dsa = sv->key;
+ unsigned char dig[EVP_MAX_MD_SIZE];
+ unsigned int dlen;
+ DSA_SIG *s;
+ EVP_DigestFinal_ex(sv->mctx, dig, &dlen);
+ s = dsa->meth->dsa_do_sign(dig, dlen, dsa);
+ OPENSSL_cleanse(dig, dlen);
+ if (s == NULL) {
+ *siglen = 0;
+ return 0;
+ }
+ *siglen = FIPS_dsa_sig_encode(sig, s);
+ DSA_SIG_free(s);
+ if (*siglen < 0)
+ return 0;
+ return 1;
+}
+
+static int fips_dsa_verify(int type, const unsigned char *x, int y,
+ const unsigned char *sigbuf, unsigned int siglen,
+ EVP_MD_SVCTX * sv)
+{
+ DSA *dsa = sv->key;
+ DSA_SIG *s;
+ int ret = -1;
+ unsigned char dig[EVP_MAX_MD_SIZE];
+ unsigned int dlen;
+
+ s = DSA_SIG_new();
+ if (s == NULL)
+ return ret;
+ if (!FIPS_dsa_sig_decode(s, sigbuf, siglen))
+ goto err;
+ EVP_DigestFinal_ex(sv->mctx, dig, &dlen);
+ ret = dsa->meth->dsa_do_verify(dig, dlen, s, dsa);
+ OPENSSL_cleanse(dig, dlen);
+ err:
+ DSA_SIG_free(s);
+ return ret;
+}
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return SHA1_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA1_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA1_Final(md, ctx->md_data);
+}
+
+static const EVP_MD dss1_md = {
+ NID_dsa,
+ NID_dsaWithSHA1,
+ SHA_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS | EVP_MD_FLAG_SVCTX,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ (evp_sign_method *) fips_dsa_sign,
+ (evp_verify_method *) fips_dsa_verify,
+ {EVP_PKEY_DSA, EVP_PKEY_DSA2, EVP_PKEY_DSA3, EVP_PKEY_DSA4, 0},
+ SHA_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
+
+const EVP_MD *EVP_dss1(void)
+{
+ return (&dss1_md);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsatest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dsa/fips_dsatest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsatest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,271 +0,0 @@
-/* crypto/dsa/dsatest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include "e_os.h"
-
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-
-#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
-int main(int argc, char *argv[])
-{
- printf("No FIPS DSA support\n");
- return(0);
-}
-#else
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
-#include <openssl/dsa.h>
-
-#ifdef OPENSSL_SYS_WIN16
-#define MS_CALLBACK _far _loadds
-#else
-#define MS_CALLBACK
-#endif
-
-#include "fips_utl.h"
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
-
-/* seed, out_p, out_q, out_g are taken from the earlier validation test
- * vectors.
- */
-
-static unsigned char seed[20] = {
- 0x1c, 0xfb, 0xa9, 0x6c, 0xf7, 0x95, 0xb3, 0x2e, 0x01, 0x01, 0x3c, 0x8d,
- 0x7f, 0x6e, 0xf4, 0x59, 0xcc, 0x2f, 0x19, 0x59
- };
-
-static unsigned char out_p[] = {
- 0xc2, 0x3c, 0x48, 0x31, 0x7e, 0x3b, 0x4e, 0x5d, 0x3c, 0x93, 0x78, 0x60,
- 0x5c, 0xf2, 0x60, 0xbb, 0x5a, 0xfa, 0x7f, 0x17, 0xf9, 0x26, 0x69, 0x46,
- 0xe7, 0x07, 0xbb, 0x3b, 0x2e, 0xc4, 0xb5, 0x66, 0xf7, 0x4d, 0xae, 0x9b,
- 0x8f, 0xf0, 0x42, 0xea, 0xb3, 0xa0, 0x7e, 0x81, 0x85, 0x89, 0xe6, 0xb0,
- 0x29, 0x03, 0x6b, 0xcc, 0xfb, 0x8e, 0x46, 0x15, 0x4d, 0xc1, 0x69, 0xd8,
- 0x2f, 0xef, 0x5c, 0x8b, 0x29, 0x32, 0x41, 0xbd, 0x13, 0x72, 0x3d, 0xac,
- 0x81, 0xcc, 0x86, 0x6c, 0x06, 0x5d, 0x51, 0xa1, 0xa5, 0x07, 0x0c, 0x3e,
- 0xbe, 0xdd, 0xf4, 0x6e, 0xa8, 0xed, 0xb4, 0x2f, 0xbd, 0x3e, 0x64, 0xea,
- 0xee, 0x92, 0xec, 0x51, 0xe1, 0x0d, 0xab, 0x25, 0x45, 0xae, 0x55, 0x21,
- 0x4d, 0xd6, 0x96, 0x6f, 0xe6, 0xaa, 0xd3, 0xca, 0x87, 0x92, 0xb1, 0x1c,
- 0x3c, 0xaf, 0x29, 0x09, 0x8b, 0xc6, 0xed, 0xe1
- };
-
-static unsigned char out_q[] = {
- 0xae, 0x0a, 0x8c, 0xfb, 0x80, 0xe1, 0xc6, 0xd1, 0x09, 0x0f, 0x26, 0xde,
- 0x91, 0x53, 0xc2, 0x8b, 0x2b, 0x0f, 0xde, 0x7f
- };
-
-static unsigned char out_g[] = {
- 0x0d, 0x7d, 0x92, 0x74, 0x10, 0xf6, 0xa4, 0x43, 0x86, 0x9a, 0xd1, 0xd9,
- 0x56, 0x00, 0xbc, 0x18, 0x97, 0x99, 0x4e, 0x9a, 0x93, 0xfb, 0x00, 0x3d,
- 0x6c, 0xa0, 0x1b, 0x95, 0x6b, 0xbd, 0xf7, 0x7a, 0xbc, 0x36, 0x3f, 0x3d,
- 0xb9, 0xbf, 0xf9, 0x91, 0x37, 0x68, 0xd1, 0xb9, 0x1e, 0xfe, 0x7f, 0x10,
- 0xc0, 0x6a, 0xcd, 0x5f, 0xc1, 0x65, 0x1a, 0xb8, 0xe7, 0xab, 0xb5, 0xc6,
- 0x8d, 0xb7, 0x86, 0xad, 0x3a, 0xbf, 0x6b, 0x7b, 0x0a, 0x66, 0xbe, 0xd5,
- 0x58, 0x23, 0x16, 0x48, 0x83, 0x29, 0xb6, 0xa7, 0x64, 0xc7, 0x08, 0xbe,
- 0x55, 0x4c, 0x6f, 0xcb, 0x34, 0xc1, 0x73, 0xb0, 0x39, 0x68, 0x52, 0xdf,
- 0x27, 0x7f, 0x32, 0xbc, 0x2b, 0x0d, 0x63, 0xed, 0x75, 0x3e, 0xb5, 0x54,
- 0xac, 0xc8, 0x20, 0x2a, 0x73, 0xe8, 0x29, 0x51, 0x03, 0x77, 0xe8, 0xc9,
- 0x61, 0x32, 0x25, 0xaf, 0x21, 0x5b, 0x6e, 0xda
- };
-
-
-static const unsigned char str1[]="12345678901234567890";
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int main(int argc, char **argv)
- {
- DSA *dsa=NULL;
- EVP_PKEY pk;
- int counter,ret=0,i,j;
- unsigned int slen;
- unsigned char buf[256];
- unsigned long h;
- BN_GENCB cb;
- EVP_MD_CTX mctx;
- BN_GENCB_set(&cb, dsa_cb, stderr);
- EVP_MD_CTX_init(&mctx);
-
- if(!FIPS_mode_set(1))
- {
- do_print_errors();
- EXIT(1);
- }
-
- fprintf(stderr,"test generation of DSA parameters\n");
-
- dsa = FIPS_dsa_new();
- DSA_generate_parameters_ex(dsa, 1024,seed,20,&counter,&h,&cb);
-
- fprintf(stderr,"seed\n");
- for (i=0; i<20; i+=4)
- {
- fprintf(stderr,"%02X%02X%02X%02X ",
- seed[i],seed[i+1],seed[i+2],seed[i+3]);
- }
- fprintf(stderr,"\ncounter=%d h=%ld\n",counter,h);
-
- if (dsa == NULL) goto end;
- if (counter != 16)
- {
- fprintf(stderr,"counter should be 105\n");
- goto end;
- }
- if (h != 2)
- {
- fprintf(stderr,"h should be 2\n");
- goto end;
- }
-
- i=BN_bn2bin(dsa->q,buf);
- j=sizeof(out_q);
- if ((i != j) || (memcmp(buf,out_q,i) != 0))
- {
- fprintf(stderr,"q value is wrong\n");
- goto end;
- }
-
- i=BN_bn2bin(dsa->p,buf);
- j=sizeof(out_p);
- if ((i != j) || (memcmp(buf,out_p,i) != 0))
- {
- fprintf(stderr,"p value is wrong\n");
- goto end;
- }
-
- i=BN_bn2bin(dsa->g,buf);
- j=sizeof(out_g);
- if ((i != j) || (memcmp(buf,out_g,i) != 0))
- {
- fprintf(stderr,"g value is wrong\n");
- goto end;
- }
- DSA_generate_key(dsa);
- pk.type = EVP_PKEY_DSA;
- pk.pkey.dsa = dsa;
-
- if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
- goto end;
- if (!EVP_SignUpdate(&mctx, str1, 20))
- goto end;
- if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
- goto end;
-
- if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
- goto end;
- if (!EVP_VerifyUpdate(&mctx, str1, 20))
- goto end;
- if (EVP_VerifyFinal(&mctx, buf, slen, &pk) != 1)
- goto end;
-
- ret = 1;
-
-end:
- if (!ret)
- do_print_errors();
- if (dsa != NULL) FIPS_dsa_free(dsa);
- EVP_MD_CTX_cleanup(&mctx);
-#if 0
- CRYPTO_mem_leaks(bio_err);
-#endif
- EXIT(!ret);
- return(!ret);
- }
-
-static int cb_exit(int ec)
- {
- EXIT(ec);
- return(0); /* To keep some compilers quiet */
- }
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
- {
- char c='*';
- static int ok=0,num=0;
-
- if (p == 0) { c='.'; num++; };
- if (p == 1) c='+';
- if (p == 2) { c='*'; ok++; }
- if (p == 3) c='\n';
- fwrite(&c,1, 1, cb->arg);
- fflush(cb->arg);
-
- if (!ok && (p == 0) && (num > 1))
- {
- fprintf(cb->arg,"error in dsatest\n");
- cb_exit(1);
- }
- return 1;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsatest.c (from rev 6976, vendor-crypto/openssl/dist/fips/dsa/fips_dsatest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsatest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dsatest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,273 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+#if defined(OPENSSL_NO_DSA) || !defined(OPENSSL_FIPS)
+int main(int argc, char *argv[])
+{
+ printf("No FIPS DSA support\n");
+ return (0);
+}
+#else
+# include <openssl/dsa.h>
+# include <openssl/fips.h>
+# include <openssl/fips_rand.h>
+# include <openssl/dsa.h>
+
+# ifdef OPENSSL_SYS_WIN16
+# define MS_CALLBACK _far _loadds
+# else
+# define MS_CALLBACK
+# endif
+
+# include "fips_utl.h"
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
+
+/*
+ * seed, out_p, out_q, out_g are taken from the earlier validation test
+ * vectors.
+ */
+
+static unsigned char seed[20] = {
+ 0x1c, 0xfb, 0xa9, 0x6c, 0xf7, 0x95, 0xb3, 0x2e, 0x01, 0x01, 0x3c, 0x8d,
+ 0x7f, 0x6e, 0xf4, 0x59, 0xcc, 0x2f, 0x19, 0x59
+};
+
+static unsigned char out_p[] = {
+ 0xc2, 0x3c, 0x48, 0x31, 0x7e, 0x3b, 0x4e, 0x5d, 0x3c, 0x93, 0x78, 0x60,
+ 0x5c, 0xf2, 0x60, 0xbb, 0x5a, 0xfa, 0x7f, 0x17, 0xf9, 0x26, 0x69, 0x46,
+ 0xe7, 0x07, 0xbb, 0x3b, 0x2e, 0xc4, 0xb5, 0x66, 0xf7, 0x4d, 0xae, 0x9b,
+ 0x8f, 0xf0, 0x42, 0xea, 0xb3, 0xa0, 0x7e, 0x81, 0x85, 0x89, 0xe6, 0xb0,
+ 0x29, 0x03, 0x6b, 0xcc, 0xfb, 0x8e, 0x46, 0x15, 0x4d, 0xc1, 0x69, 0xd8,
+ 0x2f, 0xef, 0x5c, 0x8b, 0x29, 0x32, 0x41, 0xbd, 0x13, 0x72, 0x3d, 0xac,
+ 0x81, 0xcc, 0x86, 0x6c, 0x06, 0x5d, 0x51, 0xa1, 0xa5, 0x07, 0x0c, 0x3e,
+ 0xbe, 0xdd, 0xf4, 0x6e, 0xa8, 0xed, 0xb4, 0x2f, 0xbd, 0x3e, 0x64, 0xea,
+ 0xee, 0x92, 0xec, 0x51, 0xe1, 0x0d, 0xab, 0x25, 0x45, 0xae, 0x55, 0x21,
+ 0x4d, 0xd6, 0x96, 0x6f, 0xe6, 0xaa, 0xd3, 0xca, 0x87, 0x92, 0xb1, 0x1c,
+ 0x3c, 0xaf, 0x29, 0x09, 0x8b, 0xc6, 0xed, 0xe1
+};
+
+static unsigned char out_q[] = {
+ 0xae, 0x0a, 0x8c, 0xfb, 0x80, 0xe1, 0xc6, 0xd1, 0x09, 0x0f, 0x26, 0xde,
+ 0x91, 0x53, 0xc2, 0x8b, 0x2b, 0x0f, 0xde, 0x7f
+};
+
+static unsigned char out_g[] = {
+ 0x0d, 0x7d, 0x92, 0x74, 0x10, 0xf6, 0xa4, 0x43, 0x86, 0x9a, 0xd1, 0xd9,
+ 0x56, 0x00, 0xbc, 0x18, 0x97, 0x99, 0x4e, 0x9a, 0x93, 0xfb, 0x00, 0x3d,
+ 0x6c, 0xa0, 0x1b, 0x95, 0x6b, 0xbd, 0xf7, 0x7a, 0xbc, 0x36, 0x3f, 0x3d,
+ 0xb9, 0xbf, 0xf9, 0x91, 0x37, 0x68, 0xd1, 0xb9, 0x1e, 0xfe, 0x7f, 0x10,
+ 0xc0, 0x6a, 0xcd, 0x5f, 0xc1, 0x65, 0x1a, 0xb8, 0xe7, 0xab, 0xb5, 0xc6,
+ 0x8d, 0xb7, 0x86, 0xad, 0x3a, 0xbf, 0x6b, 0x7b, 0x0a, 0x66, 0xbe, 0xd5,
+ 0x58, 0x23, 0x16, 0x48, 0x83, 0x29, 0xb6, 0xa7, 0x64, 0xc7, 0x08, 0xbe,
+ 0x55, 0x4c, 0x6f, 0xcb, 0x34, 0xc1, 0x73, 0xb0, 0x39, 0x68, 0x52, 0xdf,
+ 0x27, 0x7f, 0x32, 0xbc, 0x2b, 0x0d, 0x63, 0xed, 0x75, 0x3e, 0xb5, 0x54,
+ 0xac, 0xc8, 0x20, 0x2a, 0x73, 0xe8, 0x29, 0x51, 0x03, 0x77, 0xe8, 0xc9,
+ 0x61, 0x32, 0x25, 0xaf, 0x21, 0x5b, 0x6e, 0xda
+};
+
+static const unsigned char str1[] = "12345678901234567890";
+
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+
+int main(int argc, char **argv)
+{
+ DSA *dsa = NULL;
+ EVP_PKEY pk;
+ int counter, ret = 0, i, j;
+ unsigned int slen;
+ unsigned char buf[256];
+ unsigned long h;
+ BN_GENCB cb;
+ EVP_MD_CTX mctx;
+ BN_GENCB_set(&cb, dsa_cb, stderr);
+ EVP_MD_CTX_init(&mctx);
+
+ if (!FIPS_mode_set(1)) {
+ do_print_errors();
+ EXIT(1);
+ }
+
+ fprintf(stderr, "test generation of DSA parameters\n");
+
+ dsa = FIPS_dsa_new();
+ DSA_generate_parameters_ex(dsa, 1024, seed, 20, &counter, &h, &cb);
+
+ fprintf(stderr, "seed\n");
+ for (i = 0; i < 20; i += 4) {
+ fprintf(stderr, "%02X%02X%02X%02X ",
+ seed[i], seed[i + 1], seed[i + 2], seed[i + 3]);
+ }
+ fprintf(stderr, "\ncounter=%d h=%ld\n", counter, h);
+
+ if (dsa == NULL)
+ goto end;
+ if (counter != 16) {
+ fprintf(stderr, "counter should be 105\n");
+ goto end;
+ }
+ if (h != 2) {
+ fprintf(stderr, "h should be 2\n");
+ goto end;
+ }
+
+ i = BN_bn2bin(dsa->q, buf);
+ j = sizeof(out_q);
+ if ((i != j) || (memcmp(buf, out_q, i) != 0)) {
+ fprintf(stderr, "q value is wrong\n");
+ goto end;
+ }
+
+ i = BN_bn2bin(dsa->p, buf);
+ j = sizeof(out_p);
+ if ((i != j) || (memcmp(buf, out_p, i) != 0)) {
+ fprintf(stderr, "p value is wrong\n");
+ goto end;
+ }
+
+ i = BN_bn2bin(dsa->g, buf);
+ j = sizeof(out_g);
+ if ((i != j) || (memcmp(buf, out_g, i) != 0)) {
+ fprintf(stderr, "g value is wrong\n");
+ goto end;
+ }
+ DSA_generate_key(dsa);
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
+
+ if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
+ goto end;
+ if (!EVP_SignUpdate(&mctx, str1, 20))
+ goto end;
+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
+ goto end;
+
+ if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
+ goto end;
+ if (!EVP_VerifyUpdate(&mctx, str1, 20))
+ goto end;
+ if (EVP_VerifyFinal(&mctx, buf, slen, &pk) != 1)
+ goto end;
+
+ ret = 1;
+
+ end:
+ if (!ret)
+ do_print_errors();
+ if (dsa != NULL)
+ FIPS_dsa_free(dsa);
+ EVP_MD_CTX_cleanup(&mctx);
+# if 0
+ CRYPTO_mem_leaks(bio_err);
+# endif
+ EXIT(!ret);
+ return (!ret);
+}
+
+static int cb_exit(int ec)
+{
+ EXIT(ec);
+ return (0); /* To keep some compilers quiet */
+}
+
+static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
+{
+ char c = '*';
+ static int ok = 0, num = 0;
+
+ if (p == 0) {
+ c = '.';
+ num++;
+ };
+ if (p == 1)
+ c = '+';
+ if (p == 2) {
+ c = '*';
+ ok++;
+ }
+ if (p == 3)
+ c = '\n';
+ fwrite(&c, 1, 1, cb->arg);
+ fflush(cb->arg);
+
+ if (!ok && (p == 0) && (num > 1)) {
+ fprintf(cb->arg, "error in dsatest\n");
+ cb_exit(1);
+ }
+ return 1;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dssvs.c
===================================================================
--- vendor-crypto/openssl/dist/fips/dsa/fips_dssvs.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dssvs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,537 +0,0 @@
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
- printf("No FIPS DSA support\n");
- return(0);
-}
-#else
-
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "fips_utl.h"
-
-static void pbn(const char *name, BIGNUM *bn)
- {
- int len, i;
- unsigned char *tmp;
- len = BN_num_bytes(bn);
- tmp = OPENSSL_malloc(len);
- if (!tmp)
- {
- fprintf(stderr, "Memory allocation error\n");
- return;
- }
- BN_bn2bin(bn, tmp);
- printf("%s = ", name);
- for (i = 0; i < len; i++)
- printf("%02X", tmp[i]);
- fputs("\n", stdout);
- OPENSSL_free(tmp);
- return;
- }
-
-static void primes()
- {
- char buf[10240];
- char lbuf[10240];
- char *keyword, *value;
-
- while(fgets(buf,sizeof buf,stdin) != NULL)
- {
- fputs(buf,stdout);
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- if(!strcmp(keyword,"Prime"))
- {
- BIGNUM *pp;
-
- pp=BN_new();
- do_hex2bn(&pp,value);
- printf("result= %c\n",
- BN_is_prime_ex(pp,20,NULL,NULL) ? 'P' : 'F');
- }
- }
- }
-
-static void pqg()
- {
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- int nmod=0;
-
- while(fgets(buf,sizeof buf,stdin) != NULL)
- {
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- fputs(buf,stdout);
- continue;
- }
- if(!strcmp(keyword,"[mod"))
- nmod=atoi(value);
- else if(!strcmp(keyword,"N"))
- {
- int n=atoi(value);
-
- printf("[mod = %d]\n\n",nmod);
-
- while(n--)
- {
- unsigned char seed[20];
- DSA *dsa;
- int counter;
- unsigned long h;
- dsa = FIPS_dsa_new();
-
- if (!DSA_generate_parameters_ex(dsa, nmod,seed,0,&counter,&h,NULL))
- {
- do_print_errors();
- exit(1);
- }
- pbn("P",dsa->p);
- pbn("Q",dsa->q);
- pbn("G",dsa->g);
- pv("Seed",seed,20);
- printf("c = %d\n",counter);
- printf("H = %lx\n",h);
- putc('\n',stdout);
- }
- }
- else
- fputs(buf,stdout);
- }
- }
-
-static void pqgver()
- {
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- BIGNUM *p = NULL, *q = NULL, *g = NULL;
- int counter, counter2;
- unsigned long h, h2;
- DSA *dsa=NULL;
- int nmod=0;
- unsigned char seed[1024];
-
- while(fgets(buf,sizeof buf,stdin) != NULL)
- {
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- fputs(buf,stdout);
- continue;
- }
- fputs(buf, stdout);
- if(!strcmp(keyword,"[mod"))
- nmod=atoi(value);
- else if(!strcmp(keyword,"P"))
- p=hex2bn(value);
- else if(!strcmp(keyword,"Q"))
- q=hex2bn(value);
- else if(!strcmp(keyword,"G"))
- g=hex2bn(value);
- else if(!strcmp(keyword,"Seed"))
- {
- int slen = hex2bin(value, seed);
- if (slen != 20)
- {
- fprintf(stderr, "Seed parse length error\n");
- exit (1);
- }
- }
- else if(!strcmp(keyword,"c"))
- counter =atoi(buf+4);
- else if(!strcmp(keyword,"H"))
- {
- h = atoi(value);
- if (!p || !q || !g)
- {
- fprintf(stderr, "Parse Error\n");
- exit (1);
- }
- dsa = FIPS_dsa_new();
- if (!DSA_generate_parameters_ex(dsa, nmod,seed,20 ,&counter2,&h2,NULL))
- {
- do_print_errors();
- exit(1);
- }
- if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
- || (counter != counter2) || (h != h2))
- printf("Result = F\n");
- else
- printf("Result = P\n");
- BN_free(p);
- BN_free(q);
- BN_free(g);
- p = NULL;
- q = NULL;
- g = NULL;
- FIPS_dsa_free(dsa);
- dsa = NULL;
- }
- }
- }
-
-/* Keypair verification routine. NB: this isn't part of the standard FIPS140-2
- * algorithm tests. It is an additional test to perform sanity checks on the
- * output of the KeyPair test.
- */
-
-static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
- BN_CTX *ctx)
- {
- BIGNUM *rem = NULL;
- if (BN_num_bits(p) != nmod)
- return 0;
- if (BN_num_bits(q) != 160)
- return 0;
- if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
- return 0;
- if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
- return 0;
- rem = BN_new();
- if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
- || (BN_cmp(g, BN_value_one()) <= 0)
- || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem))
- {
- BN_free(rem);
- return 0;
- }
- /* Todo: check g */
- BN_free(rem);
- return 1;
- }
-
-static void keyver()
- {
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
- BIGNUM *Y2;
- BN_CTX *ctx = NULL;
- int nmod=0, paramcheck = 0;
-
- ctx = BN_CTX_new();
- Y2 = BN_new();
-
- while(fgets(buf,sizeof buf,stdin) != NULL)
- {
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- fputs(buf,stdout);
- continue;
- }
- if(!strcmp(keyword,"[mod"))
- {
- if (p)
- BN_free(p);
- p = NULL;
- if (q)
- BN_free(q);
- q = NULL;
- if (g)
- BN_free(g);
- g = NULL;
- paramcheck = 0;
- nmod=atoi(value);
- }
- else if(!strcmp(keyword,"P"))
- p=hex2bn(value);
- else if(!strcmp(keyword,"Q"))
- q=hex2bn(value);
- else if(!strcmp(keyword,"G"))
- g=hex2bn(value);
- else if(!strcmp(keyword,"X"))
- X=hex2bn(value);
- else if(!strcmp(keyword,"Y"))
- {
- Y=hex2bn(value);
- if (!p || !q || !g || !X || !Y)
- {
- fprintf(stderr, "Parse Error\n");
- exit (1);
- }
- pbn("P",p);
- pbn("Q",q);
- pbn("G",g);
- pbn("X",X);
- pbn("Y",Y);
- if (!paramcheck)
- {
- if (dss_paramcheck(nmod, p, q, g, ctx))
- paramcheck = 1;
- else
- paramcheck = -1;
- }
- if (paramcheck != 1)
- printf("Result = F\n");
- else
- {
- if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
- printf("Result = F\n");
- else
- printf("Result = P\n");
- }
- BN_free(X);
- BN_free(Y);
- X = NULL;
- Y = NULL;
- }
- }
- if (p)
- BN_free(p);
- if (q)
- BN_free(q);
- if (g)
- BN_free(g);
- if (Y2)
- BN_free(Y2);
- }
-
-static void keypair()
- {
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- int nmod=0;
-
- while(fgets(buf,sizeof buf,stdin) != NULL)
- {
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- fputs(buf,stdout);
- continue;
- }
- if(!strcmp(keyword,"[mod"))
- nmod=atoi(value);
- else if(!strcmp(keyword,"N"))
- {
- DSA *dsa;
- int n=atoi(value);
-
- printf("[mod = %d]\n\n",nmod);
- dsa = FIPS_dsa_new();
- if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
- {
- do_print_errors();
- exit(1);
- }
- pbn("P",dsa->p);
- pbn("Q",dsa->q);
- pbn("G",dsa->g);
- putc('\n',stdout);
-
- while(n--)
- {
- if (!DSA_generate_key(dsa))
- {
- do_print_errors();
- exit(1);
- }
-
- pbn("X",dsa->priv_key);
- pbn("Y",dsa->pub_key);
- putc('\n',stdout);
- }
- }
- }
- }
-
-static void siggen()
- {
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- int nmod=0;
- DSA *dsa=NULL;
-
- while(fgets(buf,sizeof buf,stdin) != NULL)
- {
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- fputs(buf,stdout);
- continue;
- }
- if(!strcmp(keyword,"[mod"))
- {
- nmod=atoi(value);
- printf("[mod = %d]\n\n",nmod);
- if (dsa)
- FIPS_dsa_free(dsa);
- dsa = FIPS_dsa_new();
- if (!DSA_generate_parameters_ex(dsa, nmod,NULL,0,NULL,NULL,NULL))
- {
- do_print_errors();
- exit(1);
- }
- pbn("P",dsa->p);
- pbn("Q",dsa->q);
- pbn("G",dsa->g);
- putc('\n',stdout);
- }
- else if(!strcmp(keyword,"Msg"))
- {
- unsigned char msg[1024];
- unsigned char sbuf[60];
- unsigned int slen;
- int n;
- EVP_PKEY pk;
- EVP_MD_CTX mctx;
- DSA_SIG *sig;
- EVP_MD_CTX_init(&mctx);
-
- n=hex2bin(value,msg);
- pv("Msg",msg,n);
-
- if (!DSA_generate_key(dsa))
- {
- do_print_errors();
- exit(1);
- }
- pk.type = EVP_PKEY_DSA;
- pk.pkey.dsa = dsa;
- pbn("Y",dsa->pub_key);
-
- EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
- EVP_SignUpdate(&mctx, msg, n);
- EVP_SignFinal(&mctx, sbuf, &slen, &pk);
-
- sig = DSA_SIG_new();
- FIPS_dsa_sig_decode(sig, sbuf, slen);
-
- pbn("R",sig->r);
- pbn("S",sig->s);
- putc('\n',stdout);
- DSA_SIG_free(sig);
- EVP_MD_CTX_cleanup(&mctx);
- }
- }
- if (dsa)
- FIPS_dsa_free(dsa);
- }
-
-static void sigver()
- {
- DSA *dsa=NULL;
- char buf[1024];
- char lbuf[1024];
- unsigned char msg[1024];
- char *keyword, *value;
- int nmod=0, n=0;
- DSA_SIG sg, *sig = &sg;
-
- sig->r = NULL;
- sig->s = NULL;
-
- while(fgets(buf,sizeof buf,stdin) != NULL)
- {
- if (!parse_line(&keyword, &value, lbuf, buf))
- {
- fputs(buf,stdout);
- continue;
- }
- if(!strcmp(keyword,"[mod"))
- {
- nmod=atoi(value);
- if(dsa)
- FIPS_dsa_free(dsa);
- dsa=FIPS_dsa_new();
- }
- else if(!strcmp(keyword,"P"))
- dsa->p=hex2bn(value);
- else if(!strcmp(keyword,"Q"))
- dsa->q=hex2bn(value);
- else if(!strcmp(keyword,"G"))
- {
- dsa->g=hex2bn(value);
-
- printf("[mod = %d]\n\n",nmod);
- pbn("P",dsa->p);
- pbn("Q",dsa->q);
- pbn("G",dsa->g);
- putc('\n',stdout);
- }
- else if(!strcmp(keyword,"Msg"))
- {
- n=hex2bin(value,msg);
- pv("Msg",msg,n);
- }
- else if(!strcmp(keyword,"Y"))
- dsa->pub_key=hex2bn(value);
- else if(!strcmp(keyword,"R"))
- sig->r=hex2bn(value);
- else if(!strcmp(keyword,"S"))
- {
- EVP_MD_CTX mctx;
- EVP_PKEY pk;
- unsigned char sigbuf[60];
- unsigned int slen;
- int r;
- EVP_MD_CTX_init(&mctx);
- pk.type = EVP_PKEY_DSA;
- pk.pkey.dsa = dsa;
- sig->s=hex2bn(value);
-
- pbn("Y",dsa->pub_key);
- pbn("R",sig->r);
- pbn("S",sig->s);
-
- slen = FIPS_dsa_sig_encode(sigbuf, sig);
- EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
- EVP_VerifyUpdate(&mctx, msg, n);
- r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
- EVP_MD_CTX_cleanup(&mctx);
-
- printf("Result = %c\n", r == 1 ? 'P' : 'F');
- putc('\n',stdout);
- }
- }
- }
-
-int main(int argc,char **argv)
- {
- if(argc != 2)
- {
- fprintf(stderr,"%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",argv[0]);
- exit(1);
- }
- if(!FIPS_mode_set(1))
- {
- do_print_errors();
- exit(1);
- }
- if(!strcmp(argv[1],"prime"))
- primes();
- else if(!strcmp(argv[1],"pqg"))
- pqg();
- else if(!strcmp(argv[1],"pqgver"))
- pqgver();
- else if(!strcmp(argv[1],"keypair"))
- keypair();
- else if(!strcmp(argv[1],"keyver"))
- keyver();
- else if(!strcmp(argv[1],"siggen"))
- siggen();
- else if(!strcmp(argv[1],"sigver"))
- sigver();
- else
- {
- fprintf(stderr,"Don't know how to %s.\n",argv[1]);
- exit(1);
- }
-
- return 0;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dssvs.c (from rev 6976, vendor-crypto/openssl/dist/fips/dsa/fips_dssvs.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dssvs.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/dsa/fips_dssvs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,492 @@
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+# include <stdio.h>
+
+int main(int argc, char **argv)
+{
+ printf("No FIPS DSA support\n");
+ return (0);
+}
+#else
+
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/fips.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <string.h>
+# include <ctype.h>
+
+# include "fips_utl.h"
+
+static void pbn(const char *name, BIGNUM *bn)
+{
+ int len, i;
+ unsigned char *tmp;
+ len = BN_num_bytes(bn);
+ tmp = OPENSSL_malloc(len);
+ if (!tmp) {
+ fprintf(stderr, "Memory allocation error\n");
+ return;
+ }
+ BN_bn2bin(bn, tmp);
+ printf("%s = ", name);
+ for (i = 0; i < len; i++)
+ printf("%02X", tmp[i]);
+ fputs("\n", stdout);
+ OPENSSL_free(tmp);
+ return;
+}
+
+static void primes()
+{
+ char buf[10240];
+ char lbuf[10240];
+ char *keyword, *value;
+
+ while (fgets(buf, sizeof buf, stdin) != NULL) {
+ fputs(buf, stdout);
+ if (!parse_line(&keyword, &value, lbuf, buf))
+ continue;
+ if (!strcmp(keyword, "Prime")) {
+ BIGNUM *pp;
+
+ pp = BN_new();
+ do_hex2bn(&pp, value);
+ printf("result= %c\n",
+ BN_is_prime_ex(pp, 20, NULL, NULL) ? 'P' : 'F');
+ }
+ }
+}
+
+static void pqg()
+{
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ int nmod = 0;
+
+ while (fgets(buf, sizeof buf, stdin) != NULL) {
+ if (!parse_line(&keyword, &value, lbuf, buf)) {
+ fputs(buf, stdout);
+ continue;
+ }
+ if (!strcmp(keyword, "[mod"))
+ nmod = atoi(value);
+ else if (!strcmp(keyword, "N")) {
+ int n = atoi(value);
+
+ printf("[mod = %d]\n\n", nmod);
+
+ while (n--) {
+ unsigned char seed[20];
+ DSA *dsa;
+ int counter;
+ unsigned long h;
+ dsa = FIPS_dsa_new();
+
+ if (!DSA_generate_parameters_ex
+ (dsa, nmod, seed, 0, &counter, &h, NULL)) {
+ do_print_errors();
+ exit(1);
+ }
+ pbn("P", dsa->p);
+ pbn("Q", dsa->q);
+ pbn("G", dsa->g);
+ pv("Seed", seed, 20);
+ printf("c = %d\n", counter);
+ printf("H = %lx\n", h);
+ putc('\n', stdout);
+ }
+ } else
+ fputs(buf, stdout);
+ }
+}
+
+static void pqgver()
+{
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ BIGNUM *p = NULL, *q = NULL, *g = NULL;
+ int counter, counter2;
+ unsigned long h, h2;
+ DSA *dsa = NULL;
+ int nmod = 0;
+ unsigned char seed[1024];
+
+ while (fgets(buf, sizeof buf, stdin) != NULL) {
+ if (!parse_line(&keyword, &value, lbuf, buf)) {
+ fputs(buf, stdout);
+ continue;
+ }
+ fputs(buf, stdout);
+ if (!strcmp(keyword, "[mod"))
+ nmod = atoi(value);
+ else if (!strcmp(keyword, "P"))
+ p = hex2bn(value);
+ else if (!strcmp(keyword, "Q"))
+ q = hex2bn(value);
+ else if (!strcmp(keyword, "G"))
+ g = hex2bn(value);
+ else if (!strcmp(keyword, "Seed")) {
+ int slen = hex2bin(value, seed);
+ if (slen != 20) {
+ fprintf(stderr, "Seed parse length error\n");
+ exit(1);
+ }
+ } else if (!strcmp(keyword, "c"))
+ counter = atoi(buf + 4);
+ else if (!strcmp(keyword, "H")) {
+ h = atoi(value);
+ if (!p || !q || !g) {
+ fprintf(stderr, "Parse Error\n");
+ exit(1);
+ }
+ dsa = FIPS_dsa_new();
+ if (!DSA_generate_parameters_ex
+ (dsa, nmod, seed, 20, &counter2, &h2, NULL)) {
+ do_print_errors();
+ exit(1);
+ }
+ if (BN_cmp(dsa->p, p) || BN_cmp(dsa->q, q) || BN_cmp(dsa->g, g)
+ || (counter != counter2) || (h != h2))
+ printf("Result = F\n");
+ else
+ printf("Result = P\n");
+ BN_free(p);
+ BN_free(q);
+ BN_free(g);
+ p = NULL;
+ q = NULL;
+ g = NULL;
+ FIPS_dsa_free(dsa);
+ dsa = NULL;
+ }
+ }
+}
+
+/*
+ * Keypair verification routine. NB: this isn't part of the standard
+ * FIPS140-2 algorithm tests. It is an additional test to perform sanity
+ * checks on the output of the KeyPair test.
+ */
+
+static int dss_paramcheck(int nmod, BIGNUM *p, BIGNUM *q, BIGNUM *g,
+ BN_CTX *ctx)
+{
+ BIGNUM *rem = NULL;
+ if (BN_num_bits(p) != nmod)
+ return 0;
+ if (BN_num_bits(q) != 160)
+ return 0;
+ if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL) != 1)
+ return 0;
+ if (BN_is_prime_ex(q, BN_prime_checks, ctx, NULL) != 1)
+ return 0;
+ rem = BN_new();
+ if (!BN_mod(rem, p, q, ctx) || !BN_is_one(rem)
+ || (BN_cmp(g, BN_value_one()) <= 0)
+ || !BN_mod_exp(rem, g, q, p, ctx) || !BN_is_one(rem)) {
+ BN_free(rem);
+ return 0;
+ }
+ /* Todo: check g */
+ BN_free(rem);
+ return 1;
+}
+
+static void keyver()
+{
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ BIGNUM *p = NULL, *q = NULL, *g = NULL, *X = NULL, *Y = NULL;
+ BIGNUM *Y2;
+ BN_CTX *ctx = NULL;
+ int nmod = 0, paramcheck = 0;
+
+ ctx = BN_CTX_new();
+ Y2 = BN_new();
+
+ while (fgets(buf, sizeof buf, stdin) != NULL) {
+ if (!parse_line(&keyword, &value, lbuf, buf)) {
+ fputs(buf, stdout);
+ continue;
+ }
+ if (!strcmp(keyword, "[mod")) {
+ if (p)
+ BN_free(p);
+ p = NULL;
+ if (q)
+ BN_free(q);
+ q = NULL;
+ if (g)
+ BN_free(g);
+ g = NULL;
+ paramcheck = 0;
+ nmod = atoi(value);
+ } else if (!strcmp(keyword, "P"))
+ p = hex2bn(value);
+ else if (!strcmp(keyword, "Q"))
+ q = hex2bn(value);
+ else if (!strcmp(keyword, "G"))
+ g = hex2bn(value);
+ else if (!strcmp(keyword, "X"))
+ X = hex2bn(value);
+ else if (!strcmp(keyword, "Y")) {
+ Y = hex2bn(value);
+ if (!p || !q || !g || !X || !Y) {
+ fprintf(stderr, "Parse Error\n");
+ exit(1);
+ }
+ pbn("P", p);
+ pbn("Q", q);
+ pbn("G", g);
+ pbn("X", X);
+ pbn("Y", Y);
+ if (!paramcheck) {
+ if (dss_paramcheck(nmod, p, q, g, ctx))
+ paramcheck = 1;
+ else
+ paramcheck = -1;
+ }
+ if (paramcheck != 1)
+ printf("Result = F\n");
+ else {
+ if (!BN_mod_exp(Y2, g, X, p, ctx) || BN_cmp(Y2, Y))
+ printf("Result = F\n");
+ else
+ printf("Result = P\n");
+ }
+ BN_free(X);
+ BN_free(Y);
+ X = NULL;
+ Y = NULL;
+ }
+ }
+ if (p)
+ BN_free(p);
+ if (q)
+ BN_free(q);
+ if (g)
+ BN_free(g);
+ if (Y2)
+ BN_free(Y2);
+}
+
+static void keypair()
+{
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ int nmod = 0;
+
+ while (fgets(buf, sizeof buf, stdin) != NULL) {
+ if (!parse_line(&keyword, &value, lbuf, buf)) {
+ fputs(buf, stdout);
+ continue;
+ }
+ if (!strcmp(keyword, "[mod"))
+ nmod = atoi(value);
+ else if (!strcmp(keyword, "N")) {
+ DSA *dsa;
+ int n = atoi(value);
+
+ printf("[mod = %d]\n\n", nmod);
+ dsa = FIPS_dsa_new();
+ if (!DSA_generate_parameters_ex
+ (dsa, nmod, NULL, 0, NULL, NULL, NULL)) {
+ do_print_errors();
+ exit(1);
+ }
+ pbn("P", dsa->p);
+ pbn("Q", dsa->q);
+ pbn("G", dsa->g);
+ putc('\n', stdout);
+
+ while (n--) {
+ if (!DSA_generate_key(dsa)) {
+ do_print_errors();
+ exit(1);
+ }
+
+ pbn("X", dsa->priv_key);
+ pbn("Y", dsa->pub_key);
+ putc('\n', stdout);
+ }
+ }
+ }
+}
+
+static void siggen()
+{
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ int nmod = 0;
+ DSA *dsa = NULL;
+
+ while (fgets(buf, sizeof buf, stdin) != NULL) {
+ if (!parse_line(&keyword, &value, lbuf, buf)) {
+ fputs(buf, stdout);
+ continue;
+ }
+ if (!strcmp(keyword, "[mod")) {
+ nmod = atoi(value);
+ printf("[mod = %d]\n\n", nmod);
+ if (dsa)
+ FIPS_dsa_free(dsa);
+ dsa = FIPS_dsa_new();
+ if (!DSA_generate_parameters_ex
+ (dsa, nmod, NULL, 0, NULL, NULL, NULL)) {
+ do_print_errors();
+ exit(1);
+ }
+ pbn("P", dsa->p);
+ pbn("Q", dsa->q);
+ pbn("G", dsa->g);
+ putc('\n', stdout);
+ } else if (!strcmp(keyword, "Msg")) {
+ unsigned char msg[1024];
+ unsigned char sbuf[60];
+ unsigned int slen;
+ int n;
+ EVP_PKEY pk;
+ EVP_MD_CTX mctx;
+ DSA_SIG *sig;
+ EVP_MD_CTX_init(&mctx);
+
+ n = hex2bin(value, msg);
+ pv("Msg", msg, n);
+
+ if (!DSA_generate_key(dsa)) {
+ do_print_errors();
+ exit(1);
+ }
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
+ pbn("Y", dsa->pub_key);
+
+ EVP_SignInit_ex(&mctx, EVP_dss1(), NULL);
+ EVP_SignUpdate(&mctx, msg, n);
+ EVP_SignFinal(&mctx, sbuf, &slen, &pk);
+
+ sig = DSA_SIG_new();
+ FIPS_dsa_sig_decode(sig, sbuf, slen);
+
+ pbn("R", sig->r);
+ pbn("S", sig->s);
+ putc('\n', stdout);
+ DSA_SIG_free(sig);
+ EVP_MD_CTX_cleanup(&mctx);
+ }
+ }
+ if (dsa)
+ FIPS_dsa_free(dsa);
+}
+
+static void sigver()
+{
+ DSA *dsa = NULL;
+ char buf[1024];
+ char lbuf[1024];
+ unsigned char msg[1024];
+ char *keyword, *value;
+ int nmod = 0, n = 0;
+ DSA_SIG sg, *sig = &sg;
+
+ sig->r = NULL;
+ sig->s = NULL;
+
+ while (fgets(buf, sizeof buf, stdin) != NULL) {
+ if (!parse_line(&keyword, &value, lbuf, buf)) {
+ fputs(buf, stdout);
+ continue;
+ }
+ if (!strcmp(keyword, "[mod")) {
+ nmod = atoi(value);
+ if (dsa)
+ FIPS_dsa_free(dsa);
+ dsa = FIPS_dsa_new();
+ } else if (!strcmp(keyword, "P"))
+ dsa->p = hex2bn(value);
+ else if (!strcmp(keyword, "Q"))
+ dsa->q = hex2bn(value);
+ else if (!strcmp(keyword, "G")) {
+ dsa->g = hex2bn(value);
+
+ printf("[mod = %d]\n\n", nmod);
+ pbn("P", dsa->p);
+ pbn("Q", dsa->q);
+ pbn("G", dsa->g);
+ putc('\n', stdout);
+ } else if (!strcmp(keyword, "Msg")) {
+ n = hex2bin(value, msg);
+ pv("Msg", msg, n);
+ } else if (!strcmp(keyword, "Y"))
+ dsa->pub_key = hex2bn(value);
+ else if (!strcmp(keyword, "R"))
+ sig->r = hex2bn(value);
+ else if (!strcmp(keyword, "S")) {
+ EVP_MD_CTX mctx;
+ EVP_PKEY pk;
+ unsigned char sigbuf[60];
+ unsigned int slen;
+ int r;
+ EVP_MD_CTX_init(&mctx);
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
+ sig->s = hex2bn(value);
+
+ pbn("Y", dsa->pub_key);
+ pbn("R", sig->r);
+ pbn("S", sig->s);
+
+ slen = FIPS_dsa_sig_encode(sigbuf, sig);
+ EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL);
+ EVP_VerifyUpdate(&mctx, msg, n);
+ r = EVP_VerifyFinal(&mctx, sigbuf, slen, &pk);
+ EVP_MD_CTX_cleanup(&mctx);
+
+ printf("Result = %c\n", r == 1 ? 'P' : 'F');
+ putc('\n', stdout);
+ }
+ }
+}
+
+int main(int argc, char **argv)
+{
+ if (argc != 2) {
+ fprintf(stderr, "%s [prime|pqg|pqgver|keypair|siggen|sigver]\n",
+ argv[0]);
+ exit(1);
+ }
+ if (!FIPS_mode_set(1)) {
+ do_print_errors();
+ exit(1);
+ }
+ if (!strcmp(argv[1], "prime"))
+ primes();
+ else if (!strcmp(argv[1], "pqg"))
+ pqg();
+ else if (!strcmp(argv[1], "pqgver"))
+ pqgver();
+ else if (!strcmp(argv[1], "keypair"))
+ keypair();
+ else if (!strcmp(argv[1], "keyver"))
+ keyver();
+ else if (!strcmp(argv[1], "siggen"))
+ siggen();
+ else if (!strcmp(argv[1], "sigver"))
+ sigver();
+ else {
+ fprintf(stderr, "Don't know how to %s.\n", argv[1]);
+ exit(1);
+ }
+
+ return 0;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/fips.c
===================================================================
--- vendor-crypto/openssl/dist/fips/fips.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,519 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
-#include <openssl/rand.h>
-#include <openssl/fips_rand.h>
-#include <openssl/err.h>
-#include <openssl/bio.h>
-#include <openssl/hmac.h>
-#include <openssl/rsa.h>
-#include <string.h>
-#include <limits.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-
-#include <openssl/fips.h>
-
-#ifndef PATH_MAX
-#define PATH_MAX 1024
-#endif
-
-static int fips_selftest_fail;
-static int fips_mode;
-static const void *fips_rand_check;
-
-static void fips_set_mode(int onoff)
- {
- int owning_thread = fips_is_owning_thread();
-
- if (fips_is_started())
- {
- if (!owning_thread) fips_w_lock();
- fips_mode = onoff;
- if (!owning_thread) fips_w_unlock();
- }
- }
-
-static void fips_set_rand_check(const void *rand_check)
- {
- int owning_thread = fips_is_owning_thread();
-
- if (fips_is_started())
- {
- if (!owning_thread) fips_w_lock();
- fips_rand_check = rand_check;
- if (!owning_thread) fips_w_unlock();
- }
- }
-
-int FIPS_mode(void)
- {
- int ret = 0;
- int owning_thread = fips_is_owning_thread();
-
- if (fips_is_started())
- {
- if (!owning_thread) fips_r_lock();
- ret = fips_mode;
- if (!owning_thread) fips_r_unlock();
- }
- return ret;
- }
-
-const void *FIPS_rand_check(void)
- {
- const void *ret = 0;
- int owning_thread = fips_is_owning_thread();
-
- if (fips_is_started())
- {
- if (!owning_thread) fips_r_lock();
- ret = fips_rand_check;
- if (!owning_thread) fips_r_unlock();
- }
- return ret;
- }
-
-int FIPS_selftest_failed(void)
- {
- int ret = 0;
- if (fips_is_started())
- {
- int owning_thread = fips_is_owning_thread();
-
- if (!owning_thread) fips_r_lock();
- ret = fips_selftest_fail;
- if (!owning_thread) fips_r_unlock();
- }
- return ret;
- }
-
-/* Selftest failure fatal exit routine. This will be called
- * during *any* cryptographic operation. It has the minimum
- * overhead possible to avoid too big a performance hit.
- */
-
-void FIPS_selftest_check(void)
- {
- if (fips_selftest_fail)
- {
- OpenSSLDie(__FILE__,__LINE__, "FATAL FIPS SELFTEST FAILURE");
- }
- }
-
-void fips_set_selftest_fail(void)
- {
- fips_selftest_fail = 1;
- }
-
-int FIPS_selftest()
- {
-
- return FIPS_selftest_sha1()
- && FIPS_selftest_hmac()
- && FIPS_selftest_aes()
- && FIPS_selftest_des()
- && FIPS_selftest_rsa()
- && FIPS_selftest_dsa();
- }
-
-extern const void *FIPS_text_start(), *FIPS_text_end();
-extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
-unsigned char FIPS_signature [20] = { 0 };
-static const char FIPS_hmac_key[]="etaonrishdlcupfm";
-
-unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len)
- {
- const unsigned char *p1 = FIPS_text_start();
- const unsigned char *p2 = FIPS_text_end();
- const unsigned char *p3 = FIPS_rodata_start;
- const unsigned char *p4 = FIPS_rodata_end;
- HMAC_CTX c;
-
- HMAC_CTX_init(&c);
- HMAC_Init(&c,FIPS_hmac_key,strlen(FIPS_hmac_key),EVP_sha1());
-
- /* detect overlapping regions */
- if (p1<=p3 && p2>=p3)
- p3=p1, p4=p2>p4?p2:p4, p1=NULL, p2=NULL;
- else if (p3<=p1 && p4>=p1)
- p3=p3, p4=p2>p4?p2:p4, p1=NULL, p2=NULL;
-
- if (p1)
- HMAC_Update(&c,p1,(size_t)p2-(size_t)p1);
-
- if (FIPS_signature>=p3 && FIPS_signature<p4)
- {
- /* "punch" hole */
- HMAC_Update(&c,p3,(size_t)FIPS_signature-(size_t)p3);
- p3 = FIPS_signature+sizeof(FIPS_signature);
- if (p3<p4)
- HMAC_Update(&c,p3,(size_t)p4-(size_t)p3);
- }
- else
- HMAC_Update(&c,p3,(size_t)p4-(size_t)p3);
-
- HMAC_Final(&c,sig,&len);
- HMAC_CTX_cleanup(&c);
-
- return len;
- }
-
-int FIPS_check_incore_fingerprint(void)
- {
- unsigned char sig[EVP_MAX_MD_SIZE];
- unsigned int len;
-#if defined(__sgi) && (defined(__mips) || defined(mips))
- extern int __dso_displacement[];
-#else
- extern int OPENSSL_NONPIC_relocated;
-#endif
-
- if (FIPS_text_start()==NULL)
- {
- FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_UNSUPPORTED_PLATFORM);
- return 0;
- }
-
- len=FIPS_incore_fingerprint (sig,sizeof(sig));
-
- if (len!=sizeof(FIPS_signature) ||
- memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
- {
- if (FIPS_signature>=FIPS_rodata_start && FIPS_signature<FIPS_rodata_end)
- FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING);
-#if defined(__sgi) && (defined(__mips) || defined(mips))
- else if (__dso_displacement!=NULL)
-#else
- else if (OPENSSL_NONPIC_relocated)
-#endif
- FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED);
- else
- FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
- return 0;
- }
-
- return 1;
- }
-
-int FIPS_mode_set(int onoff)
- {
- int fips_set_owning_thread();
- int fips_clear_owning_thread();
- int ret = 0;
-
- fips_w_lock();
- fips_set_started();
- fips_set_owning_thread();
-
- if(onoff)
- {
- unsigned char buf[48];
-
- fips_selftest_fail = 0;
-
- /* Don't go into FIPS mode twice, just so we can do automagic
- seeding */
- if(FIPS_mode())
- {
- FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_FIPS_MODE_ALREADY_SET);
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
-
-#ifdef OPENSSL_IA32_SSE2
- if ((OPENSSL_ia32cap & (1<<25|1<<26)) != (1<<25|1<<26))
- {
- FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_UNSUPPORTED_PLATFORM);
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
-#endif
-
- if(fips_signature_witness() != FIPS_signature)
- {
- FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_CONTRADICTING_EVIDENCE);
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
-
- if(!FIPS_check_incore_fingerprint())
- {
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
-
- /* Perform RNG KAT before seeding */
- if (!FIPS_selftest_rng())
- {
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
-
- /* automagically seed PRNG if not already seeded */
- if(!FIPS_rand_status())
- {
- if(RAND_bytes(buf,sizeof buf) <= 0)
- {
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
- FIPS_rand_set_key(buf,32);
- FIPS_rand_seed(buf+32,16);
- }
-
- /* now switch into FIPS mode */
- fips_set_rand_check(FIPS_rand_method());
- RAND_set_rand_method(FIPS_rand_method());
- if(FIPS_selftest())
- fips_set_mode(1);
- else
- {
- fips_selftest_fail = 1;
- ret = 0;
- goto end;
- }
- ret = 1;
- goto end;
- }
- fips_set_mode(0);
- fips_selftest_fail = 0;
- ret = 1;
-end:
- fips_clear_owning_thread();
- fips_w_unlock();
- return ret;
- }
-
-void fips_w_lock(void) { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
-void fips_w_unlock(void) { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
-void fips_r_lock(void) { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
-void fips_r_unlock(void) { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); }
-
-static int fips_started = 0;
-static unsigned long fips_thread = 0;
-
-void fips_set_started(void)
- {
- fips_started = 1;
- }
-
-int fips_is_started(void)
- {
- return fips_started;
- }
-
-int fips_is_owning_thread(void)
- {
- int ret = 0;
-
- if (fips_is_started())
- {
- CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
- if (fips_thread != 0 && fips_thread == CRYPTO_thread_id())
- ret = 1;
- CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
- }
- return ret;
- }
-
-int fips_set_owning_thread(void)
- {
- int ret = 0;
-
- if (fips_is_started())
- {
- CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
- if (fips_thread == 0)
- {
- fips_thread = CRYPTO_thread_id();
- ret = 1;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
- }
- return ret;
- }
-
-int fips_clear_owning_thread(void)
- {
- int ret = 0;
-
- if (fips_is_started())
- {
- CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
- if (fips_thread == CRYPTO_thread_id())
- {
- fips_thread = 0;
- ret = 1;
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
- }
- return ret;
- }
-
-unsigned char *fips_signature_witness(void)
- {
- extern unsigned char FIPS_signature[];
- return FIPS_signature;
- }
-
-/* Generalized public key test routine. Signs and verifies the data
- * supplied in tbs using mesage digest md and setting option digest
- * flags md_flags. If the 'kat' parameter is not NULL it will
- * additionally check the signature matches it: a known answer test
- * The string "fail_str" is used for identification purposes in case
- * of failure.
- */
-
-int fips_pkey_signature_test(EVP_PKEY *pkey,
- const unsigned char *tbs, int tbslen,
- const unsigned char *kat, unsigned int katlen,
- const EVP_MD *digest, unsigned int md_flags,
- const char *fail_str)
- {
- int ret = 0;
- unsigned char sigtmp[256], *sig = sigtmp;
- unsigned int siglen;
- EVP_MD_CTX mctx;
- EVP_MD_CTX_init(&mctx);
-
- if ((pkey->type == EVP_PKEY_RSA)
- && (RSA_size(pkey->pkey.rsa) > sizeof(sigtmp)))
- {
- sig = OPENSSL_malloc(RSA_size(pkey->pkey.rsa));
- if (!sig)
- {
- FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,ERR_R_MALLOC_FAILURE);
- return 0;
- }
- }
-
- if (tbslen == -1)
- tbslen = strlen((char *)tbs);
-
- if (md_flags)
- M_EVP_MD_CTX_set_flags(&mctx, md_flags);
-
- if (!EVP_SignInit_ex(&mctx, digest, NULL))
- goto error;
- if (!EVP_SignUpdate(&mctx, tbs, tbslen))
- goto error;
- if (!EVP_SignFinal(&mctx, sig, &siglen, pkey))
- goto error;
-
- if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
- goto error;
-
- if (!EVP_VerifyInit_ex(&mctx, digest, NULL))
- goto error;
- if (!EVP_VerifyUpdate(&mctx, tbs, tbslen))
- goto error;
- ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey);
-
- error:
- if (sig != sigtmp)
- OPENSSL_free(sig);
- EVP_MD_CTX_cleanup(&mctx);
- if (ret != 1)
- {
- FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST,FIPS_R_TEST_FAILURE);
- if (fail_str)
- ERR_add_error_data(2, "Type=", fail_str);
- return 0;
- }
- return 1;
- }
-
-/* Generalized symmetric cipher test routine. Encrypt data, verify result
- * against known answer, decrypt and compare with original plaintext.
- */
-
-int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- const unsigned char *key,
- const unsigned char *iv,
- const unsigned char *plaintext,
- const unsigned char *ciphertext,
- int len)
- {
- unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
- unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
- OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
- if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0)
- return 0;
- EVP_Cipher(ctx, citmp, plaintext, len);
- if (memcmp(citmp, ciphertext, len))
- return 0;
- if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0)
- return 0;
- EVP_Cipher(ctx, pltmp, citmp, len);
- if (memcmp(pltmp, plaintext, len))
- return 0;
- return 1;
- }
-
-#if 0
-/* The purpose of this is to ensure the error code exists and the function
- * name is to keep the error checking script quiet
- */
-void hash_final(void)
- {
- FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
- }
-#endif
-
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/fips.c (from rev 6976, vendor-crypto/openssl/dist/fips/fips.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/fips.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,523 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/hmac.h>
+#include <openssl/rsa.h>
+#include <string.h>
+#include <limits.h>
+#include "fips_locl.h"
+
+#ifdef OPENSSL_FIPS
+
+# include <openssl/fips.h>
+
+# ifndef PATH_MAX
+# define PATH_MAX 1024
+# endif
+
+static int fips_selftest_fail;
+static int fips_mode;
+static const void *fips_rand_check;
+
+static void fips_set_mode(int onoff)
+{
+ int owning_thread = fips_is_owning_thread();
+
+ if (fips_is_started()) {
+ if (!owning_thread)
+ fips_w_lock();
+ fips_mode = onoff;
+ if (!owning_thread)
+ fips_w_unlock();
+ }
+}
+
+static void fips_set_rand_check(const void *rand_check)
+{
+ int owning_thread = fips_is_owning_thread();
+
+ if (fips_is_started()) {
+ if (!owning_thread)
+ fips_w_lock();
+ fips_rand_check = rand_check;
+ if (!owning_thread)
+ fips_w_unlock();
+ }
+}
+
+int FIPS_mode(void)
+{
+ int ret = 0;
+ int owning_thread = fips_is_owning_thread();
+
+ if (fips_is_started()) {
+ if (!owning_thread)
+ fips_r_lock();
+ ret = fips_mode;
+ if (!owning_thread)
+ fips_r_unlock();
+ }
+ return ret;
+}
+
+const void *FIPS_rand_check(void)
+{
+ const void *ret = 0;
+ int owning_thread = fips_is_owning_thread();
+
+ if (fips_is_started()) {
+ if (!owning_thread)
+ fips_r_lock();
+ ret = fips_rand_check;
+ if (!owning_thread)
+ fips_r_unlock();
+ }
+ return ret;
+}
+
+int FIPS_selftest_failed(void)
+{
+ int ret = 0;
+ if (fips_is_started()) {
+ int owning_thread = fips_is_owning_thread();
+
+ if (!owning_thread)
+ fips_r_lock();
+ ret = fips_selftest_fail;
+ if (!owning_thread)
+ fips_r_unlock();
+ }
+ return ret;
+}
+
+/*
+ * Selftest failure fatal exit routine. This will be called during *any*
+ * cryptographic operation. It has the minimum overhead possible to avoid too
+ * big a performance hit.
+ */
+
+void FIPS_selftest_check(void)
+{
+ if (fips_selftest_fail) {
+ OpenSSLDie(__FILE__, __LINE__, "FATAL FIPS SELFTEST FAILURE");
+ }
+}
+
+void fips_set_selftest_fail(void)
+{
+ fips_selftest_fail = 1;
+}
+
+int FIPS_selftest()
+{
+
+ return FIPS_selftest_sha1()
+ && FIPS_selftest_hmac()
+ && FIPS_selftest_aes()
+ && FIPS_selftest_des()
+ && FIPS_selftest_rsa()
+ && FIPS_selftest_dsa();
+}
+
+extern const void *FIPS_text_start(), *FIPS_text_end();
+extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
+unsigned char FIPS_signature[20] = { 0 };
+
+static const char FIPS_hmac_key[] = "etaonrishdlcupfm";
+
+unsigned int FIPS_incore_fingerprint(unsigned char *sig, unsigned int len)
+{
+ const unsigned char *p1 = FIPS_text_start();
+ const unsigned char *p2 = FIPS_text_end();
+ const unsigned char *p3 = FIPS_rodata_start;
+ const unsigned char *p4 = FIPS_rodata_end;
+ HMAC_CTX c;
+
+ HMAC_CTX_init(&c);
+ HMAC_Init(&c, FIPS_hmac_key, strlen(FIPS_hmac_key), EVP_sha1());
+
+ /* detect overlapping regions */
+ if (p1 <= p3 && p2 >= p3)
+ p3 = p1, p4 = p2 > p4 ? p2 : p4, p1 = NULL, p2 = NULL;
+ else if (p3 <= p1 && p4 >= p1)
+ p3 = p3, p4 = p2 > p4 ? p2 : p4, p1 = NULL, p2 = NULL;
+
+ if (p1)
+ HMAC_Update(&c, p1, (size_t)p2 - (size_t)p1);
+
+ if (FIPS_signature >= p3 && FIPS_signature < p4) {
+ /* "punch" hole */
+ HMAC_Update(&c, p3, (size_t)FIPS_signature - (size_t)p3);
+ p3 = FIPS_signature + sizeof(FIPS_signature);
+ if (p3 < p4)
+ HMAC_Update(&c, p3, (size_t)p4 - (size_t)p3);
+ } else
+ HMAC_Update(&c, p3, (size_t)p4 - (size_t)p3);
+
+ HMAC_Final(&c, sig, &len);
+ HMAC_CTX_cleanup(&c);
+
+ return len;
+}
+
+int FIPS_check_incore_fingerprint(void)
+{
+ unsigned char sig[EVP_MAX_MD_SIZE];
+ unsigned int len;
+# if defined(__sgi) && (defined(__mips) || defined(mips))
+ extern int __dso_displacement[];
+# else
+ extern int OPENSSL_NONPIC_relocated;
+# endif
+
+ if (FIPS_text_start() == NULL) {
+ FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,
+ FIPS_R_UNSUPPORTED_PLATFORM);
+ return 0;
+ }
+
+ len = FIPS_incore_fingerprint(sig, sizeof(sig));
+
+ if (len != sizeof(FIPS_signature) ||
+ memcmp(FIPS_signature, sig, sizeof(FIPS_signature))) {
+ if (FIPS_signature >= FIPS_rodata_start
+ && FIPS_signature < FIPS_rodata_end)
+ FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,
+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING);
+# if defined(__sgi) && (defined(__mips) || defined(mips))
+ else if (__dso_displacement != NULL)
+# else
+ else if (OPENSSL_NONPIC_relocated)
+# endif
+ FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,
+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED);
+ else
+ FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,
+ FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
+ return 0;
+ }
+
+ return 1;
+}
+
+int FIPS_mode_set(int onoff)
+{
+ int fips_set_owning_thread();
+ int fips_clear_owning_thread();
+ int ret = 0;
+
+ fips_w_lock();
+ fips_set_started();
+ fips_set_owning_thread();
+
+ if (onoff) {
+ unsigned char buf[48];
+
+ fips_selftest_fail = 0;
+
+ /*
+ * Don't go into FIPS mode twice, just so we can do automagic seeding
+ */
+ if (FIPS_mode()) {
+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_FIPS_MODE_ALREADY_SET);
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+# ifdef OPENSSL_IA32_SSE2
+ if ((OPENSSL_ia32cap & (1 << 25 | 1 << 26)) != (1 << 25 | 1 << 26)) {
+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_UNSUPPORTED_PLATFORM);
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+# endif
+
+ if (fips_signature_witness() != FIPS_signature) {
+ FIPSerr(FIPS_F_FIPS_MODE_SET, FIPS_R_CONTRADICTING_EVIDENCE);
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
+ if (!FIPS_check_incore_fingerprint()) {
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
+ /* Perform RNG KAT before seeding */
+ if (!FIPS_selftest_rng()) {
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
+ /* automagically seed PRNG if not already seeded */
+ if (!FIPS_rand_status()) {
+ if (RAND_bytes(buf, sizeof buf) <= 0) {
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+ FIPS_rand_set_key(buf, 32);
+ FIPS_rand_seed(buf + 32, 16);
+ }
+
+ /* now switch into FIPS mode */
+ fips_set_rand_check(FIPS_rand_method());
+ RAND_set_rand_method(FIPS_rand_method());
+ if (FIPS_selftest())
+ fips_set_mode(1);
+ else {
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+ ret = 1;
+ goto end;
+ }
+ fips_set_mode(0);
+ fips_selftest_fail = 0;
+ ret = 1;
+ end:
+ fips_clear_owning_thread();
+ fips_w_unlock();
+ return ret;
+}
+
+void fips_w_lock(void)
+{
+ CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
+}
+
+void fips_w_unlock(void)
+{
+ CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
+}
+
+void fips_r_lock(void)
+{
+ CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
+}
+
+void fips_r_unlock(void)
+{
+ CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
+}
+
+static int fips_started = 0;
+static unsigned long fips_thread = 0;
+
+void fips_set_started(void)
+{
+ fips_started = 1;
+}
+
+int fips_is_started(void)
+{
+ return fips_started;
+}
+
+int fips_is_owning_thread(void)
+{
+ int ret = 0;
+
+ if (fips_is_started()) {
+ CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
+ if (fips_thread != 0 && fips_thread == CRYPTO_thread_id())
+ ret = 1;
+ CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
+ }
+ return ret;
+}
+
+int fips_set_owning_thread(void)
+{
+ int ret = 0;
+
+ if (fips_is_started()) {
+ CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
+ if (fips_thread == 0) {
+ fips_thread = CRYPTO_thread_id();
+ ret = 1;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
+ }
+ return ret;
+}
+
+int fips_clear_owning_thread(void)
+{
+ int ret = 0;
+
+ if (fips_is_started()) {
+ CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
+ if (fips_thread == CRYPTO_thread_id()) {
+ fips_thread = 0;
+ ret = 1;
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
+ }
+ return ret;
+}
+
+unsigned char *fips_signature_witness(void)
+{
+ extern unsigned char FIPS_signature[];
+ return FIPS_signature;
+}
+
+/*
+ * Generalized public key test routine. Signs and verifies the data supplied
+ * in tbs using mesage digest md and setting option digest flags md_flags. If
+ * the 'kat' parameter is not NULL it will additionally check the signature
+ * matches it: a known answer test The string "fail_str" is used for
+ * identification purposes in case of failure.
+ */
+
+int fips_pkey_signature_test(EVP_PKEY *pkey,
+ const unsigned char *tbs, int tbslen,
+ const unsigned char *kat, unsigned int katlen,
+ const EVP_MD *digest, unsigned int md_flags,
+ const char *fail_str)
+{
+ int ret = 0;
+ unsigned char sigtmp[256], *sig = sigtmp;
+ unsigned int siglen;
+ EVP_MD_CTX mctx;
+ EVP_MD_CTX_init(&mctx);
+
+ if ((pkey->type == EVP_PKEY_RSA)
+ && (RSA_size(pkey->pkey.rsa) > sizeof(sigtmp))) {
+ sig = OPENSSL_malloc(RSA_size(pkey->pkey.rsa));
+ if (!sig) {
+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ }
+
+ if (tbslen == -1)
+ tbslen = strlen((char *)tbs);
+
+ if (md_flags)
+ M_EVP_MD_CTX_set_flags(&mctx, md_flags);
+
+ if (!EVP_SignInit_ex(&mctx, digest, NULL))
+ goto error;
+ if (!EVP_SignUpdate(&mctx, tbs, tbslen))
+ goto error;
+ if (!EVP_SignFinal(&mctx, sig, &siglen, pkey))
+ goto error;
+
+ if (kat && ((siglen != katlen) || memcmp(kat, sig, katlen)))
+ goto error;
+
+ if (!EVP_VerifyInit_ex(&mctx, digest, NULL))
+ goto error;
+ if (!EVP_VerifyUpdate(&mctx, tbs, tbslen))
+ goto error;
+ ret = EVP_VerifyFinal(&mctx, sig, siglen, pkey);
+
+ error:
+ if (sig != sigtmp)
+ OPENSSL_free(sig);
+ EVP_MD_CTX_cleanup(&mctx);
+ if (ret != 1) {
+ FIPSerr(FIPS_F_FIPS_PKEY_SIGNATURE_TEST, FIPS_R_TEST_FAILURE);
+ if (fail_str)
+ ERR_add_error_data(2, "Type=", fail_str);
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ * Generalized symmetric cipher test routine. Encrypt data, verify result
+ * against known answer, decrypt and compare with original plaintext.
+ */
+
+int fips_cipher_test(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+ const unsigned char *key,
+ const unsigned char *iv,
+ const unsigned char *plaintext,
+ const unsigned char *ciphertext, int len)
+{
+ unsigned char pltmp[FIPS_MAX_CIPHER_TEST_SIZE];
+ unsigned char citmp[FIPS_MAX_CIPHER_TEST_SIZE];
+ OPENSSL_assert(len <= FIPS_MAX_CIPHER_TEST_SIZE);
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1) <= 0)
+ return 0;
+ EVP_Cipher(ctx, citmp, plaintext, len);
+ if (memcmp(citmp, ciphertext, len))
+ return 0;
+ if (EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0) <= 0)
+ return 0;
+ EVP_Cipher(ctx, pltmp, citmp, len);
+ if (memcmp(pltmp, plaintext, len))
+ return 0;
+ return 1;
+}
+
+# if 0
+/*
+ * The purpose of this is to ensure the error code exists and the function
+ * name is to keep the error checking script quiet
+ */
+void hash_final(void)
+{
+ FIPSerr(FIPS_F_HASH_FINAL, FIPS_R_NON_FIPS_METHOD);
+}
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/fips.h
===================================================================
--- vendor-crypto/openssl/dist/fips/fips.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,163 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#error FIPS is disabled.
-#endif
-
-#ifdef OPENSSL_FIPS
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-struct dsa_st;
-struct evp_pkey_st;
-struct env_md_st;
-struct evp_cipher_st;
-struct evp_cipher_ctx_st;
-
-int FIPS_mode_set(int onoff);
-int FIPS_mode(void);
-const void *FIPS_rand_check(void);
-int FIPS_selftest_failed(void);
-void FIPS_selftest_check(void);
-void FIPS_corrupt_sha1(void);
-int FIPS_selftest_sha1(void);
-void FIPS_corrupt_aes(void);
-int FIPS_selftest_aes(void);
-void FIPS_corrupt_des(void);
-int FIPS_selftest_des(void);
-void FIPS_corrupt_rsa(void);
-void FIPS_corrupt_rsa_keygen(void);
-int FIPS_selftest_rsa(void);
-void FIPS_corrupt_dsa(void);
-void FIPS_corrupt_dsa_keygen(void);
-int FIPS_selftest_dsa(void);
-void FIPS_corrupt_rng(void);
-void FIPS_rng_stick(void);
-int FIPS_selftest_rng(void);
-int FIPS_selftest_hmac(void);
-
-int fips_pkey_signature_test(struct evp_pkey_st *pkey,
- const unsigned char *tbs, int tbslen,
- const unsigned char *kat, unsigned int katlen,
- const struct env_md_st *digest, unsigned int md_flags,
- const char *fail_str);
-
-int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
- const struct evp_cipher_st *cipher,
- const unsigned char *key,
- const unsigned char *iv,
- const unsigned char *plaintext,
- const unsigned char *ciphertext,
- int len);
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_FIPS_strings(void);
-
-/* Error codes for the FIPS functions. */
-
-/* Function codes. */
-#define FIPS_F_DH_BUILTIN_GENPARAMS 100
-#define FIPS_F_DSA_BUILTIN_PARAMGEN 101
-#define FIPS_F_DSA_DO_SIGN 102
-#define FIPS_F_DSA_DO_VERIFY 103
-#define FIPS_F_EVP_CIPHERINIT_EX 124
-#define FIPS_F_EVP_DIGESTINIT_EX 125
-#define FIPS_F_FIPS_CHECK_DSA 104
-#define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105
-#define FIPS_F_FIPS_CHECK_RSA 106
-#define FIPS_F_FIPS_DSA_CHECK 107
-#define FIPS_F_FIPS_MODE_SET 108
-#define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109
-#define FIPS_F_FIPS_SELFTEST_AES 110
-#define FIPS_F_FIPS_SELFTEST_DES 111
-#define FIPS_F_FIPS_SELFTEST_DSA 112
-#define FIPS_F_FIPS_SELFTEST_HMAC 113
-#define FIPS_F_FIPS_SELFTEST_RNG 114
-#define FIPS_F_FIPS_SELFTEST_SHA1 115
-#define FIPS_F_HASH_FINAL 123
-#define FIPS_F_RSA_BUILTIN_KEYGEN 116
-#define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117
-#define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118
-#define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119
-#define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120
-#define FIPS_F_RSA_X931_GENERATE_KEY_EX 121
-#define FIPS_F_SSLEAY_RAND_BYTES 122
-
-/* Reason codes. */
-#define FIPS_R_CANNOT_READ_EXE 103
-#define FIPS_R_CANNOT_READ_EXE_DIGEST 104
-#define FIPS_R_CONTRADICTING_EVIDENCE 114
-#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH 105
-#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110
-#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
-#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
-#define FIPS_R_FIPS_MODE_ALREADY_SET 102
-#define FIPS_R_FIPS_SELFTEST_FAILED 106
-#define FIPS_R_INVALID_KEY_LENGTH 109
-#define FIPS_R_KEY_TOO_SHORT 108
-#define FIPS_R_NON_FIPS_METHOD 100
-#define FIPS_R_PAIRWISE_TEST_FAILED 107
-#define FIPS_R_RSA_DECRYPT_ERROR 115
-#define FIPS_R_RSA_ENCRYPT_ERROR 116
-#define FIPS_R_SELFTEST_FAILED 101
-#define FIPS_R_TEST_FAILURE 117
-#define FIPS_R_UNSUPPORTED_PLATFORM 113
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/fips.h (from rev 6976, vendor-crypto/openssl/dist/fips/fips.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/fips.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,163 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+# error FIPS is disabled.
+#endif
+
+#ifdef OPENSSL_FIPS
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct dsa_st;
+struct evp_pkey_st;
+struct env_md_st;
+struct evp_cipher_st;
+struct evp_cipher_ctx_st;
+
+int FIPS_mode_set(int onoff);
+int FIPS_mode(void);
+const void *FIPS_rand_check(void);
+int FIPS_selftest_failed(void);
+void FIPS_selftest_check(void);
+void FIPS_corrupt_sha1(void);
+int FIPS_selftest_sha1(void);
+void FIPS_corrupt_aes(void);
+int FIPS_selftest_aes(void);
+void FIPS_corrupt_des(void);
+int FIPS_selftest_des(void);
+void FIPS_corrupt_rsa(void);
+void FIPS_corrupt_rsa_keygen(void);
+int FIPS_selftest_rsa(void);
+void FIPS_corrupt_dsa(void);
+void FIPS_corrupt_dsa_keygen(void);
+int FIPS_selftest_dsa(void);
+void FIPS_corrupt_rng(void);
+void FIPS_rng_stick(void);
+int FIPS_selftest_rng(void);
+int FIPS_selftest_hmac(void);
+
+int fips_pkey_signature_test(struct evp_pkey_st *pkey,
+ const unsigned char *tbs, int tbslen,
+ const unsigned char *kat, unsigned int katlen,
+ const struct env_md_st *digest,
+ unsigned int md_flags, const char *fail_str);
+
+int fips_cipher_test(struct evp_cipher_ctx_st *ctx,
+ const struct evp_cipher_st *cipher,
+ const unsigned char *key,
+ const unsigned char *iv,
+ const unsigned char *plaintext,
+ const unsigned char *ciphertext, int len);
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_FIPS_strings(void);
+
+/* Error codes for the FIPS functions. */
+
+/* Function codes. */
+# define FIPS_F_DH_BUILTIN_GENPARAMS 100
+# define FIPS_F_DSA_BUILTIN_PARAMGEN 101
+# define FIPS_F_DSA_DO_SIGN 102
+# define FIPS_F_DSA_DO_VERIFY 103
+# define FIPS_F_EVP_CIPHERINIT_EX 124
+# define FIPS_F_EVP_DIGESTINIT_EX 125
+# define FIPS_F_FIPS_CHECK_DSA 104
+# define FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT 105
+# define FIPS_F_FIPS_CHECK_RSA 106
+# define FIPS_F_FIPS_DSA_CHECK 107
+# define FIPS_F_FIPS_MODE_SET 108
+# define FIPS_F_FIPS_PKEY_SIGNATURE_TEST 109
+# define FIPS_F_FIPS_SELFTEST_AES 110
+# define FIPS_F_FIPS_SELFTEST_DES 111
+# define FIPS_F_FIPS_SELFTEST_DSA 112
+# define FIPS_F_FIPS_SELFTEST_HMAC 113
+# define FIPS_F_FIPS_SELFTEST_RNG 114
+# define FIPS_F_FIPS_SELFTEST_SHA1 115
+# define FIPS_F_HASH_FINAL 123
+# define FIPS_F_RSA_BUILTIN_KEYGEN 116
+# define FIPS_F_RSA_EAY_PRIVATE_DECRYPT 117
+# define FIPS_F_RSA_EAY_PRIVATE_ENCRYPT 118
+# define FIPS_F_RSA_EAY_PUBLIC_DECRYPT 119
+# define FIPS_F_RSA_EAY_PUBLIC_ENCRYPT 120
+# define FIPS_F_RSA_X931_GENERATE_KEY_EX 121
+# define FIPS_F_SSLEAY_RAND_BYTES 122
+
+/* Reason codes. */
+# define FIPS_R_CANNOT_READ_EXE 103
+# define FIPS_R_CANNOT_READ_EXE_DIGEST 104
+# define FIPS_R_CONTRADICTING_EVIDENCE 114
+# define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH 105
+# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110
+# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
+# define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
+# define FIPS_R_FIPS_MODE_ALREADY_SET 102
+# define FIPS_R_FIPS_SELFTEST_FAILED 106
+# define FIPS_R_INVALID_KEY_LENGTH 109
+# define FIPS_R_KEY_TOO_SHORT 108
+# define FIPS_R_NON_FIPS_METHOD 100
+# define FIPS_R_PAIRWISE_TEST_FAILED 107
+# define FIPS_R_RSA_DECRYPT_ERROR 115
+# define FIPS_R_RSA_ENCRYPT_ERROR 116
+# define FIPS_R_SELFTEST_FAILED 101
+# define FIPS_R_TEST_FAILURE 117
+# define FIPS_R_UNSUPPORTED_PLATFORM 113
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/fips_canister.c
===================================================================
--- vendor-crypto/openssl/dist/fips/fips_canister.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips_canister.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,187 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
- * and usage in source and binary forms are granted according to the
- * OpenSSL license.
- */
-
-#include <stdio.h>
-#if defined(__DECC)
-# include <c_asm.h>
-# pragma __nostandard
-#endif
-
-#include "e_os.h"
-
-#if !defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
-# if (defined(__sun) && (defined(__sparc) || defined(__sparcv9))) || \
- (defined(__sgi) && (defined(__mips) || defined(mips))) || \
- (defined(__osf__) && defined(__alpha)) || \
- (defined(__linux) && (defined(__arm) || defined(__arm__))) || \
- (defined(__i386) || defined(__i386__)) || \
- (defined(__x86_64) || defined(__x86_64__)) || \
- defined(__ANDROID__) || \
- (defined(vax) || defined(__vax__))
-# define POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION
-# endif
-#endif
-
-#if defined(__xlC__) && __xlC__>=0x600 && (defined(_POWER) || defined(_ARCH_PPC))
-static void *instruction_pointer_xlc(void);
-# pragma mc_func instruction_pointer_xlc {\
- "7c0802a6" /* mflr r0 */ \
- "48000005" /* bl $+4 */ \
- "7c6802a6" /* mflr r3 */ \
- "7c0803a6" /* mtlr r0 */ }
-# pragma reg_killed_by instruction_pointer_xlc gr0 gr3
-# define INSTRUCTION_POINTER_IMPLEMENTED(ret) (ret=instruction_pointer_xlc());
-#endif
-
-#ifdef FIPS_START
-#define FIPS_ref_point FIPS_text_start
-/* Some compilers put string literals into a separate segment. As we
- * are mostly interested to hash AES tables in .rodata, we declare
- * reference points accordingly. In case you wonder, the values are
- * big-endian encoded variable names, just to prevent these arrays
- * from being merged by linker. */
-const unsigned int FIPS_rodata_start[]=
- { 0x46495053, 0x5f726f64, 0x6174615f, 0x73746172 };
-#else
-#define FIPS_ref_point FIPS_text_end
-const unsigned int FIPS_rodata_end[]=
- { 0x46495053, 0x5f726f64, 0x6174615f, 0x656e645b };
-#endif
-
-/*
- * I declare reference function as static in order to avoid certain
- * pitfalls in -dynamic linker behaviour...
- */
-static void *instruction_pointer(void)
-{ void *ret=NULL;
-/* These are ABI-neutral CPU-specific snippets. ABI-neutrality means
- * that they are designed to work under any OS running on particular
- * CPU, which is why you don't find any #ifdef THIS_OR_THAT_OS in
- * this function. */
-#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
- INSTRUCTION_POINTER_IMPLEMENTED(ret);
-#elif defined(__GNUC__) && __GNUC__>=2
-# if defined(__alpha) || defined(__alpha__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "br %0,1f\n1:" : "=r"(ret) );
-# elif defined(__i386) || defined(__i386__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "call 1f\n1: popl %0" : "=r"(ret) );
- ret = (void *)((size_t)ret&~3UL); /* align for better performance */
-# elif defined(__ia64) || defined(__ia64__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "mov %0=ip" : "=r"(ret) );
-# elif defined(__hppa) || defined(__hppa__) || defined(__pa_risc)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "blr %%r0,%0\n\tnop" : "=r"(ret) );
- ret = (void *)((size_t)ret&~3UL); /* mask privilege level */
-# elif defined(__mips) || defined(__mips__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- void *scratch;
- __asm __volatile ( "move %1,$31\n\t" /* save ra */
- "bal .+8; nop\n\t"
- "move %0,$31\n\t"
- "move $31,%1" /* restore ra */
- : "=r"(ret),"=r"(scratch) );
-# elif defined(__ppc__) || defined(__powerpc) || defined(__powerpc__) || \
- defined(__POWERPC__) || defined(_POWER) || defined(__PPC__) || \
- defined(__PPC64__) || defined(__powerpc64__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- void *scratch;
- __asm __volatile ( "mfspr %1,8\n\t" /* save lr */
- "bl $+4\n\t"
- "mfspr %0,8\n\t" /* mflr ret */
- "mtspr 8,%1" /* restore lr */
- : "=r"(ret),"=r"(scratch) );
-# elif defined(__s390__) || defined(__s390x__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "bras %0,1f\n1:" : "=r"(ret) );
- ret = (void *)((size_t)ret&~3UL);
-# elif defined(__sparc) || defined(__sparc__) || defined(__sparcv9)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- void *scratch;
- __asm __volatile ( "mov %%o7,%1\n\t"
- "call .+8; nop\n\t"
- "mov %%o7,%0\n\t"
- "mov %1,%%o7"
- : "=r"(ret),"=r"(scratch) );
-# elif defined(__x86_64) || defined(__x86_64__)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- __asm __volatile ( "leaq 0(%%rip),%0" : "=r"(ret) );
- ret = (void *)((size_t)ret&~3UL); /* align for better performance */
-# endif
-#elif defined(__DECC) && defined(__alpha)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- ret = (void *)(size_t)asm("br %v0,1f\n1:");
-#elif defined(_MSC_VER) && defined(_M_IX86)
-# define INSTRUCTION_POINTER_IMPLEMENTED
- void *scratch;
- _asm {
- call self
- self: pop eax
- mov scratch,eax
- }
- ret = (void *)((size_t)scratch&~3UL);
-#endif
- return ret;
-}
-
-/*
- * This function returns pointer to an instruction in the vicinity of
- * its entry point, but not outside this object module. This guarantees
- * that sequestered code is covered...
- */
-void *FIPS_ref_point()
-{
-#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
- return instruction_pointer();
-/* Below we essentially cover vendor compilers which do not support
- * inline assembler... */
-#elif defined(_AIX)
- struct { void *ip,*gp,*env; } *p = (void *)instruction_pointer;
- return p->ip;
-#elif defined(_HPUX_SOURCE)
-# if defined(__hppa) || defined(__hppa__)
- struct { void *i[4]; } *p = (void *)FIPS_ref_point;
-
- if (sizeof(p) == 8) /* 64-bit */
- return p->i[2];
- else if ((size_t)p & 2)
- { p = (void *)((size_t)p&~3UL);
- return p->i[0];
- }
- else
- return (void *)p;
-# elif defined(__ia64) || defined(__ia64__)
- struct { unsigned long long ip,gp; } *p=(void *)instruction_pointer;
- return (void *)(size_t)p->ip;
-# endif
-#elif (defined(__VMS) || defined(VMS)) && !(defined(vax) || defined(__vax__))
- /* applies to both alpha and ia64 */
- struct { unsigned __int64 opaque,ip; } *p=(void *)instruction_pointer;
- return (void *)(size_t)p->ip;
-#elif defined(__VOS__)
- /* applies to both pa-risc and ia32 */
- struct { void *dp,*ip,*gp; } *p = (void *)instruction_pointer;
- return p->ip;
-#elif defined(_WIN32)
-# if defined(_WIN64) && defined(_M_IA64)
- struct { void *ip,*gp; } *p = (void *)FIPS_ref_point;
- return p->ip;
-# else
- return (void *)FIPS_ref_point;
-# endif
-/*
- * In case you wonder why there is no #ifdef __linux. All Linux targets
- * are GCC-based and therefore are covered by instruction_pointer above
- * [well, some are covered by by the one below]...
- */
-#elif defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
- return (void *)instruction_pointer;
-#else
- return NULL;
-#endif
-}
Copied: vendor-crypto/openssl/0.9.8zf/fips/fips_canister.c (from rev 6976, vendor-crypto/openssl/dist/fips/fips_canister.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/fips_canister.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips_canister.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,199 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
+ * and usage in source and binary forms are granted according to the
+ * OpenSSL license.
+ */
+
+#include <stdio.h>
+#if defined(__DECC)
+# include <c_asm.h>
+# pragma __nostandard
+#endif
+
+#include "e_os.h"
+
+#if !defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
+# if (defined(__sun) && (defined(__sparc) || defined(__sparcv9))) || \
+ (defined(__sgi) && (defined(__mips) || defined(mips))) || \
+ (defined(__osf__) && defined(__alpha)) || \
+ (defined(__linux) && (defined(__arm) || defined(__arm__))) || \
+ (defined(__i386) || defined(__i386__)) || \
+ (defined(__x86_64) || defined(__x86_64__)) || \
+ defined(__ANDROID__) || \
+ (defined(vax) || defined(__vax__))
+# define POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION
+# endif
+#endif
+
+#if defined(__xlC__) && __xlC__>=0x600 && (defined(_POWER) || defined(_ARCH_PPC))
+static void *instruction_pointer_xlc(void);
+# pragma mc_func instruction_pointer_xlc {\
+ "7c0802a6" /* mflr r0 */ \
+ "48000005" /* bl $+4 */ \
+ "7c6802a6" /* mflr r3 */ \
+ "7c0803a6" /* mtlr r0 */ }
+# pragma reg_killed_by instruction_pointer_xlc gr0 gr3
+# define INSTRUCTION_POINTER_IMPLEMENTED(ret) (ret=instruction_pointer_xlc());
+#endif
+
+#ifdef FIPS_START
+# define FIPS_ref_point FIPS_text_start
+/*
+ * Some compilers put string literals into a separate segment. As we are
+ * mostly interested to hash AES tables in .rodata, we declare reference
+ * points accordingly. In case you wonder, the values are big-endian encoded
+ * variable names, just to prevent these arrays from being merged by linker.
+ */
+const unsigned int FIPS_rodata_start[] =
+ { 0x46495053, 0x5f726f64, 0x6174615f, 0x73746172 };
+#else
+# define FIPS_ref_point FIPS_text_end
+const unsigned int FIPS_rodata_end[] =
+ { 0x46495053, 0x5f726f64, 0x6174615f, 0x656e645b };
+#endif
+
+/*
+ * I declare reference function as static in order to avoid certain
+ * pitfalls in -dynamic linker behaviour...
+ */
+static void *instruction_pointer(void)
+{
+ void *ret = NULL;
+ /*
+ * These are ABI-neutral CPU-specific snippets. ABI-neutrality means that
+ * they are designed to work under any OS running on particular CPU,
+ * which is why you don't find any #ifdef THIS_OR_THAT_OS in this
+ * function.
+ */
+#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
+ INSTRUCTION_POINTER_IMPLEMENTED(ret);
+#elif defined(__GNUC__) && __GNUC__>=2
+# if defined(__alpha) || defined(__alpha__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile("br %0,1f\n1:":"=r"(ret));
+# elif defined(__i386) || defined(__i386__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile("call 1f\n1: popl %0":"=r"(ret));
+ ret = (void *)((size_t)ret & ~3UL); /* align for better performance */
+# elif defined(__ia64) || defined(__ia64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile("mov %0=ip":"=r"(ret));
+# elif defined(__hppa) || defined(__hppa__) || defined(__pa_risc)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile("blr %%r0,%0\n\tnop":"=r"(ret));
+ ret = (void *)((size_t)ret & ~3UL); /* mask privilege level */
+# elif defined(__mips) || defined(__mips__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile("move %1,$31\n\t" /* save ra */
+ "bal .+8; nop\n\t" "move %0,$31\n\t"
+ /* restore ra */
+ "move $31,%1":"=r"(ret), "=r"(scratch));
+# elif defined(__ppc__) || defined(__powerpc) || defined(__powerpc__) || \
+ defined(__POWERPC__) || defined(_POWER) || defined(__PPC__) || \
+ defined(__PPC64__) || defined(__powerpc64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile("mfspr %1,8\n\t" /* save lr */
+ "bl $+4\n\t" "mfspr %0,8\n\t" /* mflr ret */
+ "mtspr 8,%1" /* restore lr */
+ :"=r"(ret), "=r"(scratch));
+# elif defined(__s390__) || defined(__s390x__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile("bras %0,1f\n1:":"=r"(ret));
+ ret = (void *)((size_t)ret & ~3UL);
+# elif defined(__sparc) || defined(__sparc__) || defined(__sparcv9)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile("mov %%o7,%1\n\t"
+ "call .+8; nop\n\t"
+ "mov %%o7,%0\n\t"
+ "mov %1,%%o7":"=r"(ret), "=r"(scratch));
+# elif defined(__x86_64) || defined(__x86_64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile("leaq 0(%%rip),%0":"=r"(ret));
+ ret = (void *)((size_t)ret & ~3UL); /* align for better performance */
+# endif
+#elif defined(__DECC) && defined(__alpha)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ ret = (void *)(size_t)asm("br %v0,1f\n1:");
+#elif defined(_MSC_VER) && defined(_M_IX86)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ _asm {
+ call self
+ self:pop eax
+ mov scratch, eax} ret = (void *)((size_t)scratch & ~3UL);
+#endif
+ return ret;
+}
+
+/*
+ * This function returns pointer to an instruction in the vicinity of
+ * its entry point, but not outside this object module. This guarantees
+ * that sequestered code is covered...
+ */
+void *FIPS_ref_point()
+{
+#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
+ return instruction_pointer();
+ /*
+ * Below we essentially cover vendor compilers which do not support
+ * inline assembler...
+ */
+#elif defined(_AIX)
+ struct {
+ void *ip, *gp, *env;
+ } *p = (void *)instruction_pointer;
+ return p->ip;
+#elif defined(_HPUX_SOURCE)
+# if defined(__hppa) || defined(__hppa__)
+ struct {
+ void *i[4];
+ } *p = (void *)FIPS_ref_point;
+
+ if (sizeof(p) == 8) /* 64-bit */
+ return p->i[2];
+ else if ((size_t)p & 2) {
+ p = (void *)((size_t)p & ~3UL);
+ return p->i[0];
+ } else
+ return (void *)p;
+# elif defined(__ia64) || defined(__ia64__)
+ struct {
+ unsigned long long ip, gp;
+ } *p = (void *)instruction_pointer;
+ return (void *)(size_t)p->ip;
+# endif
+#elif (defined(__VMS) || defined(VMS)) && !(defined(vax) || defined(__vax__))
+ /* applies to both alpha and ia64 */
+ struct {
+ unsigned __int64 opaque, ip;
+ } *p = (void *)instruction_pointer;
+ return (void *)(size_t)p->ip;
+#elif defined(__VOS__)
+ /* applies to both pa-risc and ia32 */
+ struct {
+ void *dp, *ip, *gp;
+ } *p = (void *)instruction_pointer;
+ return p->ip;
+#elif defined(_WIN32)
+# if defined(_WIN64) && defined(_M_IA64)
+ struct {
+ void *ip, *gp;
+ } *p = (void *)FIPS_ref_point;
+ return p->ip;
+# else
+ return (void *)FIPS_ref_point;
+# endif
+ /*
+ * In case you wonder why there is no #ifdef __linux. All Linux targets
+ * are GCC-based and therefore are covered by instruction_pointer above
+ * [well, some are covered by by the one below]...
+ */
+#elif defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
+ return (void *)instruction_pointer;
+#else
+ return NULL;
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/fips/fips_locl.h
===================================================================
--- vendor-crypto/openssl/dist/fips/fips_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,74 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifdef OPENSSL_FIPS
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-void fips_w_lock(void);
-void fips_w_unlock(void);
-void fips_r_lock(void);
-void fips_r_unlock(void);
-int fips_is_started(void);
-void fips_set_started(void);
-int fips_is_owning_thread(void);
-int fips_set_owning_thread(void);
-void fips_set_selftest_fail(void);
-int fips_clear_owning_thread(void);
-unsigned char *fips_signature_witness(void);
-int fips_check_rsa(RSA *rsa);
-
-#define FIPS_MAX_CIPHER_TEST_SIZE 16
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/fips_locl.h (from rev 6976, vendor-crypto/openssl/dist/fips/fips_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/fips_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,74 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifdef OPENSSL_FIPS
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void fips_w_lock(void);
+void fips_w_unlock(void);
+void fips_r_lock(void);
+void fips_r_unlock(void);
+int fips_is_started(void);
+void fips_set_started(void);
+int fips_is_owning_thread(void);
+int fips_set_owning_thread(void);
+void fips_set_selftest_fail(void);
+int fips_clear_owning_thread(void);
+unsigned char *fips_signature_witness(void);
+int fips_check_rsa(RSA *rsa);
+
+# define FIPS_MAX_CIPHER_TEST_SIZE 16
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/fips_premain.c
===================================================================
--- vendor-crypto/openssl/dist/fips/fips_premain.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips_premain.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,176 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
- * and usage in source and binary forms are granted according to the
- * OpenSSL license.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#if defined(__unix) || defined(__unix__)
-#include <unistd.h>
-#endif
-
-#ifndef FINGERPRINT_PREMAIN_DSO_LOAD
-
-#if defined(__GNUC__) && __GNUC__>=2
- void FINGERPRINT_premain(void) __attribute__((constructor));
- /* Most commonly this results in pointer to premain to be dropped
- * to .ctors segment, which is traversed by GCC crtbegin.o upon
- * program startup. Except on a.out OpenBSD where it results in
- * _GLOBAL_$I$premain() {premain();} being auto-generated by
- * compiler... But one way or another this is believed to cover
- * *all* GCC targets. */
-#elif defined(_MSC_VER)
-# ifdef _WINDLL
- __declspec(dllexport) /* this is essentially cosmetics... */
-# endif
- void FINGERPRINT_premain(void);
- static int premain_wrapper(void) { FINGERPRINT_premain(); return 0; }
-# ifdef _WIN64
-# pragma section(".CRT$XCU",read)
- __declspec(allocate(".CRT$XCU"))
-# else
-# pragma data_seg(".CRT$XCU")
-# endif
- static int (*p)(void) = premain_wrapper;
- /* This results in pointer to premain to appear in .CRT segment,
- * which is traversed by Visual C run-time initialization code.
- * This applies to both Win32 and [all flavors of] Win64. */
-# pragma data_seg()
-#elif defined(__SUNPRO_C)
- void FINGERPRINT_premain(void);
-# pragma init(FINGERPRINT_premain)
- /* This results in a call to premain to appear in .init segment. */
-#elif defined(__DECC) && (defined(__VMS) || defined(VMS))
- void FINGERPRINT_premain(void);
-# pragma __nostandard
- globaldef { "LIB$INITIALIZ" } readonly _align (LONGWORD)
- int spare[8] = {0};
- globaldef { "LIB$INITIALIZE" } readonly _align (LONGWORD)
- void (*x_FINGERPRINT_premain)(void) = FINGERPRINT_premain;
- /* Refer to LIB$INITIALIZE to ensure it exists in the image. */
- int lib$initialize();
- globaldef int (*lib_init_ref)() = lib$initialize;
-# pragma __standard
-#elif 0
- The rest has to be taken care of through command line:
-
- -Wl,-init,FINGERPRINT_premain on OSF1 and IRIX
- -Wl,+init,FINGERPRINT_premain on HP-UX
- -Wl,-binitfini:FINGERPRINT_premain on AIX
-
- On ELF platforms this results in a call to premain to appear in
- .init segment...
-#endif
-
-#ifndef HMAC_SHA1_SIG
-#define HMAC_SHA1_SIG "?have to make sure this string is unique"
-#endif
-
-static const unsigned char FINGERPRINT_ascii_value[40] = HMAC_SHA1_SIG;
-
-#define atox(c) ((c)>='a'?((c)-'a'+10):((c)>='A'?(c)-'A'+10:(c)-'0'))
-
-extern const void *FIPS_text_start(), *FIPS_text_end();
-extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
-extern unsigned char FIPS_signature[20];
-extern unsigned int FIPS_incore_fingerprint(unsigned char *,unsigned int);
-
-/*
- * As name suggests this code is executed prior main(). We use this
- * opportunity to fingerprint sequestered code in virtual address
- * space of target application.
- */
-void FINGERPRINT_premain(void)
-{ unsigned char sig[sizeof(FIPS_signature)];
- const unsigned char * volatile p=FINGERPRINT_ascii_value;
- unsigned int len=sizeof(sig),i;
-
- /* "volatilization" is done to disengage unwanted optimization... */
- if (*((volatile unsigned char *)p)=='?')
- { if (FIPS_text_start()==NULL)
- { fprintf(stderr,"FIPS_text_start() returns NULL\n");
- _exit(1);
- }
-#if defined(DEBUG_FINGERPRINT_PREMAIN)
- fprintf(stderr,".text:%p+%d=%p\n",FIPS_text_start(),
- (int)((size_t)FIPS_text_end()-(size_t)FIPS_text_start()),
- FIPS_text_end());
- fprintf(stderr,".rodata:%p+%d=%p\n",FIPS_rodata_start,
- (int)((size_t)FIPS_rodata_end-(size_t)FIPS_rodata_start),
- FIPS_rodata_end);
-#endif
-
- len=FIPS_incore_fingerprint(sig,sizeof(sig));
-
- if (len!=sizeof(sig))
- { fprintf(stderr,"fingerprint length mismatch: %u\n",len);
- _exit(1);
- }
-
- for (i=0;i<len;i++) printf("%02x",sig[i]);
- printf("\n");
- fflush(stdout);
- _exit(0);
- }
- else if (FIPS_signature[0]=='\0') do
- { for (i=0;i<sizeof(FIPS_signature);i++,p+=2)
- FIPS_signature[i] = (atox(p[0])<<4)|atox(p[1]);
-
-#if defined(DEBUG_FINGERPRINT_PREMAIN)
- if (getenv("OPENSSL_FIPS")==NULL) break;
-
- len=FIPS_incore_fingerprint(sig,sizeof(sig));
-
- if (memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
- { fprintf(stderr,"FINGERPRINT_premain: FIPS_signature mismatch\n");
- _exit(1);
- }
-#endif
- } while(0);
-}
-
-#else
-
-#include <openssl/bio.h>
-#include <openssl/dso.h>
-#include <openssl/err.h>
-
-int main(int argc,char *argv[])
-{ DSO *dso;
- DSO_FUNC_TYPE func;
- BIO *bio_err;
-
- if (argc < 2)
- { fprintf (stderr,"usage: %s libcrypto.dso\n",argv[0]);
- return 1;
- }
-
- if ((bio_err=BIO_new(BIO_s_file())) == NULL)
- { fprintf (stderr,"unable to allocate BIO\n");
- return 1;
- }
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
- ERR_load_crypto_strings();
-
- dso = DSO_load(NULL,argv[1],NULL,DSO_FLAG_NO_NAME_TRANSLATION);
- if (dso == NULL)
- { ERR_print_errors(bio_err);
- return 1;
- }
-
- /* This is not normally reached, because FINGERPRINT_premain should
- * have executed and terminated application already upon DSO_load... */
- func = DSO_bind_func(dso,"FINGERPRINT_premain");
- if (func == NULL)
- { ERR_print_errors(bio_err);
- return 1;
- }
-
- (*func)();
-
- return 0;
-}
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/fips_premain.c (from rev 6976, vendor-crypto/openssl/dist/fips/fips_premain.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/fips_premain.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips_premain.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,190 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
+ * and usage in source and binary forms are granted according to the
+ * OpenSSL license.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#if defined(__unix) || defined(__unix__)
+# include <unistd.h>
+#endif
+
+#ifndef FINGERPRINT_PREMAIN_DSO_LOAD
+
+# if defined(__GNUC__) && __GNUC__>=2
+void FINGERPRINT_premain(void) __attribute__ ((constructor));
+ /*
+ * Most commonly this results in pointer to premain to be dropped to .ctors
+ * segment, which is traversed by GCC crtbegin.o upon program startup.
+ * Except on a.out OpenBSD where it results in _GLOBAL_$I$premain()
+ * {premain();} being auto-generated by compiler... But one way or another
+ * this is believed to cover *all* GCC targets.
+ */
+# elif defined(_MSC_VER)
+# ifdef _WINDLL
+__declspec(dllexport) /* this is essentially cosmetics... */
+# endif
+void FINGERPRINT_premain(void);
+static int premain_wrapper(void)
+{
+ FINGERPRINT_premain();
+ return 0;
+}
+
+# ifdef _WIN64
+# pragma section(".CRT$XCU",read)
+__declspec(allocate(".CRT$XCU"))
+# else
+# pragma data_seg(".CRT$XCU")
+# endif
+static int (*p) (void) = premain_wrapper;
+ /*
+ * This results in pointer to premain to appear in .CRT segment, which is
+ * traversed by Visual C run-time initialization code. This applies to both
+ * Win32 and [all flavors of] Win64.
+ */
+# pragma data_seg()
+# elif defined(__SUNPRO_C)
+void FINGERPRINT_premain(void);
+# pragma init(FINGERPRINT_premain)
+ /* This results in a call to premain to appear in .init segment. */
+# elif defined(__DECC) && (defined(__VMS) || defined(VMS))
+void FINGERPRINT_premain(void);
+# pragma __nostandard
+globaldef {
+"LIB$INITIALIZ"} readonly _align(LONGWORD)
+int spare[8] = { 0 };
+
+globaldef {
+"LIB$INITIALIZE"} readonly _align(LONGWORD)
+
+void (*x_FINGERPRINT_premain) (void) = FINGERPRINT_premain;
+ /* Refer to LIB$INITIALIZE to ensure it exists in the image. */
+int lib$initialize();
+globaldef int (*lib_init_ref) () = lib$initialize;
+# pragma __standard
+# elif 0
+The rest has to be taken care of through command line:-Wl, -init,
+ FINGERPRINT_premain on OSF1 and IRIX - Wl, +init,
+ FINGERPRINT_premain on HP - UX - Wl,
+ -binitfini:FINGERPRINT_premain on AIX On ELF platforms this results in a
+ call to premain to appear in.init segment ...
+# endif
+# ifndef HMAC_SHA1_SIG
+# define HMAC_SHA1_SIG "?have to make sure this string is unique"
+# endif
+static const unsigned char FINGERPRINT_ascii_value[40] = HMAC_SHA1_SIG;
+
+# define atox(c) ((c)>='a'?((c)-'a'+10):((c)>='A'?(c)-'A'+10:(c)-'0'))
+
+extern const void *FIPS_text_start(), *FIPS_text_end();
+extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
+extern unsigned char FIPS_signature[20];
+extern unsigned int FIPS_incore_fingerprint(unsigned char *, unsigned int);
+
+/*
+ * As name suggests this code is executed prior main(). We use this
+ * opportunity to fingerprint sequestered code in virtual address
+ * space of target application.
+ */
+void FINGERPRINT_premain(void)
+{
+ unsigned char sig[sizeof(FIPS_signature)];
+ const unsigned char *volatile p = FINGERPRINT_ascii_value;
+ unsigned int len = sizeof(sig), i;
+
+ /* "volatilization" is done to disengage unwanted optimization... */
+ if (*((volatile unsigned char *)p) == '?') {
+ if (FIPS_text_start() == NULL) {
+ fprintf(stderr, "FIPS_text_start() returns NULL\n");
+ _exit(1);
+ }
+# if defined(DEBUG_FINGERPRINT_PREMAIN)
+ fprintf(stderr, ".text:%p+%d=%p\n", FIPS_text_start(),
+ (int)((size_t)FIPS_text_end() - (size_t)FIPS_text_start()),
+ FIPS_text_end());
+ fprintf(stderr, ".rodata:%p+%d=%p\n", FIPS_rodata_start,
+ (int)((size_t)FIPS_rodata_end - (size_t)FIPS_rodata_start),
+ FIPS_rodata_end);
+# endif
+
+ len = FIPS_incore_fingerprint(sig, sizeof(sig));
+
+ if (len != sizeof(sig)) {
+ fprintf(stderr, "fingerprint length mismatch: %u\n", len);
+ _exit(1);
+ }
+
+ for (i = 0; i < len; i++)
+ printf("%02x", sig[i]);
+ printf("\n");
+ fflush(stdout);
+ _exit(0);
+ } else if (FIPS_signature[0] == '\0')
+ do {
+ for (i = 0; i < sizeof(FIPS_signature); i++, p += 2)
+ FIPS_signature[i] = (atox(p[0]) << 4) | atox(p[1]);
+
+# if defined(DEBUG_FINGERPRINT_PREMAIN)
+ if (getenv("OPENSSL_FIPS") == NULL)
+ break;
+
+ len = FIPS_incore_fingerprint(sig, sizeof(sig));
+
+ if (memcmp(FIPS_signature, sig, sizeof(FIPS_signature))) {
+ fprintf(stderr,
+ "FINGERPRINT_premain: FIPS_signature mismatch\n");
+ _exit(1);
+ }
+# endif
+ } while (0);
+}
+
+#else
+
+# include <openssl/bio.h>
+# include <openssl/dso.h>
+# include <openssl/err.h>
+
+int main(int argc, char *argv[])
+{
+ DSO *dso;
+ DSO_FUNC_TYPE func;
+ BIO *bio_err;
+
+ if (argc < 2) {
+ fprintf(stderr, "usage: %s libcrypto.dso\n", argv[0]);
+ return 1;
+ }
+
+ if ((bio_err = BIO_new(BIO_s_file())) == NULL) {
+ fprintf(stderr, "unable to allocate BIO\n");
+ return 1;
+ }
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
+ ERR_load_crypto_strings();
+
+ dso = DSO_load(NULL, argv[1], NULL, DSO_FLAG_NO_NAME_TRANSLATION);
+ if (dso == NULL) {
+ ERR_print_errors(bio_err);
+ return 1;
+ }
+
+ /*
+ * This is not normally reached, because FINGERPRINT_premain should have
+ * executed and terminated application already upon DSO_load...
+ */
+ func = DSO_bind_func(dso, "FINGERPRINT_premain");
+ if (func == NULL) {
+ ERR_print_errors(bio_err);
+ return 1;
+ }
+
+ (*func) ();
+
+ return 0;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/fips_test_suite.c
===================================================================
--- vendor-crypto/openssl/dist/fips/fips_test_suite.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips_test_suite.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,579 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- *
- * This command is intended as a test driver for the FIPS-140 testing
- * lab performing FIPS-140 validation. It demonstrates the use of the
- * OpenSSL library ito perform a variety of common cryptographic
- * functions. A power-up self test is demonstrated by deliberately
- * pointing to an invalid executable hash
- *
- * Contributed by Steve Marquess.
- *
- */
-#include <stdio.h>
-#include <assert.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include <openssl/aes.h>
-#include <openssl/des.h>
-#include <openssl/hmac.h>
-#include <openssl/err.h>
-
-#include <openssl/bn.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-
-
-#ifndef OPENSSL_FIPS
-int main(int argc, char *argv[])
- {
- printf("No FIPS support\n");
- return(0);
- }
-#else
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/dh.h>
-
-#include <openssl/fips.h>
-#include "fips_utl.h"
-
-/* AES: encrypt and decrypt known plaintext, verify result matches original plaintext
-*/
-static int FIPS_aes_test(void)
- {
- int ret = 0;
- unsigned char pltmp[16];
- unsigned char citmp[16];
- unsigned char key[16] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
- unsigned char plaintext[16] = "etaonrishdlcu";
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 1) <= 0)
- goto err;
- EVP_Cipher(&ctx, citmp, plaintext, 16);
- if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(),NULL, key, NULL, 0) <= 0)
- goto err;
- EVP_Cipher(&ctx, pltmp, citmp, 16);
- if (memcmp(pltmp, plaintext, 16))
- goto err;
- ret = 1;
- err:
- EVP_CIPHER_CTX_cleanup(&ctx);
- return ret;
- }
-
-static int FIPS_des3_test(void)
- {
- int ret = 0;
- unsigned char pltmp[8];
- unsigned char citmp[8];
- unsigned char key[] = { 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,
- 19,20,21,22,23,24};
- unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 1) <= 0)
- goto err;
- EVP_Cipher(&ctx, citmp, plaintext, 8);
- if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(),NULL, key, NULL, 0) <= 0)
- goto err;
- EVP_Cipher(&ctx, pltmp, citmp, 8);
- if (memcmp(pltmp, plaintext, 8))
- goto err;
- ret = 1;
- err:
- EVP_CIPHER_CTX_cleanup(&ctx);
- return ret;
- }
-
-/*
- * DSA: generate keys and sign, verify input plaintext.
- */
-static int FIPS_dsa_test(int bad)
- {
- DSA *dsa = NULL;
- EVP_PKEY pk;
- unsigned char dgst[] = "etaonrishdlc";
- unsigned char buf[60];
- unsigned int slen;
- int r = 0;
- EVP_MD_CTX mctx;
-
- ERR_clear_error();
- EVP_MD_CTX_init(&mctx);
- dsa = FIPS_dsa_new();
- if (!dsa)
- goto end;
- if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL))
- goto end;
- if (!DSA_generate_key(dsa))
- goto end;
- if (bad)
- BN_add_word(dsa->pub_key, 1);
-
- pk.type = EVP_PKEY_DSA;
- pk.pkey.dsa = dsa;
-
- if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
- goto end;
- if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
- goto end;
- if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
- goto end;
-
- if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
- goto end;
- if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
- goto end;
- r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
- end:
- EVP_MD_CTX_cleanup(&mctx);
- if (dsa)
- FIPS_dsa_free(dsa);
- if (r != 1)
- return 0;
- return 1;
- }
-
-/*
- * RSA: generate keys and sign, verify input plaintext.
- */
-static int FIPS_rsa_test(int bad)
- {
- RSA *key;
- unsigned char input_ptext[] = "etaonrishdlc";
- unsigned char buf[256];
- unsigned int slen;
- BIGNUM *bn;
- EVP_MD_CTX mctx;
- EVP_PKEY pk;
- int r = 0;
-
- ERR_clear_error();
- EVP_MD_CTX_init(&mctx);
- key = FIPS_rsa_new();
- bn = BN_new();
- if (!key || !bn)
- return 0;
- BN_set_word(bn, 65537);
- if (!RSA_generate_key_ex(key, 1024,bn,NULL))
- return 0;
- BN_free(bn);
- if (bad)
- BN_add_word(key->n, 1);
-
- pk.type = EVP_PKEY_RSA;
- pk.pkey.rsa = key;
-
- if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
- goto end;
- if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
- goto end;
- if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
- goto end;
-
- if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
- goto end;
- if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
- goto end;
- r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
- end:
- EVP_MD_CTX_cleanup(&mctx);
- if (key)
- FIPS_rsa_free(key);
- if (r != 1)
- return 0;
- return 1;
- }
-
-/* SHA1: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_sha1_test()
- {
- unsigned char digest[SHA_DIGEST_LENGTH] =
- { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a, 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18 };
- unsigned char str[] = "etaonrishd";
-
- unsigned char md[SHA_DIGEST_LENGTH];
-
- ERR_clear_error();
- if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha1(), NULL)) return 0;
- if (memcmp(md,digest,sizeof(md)))
- return 0;
- return 1;
- }
-
-/* SHA256: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_sha256_test()
- {
- unsigned char digest[SHA256_DIGEST_LENGTH] =
- {0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9, 0x68, 0xc0, 0xea, 0x40, 0x91,
- 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6, 0x50, 0x4f, 0x47, 0x57};
- unsigned char str[] = "etaonrishd";
-
- unsigned char md[SHA256_DIGEST_LENGTH];
-
- ERR_clear_error();
- if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha256(), NULL)) return 0;
- if (memcmp(md,digest,sizeof(md)))
- return 0;
- return 1;
- }
-
-/* SHA512: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_sha512_test()
- {
- unsigned char digest[SHA512_DIGEST_LENGTH] =
- {0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f, 0x94, 0x71, 0x64, 0x28, 0xca,
- 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2, 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
- 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f, 0x24, 0xb1, 0xd9, 0x40, 0x22,
- 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6, 0xeb, 0x2d, 0x42, 0x1d, 0xa3};
- unsigned char str[] = "etaonrishd";
-
- unsigned char md[SHA512_DIGEST_LENGTH];
-
- ERR_clear_error();
- if (!EVP_Digest(str,sizeof(str) - 1,md, NULL, EVP_sha512(), NULL)) return 0;
- if (memcmp(md,digest,sizeof(md)))
- return 0;
- return 1;
- }
-
-/* HMAC-SHA1: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_hmac_sha1_test()
- {
- unsigned char key[] = "etaonrishd";
- unsigned char iv[] = "Sample text";
- unsigned char kaval[EVP_MAX_MD_SIZE] =
- {0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea, 0x56, 0x1b, 0x61, 0x2e, 0x70,
- 0xb2, 0xfb, 0xec, 0xc6};
-
- unsigned char out[EVP_MAX_MD_SIZE];
- unsigned int outlen;
-
- ERR_clear_error();
- if (!HMAC(EVP_sha1(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
- if (memcmp(out,kaval,outlen))
- return 0;
- return 1;
- }
-
-/* HMAC-SHA224: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_hmac_sha224_test()
- {
- unsigned char key[] = "etaonrishd";
- unsigned char iv[] = "Sample text";
- unsigned char kaval[EVP_MAX_MD_SIZE] =
- {0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe, 0x1c, 0xb2, 0xf0, 0x20, 0x35,
- 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19};
-
- unsigned char out[EVP_MAX_MD_SIZE];
- unsigned int outlen;
-
- ERR_clear_error();
- if (!HMAC(EVP_sha224(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
- if (memcmp(out,kaval,outlen))
- return 0;
- return 1;
- }
-
-/* HMAC-SHA256: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_hmac_sha256_test()
- {
- unsigned char key[] = "etaonrishd";
- unsigned char iv[] = "Sample text";
- unsigned char kaval[EVP_MAX_MD_SIZE] =
- {0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36, 0x02, 0xf5, 0x72, 0x33, 0x87,
- 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee, 0x51, 0xff, 0xda, 0x24, 0xf4};
-
- unsigned char out[EVP_MAX_MD_SIZE];
- unsigned int outlen;
-
- ERR_clear_error();
- if (!HMAC(EVP_sha256(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
- if (memcmp(out,kaval,outlen))
- return 0;
- return 1;
- }
-
-/* HMAC-SHA384: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_hmac_sha384_test()
- {
- unsigned char key[] = "etaonrishd";
- unsigned char iv[] = "Sample text";
- unsigned char kaval[EVP_MAX_MD_SIZE] =
- {0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08, 0x26, 0x99, 0xef, 0x3b, 0x10,
- 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b, 0xac, 0xb0, 0x07, 0x39, 0x08,
- 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3, 0xf3, 0xb8, 0x9b, 0x88, 0x1c};
-
- unsigned char out[EVP_MAX_MD_SIZE];
- unsigned int outlen;
-
- ERR_clear_error();
- if (!HMAC(EVP_sha384(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
- if (memcmp(out,kaval,outlen))
- return 0;
- return 1;
- }
-
-/* HMAC-SHA512: generate hash of known digest value and compare to known
- precomputed correct hash
-*/
-static int FIPS_hmac_sha512_test()
- {
- unsigned char key[] = "etaonrishd";
- unsigned char iv[] = "Sample text";
- unsigned char kaval[EVP_MAX_MD_SIZE] =
- {0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3, 0x77, 0x59, 0x85, 0xa9, 0xe6,
- 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1, 0xad, 0x7e, 0x24, 0xca, 0xb1,
- 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52, 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
- 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96, 0x3d, 0xa6, 0xd9, 0x2a, 0x53};
-
- unsigned char out[EVP_MAX_MD_SIZE];
- unsigned int outlen;
-
- ERR_clear_error();
- if (!HMAC(EVP_sha512(),key,sizeof(key)-1,iv,sizeof(iv)-1,out,&outlen)) return 0;
- if (memcmp(out,kaval,outlen))
- return 0;
- return 1;
- }
-
-
-/* DH: generate shared parameters
-*/
-static int dh_test()
- {
- DH *dh;
- ERR_clear_error();
- dh = FIPS_dh_new();
- if (!dh)
- return 0;
- if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
- return 0;
- FIPS_dh_free(dh);
- return 1;
- }
-
-/* Zeroize
-*/
-static int Zeroize()
- {
- RSA *key;
- BIGNUM *bn;
- unsigned char userkey[16] =
- { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f, 0x83, 0x02, 0xb1, 0x09, 0x68 };
- size_t i;
- int n;
-
- key = FIPS_rsa_new();
- bn = BN_new();
- if (!key || !bn)
- return 0;
- BN_set_word(bn, 65537);
- if (!RSA_generate_key_ex(key, 1024,bn,NULL))
- return 0;
- BN_free(bn);
-
- n = BN_num_bytes(key->d);
- printf(" Generated %d byte RSA private key\n", n);
- printf("\tBN key before overwriting:\n");
- do_bn_print(stdout, key->d);
- BN_rand(key->d,n*8,-1,0);
- printf("\tBN key after overwriting:\n");
- do_bn_print(stdout, key->d);
-
- printf("\tchar buffer key before overwriting: \n\t\t");
- for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
- printf("\n");
- RAND_bytes(userkey, sizeof userkey);
- printf("\tchar buffer key after overwriting: \n\t\t");
- for(i = 0; i < sizeof(userkey); i++) printf("%02x", userkey[i]);
- printf("\n");
-
- return 1;
- }
-
-static int Error;
-static const char * Fail(const char *msg)
- {
- do_print_errors();
- Error++;
- return msg;
- }
-
-static void test_msg(const char *msg, int result)
- {
- printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
- }
-
-int main(int argc,char **argv)
- {
-
- int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
- int bad_rsa = 0, bad_dsa = 0;
- int do_rng_stick = 0;
- int no_exit = 0;
-
- printf("\tFIPS-mode test application\n\n");
-
- /* Load entropy from external file, if any */
- RAND_load_file(".rnd", 1024);
-
- if (argv[1]) {
- /* Corrupted KAT tests */
- if (!strcmp(argv[1], "aes")) {
- FIPS_corrupt_aes();
- printf("AES encryption/decryption with corrupted KAT...\n");
- } else if (!strcmp(argv[1], "des")) {
- FIPS_corrupt_des();
- printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
- } else if (!strcmp(argv[1], "dsa")) {
- FIPS_corrupt_dsa();
- printf("DSA key generation and signature validation with corrupted KAT...\n");
- } else if (!strcmp(argv[1], "rsa")) {
- FIPS_corrupt_rsa();
- printf("RSA key generation and signature validation with corrupted KAT...\n");
- } else if (!strcmp(argv[1], "rsakey")) {
- printf("RSA key generation and signature validation with corrupted key...\n");
- bad_rsa = 1;
- no_exit = 1;
- } else if (!strcmp(argv[1], "rsakeygen")) {
- do_corrupt_rsa_keygen = 1;
- no_exit = 1;
- printf("RSA key generation and signature validation with corrupted keygen...\n");
- } else if (!strcmp(argv[1], "dsakey")) {
- printf("DSA key generation and signature validation with corrupted key...\n");
- bad_dsa = 1;
- no_exit = 1;
- } else if (!strcmp(argv[1], "dsakeygen")) {
- do_corrupt_dsa_keygen = 1;
- no_exit = 1;
- printf("DSA key generation and signature validation with corrupted keygen...\n");
- } else if (!strcmp(argv[1], "sha1")) {
- FIPS_corrupt_sha1();
- printf("SHA-1 hash with corrupted KAT...\n");
- } else if (!strcmp(argv[1], "rng")) {
- FIPS_corrupt_rng();
- } else if (!strcmp(argv[1], "rngstick")) {
- do_rng_stick = 1;
- no_exit = 1;
- printf("RNG test with stuck continuous test...\n");
- } else {
- printf("Bad argument \"%s\"\n", argv[1]);
- exit(1);
- }
- if (!no_exit) {
- if (!FIPS_mode_set(1)) {
- do_print_errors();
- printf("Power-up self test failed\n");
- exit(1);
- }
- printf("Power-up self test successful\n");
- exit(0);
- }
- }
-
- /* Non-Approved cryptographic operation
- */
- printf("1. Non-Approved cryptographic operation test...\n");
- test_msg("\ta. Included algorithm (D-H)...", dh_test());
-
- /* Power-up self test
- */
- ERR_clear_error();
- test_msg("2. Automatic power-up self test", FIPS_mode_set(1));
- if (!FIPS_mode())
- exit(1);
- if (do_corrupt_dsa_keygen)
- FIPS_corrupt_dsa_keygen();
- if (do_corrupt_rsa_keygen)
- FIPS_corrupt_rsa_keygen();
- if (do_rng_stick)
- FIPS_rng_stick();
-
- /* AES encryption/decryption
- */
- test_msg("3. AES encryption/decryption", FIPS_aes_test());
-
- /* RSA key generation and encryption/decryption
- */
- test_msg("4. RSA key generation and encryption/decryption",
- FIPS_rsa_test(bad_rsa));
-
- /* DES-CBC encryption/decryption
- */
- test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
-
- /* DSA key generation and signature validation
- */
- test_msg("6. DSA key generation and signature validation",
- FIPS_dsa_test(bad_dsa));
-
- /* SHA-1 hash
- */
- test_msg("7a. SHA-1 hash", FIPS_sha1_test());
-
- /* SHA-256 hash
- */
- test_msg("7b. SHA-256 hash", FIPS_sha256_test());
-
- /* SHA-512 hash
- */
- test_msg("7c. SHA-512 hash", FIPS_sha512_test());
-
- /* HMAC-SHA-1 hash
- */
- test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
-
- /* HMAC-SHA-224 hash
- */
- test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
-
- /* HMAC-SHA-256 hash
- */
- test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
-
- /* HMAC-SHA-384 hash
- */
- test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
-
- /* HMAC-SHA-512 hash
- */
- test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
-
- /* Non-Approved cryptographic operation
- */
- printf("8. Non-Approved cryptographic operation test...\n");
- printf("\ta. Included algorithm (D-H)...%s\n",
- dh_test() ? "successful as expected"
- : Fail("failed INCORRECTLY!") );
-
- /* Zeroization
- */
- printf("9. Zero-ization...\n\t%s\n",
- Zeroize() ? "successful as expected"
- : Fail("failed INCORRECTLY!") );
-
- printf("\nAll tests completed with %d errors\n", Error);
- return Error ? 1 : 0;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/fips_test_suite.c (from rev 6976, vendor-crypto/openssl/dist/fips/fips_test_suite.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/fips_test_suite.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips_test_suite.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,659 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ *
+ * This command is intended as a test driver for the FIPS-140 testing
+ * lab performing FIPS-140 validation. It demonstrates the use of the
+ * OpenSSL library ito perform a variety of common cryptographic
+ * functions. A power-up self test is demonstrated by deliberately
+ * pointing to an invalid executable hash
+ *
+ * Contributed by Steve Marquess.
+ *
+ */
+#include <stdio.h>
+#include <assert.h>
+#include <ctype.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/aes.h>
+#include <openssl/des.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+#ifndef OPENSSL_FIPS
+int main(int argc, char *argv[])
+{
+ printf("No FIPS support\n");
+ return (0);
+}
+#else
+
+# include <openssl/rsa.h>
+# include <openssl/dsa.h>
+# include <openssl/dh.h>
+
+# include <openssl/fips.h>
+# include "fips_utl.h"
+
+/*
+ * AES: encrypt and decrypt known plaintext, verify result matches original
+ * plaintext
+ */
+static int FIPS_aes_test(void)
+{
+ int ret = 0;
+ unsigned char pltmp[16];
+ unsigned char citmp[16];
+ unsigned char key[16] =
+ { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16 };
+ unsigned char plaintext[16] = "etaonrishdlcu";
+ EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX_init(&ctx);
+ if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL, 1) <= 0)
+ goto err;
+ EVP_Cipher(&ctx, citmp, plaintext, 16);
+ if (EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL, 0) <= 0)
+ goto err;
+ EVP_Cipher(&ctx, pltmp, citmp, 16);
+ if (memcmp(pltmp, plaintext, 16))
+ goto err;
+ ret = 1;
+ err:
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ return ret;
+}
+
+static int FIPS_des3_test(void)
+{
+ int ret = 0;
+ unsigned char pltmp[8];
+ unsigned char citmp[8];
+ unsigned char key[] =
+ { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18,
+ 19, 20, 21, 22, 23, 24
+ };
+ unsigned char plaintext[] = { 'e', 't', 'a', 'o', 'n', 'r', 'i', 's' };
+ EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX_init(&ctx);
+ if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 1) <= 0)
+ goto err;
+ EVP_Cipher(&ctx, citmp, plaintext, 8);
+ if (EVP_CipherInit_ex(&ctx, EVP_des_ede3_ecb(), NULL, key, NULL, 0) <= 0)
+ goto err;
+ EVP_Cipher(&ctx, pltmp, citmp, 8);
+ if (memcmp(pltmp, plaintext, 8))
+ goto err;
+ ret = 1;
+ err:
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ return ret;
+}
+
+/*
+ * DSA: generate keys and sign, verify input plaintext.
+ */
+static int FIPS_dsa_test(int bad)
+{
+ DSA *dsa = NULL;
+ EVP_PKEY pk;
+ unsigned char dgst[] = "etaonrishdlc";
+ unsigned char buf[60];
+ unsigned int slen;
+ int r = 0;
+ EVP_MD_CTX mctx;
+
+ ERR_clear_error();
+ EVP_MD_CTX_init(&mctx);
+ dsa = FIPS_dsa_new();
+ if (!dsa)
+ goto end;
+ if (!DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL))
+ goto end;
+ if (!DSA_generate_key(dsa))
+ goto end;
+ if (bad)
+ BN_add_word(dsa->pub_key, 1);
+
+ pk.type = EVP_PKEY_DSA;
+ pk.pkey.dsa = dsa;
+
+ if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL))
+ goto end;
+ if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1))
+ goto end;
+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
+ goto end;
+
+ if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL))
+ goto end;
+ if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1))
+ goto end;
+ r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
+ end:
+ EVP_MD_CTX_cleanup(&mctx);
+ if (dsa)
+ FIPS_dsa_free(dsa);
+ if (r != 1)
+ return 0;
+ return 1;
+}
+
+/*
+ * RSA: generate keys and sign, verify input plaintext.
+ */
+static int FIPS_rsa_test(int bad)
+{
+ RSA *key;
+ unsigned char input_ptext[] = "etaonrishdlc";
+ unsigned char buf[256];
+ unsigned int slen;
+ BIGNUM *bn;
+ EVP_MD_CTX mctx;
+ EVP_PKEY pk;
+ int r = 0;
+
+ ERR_clear_error();
+ EVP_MD_CTX_init(&mctx);
+ key = FIPS_rsa_new();
+ bn = BN_new();
+ if (!key || !bn)
+ return 0;
+ BN_set_word(bn, 65537);
+ if (!RSA_generate_key_ex(key, 1024, bn, NULL))
+ return 0;
+ BN_free(bn);
+ if (bad)
+ BN_add_word(key->n, 1);
+
+ pk.type = EVP_PKEY_RSA;
+ pk.pkey.rsa = key;
+
+ if (!EVP_SignInit_ex(&mctx, EVP_sha1(), NULL))
+ goto end;
+ if (!EVP_SignUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
+ goto end;
+ if (!EVP_SignFinal(&mctx, buf, &slen, &pk))
+ goto end;
+
+ if (!EVP_VerifyInit_ex(&mctx, EVP_sha1(), NULL))
+ goto end;
+ if (!EVP_VerifyUpdate(&mctx, input_ptext, sizeof(input_ptext) - 1))
+ goto end;
+ r = EVP_VerifyFinal(&mctx, buf, slen, &pk);
+ end:
+ EVP_MD_CTX_cleanup(&mctx);
+ if (key)
+ FIPS_rsa_free(key);
+ if (r != 1)
+ return 0;
+ return 1;
+}
+
+/*
+ * SHA1: generate hash of known digest value and compare to known precomputed
+ * correct hash
+ */
+static int FIPS_sha1_test()
+{
+ unsigned char digest[SHA_DIGEST_LENGTH] =
+ { 0x11, 0xf1, 0x9a, 0x3a, 0xec, 0x1a, 0x1e, 0x8e, 0x65, 0xd4, 0x9a,
+ 0x38, 0x0c, 0x8b, 0x1e, 0x2c, 0xe8, 0xb3, 0xc5, 0x18
+ };
+ unsigned char str[] = "etaonrishd";
+
+ unsigned char md[SHA_DIGEST_LENGTH];
+
+ ERR_clear_error();
+ if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha1(), NULL))
+ return 0;
+ if (memcmp(md, digest, sizeof(md)))
+ return 0;
+ return 1;
+}
+
+/*
+ * SHA256: generate hash of known digest value and compare to known
+ * precomputed correct hash
+ */
+static int FIPS_sha256_test()
+{
+ unsigned char digest[SHA256_DIGEST_LENGTH] =
+ { 0xf5, 0x53, 0xcd, 0xb8, 0xcf, 0x1, 0xee, 0x17, 0x9b, 0x93, 0xc9,
+ 0x68, 0xc0, 0xea, 0x40, 0x91,
+ 0x6, 0xec, 0x8e, 0x11, 0x96, 0xc8, 0x5d, 0x1c, 0xaf, 0x64, 0x22, 0xe6,
+ 0x50, 0x4f, 0x47, 0x57
+ };
+ unsigned char str[] = "etaonrishd";
+
+ unsigned char md[SHA256_DIGEST_LENGTH];
+
+ ERR_clear_error();
+ if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha256(), NULL))
+ return 0;
+ if (memcmp(md, digest, sizeof(md)))
+ return 0;
+ return 1;
+}
+
+/*
+ * SHA512: generate hash of known digest value and compare to known
+ * precomputed correct hash
+ */
+static int FIPS_sha512_test()
+{
+ unsigned char digest[SHA512_DIGEST_LENGTH] =
+ { 0x99, 0xc9, 0xe9, 0x5b, 0x88, 0xd4, 0x78, 0x88, 0xdf, 0x88, 0x5f,
+ 0x94, 0x71, 0x64, 0x28, 0xca,
+ 0x16, 0x1f, 0x3d, 0xf4, 0x1f, 0xf3, 0x0f, 0xc5, 0x03, 0x99, 0xb2,
+ 0xd0, 0xe7, 0x0b, 0x94, 0x4a,
+ 0x45, 0xd2, 0x6c, 0x4f, 0x20, 0x06, 0xef, 0x71, 0xa9, 0x25, 0x7f,
+ 0x24, 0xb1, 0xd9, 0x40, 0x22,
+ 0x49, 0x54, 0x10, 0xc2, 0x22, 0x9d, 0x27, 0xfe, 0xbd, 0xd6, 0xd6,
+ 0xeb, 0x2d, 0x42, 0x1d, 0xa3
+ };
+ unsigned char str[] = "etaonrishd";
+
+ unsigned char md[SHA512_DIGEST_LENGTH];
+
+ ERR_clear_error();
+ if (!EVP_Digest(str, sizeof(str) - 1, md, NULL, EVP_sha512(), NULL))
+ return 0;
+ if (memcmp(md, digest, sizeof(md)))
+ return 0;
+ return 1;
+}
+
+/*
+ * HMAC-SHA1: generate hash of known digest value and compare to known
+ * precomputed correct hash
+ */
+static int FIPS_hmac_sha1_test()
+{
+ unsigned char key[] = "etaonrishd";
+ unsigned char iv[] = "Sample text";
+ unsigned char kaval[EVP_MAX_MD_SIZE] =
+ { 0x73, 0xf7, 0xa0, 0x48, 0xf8, 0x94, 0xed, 0xdd, 0x0a, 0xea, 0xea,
+ 0x56, 0x1b, 0x61, 0x2e, 0x70,
+ 0xb2, 0xfb, 0xec, 0xc6
+ };
+
+ unsigned char out[EVP_MAX_MD_SIZE];
+ unsigned int outlen;
+
+ ERR_clear_error();
+ if (!HMAC
+ (EVP_sha1(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out, &outlen))
+ return 0;
+ if (memcmp(out, kaval, outlen))
+ return 0;
+ return 1;
+}
+
+/*
+ * HMAC-SHA224: generate hash of known digest value and compare to known
+ * precomputed correct hash
+ */
+static int FIPS_hmac_sha224_test()
+{
+ unsigned char key[] = "etaonrishd";
+ unsigned char iv[] = "Sample text";
+ unsigned char kaval[EVP_MAX_MD_SIZE] =
+ { 0x75, 0x58, 0xd5, 0xbd, 0x55, 0x6d, 0x87, 0x0f, 0x75, 0xff, 0xbe,
+ 0x1c, 0xb2, 0xf0, 0x20, 0x35,
+ 0xe5, 0x62, 0x49, 0xb6, 0x94, 0xb9, 0xfc, 0x65, 0x34, 0x33, 0x3a, 0x19
+ };
+
+ unsigned char out[EVP_MAX_MD_SIZE];
+ unsigned int outlen;
+
+ ERR_clear_error();
+ if (!HMAC
+ (EVP_sha224(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
+ &outlen))
+ return 0;
+ if (memcmp(out, kaval, outlen))
+ return 0;
+ return 1;
+}
+
+/*
+ * HMAC-SHA256: generate hash of known digest value and compare to known
+ * precomputed correct hash
+ */
+static int FIPS_hmac_sha256_test()
+{
+ unsigned char key[] = "etaonrishd";
+ unsigned char iv[] = "Sample text";
+ unsigned char kaval[EVP_MAX_MD_SIZE] =
+ { 0xe9, 0x17, 0xc1, 0x7b, 0x4c, 0x6b, 0x77, 0xda, 0xd2, 0x30, 0x36,
+ 0x02, 0xf5, 0x72, 0x33, 0x87,
+ 0x9f, 0xc6, 0x6e, 0x7b, 0x7e, 0xa8, 0xea, 0xaa, 0x9f, 0xba, 0xee,
+ 0x51, 0xff, 0xda, 0x24, 0xf4
+ };
+
+ unsigned char out[EVP_MAX_MD_SIZE];
+ unsigned int outlen;
+
+ ERR_clear_error();
+ if (!HMAC
+ (EVP_sha256(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
+ &outlen))
+ return 0;
+ if (memcmp(out, kaval, outlen))
+ return 0;
+ return 1;
+}
+
+/*
+ * HMAC-SHA384: generate hash of known digest value and compare to known
+ * precomputed correct hash
+ */
+static int FIPS_hmac_sha384_test()
+{
+ unsigned char key[] = "etaonrishd";
+ unsigned char iv[] = "Sample text";
+ unsigned char kaval[EVP_MAX_MD_SIZE] =
+ { 0xb2, 0x9d, 0x40, 0x58, 0x32, 0xc4, 0xe3, 0x31, 0xb6, 0x63, 0x08,
+ 0x26, 0x99, 0xef, 0x3b, 0x10,
+ 0xe2, 0xdf, 0xf8, 0xff, 0xc6, 0xe1, 0x03, 0x29, 0x81, 0x2a, 0x1b,
+ 0xac, 0xb0, 0x07, 0x39, 0x08,
+ 0xf3, 0x91, 0x35, 0x11, 0x76, 0xd6, 0x4c, 0x20, 0xfb, 0x4d, 0xc3,
+ 0xf3, 0xb8, 0x9b, 0x88, 0x1c
+ };
+
+ unsigned char out[EVP_MAX_MD_SIZE];
+ unsigned int outlen;
+
+ ERR_clear_error();
+ if (!HMAC
+ (EVP_sha384(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
+ &outlen))
+ return 0;
+ if (memcmp(out, kaval, outlen))
+ return 0;
+ return 1;
+}
+
+/*
+ * HMAC-SHA512: generate hash of known digest value and compare to known
+ * precomputed correct hash
+ */
+static int FIPS_hmac_sha512_test()
+{
+ unsigned char key[] = "etaonrishd";
+ unsigned char iv[] = "Sample text";
+ unsigned char kaval[EVP_MAX_MD_SIZE] =
+ { 0xcd, 0x3e, 0xb9, 0x51, 0xb8, 0xbc, 0x7f, 0x9a, 0x23, 0xaf, 0xf3,
+ 0x77, 0x59, 0x85, 0xa9, 0xe6,
+ 0xf7, 0xd1, 0x51, 0x96, 0x17, 0xe0, 0x92, 0xd8, 0xa6, 0x3b, 0xc1,
+ 0xad, 0x7e, 0x24, 0xca, 0xb1,
+ 0xd7, 0x79, 0x0a, 0xa5, 0xea, 0x2c, 0x02, 0x58, 0x0b, 0xa6, 0x52,
+ 0x6b, 0x61, 0x7f, 0xeb, 0x9c,
+ 0x47, 0x86, 0x5d, 0x74, 0x2b, 0x88, 0xdf, 0xee, 0x46, 0x69, 0x96,
+ 0x3d, 0xa6, 0xd9, 0x2a, 0x53
+ };
+
+ unsigned char out[EVP_MAX_MD_SIZE];
+ unsigned int outlen;
+
+ ERR_clear_error();
+ if (!HMAC
+ (EVP_sha512(), key, sizeof(key) - 1, iv, sizeof(iv) - 1, out,
+ &outlen))
+ return 0;
+ if (memcmp(out, kaval, outlen))
+ return 0;
+ return 1;
+}
+
+/*
+ * DH: generate shared parameters
+ */
+static int dh_test()
+{
+ DH *dh;
+ ERR_clear_error();
+ dh = FIPS_dh_new();
+ if (!dh)
+ return 0;
+ if (!DH_generate_parameters_ex(dh, 1024, 2, NULL))
+ return 0;
+ FIPS_dh_free(dh);
+ return 1;
+}
+
+/*
+ * Zeroize
+ */
+static int Zeroize()
+{
+ RSA *key;
+ BIGNUM *bn;
+ unsigned char userkey[16] =
+ { 0x48, 0x50, 0xf0, 0xa3, 0x3a, 0xed, 0xd3, 0xaf, 0x6e, 0x47, 0x7f,
+ 0x83, 0x02, 0xb1, 0x09, 0x68
+ };
+ size_t i;
+ int n;
+
+ key = FIPS_rsa_new();
+ bn = BN_new();
+ if (!key || !bn)
+ return 0;
+ BN_set_word(bn, 65537);
+ if (!RSA_generate_key_ex(key, 1024, bn, NULL))
+ return 0;
+ BN_free(bn);
+
+ n = BN_num_bytes(key->d);
+ printf(" Generated %d byte RSA private key\n", n);
+ printf("\tBN key before overwriting:\n");
+ do_bn_print(stdout, key->d);
+ BN_rand(key->d, n * 8, -1, 0);
+ printf("\tBN key after overwriting:\n");
+ do_bn_print(stdout, key->d);
+
+ printf("\tchar buffer key before overwriting: \n\t\t");
+ for (i = 0; i < sizeof(userkey); i++)
+ printf("%02x", userkey[i]);
+ printf("\n");
+ RAND_bytes(userkey, sizeof userkey);
+ printf("\tchar buffer key after overwriting: \n\t\t");
+ for (i = 0; i < sizeof(userkey); i++)
+ printf("%02x", userkey[i]);
+ printf("\n");
+
+ return 1;
+}
+
+static int Error;
+static const char *Fail(const char *msg)
+{
+ do_print_errors();
+ Error++;
+ return msg;
+}
+
+static void test_msg(const char *msg, int result)
+{
+ printf("%s...%s\n", msg, result ? "successful" : Fail("Failed!"));
+}
+
+int main(int argc, char **argv)
+{
+
+ int do_corrupt_rsa_keygen = 0, do_corrupt_dsa_keygen = 0;
+ int bad_rsa = 0, bad_dsa = 0;
+ int do_rng_stick = 0;
+ int no_exit = 0;
+
+ printf("\tFIPS-mode test application\n\n");
+
+ /* Load entropy from external file, if any */
+ RAND_load_file(".rnd", 1024);
+
+ if (argv[1]) {
+ /* Corrupted KAT tests */
+ if (!strcmp(argv[1], "aes")) {
+ FIPS_corrupt_aes();
+ printf("AES encryption/decryption with corrupted KAT...\n");
+ } else if (!strcmp(argv[1], "des")) {
+ FIPS_corrupt_des();
+ printf("DES3-ECB encryption/decryption with corrupted KAT...\n");
+ } else if (!strcmp(argv[1], "dsa")) {
+ FIPS_corrupt_dsa();
+ printf
+ ("DSA key generation and signature validation with corrupted KAT...\n");
+ } else if (!strcmp(argv[1], "rsa")) {
+ FIPS_corrupt_rsa();
+ printf
+ ("RSA key generation and signature validation with corrupted KAT...\n");
+ } else if (!strcmp(argv[1], "rsakey")) {
+ printf
+ ("RSA key generation and signature validation with corrupted key...\n");
+ bad_rsa = 1;
+ no_exit = 1;
+ } else if (!strcmp(argv[1], "rsakeygen")) {
+ do_corrupt_rsa_keygen = 1;
+ no_exit = 1;
+ printf
+ ("RSA key generation and signature validation with corrupted keygen...\n");
+ } else if (!strcmp(argv[1], "dsakey")) {
+ printf
+ ("DSA key generation and signature validation with corrupted key...\n");
+ bad_dsa = 1;
+ no_exit = 1;
+ } else if (!strcmp(argv[1], "dsakeygen")) {
+ do_corrupt_dsa_keygen = 1;
+ no_exit = 1;
+ printf
+ ("DSA key generation and signature validation with corrupted keygen...\n");
+ } else if (!strcmp(argv[1], "sha1")) {
+ FIPS_corrupt_sha1();
+ printf("SHA-1 hash with corrupted KAT...\n");
+ } else if (!strcmp(argv[1], "rng")) {
+ FIPS_corrupt_rng();
+ } else if (!strcmp(argv[1], "rngstick")) {
+ do_rng_stick = 1;
+ no_exit = 1;
+ printf("RNG test with stuck continuous test...\n");
+ } else {
+ printf("Bad argument \"%s\"\n", argv[1]);
+ exit(1);
+ }
+ if (!no_exit) {
+ if (!FIPS_mode_set(1)) {
+ do_print_errors();
+ printf("Power-up self test failed\n");
+ exit(1);
+ }
+ printf("Power-up self test successful\n");
+ exit(0);
+ }
+ }
+
+ /*
+ * Non-Approved cryptographic operation
+ */
+ printf("1. Non-Approved cryptographic operation test...\n");
+ test_msg("\ta. Included algorithm (D-H)...", dh_test());
+
+ /*
+ * Power-up self test
+ */
+ ERR_clear_error();
+ test_msg("2. Automatic power-up self test", FIPS_mode_set(1));
+ if (!FIPS_mode())
+ exit(1);
+ if (do_corrupt_dsa_keygen)
+ FIPS_corrupt_dsa_keygen();
+ if (do_corrupt_rsa_keygen)
+ FIPS_corrupt_rsa_keygen();
+ if (do_rng_stick)
+ FIPS_rng_stick();
+
+ /*
+ * AES encryption/decryption
+ */
+ test_msg("3. AES encryption/decryption", FIPS_aes_test());
+
+ /*
+ * RSA key generation and encryption/decryption
+ */
+ test_msg("4. RSA key generation and encryption/decryption",
+ FIPS_rsa_test(bad_rsa));
+
+ /*
+ * DES-CBC encryption/decryption
+ */
+ test_msg("5. DES-ECB encryption/decryption", FIPS_des3_test());
+
+ /*
+ * DSA key generation and signature validation
+ */
+ test_msg("6. DSA key generation and signature validation",
+ FIPS_dsa_test(bad_dsa));
+
+ /*
+ * SHA-1 hash
+ */
+ test_msg("7a. SHA-1 hash", FIPS_sha1_test());
+
+ /*
+ * SHA-256 hash
+ */
+ test_msg("7b. SHA-256 hash", FIPS_sha256_test());
+
+ /*
+ * SHA-512 hash
+ */
+ test_msg("7c. SHA-512 hash", FIPS_sha512_test());
+
+ /*
+ * HMAC-SHA-1 hash
+ */
+ test_msg("7d. HMAC-SHA-1 hash", FIPS_hmac_sha1_test());
+
+ /*
+ * HMAC-SHA-224 hash
+ */
+ test_msg("7e. HMAC-SHA-224 hash", FIPS_hmac_sha224_test());
+
+ /*
+ * HMAC-SHA-256 hash
+ */
+ test_msg("7f. HMAC-SHA-256 hash", FIPS_hmac_sha256_test());
+
+ /*
+ * HMAC-SHA-384 hash
+ */
+ test_msg("7g. HMAC-SHA-384 hash", FIPS_hmac_sha384_test());
+
+ /*
+ * HMAC-SHA-512 hash
+ */
+ test_msg("7h. HMAC-SHA-512 hash", FIPS_hmac_sha512_test());
+
+ /*
+ * Non-Approved cryptographic operation
+ */
+ printf("8. Non-Approved cryptographic operation test...\n");
+ printf("\ta. Included algorithm (D-H)...%s\n",
+ dh_test()? "successful as expected" : Fail("failed INCORRECTLY!"));
+
+ /*
+ * Zeroization
+ */
+ printf("9. Zero-ization...\n\t%s\n",
+ Zeroize()? "successful as expected" : Fail("failed INCORRECTLY!"));
+
+ printf("\nAll tests completed with %d errors\n", Error);
+ return Error ? 1 : 0;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/fips_utl.h
===================================================================
--- vendor-crypto/openssl/dist/fips/fips_utl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips_utl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,359 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-void do_print_errors(void);
-int hex2bin(const char *in, unsigned char *out);
-unsigned char *hex2bin_m(const char *in, long *plen);
-int do_hex2bn(BIGNUM **pr, const char *in);
-int do_bn_print(FILE *out, BIGNUM *bn);
-int do_bn_print_name(FILE *out, const char *name, BIGNUM *bn);
-int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf);
-BIGNUM *hex2bn(const char *in);
-int bin2hex(const unsigned char *in,int len,char *out);
-void pv(const char *tag,const unsigned char *val,int len);
-int tidy_line(char *linebuf, char *olinebuf);
-int bint2bin(const char *in, int len, unsigned char *out);
-int bin2bint(const unsigned char *in,int len,char *out);
-void PrintValue(char *tag, unsigned char *val, int len);
-void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode);
-
-void do_print_errors(void)
- {
- const char *file, *data;
- int line, flags;
- unsigned long l;
- while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)))
- {
- fprintf(stderr, "ERROR:%lx:lib=%d,func=%d,reason=%d"
- ":file=%s:line=%d:%s\n",
- l, ERR_GET_LIB(l), ERR_GET_FUNC(l), ERR_GET_REASON(l),
- file, line, flags & ERR_TXT_STRING ? data : "");
- }
- }
-
-int hex2bin(const char *in, unsigned char *out)
- {
- int n1, n2;
- unsigned char ch;
-
- for (n1=0,n2=0 ; in[n1] && in[n1] != '\n' ; )
- { /* first byte */
- if ((in[n1] >= '0') && (in[n1] <= '9'))
- ch = in[n1++] - '0';
- else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
- ch = in[n1++] - 'A' + 10;
- else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
- ch = in[n1++] - 'a' + 10;
- else
- return -1;
- if(!in[n1])
- {
- out[n2++]=ch;
- break;
- }
- out[n2] = ch << 4;
- /* second byte */
- if ((in[n1] >= '0') && (in[n1] <= '9'))
- ch = in[n1++] - '0';
- else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
- ch = in[n1++] - 'A' + 10;
- else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
- ch = in[n1++] - 'a' + 10;
- else
- return -1;
- out[n2++] |= ch;
- }
- return n2;
- }
-
-unsigned char *hex2bin_m(const char *in, long *plen)
- {
- unsigned char *p;
- p = OPENSSL_malloc((strlen(in) + 1)/2);
- *plen = hex2bin(in, p);
- return p;
- }
-
-int do_hex2bn(BIGNUM **pr, const char *in)
- {
- unsigned char *p;
- long plen;
- int r = 0;
- p = hex2bin_m(in, &plen);
- if (!p)
- return 0;
- if (!*pr)
- *pr = BN_new();
- if (!*pr)
- return 0;
- if (BN_bin2bn(p, plen, *pr))
- r = 1;
- OPENSSL_free(p);
- return r;
- }
-
-int do_bn_print(FILE *out, BIGNUM *bn)
- {
- int len, i;
- unsigned char *tmp;
- len = BN_num_bytes(bn);
- if (len == 0)
- {
- fputs("00", out);
- return 1;
- }
-
- tmp = OPENSSL_malloc(len);
- if (!tmp)
- {
- fprintf(stderr, "Memory allocation error\n");
- return 0;
- }
- BN_bn2bin(bn, tmp);
- for (i = 0; i < len; i++)
- fprintf(out, "%02x", tmp[i]);
- OPENSSL_free(tmp);
- return 1;
- }
-
-int do_bn_print_name(FILE *out, const char *name, BIGNUM *bn)
- {
- int r;
- fprintf(out, "%s = ", name);
- r = do_bn_print(out, bn);
- if (!r)
- return 0;
- fputs("\n", out);
- return 1;
- }
-
-int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
- {
- char *keyword, *value, *p, *q;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no '=' exit */
- if (!p)
- return 0;
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- *pkw = keyword;
- *pval = value;
- return 1;
- }
-
-BIGNUM *hex2bn(const char *in)
- {
- BIGNUM *p=NULL;
-
- if (!do_hex2bn(&p, in))
- return NULL;
-
- return p;
- }
-
-int bin2hex(const unsigned char *in,int len,char *out)
- {
- int n1, n2;
- unsigned char ch;
-
- for (n1=0,n2=0 ; n1 < len ; ++n1)
- {
- ch=in[n1] >> 4;
- if (ch <= 0x09)
- out[n2++]=ch+'0';
- else
- out[n2++]=ch-10+'a';
- ch=in[n1] & 0x0f;
- if(ch <= 0x09)
- out[n2++]=ch+'0';
- else
- out[n2++]=ch-10+'a';
- }
- out[n2]='\0';
- return n2;
- }
-
-void pv(const char *tag,const unsigned char *val,int len)
- {
- char obuf[2048];
-
- bin2hex(val,len,obuf);
- printf("%s = %s\n",tag,obuf);
- }
-
-/* To avoid extensive changes to test program at this stage just convert
- * the input line into an acceptable form. Keyword lines converted to form
- * "keyword = value\n" no matter what white space present, all other lines
- * just have leading and trailing space removed.
- */
-
-int tidy_line(char *linebuf, char *olinebuf)
- {
- char *keyword, *value, *p, *q;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no '=' just chop leading, trailing ws */
- if (!p)
- {
- p = keyword + strlen(keyword) - 1;
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
- strcpy(olinebuf, keyword);
- strcat(olinebuf, "\n");
- return 1;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- strcpy(olinebuf, keyword);
- strcat(olinebuf, " = ");
- strcat(olinebuf, value);
- strcat(olinebuf, "\n");
-
- return 1;
- }
-
-/* NB: this return the number of _bits_ read */
-int bint2bin(const char *in, int len, unsigned char *out)
- {
- int n;
-
- memset(out,0,len);
- for(n=0 ; n < len ; ++n)
- if(in[n] == '1')
- out[n/8]|=(0x80 >> (n%8));
- return len;
- }
-
-int bin2bint(const unsigned char *in,int len,char *out)
- {
- int n;
-
- for(n=0 ; n < len ; ++n)
- out[n]=(in[n/8]&(0x80 >> (n%8))) ? '1' : '0';
- return n;
- }
-
-/*-----------------------------------------------*/
-
-void PrintValue(char *tag, unsigned char *val, int len)
-{
-#if VERBOSE
- char obuf[2048];
- int olen;
- olen = bin2hex(val, len, obuf);
- printf("%s = %.*s\n", tag, olen, obuf);
-#endif
-}
-
-void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,int bitmode)
- {
- char obuf[2048];
- int olen;
-
- if(bitmode)
- olen=bin2bint(val,len,obuf);
- else
- olen=bin2hex(val,len,obuf);
-
- fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
-#if VERBOSE
- printf("%s = %.*s\n", tag, olen, obuf);
-#endif
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/fips/fips_utl.h (from rev 6976, vendor-crypto/openssl/dist/fips/fips_utl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/fips_utl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/fips_utl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,354 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+void do_print_errors(void);
+int hex2bin(const char *in, unsigned char *out);
+unsigned char *hex2bin_m(const char *in, long *plen);
+int do_hex2bn(BIGNUM **pr, const char *in);
+int do_bn_print(FILE *out, BIGNUM *bn);
+int do_bn_print_name(FILE *out, const char *name, BIGNUM *bn);
+int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf);
+BIGNUM *hex2bn(const char *in);
+int bin2hex(const unsigned char *in, int len, char *out);
+void pv(const char *tag, const unsigned char *val, int len);
+int tidy_line(char *linebuf, char *olinebuf);
+int bint2bin(const char *in, int len, unsigned char *out);
+int bin2bint(const unsigned char *in, int len, char *out);
+void PrintValue(char *tag, unsigned char *val, int len);
+void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,
+ int bitmode);
+
+void do_print_errors(void)
+{
+ const char *file, *data;
+ int line, flags;
+ unsigned long l;
+ while ((l = ERR_get_error_line_data(&file, &line, &data, &flags))) {
+ fprintf(stderr, "ERROR:%lx:lib=%d,func=%d,reason=%d"
+ ":file=%s:line=%d:%s\n",
+ l, ERR_GET_LIB(l), ERR_GET_FUNC(l), ERR_GET_REASON(l),
+ file, line, flags & ERR_TXT_STRING ? data : "");
+ }
+}
+
+int hex2bin(const char *in, unsigned char *out)
+{
+ int n1, n2;
+ unsigned char ch;
+
+ for (n1 = 0, n2 = 0; in[n1] && in[n1] != '\n';) { /* first byte */
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
+ ch = in[n1++] - '0';
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+ ch = in[n1++] - 'A' + 10;
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+ ch = in[n1++] - 'a' + 10;
+ else
+ return -1;
+ if (!in[n1]) {
+ out[n2++] = ch;
+ break;
+ }
+ out[n2] = ch << 4;
+ /* second byte */
+ if ((in[n1] >= '0') && (in[n1] <= '9'))
+ ch = in[n1++] - '0';
+ else if ((in[n1] >= 'A') && (in[n1] <= 'F'))
+ ch = in[n1++] - 'A' + 10;
+ else if ((in[n1] >= 'a') && (in[n1] <= 'f'))
+ ch = in[n1++] - 'a' + 10;
+ else
+ return -1;
+ out[n2++] |= ch;
+ }
+ return n2;
+}
+
+unsigned char *hex2bin_m(const char *in, long *plen)
+{
+ unsigned char *p;
+ p = OPENSSL_malloc((strlen(in) + 1) / 2);
+ *plen = hex2bin(in, p);
+ return p;
+}
+
+int do_hex2bn(BIGNUM **pr, const char *in)
+{
+ unsigned char *p;
+ long plen;
+ int r = 0;
+ p = hex2bin_m(in, &plen);
+ if (!p)
+ return 0;
+ if (!*pr)
+ *pr = BN_new();
+ if (!*pr)
+ return 0;
+ if (BN_bin2bn(p, plen, *pr))
+ r = 1;
+ OPENSSL_free(p);
+ return r;
+}
+
+int do_bn_print(FILE *out, BIGNUM *bn)
+{
+ int len, i;
+ unsigned char *tmp;
+ len = BN_num_bytes(bn);
+ if (len == 0) {
+ fputs("00", out);
+ return 1;
+ }
+
+ tmp = OPENSSL_malloc(len);
+ if (!tmp) {
+ fprintf(stderr, "Memory allocation error\n");
+ return 0;
+ }
+ BN_bn2bin(bn, tmp);
+ for (i = 0; i < len; i++)
+ fprintf(out, "%02x", tmp[i]);
+ OPENSSL_free(tmp);
+ return 1;
+}
+
+int do_bn_print_name(FILE *out, const char *name, BIGNUM *bn)
+{
+ int r;
+ fprintf(out, "%s = ", name);
+ r = do_bn_print(out, bn);
+ if (!r)
+ return 0;
+ fputs("\n", out);
+ return 1;
+}
+
+int parse_line(char **pkw, char **pval, char *linebuf, char *olinebuf)
+{
+ char *keyword, *value, *p, *q;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no '=' exit */
+ if (!p)
+ return 0;
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+ *p = 0;
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ *pkw = keyword;
+ *pval = value;
+ return 1;
+}
+
+BIGNUM *hex2bn(const char *in)
+{
+ BIGNUM *p = NULL;
+
+ if (!do_hex2bn(&p, in))
+ return NULL;
+
+ return p;
+}
+
+int bin2hex(const unsigned char *in, int len, char *out)
+{
+ int n1, n2;
+ unsigned char ch;
+
+ for (n1 = 0, n2 = 0; n1 < len; ++n1) {
+ ch = in[n1] >> 4;
+ if (ch <= 0x09)
+ out[n2++] = ch + '0';
+ else
+ out[n2++] = ch - 10 + 'a';
+ ch = in[n1] & 0x0f;
+ if (ch <= 0x09)
+ out[n2++] = ch + '0';
+ else
+ out[n2++] = ch - 10 + 'a';
+ }
+ out[n2] = '\0';
+ return n2;
+}
+
+void pv(const char *tag, const unsigned char *val, int len)
+{
+ char obuf[2048];
+
+ bin2hex(val, len, obuf);
+ printf("%s = %s\n", tag, obuf);
+}
+
+/*
+ * To avoid extensive changes to test program at this stage just convert the
+ * input line into an acceptable form. Keyword lines converted to form
+ * "keyword = value\n" no matter what white space present, all other lines
+ * just have leading and trailing space removed.
+ */
+
+int tidy_line(char *linebuf, char *olinebuf)
+{
+ char *keyword, *value, *p, *q;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no '=' just chop leading, trailing ws */
+ if (!p) {
+ p = keyword + strlen(keyword) - 1;
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+ strcpy(olinebuf, keyword);
+ strcat(olinebuf, "\n");
+ return 1;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+ *p = 0;
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ strcpy(olinebuf, keyword);
+ strcat(olinebuf, " = ");
+ strcat(olinebuf, value);
+ strcat(olinebuf, "\n");
+
+ return 1;
+}
+
+/* NB: this return the number of _bits_ read */
+int bint2bin(const char *in, int len, unsigned char *out)
+{
+ int n;
+
+ memset(out, 0, len);
+ for (n = 0; n < len; ++n)
+ if (in[n] == '1')
+ out[n / 8] |= (0x80 >> (n % 8));
+ return len;
+}
+
+int bin2bint(const unsigned char *in, int len, char *out)
+{
+ int n;
+
+ for (n = 0; n < len; ++n)
+ out[n] = (in[n / 8] & (0x80 >> (n % 8))) ? '1' : '0';
+ return n;
+}
+
+/* ---------------------------------------------*/
+
+void PrintValue(char *tag, unsigned char *val, int len)
+{
+#if VERBOSE
+ char obuf[2048];
+ int olen;
+ olen = bin2hex(val, len, obuf);
+ printf("%s = %.*s\n", tag, olen, obuf);
+#endif
+}
+
+void OutputValue(char *tag, unsigned char *val, int len, FILE *rfp,
+ int bitmode)
+{
+ char obuf[2048];
+ int olen;
+
+ if (bitmode)
+ olen = bin2bint(val, len, obuf);
+ else
+ olen = bin2hex(val, len, obuf);
+
+ fprintf(rfp, "%s = %.*s\n", tag, olen, obuf);
+#if VERBOSE
+ printf("%s = %.*s\n", tag, olen, obuf);
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac.c
===================================================================
--- vendor-crypto/openssl/dist/fips/hmac/fips_hmac.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,191 +0,0 @@
-/* crypto/hmac/hmac.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/hmac.h>
-#include <openssl/fips.h>
-
-#ifdef OPENSSL_FIPS
-
-void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
- const EVP_MD *md, ENGINE *impl)
- {
- int i,j,reset=0;
- unsigned char pad[HMAC_MAX_MD_CBLOCK];
-
- if (md != NULL)
- {
- reset=1;
- ctx->md=md;
- }
- else
- md=ctx->md;
-
- if (key != NULL)
- {
- if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
- && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
- || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
- || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
- OpenSSLDie(__FILE__,__LINE__,
- "HMAC: digest not allowed in FIPS mode");
-
- reset=1;
- j=M_EVP_MD_block_size(md);
- OPENSSL_assert(j <= (int)sizeof ctx->key);
- if (j < len)
- {
- EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
- EVP_DigestUpdate(&ctx->md_ctx,key,len);
- EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
- &ctx->key_length);
- }
- else
- {
- OPENSSL_assert(len <= (int)sizeof ctx->key);
- memcpy(ctx->key,key,len);
- ctx->key_length=len;
- }
- if(ctx->key_length != HMAC_MAX_MD_CBLOCK)
- memset(&ctx->key[ctx->key_length], 0,
- HMAC_MAX_MD_CBLOCK - ctx->key_length);
- }
-
- if (reset)
- {
- for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
- pad[i]=0x36^ctx->key[i];
- EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
- EVP_DigestUpdate(&ctx->i_ctx,pad,M_EVP_MD_block_size(md));
-
- for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
- pad[i]=0x5c^ctx->key[i];
- EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
- EVP_DigestUpdate(&ctx->o_ctx,pad,M_EVP_MD_block_size(md));
- }
- EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
- }
-
-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
- const EVP_MD *md)
- {
- if(key && md)
- HMAC_CTX_init(ctx);
- HMAC_Init_ex(ctx,key,len,md, NULL);
- }
-
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
- {
- EVP_DigestUpdate(&ctx->md_ctx,data,len);
- }
-
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
- {
- int j;
- unsigned int i;
- unsigned char buf[EVP_MAX_MD_SIZE];
-
- j=M_EVP_MD_block_size(ctx->md);
-
- EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
- EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
- EVP_DigestUpdate(&ctx->md_ctx,buf,i);
- EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
- }
-
-void HMAC_CTX_init(HMAC_CTX *ctx)
- {
- EVP_MD_CTX_init(&ctx->i_ctx);
- EVP_MD_CTX_init(&ctx->o_ctx);
- EVP_MD_CTX_init(&ctx->md_ctx);
- }
-
-void HMAC_CTX_cleanup(HMAC_CTX *ctx)
- {
- EVP_MD_CTX_cleanup(&ctx->i_ctx);
- EVP_MD_CTX_cleanup(&ctx->o_ctx);
- EVP_MD_CTX_cleanup(&ctx->md_ctx);
- memset(ctx,0,sizeof *ctx);
- }
-
-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
- const unsigned char *d, size_t n, unsigned char *md,
- unsigned int *md_len)
- {
- HMAC_CTX c;
- static unsigned char m[EVP_MAX_MD_SIZE];
-
- if (md == NULL) md=m;
- HMAC_CTX_init(&c);
- HMAC_Init(&c,key,key_len,evp_md);
- HMAC_Update(&c,d,n);
- HMAC_Final(&c,md,md_len);
- HMAC_CTX_cleanup(&c);
- return(md);
- }
-
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
- {
- M_EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
- M_EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
- M_EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
- }
-
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac.c (from rev 6976, vendor-crypto/openssl/dist/fips/hmac/fips_hmac.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,182 @@
+/* crypto/hmac/hmac.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+ const EVP_MD *md, ENGINE *impl)
+{
+ int i, j, reset = 0;
+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+ if (md != NULL) {
+ reset = 1;
+ ctx->md = md;
+ } else
+ md = ctx->md;
+
+ if (key != NULL) {
+ if (FIPS_mode() && !(md->flags & EVP_MD_FLAG_FIPS)
+ && (!(ctx->md_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+ || !(ctx->i_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)
+ || !(ctx->o_ctx.flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)))
+ OpenSSLDie(__FILE__, __LINE__,
+ "HMAC: digest not allowed in FIPS mode");
+
+ reset = 1;
+ j = M_EVP_MD_block_size(md);
+ OPENSSL_assert(j <= (int)sizeof ctx->key);
+ if (j < len) {
+ EVP_DigestInit_ex(&ctx->md_ctx, md, impl);
+ EVP_DigestUpdate(&ctx->md_ctx, key, len);
+ EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, &ctx->key_length);
+ } else {
+ OPENSSL_assert(len <= (int)sizeof ctx->key);
+ memcpy(ctx->key, key, len);
+ ctx->key_length = len;
+ }
+ if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
+ memset(&ctx->key[ctx->key_length], 0,
+ HMAC_MAX_MD_CBLOCK - ctx->key_length);
+ }
+
+ if (reset) {
+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+ pad[i] = 0x36 ^ ctx->key[i];
+ EVP_DigestInit_ex(&ctx->i_ctx, md, impl);
+ EVP_DigestUpdate(&ctx->i_ctx, pad, M_EVP_MD_block_size(md));
+
+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+ pad[i] = 0x5c ^ ctx->key[i];
+ EVP_DigestInit_ex(&ctx->o_ctx, md, impl);
+ EVP_DigestUpdate(&ctx->o_ctx, pad, M_EVP_MD_block_size(md));
+ }
+ EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx);
+}
+
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
+{
+ if (key && md)
+ HMAC_CTX_init(ctx);
+ HMAC_Init_ex(ctx, key, len, md, NULL);
+}
+
+void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+{
+ EVP_DigestUpdate(&ctx->md_ctx, data, len);
+}
+
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+{
+ int j;
+ unsigned int i;
+ unsigned char buf[EVP_MAX_MD_SIZE];
+
+ j = M_EVP_MD_block_size(ctx->md);
+
+ EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i);
+ EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx);
+ EVP_DigestUpdate(&ctx->md_ctx, buf, i);
+ EVP_DigestFinal_ex(&ctx->md_ctx, md, len);
+}
+
+void HMAC_CTX_init(HMAC_CTX *ctx)
+{
+ EVP_MD_CTX_init(&ctx->i_ctx);
+ EVP_MD_CTX_init(&ctx->o_ctx);
+ EVP_MD_CTX_init(&ctx->md_ctx);
+}
+
+void HMAC_CTX_cleanup(HMAC_CTX *ctx)
+{
+ EVP_MD_CTX_cleanup(&ctx->i_ctx);
+ EVP_MD_CTX_cleanup(&ctx->o_ctx);
+ EVP_MD_CTX_cleanup(&ctx->md_ctx);
+ memset(ctx, 0, sizeof *ctx);
+}
+
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+ const unsigned char *d, size_t n, unsigned char *md,
+ unsigned int *md_len)
+{
+ HMAC_CTX c;
+ static unsigned char m[EVP_MAX_MD_SIZE];
+
+ if (md == NULL)
+ md = m;
+ HMAC_CTX_init(&c);
+ HMAC_Init(&c, key, key_len, evp_md);
+ HMAC_Update(&c, d, n);
+ HMAC_Final(&c, md, md_len);
+ HMAC_CTX_cleanup(&c);
+ return (md);
+}
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+{
+ M_EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+ M_EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
+ M_EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac_selftest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/hmac/fips_hmac_selftest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,135 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/hmac.h>
-
-#ifdef OPENSSL_FIPS
-typedef struct {
- const EVP_MD *(*alg)(void);
- const char *key, *iv;
- unsigned char kaval[EVP_MAX_MD_SIZE];
-} HMAC_KAT;
-
-static const HMAC_KAT vector[] = {
- { EVP_sha1,
- /* from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf */
- "0123456789:;<=>?@ABC",
- "Sample #2",
- { 0x09,0x22,0xd3,0x40,0x5f,0xaa,0x3d,0x19,
- 0x4f,0x82,0xa4,0x58,0x30,0x73,0x7d,0x5c,
- 0xc6,0xc7,0x5d,0x24 }
- },
- { EVP_sha224,
- /* just keep extending the above... */
- "0123456789:;<=>?@ABC",
- "Sample #2",
- { 0xdd,0xef,0x0a,0x40,0xcb,0x7d,0x50,0xfb,
- 0x6e,0xe6,0xce,0xa1,0x20,0xba,0x26,0xaa,
- 0x08,0xf3,0x07,0x75,0x87,0xb8,0xad,0x1b,
- 0x8c,0x8d,0x12,0xc7 }
- },
- { EVP_sha256,
- "0123456789:;<=>?@ABC",
- "Sample #2",
- { 0xb8,0xf2,0x0d,0xb5,0x41,0xea,0x43,0x09,
- 0xca,0x4e,0xa9,0x38,0x0c,0xd0,0xe8,0x34,
- 0xf7,0x1f,0xbe,0x91,0x74,0xa2,0x61,0x38,
- 0x0d,0xc1,0x7e,0xae,0x6a,0x34,0x51,0xd9 }
- },
- { EVP_sha384,
- "0123456789:;<=>?@ABC",
- "Sample #2",
- { 0x08,0xbc,0xb0,0xda,0x49,0x1e,0x87,0xad,
- 0x9a,0x1d,0x6a,0xce,0x23,0xc5,0x0b,0xf6,
- 0xb7,0x18,0x06,0xa5,0x77,0xcd,0x49,0x04,
- 0x89,0xf1,0xe6,0x23,0x44,0x51,0x51,0x9f,
- 0x85,0x56,0x80,0x79,0x0c,0xbd,0x4d,0x50,
- 0xa4,0x5f,0x29,0xe3,0x93,0xf0,0xe8,0x7f }
- },
- { EVP_sha512,
- "0123456789:;<=>?@ABC",
- "Sample #2",
- { 0x80,0x9d,0x44,0x05,0x7c,0x5b,0x95,0x41,
- 0x05,0xbd,0x04,0x13,0x16,0xdb,0x0f,0xac,
- 0x44,0xd5,0xa4,0xd5,0xd0,0x89,0x2b,0xd0,
- 0x4e,0x86,0x64,0x12,0xc0,0x90,0x77,0x68,
- 0xf1,0x87,0xb7,0x7c,0x4f,0xae,0x2c,0x2f,
- 0x21,0xa5,0xb5,0x65,0x9a,0x4f,0x4b,0xa7,
- 0x47,0x02,0xa3,0xde,0x9b,0x51,0xf1,0x45,
- 0xbd,0x4f,0x25,0x27,0x42,0x98,0x99,0x05 }
- },
-};
-
-int FIPS_selftest_hmac()
- {
- size_t n;
- unsigned int outlen;
- unsigned char out[EVP_MAX_MD_SIZE];
- const EVP_MD *md;
- const HMAC_KAT *t;
-
- for(n=0,t=vector; n<sizeof(vector)/sizeof(vector[0]); n++,t++)
- {
- md = (*t->alg)();
- HMAC(md,t->key,strlen(t->key),
- (const unsigned char *)t->iv,strlen(t->iv),
- out,&outlen);
-
- if(memcmp(out,t->kaval,outlen))
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC,FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- }
- return 1;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac_selftest.c (from rev 6976, vendor-crypto/openssl/dist/fips/hmac/fips_hmac_selftest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac_selftest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmac_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,134 @@
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/hmac.h>
+
+#ifdef OPENSSL_FIPS
+typedef struct {
+ const EVP_MD *(*alg) (void);
+ const char *key, *iv;
+ unsigned char kaval[EVP_MAX_MD_SIZE];
+} HMAC_KAT;
+
+static const HMAC_KAT vector[] = {
+ {EVP_sha1,
+ /*
+ * from http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf
+ */
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ {0x09, 0x22, 0xd3, 0x40, 0x5f, 0xaa, 0x3d, 0x19,
+ 0x4f, 0x82, 0xa4, 0x58, 0x30, 0x73, 0x7d, 0x5c,
+ 0xc6, 0xc7, 0x5d, 0x24}
+ },
+ {EVP_sha224,
+ /* just keep extending the above... */
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ {0xdd, 0xef, 0x0a, 0x40, 0xcb, 0x7d, 0x50, 0xfb,
+ 0x6e, 0xe6, 0xce, 0xa1, 0x20, 0xba, 0x26, 0xaa,
+ 0x08, 0xf3, 0x07, 0x75, 0x87, 0xb8, 0xad, 0x1b,
+ 0x8c, 0x8d, 0x12, 0xc7}
+ },
+ {EVP_sha256,
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ {0xb8, 0xf2, 0x0d, 0xb5, 0x41, 0xea, 0x43, 0x09,
+ 0xca, 0x4e, 0xa9, 0x38, 0x0c, 0xd0, 0xe8, 0x34,
+ 0xf7, 0x1f, 0xbe, 0x91, 0x74, 0xa2, 0x61, 0x38,
+ 0x0d, 0xc1, 0x7e, 0xae, 0x6a, 0x34, 0x51, 0xd9}
+ },
+ {EVP_sha384,
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ {0x08, 0xbc, 0xb0, 0xda, 0x49, 0x1e, 0x87, 0xad,
+ 0x9a, 0x1d, 0x6a, 0xce, 0x23, 0xc5, 0x0b, 0xf6,
+ 0xb7, 0x18, 0x06, 0xa5, 0x77, 0xcd, 0x49, 0x04,
+ 0x89, 0xf1, 0xe6, 0x23, 0x44, 0x51, 0x51, 0x9f,
+ 0x85, 0x56, 0x80, 0x79, 0x0c, 0xbd, 0x4d, 0x50,
+ 0xa4, 0x5f, 0x29, 0xe3, 0x93, 0xf0, 0xe8, 0x7f}
+ },
+ {EVP_sha512,
+ "0123456789:;<=>?@ABC",
+ "Sample #2",
+ {0x80, 0x9d, 0x44, 0x05, 0x7c, 0x5b, 0x95, 0x41,
+ 0x05, 0xbd, 0x04, 0x13, 0x16, 0xdb, 0x0f, 0xac,
+ 0x44, 0xd5, 0xa4, 0xd5, 0xd0, 0x89, 0x2b, 0xd0,
+ 0x4e, 0x86, 0x64, 0x12, 0xc0, 0x90, 0x77, 0x68,
+ 0xf1, 0x87, 0xb7, 0x7c, 0x4f, 0xae, 0x2c, 0x2f,
+ 0x21, 0xa5, 0xb5, 0x65, 0x9a, 0x4f, 0x4b, 0xa7,
+ 0x47, 0x02, 0xa3, 0xde, 0x9b, 0x51, 0xf1, 0x45,
+ 0xbd, 0x4f, 0x25, 0x27, 0x42, 0x98, 0x99, 0x05}
+ },
+};
+
+int FIPS_selftest_hmac()
+{
+ size_t n;
+ unsigned int outlen;
+ unsigned char out[EVP_MAX_MD_SIZE];
+ const EVP_MD *md;
+ const HMAC_KAT *t;
+
+ for (n = 0, t = vector; n < sizeof(vector) / sizeof(vector[0]); n++, t++) {
+ md = (*t->alg) ();
+ HMAC(md, t->key, strlen(t->key),
+ (const unsigned char *)t->iv, strlen(t->iv), out, &outlen);
+
+ if (memcmp(out, t->kaval, outlen)) {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_HMAC, FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+ return 1;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmactest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/hmac/fips_hmactest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmactest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,328 +0,0 @@
-/* fips_hmactest.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS HMAC support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/fips.h>
-#include "fips_utl.h"
-
-static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
-static int print_hmac(const EVP_MD *md, FILE *out,
- unsigned char *Key, int Klen,
- unsigned char *Msg, int Msglen, int Tlen);
-
-int main(int argc, char **argv)
- {
- FILE *in = NULL, *out = NULL;
-
- int ret = 1;
-
- if(!FIPS_mode_set(1))
- {
- do_print_errors();
- goto end;
- }
-
- if (argc == 1)
- in = stdin;
- else
- in = fopen(argv[1], "r");
-
- if (argc < 2)
- out = stdout;
- else
- out = fopen(argv[2], "w");
-
- if (!in)
- {
- fprintf(stderr, "FATAL input initialization error\n");
- goto end;
- }
-
- if (!out)
- {
- fprintf(stderr, "FATAL output initialization error\n");
- goto end;
- }
-
- if (!hmac_test(EVP_sha1(), out, in))
- {
- fprintf(stderr, "FATAL hmac file processing error\n");
- goto end;
- }
- else
- ret = 0;
-
- end:
-
- if (ret)
- do_print_errors();
-
- if (in && (in != stdin))
- fclose(in);
- if (out && (out != stdout))
- fclose(out);
-
- return ret;
-
- }
-
-#define HMAC_TEST_MAXLINELEN 1024
-
-int hmac_test(const EVP_MD *md, FILE *out, FILE *in)
- {
- char *linebuf, *olinebuf, *p, *q;
- char *keyword, *value;
- unsigned char *Key = NULL, *Msg = NULL;
- int Count, Klen, Tlen;
- long Keylen, Msglen;
- int ret = 0;
- int lnum = 0;
-
- olinebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
- linebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
-
- if (!linebuf || !olinebuf)
- goto error;
-
- Count = -1;
- Klen = -1;
- Tlen = -1;
-
- while (fgets(olinebuf, HMAC_TEST_MAXLINELEN, in))
- {
- lnum++;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no = or starts with [ (for [L=20] line) just copy */
- if (!p)
- {
- if (fputs(olinebuf, out) < 0)
- goto error;
- continue;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- if (!strcmp(keyword,"[L") && *p==']')
- {
- switch (atoi(value))
- {
- case 20: md=EVP_sha1(); break;
- case 28: md=EVP_sha224(); break;
- case 32: md=EVP_sha256(); break;
- case 48: md=EVP_sha384(); break;
- case 64: md=EVP_sha512(); break;
- default: goto parse_error;
- }
- }
- else if (!strcmp(keyword, "Count"))
- {
- if (Count != -1)
- goto parse_error;
- Count = atoi(value);
- if (Count < 0)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Klen"))
- {
- if (Klen != -1)
- goto parse_error;
- Klen = atoi(value);
- if (Klen < 0)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Tlen"))
- {
- if (Tlen != -1)
- goto parse_error;
- Tlen = atoi(value);
- if (Tlen < 0)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Msg"))
- {
- if (Msg)
- goto parse_error;
- Msg = hex2bin_m(value, &Msglen);
- if (!Msg)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Key"))
- {
- if (Key)
- goto parse_error;
- Key = hex2bin_m(value, &Keylen);
- if (!Key)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Mac"))
- continue;
- else
- goto parse_error;
-
- fputs(olinebuf, out);
-
- if (Key && Msg && (Tlen > 0) && (Klen > 0))
- {
- if (!print_hmac(md, out, Key, Klen, Msg, Msglen, Tlen))
- goto error;
- OPENSSL_free(Key);
- Key = NULL;
- OPENSSL_free(Msg);
- Msg = NULL;
- Klen = -1;
- Tlen = -1;
- Count = -1;
- }
-
- }
-
-
- ret = 1;
-
-
- error:
-
- if (olinebuf)
- OPENSSL_free(olinebuf);
- if (linebuf)
- OPENSSL_free(linebuf);
- if (Key)
- OPENSSL_free(Key);
- if (Msg)
- OPENSSL_free(Msg);
-
- return ret;
-
- parse_error:
-
- fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
-
- goto error;
-
- }
-
-static int print_hmac(const EVP_MD *emd, FILE *out,
- unsigned char *Key, int Klen,
- unsigned char *Msg, int Msglen, int Tlen)
- {
- int i, mdlen;
- unsigned char md[EVP_MAX_MD_SIZE];
- if (!HMAC(emd, Key, Klen, Msg, Msglen, md,
- (unsigned int *)&mdlen))
- {
- fputs("Error calculating HMAC\n", stderr);
- return 0;
- }
- if (Tlen > mdlen)
- {
- fputs("Parameter error, Tlen > HMAC length\n", stderr);
- return 0;
- }
- fputs("Mac = ", out);
- for (i = 0; i < Tlen; i++)
- fprintf(out, "%02x", md[i]);
- fputs("\n", out);
- return 1;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmactest.c (from rev 6976, vendor-crypto/openssl/dist/fips/hmac/fips_hmactest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmactest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/hmac/fips_hmactest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,314 @@
+/* fips_hmactest.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS HMAC support\n");
+ return (0);
+}
+
+#else
+
+# include <openssl/fips.h>
+# include "fips_utl.h"
+
+static int hmac_test(const EVP_MD *md, FILE *out, FILE *in);
+static int print_hmac(const EVP_MD *md, FILE *out,
+ unsigned char *Key, int Klen,
+ unsigned char *Msg, int Msglen, int Tlen);
+
+int main(int argc, char **argv)
+{
+ FILE *in = NULL, *out = NULL;
+
+ int ret = 1;
+
+ if (!FIPS_mode_set(1)) {
+ do_print_errors();
+ goto end;
+ }
+
+ if (argc == 1)
+ in = stdin;
+ else
+ in = fopen(argv[1], "r");
+
+ if (argc < 2)
+ out = stdout;
+ else
+ out = fopen(argv[2], "w");
+
+ if (!in) {
+ fprintf(stderr, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out) {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!hmac_test(EVP_sha1(), out, in)) {
+ fprintf(stderr, "FATAL hmac file processing error\n");
+ goto end;
+ } else
+ ret = 0;
+
+ end:
+
+ if (ret)
+ do_print_errors();
+
+ if (in && (in != stdin))
+ fclose(in);
+ if (out && (out != stdout))
+ fclose(out);
+
+ return ret;
+
+}
+
+# define HMAC_TEST_MAXLINELEN 1024
+
+int hmac_test(const EVP_MD *md, FILE *out, FILE *in)
+{
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ unsigned char *Key = NULL, *Msg = NULL;
+ int Count, Klen, Tlen;
+ long Keylen, Msglen;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(HMAC_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+ Count = -1;
+ Klen = -1;
+ Tlen = -1;
+
+ while (fgets(olinebuf, HMAC_TEST_MAXLINELEN, in)) {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no = or starts with [ (for [L=20] line) just copy */
+ if (!p) {
+ if (fputs(olinebuf, out) < 0)
+ goto error;
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+ *p = 0;
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ if (!strcmp(keyword, "[L") && *p == ']') {
+ switch (atoi(value)) {
+ case 20:
+ md = EVP_sha1();
+ break;
+ case 28:
+ md = EVP_sha224();
+ break;
+ case 32:
+ md = EVP_sha256();
+ break;
+ case 48:
+ md = EVP_sha384();
+ break;
+ case 64:
+ md = EVP_sha512();
+ break;
+ default:
+ goto parse_error;
+ }
+ } else if (!strcmp(keyword, "Count")) {
+ if (Count != -1)
+ goto parse_error;
+ Count = atoi(value);
+ if (Count < 0)
+ goto parse_error;
+ } else if (!strcmp(keyword, "Klen")) {
+ if (Klen != -1)
+ goto parse_error;
+ Klen = atoi(value);
+ if (Klen < 0)
+ goto parse_error;
+ } else if (!strcmp(keyword, "Tlen")) {
+ if (Tlen != -1)
+ goto parse_error;
+ Tlen = atoi(value);
+ if (Tlen < 0)
+ goto parse_error;
+ } else if (!strcmp(keyword, "Msg")) {
+ if (Msg)
+ goto parse_error;
+ Msg = hex2bin_m(value, &Msglen);
+ if (!Msg)
+ goto parse_error;
+ } else if (!strcmp(keyword, "Key")) {
+ if (Key)
+ goto parse_error;
+ Key = hex2bin_m(value, &Keylen);
+ if (!Key)
+ goto parse_error;
+ } else if (!strcmp(keyword, "Mac"))
+ continue;
+ else
+ goto parse_error;
+
+ fputs(olinebuf, out);
+
+ if (Key && Msg && (Tlen > 0) && (Klen > 0)) {
+ if (!print_hmac(md, out, Key, Klen, Msg, Msglen, Tlen))
+ goto error;
+ OPENSSL_free(Key);
+ Key = NULL;
+ OPENSSL_free(Msg);
+ Msg = NULL;
+ Klen = -1;
+ Tlen = -1;
+ Count = -1;
+ }
+
+ }
+
+ ret = 1;
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+ if (Key)
+ OPENSSL_free(Key);
+ if (Msg)
+ OPENSSL_free(Msg);
+
+ return ret;
+
+ parse_error:
+
+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+}
+
+static int print_hmac(const EVP_MD *emd, FILE *out,
+ unsigned char *Key, int Klen,
+ unsigned char *Msg, int Msglen, int Tlen)
+{
+ int i, mdlen;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ if (!HMAC(emd, Key, Klen, Msg, Msglen, md, (unsigned int *)&mdlen)) {
+ fputs("Error calculating HMAC\n", stderr);
+ return 0;
+ }
+ if (Tlen > mdlen) {
+ fputs("Parameter error, Tlen > HMAC length\n", stderr);
+ return 0;
+ }
+ fputs("Mac = ", out);
+ for (i = 0; i < Tlen; i++)
+ fprintf(out, "%02x", md[i]);
+ fputs("\n", out);
+ return 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rand/fips_rand.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,410 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-/*
- * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
- */
-
-#include "e_os.h"
-
-/* If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't
- be defined and gettimeofday() won't be declared with strict compilers
- like DEC C in ANSI C mode. */
-#ifndef _XOPEN_SOURCE_EXTENDED
-#define _XOPEN_SOURCE_EXTENDED 1
-#endif
-
-#include <openssl/rand.h>
-#include <openssl/aes.h>
-#include <openssl/err.h>
-#include <openssl/fips_rand.h>
-#ifndef OPENSSL_SYS_WIN32
-#include <sys/time.h>
-#endif
-#include <assert.h>
-#ifndef OPENSSL_SYS_WIN32
-# ifdef OPENSSL_UNISTD
-# include OPENSSL_UNISTD
-# else
-# include <unistd.h>
-# endif
-#endif
-#include <string.h>
-#include <openssl/fips.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-
-void *OPENSSL_stderr(void);
-
-#define AES_BLOCK_LENGTH 16
-
-
-/* AES FIPS PRNG implementation */
-
-typedef struct
- {
- int seeded;
- int keyed;
- int test_mode;
- int second;
- int error;
- unsigned long counter;
- AES_KEY ks;
- int vpos;
- /* Temporary storage for key if it equals seed length */
- unsigned char tmp_key[AES_BLOCK_LENGTH];
- unsigned char V[AES_BLOCK_LENGTH];
- unsigned char DT[AES_BLOCK_LENGTH];
- unsigned char last[AES_BLOCK_LENGTH];
- } FIPS_PRNG_CTX;
-
-static FIPS_PRNG_CTX sctx;
-
-static int fips_prng_fail = 0;
-
-void FIPS_rng_stick(void)
- {
- fips_prng_fail = 1;
- }
-
-static void fips_rand_prng_reset(FIPS_PRNG_CTX *ctx)
- {
- ctx->seeded = 0;
- ctx->keyed = 0;
- ctx->test_mode = 0;
- ctx->counter = 0;
- ctx->second = 0;
- ctx->error = 0;
- ctx->vpos = 0;
- OPENSSL_cleanse(ctx->V, AES_BLOCK_LENGTH);
- OPENSSL_cleanse(&ctx->ks, sizeof(AES_KEY));
- }
-
-
-static int fips_set_prng_key(FIPS_PRNG_CTX *ctx,
- const unsigned char *key, FIPS_RAND_SIZE_T keylen)
- {
- FIPS_selftest_check();
- if (keylen != 16 && keylen != 24 && keylen != 32)
- {
- /* error: invalid key size */
- return 0;
- }
- AES_set_encrypt_key(key, keylen << 3, &ctx->ks);
- if (keylen == 16)
- {
- memcpy(ctx->tmp_key, key, 16);
- ctx->keyed = 2;
- }
- else
- ctx->keyed = 1;
- ctx->seeded = 0;
- ctx->second = 0;
- return 1;
- }
-
-static int fips_set_prng_seed(FIPS_PRNG_CTX *ctx,
- const unsigned char *seed, FIPS_RAND_SIZE_T seedlen)
- {
- int i;
- if (!ctx->keyed)
- return 0;
- /* In test mode seed is just supplied data */
- if (ctx->test_mode)
- {
- if (seedlen != AES_BLOCK_LENGTH)
- return 0;
- memcpy(ctx->V, seed, AES_BLOCK_LENGTH);
- ctx->seeded = 1;
- return 1;
- }
- /* Outside test mode XOR supplied data with existing seed */
- for (i = 0; i < seedlen; i++)
- {
- ctx->V[ctx->vpos++] ^= seed[i];
- if (ctx->vpos == AES_BLOCK_LENGTH)
- {
- ctx->vpos = 0;
- /* Special case if first seed and key length equals
- * block size check key and seed do not match.
- */
- if (ctx->keyed == 2)
- {
- if (!memcmp(ctx->tmp_key, ctx->V, 16))
- {
- RANDerr(RAND_F_FIPS_SET_PRNG_SEED,
- RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY);
- return 0;
- }
- OPENSSL_cleanse(ctx->tmp_key, 16);
- ctx->keyed = 1;
- }
- ctx->seeded = 1;
- }
- }
- return 1;
- }
-
-static int fips_set_test_mode(FIPS_PRNG_CTX *ctx)
- {
- if (ctx->keyed)
- {
- RANDerr(RAND_F_FIPS_SET_TEST_MODE,RAND_R_PRNG_KEYED);
- return 0;
- }
- ctx->test_mode = 1;
- return 1;
- }
-
-int FIPS_rand_test_mode(void)
- {
- return fips_set_test_mode(&sctx);
- }
-
-int FIPS_rand_set_dt(unsigned char *dt)
- {
- if (!sctx.test_mode)
- {
- RANDerr(RAND_F_FIPS_RAND_SET_DT,RAND_R_NOT_IN_TEST_MODE);
- return 0;
- }
- memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
- return 1;
- }
-
-static void fips_get_dt(FIPS_PRNG_CTX *ctx)
- {
-#ifdef OPENSSL_SYS_WIN32
- FILETIME ft;
-#else
- struct timeval tv;
-#endif
- unsigned char *buf = ctx->DT;
-
-#ifndef GETPID_IS_MEANINGLESS
- unsigned long pid;
-#endif
-
-#ifdef OPENSSL_SYS_WIN32
- GetSystemTimeAsFileTime(&ft);
- buf[0] = (unsigned char) (ft.dwHighDateTime & 0xff);
- buf[1] = (unsigned char) ((ft.dwHighDateTime >> 8) & 0xff);
- buf[2] = (unsigned char) ((ft.dwHighDateTime >> 16) & 0xff);
- buf[3] = (unsigned char) ((ft.dwHighDateTime >> 24) & 0xff);
- buf[4] = (unsigned char) (ft.dwLowDateTime & 0xff);
- buf[5] = (unsigned char) ((ft.dwLowDateTime >> 8) & 0xff);
- buf[6] = (unsigned char) ((ft.dwLowDateTime >> 16) & 0xff);
- buf[7] = (unsigned char) ((ft.dwLowDateTime >> 24) & 0xff);
-#else
- gettimeofday(&tv,NULL);
- buf[0] = (unsigned char) (tv.tv_sec & 0xff);
- buf[1] = (unsigned char) ((tv.tv_sec >> 8) & 0xff);
- buf[2] = (unsigned char) ((tv.tv_sec >> 16) & 0xff);
- buf[3] = (unsigned char) ((tv.tv_sec >> 24) & 0xff);
- buf[4] = (unsigned char) (tv.tv_usec & 0xff);
- buf[5] = (unsigned char) ((tv.tv_usec >> 8) & 0xff);
- buf[6] = (unsigned char) ((tv.tv_usec >> 16) & 0xff);
- buf[7] = (unsigned char) ((tv.tv_usec >> 24) & 0xff);
-#endif
- buf[8] = (unsigned char) (ctx->counter & 0xff);
- buf[9] = (unsigned char) ((ctx->counter >> 8) & 0xff);
- buf[10] = (unsigned char) ((ctx->counter >> 16) & 0xff);
- buf[11] = (unsigned char) ((ctx->counter >> 24) & 0xff);
-
- ctx->counter++;
-
-
-#ifndef GETPID_IS_MEANINGLESS
- pid=(unsigned long)getpid();
- buf[12] = (unsigned char) (pid & 0xff);
- buf[13] = (unsigned char) ((pid >> 8) & 0xff);
- buf[14] = (unsigned char) ((pid >> 16) & 0xff);
- buf[15] = (unsigned char) ((pid >> 24) & 0xff);
-#endif
- }
-
-static int fips_rand(FIPS_PRNG_CTX *ctx,
- unsigned char *out, FIPS_RAND_SIZE_T outlen)
- {
- unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
- unsigned char tmp[AES_BLOCK_LENGTH];
- int i;
- if (ctx->error)
- {
- RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_ERROR);
- return 0;
- }
- if (!ctx->keyed)
- {
- RANDerr(RAND_F_FIPS_RAND,RAND_R_NO_KEY_SET);
- return 0;
- }
- if (!ctx->seeded)
- {
- RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_NOT_SEEDED);
- return 0;
- }
- for (;;)
- {
- if (!ctx->test_mode)
- fips_get_dt(ctx);
- AES_encrypt(ctx->DT, I, &ctx->ks);
- for (i = 0; i < AES_BLOCK_LENGTH; i++)
- tmp[i] = I[i] ^ ctx->V[i];
- AES_encrypt(tmp, R, &ctx->ks);
- for (i = 0; i < AES_BLOCK_LENGTH; i++)
- tmp[i] = R[i] ^ I[i];
- AES_encrypt(tmp, ctx->V, &ctx->ks);
- /* Continuous PRNG test */
- if (ctx->second)
- {
- if (fips_prng_fail)
- memcpy(ctx->last, R, AES_BLOCK_LENGTH);
- if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH))
- {
- RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
- ctx->error = 1;
- fips_set_selftest_fail();
- return 0;
- }
- }
- memcpy(ctx->last, R, AES_BLOCK_LENGTH);
- if (!ctx->second)
- {
- ctx->second = 1;
- if (!ctx->test_mode)
- continue;
- }
-
- if (outlen <= AES_BLOCK_LENGTH)
- {
- memcpy(out, R, outlen);
- break;
- }
-
- memcpy(out, R, AES_BLOCK_LENGTH);
- out += AES_BLOCK_LENGTH;
- outlen -= AES_BLOCK_LENGTH;
- }
- return 1;
- }
-
-
-int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen)
- {
- int ret;
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- ret = fips_set_prng_key(&sctx, key, keylen);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- return ret;
- }
-
-int FIPS_rand_seed(const void *seed, FIPS_RAND_SIZE_T seedlen)
- {
- int ret;
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- ret = fips_set_prng_seed(&sctx, seed, seedlen);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- return ret;
- }
-
-
-int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T count)
- {
- int ret;
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- ret = fips_rand(&sctx, out, count);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- return ret;
- }
-
-int FIPS_rand_status(void)
- {
- int ret;
- CRYPTO_r_lock(CRYPTO_LOCK_RAND);
- ret = sctx.seeded;
- CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
- return ret;
- }
-
-void FIPS_rand_reset(void)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
- fips_rand_prng_reset(&sctx);
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- }
-
-static void fips_do_rand_seed(const void *seed, FIPS_RAND_SIZE_T seedlen)
- {
- FIPS_rand_seed(seed, seedlen);
- }
-
-static void fips_do_rand_add(const void *seed, FIPS_RAND_SIZE_T seedlen,
- double add_entropy)
- {
- FIPS_rand_seed(seed, seedlen);
- }
-
-static const RAND_METHOD rand_fips_meth=
- {
- fips_do_rand_seed,
- FIPS_rand_bytes,
- FIPS_rand_reset,
- fips_do_rand_add,
- FIPS_rand_bytes,
- FIPS_rand_status
- };
-
-const RAND_METHOD *FIPS_rand_method(void)
-{
- return &rand_fips_meth;
-}
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.c (from rev 6976, vendor-crypto/openssl/dist/fips/rand/fips_rand.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,390 @@
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
+ */
+
+#include "e_os.h"
+
+/*
+ * If we don't define _XOPEN_SOURCE_EXTENDED, struct timeval won't be defined
+ * and gettimeofday() won't be declared with strict compilers like DEC C in
+ * ANSI C mode.
+ */
+#ifndef _XOPEN_SOURCE_EXTENDED
+# define _XOPEN_SOURCE_EXTENDED 1
+#endif
+
+#include <openssl/rand.h>
+#include <openssl/aes.h>
+#include <openssl/err.h>
+#include <openssl/fips_rand.h>
+#ifndef OPENSSL_SYS_WIN32
+# include <sys/time.h>
+#endif
+#include <assert.h>
+#ifndef OPENSSL_SYS_WIN32
+# ifdef OPENSSL_UNISTD
+# include OPENSSL_UNISTD
+# else
+# include <unistd.h>
+# endif
+#endif
+#include <string.h>
+#include <openssl/fips.h>
+#include "fips_locl.h"
+
+#ifdef OPENSSL_FIPS
+
+void *OPENSSL_stderr(void);
+
+# define AES_BLOCK_LENGTH 16
+
+/* AES FIPS PRNG implementation */
+
+typedef struct {
+ int seeded;
+ int keyed;
+ int test_mode;
+ int second;
+ int error;
+ unsigned long counter;
+ AES_KEY ks;
+ int vpos;
+ /* Temporary storage for key if it equals seed length */
+ unsigned char tmp_key[AES_BLOCK_LENGTH];
+ unsigned char V[AES_BLOCK_LENGTH];
+ unsigned char DT[AES_BLOCK_LENGTH];
+ unsigned char last[AES_BLOCK_LENGTH];
+} FIPS_PRNG_CTX;
+
+static FIPS_PRNG_CTX sctx;
+
+static int fips_prng_fail = 0;
+
+void FIPS_rng_stick(void)
+{
+ fips_prng_fail = 1;
+}
+
+static void fips_rand_prng_reset(FIPS_PRNG_CTX * ctx)
+{
+ ctx->seeded = 0;
+ ctx->keyed = 0;
+ ctx->test_mode = 0;
+ ctx->counter = 0;
+ ctx->second = 0;
+ ctx->error = 0;
+ ctx->vpos = 0;
+ OPENSSL_cleanse(ctx->V, AES_BLOCK_LENGTH);
+ OPENSSL_cleanse(&ctx->ks, sizeof(AES_KEY));
+}
+
+static int fips_set_prng_key(FIPS_PRNG_CTX * ctx,
+ const unsigned char *key,
+ FIPS_RAND_SIZE_T keylen)
+{
+ FIPS_selftest_check();
+ if (keylen != 16 && keylen != 24 && keylen != 32) {
+ /* error: invalid key size */
+ return 0;
+ }
+ AES_set_encrypt_key(key, keylen << 3, &ctx->ks);
+ if (keylen == 16) {
+ memcpy(ctx->tmp_key, key, 16);
+ ctx->keyed = 2;
+ } else
+ ctx->keyed = 1;
+ ctx->seeded = 0;
+ ctx->second = 0;
+ return 1;
+}
+
+static int fips_set_prng_seed(FIPS_PRNG_CTX * ctx,
+ const unsigned char *seed,
+ FIPS_RAND_SIZE_T seedlen)
+{
+ int i;
+ if (!ctx->keyed)
+ return 0;
+ /* In test mode seed is just supplied data */
+ if (ctx->test_mode) {
+ if (seedlen != AES_BLOCK_LENGTH)
+ return 0;
+ memcpy(ctx->V, seed, AES_BLOCK_LENGTH);
+ ctx->seeded = 1;
+ return 1;
+ }
+ /* Outside test mode XOR supplied data with existing seed */
+ for (i = 0; i < seedlen; i++) {
+ ctx->V[ctx->vpos++] ^= seed[i];
+ if (ctx->vpos == AES_BLOCK_LENGTH) {
+ ctx->vpos = 0;
+ /*
+ * Special case if first seed and key length equals block size
+ * check key and seed do not match.
+ */
+ if (ctx->keyed == 2) {
+ if (!memcmp(ctx->tmp_key, ctx->V, 16)) {
+ RANDerr(RAND_F_FIPS_SET_PRNG_SEED,
+ RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY);
+ return 0;
+ }
+ OPENSSL_cleanse(ctx->tmp_key, 16);
+ ctx->keyed = 1;
+ }
+ ctx->seeded = 1;
+ }
+ }
+ return 1;
+}
+
+static int fips_set_test_mode(FIPS_PRNG_CTX * ctx)
+{
+ if (ctx->keyed) {
+ RANDerr(RAND_F_FIPS_SET_TEST_MODE, RAND_R_PRNG_KEYED);
+ return 0;
+ }
+ ctx->test_mode = 1;
+ return 1;
+}
+
+int FIPS_rand_test_mode(void)
+{
+ return fips_set_test_mode(&sctx);
+}
+
+int FIPS_rand_set_dt(unsigned char *dt)
+{
+ if (!sctx.test_mode) {
+ RANDerr(RAND_F_FIPS_RAND_SET_DT, RAND_R_NOT_IN_TEST_MODE);
+ return 0;
+ }
+ memcpy(sctx.DT, dt, AES_BLOCK_LENGTH);
+ return 1;
+}
+
+static void fips_get_dt(FIPS_PRNG_CTX * ctx)
+{
+# ifdef OPENSSL_SYS_WIN32
+ FILETIME ft;
+# else
+ struct timeval tv;
+# endif
+ unsigned char *buf = ctx->DT;
+
+# ifndef GETPID_IS_MEANINGLESS
+ unsigned long pid;
+# endif
+
+# ifdef OPENSSL_SYS_WIN32
+ GetSystemTimeAsFileTime(&ft);
+ buf[0] = (unsigned char)(ft.dwHighDateTime & 0xff);
+ buf[1] = (unsigned char)((ft.dwHighDateTime >> 8) & 0xff);
+ buf[2] = (unsigned char)((ft.dwHighDateTime >> 16) & 0xff);
+ buf[3] = (unsigned char)((ft.dwHighDateTime >> 24) & 0xff);
+ buf[4] = (unsigned char)(ft.dwLowDateTime & 0xff);
+ buf[5] = (unsigned char)((ft.dwLowDateTime >> 8) & 0xff);
+ buf[6] = (unsigned char)((ft.dwLowDateTime >> 16) & 0xff);
+ buf[7] = (unsigned char)((ft.dwLowDateTime >> 24) & 0xff);
+# else
+ gettimeofday(&tv, NULL);
+ buf[0] = (unsigned char)(tv.tv_sec & 0xff);
+ buf[1] = (unsigned char)((tv.tv_sec >> 8) & 0xff);
+ buf[2] = (unsigned char)((tv.tv_sec >> 16) & 0xff);
+ buf[3] = (unsigned char)((tv.tv_sec >> 24) & 0xff);
+ buf[4] = (unsigned char)(tv.tv_usec & 0xff);
+ buf[5] = (unsigned char)((tv.tv_usec >> 8) & 0xff);
+ buf[6] = (unsigned char)((tv.tv_usec >> 16) & 0xff);
+ buf[7] = (unsigned char)((tv.tv_usec >> 24) & 0xff);
+# endif
+ buf[8] = (unsigned char)(ctx->counter & 0xff);
+ buf[9] = (unsigned char)((ctx->counter >> 8) & 0xff);
+ buf[10] = (unsigned char)((ctx->counter >> 16) & 0xff);
+ buf[11] = (unsigned char)((ctx->counter >> 24) & 0xff);
+
+ ctx->counter++;
+
+# ifndef GETPID_IS_MEANINGLESS
+ pid = (unsigned long)getpid();
+ buf[12] = (unsigned char)(pid & 0xff);
+ buf[13] = (unsigned char)((pid >> 8) & 0xff);
+ buf[14] = (unsigned char)((pid >> 16) & 0xff);
+ buf[15] = (unsigned char)((pid >> 24) & 0xff);
+# endif
+}
+
+static int fips_rand(FIPS_PRNG_CTX * ctx,
+ unsigned char *out, FIPS_RAND_SIZE_T outlen)
+{
+ unsigned char R[AES_BLOCK_LENGTH], I[AES_BLOCK_LENGTH];
+ unsigned char tmp[AES_BLOCK_LENGTH];
+ int i;
+ if (ctx->error) {
+ RANDerr(RAND_F_FIPS_RAND, RAND_R_PRNG_ERROR);
+ return 0;
+ }
+ if (!ctx->keyed) {
+ RANDerr(RAND_F_FIPS_RAND, RAND_R_NO_KEY_SET);
+ return 0;
+ }
+ if (!ctx->seeded) {
+ RANDerr(RAND_F_FIPS_RAND, RAND_R_PRNG_NOT_SEEDED);
+ return 0;
+ }
+ for (;;) {
+ if (!ctx->test_mode)
+ fips_get_dt(ctx);
+ AES_encrypt(ctx->DT, I, &ctx->ks);
+ for (i = 0; i < AES_BLOCK_LENGTH; i++)
+ tmp[i] = I[i] ^ ctx->V[i];
+ AES_encrypt(tmp, R, &ctx->ks);
+ for (i = 0; i < AES_BLOCK_LENGTH; i++)
+ tmp[i] = R[i] ^ I[i];
+ AES_encrypt(tmp, ctx->V, &ctx->ks);
+ /* Continuous PRNG test */
+ if (ctx->second) {
+ if (fips_prng_fail)
+ memcpy(ctx->last, R, AES_BLOCK_LENGTH);
+ if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH)) {
+ RANDerr(RAND_F_FIPS_RAND, RAND_R_PRNG_STUCK);
+ ctx->error = 1;
+ fips_set_selftest_fail();
+ return 0;
+ }
+ }
+ memcpy(ctx->last, R, AES_BLOCK_LENGTH);
+ if (!ctx->second) {
+ ctx->second = 1;
+ if (!ctx->test_mode)
+ continue;
+ }
+
+ if (outlen <= AES_BLOCK_LENGTH) {
+ memcpy(out, R, outlen);
+ break;
+ }
+
+ memcpy(out, R, AES_BLOCK_LENGTH);
+ out += AES_BLOCK_LENGTH;
+ outlen -= AES_BLOCK_LENGTH;
+ }
+ return 1;
+}
+
+int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen)
+{
+ int ret;
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ ret = fips_set_prng_key(&sctx, key, keylen);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ return ret;
+}
+
+int FIPS_rand_seed(const void *seed, FIPS_RAND_SIZE_T seedlen)
+{
+ int ret;
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ ret = fips_set_prng_seed(&sctx, seed, seedlen);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ return ret;
+}
+
+int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T count)
+{
+ int ret;
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ ret = fips_rand(&sctx, out, count);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ return ret;
+}
+
+int FIPS_rand_status(void)
+{
+ int ret;
+ CRYPTO_r_lock(CRYPTO_LOCK_RAND);
+ ret = sctx.seeded;
+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
+ return ret;
+}
+
+void FIPS_rand_reset(void)
+{
+ CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ fips_rand_prng_reset(&sctx);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+}
+
+static void fips_do_rand_seed(const void *seed, FIPS_RAND_SIZE_T seedlen)
+{
+ FIPS_rand_seed(seed, seedlen);
+}
+
+static void fips_do_rand_add(const void *seed, FIPS_RAND_SIZE_T seedlen,
+ double add_entropy)
+{
+ FIPS_rand_seed(seed, seedlen);
+}
+
+static const RAND_METHOD rand_fips_meth = {
+ fips_do_rand_seed,
+ FIPS_rand_bytes,
+ FIPS_rand_reset,
+ fips_do_rand_add,
+ FIPS_rand_bytes,
+ FIPS_rand_status
+};
+
+const RAND_METHOD *FIPS_rand_method(void)
+{
+ return &rand_fips_meth;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.h
===================================================================
--- vendor-crypto/openssl/dist/fips/rand/fips_rand.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,77 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifndef HEADER_FIPS_RAND_H
-#define HEADER_FIPS_RAND_H
-
-#include "des.h"
-
-#ifdef OPENSSL_FIPS
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen);
-int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num);
-int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T outlen);
-
-int FIPS_rand_test_mode(void);
-void FIPS_rand_reset(void);
-int FIPS_rand_set_dt(unsigned char *dt);
-
-int FIPS_rand_status(void);
-
-const RAND_METHOD *FIPS_rand_method(void);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.h (from rev 6976, vendor-crypto/openssl/dist/fips/rand/fips_rand.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,77 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#ifndef HEADER_FIPS_RAND_H
+# define HEADER_FIPS_RAND_H
+
+# include "des.h"
+
+# ifdef OPENSSL_FIPS
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int FIPS_rand_set_key(const unsigned char *key, FIPS_RAND_SIZE_T keylen);
+int FIPS_rand_seed(const void *buf, FIPS_RAND_SIZE_T num);
+int FIPS_rand_bytes(unsigned char *out, FIPS_RAND_SIZE_T outlen);
+
+int FIPS_rand_test_mode(void);
+void FIPS_rand_reset(void);
+int FIPS_rand_set_dt(unsigned char *dt);
+
+int FIPS_rand_status(void);
+
+const RAND_METHOD *FIPS_rand_method(void);
+
+#ifdef __cplusplus
+}
+#endif
+# endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand_selftest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rand/fips_rand_selftest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,371 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/rand.h>
-#include <openssl/fips_rand.h>
-
-#ifdef OPENSSL_FIPS
-
-
-
-typedef struct
- {
- unsigned char DT[16];
- unsigned char V[16];
- unsigned char R[16];
- } AES_PRNG_TV;
-
-/* The following test vectors are taken directly from the RGNVS spec */
-
-static unsigned char aes_128_key[16] =
- {0xf3,0xb1,0x66,0x6d,0x13,0x60,0x72,0x42,
- 0xed,0x06,0x1c,0xab,0xb8,0xd4,0x62,0x02};
-
-static AES_PRNG_TV aes_128_tv[] = {
- {
- /* DT */
- {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
- 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xf9},
- /* V */
- {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x59,0x53,0x1e,0xd1,0x3b,0xb0,0xc0,0x55,
- 0x84,0x79,0x66,0x85,0xc1,0x2f,0x76,0x41}
- },
- {
- /* DT */
- {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
- 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xfa},
- /* V */
- {0xc0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x7c,0x22,0x2c,0xf4,0xca,0x8f,0xa2,0x4c,
- 0x1c,0x9c,0xb6,0x41,0xa9,0xf3,0x22,0x0d}
- },
- {
- /* DT */
- {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
- 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xfb},
- /* V */
- {0xe0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x8a,0xaa,0x00,0x39,0x66,0x67,0x5b,0xe5,
- 0x29,0x14,0x28,0x81,0xa9,0x4d,0x4e,0xc7}
- },
- {
- /* DT */
- {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
- 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xfc},
- /* V */
- {0xf0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x88,0xdd,0xa4,0x56,0x30,0x24,0x23,0xe5,
- 0xf6,0x9d,0xa5,0x7e,0x7b,0x95,0xc7,0x3a}
- },
- {
- /* DT */
- {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
- 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x22,0xfd},
- /* V */
- {0xf8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x05,0x25,0x92,0x46,0x61,0x79,0xd2,0xcb,
- 0x78,0xc4,0x0b,0x14,0x0a,0x5a,0x9a,0xc8}
- },
- {
- /* DT */
- {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
- 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x23,0x77},
- /* V */
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe},
- /* R */
- {0x0d,0xd5,0xa0,0x36,0x7a,0x59,0x26,0xbc,
- 0x48,0xd9,0x38,0xbf,0xf0,0x85,0x8f,0xea}
- },
- {
- /* DT */
- {0xe6,0xb3,0xbe,0x78,0x2a,0x23,0xfa,0x62,
- 0xd7,0x1d,0x4a,0xfb,0xb0,0xe9,0x23,0x78},
- /* V */
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
- /* R */
- {0xae,0x53,0x87,0xee,0x8c,0xd9,0x12,0xf5,
- 0x73,0x53,0xae,0x03,0xf9,0xd5,0x13,0x33}
- },
-};
-
-static unsigned char aes_192_key[24] =
- {0x15,0xd8,0x78,0x0d,0x62,0xd3,0x25,0x6e,
- 0x44,0x64,0x10,0x13,0x60,0x2b,0xa9,0xbc,
- 0x4a,0xfb,0xca,0xeb,0x4c,0x8b,0x99,0x3b};
-
-static AES_PRNG_TV aes_192_tv[] = {
- {
- /* DT */
- {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
- 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4b},
- /* V */
- {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x17,0x07,0xd5,0x28,0x19,0x79,0x1e,0xef,
- 0xa5,0x0c,0xbf,0x25,0xe5,0x56,0xb4,0x93}
- },
- {
- /* DT */
- {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
- 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4c},
- /* V */
- {0xc0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x92,0x8d,0xbe,0x07,0xdd,0xc7,0x58,0xc0,
- 0x6f,0x35,0x41,0x9b,0x17,0xc9,0xbd,0x9b}
- },
- {
- /* DT */
- {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
- 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4d},
- /* V */
- {0xe0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0xd5,0xde,0xf4,0x50,0xf3,0xb7,0x10,0x4e,
- 0xb8,0xc6,0xf8,0xcf,0xe2,0xb1,0xca,0xa2}
- },
- {
- /* DT */
- {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
- 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4e},
- /* V */
- {0xf0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0xce,0x29,0x08,0x43,0xfc,0x34,0x41,0xe7,
- 0x47,0x8f,0xb3,0x66,0x2b,0x46,0xb1,0xbb}
- },
- {
- /* DT */
- {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
- 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0x4f},
- /* V */
- {0xf8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0xb3,0x26,0x0f,0xf5,0xd6,0xca,0xa8,0xbf,
- 0x89,0xb8,0x5e,0x2f,0x22,0x56,0x92,0x2f}
- },
- {
- /* DT */
- {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
- 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0xc9},
- /* V */
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe},
- /* R */
- {0x05,0xeb,0x18,0x52,0x34,0x43,0x00,0x43,
- 0x6e,0x5a,0xa5,0xfe,0x7b,0x32,0xc4,0x2d}
- },
- {
- /* DT */
- {0x3f,0xd8,0xff,0xe8,0x80,0x69,0x8b,0xc1,
- 0xbf,0x99,0x7d,0xa4,0x24,0x78,0xf3,0xca},
- /* V */
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
- /* R */
- {0x15,0x3c,0xe8,0xd1,0x04,0xc7,0xad,0x50,
- 0x0b,0xf0,0x07,0x16,0xe7,0x56,0x7a,0xea}
- },
-};
-
-static unsigned char aes_256_key[32] =
- {0x6d,0x14,0x06,0x6c,0xb6,0xd8,0x21,0x2d,
- 0x82,0x8d,0xfa,0xf2,0x7a,0x03,0xb7,0x9f,
- 0x0c,0xc7,0x3e,0xcd,0x76,0xeb,0xee,0xb5,
- 0x21,0x05,0x8c,0x4f,0x31,0x7a,0x80,0xbb};
-
-static AES_PRNG_TV aes_256_tv[] = {
- {
- /* DT */
- {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
- 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x88},
- /* V */
- {0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x35,0xc7,0xef,0xa7,0x78,0x4d,0x29,0xbc,
- 0x82,0x79,0x99,0xfb,0xd0,0xb3,0x3b,0x72}
- },
- {
- /* DT */
- {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
- 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x89},
- /* V */
- {0xc0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x6c,0xf4,0x42,0x5d,0xc7,0x04,0x1a,0x41,
- 0x28,0x2a,0x78,0xa9,0xb0,0x12,0xc4,0x95}
- },
- {
- /* DT */
- {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
- 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x8a},
- /* V */
- {0xe0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x16,0x90,0xa4,0xff,0x7b,0x7e,0xb9,0x30,
- 0xdb,0x67,0x4b,0xac,0x2d,0xe1,0xd1,0x75}
- },
- {
- /* DT */
- {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
- 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x8b},
- /* V */
- {0xf0,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x14,0x6f,0xf5,0x95,0xa1,0x46,0x65,0x30,
- 0xbc,0x57,0xe2,0x4a,0xf7,0x45,0x62,0x05}
- },
- {
- /* DT */
- {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
- 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9e,0x8c},
- /* V */
- {0xf8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
- /* R */
- {0x96,0xe2,0xb4,0x1e,0x66,0x5e,0x0f,0xa4,
- 0xc5,0xcd,0xa2,0x07,0xcc,0xb7,0x94,0x40}
- },
- {
- /* DT */
- {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
- 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9f,0x06},
- /* V */
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe},
- /* R */
- {0x61,0xce,0x1d,0x6a,0x48,0x75,0x97,0x28,
- 0x4b,0x41,0xde,0x18,0x44,0x4f,0x56,0xec}
- },
- {
- /* DT */
- {0xda,0x3a,0x41,0xec,0x1d,0xa3,0xb0,0xd5,
- 0xf2,0xa9,0x4e,0x34,0x74,0x8e,0x9f,0x07},
- /* V */
- {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
- /* R */
- {0x52,0x89,0x59,0x79,0x2d,0xaa,0x28,0xb3,
- 0xb0,0x8a,0x3e,0x70,0xfa,0x71,0x59,0x84}
- },
-};
-
-
-void FIPS_corrupt_rng()
- {
- aes_192_tv[0].V[0]++;
- }
-
-#define fips_rand_test(key, tv) \
- do_rand_test(key, sizeof key, tv, sizeof(tv)/sizeof(AES_PRNG_TV))
-
-static int do_rand_test(unsigned char *key, int keylen,
- AES_PRNG_TV *tv, int ntv)
- {
- unsigned char R[16];
- int i;
- if (!FIPS_rand_set_key(key, keylen))
- return 0;
- for (i = 0; i < ntv; i++)
- {
- FIPS_rand_seed(tv[i].V, 16);
- FIPS_rand_set_dt(tv[i].DT);
- FIPS_rand_bytes(R, 16);
- if (memcmp(R, tv[i].R, 16))
- return 0;
- }
- return 1;
- }
-
-
-int FIPS_selftest_rng()
- {
- FIPS_rand_reset();
- if (!FIPS_rand_test_mode())
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- if (!fips_rand_test(aes_128_key,aes_128_tv)
- || !fips_rand_test(aes_192_key, aes_192_tv)
- || !fips_rand_test(aes_256_key, aes_256_tv))
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_RNG,FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- FIPS_rand_reset();
- return 1;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand_selftest.c (from rev 6976, vendor-crypto/openssl/dist/fips/rand/fips_rand_selftest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand_selftest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rand_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,366 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+
+#ifdef OPENSSL_FIPS
+
+typedef struct {
+ unsigned char DT[16];
+ unsigned char V[16];
+ unsigned char R[16];
+} AES_PRNG_TV;
+
+/* The following test vectors are taken directly from the RGNVS spec */
+
+static unsigned char aes_128_key[16] =
+ { 0xf3, 0xb1, 0x66, 0x6d, 0x13, 0x60, 0x72, 0x42,
+ 0xed, 0x06, 0x1c, 0xab, 0xb8, 0xd4, 0x62, 0x02
+};
+
+static AES_PRNG_TV aes_128_tv[] = {
+ {
+ /* DT */
+ {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62,
+ 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x22, 0xf9},
+ /* V */
+ {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0x59, 0x53, 0x1e, 0xd1, 0x3b, 0xb0, 0xc0, 0x55,
+ 0x84, 0x79, 0x66, 0x85, 0xc1, 0x2f, 0x76, 0x41}
+ },
+ {
+ /* DT */
+ {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62,
+ 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x22, 0xfa},
+ /* V */
+ {0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0x7c, 0x22, 0x2c, 0xf4, 0xca, 0x8f, 0xa2, 0x4c,
+ 0x1c, 0x9c, 0xb6, 0x41, 0xa9, 0xf3, 0x22, 0x0d}
+ },
+ {
+ /* DT */
+ {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62,
+ 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x22, 0xfb},
+ /* V */
+ {0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0x8a, 0xaa, 0x00, 0x39, 0x66, 0x67, 0x5b, 0xe5,
+ 0x29, 0x14, 0x28, 0x81, 0xa9, 0x4d, 0x4e, 0xc7}
+ },
+ {
+ /* DT */
+ {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62,
+ 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x22, 0xfc},
+ /* V */
+ {0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0x88, 0xdd, 0xa4, 0x56, 0x30, 0x24, 0x23, 0xe5,
+ 0xf6, 0x9d, 0xa5, 0x7e, 0x7b, 0x95, 0xc7, 0x3a}
+ },
+ {
+ /* DT */
+ {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62,
+ 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x22, 0xfd},
+ /* V */
+ {0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0x05, 0x25, 0x92, 0x46, 0x61, 0x79, 0xd2, 0xcb,
+ 0x78, 0xc4, 0x0b, 0x14, 0x0a, 0x5a, 0x9a, 0xc8}
+ },
+ {
+ /* DT */
+ {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62,
+ 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x23, 0x77},
+ /* V */
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe},
+ /* R */
+ {0x0d, 0xd5, 0xa0, 0x36, 0x7a, 0x59, 0x26, 0xbc,
+ 0x48, 0xd9, 0x38, 0xbf, 0xf0, 0x85, 0x8f, 0xea}
+ },
+ {
+ /* DT */
+ {0xe6, 0xb3, 0xbe, 0x78, 0x2a, 0x23, 0xfa, 0x62,
+ 0xd7, 0x1d, 0x4a, 0xfb, 0xb0, 0xe9, 0x23, 0x78},
+ /* V */
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ /* R */
+ {0xae, 0x53, 0x87, 0xee, 0x8c, 0xd9, 0x12, 0xf5,
+ 0x73, 0x53, 0xae, 0x03, 0xf9, 0xd5, 0x13, 0x33}
+ },
+};
+
+static unsigned char aes_192_key[24] =
+ { 0x15, 0xd8, 0x78, 0x0d, 0x62, 0xd3, 0x25, 0x6e,
+ 0x44, 0x64, 0x10, 0x13, 0x60, 0x2b, 0xa9, 0xbc,
+ 0x4a, 0xfb, 0xca, 0xeb, 0x4c, 0x8b, 0x99, 0x3b
+};
+
+static AES_PRNG_TV aes_192_tv[] = {
+ {
+ /* DT */
+ {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1,
+ 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0x4b},
+ /* V */
+ {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0x17, 0x07, 0xd5, 0x28, 0x19, 0x79, 0x1e, 0xef,
+ 0xa5, 0x0c, 0xbf, 0x25, 0xe5, 0x56, 0xb4, 0x93}
+ },
+ {
+ /* DT */
+ {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1,
+ 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0x4c},
+ /* V */
+ {0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0x92, 0x8d, 0xbe, 0x07, 0xdd, 0xc7, 0x58, 0xc0,
+ 0x6f, 0x35, 0x41, 0x9b, 0x17, 0xc9, 0xbd, 0x9b}
+ },
+ {
+ /* DT */
+ {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1,
+ 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0x4d},
+ /* V */
+ {0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0xd5, 0xde, 0xf4, 0x50, 0xf3, 0xb7, 0x10, 0x4e,
+ 0xb8, 0xc6, 0xf8, 0xcf, 0xe2, 0xb1, 0xca, 0xa2}
+ },
+ {
+ /* DT */
+ {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1,
+ 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0x4e},
+ /* V */
+ {0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0xce, 0x29, 0x08, 0x43, 0xfc, 0x34, 0x41, 0xe7,
+ 0x47, 0x8f, 0xb3, 0x66, 0x2b, 0x46, 0xb1, 0xbb}
+ },
+ {
+ /* DT */
+ {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1,
+ 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0x4f},
+ /* V */
+ {0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0xb3, 0x26, 0x0f, 0xf5, 0xd6, 0xca, 0xa8, 0xbf,
+ 0x89, 0xb8, 0x5e, 0x2f, 0x22, 0x56, 0x92, 0x2f}
+ },
+ {
+ /* DT */
+ {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1,
+ 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0xc9},
+ /* V */
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe},
+ /* R */
+ {0x05, 0xeb, 0x18, 0x52, 0x34, 0x43, 0x00, 0x43,
+ 0x6e, 0x5a, 0xa5, 0xfe, 0x7b, 0x32, 0xc4, 0x2d}
+ },
+ {
+ /* DT */
+ {0x3f, 0xd8, 0xff, 0xe8, 0x80, 0x69, 0x8b, 0xc1,
+ 0xbf, 0x99, 0x7d, 0xa4, 0x24, 0x78, 0xf3, 0xca},
+ /* V */
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ /* R */
+ {0x15, 0x3c, 0xe8, 0xd1, 0x04, 0xc7, 0xad, 0x50,
+ 0x0b, 0xf0, 0x07, 0x16, 0xe7, 0x56, 0x7a, 0xea}
+ },
+};
+
+static unsigned char aes_256_key[32] =
+ { 0x6d, 0x14, 0x06, 0x6c, 0xb6, 0xd8, 0x21, 0x2d,
+ 0x82, 0x8d, 0xfa, 0xf2, 0x7a, 0x03, 0xb7, 0x9f,
+ 0x0c, 0xc7, 0x3e, 0xcd, 0x76, 0xeb, 0xee, 0xb5,
+ 0x21, 0x05, 0x8c, 0x4f, 0x31, 0x7a, 0x80, 0xbb
+};
+
+static AES_PRNG_TV aes_256_tv[] = {
+ {
+ /* DT */
+ {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5,
+ 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9e, 0x88},
+ /* V */
+ {0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0x35, 0xc7, 0xef, 0xa7, 0x78, 0x4d, 0x29, 0xbc,
+ 0x82, 0x79, 0x99, 0xfb, 0xd0, 0xb3, 0x3b, 0x72}
+ },
+ {
+ /* DT */
+ {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5,
+ 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9e, 0x89},
+ /* V */
+ {0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0x6c, 0xf4, 0x42, 0x5d, 0xc7, 0x04, 0x1a, 0x41,
+ 0x28, 0x2a, 0x78, 0xa9, 0xb0, 0x12, 0xc4, 0x95}
+ },
+ {
+ /* DT */
+ {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5,
+ 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9e, 0x8a},
+ /* V */
+ {0xe0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0x16, 0x90, 0xa4, 0xff, 0x7b, 0x7e, 0xb9, 0x30,
+ 0xdb, 0x67, 0x4b, 0xac, 0x2d, 0xe1, 0xd1, 0x75}
+ },
+ {
+ /* DT */
+ {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5,
+ 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9e, 0x8b},
+ /* V */
+ {0xf0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0x14, 0x6f, 0xf5, 0x95, 0xa1, 0x46, 0x65, 0x30,
+ 0xbc, 0x57, 0xe2, 0x4a, 0xf7, 0x45, 0x62, 0x05}
+ },
+ {
+ /* DT */
+ {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5,
+ 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9e, 0x8c},
+ /* V */
+ {0xf8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
+ /* R */
+ {0x96, 0xe2, 0xb4, 0x1e, 0x66, 0x5e, 0x0f, 0xa4,
+ 0xc5, 0xcd, 0xa2, 0x07, 0xcc, 0xb7, 0x94, 0x40}
+ },
+ {
+ /* DT */
+ {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5,
+ 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9f, 0x06},
+ /* V */
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe},
+ /* R */
+ {0x61, 0xce, 0x1d, 0x6a, 0x48, 0x75, 0x97, 0x28,
+ 0x4b, 0x41, 0xde, 0x18, 0x44, 0x4f, 0x56, 0xec}
+ },
+ {
+ /* DT */
+ {0xda, 0x3a, 0x41, 0xec, 0x1d, 0xa3, 0xb0, 0xd5,
+ 0xf2, 0xa9, 0x4e, 0x34, 0x74, 0x8e, 0x9f, 0x07},
+ /* V */
+ {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+ /* R */
+ {0x52, 0x89, 0x59, 0x79, 0x2d, 0xaa, 0x28, 0xb3,
+ 0xb0, 0x8a, 0x3e, 0x70, 0xfa, 0x71, 0x59, 0x84}
+ },
+};
+
+void FIPS_corrupt_rng()
+{
+ aes_192_tv[0].V[0]++;
+}
+
+# define fips_rand_test(key, tv) \
+ do_rand_test(key, sizeof key, tv, sizeof(tv)/sizeof(AES_PRNG_TV))
+
+static int do_rand_test(unsigned char *key, int keylen,
+ AES_PRNG_TV * tv, int ntv)
+{
+ unsigned char R[16];
+ int i;
+ if (!FIPS_rand_set_key(key, keylen))
+ return 0;
+ for (i = 0; i < ntv; i++) {
+ FIPS_rand_seed(tv[i].V, 16);
+ FIPS_rand_set_dt(tv[i].DT);
+ FIPS_rand_bytes(R, 16);
+ if (memcmp(R, tv[i].R, 16))
+ return 0;
+ }
+ return 1;
+}
+
+int FIPS_selftest_rng()
+{
+ FIPS_rand_reset();
+ if (!FIPS_rand_test_mode()) {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_RNG, FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ if (!fips_rand_test(aes_128_key, aes_128_tv)
+ || !fips_rand_test(aes_192_key, aes_192_tv)
+ || !fips_rand_test(aes_256_key, aes_256_tv)) {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_RNG, FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ FIPS_rand_reset();
+ return 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rand/fips_randtest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rand/fips_randtest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rand/fips_randtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,248 +0,0 @@
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <openssl/rand.h>
-#include <openssl/fips_rand.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-
-#include "e_os.h"
-
-#ifndef OPENSSL_FIPS
-int main(int argc, char *argv[])
-{
- printf("No FIPS RAND support\n");
- return(0);
-}
-
-#else
-
-#include "fips_utl.h"
-
-typedef struct
- {
- unsigned char DT[16];
- unsigned char V[16];
- unsigned char R[16];
- } AES_PRNG_MCT;
-
-static unsigned char aes_128_mct_key[16] =
- {0x9f,0x5b,0x51,0x20,0x0b,0xf3,0x34,0xb5,
- 0xd8,0x2b,0xe8,0xc3,0x72,0x55,0xc8,0x48};
-
-static AES_PRNG_MCT aes_128_mct_tv = {
- /* DT */
- {0x63,0x76,0xbb,0xe5,0x29,0x02,0xba,0x3b,
- 0x67,0xc9,0x25,0xfa,0x70,0x1f,0x11,0xac},
- /* V */
- {0x57,0x2c,0x8e,0x76,0x87,0x26,0x47,0x97,
- 0x7e,0x74,0xfb,0xdd,0xc4,0x95,0x01,0xd1},
- /* R */
- {0x48,0xe9,0xbd,0x0d,0x06,0xee,0x18,0xfb,
- 0xe4,0x57,0x90,0xd5,0xc3,0xfc,0x9b,0x73}
-};
-
-static unsigned char aes_192_mct_key[24] =
- {0xb7,0x6c,0x34,0xd1,0x09,0x67,0xab,0x73,
- 0x4d,0x5a,0xd5,0x34,0x98,0x16,0x0b,0x91,
- 0xbc,0x35,0x51,0x16,0x6b,0xae,0x93,0x8a};
-
-static AES_PRNG_MCT aes_192_mct_tv = {
- /* DT */
- {0x84,0xce,0x22,0x7d,0x91,0x5a,0xa3,0xc9,
- 0x84,0x3c,0x0a,0xb3,0xa9,0x63,0x15,0x52},
- /* V */
- {0xb6,0xaf,0xe6,0x8f,0x99,0x9e,0x90,0x64,
- 0xdd,0xc7,0x7a,0xc1,0xbb,0x90,0x3a,0x6d},
- /* R */
- {0xfc,0x85,0x60,0x9a,0x29,0x6f,0xef,0x21,
- 0xdd,0x86,0x20,0x32,0x8a,0x29,0x6f,0x47}
-};
-
-static unsigned char aes_256_mct_key[32] =
- {0x9b,0x05,0xc8,0x68,0xff,0x47,0xf8,0x3a,
- 0xa6,0x3a,0xa8,0xcb,0x4e,0x71,0xb2,0xe0,
- 0xb8,0x7e,0xf1,0x37,0xb6,0xb4,0xf6,0x6d,
- 0x86,0x32,0xfc,0x1f,0x5e,0x1d,0x1e,0x50};
-
-static AES_PRNG_MCT aes_256_mct_tv = {
- /* DT */
- {0x31,0x6e,0x35,0x9a,0xb1,0x44,0xf0,0xee,
- 0x62,0x6d,0x04,0x46,0xe0,0xa3,0x92,0x4c},
- /* V */
- {0x4f,0xcd,0xc1,0x87,0x82,0x1f,0x4d,0xa1,
- 0x3e,0x0e,0x56,0x44,0x59,0xe8,0x83,0xca},
- /* R */
- {0xc8,0x87,0xc2,0x61,0x5b,0xd0,0xb9,0xe1,
- 0xe7,0xf3,0x8b,0xd7,0x5b,0xd5,0xf1,0x8d}
-};
-
-static void dump(const unsigned char *b,int n)
- {
- while(n-- > 0)
- {
- printf(" %02x",*b++);
- }
- }
-
-static void compare(const unsigned char *result,const unsigned char *expected,
- int n)
- {
- int i;
-
- for(i=0 ; i < n ; ++i)
- if(result[i] != expected[i])
- {
- puts("Random test failed, got:");
- dump(result,n);
- puts("\n expected:");
- dump(expected,n);
- putchar('\n');
- EXIT(1);
- }
- }
-
-
-static void run_test(unsigned char *key, int keylen, AES_PRNG_MCT *tv)
- {
- unsigned char buf[16], dt[16];
- int i, j;
- FIPS_rand_reset();
- FIPS_rand_test_mode();
- FIPS_rand_set_key(key, keylen);
- FIPS_rand_seed(tv->V, 16);
- memcpy(dt, tv->DT, 16);
- for (i = 0; i < 10000; i++)
- {
- FIPS_rand_set_dt(dt);
- FIPS_rand_bytes(buf, 16);
- /* Increment DT */
- for (j = 15; j >= 0; j--)
- {
- dt[j]++;
- if (dt[j])
- break;
- }
- }
-
- compare(buf,tv->R, 16);
- }
-
-int main()
- {
- run_test(aes_128_mct_key, 16, &aes_128_mct_tv);
- printf("FIPS PRNG test 1 done\n");
- run_test(aes_192_mct_key, 24, &aes_192_mct_tv);
- printf("FIPS PRNG test 2 done\n");
- run_test(aes_256_mct_key, 32, &aes_256_mct_tv);
- printf("FIPS PRNG test 3 done\n");
- return 0;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/rand/fips_randtest.c (from rev 6976, vendor-crypto/openssl/dist/fips/rand/fips_randtest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rand/fips_randtest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rand/fips_randtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,245 @@
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <openssl/rand.h>
+#include <openssl/fips_rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+
+#include "e_os.h"
+
+#ifndef OPENSSL_FIPS
+int main(int argc, char *argv[])
+{
+ printf("No FIPS RAND support\n");
+ return (0);
+}
+
+#else
+
+# include "fips_utl.h"
+
+typedef struct {
+ unsigned char DT[16];
+ unsigned char V[16];
+ unsigned char R[16];
+} AES_PRNG_MCT;
+
+static unsigned char aes_128_mct_key[16] =
+ { 0x9f, 0x5b, 0x51, 0x20, 0x0b, 0xf3, 0x34, 0xb5,
+ 0xd8, 0x2b, 0xe8, 0xc3, 0x72, 0x55, 0xc8, 0x48
+};
+
+static AES_PRNG_MCT aes_128_mct_tv = {
+ /* DT */
+ {0x63, 0x76, 0xbb, 0xe5, 0x29, 0x02, 0xba, 0x3b,
+ 0x67, 0xc9, 0x25, 0xfa, 0x70, 0x1f, 0x11, 0xac},
+ /* V */
+ {0x57, 0x2c, 0x8e, 0x76, 0x87, 0x26, 0x47, 0x97,
+ 0x7e, 0x74, 0xfb, 0xdd, 0xc4, 0x95, 0x01, 0xd1},
+ /* R */
+ {0x48, 0xe9, 0xbd, 0x0d, 0x06, 0xee, 0x18, 0xfb,
+ 0xe4, 0x57, 0x90, 0xd5, 0xc3, 0xfc, 0x9b, 0x73}
+};
+
+static unsigned char aes_192_mct_key[24] =
+ { 0xb7, 0x6c, 0x34, 0xd1, 0x09, 0x67, 0xab, 0x73,
+ 0x4d, 0x5a, 0xd5, 0x34, 0x98, 0x16, 0x0b, 0x91,
+ 0xbc, 0x35, 0x51, 0x16, 0x6b, 0xae, 0x93, 0x8a
+};
+
+static AES_PRNG_MCT aes_192_mct_tv = {
+ /* DT */
+ {0x84, 0xce, 0x22, 0x7d, 0x91, 0x5a, 0xa3, 0xc9,
+ 0x84, 0x3c, 0x0a, 0xb3, 0xa9, 0x63, 0x15, 0x52},
+ /* V */
+ {0xb6, 0xaf, 0xe6, 0x8f, 0x99, 0x9e, 0x90, 0x64,
+ 0xdd, 0xc7, 0x7a, 0xc1, 0xbb, 0x90, 0x3a, 0x6d},
+ /* R */
+ {0xfc, 0x85, 0x60, 0x9a, 0x29, 0x6f, 0xef, 0x21,
+ 0xdd, 0x86, 0x20, 0x32, 0x8a, 0x29, 0x6f, 0x47}
+};
+
+static unsigned char aes_256_mct_key[32] =
+ { 0x9b, 0x05, 0xc8, 0x68, 0xff, 0x47, 0xf8, 0x3a,
+ 0xa6, 0x3a, 0xa8, 0xcb, 0x4e, 0x71, 0xb2, 0xe0,
+ 0xb8, 0x7e, 0xf1, 0x37, 0xb6, 0xb4, 0xf6, 0x6d,
+ 0x86, 0x32, 0xfc, 0x1f, 0x5e, 0x1d, 0x1e, 0x50
+};
+
+static AES_PRNG_MCT aes_256_mct_tv = {
+ /* DT */
+ {0x31, 0x6e, 0x35, 0x9a, 0xb1, 0x44, 0xf0, 0xee,
+ 0x62, 0x6d, 0x04, 0x46, 0xe0, 0xa3, 0x92, 0x4c},
+ /* V */
+ {0x4f, 0xcd, 0xc1, 0x87, 0x82, 0x1f, 0x4d, 0xa1,
+ 0x3e, 0x0e, 0x56, 0x44, 0x59, 0xe8, 0x83, 0xca},
+ /* R */
+ {0xc8, 0x87, 0xc2, 0x61, 0x5b, 0xd0, 0xb9, 0xe1,
+ 0xe7, 0xf3, 0x8b, 0xd7, 0x5b, 0xd5, 0xf1, 0x8d}
+};
+
+static void dump(const unsigned char *b, int n)
+{
+ while (n-- > 0) {
+ printf(" %02x", *b++);
+ }
+}
+
+static void compare(const unsigned char *result,
+ const unsigned char *expected, int n)
+{
+ int i;
+
+ for (i = 0; i < n; ++i)
+ if (result[i] != expected[i]) {
+ puts("Random test failed, got:");
+ dump(result, n);
+ puts("\n expected:");
+ dump(expected, n);
+ putchar('\n');
+ EXIT(1);
+ }
+}
+
+static void run_test(unsigned char *key, int keylen, AES_PRNG_MCT * tv)
+{
+ unsigned char buf[16], dt[16];
+ int i, j;
+ FIPS_rand_reset();
+ FIPS_rand_test_mode();
+ FIPS_rand_set_key(key, keylen);
+ FIPS_rand_seed(tv->V, 16);
+ memcpy(dt, tv->DT, 16);
+ for (i = 0; i < 10000; i++) {
+ FIPS_rand_set_dt(dt);
+ FIPS_rand_bytes(buf, 16);
+ /* Increment DT */
+ for (j = 15; j >= 0; j--) {
+ dt[j]++;
+ if (dt[j])
+ break;
+ }
+ }
+
+ compare(buf, tv->R, 16);
+}
+
+int main()
+{
+ run_test(aes_128_mct_key, 16, &aes_128_mct_tv);
+ printf("FIPS PRNG test 1 done\n");
+ run_test(aes_192_mct_key, 24, &aes_192_mct_tv);
+ printf("FIPS PRNG test 2 done\n");
+ run_test(aes_256_mct_key, 32, &aes_256_mct_tv);
+ printf("FIPS PRNG test 3 done\n");
+ return 0;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rngvs.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rand/fips_rngvs.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rngvs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,230 +0,0 @@
-/*
- * Crude test driver for processing the VST and MCT testvector files
- * generated by the CMVP RNGVS product.
- *
- * Note the input files are assumed to have a _very_ specific format
- * as described in the NIST document "The Random Number Generator
- * Validation System (RNGVS)", May 25, 2004.
- *
- */
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_FIPS
-#include <stdio.h>
-
-int main(int argc, char **argv)
-{
- printf("No FIPS RNG support\n");
- return 0;
-}
-#else
-
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/fips.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include <openssl/fips_rand.h>
-#include <openssl/x509v3.h>
-#include <string.h>
-#include <ctype.h>
-
-#include "fips_utl.h"
-
-static void vst()
- {
- unsigned char *key = NULL;
- unsigned char *v = NULL;
- unsigned char *dt = NULL;
- unsigned char ret[16];
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- long i, keylen;
-
- keylen = 0;
-
- while(fgets(buf,sizeof buf,stdin) != NULL)
- {
- fputs(buf,stdout);
- if(!strncmp(buf,"[AES 128-Key]", 13))
- keylen = 16;
- else if(!strncmp(buf,"[AES 192-Key]", 13))
- keylen = 24;
- else if(!strncmp(buf,"[AES 256-Key]", 13))
- keylen = 32;
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- if(!strcmp(keyword,"Key"))
- {
- key=hex2bin_m(value,&i);
- if (i != keylen)
- {
- fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
- return;
- }
- }
- else if(!strcmp(keyword,"DT"))
- {
- dt=hex2bin_m(value,&i);
- if (i != 16)
- {
- fprintf(stderr, "Invalid DT length\n");
- return;
- }
- }
- else if(!strcmp(keyword,"V"))
- {
- v=hex2bin_m(value,&i);
- if (i != 16)
- {
- fprintf(stderr, "Invalid V length\n");
- return;
- }
-
- if (!key || !dt)
- {
- fprintf(stderr, "Missing key or DT\n");
- return;
- }
-
- FIPS_rand_set_key(key, keylen);
- FIPS_rand_seed(v,16);
- FIPS_rand_set_dt(dt);
- if (FIPS_rand_bytes(ret,16) <= 0)
- {
- fprintf(stderr, "Error getting PRNG value\n");
- return;
- }
-
- pv("R",ret,16);
- OPENSSL_free(key);
- key = NULL;
- OPENSSL_free(dt);
- dt = NULL;
- OPENSSL_free(v);
- v = NULL;
- }
- }
- }
-
-static void mct()
- {
- unsigned char *key = NULL;
- unsigned char *v = NULL;
- unsigned char *dt = NULL;
- unsigned char ret[16];
- char buf[1024];
- char lbuf[1024];
- char *keyword, *value;
- long i, keylen;
- int j;
-
- keylen = 0;
-
- while(fgets(buf,sizeof buf,stdin) != NULL)
- {
- fputs(buf,stdout);
- if(!strncmp(buf,"[AES 128-Key]", 13))
- keylen = 16;
- else if(!strncmp(buf,"[AES 192-Key]", 13))
- keylen = 24;
- else if(!strncmp(buf,"[AES 256-Key]", 13))
- keylen = 32;
- if (!parse_line(&keyword, &value, lbuf, buf))
- continue;
- if(!strcmp(keyword,"Key"))
- {
- key=hex2bin_m(value,&i);
- if (i != keylen)
- {
- fprintf(stderr, "Invalid key length, expecting %ld\n", keylen);
- return;
- }
- }
- else if(!strcmp(keyword,"DT"))
- {
- dt=hex2bin_m(value,&i);
- if (i != 16)
- {
- fprintf(stderr, "Invalid DT length\n");
- return;
- }
- }
- else if(!strcmp(keyword,"V"))
- {
- v=hex2bin_m(value,&i);
- if (i != 16)
- {
- fprintf(stderr, "Invalid V length\n");
- return;
- }
-
- if (!key || !dt)
- {
- fprintf(stderr, "Missing key or DT\n");
- return;
- }
-
- FIPS_rand_set_key(key, keylen);
- FIPS_rand_seed(v,16);
- for (i = 0; i < 10000; i++)
- {
- FIPS_rand_set_dt(dt);
- if (FIPS_rand_bytes(ret,16) <= 0)
- {
- fprintf(stderr, "Error getting PRNG value\n");
- return;
- }
- /* Increment DT */
- for (j = 15; j >= 0; j--)
- {
- dt[j]++;
- if (dt[j])
- break;
- }
- }
-
- pv("R",ret,16);
- OPENSSL_free(key);
- key = NULL;
- OPENSSL_free(dt);
- dt = NULL;
- OPENSSL_free(v);
- v = NULL;
- }
- }
- }
-
-int main(int argc,char **argv)
- {
- if(argc != 2)
- {
- fprintf(stderr,"%s [mct|vst]\n",argv[0]);
- exit(1);
- }
- if(!FIPS_mode_set(1))
- {
- do_print_errors();
- exit(1);
- }
- FIPS_rand_reset();
- if (!FIPS_rand_test_mode())
- {
- fprintf(stderr, "Error setting PRNG test mode\n");
- do_print_errors();
- exit(1);
- }
- if(!strcmp(argv[1],"mct"))
- mct();
- else if(!strcmp(argv[1],"vst"))
- vst();
- else
- {
- fprintf(stderr,"Don't know how to %s.\n",argv[1]);
- exit(1);
- }
-
- return 0;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rngvs.c (from rev 6976, vendor-crypto/openssl/dist/fips/rand/fips_rngvs.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rngvs.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rand/fips_rngvs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,204 @@
+/*
+ * Crude test driver for processing the VST and MCT testvector files
+ * generated by the CMVP RNGVS product.
+ *
+ * Note the input files are assumed to have a _very_ specific format
+ * as described in the NIST document "The Random Number Generator
+ * Validation System (RNGVS)", May 25, 2004.
+ *
+ */
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_FIPS
+# include <stdio.h>
+
+int main(int argc, char **argv)
+{
+ printf("No FIPS RNG support\n");
+ return 0;
+}
+#else
+
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/fips.h>
+# include <openssl/err.h>
+# include <openssl/rand.h>
+# include <openssl/fips_rand.h>
+# include <openssl/x509v3.h>
+# include <string.h>
+# include <ctype.h>
+
+# include "fips_utl.h"
+
+static void vst()
+{
+ unsigned char *key = NULL;
+ unsigned char *v = NULL;
+ unsigned char *dt = NULL;
+ unsigned char ret[16];
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ long i, keylen;
+
+ keylen = 0;
+
+ while (fgets(buf, sizeof buf, stdin) != NULL) {
+ fputs(buf, stdout);
+ if (!strncmp(buf, "[AES 128-Key]", 13))
+ keylen = 16;
+ else if (!strncmp(buf, "[AES 192-Key]", 13))
+ keylen = 24;
+ else if (!strncmp(buf, "[AES 256-Key]", 13))
+ keylen = 32;
+ if (!parse_line(&keyword, &value, lbuf, buf))
+ continue;
+ if (!strcmp(keyword, "Key")) {
+ key = hex2bin_m(value, &i);
+ if (i != keylen) {
+ fprintf(stderr, "Invalid key length, expecting %ld\n",
+ keylen);
+ return;
+ }
+ } else if (!strcmp(keyword, "DT")) {
+ dt = hex2bin_m(value, &i);
+ if (i != 16) {
+ fprintf(stderr, "Invalid DT length\n");
+ return;
+ }
+ } else if (!strcmp(keyword, "V")) {
+ v = hex2bin_m(value, &i);
+ if (i != 16) {
+ fprintf(stderr, "Invalid V length\n");
+ return;
+ }
+
+ if (!key || !dt) {
+ fprintf(stderr, "Missing key or DT\n");
+ return;
+ }
+
+ FIPS_rand_set_key(key, keylen);
+ FIPS_rand_seed(v, 16);
+ FIPS_rand_set_dt(dt);
+ if (FIPS_rand_bytes(ret, 16) <= 0) {
+ fprintf(stderr, "Error getting PRNG value\n");
+ return;
+ }
+
+ pv("R", ret, 16);
+ OPENSSL_free(key);
+ key = NULL;
+ OPENSSL_free(dt);
+ dt = NULL;
+ OPENSSL_free(v);
+ v = NULL;
+ }
+ }
+}
+
+static void mct()
+{
+ unsigned char *key = NULL;
+ unsigned char *v = NULL;
+ unsigned char *dt = NULL;
+ unsigned char ret[16];
+ char buf[1024];
+ char lbuf[1024];
+ char *keyword, *value;
+ long i, keylen;
+ int j;
+
+ keylen = 0;
+
+ while (fgets(buf, sizeof buf, stdin) != NULL) {
+ fputs(buf, stdout);
+ if (!strncmp(buf, "[AES 128-Key]", 13))
+ keylen = 16;
+ else if (!strncmp(buf, "[AES 192-Key]", 13))
+ keylen = 24;
+ else if (!strncmp(buf, "[AES 256-Key]", 13))
+ keylen = 32;
+ if (!parse_line(&keyword, &value, lbuf, buf))
+ continue;
+ if (!strcmp(keyword, "Key")) {
+ key = hex2bin_m(value, &i);
+ if (i != keylen) {
+ fprintf(stderr, "Invalid key length, expecting %ld\n",
+ keylen);
+ return;
+ }
+ } else if (!strcmp(keyword, "DT")) {
+ dt = hex2bin_m(value, &i);
+ if (i != 16) {
+ fprintf(stderr, "Invalid DT length\n");
+ return;
+ }
+ } else if (!strcmp(keyword, "V")) {
+ v = hex2bin_m(value, &i);
+ if (i != 16) {
+ fprintf(stderr, "Invalid V length\n");
+ return;
+ }
+
+ if (!key || !dt) {
+ fprintf(stderr, "Missing key or DT\n");
+ return;
+ }
+
+ FIPS_rand_set_key(key, keylen);
+ FIPS_rand_seed(v, 16);
+ for (i = 0; i < 10000; i++) {
+ FIPS_rand_set_dt(dt);
+ if (FIPS_rand_bytes(ret, 16) <= 0) {
+ fprintf(stderr, "Error getting PRNG value\n");
+ return;
+ }
+ /* Increment DT */
+ for (j = 15; j >= 0; j--) {
+ dt[j]++;
+ if (dt[j])
+ break;
+ }
+ }
+
+ pv("R", ret, 16);
+ OPENSSL_free(key);
+ key = NULL;
+ OPENSSL_free(dt);
+ dt = NULL;
+ OPENSSL_free(v);
+ v = NULL;
+ }
+ }
+}
+
+int main(int argc, char **argv)
+{
+ if (argc != 2) {
+ fprintf(stderr, "%s [mct|vst]\n", argv[0]);
+ exit(1);
+ }
+ if (!FIPS_mode_set(1)) {
+ do_print_errors();
+ exit(1);
+ }
+ FIPS_rand_reset();
+ if (!FIPS_rand_test_mode()) {
+ fprintf(stderr, "Error setting PRNG test mode\n");
+ do_print_errors();
+ exit(1);
+ }
+ if (!strcmp(argv[1], "mct"))
+ mct();
+ else if (!strcmp(argv[1], "vst"))
+ vst();
+ else {
+ fprintf(stderr, "Don't know how to %s.\n", argv[1]);
+ exit(1);
+ }
+
+ return 0;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_eay.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rsa/fips_rsa_eay.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_eay.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,934 +0,0 @@
-/* crypto/rsa/rsa_eay.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-
-#if !defined(RSA_NULL) && defined(OPENSSL_FIPS)
-
-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
-static int RSA_eay_init(RSA *rsa);
-static int RSA_eay_finish(RSA *rsa);
-static RSA_METHOD rsa_pkcs1_eay_meth={
- "Eric Young's PKCS#1 RSA",
- RSA_eay_public_encrypt,
- RSA_eay_public_decrypt, /* signature verification */
- RSA_eay_private_encrypt, /* signing */
- RSA_eay_private_decrypt,
- RSA_eay_mod_exp,
- BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */
- RSA_eay_init,
- RSA_eay_finish,
- RSA_FLAG_FIPS_METHOD, /* flags */
- NULL,
- 0, /* rsa_sign */
- 0, /* rsa_verify */
- NULL /* rsa_keygen */
- };
-
-const RSA_METHOD *RSA_PKCS1_SSLeay(void)
- {
- return(&rsa_pkcs1_eay_meth);
- }
-
-/* Usage example;
- * MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
- */
-#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \
- if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
- !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \
- CRYPTO_LOCK_RSA, \
- (rsa)->m, (ctx))) \
- err_instr
-
-static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- BIGNUM *f,*ret;
- int i,j,k,num=0,r= -1;
- unsigned char *buf=NULL;
- BN_CTX *ctx=NULL;
-
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
- goto err;
- }
-
- if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
- return -1;
- }
-
- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
- return -1;
- }
-
- if (BN_ucmp(rsa->n, rsa->e) <= 0)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
- return -1;
- }
-
- /* for large moduli, enforce exponent limit */
- if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
- {
- if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
- return -1;
- }
- }
-
- if ((ctx=BN_CTX_new()) == NULL) goto err;
- BN_CTX_start(ctx);
- f = BN_CTX_get(ctx);
- ret = BN_CTX_get(ctx);
- num=BN_num_bytes(rsa->n);
- buf = OPENSSL_malloc(num);
- if (!f || !ret || !buf)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- switch (padding)
- {
- case RSA_PKCS1_PADDING:
- i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
- break;
-#ifndef OPENSSL_NO_SHA
- case RSA_PKCS1_OAEP_PADDING:
- i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
- break;
-#endif
- case RSA_SSLV23_PADDING:
- i=RSA_padding_add_SSLv23(buf,num,from,flen);
- break;
- case RSA_NO_PADDING:
- i=RSA_padding_add_none(buf,num,from,flen);
- break;
- default:
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
- if (i <= 0) goto err;
-
- if (BN_bin2bn(buf,num,f) == NULL) goto err;
-
- if (BN_ucmp(f, rsa->n) >= 0)
- {
- /* usually the padding functions would catch this */
- RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
- goto err;
- }
-
- MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
-
- if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
- rsa->_method_mod_n)) goto err;
-
- /* put in leading 0 bytes if the number is less than the
- * length of the modulus */
- j=BN_num_bytes(ret);
- i=BN_bn2bin(ret,&(to[num-j]));
- for (k=0; k<(num-i); k++)
- to[k]=0;
-
- r=num;
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,num);
- OPENSSL_free(buf);
- }
- return(r);
- }
-
-static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
-{
- BN_BLINDING *ret;
- int got_write_lock = 0;
-
- CRYPTO_r_lock(CRYPTO_LOCK_RSA);
-
- if (rsa->blinding == NULL)
- {
- CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- got_write_lock = 1;
-
- if (rsa->blinding == NULL)
- rsa->blinding = RSA_setup_blinding(rsa, ctx);
- }
-
- ret = rsa->blinding;
- if (ret == NULL)
- goto err;
-
- if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
- {
- /* rsa->blinding is ours! */
-
- *local = 1;
- }
- else
- {
- /* resort to rsa->mt_blinding instead */
-
- *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
- * that the BN_BLINDING is shared, meaning that accesses
- * require locks, and that the blinding factor must be
- * stored outside the BN_BLINDING
- */
-
- if (rsa->mt_blinding == NULL)
- {
- if (!got_write_lock)
- {
- CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
- CRYPTO_w_lock(CRYPTO_LOCK_RSA);
- got_write_lock = 1;
- }
-
- if (rsa->mt_blinding == NULL)
- rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
- }
- ret = rsa->mt_blinding;
- }
-
- err:
- if (got_write_lock)
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
- else
- CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
- return ret;
-}
-
-static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f,
- BIGNUM *r, BN_CTX *ctx)
-{
- if (local)
- return BN_BLINDING_convert_ex(f, NULL, b, ctx);
- else
- {
- int ret;
- CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING);
- ret = BN_BLINDING_convert_ex(f, r, b, ctx);
- CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
- return ret;
- }
-}
-
-static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
- BIGNUM *r, BN_CTX *ctx)
-{
- if (local)
- return BN_BLINDING_invert_ex(f, NULL, b, ctx);
- else
- {
- int ret;
- CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
- ret = BN_BLINDING_invert_ex(f, r, b, ctx);
- CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
- return ret;
- }
-}
-
-/* signing */
-static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- BIGNUM *f, *ret, *br, *res;
- int i,j,k,num=0,r= -1;
- unsigned char *buf=NULL;
- BN_CTX *ctx=NULL;
- int local_blinding = 0;
- BN_BLINDING *blinding = NULL;
-
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
- goto err;
- }
-
- if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
- return -1;
- }
-
- if ((ctx=BN_CTX_new()) == NULL) goto err;
- BN_CTX_start(ctx);
- f = BN_CTX_get(ctx);
- br = BN_CTX_get(ctx);
- ret = BN_CTX_get(ctx);
- num = BN_num_bytes(rsa->n);
- buf = OPENSSL_malloc(num);
- if(!f || !ret || !buf)
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- switch (padding)
- {
- case RSA_PKCS1_PADDING:
- i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
- break;
- case RSA_X931_PADDING:
- i=RSA_padding_add_X931(buf,num,from,flen);
- break;
- case RSA_NO_PADDING:
- i=RSA_padding_add_none(buf,num,from,flen);
- break;
- case RSA_SSLV23_PADDING:
- default:
- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
- if (i <= 0) goto err;
-
- if (BN_bin2bn(buf,num,f) == NULL) goto err;
-
- if (BN_ucmp(f, rsa->n) >= 0)
- {
- /* usually the padding functions would catch this */
- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
- goto err;
- }
-
- if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
- {
- blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
- if (blinding == NULL)
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- if (blinding != NULL)
- if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
- goto err;
-
- if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
- ((rsa->p != NULL) &&
- (rsa->q != NULL) &&
- (rsa->dmp1 != NULL) &&
- (rsa->dmq1 != NULL) &&
- (rsa->iqmp != NULL)) )
- {
- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
- }
- else
- {
- BIGNUM local_d;
- BIGNUM *d = NULL;
-
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- BN_init(&local_d);
- d = &local_d;
- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
- }
- else
- d = rsa->d;
-
- MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
-
- if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
- rsa->_method_mod_n)) goto err;
- }
-
- if (blinding)
- if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
- goto err;
-
- if (padding == RSA_X931_PADDING)
- {
- BN_sub(f, rsa->n, ret);
- if (BN_cmp(ret, f))
- res = f;
- else
- res = ret;
- }
- else
- res = ret;
-
- /* put in leading 0 bytes if the number is less than the
- * length of the modulus */
- j=BN_num_bytes(res);
- i=BN_bn2bin(res,&(to[num-j]));
- for (k=0; k<(num-i); k++)
- to[k]=0;
-
- r=num;
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,num);
- OPENSSL_free(buf);
- }
- return(r);
- }
-
-static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- BIGNUM *f, *ret, *br;
- int j,num=0,r= -1;
- unsigned char *p;
- unsigned char *buf=NULL;
- BN_CTX *ctx=NULL;
- int local_blinding = 0;
- BN_BLINDING *blinding = NULL;
-
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
- goto err;
- }
-
- if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
- return -1;
- }
-
- if((ctx = BN_CTX_new()) == NULL) goto err;
- BN_CTX_start(ctx);
- f = BN_CTX_get(ctx);
- br = BN_CTX_get(ctx);
- ret = BN_CTX_get(ctx);
- num = BN_num_bytes(rsa->n);
- buf = OPENSSL_malloc(num);
- if(!f || !ret || !buf)
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* This check was for equality but PGP does evil things
- * and chops off the top '0' bytes */
- if (flen > num)
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
- goto err;
- }
-
- /* make data into a big number */
- if (BN_bin2bn(from,(int)flen,f) == NULL) goto err;
-
- if (BN_ucmp(f, rsa->n) >= 0)
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
- goto err;
- }
-
- if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
- {
- blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
- if (blinding == NULL)
- {
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- if (blinding != NULL)
- if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
- goto err;
-
- /* do the decrypt */
- if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
- ((rsa->p != NULL) &&
- (rsa->q != NULL) &&
- (rsa->dmp1 != NULL) &&
- (rsa->dmq1 != NULL) &&
- (rsa->iqmp != NULL)) )
- {
- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
- }
- else
- {
- BIGNUM local_d;
- BIGNUM *d = NULL;
-
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- d = &local_d;
- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
- }
- else
- d = rsa->d;
-
- MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
- if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
- rsa->_method_mod_n))
- goto err;
- }
-
- if (blinding)
- if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
- goto err;
-
- p=buf;
- j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */
-
- switch (padding)
- {
- case RSA_PKCS1_PADDING:
- r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
- break;
-#ifndef OPENSSL_NO_SHA
- case RSA_PKCS1_OAEP_PADDING:
- r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
- break;
-#endif
- case RSA_SSLV23_PADDING:
- r=RSA_padding_check_SSLv23(to,num,buf,j,num);
- break;
- case RSA_NO_PADDING:
- r=RSA_padding_check_none(to,num,buf,j,num);
- break;
- default:
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
- if (r < 0)
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,num);
- OPENSSL_free(buf);
- }
- return(r);
- }
-
-/* signature verification */
-static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
- BIGNUM *f,*ret;
- int i,num=0,r= -1;
- unsigned char *p;
- unsigned char *buf=NULL;
- BN_CTX *ctx=NULL;
-
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
- goto err;
- }
-
- if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
- return -1;
- }
-
- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
- return -1;
- }
-
- if (BN_ucmp(rsa->n, rsa->e) <= 0)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
- return -1;
- }
-
- /* for large moduli, enforce exponent limit */
- if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
- {
- if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
- return -1;
- }
- }
-
- if((ctx = BN_CTX_new()) == NULL) goto err;
- BN_CTX_start(ctx);
- f = BN_CTX_get(ctx);
- ret = BN_CTX_get(ctx);
- num=BN_num_bytes(rsa->n);
- buf = OPENSSL_malloc(num);
- if(!f || !ret || !buf)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* This check was for equality but PGP does evil things
- * and chops off the top '0' bytes */
- if (flen > num)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
- goto err;
- }
-
- if (BN_bin2bn(from,flen,f) == NULL) goto err;
-
- if (BN_ucmp(f, rsa->n) >= 0)
- {
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
- goto err;
- }
-
- MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
-
- if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
- rsa->_method_mod_n)) goto err;
-
- if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
- BN_sub(ret, rsa->n, ret);
-
- p=buf;
- i=BN_bn2bin(ret,p);
-
- switch (padding)
- {
- case RSA_PKCS1_PADDING:
- r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
- break;
- case RSA_X931_PADDING:
- r=RSA_padding_check_X931(to,num,buf,i,num);
- break;
- case RSA_NO_PADDING:
- r=RSA_padding_check_none(to,num,buf,i,num);
- break;
- default:
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
- if (r < 0)
- RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-
-err:
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,num);
- OPENSSL_free(buf);
- }
- return(r);
- }
-
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- BIGNUM *r1,*m1,*vrfy;
- BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
- BIGNUM *dmp1,*dmq1,*c,*pr1;
- int bn_flags;
- int ret=0;
-
- BN_CTX_start(ctx);
- r1 = BN_CTX_get(ctx);
- m1 = BN_CTX_get(ctx);
- vrfy = BN_CTX_get(ctx);
-
- /* Make sure mod_inverse in montgomerey intialization use correct
- * BN_FLG_CONSTTIME flag.
- */
- bn_flags = rsa->p->flags;
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- rsa->p->flags |= BN_FLG_CONSTTIME;
- }
- MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
- /* We restore bn_flags back */
- rsa->p->flags = bn_flags;
-
- /* Make sure mod_inverse in montgomerey intialization use correct
- * BN_FLG_CONSTTIME flag.
- */
- bn_flags = rsa->q->flags;
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- rsa->q->flags |= BN_FLG_CONSTTIME;
- }
- MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
- /* We restore bn_flags back */
- rsa->q->flags = bn_flags;
-
- MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
-
- /* compute I mod q */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- c = &local_c;
- BN_with_flags(c, I, BN_FLG_CONSTTIME);
- if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
- }
- else
- {
- if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
- }
-
- /* compute r1^dmq1 mod q */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- dmq1 = &local_dmq1;
- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
- }
- else
- dmq1 = rsa->dmq1;
- if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx,
- rsa->_method_mod_q)) goto err;
-
- /* compute I mod p */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- c = &local_c;
- BN_with_flags(c, I, BN_FLG_CONSTTIME);
- if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
- }
- else
- {
- if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
- }
-
- /* compute r1^dmp1 mod p */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- dmp1 = &local_dmp1;
- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
- }
- else
- dmp1 = rsa->dmp1;
- if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx,
- rsa->_method_mod_p)) goto err;
-
- if (!BN_sub(r0,r0,m1)) goto err;
- /* This will help stop the size of r0 increasing, which does
- * affect the multiply if it optimised for a power of 2 size */
- if (BN_is_negative(r0))
- if (!BN_add(r0,r0,rsa->p)) goto err;
-
- if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
-
- /* Turn BN_FLG_CONSTTIME flag on before division operation */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- pr1 = &local_r1;
- BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
- }
- else
- pr1 = r1;
- if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
-
- /* If p < q it is occasionally possible for the correction of
- * adding 'p' if r0 is negative above to leave the result still
- * negative. This can break the private key operations: the following
- * second correction should *always* correct this rare occurrence.
- * This will *never* happen with OpenSSL generated keys because
- * they ensure p > q [steve]
- */
- if (BN_is_negative(r0))
- if (!BN_add(r0,r0,rsa->p)) goto err;
- if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
- if (!BN_add(r0,r1,m1)) goto err;
-
- if (rsa->e && rsa->n)
- {
- if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err;
- /* If 'I' was greater than (or equal to) rsa->n, the operation
- * will be equivalent to using 'I mod n'. However, the result of
- * the verify will *always* be less than 'n' so we don't check
- * for absolute equality, just congruency. */
- if (!BN_sub(vrfy, vrfy, I)) goto err;
- if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err;
- if (BN_is_negative(vrfy))
- if (!BN_add(vrfy, vrfy, rsa->n)) goto err;
- if (!BN_is_zero(vrfy))
- {
- /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
- * miscalculated CRT output, just do a raw (slower)
- * mod_exp and return that instead. */
-
- BIGNUM local_d;
- BIGNUM *d = NULL;
-
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- d = &local_d;
- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
- }
- else
- d = rsa->d;
- if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,
- rsa->_method_mod_n)) goto err;
- }
- }
- ret=1;
-err:
- BN_CTX_end(ctx);
- return(ret);
- }
-
-static int RSA_eay_init(RSA *rsa)
- {
- FIPS_selftest_check();
- rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
- return(1);
- }
-
-static int RSA_eay_finish(RSA *rsa)
- {
- if (rsa->_method_mod_n != NULL)
- BN_MONT_CTX_free(rsa->_method_mod_n);
- if (rsa->_method_mod_p != NULL)
- BN_MONT_CTX_free(rsa->_method_mod_p);
- if (rsa->_method_mod_q != NULL)
- BN_MONT_CTX_free(rsa->_method_mod_q);
- return(1);
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_eay.c (from rev 6976, vendor-crypto/openssl/dist/fips/rsa/fips_rsa_eay.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_eay.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_eay.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,913 @@
+/* crypto/rsa/rsa_eay.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+
+#if !defined(RSA_NULL) && defined(OPENSSL_FIPS)
+
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding);
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+ BN_CTX *ctx);
+static int RSA_eay_init(RSA *rsa);
+static int RSA_eay_finish(RSA *rsa);
+static RSA_METHOD rsa_pkcs1_eay_meth = {
+ "Eric Young's PKCS#1 RSA",
+ RSA_eay_public_encrypt,
+ RSA_eay_public_decrypt, /* signature verification */
+ RSA_eay_private_encrypt, /* signing */
+ RSA_eay_private_decrypt,
+ RSA_eay_mod_exp,
+ BN_mod_exp_mont, /* XXX probably we should not use Montgomery
+ * if e == 3 */
+ RSA_eay_init,
+ RSA_eay_finish,
+ RSA_FLAG_FIPS_METHOD, /* flags */
+ NULL,
+ 0, /* rsa_sign */
+ 0, /* rsa_verify */
+ NULL /* rsa_keygen */
+};
+
+const RSA_METHOD *RSA_PKCS1_SSLeay(void)
+{
+ return (&rsa_pkcs1_eay_meth);
+}
+
+/*
+ * Usage example; MONT_HELPER(rsa, bn_ctx, p, rsa->flags &
+ * RSA_FLAG_CACHE_PRIVATE, goto err);
+ */
+# define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \
+ if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
+ !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \
+ CRYPTO_LOCK_RSA, \
+ (rsa)->m, (ctx))) \
+ err_instr
+
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ BIGNUM *f, *ret;
+ int i, j, k, num = 0, r = -1;
+ unsigned char *buf = NULL;
+ BN_CTX *ctx = NULL;
+
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT, FIPS_R_FIPS_SELFTEST_FAILED);
+ goto err;
+ }
+
+ if (FIPS_mode()
+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
+ return -1;
+ }
+
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
+ if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+
+ /* for large moduli, enforce exponent limit */
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ f = BN_CTX_get(ctx);
+ ret = BN_CTX_get(ctx);
+ num = BN_num_bytes(rsa->n);
+ buf = OPENSSL_malloc(num);
+ if (!f || !ret || !buf) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ switch (padding) {
+ case RSA_PKCS1_PADDING:
+ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
+ break;
+# ifndef OPENSSL_NO_SHA
+ case RSA_PKCS1_OAEP_PADDING:
+ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
+ break;
+# endif
+ case RSA_SSLV23_PADDING:
+ i = RSA_padding_add_SSLv23(buf, num, from, flen);
+ break;
+ case RSA_NO_PADDING:
+ i = RSA_padding_add_none(buf, num, from, flen);
+ break;
+ default:
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (i <= 0)
+ goto err;
+
+ if (BN_bin2bn(buf, num, f) == NULL)
+ goto err;
+
+ if (BN_ucmp(f, rsa->n) >= 0) {
+ /* usually the padding functions would catch this */
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
+ MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+
+ if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+ rsa->_method_mod_n))
+ goto err;
+
+ /*
+ * put in leading 0 bytes if the number is less than the length of the
+ * modulus
+ */
+ j = BN_num_bytes(ret);
+ i = BN_bn2bin(ret, &(to[num - j]));
+ for (k = 0; k < (num - i); k++)
+ to[k] = 0;
+
+ r = num;
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, num);
+ OPENSSL_free(buf);
+ }
+ return (r);
+}
+
+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
+{
+ BN_BLINDING *ret;
+ int got_write_lock = 0;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_RSA);
+
+ if (rsa->blinding == NULL) {
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ got_write_lock = 1;
+
+ if (rsa->blinding == NULL)
+ rsa->blinding = RSA_setup_blinding(rsa, ctx);
+ }
+
+ ret = rsa->blinding;
+ if (ret == NULL)
+ goto err;
+
+ if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) {
+ /* rsa->blinding is ours! */
+
+ *local = 1;
+ } else {
+ /* resort to rsa->mt_blinding instead */
+
+ /*
+ * instructs rsa_blinding_convert(), rsa_blinding_invert() that the
+ * BN_BLINDING is shared, meaning that accesses require locks, and
+ * that the blinding factor must be stored outside the BN_BLINDING
+ */
+ *local = 0;
+
+ if (rsa->mt_blinding == NULL) {
+ if (!got_write_lock) {
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ got_write_lock = 1;
+ }
+
+ if (rsa->mt_blinding == NULL)
+ rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
+ }
+ ret = rsa->mt_blinding;
+ }
+
+ err:
+ if (got_write_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ else
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ return ret;
+}
+
+static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f,
+ BIGNUM *r, BN_CTX *ctx)
+{
+ if (local)
+ return BN_BLINDING_convert_ex(f, NULL, b, ctx);
+ else {
+ int ret;
+ CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING);
+ ret = BN_BLINDING_convert_ex(f, r, b, ctx);
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
+ return ret;
+ }
+}
+
+static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
+ BIGNUM *r, BN_CTX *ctx)
+{
+ if (local)
+ return BN_BLINDING_invert_ex(f, NULL, b, ctx);
+ else {
+ int ret;
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
+ ret = BN_BLINDING_invert_ex(f, r, b, ctx);
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
+ return ret;
+ }
+}
+
+/* signing */
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ BIGNUM *f, *ret, *br, *res;
+ int i, j, k, num = 0, r = -1;
+ unsigned char *buf = NULL;
+ BN_CTX *ctx = NULL;
+ int local_blinding = 0;
+ BN_BLINDING *blinding = NULL;
+
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT, FIPS_R_FIPS_SELFTEST_FAILED);
+ goto err;
+ }
+
+ if (FIPS_mode()
+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
+ return -1;
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ f = BN_CTX_get(ctx);
+ br = BN_CTX_get(ctx);
+ ret = BN_CTX_get(ctx);
+ num = BN_num_bytes(rsa->n);
+ buf = OPENSSL_malloc(num);
+ if (!f || !ret || !buf) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ switch (padding) {
+ case RSA_PKCS1_PADDING:
+ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
+ break;
+ case RSA_X931_PADDING:
+ i = RSA_padding_add_X931(buf, num, from, flen);
+ break;
+ case RSA_NO_PADDING:
+ i = RSA_padding_add_none(buf, num, from, flen);
+ break;
+ case RSA_SSLV23_PADDING:
+ default:
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (i <= 0)
+ goto err;
+
+ if (BN_bin2bn(buf, num, f) == NULL)
+ goto err;
+
+ if (BN_ucmp(f, rsa->n) >= 0) {
+ /* usually the padding functions would catch this */
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+ if (blinding == NULL) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (blinding != NULL)
+ if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
+ goto err;
+
+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+ ((rsa->p != NULL) &&
+ (rsa->q != NULL) &&
+ (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+ goto err;
+ } else {
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ BN_init(&local_d);
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
+
+ MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC,
+ goto err);
+
+ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+ rsa->_method_mod_n))
+ goto err;
+ }
+
+ if (blinding)
+ if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
+ goto err;
+
+ if (padding == RSA_X931_PADDING) {
+ BN_sub(f, rsa->n, ret);
+ if (BN_cmp(ret, f))
+ res = f;
+ else
+ res = ret;
+ } else
+ res = ret;
+
+ /*
+ * put in leading 0 bytes if the number is less than the length of the
+ * modulus
+ */
+ j = BN_num_bytes(res);
+ i = BN_bn2bin(res, &(to[num - j]));
+ for (k = 0; k < (num - i); k++)
+ to[k] = 0;
+
+ r = num;
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, num);
+ OPENSSL_free(buf);
+ }
+ return (r);
+}
+
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ BIGNUM *f, *ret, *br;
+ int j, num = 0, r = -1;
+ unsigned char *p;
+ unsigned char *buf = NULL;
+ BN_CTX *ctx = NULL;
+ int local_blinding = 0;
+ BN_BLINDING *blinding = NULL;
+
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT, FIPS_R_FIPS_SELFTEST_FAILED);
+ goto err;
+ }
+
+ if (FIPS_mode()
+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
+ return -1;
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ f = BN_CTX_get(ctx);
+ br = BN_CTX_get(ctx);
+ ret = BN_CTX_get(ctx);
+ num = BN_num_bytes(rsa->n);
+ buf = OPENSSL_malloc(num);
+ if (!f || !ret || !buf) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /*
+ * This check was for equality but PGP does evil things and chops off the
+ * top '0' bytes
+ */
+ if (flen > num) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
+ RSA_R_DATA_GREATER_THAN_MOD_LEN);
+ goto err;
+ }
+
+ /* make data into a big number */
+ if (BN_bin2bn(from, (int)flen, f) == NULL)
+ goto err;
+
+ if (BN_ucmp(f, rsa->n) >= 0) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
+ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+ blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+ if (blinding == NULL) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ if (blinding != NULL)
+ if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
+ goto err;
+
+ /* do the decrypt */
+ if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+ ((rsa->p != NULL) &&
+ (rsa->q != NULL) &&
+ (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+ goto err;
+ } else {
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
+
+ MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC,
+ goto err);
+ if (!rsa->
+ meth->bn_mod_exp(ret, f, d, rsa->n, ctx, rsa->_method_mod_n))
+ goto err;
+ }
+
+ if (blinding)
+ if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
+ goto err;
+
+ p = buf;
+ j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */
+
+ switch (padding) {
+ case RSA_PKCS1_PADDING:
+ r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
+ break;
+# ifndef OPENSSL_NO_SHA
+ case RSA_PKCS1_OAEP_PADDING:
+ r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
+ break;
+# endif
+ case RSA_SSLV23_PADDING:
+ r = RSA_padding_check_SSLv23(to, num, buf, j, num);
+ break;
+ case RSA_NO_PADDING:
+ r = RSA_padding_check_none(to, num, buf, j, num);
+ break;
+ default:
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (r < 0)
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, num);
+ OPENSSL_free(buf);
+ }
+ return (r);
+}
+
+/* signature verification */
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+{
+ BIGNUM *f, *ret;
+ int i, num = 0, r = -1;
+ unsigned char *p;
+ unsigned char *buf = NULL;
+ BN_CTX *ctx = NULL;
+
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT, FIPS_R_FIPS_SELFTEST_FAILED);
+ goto err;
+ }
+
+ if (FIPS_mode()
+ && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
+ return -1;
+ }
+
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+ return -1;
+ }
+
+ if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+
+ /* for large moduli, enforce exponent limit */
+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+ return -1;
+ }
+ }
+
+ if ((ctx = BN_CTX_new()) == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ f = BN_CTX_get(ctx);
+ ret = BN_CTX_get(ctx);
+ num = BN_num_bytes(rsa->n);
+ buf = OPENSSL_malloc(num);
+ if (!f || !ret || !buf) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /*
+ * This check was for equality but PGP does evil things and chops off the
+ * top '0' bytes
+ */
+ if (flen > num) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN);
+ goto err;
+ }
+
+ if (BN_bin2bn(from, flen, f) == NULL)
+ goto err;
+
+ if (BN_ucmp(f, rsa->n) >= 0) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
+ RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+ goto err;
+ }
+
+ MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+
+ if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+ rsa->_method_mod_n))
+ goto err;
+
+ if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
+ BN_sub(ret, rsa->n, ret);
+
+ p = buf;
+ i = BN_bn2bin(ret, p);
+
+ switch (padding) {
+ case RSA_PKCS1_PADDING:
+ r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num);
+ break;
+ case RSA_X931_PADDING:
+ r = RSA_padding_check_X931(to, num, buf, i, num);
+ break;
+ case RSA_NO_PADDING:
+ r = RSA_padding_check_none(to, num, buf, i, num);
+ break;
+ default:
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ goto err;
+ }
+ if (r < 0)
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+
+ err:
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, num);
+ OPENSSL_free(buf);
+ }
+ return (r);
+}
+
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+ BIGNUM *r1, *m1, *vrfy;
+ BIGNUM local_dmp1, local_dmq1, local_c, local_r1;
+ BIGNUM *dmp1, *dmq1, *c, *pr1;
+ int bn_flags;
+ int ret = 0;
+
+ BN_CTX_start(ctx);
+ r1 = BN_CTX_get(ctx);
+ m1 = BN_CTX_get(ctx);
+ vrfy = BN_CTX_get(ctx);
+
+ /*
+ * Make sure mod_inverse in montgomerey intialization use correct
+ * BN_FLG_CONSTTIME flag.
+ */
+ bn_flags = rsa->p->flags;
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ rsa->p->flags |= BN_FLG_CONSTTIME;
+ }
+ MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
+ /* We restore bn_flags back */
+ rsa->p->flags = bn_flags;
+
+ /*
+ * Make sure mod_inverse in montgomerey intialization use correct
+ * BN_FLG_CONSTTIME flag.
+ */
+ bn_flags = rsa->q->flags;
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ rsa->q->flags |= BN_FLG_CONSTTIME;
+ }
+ MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
+ /* We restore bn_flags back */
+ rsa->q->flags = bn_flags;
+
+ MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+
+ /* compute I mod q */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ c = &local_c;
+ BN_with_flags(c, I, BN_FLG_CONSTTIME);
+ if (!BN_mod(r1, c, rsa->q, ctx))
+ goto err;
+ } else {
+ if (!BN_mod(r1, I, rsa->q, ctx))
+ goto err;
+ }
+
+ /* compute r1^dmq1 mod q */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ dmq1 = &local_dmq1;
+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+ } else
+ dmq1 = rsa->dmq1;
+ if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, rsa->_method_mod_q))
+ goto err;
+
+ /* compute I mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ c = &local_c;
+ BN_with_flags(c, I, BN_FLG_CONSTTIME);
+ if (!BN_mod(r1, c, rsa->p, ctx))
+ goto err;
+ } else {
+ if (!BN_mod(r1, I, rsa->p, ctx))
+ goto err;
+ }
+
+ /* compute r1^dmp1 mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ dmp1 = &local_dmp1;
+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+ } else
+ dmp1 = rsa->dmp1;
+ if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, rsa->_method_mod_p))
+ goto err;
+
+ if (!BN_sub(r0, r0, m1))
+ goto err;
+ /*
+ * This will help stop the size of r0 increasing, which does affect the
+ * multiply if it optimised for a power of 2 size
+ */
+ if (BN_is_negative(r0))
+ if (!BN_add(r0, r0, rsa->p))
+ goto err;
+
+ if (!BN_mul(r1, r0, rsa->iqmp, ctx))
+ goto err;
+
+ /* Turn BN_FLG_CONSTTIME flag on before division operation */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ pr1 = &local_r1;
+ BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
+ } else
+ pr1 = r1;
+ if (!BN_mod(r0, pr1, rsa->p, ctx))
+ goto err;
+
+ /*
+ * If p < q it is occasionally possible for the correction of adding 'p'
+ * if r0 is negative above to leave the result still negative. This can
+ * break the private key operations: the following second correction
+ * should *always* correct this rare occurrence. This will *never* happen
+ * with OpenSSL generated keys because they ensure p > q [steve]
+ */
+ if (BN_is_negative(r0))
+ if (!BN_add(r0, r0, rsa->p))
+ goto err;
+ if (!BN_mul(r1, r0, rsa->q, ctx))
+ goto err;
+ if (!BN_add(r0, r1, m1))
+ goto err;
+
+ if (rsa->e && rsa->n) {
+ if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx,
+ rsa->_method_mod_n))
+ goto err;
+ /*
+ * If 'I' was greater than (or equal to) rsa->n, the operation will
+ * be equivalent to using 'I mod n'. However, the result of the
+ * verify will *always* be less than 'n' so we don't check for
+ * absolute equality, just congruency.
+ */
+ if (!BN_sub(vrfy, vrfy, I))
+ goto err;
+ if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
+ goto err;
+ if (BN_is_negative(vrfy))
+ if (!BN_add(vrfy, vrfy, rsa->n))
+ goto err;
+ if (!BN_is_zero(vrfy)) {
+ /*
+ * 'I' and 'vrfy' aren't congruent mod n. Don't leak
+ * miscalculated CRT output, just do a raw (slower) mod_exp and
+ * return that instead.
+ */
+
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
+ if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx,
+ rsa->_method_mod_n))
+ goto err;
+ }
+ }
+ ret = 1;
+ err:
+ BN_CTX_end(ctx);
+ return (ret);
+}
+
+static int RSA_eay_init(RSA *rsa)
+{
+ FIPS_selftest_check();
+ rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
+ return (1);
+}
+
+static int RSA_eay_finish(RSA *rsa)
+{
+ if (rsa->_method_mod_n != NULL)
+ BN_MONT_CTX_free(rsa->_method_mod_n);
+ if (rsa->_method_mod_p != NULL)
+ BN_MONT_CTX_free(rsa->_method_mod_p);
+ if (rsa->_method_mod_q != NULL)
+ BN_MONT_CTX_free(rsa->_method_mod_q);
+ return (1);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_gen.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rsa/fips_rsa_gen.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,310 +0,0 @@
-/* crypto/rsa/rsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-
-/* NB: these functions have been "upgraded", the deprecated versions (which are
- * compatibility wrappers using these functions) are in rsa_depr.c.
- * - Geoff
- */
-
-#include <stdio.h>
-#include <time.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/fips.h>
-#include "fips_locl.h"
-
-#ifdef OPENSSL_FIPS
-
-static int fips_rsa_pairwise_fail = 0;
-
-void FIPS_corrupt_rsa_keygen(void)
- {
- fips_rsa_pairwise_fail = 1;
- }
-
-int fips_check_rsa(RSA *rsa)
- {
- const unsigned char tbs[] = "RSA Pairwise Check Data";
- unsigned char *ctbuf = NULL, *ptbuf = NULL;
- int len, ret = 0;
- EVP_PKEY pk;
- pk.type = EVP_PKEY_RSA;
- pk.pkey.rsa = rsa;
-
- /* Perform pairwise consistency signature test */
- if (!fips_pkey_signature_test(&pk, tbs, -1,
- NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
- || !fips_pkey_signature_test(&pk, tbs, -1,
- NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931, NULL)
- || !fips_pkey_signature_test(&pk, tbs, -1,
- NULL, 0, EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS, NULL))
- goto err;
- /* Now perform pairwise consistency encrypt/decrypt test */
- ctbuf = OPENSSL_malloc(RSA_size(rsa));
- if (!ctbuf)
- goto err;
-
- len = RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa, RSA_PKCS1_PADDING);
- if (len <= 0)
- goto err;
- /* Check ciphertext doesn't match plaintext */
- if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
- goto err;
- ptbuf = OPENSSL_malloc(RSA_size(rsa));
-
- if (!ptbuf)
- goto err;
- len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
- if (len != (sizeof(tbs) - 1))
- goto err;
- if (memcmp(ptbuf, tbs, len))
- goto err;
-
- ret = 1;
-
- if (!ptbuf)
- goto err;
-
- err:
- if (ret == 0)
- {
- fips_set_selftest_fail();
- FIPSerr(FIPS_F_FIPS_CHECK_RSA,FIPS_R_PAIRWISE_TEST_FAILED);
- }
-
- if (ctbuf)
- OPENSSL_free(ctbuf);
- if (ptbuf)
- OPENSSL_free(ptbuf);
-
- return ret;
- }
-
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
-
-/* NB: this wrapper would normally be placed in rsa_lib.c and the static
- * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so
- * that we don't introduce a new linker dependency. Eg. any application that
- * wasn't previously linking object code related to key-generation won't have to
- * now just because key-generation is part of RSA_METHOD. */
-int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
- {
- if(rsa->meth->rsa_keygen)
- return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
- return rsa_builtin_keygen(rsa, bits, e_value, cb);
- }
-
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
- {
- BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
- BIGNUM local_r0,local_d,local_p;
- BIGNUM *pr0,*d,*p;
- int bitsp,bitsq,ok= -1,n=0;
- BN_CTX *ctx=NULL;
-
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_FIPS_SELFTEST_FAILED);
- return 0;
- }
-
- if (FIPS_mode() && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
- {
- FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
- return 0;
- }
-
- ctx=BN_CTX_new();
- if (ctx == NULL) goto err;
- BN_CTX_start(ctx);
- r0 = BN_CTX_get(ctx);
- r1 = BN_CTX_get(ctx);
- r2 = BN_CTX_get(ctx);
- r3 = BN_CTX_get(ctx);
- if (r3 == NULL) goto err;
-
- bitsp=(bits+1)/2;
- bitsq=bits-bitsp;
-
- /* We need the RSA components non-NULL */
- if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
- if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
- if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
- if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
- if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
- if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
- if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
- if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
-
- BN_copy(rsa->e, e_value);
-
- /* generate p and q */
- for (;;)
- {
- if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
- goto err;
- if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
- if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
- if (BN_is_one(r1)) break;
- if(!BN_GENCB_call(cb, 2, n++))
- goto err;
- }
- if(!BN_GENCB_call(cb, 3, 0))
- goto err;
- for (;;)
- {
- /* When generating ridiculously small keys, we can get stuck
- * continually regenerating the same prime values. Check for
- * this and bail if it happens 3 times. */
- unsigned int degenerate = 0;
- do
- {
- if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
- goto err;
- } while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
- if(degenerate == 3)
- {
- ok = 0; /* we set our own err */
- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL);
- goto err;
- }
- if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
- if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
- if (BN_is_one(r1))
- break;
- if(!BN_GENCB_call(cb, 2, n++))
- goto err;
- }
- if(!BN_GENCB_call(cb, 3, 1))
- goto err;
- if (BN_cmp(rsa->p,rsa->q) < 0)
- {
- tmp=rsa->p;
- rsa->p=rsa->q;
- rsa->q=tmp;
- }
-
- /* calculate n */
- if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
-
- /* calculate d */
- if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
- if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
- if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- pr0 = &local_r0;
- BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
- }
- else
- pr0 = r0;
- if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */
-
- /* set up d for correct BN_FLG_CONSTTIME flag */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- d = &local_d;
- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
- }
- else
- d = rsa->d;
-
- /* calculate d mod (p-1) */
- if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;
-
- /* calculate d mod (q-1) */
- if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;
-
- /* calculate inverse of q mod p */
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- p = &local_p;
- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
- }
- else
- p = rsa->p;
- if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
-
- if (fips_rsa_pairwise_fail)
- BN_add_word(rsa->n, 1);
-
- if(!fips_check_rsa(rsa))
- goto err;
-
- ok=1;
-err:
- if (ok == -1)
- {
- RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);
- ok=0;
- }
- if (ctx != NULL)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
-
- return ok;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_gen.c (from rev 6976, vendor-crypto/openssl/dist/fips/rsa/fips_rsa_gen.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_gen.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_gen.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,326 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+ * NB: these functions have been "upgraded", the deprecated versions (which
+ * are compatibility wrappers using these functions) are in rsa_depr.c. -
+ * Geoff
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/fips.h>
+#include "fips_locl.h"
+
+#ifdef OPENSSL_FIPS
+
+static int fips_rsa_pairwise_fail = 0;
+
+void FIPS_corrupt_rsa_keygen(void)
+{
+ fips_rsa_pairwise_fail = 1;
+}
+
+int fips_check_rsa(RSA *rsa)
+{
+ const unsigned char tbs[] = "RSA Pairwise Check Data";
+ unsigned char *ctbuf = NULL, *ptbuf = NULL;
+ int len, ret = 0;
+ EVP_PKEY pk;
+ pk.type = EVP_PKEY_RSA;
+ pk.pkey.rsa = rsa;
+
+ /* Perform pairwise consistency signature test */
+ if (!fips_pkey_signature_test(&pk, tbs, -1,
+ NULL, 0, EVP_sha1(),
+ EVP_MD_CTX_FLAG_PAD_PKCS1, NULL)
+ || !fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, EVP_sha1(),
+ EVP_MD_CTX_FLAG_PAD_X931, NULL)
+ || !fips_pkey_signature_test(&pk, tbs, -1, NULL, 0, EVP_sha1(),
+ EVP_MD_CTX_FLAG_PAD_PSS, NULL))
+ goto err;
+ /* Now perform pairwise consistency encrypt/decrypt test */
+ ctbuf = OPENSSL_malloc(RSA_size(rsa));
+ if (!ctbuf)
+ goto err;
+
+ len =
+ RSA_public_encrypt(sizeof(tbs) - 1, tbs, ctbuf, rsa,
+ RSA_PKCS1_PADDING);
+ if (len <= 0)
+ goto err;
+ /* Check ciphertext doesn't match plaintext */
+ if ((len == (sizeof(tbs) - 1)) && !memcmp(tbs, ctbuf, len))
+ goto err;
+ ptbuf = OPENSSL_malloc(RSA_size(rsa));
+
+ if (!ptbuf)
+ goto err;
+ len = RSA_private_decrypt(len, ctbuf, ptbuf, rsa, RSA_PKCS1_PADDING);
+ if (len != (sizeof(tbs) - 1))
+ goto err;
+ if (memcmp(ptbuf, tbs, len))
+ goto err;
+
+ ret = 1;
+
+ if (!ptbuf)
+ goto err;
+
+ err:
+ if (ret == 0) {
+ fips_set_selftest_fail();
+ FIPSerr(FIPS_F_FIPS_CHECK_RSA, FIPS_R_PAIRWISE_TEST_FAILED);
+ }
+
+ if (ctbuf)
+ OPENSSL_free(ctbuf);
+ if (ptbuf)
+ OPENSSL_free(ptbuf);
+
+ return ret;
+}
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+ BN_GENCB *cb);
+
+/*
+ * NB: this wrapper would normally be placed in rsa_lib.c and the static
+ * implementation would probably be in rsa_eay.c. Nonetheless, is kept here
+ * so that we don't introduce a new linker dependency. Eg. any application
+ * that wasn't previously linking object code related to key-generation won't
+ * have to now just because key-generation is part of RSA_METHOD.
+ */
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
+{
+ if (rsa->meth->rsa_keygen)
+ return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+ return rsa_builtin_keygen(rsa, bits, e_value, cb);
+}
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+ BN_GENCB *cb)
+{
+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
+ BIGNUM local_r0, local_d, local_p;
+ BIGNUM *pr0, *d, *p;
+ int bitsp, bitsq, ok = -1, n = 0;
+ BN_CTX *ctx = NULL;
+
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
+ return 0;
+ }
+
+ if (FIPS_mode() && (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)) {
+ FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_KEY_TOO_SHORT);
+ return 0;
+ }
+
+ ctx = BN_CTX_new();
+ if (ctx == NULL)
+ goto err;
+ BN_CTX_start(ctx);
+ r0 = BN_CTX_get(ctx);
+ r1 = BN_CTX_get(ctx);
+ r2 = BN_CTX_get(ctx);
+ r3 = BN_CTX_get(ctx);
+ if (r3 == NULL)
+ goto err;
+
+ bitsp = (bits + 1) / 2;
+ bitsq = bits - bitsp;
+
+ /* We need the RSA components non-NULL */
+ if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+ goto err;
+ if (!rsa->d && ((rsa->d = BN_new()) == NULL))
+ goto err;
+ if (!rsa->e && ((rsa->e = BN_new()) == NULL))
+ goto err;
+ if (!rsa->p && ((rsa->p = BN_new()) == NULL))
+ goto err;
+ if (!rsa->q && ((rsa->q = BN_new()) == NULL))
+ goto err;
+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
+ goto err;
+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
+ goto err;
+ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
+ goto err;
+
+ BN_copy(rsa->e, e_value);
+
+ /* generate p and q */
+ for (;;) {
+ if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
+ goto err;
+ if (!BN_sub(r2, rsa->p, BN_value_one()))
+ goto err;
+ if (!BN_gcd(r1, r2, rsa->e, ctx))
+ goto err;
+ if (BN_is_one(r1))
+ break;
+ if (!BN_GENCB_call(cb, 2, n++))
+ goto err;
+ }
+ if (!BN_GENCB_call(cb, 3, 0))
+ goto err;
+ for (;;) {
+ /*
+ * When generating ridiculously small keys, we can get stuck
+ * continually regenerating the same prime values. Check for this and
+ * bail if it happens 3 times.
+ */
+ unsigned int degenerate = 0;
+ do {
+ if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+ goto err;
+ } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
+ if (degenerate == 3) {
+ ok = 0; /* we set our own err */
+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
+ goto err;
+ }
+ if (!BN_sub(r2, rsa->q, BN_value_one()))
+ goto err;
+ if (!BN_gcd(r1, r2, rsa->e, ctx))
+ goto err;
+ if (BN_is_one(r1))
+ break;
+ if (!BN_GENCB_call(cb, 2, n++))
+ goto err;
+ }
+ if (!BN_GENCB_call(cb, 3, 1))
+ goto err;
+ if (BN_cmp(rsa->p, rsa->q) < 0) {
+ tmp = rsa->p;
+ rsa->p = rsa->q;
+ rsa->q = tmp;
+ }
+
+ /* calculate n */
+ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
+ goto err;
+
+ /* calculate d */
+ if (!BN_sub(r1, rsa->p, BN_value_one()))
+ goto err; /* p-1 */
+ if (!BN_sub(r2, rsa->q, BN_value_one()))
+ goto err; /* q-1 */
+ if (!BN_mul(r0, r1, r2, ctx))
+ goto err; /* (p-1)(q-1) */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ pr0 = &local_r0;
+ BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
+ } else
+ pr0 = r0;
+ if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx))
+ goto err; /* d */
+
+ /* set up d for correct BN_FLG_CONSTTIME flag */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
+
+ /* calculate d mod (p-1) */
+ if (!BN_mod(rsa->dmp1, d, r1, ctx))
+ goto err;
+
+ /* calculate d mod (q-1) */
+ if (!BN_mod(rsa->dmq1, d, r2, ctx))
+ goto err;
+
+ /* calculate inverse of q mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ p = &local_p;
+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+ } else
+ p = rsa->p;
+ if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx))
+ goto err;
+
+ if (fips_rsa_pairwise_fail)
+ BN_add_word(rsa->n, 1);
+
+ if (!fips_check_rsa(rsa))
+ goto err;
+
+ ok = 1;
+ err:
+ if (ok == -1) {
+ RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
+ ok = 0;
+ }
+ if (ctx != NULL) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+
+ return ok;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_lib.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rsa/fips_rsa_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,101 +0,0 @@
-/* fips_rsa_sign.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/bn.h>
-#include <openssl/err.h>
-
-/* Minimal FIPS versions of FIPS_rsa_new() and FIPS_rsa_free: to
- * reduce external dependencies.
- */
-
-RSA *FIPS_rsa_new(void)
- {
- RSA *ret;
- ret = OPENSSL_malloc(sizeof(RSA));
- if (!ret)
- return NULL;
- memset(ret, 0, sizeof(RSA));
- ret->meth = RSA_PKCS1_SSLeay();
- if (ret->meth->init)
- ret->meth->init(ret);
- return ret;
- }
-
-void FIPS_rsa_free(RSA *r)
- {
- if (!r)
- return;
- if (r->meth->finish)
- r->meth->finish(r);
- if (r->n != NULL) BN_clear_free(r->n);
- if (r->e != NULL) BN_clear_free(r->e);
- if (r->d != NULL) BN_clear_free(r->d);
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
- if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
- if (r->iqmp != NULL) BN_clear_free(r->iqmp);
- if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
- if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
- if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
- OPENSSL_free(r);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_lib.c (from rev 6976, vendor-crypto/openssl/dist/fips/rsa/fips_rsa_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,113 @@
+/* fips_rsa_sign.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+
+/*
+ * Minimal FIPS versions of FIPS_rsa_new() and FIPS_rsa_free: to reduce
+ * external dependencies.
+ */
+
+RSA *FIPS_rsa_new(void)
+{
+ RSA *ret;
+ ret = OPENSSL_malloc(sizeof(RSA));
+ if (!ret)
+ return NULL;
+ memset(ret, 0, sizeof(RSA));
+ ret->meth = RSA_PKCS1_SSLeay();
+ if (ret->meth->init)
+ ret->meth->init(ret);
+ return ret;
+}
+
+void FIPS_rsa_free(RSA *r)
+{
+ if (!r)
+ return;
+ if (r->meth->finish)
+ r->meth->finish(r);
+ if (r->n != NULL)
+ BN_clear_free(r->n);
+ if (r->e != NULL)
+ BN_clear_free(r->e);
+ if (r->d != NULL)
+ BN_clear_free(r->d);
+ if (r->p != NULL)
+ BN_clear_free(r->p);
+ if (r->q != NULL)
+ BN_clear_free(r->q);
+ if (r->dmp1 != NULL)
+ BN_clear_free(r->dmp1);
+ if (r->dmq1 != NULL)
+ BN_clear_free(r->dmq1);
+ if (r->iqmp != NULL)
+ BN_clear_free(r->iqmp);
+ if (r->blinding != NULL)
+ BN_BLINDING_free(r->blinding);
+ if (r->mt_blinding != NULL)
+ BN_BLINDING_free(r->mt_blinding);
+ if (r->bignum_data != NULL)
+ OPENSSL_free_locked(r->bignum_data);
+ OPENSSL_free(r);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_selftest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rsa/fips_rsa_selftest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,432 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/opensslconf.h>
-
-#ifdef OPENSSL_FIPS
-
-static unsigned char n[] =
-"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
-"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
-"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
-"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
-"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
-"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
-"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
-"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
-"\xCB";
-
-
-static int setrsakey(RSA *key)
- {
- static const unsigned char e[] = "\x11";
-
- static const unsigned char d[] =
-"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
-"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
-"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
-"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
-"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
-"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
-"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
-"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
-"\xC1";
-
- static const unsigned char p[] =
-"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
-"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
-"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
-"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
-"\x99";
-
- static const unsigned char q[] =
-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
-"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
-"\x03";
-
- static const unsigned char dmp1[] =
-"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
-"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
-"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
-"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
-
- static const unsigned char dmq1[] =
-"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
-"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
-"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
-"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
-
- static const unsigned char iqmp[] =
-"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
-"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
-"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
-"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
-"\xF7";
-
- key->n = BN_bin2bn(n, sizeof(n)-1, key->n);
- key->e = BN_bin2bn(e, sizeof(e)-1, key->e);
- key->d = BN_bin2bn(d, sizeof(d)-1, key->d);
- key->p = BN_bin2bn(p, sizeof(p)-1, key->p);
- key->q = BN_bin2bn(q, sizeof(q)-1, key->q);
- key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1);
- key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1);
- key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp);
- return 1;
- }
-
-void FIPS_corrupt_rsa()
- {
- n[0]++;
- }
-
-/* Known Answer Test (KAT) data for the above RSA private key signing
- * kat_tbs.
- */
-
-static const unsigned char kat_tbs[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";
-
-static const unsigned char kat_RSA_PSS_SHA1[] = {
- 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F,
- 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB,
- 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3,
- 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C,
- 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7,
- 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5,
- 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45,
- 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31,
- 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8,
- 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84,
- 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
-};
-
-static const unsigned char kat_RSA_PSS_SHA224[] = {
- 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7,
- 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA,
- 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57,
- 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89,
- 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE,
- 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22,
- 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5,
- 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49,
- 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D,
- 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00,
- 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
-};
-
-static const unsigned char kat_RSA_PSS_SHA256[] = {
- 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89,
- 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F,
- 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28,
- 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E,
- 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05,
- 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA,
- 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6,
- 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F,
- 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D,
- 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6,
- 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
-};
-
-static const unsigned char kat_RSA_PSS_SHA384[] = {
- 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2,
- 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E,
- 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD,
- 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F,
- 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C,
- 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB,
- 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F,
- 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89,
- 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F,
- 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55,
- 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
-};
-
-static const unsigned char kat_RSA_PSS_SHA512[] = {
- 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C,
- 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A,
- 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD,
- 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39,
- 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7,
- 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61,
- 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13,
- 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63,
- 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE,
- 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88,
- 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
-};
-
-static const unsigned char kat_RSA_SHA1[] = {
- 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C,
- 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B,
- 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF,
- 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
- 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1,
- 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA,
- 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E,
- 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
- 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F,
- 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95,
- 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
-};
-
-static const unsigned char kat_RSA_SHA224[] = {
- 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9,
- 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D,
- 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89,
- 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD,
- 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5,
- 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC,
- 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B,
- 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2,
- 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35,
- 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC,
- 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
-};
-
-static const unsigned char kat_RSA_SHA256[] = {
- 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23,
- 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23,
- 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35,
- 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E,
- 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18,
- 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30,
- 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A,
- 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38,
- 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA,
- 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90,
- 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
-};
-
-static const unsigned char kat_RSA_SHA384[] = {
- 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F,
- 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7,
- 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C,
- 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55,
- 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF,
- 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2,
- 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C,
- 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD,
- 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1,
- 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04,
- 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
-};
-
-static const unsigned char kat_RSA_SHA512[] = {
- 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF,
- 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A,
- 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1,
- 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8,
- 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5,
- 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B,
- 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6,
- 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05,
- 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D,
- 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91,
- 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
-};
-
-static const unsigned char kat_RSA_X931_SHA1[] = {
- 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF,
- 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75,
- 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC,
- 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97,
- 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6,
- 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19,
- 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7,
- 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99,
- 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76,
- 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67,
- 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
-};
-
-static const unsigned char kat_RSA_X931_SHA256[] = {
- 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89,
- 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD,
- 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF,
- 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B,
- 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B,
- 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98,
- 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC,
- 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C,
- 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD,
- 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC,
- 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
-};
-
-static const unsigned char kat_RSA_X931_SHA384[] = {
- 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B,
- 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB,
- 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3,
- 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6,
- 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31,
- 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1,
- 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79,
- 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF,
- 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35,
- 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D,
- 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
-};
-
-static const unsigned char kat_RSA_X931_SHA512[] = {
- 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63,
- 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC,
- 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7,
- 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28,
- 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5,
- 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF,
- 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0,
- 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09,
- 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C,
- 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B,
- 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
-};
-
-
-int FIPS_selftest_rsa()
- {
- int ret = 0;
- RSA *key = NULL;
- EVP_PKEY pk;
- key=FIPS_rsa_new();
- setrsakey(key);
- pk.type = EVP_PKEY_RSA;
- pk.pkey.rsa = key;
-
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
- EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1,
- "RSA SHA1 PKCS#1"))
- goto err;
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_SHA224, sizeof(kat_RSA_SHA224),
- EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1,
- "RSA SHA224 PKCS#1"))
- goto err;
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_SHA256, sizeof(kat_RSA_SHA256),
- EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1,
- "RSA SHA256 PKCS#1"))
- goto err;
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_SHA384, sizeof(kat_RSA_SHA384),
- EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1,
- "RSA SHA384 PKCS#1"))
- goto err;
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_SHA512, sizeof(kat_RSA_SHA512),
- EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1,
- "RSA SHA512 PKCS#1"))
- goto err;
-
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1),
- EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS,
- "RSA SHA1 PSS"))
- goto err;
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_PSS_SHA224, sizeof(kat_RSA_PSS_SHA224),
- EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PSS,
- "RSA SHA224 PSS"))
- goto err;
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_PSS_SHA256, sizeof(kat_RSA_PSS_SHA256),
- EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PSS,
- "RSA SHA256 PSS"))
- goto err;
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_PSS_SHA384, sizeof(kat_RSA_PSS_SHA384),
- EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PSS,
- "RSA SHA384 PSS"))
- goto err;
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_PSS_SHA512, sizeof(kat_RSA_PSS_SHA512),
- EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PSS,
- "RSA SHA512 PSS"))
- goto err;
-
-
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_X931_SHA1, sizeof(kat_RSA_X931_SHA1),
- EVP_sha1(), EVP_MD_CTX_FLAG_PAD_X931,
- "RSA SHA1 X931"))
- goto err;
- /* NB: SHA224 not supported in X9.31 */
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_X931_SHA256, sizeof(kat_RSA_X931_SHA256),
- EVP_sha256(), EVP_MD_CTX_FLAG_PAD_X931,
- "RSA SHA256 X931"))
- goto err;
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_X931_SHA384, sizeof(kat_RSA_X931_SHA384),
- EVP_sha384(), EVP_MD_CTX_FLAG_PAD_X931,
- "RSA SHA384 X931"))
- goto err;
- if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
- kat_RSA_X931_SHA512, sizeof(kat_RSA_X931_SHA512),
- EVP_sha512(), EVP_MD_CTX_FLAG_PAD_X931,
- "RSA SHA512 X931"))
- goto err;
-
-
- ret = 1;
-
- err:
- FIPS_rsa_free(key);
- return ret;
- }
-
-#endif /* def OPENSSL_FIPS */
Copied: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_selftest.c (from rev 6976, vendor-crypto/openssl/dist/fips/rsa/fips_rsa_selftest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_selftest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,432 @@
+/* ====================================================================
+ * Copyright (c) 2003-2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_FIPS
+
+static unsigned char n[] =
+ "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+ "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+ "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+ "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+ "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+ "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+ "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+ "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" "\xCB";
+
+static int setrsakey(RSA *key)
+{
+ static const unsigned char e[] = "\x11";
+
+ static const unsigned char d[] =
+ "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+ "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+ "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+ "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+ "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+ "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+ "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+ "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+ "\xC1";
+
+ static const unsigned char p[] =
+ "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+ "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+ "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+ "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+ "\x99";
+
+ static const unsigned char q[] =
+ "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+ "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+ "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+ "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+ "\x03";
+
+ static const unsigned char dmp1[] =
+ "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+ "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+ "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+ "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+
+ static const unsigned char dmq1[] =
+ "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+ "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+ "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+ "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+
+ static const unsigned char iqmp[] =
+ "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+ "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+ "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+ "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+ "\xF7";
+
+ key->n = BN_bin2bn(n, sizeof(n) - 1, key->n);
+ key->e = BN_bin2bn(e, sizeof(e) - 1, key->e);
+ key->d = BN_bin2bn(d, sizeof(d) - 1, key->d);
+ key->p = BN_bin2bn(p, sizeof(p) - 1, key->p);
+ key->q = BN_bin2bn(q, sizeof(q) - 1, key->q);
+ key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1) - 1, key->dmp1);
+ key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1) - 1, key->dmq1);
+ key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp) - 1, key->iqmp);
+ return 1;
+}
+
+void FIPS_corrupt_rsa()
+{
+ n[0]++;
+}
+
+/*
+ * Known Answer Test (KAT) data for the above RSA private key signing
+ * kat_tbs.
+ */
+
+static const unsigned char kat_tbs[] =
+ "OpenSSL FIPS 140-2 Public Key RSA KAT";
+
+static const unsigned char kat_RSA_PSS_SHA1[] = {
+ 0x2D, 0xAF, 0x6E, 0xC2, 0x98, 0xFB, 0x8A, 0xA1, 0xB9, 0x46, 0xDA, 0x0F,
+ 0x01, 0x1E, 0x37, 0x93, 0xC2, 0x55, 0x27, 0xE4, 0x1D, 0xD2, 0x90, 0xBB,
+ 0xF4, 0xBF, 0x4A, 0x74, 0x39, 0x51, 0xBB, 0xE8, 0x0C, 0xB7, 0xF8, 0xD3,
+ 0xD1, 0xDF, 0xE7, 0xBE, 0x80, 0x05, 0xC3, 0xB5, 0xC7, 0x83, 0xD5, 0x4C,
+ 0x7F, 0x49, 0xFB, 0x3F, 0x29, 0x9B, 0xE1, 0x12, 0x51, 0x60, 0xD0, 0xA7,
+ 0x0D, 0xA9, 0x28, 0x56, 0x73, 0xD9, 0x07, 0xE3, 0x5E, 0x3F, 0x9B, 0xF5,
+ 0xB6, 0xF3, 0xF2, 0x5E, 0x74, 0xC9, 0x83, 0x81, 0x47, 0xF0, 0xC5, 0x45,
+ 0x0A, 0xE9, 0x8E, 0x38, 0xD7, 0x18, 0xC6, 0x2A, 0x0F, 0xF8, 0xB7, 0x31,
+ 0xD6, 0x55, 0xE4, 0x66, 0x78, 0x81, 0xD4, 0xE6, 0xDB, 0x9F, 0xBA, 0xE8,
+ 0x23, 0xB5, 0x7F, 0xDC, 0x08, 0xEA, 0xD5, 0x26, 0x1E, 0x20, 0x25, 0x84,
+ 0x26, 0xC6, 0x79, 0xC9, 0x9B, 0x3D, 0x7E, 0xA9
+};
+
+static const unsigned char kat_RSA_PSS_SHA224[] = {
+ 0x39, 0x4A, 0x6A, 0x20, 0xBC, 0xE9, 0x33, 0xED, 0xEF, 0xC5, 0x58, 0xA7,
+ 0xFE, 0x81, 0xC4, 0x36, 0x50, 0x9A, 0x2C, 0x82, 0x98, 0x08, 0x95, 0xFA,
+ 0xB1, 0x9E, 0xD2, 0x55, 0x61, 0x87, 0x21, 0x59, 0x87, 0x7B, 0x1F, 0x57,
+ 0x30, 0x9D, 0x0D, 0x4A, 0x06, 0xEB, 0x52, 0x37, 0x55, 0x54, 0x1C, 0x89,
+ 0x83, 0x75, 0x59, 0x65, 0x64, 0x90, 0x2E, 0x16, 0xCC, 0x86, 0x05, 0xEE,
+ 0xB1, 0xE6, 0x7B, 0xBA, 0x16, 0x75, 0x0D, 0x0C, 0x64, 0x0B, 0xAB, 0x22,
+ 0x15, 0x78, 0x6B, 0x6F, 0xA4, 0xFB, 0x77, 0x40, 0x64, 0x62, 0xD1, 0xB5,
+ 0x37, 0x1E, 0xE0, 0x3D, 0xA8, 0xF9, 0xD2, 0xBD, 0xAA, 0x38, 0x24, 0x49,
+ 0x58, 0xD2, 0x74, 0x85, 0xF4, 0xB5, 0x93, 0x8E, 0xF5, 0x03, 0xEA, 0x2D,
+ 0xC8, 0x52, 0xFA, 0xCF, 0x7E, 0x35, 0xB0, 0x6A, 0xAF, 0x95, 0xC0, 0x00,
+ 0x54, 0x76, 0x3D, 0x0C, 0x9C, 0xB2, 0xEE, 0xC0
+};
+
+static const unsigned char kat_RSA_PSS_SHA256[] = {
+ 0x6D, 0x3D, 0xBE, 0x8F, 0x60, 0x6D, 0x25, 0x14, 0xF0, 0x31, 0xE3, 0x89,
+ 0x00, 0x97, 0xFA, 0x99, 0x71, 0x28, 0xE5, 0x10, 0x25, 0x9A, 0xF3, 0x8F,
+ 0x7B, 0xC5, 0xA8, 0x4A, 0x74, 0x51, 0x36, 0xE2, 0x8D, 0x7D, 0x73, 0x28,
+ 0xC1, 0x77, 0xC6, 0x27, 0x97, 0x00, 0x8B, 0x00, 0xA3, 0x96, 0x73, 0x4E,
+ 0x7D, 0x2E, 0x2C, 0x34, 0x68, 0x8C, 0x8E, 0xDF, 0x9D, 0x49, 0x47, 0x05,
+ 0xAB, 0xF5, 0x01, 0xD6, 0x81, 0x47, 0x70, 0xF5, 0x1D, 0x6D, 0x26, 0xBA,
+ 0x2F, 0x7A, 0x54, 0x53, 0x4E, 0xED, 0x71, 0xD9, 0x5A, 0xF3, 0xDA, 0xB6,
+ 0x0B, 0x47, 0x34, 0xAF, 0x90, 0xDC, 0xC8, 0xD9, 0x6F, 0x56, 0xCD, 0x9F,
+ 0x21, 0xB7, 0x7E, 0xAD, 0x7C, 0x2F, 0x75, 0x50, 0x47, 0x12, 0xE4, 0x6D,
+ 0x5F, 0xB7, 0x01, 0xDF, 0xC3, 0x11, 0x6C, 0xA9, 0x9E, 0x49, 0xB9, 0xF6,
+ 0x72, 0xF4, 0xF6, 0xEF, 0x88, 0x1E, 0x2D, 0x1C
+};
+
+static const unsigned char kat_RSA_PSS_SHA384[] = {
+ 0x40, 0xFB, 0xA1, 0x21, 0xF4, 0xB2, 0x40, 0x9A, 0xB4, 0x31, 0xA8, 0xF2,
+ 0xEC, 0x1C, 0xC4, 0xC8, 0x7C, 0x22, 0x65, 0x9C, 0x57, 0x45, 0xCD, 0x5E,
+ 0x86, 0x00, 0xF7, 0x25, 0x78, 0xDE, 0xDC, 0x7A, 0x71, 0x44, 0x9A, 0xCD,
+ 0xAA, 0x25, 0xF4, 0xB2, 0xFC, 0xF0, 0x75, 0xD9, 0x2F, 0x78, 0x23, 0x7F,
+ 0x6F, 0x02, 0xEF, 0xC1, 0xAF, 0xA6, 0x28, 0x16, 0x31, 0xDC, 0x42, 0x6C,
+ 0xB2, 0x44, 0xE5, 0x4D, 0x66, 0xA2, 0xE6, 0x71, 0xF3, 0xAC, 0x4F, 0xFB,
+ 0x91, 0xCA, 0xF5, 0x70, 0xEF, 0x6B, 0x9D, 0xA4, 0xEF, 0xD9, 0x3D, 0x2F,
+ 0x3A, 0xBE, 0x89, 0x38, 0x59, 0x01, 0xBA, 0xDA, 0x32, 0xAD, 0x42, 0x89,
+ 0x98, 0x8B, 0x39, 0x44, 0xF0, 0xFC, 0x38, 0xAC, 0x87, 0x1F, 0xCA, 0x6F,
+ 0x48, 0xF6, 0xAE, 0xD7, 0x45, 0xEE, 0xAE, 0x88, 0x0E, 0x60, 0xF4, 0x55,
+ 0x48, 0x44, 0xEE, 0x1F, 0x90, 0x18, 0x4B, 0xF1
+};
+
+static const unsigned char kat_RSA_PSS_SHA512[] = {
+ 0x07, 0x1E, 0xD8, 0xD5, 0x05, 0xE8, 0xE6, 0xE6, 0x57, 0xAE, 0x63, 0x8C,
+ 0xC6, 0x83, 0xB7, 0xA0, 0x59, 0xBB, 0xF2, 0xC6, 0x8F, 0x12, 0x53, 0x9A,
+ 0x9B, 0x54, 0x9E, 0xB3, 0xC1, 0x1D, 0x23, 0x4D, 0x51, 0xED, 0x9E, 0xDD,
+ 0x4B, 0xF3, 0x46, 0x9B, 0x6B, 0xF6, 0x7C, 0x24, 0x60, 0x79, 0x23, 0x39,
+ 0x01, 0x1C, 0x51, 0xCB, 0xD8, 0xE9, 0x9A, 0x01, 0x67, 0x5F, 0xFE, 0xD7,
+ 0x7C, 0xE3, 0x7F, 0xED, 0xDB, 0x87, 0xBB, 0xF0, 0x3D, 0x78, 0x55, 0x61,
+ 0x57, 0xE3, 0x0F, 0xE3, 0xD2, 0x9D, 0x0C, 0x2A, 0x20, 0xB0, 0x85, 0x13,
+ 0xC5, 0x47, 0x34, 0x0D, 0x32, 0x15, 0xC8, 0xAE, 0x9A, 0x6A, 0x39, 0x63,
+ 0x2D, 0x60, 0xF5, 0x4C, 0xDF, 0x8A, 0x48, 0x4B, 0xBF, 0xF4, 0xA8, 0xFE,
+ 0x76, 0xF2, 0x32, 0x1B, 0x9C, 0x7C, 0xCA, 0xFE, 0x7F, 0x80, 0xC2, 0x88,
+ 0x5C, 0x97, 0x70, 0xB4, 0x26, 0xC9, 0x14, 0x8B
+};
+
+static const unsigned char kat_RSA_SHA1[] = {
+ 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C,
+ 0x4A, 0xFD, 0x1A, 0x05, 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B,
+ 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51, 0x55, 0x77, 0x90, 0xCF,
+ 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,
+ 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1,
+ 0x20, 0x22, 0xBE, 0x59, 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA,
+ 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF, 0x4E, 0xCA, 0x2E, 0x4E,
+ 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,
+ 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F,
+ 0x72, 0x05, 0xDE, 0xE6, 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95,
+ 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4
+};
+
+static const unsigned char kat_RSA_SHA224[] = {
+ 0x62, 0xAA, 0x79, 0xA9, 0x18, 0x0E, 0x5F, 0x8C, 0xBB, 0xB7, 0x15, 0xF9,
+ 0x25, 0xBB, 0xFA, 0xD4, 0x3A, 0x34, 0xED, 0x9E, 0xA0, 0xA9, 0x18, 0x8D,
+ 0x5B, 0x55, 0x9A, 0x7E, 0x1E, 0x08, 0x08, 0x60, 0xC5, 0x1A, 0xC5, 0x89,
+ 0x08, 0xE2, 0x1B, 0xBD, 0x62, 0x50, 0x17, 0x76, 0x30, 0x2C, 0x9E, 0xCD,
+ 0xA4, 0x02, 0xAD, 0xB1, 0x6D, 0x44, 0x6D, 0xD5, 0xC6, 0x45, 0x41, 0xE5,
+ 0xEE, 0x1F, 0x8D, 0x7E, 0x08, 0x16, 0xA6, 0xE1, 0x5E, 0x0B, 0xA9, 0xCC,
+ 0xDB, 0x59, 0x55, 0x87, 0x09, 0x25, 0x70, 0x86, 0x84, 0x02, 0xC6, 0x3B,
+ 0x0B, 0x44, 0x4C, 0x46, 0x95, 0xF4, 0xF8, 0x5A, 0x91, 0x28, 0x3E, 0xB2,
+ 0x58, 0x2E, 0x06, 0x45, 0x49, 0xE0, 0x92, 0xE2, 0xC0, 0x66, 0xE6, 0x35,
+ 0xD9, 0x79, 0x7F, 0x17, 0x5E, 0x02, 0x73, 0x04, 0x77, 0x82, 0xE6, 0xDC,
+ 0x40, 0x21, 0x89, 0x8B, 0x37, 0x3E, 0x1E, 0x8D
+};
+
+static const unsigned char kat_RSA_SHA256[] = {
+ 0x0D, 0x55, 0xE2, 0xAA, 0x81, 0xDB, 0x8E, 0x82, 0x05, 0x17, 0xA5, 0x23,
+ 0xE7, 0x3B, 0x1D, 0xAF, 0xFB, 0x8C, 0xD0, 0x81, 0x20, 0x7B, 0xAA, 0x23,
+ 0x92, 0x87, 0x8C, 0xD1, 0x53, 0x85, 0x16, 0xDC, 0xBE, 0xAD, 0x6F, 0x35,
+ 0x98, 0x2D, 0x69, 0x84, 0xBF, 0xD9, 0x8A, 0x01, 0x17, 0x58, 0xB2, 0x6E,
+ 0x2C, 0x44, 0x9B, 0x90, 0xF1, 0xFB, 0x51, 0xE8, 0x6A, 0x90, 0x2D, 0x18,
+ 0x0E, 0xC0, 0x90, 0x10, 0x24, 0xA9, 0x1D, 0xB3, 0x58, 0x7A, 0x91, 0x30,
+ 0xBE, 0x22, 0xC7, 0xD3, 0xEC, 0xC3, 0x09, 0x5D, 0xBF, 0xE2, 0x80, 0x3A,
+ 0x7C, 0x85, 0xB4, 0xBC, 0xD1, 0xE9, 0xF0, 0x5C, 0xDE, 0x81, 0xA6, 0x38,
+ 0xB8, 0x42, 0xBB, 0x86, 0xC5, 0x9D, 0xCE, 0x7C, 0x2C, 0xEE, 0xD1, 0xDA,
+ 0x27, 0x48, 0x2B, 0xF5, 0xAB, 0xB9, 0xF7, 0x80, 0xD1, 0x90, 0x27, 0x90,
+ 0xBD, 0x44, 0x97, 0x60, 0xCD, 0x57, 0xC0, 0x7A
+};
+
+static const unsigned char kat_RSA_SHA384[] = {
+ 0x1D, 0xE3, 0x6A, 0xDD, 0x27, 0x4C, 0xC0, 0xA5, 0x27, 0xEF, 0xE6, 0x1F,
+ 0xD2, 0x91, 0x68, 0x59, 0x04, 0xAE, 0xBD, 0x99, 0x63, 0x56, 0x47, 0xC7,
+ 0x6F, 0x22, 0x16, 0x48, 0xD0, 0xF9, 0x18, 0xA9, 0xCA, 0xFA, 0x5D, 0x5C,
+ 0xA7, 0x65, 0x52, 0x8A, 0xC8, 0x44, 0x7E, 0x86, 0x5D, 0xA9, 0xA6, 0x55,
+ 0x65, 0x3E, 0xD9, 0x2D, 0x02, 0x38, 0xA8, 0x79, 0x28, 0x7F, 0xB6, 0xCF,
+ 0x82, 0xDD, 0x7E, 0x55, 0xE1, 0xB1, 0xBC, 0xE2, 0x19, 0x2B, 0x30, 0xC2,
+ 0x1B, 0x2B, 0xB0, 0x82, 0x46, 0xAC, 0x4B, 0xD1, 0xE2, 0x7D, 0xEB, 0x8C,
+ 0xFF, 0x95, 0xE9, 0x6A, 0x1C, 0x3D, 0x4D, 0xBF, 0x8F, 0x8B, 0x9C, 0xCD,
+ 0xEA, 0x85, 0xEE, 0x00, 0xDC, 0x1C, 0xA7, 0xEB, 0xD0, 0x8F, 0x99, 0xF1,
+ 0x16, 0x28, 0x24, 0x64, 0x04, 0x39, 0x2D, 0x58, 0x1E, 0x37, 0xDC, 0x04,
+ 0xBD, 0x31, 0xA2, 0x2F, 0xB3, 0x35, 0x56, 0xBF
+};
+
+static const unsigned char kat_RSA_SHA512[] = {
+ 0x69, 0x52, 0x1B, 0x51, 0x5E, 0x06, 0xCA, 0x9B, 0x16, 0x51, 0x5D, 0xCF,
+ 0x49, 0x25, 0x4A, 0xA1, 0x6A, 0x77, 0x4C, 0x36, 0x40, 0xF8, 0xB2, 0x9A,
+ 0x15, 0xEA, 0x5C, 0xE5, 0xE6, 0x82, 0xE0, 0x86, 0x82, 0x6B, 0x32, 0xF1,
+ 0x04, 0xC1, 0x5A, 0x1A, 0xED, 0x1E, 0x9A, 0xB6, 0x4C, 0x54, 0x9F, 0xD8,
+ 0x8D, 0xCC, 0xAC, 0x8A, 0xBB, 0x9C, 0x82, 0x3F, 0xA6, 0x53, 0x62, 0xB5,
+ 0x80, 0xE2, 0xBC, 0xDD, 0x67, 0x2B, 0xD9, 0x3F, 0xE4, 0x75, 0x92, 0x6B,
+ 0xAF, 0x62, 0x7C, 0x52, 0xF0, 0xEE, 0x33, 0xDF, 0x1B, 0x1D, 0x47, 0xE6,
+ 0x59, 0x56, 0xA5, 0xB9, 0x5C, 0xE6, 0x77, 0x78, 0x16, 0x63, 0x84, 0x05,
+ 0x6F, 0x0E, 0x2B, 0x31, 0x9D, 0xF7, 0x7F, 0xB2, 0x64, 0x71, 0xE0, 0x2D,
+ 0x3E, 0x62, 0xCE, 0xB5, 0x3F, 0x88, 0xDF, 0x2D, 0xAB, 0x98, 0x65, 0x91,
+ 0xDF, 0x70, 0x14, 0xA5, 0x3F, 0x36, 0xAB, 0x84
+};
+
+static const unsigned char kat_RSA_X931_SHA1[] = {
+ 0x86, 0xB4, 0x18, 0xBA, 0xD1, 0x80, 0xB6, 0x7C, 0x42, 0x45, 0x4D, 0xDF,
+ 0xE9, 0x2D, 0xE1, 0x83, 0x5F, 0xB5, 0x2F, 0xC9, 0xCD, 0xC4, 0xB2, 0x75,
+ 0x80, 0xA4, 0xF1, 0x4A, 0xE7, 0x83, 0x12, 0x1E, 0x1E, 0x14, 0xB8, 0xAC,
+ 0x35, 0xE2, 0xAA, 0x0B, 0x5C, 0xF8, 0x38, 0x4D, 0x04, 0xEE, 0xA9, 0x97,
+ 0x70, 0xFB, 0x5E, 0xE7, 0xB7, 0xE3, 0x62, 0x23, 0x4B, 0x38, 0xBE, 0xD6,
+ 0x53, 0x15, 0xF7, 0xDF, 0x87, 0xB4, 0x0E, 0xCC, 0xB1, 0x1A, 0x11, 0x19,
+ 0xEE, 0x51, 0xCC, 0x92, 0xDD, 0xBC, 0x63, 0x29, 0x63, 0x0C, 0x59, 0xD7,
+ 0x6F, 0x4C, 0x3C, 0x37, 0x5B, 0x37, 0x03, 0x61, 0x7D, 0x24, 0x1C, 0x99,
+ 0x48, 0xAF, 0x82, 0xFE, 0x32, 0x41, 0x9B, 0xB2, 0xDB, 0xEA, 0xED, 0x76,
+ 0x8E, 0x6E, 0xCA, 0x7E, 0x4E, 0x14, 0xBA, 0x30, 0x84, 0x1C, 0xB3, 0x67,
+ 0xA3, 0x29, 0x80, 0x70, 0x54, 0x68, 0x7D, 0x49
+};
+
+static const unsigned char kat_RSA_X931_SHA256[] = {
+ 0x7E, 0xA2, 0x77, 0xFE, 0xB8, 0x54, 0x8A, 0xC7, 0x7F, 0x64, 0x54, 0x89,
+ 0xE5, 0x52, 0x15, 0x8E, 0x52, 0x96, 0x4E, 0xA6, 0x58, 0x92, 0x1C, 0xDD,
+ 0xEA, 0xA2, 0x2D, 0x5C, 0xD1, 0x62, 0x00, 0x49, 0x05, 0x95, 0x73, 0xCF,
+ 0x16, 0x76, 0x68, 0xF6, 0xC6, 0x5E, 0x80, 0xB8, 0xB8, 0x7B, 0xC8, 0x9B,
+ 0xC6, 0x53, 0x88, 0x26, 0x20, 0x88, 0x73, 0xB6, 0x13, 0xB8, 0xF0, 0x4B,
+ 0x00, 0x85, 0xF3, 0xDD, 0x07, 0x50, 0xEB, 0x20, 0xC4, 0x38, 0x0E, 0x98,
+ 0xAD, 0x4E, 0x49, 0x2C, 0xD7, 0x65, 0xA5, 0x19, 0x0E, 0x59, 0x01, 0xEC,
+ 0x7E, 0x75, 0x89, 0x69, 0x2E, 0x63, 0x76, 0x85, 0x46, 0x8D, 0xA0, 0x8C,
+ 0x33, 0x1D, 0x82, 0x8C, 0x03, 0xEA, 0x69, 0x88, 0x35, 0xA1, 0x42, 0xBD,
+ 0x21, 0xED, 0x8D, 0xBC, 0xBC, 0xDB, 0x30, 0xFF, 0x86, 0xF0, 0x5B, 0xDC,
+ 0xE3, 0xE2, 0xE8, 0x0A, 0x0A, 0x29, 0x94, 0x80
+};
+
+static const unsigned char kat_RSA_X931_SHA384[] = {
+ 0x5C, 0x7D, 0x96, 0x35, 0xEC, 0x7E, 0x11, 0x38, 0xBB, 0x7B, 0xEC, 0x7B,
+ 0xF2, 0x82, 0x8E, 0x99, 0xBD, 0xEF, 0xD8, 0xAE, 0xD7, 0x39, 0x37, 0xCB,
+ 0xE6, 0x4F, 0x5E, 0x0A, 0x13, 0xE4, 0x2E, 0x40, 0xB9, 0xBE, 0x2E, 0xE3,
+ 0xEF, 0x78, 0x83, 0x18, 0x44, 0x35, 0x9C, 0x8E, 0xD7, 0x4A, 0x63, 0xF6,
+ 0x57, 0xC2, 0xB0, 0x08, 0x51, 0x73, 0xCF, 0xCA, 0x99, 0x66, 0xEE, 0x31,
+ 0xD8, 0x69, 0xE9, 0xAB, 0x13, 0x27, 0x7B, 0x41, 0x1E, 0x6D, 0x8D, 0xF1,
+ 0x3E, 0x9C, 0x35, 0x95, 0x58, 0xDD, 0x2B, 0xD5, 0xA0, 0x60, 0x41, 0x79,
+ 0x24, 0x22, 0xE4, 0xB7, 0xBF, 0x47, 0x53, 0xF6, 0x34, 0xD5, 0x7C, 0xFF,
+ 0x0E, 0x09, 0xEE, 0x2E, 0xE2, 0x37, 0xB9, 0xDE, 0xC5, 0x12, 0x44, 0x35,
+ 0xEF, 0x01, 0xE6, 0x5E, 0x39, 0x31, 0x2D, 0x71, 0xA5, 0xDC, 0xC6, 0x6D,
+ 0xE2, 0xCD, 0x85, 0xDB, 0x73, 0x82, 0x65, 0x28
+};
+
+static const unsigned char kat_RSA_X931_SHA512[] = {
+ 0xA6, 0x65, 0xA2, 0x77, 0x4F, 0xB3, 0x86, 0xCB, 0x64, 0x3A, 0xC1, 0x63,
+ 0xFC, 0xA1, 0xAA, 0xCB, 0x9B, 0x79, 0xDD, 0x4B, 0xE1, 0xD9, 0xDA, 0xAC,
+ 0xE7, 0x47, 0x09, 0xB2, 0x11, 0x4B, 0x8A, 0xAA, 0x05, 0x9E, 0x77, 0xD7,
+ 0x3A, 0xBD, 0x5E, 0x53, 0x09, 0x4A, 0xE6, 0x0F, 0x5E, 0xF9, 0x14, 0x28,
+ 0xA0, 0x99, 0x74, 0x64, 0x70, 0x4E, 0xF2, 0xE3, 0xFA, 0xC7, 0xF8, 0xC5,
+ 0x6E, 0x2B, 0x79, 0x96, 0x0D, 0x0C, 0xC8, 0x10, 0x34, 0x53, 0xD2, 0xAF,
+ 0x17, 0x0E, 0xE0, 0xBF, 0x79, 0xF6, 0x04, 0x72, 0x10, 0xE0, 0xF6, 0xD0,
+ 0xCE, 0x8A, 0x6F, 0xA1, 0x95, 0x89, 0xBF, 0x58, 0x8F, 0x46, 0x5F, 0x09,
+ 0x9F, 0x09, 0xCA, 0x84, 0x15, 0x85, 0xE0, 0xED, 0x04, 0x2D, 0xFB, 0x7C,
+ 0x36, 0x35, 0x21, 0x31, 0xC3, 0xFD, 0x92, 0x42, 0x11, 0x30, 0x71, 0x1B,
+ 0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
+};
+
+int FIPS_selftest_rsa()
+{
+ int ret = 0;
+ RSA *key = NULL;
+ EVP_PKEY pk;
+ key = FIPS_rsa_new();
+ setrsakey(key);
+ pk.type = EVP_PKEY_RSA;
+ pk.pkey.rsa = key;
+
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_SHA1, sizeof(kat_RSA_SHA1),
+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA1 PKCS#1"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_SHA224, sizeof(kat_RSA_SHA224),
+ EVP_sha224(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA224 PKCS#1"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_SHA256, sizeof(kat_RSA_SHA256),
+ EVP_sha256(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA256 PKCS#1"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_SHA384, sizeof(kat_RSA_SHA384),
+ EVP_sha384(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA384 PKCS#1"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_SHA512, sizeof(kat_RSA_SHA512),
+ EVP_sha512(), EVP_MD_CTX_FLAG_PAD_PKCS1,
+ "RSA SHA512 PKCS#1"))
+ goto err;
+
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA1, sizeof(kat_RSA_PSS_SHA1),
+ EVP_sha1(), EVP_MD_CTX_FLAG_PAD_PSS,
+ "RSA SHA1 PSS"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA224,
+ sizeof(kat_RSA_PSS_SHA224), EVP_sha224(),
+ EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA224 PSS"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA256,
+ sizeof(kat_RSA_PSS_SHA256), EVP_sha256(),
+ EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA256 PSS"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA384,
+ sizeof(kat_RSA_PSS_SHA384), EVP_sha384(),
+ EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA384 PSS"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_PSS_SHA512,
+ sizeof(kat_RSA_PSS_SHA512), EVP_sha512(),
+ EVP_MD_CTX_FLAG_PAD_PSS, "RSA SHA512 PSS"))
+ goto err;
+
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_X931_SHA1,
+ sizeof(kat_RSA_X931_SHA1), EVP_sha1(),
+ EVP_MD_CTX_FLAG_PAD_X931, "RSA SHA1 X931"))
+ goto err;
+ /* NB: SHA224 not supported in X9.31 */
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_X931_SHA256,
+ sizeof(kat_RSA_X931_SHA256), EVP_sha256(),
+ EVP_MD_CTX_FLAG_PAD_X931,
+ "RSA SHA256 X931"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_X931_SHA384,
+ sizeof(kat_RSA_X931_SHA384), EVP_sha384(),
+ EVP_MD_CTX_FLAG_PAD_X931,
+ "RSA SHA384 X931"))
+ goto err;
+ if (!fips_pkey_signature_test(&pk, kat_tbs, sizeof(kat_tbs) - 1,
+ kat_RSA_X931_SHA512,
+ sizeof(kat_RSA_X931_SHA512), EVP_sha512(),
+ EVP_MD_CTX_FLAG_PAD_X931,
+ "RSA SHA512 X931"))
+ goto err;
+
+ ret = 1;
+
+ err:
+ FIPS_rsa_free(key);
+ return ret;
+}
+
+#endif /* def OPENSSL_FIPS */
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_sign.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rsa/fips_rsa_sign.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,554 +0,0 @@
-/* fips_rsa_sign.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#include <openssl/err.h>
-#include <openssl/sha.h>
-
-#ifdef OPENSSL_FIPS
-
-/* FIPS versions of RSA_sign() and RSA_verify().
- * These will only have to deal with SHA* signatures and by including
- * pregenerated encodings all ASN1 dependencies can be avoided
- */
-
-/* Standard encodings including NULL parameter */
-
-static const unsigned char sha1_bin[] = {
- 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
- 0x00, 0x04, 0x14
-};
-
-static const unsigned char sha224_bin[] = {
- 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c
-};
-
-static const unsigned char sha256_bin[] = {
- 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
-};
-
-static const unsigned char sha384_bin[] = {
- 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
-};
-
-static const unsigned char sha512_bin[] = {
- 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
-};
-
-/* Alternate encodings with absent parameters. We don't generate signature
- * using this format but do tolerate received signatures of this form.
- */
-
-static unsigned char sha1_nn_bin[] = {
- 0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04,
- 0x14
-};
-
-static unsigned char sha224_nn_bin[] = {
- 0x30, 0x2b, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x04, 0x04, 0x1c
-};
-
-static unsigned char sha256_nn_bin[] = {
- 0x30, 0x2f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x01, 0x04, 0x20
-};
-
-static unsigned char sha384_nn_bin[] = {
- 0x30, 0x3f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x02, 0x04, 0x30
-};
-
-static unsigned char sha512_nn_bin[] = {
- 0x30, 0x4f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
- 0x04, 0x02, 0x03, 0x04, 0x40
-};
-
-
-static const unsigned char *fips_digestinfo_encoding(int nid, unsigned int *len)
- {
- switch (nid)
- {
-
- case NID_sha1:
- *len = sizeof(sha1_bin);
- return sha1_bin;
-
- case NID_sha224:
- *len = sizeof(sha224_bin);
- return sha224_bin;
-
- case NID_sha256:
- *len = sizeof(sha256_bin);
- return sha256_bin;
-
- case NID_sha384:
- *len = sizeof(sha384_bin);
- return sha384_bin;
-
- case NID_sha512:
- *len = sizeof(sha512_bin);
- return sha512_bin;
-
- default:
- return NULL;
-
- }
- }
-
-static const unsigned char *fips_digestinfo_nn_encoding(int nid, unsigned int *len)
- {
- switch (nid)
- {
-
- case NID_sha1:
- *len = sizeof(sha1_nn_bin);
- return sha1_nn_bin;
-
- case NID_sha224:
- *len = sizeof(sha224_nn_bin);
- return sha224_nn_bin;
-
- case NID_sha256:
- *len = sizeof(sha256_nn_bin);
- return sha256_nn_bin;
-
- case NID_sha384:
- *len = sizeof(sha384_nn_bin);
- return sha384_nn_bin;
-
- case NID_sha512:
- *len = sizeof(sha512_nn_bin);
- return sha512_nn_bin;
-
- default:
- return NULL;
-
- }
- }
-
-static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y,
- unsigned char *sigret, unsigned int *siglen, EVP_MD_SVCTX *sv)
- {
- int i=0,j,ret=0;
- unsigned int dlen;
- const unsigned char *der;
- unsigned int m_len;
- int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
- int rsa_pad_mode = 0;
- RSA *rsa = sv->key;
- /* Largest DigestInfo: 19 (max encoding) + max MD */
- unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
- unsigned char md[EVP_MAX_MD_SIZE + 1];
-
- EVP_DigestFinal_ex(sv->mctx, md, &m_len);
-
- if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
- {
- ret = rsa->meth->rsa_sign(type, md, m_len,
- sigret, siglen, rsa);
- goto done;
- }
-
- if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
- {
- int hash_id;
- memcpy(tmpdinfo, md, m_len);
- hash_id = RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
- if (hash_id == -1)
- {
- RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
- return 0;
- }
- tmpdinfo[m_len] = (unsigned char)hash_id;
- i = m_len + 1;
- rsa_pad_mode = RSA_X931_PADDING;
- }
- else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PKCS1)
- {
-
- der = fips_digestinfo_encoding(type, &dlen);
-
- if (!der)
- {
- RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
- return 0;
- }
- memcpy(tmpdinfo, der, dlen);
- memcpy(tmpdinfo + dlen, md, m_len);
-
- i = dlen + m_len;
- rsa_pad_mode = RSA_PKCS1_PADDING;
-
- }
- else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS)
- {
- unsigned char *sbuf;
- int saltlen;
- i = RSA_size(rsa);
- sbuf = OPENSSL_malloc(RSA_size(rsa));
- saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(sv->mctx);
- if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
- saltlen = -1;
- else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
- saltlen = -2;
- if (!sbuf)
- {
- RSAerr(RSA_F_FIPS_RSA_SIGN,ERR_R_MALLOC_FAILURE);
- goto psserr;
- }
- if (!RSA_padding_add_PKCS1_PSS(rsa, sbuf, md,
- M_EVP_MD_CTX_md(sv->mctx), saltlen))
- goto psserr;
- j=rsa->meth->rsa_priv_enc(i,sbuf,sigret,rsa,RSA_NO_PADDING);
- if (j > 0)
- {
- ret=1;
- *siglen=j;
- }
- psserr:
- OPENSSL_cleanse(md,m_len);
- OPENSSL_cleanse(sbuf, i);
- OPENSSL_free(sbuf);
- return ret;
- }
-
- j=RSA_size(rsa);
- if (i > (j-RSA_PKCS1_PADDING_SIZE))
- {
- RSAerr(RSA_F_FIPS_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
- goto done;
- }
- /* NB: call underlying method directly to avoid FIPS blocking */
- j=rsa->meth->rsa_priv_enc(i,tmpdinfo,sigret,rsa,rsa_pad_mode);
- if (j > 0)
- {
- ret=1;
- *siglen=j;
- }
-
- done:
- OPENSSL_cleanse(tmpdinfo,i);
- OPENSSL_cleanse(md,m_len);
- return ret;
- }
-
-static int fips_rsa_verify(int dtype,
- const unsigned char *x, unsigned int y,
- unsigned char *sigbuf, unsigned int siglen, EVP_MD_SVCTX *sv)
- {
- int i,ret=0;
- unsigned int dlen, diglen;
- int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
- int rsa_pad_mode = 0;
- unsigned char *s;
- const unsigned char *der;
- unsigned char dig[EVP_MAX_MD_SIZE];
- RSA *rsa = sv->key;
-
- if (siglen != (unsigned int)RSA_size(sv->key))
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
- return(0);
- }
-
- EVP_DigestFinal_ex(sv->mctx, dig, &diglen);
-
- if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
- {
- return rsa->meth->rsa_verify(dtype, dig, diglen,
- sigbuf, siglen, rsa);
- }
-
-
- s= OPENSSL_malloc((unsigned int)siglen);
- if (s == NULL)
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
- rsa_pad_mode = RSA_X931_PADDING;
- else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PKCS1)
- rsa_pad_mode = RSA_PKCS1_PADDING;
- else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS)
- rsa_pad_mode = RSA_NO_PADDING;
-
- /* NB: call underlying method directly to avoid FIPS blocking */
- i=rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s, rsa, rsa_pad_mode);
-
- if (i <= 0) goto err;
-
- if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
- {
- int hash_id;
- if (i != (int)(diglen + 1))
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
- goto err;
- }
- hash_id = RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
- if (hash_id == -1)
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_UNKNOWN_ALGORITHM_TYPE);
- goto err;
- }
- if (s[diglen] != (unsigned char)hash_id)
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
- goto err;
- }
- if (memcmp(s, dig, diglen))
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
- goto err;
- }
- ret = 1;
- }
- else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PKCS1)
- {
-
- der = fips_digestinfo_encoding(dtype, &dlen);
-
- if (!der)
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_UNKNOWN_ALGORITHM_TYPE);
- return(0);
- }
-
- /* Compare, DigestInfo length, DigestInfo header and finally
- * digest value itself
- */
-
- /* If length mismatch try alternate encoding */
- if (i != (int)(dlen + diglen))
- der = fips_digestinfo_nn_encoding(dtype, &dlen);
-
- if ((i != (int)(dlen + diglen)) || memcmp(der, s, dlen)
- || memcmp(s + dlen, dig, diglen))
- {
- RSAerr(RSA_F_FIPS_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
- goto err;
- }
- ret = 1;
-
- }
- else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS)
- {
- int saltlen;
- saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(sv->mctx);
- if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
- saltlen = -1;
- else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
- saltlen = -2;
- ret = RSA_verify_PKCS1_PSS(rsa, dig, M_EVP_MD_CTX_md(sv->mctx),
- s, saltlen);
- if (ret < 0)
- ret = 0;
- }
-err:
- if (s != NULL)
- {
- OPENSSL_cleanse(s, siglen);
- OPENSSL_free(s);
- }
- return(ret);
- }
-
-#define EVP_PKEY_RSA_fips_method \
- (evp_sign_method *)fips_rsa_sign, \
- (evp_verify_method *)fips_rsa_verify, \
- {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
-
-static int init(EVP_MD_CTX *ctx)
- { return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return SHA1_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
- { return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD sha1_md=
- {
- NID_sha1,
- NID_sha1WithRSAEncryption,
- SHA_DIGEST_LENGTH,
- EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
- init,
- update,
- final,
- NULL,
- NULL,
- EVP_PKEY_RSA_fips_method,
- SHA_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA_CTX),
- };
-
-const EVP_MD *EVP_sha1(void)
- {
- return(&sha1_md);
- }
-
-static int init224(EVP_MD_CTX *ctx)
- { return SHA224_Init(ctx->md_data); }
-static int init256(EVP_MD_CTX *ctx)
- { return SHA256_Init(ctx->md_data); }
-/*
- * Even though there're separate SHA224_[Update|Final], we call
- * SHA256 functions even in SHA224 context. This is what happens
- * there anyway, so we can spare few CPU cycles:-)
- */
-static int update256(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return SHA256_Update(ctx->md_data,data,count); }
-static int final256(EVP_MD_CTX *ctx,unsigned char *md)
- { return SHA256_Final(md,ctx->md_data); }
-
-static const EVP_MD sha224_md=
- {
- NID_sha224,
- NID_sha224WithRSAEncryption,
- SHA224_DIGEST_LENGTH,
- EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
- init224,
- update256,
- final256,
- NULL,
- NULL,
- EVP_PKEY_RSA_fips_method,
- SHA256_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA256_CTX),
- };
-
-const EVP_MD *EVP_sha224(void)
- { return(&sha224_md); }
-
-static const EVP_MD sha256_md=
- {
- NID_sha256,
- NID_sha256WithRSAEncryption,
- SHA256_DIGEST_LENGTH,
- EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
- init256,
- update256,
- final256,
- NULL,
- NULL,
- EVP_PKEY_RSA_fips_method,
- SHA256_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA256_CTX),
- };
-
-const EVP_MD *EVP_sha256(void)
- { return(&sha256_md); }
-
-static int init384(EVP_MD_CTX *ctx)
- { return SHA384_Init(ctx->md_data); }
-static int init512(EVP_MD_CTX *ctx)
- { return SHA512_Init(ctx->md_data); }
-/* See comment in SHA224/256 section */
-static int update512(EVP_MD_CTX *ctx,const void *data,size_t count)
- { return SHA512_Update(ctx->md_data,data,count); }
-static int final512(EVP_MD_CTX *ctx,unsigned char *md)
- { return SHA512_Final(md,ctx->md_data); }
-
-static const EVP_MD sha384_md=
- {
- NID_sha384,
- NID_sha384WithRSAEncryption,
- SHA384_DIGEST_LENGTH,
- EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
- init384,
- update512,
- final512,
- NULL,
- NULL,
- EVP_PKEY_RSA_fips_method,
- SHA512_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA512_CTX),
- };
-
-const EVP_MD *EVP_sha384(void)
- { return(&sha384_md); }
-
-static const EVP_MD sha512_md=
- {
- NID_sha512,
- NID_sha512WithRSAEncryption,
- SHA512_DIGEST_LENGTH,
- EVP_MD_FLAG_FIPS|EVP_MD_FLAG_SVCTX,
- init512,
- update512,
- final512,
- NULL,
- NULL,
- EVP_PKEY_RSA_fips_method,
- SHA512_CBLOCK,
- sizeof(EVP_MD *)+sizeof(SHA512_CTX),
- };
-
-const EVP_MD *EVP_sha512(void)
- { return(&sha512_md); }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_sign.c (from rev 6976, vendor-crypto/openssl/dist/fips/rsa/fips_rsa_sign.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_sign.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_sign.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,561 @@
+/* fips_rsa_sign.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2007.
+ */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/err.h>
+#include <openssl/sha.h>
+
+#ifdef OPENSSL_FIPS
+
+/*
+ * FIPS versions of RSA_sign() and RSA_verify(). These will only have to deal
+ * with SHA* signatures and by including pregenerated encodings all ASN1
+ * dependencies can be avoided
+ */
+
+/* Standard encodings including NULL parameter */
+
+static const unsigned char sha1_bin[] = {
+ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
+ 0x00, 0x04, 0x14
+};
+
+static const unsigned char sha224_bin[] = {
+ 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c
+};
+
+static const unsigned char sha256_bin[] = {
+ 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
+
+static const unsigned char sha384_bin[] = {
+ 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
+};
+
+static const unsigned char sha512_bin[] = {
+ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
+};
+
+/*
+ * Alternate encodings with absent parameters. We don't generate signature
+ * using this format but do tolerate received signatures of this form.
+ */
+
+static unsigned char sha1_nn_bin[] = {
+ 0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04,
+ 0x14
+};
+
+static unsigned char sha224_nn_bin[] = {
+ 0x30, 0x2b, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x04, 0x04, 0x1c
+};
+
+static unsigned char sha256_nn_bin[] = {
+ 0x30, 0x2f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x01, 0x04, 0x20
+};
+
+static unsigned char sha384_nn_bin[] = {
+ 0x30, 0x3f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x02, 0x04, 0x30
+};
+
+static unsigned char sha512_nn_bin[] = {
+ 0x30, 0x4f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x03, 0x04, 0x40
+};
+
+static const unsigned char *fips_digestinfo_encoding(int nid,
+ unsigned int *len)
+{
+ switch (nid) {
+
+ case NID_sha1:
+ *len = sizeof(sha1_bin);
+ return sha1_bin;
+
+ case NID_sha224:
+ *len = sizeof(sha224_bin);
+ return sha224_bin;
+
+ case NID_sha256:
+ *len = sizeof(sha256_bin);
+ return sha256_bin;
+
+ case NID_sha384:
+ *len = sizeof(sha384_bin);
+ return sha384_bin;
+
+ case NID_sha512:
+ *len = sizeof(sha512_bin);
+ return sha512_bin;
+
+ default:
+ return NULL;
+
+ }
+}
+
+static const unsigned char *fips_digestinfo_nn_encoding(int nid,
+ unsigned int *len)
+{
+ switch (nid) {
+
+ case NID_sha1:
+ *len = sizeof(sha1_nn_bin);
+ return sha1_nn_bin;
+
+ case NID_sha224:
+ *len = sizeof(sha224_nn_bin);
+ return sha224_nn_bin;
+
+ case NID_sha256:
+ *len = sizeof(sha256_nn_bin);
+ return sha256_nn_bin;
+
+ case NID_sha384:
+ *len = sizeof(sha384_nn_bin);
+ return sha384_nn_bin;
+
+ case NID_sha512:
+ *len = sizeof(sha512_nn_bin);
+ return sha512_nn_bin;
+
+ default:
+ return NULL;
+
+ }
+}
+
+static int fips_rsa_sign(int type, const unsigned char *x, unsigned int y,
+ unsigned char *sigret, unsigned int *siglen,
+ EVP_MD_SVCTX * sv)
+{
+ int i = 0, j, ret = 0;
+ unsigned int dlen;
+ const unsigned char *der;
+ unsigned int m_len;
+ int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
+ int rsa_pad_mode = 0;
+ RSA *rsa = sv->key;
+ /* Largest DigestInfo: 19 (max encoding) + max MD */
+ unsigned char tmpdinfo[19 + EVP_MAX_MD_SIZE];
+ unsigned char md[EVP_MAX_MD_SIZE + 1];
+
+ EVP_DigestFinal_ex(sv->mctx, md, &m_len);
+
+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+ ret = rsa->meth->rsa_sign(type, md, m_len, sigret, siglen, rsa);
+ goto done;
+ }
+
+ if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931) {
+ int hash_id;
+ memcpy(tmpdinfo, md, m_len);
+ hash_id = RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
+ if (hash_id == -1) {
+ RSAerr(RSA_F_FIPS_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ return 0;
+ }
+ tmpdinfo[m_len] = (unsigned char)hash_id;
+ i = m_len + 1;
+ rsa_pad_mode = RSA_X931_PADDING;
+ } else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PKCS1) {
+
+ der = fips_digestinfo_encoding(type, &dlen);
+
+ if (!der) {
+ RSAerr(RSA_F_FIPS_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ return 0;
+ }
+ memcpy(tmpdinfo, der, dlen);
+ memcpy(tmpdinfo + dlen, md, m_len);
+
+ i = dlen + m_len;
+ rsa_pad_mode = RSA_PKCS1_PADDING;
+
+ } else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS) {
+ unsigned char *sbuf;
+ int saltlen;
+ i = RSA_size(rsa);
+ sbuf = OPENSSL_malloc(RSA_size(rsa));
+ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(sv->mctx);
+ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
+ saltlen = -1;
+ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
+ saltlen = -2;
+ if (!sbuf) {
+ RSAerr(RSA_F_FIPS_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+ goto psserr;
+ }
+ if (!RSA_padding_add_PKCS1_PSS(rsa, sbuf, md,
+ M_EVP_MD_CTX_md(sv->mctx), saltlen))
+ goto psserr;
+ j = rsa->meth->rsa_priv_enc(i, sbuf, sigret, rsa, RSA_NO_PADDING);
+ if (j > 0) {
+ ret = 1;
+ *siglen = j;
+ }
+ psserr:
+ OPENSSL_cleanse(md, m_len);
+ OPENSSL_cleanse(sbuf, i);
+ OPENSSL_free(sbuf);
+ return ret;
+ }
+
+ j = RSA_size(rsa);
+ if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
+ RSAerr(RSA_F_FIPS_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+ goto done;
+ }
+ /* NB: call underlying method directly to avoid FIPS blocking */
+ j = rsa->meth->rsa_priv_enc(i, tmpdinfo, sigret, rsa, rsa_pad_mode);
+ if (j > 0) {
+ ret = 1;
+ *siglen = j;
+ }
+
+ done:
+ OPENSSL_cleanse(tmpdinfo, i);
+ OPENSSL_cleanse(md, m_len);
+ return ret;
+}
+
+static int fips_rsa_verify(int dtype,
+ const unsigned char *x, unsigned int y,
+ unsigned char *sigbuf, unsigned int siglen,
+ EVP_MD_SVCTX * sv)
+{
+ int i, ret = 0;
+ unsigned int dlen, diglen;
+ int pad_mode = sv->mctx->flags & EVP_MD_CTX_FLAG_PAD_MASK;
+ int rsa_pad_mode = 0;
+ unsigned char *s;
+ const unsigned char *der;
+ unsigned char dig[EVP_MAX_MD_SIZE];
+ RSA *rsa = sv->key;
+
+ if (siglen != (unsigned int)RSA_size(sv->key)) {
+ RSAerr(RSA_F_FIPS_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
+ return (0);
+ }
+
+ EVP_DigestFinal_ex(sv->mctx, dig, &diglen);
+
+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+ return rsa->meth->rsa_verify(dtype, dig, diglen, sigbuf, siglen, rsa);
+ }
+
+ s = OPENSSL_malloc((unsigned int)siglen);
+ if (s == NULL) {
+ RSAerr(RSA_F_FIPS_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931)
+ rsa_pad_mode = RSA_X931_PADDING;
+ else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PKCS1)
+ rsa_pad_mode = RSA_PKCS1_PADDING;
+ else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS)
+ rsa_pad_mode = RSA_NO_PADDING;
+
+ /* NB: call underlying method directly to avoid FIPS blocking */
+ i = rsa->meth->rsa_pub_dec((int)siglen, sigbuf, s, rsa, rsa_pad_mode);
+
+ if (i <= 0)
+ goto err;
+
+ if (pad_mode == EVP_MD_CTX_FLAG_PAD_X931) {
+ int hash_id;
+ if (i != (int)(diglen + 1)) {
+ RSAerr(RSA_F_FIPS_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+ goto err;
+ }
+ hash_id = RSA_X931_hash_id(M_EVP_MD_CTX_type(sv->mctx));
+ if (hash_id == -1) {
+ RSAerr(RSA_F_FIPS_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ goto err;
+ }
+ if (s[diglen] != (unsigned char)hash_id) {
+ RSAerr(RSA_F_FIPS_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+ goto err;
+ }
+ if (memcmp(s, dig, diglen)) {
+ RSAerr(RSA_F_FIPS_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+ goto err;
+ }
+ ret = 1;
+ } else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PKCS1) {
+
+ der = fips_digestinfo_encoding(dtype, &dlen);
+
+ if (!der) {
+ RSAerr(RSA_F_FIPS_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ return (0);
+ }
+
+ /*
+ * Compare, DigestInfo length, DigestInfo header and finally digest
+ * value itself
+ */
+
+ /* If length mismatch try alternate encoding */
+ if (i != (int)(dlen + diglen))
+ der = fips_digestinfo_nn_encoding(dtype, &dlen);
+
+ if ((i != (int)(dlen + diglen)) || memcmp(der, s, dlen)
+ || memcmp(s + dlen, dig, diglen)) {
+ RSAerr(RSA_F_FIPS_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+ goto err;
+ }
+ ret = 1;
+
+ } else if (pad_mode == EVP_MD_CTX_FLAG_PAD_PSS) {
+ int saltlen;
+ saltlen = M_EVP_MD_CTX_FLAG_PSS_SALT(sv->mctx);
+ if (saltlen == EVP_MD_CTX_FLAG_PSS_MDLEN)
+ saltlen = -1;
+ else if (saltlen == EVP_MD_CTX_FLAG_PSS_MREC)
+ saltlen = -2;
+ ret = RSA_verify_PKCS1_PSS(rsa, dig, M_EVP_MD_CTX_md(sv->mctx),
+ s, saltlen);
+ if (ret < 0)
+ ret = 0;
+ }
+ err:
+ if (s != NULL) {
+ OPENSSL_cleanse(s, siglen);
+ OPENSSL_free(s);
+ }
+ return (ret);
+}
+
+# define EVP_PKEY_RSA_fips_method \
+ (evp_sign_method *)fips_rsa_sign, \
+ (evp_verify_method *)fips_rsa_verify, \
+ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
+
+static int init(EVP_MD_CTX *ctx)
+{
+ return SHA1_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA1_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA1_Final(md, ctx->md_data);
+}
+
+static const EVP_MD sha1_md = {
+ NID_sha1,
+ NID_sha1WithRSAEncryption,
+ SHA_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS | EVP_MD_FLAG_SVCTX,
+ init,
+ update,
+ final,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_fips_method,
+ SHA_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
+
+const EVP_MD *EVP_sha1(void)
+{
+ return (&sha1_md);
+}
+
+static int init224(EVP_MD_CTX *ctx)
+{
+ return SHA224_Init(ctx->md_data);
+}
+
+static int init256(EVP_MD_CTX *ctx)
+{
+ return SHA256_Init(ctx->md_data);
+}
+
+/*
+ * Even though there're separate SHA224_[Update|Final], we call
+ * SHA256 functions even in SHA224 context. This is what happens
+ * there anyway, so we can spare few CPU cycles:-)
+ */
+static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA256_Update(ctx->md_data, data, count);
+}
+
+static int final256(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA256_Final(md, ctx->md_data);
+}
+
+static const EVP_MD sha224_md = {
+ NID_sha224,
+ NID_sha224WithRSAEncryption,
+ SHA224_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS | EVP_MD_FLAG_SVCTX,
+ init224,
+ update256,
+ final256,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_fips_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
+
+const EVP_MD *EVP_sha224(void)
+{
+ return (&sha224_md);
+}
+
+static const EVP_MD sha256_md = {
+ NID_sha256,
+ NID_sha256WithRSAEncryption,
+ SHA256_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS | EVP_MD_FLAG_SVCTX,
+ init256,
+ update256,
+ final256,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_fips_method,
+ SHA256_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
+
+const EVP_MD *EVP_sha256(void)
+{
+ return (&sha256_md);
+}
+
+static int init384(EVP_MD_CTX *ctx)
+{
+ return SHA384_Init(ctx->md_data);
+}
+
+static int init512(EVP_MD_CTX *ctx)
+{
+ return SHA512_Init(ctx->md_data);
+}
+
+/* See comment in SHA224/256 section */
+static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA512_Update(ctx->md_data, data, count);
+}
+
+static int final512(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA512_Final(md, ctx->md_data);
+}
+
+static const EVP_MD sha384_md = {
+ NID_sha384,
+ NID_sha384WithRSAEncryption,
+ SHA384_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS | EVP_MD_FLAG_SVCTX,
+ init384,
+ update512,
+ final512,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_fips_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha384(void)
+{
+ return (&sha384_md);
+}
+
+static const EVP_MD sha512_md = {
+ NID_sha512,
+ NID_sha512WithRSAEncryption,
+ SHA512_DIGEST_LENGTH,
+ EVP_MD_FLAG_FIPS | EVP_MD_FLAG_SVCTX,
+ init512,
+ update512,
+ final512,
+ NULL,
+ NULL,
+ EVP_PKEY_RSA_fips_method,
+ SHA512_CBLOCK,
+ sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512(void)
+{
+ return (&sha512_md);
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_x931g.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rsa/fips_rsa_x931g.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_x931g.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,280 +0,0 @@
-/* crypto/rsa/rsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/fips.h>
-
-#ifdef OPENSSL_FIPS
-
-extern int fips_check_rsa(RSA *rsa);
-
-
-/* X9.31 RSA key derivation and generation */
-
-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
- const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
- const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
- const BIGNUM *e, BN_GENCB *cb)
- {
- BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
- BN_CTX *ctx=NULL,*ctx2=NULL;
-
- if (!rsa)
- goto err;
-
- ctx = BN_CTX_new();
- BN_CTX_start(ctx);
- if (!ctx)
- goto err;
-
- r0 = BN_CTX_get(ctx);
- r1 = BN_CTX_get(ctx);
- r2 = BN_CTX_get(ctx);
- r3 = BN_CTX_get(ctx);
-
- if (r3 == NULL)
- goto err;
- if (!rsa->e)
- {
- rsa->e = BN_dup(e);
- if (!rsa->e)
- goto err;
- }
- else
- e = rsa->e;
-
- /* If not all parameters present only calculate what we can.
- * This allows test programs to output selective parameters.
- */
-
- if (Xp && !rsa->p)
- {
- rsa->p = BN_new();
- if (!rsa->p)
- goto err;
-
- if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
- Xp, Xp1, Xp2, e, ctx, cb))
- goto err;
- }
-
- if (Xq && !rsa->q)
- {
- rsa->q = BN_new();
- if (!rsa->q)
- goto err;
- if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
- Xq, Xq1, Xq2, e, ctx, cb))
- goto err;
- }
-
- if (!rsa->p || !rsa->q)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- return 2;
- }
-
- /* Since both primes are set we can now calculate all remaining
- * components.
- */
-
- /* calculate n */
- rsa->n=BN_new();
- if (rsa->n == NULL)
- goto err;
- if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
- goto err;
-
- /* calculate d */
- if (!BN_sub(r1,rsa->p,BN_value_one()))
- goto err; /* p-1 */
- if (!BN_sub(r2,rsa->q,BN_value_one()))
- goto err; /* q-1 */
- if (!BN_mul(r0,r1,r2,ctx))
- goto err; /* (p-1)(q-1) */
-
- if (!BN_gcd(r3, r1, r2, ctx))
- goto err;
-
- if (!BN_div(r0, NULL, r0, r3, ctx))
- goto err; /* LCM((p-1)(q-1)) */
-
- ctx2 = BN_CTX_new();
- if (!ctx2)
- goto err;
-
- rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */
- if (rsa->d == NULL)
- goto err;
-
- /* calculate d mod (p-1) */
- rsa->dmp1=BN_new();
- if (rsa->dmp1 == NULL)
- goto err;
- if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
- goto err;
-
- /* calculate d mod (q-1) */
- rsa->dmq1=BN_new();
- if (rsa->dmq1 == NULL)
- goto err;
- if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
- goto err;
-
- /* calculate inverse of q mod p */
- rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
-
- err:
- if (ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (ctx2)
- BN_CTX_free(ctx2);
- /* If this is set all calls successful */
- if (rsa->iqmp != NULL)
- return 1;
-
- return 0;
-
- }
-
-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
- {
- int ok = 0;
- BIGNUM *Xp = NULL, *Xq = NULL;
- BN_CTX *ctx = NULL;
-
- if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
- {
- FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT);
- return 0;
- }
-
- if (bits & 0xff)
- {
- FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH);
- return 0;
- }
-
- if(FIPS_selftest_failed())
- {
- FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED);
- return 0;
- }
-
- ctx = BN_CTX_new();
- if (!ctx)
- goto error;
-
- BN_CTX_start(ctx);
- Xp = BN_CTX_get(ctx);
- Xq = BN_CTX_get(ctx);
- if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
- goto error;
-
- rsa->p = BN_new();
- rsa->q = BN_new();
- if (!rsa->p || !rsa->q)
- goto error;
-
- /* Generate two primes from Xp, Xq */
-
- if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
- e, ctx, cb))
- goto error;
-
- if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
- e, ctx, cb))
- goto error;
-
- /* Since rsa->p and rsa->q are valid this call will just derive
- * remaining RSA components.
- */
-
- if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
- goto error;
-
- if(!fips_check_rsa(rsa))
- goto error;
-
- ok = 1;
-
- error:
- if (ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
-
- if (ok)
- return 1;
-
- return 0;
-
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_x931g.c (from rev 6976, vendor-crypto/openssl/dist/fips/rsa/fips_rsa_x931g.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_x931g.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsa_x931g.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,273 @@
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/fips.h>
+
+#ifdef OPENSSL_FIPS
+
+extern int fips_check_rsa(RSA *rsa);
+
+/* X9.31 RSA key derivation and generation */
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
+ BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
+ const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
+ const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb)
+{
+ BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
+ BN_CTX *ctx = NULL, *ctx2 = NULL;
+
+ if (!rsa)
+ goto err;
+
+ ctx = BN_CTX_new();
+ BN_CTX_start(ctx);
+ if (!ctx)
+ goto err;
+
+ r0 = BN_CTX_get(ctx);
+ r1 = BN_CTX_get(ctx);
+ r2 = BN_CTX_get(ctx);
+ r3 = BN_CTX_get(ctx);
+
+ if (r3 == NULL)
+ goto err;
+ if (!rsa->e) {
+ rsa->e = BN_dup(e);
+ if (!rsa->e)
+ goto err;
+ } else
+ e = rsa->e;
+
+ /*
+ * If not all parameters present only calculate what we can. This allows
+ * test programs to output selective parameters.
+ */
+
+ if (Xp && !rsa->p) {
+ rsa->p = BN_new();
+ if (!rsa->p)
+ goto err;
+
+ if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
+ Xp, Xp1, Xp2, e, ctx, cb))
+ goto err;
+ }
+
+ if (Xq && !rsa->q) {
+ rsa->q = BN_new();
+ if (!rsa->q)
+ goto err;
+ if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
+ Xq, Xq1, Xq2, e, ctx, cb))
+ goto err;
+ }
+
+ if (!rsa->p || !rsa->q) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ return 2;
+ }
+
+ /*
+ * Since both primes are set we can now calculate all remaining
+ * components.
+ */
+
+ /* calculate n */
+ rsa->n = BN_new();
+ if (rsa->n == NULL)
+ goto err;
+ if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
+ goto err;
+
+ /* calculate d */
+ if (!BN_sub(r1, rsa->p, BN_value_one()))
+ goto err; /* p-1 */
+ if (!BN_sub(r2, rsa->q, BN_value_one()))
+ goto err; /* q-1 */
+ if (!BN_mul(r0, r1, r2, ctx))
+ goto err; /* (p-1)(q-1) */
+
+ if (!BN_gcd(r3, r1, r2, ctx))
+ goto err;
+
+ if (!BN_div(r0, NULL, r0, r3, ctx))
+ goto err; /* LCM((p-1)(q-1)) */
+
+ ctx2 = BN_CTX_new();
+ if (!ctx2)
+ goto err;
+
+ rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */
+ if (rsa->d == NULL)
+ goto err;
+
+ /* calculate d mod (p-1) */
+ rsa->dmp1 = BN_new();
+ if (rsa->dmp1 == NULL)
+ goto err;
+ if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx))
+ goto err;
+
+ /* calculate d mod (q-1) */
+ rsa->dmq1 = BN_new();
+ if (rsa->dmq1 == NULL)
+ goto err;
+ if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx))
+ goto err;
+
+ /* calculate inverse of q mod p */
+ rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
+
+ err:
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+ if (ctx2)
+ BN_CTX_free(ctx2);
+ /* If this is set all calls successful */
+ if (rsa->iqmp != NULL)
+ return 1;
+
+ return 0;
+
+}
+
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
+ BN_GENCB *cb)
+{
+ int ok = 0;
+ BIGNUM *Xp = NULL, *Xq = NULL;
+ BN_CTX *ctx = NULL;
+
+ if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX, FIPS_R_KEY_TOO_SHORT);
+ return 0;
+ }
+
+ if (bits & 0xff) {
+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX, FIPS_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
+
+ if (FIPS_selftest_failed()) {
+ FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX, FIPS_R_FIPS_SELFTEST_FAILED);
+ return 0;
+ }
+
+ ctx = BN_CTX_new();
+ if (!ctx)
+ goto error;
+
+ BN_CTX_start(ctx);
+ Xp = BN_CTX_get(ctx);
+ Xq = BN_CTX_get(ctx);
+ if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+ goto error;
+
+ rsa->p = BN_new();
+ rsa->q = BN_new();
+ if (!rsa->p || !rsa->q)
+ goto error;
+
+ /* Generate two primes from Xp, Xq */
+
+ if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
+ e, ctx, cb))
+ goto error;
+
+ if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
+ e, ctx, cb))
+ goto error;
+
+ /*
+ * Since rsa->p and rsa->q are valid this call will just derive remaining
+ * RSA components.
+ */
+
+ if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
+ NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
+ goto error;
+
+ if (!fips_check_rsa(rsa))
+ goto error;
+
+ ok = 1;
+
+ error:
+ if (ctx) {
+ BN_CTX_end(ctx);
+ BN_CTX_free(ctx);
+ }
+
+ if (ok)
+ return 1;
+
+ return 0;
+
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsagtest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rsa/fips_rsagtest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsagtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,390 +0,0 @@
-/* fips_rsagtest.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005,2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS RSA support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/rsa.h>
-#include "fips_utl.h"
-
-int rsa_test(FILE *out, FILE *in);
-static int rsa_printkey1(FILE *out, RSA *rsa,
- BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
- BIGNUM *e);
-static int rsa_printkey2(FILE *out, RSA *rsa,
- BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
-
-int main(int argc, char **argv)
- {
- FILE *in = NULL, *out = NULL;
-
- int ret = 1;
-
- if(!FIPS_mode_set(1))
- {
- do_print_errors();
- goto end;
- }
-
- if (argc == 1)
- in = stdin;
- else
- in = fopen(argv[1], "r");
-
- if (argc < 2)
- out = stdout;
- else
- out = fopen(argv[2], "w");
-
- if (!in)
- {
- fprintf(stderr, "FATAL input initialization error\n");
- goto end;
- }
-
- if (!out)
- {
- fprintf(stderr, "FATAL output initialization error\n");
- goto end;
- }
-
- if (!rsa_test(out, in))
- {
- fprintf(stderr, "FATAL RSAGTEST file processing error\n");
- goto end;
- }
- else
- ret = 0;
-
- end:
-
- if (ret)
- do_print_errors();
-
- if (in && (in != stdin))
- fclose(in);
- if (out && (out != stdout))
- fclose(out);
-
- return ret;
-
- }
-
-#define RSA_TEST_MAXLINELEN 10240
-
-int rsa_test(FILE *out, FILE *in)
- {
- char *linebuf, *olinebuf, *p, *q;
- char *keyword, *value;
- RSA *rsa = NULL;
- BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
- BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
- BIGNUM *e = NULL;
- int ret = 0;
- int lnum = 0;
-
- olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
- linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
-
- if (!linebuf || !olinebuf)
- goto error;
-
- while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
- {
- lnum++;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no = or starts with [ (for [foo = bar] line) just copy */
- if (!p || *keyword=='[')
- {
- if (fputs(olinebuf, out) < 0)
- goto error;
- continue;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- if (!strcmp(keyword, "xp1"))
- {
- if (Xp1 || !do_hex2bn(&Xp1,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "xp2"))
- {
- if (Xp2 || !do_hex2bn(&Xp2,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "Xp"))
- {
- if (Xp || !do_hex2bn(&Xp,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "xq1"))
- {
- if (Xq1 || !do_hex2bn(&Xq1,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "xq2"))
- {
- if (Xq2 || !do_hex2bn(&Xq2,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "Xq"))
- {
- if (Xq || !do_hex2bn(&Xq,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "e"))
- {
- if (e || !do_hex2bn(&e,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "p1"))
- continue;
- else if (!strcmp(keyword, "p2"))
- continue;
- else if (!strcmp(keyword, "p"))
- continue;
- else if (!strcmp(keyword, "q1"))
- continue;
- else if (!strcmp(keyword, "q2"))
- continue;
- else if (!strcmp(keyword, "q"))
- continue;
- else if (!strcmp(keyword, "n"))
- continue;
- else if (!strcmp(keyword, "d"))
- continue;
- else
- goto parse_error;
-
- fputs(olinebuf, out);
-
- if (e && Xp1 && Xp2 && Xp)
- {
- rsa = FIPS_rsa_new();
- if (!rsa)
- goto error;
- if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e))
- goto error;
- BN_free(Xp1);
- Xp1 = NULL;
- BN_free(Xp2);
- Xp2 = NULL;
- BN_free(Xp);
- Xp = NULL;
- BN_free(e);
- e = NULL;
- }
-
- if (rsa && Xq1 && Xq2 && Xq)
- {
- if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq))
- goto error;
- BN_free(Xq1);
- Xq1 = NULL;
- BN_free(Xq2);
- Xq2 = NULL;
- BN_free(Xq);
- Xq = NULL;
- FIPS_rsa_free(rsa);
- rsa = NULL;
- }
- }
-
- ret = 1;
-
- error:
-
- if (olinebuf)
- OPENSSL_free(olinebuf);
- if (linebuf)
- OPENSSL_free(linebuf);
-
- if (Xp1)
- BN_free(Xp1);
- if (Xp2)
- BN_free(Xp2);
- if (Xp)
- BN_free(Xp);
- if (Xq1)
- BN_free(Xq1);
- if (Xq1)
- BN_free(Xq1);
- if (Xq2)
- BN_free(Xq2);
- if (Xq)
- BN_free(Xq);
- if (e)
- BN_free(e);
- if (rsa)
- FIPS_rsa_free(rsa);
-
- return ret;
-
- parse_error:
-
- fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
-
- goto error;
-
- }
-
-static int rsa_printkey1(FILE *out, RSA *rsa,
- BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp,
- BIGNUM *e)
- {
- int ret = 0;
- BIGNUM *p1 = NULL, *p2 = NULL;
- p1 = BN_new();
- p2 = BN_new();
- if (!p1 || !p2)
- goto error;
-
- if (!RSA_X931_derive_ex(rsa, p1, p2, NULL, NULL, Xp1, Xp2, Xp,
- NULL, NULL, NULL, e, NULL))
- goto error;
-
- do_bn_print_name(out, "p1", p1);
- do_bn_print_name(out, "p2", p2);
- do_bn_print_name(out, "p", rsa->p);
-
- ret = 1;
-
- error:
- if (p1)
- BN_free(p1);
- if (p2)
- BN_free(p2);
-
- return ret;
- }
-
-static int rsa_printkey2(FILE *out, RSA *rsa,
- BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
- {
- int ret = 0;
- BIGNUM *q1 = NULL, *q2 = NULL;
- q1 = BN_new();
- q2 = BN_new();
- if (!q1 || !q2)
- goto error;
-
- if (!RSA_X931_derive_ex(rsa, NULL, NULL, q1, q2, NULL, NULL, NULL,
- Xq1, Xq2, Xq, NULL, NULL))
- goto error;
-
- do_bn_print_name(out, "q1", q1);
- do_bn_print_name(out, "q2", q2);
- do_bn_print_name(out, "q", rsa->q);
- do_bn_print_name(out, "n", rsa->n);
- do_bn_print_name(out, "d", rsa->d);
-
- ret = 1;
-
- error:
- if (q1)
- BN_free(q1);
- if (q2)
- BN_free(q2);
-
- return ret;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsagtest.c (from rev 6976, vendor-crypto/openssl/dist/fips/rsa/fips_rsagtest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsagtest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsagtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,368 @@
+/* fips_rsagtest.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005,2007 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS RSA support\n");
+ return (0);
+}
+
+#else
+
+# include <openssl/rsa.h>
+# include "fips_utl.h"
+
+int rsa_test(FILE *out, FILE *in);
+static int rsa_printkey1(FILE *out, RSA *rsa,
+ BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp, BIGNUM *e);
+static int rsa_printkey2(FILE *out, RSA *rsa,
+ BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq);
+
+int main(int argc, char **argv)
+{
+ FILE *in = NULL, *out = NULL;
+
+ int ret = 1;
+
+ if (!FIPS_mode_set(1)) {
+ do_print_errors();
+ goto end;
+ }
+
+ if (argc == 1)
+ in = stdin;
+ else
+ in = fopen(argv[1], "r");
+
+ if (argc < 2)
+ out = stdout;
+ else
+ out = fopen(argv[2], "w");
+
+ if (!in) {
+ fprintf(stderr, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out) {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!rsa_test(out, in)) {
+ fprintf(stderr, "FATAL RSAGTEST file processing error\n");
+ goto end;
+ } else
+ ret = 0;
+
+ end:
+
+ if (ret)
+ do_print_errors();
+
+ if (in && (in != stdin))
+ fclose(in);
+ if (out && (out != stdout))
+ fclose(out);
+
+ return ret;
+
+}
+
+# define RSA_TEST_MAXLINELEN 10240
+
+int rsa_test(FILE *out, FILE *in)
+{
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ RSA *rsa = NULL;
+ BIGNUM *Xp1 = NULL, *Xp2 = NULL, *Xp = NULL;
+ BIGNUM *Xq1 = NULL, *Xq2 = NULL, *Xq = NULL;
+ BIGNUM *e = NULL;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+ while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in)) {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /*
+ * If no = or starts with [ (for [foo = bar] line) just copy
+ */
+ if (!p || *keyword == '[') {
+ if (fputs(olinebuf, out) < 0)
+ goto error;
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+ *p = 0;
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ if (!strcmp(keyword, "xp1")) {
+ if (Xp1 || !do_hex2bn(&Xp1, value))
+ goto parse_error;
+ } else if (!strcmp(keyword, "xp2")) {
+ if (Xp2 || !do_hex2bn(&Xp2, value))
+ goto parse_error;
+ } else if (!strcmp(keyword, "Xp")) {
+ if (Xp || !do_hex2bn(&Xp, value))
+ goto parse_error;
+ } else if (!strcmp(keyword, "xq1")) {
+ if (Xq1 || !do_hex2bn(&Xq1, value))
+ goto parse_error;
+ } else if (!strcmp(keyword, "xq2")) {
+ if (Xq2 || !do_hex2bn(&Xq2, value))
+ goto parse_error;
+ } else if (!strcmp(keyword, "Xq")) {
+ if (Xq || !do_hex2bn(&Xq, value))
+ goto parse_error;
+ } else if (!strcmp(keyword, "e")) {
+ if (e || !do_hex2bn(&e, value))
+ goto parse_error;
+ } else if (!strcmp(keyword, "p1"))
+ continue;
+ else if (!strcmp(keyword, "p2"))
+ continue;
+ else if (!strcmp(keyword, "p"))
+ continue;
+ else if (!strcmp(keyword, "q1"))
+ continue;
+ else if (!strcmp(keyword, "q2"))
+ continue;
+ else if (!strcmp(keyword, "q"))
+ continue;
+ else if (!strcmp(keyword, "n"))
+ continue;
+ else if (!strcmp(keyword, "d"))
+ continue;
+ else
+ goto parse_error;
+
+ fputs(olinebuf, out);
+
+ if (e && Xp1 && Xp2 && Xp) {
+ rsa = FIPS_rsa_new();
+ if (!rsa)
+ goto error;
+ if (!rsa_printkey1(out, rsa, Xp1, Xp2, Xp, e))
+ goto error;
+ BN_free(Xp1);
+ Xp1 = NULL;
+ BN_free(Xp2);
+ Xp2 = NULL;
+ BN_free(Xp);
+ Xp = NULL;
+ BN_free(e);
+ e = NULL;
+ }
+
+ if (rsa && Xq1 && Xq2 && Xq) {
+ if (!rsa_printkey2(out, rsa, Xq1, Xq2, Xq))
+ goto error;
+ BN_free(Xq1);
+ Xq1 = NULL;
+ BN_free(Xq2);
+ Xq2 = NULL;
+ BN_free(Xq);
+ Xq = NULL;
+ FIPS_rsa_free(rsa);
+ rsa = NULL;
+ }
+ }
+
+ ret = 1;
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+
+ if (Xp1)
+ BN_free(Xp1);
+ if (Xp2)
+ BN_free(Xp2);
+ if (Xp)
+ BN_free(Xp);
+ if (Xq1)
+ BN_free(Xq1);
+ if (Xq1)
+ BN_free(Xq1);
+ if (Xq2)
+ BN_free(Xq2);
+ if (Xq)
+ BN_free(Xq);
+ if (e)
+ BN_free(e);
+ if (rsa)
+ FIPS_rsa_free(rsa);
+
+ return ret;
+
+ parse_error:
+
+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+}
+
+static int rsa_printkey1(FILE *out, RSA *rsa,
+ BIGNUM *Xp1, BIGNUM *Xp2, BIGNUM *Xp, BIGNUM *e)
+{
+ int ret = 0;
+ BIGNUM *p1 = NULL, *p2 = NULL;
+ p1 = BN_new();
+ p2 = BN_new();
+ if (!p1 || !p2)
+ goto error;
+
+ if (!RSA_X931_derive_ex(rsa, p1, p2, NULL, NULL, Xp1, Xp2, Xp,
+ NULL, NULL, NULL, e, NULL))
+ goto error;
+
+ do_bn_print_name(out, "p1", p1);
+ do_bn_print_name(out, "p2", p2);
+ do_bn_print_name(out, "p", rsa->p);
+
+ ret = 1;
+
+ error:
+ if (p1)
+ BN_free(p1);
+ if (p2)
+ BN_free(p2);
+
+ return ret;
+}
+
+static int rsa_printkey2(FILE *out, RSA *rsa,
+ BIGNUM *Xq1, BIGNUM *Xq2, BIGNUM *Xq)
+{
+ int ret = 0;
+ BIGNUM *q1 = NULL, *q2 = NULL;
+ q1 = BN_new();
+ q2 = BN_new();
+ if (!q1 || !q2)
+ goto error;
+
+ if (!RSA_X931_derive_ex(rsa, NULL, NULL, q1, q2, NULL, NULL, NULL,
+ Xq1, Xq2, Xq, NULL, NULL))
+ goto error;
+
+ do_bn_print_name(out, "q1", q1);
+ do_bn_print_name(out, "q2", q2);
+ do_bn_print_name(out, "q", rsa->q);
+ do_bn_print_name(out, "n", rsa->n);
+ do_bn_print_name(out, "d", rsa->d);
+
+ ret = 1;
+
+ error:
+ if (q1)
+ BN_free(q1);
+ if (q2)
+ BN_free(q2);
+
+ return ret;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsastest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rsa/fips_rsastest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsastest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,370 +0,0 @@
-/* fips_rsastest.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS RSA support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/rsa.h>
-#include "fips_utl.h"
-
-static int rsa_stest(FILE *out, FILE *in, int Saltlen);
-static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
- unsigned char *Msg, long Msglen, int Saltlen);
-
-int main(int argc, char **argv)
- {
- FILE *in = NULL, *out = NULL;
-
- int ret = 1, Saltlen = -1;
-
- if(!FIPS_mode_set(1))
- {
- do_print_errors();
- goto end;
- }
-
- if ((argc > 2) && !strcmp("-saltlen", argv[1]))
- {
- Saltlen = atoi(argv[2]);
- if (Saltlen < 0)
- {
- fprintf(stderr, "FATAL: Invalid salt length\n");
- goto end;
- }
- argc -= 2;
- argv += 2;
- }
- else if ((argc > 1) && !strcmp("-x931", argv[1]))
- {
- Saltlen = -2;
- argc--;
- argv++;
- }
-
- if (argc == 1)
- in = stdin;
- else
- in = fopen(argv[1], "r");
-
- if (argc < 2)
- out = stdout;
- else
- out = fopen(argv[2], "w");
-
- if (!in)
- {
- fprintf(stderr, "FATAL input initialization error\n");
- goto end;
- }
-
- if (!out)
- {
- fprintf(stderr, "FATAL output initialization error\n");
- goto end;
- }
-
- if (!rsa_stest(out, in, Saltlen))
- {
- fprintf(stderr, "FATAL RSASTEST file processing error\n");
- goto end;
- }
- else
- ret = 0;
-
- end:
-
- if (ret)
- do_print_errors();
-
- if (in && (in != stdin))
- fclose(in);
- if (out && (out != stdout))
- fclose(out);
-
- return ret;
-
- }
-
-#define RSA_TEST_MAXLINELEN 10240
-
-int rsa_stest(FILE *out, FILE *in, int Saltlen)
- {
- char *linebuf, *olinebuf, *p, *q;
- char *keyword, *value;
- RSA *rsa = NULL;
- const EVP_MD *dgst = NULL;
- unsigned char *Msg = NULL;
- long Msglen = -1;
- int keylen = -1, current_keylen = -1;
- int ret = 0;
- int lnum = 0;
-
- olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
- linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
-
- if (!linebuf || !olinebuf)
- goto error;
-
- while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
- {
- lnum++;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no = just copy */
- if (!p)
- {
- if (fputs(olinebuf, out) < 0)
- goto error;
- continue;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- /* Look for [mod = XXX] for key length */
-
- if (!strcmp(keyword, "[mod"))
- {
- p = value + strlen(value) - 1;
- if (*p != ']')
- goto parse_error;
- *p = 0;
- keylen = atoi(value);
- if (keylen < 0)
- goto parse_error;
- }
- else if (!strcmp(keyword, "SHAAlg"))
- {
- if (!strcmp(value, "SHA1"))
- dgst = EVP_sha1();
- else if (!strcmp(value, "SHA224"))
- dgst = EVP_sha224();
- else if (!strcmp(value, "SHA256"))
- dgst = EVP_sha256();
- else if (!strcmp(value, "SHA384"))
- dgst = EVP_sha384();
- else if (!strcmp(value, "SHA512"))
- dgst = EVP_sha512();
- else
- {
- fprintf(stderr,
- "FATAL: unsupported algorithm \"%s\"\n",
- value);
- goto parse_error;
- }
- }
- else if (!strcmp(keyword, "Msg"))
- {
- if (Msg)
- goto parse_error;
- if (strlen(value) & 1)
- *(--value) = '0';
- Msg = hex2bin_m(value, &Msglen);
- if (!Msg)
- goto parse_error;
- }
-
- fputs(olinebuf, out);
-
- /* If key length has changed, generate and output public
- * key components of new RSA private key.
- */
-
- if (keylen != current_keylen)
- {
- BIGNUM *bn_e;
- if (rsa)
- FIPS_rsa_free(rsa);
- rsa = FIPS_rsa_new();
- if (!rsa)
- goto error;
- bn_e = BN_new();
- if (!bn_e || !BN_set_word(bn_e, 0x1001))
- goto error;
- if (!RSA_X931_generate_key_ex(rsa, keylen, bn_e, NULL))
- goto error;
- BN_free(bn_e);
- fputs("n = ", out);
- do_bn_print(out, rsa->n);
- fputs("\ne = ", out);
- do_bn_print(out, rsa->e);
- fputs("\n", out);
- current_keylen = keylen;
- }
-
- if (Msg && dgst)
- {
- if (!rsa_printsig(out, rsa, dgst, Msg, Msglen,
- Saltlen))
- goto error;
- OPENSSL_free(Msg);
- Msg = NULL;
- }
-
- }
-
- ret = 1;
-
- error:
-
- if (olinebuf)
- OPENSSL_free(olinebuf);
- if (linebuf)
- OPENSSL_free(linebuf);
- if (rsa)
- FIPS_rsa_free(rsa);
-
- return ret;
-
- parse_error:
-
- fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
-
- goto error;
-
- }
-
-static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
- unsigned char *Msg, long Msglen, int Saltlen)
- {
- int ret = 0;
- unsigned char *sigbuf = NULL;
- int i, siglen;
- /* EVP_PKEY structure */
- EVP_PKEY pk;
- EVP_MD_CTX ctx;
- pk.type = EVP_PKEY_RSA;
- pk.pkey.rsa = rsa;
-
- siglen = RSA_size(rsa);
- sigbuf = OPENSSL_malloc(siglen);
- if (!sigbuf)
- goto error;
-
- EVP_MD_CTX_init(&ctx);
-
- if (Saltlen >= 0)
- {
- M_EVP_MD_CTX_set_flags(&ctx,
- EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
- }
- else if (Saltlen == -2)
- M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
- if (!EVP_SignInit_ex(&ctx, dgst, NULL))
- goto error;
- if (!EVP_SignUpdate(&ctx, Msg, Msglen))
- goto error;
- if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, &pk))
- goto error;
-
- EVP_MD_CTX_cleanup(&ctx);
-
- fputs("S = ", out);
-
- for (i = 0; i < siglen; i++)
- fprintf(out, "%02X", sigbuf[i]);
-
- fputs("\n", out);
-
- ret = 1;
-
- error:
-
- return ret;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsastest.c (from rev 6976, vendor-crypto/openssl/dist/fips/rsa/fips_rsastest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsastest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsastest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,349 @@
+/* fips_rsastest.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS RSA support\n");
+ return (0);
+}
+
+#else
+
+# include <openssl/rsa.h>
+# include "fips_utl.h"
+
+static int rsa_stest(FILE *out, FILE *in, int Saltlen);
+static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
+ unsigned char *Msg, long Msglen, int Saltlen);
+
+int main(int argc, char **argv)
+{
+ FILE *in = NULL, *out = NULL;
+
+ int ret = 1, Saltlen = -1;
+
+ if (!FIPS_mode_set(1)) {
+ do_print_errors();
+ goto end;
+ }
+
+ if ((argc > 2) && !strcmp("-saltlen", argv[1])) {
+ Saltlen = atoi(argv[2]);
+ if (Saltlen < 0) {
+ fprintf(stderr, "FATAL: Invalid salt length\n");
+ goto end;
+ }
+ argc -= 2;
+ argv += 2;
+ } else if ((argc > 1) && !strcmp("-x931", argv[1])) {
+ Saltlen = -2;
+ argc--;
+ argv++;
+ }
+
+ if (argc == 1)
+ in = stdin;
+ else
+ in = fopen(argv[1], "r");
+
+ if (argc < 2)
+ out = stdout;
+ else
+ out = fopen(argv[2], "w");
+
+ if (!in) {
+ fprintf(stderr, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out) {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!rsa_stest(out, in, Saltlen)) {
+ fprintf(stderr, "FATAL RSASTEST file processing error\n");
+ goto end;
+ } else
+ ret = 0;
+
+ end:
+
+ if (ret)
+ do_print_errors();
+
+ if (in && (in != stdin))
+ fclose(in);
+ if (out && (out != stdout))
+ fclose(out);
+
+ return ret;
+
+}
+
+# define RSA_TEST_MAXLINELEN 10240
+
+int rsa_stest(FILE *out, FILE *in, int Saltlen)
+{
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ RSA *rsa = NULL;
+ const EVP_MD *dgst = NULL;
+ unsigned char *Msg = NULL;
+ long Msglen = -1;
+ int keylen = -1, current_keylen = -1;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+ while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in)) {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no = just copy */
+ if (!p) {
+ if (fputs(olinebuf, out) < 0)
+ goto error;
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+ *p = 0;
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ /* Look for [mod = XXX] for key length */
+
+ if (!strcmp(keyword, "[mod")) {
+ p = value + strlen(value) - 1;
+ if (*p != ']')
+ goto parse_error;
+ *p = 0;
+ keylen = atoi(value);
+ if (keylen < 0)
+ goto parse_error;
+ } else if (!strcmp(keyword, "SHAAlg")) {
+ if (!strcmp(value, "SHA1"))
+ dgst = EVP_sha1();
+ else if (!strcmp(value, "SHA224"))
+ dgst = EVP_sha224();
+ else if (!strcmp(value, "SHA256"))
+ dgst = EVP_sha256();
+ else if (!strcmp(value, "SHA384"))
+ dgst = EVP_sha384();
+ else if (!strcmp(value, "SHA512"))
+ dgst = EVP_sha512();
+ else {
+ fprintf(stderr,
+ "FATAL: unsupported algorithm \"%s\"\n", value);
+ goto parse_error;
+ }
+ } else if (!strcmp(keyword, "Msg")) {
+ if (Msg)
+ goto parse_error;
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ Msg = hex2bin_m(value, &Msglen);
+ if (!Msg)
+ goto parse_error;
+ }
+
+ fputs(olinebuf, out);
+
+ /*
+ * If key length has changed, generate and output public key
+ * components of new RSA private key.
+ */
+
+ if (keylen != current_keylen) {
+ BIGNUM *bn_e;
+ if (rsa)
+ FIPS_rsa_free(rsa);
+ rsa = FIPS_rsa_new();
+ if (!rsa)
+ goto error;
+ bn_e = BN_new();
+ if (!bn_e || !BN_set_word(bn_e, 0x1001))
+ goto error;
+ if (!RSA_X931_generate_key_ex(rsa, keylen, bn_e, NULL))
+ goto error;
+ BN_free(bn_e);
+ fputs("n = ", out);
+ do_bn_print(out, rsa->n);
+ fputs("\ne = ", out);
+ do_bn_print(out, rsa->e);
+ fputs("\n", out);
+ current_keylen = keylen;
+ }
+
+ if (Msg && dgst) {
+ if (!rsa_printsig(out, rsa, dgst, Msg, Msglen, Saltlen))
+ goto error;
+ OPENSSL_free(Msg);
+ Msg = NULL;
+ }
+
+ }
+
+ ret = 1;
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+ if (rsa)
+ FIPS_rsa_free(rsa);
+
+ return ret;
+
+ parse_error:
+
+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+}
+
+static int rsa_printsig(FILE *out, RSA *rsa, const EVP_MD *dgst,
+ unsigned char *Msg, long Msglen, int Saltlen)
+{
+ int ret = 0;
+ unsigned char *sigbuf = NULL;
+ int i, siglen;
+ /* EVP_PKEY structure */
+ EVP_PKEY pk;
+ EVP_MD_CTX ctx;
+ pk.type = EVP_PKEY_RSA;
+ pk.pkey.rsa = rsa;
+
+ siglen = RSA_size(rsa);
+ sigbuf = OPENSSL_malloc(siglen);
+ if (!sigbuf)
+ goto error;
+
+ EVP_MD_CTX_init(&ctx);
+
+ if (Saltlen >= 0) {
+ M_EVP_MD_CTX_set_flags(&ctx,
+ EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
+ } else if (Saltlen == -2)
+ M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
+ if (!EVP_SignInit_ex(&ctx, dgst, NULL))
+ goto error;
+ if (!EVP_SignUpdate(&ctx, Msg, Msglen))
+ goto error;
+ if (!EVP_SignFinal(&ctx, sigbuf, (unsigned int *)&siglen, &pk))
+ goto error;
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ fputs("S = ", out);
+
+ for (i = 0; i < siglen; i++)
+ fprintf(out, "%02X", sigbuf[i]);
+
+ fputs("\n", out);
+
+ ret = 1;
+
+ error:
+
+ return ret;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsavtest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/rsa/fips_rsavtest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsavtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,378 +0,0 @@
-/* fips_rsavtest.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS RSA support\n");
- return(0);
-}
-
-#else
-
-#include <openssl/rsa.h>
-
-#include "fips_utl.h"
-
-int rsa_test(FILE *out, FILE *in, int saltlen);
-static int rsa_printver(FILE *out,
- BIGNUM *n, BIGNUM *e,
- const EVP_MD *dgst,
- unsigned char *Msg, long Msglen,
- unsigned char *S, long Slen, int Saltlen);
-
-int main(int argc, char **argv)
- {
- FILE *in = NULL, *out = NULL;
-
- int ret = 1;
- int Saltlen = -1;
-
- if(!FIPS_mode_set(1))
- {
- do_print_errors();
- goto end;
- }
-
- if ((argc > 2) && !strcmp("-saltlen", argv[1]))
- {
- Saltlen = atoi(argv[2]);
- if (Saltlen < 0)
- {
- fprintf(stderr, "FATAL: Invalid salt length\n");
- goto end;
- }
- argc -= 2;
- argv += 2;
- }
- else if ((argc > 1) && !strcmp("-x931", argv[1]))
- {
- Saltlen = -2;
- argc--;
- argv++;
- }
-
- if (argc == 1)
- in = stdin;
- else
- in = fopen(argv[1], "r");
-
- if (argc < 2)
- out = stdout;
- else
- out = fopen(argv[2], "w");
-
- if (!in)
- {
- fprintf(stderr, "FATAL input initialization error\n");
- goto end;
- }
-
- if (!out)
- {
- fprintf(stderr, "FATAL output initialization error\n");
- goto end;
- }
-
- if (!rsa_test(out, in, Saltlen))
- {
- fprintf(stderr, "FATAL RSAVTEST file processing error\n");
- goto end;
- }
- else
- ret = 0;
-
- end:
-
- if (ret)
- do_print_errors();
-
- if (in && (in != stdin))
- fclose(in);
- if (out && (out != stdout))
- fclose(out);
-
- return ret;
-
- }
-
-#define RSA_TEST_MAXLINELEN 10240
-
-int rsa_test(FILE *out, FILE *in, int Saltlen)
- {
- char *linebuf, *olinebuf, *p, *q;
- char *keyword, *value;
- const EVP_MD *dgst = NULL;
- BIGNUM *n = NULL, *e = NULL;
- unsigned char *Msg = NULL, *S = NULL;
- long Msglen, Slen;
- int ret = 0;
- int lnum = 0;
-
- olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
- linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
-
- if (!linebuf || !olinebuf)
- goto error;
-
- while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in))
- {
- lnum++;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no = or starts with [ (for [foo = bar] line) just copy */
- if (!p || *keyword=='[')
- {
- if (fputs(olinebuf, out) < 0)
- goto error;
- continue;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
-
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- if (!strcmp(keyword, "n"))
- {
- if (!do_hex2bn(&n,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "e"))
- {
- if (!do_hex2bn(&e,value))
- goto parse_error;
- }
- else if (!strcmp(keyword, "SHAAlg"))
- {
- if (!strcmp(value, "SHA1"))
- dgst = EVP_sha1();
- else if (!strcmp(value, "SHA224"))
- dgst = EVP_sha224();
- else if (!strcmp(value, "SHA256"))
- dgst = EVP_sha256();
- else if (!strcmp(value, "SHA384"))
- dgst = EVP_sha384();
- else if (!strcmp(value, "SHA512"))
- dgst = EVP_sha512();
- else
- {
- fprintf(stderr,
- "FATAL: unsupported algorithm \"%s\"\n",
- value);
- goto parse_error;
- }
- }
- else if (!strcmp(keyword, "Msg"))
- {
- if (Msg)
- goto parse_error;
- if (strlen(value) & 1)
- *(--value) = '0';
- Msg = hex2bin_m(value, &Msglen);
- if (!Msg)
- goto parse_error;
- }
- else if (!strcmp(keyword, "S"))
- {
- if (S)
- goto parse_error;
- if (strlen(value) & 1)
- *(--value) = '0';
- S = hex2bin_m(value, &Slen);
- if (!S)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Result"))
- continue;
- else
- goto parse_error;
-
- fputs(olinebuf, out);
-
- if (n && e && Msg && S && dgst)
- {
- if (!rsa_printver(out, n, e, dgst,
- Msg, Msglen, S, Slen, Saltlen))
- goto error;
- OPENSSL_free(Msg);
- Msg = NULL;
- OPENSSL_free(S);
- S = NULL;
- }
-
- }
-
-
- ret = 1;
-
-
- error:
-
- if (olinebuf)
- OPENSSL_free(olinebuf);
- if (linebuf)
- OPENSSL_free(linebuf);
- if (n)
- BN_free(n);
- if (e)
- BN_free(e);
-
- return ret;
-
- parse_error:
-
- fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
-
- goto error;
-
- }
-
-static int rsa_printver(FILE *out,
- BIGNUM *n, BIGNUM *e,
- const EVP_MD *dgst,
- unsigned char *Msg, long Msglen,
- unsigned char *S, long Slen, int Saltlen)
- {
- int ret = 0, r;
- /* Setup RSA and EVP_PKEY structures */
- RSA *rsa_pubkey = NULL;
- EVP_PKEY pk;
- EVP_MD_CTX ctx;
- unsigned char *buf = NULL;
- rsa_pubkey = FIPS_rsa_new();
- if (!rsa_pubkey)
- goto error;
- rsa_pubkey->n = BN_dup(n);
- rsa_pubkey->e = BN_dup(e);
- if (!rsa_pubkey->n || !rsa_pubkey->e)
- goto error;
- pk.type = EVP_PKEY_RSA;
- pk.pkey.rsa = rsa_pubkey;
-
- EVP_MD_CTX_init(&ctx);
-
- if (Saltlen >= 0)
- {
- M_EVP_MD_CTX_set_flags(&ctx,
- EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
- }
- else if (Saltlen == -2)
- M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
- if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
- goto error;
- if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
- goto error;
-
- r = EVP_VerifyFinal(&ctx, S, Slen, &pk);
-
-
- EVP_MD_CTX_cleanup(&ctx);
-
- if (r < 0)
- goto error;
- ERR_clear_error();
-
- if (r == 0)
- fputs("Result = F\n", out);
- else
- fputs("Result = P\n", out);
-
- ret = 1;
-
- error:
- if (rsa_pubkey)
- FIPS_rsa_free(rsa_pubkey);
- if (buf)
- OPENSSL_free(buf);
-
- return ret;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsavtest.c (from rev 6976, vendor-crypto/openssl/dist/fips/rsa/fips_rsavtest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsavtest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/rsa/fips_rsavtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,351 @@
+/* fips_rsavtest.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS RSA support\n");
+ return (0);
+}
+
+#else
+
+# include <openssl/rsa.h>
+
+# include "fips_utl.h"
+
+int rsa_test(FILE *out, FILE *in, int saltlen);
+static int rsa_printver(FILE *out,
+ BIGNUM *n, BIGNUM *e,
+ const EVP_MD *dgst,
+ unsigned char *Msg, long Msglen,
+ unsigned char *S, long Slen, int Saltlen);
+
+int main(int argc, char **argv)
+{
+ FILE *in = NULL, *out = NULL;
+
+ int ret = 1;
+ int Saltlen = -1;
+
+ if (!FIPS_mode_set(1)) {
+ do_print_errors();
+ goto end;
+ }
+
+ if ((argc > 2) && !strcmp("-saltlen", argv[1])) {
+ Saltlen = atoi(argv[2]);
+ if (Saltlen < 0) {
+ fprintf(stderr, "FATAL: Invalid salt length\n");
+ goto end;
+ }
+ argc -= 2;
+ argv += 2;
+ } else if ((argc > 1) && !strcmp("-x931", argv[1])) {
+ Saltlen = -2;
+ argc--;
+ argv++;
+ }
+
+ if (argc == 1)
+ in = stdin;
+ else
+ in = fopen(argv[1], "r");
+
+ if (argc < 2)
+ out = stdout;
+ else
+ out = fopen(argv[2], "w");
+
+ if (!in) {
+ fprintf(stderr, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out) {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!rsa_test(out, in, Saltlen)) {
+ fprintf(stderr, "FATAL RSAVTEST file processing error\n");
+ goto end;
+ } else
+ ret = 0;
+
+ end:
+
+ if (ret)
+ do_print_errors();
+
+ if (in && (in != stdin))
+ fclose(in);
+ if (out && (out != stdout))
+ fclose(out);
+
+ return ret;
+
+}
+
+# define RSA_TEST_MAXLINELEN 10240
+
+int rsa_test(FILE *out, FILE *in, int Saltlen)
+{
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ const EVP_MD *dgst = NULL;
+ BIGNUM *n = NULL, *e = NULL;
+ unsigned char *Msg = NULL, *S = NULL;
+ long Msglen, Slen;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(RSA_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+ while (fgets(olinebuf, RSA_TEST_MAXLINELEN, in)) {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /*
+ * If no = or starts with [ (for [foo = bar] line) just copy
+ */
+ if (!p || *keyword == '[') {
+ if (fputs(olinebuf, out) < 0)
+ goto error;
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+ *p = 0;
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ if (!strcmp(keyword, "n")) {
+ if (!do_hex2bn(&n, value))
+ goto parse_error;
+ } else if (!strcmp(keyword, "e")) {
+ if (!do_hex2bn(&e, value))
+ goto parse_error;
+ } else if (!strcmp(keyword, "SHAAlg")) {
+ if (!strcmp(value, "SHA1"))
+ dgst = EVP_sha1();
+ else if (!strcmp(value, "SHA224"))
+ dgst = EVP_sha224();
+ else if (!strcmp(value, "SHA256"))
+ dgst = EVP_sha256();
+ else if (!strcmp(value, "SHA384"))
+ dgst = EVP_sha384();
+ else if (!strcmp(value, "SHA512"))
+ dgst = EVP_sha512();
+ else {
+ fprintf(stderr,
+ "FATAL: unsupported algorithm \"%s\"\n", value);
+ goto parse_error;
+ }
+ } else if (!strcmp(keyword, "Msg")) {
+ if (Msg)
+ goto parse_error;
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ Msg = hex2bin_m(value, &Msglen);
+ if (!Msg)
+ goto parse_error;
+ } else if (!strcmp(keyword, "S")) {
+ if (S)
+ goto parse_error;
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ S = hex2bin_m(value, &Slen);
+ if (!S)
+ goto parse_error;
+ } else if (!strcmp(keyword, "Result"))
+ continue;
+ else
+ goto parse_error;
+
+ fputs(olinebuf, out);
+
+ if (n && e && Msg && S && dgst) {
+ if (!rsa_printver(out, n, e, dgst, Msg, Msglen, S, Slen, Saltlen))
+ goto error;
+ OPENSSL_free(Msg);
+ Msg = NULL;
+ OPENSSL_free(S);
+ S = NULL;
+ }
+
+ }
+
+ ret = 1;
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+ if (n)
+ BN_free(n);
+ if (e)
+ BN_free(e);
+
+ return ret;
+
+ parse_error:
+
+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+}
+
+static int rsa_printver(FILE *out,
+ BIGNUM *n, BIGNUM *e,
+ const EVP_MD *dgst,
+ unsigned char *Msg, long Msglen,
+ unsigned char *S, long Slen, int Saltlen)
+{
+ int ret = 0, r;
+ /* Setup RSA and EVP_PKEY structures */
+ RSA *rsa_pubkey = NULL;
+ EVP_PKEY pk;
+ EVP_MD_CTX ctx;
+ unsigned char *buf = NULL;
+ rsa_pubkey = FIPS_rsa_new();
+ if (!rsa_pubkey)
+ goto error;
+ rsa_pubkey->n = BN_dup(n);
+ rsa_pubkey->e = BN_dup(e);
+ if (!rsa_pubkey->n || !rsa_pubkey->e)
+ goto error;
+ pk.type = EVP_PKEY_RSA;
+ pk.pkey.rsa = rsa_pubkey;
+
+ EVP_MD_CTX_init(&ctx);
+
+ if (Saltlen >= 0) {
+ M_EVP_MD_CTX_set_flags(&ctx,
+ EVP_MD_CTX_FLAG_PAD_PSS | (Saltlen << 16));
+ } else if (Saltlen == -2)
+ M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_PAD_X931);
+ if (!EVP_VerifyInit_ex(&ctx, dgst, NULL))
+ goto error;
+ if (!EVP_VerifyUpdate(&ctx, Msg, Msglen))
+ goto error;
+
+ r = EVP_VerifyFinal(&ctx, S, Slen, &pk);
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ if (r < 0)
+ goto error;
+ ERR_clear_error();
+
+ if (r == 0)
+ fputs("Result = F\n", out);
+ else
+ fputs("Result = P\n", out);
+
+ ret = 1;
+
+ error:
+ if (rsa_pubkey)
+ FIPS_rsa_free(rsa_pubkey);
+ if (buf)
+ OPENSSL_free(buf);
+
+ return ret;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/sha/fips_sha1_selftest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/sha/fips_sha1_selftest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/sha/fips_sha1_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,97 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/fips.h>
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-
-#ifdef OPENSSL_FIPS
-static char test[][60]=
- {
- "",
- "abc",
- "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
- };
-
-static const unsigned char ret[][SHA_DIGEST_LENGTH]=
- {
- { 0xda,0x39,0xa3,0xee,0x5e,0x6b,0x4b,0x0d,0x32,0x55,
- 0xbf,0xef,0x95,0x60,0x18,0x90,0xaf,0xd8,0x07,0x09 },
- { 0xa9,0x99,0x3e,0x36,0x47,0x06,0x81,0x6a,0xba,0x3e,
- 0x25,0x71,0x78,0x50,0xc2,0x6c,0x9c,0xd0,0xd8,0x9d },
- { 0x84,0x98,0x3e,0x44,0x1c,0x3b,0xd2,0x6e,0xba,0xae,
- 0x4a,0xa1,0xf9,0x51,0x29,0xe5,0xe5,0x46,0x70,0xf1 },
- };
-
-void FIPS_corrupt_sha1()
- {
- test[2][0]++;
- }
-
-int FIPS_selftest_sha1()
- {
- size_t n;
-
- for(n=0 ; n<sizeof(test)/sizeof(test[0]) ; ++n)
- {
- unsigned char md[SHA_DIGEST_LENGTH];
-
- EVP_Digest(test[n],strlen(test[n]),md, NULL, EVP_sha1(), NULL);
- if(memcmp(md,ret[n],sizeof md))
- {
- FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1,FIPS_R_SELFTEST_FAILED);
- return 0;
- }
- }
- return 1;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/sha/fips_sha1_selftest.c (from rev 6976, vendor-crypto/openssl/dist/fips/sha/fips_sha1_selftest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/sha/fips_sha1_selftest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/sha/fips_sha1_selftest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,93 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+#ifdef OPENSSL_FIPS
+static char test[][60] = {
+ "",
+ "abc",
+ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+};
+
+static const unsigned char ret[][SHA_DIGEST_LENGTH] = {
+ {0xda, 0x39, 0xa3, 0xee, 0x5e, 0x6b, 0x4b, 0x0d, 0x32, 0x55,
+ 0xbf, 0xef, 0x95, 0x60, 0x18, 0x90, 0xaf, 0xd8, 0x07, 0x09},
+ {0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 0xba, 0x3e,
+ 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 0x9c, 0xd0, 0xd8, 0x9d},
+ {0x84, 0x98, 0x3e, 0x44, 0x1c, 0x3b, 0xd2, 0x6e, 0xba, 0xae,
+ 0x4a, 0xa1, 0xf9, 0x51, 0x29, 0xe5, 0xe5, 0x46, 0x70, 0xf1},
+};
+
+void FIPS_corrupt_sha1()
+{
+ test[2][0]++;
+}
+
+int FIPS_selftest_sha1()
+{
+ size_t n;
+
+ for (n = 0; n < sizeof(test) / sizeof(test[0]); ++n) {
+ unsigned char md[SHA_DIGEST_LENGTH];
+
+ EVP_Digest(test[n], strlen(test[n]), md, NULL, EVP_sha1(), NULL);
+ if (memcmp(md, ret[n], sizeof md)) {
+ FIPSerr(FIPS_F_FIPS_SELFTEST_SHA1, FIPS_R_SELFTEST_FAILED);
+ return 0;
+ }
+ }
+ return 1;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/sha/fips_shatest.c
===================================================================
--- vendor-crypto/openssl/dist/fips/sha/fips_shatest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/sha/fips_shatest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,388 +0,0 @@
-/* fips_shatest.c */
-/* Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL
- * project 2005.
- */
-/* ====================================================================
- * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/x509v3.h>
-
-#ifndef OPENSSL_FIPS
-
-int main(int argc, char *argv[])
-{
- printf("No FIPS SHAXXX support\n");
- return(0);
-}
-
-#else
-
-#include "fips_utl.h"
-
-static int dgst_test(FILE *out, FILE *in);
-static int print_dgst(const EVP_MD *md, FILE *out,
- unsigned char *Msg, int Msglen);
-static int print_monte(const EVP_MD *md, FILE *out,
- unsigned char *Seed, int SeedLen);
-
-int main(int argc, char **argv)
- {
- FILE *in = NULL, *out = NULL;
-
- int ret = 1;
-
- if(!FIPS_mode_set(1))
- {
- do_print_errors();
- goto end;
- }
-
- if (argc == 1)
- in = stdin;
- else
- in = fopen(argv[1], "r");
-
- if (argc < 2)
- out = stdout;
- else
- out = fopen(argv[2], "w");
-
- if (!in)
- {
- fprintf(stderr, "FATAL input initialization error\n");
- goto end;
- }
-
- if (!out)
- {
- fprintf(stderr, "FATAL output initialization error\n");
- goto end;
- }
-
- if (!dgst_test(out, in))
- {
- fprintf(stderr, "FATAL digest file processing error\n");
- goto end;
- }
- else
- ret = 0;
-
- end:
-
- if (ret)
- do_print_errors();
-
- if (in && (in != stdin))
- fclose(in);
- if (out && (out != stdout))
- fclose(out);
-
- return ret;
-
- }
-
-#define SHA_TEST_MAX_BITS 102400
-#define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100)
-
-int dgst_test(FILE *out, FILE *in)
- {
- const EVP_MD *md = NULL;
- char *linebuf, *olinebuf, *p, *q;
- char *keyword, *value;
- unsigned char *Msg = NULL, *Seed = NULL;
- long MsgLen = -1, Len = -1, SeedLen = -1;
- int ret = 0;
- int lnum = 0;
-
- olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
- linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
-
- if (!linebuf || !olinebuf)
- goto error;
-
-
- while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in))
- {
- lnum++;
- strcpy(linebuf, olinebuf);
- keyword = linebuf;
- /* Skip leading space */
- while (isspace((unsigned char)*keyword))
- keyword++;
-
- /* Look for = sign */
- p = strchr(linebuf, '=');
-
- /* If no = or starts with [ (for [L=20] line) just copy */
- if (!p)
- {
- fputs(olinebuf, out);
- continue;
- }
-
- q = p - 1;
-
- /* Remove trailing space */
- while (isspace((unsigned char)*q))
- *q-- = 0;
-
- *p = 0;
- value = p + 1;
-
- /* Remove leading space from value */
- while (isspace((unsigned char)*value))
- value++;
-
- /* Remove trailing space from value */
- p = value + strlen(value) - 1;
- while (*p == '\n' || isspace((unsigned char)*p))
- *p-- = 0;
-
- if (!strcmp(keyword,"[L") && *p==']')
- {
- switch (atoi(value))
- {
- case 20: md=EVP_sha1(); break;
- case 28: md=EVP_sha224(); break;
- case 32: md=EVP_sha256(); break;
- case 48: md=EVP_sha384(); break;
- case 64: md=EVP_sha512(); break;
- default: goto parse_error;
- }
- }
- else if (!strcmp(keyword, "Len"))
- {
- if (Len != -1)
- goto parse_error;
- Len = atoi(value);
- if (Len < 0)
- goto parse_error;
- /* Only handle multiples of 8 bits */
- if (Len & 0x7)
- goto parse_error;
- if (Len > SHA_TEST_MAX_BITS)
- goto parse_error;
- MsgLen = Len >> 3;
- }
-
- else if (!strcmp(keyword, "Msg"))
- {
- long tmplen;
- if (strlen(value) & 1)
- *(--value) = '0';
- if (Msg)
- goto parse_error;
- Msg = hex2bin_m(value, &tmplen);
- if (!Msg)
- goto parse_error;
- }
- else if (!strcmp(keyword, "Seed"))
- {
- if (strlen(value) & 1)
- *(--value) = '0';
- if (Seed)
- goto parse_error;
- Seed = hex2bin_m(value, &SeedLen);
- if (!Seed)
- goto parse_error;
- }
- else if (!strcmp(keyword, "MD"))
- continue;
- else
- goto parse_error;
-
- fputs(olinebuf, out);
-
- if (md && Msg && (MsgLen >= 0))
- {
- if (!print_dgst(md, out, Msg, MsgLen))
- goto error;
- OPENSSL_free(Msg);
- Msg = NULL;
- MsgLen = -1;
- Len = -1;
- }
- else if (md && Seed && (SeedLen > 0))
- {
- if (!print_monte(md, out, Seed, SeedLen))
- goto error;
- OPENSSL_free(Seed);
- Seed = NULL;
- SeedLen = -1;
- }
-
-
- }
-
-
- ret = 1;
-
-
- error:
-
- if (olinebuf)
- OPENSSL_free(olinebuf);
- if (linebuf)
- OPENSSL_free(linebuf);
- if (Msg)
- OPENSSL_free(Msg);
- if (Seed)
- OPENSSL_free(Seed);
-
- return ret;
-
- parse_error:
-
- fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
-
- goto error;
-
- }
-
-static int print_dgst(const EVP_MD *emd, FILE *out,
- unsigned char *Msg, int Msglen)
- {
- int i, mdlen;
- unsigned char md[EVP_MAX_MD_SIZE];
- if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL))
- {
- fputs("Error calculating HASH\n", stderr);
- return 0;
- }
- fputs("MD = ", out);
- for (i = 0; i < mdlen; i++)
- fprintf(out, "%02x", md[i]);
- fputs("\n", out);
- return 1;
- }
-
-static int print_monte(const EVP_MD *md, FILE *out,
- unsigned char *Seed, int SeedLen)
- {
- unsigned int i, j, k;
- int ret = 0;
- EVP_MD_CTX ctx;
- unsigned char *m1, *m2, *m3, *p;
- unsigned int mlen, m1len, m2len, m3len;
-
- EVP_MD_CTX_init(&ctx);
-
- if (SeedLen > EVP_MAX_MD_SIZE)
- mlen = SeedLen;
- else
- mlen = EVP_MAX_MD_SIZE;
-
- m1 = OPENSSL_malloc(mlen);
- m2 = OPENSSL_malloc(mlen);
- m3 = OPENSSL_malloc(mlen);
-
- if (!m1 || !m2 || !m3)
- goto mc_error;
-
- m1len = m2len = m3len = SeedLen;
- memcpy(m1, Seed, SeedLen);
- memcpy(m2, Seed, SeedLen);
- memcpy(m3, Seed, SeedLen);
-
- fputs("\n", out);
-
- for (j = 0; j < 100; j++)
- {
- for (i = 0; i < 1000; i++)
- {
- EVP_DigestInit_ex(&ctx, md, NULL);
- EVP_DigestUpdate(&ctx, m1, m1len);
- EVP_DigestUpdate(&ctx, m2, m2len);
- EVP_DigestUpdate(&ctx, m3, m3len);
- p = m1;
- m1 = m2;
- m1len = m2len;
- m2 = m3;
- m2len = m3len;
- m3 = p;
- EVP_DigestFinal_ex(&ctx, m3, &m3len);
- }
- fprintf(out, "COUNT = %d\n", j);
- fputs("MD = ", out);
- for (k = 0; k < m3len; k++)
- fprintf(out, "%02x", m3[k]);
- fputs("\n\n", out);
- memcpy(m1, m3, m3len);
- memcpy(m2, m3, m3len);
- m1len = m2len = m3len;
- }
-
- ret = 1;
-
- mc_error:
- if (m1)
- OPENSSL_free(m1);
- if (m2)
- OPENSSL_free(m2);
- if (m3)
- OPENSSL_free(m3);
-
- EVP_MD_CTX_cleanup(&ctx);
-
- return ret;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/fips/sha/fips_shatest.c (from rev 6976, vendor-crypto/openssl/dist/fips/sha/fips_shatest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/sha/fips_shatest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/sha/fips_shatest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,375 @@
+/* fips_shatest.c */
+/*
+ * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
+ * 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_FIPS
+
+int main(int argc, char *argv[])
+{
+ printf("No FIPS SHAXXX support\n");
+ return (0);
+}
+
+#else
+
+# include "fips_utl.h"
+
+static int dgst_test(FILE *out, FILE *in);
+static int print_dgst(const EVP_MD *md, FILE *out,
+ unsigned char *Msg, int Msglen);
+static int print_monte(const EVP_MD *md, FILE *out,
+ unsigned char *Seed, int SeedLen);
+
+int main(int argc, char **argv)
+{
+ FILE *in = NULL, *out = NULL;
+
+ int ret = 1;
+
+ if (!FIPS_mode_set(1)) {
+ do_print_errors();
+ goto end;
+ }
+
+ if (argc == 1)
+ in = stdin;
+ else
+ in = fopen(argv[1], "r");
+
+ if (argc < 2)
+ out = stdout;
+ else
+ out = fopen(argv[2], "w");
+
+ if (!in) {
+ fprintf(stderr, "FATAL input initialization error\n");
+ goto end;
+ }
+
+ if (!out) {
+ fprintf(stderr, "FATAL output initialization error\n");
+ goto end;
+ }
+
+ if (!dgst_test(out, in)) {
+ fprintf(stderr, "FATAL digest file processing error\n");
+ goto end;
+ } else
+ ret = 0;
+
+ end:
+
+ if (ret)
+ do_print_errors();
+
+ if (in && (in != stdin))
+ fclose(in);
+ if (out && (out != stdout))
+ fclose(out);
+
+ return ret;
+
+}
+
+# define SHA_TEST_MAX_BITS 102400
+# define SHA_TEST_MAXLINELEN (((SHA_TEST_MAX_BITS >> 3) * 2) + 100)
+
+int dgst_test(FILE *out, FILE *in)
+{
+ const EVP_MD *md = NULL;
+ char *linebuf, *olinebuf, *p, *q;
+ char *keyword, *value;
+ unsigned char *Msg = NULL, *Seed = NULL;
+ long MsgLen = -1, Len = -1, SeedLen = -1;
+ int ret = 0;
+ int lnum = 0;
+
+ olinebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+ linebuf = OPENSSL_malloc(SHA_TEST_MAXLINELEN);
+
+ if (!linebuf || !olinebuf)
+ goto error;
+
+ while (fgets(olinebuf, SHA_TEST_MAXLINELEN, in)) {
+ lnum++;
+ strcpy(linebuf, olinebuf);
+ keyword = linebuf;
+ /* Skip leading space */
+ while (isspace((unsigned char)*keyword))
+ keyword++;
+
+ /* Look for = sign */
+ p = strchr(linebuf, '=');
+
+ /* If no = or starts with [ (for [L=20] line) just copy */
+ if (!p) {
+ fputs(olinebuf, out);
+ continue;
+ }
+
+ q = p - 1;
+
+ /* Remove trailing space */
+ while (isspace((unsigned char)*q))
+ *q-- = 0;
+
+ *p = 0;
+ value = p + 1;
+
+ /* Remove leading space from value */
+ while (isspace((unsigned char)*value))
+ value++;
+
+ /* Remove trailing space from value */
+ p = value + strlen(value) - 1;
+ while (*p == '\n' || isspace((unsigned char)*p))
+ *p-- = 0;
+
+ if (!strcmp(keyword, "[L") && *p == ']') {
+ switch (atoi(value)) {
+ case 20:
+ md = EVP_sha1();
+ break;
+ case 28:
+ md = EVP_sha224();
+ break;
+ case 32:
+ md = EVP_sha256();
+ break;
+ case 48:
+ md = EVP_sha384();
+ break;
+ case 64:
+ md = EVP_sha512();
+ break;
+ default:
+ goto parse_error;
+ }
+ } else if (!strcmp(keyword, "Len")) {
+ if (Len != -1)
+ goto parse_error;
+ Len = atoi(value);
+ if (Len < 0)
+ goto parse_error;
+ /* Only handle multiples of 8 bits */
+ if (Len & 0x7)
+ goto parse_error;
+ if (Len > SHA_TEST_MAX_BITS)
+ goto parse_error;
+ MsgLen = Len >> 3;
+ }
+
+ else if (!strcmp(keyword, "Msg")) {
+ long tmplen;
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ if (Msg)
+ goto parse_error;
+ Msg = hex2bin_m(value, &tmplen);
+ if (!Msg)
+ goto parse_error;
+ } else if (!strcmp(keyword, "Seed")) {
+ if (strlen(value) & 1)
+ *(--value) = '0';
+ if (Seed)
+ goto parse_error;
+ Seed = hex2bin_m(value, &SeedLen);
+ if (!Seed)
+ goto parse_error;
+ } else if (!strcmp(keyword, "MD"))
+ continue;
+ else
+ goto parse_error;
+
+ fputs(olinebuf, out);
+
+ if (md && Msg && (MsgLen >= 0)) {
+ if (!print_dgst(md, out, Msg, MsgLen))
+ goto error;
+ OPENSSL_free(Msg);
+ Msg = NULL;
+ MsgLen = -1;
+ Len = -1;
+ } else if (md && Seed && (SeedLen > 0)) {
+ if (!print_monte(md, out, Seed, SeedLen))
+ goto error;
+ OPENSSL_free(Seed);
+ Seed = NULL;
+ SeedLen = -1;
+ }
+
+ }
+
+ ret = 1;
+
+ error:
+
+ if (olinebuf)
+ OPENSSL_free(olinebuf);
+ if (linebuf)
+ OPENSSL_free(linebuf);
+ if (Msg)
+ OPENSSL_free(Msg);
+ if (Seed)
+ OPENSSL_free(Seed);
+
+ return ret;
+
+ parse_error:
+
+ fprintf(stderr, "FATAL parse error processing line %d\n", lnum);
+
+ goto error;
+
+}
+
+static int print_dgst(const EVP_MD *emd, FILE *out,
+ unsigned char *Msg, int Msglen)
+{
+ int i, mdlen;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ if (!EVP_Digest(Msg, Msglen, md, (unsigned int *)&mdlen, emd, NULL)) {
+ fputs("Error calculating HASH\n", stderr);
+ return 0;
+ }
+ fputs("MD = ", out);
+ for (i = 0; i < mdlen; i++)
+ fprintf(out, "%02x", md[i]);
+ fputs("\n", out);
+ return 1;
+}
+
+static int print_monte(const EVP_MD *md, FILE *out,
+ unsigned char *Seed, int SeedLen)
+{
+ unsigned int i, j, k;
+ int ret = 0;
+ EVP_MD_CTX ctx;
+ unsigned char *m1, *m2, *m3, *p;
+ unsigned int mlen, m1len, m2len, m3len;
+
+ EVP_MD_CTX_init(&ctx);
+
+ if (SeedLen > EVP_MAX_MD_SIZE)
+ mlen = SeedLen;
+ else
+ mlen = EVP_MAX_MD_SIZE;
+
+ m1 = OPENSSL_malloc(mlen);
+ m2 = OPENSSL_malloc(mlen);
+ m3 = OPENSSL_malloc(mlen);
+
+ if (!m1 || !m2 || !m3)
+ goto mc_error;
+
+ m1len = m2len = m3len = SeedLen;
+ memcpy(m1, Seed, SeedLen);
+ memcpy(m2, Seed, SeedLen);
+ memcpy(m3, Seed, SeedLen);
+
+ fputs("\n", out);
+
+ for (j = 0; j < 100; j++) {
+ for (i = 0; i < 1000; i++) {
+ EVP_DigestInit_ex(&ctx, md, NULL);
+ EVP_DigestUpdate(&ctx, m1, m1len);
+ EVP_DigestUpdate(&ctx, m2, m2len);
+ EVP_DigestUpdate(&ctx, m3, m3len);
+ p = m1;
+ m1 = m2;
+ m1len = m2len;
+ m2 = m3;
+ m2len = m3len;
+ m3 = p;
+ EVP_DigestFinal_ex(&ctx, m3, &m3len);
+ }
+ fprintf(out, "COUNT = %d\n", j);
+ fputs("MD = ", out);
+ for (k = 0; k < m3len; k++)
+ fprintf(out, "%02x", m3[k]);
+ fputs("\n\n", out);
+ memcpy(m1, m3, m3len);
+ memcpy(m2, m3, m3len);
+ m1len = m2len = m3len;
+ }
+
+ ret = 1;
+
+ mc_error:
+ if (m1)
+ OPENSSL_free(m1);
+ if (m2)
+ OPENSSL_free(m2);
+ if (m3)
+ OPENSSL_free(m3);
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ return ret;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/fips/sha/fips_standalone_sha1.c
===================================================================
--- vendor-crypto/openssl/dist/fips/sha/fips_standalone_sha1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/fips/sha/fips_standalone_sha1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,173 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#include <openssl/sha.h>
-#include <openssl/hmac.h>
-
-#ifndef FIPSCANISTER_O
-int FIPS_selftest_failed() { return 0; }
-void FIPS_selftest_check() {}
-void OPENSSL_cleanse(void *p,size_t len) {}
-#endif
-
-#ifdef OPENSSL_FIPS
-
-static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx,
- const char *key)
- {
- size_t len=strlen(key);
- int i;
- unsigned char keymd[HMAC_MAX_MD_CBLOCK];
- unsigned char pad[HMAC_MAX_MD_CBLOCK];
-
- if (len > SHA_CBLOCK)
- {
- SHA1_Init(md_ctx);
- SHA1_Update(md_ctx,key,len);
- SHA1_Final(keymd,md_ctx);
- len=20;
- }
- else
- memcpy(keymd,key,len);
- memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len);
-
- for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
- pad[i]=0x36^keymd[i];
- SHA1_Init(md_ctx);
- SHA1_Update(md_ctx,pad,SHA_CBLOCK);
-
- for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++)
- pad[i]=0x5c^keymd[i];
- SHA1_Init(o_ctx);
- SHA1_Update(o_ctx,pad,SHA_CBLOCK);
- }
-
-static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx)
- {
- unsigned char buf[20];
-
- SHA1_Final(buf,md_ctx);
- SHA1_Update(o_ctx,buf,sizeof buf);
- SHA1_Final(md,o_ctx);
- }
-
-#endif
-
-int main(int argc,char **argv)
- {
-#ifdef OPENSSL_FIPS
- static char key[]="etaonrishdlcupfm";
- int n,binary=0;
-
- if(argc < 2)
- {
- fprintf(stderr,"%s [<file>]+\n",argv[0]);
- exit(1);
- }
-
- n=1;
- if (!strcmp(argv[n],"-binary"))
- {
- n++;
- binary=1; /* emit binary fingerprint... */
- }
-
- for(; n < argc ; ++n)
- {
- FILE *f=fopen(argv[n],"rb");
- SHA_CTX md_ctx,o_ctx;
- unsigned char md[20];
- int i;
-
- if(!f)
- {
- perror(argv[n]);
- exit(2);
- }
-
- hmac_init(&md_ctx,&o_ctx,key);
- for( ; ; )
- {
- char buf[1024];
- size_t l=fread(buf,1,sizeof buf,f);
-
- if(l == 0)
- {
- if(ferror(f))
- {
- perror(argv[n]);
- exit(3);
- }
- else
- break;
- }
- SHA1_Update(&md_ctx,buf,l);
- }
- hmac_final(md,&md_ctx,&o_ctx);
-
- if (binary)
- {
- fwrite(md,20,1,stdout);
- break; /* ... for single(!) file */
- }
-
- printf("HMAC-SHA1(%s)= ",argv[n]);
- for(i=0 ; i < 20 ; ++i)
- printf("%02x",md[i]);
- printf("\n");
- }
-#endif
- return 0;
- }
-
-
Copied: vendor-crypto/openssl/0.9.8zf/fips/sha/fips_standalone_sha1.c (from rev 6976, vendor-crypto/openssl/dist/fips/sha/fips_standalone_sha1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/fips/sha/fips_standalone_sha1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/fips/sha/fips_standalone_sha1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,168 @@
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/sha.h>
+#include <openssl/hmac.h>
+
+#ifndef FIPSCANISTER_O
+int FIPS_selftest_failed()
+{
+ return 0;
+}
+
+void FIPS_selftest_check()
+{
+}
+
+void OPENSSL_cleanse(void *p, size_t len)
+{
+}
+#endif
+
+#ifdef OPENSSL_FIPS
+
+static void hmac_init(SHA_CTX *md_ctx, SHA_CTX *o_ctx, const char *key)
+{
+ size_t len = strlen(key);
+ int i;
+ unsigned char keymd[HMAC_MAX_MD_CBLOCK];
+ unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+ if (len > SHA_CBLOCK) {
+ SHA1_Init(md_ctx);
+ SHA1_Update(md_ctx, key, len);
+ SHA1_Final(keymd, md_ctx);
+ len = 20;
+ } else
+ memcpy(keymd, key, len);
+ memset(&keymd[len], '\0', HMAC_MAX_MD_CBLOCK - len);
+
+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+ pad[i] = 0x36 ^ keymd[i];
+ SHA1_Init(md_ctx);
+ SHA1_Update(md_ctx, pad, SHA_CBLOCK);
+
+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+ pad[i] = 0x5c ^ keymd[i];
+ SHA1_Init(o_ctx);
+ SHA1_Update(o_ctx, pad, SHA_CBLOCK);
+}
+
+static void hmac_final(unsigned char *md, SHA_CTX *md_ctx, SHA_CTX *o_ctx)
+{
+ unsigned char buf[20];
+
+ SHA1_Final(buf, md_ctx);
+ SHA1_Update(o_ctx, buf, sizeof buf);
+ SHA1_Final(md, o_ctx);
+}
+
+#endif
+
+int main(int argc, char **argv)
+{
+#ifdef OPENSSL_FIPS
+ static char key[] = "etaonrishdlcupfm";
+ int n, binary = 0;
+
+ if (argc < 2) {
+ fprintf(stderr, "%s [<file>]+\n", argv[0]);
+ exit(1);
+ }
+
+ n = 1;
+ if (!strcmp(argv[n], "-binary")) {
+ n++;
+ binary = 1; /* emit binary fingerprint... */
+ }
+
+ for (; n < argc; ++n) {
+ FILE *f = fopen(argv[n], "rb");
+ SHA_CTX md_ctx, o_ctx;
+ unsigned char md[20];
+ int i;
+
+ if (!f) {
+ perror(argv[n]);
+ exit(2);
+ }
+
+ hmac_init(&md_ctx, &o_ctx, key);
+ for (;;) {
+ char buf[1024];
+ size_t l = fread(buf, 1, sizeof buf, f);
+
+ if (l == 0) {
+ if (ferror(f)) {
+ perror(argv[n]);
+ exit(3);
+ } else
+ break;
+ }
+ SHA1_Update(&md_ctx, buf, l);
+ }
+ hmac_final(md, &md_ctx, &o_ctx);
+
+ if (binary) {
+ fwrite(md, 20, 1, stdout);
+ break; /* ... for single(!) file */
+ }
+
+ printf("HMAC-SHA1(%s)= ", argv[n]);
+ for (i = 0; i < 20; ++i)
+ printf("%02x", md[i]);
+ printf("\n");
+ }
+#endif
+ return 0;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/openssl.spec
===================================================================
--- vendor-crypto/openssl/dist/openssl.spec 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/openssl.spec 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,209 +0,0 @@
-%define _unpackaged_files_terminate_build 0
-
-Release: 1
-
-%define openssldir /var/ssl
-
-Summary: Secure Sockets Layer and cryptography libraries and tools
-Name: openssl
-Version: 0.9.8zc
-Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-License: OpenSSL
-Group: System Environment/Libraries
-Provides: SSL
-URL: http://www.openssl.org/
-Packager: Damien Miller <djm at mindrot.org>
-BuildRoot: /var/tmp/%{name}-%{version}-root
-
-%description
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, fully featured, and Open Source toolkit implementing the
-Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols as well as a full-strength general purpose cryptography library.
-The project is managed by a worldwide community of volunteers that use the
-Internet to communicate, plan, and develop the OpenSSL tookit and its related
-documentation.
-
-OpenSSL is based on the excellent SSLeay library developed from Eric A.
-Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
-Apache-style licence, which basically means that you are free to get and
-use it for commercial and non-commercial purposes.
-
-This package contains the base OpenSSL cryptography and SSL/TLS
-libraries and tools.
-
-%package devel
-Summary: Secure Sockets Layer and cryptography static libraries and headers
-Group: Development/Libraries
-Requires: openssl
-%description devel
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, fully featured, and Open Source toolkit implementing the
-Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols as well as a full-strength general purpose cryptography library.
-The project is managed by a worldwide community of volunteers that use the
-Internet to communicate, plan, and develop the OpenSSL tookit and its related
-documentation.
-
-OpenSSL is based on the excellent SSLeay library developed from Eric A.
-Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
-Apache-style licence, which basically means that you are free to get and
-use it for commercial and non-commercial purposes.
-
-This package contains the the OpenSSL cryptography and SSL/TLS
-static libraries and header files required when developing applications.
-
-%package doc
-Summary: OpenSSL miscellaneous files
-Group: Documentation
-Requires: openssl
-%description doc
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, fully featured, and Open Source toolkit implementing the
-Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols as well as a full-strength general purpose cryptography library.
-The project is managed by a worldwide community of volunteers that use the
-Internet to communicate, plan, and develop the OpenSSL tookit and its related
-documentation.
-
-OpenSSL is based on the excellent SSLeay library developed from Eric A.
-Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
-Apache-style licence, which basically means that you are free to get and
-use it for commercial and non-commercial purposes.
-
-This package contains the the OpenSSL cryptography and SSL/TLS extra
-documentation and POD files from which the man pages were produced.
-
-%prep
-
-%setup -q
-
-%build
-
-%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir}
-
-perl util/perlpath.pl /usr/bin/perl
-
-%ifarch i386 i486 i586 i686
-./Configure %{CONFIG_FLAGS} linux-elf shared
-%endif
-%ifarch ppc
-./Configure %{CONFIG_FLAGS} linux-ppc shared
-%endif
-%ifarch alpha
-./Configure %{CONFIG_FLAGS} linux-alpha shared
-%endif
-%ifarch x86_64
-./Configure %{CONFIG_FLAGS} linux-x86_64 shared
-%endif
-LD_LIBRARY_PATH=`pwd` make
-LD_LIBRARY_PATH=`pwd` make rehash
-LD_LIBRARY_PATH=`pwd` make test
-
-%install
-rm -rf $RPM_BUILD_ROOT
-make MANDIR=/usr/man MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install
-
-# Make backwards-compatibility symlink to ssleay
-ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(0644,root,root,0755)
-%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
-
-%attr(0755,root,root) /usr/bin/*
-%attr(0755,root,root) /usr/lib/*.so*
-%attr(0755,root,root) %{openssldir}/misc/*
-%attr(0644,root,root) /usr/man/man[157]/*
-
-%config %attr(0644,root,root) %{openssldir}/openssl.cnf
-%dir %attr(0755,root,root) %{openssldir}/certs
-%dir %attr(0755,root,root) %{openssldir}/misc
-%dir %attr(0750,root,root) %{openssldir}/private
-
-%files devel
-%defattr(0644,root,root,0755)
-%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
-
-%attr(0644,root,root) /usr/lib/*.a
-%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc
-%attr(0644,root,root) /usr/include/openssl/*
-%attr(0644,root,root) /usr/man/man[3]/*
-
-%files doc
-%defattr(0644,root,root,0755)
-%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
-%doc doc
-
-%post
-ldconfig
-
-%postun
-ldconfig
-
-%changelog
-* Sun Jun 6 2005 Richard Levitte <richard at levitte.org>
-- Remove the incorrect installation of '%{openssldir}/lib'.
-* Wed May 7 2003 Richard Levitte <richard at levitte.org>
-- Add /usr/lib/pkgconfig/openssl.pc to the development section.
-* Thu Mar 22 2001 Richard Levitte <richard at levitte.org>
-- Removed redundant subsection that re-installed libcrypto.a and libssl.a
- as well. Also remove RSAref stuff completely, since it's not needed
- any more.
-* Thu Mar 15 2001 Jeremiah Johnson <jjohnson at penguincomputing.com>
-- Removed redundant subsection that re-installed libcrypto.so.0.9.6 and
- libssl.so.0.9.6. As well as the subsection that created symlinks for
- these. make install handles all this.
-* Sat Oct 21 2000 Horms <horms at vergenet.net>
-- Make sure symlinks are created by using -f flag to ln.
- Otherwise some .so libraries are copied rather than
- linked in the resulting binary RPM. This causes the package
- to be larger than neccessary and makes ldconfig complain.
-* Fri Oct 13 2000 Horms <horms at vergenet.net>
-- Make defattr is set for files in all packages so packages built as
- non-root will still be installed with files owned by root.
-* Thu Sep 14 2000 Richard Levitte <richard at levitte.org>
-- Changed to adapt to the new (supported) way of making shared libraries
-- Installs all static libraries, not just libRSAglue.a
-- Extra documents now end up in a separate document package
-* Sun Feb 27 2000 Damien Miller <djm at mindrot.org>
-- Merged patches to spec
-- Updated to 0.9.5beta2 (now with manpages)
-* Sat Feb 5 2000 Michal Jaegermann <michal at harddata.com>
-- added 'linux-alpha' to configuration
-- fixed nasty absolute links
-* Tue Jan 25 2000 Bennett Todd <bet at rahul.net>
-- Added -DSSL_ALLOW_ADH, bumped Release to 4
-* Thu Oct 14 1999 Damien Miller <djm at mindrot.org>
-- Set default permissions
-- Removed documentation from devel sub-package
-* Thu Sep 30 1999 Damien Miller <djm at mindrot.org>
-- Added "make test" stage
-- GPG signed
-* Tue Sep 10 1999 Damien Miller <damien at ibs.com.au>
-- Updated to version 0.9.4
-* Tue May 25 1999 Damien Miller <damien at ibs.com.au>
-- Updated to version 0.9.3
-- Added attributes for all files
-- Paramatised openssl directory
-* Sat Mar 20 1999 Carlo M. Arenas Belon <carenas at jmconsultores.com.pe>
-- Added "official" bnrec patch and taking other out
-- making a link from ssleay to openssl binary
-- putting all changelog together on SPEC file
-* Fri Mar 5 1999 Henri Gomez <gomez at slib.fr>
-- Added bnrec patch
-* Tue Dec 29 1998 Jonathan Ruano <kobalt at james.encomix.es>
-- minimum spec and patches changes for openssl
-- modified for openssl sources
-* Sat Aug 8 1998 Khimenko Victor <khim at sch57.msk.ru>
-- shared library creating process honours $RPM_OPT_FLAGS
-- shared libarry supports threads (as well as static library)
-* Wed Jul 22 1998 Khimenko Victor <khim at sch57.msk.ru>
-- building of shared library completely reworked
-* Tue Jul 21 1998 Khimenko Victor <khim at sch57.msk.ru>
-- RPM is BuildRoot'ed
-* Tue Feb 10 1998 Khimenko Victor <khim at sch57.msk.ru>
-- all stuff is moved out of /usr/local
Copied: vendor-crypto/openssl/0.9.8zf/openssl.spec (from rev 6976, vendor-crypto/openssl/dist/openssl.spec)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/openssl.spec (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/openssl.spec 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,209 @@
+%define _unpackaged_files_terminate_build 0
+
+Release: 1
+
+%define openssldir /var/ssl
+
+Summary: Secure Sockets Layer and cryptography libraries and tools
+Name: openssl
+Version: 0.9.8zf
+Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
+License: OpenSSL
+Group: System Environment/Libraries
+Provides: SSL
+URL: http://www.openssl.org/
+Packager: Damien Miller <djm at mindrot.org>
+BuildRoot: /var/tmp/%{name}-%{version}-root
+
+%description
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, fully featured, and Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
+documentation.
+
+OpenSSL is based on the excellent SSLeay library developed from Eric A.
+Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
+Apache-style licence, which basically means that you are free to get and
+use it for commercial and non-commercial purposes.
+
+This package contains the base OpenSSL cryptography and SSL/TLS
+libraries and tools.
+
+%package devel
+Summary: Secure Sockets Layer and cryptography static libraries and headers
+Group: Development/Libraries
+Requires: openssl
+%description devel
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, fully featured, and Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
+documentation.
+
+OpenSSL is based on the excellent SSLeay library developed from Eric A.
+Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
+Apache-style licence, which basically means that you are free to get and
+use it for commercial and non-commercial purposes.
+
+This package contains the the OpenSSL cryptography and SSL/TLS
+static libraries and header files required when developing applications.
+
+%package doc
+Summary: OpenSSL miscellaneous files
+Group: Documentation
+Requires: openssl
+%description doc
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, fully featured, and Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
+documentation.
+
+OpenSSL is based on the excellent SSLeay library developed from Eric A.
+Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
+Apache-style licence, which basically means that you are free to get and
+use it for commercial and non-commercial purposes.
+
+This package contains the the OpenSSL cryptography and SSL/TLS extra
+documentation and POD files from which the man pages were produced.
+
+%prep
+
+%setup -q
+
+%build
+
+%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir}
+
+perl util/perlpath.pl /usr/bin/perl
+
+%ifarch i386 i486 i586 i686
+./Configure %{CONFIG_FLAGS} linux-elf shared
+%endif
+%ifarch ppc
+./Configure %{CONFIG_FLAGS} linux-ppc shared
+%endif
+%ifarch alpha
+./Configure %{CONFIG_FLAGS} linux-alpha shared
+%endif
+%ifarch x86_64
+./Configure %{CONFIG_FLAGS} linux-x86_64 shared
+%endif
+LD_LIBRARY_PATH=`pwd` make
+LD_LIBRARY_PATH=`pwd` make rehash
+LD_LIBRARY_PATH=`pwd` make test
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make MANDIR=/usr/man MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install
+
+# Make backwards-compatibility symlink to ssleay
+ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(0644,root,root,0755)
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+
+%attr(0755,root,root) /usr/bin/*
+%attr(0755,root,root) /usr/lib/*.so*
+%attr(0755,root,root) %{openssldir}/misc/*
+%attr(0644,root,root) /usr/man/man[157]/*
+
+%config %attr(0644,root,root) %{openssldir}/openssl.cnf
+%dir %attr(0755,root,root) %{openssldir}/certs
+%dir %attr(0755,root,root) %{openssldir}/misc
+%dir %attr(0750,root,root) %{openssldir}/private
+
+%files devel
+%defattr(0644,root,root,0755)
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+
+%attr(0644,root,root) /usr/lib/*.a
+%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc
+%attr(0644,root,root) /usr/include/openssl/*
+%attr(0644,root,root) /usr/man/man[3]/*
+
+%files doc
+%defattr(0644,root,root,0755)
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+%doc doc
+
+%post
+ldconfig
+
+%postun
+ldconfig
+
+%changelog
+* Sun Jun 6 2005 Richard Levitte <richard at levitte.org>
+- Remove the incorrect installation of '%{openssldir}/lib'.
+* Wed May 7 2003 Richard Levitte <richard at levitte.org>
+- Add /usr/lib/pkgconfig/openssl.pc to the development section.
+* Thu Mar 22 2001 Richard Levitte <richard at levitte.org>
+- Removed redundant subsection that re-installed libcrypto.a and libssl.a
+ as well. Also remove RSAref stuff completely, since it's not needed
+ any more.
+* Thu Mar 15 2001 Jeremiah Johnson <jjohnson at penguincomputing.com>
+- Removed redundant subsection that re-installed libcrypto.so.0.9.6 and
+ libssl.so.0.9.6. As well as the subsection that created symlinks for
+ these. make install handles all this.
+* Sat Oct 21 2000 Horms <horms at vergenet.net>
+- Make sure symlinks are created by using -f flag to ln.
+ Otherwise some .so libraries are copied rather than
+ linked in the resulting binary RPM. This causes the package
+ to be larger than neccessary and makes ldconfig complain.
+* Fri Oct 13 2000 Horms <horms at vergenet.net>
+- Make defattr is set for files in all packages so packages built as
+ non-root will still be installed with files owned by root.
+* Thu Sep 14 2000 Richard Levitte <richard at levitte.org>
+- Changed to adapt to the new (supported) way of making shared libraries
+- Installs all static libraries, not just libRSAglue.a
+- Extra documents now end up in a separate document package
+* Sun Feb 27 2000 Damien Miller <djm at mindrot.org>
+- Merged patches to spec
+- Updated to 0.9.5beta2 (now with manpages)
+* Sat Feb 5 2000 Michal Jaegermann <michal at harddata.com>
+- added 'linux-alpha' to configuration
+- fixed nasty absolute links
+* Tue Jan 25 2000 Bennett Todd <bet at rahul.net>
+- Added -DSSL_ALLOW_ADH, bumped Release to 4
+* Thu Oct 14 1999 Damien Miller <djm at mindrot.org>
+- Set default permissions
+- Removed documentation from devel sub-package
+* Thu Sep 30 1999 Damien Miller <djm at mindrot.org>
+- Added "make test" stage
+- GPG signed
+* Tue Sep 10 1999 Damien Miller <damien at ibs.com.au>
+- Updated to version 0.9.4
+* Tue May 25 1999 Damien Miller <damien at ibs.com.au>
+- Updated to version 0.9.3
+- Added attributes for all files
+- Paramatised openssl directory
+* Sat Mar 20 1999 Carlo M. Arenas Belon <carenas at jmconsultores.com.pe>
+- Added "official" bnrec patch and taking other out
+- making a link from ssleay to openssl binary
+- putting all changelog together on SPEC file
+* Fri Mar 5 1999 Henri Gomez <gomez at slib.fr>
+- Added bnrec patch
+* Tue Dec 29 1998 Jonathan Ruano <kobalt at james.encomix.es>
+- minimum spec and patches changes for openssl
+- modified for openssl sources
+* Sat Aug 8 1998 Khimenko Victor <khim at sch57.msk.ru>
+- shared library creating process honours $RPM_OPT_FLAGS
+- shared libarry supports threads (as well as static library)
+* Wed Jul 22 1998 Khimenko Victor <khim at sch57.msk.ru>
+- building of shared library completely reworked
+* Tue Jul 21 1998 Khimenko Victor <khim at sch57.msk.ru>
+- RPM is BuildRoot'ed
+* Tue Feb 10 1998 Khimenko Victor <khim at sch57.msk.ru>
+- all stuff is moved out of /usr/local
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/bio_ssl.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/bio_ssl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/bio_ssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,602 +0,0 @@
-/* ssl/bio_ssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-static int ssl_write(BIO *h, const char *buf, int num);
-static int ssl_read(BIO *h, char *buf, int size);
-static int ssl_puts(BIO *h, const char *str);
-static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int ssl_new(BIO *h);
-static int ssl_free(BIO *data);
-static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-typedef struct bio_ssl_st
- {
- SSL *ssl; /* The ssl handle :-) */
- /* re-negotiate every time the total number of bytes is this size */
- int num_renegotiates;
- unsigned long renegotiate_count;
- unsigned long byte_count;
- unsigned long renegotiate_timeout;
- unsigned long last_time;
- } BIO_SSL;
-
-static BIO_METHOD methods_sslp=
- {
- BIO_TYPE_SSL,"ssl",
- ssl_write,
- ssl_read,
- ssl_puts,
- NULL, /* ssl_gets, */
- ssl_ctrl,
- ssl_new,
- ssl_free,
- ssl_callback_ctrl,
- };
-
-BIO_METHOD *BIO_f_ssl(void)
- {
- return(&methods_sslp);
- }
-
-static int ssl_new(BIO *bi)
- {
- BIO_SSL *bs;
-
- bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
- if (bs == NULL)
- {
- BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- memset(bs,0,sizeof(BIO_SSL));
- bi->init=0;
- bi->ptr=(char *)bs;
- bi->flags=0;
- return(1);
- }
-
-static int ssl_free(BIO *a)
- {
- BIO_SSL *bs;
-
- if (a == NULL) return(0);
- bs=(BIO_SSL *)a->ptr;
- if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
- if (a->shutdown)
- {
- if (a->init && (bs->ssl != NULL))
- SSL_free(bs->ssl);
- a->init=0;
- a->flags=0;
- }
- if (a->ptr != NULL)
- OPENSSL_free(a->ptr);
- return(1);
- }
-
-static int ssl_read(BIO *b, char *out, int outl)
- {
- int ret=1;
- BIO_SSL *sb;
- SSL *ssl;
- int retry_reason=0;
- int r=0;
-
- if (out == NULL) return(0);
- sb=(BIO_SSL *)b->ptr;
- ssl=sb->ssl;
-
- BIO_clear_retry_flags(b);
-
-#if 0
- if (!SSL_is_init_finished(ssl))
- {
-/* ret=SSL_do_handshake(ssl); */
- if (ret > 0)
- {
-
- outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
- ret= -1;
- goto end;
- }
- }
-#endif
-/* if (ret > 0) */
- ret=SSL_read(ssl,out,outl);
-
- switch (SSL_get_error(ssl,ret))
- {
- case SSL_ERROR_NONE:
- if (ret <= 0) break;
- if (sb->renegotiate_count > 0)
- {
- sb->byte_count+=ret;
- if (sb->byte_count > sb->renegotiate_count)
- {
- sb->byte_count=0;
- sb->num_renegotiates++;
- SSL_renegotiate(ssl);
- r=1;
- }
- }
- if ((sb->renegotiate_timeout > 0) && (!r))
- {
- unsigned long tm;
-
- tm=(unsigned long)time(NULL);
- if (tm > sb->last_time+sb->renegotiate_timeout)
- {
- sb->last_time=tm;
- sb->num_renegotiates++;
- SSL_renegotiate(ssl);
- }
- }
-
- break;
- case SSL_ERROR_WANT_READ:
- BIO_set_retry_read(b);
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_set_retry_write(b);
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_SSL_X509_LOOKUP;
- break;
- case SSL_ERROR_WANT_ACCEPT:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_ACCEPT;
- break;
- case SSL_ERROR_WANT_CONNECT:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_CONNECT;
- break;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- case SSL_ERROR_ZERO_RETURN:
- default:
- break;
- }
-
- b->retry_reason=retry_reason;
- return(ret);
- }
-
-static int ssl_write(BIO *b, const char *out, int outl)
- {
- int ret,r=0;
- int retry_reason=0;
- SSL *ssl;
- BIO_SSL *bs;
-
- if (out == NULL) return(0);
- bs=(BIO_SSL *)b->ptr;
- ssl=bs->ssl;
-
- BIO_clear_retry_flags(b);
-
-/* ret=SSL_do_handshake(ssl);
- if (ret > 0) */
- ret=SSL_write(ssl,out,outl);
-
- switch (SSL_get_error(ssl,ret))
- {
- case SSL_ERROR_NONE:
- if (ret <= 0) break;
- if (bs->renegotiate_count > 0)
- {
- bs->byte_count+=ret;
- if (bs->byte_count > bs->renegotiate_count)
- {
- bs->byte_count=0;
- bs->num_renegotiates++;
- SSL_renegotiate(ssl);
- r=1;
- }
- }
- if ((bs->renegotiate_timeout > 0) && (!r))
- {
- unsigned long tm;
-
- tm=(unsigned long)time(NULL);
- if (tm > bs->last_time+bs->renegotiate_timeout)
- {
- bs->last_time=tm;
- bs->num_renegotiates++;
- SSL_renegotiate(ssl);
- }
- }
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_set_retry_write(b);
- break;
- case SSL_ERROR_WANT_READ:
- BIO_set_retry_read(b);
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_SSL_X509_LOOKUP;
- break;
- case SSL_ERROR_WANT_CONNECT:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_CONNECT;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- default:
- break;
- }
-
- b->retry_reason=retry_reason;
- return(ret);
- }
-
-static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- SSL **sslp,*ssl;
- BIO_SSL *bs;
- BIO *dbio,*bio;
- long ret=1;
-
- bs=(BIO_SSL *)b->ptr;
- ssl=bs->ssl;
- if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
- return(0);
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- SSL_shutdown(ssl);
-
- if (ssl->handshake_func == ssl->method->ssl_connect)
- SSL_set_connect_state(ssl);
- else if (ssl->handshake_func == ssl->method->ssl_accept)
- SSL_set_accept_state(ssl);
-
- SSL_clear(ssl);
-
- if (b->next_bio != NULL)
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- else if (ssl->rbio != NULL)
- ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
- else
- ret=1;
- break;
- case BIO_CTRL_INFO:
- ret=0;
- break;
- case BIO_C_SSL_MODE:
- if (num) /* client mode */
- SSL_set_connect_state(ssl);
- else
- SSL_set_accept_state(ssl);
- break;
- case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
- ret=bs->renegotiate_timeout;
- if (num < 60) num=5;
- bs->renegotiate_timeout=(unsigned long)num;
- bs->last_time=(unsigned long)time(NULL);
- break;
- case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
- ret=bs->renegotiate_count;
- if ((long)num >=512)
- bs->renegotiate_count=(unsigned long)num;
- break;
- case BIO_C_GET_SSL_NUM_RENEGOTIATES:
- ret=bs->num_renegotiates;
- break;
- case BIO_C_SET_SSL:
- if (ssl != NULL)
- {
- ssl_free(b);
- if (!ssl_new(b))
- return 0;
- }
- b->shutdown=(int)num;
- ssl=(SSL *)ptr;
- ((BIO_SSL *)b->ptr)->ssl=ssl;
- bio=SSL_get_rbio(ssl);
- if (bio != NULL)
- {
- if (b->next_bio != NULL)
- BIO_push(bio,b->next_bio);
- b->next_bio=bio;
- CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
- }
- b->init=1;
- break;
- case BIO_C_GET_SSL:
- if (ptr != NULL)
- {
- sslp=(SSL **)ptr;
- *sslp=ssl;
- }
- else
- ret=0;
- break;
- case BIO_CTRL_GET_CLOSE:
- ret=b->shutdown;
- break;
- case BIO_CTRL_SET_CLOSE:
- b->shutdown=(int)num;
- break;
- case BIO_CTRL_WPENDING:
- ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
- break;
- case BIO_CTRL_PENDING:
- ret=SSL_pending(ssl);
- if (ret == 0)
- ret=BIO_pending(ssl->rbio);
- break;
- case BIO_CTRL_FLUSH:
- BIO_clear_retry_flags(b);
- ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
- BIO_copy_next_retry(b);
- break;
- case BIO_CTRL_PUSH:
- if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
- {
- SSL_set_bio(ssl,b->next_bio,b->next_bio);
- CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
- }
- break;
- case BIO_CTRL_POP:
- /* ugly bit of a hack */
- if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */
- {
- BIO_free_all(ssl->wbio);
- }
- if (b->next_bio != NULL)
- {
- CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
- }
- ssl->wbio=NULL;
- ssl->rbio=NULL;
- break;
- case BIO_C_DO_STATE_MACHINE:
- BIO_clear_retry_flags(b);
-
- b->retry_reason=0;
- ret=(int)SSL_do_handshake(ssl);
-
- switch (SSL_get_error(ssl,(int)ret))
- {
- case SSL_ERROR_WANT_READ:
- BIO_set_flags(b,
- BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_set_flags(b,
- BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
- break;
- case SSL_ERROR_WANT_CONNECT:
- BIO_set_flags(b,
- BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
- b->retry_reason=b->next_bio->retry_reason;
- break;
- default:
- break;
- }
- break;
- case BIO_CTRL_DUP:
- dbio=(BIO *)ptr;
- if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
- SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
- ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
- ((BIO_SSL *)dbio->ptr)->renegotiate_count=
- ((BIO_SSL *)b->ptr)->renegotiate_count;
- ((BIO_SSL *)dbio->ptr)->byte_count=
- ((BIO_SSL *)b->ptr)->byte_count;
- ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
- ((BIO_SSL *)b->ptr)->renegotiate_timeout;
- ((BIO_SSL *)dbio->ptr)->last_time=
- ((BIO_SSL *)b->ptr)->last_time;
- ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
- break;
- case BIO_C_GET_FD:
- ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
- break;
- case BIO_CTRL_SET_CALLBACK:
- {
-#if 0 /* FIXME: Should this be used? -- Richard Levitte */
- SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- ret = -1;
-#else
- ret=0;
-#endif
- }
- break;
- case BIO_CTRL_GET_CALLBACK:
- {
- void (**fptr)(const SSL *xssl,int type,int val);
-
- fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
- *fptr=SSL_get_info_callback(ssl);
- }
- break;
- default:
- ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
- break;
- }
- return(ret);
- }
-
-static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- SSL *ssl;
- BIO_SSL *bs;
- long ret=1;
-
- bs=(BIO_SSL *)b->ptr;
- ssl=bs->ssl;
- switch (cmd)
- {
- case BIO_CTRL_SET_CALLBACK:
- {
- /* FIXME: setting this via a completely different prototype
- seems like a crap idea */
- SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
- }
- break;
- default:
- ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
- break;
- }
- return(ret);
- }
-
-static int ssl_puts(BIO *bp, const char *str)
- {
- int n,ret;
-
- n=strlen(str);
- ret=BIO_write(bp,str,n);
- return(ret);
- }
-
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
- {
-#ifndef OPENSSL_NO_SOCK
- BIO *ret=NULL,*buf=NULL,*ssl=NULL;
-
- if ((buf=BIO_new(BIO_f_buffer())) == NULL)
- return(NULL);
- if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
- goto err;
- if ((ret=BIO_push(buf,ssl)) == NULL)
- goto err;
- return(ret);
-err:
- if (buf != NULL) BIO_free(buf);
- if (ssl != NULL) BIO_free(ssl);
-#endif
- return(NULL);
- }
-
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
- {
- BIO *ret=NULL,*con=NULL,*ssl=NULL;
-
- if ((con=BIO_new(BIO_s_connect())) == NULL)
- return(NULL);
- if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
- goto err;
- if ((ret=BIO_push(ssl,con)) == NULL)
- goto err;
- return(ret);
-err:
- if (con != NULL) BIO_free(con);
- if (ret != NULL) BIO_free(ret);
- return(NULL);
- }
-
-BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
- {
- BIO *ret;
- SSL *ssl;
-
- if ((ret=BIO_new(BIO_f_ssl())) == NULL)
- return(NULL);
- if ((ssl=SSL_new(ctx)) == NULL)
- {
- BIO_free(ret);
- return(NULL);
- }
- if (client)
- SSL_set_connect_state(ssl);
- else
- SSL_set_accept_state(ssl);
-
- BIO_set_ssl(ret,ssl,BIO_CLOSE);
- return(ret);
- }
-
-int BIO_ssl_copy_session_id(BIO *t, BIO *f)
- {
- t=BIO_find_type(t,BIO_TYPE_SSL);
- f=BIO_find_type(f,BIO_TYPE_SSL);
- if ((t == NULL) || (f == NULL))
- return(0);
- if ( (((BIO_SSL *)t->ptr)->ssl == NULL) ||
- (((BIO_SSL *)f->ptr)->ssl == NULL))
- return(0);
- SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
- return(1);
- }
-
-void BIO_ssl_shutdown(BIO *b)
- {
- SSL *s;
-
- while (b != NULL)
- {
- if (b->method->type == BIO_TYPE_SSL)
- {
- s=((BIO_SSL *)b->ptr)->ssl;
- SSL_shutdown(s);
- break;
- }
- b=b->next_bio;
- }
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/bio_ssl.c (from rev 6976, vendor-crypto/openssl/dist/ssl/bio_ssl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/bio_ssl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/bio_ssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,583 @@
+/* ssl/bio_ssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+static int ssl_write(BIO *h, const char *buf, int num);
+static int ssl_read(BIO *h, char *buf, int size);
+static int ssl_puts(BIO *h, const char *str);
+static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ssl_new(BIO *h);
+static int ssl_free(BIO *data);
+static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+typedef struct bio_ssl_st {
+ SSL *ssl; /* The ssl handle :-) */
+ /* re-negotiate every time the total number of bytes is this size */
+ int num_renegotiates;
+ unsigned long renegotiate_count;
+ unsigned long byte_count;
+ unsigned long renegotiate_timeout;
+ unsigned long last_time;
+} BIO_SSL;
+
+static BIO_METHOD methods_sslp = {
+ BIO_TYPE_SSL, "ssl",
+ ssl_write,
+ ssl_read,
+ ssl_puts,
+ NULL, /* ssl_gets, */
+ ssl_ctrl,
+ ssl_new,
+ ssl_free,
+ ssl_callback_ctrl,
+};
+
+BIO_METHOD *BIO_f_ssl(void)
+{
+ return (&methods_sslp);
+}
+
+static int ssl_new(BIO *bi)
+{
+ BIO_SSL *bs;
+
+ bs = (BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
+ if (bs == NULL) {
+ BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ memset(bs, 0, sizeof(BIO_SSL));
+ bi->init = 0;
+ bi->ptr = (char *)bs;
+ bi->flags = 0;
+ return (1);
+}
+
+static int ssl_free(BIO *a)
+{
+ BIO_SSL *bs;
+
+ if (a == NULL)
+ return (0);
+ bs = (BIO_SSL *)a->ptr;
+ if (bs->ssl != NULL)
+ SSL_shutdown(bs->ssl);
+ if (a->shutdown) {
+ if (a->init && (bs->ssl != NULL))
+ SSL_free(bs->ssl);
+ a->init = 0;
+ a->flags = 0;
+ }
+ if (a->ptr != NULL)
+ OPENSSL_free(a->ptr);
+ return (1);
+}
+
+static int ssl_read(BIO *b, char *out, int outl)
+{
+ int ret = 1;
+ BIO_SSL *sb;
+ SSL *ssl;
+ int retry_reason = 0;
+ int r = 0;
+
+ if (out == NULL)
+ return (0);
+ sb = (BIO_SSL *)b->ptr;
+ ssl = sb->ssl;
+
+ BIO_clear_retry_flags(b);
+
+#if 0
+ if (!SSL_is_init_finished(ssl)) {
+/* ret=SSL_do_handshake(ssl); */
+ if (ret > 0) {
+
+ outflags = (BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
+ ret = -1;
+ goto end;
+ }
+ }
+#endif
+/* if (ret > 0) */
+ ret = SSL_read(ssl, out, outl);
+
+ switch (SSL_get_error(ssl, ret)) {
+ case SSL_ERROR_NONE:
+ if (ret <= 0)
+ break;
+ if (sb->renegotiate_count > 0) {
+ sb->byte_count += ret;
+ if (sb->byte_count > sb->renegotiate_count) {
+ sb->byte_count = 0;
+ sb->num_renegotiates++;
+ SSL_renegotiate(ssl);
+ r = 1;
+ }
+ }
+ if ((sb->renegotiate_timeout > 0) && (!r)) {
+ unsigned long tm;
+
+ tm = (unsigned long)time(NULL);
+ if (tm > sb->last_time + sb->renegotiate_timeout) {
+ sb->last_time = tm;
+ sb->num_renegotiates++;
+ SSL_renegotiate(ssl);
+ }
+ }
+
+ break;
+ case SSL_ERROR_WANT_READ:
+ BIO_set_retry_read(b);
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ BIO_set_retry_write(b);
+ break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_set_retry_special(b);
+ retry_reason = BIO_RR_SSL_X509_LOOKUP;
+ break;
+ case SSL_ERROR_WANT_ACCEPT:
+ BIO_set_retry_special(b);
+ retry_reason = BIO_RR_ACCEPT;
+ break;
+ case SSL_ERROR_WANT_CONNECT:
+ BIO_set_retry_special(b);
+ retry_reason = BIO_RR_CONNECT;
+ break;
+ case SSL_ERROR_SYSCALL:
+ case SSL_ERROR_SSL:
+ case SSL_ERROR_ZERO_RETURN:
+ default:
+ break;
+ }
+
+ b->retry_reason = retry_reason;
+ return (ret);
+}
+
+static int ssl_write(BIO *b, const char *out, int outl)
+{
+ int ret, r = 0;
+ int retry_reason = 0;
+ SSL *ssl;
+ BIO_SSL *bs;
+
+ if (out == NULL)
+ return (0);
+ bs = (BIO_SSL *)b->ptr;
+ ssl = bs->ssl;
+
+ BIO_clear_retry_flags(b);
+
+ /*
+ * ret=SSL_do_handshake(ssl); if (ret > 0)
+ */
+ ret = SSL_write(ssl, out, outl);
+
+ switch (SSL_get_error(ssl, ret)) {
+ case SSL_ERROR_NONE:
+ if (ret <= 0)
+ break;
+ if (bs->renegotiate_count > 0) {
+ bs->byte_count += ret;
+ if (bs->byte_count > bs->renegotiate_count) {
+ bs->byte_count = 0;
+ bs->num_renegotiates++;
+ SSL_renegotiate(ssl);
+ r = 1;
+ }
+ }
+ if ((bs->renegotiate_timeout > 0) && (!r)) {
+ unsigned long tm;
+
+ tm = (unsigned long)time(NULL);
+ if (tm > bs->last_time + bs->renegotiate_timeout) {
+ bs->last_time = tm;
+ bs->num_renegotiates++;
+ SSL_renegotiate(ssl);
+ }
+ }
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ BIO_set_retry_write(b);
+ break;
+ case SSL_ERROR_WANT_READ:
+ BIO_set_retry_read(b);
+ break;
+ case SSL_ERROR_WANT_X509_LOOKUP:
+ BIO_set_retry_special(b);
+ retry_reason = BIO_RR_SSL_X509_LOOKUP;
+ break;
+ case SSL_ERROR_WANT_CONNECT:
+ BIO_set_retry_special(b);
+ retry_reason = BIO_RR_CONNECT;
+ case SSL_ERROR_SYSCALL:
+ case SSL_ERROR_SSL:
+ default:
+ break;
+ }
+
+ b->retry_reason = retry_reason;
+ return (ret);
+}
+
+static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ SSL **sslp, *ssl;
+ BIO_SSL *bs;
+ BIO *dbio, *bio;
+ long ret = 1;
+
+ bs = (BIO_SSL *)b->ptr;
+ ssl = bs->ssl;
+ if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
+ return (0);
+ switch (cmd) {
+ case BIO_CTRL_RESET:
+ SSL_shutdown(ssl);
+
+ if (ssl->handshake_func == ssl->method->ssl_connect)
+ SSL_set_connect_state(ssl);
+ else if (ssl->handshake_func == ssl->method->ssl_accept)
+ SSL_set_accept_state(ssl);
+
+ SSL_clear(ssl);
+
+ if (b->next_bio != NULL)
+ ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+ else if (ssl->rbio != NULL)
+ ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
+ else
+ ret = 1;
+ break;
+ case BIO_CTRL_INFO:
+ ret = 0;
+ break;
+ case BIO_C_SSL_MODE:
+ if (num) /* client mode */
+ SSL_set_connect_state(ssl);
+ else
+ SSL_set_accept_state(ssl);
+ break;
+ case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
+ ret = bs->renegotiate_timeout;
+ if (num < 60)
+ num = 5;
+ bs->renegotiate_timeout = (unsigned long)num;
+ bs->last_time = (unsigned long)time(NULL);
+ break;
+ case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
+ ret = bs->renegotiate_count;
+ if ((long)num >= 512)
+ bs->renegotiate_count = (unsigned long)num;
+ break;
+ case BIO_C_GET_SSL_NUM_RENEGOTIATES:
+ ret = bs->num_renegotiates;
+ break;
+ case BIO_C_SET_SSL:
+ if (ssl != NULL) {
+ ssl_free(b);
+ if (!ssl_new(b))
+ return 0;
+ }
+ b->shutdown = (int)num;
+ ssl = (SSL *)ptr;
+ ((BIO_SSL *)b->ptr)->ssl = ssl;
+ bio = SSL_get_rbio(ssl);
+ if (bio != NULL) {
+ if (b->next_bio != NULL)
+ BIO_push(bio, b->next_bio);
+ b->next_bio = bio;
+ CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
+ }
+ b->init = 1;
+ break;
+ case BIO_C_GET_SSL:
+ if (ptr != NULL) {
+ sslp = (SSL **)ptr;
+ *sslp = ssl;
+ } else
+ ret = 0;
+ break;
+ case BIO_CTRL_GET_CLOSE:
+ ret = b->shutdown;
+ break;
+ case BIO_CTRL_SET_CLOSE:
+ b->shutdown = (int)num;
+ break;
+ case BIO_CTRL_WPENDING:
+ ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_PENDING:
+ ret = SSL_pending(ssl);
+ if (ret == 0)
+ ret = BIO_pending(ssl->rbio);
+ break;
+ case BIO_CTRL_FLUSH:
+ BIO_clear_retry_flags(b);
+ ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
+ BIO_copy_next_retry(b);
+ break;
+ case BIO_CTRL_PUSH:
+ if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
+ SSL_set_bio(ssl, b->next_bio, b->next_bio);
+ CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO);
+ }
+ break;
+ case BIO_CTRL_POP:
+ /* ugly bit of a hack */
+ if (ssl->rbio != ssl->wbio) { /* we are in trouble :-( */
+ BIO_free_all(ssl->wbio);
+ }
+ if (b->next_bio != NULL) {
+ CRYPTO_add(&b->next_bio->references, 1, CRYPTO_LOCK_BIO);
+ }
+ ssl->wbio = NULL;
+ ssl->rbio = NULL;
+ break;
+ case BIO_C_DO_STATE_MACHINE:
+ BIO_clear_retry_flags(b);
+
+ b->retry_reason = 0;
+ ret = (int)SSL_do_handshake(ssl);
+
+ switch (SSL_get_error(ssl, (int)ret)) {
+ case SSL_ERROR_WANT_READ:
+ BIO_set_flags(b, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
+ break;
+ case SSL_ERROR_WANT_WRITE:
+ BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
+ break;
+ case SSL_ERROR_WANT_CONNECT:
+ BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
+ b->retry_reason = b->next_bio->retry_reason;
+ break;
+ default:
+ break;
+ }
+ break;
+ case BIO_CTRL_DUP:
+ dbio = (BIO *)ptr;
+ if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
+ SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
+ ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl);
+ ((BIO_SSL *)dbio->ptr)->renegotiate_count =
+ ((BIO_SSL *)b->ptr)->renegotiate_count;
+ ((BIO_SSL *)dbio->ptr)->byte_count = ((BIO_SSL *)b->ptr)->byte_count;
+ ((BIO_SSL *)dbio->ptr)->renegotiate_timeout =
+ ((BIO_SSL *)b->ptr)->renegotiate_timeout;
+ ((BIO_SSL *)dbio->ptr)->last_time = ((BIO_SSL *)b->ptr)->last_time;
+ ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL);
+ break;
+ case BIO_C_GET_FD:
+ ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
+ break;
+ case BIO_CTRL_SET_CALLBACK:
+ {
+#if 0 /* FIXME: Should this be used? -- Richard
+ * Levitte */
+ SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ ret = -1;
+#else
+ ret = 0;
+#endif
+ }
+ break;
+ case BIO_CTRL_GET_CALLBACK:
+ {
+ void (**fptr) (const SSL *xssl, int type, int val);
+
+ fptr = (void (**)(const SSL *xssl, int type, int val))ptr;
+ *fptr = SSL_get_info_callback(ssl);
+ }
+ break;
+ default:
+ ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
+ break;
+ }
+ return (ret);
+}
+
+static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+{
+ SSL *ssl;
+ BIO_SSL *bs;
+ long ret = 1;
+
+ bs = (BIO_SSL *)b->ptr;
+ ssl = bs->ssl;
+ switch (cmd) {
+ case BIO_CTRL_SET_CALLBACK:
+ {
+ /*
+ * FIXME: setting this via a completely different prototype seems
+ * like a crap idea
+ */
+ SSL_set_info_callback(ssl, (void (*)(const SSL *, int, int))fp);
+ }
+ break;
+ default:
+ ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
+ break;
+ }
+ return (ret);
+}
+
+static int ssl_puts(BIO *bp, const char *str)
+{
+ int n, ret;
+
+ n = strlen(str);
+ ret = BIO_write(bp, str, n);
+ return (ret);
+}
+
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
+{
+#ifndef OPENSSL_NO_SOCK
+ BIO *ret = NULL, *buf = NULL, *ssl = NULL;
+
+ if ((buf = BIO_new(BIO_f_buffer())) == NULL)
+ return (NULL);
+ if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
+ goto err;
+ if ((ret = BIO_push(buf, ssl)) == NULL)
+ goto err;
+ return (ret);
+ err:
+ if (buf != NULL)
+ BIO_free(buf);
+ if (ssl != NULL)
+ BIO_free(ssl);
+#endif
+ return (NULL);
+}
+
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
+{
+ BIO *ret = NULL, *con = NULL, *ssl = NULL;
+
+ if ((con = BIO_new(BIO_s_connect())) == NULL)
+ return (NULL);
+ if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
+ goto err;
+ if ((ret = BIO_push(ssl, con)) == NULL)
+ goto err;
+ return (ret);
+ err:
+ if (con != NULL)
+ BIO_free(con);
+ if (ret != NULL)
+ BIO_free(ret);
+ return (NULL);
+}
+
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
+{
+ BIO *ret;
+ SSL *ssl;
+
+ if ((ret = BIO_new(BIO_f_ssl())) == NULL)
+ return (NULL);
+ if ((ssl = SSL_new(ctx)) == NULL) {
+ BIO_free(ret);
+ return (NULL);
+ }
+ if (client)
+ SSL_set_connect_state(ssl);
+ else
+ SSL_set_accept_state(ssl);
+
+ BIO_set_ssl(ret, ssl, BIO_CLOSE);
+ return (ret);
+}
+
+int BIO_ssl_copy_session_id(BIO *t, BIO *f)
+{
+ t = BIO_find_type(t, BIO_TYPE_SSL);
+ f = BIO_find_type(f, BIO_TYPE_SSL);
+ if ((t == NULL) || (f == NULL))
+ return (0);
+ if ((((BIO_SSL *)t->ptr)->ssl == NULL) ||
+ (((BIO_SSL *)f->ptr)->ssl == NULL))
+ return (0);
+ SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, ((BIO_SSL *)f->ptr)->ssl);
+ return (1);
+}
+
+void BIO_ssl_shutdown(BIO *b)
+{
+ SSL *s;
+
+ while (b != NULL) {
+ if (b->method->type == BIO_TYPE_SSL) {
+ s = ((BIO_SSL *)b->ptr)->ssl;
+ SSL_shutdown(s);
+ break;
+ }
+ b = b->next_bio;
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/d1_both.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/d1_both.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_both.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1457 +0,0 @@
-/* ssl/d1_both.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <limits.h>
-#include <string.h>
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
-
-#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
- if ((end) - (start) <= 8) { \
- long ii; \
- for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
- } else { \
- long ii; \
- bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
- for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
- bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
- } }
-
-#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
- long ii; \
- OPENSSL_assert((msg_len) > 0); \
- is_complete = 1; \
- if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
- if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
- if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
-
-#if 0
-#define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
- long ii; \
- printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
- printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
- printf("\n"); }
-#endif
-
-static unsigned char bitmask_start_values[] = {0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80};
-static unsigned char bitmask_end_values[] = {0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f};
-
-/* XDTLS: figure out the right values */
-static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
-
-static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
-static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
- unsigned long frag_len);
-static unsigned char *dtls1_write_message_header(SSL *s,
- unsigned char *p);
-static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
- unsigned long len, unsigned short seq_num, unsigned long frag_off,
- unsigned long frag_len);
-static long dtls1_get_message_fragment(SSL *s, int st1, int stn,
- long max, int *ok);
-
-static hm_fragment *
-dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
- {
- hm_fragment *frag = NULL;
- unsigned char *buf = NULL;
- unsigned char *bitmask = NULL;
-
- frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
- if ( frag == NULL)
- return NULL;
-
- if (frag_len)
- {
- buf = (unsigned char *)OPENSSL_malloc(frag_len);
- if ( buf == NULL)
- {
- OPENSSL_free(frag);
- return NULL;
- }
- }
-
- /* zero length fragment gets zero frag->fragment */
- frag->fragment = buf;
-
- /* Initialize reassembly bitmask if necessary */
- if (reassembly)
- {
- bitmask = (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
- if (bitmask == NULL)
- {
- if (buf != NULL) OPENSSL_free(buf);
- OPENSSL_free(frag);
- return NULL;
- }
- memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
- }
-
- frag->reassembly = bitmask;
-
- return frag;
- }
-
-static void
-dtls1_hm_fragment_free(hm_fragment *frag)
- {
- if (frag->fragment) OPENSSL_free(frag->fragment);
- if (frag->reassembly) OPENSSL_free(frag->reassembly);
- OPENSSL_free(frag);
- }
-
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
-int dtls1_do_write(SSL *s, int type)
- {
- int ret;
- int curr_mtu;
- unsigned int len, frag_off, mac_size, blocksize;
-
- /* AHA! Figure out the MTU, and stick to the right size */
- if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
- {
- s->d1->mtu =
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-
- /* I've seen the kernel return bogus numbers when it doesn't know
- * (initial write), so just make sure we have a reasonable number */
- if (s->d1->mtu < dtls1_min_mtu())
- {
- s->d1->mtu = 0;
- s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
- s->d1->mtu, NULL);
- }
- }
-#if 0
- mtu = s->d1->mtu;
-
- fprintf(stderr, "using MTU = %d\n", mtu);
-
- mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
-
- curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
-
- if ( curr_mtu > 0)
- mtu = curr_mtu;
- else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
- return ret;
-
- if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)
- {
- ret = BIO_flush(SSL_get_wbio(s));
- if ( ret <= 0)
- return ret;
- mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
- }
-#endif
-
- OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something reasonable now */
-
- if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
- OPENSSL_assert(s->init_num ==
- (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
-
- if (s->write_hash)
- mac_size = EVP_MD_size(s->write_hash);
- else
- mac_size = 0;
-
- if (s->enc_write_ctx &&
- (EVP_CIPHER_mode( s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
- blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
- else
- blocksize = 0;
-
- frag_off = 0;
- while( s->init_num)
- {
- curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
- DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
-
- if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
- {
- /* grr.. we could get an error if MTU picked was wrong */
- ret = BIO_flush(SSL_get_wbio(s));
- if ( ret <= 0)
- return ret;
- curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
- mac_size - blocksize;
- }
-
- if ( s->init_num > curr_mtu)
- len = curr_mtu;
- else
- len = s->init_num;
-
-
- /* XDTLS: this function is too long. split out the CCS part */
- if ( type == SSL3_RT_HANDSHAKE)
- {
- if ( s->init_off != 0)
- {
- OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
- s->init_off -= DTLS1_HM_HEADER_LENGTH;
- s->init_num += DTLS1_HM_HEADER_LENGTH;
-
- if ( s->init_num > curr_mtu)
- len = curr_mtu;
- else
- len = s->init_num;
- }
-
- dtls1_fix_message_header(s, frag_off,
- len - DTLS1_HM_HEADER_LENGTH);
-
- dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
-
- OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
- }
-
- ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
- len);
- if (ret < 0)
- {
- /* might need to update MTU here, but we don't know
- * which previous packet caused the failure -- so can't
- * really retransmit anything. continue as if everything
- * is fine and wait for an alert to handle the
- * retransmit
- */
- if ( BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0 )
- s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
- else
- return(-1);
- }
- else
- {
-
- /* bad if this assert fails, only part of the handshake
- * message got sent. but why would this happen? */
- OPENSSL_assert(len == (unsigned int)ret);
-
- if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
- {
- /* should not be done for 'Hello Request's, but in that case
- * we'll ignore the result anyway */
- unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
- const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
- int xlen;
-
- if (frag_off == 0 && s->client_version != DTLS1_BAD_VER)
- {
- /* reconstruct message header is if it
- * is being sent in single fragment */
- *p++ = msg_hdr->type;
- l2n3(msg_hdr->msg_len,p);
- s2n (msg_hdr->seq,p);
- l2n3(0,p);
- l2n3(msg_hdr->msg_len,p);
- p -= DTLS1_HM_HEADER_LENGTH;
- xlen = ret;
- }
- else
- {
- p += DTLS1_HM_HEADER_LENGTH;
- xlen = ret - DTLS1_HM_HEADER_LENGTH;
- }
-
- ssl3_finish_mac(s, p, xlen);
- }
-
- if (ret == s->init_num)
- {
- if (s->msg_callback)
- s->msg_callback(1, s->version, type, s->init_buf->data,
- (size_t)(s->init_off + s->init_num), s,
- s->msg_callback_arg);
-
- s->init_off = 0; /* done writing this message */
- s->init_num = 0;
-
- return(1);
- }
- s->init_off+=ret;
- s->init_num-=ret;
- frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
- }
- }
- return(0);
- }
-
-
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
- * maximum acceptable body length 'max'.
- * Read an entire handshake message. Handshake messages arrive in
- * fragments.
- */
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
- {
- int i, al;
- struct hm_header_st *msg_hdr;
- unsigned char *p;
- unsigned long msg_len;
-
- /* s3->tmp is used to store messages that are unexpected, caused
- * by the absence of an optional handshake message */
- if (s->s3->tmp.reuse_message)
- {
- s->s3->tmp.reuse_message=0;
- if ((mt >= 0) && (s->s3->tmp.message_type != mt))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
- *ok=1;
- s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
- s->init_num = (int)s->s3->tmp.message_size;
- return s->init_num;
- }
-
- msg_hdr = &s->d1->r_msg_hdr;
- memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-
-again:
- i = dtls1_get_message_fragment(s, st1, stn, max, ok);
- if ( i == DTLS1_HM_BAD_FRAGMENT ||
- i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
- goto again;
- else if ( i <= 0 && !*ok)
- return i;
-
- p = (unsigned char *)s->init_buf->data;
- msg_len = msg_hdr->msg_len;
-
- /* reconstruct message header */
- *(p++) = msg_hdr->type;
- l2n3(msg_len,p);
- s2n (msg_hdr->seq,p);
- l2n3(0,p);
- l2n3(msg_len,p);
- if (s->version != DTLS1_BAD_VER) {
- p -= DTLS1_HM_HEADER_LENGTH;
- msg_len += DTLS1_HM_HEADER_LENGTH;
- }
-
- ssl3_finish_mac(s, p, msg_len);
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- p, msg_len,
- s, s->msg_callback_arg);
-
- memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-
- /* Don't change sequence numbers while listening */
- if (!s->d1->listen)
- s->d1->handshake_read_seq++;
-
- s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
- return s->init_num;
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- *ok = 0;
- return -1;
- }
-
-
-static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max)
- {
- size_t frag_off,frag_len,msg_len;
-
- msg_len = msg_hdr->msg_len;
- frag_off = msg_hdr->frag_off;
- frag_len = msg_hdr->frag_len;
-
- /* sanity checking */
- if ( (frag_off+frag_len) > msg_len)
- {
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- return SSL_AD_ILLEGAL_PARAMETER;
- }
-
- if ( (frag_off+frag_len) > (unsigned long)max)
- {
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- return SSL_AD_ILLEGAL_PARAMETER;
- }
-
- if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
- {
- /* msg_len is limited to 2^24, but is effectively checked
- * against max above */
- if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER_LENGTH))
- {
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
- return SSL_AD_INTERNAL_ERROR;
- }
-
- s->s3->tmp.message_size = msg_len;
- s->d1->r_msg_hdr.msg_len = msg_len;
- s->s3->tmp.message_type = msg_hdr->type;
- s->d1->r_msg_hdr.type = msg_hdr->type;
- s->d1->r_msg_hdr.seq = msg_hdr->seq;
- }
- else if (msg_len != s->d1->r_msg_hdr.msg_len)
- {
- /* They must be playing with us! BTW, failure to enforce
- * upper limit would open possibility for buffer overrun. */
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- return SSL_AD_ILLEGAL_PARAMETER;
- }
-
- return 0; /* no error */
- }
-
-
-static int
-dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
- {
- /* (0) check whether the desired fragment is available
- * if so:
- * (1) copy over the fragment to s->init_buf->data[]
- * (2) update s->init_num
- */
- pitem *item;
- hm_fragment *frag;
- int al;
-
- *ok = 0;
- item = pqueue_peek(s->d1->buffered_messages);
- if ( item == NULL)
- return 0;
-
- frag = (hm_fragment *)item->data;
-
- /* Don't return if reassembly still in progress */
- if (frag->reassembly != NULL)
- return 0;
-
- if ( s->d1->handshake_read_seq == frag->msg_header.seq)
- {
- unsigned long frag_len = frag->msg_header.frag_len;
- pqueue_pop(s->d1->buffered_messages);
-
- al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
-
- if (al==0) /* no alert */
- {
- unsigned char *p = (unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
- memcpy(&p[frag->msg_header.frag_off],
- frag->fragment,frag->msg_header.frag_len);
- }
-
- dtls1_hm_fragment_free(frag);
- pitem_free(item);
-
- if (al==0)
- {
- *ok = 1;
- return frag_len;
- }
-
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- s->init_num = 0;
- *ok = 0;
- return -1;
- }
- else
- return 0;
- }
-
-/* dtls1_max_handshake_message_len returns the maximum number of bytes
- * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but may
- * be greater if the maximum certificate list size requires it. */
-static unsigned long dtls1_max_handshake_message_len(const SSL *s)
- {
- unsigned long max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
- if (max_len < (unsigned long)s->max_cert_list)
- return s->max_cert_list;
- return max_len;
- }
-
-static int
-dtls1_reassemble_fragment(SSL *s, const struct hm_header_st* msg_hdr, int *ok)
- {
- hm_fragment *frag = NULL;
- pitem *item = NULL;
- int i = -1, is_complete;
- PQ_64BIT seq64;
- unsigned long frag_len = msg_hdr->frag_len;
-
- if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len ||
- msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
- goto err;
-
- if (frag_len == 0)
- return DTLS1_HM_FRAGMENT_RETRY;
-
- /* Try to find item in queue */
- pq_64bit_init(&seq64);
- pq_64bit_assign_word(&seq64, msg_hdr->seq);
- item = pqueue_find(s->d1->buffered_messages, seq64);
- pq_64bit_free(&seq64);
-
- if (item == NULL)
- {
- frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
- if ( frag == NULL)
- goto err;
- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
- frag->msg_header.frag_len = frag->msg_header.msg_len;
- frag->msg_header.frag_off = 0;
- }
- else
- {
- frag = (hm_fragment*) item->data;
- if (frag->msg_header.msg_len != msg_hdr->msg_len)
- {
- item = NULL;
- frag = NULL;
- goto err;
- }
- }
-
-
- /* If message is already reassembled, this must be a
- * retransmit and can be dropped. In this case item != NULL and so frag
- * does not need to be freed.
- */
- if (frag->reassembly == NULL)
- {
- unsigned char devnull [256];
-
- while (frag_len)
- {
- i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- devnull,
- frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
- if (i<=0) goto err;
- frag_len -= i;
- }
- return DTLS1_HM_FRAGMENT_RETRY;
- }
-
- /* read the body of the fragment (header has already been read */
- i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- frag->fragment + msg_hdr->frag_off,frag_len,0);
- if ((unsigned long)i!=frag_len)
- i=-1;
- if (i<=0)
- goto err;
-
- RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
- (long)(msg_hdr->frag_off + frag_len));
-
- RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
- is_complete);
-
- if (is_complete)
- {
- OPENSSL_free(frag->reassembly);
- frag->reassembly = NULL;
- }
-
- if (item == NULL)
- {
- pq_64bit_init(&seq64);
- pq_64bit_assign_word(&seq64, msg_hdr->seq);
- item = pitem_new(seq64, frag);
- pq_64bit_free(&seq64);
-
- if (item == NULL)
- {
- i = -1;
- goto err;
- }
-
- item = pqueue_insert(s->d1->buffered_messages, item);
- /* pqueue_insert fails iff a duplicate item is inserted.
- * However, |item| cannot be a duplicate. If it were,
- * |pqueue_find|, above, would have returned it and control
- * would never have reached this branch. */
- OPENSSL_assert(item != NULL);
- }
-
- return DTLS1_HM_FRAGMENT_RETRY;
-
-err:
- if (frag != NULL && item == NULL) dtls1_hm_fragment_free(frag);
- *ok = 0;
- return i;
- }
-
-
-static int
-dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st* msg_hdr, int *ok)
-{
- int i=-1;
- hm_fragment *frag = NULL;
- pitem *item = NULL;
- PQ_64BIT seq64;
- unsigned long frag_len = msg_hdr->frag_len;
-
- if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
- goto err;
-
- /* Try to find item in queue, to prevent duplicate entries */
- pq_64bit_init(&seq64);
- pq_64bit_assign_word(&seq64, msg_hdr->seq);
- item = pqueue_find(s->d1->buffered_messages, seq64);
- pq_64bit_free(&seq64);
-
- /* If we already have an entry and this one is a fragment,
- * don't discard it and rather try to reassemble it.
- */
- if (item != NULL && frag_len != msg_hdr->msg_len)
- item = NULL;
-
- /* Discard the message if sequence number was already there, is
- * too far in the future, already in the queue or if we received
- * a FINISHED before the SERVER_HELLO, which then must be a stale
- * retransmit.
- */
- if (msg_hdr->seq <= s->d1->handshake_read_seq ||
- msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
- (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
- {
- unsigned char devnull [256];
-
- while (frag_len)
- {
- i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- devnull,
- frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
- if (i<=0) goto err;
- frag_len -= i;
- }
- }
- else
- {
- if (frag_len != msg_hdr->msg_len)
- return dtls1_reassemble_fragment(s, msg_hdr, ok);
-
- if (frag_len > dtls1_max_handshake_message_len(s))
- goto err;
-
- frag = dtls1_hm_fragment_new(frag_len, 0);
- if ( frag == NULL)
- goto err;
-
- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
-
- if (frag_len)
- {
- /* read the body of the fragment (header has already been read) */
- i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- frag->fragment,frag_len,0);
- if ((unsigned long)i!=frag_len)
- i = -1;
- if (i<=0)
- goto err;
- }
-
- pq_64bit_init(&seq64);
- pq_64bit_assign_word(&seq64, msg_hdr->seq);
-
- item = pitem_new(seq64, frag);
- pq_64bit_free(&seq64);
- if ( item == NULL)
- goto err;
-
- item = pqueue_insert(s->d1->buffered_messages, item);
- /* pqueue_insert fails iff a duplicate item is inserted.
- * However, |item| cannot be a duplicate. If it were,
- * |pqueue_find|, above, would have returned it. Then, either
- * |frag_len| != |msg_hdr->msg_len| in which case |item| is set
- * to NULL and it will have been processed with
- * |dtls1_reassemble_fragment|, above, or the record will have
- * been discarded. */
- OPENSSL_assert(item != NULL);
- }
-
- return DTLS1_HM_FRAGMENT_RETRY;
-
-err:
- if (frag != NULL && item == NULL) dtls1_hm_fragment_free(frag);
- *ok = 0;
- return i;
- }
-
-
-static long
-dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
- {
- unsigned char wire[DTLS1_HM_HEADER_LENGTH];
- unsigned long len, frag_off, frag_len;
- int i,al;
- struct hm_header_st msg_hdr;
-
- redo:
- /* see if we have the required fragment already */
- if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
- {
- if (*ok) s->init_num = frag_len;
- return frag_len;
- }
-
- /* read handshake message header */
- i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,
- DTLS1_HM_HEADER_LENGTH, 0);
- if (i <= 0) /* nbio, or an error */
- {
- s->rwstate=SSL_READING;
- *ok = 0;
- return i;
- }
- /* Handshake fails if message header is incomplete */
- if (i != DTLS1_HM_HEADER_LENGTH)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
-
- /* parse the message fragment header */
- dtls1_get_message_header(wire, &msg_hdr);
-
- /*
- * if this is a future (or stale) message it gets buffered
- * (or dropped)--no further processing at this time
- * While listening, we accept seq 1 (ClientHello with cookie)
- * although we're still expecting seq 0 (ClientHello)
- */
- if (msg_hdr.seq != s->d1->handshake_read_seq && !(s->d1->listen && msg_hdr.seq == 1))
- return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
-
- len = msg_hdr.msg_len;
- frag_off = msg_hdr.frag_off;
- frag_len = msg_hdr.frag_len;
-
- if (frag_len && frag_len < len)
- return dtls1_reassemble_fragment(s, &msg_hdr, ok);
-
- if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
- wire[0] == SSL3_MT_HELLO_REQUEST)
- {
- /* The server may always send 'Hello Request' messages --
- * we are doing a handshake anyway now, so ignore them
- * if their format is correct. Does not count for
- * 'Finished' MAC. */
- if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0)
- {
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- wire, DTLS1_HM_HEADER_LENGTH, s,
- s->msg_callback_arg);
-
- s->init_num = 0;
- goto redo;
- }
- else /* Incorrectly formated Hello request */
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
- }
-
- if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max)))
- goto f_err;
-
- /* XDTLS: ressurect this when restart is in place */
- s->state=stn;
-
- if ( frag_len > 0)
- {
- unsigned char *p=(unsigned char *)s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
-
- i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- &p[frag_off],frag_len,0);
- /* XDTLS: fix this--message fragments cannot span multiple packets */
- if (i <= 0)
- {
- s->rwstate=SSL_READING;
- *ok = 0;
- return i;
- }
- }
- else
- i = 0;
-
- /* XDTLS: an incorrectly formatted fragment should cause the
- * handshake to fail */
- if (i != (int)frag_len)
- {
- al=SSL3_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL3_AD_ILLEGAL_PARAMETER);
- goto f_err;
- }
-
- *ok = 1;
-
- /* Note that s->init_num is *not* used as current offset in
- * s->init_buf->data, but as a counter summing up fragments'
- * lengths: as soon as they sum up to handshake packet
- * length, we assume we have got all the fragments. */
- s->init_num = frag_len;
- return frag_len;
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- s->init_num = 0;
-
- *ok=0;
- return(-1);
- }
-
-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
- {
- unsigned char *p,*d;
- int i;
- unsigned long l;
-
- if (s->state == a)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[DTLS1_HM_HEADER_LENGTH]);
-
- i=s->method->ssl3_enc->final_finish_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->finish_dgst2),
- sender,slen,s->s3->tmp.finish_md);
- s->s3->tmp.finish_md_len = i;
- memcpy(p, s->s3->tmp.finish_md, i);
- p+=i;
- l=i;
-
- /* Copy the finished so we can use it for
- * renegotiation checks
- */
- if(s->type == SSL_ST_CONNECT)
- {
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
- memcpy(s->s3->previous_client_finished,
- s->s3->tmp.finish_md, i);
- s->s3->previous_client_finished_len=i;
- }
- else
- {
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
- memcpy(s->s3->previous_server_finished,
- s->s3->tmp.finish_md, i);
- s->s3->previous_server_finished_len=i;
- }
-
-#ifdef OPENSSL_SYS_WIN16
- /* MSVC 1.5 does not clear the top bytes of the word unless
- * I do this.
- */
- l&=0xffff;
-#endif
-
- d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
- s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
-
- s->state=b;
- }
-
- /* SSL3_ST_SEND_xxxxxx_HELLO_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-/* for these 2 messages, we need to
- * ssl->enc_read_ctx re-init
- * ssl->s3->read_sequence zero
- * ssl->s3->read_mac_secret re-init
- * ssl->session->read_sym_enc assign
- * ssl->session->read_compression assign
- * ssl->session->read_hash assign
- */
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
- {
- unsigned char *p;
-
- if (s->state == a)
- {
- p=(unsigned char *)s->init_buf->data;
- *p++=SSL3_MT_CCS;
- s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
- s->init_num=DTLS1_CCS_HEADER_LENGTH;
-
- if (s->client_version == DTLS1_BAD_VER)
- {
- s->d1->next_handshake_write_seq++;
- s2n(s->d1->handshake_write_seq,p);
- s->init_num+=2;
- }
-
- s->init_off=0;
-
- dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
- s->d1->handshake_write_seq, 0, 0);
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 1);
-
- s->state=b;
- }
-
- /* SSL3_ST_CW_CHANGE_B */
- return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
- }
-
-static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
- {
- int n;
- unsigned char *p;
-
- n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
- {
- SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
- return 0;
- }
- p=(unsigned char *)&(buf->data[*l]);
- l2n3(n,p);
- i2d_X509(x,&p);
- *l+=n+3;
-
- return 1;
- }
-unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
- {
- unsigned char *p;
- int i;
- unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
- BUF_MEM *buf;
-
- /* TLSv1 sends a chain with nothing in it, instead of an alert */
- buf=s->init_buf;
- if (!BUF_MEM_grow_clean(buf,10))
- {
- SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
- return(0);
- }
- if (x != NULL)
- {
- X509_STORE_CTX xs_ctx;
-
- if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
- {
- SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
- return(0);
- }
-
- X509_verify_cert(&xs_ctx);
- /* Don't leave errors in the queue */
- ERR_clear_error();
- for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
- {
- x = sk_X509_value(xs_ctx.chain, i);
-
- if (!dtls1_add_cert_to_buf(buf, &l, x))
- {
- X509_STORE_CTX_cleanup(&xs_ctx);
- return 0;
- }
- }
- X509_STORE_CTX_cleanup(&xs_ctx);
- }
- /* Thawte special :-) */
- for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
- {
- x=sk_X509_value(s->ctx->extra_certs,i);
- if (!dtls1_add_cert_to_buf(buf, &l, x))
- return 0;
- }
-
- l-= (3 + DTLS1_HM_HEADER_LENGTH);
-
- p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
- l2n3(l,p);
- l+=3;
- p=(unsigned char *)&(buf->data[0]);
- p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
-
- l+=DTLS1_HM_HEADER_LENGTH;
- return(l);
- }
-
-int dtls1_read_failed(SSL *s, int code)
- {
- if ( code > 0)
- {
- fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
- return 1;
- }
-
- if (!dtls1_is_timer_expired(s))
- {
- /* not a timeout, none of our business,
- let higher layers handle this. in fact it's probably an error */
- return code;
- }
-
- if ( ! SSL_in_init(s)) /* done, no need to send a retransmit */
- {
- BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
- return code;
- }
-
-#if 0 /* for now, each alert contains only one record number */
- item = pqueue_peek(state->rcvd_records);
- if ( item )
- {
- /* send an alert immediately for all the missing records */
- }
- else
-#endif
-
-#if 0 /* no more alert sending, just retransmit the last set of messages */
- if ( state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
- ssl3_send_alert(s,SSL3_AL_WARNING,
- DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
-
- return dtls1_handle_timeout(s);
- }
-
-int
-dtls1_get_queue_priority(unsigned short seq, int is_ccs)
- {
- /* The index of the retransmission queue actually is the message sequence number,
- * since the queue only contains messages of a single handshake. However, the
- * ChangeCipherSpec has no message sequence number and so using only the sequence
- * will result in the CCS and Finished having the same index. To prevent this,
- * the sequence number is multiplied by 2. In case of a CCS 1 is subtracted.
- * This does not only differ CSS and Finished, it also maintains the order of the
- * index (important for priority queues) and fits in the unsigned short variable.
- */
- return seq * 2 - is_ccs;
- }
-
-int
-dtls1_retransmit_buffered_messages(SSL *s)
- {
- pqueue sent = s->d1->sent_messages;
- piterator iter;
- pitem *item;
- hm_fragment *frag;
- int found = 0;
-
- iter = pqueue_iterator(sent);
-
- for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter))
- {
- frag = (hm_fragment *)item->data;
- if ( dtls1_retransmit_message(s,
- (unsigned short)dtls1_get_queue_priority(frag->msg_header.seq, frag->msg_header.is_ccs),
- 0, &found) <= 0 && found)
- {
- fprintf(stderr, "dtls1_retransmit_message() failed\n");
- return -1;
- }
- }
-
- return 1;
- }
-
-int
-dtls1_buffer_message(SSL *s, int is_ccs)
- {
- pitem *item;
- hm_fragment *frag;
- PQ_64BIT seq64;
-
- /* this function is called immediately after a message has
- * been serialized */
- OPENSSL_assert(s->init_off == 0);
-
- frag = dtls1_hm_fragment_new(s->init_num, 0);
- if (!frag)
- return 0;
-
- memcpy(frag->fragment, s->init_buf->data, s->init_num);
-
- if ( is_ccs)
- {
- OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num);
- }
- else
- {
- OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
- }
-
- frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
- frag->msg_header.seq = s->d1->w_msg_hdr.seq;
- frag->msg_header.type = s->d1->w_msg_hdr.type;
- frag->msg_header.frag_off = 0;
- frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
- frag->msg_header.is_ccs = is_ccs;
-
- /* save current state*/
- frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
- frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
- frag->msg_header.saved_retransmit_state.compress = s->compress;
- frag->msg_header.saved_retransmit_state.session = s->session;
- frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
-
- pq_64bit_init(&seq64);
-
- pq_64bit_assign_word(&seq64,
- dtls1_get_queue_priority(frag->msg_header.seq,
- frag->msg_header.is_ccs));
-
- item = pitem_new(seq64, frag);
- pq_64bit_free(&seq64);
- if ( item == NULL)
- {
- dtls1_hm_fragment_free(frag);
- return 0;
- }
-
-#if 0
- fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
- fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
- fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
-#endif
-
- pqueue_insert(s->d1->sent_messages, item);
- return 1;
- }
-
-int
-dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
- int *found)
- {
- int ret;
- /* XDTLS: for now assuming that read/writes are blocking */
- pitem *item;
- hm_fragment *frag ;
- unsigned long header_length;
- PQ_64BIT seq64;
- struct dtls1_retransmit_state saved_state;
- unsigned char save_write_sequence[8];
-
- /*
- OPENSSL_assert(s->init_num == 0);
- OPENSSL_assert(s->init_off == 0);
- */
-
- /* XDTLS: the requested message ought to be found, otherwise error */
- pq_64bit_init(&seq64);
- pq_64bit_assign_word(&seq64, seq);
-
- item = pqueue_find(s->d1->sent_messages, seq64);
- pq_64bit_free(&seq64);
- if ( item == NULL)
- {
- fprintf(stderr, "retransmit: message %d non-existant\n", seq);
- *found = 0;
- return 0;
- }
-
- *found = 1;
- frag = (hm_fragment *)item->data;
-
- if ( frag->msg_header.is_ccs)
- header_length = DTLS1_CCS_HEADER_LENGTH;
- else
- header_length = DTLS1_HM_HEADER_LENGTH;
-
- memcpy(s->init_buf->data, frag->fragment,
- frag->msg_header.msg_len + header_length);
- s->init_num = frag->msg_header.msg_len + header_length;
-
- dtls1_set_message_header_int(s, frag->msg_header.type,
- frag->msg_header.msg_len, frag->msg_header.seq, 0,
- frag->msg_header.frag_len);
-
- /* save current state */
- saved_state.enc_write_ctx = s->enc_write_ctx;
- saved_state.write_hash = s->write_hash;
- saved_state.compress = s->compress;
- saved_state.session = s->session;
- saved_state.epoch = s->d1->w_epoch;
- saved_state.epoch = s->d1->w_epoch;
-
- s->d1->retransmitting = 1;
-
- /* restore state in which the message was originally sent */
- s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
- s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
- s->compress = frag->msg_header.saved_retransmit_state.compress;
- s->session = frag->msg_header.saved_retransmit_state.session;
- s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
-
- if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
- {
- memcpy(save_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
- memcpy(s->s3->write_sequence, s->d1->last_write_sequence, sizeof(s->s3->write_sequence));
- }
-
- ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
- SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
-
- /* restore current state */
- s->enc_write_ctx = saved_state.enc_write_ctx;
- s->write_hash = saved_state.write_hash;
- s->compress = saved_state.compress;
- s->session = saved_state.session;
- s->d1->w_epoch = saved_state.epoch;
-
- if (frag->msg_header.saved_retransmit_state.epoch == saved_state.epoch - 1)
- {
- memcpy(s->d1->last_write_sequence, s->s3->write_sequence, sizeof(s->s3->write_sequence));
- memcpy(s->s3->write_sequence, save_write_sequence, sizeof(s->s3->write_sequence));
- }
-
- s->d1->retransmitting = 0;
-
- (void)BIO_flush(SSL_get_wbio(s));
- return ret;
- }
-
-/* call this function when the buffered messages are no longer needed */
-void
-dtls1_clear_record_buffer(SSL *s)
- {
- pitem *item;
-
- for(item = pqueue_pop(s->d1->sent_messages);
- item != NULL; item = pqueue_pop(s->d1->sent_messages))
- {
- dtls1_hm_fragment_free((hm_fragment *)item->data);
- pitem_free(item);
- }
- }
-
-
-unsigned char *
-dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
- unsigned long len, unsigned long frag_off, unsigned long frag_len)
- {
- /* Don't change sequence numbers while listening */
- if (frag_off == 0 && !s->d1->listen)
- {
- s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
- s->d1->next_handshake_write_seq++;
- }
-
- dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
- frag_off, frag_len);
-
- return p += DTLS1_HM_HEADER_LENGTH;
- }
-
-
-/* don't actually do the writing, wait till the MTU has been retrieved */
-static void
-dtls1_set_message_header_int(SSL *s, unsigned char mt,
- unsigned long len, unsigned short seq_num, unsigned long frag_off,
- unsigned long frag_len)
- {
- struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
- msg_hdr->type = mt;
- msg_hdr->msg_len = len;
- msg_hdr->seq = seq_num;
- msg_hdr->frag_off = frag_off;
- msg_hdr->frag_len = frag_len;
- }
-
-static void
-dtls1_fix_message_header(SSL *s, unsigned long frag_off,
- unsigned long frag_len)
- {
- struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
- msg_hdr->frag_off = frag_off;
- msg_hdr->frag_len = frag_len;
- }
-
-static unsigned char *
-dtls1_write_message_header(SSL *s, unsigned char *p)
- {
- struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
- *p++ = msg_hdr->type;
- l2n3(msg_hdr->msg_len, p);
-
- s2n(msg_hdr->seq, p);
- l2n3(msg_hdr->frag_off, p);
- l2n3(msg_hdr->frag_len, p);
-
- return p;
- }
-
-unsigned int
-dtls1_min_mtu(void)
- {
- return (g_probable_mtu[(sizeof(g_probable_mtu) /
- sizeof(g_probable_mtu[0])) - 1]);
- }
-
-static unsigned int
-dtls1_guess_mtu(unsigned int curr_mtu)
- {
- size_t i;
-
- if ( curr_mtu == 0 )
- return g_probable_mtu[0] ;
-
- for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
- if ( curr_mtu > g_probable_mtu[i])
- return g_probable_mtu[i];
-
- return curr_mtu;
- }
-
-void
-dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
- {
- memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
- msg_hdr->type = *(data++);
- n2l3(data, msg_hdr->msg_len);
-
- n2s(data, msg_hdr->seq);
- n2l3(data, msg_hdr->frag_off);
- n2l3(data, msg_hdr->frag_len);
- }
-
-void
-dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
- {
- memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
-
- ccs_hdr->type = *(data++);
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/d1_both.c (from rev 6976, vendor-crypto/openssl/dist/ssl/d1_both.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/d1_both.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_both.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1443 @@
+/* ssl/d1_both.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
+
+#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
+ if ((end) - (start) <= 8) { \
+ long ii; \
+ for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
+ } else { \
+ long ii; \
+ bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
+ for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
+ bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
+ } }
+
+#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
+ long ii; \
+ OPENSSL_assert((msg_len) > 0); \
+ is_complete = 1; \
+ if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
+ if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
+ if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
+
+#if 0
+# define RSMBLY_BITMASK_PRINT(bitmask, msg_len) { \
+ long ii; \
+ printf("bitmask: "); for (ii = 0; ii < (msg_len); ii++) \
+ printf("%d ", (bitmask[ii >> 3] & (1 << (ii & 7))) >> (ii & 7)); \
+ printf("\n"); }
+#endif
+
+static unsigned char bitmask_start_values[] =
+ { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 };
+static unsigned char bitmask_end_values[] =
+ { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f };
+
+/* XDTLS: figure out the right values */
+static unsigned int g_probable_mtu[] = { 1500 - 28, 512 - 28, 256 - 28 };
+
+static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
+static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
+ unsigned long frag_len);
+static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
+static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
+ unsigned long len,
+ unsigned short seq_num,
+ unsigned long frag_off,
+ unsigned long frag_len);
+static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
+ int *ok);
+
+static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
+ int reassembly)
+{
+ hm_fragment *frag = NULL;
+ unsigned char *buf = NULL;
+ unsigned char *bitmask = NULL;
+
+ frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
+ if (frag == NULL)
+ return NULL;
+
+ if (frag_len) {
+ buf = (unsigned char *)OPENSSL_malloc(frag_len);
+ if (buf == NULL) {
+ OPENSSL_free(frag);
+ return NULL;
+ }
+ }
+
+ /* zero length fragment gets zero frag->fragment */
+ frag->fragment = buf;
+
+ /* Initialize reassembly bitmask if necessary */
+ if (reassembly) {
+ bitmask =
+ (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
+ if (bitmask == NULL) {
+ if (buf != NULL)
+ OPENSSL_free(buf);
+ OPENSSL_free(frag);
+ return NULL;
+ }
+ memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
+ }
+
+ frag->reassembly = bitmask;
+
+ return frag;
+}
+
+static void dtls1_hm_fragment_free(hm_fragment *frag)
+{
+ if (frag->fragment)
+ OPENSSL_free(frag->fragment);
+ if (frag->reassembly)
+ OPENSSL_free(frag->reassembly);
+ OPENSSL_free(frag);
+}
+
+/*
+ * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC)
+ */
+int dtls1_do_write(SSL *s, int type)
+{
+ int ret;
+ int curr_mtu;
+ unsigned int len, frag_off, mac_size, blocksize;
+
+ /* AHA! Figure out the MTU, and stick to the right size */
+ if (s->d1->mtu < dtls1_min_mtu()
+ && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+ s->d1->mtu =
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+
+ /*
+ * I've seen the kernel return bogus numbers when it doesn't know
+ * (initial write), so just make sure we have a reasonable number
+ */
+ if (s->d1->mtu < dtls1_min_mtu()) {
+ s->d1->mtu = 0;
+ s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
+ s->d1->mtu, NULL);
+ }
+ }
+#if 0
+ mtu = s->d1->mtu;
+
+ fprintf(stderr, "using MTU = %d\n", mtu);
+
+ mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
+
+ curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
+
+ if (curr_mtu > 0)
+ mtu = curr_mtu;
+ else if ((ret = BIO_flush(SSL_get_wbio(s))) <= 0)
+ return ret;
+
+ if (BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu) {
+ ret = BIO_flush(SSL_get_wbio(s));
+ if (ret <= 0)
+ return ret;
+ mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
+ }
+#endif
+
+ OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu()); /* should have something
+ * reasonable now */
+
+ if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
+ OPENSSL_assert(s->init_num ==
+ (int)s->d1->w_msg_hdr.msg_len +
+ DTLS1_HM_HEADER_LENGTH);
+
+ if (s->write_hash)
+ mac_size = EVP_MD_size(s->write_hash);
+ else
+ mac_size = 0;
+
+ if (s->enc_write_ctx &&
+ (EVP_CIPHER_mode(s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
+ blocksize = 2 * EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
+ else
+ blocksize = 0;
+
+ frag_off = 0;
+ while (s->init_num) {
+ curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
+ DTLS1_RT_HEADER_LENGTH - mac_size - blocksize;
+
+ if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
+ /*
+ * grr.. we could get an error if MTU picked was wrong
+ */
+ ret = BIO_flush(SSL_get_wbio(s));
+ if (ret <= 0)
+ return ret;
+ curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
+ mac_size - blocksize;
+ }
+
+ if (s->init_num > curr_mtu)
+ len = curr_mtu;
+ else
+ len = s->init_num;
+
+ /*
+ * XDTLS: this function is too long. split out the CCS part
+ */
+ if (type == SSL3_RT_HANDSHAKE) {
+ if (s->init_off != 0) {
+ OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
+ s->init_off -= DTLS1_HM_HEADER_LENGTH;
+ s->init_num += DTLS1_HM_HEADER_LENGTH;
+
+ if (s->init_num > curr_mtu)
+ len = curr_mtu;
+ else
+ len = s->init_num;
+ }
+
+ dtls1_fix_message_header(s, frag_off,
+ len - DTLS1_HM_HEADER_LENGTH);
+
+ dtls1_write_message_header(s,
+ (unsigned char *)&s->init_buf->
+ data[s->init_off]);
+
+ OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
+ }
+
+ ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off],
+ len);
+ if (ret < 0) {
+ /*
+ * might need to update MTU here, but we don't know which
+ * previous packet caused the failure -- so can't really
+ * retransmit anything. continue as if everything is fine and
+ * wait for an alert to handle the retransmit
+ */
+ if (BIO_ctrl(SSL_get_wbio(s),
+ BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
+ s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
+ BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+ else
+ return (-1);
+ } else {
+
+ /*
+ * bad if this assert fails, only part of the handshake message
+ * got sent. but why would this happen?
+ */
+ OPENSSL_assert(len == (unsigned int)ret);
+
+ if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) {
+ /*
+ * should not be done for 'Hello Request's, but in that case
+ * we'll ignore the result anyway
+ */
+ unsigned char *p =
+ (unsigned char *)&s->init_buf->data[s->init_off];
+ const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+ int xlen;
+
+ if (frag_off == 0 && s->client_version != DTLS1_BAD_VER) {
+ /*
+ * reconstruct message header is if it is being sent in
+ * single fragment
+ */
+ *p++ = msg_hdr->type;
+ l2n3(msg_hdr->msg_len, p);
+ s2n(msg_hdr->seq, p);
+ l2n3(0, p);
+ l2n3(msg_hdr->msg_len, p);
+ p -= DTLS1_HM_HEADER_LENGTH;
+ xlen = ret;
+ } else {
+ p += DTLS1_HM_HEADER_LENGTH;
+ xlen = ret - DTLS1_HM_HEADER_LENGTH;
+ }
+
+ ssl3_finish_mac(s, p, xlen);
+ }
+
+ if (ret == s->init_num) {
+ if (s->msg_callback)
+ s->msg_callback(1, s->version, type, s->init_buf->data,
+ (size_t)(s->init_off + s->init_num), s,
+ s->msg_callback_arg);
+
+ s->init_off = 0; /* done writing this message */
+ s->init_num = 0;
+
+ return (1);
+ }
+ s->init_off += ret;
+ s->init_num -= ret;
+ frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
+ }
+ }
+ return (0);
+}
+
+/*
+ * Obtain handshake message of message type 'mt' (any if mt == -1), maximum
+ * acceptable body length 'max'. Read an entire handshake message. Handshake
+ * messages arrive in fragments.
+ */
+long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
+{
+ int i, al;
+ struct hm_header_st *msg_hdr;
+ unsigned char *p;
+ unsigned long msg_len;
+
+ /*
+ * s3->tmp is used to store messages that are unexpected, caused by the
+ * absence of an optional handshake message
+ */
+ if (s->s3->tmp.reuse_message) {
+ s->s3->tmp.reuse_message = 0;
+ if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+ *ok = 1;
+ s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+ s->init_num = (int)s->s3->tmp.message_size;
+ return s->init_num;
+ }
+
+ msg_hdr = &s->d1->r_msg_hdr;
+ memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+
+ again:
+ i = dtls1_get_message_fragment(s, st1, stn, max, ok);
+ if (i == DTLS1_HM_BAD_FRAGMENT || i == DTLS1_HM_FRAGMENT_RETRY) {
+ /* bad fragment received */
+ goto again;
+ } else if (i <= 0 && !*ok) {
+ return i;
+ }
+
+ p = (unsigned char *)s->init_buf->data;
+ msg_len = msg_hdr->msg_len;
+
+ /* reconstruct message header */
+ *(p++) = msg_hdr->type;
+ l2n3(msg_len, p);
+ s2n(msg_hdr->seq, p);
+ l2n3(0, p);
+ l2n3(msg_len, p);
+ if (s->version != DTLS1_BAD_VER) {
+ p -= DTLS1_HM_HEADER_LENGTH;
+ msg_len += DTLS1_HM_HEADER_LENGTH;
+ }
+
+ ssl3_finish_mac(s, p, msg_len);
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+ p, msg_len, s, s->msg_callback_arg);
+
+ memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+
+ /* Don't change sequence numbers while listening */
+ if (!s->d1->listen)
+ s->d1->handshake_read_seq++;
+
+ s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+ return s->init_num;
+
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ *ok = 0;
+ return -1;
+}
+
+static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr,
+ int max)
+{
+ size_t frag_off, frag_len, msg_len;
+
+ msg_len = msg_hdr->msg_len;
+ frag_off = msg_hdr->frag_off;
+ frag_len = msg_hdr->frag_len;
+
+ /* sanity checking */
+ if ((frag_off + frag_len) > msg_len) {
+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ return SSL_AD_ILLEGAL_PARAMETER;
+ }
+
+ if ((frag_off + frag_len) > (unsigned long)max) {
+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ return SSL_AD_ILLEGAL_PARAMETER;
+ }
+
+ if (s->d1->r_msg_hdr.frag_off == 0) { /* first fragment */
+ /*
+ * msg_len is limited to 2^24, but is effectively checked against max
+ * above
+ */
+ if (!BUF_MEM_grow_clean
+ (s->init_buf, (int)msg_len + DTLS1_HM_HEADER_LENGTH)) {
+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, ERR_R_BUF_LIB);
+ return SSL_AD_INTERNAL_ERROR;
+ }
+
+ s->s3->tmp.message_size = msg_len;
+ s->d1->r_msg_hdr.msg_len = msg_len;
+ s->s3->tmp.message_type = msg_hdr->type;
+ s->d1->r_msg_hdr.type = msg_hdr->type;
+ s->d1->r_msg_hdr.seq = msg_hdr->seq;
+ } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
+ /*
+ * They must be playing with us! BTW, failure to enforce upper limit
+ * would open possibility for buffer overrun.
+ */
+ SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ return SSL_AD_ILLEGAL_PARAMETER;
+ }
+
+ return 0; /* no error */
+}
+
+static int dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
+{
+ /*-
+ * (0) check whether the desired fragment is available
+ * if so:
+ * (1) copy over the fragment to s->init_buf->data[]
+ * (2) update s->init_num
+ */
+ pitem *item;
+ hm_fragment *frag;
+ int al;
+
+ *ok = 0;
+ item = pqueue_peek(s->d1->buffered_messages);
+ if (item == NULL)
+ return 0;
+
+ frag = (hm_fragment *)item->data;
+
+ /* Don't return if reassembly still in progress */
+ if (frag->reassembly != NULL)
+ return 0;
+
+ if (s->d1->handshake_read_seq == frag->msg_header.seq) {
+ unsigned long frag_len = frag->msg_header.frag_len;
+ pqueue_pop(s->d1->buffered_messages);
+
+ al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
+
+ if (al == 0) { /* no alert */
+ unsigned char *p =
+ (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+ memcpy(&p[frag->msg_header.frag_off], frag->fragment,
+ frag->msg_header.frag_len);
+ }
+
+ dtls1_hm_fragment_free(frag);
+ pitem_free(item);
+
+ if (al == 0) {
+ *ok = 1;
+ return frag_len;
+ }
+
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ s->init_num = 0;
+ *ok = 0;
+ return -1;
+ } else
+ return 0;
+}
+
+/*
+ * dtls1_max_handshake_message_len returns the maximum number of bytes
+ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
+ * may be greater if the maximum certificate list size requires it.
+ */
+static unsigned long dtls1_max_handshake_message_len(const SSL *s)
+{
+ unsigned long max_len =
+ DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+ if (max_len < (unsigned long)s->max_cert_list)
+ return s->max_cert_list;
+ return max_len;
+}
+
+static int
+dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok)
+{
+ hm_fragment *frag = NULL;
+ pitem *item = NULL;
+ int i = -1, is_complete;
+ PQ_64BIT seq64;
+ unsigned long frag_len = msg_hdr->frag_len;
+
+ if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
+ msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
+ goto err;
+
+ if (frag_len == 0)
+ return DTLS1_HM_FRAGMENT_RETRY;
+
+ /* Try to find item in queue */
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
+ item = pqueue_find(s->d1->buffered_messages, seq64);
+ pq_64bit_free(&seq64);
+
+ if (item == NULL) {
+ frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
+ if (frag == NULL)
+ goto err;
+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+ frag->msg_header.frag_len = frag->msg_header.msg_len;
+ frag->msg_header.frag_off = 0;
+ } else {
+ frag = (hm_fragment *)item->data;
+ if (frag->msg_header.msg_len != msg_hdr->msg_len) {
+ item = NULL;
+ frag = NULL;
+ goto err;
+ }
+ }
+
+ /*
+ * If message is already reassembled, this must be a retransmit and can
+ * be dropped. In this case item != NULL and so frag does not need to be
+ * freed.
+ */
+ if (frag->reassembly == NULL) {
+ unsigned char devnull[256];
+
+ while (frag_len) {
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+ devnull,
+ frag_len >
+ sizeof(devnull) ? sizeof(devnull) :
+ frag_len, 0);
+ if (i <= 0)
+ goto err;
+ frag_len -= i;
+ }
+ return DTLS1_HM_FRAGMENT_RETRY;
+ }
+
+ /* read the body of the fragment (header has already been read */
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+ frag->fragment + msg_hdr->frag_off,
+ frag_len, 0);
+ if ((unsigned long)i != frag_len)
+ i = -1;
+ if (i <= 0)
+ goto err;
+
+ RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
+ (long)(msg_hdr->frag_off + frag_len));
+
+ RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
+ is_complete);
+
+ if (is_complete) {
+ OPENSSL_free(frag->reassembly);
+ frag->reassembly = NULL;
+ }
+
+ if (item == NULL) {
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
+ item = pitem_new(seq64, frag);
+ pq_64bit_free(&seq64);
+
+ if (item == NULL) {
+ i = -1;
+ goto err;
+ }
+
+ item = pqueue_insert(s->d1->buffered_messages, item);
+ /*
+ * pqueue_insert fails iff a duplicate item is inserted. However,
+ * |item| cannot be a duplicate. If it were, |pqueue_find|, above,
+ * would have returned it and control would never have reached this
+ * branch.
+ */
+ OPENSSL_assert(item != NULL);
+ }
+
+ return DTLS1_HM_FRAGMENT_RETRY;
+
+ err:
+ if (frag != NULL && item == NULL)
+ dtls1_hm_fragment_free(frag);
+ *ok = 0;
+ return i;
+}
+
+static int
+dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr,
+ int *ok)
+{
+ int i = -1;
+ hm_fragment *frag = NULL;
+ pitem *item = NULL;
+ PQ_64BIT seq64;
+ unsigned long frag_len = msg_hdr->frag_len;
+
+ if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
+ goto err;
+
+ /* Try to find item in queue, to prevent duplicate entries */
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
+ item = pqueue_find(s->d1->buffered_messages, seq64);
+ pq_64bit_free(&seq64);
+
+ /*
+ * If we already have an entry and this one is a fragment, don't discard
+ * it and rather try to reassemble it.
+ */
+ if (item != NULL && frag_len != msg_hdr->msg_len)
+ item = NULL;
+
+ /*
+ * Discard the message if sequence number was already there, is too far
+ * in the future, already in the queue or if we received a FINISHED
+ * before the SERVER_HELLO, which then must be a stale retransmit.
+ */
+ if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
+ (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED))
+ {
+ unsigned char devnull[256];
+
+ while (frag_len) {
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+ devnull,
+ frag_len >
+ sizeof(devnull) ? sizeof(devnull) :
+ frag_len, 0);
+ if (i <= 0)
+ goto err;
+ frag_len -= i;
+ }
+ } else {
+ if (frag_len != msg_hdr->msg_len)
+ return dtls1_reassemble_fragment(s, msg_hdr, ok);
+
+ if (frag_len > dtls1_max_handshake_message_len(s))
+ goto err;
+
+ frag = dtls1_hm_fragment_new(frag_len, 0);
+ if (frag == NULL)
+ goto err;
+
+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+
+ if (frag_len) {
+ /*
+ * read the body of the fragment (header has already been read)
+ */
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+ frag->fragment, frag_len, 0);
+ if ((unsigned long)i != frag_len)
+ i = -1;
+ if (i <= 0)
+ goto err;
+ }
+
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
+
+ item = pitem_new(seq64, frag);
+ pq_64bit_free(&seq64);
+ if (item == NULL)
+ goto err;
+
+ item = pqueue_insert(s->d1->buffered_messages, item);
+ /*
+ * pqueue_insert fails iff a duplicate item is inserted. However,
+ * |item| cannot be a duplicate. If it were, |pqueue_find|, above,
+ * would have returned it. Then, either |frag_len| !=
+ * |msg_hdr->msg_len| in which case |item| is set to NULL and it will
+ * have been processed with |dtls1_reassemble_fragment|, above, or
+ * the record will have been discarded.
+ */
+ OPENSSL_assert(item != NULL);
+ }
+
+ return DTLS1_HM_FRAGMENT_RETRY;
+
+ err:
+ if (frag != NULL && item == NULL)
+ dtls1_hm_fragment_free(frag);
+ *ok = 0;
+ return i;
+}
+
+static long
+dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
+{
+ unsigned char wire[DTLS1_HM_HEADER_LENGTH];
+ unsigned long len, frag_off, frag_len;
+ int i, al;
+ struct hm_header_st msg_hdr;
+
+ redo:
+ /* see if we have the required fragment already */
+ if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
+ if (*ok)
+ s->init_num = frag_len;
+ return frag_len;
+ }
+
+ /* read handshake message header */
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
+ DTLS1_HM_HEADER_LENGTH, 0);
+ if (i <= 0) { /* nbio, or an error */
+ s->rwstate = SSL_READING;
+ *ok = 0;
+ return i;
+ }
+ /* Handshake fails if message header is incomplete */
+ if (i != DTLS1_HM_HEADER_LENGTH) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+
+ /* parse the message fragment header */
+ dtls1_get_message_header(wire, &msg_hdr);
+
+ /*
+ * if this is a future (or stale) message it gets buffered
+ * (or dropped)--no further processing at this time
+ * While listening, we accept seq 1 (ClientHello with cookie)
+ * although we're still expecting seq 0 (ClientHello)
+ */
+ if (msg_hdr.seq != s->d1->handshake_read_seq
+ && !(s->d1->listen && msg_hdr.seq == 1))
+ return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
+
+ len = msg_hdr.msg_len;
+ frag_off = msg_hdr.frag_off;
+ frag_len = msg_hdr.frag_len;
+
+ if (frag_len && frag_len < len)
+ return dtls1_reassemble_fragment(s, &msg_hdr, ok);
+
+ if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
+ wire[0] == SSL3_MT_HELLO_REQUEST) {
+ /*
+ * The server may always send 'Hello Request' messages -- we are
+ * doing a handshake anyway now, so ignore them if their format is
+ * correct. Does not count for 'Finished' MAC.
+ */
+ if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+ wire, DTLS1_HM_HEADER_LENGTH, s,
+ s->msg_callback_arg);
+
+ s->init_num = 0;
+ goto redo;
+ } else { /* Incorrectly formated Hello request */
+
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,
+ SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+ }
+
+ if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
+ goto f_err;
+
+ /* XDTLS: ressurect this when restart is in place */
+ s->state = stn;
+
+ if (frag_len > 0) {
+ unsigned char *p =
+ (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+ &p[frag_off], frag_len, 0);
+ /*
+ * XDTLS: fix this--message fragments cannot span multiple packets
+ */
+ if (i <= 0) {
+ s->rwstate = SSL_READING;
+ *ok = 0;
+ return i;
+ }
+ } else
+ i = 0;
+
+ /*
+ * XDTLS: an incorrectly formatted fragment should cause the handshake
+ * to fail
+ */
+ if (i != (int)frag_len) {
+ al = SSL3_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT, SSL3_AD_ILLEGAL_PARAMETER);
+ goto f_err;
+ }
+
+ *ok = 1;
+
+ /*
+ * Note that s->init_num is *not* used as current offset in
+ * s->init_buf->data, but as a counter summing up fragments' lengths: as
+ * soon as they sum up to handshake packet length, we assume we have got
+ * all the fragments.
+ */
+ s->init_num = frag_len;
+ return frag_len;
+
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ s->init_num = 0;
+
+ *ok = 0;
+ return (-1);
+}
+
+int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
+{
+ unsigned char *p, *d;
+ int i;
+ unsigned long l;
+
+ if (s->state == a) {
+ d = (unsigned char *)s->init_buf->data;
+ p = &(d[DTLS1_HM_HEADER_LENGTH]);
+
+ i = s->method->ssl3_enc->final_finish_mac(s,
+ &(s->s3->finish_dgst1),
+ &(s->s3->finish_dgst2),
+ sender, slen,
+ s->s3->tmp.finish_md);
+ s->s3->tmp.finish_md_len = i;
+ memcpy(p, s->s3->tmp.finish_md, i);
+ p += i;
+ l = i;
+
+ /*
+ * Copy the finished so we can use it for renegotiation checks
+ */
+ if (s->type == SSL_ST_CONNECT) {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+ memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
+ s->s3->previous_client_finished_len = i;
+ } else {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+ memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
+ s->s3->previous_server_finished_len = i;
+ }
+
+#ifdef OPENSSL_SYS_WIN16
+ /*
+ * MSVC 1.5 does not clear the top bytes of the word unless I do
+ * this.
+ */
+ l &= 0xffff;
+#endif
+
+ d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
+ s->init_num = (int)l + DTLS1_HM_HEADER_LENGTH;
+ s->init_off = 0;
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 0);
+
+ s->state = b;
+ }
+
+ /* SSL3_ST_SEND_xxxxxx_HELLO_B */
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+/*-
+ * for these 2 messages, we need to
+ * ssl->enc_read_ctx re-init
+ * ssl->s3->read_sequence zero
+ * ssl->s3->read_mac_secret re-init
+ * ssl->session->read_sym_enc assign
+ * ssl->session->read_compression assign
+ * ssl->session->read_hash assign
+ */
+int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
+{
+ unsigned char *p;
+
+ if (s->state == a) {
+ p = (unsigned char *)s->init_buf->data;
+ *p++ = SSL3_MT_CCS;
+ s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+ s->init_num = DTLS1_CCS_HEADER_LENGTH;
+
+ if (s->client_version == DTLS1_BAD_VER) {
+ s->d1->next_handshake_write_seq++;
+ s2n(s->d1->handshake_write_seq, p);
+ s->init_num += 2;
+ }
+
+ s->init_off = 0;
+
+ dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
+ s->d1->handshake_write_seq, 0, 0);
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 1);
+
+ s->state = b;
+ }
+
+ /* SSL3_ST_CW_CHANGE_B */
+ return (dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
+}
+
+static int dtls1_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
+{
+ int n;
+ unsigned char *p;
+
+ n = i2d_X509(x, NULL);
+ if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
+ SSLerr(SSL_F_DTLS1_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
+ return 0;
+ }
+ p = (unsigned char *)&(buf->data[*l]);
+ l2n3(n, p);
+ i2d_X509(x, &p);
+ *l += n + 3;
+
+ return 1;
+}
+
+unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
+{
+ unsigned char *p;
+ int i;
+ unsigned long l = 3 + DTLS1_HM_HEADER_LENGTH;
+ BUF_MEM *buf;
+
+ /* TLSv1 sends a chain with nothing in it, instead of an alert */
+ buf = s->init_buf;
+ if (!BUF_MEM_grow_clean(buf, 10)) {
+ SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
+ return (0);
+ }
+ if (x != NULL) {
+ X509_STORE_CTX xs_ctx;
+
+ if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
+ SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
+ return (0);
+ }
+
+ X509_verify_cert(&xs_ctx);
+ /* Don't leave errors in the queue */
+ ERR_clear_error();
+ for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
+ x = sk_X509_value(xs_ctx.chain, i);
+
+ if (!dtls1_add_cert_to_buf(buf, &l, x)) {
+ X509_STORE_CTX_cleanup(&xs_ctx);
+ return 0;
+ }
+ }
+ X509_STORE_CTX_cleanup(&xs_ctx);
+ }
+ /* Thawte special :-) */
+ for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
+ x = sk_X509_value(s->ctx->extra_certs, i);
+ if (!dtls1_add_cert_to_buf(buf, &l, x))
+ return 0;
+ }
+
+ l -= (3 + DTLS1_HM_HEADER_LENGTH);
+
+ p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
+ l2n3(l, p);
+ l += 3;
+ p = (unsigned char *)&(buf->data[0]);
+ p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
+
+ l += DTLS1_HM_HEADER_LENGTH;
+ return (l);
+}
+
+int dtls1_read_failed(SSL *s, int code)
+{
+ if (code > 0) {
+ fprintf(stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
+ return 1;
+ }
+
+ if (!dtls1_is_timer_expired(s)) {
+ /*
+ * not a timeout, none of our business, let higher layers handle
+ * this. in fact it's probably an error
+ */
+ return code;
+ }
+
+ /* done, no need to send a retransmit */
+ if (!SSL_in_init(s)) {
+ BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
+ return code;
+ }
+#if 0 /* for now, each alert contains only one
+ * record number */
+ item = pqueue_peek(state->rcvd_records);
+ if (item) {
+ /* send an alert immediately for all the missing records */
+ } else
+#endif
+
+#if 0 /* no more alert sending, just retransmit the
+ * last set of messages */
+ if (state->timeout.read_timeouts >= DTLS1_TMO_READ_COUNT)
+ ssl3_send_alert(s, SSL3_AL_WARNING,
+ DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+#endif
+
+ return dtls1_handle_timeout(s);
+}
+
+int dtls1_get_queue_priority(unsigned short seq, int is_ccs)
+{
+ /*
+ * The index of the retransmission queue actually is the message sequence
+ * number, since the queue only contains messages of a single handshake.
+ * However, the ChangeCipherSpec has no message sequence number and so
+ * using only the sequence will result in the CCS and Finished having the
+ * same index. To prevent this, the sequence number is multiplied by 2.
+ * In case of a CCS 1 is subtracted. This does not only differ CSS and
+ * Finished, it also maintains the order of the index (important for
+ * priority queues) and fits in the unsigned short variable.
+ */
+ return seq * 2 - is_ccs;
+}
+
+int dtls1_retransmit_buffered_messages(SSL *s)
+{
+ pqueue sent = s->d1->sent_messages;
+ piterator iter;
+ pitem *item;
+ hm_fragment *frag;
+ int found = 0;
+
+ iter = pqueue_iterator(sent);
+
+ for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
+ frag = (hm_fragment *)item->data;
+ if (dtls1_retransmit_message(s, (unsigned short)
+ dtls1_get_queue_priority
+ (frag->msg_header.seq,
+ frag->msg_header.is_ccs), 0,
+ &found) <= 0 && found) {
+ fprintf(stderr, "dtls1_retransmit_message() failed\n");
+ return -1;
+ }
+ }
+
+ return 1;
+}
+
+int dtls1_buffer_message(SSL *s, int is_ccs)
+{
+ pitem *item;
+ hm_fragment *frag;
+ PQ_64BIT seq64;
+
+ /*
+ * this function is called immediately after a message has been
+ * serialized
+ */
+ OPENSSL_assert(s->init_off == 0);
+
+ frag = dtls1_hm_fragment_new(s->init_num, 0);
+ if (!frag)
+ return 0;
+
+ memcpy(frag->fragment, s->init_buf->data, s->init_num);
+
+ if (is_ccs) {
+ OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
+ DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num);
+ } else {
+ OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
+ DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
+ }
+
+ frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
+ frag->msg_header.seq = s->d1->w_msg_hdr.seq;
+ frag->msg_header.type = s->d1->w_msg_hdr.type;
+ frag->msg_header.frag_off = 0;
+ frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
+ frag->msg_header.is_ccs = is_ccs;
+
+ /* save current state */
+ frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
+ frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
+ frag->msg_header.saved_retransmit_state.compress = s->compress;
+ frag->msg_header.saved_retransmit_state.session = s->session;
+ frag->msg_header.saved_retransmit_state.epoch = s->d1->w_epoch;
+
+ pq_64bit_init(&seq64);
+
+ pq_64bit_assign_word(&seq64,
+ dtls1_get_queue_priority(frag->msg_header.seq,
+ frag->msg_header.is_ccs));
+
+ item = pitem_new(seq64, frag);
+ pq_64bit_free(&seq64);
+ if (item == NULL) {
+ dtls1_hm_fragment_free(frag);
+ return 0;
+ }
+#if 0
+ fprintf(stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
+ fprintf(stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
+ fprintf(stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
+#endif
+
+ pqueue_insert(s->d1->sent_messages, item);
+ return 1;
+}
+
+int
+dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
+ int *found)
+{
+ int ret;
+ /* XDTLS: for now assuming that read/writes are blocking */
+ pitem *item;
+ hm_fragment *frag;
+ unsigned long header_length;
+ PQ_64BIT seq64;
+ struct dtls1_retransmit_state saved_state;
+ unsigned char save_write_sequence[8];
+
+ /*-
+ OPENSSL_assert(s->init_num == 0);
+ OPENSSL_assert(s->init_off == 0);
+ */
+
+ /* XDTLS: the requested message ought to be found, otherwise error */
+ pq_64bit_init(&seq64);
+ pq_64bit_assign_word(&seq64, seq);
+
+ item = pqueue_find(s->d1->sent_messages, seq64);
+ pq_64bit_free(&seq64);
+ if (item == NULL) {
+ fprintf(stderr, "retransmit: message %d non-existant\n", seq);
+ *found = 0;
+ return 0;
+ }
+
+ *found = 1;
+ frag = (hm_fragment *)item->data;
+
+ if (frag->msg_header.is_ccs)
+ header_length = DTLS1_CCS_HEADER_LENGTH;
+ else
+ header_length = DTLS1_HM_HEADER_LENGTH;
+
+ memcpy(s->init_buf->data, frag->fragment,
+ frag->msg_header.msg_len + header_length);
+ s->init_num = frag->msg_header.msg_len + header_length;
+
+ dtls1_set_message_header_int(s, frag->msg_header.type,
+ frag->msg_header.msg_len,
+ frag->msg_header.seq, 0,
+ frag->msg_header.frag_len);
+
+ /* save current state */
+ saved_state.enc_write_ctx = s->enc_write_ctx;
+ saved_state.write_hash = s->write_hash;
+ saved_state.compress = s->compress;
+ saved_state.session = s->session;
+ saved_state.epoch = s->d1->w_epoch;
+ saved_state.epoch = s->d1->w_epoch;
+
+ s->d1->retransmitting = 1;
+
+ /* restore state in which the message was originally sent */
+ s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
+ s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
+ s->compress = frag->msg_header.saved_retransmit_state.compress;
+ s->session = frag->msg_header.saved_retransmit_state.session;
+ s->d1->w_epoch = frag->msg_header.saved_retransmit_state.epoch;
+
+ if (frag->msg_header.saved_retransmit_state.epoch ==
+ saved_state.epoch - 1) {
+ memcpy(save_write_sequence, s->s3->write_sequence,
+ sizeof(s->s3->write_sequence));
+ memcpy(s->s3->write_sequence, s->d1->last_write_sequence,
+ sizeof(s->s3->write_sequence));
+ }
+
+ ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
+ SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
+
+ /* restore current state */
+ s->enc_write_ctx = saved_state.enc_write_ctx;
+ s->write_hash = saved_state.write_hash;
+ s->compress = saved_state.compress;
+ s->session = saved_state.session;
+ s->d1->w_epoch = saved_state.epoch;
+
+ if (frag->msg_header.saved_retransmit_state.epoch ==
+ saved_state.epoch - 1) {
+ memcpy(s->d1->last_write_sequence, s->s3->write_sequence,
+ sizeof(s->s3->write_sequence));
+ memcpy(s->s3->write_sequence, save_write_sequence,
+ sizeof(s->s3->write_sequence));
+ }
+
+ s->d1->retransmitting = 0;
+
+ (void)BIO_flush(SSL_get_wbio(s));
+ return ret;
+}
+
+/* call this function when the buffered messages are no longer needed */
+void dtls1_clear_record_buffer(SSL *s)
+{
+ pitem *item;
+
+ for (item = pqueue_pop(s->d1->sent_messages);
+ item != NULL; item = pqueue_pop(s->d1->sent_messages)) {
+ dtls1_hm_fragment_free((hm_fragment *)item->data);
+ pitem_free(item);
+ }
+}
+
+unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
+ unsigned char mt, unsigned long len,
+ unsigned long frag_off,
+ unsigned long frag_len)
+{
+ /* Don't change sequence numbers while listening */
+ if (frag_off == 0 && !s->d1->listen) {
+ s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+ s->d1->next_handshake_write_seq++;
+ }
+
+ dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
+ frag_off, frag_len);
+
+ return p += DTLS1_HM_HEADER_LENGTH;
+}
+
+/* don't actually do the writing, wait till the MTU has been retrieved */
+static void
+dtls1_set_message_header_int(SSL *s, unsigned char mt,
+ unsigned long len, unsigned short seq_num,
+ unsigned long frag_off, unsigned long frag_len)
+{
+ struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+ msg_hdr->type = mt;
+ msg_hdr->msg_len = len;
+ msg_hdr->seq = seq_num;
+ msg_hdr->frag_off = frag_off;
+ msg_hdr->frag_len = frag_len;
+}
+
+static void
+dtls1_fix_message_header(SSL *s, unsigned long frag_off,
+ unsigned long frag_len)
+{
+ struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+ msg_hdr->frag_off = frag_off;
+ msg_hdr->frag_len = frag_len;
+}
+
+static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p)
+{
+ struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+ *p++ = msg_hdr->type;
+ l2n3(msg_hdr->msg_len, p);
+
+ s2n(msg_hdr->seq, p);
+ l2n3(msg_hdr->frag_off, p);
+ l2n3(msg_hdr->frag_len, p);
+
+ return p;
+}
+
+unsigned int dtls1_min_mtu(void)
+{
+ return (g_probable_mtu[(sizeof(g_probable_mtu) /
+ sizeof(g_probable_mtu[0])) - 1]);
+}
+
+static unsigned int dtls1_guess_mtu(unsigned int curr_mtu)
+{
+ size_t i;
+
+ if (curr_mtu == 0)
+ return g_probable_mtu[0];
+
+ for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++)
+ if (curr_mtu > g_probable_mtu[i])
+ return g_probable_mtu[i];
+
+ return curr_mtu;
+}
+
+void
+dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
+{
+ memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
+ msg_hdr->type = *(data++);
+ n2l3(data, msg_hdr->msg_len);
+
+ n2s(data, msg_hdr->seq);
+ n2l3(data, msg_hdr->frag_off);
+ n2l3(data, msg_hdr->frag_len);
+}
+
+void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
+{
+ memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
+
+ ccs_hdr->type = *(data++);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/d1_clnt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/d1_clnt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_clnt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1242 +0,0 @@
-/* ssl/d1_clnt.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-static SSL_METHOD *dtls1_get_client_method(int ver);
-static int dtls1_get_hello_verify(SSL *s);
-
-static SSL_METHOD *dtls1_get_client_method(int ver)
- {
- if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
- return(DTLSv1_client_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
- ssl_undefined_function,
- dtls1_connect,
- dtls1_get_client_method)
-
-int dtls1_connect(SSL *s)
- {
- BUF_MEM *buf=NULL;
- unsigned long Time=(unsigned long)time(NULL);
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int ret= -1;
- int new_state,state,skip=0;;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch(s->state)
- {
- case SSL_ST_RENEGOTIATE:
- s->new_session=1;
- s->state=SSL_ST_CONNECT;
- s->ctx->stats.sess_connect_renegotiate++;
- /* break */
- case SSL_ST_BEFORE:
- case SSL_ST_CONNECT:
- case SSL_ST_BEFORE|SSL_ST_CONNECT:
- case SSL_ST_OK|SSL_ST_CONNECT:
-
- s->server=0;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
- (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
- {
- SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
- ret = -1;
- goto end;
- }
-
- /* s->version=SSL3_VERSION; */
- s->type=SSL_ST_CONNECT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- buf=NULL;
- }
-
- if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
- /* setup buffing BIO */
- if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
-
- /* don't push the buffering BIO quite yet */
-
- s->state=SSL3_ST_CW_CLNT_HELLO_A;
- s->ctx->stats.sess_connect++;
- s->init_num=0;
- /* mark client_random uninitialized */
- memset(s->s3->client_random,0,sizeof(s->s3->client_random));
- s->d1->send_cookie = 0;
- s->hit = 0;
- break;
-
- case SSL3_ST_CW_CLNT_HELLO_A:
- case SSL3_ST_CW_CLNT_HELLO_B:
-
- s->shutdown=0;
-
- /* every DTLS ClientHello resets Finished MAC */
- ssl3_init_finished_mac(s);
-
- dtls1_start_timer(s);
- ret=dtls1_client_hello(s);
- if (ret <= 0) goto end;
-
- if ( s->d1->send_cookie)
- {
- s->state=SSL3_ST_CW_FLUSH;
- s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A;
- }
- else
- s->state=SSL3_ST_CR_SRVR_HELLO_A;
-
- s->init_num=0;
-
- /* turn on buffering for the next lot of output */
- if (s->bbio != s->wbio)
- s->wbio=BIO_push(s->bbio,s->wbio);
-
- break;
-
- case SSL3_ST_CR_SRVR_HELLO_A:
- case SSL3_ST_CR_SRVR_HELLO_B:
- ret=ssl3_get_server_hello(s);
- if (ret <= 0) goto end;
- else
- {
- if (s->hit)
- s->state=SSL3_ST_CR_FINISHED_A;
- else
- s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
- }
- s->init_num=0;
- break;
-
- case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
- case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
-
- ret = dtls1_get_hello_verify(s);
- if ( ret <= 0)
- goto end;
- dtls1_stop_timer(s);
- if ( s->d1->send_cookie) /* start again, with a cookie */
- s->state=SSL3_ST_CW_CLNT_HELLO_A;
- else
- s->state = SSL3_ST_CR_CERT_A;
- s->init_num = 0;
- break;
-
- case SSL3_ST_CR_CERT_A:
- case SSL3_ST_CR_CERT_B:
-#ifndef OPENSSL_NO_TLSEXT
- ret=ssl3_check_finished(s);
- if (ret <= 0) goto end;
- if (ret == 2)
- {
- s->hit = 1;
- if (s->tlsext_ticket_expected)
- s->state=SSL3_ST_CR_SESSION_TICKET_A;
- else
- s->state=SSL3_ST_CR_FINISHED_A;
- s->init_num=0;
- break;
- }
-#endif
- /* Check if it is anon DH */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- ret=ssl3_get_server_certificate(s);
- if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
- if (s->tlsext_status_expected)
- s->state=SSL3_ST_CR_CERT_STATUS_A;
- else
- s->state=SSL3_ST_CR_KEY_EXCH_A;
- }
- else
- {
- skip = 1;
- s->state=SSL3_ST_CR_KEY_EXCH_A;
- }
-#else
- }
- else
- skip=1;
-
- s->state=SSL3_ST_CR_KEY_EXCH_A;
-#endif
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_KEY_EXCH_A:
- case SSL3_ST_CR_KEY_EXCH_B:
- ret=ssl3_get_key_exchange(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_CERT_REQ_A;
- s->init_num=0;
-
- /* at this point we check that we have the
- * required stuff from the server */
- if (!ssl3_check_cert_and_algorithm(s))
- {
- ret= -1;
- goto end;
- }
- break;
-
- case SSL3_ST_CR_CERT_REQ_A:
- case SSL3_ST_CR_CERT_REQ_B:
- ret=ssl3_get_certificate_request(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_SRVR_DONE_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_SRVR_DONE_A:
- case SSL3_ST_CR_SRVR_DONE_B:
- ret=ssl3_get_server_done(s);
- if (ret <= 0) goto end;
- dtls1_stop_timer(s);
- if (s->s3->tmp.cert_req)
- s->state=SSL3_ST_CW_CERT_A;
- else
- s->state=SSL3_ST_CW_KEY_EXCH_A;
- s->init_num=0;
-
- break;
-
- case SSL3_ST_CW_CERT_A:
- case SSL3_ST_CW_CERT_B:
- case SSL3_ST_CW_CERT_C:
- case SSL3_ST_CW_CERT_D:
- dtls1_start_timer(s);
- ret=dtls1_send_client_certificate(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_KEY_EXCH_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_KEY_EXCH_A:
- case SSL3_ST_CW_KEY_EXCH_B:
- dtls1_start_timer(s);
- ret=dtls1_send_client_key_exchange(s);
- if (ret <= 0) goto end;
- /* EAY EAY EAY need to check for DH fix cert
- * sent back */
- /* For TLS, cert_req is set to 2, so a cert chain
- * of nothing is sent, but no verify packet is sent */
- if (s->s3->tmp.cert_req == 1)
- {
- s->state=SSL3_ST_CW_CERT_VRFY_A;
- }
- else
- {
- s->state=SSL3_ST_CW_CHANGE_A;
- s->s3->change_cipher_spec=0;
- }
-
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_CERT_VRFY_A:
- case SSL3_ST_CW_CERT_VRFY_B:
- dtls1_start_timer(s);
- ret=dtls1_send_client_verify(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_CHANGE_A;
- s->init_num=0;
- s->s3->change_cipher_spec=0;
- break;
-
- case SSL3_ST_CW_CHANGE_A:
- case SSL3_ST_CW_CHANGE_B:
- if (!s->hit)
- dtls1_start_timer(s);
- ret=dtls1_send_change_cipher_spec(s,
- SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_FINISHED_A;
- s->init_num=0;
-
- s->session->cipher=s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
- s->session->compress_meth=0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- s->session->compress_meth=0;
- else
- s->session->compress_meth=
- s->s3->tmp.new_compression->id;
-#endif
- if (!s->method->ssl3_enc->setup_key_block(s))
- {
- ret= -1;
- goto end;
- }
-
- if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_CLIENT_WRITE))
- {
- ret= -1;
- goto end;
- }
-
- dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
- break;
-
- case SSL3_ST_CW_FINISHED_A:
- case SSL3_ST_CW_FINISHED_B:
- if (!s->hit)
- dtls1_start_timer(s);
- ret=dtls1_send_finished(s,
- SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
- s->method->ssl3_enc->client_finished_label,
- s->method->ssl3_enc->client_finished_label_len);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_FLUSH;
-
- /* clear flags */
- s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
- if (s->hit)
- {
- s->s3->tmp.next_state=SSL_ST_OK;
- if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
- {
- s->state=SSL_ST_OK;
- s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
- s->s3->delay_buf_pop_ret=0;
- }
- }
- else
- {
-#ifndef OPENSSL_NO_TLSEXT
- /* Allow NewSessionTicket if ticket expected */
- if (s->tlsext_ticket_expected)
- s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
- else
-#endif
-
- s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
- }
- s->init_num=0;
-
- break;
-
-#ifndef OPENSSL_NO_TLSEXT
- case SSL3_ST_CR_SESSION_TICKET_A:
- case SSL3_ST_CR_SESSION_TICKET_B:
- ret=ssl3_get_new_session_ticket(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_FINISHED_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_CERT_STATUS_A:
- case SSL3_ST_CR_CERT_STATUS_B:
- ret=ssl3_get_cert_status(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_KEY_EXCH_A;
- s->init_num=0;
- break;
-#endif
-
- case SSL3_ST_CR_FINISHED_A:
- case SSL3_ST_CR_FINISHED_B:
- s->d1->change_cipher_spec_ok = 1;
- ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
- SSL3_ST_CR_FINISHED_B);
- if (ret <= 0) goto end;
- dtls1_stop_timer(s);
-
- if (s->hit)
- s->state=SSL3_ST_CW_CHANGE_A;
- else
- s->state=SSL_ST_OK;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_FLUSH:
- s->rwstate=SSL_WRITING;
- if (BIO_flush(s->wbio) <= 0)
- {
- ret= -1;
- goto end;
- }
- s->rwstate=SSL_NOTHING;
- s->state=s->s3->tmp.next_state;
- break;
-
- case SSL_ST_OK:
- /* clean a few things up */
- ssl3_cleanup_key_block(s);
-
-#if 0
- if (s->init_buf != NULL)
- {
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
- }
-#endif
-
- /* If we are not 'joining' the last two packets,
- * remove the buffering now */
- if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
- ssl_free_wbio_buffer(s);
- /* else do it later in ssl3_write */
-
- s->init_num=0;
- s->new_session=0;
-
- ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
- if (s->hit) s->ctx->stats.sess_hit++;
-
- ret=1;
- /* s->server=0; */
- s->handshake_func=dtls1_connect;
- s->ctx->stats.sess_connect_good++;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
- /* done with handshaking */
- s->d1->handshake_read_seq = 0;
- s->d1->next_handshake_write_seq = 0;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- /* did we do anything */
- if (!s->s3->tmp.reuse_message && !skip)
- {
- if (s->debug)
- {
- if ((ret=BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_CONNECT_LOOP,1);
- s->state=new_state;
- }
- }
- skip=0;
- }
-end:
- s->in_handshake--;
- if (buf != NULL)
- BUF_MEM_free(buf);
- if (cb != NULL)
- cb(s,SSL_CB_CONNECT_EXIT,ret);
- return(ret);
- }
-
-int dtls1_client_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- unsigned int i,j;
- unsigned long Time,l;
- SSL_COMP *comp;
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
- {
- SSL_SESSION *sess = s->session;
- if ((s->session == NULL) ||
- (s->session->ssl_version != s->version) ||
-#ifdef OPENSSL_NO_TLSEXT
- !sess->session_id_length ||
-#else
- (!sess->session_id_length && !sess->tlsext_tick) ||
-#endif
- (s->session->not_resumable))
- {
- if (!ssl_get_new_session(s,0))
- goto err;
- }
- /* else use the pre-loaded session */
-
- p=s->s3->client_random;
- /* if client_random is initialized, reuse it, we are
- * required to use same upon reply to HelloVerify */
- for (i=0;p[i]=='\0' && i<sizeof(s->s3->client_random);i++) ;
- if (i==sizeof(s->s3->client_random))
- {
- Time=(unsigned long)time(NULL); /* Time */
- l2n(Time,p);
- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
- }
-
- /* Do the message type and length last */
- d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
-
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
- s->client_version=s->version;
-
- /* Random stuff */
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* Session ID */
- if (s->new_session)
- i=0;
- else
- i=s->session->session_id_length;
- *(p++)=i;
- if (i != 0)
- {
- if (i > sizeof s->session->session_id)
- {
- SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- memcpy(p,s->session->session_id,i);
- p+=i;
- }
-
- /* cookie stuff */
- if ( s->d1->cookie_len > sizeof(s->d1->cookie))
- {
- SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- *(p++) = s->d1->cookie_len;
- memcpy(p, s->d1->cookie, s->d1->cookie_len);
- p += s->d1->cookie_len;
-
- /* Ciphers supported */
- i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
- if (i == 0)
- {
- SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- goto err;
- }
- s2n(i,p);
- p+=i;
-
- /* COMPRESSION */
- if (s->ctx->comp_methods == NULL)
- j=0;
- else
- j=sk_SSL_COMP_num(s->ctx->comp_methods);
- *(p++)=1+j;
- for (i=0; i<j; i++)
- {
- comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
- *(p++)=comp->id;
- }
- *(p++)=0; /* Add the NULL method */
-
-#ifndef OPENSSL_NO_TLSEXT
- if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
- {
- SSLerr(SSL_F_DTLS1_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
- goto err;
- }
-#endif
-
- l=(p-d);
- d=buf;
-
- d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
-
- s->state=SSL3_ST_CW_CLNT_HELLO_B;
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-static int dtls1_get_hello_verify(SSL *s)
- {
- int n, al, ok = 0;
- unsigned char *data;
- unsigned int cookie_len;
-
- n=s->method->ssl_get_message(s,
- DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
- DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
- -1,
- s->max_cert_list,
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST)
- {
- s->d1->send_cookie = 0;
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- data = (unsigned char *)s->init_msg;
-
- if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff)))
- {
- SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION);
- s->version=(s->version&0xff00)|data[1];
- al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
- data+=2;
-
- cookie_len = *(data++);
- if ( cookie_len > sizeof(s->d1->cookie))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- goto f_err;
- }
-
- memcpy(s->d1->cookie, data, cookie_len);
- s->d1->cookie_len = cookie_len;
-
- s->d1->send_cookie = 1;
- return 1;
-
-f_err:
- ssl3_send_alert(s, SSL3_AL_FATAL, al);
- return -1;
- }
-
-int dtls1_send_client_key_exchange(SSL *s)
- {
- unsigned char *p,*d;
- int n;
- unsigned long l;
-#ifndef OPENSSL_NO_RSA
- unsigned char *q;
- EVP_PKEY *pkey=NULL;
-#endif
-#ifndef OPENSSL_NO_KRB5
- KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
-
- if (s->state == SSL3_ST_CW_KEY_EXCH_A)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[DTLS1_HM_HEADER_LENGTH]);
-
- l=s->s3->tmp.new_cipher->algorithms;
-
- /* Fool emacs indentation */
- if (0) {}
-#ifndef OPENSSL_NO_RSA
- else if (l & SSL_kRSA)
- {
- RSA *rsa;
- unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
- if (s->session->sess_cert == NULL)
- {
- /* We should always have a server certificate with SSL_kRSA. */
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if (s->session->sess_cert->peer_rsa_tmp != NULL)
- rsa=s->session->sess_cert->peer_rsa_tmp;
- else
- {
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
- if ((pkey == NULL) ||
- (pkey->type != EVP_PKEY_RSA) ||
- (pkey->pkey.rsa == NULL))
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- rsa=pkey->pkey.rsa;
- EVP_PKEY_free(pkey);
- }
-
- tmp_buf[0]=s->client_version>>8;
- tmp_buf[1]=s->client_version&0xff;
- if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
- goto err;
-
- s->session->master_key_length=sizeof tmp_buf;
-
- q=p;
- /* Fix buf for TLS and [incidentally] DTLS */
- if (s->version > SSL3_VERSION)
- p+=2;
- n=RSA_public_encrypt(sizeof tmp_buf,
- tmp_buf,p,rsa,RSA_PKCS1_PADDING);
-#ifdef PKCS1_CHECK
- if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
- if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
-#endif
- if (n <= 0)
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
- goto err;
- }
-
- /* Fix buf for TLS and [incidentally] DTLS */
- if (s->version > SSL3_VERSION)
- {
- s2n(n,q);
- n+=2;
- }
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- tmp_buf,sizeof tmp_buf);
- OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
- }
-#endif
-#ifndef OPENSSL_NO_KRB5
- else if (l & SSL_kKRB5)
- {
- krb5_error_code krb5rc;
- KSSL_CTX *kssl_ctx = s->kssl_ctx;
- /* krb5_data krb5_ap_req; */
- krb5_data *enc_ticket;
- krb5_data authenticator, *authp = NULL;
- EVP_CIPHER_CTX ciph_ctx;
- EVP_CIPHER *enc = NULL;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
- unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
- + EVP_MAX_IV_LENGTH];
- int padl, outl = sizeof(epms);
-
- EVP_CIPHER_CTX_init(&ciph_ctx);
-
-#ifdef KSSL_DEBUG
- printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
- l, SSL_kKRB5);
-#endif /* KSSL_DEBUG */
-
- authp = NULL;
-#ifdef KRB5SENDAUTH
- if (KRB5SENDAUTH) authp = &authenticator;
-#endif /* KRB5SENDAUTH */
-
- krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
- &kssl_err);
- enc = kssl_map_enc(kssl_ctx->enctype);
- if (enc == NULL)
- goto err;
-#ifdef KSSL_DEBUG
- {
- printf("kssl_cget_tkt rtn %d\n", krb5rc);
- if (krb5rc && kssl_err.text)
- printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
- }
-#endif /* KSSL_DEBUG */
-
- if (krb5rc)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,
- SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
- kssl_err.reason);
- goto err;
- }
-
- /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
- ** in place of RFC 2712 KerberosWrapper, as in:
- **
- ** Send ticket (copy to *p, set n = length)
- ** n = krb5_ap_req.length;
- ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
- ** if (krb5_ap_req.data)
- ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
- **
- ** Now using real RFC 2712 KerberosWrapper
- ** (Thanks to Simon Wilkinson <sxw at sxw.org.uk>)
- ** Note: 2712 "opaque" types are here replaced
- ** with a 2-byte length followed by the value.
- ** Example:
- ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
- ** Where "xx xx" = length bytes. Shown here with
- ** optional authenticator omitted.
- */
-
- /* KerberosWrapper.Ticket */
- s2n(enc_ticket->length,p);
- memcpy(p, enc_ticket->data, enc_ticket->length);
- p+= enc_ticket->length;
- n = enc_ticket->length + 2;
-
- /* KerberosWrapper.Authenticator */
- if (authp && authp->length)
- {
- s2n(authp->length,p);
- memcpy(p, authp->data, authp->length);
- p+= authp->length;
- n+= authp->length + 2;
-
- free(authp->data);
- authp->data = NULL;
- authp->length = 0;
- }
- else
- {
- s2n(0,p);/* null authenticator length */
- n+=2;
- }
-
- if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
- goto err;
-
- /* 20010420 VRS. Tried it this way; failed.
- ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
- ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
- ** kssl_ctx->length);
- ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
- */
-
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
- EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
- kssl_ctx->key,iv);
- EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
- sizeof tmp_buf);
- EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
- outl += padl;
- if (outl > sizeof epms)
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
- /* KerberosWrapper.EncryptedPreMasterSecret */
- s2n(outl,p);
- memcpy(p, epms, outl);
- p+=outl;
- n+=outl + 2;
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- tmp_buf, sizeof tmp_buf);
-
- OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
- OPENSSL_cleanse(epms, outl);
- }
-#endif
-#ifndef OPENSSL_NO_DH
- else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- DH *dh_srvr,*dh_clnt;
-
- if (s->session->sess_cert == NULL)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
- goto err;
- }
-
- if (s->session->sess_cert->peer_dh_tmp != NULL)
- dh_srvr=s->session->sess_cert->peer_dh_tmp;
- else
- {
- /* we get them from the cert */
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
- goto err;
- }
-
- /* generate a new random key */
- if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- if (!DH_generate_key(dh_clnt))
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- /* use the 'p' output buffer for the DH key, but
- * make sure to clear it out afterwards */
-
- n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
-
- if (n <= 0)
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- /* generate master key from the result */
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,p,n);
- /* clean up */
- memset(p,0,n);
-
- /* send off the data */
- n=BN_num_bytes(dh_clnt->pub_key);
- s2n(n,p);
- BN_bn2bin(dh_clnt->pub_key,p);
- n+=2;
-
- DH_free(dh_clnt);
-
- /* perhaps clean things up a bit EAY EAY EAY EAY*/
- }
-#endif
- else
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- d = dtls1_set_message_header(s, d,
- SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
- /*
- *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
- l2n3(n,d);
- l2n(s->d1->handshake_write_seq,d);
- s->d1->handshake_write_seq++;
- */
-
- s->state=SSL3_ST_CW_KEY_EXCH_B;
- /* number of bytes to write */
- s->init_num=n+DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- /* SSL3_ST_CW_KEY_EXCH_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-int dtls1_send_client_verify(SSL *s)
- {
- unsigned char *p,*d;
- unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- EVP_PKEY *pkey;
-#ifndef OPENSSL_NO_RSA
- unsigned u=0;
-#endif
- unsigned long n;
-#ifndef OPENSSL_NO_DSA
- int j;
-#endif
-
- if (s->state == SSL3_ST_CW_CERT_VRFY_A)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[DTLS1_HM_HEADER_LENGTH]);
- pkey=s->cert->key->privatekey;
-
- s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
- &(data[MD5_DIGEST_LENGTH]));
-
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),&(data[0]));
- if (RSA_sign(NID_md5_sha1, data,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
- &(p[2]), &u, pkey->pkey.rsa) <= 0 )
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
- goto err;
- }
- s2n(u,p);
- n=u+2;
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- if (!DSA_sign(pkey->save_type,
- &(data[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,&(p[2]),
- (unsigned int *)&j,pkey->pkey.dsa))
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
- goto err;
- }
- s2n(j,p);
- n=j+2;
- }
- else
-#endif
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- d = dtls1_set_message_header(s, d,
- SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ;
-
- s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
-
- s->state = SSL3_ST_CW_CERT_VRFY_B;
- }
-
- /* s->state = SSL3_ST_CW_CERT_VRFY_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-int dtls1_send_client_certificate(SSL *s)
- {
- X509 *x509=NULL;
- EVP_PKEY *pkey=NULL;
- int i;
- unsigned long l;
-
- if (s->state == SSL3_ST_CW_CERT_A)
- {
- if ((s->cert == NULL) ||
- (s->cert->key->x509 == NULL) ||
- (s->cert->key->privatekey == NULL))
- s->state=SSL3_ST_CW_CERT_B;
- else
- s->state=SSL3_ST_CW_CERT_C;
- }
-
- /* We need to get a client cert */
- if (s->state == SSL3_ST_CW_CERT_B)
- {
- /* If we get an error, we need to
- * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
- * We then get retied later */
- i=0;
- i = ssl_do_client_cert_cb(s, &x509, &pkey);
- if (i < 0)
- {
- s->rwstate=SSL_X509_LOOKUP;
- return(-1);
- }
- s->rwstate=SSL_NOTHING;
- if ((i == 1) && (pkey != NULL) && (x509 != NULL))
- {
- s->state=SSL3_ST_CW_CERT_B;
- if ( !SSL_use_certificate(s,x509) ||
- !SSL_use_PrivateKey(s,pkey))
- i=0;
- }
- else if (i == 1)
- {
- i=0;
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
- }
-
- if (x509 != NULL) X509_free(x509);
- if (pkey != NULL) EVP_PKEY_free(pkey);
- if (i == 0)
- {
- if (s->version == SSL3_VERSION)
- {
- s->s3->tmp.cert_req=0;
- ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
- return(1);
- }
- else
- {
- s->s3->tmp.cert_req=2;
- }
- }
-
- /* Ok, we have a cert */
- s->state=SSL3_ST_CW_CERT_C;
- }
-
- if (s->state == SSL3_ST_CW_CERT_C)
- {
- s->state=SSL3_ST_CW_CERT_D;
- l=dtls1_output_cert_chain(s,
- (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
- s->init_num=(int)l;
- s->init_off=0;
-
- /* set header called by dtls1_output_cert_chain() */
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
- /* SSL3_ST_CW_CERT_D */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/d1_clnt.c (from rev 6976, vendor-crypto/openssl/dist/ssl/d1_clnt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/d1_clnt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_clnt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1228 @@
+/* ssl/d1_clnt.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+
+static SSL_METHOD *dtls1_get_client_method(int ver);
+static int dtls1_get_hello_verify(SSL *s);
+
+static SSL_METHOD *dtls1_get_client_method(int ver)
+{
+ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
+ return (DTLSv1_client_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
+ ssl_undefined_function,
+ dtls1_connect, dtls1_get_client_method)
+
+int dtls1_connect(SSL *s)
+{
+ BUF_MEM *buf = NULL;
+ unsigned long Time = (unsigned long)time(NULL);
+ void (*cb) (const SSL *ssl, int type, int val) = NULL;
+ int ret = -1;
+ int new_state, state, skip = 0;;
+
+ RAND_add(&Time, sizeof(Time), 0);
+ ERR_clear_error();
+ clear_sys_error();
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s))
+ SSL_clear(s);
+
+ for (;;) {
+ state = s->state;
+
+ switch (s->state) {
+ case SSL_ST_RENEGOTIATE:
+ s->new_session = 1;
+ s->state = SSL_ST_CONNECT;
+ s->ctx->stats.sess_connect_renegotiate++;
+ /* break */
+ case SSL_ST_BEFORE:
+ case SSL_ST_CONNECT:
+ case SSL_ST_BEFORE | SSL_ST_CONNECT:
+ case SSL_ST_OK | SSL_ST_CONNECT:
+
+ s->server = 0;
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+ if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
+ (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) {
+ SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
+ ret = -1;
+ goto end;
+ }
+
+ /* s->version=SSL3_VERSION; */
+ s->type = SSL_ST_CONNECT;
+
+ if (s->init_buf == NULL) {
+ if ((buf = BUF_MEM_new()) == NULL) {
+ ret = -1;
+ goto end;
+ }
+ if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+ ret = -1;
+ goto end;
+ }
+ s->init_buf = buf;
+ buf = NULL;
+ }
+
+ if (!ssl3_setup_buffers(s)) {
+ ret = -1;
+ goto end;
+ }
+
+ /* setup buffing BIO */
+ if (!ssl_init_wbio_buffer(s, 0)) {
+ ret = -1;
+ goto end;
+ }
+
+ /* don't push the buffering BIO quite yet */
+
+ s->state = SSL3_ST_CW_CLNT_HELLO_A;
+ s->ctx->stats.sess_connect++;
+ s->init_num = 0;
+ /* mark client_random uninitialized */
+ memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
+ s->d1->send_cookie = 0;
+ s->hit = 0;
+ break;
+
+ case SSL3_ST_CW_CLNT_HELLO_A:
+ case SSL3_ST_CW_CLNT_HELLO_B:
+
+ s->shutdown = 0;
+
+ /* every DTLS ClientHello resets Finished MAC */
+ ssl3_init_finished_mac(s);
+
+ dtls1_start_timer(s);
+ ret = dtls1_client_hello(s);
+ if (ret <= 0)
+ goto end;
+
+ if (s->d1->send_cookie) {
+ s->state = SSL3_ST_CW_FLUSH;
+ s->s3->tmp.next_state = SSL3_ST_CR_SRVR_HELLO_A;
+ } else
+ s->state = SSL3_ST_CR_SRVR_HELLO_A;
+
+ s->init_num = 0;
+
+ /* turn on buffering for the next lot of output */
+ if (s->bbio != s->wbio)
+ s->wbio = BIO_push(s->bbio, s->wbio);
+
+ break;
+
+ case SSL3_ST_CR_SRVR_HELLO_A:
+ case SSL3_ST_CR_SRVR_HELLO_B:
+ ret = ssl3_get_server_hello(s);
+ if (ret <= 0)
+ goto end;
+ else {
+ if (s->hit)
+ s->state = SSL3_ST_CR_FINISHED_A;
+ else
+ s->state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
+ }
+ s->init_num = 0;
+ break;
+
+ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
+ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
+
+ ret = dtls1_get_hello_verify(s);
+ if (ret <= 0)
+ goto end;
+ dtls1_stop_timer(s);
+ if (s->d1->send_cookie) /* start again, with a cookie */
+ s->state = SSL3_ST_CW_CLNT_HELLO_A;
+ else
+ s->state = SSL3_ST_CR_CERT_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CR_CERT_A:
+ case SSL3_ST_CR_CERT_B:
+#ifndef OPENSSL_NO_TLSEXT
+ ret = ssl3_check_finished(s);
+ if (ret <= 0)
+ goto end;
+ if (ret == 2) {
+ s->hit = 1;
+ if (s->tlsext_ticket_expected)
+ s->state = SSL3_ST_CR_SESSION_TICKET_A;
+ else
+ s->state = SSL3_ST_CR_FINISHED_A;
+ s->init_num = 0;
+ break;
+ }
+#endif
+ /* Check if it is anon DH */
+ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) {
+ ret = ssl3_get_server_certificate(s);
+ if (ret <= 0)
+ goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->tlsext_status_expected)
+ s->state = SSL3_ST_CR_CERT_STATUS_A;
+ else
+ s->state = SSL3_ST_CR_KEY_EXCH_A;
+ } else {
+ skip = 1;
+ s->state = SSL3_ST_CR_KEY_EXCH_A;
+ }
+#else
+ } else
+ skip = 1;
+
+ s->state = SSL3_ST_CR_KEY_EXCH_A;
+#endif
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CR_KEY_EXCH_A:
+ case SSL3_ST_CR_KEY_EXCH_B:
+ ret = ssl3_get_key_exchange(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CR_CERT_REQ_A;
+ s->init_num = 0;
+
+ /*
+ * at this point we check that we have the required stuff from
+ * the server
+ */
+ if (!ssl3_check_cert_and_algorithm(s)) {
+ ret = -1;
+ goto end;
+ }
+ break;
+
+ case SSL3_ST_CR_CERT_REQ_A:
+ case SSL3_ST_CR_CERT_REQ_B:
+ ret = ssl3_get_certificate_request(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CR_SRVR_DONE_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CR_SRVR_DONE_A:
+ case SSL3_ST_CR_SRVR_DONE_B:
+ ret = ssl3_get_server_done(s);
+ if (ret <= 0)
+ goto end;
+ dtls1_stop_timer(s);
+ if (s->s3->tmp.cert_req)
+ s->state = SSL3_ST_CW_CERT_A;
+ else
+ s->state = SSL3_ST_CW_KEY_EXCH_A;
+ s->init_num = 0;
+
+ break;
+
+ case SSL3_ST_CW_CERT_A:
+ case SSL3_ST_CW_CERT_B:
+ case SSL3_ST_CW_CERT_C:
+ case SSL3_ST_CW_CERT_D:
+ dtls1_start_timer(s);
+ ret = dtls1_send_client_certificate(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CW_KEY_EXCH_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CW_KEY_EXCH_A:
+ case SSL3_ST_CW_KEY_EXCH_B:
+ dtls1_start_timer(s);
+ ret = dtls1_send_client_key_exchange(s);
+ if (ret <= 0)
+ goto end;
+ /*
+ * EAY EAY EAY need to check for DH fix cert sent back
+ */
+ /*
+ * For TLS, cert_req is set to 2, so a cert chain of nothing is
+ * sent, but no verify packet is sent
+ */
+ if (s->s3->tmp.cert_req == 1) {
+ s->state = SSL3_ST_CW_CERT_VRFY_A;
+ } else {
+ s->state = SSL3_ST_CW_CHANGE_A;
+ s->s3->change_cipher_spec = 0;
+ }
+
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CW_CERT_VRFY_A:
+ case SSL3_ST_CW_CERT_VRFY_B:
+ dtls1_start_timer(s);
+ ret = dtls1_send_client_verify(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CW_CHANGE_A;
+ s->init_num = 0;
+ s->s3->change_cipher_spec = 0;
+ break;
+
+ case SSL3_ST_CW_CHANGE_A:
+ case SSL3_ST_CW_CHANGE_B:
+ if (!s->hit)
+ dtls1_start_timer(s);
+ ret = dtls1_send_change_cipher_spec(s,
+ SSL3_ST_CW_CHANGE_A,
+ SSL3_ST_CW_CHANGE_B);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CW_FINISHED_A;
+ s->init_num = 0;
+
+ s->session->cipher = s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+ s->session->compress_meth = 0;
+#else
+ if (s->s3->tmp.new_compression == NULL)
+ s->session->compress_meth = 0;
+ else
+ s->session->compress_meth = s->s3->tmp.new_compression->id;
+#endif
+ if (!s->method->ssl3_enc->setup_key_block(s)) {
+ ret = -1;
+ goto end;
+ }
+
+ if (!s->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CHANGE_CIPHER_CLIENT_WRITE))
+ {
+ ret = -1;
+ goto end;
+ }
+
+ dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+ break;
+
+ case SSL3_ST_CW_FINISHED_A:
+ case SSL3_ST_CW_FINISHED_B:
+ if (!s->hit)
+ dtls1_start_timer(s);
+ ret = dtls1_send_finished(s,
+ SSL3_ST_CW_FINISHED_A,
+ SSL3_ST_CW_FINISHED_B,
+ s->method->
+ ssl3_enc->client_finished_label,
+ s->method->
+ ssl3_enc->client_finished_label_len);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CW_FLUSH;
+
+ /* clear flags */
+ s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
+ if (s->hit) {
+ s->s3->tmp.next_state = SSL_ST_OK;
+ if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
+ s->state = SSL_ST_OK;
+ s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
+ s->s3->delay_buf_pop_ret = 0;
+ }
+ } else {
+#ifndef OPENSSL_NO_TLSEXT
+ /*
+ * Allow NewSessionTicket if ticket expected
+ */
+ if (s->tlsext_ticket_expected)
+ s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
+ else
+#endif
+
+ s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
+ }
+ s->init_num = 0;
+
+ break;
+
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL3_ST_CR_SESSION_TICKET_A:
+ case SSL3_ST_CR_SESSION_TICKET_B:
+ ret = ssl3_get_new_session_ticket(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CR_FINISHED_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CR_CERT_STATUS_A:
+ case SSL3_ST_CR_CERT_STATUS_B:
+ ret = ssl3_get_cert_status(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CR_KEY_EXCH_A;
+ s->init_num = 0;
+ break;
+#endif
+
+ case SSL3_ST_CR_FINISHED_A:
+ case SSL3_ST_CR_FINISHED_B:
+ s->d1->change_cipher_spec_ok = 1;
+ ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
+ SSL3_ST_CR_FINISHED_B);
+ if (ret <= 0)
+ goto end;
+ dtls1_stop_timer(s);
+
+ if (s->hit)
+ s->state = SSL3_ST_CW_CHANGE_A;
+ else
+ s->state = SSL_ST_OK;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CW_FLUSH:
+ s->rwstate = SSL_WRITING;
+ if (BIO_flush(s->wbio) <= 0) {
+ ret = -1;
+ goto end;
+ }
+ s->rwstate = SSL_NOTHING;
+ s->state = s->s3->tmp.next_state;
+ break;
+
+ case SSL_ST_OK:
+ /* clean a few things up */
+ ssl3_cleanup_key_block(s);
+
+#if 0
+ if (s->init_buf != NULL) {
+ BUF_MEM_free(s->init_buf);
+ s->init_buf = NULL;
+ }
+#endif
+
+ /*
+ * If we are not 'joining' the last two packets, remove the
+ * buffering now
+ */
+ if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+ ssl_free_wbio_buffer(s);
+ /* else do it later in ssl3_write */
+
+ s->init_num = 0;
+ s->new_session = 0;
+
+ ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+ if (s->hit)
+ s->ctx->stats.sess_hit++;
+
+ ret = 1;
+ /* s->server=0; */
+ s->handshake_func = dtls1_connect;
+ s->ctx->stats.sess_connect_good++;
+
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+
+ /* done with handshaking */
+ s->d1->handshake_read_seq = 0;
+ s->d1->next_handshake_write_seq = 0;
+ goto end;
+ /* break; */
+
+ default:
+ SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE);
+ ret = -1;
+ goto end;
+ /* break; */
+ }
+
+ /* did we do anything */
+ if (!s->s3->tmp.reuse_message && !skip) {
+ if (s->debug) {
+ if ((ret = BIO_flush(s->wbio)) <= 0)
+ goto end;
+ }
+
+ if ((cb != NULL) && (s->state != state)) {
+ new_state = s->state;
+ s->state = state;
+ cb(s, SSL_CB_CONNECT_LOOP, 1);
+ s->state = new_state;
+ }
+ }
+ skip = 0;
+ }
+ end:
+ s->in_handshake--;
+ if (buf != NULL)
+ BUF_MEM_free(buf);
+ if (cb != NULL)
+ cb(s, SSL_CB_CONNECT_EXIT, ret);
+ return (ret);
+}
+
+int dtls1_client_hello(SSL *s)
+{
+ unsigned char *buf;
+ unsigned char *p, *d;
+ unsigned int i, j;
+ unsigned long Time, l;
+ SSL_COMP *comp;
+
+ buf = (unsigned char *)s->init_buf->data;
+ if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
+ SSL_SESSION *sess = s->session;
+ if ((s->session == NULL) || (s->session->ssl_version != s->version) ||
+#ifdef OPENSSL_NO_TLSEXT
+ !sess->session_id_length ||
+#else
+ (!sess->session_id_length && !sess->tlsext_tick) ||
+#endif
+ (s->session->not_resumable)) {
+ if (!ssl_get_new_session(s, 0))
+ goto err;
+ }
+ /* else use the pre-loaded session */
+
+ p = s->s3->client_random;
+ /*
+ * if client_random is initialized, reuse it, we are required to use
+ * same upon reply to HelloVerify
+ */
+ for (i = 0; p[i] == '\0' && i < sizeof(s->s3->client_random); i++) ;
+ if (i == sizeof(s->s3->client_random)) {
+ Time = (unsigned long)time(NULL); /* Time */
+ l2n(Time, p);
+ RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE - 4);
+ }
+
+ /* Do the message type and length last */
+ d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
+
+ *(p++) = s->version >> 8;
+ *(p++) = s->version & 0xff;
+ s->client_version = s->version;
+
+ /* Random stuff */
+ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+
+ /* Session ID */
+ if (s->new_session)
+ i = 0;
+ else
+ i = s->session->session_id_length;
+ *(p++) = i;
+ if (i != 0) {
+ if (i > sizeof s->session->session_id) {
+ SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ memcpy(p, s->session->session_id, i);
+ p += i;
+ }
+
+ /* cookie stuff */
+ if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
+ SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ *(p++) = s->d1->cookie_len;
+ memcpy(p, s->d1->cookie, s->d1->cookie_len);
+ p += s->d1->cookie_len;
+
+ /* Ciphers supported */
+ i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+ if (i == 0) {
+ SSLerr(SSL_F_DTLS1_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
+ goto err;
+ }
+ s2n(i, p);
+ p += i;
+
+ /* COMPRESSION */
+ if (s->ctx->comp_methods == NULL)
+ j = 0;
+ else
+ j = sk_SSL_COMP_num(s->ctx->comp_methods);
+ *(p++) = 1 + j;
+ for (i = 0; i < j; i++) {
+ comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
+ *(p++) = comp->id;
+ }
+ *(p++) = 0; /* Add the NULL method */
+
+#ifndef OPENSSL_NO_TLSEXT
+ if ((p =
+ ssl_add_clienthello_tlsext(s, p,
+ buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
+ NULL) {
+ SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+#endif
+
+ l = (p - d);
+ d = buf;
+
+ d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
+
+ s->state = SSL3_ST_CW_CLNT_HELLO_B;
+ /* number of bytes to write */
+ s->init_num = p - buf;
+ s->init_off = 0;
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 0);
+ }
+
+ /* SSL3_ST_CW_CLNT_HELLO_B */
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+ return (-1);
+}
+
+static int dtls1_get_hello_verify(SSL *s)
+{
+ int n, al, ok = 0;
+ unsigned char *data;
+ unsigned int cookie_len;
+
+ n = s->method->ssl_get_message(s,
+ DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
+ DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
+ -1, s->max_cert_list, &ok);
+
+ if (!ok)
+ return ((int)n);
+
+ if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
+ s->d1->send_cookie = 0;
+ s->s3->tmp.reuse_message = 1;
+ return (1);
+ }
+
+ data = (unsigned char *)s->init_msg;
+
+ if ((data[0] != (s->version >> 8)) || (data[1] != (s->version & 0xff))) {
+ SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY, SSL_R_WRONG_SSL_VERSION);
+ s->version = (s->version & 0xff00) | data[1];
+ al = SSL_AD_PROTOCOL_VERSION;
+ goto f_err;
+ }
+ data += 2;
+
+ cookie_len = *(data++);
+ if (cookie_len > sizeof(s->d1->cookie)) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ goto f_err;
+ }
+
+ memcpy(s->d1->cookie, data, cookie_len);
+ s->d1->cookie_len = cookie_len;
+
+ s->d1->send_cookie = 1;
+ return 1;
+
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ return -1;
+}
+
+int dtls1_send_client_key_exchange(SSL *s)
+{
+ unsigned char *p, *d;
+ int n;
+ unsigned long l;
+#ifndef OPENSSL_NO_RSA
+ unsigned char *q;
+ EVP_PKEY *pkey = NULL;
+#endif
+#ifndef OPENSSL_NO_KRB5
+ KSSL_ERR kssl_err;
+#endif /* OPENSSL_NO_KRB5 */
+
+ if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
+ d = (unsigned char *)s->init_buf->data;
+ p = &(d[DTLS1_HM_HEADER_LENGTH]);
+
+ l = s->s3->tmp.new_cipher->algorithms;
+
+ /* Fool emacs indentation */
+ if (0) {
+ }
+#ifndef OPENSSL_NO_RSA
+ else if (l & SSL_kRSA) {
+ RSA *rsa;
+ unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+
+ if (s->session->sess_cert == NULL) {
+ /*
+ * We should always have a server certificate with SSL_kRSA.
+ */
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (s->session->sess_cert->peer_rsa_tmp != NULL)
+ rsa = s->session->sess_cert->peer_rsa_tmp;
+ else {
+ pkey =
+ X509_get_pubkey(s->session->
+ sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].
+ x509);
+ if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA)
+ || (pkey->pkey.rsa == NULL)) {
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ rsa = pkey->pkey.rsa;
+ EVP_PKEY_free(pkey);
+ }
+
+ tmp_buf[0] = s->client_version >> 8;
+ tmp_buf[1] = s->client_version & 0xff;
+ if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
+ goto err;
+
+ s->session->master_key_length = sizeof tmp_buf;
+
+ q = p;
+ /* Fix buf for TLS and [incidentally] DTLS */
+ if (s->version > SSL3_VERSION)
+ p += 2;
+ n = RSA_public_encrypt(sizeof tmp_buf,
+ tmp_buf, p, rsa, RSA_PKCS1_PADDING);
+# ifdef PKCS1_CHECK
+ if (s->options & SSL_OP_PKCS1_CHECK_1)
+ p[1]++;
+ if (s->options & SSL_OP_PKCS1_CHECK_2)
+ tmp_buf[0] = 0x70;
+# endif
+ if (n <= 0) {
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+ SSL_R_BAD_RSA_ENCRYPT);
+ goto err;
+ }
+
+ /* Fix buf for TLS and [incidentally] DTLS */
+ if (s->version > SSL3_VERSION) {
+ s2n(n, q);
+ n += 2;
+ }
+
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ tmp_buf,
+ sizeof tmp_buf);
+ OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+ }
+#endif
+#ifndef OPENSSL_NO_KRB5
+ else if (l & SSL_kKRB5) {
+ krb5_error_code krb5rc;
+ KSSL_CTX *kssl_ctx = s->kssl_ctx;
+ /* krb5_data krb5_ap_req; */
+ krb5_data *enc_ticket;
+ krb5_data authenticator, *authp = NULL;
+ EVP_CIPHER_CTX ciph_ctx;
+ EVP_CIPHER *enc = NULL;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+ unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH];
+ int padl, outl = sizeof(epms);
+
+ EVP_CIPHER_CTX_init(&ciph_ctx);
+
+# ifdef KSSL_DEBUG
+ printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
+ l, SSL_kKRB5);
+# endif /* KSSL_DEBUG */
+
+ authp = NULL;
+# ifdef KRB5SENDAUTH
+ if (KRB5SENDAUTH)
+ authp = &authenticator;
+# endif /* KRB5SENDAUTH */
+
+ krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err);
+ enc = kssl_map_enc(kssl_ctx->enctype);
+ if (enc == NULL)
+ goto err;
+# ifdef KSSL_DEBUG
+ {
+ printf("kssl_cget_tkt rtn %d\n", krb5rc);
+ if (krb5rc && kssl_err.text)
+ printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
+ }
+# endif /* KSSL_DEBUG */
+
+ if (krb5rc) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason);
+ goto err;
+ }
+
+ /*-
+ * 20010406 VRS - Earlier versions used KRB5 AP_REQ
+ ** in place of RFC 2712 KerberosWrapper, as in:
+ **
+ ** Send ticket (copy to *p, set n = length)
+ ** n = krb5_ap_req.length;
+ ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
+ ** if (krb5_ap_req.data)
+ ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
+ **
+ ** Now using real RFC 2712 KerberosWrapper
+ ** (Thanks to Simon Wilkinson <sxw at sxw.org.uk>)
+ ** Note: 2712 "opaque" types are here replaced
+ ** with a 2-byte length followed by the value.
+ ** Example:
+ ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
+ ** Where "xx xx" = length bytes. Shown here with
+ ** optional authenticator omitted.
+ */
+
+ /* KerberosWrapper.Ticket */
+ s2n(enc_ticket->length, p);
+ memcpy(p, enc_ticket->data, enc_ticket->length);
+ p += enc_ticket->length;
+ n = enc_ticket->length + 2;
+
+ /* KerberosWrapper.Authenticator */
+ if (authp && authp->length) {
+ s2n(authp->length, p);
+ memcpy(p, authp->data, authp->length);
+ p += authp->length;
+ n += authp->length + 2;
+
+ free(authp->data);
+ authp->data = NULL;
+ authp->length = 0;
+ } else {
+ s2n(0, p); /* null authenticator length */
+ n += 2;
+ }
+
+ if (RAND_bytes(tmp_buf, sizeof tmp_buf) <= 0)
+ goto err;
+
+ /*-
+ * 20010420 VRS. Tried it this way; failed.
+ * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+ * EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+ * kssl_ctx->length);
+ * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+ */
+
+ memset(iv, 0, sizeof iv); /* per RFC 1510 */
+ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
+ EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
+ sizeof tmp_buf);
+ EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
+ outl += padl;
+ if (outl > sizeof epms) {
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+ /* KerberosWrapper.EncryptedPreMasterSecret */
+ s2n(outl, p);
+ memcpy(p, epms, outl);
+ p += outl;
+ n += outl + 2;
+
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ tmp_buf,
+ sizeof tmp_buf);
+
+ OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+ OPENSSL_cleanse(epms, outl);
+ }
+#endif
+#ifndef OPENSSL_NO_DH
+ else if (l & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
+ DH *dh_srvr, *dh_clnt;
+
+ if (s->session->sess_cert == NULL) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+ SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
+ if (s->session->sess_cert->peer_dh_tmp != NULL)
+ dh_srvr = s->session->sess_cert->peer_dh_tmp;
+ else {
+ /* we get them from the cert */
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+ SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
+ goto err;
+ }
+
+ /* generate a new random key */
+ if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+ goto err;
+ }
+ if (!DH_generate_key(dh_clnt)) {
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+ goto err;
+ }
+
+ /*
+ * use the 'p' output buffer for the DH key, but make sure to
+ * clear it out afterwards
+ */
+
+ n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
+
+ if (n <= 0) {
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+ goto err;
+ }
+
+ /* generate master key from the result */
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ p, n);
+ /* clean up */
+ memset(p, 0, n);
+
+ /* send off the data */
+ n = BN_num_bytes(dh_clnt->pub_key);
+ s2n(n, p);
+ BN_bn2bin(dh_clnt->pub_key, p);
+ n += 2;
+
+ DH_free(dh_clnt);
+
+ /* perhaps clean things up a bit EAY EAY EAY EAY */
+ }
+#endif
+ else {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ d = dtls1_set_message_header(s, d,
+ SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
+ /*-
+ *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
+ l2n3(n,d);
+ l2n(s->d1->handshake_write_seq,d);
+ s->d1->handshake_write_seq++;
+ */
+
+ s->state = SSL3_ST_CW_KEY_EXCH_B;
+ /* number of bytes to write */
+ s->init_num = n + DTLS1_HM_HEADER_LENGTH;
+ s->init_off = 0;
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 0);
+ }
+
+ /* SSL3_ST_CW_KEY_EXCH_B */
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+ return (-1);
+}
+
+int dtls1_send_client_verify(SSL *s)
+{
+ unsigned char *p, *d;
+ unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
+ EVP_PKEY *pkey;
+#ifndef OPENSSL_NO_RSA
+ unsigned u = 0;
+#endif
+ unsigned long n;
+#ifndef OPENSSL_NO_DSA
+ int j;
+#endif
+
+ if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
+ d = (unsigned char *)s->init_buf->data;
+ p = &(d[DTLS1_HM_HEADER_LENGTH]);
+ pkey = s->cert->key->privatekey;
+
+ s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst2),
+ &(data[MD5_DIGEST_LENGTH]));
+
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA) {
+ s->method->ssl3_enc->cert_verify_mac(s,
+ &(s->s3->finish_dgst1),
+ &(data[0]));
+ if (RSA_sign
+ (NID_md5_sha1, data, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+ &(p[2]), &u, pkey->pkey.rsa) <= 0) {
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
+ goto err;
+ }
+ s2n(u, p);
+ n = u + 2;
+ } else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA) {
+ if (!DSA_sign(pkey->save_type,
+ &(data[MD5_DIGEST_LENGTH]),
+ SHA_DIGEST_LENGTH, &(p[2]),
+ (unsigned int *)&j, pkey->pkey.dsa)) {
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
+ goto err;
+ }
+ s2n(j, p);
+ n = j + 2;
+ } else
+#endif
+ {
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ d = dtls1_set_message_header(s, d,
+ SSL3_MT_CERTIFICATE_VERIFY, n, 0, n);
+
+ s->init_num = (int)n + DTLS1_HM_HEADER_LENGTH;
+ s->init_off = 0;
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 0);
+
+ s->state = SSL3_ST_CW_CERT_VRFY_B;
+ }
+
+ /* s->state = SSL3_ST_CW_CERT_VRFY_B */
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+ return (-1);
+}
+
+int dtls1_send_client_certificate(SSL *s)
+{
+ X509 *x509 = NULL;
+ EVP_PKEY *pkey = NULL;
+ int i;
+ unsigned long l;
+
+ if (s->state == SSL3_ST_CW_CERT_A) {
+ if ((s->cert == NULL) ||
+ (s->cert->key->x509 == NULL) ||
+ (s->cert->key->privatekey == NULL))
+ s->state = SSL3_ST_CW_CERT_B;
+ else
+ s->state = SSL3_ST_CW_CERT_C;
+ }
+
+ /* We need to get a client cert */
+ if (s->state == SSL3_ST_CW_CERT_B) {
+ /*
+ * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
+ * return(-1); We then get retied later
+ */
+ i = 0;
+ i = ssl_do_client_cert_cb(s, &x509, &pkey);
+ if (i < 0) {
+ s->rwstate = SSL_X509_LOOKUP;
+ return (-1);
+ }
+ s->rwstate = SSL_NOTHING;
+ if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
+ s->state = SSL3_ST_CW_CERT_B;
+ if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))
+ i = 0;
+ } else if (i == 1) {
+ i = 0;
+ SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,
+ SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+ }
+
+ if (x509 != NULL)
+ X509_free(x509);
+ if (pkey != NULL)
+ EVP_PKEY_free(pkey);
+ if (i == 0) {
+ if (s->version == SSL3_VERSION) {
+ s->s3->tmp.cert_req = 0;
+ ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
+ return (1);
+ } else {
+ s->s3->tmp.cert_req = 2;
+ }
+ }
+
+ /* Ok, we have a cert */
+ s->state = SSL3_ST_CW_CERT_C;
+ }
+
+ if (s->state == SSL3_ST_CW_CERT_C) {
+ s->state = SSL3_ST_CW_CERT_D;
+ l = dtls1_output_cert_chain(s,
+ (s->s3->tmp.cert_req ==
+ 2) ? NULL : s->cert->key->x509);
+ s->init_num = (int)l;
+ s->init_off = 0;
+
+ /* set header called by dtls1_output_cert_chain() */
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 0);
+ }
+ /* SSL3_ST_CW_CERT_D */
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/d1_enc.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/d1_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,261 +0,0 @@
-/* ssl/d1_enc.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
-#ifdef KSSL_DEBUG
-#include <openssl/des.h>
-#endif
-
-/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
- *
- * Returns:
- * 0: (in non-constant time) if the record is publically invalid (i.e. too
- * short etc).
- * 1: if the record's padding is valid / the encryption was successful.
- * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- * an internal error occured. */
-int dtls1_enc(SSL *s, int send)
- {
- SSL3_RECORD *rec;
- EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs,i,j,k,mac_size=0;
- const EVP_CIPHER *enc;
-
- if (send)
- {
- if (s->write_hash)
- {
- mac_size=EVP_MD_size(s->write_hash);
- if (mac_size < 0)
- return -1;
- }
- ds=s->enc_write_ctx;
- rec= &(s->s3->wrec);
- if (s->enc_write_ctx == NULL)
- enc=NULL;
- else
- {
- enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
- if ( rec->data != rec->input)
- /* we can't write into the input stream */
- fprintf(stderr, "%s:%d: rec->data != rec->input\n",
- __FILE__, __LINE__);
- else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
- {
- if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)) <= 0)
- return -1;
- }
- }
- }
- else
- {
- if (s->read_hash)
- {
- mac_size=EVP_MD_size(s->read_hash);
- OPENSSL_assert(mac_size >= 0);
- }
- ds=s->enc_read_ctx;
- rec= &(s->s3->rrec);
- if (s->enc_read_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
- }
-
-#ifdef KSSL_DEBUG
- printf("dtls1_enc(%d)\n", send);
-#endif /* KSSL_DEBUG */
-
- if ((s->session == NULL) || (ds == NULL) ||
- (enc == NULL))
- {
- memmove(rec->data,rec->input,rec->length);
- rec->input=rec->data;
- }
- else
- {
- l=rec->length;
- bs=EVP_CIPHER_block_size(ds->cipher);
-
- if ((bs != 1) && send)
- {
- i=bs-((int)l%bs);
-
- /* Add weird padding of upto 256 bytes */
-
- /* we need to add 'i' padding bytes of value j */
- j=i-1;
- if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
- {
- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
- j++;
- }
- for (k=(int)l; k<(int)(l+i); k++)
- rec->input[k]=j;
- l+=i;
- rec->length+=i;
- }
-
-#ifdef KSSL_DEBUG
- {
- unsigned long ui;
- printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
- (void *)ds,rec->data,rec->input,l);
- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
- ds->buf_len, ds->cipher->key_len,
- (unsigned long)DES_KEY_SZ,
- (unsigned long)DES_SCHEDULE_SZ,
- ds->cipher->iv_len);
- printf("\t\tIV: ");
- for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
- printf("\n");
- printf("\trec->input=");
- for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- if (!send)
- {
- if (l == 0 || l%bs != 0)
- return 0;
- }
-
- EVP_Cipher(ds,rec->data,rec->input,l);
-
-#ifdef KSSL_DEBUG
- {
- unsigned long ki;
- printf("\trec->data=");
- for (ki=0; ki<l; ki++)
- printf(" %02x", rec->data[ki]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- if ((bs != 1) && !send)
- return tls1_cbc_remove_padding(s, rec, bs, mac_size);
- }
- return(1);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/d1_enc.c (from rev 6976, vendor-crypto/openssl/dist/ssl/d1_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/d1_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,250 @@
+/* ssl/d1_enc.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/md5.h>
+#include <openssl/rand.h>
+#ifdef KSSL_DEBUG
+# include <openssl/des.h>
+#endif
+
+/*-
+ * dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ * 0: (in non-constant time) if the record is publically invalid (i.e. too
+ * short etc).
+ * 1: if the record's padding is valid / the encryption was successful.
+ * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ * an internal error occured.
+ */
+int dtls1_enc(SSL *s, int send)
+{
+ SSL3_RECORD *rec;
+ EVP_CIPHER_CTX *ds;
+ unsigned long l;
+ int bs, i, j, k, mac_size = 0;
+ const EVP_CIPHER *enc;
+
+ if (send) {
+ if (s->write_hash) {
+ mac_size = EVP_MD_size(s->write_hash);
+ if (mac_size < 0)
+ return -1;
+ }
+ ds = s->enc_write_ctx;
+ rec = &(s->s3->wrec);
+ if (s->enc_write_ctx == NULL)
+ enc = NULL;
+ else {
+ enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+ if (rec->data != rec->input)
+ /* we can't write into the input stream */
+ fprintf(stderr, "%s:%d: rec->data != rec->input\n",
+ __FILE__, __LINE__);
+ else if (EVP_CIPHER_block_size(ds->cipher) > 1) {
+ if (RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher))
+ <= 0)
+ return -1;
+ }
+ }
+ } else {
+ if (s->read_hash) {
+ mac_size = EVP_MD_size(s->read_hash);
+ OPENSSL_assert(mac_size >= 0);
+ }
+ ds = s->enc_read_ctx;
+ rec = &(s->s3->rrec);
+ if (s->enc_read_ctx == NULL)
+ enc = NULL;
+ else
+ enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+ }
+
+#ifdef KSSL_DEBUG
+ printf("dtls1_enc(%d)\n", send);
+#endif /* KSSL_DEBUG */
+
+ if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
+ memmove(rec->data, rec->input, rec->length);
+ rec->input = rec->data;
+ } else {
+ l = rec->length;
+ bs = EVP_CIPHER_block_size(ds->cipher);
+
+ if ((bs != 1) && send) {
+ i = bs - ((int)l % bs);
+
+ /* Add weird padding of upto 256 bytes */
+
+ /* we need to add 'i' padding bytes of value j */
+ j = i - 1;
+ if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) {
+ if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+ j++;
+ }
+ for (k = (int)l; k < (int)(l + i); k++)
+ rec->input[k] = j;
+ l += i;
+ rec->length += i;
+ }
+#ifdef KSSL_DEBUG
+ {
+ unsigned long ui;
+ printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+ (void *)ds, rec->data, rec->input, l);
+ printf
+ ("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%ld %ld], %d iv_len\n",
+ ds->buf_len, ds->cipher->key_len, (unsigned long)DES_KEY_SZ,
+ (unsigned long)DES_SCHEDULE_SZ, ds->cipher->iv_len);
+ printf("\t\tIV: ");
+ for (i = 0; i < ds->cipher->iv_len; i++)
+ printf("%02X", ds->iv[i]);
+ printf("\n");
+ printf("\trec->input=");
+ for (ui = 0; ui < l; ui++)
+ printf(" %02x", rec->input[ui]);
+ printf("\n");
+ }
+#endif /* KSSL_DEBUG */
+
+ if (!send) {
+ if (l == 0 || l % bs != 0)
+ return 0;
+ }
+
+ EVP_Cipher(ds, rec->data, rec->input, l);
+
+#ifdef KSSL_DEBUG
+ {
+ unsigned long ki;
+ printf("\trec->data=");
+ for (ki = 0; ki < l; ki++)
+ printf(" %02x", rec->data[ki]);
+ printf("\n");
+ }
+#endif /* KSSL_DEBUG */
+
+ if ((bs != 1) && !send)
+ return tls1_cbc_remove_padding(s, rec, bs, mac_size);
+ }
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/d1_lib.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/d1_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,518 +0,0 @@
-/* ssl/d1_lib.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#define USE_SOCKETS
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
-#include <sys/timeb.h>
-#endif
-
-static void get_current_time(struct timeval *t);
-const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
-int dtls1_listen(SSL *s, struct sockaddr *client);
-
-SSL3_ENC_METHOD DTLSv1_enc_data={
- dtls1_enc,
- tls1_mac,
- tls1_setup_key_block,
- tls1_generate_master_secret,
- tls1_change_cipher_state,
- tls1_final_finish_mac,
- TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
- TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
- TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
- tls1_alert_code,
- };
-
-long dtls1_default_timeout(void)
- {
- /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
- * is way too long for http, the cache would over fill */
- return(60*60*2);
- }
-
-IMPLEMENT_dtls1_meth_func(dtlsv1_base_method,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl_bad_method)
-
-int dtls1_new(SSL *s)
- {
- DTLS1_STATE *d1;
-
- if (!ssl3_new(s)) return(0);
- if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
- memset(d1,0, sizeof *d1);
-
- /* d1->handshake_epoch=0; */
-#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
- d1->bitmap.length=64;
-#else
- d1->bitmap.length=sizeof(d1->bitmap.map) * 8;
-#endif
- pq_64bit_init(&(d1->bitmap.map));
- pq_64bit_init(&(d1->bitmap.max_seq_num));
-
- d1->next_bitmap.length = d1->bitmap.length;
- pq_64bit_init(&(d1->next_bitmap.map));
- pq_64bit_init(&(d1->next_bitmap.max_seq_num));
-
- d1->unprocessed_rcds.q=pqueue_new();
- d1->processed_rcds.q=pqueue_new();
- d1->buffered_messages = pqueue_new();
- d1->sent_messages=pqueue_new();
- d1->buffered_app_data.q=pqueue_new();
-
- if ( s->server)
- {
- d1->cookie_len = sizeof(s->d1->cookie);
- }
-
- if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
- || ! d1->buffered_messages || ! d1->sent_messages || ! d1->buffered_app_data.q)
- {
- if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
- if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
- if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
- if ( d1->sent_messages) pqueue_free(d1->sent_messages);
- if ( d1->buffered_app_data.q) pqueue_free(d1->buffered_app_data.q);
- OPENSSL_free(d1);
- return (0);
- }
-
- s->d1=d1;
- s->method->ssl_clear(s);
- return(1);
- }
-
-static void dtls1_clear_queues(SSL *s)
- {
- pitem *item = NULL;
- hm_fragment *frag = NULL;
- DTLS1_RECORD_DATA *rdata;
-
- while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
- {
- rdata = (DTLS1_RECORD_DATA *) item->data;
- if (rdata->rbuf.buf)
- {
- OPENSSL_free(rdata->rbuf.buf);
- }
- OPENSSL_free(item->data);
- pitem_free(item);
- }
-
- while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
- {
- rdata = (DTLS1_RECORD_DATA *) item->data;
- if (rdata->rbuf.buf)
- {
- OPENSSL_free(rdata->rbuf.buf);
- }
- OPENSSL_free(item->data);
- pitem_free(item);
- }
-
- while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
- {
- frag = (hm_fragment *)item->data;
- OPENSSL_free(frag->fragment);
- OPENSSL_free(frag);
- pitem_free(item);
- }
-
- while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
- {
- frag = (hm_fragment *)item->data;
- OPENSSL_free(frag->fragment);
- OPENSSL_free(frag);
- pitem_free(item);
- }
-
- while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
- {
- rdata = (DTLS1_RECORD_DATA *) item->data;
- if (rdata->rbuf.buf)
- {
- OPENSSL_free(rdata->rbuf.buf);
- }
- OPENSSL_free(item->data);
- pitem_free(item);
- }
- }
-
-void dtls1_free(SSL *s)
- {
- ssl3_free(s);
-
- dtls1_clear_queues(s);
-
- pqueue_free(s->d1->unprocessed_rcds.q);
- pqueue_free(s->d1->processed_rcds.q);
- pqueue_free(s->d1->buffered_messages);
- pqueue_free(s->d1->sent_messages);
- pqueue_free(s->d1->buffered_app_data.q);
-
- pq_64bit_free(&(s->d1->bitmap.map));
- pq_64bit_free(&(s->d1->bitmap.max_seq_num));
-
- pq_64bit_free(&(s->d1->next_bitmap.map));
- pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
-
- OPENSSL_free(s->d1);
- s->d1 = NULL;
- }
-
-void dtls1_clear(SSL *s)
- {
- pqueue unprocessed_rcds;
- pqueue processed_rcds;
- pqueue buffered_messages;
- pqueue sent_messages;
- pqueue buffered_app_data;
- unsigned int mtu;
-
- if (s->d1)
- {
- unprocessed_rcds = s->d1->unprocessed_rcds.q;
- processed_rcds = s->d1->processed_rcds.q;
- buffered_messages = s->d1->buffered_messages;
- sent_messages = s->d1->sent_messages;
- buffered_app_data = s->d1->buffered_app_data.q;
- mtu = s->d1->mtu;
-
- dtls1_clear_queues(s);
-
- pq_64bit_free(&(s->d1->bitmap.map));
- pq_64bit_free(&(s->d1->bitmap.max_seq_num));
-
- pq_64bit_free(&(s->d1->next_bitmap.map));
- pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
-
- memset(s->d1, 0, sizeof(*(s->d1)));
-
- if (s->server)
- {
- s->d1->cookie_len = sizeof(s->d1->cookie);
- }
-
- if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)
- {
- s->d1->mtu = mtu;
- }
-
- s->d1->unprocessed_rcds.q = unprocessed_rcds;
- s->d1->processed_rcds.q = processed_rcds;
- s->d1->buffered_messages = buffered_messages;
- s->d1->sent_messages = sent_messages;
- s->d1->buffered_app_data.q = buffered_app_data;
-
-#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
- s->d1->bitmap.length=64;
-#else
- s->d1->bitmap.length=sizeof(s->d1->bitmap.map) * 8;
-#endif
- pq_64bit_init(&(s->d1->bitmap.map));
- pq_64bit_init(&(s->d1->bitmap.max_seq_num));
-
- s->d1->next_bitmap.length = s->d1->bitmap.length;
- pq_64bit_init(&(s->d1->next_bitmap.map));
- pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
- }
-
- ssl3_clear(s);
- if (s->options & SSL_OP_CISCO_ANYCONNECT)
- s->version=DTLS1_BAD_VER;
- else
- s->version=DTLS1_VERSION;
- }
-
-long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
- {
- int ret=0;
-
- switch (cmd)
- {
- case DTLS_CTRL_GET_TIMEOUT:
- if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL)
- {
- ret = 1;
- }
- break;
- case DTLS_CTRL_HANDLE_TIMEOUT:
- ret = dtls1_handle_timeout(s);
- break;
- case DTLS_CTRL_LISTEN:
- ret = dtls1_listen(s, parg);
- break;
- case SSL_CTRL_CHECK_PROTO_VERSION:
- /* For library-internal use; checks that the current protocol
- * is the highest enabled version (according to s->ctx->method,
- * as version negotiation may have changed s->method). */
-#if DTLS_MAX_VERSION != DTLS1_VERSION
-# error Code needs update for DTLS_method() support beyond DTLS1_VERSION.
-#endif
- /* Just one protocol version is supported so far;
- * fail closed if the version is not as expected. */
- return s->version == DTLS_MAX_VERSION;
-
- default:
- ret = ssl3_ctrl(s, cmd, larg, parg);
- break;
- }
- return(ret);
- }
-
-/*
- * As it's impossible to use stream ciphers in "datagram" mode, this
- * simple filter is designed to disengage them in DTLS. Unfortunately
- * there is no universal way to identify stream SSL_CIPHER, so we have
- * to explicitly list their SSL_* codes. Currently RC4 is the only one
- * available, but if new ones emerge, they will have to be added...
- */
-SSL_CIPHER *dtls1_get_cipher(unsigned int u)
- {
- SSL_CIPHER *ciph = ssl3_get_cipher(u);
-
- if (ciph != NULL)
- {
- if ((ciph->algorithms&SSL_ENC_MASK) == SSL_RC4)
- return NULL;
- }
-
- return ciph;
- }
-
-void dtls1_start_timer(SSL *s)
- {
- /* If timer is not set, initialize duration with 1 second */
- if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
- {
- s->d1->timeout_duration = 1;
- }
-
- /* Set timeout to current time */
- get_current_time(&(s->d1->next_timeout));
-
- /* Add duration to current time */
- s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
- }
-
-struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft)
- {
- struct timeval timenow;
-
- /* If no timeout is set, just return NULL */
- if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
- {
- return NULL;
- }
-
- /* Get current time */
- get_current_time(&timenow);
-
- /* If timer already expired, set remaining time to 0 */
- if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
- (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
- s->d1->next_timeout.tv_usec <= timenow.tv_usec))
- {
- memset(timeleft, 0, sizeof(struct timeval));
- return timeleft;
- }
-
- /* Calculate time left until timer expires */
- memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
- timeleft->tv_sec -= timenow.tv_sec;
- timeleft->tv_usec -= timenow.tv_usec;
- if (timeleft->tv_usec < 0)
- {
- timeleft->tv_sec--;
- timeleft->tv_usec += 1000000;
- }
-
- /* If remaining time is less than 15 ms, set it to 0
- * to prevent issues because of small devergences with
- * socket timeouts.
- */
- if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000)
- {
- memset(timeleft, 0, sizeof(struct timeval));
- }
-
-
- return timeleft;
- }
-
-int dtls1_is_timer_expired(SSL *s)
- {
- struct timeval timeleft;
-
- /* Get time left until timeout, return false if no timer running */
- if (dtls1_get_timeout(s, &timeleft) == NULL)
- {
- return 0;
- }
-
- /* Return false if timer is not expired yet */
- if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0)
- {
- return 0;
- }
-
- /* Timer expired, so return true */
- return 1;
- }
-
-void dtls1_double_timeout(SSL *s)
- {
- s->d1->timeout_duration *= 2;
- if (s->d1->timeout_duration > 60)
- s->d1->timeout_duration = 60;
- dtls1_start_timer(s);
- }
-
-void dtls1_stop_timer(SSL *s)
- {
- /* Reset everything */
- memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
- memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
- s->d1->timeout_duration = 1;
- BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
- /* Clear retransmission buffer */
- dtls1_clear_record_buffer(s);
- }
-
-int dtls1_check_timeout_num(SSL *s)
- {
- s->d1->timeout.num_alerts++;
-
- /* Reduce MTU after 2 unsuccessful retransmissions */
- if (s->d1->timeout.num_alerts > 2)
- {
- s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
- }
-
- if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
- {
- /* fail the connection, enough alerts have been sent */
- SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED);
- return -1;
- }
-
- return 0;
- }
-
-int dtls1_handle_timeout(SSL *s)
- {
- /* if no timer is expired, don't do anything */
- if (!dtls1_is_timer_expired(s))
- {
- return 0;
- }
-
- dtls1_double_timeout(s);
-
- if (dtls1_check_timeout_num(s) < 0)
- return -1;
-
- s->d1->timeout.read_timeouts++;
- if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
- {
- s->d1->timeout.read_timeouts = 1;
- }
-
- dtls1_start_timer(s);
- return dtls1_retransmit_buffered_messages(s);
- }
-
-static void get_current_time(struct timeval *t)
-{
-#ifdef OPENSSL_SYS_WIN32
- struct _timeb tb;
- _ftime(&tb);
- t->tv_sec = (long)tb.time;
- t->tv_usec = (long)tb.millitm * 1000;
-#elif defined(OPENSSL_SYS_VMS)
- struct timeb tb;
- ftime(&tb);
- t->tv_sec = (long)tb.time;
- t->tv_usec = (long)tb.millitm * 1000;
-#else
- gettimeofday(t, NULL);
-#endif
-}
-
-int dtls1_listen(SSL *s, struct sockaddr *client)
- {
- int ret;
-
- SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
- s->d1->listen = 1;
-
- ret = SSL_accept(s);
- if (ret <= 0) return ret;
-
- (void) BIO_dgram_get_peer(SSL_get_rbio(s), client);
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/d1_lib.c (from rev 6976, vendor-crypto/openssl/dist/ssl/d1_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/d1_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,508 @@
+/* ssl/d1_lib.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#define USE_SOCKETS
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
+# include <sys/timeb.h>
+#endif
+
+static void get_current_time(struct timeval *t);
+const char dtls1_version_str[] = "DTLSv1" OPENSSL_VERSION_PTEXT;
+int dtls1_listen(SSL *s, struct sockaddr *client);
+
+SSL3_ENC_METHOD DTLSv1_enc_data = {
+ dtls1_enc,
+ tls1_mac,
+ tls1_setup_key_block,
+ tls1_generate_master_secret,
+ tls1_change_cipher_state,
+ tls1_final_finish_mac,
+ TLS1_FINISH_MAC_LENGTH,
+ tls1_cert_verify_mac,
+ TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+ TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+ tls1_alert_code,
+};
+
+long dtls1_default_timeout(void)
+{
+ /*
+ * 2 hours, the 24 hours mentioned in the DTLSv1 spec is way too long for
+ * http, the cache would over fill
+ */
+ return (60 * 60 * 2);
+}
+
+IMPLEMENT_dtls1_meth_func(dtlsv1_base_method,
+ ssl_undefined_function,
+ ssl_undefined_function, ssl_bad_method)
+
+int dtls1_new(SSL *s)
+{
+ DTLS1_STATE *d1;
+
+ if (!ssl3_new(s))
+ return (0);
+ if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL)
+ return (0);
+ memset(d1, 0, sizeof *d1);
+
+ /* d1->handshake_epoch=0; */
+#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
+ d1->bitmap.length = 64;
+#else
+ d1->bitmap.length = sizeof(d1->bitmap.map) * 8;
+#endif
+ pq_64bit_init(&(d1->bitmap.map));
+ pq_64bit_init(&(d1->bitmap.max_seq_num));
+
+ d1->next_bitmap.length = d1->bitmap.length;
+ pq_64bit_init(&(d1->next_bitmap.map));
+ pq_64bit_init(&(d1->next_bitmap.max_seq_num));
+
+ d1->unprocessed_rcds.q = pqueue_new();
+ d1->processed_rcds.q = pqueue_new();
+ d1->buffered_messages = pqueue_new();
+ d1->sent_messages = pqueue_new();
+ d1->buffered_app_data.q = pqueue_new();
+
+ if (s->server) {
+ d1->cookie_len = sizeof(s->d1->cookie);
+ }
+
+ if (!d1->unprocessed_rcds.q || !d1->processed_rcds.q
+ || !d1->buffered_messages || !d1->sent_messages
+ || !d1->buffered_app_data.q) {
+ if (d1->unprocessed_rcds.q)
+ pqueue_free(d1->unprocessed_rcds.q);
+ if (d1->processed_rcds.q)
+ pqueue_free(d1->processed_rcds.q);
+ if (d1->buffered_messages)
+ pqueue_free(d1->buffered_messages);
+ if (d1->sent_messages)
+ pqueue_free(d1->sent_messages);
+ if (d1->buffered_app_data.q)
+ pqueue_free(d1->buffered_app_data.q);
+ OPENSSL_free(d1);
+ return (0);
+ }
+
+ s->d1 = d1;
+ s->method->ssl_clear(s);
+ return (1);
+}
+
+static void dtls1_clear_queues(SSL *s)
+{
+ pitem *item = NULL;
+ hm_fragment *frag = NULL;
+ DTLS1_RECORD_DATA *rdata;
+
+ while ((item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL) {
+ rdata = (DTLS1_RECORD_DATA *)item->data;
+ if (rdata->rbuf.buf) {
+ OPENSSL_free(rdata->rbuf.buf);
+ }
+ OPENSSL_free(item->data);
+ pitem_free(item);
+ }
+
+ while ((item = pqueue_pop(s->d1->processed_rcds.q)) != NULL) {
+ rdata = (DTLS1_RECORD_DATA *)item->data;
+ if (rdata->rbuf.buf) {
+ OPENSSL_free(rdata->rbuf.buf);
+ }
+ OPENSSL_free(item->data);
+ pitem_free(item);
+ }
+
+ while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
+ frag = (hm_fragment *)item->data;
+ OPENSSL_free(frag->fragment);
+ OPENSSL_free(frag);
+ pitem_free(item);
+ }
+
+ while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
+ frag = (hm_fragment *)item->data;
+ OPENSSL_free(frag->fragment);
+ OPENSSL_free(frag);
+ pitem_free(item);
+ }
+
+ while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL) {
+ rdata = (DTLS1_RECORD_DATA *)item->data;
+ if (rdata->rbuf.buf) {
+ OPENSSL_free(rdata->rbuf.buf);
+ }
+ OPENSSL_free(item->data);
+ pitem_free(item);
+ }
+}
+
+void dtls1_free(SSL *s)
+{
+ ssl3_free(s);
+
+ dtls1_clear_queues(s);
+
+ pqueue_free(s->d1->unprocessed_rcds.q);
+ pqueue_free(s->d1->processed_rcds.q);
+ pqueue_free(s->d1->buffered_messages);
+ pqueue_free(s->d1->sent_messages);
+ pqueue_free(s->d1->buffered_app_data.q);
+
+ pq_64bit_free(&(s->d1->bitmap.map));
+ pq_64bit_free(&(s->d1->bitmap.max_seq_num));
+
+ pq_64bit_free(&(s->d1->next_bitmap.map));
+ pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
+
+ OPENSSL_free(s->d1);
+ s->d1 = NULL;
+}
+
+void dtls1_clear(SSL *s)
+{
+ pqueue unprocessed_rcds;
+ pqueue processed_rcds;
+ pqueue buffered_messages;
+ pqueue sent_messages;
+ pqueue buffered_app_data;
+ unsigned int mtu;
+
+ if (s->d1) {
+ unprocessed_rcds = s->d1->unprocessed_rcds.q;
+ processed_rcds = s->d1->processed_rcds.q;
+ buffered_messages = s->d1->buffered_messages;
+ sent_messages = s->d1->sent_messages;
+ buffered_app_data = s->d1->buffered_app_data.q;
+ mtu = s->d1->mtu;
+
+ dtls1_clear_queues(s);
+
+ pq_64bit_free(&(s->d1->bitmap.map));
+ pq_64bit_free(&(s->d1->bitmap.max_seq_num));
+
+ pq_64bit_free(&(s->d1->next_bitmap.map));
+ pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
+
+ memset(s->d1, 0, sizeof(*(s->d1)));
+
+ if (s->server) {
+ s->d1->cookie_len = sizeof(s->d1->cookie);
+ }
+
+ if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
+ s->d1->mtu = mtu;
+ }
+
+ s->d1->unprocessed_rcds.q = unprocessed_rcds;
+ s->d1->processed_rcds.q = processed_rcds;
+ s->d1->buffered_messages = buffered_messages;
+ s->d1->sent_messages = sent_messages;
+ s->d1->buffered_app_data.q = buffered_app_data;
+
+#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
+ s->d1->bitmap.length = 64;
+#else
+ s->d1->bitmap.length = sizeof(s->d1->bitmap.map) * 8;
+#endif
+ pq_64bit_init(&(s->d1->bitmap.map));
+ pq_64bit_init(&(s->d1->bitmap.max_seq_num));
+
+ s->d1->next_bitmap.length = s->d1->bitmap.length;
+ pq_64bit_init(&(s->d1->next_bitmap.map));
+ pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
+ }
+
+ ssl3_clear(s);
+ if (s->options & SSL_OP_CISCO_ANYCONNECT)
+ s->version = DTLS1_BAD_VER;
+ else
+ s->version = DTLS1_VERSION;
+}
+
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+ int ret = 0;
+
+ switch (cmd) {
+ case DTLS_CTRL_GET_TIMEOUT:
+ if (dtls1_get_timeout(s, (struct timeval *)parg) != NULL) {
+ ret = 1;
+ }
+ break;
+ case DTLS_CTRL_HANDLE_TIMEOUT:
+ ret = dtls1_handle_timeout(s);
+ break;
+ case DTLS_CTRL_LISTEN:
+ ret = dtls1_listen(s, parg);
+ break;
+ case SSL_CTRL_CHECK_PROTO_VERSION:
+ /*
+ * For library-internal use; checks that the current protocol is the
+ * highest enabled version (according to s->ctx->method, as version
+ * negotiation may have changed s->method).
+ */
+#if DTLS_MAX_VERSION != DTLS1_VERSION
+# error Code needs update for DTLS_method() support beyond DTLS1_VERSION.
+#endif
+ /*
+ * Just one protocol version is supported so far; fail closed if the
+ * version is not as expected.
+ */
+ return s->version == DTLS_MAX_VERSION;
+
+ default:
+ ret = ssl3_ctrl(s, cmd, larg, parg);
+ break;
+ }
+ return (ret);
+}
+
+/*
+ * As it's impossible to use stream ciphers in "datagram" mode, this
+ * simple filter is designed to disengage them in DTLS. Unfortunately
+ * there is no universal way to identify stream SSL_CIPHER, so we have
+ * to explicitly list their SSL_* codes. Currently RC4 is the only one
+ * available, but if new ones emerge, they will have to be added...
+ */
+SSL_CIPHER *dtls1_get_cipher(unsigned int u)
+{
+ SSL_CIPHER *ciph = ssl3_get_cipher(u);
+
+ if (ciph != NULL) {
+ if ((ciph->algorithms & SSL_ENC_MASK) == SSL_RC4)
+ return NULL;
+ }
+
+ return ciph;
+}
+
+void dtls1_start_timer(SSL *s)
+{
+ /* If timer is not set, initialize duration with 1 second */
+ if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
+ s->d1->timeout_duration = 1;
+ }
+
+ /* Set timeout to current time */
+ get_current_time(&(s->d1->next_timeout));
+
+ /* Add duration to current time */
+ s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
+ &(s->d1->next_timeout));
+}
+
+struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
+{
+ struct timeval timenow;
+
+ /* If no timeout is set, just return NULL */
+ if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
+ return NULL;
+ }
+
+ /* Get current time */
+ get_current_time(&timenow);
+
+ /* If timer already expired, set remaining time to 0 */
+ if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
+ (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
+ s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
+ memset(timeleft, 0, sizeof(struct timeval));
+ return timeleft;
+ }
+
+ /* Calculate time left until timer expires */
+ memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
+ timeleft->tv_sec -= timenow.tv_sec;
+ timeleft->tv_usec -= timenow.tv_usec;
+ if (timeleft->tv_usec < 0) {
+ timeleft->tv_sec--;
+ timeleft->tv_usec += 1000000;
+ }
+
+ /*
+ * If remaining time is less than 15 ms, set it to 0 to prevent issues
+ * because of small devergences with socket timeouts.
+ */
+ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
+ memset(timeleft, 0, sizeof(struct timeval));
+ }
+
+ return timeleft;
+}
+
+int dtls1_is_timer_expired(SSL *s)
+{
+ struct timeval timeleft;
+
+ /* Get time left until timeout, return false if no timer running */
+ if (dtls1_get_timeout(s, &timeleft) == NULL) {
+ return 0;
+ }
+
+ /* Return false if timer is not expired yet */
+ if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
+ return 0;
+ }
+
+ /* Timer expired, so return true */
+ return 1;
+}
+
+void dtls1_double_timeout(SSL *s)
+{
+ s->d1->timeout_duration *= 2;
+ if (s->d1->timeout_duration > 60)
+ s->d1->timeout_duration = 60;
+ dtls1_start_timer(s);
+}
+
+void dtls1_stop_timer(SSL *s)
+{
+ /* Reset everything */
+ memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
+ memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
+ s->d1->timeout_duration = 1;
+ BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
+ &(s->d1->next_timeout));
+ /* Clear retransmission buffer */
+ dtls1_clear_record_buffer(s);
+}
+
+int dtls1_check_timeout_num(SSL *s)
+{
+ s->d1->timeout.num_alerts++;
+
+ /* Reduce MTU after 2 unsuccessful retransmissions */
+ if (s->d1->timeout.num_alerts > 2) {
+ s->d1->mtu =
+ BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0,
+ NULL);
+ }
+
+ if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
+ /* fail the connection, enough alerts have been sent */
+ SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
+ return -1;
+ }
+
+ return 0;
+}
+
+int dtls1_handle_timeout(SSL *s)
+{
+ /* if no timer is expired, don't do anything */
+ if (!dtls1_is_timer_expired(s)) {
+ return 0;
+ }
+
+ dtls1_double_timeout(s);
+
+ if (dtls1_check_timeout_num(s) < 0)
+ return -1;
+
+ s->d1->timeout.read_timeouts++;
+ if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
+ s->d1->timeout.read_timeouts = 1;
+ }
+
+ dtls1_start_timer(s);
+ return dtls1_retransmit_buffered_messages(s);
+}
+
+static void get_current_time(struct timeval *t)
+{
+#ifdef OPENSSL_SYS_WIN32
+ struct _timeb tb;
+ _ftime(&tb);
+ t->tv_sec = (long)tb.time;
+ t->tv_usec = (long)tb.millitm * 1000;
+#elif defined(OPENSSL_SYS_VMS)
+ struct timeb tb;
+ ftime(&tb);
+ t->tv_sec = (long)tb.time;
+ t->tv_usec = (long)tb.millitm * 1000;
+#else
+ gettimeofday(t, NULL);
+#endif
+}
+
+int dtls1_listen(SSL *s, struct sockaddr *client)
+{
+ int ret;
+
+ SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+ s->d1->listen = 1;
+
+ ret = SSL_accept(s);
+ if (ret <= 0)
+ return ret;
+
+ (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/d1_meth.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/d1_meth.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,77 +0,0 @@
-/* ssl/d1_meth.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *dtls1_get_method(int ver);
-static SSL_METHOD *dtls1_get_method(int ver)
- {
- if (ver == DTLS1_VERSION)
- return(DTLSv1_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_dtls1_meth_func(DTLSv1_method,
- dtls1_accept,
- dtls1_connect,
- dtls1_get_method)
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/d1_meth.c (from rev 6976, vendor-crypto/openssl/dist/ssl/d1_meth.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/d1_meth.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,74 @@
+/* ssl/d1_meth.h */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+static SSL_METHOD *dtls1_get_method(int ver);
+static SSL_METHOD *dtls1_get_method(int ver)
+{
+ if (ver == DTLS1_VERSION)
+ return (DTLSv1_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_dtls1_meth_func(DTLSv1_method,
+ dtls1_accept, dtls1_connect, dtls1_get_method)
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/d1_pkt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/d1_pkt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_pkt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1843 +0,0 @@
-/* ssl/d1_pkt.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include <openssl/pqueue.h>
-#include <openssl/rand.h>
-
-static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
- int len, int peek);
-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
- PQ_64BIT *seq_num);
-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
-static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
- unsigned int *is_next_epoch);
-#if 0
-static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
- unsigned short *priority, unsigned long *offset);
-#endif
-static int dtls1_buffer_record(SSL *s, record_pqueue *q,
- PQ_64BIT *priority);
-static int dtls1_process_record(SSL *s);
-#if PQ_64BIT_IS_INTEGER
-static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);
-#endif
-
-/* copy buffered record into SSL structure */
-static int
-dtls1_copy_record(SSL *s, pitem *item)
- {
- DTLS1_RECORD_DATA *rdata;
-
- rdata = (DTLS1_RECORD_DATA *)item->data;
-
- if (s->s3->rbuf.buf != NULL)
- OPENSSL_free(s->s3->rbuf.buf);
-
- s->packet = rdata->packet;
- s->packet_length = rdata->packet_length;
- memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
- memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
-
- /* Set proper sequence number for mac calculation */
- memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
-
- return(1);
- }
-
-
-static int
-dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT *priority)
-{
- DTLS1_RECORD_DATA *rdata;
- pitem *item;
-
- /* Limit the size of the queue to prevent DOS attacks */
- if (pqueue_size(queue->q) >= 100)
- return 0;
-
- rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
- item = pitem_new(*priority, rdata);
- if (rdata == NULL || item == NULL)
- {
- if (rdata != NULL) OPENSSL_free(rdata);
- if (item != NULL) pitem_free(item);
-
- SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
- return(0);
- }
-
- rdata->packet = s->packet;
- rdata->packet_length = s->packet_length;
- memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
- memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
-
- item->data = rdata;
-
- /* insert should not fail, since duplicates are dropped */
- if (pqueue_insert(queue->q, item) == NULL)
- {
- OPENSSL_free(rdata);
- pitem_free(item);
- return(0);
- }
-
- s->packet = NULL;
- s->packet_length = 0;
- memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
- memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
-
- if (!ssl3_setup_buffers(s))
- {
- SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
- OPENSSL_free(rdata);
- pitem_free(item);
- return(0);
- }
-
- return(1);
- }
-
-
-static int
-dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
- {
- pitem *item;
-
- item = pqueue_pop(queue->q);
- if (item)
- {
- dtls1_copy_record(s, item);
-
- OPENSSL_free(item->data);
- pitem_free(item);
-
- return(1);
- }
-
- return(0);
- }
-
-
-/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
- * yet */
-#define dtls1_get_unprocessed_record(s) \
- dtls1_retrieve_buffered_record((s), \
- &((s)->d1->unprocessed_rcds))
-
-/* retrieve a buffered record that belongs to the current epoch, ie, processed */
-#define dtls1_get_processed_record(s) \
- dtls1_retrieve_buffered_record((s), \
- &((s)->d1->processed_rcds))
-
-static int
-dtls1_process_buffered_records(SSL *s)
- {
- pitem *item;
-
- item = pqueue_peek(s->d1->unprocessed_rcds.q);
- if (item)
- {
- /* Check if epoch is current. */
- if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
- return(1); /* Nothing to do. */
-
- /* Process all the records. */
- while (pqueue_peek(s->d1->unprocessed_rcds.q))
- {
- dtls1_get_unprocessed_record(s);
- if ( ! dtls1_process_record(s))
- return(0);
- dtls1_buffer_record(s, &(s->d1->processed_rcds),
- &s->s3->rrec.seq_num);
- }
- }
-
- /* sync epoch numbers once all the unprocessed records
- * have been processed */
- s->d1->processed_rcds.epoch = s->d1->r_epoch;
- s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
-
- return(1);
- }
-
-
-#if 0
-
-static int
-dtls1_get_buffered_record(SSL *s)
- {
- pitem *item;
- PQ_64BIT priority =
- (((PQ_64BIT)s->d1->handshake_read_seq) << 32) |
- ((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
-
- if ( ! SSL_in_init(s)) /* if we're not (re)negotiating,
- nothing buffered */
- return 0;
-
-
- item = pqueue_peek(s->d1->rcvd_records);
- if (item && item->priority == priority)
- {
- /* Check if we've received the record of interest. It must be
- * a handshake record, since data records as passed up without
- * buffering */
- DTLS1_RECORD_DATA *rdata;
- item = pqueue_pop(s->d1->rcvd_records);
- rdata = (DTLS1_RECORD_DATA *)item->data;
-
- if (s->s3->rbuf.buf != NULL)
- OPENSSL_free(s->s3->rbuf.buf);
-
- s->packet = rdata->packet;
- s->packet_length = rdata->packet_length;
- memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
- memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
-
- OPENSSL_free(item->data);
- pitem_free(item);
-
- /* s->d1->next_expected_seq_num++; */
- return(1);
- }
-
- return 0;
- }
-
-#endif
-
-static int
-dtls1_process_record(SSL *s)
-{
- int i,al;
- int enc_err;
- SSL_SESSION *sess;
- SSL3_RECORD *rr;
- unsigned int mac_size, orig_len;
- unsigned char md[EVP_MAX_MD_SIZE];
-
- rr= &(s->s3->rrec);
- sess = s->session;
-
- /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
- * and we have that many bytes in s->packet
- */
- rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
-
- /* ok, we can now read from 's->packet' data into 'rr'
- * rr->input points at rr->length bytes, which
- * need to be copied into rr->data by either
- * the decryption or by the decompression
- * When the data is 'copied' into the rr->data buffer,
- * rr->input will be pointed at the new buffer */
-
- /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
- * rr->length bytes of encrypted compressed stuff. */
-
- /* check is not needed I believe */
- if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- /* decrypt in place in 'rr->input' */
- rr->data=rr->input;
-
- enc_err = s->method->ssl3_enc->enc(s,0);
- /* enc_err is:
- * 0: (in non-constant time) if the record is publically invalid.
- * 1: if the padding is valid
- * -1: if the padding is invalid */
- if (enc_err == 0)
- {
- /* For DTLS we simply ignore bad packets. */
- rr->length = 0;
- s->packet_length = 0;
- goto err;
- }
-
-#ifdef TLS_DEBUG
-printf("dec %d\n",rr->length);
-{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
- /* r->length is now the compressed data plus mac */
- if ((sess != NULL) &&
- (s->enc_read_ctx != NULL) &&
- (s->read_hash != NULL))
- {
- /* s->read_hash != NULL => mac_size != -1 */
- unsigned char *mac = NULL;
- unsigned char mac_tmp[EVP_MAX_MD_SIZE];
- mac_size=EVP_MD_size(s->read_hash);
- OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
-
- /* kludge: *_cbc_remove_padding passes padding length in rr->type */
- orig_len = rr->length+((unsigned int)rr->type>>8);
-
- /* orig_len is the length of the record before any padding was
- * removed. This is public information, as is the MAC in use,
- * therefore we can safely process the record in a different
- * amount of time if it's too short to possibly contain a MAC.
- */
- if (orig_len < mac_size ||
- /* CBC records must have a padding length byte too. */
- (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
- orig_len < mac_size+1))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
-
- if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
- {
- /* We update the length so that the TLS header bytes
- * can be constructed correctly but we need to extract
- * the MAC in constant time from within the record,
- * without leaking the contents of the padding bytes.
- * */
- mac = mac_tmp;
- ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
- rr->length -= mac_size;
- }
- else
- {
- /* In this case there's no padding, so |orig_len|
- * equals |rec->length| and we checked that there's
- * enough bytes for |mac_size| above. */
- rr->length -= mac_size;
- mac = &rr->data[rr->length];
- }
-
- i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
- if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
- enc_err = -1;
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
- enc_err = -1;
- }
-
- if (enc_err < 0)
- {
- /* decryption failed, silently discard message */
- rr->length = 0;
- s->packet_length = 0;
- goto err;
- }
-
- /* r->length is now just compressed */
- if (s->expand != NULL)
- {
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
- goto f_err;
- }
- if (!ssl3_do_uncompress(s))
- {
- al=SSL_AD_DECOMPRESSION_FAILURE;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
- goto f_err;
- }
- }
-
- if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- rr->off=0;
- /* So at this point the following is true
- * ssl->s3->rrec.type is the type of record
- * ssl->s3->rrec.length == number of bytes in record
- * ssl->s3->rrec.off == offset to first valid byte
- * ssl->s3->rrec.data == where to take bytes from, increment
- * after use :-).
- */
-
- /* we have pulled in a full packet so zero things */
- s->packet_length=0;
- dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
- return(1);
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(0);
-}
-
-
-/* Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type - is the type of record
- * ssl->s3->rrec.data, - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by dtls1_read_bytes */
-int dtls1_get_record(SSL *s)
- {
- int ssl_major,ssl_minor;
- int i,n;
- SSL3_RECORD *rr;
- unsigned char *p = NULL;
- unsigned short version;
- DTLS1_BITMAP *bitmap;
- unsigned int is_next_epoch;
-
- rr= &(s->s3->rrec);
-
- /* The epoch may have changed. If so, process all the
- * pending records. This is a non-blocking operation. */
- dtls1_process_buffered_records(s);
-
- /* if we're renegotiating, then there may be buffered records */
- if (dtls1_get_processed_record(s))
- return 1;
-
- /* get something from the wire */
-again:
- /* check if we have the header */
- if ( (s->rstate != SSL_ST_READ_BODY) ||
- (s->packet_length < DTLS1_RT_HEADER_LENGTH))
- {
- n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
- /* read timeout is handled by dtls1_read_bytes */
- if (n <= 0) return(n); /* error or non-blocking */
-
- /* this packet contained a partial record, dump it */
- if (s->packet_length != DTLS1_RT_HEADER_LENGTH)
- {
- s->packet_length = 0;
- goto again;
- }
-
- s->rstate=SSL_ST_READ_BODY;
-
- p=s->packet;
-
- /* Pull apart the header into the DTLS1_RECORD */
- rr->type= *(p++);
- ssl_major= *(p++);
- ssl_minor= *(p++);
- version=(ssl_major<<8)|ssl_minor;
-
- /* sequence number is 64 bits, with top 2 bytes = epoch */
- n2s(p,rr->epoch);
-
- memcpy(&(s->s3->read_sequence[2]), p, 6);
- p+=6;
-
- n2s(p,rr->length);
-
- /* Lets check version */
- if (!s->first_packet)
- {
- if (version != s->version && version != DTLS1_BAD_VER)
- {
- /* unexpected version, silently discard */
- rr->length = 0;
- s->packet_length = 0;
- goto again;
- }
- }
-
- if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
- (version & 0xff00) != (DTLS1_BAD_VER & 0xff00))
- {
- /* wrong version, silently discard record */
- rr->length = 0;
- s->packet_length = 0;
- goto again;
- }
-
- if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
- {
- /* record too long, silently discard it */
- rr->length = 0;
- s->packet_length = 0;
- goto again;
- }
-
- s->client_version = version;
- /* now s->rstate == SSL_ST_READ_BODY */
- }
-
- /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-
- if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH)
- {
- /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
- i=rr->length;
- n=ssl3_read_n(s,i,i,1);
- if (n <= 0) return(n); /* error or non-blocking io */
-
- /* this packet contained a partial record, dump it */
- if ( n != i)
- {
- rr->length = 0;
- s->packet_length = 0;
- goto again;
- }
-
- /* now n == rr->length,
- * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
- }
- s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
-
- /* match epochs. NULL means the packet is dropped on the floor */
- bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
- if ( bitmap == NULL)
- {
- rr->length = 0;
- s->packet_length = 0; /* dump this record */
- goto again; /* get another record */
- }
-
- /* Check whether this is a repeat, or aged record.
- * Don't check if we're listening and this message is
- * a ClientHello. They can look as if they're replayed,
- * since they arrive from different connections and
- * would be dropped unnecessarily.
- */
- if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
- *p == SSL3_MT_CLIENT_HELLO) &&
- ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num)))
- {
- rr->length = 0;
- s->packet_length=0; /* dump this record */
- goto again; /* get another record */
- }
-
- /* just read a 0 length packet */
- if (rr->length == 0) goto again;
-
- /* If this record is from the next epoch (either HM or ALERT),
- * and a handshake is currently in progress, buffer it since it
- * cannot be processed at this time. However, do not buffer
- * anything while listening.
- */
- if (is_next_epoch)
- {
- if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen)
- {
- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num);
- }
- rr->length = 0;
- s->packet_length = 0;
- goto again;
- }
-
- if (!dtls1_process_record(s))
- {
- rr->length = 0;
- s->packet_length=0; /* dump this record */
- goto again; /* get another record */
- }
-
- return(1);
-
- }
-
-/* Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- * - 0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- * Change cipher spec protocol
- * just 1 byte needed, no need for keeping anything stored
- * Alert protocol
- * 2 bytes needed (AlertLevel, AlertDescription)
- * Handshake protocol
- * 4 bytes needed (HandshakeType, uint24 length) -- we just have
- * to detect unexpected Client Hello and Hello Request messages
- * here, anything else is handled by higher layers
- * Application data protocol
- * none of our business
- */
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
- {
- int al,i,j,ret;
- unsigned int n;
- SSL3_RECORD *rr;
- void (*cb)(const SSL *ssl,int type2,int val)=NULL;
-
- if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
- if (!ssl3_setup_buffers(s))
- return(-1);
-
- /* XXX: check what the second '&& type' is about */
- if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
- (type != SSL3_RT_HANDSHAKE) && type) ||
- (peek && (type != SSL3_RT_APPLICATION_DATA)))
- {
- SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
- return -1;
- }
-
- /* check whether there's a handshake message (client hello?) waiting */
- if ( (ret = have_handshake_fragment(s, type, buf, len, peek)))
- return ret;
-
- /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
-
- if (!s->in_handshake && SSL_in_init(s))
- {
- /* type == SSL3_RT_APPLICATION_DATA */
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- }
-
-start:
- s->rwstate=SSL_NOTHING;
-
- /* s->s3->rrec.type - is the type of record
- * s->s3->rrec.data, - data
- * s->s3->rrec.off, - offset into 'data' for next read
- * s->s3->rrec.length, - number of bytes. */
- rr = &(s->s3->rrec);
-
- /* We are not handshaking and have no data yet,
- * so process data buffered during the last handshake
- * in advance, if any.
- */
- if (s->state == SSL_ST_OK && rr->length == 0)
- {
- pitem *item;
- item = pqueue_pop(s->d1->buffered_app_data.q);
- if (item)
- {
- dtls1_copy_record(s, item);
-
- OPENSSL_free(item->data);
- pitem_free(item);
- }
- }
-
- /* Check for timeout */
- if (dtls1_handle_timeout(s) > 0)
- goto start;
-
- /* get new packet if necessary */
- if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
- {
- ret=dtls1_get_record(s);
- if (ret <= 0)
- {
- ret = dtls1_read_failed(s, ret);
- /* anything other than a timeout is an error */
- if (ret <= 0)
- return(ret);
- else
- goto start;
- }
- }
-
- if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE)
- {
- rr->length = 0;
- goto start;
- }
-
- /* we now have a packet which can be read and processed */
-
- if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
- * reset by ssl3_get_finished */
- && (rr->type != SSL3_RT_HANDSHAKE))
- {
- /* We now have application data between CCS and Finished.
- * Most likely the packets were reordered on their way, so
- * buffer the application data for later processing rather
- * than dropping the connection.
- */
- dtls1_buffer_record(s, &(s->d1->buffered_app_data), &rr->seq_num);
- rr->length = 0;
- goto start;
- }
-
- /* If the other end has shut down, throw anything we read away
- * (even in 'peek' mode) */
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
- {
- rr->length=0;
- s->rwstate=SSL_NOTHING;
- return(0);
- }
-
-
- if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
- {
- /* make sure that we are not getting application data when we
- * are doing a handshake for the first time */
- if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
- (s->enc_read_ctx == NULL))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
- goto f_err;
- }
-
- if (len <= 0) return(len);
-
- if ((unsigned int)len > rr->length)
- n = rr->length;
- else
- n = (unsigned int)len;
-
- memcpy(buf,&(rr->data[rr->off]),n);
- if (!peek)
- {
- rr->length-=n;
- rr->off+=n;
- if (rr->length == 0)
- {
- s->rstate=SSL_ST_READ_HEADER;
- rr->off=0;
- }
- }
- return(n);
- }
-
-
- /* If we get here, then type != rr->type; if we have a handshake
- * message, then it was unexpected (Hello Request or Client Hello). */
-
- /* In case of record types for which we have 'fragment' storage,
- * fill that so that we can process the data at a fixed place.
- */
- {
- unsigned int k, dest_maxlen = 0;
- unsigned char *dest = NULL;
- unsigned int *dest_len = NULL;
-
- if (rr->type == SSL3_RT_HANDSHAKE)
- {
- dest_maxlen = sizeof s->d1->handshake_fragment;
- dest = s->d1->handshake_fragment;
- dest_len = &s->d1->handshake_fragment_len;
- }
- else if (rr->type == SSL3_RT_ALERT)
- {
- dest_maxlen = sizeof(s->d1->alert_fragment);
- dest = s->d1->alert_fragment;
- dest_len = &s->d1->alert_fragment_len;
- }
- /* else it's a CCS message, or application data or wrong */
- else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
- {
- /* Application data while renegotiating
- * is allowed. Try again reading.
- */
- if (rr->type == SSL3_RT_APPLICATION_DATA)
- {
- BIO *bio;
- s->s3->in_read_app_data=2;
- bio=SSL_get_rbio(s);
- s->rwstate=SSL_READING;
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
- }
-
- /* Not certain if this is the right error handling */
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- }
-
- if (dest_maxlen > 0)
- {
- /* XDTLS: In a pathalogical case, the Client Hello
- * may be fragmented--don't always expect dest_maxlen bytes */
- if ( rr->length < dest_maxlen)
- {
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
- /*
- * for normal alerts rr->length is 2, while
- * dest_maxlen is 7 if we were to handle this
- * non-existing alert...
- */
- FIX ME
-#endif
- s->rstate=SSL_ST_READ_HEADER;
- rr->length = 0;
- goto start;
- }
-
- /* now move 'n' bytes: */
- for ( k = 0; k < dest_maxlen; k++)
- {
- dest[k] = rr->data[rr->off++];
- rr->length--;
- }
- *dest_len = dest_maxlen;
- }
- }
-
- /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
- * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
- * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
-
- /* If we are a client, check for an incoming 'Hello Request': */
- if ((!s->server) &&
- (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
- (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
- (s->session != NULL) && (s->session->cipher != NULL))
- {
- s->d1->handshake_fragment_len = 0;
-
- if ((s->d1->handshake_fragment[1] != 0) ||
- (s->d1->handshake_fragment[2] != 0) ||
- (s->d1->handshake_fragment[3] != 0))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
- goto err;
- }
-
- /* no need to check sequence number on HELLO REQUEST messages */
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
-
- if (SSL_is_init_finished(s) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !s->s3->renegotiate)
- {
- s->d1->handshake_read_seq++;
- ssl3_renegotiate(s);
- if (ssl3_renegotiate_check(s))
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
-
- if (!(s->mode & SSL_MODE_AUTO_RETRY))
- {
- if (s->s3->rbuf.left == 0) /* no read-ahead left? */
- {
- BIO *bio;
- /* In the case where we try to read application data,
- * but we trigger an SSL handshake, we return -1 with
- * the retry option set. Otherwise renegotiation may
- * cause nasty problems in the blocking world */
- s->rwstate=SSL_READING;
- bio=SSL_get_rbio(s);
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
- }
- }
- }
- }
- /* we either finished a handshake or ignored the request,
- * now try again to obtain the (application) data we were asked for */
- goto start;
- }
-
- if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH)
- {
- int alert_level = s->d1->alert_fragment[0];
- int alert_descr = s->d1->alert_fragment[1];
-
- s->d1->alert_fragment_len = 0;
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_ALERT,
- s->d1->alert_fragment, 2, s, s->msg_callback_arg);
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- if (cb != NULL)
- {
- j = (alert_level << 8) | alert_descr;
- cb(s, SSL_CB_READ_ALERT, j);
- }
-
- if (alert_level == 1) /* warning */
- {
- s->s3->warn_alert = alert_descr;
- if (alert_descr == SSL_AD_CLOSE_NOTIFY)
- {
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return(0);
- }
-#if 0
- /* XXX: this is a possible improvement in the future */
- /* now check if it's a missing record */
- if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
- {
- unsigned short seq;
- unsigned int frag_off;
- unsigned char *p = &(s->d1->alert_fragment[2]);
-
- n2s(p, seq);
- n2l3(p, frag_off);
-
- dtls1_retransmit_message(s,
- dtls1_get_queue_priority(frag->msg_header.seq, 0),
- frag_off, &found);
- if ( ! found && SSL_in_init(s))
- {
- /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
- /* requested a message not yet sent,
- send an alert ourselves */
- ssl3_send_alert(s,SSL3_AL_WARNING,
- DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
- }
- }
-#endif
- }
- else if (alert_level == 2) /* fatal */
- {
- char tmp[16];
-
- s->rwstate=SSL_NOTHING;
- s->s3->fatal_alert = alert_descr;
- SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
- BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
- ERR_add_error_data(2,"SSL alert number ",tmp);
- s->shutdown|=SSL_RECEIVED_SHUTDOWN;
- SSL_CTX_remove_session(s->ctx,s->session);
- return(0);
- }
- else
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
- }
-
- goto start;
- }
-
- if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
- {
- s->rwstate=SSL_NOTHING;
- rr->length=0;
- return(0);
- }
-
- if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
- {
- struct ccs_header_st ccs_hdr;
- unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
-
- dtls1_get_ccs_header(rr->data, &ccs_hdr);
-
- /* 'Change Cipher Spec' is just a single byte, so we know
- * exactly what the record payload has to look like */
- /* XDTLS: check that epoch is consistent */
- if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
- ccs_hdr_len = 3;
-
- if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
- {
- i=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
- goto err;
- }
-
- rr->length=0;
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
- rr->data, 1, s, s->msg_callback_arg);
-
- /* We can't process a CCS now, because previous handshake
- * messages are still missing, so just drop it.
- */
- if (!s->d1->change_cipher_spec_ok)
- {
- goto start;
- }
-
- s->d1->change_cipher_spec_ok = 0;
-
- s->s3->change_cipher_spec=1;
- if (!ssl3_do_change_cipher_spec(s))
- goto err;
-
- /* do this whenever CCS is processed */
- dtls1_reset_seq_numbers(s, SSL3_CC_READ);
-
- if (s->client_version == DTLS1_BAD_VER)
- s->d1->handshake_read_seq++;
-
- goto start;
- }
-
- /* Unexpected handshake message (Client Hello, or protocol violation) */
- if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
- !s->in_handshake)
- {
- struct hm_header_st msg_hdr;
-
- /* this may just be a stale retransmit */
- dtls1_get_message_header(rr->data, &msg_hdr);
- if( rr->epoch != s->d1->r_epoch)
- {
- rr->length = 0;
- goto start;
- }
-
- /* If we are server, we may have a repeated FINISHED of the
- * client here, then retransmit our CCS and FINISHED.
- */
- if (msg_hdr.type == SSL3_MT_FINISHED)
- {
- if (dtls1_check_timeout_num(s) < 0)
- return -1;
-
- dtls1_retransmit_buffered_messages(s);
- rr->length = 0;
- goto start;
- }
-
- if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
- {
-#if 0 /* worked only because C operator preferences are not as expected (and
- * because this is not really needed for clients except for detecting
- * protocol violations): */
- s->state=SSL_ST_BEFORE|(s->server)
- ?SSL_ST_ACCEPT
- :SSL_ST_CONNECT;
-#else
- s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
- s->new_session=1;
- }
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
-
- if (!(s->mode & SSL_MODE_AUTO_RETRY))
- {
- if (s->s3->rbuf.left == 0) /* no read-ahead left? */
- {
- BIO *bio;
- /* In the case where we try to read application data,
- * but we trigger an SSL handshake, we return -1 with
- * the retry option set. Otherwise renegotiation may
- * cause nasty problems in the blocking world */
- s->rwstate=SSL_READING;
- bio=SSL_get_rbio(s);
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
- }
- }
- goto start;
- }
-
- switch (rr->type)
- {
- default:
-#ifndef OPENSSL_NO_TLS
- /* TLS just ignores unknown message types */
- if (s->version == TLS1_VERSION)
- {
- rr->length = 0;
- goto start;
- }
-#endif
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- case SSL3_RT_CHANGE_CIPHER_SPEC:
- case SSL3_RT_ALERT:
- case SSL3_RT_HANDSHAKE:
- /* we already handled all of these, with the possible exception
- * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
- * should not happen when type != rr->type */
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR);
- goto f_err;
- case SSL3_RT_APPLICATION_DATA:
- /* At this point, we were expecting handshake data,
- * but have application data. If the library was
- * running inside ssl3_read() (i.e. in_read_app_data
- * is set) and it makes sense to read application data
- * at this point (session renegotiation not yet started),
- * we will indulge it.
- */
- if (s->s3->in_read_app_data &&
- (s->s3->total_renegotiations != 0) &&
- ((
- (s->state & SSL_ST_CONNECT) &&
- (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
- ) || (
- (s->state & SSL_ST_ACCEPT) &&
- (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
- )
- ))
- {
- s->s3->in_read_app_data=2;
- return(-1);
- }
- else
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- }
- }
- /* not reached */
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(-1);
- }
-
-int
-dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
- {
- int i;
-
- if (SSL_in_init(s) && !s->in_handshake)
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return -1;
- }
- }
-
- if (len > SSL3_RT_MAX_PLAIN_LENGTH)
- {
- SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_DTLS_MESSAGE_TOO_BIG);
- return -1;
- }
-
- i = dtls1_write_bytes(s, type, buf_, len);
- return i;
- }
-
-
- /* this only happens when a client hello is received and a handshake
- * is started. */
-static int
-have_handshake_fragment(SSL *s, int type, unsigned char *buf,
- int len, int peek)
- {
-
- if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
- /* (partially) satisfy request from storage */
- {
- unsigned char *src = s->d1->handshake_fragment;
- unsigned char *dst = buf;
- unsigned int k,n;
-
- /* peek == 0 */
- n = 0;
- while ((len > 0) && (s->d1->handshake_fragment_len > 0))
- {
- *dst++ = *src++;
- len--; s->d1->handshake_fragment_len--;
- n++;
- }
- /* move any remaining fragment bytes: */
- for (k = 0; k < s->d1->handshake_fragment_len; k++)
- s->d1->handshake_fragment[k] = *src++;
- return n;
- }
-
- return 0;
- }
-
-
-
-
-/* Call this to write data in records of type 'type'
- * It will return <= 0 if not all data has been sent or non-blocking IO.
- */
-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
- {
- int i;
-
- OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
- s->rwstate=SSL_NOTHING;
- i=do_dtls1_write(s, type, buf, len, 0);
- return i;
- }
-
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
- {
- unsigned char *p,*pseq;
- int i,mac_size,clear=0;
- int prefix_len = 0;
- SSL3_RECORD *wr;
- SSL3_BUFFER *wb;
- SSL_SESSION *sess;
- int bs;
-
- /* first check if there is a SSL3_BUFFER still being written
- * out. This will happen with non blocking IO */
- if (s->s3->wbuf.left != 0)
- {
- OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
- return(ssl3_write_pending(s,type,buf,len));
- }
-
- /* If we have an alert to send, lets send it */
- if (s->s3->alert_dispatch)
- {
- i=s->method->ssl_dispatch_alert(s);
- if (i <= 0)
- return(i);
- /* if it went, fall through and send more stuff */
- }
-
- if (len == 0 && !create_empty_fragment)
- return 0;
-
- wr= &(s->s3->wrec);
- wb= &(s->s3->wbuf);
- sess=s->session;
-
- if ( (sess == NULL) ||
- (s->enc_write_ctx == NULL) ||
- (s->write_hash == NULL))
- clear=1;
-
- if (clear)
- mac_size=0;
- else
- mac_size=EVP_MD_size(s->write_hash);
-
- /* DTLS implements explicit IV, so no need for empty fragments */
-#if 0
- /* 'create_empty_fragment' is true only when this function calls itself */
- if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
- && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
- {
- /* countermeasure against known-IV weakness in CBC ciphersuites
- * (see http://www.openssl.org/~bodo/tls-cbc.txt)
- */
-
- if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
- {
- /* recursive function call with 'create_empty_fragment' set;
- * this prepares and buffers the data for an empty fragment
- * (these 'prefix_len' bytes are sent out later
- * together with the actual payload) */
- prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
- if (prefix_len <= 0)
- goto err;
-
- if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
- {
- /* insufficient space */
- SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- s->s3->empty_fragment_done = 1;
- }
-#endif
-
- p = wb->buf + prefix_len;
-
- /* write the header */
-
- *(p++)=type&0xff;
- wr->type=type;
-
- if (s->client_version == DTLS1_BAD_VER)
- *(p++) = DTLS1_BAD_VER>>8,
- *(p++) = DTLS1_BAD_VER&0xff;
- else
- *(p++)=(s->version>>8),
- *(p++)=s->version&0xff;
-
- /* field where we are to write out packet epoch, seq num and len */
- pseq=p;
- p+=10;
-
- /* lets setup the record stuff. */
-
- /* Make space for the explicit IV in case of CBC.
- * (this is a bit of a boundary violation, but what the heck).
- */
- if ( s->enc_write_ctx &&
- (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
- bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
- else
- bs = 0;
-
- wr->data=p + bs; /* make room for IV in case of CBC */
- wr->length=(int)len;
- wr->input=(unsigned char *)buf;
-
- /* we now 'read' from wr->input, wr->length bytes into
- * wr->data */
-
- /* first we compress */
- if (s->compress != NULL)
- {
- if (!ssl3_do_compress(s))
- {
- SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
- goto err;
- }
- }
- else
- {
- memcpy(wr->data,wr->input,wr->length);
- wr->input=wr->data;
- }
-
- /* we should still have the output to wr->data and the input
- * from wr->input. Length should be wr->length.
- * wr->data still points in the wb->buf */
-
- if (mac_size != 0)
- {
- s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1);
- wr->length+=mac_size;
- }
-
- /* this is true regardless of mac size */
- wr->input=p;
- wr->data=p;
-
-
- /* ssl3_enc can only have an error on read */
- if (bs) /* bs != 0 in case of CBC */
- {
- RAND_pseudo_bytes(p,bs);
- /* master IV and last CBC residue stand for
- * the rest of randomness */
- wr->length += bs;
- }
-
- s->method->ssl3_enc->enc(s,1);
-
- /* record length after mac and block padding */
-/* if (type == SSL3_RT_APPLICATION_DATA ||
- (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
-
- /* there's only one epoch between handshake and app data */
-
- s2n(s->d1->w_epoch, pseq);
-
- /* XDTLS: ?? */
-/* else
- s2n(s->d1->handshake_epoch, pseq); */
-
- memcpy(pseq, &(s->s3->write_sequence[2]), 6);
- pseq+=6;
- s2n(wr->length,pseq);
-
- /* we should now have
- * wr->data pointing to the encrypted data, which is
- * wr->length long */
- wr->type=type; /* not needed but helps for debugging */
- wr->length+=DTLS1_RT_HEADER_LENGTH;
-
-#if 0 /* this is now done at the message layer */
- /* buffer the record, making it easy to handle retransmits */
- if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
- dtls1_buffer_record(s, wr->data, wr->length,
- *((PQ_64BIT *)&(s->s3->write_sequence[0])));
-#endif
-
- ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
-
- if (create_empty_fragment)
- {
- /* we are in a recursive call;
- * just return the length, don't write out anything here
- */
- return wr->length;
- }
-
- /* now let's set up wb */
- wb->left = prefix_len + wr->length;
- wb->offset = 0;
-
- /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
- s->s3->wpend_tot=len;
- s->s3->wpend_buf=buf;
- s->s3->wpend_type=type;
- s->s3->wpend_ret=len;
-
- /* we now just need to write the buffer */
- return ssl3_write_pending(s,type,buf,len);
-err:
- return -1;
- }
-
-
-
-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
- PQ_64BIT *seq_num)
- {
-#if PQ_64BIT_IS_INTEGER
- PQ_64BIT mask = 0x0000000000000001L;
-#endif
- PQ_64BIT rcd_num, tmp;
-
- pq_64bit_init(&rcd_num);
- pq_64bit_init(&tmp);
-
- /* this is the sequence number for the record just read */
- pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
-
-
- if (pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
- pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
- {
- pq_64bit_assign(seq_num, &rcd_num);
- pq_64bit_free(&rcd_num);
- pq_64bit_free(&tmp);
- return 1; /* this record is new */
- }
-
- pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
-
- if ( pq_64bit_get_word(&tmp) > bitmap->length)
- {
- pq_64bit_free(&rcd_num);
- pq_64bit_free(&tmp);
- return 0; /* stale, outside the window */
- }
-
-#if PQ_64BIT_IS_BIGNUM
- {
- int offset;
- pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
- pq_64bit_sub_word(&tmp, 1);
- offset = pq_64bit_get_word(&tmp);
- if ( pq_64bit_is_bit_set(&(bitmap->map), offset))
- {
- pq_64bit_free(&rcd_num);
- pq_64bit_free(&tmp);
- return 0;
- }
- }
-#else
- mask <<= (bitmap->max_seq_num - rcd_num - 1);
- if (bitmap->map & mask)
- return 0; /* record previously received */
-#endif
-
- pq_64bit_assign(seq_num, &rcd_num);
- pq_64bit_free(&rcd_num);
- pq_64bit_free(&tmp);
- return 1;
- }
-
-
-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
- {
- unsigned int shift;
- PQ_64BIT rcd_num;
- PQ_64BIT tmp;
- PQ_64BIT_CTX *ctx;
-
- pq_64bit_init(&rcd_num);
- pq_64bit_init(&tmp);
-
- pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
-
- /* unfortunate code complexity due to 64-bit manipulation support
- * on 32-bit machines */
- if ( pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
- pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
- {
- pq_64bit_sub(&tmp, &rcd_num, &(bitmap->max_seq_num));
- pq_64bit_add_word(&tmp, 1);
-
- shift = (unsigned int)pq_64bit_get_word(&tmp);
-
- pq_64bit_lshift(&(tmp), &(bitmap->map), shift);
- pq_64bit_assign(&(bitmap->map), &tmp);
-
- pq_64bit_set_bit(&(bitmap->map), 0);
- pq_64bit_add_word(&rcd_num, 1);
- pq_64bit_assign(&(bitmap->max_seq_num), &rcd_num);
-
- pq_64bit_assign_word(&tmp, 1);
- pq_64bit_lshift(&tmp, &tmp, bitmap->length);
- ctx = pq_64bit_ctx_new(&ctx);
- pq_64bit_mod(&(bitmap->map), &(bitmap->map), &tmp, ctx);
- pq_64bit_ctx_free(ctx);
- }
- else
- {
- pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
- pq_64bit_sub_word(&tmp, 1);
- shift = (unsigned int)pq_64bit_get_word(&tmp);
-
- pq_64bit_set_bit(&(bitmap->map), shift);
- }
-
- pq_64bit_free(&rcd_num);
- pq_64bit_free(&tmp);
- }
-
-
-int dtls1_dispatch_alert(SSL *s)
- {
- int i,j;
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- unsigned char buf[DTLS1_AL_HEADER_LENGTH];
- unsigned char *ptr = &buf[0];
-
- s->s3->alert_dispatch=0;
-
- memset(buf, 0x00, sizeof(buf));
- *ptr++ = s->s3->send_alert[0];
- *ptr++ = s->s3->send_alert[1];
-
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
- if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
- {
- s2n(s->d1->handshake_read_seq, ptr);
-#if 0
- if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */
-
- else
- s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
-#endif
-
-#if 0
- fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq);
-#endif
- l2n3(s->d1->r_msg_hdr.frag_off, ptr);
- }
-#endif
-
- i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
- if (i <= 0)
- {
- s->s3->alert_dispatch=1;
- /* fprintf( stderr, "not done with alert\n" ); */
- }
- else
- {
- if (s->s3->send_alert[0] == SSL3_AL_FATAL
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
- || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-#endif
- )
- (void)BIO_flush(s->wbio);
-
- if (s->msg_callback)
- s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
- 2, s, s->msg_callback_arg);
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- if (cb != NULL)
- {
- j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
- cb(s,SSL_CB_WRITE_ALERT,j);
- }
- }
- return(i);
- }
-
-
-static DTLS1_BITMAP *
-dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
- {
-
- *is_next_epoch = 0;
-
- /* In current epoch, accept HM, CCS, DATA, & ALERT */
- if (rr->epoch == s->d1->r_epoch)
- return &s->d1->bitmap;
-
- /* Only HM and ALERT messages can be from the next epoch */
- else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
- (rr->type == SSL3_RT_HANDSHAKE ||
- rr->type == SSL3_RT_ALERT))
- {
- *is_next_epoch = 1;
- return &s->d1->next_bitmap;
- }
-
- return NULL;
- }
-
-#if 0
-static int
-dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority,
- unsigned long *offset)
- {
-
- /* alerts are passed up immediately */
- if ( rr->type == SSL3_RT_APPLICATION_DATA ||
- rr->type == SSL3_RT_ALERT)
- return 0;
-
- /* Only need to buffer if a handshake is underway.
- * (this implies that Hello Request and Client Hello are passed up
- * immediately) */
- if ( SSL_in_init(s))
- {
- unsigned char *data = rr->data;
- /* need to extract the HM/CCS sequence number here */
- if ( rr->type == SSL3_RT_HANDSHAKE ||
- rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
- {
- unsigned short seq_num;
- struct hm_header_st msg_hdr;
- struct ccs_header_st ccs_hdr;
-
- if ( rr->type == SSL3_RT_HANDSHAKE)
- {
- dtls1_get_message_header(data, &msg_hdr);
- seq_num = msg_hdr.seq;
- *offset = msg_hdr.frag_off;
- }
- else
- {
- dtls1_get_ccs_header(data, &ccs_hdr);
- seq_num = ccs_hdr.seq;
- *offset = 0;
- }
-
- /* this is either a record we're waiting for, or a
- * retransmit of something we happened to previously
- * receive (higher layers will drop the repeat silently */
- if ( seq_num < s->d1->handshake_read_seq)
- return 0;
- if (rr->type == SSL3_RT_HANDSHAKE &&
- seq_num == s->d1->handshake_read_seq &&
- msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
- return 0;
- else if ( seq_num == s->d1->handshake_read_seq &&
- (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
- msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
- return 0;
- else
- {
- *priority = seq_num;
- return 1;
- }
- }
- else /* unknown record type */
- return 0;
- }
-
- return 0;
- }
-#endif
-
-void
-dtls1_reset_seq_numbers(SSL *s, int rw)
- {
- unsigned char *seq;
- unsigned int seq_bytes = sizeof(s->s3->read_sequence);
-
- if ( rw & SSL3_CC_READ)
- {
- seq = s->s3->read_sequence;
- s->d1->r_epoch++;
-
- pq_64bit_assign(&(s->d1->bitmap.map), &(s->d1->next_bitmap.map));
- s->d1->bitmap.length = s->d1->next_bitmap.length;
- pq_64bit_assign(&(s->d1->bitmap.max_seq_num),
- &(s->d1->next_bitmap.max_seq_num));
-
- pq_64bit_free(&(s->d1->next_bitmap.map));
- pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
- memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
- pq_64bit_init(&(s->d1->next_bitmap.map));
- pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
- }
- else
- {
- seq = s->s3->write_sequence;
- memcpy(s->d1->last_write_sequence, seq, sizeof(s->s3->write_sequence));
- s->d1->w_epoch++;
- }
-
- memset(seq, 0x00, seq_bytes);
- }
-
-#if PQ_64BIT_IS_INTEGER
-static PQ_64BIT
-bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num)
- {
- PQ_64BIT _num;
-
- _num = (((PQ_64BIT)bytes[0]) << 56) |
- (((PQ_64BIT)bytes[1]) << 48) |
- (((PQ_64BIT)bytes[2]) << 40) |
- (((PQ_64BIT)bytes[3]) << 32) |
- (((PQ_64BIT)bytes[4]) << 24) |
- (((PQ_64BIT)bytes[5]) << 16) |
- (((PQ_64BIT)bytes[6]) << 8) |
- (((PQ_64BIT)bytes[7]) );
-
- *num = _num ;
- return _num;
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/d1_pkt.c (from rev 6976, vendor-crypto/openssl/dist/ssl/d1_pkt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/d1_pkt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_pkt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1805 @@
+/* ssl/d1_pkt.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/pqueue.h>
+#include <openssl/rand.h>
+
+static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
+ int len, int peek);
+static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
+ PQ_64BIT * seq_num);
+static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
+static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+ unsigned int *is_next_epoch);
+#if 0
+static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
+ unsigned short *priority,
+ unsigned long *offset);
+#endif
+static int dtls1_buffer_record(SSL *s, record_pqueue *q, PQ_64BIT * priority);
+static int dtls1_process_record(SSL *s);
+#if PQ_64BIT_IS_INTEGER
+static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT * num);
+#endif
+
+/* copy buffered record into SSL structure */
+static int dtls1_copy_record(SSL *s, pitem *item)
+{
+ DTLS1_RECORD_DATA *rdata;
+
+ rdata = (DTLS1_RECORD_DATA *)item->data;
+
+ if (s->s3->rbuf.buf != NULL)
+ OPENSSL_free(s->s3->rbuf.buf);
+
+ s->packet = rdata->packet;
+ s->packet_length = rdata->packet_length;
+ memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
+ memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+
+ /* Set proper sequence number for mac calculation */
+ memcpy(&(s->s3->read_sequence[2]), &(rdata->packet[5]), 6);
+
+ return (1);
+}
+
+static int
+dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT * priority)
+{
+ DTLS1_RECORD_DATA *rdata;
+ pitem *item;
+
+ /* Limit the size of the queue to prevent DOS attacks */
+ if (pqueue_size(queue->q) >= 100)
+ return 0;
+
+ rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
+ item = pitem_new(*priority, rdata);
+ if (rdata == NULL || item == NULL) {
+ if (rdata != NULL)
+ OPENSSL_free(rdata);
+ if (item != NULL)
+ pitem_free(item);
+
+ SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ return (0);
+ }
+
+ rdata->packet = s->packet;
+ rdata->packet_length = s->packet_length;
+ memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
+ memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
+
+ item->data = rdata;
+
+ /* insert should not fail, since duplicates are dropped */
+ if (pqueue_insert(queue->q, item) == NULL) {
+ OPENSSL_free(rdata);
+ pitem_free(item);
+ return (0);
+ }
+
+ s->packet = NULL;
+ s->packet_length = 0;
+ memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
+ memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
+
+ if (!ssl3_setup_buffers(s)) {
+ SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
+ OPENSSL_free(rdata);
+ pitem_free(item);
+ return (0);
+ }
+
+ return (1);
+}
+
+static int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
+{
+ pitem *item;
+
+ item = pqueue_pop(queue->q);
+ if (item) {
+ dtls1_copy_record(s, item);
+
+ OPENSSL_free(item->data);
+ pitem_free(item);
+
+ return (1);
+ }
+
+ return (0);
+}
+
+/*
+ * retrieve a buffered record that belongs to the new epoch, i.e., not
+ * processed yet
+ */
+#define dtls1_get_unprocessed_record(s) \
+ dtls1_retrieve_buffered_record((s), \
+ &((s)->d1->unprocessed_rcds))
+
+/*
+ * retrieve a buffered record that belongs to the current epoch, ie,
+ * processed
+ */
+#define dtls1_get_processed_record(s) \
+ dtls1_retrieve_buffered_record((s), \
+ &((s)->d1->processed_rcds))
+
+static int dtls1_process_buffered_records(SSL *s)
+{
+ pitem *item;
+
+ item = pqueue_peek(s->d1->unprocessed_rcds.q);
+ if (item) {
+ /* Check if epoch is current. */
+ if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
+ return (1); /* Nothing to do. */
+
+ /* Process all the records. */
+ while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
+ dtls1_get_unprocessed_record(s);
+ if (!dtls1_process_record(s))
+ return (0);
+ dtls1_buffer_record(s, &(s->d1->processed_rcds),
+ &s->s3->rrec.seq_num);
+ }
+ }
+
+ /*
+ * sync epoch numbers once all the unprocessed records have been
+ * processed
+ */
+ s->d1->processed_rcds.epoch = s->d1->r_epoch;
+ s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
+
+ return (1);
+}
+
+#if 0
+
+static int dtls1_get_buffered_record(SSL *s)
+{
+ pitem *item;
+ PQ_64BIT priority =
+ (((PQ_64BIT) s->d1->handshake_read_seq) << 32) |
+ ((PQ_64BIT) s->d1->r_msg_hdr.frag_off);
+
+ /* if we're not (re)negotiating, nothing buffered */
+ if (!SSL_in_init(s))
+ return 0;
+
+ item = pqueue_peek(s->d1->rcvd_records);
+ if (item && item->priority == priority) {
+ /*
+ * Check if we've received the record of interest. It must be a
+ * handshake record, since data records as passed up without
+ * buffering
+ */
+ DTLS1_RECORD_DATA *rdata;
+ item = pqueue_pop(s->d1->rcvd_records);
+ rdata = (DTLS1_RECORD_DATA *)item->data;
+
+ if (s->s3->rbuf.buf != NULL)
+ OPENSSL_free(s->s3->rbuf.buf);
+
+ s->packet = rdata->packet;
+ s->packet_length = rdata->packet_length;
+ memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
+ memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
+
+ OPENSSL_free(item->data);
+ pitem_free(item);
+
+ /* s->d1->next_expected_seq_num++; */
+ return (1);
+ }
+
+ return 0;
+}
+
+#endif
+
+static int dtls1_process_record(SSL *s)
+{
+ int i, al;
+ int enc_err;
+ SSL_SESSION *sess;
+ SSL3_RECORD *rr;
+ unsigned int mac_size, orig_len;
+ unsigned char md[EVP_MAX_MD_SIZE];
+
+ rr = &(s->s3->rrec);
+ sess = s->session;
+
+ /*
+ * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
+ * and we have that many bytes in s->packet
+ */
+ rr->input = &(s->packet[DTLS1_RT_HEADER_LENGTH]);
+
+ /*
+ * ok, we can now read from 's->packet' data into 'rr' rr->input points
+ * at rr->length bytes, which need to be copied into rr->data by either
+ * the decryption or by the decompression When the data is 'copied' into
+ * the rr->data buffer, rr->input will be pointed at the new buffer
+ */
+
+ /*
+ * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length
+ * bytes of encrypted compressed stuff.
+ */
+
+ /* check is not needed I believe */
+ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+ al = SSL_AD_RECORD_OVERFLOW;
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+ goto f_err;
+ }
+
+ /* decrypt in place in 'rr->input' */
+ rr->data = rr->input;
+
+ enc_err = s->method->ssl3_enc->enc(s, 0);
+ /*-
+ * enc_err is:
+ * 0: (in non-constant time) if the record is publically invalid.
+ * 1: if the padding is valid
+ * -1: if the padding is invalid
+ */
+ if (enc_err == 0) {
+ /* For DTLS we simply ignore bad packets. */
+ rr->length = 0;
+ s->packet_length = 0;
+ goto err;
+ }
+#ifdef TLS_DEBUG
+ printf("dec %d\n", rr->length);
+ {
+ unsigned int z;
+ for (z = 0; z < rr->length; z++)
+ printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
+ }
+ printf("\n");
+#endif
+
+ /* r->length is now the compressed data plus mac */
+ if ((sess != NULL) && (s->enc_read_ctx != NULL) && (s->read_hash != NULL)) {
+ /* s->read_hash != NULL => mac_size != -1 */
+ unsigned char *mac = NULL;
+ unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+ mac_size = EVP_MD_size(s->read_hash);
+ OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+
+ /*
+ * kludge: *_cbc_remove_padding passes padding length in rr->type
+ */
+ orig_len = rr->length + ((unsigned int)rr->type >> 8);
+
+ /*
+ * orig_len is the length of the record before any padding was
+ * removed. This is public information, as is the MAC in use,
+ * therefore we can safely process the record in a different amount
+ * of time if it's too short to possibly contain a MAC.
+ */
+ if (orig_len < mac_size ||
+ /* CBC records must have a padding length byte too. */
+ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+ orig_len < mac_size + 1)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+
+ if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+ /*
+ * We update the length so that the TLS header bytes can be
+ * constructed correctly but we need to extract the MAC in
+ * constant time from within the record, without leaking the
+ * contents of the padding bytes.
+ */
+ mac = mac_tmp;
+ ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
+ rr->length -= mac_size;
+ } else {
+ /*
+ * In this case there's no padding, so |orig_len| equals
+ * |rec->length| and we checked that there's enough bytes for
+ * |mac_size| above.
+ */
+ rr->length -= mac_size;
+ mac = &rr->data[rr->length];
+ }
+
+ i = s->method->ssl3_enc->mac(s, md, 0 /* not send */ );
+ if (i < 0 || mac == NULL
+ || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+ enc_err = -1;
+ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
+ enc_err = -1;
+ }
+
+ if (enc_err < 0) {
+ /* decryption failed, silently discard message */
+ rr->length = 0;
+ s->packet_length = 0;
+ goto err;
+ }
+
+ /* r->length is now just compressed */
+ if (s->expand != NULL) {
+ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
+ al = SSL_AD_RECORD_OVERFLOW;
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD,
+ SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+ goto f_err;
+ }
+ if (!ssl3_do_uncompress(s)) {
+ al = SSL_AD_DECOMPRESSION_FAILURE;
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
+ goto f_err;
+ }
+ }
+
+ if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
+ al = SSL_AD_RECORD_OVERFLOW;
+ SSLerr(SSL_F_DTLS1_PROCESS_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
+ goto f_err;
+ }
+
+ rr->off = 0;
+ /*-
+ * So at this point the following is true
+ * ssl->s3->rrec.type is the type of record
+ * ssl->s3->rrec.length == number of bytes in record
+ * ssl->s3->rrec.off == offset to first valid byte
+ * ssl->s3->rrec.data == where to take bytes from, increment
+ * after use :-).
+ */
+
+ /* we have pulled in a full packet so zero things */
+ s->packet_length = 0;
+ dtls1_record_bitmap_update(s, &(s->d1->bitmap)); /* Mark receipt of
+ * record. */
+ return (1);
+
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+ return (0);
+}
+
+/*-
+ * Call this to get a new input record.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, one packet has been decoded and can be found in
+ * ssl->s3->rrec.type - is the type of record
+ * ssl->s3->rrec.data, - data
+ * ssl->s3->rrec.length, - number of bytes
+ */
+/* used only by dtls1_read_bytes */
+int dtls1_get_record(SSL *s)
+{
+ int ssl_major, ssl_minor;
+ int i, n;
+ SSL3_RECORD *rr;
+ unsigned char *p = NULL;
+ unsigned short version;
+ DTLS1_BITMAP *bitmap;
+ unsigned int is_next_epoch;
+
+ rr = &(s->s3->rrec);
+
+ /*
+ * The epoch may have changed. If so, process all the pending records.
+ * This is a non-blocking operation.
+ */
+ dtls1_process_buffered_records(s);
+
+ /* if we're renegotiating, then there may be buffered records */
+ if (dtls1_get_processed_record(s))
+ return 1;
+
+ /* get something from the wire */
+ again:
+ /* check if we have the header */
+ if ((s->rstate != SSL_ST_READ_BODY) ||
+ (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
+ n = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
+ /* read timeout is handled by dtls1_read_bytes */
+ if (n <= 0)
+ return (n); /* error or non-blocking */
+
+ /* this packet contained a partial record, dump it */
+ if (s->packet_length != DTLS1_RT_HEADER_LENGTH) {
+ s->packet_length = 0;
+ goto again;
+ }
+
+ s->rstate = SSL_ST_READ_BODY;
+
+ p = s->packet;
+
+ /* Pull apart the header into the DTLS1_RECORD */
+ rr->type = *(p++);
+ ssl_major = *(p++);
+ ssl_minor = *(p++);
+ version = (ssl_major << 8) | ssl_minor;
+
+ /* sequence number is 64 bits, with top 2 bytes = epoch */
+ n2s(p, rr->epoch);
+
+ memcpy(&(s->s3->read_sequence[2]), p, 6);
+ p += 6;
+
+ n2s(p, rr->length);
+
+ /* Lets check version */
+ if (!s->first_packet) {
+ if (version != s->version && version != DTLS1_BAD_VER) {
+ /* unexpected version, silently discard */
+ rr->length = 0;
+ s->packet_length = 0;
+ goto again;
+ }
+ }
+
+ if ((version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
+ (version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) {
+ /* wrong version, silently discard record */
+ rr->length = 0;
+ s->packet_length = 0;
+ goto again;
+ }
+
+ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+ /* record too long, silently discard it */
+ rr->length = 0;
+ s->packet_length = 0;
+ goto again;
+ }
+
+ s->client_version = version;
+ /* now s->rstate == SSL_ST_READ_BODY */
+ }
+
+ /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
+
+ if (rr->length > s->packet_length - DTLS1_RT_HEADER_LENGTH) {
+ /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
+ i = rr->length;
+ n = ssl3_read_n(s, i, i, 1);
+ /* this packet contained a partial record, dump it */
+ if (n != i) {
+ rr->length = 0;
+ s->packet_length = 0;
+ goto again;
+ }
+
+ /*
+ * now n == rr->length, and s->packet_length ==
+ * DTLS1_RT_HEADER_LENGTH + rr->length
+ */
+ }
+ s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
+
+ /* match epochs. NULL means the packet is dropped on the floor */
+ bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
+ if (bitmap == NULL) {
+ rr->length = 0;
+ s->packet_length = 0; /* dump this record */
+ goto again; /* get another record */
+ }
+
+ /*
+ * Check whether this is a repeat, or aged record. Don't check if we're
+ * listening and this message is a ClientHello. They can look as if
+ * they're replayed, since they arrive from different connections and
+ * would be dropped unnecessarily.
+ */
+ if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
+ s->packet_length > DTLS1_RT_HEADER_LENGTH &&
+ s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) &&
+ !dtls1_record_replay_check(s, bitmap, &(rr->seq_num))) {
+ rr->length = 0;
+ s->packet_length = 0; /* dump this record */
+ goto again; /* get another record */
+ }
+
+ /* just read a 0 length packet */
+ if (rr->length == 0)
+ goto again;
+
+ /*
+ * If this record is from the next epoch (either HM or ALERT), and a
+ * handshake is currently in progress, buffer it since it cannot be
+ * processed at this time. However, do not buffer anything while
+ * listening.
+ */
+ if (is_next_epoch) {
+ if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
+ dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), &rr->seq_num);
+ }
+ rr->length = 0;
+ s->packet_length = 0;
+ goto again;
+ }
+
+ if (!dtls1_process_record(s)) {
+ rr->length = 0;
+ s->packet_length = 0; /* dump this record */
+ goto again; /* get another record */
+ }
+
+ return (1);
+
+}
+
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ * - 0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
+ * a surprise, but handled as if it were), or renegotiation requests.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ * Change cipher spec protocol
+ * just 1 byte needed, no need for keeping anything stored
+ * Alert protocol
+ * 2 bytes needed (AlertLevel, AlertDescription)
+ * Handshake protocol
+ * 4 bytes needed (HandshakeType, uint24 length) -- we just have
+ * to detect unexpected Client Hello and Hello Request messages
+ * here, anything else is handled by higher layers
+ * Application data protocol
+ * none of our business
+ */
+int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+{
+ int al, i, j, ret;
+ unsigned int n;
+ SSL3_RECORD *rr;
+ void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+
+ if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
+ if (!ssl3_setup_buffers(s))
+ return (-1);
+
+ /* XXX: check what the second '&& type' is about */
+ if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
+ (type != SSL3_RT_HANDSHAKE) && type) ||
+ (peek && (type != SSL3_RT_APPLICATION_DATA))) {
+ SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+
+ /*
+ * check whether there's a handshake message (client hello?) waiting
+ */
+ if ((ret = have_handshake_fragment(s, type, buf, len, peek)))
+ return ret;
+
+ /*
+ * Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
+ */
+
+ if (!s->in_handshake && SSL_in_init(s)) {
+ /* type == SSL3_RT_APPLICATION_DATA */
+ i = s->handshake_func(s);
+ if (i < 0)
+ return (i);
+ if (i == 0) {
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+ return (-1);
+ }
+ }
+
+ start:
+ s->rwstate = SSL_NOTHING;
+
+ /*-
+ * s->s3->rrec.type - is the type of record
+ * s->s3->rrec.data, - data
+ * s->s3->rrec.off, - offset into 'data' for next read
+ * s->s3->rrec.length, - number of bytes.
+ */
+ rr = &(s->s3->rrec);
+
+ /*
+ * We are not handshaking and have no data yet, so process data buffered
+ * during the last handshake in advance, if any.
+ */
+ if (s->state == SSL_ST_OK && rr->length == 0) {
+ pitem *item;
+ item = pqueue_pop(s->d1->buffered_app_data.q);
+ if (item) {
+ dtls1_copy_record(s, item);
+
+ OPENSSL_free(item->data);
+ pitem_free(item);
+ }
+ }
+
+ /* Check for timeout */
+ if (dtls1_handle_timeout(s) > 0)
+ goto start;
+
+ /* get new packet if necessary */
+ if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
+ ret = dtls1_get_record(s);
+ if (ret <= 0) {
+ ret = dtls1_read_failed(s, ret);
+ /* anything other than a timeout is an error */
+ if (ret <= 0)
+ return (ret);
+ else
+ goto start;
+ }
+ }
+
+ if (s->d1->listen && rr->type != SSL3_RT_HANDSHAKE) {
+ rr->length = 0;
+ goto start;
+ }
+
+ /* we now have a packet which can be read and processed */
+
+ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+ * reset by ssl3_get_finished */
+ && (rr->type != SSL3_RT_HANDSHAKE)) {
+ /*
+ * We now have application data between CCS and Finished. Most likely
+ * the packets were reordered on their way, so buffer the application
+ * data for later processing rather than dropping the connection.
+ */
+ dtls1_buffer_record(s, &(s->d1->buffered_app_data), &rr->seq_num);
+ rr->length = 0;
+ goto start;
+ }
+
+ /*
+ * If the other end has shut down, throw anything we read away (even in
+ * 'peek' mode)
+ */
+ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+ rr->length = 0;
+ s->rwstate = SSL_NOTHING;
+ return (0);
+ }
+
+ if (type == rr->type) { /* SSL3_RT_APPLICATION_DATA or
+ * SSL3_RT_HANDSHAKE */
+ /*
+ * make sure that we are not getting application data when we are
+ * doing a handshake for the first time
+ */
+ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+ (s->enc_read_ctx == NULL)) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
+ goto f_err;
+ }
+
+ if (len <= 0)
+ return (len);
+
+ if ((unsigned int)len > rr->length)
+ n = rr->length;
+ else
+ n = (unsigned int)len;
+
+ memcpy(buf, &(rr->data[rr->off]), n);
+ if (!peek) {
+ rr->length -= n;
+ rr->off += n;
+ if (rr->length == 0) {
+ s->rstate = SSL_ST_READ_HEADER;
+ rr->off = 0;
+ }
+ }
+ return (n);
+ }
+
+ /*
+ * If we get here, then type != rr->type; if we have a handshake message,
+ * then it was unexpected (Hello Request or Client Hello).
+ */
+
+ /*
+ * In case of record types for which we have 'fragment' storage, fill
+ * that so that we can process the data at a fixed place.
+ */
+ {
+ unsigned int k, dest_maxlen = 0;
+ unsigned char *dest = NULL;
+ unsigned int *dest_len = NULL;
+
+ if (rr->type == SSL3_RT_HANDSHAKE) {
+ dest_maxlen = sizeof s->d1->handshake_fragment;
+ dest = s->d1->handshake_fragment;
+ dest_len = &s->d1->handshake_fragment_len;
+ } else if (rr->type == SSL3_RT_ALERT) {
+ dest_maxlen = sizeof(s->d1->alert_fragment);
+ dest = s->d1->alert_fragment;
+ dest_len = &s->d1->alert_fragment_len;
+ }
+ /* else it's a CCS message, or application data or wrong */
+ else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) {
+ /*
+ * Application data while renegotiating is allowed. Try again
+ * reading.
+ */
+ if (rr->type == SSL3_RT_APPLICATION_DATA) {
+ BIO *bio;
+ s->s3->in_read_app_data = 2;
+ bio = SSL_get_rbio(s);
+ s->rwstate = SSL_READING;
+ BIO_clear_retry_flags(bio);
+ BIO_set_retry_read(bio);
+ return (-1);
+ }
+
+ /* Not certain if this is the right error handling */
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+ goto f_err;
+ }
+
+ if (dest_maxlen > 0) {
+ /*
+ * XDTLS: In a pathalogical case, the Client Hello may be
+ * fragmented--don't always expect dest_maxlen bytes
+ */
+ if (rr->length < dest_maxlen) {
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+ /*
+ * for normal alerts rr->length is 2, while
+ * dest_maxlen is 7 if we were to handle this
+ * non-existing alert...
+ */
+ FIX ME
+#endif
+ s->rstate = SSL_ST_READ_HEADER;
+ rr->length = 0;
+ goto start;
+ }
+
+ /* now move 'n' bytes: */
+ for (k = 0; k < dest_maxlen; k++) {
+ dest[k] = rr->data[rr->off++];
+ rr->length--;
+ }
+ *dest_len = dest_maxlen;
+ }
+ }
+
+ /*-
+ * s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
+ * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
+ * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+ */
+
+ /* If we are a client, check for an incoming 'Hello Request': */
+ if ((!s->server) &&
+ (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
+ (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
+ (s->session != NULL) && (s->session->cipher != NULL)) {
+ s->d1->handshake_fragment_len = 0;
+
+ if ((s->d1->handshake_fragment[1] != 0) ||
+ (s->d1->handshake_fragment[2] != 0) ||
+ (s->d1->handshake_fragment[3] != 0)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
+ goto err;
+ }
+
+ /*
+ * no need to check sequence number on HELLO REQUEST messages
+ */
+
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+ s->d1->handshake_fragment, 4, s,
+ s->msg_callback_arg);
+
+ if (SSL_is_init_finished(s) &&
+ !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+ !s->s3->renegotiate) {
+ s->d1->handshake_read_seq++;
+ ssl3_renegotiate(s);
+ if (ssl3_renegotiate_check(s)) {
+ i = s->handshake_func(s);
+ if (i < 0)
+ return (i);
+ if (i == 0) {
+ SSLerr(SSL_F_DTLS1_READ_BYTES,
+ SSL_R_SSL_HANDSHAKE_FAILURE);
+ return (-1);
+ }
+
+ if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+ if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
+ BIO *bio;
+ /*
+ * In the case where we try to read application data,
+ * but we trigger an SSL handshake, we return -1 with
+ * the retry option set. Otherwise renegotiation may
+ * cause nasty problems in the blocking world
+ */
+ s->rwstate = SSL_READING;
+ bio = SSL_get_rbio(s);
+ BIO_clear_retry_flags(bio);
+ BIO_set_retry_read(bio);
+ return (-1);
+ }
+ }
+ }
+ }
+ /*
+ * we either finished a handshake or ignored the request, now try
+ * again to obtain the (application) data we were asked for
+ */
+ goto start;
+ }
+
+ if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) {
+ int alert_level = s->d1->alert_fragment[0];
+ int alert_descr = s->d1->alert_fragment[1];
+
+ s->d1->alert_fragment_len = 0;
+
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_ALERT,
+ s->d1->alert_fragment, 2, s, s->msg_callback_arg);
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ if (cb != NULL) {
+ j = (alert_level << 8) | alert_descr;
+ cb(s, SSL_CB_READ_ALERT, j);
+ }
+
+ if (alert_level == 1) { /* warning */
+ s->s3->warn_alert = alert_descr;
+ if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
+ s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+ return (0);
+ }
+#if 0
+ /* XXX: this is a possible improvement in the future */
+ /* now check if it's a missing record */
+ if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
+ unsigned short seq;
+ unsigned int frag_off;
+ unsigned char *p = &(s->d1->alert_fragment[2]);
+
+ n2s(p, seq);
+ n2l3(p, frag_off);
+
+ dtls1_retransmit_message(s,
+ dtls1_get_queue_priority
+ (frag->msg_header.seq, 0), frag_off,
+ &found);
+ if (!found && SSL_in_init(s)) {
+ /*
+ * fprintf( stderr,"in init = %d\n", SSL_in_init(s));
+ */
+ /*
+ * requested a message not yet sent, send an alert
+ * ourselves
+ */
+ ssl3_send_alert(s, SSL3_AL_WARNING,
+ DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+ }
+ }
+#endif
+ } else if (alert_level == 2) { /* fatal */
+ char tmp[16];
+
+ s->rwstate = SSL_NOTHING;
+ s->s3->fatal_alert = alert_descr;
+ SSLerr(SSL_F_DTLS1_READ_BYTES,
+ SSL_AD_REASON_OFFSET + alert_descr);
+ BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+ ERR_add_error_data(2, "SSL alert number ", tmp);
+ s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+ SSL_CTX_remove_session(s->ctx, s->session);
+ return (0);
+ } else {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
+ goto f_err;
+ }
+
+ goto start;
+ }
+
+ if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
+ * shutdown */
+ s->rwstate = SSL_NOTHING;
+ rr->length = 0;
+ return (0);
+ }
+
+ if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+ struct ccs_header_st ccs_hdr;
+ unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
+
+ dtls1_get_ccs_header(rr->data, &ccs_hdr);
+
+ /*
+ * 'Change Cipher Spec' is just a single byte, so we know exactly
+ * what the record payload has to look like
+ */
+ /* XDTLS: check that epoch is consistent */
+ if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
+ ccs_hdr_len = 3;
+
+ if ((rr->length != ccs_hdr_len) || (rr->off != 0)
+ || (rr->data[0] != SSL3_MT_CCS)) {
+ i = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
+ goto err;
+ }
+
+ rr->length = 0;
+
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
+ rr->data, 1, s, s->msg_callback_arg);
+
+ /*
+ * We can't process a CCS now, because previous handshake messages
+ * are still missing, so just drop it.
+ */
+ if (!s->d1->change_cipher_spec_ok) {
+ goto start;
+ }
+
+ s->d1->change_cipher_spec_ok = 0;
+
+ s->s3->change_cipher_spec = 1;
+ if (!ssl3_do_change_cipher_spec(s))
+ goto err;
+
+ /* do this whenever CCS is processed */
+ dtls1_reset_seq_numbers(s, SSL3_CC_READ);
+
+ if (s->client_version == DTLS1_BAD_VER)
+ s->d1->handshake_read_seq++;
+
+ goto start;
+ }
+
+ /*
+ * Unexpected handshake message (Client Hello, or protocol violation)
+ */
+ if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
+ !s->in_handshake) {
+ struct hm_header_st msg_hdr;
+
+ /* this may just be a stale retransmit */
+ dtls1_get_message_header(rr->data, &msg_hdr);
+ if (rr->epoch != s->d1->r_epoch) {
+ rr->length = 0;
+ goto start;
+ }
+
+ /*
+ * If we are server, we may have a repeated FINISHED of the client
+ * here, then retransmit our CCS and FINISHED.
+ */
+ if (msg_hdr.type == SSL3_MT_FINISHED) {
+ if (dtls1_check_timeout_num(s) < 0)
+ return -1;
+
+ dtls1_retransmit_buffered_messages(s);
+ rr->length = 0;
+ goto start;
+ }
+
+ if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
+ !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
+#if 0 /* worked only because C operator preferences
+ * are not as expected (and because this is
+ * not really needed for clients except for
+ * detecting protocol violations): */
+ s->state = SSL_ST_BEFORE | (s->server)
+ ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+#else
+ s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+#endif
+ s->new_session = 1;
+ }
+ i = s->handshake_func(s);
+ if (i < 0)
+ return (i);
+ if (i == 0) {
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+ return (-1);
+ }
+
+ if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+ if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
+ BIO *bio;
+ /*
+ * In the case where we try to read application data, but we
+ * trigger an SSL handshake, we return -1 with the retry
+ * option set. Otherwise renegotiation may cause nasty
+ * problems in the blocking world
+ */
+ s->rwstate = SSL_READING;
+ bio = SSL_get_rbio(s);
+ BIO_clear_retry_flags(bio);
+ BIO_set_retry_read(bio);
+ return (-1);
+ }
+ }
+ goto start;
+ }
+
+ switch (rr->type) {
+ default:
+#ifndef OPENSSL_NO_TLS
+ /* TLS just ignores unknown message types */
+ if (s->version == TLS1_VERSION) {
+ rr->length = 0;
+ goto start;
+ }
+#endif
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+ goto f_err;
+ case SSL3_RT_CHANGE_CIPHER_SPEC:
+ case SSL3_RT_ALERT:
+ case SSL3_RT_HANDSHAKE:
+ /*
+ * we already handled all of these, with the possible exception of
+ * SSL3_RT_HANDSHAKE when s->in_handshake is set, but that should not
+ * happen when type != rr->type
+ */
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ case SSL3_RT_APPLICATION_DATA:
+ /*
+ * At this point, we were expecting handshake data, but have
+ * application data. If the library was running inside ssl3_read()
+ * (i.e. in_read_app_data is set) and it makes sense to read
+ * application data at this point (session renegotiation not yet
+ * started), we will indulge it.
+ */
+ if (s->s3->in_read_app_data &&
+ (s->s3->total_renegotiations != 0) &&
+ (((s->state & SSL_ST_CONNECT) &&
+ (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+ (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
+ ) || ((s->state & SSL_ST_ACCEPT) &&
+ (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
+ (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
+ )
+ )) {
+ s->s3->in_read_app_data = 2;
+ return (-1);
+ } else {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+ goto f_err;
+ }
+ }
+ /* not reached */
+
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+ return (-1);
+}
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
+{
+ int i;
+
+ if (SSL_in_init(s) && !s->in_handshake) {
+ i = s->handshake_func(s);
+ if (i < 0)
+ return (i);
+ if (i == 0) {
+ SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,
+ SSL_R_SSL_HANDSHAKE_FAILURE);
+ return -1;
+ }
+ }
+
+ if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
+ SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
+ return -1;
+ }
+
+ i = dtls1_write_bytes(s, type, buf_, len);
+ return i;
+}
+
+ /*
+ * this only happens when a client hello is received and a handshake
+ * is started.
+ */
+static int
+have_handshake_fragment(SSL *s, int type, unsigned char *buf,
+ int len, int peek)
+{
+
+ if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
+ /* (partially) satisfy request from storage */
+ {
+ unsigned char *src = s->d1->handshake_fragment;
+ unsigned char *dst = buf;
+ unsigned int k, n;
+
+ /* peek == 0 */
+ n = 0;
+ while ((len > 0) && (s->d1->handshake_fragment_len > 0)) {
+ *dst++ = *src++;
+ len--;
+ s->d1->handshake_fragment_len--;
+ n++;
+ }
+ /* move any remaining fragment bytes: */
+ for (k = 0; k < s->d1->handshake_fragment_len; k++)
+ s->d1->handshake_fragment[k] = *src++;
+ return n;
+ }
+
+ return 0;
+}
+
+/*
+ * Call this to write data in records of type 'type' It will return <= 0 if
+ * not all data has been sent or non-blocking IO.
+ */
+int dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
+{
+ int i;
+
+ OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
+ s->rwstate = SSL_NOTHING;
+ i = do_dtls1_write(s, type, buf, len, 0);
+ return i;
+}
+
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+ unsigned int len, int create_empty_fragment)
+{
+ unsigned char *p, *pseq;
+ int i, mac_size, clear = 0;
+ int prefix_len = 0;
+ SSL3_RECORD *wr;
+ SSL3_BUFFER *wb;
+ SSL_SESSION *sess;
+ int bs;
+
+ /*
+ * first check if there is a SSL3_BUFFER still being written out. This
+ * will happen with non blocking IO
+ */
+ if (s->s3->wbuf.left != 0) {
+ OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
+ return (ssl3_write_pending(s, type, buf, len));
+ }
+
+ /* If we have an alert to send, lets send it */
+ if (s->s3->alert_dispatch) {
+ i = s->method->ssl_dispatch_alert(s);
+ if (i <= 0)
+ return (i);
+ /* if it went, fall through and send more stuff */
+ }
+
+ if (len == 0 && !create_empty_fragment)
+ return 0;
+
+ wr = &(s->s3->wrec);
+ wb = &(s->s3->wbuf);
+ sess = s->session;
+
+ if ((sess == NULL) ||
+ (s->enc_write_ctx == NULL) || (s->write_hash == NULL))
+ clear = 1;
+
+ if (clear)
+ mac_size = 0;
+ else
+ mac_size = EVP_MD_size(s->write_hash);
+
+ /* DTLS implements explicit IV, so no need for empty fragments */
+#if 0
+ /*
+ * 'create_empty_fragment' is true only when this function calls itself
+ */
+ if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
+ && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
+ {
+ /*
+ * countermeasure against known-IV weakness in CBC ciphersuites (see
+ * http://www.openssl.org/~bodo/tls-cbc.txt)
+ */
+
+ if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
+ /*
+ * recursive function call with 'create_empty_fragment' set; this
+ * prepares and buffers the data for an empty fragment (these
+ * 'prefix_len' bytes are sent out later together with the actual
+ * payload)
+ */
+ prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
+ if (prefix_len <= 0)
+ goto err;
+
+ if (s->s3->wbuf.len <
+ (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
+ /* insufficient space */
+ SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ s->s3->empty_fragment_done = 1;
+ }
+#endif
+
+ p = wb->buf + prefix_len;
+
+ /* write the header */
+
+ *(p++) = type & 0xff;
+ wr->type = type;
+
+ if (s->client_version == DTLS1_BAD_VER)
+ *(p++) = DTLS1_BAD_VER >> 8, *(p++) = DTLS1_BAD_VER & 0xff;
+ else
+ *(p++) = (s->version >> 8), *(p++) = s->version & 0xff;
+
+ /* field where we are to write out packet epoch, seq num and len */
+ pseq = p;
+ p += 10;
+
+ /* lets setup the record stuff. */
+
+ /*
+ * Make space for the explicit IV in case of CBC. (this is a bit of a
+ * boundary violation, but what the heck).
+ */
+ if (s->enc_write_ctx &&
+ (EVP_CIPHER_mode(s->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE))
+ bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
+ else
+ bs = 0;
+
+ wr->data = p + bs; /* make room for IV in case of CBC */
+ wr->length = (int)len;
+ wr->input = (unsigned char *)buf;
+
+ /*
+ * we now 'read' from wr->input, wr->length bytes into wr->data
+ */
+
+ /* first we compress */
+ if (s->compress != NULL) {
+ if (!ssl3_do_compress(s)) {
+ SSLerr(SSL_F_DO_DTLS1_WRITE, SSL_R_COMPRESSION_FAILURE);
+ goto err;
+ }
+ } else {
+ memcpy(wr->data, wr->input, wr->length);
+ wr->input = wr->data;
+ }
+
+ /*
+ * we should still have the output to wr->data and the input from
+ * wr->input. Length should be wr->length. wr->data still points in the
+ * wb->buf
+ */
+
+ if (mac_size != 0) {
+ s->method->ssl3_enc->mac(s, &(p[wr->length + bs]), 1);
+ wr->length += mac_size;
+ }
+
+ /* this is true regardless of mac size */
+ wr->input = p;
+ wr->data = p;
+
+ /* ssl3_enc can only have an error on read */
+ if (bs) { /* bs != 0 in case of CBC */
+ RAND_pseudo_bytes(p, bs);
+ /*
+ * master IV and last CBC residue stand for the rest of randomness
+ */
+ wr->length += bs;
+ }
+
+ s->method->ssl3_enc->enc(s, 1);
+
+ /* record length after mac and block padding */
+ /*
+ * if (type == SSL3_RT_APPLICATION_DATA || (type == SSL3_RT_ALERT && !
+ * SSL_in_init(s)))
+ */
+
+ /* there's only one epoch between handshake and app data */
+
+ s2n(s->d1->w_epoch, pseq);
+
+ /* XDTLS: ?? */
+ /*
+ * else s2n(s->d1->handshake_epoch, pseq);
+ */
+
+ memcpy(pseq, &(s->s3->write_sequence[2]), 6);
+ pseq += 6;
+ s2n(wr->length, pseq);
+
+ /*
+ * we should now have wr->data pointing to the encrypted data, which is
+ * wr->length long
+ */
+ wr->type = type; /* not needed but helps for debugging */
+ wr->length += DTLS1_RT_HEADER_LENGTH;
+
+#if 0 /* this is now done at the message layer */
+ /* buffer the record, making it easy to handle retransmits */
+ if (type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
+ dtls1_buffer_record(s, wr->data, wr->length,
+ *((PQ_64BIT *) & (s->s3->write_sequence[0])));
+#endif
+
+ ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
+
+ if (create_empty_fragment) {
+ /*
+ * we are in a recursive call; just return the length, don't write
+ * out anything here
+ */
+ return wr->length;
+ }
+
+ /* now let's set up wb */
+ wb->left = prefix_len + wr->length;
+ wb->offset = 0;
+
+ /*
+ * memorize arguments so that ssl3_write_pending can detect bad write
+ * retries later
+ */
+ s->s3->wpend_tot = len;
+ s->s3->wpend_buf = buf;
+ s->s3->wpend_type = type;
+ s->s3->wpend_ret = len;
+
+ /* we now just need to write the buffer */
+ return ssl3_write_pending(s, type, buf, len);
+ err:
+ return -1;
+}
+
+static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
+ PQ_64BIT * seq_num)
+{
+#if PQ_64BIT_IS_INTEGER
+ PQ_64BIT mask = 0x0000000000000001L;
+#endif
+ PQ_64BIT rcd_num, tmp;
+
+ pq_64bit_init(&rcd_num);
+ pq_64bit_init(&tmp);
+
+ /* this is the sequence number for the record just read */
+ pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
+
+ if (pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
+ pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num))) {
+ pq_64bit_assign(seq_num, &rcd_num);
+ pq_64bit_free(&rcd_num);
+ pq_64bit_free(&tmp);
+ return 1; /* this record is new */
+ }
+
+ pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
+
+ if (pq_64bit_get_word(&tmp) > bitmap->length) {
+ pq_64bit_free(&rcd_num);
+ pq_64bit_free(&tmp);
+ return 0; /* stale, outside the window */
+ }
+#if PQ_64BIT_IS_BIGNUM
+ {
+ int offset;
+ pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
+ pq_64bit_sub_word(&tmp, 1);
+ offset = pq_64bit_get_word(&tmp);
+ if (pq_64bit_is_bit_set(&(bitmap->map), offset)) {
+ pq_64bit_free(&rcd_num);
+ pq_64bit_free(&tmp);
+ return 0;
+ }
+ }
+#else
+ mask <<= (bitmap->max_seq_num - rcd_num - 1);
+ if (bitmap->map & mask)
+ return 0; /* record previously received */
+#endif
+
+ pq_64bit_assign(seq_num, &rcd_num);
+ pq_64bit_free(&rcd_num);
+ pq_64bit_free(&tmp);
+ return 1;
+}
+
+static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
+{
+ unsigned int shift;
+ PQ_64BIT rcd_num;
+ PQ_64BIT tmp;
+ PQ_64BIT_CTX *ctx;
+
+ pq_64bit_init(&rcd_num);
+ pq_64bit_init(&tmp);
+
+ pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
+
+ /*
+ * unfortunate code complexity due to 64-bit manipulation support on
+ * 32-bit machines
+ */
+ if (pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
+ pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num))) {
+ pq_64bit_sub(&tmp, &rcd_num, &(bitmap->max_seq_num));
+ pq_64bit_add_word(&tmp, 1);
+
+ shift = (unsigned int)pq_64bit_get_word(&tmp);
+
+ pq_64bit_lshift(&(tmp), &(bitmap->map), shift);
+ pq_64bit_assign(&(bitmap->map), &tmp);
+
+ pq_64bit_set_bit(&(bitmap->map), 0);
+ pq_64bit_add_word(&rcd_num, 1);
+ pq_64bit_assign(&(bitmap->max_seq_num), &rcd_num);
+
+ pq_64bit_assign_word(&tmp, 1);
+ pq_64bit_lshift(&tmp, &tmp, bitmap->length);
+ ctx = pq_64bit_ctx_new(&ctx);
+ pq_64bit_mod(&(bitmap->map), &(bitmap->map), &tmp, ctx);
+ pq_64bit_ctx_free(ctx);
+ } else {
+ pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
+ pq_64bit_sub_word(&tmp, 1);
+ shift = (unsigned int)pq_64bit_get_word(&tmp);
+
+ pq_64bit_set_bit(&(bitmap->map), shift);
+ }
+
+ pq_64bit_free(&rcd_num);
+ pq_64bit_free(&tmp);
+}
+
+int dtls1_dispatch_alert(SSL *s)
+{
+ int i, j;
+ void (*cb) (const SSL *ssl, int type, int val) = NULL;
+ unsigned char buf[DTLS1_AL_HEADER_LENGTH];
+ unsigned char *ptr = &buf[0];
+
+ s->s3->alert_dispatch = 0;
+
+ memset(buf, 0x00, sizeof(buf));
+ *ptr++ = s->s3->send_alert[0];
+ *ptr++ = s->s3->send_alert[1];
+
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+ if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE) {
+ s2n(s->d1->handshake_read_seq, ptr);
+# if 0
+ if (s->d1->r_msg_hdr.frag_off == 0)
+ /*
+ * waiting for a new msg
+ */
+ else
+ s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
+# endif
+
+# if 0
+ fprintf(stderr,
+ "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",
+ s->d1->handshake_read_seq, s->d1->r_msg_hdr.seq);
+# endif
+ l2n3(s->d1->r_msg_hdr.frag_off, ptr);
+ }
+#endif
+
+ i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
+ if (i <= 0) {
+ s->s3->alert_dispatch = 1;
+ /* fprintf( stderr, "not done with alert\n" ); */
+ } else {
+ if (s->s3->send_alert[0] == SSL3_AL_FATAL
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+ || s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+#endif
+ )
+ (void)BIO_flush(s->wbio);
+
+ if (s->msg_callback)
+ s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
+ 2, s, s->msg_callback_arg);
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ if (cb != NULL) {
+ j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
+ cb(s, SSL_CB_WRITE_ALERT, j);
+ }
+ }
+ return (i);
+}
+
+static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+ unsigned int *is_next_epoch)
+{
+
+ *is_next_epoch = 0;
+
+ /* In current epoch, accept HM, CCS, DATA, & ALERT */
+ if (rr->epoch == s->d1->r_epoch)
+ return &s->d1->bitmap;
+
+ /* Only HM and ALERT messages can be from the next epoch */
+ else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
+ (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
+ *is_next_epoch = 1;
+ return &s->d1->next_bitmap;
+ }
+
+ return NULL;
+}
+
+#if 0
+static int
+dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
+ unsigned short *priority, unsigned long *offset)
+{
+
+ /* alerts are passed up immediately */
+ if (rr->type == SSL3_RT_APPLICATION_DATA || rr->type == SSL3_RT_ALERT)
+ return 0;
+
+ /*
+ * Only need to buffer if a handshake is underway. (this implies that
+ * Hello Request and Client Hello are passed up immediately)
+ */
+ if (SSL_in_init(s)) {
+ unsigned char *data = rr->data;
+ /* need to extract the HM/CCS sequence number here */
+ if (rr->type == SSL3_RT_HANDSHAKE ||
+ rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+ unsigned short seq_num;
+ struct hm_header_st msg_hdr;
+ struct ccs_header_st ccs_hdr;
+
+ if (rr->type == SSL3_RT_HANDSHAKE) {
+ dtls1_get_message_header(data, &msg_hdr);
+ seq_num = msg_hdr.seq;
+ *offset = msg_hdr.frag_off;
+ } else {
+ dtls1_get_ccs_header(data, &ccs_hdr);
+ seq_num = ccs_hdr.seq;
+ *offset = 0;
+ }
+
+ /*
+ * this is either a record we're waiting for, or a retransmit of
+ * something we happened to previously receive (higher layers
+ * will drop the repeat silently
+ */
+ if (seq_num < s->d1->handshake_read_seq)
+ return 0;
+ if (rr->type == SSL3_RT_HANDSHAKE &&
+ seq_num == s->d1->handshake_read_seq &&
+ msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
+ return 0;
+ else if (seq_num == s->d1->handshake_read_seq &&
+ (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
+ msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
+ return 0;
+ else {
+ *priority = seq_num;
+ return 1;
+ }
+ } else /* unknown record type */
+ return 0;
+ }
+
+ return 0;
+}
+#endif
+
+void dtls1_reset_seq_numbers(SSL *s, int rw)
+{
+ unsigned char *seq;
+ unsigned int seq_bytes = sizeof(s->s3->read_sequence);
+
+ if (rw & SSL3_CC_READ) {
+ seq = s->s3->read_sequence;
+ s->d1->r_epoch++;
+
+ pq_64bit_assign(&(s->d1->bitmap.map), &(s->d1->next_bitmap.map));
+ s->d1->bitmap.length = s->d1->next_bitmap.length;
+ pq_64bit_assign(&(s->d1->bitmap.max_seq_num),
+ &(s->d1->next_bitmap.max_seq_num));
+
+ pq_64bit_free(&(s->d1->next_bitmap.map));
+ pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
+ memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
+ pq_64bit_init(&(s->d1->next_bitmap.map));
+ pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
+ } else {
+ seq = s->s3->write_sequence;
+ memcpy(s->d1->last_write_sequence, seq,
+ sizeof(s->s3->write_sequence));
+ s->d1->w_epoch++;
+ }
+
+ memset(seq, 0x00, seq_bytes);
+}
+
+#if PQ_64BIT_IS_INTEGER
+static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT * num)
+{
+ PQ_64BIT _num;
+
+ _num = (((PQ_64BIT) bytes[0]) << 56) |
+ (((PQ_64BIT) bytes[1]) << 48) |
+ (((PQ_64BIT) bytes[2]) << 40) |
+ (((PQ_64BIT) bytes[3]) << 32) |
+ (((PQ_64BIT) bytes[4]) << 24) |
+ (((PQ_64BIT) bytes[5]) << 16) |
+ (((PQ_64BIT) bytes[6]) << 8) | (((PQ_64BIT) bytes[7]));
+
+ *num = _num;
+ return _num;
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/d1_srvr.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/d1_srvr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_srvr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1343 +0,0 @@
-/* ssl/d1_srvr.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/md5.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-static SSL_METHOD *dtls1_get_server_method(int ver);
-static int dtls1_send_hello_verify_request(SSL *s);
-
-static SSL_METHOD *dtls1_get_server_method(int ver)
- {
- if (ver == DTLS1_VERSION)
- return(DTLSv1_server_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
- dtls1_accept,
- ssl_undefined_function,
- dtls1_get_server_method)
-
-int dtls1_accept(SSL *s)
- {
- BUF_MEM *buf;
- unsigned long l,Time=(unsigned long)time(NULL);
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int ret= -1;
- int new_state,state,skip=0;
- int listen;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- listen = s->d1->listen;
-
- /* init things to blank */
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- s->d1->listen = listen;
-
- if (s->cert == NULL)
- {
- SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
-
- for (;;)
- {
- state=s->state;
-
- switch (s->state)
- {
- case SSL_ST_RENEGOTIATE:
- s->new_session=1;
- /* s->state=SSL_ST_ACCEPT; */
-
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE|SSL_ST_ACCEPT:
- case SSL_ST_OK|SSL_ST_ACCEPT:
-
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
- {
- SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- s->type=SSL_ST_ACCEPT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- }
-
- if (!ssl3_setup_buffers(s))
- {
- ret= -1;
- goto end;
- }
-
- s->init_num=0;
-
- if (s->state != SSL_ST_RENEGOTIATE)
- {
- /* Ok, we now need to push on a buffering BIO so that
- * the output is sent in a way that TCP likes :-)
- */
- if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
-
- ssl3_init_finished_mac(s);
- s->state=SSL3_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
- }
- else
- {
- /* s->state == SSL_ST_RENEGOTIATE,
- * we will just send a HelloRequest */
- s->ctx->stats.sess_accept_renegotiate++;
- s->state=SSL3_ST_SW_HELLO_REQ_A;
- }
-
- break;
-
- case SSL3_ST_SW_HELLO_REQ_A:
- case SSL3_ST_SW_HELLO_REQ_B:
-
- s->shutdown=0;
- dtls1_clear_record_buffer(s);
- dtls1_start_timer(s);
- ret=dtls1_send_hello_request(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
-
- ssl3_init_finished_mac(s);
- break;
-
- case SSL3_ST_SW_HELLO_REQ_C:
- s->state=SSL_ST_OK;
- break;
-
- case SSL3_ST_SR_CLNT_HELLO_A:
- case SSL3_ST_SR_CLNT_HELLO_B:
- case SSL3_ST_SR_CLNT_HELLO_C:
-
- s->shutdown=0;
- ret=ssl3_get_client_hello(s);
- if (ret <= 0) goto end;
- dtls1_stop_timer(s);
-
- if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
- s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
- else
- s->state = SSL3_ST_SW_SRVR_HELLO_A;
-
- s->init_num=0;
-
- /* Reflect ClientHello sequence to remain stateless while listening */
- if (listen)
- {
- memcpy(s->s3->write_sequence, s->s3->read_sequence, sizeof(s->s3->write_sequence));
- }
-
- /* If we're just listening, stop here */
- if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A)
- {
- ret = 2;
- s->d1->listen = 0;
- /* Set expected sequence numbers
- * to continue the handshake.
- */
- s->d1->handshake_read_seq = 2;
- s->d1->handshake_write_seq = 1;
- s->d1->next_handshake_write_seq = 1;
- goto end;
- }
-
- break;
-
- case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
- case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-
- ret = dtls1_send_hello_verify_request(s);
- if ( ret <= 0) goto end;
- s->state=SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
-
- /* HelloVerifyRequests resets Finished MAC */
- if (s->client_version != DTLS1_BAD_VER)
- ssl3_init_finished_mac(s);
- break;
-
- case SSL3_ST_SW_SRVR_HELLO_A:
- case SSL3_ST_SW_SRVR_HELLO_B:
- s->new_session = 2;
- dtls1_start_timer(s);
- ret=dtls1_send_server_hello(s);
- if (ret <= 0) goto end;
-
-#ifndef OPENSSL_NO_TLSEXT
- if (s->hit)
- {
- if (s->tlsext_ticket_expected)
- s->state=SSL3_ST_SW_SESSION_TICKET_A;
- else
- s->state=SSL3_ST_SW_CHANGE_A;
- }
-#else
- if (s->hit)
- s->state=SSL3_ST_SW_CHANGE_A;
-#endif
- else
- s->state=SSL3_ST_SW_CERT_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CERT_A:
- case SSL3_ST_SW_CERT_B:
- /* Check if it is anon DH */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- dtls1_start_timer(s);
- ret=dtls1_send_server_certificate(s);
- if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
- if (s->tlsext_status_expected)
- s->state=SSL3_ST_SW_CERT_STATUS_A;
- else
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- }
- else
- {
- skip = 1;
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- }
-#else
- }
- else
- skip=1;
-
- s->state=SSL3_ST_SW_KEY_EXCH_A;
-#endif
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_KEY_EXCH_A:
- case SSL3_ST_SW_KEY_EXCH_B:
- l=s->s3->tmp.new_cipher->algorithms;
-
- /* clear this, it may get reset by
- * send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
- && !(l & SSL_KRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
-
- /* only send if a DH key exchange, fortezza or
- * RSA but we have a sign only certificate */
- if (s->s3->tmp.use_rsa_tmp
- || (l & (SSL_DH|SSL_kFZA))
- || ((l & SSL_kRSA)
- && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
- && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
- )
- )
- )
- )
- {
- dtls1_start_timer(s);
- ret=dtls1_send_server_key_exchange(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
-
- s->state=SSL3_ST_SW_CERT_REQ_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CERT_REQ_A:
- case SSL3_ST_SW_CERT_REQ_B:
- if (/* don't request cert unless asked for it: */
- !(s->verify_mode & SSL_VERIFY_PEER) ||
- /* if SSL_VERIFY_CLIENT_ONCE is set,
- * don't request cert during re-negotiation: */
- ((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
- /* never request cert in anonymous ciphersuites
- * (see section "Certificate request" in SSL 3 drafts
- * and in RFC 2246): */
- ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
- /* ... except when the application insists on verification
- * (against the specs, but s3_clnt.c accepts this for SSL 3) */
- !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
- /* never request cert in Kerberos ciphersuites */
- (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
- {
- /* no cert request */
- skip=1;
- s->s3->tmp.cert_request=0;
- s->state=SSL3_ST_SW_SRVR_DONE_A;
- }
- else
- {
- s->s3->tmp.cert_request=1;
- dtls1_start_timer(s);
- ret=dtls1_send_certificate_request(s);
- if (ret <= 0) goto end;
-#ifndef NETSCAPE_HANG_BUG
- s->state=SSL3_ST_SW_SRVR_DONE_A;
-#else
- s->state=SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
-#endif
- s->init_num=0;
- }
- break;
-
- case SSL3_ST_SW_SRVR_DONE_A:
- case SSL3_ST_SW_SRVR_DONE_B:
- dtls1_start_timer(s);
- ret=dtls1_send_server_done(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_FLUSH:
- s->rwstate=SSL_WRITING;
- if (BIO_flush(s->wbio) <= 0)
- {
- ret= -1;
- goto end;
- }
- s->rwstate=SSL_NOTHING;
- s->state=s->s3->tmp.next_state;
- break;
-
- case SSL3_ST_SR_CERT_A:
- case SSL3_ST_SR_CERT_B:
- /* Check for second client hello (MS SGC) */
- ret = ssl3_check_client_hello(s);
- if (ret <= 0)
- goto end;
- if (ret == 2)
- {
- dtls1_stop_timer(s);
- s->state = SSL3_ST_SR_CLNT_HELLO_C;
- }
- else {
- if (s->s3->tmp.cert_request)
- {
- ret=ssl3_get_client_certificate(s);
- if (ret <= 0) goto end;
- }
- s->init_num=0;
- s->state=SSL3_ST_SR_KEY_EXCH_A;
- }
- break;
-
- case SSL3_ST_SR_KEY_EXCH_A:
- case SSL3_ST_SR_KEY_EXCH_B:
- ret=ssl3_get_client_key_exchange(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SR_CERT_VRFY_A;
- s->init_num=0;
-
- /* We need to get hashes here so if there is
- * a client cert, it can be verified */
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->tmp.cert_verify_md[0]));
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst2),
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
-
- break;
-
- case SSL3_ST_SR_CERT_VRFY_A:
- case SSL3_ST_SR_CERT_VRFY_B:
-
- s->d1->change_cipher_spec_ok = 1;
- /* we should decide if we expected this one */
- ret=ssl3_get_cert_verify(s);
- if (ret <= 0) goto end;
-
- s->state=SSL3_ST_SR_FINISHED_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SR_FINISHED_A:
- case SSL3_ST_SR_FINISHED_B:
- s->d1->change_cipher_spec_ok = 1;
- ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
- SSL3_ST_SR_FINISHED_B);
- if (ret <= 0) goto end;
- dtls1_stop_timer(s);
- if (s->hit)
- s->state=SSL_ST_OK;
-#ifndef OPENSSL_NO_TLSEXT
- else if (s->tlsext_ticket_expected)
- s->state=SSL3_ST_SW_SESSION_TICKET_A;
-#endif
- else
- s->state=SSL3_ST_SW_CHANGE_A;
- s->init_num=0;
- break;
-
-#ifndef OPENSSL_NO_TLSEXT
- case SSL3_ST_SW_SESSION_TICKET_A:
- case SSL3_ST_SW_SESSION_TICKET_B:
- ret=dtls1_send_newsession_ticket(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_CHANGE_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CERT_STATUS_A:
- case SSL3_ST_SW_CERT_STATUS_B:
- ret=ssl3_send_cert_status(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- s->init_num=0;
- break;
-
-#endif
-
- case SSL3_ST_SW_CHANGE_A:
- case SSL3_ST_SW_CHANGE_B:
-
- s->session->cipher=s->s3->tmp.new_cipher;
- if (!s->method->ssl3_enc->setup_key_block(s))
- { ret= -1; goto end; }
-
- ret=dtls1_send_change_cipher_spec(s,
- SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
-
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FINISHED_A;
- s->init_num=0;
-
- if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_SERVER_WRITE))
- {
- ret= -1;
- goto end;
- }
-
- dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
- break;
-
- case SSL3_ST_SW_FINISHED_A:
- case SSL3_ST_SW_FINISHED_B:
- ret=dtls1_send_finished(s,
- SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
- s->method->ssl3_enc->server_finished_label,
- s->method->ssl3_enc->server_finished_label_len);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FLUSH;
- if (s->hit)
- s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
- else
- s->s3->tmp.next_state=SSL_ST_OK;
- s->init_num=0;
- break;
-
- case SSL_ST_OK:
- /* clean a few things up */
- ssl3_cleanup_key_block(s);
-
-#if 0
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
-#endif
-
- /* remove buffering on output */
- ssl_free_wbio_buffer(s);
-
- s->init_num=0;
-
- if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
- {
- /* actually not necessarily a 'new' session unless
- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-
- s->new_session=0;
-
- ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
- s->ctx->stats.sess_accept_good++;
- /* s->server=1; */
- s->handshake_func=dtls1_accept;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
- }
-
- ret = 1;
-
- /* done handshaking, next message is client hello */
- s->d1->handshake_read_seq = 0;
- /* next message is server hello */
- s->d1->handshake_write_seq = 0;
- s->d1->next_handshake_write_seq = 0;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- if (!s->s3->tmp.reuse_message && !skip)
- {
- if (s->debug)
- {
- if ((ret=BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
- }
- skip=0;
- }
-end:
- /* BIO_flush(s->wbio); */
-
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
-
-int dtls1_send_hello_request(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL3_ST_SW_HELLO_REQ_A)
- {
- p=(unsigned char *)s->init_buf->data;
- p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
-
- s->state=SSL3_ST_SW_HELLO_REQ_B;
- /* number of bytes to write */
- s->init_num=DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-
- /* no need to buffer this message, since there are no retransmit
- * requests for it */
- }
-
- /* SSL3_ST_SW_HELLO_REQ_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int dtls1_send_hello_verify_request(SSL *s)
- {
- unsigned int msg_len;
- unsigned char *msg, *buf, *p;
-
- if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A)
- {
- buf = (unsigned char *)s->init_buf->data;
-
- msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
- if (s->client_version == DTLS1_BAD_VER)
- *(p++) = DTLS1_BAD_VER>>8,
- *(p++) = DTLS1_BAD_VER&0xff;
- else
- *(p++) = s->version >> 8,
- *(p++) = s->version & 0xFF;
-
- if (s->ctx->app_gen_cookie_cb == NULL ||
- s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
- &(s->d1->cookie_len)) == 0)
- {
- SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- *(p++) = (unsigned char) s->d1->cookie_len;
- memcpy(p, s->d1->cookie, s->d1->cookie_len);
- p += s->d1->cookie_len;
- msg_len = p - msg;
-
- dtls1_set_message_header(s, buf,
- DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
-
- s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
- }
-
- /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int dtls1_send_server_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i;
- unsigned int sl;
- unsigned long l,Time;
-
- if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
- {
- buf=(unsigned char *)s->init_buf->data;
- p=s->s3->server_random;
- Time=(unsigned long)time(NULL); /* Time */
- l2n(Time,p);
- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
- /* Do the message type and length last */
- d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
-
- if (s->client_version == DTLS1_BAD_VER)
- *(p++)=DTLS1_BAD_VER>>8,
- *(p++)=DTLS1_BAD_VER&0xff;
- else
- *(p++)=s->version>>8,
- *(p++)=s->version&0xff;
-
- /* Random stuff */
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* now in theory we have 3 options to sending back the
- * session id. If it is a re-use, we send back the
- * old session-id, if it is a new session, we send
- * back the new session-id or we send back a 0 length
- * session-id if we want it to be single use.
- * Currently I will not implement the '0' length session-id
- * 12-Jan-98 - I'll now support the '0' length stuff.
- */
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
- s->session->session_id_length=0;
-
- sl=s->session->session_id_length;
- if (sl > sizeof s->session->session_id)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- *(p++)=sl;
- memcpy(p,s->session->session_id,sl);
- p+=sl;
-
- /* put the cipher */
- if (s->s3->tmp.new_cipher == NULL)
- return -1;
- i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
- p+=i;
-
- /* put the compression method */
-#ifdef OPENSSL_NO_COMP
- *(p++)=0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- *(p++)=0;
- else
- *(p++)=s->s3->tmp.new_compression->id;
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
- if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
- return -1;
- }
-#endif
-
- /* do the header */
- l=(p-d);
- d=buf;
-
- d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
-
- s->state=SSL3_ST_SW_SRVR_HELLO_B;
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- /* SSL3_ST_SW_SRVR_HELLO_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int dtls1_send_server_done(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL3_ST_SW_SRVR_DONE_A)
- {
- p=(unsigned char *)s->init_buf->data;
-
- /* do the header */
- p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
-
- s->state=SSL3_ST_SW_SRVR_DONE_B;
- /* number of bytes to write */
- s->init_num=DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- /* SSL3_ST_SW_SRVR_DONE_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int dtls1_send_server_key_exchange(SSL *s)
- {
-#ifndef OPENSSL_NO_RSA
- unsigned char *q;
- int j,num;
- RSA *rsa;
- unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- unsigned int u;
-#endif
-#ifndef OPENSSL_NO_DH
- DH *dh=NULL,*dhp;
-#endif
- EVP_PKEY *pkey;
- unsigned char *p,*d;
- int al,i;
- unsigned long type;
- int n;
- CERT *cert;
- BIGNUM *r[4];
- int nr[4],kn;
- BUF_MEM *buf;
- EVP_MD_CTX md_ctx;
-
- EVP_MD_CTX_init(&md_ctx);
- if (s->state == SSL3_ST_SW_KEY_EXCH_A)
- {
- type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
- cert=s->cert;
-
- buf=s->init_buf;
-
- r[0]=r[1]=r[2]=r[3]=NULL;
- n=0;
-#ifndef OPENSSL_NO_RSA
- if (type & SSL_kRSA)
- {
- rsa=cert->rsa_tmp;
- if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
- {
- rsa=s->cert->rsa_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if(rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
- goto f_err;
- }
- RSA_up_ref(rsa);
- cert->rsa_tmp=rsa;
- }
- if (rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
- goto f_err;
- }
- r[0]=rsa->n;
- r[1]=rsa->e;
- s->s3->tmp.use_rsa_tmp=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_DH
- if (type & SSL_kEDH)
- {
- dhp=cert->dh_tmp;
- if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
- dhp=s->cert->dh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if (dhp == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
- }
-
- if (s->s3->tmp.dh != NULL)
- {
- DH_free(dh);
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if ((dh=DHparams_dup(dhp)) == NULL)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- s->s3->tmp.dh=dh;
- if ((dhp->pub_key == NULL ||
- dhp->priv_key == NULL ||
- (s->options & SSL_OP_SINGLE_DH_USE)))
- {
- if(!DH_generate_key(dh))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
- ERR_R_DH_LIB);
- goto err;
- }
- }
- else
- {
- dh->pub_key=BN_dup(dhp->pub_key);
- dh->priv_key=BN_dup(dhp->priv_key);
- if ((dh->pub_key == NULL) ||
- (dh->priv_key == NULL))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- }
- r[0]=dh->p;
- r[1]=dh->g;
- r[2]=dh->pub_key;
- }
- else
-#endif
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
- goto f_err;
- }
- for (i=0; r[i] != NULL; i++)
- {
- nr[i]=BN_num_bytes(r[i]);
- n+=2+nr[i];
- }
-
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
- == NULL)
- {
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
- kn=EVP_PKEY_size(pkey);
- }
- else
- {
- pkey=NULL;
- kn=0;
- }
-
- if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
- goto err;
- }
- d=(unsigned char *)s->init_buf->data;
- p= &(d[DTLS1_HM_HEADER_LENGTH]);
-
- for (i=0; r[i] != NULL; i++)
- {
- s2n(nr[i],p);
- BN_bn2bin(r[i],p);
- p+=nr[i];
- }
-
- /* not anonymous */
- if (pkey != NULL)
- {
- /* n is the length of the params, they start at
- * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
- * at the end. */
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- q=md_buf;
- j=0;
- for (num=2; num > 0; num--)
- {
- EVP_DigestInit_ex(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1, NULL);
- EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
- EVP_DigestFinal_ex(&md_ctx,q,
- (unsigned int *)&i);
- q+=i;
- j+=i;
- }
- if (RSA_sign(NID_md5_sha1, md_buf, j,
- &(p[2]), &u, pkey->pkey.rsa) <= 0)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
- goto err;
- }
- s2n(u,p);
- n+=u+2;
- }
- else
-#endif
-#if !defined(OPENSSL_NO_DSA)
- if (pkey->type == EVP_PKEY_DSA)
- {
- /* lets do DSS */
- EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
- EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
- if (!EVP_SignFinal(&md_ctx,&(p[2]),
- (unsigned int *)&i,pkey))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
- goto err;
- }
- s2n(i,p);
- n+=i+2;
- }
- else
-#endif
- {
- /* Is this error check actually needed? */
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
- goto f_err;
- }
- }
-
- d = dtls1_set_message_header(s, d,
- SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
-
- /* we should now have things packed up, so lets send
- * it off */
- s->init_num=n+DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- s->state = SSL3_ST_SW_KEY_EXCH_B;
- EVP_MD_CTX_cleanup(&md_ctx);
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- EVP_MD_CTX_cleanup(&md_ctx);
- return(-1);
- }
-
-int dtls1_send_certificate_request(SSL *s)
- {
- unsigned char *p,*d;
- int i,j,nl,off,n;
- STACK_OF(X509_NAME) *sk=NULL;
- X509_NAME *name;
- BUF_MEM *buf;
- unsigned int msg_len;
-
- if (s->state == SSL3_ST_SW_CERT_REQ_A)
- {
- buf=s->init_buf;
-
- d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
-
- /* get the list of acceptable cert types */
- p++;
- n=ssl3_get_req_cert_type(s,p);
- d[0]=n;
- p+=n;
- n++;
-
- off=n;
- p+=2;
- n+=2;
-
- sk=SSL_get_client_CA_list(s);
- nl=0;
- if (sk != NULL)
- {
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- name=sk_X509_NAME_value(sk,i);
- j=i2d_X509_NAME(name,NULL);
- if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
- {
- SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
- goto err;
- }
- p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]);
- if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- {
- s2n(j,p);
- i2d_X509_NAME(name,&p);
- n+=2+j;
- nl+=2+j;
- }
- else
- {
- d=p;
- i2d_X509_NAME(name,&p);
- j-=2; s2n(j,d); j+=2;
- n+=j;
- nl+=j;
- }
- }
- }
- /* else no CA names */
- p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]);
- s2n(nl,p);
-
- d=(unsigned char *)buf->data;
- *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
- l2n3(n,d);
- s2n(s->d1->handshake_write_seq,d);
- s->d1->handshake_write_seq++;
-
- /* we should now have things packed up, so lets send
- * it off */
-
- s->init_num=n+DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-#ifdef NETSCAPE_HANG_BUG
-/* XXX: what to do about this? */
- p=(unsigned char *)s->init_buf->data + s->init_num;
-
- /* do the header */
- *(p++)=SSL3_MT_SERVER_DONE;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
- s->init_num += 4;
-#endif
-
- /* XDTLS: set message header ? */
- msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
- dtls1_set_message_header(s, (void *)s->init_buf->data,
- SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0, msg_len);
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
-
- s->state = SSL3_ST_SW_CERT_REQ_B;
- }
-
- /* SSL3_ST_SW_CERT_REQ_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-int dtls1_send_server_certificate(SSL *s)
- {
- unsigned long l;
- X509 *x;
-
- if (s->state == SSL3_ST_SW_CERT_A)
- {
- x=ssl_get_server_send_cert(s);
- if (x == NULL &&
- /* VRS: allow null cert if auth == KRB5 */
- (s->s3->tmp.new_cipher->algorithms
- & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- != (SSL_aKRB5|SSL_kKRB5))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
- return(0);
- }
-
- l=dtls1_output_cert_chain(s,x);
- s->state=SSL3_ST_SW_CERT_B;
- s->init_num=(int)l;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- /* SSL3_ST_SW_CERT_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-#ifndef OPENSSL_NO_TLSEXT
-int dtls1_send_newsession_ticket(SSL *s)
- {
- if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
- {
- unsigned char *p, *senc, *macstart;
- int len, slen;
- unsigned int hlen, msg_len;
- EVP_CIPHER_CTX ctx;
- HMAC_CTX hctx;
- SSL_CTX *tctx = s->initial_ctx;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char key_name[16];
-
- /* get session encoding length */
- slen = i2d_SSL_SESSION(s->session, NULL);
- /* Some length values are 16 bits, so forget it if session is
- * too long
- */
- if (slen > 0xFF00)
- return -1;
- /* Grow buffer if need be: the length calculation is as
- * follows 12 (DTLS handshake message header) +
- * 4 (ticket lifetime hint) + 2 (ticket length) +
- * 16 (key name) + max_iv_len (iv length) +
- * session_length + max_enc_block_size (max encrypted session
- * length) + max_md_size (HMAC).
- */
- if (!BUF_MEM_grow(s->init_buf,
- DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
- EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
- return -1;
- senc = OPENSSL_malloc(slen);
- if (!senc)
- return -1;
- p = senc;
- i2d_SSL_SESSION(s->session, &p);
-
- p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
- EVP_CIPHER_CTX_init(&ctx);
- HMAC_CTX_init(&hctx);
- /* Initialize HMAC and cipher contexts. If callback present
- * it does all the work otherwise use generated values
- * from parent ctx.
- */
- if (tctx->tlsext_ticket_key_cb)
- {
- if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
- &hctx, 1) < 0)
- {
- OPENSSL_free(senc);
- return -1;
- }
- }
- else
- {
- RAND_pseudo_bytes(iv, 16);
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
- tctx->tlsext_tick_aes_key, iv);
- HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
- memcpy(key_name, tctx->tlsext_tick_key_name, 16);
- }
- l2n(s->session->tlsext_tick_lifetime_hint, p);
- /* Skip ticket length for now */
- p += 2;
- /* Output key name */
- macstart = p;
- memcpy(p, key_name, 16);
- p += 16;
- /* output IV */
- memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
- p += EVP_CIPHER_CTX_iv_length(&ctx);
- /* Encrypt session data */
- EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
- p += len;
- EVP_EncryptFinal(&ctx, p, &len);
- p += len;
- EVP_CIPHER_CTX_cleanup(&ctx);
-
- HMAC_Update(&hctx, macstart, p - macstart);
- HMAC_Final(&hctx, p, &hlen);
- HMAC_CTX_cleanup(&hctx);
-
- p += hlen;
- /* Now write out lengths: p points to end of data written */
- /* Total length */
- len = p - (unsigned char *)(s->init_buf->data);
- /* Ticket length */
- p=(unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
- s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
-
- /* number of bytes to write */
- s->init_num= len;
- s->state=SSL3_ST_SW_SESSION_TICKET_B;
- s->init_off=0;
- OPENSSL_free(senc);
-
- /* XDTLS: set message header ? */
- msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
- dtls1_set_message_header(s, (void *)s->init_buf->data,
- SSL3_MT_NEWSESSION_TICKET, msg_len, 0, msg_len);
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- /* SSL3_ST_SW_SESSION_TICKET_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/d1_srvr.c (from rev 6976, vendor-crypto/openssl/dist/ssl/d1_srvr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/d1_srvr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/d1_srvr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1330 @@
+/* ssl/d1_srvr.c */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+
+static SSL_METHOD *dtls1_get_server_method(int ver);
+static int dtls1_send_hello_verify_request(SSL *s);
+
+static SSL_METHOD *dtls1_get_server_method(int ver)
+{
+ if (ver == DTLS1_VERSION)
+ return (DTLSv1_server_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
+ dtls1_accept,
+ ssl_undefined_function, dtls1_get_server_method)
+
+int dtls1_accept(SSL *s)
+{
+ BUF_MEM *buf;
+ unsigned long l, Time = (unsigned long)time(NULL);
+ void (*cb) (const SSL *ssl, int type, int val) = NULL;
+ int ret = -1;
+ int new_state, state, skip = 0;
+ int listen;
+
+ RAND_add(&Time, sizeof(Time), 0);
+ ERR_clear_error();
+ clear_sys_error();
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ listen = s->d1->listen;
+
+ /* init things to blank */
+ s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s))
+ SSL_clear(s);
+
+ s->d1->listen = listen;
+
+ if (s->cert == NULL) {
+ SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
+ return (-1);
+ }
+
+ for (;;) {
+ state = s->state;
+
+ switch (s->state) {
+ case SSL_ST_RENEGOTIATE:
+ s->new_session = 1;
+ /* s->state=SSL_ST_ACCEPT; */
+
+ case SSL_ST_BEFORE:
+ case SSL_ST_ACCEPT:
+ case SSL_ST_BEFORE | SSL_ST_ACCEPT:
+ case SSL_ST_OK | SSL_ST_ACCEPT:
+
+ s->server = 1;
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+ if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
+ SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ s->type = SSL_ST_ACCEPT;
+
+ if (s->init_buf == NULL) {
+ if ((buf = BUF_MEM_new()) == NULL) {
+ ret = -1;
+ goto end;
+ }
+ if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+ ret = -1;
+ goto end;
+ }
+ s->init_buf = buf;
+ }
+
+ if (!ssl3_setup_buffers(s)) {
+ ret = -1;
+ goto end;
+ }
+
+ s->init_num = 0;
+
+ if (s->state != SSL_ST_RENEGOTIATE) {
+ /*
+ * Ok, we now need to push on a buffering BIO so that the
+ * output is sent in a way that TCP likes :-)
+ */
+ if (!ssl_init_wbio_buffer(s, 1)) {
+ ret = -1;
+ goto end;
+ }
+
+ ssl3_init_finished_mac(s);
+ s->state = SSL3_ST_SR_CLNT_HELLO_A;
+ s->ctx->stats.sess_accept++;
+ } else {
+ /*
+ * s->state == SSL_ST_RENEGOTIATE, we will just send a
+ * HelloRequest
+ */
+ s->ctx->stats.sess_accept_renegotiate++;
+ s->state = SSL3_ST_SW_HELLO_REQ_A;
+ }
+
+ break;
+
+ case SSL3_ST_SW_HELLO_REQ_A:
+ case SSL3_ST_SW_HELLO_REQ_B:
+
+ s->shutdown = 0;
+ dtls1_clear_record_buffer(s);
+ dtls1_start_timer(s);
+ ret = dtls1_send_hello_request(s);
+ if (ret <= 0)
+ goto end;
+ s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+ s->state = SSL3_ST_SW_FLUSH;
+ s->init_num = 0;
+
+ ssl3_init_finished_mac(s);
+ break;
+
+ case SSL3_ST_SW_HELLO_REQ_C:
+ s->state = SSL_ST_OK;
+ break;
+
+ case SSL3_ST_SR_CLNT_HELLO_A:
+ case SSL3_ST_SR_CLNT_HELLO_B:
+ case SSL3_ST_SR_CLNT_HELLO_C:
+
+ s->shutdown = 0;
+ ret = ssl3_get_client_hello(s);
+ if (ret <= 0)
+ goto end;
+ dtls1_stop_timer(s);
+
+ if (ret == 1 && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
+ s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
+ else
+ s->state = SSL3_ST_SW_SRVR_HELLO_A;
+
+ s->init_num = 0;
+
+ /*
+ * Reflect ClientHello sequence to remain stateless while
+ * listening
+ */
+ if (listen) {
+ memcpy(s->s3->write_sequence, s->s3->read_sequence,
+ sizeof(s->s3->write_sequence));
+ }
+
+ /* If we're just listening, stop here */
+ if (listen && s->state == SSL3_ST_SW_SRVR_HELLO_A) {
+ ret = 2;
+ s->d1->listen = 0;
+ /*
+ * Set expected sequence numbers to continue the handshake.
+ */
+ s->d1->handshake_read_seq = 2;
+ s->d1->handshake_write_seq = 1;
+ s->d1->next_handshake_write_seq = 1;
+ goto end;
+ }
+
+ break;
+
+ case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
+ case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
+
+ ret = dtls1_send_hello_verify_request(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_FLUSH;
+ s->s3->tmp.next_state = SSL3_ST_SR_CLNT_HELLO_A;
+
+ /* HelloVerifyRequests resets Finished MAC */
+ if (s->client_version != DTLS1_BAD_VER)
+ ssl3_init_finished_mac(s);
+ break;
+
+ case SSL3_ST_SW_SRVR_HELLO_A:
+ case SSL3_ST_SW_SRVR_HELLO_B:
+ s->new_session = 2;
+ dtls1_start_timer(s);
+ ret = dtls1_send_server_hello(s);
+ if (ret <= 0)
+ goto end;
+
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->hit) {
+ if (s->tlsext_ticket_expected)
+ s->state = SSL3_ST_SW_SESSION_TICKET_A;
+ else
+ s->state = SSL3_ST_SW_CHANGE_A;
+ }
+#else
+ if (s->hit)
+ s->state = SSL3_ST_SW_CHANGE_A;
+#endif
+ else
+ s->state = SSL3_ST_SW_CERT_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SW_CERT_A:
+ case SSL3_ST_SW_CERT_B:
+ /* Check if it is anon DH */
+ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) {
+ dtls1_start_timer(s);
+ ret = dtls1_send_server_certificate(s);
+ if (ret <= 0)
+ goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->tlsext_status_expected)
+ s->state = SSL3_ST_SW_CERT_STATUS_A;
+ else
+ s->state = SSL3_ST_SW_KEY_EXCH_A;
+ } else {
+ skip = 1;
+ s->state = SSL3_ST_SW_KEY_EXCH_A;
+ }
+#else
+ } else
+ skip = 1;
+
+ s->state = SSL3_ST_SW_KEY_EXCH_A;
+#endif
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SW_KEY_EXCH_A:
+ case SSL3_ST_SW_KEY_EXCH_B:
+ l = s->s3->tmp.new_cipher->algorithms;
+
+ /*
+ * clear this, it may get reset by send_server_key_exchange
+ */
+ s->s3->tmp.use_rsa_tmp = 0;
+
+ /*
+ * only send if a DH key exchange, fortezza or RSA but we have a
+ * sign only certificate
+ */
+ if ((l & (SSL_DH | SSL_kFZA))
+ || ((l & SSL_kRSA)
+ && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+ || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
+ && EVP_PKEY_size(s->cert->pkeys
+ [SSL_PKEY_RSA_ENC].privatekey) *
+ 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
+ )
+ )
+ )
+ ) {
+ dtls1_start_timer(s);
+ ret = dtls1_send_server_key_exchange(s);
+ if (ret <= 0)
+ goto end;
+ } else
+ skip = 1;
+
+ s->state = SSL3_ST_SW_CERT_REQ_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SW_CERT_REQ_A:
+ case SSL3_ST_SW_CERT_REQ_B:
+ if ( /* don't request cert unless asked for it: */
+ !(s->verify_mode & SSL_VERIFY_PEER) ||
+ /*
+ * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
+ * during re-negotiation:
+ */
+ ((s->session->peer != NULL) &&
+ (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
+ /*
+ * never request cert in anonymous ciphersuites (see
+ * section "Certificate request" in SSL 3 drafts and in
+ * RFC 2246):
+ */
+ ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
+ /*
+ * ... except when the application insists on
+ * verification (against the specs, but s3_clnt.c accepts
+ * this for SSL 3)
+ */
+ !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
+ /*
+ * never request cert in Kerberos ciphersuites
+ */
+ (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) {
+ /* no cert request */
+ skip = 1;
+ s->s3->tmp.cert_request = 0;
+ s->state = SSL3_ST_SW_SRVR_DONE_A;
+ } else {
+ s->s3->tmp.cert_request = 1;
+ dtls1_start_timer(s);
+ ret = dtls1_send_certificate_request(s);
+ if (ret <= 0)
+ goto end;
+#ifndef NETSCAPE_HANG_BUG
+ s->state = SSL3_ST_SW_SRVR_DONE_A;
+#else
+ s->state = SSL3_ST_SW_FLUSH;
+ s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
+#endif
+ s->init_num = 0;
+ }
+ break;
+
+ case SSL3_ST_SW_SRVR_DONE_A:
+ case SSL3_ST_SW_SRVR_DONE_B:
+ dtls1_start_timer(s);
+ ret = dtls1_send_server_done(s);
+ if (ret <= 0)
+ goto end;
+ s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
+ s->state = SSL3_ST_SW_FLUSH;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SW_FLUSH:
+ s->rwstate = SSL_WRITING;
+ if (BIO_flush(s->wbio) <= 0) {
+ ret = -1;
+ goto end;
+ }
+ s->rwstate = SSL_NOTHING;
+ s->state = s->s3->tmp.next_state;
+ break;
+
+ case SSL3_ST_SR_CERT_A:
+ case SSL3_ST_SR_CERT_B:
+ /* Check for second client hello (MS SGC) */
+ ret = ssl3_check_client_hello(s);
+ if (ret <= 0)
+ goto end;
+ if (ret == 2) {
+ dtls1_stop_timer(s);
+ s->state = SSL3_ST_SR_CLNT_HELLO_C;
+ } else {
+ if (s->s3->tmp.cert_request) {
+ ret = ssl3_get_client_certificate(s);
+ if (ret <= 0)
+ goto end;
+ }
+ s->init_num = 0;
+ s->state = SSL3_ST_SR_KEY_EXCH_A;
+ }
+ break;
+
+ case SSL3_ST_SR_KEY_EXCH_A:
+ case SSL3_ST_SR_KEY_EXCH_B:
+ ret = ssl3_get_client_key_exchange(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SR_CERT_VRFY_A;
+ s->init_num = 0;
+
+ /*
+ * We need to get hashes here so if there is a client cert, it
+ * can be verified
+ */
+ s->method->ssl3_enc->cert_verify_mac(s,
+ &(s->s3->finish_dgst1),
+ &(s->s3->
+ tmp.cert_verify_md[0]));
+ s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst2),
+ &(s->s3->
+ tmp.cert_verify_md
+ [MD5_DIGEST_LENGTH]));
+
+ break;
+
+ case SSL3_ST_SR_CERT_VRFY_A:
+ case SSL3_ST_SR_CERT_VRFY_B:
+
+ s->d1->change_cipher_spec_ok = 1;
+ /* we should decide if we expected this one */
+ ret = ssl3_get_cert_verify(s);
+ if (ret <= 0)
+ goto end;
+
+ s->state = SSL3_ST_SR_FINISHED_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SR_FINISHED_A:
+ case SSL3_ST_SR_FINISHED_B:
+ s->d1->change_cipher_spec_ok = 1;
+ ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
+ SSL3_ST_SR_FINISHED_B);
+ if (ret <= 0)
+ goto end;
+ dtls1_stop_timer(s);
+ if (s->hit)
+ s->state = SSL_ST_OK;
+#ifndef OPENSSL_NO_TLSEXT
+ else if (s->tlsext_ticket_expected)
+ s->state = SSL3_ST_SW_SESSION_TICKET_A;
+#endif
+ else
+ s->state = SSL3_ST_SW_CHANGE_A;
+ s->init_num = 0;
+ break;
+
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL3_ST_SW_SESSION_TICKET_A:
+ case SSL3_ST_SW_SESSION_TICKET_B:
+ ret = dtls1_send_newsession_ticket(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_CHANGE_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SW_CERT_STATUS_A:
+ case SSL3_ST_SW_CERT_STATUS_B:
+ ret = ssl3_send_cert_status(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_KEY_EXCH_A;
+ s->init_num = 0;
+ break;
+
+#endif
+
+ case SSL3_ST_SW_CHANGE_A:
+ case SSL3_ST_SW_CHANGE_B:
+
+ s->session->cipher = s->s3->tmp.new_cipher;
+ if (!s->method->ssl3_enc->setup_key_block(s)) {
+ ret = -1;
+ goto end;
+ }
+
+ ret = dtls1_send_change_cipher_spec(s,
+ SSL3_ST_SW_CHANGE_A,
+ SSL3_ST_SW_CHANGE_B);
+
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_FINISHED_A;
+ s->init_num = 0;
+
+ if (!s->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CHANGE_CIPHER_SERVER_WRITE))
+ {
+ ret = -1;
+ goto end;
+ }
+
+ dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+ break;
+
+ case SSL3_ST_SW_FINISHED_A:
+ case SSL3_ST_SW_FINISHED_B:
+ ret = dtls1_send_finished(s,
+ SSL3_ST_SW_FINISHED_A,
+ SSL3_ST_SW_FINISHED_B,
+ s->method->
+ ssl3_enc->server_finished_label,
+ s->method->
+ ssl3_enc->server_finished_label_len);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_FLUSH;
+ if (s->hit)
+ s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
+ else
+ s->s3->tmp.next_state = SSL_ST_OK;
+ s->init_num = 0;
+ break;
+
+ case SSL_ST_OK:
+ /* clean a few things up */
+ ssl3_cleanup_key_block(s);
+
+#if 0
+ BUF_MEM_free(s->init_buf);
+ s->init_buf = NULL;
+#endif
+
+ /* remove buffering on output */
+ ssl_free_wbio_buffer(s);
+
+ s->init_num = 0;
+
+ if (s->new_session == 2) { /* skipped if we just sent a
+ * HelloRequest */
+ /*
+ * actually not necessarily a 'new' session unless
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
+ */
+
+ s->new_session = 0;
+
+ ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+
+ s->ctx->stats.sess_accept_good++;
+ /* s->server=1; */
+ s->handshake_func = dtls1_accept;
+
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+ }
+
+ ret = 1;
+
+ /* done handshaking, next message is client hello */
+ s->d1->handshake_read_seq = 0;
+ /* next message is server hello */
+ s->d1->handshake_write_seq = 0;
+ s->d1->next_handshake_write_seq = 0;
+ goto end;
+ /* break; */
+
+ default:
+ SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE);
+ ret = -1;
+ goto end;
+ /* break; */
+ }
+
+ if (!s->s3->tmp.reuse_message && !skip) {
+ if (s->debug) {
+ if ((ret = BIO_flush(s->wbio)) <= 0)
+ goto end;
+ }
+
+ if ((cb != NULL) && (s->state != state)) {
+ new_state = s->state;
+ s->state = state;
+ cb(s, SSL_CB_ACCEPT_LOOP, 1);
+ s->state = new_state;
+ }
+ }
+ skip = 0;
+ }
+ end:
+ /* BIO_flush(s->wbio); */
+
+ s->in_handshake--;
+ if (cb != NULL)
+ cb(s, SSL_CB_ACCEPT_EXIT, ret);
+ return (ret);
+}
+
+int dtls1_send_hello_request(SSL *s)
+{
+ unsigned char *p;
+
+ if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
+ p = (unsigned char *)s->init_buf->data;
+ p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
+
+ s->state = SSL3_ST_SW_HELLO_REQ_B;
+ /* number of bytes to write */
+ s->init_num = DTLS1_HM_HEADER_LENGTH;
+ s->init_off = 0;
+
+ /*
+ * no need to buffer this message, since there are no retransmit
+ * requests for it
+ */
+ }
+
+ /* SSL3_ST_SW_HELLO_REQ_B */
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int dtls1_send_hello_verify_request(SSL *s)
+{
+ unsigned int msg_len;
+ unsigned char *msg, *buf, *p;
+
+ if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
+ buf = (unsigned char *)s->init_buf->data;
+
+ msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
+ if (s->client_version == DTLS1_BAD_VER)
+ *(p++) = DTLS1_BAD_VER >> 8, *(p++) = DTLS1_BAD_VER & 0xff;
+ else
+ *(p++) = s->version >> 8, *(p++) = s->version & 0xFF;
+
+ if (s->ctx->app_gen_cookie_cb == NULL ||
+ s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
+ &(s->d1->cookie_len)) == 0) {
+ SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,
+ ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ *(p++) = (unsigned char)s->d1->cookie_len;
+ memcpy(p, s->d1->cookie, s->d1->cookie_len);
+ p += s->d1->cookie_len;
+ msg_len = p - msg;
+
+ dtls1_set_message_header(s, buf,
+ DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0,
+ msg_len);
+
+ s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
+ /* number of bytes to write */
+ s->init_num = p - buf;
+ s->init_off = 0;
+ }
+
+ /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int dtls1_send_server_hello(SSL *s)
+{
+ unsigned char *buf;
+ unsigned char *p, *d;
+ int i;
+ unsigned int sl;
+ unsigned long l, Time;
+
+ if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
+ buf = (unsigned char *)s->init_buf->data;
+ p = s->s3->server_random;
+ Time = (unsigned long)time(NULL); /* Time */
+ l2n(Time, p);
+ RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE - 4);
+ /* Do the message type and length last */
+ d = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
+
+ if (s->client_version == DTLS1_BAD_VER)
+ *(p++) = DTLS1_BAD_VER >> 8, *(p++) = DTLS1_BAD_VER & 0xff;
+ else
+ *(p++) = s->version >> 8, *(p++) = s->version & 0xff;
+
+ /* Random stuff */
+ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+
+ /*
+ * now in theory we have 3 options to sending back the session id.
+ * If it is a re-use, we send back the old session-id, if it is a new
+ * session, we send back the new session-id or we send back a 0
+ * length session-id if we want it to be single use. Currently I will
+ * not implement the '0' length session-id 12-Jan-98 - I'll now
+ * support the '0' length stuff.
+ */
+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
+ s->session->session_id_length = 0;
+
+ sl = s->session->session_id_length;
+ if (sl > sizeof s->session->session_id) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ *(p++) = sl;
+ memcpy(p, s->session->session_id, sl);
+ p += sl;
+
+ /* put the cipher */
+ if (s->s3->tmp.new_cipher == NULL)
+ return -1;
+ i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p);
+ p += i;
+
+ /* put the compression method */
+#ifdef OPENSSL_NO_COMP
+ *(p++) = 0;
+#else
+ if (s->s3->tmp.new_compression == NULL)
+ *(p++) = 0;
+ else
+ *(p++) = s->s3->tmp.new_compression->id;
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+ if ((p =
+ ssl_add_serverhello_tlsext(s, p,
+ buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
+ NULL) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+#endif
+
+ /* do the header */
+ l = (p - d);
+ d = buf;
+
+ d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
+
+ s->state = SSL3_ST_SW_SRVR_HELLO_B;
+ /* number of bytes to write */
+ s->init_num = p - buf;
+ s->init_off = 0;
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 0);
+ }
+
+ /* SSL3_ST_SW_SRVR_HELLO_B */
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int dtls1_send_server_done(SSL *s)
+{
+ unsigned char *p;
+
+ if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
+ p = (unsigned char *)s->init_buf->data;
+
+ /* do the header */
+ p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
+
+ s->state = SSL3_ST_SW_SRVR_DONE_B;
+ /* number of bytes to write */
+ s->init_num = DTLS1_HM_HEADER_LENGTH;
+ s->init_off = 0;
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 0);
+ }
+
+ /* SSL3_ST_SW_SRVR_DONE_B */
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int dtls1_send_server_key_exchange(SSL *s)
+{
+#ifndef OPENSSL_NO_RSA
+ unsigned char *q;
+ int j, num;
+ RSA *rsa;
+ unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
+ unsigned int u;
+#endif
+#ifndef OPENSSL_NO_DH
+ DH *dh = NULL, *dhp;
+#endif
+ EVP_PKEY *pkey;
+ unsigned char *p, *d;
+ int al, i;
+ unsigned long type;
+ int n;
+ CERT *cert;
+ BIGNUM *r[4];
+ int nr[4], kn;
+ BUF_MEM *buf;
+ EVP_MD_CTX md_ctx;
+
+ EVP_MD_CTX_init(&md_ctx);
+ if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
+ type = s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
+ cert = s->cert;
+
+ buf = s->init_buf;
+
+ r[0] = r[1] = r[2] = r[3] = NULL;
+ n = 0;
+#ifndef OPENSSL_NO_RSA
+ if (type & SSL_kRSA) {
+ rsa = cert->rsa_tmp;
+ if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
+ rsa = s->cert->rsa_tmp_cb(s,
+ SSL_C_IS_EXPORT(s->s3->
+ tmp.new_cipher),
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->
+ tmp.new_cipher));
+ if (rsa == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+ goto f_err;
+ }
+ RSA_up_ref(rsa);
+ cert->rsa_tmp = rsa;
+ }
+ if (rsa == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_RSA_KEY);
+ goto f_err;
+ }
+ r[0] = rsa->n;
+ r[1] = rsa->e;
+ s->s3->tmp.use_rsa_tmp = 1;
+ } else
+#endif
+#ifndef OPENSSL_NO_DH
+ if (type & SSL_kEDH) {
+ dhp = cert->dh_tmp;
+ if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
+ dhp = s->cert->dh_tmp_cb(s,
+ SSL_C_IS_EXPORT(s->s3->
+ tmp.new_cipher),
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->
+ tmp.new_cipher));
+ if (dhp == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_DH_KEY);
+ goto f_err;
+ }
+
+ if (s->s3->tmp.dh != NULL) {
+ DH_free(dh);
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if ((dh = DHparams_dup(dhp)) == NULL) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+ goto err;
+ }
+
+ s->s3->tmp.dh = dh;
+ if ((dhp->pub_key == NULL ||
+ dhp->priv_key == NULL ||
+ (s->options & SSL_OP_SINGLE_DH_USE))) {
+ if (!DH_generate_key(dh)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+ ERR_R_DH_LIB);
+ goto err;
+ }
+ } else {
+ dh->pub_key = BN_dup(dhp->pub_key);
+ dh->priv_key = BN_dup(dhp->priv_key);
+ if ((dh->pub_key == NULL) || (dh->priv_key == NULL)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+ ERR_R_DH_LIB);
+ goto err;
+ }
+ }
+ r[0] = dh->p;
+ r[1] = dh->g;
+ r[2] = dh->pub_key;
+ } else
+#endif
+ {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+ goto f_err;
+ }
+ for (i = 0; r[i] != NULL; i++) {
+ nr[i] = BN_num_bytes(r[i]);
+ n += 2 + nr[i];
+ }
+
+ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) {
+ if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher))
+ == NULL) {
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
+ kn = EVP_PKEY_size(pkey);
+ } else {
+ pkey = NULL;
+ kn = 0;
+ }
+
+ if (!BUF_MEM_grow_clean(buf, n + DTLS1_HM_HEADER_LENGTH + kn)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
+ goto err;
+ }
+ d = (unsigned char *)s->init_buf->data;
+ p = &(d[DTLS1_HM_HEADER_LENGTH]);
+
+ for (i = 0; r[i] != NULL; i++) {
+ s2n(nr[i], p);
+ BN_bn2bin(r[i], p);
+ p += nr[i];
+ }
+
+ /* not anonymous */
+ if (pkey != NULL) {
+ /*
+ * n is the length of the params, they start at
+ * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space at the
+ * end.
+ */
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA) {
+ q = md_buf;
+ j = 0;
+ for (num = 2; num > 0; num--) {
+ EVP_DigestInit_ex(&md_ctx, (num == 2)
+ ? s->ctx->md5 : s->ctx->sha1, NULL);
+ EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]),
+ n);
+ EVP_DigestFinal_ex(&md_ctx, q, (unsigned int *)&i);
+ q += i;
+ j += i;
+ }
+ if (RSA_sign(NID_md5_sha1, md_buf, j,
+ &(p[2]), &u, pkey->pkey.rsa) <= 0) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
+ goto err;
+ }
+ s2n(u, p);
+ n += u + 2;
+ } else
+#endif
+#if !defined(OPENSSL_NO_DSA)
+ if (pkey->type == EVP_PKEY_DSA) {
+ /* lets do DSS */
+ EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
+ EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_SignUpdate(&md_ctx, &(d[DTLS1_HM_HEADER_LENGTH]), n);
+ if (!EVP_SignFinal(&md_ctx, &(p[2]),
+ (unsigned int *)&i, pkey)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_DSA);
+ goto err;
+ }
+ s2n(i, p);
+ n += i + 2;
+ } else
+#endif
+ {
+ /* Is this error check actually needed? */
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_UNKNOWN_PKEY_TYPE);
+ goto f_err;
+ }
+ }
+
+ d = dtls1_set_message_header(s, d,
+ SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
+
+ /*
+ * we should now have things packed up, so lets send it off
+ */
+ s->init_num = n + DTLS1_HM_HEADER_LENGTH;
+ s->init_off = 0;
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 0);
+ }
+
+ s->state = SSL3_ST_SW_KEY_EXCH_B;
+ EVP_MD_CTX_cleanup(&md_ctx);
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+ EVP_MD_CTX_cleanup(&md_ctx);
+ return (-1);
+}
+
+int dtls1_send_certificate_request(SSL *s)
+{
+ unsigned char *p, *d;
+ int i, j, nl, off, n;
+ STACK_OF(X509_NAME) *sk = NULL;
+ X509_NAME *name;
+ BUF_MEM *buf;
+ unsigned int msg_len;
+
+ if (s->state == SSL3_ST_SW_CERT_REQ_A) {
+ buf = s->init_buf;
+
+ d = p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
+
+ /* get the list of acceptable cert types */
+ p++;
+ n = ssl3_get_req_cert_type(s, p);
+ d[0] = n;
+ p += n;
+ n++;
+
+ off = n;
+ p += 2;
+ n += 2;
+
+ sk = SSL_get_client_CA_list(s);
+ nl = 0;
+ if (sk != NULL) {
+ for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+ name = sk_X509_NAME_value(sk, i);
+ j = i2d_X509_NAME(name, NULL);
+ if (!BUF_MEM_grow_clean
+ (buf, DTLS1_HM_HEADER_LENGTH + n + j + 2)) {
+ SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,
+ ERR_R_BUF_LIB);
+ goto err;
+ }
+ p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + n]);
+ if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
+ s2n(j, p);
+ i2d_X509_NAME(name, &p);
+ n += 2 + j;
+ nl += 2 + j;
+ } else {
+ d = p;
+ i2d_X509_NAME(name, &p);
+ j -= 2;
+ s2n(j, d);
+ j += 2;
+ n += j;
+ nl += j;
+ }
+ }
+ }
+ /* else no CA names */
+ p = (unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH + off]);
+ s2n(nl, p);
+
+ d = (unsigned char *)buf->data;
+ *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
+ l2n3(n, d);
+ s2n(s->d1->handshake_write_seq, d);
+ s->d1->handshake_write_seq++;
+
+ /*
+ * we should now have things packed up, so lets send it off
+ */
+
+ s->init_num = n + DTLS1_HM_HEADER_LENGTH;
+ s->init_off = 0;
+#ifdef NETSCAPE_HANG_BUG
+/* XXX: what to do about this? */
+ p = (unsigned char *)s->init_buf->data + s->init_num;
+
+ /* do the header */
+ *(p++) = SSL3_MT_SERVER_DONE;
+ *(p++) = 0;
+ *(p++) = 0;
+ *(p++) = 0;
+ s->init_num += 4;
+#endif
+
+ /* XDTLS: set message header ? */
+ msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
+ dtls1_set_message_header(s, (void *)s->init_buf->data,
+ SSL3_MT_CERTIFICATE_REQUEST, msg_len, 0,
+ msg_len);
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 0);
+
+ s->state = SSL3_ST_SW_CERT_REQ_B;
+ }
+
+ /* SSL3_ST_SW_CERT_REQ_B */
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+ return (-1);
+}
+
+int dtls1_send_server_certificate(SSL *s)
+{
+ unsigned long l;
+ X509 *x;
+
+ if (s->state == SSL3_ST_SW_CERT_A) {
+ x = ssl_get_server_send_cert(s);
+ if (x == NULL &&
+ /* VRS: allow null cert if auth == KRB5 */
+ (s->s3->tmp.new_cipher->algorithms
+ & (SSL_MKEY_MASK | SSL_AUTH_MASK))
+ != (SSL_aKRB5 | SSL_kKRB5)) {
+ SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ return (0);
+ }
+
+ l = dtls1_output_cert_chain(s, x);
+ s->state = SSL3_ST_SW_CERT_B;
+ s->init_num = (int)l;
+ s->init_off = 0;
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 0);
+ }
+
+ /* SSL3_ST_SW_CERT_B */
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+#ifndef OPENSSL_NO_TLSEXT
+int dtls1_send_newsession_ticket(SSL *s)
+{
+ if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
+ unsigned char *p, *senc, *macstart;
+ int len, slen;
+ unsigned int hlen, msg_len;
+ EVP_CIPHER_CTX ctx;
+ HMAC_CTX hctx;
+ SSL_CTX *tctx = s->initial_ctx;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned char key_name[16];
+
+ /* get session encoding length */
+ slen = i2d_SSL_SESSION(s->session, NULL);
+ /*
+ * Some length values are 16 bits, so forget it if session is too
+ * long
+ */
+ if (slen > 0xFF00)
+ return -1;
+ /*
+ * Grow buffer if need be: the length calculation is as follows 12
+ * (DTLS handshake message header) + 4 (ticket lifetime hint) + 2
+ * (ticket length) + 16 (key name) + max_iv_len (iv length) +
+ * session_length + max_enc_block_size (max encrypted session length)
+ * + max_md_size (HMAC).
+ */
+ if (!BUF_MEM_grow(s->init_buf,
+ DTLS1_HM_HEADER_LENGTH + 22 + EVP_MAX_IV_LENGTH +
+ EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + slen))
+ return -1;
+ senc = OPENSSL_malloc(slen);
+ if (!senc)
+ return -1;
+ p = senc;
+ i2d_SSL_SESSION(s->session, &p);
+
+ p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]);
+ EVP_CIPHER_CTX_init(&ctx);
+ HMAC_CTX_init(&hctx);
+ /*
+ * Initialize HMAC and cipher contexts. If callback present it does
+ * all the work otherwise use generated values from parent ctx.
+ */
+ if (tctx->tlsext_ticket_key_cb) {
+ if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
+ &hctx, 1) < 0) {
+ OPENSSL_free(senc);
+ return -1;
+ }
+ } else {
+ RAND_pseudo_bytes(iv, 16);
+ EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ tctx->tlsext_tick_aes_key, iv);
+ HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+ tlsext_tick_md(), NULL);
+ memcpy(key_name, tctx->tlsext_tick_key_name, 16);
+ }
+ l2n(s->session->tlsext_tick_lifetime_hint, p);
+ /* Skip ticket length for now */
+ p += 2;
+ /* Output key name */
+ macstart = p;
+ memcpy(p, key_name, 16);
+ p += 16;
+ /* output IV */
+ memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
+ p += EVP_CIPHER_CTX_iv_length(&ctx);
+ /* Encrypt session data */
+ EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
+ p += len;
+ EVP_EncryptFinal(&ctx, p, &len);
+ p += len;
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ HMAC_Update(&hctx, macstart, p - macstart);
+ HMAC_Final(&hctx, p, &hlen);
+ HMAC_CTX_cleanup(&hctx);
+
+ p += hlen;
+ /* Now write out lengths: p points to end of data written */
+ /* Total length */
+ len = p - (unsigned char *)(s->init_buf->data);
+ /* Ticket length */
+ p = (unsigned char *)&(s->init_buf->data[DTLS1_HM_HEADER_LENGTH]) + 4;
+ s2n(len - DTLS1_HM_HEADER_LENGTH - 6, p);
+
+ /* number of bytes to write */
+ s->init_num = len;
+ s->state = SSL3_ST_SW_SESSION_TICKET_B;
+ s->init_off = 0;
+ OPENSSL_free(senc);
+
+ /* XDTLS: set message header ? */
+ msg_len = s->init_num - DTLS1_HM_HEADER_LENGTH;
+ dtls1_set_message_header(s, (void *)s->init_buf->data,
+ SSL3_MT_NEWSESSION_TICKET, msg_len, 0,
+ msg_len);
+
+ /* buffer the message to handle re-xmits */
+ dtls1_buffer_message(s, 0);
+ }
+
+ /* SSL3_ST_SW_SESSION_TICKET_B */
+ return (dtls1_do_write(s, SSL3_RT_HANDSHAKE));
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/dtls1.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/dtls1.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/dtls1.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,266 +0,0 @@
-/* ssl/dtls1.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DTLS1_H
-#define HEADER_DTLS1_H
-
-#include <openssl/buffer.h>
-#include <openssl/pqueue.h>
-#ifdef OPENSSL_SYS_VMS
-#include <resource.h>
-#include <sys/timeb.h>
-#endif
-#ifdef OPENSSL_SYS_WIN32
-/* Needed for struct timeval */
-#include <winsock.h>
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
-#include <sys/timeval.h>
-#else
-#include <sys/time.h>
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define DTLS1_VERSION 0xFEFF
-#define DTLS_MAX_VERSION DTLS1_VERSION
-
-#define DTLS1_BAD_VER 0x0100
-
-#if 0
-/* this alert description is not specified anywhere... */
-#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
-#endif
-
-/* lengths of messages */
-#define DTLS1_COOKIE_LENGTH 256
-
-#define DTLS1_RT_HEADER_LENGTH 13
-
-#define DTLS1_HM_HEADER_LENGTH 12
-
-#define DTLS1_HM_BAD_FRAGMENT -2
-#define DTLS1_HM_FRAGMENT_RETRY -3
-
-#define DTLS1_CCS_HEADER_LENGTH 1
-
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
-#define DTLS1_AL_HEADER_LENGTH 7
-#else
-#define DTLS1_AL_HEADER_LENGTH 2
-#endif
-
-
-typedef struct dtls1_bitmap_st
- {
- PQ_64BIT map;
- unsigned long length; /* sizeof the bitmap in bits */
- PQ_64BIT max_seq_num; /* max record number seen so far */
- } DTLS1_BITMAP;
-
-struct dtls1_retransmit_state
- {
- EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
- const EVP_MD *write_hash; /* used for mac generation */
-#ifndef OPENSSL_NO_COMP
- COMP_CTX *compress; /* compression */
-#else
- char *compress;
-#endif
- SSL_SESSION *session;
- unsigned short epoch;
- };
-
-struct hm_header_st
- {
- unsigned char type;
- unsigned long msg_len;
- unsigned short seq;
- unsigned long frag_off;
- unsigned long frag_len;
- unsigned int is_ccs;
- struct dtls1_retransmit_state saved_retransmit_state;
- };
-
-struct ccs_header_st
- {
- unsigned char type;
- unsigned short seq;
- };
-
-struct dtls1_timeout_st
- {
- /* Number of read timeouts so far */
- unsigned int read_timeouts;
-
- /* Number of write timeouts so far */
- unsigned int write_timeouts;
-
- /* Number of alerts received so far */
- unsigned int num_alerts;
- };
-
-typedef struct record_pqueue_st
- {
- unsigned short epoch;
- pqueue q;
- } record_pqueue;
-
-typedef struct hm_fragment_st
- {
- struct hm_header_st msg_header;
- unsigned char *fragment;
- unsigned char *reassembly;
- } hm_fragment;
-
-typedef struct dtls1_state_st
- {
- unsigned int send_cookie;
- unsigned char cookie[DTLS1_COOKIE_LENGTH];
- unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
- unsigned int cookie_len;
-
- /*
- * The current data and handshake epoch. This is initially
- * undefined, and starts at zero once the initial handshake is
- * completed
- */
- unsigned short r_epoch;
- unsigned short w_epoch;
-
- /* records being received in the current epoch */
- DTLS1_BITMAP bitmap;
-
- /* renegotiation starts a new set of sequence numbers */
- DTLS1_BITMAP next_bitmap;
-
- /* handshake message numbers */
- unsigned short handshake_write_seq;
- unsigned short next_handshake_write_seq;
-
- unsigned short handshake_read_seq;
-
- /* save last sequence number for retransmissions */
- unsigned char last_write_sequence[8];
-
- /* Received handshake records (processed and unprocessed) */
- record_pqueue unprocessed_rcds;
- record_pqueue processed_rcds;
-
- /* Buffered handshake messages */
- pqueue buffered_messages;
-
- /* Buffered (sent) handshake records */
- pqueue sent_messages;
-
- /* Buffered application records.
- * Only for records between CCS and Finished
- * to prevent either protocol violation or
- * unnecessary message loss.
- */
- record_pqueue buffered_app_data;
-
- /* Is set when listening for new connections with dtls1_listen() */
- unsigned int listen;
-
- unsigned int mtu; /* max DTLS packet size */
-
- struct hm_header_st w_msg_hdr;
- struct hm_header_st r_msg_hdr;
-
- struct dtls1_timeout_st timeout;
-
- /* Indicates when the last handshake msg sent will timeout */
- struct timeval next_timeout;
-
- /* Timeout duration */
- unsigned short timeout_duration;
-
- /* storage for Alert/Handshake protocol data received but not
- * yet processed by ssl3_read_bytes: */
- unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
- unsigned int alert_fragment_len;
- unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
- unsigned int handshake_fragment_len;
-
- unsigned int retransmitting;
- unsigned int change_cipher_spec_ok;
-
- } DTLS1_STATE;
-
-typedef struct dtls1_record_data_st
- {
- unsigned char *packet;
- unsigned int packet_length;
- SSL3_BUFFER rbuf;
- SSL3_RECORD rrec;
- } DTLS1_RECORD_DATA;
-
-
-/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
-#define DTLS1_TMO_READ_COUNT 2
-#define DTLS1_TMO_WRITE_COUNT 2
-
-#define DTLS1_TMO_ALERT_COUNT 12
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/dtls1.h (from rev 6976, vendor-crypto/openssl/dist/ssl/dtls1.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/dtls1.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/dtls1.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,236 @@
+/* ssl/dtls1.h */
+/*
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra at cs.stanford.edu) for the OpenSSL project 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_DTLS1_H
+# define HEADER_DTLS1_H
+
+# include <openssl/buffer.h>
+# include <openssl/pqueue.h>
+# ifdef OPENSSL_SYS_VMS
+# include <resource.h>
+# include <sys/timeb.h>
+# endif
+# ifdef OPENSSL_SYS_WIN32
+/* Needed for struct timeval */
+# include <winsock.h>
+# elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
+# include <sys/timeval.h>
+# else
+# include <sys/time.h>
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define DTLS1_VERSION 0xFEFF
+# define DTLS_MAX_VERSION DTLS1_VERSION
+
+# define DTLS1_BAD_VER 0x0100
+
+# if 0
+/* this alert description is not specified anywhere... */
+# define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
+# endif
+
+/* lengths of messages */
+# define DTLS1_COOKIE_LENGTH 256
+
+# define DTLS1_RT_HEADER_LENGTH 13
+
+# define DTLS1_HM_HEADER_LENGTH 12
+
+# define DTLS1_HM_BAD_FRAGMENT -2
+# define DTLS1_HM_FRAGMENT_RETRY -3
+
+# define DTLS1_CCS_HEADER_LENGTH 1
+
+# ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+# define DTLS1_AL_HEADER_LENGTH 7
+# else
+# define DTLS1_AL_HEADER_LENGTH 2
+# endif
+
+typedef struct dtls1_bitmap_st {
+ PQ_64BIT map;
+ unsigned long length; /* sizeof the bitmap in bits */
+ PQ_64BIT max_seq_num; /* max record number seen so far */
+} DTLS1_BITMAP;
+
+struct dtls1_retransmit_state {
+ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+ const EVP_MD *write_hash; /* used for mac generation */
+# ifndef OPENSSL_NO_COMP
+ COMP_CTX *compress; /* compression */
+# else
+ char *compress;
+# endif
+ SSL_SESSION *session;
+ unsigned short epoch;
+};
+
+struct hm_header_st {
+ unsigned char type;
+ unsigned long msg_len;
+ unsigned short seq;
+ unsigned long frag_off;
+ unsigned long frag_len;
+ unsigned int is_ccs;
+ struct dtls1_retransmit_state saved_retransmit_state;
+};
+
+struct ccs_header_st {
+ unsigned char type;
+ unsigned short seq;
+};
+
+struct dtls1_timeout_st {
+ /* Number of read timeouts so far */
+ unsigned int read_timeouts;
+ /* Number of write timeouts so far */
+ unsigned int write_timeouts;
+ /* Number of alerts received so far */
+ unsigned int num_alerts;
+};
+
+typedef struct record_pqueue_st {
+ unsigned short epoch;
+ pqueue q;
+} record_pqueue;
+
+typedef struct hm_fragment_st {
+ struct hm_header_st msg_header;
+ unsigned char *fragment;
+ unsigned char *reassembly;
+} hm_fragment;
+
+typedef struct dtls1_state_st {
+ unsigned int send_cookie;
+ unsigned char cookie[DTLS1_COOKIE_LENGTH];
+ unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
+ unsigned int cookie_len;
+ /*
+ * The current data and handshake epoch. This is initially
+ * undefined, and starts at zero once the initial handshake is
+ * completed
+ */
+ unsigned short r_epoch;
+ unsigned short w_epoch;
+ /* records being received in the current epoch */
+ DTLS1_BITMAP bitmap;
+ /* renegotiation starts a new set of sequence numbers */
+ DTLS1_BITMAP next_bitmap;
+ /* handshake message numbers */
+ unsigned short handshake_write_seq;
+ unsigned short next_handshake_write_seq;
+ unsigned short handshake_read_seq;
+ /* save last sequence number for retransmissions */
+ unsigned char last_write_sequence[8];
+ /* Received handshake records (processed and unprocessed) */
+ record_pqueue unprocessed_rcds;
+ record_pqueue processed_rcds;
+ /* Buffered handshake messages */
+ pqueue buffered_messages;
+ /* Buffered (sent) handshake records */
+ pqueue sent_messages;
+ /*
+ * Buffered application records. Only for records between CCS and
+ * Finished to prevent either protocol violation or unnecessary message
+ * loss.
+ */
+ record_pqueue buffered_app_data;
+ /* Is set when listening for new connections with dtls1_listen() */
+ unsigned int listen;
+ unsigned int mtu; /* max DTLS packet size */
+ struct hm_header_st w_msg_hdr;
+ struct hm_header_st r_msg_hdr;
+ struct dtls1_timeout_st timeout;
+ /* Indicates when the last handshake msg sent will timeout */
+ struct timeval next_timeout;
+ /* Timeout duration */
+ unsigned short timeout_duration;
+ /*
+ * storage for Alert/Handshake protocol data received but not yet
+ * processed by ssl3_read_bytes:
+ */
+ unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
+ unsigned int alert_fragment_len;
+ unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
+ unsigned int handshake_fragment_len;
+ unsigned int retransmitting;
+ unsigned int change_cipher_spec_ok;
+} DTLS1_STATE;
+
+typedef struct dtls1_record_data_st {
+ unsigned char *packet;
+ unsigned int packet_length;
+ SSL3_BUFFER rbuf;
+ SSL3_RECORD rrec;
+} DTLS1_RECORD_DATA;
+
+/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
+# define DTLS1_TMO_READ_COUNT 2
+# define DTLS1_TMO_WRITE_COUNT 2
+
+# define DTLS1_TMO_ALERT_COUNT 12
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/kssl.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/kssl.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/kssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2201 +0,0 @@
-/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-
-/* ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl
-**
-** 19990701 VRS Started.
-** 200011?? Jeffrey Altman, Richard Levitte
-** Generalized for Heimdal, Newer MIT, & Win32.
-** Integrated into main OpenSSL 0.9.7 snapshots.
-** 20010413 Simon Wilkinson, VRS
-** Real RFC2712 KerberosWrapper replaces AP_REQ.
-*/
-
-#include <openssl/opensslconf.h>
-
-#include <string.h>
-
-#define KRB5_PRIVATE 1
-
-#include <openssl/ssl.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/krb5_asn.h>
-
-#ifndef OPENSSL_NO_KRB5
-
-#ifndef ENOMEM
-#define ENOMEM KRB5KRB_ERR_GENERIC
-#endif
-
-/*
- * When OpenSSL is built on Windows, we do not want to require that
- * the Kerberos DLLs be available in order for the OpenSSL DLLs to
- * work. Therefore, all Kerberos routines are loaded at run time
- * and we do not link to a .LIB file.
- */
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-/*
- * The purpose of the following pre-processor statements is to provide
- * compatibility with different releases of MIT Kerberos for Windows.
- * All versions up to 1.2 used macros. But macros do not allow for
- * a binary compatible interface for DLLs. Therefore, all macros are
- * being replaced by function calls. The following code will allow
- * an OpenSSL DLL built on Windows to work whether or not the macro
- * or function form of the routines are utilized.
- */
-#ifdef krb5_cc_get_principal
-#define NO_DEF_KRB5_CCACHE
-#undef krb5_cc_get_principal
-#endif
-#define krb5_cc_get_principal kssl_krb5_cc_get_principal
-
-#define krb5_free_data_contents kssl_krb5_free_data_contents
-#define krb5_free_context kssl_krb5_free_context
-#define krb5_auth_con_free kssl_krb5_auth_con_free
-#define krb5_free_principal kssl_krb5_free_principal
-#define krb5_mk_req_extended kssl_krb5_mk_req_extended
-#define krb5_get_credentials kssl_krb5_get_credentials
-#define krb5_cc_default kssl_krb5_cc_default
-#define krb5_sname_to_principal kssl_krb5_sname_to_principal
-#define krb5_init_context kssl_krb5_init_context
-#define krb5_free_ticket kssl_krb5_free_ticket
-#define krb5_rd_req kssl_krb5_rd_req
-#define krb5_kt_default kssl_krb5_kt_default
-#define krb5_kt_resolve kssl_krb5_kt_resolve
-/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */
-#ifndef krb5_kt_close
-#define krb5_kt_close kssl_krb5_kt_close
-#endif /* krb5_kt_close */
-#ifndef krb5_kt_get_entry
-#define krb5_kt_get_entry kssl_krb5_kt_get_entry
-#endif /* krb5_kt_get_entry */
-#define krb5_auth_con_init kssl_krb5_auth_con_init
-
-#define krb5_principal_compare kssl_krb5_principal_compare
-#define krb5_decrypt_tkt_part kssl_krb5_decrypt_tkt_part
-#define krb5_timeofday kssl_krb5_timeofday
-#define krb5_rc_default kssl_krb5_rc_default
-
-#ifdef krb5_rc_initialize
-#undef krb5_rc_initialize
-#endif
-#define krb5_rc_initialize kssl_krb5_rc_initialize
-
-#ifdef krb5_rc_get_lifespan
-#undef krb5_rc_get_lifespan
-#endif
-#define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan
-
-#ifdef krb5_rc_destroy
-#undef krb5_rc_destroy
-#endif
-#define krb5_rc_destroy kssl_krb5_rc_destroy
-
-#define valid_cksumtype kssl_valid_cksumtype
-#define krb5_checksum_size kssl_krb5_checksum_size
-#define krb5_kt_free_entry kssl_krb5_kt_free_entry
-#define krb5_auth_con_setrcache kssl_krb5_auth_con_setrcache
-#define krb5_auth_con_getrcache kssl_krb5_auth_con_getrcache
-#define krb5_get_server_rcache kssl_krb5_get_server_rcache
-
-/* Prototypes for built in stubs */
-void kssl_krb5_free_data_contents(krb5_context, krb5_data *);
-void kssl_krb5_free_principal(krb5_context, krb5_principal );
-krb5_error_code kssl_krb5_kt_resolve(krb5_context,
- krb5_const char *,
- krb5_keytab *);
-krb5_error_code kssl_krb5_kt_default(krb5_context,
- krb5_keytab *);
-krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *);
-krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *,
- krb5_const krb5_data *,
- krb5_const_principal, krb5_keytab,
- krb5_flags *,krb5_ticket **);
-
-krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal,
- krb5_const_principal);
-krb5_error_code kssl_krb5_mk_req_extended(krb5_context,
- krb5_auth_context *,
- krb5_const krb5_flags,
- krb5_data *,
- krb5_creds *,
- krb5_data * );
-krb5_error_code kssl_krb5_init_context(krb5_context *);
-void kssl_krb5_free_context(krb5_context);
-krb5_error_code kssl_krb5_cc_default(krb5_context,krb5_ccache *);
-krb5_error_code kssl_krb5_sname_to_principal(krb5_context,
- krb5_const char *,
- krb5_const char *,
- krb5_int32,
- krb5_principal *);
-krb5_error_code kssl_krb5_get_credentials(krb5_context,
- krb5_const krb5_flags,
- krb5_ccache,
- krb5_creds *,
- krb5_creds * *);
-krb5_error_code kssl_krb5_auth_con_init(krb5_context,
- krb5_auth_context *);
-krb5_error_code kssl_krb5_cc_get_principal(krb5_context context,
- krb5_ccache cache,
- krb5_principal *principal);
-krb5_error_code kssl_krb5_auth_con_free(krb5_context,krb5_auth_context);
-size_t kssl_krb5_checksum_size(krb5_context context,krb5_cksumtype ctype);
-krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype);
-krb5_error_code krb5_kt_free_entry(krb5_context,krb5_keytab_entry FAR * );
-krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context,
- krb5_auth_context,
- krb5_rcache);
-krb5_error_code kssl_krb5_get_server_rcache(krb5_context,
- krb5_const krb5_data *,
- krb5_rcache *);
-krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context,
- krb5_auth_context,
- krb5_rcache *);
-
-/* Function pointers (almost all Kerberos functions are _stdcall) */
-static void (_stdcall *p_krb5_free_data_contents)(krb5_context, krb5_data *)
- =NULL;
-static void (_stdcall *p_krb5_free_principal)(krb5_context, krb5_principal )
- =NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_resolve)
- (krb5_context, krb5_const char *, krb5_keytab *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_kt_default)(krb5_context,
- krb5_keytab *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_free_ticket)(krb5_context,
- krb5_ticket *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rd_req)(krb5_context,
- krb5_auth_context *,
- krb5_const krb5_data *,
- krb5_const_principal,
- krb5_keytab, krb5_flags *,
- krb5_ticket **)=NULL;
-static krb5_error_code (_stdcall *p_krb5_mk_req_extended)
- (krb5_context, krb5_auth_context *,
- krb5_const krb5_flags, krb5_data *, krb5_creds *,
- krb5_data * )=NULL;
-static krb5_error_code (_stdcall *p_krb5_init_context)(krb5_context *)=NULL;
-static void (_stdcall *p_krb5_free_context)(krb5_context)=NULL;
-static krb5_error_code (_stdcall *p_krb5_cc_default)(krb5_context,
- krb5_ccache *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_sname_to_principal)
- (krb5_context, krb5_const char *, krb5_const char *,
- krb5_int32, krb5_principal *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_get_credentials)
- (krb5_context, krb5_const krb5_flags, krb5_ccache,
- krb5_creds *, krb5_creds **)=NULL;
-static krb5_error_code (_stdcall *p_krb5_auth_con_init)
- (krb5_context, krb5_auth_context *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_cc_get_principal)
- (krb5_context context, krb5_ccache cache,
- krb5_principal *principal)=NULL;
-static krb5_error_code (_stdcall *p_krb5_auth_con_free)
- (krb5_context, krb5_auth_context)=NULL;
-static krb5_error_code (_stdcall *p_krb5_decrypt_tkt_part)
- (krb5_context, krb5_const krb5_keyblock *,
- krb5_ticket *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_timeofday)
- (krb5_context context, krb5_int32 *timeret)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rc_default)
- (krb5_context context, krb5_rcache *rc)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rc_initialize)
- (krb5_context context, krb5_rcache rc,
- krb5_deltat lifespan)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rc_get_lifespan)
- (krb5_context context, krb5_rcache rc,
- krb5_deltat *lifespan)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rc_destroy)
- (krb5_context context, krb5_rcache rc)=NULL;
-static krb5_boolean (_stdcall *p_krb5_principal_compare)
- (krb5_context, krb5_const_principal, krb5_const_principal)=NULL;
-static size_t (_stdcall *p_krb5_checksum_size)(krb5_context context,krb5_cksumtype ctype)=NULL;
-static krb5_boolean (_stdcall *p_valid_cksumtype)(krb5_cksumtype ctype)=NULL;
-static krb5_error_code (_stdcall *p_krb5_kt_free_entry)
- (krb5_context,krb5_keytab_entry * )=NULL;
-static krb5_error_code (_stdcall * p_krb5_auth_con_setrcache)(krb5_context,
- krb5_auth_context,
- krb5_rcache)=NULL;
-static krb5_error_code (_stdcall * p_krb5_get_server_rcache)(krb5_context,
- krb5_const krb5_data *,
- krb5_rcache *)=NULL;
-static krb5_error_code (* p_krb5_auth_con_getrcache)(krb5_context,
- krb5_auth_context,
- krb5_rcache *)=NULL;
-static krb5_error_code (_stdcall * p_krb5_kt_close)(krb5_context context,
- krb5_keytab keytab)=NULL;
-static krb5_error_code (_stdcall * p_krb5_kt_get_entry)(krb5_context context,
- krb5_keytab keytab,
- krb5_const_principal principal, krb5_kvno vno,
- krb5_enctype enctype, krb5_keytab_entry *entry)=NULL;
-static int krb5_loaded = 0; /* only attempt to initialize func ptrs once */
-
-/* Function to Load the Kerberos 5 DLL and initialize function pointers */
-void
-load_krb5_dll(void)
- {
- HANDLE hKRB5_32;
-
- krb5_loaded++;
- hKRB5_32 = LoadLibrary(TEXT("KRB5_32"));
- if (!hKRB5_32)
- return;
-
- (FARPROC) p_krb5_free_data_contents =
- GetProcAddress( hKRB5_32, "krb5_free_data_contents" );
- (FARPROC) p_krb5_free_context =
- GetProcAddress( hKRB5_32, "krb5_free_context" );
- (FARPROC) p_krb5_auth_con_free =
- GetProcAddress( hKRB5_32, "krb5_auth_con_free" );
- (FARPROC) p_krb5_free_principal =
- GetProcAddress( hKRB5_32, "krb5_free_principal" );
- (FARPROC) p_krb5_mk_req_extended =
- GetProcAddress( hKRB5_32, "krb5_mk_req_extended" );
- (FARPROC) p_krb5_get_credentials =
- GetProcAddress( hKRB5_32, "krb5_get_credentials" );
- (FARPROC) p_krb5_cc_get_principal =
- GetProcAddress( hKRB5_32, "krb5_cc_get_principal" );
- (FARPROC) p_krb5_cc_default =
- GetProcAddress( hKRB5_32, "krb5_cc_default" );
- (FARPROC) p_krb5_sname_to_principal =
- GetProcAddress( hKRB5_32, "krb5_sname_to_principal" );
- (FARPROC) p_krb5_init_context =
- GetProcAddress( hKRB5_32, "krb5_init_context" );
- (FARPROC) p_krb5_free_ticket =
- GetProcAddress( hKRB5_32, "krb5_free_ticket" );
- (FARPROC) p_krb5_rd_req =
- GetProcAddress( hKRB5_32, "krb5_rd_req" );
- (FARPROC) p_krb5_principal_compare =
- GetProcAddress( hKRB5_32, "krb5_principal_compare" );
- (FARPROC) p_krb5_decrypt_tkt_part =
- GetProcAddress( hKRB5_32, "krb5_decrypt_tkt_part" );
- (FARPROC) p_krb5_timeofday =
- GetProcAddress( hKRB5_32, "krb5_timeofday" );
- (FARPROC) p_krb5_rc_default =
- GetProcAddress( hKRB5_32, "krb5_rc_default" );
- (FARPROC) p_krb5_rc_initialize =
- GetProcAddress( hKRB5_32, "krb5_rc_initialize" );
- (FARPROC) p_krb5_rc_get_lifespan =
- GetProcAddress( hKRB5_32, "krb5_rc_get_lifespan" );
- (FARPROC) p_krb5_rc_destroy =
- GetProcAddress( hKRB5_32, "krb5_rc_destroy" );
- (FARPROC) p_krb5_kt_default =
- GetProcAddress( hKRB5_32, "krb5_kt_default" );
- (FARPROC) p_krb5_kt_resolve =
- GetProcAddress( hKRB5_32, "krb5_kt_resolve" );
- (FARPROC) p_krb5_auth_con_init =
- GetProcAddress( hKRB5_32, "krb5_auth_con_init" );
- (FARPROC) p_valid_cksumtype =
- GetProcAddress( hKRB5_32, "valid_cksumtype" );
- (FARPROC) p_krb5_checksum_size =
- GetProcAddress( hKRB5_32, "krb5_checksum_size" );
- (FARPROC) p_krb5_kt_free_entry =
- GetProcAddress( hKRB5_32, "krb5_kt_free_entry" );
- (FARPROC) p_krb5_auth_con_setrcache =
- GetProcAddress( hKRB5_32, "krb5_auth_con_setrcache" );
- (FARPROC) p_krb5_get_server_rcache =
- GetProcAddress( hKRB5_32, "krb5_get_server_rcache" );
- (FARPROC) p_krb5_auth_con_getrcache =
- GetProcAddress( hKRB5_32, "krb5_auth_con_getrcache" );
- (FARPROC) p_krb5_kt_close =
- GetProcAddress( hKRB5_32, "krb5_kt_close" );
- (FARPROC) p_krb5_kt_get_entry =
- GetProcAddress( hKRB5_32, "krb5_kt_get_entry" );
- }
-
-/* Stubs for each function to be dynamicly loaded */
-void
-kssl_krb5_free_data_contents(krb5_context CO, krb5_data * data)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_free_data_contents )
- p_krb5_free_data_contents(CO,data);
- }
-
-krb5_error_code
-kssl_krb5_mk_req_extended (krb5_context CO,
- krb5_auth_context * pACO,
- krb5_const krb5_flags F,
- krb5_data * pD1,
- krb5_creds * pC,
- krb5_data * pD2)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_mk_req_extended )
- return(p_krb5_mk_req_extended(CO,pACO,F,pD1,pC,pD2));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-krb5_error_code
-kssl_krb5_auth_con_init(krb5_context CO,
- krb5_auth_context * pACO)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_auth_con_init )
- return(p_krb5_auth_con_init(CO,pACO));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-krb5_error_code
-kssl_krb5_auth_con_free (krb5_context CO,
- krb5_auth_context ACO)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_auth_con_free )
- return(p_krb5_auth_con_free(CO,ACO));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-krb5_error_code
-kssl_krb5_get_credentials(krb5_context CO,
- krb5_const krb5_flags F,
- krb5_ccache CC,
- krb5_creds * pCR,
- krb5_creds ** ppCR)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_get_credentials )
- return(p_krb5_get_credentials(CO,F,CC,pCR,ppCR));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-krb5_error_code
-kssl_krb5_sname_to_principal(krb5_context CO,
- krb5_const char * pC1,
- krb5_const char * pC2,
- krb5_int32 I,
- krb5_principal * pPR)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_sname_to_principal )
- return(p_krb5_sname_to_principal(CO,pC1,pC2,I,pPR));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_cc_default(krb5_context CO,
- krb5_ccache * pCC)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_cc_default )
- return(p_krb5_cc_default(CO,pCC));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_init_context(krb5_context * pCO)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_init_context )
- return(p_krb5_init_context(pCO));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-void
-kssl_krb5_free_context(krb5_context CO)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_free_context )
- p_krb5_free_context(CO);
- }
-
-void
-kssl_krb5_free_principal(krb5_context c, krb5_principal p)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_free_principal )
- p_krb5_free_principal(c,p);
- }
-
-krb5_error_code
-kssl_krb5_kt_resolve(krb5_context con,
- krb5_const char * sz,
- krb5_keytab * kt)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_kt_resolve )
- return(p_krb5_kt_resolve(con,sz,kt));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_kt_default(krb5_context con,
- krb5_keytab * kt)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_kt_default )
- return(p_krb5_kt_default(con,kt));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_free_ticket(krb5_context con,
- krb5_ticket * kt)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_free_ticket )
- return(p_krb5_free_ticket(con,kt));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_rd_req(krb5_context con, krb5_auth_context * pacon,
- krb5_const krb5_data * data,
- krb5_const_principal princ, krb5_keytab keytab,
- krb5_flags * flags, krb5_ticket ** pptkt)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_rd_req )
- return(p_krb5_rd_req(con,pacon,data,princ,keytab,flags,pptkt));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_boolean
-krb5_principal_compare(krb5_context con, krb5_const_principal princ1,
- krb5_const_principal princ2)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_principal_compare )
- return(p_krb5_principal_compare(con,princ1,princ2));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys,
- krb5_ticket *ticket)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_decrypt_tkt_part )
- return(p_krb5_decrypt_tkt_part(con,keys,ticket));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_timeofday(krb5_context con, krb5_int32 *timeret)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_timeofday )
- return(p_krb5_timeofday(con,timeret));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_rc_default(krb5_context con, krb5_rcache *rc)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_rc_default )
- return(p_krb5_rc_default(con,rc));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_rc_initialize )
- return(p_krb5_rc_initialize(con, rc, lifespan));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_rc_get_lifespan )
- return(p_krb5_rc_get_lifespan(con, rc, lifespanp));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_rc_destroy(krb5_context con, krb5_rcache rc)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_rc_destroy )
- return(p_krb5_rc_destroy(con, rc));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-size_t
-krb5_checksum_size(krb5_context context,krb5_cksumtype ctype)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_checksum_size )
- return(p_krb5_checksum_size(context, ctype));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_boolean
-valid_cksumtype(krb5_cksumtype ctype)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_valid_cksumtype )
- return(p_valid_cksumtype(ctype));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_kt_free_entry(krb5_context con,krb5_keytab_entry * entry)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_kt_free_entry )
- return(p_krb5_kt_free_entry(con,entry));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-/* Structure definitions */
-#ifndef NO_DEF_KRB5_CCACHE
-#ifndef krb5_x
-#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
-#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
-#endif
-
-typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */
-
-typedef struct _krb5_ccache
- {
- krb5_magic magic;
- struct _krb5_cc_ops FAR *ops;
- krb5_pointer data;
- } *krb5_ccache;
-
-typedef struct _krb5_cc_ops
- {
- krb5_magic magic;
- char *prefix;
- char * (KRB5_CALLCONV *get_name)
- (krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *resolve)
- (krb5_context, krb5_ccache *, const char *);
- krb5_error_code (KRB5_CALLCONV *gen_new)
- (krb5_context, krb5_ccache *);
- krb5_error_code (KRB5_CALLCONV *init)
- (krb5_context, krb5_ccache, krb5_principal);
- krb5_error_code (KRB5_CALLCONV *destroy)
- (krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *close)
- (krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *store)
- (krb5_context, krb5_ccache, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *retrieve)
- (krb5_context, krb5_ccache,
- krb5_flags, krb5_creds *, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *get_princ)
- (krb5_context, krb5_ccache, krb5_principal *);
- krb5_error_code (KRB5_CALLCONV *get_first)
- (krb5_context, krb5_ccache, krb5_cc_cursor *);
- krb5_error_code (KRB5_CALLCONV *get_next)
- (krb5_context, krb5_ccache,
- krb5_cc_cursor *, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *end_get)
- (krb5_context, krb5_ccache, krb5_cc_cursor *);
- krb5_error_code (KRB5_CALLCONV *remove_cred)
- (krb5_context, krb5_ccache,
- krb5_flags, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *set_flags)
- (krb5_context, krb5_ccache, krb5_flags);
- } krb5_cc_ops;
-#endif /* NO_DEF_KRB5_CCACHE */
-
-krb5_error_code
-kssl_krb5_cc_get_principal
- (krb5_context context, krb5_ccache cache,
- krb5_principal *principal)
- {
- if ( p_krb5_cc_get_principal )
- return(p_krb5_cc_get_principal(context,cache,principal));
- else
- return(krb5_x
- ((cache)->ops->get_princ,(context, cache, principal)));
- }
-
-krb5_error_code
-kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon,
- krb5_rcache rcache)
- {
- if ( p_krb5_auth_con_setrcache )
- return(p_krb5_auth_con_setrcache(con,acon,rcache));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data * data,
- krb5_rcache * rcache)
- {
- if ( p_krb5_get_server_rcache )
- return(p_krb5_get_server_rcache(con,data,rcache));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon,
- krb5_rcache * prcache)
- {
- if ( p_krb5_auth_con_getrcache )
- return(p_krb5_auth_con_getrcache(con,acon, prcache));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab)
- {
- if ( p_krb5_kt_close )
- return(p_krb5_kt_close(context,keytab));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
- krb5_const_principal principal, krb5_kvno vno,
- krb5_enctype enctype, krb5_keytab_entry *entry)
- {
- if ( p_krb5_kt_get_entry )
- return(p_krb5_kt_get_entry(context,keytab,principal,vno,enctype,entry));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-#endif /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */
-
-
-/* memory allocation functions for non-temporary storage
- * (e.g. stuff that gets saved into the kssl context) */
-static void* kssl_calloc(size_t nmemb, size_t size)
-{
- void* p;
-
- p=OPENSSL_malloc(nmemb*size);
- if (p){
- memset(p, 0, nmemb*size);
- }
- return p;
-}
-
-#define kssl_malloc(size) OPENSSL_malloc((size))
-#define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size)
-#define kssl_free(ptr) OPENSSL_free((ptr))
-
-
-char
-*kstring(char *string)
- {
- static char *null = "[NULL]";
-
- return ((string == NULL)? null: string);
- }
-
-/* Given KRB5 enctype (basically DES or 3DES),
-** return closest match openssl EVP_ encryption algorithm.
-** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes.
-** Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK.
-*/
-const EVP_CIPHER *
-kssl_map_enc(krb5_enctype enctype)
- {
- switch (enctype)
- {
- case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */
- case ENCTYPE_DES_CBC_CRC:
- case ENCTYPE_DES_CBC_MD4:
- case ENCTYPE_DES_CBC_MD5:
- case ENCTYPE_DES_CBC_RAW:
- return EVP_des_cbc();
- break;
- case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
- case ENCTYPE_DES3_CBC_SHA:
- case ENCTYPE_DES3_CBC_RAW:
- return EVP_des_ede3_cbc();
- break;
- default: return NULL;
- break;
- }
- }
-
-
-/* Return true:1 if p "looks like" the start of the real authenticator
-** described in kssl_skip_confound() below. The ASN.1 pattern is
-** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
-** xx and yy are possibly multi-byte length fields.
-*/
-int kssl_test_confound(unsigned char *p)
- {
- int len = 2;
- int xx = 0, yy = 0;
-
- if (*p++ != 0x62) return 0;
- if (*p > 0x82) return 0;
- switch(*p) {
- case 0x82: p++; xx = (*p++ << 8); xx += *p++; break;
- case 0x81: p++; xx = *p++; break;
- case 0x80: return 0;
- default: xx = *p++; break;
- }
- if (*p++ != 0x30) return 0;
- if (*p > 0x82) return 0;
- switch(*p) {
- case 0x82: p++; len+=2; yy = (*p++ << 8); yy += *p++; break;
- case 0x81: p++; len++; yy = *p++; break;
- case 0x80: return 0;
- default: yy = *p++; break;
- }
-
- return (xx - len == yy)? 1: 0;
- }
-
-/* Allocate, fill, and return cksumlens array of checksum lengths.
-** This array holds just the unique elements from the krb5_cksumarray[].
-** array[n] == 0 signals end of data.
-**
-** The krb5_cksumarray[] was an internal variable that has since been
-** replaced by a more general method for storing the data. It should
-** not be used. Instead we use real API calls and make a guess for
-** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2
-** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010.
-*/
-size_t *populate_cksumlens(void)
- {
- int i, j, n;
- static size_t *cklens = NULL;
-
-#ifdef KRB5_MIT_OLD11
- n = krb5_max_cksum;
-#else
- n = 0x0010;
-#endif /* KRB5_MIT_OLD11 */
-
-#ifdef KRB5CHECKAUTH
- if (!cklens && !(cklens = (size_t *) calloc(sizeof(int),n+1))) return NULL;
-
- for (i=0; i < n; i++) {
- if (!valid_cksumtype(i)) continue; /* array has holes */
- for (j=0; j < n; j++) {
- if (cklens[j] == 0) {
- cklens[j] = krb5_checksum_size(NULL,i);
- break; /* krb5 elem was new: add */
- }
- if (cklens[j] == krb5_checksum_size(NULL,i)) {
- break; /* ignore duplicate elements */
- }
- }
- }
-#endif /* KRB5CHECKAUTH */
-
- return cklens;
- }
-
-/* Return pointer to start of real authenticator within authenticator, or
-** return NULL on error.
-** Decrypted authenticator looks like this:
-** [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r]
-** This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the
-** krb5_auth_con_getcksumtype() function advertised in its krb5.h.
-*/
-unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a)
- {
- int i, conlen;
- size_t cklen;
- static size_t *cksumlens = NULL;
- unsigned char *test_auth;
-
- conlen = (etype)? 8: 0;
-
- if (!cksumlens && !(cksumlens = populate_cksumlens())) return NULL;
- for (i=0; (cklen = cksumlens[i]) != 0; i++)
- {
- test_auth = a + conlen + cklen;
- if (kssl_test_confound(test_auth)) return test_auth;
- }
-
- return NULL;
- }
-
-
-/* Set kssl_err error info when reason text is a simple string
-** kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; }
-*/
-void
-kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text)
- {
- if (kssl_err == NULL) return;
-
- kssl_err->reason = reason;
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, "%s", text);
- return;
- }
-
-
-/* Display contents of krb5_data struct, for debugging
-*/
-void
-print_krb5_data(char *label, krb5_data *kdata)
- {
- int i;
-
- printf("%s[%d] ", label, kdata->length);
- for (i=0; i < (int)kdata->length; i++)
- {
- if (0 && isprint((int) kdata->data[i]))
- printf( "%c ", kdata->data[i]);
- else
- printf( "%02x ", (unsigned char) kdata->data[i]);
- }
- printf("\n");
- }
-
-
-/* Display contents of krb5_authdata struct, for debugging
-*/
-void
-print_krb5_authdata(char *label, krb5_authdata **adata)
- {
- if (adata == NULL)
- {
- printf("%s, authdata==0\n", label);
- return;
- }
- printf("%s [%p]\n", label, (void *)adata);
-#if 0
- {
- int i;
- printf("%s[at%d:%d] ", label, adata->ad_type, adata->length);
- for (i=0; i < adata->length; i++)
- {
- printf((isprint(adata->contents[i]))? "%c ": "%02x",
- adata->contents[i]);
- }
- printf("\n");
- }
-#endif
- }
-
-
-/* Display contents of krb5_keyblock struct, for debugging
-*/
-void
-print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
- {
- int i;
-
- if (keyblk == NULL)
- {
- printf("%s, keyblk==0\n", label);
- return;
- }
-#ifdef KRB5_HEIMDAL
- printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,
- keyblk->keyvalue->length);
- for (i=0; i < (int)keyblk->keyvalue->length; i++)
- {
- printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
- }
- printf("\n");
-#else
- printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
- for (i=0; i < (int)keyblk->length; i++)
- {
- printf("%02x",keyblk->contents[i]);
- }
- printf("\n");
-#endif
- }
-
-
-/* Display contents of krb5_principal_data struct, for debugging
-** (krb5_principal is typedef'd == krb5_principal_data *)
-*/
-void
-print_krb5_princ(char *label, krb5_principal_data *princ)
- {
- int i, ui, uj;
-
- printf("%s principal Realm: ", label);
- if (princ == NULL) return;
- for (ui=0; ui < (int)princ->realm.length; ui++) putchar(princ->realm.data[ui]);
- printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
- for (i=0; i < (int)princ->length; i++)
- {
- printf("\t%d [%d]: ", i, princ->data[i].length);
- for (uj=0; uj < (int)princ->data[i].length; uj++) {
- putchar(princ->data[i].data[uj]);
- }
- printf("\n");
- }
- return;
- }
-
-
-/* Given krb5 service (typically "kssl") and hostname in kssl_ctx,
-** Return encrypted Kerberos ticket for service @ hostname.
-** If authenp is non-NULL, also return encrypted authenticator,
-** whose data should be freed by caller.
-** (Originally was: Create Kerberos AP_REQ message for SSL Client.)
-**
-** 19990628 VRS Started; Returns Kerberos AP_REQ message.
-** 20010409 VRS Modified for RFC2712; Returns enc tkt.
-** 20010606 VRS May also return optional authenticator.
-*/
-krb5_error_code
-kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
- /* OUT */ krb5_data **enc_ticketp,
- /* UPDATE */ krb5_data *authenp,
- /* OUT */ KSSL_ERR *kssl_err)
- {
- krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
- krb5_context krb5context = NULL;
- krb5_auth_context krb5auth_context = NULL;
- krb5_ccache krb5ccdef = NULL;
- krb5_creds krb5creds, *krb5credsp = NULL;
- krb5_data krb5_app_req;
-
- kssl_err_set(kssl_err, 0, "");
- memset((char *)&krb5creds, 0, sizeof(krb5creds));
-
- if (!kssl_ctx)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "No kssl_ctx defined.\n");
- goto err;
- }
- else if (!kssl_ctx->service_host)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "kssl_ctx service_host undefined.\n");
- goto err;
- }
-
- if ((krb5rc = krb5_init_context(&krb5context)) != 0)
- {
- BIO_snprintf(kssl_err->text,KSSL_ERR_MAX,
- "krb5_init_context() fails: %d\n", krb5rc);
- kssl_err->reason = SSL_R_KRB5_C_INIT;
- goto err;
- }
-
- if ((krb5rc = krb5_sname_to_principal(krb5context,
- kssl_ctx->service_host,
- (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
- KRB5_NT_SRV_HST, &krb5creds.server)) != 0)
- {
- BIO_snprintf(kssl_err->text,KSSL_ERR_MAX,
- "krb5_sname_to_principal() fails for %s/%s\n",
- kssl_ctx->service_host,
- (kssl_ctx->service_name)? kssl_ctx->service_name:
- KRB5SVC);
- kssl_err->reason = SSL_R_KRB5_C_INIT;
- goto err;
- }
-
- if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
- "krb5_cc_default fails.\n");
- goto err;
- }
-
- if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
- &krb5creds.client)) != 0)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
- "krb5_cc_get_principal() fails.\n");
- goto err;
- }
-
- if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
- &krb5creds, &krb5credsp)) != 0)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED,
- "krb5_get_credentials() fails.\n");
- goto err;
- }
-
- *enc_ticketp = &krb5credsp->ticket;
-#ifdef KRB5_HEIMDAL
- kssl_ctx->enctype = krb5credsp->session.keytype;
-#else
- kssl_ctx->enctype = krb5credsp->keyblock.enctype;
-#endif
-
- krb5rc = KRB5KRB_ERR_GENERIC;
- /* caller should free data of krb5_app_req */
- /* 20010406 VRS deleted for real KerberosWrapper
- ** 20010605 VRS reinstated to offer Authenticator to KerberosWrapper
- */
- krb5_app_req.length = 0;
- if (authenp)
- {
- krb5_data krb5in_data;
- const unsigned char *p;
- long arlen;
- KRB5_APREQBODY *ap_req;
-
- authenp->length = 0;
- krb5in_data.data = NULL;
- krb5in_data.length = 0;
- if ((krb5rc = krb5_mk_req_extended(krb5context,
- &krb5auth_context, 0, &krb5in_data, krb5credsp,
- &krb5_app_req)) != 0)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ,
- "krb5_mk_req_extended() fails.\n");
- goto err;
- }
-
- arlen = krb5_app_req.length;
- p = (unsigned char *)krb5_app_req.data;
- ap_req = (KRB5_APREQBODY *) d2i_KRB5_APREQ(NULL, &p, arlen);
- if (ap_req)
- {
- authenp->length = i2d_KRB5_ENCDATA(
- ap_req->authenticator, NULL);
- if (authenp->length &&
- (authenp->data = malloc(authenp->length)))
- {
- unsigned char *adp = (unsigned char *)authenp->data;
- authenp->length = i2d_KRB5_ENCDATA(
- ap_req->authenticator, &adp);
- }
- }
-
- if (ap_req) KRB5_APREQ_free((KRB5_APREQ *) ap_req);
- if (krb5_app_req.length)
- kssl_krb5_free_data_contents(krb5context,&krb5_app_req);
- }
-#ifdef KRB5_HEIMDAL
- if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
- "kssl_ctx_setkey() fails.\n");
- }
-#else
- if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
- "kssl_ctx_setkey() fails.\n");
- }
-#endif
- else krb5rc = 0;
-
- err:
-#ifdef KSSL_DEBUG
- kssl_ctx_show(kssl_ctx);
-#endif /* KSSL_DEBUG */
-
- if (krb5creds.client) krb5_free_principal(krb5context,
- krb5creds.client);
- if (krb5creds.server) krb5_free_principal(krb5context,
- krb5creds.server);
- if (krb5auth_context) krb5_auth_con_free(krb5context,
- krb5auth_context);
- if (krb5context) krb5_free_context(krb5context);
- return (krb5rc);
- }
-
-
-/* Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
-** Return Kerberos error code and kssl_err struct on error.
-** Allocates krb5_ticket and krb5_principal; caller should free these.
-**
-** 20010410 VRS Implemented krb5_decode_ticket() as
-** old_krb5_decode_ticket(). Missing from MIT1.0.6.
-** 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions.
-** Re-used some of the old krb5_decode_ticket()
-** code here. This tkt should alloc/free just
-** like the real thing.
-*/
-krb5_error_code
-kssl_TKT2tkt( /* IN */ krb5_context krb5context,
- /* IN */ KRB5_TKTBODY *asn1ticket,
- /* OUT */ krb5_ticket **krb5ticket,
- /* OUT */ KSSL_ERR *kssl_err )
- {
- krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
- krb5_ticket *new5ticket = NULL;
- ASN1_GENERALSTRING *gstr_svc, *gstr_host;
-
- *krb5ticket = NULL;
-
- if (asn1ticket == NULL || asn1ticket->realm == NULL ||
- asn1ticket->sname == NULL ||
- sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2)
- {
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "Null field in asn1ticket.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- return KRB5KRB_ERR_GENERIC;
- }
-
- if ((new5ticket = (krb5_ticket *) calloc(1, sizeof(krb5_ticket)))==NULL)
- {
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "Unable to allocate new krb5_ticket.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- return ENOMEM; /* or KRB5KRB_ERR_GENERIC; */
- }
-
- gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
- gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);
-
- if ((krb5rc = kssl_build_principal_2(krb5context,
- &new5ticket->server,
- asn1ticket->realm->length, (char *)asn1ticket->realm->data,
- gstr_svc->length, (char *)gstr_svc->data,
- gstr_host->length, (char *)gstr_host->data)) != 0)
- {
- free(new5ticket);
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "Error building ticket server principal.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- return krb5rc; /* or KRB5KRB_ERR_GENERIC; */
- }
-
- krb5_princ_type(krb5context, new5ticket->server) =
- asn1ticket->sname->nametype->data[0];
- new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
- new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];
- new5ticket->enc_part.ciphertext.length =
- asn1ticket->encdata->cipher->length;
- if ((new5ticket->enc_part.ciphertext.data =
- calloc(1, asn1ticket->encdata->cipher->length)) == NULL)
- {
- free(new5ticket);
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "Error allocating cipher in krb5ticket.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- return KRB5KRB_ERR_GENERIC;
- }
- else
- {
- memcpy(new5ticket->enc_part.ciphertext.data,
- asn1ticket->encdata->cipher->data,
- asn1ticket->encdata->cipher->length);
- }
-
- *krb5ticket = new5ticket;
- return 0;
- }
-
-
-/* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
-** and krb5 AP_REQ message & message length,
-** Return Kerberos session key and client principle
-** to SSL Server in KSSL_CTX *kssl_ctx.
-**
-** 19990702 VRS Started.
-*/
-krb5_error_code
-kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
- /* IN */ krb5_data *indata,
- /* OUT */ krb5_ticket_times *ttimes,
- /* OUT */ KSSL_ERR *kssl_err )
- {
- krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
- static krb5_context krb5context = NULL;
- static krb5_auth_context krb5auth_context = NULL;
- krb5_ticket *krb5ticket = NULL;
- KRB5_TKTBODY *asn1ticket = NULL;
- const unsigned char *p;
- krb5_keytab krb5keytab = NULL;
- krb5_keytab_entry kt_entry;
- krb5_principal krb5server;
- krb5_rcache rcache = NULL;
-
- kssl_err_set(kssl_err, 0, "");
-
- if (!kssl_ctx)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "No kssl_ctx defined.\n");
- goto err;
- }
-
-#ifdef KSSL_DEBUG
- printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
-#endif /* KSSL_DEBUG */
-
- if (!krb5context && (krb5rc = krb5_init_context(&krb5context)))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_init_context() fails.\n");
- goto err;
- }
- if (krb5auth_context &&
- (krb5rc = krb5_auth_con_free(krb5context, krb5auth_context)))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_auth_con_free() fails.\n");
- goto err;
- }
- else krb5auth_context = NULL;
- if (!krb5auth_context &&
- (krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context)))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_auth_con_init() fails.\n");
- goto err;
- }
-
-
- if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context,
- &rcache)))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_auth_con_getrcache() fails.\n");
- goto err;
- }
-
- if ((krb5rc = krb5_sname_to_principal(krb5context, NULL,
- (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
- KRB5_NT_SRV_HST, &krb5server)) != 0)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_sname_to_principal() fails.\n");
- goto err;
- }
-
- if (rcache == NULL)
- {
- if ((krb5rc = krb5_get_server_rcache(krb5context,
- krb5_princ_component(krb5context, krb5server, 0),
- &rcache)))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_get_server_rcache() fails.\n");
- goto err;
- }
- }
-
- if ((krb5rc = krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache)))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_auth_con_setrcache() fails.\n");
- goto err;
- }
-
-
- /* kssl_ctx->keytab_file == NULL ==> use Kerberos default
- */
- if (kssl_ctx->keytab_file)
- {
- krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
- &krb5keytab);
- if (krb5rc)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_kt_resolve() fails.\n");
- goto err;
- }
- }
- else
- {
- krb5rc = krb5_kt_default(krb5context,&krb5keytab);
- if (krb5rc)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_kt_default() fails.\n");
- goto err;
- }
- }
-
- /* Actual Kerberos5 krb5_recvauth() has initial conversation here
- ** o check KRB5_SENDAUTH_BADAUTHVERS
- ** unless KRB5_RECVAUTH_SKIP_VERSION
- ** o check KRB5_SENDAUTH_BADAPPLVERS
- ** o send "0" msg if all OK
- */
-
- /* 20010411 was using AP_REQ instead of true KerberosWrapper
- **
- ** if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context,
- ** &krb5in_data, krb5server, krb5keytab,
- ** &ap_option, &krb5ticket)) != 0) { Error }
- */
-
- p = (unsigned char *)indata->data;
- if ((asn1ticket = (KRB5_TKTBODY *) d2i_KRB5_TICKET(NULL, &p,
- (long) indata->length)) == NULL)
- {
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "d2i_KRB5_TICKET() ASN.1 decode failure.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- goto err;
- }
-
- /* Was: krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0) */
- if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket,
- kssl_err)) != 0)
- {
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "Error converting ASN.1 ticket to krb5_ticket.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- goto err;
- }
-
- if (! krb5_principal_compare(krb5context, krb5server,
- krb5ticket->server)) {
- krb5rc = KRB5_PRINC_NOMATCH;
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "server principal != ticket principal\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- goto err;
- }
- if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
- krb5ticket->server, krb5ticket->enc_part.kvno,
- krb5ticket->enc_part.enctype, &kt_entry)) != 0) {
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "krb5_kt_get_entry() fails with %x.\n", krb5rc);
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- goto err;
- }
- if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key,
- krb5ticket)) != 0) {
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "krb5_decrypt_tkt_part() failed.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- goto err;
- }
- else {
- krb5_kt_free_entry(krb5context, &kt_entry);
-#ifdef KSSL_DEBUG
- {
- int i; krb5_address **paddr = krb5ticket->enc_part2->caddrs;
- printf("Decrypted ticket fields:\n");
- printf("\tflags: %X, transit-type: %X",
- krb5ticket->enc_part2->flags,
- krb5ticket->enc_part2->transited.tr_type);
- print_krb5_data("\ttransit-data: ",
- &(krb5ticket->enc_part2->transited.tr_contents));
- printf("\tcaddrs: %p, authdata: %p\n",
- krb5ticket->enc_part2->caddrs,
- krb5ticket->enc_part2->authorization_data);
- if (paddr)
- {
- printf("\tcaddrs:\n");
- for (i=0; paddr[i] != NULL; i++)
- {
- krb5_data d;
- d.length=paddr[i]->length;
- d.data=paddr[i]->contents;
- print_krb5_data("\t\tIP: ", &d);
- }
- }
- printf("\tstart/auth/end times: %d / %d / %d\n",
- krb5ticket->enc_part2->times.starttime,
- krb5ticket->enc_part2->times.authtime,
- krb5ticket->enc_part2->times.endtime);
- }
-#endif /* KSSL_DEBUG */
- }
-
- krb5rc = KRB5_NO_TKT_SUPPLIED;
- if (!krb5ticket || !krb5ticket->enc_part2 ||
- !krb5ticket->enc_part2->client ||
- !krb5ticket->enc_part2->client->data ||
- !krb5ticket->enc_part2->session)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
- "bad ticket from krb5_rd_req.\n");
- }
- else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
- &krb5ticket->enc_part2->client->realm,
- krb5ticket->enc_part2->client->data,
- krb5ticket->enc_part2->client->length))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
- "kssl_ctx_setprinc() fails.\n");
- }
- else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
- "kssl_ctx_setkey() fails.\n");
- }
- else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID)
- {
- krb5rc = KRB5KRB_AP_ERR_TKT_INVALID;
- kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
- "invalid ticket from krb5_rd_req.\n");
- }
- else krb5rc = 0;
-
- kssl_ctx->enctype = krb5ticket->enc_part.enctype;
- ttimes->authtime = krb5ticket->enc_part2->times.authtime;
- ttimes->starttime = krb5ticket->enc_part2->times.starttime;
- ttimes->endtime = krb5ticket->enc_part2->times.endtime;
- ttimes->renew_till = krb5ticket->enc_part2->times.renew_till;
-
- err:
-#ifdef KSSL_DEBUG
- kssl_ctx_show(kssl_ctx);
-#endif /* KSSL_DEBUG */
-
- if (asn1ticket) KRB5_TICKET_free((KRB5_TICKET *) asn1ticket);
- if (krb5keytab) krb5_kt_close(krb5context, krb5keytab);
- if (krb5ticket) krb5_free_ticket(krb5context, krb5ticket);
- if (krb5server) krb5_free_principal(krb5context, krb5server);
- return (krb5rc);
- }
-
-
-/* Allocate & return a new kssl_ctx struct.
-*/
-KSSL_CTX *
-kssl_ctx_new(void)
- {
- return ((KSSL_CTX *) kssl_calloc(1, sizeof(KSSL_CTX)));
- }
-
-
-/* Frees a kssl_ctx struct and any allocated memory it holds.
-** Returns NULL.
-*/
-KSSL_CTX *
-kssl_ctx_free(KSSL_CTX *kssl_ctx)
- {
- if (kssl_ctx == NULL) return kssl_ctx;
-
- if (kssl_ctx->key) OPENSSL_cleanse(kssl_ctx->key,
- kssl_ctx->length);
- if (kssl_ctx->key) kssl_free(kssl_ctx->key);
- if (kssl_ctx->client_princ) kssl_free(kssl_ctx->client_princ);
- if (kssl_ctx->service_host) kssl_free(kssl_ctx->service_host);
- if (kssl_ctx->service_name) kssl_free(kssl_ctx->service_name);
- if (kssl_ctx->keytab_file) kssl_free(kssl_ctx->keytab_file);
-
- kssl_free(kssl_ctx);
- return (KSSL_CTX *) NULL;
- }
-
-
-/* Given an array of (krb5_data *) entity (and optional realm),
-** set the plain (char *) client_princ or service_host member
-** of the kssl_ctx struct.
-*/
-krb5_error_code
-kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
- krb5_data *realm, krb5_data *entity, int nentities)
- {
- char **princ;
- int length;
- int i;
-
- if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR;
-
- switch (which)
- {
- case KSSL_CLIENT: princ = &kssl_ctx->client_princ; break;
- case KSSL_SERVER: princ = &kssl_ctx->service_host; break;
- default: return KSSL_CTX_ERR; break;
- }
- if (*princ) kssl_free(*princ);
-
- /* Add up all the entity->lengths */
- length = 0;
- for (i=0; i < nentities; i++)
- {
- length += entity[i].length;
- }
- /* Add in space for the '/' character(s) (if any) */
- length += nentities-1;
- /* Space for the ('@'+realm+NULL | NULL) */
- length += ((realm)? realm->length + 2: 1);
-
- if ((*princ = kssl_calloc(1, length)) == NULL)
- return KSSL_CTX_ERR;
- else
- {
- for (i = 0; i < nentities; i++)
- {
- strncat(*princ, entity[i].data, entity[i].length);
- if (i < nentities-1)
- {
- strcat (*princ, "/");
- }
- }
- if (realm)
- {
- strcat (*princ, "@");
- (void) strncat(*princ, realm->data, realm->length);
- }
- }
-
- return KSSL_CTX_OK;
- }
-
-
-/* Set one of the plain (char *) string members of the kssl_ctx struct.
-** Default values should be:
-** which == KSSL_SERVICE => "khost" (KRB5SVC)
-** which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB)
-*/
-krb5_error_code
-kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
- {
- char **string;
-
- if (!kssl_ctx) return KSSL_CTX_ERR;
-
- switch (which)
- {
- case KSSL_SERVICE: string = &kssl_ctx->service_name; break;
- case KSSL_SERVER: string = &kssl_ctx->service_host; break;
- case KSSL_CLIENT: string = &kssl_ctx->client_princ; break;
- case KSSL_KEYTAB: string = &kssl_ctx->keytab_file; break;
- default: return KSSL_CTX_ERR; break;
- }
- if (*string) kssl_free(*string);
-
- if (!text)
- {
- *string = '\0';
- return KSSL_CTX_OK;
- }
-
- if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL)
- return KSSL_CTX_ERR;
- else
- strcpy(*string, text);
-
- return KSSL_CTX_OK;
- }
-
-
-/* Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx
-** struct. Clear kssl_ctx->key if Kerberos session key is NULL.
-*/
-krb5_error_code
-kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
- {
- int length;
- krb5_enctype enctype;
- krb5_octet FAR *contents = NULL;
-
- if (!kssl_ctx) return KSSL_CTX_ERR;
-
- if (kssl_ctx->key)
- {
- OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
- kssl_free(kssl_ctx->key);
- }
-
- if (session)
- {
-
-#ifdef KRB5_HEIMDAL
- length = session->keyvalue->length;
- enctype = session->keytype;
- contents = session->keyvalue->contents;
-#else
- length = session->length;
- enctype = session->enctype;
- contents = session->contents;
-#endif
- kssl_ctx->enctype = enctype;
- kssl_ctx->length = length;
- }
- else
- {
- kssl_ctx->enctype = ENCTYPE_UNKNOWN;
- kssl_ctx->length = 0;
- return KSSL_CTX_OK;
- }
-
- if ((kssl_ctx->key =
- (krb5_octet FAR *) kssl_calloc(1, kssl_ctx->length)) == NULL)
- {
- kssl_ctx->length = 0;
- return KSSL_CTX_ERR;
- }
- else
- memcpy(kssl_ctx->key, contents, length);
-
- return KSSL_CTX_OK;
- }
-
-
-/* Display contents of kssl_ctx struct
-*/
-void
-kssl_ctx_show(KSSL_CTX *kssl_ctx)
- {
- int i;
-
- printf("kssl_ctx: ");
- if (kssl_ctx == NULL)
- {
- printf("NULL\n");
- return;
- }
- else
- printf("%p\n", (void *)kssl_ctx);
-
- printf("\tservice:\t%s\n",
- (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL");
- printf("\tclient:\t%s\n",
- (kssl_ctx->client_princ)? kssl_ctx->client_princ: "NULL");
- printf("\tserver:\t%s\n",
- (kssl_ctx->service_host)? kssl_ctx->service_host: "NULL");
- printf("\tkeytab:\t%s\n",
- (kssl_ctx->keytab_file)? kssl_ctx->keytab_file: "NULL");
- printf("\tkey [%d:%d]:\t",
- kssl_ctx->enctype, kssl_ctx->length);
-
- for (i=0; i < kssl_ctx->length && kssl_ctx->key; i++)
- {
- printf("%02x", kssl_ctx->key[i]);
- }
- printf("\n");
- return;
- }
-
- int
- kssl_keytab_is_available(KSSL_CTX *kssl_ctx)
-{
- krb5_context krb5context = NULL;
- krb5_keytab krb5keytab = NULL;
- krb5_keytab_entry entry;
- krb5_principal princ = NULL;
- krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
- int rc = 0;
-
- if ((krb5rc = krb5_init_context(&krb5context)))
- return(0);
-
- /* kssl_ctx->keytab_file == NULL ==> use Kerberos default
- */
- if (kssl_ctx->keytab_file)
- {
- krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
- &krb5keytab);
- if (krb5rc)
- goto exit;
- }
- else
- {
- krb5rc = krb5_kt_default(krb5context,&krb5keytab);
- if (krb5rc)
- goto exit;
- }
-
- /* the host key we are looking for */
- krb5rc = krb5_sname_to_principal(krb5context, NULL,
- kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,
- KRB5_NT_SRV_HST, &princ);
-
- if (krb5rc)
- goto exit;
-
- krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
- princ,
- 0 /* IGNORE_VNO */,
- 0 /* IGNORE_ENCTYPE */,
- &entry);
- if ( krb5rc == KRB5_KT_NOTFOUND ) {
- rc = 1;
- goto exit;
- } else if ( krb5rc )
- goto exit;
-
- krb5_kt_free_entry(krb5context, &entry);
- rc = 1;
-
- exit:
- if (krb5keytab) krb5_kt_close(krb5context, krb5keytab);
- if (princ) krb5_free_principal(krb5context, princ);
- if (krb5context) krb5_free_context(krb5context);
- return(rc);
-}
-
-int
-kssl_tgt_is_available(KSSL_CTX *kssl_ctx)
- {
- krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
- krb5_context krb5context = NULL;
- krb5_ccache krb5ccdef = NULL;
- krb5_creds krb5creds, *krb5credsp = NULL;
- int rc = 0;
-
- memset((char *)&krb5creds, 0, sizeof(krb5creds));
-
- if (!kssl_ctx)
- return(0);
-
- if (!kssl_ctx->service_host)
- return(0);
-
- if ((krb5rc = krb5_init_context(&krb5context)) != 0)
- goto err;
-
- if ((krb5rc = krb5_sname_to_principal(krb5context,
- kssl_ctx->service_host,
- (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
- KRB5_NT_SRV_HST, &krb5creds.server)) != 0)
- goto err;
-
- if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
- goto err;
-
- if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
- &krb5creds.client)) != 0)
- goto err;
-
- if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
- &krb5creds, &krb5credsp)) != 0)
- goto err;
-
- rc = 1;
-
- err:
-#ifdef KSSL_DEBUG
- kssl_ctx_show(kssl_ctx);
-#endif /* KSSL_DEBUG */
-
- if (krb5creds.client) krb5_free_principal(krb5context, krb5creds.client);
- if (krb5creds.server) krb5_free_principal(krb5context, krb5creds.server);
- if (krb5context) krb5_free_context(krb5context);
- return(rc);
- }
-
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32)
-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
- {
-#ifdef KRB5_HEIMDAL
- data->length = 0;
- if (data->data)
- free(data->data);
-#elif defined(KRB5_MIT_OLD11)
- if (data->data) {
- krb5_xfree(data->data);
- data->data = 0;
- }
-#else
- krb5_free_data_contents(NULL, data);
-#endif
- }
-#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
-
-
-/* Given pointers to KerberosTime and struct tm structs, convert the
-** KerberosTime string to struct tm. Note that KerberosTime is a
-** ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional
-** seconds as defined in RFC 1510.
-** Return pointer to the (partially) filled in struct tm on success,
-** return NULL on failure.
-*/
-struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
- {
- char c, *p;
-
- if (!k_tm) return NULL;
- if (gtime == NULL || gtime->length < 14) return NULL;
- if (gtime->data == NULL) return NULL;
-
- p = (char *)>ime->data[14];
-
- c = *p; *p = '\0'; p -= 2; k_tm->tm_sec = atoi(p); *(p+2) = c;
- c = *p; *p = '\0'; p -= 2; k_tm->tm_min = atoi(p); *(p+2) = c;
- c = *p; *p = '\0'; p -= 2; k_tm->tm_hour = atoi(p); *(p+2) = c;
- c = *p; *p = '\0'; p -= 2; k_tm->tm_mday = atoi(p); *(p+2) = c;
- c = *p; *p = '\0'; p -= 2; k_tm->tm_mon = atoi(p)-1; *(p+2) = c;
- c = *p; *p = '\0'; p -= 4; k_tm->tm_year = atoi(p)-1900; *(p+4) = c;
-
- return k_tm;
- }
-
-
-/* Helper function for kssl_validate_times().
-** We need context->clockskew, but krb5_context is an opaque struct.
-** So we try to sneek the clockskew out through the replay cache.
-** If that fails just return a likely default (300 seconds).
-*/
-krb5_deltat get_rc_clockskew(krb5_context context)
- {
- krb5_rcache rc;
- krb5_deltat clockskew;
-
- if (krb5_rc_default(context, &rc)) return KSSL_CLOCKSKEW;
- if (krb5_rc_initialize(context, rc, 0)) return KSSL_CLOCKSKEW;
- if (krb5_rc_get_lifespan(context, rc, &clockskew)) {
- clockskew = KSSL_CLOCKSKEW;
- }
- (void) krb5_rc_destroy(context, rc);
- return clockskew;
- }
-
-
-/* kssl_validate_times() combines (and more importantly exposes)
-** the MIT KRB5 internal function krb5_validate_times() and the
-** in_clock_skew() macro. The authenticator client time is checked
-** to be within clockskew secs of the current time and the current
-** time is checked to be within the ticket start and expire times.
-** Either check may be omitted by supplying a NULL value.
-** Returns 0 for valid times, SSL_R_KRB5* error codes otherwise.
-** See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c
-** 20010420 VRS
-*/
-krb5_error_code kssl_validate_times( krb5_timestamp atime,
- krb5_ticket_times *ttimes)
- {
- krb5_deltat skew;
- krb5_timestamp start, now;
- krb5_error_code rc;
- krb5_context context;
-
- if ((rc = krb5_init_context(&context))) return SSL_R_KRB5_S_BAD_TICKET;
- skew = get_rc_clockskew(context);
- if ((rc = krb5_timeofday(context,&now))) return SSL_R_KRB5_S_BAD_TICKET;
- krb5_free_context(context);
-
- if (atime && labs(atime - now) >= skew) return SSL_R_KRB5_S_TKT_SKEW;
-
- if (! ttimes) return 0;
-
- start = (ttimes->starttime != 0)? ttimes->starttime: ttimes->authtime;
- if (start - now > skew) return SSL_R_KRB5_S_TKT_NYV;
- if ((now - ttimes->endtime) > skew) return SSL_R_KRB5_S_TKT_EXPIRED;
-
-#ifdef KSSL_DEBUG
- printf("kssl_validate_times: %d |<- | %d - %d | < %d ->| %d\n",
- start, atime, now, skew, ttimes->endtime);
-#endif /* KSSL_DEBUG */
-
- return 0;
- }
-
-
-/* Decode and decrypt given DER-encoded authenticator, then pass
-** authenticator ctime back in *atimep (or 0 if time unavailable).
-** Returns krb5_error_code and kssl_err on error. A NULL
-** authenticator (authentp->length == 0) is not considered an error.
-** Note that kssl_check_authent() makes use of the KRB5 session key;
-** you must call kssl_sget_tkt() to get the key before calling this routine.
-*/
-krb5_error_code kssl_check_authent(
- /* IN */ KSSL_CTX *kssl_ctx,
- /* IN */ krb5_data *authentp,
- /* OUT */ krb5_timestamp *atimep,
- /* OUT */ KSSL_ERR *kssl_err )
- {
- krb5_error_code krb5rc = 0;
- KRB5_ENCDATA *dec_authent = NULL;
- KRB5_AUTHENTBODY *auth = NULL;
- krb5_enctype enctype;
- EVP_CIPHER_CTX ciph_ctx;
- const EVP_CIPHER *enc = NULL;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- const unsigned char *p;
- unsigned char *unenc_authent;
- int outl, unencbufsize;
- struct tm tm_time, *tm_l, *tm_g;
- time_t now, tl, tg, tr, tz_offset;
-
- EVP_CIPHER_CTX_init(&ciph_ctx);
- *atimep = 0;
- kssl_err_set(kssl_err, 0, "");
-
-#ifndef KRB5CHECKAUTH
- authentp = NULL;
-#else
-#if KRB5CHECKAUTH == 0
- authentp = NULL;
-#endif
-#endif /* KRB5CHECKAUTH */
-
- if (authentp == NULL || authentp->length == 0) return 0;
-
-#ifdef KSSL_DEBUG
- {
- unsigned int ui;
- printf("kssl_check_authent: authenticator[%d]:\n",authentp->length);
- p = authentp->data;
- for (ui=0; ui < authentp->length; ui++) printf("%02x ",p[ui]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- unencbufsize = 2 * authentp->length;
- if ((unenc_authent = calloc(1, unencbufsize)) == NULL)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "Unable to allocate authenticator buffer.\n");
- krb5rc = KRB5KRB_ERR_GENERIC;
- goto err;
- }
-
- p = (unsigned char *)authentp->data;
- if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p,
- (long) authentp->length)) == NULL)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "Error decoding authenticator.\n");
- krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- goto err;
- }
-
- enctype = dec_authent->etype->data[0]; /* should = kssl_ctx->enctype */
-#if !defined(KRB5_MIT_OLD11)
- switch ( enctype ) {
- case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
- case ENCTYPE_DES3_CBC_SHA:
- case ENCTYPE_DES3_CBC_RAW:
- krb5rc = 0; /* Skip, can't handle derived keys */
- goto err;
- }
-#endif
- enc = kssl_map_enc(enctype);
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
-
- if (enc == NULL)
- {
- /* Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1.
- ** This enctype indicates the authenticator was encrypted
- ** using key-usage derived keys which openssl cannot decrypt.
- */
- goto err;
- }
-
- if (!EVP_CipherInit(&ciph_ctx,enc,kssl_ctx->key,iv,0))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "EVP_CipherInit error decrypting authenticator.\n");
- krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- goto err;
- }
- outl = dec_authent->cipher->length;
- if (!EVP_Cipher(&ciph_ctx,unenc_authent,dec_authent->cipher->data,outl))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "EVP_Cipher error decrypting authenticator.\n");
- krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- goto err;
- }
- EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-#ifdef KSSL_DEBUG
- printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);
- for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]);
- printf("\n");
-#endif /* KSSL_DEBUG */
-
- if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "confounded by authenticator.\n");
- krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- goto err;
- }
- outl -= p - unenc_authent;
-
- if ((auth = (KRB5_AUTHENTBODY *) d2i_KRB5_AUTHENT(NULL, &p,
- (long) outl))==NULL)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "Error decoding authenticator body.\n");
- krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- goto err;
- }
-
- memset(&tm_time,0,sizeof(struct tm));
- if (k_gmtime(auth->ctime, &tm_time) &&
- ((tr = mktime(&tm_time)) != (time_t)(-1)))
- {
- now = time(&now);
- tm_l = localtime(&now); tl = mktime(tm_l);
- tm_g = gmtime(&now); tg = mktime(tm_g);
- tz_offset = tg - tl;
-
- *atimep = tr - tz_offset;
- }
-
-#ifdef KSSL_DEBUG
- printf("kssl_check_authent: returns %d for client time ", *atimep);
- if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
- printf("%.*s\n", auth->ctime->length, auth->ctime->data);
- else printf("NULL\n");
-#endif /* KSSL_DEBUG */
-
- err:
- if (auth) KRB5_AUTHENT_free((KRB5_AUTHENT *) auth);
- if (dec_authent) KRB5_ENCDATA_free(dec_authent);
- if (unenc_authent) free(unenc_authent);
- EVP_CIPHER_CTX_cleanup(&ciph_ctx);
- return krb5rc;
- }
-
-
-/* Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host),
-** because I dont't know how to stub varargs.
-** Returns krb5_error_code == ENOMEM on alloc error, otherwise
-** passes back newly constructed principal, which should be freed by caller.
-*/
-krb5_error_code kssl_build_principal_2(
- /* UPDATE */ krb5_context context,
- /* OUT */ krb5_principal *princ,
- /* IN */ int rlen, const char *realm,
- /* IN */ int slen, const char *svc,
- /* IN */ int hlen, const char *host)
- {
- krb5_data *p_data = NULL;
- krb5_principal new_p = NULL;
- char *new_r = NULL;
-
- if ((p_data = (krb5_data *) calloc(2, sizeof(krb5_data))) == NULL ||
- (new_p = (krb5_principal) calloc(1, sizeof(krb5_principal_data)))
- == NULL) goto err;
- new_p->length = 2;
- new_p->data = p_data;
-
- if ((new_r = calloc(1, rlen + 1)) == NULL) goto err;
- memcpy(new_r, realm, rlen);
- krb5_princ_set_realm_length(context, new_p, rlen);
- krb5_princ_set_realm_data(context, new_p, new_r);
-
- if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL) goto err;
- memcpy(new_p->data[0].data, svc, slen);
- new_p->data[0].length = slen;
-
- if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL) goto err;
- memcpy(new_p->data[1].data, host, hlen);
- new_p->data[1].length = hlen;
-
- krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN;
- *princ = new_p;
- return 0;
-
- err:
- if (new_p && new_p[0].data) free(new_p[0].data);
- if (new_p && new_p[1].data) free(new_p[1].data);
- if (new_p) free(new_p);
- if (new_r) free(new_r);
- return ENOMEM;
- }
-
-
-#else /* !OPENSSL_NO_KRB5 */
-
-#if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
-static void *dummy=&dummy;
-#endif
-
-#endif /* !OPENSSL_NO_KRB5 */
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/kssl.c (from rev 6976, vendor-crypto/openssl/dist/ssl/kssl.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/kssl.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/kssl.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2232 @@
+/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */
+/*
+ * Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*-
+ * ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl
+ *
+ * 19990701 VRS Started.
+ * 200011?? Jeffrey Altman, Richard Levitte
+ * Generalized for Heimdal, Newer MIT, & Win32.
+ * Integrated into main OpenSSL 0.9.7 snapshots.
+ * 20010413 Simon Wilkinson, VRS
+ * Real RFC2712 KerberosWrapper replaces AP_REQ.
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <string.h>
+
+#define KRB5_PRIVATE 1
+
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/krb5_asn.h>
+
+#ifndef OPENSSL_NO_KRB5
+
+# ifndef ENOMEM
+# define ENOMEM KRB5KRB_ERR_GENERIC
+# endif
+
+/*
+ * When OpenSSL is built on Windows, we do not want to require that
+ * the Kerberos DLLs be available in order for the OpenSSL DLLs to
+ * work. Therefore, all Kerberos routines are loaded at run time
+ * and we do not link to a .LIB file.
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+/*
+ * The purpose of the following pre-processor statements is to provide
+ * compatibility with different releases of MIT Kerberos for Windows.
+ * All versions up to 1.2 used macros. But macros do not allow for
+ * a binary compatible interface for DLLs. Therefore, all macros are
+ * being replaced by function calls. The following code will allow
+ * an OpenSSL DLL built on Windows to work whether or not the macro
+ * or function form of the routines are utilized.
+ */
+# ifdef krb5_cc_get_principal
+# define NO_DEF_KRB5_CCACHE
+# undef krb5_cc_get_principal
+# endif
+# define krb5_cc_get_principal kssl_krb5_cc_get_principal
+
+# define krb5_free_data_contents kssl_krb5_free_data_contents
+# define krb5_free_context kssl_krb5_free_context
+# define krb5_auth_con_free kssl_krb5_auth_con_free
+# define krb5_free_principal kssl_krb5_free_principal
+# define krb5_mk_req_extended kssl_krb5_mk_req_extended
+# define krb5_get_credentials kssl_krb5_get_credentials
+# define krb5_cc_default kssl_krb5_cc_default
+# define krb5_sname_to_principal kssl_krb5_sname_to_principal
+# define krb5_init_context kssl_krb5_init_context
+# define krb5_free_ticket kssl_krb5_free_ticket
+# define krb5_rd_req kssl_krb5_rd_req
+# define krb5_kt_default kssl_krb5_kt_default
+# define krb5_kt_resolve kssl_krb5_kt_resolve
+/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */
+# ifndef krb5_kt_close
+# define krb5_kt_close kssl_krb5_kt_close
+# endif /* krb5_kt_close */
+# ifndef krb5_kt_get_entry
+# define krb5_kt_get_entry kssl_krb5_kt_get_entry
+# endif /* krb5_kt_get_entry */
+# define krb5_auth_con_init kssl_krb5_auth_con_init
+
+# define krb5_principal_compare kssl_krb5_principal_compare
+# define krb5_decrypt_tkt_part kssl_krb5_decrypt_tkt_part
+# define krb5_timeofday kssl_krb5_timeofday
+# define krb5_rc_default kssl_krb5_rc_default
+
+# ifdef krb5_rc_initialize
+# undef krb5_rc_initialize
+# endif
+# define krb5_rc_initialize kssl_krb5_rc_initialize
+
+# ifdef krb5_rc_get_lifespan
+# undef krb5_rc_get_lifespan
+# endif
+# define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan
+
+# ifdef krb5_rc_destroy
+# undef krb5_rc_destroy
+# endif
+# define krb5_rc_destroy kssl_krb5_rc_destroy
+
+# define valid_cksumtype kssl_valid_cksumtype
+# define krb5_checksum_size kssl_krb5_checksum_size
+# define krb5_kt_free_entry kssl_krb5_kt_free_entry
+# define krb5_auth_con_setrcache kssl_krb5_auth_con_setrcache
+# define krb5_auth_con_getrcache kssl_krb5_auth_con_getrcache
+# define krb5_get_server_rcache kssl_krb5_get_server_rcache
+
+/* Prototypes for built in stubs */
+void kssl_krb5_free_data_contents(krb5_context, krb5_data *);
+void kssl_krb5_free_principal(krb5_context, krb5_principal);
+krb5_error_code kssl_krb5_kt_resolve(krb5_context,
+ krb5_const char *, krb5_keytab *);
+krb5_error_code kssl_krb5_kt_default(krb5_context, krb5_keytab *);
+krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *);
+krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *,
+ krb5_const krb5_data *,
+ krb5_const_principal, krb5_keytab,
+ krb5_flags *, krb5_ticket **);
+
+krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal,
+ krb5_const_principal);
+krb5_error_code kssl_krb5_mk_req_extended(krb5_context,
+ krb5_auth_context *,
+ krb5_const krb5_flags,
+ krb5_data *,
+ krb5_creds *, krb5_data *);
+krb5_error_code kssl_krb5_init_context(krb5_context *);
+void kssl_krb5_free_context(krb5_context);
+krb5_error_code kssl_krb5_cc_default(krb5_context, krb5_ccache *);
+krb5_error_code kssl_krb5_sname_to_principal(krb5_context,
+ krb5_const char *,
+ krb5_const char *,
+ krb5_int32, krb5_principal *);
+krb5_error_code kssl_krb5_get_credentials(krb5_context,
+ krb5_const krb5_flags,
+ krb5_ccache,
+ krb5_creds *, krb5_creds * *);
+krb5_error_code kssl_krb5_auth_con_init(krb5_context, krb5_auth_context *);
+krb5_error_code kssl_krb5_cc_get_principal(krb5_context context,
+ krb5_ccache cache,
+ krb5_principal *principal);
+krb5_error_code kssl_krb5_auth_con_free(krb5_context, krb5_auth_context);
+size_t kssl_krb5_checksum_size(krb5_context context, krb5_cksumtype ctype);
+krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype);
+krb5_error_code krb5_kt_free_entry(krb5_context, krb5_keytab_entry FAR *);
+krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context,
+ krb5_auth_context, krb5_rcache);
+krb5_error_code kssl_krb5_get_server_rcache(krb5_context,
+ krb5_const krb5_data *,
+ krb5_rcache *);
+krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context,
+ krb5_auth_context,
+ krb5_rcache *);
+
+/* Function pointers (almost all Kerberos functions are _stdcall) */
+static void (_stdcall *p_krb5_free_data_contents) (krb5_context, krb5_data *)
+ = NULL;
+static void (_stdcall *p_krb5_free_principal) (krb5_context, krb5_principal)
+ = NULL;
+static krb5_error_code(_stdcall *p_krb5_kt_resolve)
+ (krb5_context, krb5_const char *, krb5_keytab *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_kt_default) (krb5_context,
+ krb5_keytab *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_free_ticket) (krb5_context,
+ krb5_ticket *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_rd_req) (krb5_context,
+ krb5_auth_context *,
+ krb5_const krb5_data *,
+ krb5_const_principal,
+ krb5_keytab, krb5_flags *,
+ krb5_ticket **) = NULL;
+static krb5_error_code(_stdcall *p_krb5_mk_req_extended)
+ (krb5_context, krb5_auth_context *,
+ krb5_const krb5_flags, krb5_data *, krb5_creds *, krb5_data *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_init_context) (krb5_context *) = NULL;
+static void (_stdcall *p_krb5_free_context) (krb5_context) = NULL;
+static krb5_error_code(_stdcall *p_krb5_cc_default) (krb5_context,
+ krb5_ccache *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_sname_to_principal)
+ (krb5_context, krb5_const char *, krb5_const char *,
+ krb5_int32, krb5_principal *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_get_credentials)
+ (krb5_context, krb5_const krb5_flags, krb5_ccache,
+ krb5_creds *, krb5_creds **) = NULL;
+static krb5_error_code(_stdcall *p_krb5_auth_con_init)
+ (krb5_context, krb5_auth_context *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_cc_get_principal)
+ (krb5_context context, krb5_ccache cache, krb5_principal *principal) = NULL;
+static krb5_error_code(_stdcall *p_krb5_auth_con_free)
+ (krb5_context, krb5_auth_context) = NULL;
+static krb5_error_code(_stdcall *p_krb5_decrypt_tkt_part)
+ (krb5_context, krb5_const krb5_keyblock *, krb5_ticket *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_timeofday)
+ (krb5_context context, krb5_int32 *timeret) = NULL;
+static krb5_error_code(_stdcall *p_krb5_rc_default)
+ (krb5_context context, krb5_rcache *rc) = NULL;
+static krb5_error_code(_stdcall *p_krb5_rc_initialize)
+ (krb5_context context, krb5_rcache rc, krb5_deltat lifespan) = NULL;
+static krb5_error_code(_stdcall *p_krb5_rc_get_lifespan)
+ (krb5_context context, krb5_rcache rc, krb5_deltat *lifespan) = NULL;
+static krb5_error_code(_stdcall *p_krb5_rc_destroy)
+ (krb5_context context, krb5_rcache rc) = NULL;
+static krb5_boolean(_stdcall *p_krb5_principal_compare)
+ (krb5_context, krb5_const_principal, krb5_const_principal) = NULL;
+static size_t (_stdcall *p_krb5_checksum_size) (krb5_context context,
+ krb5_cksumtype ctype) = NULL;
+static krb5_boolean(_stdcall *p_valid_cksumtype) (krb5_cksumtype ctype) =
+ NULL;
+static krb5_error_code(_stdcall *p_krb5_kt_free_entry)
+ (krb5_context, krb5_keytab_entry *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_auth_con_setrcache) (krb5_context,
+ krb5_auth_context,
+ krb5_rcache) =
+ NULL;
+static krb5_error_code(_stdcall *p_krb5_get_server_rcache) (krb5_context,
+ krb5_const
+ krb5_data *,
+ krb5_rcache *) =
+ NULL;
+static krb5_error_code(*p_krb5_auth_con_getrcache) (krb5_context,
+ krb5_auth_context,
+ krb5_rcache *) = NULL;
+static krb5_error_code(_stdcall *p_krb5_kt_close) (krb5_context context,
+ krb5_keytab keytab) = NULL;
+static krb5_error_code(_stdcall *p_krb5_kt_get_entry) (krb5_context context,
+ krb5_keytab keytab,
+ krb5_const_principal
+ principal,
+ krb5_kvno vno,
+ krb5_enctype enctype,
+ krb5_keytab_entry
+ *entry) = NULL;
+static int krb5_loaded = 0; /* only attempt to initialize func ptrs once */
+
+/* Function to Load the Kerberos 5 DLL and initialize function pointers */
+void load_krb5_dll(void)
+{
+ HANDLE hKRB5_32;
+
+ krb5_loaded++;
+ hKRB5_32 = LoadLibrary(TEXT("KRB5_32"));
+ if (!hKRB5_32)
+ return;
+
+ (FARPROC) p_krb5_free_data_contents =
+ GetProcAddress(hKRB5_32, "krb5_free_data_contents");
+ (FARPROC) p_krb5_free_context =
+ GetProcAddress(hKRB5_32, "krb5_free_context");
+ (FARPROC) p_krb5_auth_con_free =
+ GetProcAddress(hKRB5_32, "krb5_auth_con_free");
+ (FARPROC) p_krb5_free_principal =
+ GetProcAddress(hKRB5_32, "krb5_free_principal");
+ (FARPROC) p_krb5_mk_req_extended =
+ GetProcAddress(hKRB5_32, "krb5_mk_req_extended");
+ (FARPROC) p_krb5_get_credentials =
+ GetProcAddress(hKRB5_32, "krb5_get_credentials");
+ (FARPROC) p_krb5_cc_get_principal =
+ GetProcAddress(hKRB5_32, "krb5_cc_get_principal");
+ (FARPROC) p_krb5_cc_default = GetProcAddress(hKRB5_32, "krb5_cc_default");
+ (FARPROC) p_krb5_sname_to_principal =
+ GetProcAddress(hKRB5_32, "krb5_sname_to_principal");
+ (FARPROC) p_krb5_init_context =
+ GetProcAddress(hKRB5_32, "krb5_init_context");
+ (FARPROC) p_krb5_free_ticket =
+ GetProcAddress(hKRB5_32, "krb5_free_ticket");
+ (FARPROC) p_krb5_rd_req = GetProcAddress(hKRB5_32, "krb5_rd_req");
+ (FARPROC) p_krb5_principal_compare =
+ GetProcAddress(hKRB5_32, "krb5_principal_compare");
+ (FARPROC) p_krb5_decrypt_tkt_part =
+ GetProcAddress(hKRB5_32, "krb5_decrypt_tkt_part");
+ (FARPROC) p_krb5_timeofday = GetProcAddress(hKRB5_32, "krb5_timeofday");
+ (FARPROC) p_krb5_rc_default = GetProcAddress(hKRB5_32, "krb5_rc_default");
+ (FARPROC) p_krb5_rc_initialize =
+ GetProcAddress(hKRB5_32, "krb5_rc_initialize");
+ (FARPROC) p_krb5_rc_get_lifespan =
+ GetProcAddress(hKRB5_32, "krb5_rc_get_lifespan");
+ (FARPROC) p_krb5_rc_destroy = GetProcAddress(hKRB5_32, "krb5_rc_destroy");
+ (FARPROC) p_krb5_kt_default = GetProcAddress(hKRB5_32, "krb5_kt_default");
+ (FARPROC) p_krb5_kt_resolve = GetProcAddress(hKRB5_32, "krb5_kt_resolve");
+ (FARPROC) p_krb5_auth_con_init =
+ GetProcAddress(hKRB5_32, "krb5_auth_con_init");
+ (FARPROC) p_valid_cksumtype = GetProcAddress(hKRB5_32, "valid_cksumtype");
+ (FARPROC) p_krb5_checksum_size =
+ GetProcAddress(hKRB5_32, "krb5_checksum_size");
+ (FARPROC) p_krb5_kt_free_entry =
+ GetProcAddress(hKRB5_32, "krb5_kt_free_entry");
+ (FARPROC) p_krb5_auth_con_setrcache =
+ GetProcAddress(hKRB5_32, "krb5_auth_con_setrcache");
+ (FARPROC) p_krb5_get_server_rcache =
+ GetProcAddress(hKRB5_32, "krb5_get_server_rcache");
+ (FARPROC) p_krb5_auth_con_getrcache =
+ GetProcAddress(hKRB5_32, "krb5_auth_con_getrcache");
+ (FARPROC) p_krb5_kt_close = GetProcAddress(hKRB5_32, "krb5_kt_close");
+ (FARPROC) p_krb5_kt_get_entry =
+ GetProcAddress(hKRB5_32, "krb5_kt_get_entry");
+}
+
+/* Stubs for each function to be dynamicly loaded */
+void kssl_krb5_free_data_contents(krb5_context CO, krb5_data *data)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_free_data_contents)
+ p_krb5_free_data_contents(CO, data);
+}
+
+krb5_error_code
+kssl_krb5_mk_req_extended(krb5_context CO,
+ krb5_auth_context *pACO,
+ krb5_const krb5_flags F,
+ krb5_data *pD1, krb5_creds *pC, krb5_data *pD2)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_mk_req_extended)
+ return (p_krb5_mk_req_extended(CO, pACO, F, pD1, pC, pD2));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_auth_con_init(krb5_context CO, krb5_auth_context *pACO)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_auth_con_init)
+ return (p_krb5_auth_con_init(CO, pACO));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_auth_con_free(krb5_context CO, krb5_auth_context ACO)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_auth_con_free)
+ return (p_krb5_auth_con_free(CO, ACO));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_get_credentials(krb5_context CO,
+ krb5_const krb5_flags F,
+ krb5_ccache CC, krb5_creds *pCR, krb5_creds **ppCR)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_get_credentials)
+ return (p_krb5_get_credentials(CO, F, CC, pCR, ppCR));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_sname_to_principal(krb5_context CO,
+ krb5_const char *pC1,
+ krb5_const char *pC2,
+ krb5_int32 I, krb5_principal *pPR)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_sname_to_principal)
+ return (p_krb5_sname_to_principal(CO, pC1, pC2, I, pPR));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code kssl_krb5_cc_default(krb5_context CO, krb5_ccache *pCC)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_cc_default)
+ return (p_krb5_cc_default(CO, pCC));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code kssl_krb5_init_context(krb5_context *pCO)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_init_context)
+ return (p_krb5_init_context(pCO));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+void kssl_krb5_free_context(krb5_context CO)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_free_context)
+ p_krb5_free_context(CO);
+}
+
+void kssl_krb5_free_principal(krb5_context c, krb5_principal p)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_free_principal)
+ p_krb5_free_principal(c, p);
+}
+
+krb5_error_code
+kssl_krb5_kt_resolve(krb5_context con, krb5_const char *sz, krb5_keytab *kt)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_kt_resolve)
+ return (p_krb5_kt_resolve(con, sz, kt));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code kssl_krb5_kt_default(krb5_context con, krb5_keytab *kt)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_kt_default)
+ return (p_krb5_kt_default(con, kt));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code kssl_krb5_free_ticket(krb5_context con, krb5_ticket *kt)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_free_ticket)
+ return (p_krb5_free_ticket(con, kt));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_rd_req(krb5_context con, krb5_auth_context *pacon,
+ krb5_const krb5_data *data,
+ krb5_const_principal princ, krb5_keytab keytab,
+ krb5_flags *flags, krb5_ticket **pptkt)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_rd_req)
+ return (p_krb5_rd_req(con, pacon, data, princ, keytab, flags, pptkt));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_boolean
+krb5_principal_compare(krb5_context con, krb5_const_principal princ1,
+ krb5_const_principal princ2)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_principal_compare)
+ return (p_krb5_principal_compare(con, princ1, princ2));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys,
+ krb5_ticket *ticket)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_decrypt_tkt_part)
+ return (p_krb5_decrypt_tkt_part(con, keys, ticket));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code krb5_timeofday(krb5_context con, krb5_int32 *timeret)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_timeofday)
+ return (p_krb5_timeofday(con, timeret));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code krb5_rc_default(krb5_context con, krb5_rcache *rc)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_rc_default)
+ return (p_krb5_rc_default(con, rc));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_rc_initialize)
+ return (p_krb5_rc_initialize(con, rc, lifespan));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_rc_get_lifespan)
+ return (p_krb5_rc_get_lifespan(con, rc, lifespanp));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code krb5_rc_destroy(krb5_context con, krb5_rcache rc)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_rc_destroy)
+ return (p_krb5_rc_destroy(con, rc));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+size_t krb5_checksum_size(krb5_context context, krb5_cksumtype ctype)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_checksum_size)
+ return (p_krb5_checksum_size(context, ctype));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_boolean valid_cksumtype(krb5_cksumtype ctype)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_valid_cksumtype)
+ return (p_valid_cksumtype(ctype));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code krb5_kt_free_entry(krb5_context con, krb5_keytab_entry *entry)
+{
+ if (!krb5_loaded)
+ load_krb5_dll();
+
+ if (p_krb5_kt_free_entry)
+ return (p_krb5_kt_free_entry(con, entry));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+/* Structure definitions */
+# ifndef NO_DEF_KRB5_CCACHE
+# ifndef krb5_x
+# define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
+# define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
+# endif
+
+typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */
+
+typedef struct _krb5_ccache {
+ krb5_magic magic;
+ struct _krb5_cc_ops FAR *ops;
+ krb5_pointer data;
+} *krb5_ccache;
+
+typedef struct _krb5_cc_ops {
+ krb5_magic magic;
+ char *prefix;
+ char *(KRB5_CALLCONV *get_name)
+ (krb5_context, krb5_ccache);
+ krb5_error_code(KRB5_CALLCONV *resolve)
+ (krb5_context, krb5_ccache *, const char *);
+ krb5_error_code(KRB5_CALLCONV *gen_new)
+ (krb5_context, krb5_ccache *);
+ krb5_error_code(KRB5_CALLCONV *init)
+ (krb5_context, krb5_ccache, krb5_principal);
+ krb5_error_code(KRB5_CALLCONV *destroy)
+ (krb5_context, krb5_ccache);
+ krb5_error_code(KRB5_CALLCONV *close)
+ (krb5_context, krb5_ccache);
+ krb5_error_code(KRB5_CALLCONV *store)
+ (krb5_context, krb5_ccache, krb5_creds *);
+ krb5_error_code(KRB5_CALLCONV *retrieve)
+ (krb5_context, krb5_ccache, krb5_flags, krb5_creds *, krb5_creds *);
+ krb5_error_code(KRB5_CALLCONV *get_princ)
+ (krb5_context, krb5_ccache, krb5_principal *);
+ krb5_error_code(KRB5_CALLCONV *get_first)
+ (krb5_context, krb5_ccache, krb5_cc_cursor *);
+ krb5_error_code(KRB5_CALLCONV *get_next)
+ (krb5_context, krb5_ccache, krb5_cc_cursor *, krb5_creds *);
+ krb5_error_code(KRB5_CALLCONV *end_get)
+ (krb5_context, krb5_ccache, krb5_cc_cursor *);
+ krb5_error_code(KRB5_CALLCONV *remove_cred)
+ (krb5_context, krb5_ccache, krb5_flags, krb5_creds *);
+ krb5_error_code(KRB5_CALLCONV *set_flags)
+ (krb5_context, krb5_ccache, krb5_flags);
+} krb5_cc_ops;
+# endif /* NO_DEF_KRB5_CCACHE */
+
+krb5_error_code
+ kssl_krb5_cc_get_principal
+ (krb5_context context, krb5_ccache cache, krb5_principal *principal) {
+ if (p_krb5_cc_get_principal)
+ return (p_krb5_cc_get_principal(context, cache, principal));
+ else
+ return (krb5_x((cache)->ops->get_princ, (context, cache, principal)));
+}
+
+krb5_error_code
+kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon,
+ krb5_rcache rcache)
+{
+ if (p_krb5_auth_con_setrcache)
+ return (p_krb5_auth_con_setrcache(con, acon, rcache));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data *data,
+ krb5_rcache *rcache)
+{
+ if (p_krb5_get_server_rcache)
+ return (p_krb5_get_server_rcache(con, data, rcache));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon,
+ krb5_rcache *prcache)
+{
+ if (p_krb5_auth_con_getrcache)
+ return (p_krb5_auth_con_getrcache(con, acon, prcache));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab)
+{
+ if (p_krb5_kt_close)
+ return (p_krb5_kt_close(context, keytab));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+
+krb5_error_code
+kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
+ krb5_const_principal principal, krb5_kvno vno,
+ krb5_enctype enctype, krb5_keytab_entry *entry)
+{
+ if (p_krb5_kt_get_entry)
+ return (p_krb5_kt_get_entry
+ (context, keytab, principal, vno, enctype, entry));
+ else
+ return KRB5KRB_ERR_GENERIC;
+}
+# endif /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */
+
+/*
+ * memory allocation functions for non-temporary storage (e.g. stuff that
+ * gets saved into the kssl context)
+ */
+static void *kssl_calloc(size_t nmemb, size_t size)
+{
+ void *p;
+
+ p = OPENSSL_malloc(nmemb * size);
+ if (p) {
+ memset(p, 0, nmemb * size);
+ }
+ return p;
+}
+
+# define kssl_malloc(size) OPENSSL_malloc((size))
+# define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size)
+# define kssl_free(ptr) OPENSSL_free((ptr))
+
+char
+*kstring(char *string)
+{
+ static char *null = "[NULL]";
+
+ return ((string == NULL) ? null : string);
+}
+
+/*
+ * Given KRB5 enctype (basically DES or 3DES), return closest match openssl
+ * EVP_ encryption algorithm. Return NULL for unknown or problematic
+ * (krb5_dk_encrypt) enctypes. Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are
+ * OK.
+ */
+const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype)
+{
+ switch (enctype) {
+ case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */
+ case ENCTYPE_DES_CBC_CRC:
+ case ENCTYPE_DES_CBC_MD4:
+ case ENCTYPE_DES_CBC_MD5:
+ case ENCTYPE_DES_CBC_RAW:
+ return EVP_des_cbc();
+ break;
+ case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
+ case ENCTYPE_DES3_CBC_SHA:
+ case ENCTYPE_DES3_CBC_RAW:
+ return EVP_des_ede3_cbc();
+ break;
+ default:
+ return NULL;
+ break;
+ }
+}
+
+/*
+ * Return true:1 if p "looks like" the start of the real authenticator
+ * described in kssl_skip_confound() below. The ASN.1 pattern is "62 xx 30
+ * yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and xx and yy are
+ * possibly multi-byte length fields.
+ */
+int kssl_test_confound(unsigned char *p)
+{
+ int len = 2;
+ int xx = 0, yy = 0;
+
+ if (*p++ != 0x62)
+ return 0;
+ if (*p > 0x82)
+ return 0;
+ switch (*p) {
+ case 0x82:
+ p++;
+ xx = (*p++ << 8);
+ xx += *p++;
+ break;
+ case 0x81:
+ p++;
+ xx = *p++;
+ break;
+ case 0x80:
+ return 0;
+ default:
+ xx = *p++;
+ break;
+ }
+ if (*p++ != 0x30)
+ return 0;
+ if (*p > 0x82)
+ return 0;
+ switch (*p) {
+ case 0x82:
+ p++;
+ len += 2;
+ yy = (*p++ << 8);
+ yy += *p++;
+ break;
+ case 0x81:
+ p++;
+ len++;
+ yy = *p++;
+ break;
+ case 0x80:
+ return 0;
+ default:
+ yy = *p++;
+ break;
+ }
+
+ return (xx - len == yy) ? 1 : 0;
+}
+
+/*
+ * Allocate, fill, and return cksumlens array of checksum lengths. This
+ * array holds just the unique elements from the krb5_cksumarray[]. array[n]
+ * == 0 signals end of data. The krb5_cksumarray[] was an internal variable
+ * that has since been replaced by a more general method for storing the
+ * data. It should not be used. Instead we use real API calls and make a
+ * guess for what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2
+ * it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010.
+ */
+size_t *populate_cksumlens(void)
+{
+ int i, j, n;
+ static size_t *cklens = NULL;
+
+# ifdef KRB5_MIT_OLD11
+ n = krb5_max_cksum;
+# else
+ n = 0x0010;
+# endif /* KRB5_MIT_OLD11 */
+
+# ifdef KRB5CHECKAUTH
+ if (!cklens && !(cklens = (size_t *)calloc(sizeof(int), n + 1)))
+ return NULL;
+
+ for (i = 0; i < n; i++) {
+ if (!valid_cksumtype(i))
+ continue; /* array has holes */
+ for (j = 0; j < n; j++) {
+ if (cklens[j] == 0) {
+ cklens[j] = krb5_checksum_size(NULL, i);
+ break; /* krb5 elem was new: add */
+ }
+ if (cklens[j] == krb5_checksum_size(NULL, i)) {
+ break; /* ignore duplicate elements */
+ }
+ }
+ }
+# endif /* KRB5CHECKAUTH */
+
+ return cklens;
+}
+
+/*-
+ * Return pointer to start of real authenticator within authenticator, or
+ * return NULL on error.
+ * Decrypted authenticator looks like this:
+ * [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r]
+ * This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the
+ * krb5_auth_con_getcksumtype() function advertised in its krb5.h.
+ */
+unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a)
+{
+ int i, conlen;
+ size_t cklen;
+ static size_t *cksumlens = NULL;
+ unsigned char *test_auth;
+
+ conlen = (etype) ? 8 : 0;
+
+ if (!cksumlens && !(cksumlens = populate_cksumlens()))
+ return NULL;
+ for (i = 0; (cklen = cksumlens[i]) != 0; i++) {
+ test_auth = a + conlen + cklen;
+ if (kssl_test_confound(test_auth))
+ return test_auth;
+ }
+
+ return NULL;
+}
+
+/*
+ * Set kssl_err error info when reason text is a simple string kssl_err =
+ * struct { int reason; char text[KSSL_ERR_MAX+1]; }
+ */
+void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text)
+{
+ if (kssl_err == NULL)
+ return;
+
+ kssl_err->reason = reason;
+ BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, "%s", text);
+ return;
+}
+
+/*
+ * Display contents of krb5_data struct, for debugging
+ */
+void print_krb5_data(char *label, krb5_data *kdata)
+{
+ int i;
+
+ printf("%s[%d] ", label, kdata->length);
+ for (i = 0; i < (int)kdata->length; i++) {
+ if (0 && isprint((int)kdata->data[i]))
+ printf("%c ", kdata->data[i]);
+ else
+ printf("%02x ", (unsigned char)kdata->data[i]);
+ }
+ printf("\n");
+}
+
+/*
+ * Display contents of krb5_authdata struct, for debugging
+ */
+void print_krb5_authdata(char *label, krb5_authdata **adata)
+{
+ if (adata == NULL) {
+ printf("%s, authdata==0\n", label);
+ return;
+ }
+ printf("%s [%p]\n", label, (void *)adata);
+# if 0
+ {
+ int i;
+ printf("%s[at%d:%d] ", label, adata->ad_type, adata->length);
+ for (i = 0; i < adata->length; i++) {
+ printf((isprint(adata->contents[i])) ? "%c " : "%02x",
+ adata->contents[i]);
+ }
+ printf("\n");
+ }
+# endif
+}
+
+/*
+ * Display contents of krb5_keyblock struct, for debugging
+ */
+void print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
+{
+ int i;
+
+ if (keyblk == NULL) {
+ printf("%s, keyblk==0\n", label);
+ return;
+ }
+# ifdef KRB5_HEIMDAL
+ printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,
+ keyblk->keyvalue->length);
+ for (i = 0; i < (int)keyblk->keyvalue->length; i++) {
+ printf("%02x", (unsigned char *)(keyblk->keyvalue->contents)[i]);
+ }
+ printf("\n");
+# else
+ printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
+ for (i = 0; i < (int)keyblk->length; i++) {
+ printf("%02x", keyblk->contents[i]);
+ }
+ printf("\n");
+# endif
+}
+
+/*
+ * Display contents of krb5_principal_data struct, for debugging
+ * (krb5_principal is typedef'd == krb5_principal_data *)
+ */
+void print_krb5_princ(char *label, krb5_principal_data *princ)
+{
+ int i, ui, uj;
+
+ printf("%s principal Realm: ", label);
+ if (princ == NULL)
+ return;
+ for (ui = 0; ui < (int)princ->realm.length; ui++)
+ putchar(princ->realm.data[ui]);
+ printf(" (nametype %d) has %d strings:\n", princ->type, princ->length);
+ for (i = 0; i < (int)princ->length; i++) {
+ printf("\t%d [%d]: ", i, princ->data[i].length);
+ for (uj = 0; uj < (int)princ->data[i].length; uj++) {
+ putchar(princ->data[i].data[uj]);
+ }
+ printf("\n");
+ }
+ return;
+}
+
+/*- Given krb5 service (typically "kssl") and hostname in kssl_ctx,
+ * Return encrypted Kerberos ticket for service @ hostname.
+ * If authenp is non-NULL, also return encrypted authenticator,
+ * whose data should be freed by caller.
+ * (Originally was: Create Kerberos AP_REQ message for SSL Client.)
+ *
+ * 19990628 VRS Started; Returns Kerberos AP_REQ message.
+ * 20010409 VRS Modified for RFC2712; Returns enc tkt.
+ * 20010606 VRS May also return optional authenticator.
+ */
+krb5_error_code kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
+ /*
+ * OUT
+ */ krb5_data **enc_ticketp,
+ /*
+ * UPDATE
+ */ krb5_data *authenp,
+ /*
+ * OUT
+ */ KSSL_ERR *kssl_err)
+{
+ krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
+ krb5_context krb5context = NULL;
+ krb5_auth_context krb5auth_context = NULL;
+ krb5_ccache krb5ccdef = NULL;
+ krb5_creds krb5creds, *krb5credsp = NULL;
+ krb5_data krb5_app_req;
+
+ kssl_err_set(kssl_err, 0, "");
+ memset((char *)&krb5creds, 0, sizeof(krb5creds));
+
+ if (!kssl_ctx) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n");
+ goto err;
+ } else if (!kssl_ctx->service_host) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "kssl_ctx service_host undefined.\n");
+ goto err;
+ }
+
+ if ((krb5rc = krb5_init_context(&krb5context)) != 0) {
+ BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+ "krb5_init_context() fails: %d\n", krb5rc);
+ kssl_err->reason = SSL_R_KRB5_C_INIT;
+ goto err;
+ }
+
+ if ((krb5rc = krb5_sname_to_principal(krb5context,
+ kssl_ctx->service_host,
+ (kssl_ctx->service_name) ?
+ kssl_ctx->service_name : KRB5SVC,
+ KRB5_NT_SRV_HST,
+ &krb5creds.server)) != 0) {
+ BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+ "krb5_sname_to_principal() fails for %s/%s\n",
+ kssl_ctx->service_host,
+ (kssl_ctx->
+ service_name) ? kssl_ctx->service_name : KRB5SVC);
+ kssl_err->reason = SSL_R_KRB5_C_INIT;
+ goto err;
+ }
+
+ if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
+ "krb5_cc_default fails.\n");
+ goto err;
+ }
+
+ if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
+ &krb5creds.client)) != 0) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
+ "krb5_cc_get_principal() fails.\n");
+ goto err;
+ }
+
+ if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
+ &krb5creds, &krb5credsp)) != 0) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED,
+ "krb5_get_credentials() fails.\n");
+ goto err;
+ }
+
+ *enc_ticketp = &krb5credsp->ticket;
+# ifdef KRB5_HEIMDAL
+ kssl_ctx->enctype = krb5credsp->session.keytype;
+# else
+ kssl_ctx->enctype = krb5credsp->keyblock.enctype;
+# endif
+
+ krb5rc = KRB5KRB_ERR_GENERIC;
+ /* caller should free data of krb5_app_req */
+ /*
+ * 20010406 VRS deleted for real KerberosWrapper 20010605 VRS reinstated
+ * to offer Authenticator to KerberosWrapper
+ */
+ krb5_app_req.length = 0;
+ if (authenp) {
+ krb5_data krb5in_data;
+ const unsigned char *p;
+ long arlen;
+ KRB5_APREQBODY *ap_req;
+
+ authenp->length = 0;
+ krb5in_data.data = NULL;
+ krb5in_data.length = 0;
+ if ((krb5rc = krb5_mk_req_extended(krb5context,
+ &krb5auth_context, 0, &krb5in_data,
+ krb5credsp, &krb5_app_req)) != 0) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ,
+ "krb5_mk_req_extended() fails.\n");
+ goto err;
+ }
+
+ arlen = krb5_app_req.length;
+ p = (unsigned char *)krb5_app_req.data;
+ ap_req = (KRB5_APREQBODY *)d2i_KRB5_APREQ(NULL, &p, arlen);
+ if (ap_req) {
+ authenp->length = i2d_KRB5_ENCDATA(ap_req->authenticator, NULL);
+ if (authenp->length && (authenp->data = malloc(authenp->length))) {
+ unsigned char *adp = (unsigned char *)authenp->data;
+ authenp->length =
+ i2d_KRB5_ENCDATA(ap_req->authenticator, &adp);
+ }
+ }
+
+ if (ap_req)
+ KRB5_APREQ_free((KRB5_APREQ *) ap_req);
+ if (krb5_app_req.length)
+ kssl_krb5_free_data_contents(krb5context, &krb5_app_req);
+ }
+# ifdef KRB5_HEIMDAL
+ if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session)) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
+ "kssl_ctx_setkey() fails.\n");
+ }
+# else
+ if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock)) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
+ "kssl_ctx_setkey() fails.\n");
+ }
+# endif
+ else
+ krb5rc = 0;
+
+ err:
+# ifdef KSSL_DEBUG
+ kssl_ctx_show(kssl_ctx);
+# endif /* KSSL_DEBUG */
+
+ if (krb5creds.client)
+ krb5_free_principal(krb5context, krb5creds.client);
+ if (krb5creds.server)
+ krb5_free_principal(krb5context, krb5creds.server);
+ if (krb5auth_context)
+ krb5_auth_con_free(krb5context, krb5auth_context);
+ if (krb5context)
+ krb5_free_context(krb5context);
+ return (krb5rc);
+}
+
+/*-
+ * Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
+ * Return Kerberos error code and kssl_err struct on error.
+ * Allocates krb5_ticket and krb5_principal; caller should free these.
+ *
+ * 20010410 VRS Implemented krb5_decode_ticket() as
+ * old_krb5_decode_ticket(). Missing from MIT1.0.6.
+ * 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions.
+ * Re-used some of the old krb5_decode_ticket()
+ * code here. This tkt should alloc/free just
+ * like the real thing.
+ */
+krb5_error_code kssl_TKT2tkt( /* IN */ krb5_context krb5context,
+ /*
+ * IN
+ */ KRB5_TKTBODY *asn1ticket,
+ /*
+ * OUT
+ */ krb5_ticket **krb5ticket,
+ /*
+ * OUT
+ */ KSSL_ERR *kssl_err)
+{
+ krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
+ krb5_ticket *new5ticket = NULL;
+ ASN1_GENERALSTRING *gstr_svc, *gstr_host;
+
+ *krb5ticket = NULL;
+
+ if (asn1ticket == NULL || asn1ticket->realm == NULL ||
+ asn1ticket->sname == NULL ||
+ sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) {
+ BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+ "Null field in asn1ticket.\n");
+ kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+ return KRB5KRB_ERR_GENERIC;
+ }
+
+ if ((new5ticket = (krb5_ticket *)calloc(1, sizeof(krb5_ticket))) == NULL) {
+ BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+ "Unable to allocate new krb5_ticket.\n");
+ kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+ return ENOMEM; /* or KRB5KRB_ERR_GENERIC; */
+ }
+
+ gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
+ gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);
+
+ if ((krb5rc = kssl_build_principal_2(krb5context,
+ &new5ticket->server,
+ asn1ticket->realm->length,
+ (char *)asn1ticket->realm->data,
+ gstr_svc->length,
+ (char *)gstr_svc->data,
+ gstr_host->length,
+ (char *)gstr_host->data)) != 0) {
+ free(new5ticket);
+ BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+ "Error building ticket server principal.\n");
+ kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+ return krb5rc; /* or KRB5KRB_ERR_GENERIC; */
+ }
+
+ krb5_princ_type(krb5context, new5ticket->server) =
+ asn1ticket->sname->nametype->data[0];
+ new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
+ new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];
+ new5ticket->enc_part.ciphertext.length =
+ asn1ticket->encdata->cipher->length;
+ if ((new5ticket->enc_part.ciphertext.data =
+ calloc(1, asn1ticket->encdata->cipher->length)) == NULL) {
+ free(new5ticket);
+ BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+ "Error allocating cipher in krb5ticket.\n");
+ kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+ return KRB5KRB_ERR_GENERIC;
+ } else {
+ memcpy(new5ticket->enc_part.ciphertext.data,
+ asn1ticket->encdata->cipher->data,
+ asn1ticket->encdata->cipher->length);
+ }
+
+ *krb5ticket = new5ticket;
+ return 0;
+}
+
+/*-
+ * Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
+ * and krb5 AP_REQ message & message length,
+ * Return Kerberos session key and client principle
+ * to SSL Server in KSSL_CTX *kssl_ctx.
+ *
+ * 19990702 VRS Started.
+ */
+krb5_error_code kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
+ /*
+ * IN
+ */ krb5_data *indata,
+ /*
+ * OUT
+ */ krb5_ticket_times *ttimes,
+ /*
+ * OUT
+ */ KSSL_ERR *kssl_err)
+{
+ krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
+ static krb5_context krb5context = NULL;
+ static krb5_auth_context krb5auth_context = NULL;
+ krb5_ticket *krb5ticket = NULL;
+ KRB5_TKTBODY *asn1ticket = NULL;
+ const unsigned char *p;
+ krb5_keytab krb5keytab = NULL;
+ krb5_keytab_entry kt_entry;
+ krb5_principal krb5server;
+ krb5_rcache rcache = NULL;
+
+ kssl_err_set(kssl_err, 0, "");
+
+ if (!kssl_ctx) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n");
+ goto err;
+ }
+# ifdef KSSL_DEBUG
+ printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
+# endif /* KSSL_DEBUG */
+
+ if (!krb5context && (krb5rc = krb5_init_context(&krb5context))) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "krb5_init_context() fails.\n");
+ goto err;
+ }
+ if (krb5auth_context &&
+ (krb5rc = krb5_auth_con_free(krb5context, krb5auth_context))) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "krb5_auth_con_free() fails.\n");
+ goto err;
+ } else
+ krb5auth_context = NULL;
+ if (!krb5auth_context &&
+ (krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context))) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "krb5_auth_con_init() fails.\n");
+ goto err;
+ }
+
+ if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context,
+ &rcache))) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "krb5_auth_con_getrcache() fails.\n");
+ goto err;
+ }
+
+ if ((krb5rc = krb5_sname_to_principal(krb5context, NULL,
+ (kssl_ctx->service_name) ?
+ kssl_ctx->service_name : KRB5SVC,
+ KRB5_NT_SRV_HST,
+ &krb5server)) != 0) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "krb5_sname_to_principal() fails.\n");
+ goto err;
+ }
+
+ if (rcache == NULL) {
+ if ((krb5rc = krb5_get_server_rcache(krb5context,
+ krb5_princ_component(krb5context,
+ krb5server,
+ 0),
+ &rcache))) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "krb5_get_server_rcache() fails.\n");
+ goto err;
+ }
+ }
+
+ if ((krb5rc =
+ krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache))) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "krb5_auth_con_setrcache() fails.\n");
+ goto err;
+ }
+
+ /*
+ * kssl_ctx->keytab_file == NULL ==> use Kerberos default
+ */
+ if (kssl_ctx->keytab_file) {
+ krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
+ &krb5keytab);
+ if (krb5rc) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "krb5_kt_resolve() fails.\n");
+ goto err;
+ }
+ } else {
+ krb5rc = krb5_kt_default(krb5context, &krb5keytab);
+ if (krb5rc) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "krb5_kt_default() fails.\n");
+ goto err;
+ }
+ }
+
+ /*- Actual Kerberos5 krb5_recvauth() has initial conversation here
+ * o check KRB5_SENDAUTH_BADAUTHVERS
+ * unless KRB5_RECVAUTH_SKIP_VERSION
+ * o check KRB5_SENDAUTH_BADAPPLVERS
+ * o send "0" msg if all OK
+ */
+
+ /*-
+ * 20010411 was using AP_REQ instead of true KerberosWrapper
+ *
+ * if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context,
+ * &krb5in_data, krb5server, krb5keytab,
+ * &ap_option, &krb5ticket)) != 0) { Error }
+ */
+
+ p = (unsigned char *)indata->data;
+ if ((asn1ticket = (KRB5_TKTBODY *)d2i_KRB5_TICKET(NULL, &p,
+ (long)indata->length))
+ == NULL) {
+ BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+ "d2i_KRB5_TICKET() ASN.1 decode failure.\n");
+ kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+ goto err;
+ }
+
+ /*
+ * Was: krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0)
+ */
+ if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket,
+ kssl_err)) != 0) {
+ BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+ "Error converting ASN.1 ticket to krb5_ticket.\n");
+ kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+ goto err;
+ }
+
+ if (!krb5_principal_compare(krb5context, krb5server, krb5ticket->server)) {
+ krb5rc = KRB5_PRINC_NOMATCH;
+ BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+ "server principal != ticket principal\n");
+ kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+ goto err;
+ }
+ if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
+ krb5ticket->server,
+ krb5ticket->enc_part.kvno,
+ krb5ticket->enc_part.enctype,
+ &kt_entry)) != 0) {
+ BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+ "krb5_kt_get_entry() fails with %x.\n", krb5rc);
+ kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+ goto err;
+ }
+ if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key,
+ krb5ticket)) != 0) {
+ BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+ "krb5_decrypt_tkt_part() failed.\n");
+ kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+ goto err;
+ } else {
+ krb5_kt_free_entry(krb5context, &kt_entry);
+# ifdef KSSL_DEBUG
+ {
+ int i;
+ krb5_address **paddr = krb5ticket->enc_part2->caddrs;
+ printf("Decrypted ticket fields:\n");
+ printf("\tflags: %X, transit-type: %X",
+ krb5ticket->enc_part2->flags,
+ krb5ticket->enc_part2->transited.tr_type);
+ print_krb5_data("\ttransit-data: ",
+ &(krb5ticket->enc_part2->transited.tr_contents));
+ printf("\tcaddrs: %p, authdata: %p\n",
+ krb5ticket->enc_part2->caddrs,
+ krb5ticket->enc_part2->authorization_data);
+ if (paddr) {
+ printf("\tcaddrs:\n");
+ for (i = 0; paddr[i] != NULL; i++) {
+ krb5_data d;
+ d.length = paddr[i]->length;
+ d.data = paddr[i]->contents;
+ print_krb5_data("\t\tIP: ", &d);
+ }
+ }
+ printf("\tstart/auth/end times: %d / %d / %d\n",
+ krb5ticket->enc_part2->times.starttime,
+ krb5ticket->enc_part2->times.authtime,
+ krb5ticket->enc_part2->times.endtime);
+ }
+# endif /* KSSL_DEBUG */
+ }
+
+ krb5rc = KRB5_NO_TKT_SUPPLIED;
+ if (!krb5ticket || !krb5ticket->enc_part2 ||
+ !krb5ticket->enc_part2->client ||
+ !krb5ticket->enc_part2->client->data ||
+ !krb5ticket->enc_part2->session) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+ "bad ticket from krb5_rd_req.\n");
+ } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
+ &krb5ticket->enc_part2->client->realm,
+ krb5ticket->enc_part2->client->data,
+ krb5ticket->enc_part2->client->length)) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+ "kssl_ctx_setprinc() fails.\n");
+ } else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session)) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+ "kssl_ctx_setkey() fails.\n");
+ } else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID) {
+ krb5rc = KRB5KRB_AP_ERR_TKT_INVALID;
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+ "invalid ticket from krb5_rd_req.\n");
+ } else
+ krb5rc = 0;
+
+ kssl_ctx->enctype = krb5ticket->enc_part.enctype;
+ ttimes->authtime = krb5ticket->enc_part2->times.authtime;
+ ttimes->starttime = krb5ticket->enc_part2->times.starttime;
+ ttimes->endtime = krb5ticket->enc_part2->times.endtime;
+ ttimes->renew_till = krb5ticket->enc_part2->times.renew_till;
+
+ err:
+# ifdef KSSL_DEBUG
+ kssl_ctx_show(kssl_ctx);
+# endif /* KSSL_DEBUG */
+
+ if (asn1ticket)
+ KRB5_TICKET_free((KRB5_TICKET *) asn1ticket);
+ if (krb5keytab)
+ krb5_kt_close(krb5context, krb5keytab);
+ if (krb5ticket)
+ krb5_free_ticket(krb5context, krb5ticket);
+ if (krb5server)
+ krb5_free_principal(krb5context, krb5server);
+ return (krb5rc);
+}
+
+/*
+ * Allocate & return a new kssl_ctx struct.
+ */
+KSSL_CTX *kssl_ctx_new(void)
+{
+ return ((KSSL_CTX *)kssl_calloc(1, sizeof(KSSL_CTX)));
+}
+
+/*
+ * Frees a kssl_ctx struct and any allocated memory it holds. Returns NULL.
+ */
+KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx)
+{
+ if (kssl_ctx == NULL)
+ return kssl_ctx;
+
+ if (kssl_ctx->key)
+ OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
+ if (kssl_ctx->key)
+ kssl_free(kssl_ctx->key);
+ if (kssl_ctx->client_princ)
+ kssl_free(kssl_ctx->client_princ);
+ if (kssl_ctx->service_host)
+ kssl_free(kssl_ctx->service_host);
+ if (kssl_ctx->service_name)
+ kssl_free(kssl_ctx->service_name);
+ if (kssl_ctx->keytab_file)
+ kssl_free(kssl_ctx->keytab_file);
+
+ kssl_free(kssl_ctx);
+ return (KSSL_CTX *)NULL;
+}
+
+/*
+ * Given an array of (krb5_data *) entity (and optional realm), set the plain
+ * (char *) client_princ or service_host member of the kssl_ctx struct.
+ */
+krb5_error_code
+kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
+ krb5_data *realm, krb5_data *entity, int nentities)
+{
+ char **princ;
+ int length;
+ int i;
+
+ if (kssl_ctx == NULL || entity == NULL)
+ return KSSL_CTX_ERR;
+
+ switch (which) {
+ case KSSL_CLIENT:
+ princ = &kssl_ctx->client_princ;
+ break;
+ case KSSL_SERVER:
+ princ = &kssl_ctx->service_host;
+ break;
+ default:
+ return KSSL_CTX_ERR;
+ break;
+ }
+ if (*princ)
+ kssl_free(*princ);
+
+ /* Add up all the entity->lengths */
+ length = 0;
+ for (i = 0; i < nentities; i++) {
+ length += entity[i].length;
+ }
+ /* Add in space for the '/' character(s) (if any) */
+ length += nentities - 1;
+ /* Space for the ('@'+realm+NULL | NULL) */
+ length += ((realm) ? realm->length + 2 : 1);
+
+ if ((*princ = kssl_calloc(1, length)) == NULL)
+ return KSSL_CTX_ERR;
+ else {
+ for (i = 0; i < nentities; i++) {
+ strncat(*princ, entity[i].data, entity[i].length);
+ if (i < nentities - 1) {
+ strcat(*princ, "/");
+ }
+ }
+ if (realm) {
+ strcat(*princ, "@");
+ (void)strncat(*princ, realm->data, realm->length);
+ }
+ }
+
+ return KSSL_CTX_OK;
+}
+
+/*- Set one of the plain (char *) string members of the kssl_ctx struct.
+ * Default values should be:
+ * which == KSSL_SERVICE => "khost" (KRB5SVC)
+ * which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB)
+ */
+krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
+{
+ char **string;
+
+ if (!kssl_ctx)
+ return KSSL_CTX_ERR;
+
+ switch (which) {
+ case KSSL_SERVICE:
+ string = &kssl_ctx->service_name;
+ break;
+ case KSSL_SERVER:
+ string = &kssl_ctx->service_host;
+ break;
+ case KSSL_CLIENT:
+ string = &kssl_ctx->client_princ;
+ break;
+ case KSSL_KEYTAB:
+ string = &kssl_ctx->keytab_file;
+ break;
+ default:
+ return KSSL_CTX_ERR;
+ break;
+ }
+ if (*string)
+ kssl_free(*string);
+
+ if (!text) {
+ *string = '\0';
+ return KSSL_CTX_OK;
+ }
+
+ if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL)
+ return KSSL_CTX_ERR;
+ else
+ strcpy(*string, text);
+
+ return KSSL_CTX_OK;
+}
+
+/*
+ * Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx
+ * struct. Clear kssl_ctx->key if Kerberos session key is NULL.
+ */
+krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
+{
+ int length;
+ krb5_enctype enctype;
+ krb5_octet FAR *contents = NULL;
+
+ if (!kssl_ctx)
+ return KSSL_CTX_ERR;
+
+ if (kssl_ctx->key) {
+ OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
+ kssl_free(kssl_ctx->key);
+ }
+
+ if (session) {
+
+# ifdef KRB5_HEIMDAL
+ length = session->keyvalue->length;
+ enctype = session->keytype;
+ contents = session->keyvalue->contents;
+# else
+ length = session->length;
+ enctype = session->enctype;
+ contents = session->contents;
+# endif
+ kssl_ctx->enctype = enctype;
+ kssl_ctx->length = length;
+ } else {
+ kssl_ctx->enctype = ENCTYPE_UNKNOWN;
+ kssl_ctx->length = 0;
+ return KSSL_CTX_OK;
+ }
+
+ if ((kssl_ctx->key =
+ (krb5_octet FAR *)kssl_calloc(1, kssl_ctx->length)) == NULL) {
+ kssl_ctx->length = 0;
+ return KSSL_CTX_ERR;
+ } else
+ memcpy(kssl_ctx->key, contents, length);
+
+ return KSSL_CTX_OK;
+}
+
+/*
+ * Display contents of kssl_ctx struct
+ */
+void kssl_ctx_show(KSSL_CTX *kssl_ctx)
+{
+ int i;
+
+ printf("kssl_ctx: ");
+ if (kssl_ctx == NULL) {
+ printf("NULL\n");
+ return;
+ } else
+ printf("%p\n", (void *)kssl_ctx);
+
+ printf("\tservice:\t%s\n",
+ (kssl_ctx->service_name) ? kssl_ctx->service_name : "NULL");
+ printf("\tclient:\t%s\n",
+ (kssl_ctx->client_princ) ? kssl_ctx->client_princ : "NULL");
+ printf("\tserver:\t%s\n",
+ (kssl_ctx->service_host) ? kssl_ctx->service_host : "NULL");
+ printf("\tkeytab:\t%s\n",
+ (kssl_ctx->keytab_file) ? kssl_ctx->keytab_file : "NULL");
+ printf("\tkey [%d:%d]:\t", kssl_ctx->enctype, kssl_ctx->length);
+
+ for (i = 0; i < kssl_ctx->length && kssl_ctx->key; i++) {
+ printf("%02x", kssl_ctx->key[i]);
+ }
+ printf("\n");
+ return;
+}
+
+int kssl_keytab_is_available(KSSL_CTX *kssl_ctx)
+{
+ krb5_context krb5context = NULL;
+ krb5_keytab krb5keytab = NULL;
+ krb5_keytab_entry entry;
+ krb5_principal princ = NULL;
+ krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
+ int rc = 0;
+
+ if ((krb5rc = krb5_init_context(&krb5context)))
+ return (0);
+
+ /*
+ * kssl_ctx->keytab_file == NULL ==> use Kerberos default
+ */
+ if (kssl_ctx->keytab_file) {
+ krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
+ &krb5keytab);
+ if (krb5rc)
+ goto exit;
+ } else {
+ krb5rc = krb5_kt_default(krb5context, &krb5keytab);
+ if (krb5rc)
+ goto exit;
+ }
+
+ /* the host key we are looking for */
+ krb5rc = krb5_sname_to_principal(krb5context, NULL,
+ kssl_ctx->
+ service_name ? kssl_ctx->service_name :
+ KRB5SVC, KRB5_NT_SRV_HST, &princ);
+
+ if (krb5rc)
+ goto exit;
+
+ krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ,
+ /* IGNORE_VNO */
+ 0,
+ /* IGNORE_ENCTYPE */
+ 0, &entry);
+ if (krb5rc == KRB5_KT_NOTFOUND) {
+ rc = 1;
+ goto exit;
+ } else if (krb5rc)
+ goto exit;
+
+ krb5_kt_free_entry(krb5context, &entry);
+ rc = 1;
+
+ exit:
+ if (krb5keytab)
+ krb5_kt_close(krb5context, krb5keytab);
+ if (princ)
+ krb5_free_principal(krb5context, princ);
+ if (krb5context)
+ krb5_free_context(krb5context);
+ return (rc);
+}
+
+int kssl_tgt_is_available(KSSL_CTX *kssl_ctx)
+{
+ krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
+ krb5_context krb5context = NULL;
+ krb5_ccache krb5ccdef = NULL;
+ krb5_creds krb5creds, *krb5credsp = NULL;
+ int rc = 0;
+
+ memset((char *)&krb5creds, 0, sizeof(krb5creds));
+
+ if (!kssl_ctx)
+ return (0);
+
+ if (!kssl_ctx->service_host)
+ return (0);
+
+ if ((krb5rc = krb5_init_context(&krb5context)) != 0)
+ goto err;
+
+ if ((krb5rc = krb5_sname_to_principal(krb5context,
+ kssl_ctx->service_host,
+ (kssl_ctx->service_name) ?
+ kssl_ctx->service_name : KRB5SVC,
+ KRB5_NT_SRV_HST,
+ &krb5creds.server)) != 0)
+ goto err;
+
+ if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
+ goto err;
+
+ if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
+ &krb5creds.client)) != 0)
+ goto err;
+
+ if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
+ &krb5creds, &krb5credsp)) != 0)
+ goto err;
+
+ rc = 1;
+
+ err:
+# ifdef KSSL_DEBUG
+ kssl_ctx_show(kssl_ctx);
+# endif /* KSSL_DEBUG */
+
+ if (krb5creds.client)
+ krb5_free_principal(krb5context, krb5creds.client);
+ if (krb5creds.server)
+ krb5_free_principal(krb5context, krb5creds.server);
+ if (krb5context)
+ krb5_free_context(krb5context);
+ return (rc);
+}
+
+# if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32)
+void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
+{
+# ifdef KRB5_HEIMDAL
+ data->length = 0;
+ if (data->data)
+ free(data->data);
+# elif defined(KRB5_MIT_OLD11)
+ if (data->data) {
+ krb5_xfree(data->data);
+ data->data = 0;
+ }
+# else
+ krb5_free_data_contents(NULL, data);
+# endif
+}
+# endif
+/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
+
+/*
+ * Given pointers to KerberosTime and struct tm structs, convert the
+ * KerberosTime string to struct tm. Note that KerberosTime is a
+ * ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional seconds
+ * as defined in RFC 1510. Return pointer to the (partially) filled in
+ * struct tm on success, return NULL on failure.
+ */
+struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
+{
+ char c, *p;
+
+ if (!k_tm)
+ return NULL;
+ if (gtime == NULL || gtime->length < 14)
+ return NULL;
+ if (gtime->data == NULL)
+ return NULL;
+
+ p = (char *)>ime->data[14];
+
+ c = *p;
+ *p = '\0';
+ p -= 2;
+ k_tm->tm_sec = atoi(p);
+ *(p + 2) = c;
+ c = *p;
+ *p = '\0';
+ p -= 2;
+ k_tm->tm_min = atoi(p);
+ *(p + 2) = c;
+ c = *p;
+ *p = '\0';
+ p -= 2;
+ k_tm->tm_hour = atoi(p);
+ *(p + 2) = c;
+ c = *p;
+ *p = '\0';
+ p -= 2;
+ k_tm->tm_mday = atoi(p);
+ *(p + 2) = c;
+ c = *p;
+ *p = '\0';
+ p -= 2;
+ k_tm->tm_mon = atoi(p) - 1;
+ *(p + 2) = c;
+ c = *p;
+ *p = '\0';
+ p -= 4;
+ k_tm->tm_year = atoi(p) - 1900;
+ *(p + 4) = c;
+
+ return k_tm;
+}
+
+/*
+ * Helper function for kssl_validate_times(). We need context->clockskew,
+ * but krb5_context is an opaque struct. So we try to sneek the clockskew
+ * out through the replay cache. If that fails just return a likely default
+ * (300 seconds).
+ */
+krb5_deltat get_rc_clockskew(krb5_context context)
+{
+ krb5_rcache rc;
+ krb5_deltat clockskew;
+
+ if (krb5_rc_default(context, &rc))
+ return KSSL_CLOCKSKEW;
+ if (krb5_rc_initialize(context, rc, 0))
+ return KSSL_CLOCKSKEW;
+ if (krb5_rc_get_lifespan(context, rc, &clockskew)) {
+ clockskew = KSSL_CLOCKSKEW;
+ }
+ (void)krb5_rc_destroy(context, rc);
+ return clockskew;
+}
+
+/*
+ * kssl_validate_times() combines (and more importantly exposes) the MIT KRB5
+ * internal function krb5_validate_times() and the in_clock_skew() macro.
+ * The authenticator client time is checked to be within clockskew secs of
+ * the current time and the current time is checked to be within the ticket
+ * start and expire times. Either check may be omitted by supplying a NULL
+ * value. Returns 0 for valid times, SSL_R_KRB5* error codes otherwise. See
+ * Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c 20010420 VRS
+ */
+krb5_error_code kssl_validate_times(krb5_timestamp atime,
+ krb5_ticket_times *ttimes)
+{
+ krb5_deltat skew;
+ krb5_timestamp start, now;
+ krb5_error_code rc;
+ krb5_context context;
+
+ if ((rc = krb5_init_context(&context)))
+ return SSL_R_KRB5_S_BAD_TICKET;
+ skew = get_rc_clockskew(context);
+ if ((rc = krb5_timeofday(context, &now)))
+ return SSL_R_KRB5_S_BAD_TICKET;
+ krb5_free_context(context);
+
+ if (atime && labs(atime - now) >= skew)
+ return SSL_R_KRB5_S_TKT_SKEW;
+
+ if (!ttimes)
+ return 0;
+
+ start = (ttimes->starttime != 0) ? ttimes->starttime : ttimes->authtime;
+ if (start - now > skew)
+ return SSL_R_KRB5_S_TKT_NYV;
+ if ((now - ttimes->endtime) > skew)
+ return SSL_R_KRB5_S_TKT_EXPIRED;
+
+# ifdef KSSL_DEBUG
+ printf("kssl_validate_times: %d |<- | %d - %d | < %d ->| %d\n",
+ start, atime, now, skew, ttimes->endtime);
+# endif /* KSSL_DEBUG */
+
+ return 0;
+}
+
+/*
+ * Decode and decrypt given DER-encoded authenticator, then pass
+ * authenticator ctime back in *atimep (or 0 if time unavailable). Returns
+ * krb5_error_code and kssl_err on error. A NULL authenticator
+ * (authentp->length == 0) is not considered an error. Note that
+ * kssl_check_authent() makes use of the KRB5 session key; you must call
+ * kssl_sget_tkt() to get the key before calling this routine.
+ */
+krb5_error_code kssl_check_authent(
+ /*
+ * IN
+ */ KSSL_CTX *kssl_ctx,
+ /*
+ * IN
+ */ krb5_data *authentp,
+ /*
+ * OUT
+ */ krb5_timestamp *atimep,
+ /*
+ * OUT
+ */ KSSL_ERR *kssl_err)
+{
+ krb5_error_code krb5rc = 0;
+ KRB5_ENCDATA *dec_authent = NULL;
+ KRB5_AUTHENTBODY *auth = NULL;
+ krb5_enctype enctype;
+ EVP_CIPHER_CTX ciph_ctx;
+ const EVP_CIPHER *enc = NULL;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ const unsigned char *p;
+ unsigned char *unenc_authent;
+ int outl, unencbufsize;
+ struct tm tm_time, *tm_l, *tm_g;
+ time_t now, tl, tg, tr, tz_offset;
+
+ EVP_CIPHER_CTX_init(&ciph_ctx);
+ *atimep = 0;
+ kssl_err_set(kssl_err, 0, "");
+
+# ifndef KRB5CHECKAUTH
+ authentp = NULL;
+# else
+# if KRB5CHECKAUTH == 0
+ authentp = NULL;
+# endif
+# endif /* KRB5CHECKAUTH */
+
+ if (authentp == NULL || authentp->length == 0)
+ return 0;
+
+# ifdef KSSL_DEBUG
+ {
+ unsigned int ui;
+ printf("kssl_check_authent: authenticator[%d]:\n", authentp->length);
+ p = authentp->data;
+ for (ui = 0; ui < authentp->length; ui++)
+ printf("%02x ", p[ui]);
+ printf("\n");
+ }
+# endif /* KSSL_DEBUG */
+
+ unencbufsize = 2 * authentp->length;
+ if ((unenc_authent = calloc(1, unencbufsize)) == NULL) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "Unable to allocate authenticator buffer.\n");
+ krb5rc = KRB5KRB_ERR_GENERIC;
+ goto err;
+ }
+
+ p = (unsigned char *)authentp->data;
+ if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p,
+ (long)authentp->length)) == NULL) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "Error decoding authenticator.\n");
+ krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ goto err;
+ }
+
+ enctype = dec_authent->etype->data[0]; /* should = kssl_ctx->enctype */
+# if !defined(KRB5_MIT_OLD11)
+ switch (enctype) {
+ case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
+ case ENCTYPE_DES3_CBC_SHA:
+ case ENCTYPE_DES3_CBC_RAW:
+ krb5rc = 0; /* Skip, can't handle derived keys */
+ goto err;
+ }
+# endif
+ enc = kssl_map_enc(enctype);
+ memset(iv, 0, sizeof iv); /* per RFC 1510 */
+
+ if (enc == NULL) {
+ /*
+ * Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1. This
+ * enctype indicates the authenticator was encrypted using key-usage
+ * derived keys which openssl cannot decrypt.
+ */
+ goto err;
+ }
+
+ if (!EVP_CipherInit(&ciph_ctx, enc, kssl_ctx->key, iv, 0)) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "EVP_CipherInit error decrypting authenticator.\n");
+ krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ goto err;
+ }
+ outl = dec_authent->cipher->length;
+ if (!EVP_Cipher
+ (&ciph_ctx, unenc_authent, dec_authent->cipher->data, outl)) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "EVP_Cipher error decrypting authenticator.\n");
+ krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ goto err;
+ }
+ EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+# ifdef KSSL_DEBUG
+ printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);
+ for (padl = 0; padl < outl; padl++)
+ printf("%02x ", unenc_authent[padl]);
+ printf("\n");
+# endif /* KSSL_DEBUG */
+
+ if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "confounded by authenticator.\n");
+ krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ goto err;
+ }
+ outl -= p - unenc_authent;
+
+ if ((auth = (KRB5_AUTHENTBODY *)d2i_KRB5_AUTHENT(NULL, &p,
+ (long)outl)) == NULL) {
+ kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+ "Error decoding authenticator body.\n");
+ krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+ goto err;
+ }
+
+ memset(&tm_time, 0, sizeof(struct tm));
+ if (k_gmtime(auth->ctime, &tm_time) &&
+ ((tr = mktime(&tm_time)) != (time_t)(-1))) {
+ now = time(&now);
+ tm_l = localtime(&now);
+ tl = mktime(tm_l);
+ tm_g = gmtime(&now);
+ tg = mktime(tm_g);
+ tz_offset = tg - tl;
+
+ *atimep = tr - tz_offset;
+ }
+# ifdef KSSL_DEBUG
+ printf("kssl_check_authent: returns %d for client time ", *atimep);
+ if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
+ printf("%.*s\n", auth->ctime->length, auth->ctime->data);
+ else
+ printf("NULL\n");
+# endif /* KSSL_DEBUG */
+
+ err:
+ if (auth)
+ KRB5_AUTHENT_free((KRB5_AUTHENT *) auth);
+ if (dec_authent)
+ KRB5_ENCDATA_free(dec_authent);
+ if (unenc_authent)
+ free(unenc_authent);
+ EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+ return krb5rc;
+}
+
+/*
+ * Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host),
+ * because I don't know how to stub varargs. Returns krb5_error_code ==
+ * ENOMEM on alloc error, otherwise passes back newly constructed principal,
+ * which should be freed by caller.
+ */
+krb5_error_code kssl_build_principal_2(
+ /*
+ * UPDATE
+ */ krb5_context context,
+ /*
+ * OUT
+ */ krb5_principal *princ,
+ /*
+ * IN
+ */ int rlen, const char *realm,
+ /*
+ * IN
+ */ int slen, const char *svc,
+ /*
+ * IN
+ */ int hlen, const char *host)
+{
+ krb5_data *p_data = NULL;
+ krb5_principal new_p = NULL;
+ char *new_r = NULL;
+
+ if ((p_data = (krb5_data *)calloc(2, sizeof(krb5_data))) == NULL ||
+ (new_p = (krb5_principal)calloc(1, sizeof(krb5_principal_data)))
+ == NULL)
+ goto err;
+ new_p->length = 2;
+ new_p->data = p_data;
+
+ if ((new_r = calloc(1, rlen + 1)) == NULL)
+ goto err;
+ memcpy(new_r, realm, rlen);
+ krb5_princ_set_realm_length(context, new_p, rlen);
+ krb5_princ_set_realm_data(context, new_p, new_r);
+
+ if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL)
+ goto err;
+ memcpy(new_p->data[0].data, svc, slen);
+ new_p->data[0].length = slen;
+
+ if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL)
+ goto err;
+ memcpy(new_p->data[1].data, host, hlen);
+ new_p->data[1].length = hlen;
+
+ krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN;
+ *princ = new_p;
+ return 0;
+
+ err:
+ if (new_p && new_p[0].data)
+ free(new_p[0].data);
+ if (new_p && new_p[1].data)
+ free(new_p[1].data);
+ if (new_p)
+ free(new_p);
+ if (new_r)
+ free(new_r);
+ return ENOMEM;
+}
+
+#else /* !OPENSSL_NO_KRB5 */
+
+# if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
+static void *dummy = &dummy;
+# endif
+
+#endif /* !OPENSSL_NO_KRB5 */
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/kssl.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/kssl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/kssl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,179 +0,0 @@
-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project 2000.
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/*
-** 19990701 VRS Started.
-*/
-
-#ifndef KSSL_H
-#define KSSL_H
-
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_NO_KRB5
-
-#include <stdio.h>
-#include <ctype.h>
-#include <krb5.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-** Depending on which KRB5 implementation used, some types from
-** the other may be missing. Resolve that here and now
-*/
-#ifdef KRB5_HEIMDAL
-typedef unsigned char krb5_octet;
-#define FAR
-#else
-
-#ifndef FAR
-#define FAR
-#endif
-
-#endif
-
-/* Uncomment this to debug kssl problems or
-** to trace usage of the Kerberos session key
-**
-** #define KSSL_DEBUG
-*/
-
-#ifndef KRB5SVC
-#define KRB5SVC "host"
-#endif
-
-#ifndef KRB5KEYTAB
-#define KRB5KEYTAB "/etc/krb5.keytab"
-#endif
-
-#ifndef KRB5SENDAUTH
-#define KRB5SENDAUTH 1
-#endif
-
-#ifndef KRB5CHECKAUTH
-#define KRB5CHECKAUTH 1
-#endif
-
-#ifndef KSSL_CLOCKSKEW
-#define KSSL_CLOCKSKEW 300;
-#endif
-
-#define KSSL_ERR_MAX 255
-typedef struct kssl_err_st {
- int reason;
- char text[KSSL_ERR_MAX+1];
- } KSSL_ERR;
-
-
-/* Context for passing
-** (1) Kerberos session key to SSL, and
-** (2) Config data between application and SSL lib
-*/
-typedef struct kssl_ctx_st
- {
- /* used by: disposition: */
- char *service_name; /* C,S default ok (kssl) */
- char *service_host; /* C input, REQUIRED */
- char *client_princ; /* S output from krb5 ticket */
- char *keytab_file; /* S NULL (/etc/krb5.keytab) */
- char *cred_cache; /* C NULL (default) */
- krb5_enctype enctype;
- int length;
- krb5_octet FAR *key;
- } KSSL_CTX;
-
-#define KSSL_CLIENT 1
-#define KSSL_SERVER 2
-#define KSSL_SERVICE 3
-#define KSSL_KEYTAB 4
-
-#define KSSL_CTX_OK 0
-#define KSSL_CTX_ERR 1
-#define KSSL_NOMEM 2
-
-/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
-krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
-KSSL_CTX *kssl_ctx_new(void);
-KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
-void kssl_ctx_show(KSSL_CTX *kssl_ctx);
-krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
- krb5_data *realm, krb5_data *entity, int nentities);
-krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
- krb5_data *authenp, KSSL_ERR *kssl_err);
-krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
- krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
-krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
-void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
-krb5_error_code kssl_build_principal_2(krb5_context context,
- krb5_principal *princ, int rlen, const char *realm,
- int slen, const char *svc, int hlen, const char *host);
-krb5_error_code kssl_validate_times(krb5_timestamp atime,
- krb5_ticket_times *ttimes);
-krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
- krb5_timestamp *atimep, KSSL_ERR *kssl_err);
-unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
-
-#ifdef __cplusplus
-}
-#endif
-#endif /* OPENSSL_NO_KRB5 */
-#endif /* KSSL_H */
Copied: vendor-crypto/openssl/0.9.8zf/ssl/kssl.h (from rev 6976, vendor-crypto/openssl/dist/ssl/kssl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/kssl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/kssl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,183 @@
+/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
+/*
+ * Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project
+ * 2000. project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ ** 19990701 VRS Started.
+ */
+
+#ifndef KSSL_H
+# define KSSL_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_KRB5
+
+# include <stdio.h>
+# include <ctype.h>
+# include <krb5.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Depending on which KRB5 implementation used, some types from
+ * the other may be missing. Resolve that here and now
+ */
+# ifdef KRB5_HEIMDAL
+typedef unsigned char krb5_octet;
+# define FAR
+# else
+
+# ifndef FAR
+# define FAR
+# endif
+
+# endif
+
+/*-
+ * Uncomment this to debug kssl problems or
+ * to trace usage of the Kerberos session key
+ *
+ * #define KSSL_DEBUG
+ */
+
+# ifndef KRB5SVC
+# define KRB5SVC "host"
+# endif
+
+# ifndef KRB5KEYTAB
+# define KRB5KEYTAB "/etc/krb5.keytab"
+# endif
+
+# ifndef KRB5SENDAUTH
+# define KRB5SENDAUTH 1
+# endif
+
+# ifndef KRB5CHECKAUTH
+# define KRB5CHECKAUTH 1
+# endif
+
+# ifndef KSSL_CLOCKSKEW
+# define KSSL_CLOCKSKEW 300;
+# endif
+
+# define KSSL_ERR_MAX 255
+typedef struct kssl_err_st {
+ int reason;
+ char text[KSSL_ERR_MAX + 1];
+} KSSL_ERR;
+
+/*- Context for passing
+ * (1) Kerberos session key to SSL, and
+ * (2) Config data between application and SSL lib
+ */
+typedef struct kssl_ctx_st {
+ /* used by: disposition: */
+ char *service_name; /* C,S default ok (kssl) */
+ char *service_host; /* C input, REQUIRED */
+ char *client_princ; /* S output from krb5 ticket */
+ char *keytab_file; /* S NULL (/etc/krb5.keytab) */
+ char *cred_cache; /* C NULL (default) */
+ krb5_enctype enctype;
+ int length;
+ krb5_octet FAR *key;
+} KSSL_CTX;
+
+# define KSSL_CLIENT 1
+# define KSSL_SERVER 2
+# define KSSL_SERVICE 3
+# define KSSL_KEYTAB 4
+
+# define KSSL_CTX_OK 0
+# define KSSL_CTX_ERR 1
+# define KSSL_NOMEM 2
+
+/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
+krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
+KSSL_CTX *kssl_ctx_new(void);
+KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
+void kssl_ctx_show(KSSL_CTX *kssl_ctx);
+krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
+ krb5_data *realm, krb5_data *entity,
+ int nentities);
+krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
+ krb5_data *authenp, KSSL_ERR *kssl_err);
+krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
+ krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
+krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
+void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
+void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
+krb5_error_code kssl_build_principal_2(krb5_context context,
+ krb5_principal *princ, int rlen,
+ const char *realm, int slen,
+ const char *svc, int hlen,
+ const char *host);
+krb5_error_code kssl_validate_times(krb5_timestamp atime,
+ krb5_ticket_times *ttimes);
+krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
+ krb5_timestamp *atimep,
+ KSSL_ERR *kssl_err);
+unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
+
+#ifdef __cplusplus
+}
+#endif
+# endif /* OPENSSL_NO_KRB5 */
+#endif /* KSSL_H */
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/kssl_lcl.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/kssl_lcl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/kssl_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,87 +0,0 @@
-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project 2000.
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#ifndef KSSL_LCL_H
-#define KSSL_LCL_H
-
-#include <openssl/kssl.h>
-
-#ifndef OPENSSL_NO_KRB5
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Private (internal to OpenSSL) */
-void print_krb5_data(char *label, krb5_data *kdata);
-void print_krb5_authdata(char *label, krb5_authdata **adata);
-void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
-
-char *kstring(char *string);
-char *knumber(int len, krb5_octet *contents);
-
-EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
-
-int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
-int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
-
-#ifdef __cplusplus
-}
-#endif
-#endif /* OPENSSL_NO_KRB5 */
-#endif /* KSSL_LCL_H */
Copied: vendor-crypto/openssl/0.9.8zf/ssl/kssl_lcl.h (from rev 6976, vendor-crypto/openssl/dist/ssl/kssl_lcl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/kssl_lcl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/kssl_lcl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,88 @@
+/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
+/*
+ * Written by Vern Staats <staatsvr at asc.hpc.mil> for the OpenSSL project
+ * 2000. project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#ifndef KSSL_LCL_H
+# define KSSL_LCL_H
+
+# include <openssl/kssl.h>
+
+# ifndef OPENSSL_NO_KRB5
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Private (internal to OpenSSL) */
+void print_krb5_data(char *label, krb5_data *kdata);
+void print_krb5_authdata(char *label, krb5_authdata **adata);
+void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
+
+char *kstring(char *string);
+char *knumber(int len, krb5_octet *contents);
+
+EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
+
+int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
+int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
+
+#ifdef __cplusplus
+}
+#endif
+# endif /* OPENSSL_NO_KRB5 */
+#endif /* KSSL_LCL_H */
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s23_clnt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s23_clnt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s23_clnt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,632 +0,0 @@
-/* ssl/s23_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *ssl23_get_client_method(int ver);
-static int ssl23_client_hello(SSL *s);
-static int ssl23_get_server_hello(SSL *s);
-static SSL_METHOD *ssl23_get_client_method(int ver)
- {
-#ifndef OPENSSL_NO_SSL2
- if (ver == SSL2_VERSION)
- return(SSLv2_client_method());
-#endif
-#ifndef OPENSSL_NO_SSL3
- if (ver == SSL3_VERSION)
- return(SSLv3_client_method());
-#endif
- if (ver == TLS1_VERSION)
- return(TLSv1_client_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
- ssl_undefined_function,
- ssl23_connect,
- ssl23_get_client_method)
-
-int ssl23_connect(SSL *s)
- {
- BUF_MEM *buf=NULL;
- unsigned long Time=(unsigned long)time(NULL);
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int ret= -1;
- int new_state,state;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch(s->state)
- {
- case SSL_ST_BEFORE:
- case SSL_ST_CONNECT:
- case SSL_ST_BEFORE|SSL_ST_CONNECT:
- case SSL_ST_OK|SSL_ST_CONNECT:
-
- if (s->session != NULL)
- {
- SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
- ret= -1;
- goto end;
- }
- s->server=0;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- /* s->version=TLS1_VERSION; */
- s->type=SSL_ST_CONNECT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- buf=NULL;
- }
-
- if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
- ssl3_init_finished_mac(s);
-
- s->state=SSL23_ST_CW_CLNT_HELLO_A;
- s->ctx->stats.sess_connect++;
- s->init_num=0;
- break;
-
- case SSL23_ST_CW_CLNT_HELLO_A:
- case SSL23_ST_CW_CLNT_HELLO_B:
-
- s->shutdown=0;
- ret=ssl23_client_hello(s);
- if (ret <= 0) goto end;
- s->state=SSL23_ST_CR_SRVR_HELLO_A;
- s->init_num=0;
-
- break;
-
- case SSL23_ST_CR_SRVR_HELLO_A:
- case SSL23_ST_CR_SRVR_HELLO_B:
- ret=ssl23_get_server_hello(s);
- if (ret >= 0) cb=NULL;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- if (s->debug) { (void)BIO_flush(s->wbio); }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_CONNECT_LOOP,1);
- s->state=new_state;
- }
- }
-end:
- s->in_handshake--;
- if (buf != NULL)
- BUF_MEM_free(buf);
- if (cb != NULL)
- cb(s,SSL_CB_CONNECT_EXIT,ret);
- return(ret);
- }
-
-
-static int ssl23_client_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i,ch_len;
- unsigned long Time,l;
- int ssl2_compat;
- int version = 0, version_major, version_minor;
-#ifndef OPENSSL_NO_COMP
- int j;
- SSL_COMP *comp;
-#endif
- int ret;
-
- ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
-
- if (!(s->options & SSL_OP_NO_TLSv1))
- {
- version = TLS1_VERSION;
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- version = SSL3_VERSION;
- }
- else if (!(s->options & SSL_OP_NO_SSLv2))
- {
- version = SSL2_VERSION;
- }
-#ifndef OPENSSL_NO_TLSEXT
- if (version != SSL2_VERSION)
- {
- /* have to disable SSL 2.0 compatibility if we need TLS extensions */
-
- if (s->tlsext_hostname != NULL)
- ssl2_compat = 0;
- if (s->tlsext_status_type != -1)
- ssl2_compat = 0;
- }
-#endif
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
- {
-#if 0
- /* don't reuse session-id's */
- if (!ssl_get_new_session(s,0))
- {
- return(-1);
- }
-#endif
-
- p=s->s3->client_random;
- Time=(unsigned long)time(NULL); /* Time */
- l2n(Time,p);
- if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
- return -1;
-
- if (version == TLS1_VERSION)
- {
- version_major = TLS1_VERSION_MAJOR;
- version_minor = TLS1_VERSION_MINOR;
- }
-#ifdef OPENSSL_FIPS
- else if(FIPS_mode())
- {
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,
- SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
- return -1;
- }
-#endif
- else if (version == SSL3_VERSION)
- {
- version_major = SSL3_VERSION_MAJOR;
- version_minor = SSL3_VERSION_MINOR;
- }
- else if (version == SSL2_VERSION)
- {
- version_major = SSL2_VERSION_MAJOR;
- version_minor = SSL2_VERSION_MINOR;
- }
- else
- {
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
- return(-1);
- }
-
- s->client_version = version;
-
- if (ssl2_compat)
- {
- /* create SSL 2.0 compatible Client Hello */
-
- /* two byte record header will be written last */
- d = &(buf[2]);
- p = d + 9; /* leave space for message type, version, individual length fields */
-
- *(d++) = SSL2_MT_CLIENT_HELLO;
- *(d++) = version_major;
- *(d++) = version_minor;
-
- /* Ciphers supported */
- i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
- if (i == 0)
- {
- /* no ciphers */
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- return -1;
- }
- s2n(i,d);
- p+=i;
-
- /* put in the session-id length (zero since there is no reuse) */
-#if 0
- s->session->session_id_length=0;
-#endif
- s2n(0,d);
-
- if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
- ch_len=SSL2_CHALLENGE_LENGTH;
- else
- ch_len=SSL2_MAX_CHALLENGE_LENGTH;
-
- /* write out sslv2 challenge */
- if (SSL3_RANDOM_SIZE < ch_len)
- i=SSL3_RANDOM_SIZE;
- else
- i=ch_len;
- s2n(i,d);
- memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
- if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
- return -1;
-
- memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
- p+=i;
-
- i= p- &(buf[2]);
- buf[0]=((i>>8)&0xff)|0x80;
- buf[1]=(i&0xff);
-
- /* number of bytes to write */
- s->init_num=i+2;
- s->init_off=0;
-
- ssl3_finish_mac(s,&(buf[2]),i);
- }
- else
- {
- /* create Client Hello in SSL 3.0/TLS 1.0 format */
-
- /* do the record header (5 bytes) and handshake message header (4 bytes) last */
- d = p = &(buf[9]);
-
- *(p++) = version_major;
- *(p++) = version_minor;
-
- /* Random stuff */
- memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
- p += SSL3_RANDOM_SIZE;
-
- /* Session ID (zero since there is no reuse) */
- *(p++) = 0;
-
- /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
- i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- return -1;
- }
- s2n(i,p);
- p+=i;
-#ifdef OPENSSL_NO_COMP
- *(p++)=1;
-#else
- /* COMPRESSION */
- if (s->ctx->comp_methods == NULL)
- j=0;
- else
- j=sk_SSL_COMP_num(s->ctx->comp_methods);
- *(p++)=1+j;
- for (i=0; i<j; i++)
- {
- comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
- *(p++)=comp->id;
- }
-#endif
- *(p++)=0; /* Add the NULL method */
-#ifndef OPENSSL_NO_TLSEXT
- if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
- {
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
- return -1;
- }
-#endif
-
- l = p-d;
- *p = 42;
-
- /* fill in 4-byte handshake header */
- d=&(buf[5]);
- *(d++)=SSL3_MT_CLIENT_HELLO;
- l2n3(l,d);
-
- l += 4;
-
- if (l > SSL3_RT_MAX_PLAIN_LENGTH)
- {
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
- return -1;
- }
-
- /* fill in 5-byte record header */
- d=buf;
- *(d++) = SSL3_RT_HANDSHAKE;
- *(d++) = version_major;
- *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
- * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
- s2n((int)l,d);
-
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
-
- ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
- }
-
- s->state=SSL23_ST_CW_CLNT_HELLO_B;
- s->init_off=0;
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- ret = ssl23_write_bytes(s);
-
- if ((ret >= 2) && s->msg_callback)
- {
- /* Client Hello has been sent; tell msg_callback */
-
- if (ssl2_compat)
- s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
- else
- s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
- }
-
- return ret;
- }
-
-static int ssl23_get_server_hello(SSL *s)
- {
- char buf[8];
- unsigned char *p;
- int i;
- int n;
-
- n=ssl23_read_bytes(s,7);
-
- if (n != 7) return(n);
- p=s->packet;
-
- memcpy(buf,p,n);
-
- if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
- (p[5] == 0x00) && (p[6] == 0x02))
- {
-#ifdef OPENSSL_NO_SSL2
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
-#else
- /* we are talking sslv2 */
- /* we need to clean up the SSLv3 setup and put in the
- * sslv2 stuff. */
- int ch_len;
-
- if (s->options & SSL_OP_NO_SSLv2)
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
- }
- if (s->s2 == NULL)
- {
- if (!ssl2_new(s))
- goto err;
- }
- else
- ssl2_clear(s);
-
- if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
- ch_len=SSL2_CHALLENGE_LENGTH;
- else
- ch_len=SSL2_MAX_CHALLENGE_LENGTH;
-
- /* write out sslv2 challenge */
- i=(SSL3_RANDOM_SIZE < ch_len)
- ?SSL3_RANDOM_SIZE:ch_len;
- s->s2->challenge_length=i;
- memcpy(s->s2->challenge,
- &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
-
- if (s->s3 != NULL) ssl3_free(s);
-
- if (!BUF_MEM_grow_clean(s->init_buf,
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
- goto err;
- }
-
- s->state=SSL2_ST_GET_SERVER_HELLO_A;
- if (!(s->client_version == SSL2_VERSION))
- /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
- s->s2->ssl2_rollback=1;
-
- /* setup the 7 bytes we have read so we get them from
- * the sslv2 buffer */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- s->packet= &(s->s2->rbuf[0]);
- memcpy(s->packet,buf,n);
- s->s2->rbuf_left=n;
- s->s2->rbuf_offs=0;
-
- /* we have already written one */
- s->s2->write_sequence=1;
-
- s->method=SSLv2_client_method();
- s->handshake_func=s->method->ssl_connect;
-#endif
- }
- else if (p[1] == SSL3_VERSION_MAJOR &&
- ((p[2] == SSL3_VERSION_MINOR) ||
- (p[2] == TLS1_VERSION_MINOR)) &&
- ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
- (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
- {
- /* we have sslv3 or tls1 (server hello or alert) */
-
-#ifndef OPENSSL_NO_SSL3
- if ((p[2] == SSL3_VERSION_MINOR) &&
- !(s->options & SSL_OP_NO_SSLv3))
- {
-#ifdef OPENSSL_FIPS
- if(FIPS_mode())
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
- SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
- goto err;
- }
-#endif
- s->version=SSL3_VERSION;
- s->method=SSLv3_client_method();
- }
- else
-#endif
- if ((p[2] == TLS1_VERSION_MINOR) &&
- !(s->options & SSL_OP_NO_TLSv1))
- {
- s->version=TLS1_VERSION;
- s->method=TLSv1_client_method();
- }
- else
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
- }
-
- /* ensure that TLS_MAX_VERSION is up-to-date */
- OPENSSL_assert(s->version <= TLS_MAX_VERSION);
-
- if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING)
- {
- /* fatal alert */
-
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int j;
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- i=p[5];
- if (cb != NULL)
- {
- j=(i<<8)|p[6];
- cb(s,SSL_CB_READ_ALERT,j);
- }
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_ALERT, p+5, 2, s, s->msg_callback_arg);
-
- s->rwstate=SSL_NOTHING;
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
- goto err;
- }
-
- if (!ssl_init_wbio_buffer(s,1)) goto err;
-
- /* we are in this state */
- s->state=SSL3_ST_CR_SRVR_HELLO_A;
-
- /* put the 7 bytes we have read into the input buffer
- * for SSLv3 */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- if (s->s3->rbuf.buf == NULL)
- if (!ssl3_setup_buffers(s))
- goto err;
- s->packet= &(s->s3->rbuf.buf[0]);
- memcpy(s->packet,buf,n);
- s->s3->rbuf.left=n;
- s->s3->rbuf.offset=0;
-
- s->handshake_func=s->method->ssl_connect;
- }
- else
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
- goto err;
- }
- s->init_num=0;
-
- /* Since, if we are sending a ssl23 client hello, we are not
- * reusing a session-id */
- if (!ssl_get_new_session(s,0))
- goto err;
-
- return(SSL_connect(s));
-err:
- return(-1);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s23_clnt.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s23_clnt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s23_clnt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s23_clnt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,619 @@
+/* ssl/s23_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+
+static SSL_METHOD *ssl23_get_client_method(int ver);
+static int ssl23_client_hello(SSL *s);
+static int ssl23_get_server_hello(SSL *s);
+static SSL_METHOD *ssl23_get_client_method(int ver)
+{
+#ifndef OPENSSL_NO_SSL2
+ if (ver == SSL2_VERSION)
+ return (SSLv2_client_method());
+#endif
+#ifndef OPENSSL_NO_SSL3
+ if (ver == SSL3_VERSION)
+ return (SSLv3_client_method());
+#endif
+ if (ver == TLS1_VERSION)
+ return (TLSv1_client_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
+ ssl_undefined_function,
+ ssl23_connect, ssl23_get_client_method)
+
+int ssl23_connect(SSL *s)
+{
+ BUF_MEM *buf = NULL;
+ unsigned long Time = (unsigned long)time(NULL);
+ void (*cb) (const SSL *ssl, int type, int val) = NULL;
+ int ret = -1;
+ int new_state, state;
+
+ RAND_add(&Time, sizeof(Time), 0);
+ ERR_clear_error();
+ clear_sys_error();
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s))
+ SSL_clear(s);
+
+ for (;;) {
+ state = s->state;
+
+ switch (s->state) {
+ case SSL_ST_BEFORE:
+ case SSL_ST_CONNECT:
+ case SSL_ST_BEFORE | SSL_ST_CONNECT:
+ case SSL_ST_OK | SSL_ST_CONNECT:
+
+ if (s->session != NULL) {
+ SSLerr(SSL_F_SSL23_CONNECT,
+ SSL_R_SSL23_DOING_SESSION_ID_REUSE);
+ ret = -1;
+ goto end;
+ }
+ s->server = 0;
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+ /* s->version=TLS1_VERSION; */
+ s->type = SSL_ST_CONNECT;
+
+ if (s->init_buf == NULL) {
+ if ((buf = BUF_MEM_new()) == NULL) {
+ ret = -1;
+ goto end;
+ }
+ if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+ ret = -1;
+ goto end;
+ }
+ s->init_buf = buf;
+ buf = NULL;
+ }
+
+ if (!ssl3_setup_buffers(s)) {
+ ret = -1;
+ goto end;
+ }
+
+ ssl3_init_finished_mac(s);
+
+ s->state = SSL23_ST_CW_CLNT_HELLO_A;
+ s->ctx->stats.sess_connect++;
+ s->init_num = 0;
+ break;
+
+ case SSL23_ST_CW_CLNT_HELLO_A:
+ case SSL23_ST_CW_CLNT_HELLO_B:
+
+ s->shutdown = 0;
+ ret = ssl23_client_hello(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL23_ST_CR_SRVR_HELLO_A;
+ s->init_num = 0;
+
+ break;
+
+ case SSL23_ST_CR_SRVR_HELLO_A:
+ case SSL23_ST_CR_SRVR_HELLO_B:
+ ret = ssl23_get_server_hello(s);
+ if (ret >= 0)
+ cb = NULL;
+ goto end;
+ /* break; */
+
+ default:
+ SSLerr(SSL_F_SSL23_CONNECT, SSL_R_UNKNOWN_STATE);
+ ret = -1;
+ goto end;
+ /* break; */
+ }
+
+ if (s->debug) {
+ (void)BIO_flush(s->wbio);
+ }
+
+ if ((cb != NULL) && (s->state != state)) {
+ new_state = s->state;
+ s->state = state;
+ cb(s, SSL_CB_CONNECT_LOOP, 1);
+ s->state = new_state;
+ }
+ }
+ end:
+ s->in_handshake--;
+ if (buf != NULL)
+ BUF_MEM_free(buf);
+ if (cb != NULL)
+ cb(s, SSL_CB_CONNECT_EXIT, ret);
+ return (ret);
+}
+
+static int ssl23_client_hello(SSL *s)
+{
+ unsigned char *buf;
+ unsigned char *p, *d;
+ int i, ch_len;
+ unsigned long Time, l;
+ int ssl2_compat;
+ int version = 0, version_major, version_minor;
+#ifndef OPENSSL_NO_COMP
+ int j;
+ SSL_COMP *comp;
+#endif
+ int ret;
+
+ ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
+
+ if (!(s->options & SSL_OP_NO_TLSv1)) {
+ version = TLS1_VERSION;
+ } else if (!(s->options & SSL_OP_NO_SSLv3)) {
+ version = SSL3_VERSION;
+ } else if (!(s->options & SSL_OP_NO_SSLv2)) {
+ version = SSL2_VERSION;
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ if (version != SSL2_VERSION) {
+ /*
+ * have to disable SSL 2.0 compatibility if we need TLS extensions
+ */
+
+ if (s->tlsext_hostname != NULL)
+ ssl2_compat = 0;
+ if (s->tlsext_status_type != -1)
+ ssl2_compat = 0;
+ }
+#endif
+
+ buf = (unsigned char *)s->init_buf->data;
+ if (s->state == SSL23_ST_CW_CLNT_HELLO_A) {
+#if 0
+ /* don't reuse session-id's */
+ if (!ssl_get_new_session(s, 0)) {
+ return (-1);
+ }
+#endif
+
+ p = s->s3->client_random;
+ Time = (unsigned long)time(NULL); /* Time */
+ l2n(Time, p);
+ if (RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE - 4) <= 0)
+ return -1;
+
+ if (version == TLS1_VERSION) {
+ version_major = TLS1_VERSION_MAJOR;
+ version_minor = TLS1_VERSION_MINOR;
+ }
+#ifdef OPENSSL_FIPS
+ else if (FIPS_mode()) {
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO,
+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+ return -1;
+ }
+#endif
+ else if (version == SSL3_VERSION) {
+ version_major = SSL3_VERSION_MAJOR;
+ version_minor = SSL3_VERSION_MINOR;
+ } else if (version == SSL2_VERSION) {
+ version_major = SSL2_VERSION_MAJOR;
+ version_minor = SSL2_VERSION_MINOR;
+ } else {
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE);
+ return (-1);
+ }
+
+ s->client_version = version;
+
+ if (ssl2_compat) {
+ /* create SSL 2.0 compatible Client Hello */
+
+ /* two byte record header will be written last */
+ d = &(buf[2]);
+ p = d + 9; /* leave space for message type, version,
+ * individual length fields */
+
+ *(d++) = SSL2_MT_CLIENT_HELLO;
+ *(d++) = version_major;
+ *(d++) = version_minor;
+
+ /* Ciphers supported */
+ i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), p, 0);
+ if (i == 0) {
+ /* no ciphers */
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
+ return -1;
+ }
+ s2n(i, d);
+ p += i;
+
+ /*
+ * put in the session-id length (zero since there is no reuse)
+ */
+#if 0
+ s->session->session_id_length = 0;
+#endif
+ s2n(0, d);
+
+ if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+ ch_len = SSL2_CHALLENGE_LENGTH;
+ else
+ ch_len = SSL2_MAX_CHALLENGE_LENGTH;
+
+ /* write out sslv2 challenge */
+ if (SSL3_RANDOM_SIZE < ch_len)
+ i = SSL3_RANDOM_SIZE;
+ else
+ i = ch_len;
+ s2n(i, d);
+ memset(&(s->s3->client_random[0]), 0, SSL3_RANDOM_SIZE);
+ if (RAND_pseudo_bytes
+ (&(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i) <= 0)
+ return -1;
+
+ memcpy(p, &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
+ p += i;
+
+ i = p - &(buf[2]);
+ buf[0] = ((i >> 8) & 0xff) | 0x80;
+ buf[1] = (i & 0xff);
+
+ /* number of bytes to write */
+ s->init_num = i + 2;
+ s->init_off = 0;
+
+ ssl3_finish_mac(s, &(buf[2]), i);
+ } else {
+ /* create Client Hello in SSL 3.0/TLS 1.0 format */
+
+ /*
+ * do the record header (5 bytes) and handshake message header (4
+ * bytes) last
+ */
+ d = p = &(buf[9]);
+
+ *(p++) = version_major;
+ *(p++) = version_minor;
+
+ /* Random stuff */
+ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+
+ /* Session ID (zero since there is no reuse) */
+ *(p++) = 0;
+
+ /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
+ i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]),
+ ssl3_put_cipher_by_char);
+ if (i == 0) {
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
+ return -1;
+ }
+ s2n(i, p);
+ p += i;
+#ifdef OPENSSL_NO_COMP
+ *(p++) = 1;
+#else
+ /* COMPRESSION */
+ if (s->ctx->comp_methods == NULL)
+ j = 0;
+ else
+ j = sk_SSL_COMP_num(s->ctx->comp_methods);
+ *(p++) = 1 + j;
+ for (i = 0; i < j; i++) {
+ comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
+ *(p++) = comp->id;
+ }
+#endif
+ *(p++) = 0; /* Add the NULL method */
+#ifndef OPENSSL_NO_TLSEXT
+ if ((p =
+ ssl_add_clienthello_tlsext(s, p,
+ buf +
+ SSL3_RT_MAX_PLAIN_LENGTH)) ==
+ NULL) {
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+#endif
+
+ l = p - d;
+ *p = 42;
+
+ /* fill in 4-byte handshake header */
+ d = &(buf[5]);
+ *(d++) = SSL3_MT_CLIENT_HELLO;
+ l2n3(l, d);
+
+ l += 4;
+
+ if (l > SSL3_RT_MAX_PLAIN_LENGTH) {
+ SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+
+ /* fill in 5-byte record header */
+ d = buf;
+ *(d++) = SSL3_RT_HANDSHAKE;
+ *(d++) = version_major;
+ *(d++) = version_minor; /* arguably we should send the *lowest*
+ * suported version here (indicating,
+ * e.g., TLS 1.0 in "SSL 3.0 format") */
+ s2n((int)l, d);
+
+ /* number of bytes to write */
+ s->init_num = p - buf;
+ s->init_off = 0;
+
+ ssl3_finish_mac(s, &(buf[5]), s->init_num - 5);
+ }
+
+ s->state = SSL23_ST_CW_CLNT_HELLO_B;
+ s->init_off = 0;
+ }
+
+ /* SSL3_ST_CW_CLNT_HELLO_B */
+ ret = ssl23_write_bytes(s);
+
+ if ((ret >= 2) && s->msg_callback) {
+ /* Client Hello has been sent; tell msg_callback */
+
+ if (ssl2_compat)
+ s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data + 2,
+ ret - 2, s, s->msg_callback_arg);
+ else
+ s->msg_callback(1, version, SSL3_RT_HANDSHAKE,
+ s->init_buf->data + 5, ret - 5, s,
+ s->msg_callback_arg);
+ }
+
+ return ret;
+}
+
+static int ssl23_get_server_hello(SSL *s)
+{
+ char buf[8];
+ unsigned char *p;
+ int i;
+ int n;
+
+ n = ssl23_read_bytes(s, 7);
+
+ if (n != 7)
+ return (n);
+ p = s->packet;
+
+ memcpy(buf, p, n);
+
+ if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
+ (p[5] == 0x00) && (p[6] == 0x02)) {
+#ifdef OPENSSL_NO_SSL2
+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
+ goto err;
+#else
+ /* we are talking sslv2 */
+ /*
+ * we need to clean up the SSLv3 setup and put in the sslv2 stuff.
+ */
+ int ch_len;
+
+ if (s->options & SSL_OP_NO_SSLv2) {
+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
+ goto err;
+ }
+ if (s->s2 == NULL) {
+ if (!ssl2_new(s))
+ goto err;
+ } else
+ ssl2_clear(s);
+
+ if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
+ ch_len = SSL2_CHALLENGE_LENGTH;
+ else
+ ch_len = SSL2_MAX_CHALLENGE_LENGTH;
+
+ /* write out sslv2 challenge */
+ i = (SSL3_RANDOM_SIZE < ch_len)
+ ? SSL3_RANDOM_SIZE : ch_len;
+ s->s2->challenge_length = i;
+ memcpy(s->s2->challenge,
+ &(s->s3->client_random[SSL3_RANDOM_SIZE - i]), i);
+
+ if (s->s3 != NULL)
+ ssl3_free(s);
+
+ if (!BUF_MEM_grow_clean(s->init_buf,
+ SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, ERR_R_BUF_LIB);
+ goto err;
+ }
+
+ s->state = SSL2_ST_GET_SERVER_HELLO_A;
+ if (!(s->client_version == SSL2_VERSION))
+ /*
+ * use special padding (SSL 3.0 draft/RFC 2246, App. E.2)
+ */
+ s->s2->ssl2_rollback = 1;
+
+ /*
+ * setup the 7 bytes we have read so we get them from the sslv2
+ * buffer
+ */
+ s->rstate = SSL_ST_READ_HEADER;
+ s->packet_length = n;
+ s->packet = &(s->s2->rbuf[0]);
+ memcpy(s->packet, buf, n);
+ s->s2->rbuf_left = n;
+ s->s2->rbuf_offs = 0;
+
+ /* we have already written one */
+ s->s2->write_sequence = 1;
+
+ s->method = SSLv2_client_method();
+ s->handshake_func = s->method->ssl_connect;
+#endif
+ } else if (p[1] == SSL3_VERSION_MAJOR &&
+ ((p[2] == SSL3_VERSION_MINOR) ||
+ (p[2] == TLS1_VERSION_MINOR)) &&
+ ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
+ (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) {
+ /* we have sslv3 or tls1 (server hello or alert) */
+
+#ifndef OPENSSL_NO_SSL3
+ if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) {
+# ifdef OPENSSL_FIPS
+ if (FIPS_mode()) {
+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+ goto err;
+ }
+# endif
+ s->version = SSL3_VERSION;
+ s->method = SSLv3_client_method();
+ } else
+#endif
+ if ((p[2] == TLS1_VERSION_MINOR) && !(s->options & SSL_OP_NO_TLSv1)) {
+ s->version = TLS1_VERSION;
+ s->method = TLSv1_client_method();
+ } else {
+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
+ goto err;
+ }
+
+ /* ensure that TLS_MAX_VERSION is up-to-date */
+ OPENSSL_assert(s->version <= TLS_MAX_VERSION);
+
+ if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) {
+ /* fatal alert */
+
+ void (*cb) (const SSL *ssl, int type, int val) = NULL;
+ int j;
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ i = p[5];
+ if (cb != NULL) {
+ j = (i << 8) | p[6];
+ cb(s, SSL_CB_READ_ALERT, j);
+ }
+
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s,
+ s->msg_callback_arg);
+
+ s->rwstate = SSL_NOTHING;
+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]);
+ goto err;
+ }
+
+ if (!ssl_init_wbio_buffer(s, 1))
+ goto err;
+
+ /* we are in this state */
+ s->state = SSL3_ST_CR_SRVR_HELLO_A;
+
+ /*
+ * put the 7 bytes we have read into the input buffer for SSLv3
+ */
+ s->rstate = SSL_ST_READ_HEADER;
+ s->packet_length = n;
+ if (s->s3->rbuf.buf == NULL)
+ if (!ssl3_setup_buffers(s))
+ goto err;
+ s->packet = &(s->s3->rbuf.buf[0]);
+ memcpy(s->packet, buf, n);
+ s->s3->rbuf.left = n;
+ s->s3->rbuf.offset = 0;
+
+ s->handshake_func = s->method->ssl_connect;
+ } else {
+ SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL);
+ goto err;
+ }
+ s->init_num = 0;
+
+ /*
+ * Since, if we are sending a ssl23 client hello, we are not reusing a
+ * session-id
+ */
+ if (!ssl_get_new_session(s, 0))
+ goto err;
+
+ return (SSL_connect(s));
+ err:
+ return (-1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s23_lib.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s23_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s23_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,195 +0,0 @@
-/* ssl/s23_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-long ssl23_default_timeout(void)
- {
- return(300);
- }
-
-IMPLEMENT_ssl23_meth_func(sslv23_base_method,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl_bad_method)
-
-int ssl23_num_ciphers(void)
- {
- return(ssl3_num_ciphers()
-#ifndef OPENSSL_NO_SSL2
- + ssl2_num_ciphers()
-#endif
- );
- }
-
-SSL_CIPHER *ssl23_get_cipher(unsigned int u)
- {
- unsigned int uu=ssl3_num_ciphers();
-
- if (u < uu)
- return(ssl3_get_cipher(u));
- else
-#ifndef OPENSSL_NO_SSL2
- return(ssl2_get_cipher(u-uu));
-#else
- return(NULL);
-#endif
- }
-
-/* This function needs to check if the ciphers required are actually
- * available */
-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
- {
- SSL_CIPHER *cp;
-
- cp=ssl3_get_cipher_by_char(p);
-#ifndef OPENSSL_NO_SSL2
- if (cp == NULL)
- cp=ssl2_get_cipher_by_char(p);
-#endif
- return(cp);
- }
-
-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
- {
- long l;
-
- /* We can write SSLv2 and SSLv3 ciphers */
- /* but no ECC ciphers */
- if (c->algorithms & (SSL_ECDH|SSL_aECDSA))
- return 0;
- if (p != NULL)
- {
- l=c->id;
- p[0]=((unsigned char)(l>>16L))&0xFF;
- p[1]=((unsigned char)(l>> 8L))&0xFF;
- p[2]=((unsigned char)(l ))&0xFF;
- }
- return(3);
- }
-
-int ssl23_read(SSL *s, void *buf, int len)
- {
- int n;
-
- clear_sys_error();
- if (SSL_in_init(s) && (!s->in_handshake))
- {
- n=s->handshake_func(s);
- if (n < 0) return(n);
- if (n == 0)
- {
- SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- return(SSL_read(s,buf,len));
- }
- else
- {
- ssl_undefined_function(s);
- return(-1);
- }
- }
-
-int ssl23_peek(SSL *s, void *buf, int len)
- {
- int n;
-
- clear_sys_error();
- if (SSL_in_init(s) && (!s->in_handshake))
- {
- n=s->handshake_func(s);
- if (n < 0) return(n);
- if (n == 0)
- {
- SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- return(SSL_peek(s,buf,len));
- }
- else
- {
- ssl_undefined_function(s);
- return(-1);
- }
- }
-
-int ssl23_write(SSL *s, const void *buf, int len)
- {
- int n;
-
- clear_sys_error();
- if (SSL_in_init(s) && (!s->in_handshake))
- {
- n=s->handshake_func(s);
- if (n < 0) return(n);
- if (n == 0)
- {
- SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- return(SSL_write(s,buf,len));
- }
- else
- {
- ssl_undefined_function(s);
- return(-1);
- }
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s23_lib.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s23_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s23_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s23_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,186 @@
+/* ssl/s23_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+long ssl23_default_timeout(void)
+{
+ return (300);
+}
+
+IMPLEMENT_ssl23_meth_func(sslv23_base_method,
+ ssl_undefined_function,
+ ssl_undefined_function, ssl_bad_method)
+
+int ssl23_num_ciphers(void)
+{
+ return (ssl3_num_ciphers()
+#ifndef OPENSSL_NO_SSL2
+ + ssl2_num_ciphers()
+#endif
+ );
+}
+
+SSL_CIPHER *ssl23_get_cipher(unsigned int u)
+{
+ unsigned int uu = ssl3_num_ciphers();
+
+ if (u < uu)
+ return (ssl3_get_cipher(u));
+ else
+#ifndef OPENSSL_NO_SSL2
+ return (ssl2_get_cipher(u - uu));
+#else
+ return (NULL);
+#endif
+}
+
+/*
+ * This function needs to check if the ciphers required are actually
+ * available
+ */
+SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
+{
+ SSL_CIPHER *cp;
+
+ cp = ssl3_get_cipher_by_char(p);
+#ifndef OPENSSL_NO_SSL2
+ if (cp == NULL)
+ cp = ssl2_get_cipher_by_char(p);
+#endif
+ return (cp);
+}
+
+int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+{
+ long l;
+
+ /* We can write SSLv2 and SSLv3 ciphers */
+ /* but no ECC ciphers */
+ if (c->algorithms & (SSL_ECDH | SSL_aECDSA))
+ return 0;
+ if (p != NULL) {
+ l = c->id;
+ p[0] = ((unsigned char)(l >> 16L)) & 0xFF;
+ p[1] = ((unsigned char)(l >> 8L)) & 0xFF;
+ p[2] = ((unsigned char)(l)) & 0xFF;
+ }
+ return (3);
+}
+
+int ssl23_read(SSL *s, void *buf, int len)
+{
+ int n;
+
+ clear_sys_error();
+ if (SSL_in_init(s) && (!s->in_handshake)) {
+ n = s->handshake_func(s);
+ if (n < 0)
+ return (n);
+ if (n == 0) {
+ SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
+ return (-1);
+ }
+ return (SSL_read(s, buf, len));
+ } else {
+ ssl_undefined_function(s);
+ return (-1);
+ }
+}
+
+int ssl23_peek(SSL *s, void *buf, int len)
+{
+ int n;
+
+ clear_sys_error();
+ if (SSL_in_init(s) && (!s->in_handshake)) {
+ n = s->handshake_func(s);
+ if (n < 0)
+ return (n);
+ if (n == 0) {
+ SSLerr(SSL_F_SSL23_PEEK, SSL_R_SSL_HANDSHAKE_FAILURE);
+ return (-1);
+ }
+ return (SSL_peek(s, buf, len));
+ } else {
+ ssl_undefined_function(s);
+ return (-1);
+ }
+}
+
+int ssl23_write(SSL *s, const void *buf, int len)
+{
+ int n;
+
+ clear_sys_error();
+ if (SSL_in_init(s) && (!s->in_handshake)) {
+ n = s->handshake_func(s);
+ if (n < 0)
+ return (n);
+ if (n == 0) {
+ SSLerr(SSL_F_SSL23_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE);
+ return (-1);
+ }
+ return (SSL_write(s, buf, len));
+ } else {
+ ssl_undefined_function(s);
+ return (-1);
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s23_meth.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s23_meth.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s23_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,88 +0,0 @@
-/* ssl/s23_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *ssl23_get_method(int ver);
-static SSL_METHOD *ssl23_get_method(int ver)
- {
-#ifndef OPENSSL_NO_SSL2
- if (ver == SSL2_VERSION)
- return(SSLv2_method());
- else
-#endif
-#ifndef OPENSSL_NO_SSL3
- if (ver == SSL3_VERSION)
- return(SSLv3_method());
- else
-#endif
-#ifndef OPENSSL_NO_TLS1
- if (ver == TLS1_VERSION)
- return(TLSv1_method());
- else
-#endif
- return(NULL);
- }
-
-IMPLEMENT_ssl23_meth_func(SSLv23_method,
- ssl23_accept,
- ssl23_connect,
- ssl23_get_method)
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s23_meth.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s23_meth.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s23_meth.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s23_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,85 @@
+/* ssl/s23_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+static SSL_METHOD *ssl23_get_method(int ver);
+static SSL_METHOD *ssl23_get_method(int ver)
+{
+#ifndef OPENSSL_NO_SSL2
+ if (ver == SSL2_VERSION)
+ return (SSLv2_method());
+ else
+#endif
+#ifndef OPENSSL_NO_SSL3
+ if (ver == SSL3_VERSION)
+ return (SSLv3_method());
+ else
+#endif
+#ifndef OPENSSL_NO_TLS1
+ if (ver == TLS1_VERSION)
+ return (TLSv1_method());
+ else
+#endif
+ return (NULL);
+}
+
+IMPLEMENT_ssl23_meth_func(SSLv23_method,
+ ssl23_accept, ssl23_connect, ssl23_get_method)
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s23_pkt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s23_pkt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s23_pkt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,117 +0,0 @@
-/* ssl/s23_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-
-int ssl23_write_bytes(SSL *s)
- {
- int i,num,tot;
- char *buf;
-
- buf=s->init_buf->data;
- tot=s->init_off;
- num=s->init_num;
- for (;;)
- {
- s->rwstate=SSL_WRITING;
- i=BIO_write(s->wbio,&(buf[tot]),num);
- if (i <= 0)
- {
- s->init_off=tot;
- s->init_num=num;
- return(i);
- }
- s->rwstate=SSL_NOTHING;
- if (i == num) return(tot+i);
-
- num-=i;
- tot+=i;
- }
- }
-
-/* return regularly only when we have read (at least) 'n' bytes */
-int ssl23_read_bytes(SSL *s, int n)
- {
- unsigned char *p;
- int j;
-
- if (s->packet_length < (unsigned int)n)
- {
- p=s->packet;
-
- for (;;)
- {
- s->rwstate=SSL_READING;
- j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),
- n-s->packet_length);
- if (j <= 0)
- return(j);
- s->rwstate=SSL_NOTHING;
- s->packet_length+=j;
- if (s->packet_length >= (unsigned int)n)
- return(s->packet_length);
- }
- }
- return(n);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s23_pkt.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s23_pkt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s23_pkt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s23_pkt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,113 @@
+/* ssl/s23_pkt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+
+int ssl23_write_bytes(SSL *s)
+{
+ int i, num, tot;
+ char *buf;
+
+ buf = s->init_buf->data;
+ tot = s->init_off;
+ num = s->init_num;
+ for (;;) {
+ s->rwstate = SSL_WRITING;
+ i = BIO_write(s->wbio, &(buf[tot]), num);
+ if (i <= 0) {
+ s->init_off = tot;
+ s->init_num = num;
+ return (i);
+ }
+ s->rwstate = SSL_NOTHING;
+ if (i == num)
+ return (tot + i);
+
+ num -= i;
+ tot += i;
+ }
+}
+
+/* return regularly only when we have read (at least) 'n' bytes */
+int ssl23_read_bytes(SSL *s, int n)
+{
+ unsigned char *p;
+ int j;
+
+ if (s->packet_length < (unsigned int)n) {
+ p = s->packet;
+
+ for (;;) {
+ s->rwstate = SSL_READING;
+ j = BIO_read(s->rbio, (char *)&(p[s->packet_length]),
+ n - s->packet_length);
+ if (j <= 0)
+ return (j);
+ s->rwstate = SSL_NOTHING;
+ s->packet_length += j;
+ if (s->packet_length >= (unsigned int)n)
+ return (s->packet_length);
+ }
+ }
+ return (n);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s23_srvr.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s23_srvr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s23_srvr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,610 +0,0 @@
-/* ssl/s23_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *ssl23_get_server_method(int ver);
-int ssl23_get_client_hello(SSL *s);
-static SSL_METHOD *ssl23_get_server_method(int ver)
- {
-#ifndef OPENSSL_NO_SSL2
- if (ver == SSL2_VERSION)
- return(SSLv2_server_method());
-#endif
-#ifndef OPENSSL_NO_SSL3
- if (ver == SSL3_VERSION)
- return(SSLv3_server_method());
-#endif
- if (ver == TLS1_VERSION)
- return(TLSv1_server_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
- ssl23_accept,
- ssl_undefined_function,
- ssl23_get_server_method)
-
-int ssl23_accept(SSL *s)
- {
- BUF_MEM *buf;
- unsigned long Time=(unsigned long)time(NULL);
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int ret= -1;
- int new_state,state;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch(s->state)
- {
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE|SSL_ST_ACCEPT:
- case SSL_ST_OK|SSL_ST_ACCEPT:
-
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- /* s->version=SSL3_VERSION; */
- s->type=SSL_ST_ACCEPT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- }
-
- ssl3_init_finished_mac(s);
-
- s->state=SSL23_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
- s->init_num=0;
- break;
-
- case SSL23_ST_SR_CLNT_HELLO_A:
- case SSL23_ST_SR_CLNT_HELLO_B:
-
- s->shutdown=0;
- ret=ssl23_get_client_hello(s);
- if (ret >= 0) cb=NULL;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
- }
-end:
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
-
-
-int ssl23_get_client_hello(SSL *s)
- {
- char buf_space[11]; /* Request this many bytes in initial read.
- * We can detect SSL 3.0/TLS 1.0 Client Hellos
- * ('type == 3') correctly only when the following
- * is in a single record, which is not guaranteed by
- * the protocol specification:
- * Byte Content
- * 0 type \
- * 1/2 version > record header
- * 3/4 length /
- * 5 msg_type \
- * 6-8 length > Client Hello message
- * 9/10 client_version /
- */
- char *buf= &(buf_space[0]);
- unsigned char *p,*d,*d_len,*dd;
- unsigned int i;
- unsigned int csl,sil,cl;
- int n=0,j;
- int type=0;
- int v[2];
-
- if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
- {
- /* read the initial header */
- v[0]=v[1]=0;
-
- if (!ssl3_setup_buffers(s)) goto err;
-
- n=ssl23_read_bytes(s, sizeof buf_space);
- if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
-
- p=s->packet;
-
- memcpy(buf,p,n);
-
- if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
- {
- /*
- * SSLv2 header
- */
- if ((p[3] == 0x00) && (p[4] == 0x02))
- {
- v[0]=p[3]; v[1]=p[4];
- /* SSLv2 */
- if (!(s->options & SSL_OP_NO_SSLv2))
- type=1;
- }
- else if (p[3] == SSL3_VERSION_MAJOR)
- {
- v[0]=p[3]; v[1]=p[4];
- /* SSLv3/TLSv1 */
- if (p[4] >= TLS1_VERSION_MINOR)
- {
- if (!(s->options & SSL_OP_NO_TLSv1))
- {
- s->version=TLS1_VERSION;
- /* type=2; */ /* done later to survive restarts */
- s->state=SSL23_ST_SR_CLNT_HELLO_B;
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- /* type=2; */
- s->state=SSL23_ST_SR_CLNT_HELLO_B;
- }
- else if (!(s->options & SSL_OP_NO_SSLv2))
- {
- type=1;
- }
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- /* type=2; */
- s->state=SSL23_ST_SR_CLNT_HELLO_B;
- }
- else if (!(s->options & SSL_OP_NO_SSLv2))
- type=1;
-
- }
- }
- else if ((p[0] == SSL3_RT_HANDSHAKE) &&
- (p[1] == SSL3_VERSION_MAJOR) &&
- (p[5] == SSL3_MT_CLIENT_HELLO) &&
- ((p[3] == 0 && p[4] < 5 /* silly record length? */)
- || (p[9] >= p[1])))
- {
- /*
- * SSLv3 or tls1 header
- */
-
- v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
- /* We must look at client_version inside the Client Hello message
- * to get the correct minor version.
- * However if we have only a pathologically small fragment of the
- * Client Hello message, this would be difficult, and we'd have
- * to read more records to find out.
- * No known SSL 3.0 client fragments ClientHello like this,
- * so we simply reject such connections to avoid
- * protocol version downgrade attacks. */
- if (p[3] == 0 && p[4] < 6)
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
- goto err;
- }
- /* if major version number > 3 set minor to a value
- * which will use the highest version 3 we support.
- * If TLS 2.0 ever appears we will need to revise
- * this....
- */
- if (p[9] > SSL3_VERSION_MAJOR)
- v[1]=0xff;
- else
- v[1]=p[10]; /* minor version according to client_version */
- if (v[1] >= TLS1_VERSION_MINOR)
- {
- if (!(s->options & SSL_OP_NO_TLSv1))
- {
- s->version=TLS1_VERSION;
- type=3;
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- type=3;
- }
- }
- else
- {
- /* client requests SSL 3.0 */
- if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- type=3;
- }
- else if (!(s->options & SSL_OP_NO_TLSv1))
- {
- /* we won't be able to use TLS of course,
- * but this will send an appropriate alert */
- s->version=TLS1_VERSION;
- type=3;
- }
- }
- }
- else if ((strncmp("GET ", (char *)p,4) == 0) ||
- (strncmp("POST ",(char *)p,5) == 0) ||
- (strncmp("HEAD ",(char *)p,5) == 0) ||
- (strncmp("PUT ", (char *)p,4) == 0))
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
- goto err;
- }
- else if (strncmp("CONNECT",(char *)p,7) == 0)
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
- goto err;
- }
- }
-
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && (s->version < TLS1_VERSION))
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
- SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
- goto err;
- }
-#endif
-
- /* ensure that TLS_MAX_VERSION is up-to-date */
- OPENSSL_assert(s->version <= TLS_MAX_VERSION);
-
- if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
- {
- /* we have SSLv3/TLSv1 in an SSLv2 header
- * (other cases skip this state) */
-
- type=2;
- p=s->packet;
- v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
- v[1] = p[4];
-
- /* An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
- * header is sent directly on the wire, not wrapped as a TLS
- * record. It's format is:
- * Byte Content
- * 0-1 msg_length
- * 2 msg_type
- * 3-4 version
- * 5-6 cipher_spec_length
- * 7-8 session_id_length
- * 9-10 challenge_length
- * ... ...
- */
- n=((p[0]&0x7f)<<8)|p[1];
- if (n > (1024*4))
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
- goto err;
- }
- if (n < 9)
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
- goto err;
- }
-
- j=ssl23_read_bytes(s,n+2);
- /* We previously read 11 bytes, so if j > 0, we must have
- * j == n+2 == s->packet_length. We have at least 11 valid
- * packet bytes. */
- if (j <= 0) return(j);
-
- ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
- if (s->msg_callback)
- s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
-
- p=s->packet;
- p+=5;
- n2s(p,csl);
- n2s(p,sil);
- n2s(p,cl);
- d=(unsigned char *)s->init_buf->data;
- if ((csl+sil+cl+11) != s->packet_length)
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
- goto err;
- }
-
- /* record header: msg_type ... */
- *(d++) = SSL3_MT_CLIENT_HELLO;
- /* ... and length (actual value will be written later) */
- d_len = d;
- d += 3;
-
- /* client_version */
- *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
- *(d++) = v[1];
-
- /* lets populate the random area */
- /* get the challenge_length */
- i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
- memset(d,0,SSL3_RANDOM_SIZE);
- memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
- d+=SSL3_RANDOM_SIZE;
-
- /* no session-id reuse */
- *(d++)=0;
-
- /* ciphers */
- j=0;
- dd=d;
- d+=2;
- for (i=0; i<csl; i+=3)
- {
- if (p[i] != 0) continue;
- *(d++)=p[i+1];
- *(d++)=p[i+2];
- j+=2;
- }
- s2n(j,dd);
-
- /* COMPRESSION */
- *(d++)=1;
- *(d++)=0;
-
- i = (d-(unsigned char *)s->init_buf->data) - 4;
- l2n3((long)i, d_len);
-
- /* get the data reused from the init_buf */
- s->s3->tmp.reuse_message=1;
- s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
- s->s3->tmp.message_size=i;
- }
-
- /* imaginary new state (for program structure): */
- /* s->state = SSL23_SR_CLNT_HELLO_C */
-
- if (type == 1)
- {
-#ifdef OPENSSL_NO_SSL2
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
-#else
- /* we are talking sslv2 */
- /* we need to clean up the SSLv3/TLSv1 setup and put in the
- * sslv2 stuff. */
-
- if (s->s2 == NULL)
- {
- if (!ssl2_new(s))
- goto err;
- }
- else
- ssl2_clear(s);
-
- if (s->s3 != NULL) ssl3_free(s);
-
- if (!BUF_MEM_grow_clean(s->init_buf,
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- {
- goto err;
- }
-
- s->state=SSL2_ST_GET_CLIENT_HELLO_A;
- if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
- s->s2->ssl2_rollback=0;
- else
- /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
- * (SSL 3.0 draft/RFC 2246, App. E.2) */
- s->s2->ssl2_rollback=1;
-
- /* setup the n bytes we have read so we get them from
- * the sslv2 buffer */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- s->packet= &(s->s2->rbuf[0]);
- memcpy(s->packet,buf,n);
- s->s2->rbuf_left=n;
- s->s2->rbuf_offs=0;
-
- s->method=SSLv2_server_method();
- s->handshake_func=s->method->ssl_accept;
-#endif
- }
-
- if ((type == 2) || (type == 3))
- {
- /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
- s->method = ssl23_get_server_method(s->version);
- if (s->method == NULL)
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
- }
-
- if (!ssl_init_wbio_buffer(s,1)) goto err;
-
- /* we are in this state */
- s->state=SSL3_ST_SR_CLNT_HELLO_A;
-
- if (type == 3)
- {
- /* put the 'n' bytes we have read into the input buffer
- * for SSLv3 */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- s->packet= &(s->s3->rbuf.buf[0]);
- memcpy(s->packet,buf,n);
- s->s3->rbuf.left=n;
- s->s3->rbuf.offset=0;
- }
- else
- {
- s->packet_length=0;
- s->s3->rbuf.left=0;
- s->s3->rbuf.offset=0;
- }
-#if 0 /* ssl3_get_client_hello does this */
- s->client_version=(v[0]<<8)|v[1];
-#endif
- s->handshake_func=s->method->ssl_accept;
- }
-
- if ((type < 1) || (type > 3))
- {
- /* bad, very bad */
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
- goto err;
- }
- s->init_num=0;
-
- if (buf != buf_space) OPENSSL_free(buf);
- return(SSL_accept(s));
-err:
- if (buf != buf_space) OPENSSL_free(buf);
- return(-1);
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s23_srvr.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s23_srvr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s23_srvr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s23_srvr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,598 @@
+/* ssl/s23_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+
+static SSL_METHOD *ssl23_get_server_method(int ver);
+int ssl23_get_client_hello(SSL *s);
+static SSL_METHOD *ssl23_get_server_method(int ver)
+{
+#ifndef OPENSSL_NO_SSL2
+ if (ver == SSL2_VERSION)
+ return (SSLv2_server_method());
+#endif
+#ifndef OPENSSL_NO_SSL3
+ if (ver == SSL3_VERSION)
+ return (SSLv3_server_method());
+#endif
+ if (ver == TLS1_VERSION)
+ return (TLSv1_server_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
+ ssl23_accept,
+ ssl_undefined_function, ssl23_get_server_method)
+
+int ssl23_accept(SSL *s)
+{
+ BUF_MEM *buf;
+ unsigned long Time = (unsigned long)time(NULL);
+ void (*cb) (const SSL *ssl, int type, int val) = NULL;
+ int ret = -1;
+ int new_state, state;
+
+ RAND_add(&Time, sizeof(Time), 0);
+ ERR_clear_error();
+ clear_sys_error();
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s))
+ SSL_clear(s);
+
+ for (;;) {
+ state = s->state;
+
+ switch (s->state) {
+ case SSL_ST_BEFORE:
+ case SSL_ST_ACCEPT:
+ case SSL_ST_BEFORE | SSL_ST_ACCEPT:
+ case SSL_ST_OK | SSL_ST_ACCEPT:
+
+ s->server = 1;
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+ /* s->version=SSL3_VERSION; */
+ s->type = SSL_ST_ACCEPT;
+
+ if (s->init_buf == NULL) {
+ if ((buf = BUF_MEM_new()) == NULL) {
+ ret = -1;
+ goto end;
+ }
+ if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+ ret = -1;
+ goto end;
+ }
+ s->init_buf = buf;
+ }
+
+ ssl3_init_finished_mac(s);
+
+ s->state = SSL23_ST_SR_CLNT_HELLO_A;
+ s->ctx->stats.sess_accept++;
+ s->init_num = 0;
+ break;
+
+ case SSL23_ST_SR_CLNT_HELLO_A:
+ case SSL23_ST_SR_CLNT_HELLO_B:
+
+ s->shutdown = 0;
+ ret = ssl23_get_client_hello(s);
+ if (ret >= 0)
+ cb = NULL;
+ goto end;
+ /* break; */
+
+ default:
+ SSLerr(SSL_F_SSL23_ACCEPT, SSL_R_UNKNOWN_STATE);
+ ret = -1;
+ goto end;
+ /* break; */
+ }
+
+ if ((cb != NULL) && (s->state != state)) {
+ new_state = s->state;
+ s->state = state;
+ cb(s, SSL_CB_ACCEPT_LOOP, 1);
+ s->state = new_state;
+ }
+ }
+ end:
+ s->in_handshake--;
+ if (cb != NULL)
+ cb(s, SSL_CB_ACCEPT_EXIT, ret);
+ return (ret);
+}
+
+int ssl23_get_client_hello(SSL *s)
+{
+ /*-
+ * Request this many bytes in initial read.
+ * We can detect SSL 3.0/TLS 1.0 Client Hellos
+ * ('type == 3') correctly only when the following
+ * is in a single record, which is not guaranteed by
+ * the protocol specification:
+ * Byte Content
+ * 0 type \
+ * 1/2 version > record header
+ * 3/4 length /
+ * 5 msg_type \
+ * 6-8 length > Client Hello message
+ * 9/10 client_version /
+ */
+ char buf_space[11];
+ char *buf = &(buf_space[0]);
+ unsigned char *p, *d, *d_len, *dd;
+ unsigned int i;
+ unsigned int csl, sil, cl;
+ int n = 0, j;
+ int type = 0;
+ int v[2];
+
+ if (s->state == SSL23_ST_SR_CLNT_HELLO_A) {
+ /* read the initial header */
+ v[0] = v[1] = 0;
+
+ if (!ssl3_setup_buffers(s))
+ goto err;
+
+ n = ssl23_read_bytes(s, sizeof buf_space);
+ if (n != sizeof buf_space)
+ return (n); /* n == -1 || n == 0 */
+
+ p = s->packet;
+
+ memcpy(buf, p, n);
+
+ if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) {
+ /*
+ * SSLv2 header
+ */
+ if ((p[3] == 0x00) && (p[4] == 0x02)) {
+ v[0] = p[3];
+ v[1] = p[4];
+ /* SSLv2 */
+ if (!(s->options & SSL_OP_NO_SSLv2))
+ type = 1;
+ } else if (p[3] == SSL3_VERSION_MAJOR) {
+ v[0] = p[3];
+ v[1] = p[4];
+ /* SSLv3/TLSv1 */
+ if (p[4] >= TLS1_VERSION_MINOR) {
+ if (!(s->options & SSL_OP_NO_TLSv1)) {
+ s->version = TLS1_VERSION;
+ /*
+ * type=2;
+ *//*
+ * done later to survive restarts
+ */
+ s->state = SSL23_ST_SR_CLNT_HELLO_B;
+ } else if (!(s->options & SSL_OP_NO_SSLv3)) {
+ s->version = SSL3_VERSION;
+ /* type=2; */
+ s->state = SSL23_ST_SR_CLNT_HELLO_B;
+ } else if (!(s->options & SSL_OP_NO_SSLv2)) {
+ type = 1;
+ }
+ } else if (!(s->options & SSL_OP_NO_SSLv3)) {
+ s->version = SSL3_VERSION;
+ /* type=2; */
+ s->state = SSL23_ST_SR_CLNT_HELLO_B;
+ } else if (!(s->options & SSL_OP_NO_SSLv2))
+ type = 1;
+
+ }
+ }
+ /* p[4] < 5 ... silly record length? */
+ else if ((p[0] == SSL3_RT_HANDSHAKE) &&
+ (p[1] == SSL3_VERSION_MAJOR) &&
+ (p[5] == SSL3_MT_CLIENT_HELLO) && ((p[3] == 0 && p[4] < 5)
+ || (p[9] >= p[1]))) {
+ /*
+ * SSLv3 or tls1 header
+ */
+
+ v[0] = p[1]; /* major version (= SSL3_VERSION_MAJOR) */
+ /*
+ * We must look at client_version inside the Client Hello message
+ * to get the correct minor version. However if we have only a
+ * pathologically small fragment of the Client Hello message, this
+ * would be difficult, and we'd have to read more records to find
+ * out. No known SSL 3.0 client fragments ClientHello like this,
+ * so we simply reject such connections to avoid protocol version
+ * downgrade attacks.
+ */
+ if (p[3] == 0 && p[4] < 6) {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_SMALL);
+ goto err;
+ }
+ /*
+ * if major version number > 3 set minor to a value which will
+ * use the highest version 3 we support. If TLS 2.0 ever appears
+ * we will need to revise this....
+ */
+ if (p[9] > SSL3_VERSION_MAJOR)
+ v[1] = 0xff;
+ else
+ v[1] = p[10]; /* minor version according to client_version */
+ if (v[1] >= TLS1_VERSION_MINOR) {
+ if (!(s->options & SSL_OP_NO_TLSv1)) {
+ s->version = TLS1_VERSION;
+ type = 3;
+ } else if (!(s->options & SSL_OP_NO_SSLv3)) {
+ s->version = SSL3_VERSION;
+ type = 3;
+ }
+ } else {
+ /* client requests SSL 3.0 */
+ if (!(s->options & SSL_OP_NO_SSLv3)) {
+ s->version = SSL3_VERSION;
+ type = 3;
+ } else if (!(s->options & SSL_OP_NO_TLSv1)) {
+ /*
+ * we won't be able to use TLS of course, but this will
+ * send an appropriate alert
+ */
+ s->version = TLS1_VERSION;
+ type = 3;
+ }
+ }
+ } else if ((strncmp("GET ", (char *)p, 4) == 0) ||
+ (strncmp("POST ", (char *)p, 5) == 0) ||
+ (strncmp("HEAD ", (char *)p, 5) == 0) ||
+ (strncmp("PUT ", (char *)p, 4) == 0)) {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST);
+ goto err;
+ } else if (strncmp("CONNECT", (char *)p, 7) == 0) {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST);
+ goto err;
+ }
+ }
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && (s->version < TLS1_VERSION)) {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+ SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+ goto err;
+ }
+#endif
+
+ /* ensure that TLS_MAX_VERSION is up-to-date */
+ OPENSSL_assert(s->version <= TLS_MAX_VERSION);
+
+ if (s->state == SSL23_ST_SR_CLNT_HELLO_B) {
+ /*
+ * we have SSLv3/TLSv1 in an SSLv2 header (other cases skip this
+ * state)
+ */
+
+ type = 2;
+ p = s->packet;
+ v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
+ v[1] = p[4];
+
+ /*-
+ * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
+ * header is sent directly on the wire, not wrapped as a TLS
+ * record. It's format is:
+ * Byte Content
+ * 0-1 msg_length
+ * 2 msg_type
+ * 3-4 version
+ * 5-6 cipher_spec_length
+ * 7-8 session_id_length
+ * 9-10 challenge_length
+ * ... ...
+ */
+ n = ((p[0] & 0x7f) << 8) | p[1];
+ if (n > (1024 * 4)) {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE);
+ goto err;
+ }
+ if (n < 9) {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+ SSL_R_RECORD_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ j = ssl23_read_bytes(s, n + 2);
+ /*
+ * We previously read 11 bytes, so if j > 0, we must have j == n+2 ==
+ * s->packet_length. We have at least 11 valid packet bytes.
+ */
+ if (j <= 0)
+ return (j);
+
+ ssl3_finish_mac(s, s->packet + 2, s->packet_length - 2);
+
+ /* CLIENT-HELLO */
+ if (s->msg_callback)
+ s->msg_callback(0, SSL2_VERSION, 0, s->packet + 2,
+ s->packet_length - 2, s, s->msg_callback_arg);
+
+ p = s->packet;
+ p += 5;
+ n2s(p, csl);
+ n2s(p, sil);
+ n2s(p, cl);
+ d = (unsigned char *)s->init_buf->data;
+ if ((csl + sil + cl + 11) != s->packet_length) {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+ SSL_R_RECORD_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ /* record header: msg_type ... */
+ *(d++) = SSL3_MT_CLIENT_HELLO;
+ /* ... and length (actual value will be written later) */
+ d_len = d;
+ d += 3;
+
+ /* client_version */
+ *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
+ *(d++) = v[1];
+
+ /* lets populate the random area */
+ /* get the challenge_length */
+ i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl;
+ memset(d, 0, SSL3_RANDOM_SIZE);
+ memcpy(&(d[SSL3_RANDOM_SIZE - i]), &(p[csl + sil]), i);
+ d += SSL3_RANDOM_SIZE;
+
+ /* no session-id reuse */
+ *(d++) = 0;
+
+ /* ciphers */
+ j = 0;
+ dd = d;
+ d += 2;
+ for (i = 0; i < csl; i += 3) {
+ if (p[i] != 0)
+ continue;
+ *(d++) = p[i + 1];
+ *(d++) = p[i + 2];
+ j += 2;
+ }
+ s2n(j, dd);
+
+ /* COMPRESSION */
+ *(d++) = 1;
+ *(d++) = 0;
+
+ i = (d - (unsigned char *)s->init_buf->data) - 4;
+ l2n3((long)i, d_len);
+
+ /* get the data reused from the init_buf */
+ s->s3->tmp.reuse_message = 1;
+ s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO;
+ s->s3->tmp.message_size = i;
+ }
+
+ /* imaginary new state (for program structure): */
+ /* s->state = SSL23_SR_CLNT_HELLO_C */
+
+ if (type == 1) {
+#ifdef OPENSSL_NO_SSL2
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
+ goto err;
+#else
+ /* we are talking sslv2 */
+ /*
+ * we need to clean up the SSLv3/TLSv1 setup and put in the sslv2
+ * stuff.
+ */
+
+ if (s->s2 == NULL) {
+ if (!ssl2_new(s))
+ goto err;
+ } else
+ ssl2_clear(s);
+
+ if (s->s3 != NULL)
+ ssl3_free(s);
+
+ if (!BUF_MEM_grow_clean(s->init_buf,
+ SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
+ goto err;
+ }
+
+ s->state = SSL2_ST_GET_CLIENT_HELLO_A;
+ if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
+ s->s2->ssl2_rollback = 0;
+ else
+ /*
+ * reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
+ * (SSL 3.0 draft/RFC 2246, App. E.2)
+ */
+ s->s2->ssl2_rollback = 1;
+
+ /*
+ * setup the n bytes we have read so we get them from the sslv2
+ * buffer
+ */
+ s->rstate = SSL_ST_READ_HEADER;
+ s->packet_length = n;
+ s->packet = &(s->s2->rbuf[0]);
+ memcpy(s->packet, buf, n);
+ s->s2->rbuf_left = n;
+ s->s2->rbuf_offs = 0;
+
+ s->method = SSLv2_server_method();
+ s->handshake_func = s->method->ssl_accept;
+#endif
+ }
+
+ if ((type == 2) || (type == 3)) {
+ /*
+ * we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style)
+ */
+ SSL_METHOD *new_method;
+ new_method = ssl23_get_server_method(s->version);
+ if (new_method == NULL) {
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL);
+ goto err;
+ }
+ s->method = new_method;
+
+ if (!ssl_init_wbio_buffer(s, 1))
+ goto err;
+
+ /* we are in this state */
+ s->state = SSL3_ST_SR_CLNT_HELLO_A;
+
+ if (type == 3) {
+ /*
+ * put the 'n' bytes we have read into the input buffer for SSLv3
+ */
+ s->rstate = SSL_ST_READ_HEADER;
+ s->packet_length = n;
+ s->packet = &(s->s3->rbuf.buf[0]);
+ memcpy(s->packet, buf, n);
+ s->s3->rbuf.left = n;
+ s->s3->rbuf.offset = 0;
+ } else {
+ s->packet_length = 0;
+ s->s3->rbuf.left = 0;
+ s->s3->rbuf.offset = 0;
+ }
+#if 0 /* ssl3_get_client_hello does this */
+ s->client_version = (v[0] << 8) | v[1];
+#endif
+ s->handshake_func = s->method->ssl_accept;
+ }
+
+ if ((type < 1) || (type > 3)) {
+ /* bad, very bad */
+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
+ goto err;
+ }
+ s->init_num = 0;
+
+ if (buf != buf_space)
+ OPENSSL_free(buf);
+ return (SSL_accept(s));
+ err:
+ if (buf != buf_space)
+ OPENSSL_free(buf);
+ return (-1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s2_clnt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s2_clnt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s2_clnt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1123 +0,0 @@
-/* ssl/s2_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <openssl/rand.h>
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *ssl2_get_client_method(int ver);
-static int get_server_finished(SSL *s);
-static int get_server_verify(SSL *s);
-static int get_server_hello(SSL *s);
-static int client_hello(SSL *s);
-static int client_master_key(SSL *s);
-static int client_finished(SSL *s);
-static int client_certificate(SSL *s);
-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
- unsigned char *to,int padding);
-#define BREAK break
-
-static SSL_METHOD *ssl2_get_client_method(int ver)
- {
- if (ver == SSL2_VERSION)
- return(SSLv2_client_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
- ssl_undefined_function,
- ssl2_connect,
- ssl2_get_client_method)
-
-int ssl2_connect(SSL *s)
- {
- unsigned long l=(unsigned long)time(NULL);
- BUF_MEM *buf=NULL;
- int ret= -1;
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int new_state,state;
-
- RAND_add(&l,sizeof(l),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- /* init things to blank */
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch (s->state)
- {
- case SSL_ST_BEFORE:
- case SSL_ST_CONNECT:
- case SSL_ST_BEFORE|SSL_ST_CONNECT:
- case SSL_ST_OK|SSL_ST_CONNECT:
-
- s->server=0;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- s->version=SSL2_VERSION;
- s->type=SSL_ST_CONNECT;
-
- buf=s->init_buf;
- if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- {
- if (buf == s->init_buf)
- buf=NULL;
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- buf=NULL;
- s->init_num=0;
- s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
- s->ctx->stats.sess_connect++;
- s->handshake_func=ssl2_connect;
- BREAK;
-
- case SSL2_ST_SEND_CLIENT_HELLO_A:
- case SSL2_ST_SEND_CLIENT_HELLO_B:
- s->shutdown=0;
- ret=client_hello(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_GET_SERVER_HELLO_A;
- BREAK;
-
- case SSL2_ST_GET_SERVER_HELLO_A:
- case SSL2_ST_GET_SERVER_HELLO_B:
- ret=get_server_hello(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- if (!s->hit) /* new session */
- {
- s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A;
- BREAK;
- }
- else
- {
- s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
- break;
- }
-
- case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
- case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
- ret=client_master_key(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
- break;
-
- case SSL2_ST_CLIENT_START_ENCRYPTION:
- /* Ok, we now have all the stuff needed to
- * start encrypting, so lets fire it up :-) */
- if (!ssl2_enc_init(s,1))
- {
- ret= -1;
- goto end;
- }
- s->s2->clear_text=0;
- s->state=SSL2_ST_SEND_CLIENT_FINISHED_A;
- break;
-
- case SSL2_ST_SEND_CLIENT_FINISHED_A:
- case SSL2_ST_SEND_CLIENT_FINISHED_B:
- ret=client_finished(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_GET_SERVER_VERIFY_A;
- break;
-
- case SSL2_ST_GET_SERVER_VERIFY_A:
- case SSL2_ST_GET_SERVER_VERIFY_B:
- ret=get_server_verify(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_GET_SERVER_FINISHED_A;
- break;
-
- case SSL2_ST_GET_SERVER_FINISHED_A:
- case SSL2_ST_GET_SERVER_FINISHED_B:
- ret=get_server_finished(s);
- if (ret <= 0) goto end;
- break;
-
- case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
- case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
- case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
- case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
- case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
- ret=client_certificate(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_GET_SERVER_FINISHED_A;
- break;
-
- case SSL_ST_OK:
- if (s->init_buf != NULL)
- {
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
- }
- s->init_num=0;
- /* ERR_clear_error();*/
-
- /* If we want to cache session-ids in the client
- * and we successfully add the session-id to the
- * cache, and there is a callback, then pass it out.
- * 26/11/96 - eay - only add if not a re-used session.
- */
-
- ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
- if (s->hit) s->ctx->stats.sess_hit++;
-
- ret=1;
- /* s->server=0; */
- s->ctx->stats.sess_connect_good++;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
- goto end;
- /* break; */
- default:
- SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
- return(-1);
- /* break; */
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_CONNECT_LOOP,1);
- s->state=new_state;
- }
- }
-end:
- s->in_handshake--;
- if (buf != NULL)
- BUF_MEM_free(buf);
- if (cb != NULL)
- cb(s,SSL_CB_CONNECT_EXIT,ret);
- return(ret);
- }
-
-static int get_server_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p;
- int i,j;
- unsigned long len;
- STACK_OF(SSL_CIPHER) *sk=NULL,*cl, *prio, *allow;
-
- buf=(unsigned char *)s->init_buf->data;
- p=buf;
- if (s->state == SSL2_ST_GET_SERVER_HELLO_A)
- {
- i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
- if (i < (11-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
- s->init_num = 11;
-
- if (*(p++) != SSL2_MT_SERVER_HELLO)
- {
- if (p[-1] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO,
- SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- SSLerr(SSL_F_GET_SERVER_HELLO,
- SSL_R_PEER_ERROR);
- return(-1);
- }
-#ifdef __APPLE_CC__
- /* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug
- * workaround. <appro at fy.chalmers.se> */
- s->hit=(i=*(p++))?1:0;
-#else
- s->hit=(*(p++))?1:0;
-#endif
- s->s2->tmp.cert_type= *(p++);
- n2s(p,i);
- if (i < s->version) s->version=i;
- n2s(p,i); s->s2->tmp.cert_length=i;
- n2s(p,i); s->s2->tmp.csl=i;
- n2s(p,i); s->s2->tmp.conn_id_length=i;
- s->state=SSL2_ST_GET_SERVER_HELLO_B;
- }
-
- /* SSL2_ST_GET_SERVER_HELLO_B */
- len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG);
- return -1;
- }
- j = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(buf[s->init_num]),j);
- if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, buf, (size_t)len, s, s->msg_callback_arg); /* SERVER-HELLO */
-
- /* things are looking good */
-
- p = buf + 11;
- if (s->hit)
- {
- if (s->s2->tmp.cert_length != 0)
- {
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);
- return(-1);
- }
- if (s->s2->tmp.cert_type != 0)
- {
- if (!(s->options &
- SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))
- {
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
- return(-1);
- }
- }
- if (s->s2->tmp.csl != 0)
- {
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);
- return(-1);
- }
- }
- else
- {
-#ifdef undef
- /* very bad */
- memset(s->session->session_id,0,
- SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
- s->session->session_id_length=0;
- */
-#endif
-
- /* we need to do this in case we were trying to reuse a
- * client session but others are already reusing it.
- * If this was a new 'blank' session ID, the session-id
- * length will still be 0 */
- if (s->session->session_id_length > 0)
- {
- if (!ssl_get_new_session(s,0))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
-
- if (ssl2_set_certificate(s,s->s2->tmp.cert_type,
- s->s2->tmp.cert_length,p) <= 0)
- {
- ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
- return(-1);
- }
- p+=s->s2->tmp.cert_length;
-
- if (s->s2->tmp.csl == 0)
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST);
- return(-1);
- }
-
- /* We have just received a list of ciphers back from the
- * server. We need to get the ones that match, then select
- * the one we want the most :-). */
-
- /* load the ciphers */
- sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl,
- &s->session->ciphers);
- p+=s->s2->tmp.csl;
- if (sk == NULL)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
- return(-1);
- }
-
- (void)sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
-
- /* get the array of ciphers we will accept */
- cl=SSL_get_ciphers(s);
- (void)sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp);
-
- /*
- * If server preference flag set, choose the first
- * (highest priority) cipher the server sends, otherwise
- * client preference has priority.
- */
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
- {
- prio = sk;
- allow = cl;
- }
- else
- {
- prio = cl;
- allow = sk;
- }
- /* In theory we could have ciphers sent back that we
- * don't want to use but that does not matter since we
- * will check against the list we originally sent and
- * for performance reasons we should not bother to match
- * the two lists up just to check. */
- for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
- {
- if (sk_SSL_CIPHER_find(allow,
- sk_SSL_CIPHER_value(prio,i)) >= 0)
- break;
- }
-
- if (i >= sk_SSL_CIPHER_num(prio))
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);
- return(-1);
- }
- s->session->cipher=sk_SSL_CIPHER_value(prio,i);
-
-
- if (s->session->peer != NULL) /* can't happen*/
- {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
- return(-1);
- }
-
- s->session->peer = s->session->sess_cert->peer_key->x509;
- /* peer_key->x509 has been set by ssl2_set_certificate. */
- CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
- }
-
- if (s->session->sess_cert == NULL
- || s->session->peer != s->session->sess_cert->peer_key->x509)
- /* can't happen */
- {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
- return(-1);
- }
-
- s->s2->conn_id_length=s->s2->tmp.conn_id_length;
- if (s->s2->conn_id_length > sizeof s->s2->conn_id)
- {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
- return -1;
- }
- memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
- return(1);
- }
-
-static int client_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
-/* CIPHER **cipher;*/
- int i,n,j;
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A)
- {
- if ((s->session == NULL) ||
- (s->session->ssl_version != s->version))
- {
- if (!ssl_get_new_session(s,0))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
- /* else use the pre-loaded session */
-
- p=buf; /* header */
- d=p+9; /* data section */
- *(p++)=SSL2_MT_CLIENT_HELLO; /* type */
- s2n(SSL2_VERSION,p); /* version */
- n=j=0;
-
- n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0);
- d+=n;
-
- if (n == 0)
- {
- SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- return(-1);
- }
-
- s2n(n,p); /* cipher spec num bytes */
-
- if ((s->session->session_id_length > 0) &&
- (s->session->session_id_length <=
- SSL2_MAX_SSL_SESSION_ID_LENGTH))
- {
- i=s->session->session_id_length;
- s2n(i,p); /* session id length */
- memcpy(d,s->session->session_id,(unsigned int)i);
- d+=i;
- }
- else
- {
- s2n(0,p);
- }
-
- s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
- s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */
- /*challenge id data*/
- if (RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0)
- return -1;
- memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
- d+=SSL2_CHALLENGE_LENGTH;
-
- s->state=SSL2_ST_SEND_CLIENT_HELLO_B;
- s->init_num=d-buf;
- s->init_off=0;
- }
- /* SSL2_ST_SEND_CLIENT_HELLO_B */
- return(ssl2_do_write(s));
- }
-
-static int client_master_key(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int clear,enc,karg,i;
- SSL_SESSION *sess;
- const EVP_CIPHER *c;
- const EVP_MD *md;
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
- {
-
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
- return(-1);
- }
- sess=s->session;
- p=buf;
- d=p+10;
- *(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */
-
- i=ssl_put_cipher_by_char(s,sess->cipher,p);
- p+=i;
-
- /* make key_arg data */
- i=EVP_CIPHER_iv_length(c);
- sess->key_arg_length=i;
- if (i > SSL_MAX_KEY_ARG_LENGTH)
- {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- if (i > 0)
- if (RAND_pseudo_bytes(sess->key_arg,i) <= 0)
- return -1;
-
- /* make a master key */
- i=EVP_CIPHER_key_length(c);
- sess->master_key_length=i;
- if (i > 0)
- {
- if (i > (int)sizeof(sess->master_key))
- {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- if (RAND_bytes(sess->master_key,i) <= 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
-
- if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
- enc=8;
- else if (SSL_C_IS_EXPORT(sess->cipher))
- enc=5;
- else
- enc=i;
-
- if ((int)i < enc)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR);
- return(-1);
- }
- clear=i-enc;
- s2n(clear,p);
- memcpy(d,sess->master_key,(unsigned int)clear);
- d+=clear;
-
- enc=ssl_rsa_public_encrypt(sess->sess_cert,enc,
- &(sess->master_key[clear]),d,
- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
- if (enc <= 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
- return(-1);
- }
-#ifdef PKCS1_CHECK
- if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++;
- if (s->options & SSL_OP_PKCS1_CHECK_2)
- sess->master_key[clear]++;
-#endif
- s2n(enc,p);
- d+=enc;
- karg=sess->key_arg_length;
- s2n(karg,p); /* key arg size */
- if (karg > (int)sizeof(sess->key_arg))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- memcpy(d,sess->key_arg,(unsigned int)karg);
- d+=karg;
-
- s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B;
- s->init_num=d-buf;
- s->init_off=0;
- }
-
- /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */
- return(ssl2_do_write(s));
- }
-
-static int client_finished(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_CLIENT_FINISHED;
- if (s->s2->conn_id_length > sizeof s->s2->conn_id)
- {
- SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
-
- s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
- s->init_num=s->s2->conn_id_length+1;
- s->init_off=0;
- }
- return(ssl2_do_write(s));
- }
-
-/* read the data and then respond */
-static int client_certificate(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i;
- unsigned int n;
- int cert_ch_len;
- unsigned char *cert_ch;
-
- buf=(unsigned char *)s->init_buf->data;
-
- /* We have a cert associated with the SSL, so attach it to
- * the session if it does not have one */
-
- if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
- {
- i=ssl2_read(s,(char *)&(buf[s->init_num]),
- SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
- if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
- return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
- s->init_num += i;
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* REQUEST-CERTIFICATE */
-
- /* type=buf[0]; */
- /* type eq x509 */
- if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
- {
- ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
- SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
- return(-1);
- }
-
- if ((s->cert == NULL) ||
- (s->cert->key->x509 == NULL) ||
- (s->cert->key->privatekey == NULL))
- {
- s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE;
- }
- else
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
- }
-
- cert_ch = buf + 2;
- cert_ch_len = s->init_num - 2;
-
- if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
- {
- X509 *x509=NULL;
- EVP_PKEY *pkey=NULL;
-
- /* If we get an error we need to
- * ssl->rwstate=SSL_X509_LOOKUP;
- * return(error);
- * We should then be retried when things are ok and we
- * can get a cert or not */
-
- i=0;
- if (s->ctx->client_cert_cb != NULL)
- {
- i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
- }
-
- if (i < 0)
- {
- s->rwstate=SSL_X509_LOOKUP;
- return(-1);
- }
- s->rwstate=SSL_NOTHING;
-
- if ((i == 1) && (pkey != NULL) && (x509 != NULL))
- {
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
- if ( !SSL_use_certificate(s,x509) ||
- !SSL_use_PrivateKey(s,pkey))
- {
- i=0;
- }
- X509_free(x509);
- EVP_PKEY_free(pkey);
- }
- else if (i == 1)
- {
- if (x509 != NULL) X509_free(x509);
- if (pkey != NULL) EVP_PKEY_free(pkey);
- SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
- i=0;
- }
-
- if (i == 0)
- {
- /* We have no client certificate to respond with
- * so send the correct error message back */
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B;
- p=buf;
- *(p++)=SSL2_MT_ERROR;
- s2n(SSL2_PE_NO_CERTIFICATE,p);
- s->init_off=0;
- s->init_num=3;
- /* Write is done at the end */
- }
- }
-
- if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B)
- {
- return(ssl2_do_write(s));
- }
-
- if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C)
- {
- EVP_MD_CTX ctx;
-
- /* ok, now we calculate the checksum
- * do it first so we can reuse buf :-) */
- p=buf;
- EVP_MD_CTX_init(&ctx);
- EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL);
- EVP_SignUpdate(&ctx,s->s2->key_material,
- s->s2->key_material_length);
- EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
- n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
- EVP_SignUpdate(&ctx,buf,(unsigned int)n);
-
- p=buf;
- d=p+6;
- *(p++)=SSL2_MT_CLIENT_CERTIFICATE;
- *(p++)=SSL2_CT_X509_CERTIFICATE;
- n=i2d_X509(s->cert->key->x509,&d);
- s2n(n,p);
-
- if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey))
- {
- /* this is not good. If things have failed it
- * means there so something wrong with the key.
- * We will continue with a 0 length signature
- */
- }
- EVP_MD_CTX_cleanup(&ctx);
- s2n(n,p);
- d+=n;
-
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D;
- s->init_num=d-buf;
- s->init_off=0;
- }
- /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */
- return(ssl2_do_write(s));
- }
-
-static int get_server_verify(SSL *s)
- {
- unsigned char *p;
- int i, n, len;
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
- {
- i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
- if (i < (1-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
- s->init_num += i;
-
- s->state= SSL2_ST_GET_SERVER_VERIFY_B;
- if (*p != SSL2_MT_SERVER_VERIFY)
- {
- if (p[0] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_VERIFY,
- SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- {
- SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_PEER_ERROR);
- /* try to read the error message */
- i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
- return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
- }
- return(-1);
- }
- }
-
- p=(unsigned char *)s->init_buf->data;
- len = 1 + s->s2->challenge_length;
- n = len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
- if (i < n)
- return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
- p += 1;
-
- if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
- return(-1);
- }
- return(1);
- }
-
-static int get_server_finished(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p;
- int i, n, len;
-
- buf=(unsigned char *)s->init_buf->data;
- p=buf;
- if (s->state == SSL2_ST_GET_SERVER_FINISHED_A)
- {
- i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
- if (i < (1-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
- s->init_num += i;
-
- if (*p == SSL2_MT_REQUEST_CERTIFICATE)
- {
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
- return(1);
- }
- else if (*p != SSL2_MT_SERVER_FINISHED)
- {
- if (p[0] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- {
- SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
- /* try to read the error message */
- i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
- return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
- }
- return(-1);
- }
- s->state=SSL2_ST_GET_SERVER_FINISHED_B;
- }
-
- len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
- n = len - s->init_num;
- i = ssl2_read(s,(char *)&(buf[s->init_num]), n);
- if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */
- return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
- s->init_num += i;
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* SERVER-FINISHED */
-
- if (!s->hit) /* new session */
- {
- /* new session-id */
- /* Make sure we were not trying to re-use an old SSL_SESSION
- * or bad things can happen */
- /* ZZZZZZZZZZZZZ */
- s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
- memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH);
- }
- else
- {
- if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
- {
- if ((s->session->session_id_length > sizeof s->session->session_id)
- || (0 != memcmp(buf + 1, s->session->session_id,
- (unsigned int)s->session->session_id_length)))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
- return(-1);
- }
- }
- }
- s->state = SSL_ST_OK;
- return(1);
- }
-
-/* loads in the certificate from the server */
-int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
- {
- STACK_OF(X509) *sk=NULL;
- EVP_PKEY *pkey=NULL;
- SESS_CERT *sc=NULL;
- int i;
- X509 *x509=NULL;
- int ret=0;
-
- x509=d2i_X509(NULL,&data,(long)len);
- if (x509 == NULL)
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB);
- goto err;
- }
-
- if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509))
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- i=ssl_verify_cert_chain(s,sk);
-
- if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
- goto err;
- }
- ERR_clear_error(); /* but we keep s->verify_result */
- s->session->verify_result = s->verify_result;
-
- /* server's cert for this session */
- sc=ssl_sess_cert_new();
- if (sc == NULL)
- {
- ret= -1;
- goto err;
- }
- if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
- s->session->sess_cert=sc;
-
- sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509;
- sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
-
- pkey=X509_get_pubkey(x509);
- x509=NULL;
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
- goto err;
- }
- if (pkey->type != EVP_PKEY_RSA)
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA);
- goto err;
- }
-
- if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE))
- goto err;
- ret=1;
-err:
- sk_X509_free(sk);
- X509_free(x509);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
- unsigned char *to, int padding)
- {
- EVP_PKEY *pkey=NULL;
- int i= -1;
-
- if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
- ((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL))
- {
- SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY);
- return(-1);
- }
- if (pkey->type != EVP_PKEY_RSA)
- {
- SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
- goto end;
- }
-
- /* we have the public key */
- i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding);
- if (i < 0)
- SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
-end:
- EVP_PKEY_free(pkey);
- return(i);
- }
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s2_clnt.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s2_clnt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s2_clnt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s2_clnt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1087 @@
+/* ssl/s2_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+# include <stdio.h>
+# include <openssl/rand.h>
+# include <openssl/buffer.h>
+# include <openssl/objects.h>
+# include <openssl/evp.h>
+
+static SSL_METHOD *ssl2_get_client_method(int ver);
+static int get_server_finished(SSL *s);
+static int get_server_verify(SSL *s);
+static int get_server_hello(SSL *s);
+static int client_hello(SSL *s);
+static int client_master_key(SSL *s);
+static int client_finished(SSL *s);
+static int client_certificate(SSL *s);
+static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
+ unsigned char *to, int padding);
+# define BREAK break
+
+static SSL_METHOD *ssl2_get_client_method(int ver)
+{
+ if (ver == SSL2_VERSION)
+ return (SSLv2_client_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
+ ssl_undefined_function,
+ ssl2_connect, ssl2_get_client_method)
+
+int ssl2_connect(SSL *s)
+{
+ unsigned long l = (unsigned long)time(NULL);
+ BUF_MEM *buf = NULL;
+ int ret = -1;
+ void (*cb) (const SSL *ssl, int type, int val) = NULL;
+ int new_state, state;
+
+ RAND_add(&l, sizeof(l), 0);
+ ERR_clear_error();
+ clear_sys_error();
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ /* init things to blank */
+ s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s))
+ SSL_clear(s);
+
+ for (;;) {
+ state = s->state;
+
+ switch (s->state) {
+ case SSL_ST_BEFORE:
+ case SSL_ST_CONNECT:
+ case SSL_ST_BEFORE | SSL_ST_CONNECT:
+ case SSL_ST_OK | SSL_ST_CONNECT:
+
+ s->server = 0;
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+ s->version = SSL2_VERSION;
+ s->type = SSL_ST_CONNECT;
+
+ buf = s->init_buf;
+ if ((buf == NULL) && ((buf = BUF_MEM_new()) == NULL)) {
+ ret = -1;
+ goto end;
+ }
+ if (!BUF_MEM_grow(buf, SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
+ if (buf == s->init_buf)
+ buf = NULL;
+ ret = -1;
+ goto end;
+ }
+ s->init_buf = buf;
+ buf = NULL;
+ s->init_num = 0;
+ s->state = SSL2_ST_SEND_CLIENT_HELLO_A;
+ s->ctx->stats.sess_connect++;
+ s->handshake_func = ssl2_connect;
+ BREAK;
+
+ case SSL2_ST_SEND_CLIENT_HELLO_A:
+ case SSL2_ST_SEND_CLIENT_HELLO_B:
+ s->shutdown = 0;
+ ret = client_hello(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ s->state = SSL2_ST_GET_SERVER_HELLO_A;
+ BREAK;
+
+ case SSL2_ST_GET_SERVER_HELLO_A:
+ case SSL2_ST_GET_SERVER_HELLO_B:
+ ret = get_server_hello(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ if (!s->hit) { /* new session */
+ s->state = SSL2_ST_SEND_CLIENT_MASTER_KEY_A;
+ BREAK;
+ } else {
+ s->state = SSL2_ST_CLIENT_START_ENCRYPTION;
+ break;
+ }
+
+ case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
+ case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
+ ret = client_master_key(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ s->state = SSL2_ST_CLIENT_START_ENCRYPTION;
+ break;
+
+ case SSL2_ST_CLIENT_START_ENCRYPTION:
+ /*
+ * Ok, we now have all the stuff needed to start encrypting, so
+ * lets fire it up :-)
+ */
+ if (!ssl2_enc_init(s, 1)) {
+ ret = -1;
+ goto end;
+ }
+ s->s2->clear_text = 0;
+ s->state = SSL2_ST_SEND_CLIENT_FINISHED_A;
+ break;
+
+ case SSL2_ST_SEND_CLIENT_FINISHED_A:
+ case SSL2_ST_SEND_CLIENT_FINISHED_B:
+ ret = client_finished(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ s->state = SSL2_ST_GET_SERVER_VERIFY_A;
+ break;
+
+ case SSL2_ST_GET_SERVER_VERIFY_A:
+ case SSL2_ST_GET_SERVER_VERIFY_B:
+ ret = get_server_verify(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ s->state = SSL2_ST_GET_SERVER_FINISHED_A;
+ break;
+
+ case SSL2_ST_GET_SERVER_FINISHED_A:
+ case SSL2_ST_GET_SERVER_FINISHED_B:
+ ret = get_server_finished(s);
+ if (ret <= 0)
+ goto end;
+ break;
+
+ case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
+ case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
+ case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
+ case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
+ case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
+ ret = client_certificate(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ s->state = SSL2_ST_GET_SERVER_FINISHED_A;
+ break;
+
+ case SSL_ST_OK:
+ if (s->init_buf != NULL) {
+ BUF_MEM_free(s->init_buf);
+ s->init_buf = NULL;
+ }
+ s->init_num = 0;
+ /* ERR_clear_error(); */
+
+ /*
+ * If we want to cache session-ids in the client and we
+ * successfully add the session-id to the cache, and there is a
+ * callback, then pass it out. 26/11/96 - eay - only add if not a
+ * re-used session.
+ */
+
+ ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+ if (s->hit)
+ s->ctx->stats.sess_hit++;
+
+ ret = 1;
+ /* s->server=0; */
+ s->ctx->stats.sess_connect_good++;
+
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+
+ goto end;
+ /* break; */
+ default:
+ SSLerr(SSL_F_SSL2_CONNECT, SSL_R_UNKNOWN_STATE);
+ return (-1);
+ /* break; */
+ }
+
+ if ((cb != NULL) && (s->state != state)) {
+ new_state = s->state;
+ s->state = state;
+ cb(s, SSL_CB_CONNECT_LOOP, 1);
+ s->state = new_state;
+ }
+ }
+ end:
+ s->in_handshake--;
+ if (buf != NULL)
+ BUF_MEM_free(buf);
+ if (cb != NULL)
+ cb(s, SSL_CB_CONNECT_EXIT, ret);
+ return (ret);
+}
+
+static int get_server_hello(SSL *s)
+{
+ unsigned char *buf;
+ unsigned char *p;
+ int i, j;
+ unsigned long len;
+ STACK_OF(SSL_CIPHER) *sk = NULL, *cl, *prio, *allow;
+
+ buf = (unsigned char *)s->init_buf->data;
+ p = buf;
+ if (s->state == SSL2_ST_GET_SERVER_HELLO_A) {
+ i = ssl2_read(s, (char *)&(buf[s->init_num]), 11 - s->init_num);
+ if (i < (11 - s->init_num))
+ return (ssl2_part_read(s, SSL_F_GET_SERVER_HELLO, i));
+ s->init_num = 11;
+
+ if (*(p++) != SSL2_MT_SERVER_HELLO) {
+ if (p[-1] != SSL2_MT_ERROR) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_READ_WRONG_PACKET_TYPE);
+ } else
+ SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_PEER_ERROR);
+ return (-1);
+ }
+# ifdef __APPLE_CC__
+ /*
+ * The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug workaround.
+ * <appro at fy.chalmers.se>
+ */
+ s->hit = (i = *(p++)) ? 1 : 0;
+# else
+ s->hit = (*(p++)) ? 1 : 0;
+# endif
+ s->s2->tmp.cert_type = *(p++);
+ n2s(p, i);
+ if (i < s->version)
+ s->version = i;
+ n2s(p, i);
+ s->s2->tmp.cert_length = i;
+ n2s(p, i);
+ s->s2->tmp.csl = i;
+ n2s(p, i);
+ s->s2->tmp.conn_id_length = i;
+ s->state = SSL2_ST_GET_SERVER_HELLO_B;
+ }
+
+ /* SSL2_ST_GET_SERVER_HELLO_B */
+ len =
+ 11 + (unsigned long)s->s2->tmp.cert_length +
+ (unsigned long)s->s2->tmp.csl +
+ (unsigned long)s->s2->tmp.conn_id_length;
+ if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
+ SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_MESSAGE_TOO_LONG);
+ return -1;
+ }
+ j = (int)len - s->init_num;
+ i = ssl2_read(s, (char *)&(buf[s->init_num]), j);
+ if (i != j)
+ return (ssl2_part_read(s, SSL_F_GET_SERVER_HELLO, i));
+ if (s->msg_callback) {
+ /* SERVER-HELLO */
+ s->msg_callback(0, s->version, 0, buf, (size_t)len, s,
+ s->msg_callback_arg);
+ }
+
+ /* things are looking good */
+
+ p = buf + 11;
+ if (s->hit) {
+ if (s->s2->tmp.cert_length != 0) {
+ SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);
+ return (-1);
+ }
+ if (s->s2->tmp.cert_type != 0) {
+ if (!(s->options & SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG)) {
+ SSLerr(SSL_F_GET_SERVER_HELLO,
+ SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
+ return (-1);
+ }
+ }
+ if (s->s2->tmp.csl != 0) {
+ SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);
+ return (-1);
+ }
+ } else {
+# ifdef undef
+ /* very bad */
+ memset(s->session->session_id, 0,
+ SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
+ s->session->session_id_length = 0;
+ */
+# endif
+ /*
+ * we need to do this in case we were trying to reuse a client
+ * session but others are already reusing it. If this was a new
+ * 'blank' session ID, the session-id length will still be 0
+ */
+ if (s->session->session_id_length > 0) {
+ if (!ssl_get_new_session(s, 0)) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ return (-1);
+ }
+ }
+
+ if (ssl2_set_certificate(s, s->s2->tmp.cert_type,
+ s->s2->tmp.cert_length, p) <= 0) {
+ ssl2_return_error(s, SSL2_PE_BAD_CERTIFICATE);
+ return (-1);
+ }
+ p += s->s2->tmp.cert_length;
+
+ if (s->s2->tmp.csl == 0) {
+ ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+ SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_NO_CIPHER_LIST);
+ return (-1);
+ }
+
+ /*
+ * We have just received a list of ciphers back from the server. We
+ * need to get the ones that match, then select the one we want the
+ * most :-).
+ */
+
+ /* load the ciphers */
+ sk = ssl_bytes_to_cipher_list(s, p, s->s2->tmp.csl,
+ &s->session->ciphers);
+ p += s->s2->tmp.csl;
+ if (sk == NULL) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
+ return (-1);
+ }
+
+ (void)sk_SSL_CIPHER_set_cmp_func(sk, ssl_cipher_ptr_id_cmp);
+
+ /* get the array of ciphers we will accept */
+ cl = SSL_get_ciphers(s);
+ (void)sk_SSL_CIPHER_set_cmp_func(cl, ssl_cipher_ptr_id_cmp);
+
+ /*
+ * If server preference flag set, choose the first
+ * (highest priority) cipher the server sends, otherwise
+ * client preference has priority.
+ */
+ if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+ prio = sk;
+ allow = cl;
+ } else {
+ prio = cl;
+ allow = sk;
+ }
+ /*
+ * In theory we could have ciphers sent back that we don't want to
+ * use but that does not matter since we will check against the list
+ * we originally sent and for performance reasons we should not
+ * bother to match the two lists up just to check.
+ */
+ for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
+ if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, i)) >= 0)
+ break;
+ }
+
+ if (i >= sk_SSL_CIPHER_num(prio)) {
+ ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+ SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_NO_CIPHER_MATCH);
+ return (-1);
+ }
+ s->session->cipher = sk_SSL_CIPHER_value(prio, i);
+
+ if (s->session->peer != NULL) { /* can't happen */
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+ return (-1);
+ }
+
+ s->session->peer = s->session->sess_cert->peer_key->x509;
+ /* peer_key->x509 has been set by ssl2_set_certificate. */
+ CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
+ }
+
+ if (s->session->sess_cert == NULL
+ || s->session->peer != s->session->sess_cert->peer_key->x509)
+ /* can't happen */
+ {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+ return (-1);
+ }
+
+ s->s2->conn_id_length = s->s2->tmp.conn_id_length;
+ if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
+ return -1;
+ }
+ memcpy(s->s2->conn_id, p, s->s2->tmp.conn_id_length);
+ return (1);
+}
+
+static int client_hello(SSL *s)
+{
+ unsigned char *buf;
+ unsigned char *p, *d;
+/* CIPHER **cipher;*/
+ int i, n, j;
+
+ buf = (unsigned char *)s->init_buf->data;
+ if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A) {
+ if ((s->session == NULL) || (s->session->ssl_version != s->version)) {
+ if (!ssl_get_new_session(s, 0)) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ return (-1);
+ }
+ }
+ /* else use the pre-loaded session */
+
+ p = buf; /* header */
+ d = p + 9; /* data section */
+ *(p++) = SSL2_MT_CLIENT_HELLO; /* type */
+ s2n(SSL2_VERSION, p); /* version */
+ n = j = 0;
+
+ n = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), d, 0);
+ d += n;
+
+ if (n == 0) {
+ SSLerr(SSL_F_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
+ return (-1);
+ }
+
+ s2n(n, p); /* cipher spec num bytes */
+
+ if ((s->session->session_id_length > 0) &&
+ (s->session->session_id_length <=
+ SSL2_MAX_SSL_SESSION_ID_LENGTH)) {
+ i = s->session->session_id_length;
+ s2n(i, p); /* session id length */
+ memcpy(d, s->session->session_id, (unsigned int)i);
+ d += i;
+ } else {
+ s2n(0, p);
+ }
+
+ s->s2->challenge_length = SSL2_CHALLENGE_LENGTH;
+ s2n(SSL2_CHALLENGE_LENGTH, p); /* challenge length */
+ /*
+ * challenge id data
+ */
+ if (RAND_pseudo_bytes(s->s2->challenge, SSL2_CHALLENGE_LENGTH) <= 0)
+ return -1;
+ memcpy(d, s->s2->challenge, SSL2_CHALLENGE_LENGTH);
+ d += SSL2_CHALLENGE_LENGTH;
+
+ s->state = SSL2_ST_SEND_CLIENT_HELLO_B;
+ s->init_num = d - buf;
+ s->init_off = 0;
+ }
+ /* SSL2_ST_SEND_CLIENT_HELLO_B */
+ return (ssl2_do_write(s));
+}
+
+static int client_master_key(SSL *s)
+{
+ unsigned char *buf;
+ unsigned char *p, *d;
+ int clear, enc, karg, i;
+ SSL_SESSION *sess;
+ const EVP_CIPHER *c;
+ const EVP_MD *md;
+
+ buf = (unsigned char *)s->init_buf->data;
+ if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A) {
+
+ if (!ssl_cipher_get_evp(s->session, &c, &md, NULL)) {
+ ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY,
+ SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
+ return (-1);
+ }
+ sess = s->session;
+ p = buf;
+ d = p + 10;
+ *(p++) = SSL2_MT_CLIENT_MASTER_KEY; /* type */
+
+ i = ssl_put_cipher_by_char(s, sess->cipher, p);
+ p += i;
+
+ /* make key_arg data */
+ i = EVP_CIPHER_iv_length(c);
+ sess->key_arg_length = i;
+ if (i > SSL_MAX_KEY_ARG_LENGTH) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ if (i > 0)
+ if (RAND_pseudo_bytes(sess->key_arg, i) <= 0)
+ return -1;
+
+ /* make a master key */
+ i = EVP_CIPHER_key_length(c);
+ sess->master_key_length = i;
+ if (i > 0) {
+ if (i > (int)sizeof(sess->master_key)) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ if (RAND_bytes(sess->master_key, i) <= 0) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ return (-1);
+ }
+ }
+
+ if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
+ enc = 8;
+ else if (SSL_C_IS_EXPORT(sess->cipher))
+ enc = 5;
+ else
+ enc = i;
+
+ if ((int)i < enc) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_CIPHER_TABLE_SRC_ERROR);
+ return (-1);
+ }
+ clear = i - enc;
+ s2n(clear, p);
+ memcpy(d, sess->master_key, (unsigned int)clear);
+ d += clear;
+
+ enc = ssl_rsa_public_encrypt(sess->sess_cert, enc,
+ &(sess->master_key[clear]), d,
+ (s->
+ s2->ssl2_rollback) ? RSA_SSLV23_PADDING
+ : RSA_PKCS1_PADDING);
+ if (enc <= 0) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
+ return (-1);
+ }
+# ifdef PKCS1_CHECK
+ if (s->options & SSL_OP_PKCS1_CHECK_1)
+ d[1]++;
+ if (s->options & SSL_OP_PKCS1_CHECK_2)
+ sess->master_key[clear]++;
+# endif
+ s2n(enc, p);
+ d += enc;
+ karg = sess->key_arg_length;
+ s2n(karg, p); /* key arg size */
+ if (karg > (int)sizeof(sess->key_arg)) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ memcpy(d, sess->key_arg, (unsigned int)karg);
+ d += karg;
+
+ s->state = SSL2_ST_SEND_CLIENT_MASTER_KEY_B;
+ s->init_num = d - buf;
+ s->init_off = 0;
+ }
+
+ /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */
+ return (ssl2_do_write(s));
+}
+
+static int client_finished(SSL *s)
+{
+ unsigned char *p;
+
+ if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A) {
+ p = (unsigned char *)s->init_buf->data;
+ *(p++) = SSL2_MT_CLIENT_FINISHED;
+ if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
+ SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ memcpy(p, s->s2->conn_id, (unsigned int)s->s2->conn_id_length);
+
+ s->state = SSL2_ST_SEND_CLIENT_FINISHED_B;
+ s->init_num = s->s2->conn_id_length + 1;
+ s->init_off = 0;
+ }
+ return (ssl2_do_write(s));
+}
+
+/* read the data and then respond */
+static int client_certificate(SSL *s)
+{
+ unsigned char *buf;
+ unsigned char *p, *d;
+ int i;
+ unsigned int n;
+ int cert_ch_len;
+ unsigned char *cert_ch;
+
+ buf = (unsigned char *)s->init_buf->data;
+
+ /*
+ * We have a cert associated with the SSL, so attach it to the session if
+ * it does not have one
+ */
+
+ if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A) {
+ i = ssl2_read(s, (char *)&(buf[s->init_num]),
+ SSL2_MAX_CERT_CHALLENGE_LENGTH + 2 - s->init_num);
+ if (i < (SSL2_MIN_CERT_CHALLENGE_LENGTH + 2 - s->init_num))
+ return (ssl2_part_read(s, SSL_F_CLIENT_CERTIFICATE, i));
+ s->init_num += i;
+ if (s->msg_callback) {
+ /* REQUEST-CERTIFICATE */
+ s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s,
+ s->msg_callback_arg);
+ }
+
+ /* type=buf[0]; */
+ /* type eq x509 */
+ if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) {
+ ssl2_return_error(s, SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
+ SSLerr(SSL_F_CLIENT_CERTIFICATE, SSL_R_BAD_AUTHENTICATION_TYPE);
+ return (-1);
+ }
+
+ if ((s->cert == NULL) ||
+ (s->cert->key->x509 == NULL) ||
+ (s->cert->key->privatekey == NULL)) {
+ s->state = SSL2_ST_X509_GET_CLIENT_CERTIFICATE;
+ } else
+ s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
+ }
+
+ cert_ch = buf + 2;
+ cert_ch_len = s->init_num - 2;
+
+ if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE) {
+ X509 *x509 = NULL;
+ EVP_PKEY *pkey = NULL;
+
+ /*
+ * If we get an error we need to ssl->rwstate=SSL_X509_LOOKUP;
+ * return(error); We should then be retried when things are ok and we
+ * can get a cert or not
+ */
+
+ i = 0;
+ if (s->ctx->client_cert_cb != NULL) {
+ i = s->ctx->client_cert_cb(s, &(x509), &(pkey));
+ }
+
+ if (i < 0) {
+ s->rwstate = SSL_X509_LOOKUP;
+ return (-1);
+ }
+ s->rwstate = SSL_NOTHING;
+
+ if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
+ s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
+ if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey)) {
+ i = 0;
+ }
+ X509_free(x509);
+ EVP_PKEY_free(pkey);
+ } else if (i == 1) {
+ if (x509 != NULL)
+ X509_free(x509);
+ if (pkey != NULL)
+ EVP_PKEY_free(pkey);
+ SSLerr(SSL_F_CLIENT_CERTIFICATE,
+ SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+ i = 0;
+ }
+
+ if (i == 0) {
+ /*
+ * We have no client certificate to respond with so send the
+ * correct error message back
+ */
+ s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_B;
+ p = buf;
+ *(p++) = SSL2_MT_ERROR;
+ s2n(SSL2_PE_NO_CERTIFICATE, p);
+ s->init_off = 0;
+ s->init_num = 3;
+ /* Write is done at the end */
+ }
+ }
+
+ if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B) {
+ return (ssl2_do_write(s));
+ }
+
+ if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C) {
+ EVP_MD_CTX ctx;
+
+ /*
+ * ok, now we calculate the checksum do it first so we can reuse buf
+ * :-)
+ */
+ p = buf;
+ EVP_MD_CTX_init(&ctx);
+ EVP_SignInit_ex(&ctx, s->ctx->rsa_md5, NULL);
+ EVP_SignUpdate(&ctx, s->s2->key_material, s->s2->key_material_length);
+ EVP_SignUpdate(&ctx, cert_ch, (unsigned int)cert_ch_len);
+ n = i2d_X509(s->session->sess_cert->peer_key->x509, &p);
+ EVP_SignUpdate(&ctx, buf, (unsigned int)n);
+
+ p = buf;
+ d = p + 6;
+ *(p++) = SSL2_MT_CLIENT_CERTIFICATE;
+ *(p++) = SSL2_CT_X509_CERTIFICATE;
+ n = i2d_X509(s->cert->key->x509, &d);
+ s2n(n, p);
+
+ if (!EVP_SignFinal(&ctx, d, &n, s->cert->key->privatekey)) {
+ /*
+ * this is not good. If things have failed it means there so
+ * something wrong with the key. We will continue with a 0 length
+ * signature
+ */
+ }
+ EVP_MD_CTX_cleanup(&ctx);
+ s2n(n, p);
+ d += n;
+
+ s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_D;
+ s->init_num = d - buf;
+ s->init_off = 0;
+ }
+ /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */
+ return (ssl2_do_write(s));
+}
+
+static int get_server_verify(SSL *s)
+{
+ unsigned char *p;
+ int i, n, len;
+
+ p = (unsigned char *)s->init_buf->data;
+ if (s->state == SSL2_ST_GET_SERVER_VERIFY_A) {
+ i = ssl2_read(s, (char *)&(p[s->init_num]), 1 - s->init_num);
+ if (i < (1 - s->init_num))
+ return (ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i));
+ s->init_num += i;
+
+ s->state = SSL2_ST_GET_SERVER_VERIFY_B;
+ if (*p != SSL2_MT_SERVER_VERIFY) {
+ if (p[0] != SSL2_MT_ERROR) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_VERIFY, SSL_R_READ_WRONG_PACKET_TYPE);
+ } else {
+ SSLerr(SSL_F_GET_SERVER_VERIFY, SSL_R_PEER_ERROR);
+ /* try to read the error message */
+ i = ssl2_read(s, (char *)&(p[s->init_num]), 3 - s->init_num);
+ return ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i);
+ }
+ return (-1);
+ }
+ }
+
+ p = (unsigned char *)s->init_buf->data;
+ len = 1 + s->s2->challenge_length;
+ n = len - s->init_num;
+ i = ssl2_read(s, (char *)&(p[s->init_num]), n);
+ if (i < n)
+ return (ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i));
+ if (s->msg_callback) {
+ /* SERVER-VERIFY */
+ s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg);
+ }
+ p += 1;
+
+ if (CRYPTO_memcmp(p, s->s2->challenge, s->s2->challenge_length) != 0) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_VERIFY, SSL_R_CHALLENGE_IS_DIFFERENT);
+ return (-1);
+ }
+ return (1);
+}
+
+static int get_server_finished(SSL *s)
+{
+ unsigned char *buf;
+ unsigned char *p;
+ int i, n, len;
+
+ buf = (unsigned char *)s->init_buf->data;
+ p = buf;
+ if (s->state == SSL2_ST_GET_SERVER_FINISHED_A) {
+ i = ssl2_read(s, (char *)&(buf[s->init_num]), 1 - s->init_num);
+ if (i < (1 - s->init_num))
+ return (ssl2_part_read(s, SSL_F_GET_SERVER_FINISHED, i));
+ s->init_num += i;
+
+ if (*p == SSL2_MT_REQUEST_CERTIFICATE) {
+ s->state = SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
+ return (1);
+ } else if (*p != SSL2_MT_SERVER_FINISHED) {
+ if (p[0] != SSL2_MT_ERROR) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_FINISHED,
+ SSL_R_READ_WRONG_PACKET_TYPE);
+ } else {
+ SSLerr(SSL_F_GET_SERVER_FINISHED, SSL_R_PEER_ERROR);
+ /* try to read the error message */
+ i = ssl2_read(s, (char *)&(p[s->init_num]), 3 - s->init_num);
+ return ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i);
+ }
+ return (-1);
+ }
+ s->state = SSL2_ST_GET_SERVER_FINISHED_B;
+ }
+
+ len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
+ n = len - s->init_num;
+ i = ssl2_read(s, (char *)&(buf[s->init_num]), n);
+ if (i < n) {
+ /*
+ * XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH,
+ * that's the maximum
+ */
+ return (ssl2_part_read(s, SSL_F_GET_SERVER_FINISHED, i));
+ }
+ s->init_num += i;
+ if (s->msg_callback) {
+ /* SERVER-FINISHED */
+ s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s,
+ s->msg_callback_arg);
+ }
+
+ if (!s->hit) { /* new session */
+ /* new session-id */
+ /*
+ * Make sure we were not trying to re-use an old SSL_SESSION or bad
+ * things can happen
+ */
+ /* ZZZZZZZZZZZZZ */
+ s->session->session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
+ memcpy(s->session->session_id, p + 1, SSL2_SSL_SESSION_ID_LENGTH);
+ } else {
+ if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG)) {
+ if ((s->session->session_id_length >
+ sizeof s->session->session_id)
+ || (0 !=
+ memcmp(buf + 1, s->session->session_id,
+ (unsigned int)s->session->session_id_length))) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_SERVER_FINISHED,
+ SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
+ return (-1);
+ }
+ }
+ }
+ s->state = SSL_ST_OK;
+ return (1);
+}
+
+/* loads in the certificate from the server */
+int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
+{
+ STACK_OF(X509) *sk = NULL;
+ EVP_PKEY *pkey = NULL;
+ SESS_CERT *sc = NULL;
+ int i;
+ X509 *x509 = NULL;
+ int ret = 0;
+
+ x509 = d2i_X509(NULL, &data, (long)len);
+ if (x509 == NULL) {
+ SSLerr(SSL_F_SSL2_SET_CERTIFICATE, ERR_R_X509_LIB);
+ goto err;
+ }
+
+ if ((sk = sk_X509_new_null()) == NULL || !sk_X509_push(sk, x509)) {
+ SSLerr(SSL_F_SSL2_SET_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ i = ssl_verify_cert_chain(s, sk);
+
+ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) {
+ SSLerr(SSL_F_SSL2_SET_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED);
+ goto err;
+ }
+ ERR_clear_error(); /* but we keep s->verify_result */
+ s->session->verify_result = s->verify_result;
+
+ /* server's cert for this session */
+ sc = ssl_sess_cert_new();
+ if (sc == NULL) {
+ ret = -1;
+ goto err;
+ }
+ if (s->session->sess_cert)
+ ssl_sess_cert_free(s->session->sess_cert);
+ s->session->sess_cert = sc;
+
+ sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509 = x509;
+ sc->peer_key = &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
+
+ pkey = X509_get_pubkey(x509);
+ x509 = NULL;
+ if (pkey == NULL) {
+ SSLerr(SSL_F_SSL2_SET_CERTIFICATE,
+ SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
+ goto err;
+ }
+ if (pkey->type != EVP_PKEY_RSA) {
+ SSLerr(SSL_F_SSL2_SET_CERTIFICATE, SSL_R_PUBLIC_KEY_NOT_RSA);
+ goto err;
+ }
+
+ if (!ssl_set_peer_cert_type(sc, SSL2_CT_X509_CERTIFICATE))
+ goto err;
+ ret = 1;
+ err:
+ sk_X509_free(sk);
+ X509_free(x509);
+ EVP_PKEY_free(pkey);
+ return (ret);
+}
+
+static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
+ unsigned char *to, int padding)
+{
+ EVP_PKEY *pkey = NULL;
+ int i = -1;
+
+ if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
+ ((pkey = X509_get_pubkey(sc->peer_key->x509)) == NULL)) {
+ SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT, SSL_R_NO_PUBLICKEY);
+ return (-1);
+ }
+ if (pkey->type != EVP_PKEY_RSA) {
+ SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT, SSL_R_PUBLIC_KEY_IS_NOT_RSA);
+ goto end;
+ }
+
+ /* we have the public key */
+ i = RSA_public_encrypt(len, from, to, pkey->pkey.rsa, padding);
+ if (i < 0)
+ SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT, ERR_R_RSA_LIB);
+ end:
+ EVP_PKEY_free(pkey);
+ return (i);
+}
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s2_enc.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s2_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s2_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,194 +0,0 @@
-/* ssl/s2_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-
-int ssl2_enc_init(SSL *s, int client)
- {
- /* Max number of bytes needed */
- EVP_CIPHER_CTX *rs,*ws;
- const EVP_CIPHER *c;
- const EVP_MD *md;
- int num;
-
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
- return(0);
- }
-
- s->read_hash=md;
- s->write_hash=md;
-
- if ((s->enc_read_ctx == NULL) &&
- ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
- goto err;
-
- /* make sure it's intialized in case the malloc for enc_write_ctx fails
- * and we exit with an error */
- rs= s->enc_read_ctx;
- EVP_CIPHER_CTX_init(rs);
-
- if ((s->enc_write_ctx == NULL) &&
- ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
- goto err;
-
- ws= s->enc_write_ctx;
- EVP_CIPHER_CTX_init(ws);
-
- num=c->key_len;
- s->s2->key_material_length=num*2;
- OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
-
- if (ssl2_generate_key_material(s) <= 0)
- return 0;
-
- OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg));
- EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
- s->session->key_arg);
- EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
- s->session->key_arg);
- s->s2->read_key= &(s->s2->key_material[(client)?0:num]);
- s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
- return(1);
-err:
- SSLerr(SSL_F_SSL2_ENC_INIT,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-/* read/writes from s->s2->mac_data using length for encrypt and
- * decrypt. It sets s->s2->padding and s->[rw]length
- * if we are encrypting */
-void ssl2_enc(SSL *s, int send)
- {
- EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs;
-
- if (send)
- {
- ds=s->enc_write_ctx;
- l=s->s2->wlength;
- }
- else
- {
- ds=s->enc_read_ctx;
- l=s->s2->rlength;
- }
-
- /* check for NULL cipher */
- if (ds == NULL) return;
-
-
- bs=ds->cipher->block_size;
- /* This should be using (bs-1) and bs instead of 7 and 8, but
- * what the hell. */
- if (bs == 8)
- l=(l+7)/8*8;
-
- EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
- }
-
-void ssl2_mac(SSL *s, unsigned char *md, int send)
- {
- EVP_MD_CTX c;
- unsigned char sequence[4],*p,*sec,*act;
- unsigned long seq;
- unsigned int len;
-
- if (send)
- {
- seq=s->s2->write_sequence;
- sec=s->s2->write_key;
- len=s->s2->wact_data_length;
- act=s->s2->wact_data;
- }
- else
- {
- seq=s->s2->read_sequence;
- sec=s->s2->read_key;
- len=s->s2->ract_data_length;
- act=s->s2->ract_data;
- }
-
- p= &(sequence[0]);
- l2n(seq,p);
-
- /* There has to be a MAC algorithm. */
- EVP_MD_CTX_init(&c);
- EVP_DigestInit_ex(&c, s->read_hash, NULL);
- EVP_DigestUpdate(&c,sec,
- EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
- EVP_DigestUpdate(&c,act,len);
- /* the above line also does the pad data */
- EVP_DigestUpdate(&c,sequence,4);
- EVP_DigestFinal_ex(&c,md,NULL);
- EVP_MD_CTX_cleanup(&c);
- }
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s2_enc.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s2_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s2_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s2_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,194 @@
+/* ssl/s2_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+# include <stdio.h>
+
+int ssl2_enc_init(SSL *s, int client)
+{
+ /* Max number of bytes needed */
+ EVP_CIPHER_CTX *rs, *ws;
+ const EVP_CIPHER *c;
+ const EVP_MD *md;
+ int num;
+
+ if (!ssl_cipher_get_evp(s->session, &c, &md, NULL)) {
+ ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+ SSLerr(SSL_F_SSL2_ENC_INIT, SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
+ return (0);
+ }
+
+ s->read_hash = md;
+ s->write_hash = md;
+
+ if ((s->enc_read_ctx == NULL) && ((s->enc_read_ctx = (EVP_CIPHER_CTX *)
+ OPENSSL_malloc(sizeof(EVP_CIPHER_CTX)))
+ == NULL))
+ goto err;
+
+ /*
+ * make sure it's intialized in case the malloc for enc_write_ctx fails
+ * and we exit with an error
+ */
+ rs = s->enc_read_ctx;
+ EVP_CIPHER_CTX_init(rs);
+
+ if ((s->enc_write_ctx == NULL) && ((s->enc_write_ctx = (EVP_CIPHER_CTX *)
+ OPENSSL_malloc(sizeof
+ (EVP_CIPHER_CTX))) ==
+ NULL))
+ goto err;
+
+ ws = s->enc_write_ctx;
+ EVP_CIPHER_CTX_init(ws);
+
+ num = c->key_len;
+ s->s2->key_material_length = num * 2;
+ OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
+
+ if (ssl2_generate_key_material(s) <= 0)
+ return 0;
+
+ OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg));
+ EVP_EncryptInit_ex(ws, c, NULL,
+ &(s->s2->key_material[(client) ? num : 0]),
+ s->session->key_arg);
+ EVP_DecryptInit_ex(rs, c, NULL,
+ &(s->s2->key_material[(client) ? 0 : num]),
+ s->session->key_arg);
+ s->s2->read_key = &(s->s2->key_material[(client) ? 0 : num]);
+ s->s2->write_key = &(s->s2->key_material[(client) ? num : 0]);
+ return (1);
+ err:
+ SSLerr(SSL_F_SSL2_ENC_INIT, ERR_R_MALLOC_FAILURE);
+ return (0);
+}
+
+/*
+ * read/writes from s->s2->mac_data using length for encrypt and decrypt.
+ * It sets s->s2->padding and s->[rw]length if we are encrypting
+ */
+void ssl2_enc(SSL *s, int send)
+{
+ EVP_CIPHER_CTX *ds;
+ unsigned long l;
+ int bs;
+
+ if (send) {
+ ds = s->enc_write_ctx;
+ l = s->s2->wlength;
+ } else {
+ ds = s->enc_read_ctx;
+ l = s->s2->rlength;
+ }
+
+ /* check for NULL cipher */
+ if (ds == NULL)
+ return;
+
+ bs = ds->cipher->block_size;
+ /*
+ * This should be using (bs-1) and bs instead of 7 and 8, but what the
+ * hell.
+ */
+ if (bs == 8)
+ l = (l + 7) / 8 * 8;
+
+ EVP_Cipher(ds, s->s2->mac_data, s->s2->mac_data, l);
+}
+
+void ssl2_mac(SSL *s, unsigned char *md, int send)
+{
+ EVP_MD_CTX c;
+ unsigned char sequence[4], *p, *sec, *act;
+ unsigned long seq;
+ unsigned int len;
+
+ if (send) {
+ seq = s->s2->write_sequence;
+ sec = s->s2->write_key;
+ len = s->s2->wact_data_length;
+ act = s->s2->wact_data;
+ } else {
+ seq = s->s2->read_sequence;
+ sec = s->s2->read_key;
+ len = s->s2->ract_data_length;
+ act = s->s2->ract_data;
+ }
+
+ p = &(sequence[0]);
+ l2n(seq, p);
+
+ /* There has to be a MAC algorithm. */
+ EVP_MD_CTX_init(&c);
+ EVP_DigestInit_ex(&c, s->read_hash, NULL);
+ EVP_DigestUpdate(&c, sec, EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
+ EVP_DigestUpdate(&c, act, len);
+ /* the above line also does the pad data */
+ EVP_DigestUpdate(&c, sequence, 4);
+ EVP_DigestFinal_ex(&c, md, NULL);
+ EVP_MD_CTX_cleanup(&c);
+}
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s2_lib.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s2_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s2_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,480 +0,0 @@
-/* ssl/s2_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-
-const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
-
-#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
-
-/* list of available SSLv2 ciphers (sorted by id) */
-OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
-/* NULL_WITH_MD5 v3 */
-#if 0
- {
- 1,
- SSL2_TXT_NULL_WITH_MD5,
- SSL2_CK_NULL_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-/* RC4_128_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC4_128_WITH_MD5,
- SSL2_CK_RC4_128_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* RC4_128_EXPORT40_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
- SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40,
- SSL2_CF_5_BYTE_ENC,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* RC2_128_CBC_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC2_128_CBC_WITH_MD5,
- SSL2_CK_RC2_128_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* RC2_128_CBC_EXPORT40_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
- SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40,
- SSL2_CF_5_BYTE_ENC,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* IDEA_128_CBC_WITH_MD5 */
-#ifndef OPENSSL_NO_IDEA
- {
- 1,
- SSL2_TXT_IDEA_128_CBC_WITH_MD5,
- SSL2_CK_IDEA_128_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-/* DES_64_CBC_WITH_MD5 */
- {
- 1,
- SSL2_TXT_DES_64_CBC_WITH_MD5,
- SSL2_CK_DES_64_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* DES_192_EDE3_CBC_WITH_MD5 */
- {
- 1,
- SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
- SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* RC4_64_WITH_MD5 */
-#if 0
- {
- 1,
- SSL2_TXT_RC4_64_WITH_MD5,
- SSL2_CK_RC4_64_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_LOW,
- SSL2_CF_8_BYTE_ENC,
- 64,
- 64,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-/* NULL SSLeay (testing) */
-#if 0
- {
- 0,
- SSL2_TXT_NULL,
- SSL2_CK_NULL,
- 0,
- SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-
-/* end of list :-) */
- };
-
-long ssl2_default_timeout(void)
- {
- return(300);
- }
-
-IMPLEMENT_ssl2_meth_func(sslv2_base_method,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl_bad_method)
-
-int ssl2_num_ciphers(void)
- {
- return(SSL2_NUM_CIPHERS);
- }
-
-SSL_CIPHER *ssl2_get_cipher(unsigned int u)
- {
- if (u < SSL2_NUM_CIPHERS)
- return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
- else
- return(NULL);
- }
-
-int ssl2_pending(const SSL *s)
- {
- return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
- }
-
-int ssl2_new(SSL *s)
- {
- SSL2_STATE *s2;
-
- if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
- memset(s2,0,sizeof *s2);
-
-#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
-# error "assertion failed"
-#endif
-
- if ((s2->rbuf=OPENSSL_malloc(
- SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
- /* wbuf needs one byte more because when using two-byte headers,
- * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
- if ((s2->wbuf=OPENSSL_malloc(
- SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
- s->s2=s2;
-
- ssl2_clear(s);
- return(1);
-err:
- if (s2 != NULL)
- {
- if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
- if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
- OPENSSL_free(s2);
- }
- return(0);
- }
-
-void ssl2_free(SSL *s)
- {
- SSL2_STATE *s2;
-
- if(s == NULL)
- return;
-
- s2=s->s2;
- if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
- if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
- OPENSSL_cleanse(s2,sizeof *s2);
- OPENSSL_free(s2);
- s->s2=NULL;
- }
-
-void ssl2_clear(SSL *s)
- {
- SSL2_STATE *s2;
- unsigned char *rbuf,*wbuf;
-
- s2=s->s2;
-
- rbuf=s2->rbuf;
- wbuf=s2->wbuf;
-
- memset(s2,0,sizeof *s2);
-
- s2->rbuf=rbuf;
- s2->wbuf=wbuf;
- s2->clear_text=1;
- s->packet=s2->rbuf;
- s->version=SSL2_VERSION;
- s->packet_length=0;
- }
-
-long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
- {
- int ret=0;
-
- switch(cmd)
- {
- case SSL_CTRL_GET_SESSION_REUSED:
- ret=s->hit;
- break;
- case SSL_CTRL_CHECK_PROTO_VERSION:
- return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg);
- default:
- break;
- }
- return(ret);
- }
-
-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
- {
- return(0);
- }
-
-long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
- {
- return(0);
- }
-
-long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
- {
- return(0);
- }
-
-/* This function needs to check if the ciphers required are actually
- * available */
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
- {
- SSL_CIPHER c,*cp;
- unsigned long id;
-
- id=0x02000000L|((unsigned long)p[0]<<16L)|
- ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
- c.id=id;
- cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
- (char *)ssl2_ciphers,
- SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
- FP_ICC ssl_cipher_id_cmp);
- if ((cp == NULL) || (cp->valid == 0))
- return NULL;
- else
- return cp;
- }
-
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
- {
- long l;
-
- if (p != NULL)
- {
- l=c->id;
- if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV) return(0);
- p[0]=((unsigned char)(l>>16L))&0xFF;
- p[1]=((unsigned char)(l>> 8L))&0xFF;
- p[2]=((unsigned char)(l ))&0xFF;
- }
- return(3);
- }
-
-int ssl2_generate_key_material(SSL *s)
- {
- unsigned int i;
- EVP_MD_CTX ctx;
- unsigned char *km;
- unsigned char c='0';
- const EVP_MD *md5;
-
- md5 = EVP_md5();
-
-#ifdef CHARSET_EBCDIC
- c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
- see SSLv2 docu */
-#endif
- EVP_MD_CTX_init(&ctx);
- km=s->s2->key_material;
-
- if (s->session->master_key_length < 0 ||
- s->session->master_key_length > (int)sizeof(s->session->master_key))
- {
- SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
- {
- if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
- (int)sizeof(s->s2->key_material))
- {
- /* EVP_DigestFinal_ex() below would write beyond buffer */
- SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- EVP_DigestInit_ex(&ctx, md5, NULL);
-
- OPENSSL_assert(s->session->master_key_length >= 0
- && s->session->master_key_length
- < (int)sizeof(s->session->master_key));
- EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
- EVP_DigestUpdate(&ctx,&c,1);
- c++;
- EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
- EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
- EVP_DigestFinal_ex(&ctx,km,NULL);
- km += EVP_MD_size(md5);
- }
-
- EVP_MD_CTX_cleanup(&ctx);
- return 1;
- }
-
-void ssl2_return_error(SSL *s, int err)
- {
- if (!s->error)
- {
- s->error=3;
- s->error_code=err;
-
- ssl2_write_error(s);
- }
- }
-
-
-void ssl2_write_error(SSL *s)
- {
- unsigned char buf[3];
- int i,error;
-
- buf[0]=SSL2_MT_ERROR;
- buf[1]=(s->error_code>>8)&0xff;
- buf[2]=(s->error_code)&0xff;
-
-/* state=s->rwstate;*/
-
- error=s->error; /* number of bytes left to write */
- s->error=0;
- OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
- i=ssl2_write(s,&(buf[3-error]),error);
-
-/* if (i == error) s->rwstate=state; */
-
- if (i < 0)
- s->error=error;
- else
- {
- s->error=error-i;
-
- if (s->error == 0)
- if (s->msg_callback)
- s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
- }
- }
-
-int ssl2_shutdown(SSL *s)
- {
- s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
- return(1);
- }
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s2_lib.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s2_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s2_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s2_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,488 @@
+/* ssl/s2_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+# include <stdio.h>
+# include <openssl/objects.h>
+# include <openssl/evp.h>
+# include <openssl/md5.h>
+
+const char ssl2_version_str[] = "SSLv2" OPENSSL_VERSION_PTEXT;
+
+# define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
+
+/* list of available SSLv2 ciphers (sorted by id) */
+OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[] = {
+/* NULL_WITH_MD5 v3 */
+# if 0
+ {
+ 1,
+ SSL2_TXT_NULL_WITH_MD5,
+ SSL2_CK_NULL_WITH_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_eNULL | SSL_MD5 | SSL_SSLV2,
+ SSL_EXPORT | SSL_EXP40 | SSL_STRONG_NONE,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+# endif
+/* RC4_128_WITH_MD5 */
+ {
+ 1,
+ SSL2_TXT_RC4_128_WITH_MD5,
+ SSL2_CK_RC4_128_WITH_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_RC4 | SSL_MD5 | SSL_SSLV2,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* RC4_128_EXPORT40_WITH_MD5 */
+ {
+ 1,
+ SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
+ SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_RC4 | SSL_MD5 | SSL_SSLV2,
+ SSL_EXPORT | SSL_EXP40,
+ SSL2_CF_5_BYTE_ENC,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* RC2_128_CBC_WITH_MD5 */
+ {
+ 1,
+ SSL2_TXT_RC2_128_CBC_WITH_MD5,
+ SSL2_CK_RC2_128_CBC_WITH_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_RC2 | SSL_MD5 | SSL_SSLV2,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* RC2_128_CBC_EXPORT40_WITH_MD5 */
+ {
+ 1,
+ SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
+ SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_RC2 | SSL_MD5 | SSL_SSLV2,
+ SSL_EXPORT | SSL_EXP40,
+ SSL2_CF_5_BYTE_ENC,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* IDEA_128_CBC_WITH_MD5 */
+# ifndef OPENSSL_NO_IDEA
+ {
+ 1,
+ SSL2_TXT_IDEA_128_CBC_WITH_MD5,
+ SSL2_CK_IDEA_128_CBC_WITH_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_IDEA | SSL_MD5 | SSL_SSLV2,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+# endif
+/* DES_64_CBC_WITH_MD5 */
+ {
+ 1,
+ SSL2_TXT_DES_64_CBC_WITH_MD5,
+ SSL2_CK_DES_64_CBC_WITH_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_DES | SSL_MD5 | SSL_SSLV2,
+ SSL_NOT_EXP | SSL_LOW,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* DES_192_EDE3_CBC_WITH_MD5 */
+ {
+ 1,
+ SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
+ SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_3DES | SSL_MD5 | SSL_SSLV2,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* RC4_64_WITH_MD5 */
+# if 0
+ {
+ 1,
+ SSL2_TXT_RC4_64_WITH_MD5,
+ SSL2_CK_RC4_64_WITH_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_RC4 | SSL_MD5 | SSL_SSLV2,
+ SSL_NOT_EXP | SSL_LOW,
+ SSL2_CF_8_BYTE_ENC,
+ 64,
+ 64,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+# endif
+/* NULL SSLeay (testing) */
+# if 0
+ {
+ 0,
+ SSL2_TXT_NULL,
+ SSL2_CK_NULL,
+ 0,
+ SSL_STRONG_NONE,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+# endif
+
+/* end of list :-) */
+};
+
+long ssl2_default_timeout(void)
+{
+ return (300);
+}
+
+IMPLEMENT_ssl2_meth_func(sslv2_base_method,
+ ssl_undefined_function,
+ ssl_undefined_function, ssl_bad_method)
+
+int ssl2_num_ciphers(void)
+{
+ return (SSL2_NUM_CIPHERS);
+}
+
+SSL_CIPHER *ssl2_get_cipher(unsigned int u)
+{
+ if (u < SSL2_NUM_CIPHERS)
+ return (&(ssl2_ciphers[SSL2_NUM_CIPHERS - 1 - u]));
+ else
+ return (NULL);
+}
+
+int ssl2_pending(const SSL *s)
+{
+ return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
+}
+
+int ssl2_new(SSL *s)
+{
+ SSL2_STATE *s2;
+
+ if ((s2 = OPENSSL_malloc(sizeof *s2)) == NULL)
+ goto err;
+ memset(s2, 0, sizeof *s2);
+
+# if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
+# error "assertion failed"
+# endif
+
+ if ((s2->rbuf =
+ OPENSSL_malloc(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2)) == NULL)
+ goto err;
+ /*
+ * wbuf needs one byte more because when using two-byte headers, we leave
+ * the first byte unused in do_ssl_write (s2_pkt.c)
+ */
+ if ((s2->wbuf =
+ OPENSSL_malloc(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 3)) == NULL)
+ goto err;
+ s->s2 = s2;
+
+ ssl2_clear(s);
+ return (1);
+ err:
+ if (s2 != NULL) {
+ if (s2->wbuf != NULL)
+ OPENSSL_free(s2->wbuf);
+ if (s2->rbuf != NULL)
+ OPENSSL_free(s2->rbuf);
+ OPENSSL_free(s2);
+ }
+ return (0);
+}
+
+void ssl2_free(SSL *s)
+{
+ SSL2_STATE *s2;
+
+ if (s == NULL)
+ return;
+
+ s2 = s->s2;
+ if (s2->rbuf != NULL)
+ OPENSSL_free(s2->rbuf);
+ if (s2->wbuf != NULL)
+ OPENSSL_free(s2->wbuf);
+ OPENSSL_cleanse(s2, sizeof *s2);
+ OPENSSL_free(s2);
+ s->s2 = NULL;
+}
+
+void ssl2_clear(SSL *s)
+{
+ SSL2_STATE *s2;
+ unsigned char *rbuf, *wbuf;
+
+ s2 = s->s2;
+
+ rbuf = s2->rbuf;
+ wbuf = s2->wbuf;
+
+ memset(s2, 0, sizeof *s2);
+
+ s2->rbuf = rbuf;
+ s2->wbuf = wbuf;
+ s2->clear_text = 1;
+ s->packet = s2->rbuf;
+ s->version = SSL2_VERSION;
+ s->packet_length = 0;
+}
+
+long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+ int ret = 0;
+
+ switch (cmd) {
+ case SSL_CTRL_GET_SESSION_REUSED:
+ ret = s->hit;
+ break;
+ case SSL_CTRL_CHECK_PROTO_VERSION:
+ return ssl3_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, larg, parg);
+ default:
+ break;
+ }
+ return (ret);
+}
+
+long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+ return (0);
+}
+
+long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+ return (0);
+}
+
+long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+ return (0);
+}
+
+/*
+ * This function needs to check if the ciphers required are actually
+ * available
+ */
+SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
+{
+ SSL_CIPHER c, *cp;
+ unsigned long id;
+
+ id = 0x02000000L | ((unsigned long)p[0] << 16L) |
+ ((unsigned long)p[1] << 8L) | (unsigned long)p[2];
+ c.id = id;
+ cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
+ (char *)ssl2_ciphers,
+ SSL2_NUM_CIPHERS, sizeof(SSL_CIPHER),
+ FP_ICC ssl_cipher_id_cmp);
+ if ((cp == NULL) || (cp->valid == 0))
+ return NULL;
+ else
+ return cp;
+}
+
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+{
+ long l;
+
+ if (p != NULL) {
+ l = c->id;
+ if ((l & 0xff000000) != 0x02000000 && l != SSL3_CK_FALLBACK_SCSV)
+ return (0);
+ p[0] = ((unsigned char)(l >> 16L)) & 0xFF;
+ p[1] = ((unsigned char)(l >> 8L)) & 0xFF;
+ p[2] = ((unsigned char)(l)) & 0xFF;
+ }
+ return (3);
+}
+
+int ssl2_generate_key_material(SSL *s)
+{
+ unsigned int i;
+ EVP_MD_CTX ctx;
+ unsigned char *km;
+ unsigned char c = '0';
+ const EVP_MD *md5;
+
+ md5 = EVP_md5();
+
+# ifdef CHARSET_EBCDIC
+ c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0', see
+ * SSLv2 docu */
+# endif
+ EVP_MD_CTX_init(&ctx);
+ km = s->s2->key_material;
+
+ if (s->session->master_key_length < 0 ||
+ s->session->master_key_length > (int)sizeof(s->session->master_key)) {
+ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ for (i = 0; i < s->s2->key_material_length; i += EVP_MD_size(md5)) {
+ if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
+ (int)sizeof(s->s2->key_material)) {
+ /*
+ * EVP_DigestFinal_ex() below would write beyond buffer
+ */
+ SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ EVP_DigestInit_ex(&ctx, md5, NULL);
+
+ OPENSSL_assert(s->session->master_key_length >= 0
+ && s->session->master_key_length
+ <= (int)sizeof(s->session->master_key));
+ EVP_DigestUpdate(&ctx, s->session->master_key,
+ s->session->master_key_length);
+ EVP_DigestUpdate(&ctx, &c, 1);
+ c++;
+ EVP_DigestUpdate(&ctx, s->s2->challenge, s->s2->challenge_length);
+ EVP_DigestUpdate(&ctx, s->s2->conn_id, s->s2->conn_id_length);
+ EVP_DigestFinal_ex(&ctx, km, NULL);
+ km += EVP_MD_size(md5);
+ }
+
+ EVP_MD_CTX_cleanup(&ctx);
+ return 1;
+}
+
+void ssl2_return_error(SSL *s, int err)
+{
+ if (!s->error) {
+ s->error = 3;
+ s->error_code = err;
+
+ ssl2_write_error(s);
+ }
+}
+
+void ssl2_write_error(SSL *s)
+{
+ unsigned char buf[3];
+ int i, error;
+
+ buf[0] = SSL2_MT_ERROR;
+ buf[1] = (s->error_code >> 8) & 0xff;
+ buf[2] = (s->error_code) & 0xff;
+
+/* state=s->rwstate;*/
+
+ error = s->error; /* number of bytes left to write */
+ s->error = 0;
+ OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
+ i = ssl2_write(s, &(buf[3 - error]), error);
+
+/* if (i == error) s->rwstate=state; */
+
+ if (i < 0)
+ s->error = error;
+ else {
+ s->error = error - i;
+
+ if (s->error == 0)
+ if (s->msg_callback) {
+ /* ERROR */
+ s->msg_callback(1, s->version, 0, buf, 3, s,
+ s->msg_callback_arg);
+ }
+ }
+}
+
+int ssl2_shutdown(SSL *s)
+{
+ s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+ return (1);
+}
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s2_meth.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s2_meth.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s2_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,84 +0,0 @@
-/* ssl/s2_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <openssl/objects.h>
-
-static SSL_METHOD *ssl2_get_method(int ver);
-static SSL_METHOD *ssl2_get_method(int ver)
- {
- if (ver == SSL2_VERSION)
- return(SSLv2_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl2_meth_func(SSLv2_method,
- ssl2_accept,
- ssl2_connect,
- ssl2_get_method)
-
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s2_meth.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s2_meth.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s2_meth.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s2_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,81 @@
+/* ssl/s2_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+# include <stdio.h>
+# include <openssl/objects.h>
+
+static SSL_METHOD *ssl2_get_method(int ver);
+static SSL_METHOD *ssl2_get_method(int ver)
+{
+ if (ver == SSL2_VERSION)
+ return (SSLv2_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_ssl2_meth_func(SSLv2_method,
+ ssl2_accept, ssl2_connect, ssl2_get_method)
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s2_pkt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s2_pkt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s2_pkt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,736 +0,0 @@
-/* ssl/s2_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-
-static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
-static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
-static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
-static int ssl_mt_error(int n);
-
-
-/* SSL 2.0 imlementation for SSL_read/SSL_peek -
- * This routine will return 0 to len bytes, decrypted etc if required.
- */
-static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
- {
- int n;
- unsigned char mac[MAX_MAC_SIZE];
- unsigned char *p;
- int i;
- unsigned int mac_size;
-
- ssl2_read_again:
- if (SSL_in_init(s) && !s->in_handshake)
- {
- n=s->handshake_func(s);
- if (n < 0) return(n);
- if (n == 0)
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- }
-
- clear_sys_error();
- s->rwstate=SSL_NOTHING;
- if (len <= 0) return(len);
-
- if (s->s2->ract_data_length != 0) /* read from buffer */
- {
- if (len > s->s2->ract_data_length)
- n=s->s2->ract_data_length;
- else
- n=len;
-
- memcpy(buf,s->s2->ract_data,(unsigned int)n);
- if (!peek)
- {
- s->s2->ract_data_length-=n;
- s->s2->ract_data+=n;
- if (s->s2->ract_data_length == 0)
- s->rstate=SSL_ST_READ_HEADER;
- }
-
- return(n);
- }
-
- /* s->s2->ract_data_length == 0
- *
- * Fill the buffer, then goto ssl2_read_again.
- */
-
- if (s->rstate == SSL_ST_READ_HEADER)
- {
- if (s->first_packet)
- {
- n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
- if (n <= 0) return(n); /* error or non-blocking */
- s->first_packet=0;
- p=s->packet;
- if (!((p[0] & 0x80) && (
- (p[2] == SSL2_MT_CLIENT_HELLO) ||
- (p[2] == SSL2_MT_SERVER_HELLO))))
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
- return(-1);
- }
- }
- else
- {
- n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
- if (n <= 0) return(n); /* error or non-blocking */
- }
- /* part read stuff */
-
- s->rstate=SSL_ST_READ_BODY;
- p=s->packet;
- /* Do header */
- /*s->s2->padding=0;*/
- s->s2->escape=0;
- s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]);
- if ((p[0] & TWO_BYTE_BIT)) /* Two byte header? */
- {
- s->s2->three_byte_header=0;
- s->s2->rlength&=TWO_BYTE_MASK;
- }
- else
- {
- s->s2->three_byte_header=1;
- s->s2->rlength&=THREE_BYTE_MASK;
-
- /* security >s2->escape */
- s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0;
- }
- }
-
- if (s->rstate == SSL_ST_READ_BODY)
- {
- n=s->s2->rlength+2+s->s2->three_byte_header;
- if (n > (int)s->packet_length)
- {
- n-=s->packet_length;
- i=read_n(s,(unsigned int)n,(unsigned int)n,1);
- if (i <= 0) return(i); /* ERROR */
- }
-
- p= &(s->packet[2]);
- s->rstate=SSL_ST_READ_HEADER;
- if (s->s2->three_byte_header)
- s->s2->padding= *(p++);
- else s->s2->padding=0;
-
- /* Data portion */
- if (s->s2->clear_text)
- {
- mac_size = 0;
- s->s2->mac_data=p;
- s->s2->ract_data=p;
- if (s->s2->padding)
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
- return(-1);
- }
- }
- else
- {
- mac_size=EVP_MD_size(s->read_hash);
- OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
- s->s2->mac_data=p;
- s->s2->ract_data= &p[mac_size];
- if (s->s2->padding + mac_size > s->s2->rlength)
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
- return(-1);
- }
- }
-
- s->s2->ract_data_length=s->s2->rlength;
- /* added a check for length > max_size in case
- * encryption was not turned on yet due to an error */
- if ((!s->s2->clear_text) &&
- (s->s2->rlength >= mac_size))
- {
- ssl2_enc(s,0);
- s->s2->ract_data_length-=mac_size;
- ssl2_mac(s,mac,0);
- s->s2->ract_data_length-=s->s2->padding;
- if ( (CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) ||
- (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
- return(-1);
- }
- }
- INC32(s->s2->read_sequence); /* expect next number */
- /* s->s2->ract_data is now available for processing */
-
- /* Possibly the packet that we just read had 0 actual data bytes.
- * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
- * In this case, returning 0 would be interpreted by the caller
- * as indicating EOF, so it's not a good idea. Instead, we just
- * continue reading; thus ssl2_read_internal may have to process
- * multiple packets before it can return.
- *
- * [Note that using select() for blocking sockets *never* guarantees
- * that the next SSL_read will not block -- the available
- * data may contain incomplete packets, and except for SSL 2,
- * renegotiation can confuse things even more.] */
-
- goto ssl2_read_again; /* This should really be
- * "return ssl2_read(s,buf,len)",
- * but that would allow for
- * denial-of-service attacks if a
- * C compiler is used that does not
- * recognize end-recursion. */
- }
- else
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
- return(-1);
- }
- }
-
-int ssl2_read(SSL *s, void *buf, int len)
- {
- return ssl2_read_internal(s, buf, len, 0);
- }
-
-int ssl2_peek(SSL *s, void *buf, int len)
- {
- return ssl2_read_internal(s, buf, len, 1);
- }
-
-static int read_n(SSL *s, unsigned int n, unsigned int max,
- unsigned int extend)
- {
- int i,off,newb;
-
- /* if there is stuff still in the buffer from a previous read,
- * and there is more than we want, take some. */
- if (s->s2->rbuf_left >= (int)n)
- {
- if (extend)
- s->packet_length+=n;
- else
- {
- s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]);
- s->packet_length=n;
- }
- s->s2->rbuf_left-=n;
- s->s2->rbuf_offs+=n;
- return(n);
- }
-
- if (!s->read_ahead) max=n;
- if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2))
- max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2;
-
-
- /* Else we want more than we have.
- * First, if there is some left or we want to extend */
- off=0;
- if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend))
- {
- newb=s->s2->rbuf_left;
- if (extend)
- {
- off=s->packet_length;
- if (s->packet != s->s2->rbuf)
- memcpy(s->s2->rbuf,s->packet,
- (unsigned int)newb+off);
- }
- else if (s->s2->rbuf_offs != 0)
- {
- memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]),
- (unsigned int)newb);
- s->s2->rbuf_offs=0;
- }
- s->s2->rbuf_left=0;
- }
- else
- newb=0;
-
- /* off is the offset to start writing too.
- * r->s2->rbuf_offs is the 'unread data', now 0.
- * newb is the number of new bytes so far
- */
- s->packet=s->s2->rbuf;
- while (newb < (int)n)
- {
- clear_sys_error();
- if (s->rbio != NULL)
- {
- s->rwstate=SSL_READING;
- i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]),
- max-newb);
- }
- else
- {
- SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET);
- i= -1;
- }
-#ifdef PKT_DEBUG
- if (s->debug & 0x01) sleep(1);
-#endif
- if (i <= 0)
- {
- s->s2->rbuf_left+=newb;
- return(i);
- }
- newb+=i;
- }
-
- /* record unread data */
- if (newb > (int)n)
- {
- s->s2->rbuf_offs=n+off;
- s->s2->rbuf_left=newb-n;
- }
- else
- {
- s->s2->rbuf_offs=0;
- s->s2->rbuf_left=0;
- }
- if (extend)
- s->packet_length+=n;
- else
- s->packet_length=n;
- s->rwstate=SSL_NOTHING;
- return(n);
- }
-
-int ssl2_write(SSL *s, const void *_buf, int len)
- {
- const unsigned char *buf=_buf;
- unsigned int n,tot;
- int i;
-
- if (SSL_in_init(s) && !s->in_handshake)
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- }
-
- if (s->error)
- {
- ssl2_write_error(s);
- if (s->error)
- return(-1);
- }
-
- clear_sys_error();
- s->rwstate=SSL_NOTHING;
- if (len <= 0) return(len);
-
- tot=s->s2->wnum;
- s->s2->wnum=0;
-
- n=(len-tot);
- for (;;)
- {
- i=do_ssl_write(s,&(buf[tot]),n);
- if (i <= 0)
- {
- s->s2->wnum=tot;
- return(i);
- }
- if ((i == (int)n) ||
- (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))
- {
- return(tot+i);
- }
-
- n-=i;
- tot+=i;
- }
- }
-
-static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
- {
- int i;
-
- /* s->s2->wpend_len != 0 MUST be true. */
-
- /* check that they have given us the same buffer to
- * write */
- if ((s->s2->wpend_tot > (int)len) ||
- ((s->s2->wpend_buf != buf) &&
- !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)))
- {
- SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
- return(-1);
- }
-
- for (;;)
- {
- clear_sys_error();
- if (s->wbio != NULL)
- {
- s->rwstate=SSL_WRITING;
- i=BIO_write(s->wbio,
- (char *)&(s->s2->write_ptr[s->s2->wpend_off]),
- (unsigned int)s->s2->wpend_len);
- }
- else
- {
- SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET);
- i= -1;
- }
-#ifdef PKT_DEBUG
- if (s->debug & 0x01) sleep(1);
-#endif
- if (i == s->s2->wpend_len)
- {
- s->s2->wpend_len=0;
- s->rwstate=SSL_NOTHING;
- return(s->s2->wpend_ret);
- }
- else if (i <= 0)
- return(i);
- s->s2->wpend_off+=i;
- s->s2->wpend_len-=i;
- }
- }
-
-static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
- {
- unsigned int j,k,olen,p,mac_size,bs;
- register unsigned char *pp;
-
- olen=len;
-
- /* first check if there is data from an encryption waiting to
- * be sent - it must be sent because the other end is waiting.
- * This will happen with non-blocking IO. We print it and then
- * return.
- */
- if (s->s2->wpend_len != 0) return(write_pending(s,buf,len));
-
- /* set mac_size to mac size */
- if (s->s2->clear_text)
- mac_size=0;
- else
- mac_size=EVP_MD_size(s->write_hash);
-
- /* lets set the pad p */
- if (s->s2->clear_text)
- {
- if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
- len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
- p=0;
- s->s2->three_byte_header=0;
- /* len=len; */
- }
- else
- {
- bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
- j=len+mac_size;
- /* Two-byte headers allow for a larger record length than
- * three-byte headers, but we can't use them if we need
- * padding or if we have to set the escape bit. */
- if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
- (!s->s2->escape))
- {
- if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
- j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
- /* set k to the max number of bytes with 2
- * byte header */
- k=j-(j%bs);
- /* how many data bytes? */
- len=k-mac_size;
- s->s2->three_byte_header=0;
- p=0;
- }
- else if ((bs <= 1) && (!s->s2->escape))
- {
- /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
- * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
- s->s2->three_byte_header=0;
- p=0;
- }
- else /* we may have to use a 3 byte header */
- {
- /* If s->s2->escape is not set, then
- * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
- * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
- p=(j%bs);
- p=(p == 0)?0:(bs-p);
- if (s->s2->escape)
- {
- s->s2->three_byte_header=1;
- if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
- }
- else
- s->s2->three_byte_header=(p == 0)?0:1;
- }
- }
-
- /* Now
- * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
- * holds, and if s->s2->three_byte_header is set, then even
- * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
- */
-
- /* mac_size is the number of MAC bytes
- * len is the number of data bytes we are going to send
- * p is the number of padding bytes
- * (if it is a two-byte header, then p == 0) */
-
- s->s2->wlength=len;
- s->s2->padding=p;
- s->s2->mac_data= &(s->s2->wbuf[3]);
- s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
- /* we copy the data into s->s2->wbuf */
- memcpy(s->s2->wact_data,buf,len);
- if (p)
- memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */
-
- if (!s->s2->clear_text)
- {
- s->s2->wact_data_length=len+p;
- ssl2_mac(s,s->s2->mac_data,1);
- s->s2->wlength+=p+mac_size;
- ssl2_enc(s,1);
- }
-
- /* package up the header */
- s->s2->wpend_len=s->s2->wlength;
- if (s->s2->three_byte_header) /* 3 byte header */
- {
- pp=s->s2->mac_data;
- pp-=3;
- pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8);
- if (s->s2->escape) pp[0]|=SEC_ESC_BIT;
- pp[1]=s->s2->wlength&0xff;
- pp[2]=s->s2->padding;
- s->s2->wpend_len+=3;
- }
- else
- {
- pp=s->s2->mac_data;
- pp-=2;
- pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT;
- pp[1]=s->s2->wlength&0xff;
- s->s2->wpend_len+=2;
- }
- s->s2->write_ptr=pp;
-
- INC32(s->s2->write_sequence); /* expect next number */
-
- /* lets try to actually write the data */
- s->s2->wpend_tot=olen;
- s->s2->wpend_buf=buf;
-
- s->s2->wpend_ret=len;
-
- s->s2->wpend_off=0;
- return(write_pending(s,buf,olen));
- }
-
-int ssl2_part_read(SSL *s, unsigned long f, int i)
- {
- unsigned char *p;
- int j;
-
- if (i < 0)
- {
- /* ssl2_return_error(s); */
- /* for non-blocking io,
- * this is not necessarily fatal */
- return(i);
- }
- else
- {
- s->init_num+=i;
-
- /* Check for error. While there are recoverable errors,
- * this function is not called when those must be expected;
- * any error detected here is fatal. */
- if (s->init_num >= 3)
- {
- p=(unsigned char *)s->init_buf->data;
- if (p[0] == SSL2_MT_ERROR)
- {
- j=(p[1]<<8)|p[2];
- SSLerr((int)f,ssl_mt_error(j));
- s->init_num -= 3;
- if (s->init_num > 0)
- memmove(p, p+3, s->init_num);
- }
- }
-
- /* If it's not an error message, we have some error anyway --
- * the message was shorter than expected. This too is treated
- * as fatal (at least if SSL_get_error is asked for its opinion). */
- return(0);
- }
- }
-
-int ssl2_do_write(SSL *s)
- {
- int ret;
-
- ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
- if (ret == s->init_num)
- {
- if (s->msg_callback)
- s->msg_callback(1, s->version, 0, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
- return(1);
- }
- if (ret < 0)
- return(-1);
- s->init_off+=ret;
- s->init_num-=ret;
- return(0);
- }
-
-static int ssl_mt_error(int n)
- {
- int ret;
-
- switch (n)
- {
- case SSL2_PE_NO_CIPHER:
- ret=SSL_R_PEER_ERROR_NO_CIPHER;
- break;
- case SSL2_PE_NO_CERTIFICATE:
- ret=SSL_R_PEER_ERROR_NO_CERTIFICATE;
- break;
- case SSL2_PE_BAD_CERTIFICATE:
- ret=SSL_R_PEER_ERROR_CERTIFICATE;
- break;
- case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE:
- ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;
- break;
- default:
- ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;
- break;
- }
- return(ret);
- }
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s2_pkt.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s2_pkt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s2_pkt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s2_pkt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,700 @@
+/* ssl/s2_pkt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+# include <stdio.h>
+# include <errno.h>
+# define USE_SOCKETS
+
+static int read_n(SSL *s, unsigned int n, unsigned int max,
+ unsigned int extend);
+static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
+static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
+static int ssl_mt_error(int n);
+
+/*
+ * SSL 2.0 imlementation for SSL_read/SSL_peek - This routine will return 0
+ * to len bytes, decrypted etc if required.
+ */
+static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
+{
+ int n;
+ unsigned char mac[MAX_MAC_SIZE];
+ unsigned char *p;
+ int i;
+ unsigned int mac_size;
+
+ ssl2_read_again:
+ if (SSL_in_init(s) && !s->in_handshake) {
+ n = s->handshake_func(s);
+ if (n < 0)
+ return (n);
+ if (n == 0) {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_SSL_HANDSHAKE_FAILURE);
+ return (-1);
+ }
+ }
+
+ clear_sys_error();
+ s->rwstate = SSL_NOTHING;
+ if (len <= 0)
+ return (len);
+
+ if (s->s2->ract_data_length != 0) { /* read from buffer */
+ if (len > s->s2->ract_data_length)
+ n = s->s2->ract_data_length;
+ else
+ n = len;
+
+ memcpy(buf, s->s2->ract_data, (unsigned int)n);
+ if (!peek) {
+ s->s2->ract_data_length -= n;
+ s->s2->ract_data += n;
+ if (s->s2->ract_data_length == 0)
+ s->rstate = SSL_ST_READ_HEADER;
+ }
+
+ return (n);
+ }
+
+ /*
+ * s->s2->ract_data_length == 0 Fill the buffer, then goto
+ * ssl2_read_again.
+ */
+
+ if (s->rstate == SSL_ST_READ_HEADER) {
+ if (s->first_packet) {
+ n = read_n(s, 5, SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2, 0);
+ if (n <= 0)
+ return (n); /* error or non-blocking */
+ s->first_packet = 0;
+ p = s->packet;
+ if (!((p[0] & 0x80) && ((p[2] == SSL2_MT_CLIENT_HELLO) ||
+ (p[2] == SSL2_MT_SERVER_HELLO)))) {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL,
+ SSL_R_NON_SSLV2_INITIAL_PACKET);
+ return (-1);
+ }
+ } else {
+ n = read_n(s, 2, SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2, 0);
+ if (n <= 0)
+ return (n); /* error or non-blocking */
+ }
+ /* part read stuff */
+
+ s->rstate = SSL_ST_READ_BODY;
+ p = s->packet;
+ /* Do header */
+ /*
+ * s->s2->padding=0;
+ */
+ s->s2->escape = 0;
+ s->s2->rlength = (((unsigned int)p[0]) << 8) | ((unsigned int)p[1]);
+ if ((p[0] & TWO_BYTE_BIT)) { /* Two byte header? */
+ s->s2->three_byte_header = 0;
+ s->s2->rlength &= TWO_BYTE_MASK;
+ } else {
+ s->s2->three_byte_header = 1;
+ s->s2->rlength &= THREE_BYTE_MASK;
+
+ /* security >s2->escape */
+ s->s2->escape = ((p[0] & SEC_ESC_BIT)) ? 1 : 0;
+ }
+ }
+
+ if (s->rstate == SSL_ST_READ_BODY) {
+ n = s->s2->rlength + 2 + s->s2->three_byte_header;
+ if (n > (int)s->packet_length) {
+ n -= s->packet_length;
+ i = read_n(s, (unsigned int)n, (unsigned int)n, 1);
+ if (i <= 0)
+ return (i); /* ERROR */
+ }
+
+ p = &(s->packet[2]);
+ s->rstate = SSL_ST_READ_HEADER;
+ if (s->s2->three_byte_header)
+ s->s2->padding = *(p++);
+ else
+ s->s2->padding = 0;
+
+ /* Data portion */
+ if (s->s2->clear_text) {
+ mac_size = 0;
+ s->s2->mac_data = p;
+ s->s2->ract_data = p;
+ if (s->s2->padding) {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_ILLEGAL_PADDING);
+ return (-1);
+ }
+ } else {
+ mac_size = EVP_MD_size(s->read_hash);
+ OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
+ s->s2->mac_data = p;
+ s->s2->ract_data = &p[mac_size];
+ if (s->s2->padding + mac_size > s->s2->rlength) {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_ILLEGAL_PADDING);
+ return (-1);
+ }
+ }
+
+ s->s2->ract_data_length = s->s2->rlength;
+ /*
+ * added a check for length > max_size in case encryption was not
+ * turned on yet due to an error
+ */
+ if ((!s->s2->clear_text) && (s->s2->rlength >= mac_size)) {
+ ssl2_enc(s, 0);
+ s->s2->ract_data_length -= mac_size;
+ ssl2_mac(s, mac, 0);
+ s->s2->ract_data_length -= s->s2->padding;
+ if ((CRYPTO_memcmp(mac, s->s2->mac_data, mac_size) != 0) ||
+ (s->s2->rlength %
+ EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0)) {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_BAD_MAC_DECODE);
+ return (-1);
+ }
+ }
+ INC32(s->s2->read_sequence); /* expect next number */
+ /* s->s2->ract_data is now available for processing */
+
+ /*
+ * Possibly the packet that we just read had 0 actual data bytes.
+ * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
+ * In this case, returning 0 would be interpreted by the caller as
+ * indicating EOF, so it's not a good idea. Instead, we just
+ * continue reading; thus ssl2_read_internal may have to process
+ * multiple packets before it can return. [Note that using select()
+ * for blocking sockets *never* guarantees that the next SSL_read
+ * will not block -- the available data may contain incomplete
+ * packets, and except for SSL 2, renegotiation can confuse things
+ * even more.]
+ */
+
+ goto ssl2_read_again; /* This should really be "return
+ * ssl2_read(s,buf,len)", but that would
+ * allow for denial-of-service attacks if a C
+ * compiler is used that does not recognize
+ * end-recursion. */
+ } else {
+ SSLerr(SSL_F_SSL2_READ_INTERNAL, SSL_R_BAD_STATE);
+ return (-1);
+ }
+}
+
+int ssl2_read(SSL *s, void *buf, int len)
+{
+ return ssl2_read_internal(s, buf, len, 0);
+}
+
+int ssl2_peek(SSL *s, void *buf, int len)
+{
+ return ssl2_read_internal(s, buf, len, 1);
+}
+
+static int read_n(SSL *s, unsigned int n, unsigned int max,
+ unsigned int extend)
+{
+ int i, off, newb;
+
+ /*
+ * if there is stuff still in the buffer from a previous read, and there
+ * is more than we want, take some.
+ */
+ if (s->s2->rbuf_left >= (int)n) {
+ if (extend)
+ s->packet_length += n;
+ else {
+ s->packet = &(s->s2->rbuf[s->s2->rbuf_offs]);
+ s->packet_length = n;
+ }
+ s->s2->rbuf_left -= n;
+ s->s2->rbuf_offs += n;
+ return (n);
+ }
+
+ if (!s->read_ahead)
+ max = n;
+ if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2))
+ max = SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2;
+
+ /*
+ * Else we want more than we have. First, if there is some left or we
+ * want to extend
+ */
+ off = 0;
+ if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend)) {
+ newb = s->s2->rbuf_left;
+ if (extend) {
+ off = s->packet_length;
+ if (s->packet != s->s2->rbuf)
+ memcpy(s->s2->rbuf, s->packet, (unsigned int)newb + off);
+ } else if (s->s2->rbuf_offs != 0) {
+ memcpy(s->s2->rbuf, &(s->s2->rbuf[s->s2->rbuf_offs]),
+ (unsigned int)newb);
+ s->s2->rbuf_offs = 0;
+ }
+ s->s2->rbuf_left = 0;
+ } else
+ newb = 0;
+
+ /*
+ * off is the offset to start writing too. r->s2->rbuf_offs is the
+ * 'unread data', now 0. newb is the number of new bytes so far
+ */
+ s->packet = s->s2->rbuf;
+ while (newb < (int)n) {
+ clear_sys_error();
+ if (s->rbio != NULL) {
+ s->rwstate = SSL_READING;
+ i = BIO_read(s->rbio, (char *)&(s->s2->rbuf[off + newb]),
+ max - newb);
+ } else {
+ SSLerr(SSL_F_READ_N, SSL_R_READ_BIO_NOT_SET);
+ i = -1;
+ }
+# ifdef PKT_DEBUG
+ if (s->debug & 0x01)
+ sleep(1);
+# endif
+ if (i <= 0) {
+ s->s2->rbuf_left += newb;
+ return (i);
+ }
+ newb += i;
+ }
+
+ /* record unread data */
+ if (newb > (int)n) {
+ s->s2->rbuf_offs = n + off;
+ s->s2->rbuf_left = newb - n;
+ } else {
+ s->s2->rbuf_offs = 0;
+ s->s2->rbuf_left = 0;
+ }
+ if (extend)
+ s->packet_length += n;
+ else
+ s->packet_length = n;
+ s->rwstate = SSL_NOTHING;
+ return (n);
+}
+
+int ssl2_write(SSL *s, const void *_buf, int len)
+{
+ const unsigned char *buf = _buf;
+ unsigned int n, tot;
+ int i;
+
+ if (SSL_in_init(s) && !s->in_handshake) {
+ i = s->handshake_func(s);
+ if (i < 0)
+ return (i);
+ if (i == 0) {
+ SSLerr(SSL_F_SSL2_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE);
+ return (-1);
+ }
+ }
+
+ if (s->error) {
+ ssl2_write_error(s);
+ if (s->error)
+ return (-1);
+ }
+
+ clear_sys_error();
+ s->rwstate = SSL_NOTHING;
+ if (len <= 0)
+ return (len);
+
+ tot = s->s2->wnum;
+ s->s2->wnum = 0;
+
+ n = (len - tot);
+ for (;;) {
+ i = do_ssl_write(s, &(buf[tot]), n);
+ if (i <= 0) {
+ s->s2->wnum = tot;
+ return (i);
+ }
+ if ((i == (int)n) || (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)) {
+ return (tot + i);
+ }
+
+ n -= i;
+ tot += i;
+ }
+}
+
+static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
+{
+ int i;
+
+ /* s->s2->wpend_len != 0 MUST be true. */
+
+ /*
+ * check that they have given us the same buffer to write
+ */
+ if ((s->s2->wpend_tot > (int)len) ||
+ ((s->s2->wpend_buf != buf) &&
+ !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))) {
+ SSLerr(SSL_F_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
+ return (-1);
+ }
+
+ for (;;) {
+ clear_sys_error();
+ if (s->wbio != NULL) {
+ s->rwstate = SSL_WRITING;
+ i = BIO_write(s->wbio,
+ (char *)&(s->s2->write_ptr[s->s2->wpend_off]),
+ (unsigned int)s->s2->wpend_len);
+ } else {
+ SSLerr(SSL_F_WRITE_PENDING, SSL_R_WRITE_BIO_NOT_SET);
+ i = -1;
+ }
+# ifdef PKT_DEBUG
+ if (s->debug & 0x01)
+ sleep(1);
+# endif
+ if (i == s->s2->wpend_len) {
+ s->s2->wpend_len = 0;
+ s->rwstate = SSL_NOTHING;
+ return (s->s2->wpend_ret);
+ } else if (i <= 0)
+ return (i);
+ s->s2->wpend_off += i;
+ s->s2->wpend_len -= i;
+ }
+}
+
+static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
+{
+ unsigned int j, k, olen, p, mac_size, bs;
+ register unsigned char *pp;
+
+ olen = len;
+
+ /*
+ * first check if there is data from an encryption waiting to be sent -
+ * it must be sent because the other end is waiting. This will happen
+ * with non-blocking IO. We print it and then return.
+ */
+ if (s->s2->wpend_len != 0)
+ return (write_pending(s, buf, len));
+
+ /* set mac_size to mac size */
+ if (s->s2->clear_text)
+ mac_size = 0;
+ else
+ mac_size = EVP_MD_size(s->write_hash);
+
+ /* lets set the pad p */
+ if (s->s2->clear_text) {
+ if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
+ len = SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
+ p = 0;
+ s->s2->three_byte_header = 0;
+ /* len=len; */
+ } else {
+ bs = EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
+ j = len + mac_size;
+ /*
+ * Two-byte headers allow for a larger record length than three-byte
+ * headers, but we can't use them if we need padding or if we have to
+ * set the escape bit.
+ */
+ if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) && (!s->s2->escape)) {
+ if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
+ j = SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
+ /*
+ * set k to the max number of bytes with 2 byte header
+ */
+ k = j - (j % bs);
+ /* how many data bytes? */
+ len = k - mac_size;
+ s->s2->three_byte_header = 0;
+ p = 0;
+ } else if ((bs <= 1) && (!s->s2->escape)) {
+ /*-
+ * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
+ * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+ */
+ s->s2->three_byte_header = 0;
+ p = 0;
+ } else { /* we may have to use a 3 byte header */
+
+ /*-
+ * If s->s2->escape is not set, then
+ * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
+ * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER.
+ */
+ p = (j % bs);
+ p = (p == 0) ? 0 : (bs - p);
+ if (s->s2->escape) {
+ s->s2->three_byte_header = 1;
+ if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+ j = SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
+ } else
+ s->s2->three_byte_header = (p == 0) ? 0 : 1;
+ }
+ }
+
+ /*-
+ * Now
+ * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+ * holds, and if s->s2->three_byte_header is set, then even
+ * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
+ */
+
+ /*
+ * mac_size is the number of MAC bytes len is the number of data bytes we
+ * are going to send p is the number of padding bytes (if it is a
+ * two-byte header, then p == 0)
+ */
+
+ s->s2->wlength = len;
+ s->s2->padding = p;
+ s->s2->mac_data = &(s->s2->wbuf[3]);
+ s->s2->wact_data = &(s->s2->wbuf[3 + mac_size]);
+ /* we copy the data into s->s2->wbuf */
+ memcpy(s->s2->wact_data, buf, len);
+ if (p)
+ memset(&(s->s2->wact_data[len]), 0, p); /* arbitrary padding */
+
+ if (!s->s2->clear_text) {
+ s->s2->wact_data_length = len + p;
+ ssl2_mac(s, s->s2->mac_data, 1);
+ s->s2->wlength += p + mac_size;
+ ssl2_enc(s, 1);
+ }
+
+ /* package up the header */
+ s->s2->wpend_len = s->s2->wlength;
+ if (s->s2->three_byte_header) { /* 3 byte header */
+ pp = s->s2->mac_data;
+ pp -= 3;
+ pp[0] = (s->s2->wlength >> 8) & (THREE_BYTE_MASK >> 8);
+ if (s->s2->escape)
+ pp[0] |= SEC_ESC_BIT;
+ pp[1] = s->s2->wlength & 0xff;
+ pp[2] = s->s2->padding;
+ s->s2->wpend_len += 3;
+ } else {
+ pp = s->s2->mac_data;
+ pp -= 2;
+ pp[0] = ((s->s2->wlength >> 8) & (TWO_BYTE_MASK >> 8)) | TWO_BYTE_BIT;
+ pp[1] = s->s2->wlength & 0xff;
+ s->s2->wpend_len += 2;
+ }
+ s->s2->write_ptr = pp;
+
+ INC32(s->s2->write_sequence); /* expect next number */
+
+ /* lets try to actually write the data */
+ s->s2->wpend_tot = olen;
+ s->s2->wpend_buf = buf;
+
+ s->s2->wpend_ret = len;
+
+ s->s2->wpend_off = 0;
+ return (write_pending(s, buf, olen));
+}
+
+int ssl2_part_read(SSL *s, unsigned long f, int i)
+{
+ unsigned char *p;
+ int j;
+
+ if (i < 0) {
+ /* ssl2_return_error(s); */
+ /*
+ * for non-blocking io, this is not necessarily fatal
+ */
+ return (i);
+ } else {
+ s->init_num += i;
+
+ /*
+ * Check for error. While there are recoverable errors, this
+ * function is not called when those must be expected; any error
+ * detected here is fatal.
+ */
+ if (s->init_num >= 3) {
+ p = (unsigned char *)s->init_buf->data;
+ if (p[0] == SSL2_MT_ERROR) {
+ j = (p[1] << 8) | p[2];
+ SSLerr((int)f, ssl_mt_error(j));
+ s->init_num -= 3;
+ if (s->init_num > 0)
+ memmove(p, p + 3, s->init_num);
+ }
+ }
+
+ /*
+ * If it's not an error message, we have some error anyway -- the
+ * message was shorter than expected. This too is treated as fatal
+ * (at least if SSL_get_error is asked for its opinion).
+ */
+ return (0);
+ }
+}
+
+int ssl2_do_write(SSL *s)
+{
+ int ret;
+
+ ret = ssl2_write(s, &s->init_buf->data[s->init_off], s->init_num);
+ if (ret == s->init_num) {
+ if (s->msg_callback)
+ s->msg_callback(1, s->version, 0, s->init_buf->data,
+ (size_t)(s->init_off + s->init_num), s,
+ s->msg_callback_arg);
+ return (1);
+ }
+ if (ret < 0)
+ return (-1);
+ s->init_off += ret;
+ s->init_num -= ret;
+ return (0);
+}
+
+static int ssl_mt_error(int n)
+{
+ int ret;
+
+ switch (n) {
+ case SSL2_PE_NO_CIPHER:
+ ret = SSL_R_PEER_ERROR_NO_CIPHER;
+ break;
+ case SSL2_PE_NO_CERTIFICATE:
+ ret = SSL_R_PEER_ERROR_NO_CERTIFICATE;
+ break;
+ case SSL2_PE_BAD_CERTIFICATE:
+ ret = SSL_R_PEER_ERROR_CERTIFICATE;
+ break;
+ case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE:
+ ret = SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;
+ break;
+ default:
+ ret = SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;
+ break;
+ }
+ return (ret);
+}
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s2_srvr.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s2_srvr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s2_srvr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1142 +0,0 @@
-/* ssl/s2_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *ssl2_get_server_method(int ver);
-static int get_client_master_key(SSL *s);
-static int get_client_hello(SSL *s);
-static int server_hello(SSL *s);
-static int get_client_finished(SSL *s);
-static int server_verify(SSL *s);
-static int server_finish(SSL *s);
-static int request_certificate(SSL *s);
-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
- unsigned char *to,int padding);
-#define BREAK break
-
-static SSL_METHOD *ssl2_get_server_method(int ver)
- {
- if (ver == SSL2_VERSION)
- return(SSLv2_server_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl2_meth_func(SSLv2_server_method,
- ssl2_accept,
- ssl_undefined_function,
- ssl2_get_server_method)
-
-int ssl2_accept(SSL *s)
- {
- unsigned long l=(unsigned long)time(NULL);
- BUF_MEM *buf=NULL;
- int ret= -1;
- long num1;
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int new_state,state;
-
- RAND_add(&l,sizeof(l),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- /* init things to blank */
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- if (s->cert == NULL)
- {
- SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
-
- clear_sys_error();
- for (;;)
- {
- state=s->state;
-
- switch (s->state)
- {
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE|SSL_ST_ACCEPT:
- case SSL_ST_OK|SSL_ST_ACCEPT:
-
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- s->version=SSL2_VERSION;
- s->type=SSL_ST_ACCEPT;
-
- buf=s->init_buf;
- if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
- { ret= -1; goto end; }
- if (!BUF_MEM_grow(buf,(int)
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- { ret= -1; goto end; }
- s->init_buf=buf;
- s->init_num=0;
- s->ctx->stats.sess_accept++;
- s->handshake_func=ssl2_accept;
- s->state=SSL2_ST_GET_CLIENT_HELLO_A;
- BREAK;
-
- case SSL2_ST_GET_CLIENT_HELLO_A:
- case SSL2_ST_GET_CLIENT_HELLO_B:
- case SSL2_ST_GET_CLIENT_HELLO_C:
- s->shutdown=0;
- ret=get_client_hello(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_SEND_SERVER_HELLO_A;
- BREAK;
-
- case SSL2_ST_SEND_SERVER_HELLO_A:
- case SSL2_ST_SEND_SERVER_HELLO_B:
- ret=server_hello(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- if (!s->hit)
- {
- s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A;
- BREAK;
- }
- else
- {
- s->state=SSL2_ST_SERVER_START_ENCRYPTION;
- BREAK;
- }
- case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
- case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
- ret=get_client_master_key(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_SERVER_START_ENCRYPTION;
- BREAK;
-
- case SSL2_ST_SERVER_START_ENCRYPTION:
- /* Ok we how have sent all the stuff needed to
- * start encrypting, the next packet back will
- * be encrypted. */
- if (!ssl2_enc_init(s,0))
- { ret= -1; goto end; }
- s->s2->clear_text=0;
- s->state=SSL2_ST_SEND_SERVER_VERIFY_A;
- BREAK;
-
- case SSL2_ST_SEND_SERVER_VERIFY_A:
- case SSL2_ST_SEND_SERVER_VERIFY_B:
- ret=server_verify(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- if (s->hit)
- {
- /* If we are in here, we have been
- * buffering the output, so we need to
- * flush it and remove buffering from
- * future traffic */
- s->state=SSL2_ST_SEND_SERVER_VERIFY_C;
- BREAK;
- }
- else
- {
- s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
- break;
- }
-
- case SSL2_ST_SEND_SERVER_VERIFY_C:
- /* get the number of bytes to write */
- num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
- if (num1 > 0)
- {
- s->rwstate=SSL_WRITING;
- num1=BIO_flush(s->wbio);
- if (num1 <= 0) { ret= -1; goto end; }
- s->rwstate=SSL_NOTHING;
- }
-
- /* flushed and now remove buffering */
- s->wbio=BIO_pop(s->wbio);
-
- s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
- BREAK;
-
- case SSL2_ST_GET_CLIENT_FINISHED_A:
- case SSL2_ST_GET_CLIENT_FINISHED_B:
- ret=get_client_finished(s);
- if (ret <= 0)
- goto end;
- s->init_num=0;
- s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A;
- BREAK;
-
- case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
- case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
- case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
- case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
- /* don't do a 'request certificate' if we
- * don't want to, or we already have one, and
- * we only want to do it once. */
- if (!(s->verify_mode & SSL_VERIFY_PEER) ||
- ((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
- {
- s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
- break;
- }
- else
- {
- ret=request_certificate(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
- }
- BREAK;
-
- case SSL2_ST_SEND_SERVER_FINISHED_A:
- case SSL2_ST_SEND_SERVER_FINISHED_B:
- ret=server_finish(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL_ST_OK;
- break;
-
- case SSL_ST_OK:
- BUF_MEM_free(s->init_buf);
- ssl_free_wbio_buffer(s);
- s->init_buf=NULL;
- s->init_num=0;
- /* ERR_clear_error();*/
-
- ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
- s->ctx->stats.sess_accept_good++;
- /* s->server=1; */
- ret=1;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
- goto end;
- /* BREAK; */
-
- default:
- SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* BREAK; */
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
- }
-end:
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
-
-static int get_client_master_key(SSL *s)
- {
- int is_export,i,n,keya,ek;
- unsigned long len;
- unsigned char *p;
- SSL_CIPHER *cp;
- const EVP_CIPHER *c;
- const EVP_MD *md;
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A)
- {
- i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num);
-
- if (i < (10-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
- s->init_num = 10;
-
- if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)
- {
- if (p[-1] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
- return(-1);
- }
-
- cp=ssl2_get_cipher_by_char(p);
- if (cp == NULL)
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
- return(-1);
- }
- s->session->cipher= cp;
-
- p+=3;
- n2s(p,i); s->s2->tmp.clear=i;
- n2s(p,i); s->s2->tmp.enc=i;
- n2s(p,i);
- if(i > SSL_MAX_KEY_ARG_LENGTH)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
- return -1;
- }
- s->session->key_arg_length=i;
- s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
- }
-
- /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
- p=(unsigned char *)s->init_buf->data;
- if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- keya=s->session->key_arg_length;
- len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
- return -1;
- }
- n = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
- if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY */
- p += 10;
-
- memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
- (unsigned int)keya);
-
- if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
- return(-1);
- }
- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
-
- is_export=SSL_C_IS_EXPORT(s->session->cipher);
-
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
- return(0);
- }
-
- if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
- {
- is_export=1;
- ek=8;
- }
- else
- ek=5;
-
- /* bad decrypt */
-#if 1
- /* If a bad decrypt, continue with protocol but with a
- * random master secret (Bleichenbacher attack) */
- if ((i < 0) ||
- ((!is_export && (i != EVP_CIPHER_key_length(c)))
- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
- (unsigned int)EVP_CIPHER_key_length(c))))))
- {
- ERR_clear_error();
- if (is_export)
- i=ek;
- else
- i=EVP_CIPHER_key_length(c);
- if (RAND_pseudo_bytes(p,i) <= 0)
- return 0;
- }
-#else
- if (i < 0)
- {
- error=1;
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT);
- }
- /* incorrect number of key bytes for non export cipher */
- else if ((!is_export && (i != EVP_CIPHER_key_length(c)))
- || (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
- EVP_CIPHER_key_length(c)))))
- {
- error=1;
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS);
- }
- if (error)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
-#endif
-
- if (is_export) i+=s->s2->tmp.clear;
-
- if (i > SSL_MAX_MASTER_KEY_LENGTH)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- s->session->master_key_length=i;
- memcpy(s->session->master_key,p,(unsigned int)i);
- return(1);
- }
-
-static int get_client_hello(SSL *s)
- {
- int i,n;
- unsigned long len;
- unsigned char *p;
- STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
- STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
- STACK_OF(SSL_CIPHER) *prio, *allow;
- int z;
-
- /* This is a bit of a hack to check for the correct packet
- * type the first time round. */
- if (s->state == SSL2_ST_GET_CLIENT_HELLO_A)
- {
- s->first_packet=1;
- s->state=SSL2_ST_GET_CLIENT_HELLO_B;
- }
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_GET_CLIENT_HELLO_B)
- {
- i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);
- if (i < (9-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
- s->init_num = 9;
-
- if (*(p++) != SSL2_MT_CLIENT_HELLO)
- {
- if (p[-1] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_PEER_ERROR);
- return(-1);
- }
- n2s(p,i);
- if (i < s->version) s->version=i;
- n2s(p,i); s->s2->tmp.cipher_spec_length=i;
- n2s(p,i); s->s2->tmp.session_id_length=i;
- n2s(p,i); s->s2->challenge_length=i;
- if ( (i < SSL2_MIN_CHALLENGE_LENGTH) ||
- (i > SSL2_MAX_CHALLENGE_LENGTH))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
- return(-1);
- }
- s->state=SSL2_ST_GET_CLIENT_HELLO_C;
- }
-
- /* SSL2_ST_GET_CLIENT_HELLO_C */
- p=(unsigned char *)s->init_buf->data;
- len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
- return -1;
- }
- n = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
- if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO */
- p += 9;
-
- /* get session-id before cipher stuff so we can get out session
- * structure if it is cached */
- /* session-id */
- if ((s->s2->tmp.session_id_length != 0) &&
- (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_BAD_SSL_SESSION_ID_LENGTH);
- return(-1);
- }
-
- if (s->s2->tmp.session_id_length == 0)
- {
- if (!ssl_get_new_session(s,1))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
- else
- {
- i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]),
- s->s2->tmp.session_id_length, NULL);
- if (i == 1)
- { /* previous session */
- s->hit=1;
- }
- else if (i == -1)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- else
- {
- if (s->cert == NULL)
- {
- ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
-
- if (!ssl_get_new_session(s,1))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
- }
-
- if (!s->hit)
- {
- cs=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.cipher_spec_length,
- &s->session->ciphers);
- if (cs == NULL) goto mem_err;
-
- cl=SSL_get_ciphers(s);
-
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
- {
- prio=sk_SSL_CIPHER_dup(cl);
- if (prio == NULL) goto mem_err;
- allow = cs;
- }
- else
- {
- prio = cs;
- allow = cl;
- }
- for (z=0; z<sk_SSL_CIPHER_num(prio); z++)
- {
- if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0)
- {
- (void)sk_SSL_CIPHER_delete(prio,z);
- z--;
- }
- }
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
- {
- sk_SSL_CIPHER_free(s->session->ciphers);
- s->session->ciphers = prio;
- }
- /* s->session->ciphers should now have a list of
- * ciphers that are on both the client and server.
- * This list is ordered by the order the client sent
- * the ciphers or in the order of the server's preference
- * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
- */
- }
- p+=s->s2->tmp.cipher_spec_length;
- /* done cipher selection */
-
- /* session id extracted already */
- p+=s->s2->tmp.session_id_length;
-
- /* challenge */
- if (s->s2->challenge_length > sizeof s->s2->challenge)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
- return(1);
-mem_err:
- SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-static int server_hello(SSL *s)
- {
- unsigned char *p,*d;
- int n,hit;
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_SEND_SERVER_HELLO_A)
- {
- d=p+11;
- *(p++)=SSL2_MT_SERVER_HELLO; /* type */
- hit=s->hit;
- *(p++)=(unsigned char)hit;
-#if 1
- if (!hit)
- {
- if (s->session->sess_cert != NULL)
- /* This can't really happen because get_client_hello
- * has called ssl_get_new_session, which does not set
- * sess_cert. */
- ssl_sess_cert_free(s->session->sess_cert);
- s->session->sess_cert = ssl_sess_cert_new();
- if (s->session->sess_cert == NULL)
- {
- SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
- return(-1);
- }
- }
- /* If 'hit' is set, then s->sess_cert may be non-NULL or NULL,
- * depending on whether it survived in the internal cache
- * or was retrieved from an external cache.
- * If it is NULL, we cannot put any useful data in it anyway,
- * so we don't touch it.
- */
-
-#else /* That's what used to be done when cert_st and sess_cert_st were
- * the same. */
- if (!hit)
- { /* else add cert to session */
- CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
- if (s->session->sess_cert != NULL)
- ssl_cert_free(s->session->sess_cert);
- s->session->sess_cert=s->cert;
- }
- else /* We have a session id-cache hit, if the
- * session-id has no certificate listed against
- * the 'cert' structure, grab the 'old' one
- * listed against the SSL connection */
- {
- if (s->session->sess_cert == NULL)
- {
- CRYPTO_add(&s->cert->references,1,
- CRYPTO_LOCK_SSL_CERT);
- s->session->sess_cert=s->cert;
- }
- }
-#endif
-
- if (s->cert == NULL)
- {
- ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
- SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED);
- return(-1);
- }
-
- if (hit)
- {
- *(p++)=0; /* no certificate type */
- s2n(s->version,p); /* version */
- s2n(0,p); /* cert len */
- s2n(0,p); /* ciphers len */
- }
- else
- {
- /* EAY EAY */
- /* put certificate type */
- *(p++)=SSL2_CT_X509_CERTIFICATE;
- s2n(s->version,p); /* version */
- n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
- s2n(n,p); /* certificate length */
- i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d);
- n=0;
-
- /* lets send out the ciphers we like in the
- * prefered order */
- n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0);
- d+=n;
- s2n(n,p); /* add cipher length */
- }
-
- /* make and send conn_id */
- s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */
- s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
- if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0)
- return -1;
- memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
- d+=SSL2_CONNECTION_ID_LENGTH;
-
- s->state=SSL2_ST_SEND_SERVER_HELLO_B;
- s->init_num=d-(unsigned char *)s->init_buf->data;
- s->init_off=0;
- }
- /* SSL2_ST_SEND_SERVER_HELLO_B */
- /* If we are using TCP/IP, the performance is bad if we do 2
- * writes without a read between them. This occurs when
- * Session-id reuse is used, so I will put in a buffering module
- */
- if (s->hit)
- {
- if (!ssl_init_wbio_buffer(s,1)) return(-1);
- }
-
- return(ssl2_do_write(s));
- }
-
-static int get_client_finished(SSL *s)
- {
- unsigned char *p;
- int i, n;
- unsigned long len;
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
- {
- i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
- if (i < 1-s->init_num)
- return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
- s->init_num += i;
-
- if (*p != SSL2_MT_CLIENT_FINISHED)
- {
- if (*p != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- {
- SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
- /* try to read the error message */
- i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
- return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
- }
- return(-1);
- }
- s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
- }
-
- /* SSL2_ST_GET_CLIENT_FINISHED_B */
- if (s->s2->conn_id_length > sizeof s->s2->conn_id)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- len = 1 + (unsigned long)s->s2->conn_id_length;
- n = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
- if (i < n)
- {
- return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
- }
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
- p += 1;
- if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
- return(-1);
- }
- return(1);
- }
-
-static int server_verify(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_SERVER_VERIFY;
- if (s->s2->challenge_length > sizeof s->s2->challenge)
- {
- SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
- /* p+=s->s2->challenge_length; */
-
- s->state=SSL2_ST_SEND_SERVER_VERIFY_B;
- s->init_num=s->s2->challenge_length+1;
- s->init_off=0;
- }
- return(ssl2_do_write(s));
- }
-
-static int server_finish(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_SERVER_FINISHED;
-
- if (s->session->session_id_length > sizeof s->session->session_id)
- {
- SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
- /* p+=s->session->session_id_length; */
-
- s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
- s->init_num=s->session->session_id_length+1;
- s->init_off=0;
- }
-
- /* SSL2_ST_SEND_SERVER_FINISHED_B */
- return(ssl2_do_write(s));
- }
-
-/* send the request and check the response */
-static int request_certificate(SSL *s)
- {
- const unsigned char *cp;
- unsigned char *p,*p2,*buf2;
- unsigned char *ccd;
- int i,j,ctype,ret= -1;
- unsigned long len;
- X509 *x509=NULL;
- STACK_OF(X509) *sk=NULL;
-
- ccd=s->s2->tmp.ccl;
- if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_REQUEST_CERTIFICATE;
- *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
- if (RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
- return -1;
- memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
-
- s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
- s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2;
- s->init_off=0;
- }
-
- if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B)
- {
- i=ssl2_do_write(s);
- if (i <= 0)
- {
- ret=i;
- goto end;
- }
-
- s->init_num=0;
- s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_C;
- }
-
- if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
- {
- p=(unsigned char *)s->init_buf->data;
- i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */
- if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3
- * (probably NO-CERTIFICATE-ERROR) */
- {
- ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
- goto end;
- }
- s->init_num += i;
-
- if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR))
- {
- n2s(p,i);
- if (i != SSL2_PE_NO_CERTIFICATE)
- {
- /* not the error message we expected -- let ssl2_part_read handle it */
- s->init_num -= 3;
- ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3);
- goto end;
- }
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR */
-
- /* this is the one place where we can recover from an SSL 2.0 error */
-
- if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
- {
- ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- goto end;
- }
- ret=1;
- goto end;
- }
- if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);
- goto end;
- }
- if (s->init_num != 6)
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);
- goto end;
- }
-
- /* ok we have a response */
- /* certificate type, there is only one right now. */
- ctype= *(p++);
- if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
- {
- ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_RESPONSE_ARGUMENT);
- goto end;
- }
- n2s(p,i); s->s2->tmp.clen=i;
- n2s(p,i); s->s2->tmp.rlen=i;
- s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
- }
-
- /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
- p=(unsigned char *)s->init_buf->data;
- len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
- goto end;
- }
- j = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),j);
- if (i < j)
- {
- ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
- goto end;
- }
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */
- p += 6;
-
- cp = p;
- x509=(X509 *)d2i_X509(NULL,&cp,(long)s->s2->tmp.clen);
- if (x509 == NULL)
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB);
- goto msg_end;
- }
-
- if (((sk=sk_X509_new_null()) == NULL) || (!sk_X509_push(sk,x509)))
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto msg_end;
- }
-
- i=ssl_verify_cert_chain(s,sk);
-
- if (i > 0) /* we like the packet, now check the chksum */
- {
- EVP_MD_CTX ctx;
- EVP_PKEY *pkey=NULL;
-
- EVP_MD_CTX_init(&ctx);
- EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
- EVP_VerifyUpdate(&ctx,s->s2->key_material,
- s->s2->key_material_length);
- EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
-
- i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
- buf2=OPENSSL_malloc((unsigned int)i);
- if (buf2 == NULL)
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto msg_end;
- }
- p2=buf2;
- i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
- EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
- OPENSSL_free(buf2);
-
- pkey=X509_get_pubkey(x509);
- if (pkey == NULL) goto end;
- i=EVP_VerifyFinal(&ctx,cp,s->s2->tmp.rlen,pkey);
- EVP_PKEY_free(pkey);
- EVP_MD_CTX_cleanup(&ctx);
-
- if (i > 0)
- {
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
- s->session->peer=x509;
- CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
- s->session->verify_result = s->verify_result;
- ret=1;
- goto end;
- }
- else
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_CHECKSUM);
- goto msg_end;
- }
- }
- else
- {
-msg_end:
- ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
- }
-end:
- sk_X509_free(sk);
- X509_free(x509);
- return(ret);
- }
-
-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
- unsigned char *to, int padding)
- {
- RSA *rsa;
- int i;
-
- if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL))
- {
- SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY);
- return(-1);
- }
- if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA)
- {
- SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
- return(-1);
- }
- rsa=c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;
-
- /* we have the public key */
- i=RSA_private_decrypt(len,from,to,rsa,padding);
- if (i < 0)
- SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
- return(i);
- }
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s2_srvr.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s2_srvr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s2_srvr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s2_srvr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1151 @@
+/* ssl/s2_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+# include <stdio.h>
+# include <openssl/bio.h>
+# include <openssl/rand.h>
+# include <openssl/objects.h>
+# include <openssl/evp.h>
+
+static SSL_METHOD *ssl2_get_server_method(int ver);
+static int get_client_master_key(SSL *s);
+static int get_client_hello(SSL *s);
+static int server_hello(SSL *s);
+static int get_client_finished(SSL *s);
+static int server_verify(SSL *s);
+static int server_finish(SSL *s);
+static int request_certificate(SSL *s);
+static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
+ unsigned char *to, int padding);
+# define BREAK break
+
+static SSL_METHOD *ssl2_get_server_method(int ver)
+{
+ if (ver == SSL2_VERSION)
+ return (SSLv2_server_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_ssl2_meth_func(SSLv2_server_method,
+ ssl2_accept,
+ ssl_undefined_function, ssl2_get_server_method)
+
+int ssl2_accept(SSL *s)
+{
+ unsigned long l = (unsigned long)time(NULL);
+ BUF_MEM *buf = NULL;
+ int ret = -1;
+ long num1;
+ void (*cb) (const SSL *ssl, int type, int val) = NULL;
+ int new_state, state;
+
+ RAND_add(&l, sizeof(l), 0);
+ ERR_clear_error();
+ clear_sys_error();
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ /* init things to blank */
+ s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s))
+ SSL_clear(s);
+
+ if (s->cert == NULL) {
+ SSLerr(SSL_F_SSL2_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
+ return (-1);
+ }
+
+ clear_sys_error();
+ for (;;) {
+ state = s->state;
+
+ switch (s->state) {
+ case SSL_ST_BEFORE:
+ case SSL_ST_ACCEPT:
+ case SSL_ST_BEFORE | SSL_ST_ACCEPT:
+ case SSL_ST_OK | SSL_ST_ACCEPT:
+
+ s->server = 1;
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+ s->version = SSL2_VERSION;
+ s->type = SSL_ST_ACCEPT;
+
+ buf = s->init_buf;
+ if ((buf == NULL) && ((buf = BUF_MEM_new()) == NULL)) {
+ ret = -1;
+ goto end;
+ }
+ if (!BUF_MEM_grow(buf, (int)
+ SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) {
+ ret = -1;
+ goto end;
+ }
+ s->init_buf = buf;
+ s->init_num = 0;
+ s->ctx->stats.sess_accept++;
+ s->handshake_func = ssl2_accept;
+ s->state = SSL2_ST_GET_CLIENT_HELLO_A;
+ BREAK;
+
+ case SSL2_ST_GET_CLIENT_HELLO_A:
+ case SSL2_ST_GET_CLIENT_HELLO_B:
+ case SSL2_ST_GET_CLIENT_HELLO_C:
+ s->shutdown = 0;
+ ret = get_client_hello(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ s->state = SSL2_ST_SEND_SERVER_HELLO_A;
+ BREAK;
+
+ case SSL2_ST_SEND_SERVER_HELLO_A:
+ case SSL2_ST_SEND_SERVER_HELLO_B:
+ ret = server_hello(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ if (!s->hit) {
+ s->state = SSL2_ST_GET_CLIENT_MASTER_KEY_A;
+ BREAK;
+ } else {
+ s->state = SSL2_ST_SERVER_START_ENCRYPTION;
+ BREAK;
+ }
+ case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
+ case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
+ ret = get_client_master_key(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ s->state = SSL2_ST_SERVER_START_ENCRYPTION;
+ BREAK;
+
+ case SSL2_ST_SERVER_START_ENCRYPTION:
+ /*
+ * Ok we how have sent all the stuff needed to start encrypting,
+ * the next packet back will be encrypted.
+ */
+ if (!ssl2_enc_init(s, 0)) {
+ ret = -1;
+ goto end;
+ }
+ s->s2->clear_text = 0;
+ s->state = SSL2_ST_SEND_SERVER_VERIFY_A;
+ BREAK;
+
+ case SSL2_ST_SEND_SERVER_VERIFY_A:
+ case SSL2_ST_SEND_SERVER_VERIFY_B:
+ ret = server_verify(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ if (s->hit) {
+ /*
+ * If we are in here, we have been buffering the output, so
+ * we need to flush it and remove buffering from future
+ * traffic
+ */
+ s->state = SSL2_ST_SEND_SERVER_VERIFY_C;
+ BREAK;
+ } else {
+ s->state = SSL2_ST_GET_CLIENT_FINISHED_A;
+ break;
+ }
+
+ case SSL2_ST_SEND_SERVER_VERIFY_C:
+ /* get the number of bytes to write */
+ num1 = BIO_ctrl(s->wbio, BIO_CTRL_INFO, 0, NULL);
+ if (num1 > 0) {
+ s->rwstate = SSL_WRITING;
+ num1 = BIO_flush(s->wbio);
+ if (num1 <= 0) {
+ ret = -1;
+ goto end;
+ }
+ s->rwstate = SSL_NOTHING;
+ }
+
+ /* flushed and now remove buffering */
+ s->wbio = BIO_pop(s->wbio);
+
+ s->state = SSL2_ST_GET_CLIENT_FINISHED_A;
+ BREAK;
+
+ case SSL2_ST_GET_CLIENT_FINISHED_A:
+ case SSL2_ST_GET_CLIENT_FINISHED_B:
+ ret = get_client_finished(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_A;
+ BREAK;
+
+ case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
+ case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
+ case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
+ case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
+ /*
+ * don't do a 'request certificate' if we don't want to, or we
+ * already have one, and we only want to do it once.
+ */
+ if (!(s->verify_mode & SSL_VERIFY_PEER) ||
+ ((s->session->peer != NULL) &&
+ (s->verify_mode & SSL_VERIFY_CLIENT_ONCE))) {
+ s->state = SSL2_ST_SEND_SERVER_FINISHED_A;
+ break;
+ } else {
+ ret = request_certificate(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ s->state = SSL2_ST_SEND_SERVER_FINISHED_A;
+ }
+ BREAK;
+
+ case SSL2_ST_SEND_SERVER_FINISHED_A:
+ case SSL2_ST_SEND_SERVER_FINISHED_B:
+ ret = server_finish(s);
+ if (ret <= 0)
+ goto end;
+ s->init_num = 0;
+ s->state = SSL_ST_OK;
+ break;
+
+ case SSL_ST_OK:
+ BUF_MEM_free(s->init_buf);
+ ssl_free_wbio_buffer(s);
+ s->init_buf = NULL;
+ s->init_num = 0;
+ /* ERR_clear_error(); */
+
+ ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+
+ s->ctx->stats.sess_accept_good++;
+ /* s->server=1; */
+ ret = 1;
+
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+
+ goto end;
+ /* BREAK; */
+
+ default:
+ SSLerr(SSL_F_SSL2_ACCEPT, SSL_R_UNKNOWN_STATE);
+ ret = -1;
+ goto end;
+ /* BREAK; */
+ }
+
+ if ((cb != NULL) && (s->state != state)) {
+ new_state = s->state;
+ s->state = state;
+ cb(s, SSL_CB_ACCEPT_LOOP, 1);
+ s->state = new_state;
+ }
+ }
+ end:
+ s->in_handshake--;
+ if (cb != NULL)
+ cb(s, SSL_CB_ACCEPT_EXIT, ret);
+ return (ret);
+}
+
+static int get_client_master_key(SSL *s)
+{
+ int is_export, i, n, keya;
+ unsigned int ek;
+ unsigned long len;
+ unsigned char *p;
+ SSL_CIPHER *cp;
+ const EVP_CIPHER *c;
+ const EVP_MD *md;
+
+ p = (unsigned char *)s->init_buf->data;
+ if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A) {
+ i = ssl2_read(s, (char *)&(p[s->init_num]), 10 - s->init_num);
+
+ if (i < (10 - s->init_num))
+ return (ssl2_part_read(s, SSL_F_GET_CLIENT_MASTER_KEY, i));
+ s->init_num = 10;
+
+ if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY) {
+ if (p[-1] != SSL2_MT_ERROR) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+ SSL_R_READ_WRONG_PACKET_TYPE);
+ } else
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
+ return (-1);
+ }
+
+ cp = ssl2_get_cipher_by_char(p);
+ if (cp == NULL) {
+ ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
+ return (-1);
+ }
+ s->session->cipher = cp;
+
+ p += 3;
+ n2s(p, i);
+ s->s2->tmp.clear = i;
+ n2s(p, i);
+ s->s2->tmp.enc = i;
+ n2s(p, i);
+ if (i > SSL_MAX_KEY_ARG_LENGTH) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
+ return -1;
+ }
+ s->session->key_arg_length = i;
+ s->state = SSL2_ST_GET_CLIENT_MASTER_KEY_B;
+ }
+
+ /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
+ p = (unsigned char *)s->init_buf->data;
+ if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ keya = s->session->key_arg_length;
+ len =
+ 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc +
+ (unsigned long)keya;
+ if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_MESSAGE_TOO_LONG);
+ return -1;
+ }
+ n = (int)len - s->init_num;
+ i = ssl2_read(s, (char *)&(p[s->init_num]), n);
+ if (i != n)
+ return (ssl2_part_read(s, SSL_F_GET_CLIENT_MASTER_KEY, i));
+ if (s->msg_callback) {
+ /* CLIENT-MASTER-KEY */
+ s->msg_callback(0, s->version, 0, p, (size_t)len, s,
+ s->msg_callback_arg);
+ }
+ p += 10;
+
+ memcpy(s->session->key_arg, &(p[s->s2->tmp.clear + s->s2->tmp.enc]),
+ (unsigned int)keya);
+
+ if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
+ return (-1);
+ }
+
+ is_export = SSL_C_IS_EXPORT(s->session->cipher);
+
+ if (!ssl_cipher_get_evp(s->session, &c, &md, NULL)) {
+ ssl2_return_error(s, SSL2_PE_NO_CIPHER);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+ SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
+ return (0);
+ }
+
+ if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC) {
+ is_export = 1;
+ ek = 8;
+ } else
+ ek = 5;
+
+ /*
+ * The format of the CLIENT-MASTER-KEY message is
+ * 1 byte message type
+ * 3 bytes cipher
+ * 2-byte clear key length (stored in s->s2->tmp.clear)
+ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
+ * 2-byte key args length (IV etc)
+ * clear key
+ * encrypted key
+ * key args
+ *
+ * If the cipher is an export cipher, then the encrypted key bytes
+ * are a fixed portion of the total key (5 or 8 bytes). The size of
+ * this portion is in |ek|. If the cipher is not an export cipher,
+ * then the entire key material is encrypted (i.e., clear key length
+ * must be zero).
+ */
+ if ((!is_export && s->s2->tmp.clear != 0) ||
+ (is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c))) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
+ return -1;
+ }
+ /*
+ * The encrypted blob must decrypt to the encrypted portion of the key.
+ * Decryption can't be expanding, so if we don't have enough encrypted
+ * bytes to fit the key in the buffer, stop now.
+ */
+ if ((is_export && s->s2->tmp.enc < ek) ||
+ (!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c))) {
+ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
+ return -1;
+ }
+
+ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
+ &(p[s->s2->tmp.clear]),
+ &(p[s->s2->tmp.clear]),
+ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
+ RSA_PKCS1_PADDING);
+
+ /* bad decrypt */
+# if 1
+ /*
+ * If a bad decrypt, continue with protocol but with a random master
+ * secret (Bleichenbacher attack)
+ */
+ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
+ || (is_export && i != (int)ek))) {
+ ERR_clear_error();
+ if (is_export)
+ i = ek;
+ else
+ i = EVP_CIPHER_key_length(c);
+ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
+ return 0;
+ }
+# else
+ if (i < 0) {
+ error = 1;
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_BAD_RSA_DECRYPT);
+ }
+ /* incorrect number of key bytes for non export cipher */
+ else if ((!is_export && (i != EVP_CIPHER_key_length(c)))
+ || (is_export && ((i != ek) || (s->s2->tmp.clear + i !=
+ EVP_CIPHER_key_length(c))))) {
+ error = 1;
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_WRONG_NUMBER_OF_KEY_BITS);
+ }
+ if (error) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ return (-1);
+ }
+# endif
+
+ if (is_export)
+ i = EVP_CIPHER_key_length(c);
+
+ if (i > SSL_MAX_MASTER_KEY_LENGTH) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ s->session->master_key_length = i;
+ memcpy(s->session->master_key, p, (unsigned int)i);
+ return (1);
+}
+
+static int get_client_hello(SSL *s)
+{
+ int i, n;
+ unsigned long len;
+ unsigned char *p;
+ STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
+ STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
+ STACK_OF(SSL_CIPHER) *prio, *allow;
+ int z;
+
+ /*
+ * This is a bit of a hack to check for the correct packet type the first
+ * time round.
+ */
+ if (s->state == SSL2_ST_GET_CLIENT_HELLO_A) {
+ s->first_packet = 1;
+ s->state = SSL2_ST_GET_CLIENT_HELLO_B;
+ }
+
+ p = (unsigned char *)s->init_buf->data;
+ if (s->state == SSL2_ST_GET_CLIENT_HELLO_B) {
+ i = ssl2_read(s, (char *)&(p[s->init_num]), 9 - s->init_num);
+ if (i < (9 - s->init_num))
+ return (ssl2_part_read(s, SSL_F_GET_CLIENT_HELLO, i));
+ s->init_num = 9;
+
+ if (*(p++) != SSL2_MT_CLIENT_HELLO) {
+ if (p[-1] != SSL2_MT_ERROR) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_READ_WRONG_PACKET_TYPE);
+ } else
+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_PEER_ERROR);
+ return (-1);
+ }
+ n2s(p, i);
+ if (i < s->version)
+ s->version = i;
+ n2s(p, i);
+ s->s2->tmp.cipher_spec_length = i;
+ n2s(p, i);
+ s->s2->tmp.session_id_length = i;
+ n2s(p, i);
+ s->s2->challenge_length = i;
+ if ((i < SSL2_MIN_CHALLENGE_LENGTH) ||
+ (i > SSL2_MAX_CHALLENGE_LENGTH)) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INVALID_CHALLENGE_LENGTH);
+ return (-1);
+ }
+ s->state = SSL2_ST_GET_CLIENT_HELLO_C;
+ }
+
+ /* SSL2_ST_GET_CLIENT_HELLO_C */
+ p = (unsigned char *)s->init_buf->data;
+ len =
+ 9 + (unsigned long)s->s2->tmp.cipher_spec_length +
+ (unsigned long)s->s2->challenge_length +
+ (unsigned long)s->s2->tmp.session_id_length;
+ if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_MESSAGE_TOO_LONG);
+ return -1;
+ }
+ n = (int)len - s->init_num;
+ i = ssl2_read(s, (char *)&(p[s->init_num]), n);
+ if (i != n)
+ return (ssl2_part_read(s, SSL_F_GET_CLIENT_HELLO, i));
+ if (s->msg_callback) {
+ /* CLIENT-HELLO */
+ s->msg_callback(0, s->version, 0, p, (size_t)len, s,
+ s->msg_callback_arg);
+ }
+ p += 9;
+
+ /*
+ * get session-id before cipher stuff so we can get out session structure
+ * if it is cached
+ */
+ /* session-id */
+ if ((s->s2->tmp.session_id_length != 0) &&
+ (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH)) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_BAD_SSL_SESSION_ID_LENGTH);
+ return (-1);
+ }
+
+ if (s->s2->tmp.session_id_length == 0) {
+ if (!ssl_get_new_session(s, 1)) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ return (-1);
+ }
+ } else {
+ i = ssl_get_prev_session(s, &(p[s->s2->tmp.cipher_spec_length]),
+ s->s2->tmp.session_id_length, NULL);
+ if (i == 1) { /* previous session */
+ s->hit = 1;
+ } else if (i == -1) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ return (-1);
+ } else {
+ if (s->cert == NULL) {
+ ssl2_return_error(s, SSL2_PE_NO_CERTIFICATE);
+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CERTIFICATE_SET);
+ return (-1);
+ }
+
+ if (!ssl_get_new_session(s, 1)) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ return (-1);
+ }
+ }
+ }
+
+ if (!s->hit) {
+ cs = ssl_bytes_to_cipher_list(s, p, s->s2->tmp.cipher_spec_length,
+ &s->session->ciphers);
+ if (cs == NULL)
+ goto mem_err;
+
+ cl = SSL_get_ciphers(s);
+
+ if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+ prio = sk_SSL_CIPHER_dup(cl);
+ if (prio == NULL)
+ goto mem_err;
+ allow = cs;
+ } else {
+ prio = cs;
+ allow = cl;
+ }
+ for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) {
+ if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) {
+ (void)sk_SSL_CIPHER_delete(prio, z);
+ z--;
+ }
+ }
+ if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+ sk_SSL_CIPHER_free(s->session->ciphers);
+ s->session->ciphers = prio;
+ }
+ /*
+ * s->session->ciphers should now have a list of ciphers that are on
+ * both the client and server. This list is ordered by the order the
+ * client sent the ciphers or in the order of the server's preference
+ * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
+ */
+ }
+ p += s->s2->tmp.cipher_spec_length;
+ /* done cipher selection */
+
+ /* session id extracted already */
+ p += s->s2->tmp.session_id_length;
+
+ /* challenge */
+ if (s->s2->challenge_length > sizeof s->s2->challenge) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ memcpy(s->s2->challenge, p, (unsigned int)s->s2->challenge_length);
+ return (1);
+ mem_err:
+ SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_MALLOC_FAILURE);
+ return (0);
+}
+
+static int server_hello(SSL *s)
+{
+ unsigned char *p, *d;
+ int n, hit;
+
+ p = (unsigned char *)s->init_buf->data;
+ if (s->state == SSL2_ST_SEND_SERVER_HELLO_A) {
+ d = p + 11;
+ *(p++) = SSL2_MT_SERVER_HELLO; /* type */
+ hit = s->hit;
+ *(p++) = (unsigned char)hit;
+# if 1
+ if (!hit) {
+ if (s->session->sess_cert != NULL)
+ /*
+ * This can't really happen because get_client_hello has
+ * called ssl_get_new_session, which does not set sess_cert.
+ */
+ ssl_sess_cert_free(s->session->sess_cert);
+ s->session->sess_cert = ssl_sess_cert_new();
+ if (s->session->sess_cert == NULL) {
+ SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
+ return (-1);
+ }
+ }
+ /*
+ * If 'hit' is set, then s->sess_cert may be non-NULL or NULL,
+ * depending on whether it survived in the internal cache or was
+ * retrieved from an external cache. If it is NULL, we cannot put any
+ * useful data in it anyway, so we don't touch it.
+ */
+
+# else /* That's what used to be done when cert_st
+ * and sess_cert_st were * the same. */
+ if (!hit) { /* else add cert to session */
+ CRYPTO_add(&s->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
+ if (s->session->sess_cert != NULL)
+ ssl_cert_free(s->session->sess_cert);
+ s->session->sess_cert = s->cert;
+ } else { /* We have a session id-cache hit, if the *
+ * session-id has no certificate listed
+ * against * the 'cert' structure, grab the
+ * 'old' one * listed against the SSL
+ * connection */
+ if (s->session->sess_cert == NULL) {
+ CRYPTO_add(&s->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
+ s->session->sess_cert = s->cert;
+ }
+ }
+# endif
+
+ if (s->cert == NULL) {
+ ssl2_return_error(s, SSL2_PE_NO_CERTIFICATE);
+ SSLerr(SSL_F_SERVER_HELLO, SSL_R_NO_CERTIFICATE_SPECIFIED);
+ return (-1);
+ }
+
+ if (hit) {
+ *(p++) = 0; /* no certificate type */
+ s2n(s->version, p); /* version */
+ s2n(0, p); /* cert len */
+ s2n(0, p); /* ciphers len */
+ } else {
+ /* EAY EAY */
+ /* put certificate type */
+ *(p++) = SSL2_CT_X509_CERTIFICATE;
+ s2n(s->version, p); /* version */
+ n = i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, NULL);
+ s2n(n, p); /* certificate length */
+ i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, &d);
+ n = 0;
+
+ /*
+ * lets send out the ciphers we like in the prefered order
+ */
+ n = ssl_cipher_list_to_bytes(s, s->session->ciphers, d, 0);
+ d += n;
+ s2n(n, p); /* add cipher length */
+ }
+
+ /* make and send conn_id */
+ s2n(SSL2_CONNECTION_ID_LENGTH, p); /* add conn_id length */
+ s->s2->conn_id_length = SSL2_CONNECTION_ID_LENGTH;
+ if (RAND_pseudo_bytes(s->s2->conn_id, (int)s->s2->conn_id_length) <=
+ 0)
+ return -1;
+ memcpy(d, s->s2->conn_id, SSL2_CONNECTION_ID_LENGTH);
+ d += SSL2_CONNECTION_ID_LENGTH;
+
+ s->state = SSL2_ST_SEND_SERVER_HELLO_B;
+ s->init_num = d - (unsigned char *)s->init_buf->data;
+ s->init_off = 0;
+ }
+ /* SSL2_ST_SEND_SERVER_HELLO_B */
+ /*
+ * If we are using TCP/IP, the performance is bad if we do 2 writes
+ * without a read between them. This occurs when Session-id reuse is
+ * used, so I will put in a buffering module
+ */
+ if (s->hit) {
+ if (!ssl_init_wbio_buffer(s, 1))
+ return (-1);
+ }
+
+ return (ssl2_do_write(s));
+}
+
+static int get_client_finished(SSL *s)
+{
+ unsigned char *p;
+ int i, n;
+ unsigned long len;
+
+ p = (unsigned char *)s->init_buf->data;
+ if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A) {
+ i = ssl2_read(s, (char *)&(p[s->init_num]), 1 - s->init_num);
+ if (i < 1 - s->init_num)
+ return (ssl2_part_read(s, SSL_F_GET_CLIENT_FINISHED, i));
+ s->init_num += i;
+
+ if (*p != SSL2_MT_CLIENT_FINISHED) {
+ if (*p != SSL2_MT_ERROR) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_FINISHED,
+ SSL_R_READ_WRONG_PACKET_TYPE);
+ } else {
+ SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_PEER_ERROR);
+ /* try to read the error message */
+ i = ssl2_read(s, (char *)&(p[s->init_num]), 3 - s->init_num);
+ return ssl2_part_read(s, SSL_F_GET_SERVER_VERIFY, i);
+ }
+ return (-1);
+ }
+ s->state = SSL2_ST_GET_CLIENT_FINISHED_B;
+ }
+
+ /* SSL2_ST_GET_CLIENT_FINISHED_B */
+ if (s->s2->conn_id_length > sizeof s->s2->conn_id) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ len = 1 + (unsigned long)s->s2->conn_id_length;
+ n = (int)len - s->init_num;
+ i = ssl2_read(s, (char *)&(p[s->init_num]), n);
+ if (i < n) {
+ return (ssl2_part_read(s, SSL_F_GET_CLIENT_FINISHED, i));
+ }
+ if (s->msg_callback) {
+ /* CLIENT-FINISHED */
+ s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg);
+ }
+ p += 1;
+ if (memcmp(p, s->s2->conn_id, s->s2->conn_id_length) != 0) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_CONNECTION_ID_IS_DIFFERENT);
+ return (-1);
+ }
+ return (1);
+}
+
+static int server_verify(SSL *s)
+{
+ unsigned char *p;
+
+ if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A) {
+ p = (unsigned char *)s->init_buf->data;
+ *(p++) = SSL2_MT_SERVER_VERIFY;
+ if (s->s2->challenge_length > sizeof s->s2->challenge) {
+ SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ memcpy(p, s->s2->challenge, (unsigned int)s->s2->challenge_length);
+ /* p+=s->s2->challenge_length; */
+
+ s->state = SSL2_ST_SEND_SERVER_VERIFY_B;
+ s->init_num = s->s2->challenge_length + 1;
+ s->init_off = 0;
+ }
+ return (ssl2_do_write(s));
+}
+
+static int server_finish(SSL *s)
+{
+ unsigned char *p;
+
+ if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A) {
+ p = (unsigned char *)s->init_buf->data;
+ *(p++) = SSL2_MT_SERVER_FINISHED;
+
+ if (s->session->session_id_length > sizeof s->session->session_id) {
+ SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ memcpy(p, s->session->session_id,
+ (unsigned int)s->session->session_id_length);
+ /* p+=s->session->session_id_length; */
+
+ s->state = SSL2_ST_SEND_SERVER_FINISHED_B;
+ s->init_num = s->session->session_id_length + 1;
+ s->init_off = 0;
+ }
+
+ /* SSL2_ST_SEND_SERVER_FINISHED_B */
+ return (ssl2_do_write(s));
+}
+
+/* send the request and check the response */
+static int request_certificate(SSL *s)
+{
+ const unsigned char *cp;
+ unsigned char *p, *p2, *buf2;
+ unsigned char *ccd;
+ int i, j, ctype, ret = -1;
+ unsigned long len;
+ X509 *x509 = NULL;
+ STACK_OF(X509) *sk = NULL;
+
+ ccd = s->s2->tmp.ccl;
+ if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A) {
+ p = (unsigned char *)s->init_buf->data;
+ *(p++) = SSL2_MT_REQUEST_CERTIFICATE;
+ *(p++) = SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
+ if (RAND_pseudo_bytes(ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
+ return -1;
+ memcpy(p, ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH);
+
+ s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
+ s->init_num = SSL2_MIN_CERT_CHALLENGE_LENGTH + 2;
+ s->init_off = 0;
+ }
+
+ if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B) {
+ i = ssl2_do_write(s);
+ if (i <= 0) {
+ ret = i;
+ goto end;
+ }
+
+ s->init_num = 0;
+ s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_C;
+ }
+
+ if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C) {
+ p = (unsigned char *)s->init_buf->data;
+ /* try to read 6 octets ... */
+ i = ssl2_read(s, (char *)&(p[s->init_num]), 6 - s->init_num);
+ /*
+ * ... but don't call ssl2_part_read now if we got at least 3
+ * (probably NO-CERTIFICATE-ERROR)
+ */
+ if (i < 3 - s->init_num) {
+ ret = ssl2_part_read(s, SSL_F_REQUEST_CERTIFICATE, i);
+ goto end;
+ }
+ s->init_num += i;
+
+ if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR)) {
+ n2s(p, i);
+ if (i != SSL2_PE_NO_CERTIFICATE) {
+ /*
+ * not the error message we expected -- let ssl2_part_read
+ * handle it
+ */
+ s->init_num -= 3;
+ ret = ssl2_part_read(s, SSL_F_REQUEST_CERTIFICATE, 3);
+ goto end;
+ }
+
+ if (s->msg_callback) {
+ /* ERROR */
+ s->msg_callback(0, s->version, 0, p, 3, s,
+ s->msg_callback_arg);
+ }
+
+ /*
+ * this is the one place where we can recover from an SSL 2.0
+ * error
+ */
+
+ if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
+ ssl2_return_error(s, SSL2_PE_BAD_CERTIFICATE);
+ SSLerr(SSL_F_REQUEST_CERTIFICATE,
+ SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+ goto end;
+ }
+ ret = 1;
+ goto end;
+ }
+ if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6)) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+ SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_SHORT_READ);
+ goto end;
+ }
+ if (s->init_num != 6) {
+ SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ goto end;
+ }
+
+ /* ok we have a response */
+ /* certificate type, there is only one right now. */
+ ctype = *(p++);
+ if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION) {
+ ssl2_return_error(s, SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
+ SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_BAD_RESPONSE_ARGUMENT);
+ goto end;
+ }
+ n2s(p, i);
+ s->s2->tmp.clen = i;
+ n2s(p, i);
+ s->s2->tmp.rlen = i;
+ s->state = SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
+ }
+
+ /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
+ p = (unsigned char *)s->init_buf->data;
+ len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
+ if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) {
+ SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_MESSAGE_TOO_LONG);
+ goto end;
+ }
+ j = (int)len - s->init_num;
+ i = ssl2_read(s, (char *)&(p[s->init_num]), j);
+ if (i < j) {
+ ret = ssl2_part_read(s, SSL_F_REQUEST_CERTIFICATE, i);
+ goto end;
+ }
+ if (s->msg_callback) {
+ /* CLIENT-CERTIFICATE */
+ s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg);
+ }
+ p += 6;
+
+ cp = p;
+ x509 = (X509 *)d2i_X509(NULL, &cp, (long)s->s2->tmp.clen);
+ if (x509 == NULL) {
+ SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_X509_LIB);
+ goto msg_end;
+ }
+
+ if (((sk = sk_X509_new_null()) == NULL) || (!sk_X509_push(sk, x509))) {
+ SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ goto msg_end;
+ }
+
+ i = ssl_verify_cert_chain(s, sk);
+
+ if (i > 0) { /* we like the packet, now check the chksum */
+ EVP_MD_CTX ctx;
+ EVP_PKEY *pkey = NULL;
+
+ EVP_MD_CTX_init(&ctx);
+ EVP_VerifyInit_ex(&ctx, s->ctx->rsa_md5, NULL);
+ EVP_VerifyUpdate(&ctx, s->s2->key_material,
+ s->s2->key_material_length);
+ EVP_VerifyUpdate(&ctx, ccd, SSL2_MIN_CERT_CHALLENGE_LENGTH);
+
+ i = i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, NULL);
+ buf2 = OPENSSL_malloc((unsigned int)i);
+ if (buf2 == NULL) {
+ SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ goto msg_end;
+ }
+ p2 = buf2;
+ i = i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509, &p2);
+ EVP_VerifyUpdate(&ctx, buf2, (unsigned int)i);
+ OPENSSL_free(buf2);
+
+ pkey = X509_get_pubkey(x509);
+ if (pkey == NULL)
+ goto end;
+ i = EVP_VerifyFinal(&ctx, cp, s->s2->tmp.rlen, pkey);
+ EVP_PKEY_free(pkey);
+ EVP_MD_CTX_cleanup(&ctx);
+
+ if (i > 0) {
+ if (s->session->peer != NULL)
+ X509_free(s->session->peer);
+ s->session->peer = x509;
+ CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+ s->session->verify_result = s->verify_result;
+ ret = 1;
+ goto end;
+ } else {
+ SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_BAD_CHECKSUM);
+ goto msg_end;
+ }
+ } else {
+ msg_end:
+ ssl2_return_error(s, SSL2_PE_BAD_CERTIFICATE);
+ }
+ end:
+ sk_X509_free(sk);
+ X509_free(x509);
+ return (ret);
+}
+
+static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
+ unsigned char *to, int padding)
+{
+ RSA *rsa;
+ int i;
+
+ if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)) {
+ SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT, SSL_R_NO_PRIVATEKEY);
+ return (-1);
+ }
+ if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA) {
+ SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT, SSL_R_PUBLIC_KEY_IS_NOT_RSA);
+ return (-1);
+ }
+ rsa = c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;
+
+ /* we have the public key */
+ i = RSA_private_decrypt(len, from, to, rsa, padding);
+ if (i < 0)
+ SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT, ERR_R_RSA_LIB);
+ return (i);
+}
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy = &dummy;
+# endif
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s3_both.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s3_both.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_both.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,661 +0,0 @@
-/* ssl/s3_both.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <limits.h>
-#include <string.h>
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
-int ssl3_do_write(SSL *s, int type)
- {
- int ret;
-
- ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
- s->init_num);
- if (ret < 0) return(-1);
- if (type == SSL3_RT_HANDSHAKE)
- /* should not be done for 'Hello Request's, but in that case
- * we'll ignore the result anyway */
- ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
-
- if (ret == s->init_num)
- {
- if (s->msg_callback)
- s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
- return(1);
- }
- s->init_off+=ret;
- s->init_num-=ret;
- return(0);
- }
-
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
- {
- unsigned char *p,*d;
- int i;
- unsigned long l;
-
- if (s->state == a)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
-
- i=s->method->ssl3_enc->final_finish_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->finish_dgst2),
- sender,slen,s->s3->tmp.finish_md);
- s->s3->tmp.finish_md_len = i;
- memcpy(p, s->s3->tmp.finish_md, i);
- p+=i;
- l=i;
-
- /* Copy the finished so we can use it for
- renegotiation checks */
- if(s->type == SSL_ST_CONNECT)
- {
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
- memcpy(s->s3->previous_client_finished,
- s->s3->tmp.finish_md, i);
- s->s3->previous_client_finished_len=i;
- }
- else
- {
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
- memcpy(s->s3->previous_server_finished,
- s->s3->tmp.finish_md, i);
- s->s3->previous_server_finished_len=i;
- }
-
-#ifdef OPENSSL_SYS_WIN16
- /* MSVC 1.5 does not clear the top bytes of the word unless
- * I do this.
- */
- l&=0xffff;
-#endif
-
- *(d++)=SSL3_MT_FINISHED;
- l2n3(l,d);
- s->init_num=(int)l+4;
- s->init_off=0;
-
- s->state=b;
- }
-
- /* SSL3_ST_SEND_xxxxxx_HELLO_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int ssl3_get_finished(SSL *s, int a, int b)
- {
- int al,i,ok;
- long n;
- unsigned char *p;
-
- /* the mac has already been generated when we received the
- * change cipher spec message and is in s->s3->tmp.peer_finish_md
- */
-
- n=s->method->ssl_get_message(s,
- a,
- b,
- SSL3_MT_FINISHED,
- 64, /* should actually be 36+4 :-) */
- &ok);
-
- if (!ok) return((int)n);
-
- /* If this occurs, we have missed a message */
- if (!s->s3->change_cipher_spec)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
- goto f_err;
- }
- s->s3->change_cipher_spec=0;
-
- p = (unsigned char *)s->init_msg;
- i = s->s3->tmp.peer_finish_md_len;
-
- if (i != n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
- goto f_err;
- }
-
- if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
- goto f_err;
- }
-
- /* Copy the finished so we can use it for
- renegotiation checks */
- if(s->type == SSL_ST_ACCEPT)
- {
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
- memcpy(s->s3->previous_client_finished,
- s->s3->tmp.peer_finish_md, i);
- s->s3->previous_client_finished_len=i;
- }
- else
- {
- OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
- memcpy(s->s3->previous_server_finished,
- s->s3->tmp.peer_finish_md, i);
- s->s3->previous_server_finished_len=i;
- }
-
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- return(0);
- }
-
-/* for these 2 messages, we need to
- * ssl->enc_read_ctx re-init
- * ssl->s3->read_sequence zero
- * ssl->s3->read_mac_secret re-init
- * ssl->session->read_sym_enc assign
- * ssl->session->read_compression assign
- * ssl->session->read_hash assign
- */
-int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
- {
- unsigned char *p;
-
- if (s->state == a)
- {
- p=(unsigned char *)s->init_buf->data;
- *p=SSL3_MT_CCS;
- s->init_num=1;
- s->init_off=0;
-
- s->state=b;
- }
-
- /* SSL3_ST_CW_CHANGE_B */
- return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
- }
-
-static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
- {
- int n;
- unsigned char *p;
-
- n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow_clean(buf,(int)(n+(*l)+3)))
- {
- SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF,ERR_R_BUF_LIB);
- return(-1);
- }
- p=(unsigned char *)&(buf->data[*l]);
- l2n3(n,p);
- i2d_X509(x,&p);
- *l+=n+3;
-
- return(0);
- }
-
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
- {
- unsigned char *p;
- int i;
- unsigned long l=7;
- BUF_MEM *buf;
- int no_chain;
-
- if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
- no_chain = 1;
- else
- no_chain = 0;
-
- /* TLSv1 sends a chain with nothing in it, instead of an alert */
- buf=s->init_buf;
- if (!BUF_MEM_grow_clean(buf,10))
- {
- SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
- return(0);
- }
- if (x != NULL)
- {
- if (no_chain)
- {
- if (ssl3_add_cert_to_buf(buf, &l, x))
- return(0);
- }
- else
- {
- X509_STORE_CTX xs_ctx;
-
- if (!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,x,NULL))
- {
- SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
- return(0);
- }
- X509_verify_cert(&xs_ctx);
- /* Don't leave errors in the queue */
- ERR_clear_error();
- for (i=0; i < sk_X509_num(xs_ctx.chain); i++)
- {
- x = sk_X509_value(xs_ctx.chain, i);
-
- if (ssl3_add_cert_to_buf(buf, &l, x))
- {
- X509_STORE_CTX_cleanup(&xs_ctx);
- return 0;
- }
- }
- X509_STORE_CTX_cleanup(&xs_ctx);
- }
- }
- /* Thawte special :-) */
- for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
- {
- x=sk_X509_value(s->ctx->extra_certs,i);
- if (ssl3_add_cert_to_buf(buf, &l, x))
- return(0);
- }
-
- l-=7;
- p=(unsigned char *)&(buf->data[4]);
- l2n3(l,p);
- l+=3;
- p=(unsigned char *)&(buf->data[0]);
- *(p++)=SSL3_MT_CERTIFICATE;
- l2n3(l,p);
- l+=4;
- return(l);
- }
-
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
- * maximum acceptable body length 'max'.
- * The first four bytes (msg_type and length) are read in state 'st1',
- * the body is read in state 'stn'.
- */
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
- {
- unsigned char *p;
- unsigned long l;
- long n;
- int i,al;
-
- if (s->s3->tmp.reuse_message)
- {
- s->s3->tmp.reuse_message=0;
- if ((mt >= 0) && (s->s3->tmp.message_type != mt))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
- *ok=1;
- s->init_msg = s->init_buf->data + 4;
- s->init_num = (int)s->s3->tmp.message_size;
- return s->init_num;
- }
-
- p=(unsigned char *)s->init_buf->data;
-
- if (s->state == st1) /* s->init_num < 4 */
- {
- int skip_message;
-
- do
- {
- while (s->init_num < 4)
- {
- i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- &p[s->init_num],4 - s->init_num, 0);
- if (i <= 0)
- {
- s->rwstate=SSL_READING;
- *ok = 0;
- return i;
- }
- s->init_num+=i;
- }
-
- skip_message = 0;
- if (!s->server)
- if (p[0] == SSL3_MT_HELLO_REQUEST)
- /* The server may always send 'Hello Request' messages --
- * we are doing a handshake anyway now, so ignore them
- * if their format is correct. Does not count for
- * 'Finished' MAC. */
- if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
- {
- s->init_num = 0;
- skip_message = 1;
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
- }
- }
- while (skip_message);
-
- /* s->init_num == 4 */
-
- if ((mt >= 0) && (*p != mt))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
- if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
- (st1 == SSL3_ST_SR_CERT_A) &&
- (stn == SSL3_ST_SR_CERT_B))
- {
- /* At this point we have got an MS SGC second client
- * hello (maybe we should always allow the client to
- * start a new handshake?). We need to restart the mac.
- * Don't increment {num,total}_renegotiations because
- * we have not completed the handshake. */
- ssl3_init_finished_mac(s);
- }
-
- s->s3->tmp.message_type= *(p++);
-
- n2l3(p,l);
- if (l > (unsigned long)max)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- goto f_err;
- }
- if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- goto f_err;
- }
- if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
- {
- SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
- goto err;
- }
- s->s3->tmp.message_size=l;
- s->state=stn;
-
- s->init_msg = s->init_buf->data + 4;
- s->init_num = 0;
- }
-
- /* next state (stn) */
- p = s->init_msg;
- n = s->s3->tmp.message_size - s->init_num;
- while (n > 0)
- {
- i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
- if (i <= 0)
- {
- s->rwstate=SSL_READING;
- *ok = 0;
- return i;
- }
- s->init_num += i;
- n -= i;
- }
- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
- *ok=1;
- return s->init_num;
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- *ok=0;
- return(-1);
- }
-
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
- {
- EVP_PKEY *pk;
- int ret= -1,i;
-
- if (pkey == NULL)
- pk=X509_get_pubkey(x);
- else
- pk=pkey;
- if (pk == NULL) goto err;
-
- i=pk->type;
- if (i == EVP_PKEY_RSA)
- {
- ret=SSL_PKEY_RSA_ENC;
- }
- else if (i == EVP_PKEY_DSA)
- {
- ret=SSL_PKEY_DSA_SIGN;
- }
-#ifndef OPENSSL_NO_EC
- else if (i == EVP_PKEY_EC)
- {
- ret = SSL_PKEY_ECC;
- }
-#endif
-
-err:
- if(!pkey) EVP_PKEY_free(pk);
- return(ret);
- }
-
-int ssl_verify_alarm_type(long type)
- {
- int al;
-
- switch(type)
- {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- case X509_V_ERR_UNABLE_TO_GET_CRL:
- case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
- al=SSL_AD_UNKNOWN_CA;
- break;
- case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
- case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
- case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
- case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_CRL_NOT_YET_VALID:
- case X509_V_ERR_CERT_UNTRUSTED:
- case X509_V_ERR_CERT_REJECTED:
- al=SSL_AD_BAD_CERTIFICATE;
- break;
- case X509_V_ERR_CERT_SIGNATURE_FAILURE:
- case X509_V_ERR_CRL_SIGNATURE_FAILURE:
- al=SSL_AD_DECRYPT_ERROR;
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_CRL_HAS_EXPIRED:
- al=SSL_AD_CERTIFICATE_EXPIRED;
- break;
- case X509_V_ERR_CERT_REVOKED:
- al=SSL_AD_CERTIFICATE_REVOKED;
- break;
- case X509_V_ERR_OUT_OF_MEM:
- al=SSL_AD_INTERNAL_ERROR;
- break;
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
- case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
- case X509_V_ERR_CERT_CHAIN_TOO_LONG:
- case X509_V_ERR_PATH_LENGTH_EXCEEDED:
- case X509_V_ERR_INVALID_CA:
- al=SSL_AD_UNKNOWN_CA;
- break;
- case X509_V_ERR_APPLICATION_VERIFICATION:
- al=SSL_AD_HANDSHAKE_FAILURE;
- break;
- case X509_V_ERR_INVALID_PURPOSE:
- al=SSL_AD_UNSUPPORTED_CERTIFICATE;
- break;
- default:
- al=SSL_AD_CERTIFICATE_UNKNOWN;
- break;
- }
- return(al);
- }
-
-int ssl3_setup_buffers(SSL *s)
- {
- unsigned char *p;
- unsigned int extra,headerlen;
- size_t len;
-
- if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
- headerlen = DTLS1_RT_HEADER_LENGTH;
- else
- headerlen = SSL3_RT_HEADER_LENGTH;
-
- if (s->s3->rbuf.buf == NULL)
- {
- if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
- extra=SSL3_RT_MAX_EXTRA;
- else
- extra=0;
- len = SSL3_RT_MAX_PACKET_SIZE + extra;
- if ((p=OPENSSL_malloc(len)) == NULL)
- goto err;
- s->s3->rbuf.buf = p;
- s->s3->rbuf.len = len;
- }
-
- if (s->s3->wbuf.buf == NULL)
- {
- len = SSL3_RT_MAX_PACKET_SIZE;
- len += headerlen + 256; /* extra space for empty fragment */
- if ((p=OPENSSL_malloc(len)) == NULL)
- goto err;
- s->s3->wbuf.buf = p;
- s->s3->wbuf.len = len;
- }
- s->packet= &(s->s3->rbuf.buf[0]);
- return(1);
-err:
- SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE);
- return(0);
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s3_both.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s3_both.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s3_both.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_both.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,635 @@
+/* ssl/s3_both.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+/*
+ * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC)
+ */
+int ssl3_do_write(SSL *s, int type)
+{
+ int ret;
+
+ ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
+ s->init_num);
+ if (ret < 0)
+ return (-1);
+ if (type == SSL3_RT_HANDSHAKE)
+ /*
+ * should not be done for 'Hello Request's, but in that case we'll
+ * ignore the result anyway
+ */
+ ssl3_finish_mac(s, (unsigned char *)&s->init_buf->data[s->init_off],
+ ret);
+
+ if (ret == s->init_num) {
+ if (s->msg_callback)
+ s->msg_callback(1, s->version, type, s->init_buf->data,
+ (size_t)(s->init_off + s->init_num), s,
+ s->msg_callback_arg);
+ return (1);
+ }
+ s->init_off += ret;
+ s->init_num -= ret;
+ return (0);
+}
+
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
+{
+ unsigned char *p, *d;
+ int i;
+ unsigned long l;
+
+ if (s->state == a) {
+ d = (unsigned char *)s->init_buf->data;
+ p = &(d[4]);
+
+ i = s->method->ssl3_enc->final_finish_mac(s,
+ &(s->s3->finish_dgst1),
+ &(s->s3->finish_dgst2),
+ sender, slen,
+ s->s3->tmp.finish_md);
+ s->s3->tmp.finish_md_len = i;
+ memcpy(p, s->s3->tmp.finish_md, i);
+ p += i;
+ l = i;
+
+ /*
+ * Copy the finished so we can use it for renegotiation checks
+ */
+ if (s->type == SSL_ST_CONNECT) {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+ memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i);
+ s->s3->previous_client_finished_len = i;
+ } else {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+ memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i);
+ s->s3->previous_server_finished_len = i;
+ }
+
+#ifdef OPENSSL_SYS_WIN16
+ /*
+ * MSVC 1.5 does not clear the top bytes of the word unless I do
+ * this.
+ */
+ l &= 0xffff;
+#endif
+
+ *(d++) = SSL3_MT_FINISHED;
+ l2n3(l, d);
+ s->init_num = (int)l + 4;
+ s->init_off = 0;
+
+ s->state = b;
+ }
+
+ /* SSL3_ST_SEND_xxxxxx_HELLO_B */
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int ssl3_get_finished(SSL *s, int a, int b)
+{
+ int al, i, ok;
+ long n;
+ unsigned char *p;
+
+ /*
+ * the mac has already been generated when we received the change cipher
+ * spec message and is in s->s3->tmp.peer_finish_md
+ */
+
+ /* 64 argument should actually be 36+4 :-) */
+ n = s->method->ssl_get_message(s, a, b, SSL3_MT_FINISHED, 64, &ok);
+
+ if (!ok)
+ return ((int)n);
+
+ /* If this occurs, we have missed a message */
+ if (!s->s3->change_cipher_spec) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
+ goto f_err;
+ }
+ s->s3->change_cipher_spec = 0;
+
+ p = (unsigned char *)s->init_msg;
+ i = s->s3->tmp.peer_finish_md_len;
+
+ if (i != n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_BAD_DIGEST_LENGTH);
+ goto f_err;
+ }
+
+ if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
+ goto f_err;
+ }
+
+ /*
+ * Copy the finished so we can use it for renegotiation checks
+ */
+ if (s->type == SSL_ST_ACCEPT) {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+ memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md, i);
+ s->s3->previous_client_finished_len = i;
+ } else {
+ OPENSSL_assert(i <= EVP_MAX_MD_SIZE);
+ memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md, i);
+ s->s3->previous_server_finished_len = i;
+ }
+
+ return (1);
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ return (0);
+}
+
+/*-
+ * for these 2 messages, we need to
+ * ssl->enc_read_ctx re-init
+ * ssl->s3->read_sequence zero
+ * ssl->s3->read_mac_secret re-init
+ * ssl->session->read_sym_enc assign
+ * ssl->session->read_compression assign
+ * ssl->session->read_hash assign
+ */
+int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
+{
+ unsigned char *p;
+
+ if (s->state == a) {
+ p = (unsigned char *)s->init_buf->data;
+ *p = SSL3_MT_CCS;
+ s->init_num = 1;
+ s->init_off = 0;
+
+ s->state = b;
+ }
+
+ /* SSL3_ST_CW_CHANGE_B */
+ return (ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC));
+}
+
+static int ssl3_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
+{
+ int n;
+ unsigned char *p;
+
+ n = i2d_X509(x, NULL);
+ if (!BUF_MEM_grow_clean(buf, (int)(n + (*l) + 3))) {
+ SSLerr(SSL_F_SSL3_ADD_CERT_TO_BUF, ERR_R_BUF_LIB);
+ return (-1);
+ }
+ p = (unsigned char *)&(buf->data[*l]);
+ l2n3(n, p);
+ i2d_X509(x, &p);
+ *l += n + 3;
+
+ return (0);
+}
+
+unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
+{
+ unsigned char *p;
+ int i;
+ unsigned long l = 7;
+ BUF_MEM *buf;
+ int no_chain;
+
+ if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
+ no_chain = 1;
+ else
+ no_chain = 0;
+
+ /* TLSv1 sends a chain with nothing in it, instead of an alert */
+ buf = s->init_buf;
+ if (!BUF_MEM_grow_clean(buf, 10)) {
+ SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_BUF_LIB);
+ return (0);
+ }
+ if (x != NULL) {
+ if (no_chain) {
+ if (ssl3_add_cert_to_buf(buf, &l, x))
+ return (0);
+ } else {
+ X509_STORE_CTX xs_ctx;
+
+ if (!X509_STORE_CTX_init(&xs_ctx, s->ctx->cert_store, x, NULL)) {
+ SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN, ERR_R_X509_LIB);
+ return (0);
+ }
+ X509_verify_cert(&xs_ctx);
+ /* Don't leave errors in the queue */
+ ERR_clear_error();
+ for (i = 0; i < sk_X509_num(xs_ctx.chain); i++) {
+ x = sk_X509_value(xs_ctx.chain, i);
+
+ if (ssl3_add_cert_to_buf(buf, &l, x)) {
+ X509_STORE_CTX_cleanup(&xs_ctx);
+ return 0;
+ }
+ }
+ X509_STORE_CTX_cleanup(&xs_ctx);
+ }
+ }
+ /* Thawte special :-) */
+ for (i = 0; i < sk_X509_num(s->ctx->extra_certs); i++) {
+ x = sk_X509_value(s->ctx->extra_certs, i);
+ if (ssl3_add_cert_to_buf(buf, &l, x))
+ return (0);
+ }
+
+ l -= 7;
+ p = (unsigned char *)&(buf->data[4]);
+ l2n3(l, p);
+ l += 3;
+ p = (unsigned char *)&(buf->data[0]);
+ *(p++) = SSL3_MT_CERTIFICATE;
+ l2n3(l, p);
+ l += 4;
+ return (l);
+}
+
+/*
+ * Obtain handshake message of message type 'mt' (any if mt == -1), maximum
+ * acceptable body length 'max'. The first four bytes (msg_type and length)
+ * are read in state 'st1', the body is read in state 'stn'.
+ */
+long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
+{
+ unsigned char *p;
+ unsigned long l;
+ long n;
+ int i, al;
+
+ if (s->s3->tmp.reuse_message) {
+ s->s3->tmp.reuse_message = 0;
+ if ((mt >= 0) && (s->s3->tmp.message_type != mt)) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+ *ok = 1;
+ s->init_msg = s->init_buf->data + 4;
+ s->init_num = (int)s->s3->tmp.message_size;
+ return s->init_num;
+ }
+
+ p = (unsigned char *)s->init_buf->data;
+
+ if (s->state == st1) { /* s->init_num < 4 */
+ int skip_message;
+
+ do {
+ while (s->init_num < 4) {
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
+ &p[s->init_num],
+ 4 - s->init_num, 0);
+ if (i <= 0) {
+ s->rwstate = SSL_READING;
+ *ok = 0;
+ return i;
+ }
+ s->init_num += i;
+ }
+
+ skip_message = 0;
+ if (!s->server)
+ if (p[0] == SSL3_MT_HELLO_REQUEST)
+ /*
+ * The server may always send 'Hello Request' messages --
+ * we are doing a handshake anyway now, so ignore them if
+ * their format is correct. Does not count for 'Finished'
+ * MAC.
+ */
+ if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
+ s->init_num = 0;
+ skip_message = 1;
+
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+ p, 4, s, s->msg_callback_arg);
+ }
+ }
+ while (skip_message);
+
+ /* s->init_num == 4 */
+
+ if ((mt >= 0) && (*p != mt)) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+ if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
+ (st1 == SSL3_ST_SR_CERT_A) && (stn == SSL3_ST_SR_CERT_B)) {
+ /*
+ * At this point we have got an MS SGC second client hello (maybe
+ * we should always allow the client to start a new handshake?).
+ * We need to restart the mac. Don't increment
+ * {num,total}_renegotiations because we have not completed the
+ * handshake.
+ */
+ ssl3_init_finished_mac(s);
+ }
+
+ s->s3->tmp.message_type = *(p++);
+
+ n2l3(p, l);
+ if (l > (unsigned long)max) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ goto f_err;
+ }
+ if (l > (INT_MAX - 4)) { /* BUF_MEM_grow takes an 'int' parameter */
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ goto f_err;
+ }
+ if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l + 4)) {
+ SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB);
+ goto err;
+ }
+ s->s3->tmp.message_size = l;
+ s->state = stn;
+
+ s->init_msg = s->init_buf->data + 4;
+ s->init_num = 0;
+ }
+
+ /* next state (stn) */
+ p = s->init_msg;
+ n = s->s3->tmp.message_size - s->init_num;
+ while (n > 0) {
+ i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &p[s->init_num],
+ n, 0);
+ if (i <= 0) {
+ s->rwstate = SSL_READING;
+ *ok = 0;
+ return i;
+ }
+ s->init_num += i;
+ n -= i;
+ }
+ ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
+ (size_t)s->init_num + 4, s, s->msg_callback_arg);
+ *ok = 1;
+ return s->init_num;
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+ *ok = 0;
+ return (-1);
+}
+
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
+{
+ EVP_PKEY *pk;
+ int ret = -1, i;
+
+ if (pkey == NULL)
+ pk = X509_get_pubkey(x);
+ else
+ pk = pkey;
+ if (pk == NULL)
+ goto err;
+
+ i = pk->type;
+ if (i == EVP_PKEY_RSA) {
+ ret = SSL_PKEY_RSA_ENC;
+ } else if (i == EVP_PKEY_DSA) {
+ ret = SSL_PKEY_DSA_SIGN;
+ }
+#ifndef OPENSSL_NO_EC
+ else if (i == EVP_PKEY_EC) {
+ ret = SSL_PKEY_ECC;
+ }
+#endif
+
+ err:
+ if (!pkey)
+ EVP_PKEY_free(pk);
+ return (ret);
+}
+
+int ssl_verify_alarm_type(long type)
+{
+ int al;
+
+ switch (type) {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+ case X509_V_ERR_UNABLE_TO_GET_CRL:
+ case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+ al = SSL_AD_UNKNOWN_CA;
+ break;
+ case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+ case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+ case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+ case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+ case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ case X509_V_ERR_CRL_NOT_YET_VALID:
+ case X509_V_ERR_CERT_UNTRUSTED:
+ case X509_V_ERR_CERT_REJECTED:
+ al = SSL_AD_BAD_CERTIFICATE;
+ break;
+ case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+ case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+ al = SSL_AD_DECRYPT_ERROR;
+ break;
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_CRL_HAS_EXPIRED:
+ al = SSL_AD_CERTIFICATE_EXPIRED;
+ break;
+ case X509_V_ERR_CERT_REVOKED:
+ al = SSL_AD_CERTIFICATE_REVOKED;
+ break;
+ case X509_V_ERR_OUT_OF_MEM:
+ al = SSL_AD_INTERNAL_ERROR;
+ break;
+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+ case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+ case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+ case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+ case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+ case X509_V_ERR_INVALID_CA:
+ al = SSL_AD_UNKNOWN_CA;
+ break;
+ case X509_V_ERR_APPLICATION_VERIFICATION:
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ break;
+ case X509_V_ERR_INVALID_PURPOSE:
+ al = SSL_AD_UNSUPPORTED_CERTIFICATE;
+ break;
+ default:
+ al = SSL_AD_CERTIFICATE_UNKNOWN;
+ break;
+ }
+ return (al);
+}
+
+int ssl3_setup_buffers(SSL *s)
+{
+ unsigned char *p;
+ unsigned int extra, headerlen;
+ size_t len;
+
+ if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+ headerlen = DTLS1_RT_HEADER_LENGTH;
+ else
+ headerlen = SSL3_RT_HEADER_LENGTH;
+
+ if (s->s3->rbuf.buf == NULL) {
+ if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+ extra = SSL3_RT_MAX_EXTRA;
+ else
+ extra = 0;
+ len = SSL3_RT_MAX_PACKET_SIZE + extra;
+ if ((p = OPENSSL_malloc(len)) == NULL)
+ goto err;
+ s->s3->rbuf.buf = p;
+ s->s3->rbuf.len = len;
+ }
+
+ if (s->s3->wbuf.buf == NULL) {
+ len = SSL3_RT_MAX_PACKET_SIZE;
+ len += headerlen + 256; /* extra space for empty fragment */
+ if ((p = OPENSSL_malloc(len)) == NULL)
+ goto err;
+ s->s3->wbuf.buf = p;
+ s->s3->wbuf.len = len;
+ }
+ s->packet = &(s->s3->rbuf.buf[0]);
+ return (1);
+ err:
+ SSLerr(SSL_F_SSL3_SETUP_BUFFERS, ERR_R_MALLOC_FAILURE);
+ return (0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s3_cbc.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s3_cbc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,748 +0,0 @@
-/* ssl/s3_cbc.c */
-/* ====================================================================
- * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include "../crypto/constant_time_locl.h"
-#include "ssl_locl.h"
-
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-
-/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length
- * field. (SHA-384/512 have 128-bit length.) */
-#define MAX_HASH_BIT_COUNT_BYTES 16
-
-/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
- * Currently SHA-384/512 has a 128-byte block size and that's the largest
- * supported by TLS.) */
-#define MAX_HASH_BLOCK_SIZE 128
-
-/* ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
- * record in |rec| by updating |rec->length| in constant time.
- *
- * block_size: the block size of the cipher used to encrypt the record.
- * returns:
- * 0: (in non-constant time) if the record is publicly invalid.
- * 1: if the padding was valid
- * -1: otherwise. */
-int ssl3_cbc_remove_padding(const SSL* s,
- SSL3_RECORD *rec,
- unsigned block_size,
- unsigned mac_size)
- {
- unsigned padding_length, good;
- const unsigned overhead = 1 /* padding length byte */ + mac_size;
-
- /* These lengths are all public so we can test them in non-constant
- * time. */
- if (overhead > rec->length)
- return 0;
-
- padding_length = rec->data[rec->length-1];
- good = constant_time_ge(rec->length, padding_length+overhead);
- /* SSLv3 requires that the padding is minimal. */
- good &= constant_time_ge(block_size, padding_length+1);
- padding_length = good & (padding_length+1);
- rec->length -= padding_length;
- rec->type |= padding_length<<8; /* kludge: pass padding length */
- return constant_time_select_int(good, 1, -1);
- }
-
-/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
- * record in |rec| in constant time and returns 1 if the padding is valid and
- * -1 otherwise. It also removes any explicit IV from the start of the record
- * without leaking any timing about whether there was enough space after the
- * padding was removed.
- *
- * block_size: the block size of the cipher used to encrypt the record.
- * returns:
- * 0: (in non-constant time) if the record is publicly invalid.
- * 1: if the padding was valid
- * -1: otherwise. */
-int tls1_cbc_remove_padding(const SSL* s,
- SSL3_RECORD *rec,
- unsigned block_size,
- unsigned mac_size)
- {
- unsigned padding_length, good, to_check, i;
- const unsigned overhead = 1 /* padding length byte */ + mac_size;
- /* Check if version requires explicit IV */
- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
- {
- /* These lengths are all public so we can test them in
- * non-constant time.
- */
- if (overhead + block_size > rec->length)
- return 0;
- /* We can now safely skip explicit IV */
- rec->data += block_size;
- rec->input += block_size;
- rec->length -= block_size;
- }
- else if (overhead > rec->length)
- return 0;
-
- padding_length = rec->data[rec->length-1];
-
- /* NB: if compression is in operation the first packet may not be of
- * even length so the padding bug check cannot be performed. This bug
- * workaround has been around since SSLeay so hopefully it is either
- * fixed now or no buggy implementation supports compression [steve]
- */
- if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand)
- {
- /* First packet is even in size, so check */
- if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0",8) == 0) &&
- !(padding_length & 1))
- {
- s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
- }
- if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) &&
- padding_length > 0)
- {
- padding_length--;
- }
- }
-
- good = constant_time_ge(rec->length, overhead+padding_length);
- /* The padding consists of a length byte at the end of the record and
- * then that many bytes of padding, all with the same value as the
- * length byte. Thus, with the length byte included, there are i+1
- * bytes of padding.
- *
- * We can't check just |padding_length+1| bytes because that leaks
- * decrypted information. Therefore we always have to check the maximum
- * amount of padding possible. (Again, the length of the record is
- * public information so we can use it.) */
- to_check = 255; /* maximum amount of padding. */
- if (to_check > rec->length-1)
- to_check = rec->length-1;
-
- for (i = 0; i < to_check; i++)
- {
- unsigned char mask = constant_time_ge_8(padding_length, i);
- unsigned char b = rec->data[rec->length-1-i];
- /* The final |padding_length+1| bytes should all have the value
- * |padding_length|. Therefore the XOR should be zero. */
- good &= ~(mask&(padding_length ^ b));
- }
-
- /* If any of the final |padding_length+1| bytes had the wrong value,
- * one or more of the lower eight bits of |good| will be cleared.
- */
- good = constant_time_eq(0xff, good & 0xff);
- padding_length = good & (padding_length+1);
- rec->length -= padding_length;
- rec->type |= padding_length<<8; /* kludge: pass padding length */
-
- return constant_time_select_int(good, 1, -1);
- }
-
-/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
- * constant time (independent of the concrete value of rec->length, which may
- * vary within a 256-byte window).
- *
- * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
- * this function.
- *
- * On entry:
- * rec->orig_len >= md_size
- * md_size <= EVP_MAX_MD_SIZE
- *
- * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
- * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
- * a single or pair of cache-lines, then the variable memory accesses don't
- * actually affect the timing. CPUs with smaller cache-lines [if any] are
- * not multi-core and are not considered vulnerable to cache-timing attacks.
- */
-#define CBC_MAC_ROTATE_IN_PLACE
-
-void ssl3_cbc_copy_mac(unsigned char* out,
- const SSL3_RECORD *rec,
- unsigned md_size,unsigned orig_len)
- {
-#if defined(CBC_MAC_ROTATE_IN_PLACE)
- unsigned char rotated_mac_buf[64+EVP_MAX_MD_SIZE];
- unsigned char *rotated_mac;
-#else
- unsigned char rotated_mac[EVP_MAX_MD_SIZE];
-#endif
-
- /* mac_end is the index of |rec->data| just after the end of the MAC. */
- unsigned mac_end = rec->length;
- unsigned mac_start = mac_end - md_size;
- /* scan_start contains the number of bytes that we can ignore because
- * the MAC's position can only vary by 255 bytes. */
- unsigned scan_start = 0;
- unsigned i, j;
- unsigned div_spoiler;
- unsigned rotate_offset;
-
- OPENSSL_assert(orig_len >= md_size);
- OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
-
-#if defined(CBC_MAC_ROTATE_IN_PLACE)
- rotated_mac = rotated_mac_buf + ((0-(size_t)rotated_mac_buf)&63);
-#endif
-
- /* This information is public so it's safe to branch based on it. */
- if (orig_len > md_size + 255 + 1)
- scan_start = orig_len - (md_size + 255 + 1);
- /* div_spoiler contains a multiple of md_size that is used to cause the
- * modulo operation to be constant time. Without this, the time varies
- * based on the amount of padding when running on Intel chips at least.
- *
- * The aim of right-shifting md_size is so that the compiler doesn't
- * figure out that it can remove div_spoiler as that would require it
- * to prove that md_size is always even, which I hope is beyond it. */
- div_spoiler = md_size >> 1;
- div_spoiler <<= (sizeof(div_spoiler)-1)*8;
- rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
-
- memset(rotated_mac, 0, md_size);
- for (i = scan_start, j = 0; i < orig_len; i++)
- {
- unsigned char mac_started = constant_time_ge_8(i, mac_start);
- unsigned char mac_ended = constant_time_ge_8(i, mac_end);
- unsigned char b = rec->data[i];
- rotated_mac[j++] |= b & mac_started & ~mac_ended;
- j &= constant_time_lt(j,md_size);
- }
-
- /* Now rotate the MAC */
-#if defined(CBC_MAC_ROTATE_IN_PLACE)
- j = 0;
- for (i = 0; i < md_size; i++)
- {
- /* in case cache-line is 32 bytes, touch second line */
- ((volatile unsigned char *)rotated_mac)[rotate_offset^32];
- out[j++] = rotated_mac[rotate_offset++];
- rotate_offset &= constant_time_lt(rotate_offset,md_size);
- }
-#else
- memset(out, 0, md_size);
- rotate_offset = md_size - rotate_offset;
- rotate_offset &= constant_time_lt(rotate_offset,md_size);
- for (i = 0; i < md_size; i++)
- {
- for (j = 0; j < md_size; j++)
- out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
- rotate_offset++;
- rotate_offset &= constant_time_lt(rotate_offset,md_size);
- }
-#endif
- }
-
-/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
- * little-endian order. The value of p is advanced by four. */
-#define u32toLE(n, p) \
- (*((p)++)=(unsigned char)(n), \
- *((p)++)=(unsigned char)(n>>8), \
- *((p)++)=(unsigned char)(n>>16), \
- *((p)++)=(unsigned char)(n>>24))
-
-/* These functions serialize the state of a hash and thus perform the standard
- * "final" operation without adding the padding and length that such a function
- * typically does. */
-static void tls1_md5_final_raw(void* ctx, unsigned char *md_out)
- {
- MD5_CTX *md5 = ctx;
- u32toLE(md5->A, md_out);
- u32toLE(md5->B, md_out);
- u32toLE(md5->C, md_out);
- u32toLE(md5->D, md_out);
- }
-
-static void tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
- {
- SHA_CTX *sha1 = ctx;
- l2n(sha1->h0, md_out);
- l2n(sha1->h1, md_out);
- l2n(sha1->h2, md_out);
- l2n(sha1->h3, md_out);
- l2n(sha1->h4, md_out);
- }
-#define LARGEST_DIGEST_CTX SHA_CTX
-
-#ifndef OPENSSL_NO_SHA256
-static void tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
- {
- SHA256_CTX *sha256 = ctx;
- unsigned i;
-
- for (i = 0; i < 8; i++)
- {
- l2n(sha256->h[i], md_out);
- }
- }
-#undef LARGEST_DIGEST_CTX
-#define LARGEST_DIGEST_CTX SHA256_CTX
-#endif
-
-#ifndef OPENSSL_NO_SHA512
-static void tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
- {
- SHA512_CTX *sha512 = ctx;
- unsigned i;
-
- for (i = 0; i < 8; i++)
- {
- l2n8(sha512->h[i], md_out);
- }
- }
-#undef LARGEST_DIGEST_CTX
-#define LARGEST_DIGEST_CTX SHA512_CTX
-#endif
-
-/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
- * which ssl3_cbc_digest_record supports. */
-char ssl3_cbc_record_digest_supported(const EVP_MD *digest)
- {
-#ifdef OPENSSL_FIPS
- if (FIPS_mode())
- return 0;
-#endif
- switch (EVP_MD_type(digest))
- {
- case NID_md5:
- case NID_sha1:
-#ifndef OPENSSL_NO_SHA256
- case NID_sha224:
- case NID_sha256:
-#endif
-#ifndef OPENSSL_NO_SHA512
- case NID_sha384:
- case NID_sha512:
-#endif
- return 1;
- default:
- return 0;
- }
- }
-
-/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
- * record.
- *
- * ctx: the EVP_MD_CTX from which we take the hash function.
- * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
- * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
- * md_out_size: if non-NULL, the number of output bytes is written here.
- * header: the 13-byte, TLS record header.
- * data: the record data itself, less any preceeding explicit IV.
- * data_plus_mac_size: the secret, reported length of the data and MAC
- * once the padding has been removed.
- * data_plus_mac_plus_padding_size: the public length of the whole
- * record, including padding.
- * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
- *
- * On entry: by virtue of having been through one of the remove_padding
- * functions, above, we know that data_plus_mac_size is large enough to contain
- * a padding byte and MAC. (If the padding was invalid, it might contain the
- * padding too. ) */
-void ssl3_cbc_digest_record(
- const EVP_MD *digest,
- unsigned char* md_out,
- size_t* md_out_size,
- const unsigned char header[13],
- const unsigned char *data,
- size_t data_plus_mac_size,
- size_t data_plus_mac_plus_padding_size,
- const unsigned char *mac_secret,
- unsigned mac_secret_length,
- char is_sslv3)
- {
- union { double align;
- unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; } md_state;
- void (*md_final_raw)(void *ctx, unsigned char *md_out);
- void (*md_transform)(void *ctx, const unsigned char *block);
- unsigned md_size, md_block_size = 64;
- unsigned sslv3_pad_length = 40, header_length, variance_blocks,
- len, max_mac_bytes, num_blocks,
- num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
- unsigned int bits; /* at most 18 bits */
- unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
- /* hmac_pad is the masked HMAC key. */
- unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
- unsigned char first_block[MAX_HASH_BLOCK_SIZE];
- unsigned char mac_out[EVP_MAX_MD_SIZE];
- unsigned i, j, md_out_size_u;
- EVP_MD_CTX md_ctx;
- /* mdLengthSize is the number of bytes in the length field that terminates
- * the hash. */
- unsigned md_length_size = 8;
- char length_is_big_endian = 1;
-
- /* This is a, hopefully redundant, check that allows us to forget about
- * many possible overflows later in this function. */
- OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
-
- switch (EVP_MD_type(digest))
- {
- case NID_md5:
- MD5_Init((MD5_CTX*)md_state.c);
- md_final_raw = tls1_md5_final_raw;
- md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
- md_size = 16;
- sslv3_pad_length = 48;
- length_is_big_endian = 0;
- break;
- case NID_sha1:
- SHA1_Init((SHA_CTX*)md_state.c);
- md_final_raw = tls1_sha1_final_raw;
- md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
- md_size = 20;
- break;
-#ifndef OPENSSL_NO_SHA256
- case NID_sha224:
- SHA224_Init((SHA256_CTX*)md_state.c);
- md_final_raw = tls1_sha256_final_raw;
- md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
- md_size = 224/8;
- break;
- case NID_sha256:
- SHA256_Init((SHA256_CTX*)md_state.c);
- md_final_raw = tls1_sha256_final_raw;
- md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
- md_size = 32;
- break;
-#endif
-#ifndef OPENSSL_NO_SHA512
- case NID_sha384:
- SHA384_Init((SHA512_CTX*)md_state.c);
- md_final_raw = tls1_sha512_final_raw;
- md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
- md_size = 384/8;
- md_block_size = 128;
- md_length_size = 16;
- break;
- case NID_sha512:
- SHA512_Init((SHA512_CTX*)md_state.c);
- md_final_raw = tls1_sha512_final_raw;
- md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
- md_size = 64;
- md_block_size = 128;
- md_length_size = 16;
- break;
-#endif
- default:
- /* ssl3_cbc_record_digest_supported should have been
- * called first to check that the hash function is
- * supported. */
- OPENSSL_assert(0);
- if (md_out_size)
- *md_out_size = -1;
- return;
- }
-
- OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
- OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
- OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
-
- header_length = 13;
- if (is_sslv3)
- {
- header_length =
- mac_secret_length +
- sslv3_pad_length +
- 8 /* sequence number */ +
- 1 /* record type */ +
- 2 /* record length */;
- }
-
- /* variance_blocks is the number of blocks of the hash that we have to
- * calculate in constant time because they could be altered by the
- * padding value.
- *
- * In SSLv3, the padding must be minimal so the end of the plaintext
- * varies by, at most, 15+20 = 35 bytes. (We conservatively assume that
- * the MAC size varies from 0..20 bytes.) In case the 9 bytes of hash
- * termination (0x80 + 64-bit length) don't fit in the final block, we
- * say that the final two blocks can vary based on the padding.
- *
- * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
- * required to be minimal. Therefore we say that the final six blocks
- * can vary based on the padding.
- *
- * Later in the function, if the message is short and there obviously
- * cannot be this many blocks then variance_blocks can be reduced. */
- variance_blocks = is_sslv3 ? 2 : 6;
- /* From now on we're dealing with the MAC, which conceptually has 13
- * bytes of `header' before the start of the data (TLS) or 71/75 bytes
- * (SSLv3) */
- len = data_plus_mac_plus_padding_size + header_length;
- /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including
- * |header|, assuming that there's no padding. */
- max_mac_bytes = len - md_size - 1;
- /* num_blocks is the maximum number of hash blocks. */
- num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
- /* In order to calculate the MAC in constant time we have to handle
- * the final blocks specially because the padding value could cause the
- * end to appear somewhere in the final |variance_blocks| blocks and we
- * can't leak where. However, |num_starting_blocks| worth of data can
- * be hashed right away because no padding value can affect whether
- * they are plaintext. */
- num_starting_blocks = 0;
- /* k is the starting byte offset into the conceptual header||data where
- * we start processing. */
- k = 0;
- /* mac_end_offset is the index just past the end of the data to be
- * MACed. */
- mac_end_offset = data_plus_mac_size + header_length - md_size;
- /* c is the index of the 0x80 byte in the final hash block that
- * contains application data. */
- c = mac_end_offset % md_block_size;
- /* index_a is the hash block number that contains the 0x80 terminating
- * value. */
- index_a = mac_end_offset / md_block_size;
- /* index_b is the hash block number that contains the 64-bit hash
- * length, in bits. */
- index_b = (mac_end_offset + md_length_size) / md_block_size;
- /* bits is the hash-length in bits. It includes the additional hash
- * block for the masked HMAC key, or whole of |header| in the case of
- * SSLv3. */
-
- /* For SSLv3, if we're going to have any starting blocks then we need
- * at least two because the header is larger than a single block. */
- if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0))
- {
- num_starting_blocks = num_blocks - variance_blocks;
- k = md_block_size*num_starting_blocks;
- }
-
- bits = 8*mac_end_offset;
- if (!is_sslv3)
- {
- /* Compute the initial HMAC block. For SSLv3, the padding and
- * secret bytes are included in |header| because they take more
- * than a single block. */
- bits += 8*md_block_size;
- memset(hmac_pad, 0, md_block_size);
- OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
- memcpy(hmac_pad, mac_secret, mac_secret_length);
- for (i = 0; i < md_block_size; i++)
- hmac_pad[i] ^= 0x36;
-
- md_transform(md_state.c, hmac_pad);
- }
-
- if (length_is_big_endian)
- {
- memset(length_bytes,0,md_length_size-4);
- length_bytes[md_length_size-4] = (unsigned char)(bits>>24);
- length_bytes[md_length_size-3] = (unsigned char)(bits>>16);
- length_bytes[md_length_size-2] = (unsigned char)(bits>>8);
- length_bytes[md_length_size-1] = (unsigned char)bits;
- }
- else
- {
- memset(length_bytes,0,md_length_size);
- length_bytes[md_length_size-5] = (unsigned char)(bits>>24);
- length_bytes[md_length_size-6] = (unsigned char)(bits>>16);
- length_bytes[md_length_size-7] = (unsigned char)(bits>>8);
- length_bytes[md_length_size-8] = (unsigned char)bits;
- }
-
- if (k > 0)
- {
- if (is_sslv3)
- {
- /* The SSLv3 header is larger than a single block.
- * overhang is the number of bytes beyond a single
- * block that the header consumes: either 7 bytes
- * (SHA1) or 11 bytes (MD5). */
- unsigned overhang = header_length-md_block_size;
- md_transform(md_state.c, header);
- memcpy(first_block, header + md_block_size, overhang);
- memcpy(first_block + overhang, data, md_block_size-overhang);
- md_transform(md_state.c, first_block);
- for (i = 1; i < k/md_block_size - 1; i++)
- md_transform(md_state.c, data + md_block_size*i - overhang);
- }
- else
- {
- /* k is a multiple of md_block_size. */
- memcpy(first_block, header, 13);
- memcpy(first_block+13, data, md_block_size-13);
- md_transform(md_state.c, first_block);
- for (i = 1; i < k/md_block_size; i++)
- md_transform(md_state.c, data + md_block_size*i - 13);
- }
- }
-
- memset(mac_out, 0, sizeof(mac_out));
-
- /* We now process the final hash blocks. For each block, we construct
- * it in constant time. If the |i==index_a| then we'll include the 0x80
- * bytes and zero pad etc. For each block we selectively copy it, in
- * constant time, to |mac_out|. */
- for (i = num_starting_blocks; i <= num_starting_blocks+variance_blocks; i++)
- {
- unsigned char block[MAX_HASH_BLOCK_SIZE];
- unsigned char is_block_a = constant_time_eq_8(i, index_a);
- unsigned char is_block_b = constant_time_eq_8(i, index_b);
- for (j = 0; j < md_block_size; j++)
- {
- unsigned char b = 0, is_past_c, is_past_cp1;
- if (k < header_length)
- b = header[k];
- else if (k < data_plus_mac_plus_padding_size + header_length)
- b = data[k-header_length];
- k++;
-
- is_past_c = is_block_a & constant_time_ge_8(j, c);
- is_past_cp1 = is_block_a & constant_time_ge_8(j, c+1);
- /* If this is the block containing the end of the
- * application data, and we are at the offset for the
- * 0x80 value, then overwrite b with 0x80. */
- b = constant_time_select_8(is_past_c, 0x80, b);
- /* If this the the block containing the end of the
- * application data and we're past the 0x80 value then
- * just write zero. */
- b = b&~is_past_cp1;
- /* If this is index_b (the final block), but not
- * index_a (the end of the data), then the 64-bit
- * length didn't fit into index_a and we're having to
- * add an extra block of zeros. */
- b &= ~is_block_b | is_block_a;
-
- /* The final bytes of one of the blocks contains the
- * length. */
- if (j >= md_block_size - md_length_size)
- {
- /* If this is index_b, write a length byte. */
- b = constant_time_select_8(
- is_block_b, length_bytes[j-(md_block_size-md_length_size)], b);
- }
- block[j] = b;
- }
-
- md_transform(md_state.c, block);
- md_final_raw(md_state.c, block);
- /* If this is index_b, copy the hash value to |mac_out|. */
- for (j = 0; j < md_size; j++)
- mac_out[j] |= block[j]&is_block_b;
- }
-
- EVP_MD_CTX_init(&md_ctx);
- EVP_DigestInit_ex(&md_ctx, digest, NULL /* engine */);
- if (is_sslv3)
- {
- /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
- memset(hmac_pad, 0x5c, sslv3_pad_length);
-
- EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
- EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
- EVP_DigestUpdate(&md_ctx, mac_out, md_size);
- }
- else
- {
- /* Complete the HMAC in the standard manner. */
- for (i = 0; i < md_block_size; i++)
- hmac_pad[i] ^= 0x6a;
-
- EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
- EVP_DigestUpdate(&md_ctx, mac_out, md_size);
- }
- EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
- if (md_out_size)
- *md_out_size = md_out_size_u;
- EVP_MD_CTX_cleanup(&md_ctx);
- }
-
-#ifdef OPENSSL_FIPS
-
-/* Due to the need to use EVP in FIPS mode we can't reimplement digests but
- * we can ensure the number of blocks processed is equal for all cases
- * by digesting additional data.
- */
-
-void tls_fips_digest_extra(
- const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx,
- const unsigned char *data, size_t data_len, size_t orig_len)
- {
- size_t block_size, digest_pad, blocks_data, blocks_orig;
- if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
- return;
- block_size = EVP_MD_block_size(hash);
- /* We are in FIPS mode if we get this far so we know we have only SHA*
- * digests and TLS to deal with.
- * Minimum digest padding length is 17 for SHA384/SHA512 and 9
- * otherwise.
- * Additional header is 13 bytes. To get the number of digest blocks
- * processed round up the amount of data plus padding to the nearest
- * block length. Block length is 128 for SHA384/SHA512 and 64 otherwise.
- * So we have:
- * blocks = (payload_len + digest_pad + 13 + block_size - 1)/block_size
- * equivalently:
- * blocks = (payload_len + digest_pad + 12)/block_size + 1
- * HMAC adds a constant overhead.
- * We're ultimately only interested in differences so this becomes
- * blocks = (payload_len + 29)/128
- * for SHA384/SHA512 and
- * blocks = (payload_len + 21)/64
- * otherwise.
- */
- digest_pad = block_size == 64 ? 21 : 29;
- blocks_orig = (orig_len + digest_pad)/block_size;
- blocks_data = (data_len + digest_pad)/block_size;
- /* MAC enough blocks to make up the difference between the original
- * and actual lengths plus one extra block to ensure this is never a
- * no op. The "data" pointer should always have enough space to
- * perform this operation as it is large enough for a maximum
- * length TLS buffer.
- */
- HMAC_Update(hctx, data,
- (blocks_orig - blocks_data + 1) * block_size);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s3_cbc.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s3_cbc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s3_cbc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_cbc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,783 @@
+/* ssl/s3_cbc.c */
+/* ====================================================================
+ * Copyright (c) 2012 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include "../crypto/constant_time_locl.h"
+#include "ssl_locl.h"
+
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+
+/*
+ * MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's
+ * length field. (SHA-384/512 have 128-bit length.)
+ */
+#define MAX_HASH_BIT_COUNT_BYTES 16
+
+/*
+ * MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
+ * Currently SHA-384/512 has a 128-byte block size and that's the largest
+ * supported by TLS.)
+ */
+#define MAX_HASH_BLOCK_SIZE 128
+
+/*-
+ * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
+ * record in |rec| by updating |rec->length| in constant time.
+ *
+ * block_size: the block size of the cipher used to encrypt the record.
+ * returns:
+ * 0: (in non-constant time) if the record is publicly invalid.
+ * 1: if the padding was valid
+ * -1: otherwise.
+ */
+int ssl3_cbc_remove_padding(const SSL *s,
+ SSL3_RECORD *rec,
+ unsigned block_size, unsigned mac_size)
+{
+ unsigned padding_length, good;
+ const unsigned overhead = 1 /* padding length byte */ + mac_size;
+
+ /*
+ * These lengths are all public so we can test them in non-constant time.
+ */
+ if (overhead > rec->length)
+ return 0;
+
+ padding_length = rec->data[rec->length - 1];
+ good = constant_time_ge(rec->length, padding_length + overhead);
+ /* SSLv3 requires that the padding is minimal. */
+ good &= constant_time_ge(block_size, padding_length + 1);
+ padding_length = good & (padding_length + 1);
+ rec->length -= padding_length;
+ rec->type |= padding_length << 8; /* kludge: pass padding length */
+ return constant_time_select_int(good, 1, -1);
+}
+
+/*-
+ * tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
+ * record in |rec| in constant time and returns 1 if the padding is valid and
+ * -1 otherwise. It also removes any explicit IV from the start of the record
+ * without leaking any timing about whether there was enough space after the
+ * padding was removed.
+ *
+ * block_size: the block size of the cipher used to encrypt the record.
+ * returns:
+ * 0: (in non-constant time) if the record is publicly invalid.
+ * 1: if the padding was valid
+ * -1: otherwise.
+ */
+int tls1_cbc_remove_padding(const SSL *s,
+ SSL3_RECORD *rec,
+ unsigned block_size, unsigned mac_size)
+{
+ unsigned padding_length, good, to_check, i;
+ const unsigned overhead = 1 /* padding length byte */ + mac_size;
+ /* Check if version requires explicit IV */
+ if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+ /*
+ * These lengths are all public so we can test them in non-constant
+ * time.
+ */
+ if (overhead + block_size > rec->length)
+ return 0;
+ /* We can now safely skip explicit IV */
+ rec->data += block_size;
+ rec->input += block_size;
+ rec->length -= block_size;
+ } else if (overhead > rec->length)
+ return 0;
+
+ padding_length = rec->data[rec->length - 1];
+
+ /*
+ * NB: if compression is in operation the first packet may not be of even
+ * length so the padding bug check cannot be performed. This bug
+ * workaround has been around since SSLeay so hopefully it is either
+ * fixed now or no buggy implementation supports compression [steve]
+ */
+ if ((s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) && !s->expand) {
+ /* First packet is even in size, so check */
+ if ((memcmp(s->s3->read_sequence, "\0\0\0\0\0\0\0\0", 8) == 0) &&
+ !(padding_length & 1)) {
+ s->s3->flags |= TLS1_FLAGS_TLS_PADDING_BUG;
+ }
+ if ((s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) && padding_length > 0) {
+ padding_length--;
+ }
+ }
+
+ good = constant_time_ge(rec->length, overhead + padding_length);
+ /*
+ * The padding consists of a length byte at the end of the record and
+ * then that many bytes of padding, all with the same value as the length
+ * byte. Thus, with the length byte included, there are i+1 bytes of
+ * padding. We can't check just |padding_length+1| bytes because that
+ * leaks decrypted information. Therefore we always have to check the
+ * maximum amount of padding possible. (Again, the length of the record
+ * is public information so we can use it.)
+ */
+ to_check = 255; /* maximum amount of padding. */
+ if (to_check > rec->length - 1)
+ to_check = rec->length - 1;
+
+ for (i = 0; i < to_check; i++) {
+ unsigned char mask = constant_time_ge_8(padding_length, i);
+ unsigned char b = rec->data[rec->length - 1 - i];
+ /*
+ * The final |padding_length+1| bytes should all have the value
+ * |padding_length|. Therefore the XOR should be zero.
+ */
+ good &= ~(mask & (padding_length ^ b));
+ }
+
+ /*
+ * If any of the final |padding_length+1| bytes had the wrong value, one
+ * or more of the lower eight bits of |good| will be cleared.
+ */
+ good = constant_time_eq(0xff, good & 0xff);
+ padding_length = good & (padding_length + 1);
+ rec->length -= padding_length;
+ rec->type |= padding_length << 8; /* kludge: pass padding length */
+
+ return constant_time_select_int(good, 1, -1);
+}
+
+/*-
+ * ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
+ * constant time (independent of the concrete value of rec->length, which may
+ * vary within a 256-byte window).
+ *
+ * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
+ * this function.
+ *
+ * On entry:
+ * rec->orig_len >= md_size
+ * md_size <= EVP_MAX_MD_SIZE
+ *
+ * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
+ * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
+ * a single or pair of cache-lines, then the variable memory accesses don't
+ * actually affect the timing. CPUs with smaller cache-lines [if any] are
+ * not multi-core and are not considered vulnerable to cache-timing attacks.
+ */
+#define CBC_MAC_ROTATE_IN_PLACE
+
+void ssl3_cbc_copy_mac(unsigned char *out,
+ const SSL3_RECORD *rec,
+ unsigned md_size, unsigned orig_len)
+{
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+ unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
+ unsigned char *rotated_mac;
+#else
+ unsigned char rotated_mac[EVP_MAX_MD_SIZE];
+#endif
+
+ /*
+ * mac_end is the index of |rec->data| just after the end of the MAC.
+ */
+ unsigned mac_end = rec->length;
+ unsigned mac_start = mac_end - md_size;
+ /*
+ * scan_start contains the number of bytes that we can ignore because the
+ * MAC's position can only vary by 255 bytes.
+ */
+ unsigned scan_start = 0;
+ unsigned i, j;
+ unsigned div_spoiler;
+ unsigned rotate_offset;
+
+ OPENSSL_assert(orig_len >= md_size);
+ OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
+
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+ rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf) & 63);
+#endif
+
+ /* This information is public so it's safe to branch based on it. */
+ if (orig_len > md_size + 255 + 1)
+ scan_start = orig_len - (md_size + 255 + 1);
+ /*
+ * div_spoiler contains a multiple of md_size that is used to cause the
+ * modulo operation to be constant time. Without this, the time varies
+ * based on the amount of padding when running on Intel chips at least.
+ * The aim of right-shifting md_size is so that the compiler doesn't
+ * figure out that it can remove div_spoiler as that would require it to
+ * prove that md_size is always even, which I hope is beyond it.
+ */
+ div_spoiler = md_size >> 1;
+ div_spoiler <<= (sizeof(div_spoiler) - 1) * 8;
+ rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
+
+ memset(rotated_mac, 0, md_size);
+ for (i = scan_start, j = 0; i < orig_len; i++) {
+ unsigned char mac_started = constant_time_ge_8(i, mac_start);
+ unsigned char mac_ended = constant_time_ge_8(i, mac_end);
+ unsigned char b = rec->data[i];
+ rotated_mac[j++] |= b & mac_started & ~mac_ended;
+ j &= constant_time_lt(j, md_size);
+ }
+
+ /* Now rotate the MAC */
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+ j = 0;
+ for (i = 0; i < md_size; i++) {
+ /* in case cache-line is 32 bytes, touch second line */
+ ((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32];
+ out[j++] = rotated_mac[rotate_offset++];
+ rotate_offset &= constant_time_lt(rotate_offset, md_size);
+ }
+#else
+ memset(out, 0, md_size);
+ rotate_offset = md_size - rotate_offset;
+ rotate_offset &= constant_time_lt(rotate_offset, md_size);
+ for (i = 0; i < md_size; i++) {
+ for (j = 0; j < md_size; j++)
+ out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
+ rotate_offset++;
+ rotate_offset &= constant_time_lt(rotate_offset, md_size);
+ }
+#endif
+}
+
+/*
+ * u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
+ * little-endian order. The value of p is advanced by four.
+ */
+#define u32toLE(n, p) \
+ (*((p)++)=(unsigned char)(n), \
+ *((p)++)=(unsigned char)(n>>8), \
+ *((p)++)=(unsigned char)(n>>16), \
+ *((p)++)=(unsigned char)(n>>24))
+
+/*
+ * These functions serialize the state of a hash and thus perform the
+ * standard "final" operation without adding the padding and length that such
+ * a function typically does.
+ */
+static void tls1_md5_final_raw(void *ctx, unsigned char *md_out)
+{
+ MD5_CTX *md5 = ctx;
+ u32toLE(md5->A, md_out);
+ u32toLE(md5->B, md_out);
+ u32toLE(md5->C, md_out);
+ u32toLE(md5->D, md_out);
+}
+
+static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
+{
+ SHA_CTX *sha1 = ctx;
+ l2n(sha1->h0, md_out);
+ l2n(sha1->h1, md_out);
+ l2n(sha1->h2, md_out);
+ l2n(sha1->h3, md_out);
+ l2n(sha1->h4, md_out);
+}
+
+#define LARGEST_DIGEST_CTX SHA_CTX
+
+#ifndef OPENSSL_NO_SHA256
+static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
+{
+ SHA256_CTX *sha256 = ctx;
+ unsigned i;
+
+ for (i = 0; i < 8; i++) {
+ l2n(sha256->h[i], md_out);
+ }
+}
+
+# undef LARGEST_DIGEST_CTX
+# define LARGEST_DIGEST_CTX SHA256_CTX
+#endif
+
+#ifndef OPENSSL_NO_SHA512
+static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
+{
+ SHA512_CTX *sha512 = ctx;
+ unsigned i;
+
+ for (i = 0; i < 8; i++) {
+ l2n8(sha512->h[i], md_out);
+ }
+}
+
+# undef LARGEST_DIGEST_CTX
+# define LARGEST_DIGEST_CTX SHA512_CTX
+#endif
+
+/*
+ * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
+ * which ssl3_cbc_digest_record supports.
+ */
+char ssl3_cbc_record_digest_supported(const EVP_MD *digest)
+{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ return 0;
+#endif
+ switch (EVP_MD_type(digest)) {
+ case NID_md5:
+ case NID_sha1:
+#ifndef OPENSSL_NO_SHA256
+ case NID_sha224:
+ case NID_sha256:
+#endif
+#ifndef OPENSSL_NO_SHA512
+ case NID_sha384:
+ case NID_sha512:
+#endif
+ return 1;
+ default:
+ return 0;
+ }
+}
+
+/*-
+ * ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
+ * record.
+ *
+ * ctx: the EVP_MD_CTX from which we take the hash function.
+ * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
+ * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
+ * md_out_size: if non-NULL, the number of output bytes is written here.
+ * header: the 13-byte, TLS record header.
+ * data: the record data itself, less any preceeding explicit IV.
+ * data_plus_mac_size: the secret, reported length of the data and MAC
+ * once the padding has been removed.
+ * data_plus_mac_plus_padding_size: the public length of the whole
+ * record, including padding.
+ * is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
+ *
+ * On entry: by virtue of having been through one of the remove_padding
+ * functions, above, we know that data_plus_mac_size is large enough to contain
+ * a padding byte and MAC. (If the padding was invalid, it might contain the
+ * padding too. )
+ */
+void ssl3_cbc_digest_record(const EVP_MD *digest,
+ unsigned char *md_out,
+ size_t *md_out_size,
+ const unsigned char header[13],
+ const unsigned char *data,
+ size_t data_plus_mac_size,
+ size_t data_plus_mac_plus_padding_size,
+ const unsigned char *mac_secret,
+ unsigned mac_secret_length, char is_sslv3)
+{
+ union {
+ double align;
+ unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
+ } md_state;
+ void (*md_final_raw) (void *ctx, unsigned char *md_out);
+ void (*md_transform) (void *ctx, const unsigned char *block);
+ unsigned md_size, md_block_size = 64;
+ unsigned sslv3_pad_length = 40, header_length, variance_blocks,
+ len, max_mac_bytes, num_blocks,
+ num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
+ unsigned int bits; /* at most 18 bits */
+ unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
+ /* hmac_pad is the masked HMAC key. */
+ unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
+ unsigned char first_block[MAX_HASH_BLOCK_SIZE];
+ unsigned char mac_out[EVP_MAX_MD_SIZE];
+ unsigned i, j, md_out_size_u;
+ EVP_MD_CTX md_ctx;
+ /*
+ * mdLengthSize is the number of bytes in the length field that
+ * terminates * the hash.
+ */
+ unsigned md_length_size = 8;
+ char length_is_big_endian = 1;
+
+ /*
+ * This is a, hopefully redundant, check that allows us to forget about
+ * many possible overflows later in this function.
+ */
+ OPENSSL_assert(data_plus_mac_plus_padding_size < 1024 * 1024);
+
+ switch (EVP_MD_type(digest)) {
+ case NID_md5:
+ MD5_Init((MD5_CTX *)md_state.c);
+ md_final_raw = tls1_md5_final_raw;
+ md_transform =
+ (void (*)(void *ctx, const unsigned char *block))MD5_Transform;
+ md_size = 16;
+ sslv3_pad_length = 48;
+ length_is_big_endian = 0;
+ break;
+ case NID_sha1:
+ SHA1_Init((SHA_CTX *)md_state.c);
+ md_final_raw = tls1_sha1_final_raw;
+ md_transform =
+ (void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
+ md_size = 20;
+ break;
+#ifndef OPENSSL_NO_SHA256
+ case NID_sha224:
+ SHA224_Init((SHA256_CTX *)md_state.c);
+ md_final_raw = tls1_sha256_final_raw;
+ md_transform =
+ (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
+ md_size = 224 / 8;
+ break;
+ case NID_sha256:
+ SHA256_Init((SHA256_CTX *)md_state.c);
+ md_final_raw = tls1_sha256_final_raw;
+ md_transform =
+ (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
+ md_size = 32;
+ break;
+#endif
+#ifndef OPENSSL_NO_SHA512
+ case NID_sha384:
+ SHA384_Init((SHA512_CTX *)md_state.c);
+ md_final_raw = tls1_sha512_final_raw;
+ md_transform =
+ (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
+ md_size = 384 / 8;
+ md_block_size = 128;
+ md_length_size = 16;
+ break;
+ case NID_sha512:
+ SHA512_Init((SHA512_CTX *)md_state.c);
+ md_final_raw = tls1_sha512_final_raw;
+ md_transform =
+ (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
+ md_size = 64;
+ md_block_size = 128;
+ md_length_size = 16;
+ break;
+#endif
+ default:
+ /*
+ * ssl3_cbc_record_digest_supported should have been called first to
+ * check that the hash function is supported.
+ */
+ OPENSSL_assert(0);
+ if (md_out_size)
+ *md_out_size = -1;
+ return;
+ }
+
+ OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
+ OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
+ OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
+
+ header_length = 13;
+ if (is_sslv3) {
+ header_length = mac_secret_length + sslv3_pad_length + 8 /* sequence
+ * number */ +
+ 1 /* record type */ +
+ 2 /* record length */ ;
+ }
+
+ /*
+ * variance_blocks is the number of blocks of the hash that we have to
+ * calculate in constant time because they could be altered by the
+ * padding value. In SSLv3, the padding must be minimal so the end of
+ * the plaintext varies by, at most, 15+20 = 35 bytes. (We conservatively
+ * assume that the MAC size varies from 0..20 bytes.) In case the 9 bytes
+ * of hash termination (0x80 + 64-bit length) don't fit in the final
+ * block, we say that the final two blocks can vary based on the padding.
+ * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
+ * required to be minimal. Therefore we say that the final six blocks can
+ * vary based on the padding. Later in the function, if the message is
+ * short and there obviously cannot be this many blocks then
+ * variance_blocks can be reduced.
+ */
+ variance_blocks = is_sslv3 ? 2 : 6;
+ /*
+ * From now on we're dealing with the MAC, which conceptually has 13
+ * bytes of `header' before the start of the data (TLS) or 71/75 bytes
+ * (SSLv3)
+ */
+ len = data_plus_mac_plus_padding_size + header_length;
+ /*
+ * max_mac_bytes contains the maximum bytes of bytes in the MAC,
+ * including * |header|, assuming that there's no padding.
+ */
+ max_mac_bytes = len - md_size - 1;
+ /* num_blocks is the maximum number of hash blocks. */
+ num_blocks =
+ (max_mac_bytes + 1 + md_length_size + md_block_size -
+ 1) / md_block_size;
+ /*
+ * In order to calculate the MAC in constant time we have to handle the
+ * final blocks specially because the padding value could cause the end
+ * to appear somewhere in the final |variance_blocks| blocks and we can't
+ * leak where. However, |num_starting_blocks| worth of data can be hashed
+ * right away because no padding value can affect whether they are
+ * plaintext.
+ */
+ num_starting_blocks = 0;
+ /*
+ * k is the starting byte offset into the conceptual header||data where
+ * we start processing.
+ */
+ k = 0;
+ /*
+ * mac_end_offset is the index just past the end of the data to be MACed.
+ */
+ mac_end_offset = data_plus_mac_size + header_length - md_size;
+ /*
+ * c is the index of the 0x80 byte in the final hash block that contains
+ * application data.
+ */
+ c = mac_end_offset % md_block_size;
+ /*
+ * index_a is the hash block number that contains the 0x80 terminating
+ * value.
+ */
+ index_a = mac_end_offset / md_block_size;
+ /*
+ * index_b is the hash block number that contains the 64-bit hash length,
+ * in bits.
+ */
+ index_b = (mac_end_offset + md_length_size) / md_block_size;
+ /*
+ * bits is the hash-length in bits. It includes the additional hash block
+ * for the masked HMAC key, or whole of |header| in the case of SSLv3.
+ */
+
+ /*
+ * For SSLv3, if we're going to have any starting blocks then we need at
+ * least two because the header is larger than a single block.
+ */
+ if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) {
+ num_starting_blocks = num_blocks - variance_blocks;
+ k = md_block_size * num_starting_blocks;
+ }
+
+ bits = 8 * mac_end_offset;
+ if (!is_sslv3) {
+ /*
+ * Compute the initial HMAC block. For SSLv3, the padding and secret
+ * bytes are included in |header| because they take more than a
+ * single block.
+ */
+ bits += 8 * md_block_size;
+ memset(hmac_pad, 0, md_block_size);
+ OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
+ memcpy(hmac_pad, mac_secret, mac_secret_length);
+ for (i = 0; i < md_block_size; i++)
+ hmac_pad[i] ^= 0x36;
+
+ md_transform(md_state.c, hmac_pad);
+ }
+
+ if (length_is_big_endian) {
+ memset(length_bytes, 0, md_length_size - 4);
+ length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24);
+ length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16);
+ length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8);
+ length_bytes[md_length_size - 1] = (unsigned char)bits;
+ } else {
+ memset(length_bytes, 0, md_length_size);
+ length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24);
+ length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16);
+ length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8);
+ length_bytes[md_length_size - 8] = (unsigned char)bits;
+ }
+
+ if (k > 0) {
+ if (is_sslv3) {
+ /*
+ * The SSLv3 header is larger than a single block. overhang is
+ * the number of bytes beyond a single block that the header
+ * consumes: either 7 bytes (SHA1) or 11 bytes (MD5).
+ */
+ unsigned overhang = header_length - md_block_size;
+ md_transform(md_state.c, header);
+ memcpy(first_block, header + md_block_size, overhang);
+ memcpy(first_block + overhang, data, md_block_size - overhang);
+ md_transform(md_state.c, first_block);
+ for (i = 1; i < k / md_block_size - 1; i++)
+ md_transform(md_state.c, data + md_block_size * i - overhang);
+ } else {
+ /* k is a multiple of md_block_size. */
+ memcpy(first_block, header, 13);
+ memcpy(first_block + 13, data, md_block_size - 13);
+ md_transform(md_state.c, first_block);
+ for (i = 1; i < k / md_block_size; i++)
+ md_transform(md_state.c, data + md_block_size * i - 13);
+ }
+ }
+
+ memset(mac_out, 0, sizeof(mac_out));
+
+ /*
+ * We now process the final hash blocks. For each block, we construct it
+ * in constant time. If the |i==index_a| then we'll include the 0x80
+ * bytes and zero pad etc. For each block we selectively copy it, in
+ * constant time, to |mac_out|.
+ */
+ for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks;
+ i++) {
+ unsigned char block[MAX_HASH_BLOCK_SIZE];
+ unsigned char is_block_a = constant_time_eq_8(i, index_a);
+ unsigned char is_block_b = constant_time_eq_8(i, index_b);
+ for (j = 0; j < md_block_size; j++) {
+ unsigned char b = 0, is_past_c, is_past_cp1;
+ if (k < header_length)
+ b = header[k];
+ else if (k < data_plus_mac_plus_padding_size + header_length)
+ b = data[k - header_length];
+ k++;
+
+ is_past_c = is_block_a & constant_time_ge_8(j, c);
+ is_past_cp1 = is_block_a & constant_time_ge_8(j, c + 1);
+ /*
+ * If this is the block containing the end of the application
+ * data, and we are at the offset for the 0x80 value, then
+ * overwrite b with 0x80.
+ */
+ b = constant_time_select_8(is_past_c, 0x80, b);
+ /*
+ * If this the the block containing the end of the application
+ * data and we're past the 0x80 value then just write zero.
+ */
+ b = b & ~is_past_cp1;
+ /*
+ * If this is index_b (the final block), but not index_a (the end
+ * of the data), then the 64-bit length didn't fit into index_a
+ * and we're having to add an extra block of zeros.
+ */
+ b &= ~is_block_b | is_block_a;
+
+ /*
+ * The final bytes of one of the blocks contains the length.
+ */
+ if (j >= md_block_size - md_length_size) {
+ /* If this is index_b, write a length byte. */
+ b = constant_time_select_8(is_block_b,
+ length_bytes[j -
+ (md_block_size -
+ md_length_size)], b);
+ }
+ block[j] = b;
+ }
+
+ md_transform(md_state.c, block);
+ md_final_raw(md_state.c, block);
+ /* If this is index_b, copy the hash value to |mac_out|. */
+ for (j = 0; j < md_size; j++)
+ mac_out[j] |= block[j] & is_block_b;
+ }
+
+ EVP_MD_CTX_init(&md_ctx);
+ EVP_DigestInit_ex(&md_ctx, digest, NULL /* engine */ );
+ if (is_sslv3) {
+ /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
+ memset(hmac_pad, 0x5c, sslv3_pad_length);
+
+ EVP_DigestUpdate(&md_ctx, mac_secret, mac_secret_length);
+ EVP_DigestUpdate(&md_ctx, hmac_pad, sslv3_pad_length);
+ EVP_DigestUpdate(&md_ctx, mac_out, md_size);
+ } else {
+ /* Complete the HMAC in the standard manner. */
+ for (i = 0; i < md_block_size; i++)
+ hmac_pad[i] ^= 0x6a;
+
+ EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size);
+ EVP_DigestUpdate(&md_ctx, mac_out, md_size);
+ }
+ EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u);
+ if (md_out_size)
+ *md_out_size = md_out_size_u;
+ EVP_MD_CTX_cleanup(&md_ctx);
+}
+
+#ifdef OPENSSL_FIPS
+
+/*
+ * Due to the need to use EVP in FIPS mode we can't reimplement digests but
+ * we can ensure the number of blocks processed is equal for all cases by
+ * digesting additional data.
+ */
+
+void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
+ const EVP_MD *hash, HMAC_CTX *hctx,
+ const unsigned char *data, size_t data_len,
+ size_t orig_len)
+{
+ size_t block_size, digest_pad, blocks_data, blocks_orig;
+ if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE)
+ return;
+ block_size = EVP_MD_block_size(hash);
+ /*
+ * We are in FIPS mode if we get this far so we know we have only SHA*
+ * digests and TLS to deal with. Minimum digest padding length is 17 for
+ * SHA384/SHA512 and 9 otherwise. Additional header is 13 bytes. To get
+ * the number of digest blocks processed round up the amount of data plus
+ * padding to the nearest block length. Block length is 128 for
+ * SHA384/SHA512 and 64 otherwise. So we have: blocks = (payload_len +
+ * digest_pad + 13 + block_size - 1)/block_size equivalently: blocks =
+ * (payload_len + digest_pad + 12)/block_size + 1 HMAC adds a constant
+ * overhead. We're ultimately only interested in differences so this
+ * becomes blocks = (payload_len + 29)/128 for SHA384/SHA512 and blocks =
+ * (payload_len + 21)/64 otherwise.
+ */
+ digest_pad = block_size == 64 ? 21 : 29;
+ blocks_orig = (orig_len + digest_pad) / block_size;
+ blocks_data = (data_len + digest_pad) / block_size;
+ /*
+ * MAC enough blocks to make up the difference between the original and
+ * actual lengths plus one extra block to ensure this is never a no op.
+ * The "data" pointer should always have enough space to perform this
+ * operation as it is large enough for a maximum length TLS buffer.
+ */
+ HMAC_Update(hctx, data, (blocks_orig - blocks_data + 1) * block_size);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s3_clnt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s3_clnt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_clnt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2850 +0,0 @@
-/* ssl/s3_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-static SSL_METHOD *ssl3_get_client_method(int ver);
-static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
-
-#ifndef OPENSSL_NO_ECDH
-static int curve_id2nid(int curve_id);
-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
-#endif
-
-static SSL_METHOD *ssl3_get_client_method(int ver)
- {
- if (ver == SSL3_VERSION)
- return(SSLv3_client_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
- ssl_undefined_function,
- ssl3_connect,
- ssl3_get_client_method)
-
-int ssl3_connect(SSL *s)
- {
- BUF_MEM *buf=NULL;
- unsigned long Time=(unsigned long)time(NULL);
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int ret= -1;
- int new_state,state,skip=0;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch(s->state)
- {
- case SSL_ST_RENEGOTIATE:
- s->new_session=1;
- s->state=SSL_ST_CONNECT;
- s->ctx->stats.sess_connect_renegotiate++;
- /* break */
- case SSL_ST_BEFORE:
- case SSL_ST_CONNECT:
- case SSL_ST_BEFORE|SSL_ST_CONNECT:
- case SSL_ST_OK|SSL_ST_CONNECT:
-
- s->server=0;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- if ((s->version & 0xff00 ) != 0x0300)
- {
- SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
- ret = -1;
- goto end;
- }
-
- /* s->version=SSL3_VERSION; */
- s->type=SSL_ST_CONNECT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- buf=NULL;
- }
-
- if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
- /* setup buffing BIO */
- if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
-
- /* don't push the buffering BIO quite yet */
-
- ssl3_init_finished_mac(s);
-
- s->state=SSL3_ST_CW_CLNT_HELLO_A;
- s->ctx->stats.sess_connect++;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_CLNT_HELLO_A:
- case SSL3_ST_CW_CLNT_HELLO_B:
-
- s->shutdown=0;
- ret=ssl3_client_hello(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_SRVR_HELLO_A;
- s->init_num=0;
-
- /* turn on buffering for the next lot of output */
- if (s->bbio != s->wbio)
- s->wbio=BIO_push(s->bbio,s->wbio);
-
- break;
-
- case SSL3_ST_CR_SRVR_HELLO_A:
- case SSL3_ST_CR_SRVR_HELLO_B:
- ret=ssl3_get_server_hello(s);
- if (ret <= 0) goto end;
- if (s->hit)
- {
- s->state=SSL3_ST_CR_FINISHED_A;
-#ifndef OPENSSL_NO_TLSEXT
- if (s->tlsext_ticket_expected)
- {
- /* receive renewed session ticket */
- s->state=SSL3_ST_CR_SESSION_TICKET_A;
- }
-#endif
- }
- else
- s->state=SSL3_ST_CR_CERT_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_CERT_A:
- case SSL3_ST_CR_CERT_B:
-#ifndef OPENSSL_NO_TLSEXT
- ret=ssl3_check_finished(s);
- if (ret <= 0) goto end;
- if (ret == 2)
- {
- s->hit = 1;
- if (s->tlsext_ticket_expected)
- s->state=SSL3_ST_CR_SESSION_TICKET_A;
- else
- s->state=SSL3_ST_CR_FINISHED_A;
- s->init_num=0;
- break;
- }
-#endif
- /* Check if it is anon DH/ECDH */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- ret=ssl3_get_server_certificate(s);
- if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
- if (s->tlsext_status_expected)
- s->state=SSL3_ST_CR_CERT_STATUS_A;
- else
- s->state=SSL3_ST_CR_KEY_EXCH_A;
- }
- else
- {
- skip = 1;
- s->state=SSL3_ST_CR_KEY_EXCH_A;
- }
-#else
- }
- else
- skip=1;
-
- s->state=SSL3_ST_CR_KEY_EXCH_A;
-#endif
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_KEY_EXCH_A:
- case SSL3_ST_CR_KEY_EXCH_B:
- ret=ssl3_get_key_exchange(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_CERT_REQ_A;
- s->init_num=0;
-
- /* at this point we check that we have the
- * required stuff from the server */
- if (!ssl3_check_cert_and_algorithm(s))
- {
- ret= -1;
- goto end;
- }
- break;
-
- case SSL3_ST_CR_CERT_REQ_A:
- case SSL3_ST_CR_CERT_REQ_B:
- ret=ssl3_get_certificate_request(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_SRVR_DONE_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_SRVR_DONE_A:
- case SSL3_ST_CR_SRVR_DONE_B:
- ret=ssl3_get_server_done(s);
- if (ret <= 0) goto end;
- if (s->s3->tmp.cert_req)
- s->state=SSL3_ST_CW_CERT_A;
- else
- s->state=SSL3_ST_CW_KEY_EXCH_A;
- s->init_num=0;
-
- break;
-
- case SSL3_ST_CW_CERT_A:
- case SSL3_ST_CW_CERT_B:
- case SSL3_ST_CW_CERT_C:
- case SSL3_ST_CW_CERT_D:
- ret=ssl3_send_client_certificate(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_KEY_EXCH_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_KEY_EXCH_A:
- case SSL3_ST_CW_KEY_EXCH_B:
- ret=ssl3_send_client_key_exchange(s);
- if (ret <= 0) goto end;
- /* EAY EAY EAY need to check for DH fix cert
- * sent back */
- /* For TLS, cert_req is set to 2, so a cert chain
- * of nothing is sent, but no verify packet is sent */
- /* XXX: For now, we do not support client
- * authentication in ECDH cipher suites with
- * ECDH (rather than ECDSA) certificates.
- * We need to skip the certificate verify
- * message when client's ECDH public key is sent
- * inside the client certificate.
- */
- if (s->s3->tmp.cert_req == 1)
- {
- s->state=SSL3_ST_CW_CERT_VRFY_A;
- }
- else
- {
- s->state=SSL3_ST_CW_CHANGE_A;
- s->s3->change_cipher_spec=0;
- }
-
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_CERT_VRFY_A:
- case SSL3_ST_CW_CERT_VRFY_B:
- ret=ssl3_send_client_verify(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_CHANGE_A;
- s->init_num=0;
- s->s3->change_cipher_spec=0;
- break;
-
- case SSL3_ST_CW_CHANGE_A:
- case SSL3_ST_CW_CHANGE_B:
- ret=ssl3_send_change_cipher_spec(s,
- SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_FINISHED_A;
- s->init_num=0;
-
- s->session->cipher=s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
- s->session->compress_meth=0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- s->session->compress_meth=0;
- else
- s->session->compress_meth=
- s->s3->tmp.new_compression->id;
-#endif
- if (!s->method->ssl3_enc->setup_key_block(s))
- {
- ret= -1;
- goto end;
- }
-
- if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_CLIENT_WRITE))
- {
- ret= -1;
- goto end;
- }
-
- break;
-
- case SSL3_ST_CW_FINISHED_A:
- case SSL3_ST_CW_FINISHED_B:
- ret=ssl3_send_finished(s,
- SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
- s->method->ssl3_enc->client_finished_label,
- s->method->ssl3_enc->client_finished_label_len);
- if (ret <= 0) goto end;
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
- s->state=SSL3_ST_CW_FLUSH;
-
- /* clear flags */
- s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
- if (s->hit)
- {
- s->s3->tmp.next_state=SSL_ST_OK;
- if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
- {
- s->state=SSL_ST_OK;
- s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
- s->s3->delay_buf_pop_ret=0;
- }
- }
- else
- {
-#ifndef OPENSSL_NO_TLSEXT
- /* Allow NewSessionTicket if ticket expected */
- if (s->tlsext_ticket_expected)
- s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
- else
-#endif
-
- s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
- }
- s->init_num=0;
- break;
-
-#ifndef OPENSSL_NO_TLSEXT
- case SSL3_ST_CR_SESSION_TICKET_A:
- case SSL3_ST_CR_SESSION_TICKET_B:
- ret=ssl3_get_new_session_ticket(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_FINISHED_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_CERT_STATUS_A:
- case SSL3_ST_CR_CERT_STATUS_B:
- ret=ssl3_get_cert_status(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_KEY_EXCH_A;
- s->init_num=0;
- break;
-#endif
-
- case SSL3_ST_CR_FINISHED_A:
- case SSL3_ST_CR_FINISHED_B:
-
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
- ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
- SSL3_ST_CR_FINISHED_B);
- if (ret <= 0) goto end;
-
- if (s->hit)
- s->state=SSL3_ST_CW_CHANGE_A;
- else
- s->state=SSL_ST_OK;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_FLUSH:
- s->rwstate=SSL_WRITING;
- if (BIO_flush(s->wbio) <= 0)
- {
- ret= -1;
- goto end;
- }
- s->rwstate=SSL_NOTHING;
- s->state=s->s3->tmp.next_state;
- break;
-
- case SSL_ST_OK:
- /* clean a few things up */
- ssl3_cleanup_key_block(s);
-
- if (s->init_buf != NULL)
- {
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
- }
-
- /* If we are not 'joining' the last two packets,
- * remove the buffering now */
- if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
- ssl_free_wbio_buffer(s);
- /* else do it later in ssl3_write */
-
- s->init_num=0;
- s->new_session=0;
-
- ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
- if (s->hit) s->ctx->stats.sess_hit++;
-
- ret=1;
- /* s->server=0; */
- s->handshake_func=ssl3_connect;
- s->ctx->stats.sess_connect_good++;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- /* did we do anything */
- if (!s->s3->tmp.reuse_message && !skip)
- {
- if (s->debug)
- {
- if ((ret=BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_CONNECT_LOOP,1);
- s->state=new_state;
- }
- }
- skip=0;
- }
-end:
- s->in_handshake--;
- if (buf != NULL)
- BUF_MEM_free(buf);
- if (cb != NULL)
- cb(s,SSL_CB_CONNECT_EXIT,ret);
- return(ret);
- }
-
-
-int ssl3_client_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i;
- unsigned long Time,l;
-#ifndef OPENSSL_NO_COMP
- int j;
- SSL_COMP *comp;
-#endif
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
- {
- SSL_SESSION *sess = s->session;
- if ((sess == NULL) ||
- (sess->ssl_version != s->version) ||
-#ifdef OPENSSL_NO_TLSEXT
- !sess->session_id_length ||
-#else
- (!sess->session_id_length && !sess->tlsext_tick) ||
-#endif
- (sess->not_resumable))
- {
- if (!ssl_get_new_session(s,0))
- goto err;
- }
- /* else use the pre-loaded session */
-
- p=s->s3->client_random;
- Time=(unsigned long)time(NULL); /* Time */
- l2n(Time,p);
- if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
- goto err;
-
- /* Do the message type and length last */
- d=p= &(buf[4]);
-
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
- s->client_version=s->version;
-
- /* Random stuff */
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* Session ID */
- if (s->new_session)
- i=0;
- else
- i=s->session->session_id_length;
- *(p++)=i;
- if (i != 0)
- {
- if (i > (int)sizeof(s->session->session_id))
- {
- SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- memcpy(p,s->session->session_id,i);
- p+=i;
- }
-
- /* Ciphers supported */
- i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- goto err;
- }
- s2n(i,p);
- p+=i;
-
- /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
- *(p++)=1;
-#else
- if (s->ctx->comp_methods == NULL)
- j=0;
- else
- j=sk_SSL_COMP_num(s->ctx->comp_methods);
- *(p++)=1+j;
- for (i=0; i<j; i++)
- {
- comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
- *(p++)=comp->id;
- }
-#endif
- *(p++)=0; /* Add the NULL method */
-#ifndef OPENSSL_NO_TLSEXT
- if ((p = ssl_add_clienthello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
- {
- SSLerr(SSL_F_SSL3_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
- goto err;
- }
-#endif
- l=(p-d);
- d=buf;
- *(d++)=SSL3_MT_CLIENT_HELLO;
- l2n3(l,d);
-
- s->state=SSL3_ST_CW_CLNT_HELLO_B;
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-int ssl3_get_server_hello(SSL *s)
- {
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
- unsigned char *p,*d;
- int i,al,ok;
- unsigned int j;
- long n;
-#ifndef OPENSSL_NO_COMP
- SSL_COMP *comp;
-#endif
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_SRVR_HELLO_A,
- SSL3_ST_CR_SRVR_HELLO_B,
- -1,
- 20000, /* ?? */
- &ok);
-
- if (!ok) return((int)n);
-
- if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
- {
- if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
- {
- if ( s->d1->send_cookie == 0)
- {
- s->s3->tmp.reuse_message = 1;
- return 1;
- }
- else /* already sent a cookie */
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
- }
- }
- }
-
- if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
- }
-
- d=p=(unsigned char *)s->init_msg;
-
- if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
- {
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
- s->version=(s->version&0xff00)|p[1];
- al=SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
- p+=2;
-
- /* load the server hello data */
- /* load the server random */
- memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* get the session-id */
- j= *(p++);
-
- if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
- goto f_err;
- }
-
- if (j != 0 && j == s->session->session_id_length
- && memcmp(p,s->session->session_id,j) == 0)
- {
- if(s->sid_ctx_length != s->session->sid_ctx_length
- || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
- {
- /* actually a client application bug */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
- goto f_err;
- }
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
- s->hit=1;
- }
- else /* a miss or crap from the other end */
- {
- /* If we were trying for session-id reuse, make a new
- * SSL_SESSION so we don't stuff up other people */
- s->hit=0;
- if (s->session->session_id_length > 0)
- {
- if (!ssl_get_new_session(s,0))
- {
- al=SSL_AD_INTERNAL_ERROR;
- goto f_err;
- }
- }
- s->session->session_id_length=j;
- memcpy(s->session->session_id,p,j); /* j could be 0 */
- }
- p+=j;
- c=ssl_get_cipher_by_char(s,p);
- if (c == NULL)
- {
- /* unknown cipher */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
- goto f_err;
- }
- p+=ssl_put_cipher_by_char(s,NULL,NULL);
-
- sk=ssl_get_ciphers_by_id(s);
- i=sk_SSL_CIPHER_find(sk,c);
- if (i < 0)
- {
- /* we did not say we would use this cipher */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
- goto f_err;
- }
-
- /* Depending on the session caching (internal/external), the cipher
- and/or cipher_id values may not be set. Make sure that
- cipher_id is set and use it for comparison. */
- if (s->session->cipher)
- s->session->cipher_id = s->session->cipher->id;
- if (s->hit && (s->session->cipher_id != c->id))
- {
-/* Workaround is now obsolete */
-#if 0
- if (!(s->options &
- SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
-#endif
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
- goto f_err;
- }
- }
- s->s3->tmp.new_cipher=c;
-
- /* lets get the compression algorithm */
- /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
- if (*(p++) != 0)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- goto f_err;
- }
-#else
- j= *(p++);
- if (j == 0)
- comp=NULL;
- else
- comp=ssl3_comp_find(s->ctx->comp_methods,j);
-
- if ((j != 0) && (comp == NULL))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- goto f_err;
- }
- else
- {
- s->s3->tmp.new_compression=comp;
- }
-#endif
-#ifndef OPENSSL_NO_TLSEXT
- /* TLS extensions*/
- if (s->version >= SSL3_VERSION)
- {
- if (!ssl_parse_serverhello_tlsext(s,&p,d,n, &al))
- {
- /* 'al' set by ssl_parse_serverhello_tlsext */
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_PARSE_TLSEXT);
- goto f_err;
- }
- if (ssl_check_serverhello_tlsext(s) <= 0)
- {
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SERVERHELLO_TLSEXT);
- goto err;
- }
- }
-#endif
-
-
- if (p != (d+n))
- {
- /* wrong packet length */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
- goto f_err;
- }
-
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#ifndef OPENSSL_NO_TLSEXT
-err:
-#endif
- return(-1);
- }
-
-int ssl3_get_server_certificate(SSL *s)
- {
- int al,i,ok,ret= -1;
- unsigned long n,nc,llen,l;
- X509 *x=NULL;
- const unsigned char *q,*p;
- unsigned char *d;
- STACK_OF(X509) *sk=NULL;
- SESS_CERT *sc;
- EVP_PKEY *pkey=NULL;
- int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_CERT_A,
- SSL3_ST_CR_CERT_B,
- -1,
- s->max_cert_list,
- &ok);
-
- if (!ok) return((int)n);
-
- if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
- ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) &&
- (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))
- {
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
- }
- p=d=(unsigned char *)s->init_msg;
-
- if ((sk=sk_X509_new_null()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- n2l3(p,llen);
- if (llen+3 != n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- for (nc=0; nc<llen; )
- {
- n2l3(p,l);
- if ((l+nc+3) > llen)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
-
- q=p;
- x=d2i_X509(NULL,&q,l);
- if (x == NULL)
- {
- al=SSL_AD_BAD_CERTIFICATE;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
- goto f_err;
- }
- if (q != (p+l))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
- if (!sk_X509_push(sk,x))
- {
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- x=NULL;
- nc+=l+3;
- p=q;
- }
-
- i=ssl_verify_cert_chain(s,sk);
- if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
-#ifndef OPENSSL_NO_KRB5
- && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- != (SSL_aKRB5|SSL_kKRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- {
- al=ssl_verify_alarm_type(s->verify_result);
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
- goto f_err;
- }
- ERR_clear_error(); /* but we keep s->verify_result */
-
- sc=ssl_sess_cert_new();
- if (sc == NULL) goto err;
-
- if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
- s->session->sess_cert=sc;
-
- sc->cert_chain=sk;
- /* Inconsistency alert: cert_chain does include the peer's
- * certificate, which we don't include in s3_srvr.c */
- x=sk_X509_value(sk,0);
- sk=NULL;
- /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
-
- pkey=X509_get_pubkey(x);
-
- /* VRS: allow null cert if auth == KRB5 */
- need_cert = ((s->s3->tmp.new_cipher->algorithms
- & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
-
-#ifdef KSSL_DEBUG
- printf("pkey,x = %p, %p\n", (void *)pkey,(void *)x);
- printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
- printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
- s->s3->tmp.new_cipher->algorithms, need_cert);
-#endif /* KSSL_DEBUG */
-
- if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
- {
- x=NULL;
- al=SSL3_AL_FATAL;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
- SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
- goto f_err;
- }
-
- i=ssl_cert_type(x,pkey);
- if (need_cert && i < 0)
- {
- x=NULL;
- al=SSL3_AL_FATAL;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
- SSL_R_UNKNOWN_CERTIFICATE_TYPE);
- goto f_err;
- }
-
- if (need_cert)
- {
- sc->peer_cert_type=i;
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- /* Why would the following ever happen?
- * We just created sc a couple of lines ago. */
- if (sc->peer_pkeys[i].x509 != NULL)
- X509_free(sc->peer_pkeys[i].x509);
- sc->peer_pkeys[i].x509=x;
- sc->peer_key= &(sc->peer_pkeys[i]);
-
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- s->session->peer=x;
- }
- else
- {
- sc->peer_cert_type=i;
- sc->peer_key= NULL;
-
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
- s->session->peer=NULL;
- }
- s->session->verify_result = s->verify_result;
-
- x=NULL;
- ret=1;
-
- if (0)
- {
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
-err:
- EVP_PKEY_free(pkey);
- X509_free(x);
- sk_X509_pop_free(sk,X509_free);
- return(ret);
- }
-
-int ssl3_get_key_exchange(SSL *s)
- {
-#ifndef OPENSSL_NO_RSA
- unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
-#endif
- EVP_MD_CTX md_ctx;
- unsigned char *param,*p;
- int al,j,ok;
- long i,param_len,n,alg;
- EVP_PKEY *pkey=NULL;
-#ifndef OPENSSL_NO_RSA
- RSA *rsa=NULL;
-#endif
-#ifndef OPENSSL_NO_DH
- DH *dh=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh = NULL;
- BN_CTX *bn_ctx = NULL;
- EC_POINT *srvr_ecpoint = NULL;
- int curve_nid = 0;
- int encoded_pt_len = 0;
-#endif
-
- /* use same message size as in ssl3_get_certificate_request()
- * as ServerKeyExchange message may be skipped */
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_KEY_EXCH_A,
- SSL3_ST_CR_KEY_EXCH_B,
- -1,
- s->max_cert_list,
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
- {
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- param=p=(unsigned char *)s->init_msg;
-
- if (s->session->sess_cert != NULL)
- {
-#ifndef OPENSSL_NO_RSA
- if (s->session->sess_cert->peer_rsa_tmp != NULL)
- {
- RSA_free(s->session->sess_cert->peer_rsa_tmp);
- s->session->sess_cert->peer_rsa_tmp=NULL;
- }
-#endif
-#ifndef OPENSSL_NO_DH
- if (s->session->sess_cert->peer_dh_tmp)
- {
- DH_free(s->session->sess_cert->peer_dh_tmp);
- s->session->sess_cert->peer_dh_tmp=NULL;
- }
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (s->session->sess_cert->peer_ecdh_tmp)
- {
- EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
- s->session->sess_cert->peer_ecdh_tmp=NULL;
- }
-#endif
- }
- else
- {
- s->session->sess_cert=ssl_sess_cert_new();
- }
-
- /* Total length of the parameters including the length prefix */
- param_len=0;
- alg=s->s3->tmp.new_cipher->algorithms;
- EVP_MD_CTX_init(&md_ctx);
-
- al=SSL_AD_DECODE_ERROR;
-#ifndef OPENSSL_NO_RSA
- if (alg & SSL_kRSA)
- {
- if ((rsa=RSA_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- param_len = 2;
- if (param_len > n)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
- SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
- n2s(p,i);
-
- if (i > n - param_len)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
- goto f_err;
- }
- param_len += i;
-
- if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
-
- if (2 > n - param_len)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
- SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
- param_len += 2;
-
- n2s(p,i);
-
- if (i > n - param_len)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
- goto f_err;
- }
- param_len += i;
-
- if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
- n-=param_len;
-
- /* this should be because we are using an export cipher */
- if (alg & SSL_aRSA)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
- else
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- s->session->sess_cert->peer_rsa_tmp=rsa;
- rsa=NULL;
- }
-#else /* OPENSSL_NO_RSA */
- if (0)
- ;
-#endif
-#ifndef OPENSSL_NO_DH
- else if (alg & SSL_kEDH)
- {
- if ((dh=DH_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- param_len = 2;
- if (param_len > n)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
- SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
- n2s(p,i);
-
- if (i > n - param_len)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
- goto f_err;
- }
- param_len += i;
-
- if (!(dh->p=BN_bin2bn(p,i,NULL)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
-
- if (2 > n - param_len)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
- SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
- param_len += 2;
-
- n2s(p,i);
-
- if (i > n - param_len)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
- goto f_err;
- }
- param_len += i;
-
- if (!(dh->g=BN_bin2bn(p,i,NULL)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
-
- if (2 > n - param_len)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
- SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
- param_len += 2;
-
- n2s(p,i);
-
- if (i > n - param_len)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
- goto f_err;
- }
- param_len += i;
-
- if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
- n-=param_len;
-
-#ifndef OPENSSL_NO_RSA
- if (alg & SSL_aRSA)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
- if (0)
- ;
-#endif
-#ifndef OPENSSL_NO_DSA
- else if (alg & SSL_aDSS)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
- /* else anonymous DH, so no certificate or pkey. */
-
- s->session->sess_cert->peer_dh_tmp=dh;
- dh=NULL;
- }
- else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
- goto f_err;
- }
-#endif /* !OPENSSL_NO_DH */
-
-#ifndef OPENSSL_NO_ECDH
- else if (alg & SSL_kECDHE)
- {
- EC_GROUP *ngroup;
- const EC_GROUP *group;
-
- if ((ecdh=EC_KEY_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* Extract elliptic curve parameters and the
- * server's ephemeral ECDH public key.
- * Keep accumulating lengths of various components in
- * param_len and make sure it never exceeds n.
- */
-
- /* XXX: For now we only support named (not generic) curves
- * and the ECParameters in this case is just three bytes. We
- * also need one byte for the length of the encoded point
- */
- param_len=4;
- if (param_len > n)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
- SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
-
- if ((*p != NAMED_CURVE_TYPE) ||
- ((curve_nid = curve_id2nid(*(p + 2))) == 0))
- {
- al=SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
- goto f_err;
- }
-
- ngroup = EC_GROUP_new_by_curve_name(curve_nid);
- if (ngroup == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
- goto err;
- }
- if (EC_KEY_set_group(ecdh, ngroup) == 0)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
- goto err;
- }
- EC_GROUP_free(ngroup);
-
- group = EC_KEY_get0_group(ecdh);
-
- if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
- (EC_GROUP_get_degree(group) > 163))
- {
- al=SSL_AD_EXPORT_RESTRICTION;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
- goto f_err;
- }
-
- p+=3;
-
- /* Next, get the encoded ECPoint */
- if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
- ((bn_ctx = BN_CTX_new()) == NULL))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- encoded_pt_len = *p; /* length of encoded point */
- p+=1;
-
- if ((encoded_pt_len > n - param_len) ||
- (EC_POINT_oct2point(group, srvr_ecpoint,
- p, encoded_pt_len, bn_ctx) == 0))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
- goto f_err;
- }
- param_len += encoded_pt_len;
-
- n-=param_len;
- p+=encoded_pt_len;
-
- /* The ECC/TLS specification does not mention
- * the use of DSA to sign ECParameters in the server
- * key exchange message. We do support RSA and ECDSA.
- */
- if (0) ;
-#ifndef OPENSSL_NO_RSA
- else if (alg & SSL_aRSA)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#endif
-#ifndef OPENSSL_NO_ECDSA
- else if (alg & SSL_aECDSA)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
-#endif
- /* else anonymous ECDH, so no certificate or pkey. */
- EC_KEY_set_public_key(ecdh, srvr_ecpoint);
- s->session->sess_cert->peer_ecdh_tmp=ecdh;
- ecdh=NULL;
- BN_CTX_free(bn_ctx);
- bn_ctx = NULL;
- EC_POINT_free(srvr_ecpoint);
- srvr_ecpoint = NULL;
- }
- else if (alg & SSL_kECDH)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
-#endif /* !OPENSSL_NO_ECDH */
- if (alg & SSL_aFZA)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
- goto f_err;
- }
-
-
- /* p points to the next byte, there are 'n' bytes left */
-
- /* if it was signed, check the signature */
- if (pkey != NULL)
- {
- n2s(p,i);
- n-=2;
- j=EVP_PKEY_size(pkey);
-
- /* Check signature length. If n is 0 then signature is empty */
- if ((i != n) || (n > j) || (n <= 0))
- {
- /* wrong packet length */
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
- goto f_err;
- }
-
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- int num;
- unsigned int size;
-
- j=0;
- q=md_buf;
- for (num=2; num > 0; num--)
- {
- EVP_MD_CTX_set_flags(&md_ctx,
- EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_DigestInit_ex(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1, NULL);
- EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,param,param_len);
- EVP_DigestFinal_ex(&md_ctx,q,&size);
- q+=size;
- j+=size;
- }
- i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
- pkey->pkey.rsa);
- if (i < 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
- goto f_err;
- }
- if (i == 0)
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- /* lets do DSS */
- EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
- EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_VerifyUpdate(&md_ctx,param,param_len);
- if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- {
- /* let's do ECDSA */
- EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
- EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_VerifyUpdate(&md_ctx,param,param_len);
- if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
- else
- {
- /* still data left over */
- if (!(alg & SSL_aNULL))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- if (n != 0)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
- goto f_err;
- }
- }
- EVP_PKEY_free(pkey);
- EVP_MD_CTX_cleanup(&md_ctx);
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- EVP_PKEY_free(pkey);
-#ifndef OPENSSL_NO_RSA
- if (rsa != NULL)
- RSA_free(rsa);
-#endif
-#ifndef OPENSSL_NO_DH
- if (dh != NULL)
- DH_free(dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
- BN_CTX_free(bn_ctx);
- EC_POINT_free(srvr_ecpoint);
- if (ecdh != NULL)
- EC_KEY_free(ecdh);
-#endif
- EVP_MD_CTX_cleanup(&md_ctx);
- return(-1);
- }
-
-int ssl3_get_certificate_request(SSL *s)
- {
- int ok,ret=0;
- unsigned long n,nc,l;
- unsigned int llen,ctype_num,i;
- X509_NAME *xn=NULL;
- const unsigned char *p,*q;
- unsigned char *d;
- STACK_OF(X509_NAME) *ca_sk=NULL;
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_CERT_REQ_A,
- SSL3_ST_CR_CERT_REQ_B,
- -1,
- s->max_cert_list,
- &ok);
-
- if (!ok) return((int)n);
-
- s->s3->tmp.cert_req=0;
-
- if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
- {
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
- goto err;
- }
-
- /* TLS does not like anon-DH with client cert */
- if (s->version > SSL3_VERSION)
- {
- l=s->s3->tmp.new_cipher->algorithms;
- if (l & SSL_aNULL)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
- goto err;
- }
- }
-
- p=d=(unsigned char *)s->init_msg;
-
- if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* get the certificate types */
- ctype_num= *(p++);
- if (ctype_num > SSL3_CT_NUMBER)
- ctype_num=SSL3_CT_NUMBER;
- for (i=0; i<ctype_num; i++)
- s->s3->tmp.ctype[i]= p[i];
- p+=ctype_num;
-
- /* get the CA RDNs */
- n2s(p,llen);
-#if 0
-{
-FILE *out;
-out=fopen("/tmp/vsign.der","w");
-fwrite(p,1,llen,out);
-fclose(out);
-}
-#endif
-
- if ((llen+ctype_num+2+1) != n)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
- goto err;
- }
-
- for (nc=0; nc<llen; )
- {
- n2s(p,l);
- if ((l+nc+2) > llen)
- {
- if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- goto cont; /* netscape bugs */
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
- goto err;
- }
-
- q=p;
-
- if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
- {
- /* If netscape tolerance is on, ignore errors */
- if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
- goto cont;
- else
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
- goto err;
- }
- }
-
- if (q != (p+l))
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
- goto err;
- }
- if (!sk_X509_NAME_push(ca_sk,xn))
- {
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- p+=l;
- nc+=l+2;
- }
-
- if (0)
- {
-cont:
- ERR_clear_error();
- }
-
- /* we should setup a certificate to return.... */
- s->s3->tmp.cert_req=1;
- s->s3->tmp.ctype_num=ctype_num;
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
- s->s3->tmp.ca_names=ca_sk;
- ca_sk=NULL;
-
- ret=1;
-err:
- if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
- return(ret);
- }
-
-static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
- {
- return(X509_NAME_cmp(*a,*b));
- }
-#ifndef OPENSSL_NO_TLSEXT
-int ssl3_get_new_session_ticket(SSL *s)
- {
- int ok,al,ret=0, ticklen;
- long n;
- const unsigned char *p;
- unsigned char *d;
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_SESSION_TICKET_A,
- SSL3_ST_CR_SESSION_TICKET_B,
- -1,
- 16384,
- &ok);
-
- if (!ok)
- return((int)n);
-
- if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
- {
- s->s3->tmp.reuse_message=1;
- return(1);
- }
- if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
- }
- if (n < 6)
- {
- /* need at least ticket_lifetime_hint + ticket length */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
-
- p=d=(unsigned char *)s->init_msg;
- n2l(p, s->session->tlsext_tick_lifetime_hint);
- n2s(p, ticklen);
- /* ticket_lifetime_hint + ticket_length + ticket */
- if (ticklen + 6 != n)
- {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- if (s->session->tlsext_tick)
- {
- OPENSSL_free(s->session->tlsext_tick);
- s->session->tlsext_ticklen = 0;
- }
- s->session->tlsext_tick = OPENSSL_malloc(ticklen);
- if (!s->session->tlsext_tick)
- {
- SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- memcpy(s->session->tlsext_tick, p, ticklen);
- s->session->tlsext_ticklen = ticklen;
- /* There are two ways to detect a resumed ticket sesion.
- * One is to set an appropriate session ID and then the server
- * must return a match in ServerHello. This allows the normal
- * client session ID matching to work and we know much
- * earlier that the ticket has been accepted.
- *
- * The other way is to set zero length session ID when the
- * ticket is presented and rely on the handshake to determine
- * session resumption.
- *
- * We choose the former approach because this fits in with
- * assumptions elsewhere in OpenSSL. The session ID is set
- * to the SHA256 (or SHA1 is SHA256 is disabled) hash of the
- * ticket.
- */
- EVP_Digest(p, ticklen,
- s->session->session_id, &s->session->session_id_length,
-#ifndef OPENSSL_NO_SHA256
- EVP_sha256(), NULL);
-#else
- EVP_sha1(), NULL);
-#endif
- ret=1;
- return(ret);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(-1);
- }
-
-int ssl3_get_cert_status(SSL *s)
- {
- int ok, al;
- unsigned long resplen;
- long n;
- const unsigned char *p;
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_CERT_STATUS_A,
- SSL3_ST_CR_CERT_STATUS_B,
- SSL3_MT_CERTIFICATE_STATUS,
- 16384,
- &ok);
-
- if (!ok) return((int)n);
- if (n < 4)
- {
- /* need at least status type + length */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- p = (unsigned char *)s->init_msg;
- if (*p++ != TLSEXT_STATUSTYPE_ocsp)
- {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_UNSUPPORTED_STATUS_TYPE);
- goto f_err;
- }
- n2l3(p, resplen);
- if (resplen + 4 != (unsigned long)n)
- {
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- if (s->tlsext_ocsp_resp)
- OPENSSL_free(s->tlsext_ocsp_resp);
- s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
- if (!s->tlsext_ocsp_resp)
- {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
- goto f_err;
- }
- s->tlsext_ocsp_resplen = resplen;
- if (s->ctx->tlsext_status_cb)
- {
- int ret;
- ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
- if (ret == 0)
- {
- al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
- SSLerr(SSL_F_SSL3_GET_CERT_STATUS,SSL_R_INVALID_STATUS_RESPONSE);
- goto f_err;
- }
- if (ret < 0)
- {
- al = SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_STATUS,ERR_R_MALLOC_FAILURE);
- goto f_err;
- }
- }
- return 1;
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- return(-1);
- }
-#endif
-
-int ssl3_get_server_done(SSL *s)
- {
- int ok,ret=0;
- long n;
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_SRVR_DONE_A,
- SSL3_ST_CR_SRVR_DONE_B,
- SSL3_MT_SERVER_DONE,
- 30, /* should be very small, like 0 :-) */
- &ok);
-
- if (!ok) return((int)n);
- if (n > 0)
- {
- /* should contain no data */
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
- return -1;
- }
- ret=1;
- return(ret);
- }
-
-
-int ssl3_send_client_key_exchange(SSL *s)
- {
- unsigned char *p,*d;
- int n;
- unsigned long l;
-#ifndef OPENSSL_NO_RSA
- unsigned char *q;
- EVP_PKEY *pkey=NULL;
-#endif
-#ifndef OPENSSL_NO_KRB5
- KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *clnt_ecdh = NULL;
- const EC_POINT *srvr_ecpoint = NULL;
- EVP_PKEY *srvr_pub_pkey = NULL;
- unsigned char *encodedPoint = NULL;
- int encoded_pt_len = 0;
- BN_CTX * bn_ctx = NULL;
-#endif
-
- if (s->state == SSL3_ST_CW_KEY_EXCH_A)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
-
- l=s->s3->tmp.new_cipher->algorithms;
-
- /* Fool emacs indentation */
- if (0) {}
-#ifndef OPENSSL_NO_RSA
- else if (l & SSL_kRSA)
- {
- RSA *rsa;
- unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
- if (s->session->sess_cert == NULL)
- {
- /* We should always have a server certificate with SSL_kRSA. */
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if (s->session->sess_cert->peer_rsa_tmp != NULL)
- rsa=s->session->sess_cert->peer_rsa_tmp;
- else
- {
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
- if ((pkey == NULL) ||
- (pkey->type != EVP_PKEY_RSA) ||
- (pkey->pkey.rsa == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- rsa=pkey->pkey.rsa;
- EVP_PKEY_free(pkey);
- }
-
- tmp_buf[0]=s->client_version>>8;
- tmp_buf[1]=s->client_version&0xff;
- if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
- goto err;
-
- s->session->master_key_length=sizeof tmp_buf;
-
- q=p;
- /* Fix buf for TLS and beyond */
- if (s->version > SSL3_VERSION)
- p+=2;
- n=RSA_public_encrypt(sizeof tmp_buf,
- tmp_buf,p,rsa,RSA_PKCS1_PADDING);
-#ifdef PKCS1_CHECK
- if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
- if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
-#endif
- if (n <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
- goto err;
- }
-
- /* Fix buf for TLS and beyond */
- if (s->version > SSL3_VERSION)
- {
- s2n(n,q);
- n+=2;
- }
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- tmp_buf,sizeof tmp_buf);
- OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
- }
-#endif
-#ifndef OPENSSL_NO_KRB5
- else if (l & SSL_kKRB5)
- {
- krb5_error_code krb5rc;
- KSSL_CTX *kssl_ctx = s->kssl_ctx;
- /* krb5_data krb5_ap_req; */
- krb5_data *enc_ticket;
- krb5_data authenticator, *authp = NULL;
- EVP_CIPHER_CTX ciph_ctx;
- EVP_CIPHER *enc = NULL;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
- unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
- + EVP_MAX_IV_LENGTH];
- int padl, outl = sizeof(epms);
-
- EVP_CIPHER_CTX_init(&ciph_ctx);
-
-#ifdef KSSL_DEBUG
- printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
- l, SSL_kKRB5);
-#endif /* KSSL_DEBUG */
-
- authp = NULL;
-#ifdef KRB5SENDAUTH
- if (KRB5SENDAUTH) authp = &authenticator;
-#endif /* KRB5SENDAUTH */
-
- krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
- &kssl_err);
- enc = kssl_map_enc(kssl_ctx->enctype);
- if (enc == NULL)
- goto err;
-#ifdef KSSL_DEBUG
- {
- printf("kssl_cget_tkt rtn %d\n", krb5rc);
- if (krb5rc && kssl_err.text)
- printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
- }
-#endif /* KSSL_DEBUG */
-
- if (krb5rc)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,
- SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- kssl_err.reason);
- goto err;
- }
-
- /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
- ** in place of RFC 2712 KerberosWrapper, as in:
- **
- ** Send ticket (copy to *p, set n = length)
- ** n = krb5_ap_req.length;
- ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
- ** if (krb5_ap_req.data)
- ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
- **
- ** Now using real RFC 2712 KerberosWrapper
- ** (Thanks to Simon Wilkinson <sxw at sxw.org.uk>)
- ** Note: 2712 "opaque" types are here replaced
- ** with a 2-byte length followed by the value.
- ** Example:
- ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
- ** Where "xx xx" = length bytes. Shown here with
- ** optional authenticator omitted.
- */
-
- /* KerberosWrapper.Ticket */
- s2n(enc_ticket->length,p);
- memcpy(p, enc_ticket->data, enc_ticket->length);
- p+= enc_ticket->length;
- n = enc_ticket->length + 2;
-
- /* KerberosWrapper.Authenticator */
- if (authp && authp->length)
- {
- s2n(authp->length,p);
- memcpy(p, authp->data, authp->length);
- p+= authp->length;
- n+= authp->length + 2;
-
- free(authp->data);
- authp->data = NULL;
- authp->length = 0;
- }
- else
- {
- s2n(0,p);/* null authenticator length */
- n+=2;
- }
-
- tmp_buf[0]=s->client_version>>8;
- tmp_buf[1]=s->client_version&0xff;
- if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
- goto err;
-
- /* 20010420 VRS. Tried it this way; failed.
- ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
- ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
- ** kssl_ctx->length);
- ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
- */
-
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
- EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
- kssl_ctx->key,iv);
- EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
- sizeof tmp_buf);
- EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
- outl += padl;
- if (outl > sizeof epms)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
- /* KerberosWrapper.EncryptedPreMasterSecret */
- s2n(outl,p);
- memcpy(p, epms, outl);
- p+=outl;
- n+=outl + 2;
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- tmp_buf, sizeof tmp_buf);
-
- OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
- OPENSSL_cleanse(epms, outl);
- }
-#endif
-#ifndef OPENSSL_NO_DH
- else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- DH *dh_srvr,*dh_clnt;
-
- if (s->session->sess_cert == NULL)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
- goto err;
- }
-
- if (s->session->sess_cert->peer_dh_tmp != NULL)
- dh_srvr=s->session->sess_cert->peer_dh_tmp;
- else
- {
- /* we get them from the cert */
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
- goto err;
- }
-
- /* generate a new random key */
- if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- if (!DH_generate_key(dh_clnt))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- /* use the 'p' output buffer for the DH key, but
- * make sure to clear it out afterwards */
-
- n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
-
- if (n <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- /* generate master key from the result */
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,p,n);
- /* clean up */
- memset(p,0,n);
-
- /* send off the data */
- n=BN_num_bytes(dh_clnt->pub_key);
- s2n(n,p);
- BN_bn2bin(dh_clnt->pub_key,p);
- n+=2;
-
- DH_free(dh_clnt);
-
- /* perhaps clean things up a bit EAY EAY EAY EAY*/
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- else if ((l & SSL_kECDH) || (l & SSL_kECDHE))
- {
- const EC_GROUP *srvr_group = NULL;
- EC_KEY *tkey;
- int ecdh_clnt_cert = 0;
- int field_size = 0;
-
- if (s->session->sess_cert == NULL)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
- goto err;
- }
-
- /* Did we send out the client's
- * ECDH share for use in premaster
- * computation as part of client certificate?
- * If so, set ecdh_clnt_cert to 1.
- */
- if ((l & SSL_kECDH) && (s->cert != NULL))
- {
- /* XXX: For now, we do not support client
- * authentication using ECDH certificates.
- * To add such support, one needs to add
- * code that checks for appropriate
- * conditions and sets ecdh_clnt_cert to 1.
- * For example, the cert have an ECC
- * key on the same curve as the server's
- * and the key should be authorized for
- * key agreement.
- *
- * One also needs to add code in ssl3_connect
- * to skip sending the certificate verify
- * message.
- *
- * if ((s->cert->key->privatekey != NULL) &&
- * (s->cert->key->privatekey->type ==
- * EVP_PKEY_EC) && ...)
- * ecdh_clnt_cert = 1;
- */
- }
-
- if (s->session->sess_cert->peer_ecdh_tmp != NULL)
- {
- tkey = s->session->sess_cert->peer_ecdh_tmp;
- }
- else
- {
- /* Get the Server Public Key from Cert */
- srvr_pub_pkey = X509_get_pubkey(s->session-> \
- sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
- if ((srvr_pub_pkey == NULL) ||
- (srvr_pub_pkey->type != EVP_PKEY_EC) ||
- (srvr_pub_pkey->pkey.ec == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- tkey = srvr_pub_pkey->pkey.ec;
- }
-
- srvr_group = EC_KEY_get0_group(tkey);
- srvr_ecpoint = EC_KEY_get0_public_key(tkey);
-
- if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if ((clnt_ecdh=EC_KEY_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
- goto err;
- }
- if (ecdh_clnt_cert)
- {
- /* Reuse key info from our certificate
- * We only need our private key to perform
- * the ECDH computation.
- */
- const BIGNUM *priv_key;
- tkey = s->cert->key->privatekey->pkey.ec;
- priv_key = EC_KEY_get0_private_key(tkey);
- if (priv_key == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
- goto err;
- }
- }
- else
- {
- /* Generate a new ECDH key pair */
- if (!(EC_KEY_generate_key(clnt_ecdh)))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
- goto err;
- }
- }
-
- /* use the 'p' output buffer for the ECDH key, but
- * make sure to clear it out afterwards
- */
-
- field_size = EC_GROUP_get_degree(srvr_group);
- if (field_size <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_ECDH_LIB);
- goto err;
- }
- n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
- if (n <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_ECDH_LIB);
- goto err;
- }
-
- /* generate master key from the result */
- s->session->master_key_length = s->method->ssl3_enc \
- -> generate_master_secret(s,
- s->session->master_key,
- p, n);
-
- memset(p, 0, n); /* clean up */
-
- if (ecdh_clnt_cert)
- {
- /* Send empty client key exch message */
- n = 0;
- }
- else
- {
- /* First check the size of encoding and
- * allocate memory accordingly.
- */
- encoded_pt_len =
- EC_POINT_point2oct(srvr_group,
- EC_KEY_get0_public_key(clnt_ecdh),
- POINT_CONVERSION_UNCOMPRESSED,
- NULL, 0, NULL);
-
- encodedPoint = (unsigned char *)
- OPENSSL_malloc(encoded_pt_len *
- sizeof(unsigned char));
- bn_ctx = BN_CTX_new();
- if ((encodedPoint == NULL) ||
- (bn_ctx == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* Encode the public key */
- n = EC_POINT_point2oct(srvr_group,
- EC_KEY_get0_public_key(clnt_ecdh),
- POINT_CONVERSION_UNCOMPRESSED,
- encodedPoint, encoded_pt_len, bn_ctx);
-
- *p = n; /* length of encoded point */
- /* Encoded point will be copied here */
- p += 1;
- /* copy the point */
- memcpy((unsigned char *)p, encodedPoint, n);
- /* increment n to account for length field */
- n += 1;
- }
-
- /* Free allocated memory */
- BN_CTX_free(bn_ctx);
- if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
- if (clnt_ecdh != NULL)
- EC_KEY_free(clnt_ecdh);
- EVP_PKEY_free(srvr_pub_pkey);
- }
-#endif /* !OPENSSL_NO_ECDH */
- else
- {
- ssl3_send_alert(s, SSL3_AL_FATAL,
- SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
- l2n3(n,d);
-
- s->state=SSL3_ST_CW_KEY_EXCH_B;
- /* number of bytes to write */
- s->init_num=n+4;
- s->init_off=0;
- }
-
- /* SSL3_ST_CW_KEY_EXCH_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-#ifndef OPENSSL_NO_ECDH
- BN_CTX_free(bn_ctx);
- if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
- if (clnt_ecdh != NULL)
- EC_KEY_free(clnt_ecdh);
- EVP_PKEY_free(srvr_pub_pkey);
-#endif
- return(-1);
- }
-
-int ssl3_send_client_verify(SSL *s)
- {
- unsigned char *p,*d;
- unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- EVP_PKEY *pkey;
-#ifndef OPENSSL_NO_RSA
- unsigned u=0;
-#endif
- unsigned long n;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
- int j;
-#endif
-
- if (s->state == SSL3_ST_CW_CERT_VRFY_A)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
- pkey=s->cert->key->privatekey;
-
- s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
- &(data[MD5_DIGEST_LENGTH]));
-
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),&(data[0]));
- if (RSA_sign(NID_md5_sha1, data,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
- &(p[2]), &u, pkey->pkey.rsa) <= 0 )
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
- goto err;
- }
- s2n(u,p);
- n=u+2;
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- if (!DSA_sign(pkey->save_type,
- &(data[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,&(p[2]),
- (unsigned int *)&j,pkey->pkey.dsa))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
- goto err;
- }
- s2n(j,p);
- n=j+2;
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- {
- if (!ECDSA_sign(pkey->save_type,
- &(data[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,&(p[2]),
- (unsigned int *)&j,pkey->pkey.ec))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
- ERR_R_ECDSA_LIB);
- goto err;
- }
- s2n(j,p);
- n=j+2;
- }
- else
-#endif
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
- l2n3(n,d);
-
- s->state=SSL3_ST_CW_CERT_VRFY_B;
- s->init_num=(int)n+4;
- s->init_off=0;
- }
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-int ssl3_send_client_certificate(SSL *s)
- {
- X509 *x509=NULL;
- EVP_PKEY *pkey=NULL;
- int i;
- unsigned long l;
-
- if (s->state == SSL3_ST_CW_CERT_A)
- {
- if ((s->cert == NULL) ||
- (s->cert->key->x509 == NULL) ||
- (s->cert->key->privatekey == NULL))
- s->state=SSL3_ST_CW_CERT_B;
- else
- s->state=SSL3_ST_CW_CERT_C;
- }
-
- /* We need to get a client cert */
- if (s->state == SSL3_ST_CW_CERT_B)
- {
- /* If we get an error, we need to
- * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
- * We then get retied later */
- i=0;
- i = ssl_do_client_cert_cb(s, &x509, &pkey);
- if (i < 0)
- {
- s->rwstate=SSL_X509_LOOKUP;
- return(-1);
- }
- s->rwstate=SSL_NOTHING;
- if ((i == 1) && (pkey != NULL) && (x509 != NULL))
- {
- s->state=SSL3_ST_CW_CERT_B;
- if ( !SSL_use_certificate(s,x509) ||
- !SSL_use_PrivateKey(s,pkey))
- i=0;
- }
- else if (i == 1)
- {
- i=0;
- SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
- }
-
- if (x509 != NULL) X509_free(x509);
- if (pkey != NULL) EVP_PKEY_free(pkey);
- if (i == 0)
- {
- if (s->version == SSL3_VERSION)
- {
- s->s3->tmp.cert_req=0;
- ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
- return(1);
- }
- else
- {
- s->s3->tmp.cert_req=2;
- }
- }
-
- /* Ok, we have a cert */
- s->state=SSL3_ST_CW_CERT_C;
- }
-
- if (s->state == SSL3_ST_CW_CERT_C)
- {
- s->state=SSL3_ST_CW_CERT_D;
- l=ssl3_output_cert_chain(s,
- (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
- s->init_num=(int)l;
- s->init_off=0;
- }
- /* SSL3_ST_CW_CERT_D */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-#define has_bits(i,m) (((i)&(m)) == (m))
-
-int ssl3_check_cert_and_algorithm(SSL *s)
- {
- int i,idx;
- long algs;
- EVP_PKEY *pkey=NULL;
- SESS_CERT *sc;
-#ifndef OPENSSL_NO_RSA
- RSA *rsa;
-#endif
-#ifndef OPENSSL_NO_DH
- DH *dh;
-#endif
-
- sc=s->session->sess_cert;
-
- algs=s->s3->tmp.new_cipher->algorithms;
-
- /* we don't have a certificate */
- if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
- return(1);
-
- if (sc == NULL)
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
-#ifndef OPENSSL_NO_RSA
- rsa=s->session->sess_cert->peer_rsa_tmp;
-#endif
-#ifndef OPENSSL_NO_DH
- dh=s->session->sess_cert->peer_dh_tmp;
-#endif
-
- /* This is the passed certificate */
-
- idx=sc->peer_cert_type;
-#ifndef OPENSSL_NO_ECDH
- if (idx == SSL_PKEY_ECC)
- {
- if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
- s->s3->tmp.new_cipher) == 0)
- { /* check failed */
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
- goto f_err;
- }
- else
- {
- return 1;
- }
- }
-#endif
- pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
- i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
- EVP_PKEY_free(pkey);
-
-
- /* Check that we have a certificate if we require one */
- if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
- goto f_err;
- }
-#ifndef OPENSSL_NO_DSA
- else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
- goto f_err;
- }
-#endif
-#ifndef OPENSSL_NO_RSA
- if ((algs & SSL_kRSA) &&
- !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
- goto f_err;
- }
-#endif
-#ifndef OPENSSL_NO_DH
- if ((algs & SSL_kEDH) &&
- !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
- goto f_err;
- }
- else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
- goto f_err;
- }
-#ifndef OPENSSL_NO_DSA
- else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
- goto f_err;
- }
-#endif
-#endif
-
- if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
- {
-#ifndef OPENSSL_NO_RSA
- if (algs & SSL_kRSA)
- {
- if (rsa == NULL
- || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef OPENSSL_NO_DH
- if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- if (dh == NULL
- || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
- goto f_err;
- }
- }
- else
-#endif
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
- goto f_err;
- }
- }
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-err:
- return(0);
- }
-
-
-#ifndef OPENSSL_NO_ECDH
-/* This is the complement of nid2curve_id in s3_srvr.c. */
-static int curve_id2nid(int curve_id)
-{
- /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
- * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
- static int nid_list[26] =
- {
- 0,
- NID_sect163k1, /* sect163k1 (1) */
- NID_sect163r1, /* sect163r1 (2) */
- NID_sect163r2, /* sect163r2 (3) */
- NID_sect193r1, /* sect193r1 (4) */
- NID_sect193r2, /* sect193r2 (5) */
- NID_sect233k1, /* sect233k1 (6) */
- NID_sect233r1, /* sect233r1 (7) */
- NID_sect239k1, /* sect239k1 (8) */
- NID_sect283k1, /* sect283k1 (9) */
- NID_sect283r1, /* sect283r1 (10) */
- NID_sect409k1, /* sect409k1 (11) */
- NID_sect409r1, /* sect409r1 (12) */
- NID_sect571k1, /* sect571k1 (13) */
- NID_sect571r1, /* sect571r1 (14) */
- NID_secp160k1, /* secp160k1 (15) */
- NID_secp160r1, /* secp160r1 (16) */
- NID_secp160r2, /* secp160r2 (17) */
- NID_secp192k1, /* secp192k1 (18) */
- NID_X9_62_prime192v1, /* secp192r1 (19) */
- NID_secp224k1, /* secp224k1 (20) */
- NID_secp224r1, /* secp224r1 (21) */
- NID_secp256k1, /* secp256k1 (22) */
- NID_X9_62_prime256v1, /* secp256r1 (23) */
- NID_secp384r1, /* secp384r1 (24) */
- NID_secp521r1 /* secp521r1 (25) */
- };
-
- if ((curve_id < 1) || (curve_id > 25)) return 0;
-
- return nid_list[curve_id];
-}
-#endif
-
-/* Check to see if handshake is full or resumed. Usually this is just a
- * case of checking to see if a cache hit has occurred. In the case of
- * session tickets we have to check the next message to be sure.
- */
-
-#ifndef OPENSSL_NO_TLSEXT
-int ssl3_check_finished(SSL *s)
- {
- int ok;
- long n;
- /* If we have no ticket or session ID is non-zero length (a match of
- * a non-zero session length would never reach here) it cannot be a
- * resumed session.
- */
- if (!s->session->tlsext_tick || s->session->session_id_length)
- return 1;
- /* this function is called when we really expect a Certificate
- * message, so permit appropriate message length */
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_CERT_A,
- SSL3_ST_CR_CERT_B,
- -1,
- s->max_cert_list,
- &ok);
- if (!ok) return((int)n);
- s->s3->tmp.reuse_message = 1;
- if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
- || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
- return 2;
-
- return 1;
- }
-#endif
-
-int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
- {
- int i = 0;
-#ifndef OPENSSL_NO_ENGINE
- if (s->ctx->client_cert_engine)
- {
- i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
- SSL_get_client_CA_list(s),
- px509, ppkey, NULL, NULL, NULL);
- if (i != 0)
- return i;
- }
-#endif
- if (s->ctx->client_cert_cb)
- i = s->ctx->client_cert_cb(s,px509,ppkey);
- return i;
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s3_clnt.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s3_clnt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s3_clnt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_clnt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2728 @@
+/* ssl/s3_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+static SSL_METHOD *ssl3_get_client_method(int ver);
+static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b);
+
+#ifndef OPENSSL_NO_ECDH
+static int curve_id2nid(int curve_id);
+int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
+#endif
+
+static SSL_METHOD *ssl3_get_client_method(int ver)
+{
+ if (ver == SSL3_VERSION)
+ return (SSLv3_client_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
+ ssl_undefined_function,
+ ssl3_connect, ssl3_get_client_method)
+
+int ssl3_connect(SSL *s)
+{
+ BUF_MEM *buf = NULL;
+ unsigned long Time = (unsigned long)time(NULL);
+ void (*cb) (const SSL *ssl, int type, int val) = NULL;
+ int ret = -1;
+ int new_state, state, skip = 0;
+
+ RAND_add(&Time, sizeof(Time), 0);
+ ERR_clear_error();
+ clear_sys_error();
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s))
+ SSL_clear(s);
+
+ for (;;) {
+ state = s->state;
+
+ switch (s->state) {
+ case SSL_ST_RENEGOTIATE:
+ s->new_session = 1;
+ s->state = SSL_ST_CONNECT;
+ s->ctx->stats.sess_connect_renegotiate++;
+ /* break */
+ case SSL_ST_BEFORE:
+ case SSL_ST_CONNECT:
+ case SSL_ST_BEFORE | SSL_ST_CONNECT:
+ case SSL_ST_OK | SSL_ST_CONNECT:
+
+ s->server = 0;
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+ if ((s->version & 0xff00) != 0x0300) {
+ SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
+ ret = -1;
+ goto end;
+ }
+
+ /* s->version=SSL3_VERSION; */
+ s->type = SSL_ST_CONNECT;
+
+ if (s->init_buf == NULL) {
+ if ((buf = BUF_MEM_new()) == NULL) {
+ ret = -1;
+ goto end;
+ }
+ if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+ ret = -1;
+ goto end;
+ }
+ s->init_buf = buf;
+ buf = NULL;
+ }
+
+ if (!ssl3_setup_buffers(s)) {
+ ret = -1;
+ goto end;
+ }
+
+ /* setup buffing BIO */
+ if (!ssl_init_wbio_buffer(s, 0)) {
+ ret = -1;
+ goto end;
+ }
+
+ /* don't push the buffering BIO quite yet */
+
+ ssl3_init_finished_mac(s);
+
+ s->state = SSL3_ST_CW_CLNT_HELLO_A;
+ s->ctx->stats.sess_connect++;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CW_CLNT_HELLO_A:
+ case SSL3_ST_CW_CLNT_HELLO_B:
+
+ s->shutdown = 0;
+ ret = ssl3_client_hello(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CR_SRVR_HELLO_A;
+ s->init_num = 0;
+
+ /* turn on buffering for the next lot of output */
+ if (s->bbio != s->wbio)
+ s->wbio = BIO_push(s->bbio, s->wbio);
+
+ break;
+
+ case SSL3_ST_CR_SRVR_HELLO_A:
+ case SSL3_ST_CR_SRVR_HELLO_B:
+ ret = ssl3_get_server_hello(s);
+ if (ret <= 0)
+ goto end;
+ if (s->hit) {
+ s->state = SSL3_ST_CR_FINISHED_A;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->tlsext_ticket_expected) {
+ /* receive renewed session ticket */
+ s->state = SSL3_ST_CR_SESSION_TICKET_A;
+ }
+#endif
+ } else
+ s->state = SSL3_ST_CR_CERT_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CR_CERT_A:
+ case SSL3_ST_CR_CERT_B:
+#ifndef OPENSSL_NO_TLSEXT
+ ret = ssl3_check_finished(s);
+ if (ret <= 0)
+ goto end;
+ if (ret == 2) {
+ s->hit = 1;
+ if (s->tlsext_ticket_expected)
+ s->state = SSL3_ST_CR_SESSION_TICKET_A;
+ else
+ s->state = SSL3_ST_CR_FINISHED_A;
+ s->init_num = 0;
+ break;
+ }
+#endif
+ /* Check if it is anon DH/ECDH */
+ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) {
+ ret = ssl3_get_server_certificate(s);
+ if (ret <= 0)
+ goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->tlsext_status_expected)
+ s->state = SSL3_ST_CR_CERT_STATUS_A;
+ else
+ s->state = SSL3_ST_CR_KEY_EXCH_A;
+ } else {
+ skip = 1;
+ s->state = SSL3_ST_CR_KEY_EXCH_A;
+ }
+#else
+ } else
+ skip = 1;
+
+ s->state = SSL3_ST_CR_KEY_EXCH_A;
+#endif
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CR_KEY_EXCH_A:
+ case SSL3_ST_CR_KEY_EXCH_B:
+ ret = ssl3_get_key_exchange(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CR_CERT_REQ_A;
+ s->init_num = 0;
+
+ /*
+ * at this point we check that we have the required stuff from
+ * the server
+ */
+ if (!ssl3_check_cert_and_algorithm(s)) {
+ ret = -1;
+ goto end;
+ }
+ break;
+
+ case SSL3_ST_CR_CERT_REQ_A:
+ case SSL3_ST_CR_CERT_REQ_B:
+ ret = ssl3_get_certificate_request(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CR_SRVR_DONE_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CR_SRVR_DONE_A:
+ case SSL3_ST_CR_SRVR_DONE_B:
+ ret = ssl3_get_server_done(s);
+ if (ret <= 0)
+ goto end;
+ if (s->s3->tmp.cert_req)
+ s->state = SSL3_ST_CW_CERT_A;
+ else
+ s->state = SSL3_ST_CW_KEY_EXCH_A;
+ s->init_num = 0;
+
+ break;
+
+ case SSL3_ST_CW_CERT_A:
+ case SSL3_ST_CW_CERT_B:
+ case SSL3_ST_CW_CERT_C:
+ case SSL3_ST_CW_CERT_D:
+ ret = ssl3_send_client_certificate(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CW_KEY_EXCH_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CW_KEY_EXCH_A:
+ case SSL3_ST_CW_KEY_EXCH_B:
+ ret = ssl3_send_client_key_exchange(s);
+ if (ret <= 0)
+ goto end;
+ /*
+ * EAY EAY EAY need to check for DH fix cert sent back
+ */
+ /*
+ * For TLS, cert_req is set to 2, so a cert chain of nothing is
+ * sent, but no verify packet is sent
+ */
+ /*
+ * XXX: For now, we do not support client authentication in ECDH
+ * cipher suites with ECDH (rather than ECDSA) certificates. We
+ * need to skip the certificate verify message when client's
+ * ECDH public key is sent inside the client certificate.
+ */
+ if (s->s3->tmp.cert_req == 1) {
+ s->state = SSL3_ST_CW_CERT_VRFY_A;
+ } else {
+ s->state = SSL3_ST_CW_CHANGE_A;
+ s->s3->change_cipher_spec = 0;
+ }
+
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CW_CERT_VRFY_A:
+ case SSL3_ST_CW_CERT_VRFY_B:
+ ret = ssl3_send_client_verify(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CW_CHANGE_A;
+ s->init_num = 0;
+ s->s3->change_cipher_spec = 0;
+ break;
+
+ case SSL3_ST_CW_CHANGE_A:
+ case SSL3_ST_CW_CHANGE_B:
+ ret = ssl3_send_change_cipher_spec(s,
+ SSL3_ST_CW_CHANGE_A,
+ SSL3_ST_CW_CHANGE_B);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CW_FINISHED_A;
+ s->init_num = 0;
+
+ s->session->cipher = s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+ s->session->compress_meth = 0;
+#else
+ if (s->s3->tmp.new_compression == NULL)
+ s->session->compress_meth = 0;
+ else
+ s->session->compress_meth = s->s3->tmp.new_compression->id;
+#endif
+ if (!s->method->ssl3_enc->setup_key_block(s)) {
+ ret = -1;
+ goto end;
+ }
+
+ if (!s->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CHANGE_CIPHER_CLIENT_WRITE))
+ {
+ ret = -1;
+ goto end;
+ }
+
+ break;
+
+ case SSL3_ST_CW_FINISHED_A:
+ case SSL3_ST_CW_FINISHED_B:
+ ret = ssl3_send_finished(s,
+ SSL3_ST_CW_FINISHED_A,
+ SSL3_ST_CW_FINISHED_B,
+ s->method->
+ ssl3_enc->client_finished_label,
+ s->method->
+ ssl3_enc->client_finished_label_len);
+ if (ret <= 0)
+ goto end;
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ s->state = SSL3_ST_CW_FLUSH;
+
+ /* clear flags */
+ s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
+ if (s->hit) {
+ s->s3->tmp.next_state = SSL_ST_OK;
+ if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) {
+ s->state = SSL_ST_OK;
+ s->s3->flags |= SSL3_FLAGS_POP_BUFFER;
+ s->s3->delay_buf_pop_ret = 0;
+ }
+ } else {
+#ifndef OPENSSL_NO_TLSEXT
+ /*
+ * Allow NewSessionTicket if ticket expected
+ */
+ if (s->tlsext_ticket_expected)
+ s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A;
+ else
+#endif
+
+ s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A;
+ }
+ s->init_num = 0;
+ break;
+
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL3_ST_CR_SESSION_TICKET_A:
+ case SSL3_ST_CR_SESSION_TICKET_B:
+ ret = ssl3_get_new_session_ticket(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CR_FINISHED_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CR_CERT_STATUS_A:
+ case SSL3_ST_CR_CERT_STATUS_B:
+ ret = ssl3_get_cert_status(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_CR_KEY_EXCH_A;
+ s->init_num = 0;
+ break;
+#endif
+
+ case SSL3_ST_CR_FINISHED_A:
+ case SSL3_ST_CR_FINISHED_B:
+
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ ret = ssl3_get_finished(s, SSL3_ST_CR_FINISHED_A,
+ SSL3_ST_CR_FINISHED_B);
+ if (ret <= 0)
+ goto end;
+
+ if (s->hit)
+ s->state = SSL3_ST_CW_CHANGE_A;
+ else
+ s->state = SSL_ST_OK;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_CW_FLUSH:
+ s->rwstate = SSL_WRITING;
+ if (BIO_flush(s->wbio) <= 0) {
+ ret = -1;
+ goto end;
+ }
+ s->rwstate = SSL_NOTHING;
+ s->state = s->s3->tmp.next_state;
+ break;
+
+ case SSL_ST_OK:
+ /* clean a few things up */
+ ssl3_cleanup_key_block(s);
+
+ if (s->init_buf != NULL) {
+ BUF_MEM_free(s->init_buf);
+ s->init_buf = NULL;
+ }
+
+ /*
+ * If we are not 'joining' the last two packets, remove the
+ * buffering now
+ */
+ if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+ ssl_free_wbio_buffer(s);
+ /* else do it later in ssl3_write */
+
+ s->init_num = 0;
+ s->new_session = 0;
+
+ ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+ if (s->hit)
+ s->ctx->stats.sess_hit++;
+
+ ret = 1;
+ /* s->server=0; */
+ s->handshake_func = ssl3_connect;
+ s->ctx->stats.sess_connect_good++;
+
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+
+ goto end;
+ /* break; */
+
+ default:
+ SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE);
+ ret = -1;
+ goto end;
+ /* break; */
+ }
+
+ /* did we do anything */
+ if (!s->s3->tmp.reuse_message && !skip) {
+ if (s->debug) {
+ if ((ret = BIO_flush(s->wbio)) <= 0)
+ goto end;
+ }
+
+ if ((cb != NULL) && (s->state != state)) {
+ new_state = s->state;
+ s->state = state;
+ cb(s, SSL_CB_CONNECT_LOOP, 1);
+ s->state = new_state;
+ }
+ }
+ skip = 0;
+ }
+ end:
+ s->in_handshake--;
+ if (buf != NULL)
+ BUF_MEM_free(buf);
+ if (cb != NULL)
+ cb(s, SSL_CB_CONNECT_EXIT, ret);
+ return (ret);
+}
+
+int ssl3_client_hello(SSL *s)
+{
+ unsigned char *buf;
+ unsigned char *p, *d;
+ int i;
+ unsigned long Time, l;
+#ifndef OPENSSL_NO_COMP
+ int j;
+ SSL_COMP *comp;
+#endif
+
+ buf = (unsigned char *)s->init_buf->data;
+ if (s->state == SSL3_ST_CW_CLNT_HELLO_A) {
+ SSL_SESSION *sess = s->session;
+ if ((sess == NULL) || (sess->ssl_version != s->version) ||
+#ifdef OPENSSL_NO_TLSEXT
+ !sess->session_id_length ||
+#else
+ (!sess->session_id_length && !sess->tlsext_tick) ||
+#endif
+ (sess->not_resumable)) {
+ if (!ssl_get_new_session(s, 0))
+ goto err;
+ }
+ /* else use the pre-loaded session */
+
+ p = s->s3->client_random;
+ Time = (unsigned long)time(NULL); /* Time */
+ l2n(Time, p);
+ if (RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE - 4) <= 0)
+ goto err;
+
+ /* Do the message type and length last */
+ d = p = &(buf[4]);
+
+ *(p++) = s->version >> 8;
+ *(p++) = s->version & 0xff;
+ s->client_version = s->version;
+
+ /* Random stuff */
+ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+
+ /* Session ID */
+ if (s->new_session)
+ i = 0;
+ else
+ i = s->session->session_id_length;
+ *(p++) = i;
+ if (i != 0) {
+ if (i > (int)sizeof(s->session->session_id)) {
+ SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ memcpy(p, s->session->session_id, i);
+ p += i;
+ }
+
+ /* Ciphers supported */
+ i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), 0);
+ if (i == 0) {
+ SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE);
+ goto err;
+ }
+ s2n(i, p);
+ p += i;
+
+ /* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+ *(p++) = 1;
+#else
+ if (s->ctx->comp_methods == NULL)
+ j = 0;
+ else
+ j = sk_SSL_COMP_num(s->ctx->comp_methods);
+ *(p++) = 1 + j;
+ for (i = 0; i < j; i++) {
+ comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
+ *(p++) = comp->id;
+ }
+#endif
+ *(p++) = 0; /* Add the NULL method */
+#ifndef OPENSSL_NO_TLSEXT
+ if ((p =
+ ssl_add_clienthello_tlsext(s, p,
+ buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
+ NULL) {
+ SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+#endif
+ l = (p - d);
+ d = buf;
+ *(d++) = SSL3_MT_CLIENT_HELLO;
+ l2n3(l, d);
+
+ s->state = SSL3_ST_CW_CLNT_HELLO_B;
+ /* number of bytes to write */
+ s->init_num = p - buf;
+ s->init_off = 0;
+ }
+
+ /* SSL3_ST_CW_CLNT_HELLO_B */
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+ return (-1);
+}
+
+int ssl3_get_server_hello(SSL *s)
+{
+ STACK_OF(SSL_CIPHER) *sk;
+ SSL_CIPHER *c;
+ unsigned char *p, *d;
+ int i, al, ok;
+ unsigned int j;
+ long n;
+#ifndef OPENSSL_NO_COMP
+ SSL_COMP *comp;
+#endif
+
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_CR_SRVR_HELLO_A,
+ SSL3_ST_CR_SRVR_HELLO_B, -1, 20000, &ok);
+
+ if (!ok)
+ return ((int)n);
+
+ if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) {
+ if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+ if (s->d1->send_cookie == 0) {
+ s->s3->tmp.reuse_message = 1;
+ return 1;
+ } else { /* already sent a cookie */
+
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE);
+ goto f_err;
+ }
+ }
+ }
+
+ if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_MESSAGE_TYPE);
+ goto f_err;
+ }
+
+ d = p = (unsigned char *)s->init_msg;
+
+ if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) {
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION);
+ s->version = (s->version & 0xff00) | p[1];
+ al = SSL_AD_PROTOCOL_VERSION;
+ goto f_err;
+ }
+ p += 2;
+
+ /* load the server hello data */
+ /* load the server random */
+ memcpy(s->s3->server_random, p, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+
+ /* get the session-id */
+ j = *(p++);
+
+ if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE)) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ goto f_err;
+ }
+
+ if (j != 0 && j == s->session->session_id_length
+ && memcmp(p, s->session->session_id, j) == 0) {
+ if (s->sid_ctx_length != s->session->sid_ctx_length
+ || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {
+ /* actually a client application bug */
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+ goto f_err;
+ }
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ s->hit = 1;
+ } else { /* a miss or crap from the other end */
+
+ /*
+ * If we were trying for session-id reuse, make a new SSL_SESSION so
+ * we don't stuff up other people
+ */
+ s->hit = 0;
+ if (s->session->session_id_length > 0) {
+ if (!ssl_get_new_session(s, 0)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ goto f_err;
+ }
+ }
+ s->session->session_id_length = j;
+ memcpy(s->session->session_id, p, j); /* j could be 0 */
+ }
+ p += j;
+ c = ssl_get_cipher_by_char(s, p);
+ if (c == NULL) {
+ /* unknown cipher */
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNKNOWN_CIPHER_RETURNED);
+ goto f_err;
+ }
+ p += ssl_put_cipher_by_char(s, NULL, NULL);
+
+ sk = ssl_get_ciphers_by_id(s);
+ i = sk_SSL_CIPHER_find(sk, c);
+ if (i < 0) {
+ /* we did not say we would use this cipher */
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_CIPHER_RETURNED);
+ goto f_err;
+ }
+
+ /*
+ * Depending on the session caching (internal/external), the cipher
+ * and/or cipher_id values may not be set. Make sure that cipher_id is
+ * set and use it for comparison.
+ */
+ if (s->session->cipher)
+ s->session->cipher_id = s->session->cipher->id;
+ if (s->hit && (s->session->cipher_id != c->id)) {
+/* Workaround is now obsolete */
+#if 0
+ if (!(s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+#endif
+ {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
+ goto f_err;
+ }
+ }
+ s->s3->tmp.new_cipher = c;
+
+ /* lets get the compression algorithm */
+ /* COMPRESSION */
+#ifdef OPENSSL_NO_COMP
+ if (*(p++) != 0) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+ goto f_err;
+ }
+#else
+ j = *(p++);
+ if (j == 0)
+ comp = NULL;
+ else
+ comp = ssl3_comp_find(s->ctx->comp_methods, j);
+
+ if ((j != 0) && (comp == NULL)) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+ SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+ goto f_err;
+ } else {
+ s->s3->tmp.new_compression = comp;
+ }
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+ /* TLS extensions */
+ if (s->version >= SSL3_VERSION) {
+ if (!ssl_parse_serverhello_tlsext(s, &p, d, n, &al)) {
+ /* 'al' set by ssl_parse_serverhello_tlsext */
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT);
+ goto f_err;
+ }
+ if (ssl_check_serverhello_tlsext(s) <= 0) {
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT);
+ goto err;
+ }
+ }
+#endif
+
+ if (p != (d + n)) {
+ /* wrong packet length */
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_BAD_PACKET_LENGTH);
+ goto f_err;
+ }
+
+ return (1);
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+#ifndef OPENSSL_NO_TLSEXT
+ err:
+#endif
+ return (-1);
+}
+
+int ssl3_get_server_certificate(SSL *s)
+{
+ int al, i, ok, ret = -1;
+ unsigned long n, nc, llen, l;
+ X509 *x = NULL;
+ const unsigned char *q, *p;
+ unsigned char *d;
+ STACK_OF(X509) *sk = NULL;
+ SESS_CERT *sc;
+ EVP_PKEY *pkey = NULL;
+ int need_cert = 1; /* VRS: 0=> will allow null cert if auth ==
+ * KRB5 */
+
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_CR_CERT_A,
+ SSL3_ST_CR_CERT_B,
+ -1, s->max_cert_list, &ok);
+
+ if (!ok)
+ return ((int)n);
+
+ if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||
+ ((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) &&
+ (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) {
+ s->s3->tmp.reuse_message = 1;
+ return (1);
+ }
+
+ if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_BAD_MESSAGE_TYPE);
+ goto f_err;
+ }
+ p = d = (unsigned char *)s->init_msg;
+
+ if ((sk = sk_X509_new_null()) == NULL) {
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ n2l3(p, llen);
+ if (llen + 3 != n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ for (nc = 0; nc < llen;) {
+ n2l3(p, l);
+ if ((l + nc + 3) > llen) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+ SSL_R_CERT_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
+ q = p;
+ x = d2i_X509(NULL, &q, l);
+ if (x == NULL) {
+ al = SSL_AD_BAD_CERTIFICATE;
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
+ goto f_err;
+ }
+ if (q != (p + l)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+ SSL_R_CERT_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ if (!sk_X509_push(sk, x)) {
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ x = NULL;
+ nc += l + 3;
+ p = q;
+ }
+
+ i = ssl_verify_cert_chain(s, sk);
+ if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
+#ifndef OPENSSL_NO_KRB5
+ && (s->s3->tmp.
+ new_cipher->algorithms & (SSL_MKEY_MASK | SSL_AUTH_MASK))
+ != (SSL_aKRB5 | SSL_kKRB5)
+#endif /* OPENSSL_NO_KRB5 */
+ ) {
+ al = ssl_verify_alarm_type(s->verify_result);
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+ SSL_R_CERTIFICATE_VERIFY_FAILED);
+ goto f_err;
+ }
+ ERR_clear_error(); /* but we keep s->verify_result */
+
+ sc = ssl_sess_cert_new();
+ if (sc == NULL)
+ goto err;
+
+ if (s->session->sess_cert)
+ ssl_sess_cert_free(s->session->sess_cert);
+ s->session->sess_cert = sc;
+
+ sc->cert_chain = sk;
+ /*
+ * Inconsistency alert: cert_chain does include the peer's certificate,
+ * which we don't include in s3_srvr.c
+ */
+ x = sk_X509_value(sk, 0);
+ sk = NULL;
+ /*
+ * VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end
+ */
+
+ pkey = X509_get_pubkey(x);
+
+ /* VRS: allow null cert if auth == KRB5 */
+ need_cert = ((s->s3->tmp.new_cipher->algorithms
+ & (SSL_MKEY_MASK | SSL_AUTH_MASK))
+ == (SSL_aKRB5 | SSL_kKRB5)) ? 0 : 1;
+
+#ifdef KSSL_DEBUG
+ printf("pkey,x = %p, %p\n", (void *)pkey, (void *)x);
+ printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x, pkey));
+ printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
+ s->s3->tmp.new_cipher->algorithms, need_cert);
+#endif /* KSSL_DEBUG */
+
+ if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) {
+ x = NULL;
+ al = SSL3_AL_FATAL;
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+ SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+ goto f_err;
+ }
+
+ i = ssl_cert_type(x, pkey);
+ if (need_cert && i < 0) {
+ x = NULL;
+ al = SSL3_AL_FATAL;
+ SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+ SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+ goto f_err;
+ }
+
+ if (need_cert) {
+ sc->peer_cert_type = i;
+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ /*
+ * Why would the following ever happen? We just created sc a couple
+ * of lines ago.
+ */
+ if (sc->peer_pkeys[i].x509 != NULL)
+ X509_free(sc->peer_pkeys[i].x509);
+ sc->peer_pkeys[i].x509 = x;
+ sc->peer_key = &(sc->peer_pkeys[i]);
+
+ if (s->session->peer != NULL)
+ X509_free(s->session->peer);
+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ s->session->peer = x;
+ } else {
+ sc->peer_cert_type = i;
+ sc->peer_key = NULL;
+
+ if (s->session->peer != NULL)
+ X509_free(s->session->peer);
+ s->session->peer = NULL;
+ }
+ s->session->verify_result = s->verify_result;
+
+ x = NULL;
+ ret = 1;
+
+ if (0) {
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ }
+ err:
+ EVP_PKEY_free(pkey);
+ X509_free(x);
+ sk_X509_pop_free(sk, X509_free);
+ return (ret);
+}
+
+int ssl3_get_key_exchange(SSL *s)
+{
+#ifndef OPENSSL_NO_RSA
+ unsigned char *q, md_buf[EVP_MAX_MD_SIZE * 2];
+#endif
+ EVP_MD_CTX md_ctx;
+ unsigned char *param, *p;
+ int al, j, ok;
+ long i, param_len, n, alg;
+ EVP_PKEY *pkey = NULL;
+#ifndef OPENSSL_NO_RSA
+ RSA *rsa = NULL;
+#endif
+#ifndef OPENSSL_NO_DH
+ DH *dh = NULL;
+#endif
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh = NULL;
+ BN_CTX *bn_ctx = NULL;
+ EC_POINT *srvr_ecpoint = NULL;
+ int curve_nid = 0;
+ int encoded_pt_len = 0;
+#endif
+
+ /*
+ * use same message size as in ssl3_get_certificate_request() as
+ * ServerKeyExchange message may be skipped
+ */
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_CR_KEY_EXCH_A,
+ SSL3_ST_CR_KEY_EXCH_B,
+ -1, s->max_cert_list, &ok);
+
+ if (!ok)
+ return ((int)n);
+
+ alg = s->s3->tmp.new_cipher->algorithms;
+ EVP_MD_CTX_init(&md_ctx);
+
+ if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
+ /*
+ * Can't skip server key exchange if this is an ephemeral
+ * ciphersuite.
+ */
+ if (alg & (SSL_kEDH | SSL_kECDHE)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ goto f_err;
+ }
+ s->s3->tmp.reuse_message = 1;
+ return (1);
+ }
+
+ param = p = (unsigned char *)s->init_msg;
+
+ if (s->session->sess_cert != NULL) {
+#ifndef OPENSSL_NO_RSA
+ if (s->session->sess_cert->peer_rsa_tmp != NULL) {
+ RSA_free(s->session->sess_cert->peer_rsa_tmp);
+ s->session->sess_cert->peer_rsa_tmp = NULL;
+ }
+#endif
+#ifndef OPENSSL_NO_DH
+ if (s->session->sess_cert->peer_dh_tmp) {
+ DH_free(s->session->sess_cert->peer_dh_tmp);
+ s->session->sess_cert->peer_dh_tmp = NULL;
+ }
+#endif
+#ifndef OPENSSL_NO_ECDH
+ if (s->session->sess_cert->peer_ecdh_tmp) {
+ EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
+ s->session->sess_cert->peer_ecdh_tmp = NULL;
+ }
+#endif
+ } else {
+ s->session->sess_cert = ssl_sess_cert_new();
+ }
+
+ /* Total length of the parameters including the length prefix */
+ param_len = 0;
+
+ al = SSL_AD_DECODE_ERROR;
+#ifndef OPENSSL_NO_RSA
+ if (alg & SSL_kRSA) {
+ /* Temporary RSA keys only allowed in export ciphersuites */
+ if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+ if ((rsa = RSA_new()) == NULL) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ param_len = 2;
+ if (param_len > n) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+ n2s(p, i);
+
+ if (i > n - param_len) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_MODULUS_LENGTH);
+ goto f_err;
+ }
+ param_len += i;
+
+ if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+ goto err;
+ }
+ p += i;
+
+ if (2 > n - param_len) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+ param_len += 2;
+
+ n2s(p, i);
+
+ if (i > n - param_len) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_E_LENGTH);
+ goto f_err;
+ }
+ param_len += i;
+
+ if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+ goto err;
+ }
+ p += i;
+ n -= param_len;
+
+ /* this should be because we are using an export cipher */
+ if (alg & SSL_aRSA)
+ pkey =
+ X509_get_pubkey(s->session->
+ sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+ else {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ s->session->sess_cert->peer_rsa_tmp = rsa;
+ rsa = NULL;
+ }
+#else /* OPENSSL_NO_RSA */
+ if (0) ;
+#endif
+#ifndef OPENSSL_NO_DH
+ else if (alg & SSL_kEDH) {
+ if ((dh = DH_new()) == NULL) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_DH_LIB);
+ goto err;
+ }
+
+ param_len = 2;
+ if (param_len > n) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+ n2s(p, i);
+
+ if (i > n - param_len) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_LENGTH);
+ goto f_err;
+ }
+ param_len += i;
+
+ if (!(dh->p = BN_bin2bn(p, i, NULL))) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+ goto err;
+ }
+ p += i;
+
+ if (2 > n - param_len) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+ param_len += 2;
+
+ n2s(p, i);
+
+ if (i > n - param_len) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_LENGTH);
+ goto f_err;
+ }
+ param_len += i;
+
+ if (!(dh->g = BN_bin2bn(p, i, NULL))) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+ goto err;
+ }
+ p += i;
+
+ if (2 > n - param_len) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+ param_len += 2;
+
+ n2s(p, i);
+
+ if (i > n - param_len) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_LENGTH);
+ goto f_err;
+ }
+ param_len += i;
+
+ if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB);
+ goto err;
+ }
+ p += i;
+ n -= param_len;
+
+# ifndef OPENSSL_NO_RSA
+ if (alg & SSL_aRSA)
+ pkey =
+ X509_get_pubkey(s->session->
+ sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+# else
+ if (0) ;
+# endif
+# ifndef OPENSSL_NO_DSA
+ else if (alg & SSL_aDSS)
+ pkey =
+ X509_get_pubkey(s->session->
+ sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].
+ x509);
+# endif
+ /* else anonymous DH, so no certificate or pkey. */
+
+ s->session->sess_cert->peer_dh_tmp = dh;
+ dh = NULL;
+ } else if ((alg & SSL_kDHr) || (alg & SSL_kDHd)) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+ SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
+ goto f_err;
+ }
+#endif /* !OPENSSL_NO_DH */
+
+#ifndef OPENSSL_NO_ECDH
+ else if (alg & SSL_kECDHE) {
+ EC_GROUP *ngroup;
+ const EC_GROUP *group;
+
+ if ((ecdh = EC_KEY_new()) == NULL) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /*
+ * Extract elliptic curve parameters and the server's ephemeral ECDH
+ * public key. Keep accumulating lengths of various components in
+ * param_len and make sure it never exceeds n.
+ */
+
+ /*
+ * XXX: For now we only support named (not generic) curves and the
+ * ECParameters in this case is just three bytes. We also need one
+ * byte for the length of the encoded point
+ */
+ param_len = 4;
+ if (param_len > n) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+
+ if ((*p != NAMED_CURVE_TYPE) ||
+ ((curve_nid = curve_id2nid(*(p + 2))) == 0)) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+ SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+ goto f_err;
+ }
+
+ ngroup = EC_GROUP_new_by_curve_name(curve_nid);
+ if (ngroup == NULL) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (EC_KEY_set_group(ecdh, ngroup) == 0) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_EC_LIB);
+ goto err;
+ }
+ EC_GROUP_free(ngroup);
+
+ group = EC_KEY_get0_group(ecdh);
+
+ if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+ (EC_GROUP_get_degree(group) > 163)) {
+ al = SSL_AD_EXPORT_RESTRICTION;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+ SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
+ goto f_err;
+ }
+
+ p += 3;
+
+ /* Next, get the encoded ECPoint */
+ if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
+ ((bn_ctx = BN_CTX_new()) == NULL)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ encoded_pt_len = *p; /* length of encoded point */
+ p += 1;
+
+ if ((encoded_pt_len > n - param_len) ||
+ (EC_POINT_oct2point(group, srvr_ecpoint,
+ p, encoded_pt_len, bn_ctx) == 0)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_ECPOINT);
+ goto f_err;
+ }
+ param_len += encoded_pt_len;
+
+ n -= param_len;
+ p += encoded_pt_len;
+
+ /*
+ * The ECC/TLS specification does not mention the use of DSA to sign
+ * ECParameters in the server key exchange message. We do support RSA
+ * and ECDSA.
+ */
+ if (0) ;
+# ifndef OPENSSL_NO_RSA
+ else if (alg & SSL_aRSA)
+ pkey =
+ X509_get_pubkey(s->session->
+ sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+# endif
+# ifndef OPENSSL_NO_ECDSA
+ else if (alg & SSL_aECDSA)
+ pkey =
+ X509_get_pubkey(s->session->
+ sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+# endif
+ /* else anonymous ECDH, so no certificate or pkey. */
+ EC_KEY_set_public_key(ecdh, srvr_ecpoint);
+ s->session->sess_cert->peer_ecdh_tmp = ecdh;
+ ecdh = NULL;
+ BN_CTX_free(bn_ctx);
+ bn_ctx = NULL;
+ EC_POINT_free(srvr_ecpoint);
+ srvr_ecpoint = NULL;
+ } else if (alg & SSL_kECDH) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE);
+ goto f_err;
+ }
+#endif /* !OPENSSL_NO_ECDH */
+ if (alg & SSL_aFZA) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
+ SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
+ goto f_err;
+ }
+
+ /* p points to the next byte, there are 'n' bytes left */
+
+ /* if it was signed, check the signature */
+ if (pkey != NULL) {
+ n2s(p, i);
+ n -= 2;
+ j = EVP_PKEY_size(pkey);
+
+ /*
+ * Check signature length. If n is 0 then signature is empty
+ */
+ if ((i != n) || (n > j) || (n <= 0)) {
+ /* wrong packet length */
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_WRONG_SIGNATURE_LENGTH);
+ goto f_err;
+ }
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA) {
+ int num;
+ unsigned int size;
+
+ j = 0;
+ q = md_buf;
+ for (num = 2; num > 0; num--) {
+ EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(&md_ctx, (num == 2)
+ ? s->ctx->md5 : s->ctx->sha1, NULL);
+ EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&md_ctx, param, param_len);
+ EVP_DigestFinal_ex(&md_ctx, q, &size);
+ q += size;
+ j += size;
+ }
+ i = RSA_verify(NID_md5_sha1, md_buf, j, p, n, pkey->pkey.rsa);
+ if (i < 0) {
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_RSA_DECRYPT);
+ goto f_err;
+ }
+ if (i == 0) {
+ /* bad signature */
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
+ goto f_err;
+ }
+ } else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA) {
+ /* lets do DSS */
+ EVP_VerifyInit_ex(&md_ctx, EVP_dss1(), NULL);
+ EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_VerifyUpdate(&md_ctx, param, param_len);
+ if (EVP_VerifyFinal(&md_ctx, p, (int)n, pkey) <= 0) {
+ /* bad signature */
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
+ goto f_err;
+ }
+ } else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC) {
+ /* let's do ECDSA */
+ EVP_VerifyInit_ex(&md_ctx, EVP_ecdsa(), NULL);
+ EVP_VerifyUpdate(&md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_VerifyUpdate(&md_ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_VerifyUpdate(&md_ctx, param, param_len);
+ if (EVP_VerifyFinal(&md_ctx, p, (int)n, pkey) <= 0) {
+ /* bad signature */
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_SIGNATURE);
+ goto f_err;
+ }
+ } else
+#endif
+ {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ } else {
+ /* still data left over */
+ if (!(alg & SSL_aNULL)) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ if (n != 0) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_EXTRA_DATA_IN_MESSAGE);
+ goto f_err;
+ }
+ }
+ EVP_PKEY_free(pkey);
+ EVP_MD_CTX_cleanup(&md_ctx);
+ return (1);
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+ EVP_PKEY_free(pkey);
+#ifndef OPENSSL_NO_RSA
+ if (rsa != NULL)
+ RSA_free(rsa);
+#endif
+#ifndef OPENSSL_NO_DH
+ if (dh != NULL)
+ DH_free(dh);
+#endif
+#ifndef OPENSSL_NO_ECDH
+ BN_CTX_free(bn_ctx);
+ EC_POINT_free(srvr_ecpoint);
+ if (ecdh != NULL)
+ EC_KEY_free(ecdh);
+#endif
+ EVP_MD_CTX_cleanup(&md_ctx);
+ return (-1);
+}
+
+int ssl3_get_certificate_request(SSL *s)
+{
+ int ok, ret = 0;
+ unsigned long n, nc, l;
+ unsigned int llen, ctype_num, i;
+ X509_NAME *xn = NULL;
+ const unsigned char *p, *q;
+ unsigned char *d;
+ STACK_OF(X509_NAME) *ca_sk = NULL;
+
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_CR_CERT_REQ_A,
+ SSL3_ST_CR_CERT_REQ_B,
+ -1, s->max_cert_list, &ok);
+
+ if (!ok)
+ return ((int)n);
+
+ s->s3->tmp.cert_req = 0;
+
+ if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) {
+ s->s3->tmp.reuse_message = 1;
+ return (1);
+ }
+
+ if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_WRONG_MESSAGE_TYPE);
+ goto err;
+ }
+
+ /* TLS does not like anon-DH with client cert */
+ if (s->version > SSL3_VERSION) {
+ l = s->s3->tmp.new_cipher->algorithms;
+ if (l & SSL_aNULL) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
+ SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
+ goto err;
+ }
+ }
+
+ p = d = (unsigned char *)s->init_msg;
+
+ if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* get the certificate types */
+ ctype_num = *(p++);
+ if (ctype_num > SSL3_CT_NUMBER)
+ ctype_num = SSL3_CT_NUMBER;
+ for (i = 0; i < ctype_num; i++)
+ s->s3->tmp.ctype[i] = p[i];
+ p += ctype_num;
+
+ /* get the CA RDNs */
+ n2s(p, llen);
+#if 0
+ {
+ FILE *out;
+ out = fopen("/tmp/vsign.der", "w");
+ fwrite(p, 1, llen, out);
+ fclose(out);
+ }
+#endif
+
+ if ((llen + ctype_num + 2 + 1) != n) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_LENGTH_MISMATCH);
+ goto err;
+ }
+
+ for (nc = 0; nc < llen;) {
+ n2s(p, l);
+ if ((l + nc + 2) > llen) {
+ if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
+ goto cont; /* netscape bugs */
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, SSL_R_CA_DN_TOO_LONG);
+ goto err;
+ }
+
+ q = p;
+
+ if ((xn = d2i_X509_NAME(NULL, &q, l)) == NULL) {
+ /* If netscape tolerance is on, ignore errors */
+ if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
+ goto cont;
+ else {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ }
+
+ if (q != (p + l)) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,
+ SSL_R_CA_DN_LENGTH_MISMATCH);
+ goto err;
+ }
+ if (!sk_X509_NAME_push(ca_sk, xn)) {
+ SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ p += l;
+ nc += l + 2;
+ }
+
+ if (0) {
+ cont:
+ ERR_clear_error();
+ }
+
+ /* we should setup a certificate to return.... */
+ s->s3->tmp.cert_req = 1;
+ s->s3->tmp.ctype_num = ctype_num;
+ if (s->s3->tmp.ca_names != NULL)
+ sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+ s->s3->tmp.ca_names = ca_sk;
+ ca_sk = NULL;
+
+ ret = 1;
+ err:
+ if (ca_sk != NULL)
+ sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
+ return (ret);
+}
+
+static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+{
+ return (X509_NAME_cmp(*a, *b));
+}
+
+#ifndef OPENSSL_NO_TLSEXT
+int ssl3_get_new_session_ticket(SSL *s)
+{
+ int ok, al, ret = 0, ticklen;
+ long n;
+ const unsigned char *p;
+ unsigned char *d;
+
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_CR_SESSION_TICKET_A,
+ SSL3_ST_CR_SESSION_TICKET_B,
+ -1, 16384, &ok);
+
+ if (!ok)
+ return ((int)n);
+
+ if (s->s3->tmp.message_type == SSL3_MT_FINISHED) {
+ s->s3->tmp.reuse_message = 1;
+ return (1);
+ }
+ if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_BAD_MESSAGE_TYPE);
+ goto f_err;
+ }
+ if (n < 6) {
+ /* need at least ticket_lifetime_hint + ticket length */
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
+ p = d = (unsigned char *)s->init_msg;
+ n2l(p, s->session->tlsext_tick_lifetime_hint);
+ n2s(p, ticklen);
+ /* ticket_lifetime_hint + ticket_length + ticket */
+ if (ticklen + 6 != n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ if (s->session->tlsext_tick) {
+ OPENSSL_free(s->session->tlsext_tick);
+ s->session->tlsext_ticklen = 0;
+ }
+ s->session->tlsext_tick = OPENSSL_malloc(ticklen);
+ if (!s->session->tlsext_tick) {
+ SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ memcpy(s->session->tlsext_tick, p, ticklen);
+ s->session->tlsext_ticklen = ticklen;
+ /*
+ * There are two ways to detect a resumed ticket sesion. One is to set an
+ * appropriate session ID and then the server must return a match in
+ * ServerHello. This allows the normal client session ID matching to work
+ * and we know much earlier that the ticket has been accepted. The
+ * other way is to set zero length session ID when the ticket is
+ * presented and rely on the handshake to determine session resumption.
+ * We choose the former approach because this fits in with assumptions
+ * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
+ * SHA256 is disabled) hash of the ticket.
+ */
+ EVP_Digest(p, ticklen,
+ s->session->session_id, &s->session->session_id_length,
+# ifndef OPENSSL_NO_SHA256
+ EVP_sha256(), NULL);
+# else
+ EVP_sha1(), NULL);
+# endif
+ ret = 1;
+ return (ret);
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+ return (-1);
+}
+
+int ssl3_get_cert_status(SSL *s)
+{
+ int ok, al;
+ unsigned long resplen;
+ long n;
+ const unsigned char *p;
+
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_CR_CERT_STATUS_A,
+ SSL3_ST_CR_CERT_STATUS_B,
+ SSL3_MT_CERTIFICATE_STATUS, 16384, &ok);
+
+ if (!ok)
+ return ((int)n);
+ if (n < 4) {
+ /* need at least status type + length */
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ p = (unsigned char *)s->init_msg;
+ if (*p++ != TLSEXT_STATUSTYPE_ocsp) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
+ goto f_err;
+ }
+ n2l3(p, resplen);
+ if (resplen + 4 != (unsigned long)n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ if (s->tlsext_ocsp_resp)
+ OPENSSL_free(s->tlsext_ocsp_resp);
+ s->tlsext_ocsp_resp = BUF_memdup(p, resplen);
+ if (!s->tlsext_ocsp_resp) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+ s->tlsext_ocsp_resplen = resplen;
+ if (s->ctx->tlsext_status_cb) {
+ int ret;
+ ret = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+ if (ret == 0) {
+ al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_INVALID_STATUS_RESPONSE);
+ goto f_err;
+ }
+ if (ret < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_STATUS, ERR_R_MALLOC_FAILURE);
+ goto f_err;
+ }
+ }
+ return 1;
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ return (-1);
+}
+#endif
+
+int ssl3_get_server_done(SSL *s)
+{
+ int ok, ret = 0;
+ long n;
+
+ /* Second to last param should be very small, like 0 :-) */
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_CR_SRVR_DONE_A,
+ SSL3_ST_CR_SRVR_DONE_B,
+ SSL3_MT_SERVER_DONE, 30, &ok);
+
+ if (!ok)
+ return ((int)n);
+ if (n > 0) {
+ /* should contain no data */
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
+ SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH);
+ return -1;
+ }
+ ret = 1;
+ return (ret);
+}
+
+int ssl3_send_client_key_exchange(SSL *s)
+{
+ unsigned char *p, *d;
+ int n;
+ unsigned long l;
+#ifndef OPENSSL_NO_RSA
+ unsigned char *q;
+ EVP_PKEY *pkey = NULL;
+#endif
+#ifndef OPENSSL_NO_KRB5
+ KSSL_ERR kssl_err;
+#endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *clnt_ecdh = NULL;
+ const EC_POINT *srvr_ecpoint = NULL;
+ EVP_PKEY *srvr_pub_pkey = NULL;
+ unsigned char *encodedPoint = NULL;
+ int encoded_pt_len = 0;
+ BN_CTX *bn_ctx = NULL;
+#endif
+
+ if (s->state == SSL3_ST_CW_KEY_EXCH_A) {
+ d = (unsigned char *)s->init_buf->data;
+ p = &(d[4]);
+
+ l = s->s3->tmp.new_cipher->algorithms;
+
+ /* Fool emacs indentation */
+ if (0) {
+ }
+#ifndef OPENSSL_NO_RSA
+ else if (l & SSL_kRSA) {
+ RSA *rsa;
+ unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+
+ if (s->session->sess_cert == NULL) {
+ /*
+ * We should always have a server certificate with SSL_kRSA.
+ */
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if (s->session->sess_cert->peer_rsa_tmp != NULL)
+ rsa = s->session->sess_cert->peer_rsa_tmp;
+ else {
+ pkey =
+ X509_get_pubkey(s->session->
+ sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].
+ x509);
+ if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA)
+ || (pkey->pkey.rsa == NULL)) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ rsa = pkey->pkey.rsa;
+ EVP_PKEY_free(pkey);
+ }
+
+ tmp_buf[0] = s->client_version >> 8;
+ tmp_buf[1] = s->client_version & 0xff;
+ if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
+ goto err;
+
+ s->session->master_key_length = sizeof tmp_buf;
+
+ q = p;
+ /* Fix buf for TLS and beyond */
+ if (s->version > SSL3_VERSION)
+ p += 2;
+ n = RSA_public_encrypt(sizeof tmp_buf,
+ tmp_buf, p, rsa, RSA_PKCS1_PADDING);
+# ifdef PKCS1_CHECK
+ if (s->options & SSL_OP_PKCS1_CHECK_1)
+ p[1]++;
+ if (s->options & SSL_OP_PKCS1_CHECK_2)
+ tmp_buf[0] = 0x70;
+# endif
+ if (n <= 0) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ SSL_R_BAD_RSA_ENCRYPT);
+ goto err;
+ }
+
+ /* Fix buf for TLS and beyond */
+ if (s->version > SSL3_VERSION) {
+ s2n(n, q);
+ n += 2;
+ }
+
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ tmp_buf,
+ sizeof tmp_buf);
+ OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+ }
+#endif
+#ifndef OPENSSL_NO_KRB5
+ else if (l & SSL_kKRB5) {
+ krb5_error_code krb5rc;
+ KSSL_CTX *kssl_ctx = s->kssl_ctx;
+ /* krb5_data krb5_ap_req; */
+ krb5_data *enc_ticket;
+ krb5_data authenticator, *authp = NULL;
+ EVP_CIPHER_CTX ciph_ctx;
+ EVP_CIPHER *enc = NULL;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+ unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH];
+ int padl, outl = sizeof(epms);
+
+ EVP_CIPHER_CTX_init(&ciph_ctx);
+
+# ifdef KSSL_DEBUG
+ printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
+ l, SSL_kKRB5);
+# endif /* KSSL_DEBUG */
+
+ authp = NULL;
+# ifdef KRB5SENDAUTH
+ if (KRB5SENDAUTH)
+ authp = &authenticator;
+# endif /* KRB5SENDAUTH */
+
+ krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err);
+ enc = kssl_map_enc(kssl_ctx->enctype);
+ if (enc == NULL)
+ goto err;
+# ifdef KSSL_DEBUG
+ {
+ printf("kssl_cget_tkt rtn %d\n", krb5rc);
+ if (krb5rc && kssl_err.text)
+ printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
+ }
+# endif /* KSSL_DEBUG */
+
+ if (krb5rc) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason);
+ goto err;
+ }
+
+ /*-
+ * 20010406 VRS - Earlier versions used KRB5 AP_REQ
+ * in place of RFC 2712 KerberosWrapper, as in:
+ *
+ * Send ticket (copy to *p, set n = length)
+ * n = krb5_ap_req.length;
+ * memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
+ * if (krb5_ap_req.data)
+ * kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
+ *
+ * Now using real RFC 2712 KerberosWrapper
+ * (Thanks to Simon Wilkinson <sxw at sxw.org.uk>)
+ * Note: 2712 "opaque" types are here replaced
+ * with a 2-byte length followed by the value.
+ * Example:
+ * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
+ * Where "xx xx" = length bytes. Shown here with
+ * optional authenticator omitted.
+ */
+
+ /* KerberosWrapper.Ticket */
+ s2n(enc_ticket->length, p);
+ memcpy(p, enc_ticket->data, enc_ticket->length);
+ p += enc_ticket->length;
+ n = enc_ticket->length + 2;
+
+ /* KerberosWrapper.Authenticator */
+ if (authp && authp->length) {
+ s2n(authp->length, p);
+ memcpy(p, authp->data, authp->length);
+ p += authp->length;
+ n += authp->length + 2;
+
+ free(authp->data);
+ authp->data = NULL;
+ authp->length = 0;
+ } else {
+ s2n(0, p); /* null authenticator length */
+ n += 2;
+ }
+
+ tmp_buf[0] = s->client_version >> 8;
+ tmp_buf[1] = s->client_version & 0xff;
+ if (RAND_bytes(&(tmp_buf[2]), sizeof tmp_buf - 2) <= 0)
+ goto err;
+
+ /*-
+ * 20010420 VRS. Tried it this way; failed.
+ * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+ * EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+ * kssl_ctx->length);
+ * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+ */
+
+ memset(iv, 0, sizeof iv); /* per RFC 1510 */
+ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv);
+ EVP_EncryptUpdate(&ciph_ctx, epms, &outl, tmp_buf,
+ sizeof tmp_buf);
+ EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl);
+ outl += padl;
+ if (outl > sizeof epms) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+ /* KerberosWrapper.EncryptedPreMasterSecret */
+ s2n(outl, p);
+ memcpy(p, epms, outl);
+ p += outl;
+ n += outl + 2;
+
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ tmp_buf,
+ sizeof tmp_buf);
+
+ OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+ OPENSSL_cleanse(epms, outl);
+ }
+#endif
+#ifndef OPENSSL_NO_DH
+ else if (l & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
+ DH *dh_srvr, *dh_clnt;
+
+ if (s->session->sess_cert == NULL) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
+ if (s->session->sess_cert->peer_dh_tmp != NULL)
+ dh_srvr = s->session->sess_cert->peer_dh_tmp;
+ else {
+ /* we get them from the cert */
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
+ goto err;
+ }
+
+ /* generate a new random key */
+ if ((dh_clnt = DHparams_dup(dh_srvr)) == NULL) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+ goto err;
+ }
+ if (!DH_generate_key(dh_clnt)) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+ goto err;
+ }
+
+ /*
+ * use the 'p' output buffer for the DH key, but make sure to
+ * clear it out afterwards
+ */
+
+ n = DH_compute_key(p, dh_srvr->pub_key, dh_clnt);
+
+ if (n <= 0) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+ goto err;
+ }
+
+ /* generate master key from the result */
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ p, n);
+ /* clean up */
+ memset(p, 0, n);
+
+ /* send off the data */
+ n = BN_num_bytes(dh_clnt->pub_key);
+ s2n(n, p);
+ BN_bn2bin(dh_clnt->pub_key, p);
+ n += 2;
+
+ DH_free(dh_clnt);
+
+ /* perhaps clean things up a bit EAY EAY EAY EAY */
+ }
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+ else if ((l & SSL_kECDH) || (l & SSL_kECDHE)) {
+ const EC_GROUP *srvr_group = NULL;
+ EC_KEY *tkey;
+ int ecdh_clnt_cert = 0;
+ int field_size = 0;
+
+ if (s->session->sess_cert == NULL) {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
+ /*
+ * Did we send out the client's ECDH share for use in premaster
+ * computation as part of client certificate? If so, set
+ * ecdh_clnt_cert to 1.
+ */
+ if ((l & SSL_kECDH) && (s->cert != NULL)) {
+ /*-
+ * XXX: For now, we do not support client
+ * authentication using ECDH certificates.
+ * To add such support, one needs to add
+ * code that checks for appropriate
+ * conditions and sets ecdh_clnt_cert to 1.
+ * For example, the cert have an ECC
+ * key on the same curve as the server's
+ * and the key should be authorized for
+ * key agreement.
+ *
+ * One also needs to add code in ssl3_connect
+ * to skip sending the certificate verify
+ * message.
+ *
+ * if ((s->cert->key->privatekey != NULL) &&
+ * (s->cert->key->privatekey->type ==
+ * EVP_PKEY_EC) && ...)
+ * ecdh_clnt_cert = 1;
+ */
+ }
+
+ if (s->session->sess_cert->peer_ecdh_tmp != NULL) {
+ tkey = s->session->sess_cert->peer_ecdh_tmp;
+ } else {
+ /* Get the Server Public Key from Cert */
+ srvr_pub_pkey =
+ X509_get_pubkey(s->session->
+ sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+ if ((srvr_pub_pkey == NULL)
+ || (srvr_pub_pkey->type != EVP_PKEY_EC)
+ || (srvr_pub_pkey->pkey.ec == NULL)) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ tkey = srvr_pub_pkey->pkey.ec;
+ }
+
+ srvr_group = EC_KEY_get0_group(tkey);
+ srvr_ecpoint = EC_KEY_get0_public_key(tkey);
+
+ if ((srvr_group == NULL) || (srvr_ecpoint == NULL)) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if ((clnt_ecdh = EC_KEY_new()) == NULL) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!EC_KEY_set_group(clnt_ecdh, srvr_group)) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (ecdh_clnt_cert) {
+ /*
+ * Reuse key info from our certificate We only need our
+ * private key to perform the ECDH computation.
+ */
+ const BIGNUM *priv_key;
+ tkey = s->cert->key->privatekey->pkey.ec;
+ priv_key = EC_KEY_get0_private_key(tkey);
+ if (priv_key == NULL) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ if (!EC_KEY_set_private_key(clnt_ecdh, priv_key)) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+ goto err;
+ }
+ } else {
+ /* Generate a new ECDH key pair */
+ if (!(EC_KEY_generate_key(clnt_ecdh))) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_ECDH_LIB);
+ goto err;
+ }
+ }
+
+ /*
+ * use the 'p' output buffer for the ECDH key, but make sure to
+ * clear it out afterwards
+ */
+
+ field_size = EC_GROUP_get_degree(srvr_group);
+ if (field_size <= 0) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+ goto err;
+ }
+ n = ECDH_compute_key(p, (field_size + 7) / 8, srvr_ecpoint,
+ clnt_ecdh, NULL);
+ if (n <= 0) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+ goto err;
+ }
+
+ /* generate master key from the result */
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ p, n);
+
+ memset(p, 0, n); /* clean up */
+
+ if (ecdh_clnt_cert) {
+ /* Send empty client key exch message */
+ n = 0;
+ } else {
+ /*
+ * First check the size of encoding and allocate memory
+ * accordingly.
+ */
+ encoded_pt_len =
+ EC_POINT_point2oct(srvr_group,
+ EC_KEY_get0_public_key(clnt_ecdh),
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL, 0, NULL);
+
+ encodedPoint = (unsigned char *)
+ OPENSSL_malloc(encoded_pt_len * sizeof(unsigned char));
+ bn_ctx = BN_CTX_new();
+ if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Encode the public key */
+ n = EC_POINT_point2oct(srvr_group,
+ EC_KEY_get0_public_key(clnt_ecdh),
+ POINT_CONVERSION_UNCOMPRESSED,
+ encodedPoint, encoded_pt_len, bn_ctx);
+
+ *p = n; /* length of encoded point */
+ /* Encoded point will be copied here */
+ p += 1;
+ /* copy the point */
+ memcpy((unsigned char *)p, encodedPoint, n);
+ /* increment n to account for length field */
+ n += 1;
+ }
+
+ /* Free allocated memory */
+ BN_CTX_free(bn_ctx);
+ if (encodedPoint != NULL)
+ OPENSSL_free(encodedPoint);
+ if (clnt_ecdh != NULL)
+ EC_KEY_free(clnt_ecdh);
+ EVP_PKEY_free(srvr_pub_pkey);
+ }
+#endif /* !OPENSSL_NO_ECDH */
+ else {
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ *(d++) = SSL3_MT_CLIENT_KEY_EXCHANGE;
+ l2n3(n, d);
+
+ s->state = SSL3_ST_CW_KEY_EXCH_B;
+ /* number of bytes to write */
+ s->init_num = n + 4;
+ s->init_off = 0;
+ }
+
+ /* SSL3_ST_CW_KEY_EXCH_B */
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+#ifndef OPENSSL_NO_ECDH
+ BN_CTX_free(bn_ctx);
+ if (encodedPoint != NULL)
+ OPENSSL_free(encodedPoint);
+ if (clnt_ecdh != NULL)
+ EC_KEY_free(clnt_ecdh);
+ EVP_PKEY_free(srvr_pub_pkey);
+#endif
+ return (-1);
+}
+
+int ssl3_send_client_verify(SSL *s)
+{
+ unsigned char *p, *d;
+ unsigned char data[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
+ EVP_PKEY *pkey;
+#ifndef OPENSSL_NO_RSA
+ unsigned u = 0;
+#endif
+ unsigned long n;
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+ int j;
+#endif
+
+ if (s->state == SSL3_ST_CW_CERT_VRFY_A) {
+ d = (unsigned char *)s->init_buf->data;
+ p = &(d[4]);
+ pkey = s->cert->key->privatekey;
+
+ s->method->ssl3_enc->cert_verify_mac(s, &(s->s3->finish_dgst2),
+ &(data[MD5_DIGEST_LENGTH]));
+
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA) {
+ s->method->ssl3_enc->cert_verify_mac(s,
+ &(s->s3->finish_dgst1),
+ &(data[0]));
+ if (RSA_sign
+ (NID_md5_sha1, data, MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+ &(p[2]), &u, pkey->pkey.rsa) <= 0) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_RSA_LIB);
+ goto err;
+ }
+ s2n(u, p);
+ n = u + 2;
+ } else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA) {
+ if (!DSA_sign(pkey->save_type,
+ &(data[MD5_DIGEST_LENGTH]),
+ SHA_DIGEST_LENGTH, &(p[2]),
+ (unsigned int *)&j, pkey->pkey.dsa)) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_DSA_LIB);
+ goto err;
+ }
+ s2n(j, p);
+ n = j + 2;
+ } else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC) {
+ if (!ECDSA_sign(pkey->save_type,
+ &(data[MD5_DIGEST_LENGTH]),
+ SHA_DIGEST_LENGTH, &(p[2]),
+ (unsigned int *)&j, pkey->pkey.ec)) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_ECDSA_LIB);
+ goto err;
+ }
+ s2n(j, p);
+ n = j + 2;
+ } else
+#endif
+ {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ *(d++) = SSL3_MT_CERTIFICATE_VERIFY;
+ l2n3(n, d);
+
+ s->state = SSL3_ST_CW_CERT_VRFY_B;
+ s->init_num = (int)n + 4;
+ s->init_off = 0;
+ }
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+ return (-1);
+}
+
+int ssl3_send_client_certificate(SSL *s)
+{
+ X509 *x509 = NULL;
+ EVP_PKEY *pkey = NULL;
+ int i;
+ unsigned long l;
+
+ if (s->state == SSL3_ST_CW_CERT_A) {
+ if ((s->cert == NULL) ||
+ (s->cert->key->x509 == NULL) ||
+ (s->cert->key->privatekey == NULL))
+ s->state = SSL3_ST_CW_CERT_B;
+ else
+ s->state = SSL3_ST_CW_CERT_C;
+ }
+
+ /* We need to get a client cert */
+ if (s->state == SSL3_ST_CW_CERT_B) {
+ /*
+ * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
+ * return(-1); We then get retied later
+ */
+ i = 0;
+ i = ssl_do_client_cert_cb(s, &x509, &pkey);
+ if (i < 0) {
+ s->rwstate = SSL_X509_LOOKUP;
+ return (-1);
+ }
+ s->rwstate = SSL_NOTHING;
+ if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
+ s->state = SSL3_ST_CW_CERT_B;
+ if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))
+ i = 0;
+ } else if (i == 1) {
+ i = 0;
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,
+ SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+ }
+
+ if (x509 != NULL)
+ X509_free(x509);
+ if (pkey != NULL)
+ EVP_PKEY_free(pkey);
+ if (i == 0) {
+ if (s->version == SSL3_VERSION) {
+ s->s3->tmp.cert_req = 0;
+ ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
+ return (1);
+ } else {
+ s->s3->tmp.cert_req = 2;
+ }
+ }
+
+ /* Ok, we have a cert */
+ s->state = SSL3_ST_CW_CERT_C;
+ }
+
+ if (s->state == SSL3_ST_CW_CERT_C) {
+ s->state = SSL3_ST_CW_CERT_D;
+ l = ssl3_output_cert_chain(s,
+ (s->s3->tmp.cert_req ==
+ 2) ? NULL : s->cert->key->x509);
+ s->init_num = (int)l;
+ s->init_off = 0;
+ }
+ /* SSL3_ST_CW_CERT_D */
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+#define has_bits(i,m) (((i)&(m)) == (m))
+
+int ssl3_check_cert_and_algorithm(SSL *s)
+{
+ int i, idx;
+ long algs;
+ EVP_PKEY *pkey = NULL;
+ SESS_CERT *sc;
+#ifndef OPENSSL_NO_RSA
+ RSA *rsa;
+#endif
+#ifndef OPENSSL_NO_DH
+ DH *dh;
+#endif
+
+ sc = s->session->sess_cert;
+
+ algs = s->s3->tmp.new_cipher->algorithms;
+
+ /* we don't have a certificate */
+ if (algs & (SSL_aDH | SSL_aNULL | SSL_aKRB5))
+ return (1);
+
+ if (sc == NULL) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+#ifndef OPENSSL_NO_RSA
+ rsa = s->session->sess_cert->peer_rsa_tmp;
+#endif
+#ifndef OPENSSL_NO_DH
+ dh = s->session->sess_cert->peer_dh_tmp;
+#endif
+
+ /* This is the passed certificate */
+
+ idx = sc->peer_cert_type;
+#ifndef OPENSSL_NO_ECDH
+ if (idx == SSL_PKEY_ECC) {
+ if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
+ s->s3->tmp.new_cipher) == 0) {
+ /* check failed */
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
+ goto f_err;
+ } else {
+ return 1;
+ }
+ }
+#endif
+ pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509);
+ i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey);
+ EVP_PKEY_free(pkey);
+
+ /* Check that we have a certificate if we require one */
+ if ((algs & SSL_aRSA) && !has_bits(i, EVP_PK_RSA | EVP_PKT_SIGN)) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_RSA_SIGNING_CERT);
+ goto f_err;
+ }
+#ifndef OPENSSL_NO_DSA
+ else if ((algs & SSL_aDSS) && !has_bits(i, EVP_PK_DSA | EVP_PKT_SIGN)) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_DSA_SIGNING_CERT);
+ goto f_err;
+ }
+#endif
+#ifndef OPENSSL_NO_RSA
+ if ((algs & SSL_kRSA) &&
+ !(has_bits(i, EVP_PK_RSA | EVP_PKT_ENC) || (rsa != NULL))) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+ goto f_err;
+ }
+#endif
+#ifndef OPENSSL_NO_DH
+ if ((algs & SSL_kEDH) &&
+ !(has_bits(i, EVP_PK_DH | EVP_PKT_EXCH) || (dh != NULL))) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY);
+ goto f_err;
+ } else if ((algs & SSL_kDHr) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_DH_RSA_CERT);
+ goto f_err;
+ }
+# ifndef OPENSSL_NO_DSA
+ else if ((algs & SSL_kDHd) && !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_DH_DSA_CERT);
+ goto f_err;
+ }
+# endif
+#endif
+
+ if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) {
+#ifndef OPENSSL_NO_RSA
+ if (algs & SSL_kRSA) {
+ if (rsa == NULL
+ || RSA_size(rsa) * 8 >
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
+ goto f_err;
+ }
+ } else
+#endif
+#ifndef OPENSSL_NO_DH
+ if (algs & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
+ if (dh == NULL
+ || DH_size(dh) * 8 >
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_MISSING_EXPORT_TMP_DH_KEY);
+ goto f_err;
+ }
+ } else
+#endif
+ {
+ SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+ SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+ goto f_err;
+ }
+ }
+ return (1);
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ err:
+ return (0);
+}
+
+#ifndef OPENSSL_NO_ECDH
+/* This is the complement of nid2curve_id in s3_srvr.c. */
+static int curve_id2nid(int curve_id)
+{
+ /*
+ * ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) (no changes
+ * in draft-ietf-tls-ecc-03.txt [June 2003])
+ */
+ static int nid_list[26] = {
+ 0,
+ NID_sect163k1, /* sect163k1 (1) */
+ NID_sect163r1, /* sect163r1 (2) */
+ NID_sect163r2, /* sect163r2 (3) */
+ NID_sect193r1, /* sect193r1 (4) */
+ NID_sect193r2, /* sect193r2 (5) */
+ NID_sect233k1, /* sect233k1 (6) */
+ NID_sect233r1, /* sect233r1 (7) */
+ NID_sect239k1, /* sect239k1 (8) */
+ NID_sect283k1, /* sect283k1 (9) */
+ NID_sect283r1, /* sect283r1 (10) */
+ NID_sect409k1, /* sect409k1 (11) */
+ NID_sect409r1, /* sect409r1 (12) */
+ NID_sect571k1, /* sect571k1 (13) */
+ NID_sect571r1, /* sect571r1 (14) */
+ NID_secp160k1, /* secp160k1 (15) */
+ NID_secp160r1, /* secp160r1 (16) */
+ NID_secp160r2, /* secp160r2 (17) */
+ NID_secp192k1, /* secp192k1 (18) */
+ NID_X9_62_prime192v1, /* secp192r1 (19) */
+ NID_secp224k1, /* secp224k1 (20) */
+ NID_secp224r1, /* secp224r1 (21) */
+ NID_secp256k1, /* secp256k1 (22) */
+ NID_X9_62_prime256v1, /* secp256r1 (23) */
+ NID_secp384r1, /* secp384r1 (24) */
+ NID_secp521r1 /* secp521r1 (25) */
+ };
+
+ if ((curve_id < 1) || (curve_id > 25))
+ return 0;
+
+ return nid_list[curve_id];
+}
+#endif
+
+/*
+ * Check to see if handshake is full or resumed. Usually this is just a case
+ * of checking to see if a cache hit has occurred. In the case of session
+ * tickets we have to check the next message to be sure.
+ */
+
+#ifndef OPENSSL_NO_TLSEXT
+int ssl3_check_finished(SSL *s)
+{
+ int ok;
+ long n;
+ /*
+ * If we have no ticket or session ID is non-zero length (a match of a
+ * non-zero session length would never reach here) it cannot be a resumed
+ * session.
+ */
+ if (!s->session->tlsext_tick || s->session->session_id_length)
+ return 1;
+ /*
+ * this function is called when we really expect a Certificate message,
+ * so permit appropriate message length
+ */
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_CR_CERT_A,
+ SSL3_ST_CR_CERT_B,
+ -1, s->max_cert_list, &ok);
+ if (!ok)
+ return ((int)n);
+ s->s3->tmp.reuse_message = 1;
+ if ((s->s3->tmp.message_type == SSL3_MT_FINISHED)
+ || (s->s3->tmp.message_type == SSL3_MT_NEWSESSION_TICKET))
+ return 2;
+
+ return 1;
+}
+#endif
+
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
+{
+ int i = 0;
+#ifndef OPENSSL_NO_ENGINE
+ if (s->ctx->client_cert_engine) {
+ i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
+ SSL_get_client_CA_list(s),
+ px509, ppkey, NULL, NULL, NULL);
+ if (i != 0)
+ return i;
+ }
+#endif
+ if (s->ctx->client_cert_cb)
+ i = s->ctx->client_cert_cb(s, px509, ppkey);
+ return i;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s3_enc.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s3_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,770 +0,0 @@
-/* ssl/s3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-
-static unsigned char ssl3_pad_1[48]={
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 };
-
-static unsigned char ssl3_pad_2[48]={
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
-
-static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
- const char *sender, int len, unsigned char *p);
-
-static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
- {
- EVP_MD_CTX m5;
- EVP_MD_CTX s1;
- unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
- unsigned char c='A';
- unsigned int i,j,k;
-
-#ifdef CHARSET_EBCDIC
- c = os_toascii[c]; /*'A' in ASCII */
-#endif
- k=0;
- EVP_MD_CTX_init(&m5);
- EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_MD_CTX_init(&s1);
- for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
- {
- k++;
- if (k > sizeof buf)
- {
- /* bug: 'buf' is too small for this ciphersuite */
- SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- for (j=0; j<k; j++)
- buf[j]=c;
- c++;
- EVP_DigestInit_ex(&s1,EVP_sha1(), NULL);
- EVP_DigestUpdate(&s1,buf,k);
- EVP_DigestUpdate(&s1,s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&s1,smd,NULL);
-
- EVP_DigestInit_ex(&m5,EVP_md5(), NULL);
- EVP_DigestUpdate(&m5,s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);
- if ((int)(i+MD5_DIGEST_LENGTH) > num)
- {
- EVP_DigestFinal_ex(&m5,smd,NULL);
- memcpy(km,smd,(num-i));
- }
- else
- EVP_DigestFinal_ex(&m5,km,NULL);
-
- km+=MD5_DIGEST_LENGTH;
- }
- OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
- EVP_MD_CTX_cleanup(&m5);
- EVP_MD_CTX_cleanup(&s1);
- return 1;
- }
-
-int ssl3_change_cipher_state(SSL *s, int which)
- {
- unsigned char *p,*mac_secret;
- unsigned char exp_key[EVP_MAX_KEY_LENGTH];
- unsigned char exp_iv[EVP_MAX_IV_LENGTH];
- unsigned char *ms,*key,*iv,*er1,*er2;
- EVP_CIPHER_CTX *dd;
- const EVP_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
- COMP_METHOD *comp;
-#endif
- const EVP_MD *m;
- EVP_MD_CTX md;
- int is_exp,n,i,j,k,cl;
- int reuse_dd = 0;
-
- is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
- c=s->s3->tmp.new_sym_enc;
- m=s->s3->tmp.new_hash;
-#ifndef OPENSSL_NO_COMP
- if (s->s3->tmp.new_compression == NULL)
- comp=NULL;
- else
- comp=s->s3->tmp.new_compression->method;
-#endif
-
- if (which & SSL3_CC_READ)
- {
- if (s->enc_read_ctx != NULL)
- reuse_dd = 1;
- else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
- goto err;
- else
- /* make sure it's intialized in case we exit later with an error */
- EVP_CIPHER_CTX_init(s->enc_read_ctx);
- dd= s->enc_read_ctx;
- s->read_hash=m;
-#ifndef OPENSSL_NO_COMP
- /* COMPRESS */
- if (s->expand != NULL)
- {
- COMP_CTX_free(s->expand);
- s->expand=NULL;
- }
- if (comp != NULL)
- {
- s->expand=COMP_CTX_new(comp);
- if (s->expand == NULL)
- {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- if (s->s3->rrec.comp == NULL)
- s->s3->rrec.comp=(unsigned char *)
- OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH);
- if (s->s3->rrec.comp == NULL)
- goto err;
- }
-#endif
- memset(&(s->s3->read_sequence[0]),0,8);
- mac_secret= &(s->s3->read_mac_secret[0]);
- }
- else
- {
- if (s->enc_write_ctx != NULL)
- reuse_dd = 1;
- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
- goto err;
- else
- /* make sure it's intialized in case we exit later with an error */
- EVP_CIPHER_CTX_init(s->enc_write_ctx);
- dd= s->enc_write_ctx;
- s->write_hash=m;
-#ifndef OPENSSL_NO_COMP
- /* COMPRESS */
- if (s->compress != NULL)
- {
- COMP_CTX_free(s->compress);
- s->compress=NULL;
- }
- if (comp != NULL)
- {
- s->compress=COMP_CTX_new(comp);
- if (s->compress == NULL)
- {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- }
-#endif
- memset(&(s->s3->write_sequence[0]),0,8);
- mac_secret= &(s->s3->write_mac_secret[0]);
- }
-
- if (reuse_dd)
- EVP_CIPHER_CTX_cleanup(dd);
-
- p=s->s3->tmp.key_block;
- i=EVP_MD_size(m);
- cl=EVP_CIPHER_key_length(c);
- j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
- /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
- k=EVP_CIPHER_iv_length(c);
- if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
- (which == SSL3_CHANGE_CIPHER_SERVER_READ))
- {
- ms= &(p[ 0]); n=i+i;
- key= &(p[ n]); n+=j+j;
- iv= &(p[ n]); n+=k+k;
- er1= &(s->s3->client_random[0]);
- er2= &(s->s3->server_random[0]);
- }
- else
- {
- n=i;
- ms= &(p[ n]); n+=i+j;
- key= &(p[ n]); n+=j+k;
- iv= &(p[ n]); n+=k;
- er1= &(s->s3->server_random[0]);
- er2= &(s->s3->client_random[0]);
- }
-
- if (n > s->s3->tmp.key_block_length)
- {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
- goto err2;
- }
-
- EVP_MD_CTX_init(&md);
- memcpy(mac_secret,ms,i);
- if (is_exp)
- {
- /* In here I set both the read and write key/iv to the
- * same value since only the correct one will be used :-).
- */
- EVP_DigestInit_ex(&md,EVP_md5(), NULL);
- EVP_DigestUpdate(&md,key,j);
- EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL);
- key= &(exp_key[0]);
-
- if (k > 0)
- {
- EVP_DigestInit_ex(&md,EVP_md5(), NULL);
- EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL);
- iv= &(exp_iv[0]);
- }
- }
-
- s->session->key_arg_length=0;
-
- EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
-
- OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
- OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
- EVP_MD_CTX_cleanup(&md);
- return(1);
-err:
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
-err2:
- return(0);
- }
-
-int ssl3_setup_key_block(SSL *s)
- {
- unsigned char *p;
- const EVP_CIPHER *c;
- const EVP_MD *hash;
- int num;
- int ret = 0;
- SSL_COMP *comp;
-
- if (s->s3->tmp.key_block_length != 0)
- return(1);
-
- if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
- {
- SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
- return(0);
- }
-
- s->s3->tmp.new_sym_enc=c;
- s->s3->tmp.new_hash=hash;
-#ifdef OPENSSL_NO_COMP
- s->s3->tmp.new_compression=NULL;
-#else
- s->s3->tmp.new_compression=comp;
-#endif
-
- num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
- num*=2;
-
- ssl3_cleanup_key_block(s);
-
- if ((p=OPENSSL_malloc(num)) == NULL)
- goto err;
-
- s->s3->tmp.key_block_length=num;
- s->s3->tmp.key_block=p;
-
- ret = ssl3_generate_key_block(s,p,num);
-
- if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
- {
- /* enable vulnerability countermeasure for CBC ciphers with
- * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
- */
- s->s3->need_empty_fragments = 1;
-
- if (s->session->cipher != NULL)
- {
- if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
- s->s3->need_empty_fragments = 0;
-
-#ifndef OPENSSL_NO_RC4
- if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
- s->s3->need_empty_fragments = 0;
-#endif
- }
- }
-
- return ret;
-
-err:
- SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-void ssl3_cleanup_key_block(SSL *s)
- {
- if (s->s3->tmp.key_block != NULL)
- {
- OPENSSL_cleanse(s->s3->tmp.key_block,
- s->s3->tmp.key_block_length);
- OPENSSL_free(s->s3->tmp.key_block);
- s->s3->tmp.key_block=NULL;
- }
- s->s3->tmp.key_block_length=0;
- }
-
-/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
- *
- * Returns:
- * 0: (in non-constant time) if the record is publically invalid (i.e. too
- * short etc).
- * 1: if the record's padding is valid / the encryption was successful.
- * -1: if the record's padding is invalid or, if sending, an internal error
- * occured.
- */
-int ssl3_enc(SSL *s, int send)
- {
- SSL3_RECORD *rec;
- EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs,i,mac_size=0;
- const EVP_CIPHER *enc;
-
- if (send)
- {
- ds=s->enc_write_ctx;
- rec= &(s->s3->wrec);
- if (s->enc_write_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
- }
- else
- {
- ds=s->enc_read_ctx;
- rec= &(s->s3->rrec);
- if (s->enc_read_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
- }
-
- if ((s->session == NULL) || (ds == NULL) ||
- (enc == NULL))
- {
- memmove(rec->data,rec->input,rec->length);
- rec->input=rec->data;
- }
- else
- {
- l=rec->length;
- bs=EVP_CIPHER_block_size(ds->cipher);
-
- /* COMPRESS */
-
- if ((bs != 1) && send)
- {
- i=bs-((int)l%bs);
-
- /* we need to add 'i-1' padding bytes */
- l+=i;
- /* the last of these zero bytes will be overwritten
- * with the padding length. */
- memset(&rec->input[rec->length], 0, i);
- rec->length+=i;
- rec->input[l-1]=(i-1);
- }
-
- if (!send)
- {
- if (l == 0 || l%bs != 0)
- return 0;
- /* otherwise, rec->length >= bs */
- }
-
- EVP_Cipher(ds,rec->data,rec->input,l);
-
- if (s->read_hash != NULL)
- mac_size = EVP_MD_size(s->read_hash);
-
- if ((bs != 1) && !send)
- return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
- }
- return(1);
- }
-
-void ssl3_init_finished_mac(SSL *s)
- {
- EVP_MD_CTX_set_flags(&(s->s3->finish_dgst1),
- EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL);
- EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL);
- }
-
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
- {
- EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len);
- EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len);
- }
-
-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p)
- {
- return(ssl3_handshake_mac(s,ctx,NULL,0,p));
- }
-
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
- const char *sender, int len, unsigned char *p)
- {
- int ret;
-
- ret=ssl3_handshake_mac(s,ctx1,sender,len,p);
- p+=ret;
- ret+=ssl3_handshake_mac(s,ctx2,sender,len,p);
- return(ret);
- }
-
-static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
- const char *sender, int len, unsigned char *p)
- {
- unsigned int ret;
- int npad,n;
- unsigned int i;
- unsigned char md_buf[EVP_MAX_MD_SIZE];
- EVP_MD_CTX ctx;
-
- EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_MD_CTX_copy_ex(&ctx,in_ctx);
-
- n=EVP_MD_CTX_size(&ctx);
- npad=(48/n)*n;
-
- if (sender != NULL)
- EVP_DigestUpdate(&ctx,sender,len);
- EVP_DigestUpdate(&ctx,s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
- EVP_DigestFinal_ex(&ctx,md_buf,&i);
-
- EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL);
- EVP_DigestUpdate(&ctx,s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
- EVP_DigestUpdate(&ctx,md_buf,i);
- EVP_DigestFinal_ex(&ctx,p,&ret);
-
- EVP_MD_CTX_cleanup(&ctx);
-
- return((int)ret);
- }
-
-int ssl3_mac(SSL *ssl, unsigned char *md, int send)
- {
- SSL3_RECORD *rec;
- unsigned char *mac_sec,*seq;
- EVP_MD_CTX md_ctx;
- const EVP_MD *hash;
- unsigned char *p,rec_char;
- size_t md_size, orig_len;
- int npad;
-
- if (send)
- {
- rec= &(ssl->s3->wrec);
- mac_sec= &(ssl->s3->write_mac_secret[0]);
- seq= &(ssl->s3->write_sequence[0]);
- hash=ssl->write_hash;
- }
- else
- {
- rec= &(ssl->s3->rrec);
- mac_sec= &(ssl->s3->read_mac_secret[0]);
- seq= &(ssl->s3->read_sequence[0]);
- hash=ssl->read_hash;
- }
-
- md_size=EVP_MD_size(hash);
- npad=(48/md_size)*md_size;
-
- /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
- orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
- rec->type &= 0xff;
-
- if (!send &&
- EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
- ssl3_cbc_record_digest_supported(hash))
- {
- /* This is a CBC-encrypted record. We must avoid leaking any
- * timing-side channel information about how many blocks of
- * data we are hashing because that gives an attacker a
- * timing-oracle. */
-
- /* npad is, at most, 48 bytes and that's with MD5:
- * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
- *
- * With SHA-1 (the largest hash speced for SSLv3) the hash size
- * goes up 4, but npad goes down by 8, resulting in a smaller
- * total size. */
- unsigned char header[75];
- unsigned j = 0;
- memcpy(header+j, mac_sec, md_size);
- j += md_size;
- memcpy(header+j, ssl3_pad_1, npad);
- j += npad;
- memcpy(header+j, seq, 8);
- j += 8;
- header[j++] = rec->type;
- header[j++] = rec->length >> 8;
- header[j++] = rec->length & 0xff;
-
- ssl3_cbc_digest_record(
- hash,
- md, &md_size,
- header, rec->input,
- rec->length + md_size, orig_len,
- mac_sec, md_size,
- 1 /* is SSLv3 */);
- }
- else
- {
- unsigned int md_size_u;
- /* Chop the digest off the end :-) */
- EVP_MD_CTX_init(&md_ctx);
-
- EVP_DigestInit_ex( &md_ctx,hash, NULL);
- EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
- EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
- EVP_DigestUpdate(&md_ctx,seq,8);
- rec_char=rec->type;
- EVP_DigestUpdate(&md_ctx,&rec_char,1);
- p=md;
- s2n(rec->length,p);
- EVP_DigestUpdate(&md_ctx,md,2);
- EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
- EVP_DigestFinal_ex( &md_ctx,md,NULL);
-
- EVP_DigestInit_ex( &md_ctx,hash, NULL);
- EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
- EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
- EVP_DigestUpdate(&md_ctx,md,md_size);
- EVP_DigestFinal_ex( &md_ctx,md,&md_size_u);
- md_size = md_size_u;
-
- EVP_MD_CTX_cleanup(&md_ctx);
- }
-
- ssl3_record_sequence_update(seq);
- return(md_size);
- }
-
-void ssl3_record_sequence_update(unsigned char *seq)
- {
- int i;
-
- for (i=7; i>=0; i--)
- {
- ++seq[i];
- if (seq[i] != 0) break;
- }
- }
-
-int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
- int len)
- {
- static const unsigned char *salt[3]={
-#ifndef CHARSET_EBCDIC
- (const unsigned char *)"A",
- (const unsigned char *)"BB",
- (const unsigned char *)"CCC",
-#else
- (const unsigned char *)"\x41",
- (const unsigned char *)"\x42\x42",
- (const unsigned char *)"\x43\x43\x43",
-#endif
- };
- unsigned char buf[EVP_MAX_MD_SIZE];
- EVP_MD_CTX ctx;
- int i,ret=0;
- unsigned int n;
-
- EVP_MD_CTX_init(&ctx);
- for (i=0; i<3; i++)
- {
- EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL);
- EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i]));
- EVP_DigestUpdate(&ctx,p,len);
- EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&ctx,buf,&n);
-
- EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL);
- EVP_DigestUpdate(&ctx,p,len);
- EVP_DigestUpdate(&ctx,buf,n);
- EVP_DigestFinal_ex(&ctx,out,&n);
- out+=n;
- ret+=n;
- }
- EVP_MD_CTX_cleanup(&ctx);
- return(ret);
- }
-
-int ssl3_alert_code(int code)
- {
- switch (code)
- {
- case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
- case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
- case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
- case SSL_AD_DECRYPTION_FAILED: return(SSL3_AD_BAD_RECORD_MAC);
- case SSL_AD_RECORD_OVERFLOW: return(SSL3_AD_BAD_RECORD_MAC);
- case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
- case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_NO_CERTIFICATE: return(SSL3_AD_NO_CERTIFICATE);
- case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
- case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
- case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
- case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
- case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
- case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
- case SSL_AD_UNKNOWN_CA: return(SSL3_AD_BAD_CERTIFICATE);
- case SSL_AD_ACCESS_DENIED: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_DECODE_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_DECRYPT_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_EXPORT_RESTRICTION: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_PROTOCOL_VERSION: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */
- case SSL_AD_UNSUPPORTED_EXTENSION: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_UNRECOGNIZED_NAME: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
- case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
- default: return(-1);
- }
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s3_enc.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s3_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s3_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,787 @@
+/* ssl/s3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+
+static unsigned char ssl3_pad_1[48] = {
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
+};
+
+static unsigned char ssl3_pad_2[48] = {
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
+};
+
+static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
+ const char *sender, int len, unsigned char *p);
+
+static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
+{
+ EVP_MD_CTX m5;
+ EVP_MD_CTX s1;
+ unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
+ unsigned char c = 'A';
+ unsigned int i, j, k;
+
+#ifdef CHARSET_EBCDIC
+ c = os_toascii[c]; /* 'A' in ASCII */
+#endif
+ k = 0;
+ EVP_MD_CTX_init(&m5);
+ EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_MD_CTX_init(&s1);
+ for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
+ k++;
+ if (k > sizeof buf) {
+ /* bug: 'buf' is too small for this ciphersuite */
+ SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+
+ for (j = 0; j < k; j++)
+ buf[j] = c;
+ c++;
+ EVP_DigestInit_ex(&s1, EVP_sha1(), NULL);
+ EVP_DigestUpdate(&s1, buf, k);
+ EVP_DigestUpdate(&s1, s->session->master_key,
+ s->session->master_key_length);
+ EVP_DigestUpdate(&s1, s->s3->server_random, SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&s1, s->s3->client_random, SSL3_RANDOM_SIZE);
+ EVP_DigestFinal_ex(&s1, smd, NULL);
+
+ EVP_DigestInit_ex(&m5, EVP_md5(), NULL);
+ EVP_DigestUpdate(&m5, s->session->master_key,
+ s->session->master_key_length);
+ EVP_DigestUpdate(&m5, smd, SHA_DIGEST_LENGTH);
+ if ((int)(i + MD5_DIGEST_LENGTH) > num) {
+ EVP_DigestFinal_ex(&m5, smd, NULL);
+ memcpy(km, smd, (num - i));
+ } else
+ EVP_DigestFinal_ex(&m5, km, NULL);
+
+ km += MD5_DIGEST_LENGTH;
+ }
+ OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH);
+ EVP_MD_CTX_cleanup(&m5);
+ EVP_MD_CTX_cleanup(&s1);
+ return 1;
+}
+
+int ssl3_change_cipher_state(SSL *s, int which)
+{
+ unsigned char *p, *mac_secret;
+ unsigned char exp_key[EVP_MAX_KEY_LENGTH];
+ unsigned char exp_iv[EVP_MAX_IV_LENGTH];
+ unsigned char *ms, *key, *iv, *er1, *er2;
+ EVP_CIPHER_CTX *dd;
+ const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
+ COMP_METHOD *comp;
+#endif
+ const EVP_MD *m;
+ EVP_MD_CTX md;
+ int is_exp, n, i, j, k, cl;
+ int reuse_dd = 0;
+
+ is_exp = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+ c = s->s3->tmp.new_sym_enc;
+ m = s->s3->tmp.new_hash;
+#ifndef OPENSSL_NO_COMP
+ if (s->s3->tmp.new_compression == NULL)
+ comp = NULL;
+ else
+ comp = s->s3->tmp.new_compression->method;
+#endif
+
+ if (which & SSL3_CC_READ) {
+ if (s->enc_read_ctx != NULL)
+ reuse_dd = 1;
+ else if ((s->enc_read_ctx =
+ OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+ goto err;
+ else
+ /*
+ * make sure it's intialized in case we exit later with an error
+ */
+ EVP_CIPHER_CTX_init(s->enc_read_ctx);
+ dd = s->enc_read_ctx;
+ s->read_hash = m;
+#ifndef OPENSSL_NO_COMP
+ /* COMPRESS */
+ if (s->expand != NULL) {
+ COMP_CTX_free(s->expand);
+ s->expand = NULL;
+ }
+ if (comp != NULL) {
+ s->expand = COMP_CTX_new(comp);
+ if (s->expand == NULL) {
+ SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
+ SSL_R_COMPRESSION_LIBRARY_ERROR);
+ goto err2;
+ }
+ if (s->s3->rrec.comp == NULL)
+ s->s3->rrec.comp = (unsigned char *)
+ OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH);
+ if (s->s3->rrec.comp == NULL)
+ goto err;
+ }
+#endif
+ memset(&(s->s3->read_sequence[0]), 0, 8);
+ mac_secret = &(s->s3->read_mac_secret[0]);
+ } else {
+ if (s->enc_write_ctx != NULL)
+ reuse_dd = 1;
+ else if ((s->enc_write_ctx =
+ OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+ goto err;
+ else
+ /*
+ * make sure it's intialized in case we exit later with an error
+ */
+ EVP_CIPHER_CTX_init(s->enc_write_ctx);
+ dd = s->enc_write_ctx;
+ s->write_hash = m;
+#ifndef OPENSSL_NO_COMP
+ /* COMPRESS */
+ if (s->compress != NULL) {
+ COMP_CTX_free(s->compress);
+ s->compress = NULL;
+ }
+ if (comp != NULL) {
+ s->compress = COMP_CTX_new(comp);
+ if (s->compress == NULL) {
+ SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,
+ SSL_R_COMPRESSION_LIBRARY_ERROR);
+ goto err2;
+ }
+ }
+#endif
+ memset(&(s->s3->write_sequence[0]), 0, 8);
+ mac_secret = &(s->s3->write_mac_secret[0]);
+ }
+
+ if (reuse_dd)
+ EVP_CIPHER_CTX_cleanup(dd);
+
+ p = s->s3->tmp.key_block;
+ i = EVP_MD_size(m);
+ cl = EVP_CIPHER_key_length(c);
+ j = is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+ cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+ /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
+ k = EVP_CIPHER_iv_length(c);
+ if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+ (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
+ ms = &(p[0]);
+ n = i + i;
+ key = &(p[n]);
+ n += j + j;
+ iv = &(p[n]);
+ n += k + k;
+ er1 = &(s->s3->client_random[0]);
+ er2 = &(s->s3->server_random[0]);
+ } else {
+ n = i;
+ ms = &(p[n]);
+ n += i + j;
+ key = &(p[n]);
+ n += j + k;
+ iv = &(p[n]);
+ n += k;
+ er1 = &(s->s3->server_random[0]);
+ er2 = &(s->s3->client_random[0]);
+ }
+
+ if (n > s->s3->tmp.key_block_length) {
+ SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+ goto err2;
+ }
+
+ EVP_MD_CTX_init(&md);
+ memcpy(mac_secret, ms, i);
+ if (is_exp) {
+ /*
+ * In here I set both the read and write key/iv to the same value
+ * since only the correct one will be used :-).
+ */
+ EVP_DigestInit_ex(&md, EVP_md5(), NULL);
+ EVP_DigestUpdate(&md, key, j);
+ EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE);
+ EVP_DigestFinal_ex(&md, &(exp_key[0]), NULL);
+ key = &(exp_key[0]);
+
+ if (k > 0) {
+ EVP_DigestInit_ex(&md, EVP_md5(), NULL);
+ EVP_DigestUpdate(&md, er1, SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&md, er2, SSL3_RANDOM_SIZE);
+ EVP_DigestFinal_ex(&md, &(exp_iv[0]), NULL);
+ iv = &(exp_iv[0]);
+ }
+ }
+
+ s->session->key_arg_length = 0;
+
+ EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));
+
+ OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key));
+ OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv));
+ EVP_MD_CTX_cleanup(&md);
+ return (1);
+ err:
+ SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+ err2:
+ return (0);
+}
+
+int ssl3_setup_key_block(SSL *s)
+{
+ unsigned char *p;
+ const EVP_CIPHER *c;
+ const EVP_MD *hash;
+ int num;
+ int ret = 0;
+ SSL_COMP *comp;
+
+ if (s->s3->tmp.key_block_length != 0)
+ return (1);
+
+ if (!ssl_cipher_get_evp(s->session, &c, &hash, &comp)) {
+ SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+ return (0);
+ }
+
+ s->s3->tmp.new_sym_enc = c;
+ s->s3->tmp.new_hash = hash;
+#ifdef OPENSSL_NO_COMP
+ s->s3->tmp.new_compression = NULL;
+#else
+ s->s3->tmp.new_compression = comp;
+#endif
+
+ num =
+ EVP_CIPHER_key_length(c) + EVP_MD_size(hash) +
+ EVP_CIPHER_iv_length(c);
+ num *= 2;
+
+ ssl3_cleanup_key_block(s);
+
+ if ((p = OPENSSL_malloc(num)) == NULL)
+ goto err;
+
+ s->s3->tmp.key_block_length = num;
+ s->s3->tmp.key_block = p;
+
+ ret = ssl3_generate_key_block(s, p, num);
+
+ if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) {
+ /*
+ * enable vulnerability countermeasure for CBC ciphers with known-IV
+ * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+ */
+ s->s3->need_empty_fragments = 1;
+
+ if (s->session->cipher != NULL) {
+ if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+ s->s3->need_empty_fragments = 0;
+
+#ifndef OPENSSL_NO_RC4
+ if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+ s->s3->need_empty_fragments = 0;
+#endif
+ }
+ }
+
+ return ret;
+
+ err:
+ SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
+ return (0);
+}
+
+void ssl3_cleanup_key_block(SSL *s)
+{
+ if (s->s3->tmp.key_block != NULL) {
+ OPENSSL_cleanse(s->s3->tmp.key_block, s->s3->tmp.key_block_length);
+ OPENSSL_free(s->s3->tmp.key_block);
+ s->s3->tmp.key_block = NULL;
+ }
+ s->s3->tmp.key_block_length = 0;
+}
+
+/*-
+ * ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ * 0: (in non-constant time) if the record is publically invalid (i.e. too
+ * short etc).
+ * 1: if the record's padding is valid / the encryption was successful.
+ * -1: if the record's padding is invalid or, if sending, an internal error
+ * occured.
+ */
+int ssl3_enc(SSL *s, int send)
+{
+ SSL3_RECORD *rec;
+ EVP_CIPHER_CTX *ds;
+ unsigned long l;
+ int bs, i, mac_size = 0;
+ const EVP_CIPHER *enc;
+
+ if (send) {
+ ds = s->enc_write_ctx;
+ rec = &(s->s3->wrec);
+ if (s->enc_write_ctx == NULL)
+ enc = NULL;
+ else
+ enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+ } else {
+ ds = s->enc_read_ctx;
+ rec = &(s->s3->rrec);
+ if (s->enc_read_ctx == NULL)
+ enc = NULL;
+ else
+ enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+ }
+
+ if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
+ memmove(rec->data, rec->input, rec->length);
+ rec->input = rec->data;
+ } else {
+ l = rec->length;
+ bs = EVP_CIPHER_block_size(ds->cipher);
+
+ /* COMPRESS */
+
+ if ((bs != 1) && send) {
+ i = bs - ((int)l % bs);
+
+ /* we need to add 'i-1' padding bytes */
+ l += i;
+ /*
+ * the last of these zero bytes will be overwritten with the
+ * padding length.
+ */
+ memset(&rec->input[rec->length], 0, i);
+ rec->length += i;
+ rec->input[l - 1] = (i - 1);
+ }
+
+ if (!send) {
+ if (l == 0 || l % bs != 0)
+ return 0;
+ /* otherwise, rec->length >= bs */
+ }
+
+ EVP_Cipher(ds, rec->data, rec->input, l);
+
+ if (s->read_hash != NULL)
+ mac_size = EVP_MD_size(s->read_hash);
+
+ if ((bs != 1) && !send)
+ return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
+ }
+ return (1);
+}
+
+void ssl3_init_finished_mac(SSL *s)
+{
+ EVP_MD_CTX_set_flags(&(s->s3->finish_dgst1),
+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(&(s->s3->finish_dgst1), s->ctx->md5, NULL);
+ EVP_DigestInit_ex(&(s->s3->finish_dgst2), s->ctx->sha1, NULL);
+}
+
+void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
+{
+ EVP_DigestUpdate(&(s->s3->finish_dgst1), buf, len);
+ EVP_DigestUpdate(&(s->s3->finish_dgst2), buf, len);
+}
+
+int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p)
+{
+ return (ssl3_handshake_mac(s, ctx, NULL, 0, p));
+}
+
+int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
+ const char *sender, int len, unsigned char *p)
+{
+ int ret;
+
+ ret = ssl3_handshake_mac(s, ctx1, sender, len, p);
+ p += ret;
+ ret += ssl3_handshake_mac(s, ctx2, sender, len, p);
+ return (ret);
+}
+
+static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
+ const char *sender, int len, unsigned char *p)
+{
+ unsigned int ret;
+ int npad, n;
+ unsigned int i;
+ unsigned char md_buf[EVP_MAX_MD_SIZE];
+ EVP_MD_CTX ctx;
+
+ EVP_MD_CTX_init(&ctx);
+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_MD_CTX_copy_ex(&ctx, in_ctx);
+
+ n = EVP_MD_CTX_size(&ctx);
+ npad = (48 / n) * n;
+
+ if (sender != NULL)
+ EVP_DigestUpdate(&ctx, sender, len);
+ EVP_DigestUpdate(&ctx, s->session->master_key,
+ s->session->master_key_length);
+ EVP_DigestUpdate(&ctx, ssl3_pad_1, npad);
+ EVP_DigestFinal_ex(&ctx, md_buf, &i);
+
+ EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL);
+ EVP_DigestUpdate(&ctx, s->session->master_key,
+ s->session->master_key_length);
+ EVP_DigestUpdate(&ctx, ssl3_pad_2, npad);
+ EVP_DigestUpdate(&ctx, md_buf, i);
+ EVP_DigestFinal_ex(&ctx, p, &ret);
+
+ EVP_MD_CTX_cleanup(&ctx);
+
+ return ((int)ret);
+}
+
+int ssl3_mac(SSL *ssl, unsigned char *md, int send)
+{
+ SSL3_RECORD *rec;
+ unsigned char *mac_sec, *seq;
+ EVP_MD_CTX md_ctx;
+ const EVP_MD *hash;
+ unsigned char *p, rec_char;
+ size_t md_size, orig_len;
+ int npad;
+
+ if (send) {
+ rec = &(ssl->s3->wrec);
+ mac_sec = &(ssl->s3->write_mac_secret[0]);
+ seq = &(ssl->s3->write_sequence[0]);
+ hash = ssl->write_hash;
+ } else {
+ rec = &(ssl->s3->rrec);
+ mac_sec = &(ssl->s3->read_mac_secret[0]);
+ seq = &(ssl->s3->read_sequence[0]);
+ hash = ssl->read_hash;
+ }
+
+ md_size = EVP_MD_size(hash);
+ npad = (48 / md_size) * md_size;
+
+ /*
+ * kludge: ssl3_cbc_remove_padding passes padding length in rec->type
+ */
+ orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
+ rec->type &= 0xff;
+
+ if (!send &&
+ EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+ ssl3_cbc_record_digest_supported(hash)) {
+ /*
+ * This is a CBC-encrypted record. We must avoid leaking any
+ * timing-side channel information about how many blocks of data we
+ * are hashing because that gives an attacker a timing-oracle.
+ */
+
+ /*-
+ * npad is, at most, 48 bytes and that's with MD5:
+ * 16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
+ *
+ * With SHA-1 (the largest hash speced for SSLv3) the hash size
+ * goes up 4, but npad goes down by 8, resulting in a smaller
+ * total size.
+ */
+ unsigned char header[75];
+ unsigned j = 0;
+ memcpy(header + j, mac_sec, md_size);
+ j += md_size;
+ memcpy(header + j, ssl3_pad_1, npad);
+ j += npad;
+ memcpy(header + j, seq, 8);
+ j += 8;
+ header[j++] = rec->type;
+ header[j++] = rec->length >> 8;
+ header[j++] = rec->length & 0xff;
+
+ /* Final param == is SSLv3 */
+ ssl3_cbc_digest_record(hash,
+ md, &md_size,
+ header, rec->input,
+ rec->length + md_size, orig_len,
+ mac_sec, md_size, 1);
+ } else {
+ unsigned int md_size_u;
+ /* Chop the digest off the end :-) */
+ EVP_MD_CTX_init(&md_ctx);
+
+ EVP_DigestInit_ex(&md_ctx, hash, NULL);
+ EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
+ EVP_DigestUpdate(&md_ctx, ssl3_pad_1, npad);
+ EVP_DigestUpdate(&md_ctx, seq, 8);
+ rec_char = rec->type;
+ EVP_DigestUpdate(&md_ctx, &rec_char, 1);
+ p = md;
+ s2n(rec->length, p);
+ EVP_DigestUpdate(&md_ctx, md, 2);
+ EVP_DigestUpdate(&md_ctx, rec->input, rec->length);
+ EVP_DigestFinal_ex(&md_ctx, md, NULL);
+
+ EVP_DigestInit_ex(&md_ctx, hash, NULL);
+ EVP_DigestUpdate(&md_ctx, mac_sec, md_size);
+ EVP_DigestUpdate(&md_ctx, ssl3_pad_2, npad);
+ EVP_DigestUpdate(&md_ctx, md, md_size);
+ EVP_DigestFinal_ex(&md_ctx, md, &md_size_u);
+ md_size = md_size_u;
+
+ EVP_MD_CTX_cleanup(&md_ctx);
+ }
+
+ ssl3_record_sequence_update(seq);
+ return (md_size);
+}
+
+void ssl3_record_sequence_update(unsigned char *seq)
+{
+ int i;
+
+ for (i = 7; i >= 0; i--) {
+ ++seq[i];
+ if (seq[i] != 0)
+ break;
+ }
+}
+
+int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+ int len)
+{
+ static const unsigned char *salt[3] = {
+#ifndef CHARSET_EBCDIC
+ (const unsigned char *)"A",
+ (const unsigned char *)"BB",
+ (const unsigned char *)"CCC",
+#else
+ (const unsigned char *)"\x41",
+ (const unsigned char *)"\x42\x42",
+ (const unsigned char *)"\x43\x43\x43",
+#endif
+ };
+ unsigned char buf[EVP_MAX_MD_SIZE];
+ EVP_MD_CTX ctx;
+ int i, ret = 0;
+ unsigned int n;
+
+ EVP_MD_CTX_init(&ctx);
+ for (i = 0; i < 3; i++) {
+ EVP_DigestInit_ex(&ctx, s->ctx->sha1, NULL);
+ EVP_DigestUpdate(&ctx, salt[i], strlen((const char *)salt[i]));
+ EVP_DigestUpdate(&ctx, p, len);
+ EVP_DigestUpdate(&ctx, &(s->s3->client_random[0]), SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&ctx, &(s->s3->server_random[0]), SSL3_RANDOM_SIZE);
+ EVP_DigestFinal_ex(&ctx, buf, &n);
+
+ EVP_DigestInit_ex(&ctx, s->ctx->md5, NULL);
+ EVP_DigestUpdate(&ctx, p, len);
+ EVP_DigestUpdate(&ctx, buf, n);
+ EVP_DigestFinal_ex(&ctx, out, &n);
+ out += n;
+ ret += n;
+ }
+ EVP_MD_CTX_cleanup(&ctx);
+ OPENSSL_cleanse(buf, sizeof buf);
+ return (ret);
+}
+
+int ssl3_alert_code(int code)
+{
+ switch (code) {
+ case SSL_AD_CLOSE_NOTIFY:
+ return (SSL3_AD_CLOSE_NOTIFY);
+ case SSL_AD_UNEXPECTED_MESSAGE:
+ return (SSL3_AD_UNEXPECTED_MESSAGE);
+ case SSL_AD_BAD_RECORD_MAC:
+ return (SSL3_AD_BAD_RECORD_MAC);
+ case SSL_AD_DECRYPTION_FAILED:
+ return (SSL3_AD_BAD_RECORD_MAC);
+ case SSL_AD_RECORD_OVERFLOW:
+ return (SSL3_AD_BAD_RECORD_MAC);
+ case SSL_AD_DECOMPRESSION_FAILURE:
+ return (SSL3_AD_DECOMPRESSION_FAILURE);
+ case SSL_AD_HANDSHAKE_FAILURE:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_NO_CERTIFICATE:
+ return (SSL3_AD_NO_CERTIFICATE);
+ case SSL_AD_BAD_CERTIFICATE:
+ return (SSL3_AD_BAD_CERTIFICATE);
+ case SSL_AD_UNSUPPORTED_CERTIFICATE:
+ return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
+ case SSL_AD_CERTIFICATE_REVOKED:
+ return (SSL3_AD_CERTIFICATE_REVOKED);
+ case SSL_AD_CERTIFICATE_EXPIRED:
+ return (SSL3_AD_CERTIFICATE_EXPIRED);
+ case SSL_AD_CERTIFICATE_UNKNOWN:
+ return (SSL3_AD_CERTIFICATE_UNKNOWN);
+ case SSL_AD_ILLEGAL_PARAMETER:
+ return (SSL3_AD_ILLEGAL_PARAMETER);
+ case SSL_AD_UNKNOWN_CA:
+ return (SSL3_AD_BAD_CERTIFICATE);
+ case SSL_AD_ACCESS_DENIED:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_DECODE_ERROR:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_DECRYPT_ERROR:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_EXPORT_RESTRICTION:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_PROTOCOL_VERSION:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_INSUFFICIENT_SECURITY:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_INTERNAL_ERROR:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_USER_CANCELLED:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_NO_RENEGOTIATION:
+ return (-1); /* Don't send it :-) */
+ case SSL_AD_UNSUPPORTED_EXTENSION:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_CERTIFICATE_UNOBTAINABLE:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_UNRECOGNIZED_NAME:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_UNKNOWN_PSK_IDENTITY:
+ return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
+ case SSL_AD_INAPPROPRIATE_FALLBACK:
+ return (TLS1_AD_INAPPROPRIATE_FALLBACK);
+ default:
+ return (-1);
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s3_lib.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s3_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2679 +0,0 @@
-/* ssl/s3_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/md5.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/pq_compat.h>
-
-const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
-
-#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
-
-/* list of available SSLv3 ciphers (sorted by id) */
-OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
-/* The RSA ciphers */
-/* Cipher 01 */
- {
- 1,
- SSL3_TXT_RSA_NULL_MD5,
- SSL3_CK_RSA_NULL_MD5,
- SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 02 */
- {
- 1,
- SSL3_TXT_RSA_NULL_SHA,
- SSL3_CK_RSA_NULL_SHA,
- SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 03 */
- {
- 1,
- SSL3_TXT_RSA_RC4_40_MD5,
- SSL3_CK_RSA_RC4_40_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 04 */
- {
- 1,
- SSL3_TXT_RSA_RC4_128_MD5,
- SSL3_CK_RSA_RC4_128_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 05 */
- {
- 1,
- SSL3_TXT_RSA_RC4_128_SHA,
- SSL3_CK_RSA_RC4_128_SHA,
- SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 06 */
- {
- 1,
- SSL3_TXT_RSA_RC2_40_MD5,
- SSL3_CK_RSA_RC2_40_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 07 */
-#ifndef OPENSSL_NO_IDEA
- {
- 1,
- SSL3_TXT_RSA_IDEA_128_SHA,
- SSL3_CK_RSA_IDEA_128_SHA,
- SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-/* Cipher 08 */
- {
- 1,
- SSL3_TXT_RSA_DES_40_CBC_SHA,
- SSL3_CK_RSA_DES_40_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 09 */
- {
- 1,
- SSL3_TXT_RSA_DES_64_CBC_SHA,
- SSL3_CK_RSA_DES_64_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0A */
- {
- 1,
- SSL3_TXT_RSA_DES_192_CBC3_SHA,
- SSL3_CK_RSA_DES_192_CBC3_SHA,
- SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* The DH ciphers */
-/* Cipher 0B */
- {
- 0,
- SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
- SSL3_CK_DH_DSS_DES_40_CBC_SHA,
- SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0C */
- {
- 0,
- SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
- SSL3_CK_DH_DSS_DES_64_CBC_SHA,
- SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0D */
- {
- 0,
- SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
- SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
- SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0E */
- {
- 0,
- SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
- SSL3_CK_DH_RSA_DES_40_CBC_SHA,
- SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0F */
- {
- 0,
- SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
- SSL3_CK_DH_RSA_DES_64_CBC_SHA,
- SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 10 */
- {
- 0,
- SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
- SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
- SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* The Ephemeral DH ciphers */
-/* Cipher 11 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
- SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 12 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
- SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 13 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
- SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
- SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 14 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
- SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
- SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 15 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
- SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
- SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 16 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
- SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
- SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 17 */
- {
- 1,
- SSL3_TXT_ADH_RC4_40_MD5,
- SSL3_CK_ADH_RC4_40_MD5,
- SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 18 */
- {
- 1,
- SSL3_TXT_ADH_RC4_128_MD5,
- SSL3_CK_ADH_RC4_128_MD5,
- SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 19 */
- {
- 1,
- SSL3_TXT_ADH_DES_40_CBC_SHA,
- SSL3_CK_ADH_DES_40_CBC_SHA,
- SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 1A */
- {
- 1,
- SSL3_TXT_ADH_DES_64_CBC_SHA,
- SSL3_CK_ADH_DES_64_CBC_SHA,
- SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 1B */
- {
- 1,
- SSL3_TXT_ADH_DES_192_CBC_SHA,
- SSL3_CK_ADH_DES_192_CBC_SHA,
- SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Fortezza */
-/* Cipher 1C */
- {
- 0,
- SSL3_TXT_FZA_DMS_NULL_SHA,
- SSL3_CK_FZA_DMS_NULL_SHA,
- SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 1D */
- {
- 0,
- SSL3_TXT_FZA_DMS_FZA_SHA,
- SSL3_CK_FZA_DMS_FZA_SHA,
- SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-#if 0
-/* Cipher 1E */
- {
- 0,
- SSL3_TXT_FZA_DMS_RC4_SHA,
- SSL3_CK_FZA_DMS_RC4_SHA,
- SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-
-#ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers */
-/* Cipher 1E */
- {
- 1,
- SSL3_TXT_KRB5_DES_64_CBC_SHA,
- SSL3_CK_KRB5_DES_64_CBC_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 1F */
- {
- 1,
- SSL3_TXT_KRB5_DES_192_CBC3_SHA,
- SSL3_CK_KRB5_DES_192_CBC3_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 20 */
- {
- 1,
- SSL3_TXT_KRB5_RC4_128_SHA,
- SSL3_CK_KRB5_RC4_128_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 21 */
- {
- 1,
- SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
- SSL3_CK_KRB5_IDEA_128_CBC_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 22 */
- {
- 1,
- SSL3_TXT_KRB5_DES_64_CBC_MD5,
- SSL3_CK_KRB5_DES_64_CBC_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 23 */
- {
- 1,
- SSL3_TXT_KRB5_DES_192_CBC3_MD5,
- SSL3_CK_KRB5_DES_192_CBC3_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 24 */
- {
- 1,
- SSL3_TXT_KRB5_RC4_128_MD5,
- SSL3_CK_KRB5_RC4_128_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 25 */
- {
- 1,
- SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
- SSL3_CK_KRB5_IDEA_128_CBC_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 26 */
- {
- 1,
- SSL3_TXT_KRB5_DES_40_CBC_SHA,
- SSL3_CK_KRB5_DES_40_CBC_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 27 */
- {
- 1,
- SSL3_TXT_KRB5_RC2_40_CBC_SHA,
- SSL3_CK_KRB5_RC2_40_CBC_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 28 */
- {
- 1,
- SSL3_TXT_KRB5_RC4_40_SHA,
- SSL3_CK_KRB5_RC4_40_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 29 */
- {
- 1,
- SSL3_TXT_KRB5_DES_40_CBC_MD5,
- SSL3_CK_KRB5_DES_40_CBC_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 2A */
- {
- 1,
- SSL3_TXT_KRB5_RC2_40_CBC_MD5,
- SSL3_CK_KRB5_RC2_40_CBC_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 2B */
- {
- 1,
- SSL3_TXT_KRB5_RC4_40_MD5,
- SSL3_CK_KRB5_RC4_40_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif /* OPENSSL_NO_KRB5 */
-
-/* New AES ciphersuites */
-/* Cipher 2F */
- {
- 1,
- TLS1_TXT_RSA_WITH_AES_128_SHA,
- TLS1_CK_RSA_WITH_AES_128_SHA,
- SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 30 */
- {
- 0,
- TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
- TLS1_CK_DH_DSS_WITH_AES_128_SHA,
- SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 31 */
- {
- 0,
- TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
- TLS1_CK_DH_RSA_WITH_AES_128_SHA,
- SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 32 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
- TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
- SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 33 */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
- TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
- SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 34 */
- {
- 1,
- TLS1_TXT_ADH_WITH_AES_128_SHA,
- TLS1_CK_ADH_WITH_AES_128_SHA,
- SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 35 */
- {
- 1,
- TLS1_TXT_RSA_WITH_AES_256_SHA,
- TLS1_CK_RSA_WITH_AES_256_SHA,
- SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 36 */
- {
- 0,
- TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
- TLS1_CK_DH_DSS_WITH_AES_256_SHA,
- SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 37 */
- {
- 0,
- TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
- TLS1_CK_DH_RSA_WITH_AES_256_SHA,
- SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 38 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
- TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
- SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 39 */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
- TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
- SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 3A */
- {
- 1,
- TLS1_TXT_ADH_WITH_AES_256_SHA,
- TLS1_CK_ADH_WITH_AES_256_SHA,
- SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-#ifndef OPENSSL_NO_CAMELLIA
- /* Camellia ciphersuites from RFC4132 (128-bit portion) */
-
- /* Cipher 41 */
- {
- 1,
- TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 42 */
- {
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 43 */
- {
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 44 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 45 */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 46 */
- {
- 1,
- TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
-#endif /* OPENSSL_NO_CAMELLIA */
-
-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
- /* New TLS Export CipherSuites from expired ID */
-#if 0
- /* Cipher 60 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 61 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
- /* Cipher 62 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 63 */
- {
- 1,
- TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 64 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 65 */
- {
- 1,
- TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 66 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
- TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
- SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
-#endif
-
-#ifndef OPENSSL_NO_CAMELLIA
- /* Camellia ciphersuites from RFC4132 (256-bit portion) */
-
- /* Cipher 84 */
- {
- 1,
- TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 85 */
- {
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 86 */
- {
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 87 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 88 */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 89 */
- {
- 1,
- TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
-#endif /* OPENSSL_NO_CAMELLIA */
-
-#ifndef OPENSSL_NO_SEED
- /* SEED ciphersuites from RFC4162 */
-
- /* Cipher 96 */
- {
- 1,
- TLS1_TXT_RSA_WITH_SEED_SHA,
- TLS1_CK_RSA_WITH_SEED_SHA,
- SSL_kRSA|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher 97 */
- {
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_DSS_WITH_SEED_SHA,
- TLS1_CK_DH_DSS_WITH_SEED_SHA,
- SSL_kDHd|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher 98 */
- {
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_RSA_WITH_SEED_SHA,
- TLS1_CK_DH_RSA_WITH_SEED_SHA,
- SSL_kDHr|SSL_aDH|SSL_SEED|SSL_SHA1|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher 99 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
- TLS1_CK_DHE_DSS_WITH_SEED_SHA,
- SSL_kEDH|SSL_aDSS|SSL_SEED|SSL_SHA1|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher 9A */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
- TLS1_CK_DHE_RSA_WITH_SEED_SHA,
- SSL_kEDH|SSL_aRSA|SSL_SEED|SSL_SHA1|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher 9B */
- {
- 1,
- TLS1_TXT_ADH_WITH_SEED_SHA,
- TLS1_CK_ADH_WITH_SEED_SHA,
- SSL_kEDH|SSL_aNULL|SSL_SEED|SSL_SHA1|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-#endif /* OPENSSL_NO_SEED */
-
-#ifndef OPENSSL_NO_ECDH
- /* Cipher C001 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
- SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C002 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
- SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C003 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C004 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C005 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C006 */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
- SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C007 */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
- SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C008 */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C009 */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C00A */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C00B */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
- TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
- SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C00C */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
- SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C00D */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C00E */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
- SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C00F */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
- SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C010 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
- TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
- SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C011 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
- SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C012 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C013 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C014 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C015 */
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
- TLS1_CK_ECDH_anon_WITH_NULL_SHA,
- SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C016 */
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
- SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C017 */
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
- SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C018 */
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
- SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C019 */
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
- SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif /* OPENSSL_NO_ECDH */
-
-
-/* end of list */
- };
-
-SSL3_ENC_METHOD SSLv3_enc_data={
- ssl3_enc,
- ssl3_mac,
- ssl3_setup_key_block,
- ssl3_generate_master_secret,
- ssl3_change_cipher_state,
- ssl3_final_finish_mac,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
- ssl3_cert_verify_mac,
- SSL3_MD_CLIENT_FINISHED_CONST,4,
- SSL3_MD_SERVER_FINISHED_CONST,4,
- ssl3_alert_code,
- };
-
-long ssl3_default_timeout(void)
- {
- /* 2 hours, the 24 hours mentioned in the SSLv3 spec
- * is way too long for http, the cache would over fill */
- return(60*60*2);
- }
-
-IMPLEMENT_ssl3_meth_func(sslv3_base_method,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl_bad_method)
-
-int ssl3_num_ciphers(void)
- {
- return(SSL3_NUM_CIPHERS);
- }
-
-SSL_CIPHER *ssl3_get_cipher(unsigned int u)
- {
- if (u < SSL3_NUM_CIPHERS)
- return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
- else
- return(NULL);
- }
-
-int ssl3_pending(const SSL *s)
- {
- if (s->rstate == SSL_ST_READ_BODY)
- return 0;
-
- return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
- }
-
-int ssl3_new(SSL *s)
- {
- SSL3_STATE *s3;
-
- if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
- memset(s3,0,sizeof *s3);
- EVP_MD_CTX_init(&s3->finish_dgst1);
- EVP_MD_CTX_init(&s3->finish_dgst2);
- pq_64bit_init(&(s3->rrec.seq_num));
- pq_64bit_init(&(s3->wrec.seq_num));
-
- s->s3=s3;
-
- s->method->ssl_clear(s);
- return(1);
-err:
- return(0);
- }
-
-void ssl3_free(SSL *s)
- {
- if(s == NULL)
- return;
-
- ssl3_cleanup_key_block(s);
- if (s->s3->rbuf.buf != NULL)
- OPENSSL_free(s->s3->rbuf.buf);
- if (s->s3->wbuf.buf != NULL)
- OPENSSL_free(s->s3->wbuf.buf);
- if (s->s3->rrec.comp != NULL)
- OPENSSL_free(s->s3->rrec.comp);
-#ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL)
- DH_free(s->s3->tmp.dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (s->s3->tmp.ecdh != NULL)
- EC_KEY_free(s->s3->tmp.ecdh);
-#endif
-
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
- EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
- EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
- pq_64bit_free(&(s->s3->rrec.seq_num));
- pq_64bit_free(&(s->s3->wrec.seq_num));
-
- OPENSSL_cleanse(s->s3,sizeof *s->s3);
- OPENSSL_free(s->s3);
- s->s3=NULL;
- }
-
-void ssl3_clear(SSL *s)
- {
- unsigned char *rp,*wp;
- size_t rlen, wlen;
-
- ssl3_cleanup_key_block(s);
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-
- if (s->s3->rrec.comp != NULL)
- {
- OPENSSL_free(s->s3->rrec.comp);
- s->s3->rrec.comp=NULL;
- }
-#ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL)
- {
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
- }
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (s->s3->tmp.ecdh != NULL)
- {
- EC_KEY_free(s->s3->tmp.ecdh);
- s->s3->tmp.ecdh = NULL;
- }
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-#ifndef OPENSSL_NO_EC
- s->s3->is_probably_safari = 0;
-#endif /* !OPENSSL_NO_EC */
-#endif /* !OPENSSL_NO_TLSEXT */
-
- rp = s->s3->rbuf.buf;
- wp = s->s3->wbuf.buf;
- rlen = s->s3->rbuf.len;
- wlen = s->s3->wbuf.len;
-
- EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
- EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
-
- memset(s->s3,0,sizeof *s->s3);
- s->s3->rbuf.buf = rp;
- s->s3->wbuf.buf = wp;
- s->s3->rbuf.len = rlen;
- s->s3->wbuf.len = wlen;
-
- ssl_free_wbio_buffer(s);
-
- s->packet_length=0;
- s->s3->renegotiate=0;
- s->s3->total_renegotiations=0;
- s->s3->num_renegotiations=0;
- s->s3->in_read_app_data=0;
- s->version=SSL3_VERSION;
- }
-
-long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
- {
- int ret=0;
-
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
- if (
-#ifndef OPENSSL_NO_RSA
- cmd == SSL_CTRL_SET_TMP_RSA ||
- cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH ||
- cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
- 0)
- {
- if (!ssl_cert_inst(&s->cert))
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
- return(0);
- }
- }
-#endif
-
- switch (cmd)
- {
- case SSL_CTRL_GET_SESSION_REUSED:
- ret=s->hit;
- break;
- case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
- break;
- case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
- ret=s->s3->num_renegotiations;
- break;
- case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
- ret=s->s3->num_renegotiations;
- s->s3->num_renegotiations=0;
- break;
- case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
- ret=s->s3->total_renegotiations;
- break;
- case SSL_CTRL_GET_FLAGS:
- ret=(int)(s->s3->flags);
- break;
-#ifndef OPENSSL_NO_RSA
- case SSL_CTRL_NEED_TMP_RSA:
- if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
- ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
- (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
- ret = 1;
- break;
- case SSL_CTRL_SET_TMP_RSA:
- {
- RSA *rsa = (RSA *)parg;
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return(ret);
- }
- if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
- return(ret);
- }
- if (s->cert->rsa_tmp != NULL)
- RSA_free(s->cert->rsa_tmp);
- s->cert->rsa_tmp = rsa;
- ret = 1;
- }
- break;
- case SSL_CTRL_SET_TMP_RSA_CB:
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(ret);
- }
- break;
-#endif
-#ifndef OPENSSL_NO_DH
- case SSL_CTRL_SET_TMP_DH:
- {
- DH *dh = (DH *)parg;
- if (dh == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return(ret);
- }
- if ((dh = DHparams_dup(dh)) == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
- return(ret);
- }
- if (!(s->options & SSL_OP_SINGLE_DH_USE))
- {
- if (!DH_generate_key(dh))
- {
- DH_free(dh);
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
- return(ret);
- }
- }
- if (s->cert->dh_tmp != NULL)
- DH_free(s->cert->dh_tmp);
- s->cert->dh_tmp = dh;
- ret = 1;
- }
- break;
- case SSL_CTRL_SET_TMP_DH_CB:
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(ret);
- }
- break;
-#endif
-#ifndef OPENSSL_NO_ECDH
- case SSL_CTRL_SET_TMP_ECDH:
- {
- EC_KEY *ecdh = NULL;
-
- if (parg == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return(ret);
- }
- if (!EC_KEY_up_ref((EC_KEY *)parg))
- {
- SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
- return(ret);
- }
- ecdh = (EC_KEY *)parg;
- if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
- {
- if (!EC_KEY_generate_key(ecdh))
- {
- EC_KEY_free(ecdh);
- SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
- return(ret);
- }
- }
- if (s->cert->ecdh_tmp != NULL)
- EC_KEY_free(s->cert->ecdh_tmp);
- s->cert->ecdh_tmp = ecdh;
- ret = 1;
- }
- break;
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(ret);
- }
- break;
-#endif /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_TLSEXT
- case SSL_CTRL_SET_TLSEXT_HOSTNAME:
- if (larg == TLSEXT_NAMETYPE_host_name)
- {
- if (s->tlsext_hostname != NULL)
- OPENSSL_free(s->tlsext_hostname);
- s->tlsext_hostname = NULL;
-
- ret = 1;
- if (parg == NULL)
- break;
- if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name)
- {
- SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
- return 0;
- }
- if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
- return 0;
- }
- }
- else
- {
- SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
- return 0;
- }
- break;
- case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
- s->tlsext_debug_arg=parg;
- ret = 1;
- break;
-
- case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
- s->tlsext_status_type=larg;
- ret = 1;
- break;
-
- case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
- *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
- ret = 1;
- break;
-
- case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
- s->tlsext_ocsp_exts = parg;
- ret = 1;
- break;
-
- case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
- *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
- ret = 1;
- break;
-
- case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
- s->tlsext_ocsp_ids = parg;
- ret = 1;
- break;
-
- case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
- *(unsigned char **)parg = s->tlsext_ocsp_resp;
- return s->tlsext_ocsp_resplen;
-
- case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
- if (s->tlsext_ocsp_resp)
- OPENSSL_free(s->tlsext_ocsp_resp);
- s->tlsext_ocsp_resp = parg;
- s->tlsext_ocsp_resplen = larg;
- ret = 1;
- break;
-
-#endif /* !OPENSSL_NO_TLSEXT */
-
- case SSL_CTRL_CHECK_PROTO_VERSION:
- /* For library-internal use; checks that the current protocol
- * is the highest enabled version (according to s->ctx->method,
- * as version negotiation may have changed s->method). */
- if (s->version == s->ctx->method->version)
- return 1;
- /* Apparently we're using a version-flexible SSL_METHOD
- * (not at its highest protocol version). */
- if (s->ctx->method->version == SSLv23_method()->version)
- {
-#if TLS_MAX_VERSION != TLS1_VERSION
-# error Code needs update for SSLv23_method() support beyond TLS1_VERSION.
-#endif
- if (!(s->options & SSL_OP_NO_TLSv1))
- return s->version == TLS1_VERSION;
- if (!(s->options & SSL_OP_NO_SSLv3))
- return s->version == SSL3_VERSION;
- if (!(s->options & SSL_OP_NO_SSLv2))
- return s->version == SSL2_VERSION;
- }
- return 0; /* Unexpected state; fail closed. */
-
- default:
- break;
- }
- return(ret);
- }
-
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
- {
- int ret=0;
-
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
- if (
-#ifndef OPENSSL_NO_RSA
- cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
- 0)
- {
- if (!ssl_cert_inst(&s->cert))
- {
- SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
- return(0);
- }
- }
-#endif
-
- switch (cmd)
- {
-#ifndef OPENSSL_NO_RSA
- case SSL_CTRL_SET_TMP_RSA_CB:
- {
- s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_DH
- case SSL_CTRL_SET_TMP_DH_CB:
- {
- s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_ECDH
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
- case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
- s->tlsext_debug_cb=(void (*)(SSL *,int ,int,
- unsigned char *, int, void *))fp;
- break;
-#endif
- default:
- break;
- }
- return(ret);
- }
-
-long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
- {
- CERT *cert;
-
- cert=ctx->cert;
-
- switch (cmd)
- {
-#ifndef OPENSSL_NO_RSA
- case SSL_CTRL_NEED_TMP_RSA:
- if ( (cert->rsa_tmp == NULL) &&
- ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
- (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
- )
- return(1);
- else
- return(0);
- /* break; */
- case SSL_CTRL_SET_TMP_RSA:
- {
- RSA *rsa;
- int i;
-
- rsa=(RSA *)parg;
- i=1;
- if (rsa == NULL)
- i=0;
- else
- {
- if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
- i=0;
- }
- if (!i)
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
- return(0);
- }
- else
- {
- if (cert->rsa_tmp != NULL)
- RSA_free(cert->rsa_tmp);
- cert->rsa_tmp=rsa;
- return(1);
- }
- }
- /* break; */
- case SSL_CTRL_SET_TMP_RSA_CB:
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
- break;
-#endif
-#ifndef OPENSSL_NO_DH
- case SSL_CTRL_SET_TMP_DH:
- {
- DH *new=NULL,*dh;
-
- dh=(DH *)parg;
- if ((new=DHparams_dup(dh)) == NULL)
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
- return 0;
- }
- if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
- {
- if (!DH_generate_key(new))
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
- DH_free(new);
- return 0;
- }
- }
- if (cert->dh_tmp != NULL)
- DH_free(cert->dh_tmp);
- cert->dh_tmp=new;
- return 1;
- }
- /*break; */
- case SSL_CTRL_SET_TMP_DH_CB:
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
- break;
-#endif
-#ifndef OPENSSL_NO_ECDH
- case SSL_CTRL_SET_TMP_ECDH:
- {
- EC_KEY *ecdh = NULL;
-
- if (parg == NULL)
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
- return 0;
- }
- ecdh = EC_KEY_dup((EC_KEY *)parg);
- if (ecdh == NULL)
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
- return 0;
- }
- if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
- {
- if (!EC_KEY_generate_key(ecdh))
- {
- EC_KEY_free(ecdh);
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
- return 0;
- }
- }
-
- if (cert->ecdh_tmp != NULL)
- {
- EC_KEY_free(cert->ecdh_tmp);
- }
- cert->ecdh_tmp = ecdh;
- return 1;
- }
- /* break; */
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
- break;
-#endif /* !OPENSSL_NO_ECDH */
-#ifndef OPENSSL_NO_TLSEXT
- case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
- ctx->tlsext_servername_arg=parg;
- break;
- case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
- case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
- {
- unsigned char *keys = parg;
- if (!keys)
- return 48;
- if (larg != 48)
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
- return 0;
- }
- if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS)
- {
- memcpy(ctx->tlsext_tick_key_name, keys, 16);
- memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
- memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
- }
- else
- {
- memcpy(keys, ctx->tlsext_tick_key_name, 16);
- memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
- memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
- }
- return 1;
- }
-
- case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
- ctx->tlsext_status_arg=parg;
- return 1;
- break;
-
-#endif /* !OPENSSL_NO_TLSEXT */
- /* A Thawte special :-) */
- case SSL_CTRL_EXTRA_CHAIN_CERT:
- if (ctx->extra_certs == NULL)
- {
- if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
- return(0);
- }
- sk_X509_push(ctx->extra_certs,(X509 *)parg);
- break;
-
- default:
- return(0);
- }
- return(1);
- }
-
-long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
- {
- CERT *cert;
-
- cert=ctx->cert;
-
- switch (cmd)
- {
-#ifndef OPENSSL_NO_RSA
- case SSL_CTRL_SET_TMP_RSA_CB:
- {
- cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_DH
- case SSL_CTRL_SET_TMP_DH_CB:
- {
- cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_ECDH
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
- case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
- ctx->tlsext_servername_callback=(int (*)(SSL *,int *,void *))fp;
- break;
-
- case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
- ctx->tlsext_status_cb=(int (*)(SSL *,void *))fp;
- break;
-
- case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
- ctx->tlsext_ticket_key_cb=(int (*)(SSL *,unsigned char *,
- unsigned char *,
- EVP_CIPHER_CTX *,
- HMAC_CTX *, int))fp;
- break;
-
-#endif
-
- default:
- return(0);
- }
- return(1);
- }
-
-/* This function needs to check if the ciphers required are actually
- * available */
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
- {
- SSL_CIPHER c,*cp;
- unsigned long id;
-
- id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
- c.id=id;
- cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
- (char *)ssl3_ciphers,
- SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
- FP_ICC ssl_cipher_id_cmp);
- if (cp == NULL || cp->valid == 0)
- return NULL;
- else
- return cp;
- }
-
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
- {
- long l;
-
- if (p != NULL)
- {
- l=c->id;
- if ((l & 0xff000000) != 0x03000000) return(0);
- p[0]=((unsigned char)(l>> 8L))&0xFF;
- p[1]=((unsigned char)(l ))&0xFF;
- }
- return(2);
- }
-
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
- STACK_OF(SSL_CIPHER) *srvr)
- {
- SSL_CIPHER *c,*ret=NULL;
- STACK_OF(SSL_CIPHER) *prio, *allow;
- int i,j,ok;
-
- CERT *cert;
- unsigned long alg,mask,emask;
-
- /* Let's see which ciphers we can support */
- cert=s->cert;
-
-#if 0
- /* Do not set the compare functions, because this may lead to a
- * reordering by "id". We want to keep the original ordering.
- * We may pay a price in performance during sk_SSL_CIPHER_find(),
- * but would have to pay with the price of sk_SSL_CIPHER_dup().
- */
- sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
- sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
-#endif
-
-#ifdef CIPHER_DEBUG
- printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
- for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
- {
- c=sk_SSL_CIPHER_value(srvr,i);
- printf("%p:%s\n",c,c->name);
- }
- printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
- for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
- {
- c=sk_SSL_CIPHER_value(clnt,i);
- printf("%p:%s\n",c,c->name);
- }
-#endif
-
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
- {
- prio = srvr;
- allow = clnt;
- }
- else
- {
- prio = clnt;
- allow = srvr;
- }
-
- for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
- {
- c=sk_SSL_CIPHER_value(prio,i);
-
- ssl_set_cert_masks(cert,c);
- mask=cert->mask;
- emask=cert->export_mask;
-
-#ifdef KSSL_DEBUG
- printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
-#endif /* KSSL_DEBUG */
-
- alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-#ifndef OPENSSL_NO_KRB5
- if (alg & SSL_KRB5)
- {
- if ( !kssl_keytab_is_available(s->kssl_ctx) )
- continue;
- }
-#endif /* OPENSSL_NO_KRB5 */
- if (SSL_C_IS_EXPORT(c))
- {
- ok=((alg & emask) == alg)?1:0;
-#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
- c,c->name);
-#endif
- }
- else
- {
- ok=((alg & mask) == alg)?1:0;
-#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
- c->name);
-#endif
- }
-
- if (!ok) continue;
- j=sk_SSL_CIPHER_find(allow,c);
- if (j >= 0)
- {
-#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
- if ((alg & SSL_kECDHE) && (alg & SSL_aECDSA) && s->s3->is_probably_safari)
- {
- if (!ret) ret=sk_SSL_CIPHER_value(allow,j);
- continue;
- }
-#endif
- ret=sk_SSL_CIPHER_value(allow,j);
- break;
- }
- }
- return(ret);
- }
-
-int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
- {
- int ret=0;
- unsigned long alg;
-
- alg=s->s3->tmp.new_cipher->algorithms;
-
-#ifndef OPENSSL_NO_DH
- if (alg & (SSL_kDHr|SSL_kEDH))
- {
-# ifndef OPENSSL_NO_RSA
- p[ret++]=SSL3_CT_RSA_FIXED_DH;
-# endif
-# ifndef OPENSSL_NO_DSA
- p[ret++]=SSL3_CT_DSS_FIXED_DH;
-# endif
- }
- if ((s->version == SSL3_VERSION) &&
- (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
- {
-# ifndef OPENSSL_NO_RSA
- p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
-# endif
-# ifndef OPENSSL_NO_DSA
- p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
-# endif
- }
-#endif /* !OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_RSA
- p[ret++]=SSL3_CT_RSA_SIGN;
-#endif
-#ifndef OPENSSL_NO_DSA
- p[ret++]=SSL3_CT_DSS_SIGN;
-#endif
-#ifndef OPENSSL_NO_ECDH
- /* We should ask for fixed ECDH certificates only
- * for SSL_kECDH (and not SSL_kECDHE)
- */
- if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
- {
- p[ret++]=TLS_CT_RSA_FIXED_ECDH;
- p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
- /* ECDSA certs can be used with RSA cipher suites as well
- * so we don't need to check for SSL_kECDH or SSL_kECDHE
- */
- if (s->version >= TLS1_VERSION)
- {
- p[ret++]=TLS_CT_ECDSA_SIGN;
- }
-#endif
- return(ret);
- }
-
-int ssl3_shutdown(SSL *s)
- {
- int ret;
-
- /* Don't do anything much if we have not done the handshake or
- * we don't want to send messages :-) */
- if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
- {
- s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
- return(1);
- }
-
- if (!(s->shutdown & SSL_SENT_SHUTDOWN))
- {
- s->shutdown|=SSL_SENT_SHUTDOWN;
-#if 1
- ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
-#endif
- /* our shutdown alert has been sent now, and if it still needs
- * to be written, s->s3->alert_dispatch will be true */
- if (s->s3->alert_dispatch)
- return(-1); /* return WANT_WRITE */
- }
- else if (s->s3->alert_dispatch)
- {
- /* resend it if not sent */
-#if 1
- ret=s->method->ssl_dispatch_alert(s);
- if(ret == -1)
- {
- /* we only get to return -1 here the 2nd/Nth
- * invocation, we must have already signalled
- * return 0 upon a previous invoation,
- * return WANT_WRITE */
- return(ret);
- }
-#endif
- }
- else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
- {
- /* If we are waiting for a close from our peer, we are closed */
- s->method->ssl_read_bytes(s,0,NULL,0,0);
- if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
- {
- return(-1); /* return WANT_READ */
- }
- }
-
- if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
- !s->s3->alert_dispatch)
- return(1);
- else
- return(0);
- }
-
-int ssl3_write(SSL *s, const void *buf, int len)
- {
- int ret,n;
-
-#if 0
- if (s->shutdown & SSL_SEND_SHUTDOWN)
- {
- s->rwstate=SSL_NOTHING;
- return(0);
- }
-#endif
- clear_sys_error();
- if (s->s3->renegotiate) ssl3_renegotiate_check(s);
-
- /* This is an experimental flag that sends the
- * last handshake message in the same packet as the first
- * use data - used to see if it helps the TCP protocol during
- * session-id reuse */
- /* The second test is because the buffer may have been removed */
- if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
- {
- /* First time through, we write into the buffer */
- if (s->s3->delay_buf_pop_ret == 0)
- {
- ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
- buf,len);
- if (ret <= 0) return(ret);
-
- s->s3->delay_buf_pop_ret=ret;
- }
-
- s->rwstate=SSL_WRITING;
- n=BIO_flush(s->wbio);
- if (n <= 0) return(n);
- s->rwstate=SSL_NOTHING;
-
- /* We have flushed the buffer, so remove it */
- ssl_free_wbio_buffer(s);
- s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
-
- ret=s->s3->delay_buf_pop_ret;
- s->s3->delay_buf_pop_ret=0;
- }
- else
- {
- ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
- buf,len);
- if (ret <= 0) return(ret);
- }
-
- return(ret);
- }
-
-static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
- {
- int ret;
-
- clear_sys_error();
- if (s->s3->renegotiate) ssl3_renegotiate_check(s);
- s->s3->in_read_app_data=1;
- ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
- if ((ret == -1) && (s->s3->in_read_app_data == 2))
- {
- /* ssl3_read_bytes decided to call s->handshake_func, which
- * called ssl3_read_bytes to read handshake data.
- * However, ssl3_read_bytes actually found application data
- * and thinks that application data makes sense here; so disable
- * handshake processing and try to read application data again. */
- s->in_handshake++;
- ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
- s->in_handshake--;
- }
- else
- s->s3->in_read_app_data=0;
-
- return(ret);
- }
-
-int ssl3_read(SSL *s, void *buf, int len)
- {
- return ssl3_read_internal(s, buf, len, 0);
- }
-
-int ssl3_peek(SSL *s, void *buf, int len)
- {
- return ssl3_read_internal(s, buf, len, 1);
- }
-
-int ssl3_renegotiate(SSL *s)
- {
- if (s->handshake_func == NULL)
- return(1);
-
- if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
- return(0);
-
- s->s3->renegotiate=1;
- return(1);
- }
-
-int ssl3_renegotiate_check(SSL *s)
- {
- int ret=0;
-
- if (s->s3->renegotiate)
- {
- if ( (s->s3->rbuf.left == 0) &&
- (s->s3->wbuf.left == 0) &&
- !SSL_in_init(s))
- {
-/*
-if we are the server, and we have sent a 'RENEGOTIATE' message, we
-need to go to SSL_ST_ACCEPT.
-*/
- /* SSL_ST_ACCEPT */
- s->state=SSL_ST_RENEGOTIATE;
- s->s3->renegotiate=0;
- s->s3->num_renegotiations++;
- s->s3->total_renegotiations++;
- ret=1;
- }
- }
- return(ret);
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s3_lib.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s3_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s3_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2621 @@
+/* ssl/s3_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/md5.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/pq_compat.h>
+
+const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
+
+#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
+
+/* list of available SSLv3 ciphers (sorted by id) */
+OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+/* The RSA ciphers */
+/* Cipher 01 */
+ {
+ 1,
+ SSL3_TXT_RSA_NULL_MD5,
+ SSL3_CK_RSA_NULL_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_eNULL | SSL_MD5 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_STRONG_NONE,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 02 */
+ {
+ 1,
+ SSL3_TXT_RSA_NULL_SHA,
+ SSL3_CK_RSA_NULL_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_eNULL | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_STRONG_NONE | SSL_FIPS,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 03 */
+ {
+ 1,
+ SSL3_TXT_RSA_RC4_40_MD5,
+ SSL3_CK_RSA_RC4_40_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_RC4 | SSL_MD5 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 04 */
+ {
+ 1,
+ SSL3_TXT_RSA_RC4_128_MD5,
+ SSL3_CK_RSA_RC4_128_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_RC4 | SSL_MD5 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 05 */
+ {
+ 1,
+ SSL3_TXT_RSA_RC4_128_SHA,
+ SSL3_CK_RSA_RC4_128_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_RC4 | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 06 */
+ {
+ 1,
+ SSL3_TXT_RSA_RC2_40_MD5,
+ SSL3_CK_RSA_RC2_40_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_RC2 | SSL_MD5 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 07 */
+#ifndef OPENSSL_NO_IDEA
+ {
+ 1,
+ SSL3_TXT_RSA_IDEA_128_SHA,
+ SSL3_CK_RSA_IDEA_128_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_IDEA | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+#endif
+/* Cipher 08 */
+ {
+ 1,
+ SSL3_TXT_RSA_DES_40_CBC_SHA,
+ SSL3_CK_RSA_DES_40_CBC_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 09 */
+ {
+ 1,
+ SSL3_TXT_RSA_DES_64_CBC_SHA,
+ SSL3_CK_RSA_DES_64_CBC_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_LOW,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 0A */
+ {
+ 1,
+ SSL3_TXT_RSA_DES_192_CBC3_SHA,
+ SSL3_CK_RSA_DES_192_CBC3_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_3DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* The DH ciphers */
+/* Cipher 0B */
+ {
+ 0,
+ SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
+ SSL3_CK_DH_DSS_DES_40_CBC_SHA,
+ SSL_kDHd | SSL_aDH | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 0C */
+ {
+ 0,
+ SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
+ SSL3_CK_DH_DSS_DES_64_CBC_SHA,
+ SSL_kDHd | SSL_aDH | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_LOW,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 0D */
+ {
+ 0,
+ SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
+ SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
+ SSL_kDHd | SSL_aDH | SSL_3DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 0E */
+ {
+ 0,
+ SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
+ SSL3_CK_DH_RSA_DES_40_CBC_SHA,
+ SSL_kDHr | SSL_aDH | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 0F */
+ {
+ 0,
+ SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
+ SSL3_CK_DH_RSA_DES_64_CBC_SHA,
+ SSL_kDHr | SSL_aDH | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_LOW,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 10 */
+ {
+ 0,
+ SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
+ SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
+ SSL_kDHr | SSL_aDH | SSL_3DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* The Ephemeral DH ciphers */
+/* Cipher 11 */
+ {
+ 1,
+ SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
+ SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
+ SSL_kEDH | SSL_aDSS | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 12 */
+ {
+ 1,
+ SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
+ SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
+ SSL_kEDH | SSL_aDSS | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_LOW,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 13 */
+ {
+ 1,
+ SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
+ SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
+ SSL_kEDH | SSL_aDSS | SSL_3DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 14 */
+ {
+ 1,
+ SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
+ SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
+ SSL_kEDH | SSL_aRSA | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 15 */
+ {
+ 1,
+ SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
+ SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
+ SSL_kEDH | SSL_aRSA | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_LOW,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 16 */
+ {
+ 1,
+ SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
+ SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
+ SSL_kEDH | SSL_aRSA | SSL_3DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 17 */
+ {
+ 1,
+ SSL3_TXT_ADH_RC4_40_MD5,
+ SSL3_CK_ADH_RC4_40_MD5,
+ SSL_kEDH | SSL_aNULL | SSL_RC4 | SSL_MD5 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 18 */
+ {
+ 1,
+ SSL3_TXT_ADH_RC4_128_MD5,
+ SSL3_CK_ADH_RC4_128_MD5,
+ SSL_kEDH | SSL_aNULL | SSL_RC4 | SSL_MD5 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 19 */
+ {
+ 1,
+ SSL3_TXT_ADH_DES_40_CBC_SHA,
+ SSL3_CK_ADH_DES_40_CBC_SHA,
+ SSL_kEDH | SSL_aNULL | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 1A */
+ {
+ 1,
+ SSL3_TXT_ADH_DES_64_CBC_SHA,
+ SSL3_CK_ADH_DES_64_CBC_SHA,
+ SSL_kEDH | SSL_aNULL | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_LOW,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 1B */
+ {
+ 1,
+ SSL3_TXT_ADH_DES_192_CBC_SHA,
+ SSL3_CK_ADH_DES_192_CBC_SHA,
+ SSL_kEDH | SSL_aNULL | SSL_3DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Fortezza */
+/* Cipher 1C */
+ {
+ 0,
+ SSL3_TXT_FZA_DMS_NULL_SHA,
+ SSL3_CK_FZA_DMS_NULL_SHA,
+ SSL_kFZA | SSL_aFZA | SSL_eNULL | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_STRONG_NONE,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 1D */
+ {
+ 0,
+ SSL3_TXT_FZA_DMS_FZA_SHA,
+ SSL3_CK_FZA_DMS_FZA_SHA,
+ SSL_kFZA | SSL_aFZA | SSL_eFZA | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_STRONG_NONE,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+#if 0
+/* Cipher 1E */
+ {
+ 0,
+ SSL3_TXT_FZA_DMS_RC4_SHA,
+ SSL3_CK_FZA_DMS_RC4_SHA,
+ SSL_kFZA | SSL_aFZA | SSL_RC4 | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+#endif
+
+#ifndef OPENSSL_NO_KRB5
+/* The Kerberos ciphers */
+/* Cipher 1E */
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_64_CBC_SHA,
+ SSL3_CK_KRB5_DES_64_CBC_SHA,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_LOW,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 1F */
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_192_CBC3_SHA,
+ SSL3_CK_KRB5_DES_192_CBC3_SHA,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_3DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 20 */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_128_SHA,
+ SSL3_CK_KRB5_RC4_128_SHA,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_RC4 | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 21 */
+ {
+ 1,
+ SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
+ SSL3_CK_KRB5_IDEA_128_CBC_SHA,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_IDEA | SSL_SHA1 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 22 */
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_64_CBC_MD5,
+ SSL3_CK_KRB5_DES_64_CBC_MD5,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_DES | SSL_MD5 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_LOW,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 23 */
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_192_CBC3_MD5,
+ SSL3_CK_KRB5_DES_192_CBC3_MD5,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_3DES | SSL_MD5 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 24 */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_128_MD5,
+ SSL3_CK_KRB5_RC4_128_MD5,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_RC4 | SSL_MD5 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 25 */
+ {
+ 1,
+ SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
+ SSL3_CK_KRB5_IDEA_128_CBC_MD5,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_IDEA | SSL_MD5 | SSL_SSLV3,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 26 */
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_40_CBC_SHA,
+ SSL3_CK_KRB5_DES_40_CBC_SHA,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_DES | SSL_SHA1 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 27 */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC2_40_CBC_SHA,
+ SSL3_CK_KRB5_RC2_40_CBC_SHA,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_RC2 | SSL_SHA1 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 28 */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_40_SHA,
+ SSL3_CK_KRB5_RC4_40_SHA,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_RC4 | SSL_SHA1 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 29 */
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_40_CBC_MD5,
+ SSL3_CK_KRB5_DES_40_CBC_MD5,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_DES | SSL_MD5 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 2A */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC2_40_CBC_MD5,
+ SSL3_CK_KRB5_RC2_40_CBC_MD5,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_RC2 | SSL_MD5 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 2B */
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_40_MD5,
+ SSL3_CK_KRB5_RC4_40_MD5,
+ SSL_kKRB5 | SSL_aKRB5 | SSL_RC4 | SSL_MD5 | SSL_SSLV3,
+ SSL_EXPORT | SSL_EXP40,
+ 0,
+ 40,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+#endif /* OPENSSL_NO_KRB5 */
+
+/* New AES ciphersuites */
+/* Cipher 2F */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_128_SHA,
+ TLS1_CK_RSA_WITH_AES_128_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 30 */
+ {
+ 0,
+ TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
+ TLS1_CK_DH_DSS_WITH_AES_128_SHA,
+ SSL_kDHd | SSL_aDH | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 31 */
+ {
+ 0,
+ TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
+ TLS1_CK_DH_RSA_WITH_AES_128_SHA,
+ SSL_kDHr | SSL_aDH | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 32 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+ TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+ SSL_kEDH | SSL_aDSS | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 33 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+ TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+ SSL_kEDH | SSL_aRSA | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 34 */
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_AES_128_SHA,
+ TLS1_CK_ADH_WITH_AES_128_SHA,
+ SSL_kEDH | SSL_aNULL | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+/* Cipher 35 */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_AES_256_SHA,
+ TLS1_CK_RSA_WITH_AES_256_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 36 */
+ {
+ 0,
+ TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
+ TLS1_CK_DH_DSS_WITH_AES_256_SHA,
+ SSL_kDHd | SSL_aDH | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 37 */
+ {
+ 0,
+ TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
+ TLS1_CK_DH_RSA_WITH_AES_256_SHA,
+ SSL_kDHr | SSL_aDH | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 38 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+ TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+ SSL_kEDH | SSL_aDSS | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+/* Cipher 39 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+ TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+ SSL_kEDH | SSL_aRSA | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+ /* Cipher 3A */
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_AES_256_SHA,
+ TLS1_CK_ADH_WITH_AES_256_SHA,
+ SSL_kEDH | SSL_aNULL | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH | SSL_FIPS,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+#ifndef OPENSSL_NO_CAMELLIA
+ /* Camellia ciphersuites from RFC4132 (128-bit portion) */
+
+ /* Cipher 41 */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_CAMELLIA | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+ /* Cipher 42 */
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kDHd | SSL_aDH | SSL_CAMELLIA | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+ /* Cipher 43 */
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kDHr | SSL_aDH | SSL_CAMELLIA | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+ /* Cipher 44 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kEDH | SSL_aDSS | SSL_CAMELLIA | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+ /* Cipher 45 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kEDH | SSL_aRSA | SSL_CAMELLIA | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+ /* Cipher 46 */
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+ TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
+ SSL_kEDH | SSL_aNULL | SSL_CAMELLIA | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+#endif /* OPENSSL_NO_CAMELLIA */
+
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
+ /* New TLS Export CipherSuites from expired ID */
+# if 0
+ /* Cipher 60 */
+ {
+ 1,
+ TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
+ TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_RC4 | SSL_MD5 | SSL_TLSV1,
+ SSL_EXPORT | SSL_EXP56,
+ 0,
+ 56,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+ /* Cipher 61 */
+ {
+ 1,
+ TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+ TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+ SSL_kRSA | SSL_aRSA | SSL_RC2 | SSL_MD5 | SSL_TLSV1,
+ SSL_EXPORT | SSL_EXP56,
+ 0,
+ 56,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+# endif
+ /* Cipher 62 */
+ {
+ 1,
+ TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+ TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_DES | SSL_SHA | SSL_TLSV1,
+ SSL_EXPORT | SSL_EXP56,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+ /* Cipher 63 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+ TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+ SSL_kEDH | SSL_aDSS | SSL_DES | SSL_SHA | SSL_TLSV1,
+ SSL_EXPORT | SSL_EXP56,
+ 0,
+ 56,
+ 56,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+ /* Cipher 64 */
+ {
+ 1,
+ TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+ TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_RC4 | SSL_SHA | SSL_TLSV1,
+ SSL_EXPORT | SSL_EXP56,
+ 0,
+ 56,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+ /* Cipher 65 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+ TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+ SSL_kEDH | SSL_aDSS | SSL_RC4 | SSL_SHA | SSL_TLSV1,
+ SSL_EXPORT | SSL_EXP56,
+ 0,
+ 56,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+ /* Cipher 66 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+ TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+ SSL_kEDH | SSL_aDSS | SSL_RC4 | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+#endif
+
+#ifndef OPENSSL_NO_CAMELLIA
+ /* Camellia ciphersuites from RFC4132 (256-bit portion) */
+
+ /* Cipher 84 */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_CAMELLIA | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+ /* Cipher 85 */
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kDHd | SSL_aDH | SSL_CAMELLIA | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+ /* Cipher 86 */
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kDHr | SSL_aDH | SSL_CAMELLIA | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+ /* Cipher 87 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kEDH | SSL_aDSS | SSL_CAMELLIA | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+ /* Cipher 88 */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kEDH | SSL_aRSA | SSL_CAMELLIA | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+ /* Cipher 89 */
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+ TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
+ SSL_kEDH | SSL_aNULL | SSL_CAMELLIA | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS},
+#endif /* OPENSSL_NO_CAMELLIA */
+
+#ifndef OPENSSL_NO_SEED
+ /* SEED ciphersuites from RFC4162 */
+
+ /* Cipher 96 */
+ {
+ 1,
+ TLS1_TXT_RSA_WITH_SEED_SHA,
+ TLS1_CK_RSA_WITH_SEED_SHA,
+ SSL_kRSA | SSL_aRSA | SSL_SEED | SSL_SHA1 | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 97 */
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ TLS1_TXT_DH_DSS_WITH_SEED_SHA,
+ TLS1_CK_DH_DSS_WITH_SEED_SHA,
+ SSL_kDHd | SSL_aDH | SSL_SEED | SSL_SHA1 | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 98 */
+ {
+ 0, /* not implemented (non-ephemeral DH) */
+ TLS1_TXT_DH_RSA_WITH_SEED_SHA,
+ TLS1_CK_DH_RSA_WITH_SEED_SHA,
+ SSL_kDHr | SSL_aDH | SSL_SEED | SSL_SHA1 | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 99 */
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+ TLS1_CK_DHE_DSS_WITH_SEED_SHA,
+ SSL_kEDH | SSL_aDSS | SSL_SEED | SSL_SHA1 | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 9A */
+ {
+ 1,
+ TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+ TLS1_CK_DHE_RSA_WITH_SEED_SHA,
+ SSL_kEDH | SSL_aRSA | SSL_SEED | SSL_SHA1 | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher 9B */
+ {
+ 1,
+ TLS1_TXT_ADH_WITH_SEED_SHA,
+ TLS1_CK_ADH_WITH_SEED_SHA,
+ SSL_kEDH | SSL_aNULL | SSL_SEED | SSL_SHA1 | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_MEDIUM,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+#endif /* OPENSSL_NO_SEED */
+
+#ifndef OPENSSL_NO_ECDH
+ /* Cipher C001 */
+ {
+ 1,
+ TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
+ TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
+ SSL_kECDH | SSL_aECDSA | SSL_eNULL | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C002 */
+ {
+ 1,
+ TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
+ TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
+ SSL_kECDH | SSL_aECDSA | SSL_RC4 | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C003 */
+ {
+ 1,
+ TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+ SSL_kECDH | SSL_aECDSA | SSL_3DES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C004 */
+ {
+ 1,
+ TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ SSL_kECDH | SSL_aECDSA | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C005 */
+ {
+ 1,
+ TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+ SSL_kECDH | SSL_aECDSA | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C006 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
+ SSL_kECDHE | SSL_aECDSA | SSL_eNULL | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C007 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
+ SSL_kECDHE | SSL_aECDSA | SSL_RC4 | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C008 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+ SSL_kECDHE | SSL_aECDSA | SSL_3DES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C009 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ SSL_kECDHE | SSL_aECDSA | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C00A */
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ SSL_kECDHE | SSL_aECDSA | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C00B */
+ {
+ 1,
+ TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
+ TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
+ SSL_kECDH | SSL_aRSA | SSL_eNULL | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C00C */
+ {
+ 1,
+ TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
+ TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
+ SSL_kECDH | SSL_aRSA | SSL_RC4 | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C00D */
+ {
+ 1,
+ TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+ SSL_kECDH | SSL_aRSA | SSL_3DES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C00E */
+ {
+ 1,
+ TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
+ SSL_kECDH | SSL_aRSA | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C00F */
+ {
+ 1,
+ TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ SSL_kECDH | SSL_aRSA | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C010 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+ SSL_kECDHE | SSL_aRSA | SSL_eNULL | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C011 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+ SSL_kECDHE | SSL_aRSA | SSL_RC4 | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C012 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+ SSL_kECDHE | SSL_aRSA | SSL_3DES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C013 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ SSL_kECDHE | SSL_aRSA | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C014 */
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ SSL_kECDHE | SSL_aRSA | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C015 */
+ {
+ 1,
+ TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+ TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+ SSL_kECDHE | SSL_aNULL | SSL_eNULL | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 0,
+ 0,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C016 */
+ {
+ 1,
+ TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+ TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+ SSL_kECDHE | SSL_aNULL | SSL_RC4 | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C017 */
+ {
+ 1,
+ TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+ TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+ SSL_kECDHE | SSL_aNULL | SSL_3DES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 168,
+ 168,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C018 */
+ {
+ 1,
+ TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+ TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+ SSL_kECDHE | SSL_aNULL | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 128,
+ 128,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+
+ /* Cipher C019 */
+ {
+ 1,
+ TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+ TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+ SSL_kECDHE | SSL_aNULL | SSL_AES | SSL_SHA | SSL_TLSV1,
+ SSL_NOT_EXP | SSL_HIGH,
+ 0,
+ 256,
+ 256,
+ SSL_ALL_CIPHERS,
+ SSL_ALL_STRENGTHS,
+ },
+#endif /* OPENSSL_NO_ECDH */
+
+/* end of list */
+};
+
+SSL3_ENC_METHOD SSLv3_enc_data = {
+ ssl3_enc,
+ ssl3_mac,
+ ssl3_setup_key_block,
+ ssl3_generate_master_secret,
+ ssl3_change_cipher_state,
+ ssl3_final_finish_mac,
+ MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+ ssl3_cert_verify_mac,
+ SSL3_MD_CLIENT_FINISHED_CONST, 4,
+ SSL3_MD_SERVER_FINISHED_CONST, 4,
+ ssl3_alert_code,
+};
+
+long ssl3_default_timeout(void)
+{
+ /*
+ * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
+ * http, the cache would over fill
+ */
+ return (60 * 60 * 2);
+}
+
+IMPLEMENT_ssl3_meth_func(sslv3_base_method,
+ ssl_undefined_function,
+ ssl_undefined_function, ssl_bad_method)
+
+int ssl3_num_ciphers(void)
+{
+ return (SSL3_NUM_CIPHERS);
+}
+
+SSL_CIPHER *ssl3_get_cipher(unsigned int u)
+{
+ if (u < SSL3_NUM_CIPHERS)
+ return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
+ else
+ return (NULL);
+}
+
+int ssl3_pending(const SSL *s)
+{
+ if (s->rstate == SSL_ST_READ_BODY)
+ return 0;
+
+ return (s->s3->rrec.type ==
+ SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
+}
+
+int ssl3_new(SSL *s)
+{
+ SSL3_STATE *s3;
+
+ if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
+ goto err;
+ memset(s3, 0, sizeof *s3);
+ EVP_MD_CTX_init(&s3->finish_dgst1);
+ EVP_MD_CTX_init(&s3->finish_dgst2);
+ pq_64bit_init(&(s3->rrec.seq_num));
+ pq_64bit_init(&(s3->wrec.seq_num));
+
+ s->s3 = s3;
+
+ s->method->ssl_clear(s);
+ return (1);
+ err:
+ return (0);
+}
+
+void ssl3_free(SSL *s)
+{
+ if (s == NULL)
+ return;
+
+ ssl3_cleanup_key_block(s);
+ if (s->s3->rbuf.buf != NULL)
+ OPENSSL_free(s->s3->rbuf.buf);
+ if (s->s3->wbuf.buf != NULL)
+ OPENSSL_free(s->s3->wbuf.buf);
+ if (s->s3->rrec.comp != NULL)
+ OPENSSL_free(s->s3->rrec.comp);
+#ifndef OPENSSL_NO_DH
+ if (s->s3->tmp.dh != NULL)
+ DH_free(s->s3->tmp.dh);
+#endif
+#ifndef OPENSSL_NO_ECDH
+ if (s->s3->tmp.ecdh != NULL)
+ EC_KEY_free(s->s3->tmp.ecdh);
+#endif
+
+ if (s->s3->tmp.ca_names != NULL)
+ sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+ EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+ EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+ pq_64bit_free(&(s->s3->rrec.seq_num));
+ pq_64bit_free(&(s->s3->wrec.seq_num));
+
+ OPENSSL_cleanse(s->s3, sizeof *s->s3);
+ OPENSSL_free(s->s3);
+ s->s3 = NULL;
+}
+
+void ssl3_clear(SSL *s)
+{
+ unsigned char *rp, *wp;
+ size_t rlen, wlen;
+
+ ssl3_cleanup_key_block(s);
+ if (s->s3->tmp.ca_names != NULL)
+ sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free);
+
+ if (s->s3->rrec.comp != NULL) {
+ OPENSSL_free(s->s3->rrec.comp);
+ s->s3->rrec.comp = NULL;
+ }
+#ifndef OPENSSL_NO_DH
+ if (s->s3->tmp.dh != NULL) {
+ DH_free(s->s3->tmp.dh);
+ s->s3->tmp.dh = NULL;
+ }
+#endif
+#ifndef OPENSSL_NO_ECDH
+ if (s->s3->tmp.ecdh != NULL) {
+ EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
+ }
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+# ifndef OPENSSL_NO_EC
+ s->s3->is_probably_safari = 0;
+# endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
+
+ rp = s->s3->rbuf.buf;
+ wp = s->s3->wbuf.buf;
+ rlen = s->s3->rbuf.len;
+ wlen = s->s3->wbuf.len;
+
+ EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+ EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+
+ memset(s->s3, 0, sizeof *s->s3);
+ s->s3->rbuf.buf = rp;
+ s->s3->wbuf.buf = wp;
+ s->s3->rbuf.len = rlen;
+ s->s3->wbuf.len = wlen;
+
+ ssl_free_wbio_buffer(s);
+
+ s->packet_length = 0;
+ s->s3->renegotiate = 0;
+ s->s3->total_renegotiations = 0;
+ s->s3->num_renegotiations = 0;
+ s->s3->in_read_app_data = 0;
+ s->version = SSL3_VERSION;
+}
+
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+ int ret = 0;
+
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
+ if (
+# ifndef OPENSSL_NO_RSA
+ cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB ||
+# endif
+ 0) {
+ if (!ssl_cert_inst(&s->cert)) {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ }
+#endif
+
+ switch (cmd) {
+ case SSL_CTRL_GET_SESSION_REUSED:
+ ret = s->hit;
+ break;
+ case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
+ break;
+ case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
+ ret = s->s3->num_renegotiations;
+ break;
+ case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
+ ret = s->s3->num_renegotiations;
+ s->s3->num_renegotiations = 0;
+ break;
+ case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
+ ret = s->s3->total_renegotiations;
+ break;
+ case SSL_CTRL_GET_FLAGS:
+ ret = (int)(s->s3->flags);
+ break;
+#ifndef OPENSSL_NO_RSA
+ case SSL_CTRL_NEED_TMP_RSA:
+ if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
+ ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+ (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
+ (512 / 8))))
+ ret = 1;
+ break;
+ case SSL_CTRL_SET_TMP_RSA:
+ {
+ RSA *rsa = (RSA *)parg;
+ if (rsa == NULL) {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return (ret);
+ }
+ if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
+ return (ret);
+ }
+ if (s->cert->rsa_tmp != NULL)
+ RSA_free(s->cert->rsa_tmp);
+ s->cert->rsa_tmp = rsa;
+ ret = 1;
+ }
+ break;
+ case SSL_CTRL_SET_TMP_RSA_CB:
+ {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (ret);
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_DH
+ case SSL_CTRL_SET_TMP_DH:
+ {
+ DH *dh = (DH *)parg;
+ if (dh == NULL) {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return (ret);
+ }
+ if ((dh = DHparams_dup(dh)) == NULL) {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+ return (ret);
+ }
+ if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
+ if (!DH_generate_key(dh)) {
+ DH_free(dh);
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+ return (ret);
+ }
+ }
+ if (s->cert->dh_tmp != NULL)
+ DH_free(s->cert->dh_tmp);
+ s->cert->dh_tmp = dh;
+ ret = 1;
+ }
+ break;
+ case SSL_CTRL_SET_TMP_DH_CB:
+ {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (ret);
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_ECDH
+ case SSL_CTRL_SET_TMP_ECDH:
+ {
+ EC_KEY *ecdh = NULL;
+
+ if (parg == NULL) {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+ return (ret);
+ }
+ if (!EC_KEY_up_ref((EC_KEY *)parg)) {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
+ return (ret);
+ }
+ ecdh = (EC_KEY *)parg;
+ if (!(s->options & SSL_OP_SINGLE_ECDH_USE)) {
+ if (!EC_KEY_generate_key(ecdh)) {
+ EC_KEY_free(ecdh);
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_ECDH_LIB);
+ return (ret);
+ }
+ }
+ if (s->cert->ecdh_tmp != NULL)
+ EC_KEY_free(s->cert->ecdh_tmp);
+ s->cert->ecdh_tmp = ecdh;
+ ret = 1;
+ }
+ break;
+ case SSL_CTRL_SET_TMP_ECDH_CB:
+ {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (ret);
+ }
+ break;
+#endif /* !OPENSSL_NO_ECDH */
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL_CTRL_SET_TLSEXT_HOSTNAME:
+ if (larg == TLSEXT_NAMETYPE_host_name) {
+ if (s->tlsext_hostname != NULL)
+ OPENSSL_free(s->tlsext_hostname);
+ s->tlsext_hostname = NULL;
+
+ ret = 1;
+ if (parg == NULL)
+ break;
+ if (strlen((char *)parg) > TLSEXT_MAXLEN_host_name) {
+ SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+ return 0;
+ }
+ if ((s->tlsext_hostname = BUF_strdup((char *)parg)) == NULL) {
+ SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ } else {
+ SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
+ return 0;
+ }
+ break;
+ case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
+ s->tlsext_debug_arg = parg;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+ s->tlsext_status_type = larg;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
+ *(STACK_OF(X509_EXTENSION) **)parg = s->tlsext_ocsp_exts;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
+ s->tlsext_ocsp_exts = parg;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
+ *(STACK_OF(OCSP_RESPID) **)parg = s->tlsext_ocsp_ids;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
+ s->tlsext_ocsp_ids = parg;
+ ret = 1;
+ break;
+
+ case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
+ *(unsigned char **)parg = s->tlsext_ocsp_resp;
+ return s->tlsext_ocsp_resplen;
+
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
+ if (s->tlsext_ocsp_resp)
+ OPENSSL_free(s->tlsext_ocsp_resp);
+ s->tlsext_ocsp_resp = parg;
+ s->tlsext_ocsp_resplen = larg;
+ ret = 1;
+ break;
+
+#endif /* !OPENSSL_NO_TLSEXT */
+
+ case SSL_CTRL_CHECK_PROTO_VERSION:
+ /*
+ * For library-internal use; checks that the current protocol is the
+ * highest enabled version (according to s->ctx->method, as version
+ * negotiation may have changed s->method).
+ */
+ if (s->version == s->ctx->method->version)
+ return 1;
+ /*
+ * Apparently we're using a version-flexible SSL_METHOD (not at its
+ * highest protocol version).
+ */
+ if (s->ctx->method->version == SSLv23_method()->version) {
+#if TLS_MAX_VERSION != TLS1_VERSION
+# error Code needs update for SSLv23_method() support beyond TLS1_VERSION.
+#endif
+ if (!(s->options & SSL_OP_NO_TLSv1))
+ return s->version == TLS1_VERSION;
+ if (!(s->options & SSL_OP_NO_SSLv3))
+ return s->version == SSL3_VERSION;
+ if (!(s->options & SSL_OP_NO_SSLv2))
+ return s->version == SSL2_VERSION;
+ }
+ return 0; /* Unexpected state; fail closed. */
+
+ default:
+ break;
+ }
+ return (ret);
+}
+
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+ int ret = 0;
+
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
+ if (
+# ifndef OPENSSL_NO_RSA
+ cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+# endif
+# ifndef OPENSSL_NO_DSA
+ cmd == SSL_CTRL_SET_TMP_DH_CB ||
+# endif
+ 0) {
+ if (!ssl_cert_inst(&s->cert)) {
+ SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ }
+#endif
+
+ switch (cmd) {
+#ifndef OPENSSL_NO_RSA
+ case SSL_CTRL_SET_TMP_RSA_CB:
+ {
+ s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_DH
+ case SSL_CTRL_SET_TMP_DH_CB:
+ {
+ s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_ECDH
+ case SSL_CTRL_SET_TMP_ECDH_CB:
+ {
+ s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
+ s->tlsext_debug_cb = (void (*)(SSL *, int, int,
+ unsigned char *, int, void *))fp;
+ break;
+#endif
+ default:
+ break;
+ }
+ return (ret);
+}
+
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+ CERT *cert;
+
+ cert = ctx->cert;
+
+ switch (cmd) {
+#ifndef OPENSSL_NO_RSA
+ case SSL_CTRL_NEED_TMP_RSA:
+ if ((cert->rsa_tmp == NULL) &&
+ ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+ (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) >
+ (512 / 8)))
+ )
+ return (1);
+ else
+ return (0);
+ /* break; */
+ case SSL_CTRL_SET_TMP_RSA:
+ {
+ RSA *rsa;
+ int i;
+
+ rsa = (RSA *)parg;
+ i = 1;
+ if (rsa == NULL)
+ i = 0;
+ else {
+ if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
+ i = 0;
+ }
+ if (!i) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_RSA_LIB);
+ return (0);
+ } else {
+ if (cert->rsa_tmp != NULL)
+ RSA_free(cert->rsa_tmp);
+ cert->rsa_tmp = rsa;
+ return (1);
+ }
+ }
+ /* break; */
+ case SSL_CTRL_SET_TMP_RSA_CB:
+ {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (0);
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_DH
+ case SSL_CTRL_SET_TMP_DH:
+ {
+ DH *new = NULL, *dh;
+
+ dh = (DH *)parg;
+ if ((new = DHparams_dup(dh)) == NULL) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
+ return 0;
+ }
+ if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
+ if (!DH_generate_key(new)) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
+ DH_free(new);
+ return 0;
+ }
+ }
+ if (cert->dh_tmp != NULL)
+ DH_free(cert->dh_tmp);
+ cert->dh_tmp = new;
+ return 1;
+ }
+ /*
+ * break;
+ */
+ case SSL_CTRL_SET_TMP_DH_CB:
+ {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (0);
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_ECDH
+ case SSL_CTRL_SET_TMP_ECDH:
+ {
+ EC_KEY *ecdh = NULL;
+
+ if (parg == NULL) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
+ return 0;
+ }
+ ecdh = EC_KEY_dup((EC_KEY *)parg);
+ if (ecdh == NULL) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_EC_LIB);
+ return 0;
+ }
+ if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE)) {
+ if (!EC_KEY_generate_key(ecdh)) {
+ EC_KEY_free(ecdh);
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_ECDH_LIB);
+ return 0;
+ }
+ }
+
+ if (cert->ecdh_tmp != NULL) {
+ EC_KEY_free(cert->ecdh_tmp);
+ }
+ cert->ecdh_tmp = ecdh;
+ return 1;
+ }
+ /* break; */
+ case SSL_CTRL_SET_TMP_ECDH_CB:
+ {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (0);
+ }
+ break;
+#endif /* !OPENSSL_NO_ECDH */
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
+ ctx->tlsext_servername_arg = parg;
+ break;
+ case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
+ case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
+ {
+ unsigned char *keys = parg;
+ if (!keys)
+ return 48;
+ if (larg != 48) {
+ SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
+ return 0;
+ }
+ if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
+ memcpy(ctx->tlsext_tick_key_name, keys, 16);
+ memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
+ memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
+ } else {
+ memcpy(keys, ctx->tlsext_tick_key_name, 16);
+ memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
+ memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
+ }
+ return 1;
+ }
+
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
+ ctx->tlsext_status_arg = parg;
+ return 1;
+ break;
+
+#endif /* !OPENSSL_NO_TLSEXT */
+ /* A Thawte special :-) */
+ case SSL_CTRL_EXTRA_CHAIN_CERT:
+ if (ctx->extra_certs == NULL) {
+ if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
+ return (0);
+ }
+ sk_X509_push(ctx->extra_certs, (X509 *)parg);
+ break;
+
+ default:
+ return (0);
+ }
+ return (1);
+}
+
+long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+ CERT *cert;
+
+ cert = ctx->cert;
+
+ switch (cmd) {
+#ifndef OPENSSL_NO_RSA
+ case SSL_CTRL_SET_TMP_RSA_CB:
+ {
+ cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_DH
+ case SSL_CTRL_SET_TMP_DH_CB:
+ {
+ cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_ECDH
+ case SSL_CTRL_SET_TMP_ECDH_CB:
+ {
+ cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+ }
+ break;
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
+ ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp;
+ break;
+
+ case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
+ ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
+ break;
+
+ case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
+ ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *,
+ unsigned char *,
+ EVP_CIPHER_CTX *,
+ HMAC_CTX *, int))fp;
+ break;
+
+#endif
+
+ default:
+ return (0);
+ }
+ return (1);
+}
+
+/*
+ * This function needs to check if the ciphers required are actually
+ * available
+ */
+SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+{
+ SSL_CIPHER c, *cp;
+ unsigned long id;
+
+ id = 0x03000000L | ((unsigned long)p[0] << 8L) | (unsigned long)p[1];
+ c.id = id;
+ cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
+ (char *)ssl3_ciphers,
+ SSL3_NUM_CIPHERS, sizeof(SSL_CIPHER),
+ FP_ICC ssl_cipher_id_cmp);
+ if (cp == NULL || cp->valid == 0)
+ return NULL;
+ else
+ return cp;
+}
+
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
+{
+ long l;
+
+ if (p != NULL) {
+ l = c->id;
+ if ((l & 0xff000000) != 0x03000000)
+ return (0);
+ p[0] = ((unsigned char)(l >> 8L)) & 0xFF;
+ p[1] = ((unsigned char)(l)) & 0xFF;
+ }
+ return (2);
+}
+
+SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+ STACK_OF(SSL_CIPHER) *srvr)
+{
+ SSL_CIPHER *c, *ret = NULL;
+ STACK_OF(SSL_CIPHER) *prio, *allow;
+ int i, j, ok;
+
+ CERT *cert;
+ unsigned long alg, mask, emask;
+
+ /* Let's see which ciphers we can support */
+ cert = s->cert;
+
+#if 0
+ /*
+ * Do not set the compare functions, because this may lead to a
+ * reordering by "id". We want to keep the original ordering. We may pay
+ * a price in performance during sk_SSL_CIPHER_find(), but would have to
+ * pay with the price of sk_SSL_CIPHER_dup().
+ */
+ sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
+ sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
+#endif
+
+#ifdef CIPHER_DEBUG
+ printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
+ for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
+ c = sk_SSL_CIPHER_value(srvr, i);
+ printf("%p:%s\n", c, c->name);
+ }
+ printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
+ for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
+ c = sk_SSL_CIPHER_value(clnt, i);
+ printf("%p:%s\n", c, c->name);
+ }
+#endif
+
+ if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+ prio = srvr;
+ allow = clnt;
+ } else {
+ prio = clnt;
+ allow = srvr;
+ }
+
+ for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
+ c = sk_SSL_CIPHER_value(prio, i);
+
+ ssl_set_cert_masks(cert, c);
+ mask = cert->mask;
+ emask = cert->export_mask;
+
+#ifdef KSSL_DEBUG
+ printf("ssl3_choose_cipher %d alg= %lx\n", i, c->algorithms);
+#endif /* KSSL_DEBUG */
+
+ alg = c->algorithms & (SSL_MKEY_MASK | SSL_AUTH_MASK);
+#ifndef OPENSSL_NO_KRB5
+ if (alg & SSL_KRB5) {
+ if (!kssl_keytab_is_available(s->kssl_ctx))
+ continue;
+ }
+#endif /* OPENSSL_NO_KRB5 */
+ if (SSL_C_IS_EXPORT(c)) {
+ ok = ((alg & emask) == alg) ? 1 : 0;
+#ifdef CIPHER_DEBUG
+ printf("%d:[%08lX:%08lX]%p:%s (export)\n", ok, alg, emask,
+ c, c->name);
+#endif
+ } else {
+ ok = ((alg & mask) == alg) ? 1 : 0;
+#ifdef CIPHER_DEBUG
+ printf("%d:[%08lX:%08lX]%p:%s\n", ok, alg, mask, c, c->name);
+#endif
+ }
+
+ if (!ok)
+ continue;
+ j = sk_SSL_CIPHER_find(allow, c);
+ if (j >= 0) {
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+ if ((alg & SSL_kECDHE) && (alg & SSL_aECDSA)
+ && s->s3->is_probably_safari) {
+ if (!ret)
+ ret = sk_SSL_CIPHER_value(allow, j);
+ continue;
+ }
+#endif
+ ret = sk_SSL_CIPHER_value(allow, j);
+ break;
+ }
+ }
+ return (ret);
+}
+
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
+{
+ int ret = 0;
+ unsigned long alg;
+
+ alg = s->s3->tmp.new_cipher->algorithms;
+
+#ifndef OPENSSL_NO_DH
+ if (alg & (SSL_kDHr | SSL_kEDH)) {
+# ifndef OPENSSL_NO_RSA
+ p[ret++] = SSL3_CT_RSA_FIXED_DH;
+# endif
+# ifndef OPENSSL_NO_DSA
+ p[ret++] = SSL3_CT_DSS_FIXED_DH;
+# endif
+ }
+ if ((s->version == SSL3_VERSION) &&
+ (alg & (SSL_kEDH | SSL_kDHd | SSL_kDHr))) {
+# ifndef OPENSSL_NO_RSA
+ p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
+# endif
+# ifndef OPENSSL_NO_DSA
+ p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
+# endif
+ }
+#endif /* !OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_RSA
+ p[ret++] = SSL3_CT_RSA_SIGN;
+#endif
+#ifndef OPENSSL_NO_DSA
+ p[ret++] = SSL3_CT_DSS_SIGN;
+#endif
+#ifndef OPENSSL_NO_ECDH
+ /*
+ * We should ask for fixed ECDH certificates only for SSL_kECDH (and not
+ * SSL_kECDHE)
+ */
+ if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION)) {
+ p[ret++] = TLS_CT_RSA_FIXED_ECDH;
+ p[ret++] = TLS_CT_ECDSA_FIXED_ECDH;
+ }
+#endif
+
+#ifndef OPENSSL_NO_ECDSA
+ /*
+ * ECDSA certs can be used with RSA cipher suites as well so we don't
+ * need to check for SSL_kECDH or SSL_kECDHE
+ */
+ if (s->version >= TLS1_VERSION) {
+ p[ret++] = TLS_CT_ECDSA_SIGN;
+ }
+#endif
+ return (ret);
+}
+
+int ssl3_shutdown(SSL *s)
+{
+ int ret;
+
+ /*
+ * Don't do anything much if we have not done the handshake or we don't
+ * want to send messages :-)
+ */
+ if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) {
+ s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+ return (1);
+ }
+
+ if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
+ s->shutdown |= SSL_SENT_SHUTDOWN;
+#if 1
+ ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
+#endif
+ /*
+ * our shutdown alert has been sent now, and if it still needs to be
+ * written, s->s3->alert_dispatch will be true
+ */
+ if (s->s3->alert_dispatch)
+ return (-1); /* return WANT_WRITE */
+ } else if (s->s3->alert_dispatch) {
+ /* resend it if not sent */
+#if 1
+ ret = s->method->ssl_dispatch_alert(s);
+ if (ret == -1) {
+ /*
+ * we only get to return -1 here the 2nd/Nth invocation, we must
+ * have already signalled return 0 upon a previous invoation,
+ * return WANT_WRITE
+ */
+ return (ret);
+ }
+#endif
+ } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+ /*
+ * If we are waiting for a close from our peer, we are closed
+ */
+ s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
+ if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+ return (-1); /* return WANT_READ */
+ }
+ }
+
+ if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
+ !s->s3->alert_dispatch)
+ return (1);
+ else
+ return (0);
+}
+
+int ssl3_write(SSL *s, const void *buf, int len)
+{
+ int ret, n;
+
+#if 0
+ if (s->shutdown & SSL_SEND_SHUTDOWN) {
+ s->rwstate = SSL_NOTHING;
+ return (0);
+ }
+#endif
+ clear_sys_error();
+ if (s->s3->renegotiate)
+ ssl3_renegotiate_check(s);
+
+ /*
+ * This is an experimental flag that sends the last handshake message in
+ * the same packet as the first use data - used to see if it helps the
+ * TCP protocol during session-id reuse
+ */
+ /* The second test is because the buffer may have been removed */
+ if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) {
+ /* First time through, we write into the buffer */
+ if (s->s3->delay_buf_pop_ret == 0) {
+ ret = ssl3_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len);
+ if (ret <= 0)
+ return (ret);
+
+ s->s3->delay_buf_pop_ret = ret;
+ }
+
+ s->rwstate = SSL_WRITING;
+ n = BIO_flush(s->wbio);
+ if (n <= 0)
+ return (n);
+ s->rwstate = SSL_NOTHING;
+
+ /* We have flushed the buffer, so remove it */
+ ssl_free_wbio_buffer(s);
+ s->s3->flags &= ~SSL3_FLAGS_POP_BUFFER;
+
+ ret = s->s3->delay_buf_pop_ret;
+ s->s3->delay_buf_pop_ret = 0;
+ } else {
+ ret = s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
+ buf, len);
+ if (ret <= 0)
+ return (ret);
+ }
+
+ return (ret);
+}
+
+static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
+{
+ int ret;
+
+ clear_sys_error();
+ if (s->s3->renegotiate)
+ ssl3_renegotiate_check(s);
+ s->s3->in_read_app_data = 1;
+ ret =
+ s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
+ peek);
+ if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
+ /*
+ * ssl3_read_bytes decided to call s->handshake_func, which called
+ * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
+ * actually found application data and thinks that application data
+ * makes sense here; so disable handshake processing and try to read
+ * application data again.
+ */
+ s->in_handshake++;
+ ret =
+ s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
+ peek);
+ s->in_handshake--;
+ } else
+ s->s3->in_read_app_data = 0;
+
+ return (ret);
+}
+
+int ssl3_read(SSL *s, void *buf, int len)
+{
+ return ssl3_read_internal(s, buf, len, 0);
+}
+
+int ssl3_peek(SSL *s, void *buf, int len)
+{
+ return ssl3_read_internal(s, buf, len, 1);
+}
+
+int ssl3_renegotiate(SSL *s)
+{
+ if (s->handshake_func == NULL)
+ return (1);
+
+ if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+ return (0);
+
+ s->s3->renegotiate = 1;
+ return (1);
+}
+
+int ssl3_renegotiate_check(SSL *s)
+{
+ int ret = 0;
+
+ if (s->s3->renegotiate) {
+ if ((s->s3->rbuf.left == 0) &&
+ (s->s3->wbuf.left == 0) && !SSL_in_init(s)) {
+ /*
+ * if we are the server, and we have sent a 'RENEGOTIATE'
+ * message, we need to go to SSL_ST_ACCEPT.
+ */
+ /* SSL_ST_ACCEPT */
+ s->state = SSL_ST_RENEGOTIATE;
+ s->s3->renegotiate = 0;
+ s->s3->num_renegotiations++;
+ s->s3->total_renegotiations++;
+ ret = 1;
+ }
+ }
+ return (ret);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s3_meth.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s3_meth.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,77 +0,0 @@
-/* ssl/s3_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *ssl3_get_method(int ver);
-static SSL_METHOD *ssl3_get_method(int ver)
- {
- if (ver == SSL3_VERSION)
- return(SSLv3_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl3_meth_func(SSLv3_method,
- ssl3_accept,
- ssl3_connect,
- ssl3_get_method)
-
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s3_meth.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s3_meth.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s3_meth.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,73 @@
+/* ssl/s3_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+static SSL_METHOD *ssl3_get_method(int ver);
+static SSL_METHOD *ssl3_get_method(int ver)
+{
+ if (ver == SSL3_VERSION)
+ return (SSLv3_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_ssl3_meth_func(SSLv3_method,
+ ssl3_accept, ssl3_connect, ssl3_get_method)
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s3_pkt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s3_pkt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_pkt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1418 +0,0 @@
-/* ssl/s3_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
- unsigned int len, int create_empty_fragment);
-static int ssl3_get_record(SSL *s);
-
-int ssl3_read_n(SSL *s, int n, int max, int extend)
- {
- /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
- * packet by another n bytes.
- * The packet will be in the sub-array of s->s3->rbuf.buf specified
- * by s->packet and s->packet_length.
- * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
- * [plus s->packet_length bytes if extend == 1].)
- */
- int i,off,newb;
-
- if (!extend)
- {
- /* start with empty packet ... */
- if (s->s3->rbuf.left == 0)
- s->s3->rbuf.offset = 0;
- s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
- s->packet_length = 0;
- /* ... now we can act as if 'extend' was set */
- }
-
- /* For DTLS/UDP reads should not span multiple packets
- * because the read operation returns the whole packet
- * at once (as long as it fits into the buffer). */
- if (SSL_version(s) == DTLS1_VERSION)
- {
- if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
- n = s->s3->rbuf.left;
- }
-
- /* if there is enough in the buffer from a previous read, take some */
- if (s->s3->rbuf.left >= (int)n)
- {
- s->packet_length+=n;
- s->s3->rbuf.left-=n;
- s->s3->rbuf.offset+=n;
- return(n);
- }
-
- /* else we need to read more data */
- if (!s->read_ahead)
- max=n;
-
- {
- /* avoid buffer overflow */
- int max_max = s->s3->rbuf.len - s->packet_length;
- if (max > max_max)
- max = max_max;
- }
- if (n > max) /* does not happen */
- {
- SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
- return -1;
- }
-
- off = s->packet_length;
- newb = s->s3->rbuf.left;
- /* Move any available bytes to front of buffer:
- * 'off' bytes already pointed to by 'packet',
- * 'newb' extra ones at the end */
- if (s->packet != s->s3->rbuf.buf)
- {
- /* off > 0 */
- memmove(s->s3->rbuf.buf, s->packet, off+newb);
- s->packet = s->s3->rbuf.buf;
- }
-
- while (newb < n)
- {
- /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
- * to read in more until we have off+n (up to off+max if possible) */
-
- clear_sys_error();
- if (s->rbio != NULL)
- {
- s->rwstate=SSL_READING;
- i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb);
- }
- else
- {
- SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
- i = -1;
- }
-
- if (i <= 0)
- {
- s->s3->rbuf.left = newb;
- return(i);
- }
- newb+=i;
- /* reads should *never* span multiple packets for DTLS because
- * the underlying transport protocol is message oriented as opposed
- * to byte oriented as in the TLS case. */
- if (SSL_version(s) == DTLS1_VERSION)
- {
- if (n > newb)
- n = newb; /* makes the while condition false */
- }
- }
-
- /* done reading, now the book-keeping */
- s->s3->rbuf.offset = off + n;
- s->s3->rbuf.left = newb - n;
- s->packet_length += n;
- s->rwstate=SSL_NOTHING;
- return(n);
- }
-
-/* MAX_EMPTY_RECORDS defines the number of consecutive, empty records that will
- * be processed per call to ssl3_get_record. Without this limit an attacker
- * could send empty records at a faster rate than we can process and cause
- * ssl3_get_record to loop forever. */
-#define MAX_EMPTY_RECORDS 32
-
-/* Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type - is the type of record
- * ssl->s3->rrec.data, - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by ssl3_read_bytes */
-static int ssl3_get_record(SSL *s)
- {
- int ssl_major,ssl_minor,al;
- int enc_err,n,i,ret= -1;
- SSL3_RECORD *rr;
- SSL_SESSION *sess;
- unsigned char *p;
- unsigned char md[EVP_MAX_MD_SIZE];
- short version;
- unsigned mac_size, orig_len;
- size_t extra;
- unsigned empty_record_count = 0;
-
- rr= &(s->s3->rrec);
- sess=s->session;
-
- if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
- extra=SSL3_RT_MAX_EXTRA;
- else
- extra=0;
- if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)
- {
- /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
- * set after ssl3_setup_buffers() was done */
- SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
- return -1;
- }
-
-again:
- /* check if we have the header */
- if ( (s->rstate != SSL_ST_READ_BODY) ||
- (s->packet_length < SSL3_RT_HEADER_LENGTH))
- {
- n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
- if (n <= 0) return(n); /* error or non-blocking */
- s->rstate=SSL_ST_READ_BODY;
-
- p=s->packet;
-
- /* Pull apart the header into the SSL3_RECORD */
- rr->type= *(p++);
- ssl_major= *(p++);
- ssl_minor= *(p++);
- version=(ssl_major<<8)|ssl_minor;
- n2s(p,rr->length);
-
- /* Lets check version */
- if (!s->first_packet)
- {
- if (version != s->version)
- {
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
- if ((s->version & 0xFF00) == (version & 0xFF00))
- /* Send back error using their minor version number :-) */
- s->version = (unsigned short)version;
- al=SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
- }
-
- if ((version>>8) != SSL3_VERSION_MAJOR)
- {
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
- goto err;
- }
-
- if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- /* now s->rstate == SSL_ST_READ_BODY */
- }
-
- /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-
- if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
- {
- /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
- i=rr->length;
- n=ssl3_read_n(s,i,i,1);
- if (n <= 0) return(n); /* error or non-blocking io */
- /* now n == rr->length,
- * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
- }
-
- s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
-
- /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
- * and we have that many bytes in s->packet
- */
- rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
-
- /* ok, we can now read from 's->packet' data into 'rr'
- * rr->input points at rr->length bytes, which
- * need to be copied into rr->data by either
- * the decryption or by the decompression
- * When the data is 'copied' into the rr->data buffer,
- * rr->input will be pointed at the new buffer */
-
- /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
- * rr->length bytes of encrypted compressed stuff. */
-
- /* check is not needed I believe */
- if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- /* decrypt in place in 'rr->input' */
- rr->data=rr->input;
-
- enc_err = s->method->ssl3_enc->enc(s,0);
- /* enc_err is:
- * 0: (in non-constant time) if the record is publically invalid.
- * 1: if the padding is valid
- * -1: if the padding is invalid */
- if (enc_err == 0)
- {
- al=SSL_AD_DECRYPTION_FAILED;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- goto f_err;
- }
-
-#ifdef TLS_DEBUG
-printf("dec %d\n",rr->length);
-{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
- /* r->length is now the compressed data plus mac */
- if ((sess != NULL) &&
- (s->enc_read_ctx != NULL) &&
- (s->read_hash != NULL))
- {
- /* s->read_hash != NULL => mac_size != -1 */
- unsigned char *mac = NULL;
- unsigned char mac_tmp[EVP_MAX_MD_SIZE];
- mac_size=EVP_MD_size(s->read_hash);
- OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
-
- /* kludge: *_cbc_remove_padding passes padding length in rr->type */
- orig_len = rr->length+((unsigned int)rr->type>>8);
-
- /* orig_len is the length of the record before any padding was
- * removed. This is public information, as is the MAC in use,
- * therefore we can safely process the record in a different
- * amount of time if it's too short to possibly contain a MAC.
- */
- if (orig_len < mac_size ||
- /* CBC records must have a padding length byte too. */
- (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
- orig_len < mac_size+1))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
- }
-
- if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
- {
- /* We update the length so that the TLS header bytes
- * can be constructed correctly but we need to extract
- * the MAC in constant time from within the record,
- * without leaking the contents of the padding bytes.
- * */
- mac = mac_tmp;
- ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
- rr->length -= mac_size;
- }
- else
- {
- /* In this case there's no padding, so |orig_len|
- * equals |rec->length| and we checked that there's
- * enough bytes for |mac_size| above. */
- rr->length -= mac_size;
- mac = &rr->data[rr->length];
- }
-
- i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
- if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
- enc_err = -1;
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
- enc_err = -1;
- }
-
- if (enc_err < 0)
- {
- /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
- * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
- * failure is directly visible from the ciphertext anyway,
- * we should not reveal which kind of error occured -- this
- * might become visible to an attacker (e.g. via a logfile) */
- al=SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
- goto f_err;
- }
-
- /* r->length is now just compressed */
- if (s->expand != NULL)
- {
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
- goto f_err;
- }
- if (!ssl3_do_uncompress(s))
- {
- al=SSL_AD_DECOMPRESSION_FAILURE;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
- goto f_err;
- }
- }
-
- if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- rr->off=0;
- /* So at this point the following is true
- * ssl->s3->rrec.type is the type of record
- * ssl->s3->rrec.length == number of bytes in record
- * ssl->s3->rrec.off == offset to first valid byte
- * ssl->s3->rrec.data == where to take bytes from, increment
- * after use :-).
- */
-
- /* we have pulled in a full packet so zero things */
- s->packet_length=0;
-
- /* just read a 0 length packet */
- if (rr->length == 0)
- {
- empty_record_count++;
- if (empty_record_count > MAX_EMPTY_RECORDS)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_RECORD_TOO_SMALL);
- goto f_err;
- }
- goto again;
- }
-
- return(1);
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(ret);
- }
-
-int ssl3_do_uncompress(SSL *ssl)
- {
-#ifndef OPENSSL_NO_COMP
- int i;
- SSL3_RECORD *rr;
-
- rr= &(ssl->s3->rrec);
- i=COMP_expand_block(ssl->expand,rr->comp,
- SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
- if (i < 0)
- return(0);
- else
- rr->length=i;
- rr->data=rr->comp;
-#endif
- return(1);
- }
-
-int ssl3_do_compress(SSL *ssl)
- {
-#ifndef OPENSSL_NO_COMP
- int i;
- SSL3_RECORD *wr;
-
- wr= &(ssl->s3->wrec);
- i=COMP_compress_block(ssl->compress,wr->data,
- SSL3_RT_MAX_COMPRESSED_LENGTH,
- wr->input,(int)wr->length);
- if (i < 0)
- return(0);
- else
- wr->length=i;
-
- wr->input=wr->data;
-#endif
- return(1);
- }
-
-/* Call this to write data in records of type 'type'
- * It will return <= 0 if not all data has been sent or non-blocking IO.
- */
-int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
- {
- const unsigned char *buf=buf_;
- unsigned int n,nw;
- int i,tot;
-
- s->rwstate=SSL_NOTHING;
- OPENSSL_assert(s->s3->wnum <= INT_MAX);
- tot=s->s3->wnum;
- s->s3->wnum=0;
-
- if (SSL_in_init(s) && !s->in_handshake)
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return -1;
- }
- }
-
- /* ensure that if we end up with a smaller value of data to write
- * out than the the original len from a write which didn't complete
- * for non-blocking I/O and also somehow ended up avoiding
- * the check for this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as
- * it must never be possible to end up with (len-tot) as a large
- * number that will then promptly send beyond the end of the users
- * buffer ... so we trap and report the error in a way the user
- * will notice
- */
- if (len < tot)
- {
- SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_BAD_LENGTH);
- return(-1);
- }
-
-
- n=(len-tot);
- for (;;)
- {
- if (n > SSL3_RT_MAX_PLAIN_LENGTH)
- nw=SSL3_RT_MAX_PLAIN_LENGTH;
- else
- nw=n;
-
- i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
- if (i <= 0)
- {
- s->s3->wnum=tot;
- return i;
- }
-
- if ((i == (int)n) ||
- (type == SSL3_RT_APPLICATION_DATA &&
- (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
- {
- /* next chunk of data should get another prepended empty fragment
- * in ciphersuites with known-IV weakness: */
- s->s3->empty_fragment_done = 0;
-
- return tot+i;
- }
-
- n-=i;
- tot+=i;
- }
- }
-
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
- unsigned int len, int create_empty_fragment)
- {
- unsigned char *p,*plen;
- int i,mac_size,clear=0;
- int prefix_len = 0;
- SSL3_RECORD *wr;
- SSL3_BUFFER *wb;
- SSL_SESSION *sess;
-
- /* first check if there is a SSL3_BUFFER still being written
- * out. This will happen with non blocking IO */
- if (s->s3->wbuf.left != 0)
- return(ssl3_write_pending(s,type,buf,len));
-
- /* If we have an alert to send, lets send it */
- if (s->s3->alert_dispatch)
- {
- i=s->method->ssl_dispatch_alert(s);
- if (i <= 0)
- return(i);
- /* if it went, fall through and send more stuff */
- }
-
- if (len == 0 && !create_empty_fragment)
- return 0;
-
- wr= &(s->s3->wrec);
- wb= &(s->s3->wbuf);
- sess=s->session;
-
- if ( (sess == NULL) ||
- (s->enc_write_ctx == NULL) ||
- (s->write_hash == NULL))
- clear=1;
-
- if (clear)
- mac_size=0;
- else
- mac_size=EVP_MD_size(s->write_hash);
-
- /* 'create_empty_fragment' is true only when this function calls itself */
- if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
- {
- /* countermeasure against known-IV weakness in CBC ciphersuites
- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
-
- if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
- {
- /* recursive function call with 'create_empty_fragment' set;
- * this prepares and buffers the data for an empty fragment
- * (these 'prefix_len' bytes are sent out later
- * together with the actual payload) */
- prefix_len = do_ssl3_write(s, type, buf, 0, 1);
- if (prefix_len <= 0)
- goto err;
-
- if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
- {
- /* insufficient space */
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- s->s3->empty_fragment_done = 1;
- }
-
- p = wb->buf + prefix_len;
-
- /* write the header */
-
- *(p++)=type&0xff;
- wr->type=type;
-
- *(p++)=(s->version>>8);
- *(p++)=s->version&0xff;
-
- /* field where we are to write out packet length */
- plen=p;
- p+=2;
-
- /* lets setup the record stuff. */
- wr->data=p;
- wr->length=(int)len;
- wr->input=(unsigned char *)buf;
-
- /* we now 'read' from wr->input, wr->length bytes into
- * wr->data */
-
- /* first we compress */
- if (s->compress != NULL)
- {
- if (!ssl3_do_compress(s))
- {
- SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
- goto err;
- }
- }
- else
- {
- memcpy(wr->data,wr->input,wr->length);
- wr->input=wr->data;
- }
-
- /* we should still have the output to wr->data and the input
- * from wr->input. Length should be wr->length.
- * wr->data still points in the wb->buf */
-
- if (mac_size != 0)
- {
- s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
- wr->length+=mac_size;
- wr->input=p;
- wr->data=p;
- }
-
- /* ssl3_enc can only have an error on read */
- s->method->ssl3_enc->enc(s,1);
-
- /* record length after mac and block padding */
- s2n(wr->length,plen);
-
- /* we should now have
- * wr->data pointing to the encrypted data, which is
- * wr->length long */
- wr->type=type; /* not needed but helps for debugging */
- wr->length+=SSL3_RT_HEADER_LENGTH;
-
- if (create_empty_fragment)
- {
- /* we are in a recursive call;
- * just return the length, don't write out anything here
- */
- return wr->length;
- }
-
- /* now let's set up wb */
- wb->left = prefix_len + wr->length;
- wb->offset = 0;
-
- /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
- s->s3->wpend_tot=len;
- s->s3->wpend_buf=buf;
- s->s3->wpend_type=type;
- s->s3->wpend_ret=len;
-
- /* we now just need to write the buffer */
- return ssl3_write_pending(s,type,buf,len);
-err:
- return -1;
- }
-
-/* if s->s3->wbuf.left != 0, we need to call this */
-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
- unsigned int len)
- {
- int i;
-
-/* XXXX */
- if ((s->s3->wpend_tot > (int)len)
- || ((s->s3->wpend_buf != buf) &&
- !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
- || (s->s3->wpend_type != type))
- {
- SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
- return(-1);
- }
-
- for (;;)
- {
- clear_sys_error();
- if (s->wbio != NULL)
- {
- s->rwstate=SSL_WRITING;
- i=BIO_write(s->wbio,
- (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
- (unsigned int)s->s3->wbuf.left);
- }
- else
- {
- SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
- i= -1;
- }
- if (i == s->s3->wbuf.left)
- {
- s->s3->wbuf.left=0;
- s->rwstate=SSL_NOTHING;
- return(s->s3->wpend_ret);
- }
- else if (i <= 0) {
- if (s->version == DTLS1_VERSION ||
- s->version == DTLS1_BAD_VER) {
- /* For DTLS, just drop it. That's kind of the whole
- point in using a datagram service */
- s->s3->wbuf.left = 0;
- }
- return(i);
- }
- s->s3->wbuf.offset+=i;
- s->s3->wbuf.left-=i;
- }
- }
-
-/* Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- * - 0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- * Change cipher spec protocol
- * just 1 byte needed, no need for keeping anything stored
- * Alert protocol
- * 2 bytes needed (AlertLevel, AlertDescription)
- * Handshake protocol
- * 4 bytes needed (HandshakeType, uint24 length) -- we just have
- * to detect unexpected Client Hello and Hello Request messages
- * here, anything else is handled by higher layers
- * Application data protocol
- * none of our business
- */
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
- {
- int al,i,j,ret;
- unsigned int n;
- SSL3_RECORD *rr;
- void (*cb)(const SSL *ssl,int type2,int val)=NULL;
-
- if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
- if (!ssl3_setup_buffers(s))
- return(-1);
-
- if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE)) ||
- (peek && (type != SSL3_RT_APPLICATION_DATA)))
- {
- SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
- return -1;
- }
-
- if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
- /* (partially) satisfy request from storage */
- {
- unsigned char *src = s->s3->handshake_fragment;
- unsigned char *dst = buf;
- unsigned int k;
-
- /* peek == 0 */
- n = 0;
- while ((len > 0) && (s->s3->handshake_fragment_len > 0))
- {
- *dst++ = *src++;
- len--; s->s3->handshake_fragment_len--;
- n++;
- }
- /* move any remaining fragment bytes: */
- for (k = 0; k < s->s3->handshake_fragment_len; k++)
- s->s3->handshake_fragment[k] = *src++;
- return n;
- }
-
- /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
-
- if (!s->in_handshake && SSL_in_init(s))
- {
- /* type == SSL3_RT_APPLICATION_DATA */
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- }
-start:
- s->rwstate=SSL_NOTHING;
-
- /* s->s3->rrec.type - is the type of record
- * s->s3->rrec.data, - data
- * s->s3->rrec.off, - offset into 'data' for next read
- * s->s3->rrec.length, - number of bytes. */
- rr = &(s->s3->rrec);
-
- /* get new packet if necessary */
- if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
- {
- ret=ssl3_get_record(s);
- if (ret <= 0) return(ret);
- }
-
- /* we now have a packet which can be read and processed */
-
- if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
- * reset by ssl3_get_finished */
- && (rr->type != SSL3_RT_HANDSHAKE))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
- goto f_err;
- }
-
- /* If the other end has shut down, throw anything we read away
- * (even in 'peek' mode) */
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
- {
- rr->length=0;
- s->rwstate=SSL_NOTHING;
- return(0);
- }
-
-
- if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
- {
- /* make sure that we are not getting application data when we
- * are doing a handshake for the first time */
- if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
- (s->enc_read_ctx == NULL))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
- goto f_err;
- }
-
- if (len <= 0) return(len);
-
- if ((unsigned int)len > rr->length)
- n = rr->length;
- else
- n = (unsigned int)len;
-
- memcpy(buf,&(rr->data[rr->off]),n);
- if (!peek)
- {
- rr->length-=n;
- rr->off+=n;
- if (rr->length == 0)
- {
- s->rstate=SSL_ST_READ_HEADER;
- rr->off=0;
- }
- }
- return(n);
- }
-
-
- /* If we get here, then type != rr->type; if we have a handshake
- * message, then it was unexpected (Hello Request or Client Hello). */
-
- /* In case of record types for which we have 'fragment' storage,
- * fill that so that we can process the data at a fixed place.
- */
- {
- unsigned int dest_maxlen = 0;
- unsigned char *dest = NULL;
- unsigned int *dest_len = NULL;
-
- if (rr->type == SSL3_RT_HANDSHAKE)
- {
- dest_maxlen = sizeof s->s3->handshake_fragment;
- dest = s->s3->handshake_fragment;
- dest_len = &s->s3->handshake_fragment_len;
- }
- else if (rr->type == SSL3_RT_ALERT)
- {
- dest_maxlen = sizeof s->s3->alert_fragment;
- dest = s->s3->alert_fragment;
- dest_len = &s->s3->alert_fragment_len;
- }
-
- if (dest_maxlen > 0)
- {
- n = dest_maxlen - *dest_len; /* available space in 'dest' */
- if (rr->length < n)
- n = rr->length; /* available bytes */
-
- /* now move 'n' bytes: */
- while (n-- > 0)
- {
- dest[(*dest_len)++] = rr->data[rr->off++];
- rr->length--;
- }
-
- if (*dest_len < dest_maxlen)
- goto start; /* fragment was too small */
- }
- }
-
- /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
- * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
- * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
-
- /* If we are a client, check for an incoming 'Hello Request': */
- if ((!s->server) &&
- (s->s3->handshake_fragment_len >= 4) &&
- (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
- (s->session != NULL) && (s->session->cipher != NULL))
- {
- s->s3->handshake_fragment_len = 0;
-
- if ((s->s3->handshake_fragment[1] != 0) ||
- (s->s3->handshake_fragment[2] != 0) ||
- (s->s3->handshake_fragment[3] != 0))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
- goto f_err;
- }
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
-
- if (SSL_is_init_finished(s) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !s->s3->renegotiate)
- {
- ssl3_renegotiate(s);
- if (ssl3_renegotiate_check(s))
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
-
- if (!(s->mode & SSL_MODE_AUTO_RETRY))
- {
- if (s->s3->rbuf.left == 0) /* no read-ahead left? */
- {
- BIO *bio;
- /* In the case where we try to read application data,
- * but we trigger an SSL handshake, we return -1 with
- * the retry option set. Otherwise renegotiation may
- * cause nasty problems in the blocking world */
- s->rwstate=SSL_READING;
- bio=SSL_get_rbio(s);
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
- }
- }
- }
- }
- /* we either finished a handshake or ignored the request,
- * now try again to obtain the (application) data we were asked for */
- goto start;
- }
- /* If we are a server and get a client hello when renegotiation isn't
- * allowed send back a no renegotiation alert and carry on.
- * WARNING: experimental code, needs reviewing (steve)
- */
- if (s->server &&
- SSL_is_init_finished(s) &&
- !s->s3->send_connection_binding &&
- (s->version > SSL3_VERSION) &&
- (s->s3->handshake_fragment_len >= 4) &&
- (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
- (s->session != NULL) && (s->session->cipher != NULL) &&
- !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
-
- {
- /*s->s3->handshake_fragment_len = 0;*/
- rr->length = 0;
- ssl3_send_alert(s,SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
- goto start;
- }
- if (s->s3->alert_fragment_len >= 2)
- {
- int alert_level = s->s3->alert_fragment[0];
- int alert_descr = s->s3->alert_fragment[1];
-
- s->s3->alert_fragment_len = 0;
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- if (cb != NULL)
- {
- j = (alert_level << 8) | alert_descr;
- cb(s, SSL_CB_READ_ALERT, j);
- }
-
- if (alert_level == 1) /* warning */
- {
- s->s3->warn_alert = alert_descr;
- if (alert_descr == SSL_AD_CLOSE_NOTIFY)
- {
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return(0);
- }
- /* This is a warning but we receive it if we requested
- * renegotiation and the peer denied it. Terminate with
- * a fatal alert because if application tried to
- * renegotiatie it presumably had a good reason and
- * expects it to succeed.
- *
- * In future we might have a renegotiation where we
- * don't care if the peer refused it where we carry on.
- */
- else if (alert_descr == SSL_AD_NO_RENEGOTIATION)
- {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
- goto f_err;
- }
- }
- else if (alert_level == 2) /* fatal */
- {
- char tmp[16];
-
- s->rwstate=SSL_NOTHING;
- s->s3->fatal_alert = alert_descr;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
- BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
- ERR_add_error_data(2,"SSL alert number ",tmp);
- s->shutdown|=SSL_RECEIVED_SHUTDOWN;
- SSL_CTX_remove_session(s->ctx,s->session);
- return(0);
- }
- else
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
- }
-
- goto start;
- }
-
- if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
- {
- s->rwstate=SSL_NOTHING;
- rr->length=0;
- return(0);
- }
-
- if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
- {
- /* 'Change Cipher Spec' is just a single byte, so we know
- * exactly what the record payload has to look like */
- if ( (rr->length != 1) || (rr->off != 0) ||
- (rr->data[0] != SSL3_MT_CCS))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
- goto f_err;
- }
-
- /* Check we have a cipher to change to */
- if (s->s3->tmp.new_cipher == NULL)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
- goto f_err;
- }
-
- if (!(s->s3->flags & SSL3_FLAGS_CCS_OK))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
- goto f_err;
- }
-
- s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-
- rr->length=0;
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
-
- s->s3->change_cipher_spec=1;
- if (!ssl3_do_change_cipher_spec(s))
- goto err;
- else
- goto start;
- }
-
- /* Unexpected handshake message (Client Hello, or protocol violation) */
- if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
- {
- if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
- {
-#if 0 /* worked only because C operator preferences are not as expected (and
- * because this is not really needed for clients except for detecting
- * protocol violations): */
- s->state=SSL_ST_BEFORE|(s->server)
- ?SSL_ST_ACCEPT
- :SSL_ST_CONNECT;
-#else
- s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
- s->new_session=1;
- }
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
-
- if (!(s->mode & SSL_MODE_AUTO_RETRY))
- {
- if (s->s3->rbuf.left == 0) /* no read-ahead left? */
- {
- BIO *bio;
- /* In the case where we try to read application data,
- * but we trigger an SSL handshake, we return -1 with
- * the retry option set. Otherwise renegotiation may
- * cause nasty problems in the blocking world */
- s->rwstate=SSL_READING;
- bio=SSL_get_rbio(s);
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
- }
- }
- goto start;
- }
-
- switch (rr->type)
- {
- default:
-#ifndef OPENSSL_NO_TLS
- /* TLS just ignores unknown message types */
- if (s->version == TLS1_VERSION)
- {
- rr->length = 0;
- goto start;
- }
-#endif
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- case SSL3_RT_CHANGE_CIPHER_SPEC:
- case SSL3_RT_ALERT:
- case SSL3_RT_HANDSHAKE:
- /* we already handled all of these, with the possible exception
- * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
- * should not happen when type != rr->type */
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
- goto f_err;
- case SSL3_RT_APPLICATION_DATA:
- /* At this point, we were expecting handshake data,
- * but have application data. If the library was
- * running inside ssl3_read() (i.e. in_read_app_data
- * is set) and it makes sense to read application data
- * at this point (session renegotiation not yet started),
- * we will indulge it.
- */
- if (s->s3->in_read_app_data &&
- (s->s3->total_renegotiations != 0) &&
- ((
- (s->state & SSL_ST_CONNECT) &&
- (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
- ) || (
- (s->state & SSL_ST_ACCEPT) &&
- (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
- )
- ))
- {
- s->s3->in_read_app_data=2;
- return(-1);
- }
- else
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- }
- }
- /* not reached */
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(-1);
- }
-
-int ssl3_do_change_cipher_spec(SSL *s)
- {
- int i;
- const char *sender;
- int slen;
-
- if (s->state & SSL_ST_ACCEPT)
- i=SSL3_CHANGE_CIPHER_SERVER_READ;
- else
- i=SSL3_CHANGE_CIPHER_CLIENT_READ;
-
- if (s->s3->tmp.key_block == NULL)
- {
- if (s->session == NULL || s->session->master_key_length == 0)
- {
- /* might happen if dtls1_read_bytes() calls this */
- SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY);
- return (0);
- }
-
- s->session->cipher=s->s3->tmp.new_cipher;
- if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
- }
-
- if (!s->method->ssl3_enc->change_cipher_state(s,i))
- return(0);
-
- /* we have to record the message digest at
- * this point so we can get it before we read
- * the finished message */
- if (s->state & SSL_ST_CONNECT)
- {
- sender=s->method->ssl3_enc->server_finished_label;
- slen=s->method->ssl3_enc->server_finished_label_len;
- }
- else
- {
- sender=s->method->ssl3_enc->client_finished_label;
- slen=s->method->ssl3_enc->client_finished_label_len;
- }
-
- s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->finish_dgst2),
- sender,slen,s->s3->tmp.peer_finish_md);
-
- return(1);
- }
-
-int ssl3_send_alert(SSL *s, int level, int desc)
- {
- /* Map tls/ssl alert value to correct one */
- desc=s->method->ssl3_enc->alert_value(desc);
- if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
- desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
- if (desc < 0) return -1;
- /* If a fatal one, remove from cache */
- if ((level == 2) && (s->session != NULL))
- SSL_CTX_remove_session(s->ctx,s->session);
-
- s->s3->alert_dispatch=1;
- s->s3->send_alert[0]=level;
- s->s3->send_alert[1]=desc;
- if (s->s3->wbuf.left == 0) /* data still being written out? */
- return s->method->ssl_dispatch_alert(s);
- /* else data is still being written out, we will get written
- * some time in the future */
- return -1;
- }
-
-int ssl3_dispatch_alert(SSL *s)
- {
- int i,j;
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
-
- s->s3->alert_dispatch=0;
- i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
- if (i <= 0)
- {
- s->s3->alert_dispatch=1;
- }
- else
- {
- /* Alert sent to BIO. If it is important, flush it now.
- * If the message does not get sent due to non-blocking IO,
- * we will not worry too much. */
- if (s->s3->send_alert[0] == SSL3_AL_FATAL)
- (void)BIO_flush(s->wbio);
-
- if (s->msg_callback)
- s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- if (cb != NULL)
- {
- j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
- cb(s,SSL_CB_WRITE_ALERT,j);
- }
- }
- return(i);
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s3_pkt.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s3_pkt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s3_pkt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_pkt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1418 @@
+/* ssl/s3_pkt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+
+static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ unsigned int len, int create_empty_fragment);
+static int ssl3_get_record(SSL *s);
+
+int ssl3_read_n(SSL *s, int n, int max, int extend)
+{
+ /*
+ * If extend == 0, obtain new n-byte packet; if extend == 1, increase
+ * packet by another n bytes. The packet will be in the sub-array of
+ * s->s3->rbuf.buf specified by s->packet and s->packet_length. (If
+ * s->read_ahead is set, 'max' bytes may be stored in rbuf [plus
+ * s->packet_length bytes if extend == 1].)
+ */
+ int i, off, newb;
+
+ if (!extend) {
+ /* start with empty packet ... */
+ if (s->s3->rbuf.left == 0)
+ s->s3->rbuf.offset = 0;
+ s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
+ s->packet_length = 0;
+ /* ... now we can act as if 'extend' was set */
+ }
+
+ /*
+ * For DTLS/UDP reads should not span multiple packets because the read
+ * operation returns the whole packet at once (as long as it fits into
+ * the buffer).
+ */
+ if (SSL_version(s) == DTLS1_VERSION) {
+ if (s->s3->rbuf.left == 0 && extend)
+ return 0;
+ if (s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
+ n = s->s3->rbuf.left;
+ }
+
+ /* if there is enough in the buffer from a previous read, take some */
+ if (s->s3->rbuf.left >= (int)n) {
+ s->packet_length += n;
+ s->s3->rbuf.left -= n;
+ s->s3->rbuf.offset += n;
+ return (n);
+ }
+
+ /* else we need to read more data */
+ if (!s->read_ahead)
+ max = n;
+
+ {
+ /* avoid buffer overflow */
+ int max_max = s->s3->rbuf.len - s->packet_length;
+ if (max > max_max)
+ max = max_max;
+ }
+ if (n > max) { /* does not happen */
+ SSLerr(SSL_F_SSL3_READ_N, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+
+ off = s->packet_length;
+ newb = s->s3->rbuf.left;
+ /*
+ * Move any available bytes to front of buffer: 'off' bytes already
+ * pointed to by 'packet', 'newb' extra ones at the end
+ */
+ if (s->packet != s->s3->rbuf.buf) {
+ /* off > 0 */
+ memmove(s->s3->rbuf.buf, s->packet, off + newb);
+ s->packet = s->s3->rbuf.buf;
+ }
+
+ while (newb < n) {
+ /*
+ * Now we have off+newb bytes at the front of s->s3->rbuf.buf and
+ * need to read in more until we have off+n (up to off+max if
+ * possible)
+ */
+
+ clear_sys_error();
+ if (s->rbio != NULL) {
+ s->rwstate = SSL_READING;
+ i = BIO_read(s->rbio, &(s->s3->rbuf.buf[off + newb]), max - newb);
+ } else {
+ SSLerr(SSL_F_SSL3_READ_N, SSL_R_READ_BIO_NOT_SET);
+ i = -1;
+ }
+
+ if (i <= 0) {
+ s->s3->rbuf.left = newb;
+ return (i);
+ }
+ newb += i;
+ /*
+ * reads should *never* span multiple packets for DTLS because the
+ * underlying transport protocol is message oriented as opposed to
+ * byte oriented as in the TLS case.
+ */
+ if (SSL_version(s) == DTLS1_VERSION) {
+ if (n > newb)
+ n = newb; /* makes the while condition false */
+ }
+ }
+
+ /* done reading, now the book-keeping */
+ s->s3->rbuf.offset = off + n;
+ s->s3->rbuf.left = newb - n;
+ s->packet_length += n;
+ s->rwstate = SSL_NOTHING;
+ return (n);
+}
+
+/*
+ * MAX_EMPTY_RECORDS defines the number of consecutive, empty records that
+ * will be processed per call to ssl3_get_record. Without this limit an
+ * attacker could send empty records at a faster rate than we can process and
+ * cause ssl3_get_record to loop forever.
+ */
+#define MAX_EMPTY_RECORDS 32
+
+/*-
+ * Call this to get a new input record.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, one packet has been decoded and can be found in
+ * ssl->s3->rrec.type - is the type of record
+ * ssl->s3->rrec.data, - data
+ * ssl->s3->rrec.length, - number of bytes
+ */
+/* used only by ssl3_read_bytes */
+static int ssl3_get_record(SSL *s)
+{
+ int ssl_major, ssl_minor, al;
+ int enc_err, n, i, ret = -1;
+ SSL3_RECORD *rr;
+ SSL_SESSION *sess;
+ unsigned char *p;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ short version;
+ unsigned mac_size, orig_len;
+ size_t extra;
+ unsigned empty_record_count = 0;
+
+ rr = &(s->s3->rrec);
+ sess = s->session;
+
+ if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+ extra = SSL3_RT_MAX_EXTRA;
+ else
+ extra = 0;
+ if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE) {
+ /*
+ * actually likely an application error:
+ * SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER set after ssl3_setup_buffers()
+ * was done
+ */
+ SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+
+ again:
+ /* check if we have the header */
+ if ((s->rstate != SSL_ST_READ_BODY) ||
+ (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
+ n = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
+ if (n <= 0)
+ return (n); /* error or non-blocking */
+ s->rstate = SSL_ST_READ_BODY;
+
+ p = s->packet;
+
+ /* Pull apart the header into the SSL3_RECORD */
+ rr->type = *(p++);
+ ssl_major = *(p++);
+ ssl_minor = *(p++);
+ version = (ssl_major << 8) | ssl_minor;
+ n2s(p, rr->length);
+
+ /* Lets check version */
+ if (!s->first_packet) {
+ if (version != s->version) {
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
+ if ((s->version & 0xFF00) == (version & 0xFF00))
+ /*
+ * Send back error using their minor version number :-)
+ */
+ s->version = (unsigned short)version;
+ al = SSL_AD_PROTOCOL_VERSION;
+ goto f_err;
+ }
+ }
+
+ if ((version >> 8) != SSL3_VERSION_MAJOR) {
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER);
+ goto err;
+ }
+
+ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) {
+ al = SSL_AD_RECORD_OVERFLOW;
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG);
+ goto f_err;
+ }
+
+ /* now s->rstate == SSL_ST_READ_BODY */
+ }
+
+ /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
+
+ if (rr->length > s->packet_length - SSL3_RT_HEADER_LENGTH) {
+ /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
+ i = rr->length;
+ n = ssl3_read_n(s, i, i, 1);
+ if (n <= 0)
+ return (n); /* error or non-blocking io */
+ /*
+ * now n == rr->length, and s->packet_length == SSL3_RT_HEADER_LENGTH
+ * + rr->length
+ */
+ }
+
+ s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
+
+ /*
+ * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
+ * and we have that many bytes in s->packet
+ */
+ rr->input = &(s->packet[SSL3_RT_HEADER_LENGTH]);
+
+ /*
+ * ok, we can now read from 's->packet' data into 'rr' rr->input points
+ * at rr->length bytes, which need to be copied into rr->data by either
+ * the decryption or by the decompression When the data is 'copied' into
+ * the rr->data buffer, rr->input will be pointed at the new buffer
+ */
+
+ /*
+ * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length
+ * bytes of encrypted compressed stuff.
+ */
+
+ /* check is not needed I believe */
+ if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH + extra) {
+ al = SSL_AD_RECORD_OVERFLOW;
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+ goto f_err;
+ }
+
+ /* decrypt in place in 'rr->input' */
+ rr->data = rr->input;
+
+ enc_err = s->method->ssl3_enc->enc(s, 0);
+ /*-
+ * enc_err is:
+ * 0: (in non-constant time) if the record is publically invalid.
+ * 1: if the padding is valid
+ * -1: if the padding is invalid
+ */
+ if (enc_err == 0) {
+ al = SSL_AD_DECRYPTION_FAILED;
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+ goto f_err;
+ }
+#ifdef TLS_DEBUG
+ printf("dec %d\n", rr->length);
+ {
+ unsigned int z;
+ for (z = 0; z < rr->length; z++)
+ printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
+ }
+ printf("\n");
+#endif
+
+ /* r->length is now the compressed data plus mac */
+ if ((sess != NULL) && (s->enc_read_ctx != NULL) && (s->read_hash != NULL)) {
+ /* s->read_hash != NULL => mac_size != -1 */
+ unsigned char *mac = NULL;
+ unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+ mac_size = EVP_MD_size(s->read_hash);
+ OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+
+ /*
+ * kludge: *_cbc_remove_padding passes padding length in rr->type
+ */
+ orig_len = rr->length + ((unsigned int)rr->type >> 8);
+
+ /*
+ * orig_len is the length of the record before any padding was
+ * removed. This is public information, as is the MAC in use,
+ * therefore we can safely process the record in a different amount
+ * of time if it's too short to possibly contain a MAC.
+ */
+ if (orig_len < mac_size ||
+ /* CBC records must have a padding length byte too. */
+ (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+ orig_len < mac_size + 1)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+ }
+
+ if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+ /*
+ * We update the length so that the TLS header bytes can be
+ * constructed correctly but we need to extract the MAC in
+ * constant time from within the record, without leaking the
+ * contents of the padding bytes.
+ */
+ mac = mac_tmp;
+ ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
+ rr->length -= mac_size;
+ } else {
+ /*
+ * In this case there's no padding, so |orig_len| equals
+ * |rec->length| and we checked that there's enough bytes for
+ * |mac_size| above.
+ */
+ rr->length -= mac_size;
+ mac = &rr->data[rr->length];
+ }
+
+ i = s->method->ssl3_enc->mac(s, md, 0 /* not send */ );
+ if (i < 0 || mac == NULL
+ || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+ enc_err = -1;
+ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size)
+ enc_err = -1;
+ }
+
+ if (enc_err < 0) {
+ /*
+ * A separate 'decryption_failed' alert was introduced with TLS 1.0,
+ * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
+ * failure is directly visible from the ciphertext anyway, we should
+ * not reveal which kind of error occured -- this might become
+ * visible to an attacker (e.g. via a logfile)
+ */
+ al = SSL_AD_BAD_RECORD_MAC;
+ SSLerr(SSL_F_SSL3_GET_RECORD,
+ SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ goto f_err;
+ }
+
+ /* r->length is now just compressed */
+ if (s->expand != NULL) {
+ if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + extra) {
+ al = SSL_AD_RECORD_OVERFLOW;
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+ goto f_err;
+ }
+ if (!ssl3_do_uncompress(s)) {
+ al = SSL_AD_DECOMPRESSION_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_BAD_DECOMPRESSION);
+ goto f_err;
+ }
+ }
+
+ if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH + extra) {
+ al = SSL_AD_RECORD_OVERFLOW;
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_DATA_LENGTH_TOO_LONG);
+ goto f_err;
+ }
+
+ rr->off = 0;
+ /*-
+ * So at this point the following is true
+ * ssl->s3->rrec.type is the type of record
+ * ssl->s3->rrec.length == number of bytes in record
+ * ssl->s3->rrec.off == offset to first valid byte
+ * ssl->s3->rrec.data == where to take bytes from, increment
+ * after use :-).
+ */
+
+ /* we have pulled in a full packet so zero things */
+ s->packet_length = 0;
+
+ /* just read a 0 length packet */
+ if (rr->length == 0) {
+ empty_record_count++;
+ if (empty_record_count > MAX_EMPTY_RECORDS) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_RECORD_TOO_SMALL);
+ goto f_err;
+ }
+ goto again;
+ }
+
+ return (1);
+
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+ return (ret);
+}
+
+int ssl3_do_uncompress(SSL *ssl)
+{
+#ifndef OPENSSL_NO_COMP
+ int i;
+ SSL3_RECORD *rr;
+
+ rr = &(ssl->s3->rrec);
+ i = COMP_expand_block(ssl->expand, rr->comp,
+ SSL3_RT_MAX_PLAIN_LENGTH, rr->data,
+ (int)rr->length);
+ if (i < 0)
+ return (0);
+ else
+ rr->length = i;
+ rr->data = rr->comp;
+#endif
+ return (1);
+}
+
+int ssl3_do_compress(SSL *ssl)
+{
+#ifndef OPENSSL_NO_COMP
+ int i;
+ SSL3_RECORD *wr;
+
+ wr = &(ssl->s3->wrec);
+ i = COMP_compress_block(ssl->compress, wr->data,
+ SSL3_RT_MAX_COMPRESSED_LENGTH,
+ wr->input, (int)wr->length);
+ if (i < 0)
+ return (0);
+ else
+ wr->length = i;
+
+ wr->input = wr->data;
+#endif
+ return (1);
+}
+
+/*
+ * Call this to write data in records of type 'type' It will return <= 0 if
+ * not all data has been sent or non-blocking IO.
+ */
+int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
+{
+ const unsigned char *buf = buf_;
+ unsigned int n, nw;
+ int i, tot;
+
+ s->rwstate = SSL_NOTHING;
+ OPENSSL_assert(s->s3->wnum <= INT_MAX);
+ tot = s->s3->wnum;
+ s->s3->wnum = 0;
+
+ if (SSL_in_init(s) && !s->in_handshake) {
+ i = s->handshake_func(s);
+ if (i < 0)
+ return (i);
+ if (i == 0) {
+ SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+ return -1;
+ }
+ }
+
+ /*
+ * ensure that if we end up with a smaller value of data to write out
+ * than the the original len from a write which didn't complete for
+ * non-blocking I/O and also somehow ended up avoiding the check for
+ * this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be
+ * possible to end up with (len-tot) as a large number that will then
+ * promptly send beyond the end of the users buffer ... so we trap and
+ * report the error in a way the user will notice
+ */
+ if (len < tot) {
+ SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_BAD_LENGTH);
+ return (-1);
+ }
+
+ n = (len - tot);
+ for (;;) {
+ if (n > SSL3_RT_MAX_PLAIN_LENGTH)
+ nw = SSL3_RT_MAX_PLAIN_LENGTH;
+ else
+ nw = n;
+
+ i = do_ssl3_write(s, type, &(buf[tot]), nw, 0);
+ if (i <= 0) {
+ s->s3->wnum = tot;
+ return i;
+ }
+
+ if ((i == (int)n) ||
+ (type == SSL3_RT_APPLICATION_DATA &&
+ (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
+ /*
+ * next chunk of data should get another prepended empty fragment
+ * in ciphersuites with known-IV weakness:
+ */
+ s->s3->empty_fragment_done = 0;
+
+ return tot + i;
+ }
+
+ n -= i;
+ tot += i;
+ }
+}
+
+static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ unsigned int len, int create_empty_fragment)
+{
+ unsigned char *p, *plen;
+ int i, mac_size, clear = 0;
+ int prefix_len = 0;
+ SSL3_RECORD *wr;
+ SSL3_BUFFER *wb;
+ SSL_SESSION *sess;
+
+ /*
+ * first check if there is a SSL3_BUFFER still being written out. This
+ * will happen with non blocking IO
+ */
+ if (s->s3->wbuf.left != 0)
+ return (ssl3_write_pending(s, type, buf, len));
+
+ /* If we have an alert to send, lets send it */
+ if (s->s3->alert_dispatch) {
+ i = s->method->ssl_dispatch_alert(s);
+ if (i <= 0)
+ return (i);
+ /* if it went, fall through and send more stuff */
+ }
+
+ if (len == 0 && !create_empty_fragment)
+ return 0;
+
+ wr = &(s->s3->wrec);
+ wb = &(s->s3->wbuf);
+ sess = s->session;
+
+ if ((sess == NULL) ||
+ (s->enc_write_ctx == NULL) || (s->write_hash == NULL))
+ clear = 1;
+
+ if (clear)
+ mac_size = 0;
+ else
+ mac_size = EVP_MD_size(s->write_hash);
+
+ /*
+ * 'create_empty_fragment' is true only when this function calls itself
+ */
+ if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
+ /*
+ * countermeasure against known-IV weakness in CBC ciphersuites (see
+ * http://www.openssl.org/~bodo/tls-cbc.txt)
+ */
+
+ if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
+ /*
+ * recursive function call with 'create_empty_fragment' set; this
+ * prepares and buffers the data for an empty fragment (these
+ * 'prefix_len' bytes are sent out later together with the actual
+ * payload)
+ */
+ prefix_len = do_ssl3_write(s, type, buf, 0, 1);
+ if (prefix_len <= 0)
+ goto err;
+
+ if (s->s3->wbuf.len <
+ (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) {
+ /* insufficient space */
+ SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+ }
+
+ s->s3->empty_fragment_done = 1;
+ }
+
+ p = wb->buf + prefix_len;
+
+ /* write the header */
+
+ *(p++) = type & 0xff;
+ wr->type = type;
+
+ *(p++) = (s->version >> 8);
+ *(p++) = s->version & 0xff;
+
+ /* field where we are to write out packet length */
+ plen = p;
+ p += 2;
+
+ /* lets setup the record stuff. */
+ wr->data = p;
+ wr->length = (int)len;
+ wr->input = (unsigned char *)buf;
+
+ /*
+ * we now 'read' from wr->input, wr->length bytes into wr->data
+ */
+
+ /* first we compress */
+ if (s->compress != NULL) {
+ if (!ssl3_do_compress(s)) {
+ SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_COMPRESSION_FAILURE);
+ goto err;
+ }
+ } else {
+ memcpy(wr->data, wr->input, wr->length);
+ wr->input = wr->data;
+ }
+
+ /*
+ * we should still have the output to wr->data and the input from
+ * wr->input. Length should be wr->length. wr->data still points in the
+ * wb->buf
+ */
+
+ if (mac_size != 0) {
+ s->method->ssl3_enc->mac(s, &(p[wr->length]), 1);
+ wr->length += mac_size;
+ wr->input = p;
+ wr->data = p;
+ }
+
+ /* ssl3_enc can only have an error on read */
+ s->method->ssl3_enc->enc(s, 1);
+
+ /* record length after mac and block padding */
+ s2n(wr->length, plen);
+
+ /*
+ * we should now have wr->data pointing to the encrypted data, which is
+ * wr->length long
+ */
+ wr->type = type; /* not needed but helps for debugging */
+ wr->length += SSL3_RT_HEADER_LENGTH;
+
+ if (create_empty_fragment) {
+ /*
+ * we are in a recursive call; just return the length, don't write
+ * out anything here
+ */
+ return wr->length;
+ }
+
+ /* now let's set up wb */
+ wb->left = prefix_len + wr->length;
+ wb->offset = 0;
+
+ /*
+ * memorize arguments so that ssl3_write_pending can detect bad write
+ * retries later
+ */
+ s->s3->wpend_tot = len;
+ s->s3->wpend_buf = buf;
+ s->s3->wpend_type = type;
+ s->s3->wpend_ret = len;
+
+ /* we now just need to write the buffer */
+ return ssl3_write_pending(s, type, buf, len);
+ err:
+ return -1;
+}
+
+/* if s->s3->wbuf.left != 0, we need to call this */
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+ unsigned int len)
+{
+ int i;
+
+/* XXXX */
+ if ((s->s3->wpend_tot > (int)len)
+ || ((s->s3->wpend_buf != buf) &&
+ !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
+ || (s->s3->wpend_type != type)) {
+ SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BAD_WRITE_RETRY);
+ return (-1);
+ }
+
+ for (;;) {
+ clear_sys_error();
+ if (s->wbio != NULL) {
+ s->rwstate = SSL_WRITING;
+ i = BIO_write(s->wbio,
+ (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
+ (unsigned int)s->s3->wbuf.left);
+ } else {
+ SSLerr(SSL_F_SSL3_WRITE_PENDING, SSL_R_BIO_NOT_SET);
+ i = -1;
+ }
+ if (i == s->s3->wbuf.left) {
+ s->s3->wbuf.left = 0;
+ s->rwstate = SSL_NOTHING;
+ return (s->s3->wpend_ret);
+ } else if (i <= 0) {
+ if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+ /*
+ * For DTLS, just drop it. That's kind of the whole point in
+ * using a datagram service
+ */
+ s->s3->wbuf.left = 0;
+ }
+ return (i);
+ }
+ s->s3->wbuf.offset += i;
+ s->s3->wbuf.left -= i;
+ }
+}
+
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ * - 0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
+ * a surprise, but handled as if it were), or renegotiation requests.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ * Change cipher spec protocol
+ * just 1 byte needed, no need for keeping anything stored
+ * Alert protocol
+ * 2 bytes needed (AlertLevel, AlertDescription)
+ * Handshake protocol
+ * 4 bytes needed (HandshakeType, uint24 length) -- we just have
+ * to detect unexpected Client Hello and Hello Request messages
+ * here, anything else is handled by higher layers
+ * Application data protocol
+ * none of our business
+ */
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+{
+ int al, i, j, ret;
+ unsigned int n;
+ SSL3_RECORD *rr;
+ void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+
+ if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
+ if (!ssl3_setup_buffers(s))
+ return (-1);
+
+ if ((type && (type != SSL3_RT_APPLICATION_DATA)
+ && (type != SSL3_RT_HANDSHAKE)) || (peek
+ && (type !=
+ SSL3_RT_APPLICATION_DATA))) {
+ SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+
+ if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
+ /* (partially) satisfy request from storage */
+ {
+ unsigned char *src = s->s3->handshake_fragment;
+ unsigned char *dst = buf;
+ unsigned int k;
+
+ /* peek == 0 */
+ n = 0;
+ while ((len > 0) && (s->s3->handshake_fragment_len > 0)) {
+ *dst++ = *src++;
+ len--;
+ s->s3->handshake_fragment_len--;
+ n++;
+ }
+ /* move any remaining fragment bytes: */
+ for (k = 0; k < s->s3->handshake_fragment_len; k++)
+ s->s3->handshake_fragment[k] = *src++;
+ return n;
+ }
+
+ /*
+ * Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
+ */
+
+ if (!s->in_handshake && SSL_in_init(s)) {
+ /* type == SSL3_RT_APPLICATION_DATA */
+ i = s->handshake_func(s);
+ if (i < 0)
+ return (i);
+ if (i == 0) {
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+ return (-1);
+ }
+ }
+ start:
+ s->rwstate = SSL_NOTHING;
+
+ /*-
+ * s->s3->rrec.type - is the type of record
+ * s->s3->rrec.data, - data
+ * s->s3->rrec.off, - offset into 'data' for next read
+ * s->s3->rrec.length, - number of bytes.
+ */
+ rr = &(s->s3->rrec);
+
+ /* get new packet if necessary */
+ if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) {
+ ret = ssl3_get_record(s);
+ if (ret <= 0)
+ return (ret);
+ }
+
+ /* we now have a packet which can be read and processed */
+
+ if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+ * reset by ssl3_get_finished */
+ && (rr->type != SSL3_RT_HANDSHAKE)) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+ goto f_err;
+ }
+
+ /*
+ * If the other end has shut down, throw anything we read away (even in
+ * 'peek' mode)
+ */
+ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+ rr->length = 0;
+ s->rwstate = SSL_NOTHING;
+ return (0);
+ }
+
+ if (type == rr->type) { /* SSL3_RT_APPLICATION_DATA or
+ * SSL3_RT_HANDSHAKE */
+ /*
+ * make sure that we are not getting application data when we are
+ * doing a handshake for the first time
+ */
+ if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+ (s->enc_read_ctx == NULL)) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_APP_DATA_IN_HANDSHAKE);
+ goto f_err;
+ }
+
+ if (len <= 0)
+ return (len);
+
+ if ((unsigned int)len > rr->length)
+ n = rr->length;
+ else
+ n = (unsigned int)len;
+
+ memcpy(buf, &(rr->data[rr->off]), n);
+ if (!peek) {
+ rr->length -= n;
+ rr->off += n;
+ if (rr->length == 0) {
+ s->rstate = SSL_ST_READ_HEADER;
+ rr->off = 0;
+ }
+ }
+ return (n);
+ }
+
+ /*
+ * If we get here, then type != rr->type; if we have a handshake message,
+ * then it was unexpected (Hello Request or Client Hello).
+ */
+
+ /*
+ * In case of record types for which we have 'fragment' storage, fill
+ * that so that we can process the data at a fixed place.
+ */
+ {
+ unsigned int dest_maxlen = 0;
+ unsigned char *dest = NULL;
+ unsigned int *dest_len = NULL;
+
+ if (rr->type == SSL3_RT_HANDSHAKE) {
+ dest_maxlen = sizeof s->s3->handshake_fragment;
+ dest = s->s3->handshake_fragment;
+ dest_len = &s->s3->handshake_fragment_len;
+ } else if (rr->type == SSL3_RT_ALERT) {
+ dest_maxlen = sizeof s->s3->alert_fragment;
+ dest = s->s3->alert_fragment;
+ dest_len = &s->s3->alert_fragment_len;
+ }
+
+ if (dest_maxlen > 0) {
+ n = dest_maxlen - *dest_len; /* available space in 'dest' */
+ if (rr->length < n)
+ n = rr->length; /* available bytes */
+
+ /* now move 'n' bytes: */
+ while (n-- > 0) {
+ dest[(*dest_len)++] = rr->data[rr->off++];
+ rr->length--;
+ }
+
+ if (*dest_len < dest_maxlen)
+ goto start; /* fragment was too small */
+ }
+ }
+
+ /*-
+ * s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
+ * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
+ * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+ */
+
+ /* If we are a client, check for an incoming 'Hello Request': */
+ if ((!s->server) &&
+ (s->s3->handshake_fragment_len >= 4) &&
+ (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
+ (s->session != NULL) && (s->session->cipher != NULL)) {
+ s->s3->handshake_fragment_len = 0;
+
+ if ((s->s3->handshake_fragment[1] != 0) ||
+ (s->s3->handshake_fragment[2] != 0) ||
+ (s->s3->handshake_fragment[3] != 0)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_HELLO_REQUEST);
+ goto f_err;
+ }
+
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+ s->s3->handshake_fragment, 4, s,
+ s->msg_callback_arg);
+
+ if (SSL_is_init_finished(s) &&
+ !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+ !s->s3->renegotiate) {
+ ssl3_renegotiate(s);
+ if (ssl3_renegotiate_check(s)) {
+ i = s->handshake_func(s);
+ if (i < 0)
+ return (i);
+ if (i == 0) {
+ SSLerr(SSL_F_SSL3_READ_BYTES,
+ SSL_R_SSL_HANDSHAKE_FAILURE);
+ return (-1);
+ }
+
+ if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+ if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
+ BIO *bio;
+ /*
+ * In the case where we try to read application data,
+ * but we trigger an SSL handshake, we return -1 with
+ * the retry option set. Otherwise renegotiation may
+ * cause nasty problems in the blocking world
+ */
+ s->rwstate = SSL_READING;
+ bio = SSL_get_rbio(s);
+ BIO_clear_retry_flags(bio);
+ BIO_set_retry_read(bio);
+ return (-1);
+ }
+ }
+ }
+ }
+ /*
+ * we either finished a handshake or ignored the request, now try
+ * again to obtain the (application) data we were asked for
+ */
+ goto start;
+ }
+ /*
+ * If we are a server and get a client hello when renegotiation isn't
+ * allowed send back a no renegotiation alert and carry on. WARNING:
+ * experimental code, needs reviewing (steve)
+ */
+ if (s->server &&
+ SSL_is_init_finished(s) &&
+ !s->s3->send_connection_binding &&
+ (s->version > SSL3_VERSION) &&
+ (s->s3->handshake_fragment_len >= 4) &&
+ (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
+ (s->session != NULL) && (s->session->cipher != NULL) &&
+ !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+ /*
+ * s->s3->handshake_fragment_len = 0;
+ */
+ rr->length = 0;
+ ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+ goto start;
+ }
+ if (s->s3->alert_fragment_len >= 2) {
+ int alert_level = s->s3->alert_fragment[0];
+ int alert_descr = s->s3->alert_fragment[1];
+
+ s->s3->alert_fragment_len = 0;
+
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_ALERT,
+ s->s3->alert_fragment, 2, s, s->msg_callback_arg);
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ if (cb != NULL) {
+ j = (alert_level << 8) | alert_descr;
+ cb(s, SSL_CB_READ_ALERT, j);
+ }
+
+ if (alert_level == 1) { /* warning */
+ s->s3->warn_alert = alert_descr;
+ if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
+ s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+ return (0);
+ }
+ /*
+ * This is a warning but we receive it if we requested
+ * renegotiation and the peer denied it. Terminate with a fatal
+ * alert because if application tried to renegotiatie it
+ * presumably had a good reason and expects it to succeed. In
+ * future we might have a renegotiation where we don't care if
+ * the peer refused it where we carry on.
+ */
+ else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_NO_RENEGOTIATION);
+ goto f_err;
+ }
+ } else if (alert_level == 2) { /* fatal */
+ char tmp[16];
+
+ s->rwstate = SSL_NOTHING;
+ s->s3->fatal_alert = alert_descr;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
+ BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+ ERR_add_error_data(2, "SSL alert number ", tmp);
+ s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+ SSL_CTX_remove_session(s->ctx, s->session);
+ return (0);
+ } else {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
+ goto f_err;
+ }
+
+ goto start;
+ }
+
+ if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
+ * shutdown */
+ s->rwstate = SSL_NOTHING;
+ rr->length = 0;
+ return (0);
+ }
+
+ if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+ /*
+ * 'Change Cipher Spec' is just a single byte, so we know exactly
+ * what the record payload has to look like
+ */
+ if ((rr->length != 1) || (rr->off != 0) ||
+ (rr->data[0] != SSL3_MT_CCS)) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_BAD_CHANGE_CIPHER_SPEC);
+ goto f_err;
+ }
+
+ /* Check we have a cipher to change to */
+ if (s->s3->tmp.new_cipher == NULL) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
+ goto f_err;
+ }
+
+ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_CCS_RECEIVED_EARLY);
+ goto f_err;
+ }
+
+ s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
+
+ rr->length = 0;
+
+ if (s->msg_callback)
+ s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
+ rr->data, 1, s, s->msg_callback_arg);
+
+ s->s3->change_cipher_spec = 1;
+ if (!ssl3_do_change_cipher_spec(s))
+ goto err;
+ else
+ goto start;
+ }
+
+ /*
+ * Unexpected handshake message (Client Hello, or protocol violation)
+ */
+ if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) {
+ if (((s->state & SSL_ST_MASK) == SSL_ST_OK) &&
+ !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) {
+#if 0 /* worked only because C operator preferences
+ * are not as expected (and because this is
+ * not really needed for clients except for
+ * detecting protocol violations): */
+ s->state = SSL_ST_BEFORE | (s->server)
+ ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+#else
+ s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+#endif
+ s->new_session = 1;
+ }
+ i = s->handshake_func(s);
+ if (i < 0)
+ return (i);
+ if (i == 0) {
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE);
+ return (-1);
+ }
+
+ if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+ if (s->s3->rbuf.left == 0) { /* no read-ahead left? */
+ BIO *bio;
+ /*
+ * In the case where we try to read application data, but we
+ * trigger an SSL handshake, we return -1 with the retry
+ * option set. Otherwise renegotiation may cause nasty
+ * problems in the blocking world
+ */
+ s->rwstate = SSL_READING;
+ bio = SSL_get_rbio(s);
+ BIO_clear_retry_flags(bio);
+ BIO_set_retry_read(bio);
+ return (-1);
+ }
+ }
+ goto start;
+ }
+
+ switch (rr->type) {
+ default:
+#ifndef OPENSSL_NO_TLS
+ /* TLS just ignores unknown message types */
+ if (s->version == TLS1_VERSION) {
+ rr->length = 0;
+ goto start;
+ }
+#endif
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+ goto f_err;
+ case SSL3_RT_CHANGE_CIPHER_SPEC:
+ case SSL3_RT_ALERT:
+ case SSL3_RT_HANDSHAKE:
+ /*
+ * we already handled all of these, with the possible exception of
+ * SSL3_RT_HANDSHAKE when s->in_handshake is set, but that should not
+ * happen when type != rr->type
+ */
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+ goto f_err;
+ case SSL3_RT_APPLICATION_DATA:
+ /*
+ * At this point, we were expecting handshake data, but have
+ * application data. If the library was running inside ssl3_read()
+ * (i.e. in_read_app_data is set) and it makes sense to read
+ * application data at this point (session renegotiation not yet
+ * started), we will indulge it.
+ */
+ if (s->s3->in_read_app_data &&
+ (s->s3->total_renegotiations != 0) &&
+ (((s->state & SSL_ST_CONNECT) &&
+ (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+ (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
+ ) || ((s->state & SSL_ST_ACCEPT) &&
+ (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
+ (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
+ )
+ )) {
+ s->s3->in_read_app_data = 2;
+ return (-1);
+ } else {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD);
+ goto f_err;
+ }
+ }
+ /* not reached */
+
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+ return (-1);
+}
+
+int ssl3_do_change_cipher_spec(SSL *s)
+{
+ int i;
+ const char *sender;
+ int slen;
+
+ if (s->state & SSL_ST_ACCEPT)
+ i = SSL3_CHANGE_CIPHER_SERVER_READ;
+ else
+ i = SSL3_CHANGE_CIPHER_CLIENT_READ;
+
+ if (s->s3->tmp.key_block == NULL) {
+ if (s->session == NULL || s->session->master_key_length == 0) {
+ /* might happen if dtls1_read_bytes() calls this */
+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,
+ SSL_R_CCS_RECEIVED_EARLY);
+ return (0);
+ }
+
+ s->session->cipher = s->s3->tmp.new_cipher;
+ if (!s->method->ssl3_enc->setup_key_block(s))
+ return (0);
+ }
+
+ if (!s->method->ssl3_enc->change_cipher_state(s, i))
+ return (0);
+
+ /*
+ * we have to record the message digest at this point so we can get it
+ * before we read the finished message
+ */
+ if (s->state & SSL_ST_CONNECT) {
+ sender = s->method->ssl3_enc->server_finished_label;
+ slen = s->method->ssl3_enc->server_finished_label_len;
+ } else {
+ sender = s->method->ssl3_enc->client_finished_label;
+ slen = s->method->ssl3_enc->client_finished_label_len;
+ }
+
+ s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+ &
+ (s->s3->finish_dgst1),
+ &
+ (s->s3->finish_dgst2),
+ sender,
+ slen,
+ s->s3->tmp.peer_finish_md);
+
+ return (1);
+}
+
+int ssl3_send_alert(SSL *s, int level, int desc)
+{
+ /* Map tls/ssl alert value to correct one */
+ desc = s->method->ssl3_enc->alert_value(desc);
+ if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
+ desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
+ * protocol_version alerts */
+ if (desc < 0)
+ return -1;
+ /* If a fatal one, remove from cache */
+ if ((level == 2) && (s->session != NULL))
+ SSL_CTX_remove_session(s->ctx, s->session);
+
+ s->s3->alert_dispatch = 1;
+ s->s3->send_alert[0] = level;
+ s->s3->send_alert[1] = desc;
+ if (s->s3->wbuf.left == 0) /* data still being written out? */
+ return s->method->ssl_dispatch_alert(s);
+ /*
+ * else data is still being written out, we will get written some time in
+ * the future
+ */
+ return -1;
+}
+
+int ssl3_dispatch_alert(SSL *s)
+{
+ int i, j;
+ void (*cb) (const SSL *ssl, int type, int val) = NULL;
+
+ s->s3->alert_dispatch = 0;
+ i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
+ if (i <= 0) {
+ s->s3->alert_dispatch = 1;
+ } else {
+ /*
+ * Alert sent to BIO. If it is important, flush it now. If the
+ * message does not get sent due to non-blocking IO, we will not
+ * worry too much.
+ */
+ if (s->s3->send_alert[0] == SSL3_AL_FATAL)
+ (void)BIO_flush(s->wbio);
+
+ if (s->msg_callback)
+ s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
+ 2, s, s->msg_callback_arg);
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ if (cb != NULL) {
+ j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
+ cb(s, SSL_CB_WRITE_ALERT, j);
+ }
+ }
+ return (i);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/s3_srvr.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/s3_srvr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_srvr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2926 +0,0 @@
-/* ssl/s3_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-
-#define REUSE_CIPHER_BUG
-#define NETSCAPE_HANG_BUG
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include "../crypto/constant_time_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_KRB5
-#include <openssl/krb5_asn.h>
-#endif
-#include <openssl/md5.h>
-
-static SSL_METHOD *ssl3_get_server_method(int ver);
-#ifndef OPENSSL_NO_ECDH
-static int nid2curve_id(int nid);
-#endif
-
-static SSL_METHOD *ssl3_get_server_method(int ver)
- {
- if (ver == SSL3_VERSION)
- return(SSLv3_server_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
- ssl3_accept,
- ssl_undefined_function,
- ssl3_get_server_method)
-
-int ssl3_accept(SSL *s)
- {
- BUF_MEM *buf;
- unsigned long l,Time=(unsigned long)time(NULL);
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int ret= -1;
- int new_state,state,skip=0;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- /* init things to blank */
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- if (s->cert == NULL)
- {
- SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
-
- for (;;)
- {
- state=s->state;
-
- switch (s->state)
- {
- case SSL_ST_RENEGOTIATE:
- s->new_session=1;
- /* s->state=SSL_ST_ACCEPT; */
-
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE|SSL_ST_ACCEPT:
- case SSL_ST_OK|SSL_ST_ACCEPT:
-
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- if ((s->version>>8) != 3)
- {
- SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- s->type=SSL_ST_ACCEPT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- }
-
- if (!ssl3_setup_buffers(s))
- {
- ret= -1;
- goto end;
- }
-
- s->init_num=0;
- s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
-
- if (s->state != SSL_ST_RENEGOTIATE)
- {
- /* Ok, we now need to push on a buffering BIO so that
- * the output is sent in a way that TCP likes :-)
- */
- if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
-
- ssl3_init_finished_mac(s);
- s->state=SSL3_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
- }
- else if (!s->s3->send_connection_binding &&
- !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
- {
- /* Server attempting to renegotiate with
- * client that doesn't support secure
- * renegotiation.
- */
- SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- ret = -1;
- goto end;
- }
- else
- {
- /* s->state == SSL_ST_RENEGOTIATE,
- * we will just send a HelloRequest */
- s->ctx->stats.sess_accept_renegotiate++;
- s->state=SSL3_ST_SW_HELLO_REQ_A;
- }
- break;
-
- case SSL3_ST_SW_HELLO_REQ_A:
- case SSL3_ST_SW_HELLO_REQ_B:
-
- s->shutdown=0;
- ret=ssl3_send_hello_request(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
-
- ssl3_init_finished_mac(s);
- break;
-
- case SSL3_ST_SW_HELLO_REQ_C:
- s->state=SSL_ST_OK;
- break;
-
- case SSL3_ST_SR_CLNT_HELLO_A:
- case SSL3_ST_SR_CLNT_HELLO_B:
- case SSL3_ST_SR_CLNT_HELLO_C:
-
- s->shutdown=0;
- ret=ssl3_get_client_hello(s);
- if (ret <= 0) goto end;
- s->new_session = 2;
- s->state=SSL3_ST_SW_SRVR_HELLO_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_SRVR_HELLO_A:
- case SSL3_ST_SW_SRVR_HELLO_B:
- ret=ssl3_send_server_hello(s);
- if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
- if (s->hit)
- {
- if (s->tlsext_ticket_expected)
- s->state=SSL3_ST_SW_SESSION_TICKET_A;
- else
- s->state=SSL3_ST_SW_CHANGE_A;
- }
-#else
- if (s->hit)
- s->state=SSL3_ST_SW_CHANGE_A;
-#endif
- else
- s->state=SSL3_ST_SW_CERT_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CERT_A:
- case SSL3_ST_SW_CERT_B:
- /* Check if it is anon DH or anon ECDH or KRB5 */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
- && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
- {
- ret=ssl3_send_server_certificate(s);
- if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
- if (s->tlsext_status_expected)
- s->state=SSL3_ST_SW_CERT_STATUS_A;
- else
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- }
- else
- {
- skip = 1;
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- }
-#else
- }
- else
- skip=1;
-
- s->state=SSL3_ST_SW_KEY_EXCH_A;
-#endif
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_KEY_EXCH_A:
- case SSL3_ST_SW_KEY_EXCH_B:
- l=s->s3->tmp.new_cipher->algorithms;
-
- /* clear this, it may get reset by
- * send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
- && !(l & SSL_KRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
-
-
- /* only send if a DH key exchange, fortezza or
- * RSA but we have a sign only certificate
- *
- * For ECC ciphersuites, we send a serverKeyExchange
- * message only if the cipher suite is either
- * ECDH-anon or ECDHE. In other cases, the
- * server certificate contains the server's
- * public key for key exchange.
- */
- if (s->s3->tmp.use_rsa_tmp
- || (l & SSL_kECDHE)
- || (l & (SSL_DH|SSL_kFZA))
- || ((l & SSL_kRSA)
- && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
- && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
- )
- )
- )
- )
- {
- ret=ssl3_send_server_key_exchange(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
-
- s->state=SSL3_ST_SW_CERT_REQ_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CERT_REQ_A:
- case SSL3_ST_SW_CERT_REQ_B:
- if (/* don't request cert unless asked for it: */
- !(s->verify_mode & SSL_VERIFY_PEER) ||
- /* if SSL_VERIFY_CLIENT_ONCE is set,
- * don't request cert during re-negotiation: */
- ((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
- /* never request cert in anonymous ciphersuites
- * (see section "Certificate request" in SSL 3 drafts
- * and in RFC 2246): */
- ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
- /* ... except when the application insists on verification
- * (against the specs, but s3_clnt.c accepts this for SSL 3) */
- !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
- /* never request cert in Kerberos ciphersuites */
- (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
- {
- /* no cert request */
- skip=1;
- s->s3->tmp.cert_request=0;
- s->state=SSL3_ST_SW_SRVR_DONE_A;
- }
- else
- {
- s->s3->tmp.cert_request=1;
- ret=ssl3_send_certificate_request(s);
- if (ret <= 0) goto end;
-#ifndef NETSCAPE_HANG_BUG
- s->state=SSL3_ST_SW_SRVR_DONE_A;
-#else
- s->state=SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
-#endif
- s->init_num=0;
- }
- break;
-
- case SSL3_ST_SW_SRVR_DONE_A:
- case SSL3_ST_SW_SRVR_DONE_B:
- ret=ssl3_send_server_done(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_FLUSH:
-
- /* This code originally checked to see if
- * any data was pending using BIO_CTRL_INFO
- * and then flushed. This caused problems
- * as documented in PR#1939. The proposed
- * fix doesn't completely resolve this issue
- * as buggy implementations of BIO_CTRL_PENDING
- * still exist. So instead we just flush
- * unconditionally.
- */
-
- s->rwstate=SSL_WRITING;
- if (BIO_flush(s->wbio) <= 0)
- {
- ret= -1;
- goto end;
- }
- s->rwstate=SSL_NOTHING;
-
- s->state=s->s3->tmp.next_state;
- break;
-
- case SSL3_ST_SR_CERT_A:
- case SSL3_ST_SR_CERT_B:
- /* Check for second client hello (MS SGC) */
- ret = ssl3_check_client_hello(s);
- if (ret <= 0)
- goto end;
- if (ret == 2)
- s->state = SSL3_ST_SR_CLNT_HELLO_C;
- else {
- if (s->s3->tmp.cert_request)
- {
- ret=ssl3_get_client_certificate(s);
- if (ret <= 0) goto end;
- }
- s->init_num=0;
- s->state=SSL3_ST_SR_KEY_EXCH_A;
- }
- break;
-
- case SSL3_ST_SR_KEY_EXCH_A:
- case SSL3_ST_SR_KEY_EXCH_B:
- ret=ssl3_get_client_key_exchange(s);
- if (ret <= 0)
- goto end;
- if (ret == 2)
- {
- /* For the ECDH ciphersuites when
- * the client sends its ECDH pub key in
- * a certificate, the CertificateVerify
- * message is not sent.
- */
- s->state=SSL3_ST_SR_FINISHED_A;
- s->init_num = 0;
- }
- else
- {
- s->state=SSL3_ST_SR_CERT_VRFY_A;
- s->init_num=0;
-
- /* We need to get hashes here so if there is
- * a client cert, it can be verified
- */
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->tmp.cert_verify_md[0]));
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst2),
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
- }
- break;
-
- case SSL3_ST_SR_CERT_VRFY_A:
- case SSL3_ST_SR_CERT_VRFY_B:
-
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
- /* we should decide if we expected this one */
- ret=ssl3_get_cert_verify(s);
- if (ret <= 0) goto end;
-
- s->state=SSL3_ST_SR_FINISHED_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SR_FINISHED_A:
- case SSL3_ST_SR_FINISHED_B:
- s->s3->flags |= SSL3_FLAGS_CCS_OK;
- ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
- SSL3_ST_SR_FINISHED_B);
- if (ret <= 0) goto end;
- if (s->hit)
- s->state=SSL_ST_OK;
-#ifndef OPENSSL_NO_TLSEXT
- else if (s->tlsext_ticket_expected)
- s->state=SSL3_ST_SW_SESSION_TICKET_A;
-#endif
- else
- s->state=SSL3_ST_SW_CHANGE_A;
- s->init_num=0;
- break;
-
-#ifndef OPENSSL_NO_TLSEXT
- case SSL3_ST_SW_SESSION_TICKET_A:
- case SSL3_ST_SW_SESSION_TICKET_B:
- ret=ssl3_send_newsession_ticket(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_CHANGE_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CERT_STATUS_A:
- case SSL3_ST_SW_CERT_STATUS_B:
- ret=ssl3_send_cert_status(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- s->init_num=0;
- break;
-
-#endif
-
- case SSL3_ST_SW_CHANGE_A:
- case SSL3_ST_SW_CHANGE_B:
-
- s->session->cipher=s->s3->tmp.new_cipher;
- if (!s->method->ssl3_enc->setup_key_block(s))
- { ret= -1; goto end; }
-
- ret=ssl3_send_change_cipher_spec(s,
- SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
-
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FINISHED_A;
- s->init_num=0;
-
- if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_SERVER_WRITE))
- {
- ret= -1;
- goto end;
- }
-
- break;
-
- case SSL3_ST_SW_FINISHED_A:
- case SSL3_ST_SW_FINISHED_B:
- ret=ssl3_send_finished(s,
- SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
- s->method->ssl3_enc->server_finished_label,
- s->method->ssl3_enc->server_finished_label_len);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FLUSH;
- if (s->hit)
- s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
- else
- s->s3->tmp.next_state=SSL_ST_OK;
- s->init_num=0;
- break;
-
- case SSL_ST_OK:
- /* clean a few things up */
- ssl3_cleanup_key_block(s);
-
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
-
- /* remove buffering on output */
- ssl_free_wbio_buffer(s);
-
- s->init_num=0;
-
- if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
- {
- /* actually not necessarily a 'new' session unless
- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-
- s->new_session=0;
-
- ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
- s->ctx->stats.sess_accept_good++;
- /* s->server=1; */
- s->handshake_func=ssl3_accept;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
- }
-
- ret = 1;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- if (!s->s3->tmp.reuse_message && !skip)
- {
- if (s->debug)
- {
- if ((ret=BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
- }
- skip=0;
- }
-end:
- /* BIO_flush(s->wbio); */
-
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
-
-int ssl3_send_hello_request(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL3_ST_SW_HELLO_REQ_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL3_MT_HELLO_REQUEST;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
-
- s->state=SSL3_ST_SW_HELLO_REQ_B;
- /* number of bytes to write */
- s->init_num=4;
- s->init_off=0;
- }
-
- /* SSL3_ST_SW_HELLO_REQ_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int ssl3_check_client_hello(SSL *s)
- {
- int ok;
- long n;
-
- /* this function is called when we really expect a Certificate message,
- * so permit appropriate message length */
- n=s->method->ssl_get_message(s,
- SSL3_ST_SR_CERT_A,
- SSL3_ST_SR_CERT_B,
- -1,
- s->max_cert_list,
- &ok);
- if (!ok) return((int)n);
- s->s3->tmp.reuse_message = 1;
- if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
- {
- /* We only allow the client to restart the handshake once per
- * negotiation. */
- if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
- {
- SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
- return -1;
- }
- /* Throw away what we have done so far in the current handshake,
- * which will now be aborted. (A full SSL_clear would be too much.) */
-#ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL)
- {
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
- }
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (s->s3->tmp.ecdh != NULL)
- {
- EC_KEY_free(s->s3->tmp.ecdh);
- s->s3->tmp.ecdh = NULL;
- }
-#endif
- s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
- return 2;
- }
- return 1;
-}
-
-int ssl3_get_client_hello(SSL *s)
- {
- int i,j,ok,al,ret= -1;
- unsigned int cookie_len;
- long n;
- unsigned long id;
- unsigned char *p,*d,*q;
- SSL_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
- SSL_COMP *comp=NULL;
-#endif
- STACK_OF(SSL_CIPHER) *ciphers=NULL;
-
- /* We do this so that we will respond with our native type.
- * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
- * This down switching should be handled by a different method.
- * If we are SSLv3, we will respond with SSLv3, even if prompted with
- * TLSv1.
- */
- if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
- {
- s->state=SSL3_ST_SR_CLNT_HELLO_B;
- }
- s->first_packet=1;
- n=s->method->ssl_get_message(s,
- SSL3_ST_SR_CLNT_HELLO_B,
- SSL3_ST_SR_CLNT_HELLO_C,
- SSL3_MT_CLIENT_HELLO,
- SSL3_RT_MAX_PLAIN_LENGTH,
- &ok);
-
- if (!ok) return((int)n);
- s->first_packet=0;
- d=p=(unsigned char *)s->init_msg;
-
- /* use version from inside client hello, not from record header
- * (may differ: see RFC 2246, Appendix E, second paragraph) */
- s->client_version=(((int)p[0])<<8)|(int)p[1];
- p+=2;
-
- if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
- (s->version != DTLS1_VERSION && s->client_version < s->version))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
- if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
- {
- /* similar to ssl3_get_record, send alert using remote version number */
- s->version = s->client_version;
- }
- al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
-
- /* If we require cookies and this ClientHello doesn't
- * contain one, just return since we do not want to
- * allocate any memory yet. So check cookie length...
- */
- if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)
- {
- unsigned int session_length, cookie_length;
-
- session_length = *(p + SSL3_RANDOM_SIZE);
- cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
-
- if (cookie_length == 0)
- return 1;
- }
-
- /* load the client random */
- memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* get the session-id */
- j= *(p++);
-
- s->hit=0;
- /* Versions before 0.9.7 always allow session reuse during renegotiation
- * (i.e. when s->new_session is true), option
- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
- * Maybe this optional behaviour should always have been the default,
- * but we cannot safely change the default behaviour (or new applications
- * might be written that become totally unsecure when compiled with
- * an earlier library version)
- */
- if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
- {
- if (!ssl_get_new_session(s,1))
- goto err;
- }
- else
- {
- i=ssl_get_prev_session(s, p, j, d + n);
- if (i == 1)
- { /* previous session */
- s->hit=1;
- }
- else if (i == -1)
- goto err;
- else /* i == 0 */
- {
- if (!ssl_get_new_session(s,1))
- goto err;
- }
- }
-
- p+=j;
-
- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
- {
- /* cookie stuff */
- cookie_len = *(p++);
-
- /*
- * The ClientHello may contain a cookie even if the
- * HelloVerify message has not been sent--make sure that it
- * does not cause an overflow.
- */
- if ( cookie_len > sizeof(s->d1->rcvd_cookie))
- {
- /* too much data */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
- goto f_err;
- }
-
- /* verify the cookie if appropriate option is set. */
- if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
- cookie_len > 0)
- {
- memcpy(s->d1->rcvd_cookie, p, cookie_len);
-
- if ( s->ctx->app_verify_cookie_cb != NULL)
- {
- if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
- cookie_len) == 0)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_COOKIE_MISMATCH);
- goto f_err;
- }
- /* else cookie verification succeeded */
- }
- else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie,
- s->d1->cookie_len) != 0) /* default verification */
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_COOKIE_MISMATCH);
- goto f_err;
- }
-
- ret = 2;
- }
-
- p += cookie_len;
- }
-
- n2s(p,i);
- if ((i == 0) && (j != 0))
- {
- /* we need a cipher if we are not resuming a session */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
- goto f_err;
- }
- if ((p+i) >= (d+n))
- {
- /* not enough data */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
- == NULL))
- {
- goto err;
- }
- p+=i;
-
- /* If it is a hit, check that the cipher is in the list */
- if ((s->hit) && (i > 0))
- {
- j=0;
- id=s->session->cipher->id;
-
-#ifdef CIPHER_DEBUG
- printf("client sent %d ciphers\n",sk_num(ciphers));
-#endif
- for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
- {
- c=sk_SSL_CIPHER_value(ciphers,i);
-#ifdef CIPHER_DEBUG
- printf("client [%2d of %2d]:%s\n",
- i,sk_num(ciphers),SSL_CIPHER_get_name(c));
-#endif
- if (c->id == id)
- {
- j=1;
- break;
- }
- }
-/* Disabled because it can be used in a ciphersuite downgrade
- * attack: CVE-2010-4180.
- */
-#if 0
- if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
- {
- /* Special case as client bug workaround: the previously used cipher may
- * not be in the current list, the client instead might be trying to
- * continue using a cipher that before wasn't chosen due to server
- * preferences. We'll have to reject the connection if the cipher is not
- * enabled, though. */
- c = sk_SSL_CIPHER_value(ciphers, 0);
- if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0)
- {
- s->session->cipher = c;
- j = 1;
- }
- }
-#endif
- if (j == 0)
- {
- /* we need to have the cipher in the cipher
- * list if we are asked to reuse it */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
- goto f_err;
- }
- }
-
- /* compression */
- i= *(p++);
- if ((p+i) > (d+n))
- {
- /* not enough data */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- q=p;
- for (j=0; j<i; j++)
- {
- if (p[j] == 0) break;
- }
-
- p+=i;
- if (j >= i)
- {
- /* no compress */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
- goto f_err;
- }
-
-#ifndef OPENSSL_NO_TLSEXT
- /* TLS extensions*/
- if (s->version >= SSL3_VERSION)
- {
- if (!ssl_parse_clienthello_tlsext(s,&p,d,n, &al))
- {
- /* 'al' set by ssl_parse_clienthello_tlsext */
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_PARSE_TLSEXT);
- goto f_err;
- }
- }
- if (ssl_check_clienthello_tlsext_early(s) <= 0) {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
- goto err;
- }
-#endif
- /* Worst case, we will use the NULL compression, but if we have other
- * options, we will now look for them. We have i-1 compression
- * algorithms from the client, starting at q. */
- s->s3->tmp.new_compression=NULL;
-#ifndef OPENSSL_NO_COMP
- if (s->ctx->comp_methods != NULL)
- { /* See if we have a match */
- int m,nn,o,v,done=0;
-
- nn=sk_SSL_COMP_num(s->ctx->comp_methods);
- for (m=0; m<nn; m++)
- {
- comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
- v=comp->id;
- for (o=0; o<i; o++)
- {
- if (v == q[o])
- {
- done=1;
- break;
- }
- }
- if (done) break;
- }
- if (done)
- s->s3->tmp.new_compression=comp;
- else
- comp=NULL;
- }
-#endif
-
- /* TLS does not mind if there is extra stuff */
-#if 0 /* SSL 3.0 does not mind either, so we should disable this test
- * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
- * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
- if (s->version == SSL3_VERSION)
- {
- if (p < (d+n))
- {
- /* wrong number of bytes,
- * there could be more to follow */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- }
-#endif
-
- /* Given s->session->ciphers and SSL_get_ciphers, we must
- * pick a cipher */
-
- if (!s->hit)
- {
-#ifdef OPENSSL_NO_COMP
- s->session->compress_meth=0;
-#else
- s->session->compress_meth=(comp == NULL)?0:comp->id;
-#endif
- if (s->session->ciphers != NULL)
- sk_SSL_CIPHER_free(s->session->ciphers);
- s->session->ciphers=ciphers;
- if (ciphers == NULL)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
- goto f_err;
- }
- ciphers=NULL;
- c=ssl3_choose_cipher(s,s->session->ciphers,
- SSL_get_ciphers(s));
-
- if (c == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
- goto f_err;
- }
- s->s3->tmp.new_cipher=c;
- }
- else
- {
- /* Session-id reuse */
-#ifdef REUSE_CIPHER_BUG
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *nc=NULL;
- SSL_CIPHER *ec=NULL;
-
- if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
- {
- sk=s->session->ciphers;
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- c=sk_SSL_CIPHER_value(sk,i);
- if (c->algorithms & SSL_eNULL)
- nc=c;
- if (SSL_C_IS_EXPORT(c))
- ec=c;
- }
- if (nc != NULL)
- s->s3->tmp.new_cipher=nc;
- else if (ec != NULL)
- s->s3->tmp.new_cipher=ec;
- else
- s->s3->tmp.new_cipher=s->session->cipher;
- }
- else
-#endif
- s->s3->tmp.new_cipher=s->session->cipher;
- }
-
- /* we now have the following setup.
- * client_random
- * cipher_list - our prefered list of ciphers
- * ciphers - the clients prefered list of ciphers
- * compression - basically ignored right now
- * ssl version is set - sslv3
- * s->session - The ssl session has been setup.
- * s->hit - session reuse flag
- * s->tmp.new_cipher - the new cipher to use.
- */
-
-#ifndef OPENSSL_NO_TLSEXT
- /* Handles TLS extensions that we couldn't check earlier */
- if (s->version >= SSL3_VERSION)
- {
- if (ssl_check_clienthello_tlsext_late(s) <= 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
- goto err;
- }
- }
-#endif
-
- if (ret < 0) ret=1;
- if (0)
- {
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
-err:
- if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
- return(ret);
- }
-
-int ssl3_send_server_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i,sl;
- unsigned long l,Time;
-
- if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
- {
- buf=(unsigned char *)s->init_buf->data;
- p=s->s3->server_random;
- Time=(unsigned long)time(NULL); /* Time */
- l2n(Time,p);
- if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
- return -1;
- /* Do the message type and length last */
- d=p= &(buf[4]);
-
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
-
- /* Random stuff */
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* now in theory we have 3 options to sending back the
- * session id. If it is a re-use, we send back the
- * old session-id, if it is a new session, we send
- * back the new session-id or we send back a 0 length
- * session-id if we want it to be single use.
- * Currently I will not implement the '0' length session-id
- * 12-Jan-98 - I'll now support the '0' length stuff.
- *
- * We also have an additional case where stateless session
- * resumption is successful: we always send back the old
- * session id. In this case s->hit is non zero: this can
- * only happen if stateless session resumption is succesful
- * if session caching is disabled so existing functionality
- * is unaffected.
- */
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
- && !s->hit)
- s->session->session_id_length=0;
-
- sl=s->session->session_id_length;
- if (sl > (int)sizeof(s->session->session_id))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- *(p++)=sl;
- memcpy(p,s->session->session_id,sl);
- p+=sl;
-
- /* put the cipher */
- i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
- p+=i;
-
- /* put the compression method */
-#ifdef OPENSSL_NO_COMP
- *(p++)=0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- *(p++)=0;
- else
- *(p++)=s->s3->tmp.new_compression->id;
-#endif
-#ifndef OPENSSL_NO_TLSEXT
- if ((p = ssl_add_serverhello_tlsext(s, p, buf+SSL3_RT_MAX_PLAIN_LENGTH)) == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO,ERR_R_INTERNAL_ERROR);
- return -1;
- }
-#endif
- /* do the header */
- l=(p-d);
- d=buf;
- *(d++)=SSL3_MT_SERVER_HELLO;
- l2n3(l,d);
-
- s->state=SSL3_ST_SW_SRVR_HELLO_B;
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
- }
-
- /* SSL3_ST_SW_SRVR_HELLO_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int ssl3_send_server_done(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL3_ST_SW_SRVR_DONE_A)
- {
- p=(unsigned char *)s->init_buf->data;
-
- /* do the header */
- *(p++)=SSL3_MT_SERVER_DONE;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
-
- s->state=SSL3_ST_SW_SRVR_DONE_B;
- /* number of bytes to write */
- s->init_num=4;
- s->init_off=0;
- }
-
- /* SSL3_ST_SW_SRVR_DONE_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int ssl3_send_server_key_exchange(SSL *s)
- {
-#ifndef OPENSSL_NO_RSA
- unsigned char *q;
- int j,num;
- RSA *rsa;
- unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- unsigned int u;
-#endif
-#ifndef OPENSSL_NO_DH
- DH *dh=NULL,*dhp;
-#endif
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh=NULL, *ecdhp;
- unsigned char *encodedPoint = NULL;
- int encodedlen = 0;
- int curve_id = 0;
- BN_CTX *bn_ctx = NULL;
-#endif
- EVP_PKEY *pkey;
- unsigned char *p,*d;
- int al,i;
- unsigned long type;
- int n;
- CERT *cert;
- BIGNUM *r[4];
- int nr[4],kn;
- BUF_MEM *buf;
- EVP_MD_CTX md_ctx;
-
- EVP_MD_CTX_init(&md_ctx);
- if (s->state == SSL3_ST_SW_KEY_EXCH_A)
- {
- type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
- cert=s->cert;
-
- buf=s->init_buf;
-
- r[0]=r[1]=r[2]=r[3]=NULL;
- n=0;
-#ifndef OPENSSL_NO_RSA
- if (type & SSL_kRSA)
- {
- rsa=cert->rsa_tmp;
- if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
- {
- rsa=s->cert->rsa_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if(rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
- goto f_err;
- }
- RSA_up_ref(rsa);
- cert->rsa_tmp=rsa;
- }
- if (rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
- goto f_err;
- }
- r[0]=rsa->n;
- r[1]=rsa->e;
- s->s3->tmp.use_rsa_tmp=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_DH
- if (type & SSL_kEDH)
- {
- dhp=cert->dh_tmp;
- if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
- dhp=s->cert->dh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if (dhp == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
- }
-
- if (s->s3->tmp.dh != NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if ((dh=DHparams_dup(dhp)) == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- s->s3->tmp.dh=dh;
- if ((dhp->pub_key == NULL ||
- dhp->priv_key == NULL ||
- (s->options & SSL_OP_SINGLE_DH_USE)))
- {
- if(!DH_generate_key(dh))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
- ERR_R_DH_LIB);
- goto err;
- }
- }
- else
- {
- dh->pub_key=BN_dup(dhp->pub_key);
- dh->priv_key=BN_dup(dhp->priv_key);
- if ((dh->pub_key == NULL) ||
- (dh->priv_key == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- }
- r[0]=dh->p;
- r[1]=dh->g;
- r[2]=dh->pub_key;
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (type & SSL_kECDHE)
- {
- const EC_GROUP *group;
-
- ecdhp=cert->ecdh_tmp;
- if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
- {
- ecdhp=s->cert->ecdh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- }
- if (ecdhp == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
- goto f_err;
- }
-
- if (s->s3->tmp.ecdh != NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- /* Duplicate the ECDH structure. */
- if (ecdhp == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
- goto err;
- }
- if ((ecdh = EC_KEY_dup(ecdhp)) == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
- goto err;
- }
-
- s->s3->tmp.ecdh=ecdh;
- if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
- (EC_KEY_get0_private_key(ecdh) == NULL) ||
- (s->options & SSL_OP_SINGLE_ECDH_USE))
- {
- if(!EC_KEY_generate_key(ecdh))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
- goto err;
- }
- }
-
- if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
- (EC_KEY_get0_public_key(ecdh) == NULL) ||
- (EC_KEY_get0_private_key(ecdh) == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
- goto err;
- }
-
- if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
- (EC_GROUP_get_degree(group) > 163))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
- goto err;
- }
-
- /* XXX: For now, we only support ephemeral ECDH
- * keys over named (not generic) curves. For
- * supported named curves, curve_id is non-zero.
- */
- if ((curve_id =
- nid2curve_id(EC_GROUP_get_curve_name(group)))
- == 0)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
- goto err;
- }
-
- /* Encode the public key.
- * First check the size of encoding and
- * allocate memory accordingly.
- */
- encodedlen = EC_POINT_point2oct(group,
- EC_KEY_get0_public_key(ecdh),
- POINT_CONVERSION_UNCOMPRESSED,
- NULL, 0, NULL);
-
- encodedPoint = (unsigned char *)
- OPENSSL_malloc(encodedlen*sizeof(unsigned char));
- bn_ctx = BN_CTX_new();
- if ((encodedPoint == NULL) || (bn_ctx == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-
- encodedlen = EC_POINT_point2oct(group,
- EC_KEY_get0_public_key(ecdh),
- POINT_CONVERSION_UNCOMPRESSED,
- encodedPoint, encodedlen, bn_ctx);
-
- if (encodedlen == 0)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
- goto err;
- }
-
- BN_CTX_free(bn_ctx); bn_ctx=NULL;
-
- /* XXX: For now, we only support named (not
- * generic) curves in ECDH ephemeral key exchanges.
- * In this situation, we need four additional bytes
- * to encode the entire ServerECDHParams
- * structure.
- */
- n = 4 + encodedlen;
-
- /* We'll generate the serverKeyExchange message
- * explicitly so we can set these to NULLs
- */
- r[0]=NULL;
- r[1]=NULL;
- r[2]=NULL;
- r[3]=NULL;
- }
- else
-#endif /* !OPENSSL_NO_ECDH */
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
- goto f_err;
- }
- for (i=0; r[i] != NULL; i++)
- {
- nr[i]=BN_num_bytes(r[i]);
- n+=2+nr[i];
- }
-
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
- == NULL)
- {
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
- kn=EVP_PKEY_size(pkey);
- }
- else
- {
- pkey=NULL;
- kn=0;
- }
-
- if (!BUF_MEM_grow_clean(buf,n+4+kn))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
- goto err;
- }
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
-
- for (i=0; r[i] != NULL; i++)
- {
- s2n(nr[i],p);
- BN_bn2bin(r[i],p);
- p+=nr[i];
- }
-
-#ifndef OPENSSL_NO_ECDH
- if (type & SSL_kECDHE)
- {
- /* XXX: For now, we only support named (not generic) curves.
- * In this situation, the serverKeyExchange message has:
- * [1 byte CurveType], [2 byte CurveName]
- * [1 byte length of encoded point], followed by
- * the actual encoded point itself
- */
- *p = NAMED_CURVE_TYPE;
- p += 1;
- *p = 0;
- p += 1;
- *p = curve_id;
- p += 1;
- *p = encodedlen;
- p += 1;
- memcpy((unsigned char*)p,
- (unsigned char *)encodedPoint,
- encodedlen);
- OPENSSL_free(encodedPoint);
- encodedPoint = NULL;
- p += encodedlen;
- }
-#endif
-
- /* not anonymous */
- if (pkey != NULL)
- {
- /* n is the length of the params, they start at &(d[4])
- * and p points to the space at the end. */
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- q=md_buf;
- j=0;
- for (num=2; num > 0; num--)
- {
- EVP_MD_CTX_set_flags(&md_ctx,
- EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- EVP_DigestInit_ex(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1, NULL);
- EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(d[4]),n);
- EVP_DigestFinal_ex(&md_ctx,q,
- (unsigned int *)&i);
- q+=i;
- j+=i;
- }
- if (RSA_sign(NID_md5_sha1, md_buf, j,
- &(p[2]), &u, pkey->pkey.rsa) <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
- goto err;
- }
- s2n(u,p);
- n+=u+2;
- }
- else
-#endif
-#if !defined(OPENSSL_NO_DSA)
- if (pkey->type == EVP_PKEY_DSA)
- {
- /* lets do DSS */
- EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
- EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(d[4]),n);
- if (!EVP_SignFinal(&md_ctx,&(p[2]),
- (unsigned int *)&i,pkey))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
- goto err;
- }
- s2n(i,p);
- n+=i+2;
- }
- else
-#endif
-#if !defined(OPENSSL_NO_ECDSA)
- if (pkey->type == EVP_PKEY_EC)
- {
- /* let's do ECDSA */
- EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
- EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(d[4]),n);
- if (!EVP_SignFinal(&md_ctx,&(p[2]),
- (unsigned int *)&i,pkey))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
- goto err;
- }
- s2n(i,p);
- n+=i+2;
- }
- else
-#endif
- {
- /* Is this error check actually needed? */
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
- goto f_err;
- }
- }
-
- *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
- l2n3(n,d);
-
- /* we should now have things packed up, so lets send
- * it off */
- s->init_num=n+4;
- s->init_off=0;
- }
-
- s->state = SSL3_ST_SW_KEY_EXCH_B;
- EVP_MD_CTX_cleanup(&md_ctx);
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-#ifndef OPENSSL_NO_ECDH
- if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
- BN_CTX_free(bn_ctx);
-#endif
- EVP_MD_CTX_cleanup(&md_ctx);
- return(-1);
- }
-
-int ssl3_send_certificate_request(SSL *s)
- {
- unsigned char *p,*d;
- int i,j,nl,off,n;
- STACK_OF(X509_NAME) *sk=NULL;
- X509_NAME *name;
- BUF_MEM *buf;
-
- if (s->state == SSL3_ST_SW_CERT_REQ_A)
- {
- buf=s->init_buf;
-
- d=p=(unsigned char *)&(buf->data[4]);
-
- /* get the list of acceptable cert types */
- p++;
- n=ssl3_get_req_cert_type(s,p);
- d[0]=n;
- p+=n;
- n++;
-
- off=n;
- p+=2;
- n+=2;
-
- sk=SSL_get_client_CA_list(s);
- nl=0;
- if (sk != NULL)
- {
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- name=sk_X509_NAME_value(sk,i);
- j=i2d_X509_NAME(name,NULL);
- if (!BUF_MEM_grow_clean(buf,4+n+j+2))
- {
- SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
- goto err;
- }
- p=(unsigned char *)&(buf->data[4+n]);
- if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- {
- s2n(j,p);
- i2d_X509_NAME(name,&p);
- n+=2+j;
- nl+=2+j;
- }
- else
- {
- d=p;
- i2d_X509_NAME(name,&p);
- j-=2; s2n(j,d); j+=2;
- n+=j;
- nl+=j;
- }
- }
- }
- /* else no CA names */
- p=(unsigned char *)&(buf->data[4+off]);
- s2n(nl,p);
-
- d=(unsigned char *)buf->data;
- *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
- l2n3(n,d);
-
- /* we should now have things packed up, so lets send
- * it off */
-
- s->init_num=n+4;
- s->init_off=0;
-#ifdef NETSCAPE_HANG_BUG
- if (!BUF_MEM_grow_clean(buf, s->init_num + 4))
- {
- SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
- goto err;
- }
- p=(unsigned char *)s->init_buf->data + s->init_num;
-
- /* do the header */
- *(p++)=SSL3_MT_SERVER_DONE;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
- s->init_num += 4;
-#endif
-
- s->state = SSL3_ST_SW_CERT_REQ_B;
- }
-
- /* SSL3_ST_SW_CERT_REQ_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-int ssl3_get_client_key_exchange(SSL *s)
- {
- int i,al,ok;
- long n;
- unsigned long l;
- unsigned char *p;
-#ifndef OPENSSL_NO_RSA
- RSA *rsa=NULL;
- EVP_PKEY *pkey=NULL;
-#endif
-#ifndef OPENSSL_NO_DH
- BIGNUM *pub=NULL;
- DH *dh_srvr;
-#endif
-#ifndef OPENSSL_NO_KRB5
- KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
-
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *srvr_ecdh = NULL;
- EVP_PKEY *clnt_pub_pkey = NULL;
- EC_POINT *clnt_ecpoint = NULL;
- BN_CTX *bn_ctx = NULL;
-#endif
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_SR_KEY_EXCH_A,
- SSL3_ST_SR_KEY_EXCH_B,
- SSL3_MT_CLIENT_KEY_EXCHANGE,
- 2048, /* ??? */
- &ok);
-
- if (!ok) return((int)n);
- p=(unsigned char *)s->init_msg;
-
- l=s->s3->tmp.new_cipher->algorithms;
-
-#ifndef OPENSSL_NO_RSA
- if (l & SSL_kRSA)
- {
- unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
- int decrypt_len;
- unsigned char decrypt_good, version_good;
-
- /* FIX THIS UP EAY EAY EAY EAY */
- if (s->s3->tmp.use_rsa_tmp)
- {
- if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
- rsa=s->cert->rsa_tmp;
- /* Don't do a callback because rsa_tmp should
- * be sent already */
- if (rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
- goto f_err;
-
- }
- }
- else
- {
- pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
- if ( (pkey == NULL) ||
- (pkey->type != EVP_PKEY_RSA) ||
- (pkey->pkey.rsa == NULL))
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
- goto f_err;
- }
- rsa=pkey->pkey.rsa;
- }
-
- /* TLS and [incidentally] DTLS, including pre-0.9.8f */
- if (s->version > SSL3_VERSION &&
- s->client_version != DTLS1_BAD_VER)
- {
- n2s(p,i);
- if (n != i+2)
- {
- if (!(s->options & SSL_OP_TLS_D5_BUG))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
- goto err;
- }
- else
- p-=2;
- }
- else
- n=i;
- }
-
- /* We must not leak whether a decryption failure occurs because
- * of Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see
- * RFC 2246, section 7.4.7.1). The code follows that advice of
- * the TLS RFC and generates a random premaster secret for the
- * case that the decrypt fails. See
- * https://tools.ietf.org/html/rfc5246#section-7.4.7.1 */
-
- /* should be RAND_bytes, but we cannot work around a failure. */
- if (RAND_pseudo_bytes(rand_premaster_secret,
- sizeof(rand_premaster_secret)) <= 0)
- goto err;
- decrypt_len = RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
- ERR_clear_error();
-
- /* decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH.
- * decrypt_good will be 0xff if so and zero otherwise. */
- decrypt_good = constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH);
-
- /* If the version in the decrypted pre-master secret is correct
- * then version_good will be 0xff, otherwise it'll be zero.
- * The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
- * (http://eprint.iacr.org/2003/052/) exploits the version
- * number check as a "bad version oracle". Thus version checks
- * are done in constant time and are treated like any other
- * decryption error. */
- version_good = constant_time_eq_8(p[0], (unsigned)(s->client_version>>8));
- version_good &= constant_time_eq_8(p[1], (unsigned)(s->client_version&0xff));
-
- /* The premaster secret must contain the same version number as
- * the ClientHello to detect version rollback attacks
- * (strangely, the protocol does not offer such protection for
- * DH ciphersuites). However, buggy clients exist that send the
- * negotiated protocol version instead if the server does not
- * support the requested protocol version. If
- * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
- if (s->options & SSL_OP_TLS_ROLLBACK_BUG)
- {
- unsigned char workaround_good;
- workaround_good = constant_time_eq_8(p[0], (unsigned)(s->version>>8));
- workaround_good &= constant_time_eq_8(p[1], (unsigned)(s->version&0xff));
- version_good |= workaround_good;
- }
-
- /* Both decryption and version must be good for decrypt_good
- * to remain non-zero (0xff). */
- decrypt_good &= version_good;
-
- /* Now copy rand_premaster_secret over p using
- * decrypt_good_mask. */
- for (i = 0; i < (int) sizeof(rand_premaster_secret); i++)
- {
- p[i] = constant_time_select_8(decrypt_good, p[i],
- rand_premaster_secret[i]);
- }
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- p,i);
- OPENSSL_cleanse(p,i);
- }
- else
-#endif
-#ifndef OPENSSL_NO_DH
- if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- n2s(p,i);
- if (n != i+2)
- {
- if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
- goto err;
- }
- else
- {
- p-=2;
- i=(int)n;
- }
- }
-
- if (n == 0L) /* the parameters are in the cert */
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
- goto f_err;
- }
- else
- {
- if (s->s3->tmp.dh == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
- }
- else
- dh_srvr=s->s3->tmp.dh;
- }
-
- pub=BN_bin2bn(p,i,NULL);
- if (pub == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
- goto err;
- }
-
- i=DH_compute_key(p,pub,dh_srvr);
-
- if (i <= 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- BN_clear_free(pub);
- goto err;
- }
-
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh=NULL;
-
- BN_clear_free(pub);
- pub=NULL;
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,p,i);
- OPENSSL_cleanse(p,i);
- }
- else
-#endif
-#ifndef OPENSSL_NO_KRB5
- if (l & SSL_kKRB5)
- {
- krb5_error_code krb5rc;
- krb5_data enc_ticket;
- krb5_data authenticator;
- krb5_data enc_pms;
- KSSL_CTX *kssl_ctx = s->kssl_ctx;
- EVP_CIPHER_CTX ciph_ctx;
- EVP_CIPHER *enc = NULL;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
- + EVP_MAX_BLOCK_LENGTH];
- int padl, outl;
- krb5_timestamp authtime = 0;
- krb5_ticket_times ttimes;
-
- EVP_CIPHER_CTX_init(&ciph_ctx);
-
- if (!kssl_ctx) kssl_ctx = kssl_ctx_new();
-
- n2s(p,i);
- enc_ticket.length = i;
-
- if (n < (int)enc_ticket.length + 6)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
-
- enc_ticket.data = (char *)p;
- p+=enc_ticket.length;
-
- n2s(p,i);
- authenticator.length = i;
-
- if (n < (int)(enc_ticket.length + authenticator.length) + 6)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
-
- authenticator.data = (char *)p;
- p+=authenticator.length;
-
- n2s(p,i);
- enc_pms.length = i;
- enc_pms.data = (char *)p;
- p+=enc_pms.length;
-
- /* Note that the length is checked again below,
- ** after decryption
- */
- if(enc_pms.length > sizeof pms)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
-
- if (n != (long)(enc_ticket.length + authenticator.length +
- enc_pms.length + 6))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
-
- if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
- &kssl_err)) != 0)
- {
-#ifdef KSSL_DEBUG
- printf("kssl_sget_tkt rtn %d [%d]\n",
- krb5rc, kssl_err.reason);
- if (kssl_err.text)
- printf("kssl_err text= %s\n", kssl_err.text);
-#endif /* KSSL_DEBUG */
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- kssl_err.reason);
- goto err;
- }
-
- /* Note: no authenticator is not considered an error,
- ** but will return authtime == 0.
- */
- if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
- &authtime, &kssl_err)) != 0)
- {
-#ifdef KSSL_DEBUG
- printf("kssl_check_authent rtn %d [%d]\n",
- krb5rc, kssl_err.reason);
- if (kssl_err.text)
- printf("kssl_err text= %s\n", kssl_err.text);
-#endif /* KSSL_DEBUG */
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- kssl_err.reason);
- goto err;
- }
-
- if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
- goto err;
- }
-
-#ifdef KSSL_DEBUG
- kssl_ctx_show(kssl_ctx);
-#endif /* KSSL_DEBUG */
-
- enc = kssl_map_enc(kssl_ctx->enctype);
- if (enc == NULL)
- goto err;
-
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
-
- if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DECRYPTION_FAILED);
- goto err;
- }
- if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
- (unsigned char *)enc_pms.data, enc_pms.length))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DECRYPTION_FAILED);
- goto err;
- }
- if (outl > SSL_MAX_MASTER_KEY_LENGTH)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
- if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DECRYPTION_FAILED);
- goto err;
- }
- outl += padl;
- if (outl > SSL_MAX_MASTER_KEY_LENGTH)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
- if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))
- {
- /* The premaster secret must contain the same version number as the
- * ClientHello to detect version rollback attacks (strangely, the
- * protocol does not offer such protection for DH ciphersuites).
- * However, buggy clients exist that send random bytes instead of
- * the protocol version.
- * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
- * (Perhaps we should have a separate BUG value for the Kerberos cipher)
- */
- if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_AD_DECODE_ERROR);
- goto err;
- }
- }
-
- EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key, pms, outl);
-
- if (kssl_ctx->client_princ)
- {
- size_t len = strlen(kssl_ctx->client_princ);
- if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
- {
- s->session->krb5_client_princ_len = len;
- memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
- }
- }
-
-
- /* Was doing kssl_ctx_free() here,
- ** but it caused problems for apache.
- ** kssl_ctx = kssl_ctx_free(kssl_ctx);
- ** if (s->kssl_ctx) s->kssl_ctx = NULL;
- */
- }
- else
-#endif /* OPENSSL_NO_KRB5 */
-
-#ifndef OPENSSL_NO_ECDH
- if ((l & SSL_kECDH) || (l & SSL_kECDHE))
- {
- int ret = 1;
- int field_size = 0;
- const EC_KEY *tkey;
- const EC_GROUP *group;
- const BIGNUM *priv_key;
-
- /* initialize structures for server's ECDH key pair */
- if ((srvr_ecdh = EC_KEY_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* Let's get server private key and group information */
- if (l & SSL_kECDH)
- {
- /* use the certificate */
- tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
- }
- else
- {
- /* use the ephermeral values we saved when
- * generating the ServerKeyExchange msg.
- */
- tkey = s->s3->tmp.ecdh;
- }
-
- group = EC_KEY_get0_group(tkey);
- priv_key = EC_KEY_get0_private_key(tkey);
-
- if (!EC_KEY_set_group(srvr_ecdh, group) ||
- !EC_KEY_set_private_key(srvr_ecdh, priv_key))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_EC_LIB);
- goto err;
- }
-
- /* Let's get client's public key */
- if ((clnt_ecpoint = EC_POINT_new(group)) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (n == 0L)
- {
- /* Client Publickey was in Client Certificate */
-
- if (l & SSL_kECDHE)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
- goto f_err;
- }
- if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
- == NULL) ||
- (clnt_pub_pkey->type != EVP_PKEY_EC))
- {
- /* XXX: For now, we do not support client
- * authentication using ECDH certificates
- * so this branch (n == 0L) of the code is
- * never executed. When that support is
- * added, we ought to ensure the key
- * received in the certificate is
- * authorized for key agreement.
- * ECDH_compute_key implicitly checks that
- * the two ECDH shares are for the same
- * group.
- */
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
- goto f_err;
- }
-
- if (EC_POINT_copy(clnt_ecpoint,
- EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_EC_LIB);
- goto err;
- }
- ret = 2; /* Skip certificate verify processing */
- }
- else
- {
- /* Get client's public key from encoded point
- * in the ClientKeyExchange message.
- */
- if ((bn_ctx = BN_CTX_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* Get encoded point length */
- i = *p;
- p += 1;
- if (n != 1 + i)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_EC_LIB);
- goto err;
- }
- if (EC_POINT_oct2point(group,
- clnt_ecpoint, p, i, bn_ctx) == 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_EC_LIB);
- goto err;
- }
- /* p is pointing to somewhere in the buffer
- * currently, so set it to the start
- */
- p=(unsigned char *)s->init_buf->data;
- }
-
- /* Compute the shared pre-master secret */
- field_size = EC_GROUP_get_degree(group);
- if (field_size <= 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_ECDH_LIB);
- goto err;
- }
- i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
- if (i <= 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_ECDH_LIB);
- goto err;
- }
-
- EVP_PKEY_free(clnt_pub_pkey);
- EC_POINT_free(clnt_ecpoint);
- if (srvr_ecdh != NULL)
- EC_KEY_free(srvr_ecdh);
- BN_CTX_free(bn_ctx);
-
- /* Compute the master secret */
- s->session->master_key_length = s->method->ssl3_enc-> \
- generate_master_secret(s, s->session->master_key, p, i);
-
- OPENSSL_cleanse(p, i);
- return (ret);
- }
- else
-#endif
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_UNKNOWN_CIPHER_TYPE);
- goto f_err;
- }
-
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
-err:
-#endif
-#ifndef OPENSSL_NO_ECDH
- EVP_PKEY_free(clnt_pub_pkey);
- EC_POINT_free(clnt_ecpoint);
- if (srvr_ecdh != NULL)
- EC_KEY_free(srvr_ecdh);
- BN_CTX_free(bn_ctx);
-#endif
- return(-1);
- }
-
-int ssl3_get_cert_verify(SSL *s)
- {
- EVP_PKEY *pkey=NULL;
- unsigned char *p;
- int al,ok,ret=0;
- long n;
- int type=0,i,j;
- X509 *peer;
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_SR_CERT_VRFY_A,
- SSL3_ST_SR_CERT_VRFY_B,
- -1,
- SSL3_RT_MAX_PLAIN_LENGTH,
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->session->peer != NULL)
- {
- peer=s->session->peer;
- pkey=X509_get_pubkey(peer);
- type=X509_certificate_type(peer,pkey);
- }
- else
- {
- peer=NULL;
- pkey=NULL;
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
- {
- s->s3->tmp.reuse_message=1;
- if ((peer != NULL) && (type | EVP_PKT_SIGN))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
- goto f_err;
- }
- ret=1;
- goto end;
- }
-
- if (peer == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
- al=SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
-
- if (!(type & EVP_PKT_SIGN))
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
- al=SSL_AD_ILLEGAL_PARAMETER;
- goto f_err;
- }
-
- if (s->s3->change_cipher_spec)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
- al=SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
-
- /* we now have a signature that we need to verify */
- p=(unsigned char *)s->init_msg;
- n2s(p,i);
- n-=2;
- if (i > n)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
-
- j=EVP_PKEY_size(pkey);
- if ((i > j) || (n > j) || (n <= 0))
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
-
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
- pkey->pkey.rsa);
- if (i < 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
- goto f_err;
- }
- if (i == 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- j=DSA_verify(pkey->save_type,
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
- if (j <= 0)
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- {
- j=ECDSA_verify(pkey->save_type,
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec);
- if (j <= 0)
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
- SSL_R_BAD_ECDSA_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
- al=SSL_AD_UNSUPPORTED_CERTIFICATE;
- goto f_err;
- }
-
-
- ret=1;
- if (0)
- {
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
-end:
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-int ssl3_get_client_certificate(SSL *s)
- {
- int i,ok,al,ret= -1;
- X509 *x=NULL;
- unsigned long l,nc,llen,n;
- const unsigned char *p,*q;
- unsigned char *d;
- STACK_OF(X509) *sk=NULL;
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_SR_CERT_A,
- SSL3_ST_SR_CERT_B,
- -1,
- s->max_cert_list,
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
- {
- if ( (s->verify_mode & SSL_VERIFY_PEER) &&
- (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- al=SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
- }
- /* If tls asked for a client cert, the client must return a 0 list */
- if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
- al=SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
- goto f_err;
- }
- p=d=(unsigned char *)s->init_msg;
-
- if ((sk=sk_X509_new_null()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- n2l3(p,llen);
- if (llen+3 != n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- for (nc=0; nc<llen; )
- {
- n2l3(p,l);
- if ((l+nc+3) > llen)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
-
- q=p;
- x=d2i_X509(NULL,&p,l);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
- goto err;
- }
- if (p != (q+l))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
- if (!sk_X509_push(sk,x))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- x=NULL;
- nc+=l+3;
- }
-
- if (sk_X509_num(sk) <= 0)
- {
- /* TLS does not mind 0 certs returned */
- if (s->version == SSL3_VERSION)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
- goto f_err;
- }
- /* Fail for TLS only if we required a certificate */
- else if ((s->verify_mode & SSL_VERIFY_PEER) &&
- (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- al=SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
- }
- }
- else
- {
- i=ssl_verify_cert_chain(s,sk);
- if (i <= 0)
- {
- al=ssl_verify_alarm_type(s->verify_result);
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
- goto f_err;
- }
- }
-
- if (s->session->peer != NULL) /* This should not be needed */
- X509_free(s->session->peer);
- s->session->peer=sk_X509_shift(sk);
- s->session->verify_result = s->verify_result;
-
- /* With the current implementation, sess_cert will always be NULL
- * when we arrive here. */
- if (s->session->sess_cert == NULL)
- {
- s->session->sess_cert = ssl_sess_cert_new();
- if (s->session->sess_cert == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- if (s->session->sess_cert->cert_chain != NULL)
- sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
- s->session->sess_cert->cert_chain=sk;
- /* Inconsistency alert: cert_chain does *not* include the
- * peer's own certificate, while we do include it in s3_clnt.c */
-
- sk=NULL;
-
- ret=1;
- if (0)
- {
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
-err:
- if (x != NULL) X509_free(x);
- if (sk != NULL) sk_X509_pop_free(sk,X509_free);
- return(ret);
- }
-
-int ssl3_send_server_certificate(SSL *s)
- {
- unsigned long l;
- X509 *x;
-
- if (s->state == SSL3_ST_SW_CERT_A)
- {
- x=ssl_get_server_send_cert(s);
- if (x == NULL &&
- /* VRS: allow null cert if auth == KRB5 */
- (s->s3->tmp.new_cipher->algorithms
- & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- != (SSL_aKRB5|SSL_kKRB5))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
- return(0);
- }
-
- l=ssl3_output_cert_chain(s,x);
- s->state=SSL3_ST_SW_CERT_B;
- s->init_num=(int)l;
- s->init_off=0;
- }
-
- /* SSL3_ST_SW_CERT_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-
-#ifndef OPENSSL_NO_ECDH
-/* This is the complement of curve_id2nid in s3_clnt.c. */
-static int nid2curve_id(int nid)
-{
- /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
- * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
- switch (nid) {
- case NID_sect163k1: /* sect163k1 (1) */
- return 1;
- case NID_sect163r1: /* sect163r1 (2) */
- return 2;
- case NID_sect163r2: /* sect163r2 (3) */
- return 3;
- case NID_sect193r1: /* sect193r1 (4) */
- return 4;
- case NID_sect193r2: /* sect193r2 (5) */
- return 5;
- case NID_sect233k1: /* sect233k1 (6) */
- return 6;
- case NID_sect233r1: /* sect233r1 (7) */
- return 7;
- case NID_sect239k1: /* sect239k1 (8) */
- return 8;
- case NID_sect283k1: /* sect283k1 (9) */
- return 9;
- case NID_sect283r1: /* sect283r1 (10) */
- return 10;
- case NID_sect409k1: /* sect409k1 (11) */
- return 11;
- case NID_sect409r1: /* sect409r1 (12) */
- return 12;
- case NID_sect571k1: /* sect571k1 (13) */
- return 13;
- case NID_sect571r1: /* sect571r1 (14) */
- return 14;
- case NID_secp160k1: /* secp160k1 (15) */
- return 15;
- case NID_secp160r1: /* secp160r1 (16) */
- return 16;
- case NID_secp160r2: /* secp160r2 (17) */
- return 17;
- case NID_secp192k1: /* secp192k1 (18) */
- return 18;
- case NID_X9_62_prime192v1: /* secp192r1 (19) */
- return 19;
- case NID_secp224k1: /* secp224k1 (20) */
- return 20;
- case NID_secp224r1: /* secp224r1 (21) */
- return 21;
- case NID_secp256k1: /* secp256k1 (22) */
- return 22;
- case NID_X9_62_prime256v1: /* secp256r1 (23) */
- return 23;
- case NID_secp384r1: /* secp384r1 (24) */
- return 24;
- case NID_secp521r1: /* secp521r1 (25) */
- return 25;
- default:
- return 0;
- }
-}
-#endif
-#ifndef OPENSSL_NO_TLSEXT
-int ssl3_send_newsession_ticket(SSL *s)
- {
- if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
- {
- unsigned char *p, *senc, *macstart;
- int len, slen;
- unsigned int hlen;
- EVP_CIPHER_CTX ctx;
- HMAC_CTX hctx;
- SSL_CTX *tctx = s->initial_ctx;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char key_name[16];
-
- /* get session encoding length */
- slen = i2d_SSL_SESSION(s->session, NULL);
- /* Some length values are 16 bits, so forget it if session is
- * too long
- */
- if (slen > 0xFF00)
- return -1;
- /* Grow buffer if need be: the length calculation is as
- * follows 1 (size of message name) + 3 (message length
- * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
- * 16 (key name) + max_iv_len (iv length) +
- * session_length + max_enc_block_size (max encrypted session
- * length) + max_md_size (HMAC).
- */
- if (!BUF_MEM_grow(s->init_buf,
- 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
- EVP_MAX_MD_SIZE + slen))
- return -1;
- senc = OPENSSL_malloc(slen);
- if (!senc)
- return -1;
- p = senc;
- i2d_SSL_SESSION(s->session, &p);
-
- p=(unsigned char *)s->init_buf->data;
- /* do the header */
- *(p++)=SSL3_MT_NEWSESSION_TICKET;
- /* Skip message length for now */
- p += 3;
- EVP_CIPHER_CTX_init(&ctx);
- HMAC_CTX_init(&hctx);
- /* Initialize HMAC and cipher contexts. If callback present
- * it does all the work otherwise use generated values
- * from parent ctx.
- */
- if (tctx->tlsext_ticket_key_cb)
- {
- if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
- &hctx, 1) < 0)
- {
- OPENSSL_free(senc);
- return -1;
- }
- }
- else
- {
- RAND_pseudo_bytes(iv, 16);
- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
- tctx->tlsext_tick_aes_key, iv);
- HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
- memcpy(key_name, tctx->tlsext_tick_key_name, 16);
- }
- l2n(s->session->tlsext_tick_lifetime_hint, p);
- /* Skip ticket length for now */
- p += 2;
- /* Output key name */
- macstart = p;
- memcpy(p, key_name, 16);
- p += 16;
- /* output IV */
- memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
- p += EVP_CIPHER_CTX_iv_length(&ctx);
- /* Encrypt session data */
- EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
- p += len;
- EVP_EncryptFinal(&ctx, p, &len);
- p += len;
- EVP_CIPHER_CTX_cleanup(&ctx);
-
- HMAC_Update(&hctx, macstart, p - macstart);
- HMAC_Final(&hctx, p, &hlen);
- HMAC_CTX_cleanup(&hctx);
-
- p += hlen;
- /* Now write out lengths: p points to end of data written */
- /* Total length */
- len = p - (unsigned char *)s->init_buf->data;
- p=(unsigned char *)s->init_buf->data + 1;
- l2n3(len - 4, p); /* Message length */
- p += 4;
- s2n(len - 10, p); /* Ticket length */
-
- /* number of bytes to write */
- s->init_num= len;
- s->state=SSL3_ST_SW_SESSION_TICKET_B;
- s->init_off=0;
- OPENSSL_free(senc);
- }
-
- /* SSL3_ST_SW_SESSION_TICKET_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int ssl3_send_cert_status(SSL *s)
- {
- if (s->state == SSL3_ST_SW_CERT_STATUS_A)
- {
- unsigned char *p;
- /* Grow buffer if need be: the length calculation is as
- * follows 1 (message type) + 3 (message length) +
- * 1 (ocsp response type) + 3 (ocsp response length)
- * + (ocsp response)
- */
- if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
- return -1;
-
- p=(unsigned char *)s->init_buf->data;
-
- /* do the header */
- *(p++)=SSL3_MT_CERTIFICATE_STATUS;
- /* message length */
- l2n3(s->tlsext_ocsp_resplen + 4, p);
- /* status type */
- *(p++)= s->tlsext_status_type;
- /* length of OCSP response */
- l2n3(s->tlsext_ocsp_resplen, p);
- /* actual response */
- memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
- /* number of bytes to write */
- s->init_num = 8 + s->tlsext_ocsp_resplen;
- s->state=SSL3_ST_SW_CERT_STATUS_B;
- s->init_off = 0;
- }
-
- /* SSL3_ST_SW_CERT_STATUS_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/s3_srvr.c (from rev 6976, vendor-crypto/openssl/dist/ssl/s3_srvr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/s3_srvr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/s3_srvr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2800 @@
+/* ssl/s3_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+
+#define REUSE_CIPHER_BUG
+#define NETSCAPE_HANG_BUG
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include "../crypto/constant_time_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_KRB5
+# include <openssl/krb5_asn.h>
+#endif
+#include <openssl/md5.h>
+
+static SSL_METHOD *ssl3_get_server_method(int ver);
+#ifndef OPENSSL_NO_ECDH
+static int nid2curve_id(int nid);
+#endif
+
+static SSL_METHOD *ssl3_get_server_method(int ver)
+{
+ if (ver == SSL3_VERSION)
+ return (SSLv3_server_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
+ ssl3_accept,
+ ssl_undefined_function, ssl3_get_server_method)
+
+int ssl3_accept(SSL *s)
+{
+ BUF_MEM *buf;
+ unsigned long l, Time = (unsigned long)time(NULL);
+ void (*cb) (const SSL *ssl, int type, int val) = NULL;
+ int ret = -1;
+ int new_state, state, skip = 0;
+
+ RAND_add(&Time, sizeof(Time), 0);
+ ERR_clear_error();
+ clear_sys_error();
+
+ if (s->info_callback != NULL)
+ cb = s->info_callback;
+ else if (s->ctx->info_callback != NULL)
+ cb = s->ctx->info_callback;
+
+ /* init things to blank */
+ s->in_handshake++;
+ if (!SSL_in_init(s) || SSL_in_before(s))
+ SSL_clear(s);
+
+ if (s->cert == NULL) {
+ SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
+ return (-1);
+ }
+
+ for (;;) {
+ state = s->state;
+
+ switch (s->state) {
+ case SSL_ST_RENEGOTIATE:
+ s->new_session = 1;
+ /* s->state=SSL_ST_ACCEPT; */
+
+ case SSL_ST_BEFORE:
+ case SSL_ST_ACCEPT:
+ case SSL_ST_BEFORE | SSL_ST_ACCEPT:
+ case SSL_ST_OK | SSL_ST_ACCEPT:
+
+ s->server = 1;
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_START, 1);
+
+ if ((s->version >> 8) != 3) {
+ SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ s->type = SSL_ST_ACCEPT;
+
+ if (s->init_buf == NULL) {
+ if ((buf = BUF_MEM_new()) == NULL) {
+ ret = -1;
+ goto end;
+ }
+ if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+ ret = -1;
+ goto end;
+ }
+ s->init_buf = buf;
+ }
+
+ if (!ssl3_setup_buffers(s)) {
+ ret = -1;
+ goto end;
+ }
+
+ s->init_num = 0;
+ s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
+
+ if (s->state != SSL_ST_RENEGOTIATE) {
+ /*
+ * Ok, we now need to push on a buffering BIO so that the
+ * output is sent in a way that TCP likes :-)
+ */
+ if (!ssl_init_wbio_buffer(s, 1)) {
+ ret = -1;
+ goto end;
+ }
+
+ ssl3_init_finished_mac(s);
+ s->state = SSL3_ST_SR_CLNT_HELLO_A;
+ s->ctx->stats.sess_accept++;
+ } else if (!s->s3->send_connection_binding &&
+ !(s->options &
+ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+ /*
+ * Server attempting to renegotiate with client that doesn't
+ * support secure renegotiation.
+ */
+ SSLerr(SSL_F_SSL3_ACCEPT,
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ ret = -1;
+ goto end;
+ } else {
+ /*
+ * s->state == SSL_ST_RENEGOTIATE, we will just send a
+ * HelloRequest
+ */
+ s->ctx->stats.sess_accept_renegotiate++;
+ s->state = SSL3_ST_SW_HELLO_REQ_A;
+ }
+ break;
+
+ case SSL3_ST_SW_HELLO_REQ_A:
+ case SSL3_ST_SW_HELLO_REQ_B:
+
+ s->shutdown = 0;
+ ret = ssl3_send_hello_request(s);
+ if (ret <= 0)
+ goto end;
+ s->s3->tmp.next_state = SSL3_ST_SW_HELLO_REQ_C;
+ s->state = SSL3_ST_SW_FLUSH;
+ s->init_num = 0;
+
+ ssl3_init_finished_mac(s);
+ break;
+
+ case SSL3_ST_SW_HELLO_REQ_C:
+ s->state = SSL_ST_OK;
+ break;
+
+ case SSL3_ST_SR_CLNT_HELLO_A:
+ case SSL3_ST_SR_CLNT_HELLO_B:
+ case SSL3_ST_SR_CLNT_HELLO_C:
+
+ s->shutdown = 0;
+ ret = ssl3_get_client_hello(s);
+ if (ret <= 0)
+ goto end;
+ s->new_session = 2;
+ s->state = SSL3_ST_SW_SRVR_HELLO_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SW_SRVR_HELLO_A:
+ case SSL3_ST_SW_SRVR_HELLO_B:
+ ret = ssl3_send_server_hello(s);
+ if (ret <= 0)
+ goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->hit) {
+ if (s->tlsext_ticket_expected)
+ s->state = SSL3_ST_SW_SESSION_TICKET_A;
+ else
+ s->state = SSL3_ST_SW_CHANGE_A;
+ }
+#else
+ if (s->hit)
+ s->state = SSL3_ST_SW_CHANGE_A;
+#endif
+ else
+ s->state = SSL3_ST_SW_CERT_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SW_CERT_A:
+ case SSL3_ST_SW_CERT_B:
+ /* Check if it is anon DH or anon ECDH or KRB5 */
+ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
+ && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) {
+ ret = ssl3_send_server_certificate(s);
+ if (ret <= 0)
+ goto end;
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->tlsext_status_expected)
+ s->state = SSL3_ST_SW_CERT_STATUS_A;
+ else
+ s->state = SSL3_ST_SW_KEY_EXCH_A;
+ } else {
+ skip = 1;
+ s->state = SSL3_ST_SW_KEY_EXCH_A;
+ }
+#else
+ } else
+ skip = 1;
+
+ s->state = SSL3_ST_SW_KEY_EXCH_A;
+#endif
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SW_KEY_EXCH_A:
+ case SSL3_ST_SW_KEY_EXCH_B:
+ l = s->s3->tmp.new_cipher->algorithms;
+
+ /*
+ * clear this, it may get reset by send_server_key_exchange
+ */
+ s->s3->tmp.use_rsa_tmp = 0;
+
+ /*
+ * only send if a DH key exchange, fortezza or RSA but we have a
+ * sign only certificate For ECC ciphersuites, we send a
+ * serverKeyExchange message only if the cipher suite is either
+ * ECDH-anon or ECDHE. In other cases, the server certificate
+ * contains the server's public key for key exchange.
+ */
+ if ((l & SSL_kECDHE)
+ || (l & (SSL_DH | SSL_kFZA))
+ || ((l & SSL_kRSA)
+ && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+ || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
+ && EVP_PKEY_size(s->cert->pkeys
+ [SSL_PKEY_RSA_ENC].privatekey) *
+ 8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
+ )
+ )
+ )
+ ) {
+ ret = ssl3_send_server_key_exchange(s);
+ if (ret <= 0)
+ goto end;
+ } else
+ skip = 1;
+
+ s->state = SSL3_ST_SW_CERT_REQ_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SW_CERT_REQ_A:
+ case SSL3_ST_SW_CERT_REQ_B:
+ if ( /* don't request cert unless asked for it: */
+ !(s->verify_mode & SSL_VERIFY_PEER) ||
+ /*
+ * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
+ * during re-negotiation:
+ */
+ ((s->session->peer != NULL) &&
+ (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
+ /*
+ * never request cert in anonymous ciphersuites (see
+ * section "Certificate request" in SSL 3 drafts and in
+ * RFC 2246):
+ */
+ ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
+ /*
+ * ... except when the application insists on
+ * verification (against the specs, but s3_clnt.c accepts
+ * this for SSL 3)
+ */
+ !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
+ /*
+ * never request cert in Kerberos ciphersuites
+ */
+ (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) {
+ /* no cert request */
+ skip = 1;
+ s->s3->tmp.cert_request = 0;
+ s->state = SSL3_ST_SW_SRVR_DONE_A;
+ } else {
+ s->s3->tmp.cert_request = 1;
+ ret = ssl3_send_certificate_request(s);
+ if (ret <= 0)
+ goto end;
+#ifndef NETSCAPE_HANG_BUG
+ s->state = SSL3_ST_SW_SRVR_DONE_A;
+#else
+ s->state = SSL3_ST_SW_FLUSH;
+ s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
+#endif
+ s->init_num = 0;
+ }
+ break;
+
+ case SSL3_ST_SW_SRVR_DONE_A:
+ case SSL3_ST_SW_SRVR_DONE_B:
+ ret = ssl3_send_server_done(s);
+ if (ret <= 0)
+ goto end;
+ s->s3->tmp.next_state = SSL3_ST_SR_CERT_A;
+ s->state = SSL3_ST_SW_FLUSH;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SW_FLUSH:
+
+ /*
+ * This code originally checked to see if any data was pending
+ * using BIO_CTRL_INFO and then flushed. This caused problems as
+ * documented in PR#1939. The proposed fix doesn't completely
+ * resolve this issue as buggy implementations of
+ * BIO_CTRL_PENDING still exist. So instead we just flush
+ * unconditionally.
+ */
+
+ s->rwstate = SSL_WRITING;
+ if (BIO_flush(s->wbio) <= 0) {
+ ret = -1;
+ goto end;
+ }
+ s->rwstate = SSL_NOTHING;
+
+ s->state = s->s3->tmp.next_state;
+ break;
+
+ case SSL3_ST_SR_CERT_A:
+ case SSL3_ST_SR_CERT_B:
+ /* Check for second client hello (MS SGC) */
+ ret = ssl3_check_client_hello(s);
+ if (ret <= 0)
+ goto end;
+ if (ret == 2)
+ s->state = SSL3_ST_SR_CLNT_HELLO_C;
+ else {
+ if (s->s3->tmp.cert_request) {
+ ret = ssl3_get_client_certificate(s);
+ if (ret <= 0)
+ goto end;
+ }
+ s->init_num = 0;
+ s->state = SSL3_ST_SR_KEY_EXCH_A;
+ }
+ break;
+
+ case SSL3_ST_SR_KEY_EXCH_A:
+ case SSL3_ST_SR_KEY_EXCH_B:
+ ret = ssl3_get_client_key_exchange(s);
+ if (ret <= 0)
+ goto end;
+ if (ret == 2) {
+ /*
+ * For the ECDH ciphersuites when the client sends its ECDH
+ * pub key in a certificate, the CertificateVerify message is
+ * not sent.
+ */
+ s->state = SSL3_ST_SR_FINISHED_A;
+ s->init_num = 0;
+ } else {
+ s->state = SSL3_ST_SR_CERT_VRFY_A;
+ s->init_num = 0;
+
+ /*
+ * We need to get hashes here so if there is a client cert,
+ * it can be verified
+ */
+ s->method->ssl3_enc->cert_verify_mac(s,
+ &(s->s3->finish_dgst1),
+ &(s->s3->
+ tmp.cert_verify_md
+ [0]));
+ s->method->ssl3_enc->cert_verify_mac(s,
+ &(s->s3->finish_dgst2),
+ &(s->s3->
+ tmp.cert_verify_md
+ [MD5_DIGEST_LENGTH]));
+ }
+ break;
+
+ case SSL3_ST_SR_CERT_VRFY_A:
+ case SSL3_ST_SR_CERT_VRFY_B:
+
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ /* we should decide if we expected this one */
+ ret = ssl3_get_cert_verify(s);
+ if (ret <= 0)
+ goto end;
+
+ s->state = SSL3_ST_SR_FINISHED_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SR_FINISHED_A:
+ case SSL3_ST_SR_FINISHED_B:
+ s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ ret = ssl3_get_finished(s, SSL3_ST_SR_FINISHED_A,
+ SSL3_ST_SR_FINISHED_B);
+ if (ret <= 0)
+ goto end;
+ if (s->hit)
+ s->state = SSL_ST_OK;
+#ifndef OPENSSL_NO_TLSEXT
+ else if (s->tlsext_ticket_expected)
+ s->state = SSL3_ST_SW_SESSION_TICKET_A;
+#endif
+ else
+ s->state = SSL3_ST_SW_CHANGE_A;
+ s->init_num = 0;
+ break;
+
+#ifndef OPENSSL_NO_TLSEXT
+ case SSL3_ST_SW_SESSION_TICKET_A:
+ case SSL3_ST_SW_SESSION_TICKET_B:
+ ret = ssl3_send_newsession_ticket(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_CHANGE_A;
+ s->init_num = 0;
+ break;
+
+ case SSL3_ST_SW_CERT_STATUS_A:
+ case SSL3_ST_SW_CERT_STATUS_B:
+ ret = ssl3_send_cert_status(s);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_KEY_EXCH_A;
+ s->init_num = 0;
+ break;
+
+#endif
+
+ case SSL3_ST_SW_CHANGE_A:
+ case SSL3_ST_SW_CHANGE_B:
+
+ s->session->cipher = s->s3->tmp.new_cipher;
+ if (!s->method->ssl3_enc->setup_key_block(s)) {
+ ret = -1;
+ goto end;
+ }
+
+ ret = ssl3_send_change_cipher_spec(s,
+ SSL3_ST_SW_CHANGE_A,
+ SSL3_ST_SW_CHANGE_B);
+
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_FINISHED_A;
+ s->init_num = 0;
+
+ if (!s->method->ssl3_enc->change_cipher_state(s,
+ SSL3_CHANGE_CIPHER_SERVER_WRITE))
+ {
+ ret = -1;
+ goto end;
+ }
+
+ break;
+
+ case SSL3_ST_SW_FINISHED_A:
+ case SSL3_ST_SW_FINISHED_B:
+ ret = ssl3_send_finished(s,
+ SSL3_ST_SW_FINISHED_A,
+ SSL3_ST_SW_FINISHED_B,
+ s->method->
+ ssl3_enc->server_finished_label,
+ s->method->
+ ssl3_enc->server_finished_label_len);
+ if (ret <= 0)
+ goto end;
+ s->state = SSL3_ST_SW_FLUSH;
+ if (s->hit)
+ s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A;
+ else
+ s->s3->tmp.next_state = SSL_ST_OK;
+ s->init_num = 0;
+ break;
+
+ case SSL_ST_OK:
+ /* clean a few things up */
+ ssl3_cleanup_key_block(s);
+
+ BUF_MEM_free(s->init_buf);
+ s->init_buf = NULL;
+
+ /* remove buffering on output */
+ ssl_free_wbio_buffer(s);
+
+ s->init_num = 0;
+
+ if (s->new_session == 2) { /* skipped if we just sent a
+ * HelloRequest */
+ /*
+ * actually not necessarily a 'new' session unless
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
+ */
+
+ s->new_session = 0;
+
+ ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+
+ s->ctx->stats.sess_accept_good++;
+ /* s->server=1; */
+ s->handshake_func = ssl3_accept;
+
+ if (cb != NULL)
+ cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+ }
+
+ ret = 1;
+ goto end;
+ /* break; */
+
+ default:
+ SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE);
+ ret = -1;
+ goto end;
+ /* break; */
+ }
+
+ if (!s->s3->tmp.reuse_message && !skip) {
+ if (s->debug) {
+ if ((ret = BIO_flush(s->wbio)) <= 0)
+ goto end;
+ }
+
+ if ((cb != NULL) && (s->state != state)) {
+ new_state = s->state;
+ s->state = state;
+ cb(s, SSL_CB_ACCEPT_LOOP, 1);
+ s->state = new_state;
+ }
+ }
+ skip = 0;
+ }
+ end:
+ /* BIO_flush(s->wbio); */
+
+ s->in_handshake--;
+ if (cb != NULL)
+ cb(s, SSL_CB_ACCEPT_EXIT, ret);
+ return (ret);
+}
+
+int ssl3_send_hello_request(SSL *s)
+{
+ unsigned char *p;
+
+ if (s->state == SSL3_ST_SW_HELLO_REQ_A) {
+ p = (unsigned char *)s->init_buf->data;
+ *(p++) = SSL3_MT_HELLO_REQUEST;
+ *(p++) = 0;
+ *(p++) = 0;
+ *(p++) = 0;
+
+ s->state = SSL3_ST_SW_HELLO_REQ_B;
+ /* number of bytes to write */
+ s->init_num = 4;
+ s->init_off = 0;
+ }
+
+ /* SSL3_ST_SW_HELLO_REQ_B */
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int ssl3_check_client_hello(SSL *s)
+{
+ int ok;
+ long n;
+
+ /*
+ * this function is called when we really expect a Certificate message,
+ * so permit appropriate message length
+ */
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_SR_CERT_A,
+ SSL3_ST_SR_CERT_B,
+ -1, s->max_cert_list, &ok);
+ if (!ok)
+ return ((int)n);
+ s->s3->tmp.reuse_message = 1;
+ if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) {
+ /*
+ * We only allow the client to restart the handshake once per
+ * negotiation.
+ */
+ if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) {
+ SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO,
+ SSL_R_MULTIPLE_SGC_RESTARTS);
+ return -1;
+ }
+ /*
+ * Throw away what we have done so far in the current handshake,
+ * which will now be aborted. (A full SSL_clear would be too much.)
+ */
+#ifndef OPENSSL_NO_DH
+ if (s->s3->tmp.dh != NULL) {
+ DH_free(s->s3->tmp.dh);
+ s->s3->tmp.dh = NULL;
+ }
+#endif
+#ifndef OPENSSL_NO_ECDH
+ if (s->s3->tmp.ecdh != NULL) {
+ EC_KEY_free(s->s3->tmp.ecdh);
+ s->s3->tmp.ecdh = NULL;
+ }
+#endif
+ s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
+ return 2;
+ }
+ return 1;
+}
+
+int ssl3_get_client_hello(SSL *s)
+{
+ int i, j, ok, al, ret = -1;
+ unsigned int cookie_len;
+ long n;
+ unsigned long id;
+ unsigned char *p, *d, *q;
+ SSL_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
+ SSL_COMP *comp = NULL;
+#endif
+ STACK_OF(SSL_CIPHER) *ciphers = NULL;
+
+ /*
+ * We do this so that we will respond with our native type. If we are
+ * TLSv1 and we get SSLv3, we will respond with TLSv1, This down
+ * switching should be handled by a different method. If we are SSLv3, we
+ * will respond with SSLv3, even if prompted with TLSv1.
+ */
+ if (s->state == SSL3_ST_SR_CLNT_HELLO_A) {
+ s->state = SSL3_ST_SR_CLNT_HELLO_B;
+ }
+ s->first_packet = 1;
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_SR_CLNT_HELLO_B,
+ SSL3_ST_SR_CLNT_HELLO_C,
+ SSL3_MT_CLIENT_HELLO,
+ SSL3_RT_MAX_PLAIN_LENGTH, &ok);
+
+ if (!ok)
+ return ((int)n);
+ s->first_packet = 0;
+ d = p = (unsigned char *)s->init_msg;
+
+ /*
+ * use version from inside client hello, not from record header (may
+ * differ: see RFC 2246, Appendix E, second paragraph)
+ */
+ s->client_version = (((int)p[0]) << 8) | (int)p[1];
+ p += 2;
+
+ if ((s->version == DTLS1_VERSION && s->client_version > s->version) ||
+ (s->version != DTLS1_VERSION && s->client_version < s->version)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+ if ((s->client_version >> 8) == SSL3_VERSION_MAJOR) {
+ /*
+ * similar to ssl3_get_record, send alert using remote version
+ * number
+ */
+ s->version = s->client_version;
+ }
+ al = SSL_AD_PROTOCOL_VERSION;
+ goto f_err;
+ }
+
+ /*
+ * If we require cookies and this ClientHello doesn't contain one, just
+ * return since we do not want to allocate any memory yet. So check
+ * cookie length...
+ */
+ if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
+ unsigned int session_length, cookie_length;
+
+ session_length = *(p + SSL3_RANDOM_SIZE);
+ cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1);
+
+ if (cookie_length == 0)
+ return 1;
+ }
+
+ /* load the client random */
+ memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+
+ /* get the session-id */
+ j = *(p++);
+
+ s->hit = 0;
+ /*
+ * Versions before 0.9.7 always allow session reuse during renegotiation
+ * (i.e. when s->new_session is true), option
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7. Maybe
+ * this optional behaviour should always have been the default, but we
+ * cannot safely change the default behaviour (or new applications might
+ * be written that become totally unsecure when compiled with an earlier
+ * library version)
+ */
+ if ((s->new_session
+ && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
+ if (!ssl_get_new_session(s, 1))
+ goto err;
+ } else {
+ i = ssl_get_prev_session(s, p, j, d + n);
+ if (i == 1) { /* previous session */
+ s->hit = 1;
+ } else if (i == -1)
+ goto err;
+ else { /* i == 0 */
+
+ if (!ssl_get_new_session(s, 1))
+ goto err;
+ }
+ }
+
+ p += j;
+
+ if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+ /* cookie stuff */
+ cookie_len = *(p++);
+
+ /*
+ * The ClientHello may contain a cookie even if the
+ * HelloVerify message has not been sent--make sure that it
+ * does not cause an overflow.
+ */
+ if (cookie_len > sizeof(s->d1->rcvd_cookie)) {
+ /* too much data */
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
+ goto f_err;
+ }
+
+ /* verify the cookie if appropriate option is set. */
+ if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && cookie_len > 0) {
+ memcpy(s->d1->rcvd_cookie, p, cookie_len);
+
+ if (s->ctx->app_verify_cookie_cb != NULL) {
+ if (s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
+ cookie_len) == 0) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_COOKIE_MISMATCH);
+ goto f_err;
+ }
+ /* else cookie verification succeeded */
+ }
+ /* default verification */
+ else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,
+ s->d1->cookie_len) != 0) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
+ goto f_err;
+ }
+
+ ret = 2;
+ }
+
+ p += cookie_len;
+ }
+
+ n2s(p, i);
+ if ((i == 0) && (j != 0)) {
+ /* we need a cipher if we are not resuming a session */
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED);
+ goto f_err;
+ }
+ if ((p + i) >= (d + n)) {
+ /* not enough data */
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ if ((i > 0) && (ssl_bytes_to_cipher_list(s, p, i, &(ciphers))
+ == NULL)) {
+ goto err;
+ }
+ p += i;
+
+ /* If it is a hit, check that the cipher is in the list */
+ if ((s->hit) && (i > 0)) {
+ j = 0;
+ id = s->session->cipher->id;
+
+#ifdef CIPHER_DEBUG
+ printf("client sent %d ciphers\n", sk_num(ciphers));
+#endif
+ for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+ c = sk_SSL_CIPHER_value(ciphers, i);
+#ifdef CIPHER_DEBUG
+ printf("client [%2d of %2d]:%s\n",
+ i, sk_num(ciphers), SSL_CIPHER_get_name(c));
+#endif
+ if (c->id == id) {
+ j = 1;
+ break;
+ }
+ }
+ /*
+ * Disabled because it can be used in a ciphersuite downgrade attack:
+ * CVE-2010-4180.
+ */
+#if 0
+ if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)
+ && (sk_SSL_CIPHER_num(ciphers) == 1)) {
+ /*
+ * Special case as client bug workaround: the previously used
+ * cipher may not be in the current list, the client instead
+ * might be trying to continue using a cipher that before wasn't
+ * chosen due to server preferences. We'll have to reject the
+ * connection if the cipher is not enabled, though.
+ */
+ c = sk_SSL_CIPHER_value(ciphers, 0);
+ if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) {
+ s->session->cipher = c;
+ j = 1;
+ }
+ }
+#endif
+ if (j == 0) {
+ /*
+ * we need to have the cipher in the cipher list if we are asked
+ * to reuse it
+ */
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
+ SSL_R_REQUIRED_CIPHER_MISSING);
+ goto f_err;
+ }
+ }
+
+ /* compression */
+ i = *(p++);
+ if ((p + i) > (d + n)) {
+ /* not enough data */
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ q = p;
+ for (j = 0; j < i; j++) {
+ if (p[j] == 0)
+ break;
+ }
+
+ p += i;
+ if (j >= i) {
+ /* no compress */
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED);
+ goto f_err;
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ /* TLS extensions */
+ if (s->version >= SSL3_VERSION) {
+ if (!ssl_parse_clienthello_tlsext(s, &p, d, n, &al)) {
+ /* 'al' set by ssl_parse_clienthello_tlsext */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_PARSE_TLSEXT);
+ goto f_err;
+ }
+ }
+ if (ssl_check_clienthello_tlsext_early(s) <= 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+ goto err;
+ }
+#endif
+ /*
+ * Worst case, we will use the NULL compression, but if we have other
+ * options, we will now look for them. We have i-1 compression
+ * algorithms from the client, starting at q.
+ */
+ s->s3->tmp.new_compression = NULL;
+#ifndef OPENSSL_NO_COMP
+ if (s->ctx->comp_methods != NULL) {
+ /* See if we have a match */
+ int m, nn, o, v, done = 0;
+
+ nn = sk_SSL_COMP_num(s->ctx->comp_methods);
+ for (m = 0; m < nn; m++) {
+ comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+ v = comp->id;
+ for (o = 0; o < i; o++) {
+ if (v == q[o]) {
+ done = 1;
+ break;
+ }
+ }
+ if (done)
+ break;
+ }
+ if (done)
+ s->s3->tmp.new_compression = comp;
+ else
+ comp = NULL;
+ }
+#endif
+
+ /* TLS does not mind if there is extra stuff */
+#if 0
+ /*
+ * SSL 3.0 does not mind either, so we should disable this test (was
+ * enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b, in earlier
+ * SSLeay/OpenSSL releases this test existed but was buggy)
+ */
+ if (s->version == SSL3_VERSION) {
+ if (p < (d + n)) {
+ /*
+ * wrong number of bytes, there could be more to follow
+ */
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ }
+#endif
+
+ /*
+ * Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher
+ */
+
+ if (!s->hit) {
+#ifdef OPENSSL_NO_COMP
+ s->session->compress_meth = 0;
+#else
+ s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
+#endif
+ if (s->session->ciphers != NULL)
+ sk_SSL_CIPHER_free(s->session->ciphers);
+ s->session->ciphers = ciphers;
+ if (ciphers == NULL) {
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_PASSED);
+ goto f_err;
+ }
+ ciphers = NULL;
+ c = ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
+
+ if (c == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_SHARED_CIPHER);
+ goto f_err;
+ }
+ s->s3->tmp.new_cipher = c;
+ } else {
+ /* Session-id reuse */
+#ifdef REUSE_CIPHER_BUG
+ STACK_OF(SSL_CIPHER) *sk;
+ SSL_CIPHER *nc = NULL;
+ SSL_CIPHER *ec = NULL;
+
+ if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) {
+ sk = s->session->ciphers;
+ for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+ c = sk_SSL_CIPHER_value(sk, i);
+ if (c->algorithms & SSL_eNULL)
+ nc = c;
+ if (SSL_C_IS_EXPORT(c))
+ ec = c;
+ }
+ if (nc != NULL)
+ s->s3->tmp.new_cipher = nc;
+ else if (ec != NULL)
+ s->s3->tmp.new_cipher = ec;
+ else
+ s->s3->tmp.new_cipher = s->session->cipher;
+ } else
+#endif
+ s->s3->tmp.new_cipher = s->session->cipher;
+ }
+
+ /*-
+ * we now have the following setup.
+ * client_random
+ * cipher_list - our prefered list of ciphers
+ * ciphers - the clients prefered list of ciphers
+ * compression - basically ignored right now
+ * ssl version is set - sslv3
+ * s->session - The ssl session has been setup.
+ * s->hit - session reuse flag
+ * s->tmp.new_cipher - the new cipher to use.
+ */
+
+#ifndef OPENSSL_NO_TLSEXT
+ /* Handles TLS extensions that we couldn't check earlier */
+ if (s->version >= SSL3_VERSION) {
+ if (ssl_check_clienthello_tlsext_late(s) <= 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+ goto err;
+ }
+ }
+#endif
+
+ if (ret < 0)
+ ret = 1;
+ if (0) {
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ }
+ err:
+ if (ciphers != NULL)
+ sk_SSL_CIPHER_free(ciphers);
+ return (ret);
+}
+
+int ssl3_send_server_hello(SSL *s)
+{
+ unsigned char *buf;
+ unsigned char *p, *d;
+ int i, sl;
+ unsigned long l, Time;
+
+ if (s->state == SSL3_ST_SW_SRVR_HELLO_A) {
+ buf = (unsigned char *)s->init_buf->data;
+ p = s->s3->server_random;
+ Time = (unsigned long)time(NULL); /* Time */
+ l2n(Time, p);
+ if (RAND_pseudo_bytes(p, SSL3_RANDOM_SIZE - 4) <= 0)
+ return -1;
+ /* Do the message type and length last */
+ d = p = &(buf[4]);
+
+ *(p++) = s->version >> 8;
+ *(p++) = s->version & 0xff;
+
+ /* Random stuff */
+ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+
+ /*
+ * now in theory we have 3 options to sending back the session id.
+ * If it is a re-use, we send back the old session-id, if it is a new
+ * session, we send back the new session-id or we send back a 0
+ * length session-id if we want it to be single use. Currently I will
+ * not implement the '0' length session-id 12-Jan-98 - I'll now
+ * support the '0' length stuff. We also have an additional case
+ * where stateless session resumption is successful: we always send
+ * back the old session id. In this case s->hit is non zero: this can
+ * only happen if stateless session resumption is succesful if session
+ * caching is disabled so existing functionality is unaffected.
+ */
+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+ && !s->hit)
+ s->session->session_id_length = 0;
+
+ sl = s->session->session_id_length;
+ if (sl > (int)sizeof(s->session->session_id)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ *(p++) = sl;
+ memcpy(p, s->session->session_id, sl);
+ p += sl;
+
+ /* put the cipher */
+ i = ssl3_put_cipher_by_char(s->s3->tmp.new_cipher, p);
+ p += i;
+
+ /* put the compression method */
+#ifdef OPENSSL_NO_COMP
+ *(p++) = 0;
+#else
+ if (s->s3->tmp.new_compression == NULL)
+ *(p++) = 0;
+ else
+ *(p++) = s->s3->tmp.new_compression->id;
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+ if ((p =
+ ssl_add_serverhello_tlsext(s, p,
+ buf + SSL3_RT_MAX_PLAIN_LENGTH)) ==
+ NULL) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+#endif
+ /* do the header */
+ l = (p - d);
+ d = buf;
+ *(d++) = SSL3_MT_SERVER_HELLO;
+ l2n3(l, d);
+
+ s->state = SSL3_ST_SW_SRVR_HELLO_B;
+ /* number of bytes to write */
+ s->init_num = p - buf;
+ s->init_off = 0;
+ }
+
+ /* SSL3_ST_SW_SRVR_HELLO_B */
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int ssl3_send_server_done(SSL *s)
+{
+ unsigned char *p;
+
+ if (s->state == SSL3_ST_SW_SRVR_DONE_A) {
+ p = (unsigned char *)s->init_buf->data;
+
+ /* do the header */
+ *(p++) = SSL3_MT_SERVER_DONE;
+ *(p++) = 0;
+ *(p++) = 0;
+ *(p++) = 0;
+
+ s->state = SSL3_ST_SW_SRVR_DONE_B;
+ /* number of bytes to write */
+ s->init_num = 4;
+ s->init_off = 0;
+ }
+
+ /* SSL3_ST_SW_SRVR_DONE_B */
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int ssl3_send_server_key_exchange(SSL *s)
+{
+#ifndef OPENSSL_NO_RSA
+ unsigned char *q;
+ int j, num;
+ RSA *rsa;
+ unsigned char md_buf[MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH];
+ unsigned int u;
+#endif
+#ifndef OPENSSL_NO_DH
+ DH *dh = NULL, *dhp;
+#endif
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh = NULL, *ecdhp;
+ unsigned char *encodedPoint = NULL;
+ int encodedlen = 0;
+ int curve_id = 0;
+ BN_CTX *bn_ctx = NULL;
+#endif
+ EVP_PKEY *pkey;
+ unsigned char *p, *d;
+ int al, i;
+ unsigned long type;
+ int n;
+ CERT *cert;
+ BIGNUM *r[4];
+ int nr[4], kn;
+ BUF_MEM *buf;
+ EVP_MD_CTX md_ctx;
+
+ EVP_MD_CTX_init(&md_ctx);
+ if (s->state == SSL3_ST_SW_KEY_EXCH_A) {
+ type = s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
+ cert = s->cert;
+
+ buf = s->init_buf;
+
+ r[0] = r[1] = r[2] = r[3] = NULL;
+ n = 0;
+#ifndef OPENSSL_NO_RSA
+ if (type & SSL_kRSA) {
+ rsa = cert->rsa_tmp;
+ if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) {
+ rsa = s->cert->rsa_tmp_cb(s,
+ SSL_C_IS_EXPORT(s->s3->
+ tmp.new_cipher),
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->
+ tmp.new_cipher));
+ if (rsa == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+ goto f_err;
+ }
+ RSA_up_ref(rsa);
+ cert->rsa_tmp = rsa;
+ }
+ if (rsa == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_RSA_KEY);
+ goto f_err;
+ }
+ r[0] = rsa->n;
+ r[1] = rsa->e;
+ s->s3->tmp.use_rsa_tmp = 1;
+ } else
+#endif
+#ifndef OPENSSL_NO_DH
+ if (type & SSL_kEDH) {
+ dhp = cert->dh_tmp;
+ if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
+ dhp = s->cert->dh_tmp_cb(s,
+ SSL_C_IS_EXPORT(s->s3->
+ tmp.new_cipher),
+ SSL_C_EXPORT_PKEYLENGTH(s->s3->
+ tmp.new_cipher));
+ if (dhp == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_DH_KEY);
+ goto f_err;
+ }
+
+ if (s->s3->tmp.dh != NULL) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ if ((dh = DHparams_dup(dhp)) == NULL) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+ goto err;
+ }
+
+ s->s3->tmp.dh = dh;
+ if ((dhp->pub_key == NULL ||
+ dhp->priv_key == NULL ||
+ (s->options & SSL_OP_SINGLE_DH_USE))) {
+ if (!DH_generate_key(dh)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+ goto err;
+ }
+ } else {
+ dh->pub_key = BN_dup(dhp->pub_key);
+ dh->priv_key = BN_dup(dhp->priv_key);
+ if ((dh->pub_key == NULL) || (dh->priv_key == NULL)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
+ goto err;
+ }
+ }
+ r[0] = dh->p;
+ r[1] = dh->g;
+ r[2] = dh->pub_key;
+ } else
+#endif
+#ifndef OPENSSL_NO_ECDH
+ if (type & SSL_kECDHE) {
+ const EC_GROUP *group;
+
+ ecdhp = cert->ecdh_tmp;
+ if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL)) {
+ ecdhp = s->cert->ecdh_tmp_cb(s,
+ SSL_C_IS_EXPORT(s->s3->
+ tmp.new_cipher),
+ SSL_C_EXPORT_PKEYLENGTH(s->
+ s3->tmp.new_cipher));
+ }
+ if (ecdhp == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_ECDH_KEY);
+ goto f_err;
+ }
+
+ if (s->s3->tmp.ecdh != NULL) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto err;
+ }
+
+ /* Duplicate the ECDH structure. */
+ if (ecdhp == NULL) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+ goto err;
+ }
+ if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+ goto err;
+ }
+
+ s->s3->tmp.ecdh = ecdh;
+ if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
+ (EC_KEY_get0_private_key(ecdh) == NULL) ||
+ (s->options & SSL_OP_SINGLE_ECDH_USE)) {
+ if (!EC_KEY_generate_key(ecdh)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ ERR_R_ECDH_LIB);
+ goto err;
+ }
+ }
+
+ if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
+ (EC_KEY_get0_public_key(ecdh) == NULL) ||
+ (EC_KEY_get0_private_key(ecdh) == NULL)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+ goto err;
+ }
+
+ if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+ (EC_GROUP_get_degree(group) > 163)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
+ goto err;
+ }
+
+ /*
+ * XXX: For now, we only support ephemeral ECDH keys over named
+ * (not generic) curves. For supported named curves, curve_id is
+ * non-zero.
+ */
+ if ((curve_id = nid2curve_id(EC_GROUP_get_curve_name(group)))
+ == 0) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
+ goto err;
+ }
+
+ /*
+ * Encode the public key. First check the size of encoding and
+ * allocate memory accordingly.
+ */
+ encodedlen = EC_POINT_point2oct(group,
+ EC_KEY_get0_public_key(ecdh),
+ POINT_CONVERSION_UNCOMPRESSED,
+ NULL, 0, NULL);
+
+ encodedPoint = (unsigned char *)
+ OPENSSL_malloc(encodedlen * sizeof(unsigned char));
+ bn_ctx = BN_CTX_new();
+ if ((encodedPoint == NULL) || (bn_ctx == NULL)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ encodedlen = EC_POINT_point2oct(group,
+ EC_KEY_get0_public_key(ecdh),
+ POINT_CONVERSION_UNCOMPRESSED,
+ encodedPoint, encodedlen, bn_ctx);
+
+ if (encodedlen == 0) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+ goto err;
+ }
+
+ BN_CTX_free(bn_ctx);
+ bn_ctx = NULL;
+
+ /*
+ * XXX: For now, we only support named (not generic) curves in
+ * ECDH ephemeral key exchanges. In this situation, we need four
+ * additional bytes to encode the entire ServerECDHParams
+ * structure.
+ */
+ n = 4 + encodedlen;
+
+ /*
+ * We'll generate the serverKeyExchange message explicitly so we
+ * can set these to NULLs
+ */
+ r[0] = NULL;
+ r[1] = NULL;
+ r[2] = NULL;
+ r[3] = NULL;
+ } else
+#endif /* !OPENSSL_NO_ECDH */
+ {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+ goto f_err;
+ }
+ for (i = 0; r[i] != NULL; i++) {
+ nr[i] = BN_num_bytes(r[i]);
+ n += 2 + nr[i];
+ }
+
+ if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) {
+ if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher))
+ == NULL) {
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
+ kn = EVP_PKEY_size(pkey);
+ } else {
+ pkey = NULL;
+ kn = 0;
+ }
+
+ if (!BUF_MEM_grow_clean(buf, n + 4 + kn)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_BUF);
+ goto err;
+ }
+ d = (unsigned char *)s->init_buf->data;
+ p = &(d[4]);
+
+ for (i = 0; r[i] != NULL; i++) {
+ s2n(nr[i], p);
+ BN_bn2bin(r[i], p);
+ p += nr[i];
+ }
+
+#ifndef OPENSSL_NO_ECDH
+ if (type & SSL_kECDHE) {
+ /*
+ * XXX: For now, we only support named (not generic) curves. In
+ * this situation, the serverKeyExchange message has: [1 byte
+ * CurveType], [2 byte CurveName] [1 byte length of encoded
+ * point], followed by the actual encoded point itself
+ */
+ *p = NAMED_CURVE_TYPE;
+ p += 1;
+ *p = 0;
+ p += 1;
+ *p = curve_id;
+ p += 1;
+ *p = encodedlen;
+ p += 1;
+ memcpy((unsigned char *)p,
+ (unsigned char *)encodedPoint, encodedlen);
+ OPENSSL_free(encodedPoint);
+ encodedPoint = NULL;
+ p += encodedlen;
+ }
+#endif
+
+ /* not anonymous */
+ if (pkey != NULL) {
+ /*
+ * n is the length of the params, they start at &(d[4]) and p
+ * points to the space at the end.
+ */
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA) {
+ q = md_buf;
+ j = 0;
+ for (num = 2; num > 0; num--) {
+ EVP_MD_CTX_set_flags(&md_ctx,
+ EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ EVP_DigestInit_ex(&md_ctx, (num == 2)
+ ? s->ctx->md5 : s->ctx->sha1, NULL);
+ EVP_DigestUpdate(&md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&md_ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_DigestUpdate(&md_ctx, &(d[4]), n);
+ EVP_DigestFinal_ex(&md_ctx, q, (unsigned int *)&i);
+ q += i;
+ j += i;
+ }
+ if (RSA_sign(NID_md5_sha1, md_buf, j,
+ &(p[2]), &u, pkey->pkey.rsa) <= 0) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_RSA);
+ goto err;
+ }
+ s2n(u, p);
+ n += u + 2;
+ } else
+#endif
+#if !defined(OPENSSL_NO_DSA)
+ if (pkey->type == EVP_PKEY_DSA) {
+ /* lets do DSS */
+ EVP_SignInit_ex(&md_ctx, EVP_dss1(), NULL);
+ EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_SignUpdate(&md_ctx, &(d[4]), n);
+ if (!EVP_SignFinal(&md_ctx, &(p[2]),
+ (unsigned int *)&i, pkey)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_LIB_DSA);
+ goto err;
+ }
+ s2n(i, p);
+ n += i + 2;
+ } else
+#endif
+#if !defined(OPENSSL_NO_ECDSA)
+ if (pkey->type == EVP_PKEY_EC) {
+ /* let's do ECDSA */
+ EVP_SignInit_ex(&md_ctx, EVP_ecdsa(), NULL);
+ EVP_SignUpdate(&md_ctx, &(s->s3->client_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_SignUpdate(&md_ctx, &(s->s3->server_random[0]),
+ SSL3_RANDOM_SIZE);
+ EVP_SignUpdate(&md_ctx, &(d[4]), n);
+ if (!EVP_SignFinal(&md_ctx, &(p[2]),
+ (unsigned int *)&i, pkey)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ ERR_LIB_ECDSA);
+ goto err;
+ }
+ s2n(i, p);
+ n += i + 2;
+ } else
+#endif
+ {
+ /* Is this error check actually needed? */
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+ SSL_R_UNKNOWN_PKEY_TYPE);
+ goto f_err;
+ }
+ }
+
+ *(d++) = SSL3_MT_SERVER_KEY_EXCHANGE;
+ l2n3(n, d);
+
+ /*
+ * we should now have things packed up, so lets send it off
+ */
+ s->init_num = n + 4;
+ s->init_off = 0;
+ }
+
+ s->state = SSL3_ST_SW_KEY_EXCH_B;
+ EVP_MD_CTX_cleanup(&md_ctx);
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ err:
+#ifndef OPENSSL_NO_ECDH
+ if (encodedPoint != NULL)
+ OPENSSL_free(encodedPoint);
+ BN_CTX_free(bn_ctx);
+#endif
+ EVP_MD_CTX_cleanup(&md_ctx);
+ return (-1);
+}
+
+int ssl3_send_certificate_request(SSL *s)
+{
+ unsigned char *p, *d;
+ int i, j, nl, off, n;
+ STACK_OF(X509_NAME) *sk = NULL;
+ X509_NAME *name;
+ BUF_MEM *buf;
+
+ if (s->state == SSL3_ST_SW_CERT_REQ_A) {
+ buf = s->init_buf;
+
+ d = p = (unsigned char *)&(buf->data[4]);
+
+ /* get the list of acceptable cert types */
+ p++;
+ n = ssl3_get_req_cert_type(s, p);
+ d[0] = n;
+ p += n;
+ n++;
+
+ off = n;
+ p += 2;
+ n += 2;
+
+ sk = SSL_get_client_CA_list(s);
+ nl = 0;
+ if (sk != NULL) {
+ for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+ name = sk_X509_NAME_value(sk, i);
+ j = i2d_X509_NAME(name, NULL);
+ if (!BUF_MEM_grow_clean(buf, 4 + n + j + 2)) {
+ SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,
+ ERR_R_BUF_LIB);
+ goto err;
+ }
+ p = (unsigned char *)&(buf->data[4 + n]);
+ if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) {
+ s2n(j, p);
+ i2d_X509_NAME(name, &p);
+ n += 2 + j;
+ nl += 2 + j;
+ } else {
+ d = p;
+ i2d_X509_NAME(name, &p);
+ j -= 2;
+ s2n(j, d);
+ j += 2;
+ n += j;
+ nl += j;
+ }
+ }
+ }
+ /* else no CA names */
+ p = (unsigned char *)&(buf->data[4 + off]);
+ s2n(nl, p);
+
+ d = (unsigned char *)buf->data;
+ *(d++) = SSL3_MT_CERTIFICATE_REQUEST;
+ l2n3(n, d);
+
+ /*
+ * we should now have things packed up, so lets send it off
+ */
+
+ s->init_num = n + 4;
+ s->init_off = 0;
+#ifdef NETSCAPE_HANG_BUG
+ if (!BUF_MEM_grow_clean(buf, s->init_num + 4)) {
+ SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, ERR_R_BUF_LIB);
+ goto err;
+ }
+ p = (unsigned char *)s->init_buf->data + s->init_num;
+
+ /* do the header */
+ *(p++) = SSL3_MT_SERVER_DONE;
+ *(p++) = 0;
+ *(p++) = 0;
+ *(p++) = 0;
+ s->init_num += 4;
+#endif
+
+ s->state = SSL3_ST_SW_CERT_REQ_B;
+ }
+
+ /* SSL3_ST_SW_CERT_REQ_B */
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+ err:
+ return (-1);
+}
+
+int ssl3_get_client_key_exchange(SSL *s)
+{
+ int i, al, ok;
+ long n;
+ unsigned long l;
+ unsigned char *p;
+#ifndef OPENSSL_NO_RSA
+ RSA *rsa = NULL;
+ EVP_PKEY *pkey = NULL;
+#endif
+#ifndef OPENSSL_NO_DH
+ BIGNUM *pub = NULL;
+ DH *dh_srvr;
+#endif
+#ifndef OPENSSL_NO_KRB5
+ KSSL_ERR kssl_err;
+#endif /* OPENSSL_NO_KRB5 */
+
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *srvr_ecdh = NULL;
+ EVP_PKEY *clnt_pub_pkey = NULL;
+ EC_POINT *clnt_ecpoint = NULL;
+ BN_CTX *bn_ctx = NULL;
+#endif
+
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_SR_KEY_EXCH_A,
+ SSL3_ST_SR_KEY_EXCH_B,
+ SSL3_MT_CLIENT_KEY_EXCHANGE, 2048, &ok);
+
+ if (!ok)
+ return ((int)n);
+ p = (unsigned char *)s->init_msg;
+
+ l = s->s3->tmp.new_cipher->algorithms;
+
+#ifndef OPENSSL_NO_RSA
+ if (l & SSL_kRSA) {
+ unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+ int decrypt_len;
+ unsigned char decrypt_good, version_good;
+
+ /* FIX THIS UP EAY EAY EAY EAY */
+ if (s->s3->tmp.use_rsa_tmp) {
+ if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
+ rsa = s->cert->rsa_tmp;
+ /*
+ * Don't do a callback because rsa_tmp should be sent already
+ */
+ if (rsa == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_RSA_PKEY);
+ goto f_err;
+
+ }
+ } else {
+ pkey = s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
+ if ((pkey == NULL) ||
+ (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_MISSING_RSA_CERTIFICATE);
+ goto f_err;
+ }
+ rsa = pkey->pkey.rsa;
+ }
+
+ /* TLS and [incidentally] DTLS, including pre-0.9.8f */
+ if (s->version > SSL3_VERSION && s->client_version != DTLS1_BAD_VER) {
+ n2s(p, i);
+ if (n != i + 2) {
+ if (!(s->options & SSL_OP_TLS_D5_BUG)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
+ goto err;
+ } else
+ p -= 2;
+ } else
+ n = i;
+ }
+
+ /*
+ * We must not leak whether a decryption failure occurs because of
+ * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
+ * section 7.4.7.1). The code follows that advice of the TLS RFC and
+ * generates a random premaster secret for the case that the decrypt
+ * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
+ */
+
+ /*
+ * should be RAND_bytes, but we cannot work around a failure.
+ */
+ if (RAND_pseudo_bytes(rand_premaster_secret,
+ sizeof(rand_premaster_secret)) <= 0)
+ goto err;
+ decrypt_len =
+ RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING);
+ ERR_clear_error();
+
+ /*
+ * decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. decrypt_good will
+ * be 0xff if so and zero otherwise.
+ */
+ decrypt_good =
+ constant_time_eq_int_8(decrypt_len, SSL_MAX_MASTER_KEY_LENGTH);
+
+ /*
+ * If the version in the decrypted pre-master secret is correct then
+ * version_good will be 0xff, otherwise it'll be zero. The
+ * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+ * (http://eprint.iacr.org/2003/052/) exploits the version number
+ * check as a "bad version oracle". Thus version checks are done in
+ * constant time and are treated like any other decryption error.
+ */
+ version_good =
+ constant_time_eq_8(p[0], (unsigned)(s->client_version >> 8));
+ version_good &=
+ constant_time_eq_8(p[1], (unsigned)(s->client_version & 0xff));
+
+ /*
+ * The premaster secret must contain the same version number as the
+ * ClientHello to detect version rollback attacks (strangely, the
+ * protocol does not offer such protection for DH ciphersuites).
+ * However, buggy clients exist that send the negotiated protocol
+ * version instead if the server does not support the requested
+ * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
+ * clients.
+ */
+ if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
+ unsigned char workaround_good;
+ workaround_good =
+ constant_time_eq_8(p[0], (unsigned)(s->version >> 8));
+ workaround_good &=
+ constant_time_eq_8(p[1], (unsigned)(s->version & 0xff));
+ version_good |= workaround_good;
+ }
+
+ /*
+ * Both decryption and version must be good for decrypt_good to
+ * remain non-zero (0xff).
+ */
+ decrypt_good &= version_good;
+
+ /*
+ * Now copy rand_premaster_secret over p using decrypt_good_mask.
+ */
+ for (i = 0; i < (int)sizeof(rand_premaster_secret); i++) {
+ p[i] = constant_time_select_8(decrypt_good, p[i],
+ rand_premaster_secret[i]);
+ }
+
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ p, i);
+ OPENSSL_cleanse(p, i);
+ } else
+#endif
+#ifndef OPENSSL_NO_DH
+ if (l & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
+ n2s(p, i);
+ if (n != i + 2) {
+ if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+ goto err;
+ } else {
+ p -= 2;
+ i = (int)n;
+ }
+ }
+
+ if (n == 0L) { /* the parameters are in the cert */
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_UNABLE_TO_DECODE_DH_CERTS);
+ goto f_err;
+ } else {
+ if (s->s3->tmp.dh == NULL) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_DH_KEY);
+ goto f_err;
+ } else
+ dh_srvr = s->s3->tmp.dh;
+ }
+
+ pub = BN_bin2bn(p, i, NULL);
+ if (pub == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_BN_LIB);
+ goto err;
+ }
+
+ i = DH_compute_key(p, pub, dh_srvr);
+
+ if (i <= 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
+ BN_clear_free(pub);
+ goto err;
+ }
+
+ DH_free(s->s3->tmp.dh);
+ s->s3->tmp.dh = NULL;
+
+ BN_clear_free(pub);
+ pub = NULL;
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ p, i);
+ OPENSSL_cleanse(p, i);
+ } else
+#endif
+#ifndef OPENSSL_NO_KRB5
+ if (l & SSL_kKRB5) {
+ krb5_error_code krb5rc;
+ krb5_data enc_ticket;
+ krb5_data authenticator;
+ krb5_data enc_pms;
+ KSSL_CTX *kssl_ctx = s->kssl_ctx;
+ EVP_CIPHER_CTX ciph_ctx;
+ EVP_CIPHER *enc = NULL;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_BLOCK_LENGTH];
+ int padl, outl;
+ krb5_timestamp authtime = 0;
+ krb5_ticket_times ttimes;
+
+ EVP_CIPHER_CTX_init(&ciph_ctx);
+
+ if (!kssl_ctx)
+ kssl_ctx = kssl_ctx_new();
+
+ n2s(p, i);
+ enc_ticket.length = i;
+
+ if (n < (int)enc_ticket.length + 6) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
+
+ enc_ticket.data = (char *)p;
+ p += enc_ticket.length;
+
+ n2s(p, i);
+ authenticator.length = i;
+
+ if (n < (int)(enc_ticket.length + authenticator.length) + 6) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
+
+ authenticator.data = (char *)p;
+ p += authenticator.length;
+
+ n2s(p, i);
+ enc_pms.length = i;
+ enc_pms.data = (char *)p;
+ p += enc_pms.length;
+
+ /*
+ * Note that the length is checked again below, ** after decryption
+ */
+ if (enc_pms.length > sizeof pms) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
+
+ if (n != (long)(enc_ticket.length + authenticator.length +
+ enc_pms.length + 6)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
+
+ if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
+ &kssl_err)) != 0) {
+# ifdef KSSL_DEBUG
+ printf("kssl_sget_tkt rtn %d [%d]\n", krb5rc, kssl_err.reason);
+ if (kssl_err.text)
+ printf("kssl_err text= %s\n", kssl_err.text);
+# endif /* KSSL_DEBUG */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason);
+ goto err;
+ }
+
+ /*
+ * Note: no authenticator is not considered an error, ** but will
+ * return authtime == 0.
+ */
+ if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
+ &authtime, &kssl_err)) != 0) {
+# ifdef KSSL_DEBUG
+ printf("kssl_check_authent rtn %d [%d]\n",
+ krb5rc, kssl_err.reason);
+ if (kssl_err.text)
+ printf("kssl_err text= %s\n", kssl_err.text);
+# endif /* KSSL_DEBUG */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason);
+ goto err;
+ }
+
+ if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
+ goto err;
+ }
+# ifdef KSSL_DEBUG
+ kssl_ctx_show(kssl_ctx);
+# endif /* KSSL_DEBUG */
+
+ enc = kssl_map_enc(kssl_ctx->enctype);
+ if (enc == NULL)
+ goto err;
+
+ memset(iv, 0, sizeof iv); /* per RFC 1510 */
+
+ if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DECRYPTION_FAILED);
+ goto err;
+ }
+ if (!EVP_DecryptUpdate(&ciph_ctx, pms, &outl,
+ (unsigned char *)enc_pms.data, enc_pms.length))
+ {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DECRYPTION_FAILED);
+ goto err;
+ }
+ if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
+ if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DECRYPTION_FAILED);
+ goto err;
+ }
+ outl += padl;
+ if (outl > SSL_MAX_MASTER_KEY_LENGTH) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto err;
+ }
+ if (!((pms[0] == (s->client_version >> 8))
+ && (pms[1] == (s->client_version & 0xff)))) {
+ /*
+ * The premaster secret must contain the same version number as
+ * the ClientHello to detect version rollback attacks (strangely,
+ * the protocol does not offer such protection for DH
+ * ciphersuites). However, buggy clients exist that send random
+ * bytes instead of the protocol version. If
+ * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
+ * (Perhaps we should have a separate BUG value for the Kerberos
+ * cipher)
+ */
+ if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_AD_DECODE_ERROR);
+ goto err;
+ }
+ }
+
+ EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ pms, outl);
+
+ if (kssl_ctx->client_princ) {
+ size_t len = strlen(kssl_ctx->client_princ);
+ if (len < SSL_MAX_KRB5_PRINCIPAL_LENGTH) {
+ s->session->krb5_client_princ_len = len;
+ memcpy(s->session->krb5_client_princ, kssl_ctx->client_princ,
+ len);
+ }
+ }
+
+ /*- Was doing kssl_ctx_free() here,
+ * but it caused problems for apache.
+ * kssl_ctx = kssl_ctx_free(kssl_ctx);
+ * if (s->kssl_ctx) s->kssl_ctx = NULL;
+ */
+ } else
+#endif /* OPENSSL_NO_KRB5 */
+
+#ifndef OPENSSL_NO_ECDH
+ if ((l & SSL_kECDH) || (l & SSL_kECDHE)) {
+ int ret = 1;
+ int field_size = 0;
+ const EC_KEY *tkey;
+ const EC_GROUP *group;
+ const BIGNUM *priv_key;
+
+ /* initialize structures for server's ECDH key pair */
+ if ((srvr_ecdh = EC_KEY_new()) == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Let's get server private key and group information */
+ if (l & SSL_kECDH) {
+ /* use the certificate */
+ tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
+ } else {
+ /*
+ * use the ephermeral values we saved when generating the
+ * ServerKeyExchange msg.
+ */
+ tkey = s->s3->tmp.ecdh;
+ }
+
+ group = EC_KEY_get0_group(tkey);
+ priv_key = EC_KEY_get0_private_key(tkey);
+
+ if (!EC_KEY_set_group(srvr_ecdh, group) ||
+ !EC_KEY_set_private_key(srvr_ecdh, priv_key)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+ goto err;
+ }
+
+ /* Let's get client's public key */
+ if ((clnt_ecpoint = EC_POINT_new(group)) == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (n == 0L) {
+ /* Client Publickey was in Client Certificate */
+
+ if (l & SSL_kECDHE) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_ECDH_KEY);
+ goto f_err;
+ }
+ if (((clnt_pub_pkey = X509_get_pubkey(s->session->peer))
+ == NULL) || (clnt_pub_pkey->type != EVP_PKEY_EC)) {
+ /*
+ * XXX: For now, we do not support client authentication
+ * using ECDH certificates so this branch (n == 0L) of the
+ * code is never executed. When that support is added, we
+ * ought to ensure the key received in the certificate is
+ * authorized for key agreement. ECDH_compute_key implicitly
+ * checks that the two ECDH shares are for the same group.
+ */
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
+ goto f_err;
+ }
+
+ if (EC_POINT_copy(clnt_ecpoint,
+ EC_KEY_get0_public_key(clnt_pub_pkey->
+ pkey.ec)) == 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+ goto err;
+ }
+ ret = 2; /* Skip certificate verify processing */
+ } else {
+ /*
+ * Get client's public key from encoded point in the
+ * ClientKeyExchange message.
+ */
+ if ((bn_ctx = BN_CTX_new()) == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ /* Get encoded point length */
+ i = *p;
+ p += 1;
+ if (n != 1 + i) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+ goto err;
+ }
+ if (EC_POINT_oct2point(group, clnt_ecpoint, p, i, bn_ctx) == 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_EC_LIB);
+ goto err;
+ }
+ /*
+ * p is pointing to somewhere in the buffer currently, so set it
+ * to the start
+ */
+ p = (unsigned char *)s->init_buf->data;
+ }
+
+ /* Compute the shared pre-master secret */
+ field_size = EC_GROUP_get_degree(group);
+ if (field_size <= 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+ goto err;
+ }
+ i = ECDH_compute_key(p, (field_size + 7) / 8, clnt_ecpoint, srvr_ecdh,
+ NULL);
+ if (i <= 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+ goto err;
+ }
+
+ EVP_PKEY_free(clnt_pub_pkey);
+ EC_POINT_free(clnt_ecpoint);
+ if (srvr_ecdh != NULL)
+ EC_KEY_free(srvr_ecdh);
+ BN_CTX_free(bn_ctx);
+
+ /* Compute the master secret */
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->
+ session->master_key,
+ p, i);
+
+ OPENSSL_cleanse(p, i);
+ return (ret);
+ } else
+#endif
+ {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_UNKNOWN_CIPHER_TYPE);
+ goto f_err;
+ }
+
+ return (1);
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
+ err:
+#endif
+#ifndef OPENSSL_NO_ECDH
+ EVP_PKEY_free(clnt_pub_pkey);
+ EC_POINT_free(clnt_ecpoint);
+ if (srvr_ecdh != NULL)
+ EC_KEY_free(srvr_ecdh);
+ BN_CTX_free(bn_ctx);
+#endif
+ return (-1);
+}
+
+int ssl3_get_cert_verify(SSL *s)
+{
+ EVP_PKEY *pkey = NULL;
+ unsigned char *p;
+ int al, ok, ret = 0;
+ long n;
+ int type = 0, i, j;
+ X509 *peer;
+
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_SR_CERT_VRFY_A,
+ SSL3_ST_SR_CERT_VRFY_B,
+ -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok);
+
+ if (!ok)
+ return ((int)n);
+
+ if (s->session->peer != NULL) {
+ peer = s->session->peer;
+ pkey = X509_get_pubkey(peer);
+ type = X509_certificate_type(peer, pkey);
+ } else {
+ peer = NULL;
+ pkey = NULL;
+ }
+
+ if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
+ s->s3->tmp.reuse_message = 1;
+ if (peer != NULL) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_MISSING_VERIFY_MESSAGE);
+ goto f_err;
+ }
+ ret = 1;
+ goto end;
+ }
+
+ if (peer == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_NO_CLIENT_CERT_RECEIVED);
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ goto f_err;
+ }
+
+ if (!(type & EVP_PKT_SIGN)) {
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+ SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
+ al = SSL_AD_ILLEGAL_PARAMETER;
+ goto f_err;
+ }
+
+ if (s->s3->change_cipher_spec) {
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_CCS_RECEIVED_EARLY);
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ goto f_err;
+ }
+
+ /* we now have a signature that we need to verify */
+ p = (unsigned char *)s->init_msg;
+ n2s(p, i);
+ n -= 2;
+ if (i > n) {
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_LENGTH_MISMATCH);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
+
+ j = EVP_PKEY_size(pkey);
+ if ((i > j) || (n > j) || (n <= 0)) {
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_WRONG_SIGNATURE_SIZE);
+ al = SSL_AD_DECODE_ERROR;
+ goto f_err;
+ }
+#ifndef OPENSSL_NO_RSA
+ if (pkey->type == EVP_PKEY_RSA) {
+ i = RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
+ MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, p, i,
+ pkey->pkey.rsa);
+ if (i < 0) {
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_RSA_DECRYPT);
+ goto f_err;
+ }
+ if (i == 0) {
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_RSA_SIGNATURE);
+ goto f_err;
+ }
+ } else
+#endif
+#ifndef OPENSSL_NO_DSA
+ if (pkey->type == EVP_PKEY_DSA) {
+ j = DSA_verify(pkey->save_type,
+ &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
+ SHA_DIGEST_LENGTH, p, i, pkey->pkey.dsa);
+ if (j <= 0) {
+ /* bad signature */
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_DSA_SIGNATURE);
+ goto f_err;
+ }
+ } else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (pkey->type == EVP_PKEY_EC) {
+ j = ECDSA_verify(pkey->save_type,
+ &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
+ SHA_DIGEST_LENGTH, p, i, pkey->pkey.ec);
+ if (j <= 0) {
+ /* bad signature */
+ al = SSL_AD_DECRYPT_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_BAD_ECDSA_SIGNATURE);
+ goto f_err;
+ }
+ } else
+#endif
+ {
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+ al = SSL_AD_UNSUPPORTED_CERTIFICATE;
+ goto f_err;
+ }
+
+ ret = 1;
+ if (0) {
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ }
+ end:
+ EVP_PKEY_free(pkey);
+ return (ret);
+}
+
+int ssl3_get_client_certificate(SSL *s)
+{
+ int i, ok, al, ret = -1;
+ X509 *x = NULL;
+ unsigned long l, nc, llen, n;
+ const unsigned char *p, *q;
+ unsigned char *d;
+ STACK_OF(X509) *sk = NULL;
+
+ n = s->method->ssl_get_message(s,
+ SSL3_ST_SR_CERT_A,
+ SSL3_ST_SR_CERT_B,
+ -1, s->max_cert_list, &ok);
+
+ if (!ok)
+ return ((int)n);
+
+ if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+ if ((s->verify_mode & SSL_VERIFY_PEER) &&
+ (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+ SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ goto f_err;
+ }
+ /*
+ * If tls asked for a client cert, the client must return a 0 list
+ */
+ if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+ SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ goto f_err;
+ }
+ s->s3->tmp.reuse_message = 1;
+ return (1);
+ }
+
+ if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) {
+ al = SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_WRONG_MESSAGE_TYPE);
+ goto f_err;
+ }
+ p = d = (unsigned char *)s->init_msg;
+
+ if ((sk = sk_X509_new_null()) == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ n2l3(p, llen);
+ if (llen + 3 != n) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ for (nc = 0; nc < llen;) {
+ n2l3(p, l);
+ if ((l + nc + 3) > llen) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+ SSL_R_CERT_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
+ q = p;
+ x = d2i_X509(NULL, &p, l);
+ if (x == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);
+ goto err;
+ }
+ if (p != (q + l)) {
+ al = SSL_AD_DECODE_ERROR;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+ SSL_R_CERT_LENGTH_MISMATCH);
+ goto f_err;
+ }
+ if (!sk_X509_push(sk, x)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ x = NULL;
+ nc += l + 3;
+ }
+
+ if (sk_X509_num(sk) <= 0) {
+ /* TLS does not mind 0 certs returned */
+ if (s->version == SSL3_VERSION) {
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+ SSL_R_NO_CERTIFICATES_RETURNED);
+ goto f_err;
+ }
+ /* Fail for TLS only if we required a certificate */
+ else if ((s->verify_mode & SSL_VERIFY_PEER) &&
+ (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+ SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+ al = SSL_AD_HANDSHAKE_FAILURE;
+ goto f_err;
+ }
+ } else {
+ i = ssl_verify_cert_chain(s, sk);
+ if (i <= 0) {
+ al = ssl_verify_alarm_type(s->verify_result);
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,
+ SSL_R_NO_CERTIFICATE_RETURNED);
+ goto f_err;
+ }
+ }
+
+ if (s->session->peer != NULL) /* This should not be needed */
+ X509_free(s->session->peer);
+ s->session->peer = sk_X509_shift(sk);
+ s->session->verify_result = s->verify_result;
+
+ /*
+ * With the current implementation, sess_cert will always be NULL when we
+ * arrive here.
+ */
+ if (s->session->sess_cert == NULL) {
+ s->session->sess_cert = ssl_sess_cert_new();
+ if (s->session->sess_cert == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ if (s->session->sess_cert->cert_chain != NULL)
+ sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
+ s->session->sess_cert->cert_chain = sk;
+ /*
+ * Inconsistency alert: cert_chain does *not* include the peer's own
+ * certificate, while we do include it in s3_clnt.c
+ */
+
+ sk = NULL;
+
+ ret = 1;
+ if (0) {
+ f_err:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ }
+ err:
+ if (x != NULL)
+ X509_free(x);
+ if (sk != NULL)
+ sk_X509_pop_free(sk, X509_free);
+ return (ret);
+}
+
+int ssl3_send_server_certificate(SSL *s)
+{
+ unsigned long l;
+ X509 *x;
+
+ if (s->state == SSL3_ST_SW_CERT_A) {
+ x = ssl_get_server_send_cert(s);
+ if (x == NULL &&
+ /* VRS: allow null cert if auth == KRB5 */
+ (s->s3->tmp.new_cipher->algorithms
+ & (SSL_MKEY_MASK | SSL_AUTH_MASK))
+ != (SSL_aKRB5 | SSL_kKRB5)) {
+ SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+ return (0);
+ }
+
+ l = ssl3_output_cert_chain(s, x);
+ s->state = SSL3_ST_SW_CERT_B;
+ s->init_num = (int)l;
+ s->init_off = 0;
+ }
+
+ /* SSL3_ST_SW_CERT_B */
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+#ifndef OPENSSL_NO_ECDH
+/* This is the complement of curve_id2nid in s3_clnt.c. */
+static int nid2curve_id(int nid)
+{
+ /*
+ * ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) (no changes
+ * in draft-ietf-tls-ecc-03.txt [June 2003])
+ */
+ switch (nid) {
+ case NID_sect163k1: /* sect163k1 (1) */
+ return 1;
+ case NID_sect163r1: /* sect163r1 (2) */
+ return 2;
+ case NID_sect163r2: /* sect163r2 (3) */
+ return 3;
+ case NID_sect193r1: /* sect193r1 (4) */
+ return 4;
+ case NID_sect193r2: /* sect193r2 (5) */
+ return 5;
+ case NID_sect233k1: /* sect233k1 (6) */
+ return 6;
+ case NID_sect233r1: /* sect233r1 (7) */
+ return 7;
+ case NID_sect239k1: /* sect239k1 (8) */
+ return 8;
+ case NID_sect283k1: /* sect283k1 (9) */
+ return 9;
+ case NID_sect283r1: /* sect283r1 (10) */
+ return 10;
+ case NID_sect409k1: /* sect409k1 (11) */
+ return 11;
+ case NID_sect409r1: /* sect409r1 (12) */
+ return 12;
+ case NID_sect571k1: /* sect571k1 (13) */
+ return 13;
+ case NID_sect571r1: /* sect571r1 (14) */
+ return 14;
+ case NID_secp160k1: /* secp160k1 (15) */
+ return 15;
+ case NID_secp160r1: /* secp160r1 (16) */
+ return 16;
+ case NID_secp160r2: /* secp160r2 (17) */
+ return 17;
+ case NID_secp192k1: /* secp192k1 (18) */
+ return 18;
+ case NID_X9_62_prime192v1: /* secp192r1 (19) */
+ return 19;
+ case NID_secp224k1: /* secp224k1 (20) */
+ return 20;
+ case NID_secp224r1: /* secp224r1 (21) */
+ return 21;
+ case NID_secp256k1: /* secp256k1 (22) */
+ return 22;
+ case NID_X9_62_prime256v1: /* secp256r1 (23) */
+ return 23;
+ case NID_secp384r1: /* secp384r1 (24) */
+ return 24;
+ case NID_secp521r1: /* secp521r1 (25) */
+ return 25;
+ default:
+ return 0;
+ }
+}
+#endif
+#ifndef OPENSSL_NO_TLSEXT
+int ssl3_send_newsession_ticket(SSL *s)
+{
+ if (s->state == SSL3_ST_SW_SESSION_TICKET_A) {
+ unsigned char *p, *senc, *macstart;
+ int len, slen;
+ unsigned int hlen;
+ EVP_CIPHER_CTX ctx;
+ HMAC_CTX hctx;
+ SSL_CTX *tctx = s->initial_ctx;
+ unsigned char iv[EVP_MAX_IV_LENGTH];
+ unsigned char key_name[16];
+
+ /* get session encoding length */
+ slen = i2d_SSL_SESSION(s->session, NULL);
+ /*
+ * Some length values are 16 bits, so forget it if session is too
+ * long
+ */
+ if (slen > 0xFF00)
+ return -1;
+ /*-
+ * Grow buffer if need be: the length calculation is as
+ * follows 1 (size of message name) + 3 (message length
+ * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
+ * 16 (key name) + max_iv_len (iv length) +
+ * session_length + max_enc_block_size (max encrypted session
+ * length) + max_md_size (HMAC).
+ */
+ if (!BUF_MEM_grow(s->init_buf,
+ 26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
+ EVP_MAX_MD_SIZE + slen))
+ return -1;
+ senc = OPENSSL_malloc(slen);
+ if (!senc)
+ return -1;
+ p = senc;
+ i2d_SSL_SESSION(s->session, &p);
+
+ p = (unsigned char *)s->init_buf->data;
+ /* do the header */
+ *(p++) = SSL3_MT_NEWSESSION_TICKET;
+ /* Skip message length for now */
+ p += 3;
+ EVP_CIPHER_CTX_init(&ctx);
+ HMAC_CTX_init(&hctx);
+ /*
+ * Initialize HMAC and cipher contexts. If callback present it does
+ * all the work otherwise use generated values from parent ctx.
+ */
+ if (tctx->tlsext_ticket_key_cb) {
+ if (tctx->tlsext_ticket_key_cb(s, key_name, iv, &ctx,
+ &hctx, 1) < 0) {
+ OPENSSL_free(senc);
+ return -1;
+ }
+ } else {
+ RAND_pseudo_bytes(iv, 16);
+ EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ tctx->tlsext_tick_aes_key, iv);
+ HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+ tlsext_tick_md(), NULL);
+ memcpy(key_name, tctx->tlsext_tick_key_name, 16);
+ }
+ l2n(s->session->tlsext_tick_lifetime_hint, p);
+ /* Skip ticket length for now */
+ p += 2;
+ /* Output key name */
+ macstart = p;
+ memcpy(p, key_name, 16);
+ p += 16;
+ /* output IV */
+ memcpy(p, iv, EVP_CIPHER_CTX_iv_length(&ctx));
+ p += EVP_CIPHER_CTX_iv_length(&ctx);
+ /* Encrypt session data */
+ EVP_EncryptUpdate(&ctx, p, &len, senc, slen);
+ p += len;
+ EVP_EncryptFinal(&ctx, p, &len);
+ p += len;
+ EVP_CIPHER_CTX_cleanup(&ctx);
+
+ HMAC_Update(&hctx, macstart, p - macstart);
+ HMAC_Final(&hctx, p, &hlen);
+ HMAC_CTX_cleanup(&hctx);
+
+ p += hlen;
+ /* Now write out lengths: p points to end of data written */
+ /* Total length */
+ len = p - (unsigned char *)s->init_buf->data;
+ p = (unsigned char *)s->init_buf->data + 1;
+ l2n3(len - 4, p); /* Message length */
+ p += 4;
+ s2n(len - 10, p); /* Ticket length */
+
+ /* number of bytes to write */
+ s->init_num = len;
+ s->state = SSL3_ST_SW_SESSION_TICKET_B;
+ s->init_off = 0;
+ OPENSSL_free(senc);
+ }
+
+ /* SSL3_ST_SW_SESSION_TICKET_B */
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+
+int ssl3_send_cert_status(SSL *s)
+{
+ if (s->state == SSL3_ST_SW_CERT_STATUS_A) {
+ unsigned char *p;
+ /*-
+ * Grow buffer if need be: the length calculation is as
+ * follows 1 (message type) + 3 (message length) +
+ * 1 (ocsp response type) + 3 (ocsp response length)
+ * + (ocsp response)
+ */
+ if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen))
+ return -1;
+
+ p = (unsigned char *)s->init_buf->data;
+
+ /* do the header */
+ *(p++) = SSL3_MT_CERTIFICATE_STATUS;
+ /* message length */
+ l2n3(s->tlsext_ocsp_resplen + 4, p);
+ /* status type */
+ *(p++) = s->tlsext_status_type;
+ /* length of OCSP response */
+ l2n3(s->tlsext_ocsp_resplen, p);
+ /* actual response */
+ memcpy(p, s->tlsext_ocsp_resp, s->tlsext_ocsp_resplen);
+ /* number of bytes to write */
+ s->init_num = 8 + s->tlsext_ocsp_resplen;
+ s->state = SSL3_ST_SW_CERT_STATUS_B;
+ s->init_off = 0;
+ }
+
+ /* SSL3_ST_SW_CERT_STATUS_B */
+ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE));
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl-lib.com
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl-lib.com 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl-lib.com 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1057 +0,0 @@
-$!
-$! SSL-LIB.COM
-$! Written By: Robert Byer
-$! Vice-President
-$! A-Com Computing, Inc.
-$! byer at mail.all-net.net
-$!
-$! Changes by Richard Levitte <richard at levitte.org>
-$!
-$! This command file compiles and creates the "[.xxx.EXE.SSL]LIBSSL.OLB"
-$! library for OpenSSL. The "xxx" denotes the machine architecture of
-$! ALPHA, IA64 or VAX.
-$!
-$! It is written to detect what type of machine you are compiling on
-$! (i.e. ALPHA or VAX) and which "C" compiler you have (i.e. VAXC, DECC
-$! or GNU C) or you can specify which compiler to use.
-$!
-$! Specify the following as P1 to build just that part or ALL to just
-$! build everything.
-$!
-$! LIBRARY To just compile the [.xxx.EXE.SSL]LIBSSL.OLB Library.
-$! SSL_TASK To just compile the [.xxx.EXE.SSL]SSL_TASK.EXE
-$!
-$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger
-$! information.
-$!
-$! Specify which compiler at P3 to try to compile under.
-$!
-$! VAXC For VAX C.
-$! DECC For DEC C.
-$! GNUC For GNU C.
-$!
-$! If you don't speficy a compiler, it will try to determine which
-$! "C" compiler to use.
-$!
-$! P4, if defined, sets a TCP/IP library to use, through one of the following
-$! keywords:
-$!
-$! UCX for UCX
-$! TCPIP for TCPIP (post UCX)
-$! SOCKETSHR for SOCKETSHR+NETLIB
-$!
-$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
-$!
-$!
-$! Define A TCP/IP Library That We Will Need To Link To.
-$! (That Is, If We Need To Link To One.)
-$!
-$ TCPIP_LIB = ""
-$!
-$! Check What Architecture We Are Using.
-$!
-$ IF (F$GETSYI("CPU").LT.128)
-$ THEN
-$!
-$! The Architecture Is VAX.
-$!
-$ ARCH := VAX
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! The Architecture Is Alpha, IA64 or whatever comes in the future.
-$!
-$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
-$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
-$!
-$! End The Architecture Check.
-$!
-$ ENDIF
-$!
-$! Define The OBJ Directory.
-$!
-$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.SSL]
-$!
-$! Define The EXE Directory.
-$!
-$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.SSL]
-$!
-$! Check To Make Sure We Have Valid Command Line Parameters.
-$!
-$ GOSUB CHECK_OPTIONS
-$!
-$! Initialise logical names and such
-$!
-$ GOSUB INITIALISE
-$!
-$! Tell The User What Kind of Machine We Run On.
-$!
-$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
-$!
-$! Check To See If The Architecture Specific OBJ Directory Exists.
-$!
-$ IF (F$PARSE(OBJ_DIR).EQS."")
-$ THEN
-$!
-$! It Dosen't Exist, So Create It.
-$!
-$ CREATE/DIR 'OBJ_DIR'
-$!
-$! End The Architecture Specific OBJ Directory Check.
-$!
-$ ENDIF
-$!
-$! Check To See If The Architecture Specific Directory Exists.
-$!
-$ IF (F$PARSE(EXE_DIR).EQS."")
-$ THEN
-$!
-$! It Dosen't Exist, So Create It.
-$!
-$ CREATE/DIR 'EXE_DIR'
-$!
-$! End The Architecture Specific Directory Check.
-$!
-$ ENDIF
-$!
-$! Define The Library Name.
-$!
-$ SSL_LIB := 'EXE_DIR'LIBSSL.OLB
-$!
-$! Define The CRYPTO-LIB We Are To Use.
-$!
-$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
-$!
-$! Check To See What We Are To Do.
-$!
-$ IF (BUILDALL.EQS."TRUE")
-$ THEN
-$!
-$! Since Nothing Special Was Specified, Do Everything.
-$!
-$ GOSUB LIBRARY
-$ GOSUB SSL_TASK
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Build Just What The User Wants Us To Build.
-$!
-$ GOSUB 'BUILDALL'
-$!
-$! End The BUILDALL Check.
-$!
-$ ENDIF
-$!
-$! Time To EXIT.
-$!
-$ EXIT:
-$ GOSUB CLEANUP
-$ EXIT
-$!
-$! Compile The Library.
-$!
-$ LIBRARY:
-$!
-$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL.OLB" Library...
-$!
-$ IF (F$SEARCH(SSL_LIB).EQS."")
-$ THEN
-$!
-$! Guess Not, Create The Library.
-$!
-$ LIBRARY/CREATE/OBJECT 'SSL_LIB'
-$!
-$! End The Library Exist Check.
-$!
-$ ENDIF
-$!
-$! Define The Different SSL "library" Files.
-$!
-$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
- "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
- "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
- "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
- "d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
- "d1_both,d1_enc,"+ -
- "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
- "ssl_ciph,ssl_stat,ssl_rsa,"+ -
- "ssl_asn1,ssl_txt,ssl_algs,"+ -
- "bio_ssl,ssl_err,kssl,t1_reneg"
-$!
-$! Tell The User That We Are Compiling The Library.
-$!
-$ WRITE SYS$OUTPUT "Building The ",SSL_LIB," Library."
-$!
-$! Define A File Counter And Set It To "0"
-$!
-$ FILE_COUNTER = 0
-$!
-$! Top Of The File Loop.
-$!
-$ NEXT_FILE:
-$!
-$! O.K, Extract The File Name From The File List.
-$!
-$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL)
-$!
-$! Check To See If We Are At The End Of The File List.
-$!
-$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
-$!
-$! Increment The Counter.
-$!
-$ FILE_COUNTER = FILE_COUNTER + 1
-$!
-$! Create The Source File Name.
-$!
-$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
-$!
-$! Create The Object File Name.
-$!
-$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
-$ ON WARNING THEN GOTO NEXT_FILE
-$!
-$! Check To See If The File We Want To Compile Is Actually There.
-$!
-$ IF (F$SEARCH(SOURCE_FILE).EQS."")
-$ THEN
-$!
-$! Tell The User That The File Dosen't Exist.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Exit The Build.
-$!
-$ EXIT
-$!
-$! End The File Exists Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What File We Are Compiling.
-$!
-$ WRITE SYS$OUTPUT " ",FILE_NAME,".c"
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO NEXT_FILE
-$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
-$!
-$! Add It To The Library.
-$!
-$ LIBRARY/REPLACE/OBJECT 'SSL_LIB' 'OBJECT_FILE'
-$!
-$! Time To Clean Up The Object File.
-$!
-$ DELETE 'OBJECT_FILE';*
-$!
-$! Go Back And Get The Next File Name.
-$!
-$ GOTO NEXT_FILE
-$!
-$! All Done With This Library.
-$!
-$ FILE_DONE:
-$!
-$! Tell The User That We Are All Done.
-$!
-$ WRITE SYS$OUTPUT "Library ",SSL_LIB," Compiled."
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$ SSL_TASK:
-$!
-$! Check To See If We Have The Proper Libraries.
-$!
-$ GOSUB LIB_CHECK
-$!
-$! Check To See If We Have A Linker Option File.
-$!
-$ GOSUB CHECK_OPT_FILE
-$!
-$! Check To See If The File We Want To Compile Is Actually There.
-$!
-$ IF (F$SEARCH("SYS$DISK:[]SSL_TASK.C").EQS."")
-$ THEN
-$!
-$! Tell The User That The File Dosen't Exist.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The File SSL_TASK.C Dosen't Exist."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Exit The Build.
-$!
-$ EXIT
-$!
-$! End The SSL_TASK.C File Check.
-$!
-$ ENDIF
-$!
-$! Tell The User We Are Creating The SSL_TASK.
-$!
-$ WRITE SYS$OUTPUT "Creating SSL_TASK OSU HTTP SSL Engine."
-$!
-$! Compile The File.
-$!
-$ ON ERROR THEN GOTO SSL_TASK_END
-$ CC5/OBJECT='OBJ_DIR'SSL_TASK.OBJ SYS$DISK:[]SSL_TASK.C
-$!
-$! Link The Program.
-$! Check To See If We Are To Link With A Specific TCP/IP Library.
-$!
-$ IF (TCPIP_LIB.NES."")
-$ THEN
-$!
-$! Link With TCP/IP Library.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
- 'OBJ_DIR'SSL_TASK.OBJ, -
- 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
- 'TCPIP_LIB','OPT_FILE'/OPTION
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Don't Link With TCP/IP Library.
-$!
-$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
- 'OBJ_DIR'SSL_TASK.OBJ,-
- 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
- 'OPT_FILE'/OPTION
-$!
-$! End The TCP/IP Library Check.
-$!
-$ ENDIF
-$!
-$! Time To Return.
-$!
-$SSL_TASK_END:
-$ RETURN
-$!
-$! Check For The Link Option FIle.
-$!
-$ CHECK_OPT_FILE:
-$!
-$! Check To See If We Need To Make A VAX C Option File.
-$!
-$ IF (COMPILER.EQS."VAXC")
-$ THEN
-$!
-$! Check To See If We Already Have A VAX C Linker Option File.
-$!
-$ IF (F$SEARCH(OPT_FILE).EQS."")
-$ THEN
-$!
-$! We Need A VAX C Linker Option File.
-$!
-$ CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst
-! The Sharable VAX C Runtime Library.
-!
-SYS$SHARE:VAXCRTL.EXE/SHARE
-$EOD
-$!
-$! End The Option File Check.
-$!
-$ ENDIF
-$!
-$! End The VAXC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A GNU C Option File.
-$!
-$ IF (COMPILER.EQS."GNUC")
-$ THEN
-$!
-$! Check To See If We Already Have A GNU C Linker Option File.
-$!
-$ IF (F$SEARCH(OPT_FILE).EQS."")
-$ THEN
-$!
-$! We Need A GNU C Linker Option File.
-$!
-$ CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst
-! The Sharable C Runtime Library.
-!
-GNU_CC:[000000]GCCLIB/LIBRARY
-SYS$SHARE:VAXCRTL/SHARE
-$EOD
-$!
-$! End The Option File Check.
-$!
-$ ENDIF
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Need A DEC C Option File.
-$!
-$ IF (COMPILER.EQS."DECC")
-$ THEN
-$!
-$! Check To See If We Already Have A DEC C Linker Option File.
-$!
-$ IF (F$SEARCH(OPT_FILE).EQS."")
-$ THEN
-$!
-$! Figure Out If We Need A non-VAX Or A VAX Linker Option File.
-$!
-$ IF (ARCH.EQS."VAX")
-$ THEN
-$!
-$! We Need A DEC C Linker Option File For VAX.
-$!
-$ CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File To Link Agianst
-! The Sharable DEC C Runtime Library.
-!
-SYS$SHARE:DECC$SHR.EXE/SHARE
-$EOD
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Create The non-VAX Linker Option File.
-$!
-$ CREATE 'OPT_FILE'
-$DECK
-!
-! Default System Options File For non-VAX To Link Agianst
-! The Sharable C Runtime Library.
-!
-SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
-SYS$SHARE:CMA$OPEN_RTL/SHARE
-$EOD
-$!
-$! End The DEC C Option File Check.
-$!
-$ ENDIF
-$!
-$! End The Option File Search.
-$!
-$ ENDIF
-$!
-$! End The DEC C Check.
-$!
-$ ENDIF
-$!
-$! Tell The User What Linker Option File We Are Using.
-$!
-$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
-$!
-$! Time To RETURN.
-$!
-$ RETURN
-$ LIB_CHECK:
-$!
-$! Look For The VAX Library LIBSSL.OLB.
-$!
-$ IF (F$SEARCH(SSL_LIB).EQS."")
-$ THEN
-$!
-$! Tell The User We Can't Find The LIBSSL.OLB Library.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
-$ WRITE SYS$OUTPUT "We Can't Link Without It."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Since We Can't Link Without It, Exit.
-$!
-$ EXIT
-$!
-$! End The LIBSSL.OLB Library Check.
-$!
-$ ENDIF
-$!
-$! Look For The Library LIBCRYPTO.OLB.
-$!
-$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
-$ THEN
-$!
-$! Tell The User We Can't Find The LIBCRYPTO.OLB Library.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
-$ WRITE SYS$OUTPUT "We Can't Link Without It."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Since We Can't Link Without It, Exit.
-$!
-$ EXIT
-$!
-$! End The LIBCRYPTO.OLB Library Check.
-$!
-$ ENDIF
-$!
-$! Time To Return.
-$!
-$ RETURN
-$!
-$! Check The User's Options.
-$!
-$ CHECK_OPTIONS:
-$!
-$! Check To See If P1 Is Blank.
-$!
-$ IF (P1.EQS."ALL")
-$ THEN
-$!
-$! P1 Is Blank, So Build Everything.
-$!
-$ BUILDALL = "TRUE"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Else, Check To See If P1 Has A Valid Arguement.
-$!
-$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."SSL_TASK")
-$ THEN
-$!
-$! A Valid Arguement.
-$!
-$ BUILDALL = P1
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Tell The User We Don't Know What They Want.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:"
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " ALL : Just Build Everything."
-$ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.SSL]LIBSSL.OLB Library."
-$ WRITE SYS$OUTPUT " SSL_TASK : To Compile Just The [.xxx.EXE.SSL]SSL_TASK.EXE Program."
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture."
-$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture."
-$ WRITE SYS$OUTPUT " VAX : VAX Architecture."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Time To EXIT.
-$!
-$ EXIT
-$!
-$! End The Valid Arguement Check.
-$!
-$ ENDIF
-$!
-$! End The P1 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P2 Is Blank.
-$!
-$ IF (P2.EQS."NODEBUG")
-$ THEN
-$!
-$! P2 Is NODEBUG, So Compile Without Debugger Information.
-$!
-$ DEBUGGER = "NODEBUG"
-$ TRACEBACK = "NOTRACEBACK"
-$ GCC_OPTIMIZE = "OPTIMIZE"
-$ CC_OPTIMIZE = "OPTIMIZE"
-$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
-$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Check To See If We Are To Compile With Debugger Information.
-$!
-$ IF (P2.EQS."DEBUG")
-$ THEN
-$!
-$! Compile With Debugger Information.
-$!
-$ DEBUGGER = "DEBUG"
-$ TRACEBACK = "TRACEBACK"
-$ GCC_OPTIMIZE = "NOOPTIMIZE"
-$ CC_OPTIMIZE = "NOOPTIMIZE"
-$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
-$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
-$ ELSE
-$!
-$! Tell The User Entered An Invalid Option..
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:"
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information."
-$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Time To EXIT.
-$!
-$ EXIT
-$!
-$! End The Valid Arguement Check.
-$!
-$ ENDIF
-$!
-$! End The P2 Check.
-$!
-$ ENDIF
-$!
-$! Special Threads For OpenVMS v7.1 Or Later
-$!
-$! Written By: Richard Levitte
-$! richard at levitte.org
-$!
-$!
-$! Check To See If We Have A Option For P5.
-$!
-$ IF (P5.EQS."")
-$ THEN
-$!
-$! Get The Version Of VMS We Are Using.
-$!
-$ ISSEVEN :=
-$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
-$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
-$!
-$! Check To See If The VMS Version Is v7.1 Or Later.
-$!
-$ IF (TMP.GE.71)
-$ THEN
-$!
-$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
-$!
-$ ISSEVEN := ,PTHREAD_USE_D4
-$!
-$! End The VMS Version Check.
-$!
-$ ENDIF
-$!
-$! End The P5 Check.
-$!
-$ ENDIF
-$!
-$! Check To See If P3 Is Blank.
-$!
-$ IF (P3.EQS."")
-$ THEN
-$!
-$! O.K., The User Didn't Specify A Compiler, Let's Try To
-$! Find Out Which One To Use.
-$!
-$! Check To See If We Have GNU C.
-$!
-$ IF (F$TRNLNM("GNU_CC").NES."")
-$ THEN
-$!
-$! Looks Like GNUC, Set To Use GNUC.
-$!
-$ P3 = "GNUC"
-$!
-$! End The GNU C Compiler Check.
-$!
-$ ELSE
-$!
-$! Check To See If We Have VAXC Or DECC.
-$!
-$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
-$ THEN
-$!
-$! Looks Like DECC, Set To Use DECC.
-$!
-$ P3 = "DECC"
-$!
-$! Else...
-$!
-$ ELSE
-$!
-$! Looks Like VAXC, Set To Use VAXC.
-$!
-$ P3 = "VAXC"
-$!
-$! End The VAXC Compiler Check.
-$!
-$ ENDIF
-$!
-$! End The DECC & VAXC Compiler Check.
-$!
-$ ENDIF
-$!
-$! End The Compiler Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Have A Option For P4.
-$!
-$ IF (P4.EQS."")
-$ THEN
-$!
-$! Find out what socket library we have available
-$!
-$ IF F$PARSE("SOCKETSHR:") .NES. ""
-$ THEN
-$!
-$! We have SOCKETSHR, and it is my opinion that it's the best to use.
-$!
-$ P4 = "SOCKETSHR"
-$!
-$! Tell the user
-$!
-$ WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
-$!
-$! Else, let's look for something else
-$!
-$ ELSE
-$!
-$! Like UCX (the reason to do this before Multinet is that the UCX
-$! emulation is easier to use...)
-$!
-$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
- .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
- .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
-$ THEN
-$!
-$! Last resort: a UCX or UCX-compatible library
-$!
-$ P4 = "UCX"
-$!
-$! Tell the user
-$!
-$ WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
-$!
-$! That was all...
-$!
-$ ENDIF
-$ ENDIF
-$ ENDIF
-$!
-$! Set Up Initial CC Definitions, Possibly With User Ones
-$!
-$ CCDEFS = "TCPIP_TYPE_''P4'"
-$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
-$ CCEXTRAFLAGS = ""
-$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
-$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
-$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
- CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
-$!
-$! Check To See If The User Entered A Valid Paramter.
-$!
-$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
-$ THEN
-$!
-$! Check To See If The User Wanted DECC.
-$!
-$ IF (P3.EQS."DECC")
-$ THEN
-$!
-$! Looks Like DECC, Set To Use DECC.
-$!
-$ COMPILER = "DECC"
-$!
-$! Tell The User We Are Using DECC.
-$!
-$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
-$!
-$! Use DECC...
-$!
-$ CC = "CC"
-$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
- THEN CC = "CC/DECC"
-$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
- "/NOLIST/PREFIX=ALL" + -
- "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
-$!
-$! Define The Linker Options File Name.
-$!
-$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
-$!
-$! End DECC Check.
-$!
-$ ENDIF
-$!
-$! Check To See If We Are To Use VAXC.
-$!
-$ IF (P3.EQS."VAXC")
-$ THEN
-$!
-$! Looks Like VAXC, Set To Use VAXC.
-$!
-$ COMPILER = "VAXC"
-$!
-$! Tell The User We Are Using VAX C.
-$!
-$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
-$!
-$! Compile Using VAXC.
-$!
-$ CC = "CC"
-$ IF ARCH.NES."VAX"
-$ THEN
-$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
-$ EXIT
-$ ENDIF
-$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
-$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
- "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
-$ CCDEFS = CCDEFS + ",""VAXC"""
-$!
-$! Define <sys> As SYS$COMMON:[SYSLIB]
-$!
-$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
-$!
-$! Define The Linker Options File Name.
-$!
-$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
-$!
-$! End VAXC Check
-$!
-$ ENDIF
-$!
-$! Check To See If We Are To Use GNU C.
-$!
-$ IF (P3.EQS."GNUC")
-$ THEN
-$!
-$! Looks Like GNUC, Set To Use GNUC.
-$!
-$ COMPILER = "GNUC"
-$!
-$! Tell The User We Are Using GNUC.
-$!
-$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
-$!
-$! Use GNU C...
-$!
-$ IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
-$ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
- "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
-$!
-$! Define The Linker Options File Name.
-$!
-$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
-$!
-$! End The GNU C Check.
-$!
-$ ENDIF
-$!
-$! Set up default defines
-$!
-$ CCDEFS = """FLAT_INC=1""," + CCDEFS
-$!
-$! Finish up the definition of CC.
-$!
-$ IF COMPILER .EQS. "DECC"
-$ THEN
-$ IF CCDISABLEWARNINGS .EQS. ""
-$ THEN
-$ CC4DISABLEWARNINGS = "DOLLARID"
-$ ELSE
-$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
-$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
-$ ENDIF
-$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
-$ ELSE
-$ CCDISABLEWARNINGS = ""
-$ CC4DISABLEWARNINGS = ""
-$ ENDIF
-$ CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
-$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
-$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
-$ IF COMPILER .EQS. "DECC"
-$ THEN
-$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
-$ CC5 = CC3 - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
-$ ELSE
-$ CC4 = CC
-$ CC5 = CC3
-$ ENDIF
-$!
-$! Show user the result
-$!
-$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
-$!
-$! Else The User Entered An Invalid Arguement.
-$!
-$ ELSE
-$!
-$! Tell The User We Don't Know What They Want.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:"
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C."
-$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C."
-$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Time To EXIT.
-$!
-$ EXIT
-$ ENDIF
-$!
-$! Time to check the contents, and to make sure we get the correct library.
-$!
-$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
- .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
-$ THEN
-$!
-$! Check to see if SOCKETSHR was chosen
-$!
-$ IF P4.EQS."SOCKETSHR"
-$ THEN
-$!
-$! Set the library to use SOCKETSHR
-$!
-$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
-$!
-$! Done with SOCKETSHR
-$!
-$ ENDIF
-$!
-$! Check to see if MULTINET was chosen
-$!
-$ IF P4.EQS."MULTINET"
-$ THEN
-$!
-$! Set the library to use UCX emulation.
-$!
-$ P4 = "UCX"
-$!
-$! Done with MULTINET
-$!
-$ ENDIF
-$!
-$! Check to see if UCX was chosen
-$!
-$ IF P4.EQS."UCX"
-$ THEN
-$!
-$! Set the library to use UCX.
-$!
-$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
-$ IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
-$ THEN
-$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
-$ ELSE
-$ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
- TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
-$ ENDIF
-$!
-$! Done with UCX
-$!
-$ ENDIF
-$!
-$! Check to see if TCPIP was chosen
-$!
-$ IF P4.EQS."TCPIP"
-$ THEN
-$!
-$! Set the library to use TCPIP (post UCX).
-$!
-$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
-$!
-$! Done with TCPIP
-$!
-$ ENDIF
-$!
-$! Check to see if NONE was chosen
-$!
-$ IF P4.EQS."NONE"
-$ THEN
-$!
-$! Do not use a TCPIP library.
-$!
-$ TCPIP_LIB = ""
-$!
-$! Done with NONE
-$!
-$ ENDIF
-$!
-$! Print info
-$!
-$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
-$!
-$! Else The User Entered An Invalid Arguement.
-$!
-$ ELSE
-$!
-$! Tell The User We Don't Know What They Want.
-$!
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:"
-$ WRITE SYS$OUTPUT ""
-$ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library."
-$ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library."
-$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library."
-$ WRITE SYS$OUTPUT ""
-$!
-$! Time To EXIT.
-$!
-$ EXIT
-$!
-$! Done with TCP/IP libraries
-$!
-$ ENDIF
-$!
-$! Time To RETURN...
-$!
-$ RETURN
-$!
-$ INITIALISE:
-$!
-$! Save old value of the logical name OPENSSL
-$!
-$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
-$!
-$! Save directory information
-$!
-$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
-$ __HERE = F$EDIT(__HERE,"UPCASE")
-$ __TOP = __HERE - "SSL]"
-$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
-$!
-$! Set up the logical name OPENSSL to point at the include directory
-$!
-$ DEFINE OPENSSL/NOLOG '__INCLUDE'
-$!
-$! Done
-$!
-$ RETURN
-$!
-$ CLEANUP:
-$!
-$! Restore the logical name OPENSSL if it had a value
-$!
-$ IF __SAVE_OPENSSL .EQS. ""
-$ THEN
-$ DEASSIGN OPENSSL
-$ ELSE
-$ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
-$ ENDIF
-$!
-$! Done
-$!
-$ RETURN
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl-lib.com (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl-lib.com)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl-lib.com (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl-lib.com 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1057 @@
+$!
+$! SSL-LIB.COM
+$! Written By: Robert Byer
+$! Vice-President
+$! A-Com Computing, Inc.
+$! byer at mail.all-net.net
+$!
+$! Changes by Richard Levitte <richard at levitte.org>
+$!
+$! This command file compiles and creates the "[.xxx.EXE.SSL]LIBSSL.OLB"
+$! library for OpenSSL. The "xxx" denotes the machine architecture of
+$! ALPHA, IA64 or VAX.
+$!
+$! It is written to detect what type of machine you are compiling on
+$! (i.e. ALPHA or VAX) and which "C" compiler you have (i.e. VAXC, DECC
+$! or GNU C) or you can specify which compiler to use.
+$!
+$! Specify the following as P1 to build just that part or ALL to just
+$! build everything.
+$!
+$! LIBRARY To just compile the [.xxx.EXE.SSL]LIBSSL.OLB Library.
+$! SSL_TASK To just compile the [.xxx.EXE.SSL]SSL_TASK.EXE
+$!
+$! Specify DEBUG or NODEBUG as P2 to compile with or without debugger
+$! information.
+$!
+$! Specify which compiler at P3 to try to compile under.
+$!
+$! VAXC For VAX C.
+$! DECC For DEC C.
+$! GNUC For GNU C.
+$!
+$! If you don't speficy a compiler, it will try to determine which
+$! "C" compiler to use.
+$!
+$! P4, if defined, sets a TCP/IP library to use, through one of the following
+$! keywords:
+$!
+$! UCX for UCX
+$! TCPIP for TCPIP (post UCX)
+$! SOCKETSHR for SOCKETSHR+NETLIB
+$!
+$! P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That Is, If We Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check What Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").LT.128)
+$ THEN
+$!
+$! The Architecture Is VAX.
+$!
+$ ARCH := VAX
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! The Architecture Is Alpha, IA64 or whatever comes in the future.
+$!
+$ ARCH = F$EDIT( F$GETSYI( "ARCH_NAME"), "UPCASE")
+$ IF (ARCH .EQS. "") THEN ARCH = "UNK"
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.SSL]
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.SSL]
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$! It Dosen't Exist, So Create It.
+$!
+$ CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$! It Dosen't Exist, So Create It.
+$!
+$ CREATE/DIR 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ SSL_LIB := 'EXE_DIR'LIBSSL.OLB
+$!
+$! Define The CRYPTO-LIB We Are To Use.
+$!
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$!
+$! Check To See What We Are To Do.
+$!
+$ IF (BUILDALL.EQS."TRUE")
+$ THEN
+$!
+$! Since Nothing Special Was Specified, Do Everything.
+$!
+$ GOSUB LIBRARY
+$ GOSUB SSL_TASK
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Build Just What The User Wants Us To Build.
+$!
+$ GOSUB 'BUILDALL'
+$!
+$! End The BUILDALL Check.
+$!
+$ ENDIF
+$!
+$! Time To EXIT.
+$!
+$ EXIT:
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Compile The Library.
+$!
+$ LIBRARY:
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL.OLB" Library...
+$!
+$ IF (F$SEARCH(SSL_LIB).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$ LIBRARY/CREATE/OBJECT 'SSL_LIB'
+$!
+$! End The Library Exist Check.
+$!
+$ ENDIF
+$!
+$! Define The Different SSL "library" Files.
+$!
+$ LIB_SSL = "s2_meth, s2_srvr, s2_clnt, s2_lib, s2_enc, s2_pkt,"+ -
+ "s3_meth, s3_srvr, s3_clnt, s3_lib, s3_enc, s3_pkt,s3_both,s3_cbc,"+ -
+ "s23_meth,s23_srvr,s23_clnt,s23_lib, s23_pkt,"+ -
+ "t1_meth, t1_srvr, t1_clnt, t1_lib, t1_enc,"+ -
+ "d1_meth, d1_srvr, d1_clnt, d1_lib, d1_pkt,"+ -
+ "d1_both,d1_enc,"+ -
+ "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
+ "ssl_ciph,ssl_stat,ssl_rsa,"+ -
+ "ssl_asn1,ssl_txt,ssl_algs,"+ -
+ "bio_ssl,ssl_err,kssl,t1_reneg"
+$!
+$! Tell The User That We Are Compiling The Library.
+$!
+$ WRITE SYS$OUTPUT "Building The ",SSL_LIB," Library."
+$!
+$! Define A File Counter And Set It To "0"
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$EDIT(F$ELEMENT(FILE_COUNTER,",",LIB_SSL),"COLLAPSE")
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Is Actually There.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$! Tell The User That The File Dosen't Exist.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Exit The Build.
+$!
+$ EXIT
+$!
+$! End The File Exists Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What File We Are Compiling.
+$!
+$ WRITE SYS$OUTPUT " ",FILE_NAME,".c"
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$!
+$! Add It To The Library.
+$!
+$ LIBRARY/REPLACE/OBJECT 'SSL_LIB' 'OBJECT_FILE'
+$!
+$! Time To Clean Up The Object File.
+$!
+$ DELETE 'OBJECT_FILE';*
+$!
+$! Go Back And Get The Next File Name.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library.
+$!
+$ FILE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "Library ",SSL_LIB," Compiled."
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$ SSL_TASK:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Is Actually There.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]SSL_TASK.C").EQS."")
+$ THEN
+$!
+$! Tell The User That The File Dosen't Exist.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The File SSL_TASK.C Dosen't Exist."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Exit The Build.
+$!
+$ EXIT
+$!
+$! End The SSL_TASK.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User We Are Creating The SSL_TASK.
+$!
+$ WRITE SYS$OUTPUT "Creating SSL_TASK OSU HTTP SSL Engine."
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO SSL_TASK_END
+$ CC5/OBJECT='OBJ_DIR'SSL_TASK.OBJ SYS$DISK:[]SSL_TASK.C
+$!
+$! Link The Program.
+$! Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$ IF (TCPIP_LIB.NES."")
+$ THEN
+$!
+$! Link With TCP/IP Library.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
+ 'OBJ_DIR'SSL_TASK.OBJ, -
+ 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+ 'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Don't Link With TCP/IP Library.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
+ 'OBJ_DIR'SSL_TASK.OBJ,-
+ 'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+ 'OPT_FILE'/OPTION
+$!
+$! End The TCP/IP Library Check.
+$!
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$SSL_TASK_END:
+$ RETURN
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$! Check To See If We Already Have A VAX C Linker Option File.
+$!
+$ IF (F$SEARCH(OPT_FILE).EQS."")
+$ THEN
+$!
+$! We Need A VAX C Linker Option File.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$! End The Option File Check.
+$!
+$ ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$! Check To See If We Already Have A GNU C Linker Option File.
+$!
+$ IF (F$SEARCH(OPT_FILE).EQS."")
+$ THEN
+$!
+$! We Need A GNU C Linker Option File.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$! End The Option File Check.
+$!
+$ ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$! Check To See If We Already Have A DEC C Linker Option File.
+$!
+$ IF (F$SEARCH(OPT_FILE).EQS."")
+$ THEN
+$!
+$! Figure Out If We Need A non-VAX Or A VAX Linker Option File.
+$!
+$ IF (ARCH.EQS."VAX")
+$ THEN
+$!
+$! We Need A DEC C Linker Option File For VAX.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Create The non-VAX Linker Option File.
+$!
+$ CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For non-VAX To Link Agianst
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$! End The DEC C Option File Check.
+$!
+$ ENDIF
+$!
+$! End The Option File Search.
+$!
+$ ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$ LIB_CHECK:
+$!
+$! Look For The VAX Library LIBSSL.OLB.
+$!
+$ IF (F$SEARCH(SSL_LIB).EQS."")
+$ THEN
+$!
+$! Tell The User We Can't Find The LIBSSL.OLB Library.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
+$ WRITE SYS$OUTPUT "We Can't Link Without It."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Since We Can't Link Without It, Exit.
+$!
+$ EXIT
+$!
+$! End The LIBSSL.OLB Library Check.
+$!
+$ ENDIF
+$!
+$! Look For The Library LIBCRYPTO.OLB.
+$!
+$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
+$ THEN
+$!
+$! Tell The User We Can't Find The LIBCRYPTO.OLB Library.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
+$ WRITE SYS$OUTPUT "We Can't Link Without It."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Since We Can't Link Without It, Exit.
+$!
+$ EXIT
+$!
+$! End The LIBCRYPTO.OLB Library Check.
+$!
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$! P1 Is Blank, So Build Everything.
+$!
+$ BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Else, Check To See If P1 Has A Valid Arguement.
+$!
+$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."SSL_TASK")
+$ THEN
+$!
+$! A Valid Arguement.
+$!
+$ BUILDALL = P1
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Tell The User We Don't Know What They Want.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " ALL : Just Build Everything."
+$ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.SSL]LIBSSL.OLB Library."
+$ WRITE SYS$OUTPUT " SSL_TASK : To Compile Just The [.xxx.EXE.SSL]SSL_TASK.EXE Program."
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " ALPHA : Alpha Architecture."
+$ WRITE SYS$OUTPUT " IA64 : IA64 Architecture."
+$ WRITE SYS$OUTPUT " VAX : VAX Architecture."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$! P2 Is NODEBUG, So Compile Without Debugger Information.
+$!
+$ DEBUGGER = "NODEBUG"
+$ TRACEBACK = "NOTRACEBACK"
+$ GCC_OPTIMIZE = "OPTIMIZE"
+$ CC_OPTIMIZE = "OPTIMIZE"
+$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Check To See If We Are To Compile With Debugger Information.
+$!
+$ IF (P2.EQS."DEBUG")
+$ THEN
+$!
+$! Compile With Debugger Information.
+$!
+$ DEBUGGER = "DEBUG"
+$ TRACEBACK = "TRACEBACK"
+$ GCC_OPTIMIZE = "NOOPTIMIZE"
+$ CC_OPTIMIZE = "NOOPTIMIZE"
+$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$ ELSE
+$!
+$! Tell The User Entered An Invalid Option..
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information."
+$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By: Richard Levitte
+$! richard at levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P5.
+$!
+$ IF (P5.EQS."")
+$ THEN
+$!
+$! Get The Version Of VMS We Are Using.
+$!
+$ ISSEVEN :=
+$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$! Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$ IF (TMP.GE.71)
+$ THEN
+$!
+$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$ ISSEVEN := ,PTHREAD_USE_D4
+$!
+$! End The VMS Version Check.
+$!
+$ ENDIF
+$!
+$! End The P5 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$! O.K., The User Didn't Specify A Compiler, Let's Try To
+$! Find Out Which One To Use.
+$!
+$! Check To See If We Have GNU C.
+$!
+$ IF (F$TRNLNM("GNU_CC").NES."")
+$ THEN
+$!
+$! Looks Like GNUC, Set To Use GNUC.
+$!
+$ P3 = "GNUC"
+$!
+$! End The GNU C Compiler Check.
+$!
+$ ELSE
+$!
+$! Check To See If We Have VAXC Or DECC.
+$!
+$ IF (ARCH.NES."VAX").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$ THEN
+$!
+$! Looks Like DECC, Set To Use DECC.
+$!
+$ P3 = "DECC"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Looks Like VAXC, Set To Use VAXC.
+$!
+$ P3 = "VAXC"
+$!
+$! End The VAXC Compiler Check.
+$!
+$ ENDIF
+$!
+$! End The DECC & VAXC Compiler Check.
+$!
+$ ENDIF
+$!
+$! End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$! Find out what socket library we have available
+$!
+$ IF F$PARSE("SOCKETSHR:") .NES. ""
+$ THEN
+$!
+$! We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$ P4 = "SOCKETSHR"
+$!
+$! Tell the user
+$!
+$ WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$! Else, let's look for something else
+$!
+$ ELSE
+$!
+$! Like UCX (the reason to do this before Multinet is that the UCX
+$! emulation is easier to use...)
+$!
+$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+ .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+ .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$ THEN
+$!
+$! Last resort: a UCX or UCX-compatible library
+$!
+$ P4 = "UCX"
+$!
+$! Tell the user
+$!
+$ WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$! That was all...
+$!
+$ ENDIF
+$ ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "TCPIP_TYPE_''P4'"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+ CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
+$!
+$! Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$! Check To See If The User Wanted DECC.
+$!
+$ IF (P3.EQS."DECC")
+$ THEN
+$!
+$! Looks Like DECC, Set To Use DECC.
+$!
+$ COMPILER = "DECC"
+$!
+$! Tell The User We Are Using DECC.
+$!
+$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$! Use DECC...
+$!
+$ CC = "CC"
+$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+ THEN CC = "CC/DECC"
+$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+ "/NOLIST/PREFIX=ALL" + -
+ "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
+$!
+$! Define The Linker Options File Name.
+$!
+$ OPT_FILE = "''EXE_DIR'VAX_DECC_OPTIONS.OPT"
+$!
+$! End DECC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Use VAXC.
+$!
+$ IF (P3.EQS."VAXC")
+$ THEN
+$!
+$! Looks Like VAXC, Set To Use VAXC.
+$!
+$ COMPILER = "VAXC"
+$!
+$! Tell The User We Are Using VAX C.
+$!
+$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$! Compile Using VAXC.
+$!
+$ CC = "CC"
+$ IF ARCH.NES."VAX"
+$ THEN
+$ WRITE SYS$OUTPUT "There is no VAX C on ''ARCH'!"
+$ EXIT
+$ ENDIF
+$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+ "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
+$ CCDEFS = CCDEFS + ",""VAXC"""
+$!
+$! Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$! Define The Linker Options File Name.
+$!
+$ OPT_FILE = "''EXE_DIR'VAX_VAXC_OPTIONS.OPT"
+$!
+$! End VAXC Check
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Use GNU C.
+$!
+$ IF (P3.EQS."GNUC")
+$ THEN
+$!
+$! Looks Like GNUC, Set To Use GNUC.
+$!
+$ COMPILER = "GNUC"
+$!
+$! Tell The User We Are Using GNUC.
+$!
+$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$! Use GNU C...
+$!
+$ IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
+$ CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+ "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
+$!
+$! Define The Linker Options File Name.
+$!
+$ OPT_FILE = "''EXE_DIR'VAX_GNUC_OPTIONS.OPT"
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Set up default defines
+$!
+$ CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$! Finish up the definition of CC.
+$!
+$ IF COMPILER .EQS. "DECC"
+$ THEN
+$ IF CCDISABLEWARNINGS .EQS. ""
+$ THEN
+$ CC4DISABLEWARNINGS = "DOLLARID"
+$ ELSE
+$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$ ENDIF
+$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$ ELSE
+$ CCDISABLEWARNINGS = ""
+$ CC4DISABLEWARNINGS = ""
+$ ENDIF
+$ CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
+$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
+$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$ IF COMPILER .EQS. "DECC"
+$ THEN
+$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$ CC5 = CC3 - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$ ELSE
+$ CC4 = CC
+$ CC5 = CC3
+$ ENDIF
+$!
+$! Show user the result
+$!
+$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$! Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$! Tell The User We Don't Know What They Want.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C."
+$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C."
+$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$ ENDIF
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
+ .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
+$ THEN
+$!
+$! Check to see if SOCKETSHR was chosen
+$!
+$ IF P4.EQS."SOCKETSHR"
+$ THEN
+$!
+$! Set the library to use SOCKETSHR
+$!
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$! Done with SOCKETSHR
+$!
+$ ENDIF
+$!
+$! Check to see if MULTINET was chosen
+$!
+$ IF P4.EQS."MULTINET"
+$ THEN
+$!
+$! Set the library to use UCX emulation.
+$!
+$ P4 = "UCX"
+$!
+$! Done with MULTINET
+$!
+$ ENDIF
+$!
+$! Check to see if UCX was chosen
+$!
+$ IF P4.EQS."UCX"
+$ THEN
+$!
+$! Set the library to use UCX.
+$!
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$ IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$ THEN
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$ ELSE
+$ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$ ENDIF
+$!
+$! Done with UCX
+$!
+$ ENDIF
+$!
+$! Check to see if TCPIP was chosen
+$!
+$ IF P4.EQS."TCPIP"
+$ THEN
+$!
+$! Set the library to use TCPIP (post UCX).
+$!
+$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$!
+$! Done with TCPIP
+$!
+$ ENDIF
+$!
+$! Check to see if NONE was chosen
+$!
+$ IF P4.EQS."NONE"
+$ THEN
+$!
+$! Do not use a TCPIP library.
+$!
+$ TCPIP_LIB = ""
+$!
+$! Done with NONE
+$!
+$ ENDIF
+$!
+$! Print info
+$!
+$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$! Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$! Tell The User We Don't Know What They Want.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:"
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library."
+$ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library."
+$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library."
+$ WRITE SYS$OUTPUT ""
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$!
+$! Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
+$ __TOP = __HERE - "SSL]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$ DEASSIGN OPENSSL
+$ ELSE
+$ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2145 +0,0 @@
-/* ssl/ssl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_SSL_H
-#define HEADER_SSL_H
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_DEPRECATED
-#ifndef OPENSSL_NO_X509
-#include <openssl/x509.h>
-#endif
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#endif
-#include <openssl/pem.h>
-#include <openssl/hmac.h>
-
-#include <openssl/kssl.h>
-#include <openssl/safestack.h>
-#include <openssl/symhacks.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
- * Version 1 - added the optional peer certificate
- */
-#define SSL_SESSION_ASN1_VERSION 0x0001
-
-/* text strings for the ciphers */
-#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
-#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
-#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
-#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
-#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
-#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
-#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
-#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
-
-/* VRS Additional Kerberos5 entries
- */
-#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA
-#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
-#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
-#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5
-#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
-
-#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
-#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA
-#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA
-#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
-#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5
-#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5
-
-#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
-#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
-#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
-#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
-#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256
-
-#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
-#define SSL_MAX_SID_CTX_LENGTH 32
-
-#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
-#define SSL_MAX_KEY_ARG_LENGTH 8
-#define SSL_MAX_MASTER_KEY_LENGTH 48
-
-/* These are used to specify which ciphers to use and not to use */
-#define SSL_TXT_LOW "LOW"
-#define SSL_TXT_MEDIUM "MEDIUM"
-#define SSL_TXT_HIGH "HIGH"
-#define SSL_TXT_FIPS "FIPS"
-#define SSL_TXT_kFZA "kFZA"
-#define SSL_TXT_aFZA "aFZA"
-#define SSL_TXT_eFZA "eFZA"
-#define SSL_TXT_FZA "FZA"
-
-#define SSL_TXT_aNULL "aNULL"
-#define SSL_TXT_eNULL "eNULL"
-#define SSL_TXT_NULL "NULL"
-
-#define SSL_TXT_kKRB5 "kKRB5"
-#define SSL_TXT_aKRB5 "aKRB5"
-#define SSL_TXT_KRB5 "KRB5"
-
-#define SSL_TXT_kRSA "kRSA"
-#define SSL_TXT_kDHr "kDHr"
-#define SSL_TXT_kDHd "kDHd"
-#define SSL_TXT_kEDH "kEDH"
-#define SSL_TXT_aRSA "aRSA"
-#define SSL_TXT_aDSS "aDSS"
-#define SSL_TXT_aDH "aDH"
-#define SSL_TXT_DSS "DSS"
-#define SSL_TXT_DH "DH"
-#define SSL_TXT_EDH "EDH"
-#define SSL_TXT_ADH "ADH"
-#define SSL_TXT_RSA "RSA"
-#define SSL_TXT_DES "DES"
-#define SSL_TXT_3DES "3DES"
-#define SSL_TXT_RC4 "RC4"
-#define SSL_TXT_RC2 "RC2"
-#define SSL_TXT_IDEA "IDEA"
-#define SSL_TXT_SEED "SEED"
-#define SSL_TXT_AES "AES"
-#define SSL_TXT_CAMELLIA "CAMELLIA"
-#define SSL_TXT_MD5 "MD5"
-#define SSL_TXT_SHA1 "SHA1"
-#define SSL_TXT_SHA "SHA"
-#define SSL_TXT_EXP "EXP"
-#define SSL_TXT_EXPORT "EXPORT"
-#define SSL_TXT_EXP40 "EXPORT40"
-#define SSL_TXT_EXP56 "EXPORT56"
-#define SSL_TXT_SSLV2 "SSLv2"
-#define SSL_TXT_SSLV3 "SSLv3"
-#define SSL_TXT_TLSV1 "TLSv1"
-#define SSL_TXT_ALL "ALL"
-#define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */
-
-/*
- * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
- * ciphers normally not being used.
- * Example: "RC4" will activate all ciphers using RC4 including ciphers
- * without authentication, which would normally disabled by DEFAULT (due
- * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
- * will make sure that it is also disabled in the specific selection.
- * COMPLEMENTOF* identifiers are portable between version, as adjustments
- * to the default cipher setup will also be included here.
- *
- * COMPLEMENTOFDEFAULT does not experience the same special treatment that
- * DEFAULT gets, as only selection is being done and no sorting as needed
- * for DEFAULT.
- */
-#define SSL_TXT_CMPALL "COMPLEMENTOFALL"
-#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT"
-
-/* The following cipher list is used by default.
- * It also is substituted when an application-defined cipher list string
- * starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */
-
-/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
-#define SSL_SENT_SHUTDOWN 1
-#define SSL_RECEIVED_SHUTDOWN 2
-
-#ifdef __cplusplus
-}
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
-#define OPENSSL_NO_SSL2
-#endif
-
-#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
-#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
-
-/* This is needed to stop compilers complaining about the
- * 'struct ssl_st *' function parameters used to prototype callbacks
- * in SSL_CTX. */
-typedef struct ssl_st *ssl_crock_st;
-
-/* used to hold info on the particular ciphers used */
-typedef struct ssl_cipher_st
- {
- int valid;
- const char *name; /* text name */
- unsigned long id; /* id, 4 bytes, first is version */
- unsigned long algorithms; /* what ciphers are used */
- unsigned long algo_strength; /* strength and export flags */
- unsigned long algorithm2; /* Extra flags */
- int strength_bits; /* Number of bits really used */
- int alg_bits; /* Number of bits for algorithm */
- unsigned long mask; /* used for matching */
- unsigned long mask_strength; /* also used for matching */
- } SSL_CIPHER;
-
-DECLARE_STACK_OF(SSL_CIPHER)
-
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-typedef struct ssl_method_st
- {
- int version;
- int (*ssl_new)(SSL *s);
- void (*ssl_clear)(SSL *s);
- void (*ssl_free)(SSL *s);
- int (*ssl_accept)(SSL *s);
- int (*ssl_connect)(SSL *s);
- int (*ssl_read)(SSL *s,void *buf,int len);
- int (*ssl_peek)(SSL *s,void *buf,int len);
- int (*ssl_write)(SSL *s,const void *buf,int len);
- int (*ssl_shutdown)(SSL *s);
- int (*ssl_renegotiate)(SSL *s);
- int (*ssl_renegotiate_check)(SSL *s);
- long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
- max, int *ok);
- int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,
- int peek);
- int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
- int (*ssl_dispatch_alert)(SSL *s);
- long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
- long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
- SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
- int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
- int (*ssl_pending)(const SSL *s);
- int (*num_ciphers)(void);
- SSL_CIPHER *(*get_cipher)(unsigned ncipher);
- struct ssl_method_st *(*get_ssl_method)(int version);
- long (*get_timeout)(void);
- struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
- int (*ssl_version)(void);
- long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
- long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
- } SSL_METHOD;
-
-/* Lets make this into an ASN.1 type structure as follows
- * SSL_SESSION_ID ::= SEQUENCE {
- * version INTEGER, -- structure version number
- * SSLversion INTEGER, -- SSL version number
- * Cipher OCTET_STRING, -- the 3 byte cipher ID
- * Session_ID OCTET_STRING, -- the Session ID
- * Master_key OCTET_STRING, -- the master key
- * KRB5_principal OCTET_STRING -- optional Kerberos principal
- * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument
- * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
- * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
- * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
- * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context
- * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer'
- * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX
- * }
- * Look in ssl/ssl_asn1.c for more details
- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
- */
-typedef struct ssl_session_st
- {
- int ssl_version; /* what ssl version session info is
- * being kept in here? */
-
- /* only really used in SSLv2 */
- unsigned int key_arg_length;
- unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
- int master_key_length;
- unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
- /* session_id - valid? */
- unsigned int session_id_length;
- unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
- /* this is used to determine whether the session is being reused in
- * the appropriate context. It is up to the application to set this,
- * via SSL_new */
- unsigned int sid_ctx_length;
- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
-#ifndef OPENSSL_NO_KRB5
- unsigned int krb5_client_princ_len;
- unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
-#endif /* OPENSSL_NO_KRB5 */
-
- int not_resumable;
-
- /* The cert is the certificate used to establish this connection */
- struct sess_cert_st /* SESS_CERT */ *sess_cert;
-
- /* This is the cert for the other end.
- * On clients, it will be the same as sess_cert->peer_key->x509
- * (the latter is not enough as sess_cert is not retained
- * in the external representation of sessions, see ssl_asn1.c). */
- X509 *peer;
- /* when app_verify_callback accepts a session where the peer's certificate
- * is not ok, we must remember the error for session reuse: */
- long verify_result; /* only for servers */
-
- int references;
- long timeout;
- long time;
-
- int compress_meth; /* Need to lookup the method */
-
- SSL_CIPHER *cipher;
- unsigned long cipher_id; /* when ASN.1 loaded, this
- * needs to be used to load
- * the 'cipher' structure */
-
- STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
-
- CRYPTO_EX_DATA ex_data; /* application specific data */
-
- /* These are used to make removal of session-ids more
- * efficient and to implement a maximum cache size. */
- struct ssl_session_st *prev,*next;
-#ifndef OPENSSL_NO_TLSEXT
- char *tlsext_hostname;
- /* RFC4507 info */
- unsigned char *tlsext_tick; /* Session ticket */
- size_t tlsext_ticklen; /* Session ticket length */
- long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
-#endif
- } SSL_SESSION;
-
-
-#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
-#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
-/* Allow initial connection to servers that don't support RI */
-#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
-#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
-#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
-#define SSL_OP_TLS_D5_BUG 0x00000100L
-#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
-
-/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
-
-/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
- * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
- * the workaround is not needed. Unfortunately some broken SSL/TLS
- * implementations cannot handle it at all, which is why we include
- * it in SSL_OP_ALL. */
-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */
-
-/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
- * This used to be 0x000FFFFFL before 0.9.7. */
-#define SSL_OP_ALL 0x00000FFFL
-
-/* DTLS options */
-#define SSL_OP_NO_QUERY_MTU 0x00001000L
-/* Turn on Cookie Exchange (on relevant for servers) */
-#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
-/* Don't use RFC4507 ticket extension */
-#define SSL_OP_NO_TICKET 0x00004000L
-/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
-#define SSL_OP_CISCO_ANYCONNECT 0x00008000L
-
-/* As server, disallow session resumption on renegotiation */
-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
-/* Permit unsafe legacy renegotiation */
-#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
-/* If set, always create a new key when using tmp_ecdh parameters */
-#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
-/* If set, always create a new key when using tmp_dh parameters */
-#define SSL_OP_SINGLE_DH_USE 0x00100000L
-/* Set to always use the tmp_rsa key when doing RSA operations,
- * even when this violates protocol specs */
-#define SSL_OP_EPHEMERAL_RSA 0x00200000L
-/* Set on servers to choose the cipher according to the server's
- * preferences */
-#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
-/* If set, a server will allow a client to issue a SSLv3.0 version number
- * as latest version supported in the premaster secret, even when TLSv1.0
- * (version 3.1) was announced in the client hello. Normally this is
- * forbidden to prevent version rollback attacks. */
-#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
-
-#define SSL_OP_NO_SSLv2 0x01000000L
-#define SSL_OP_NO_SSLv3 0x02000000L
-#define SSL_OP_NO_TLSv1 0x04000000L
-
-/* The next flag deliberately changes the ciphertest, this is a check
- * for the PKCS#1 attack */
-#define SSL_OP_PKCS1_CHECK_1 0x08000000L
-#define SSL_OP_PKCS1_CHECK_2 0x10000000L
-#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
-
-
-/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
- * when just a single record has been written): */
-#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
-/* Make it possible to retry SSL_write() with changed buffer location
- * (buffer contents must stay the same!); this is not the default to avoid
- * the misconception that non-blocking SSL_write() behaves like
- * non-blocking write(): */
-#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
-/* Never bother the application with retries if the transport
- * is blocking: */
-#define SSL_MODE_AUTO_RETRY 0x00000004L
-/* Don't attempt to automatically build certificate chain */
-#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
-/* Send TLS_FALLBACK_SCSV in the ClientHello.
- * To be set by applications that reconnect with a downgraded protocol
- * version; see draft-ietf-tls-downgrade-scsv-00 for details. */
-#define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
-
-
-/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
- * they cannot be used to clear bits. */
-
-#define SSL_CTX_set_options(ctx,op) \
- SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
-#define SSL_CTX_clear_options(ctx,op) \
- SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
-#define SSL_CTX_get_options(ctx) \
- SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
-#define SSL_set_options(ssl,op) \
- SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
-#define SSL_clear_options(ssl,op) \
- SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
-#define SSL_get_options(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
-
-#define SSL_CTX_set_mode(ctx,op) \
- SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
-#define SSL_CTX_clear_mode(ctx,op) \
- SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
-#define SSL_CTX_get_mode(ctx) \
- SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
-#define SSL_clear_mode(ssl,op) \
- SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
-#define SSL_set_mode(ssl,op) \
- SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
-#define SSL_get_mode(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
-#define SSL_set_mtu(ssl, mtu) \
- SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
-
-#define SSL_get_secure_renegotiation_support(ssl) \
- SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-
-
-
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
-#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
-#else
-#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
-#endif
-
-#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
-
-/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
- * them. It is used to override the generation of SSL/TLS session IDs in a
- * server. Return value should be zero on an error, non-zero to proceed. Also,
- * callbacks should themselves check if the id they generate is unique otherwise
- * the SSL handshake will fail with an error - callbacks can do this using the
- * 'ssl' value they're passed by;
- * SSL_has_matching_session_id(ssl, id, *id_len)
- * The length value passed in is set at the maximum size the session ID can be.
- * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
- * can alter this length to be less if desired, but under SSLv2 session IDs are
- * supposed to be fixed at 16 bytes so the id will be padded after the callback
- * returns in this case. It is also an error for the callback to set the size to
- * zero. */
-typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
- unsigned int *id_len);
-
-typedef struct ssl_comp_st
- {
- int id;
- const char *name;
-#ifndef OPENSSL_NO_COMP
- COMP_METHOD *method;
-#else
- char *method;
-#endif
- } SSL_COMP;
-
-DECLARE_STACK_OF(SSL_COMP)
-
-struct ssl_ctx_st
- {
- SSL_METHOD *method;
-
- STACK_OF(SSL_CIPHER) *cipher_list;
- /* same as above but sorted for lookup */
- STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-
- struct x509_store_st /* X509_STORE */ *cert_store;
- struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */
- /* Most session-ids that will be cached, default is
- * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
- unsigned long session_cache_size;
- struct ssl_session_st *session_cache_head;
- struct ssl_session_st *session_cache_tail;
-
- /* This can have one of 2 values, ored together,
- * SSL_SESS_CACHE_CLIENT,
- * SSL_SESS_CACHE_SERVER,
- * Default is SSL_SESSION_CACHE_SERVER, which means only
- * SSL_accept which cache SSL_SESSIONS. */
- int session_cache_mode;
-
- /* If timeout is not 0, it is the default timeout value set
- * when SSL_new() is called. This has been put in to make
- * life easier to set things up */
- long session_timeout;
-
- /* If this callback is not null, it will be called each
- * time a session id is added to the cache. If this function
- * returns 1, it means that the callback will do a
- * SSL_SESSION_free() when it has finished using it. Otherwise,
- * on 0, it means the callback has finished with it.
- * If remove_session_cb is not null, it will be called when
- * a session-id is removed from the cache. After the call,
- * OpenSSL will SSL_SESSION_free() it. */
- int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
- void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
- SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
- unsigned char *data,int len,int *copy);
-
- struct
- {
- int sess_connect; /* SSL new conn - started */
- int sess_connect_renegotiate;/* SSL reneg - requested */
- int sess_connect_good; /* SSL new conne/reneg - finished */
- int sess_accept; /* SSL new accept - started */
- int sess_accept_renegotiate;/* SSL reneg - requested */
- int sess_accept_good; /* SSL accept/reneg - finished */
- int sess_miss; /* session lookup misses */
- int sess_timeout; /* reuse attempt on timeouted session */
- int sess_cache_full; /* session removed due to full cache */
- int sess_hit; /* session reuse actually done */
- int sess_cb_hit; /* session-id that was not
- * in the cache was
- * passed back via the callback. This
- * indicates that the application is
- * supplying session-id's from other
- * processes - spooky :-) */
- } stats;
-
- int references;
-
- /* if defined, these override the X509_verify_cert() calls */
- int (*app_verify_callback)(X509_STORE_CTX *, void *);
- void *app_verify_arg;
- /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
- * ('app_verify_callback' was called with just one argument) */
-
- /* Default password callback. */
- pem_password_cb *default_passwd_callback;
-
- /* Default password callback user data. */
- void *default_passwd_callback_userdata;
-
- /* get client cert callback */
- int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-
- /* cookie generate callback */
- int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
- unsigned int *cookie_len);
-
- /* verify cookie callback */
- int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
- unsigned int cookie_len);
-
- CRYPTO_EX_DATA ex_data;
-
- const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
- const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
- const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
-
- STACK_OF(X509) *extra_certs;
- STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
-
-
- /* Default values used when no per-SSL value is defined follow */
-
- void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
-
- /* what we put in client cert requests */
- STACK_OF(X509_NAME) *client_CA;
-
-
- /* Default values to use in SSL structures follow (these are copied by SSL_new) */
-
- unsigned long options;
- unsigned long mode;
- long max_cert_list;
-
- struct cert_st /* CERT */ *cert;
- int read_ahead;
-
- /* callback that allows applications to peek at protocol messages */
- void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
- void *msg_callback_arg;
-
- int verify_mode;
- unsigned int sid_ctx_length;
- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
- int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
-
- /* Default generate session ID callback. */
- GEN_SESSION_CB generate_session_id;
-
- X509_VERIFY_PARAM *param;
-
-#if 0
- int purpose; /* Purpose setting */
- int trust; /* Trust setting */
-#endif
-
- int quiet_shutdown;
-
-#ifndef OPENSSL_ENGINE
- /* Engine to pass requests for client certs to
- */
- ENGINE *client_cert_engine;
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
- /* TLS extensions servername callback */
- int (*tlsext_servername_callback)(SSL*, int *, void *);
- void *tlsext_servername_arg;
- /* RFC 4507 session ticket keys */
- unsigned char tlsext_tick_key_name[16];
- unsigned char tlsext_tick_hmac_key[16];
- unsigned char tlsext_tick_aes_key[16];
- /* Callback to support customisation of ticket key setting */
- int (*tlsext_ticket_key_cb)(SSL *ssl,
- unsigned char *name, unsigned char *iv,
- EVP_CIPHER_CTX *ectx,
- HMAC_CTX *hctx, int enc);
-
- /* certificate status request info */
- /* Callback for status request */
- int (*tlsext_status_cb)(SSL *ssl, void *arg);
- void *tlsext_status_arg;
-#endif
-
- };
-
-#define SSL_SESS_CACHE_OFF 0x0000
-#define SSL_SESS_CACHE_CLIENT 0x0001
-#define SSL_SESS_CACHE_SERVER 0x0002
-#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
-#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
-/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
-#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
-#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
-#define SSL_SESS_CACHE_NO_INTERNAL \
- (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
-
- struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
-#define SSL_CTX_sess_number(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
-#define SSL_CTX_sess_connect(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
-#define SSL_CTX_sess_connect_good(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
-#define SSL_CTX_sess_connect_renegotiate(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
-#define SSL_CTX_sess_accept_renegotiate(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept_good(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
-#define SSL_CTX_sess_hits(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
-#define SSL_CTX_sess_cb_hits(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
-#define SSL_CTX_sess_misses(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
-#define SSL_CTX_sess_timeouts(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
-#define SSL_CTX_sess_cache_full(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
-void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-#ifndef OPENSSL_NO_ENGINE
-int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
-#endif
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
-
-#define SSL_NOTHING 1
-#define SSL_WRITING 2
-#define SSL_READING 3
-#define SSL_X509_LOOKUP 4
-
-/* These will only be used when doing non-blocking IO */
-#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
-#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
-#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
-#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
-
-struct ssl_st
- {
- /* protocol version
- * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
- */
- int version;
- int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
-
- SSL_METHOD *method; /* SSLv3 */
-
- /* There are 2 BIO's even though they are normally both the
- * same. This is so data can be read and written to different
- * handlers */
-
-#ifndef OPENSSL_NO_BIO
- BIO *rbio; /* used by SSL_read */
- BIO *wbio; /* used by SSL_write */
- BIO *bbio; /* used during session-id reuse to concatenate
- * messages */
-#else
- char *rbio; /* used by SSL_read */
- char *wbio; /* used by SSL_write */
- char *bbio;
-#endif
- /* This holds a variable that indicates what we were doing
- * when a 0 or -1 is returned. This is needed for
- * non-blocking IO so we know what request needs re-doing when
- * in SSL_accept or SSL_connect */
- int rwstate;
-
- /* true when we are actually in SSL_accept() or SSL_connect() */
- int in_handshake;
- int (*handshake_func)(SSL *);
-
- /* Imagine that here's a boolean member "init" that is
- * switched as soon as SSL_set_{accept/connect}_state
- * is called for the first time, so that "state" and
- * "handshake_func" are properly initialized. But as
- * handshake_func is == 0 until then, we use this
- * test instead of an "init" member.
- */
-
- int server; /* are we the server side? - mostly used by SSL_clear*/
-
- int new_session;/* 1 if we are to use a new session.
- * 2 if we are a server and are inside a handshake
- * (i.e. not just sending a HelloRequest)
- * NB: For servers, the 'new' session may actually be a previously
- * cached session or even the previous session unless
- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
- int quiet_shutdown;/* don't send shutdown packets */
- int shutdown; /* we have shut things down, 0x01 sent, 0x02
- * for received */
- int state; /* where we are */
- int rstate; /* where we are when reading */
-
- BUF_MEM *init_buf; /* buffer used during init */
- void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
- int init_num; /* amount read/written */
- int init_off; /* amount read/written */
-
- /* used internally to point at a raw packet */
- unsigned char *packet;
- unsigned int packet_length;
-
- struct ssl2_state_st *s2; /* SSLv2 variables */
- struct ssl3_state_st *s3; /* SSLv3 variables */
- struct dtls1_state_st *d1; /* DTLSv1 variables */
-
- int read_ahead; /* Read as many input bytes as possible
- * (for non-blocking reads) */
-
- /* callback that allows applications to peek at protocol messages */
- void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
- void *msg_callback_arg;
-
- int hit; /* reusing a previous session */
-
- X509_VERIFY_PARAM *param;
-
-#if 0
- int purpose; /* Purpose setting */
- int trust; /* Trust setting */
-#endif
-
- /* crypto */
- STACK_OF(SSL_CIPHER) *cipher_list;
- STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-
- /* These are the ones being used, the ones in SSL_SESSION are
- * the ones to be 'copied' into these ones */
-
- EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
- const EVP_MD *read_hash; /* used for mac generation */
-#ifndef OPENSSL_NO_COMP
- COMP_CTX *expand; /* uncompress */
-#else
- char *expand;
-#endif
-
- EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
- const EVP_MD *write_hash; /* used for mac generation */
-#ifndef OPENSSL_NO_COMP
- COMP_CTX *compress; /* compression */
-#else
- char *compress;
-#endif
-
- /* session info */
-
- /* client cert? */
- /* This is used to hold the server certificate used */
- struct cert_st /* CERT */ *cert;
-
- /* the session_id_context is used to ensure sessions are only reused
- * in the appropriate context */
- unsigned int sid_ctx_length;
- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
- /* This can also be in the session once a session is established */
- SSL_SESSION *session;
-
- /* Default generate session ID callback. */
- GEN_SESSION_CB generate_session_id;
-
- /* Used in SSL2 and SSL3 */
- int verify_mode; /* 0 don't care about verify failure.
- * 1 fail if verify fails */
- int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
-
- void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
-
- int error; /* error bytes to be written */
- int error_code; /* actual code */
-
-#ifndef OPENSSL_NO_KRB5
- KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
-#endif /* OPENSSL_NO_KRB5 */
-
- SSL_CTX *ctx;
- /* set this flag to 1 and a sleep(1) is put into all SSL_read()
- * and SSL_write() calls, good for nbio debuging :-) */
- int debug;
-
- /* extra application data */
- long verify_result;
- CRYPTO_EX_DATA ex_data;
-
- /* for server side, keep the list of CA_dn we can use */
- STACK_OF(X509_NAME) *client_CA;
-
- int references;
- unsigned long options; /* protocol behaviour */
- unsigned long mode; /* API behaviour */
- long max_cert_list;
- int first_packet;
- int client_version; /* what was passed, used for
- * SSLv3/TLS rollback check */
-#ifndef OPENSSL_NO_TLSEXT
- /* TLS extension debug callback */
- void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
- unsigned char *data, int len,
- void *arg);
- void *tlsext_debug_arg;
- char *tlsext_hostname;
- int servername_done; /* no further mod of servername
- 0 : call the servername extension callback.
- 1 : prepare 2, allow last ack just after in server callback.
- 2 : don't call servername callback, no ack in server hello
- */
- /* certificate status request info */
- /* Status type or -1 if no status type */
- int tlsext_status_type;
- /* Expect OCSP CertificateStatus message */
- int tlsext_status_expected;
- /* OCSP status request only */
- STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
- X509_EXTENSIONS *tlsext_ocsp_exts;
- /* OCSP response received or to be sent */
- unsigned char *tlsext_ocsp_resp;
- int tlsext_ocsp_resplen;
-
- /* RFC4507 session ticket expected to be received or sent */
- int tlsext_ticket_expected;
- SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
-#define session_ctx initial_ctx
-#else
-#define session_ctx ctx
-#endif
- };
-
-#ifdef __cplusplus
-}
-#endif
-
-#include <openssl/ssl2.h>
-#include <openssl/ssl3.h>
-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
-#include <openssl/dtls1.h> /* Datagram TLS */
-#include <openssl/ssl23.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* compatibility */
-#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
-#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
-#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
-#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
-#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
-#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
-
-/* The following are the possible values for ssl->state are are
- * used to indicate where we are up to in the SSL connection establishment.
- * The macros that follow are about the only things you should need to use
- * and even then, only when using non-blocking IO.
- * It can also be useful to work out where you were when the connection
- * failed */
-
-#define SSL_ST_CONNECT 0x1000
-#define SSL_ST_ACCEPT 0x2000
-#define SSL_ST_MASK 0x0FFF
-#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
-#define SSL_ST_BEFORE 0x4000
-#define SSL_ST_OK 0x03
-#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
-
-#define SSL_CB_LOOP 0x01
-#define SSL_CB_EXIT 0x02
-#define SSL_CB_READ 0x04
-#define SSL_CB_WRITE 0x08
-#define SSL_CB_ALERT 0x4000 /* used in callback */
-#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
-#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
-#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
-#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
-#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
-#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
-#define SSL_CB_HANDSHAKE_START 0x10
-#define SSL_CB_HANDSHAKE_DONE 0x20
-
-/* Is the SSL_connection established? */
-#define SSL_get_state(a) SSL_state(a)
-#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
-#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
-#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
-#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
-#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
-
-/* The following 2 states are kept in ssl->rstate when reads fail,
- * you should not need these */
-#define SSL_ST_READ_HEADER 0xF0
-#define SSL_ST_READ_BODY 0xF1
-#define SSL_ST_READ_DONE 0xF2
-
-/* Obtain latest Finished message
- * -- that we sent (SSL_get_finished)
- * -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
-
-/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
- * are 'ored' with SSL_VERIFY_PEER if they are desired */
-#define SSL_VERIFY_NONE 0x00
-#define SSL_VERIFY_PEER 0x01
-#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
-#define SSL_VERIFY_CLIENT_ONCE 0x04
-
-#define OpenSSL_add_ssl_algorithms() SSL_library_init()
-#define SSLeay_add_ssl_algorithms() SSL_library_init()
-
-/* this is for backward compatibility */
-#if 0 /* NEW_SSLEAY */
-#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
-#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
-#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
-#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
-#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
-#endif
-/* More backward compatibility */
-#define SSL_get_cipher(s) \
- SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_cipher_bits(s,np) \
- SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
-#define SSL_get_cipher_version(s) \
- SSL_CIPHER_get_version(SSL_get_current_cipher(s))
-#define SSL_get_cipher_name(s) \
- SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_time(a) SSL_SESSION_get_time(a)
-#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
-#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
-#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
-
-#if 1 /*SSLEAY_MACROS*/
-#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
-#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
- (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
-#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)
-#define PEM_write_SSL_SESSION(fp,x) \
- PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
- PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_SSL_SESSION(bp,x) \
- PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)
-#endif
-
-#define SSL_AD_REASON_OFFSET 1000
-/* These alert types are for SSLv3 and TLSv1 */
-#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
-#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
-#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
-#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
-#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
-#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
-#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
-#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
-#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
-#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
-#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
-#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
-#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
-#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
-#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
-#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
-#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
-#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
-#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
-#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
-#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
-#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
-#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
-#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
-#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
-#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
-#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
-#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
-#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
-#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
-#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
-
-#define SSL_ERROR_NONE 0
-#define SSL_ERROR_SSL 1
-#define SSL_ERROR_WANT_READ 2
-#define SSL_ERROR_WANT_WRITE 3
-#define SSL_ERROR_WANT_X509_LOOKUP 4
-#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
-#define SSL_ERROR_ZERO_RETURN 6
-#define SSL_ERROR_WANT_CONNECT 7
-#define SSL_ERROR_WANT_ACCEPT 8
-
-#define SSL_CTRL_NEED_TMP_RSA 1
-#define SSL_CTRL_SET_TMP_RSA 2
-#define SSL_CTRL_SET_TMP_DH 3
-#define SSL_CTRL_SET_TMP_ECDH 4
-#define SSL_CTRL_SET_TMP_RSA_CB 5
-#define SSL_CTRL_SET_TMP_DH_CB 6
-#define SSL_CTRL_SET_TMP_ECDH_CB 7
-
-#define SSL_CTRL_GET_SESSION_REUSED 8
-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
-#define SSL_CTRL_GET_FLAGS 13
-#define SSL_CTRL_EXTRA_CHAIN_CERT 14
-
-#define SSL_CTRL_SET_MSG_CALLBACK 15
-#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
-
-/* only applies to datagram connections */
-#define SSL_CTRL_SET_MTU 17
-/* Stats */
-#define SSL_CTRL_SESS_NUMBER 20
-#define SSL_CTRL_SESS_CONNECT 21
-#define SSL_CTRL_SESS_CONNECT_GOOD 22
-#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
-#define SSL_CTRL_SESS_ACCEPT 24
-#define SSL_CTRL_SESS_ACCEPT_GOOD 25
-#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
-#define SSL_CTRL_SESS_HIT 27
-#define SSL_CTRL_SESS_CB_HIT 28
-#define SSL_CTRL_SESS_MISSES 29
-#define SSL_CTRL_SESS_TIMEOUTS 30
-#define SSL_CTRL_SESS_CACHE_FULL 31
-#define SSL_CTRL_OPTIONS 32
-#define SSL_CTRL_MODE 33
-
-#define SSL_CTRL_GET_READ_AHEAD 40
-#define SSL_CTRL_SET_READ_AHEAD 41
-#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
-#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
-#define SSL_CTRL_SET_SESS_CACHE_MODE 44
-#define SSL_CTRL_GET_SESS_CACHE_MODE 45
-
-#define SSL_CTRL_GET_MAX_CERT_LIST 50
-#define SSL_CTRL_SET_MAX_CERT_LIST 51
-
-/* see tls1.h for macros based on these */
-#ifndef OPENSSL_NO_TLSEXT
-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
-#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
-#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
-#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
-#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
-#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
-
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
-
-#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
-#endif
-
-#define DTLS_CTRL_GET_TIMEOUT 73
-#define DTLS_CTRL_HANDLE_TIMEOUT 74
-#define DTLS_CTRL_LISTEN 75
-
-#define SSL_CTRL_GET_RI_SUPPORT 76
-#define SSL_CTRL_CLEAR_OPTIONS 77
-#define SSL_CTRL_CLEAR_MODE 78
-
-#define SSL_CTRL_CHECK_PROTO_VERSION 119
-
-#define DTLSv1_get_timeout(ssl, arg) \
- SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
-#define DTLSv1_handle_timeout(ssl) \
- SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
-#define DTLSv1_listen(ssl, peer) \
- SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
-
-#define SSL_session_reused(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
-#define SSL_num_renegotiations(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_clear_num_renegotiations(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_total_renegotiations(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
-
-#define SSL_CTX_need_tmp_RSA(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_CTX_set_tmp_dh(ctx,dh) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-
-#define SSL_need_tmp_RSA(ssl) \
- SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_set_tmp_rsa(ssl,rsa) \
- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_set_tmp_dh(ssl,dh) \
- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-#define SSL_set_tmp_ecdh(ssl,ecdh) \
- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-
-#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
-
-#ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to,BIO *from);
-void BIO_ssl_shutdown(BIO *ssl_bio);
-
-#endif
-
-int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
-void SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
-long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
-int SSL_want(const SSL *s);
-int SSL_clear(SSL *s);
-
-void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
-
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
-char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
-const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
-
-int SSL_get_fd(const SSL *s);
-int SSL_get_rfd(const SSL *s);
-int SSL_get_wfd(const SSL *s);
-const char * SSL_get_cipher_list(const SSL *s,int n);
-char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
-int SSL_get_read_ahead(const SSL * s);
-int SSL_pending(const SSL *s);
-#ifndef OPENSSL_NO_SOCK
-int SSL_set_fd(SSL *s, int fd);
-int SSL_set_rfd(SSL *s, int fd);
-int SSL_set_wfd(SSL *s, int fd);
-#endif
-#ifndef OPENSSL_NO_BIO
-void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
-BIO * SSL_get_rbio(const SSL *s);
-BIO * SSL_get_wbio(const SSL *s);
-#endif
-int SSL_set_cipher_list(SSL *s, const char *str);
-void SSL_set_read_ahead(SSL *s, int yes);
-int SSL_get_verify_mode(const SSL *s);
-int SSL_get_verify_depth(const SSL *s);
-int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
-void SSL_set_verify(SSL *s, int mode,
- int (*callback)(int ok,X509_STORE_CTX *ctx));
-void SSL_set_verify_depth(SSL *s, int depth);
-#ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-#endif
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
-int SSL_use_certificate(SSL *ssl, X509 *x);
-int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
- const char *file);
-#ifndef OPENSSL_SYS_VMS
-#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
- const char *dir);
-#endif
-#endif
-
-#endif
-
-void SSL_load_error_strings(void );
-const char *SSL_state_string(const SSL *s);
-const char *SSL_rstate_string(const SSL *s);
-const char *SSL_state_string_long(const SSL *s);
-const char *SSL_rstate_string_long(const SSL *s);
-long SSL_SESSION_get_time(const SSL_SESSION *s);
-long SSL_SESSION_set_time(SSL_SESSION *s, long t);
-long SSL_SESSION_get_timeout(const SSL_SESSION *s);
-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void SSL_copy_session_id(SSL *to,const SSL *from);
-
-SSL_SESSION *SSL_SESSION_new(void);
-unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
-#ifndef OPENSSL_NO_FP_API
-int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
-#endif
-#ifndef OPENSSL_NO_BIO
-int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
-#endif
-void SSL_SESSION_free(SSL_SESSION *ses);
-int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
-int SSL_set_session(SSL *to, SSL_SESSION *session);
-int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
-int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
-int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
- unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
- long length);
-
-#ifdef HEADER_X509_H
-X509 * SSL_get_peer_certificate(const SSL *s);
-#endif
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
- int (*callback)(int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-#endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
- const unsigned char *d, long len);
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
-
-int SSL_CTX_check_private_key(const SSL_CTX *ctx);
-int SSL_check_private_key(const SSL *ctx);
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
- unsigned int sid_ctx_len);
-
-SSL * SSL_new(SSL_CTX *ctx);
-int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
- unsigned int sid_ctx_len);
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
-int SSL_set_purpose(SSL *s, int purpose);
-int SSL_CTX_set_trust(SSL_CTX *s, int trust);
-int SSL_set_trust(SSL *s, int trust);
-
-void SSL_free(SSL *ssl);
-int SSL_accept(SSL *ssl);
-int SSL_connect(SSL *ssl);
-int SSL_read(SSL *ssl,void *buf,int num);
-int SSL_peek(SSL *ssl,void *buf,int num);
-int SSL_write(SSL *ssl,const void *buf,int num);
-long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
-long SSL_callback_ctrl(SSL *, int, void (*)(void));
-long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
-long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
-
-int SSL_get_error(const SSL *s,int ret_code);
-const char *SSL_get_version(const SSL *s);
-
-/* This sets the 'default' SSL version that SSL_new() will create */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
-
-SSL_METHOD *SSLv2_method(void); /* SSLv2 */
-SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
-SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
-
-SSL_METHOD *SSLv3_method(void); /* SSLv3 */
-SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
-SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
-
-SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
-SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
-SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
-
-SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
-SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
-SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
-
-SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
-SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
-SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
-
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
-
-int SSL_do_handshake(SSL *s);
-int SSL_renegotiate(SSL *s);
-int SSL_renegotiate_pending(SSL *s);
-int SSL_shutdown(SSL *s);
-
-SSL_METHOD *SSL_get_ssl_method(SSL *s);
-int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
-const char *SSL_alert_type_string_long(int value);
-const char *SSL_alert_type_string(int value);
-const char *SSL_alert_desc_string_long(int value);
-const char *SSL_alert_desc_string(int value);
-
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl,X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
-
-void SSL_set_connect_state(SSL *s);
-void SSL_set_accept_state(SSL *s);
-
-long SSL_get_default_timeout(const SSL *s);
-
-int SSL_library_init(void );
-
-char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
-
-SSL *SSL_dup(SSL *ssl);
-
-X509 *SSL_get_certificate(const SSL *ssl);
-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
-void SSL_set_quiet_shutdown(SSL *ssl,int mode);
-int SSL_get_quiet_shutdown(const SSL *ssl);
-void SSL_set_shutdown(SSL *ssl,int mode);
-int SSL_get_shutdown(const SSL *ssl);
-int SSL_version(const SSL *ssl);
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
- const char *CApath);
-#define SSL_get0_session SSL_get_session /* just peek at pointer */
-SSL_SESSION *SSL_get_session(const SSL *ssl);
-SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
-void SSL_set_info_callback(SSL *ssl,
- void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
-int SSL_state(const SSL *ssl);
-
-void SSL_set_verify_result(SSL *ssl,long v);
-long SSL_get_verify_result(const SSL *ssl);
-
-int SSL_set_ex_data(SSL *ssl,int idx,void *data);
-void *SSL_get_ex_data(const SSL *ssl,int idx);
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void );
-
-#define SSL_CTX_sess_set_cache_size(ctx,t) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
-#define SSL_CTX_sess_get_cache_size(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
-#define SSL_CTX_set_session_cache_mode(ctx,m) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
-#define SSL_CTX_get_session_cache_mode(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
-
-#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
-#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
-#define SSL_CTX_get_read_ahead(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
-#define SSL_CTX_set_read_ahead(ctx,m) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
-#define SSL_CTX_get_max_cert_list(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-#define SSL_CTX_set_max_cert_list(ctx,m) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-#define SSL_get_max_cert_list(ssl) \
- SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-#define SSL_set_max_cert_list(ssl,m) \
- SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-
- /* NB: the keylength is only applicable when is_export is true */
-#ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
- RSA *(*cb)(SSL *ssl,int is_export,
- int keylength));
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,
- RSA *(*cb)(SSL *ssl,int is_export,
- int keylength));
-#endif
-#ifndef OPENSSL_NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
- DH *(*dh)(SSL *ssl,int is_export,
- int keylength));
-void SSL_set_tmp_dh_callback(SSL *ssl,
- DH *(*dh)(SSL *ssl,int is_export,
- int keylength));
-#endif
-#ifndef OPENSSL_NO_ECDH
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
- EC_KEY *(*ecdh)(SSL *ssl,int is_export,
- int keylength));
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
- EC_KEY *(*ecdh)(SSL *ssl,int is_export,
- int keylength));
-#endif
-
-#ifndef OPENSSL_NO_COMP
-const COMP_METHOD *SSL_get_current_compression(SSL *s);
-const COMP_METHOD *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const COMP_METHOD *comp);
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
-#else
-const void *SSL_get_current_compression(SSL *s);
-const void *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const void *comp);
-void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,void *cm);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_SSL_strings(void);
-
-/* Error codes for the SSL functions. */
-
-/* Function codes. */
-#define SSL_F_CLIENT_CERTIFICATE 100
-#define SSL_F_CLIENT_FINISHED 167
-#define SSL_F_CLIENT_HELLO 101
-#define SSL_F_CLIENT_MASTER_KEY 102
-#define SSL_F_D2I_SSL_SESSION 103
-#define SSL_F_DO_DTLS1_WRITE 245
-#define SSL_F_DO_SSL3_WRITE 104
-#define SSL_F_DTLS1_ACCEPT 246
-#define SSL_F_DTLS1_ADD_CERT_TO_BUF 280
-#define SSL_F_DTLS1_BUFFER_RECORD 247
-#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 293
-#define SSL_F_DTLS1_CLIENT_HELLO 248
-#define SSL_F_DTLS1_CONNECT 249
-#define SSL_F_DTLS1_ENC 250
-#define SSL_F_DTLS1_GET_HELLO_VERIFY 251
-#define SSL_F_DTLS1_GET_MESSAGE 252
-#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
-#define SSL_F_DTLS1_GET_RECORD 254
-#define SSL_F_DTLS1_HANDLE_TIMEOUT 282
-#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
-#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277
-#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
-#define SSL_F_DTLS1_PROCESS_RECORD 257
-#define SSL_F_DTLS1_READ_BYTES 258
-#define SSL_F_DTLS1_READ_FAILED 259
-#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
-#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
-#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
-#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
-#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
-#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265
-#define SSL_F_DTLS1_SEND_SERVER_HELLO 266
-#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
-#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
-#define SSL_F_GET_CLIENT_FINISHED 105
-#define SSL_F_GET_CLIENT_HELLO 106
-#define SSL_F_GET_CLIENT_MASTER_KEY 107
-#define SSL_F_GET_SERVER_FINISHED 108
-#define SSL_F_GET_SERVER_HELLO 109
-#define SSL_F_GET_SERVER_VERIFY 110
-#define SSL_F_I2D_SSL_SESSION 111
-#define SSL_F_READ_N 112
-#define SSL_F_REQUEST_CERTIFICATE 113
-#define SSL_F_SERVER_FINISH 239
-#define SSL_F_SERVER_HELLO 114
-#define SSL_F_SERVER_VERIFY 240
-#define SSL_F_SSL23_ACCEPT 115
-#define SSL_F_SSL23_CLIENT_HELLO 116
-#define SSL_F_SSL23_CONNECT 117
-#define SSL_F_SSL23_GET_CLIENT_HELLO 118
-#define SSL_F_SSL23_GET_SERVER_HELLO 119
-#define SSL_F_SSL23_PEEK 237
-#define SSL_F_SSL23_READ 120
-#define SSL_F_SSL23_WRITE 121
-#define SSL_F_SSL2_ACCEPT 122
-#define SSL_F_SSL2_CONNECT 123
-#define SSL_F_SSL2_ENC_INIT 124
-#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
-#define SSL_F_SSL2_PEEK 234
-#define SSL_F_SSL2_READ 125
-#define SSL_F_SSL2_READ_INTERNAL 236
-#define SSL_F_SSL2_SET_CERTIFICATE 126
-#define SSL_F_SSL2_WRITE 127
-#define SSL_F_SSL3_ACCEPT 128
-#define SSL_F_SSL3_ADD_CERT_TO_BUF 281
-#define SSL_F_SSL3_CALLBACK_CTRL 233
-#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
-#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
-#define SSL_F_SSL3_CHECK_CLIENT_HELLO 292
-#define SSL_F_SSL3_CLIENT_HELLO 131
-#define SSL_F_SSL3_CONNECT 132
-#define SSL_F_SSL3_CTRL 213
-#define SSL_F_SSL3_CTX_CTRL 133
-#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279
-#define SSL_F_SSL3_ENC 134
-#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
-#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
-#define SSL_F_SSL3_GET_CERT_STATUS 288
-#define SSL_F_SSL3_GET_CERT_VERIFY 136
-#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
-#define SSL_F_SSL3_GET_CLIENT_HELLO 138
-#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
-#define SSL_F_SSL3_GET_FINISHED 140
-#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
-#define SSL_F_SSL3_GET_MESSAGE 142
-#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
-#define SSL_F_SSL3_GET_RECORD 143
-#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
-#define SSL_F_SSL3_GET_SERVER_DONE 145
-#define SSL_F_SSL3_GET_SERVER_HELLO 146
-#define SSL_F_SSL3_NEW_SESSION_TICKET 284
-#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
-#define SSL_F_SSL3_PEEK 235
-#define SSL_F_SSL3_READ_BYTES 148
-#define SSL_F_SSL3_READ_N 149
-#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
-#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
-#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
-#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
-#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
-#define SSL_F_SSL3_SEND_SERVER_HELLO 242
-#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
-#define SSL_F_SSL3_SETUP_BUFFERS 156
-#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
-#define SSL_F_SSL3_WRITE_BYTES 158
-#define SSL_F_SSL3_WRITE_PENDING 159
-#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285
-#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272
-#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
-#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
-#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286
-#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273
-#define SSL_F_SSL_BAD_METHOD 160
-#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
-#define SSL_F_SSL_CERT_DUP 221
-#define SSL_F_SSL_CERT_INST 222
-#define SSL_F_SSL_CERT_INSTANTIATE 214
-#define SSL_F_SSL_CERT_NEW 162
-#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
-#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274
-#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
-#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
-#define SSL_F_SSL_CLEAR 164
-#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
-#define SSL_F_SSL_CREATE_CIPHER_LIST 166
-#define SSL_F_SSL_CTRL 232
-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
-#define SSL_F_SSL_CTX_NEW 169
-#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
-#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278
-#define SSL_F_SSL_CTX_SET_PURPOSE 226
-#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
-#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
-#define SSL_F_SSL_CTX_SET_TRUST 229
-#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
-#define SSL_F_SSL_DO_HANDSHAKE 180
-#define SSL_F_SSL_GET_NEW_SESSION 181
-#define SSL_F_SSL_GET_PREV_SESSION 217
-#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
-#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317
-#define SSL_F_SSL_GET_SIGN_PKEY 183
-#define SSL_F_SSL_INIT_WBIO_BUFFER 184
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
-#define SSL_F_SSL_NEW 186
-#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287
-#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290
-#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289
-#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291
-#define SSL_F_SSL_PEEK 270
-#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275
-#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276
-#define SSL_F_SSL_READ 223
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
-#define SSL_F_SSL_SESSION_NEW 189
-#define SSL_F_SSL_SESSION_PRINT_FP 190
-#define SSL_F_SSL_SESS_CERT_NEW 225
-#define SSL_F_SSL_SET_CERT 191
-#define SSL_F_SSL_SET_CIPHER_LIST 271
-#define SSL_F_SSL_SET_FD 192
-#define SSL_F_SSL_SET_PKEY 193
-#define SSL_F_SSL_SET_PURPOSE 227
-#define SSL_F_SSL_SET_RFD 194
-#define SSL_F_SSL_SET_SESSION 195
-#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
-#define SSL_F_SSL_SET_TRUST 228
-#define SSL_F_SSL_SET_WFD 196
-#define SSL_F_SSL_SHUTDOWN 224
-#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
-#define SSL_F_SSL_UNDEFINED_FUNCTION 197
-#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
-#define SSL_F_SSL_USE_CERTIFICATE 198
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
-#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
-#define SSL_F_SSL_USE_PRIVATEKEY 201
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
-#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
-#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
-#define SSL_F_SSL_WRITE 208
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
-#define SSL_F_TLS1_ENC 210
-#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
-#define SSL_F_WRITE_PENDING 212
-
-/* Reason codes. */
-#define SSL_R_APP_DATA_IN_HANDSHAKE 100
-#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
-#define SSL_R_BAD_ALERT_RECORD 101
-#define SSL_R_BAD_AUTHENTICATION_TYPE 102
-#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
-#define SSL_R_BAD_CHECKSUM 104
-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
-#define SSL_R_BAD_DECOMPRESSION 107
-#define SSL_R_BAD_DH_G_LENGTH 108
-#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
-#define SSL_R_BAD_DH_P_LENGTH 110
-#define SSL_R_BAD_DIGEST_LENGTH 111
-#define SSL_R_BAD_DSA_SIGNATURE 112
-#define SSL_R_BAD_ECC_CERT 304
-#define SSL_R_BAD_ECDSA_SIGNATURE 305
-#define SSL_R_BAD_ECPOINT 306
-#define SSL_R_BAD_HELLO_REQUEST 105
-#define SSL_R_BAD_LENGTH 271
-#define SSL_R_BAD_MAC_DECODE 113
-#define SSL_R_BAD_MESSAGE_TYPE 114
-#define SSL_R_BAD_PACKET_LENGTH 115
-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
-#define SSL_R_BAD_RESPONSE_ARGUMENT 117
-#define SSL_R_BAD_RSA_DECRYPT 118
-#define SSL_R_BAD_RSA_ENCRYPT 119
-#define SSL_R_BAD_RSA_E_LENGTH 120
-#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
-#define SSL_R_BAD_RSA_SIGNATURE 122
-#define SSL_R_BAD_SIGNATURE 123
-#define SSL_R_BAD_SSL_FILETYPE 124
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
-#define SSL_R_BAD_STATE 126
-#define SSL_R_BAD_WRITE_RETRY 127
-#define SSL_R_BIO_NOT_SET 128
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
-#define SSL_R_BN_LIB 130
-#define SSL_R_CA_DN_LENGTH_MISMATCH 131
-#define SSL_R_CA_DN_TOO_LONG 132
-#define SSL_R_CCS_RECEIVED_EARLY 133
-#define SSL_R_CERTIFICATE_VERIFY_FAILED 134
-#define SSL_R_CERT_LENGTH_MISMATCH 135
-#define SSL_R_CHALLENGE_IS_DIFFERENT 136
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
-#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
-#define SSL_R_CLIENTHELLO_TLSEXT 157
-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
-#define SSL_R_COMPRESSION_FAILURE 141
-#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
-#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
-#define SSL_R_CONNECTION_TYPE_NOT_SET 144
-#define SSL_R_COOKIE_MISMATCH 308
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
-#define SSL_R_DATA_LENGTH_TOO_LONG 146
-#define SSL_R_DECRYPTION_FAILED 147
-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
-#define SSL_R_DIGEST_CHECK_FAILED 149
-#define SSL_R_DTLS_MESSAGE_TOO_BIG 318
-#define SSL_R_DUPLICATE_COMPRESSION_ID 309
-#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
-#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
-#define SSL_R_HTTPS_PROXY_REQUEST 155
-#define SSL_R_HTTP_REQUEST 156
-#define SSL_R_ILLEGAL_PADDING 283
-#define SSL_R_INAPPROPRIATE_FALLBACK 373
-#define SSL_R_INVALID_CHALLENGE_LENGTH 158
-#define SSL_R_INVALID_COMMAND 280
-#define SSL_R_INVALID_PURPOSE 278
-#define SSL_R_INVALID_STATUS_RESPONSE 316
-#define SSL_R_INVALID_TICKET_KEYS_LENGTH 275
-#define SSL_R_INVALID_TRUST 279
-#define SSL_R_KEY_ARG_TOO_LONG 284
-#define SSL_R_KRB5 285
-#define SSL_R_KRB5_C_CC_PRINC 286
-#define SSL_R_KRB5_C_GET_CRED 287
-#define SSL_R_KRB5_C_INIT 288
-#define SSL_R_KRB5_C_MK_REQ 289
-#define SSL_R_KRB5_S_BAD_TICKET 290
-#define SSL_R_KRB5_S_INIT 291
-#define SSL_R_KRB5_S_RD_REQ 292
-#define SSL_R_KRB5_S_TKT_EXPIRED 293
-#define SSL_R_KRB5_S_TKT_NYV 294
-#define SSL_R_KRB5_S_TKT_SKEW 295
-#define SSL_R_LENGTH_MISMATCH 159
-#define SSL_R_LENGTH_TOO_SHORT 160
-#define SSL_R_LIBRARY_BUG 274
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
-#define SSL_R_MESSAGE_TOO_LONG 296
-#define SSL_R_MISSING_DH_DSA_CERT 162
-#define SSL_R_MISSING_DH_KEY 163
-#define SSL_R_MISSING_DH_RSA_CERT 164
-#define SSL_R_MISSING_DSA_SIGNING_CERT 165
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
-#define SSL_R_MISSING_RSA_CERTIFICATE 168
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
-#define SSL_R_MISSING_RSA_SIGNING_CERT 170
-#define SSL_R_MISSING_TMP_DH_KEY 171
-#define SSL_R_MISSING_TMP_ECDH_KEY 311
-#define SSL_R_MISSING_TMP_RSA_KEY 172
-#define SSL_R_MISSING_TMP_RSA_PKEY 173
-#define SSL_R_MISSING_VERIFY_MESSAGE 174
-#define SSL_R_MULTIPLE_SGC_RESTARTS 325
-#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
-#define SSL_R_NO_CERTIFICATES_RETURNED 176
-#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
-#define SSL_R_NO_CERTIFICATE_RETURNED 178
-#define SSL_R_NO_CERTIFICATE_SET 179
-#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
-#define SSL_R_NO_CIPHERS_AVAILABLE 181
-#define SSL_R_NO_CIPHERS_PASSED 182
-#define SSL_R_NO_CIPHERS_SPECIFIED 183
-#define SSL_R_NO_CIPHER_LIST 184
-#define SSL_R_NO_CIPHER_MATCH 185
-#define SSL_R_NO_CLIENT_CERT_METHOD 317
-#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
-#define SSL_R_NO_COMPRESSION_SPECIFIED 187
-#define SSL_R_NO_METHOD_SPECIFIED 188
-#define SSL_R_NO_PRIVATEKEY 189
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
-#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
-#define SSL_R_NO_PUBLICKEY 192
-#define SSL_R_NO_RENEGOTIATION 319
-#define SSL_R_NO_SHARED_CIPHER 193
-#define SSL_R_NO_VERIFY_CALLBACK 194
-#define SSL_R_NULL_SSL_CTX 195
-#define SSL_R_NULL_SSL_METHOD_PASSED 196
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
-#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
-#define SSL_R_PACKET_LENGTH_TOO_LONG 198
-#define SSL_R_PARSE_TLSEXT 223
-#define SSL_R_PATH_TOO_LONG 270
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
-#define SSL_R_PEER_ERROR 200
-#define SSL_R_PEER_ERROR_CERTIFICATE 201
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
-#define SSL_R_PEER_ERROR_NO_CIPHER 203
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
-#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
-#define SSL_R_PUBLIC_KEY_NOT_RSA 210
-#define SSL_R_READ_BIO_NOT_SET 211
-#define SSL_R_READ_TIMEOUT_EXPIRED 312
-#define SSL_R_READ_WRONG_PACKET_TYPE 212
-#define SSL_R_RECORD_LENGTH_MISMATCH 213
-#define SSL_R_RECORD_TOO_LARGE 214
-#define SSL_R_RECORD_TOO_SMALL 298
-#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320
-#define SSL_R_RENEGOTIATION_ENCODING_ERR 321
-#define SSL_R_RENEGOTIATION_MISMATCH 322
-#define SSL_R_REQUIRED_CIPHER_MISSING 215
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
-#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324
-#define SSL_R_SERVERHELLO_TLSEXT 224
-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
-#define SSL_R_SHORT_READ 219
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
-#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
-#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
-#define SSL_R_SSL_HANDSHAKE_FAILURE 229
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
-#define SSL_R_SSL_SESSION_ID_CONFLICT 302
-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
-#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
-#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
-#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
-#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
-#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
-#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
-#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
-#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
-#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
-#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
-#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
-#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
-#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
-#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
-#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
-#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
-#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
-#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
-#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
-#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
-#define SSL_R_UNEXPECTED_MESSAGE 244
-#define SSL_R_UNEXPECTED_RECORD 245
-#define SSL_R_UNINITIALIZED 276
-#define SSL_R_UNKNOWN_ALERT_TYPE 246
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
-#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
-#define SSL_R_UNKNOWN_CIPHER_TYPE 249
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
-#define SSL_R_UNKNOWN_PKEY_TYPE 251
-#define SSL_R_UNKNOWN_PROTOCOL 252
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
-#define SSL_R_UNKNOWN_SSL_VERSION 254
-#define SSL_R_UNKNOWN_STATE 255
-#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323
-#define SSL_R_UNSUPPORTED_CIPHER 256
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
-#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
-#define SSL_R_UNSUPPORTED_PROTOCOL 258
-#define SSL_R_UNSUPPORTED_SSL_VERSION 259
-#define SSL_R_UNSUPPORTED_STATUS_TYPE 329
-#define SSL_R_WRITE_BIO_NOT_SET 260
-#define SSL_R_WRONG_CIPHER_RETURNED 261
-#define SSL_R_WRONG_MESSAGE_TYPE 262
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
-#define SSL_R_WRONG_SIGNATURE_LENGTH 264
-#define SSL_R_WRONG_SIGNATURE_SIZE 265
-#define SSL_R_WRONG_SSL_VERSION 266
-#define SSL_R_WRONG_VERSION_NUMBER 267
-#define SSL_R_X509_LIB 268
-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl.h (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2243 @@
+/* ssl/ssl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_SSL_H
+# define HEADER_SSL_H
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+# endif
+# ifndef OPENSSL_NO_BIO
+# include <openssl/bio.h>
+# endif
+# ifndef OPENSSL_NO_DEPRECATED
+# ifndef OPENSSL_NO_X509
+# include <openssl/x509.h>
+# endif
+# include <openssl/crypto.h>
+# include <openssl/lhash.h>
+# include <openssl/buffer.h>
+# endif
+# include <openssl/pem.h>
+# include <openssl/hmac.h>
+
+# include <openssl/kssl.h>
+# include <openssl/safestack.h>
+# include <openssl/symhacks.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* SSLeay version number for ASN.1 encoding of the session information */
+/*-
+ * Version 0 - initial version
+ * Version 1 - added the optional peer certificate
+ */
+# define SSL_SESSION_ASN1_VERSION 0x0001
+
+/* text strings for the ciphers */
+# define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
+# define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
+# define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
+# define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
+# define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
+# define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
+# define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
+# define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
+# define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
+# define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
+
+/*
+ * VRS Additional Kerberos5 entries
+ */
+# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
+# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
+# define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA
+# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
+# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
+# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
+# define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5
+# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
+
+# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
+# define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA
+# define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA
+# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
+# define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5
+# define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5
+
+# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
+# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
+# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
+# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
+# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
+# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
+# define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256
+
+# define SSL_MAX_SSL_SESSION_ID_LENGTH 32
+# define SSL_MAX_SID_CTX_LENGTH 32
+
+# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
+# define SSL_MAX_KEY_ARG_LENGTH 8
+# define SSL_MAX_MASTER_KEY_LENGTH 48
+
+/* These are used to specify which ciphers to use and not to use */
+# define SSL_TXT_LOW "LOW"
+# define SSL_TXT_MEDIUM "MEDIUM"
+# define SSL_TXT_HIGH "HIGH"
+# define SSL_TXT_FIPS "FIPS"
+# define SSL_TXT_kFZA "kFZA"
+# define SSL_TXT_aFZA "aFZA"
+# define SSL_TXT_eFZA "eFZA"
+# define SSL_TXT_FZA "FZA"
+
+# define SSL_TXT_aNULL "aNULL"
+# define SSL_TXT_eNULL "eNULL"
+# define SSL_TXT_NULL "NULL"
+
+# define SSL_TXT_kKRB5 "kKRB5"
+# define SSL_TXT_aKRB5 "aKRB5"
+# define SSL_TXT_KRB5 "KRB5"
+
+# define SSL_TXT_kRSA "kRSA"
+# define SSL_TXT_kDHr "kDHr"
+# define SSL_TXT_kDHd "kDHd"
+# define SSL_TXT_kEDH "kEDH"
+# define SSL_TXT_aRSA "aRSA"
+# define SSL_TXT_aDSS "aDSS"
+# define SSL_TXT_aDH "aDH"
+# define SSL_TXT_DSS "DSS"
+# define SSL_TXT_DH "DH"
+# define SSL_TXT_EDH "EDH"
+# define SSL_TXT_ADH "ADH"
+# define SSL_TXT_RSA "RSA"
+# define SSL_TXT_DES "DES"
+# define SSL_TXT_3DES "3DES"
+# define SSL_TXT_RC4 "RC4"
+# define SSL_TXT_RC2 "RC2"
+# define SSL_TXT_IDEA "IDEA"
+# define SSL_TXT_SEED "SEED"
+# define SSL_TXT_AES "AES"
+# define SSL_TXT_CAMELLIA "CAMELLIA"
+# define SSL_TXT_MD5 "MD5"
+# define SSL_TXT_SHA1 "SHA1"
+# define SSL_TXT_SHA "SHA"
+# define SSL_TXT_EXP "EXP"
+# define SSL_TXT_EXPORT "EXPORT"
+# define SSL_TXT_EXP40 "EXPORT40"
+# define SSL_TXT_EXP56 "EXPORT56"
+# define SSL_TXT_SSLV2 "SSLv2"
+# define SSL_TXT_SSLV3 "SSLv3"
+# define SSL_TXT_TLSV1 "TLSv1"
+# define SSL_TXT_ALL "ALL"
+# define SSL_TXT_ECC "ECCdraft"/* ECC ciphersuites are not yet
+ * official */
+
+/*-
+ * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
+ * ciphers normally not being used.
+ * Example: "RC4" will activate all ciphers using RC4 including ciphers
+ * without authentication, which would normally disabled by DEFAULT (due
+ * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
+ * will make sure that it is also disabled in the specific selection.
+ * COMPLEMENTOF* identifiers are portable between version, as adjustments
+ * to the default cipher setup will also be included here.
+ *
+ * COMPLEMENTOFDEFAULT does not experience the same special treatment that
+ * DEFAULT gets, as only selection is being done and no sorting as needed
+ * for DEFAULT.
+ */
+# define SSL_TXT_CMPALL "COMPLEMENTOFALL"
+# define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT"
+
+/*
+ * The following cipher list is used by default. It also is substituted when
+ * an application-defined cipher list string starts with 'DEFAULT'.
+ */
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH"
+
+/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+# define SSL_SENT_SHUTDOWN 1
+# define SSL_RECEIVED_SHUTDOWN 2
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
+# define OPENSSL_NO_SSL2
+# endif
+
+# define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
+# define SSL_FILETYPE_PEM X509_FILETYPE_PEM
+
+/*
+ * This is needed to stop compilers complaining about the 'struct ssl_st *'
+ * function parameters used to prototype callbacks in SSL_CTX.
+ */
+typedef struct ssl_st *ssl_crock_st;
+
+/* used to hold info on the particular ciphers used */
+typedef struct ssl_cipher_st {
+ int valid;
+ const char *name; /* text name */
+ unsigned long id; /* id, 4 bytes, first is version */
+ unsigned long algorithms; /* what ciphers are used */
+ unsigned long algo_strength; /* strength and export flags */
+ unsigned long algorithm2; /* Extra flags */
+ int strength_bits; /* Number of bits really used */
+ int alg_bits; /* Number of bits for algorithm */
+ unsigned long mask; /* used for matching */
+ unsigned long mask_strength; /* also used for matching */
+} SSL_CIPHER;
+
+DECLARE_STACK_OF(SSL_CIPHER)
+
+/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
+typedef struct ssl_method_st {
+ int version;
+ int (*ssl_new) (SSL *s);
+ void (*ssl_clear) (SSL *s);
+ void (*ssl_free) (SSL *s);
+ int (*ssl_accept) (SSL *s);
+ int (*ssl_connect) (SSL *s);
+ int (*ssl_read) (SSL *s, void *buf, int len);
+ int (*ssl_peek) (SSL *s, void *buf, int len);
+ int (*ssl_write) (SSL *s, const void *buf, int len);
+ int (*ssl_shutdown) (SSL *s);
+ int (*ssl_renegotiate) (SSL *s);
+ int (*ssl_renegotiate_check) (SSL *s);
+ long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long
+ max, int *ok);
+ int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len,
+ int peek);
+ int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len);
+ int (*ssl_dispatch_alert) (SSL *s);
+ long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
+ long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg);
+ SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
+ int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr);
+ int (*ssl_pending) (const SSL *s);
+ int (*num_ciphers) (void);
+ SSL_CIPHER *(*get_cipher) (unsigned ncipher);
+ struct ssl_method_st *(*get_ssl_method) (int version);
+ long (*get_timeout) (void);
+ struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+ int (*ssl_version) (void);
+ long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
+ long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
+} SSL_METHOD;
+
+/*-
+ * Lets make this into an ASN.1 type structure as follows
+ * SSL_SESSION_ID ::= SEQUENCE {
+ * version INTEGER, -- structure version number
+ * SSLversion INTEGER, -- SSL version number
+ * Cipher OCTET_STRING, -- the 3 byte cipher ID
+ * Session_ID OCTET_STRING, -- the Session ID
+ * Master_key OCTET_STRING, -- the master key
+ * KRB5_principal OCTET_STRING -- optional Kerberos principal
+ * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument
+ * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
+ * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
+ * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
+ * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context
+ * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer'
+ * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX
+ * }
+ * Look in ssl/ssl_asn1.c for more details
+ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
+ */
+typedef struct ssl_session_st {
+ int ssl_version; /* what ssl version session info is being
+ * kept in here? */
+ /* only really used in SSLv2 */
+ unsigned int key_arg_length;
+ unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
+ int master_key_length;
+ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+ /* session_id - valid? */
+ unsigned int session_id_length;
+ unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+ /*
+ * this is used to determine whether the session is being reused in the
+ * appropriate context. It is up to the application to set this, via
+ * SSL_new
+ */
+ unsigned int sid_ctx_length;
+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+# ifndef OPENSSL_NO_KRB5
+ unsigned int krb5_client_princ_len;
+ unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
+# endif /* OPENSSL_NO_KRB5 */
+ int not_resumable;
+ /* The cert is the certificate used to establish this connection */
+ struct sess_cert_st /* SESS_CERT */ *sess_cert;
+ /*
+ * This is the cert for the other end. On clients, it will be the same as
+ * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is
+ * not retained in the external representation of sessions, see
+ * ssl_asn1.c).
+ */
+ X509 *peer;
+ /*
+ * when app_verify_callback accepts a session where the peer's
+ * certificate is not ok, we must remember the error for session reuse:
+ */
+ long verify_result; /* only for servers */
+ int references;
+ long timeout;
+ long time;
+ int compress_meth; /* Need to lookup the method */
+ SSL_CIPHER *cipher;
+ unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used
+ * to load the 'cipher' structure */
+ STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
+ CRYPTO_EX_DATA ex_data; /* application specific data */
+ /*
+ * These are used to make removal of session-ids more efficient and to
+ * implement a maximum cache size.
+ */
+ struct ssl_session_st *prev, *next;
+# ifndef OPENSSL_NO_TLSEXT
+ char *tlsext_hostname;
+ /* RFC4507 info */
+ unsigned char *tlsext_tick; /* Session ticket */
+ size_t tlsext_ticklen; /* Session ticket length */
+ long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
+# endif
+} SSL_SESSION;
+
+# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
+# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
+/* Allow initial connection to servers that don't support RI */
+# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L
+# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
+# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
+# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L
+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
+# define SSL_OP_TLS_D5_BUG 0x00000100L
+# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
+
+/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
+# define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0
+
+/*
+ * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
+ * OpenSSL 0.9.6d. Usually (depending on the application protocol) the
+ * workaround is not needed. Unfortunately some broken SSL/TLS
+ * implementations cannot handle it at all, which is why we include it in
+ * SSL_OP_ALL.
+ */
+/* added in 0.9.6e */
+# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L
+
+/*
+ * SSL_OP_ALL: various bug workarounds that should be rather harmless. This
+ * used to be 0x000FFFFFL before 0.9.7.
+ */
+# define SSL_OP_ALL 0x00000FFFL
+
+/* DTLS options */
+# define SSL_OP_NO_QUERY_MTU 0x00001000L
+/* Turn on Cookie Exchange (on relevant for servers) */
+# define SSL_OP_COOKIE_EXCHANGE 0x00002000L
+/* Don't use RFC4507 ticket extension */
+# define SSL_OP_NO_TICKET 0x00004000L
+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
+# define SSL_OP_CISCO_ANYCONNECT 0x00008000L
+
+/* As server, disallow session resumption on renegotiation */
+# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
+/* Permit unsafe legacy renegotiation */
+# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
+/* If set, always create a new key when using tmp_ecdh parameters */
+# define SSL_OP_SINGLE_ECDH_USE 0x00080000L
+/* If set, always create a new key when using tmp_dh parameters */
+# define SSL_OP_SINGLE_DH_USE 0x00100000L
+/* Does nothing: retained for compatibiity */
+# define SSL_OP_EPHEMERAL_RSA 0x0
+/*
+ * Set on servers to choose the cipher according to the server's preferences
+ */
+# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
+/*
+ * If set, a server will allow a client to issue a SSLv3.0 version number as
+ * latest version supported in the premaster secret, even when TLSv1.0
+ * (version 3.1) was announced in the client hello. Normally this is
+ * forbidden to prevent version rollback attacks.
+ */
+# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
+
+# define SSL_OP_NO_SSLv2 0x01000000L
+# define SSL_OP_NO_SSLv3 0x02000000L
+# define SSL_OP_NO_TLSv1 0x04000000L
+
+/*
+ * The next flag deliberately changes the ciphertest, this is a check for the
+ * PKCS#1 attack
+ */
+# define SSL_OP_PKCS1_CHECK_1 0x08000000L
+# define SSL_OP_PKCS1_CHECK_2 0x10000000L
+# define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
+# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
+
+/*
+ * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+ * when just a single record has been written):
+ */
+# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
+/*
+ * Make it possible to retry SSL_write() with changed buffer location (buffer
+ * contents must stay the same!); this is not the default to avoid the
+ * misconception that non-blocking SSL_write() behaves like non-blocking
+ * write():
+ */
+# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
+/*
+ * Never bother the application with retries if the transport is blocking:
+ */
+# define SSL_MODE_AUTO_RETRY 0x00000004L
+/* Don't attempt to automatically build certificate chain */
+# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
+/*
+ * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications
+ * that reconnect with a downgraded protocol version; see
+ * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your
+ * application attempts a normal handshake. Only use this in explicit
+ * fallback retries, following the guidance in
+ * draft-ietf-tls-downgrade-scsv-00.
+ */
+# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L
+
+/*
+ * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
+ * cannot be used to clear bits.
+ */
+
+# define SSL_CTX_set_options(ctx,op) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+# define SSL_CTX_clear_options(ctx,op) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
+# define SSL_CTX_get_options(ctx) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
+# define SSL_set_options(ssl,op) \
+ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
+# define SSL_clear_options(ssl,op) \
+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
+# define SSL_get_options(ssl) \
+ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
+
+# define SSL_CTX_set_mode(ctx,op) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+# define SSL_CTX_clear_mode(ctx,op) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_CTX_get_mode(ctx) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+# define SSL_clear_mode(ssl,op) \
+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_set_mode(ssl,op) \
+ SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
+# define SSL_get_mode(ssl) \
+ SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
+# define SSL_set_mtu(ssl, mtu) \
+ SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+
+# define SSL_get_secure_renegotiation_support(ssl) \
+ SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+ void (*cb) (int write_p, int version,
+ int content_type, const void *buf,
+ size_t len, SSL *ssl, void *arg));
+void SSL_set_msg_callback(SSL *ssl,
+ void (*cb) (int write_p, int version,
+ int content_type, const void *buf,
+ size_t len, SSL *ssl, void *arg));
+# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+
+# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
+# define SSL_MAX_CERT_LIST_DEFAULT 1024*30
+ /* 30k max cert list :-) */
+# else
+# define SSL_MAX_CERT_LIST_DEFAULT 1024*100
+ /* 100k max cert list :-) */
+# endif
+
+# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
+
+/*
+ * This callback type is used inside SSL_CTX, SSL, and in the functions that
+ * set them. It is used to override the generation of SSL/TLS session IDs in
+ * a server. Return value should be zero on an error, non-zero to proceed.
+ * Also, callbacks should themselves check if the id they generate is unique
+ * otherwise the SSL handshake will fail with an error - callbacks can do
+ * this using the 'ssl' value they're passed by;
+ * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in
+ * is set at the maximum size the session ID can be. In SSLv2 this is 16
+ * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this
+ * length to be less if desired, but under SSLv2 session IDs are supposed to
+ * be fixed at 16 bytes so the id will be padded after the callback returns
+ * in this case. It is also an error for the callback to set the size to
+ * zero.
+ */
+typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id,
+ unsigned int *id_len);
+
+typedef struct ssl_comp_st {
+ int id;
+ const char *name;
+# ifndef OPENSSL_NO_COMP
+ COMP_METHOD *method;
+# else
+ char *method;
+# endif
+} SSL_COMP;
+
+DECLARE_STACK_OF(SSL_COMP)
+
+struct ssl_ctx_st {
+ SSL_METHOD *method;
+ STACK_OF(SSL_CIPHER) *cipher_list;
+ /* same as above but sorted for lookup */
+ STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+ struct x509_store_st /* X509_STORE */ *cert_store;
+ struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */
+ /*
+ * Most session-ids that will be cached, default is
+ * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
+ */
+ unsigned long session_cache_size;
+ struct ssl_session_st *session_cache_head;
+ struct ssl_session_st *session_cache_tail;
+ /*
+ * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
+ * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
+ * means only SSL_accept which cache SSL_SESSIONS.
+ */
+ int session_cache_mode;
+ /*
+ * If timeout is not 0, it is the default timeout value set when
+ * SSL_new() is called. This has been put in to make life easier to set
+ * things up
+ */
+ long session_timeout;
+ /*
+ * If this callback is not null, it will be called each time a session id
+ * is added to the cache. If this function returns 1, it means that the
+ * callback will do a SSL_SESSION_free() when it has finished using it.
+ * Otherwise, on 0, it means the callback has finished with it. If
+ * remove_session_cb is not null, it will be called when a session-id is
+ * removed from the cache. After the call, OpenSSL will
+ * SSL_SESSION_free() it.
+ */
+ int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
+ void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+ SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
+ unsigned char *data, int len, int *copy);
+ struct {
+ int sess_connect; /* SSL new conn - started */
+ int sess_connect_renegotiate; /* SSL reneg - requested */
+ int sess_connect_good; /* SSL new conne/reneg - finished */
+ int sess_accept; /* SSL new accept - started */
+ int sess_accept_renegotiate; /* SSL reneg - requested */
+ int sess_accept_good; /* SSL accept/reneg - finished */
+ int sess_miss; /* session lookup misses */
+ int sess_timeout; /* reuse attempt on timeouted session */
+ int sess_cache_full; /* session removed due to full cache */
+ int sess_hit; /* session reuse actually done */
+ int sess_cb_hit; /* session-id that was not in the cache was
+ * passed back via the callback. This
+ * indicates that the application is
+ * supplying session-id's from other
+ * processes - spooky :-) */
+ } stats;
+
+ int references;
+
+ /* if defined, these override the X509_verify_cert() calls */
+ int (*app_verify_callback) (X509_STORE_CTX *, void *);
+ void *app_verify_arg;
+ /*
+ * before OpenSSL 0.9.7, 'app_verify_arg' was ignored
+ * ('app_verify_callback' was called with just one argument)
+ */
+
+ /* Default password callback. */
+ pem_password_cb *default_passwd_callback;
+
+ /* Default password callback user data. */
+ void *default_passwd_callback_userdata;
+
+ /* get client cert callback */
+ int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+ /* cookie generate callback */
+ int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
+ unsigned int *cookie_len);
+
+ /* verify cookie callback */
+ int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie,
+ unsigned int cookie_len);
+
+ CRYPTO_EX_DATA ex_data;
+
+ const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */
+ const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
+ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
+
+ STACK_OF(X509) *extra_certs;
+ STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+
+ /* Default values used when no per-SSL value is defined follow */
+
+ /* used if SSL's info_callback is NULL */
+ void (*info_callback) (const SSL *ssl, int type, int val);
+
+ /* what we put in client cert requests */
+ STACK_OF(X509_NAME) *client_CA;
+
+ /*
+ * Default values to use in SSL structures follow (these are copied by
+ * SSL_new)
+ */
+
+ unsigned long options;
+ unsigned long mode;
+ long max_cert_list;
+
+ struct cert_st /* CERT */ *cert;
+ int read_ahead;
+
+ /* callback that allows applications to peek at protocol messages */
+ void (*msg_callback) (int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg);
+ void *msg_callback_arg;
+
+ int verify_mode;
+ unsigned int sid_ctx_length;
+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+ /* called 'verify_callback' in the SSL */
+ int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
+
+ /* Default generate session ID callback. */
+ GEN_SESSION_CB generate_session_id;
+
+ X509_VERIFY_PARAM *param;
+
+# if 0
+ int purpose; /* Purpose setting */
+ int trust; /* Trust setting */
+# endif
+
+ int quiet_shutdown;
+
+# ifndef OPENSSL_ENGINE
+ /*
+ * Engine to pass requests for client certs to
+ */
+ ENGINE *client_cert_engine;
+# endif
+
+# ifndef OPENSSL_NO_TLSEXT
+ /* TLS extensions servername callback */
+ int (*tlsext_servername_callback) (SSL *, int *, void *);
+ void *tlsext_servername_arg;
+ /* RFC 4507 session ticket keys */
+ unsigned char tlsext_tick_key_name[16];
+ unsigned char tlsext_tick_hmac_key[16];
+ unsigned char tlsext_tick_aes_key[16];
+ /* Callback to support customisation of ticket key setting */
+ int (*tlsext_ticket_key_cb) (SSL *ssl,
+ unsigned char *name, unsigned char *iv,
+ EVP_CIPHER_CTX *ectx,
+ HMAC_CTX *hctx, int enc);
+
+ /* certificate status request info */
+ /* Callback for status request */
+ int (*tlsext_status_cb) (SSL *ssl, void *arg);
+ void *tlsext_status_arg;
+# endif
+
+};
+
+# define SSL_SESS_CACHE_OFF 0x0000
+# define SSL_SESS_CACHE_CLIENT 0x0001
+# define SSL_SESS_CACHE_SERVER 0x0002
+# define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+# define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
+# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
+# define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
+# define SSL_SESS_CACHE_NO_INTERNAL \
+ (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+
+struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+# define SSL_CTX_sess_number(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
+# define SSL_CTX_sess_connect(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
+# define SSL_CTX_sess_connect_good(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
+# define SSL_CTX_sess_connect_renegotiate(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
+# define SSL_CTX_sess_accept_renegotiate(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept_good(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
+# define SSL_CTX_sess_hits(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
+# define SSL_CTX_sess_cb_hits(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
+# define SSL_CTX_sess_misses(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
+# define SSL_CTX_sess_timeouts(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
+# define SSL_CTX_sess_cache_full(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+ int (*new_session_cb) (struct ssl_st *ssl,
+ SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+ SSL_SESSION *sess);
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+ void (*remove_session_cb) (struct ssl_ctx_st
+ *ctx,
+ SSL_SESSION
+ *sess));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx,
+ SSL_SESSION *sess);
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+ SSL_SESSION *(*get_session_cb) (struct ssl_st
+ *ssl,
+ unsigned char
+ *data, int len,
+ int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+ unsigned char *Data,
+ int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+ void (*cb) (const SSL *ssl, int type,
+ int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+ int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+ int (*client_cert_cb) (SSL *ssl, X509 **x509,
+ EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+ EVP_PKEY **pkey);
+# ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+# endif
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+ int (*app_gen_cookie_cb) (SSL *ssl,
+ unsigned char
+ *cookie,
+ unsigned int
+ *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+ int (*app_verify_cookie_cb) (SSL *ssl,
+ unsigned char
+ *cookie,
+ unsigned int
+ cookie_len));
+
+# define SSL_NOTHING 1
+# define SSL_WRITING 2
+# define SSL_READING 3
+# define SSL_X509_LOOKUP 4
+
+/* These will only be used when doing non-blocking IO */
+# define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
+# define SSL_want_read(s) (SSL_want(s) == SSL_READING)
+# define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
+# define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
+
+struct ssl_st {
+ /*
+ * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
+ * DTLS1_VERSION)
+ */
+ int version;
+ /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
+ int type;
+ /* SSLv3 */
+ SSL_METHOD *method;
+ /*
+ * There are 2 BIO's even though they are normally both the same. This
+ * is so data can be read and written to different handlers
+ */
+# ifndef OPENSSL_NO_BIO
+ /* used by SSL_read */
+ BIO *rbio;
+ /* used by SSL_write */
+ BIO *wbio;
+ /* used during session-id reuse to concatenate messages */
+ BIO *bbio;
+# else
+ /* used by SSL_read */
+ char *rbio;
+ /* used by SSL_write */
+ char *wbio;
+ char *bbio;
+# endif
+ /*
+ * This holds a variable that indicates what we were doing when a 0 or -1
+ * is returned. This is needed for non-blocking IO so we know what
+ * request needs re-doing when in SSL_accept or SSL_connect
+ */
+ int rwstate;
+ /* true when we are actually in SSL_accept() or SSL_connect() */
+ int in_handshake;
+ int (*handshake_func) (SSL *);
+ /*
+ * Imagine that here's a boolean member "init" that is switched as soon
+ * as SSL_set_{accept/connect}_state is called for the first time, so
+ * that "state" and "handshake_func" are properly initialized. But as
+ * handshake_func is == 0 until then, we use this test instead of an
+ * "init" member.
+ */
+ /* are we the server side? - mostly used by SSL_clear */
+ int server;
+ /*
+ * 1 if we are to use a new session.
+ * 2 if we are a server and are inside a handshake
+ * (i.e. not just sending a HelloRequest)
+ * NB: For servers, the 'new' session may actually be a previously
+ * cached session or even the previous session unless
+ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
+ */
+ int new_session;
+ /* don't send shutdown packets */
+ int quiet_shutdown;
+ /* we have shut things down, 0x01 sent, 0x02 for received */
+ int shutdown;
+ /* where we are */
+ int state;
+ /* where we are when reading */
+ int rstate;
+ BUF_MEM *init_buf; /* buffer used during init */
+ void *init_msg; /* pointer to handshake message body, set by
+ * ssl3_get_message() */
+ int init_num; /* amount read/written */
+ int init_off; /* amount read/written */
+ /* used internally to point at a raw packet */
+ unsigned char *packet;
+ unsigned int packet_length;
+ struct ssl2_state_st *s2; /* SSLv2 variables */
+ struct ssl3_state_st *s3; /* SSLv3 variables */
+ struct dtls1_state_st *d1; /* DTLSv1 variables */
+ int read_ahead; /* Read as many input bytes as possible (for
+ * non-blocking reads) */
+ /* callback that allows applications to peek at protocol messages */
+ void (*msg_callback) (int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl, void *arg);
+ void *msg_callback_arg;
+ int hit; /* reusing a previous session */
+ X509_VERIFY_PARAM *param;
+# if 0
+ int purpose; /* Purpose setting */
+ int trust; /* Trust setting */
+# endif
+ /* crypto */
+ STACK_OF(SSL_CIPHER) *cipher_list;
+ STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+ /*
+ * These are the ones being used, the ones in SSL_SESSION are the ones to
+ * be 'copied' into these ones
+ */
+ EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
+ const EVP_MD *read_hash; /* used for mac generation */
+# ifndef OPENSSL_NO_COMP
+ COMP_CTX *expand; /* uncompress */
+# else
+ char *expand;
+# endif
+ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+ const EVP_MD *write_hash; /* used for mac generation */
+# ifndef OPENSSL_NO_COMP
+ COMP_CTX *compress; /* compression */
+# else
+ char *compress;
+# endif
+ /* session info */
+ /* client cert? */
+ /* This is used to hold the server certificate used */
+ struct cert_st /* CERT */ *cert;
+ /*
+ * the session_id_context is used to ensure sessions are only reused in
+ * the appropriate context
+ */
+ unsigned int sid_ctx_length;
+ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+ /* This can also be in the session once a session is established */
+ SSL_SESSION *session;
+ /* Default generate session ID callback. */
+ GEN_SESSION_CB generate_session_id;
+ /* Used in SSL2 and SSL3 */
+ /*
+ * 0 don't care about verify failure.
+ * 1 fail if verify fails
+ */
+ int verify_mode;
+ /* fail if callback returns 0 */
+ int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
+ /* optional informational callback */
+ void (*info_callback) (const SSL *ssl, int type, int val);
+ /* error bytes to be written */
+ int error;
+ /* actual code */
+ int error_code;
+# ifndef OPENSSL_NO_KRB5
+ /* Kerberos 5 context */
+ KSSL_CTX *kssl_ctx;
+# endif /* OPENSSL_NO_KRB5 */
+ SSL_CTX *ctx;
+ /*
+ * set this flag to 1 and a sleep(1) is put into all SSL_read() and
+ * SSL_write() calls, good for nbio debuging :-)
+ */
+ int debug;
+ /* extra application data */
+ long verify_result;
+ CRYPTO_EX_DATA ex_data;
+ /* for server side, keep the list of CA_dn we can use */
+ STACK_OF(X509_NAME) *client_CA;
+ int references;
+ /* protocol behaviour */
+ unsigned long options;
+ /* API behaviour */
+ unsigned long mode;
+ long max_cert_list;
+ int first_packet;
+ /* what was passed, used for SSLv3/TLS rollback check */
+ int client_version;
+# ifndef OPENSSL_NO_TLSEXT
+ /* TLS extension debug callback */
+ void (*tlsext_debug_cb) (SSL *s, int client_server, int type,
+ unsigned char *data, int len, void *arg);
+ void *tlsext_debug_arg;
+ char *tlsext_hostname;
+ /*-
+ * no further mod of servername
+ * 0 : call the servername extension callback.
+ * 1 : prepare 2, allow last ack just after in server callback.
+ * 2 : don't call servername callback, no ack in server hello
+ */
+ int servername_done;
+ /* certificate status request info */
+ /* Status type or -1 if no status type */
+ int tlsext_status_type;
+ /* Expect OCSP CertificateStatus message */
+ int tlsext_status_expected;
+ /* OCSP status request only */
+ STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
+ X509_EXTENSIONS *tlsext_ocsp_exts;
+ /* OCSP response received or to be sent */
+ unsigned char *tlsext_ocsp_resp;
+ int tlsext_ocsp_resplen;
+ /* RFC4507 session ticket expected to be received or sent */
+ int tlsext_ticket_expected;
+ SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */
+# define session_ctx initial_ctx
+# else
+# define session_ctx ctx
+# endif
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+# include <openssl/ssl2.h>
+# include <openssl/ssl3.h>
+# include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
+# include <openssl/dtls1.h> /* Datagram TLS */
+# include <openssl/ssl23.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* compatibility */
+# define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
+# define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
+# define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
+# define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
+# define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
+# define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
+
+/*
+ * The following are the possible values for ssl->state are are used to
+ * indicate where we are up to in the SSL connection establishment. The
+ * macros that follow are about the only things you should need to use and
+ * even then, only when using non-blocking IO. It can also be useful to work
+ * out where you were when the connection failed
+ */
+
+# define SSL_ST_CONNECT 0x1000
+# define SSL_ST_ACCEPT 0x2000
+# define SSL_ST_MASK 0x0FFF
+# define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
+# define SSL_ST_BEFORE 0x4000
+# define SSL_ST_OK 0x03
+# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
+
+# define SSL_CB_LOOP 0x01
+# define SSL_CB_EXIT 0x02
+# define SSL_CB_READ 0x04
+# define SSL_CB_WRITE 0x08
+# define SSL_CB_ALERT 0x4000/* used in callback */
+# define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
+# define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
+# define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
+# define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
+# define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
+# define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
+# define SSL_CB_HANDSHAKE_START 0x10
+# define SSL_CB_HANDSHAKE_DONE 0x20
+
+/* Is the SSL_connection established? */
+# define SSL_get_state(a) SSL_state(a)
+# define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
+# define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
+# define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
+# define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
+# define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
+
+/*
+ * The following 2 states are kept in ssl->rstate when reads fail, you should
+ * not need these
+ */
+# define SSL_ST_READ_HEADER 0xF0
+# define SSL_ST_READ_BODY 0xF1
+# define SSL_ST_READ_DONE 0xF2
+
+/*-
+ * Obtain latest Finished message
+ * -- that we sent (SSL_get_finished)
+ * -- that we expected from peer (SSL_get_peer_finished).
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
+ */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
+
+/*
+ * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options are
+ * 'ored' with SSL_VERIFY_PEER if they are desired
+ */
+# define SSL_VERIFY_NONE 0x00
+# define SSL_VERIFY_PEER 0x01
+# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
+# define SSL_VERIFY_CLIENT_ONCE 0x04
+
+# define OpenSSL_add_ssl_algorithms() SSL_library_init()
+# define SSLeay_add_ssl_algorithms() SSL_library_init()
+
+/* this is for backward compatibility */
+# if 0 /* NEW_SSLEAY */
+# define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
+# define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
+# define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
+# define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
+# define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
+# endif
+/* More backward compatibility */
+# define SSL_get_cipher(s) \
+ SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_cipher_bits(s,np) \
+ SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+# define SSL_get_cipher_version(s) \
+ SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+# define SSL_get_cipher_name(s) \
+ SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_time(a) SSL_SESSION_get_time(a)
+# define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
+# define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
+# define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
+
+# if 1 /* SSLEAY_MACROS */
+# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
+# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
+# define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
+ (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
+# define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)
+# define PEM_write_SSL_SESSION(fp,x) \
+ PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
+ PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
+# define PEM_write_bio_SSL_SESSION(bp,x) \
+ PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)
+# endif
+
+# define SSL_AD_REASON_OFFSET 1000
+/* These alert types are for SSLv3 and TLSv1 */
+# define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
+/* fatal */
+# define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE
+/* fatal */
+# define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC
+# define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
+# define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
+/* fatal */
+# define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE
+/* fatal */
+# define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE
+/* Not for TLS */
+# define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE
+# define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
+# define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
+# define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
+# define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
+# define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
+/* fatal */
+# define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER
+/* fatal */
+# define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA
+/* fatal */
+# define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED
+/* fatal */
+# define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR
+# define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
+/* fatal */
+# define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION
+/* fatal */
+# define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION
+/* fatal */
+# define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY
+/* fatal */
+# define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR
+# define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
+# define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
+# define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION
+# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+# define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME
+# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+/* fatal */
+# define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY
+/* fatal */
+# define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK
+
+# define SSL_ERROR_NONE 0
+# define SSL_ERROR_SSL 1
+# define SSL_ERROR_WANT_READ 2
+# define SSL_ERROR_WANT_WRITE 3
+# define SSL_ERROR_WANT_X509_LOOKUP 4
+# define SSL_ERROR_SYSCALL 5/* look at error stack/return
+ * value/errno */
+# define SSL_ERROR_ZERO_RETURN 6
+# define SSL_ERROR_WANT_CONNECT 7
+# define SSL_ERROR_WANT_ACCEPT 8
+
+# define SSL_CTRL_NEED_TMP_RSA 1
+# define SSL_CTRL_SET_TMP_RSA 2
+# define SSL_CTRL_SET_TMP_DH 3
+# define SSL_CTRL_SET_TMP_ECDH 4
+# define SSL_CTRL_SET_TMP_RSA_CB 5
+# define SSL_CTRL_SET_TMP_DH_CB 6
+# define SSL_CTRL_SET_TMP_ECDH_CB 7
+
+# define SSL_CTRL_GET_SESSION_REUSED 8
+# define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
+# define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
+# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
+# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
+# define SSL_CTRL_GET_FLAGS 13
+# define SSL_CTRL_EXTRA_CHAIN_CERT 14
+
+# define SSL_CTRL_SET_MSG_CALLBACK 15
+# define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
+
+/* only applies to datagram connections */
+# define SSL_CTRL_SET_MTU 17
+/* Stats */
+# define SSL_CTRL_SESS_NUMBER 20
+# define SSL_CTRL_SESS_CONNECT 21
+# define SSL_CTRL_SESS_CONNECT_GOOD 22
+# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
+# define SSL_CTRL_SESS_ACCEPT 24
+# define SSL_CTRL_SESS_ACCEPT_GOOD 25
+# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
+# define SSL_CTRL_SESS_HIT 27
+# define SSL_CTRL_SESS_CB_HIT 28
+# define SSL_CTRL_SESS_MISSES 29
+# define SSL_CTRL_SESS_TIMEOUTS 30
+# define SSL_CTRL_SESS_CACHE_FULL 31
+# define SSL_CTRL_OPTIONS 32
+# define SSL_CTRL_MODE 33
+
+# define SSL_CTRL_GET_READ_AHEAD 40
+# define SSL_CTRL_SET_READ_AHEAD 41
+# define SSL_CTRL_SET_SESS_CACHE_SIZE 42
+# define SSL_CTRL_GET_SESS_CACHE_SIZE 43
+# define SSL_CTRL_SET_SESS_CACHE_MODE 44
+# define SSL_CTRL_GET_SESS_CACHE_MODE 45
+
+# define SSL_CTRL_GET_MAX_CERT_LIST 50
+# define SSL_CTRL_SET_MAX_CERT_LIST 51
+
+/* see tls1.h for macros based on these */
+# ifndef OPENSSL_NO_TLSEXT
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54
+# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55
+# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56
+# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57
+# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59
+
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71
+
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72
+# endif
+
+# define DTLS_CTRL_GET_TIMEOUT 73
+# define DTLS_CTRL_HANDLE_TIMEOUT 74
+# define DTLS_CTRL_LISTEN 75
+
+# define SSL_CTRL_GET_RI_SUPPORT 76
+# define SSL_CTRL_CLEAR_OPTIONS 77
+# define SSL_CTRL_CLEAR_MODE 78
+
+# define SSL_CTRL_CHECK_PROTO_VERSION 119
+
+# define DTLSv1_get_timeout(ssl, arg) \
+ SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
+# define DTLSv1_handle_timeout(ssl) \
+ SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
+# define DTLSv1_listen(ssl, peer) \
+ SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
+
+# define SSL_session_reused(ssl) \
+ SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
+# define SSL_num_renegotiations(ssl) \
+ SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_clear_num_renegotiations(ssl) \
+ SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_total_renegotiations(ssl) \
+ SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
+
+# define SSL_CTX_need_tmp_RSA(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
+# define SSL_CTX_set_tmp_rsa(ctx,rsa) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
+# define SSL_CTX_set_tmp_dh(ctx,dh) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
+
+# define SSL_need_tmp_RSA(ssl) \
+ SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
+# define SSL_set_tmp_rsa(ssl,rsa) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
+# define SSL_set_tmp_dh(ssl,dh) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+# define SSL_set_tmp_ecdh(ssl,ecdh) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
+
+# define SSL_CTX_add_extra_chain_cert(ctx,x509) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+
+# ifndef OPENSSL_NO_BIO
+BIO_METHOD *BIO_f_ssl(void);
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+void BIO_ssl_shutdown(BIO *ssl_bio);
+
+# endif
+
+int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
+SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
+void SSL_CTX_free(SSL_CTX *);
+long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+long SSL_CTX_get_timeout(const SSL_CTX *ctx);
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
+void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
+int SSL_want(const SSL *s);
+int SSL_clear(SSL *s);
+
+void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+
+SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
+char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
+const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
+
+int SSL_get_fd(const SSL *s);
+int SSL_get_rfd(const SSL *s);
+int SSL_get_wfd(const SSL *s);
+const char *SSL_get_cipher_list(const SSL *s, int n);
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
+int SSL_get_read_ahead(const SSL *s);
+int SSL_pending(const SSL *s);
+# ifndef OPENSSL_NO_SOCK
+int SSL_set_fd(SSL *s, int fd);
+int SSL_set_rfd(SSL *s, int fd);
+int SSL_set_wfd(SSL *s, int fd);
+# endif
+# ifndef OPENSSL_NO_BIO
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
+BIO *SSL_get_rbio(const SSL *s);
+BIO *SSL_get_wbio(const SSL *s);
+# endif
+int SSL_set_cipher_list(SSL *s, const char *str);
+void SSL_set_read_ahead(SSL *s, int yes);
+int SSL_get_verify_mode(const SSL *s);
+int SSL_get_verify_depth(const SSL *s);
+int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *);
+void SSL_set_verify(SSL *s, int mode,
+ int (*callback) (int ok, X509_STORE_CTX *ctx));
+void SSL_set_verify_depth(SSL *s, int depth);
+# ifndef OPENSSL_NO_RSA
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+# endif
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
+ long len);
+int SSL_use_certificate(SSL *ssl, X509 *x);
+int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
+
+# ifndef OPENSSL_NO_STDIO
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+/* PEM type */
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+ const char *file);
+# ifndef OPENSSL_SYS_VMS
+/* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
+# ifndef OPENSSL_SYS_MACINTOSH_CLASSIC
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+ const char *dir);
+# endif
+# endif
+
+# endif
+
+void SSL_load_error_strings(void);
+const char *SSL_state_string(const SSL *s);
+const char *SSL_rstate_string(const SSL *s);
+const char *SSL_state_string_long(const SSL *s);
+const char *SSL_rstate_string_long(const SSL *s);
+long SSL_SESSION_get_time(const SSL_SESSION *s);
+long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+void SSL_copy_session_id(SSL *to, const SSL *from);
+
+SSL_SESSION *SSL_SESSION_new(void);
+unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
+int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+ unsigned int *len);
+# ifndef OPENSSL_NO_FP_API
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
+# endif
+# ifndef OPENSSL_NO_BIO
+int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
+# endif
+void SSL_SESSION_free(SSL_SESSION *ses);
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+int SSL_set_session(SSL *to, SSL_SESSION *session);
+int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
+int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
+int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
+int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+ unsigned int id_len);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+ long length);
+
+# ifdef HEADER_X509_H
+X509 *SSL_get_peer_certificate(const SSL *s);
+# endif
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
+
+int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int,
+ X509_STORE_CTX *);
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+ int (*callback) (int, X509_STORE_CTX *));
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+ int (*cb) (X509_STORE_CTX *, void *),
+ void *arg);
+# ifndef OPENSSL_NO_RSA
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+# endif
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+ long len);
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
+ const unsigned char *d, long len);
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
+ const unsigned char *d);
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+
+int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+int SSL_check_private_key(const SSL *ctx);
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len);
+
+SSL *SSL_new(SSL_CTX *ctx);
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len);
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
+int SSL_set_purpose(SSL *s, int purpose);
+int SSL_CTX_set_trust(SSL_CTX *s, int trust);
+int SSL_set_trust(SSL *s, int trust);
+
+void SSL_free(SSL *ssl);
+int SSL_accept(SSL *ssl);
+int SSL_connect(SSL *ssl);
+int SSL_read(SSL *ssl, void *buf, int num);
+int SSL_peek(SSL *ssl, void *buf, int num);
+int SSL_write(SSL *ssl, const void *buf, int num);
+long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+long SSL_callback_ctrl(SSL *, int, void (*)(void));
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
+
+int SSL_get_error(const SSL *s, int ret_code);
+const char *SSL_get_version(const SSL *s);
+
+/* This sets the 'default' SSL version that SSL_new() will create */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth);
+
+SSL_METHOD *SSLv2_method(void); /* SSLv2 */
+SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
+SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
+
+SSL_METHOD *SSLv3_method(void); /* SSLv3 */
+SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
+SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
+
+SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
+SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
+SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
+
+SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
+SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
+SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
+
+SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
+SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
+SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
+
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+
+int SSL_do_handshake(SSL *s);
+int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_pending(SSL *s);
+int SSL_shutdown(SSL *s);
+
+SSL_METHOD *SSL_get_ssl_method(SSL *s);
+int SSL_set_ssl_method(SSL *s, SSL_METHOD *method);
+const char *SSL_alert_type_string_long(int value);
+const char *SSL_alert_type_string(int value);
+const char *SSL_alert_desc_string_long(int value);
+const char *SSL_alert_desc_string(int value);
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
+int SSL_add_client_CA(SSL *ssl, X509 *x);
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
+
+void SSL_set_connect_state(SSL *s);
+void SSL_set_accept_state(SSL *s);
+
+long SSL_get_default_timeout(const SSL *s);
+
+int SSL_library_init(void);
+
+char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
+
+SSL *SSL_dup(SSL *ssl);
+
+X509 *SSL_get_certificate(const SSL *ssl);
+/*
+ * EVP_PKEY
+ */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+int SSL_get_quiet_shutdown(const SSL *ssl);
+void SSL_set_shutdown(SSL *ssl, int mode);
+int SSL_get_shutdown(const SSL *ssl);
+int SSL_version(const SSL *ssl);
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+ const char *CApath);
+# define SSL_get0_session SSL_get_session/* just peek at pointer */
+SSL_SESSION *SSL_get_session(const SSL *ssl);
+SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
+SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
+void SSL_set_info_callback(SSL *ssl,
+ void (*cb) (const SSL *ssl, int type, int val));
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
+ int val);
+int SSL_state(const SSL *ssl);
+
+void SSL_set_verify_result(SSL *ssl, long v);
+long SSL_get_verify_result(const SSL *ssl);
+
+int SSL_set_ex_data(SSL *ssl, int idx, void *data);
+void *SSL_get_ex_data(const SSL *ssl, int idx);
+int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
+int SSL_SESSION_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+
+int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
+void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
+int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func);
+
+int SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+# define SSL_CTX_sess_set_cache_size(ctx,t) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
+# define SSL_CTX_sess_get_cache_size(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
+# define SSL_CTX_set_session_cache_mode(ctx,m) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
+# define SSL_CTX_get_session_cache_mode(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
+
+# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
+# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
+# define SSL_CTX_get_read_ahead(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
+# define SSL_CTX_set_read_ahead(ctx,m) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
+# define SSL_CTX_get_max_cert_list(ctx) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_CTX_set_max_cert_list(ctx,m) \
+ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+# define SSL_get_max_cert_list(ssl) \
+ SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_set_max_cert_list(ssl,m) \
+ SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+
+ /* NB: the keylength is only applicable when is_export is true */
+# ifndef OPENSSL_NO_RSA
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
+ RSA *(*cb) (SSL *ssl, int is_export,
+ int keylength));
+
+void SSL_set_tmp_rsa_callback(SSL *ssl,
+ RSA *(*cb) (SSL *ssl, int is_export,
+ int keylength));
+# endif
+# ifndef OPENSSL_NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+ DH *(*dh) (SSL *ssl, int is_export,
+ int keylength));
+void SSL_set_tmp_dh_callback(SSL *ssl,
+ DH *(*dh) (SSL *ssl, int is_export,
+ int keylength));
+# endif
+# ifndef OPENSSL_NO_ECDH
+void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
+ EC_KEY *(*ecdh) (SSL *ssl, int is_export,
+ int keylength));
+void SSL_set_tmp_ecdh_callback(SSL *ssl,
+ EC_KEY *(*ecdh) (SSL *ssl, int is_export,
+ int keylength));
+# endif
+
+# ifndef OPENSSL_NO_COMP
+const COMP_METHOD *SSL_get_current_compression(SSL *s);
+const COMP_METHOD *SSL_get_current_expansion(SSL *s);
+const char *SSL_COMP_get_name(const COMP_METHOD *comp);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+# else
+const void *SSL_get_current_compression(SSL *s);
+const void *SSL_get_current_expansion(SSL *s);
+const char *SSL_COMP_get_name(const void *comp);
+void *SSL_COMP_get_compression_methods(void);
+int SSL_COMP_add_compression_method(int id, void *cm);
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_SSL_strings(void);
+
+/* Error codes for the SSL functions. */
+
+/* Function codes. */
+# define SSL_F_CLIENT_CERTIFICATE 100
+# define SSL_F_CLIENT_FINISHED 167
+# define SSL_F_CLIENT_HELLO 101
+# define SSL_F_CLIENT_MASTER_KEY 102
+# define SSL_F_D2I_SSL_SESSION 103
+# define SSL_F_DO_DTLS1_WRITE 245
+# define SSL_F_DO_SSL3_WRITE 104
+# define SSL_F_DTLS1_ACCEPT 246
+# define SSL_F_DTLS1_ADD_CERT_TO_BUF 280
+# define SSL_F_DTLS1_BUFFER_RECORD 247
+# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 293
+# define SSL_F_DTLS1_CLIENT_HELLO 248
+# define SSL_F_DTLS1_CONNECT 249
+# define SSL_F_DTLS1_ENC 250
+# define SSL_F_DTLS1_GET_HELLO_VERIFY 251
+# define SSL_F_DTLS1_GET_MESSAGE 252
+# define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
+# define SSL_F_DTLS1_GET_RECORD 254
+# define SSL_F_DTLS1_HANDLE_TIMEOUT 282
+# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
+# define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277
+# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
+# define SSL_F_DTLS1_PROCESS_RECORD 257
+# define SSL_F_DTLS1_READ_BYTES 258
+# define SSL_F_DTLS1_READ_FAILED 259
+# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
+# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
+# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
+# define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
+# define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
+# define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265
+# define SSL_F_DTLS1_SEND_SERVER_HELLO 266
+# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
+# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
+# define SSL_F_GET_CLIENT_FINISHED 105
+# define SSL_F_GET_CLIENT_HELLO 106
+# define SSL_F_GET_CLIENT_MASTER_KEY 107
+# define SSL_F_GET_SERVER_FINISHED 108
+# define SSL_F_GET_SERVER_HELLO 109
+# define SSL_F_GET_SERVER_VERIFY 110
+# define SSL_F_I2D_SSL_SESSION 111
+# define SSL_F_READ_N 112
+# define SSL_F_REQUEST_CERTIFICATE 113
+# define SSL_F_SERVER_FINISH 239
+# define SSL_F_SERVER_HELLO 114
+# define SSL_F_SERVER_VERIFY 240
+# define SSL_F_SSL23_ACCEPT 115
+# define SSL_F_SSL23_CLIENT_HELLO 116
+# define SSL_F_SSL23_CONNECT 117
+# define SSL_F_SSL23_GET_CLIENT_HELLO 118
+# define SSL_F_SSL23_GET_SERVER_HELLO 119
+# define SSL_F_SSL23_PEEK 237
+# define SSL_F_SSL23_READ 120
+# define SSL_F_SSL23_WRITE 121
+# define SSL_F_SSL2_ACCEPT 122
+# define SSL_F_SSL2_CONNECT 123
+# define SSL_F_SSL2_ENC_INIT 124
+# define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
+# define SSL_F_SSL2_PEEK 234
+# define SSL_F_SSL2_READ 125
+# define SSL_F_SSL2_READ_INTERNAL 236
+# define SSL_F_SSL2_SET_CERTIFICATE 126
+# define SSL_F_SSL2_WRITE 127
+# define SSL_F_SSL3_ACCEPT 128
+# define SSL_F_SSL3_ADD_CERT_TO_BUF 281
+# define SSL_F_SSL3_CALLBACK_CTRL 233
+# define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
+# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
+# define SSL_F_SSL3_CHECK_CLIENT_HELLO 292
+# define SSL_F_SSL3_CLIENT_HELLO 131
+# define SSL_F_SSL3_CONNECT 132
+# define SSL_F_SSL3_CTRL 213
+# define SSL_F_SSL3_CTX_CTRL 133
+# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 279
+# define SSL_F_SSL3_ENC 134
+# define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
+# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
+# define SSL_F_SSL3_GET_CERT_STATUS 288
+# define SSL_F_SSL3_GET_CERT_VERIFY 136
+# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
+# define SSL_F_SSL3_GET_CLIENT_HELLO 138
+# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
+# define SSL_F_SSL3_GET_FINISHED 140
+# define SSL_F_SSL3_GET_KEY_EXCHANGE 141
+# define SSL_F_SSL3_GET_MESSAGE 142
+# define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283
+# define SSL_F_SSL3_GET_RECORD 143
+# define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
+# define SSL_F_SSL3_GET_SERVER_DONE 145
+# define SSL_F_SSL3_GET_SERVER_HELLO 146
+# define SSL_F_SSL3_NEW_SESSION_TICKET 284
+# define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
+# define SSL_F_SSL3_PEEK 235
+# define SSL_F_SSL3_READ_BYTES 148
+# define SSL_F_SSL3_READ_N 149
+# define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
+# define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
+# define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
+# define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
+# define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
+# define SSL_F_SSL3_SEND_SERVER_HELLO 242
+# define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
+# define SSL_F_SSL3_SETUP_BUFFERS 156
+# define SSL_F_SSL3_SETUP_KEY_BLOCK 157
+# define SSL_F_SSL3_WRITE_BYTES 158
+# define SSL_F_SSL3_WRITE_PENDING 159
+# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 285
+# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 272
+# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
+# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
+# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 286
+# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 273
+# define SSL_F_SSL_BAD_METHOD 160
+# define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
+# define SSL_F_SSL_CERT_DUP 221
+# define SSL_F_SSL_CERT_INST 222
+# define SSL_F_SSL_CERT_INSTANTIATE 214
+# define SSL_F_SSL_CERT_NEW 162
+# define SSL_F_SSL_CHECK_PRIVATE_KEY 163
+# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 274
+# define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
+# define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
+# define SSL_F_SSL_CLEAR 164
+# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
+# define SSL_F_SSL_CREATE_CIPHER_LIST 166
+# define SSL_F_SSL_CTRL 232
+# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
+# define SSL_F_SSL_CTX_NEW 169
+# define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
+# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 278
+# define SSL_F_SSL_CTX_SET_PURPOSE 226
+# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
+# define SSL_F_SSL_CTX_SET_SSL_VERSION 170
+# define SSL_F_SSL_CTX_SET_TRUST 229
+# define SSL_F_SSL_CTX_USE_CERTIFICATE 171
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
+# define SSL_F_SSL_DO_HANDSHAKE 180
+# define SSL_F_SSL_GET_NEW_SESSION 181
+# define SSL_F_SSL_GET_PREV_SESSION 217
+# define SSL_F_SSL_GET_SERVER_SEND_CERT 182
+# define SSL_F_SSL_GET_SERVER_SEND_PKEY 317
+# define SSL_F_SSL_GET_SIGN_PKEY 183
+# define SSL_F_SSL_INIT_WBIO_BUFFER 184
+# define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
+# define SSL_F_SSL_NEW 186
+# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 287
+# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 290
+# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 289
+# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 291
+# define SSL_F_SSL_PEEK 270
+# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 275
+# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 276
+# define SSL_F_SSL_READ 223
+# define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
+# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
+# define SSL_F_SSL_SESSION_NEW 189
+# define SSL_F_SSL_SESSION_PRINT_FP 190
+# define SSL_F_SSL_SESS_CERT_NEW 225
+# define SSL_F_SSL_SET_CERT 191
+# define SSL_F_SSL_SET_CIPHER_LIST 271
+# define SSL_F_SSL_SET_FD 192
+# define SSL_F_SSL_SET_PKEY 193
+# define SSL_F_SSL_SET_PURPOSE 227
+# define SSL_F_SSL_SET_RFD 194
+# define SSL_F_SSL_SET_SESSION 195
+# define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
+# define SSL_F_SSL_SET_TRUST 228
+# define SSL_F_SSL_SET_WFD 196
+# define SSL_F_SSL_SHUTDOWN 224
+# define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
+# define SSL_F_SSL_UNDEFINED_FUNCTION 197
+# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
+# define SSL_F_SSL_USE_CERTIFICATE 198
+# define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
+# define SSL_F_SSL_USE_CERTIFICATE_FILE 200
+# define SSL_F_SSL_USE_PRIVATEKEY 201
+# define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
+# define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
+# define SSL_F_SSL_USE_RSAPRIVATEKEY 204
+# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
+# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
+# define SSL_F_SSL_VERIFY_CERT_CHAIN 207
+# define SSL_F_SSL_WRITE 208
+# define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
+# define SSL_F_TLS1_ENC 210
+# define SSL_F_TLS1_SETUP_KEY_BLOCK 211
+# define SSL_F_WRITE_PENDING 212
+
+/* Reason codes. */
+# define SSL_R_APP_DATA_IN_HANDSHAKE 100
+# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
+# define SSL_R_BAD_ALERT_RECORD 101
+# define SSL_R_BAD_AUTHENTICATION_TYPE 102
+# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
+# define SSL_R_BAD_CHECKSUM 104
+# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
+# define SSL_R_BAD_DECOMPRESSION 107
+# define SSL_R_BAD_DH_G_LENGTH 108
+# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
+# define SSL_R_BAD_DH_P_LENGTH 110
+# define SSL_R_BAD_DIGEST_LENGTH 111
+# define SSL_R_BAD_DSA_SIGNATURE 112
+# define SSL_R_BAD_ECC_CERT 304
+# define SSL_R_BAD_ECDSA_SIGNATURE 305
+# define SSL_R_BAD_ECPOINT 306
+# define SSL_R_BAD_HELLO_REQUEST 105
+# define SSL_R_BAD_LENGTH 271
+# define SSL_R_BAD_MAC_DECODE 113
+# define SSL_R_BAD_MESSAGE_TYPE 114
+# define SSL_R_BAD_PACKET_LENGTH 115
+# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
+# define SSL_R_BAD_RESPONSE_ARGUMENT 117
+# define SSL_R_BAD_RSA_DECRYPT 118
+# define SSL_R_BAD_RSA_ENCRYPT 119
+# define SSL_R_BAD_RSA_E_LENGTH 120
+# define SSL_R_BAD_RSA_MODULUS_LENGTH 121
+# define SSL_R_BAD_RSA_SIGNATURE 122
+# define SSL_R_BAD_SIGNATURE 123
+# define SSL_R_BAD_SSL_FILETYPE 124
+# define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
+# define SSL_R_BAD_STATE 126
+# define SSL_R_BAD_WRITE_RETRY 127
+# define SSL_R_BIO_NOT_SET 128
+# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
+# define SSL_R_BN_LIB 130
+# define SSL_R_CA_DN_LENGTH_MISMATCH 131
+# define SSL_R_CA_DN_TOO_LONG 132
+# define SSL_R_CCS_RECEIVED_EARLY 133
+# define SSL_R_CERTIFICATE_VERIFY_FAILED 134
+# define SSL_R_CERT_LENGTH_MISMATCH 135
+# define SSL_R_CHALLENGE_IS_DIFFERENT 136
+# define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
+# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
+# define SSL_R_CIPHER_TABLE_SRC_ERROR 139
+# define SSL_R_CLIENTHELLO_TLSEXT 157
+# define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
+# define SSL_R_COMPRESSION_FAILURE 141
+# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
+# define SSL_R_COMPRESSION_LIBRARY_ERROR 142
+# define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
+# define SSL_R_CONNECTION_TYPE_NOT_SET 144
+# define SSL_R_COOKIE_MISMATCH 308
+# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
+# define SSL_R_DATA_LENGTH_TOO_LONG 146
+# define SSL_R_DECRYPTION_FAILED 147
+# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
+# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
+# define SSL_R_DIGEST_CHECK_FAILED 149
+# define SSL_R_DTLS_MESSAGE_TOO_BIG 318
+# define SSL_R_DUPLICATE_COMPRESSION_ID 309
+# define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
+# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
+# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
+# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
+# define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
+# define SSL_R_EXTRA_DATA_IN_MESSAGE 153
+# define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
+# define SSL_R_HTTPS_PROXY_REQUEST 155
+# define SSL_R_HTTP_REQUEST 156
+# define SSL_R_ILLEGAL_PADDING 283
+# define SSL_R_INAPPROPRIATE_FALLBACK 373
+# define SSL_R_INVALID_CHALLENGE_LENGTH 158
+# define SSL_R_INVALID_COMMAND 280
+# define SSL_R_INVALID_PURPOSE 278
+# define SSL_R_INVALID_STATUS_RESPONSE 316
+# define SSL_R_INVALID_TICKET_KEYS_LENGTH 275
+# define SSL_R_INVALID_TRUST 279
+# define SSL_R_KEY_ARG_TOO_LONG 284
+# define SSL_R_KRB5 285
+# define SSL_R_KRB5_C_CC_PRINC 286
+# define SSL_R_KRB5_C_GET_CRED 287
+# define SSL_R_KRB5_C_INIT 288
+# define SSL_R_KRB5_C_MK_REQ 289
+# define SSL_R_KRB5_S_BAD_TICKET 290
+# define SSL_R_KRB5_S_INIT 291
+# define SSL_R_KRB5_S_RD_REQ 292
+# define SSL_R_KRB5_S_TKT_EXPIRED 293
+# define SSL_R_KRB5_S_TKT_NYV 294
+# define SSL_R_KRB5_S_TKT_SKEW 295
+# define SSL_R_LENGTH_MISMATCH 159
+# define SSL_R_LENGTH_TOO_SHORT 160
+# define SSL_R_LIBRARY_BUG 274
+# define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
+# define SSL_R_MESSAGE_TOO_LONG 296
+# define SSL_R_MISSING_DH_DSA_CERT 162
+# define SSL_R_MISSING_DH_KEY 163
+# define SSL_R_MISSING_DH_RSA_CERT 164
+# define SSL_R_MISSING_DSA_SIGNING_CERT 165
+# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
+# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
+# define SSL_R_MISSING_RSA_CERTIFICATE 168
+# define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
+# define SSL_R_MISSING_RSA_SIGNING_CERT 170
+# define SSL_R_MISSING_TMP_DH_KEY 171
+# define SSL_R_MISSING_TMP_ECDH_KEY 311
+# define SSL_R_MISSING_TMP_RSA_KEY 172
+# define SSL_R_MISSING_TMP_RSA_PKEY 173
+# define SSL_R_MISSING_VERIFY_MESSAGE 174
+# define SSL_R_MULTIPLE_SGC_RESTARTS 325
+# define SSL_R_NON_SSLV2_INITIAL_PACKET 175
+# define SSL_R_NO_CERTIFICATES_RETURNED 176
+# define SSL_R_NO_CERTIFICATE_ASSIGNED 177
+# define SSL_R_NO_CERTIFICATE_RETURNED 178
+# define SSL_R_NO_CERTIFICATE_SET 179
+# define SSL_R_NO_CERTIFICATE_SPECIFIED 180
+# define SSL_R_NO_CIPHERS_AVAILABLE 181
+# define SSL_R_NO_CIPHERS_PASSED 182
+# define SSL_R_NO_CIPHERS_SPECIFIED 183
+# define SSL_R_NO_CIPHER_LIST 184
+# define SSL_R_NO_CIPHER_MATCH 185
+# define SSL_R_NO_CLIENT_CERT_METHOD 317
+# define SSL_R_NO_CLIENT_CERT_RECEIVED 186
+# define SSL_R_NO_COMPRESSION_SPECIFIED 187
+# define SSL_R_NO_METHOD_SPECIFIED 188
+# define SSL_R_NO_PRIVATEKEY 189
+# define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
+# define SSL_R_NO_PROTOCOLS_AVAILABLE 191
+# define SSL_R_NO_PUBLICKEY 192
+# define SSL_R_NO_RENEGOTIATION 319
+# define SSL_R_NO_SHARED_CIPHER 193
+# define SSL_R_NO_VERIFY_CALLBACK 194
+# define SSL_R_NULL_SSL_CTX 195
+# define SSL_R_NULL_SSL_METHOD_PASSED 196
+# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
+# define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
+# define SSL_R_PACKET_LENGTH_TOO_LONG 198
+# define SSL_R_PARSE_TLSEXT 223
+# define SSL_R_PATH_TOO_LONG 270
+# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
+# define SSL_R_PEER_ERROR 200
+# define SSL_R_PEER_ERROR_CERTIFICATE 201
+# define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
+# define SSL_R_PEER_ERROR_NO_CIPHER 203
+# define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
+# define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
+# define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
+# define SSL_R_PROTOCOL_IS_SHUTDOWN 207
+# define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
+# define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
+# define SSL_R_PUBLIC_KEY_NOT_RSA 210
+# define SSL_R_READ_BIO_NOT_SET 211
+# define SSL_R_READ_TIMEOUT_EXPIRED 312
+# define SSL_R_READ_WRONG_PACKET_TYPE 212
+# define SSL_R_RECORD_LENGTH_MISMATCH 213
+# define SSL_R_RECORD_TOO_LARGE 214
+# define SSL_R_RECORD_TOO_SMALL 298
+# define SSL_R_RENEGOTIATE_EXT_TOO_LONG 320
+# define SSL_R_RENEGOTIATION_ENCODING_ERR 321
+# define SSL_R_RENEGOTIATION_MISMATCH 322
+# define SSL_R_REQUIRED_CIPHER_MISSING 215
+# define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
+# define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
+# define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
+# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 324
+# define SSL_R_SERVERHELLO_TLSEXT 224
+# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
+# define SSL_R_SHORT_READ 219
+# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
+# define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
+# define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME 225
+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 226
+# define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
+# define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
+# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
+# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
+# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
+# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
+# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
+# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
+# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
+# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
+# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
+# define SSL_R_SSL_HANDSHAKE_FAILURE 229
+# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
+# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
+# define SSL_R_SSL_SESSION_ID_CONFLICT 302
+# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
+# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
+# define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
+# define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
+# define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
+# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
+# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
+# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
+# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
+# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
+# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
+# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
+# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
+# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
+# define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
+# define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
+# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
+# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
+# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
+# define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
+# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
+# define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
+# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 227
+# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
+# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
+# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
+# define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
+# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
+# define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
+# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
+# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
+# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
+# define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
+# define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
+# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
+# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
+# define SSL_R_UNEXPECTED_MESSAGE 244
+# define SSL_R_UNEXPECTED_RECORD 245
+# define SSL_R_UNINITIALIZED 276
+# define SSL_R_UNKNOWN_ALERT_TYPE 246
+# define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
+# define SSL_R_UNKNOWN_CIPHER_RETURNED 248
+# define SSL_R_UNKNOWN_CIPHER_TYPE 249
+# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
+# define SSL_R_UNKNOWN_PKEY_TYPE 251
+# define SSL_R_UNKNOWN_PROTOCOL 252
+# define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
+# define SSL_R_UNKNOWN_SSL_VERSION 254
+# define SSL_R_UNKNOWN_STATE 255
+# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 323
+# define SSL_R_UNSUPPORTED_CIPHER 256
+# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
+# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
+# define SSL_R_UNSUPPORTED_PROTOCOL 258
+# define SSL_R_UNSUPPORTED_SSL_VERSION 259
+# define SSL_R_UNSUPPORTED_STATUS_TYPE 329
+# define SSL_R_WRITE_BIO_NOT_SET 260
+# define SSL_R_WRONG_CIPHER_RETURNED 261
+# define SSL_R_WRONG_MESSAGE_TYPE 262
+# define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
+# define SSL_R_WRONG_SIGNATURE_LENGTH 264
+# define SSL_R_WRONG_SIGNATURE_SIZE 265
+# define SSL_R_WRONG_SSL_VERSION 266
+# define SSL_R_WRONG_VERSION_NUMBER 267
+# define SSL_R_X509_LIB 268
+# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl2.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl2.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl2.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,268 +0,0 @@
-/* ssl/ssl2.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL2_H
-#define HEADER_SSL2_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Protocol Version Codes */
-#define SSL2_VERSION 0x0002
-#define SSL2_VERSION_MAJOR 0x00
-#define SSL2_VERSION_MINOR 0x02
-/* #define SSL2_CLIENT_VERSION 0x0002 */
-/* #define SSL2_SERVER_VERSION 0x0002 */
-
-/* Protocol Message Codes */
-#define SSL2_MT_ERROR 0
-#define SSL2_MT_CLIENT_HELLO 1
-#define SSL2_MT_CLIENT_MASTER_KEY 2
-#define SSL2_MT_CLIENT_FINISHED 3
-#define SSL2_MT_SERVER_HELLO 4
-#define SSL2_MT_SERVER_VERIFY 5
-#define SSL2_MT_SERVER_FINISHED 6
-#define SSL2_MT_REQUEST_CERTIFICATE 7
-#define SSL2_MT_CLIENT_CERTIFICATE 8
-
-/* Error Message Codes */
-#define SSL2_PE_UNDEFINED_ERROR 0x0000
-#define SSL2_PE_NO_CIPHER 0x0001
-#define SSL2_PE_NO_CERTIFICATE 0x0002
-#define SSL2_PE_BAD_CERTIFICATE 0x0004
-#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
-
-/* Cipher Kind Values */
-#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */
-#define SSL2_CK_RC4_128_WITH_MD5 0x02010080
-#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
-#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
-#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
-#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
-#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
-#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */
-#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
-#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */
-#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */
-
-#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */
-#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */
-
-#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
-#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
-#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
-#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
-#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
-#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
-#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
-#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
-#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
-#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
-
-#define SSL2_TXT_NULL "NULL"
-
-/* Flags for the SSL_CIPHER.algorithm2 field */
-#define SSL2_CF_5_BYTE_ENC 0x01
-#define SSL2_CF_8_BYTE_ENC 0x02
-
-/* Certificate Type Codes */
-#define SSL2_CT_X509_CERTIFICATE 0x01
-
-/* Authentication Type Code */
-#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
-
-#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
-
-/* Upper/Lower Bounds */
-#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
-#ifdef OPENSSL_SYS_MPE
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
-#else
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
-#endif
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
-
-#define SSL2_CHALLENGE_LENGTH 16
-/*#define SSL2_CHALLENGE_LENGTH 32 */
-#define SSL2_MIN_CHALLENGE_LENGTH 16
-#define SSL2_MAX_CHALLENGE_LENGTH 32
-#define SSL2_CONNECTION_ID_LENGTH 16
-#define SSL2_MAX_CONNECTION_ID_LENGTH 16
-#define SSL2_SSL_SESSION_ID_LENGTH 16
-#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
-#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
-#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
-
-#ifndef HEADER_SSL_LOCL_H
-#define CERT char
-#endif
-
-typedef struct ssl2_state_st
- {
- int three_byte_header;
- int clear_text; /* clear text */
- int escape; /* not used in SSLv2 */
- int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */
-
- /* non-blocking io info, used to make sure the same
- * args were passwd */
- unsigned int wnum; /* number of bytes sent so far */
- int wpend_tot;
- const unsigned char *wpend_buf;
-
- int wpend_off; /* offset to data to write */
- int wpend_len; /* number of bytes passwd to write */
- int wpend_ret; /* number of bytes to return to caller */
-
- /* buffer raw data */
- int rbuf_left;
- int rbuf_offs;
- unsigned char *rbuf;
- unsigned char *wbuf;
-
- unsigned char *write_ptr;/* used to point to the start due to
- * 2/3 byte header. */
-
- unsigned int padding;
- unsigned int rlength; /* passed to ssl2_enc */
- int ract_data_length; /* Set when things are encrypted. */
- unsigned int wlength; /* passed to ssl2_enc */
- int wact_data_length; /* Set when things are decrypted. */
- unsigned char *ract_data;
- unsigned char *wact_data;
- unsigned char *mac_data;
-
- unsigned char *read_key;
- unsigned char *write_key;
-
- /* Stuff specifically to do with this SSL session */
- unsigned int challenge_length;
- unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
- unsigned int conn_id_length;
- unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
- unsigned int key_material_length;
- unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
-
- unsigned long read_sequence;
- unsigned long write_sequence;
-
- struct {
- unsigned int conn_id_length;
- unsigned int cert_type;
- unsigned int cert_length;
- unsigned int csl;
- unsigned int clear;
- unsigned int enc;
- unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
- unsigned int cipher_spec_length;
- unsigned int session_id_length;
- unsigned int clen;
- unsigned int rlen;
- } tmp;
- } SSL2_STATE;
-
-/* SSLv2 */
-/* client */
-#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT)
-#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT)
-#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT)
-/* server */
-#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT)
-#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT)
-#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT)
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl2.h (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl2.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl2.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl2.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,261 @@
+/* ssl/ssl2.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SSL2_H
+# define HEADER_SSL2_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Protocol Version Codes */
+# define SSL2_VERSION 0x0002
+# define SSL2_VERSION_MAJOR 0x00
+# define SSL2_VERSION_MINOR 0x02
+/* #define SSL2_CLIENT_VERSION 0x0002 */
+/* #define SSL2_SERVER_VERSION 0x0002 */
+
+/* Protocol Message Codes */
+# define SSL2_MT_ERROR 0
+# define SSL2_MT_CLIENT_HELLO 1
+# define SSL2_MT_CLIENT_MASTER_KEY 2
+# define SSL2_MT_CLIENT_FINISHED 3
+# define SSL2_MT_SERVER_HELLO 4
+# define SSL2_MT_SERVER_VERIFY 5
+# define SSL2_MT_SERVER_FINISHED 6
+# define SSL2_MT_REQUEST_CERTIFICATE 7
+# define SSL2_MT_CLIENT_CERTIFICATE 8
+
+/* Error Message Codes */
+# define SSL2_PE_UNDEFINED_ERROR 0x0000
+# define SSL2_PE_NO_CIPHER 0x0001
+# define SSL2_PE_NO_CERTIFICATE 0x0002
+# define SSL2_PE_BAD_CERTIFICATE 0x0004
+# define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
+
+/* Cipher Kind Values */
+# define SSL2_CK_NULL_WITH_MD5 0x02000000/* v3 */
+# define SSL2_CK_RC4_128_WITH_MD5 0x02010080
+# define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
+# define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
+# define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
+# define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
+# define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
+# define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140/* v3 */
+# define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
+# define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0/* v3 */
+# define SSL2_CK_RC4_64_WITH_MD5 0x02080080/* MS hack */
+
+# define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800/* SSLeay */
+# define SSL2_CK_NULL 0x02ff0810/* SSLeay */
+
+# define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
+# define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
+# define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
+# define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
+# define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
+# define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
+# define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
+# define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
+# define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
+# define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
+# define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
+# define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
+
+# define SSL2_TXT_NULL "NULL"
+
+/* Flags for the SSL_CIPHER.algorithm2 field */
+# define SSL2_CF_5_BYTE_ENC 0x01
+# define SSL2_CF_8_BYTE_ENC 0x02
+
+/* Certificate Type Codes */
+# define SSL2_CT_X509_CERTIFICATE 0x01
+
+/* Authentication Type Code */
+# define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
+
+# define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
+
+/* Upper/Lower Bounds */
+# define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
+# ifdef OPENSSL_SYS_MPE
+# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
+# else
+# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u
+ /* 2^15-1 */
+# endif
+# define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383/* 2^14-1 */
+
+# define SSL2_CHALLENGE_LENGTH 16
+/*
+ * #define SSL2_CHALLENGE_LENGTH 32
+ */
+# define SSL2_MIN_CHALLENGE_LENGTH 16
+# define SSL2_MAX_CHALLENGE_LENGTH 32
+# define SSL2_CONNECTION_ID_LENGTH 16
+# define SSL2_MAX_CONNECTION_ID_LENGTH 16
+# define SSL2_SSL_SESSION_ID_LENGTH 16
+# define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
+# define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
+# define SSL2_MAX_KEY_MATERIAL_LENGTH 24
+
+# ifndef HEADER_SSL_LOCL_H
+# define CERT char
+# endif
+
+typedef struct ssl2_state_st {
+ int three_byte_header;
+ int clear_text; /* clear text */
+ int escape; /* not used in SSLv2 */
+ int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */
+ /*
+ * non-blocking io info, used to make sure the same args were passwd
+ */
+ unsigned int wnum; /* number of bytes sent so far */
+ int wpend_tot;
+ const unsigned char *wpend_buf;
+ int wpend_off; /* offset to data to write */
+ int wpend_len; /* number of bytes passwd to write */
+ int wpend_ret; /* number of bytes to return to caller */
+ /* buffer raw data */
+ int rbuf_left;
+ int rbuf_offs;
+ unsigned char *rbuf;
+ unsigned char *wbuf;
+ unsigned char *write_ptr; /* used to point to the start due to 2/3 byte
+ * header. */
+ unsigned int padding;
+ unsigned int rlength; /* passed to ssl2_enc */
+ int ract_data_length; /* Set when things are encrypted. */
+ unsigned int wlength; /* passed to ssl2_enc */
+ int wact_data_length; /* Set when things are decrypted. */
+ unsigned char *ract_data;
+ unsigned char *wact_data;
+ unsigned char *mac_data;
+ unsigned char *read_key;
+ unsigned char *write_key;
+ /* Stuff specifically to do with this SSL session */
+ unsigned int challenge_length;
+ unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
+ unsigned int conn_id_length;
+ unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
+ unsigned int key_material_length;
+ unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH * 2];
+ unsigned long read_sequence;
+ unsigned long write_sequence;
+ struct {
+ unsigned int conn_id_length;
+ unsigned int cert_type;
+ unsigned int cert_length;
+ unsigned int csl;
+ unsigned int clear;
+ unsigned int enc;
+ unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
+ unsigned int cipher_spec_length;
+ unsigned int session_id_length;
+ unsigned int clen;
+ unsigned int rlen;
+ } tmp;
+} SSL2_STATE;
+
+/* SSLv2 */
+/* client */
+# define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)
+# define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT)
+# define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT)
+# define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT)
+# define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT)
+# define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT)
+# define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT)
+# define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT)
+# define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT)
+# define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT)
+# define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT)
+# define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT)
+# define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT)
+# define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT)
+# define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT)
+# define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT)
+# define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT)
+# define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT)
+/* server */
+# define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT)
+# define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT)
+# define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT)
+# define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT)
+# define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT)
+# define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT)
+# define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT)
+# define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT)
+# define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT)
+# define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT)
+# define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT)
+# define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT)
+# define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT)
+# define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT)
+# define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT)
+# define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT)
+# define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT)
+# define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT)
+# define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT)
+# define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT)
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl23.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl23.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl23.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,83 +0,0 @@
-/* ssl/ssl23.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL23_H
-#define HEADER_SSL23_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*client */
-/* write to server */
-#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
-#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
-/* read from server */
-#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
-#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
-
-/* server */
-/* read from client */
-#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
-#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl23.h (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl23.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl23.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl23.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,84 @@
+/* ssl/ssl23.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_SSL23_H
+# define HEADER_SSL23_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * client
+ */
+/* write to server */
+# define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
+# define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
+/* read from server */
+# define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
+# define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
+
+/* server */
+/* read from client */
+# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
+# define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl3.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl3.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl3.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,600 +0,0 @@
-/* ssl/ssl3.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_SSL3_H
-#define HEADER_SSL3_H
-
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-#include <openssl/pq_compat.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Signalling cipher suite value from RFC 5746
- * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV) */
-#define SSL3_CK_SCSV 0x030000FF
-
-/* Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
- * (TLS_FALLBACK_SCSV) */
-#define SSL3_CK_FALLBACK_SCSV 0x03005600
-
-#define SSL3_CK_RSA_NULL_MD5 0x03000001
-#define SSL3_CK_RSA_NULL_SHA 0x03000002
-#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
-#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
-#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
-#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
-#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
-#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
-#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
-#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
-
-#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
-#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
-#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
-#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
-#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
-#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
-
-#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
-#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
-#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
-#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
-#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
-#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
-
-#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
-#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
-#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
-#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
-#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
-
-#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
-#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
-#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
- to remove according to David Hopwood <david.hopwood at zetnet.co.uk>
- of the ietf-tls list */
-#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
-#endif
-
-/* VRS Additional Kerberos5 entries
- */
-#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
-#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
-#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
-#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
-#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
-#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
-#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
-#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
-
-#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
-#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
-#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
-#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
-#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
-#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
-
-#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
-#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
-#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
-#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
-#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
-#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
-
-#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
-#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
-#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
-
-#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
-#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
-#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
-
-#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
-#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
-#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
-
-#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
-#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
-#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
-
-#define SSL3_SSL_SESSION_ID_LENGTH 32
-#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
-
-#define SSL3_MASTER_SECRET_SIZE 48
-#define SSL3_RANDOM_SIZE 32
-#define SSL3_SESSION_ID_SIZE 32
-#define SSL3_RT_HEADER_LENGTH 5
-
-/* Due to MS stuffing up, this can change.... */
-#if defined(OPENSSL_SYS_WIN16) || \
- (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
-#define SSL3_RT_MAX_EXTRA (14000)
-#else
-#define SSL3_RT_MAX_EXTRA (16384)
-#endif
-
-#define SSL3_RT_MAX_PLAIN_LENGTH 16384
-#ifdef OPENSSL_NO_COMP
-#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
-#else
-#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
-#endif
-#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
-#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
-#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
-
-#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
-#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
-
-#define SSL3_VERSION 0x0300
-#define SSL3_VERSION_MAJOR 0x03
-#define SSL3_VERSION_MINOR 0x00
-
-#define SSL3_RT_CHANGE_CIPHER_SPEC 20
-#define SSL3_RT_ALERT 21
-#define SSL3_RT_HANDSHAKE 22
-#define SSL3_RT_APPLICATION_DATA 23
-
-#define SSL3_AL_WARNING 1
-#define SSL3_AL_FATAL 2
-
-#define SSL3_AD_CLOSE_NOTIFY 0
-#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
-#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
-#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
-#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
-#define SSL3_AD_NO_CERTIFICATE 41
-#define SSL3_AD_BAD_CERTIFICATE 42
-#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
-#define SSL3_AD_CERTIFICATE_REVOKED 44
-#define SSL3_AD_CERTIFICATE_EXPIRED 45
-#define SSL3_AD_CERTIFICATE_UNKNOWN 46
-#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
-
-typedef struct ssl3_record_st
- {
-/*r */ int type; /* type of record */
-/*rw*/ unsigned int length; /* How many bytes available */
-/*r */ unsigned int off; /* read/write offset into 'buf' */
-/*rw*/ unsigned char *data; /* pointer to the record data */
-/*rw*/ unsigned char *input; /* where the decode bytes are */
-/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
-/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
-/*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */
- } SSL3_RECORD;
-
-typedef struct ssl3_buffer_st
- {
- unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
- * see ssl3_setup_buffers() */
- size_t len; /* buffer size */
- int offset; /* where to 'copy from' */
- int left; /* how many bytes left */
- } SSL3_BUFFER;
-
-#define SSL3_CT_RSA_SIGN 1
-#define SSL3_CT_DSS_SIGN 2
-#define SSL3_CT_RSA_FIXED_DH 3
-#define SSL3_CT_DSS_FIXED_DH 4
-#define SSL3_CT_RSA_EPHEMERAL_DH 5
-#define SSL3_CT_DSS_EPHEMERAL_DH 6
-#define SSL3_CT_FORTEZZA_DMS 20
-/* SSL3_CT_NUMBER is used to size arrays and it must be large
- * enough to contain all of the cert types defined either for
- * SSLv3 and TLSv1.
- */
-#define SSL3_CT_NUMBER 7
-
-
-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
-#define SSL3_FLAGS_POP_BUFFER 0x0004
-#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
-#define SSL3_FLAGS_CCS_OK 0x0080
-
-/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
- * restart a handshake because of MS SGC and so prevents us
- * from restarting the handshake in a loop. It's reset on a
- * renegotiation, so effectively limits the client to one restart
- * per negotiation. This limits the possibility of a DDoS
- * attack where the client handshakes in a loop using SGC to
- * restart. Servers which permit renegotiation can still be
- * effected, but we can't prevent that.
- */
-#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
-
-typedef struct ssl3_state_st
- {
- long flags;
- int delay_buf_pop_ret;
-
- unsigned char read_sequence[8];
- unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
- unsigned char write_sequence[8];
- unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
-
- unsigned char server_random[SSL3_RANDOM_SIZE];
- unsigned char client_random[SSL3_RANDOM_SIZE];
-
- /* flags for countermeasure against known-IV weakness */
- int need_empty_fragments;
- int empty_fragment_done;
-
- SSL3_BUFFER rbuf; /* read IO goes into here */
- SSL3_BUFFER wbuf; /* write IO goes into here */
-
- SSL3_RECORD rrec; /* each decoded record goes in here */
- SSL3_RECORD wrec; /* goes out from here */
-
- /* storage for Alert/Handshake protocol data received but not
- * yet processed by ssl3_read_bytes: */
- unsigned char alert_fragment[2];
- unsigned int alert_fragment_len;
- unsigned char handshake_fragment[4];
- unsigned int handshake_fragment_len;
-
- /* partial write - check the numbers match */
- unsigned int wnum; /* number of bytes sent so far */
- int wpend_tot; /* number bytes written */
- int wpend_type;
- int wpend_ret; /* number of bytes submitted */
- const unsigned char *wpend_buf;
-
- /* used during startup, digest all incoming/outgoing packets */
- EVP_MD_CTX finish_dgst1;
- EVP_MD_CTX finish_dgst2;
-
- /* this is set whenerver we see a change_cipher_spec message
- * come in when we are not looking for one */
- int change_cipher_spec;
-
- int warn_alert;
- int fatal_alert;
- /* we allow one fatal and one warning alert to be outstanding,
- * send close alert via the warning alert */
- int alert_dispatch;
- unsigned char send_alert[2];
-
- /* This flag is set when we should renegotiate ASAP, basically when
- * there is no more data in the read or write buffers */
- int renegotiate;
- int total_renegotiations;
- int num_renegotiations;
-
- int in_read_app_data;
-
- struct {
- /* actually only needs to be 16+20 */
- unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
-
- /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
- unsigned char finish_md[EVP_MAX_MD_SIZE*2];
- int finish_md_len;
- unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
- int peer_finish_md_len;
-
- unsigned long message_size;
- int message_type;
-
- /* used to hold the new cipher we are going to use */
- SSL_CIPHER *new_cipher;
-#ifndef OPENSSL_NO_DH
- DH *dh;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh; /* holds short lived ECDH key */
-#endif
-
- /* used when SSL_ST_FLUSH_DATA is entered */
- int next_state;
-
- int reuse_message;
-
- /* used for certificate requests */
- int cert_req;
- int ctype_num;
- char ctype[SSL3_CT_NUMBER];
- STACK_OF(X509_NAME) *ca_names;
-
- int use_rsa_tmp;
-
- int key_block_length;
- unsigned char *key_block;
-
- const EVP_CIPHER *new_sym_enc;
- const EVP_MD *new_hash;
-#ifndef OPENSSL_NO_COMP
- const SSL_COMP *new_compression;
-#else
- char *new_compression;
-#endif
- int cert_request;
- } tmp;
-
- /* Connection binding to prevent renegotiation attacks */
- unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
- unsigned char previous_client_finished_len;
- unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
- unsigned char previous_server_finished_len;
- int send_connection_binding; /* TODOEKR */
-
-#ifndef OPENSSL_NO_TLSEXT
-#ifndef OPENSSL_NO_EC
- /* This is set to true if we believe that this is a version of Safari
- * running on OS X 10.6 or newer. We wish to know this because Safari
- * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
- char is_probably_safari;
-#endif /* !OPENSSL_NO_EC */
-#endif /* !OPENSSL_NO_TLSEXT */
- } SSL3_STATE;
-
-
-/* SSLv3 */
-/*client */
-/* extra state */
-#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
-/* write to server */
-#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
-/* write to server */
-#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT)
-
-/* server */
-/* extra state */
-#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
-/* read from client */
-/* Do not change the number values, they do matter */
-#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
-/* write to client */
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
-/* read from client */
-#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
-/* write to client */
-#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)
-
-#define SSL3_MT_HELLO_REQUEST 0
-#define SSL3_MT_CLIENT_HELLO 1
-#define SSL3_MT_SERVER_HELLO 2
-#define SSL3_MT_NEWSESSION_TICKET 4
-#define SSL3_MT_CERTIFICATE 11
-#define SSL3_MT_SERVER_KEY_EXCHANGE 12
-#define SSL3_MT_CERTIFICATE_REQUEST 13
-#define SSL3_MT_SERVER_DONE 14
-#define SSL3_MT_CERTIFICATE_VERIFY 15
-#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
-#define SSL3_MT_FINISHED 20
-#define SSL3_MT_CERTIFICATE_STATUS 22
-#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
-
-
-#define SSL3_MT_CCS 1
-
-/* These are used when changing over to a new cipher */
-#define SSL3_CC_READ 0x01
-#define SSL3_CC_WRITE 0x02
-#define SSL3_CC_CLIENT 0x10
-#define SSL3_CC_SERVER 0x20
-#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
-#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl3.h (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl3.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl3.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl3.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,615 @@
+/* ssl/ssl3.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_SSL3_H
+# define HEADER_SSL3_H
+
+# ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+# endif
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/ssl.h>
+# include <openssl/pq_compat.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Signalling cipher suite value from RFC 5746
+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
+ */
+# define SSL3_CK_SCSV 0x030000FF
+
+/*
+ * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
+ * (TLS_FALLBACK_SCSV)
+ */
+# define SSL3_CK_FALLBACK_SCSV 0x03005600
+
+# define SSL3_CK_RSA_NULL_MD5 0x03000001
+# define SSL3_CK_RSA_NULL_SHA 0x03000002
+# define SSL3_CK_RSA_RC4_40_MD5 0x03000003
+# define SSL3_CK_RSA_RC4_128_MD5 0x03000004
+# define SSL3_CK_RSA_RC4_128_SHA 0x03000005
+# define SSL3_CK_RSA_RC2_40_MD5 0x03000006
+# define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
+# define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
+# define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
+# define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
+
+# define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
+# define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
+# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
+# define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
+# define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
+# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
+
+# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
+# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
+# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
+# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
+# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
+# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
+
+# define SSL3_CK_ADH_RC4_40_MD5 0x03000017
+# define SSL3_CK_ADH_RC4_128_MD5 0x03000018
+# define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
+# define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
+# define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
+
+# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
+# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
+# if 0 /* Because it clashes with KRB5, is never
+ * used any more, and is safe to remove
+ * according to David Hopwood
+ * <david.hopwood at zetnet.co.uk> of the
+ * ietf-tls list */
+# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
+# endif
+
+/*
+ * VRS Additional Kerberos5 entries
+ */
+# define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
+# define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
+# define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
+# define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
+# define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
+# define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
+# define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
+# define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
+
+# define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
+# define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
+# define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
+# define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
+# define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
+# define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
+
+# define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
+# define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
+# define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
+# define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
+# define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
+# define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
+# define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
+# define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
+# define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
+# define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
+
+# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
+
+# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
+
+# define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
+# define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
+# define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
+# define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
+# define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
+
+# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
+# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
+# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
+
+# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
+# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
+# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
+# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
+# define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
+# define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
+# define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
+# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
+
+# define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
+# define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
+# define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
+# define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
+# define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
+# define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
+
+# define SSL3_SSL_SESSION_ID_LENGTH 32
+# define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
+
+# define SSL3_MASTER_SECRET_SIZE 48
+# define SSL3_RANDOM_SIZE 32
+# define SSL3_SESSION_ID_SIZE 32
+# define SSL3_RT_HEADER_LENGTH 5
+
+/* Due to MS stuffing up, this can change.... */
+# if defined(OPENSSL_SYS_WIN16) || \
+ (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
+# define SSL3_RT_MAX_EXTRA (14000)
+# else
+# define SSL3_RT_MAX_EXTRA (16384)
+# endif
+
+# define SSL3_RT_MAX_PLAIN_LENGTH 16384
+# ifdef OPENSSL_NO_COMP
+# define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
+# else
+# define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
+# endif
+# define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
+# define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+# define SSL3_RT_MAX_DATA_SIZE (1024*1024)
+
+# define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
+# define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
+
+# define SSL3_VERSION 0x0300
+# define SSL3_VERSION_MAJOR 0x03
+# define SSL3_VERSION_MINOR 0x00
+
+# define SSL3_RT_CHANGE_CIPHER_SPEC 20
+# define SSL3_RT_ALERT 21
+# define SSL3_RT_HANDSHAKE 22
+# define SSL3_RT_APPLICATION_DATA 23
+
+# define SSL3_AL_WARNING 1
+# define SSL3_AL_FATAL 2
+
+# define SSL3_AD_CLOSE_NOTIFY 0
+# define SSL3_AD_UNEXPECTED_MESSAGE 10/* fatal */
+# define SSL3_AD_BAD_RECORD_MAC 20/* fatal */
+# define SSL3_AD_DECOMPRESSION_FAILURE 30/* fatal */
+# define SSL3_AD_HANDSHAKE_FAILURE 40/* fatal */
+# define SSL3_AD_NO_CERTIFICATE 41
+# define SSL3_AD_BAD_CERTIFICATE 42
+# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
+# define SSL3_AD_CERTIFICATE_REVOKED 44
+# define SSL3_AD_CERTIFICATE_EXPIRED 45
+# define SSL3_AD_CERTIFICATE_UNKNOWN 46
+# define SSL3_AD_ILLEGAL_PARAMETER 47/* fatal */
+
+typedef struct ssl3_record_st {
+ /* type of record */
+ /*
+ * r
+ */ int type;
+ /* How many bytes available */
+ /*
+ * rw
+ */ unsigned int length;
+ /* read/write offset into 'buf' */
+ /*
+ * r
+ */ unsigned int off;
+ /* pointer to the record data */
+ /*
+ * rw
+ */ unsigned char *data;
+ /* where the decode bytes are */
+ /*
+ * rw
+ */ unsigned char *input;
+ /* only used with decompression - malloc()ed */
+ /*
+ * r
+ */ unsigned char *comp;
+ /* epoch number, needed by DTLS1 */
+ /*
+ * r
+ */ unsigned long epoch;
+ /* sequence number, needed by DTLS1 */
+ /*
+ * r
+ */ PQ_64BIT seq_num;
+} SSL3_RECORD;
+
+typedef struct ssl3_buffer_st {
+ /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
+ unsigned char *buf;
+ /* buffer size */
+ size_t len;
+ /* where to 'copy from' */
+ int offset;
+ /* how many bytes left */
+ int left;
+} SSL3_BUFFER;
+
+# define SSL3_CT_RSA_SIGN 1
+# define SSL3_CT_DSS_SIGN 2
+# define SSL3_CT_RSA_FIXED_DH 3
+# define SSL3_CT_DSS_FIXED_DH 4
+# define SSL3_CT_RSA_EPHEMERAL_DH 5
+# define SSL3_CT_DSS_EPHEMERAL_DH 6
+# define SSL3_CT_FORTEZZA_DMS 20
+/*
+ * SSL3_CT_NUMBER is used to size arrays and it must be large enough to
+ * contain all of the cert types defined either for SSLv3 and TLSv1.
+ */
+# define SSL3_CT_NUMBER 7
+
+# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
+# define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
+# define SSL3_FLAGS_POP_BUFFER 0x0004
+# define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
+# define SSL3_FLAGS_CCS_OK 0x0080
+
+/*
+ * SSL3_FLAGS_SGC_RESTART_DONE is set when we restart a handshake because of
+ * MS SGC and so prevents us from restarting the handshake in a loop. It's
+ * reset on a renegotiation, so effectively limits the client to one restart
+ * per negotiation. This limits the possibility of a DDoS attack where the
+ * client handshakes in a loop using SGC to restart. Servers which permit
+ * renegotiation can still be effected, but we can't prevent that.
+ */
+# define SSL3_FLAGS_SGC_RESTART_DONE 0x0040
+
+typedef struct ssl3_state_st {
+ long flags;
+ int delay_buf_pop_ret;
+ unsigned char read_sequence[8];
+ unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
+ unsigned char write_sequence[8];
+ unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+ unsigned char server_random[SSL3_RANDOM_SIZE];
+ unsigned char client_random[SSL3_RANDOM_SIZE];
+ /* flags for countermeasure against known-IV weakness */
+ int need_empty_fragments;
+ int empty_fragment_done;
+ SSL3_BUFFER rbuf; /* read IO goes into here */
+ SSL3_BUFFER wbuf; /* write IO goes into here */
+ SSL3_RECORD rrec; /* each decoded record goes in here */
+ SSL3_RECORD wrec; /* goes out from here */
+ /*
+ * storage for Alert/Handshake protocol data received but not yet
+ * processed by ssl3_read_bytes:
+ */
+ unsigned char alert_fragment[2];
+ unsigned int alert_fragment_len;
+ unsigned char handshake_fragment[4];
+ unsigned int handshake_fragment_len;
+ /* partial write - check the numbers match */
+ unsigned int wnum; /* number of bytes sent so far */
+ int wpend_tot; /* number bytes written */
+ int wpend_type;
+ int wpend_ret; /* number of bytes submitted */
+ const unsigned char *wpend_buf;
+ /* used during startup, digest all incoming/outgoing packets */
+ EVP_MD_CTX finish_dgst1;
+ EVP_MD_CTX finish_dgst2;
+ /*
+ * this is set whenerver we see a change_cipher_spec message come in when
+ * we are not looking for one
+ */
+ int change_cipher_spec;
+ int warn_alert;
+ int fatal_alert;
+ /*
+ * we allow one fatal and one warning alert to be outstanding, send close
+ * alert via the warning alert
+ */
+ int alert_dispatch;
+ unsigned char send_alert[2];
+ /*
+ * This flag is set when we should renegotiate ASAP, basically when there
+ * is no more data in the read or write buffers
+ */
+ int renegotiate;
+ int total_renegotiations;
+ int num_renegotiations;
+ int in_read_app_data;
+ struct {
+ /* actually only needs to be 16+20 */
+ unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2];
+ /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
+ unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
+ int finish_md_len;
+ unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
+ int peer_finish_md_len;
+ unsigned long message_size;
+ int message_type;
+ /* used to hold the new cipher we are going to use */
+ SSL_CIPHER *new_cipher;
+# ifndef OPENSSL_NO_DH
+ DH *dh;
+# endif
+# ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh; /* holds short lived ECDH key */
+# endif
+ /* used when SSL_ST_FLUSH_DATA is entered */
+ int next_state;
+ int reuse_message;
+ /* used for certificate requests */
+ int cert_req;
+ int ctype_num;
+ char ctype[SSL3_CT_NUMBER];
+ STACK_OF(X509_NAME) *ca_names;
+ int use_rsa_tmp;
+ int key_block_length;
+ unsigned char *key_block;
+ const EVP_CIPHER *new_sym_enc;
+ const EVP_MD *new_hash;
+# ifndef OPENSSL_NO_COMP
+ const SSL_COMP *new_compression;
+# else
+ char *new_compression;
+# endif
+ int cert_request;
+ } tmp;
+
+ /* Connection binding to prevent renegotiation attacks */
+ unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+ unsigned char previous_client_finished_len;
+ unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+ unsigned char previous_server_finished_len;
+ int send_connection_binding; /* TODOEKR */
+
+# ifndef OPENSSL_NO_TLSEXT
+# ifndef OPENSSL_NO_EC
+ /*
+ * This is set to true if we believe that this is a version of Safari
+ * running on OS X 10.6 or newer. We wish to know this because Safari on
+ * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
+ */
+ char is_probably_safari;
+# endif /* !OPENSSL_NO_EC */
+# endif /* !OPENSSL_NO_TLSEXT */
+} SSL3_STATE;
+
+/* SSLv3 */
+/*
+ * client
+ */
+/* extra state */
+# define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
+/* write to server */
+# define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
+# define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
+/* read from server */
+# define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
+# define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
+# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
+# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
+# define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
+# define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
+# define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
+# define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)
+# define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)
+# define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
+# define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
+# define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
+/* write to server */
+# define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
+# define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
+# define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
+# define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
+# define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
+# define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
+# define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
+# define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
+# define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
+# define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
+# define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
+# define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
+/* read from server */
+# define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
+# define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
+# define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
+# define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
+# define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT)
+# define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT)
+# define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT)
+# define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT)
+
+/* server */
+/* extra state */
+# define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
+/* read from client */
+/* Do not change the number values, they do matter */
+# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
+/* write to client */
+# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
+# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
+/* read from client */
+# define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
+# define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
+/* write to client */
+# define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT)
+# define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT)
+
+# define SSL3_MT_HELLO_REQUEST 0
+# define SSL3_MT_CLIENT_HELLO 1
+# define SSL3_MT_SERVER_HELLO 2
+# define SSL3_MT_NEWSESSION_TICKET 4
+# define SSL3_MT_CERTIFICATE 11
+# define SSL3_MT_SERVER_KEY_EXCHANGE 12
+# define SSL3_MT_CERTIFICATE_REQUEST 13
+# define SSL3_MT_SERVER_DONE 14
+# define SSL3_MT_CERTIFICATE_VERIFY 15
+# define SSL3_MT_CLIENT_KEY_EXCHANGE 16
+# define SSL3_MT_FINISHED 20
+# define SSL3_MT_CERTIFICATE_STATUS 22
+# define DTLS1_MT_HELLO_VERIFY_REQUEST 3
+
+# define SSL3_MT_CCS 1
+
+/* These are used when changing over to a new cipher */
+# define SSL3_CC_READ 0x01
+# define SSL3_CC_WRITE 0x02
+# define SSL3_CC_CLIENT 0x10
+# define SSL3_CC_SERVER 0x20
+# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
+# define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
+# define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
+# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_algs.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_algs.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_algs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,137 +0,0 @@
-/* ssl/ssl_algs.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/lhash.h>
-#include "ssl_locl.h"
-
-int SSL_library_init(void)
- {
-
-#ifndef OPENSSL_NO_DES
- EVP_add_cipher(EVP_des_cbc());
- EVP_add_cipher(EVP_des_ede3_cbc());
-#endif
-#ifndef OPENSSL_NO_IDEA
- EVP_add_cipher(EVP_idea_cbc());
-#endif
-#ifndef OPENSSL_NO_RC4
- EVP_add_cipher(EVP_rc4());
-#endif
-#ifndef OPENSSL_NO_RC2
- EVP_add_cipher(EVP_rc2_cbc());
-#endif
-#ifndef OPENSSL_NO_AES
- EVP_add_cipher(EVP_aes_128_cbc());
- EVP_add_cipher(EVP_aes_192_cbc());
- EVP_add_cipher(EVP_aes_256_cbc());
-#endif
-
-#ifndef OPENSSL_NO_CAMELLIA
- EVP_add_cipher(EVP_camellia_128_cbc());
- EVP_add_cipher(EVP_camellia_256_cbc());
-#endif
-
-#ifndef OPENSSL_NO_SEED
- EVP_add_cipher(EVP_seed_cbc());
-#endif
-
-#ifndef OPENSSL_NO_MD5
- EVP_add_digest(EVP_md5());
- EVP_add_digest_alias(SN_md5,"ssl2-md5");
- EVP_add_digest_alias(SN_md5,"ssl3-md5");
-#endif
-#ifndef OPENSSL_NO_SHA
- EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
- EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
- EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
-#endif
-#ifndef OPENSSL_NO_SHA256
- EVP_add_digest(EVP_sha224());
- EVP_add_digest(EVP_sha256());
-#endif
-#ifndef OPENSSL_NO_SHA512
- EVP_add_digest(EVP_sha384());
- EVP_add_digest(EVP_sha512());
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
- EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
- EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
- EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
- EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
-#endif
-#ifndef OPENSSL_NO_ECDSA
- EVP_add_digest(EVP_ecdsa());
-#endif
- /* If you want support for phased out ciphers, add the following */
-#if 0
- EVP_add_digest(EVP_sha());
- EVP_add_digest(EVP_dss());
-#endif
-#ifndef OPENSSL_NO_COMP
- /* This will initialise the built-in compression algorithms.
- The value returned is a STACK_OF(SSL_COMP), but that can
- be discarded safely */
- (void)SSL_COMP_get_compression_methods();
-#endif
- /* initialize cipher/digest methods table */
- ssl_load_ciphers();
- return(1);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_algs.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_algs.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_algs.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_algs.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,137 @@
+/* ssl/ssl_algs.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include <openssl/lhash.h>
+#include "ssl_locl.h"
+
+int SSL_library_init(void)
+{
+
+#ifndef OPENSSL_NO_DES
+ EVP_add_cipher(EVP_des_cbc());
+ EVP_add_cipher(EVP_des_ede3_cbc());
+#endif
+#ifndef OPENSSL_NO_IDEA
+ EVP_add_cipher(EVP_idea_cbc());
+#endif
+#ifndef OPENSSL_NO_RC4
+ EVP_add_cipher(EVP_rc4());
+#endif
+#ifndef OPENSSL_NO_RC2
+ EVP_add_cipher(EVP_rc2_cbc());
+#endif
+#ifndef OPENSSL_NO_AES
+ EVP_add_cipher(EVP_aes_128_cbc());
+ EVP_add_cipher(EVP_aes_192_cbc());
+ EVP_add_cipher(EVP_aes_256_cbc());
+#endif
+
+#ifndef OPENSSL_NO_CAMELLIA
+ EVP_add_cipher(EVP_camellia_128_cbc());
+ EVP_add_cipher(EVP_camellia_256_cbc());
+#endif
+
+#ifndef OPENSSL_NO_SEED
+ EVP_add_cipher(EVP_seed_cbc());
+#endif
+
+#ifndef OPENSSL_NO_MD5
+ EVP_add_digest(EVP_md5());
+ EVP_add_digest_alias(SN_md5, "ssl2-md5");
+ EVP_add_digest_alias(SN_md5, "ssl3-md5");
+#endif
+#ifndef OPENSSL_NO_SHA
+ EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
+ EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+ EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+#endif
+#ifndef OPENSSL_NO_SHA256
+ EVP_add_digest(EVP_sha224());
+ EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+ EVP_add_digest(EVP_sha384());
+ EVP_add_digest(EVP_sha512());
+#endif
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
+ EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
+ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
+ EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
+ EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ EVP_add_digest(EVP_ecdsa());
+#endif
+ /* If you want support for phased out ciphers, add the following */
+#if 0
+ EVP_add_digest(EVP_sha());
+ EVP_add_digest(EVP_dss());
+#endif
+#ifndef OPENSSL_NO_COMP
+ /*
+ * This will initialise the built-in compression algorithms. The value
+ * returned is a STACK_OF(SSL_COMP), but that can be discarded safely
+ */
+ (void)SSL_COMP_get_compression_methods();
+#endif
+ /* initialize cipher/digest methods table */
+ ssl_load_ciphers();
+ return (1);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_asn1.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_asn1.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,514 +0,0 @@
-/* ssl/ssl_asn1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "ssl_locl.h"
-#include <openssl/asn1_mac.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-typedef struct ssl_session_asn1_st
- {
- ASN1_INTEGER version;
- ASN1_INTEGER ssl_version;
- ASN1_OCTET_STRING cipher;
- ASN1_OCTET_STRING comp_id;
- ASN1_OCTET_STRING master_key;
- ASN1_OCTET_STRING session_id;
- ASN1_OCTET_STRING session_id_context;
- ASN1_OCTET_STRING key_arg;
-#ifndef OPENSSL_NO_KRB5
- ASN1_OCTET_STRING krb5_princ;
-#endif /* OPENSSL_NO_KRB5 */
- ASN1_INTEGER time;
- ASN1_INTEGER timeout;
- ASN1_INTEGER verify_result;
-#ifndef OPENSSL_NO_TLSEXT
- ASN1_OCTET_STRING tlsext_hostname;
- ASN1_INTEGER tlsext_tick_lifetime;
- ASN1_OCTET_STRING tlsext_tick;
-#endif /* OPENSSL_NO_TLSEXT */
- } SSL_SESSION_ASN1;
-
-int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
- {
-#define LSIZE2 (sizeof(long)*2)
- int v1=0,v2=0,v3=0,v4=0,v5=0;
- unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
- unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
-#ifndef OPENSSL_NO_TLSEXT
- int v6=0,v9=0,v10=0;
- unsigned char ibuf6[LSIZE2];
-#endif
-#ifndef OPENSSL_NO_COMP
- int v11=0;
- unsigned char cbuf;
-#endif
- long l;
- SSL_SESSION_ASN1 a;
- M_ASN1_I2D_vars(in);
-
- if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
- return(0);
-
- /* Note that I cheat in the following 2 assignments. I know
- * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
- * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
- * This is a bit evil but makes things simple, no dynamic allocation
- * to clean up :-) */
- a.version.length=LSIZE2;
- a.version.type=V_ASN1_INTEGER;
- a.version.data=ibuf1;
- ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
-
- a.ssl_version.length=LSIZE2;
- a.ssl_version.type=V_ASN1_INTEGER;
- a.ssl_version.data=ibuf2;
- ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
-
- a.cipher.type=V_ASN1_OCTET_STRING;
- a.cipher.data=buf;
-
- if (in->cipher == NULL)
- l=in->cipher_id;
- else
- l=in->cipher->id;
- if (in->ssl_version == SSL2_VERSION)
- {
- a.cipher.length=3;
- buf[0]=((unsigned char)(l>>16L))&0xff;
- buf[1]=((unsigned char)(l>> 8L))&0xff;
- buf[2]=((unsigned char)(l ))&0xff;
- }
- else
- {
- a.cipher.length=2;
- buf[0]=((unsigned char)(l>>8L))&0xff;
- buf[1]=((unsigned char)(l ))&0xff;
- }
-
-#ifndef OPENSSL_NO_COMP
- if (in->compress_meth)
- {
- cbuf = (unsigned char)in->compress_meth;
- a.comp_id.length = 1;
- a.comp_id.type = V_ASN1_OCTET_STRING;
- a.comp_id.data = &cbuf;
- }
-#endif
-
- a.master_key.length=in->master_key_length;
- a.master_key.type=V_ASN1_OCTET_STRING;
- a.master_key.data=in->master_key;
-
- a.session_id.length=in->session_id_length;
- a.session_id.type=V_ASN1_OCTET_STRING;
- a.session_id.data=in->session_id;
-
- a.session_id_context.length=in->sid_ctx_length;
- a.session_id_context.type=V_ASN1_OCTET_STRING;
- a.session_id_context.data=in->sid_ctx;
-
- a.key_arg.length=in->key_arg_length;
- a.key_arg.type=V_ASN1_OCTET_STRING;
- a.key_arg.data=in->key_arg;
-
-#ifndef OPENSSL_NO_KRB5
- if (in->krb5_client_princ_len)
- {
- a.krb5_princ.length=in->krb5_client_princ_len;
- a.krb5_princ.type=V_ASN1_OCTET_STRING;
- a.krb5_princ.data=in->krb5_client_princ;
- }
-#endif /* OPENSSL_NO_KRB5 */
-
- if (in->time != 0L)
- {
- a.time.length=LSIZE2;
- a.time.type=V_ASN1_INTEGER;
- a.time.data=ibuf3;
- ASN1_INTEGER_set(&(a.time),in->time);
- }
-
- if (in->timeout != 0L)
- {
- a.timeout.length=LSIZE2;
- a.timeout.type=V_ASN1_INTEGER;
- a.timeout.data=ibuf4;
- ASN1_INTEGER_set(&(a.timeout),in->timeout);
- }
-
- if (in->verify_result != X509_V_OK)
- {
- a.verify_result.length=LSIZE2;
- a.verify_result.type=V_ASN1_INTEGER;
- a.verify_result.data=ibuf5;
- ASN1_INTEGER_set(&a.verify_result,in->verify_result);
- }
-
-#ifndef OPENSSL_NO_TLSEXT
- if (in->tlsext_hostname)
- {
- a.tlsext_hostname.length=strlen(in->tlsext_hostname);
- a.tlsext_hostname.type=V_ASN1_OCTET_STRING;
- a.tlsext_hostname.data=(unsigned char *)in->tlsext_hostname;
- }
- if (in->tlsext_tick)
- {
- a.tlsext_tick.length= in->tlsext_ticklen;
- a.tlsext_tick.type=V_ASN1_OCTET_STRING;
- a.tlsext_tick.data=(unsigned char *)in->tlsext_tick;
- }
- if (in->tlsext_tick_lifetime_hint > 0)
- {
- a.tlsext_tick_lifetime.length=LSIZE2;
- a.tlsext_tick_lifetime.type=V_ASN1_INTEGER;
- a.tlsext_tick_lifetime.data=ibuf6;
- ASN1_INTEGER_set(&a.tlsext_tick_lifetime,in->tlsext_tick_lifetime_hint);
- }
-#endif /* OPENSSL_NO_TLSEXT */
- M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
- M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
- M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
-#ifndef OPENSSL_NO_KRB5
- if (in->krb5_client_princ_len)
- M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
-#endif /* OPENSSL_NO_KRB5 */
- if (in->key_arg_length > 0)
- M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
- if (in->time != 0L)
- M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
- if (in->timeout != 0L)
- M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
- if (in->peer != NULL)
- M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
- M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
- if (in->verify_result != X509_V_OK)
- M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
-
-#ifndef OPENSSL_NO_TLSEXT
- if (in->tlsext_tick_lifetime_hint > 0)
- M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
- if (in->tlsext_tick)
- M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
- if (in->tlsext_hostname)
- M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
-#ifndef OPENSSL_NO_COMP
- if (in->compress_meth)
- M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
-#endif
-#endif /* OPENSSL_NO_TLSEXT */
- M_ASN1_I2D_seq_total();
-
- M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
- M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
- M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
-#ifndef OPENSSL_NO_KRB5
- if (in->krb5_client_princ_len)
- M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
-#endif /* OPENSSL_NO_KRB5 */
- if (in->key_arg_length > 0)
- M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
- if (in->time != 0L)
- M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
- if (in->timeout != 0L)
- M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
- if (in->peer != NULL)
- M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
- M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
- v4);
- if (in->verify_result != X509_V_OK)
- M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
-#ifndef OPENSSL_NO_TLSEXT
- if (in->tlsext_hostname)
- M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING,6,v6);
- if (in->tlsext_tick_lifetime_hint > 0)
- M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER,9,v9);
- if (in->tlsext_tick)
- M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING,10,v10);
-#endif /* OPENSSL_NO_TLSEXT */
-#ifndef OPENSSL_NO_COMP
- if (in->compress_meth)
- M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
-#endif
- M_ASN1_I2D_finish();
- }
-
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
- long length)
- {
- int ssl_version=0,i;
- long id;
- ASN1_INTEGER ai,*aip;
- ASN1_OCTET_STRING os,*osp;
- M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
-
- aip= &ai;
- osp= &os;
-
- M_ASN1_D2I_Init();
- M_ASN1_D2I_start_sequence();
-
- ai.data=NULL; ai.length=0;
- M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
- if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
-
- /* we don't care about the version right now :-) */
- M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
- ssl_version=(int)ASN1_INTEGER_get(aip);
- ret->ssl_version=ssl_version;
- if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
-
- os.data=NULL; os.length=0;
- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
- if (ssl_version == SSL2_VERSION)
- {
- if (os.length != 3)
- {
- c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
- goto err;
- }
- id=0x02000000L|
- ((unsigned long)os.data[0]<<16L)|
- ((unsigned long)os.data[1]<< 8L)|
- (unsigned long)os.data[2];
- }
- else if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
- {
- if (os.length != 2)
- {
- c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
- goto err;
- }
- id=0x03000000L|
- ((unsigned long)os.data[0]<<8L)|
- (unsigned long)os.data[1];
- }
- else
- {
- c.error=SSL_R_UNKNOWN_SSL_VERSION;
- goto err;
- }
-
- ret->cipher=NULL;
- ret->cipher_id=id;
-
- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
- if ((ssl_version>>8) >= SSL3_VERSION_MAJOR)
- i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
- else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
- i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
-
- if (os.length > i)
- os.length = i;
- if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
- os.length = sizeof(ret->session_id);
-
- ret->session_id_length=os.length;
- OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
- memcpy(ret->session_id,os.data,os.length);
-
- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
- if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
- ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
- else
- ret->master_key_length=os.length;
- memcpy(ret->master_key,os.data,ret->master_key_length);
-
- os.length=0;
-
-#ifndef OPENSSL_NO_KRB5
- os.length=0;
- M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
- if (os.data)
- {
- if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
- ret->krb5_client_princ_len=0;
- else
- ret->krb5_client_princ_len=os.length;
- memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
- OPENSSL_free(os.data);
- os.data = NULL;
- os.length = 0;
- }
- else
- ret->krb5_client_princ_len=0;
-#endif /* OPENSSL_NO_KRB5 */
-
- M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
- if (os.length > SSL_MAX_KEY_ARG_LENGTH)
- ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
- else
- ret->key_arg_length=os.length;
- memcpy(ret->key_arg,os.data,ret->key_arg_length);
- if (os.data != NULL) OPENSSL_free(os.data);
-
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
- if (ai.data != NULL)
- {
- ret->time=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else
- ret->time=(unsigned long)time(NULL);
-
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
- if (ai.data != NULL)
- {
- ret->timeout=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else
- ret->timeout=3;
-
- if (ret->peer != NULL)
- {
- X509_free(ret->peer);
- ret->peer=NULL;
- }
- M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
-
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
-
- if(os.data != NULL)
- {
- if (os.length > SSL_MAX_SID_CTX_LENGTH)
- {
- c.error=SSL_R_BAD_LENGTH;
- goto err;
- }
- else
- {
- ret->sid_ctx_length=os.length;
- memcpy(ret->sid_ctx,os.data,os.length);
- }
- OPENSSL_free(os.data); os.data=NULL; os.length=0;
- }
- else
- ret->sid_ctx_length=0;
-
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
- if (ai.data != NULL)
- {
- ret->verify_result=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else
- ret->verify_result=X509_V_OK;
-
-#ifndef OPENSSL_NO_TLSEXT
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,6);
- if (os.data)
- {
- ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
- OPENSSL_free(os.data);
- os.data = NULL;
- os.length = 0;
- }
- else
- ret->tlsext_hostname=NULL;
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,9);
- if (ai.data != NULL)
- {
- ret->tlsext_tick_lifetime_hint=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else if (ret->tlsext_ticklen && ret->session_id_length)
- ret->tlsext_tick_lifetime_hint = -1;
- else
- ret->tlsext_tick_lifetime_hint = 0;
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,10);
- if (os.data)
- {
- ret->tlsext_tick = os.data;
- ret->tlsext_ticklen = os.length;
- os.data = NULL;
- os.length = 0;
- }
- else
- ret->tlsext_tick=NULL;
-#endif /* OPENSSL_NO_TLSEXT */
-#ifndef OPENSSL_NO_COMP
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,11);
- if (os.data)
- {
- ret->compress_meth = os.data[0];
- OPENSSL_free(os.data);
- os.data = NULL;
- }
-#endif
-
- M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_asn1.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_asn1.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_asn1.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_asn1.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,502 @@
+/* ssl/ssl_asn1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "ssl_locl.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+typedef struct ssl_session_asn1_st {
+ ASN1_INTEGER version;
+ ASN1_INTEGER ssl_version;
+ ASN1_OCTET_STRING cipher;
+ ASN1_OCTET_STRING comp_id;
+ ASN1_OCTET_STRING master_key;
+ ASN1_OCTET_STRING session_id;
+ ASN1_OCTET_STRING session_id_context;
+ ASN1_OCTET_STRING key_arg;
+#ifndef OPENSSL_NO_KRB5
+ ASN1_OCTET_STRING krb5_princ;
+#endif /* OPENSSL_NO_KRB5 */
+ ASN1_INTEGER time;
+ ASN1_INTEGER timeout;
+ ASN1_INTEGER verify_result;
+#ifndef OPENSSL_NO_TLSEXT
+ ASN1_OCTET_STRING tlsext_hostname;
+ ASN1_INTEGER tlsext_tick_lifetime;
+ ASN1_OCTET_STRING tlsext_tick;
+#endif /* OPENSSL_NO_TLSEXT */
+} SSL_SESSION_ASN1;
+
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
+{
+#define LSIZE2 (sizeof(long)*2)
+ int v1 = 0, v2 = 0, v3 = 0, v4 = 0, v5 = 0;
+ unsigned char buf[4], ibuf1[LSIZE2], ibuf2[LSIZE2];
+ unsigned char ibuf3[LSIZE2], ibuf4[LSIZE2], ibuf5[LSIZE2];
+#ifndef OPENSSL_NO_TLSEXT
+ int v6 = 0, v9 = 0, v10 = 0;
+ unsigned char ibuf6[LSIZE2];
+#endif
+#ifndef OPENSSL_NO_COMP
+ int v11 = 0;
+ unsigned char cbuf;
+#endif
+ long l;
+ SSL_SESSION_ASN1 a;
+ M_ASN1_I2D_vars(in);
+
+ if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
+ return (0);
+
+ /*
+ * Note that I cheat in the following 2 assignments. I know that if the
+ * ASN1_INTEGER passed to ASN1_INTEGER_set is > sizeof(long)+1, the
+ * buffer will not be re-OPENSSL_malloc()ed. This is a bit evil but makes
+ * things simple, no dynamic allocation to clean up :-)
+ */
+ a.version.length = LSIZE2;
+ a.version.type = V_ASN1_INTEGER;
+ a.version.data = ibuf1;
+ ASN1_INTEGER_set(&(a.version), SSL_SESSION_ASN1_VERSION);
+
+ a.ssl_version.length = LSIZE2;
+ a.ssl_version.type = V_ASN1_INTEGER;
+ a.ssl_version.data = ibuf2;
+ ASN1_INTEGER_set(&(a.ssl_version), in->ssl_version);
+
+ a.cipher.type = V_ASN1_OCTET_STRING;
+ a.cipher.data = buf;
+
+ if (in->cipher == NULL)
+ l = in->cipher_id;
+ else
+ l = in->cipher->id;
+ if (in->ssl_version == SSL2_VERSION) {
+ a.cipher.length = 3;
+ buf[0] = ((unsigned char)(l >> 16L)) & 0xff;
+ buf[1] = ((unsigned char)(l >> 8L)) & 0xff;
+ buf[2] = ((unsigned char)(l)) & 0xff;
+ } else {
+ a.cipher.length = 2;
+ buf[0] = ((unsigned char)(l >> 8L)) & 0xff;
+ buf[1] = ((unsigned char)(l)) & 0xff;
+ }
+
+#ifndef OPENSSL_NO_COMP
+ if (in->compress_meth) {
+ cbuf = (unsigned char)in->compress_meth;
+ a.comp_id.length = 1;
+ a.comp_id.type = V_ASN1_OCTET_STRING;
+ a.comp_id.data = &cbuf;
+ }
+#endif
+
+ a.master_key.length = in->master_key_length;
+ a.master_key.type = V_ASN1_OCTET_STRING;
+ a.master_key.data = in->master_key;
+
+ a.session_id.length = in->session_id_length;
+ a.session_id.type = V_ASN1_OCTET_STRING;
+ a.session_id.data = in->session_id;
+
+ a.session_id_context.length = in->sid_ctx_length;
+ a.session_id_context.type = V_ASN1_OCTET_STRING;
+ a.session_id_context.data = in->sid_ctx;
+
+ a.key_arg.length = in->key_arg_length;
+ a.key_arg.type = V_ASN1_OCTET_STRING;
+ a.key_arg.data = in->key_arg;
+
+#ifndef OPENSSL_NO_KRB5
+ if (in->krb5_client_princ_len) {
+ a.krb5_princ.length = in->krb5_client_princ_len;
+ a.krb5_princ.type = V_ASN1_OCTET_STRING;
+ a.krb5_princ.data = in->krb5_client_princ;
+ }
+#endif /* OPENSSL_NO_KRB5 */
+
+ if (in->time != 0L) {
+ a.time.length = LSIZE2;
+ a.time.type = V_ASN1_INTEGER;
+ a.time.data = ibuf3;
+ ASN1_INTEGER_set(&(a.time), in->time);
+ }
+
+ if (in->timeout != 0L) {
+ a.timeout.length = LSIZE2;
+ a.timeout.type = V_ASN1_INTEGER;
+ a.timeout.data = ibuf4;
+ ASN1_INTEGER_set(&(a.timeout), in->timeout);
+ }
+
+ if (in->verify_result != X509_V_OK) {
+ a.verify_result.length = LSIZE2;
+ a.verify_result.type = V_ASN1_INTEGER;
+ a.verify_result.data = ibuf5;
+ ASN1_INTEGER_set(&a.verify_result, in->verify_result);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ if (in->tlsext_hostname) {
+ a.tlsext_hostname.length = strlen(in->tlsext_hostname);
+ a.tlsext_hostname.type = V_ASN1_OCTET_STRING;
+ a.tlsext_hostname.data = (unsigned char *)in->tlsext_hostname;
+ }
+ if (in->tlsext_tick) {
+ a.tlsext_tick.length = in->tlsext_ticklen;
+ a.tlsext_tick.type = V_ASN1_OCTET_STRING;
+ a.tlsext_tick.data = (unsigned char *)in->tlsext_tick;
+ }
+ if (in->tlsext_tick_lifetime_hint > 0) {
+ a.tlsext_tick_lifetime.length = LSIZE2;
+ a.tlsext_tick_lifetime.type = V_ASN1_INTEGER;
+ a.tlsext_tick_lifetime.data = ibuf6;
+ ASN1_INTEGER_set(&a.tlsext_tick_lifetime,
+ in->tlsext_tick_lifetime_hint);
+ }
+#endif /* OPENSSL_NO_TLSEXT */
+ M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
+ M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
+ M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
+#ifndef OPENSSL_NO_KRB5
+ if (in->krb5_client_princ_len)
+ M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
+#endif /* OPENSSL_NO_KRB5 */
+ if (in->key_arg_length > 0)
+ M_ASN1_I2D_len_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING);
+ if (in->time != 0L)
+ M_ASN1_I2D_len_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
+ if (in->timeout != 0L)
+ M_ASN1_I2D_len_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
+ if (in->peer != NULL)
+ M_ASN1_I2D_len_EXP_opt(in->peer, i2d_X509, 3, v3);
+ M_ASN1_I2D_len_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4,
+ v4);
+ if (in->verify_result != X509_V_OK)
+ M_ASN1_I2D_len_EXP_opt(&(a.verify_result), i2d_ASN1_INTEGER, 5, v5);
+
+#ifndef OPENSSL_NO_TLSEXT
+ if (in->tlsext_tick_lifetime_hint > 0)
+ M_ASN1_I2D_len_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9,
+ v9);
+ if (in->tlsext_tick)
+ M_ASN1_I2D_len_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10,
+ v10);
+ if (in->tlsext_hostname)
+ M_ASN1_I2D_len_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6,
+ v6);
+# ifndef OPENSSL_NO_COMP
+ if (in->compress_meth)
+ M_ASN1_I2D_len_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
+# endif
+#endif /* OPENSSL_NO_TLSEXT */
+ M_ASN1_I2D_seq_total();
+
+ M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
+ M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
+ M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
+#ifndef OPENSSL_NO_KRB5
+ if (in->krb5_client_princ_len)
+ M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
+#endif /* OPENSSL_NO_KRB5 */
+ if (in->key_arg_length > 0)
+ M_ASN1_I2D_put_IMP_opt(&(a.key_arg), i2d_ASN1_OCTET_STRING, 0);
+ if (in->time != 0L)
+ M_ASN1_I2D_put_EXP_opt(&(a.time), i2d_ASN1_INTEGER, 1, v1);
+ if (in->timeout != 0L)
+ M_ASN1_I2D_put_EXP_opt(&(a.timeout), i2d_ASN1_INTEGER, 2, v2);
+ if (in->peer != NULL)
+ M_ASN1_I2D_put_EXP_opt(in->peer, i2d_X509, 3, v3);
+ M_ASN1_I2D_put_EXP_opt(&a.session_id_context, i2d_ASN1_OCTET_STRING, 4,
+ v4);
+ if (in->verify_result != X509_V_OK)
+ M_ASN1_I2D_put_EXP_opt(&a.verify_result, i2d_ASN1_INTEGER, 5, v5);
+#ifndef OPENSSL_NO_TLSEXT
+ if (in->tlsext_hostname)
+ M_ASN1_I2D_put_EXP_opt(&(a.tlsext_hostname), i2d_ASN1_OCTET_STRING, 6,
+ v6);
+ if (in->tlsext_tick_lifetime_hint > 0)
+ M_ASN1_I2D_put_EXP_opt(&a.tlsext_tick_lifetime, i2d_ASN1_INTEGER, 9,
+ v9);
+ if (in->tlsext_tick)
+ M_ASN1_I2D_put_EXP_opt(&(a.tlsext_tick), i2d_ASN1_OCTET_STRING, 10,
+ v10);
+#endif /* OPENSSL_NO_TLSEXT */
+#ifndef OPENSSL_NO_COMP
+ if (in->compress_meth)
+ M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING, 11, v11);
+#endif
+ M_ASN1_I2D_finish();
+}
+
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+ long length)
+{
+ int ssl_version = 0, i;
+ long id;
+ ASN1_INTEGER ai, *aip;
+ ASN1_OCTET_STRING os, *osp;
+ M_ASN1_D2I_vars(a, SSL_SESSION *, SSL_SESSION_new);
+
+ aip = &ai;
+ osp = &os;
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+
+ ai.data = NULL;
+ ai.length = 0;
+ M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER);
+ if (ai.data != NULL) {
+ OPENSSL_free(ai.data);
+ ai.data = NULL;
+ ai.length = 0;
+ }
+
+ /* we don't care about the version right now :-) */
+ M_ASN1_D2I_get_x(ASN1_INTEGER, aip, d2i_ASN1_INTEGER);
+ ssl_version = (int)ASN1_INTEGER_get(aip);
+ ret->ssl_version = ssl_version;
+ if (ai.data != NULL) {
+ OPENSSL_free(ai.data);
+ ai.data = NULL;
+ ai.length = 0;
+ }
+
+ os.data = NULL;
+ os.length = 0;
+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
+ if (ssl_version == SSL2_VERSION) {
+ if (os.length != 3) {
+ c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
+ goto err;
+ }
+ id = 0x02000000L |
+ ((unsigned long)os.data[0] << 16L) |
+ ((unsigned long)os.data[1] << 8L) | (unsigned long)os.data[2];
+ } else if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR) {
+ if (os.length != 2) {
+ c.error = SSL_R_CIPHER_CODE_WRONG_LENGTH;
+ goto err;
+ }
+ id = 0x03000000L |
+ ((unsigned long)os.data[0] << 8L) | (unsigned long)os.data[1];
+ } else {
+ c.error = SSL_R_UNKNOWN_SSL_VERSION;
+ goto err;
+ }
+
+ ret->cipher = NULL;
+ ret->cipher_id = id;
+
+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
+ if ((ssl_version >> 8) >= SSL3_VERSION_MAJOR)
+ i = SSL3_MAX_SSL_SESSION_ID_LENGTH;
+ else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
+ i = SSL2_MAX_SSL_SESSION_ID_LENGTH;
+
+ if (os.length > i)
+ os.length = i;
+ if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
+ os.length = sizeof(ret->session_id);
+
+ ret->session_id_length = os.length;
+ OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
+ memcpy(ret->session_id, os.data, os.length);
+
+ M_ASN1_D2I_get_x(ASN1_OCTET_STRING, osp, d2i_ASN1_OCTET_STRING);
+ if (os.length > SSL_MAX_MASTER_KEY_LENGTH)
+ ret->master_key_length = SSL_MAX_MASTER_KEY_LENGTH;
+ else
+ ret->master_key_length = os.length;
+ memcpy(ret->master_key, os.data, ret->master_key_length);
+
+ os.length = 0;
+
+#ifndef OPENSSL_NO_KRB5
+ os.length = 0;
+ M_ASN1_D2I_get_opt(osp, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING);
+ if (os.data) {
+ if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
+ ret->krb5_client_princ_len = 0;
+ else
+ ret->krb5_client_princ_len = os.length;
+ memcpy(ret->krb5_client_princ, os.data, ret->krb5_client_princ_len);
+ OPENSSL_free(os.data);
+ os.data = NULL;
+ os.length = 0;
+ } else
+ ret->krb5_client_princ_len = 0;
+#endif /* OPENSSL_NO_KRB5 */
+
+ M_ASN1_D2I_get_IMP_opt(osp, d2i_ASN1_OCTET_STRING, 0,
+ V_ASN1_OCTET_STRING);
+ if (os.length > SSL_MAX_KEY_ARG_LENGTH)
+ ret->key_arg_length = SSL_MAX_KEY_ARG_LENGTH;
+ else
+ ret->key_arg_length = os.length;
+ memcpy(ret->key_arg, os.data, ret->key_arg_length);
+ if (os.data != NULL)
+ OPENSSL_free(os.data);
+
+ ai.length = 0;
+ M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 1);
+ if (ai.data != NULL) {
+ ret->time = ASN1_INTEGER_get(aip);
+ OPENSSL_free(ai.data);
+ ai.data = NULL;
+ ai.length = 0;
+ } else
+ ret->time = (unsigned long)time(NULL);
+
+ ai.length = 0;
+ M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 2);
+ if (ai.data != NULL) {
+ ret->timeout = ASN1_INTEGER_get(aip);
+ OPENSSL_free(ai.data);
+ ai.data = NULL;
+ ai.length = 0;
+ } else
+ ret->timeout = 3;
+
+ if (ret->peer != NULL) {
+ X509_free(ret->peer);
+ ret->peer = NULL;
+ }
+ M_ASN1_D2I_get_EXP_opt(ret->peer, d2i_X509, 3);
+
+ os.length = 0;
+ os.data = NULL;
+ M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 4);
+
+ if (os.data != NULL) {
+ if (os.length > SSL_MAX_SID_CTX_LENGTH) {
+ c.error = SSL_R_BAD_LENGTH;
+ goto err;
+ } else {
+ ret->sid_ctx_length = os.length;
+ memcpy(ret->sid_ctx, os.data, os.length);
+ }
+ OPENSSL_free(os.data);
+ os.data = NULL;
+ os.length = 0;
+ } else
+ ret->sid_ctx_length = 0;
+
+ ai.length = 0;
+ M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 5);
+ if (ai.data != NULL) {
+ ret->verify_result = ASN1_INTEGER_get(aip);
+ OPENSSL_free(ai.data);
+ ai.data = NULL;
+ ai.length = 0;
+ } else
+ ret->verify_result = X509_V_OK;
+
+#ifndef OPENSSL_NO_TLSEXT
+ os.length = 0;
+ os.data = NULL;
+ M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 6);
+ if (os.data) {
+ ret->tlsext_hostname = BUF_strndup((char *)os.data, os.length);
+ OPENSSL_free(os.data);
+ os.data = NULL;
+ os.length = 0;
+ } else
+ ret->tlsext_hostname = NULL;
+ ai.length = 0;
+ M_ASN1_D2I_get_EXP_opt(aip, d2i_ASN1_INTEGER, 9);
+ if (ai.data != NULL) {
+ ret->tlsext_tick_lifetime_hint = ASN1_INTEGER_get(aip);
+ OPENSSL_free(ai.data);
+ ai.data = NULL;
+ ai.length = 0;
+ } else if (ret->tlsext_ticklen && ret->session_id_length)
+ ret->tlsext_tick_lifetime_hint = -1;
+ else
+ ret->tlsext_tick_lifetime_hint = 0;
+ os.length = 0;
+ os.data = NULL;
+ M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 10);
+ if (os.data) {
+ ret->tlsext_tick = os.data;
+ ret->tlsext_ticklen = os.length;
+ os.data = NULL;
+ os.length = 0;
+ } else
+ ret->tlsext_tick = NULL;
+#endif /* OPENSSL_NO_TLSEXT */
+#ifndef OPENSSL_NO_COMP
+ os.length = 0;
+ os.data = NULL;
+ M_ASN1_D2I_get_EXP_opt(osp, d2i_ASN1_OCTET_STRING, 11);
+ if (os.data) {
+ ret->compress_meth = os.data[0];
+ OPENSSL_free(os.data);
+ os.data = NULL;
+ }
+#endif
+
+ M_ASN1_D2I_Finish(a, SSL_SESSION_free, SSL_F_D2I_SSL_SESSION);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_cert.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_cert.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_cert.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,832 +0,0 @@
-/*! \file ssl/ssl_cert.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <stdio.h>
-
-#include "e_os.h"
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include "o_dir.h"
-#include <openssl/objects.h>
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-#include "ssl_locl.h"
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void)
- {
- static volatile int ssl_x509_store_ctx_idx= -1;
- int got_write_lock = 0;
-
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-
- if (ssl_x509_store_ctx_idx < 0)
- {
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- got_write_lock = 1;
-
- if (ssl_x509_store_ctx_idx < 0)
- {
- ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
- 0,"SSL for verify callback",NULL,NULL,NULL);
- }
- }
-
- if (got_write_lock)
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- else
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-
- return ssl_x509_store_ctx_idx;
- }
-
-CERT *ssl_cert_new(void)
- {
- CERT *ret;
-
- ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
- if (ret == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- memset(ret,0,sizeof(CERT));
-
- ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
- ret->references=1;
-
- return(ret);
- }
-
-CERT *ssl_cert_dup(CERT *cert)
- {
- CERT *ret;
- int i;
-
- ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
- if (ret == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
- memset(ret, 0, sizeof(CERT));
-
- ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
- /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
- * if you find that more readable */
-
- ret->valid = cert->valid;
- ret->mask = cert->mask;
- ret->export_mask = cert->export_mask;
-
-#ifndef OPENSSL_NO_RSA
- if (cert->rsa_tmp != NULL)
- {
- RSA_up_ref(cert->rsa_tmp);
- ret->rsa_tmp = cert->rsa_tmp;
- }
- ret->rsa_tmp_cb = cert->rsa_tmp_cb;
-#endif
-
-#ifndef OPENSSL_NO_DH
- if (cert->dh_tmp != NULL)
- {
- ret->dh_tmp = DHparams_dup(cert->dh_tmp);
- if (ret->dh_tmp == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
- goto err;
- }
- if (cert->dh_tmp->priv_key)
- {
- BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
- if (!b)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
- goto err;
- }
- ret->dh_tmp->priv_key = b;
- }
- if (cert->dh_tmp->pub_key)
- {
- BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
- if (!b)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
- goto err;
- }
- ret->dh_tmp->pub_key = b;
- }
- }
- ret->dh_tmp_cb = cert->dh_tmp_cb;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- if (cert->ecdh_tmp)
- {
- ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
- if (ret->ecdh_tmp == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
- goto err;
- }
- }
- ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
-#endif
-
- for (i = 0; i < SSL_PKEY_NUM; i++)
- {
- if (cert->pkeys[i].x509 != NULL)
- {
- ret->pkeys[i].x509 = cert->pkeys[i].x509;
- CRYPTO_add(&ret->pkeys[i].x509->references, 1,
- CRYPTO_LOCK_X509);
- }
-
- if (cert->pkeys[i].privatekey != NULL)
- {
- ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
- CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
- CRYPTO_LOCK_EVP_PKEY);
-
- switch(i)
- {
- /* If there was anything special to do for
- * certain types of keys, we'd do it here.
- * (Nothing at the moment, I think.) */
-
- case SSL_PKEY_RSA_ENC:
- case SSL_PKEY_RSA_SIGN:
- /* We have an RSA key. */
- break;
-
- case SSL_PKEY_DSA_SIGN:
- /* We have a DSA key. */
- break;
-
- case SSL_PKEY_DH_RSA:
- case SSL_PKEY_DH_DSA:
- /* We have a DH key. */
- break;
-
- case SSL_PKEY_ECC:
- /* We have an ECC key */
- break;
-
- default:
- /* Can't happen. */
- SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
- }
- }
- }
-
- /* ret->extra_certs *should* exist, but currently the own certificate
- * chain is held inside SSL_CTX */
-
- ret->references=1;
-
- return(ret);
-
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
-err:
-#endif
-#ifndef OPENSSL_NO_RSA
- if (ret->rsa_tmp != NULL)
- RSA_free(ret->rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
- if (ret->dh_tmp != NULL)
- DH_free(ret->dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (ret->ecdh_tmp != NULL)
- EC_KEY_free(ret->ecdh_tmp);
-#endif
-
- for (i = 0; i < SSL_PKEY_NUM; i++)
- {
- if (ret->pkeys[i].x509 != NULL)
- X509_free(ret->pkeys[i].x509);
- if (ret->pkeys[i].privatekey != NULL)
- EVP_PKEY_free(ret->pkeys[i].privatekey);
- }
-
- return NULL;
- }
-
-
-void ssl_cert_free(CERT *c)
- {
- int i;
-
- if(c == NULL)
- return;
-
- i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
-#ifdef REF_PRINT
- REF_PRINT("CERT",c);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"ssl_cert_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
- if (c->rsa_tmp) RSA_free(c->rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
- if (c->dh_tmp) DH_free(c->dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
-#endif
-
- for (i=0; i<SSL_PKEY_NUM; i++)
- {
- if (c->pkeys[i].x509 != NULL)
- X509_free(c->pkeys[i].x509);
- if (c->pkeys[i].privatekey != NULL)
- EVP_PKEY_free(c->pkeys[i].privatekey);
-#if 0
- if (c->pkeys[i].publickey != NULL)
- EVP_PKEY_free(c->pkeys[i].publickey);
-#endif
- }
- OPENSSL_free(c);
- }
-
-int ssl_cert_inst(CERT **o)
- {
- /* Create a CERT if there isn't already one
- * (which cannot really happen, as it is initially created in
- * SSL_CTX_new; but the earlier code usually allows for that one
- * being non-existant, so we follow that behaviour, as it might
- * turn out that there actually is a reason for it -- but I'm
- * not sure that *all* of the existing code could cope with
- * s->cert being NULL, otherwise we could do without the
- * initialization in SSL_CTX_new).
- */
-
- if (o == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (*o == NULL)
- {
- if ((*o = ssl_cert_new()) == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
- return(0);
- }
- }
- return(1);
- }
-
-
-SESS_CERT *ssl_sess_cert_new(void)
- {
- SESS_CERT *ret;
-
- ret = OPENSSL_malloc(sizeof *ret);
- if (ret == NULL)
- {
- SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- memset(ret, 0 ,sizeof *ret);
- ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
- ret->references = 1;
-
- return ret;
- }
-
-void ssl_sess_cert_free(SESS_CERT *sc)
- {
- int i;
-
- if (sc == NULL)
- return;
-
- i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
-#ifdef REF_PRINT
- REF_PRINT("SESS_CERT", sc);
-#endif
- if (i > 0)
- return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- /* i == 0 */
- if (sc->cert_chain != NULL)
- sk_X509_pop_free(sc->cert_chain, X509_free);
- for (i = 0; i < SSL_PKEY_NUM; i++)
- {
- if (sc->peer_pkeys[i].x509 != NULL)
- X509_free(sc->peer_pkeys[i].x509);
-#if 0 /* We don't have the peer's private key. These lines are just
- * here as a reminder that we're still using a not-quite-appropriate
- * data structure. */
- if (sc->peer_pkeys[i].privatekey != NULL)
- EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
-#endif
- }
-
-#ifndef OPENSSL_NO_RSA
- if (sc->peer_rsa_tmp != NULL)
- RSA_free(sc->peer_rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
- if (sc->peer_dh_tmp != NULL)
- DH_free(sc->peer_dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (sc->peer_ecdh_tmp != NULL)
- EC_KEY_free(sc->peer_ecdh_tmp);
-#endif
-
- OPENSSL_free(sc);
- }
-
-int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
- {
- sc->peer_cert_type = type;
- return(1);
- }
-
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
- {
- X509 *x;
- int i;
- X509_STORE_CTX ctx;
-
- if ((sk == NULL) || (sk_X509_num(sk) == 0))
- return(0);
-
- x=sk_X509_value(sk,0);
- if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
- {
- SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
- return(0);
- }
-#if 0
- if (SSL_get_verify_depth(s) >= 0)
- X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
-#endif
- X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
-
- /* We need to inherit the verify parameters. These can be determined by
- * the context: if its a server it will verify SSL client certificates
- * or vice versa.
- */
-
- X509_STORE_CTX_set_default(&ctx,
- s->server ? "ssl_client" : "ssl_server");
- /* Anything non-default in "param" should overwrite anything in the
- * ctx.
- */
- X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
-
- if (s->verify_callback)
- X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
-
- if (s->ctx->app_verify_callback != NULL)
-#if 1 /* new with OpenSSL 0.9.7 */
- i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
-#else
- i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
-#endif
- else
- {
-#ifndef OPENSSL_NO_X509_VERIFY
- i=X509_verify_cert(&ctx);
-#else
- i=0;
- ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
- SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
-#endif
- }
-
- s->verify_result=ctx.error;
- X509_STORE_CTX_cleanup(&ctx);
-
- return(i);
- }
-
-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
- {
- if (*ca_list != NULL)
- sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
-
- *ca_list=name_list;
- }
-
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
- {
- int i;
- STACK_OF(X509_NAME) *ret;
- X509_NAME *name;
-
- ret=sk_X509_NAME_new_null();
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
- if ((name == NULL) || !sk_X509_NAME_push(ret,name))
- {
- sk_X509_NAME_pop_free(ret,X509_NAME_free);
- return(NULL);
- }
- }
- return(ret);
- }
-
-void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
- {
- set_client_CA_list(&(s->client_CA),name_list);
- }
-
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
- {
- set_client_CA_list(&(ctx->client_CA),name_list);
- }
-
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
- {
- return(ctx->client_CA);
- }
-
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
- {
- if (s->type == SSL_ST_CONNECT)
- { /* we are in the client */
- if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
- (s->s3 != NULL))
- return(s->s3->tmp.ca_names);
- else
- return(NULL);
- }
- else
- {
- if (s->client_CA != NULL)
- return(s->client_CA);
- else
- return(s->ctx->client_CA);
- }
- }
-
-static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
- {
- X509_NAME *name;
-
- if (x == NULL) return(0);
- if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
- return(0);
-
- if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
- return(0);
-
- if (!sk_X509_NAME_push(*sk,name))
- {
- X509_NAME_free(name);
- return(0);
- }
- return(1);
- }
-
-int SSL_add_client_CA(SSL *ssl,X509 *x)
- {
- return(add_client_CA(&(ssl->client_CA),x));
- }
-
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
- {
- return(add_client_CA(&(ctx->client_CA),x));
- }
-
-static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
- {
- return(X509_NAME_cmp(*a,*b));
- }
-
-#ifndef OPENSSL_NO_STDIO
-/*!
- * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
- * it doesn't really have anything to do with clients (except that a common use
- * for a stack of CAs is to send it to the client). Actually, it doesn't have
- * much to do with CAs, either, since it will load any old cert.
- * \param file the file containing one or more certs.
- * \return a ::STACK containing the certs.
- */
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
- {
- BIO *in;
- X509 *x=NULL;
- X509_NAME *xn=NULL;
- STACK_OF(X509_NAME) *ret = NULL,*sk;
-
- sk=sk_X509_NAME_new(xname_cmp);
-
- in=BIO_new(BIO_s_file_internal());
-
- if ((sk == NULL) || (in == NULL))
- {
- SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!BIO_read_filename(in,file))
- goto err;
-
- for (;;)
- {
- if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
- break;
- if (ret == NULL)
- {
- ret = sk_X509_NAME_new_null();
- if (ret == NULL)
- {
- SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- if ((xn=X509_get_subject_name(x)) == NULL) goto err;
- /* check for duplicates */
- xn=X509_NAME_dup(xn);
- if (xn == NULL) goto err;
- if (sk_X509_NAME_find(sk,xn) >= 0)
- X509_NAME_free(xn);
- else
- {
- sk_X509_NAME_push(sk,xn);
- sk_X509_NAME_push(ret,xn);
- }
- }
-
- if (0)
- {
-err:
- if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
- ret=NULL;
- }
- if (sk != NULL) sk_X509_NAME_free(sk);
- if (in != NULL) BIO_free(in);
- if (x != NULL) X509_free(x);
- if (ret != NULL)
- ERR_clear_error();
- return(ret);
- }
-#endif
-
-/*!
- * Add a file of certs to a stack.
- * \param stack the stack to add to.
- * \param file the file to add from. All certs in this file that are not
- * already in the stack will be added.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- const char *file)
- {
- BIO *in;
- X509 *x=NULL;
- X509_NAME *xn=NULL;
- int ret=1;
- int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
-
- oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
-
- in=BIO_new(BIO_s_file_internal());
-
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!BIO_read_filename(in,file))
- goto err;
-
- for (;;)
- {
- if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
- break;
- if ((xn=X509_get_subject_name(x)) == NULL) goto err;
- xn=X509_NAME_dup(xn);
- if (xn == NULL) goto err;
- if (sk_X509_NAME_find(stack,xn) >= 0)
- X509_NAME_free(xn);
- else
- sk_X509_NAME_push(stack,xn);
- }
-
- ERR_clear_error();
-
- if (0)
- {
-err:
- ret=0;
- }
- if(in != NULL)
- BIO_free(in);
- if(x != NULL)
- X509_free(x);
-
- (void)sk_X509_NAME_set_cmp_func(stack,oldcmp);
-
- return ret;
- }
-
-/*!
- * Add a directory of certs to a stack.
- * \param stack the stack to append to.
- * \param dir the directory to append from. All files in this directory will be
- * examined as potential certs. Any that are acceptable to
- * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
- * included.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- const char *dir)
- {
- OPENSSL_DIR_CTX *d = NULL;
- const char *filename;
- int ret = 0;
-
- CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-
- /* Note that a side effect is that the CAs will be sorted by name */
-
- while((filename = OPENSSL_DIR_read(&d, dir)))
- {
- char buf[1024];
- int r;
-
- if(strlen(dir)+strlen(filename)+2 > sizeof buf)
- {
- SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
- goto err;
- }
-
-#ifdef OPENSSL_SYS_VMS
- r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename);
-#else
- r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename);
-#endif
- if (r <= 0 || r >= (int)sizeof(buf))
- goto err;
- if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
- goto err;
- }
-
- if (errno)
- {
- SYSerr(SYS_F_OPENDIR, get_last_sys_error());
- ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
- SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
- goto err;
- }
-
- ret = 1;
-
-err:
- if (d) OPENSSL_DIR_end(&d);
- CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
- return ret;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_cert.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_cert.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_cert.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_cert.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,806 @@
+/*
+ * ! \file ssl/ssl_cert.c
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <stdio.h>
+
+#include "e_os.h"
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include "o_dir.h"
+#include <openssl/objects.h>
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+#include "ssl_locl.h"
+
+int SSL_get_ex_data_X509_STORE_CTX_idx(void)
+{
+ static volatile int ssl_x509_store_ctx_idx = -1;
+ int got_write_lock = 0;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+
+ if (ssl_x509_store_ctx_idx < 0) {
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+ got_write_lock = 1;
+
+ if (ssl_x509_store_ctx_idx < 0) {
+ ssl_x509_store_ctx_idx =
+ X509_STORE_CTX_get_ex_new_index(0, "SSL for verify callback",
+ NULL, NULL, NULL);
+ }
+ }
+
+ if (got_write_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+ else
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+
+ return ssl_x509_store_ctx_idx;
+}
+
+CERT *ssl_cert_new(void)
+{
+ CERT *ret;
+
+ ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
+ if (ret == NULL) {
+ SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+ memset(ret, 0, sizeof(CERT));
+
+ ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
+ ret->references = 1;
+
+ return (ret);
+}
+
+CERT *ssl_cert_dup(CERT *cert)
+{
+ CERT *ret;
+ int i;
+
+ ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
+ if (ret == NULL) {
+ SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+ }
+
+ memset(ret, 0, sizeof(CERT));
+
+ ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
+ /*
+ * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that
+ * more readable
+ */
+
+ ret->valid = cert->valid;
+ ret->mask = cert->mask;
+ ret->export_mask = cert->export_mask;
+
+#ifndef OPENSSL_NO_RSA
+ if (cert->rsa_tmp != NULL) {
+ RSA_up_ref(cert->rsa_tmp);
+ ret->rsa_tmp = cert->rsa_tmp;
+ }
+ ret->rsa_tmp_cb = cert->rsa_tmp_cb;
+#endif
+
+#ifndef OPENSSL_NO_DH
+ if (cert->dh_tmp != NULL) {
+ ret->dh_tmp = DHparams_dup(cert->dh_tmp);
+ if (ret->dh_tmp == NULL) {
+ SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
+ goto err;
+ }
+ if (cert->dh_tmp->priv_key) {
+ BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
+ if (!b) {
+ SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
+ goto err;
+ }
+ ret->dh_tmp->priv_key = b;
+ }
+ if (cert->dh_tmp->pub_key) {
+ BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
+ if (!b) {
+ SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
+ goto err;
+ }
+ ret->dh_tmp->pub_key = b;
+ }
+ }
+ ret->dh_tmp_cb = cert->dh_tmp_cb;
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+ if (cert->ecdh_tmp) {
+ ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
+ if (ret->ecdh_tmp == NULL) {
+ SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
+ goto err;
+ }
+ }
+ ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
+#endif
+
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+ if (cert->pkeys[i].x509 != NULL) {
+ ret->pkeys[i].x509 = cert->pkeys[i].x509;
+ CRYPTO_add(&ret->pkeys[i].x509->references, 1, CRYPTO_LOCK_X509);
+ }
+
+ if (cert->pkeys[i].privatekey != NULL) {
+ ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
+ CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
+ CRYPTO_LOCK_EVP_PKEY);
+
+ switch (i) {
+ /*
+ * If there was anything special to do for certain types of
+ * keys, we'd do it here. (Nothing at the moment, I think.)
+ */
+
+ case SSL_PKEY_RSA_ENC:
+ case SSL_PKEY_RSA_SIGN:
+ /* We have an RSA key. */
+ break;
+
+ case SSL_PKEY_DSA_SIGN:
+ /* We have a DSA key. */
+ break;
+
+ case SSL_PKEY_DH_RSA:
+ case SSL_PKEY_DH_DSA:
+ /* We have a DH key. */
+ break;
+
+ case SSL_PKEY_ECC:
+ /* We have an ECC key */
+ break;
+
+ default:
+ /* Can't happen. */
+ SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
+ }
+ }
+ }
+
+ /*
+ * ret->extra_certs *should* exist, but currently the own certificate
+ * chain is held inside SSL_CTX
+ */
+
+ ret->references = 1;
+
+ return (ret);
+
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
+ err:
+#endif
+#ifndef OPENSSL_NO_RSA
+ if (ret->rsa_tmp != NULL)
+ RSA_free(ret->rsa_tmp);
+#endif
+#ifndef OPENSSL_NO_DH
+ if (ret->dh_tmp != NULL)
+ DH_free(ret->dh_tmp);
+#endif
+#ifndef OPENSSL_NO_ECDH
+ if (ret->ecdh_tmp != NULL)
+ EC_KEY_free(ret->ecdh_tmp);
+#endif
+
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+ if (ret->pkeys[i].x509 != NULL)
+ X509_free(ret->pkeys[i].x509);
+ if (ret->pkeys[i].privatekey != NULL)
+ EVP_PKEY_free(ret->pkeys[i].privatekey);
+ }
+
+ return NULL;
+}
+
+void ssl_cert_free(CERT *c)
+{
+ int i;
+
+ if (c == NULL)
+ return;
+
+ i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT);
+#ifdef REF_PRINT
+ REF_PRINT("CERT", c);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "ssl_cert_free, bad reference count\n");
+ abort(); /* ok */
+ }
+#endif
+
+#ifndef OPENSSL_NO_RSA
+ if (c->rsa_tmp)
+ RSA_free(c->rsa_tmp);
+#endif
+#ifndef OPENSSL_NO_DH
+ if (c->dh_tmp)
+ DH_free(c->dh_tmp);
+#endif
+#ifndef OPENSSL_NO_ECDH
+ if (c->ecdh_tmp)
+ EC_KEY_free(c->ecdh_tmp);
+#endif
+
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+ if (c->pkeys[i].x509 != NULL)
+ X509_free(c->pkeys[i].x509);
+ if (c->pkeys[i].privatekey != NULL)
+ EVP_PKEY_free(c->pkeys[i].privatekey);
+#if 0
+ if (c->pkeys[i].publickey != NULL)
+ EVP_PKEY_free(c->pkeys[i].publickey);
+#endif
+ }
+ OPENSSL_free(c);
+}
+
+int ssl_cert_inst(CERT **o)
+{
+ /*
+ * Create a CERT if there isn't already one (which cannot really happen,
+ * as it is initially created in SSL_CTX_new; but the earlier code
+ * usually allows for that one being non-existant, so we follow that
+ * behaviour, as it might turn out that there actually is a reason for it
+ * -- but I'm not sure that *all* of the existing code could cope with
+ * s->cert being NULL, otherwise we could do without the initialization
+ * in SSL_CTX_new).
+ */
+
+ if (o == NULL) {
+ SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (*o == NULL) {
+ if ((*o = ssl_cert_new()) == NULL) {
+ SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ }
+ return (1);
+}
+
+SESS_CERT *ssl_sess_cert_new(void)
+{
+ SESS_CERT *ret;
+
+ ret = OPENSSL_malloc(sizeof *ret);
+ if (ret == NULL) {
+ SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ memset(ret, 0, sizeof *ret);
+ ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
+ ret->references = 1;
+
+ return ret;
+}
+
+void ssl_sess_cert_free(SESS_CERT *sc)
+{
+ int i;
+
+ if (sc == NULL)
+ return;
+
+ i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
+#ifdef REF_PRINT
+ REF_PRINT("SESS_CERT", sc);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "ssl_sess_cert_free, bad reference count\n");
+ abort(); /* ok */
+ }
+#endif
+
+ /* i == 0 */
+ if (sc->cert_chain != NULL)
+ sk_X509_pop_free(sc->cert_chain, X509_free);
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+ if (sc->peer_pkeys[i].x509 != NULL)
+ X509_free(sc->peer_pkeys[i].x509);
+#if 0 /* We don't have the peer's private key.
+ * These lines are just * here as a reminder
+ * that we're still using a
+ * not-quite-appropriate * data structure. */
+ if (sc->peer_pkeys[i].privatekey != NULL)
+ EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
+#endif
+ }
+
+#ifndef OPENSSL_NO_RSA
+ if (sc->peer_rsa_tmp != NULL)
+ RSA_free(sc->peer_rsa_tmp);
+#endif
+#ifndef OPENSSL_NO_DH
+ if (sc->peer_dh_tmp != NULL)
+ DH_free(sc->peer_dh_tmp);
+#endif
+#ifndef OPENSSL_NO_ECDH
+ if (sc->peer_ecdh_tmp != NULL)
+ EC_KEY_free(sc->peer_ecdh_tmp);
+#endif
+
+ OPENSSL_free(sc);
+}
+
+int ssl_set_peer_cert_type(SESS_CERT *sc, int type)
+{
+ sc->peer_cert_type = type;
+ return (1);
+}
+
+int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
+{
+ X509 *x;
+ int i;
+ X509_STORE_CTX ctx;
+
+ if ((sk == NULL) || (sk_X509_num(sk) == 0))
+ return (0);
+
+ x = sk_X509_value(sk, 0);
+ if (!X509_STORE_CTX_init(&ctx, s->ctx->cert_store, x, sk)) {
+ SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB);
+ return (0);
+ }
+#if 0
+ if (SSL_get_verify_depth(s) >= 0)
+ X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
+#endif
+ X509_STORE_CTX_set_ex_data(&ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s);
+
+ /*
+ * We need to inherit the verify parameters. These can be determined by
+ * the context: if its a server it will verify SSL client certificates or
+ * vice versa.
+ */
+
+ X509_STORE_CTX_set_default(&ctx, s->server ? "ssl_client" : "ssl_server");
+ /*
+ * Anything non-default in "param" should overwrite anything in the ctx.
+ */
+ X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(&ctx), s->param);
+
+ if (s->verify_callback)
+ X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
+
+ if (s->ctx->app_verify_callback != NULL)
+#if 1 /* new with OpenSSL 0.9.7 */
+ i = s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
+#else
+ i = s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
+#endif
+ else {
+#ifndef OPENSSL_NO_X509_VERIFY
+ i = X509_verify_cert(&ctx);
+#else
+ i = 0;
+ ctx.error = X509_V_ERR_APPLICATION_VERIFICATION;
+ SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK);
+#endif
+ }
+
+ s->verify_result = ctx.error;
+ X509_STORE_CTX_cleanup(&ctx);
+
+ return (i);
+}
+
+static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
+ STACK_OF(X509_NAME) *name_list)
+{
+ if (*ca_list != NULL)
+ sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
+
+ *ca_list = name_list;
+}
+
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
+{
+ int i;
+ STACK_OF(X509_NAME) *ret;
+ X509_NAME *name;
+
+ ret = sk_X509_NAME_new_null();
+ for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+ name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
+ if ((name == NULL) || !sk_X509_NAME_push(ret, name)) {
+ sk_X509_NAME_pop_free(ret, X509_NAME_free);
+ return (NULL);
+ }
+ }
+ return (ret);
+}
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
+{
+ set_client_CA_list(&(s->client_CA), name_list);
+}
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
+{
+ set_client_CA_list(&(ctx->client_CA), name_list);
+}
+
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
+{
+ return (ctx->client_CA);
+}
+
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
+{
+ if (s->type == SSL_ST_CONNECT) { /* we are in the client */
+ if (((s->version >> 8) == SSL3_VERSION_MAJOR) && (s->s3 != NULL))
+ return (s->s3->tmp.ca_names);
+ else
+ return (NULL);
+ } else {
+ if (s->client_CA != NULL)
+ return (s->client_CA);
+ else
+ return (s->ctx->client_CA);
+ }
+}
+
+static int add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x)
+{
+ X509_NAME *name;
+
+ if (x == NULL)
+ return (0);
+ if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL))
+ return (0);
+
+ if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
+ return (0);
+
+ if (!sk_X509_NAME_push(*sk, name)) {
+ X509_NAME_free(name);
+ return (0);
+ }
+ return (1);
+}
+
+int SSL_add_client_CA(SSL *ssl, X509 *x)
+{
+ return (add_client_CA(&(ssl->client_CA), x));
+}
+
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
+{
+ return (add_client_CA(&(ctx->client_CA), x));
+}
+
+static int xname_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+{
+ return (X509_NAME_cmp(*a, *b));
+}
+
+#ifndef OPENSSL_NO_STDIO
+/**
+ * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
+ * it doesn't really have anything to do with clients (except that a common use
+ * for a stack of CAs is to send it to the client). Actually, it doesn't have
+ * much to do with CAs, either, since it will load any old cert.
+ * \param file the file containing one or more certs.
+ * \return a ::STACK containing the certs.
+ */
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
+{
+ BIO *in;
+ X509 *x = NULL;
+ X509_NAME *xn = NULL;
+ STACK_OF(X509_NAME) *ret = NULL, *sk;
+
+ sk = sk_X509_NAME_new(xname_cmp);
+
+ in = BIO_new(BIO_s_file_internal());
+
+ if ((sk == NULL) || (in == NULL)) {
+ SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!BIO_read_filename(in, file))
+ goto err;
+
+ for (;;) {
+ if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
+ break;
+ if (ret == NULL) {
+ ret = sk_X509_NAME_new_null();
+ if (ret == NULL) {
+ SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ if ((xn = X509_get_subject_name(x)) == NULL)
+ goto err;
+ /* check for duplicates */
+ xn = X509_NAME_dup(xn);
+ if (xn == NULL)
+ goto err;
+ if (sk_X509_NAME_find(sk, xn) >= 0)
+ X509_NAME_free(xn);
+ else {
+ sk_X509_NAME_push(sk, xn);
+ sk_X509_NAME_push(ret, xn);
+ }
+ }
+
+ if (0) {
+ err:
+ if (ret != NULL)
+ sk_X509_NAME_pop_free(ret, X509_NAME_free);
+ ret = NULL;
+ }
+ if (sk != NULL)
+ sk_X509_NAME_free(sk);
+ if (in != NULL)
+ BIO_free(in);
+ if (x != NULL)
+ X509_free(x);
+ if (ret != NULL)
+ ERR_clear_error();
+ return (ret);
+}
+#endif
+
+/**
+ * Add a file of certs to a stack.
+ * \param stack the stack to add to.
+ * \param file the file to add from. All certs in this file that are not
+ * already in the stack will be added.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+ const char *file)
+{
+ BIO *in;
+ X509 *x = NULL;
+ X509_NAME *xn = NULL;
+ int ret = 1;
+ int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b);
+
+ oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp);
+
+ in = BIO_new(BIO_s_file_internal());
+
+ if (in == NULL) {
+ SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,
+ ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (!BIO_read_filename(in, file))
+ goto err;
+
+ for (;;) {
+ if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
+ break;
+ if ((xn = X509_get_subject_name(x)) == NULL)
+ goto err;
+ xn = X509_NAME_dup(xn);
+ if (xn == NULL)
+ goto err;
+ if (sk_X509_NAME_find(stack, xn) >= 0)
+ X509_NAME_free(xn);
+ else
+ sk_X509_NAME_push(stack, xn);
+ }
+
+ ERR_clear_error();
+
+ if (0) {
+ err:
+ ret = 0;
+ }
+ if (in != NULL)
+ BIO_free(in);
+ if (x != NULL)
+ X509_free(x);
+
+ (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
+
+ return ret;
+}
+
+/**
+ * Add a directory of certs to a stack.
+ * \param stack the stack to append to.
+ * \param dir the directory to append from. All files in this directory will be
+ * examined as potential certs. Any that are acceptable to
+ * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
+ * included.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+ const char *dir)
+{
+ OPENSSL_DIR_CTX *d = NULL;
+ const char *filename;
+ int ret = 0;
+
+ CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+
+ /* Note that a side effect is that the CAs will be sorted by name */
+
+ while ((filename = OPENSSL_DIR_read(&d, dir))) {
+ char buf[1024];
+ int r;
+
+ if (strlen(dir) + strlen(filename) + 2 > sizeof buf) {
+ SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,
+ SSL_R_PATH_TOO_LONG);
+ goto err;
+ }
+#ifdef OPENSSL_SYS_VMS
+ r = BIO_snprintf(buf, sizeof buf, "%s%s", dir, filename);
+#else
+ r = BIO_snprintf(buf, sizeof buf, "%s/%s", dir, filename);
+#endif
+ if (r <= 0 || r >= (int)sizeof(buf))
+ goto err;
+ if (!SSL_add_file_cert_subjects_to_stack(stack, buf))
+ goto err;
+ }
+
+ if (errno) {
+ SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+ ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
+ SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+ goto err;
+ }
+
+ ret = 1;
+
+ err:
+ if (d)
+ OPENSSL_DIR_end(&d);
+ CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+ return ret;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_ciph.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_ciph.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_ciph.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1387 +0,0 @@
-/* ssl/ssl_ciph.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-#include <stdio.h>
-#include <openssl/objects.h>
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-
-#include "ssl_locl.h"
-
-#define SSL_ENC_DES_IDX 0
-#define SSL_ENC_3DES_IDX 1
-#define SSL_ENC_RC4_IDX 2
-#define SSL_ENC_RC2_IDX 3
-#define SSL_ENC_IDEA_IDX 4
-#define SSL_ENC_eFZA_IDX 5
-#define SSL_ENC_NULL_IDX 6
-#define SSL_ENC_AES128_IDX 7
-#define SSL_ENC_AES256_IDX 8
-#define SSL_ENC_CAMELLIA128_IDX 9
-#define SSL_ENC_CAMELLIA256_IDX 10
-#define SSL_ENC_SEED_IDX 11
-#define SSL_ENC_NUM_IDX 12
-
-
-static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
- NULL,NULL,NULL,NULL,NULL,NULL,
- };
-
-#define SSL_COMP_NULL_IDX 0
-#define SSL_COMP_ZLIB_IDX 1
-#define SSL_COMP_NUM_IDX 2
-
-static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
-
-#define SSL_MD_MD5_IDX 0
-#define SSL_MD_SHA1_IDX 1
-#define SSL_MD_NUM_IDX 2
-static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
- NULL,NULL,
- };
-
-#define CIPHER_ADD 1
-#define CIPHER_KILL 2
-#define CIPHER_DEL 3
-#define CIPHER_ORD 4
-#define CIPHER_SPECIAL 5
-
-typedef struct cipher_order_st
- {
- SSL_CIPHER *cipher;
- int active;
- int dead;
- struct cipher_order_st *next,*prev;
- } CIPHER_ORDER;
-
-static const SSL_CIPHER cipher_aliases[]={
- /* Don't include eNULL unless specifically enabled. */
- /* Don't include ECC in ALL because these ciphers are not yet official. */
- {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
- /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
- {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */
- {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */
- {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
- {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */
- {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0},
-
- {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0},
-#ifndef OPENSSL_NO_IDEA
- {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
-#endif
- {0,SSL_TXT_SEED,0,SSL_SEED, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_CAMELLIA,0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},
-
- {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},
- {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},
- {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0},
-
- {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
- {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
- {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
- {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
-
- {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
- {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
- {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
-
- {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
- {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
- {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0,0,0,0,SSL_FIPS|SSL_STRONG_NONE},
- };
-
-void ssl_load_ciphers(void)
- {
- ssl_cipher_methods[SSL_ENC_DES_IDX]=
- EVP_get_cipherbyname(SN_des_cbc);
- ssl_cipher_methods[SSL_ENC_3DES_IDX]=
- EVP_get_cipherbyname(SN_des_ede3_cbc);
- ssl_cipher_methods[SSL_ENC_RC4_IDX]=
- EVP_get_cipherbyname(SN_rc4);
- ssl_cipher_methods[SSL_ENC_RC2_IDX]=
- EVP_get_cipherbyname(SN_rc2_cbc);
-#ifndef OPENSSL_NO_IDEA
- ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
- EVP_get_cipherbyname(SN_idea_cbc);
-#else
- ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
-#endif
- ssl_cipher_methods[SSL_ENC_AES128_IDX]=
- EVP_get_cipherbyname(SN_aes_128_cbc);
- ssl_cipher_methods[SSL_ENC_AES256_IDX]=
- EVP_get_cipherbyname(SN_aes_256_cbc);
- ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
- EVP_get_cipherbyname(SN_camellia_128_cbc);
- ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
- EVP_get_cipherbyname(SN_camellia_256_cbc);
- ssl_cipher_methods[SSL_ENC_SEED_IDX]=
- EVP_get_cipherbyname(SN_seed_cbc);
-
- ssl_digest_methods[SSL_MD_MD5_IDX]=
- EVP_get_digestbyname(SN_md5);
- ssl_digest_methods[SSL_MD_SHA1_IDX]=
- EVP_get_digestbyname(SN_sha1);
- }
-
-
-#ifndef OPENSSL_NO_COMP
-
-static int sk_comp_cmp(const SSL_COMP * const *a,
- const SSL_COMP * const *b)
- {
- return((*a)->id-(*b)->id);
- }
-
-static void load_builtin_compressions(void)
- {
- int got_write_lock = 0;
-
- CRYPTO_r_lock(CRYPTO_LOCK_SSL);
- if (ssl_comp_methods == NULL)
- {
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- got_write_lock = 1;
-
- if (ssl_comp_methods == NULL)
- {
- SSL_COMP *comp = NULL;
-
- MemCheck_off();
- ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
- if (ssl_comp_methods != NULL)
- {
- comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
- if (comp != NULL)
- {
- comp->method=COMP_zlib();
- if (comp->method
- && comp->method->type == NID_undef)
- OPENSSL_free(comp);
- else
- {
- comp->id=SSL_COMP_ZLIB_IDX;
- comp->name=comp->method->name;
- sk_SSL_COMP_push(ssl_comp_methods,comp);
- }
- }
- sk_SSL_COMP_sort(ssl_comp_methods);
- }
- MemCheck_on();
- }
- }
-
- if (got_write_lock)
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- else
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
- }
-#endif
-
-int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- const EVP_MD **md, SSL_COMP **comp)
- {
- int i;
- SSL_CIPHER *c;
-
- c=s->cipher;
- if (c == NULL) return(0);
- if (comp != NULL)
- {
- SSL_COMP ctmp;
-#ifndef OPENSSL_NO_COMP
- load_builtin_compressions();
-#endif
-
- *comp=NULL;
- ctmp.id=s->compress_meth;
- if (ssl_comp_methods != NULL)
- {
- i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
- if (i >= 0)
- *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
- else
- *comp=NULL;
- }
- }
-
- if ((enc == NULL) || (md == NULL)) return(0);
-
- switch (c->algorithms & SSL_ENC_MASK)
- {
- case SSL_DES:
- i=SSL_ENC_DES_IDX;
- break;
- case SSL_3DES:
- i=SSL_ENC_3DES_IDX;
- break;
- case SSL_RC4:
- i=SSL_ENC_RC4_IDX;
- break;
- case SSL_RC2:
- i=SSL_ENC_RC2_IDX;
- break;
- case SSL_IDEA:
- i=SSL_ENC_IDEA_IDX;
- break;
- case SSL_eNULL:
- i=SSL_ENC_NULL_IDX;
- break;
- case SSL_AES:
- switch(c->alg_bits)
- {
- case 128: i=SSL_ENC_AES128_IDX; break;
- case 256: i=SSL_ENC_AES256_IDX; break;
- default: i=-1; break;
- }
- break;
- case SSL_CAMELLIA:
- switch(c->alg_bits)
- {
- case 128: i=SSL_ENC_CAMELLIA128_IDX; break;
- case 256: i=SSL_ENC_CAMELLIA256_IDX; break;
- default: i=-1; break;
- }
- break;
- case SSL_SEED:
- i=SSL_ENC_SEED_IDX;
- break;
-
- default:
- i= -1;
- break;
- }
-
- if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
- *enc=NULL;
- else
- {
- if (i == SSL_ENC_NULL_IDX)
- *enc=EVP_enc_null();
- else
- *enc=ssl_cipher_methods[i];
- }
-
- switch (c->algorithms & SSL_MAC_MASK)
- {
- case SSL_MD5:
- i=SSL_MD_MD5_IDX;
- break;
- case SSL_SHA1:
- i=SSL_MD_SHA1_IDX;
- break;
- default:
- i= -1;
- break;
- }
- if ((i < 0) || (i >= SSL_MD_NUM_IDX))
- *md=NULL;
- else
- *md=ssl_digest_methods[i];
-
- if ((*enc != NULL) && (*md != NULL))
- return(1);
- else
- return(0);
- }
-
-#define ITEM_SEP(a) \
- (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
-
-static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
- CIPHER_ORDER **tail)
- {
- if (curr == *tail) return;
- if (curr == *head)
- *head=curr->next;
- if (curr->prev != NULL)
- curr->prev->next=curr->next;
- if (curr->next != NULL) /* should always be true */
- curr->next->prev=curr->prev;
- (*tail)->next=curr;
- curr->prev= *tail;
- curr->next=NULL;
- *tail=curr;
- }
-
-struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,
- * where 128-bit and 256-bit algorithms simply will get
- * separate bits. */
- unsigned long mask; /* everything except m256 */
- unsigned long m256; /* applies to 256-bit algorithms only */
-};
-
-static struct disabled_masks ssl_cipher_get_disabled(void)
- {
- unsigned long mask;
- unsigned long m256;
- struct disabled_masks ret;
-
- mask = SSL_kFZA;
-#ifdef OPENSSL_NO_RSA
- mask |= SSL_aRSA|SSL_kRSA;
-#endif
-#ifdef OPENSSL_NO_DSA
- mask |= SSL_aDSS;
-#endif
-#ifdef OPENSSL_NO_DH
- mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
-#endif
-#ifdef OPENSSL_NO_KRB5
- mask |= SSL_kKRB5|SSL_aKRB5;
-#endif
-#ifdef OPENSSL_NO_ECDH
- mask |= SSL_kECDH|SSL_kECDHE;
-#endif
-#ifdef SSL_FORBID_ENULL
- mask |= SSL_eNULL;
-#endif
-
- mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
- mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
- mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
- mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
- mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
- mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
- mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED:0;
-
- mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
- mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
-
- /* finally consider algorithms where mask and m256 differ */
- m256 = mask;
- mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
- mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
- m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
- m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;
-
- ret.mask = mask;
- ret.m256 = m256;
- return ret;
- }
-
-static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
- int num_of_ciphers, unsigned long mask, unsigned long m256,
- CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
- CIPHER_ORDER **tail_p)
- {
- int i, co_list_num;
- SSL_CIPHER *c;
-
- /*
- * We have num_of_ciphers descriptions compiled in, depending on the
- * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
- * These will later be sorted in a linked list with at most num
- * entries.
- */
-
- /* Get the initial list of ciphers */
- co_list_num = 0; /* actual count of ciphers */
- for (i = 0; i < num_of_ciphers; i++)
- {
- c = ssl_method->get_cipher(i);
-#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
- /* drop those that use any of that is not available */
-#ifdef OPENSSL_FIPS
- if ((c != NULL) && c->valid && !IS_MASKED(c)
- && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
-#else
- if ((c != NULL) && c->valid && !IS_MASKED(c))
-#endif
- {
- co_list[co_list_num].cipher = c;
- co_list[co_list_num].next = NULL;
- co_list[co_list_num].prev = NULL;
- co_list[co_list_num].active = 0;
- co_list_num++;
-#ifdef KSSL_DEBUG
- printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
-#endif /* KSSL_DEBUG */
- /*
- if (!sk_push(ca_list,(char *)c)) goto err;
- */
- }
- }
-
- /*
- * Prepare linked list from list entries
- */
- for (i = 1; i < co_list_num - 1; i++)
- {
- co_list[i].prev = &(co_list[i-1]);
- co_list[i].next = &(co_list[i+1]);
- }
- if (co_list_num > 0)
- {
- (*head_p) = &(co_list[0]);
- (*head_p)->prev = NULL;
- (*head_p)->next = &(co_list[1]);
- (*tail_p) = &(co_list[co_list_num - 1]);
- (*tail_p)->prev = &(co_list[co_list_num - 2]);
- (*tail_p)->next = NULL;
- }
- }
-
-static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
- int num_of_group_aliases, unsigned long mask,
- CIPHER_ORDER *head)
- {
- CIPHER_ORDER *ciph_curr;
- SSL_CIPHER **ca_curr;
- int i;
-
- /*
- * First, add the real ciphers as already collected
- */
- ciph_curr = head;
- ca_curr = ca_list;
- while (ciph_curr != NULL)
- {
- *ca_curr = ciph_curr->cipher;
- ca_curr++;
- ciph_curr = ciph_curr->next;
- }
-
- /*
- * Now we add the available ones from the cipher_aliases[] table.
- * They represent either an algorithm, that must be fully
- * supported (not match any bit in mask) or represent a cipher
- * strength value (will be added in any case because algorithms=0).
- */
- for (i = 0; i < num_of_group_aliases; i++)
- {
- if ((i == 0) || /* always fetch "ALL" */
- !(cipher_aliases[i].algorithms & mask))
- {
- *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
- ca_curr++;
- }
- }
-
- *ca_curr = NULL; /* end of list */
- }
-
-static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version,
- unsigned long algorithms, unsigned long mask,
- unsigned long algo_strength, unsigned long mask_strength,
- int rule, int strength_bits, CIPHER_ORDER *co_list,
- CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
- {
- CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
- SSL_CIPHER *cp;
- unsigned long ma, ma_s;
-
-#ifdef CIPHER_DEBUG
- printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
- rule, algorithms, mask, algo_strength, mask_strength,
- strength_bits);
-#endif
-
- curr = head = *head_p;
- curr2 = head;
- tail2 = tail = *tail_p;
- for (;;)
- {
- if ((curr == NULL) || (curr == tail2)) break;
- curr = curr2;
- curr2 = curr->next;
-
- cp = curr->cipher;
-
- /* If explicit cipher suite, match only that one for its own protocol version.
- * Usual selection criteria will be used for similar ciphersuites from other version! */
-
- if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version)
- {
- if (cp->id != cipher_id)
- continue;
- }
-
- /*
- * Selection criteria is either the number of strength_bits
- * or the algorithm used.
- */
- else if (strength_bits == -1)
- {
- ma = mask & cp->algorithms;
- ma_s = mask_strength & cp->algo_strength;
-
-#ifdef CIPHER_DEBUG
- printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);
- printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
-#endif
- /*
- * Select: if none of the mask bit was met from the
- * cipher or not all of the bits were met, the
- * selection does not apply.
- */
- if (((ma == 0) && (ma_s == 0)) ||
- ((ma & algorithms) != ma) ||
- ((ma_s & algo_strength) != ma_s))
- continue; /* does not apply */
- }
- else if (strength_bits != cp->strength_bits)
- continue; /* does not apply */
-
-#ifdef CIPHER_DEBUG
- printf("Action = %d\n", rule);
-#endif
-
- /* add the cipher if it has not been added yet. */
- if (rule == CIPHER_ADD)
- {
- if (!curr->active)
- {
- int add_this_cipher = 1;
-
- if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
- {
- /* Make sure "ECCdraft" ciphersuites are activated only if
- * *explicitly* requested, but not implicitly (such as
- * as part of the "AES" alias). */
-
- add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
- }
-
- if (add_this_cipher)
- {
- ll_append_tail(&head, curr, &tail);
- curr->active = 1;
- }
- }
- }
- /* Move the added cipher to this location */
- else if (rule == CIPHER_ORD)
- {
- if (curr->active)
- {
- ll_append_tail(&head, curr, &tail);
- }
- }
- else if (rule == CIPHER_DEL)
- curr->active = 0;
- else if (rule == CIPHER_KILL)
- {
- if (head == curr)
- head = curr->next;
- else
- curr->prev->next = curr->next;
- if (tail == curr)
- tail = curr->prev;
- curr->active = 0;
- if (curr->next != NULL)
- curr->next->prev = curr->prev;
- if (curr->prev != NULL)
- curr->prev->next = curr->next;
- curr->next = NULL;
- curr->prev = NULL;
- }
- }
-
- *head_p = head;
- *tail_p = tail;
- }
-
-static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
- CIPHER_ORDER **head_p,
- CIPHER_ORDER **tail_p)
- {
- int max_strength_bits, i, *number_uses;
- CIPHER_ORDER *curr;
-
- /*
- * This routine sorts the ciphers with descending strength. The sorting
- * must keep the pre-sorted sequence, so we apply the normal sorting
- * routine as '+' movement to the end of the list.
- */
- max_strength_bits = 0;
- curr = *head_p;
- while (curr != NULL)
- {
- if (curr->active &&
- (curr->cipher->strength_bits > max_strength_bits))
- max_strength_bits = curr->cipher->strength_bits;
- curr = curr->next;
- }
-
- number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
- if (!number_uses)
- {
- SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
-
- /*
- * Now find the strength_bits values actually used
- */
- curr = *head_p;
- while (curr != NULL)
- {
- if (curr->active)
- number_uses[curr->cipher->strength_bits]++;
- curr = curr->next;
- }
- /*
- * Go through the list of used strength_bits values in descending
- * order.
- */
- for (i = max_strength_bits; i >= 0; i--)
- if (number_uses[i] > 0)
- ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,
- co_list, head_p, tail_p);
-
- OPENSSL_free(number_uses);
- return(1);
- }
-
-static int ssl_cipher_process_rulestr(const char *rule_str,
- CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
- CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
- {
- unsigned long algorithms, mask, algo_strength, mask_strength;
- const char *l, *buf;
- int j, multi, found, rule, retval, ok, buflen;
- unsigned long cipher_id = 0, ssl_version = 0;
- char ch;
-
- retval = 1;
- l = rule_str;
- for (;;)
- {
- ch = *l;
-
- if (ch == '\0')
- break; /* done */
- if (ch == '-')
- { rule = CIPHER_DEL; l++; }
- else if (ch == '+')
- { rule = CIPHER_ORD; l++; }
- else if (ch == '!')
- { rule = CIPHER_KILL; l++; }
- else if (ch == '@')
- { rule = CIPHER_SPECIAL; l++; }
- else
- { rule = CIPHER_ADD; }
-
- if (ITEM_SEP(ch))
- {
- l++;
- continue;
- }
-
- algorithms = mask = algo_strength = mask_strength = 0;
-
- for (;;)
- {
- ch = *l;
- buf = l;
- buflen = 0;
-#ifndef CHARSET_EBCDIC
- while ( ((ch >= 'A') && (ch <= 'Z')) ||
- ((ch >= '0') && (ch <= '9')) ||
- ((ch >= 'a') && (ch <= 'z')) ||
- (ch == '-'))
-#else
- while ( isalnum(ch) || (ch == '-'))
-#endif
- {
- ch = *(++l);
- buflen++;
- }
-
- if (buflen == 0)
- {
- /*
- * We hit something we cannot deal with,
- * it is no command or separator nor
- * alphanumeric, so we call this an error.
- */
- SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
- SSL_R_INVALID_COMMAND);
- retval = found = 0;
- l++;
- break;
- }
-
- if (rule == CIPHER_SPECIAL)
- {
- found = 0; /* unused -- avoid compiler warning */
- break; /* special treatment */
- }
-
- /* check for multi-part specification */
- if (ch == '+')
- {
- multi=1;
- l++;
- }
- else
- multi=0;
-
- /*
- * Now search for the cipher alias in the ca_list. Be careful
- * with the strncmp, because the "buflen" limitation
- * will make the rule "ADH:SOME" and the cipher
- * "ADH-MY-CIPHER" look like a match for buflen=3.
- * So additionally check whether the cipher name found
- * has the correct length. We can save a strlen() call:
- * just checking for the '\0' at the right place is
- * sufficient, we have to strncmp() anyway. (We cannot
- * use strcmp(), because buf is not '\0' terminated.)
- */
- j = found = 0;
- cipher_id = 0;
- ssl_version = 0;
- while (ca_list[j])
- {
- if (!strncmp(buf, ca_list[j]->name, buflen) &&
- (ca_list[j]->name[buflen] == '\0'))
- {
- found = 1;
- break;
- }
- else
- j++;
- }
- if (!found)
- break; /* ignore this entry */
-
- /* New algorithms:
- * 1 - any old restrictions apply outside new mask
- * 2 - any new restrictions apply outside old mask
- * 3 - enforce old & new where masks intersect
- */
- algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */
- (ca_list[j]->algorithms & ~mask) | /* 2 */
- (algorithms & ca_list[j]->algorithms); /* 3 */
- mask |= ca_list[j]->mask;
- algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
- (ca_list[j]->algo_strength & ~mask_strength) |
- (algo_strength & ca_list[j]->algo_strength);
- mask_strength |= ca_list[j]->mask_strength;
-
- /* explicit ciphersuite found */
- if (ca_list[j]->valid)
- {
- cipher_id = ca_list[j]->id;
- ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
- break;
- }
-
- if (!multi) break;
- }
-
- /*
- * Ok, we have the rule, now apply it
- */
- if (rule == CIPHER_SPECIAL)
- { /* special command */
- ok = 0;
- if ((buflen == 8) &&
- !strncmp(buf, "STRENGTH", 8))
- ok = ssl_cipher_strength_sort(co_list,
- head_p, tail_p);
- else
- SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
- SSL_R_INVALID_COMMAND);
- if (ok == 0)
- retval = 0;
- /*
- * We do not support any "multi" options
- * together with "@", so throw away the
- * rest of the command, if any left, until
- * end or ':' is found.
- */
- while ((*l != '\0') && !ITEM_SEP(*l))
- l++;
- }
- else if (found)
- {
- ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,
- algo_strength, mask_strength, rule, -1,
- co_list, head_p, tail_p);
- }
- else
- {
- while ((*l != '\0') && !ITEM_SEP(*l))
- l++;
- }
- if (*l == '\0') break; /* done */
- }
-
- return(retval);
- }
-
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
- STACK_OF(SSL_CIPHER) **cipher_list,
- STACK_OF(SSL_CIPHER) **cipher_list_by_id,
- const char *rule_str)
- {
- int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
- unsigned long disabled_mask;
- unsigned long disabled_m256;
- STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
- const char *rule_p;
- CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
- SSL_CIPHER **ca_list = NULL;
-
- /*
- * Return with error if nothing to do.
- */
- if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
- return NULL;
-
- /*
- * To reduce the work to do we only want to process the compiled
- * in algorithms, so we first get the mask of disabled ciphers.
- */
- {
- struct disabled_masks d;
- d = ssl_cipher_get_disabled();
- disabled_mask = d.mask;
- disabled_m256 = d.m256;
- }
-
- /*
- * Now we have to collect the available ciphers from the compiled
- * in ciphers. We cannot get more than the number compiled in, so
- * it is used for allocation.
- */
- num_of_ciphers = ssl_method->num_ciphers();
-#ifdef KSSL_DEBUG
- printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
-#endif /* KSSL_DEBUG */
- co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
- if (co_list == NULL)
- {
- SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- return(NULL); /* Failure */
- }
-
- ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
- disabled_m256, co_list, &head, &tail);
-
- /*
- * We also need cipher aliases for selecting based on the rule_str.
- * There might be two types of entries in the rule_str: 1) names
- * of ciphers themselves 2) aliases for groups of ciphers.
- * For 1) we need the available ciphers and for 2) the cipher
- * groups of cipher_aliases added together in one list (otherwise
- * we would be happy with just the cipher_aliases table).
- */
- num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
- num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
- ca_list =
- (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
- if (ca_list == NULL)
- {
- OPENSSL_free(co_list);
- SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- return(NULL); /* Failure */
- }
- ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
- (disabled_mask & disabled_m256), head);
-
- /*
- * If the rule_string begins with DEFAULT, apply the default rule
- * before using the (possibly available) additional rules.
- */
- ok = 1;
- rule_p = rule_str;
- if (strncmp(rule_str,"DEFAULT",7) == 0)
- {
- ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
- co_list, &head, &tail, ca_list);
- rule_p += 7;
- if (*rule_p == ':')
- rule_p++;
- }
-
- if (ok && (strlen(rule_p) > 0))
- ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
- ca_list);
-
- OPENSSL_free(ca_list); /* Not needed anymore */
-
- if (!ok)
- { /* Rule processing failure */
- OPENSSL_free(co_list);
- return(NULL);
- }
- /*
- * Allocate new "cipherstack" for the result, return with error
- * if we cannot get one.
- */
- if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
- {
- OPENSSL_free(co_list);
- return(NULL);
- }
-
- /*
- * The cipher selection for the list is done. The ciphers are added
- * to the resulting precedence to the STACK_OF(SSL_CIPHER).
- */
- for (curr = head; curr != NULL; curr = curr->next)
- {
-#ifdef OPENSSL_FIPS
- if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
-#else
- if (curr->active)
-#endif
- {
- sk_SSL_CIPHER_push(cipherstack, curr->cipher);
-#ifdef CIPHER_DEBUG
- printf("<%s>\n",curr->cipher->name);
-#endif
- }
- }
- OPENSSL_free(co_list); /* Not needed any longer */
-
- tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
- if (tmp_cipher_list == NULL)
- {
- sk_SSL_CIPHER_free(cipherstack);
- return NULL;
- }
- if (*cipher_list != NULL)
- sk_SSL_CIPHER_free(*cipher_list);
- *cipher_list = cipherstack;
- if (*cipher_list_by_id != NULL)
- sk_SSL_CIPHER_free(*cipher_list_by_id);
- *cipher_list_by_id = tmp_cipher_list;
- (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
-
- sk_SSL_CIPHER_sort(*cipher_list_by_id);
- return(cipherstack);
- }
-
-char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
- {
- int is_export,pkl,kl;
- const char *ver,*exp_str;
- const char *kx,*au,*enc,*mac;
- unsigned long alg,alg2;
-#ifdef KSSL_DEBUG
- static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
-#else
- static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
-#endif /* KSSL_DEBUG */
-
- alg=cipher->algorithms;
- alg2=cipher->algorithm2;
-
- is_export=SSL_C_IS_EXPORT(cipher);
- pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
- kl=SSL_C_EXPORT_KEYLENGTH(cipher);
- exp_str=is_export?" export":"";
-
- if (alg & SSL_SSLV2)
- ver="SSLv2";
- else if (alg & SSL_SSLV3)
- ver="SSLv3";
- else
- ver="unknown";
-
- switch (alg&SSL_MKEY_MASK)
- {
- case SSL_kRSA:
- kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
- break;
- case SSL_kDHr:
- kx="DH/RSA";
- break;
- case SSL_kDHd:
- kx="DH/DSS";
- break;
- case SSL_kKRB5: /* VRS */
- case SSL_KRB5: /* VRS */
- kx="KRB5";
- break;
- case SSL_kFZA:
- kx="Fortezza";
- break;
- case SSL_kEDH:
- kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
- break;
- case SSL_kECDH:
- case SSL_kECDHE:
- kx=is_export?"ECDH(<=163)":"ECDH";
- break;
- default:
- kx="unknown";
- }
-
- switch (alg&SSL_AUTH_MASK)
- {
- case SSL_aRSA:
- au="RSA";
- break;
- case SSL_aDSS:
- au="DSS";
- break;
- case SSL_aDH:
- au="DH";
- break;
- case SSL_aKRB5: /* VRS */
- case SSL_KRB5: /* VRS */
- au="KRB5";
- break;
- case SSL_aFZA:
- case SSL_aNULL:
- au="None";
- break;
- case SSL_aECDSA:
- au="ECDSA";
- break;
- default:
- au="unknown";
- break;
- }
-
- switch (alg&SSL_ENC_MASK)
- {
- case SSL_DES:
- enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
- break;
- case SSL_3DES:
- enc="3DES(168)";
- break;
- case SSL_RC4:
- enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
- :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
- break;
- case SSL_RC2:
- enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
- break;
- case SSL_IDEA:
- enc="IDEA(128)";
- break;
- case SSL_eFZA:
- enc="Fortezza";
- break;
- case SSL_eNULL:
- enc="None";
- break;
- case SSL_AES:
- switch(cipher->strength_bits)
- {
- case 128: enc="AES(128)"; break;
- case 192: enc="AES(192)"; break;
- case 256: enc="AES(256)"; break;
- default: enc="AES(?""?""?)"; break;
- }
- break;
- case SSL_CAMELLIA:
- switch(cipher->strength_bits)
- {
- case 128: enc="Camellia(128)"; break;
- case 256: enc="Camellia(256)"; break;
- default: enc="Camellia(?""?""?)"; break;
- }
- break;
- case SSL_SEED:
- enc="SEED(128)";
- break;
-
- default:
- enc="unknown";
- break;
- }
-
- switch (alg&SSL_MAC_MASK)
- {
- case SSL_MD5:
- mac="MD5";
- break;
- case SSL_SHA1:
- mac="SHA1";
- break;
- default:
- mac="unknown";
- break;
- }
-
- if (buf == NULL)
- {
- len=128;
- buf=OPENSSL_malloc(len);
- if (buf == NULL) return("OPENSSL_malloc Error");
- }
- else if (len < 128)
- return("Buffer too small");
-
-#ifdef KSSL_DEBUG
- BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
-#else
- BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
-#endif /* KSSL_DEBUG */
- return(buf);
- }
-
-char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
- {
- int i;
-
- if (c == NULL) return("(NONE)");
- i=(int)(c->id>>24L);
- if (i == 3)
- return("TLSv1/SSLv3");
- else if (i == 2)
- return("SSLv2");
- else
- return("unknown");
- }
-
-/* return the actual cipher being used */
-const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
- {
- if (c != NULL)
- return(c->name);
- return("(NONE)");
- }
-
-/* number of bits for symmetric cipher */
-int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
- {
- int ret=0;
-
- if (c != NULL)
- {
- if (alg_bits != NULL) *alg_bits = c->alg_bits;
- ret = c->strength_bits;
- }
- return(ret);
- }
-
-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
- {
- SSL_COMP *ctmp;
- int i,nn;
-
- if ((n == 0) || (sk == NULL)) return(NULL);
- nn=sk_SSL_COMP_num(sk);
- for (i=0; i<nn; i++)
- {
- ctmp=sk_SSL_COMP_value(sk,i);
- if (ctmp->id == n)
- return(ctmp);
- }
- return(NULL);
- }
-
-#ifdef OPENSSL_NO_COMP
-void *SSL_COMP_get_compression_methods(void)
- {
- return NULL;
- }
-int SSL_COMP_add_compression_method(int id, void *cm)
- {
- return 1;
- }
-
-const char *SSL_COMP_get_name(const void *comp)
- {
- return NULL;
- }
-#else
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
- {
- load_builtin_compressions();
- return(ssl_comp_methods);
- }
-
-int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
- {
- SSL_COMP *comp;
-
- if (cm == NULL || cm->type == NID_undef)
- return 1;
-
- /* According to draft-ietf-tls-compression-04.txt, the
- compression number ranges should be the following:
-
- 0 to 63: methods defined by the IETF
- 64 to 192: external party methods assigned by IANA
- 193 to 255: reserved for private use */
- if (id < 193 || id > 255)
- {
- SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
- return 0;
- }
-
- MemCheck_off();
- comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
- comp->id=id;
- comp->method=cm;
- load_builtin_compressions();
- if (ssl_comp_methods
- && sk_SSL_COMP_find(ssl_comp_methods,comp) >= 0)
- {
- OPENSSL_free(comp);
- MemCheck_on();
- SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
- return(1);
- }
- else if ((ssl_comp_methods == NULL)
- || !sk_SSL_COMP_push(ssl_comp_methods,comp))
- {
- OPENSSL_free(comp);
- MemCheck_on();
- SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
- return(1);
- }
- else
- {
- MemCheck_on();
- return(0);
- }
- }
-
-const char *SSL_COMP_get_name(const COMP_METHOD *comp)
- {
- if (comp)
- return comp->name;
- return NULL;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_ciph.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_ciph.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_ciph.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_ciph.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1402 @@
+/* ssl/ssl_ciph.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+#include <stdio.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+#endif
+
+#include "ssl_locl.h"
+
+#define SSL_ENC_DES_IDX 0
+#define SSL_ENC_3DES_IDX 1
+#define SSL_ENC_RC4_IDX 2
+#define SSL_ENC_RC2_IDX 3
+#define SSL_ENC_IDEA_IDX 4
+#define SSL_ENC_eFZA_IDX 5
+#define SSL_ENC_NULL_IDX 6
+#define SSL_ENC_AES128_IDX 7
+#define SSL_ENC_AES256_IDX 8
+#define SSL_ENC_CAMELLIA128_IDX 9
+#define SSL_ENC_CAMELLIA256_IDX 10
+#define SSL_ENC_SEED_IDX 11
+#define SSL_ENC_NUM_IDX 12
+
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX] = {
+ NULL, NULL, NULL, NULL, NULL, NULL,
+};
+
+#define SSL_COMP_NULL_IDX 0
+#define SSL_COMP_ZLIB_IDX 1
+#define SSL_COMP_NUM_IDX 2
+
+static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+
+#define SSL_MD_MD5_IDX 0
+#define SSL_MD_SHA1_IDX 1
+#define SSL_MD_NUM_IDX 2
+static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
+ NULL, NULL,
+};
+
+#define CIPHER_ADD 1
+#define CIPHER_KILL 2
+#define CIPHER_DEL 3
+#define CIPHER_ORD 4
+#define CIPHER_SPECIAL 5
+
+typedef struct cipher_order_st {
+ SSL_CIPHER *cipher;
+ int active;
+ int dead;
+ struct cipher_order_st *next, *prev;
+} CIPHER_ORDER;
+
+static const SSL_CIPHER cipher_aliases[] = {
+ /* Don't include eNULL unless specifically enabled. */
+ /*
+ * Don't include ECC in ALL because these ciphers are not yet official.
+ */
+ /* must be first */
+ {0, SSL_TXT_ALL, 0, SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE,
+ SSL_ALL, 0, 0, 0, SSL_ALL, SSL_ALL},
+ /*
+ * TODO: COMPLEMENT OF ALL do not have ECC cipher suites handled properly.
+ */
+ /* COMPLEMENT OF ALL */
+ {0, SSL_TXT_CMPALL, 0, SSL_eNULL, 0, 0, 0, 0, SSL_ENC_MASK, 0},
+ {0, SSL_TXT_CMPDEF, 0, SSL_ADH, SSL_EXP_MASK, 0, 0, 0, SSL_AUTH_MASK, 0},
+ /* VRS Kerberos5 */
+ {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
+ {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
+ {0, SSL_TXT_kDHr, 0, SSL_kDHr, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
+ {0, SSL_TXT_kDHd, 0, SSL_kDHd, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
+ {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
+ {0, SSL_TXT_kFZA, 0, SSL_kFZA, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
+ {0, SSL_TXT_DH, 0, SSL_DH, 0, 0, 0, 0, SSL_MKEY_MASK, 0},
+ {0, SSL_TXT_ECC, 0, (SSL_kECDH | SSL_kECDHE), 0, 0, 0, 0, SSL_MKEY_MASK,
+ 0},
+ {0, SSL_TXT_EDH, 0, SSL_EDH, 0, 0, 0, 0, SSL_MKEY_MASK | SSL_AUTH_MASK,
+ 0},
+ /* VRS Kerberos5 */
+ {0, SSL_TXT_aKRB5, 0, SSL_aKRB5, 0, 0, 0, 0, SSL_AUTH_MASK, 0},
+ {0, SSL_TXT_aRSA, 0, SSL_aRSA, 0, 0, 0, 0, SSL_AUTH_MASK, 0},
+ {0, SSL_TXT_aDSS, 0, SSL_aDSS, 0, 0, 0, 0, SSL_AUTH_MASK, 0},
+ {0, SSL_TXT_aFZA, 0, SSL_aFZA, 0, 0, 0, 0, SSL_AUTH_MASK, 0},
+ {0, SSL_TXT_aNULL, 0, SSL_aNULL, 0, 0, 0, 0, SSL_AUTH_MASK, 0},
+ {0, SSL_TXT_aDH, 0, SSL_aDH, 0, 0, 0, 0, SSL_AUTH_MASK, 0},
+ {0, SSL_TXT_DSS, 0, SSL_DSS, 0, 0, 0, 0, SSL_AUTH_MASK, 0},
+
+ {0, SSL_TXT_DES, 0, SSL_DES, 0, 0, 0, 0, SSL_ENC_MASK, 0},
+ {0, SSL_TXT_3DES, 0, SSL_3DES, 0, 0, 0, 0, SSL_ENC_MASK, 0},
+ {0, SSL_TXT_RC4, 0, SSL_RC4, 0, 0, 0, 0, SSL_ENC_MASK, 0},
+ {0, SSL_TXT_RC2, 0, SSL_RC2, 0, 0, 0, 0, SSL_ENC_MASK, 0},
+#ifndef OPENSSL_NO_IDEA
+ {0, SSL_TXT_IDEA, 0, SSL_IDEA, 0, 0, 0, 0, SSL_ENC_MASK, 0},
+#endif
+ {0, SSL_TXT_SEED, 0, SSL_SEED, 0, 0, 0, 0, SSL_ENC_MASK, 0},
+ {0, SSL_TXT_eNULL, 0, SSL_eNULL, 0, 0, 0, 0, SSL_ENC_MASK, 0},
+ {0, SSL_TXT_eFZA, 0, SSL_eFZA, 0, 0, 0, 0, SSL_ENC_MASK, 0},
+ {0, SSL_TXT_AES, 0, SSL_AES, 0, 0, 0, 0, SSL_ENC_MASK, 0},
+ {0, SSL_TXT_CAMELLIA, 0, SSL_CAMELLIA, 0, 0, 0, 0, SSL_ENC_MASK, 0},
+
+ {0, SSL_TXT_MD5, 0, SSL_MD5, 0, 0, 0, 0, SSL_MAC_MASK, 0},
+ {0, SSL_TXT_SHA1, 0, SSL_SHA1, 0, 0, 0, 0, SSL_MAC_MASK, 0},
+ {0, SSL_TXT_SHA, 0, SSL_SHA, 0, 0, 0, 0, SSL_MAC_MASK, 0},
+
+ {0, SSL_TXT_NULL, 0, SSL_NULL, 0, 0, 0, 0, SSL_ENC_MASK, 0},
+ {0, SSL_TXT_KRB5, 0, SSL_KRB5, 0, 0, 0, 0, SSL_AUTH_MASK | SSL_MKEY_MASK,
+ 0},
+ {0, SSL_TXT_RSA, 0, SSL_RSA, 0, 0, 0, 0, SSL_AUTH_MASK | SSL_MKEY_MASK,
+ 0},
+ {0, SSL_TXT_ADH, 0, SSL_ADH, 0, 0, 0, 0, SSL_AUTH_MASK | SSL_MKEY_MASK,
+ 0},
+ {0, SSL_TXT_FZA, 0, SSL_FZA, 0, 0, 0, 0,
+ SSL_AUTH_MASK | SSL_MKEY_MASK | SSL_ENC_MASK, 0},
+
+ {0, SSL_TXT_SSLV2, 0, SSL_SSLV2, 0, 0, 0, 0, SSL_SSL_MASK, 0},
+ {0, SSL_TXT_SSLV3, 0, SSL_SSLV3, 0, 0, 0, 0, SSL_SSL_MASK, 0},
+ {0, SSL_TXT_TLSV1, 0, SSL_TLSV1, 0, 0, 0, 0, SSL_SSL_MASK, 0},
+
+ {0, SSL_TXT_EXP, 0, 0, SSL_EXPORT, 0, 0, 0, 0, SSL_EXP_MASK},
+ {0, SSL_TXT_EXPORT, 0, 0, SSL_EXPORT, 0, 0, 0, 0, SSL_EXP_MASK},
+ {0, SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0, 0, 0, 0, SSL_STRONG_MASK},
+ {0, SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0, 0, 0, 0, SSL_STRONG_MASK},
+ {0, SSL_TXT_LOW, 0, 0, SSL_LOW, 0, 0, 0, 0, SSL_STRONG_MASK},
+ {0, SSL_TXT_MEDIUM, 0, 0, SSL_MEDIUM, 0, 0, 0, 0, SSL_STRONG_MASK},
+ {0, SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0, 0, 0, 0, SSL_STRONG_MASK},
+ {0, SSL_TXT_FIPS, 0, 0, SSL_FIPS, 0, 0, 0, 0, SSL_FIPS | SSL_STRONG_NONE},
+};
+
+void ssl_load_ciphers(void)
+{
+ ssl_cipher_methods[SSL_ENC_DES_IDX] = EVP_get_cipherbyname(SN_des_cbc);
+ ssl_cipher_methods[SSL_ENC_3DES_IDX] =
+ EVP_get_cipherbyname(SN_des_ede3_cbc);
+ ssl_cipher_methods[SSL_ENC_RC4_IDX] = EVP_get_cipherbyname(SN_rc4);
+ ssl_cipher_methods[SSL_ENC_RC2_IDX] = EVP_get_cipherbyname(SN_rc2_cbc);
+#ifndef OPENSSL_NO_IDEA
+ ssl_cipher_methods[SSL_ENC_IDEA_IDX] = EVP_get_cipherbyname(SN_idea_cbc);
+#else
+ ssl_cipher_methods[SSL_ENC_IDEA_IDX] = NULL;
+#endif
+ ssl_cipher_methods[SSL_ENC_AES128_IDX] =
+ EVP_get_cipherbyname(SN_aes_128_cbc);
+ ssl_cipher_methods[SSL_ENC_AES256_IDX] =
+ EVP_get_cipherbyname(SN_aes_256_cbc);
+ ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] =
+ EVP_get_cipherbyname(SN_camellia_128_cbc);
+ ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] =
+ EVP_get_cipherbyname(SN_camellia_256_cbc);
+ ssl_cipher_methods[SSL_ENC_SEED_IDX] = EVP_get_cipherbyname(SN_seed_cbc);
+
+ ssl_digest_methods[SSL_MD_MD5_IDX] = EVP_get_digestbyname(SN_md5);
+ ssl_digest_methods[SSL_MD_SHA1_IDX] = EVP_get_digestbyname(SN_sha1);
+}
+
+#ifndef OPENSSL_NO_COMP
+
+static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b)
+{
+ return ((*a)->id - (*b)->id);
+}
+
+static void load_builtin_compressions(void)
+{
+ int got_write_lock = 0;
+
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL);
+ if (ssl_comp_methods == NULL) {
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+ got_write_lock = 1;
+
+ if (ssl_comp_methods == NULL) {
+ SSL_COMP *comp = NULL;
+
+ MemCheck_off();
+ ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
+ if (ssl_comp_methods != NULL) {
+ comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+ if (comp != NULL) {
+ comp->method = COMP_zlib();
+ if (comp->method && comp->method->type == NID_undef)
+ OPENSSL_free(comp);
+ else {
+ comp->id = SSL_COMP_ZLIB_IDX;
+ comp->name = comp->method->name;
+ sk_SSL_COMP_push(ssl_comp_methods, comp);
+ }
+ }
+ sk_SSL_COMP_sort(ssl_comp_methods);
+ }
+ MemCheck_on();
+ }
+ }
+
+ if (got_write_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+ else
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
+}
+#endif
+
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+ const EVP_MD **md, SSL_COMP **comp)
+{
+ int i;
+ SSL_CIPHER *c;
+
+ c = s->cipher;
+ if (c == NULL)
+ return (0);
+ if (comp != NULL) {
+ SSL_COMP ctmp;
+#ifndef OPENSSL_NO_COMP
+ load_builtin_compressions();
+#endif
+
+ *comp = NULL;
+ ctmp.id = s->compress_meth;
+ if (ssl_comp_methods != NULL) {
+ i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
+ if (i >= 0)
+ *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
+ else
+ *comp = NULL;
+ }
+ }
+
+ if ((enc == NULL) || (md == NULL))
+ return (0);
+
+ switch (c->algorithms & SSL_ENC_MASK) {
+ case SSL_DES:
+ i = SSL_ENC_DES_IDX;
+ break;
+ case SSL_3DES:
+ i = SSL_ENC_3DES_IDX;
+ break;
+ case SSL_RC4:
+ i = SSL_ENC_RC4_IDX;
+ break;
+ case SSL_RC2:
+ i = SSL_ENC_RC2_IDX;
+ break;
+ case SSL_IDEA:
+ i = SSL_ENC_IDEA_IDX;
+ break;
+ case SSL_eNULL:
+ i = SSL_ENC_NULL_IDX;
+ break;
+ case SSL_AES:
+ switch (c->alg_bits) {
+ case 128:
+ i = SSL_ENC_AES128_IDX;
+ break;
+ case 256:
+ i = SSL_ENC_AES256_IDX;
+ break;
+ default:
+ i = -1;
+ break;
+ }
+ break;
+ case SSL_CAMELLIA:
+ switch (c->alg_bits) {
+ case 128:
+ i = SSL_ENC_CAMELLIA128_IDX;
+ break;
+ case 256:
+ i = SSL_ENC_CAMELLIA256_IDX;
+ break;
+ default:
+ i = -1;
+ break;
+ }
+ break;
+ case SSL_SEED:
+ i = SSL_ENC_SEED_IDX;
+ break;
+
+ default:
+ i = -1;
+ break;
+ }
+
+ if ((i < 0) || (i >= SSL_ENC_NUM_IDX))
+ *enc = NULL;
+ else {
+ if (i == SSL_ENC_NULL_IDX)
+ *enc = EVP_enc_null();
+ else
+ *enc = ssl_cipher_methods[i];
+ }
+
+ switch (c->algorithms & SSL_MAC_MASK) {
+ case SSL_MD5:
+ i = SSL_MD_MD5_IDX;
+ break;
+ case SSL_SHA1:
+ i = SSL_MD_SHA1_IDX;
+ break;
+ default:
+ i = -1;
+ break;
+ }
+ if ((i < 0) || (i >= SSL_MD_NUM_IDX))
+ *md = NULL;
+ else
+ *md = ssl_digest_methods[i];
+
+ if ((*enc != NULL) && (*md != NULL))
+ return (1);
+ else
+ return (0);
+}
+
+#define ITEM_SEP(a) \
+ (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
+
+static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+ CIPHER_ORDER **tail)
+{
+ if (curr == *tail)
+ return;
+ if (curr == *head)
+ *head = curr->next;
+ if (curr->prev != NULL)
+ curr->prev->next = curr->next;
+ if (curr->next != NULL) /* should always be true */
+ curr->next->prev = curr->prev;
+ (*tail)->next = curr;
+ curr->prev = *tail;
+ curr->next = NULL;
+ *tail = curr;
+}
+
+struct disabled_masks { /* This is a kludge no longer needed with
+ * OpenSSL 0.9.9, where 128-bit and 256-bit
+ * algorithms simply will get separate bits. */
+ unsigned long mask; /* everything except m256 */
+ unsigned long m256; /* applies to 256-bit algorithms only */
+};
+
+static struct disabled_masks ssl_cipher_get_disabled(void)
+{
+ unsigned long mask;
+ unsigned long m256;
+ struct disabled_masks ret;
+
+ mask = SSL_kFZA;
+#ifdef OPENSSL_NO_RSA
+ mask |= SSL_aRSA | SSL_kRSA;
+#endif
+#ifdef OPENSSL_NO_DSA
+ mask |= SSL_aDSS;
+#endif
+#ifdef OPENSSL_NO_DH
+ mask |= SSL_kDHr | SSL_kDHd | SSL_kEDH | SSL_aDH;
+#endif
+#ifdef OPENSSL_NO_KRB5
+ mask |= SSL_kKRB5 | SSL_aKRB5;
+#endif
+#ifdef OPENSSL_NO_ECDH
+ mask |= SSL_kECDH | SSL_kECDHE;
+#endif
+#ifdef SSL_FORBID_ENULL
+ mask |= SSL_eNULL;
+#endif
+
+ mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX] == NULL) ? SSL_DES : 0;
+ mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES : 0;
+ mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX] == NULL) ? SSL_RC4 : 0;
+ mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX] == NULL) ? SSL_RC2 : 0;
+ mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA : 0;
+ mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA : 0;
+ mask |= (ssl_cipher_methods[SSL_ENC_SEED_IDX] == NULL) ? SSL_SEED : 0;
+
+ mask |= (ssl_digest_methods[SSL_MD_MD5_IDX] == NULL) ? SSL_MD5 : 0;
+ mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1 : 0;
+
+ /* finally consider algorithms where mask and m256 differ */
+ m256 = mask;
+ mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES : 0;
+ mask |=
+ (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] ==
+ NULL) ? SSL_CAMELLIA : 0;
+ m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES : 0;
+ m256 |=
+ (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] ==
+ NULL) ? SSL_CAMELLIA : 0;
+
+ ret.mask = mask;
+ ret.m256 = m256;
+ return ret;
+}
+
+static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
+ int num_of_ciphers, unsigned long mask,
+ unsigned long m256,
+ CIPHER_ORDER *co_list,
+ CIPHER_ORDER **head_p,
+ CIPHER_ORDER **tail_p)
+{
+ int i, co_list_num;
+ SSL_CIPHER *c;
+
+ /*
+ * We have num_of_ciphers descriptions compiled in, depending on the
+ * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
+ * These will later be sorted in a linked list with at most num
+ * entries.
+ */
+
+ /* Get the initial list of ciphers */
+ co_list_num = 0; /* actual count of ciphers */
+ for (i = 0; i < num_of_ciphers; i++) {
+ c = ssl_method->get_cipher(i);
+#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
+ /* drop those that use any of that is not available */
+#ifdef OPENSSL_FIPS
+ if ((c != NULL) && c->valid && !IS_MASKED(c)
+ && (!FIPS_mode() || (c->algo_strength & SSL_FIPS)))
+#else
+ if ((c != NULL) && c->valid && !IS_MASKED(c))
+#endif
+ {
+ co_list[co_list_num].cipher = c;
+ co_list[co_list_num].next = NULL;
+ co_list[co_list_num].prev = NULL;
+ co_list[co_list_num].active = 0;
+ co_list_num++;
+#ifdef KSSL_DEBUG
+ printf("\t%d: %s %lx %lx\n", i, c->name, c->id, c->algorithms);
+#endif /* KSSL_DEBUG */
+ /*
+ * if (!sk_push(ca_list,(char *)c)) goto err;
+ */
+ }
+ }
+
+ /*
+ * Prepare linked list from list entries
+ */
+ for (i = 1; i < co_list_num - 1; i++) {
+ co_list[i].prev = &(co_list[i - 1]);
+ co_list[i].next = &(co_list[i + 1]);
+ }
+ if (co_list_num > 0) {
+ (*head_p) = &(co_list[0]);
+ (*head_p)->prev = NULL;
+ (*head_p)->next = &(co_list[1]);
+ (*tail_p) = &(co_list[co_list_num - 1]);
+ (*tail_p)->prev = &(co_list[co_list_num - 2]);
+ (*tail_p)->next = NULL;
+ }
+}
+
+static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
+ int num_of_group_aliases,
+ unsigned long mask, CIPHER_ORDER *head)
+{
+ CIPHER_ORDER *ciph_curr;
+ SSL_CIPHER **ca_curr;
+ int i;
+
+ /*
+ * First, add the real ciphers as already collected
+ */
+ ciph_curr = head;
+ ca_curr = ca_list;
+ while (ciph_curr != NULL) {
+ *ca_curr = ciph_curr->cipher;
+ ca_curr++;
+ ciph_curr = ciph_curr->next;
+ }
+
+ /*
+ * Now we add the available ones from the cipher_aliases[] table.
+ * They represent either an algorithm, that must be fully
+ * supported (not match any bit in mask) or represent a cipher
+ * strength value (will be added in any case because algorithms=0).
+ */
+ for (i = 0; i < num_of_group_aliases; i++) {
+ if ((i == 0) || /* always fetch "ALL" */
+ !(cipher_aliases[i].algorithms & mask)) {
+ *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
+ ca_curr++;
+ }
+ }
+
+ *ca_curr = NULL; /* end of list */
+}
+
+static void ssl_cipher_apply_rule(unsigned long cipher_id,
+ unsigned long ssl_version,
+ unsigned long algorithms,
+ unsigned long mask,
+ unsigned long algo_strength,
+ unsigned long mask_strength, int rule,
+ int strength_bits, CIPHER_ORDER *co_list,
+ CIPHER_ORDER **head_p,
+ CIPHER_ORDER **tail_p)
+{
+ CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
+ SSL_CIPHER *cp;
+ unsigned long ma, ma_s;
+
+#ifdef CIPHER_DEBUG
+ printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
+ rule, algorithms, mask, algo_strength, mask_strength,
+ strength_bits);
+#endif
+
+ curr = head = *head_p;
+ curr2 = head;
+ tail2 = tail = *tail_p;
+ for (;;) {
+ if ((curr == NULL) || (curr == tail2))
+ break;
+ curr = curr2;
+ curr2 = curr->next;
+
+ cp = curr->cipher;
+ /* Special case: only satisfied by COMPLEMENTOFDEFAULT */
+ if (algo_strength == SSL_EXP_MASK) {
+ if ((SSL_C_IS_EXPORT(cp) || cp->algorithms & SSL_SSLV2
+ || cp->algorithms & SSL_aNULL)
+ && !(cp->algorithms & (SSL_kECDHE|SSL_kECDH)))
+ goto ok;
+ else
+ continue;
+ }
+
+ /*
+ * If explicit cipher suite, match only that one for its own protocol
+ * version. Usual selection criteria will be used for similar
+ * ciphersuites from other version!
+ */
+
+ if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version) {
+ if (cp->id != cipher_id)
+ continue;
+ }
+
+ /*
+ * Selection criteria is either the number of strength_bits
+ * or the algorithm used.
+ */
+ else if (strength_bits == -1) {
+ ma = mask & cp->algorithms;
+ ma_s = mask_strength & cp->algo_strength;
+
+#ifdef CIPHER_DEBUG
+ printf
+ ("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n",
+ cp->name, cp->algorithms, cp->algo_strength, mask,
+ mask_strength);
+ printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n",
+ ma, ma_s, ma & algorithms, ma_s & algo_strength);
+#endif
+ /*
+ * Select: if none of the mask bit was met from the
+ * cipher or not all of the bits were met, the
+ * selection does not apply.
+ */
+ if (((ma == 0) && (ma_s == 0)) ||
+ ((ma & algorithms) != ma) || ((ma_s & algo_strength) != ma_s))
+ continue; /* does not apply */
+ } else if (strength_bits != cp->strength_bits)
+ continue; /* does not apply */
+
+ ok:
+
+#ifdef CIPHER_DEBUG
+ printf("Action = %d\n", rule);
+#endif
+
+ /* add the cipher if it has not been added yet. */
+ if (rule == CIPHER_ADD) {
+ if (!curr->active) {
+ int add_this_cipher = 1;
+
+ if (((cp->algorithms & (SSL_kECDHE | SSL_kECDH | SSL_aECDSA))
+ != 0)) {
+ /*
+ * Make sure "ECCdraft" ciphersuites are activated only
+ * if *explicitly* requested, but not implicitly (such as
+ * as part of the "AES" alias).
+ */
+
+ add_this_cipher =
+ (mask & (SSL_kECDHE | SSL_kECDH | SSL_aECDSA)) != 0
+ || cipher_id != 0;
+ }
+
+ if (add_this_cipher) {
+ ll_append_tail(&head, curr, &tail);
+ curr->active = 1;
+ }
+ }
+ }
+ /* Move the added cipher to this location */
+ else if (rule == CIPHER_ORD) {
+ if (curr->active) {
+ ll_append_tail(&head, curr, &tail);
+ }
+ } else if (rule == CIPHER_DEL)
+ curr->active = 0;
+ else if (rule == CIPHER_KILL) {
+ if (head == curr)
+ head = curr->next;
+ else
+ curr->prev->next = curr->next;
+ if (tail == curr)
+ tail = curr->prev;
+ curr->active = 0;
+ if (curr->next != NULL)
+ curr->next->prev = curr->prev;
+ if (curr->prev != NULL)
+ curr->prev->next = curr->next;
+ curr->next = NULL;
+ curr->prev = NULL;
+ }
+ }
+
+ *head_p = head;
+ *tail_p = tail;
+}
+
+static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
+ CIPHER_ORDER **head_p,
+ CIPHER_ORDER **tail_p)
+{
+ int max_strength_bits, i, *number_uses;
+ CIPHER_ORDER *curr;
+
+ /*
+ * This routine sorts the ciphers with descending strength. The sorting
+ * must keep the pre-sorted sequence, so we apply the normal sorting
+ * routine as '+' movement to the end of the list.
+ */
+ max_strength_bits = 0;
+ curr = *head_p;
+ while (curr != NULL) {
+ if (curr->active && (curr->cipher->strength_bits > max_strength_bits))
+ max_strength_bits = curr->cipher->strength_bits;
+ curr = curr->next;
+ }
+
+ number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
+ if (!number_uses) {
+ SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
+
+ /*
+ * Now find the strength_bits values actually used
+ */
+ curr = *head_p;
+ while (curr != NULL) {
+ if (curr->active)
+ number_uses[curr->cipher->strength_bits]++;
+ curr = curr->next;
+ }
+ /*
+ * Go through the list of used strength_bits values in descending
+ * order.
+ */
+ for (i = max_strength_bits; i >= 0; i--)
+ if (number_uses[i] > 0)
+ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,
+ co_list, head_p, tail_p);
+
+ OPENSSL_free(number_uses);
+ return (1);
+}
+
+static int ssl_cipher_process_rulestr(const char *rule_str,
+ CIPHER_ORDER *co_list,
+ CIPHER_ORDER **head_p,
+ CIPHER_ORDER **tail_p,
+ SSL_CIPHER **ca_list)
+{
+ unsigned long algorithms, mask, algo_strength, mask_strength;
+ const char *l, *buf;
+ int j, multi, found, rule, retval, ok, buflen;
+ unsigned long cipher_id = 0, ssl_version = 0;
+ char ch;
+
+ retval = 1;
+ l = rule_str;
+ for (;;) {
+ ch = *l;
+
+ if (ch == '\0')
+ break; /* done */
+ if (ch == '-') {
+ rule = CIPHER_DEL;
+ l++;
+ } else if (ch == '+') {
+ rule = CIPHER_ORD;
+ l++;
+ } else if (ch == '!') {
+ rule = CIPHER_KILL;
+ l++;
+ } else if (ch == '@') {
+ rule = CIPHER_SPECIAL;
+ l++;
+ } else {
+ rule = CIPHER_ADD;
+ }
+
+ if (ITEM_SEP(ch)) {
+ l++;
+ continue;
+ }
+
+ algorithms = mask = algo_strength = mask_strength = 0;
+
+ for (;;) {
+ ch = *l;
+ buf = l;
+ buflen = 0;
+#ifndef CHARSET_EBCDIC
+ while (((ch >= 'A') && (ch <= 'Z')) ||
+ ((ch >= '0') && (ch <= '9')) ||
+ ((ch >= 'a') && (ch <= 'z')) || (ch == '-'))
+#else
+ while (isalnum(ch) || (ch == '-'))
+#endif
+ {
+ ch = *(++l);
+ buflen++;
+ }
+
+ if (buflen == 0) {
+ /*
+ * We hit something we cannot deal with,
+ * it is no command or separator nor
+ * alphanumeric, so we call this an error.
+ */
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+ SSL_R_INVALID_COMMAND);
+ retval = found = 0;
+ l++;
+ break;
+ }
+
+ if (rule == CIPHER_SPECIAL) {
+ found = 0; /* unused -- avoid compiler warning */
+ break; /* special treatment */
+ }
+
+ /* check for multi-part specification */
+ if (ch == '+') {
+ multi = 1;
+ l++;
+ } else
+ multi = 0;
+
+ /*
+ * Now search for the cipher alias in the ca_list. Be careful
+ * with the strncmp, because the "buflen" limitation
+ * will make the rule "ADH:SOME" and the cipher
+ * "ADH-MY-CIPHER" look like a match for buflen=3.
+ * So additionally check whether the cipher name found
+ * has the correct length. We can save a strlen() call:
+ * just checking for the '\0' at the right place is
+ * sufficient, we have to strncmp() anyway. (We cannot
+ * use strcmp(), because buf is not '\0' terminated.)
+ */
+ j = found = 0;
+ cipher_id = 0;
+ ssl_version = 0;
+ while (ca_list[j]) {
+ if (!strncmp(buf, ca_list[j]->name, buflen) &&
+ (ca_list[j]->name[buflen] == '\0')) {
+ found = 1;
+ break;
+ } else
+ j++;
+ }
+ if (!found)
+ break; /* ignore this entry */
+
+ /*-
+ * New algorithms:
+ * 1 - any old restrictions apply outside new mask
+ * 2 - any new restrictions apply outside old mask
+ * 3 - enforce old & new where masks intersect
+ */
+ algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */
+ (ca_list[j]->algorithms & ~mask) | /* 2 */
+ (algorithms & ca_list[j]->algorithms); /* 3 */
+ mask |= ca_list[j]->mask;
+ algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
+ (ca_list[j]->algo_strength & ~mask_strength) |
+ (algo_strength & ca_list[j]->algo_strength);
+ mask_strength |= ca_list[j]->mask_strength;
+
+ /* explicit ciphersuite found */
+ if (ca_list[j]->valid) {
+ cipher_id = ca_list[j]->id;
+ ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
+ break;
+ }
+
+ if (!multi)
+ break;
+ }
+
+ /*
+ * Ok, we have the rule, now apply it
+ */
+ if (rule == CIPHER_SPECIAL) { /* special command */
+ ok = 0;
+ if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8))
+ ok = ssl_cipher_strength_sort(co_list, head_p, tail_p);
+ else
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+ SSL_R_INVALID_COMMAND);
+ if (ok == 0)
+ retval = 0;
+ /*
+ * We do not support any "multi" options
+ * together with "@", so throw away the
+ * rest of the command, if any left, until
+ * end or ':' is found.
+ */
+ while ((*l != '\0') && !ITEM_SEP(*l))
+ l++;
+ } else if (found) {
+ ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,
+ algo_strength, mask_strength, rule, -1,
+ co_list, head_p, tail_p);
+ } else {
+ while ((*l != '\0') && !ITEM_SEP(*l))
+ l++;
+ }
+ if (*l == '\0')
+ break; /* done */
+ }
+
+ return (retval);
+}
+
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK_OF(SSL_CIPHER)
+ **cipher_list, STACK_OF(SSL_CIPHER)
+ **cipher_list_by_id,
+ const char *rule_str)
+{
+ int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
+ unsigned long disabled_mask;
+ unsigned long disabled_m256;
+ STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
+ const char *rule_p;
+ CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
+ SSL_CIPHER **ca_list = NULL;
+
+ /*
+ * Return with error if nothing to do.
+ */
+ if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
+ return NULL;
+
+ /*
+ * To reduce the work to do we only want to process the compiled
+ * in algorithms, so we first get the mask of disabled ciphers.
+ */
+ {
+ struct disabled_masks d;
+ d = ssl_cipher_get_disabled();
+ disabled_mask = d.mask;
+ disabled_m256 = d.m256;
+ }
+
+ /*
+ * Now we have to collect the available ciphers from the compiled
+ * in ciphers. We cannot get more than the number compiled in, so
+ * it is used for allocation.
+ */
+ num_of_ciphers = ssl_method->num_ciphers();
+#ifdef KSSL_DEBUG
+ printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
+#endif /* KSSL_DEBUG */
+ co_list =
+ (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+ if (co_list == NULL) {
+ SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+ return (NULL); /* Failure */
+ }
+
+ ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
+ disabled_m256, co_list, &head, &tail);
+
+ /*
+ * We also need cipher aliases for selecting based on the rule_str.
+ * There might be two types of entries in the rule_str: 1) names
+ * of ciphers themselves 2) aliases for groups of ciphers.
+ * For 1) we need the available ciphers and for 2) the cipher
+ * groups of cipher_aliases added together in one list (otherwise
+ * we would be happy with just the cipher_aliases table).
+ */
+ num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
+ num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
+ ca_list =
+ (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) *
+ num_of_alias_max);
+ if (ca_list == NULL) {
+ OPENSSL_free(co_list);
+ SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+ return (NULL); /* Failure */
+ }
+ ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
+ (disabled_mask & disabled_m256), head);
+
+ /*
+ * If the rule_string begins with DEFAULT, apply the default rule
+ * before using the (possibly available) additional rules.
+ */
+ ok = 1;
+ rule_p = rule_str;
+ if (strncmp(rule_str, "DEFAULT", 7) == 0) {
+ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
+ co_list, &head, &tail, ca_list);
+ rule_p += 7;
+ if (*rule_p == ':')
+ rule_p++;
+ }
+
+ if (ok && (strlen(rule_p) > 0))
+ ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
+ ca_list);
+
+ OPENSSL_free(ca_list); /* Not needed anymore */
+
+ if (!ok) { /* Rule processing failure */
+ OPENSSL_free(co_list);
+ return (NULL);
+ }
+ /*
+ * Allocate new "cipherstack" for the result, return with error
+ * if we cannot get one.
+ */
+ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
+ OPENSSL_free(co_list);
+ return (NULL);
+ }
+
+ /*
+ * The cipher selection for the list is done. The ciphers are added
+ * to the resulting precedence to the STACK_OF(SSL_CIPHER).
+ */
+ for (curr = head; curr != NULL; curr = curr->next) {
+#ifdef OPENSSL_FIPS
+ if (curr->active
+ && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
+#else
+ if (curr->active)
+#endif
+ {
+ sk_SSL_CIPHER_push(cipherstack, curr->cipher);
+#ifdef CIPHER_DEBUG
+ printf("<%s>\n", curr->cipher->name);
+#endif
+ }
+ }
+ OPENSSL_free(co_list); /* Not needed any longer */
+
+ tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
+ if (tmp_cipher_list == NULL) {
+ sk_SSL_CIPHER_free(cipherstack);
+ return NULL;
+ }
+ if (*cipher_list != NULL)
+ sk_SSL_CIPHER_free(*cipher_list);
+ *cipher_list = cipherstack;
+ if (*cipher_list_by_id != NULL)
+ sk_SSL_CIPHER_free(*cipher_list_by_id);
+ *cipher_list_by_id = tmp_cipher_list;
+ (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,
+ ssl_cipher_ptr_id_cmp);
+
+ sk_SSL_CIPHER_sort(*cipher_list_by_id);
+ return (cipherstack);
+}
+
+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
+{
+ int is_export, pkl, kl;
+ const char *ver, *exp_str;
+ const char *kx, *au, *enc, *mac;
+ unsigned long alg, alg2;
+#ifdef KSSL_DEBUG
+ static const char *format =
+ "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
+#else
+ static const char *format =
+ "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
+#endif /* KSSL_DEBUG */
+
+ alg = cipher->algorithms;
+ alg2 = cipher->algorithm2;
+
+ is_export = SSL_C_IS_EXPORT(cipher);
+ pkl = SSL_C_EXPORT_PKEYLENGTH(cipher);
+ kl = SSL_C_EXPORT_KEYLENGTH(cipher);
+ exp_str = is_export ? " export" : "";
+
+ if (alg & SSL_SSLV2)
+ ver = "SSLv2";
+ else if (alg & SSL_SSLV3)
+ ver = "SSLv3";
+ else
+ ver = "unknown";
+
+ switch (alg & SSL_MKEY_MASK) {
+ case SSL_kRSA:
+ kx = is_export ? (pkl == 512 ? "RSA(512)" : "RSA(1024)") : "RSA";
+ break;
+ case SSL_kDHr:
+ kx = "DH/RSA";
+ break;
+ case SSL_kDHd:
+ kx = "DH/DSS";
+ break;
+ case SSL_kKRB5: /* VRS */
+ case SSL_KRB5: /* VRS */
+ kx = "KRB5";
+ break;
+ case SSL_kFZA:
+ kx = "Fortezza";
+ break;
+ case SSL_kEDH:
+ kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH";
+ break;
+ case SSL_kECDH:
+ case SSL_kECDHE:
+ kx = is_export ? "ECDH(<=163)" : "ECDH";
+ break;
+ default:
+ kx = "unknown";
+ }
+
+ switch (alg & SSL_AUTH_MASK) {
+ case SSL_aRSA:
+ au = "RSA";
+ break;
+ case SSL_aDSS:
+ au = "DSS";
+ break;
+ case SSL_aDH:
+ au = "DH";
+ break;
+ case SSL_aKRB5: /* VRS */
+ case SSL_KRB5: /* VRS */
+ au = "KRB5";
+ break;
+ case SSL_aFZA:
+ case SSL_aNULL:
+ au = "None";
+ break;
+ case SSL_aECDSA:
+ au = "ECDSA";
+ break;
+ default:
+ au = "unknown";
+ break;
+ }
+
+ switch (alg & SSL_ENC_MASK) {
+ case SSL_DES:
+ enc = (is_export && kl == 5) ? "DES(40)" : "DES(56)";
+ break;
+ case SSL_3DES:
+ enc = "3DES(168)";
+ break;
+ case SSL_RC4:
+ enc = is_export ? (kl == 5 ? "RC4(40)" : "RC4(56)")
+ : ((alg2 & SSL2_CF_8_BYTE_ENC) ? "RC4(64)" : "RC4(128)");
+ break;
+ case SSL_RC2:
+ enc = is_export ? (kl == 5 ? "RC2(40)" : "RC2(56)") : "RC2(128)";
+ break;
+ case SSL_IDEA:
+ enc = "IDEA(128)";
+ break;
+ case SSL_eFZA:
+ enc = "Fortezza";
+ break;
+ case SSL_eNULL:
+ enc = "None";
+ break;
+ case SSL_AES:
+ switch (cipher->strength_bits) {
+ case 128:
+ enc = "AES(128)";
+ break;
+ case 192:
+ enc = "AES(192)";
+ break;
+ case 256:
+ enc = "AES(256)";
+ break;
+ default:
+ enc = "AES(?" "?" "?)";
+ break;
+ }
+ break;
+ case SSL_CAMELLIA:
+ switch (cipher->strength_bits) {
+ case 128:
+ enc = "Camellia(128)";
+ break;
+ case 256:
+ enc = "Camellia(256)";
+ break;
+ default:
+ enc = "Camellia(?" "?" "?)";
+ break;
+ }
+ break;
+ case SSL_SEED:
+ enc = "SEED(128)";
+ break;
+
+ default:
+ enc = "unknown";
+ break;
+ }
+
+ switch (alg & SSL_MAC_MASK) {
+ case SSL_MD5:
+ mac = "MD5";
+ break;
+ case SSL_SHA1:
+ mac = "SHA1";
+ break;
+ default:
+ mac = "unknown";
+ break;
+ }
+
+ if (buf == NULL) {
+ len = 128;
+ buf = OPENSSL_malloc(len);
+ if (buf == NULL)
+ return ("OPENSSL_malloc Error");
+ } else if (len < 128)
+ return ("Buffer too small");
+
+#ifdef KSSL_DEBUG
+ BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
+ exp_str, alg);
+#else
+ BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac,
+ exp_str);
+#endif /* KSSL_DEBUG */
+ return (buf);
+}
+
+char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
+{
+ int i;
+
+ if (c == NULL)
+ return ("(NONE)");
+ i = (int)(c->id >> 24L);
+ if (i == 3)
+ return ("TLSv1/SSLv3");
+ else if (i == 2)
+ return ("SSLv2");
+ else
+ return ("unknown");
+}
+
+/* return the actual cipher being used */
+const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
+{
+ if (c != NULL)
+ return (c->name);
+ return ("(NONE)");
+}
+
+/* number of bits for symmetric cipher */
+int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
+{
+ int ret = 0;
+
+ if (c != NULL) {
+ if (alg_bits != NULL)
+ *alg_bits = c->alg_bits;
+ ret = c->strength_bits;
+ }
+ return (ret);
+}
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
+{
+ SSL_COMP *ctmp;
+ int i, nn;
+
+ if ((n == 0) || (sk == NULL))
+ return (NULL);
+ nn = sk_SSL_COMP_num(sk);
+ for (i = 0; i < nn; i++) {
+ ctmp = sk_SSL_COMP_value(sk, i);
+ if (ctmp->id == n)
+ return (ctmp);
+ }
+ return (NULL);
+}
+
+#ifdef OPENSSL_NO_COMP
+void *SSL_COMP_get_compression_methods(void)
+{
+ return NULL;
+}
+
+int SSL_COMP_add_compression_method(int id, void *cm)
+{
+ return 1;
+}
+
+const char *SSL_COMP_get_name(const void *comp)
+{
+ return NULL;
+}
+#else
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+{
+ load_builtin_compressions();
+ return (ssl_comp_methods);
+}
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+{
+ SSL_COMP *comp;
+
+ if (cm == NULL || cm->type == NID_undef)
+ return 1;
+
+ /*-
+ * According to draft-ietf-tls-compression-04.txt, the
+ * compression number ranges should be the following:
+ *
+ * 0 to 63: methods defined by the IETF
+ * 64 to 192: external party methods assigned by IANA
+ * 193 to 255: reserved for private use
+ */
+ if (id < 193 || id > 255) {
+ SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
+ SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
+ return 0;
+ }
+
+ MemCheck_off();
+ comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+ comp->id = id;
+ comp->method = cm;
+ load_builtin_compressions();
+ if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
+ OPENSSL_free(comp);
+ MemCheck_on();
+ SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
+ SSL_R_DUPLICATE_COMPRESSION_ID);
+ return (1);
+ } else if ((ssl_comp_methods == NULL)
+ || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
+ OPENSSL_free(comp);
+ MemCheck_on();
+ SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
+ return (1);
+ } else {
+ MemCheck_on();
+ return (0);
+ }
+}
+
+const char *SSL_COMP_get_name(const COMP_METHOD *comp)
+{
+ if (comp)
+ return comp->name;
+ return NULL;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_err.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_err.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,545 +0,0 @@
-/* ssl/ssl_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
-
-static ERR_STRING_DATA SSL_str_functs[]=
- {
-{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
-{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
-{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
-{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
-{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
-{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
-{ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
-{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
-{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"},
-{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
-{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
-{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
-{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
-{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
-{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
-{ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"},
-{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
-{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
-{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
-{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
-{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"},
-{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"},
-{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
-{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
-{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
-{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
-{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
-{ERR_FUNC(SSL_F_READ_N), "READ_N"},
-{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
-{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
-{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
-{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
-{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
-{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
-{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
-{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
-{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
-{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
-{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"},
-{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
-{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
-{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
-{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
-{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
-{ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
-{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
-{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
-{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
-{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
-{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
-{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
-{ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC), "SSL3_DO_CHANGE_CIPHER_SPEC"},
-{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
-{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
-{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
-{ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
-{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
-{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
-{ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"},
-{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
-{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
-{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
-{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
-{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS), "SSL3_SETUP_BUFFERS"},
-{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
-{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
-{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
-{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
-{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT), "SSL_ADD_CLIENTHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
-{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
-{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT), "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
-{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT), "SSL_ADD_SERVERHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
-{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
-{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
-{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
-{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
-{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
-{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
-{ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT), "SSL_CHECK_SERVERHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
-{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
-{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
-{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
-{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
-{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
-{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
-{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE), "SSL_CTX_set_client_cert_engine"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
-{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
-{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
-{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
-{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"},
-{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
-{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
-{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
-{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
-{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT), "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
-{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT), "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
-{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
-{ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT), "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT), "SSL_PREPARE_SERVERHELLO_TLSEXT"},
-{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
-{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
-{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
-{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
-{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
-{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
-{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
-{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
-{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
-{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
-{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
-{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
-{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
-{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
-{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
-{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
-{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
-{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
-{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
-{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"},
-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
-{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
-{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
-{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
-{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
-{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA SSL_str_reasons[]=
- {
-{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},
-{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},
-{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"},
-{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
-{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
-{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"},
-{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
-{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"},
-{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"},
-{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},
-{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"},
-{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"},
-{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"},
-{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"},
-{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"},
-{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"},
-{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
-{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
-{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
-{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"},
-{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"},
-{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
-{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
-{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"},
-{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"},
-{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"},
-{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
-{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"},
-{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"},
-{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"},
-{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
-{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"},
-{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"},
-{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},
-{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
-{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},
-{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
-{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
-{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
-{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
-{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
-{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
-{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
-{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
-{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
-{ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT) ,"clienthello tlsext"},
-{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
-{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
-{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
-{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
-{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
-{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
-{ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"},
-{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
-{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
-{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
-{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
-{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
-{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
-{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG) ,"dtls message too big"},
-{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},
-{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
-{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
-{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
-{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
-{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
-{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
-{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
-{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
-{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
-{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
-{ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK),"inappropriate fallback"},
-{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
-{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
-{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
-{ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
-{ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
-{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"},
-{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"},
-{ERR_REASON(SSL_R_KRB5) ,"krb5"},
-{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"},
-{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"},
-{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"},
-{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"},
-{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"},
-{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"},
-{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"},
-{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"},
-{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"},
-{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"},
-{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"},
-{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"},
-{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"},
-{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
-{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"},
-{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"},
-{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"},
-{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"},
-{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
-{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
-{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
-{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
-{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
-{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
-{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"},
-{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"},
-{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
-{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
-{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
-{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
-{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
-{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},
-{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"},
-{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"},
-{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"},
-{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"},
-{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"},
-{ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) ,"no client cert method"},
-{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
-{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
-{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
-{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
-{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
-{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
-{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"},
-{ERR_REASON(SSL_R_NO_RENEGOTIATION) ,"no renegotiation"},
-{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"},
-{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"},
-{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
-{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
-{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
-{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
-{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
-{ERR_REASON(SSL_R_PARSE_TLSEXT) ,"parse tlsext"},
-{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
-{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
-{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"},
-{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},
-{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
-{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"},
-{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
-{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
-{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
-{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"},
-{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
-{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
-{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
-{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"},
-{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"},
-{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
-{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
-{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"},
-{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"},
-{ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG),"renegotiate ext too long"},
-{ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),"renegotiation encoding err"},
-{ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH),"renegotiation mismatch"},
-{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
-{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
-{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
-{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
-{ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
-{ERR_REASON(SSL_R_SERVERHELLO_TLSEXT) ,"serverhello tlsext"},
-{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
-{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
-{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
-{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
-{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
-{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),"ssl3 ext invalid servername"},
-{ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),"ssl3 ext invalid servername type"},
-{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
-{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
-{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
-{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
-{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),"tlsv1 alert inappropriate fallback"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
-{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),"tlsv1 bad certificate hash value"},
-{ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),"tlsv1 bad certificate status response"},
-{ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),"tlsv1 certificate unobtainable"},
-{ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"},
-{ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"},
-{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
-{ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
-{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
-{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
-{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
-{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
-{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"},
-{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},
-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},
-{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"},
-{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"},
-{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"},
-{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"},
-{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
-{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
-{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"},
-{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
-{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"},
-{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"},
-{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
-{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"},
-{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
-{ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),"unsafe legacy renegotiation disabled"},
-{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
-{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
-{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},
-{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
-{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
-{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"},
-{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"},
-{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
-{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"},
-{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
-{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
-{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"},
-{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"},
-{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"},
-{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"},
-{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_SSL_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(SSL_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,SSL_str_functs);
- ERR_load_strings(0,SSL_str_reasons);
- }
-#endif
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_err.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_err.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_err.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_err.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,686 @@
+/* ssl/ssl_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
+
+static ERR_STRING_DATA SSL_str_functs[] = {
+ {ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
+ {ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
+ {ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
+ {ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
+ {ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
+ {ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
+ {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
+ {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF), "DTLS1_ADD_CERT_TO_BUF"},
+ {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
+ {ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM), "DTLS1_CHECK_TIMEOUT_NUM"},
+ {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
+ {ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
+ {ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
+ {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
+ {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),
+ "DTLS1_GET_MESSAGE_FRAGMENT"},
+ {ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
+ {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"},
+ {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
+ {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
+ {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),
+ "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
+ {ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
+ {ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"},
+ {ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"},
+ {ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST),
+ "DTLS1_SEND_CERTIFICATE_REQUEST"},
+ {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE),
+ "DTLS1_SEND_CLIENT_CERTIFICATE"},
+ {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE),
+ "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
+ {ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"},
+ {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST),
+ "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
+ {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE),
+ "DTLS1_SEND_SERVER_CERTIFICATE"},
+ {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"},
+ {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE),
+ "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
+ {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES),
+ "DTLS1_WRITE_APP_DATA_BYTES"},
+ {ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
+ {ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
+ {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
+ {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
+ {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
+ {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
+ {ERR_FUNC(SSL_F_READ_N), "READ_N"},
+ {ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
+ {ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
+ {ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
+ {ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
+ {ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
+ {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
+ {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
+ {ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
+ {ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
+ {ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
+ {ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
+ {ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
+ {ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
+ {ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL),
+ "SSL2_GENERATE_KEY_MATERIAL"},
+ {ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
+ {ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
+ {ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
+ {ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
+ {ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
+ {ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
+ {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"},
+ {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
+ {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
+ {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),
+ "SSL3_CHECK_CERT_AND_ALGORITHM"},
+ {ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO), "SSL3_CHECK_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
+ {ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
+ {ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
+ {ERR_FUNC(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC),
+ "SSL3_DO_CHANGE_CIPHER_SPEC"},
+ {ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
+ {ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
+ {ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST),
+ "SSL3_GET_CERTIFICATE_REQUEST"},
+ {ERR_FUNC(SSL_F_SSL3_GET_CERT_STATUS), "SSL3_GET_CERT_STATUS"},
+ {ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
+ {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE),
+ "SSL3_GET_CLIENT_CERTIFICATE"},
+ {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE),
+ "SSL3_GET_CLIENT_KEY_EXCHANGE"},
+ {ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
+ {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
+ {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
+ {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET),
+ "SSL3_GET_NEW_SESSION_TICKET"},
+ {ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
+ {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE),
+ "SSL3_GET_SERVER_CERTIFICATE"},
+ {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
+ {ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
+ {ERR_FUNC(SSL_F_SSL3_NEW_SESSION_TICKET), "SSL3_NEW_SESSION_TICKET"},
+ {ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
+ {ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
+ {ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
+ {ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
+ {ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST),
+ "SSL3_SEND_CERTIFICATE_REQUEST"},
+ {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE),
+ "SSL3_SEND_CLIENT_CERTIFICATE"},
+ {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE),
+ "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
+ {ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
+ {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE),
+ "SSL3_SEND_SERVER_CERTIFICATE"},
+ {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
+ {ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE),
+ "SSL3_SEND_SERVER_KEY_EXCHANGE"},
+ {ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS), "SSL3_SETUP_BUFFERS"},
+ {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
+ {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
+ {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
+ {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),
+ "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
+ {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),
+ "SSL_ADD_CLIENTHELLO_TLSEXT"},
+ {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),
+ "SSL_add_dir_cert_subjects_to_stack"},
+ {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),
+ "SSL_add_file_cert_subjects_to_stack"},
+ {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),
+ "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
+ {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),
+ "SSL_ADD_SERVERHELLO_TLSEXT"},
+ {ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
+ {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
+ {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
+ {ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
+ {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
+ {ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
+ {ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
+ {ERR_FUNC(SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT),
+ "SSL_CHECK_SERVERHELLO_TLSEXT"},
+ {ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),
+ "SSL_CIPHER_PROCESS_RULESTR"},
+ {ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
+ {ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
+ {ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD),
+ "SSL_COMP_add_compression_method"},
+ {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
+ {ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
+ {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
+ {ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
+ {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
+ {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE),
+ "SSL_CTX_set_client_cert_engine"},
+ {ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
+ {ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT),
+ "SSL_CTX_set_session_id_context"},
+ {ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
+ {ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
+ {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
+ {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1),
+ "SSL_CTX_use_certificate_ASN1"},
+ {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE),
+ "SSL_CTX_use_certificate_chain_file"},
+ {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE),
+ "SSL_CTX_use_certificate_file"},
+ {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
+ {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1),
+ "SSL_CTX_use_PrivateKey_ASN1"},
+ {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE),
+ "SSL_CTX_use_PrivateKey_file"},
+ {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
+ {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1),
+ "SSL_CTX_use_RSAPrivateKey_ASN1"},
+ {ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE),
+ "SSL_CTX_use_RSAPrivateKey_file"},
+ {ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
+ {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
+ {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
+ {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
+ {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY), "SSL_GET_SERVER_SEND_PKEY"},
+ {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
+ {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
+ {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
+ {ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
+ {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT),
+ "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
+ {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT),
+ "SSL_PARSE_CLIENTHELLO_TLSEXT"},
+ {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT),
+ "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
+ {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT),
+ "SSL_PARSE_SERVERHELLO_TLSEXT"},
+ {ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
+ {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),
+ "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
+ {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),
+ "SSL_PREPARE_SERVERHELLO_TLSEXT"},
+ {ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
+ {ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
+ {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
+ {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
+ {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
+ {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
+ {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
+ {ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
+ {ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
+ {ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
+ {ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
+ {ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
+ {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT),
+ "SSL_set_session_id_context"},
+ {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
+ {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
+ {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
+ {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION),
+ "SSL_UNDEFINED_CONST_FUNCTION"},
+ {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
+ {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),
+ "SSL_UNDEFINED_VOID_FUNCTION"},
+ {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
+ {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
+ {ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
+ {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
+ {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
+ {ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
+ {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
+ {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1),
+ "SSL_use_RSAPrivateKey_ASN1"},
+ {ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),
+ "SSL_use_RSAPrivateKey_file"},
+ {ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
+ {ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
+ {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
+ {ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
+ {ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
+ {ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA SSL_str_reasons[] = {
+ {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE), "app data in handshake"},
+ {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),
+ "attempt to reuse session in different context"},
+ {ERR_REASON(SSL_R_BAD_ALERT_RECORD), "bad alert record"},
+ {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"},
+ {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"},
+ {ERR_REASON(SSL_R_BAD_CHECKSUM), "bad checksum"},
+ {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),
+ "bad data returned by callback"},
+ {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"},
+ {ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"},
+ {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"},
+ {ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"},
+ {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
+ {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"},
+ {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},
+ {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE), "bad ecdsa signature"},
+ {ERR_REASON(SSL_R_BAD_ECPOINT), "bad ecpoint"},
+ {ERR_REASON(SSL_R_BAD_HELLO_REQUEST), "bad hello request"},
+ {ERR_REASON(SSL_R_BAD_LENGTH), "bad length"},
+ {ERR_REASON(SSL_R_BAD_MAC_DECODE), "bad mac decode"},
+ {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE), "bad message type"},
+ {ERR_REASON(SSL_R_BAD_PACKET_LENGTH), "bad packet length"},
+ {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),
+ "bad protocol version number"},
+ {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT), "bad response argument"},
+ {ERR_REASON(SSL_R_BAD_RSA_DECRYPT), "bad rsa decrypt"},
+ {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"},
+ {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH), "bad rsa e length"},
+ {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"},
+ {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE), "bad rsa signature"},
+ {ERR_REASON(SSL_R_BAD_SIGNATURE), "bad signature"},
+ {ERR_REASON(SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"},
+ {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),
+ "bad ssl session id length"},
+ {ERR_REASON(SSL_R_BAD_STATE), "bad state"},
+ {ERR_REASON(SSL_R_BAD_WRITE_RETRY), "bad write retry"},
+ {ERR_REASON(SSL_R_BIO_NOT_SET), "bio not set"},
+ {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),
+ "block cipher pad is wrong"},
+ {ERR_REASON(SSL_R_BN_LIB), "bn lib"},
+ {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH), "ca dn length mismatch"},
+ {ERR_REASON(SSL_R_CA_DN_TOO_LONG), "ca dn too long"},
+ {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY), "ccs received early"},
+ {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),
+ "certificate verify failed"},
+ {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH), "cert length mismatch"},
+ {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"},
+ {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
+ {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),
+ "cipher or hash unavailable"},
+ {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"},
+ {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"},
+ {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),
+ "compressed length too long"},
+ {ERR_REASON(SSL_R_COMPRESSION_FAILURE), "compression failure"},
+ {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
+ "compression id not within private range"},
+ {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),
+ "compression library error"},
+ {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),
+ "connection id is different"},
+ {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
+ {ERR_REASON(SSL_R_COOKIE_MISMATCH), "cookie mismatch"},
+ {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),
+ "data between ccs and finished"},
+ {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG), "data length too long"},
+ {ERR_REASON(SSL_R_DECRYPTION_FAILED), "decryption failed"},
+ {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),
+ "decryption failed or bad record mac"},
+ {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),
+ "dh public value length is wrong"},
+ {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"},
+ {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG), "dtls message too big"},
+ {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"},
+ {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),
+ "ecgroup too large for cipher"},
+ {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),
+ "encrypted length too long"},
+ {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),
+ "error generating tmp rsa key"},
+ {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
+ "error in received cipher list"},
+ {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"},
+ {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE), "extra data in message"},
+ {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"},
+ {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST), "https proxy request"},
+ {ERR_REASON(SSL_R_HTTP_REQUEST), "http request"},
+ {ERR_REASON(SSL_R_ILLEGAL_PADDING), "illegal padding"},
+ {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"},
+ {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"},
+ {ERR_REASON(SSL_R_INVALID_COMMAND), "invalid command"},
+ {ERR_REASON(SSL_R_INVALID_PURPOSE), "invalid purpose"},
+ {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"},
+ {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),
+ "invalid ticket keys length"},
+ {ERR_REASON(SSL_R_INVALID_TRUST), "invalid trust"},
+ {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG), "key arg too long"},
+ {ERR_REASON(SSL_R_KRB5), "krb5"},
+ {ERR_REASON(SSL_R_KRB5_C_CC_PRINC), "krb5 client cc principal (no tkt?)"},
+ {ERR_REASON(SSL_R_KRB5_C_GET_CRED), "krb5 client get cred"},
+ {ERR_REASON(SSL_R_KRB5_C_INIT), "krb5 client init"},
+ {ERR_REASON(SSL_R_KRB5_C_MK_REQ), "krb5 client mk_req (expired tkt?)"},
+ {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET), "krb5 server bad ticket"},
+ {ERR_REASON(SSL_R_KRB5_S_INIT), "krb5 server init"},
+ {ERR_REASON(SSL_R_KRB5_S_RD_REQ), "krb5 server rd_req (keytab perms?)"},
+ {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED), "krb5 server tkt expired"},
+ {ERR_REASON(SSL_R_KRB5_S_TKT_NYV), "krb5 server tkt not yet valid"},
+ {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW), "krb5 server tkt skew"},
+ {ERR_REASON(SSL_R_LENGTH_MISMATCH), "length mismatch"},
+ {ERR_REASON(SSL_R_LENGTH_TOO_SHORT), "length too short"},
+ {ERR_REASON(SSL_R_LIBRARY_BUG), "library bug"},
+ {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"},
+ {ERR_REASON(SSL_R_MESSAGE_TOO_LONG), "message too long"},
+ {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT), "missing dh dsa cert"},
+ {ERR_REASON(SSL_R_MISSING_DH_KEY), "missing dh key"},
+ {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT), "missing dh rsa cert"},
+ {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"},
+ {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),
+ "missing export tmp dh key"},
+ {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),
+ "missing export tmp rsa key"},
+ {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
+ {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),
+ "missing rsa encrypting cert"},
+ {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"},
+ {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
+ {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY), "missing tmp ecdh key"},
+ {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY), "missing tmp rsa key"},
+ {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY), "missing tmp rsa pkey"},
+ {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"},
+ {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS), "multiple sgc restarts"},
+ {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"},
+ {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"},
+ {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"},
+ {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"},
+ {ERR_REASON(SSL_R_NO_CERTIFICATE_SET), "no certificate set"},
+ {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"},
+ {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE), "no ciphers available"},
+ {ERR_REASON(SSL_R_NO_CIPHERS_PASSED), "no ciphers passed"},
+ {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED), "no ciphers specified"},
+ {ERR_REASON(SSL_R_NO_CIPHER_LIST), "no cipher list"},
+ {ERR_REASON(SSL_R_NO_CIPHER_MATCH), "no cipher match"},
+ {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD), "no client cert method"},
+ {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
+ {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
+ {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED), "no method specified"},
+ {ERR_REASON(SSL_R_NO_PRIVATEKEY), "no privatekey"},
+ {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
+ {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"},
+ {ERR_REASON(SSL_R_NO_PUBLICKEY), "no publickey"},
+ {ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
+ {ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
+ {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK), "no verify callback"},
+ {ERR_REASON(SSL_R_NULL_SSL_CTX), "null ssl ctx"},
+ {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"},
+ {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
+ "old session cipher not returned"},
+ {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),
+ "only tls allowed in fips mode"},
+ {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
+ {ERR_REASON(SSL_R_PARSE_TLSEXT), "parse tlsext"},
+ {ERR_REASON(SSL_R_PATH_TOO_LONG), "path too long"},
+ {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),
+ "peer did not return a certificate"},
+ {ERR_REASON(SSL_R_PEER_ERROR), "peer error"},
+ {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"},
+ {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),
+ "peer error no certificate"},
+ {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER), "peer error no cipher"},
+ {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),
+ "peer error unsupported certificate type"},
+ {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"},
+ {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),
+ "problems mapping cipher functions"},
+ {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN), "protocol is shutdown"},
+ {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"},
+ {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA), "public key is not rsa"},
+ {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
+ {ERR_REASON(SSL_R_READ_BIO_NOT_SET), "read bio not set"},
+ {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED), "read timeout expired"},
+ {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"},
+ {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"},
+ {ERR_REASON(SSL_R_RECORD_TOO_LARGE), "record too large"},
+ {ERR_REASON(SSL_R_RECORD_TOO_SMALL), "record too small"},
+ {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"},
+ {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR),
+ "renegotiation encoding err"},
+ {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"},
+ {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"},
+ {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),
+ "reuse cert length not zero"},
+ {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"},
+ {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),
+ "reuse cipher list not zero"},
+ {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),
+ "scsv received when renegotiating"},
+ {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"},
+ {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),
+ "session id context uninitialized"},
+ {ERR_REASON(SSL_R_SHORT_READ), "short read"},
+ {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),
+ "signature for non signing certificate"},
+ {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),
+ "ssl23 doing session id reuse"},
+ {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),
+ "ssl2 connection id too long"},
+ {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME),
+ "ssl3 ext invalid servername"},
+ {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
+ "ssl3 ext invalid servername type"},
+ {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
+ {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),
+ "ssl3 session id too short"},
+ {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
+ "sslv3 alert bad certificate"},
+ {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
+ "sslv3 alert bad record mac"},
+ {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
+ "sslv3 alert certificate expired"},
+ {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
+ "sslv3 alert certificate revoked"},
+ {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
+ "sslv3 alert certificate unknown"},
+ {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
+ "sslv3 alert decompression failure"},
+ {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
+ "sslv3 alert handshake failure"},
+ {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
+ "sslv3 alert illegal parameter"},
+ {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
+ "sslv3 alert no certificate"},
+ {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
+ "sslv3 alert unexpected message"},
+ {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
+ "sslv3 alert unsupported certificate"},
+ {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),
+ "ssl ctx has no default ssl version"},
+ {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE), "ssl handshake failure"},
+ {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),
+ "ssl library has no ciphers"},
+ {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),
+ "ssl session id callback failed"},
+ {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"},
+ {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),
+ "ssl session id context too long"},
+ {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
+ "ssl session id has bad length"},
+ {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),
+ "ssl session id is different"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),
+ "tlsv1 alert access denied"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
+ "tlsv1 alert decryption failed"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
+ "tlsv1 alert decrypt error"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
+ "tlsv1 alert export restriction"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
+ "tlsv1 alert inappropriate fallback"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),
+ "tlsv1 alert insufficient security"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
+ "tlsv1 alert internal error"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
+ "tlsv1 alert no renegotiation"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
+ "tlsv1 alert protocol version"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),
+ "tlsv1 alert record overflow"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"},
+ {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),
+ "tlsv1 alert user cancelled"},
+ {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
+ "tlsv1 bad certificate hash value"},
+ {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),
+ "tlsv1 bad certificate status response"},
+ {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),
+ "tlsv1 certificate unobtainable"},
+ {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},
+ {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
+ "tlsv1 unsupported extension"},
+ {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),
+ "tls client cert req with anon cipher"},
+ {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
+ "tls invalid ecpointformat list"},
+ {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),
+ "tls peer did not respond with certificate list"},
+ {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),
+ "tls rsa encrypted value length is wrong"},
+ {ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),
+ "tried to use unsupported cipher"},
+ {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),
+ "unable to decode dh certs"},
+ {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),
+ "unable to decode ecdh certs"},
+ {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),
+ "unable to extract public key"},
+ {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),
+ "unable to find dh parameters"},
+ {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),
+ "unable to find ecdh parameters"},
+ {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
+ "unable to find public key parameters"},
+ {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),
+ "unable to find ssl method"},
+ {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),
+ "unable to load ssl2 md5 routines"},
+ {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
+ "unable to load ssl3 md5 routines"},
+ {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
+ "unable to load ssl3 sha1 routines"},
+ {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
+ {ERR_REASON(SSL_R_UNEXPECTED_RECORD), "unexpected record"},
+ {ERR_REASON(SSL_R_UNINITIALIZED), "uninitialized"},
+ {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
+ {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"},
+ {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"},
+ {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE), "unknown cipher type"},
+ {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),
+ "unknown key exchange type"},
+ {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
+ {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
+ {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),
+ "unknown remote error type"},
+ {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION), "unknown ssl version"},
+ {ERR_REASON(SSL_R_UNKNOWN_STATE), "unknown state"},
+ {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
+ "unsafe legacy renegotiation disabled"},
+ {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+ {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+ "unsupported compression algorithm"},
+ {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),
+ "unsupported elliptic curve"},
+ {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL), "unsupported protocol"},
+ {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"},
+ {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"},
+ {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET), "write bio not set"},
+ {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED), "wrong cipher returned"},
+ {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE), "wrong message type"},
+ {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},
+ {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
+ {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE), "wrong signature size"},
+ {ERR_REASON(SSL_R_WRONG_SSL_VERSION), "wrong ssl version"},
+ {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER), "wrong version number"},
+ {ERR_REASON(SSL_R_X509_LIB), "x509 lib"},
+ {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),
+ "x509 verification setup problems"},
+ {0, NULL}
+};
+
+#endif
+
+void ERR_load_SSL_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) {
+ ERR_load_strings(0, SSL_str_functs);
+ ERR_load_strings(0, SSL_str_reasons);
+ }
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_err2.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_err2.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_err2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,70 +0,0 @@
-/* ssl/ssl_err2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-void SSL_load_error_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
-#endif
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_err2.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_err2.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_err2.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_err2.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,69 @@
+/* ssl/ssl_err2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+void SSL_load_error_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+ ERR_load_crypto_strings();
+ ERR_load_SSL_strings();
+#endif
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_lib.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2811 +0,0 @@
-/*! \file ssl/ssl_lib.c
- * \brief Version independent SSL functions.
- */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifdef REF_CHECK
-# include <assert.h>
-#endif
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/objects.h>
-#include <openssl/lhash.h>
-#include <openssl/x509v3.h>
-#include <openssl/rand.h>
-#include <openssl/ocsp.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-const char *SSL_version_str=OPENSSL_VERSION_TEXT;
-
-SSL3_ENC_METHOD ssl3_undef_enc_method={
- /* evil casts, but these functions are only called if there's a library bug */
- (int (*)(SSL *,int))ssl_undefined_function,
- (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
- ssl_undefined_function,
- (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
- (int (*)(SSL*, int))ssl_undefined_function,
- (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,
- 0, /* finish_mac_length */
- (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
- NULL, /* client_finished_label */
- 0, /* client_finished_label_len */
- NULL, /* server_finished_label */
- 0, /* server_finished_label_len */
- (int (*)(int))ssl_undefined_function
- };
-
-int SSL_clear(SSL *s)
- {
-
- if (s->method == NULL)
- {
- SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
- return(0);
- }
-
- if (ssl_clear_bad_session(s))
- {
- SSL_SESSION_free(s->session);
- s->session=NULL;
- }
-
- s->error=0;
- s->hit=0;
- s->shutdown=0;
-
-#if 0 /* Disabled since version 1.10 of this file (early return not
- * needed because SSL_clear is not called when doing renegotiation) */
- /* This is set if we are doing dynamic renegotiation so keep
- * the old cipher. It is sort of a SSL_clear_lite :-) */
- if (s->new_session) return(1);
-#else
- if (s->new_session)
- {
- SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
- return 0;
- }
-#endif
-
- s->type=0;
-
- s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
-
- s->version=s->method->version;
- s->client_version=s->version;
- s->rwstate=SSL_NOTHING;
- s->rstate=SSL_ST_READ_HEADER;
-#if 0
- s->read_ahead=s->ctx->read_ahead;
-#endif
-
- if (s->init_buf != NULL)
- {
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
- }
-
- ssl_clear_cipher_ctx(s);
-
- s->first_packet=0;
-
-#if 1
- /* Check to see if we were changed into a different method, if
- * so, revert back if we are not doing session-id reuse. */
- if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
- {
- s->method->ssl_free(s);
- s->method=s->ctx->method;
- if (!s->method->ssl_new(s))
- return(0);
- }
- else
-#endif
- s->method->ssl_clear(s);
- return(1);
- }
-
-/** Used to change an SSL_CTXs default SSL method type */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
- {
- STACK_OF(SSL_CIPHER) *sk;
-
- ctx->method=meth;
-
- sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
- &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
- if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
- {
- SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
- return(0);
- }
- return(1);
- }
-
-SSL *SSL_new(SSL_CTX *ctx)
- {
- SSL *s;
-
- if (ctx == NULL)
- {
- SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
- return(NULL);
- }
- if (ctx->method == NULL)
- {
- SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
- return(NULL);
- }
-
- s=(SSL *)OPENSSL_malloc(sizeof(SSL));
- if (s == NULL) goto err;
- memset(s,0,sizeof(SSL));
-
-#ifndef OPENSSL_NO_KRB5
- s->kssl_ctx = kssl_ctx_new();
-#endif /* OPENSSL_NO_KRB5 */
-
- s->options=ctx->options;
- s->mode=ctx->mode;
- s->max_cert_list=ctx->max_cert_list;
-
- if (ctx->cert != NULL)
- {
- /* Earlier library versions used to copy the pointer to
- * the CERT, not its contents; only when setting new
- * parameters for the per-SSL copy, ssl_cert_new would be
- * called (and the direct reference to the per-SSL_CTX
- * settings would be lost, but those still were indirectly
- * accessed for various purposes, and for that reason they
- * used to be known as s->ctx->default_cert).
- * Now we don't look at the SSL_CTX's CERT after having
- * duplicated it once. */
-
- s->cert = ssl_cert_dup(ctx->cert);
- if (s->cert == NULL)
- goto err;
- }
- else
- s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
-
- s->read_ahead=ctx->read_ahead;
- s->msg_callback=ctx->msg_callback;
- s->msg_callback_arg=ctx->msg_callback_arg;
- s->verify_mode=ctx->verify_mode;
-#if 0
- s->verify_depth=ctx->verify_depth;
-#endif
- s->sid_ctx_length=ctx->sid_ctx_length;
- OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
- memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
- s->verify_callback=ctx->default_verify_callback;
- s->generate_session_id=ctx->generate_session_id;
-
- s->param = X509_VERIFY_PARAM_new();
- if (!s->param)
- goto err;
- X509_VERIFY_PARAM_inherit(s->param, ctx->param);
-#if 0
- s->purpose = ctx->purpose;
- s->trust = ctx->trust;
-#endif
- s->quiet_shutdown=ctx->quiet_shutdown;
-
- CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
- s->ctx=ctx;
-#ifndef OPENSSL_NO_TLSEXT
- s->tlsext_debug_cb = 0;
- s->tlsext_debug_arg = NULL;
- s->tlsext_ticket_expected = 0;
- s->tlsext_status_type = -1;
- s->tlsext_status_expected = 0;
- s->tlsext_ocsp_ids = NULL;
- s->tlsext_ocsp_exts = NULL;
- s->tlsext_ocsp_resp = NULL;
- s->tlsext_ocsp_resplen = -1;
- CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
- s->initial_ctx=ctx;
-#endif
- s->verify_result=X509_V_OK;
-
- s->method=ctx->method;
-
- if (!s->method->ssl_new(s))
- goto err;
-
- s->references=1;
- s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
-
- SSL_clear(s);
-
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
- return(s);
-err:
- if (s != NULL)
- {
- if (s->cert != NULL)
- ssl_cert_free(s->cert);
- if (s->ctx != NULL)
- SSL_CTX_free(s->ctx); /* decrement reference count */
- OPENSSL_free(s);
- }
- SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
- unsigned int sid_ctx_len)
- {
- if(sid_ctx_len > sizeof ctx->sid_ctx)
- {
- SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
- }
- ctx->sid_ctx_length=sid_ctx_len;
- memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
-
- return 1;
- }
-
-int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
- unsigned int sid_ctx_len)
- {
- if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
- {
- SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
- }
- ssl->sid_ctx_length=sid_ctx_len;
- memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
-
- return 1;
- }
-
-int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- ctx->generate_session_id = cb;
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- return 1;
- }
-
-int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- ssl->generate_session_id = cb;
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- return 1;
- }
-
-int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
- unsigned int id_len)
- {
- /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
- * we can "construct" a session to give us the desired check - ie. to
- * find if there's a session in the hash table that would conflict with
- * any new session built out of this id/id_len and the ssl_version in
- * use by this SSL. */
- SSL_SESSION r, *p;
-
- if(id_len > sizeof r.session_id)
- return 0;
-
- r.ssl_version = ssl->version;
- r.session_id_length = id_len;
- memcpy(r.session_id, id, id_len);
- /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
- * callback is calling us to check the uniqueness of a shorter ID, it
- * must be compared as a padded-out ID because that is what it will be
- * converted to when the callback has finished choosing it. */
- if((r.ssl_version == SSL2_VERSION) &&
- (id_len < SSL2_SSL_SESSION_ID_LENGTH))
- {
- memset(r.session_id + id_len, 0,
- SSL2_SSL_SESSION_ID_LENGTH - id_len);
- r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
- }
-
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
- p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
- return (p != NULL);
- }
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
- {
- return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
- }
-
-int SSL_set_purpose(SSL *s, int purpose)
- {
- return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
- }
-
-int SSL_CTX_set_trust(SSL_CTX *s, int trust)
- {
- return X509_VERIFY_PARAM_set_trust(s->param, trust);
- }
-
-int SSL_set_trust(SSL *s, int trust)
- {
- return X509_VERIFY_PARAM_set_trust(s->param, trust);
- }
-
-void SSL_free(SSL *s)
- {
- int i;
-
- if(s == NULL)
- return;
-
- i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
-#ifdef REF_PRINT
- REF_PRINT("SSL",s);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"SSL_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- if (s->param)
- X509_VERIFY_PARAM_free(s->param);
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
- if (s->bbio != NULL)
- {
- /* If the buffering BIO is in place, pop it off */
- if (s->bbio == s->wbio)
- {
- s->wbio=BIO_pop(s->wbio);
- }
- BIO_free(s->bbio);
- s->bbio=NULL;
- }
- if (s->rbio != NULL)
- BIO_free_all(s->rbio);
- if ((s->wbio != NULL) && (s->wbio != s->rbio))
- BIO_free_all(s->wbio);
-
- if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
-
- /* add extra stuff */
- if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
- if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
-
- /* Make the next call work :-) */
- if (s->session != NULL)
- {
- ssl_clear_bad_session(s);
- SSL_SESSION_free(s->session);
- }
-
- ssl_clear_cipher_ctx(s);
-
- if (s->cert != NULL) ssl_cert_free(s->cert);
- /* Free up if allocated */
-
-#ifndef OPENSSL_NO_TLSEXT
- if (s->tlsext_hostname)
- OPENSSL_free(s->tlsext_hostname);
- if (s->initial_ctx) SSL_CTX_free(s->initial_ctx);
- if (s->tlsext_ocsp_exts)
- sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
- X509_EXTENSION_free);
- if (s->tlsext_ocsp_ids)
- sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
- if (s->tlsext_ocsp_resp)
- OPENSSL_free(s->tlsext_ocsp_resp);
-#endif
- if (s->client_CA != NULL)
- sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
-
- if (s->method != NULL) s->method->ssl_free(s);
-
- if (s->ctx) SSL_CTX_free(s->ctx);
-
-#ifndef OPENSSL_NO_KRB5
- if (s->kssl_ctx != NULL)
- kssl_ctx_free(s->kssl_ctx);
-#endif /* OPENSSL_NO_KRB5 */
-
- OPENSSL_free(s);
- }
-
-void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
- {
- /* If the output buffering BIO is still in place, remove it
- */
- if (s->bbio != NULL)
- {
- if (s->wbio == s->bbio)
- {
- s->wbio=s->wbio->next_bio;
- s->bbio->next_bio=NULL;
- }
- }
- if ((s->rbio != NULL) && (s->rbio != rbio))
- BIO_free_all(s->rbio);
- if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
- BIO_free_all(s->wbio);
- s->rbio=rbio;
- s->wbio=wbio;
- }
-
-BIO *SSL_get_rbio(const SSL *s)
- { return(s->rbio); }
-
-BIO *SSL_get_wbio(const SSL *s)
- { return(s->wbio); }
-
-int SSL_get_fd(const SSL *s)
- {
- return(SSL_get_rfd(s));
- }
-
-int SSL_get_rfd(const SSL *s)
- {
- int ret= -1;
- BIO *b,*r;
-
- b=SSL_get_rbio(s);
- r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
- if (r != NULL)
- BIO_get_fd(r,&ret);
- return(ret);
- }
-
-int SSL_get_wfd(const SSL *s)
- {
- int ret= -1;
- BIO *b,*r;
-
- b=SSL_get_wbio(s);
- r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
- if (r != NULL)
- BIO_get_fd(r,&ret);
- return(ret);
- }
-
-#ifndef OPENSSL_NO_SOCK
-int SSL_set_fd(SSL *s,int fd)
- {
- int ret=0;
- BIO *bio=NULL;
-
- bio=BIO_new(BIO_s_socket());
-
- if (bio == NULL)
- {
- SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
- goto err;
- }
- BIO_set_fd(bio,fd,BIO_NOCLOSE);
- SSL_set_bio(s,bio,bio);
- ret=1;
-err:
- return(ret);
- }
-
-int SSL_set_wfd(SSL *s,int fd)
- {
- int ret=0;
- BIO *bio=NULL;
-
- if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
- || ((int)BIO_get_fd(s->rbio,NULL) != fd))
- {
- bio=BIO_new(BIO_s_socket());
-
- if (bio == NULL)
- { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
- BIO_set_fd(bio,fd,BIO_NOCLOSE);
- SSL_set_bio(s,SSL_get_rbio(s),bio);
- }
- else
- SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
- ret=1;
-err:
- return(ret);
- }
-
-int SSL_set_rfd(SSL *s,int fd)
- {
- int ret=0;
- BIO *bio=NULL;
-
- if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
- || ((int)BIO_get_fd(s->wbio,NULL) != fd))
- {
- bio=BIO_new(BIO_s_socket());
-
- if (bio == NULL)
- {
- SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
- goto err;
- }
- BIO_set_fd(bio,fd,BIO_NOCLOSE);
- SSL_set_bio(s,bio,SSL_get_wbio(s));
- }
- else
- SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
- ret=1;
-err:
- return(ret);
- }
-#endif
-
-
-/* return length of latest Finished message we sent, copy to 'buf' */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
- {
- size_t ret = 0;
-
- if (s->s3 != NULL)
- {
- ret = s->s3->tmp.finish_md_len;
- if (count > ret)
- count = ret;
- memcpy(buf, s->s3->tmp.finish_md, count);
- }
- return ret;
- }
-
-/* return length of latest Finished message we expected, copy to 'buf' */
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
- {
- size_t ret = 0;
-
- if (s->s3 != NULL)
- {
- ret = s->s3->tmp.peer_finish_md_len;
- if (count > ret)
- count = ret;
- memcpy(buf, s->s3->tmp.peer_finish_md, count);
- }
- return ret;
- }
-
-
-int SSL_get_verify_mode(const SSL *s)
- {
- return(s->verify_mode);
- }
-
-int SSL_get_verify_depth(const SSL *s)
- {
- return X509_VERIFY_PARAM_get_depth(s->param);
- }
-
-int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
- {
- return(s->verify_callback);
- }
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
- {
- return(ctx->verify_mode);
- }
-
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
- {
- return X509_VERIFY_PARAM_get_depth(ctx->param);
- }
-
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
- {
- return(ctx->default_verify_callback);
- }
-
-void SSL_set_verify(SSL *s,int mode,
- int (*callback)(int ok,X509_STORE_CTX *ctx))
- {
- s->verify_mode=mode;
- if (callback != NULL)
- s->verify_callback=callback;
- }
-
-void SSL_set_verify_depth(SSL *s,int depth)
- {
- X509_VERIFY_PARAM_set_depth(s->param, depth);
- }
-
-void SSL_set_read_ahead(SSL *s,int yes)
- {
- s->read_ahead=yes;
- }
-
-int SSL_get_read_ahead(const SSL *s)
- {
- return(s->read_ahead);
- }
-
-int SSL_pending(const SSL *s)
- {
- /* SSL_pending cannot work properly if read-ahead is enabled
- * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
- * and it is impossible to fix since SSL_pending cannot report
- * errors that may be observed while scanning the new data.
- * (Note that SSL_pending() is often used as a boolean value,
- * so we'd better not return -1.)
- */
- return(s->method->ssl_pending(s));
- }
-
-X509 *SSL_get_peer_certificate(const SSL *s)
- {
- X509 *r;
-
- if ((s == NULL) || (s->session == NULL))
- r=NULL;
- else
- r=s->session->peer;
-
- if (r == NULL) return(r);
-
- CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
-
- return(r);
- }
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
- {
- STACK_OF(X509) *r;
-
- if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
- r=NULL;
- else
- r=s->session->sess_cert->cert_chain;
-
- /* If we are a client, cert_chain includes the peer's own
- * certificate; if we are a server, it does not. */
-
- return(r);
- }
-
-/* Now in theory, since the calling process own 't' it should be safe to
- * modify. We need to be able to read f without being hassled */
-void SSL_copy_session_id(SSL *t,const SSL *f)
- {
- CERT *tmp;
-
- /* Do we need to to SSL locking? */
- SSL_set_session(t,SSL_get_session(f));
-
- /* what if we are setup as SSLv2 but want to talk SSLv3 or
- * vice-versa */
- if (t->method != f->method)
- {
- t->method->ssl_free(t); /* cleanup current */
- t->method=f->method; /* change method */
- t->method->ssl_new(t); /* setup new */
- }
-
- tmp=t->cert;
- if (f->cert != NULL)
- {
- CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
- t->cert=f->cert;
- }
- else
- t->cert=NULL;
- if (tmp != NULL) ssl_cert_free(tmp);
- SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
- }
-
-/* Fix this so it checks all the valid key/cert options */
-int SSL_CTX_check_private_key(const SSL_CTX *ctx)
- {
- if ( (ctx == NULL) ||
- (ctx->cert == NULL) ||
- (ctx->cert->key->x509 == NULL))
- {
- SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
- return(0);
- }
- if (ctx->cert->key->privatekey == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
- return(0);
- }
- return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
- }
-
-/* Fix this function so that it takes an optional type parameter */
-int SSL_check_private_key(const SSL *ssl)
- {
- if (ssl == NULL)
- {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (ssl->cert == NULL)
- {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
- return 0;
- }
- if (ssl->cert->key->x509 == NULL)
- {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
- return(0);
- }
- if (ssl->cert->key->privatekey == NULL)
- {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
- return(0);
- }
- return(X509_check_private_key(ssl->cert->key->x509,
- ssl->cert->key->privatekey));
- }
-
-int SSL_accept(SSL *s)
- {
- if (s->handshake_func == 0)
- /* Not properly initialized yet */
- SSL_set_accept_state(s);
-
- return(s->method->ssl_accept(s));
- }
-
-int SSL_connect(SSL *s)
- {
- if (s->handshake_func == 0)
- /* Not properly initialized yet */
- SSL_set_connect_state(s);
-
- return(s->method->ssl_connect(s));
- }
-
-long SSL_get_default_timeout(const SSL *s)
- {
- return(s->method->get_timeout());
- }
-
-int SSL_read(SSL *s,void *buf,int num)
- {
- if (s->handshake_func == 0)
- {
- SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
- return -1;
- }
-
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
- {
- s->rwstate=SSL_NOTHING;
- return(0);
- }
- return(s->method->ssl_read(s,buf,num));
- }
-
-int SSL_peek(SSL *s,void *buf,int num)
- {
- if (s->handshake_func == 0)
- {
- SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
- return -1;
- }
-
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
- {
- return(0);
- }
- return(s->method->ssl_peek(s,buf,num));
- }
-
-int SSL_write(SSL *s,const void *buf,int num)
- {
- if (s->handshake_func == 0)
- {
- SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
- return -1;
- }
-
- if (s->shutdown & SSL_SENT_SHUTDOWN)
- {
- s->rwstate=SSL_NOTHING;
- SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
- return(-1);
- }
- return(s->method->ssl_write(s,buf,num));
- }
-
-int SSL_shutdown(SSL *s)
- {
- /* Note that this function behaves differently from what one might
- * expect. Return values are 0 for no success (yet),
- * 1 for success; but calling it once is usually not enough,
- * even if blocking I/O is used (see ssl3_shutdown).
- */
-
- if (s->handshake_func == 0)
- {
- SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
- return -1;
- }
-
- if ((s != NULL) && !SSL_in_init(s))
- return(s->method->ssl_shutdown(s));
- else
- return(1);
- }
-
-int SSL_renegotiate(SSL *s)
- {
- if (s->new_session == 0)
- {
- s->new_session=1;
- }
- return(s->method->ssl_renegotiate(s));
- }
-
-int SSL_renegotiate_pending(SSL *s)
- {
- /* becomes true when negotiation is requested;
- * false again once a handshake has finished */
- return (s->new_session != 0);
- }
-
-long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
- {
- long l;
-
- switch (cmd)
- {
- case SSL_CTRL_GET_READ_AHEAD:
- return(s->read_ahead);
- case SSL_CTRL_SET_READ_AHEAD:
- l=s->read_ahead;
- s->read_ahead=larg;
- return(l);
-
- case SSL_CTRL_SET_MSG_CALLBACK_ARG:
- s->msg_callback_arg = parg;
- return 1;
-
- case SSL_CTRL_OPTIONS:
- return(s->options|=larg);
- case SSL_CTRL_CLEAR_OPTIONS:
- return(s->options&=~larg);
- case SSL_CTRL_MODE:
- return(s->mode|=larg);
- case SSL_CTRL_CLEAR_MODE:
- return(s->mode &=~larg);
- case SSL_CTRL_GET_MAX_CERT_LIST:
- return(s->max_cert_list);
- case SSL_CTRL_SET_MAX_CERT_LIST:
- l=s->max_cert_list;
- s->max_cert_list=larg;
- return(l);
- case SSL_CTRL_SET_MTU:
-#ifndef OPENSSL_NO_DTLS1
- if (larg < (long)dtls1_min_mtu())
- return 0;
-#endif
-
- if (SSL_version(s) == DTLS1_VERSION ||
- SSL_version(s) == DTLS1_BAD_VER)
- {
- s->d1->mtu = larg;
- return larg;
- }
- return 0;
- case SSL_CTRL_GET_RI_SUPPORT:
- if (s->s3)
- return s->s3->send_connection_binding;
- else return 0;
- default:
- return(s->method->ssl_ctrl(s,cmd,larg,parg));
- }
- }
-
-long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
- {
- switch(cmd)
- {
- case SSL_CTRL_SET_MSG_CALLBACK:
- s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
- return 1;
-
- default:
- return(s->method->ssl_callback_ctrl(s,cmd,fp));
- }
- }
-
-struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
- {
- return ctx->sessions;
- }
-
-long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
- {
- long l;
-
- switch (cmd)
- {
- case SSL_CTRL_GET_READ_AHEAD:
- return(ctx->read_ahead);
- case SSL_CTRL_SET_READ_AHEAD:
- l=ctx->read_ahead;
- ctx->read_ahead=larg;
- return(l);
-
- case SSL_CTRL_SET_MSG_CALLBACK_ARG:
- ctx->msg_callback_arg = parg;
- return 1;
-
- case SSL_CTRL_GET_MAX_CERT_LIST:
- return(ctx->max_cert_list);
- case SSL_CTRL_SET_MAX_CERT_LIST:
- l=ctx->max_cert_list;
- ctx->max_cert_list=larg;
- return(l);
-
- case SSL_CTRL_SET_SESS_CACHE_SIZE:
- l=ctx->session_cache_size;
- ctx->session_cache_size=larg;
- return(l);
- case SSL_CTRL_GET_SESS_CACHE_SIZE:
- return(ctx->session_cache_size);
- case SSL_CTRL_SET_SESS_CACHE_MODE:
- l=ctx->session_cache_mode;
- ctx->session_cache_mode=larg;
- return(l);
- case SSL_CTRL_GET_SESS_CACHE_MODE:
- return(ctx->session_cache_mode);
-
- case SSL_CTRL_SESS_NUMBER:
- return(ctx->sessions->num_items);
- case SSL_CTRL_SESS_CONNECT:
- return(ctx->stats.sess_connect);
- case SSL_CTRL_SESS_CONNECT_GOOD:
- return(ctx->stats.sess_connect_good);
- case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
- return(ctx->stats.sess_connect_renegotiate);
- case SSL_CTRL_SESS_ACCEPT:
- return(ctx->stats.sess_accept);
- case SSL_CTRL_SESS_ACCEPT_GOOD:
- return(ctx->stats.sess_accept_good);
- case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
- return(ctx->stats.sess_accept_renegotiate);
- case SSL_CTRL_SESS_HIT:
- return(ctx->stats.sess_hit);
- case SSL_CTRL_SESS_CB_HIT:
- return(ctx->stats.sess_cb_hit);
- case SSL_CTRL_SESS_MISSES:
- return(ctx->stats.sess_miss);
- case SSL_CTRL_SESS_TIMEOUTS:
- return(ctx->stats.sess_timeout);
- case SSL_CTRL_SESS_CACHE_FULL:
- return(ctx->stats.sess_cache_full);
- case SSL_CTRL_OPTIONS:
- return(ctx->options|=larg);
- case SSL_CTRL_CLEAR_OPTIONS:
- return(ctx->options&=~larg);
- case SSL_CTRL_MODE:
- return(ctx->mode|=larg);
- case SSL_CTRL_CLEAR_MODE:
- return(ctx->mode&=~larg);
- default:
- return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
- }
- }
-
-long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
- {
- switch(cmd)
- {
- case SSL_CTRL_SET_MSG_CALLBACK:
- ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
- return 1;
-
- default:
- return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
- }
- }
-
-int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
- {
- long l;
-
- l=a->id-b->id;
- if (l == 0L)
- return(0);
- else
- return((l > 0)?1:-1);
- }
-
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
- const SSL_CIPHER * const *bp)
- {
- long l;
-
- l=(*ap)->id-(*bp)->id;
- if (l == 0L)
- return(0);
- else
- return((l > 0)?1:-1);
- }
-
-/** return a STACK of the ciphers available for the SSL and in order of
- * preference */
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
- {
- if (s != NULL)
- {
- if (s->cipher_list != NULL)
- {
- return(s->cipher_list);
- }
- else if ((s->ctx != NULL) &&
- (s->ctx->cipher_list != NULL))
- {
- return(s->ctx->cipher_list);
- }
- }
- return(NULL);
- }
-
-/** return a STACK of the ciphers available for the SSL and in order of
- * algorithm id */
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
- {
- if (s != NULL)
- {
- if (s->cipher_list_by_id != NULL)
- {
- return(s->cipher_list_by_id);
- }
- else if ((s->ctx != NULL) &&
- (s->ctx->cipher_list_by_id != NULL))
- {
- return(s->ctx->cipher_list_by_id);
- }
- }
- return(NULL);
- }
-
-/** The old interface to get the same thing as SSL_get_ciphers() */
-const char *SSL_get_cipher_list(const SSL *s,int n)
- {
- SSL_CIPHER *c;
- STACK_OF(SSL_CIPHER) *sk;
-
- if (s == NULL) return(NULL);
- sk=SSL_get_ciphers(s);
- if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
- return(NULL);
- c=sk_SSL_CIPHER_value(sk,n);
- if (c == NULL) return(NULL);
- return(c->name);
- }
-
-/** specify the ciphers to be used by default by the SSL_CTX */
-int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
- {
- STACK_OF(SSL_CIPHER) *sk;
-
- sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
- &ctx->cipher_list_by_id,str);
- /* ssl_create_cipher_list may return an empty stack if it
- * was unable to find a cipher matching the given rule string
- * (for example if the rule string specifies a cipher which
- * has been disabled). This is not an error as far as
- * ssl_create_cipher_list is concerned, and hence
- * ctx->cipher_list and ctx->cipher_list_by_id has been
- * updated. */
- if (sk == NULL)
- return 0;
- else if (sk_SSL_CIPHER_num(sk) == 0)
- {
- SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
- return 0;
- }
- return 1;
- }
-
-/** specify the ciphers to be used by the SSL */
-int SSL_set_cipher_list(SSL *s,const char *str)
- {
- STACK_OF(SSL_CIPHER) *sk;
-
- sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
- &s->cipher_list_by_id,str);
- /* see comment in SSL_CTX_set_cipher_list */
- if (sk == NULL)
- return 0;
- else if (sk_SSL_CIPHER_num(sk) == 0)
- {
- SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
- return 0;
- }
- return 1;
- }
-
-/* works well for SSLv2, not so good for SSLv3 */
-char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
- {
- char *p;
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
- int i;
-
- if ((s->session == NULL) || (s->session->ciphers == NULL) ||
- (len < 2))
- return(NULL);
-
- p=buf;
- sk=s->session->ciphers;
-
- if (sk_SSL_CIPHER_num(sk) == 0)
- return NULL;
-
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- int n;
-
- c=sk_SSL_CIPHER_value(sk,i);
- n=strlen(c->name);
- if (n+1 > len)
- {
- if (p != buf)
- --p;
- *p='\0';
- return buf;
- }
- strcpy(p,c->name);
- p+=n;
- *(p++)=':';
- len-=n+1;
- }
- p[-1]='\0';
- return(buf);
- }
-
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
- int (*put_cb)(const SSL_CIPHER *, unsigned char *))
- {
- int i,j=0;
- SSL_CIPHER *c;
- unsigned char *q;
-#ifndef OPENSSL_NO_KRB5
- int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
-#endif /* OPENSSL_NO_KRB5 */
-
- if (sk == NULL) return(0);
- q=p;
- if (put_cb == NULL)
- put_cb = s->method->put_cipher_by_char;
-
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- c=sk_SSL_CIPHER_value(sk,i);
-#ifndef OPENSSL_NO_KRB5
- if ((c->algorithms & SSL_KRB5) && nokrb5)
- continue;
-#endif /* OPENSSL_NO_KRB5 */
-
- j = put_cb(c,p);
- p+=j;
- }
- /* If p == q, no ciphers; caller indicates an error.
- * Otherwise, add applicable SCSVs. */
- if (p != q)
- {
- if (!s->new_session)
- {
- static SSL_CIPHER scsv =
- {
- 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0,
- };
- j = put_cb(&scsv,p);
- p+=j;
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n");
-#endif
- }
-
- if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV)
- {
- static SSL_CIPHER scsv =
- {
- 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0,
- };
- j = put_cb(&scsv,p);
- p+=j;
- }
- }
-
- return(p-q);
- }
-
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
- STACK_OF(SSL_CIPHER) **skp)
- {
- SSL_CIPHER *c;
- STACK_OF(SSL_CIPHER) *sk;
- int i,n;
-
- if (s->s3)
- s->s3->send_connection_binding = 0;
-
- n=ssl_put_cipher_by_char(s,NULL,NULL);
- if (n == 0 || (num%n) != 0)
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
- return(NULL);
- }
- if ((skp == NULL) || (*skp == NULL))
- sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
- else
- {
- sk= *skp;
- sk_SSL_CIPHER_zero(sk);
- }
-
- for (i=0; i<num; i+=n)
- {
- /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
- if (s->s3 && (n != 3 || !p[0]) &&
- (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
- (p[n-1] == (SSL3_CK_SCSV & 0xff)))
- {
- /* SCSV fatal if renegotiating */
- if (s->new_session)
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- goto err;
- }
- s->s3->send_connection_binding = 1;
- p += n;
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "SCSV received by server\n");
-#endif
- continue;
- }
-
- /* Check for TLS_FALLBACK_SCSV */
- if ((n != 3 || !p[0]) &&
- (p[n-2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
- (p[n-1] == (SSL3_CK_FALLBACK_SCSV & 0xff)))
- {
- /* The SCSV indicates that the client previously tried a higher version.
- * Fail if the current version is an unexpected downgrade. */
- if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL))
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_INAPPROPRIATE_FALLBACK);
- if (s->s3)
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INAPPROPRIATE_FALLBACK);
- goto err;
- }
- continue;
- }
-
- c=ssl_get_cipher_by_char(s,p);
- p+=n;
- if (c != NULL)
- {
- if (!sk_SSL_CIPHER_push(sk,c))
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- }
-
- if (skp != NULL)
- *skp=sk;
- return(sk);
-err:
- if ((skp == NULL) || (*skp == NULL))
- sk_SSL_CIPHER_free(sk);
- return(NULL);
- }
-
-#ifndef OPENSSL_NO_TLSEXT
-/** return a servername extension value if provided in Client Hello, or NULL.
- * So far, only host_name types are defined (RFC 3546).
- */
-
-const char *SSL_get_servername(const SSL *s, const int type)
- {
- if (type != TLSEXT_NAMETYPE_host_name)
- return NULL;
-
- return s->session && !s->tlsext_hostname ?
- s->session->tlsext_hostname :
- s->tlsext_hostname;
- }
-
-int SSL_get_servername_type(const SSL *s)
- {
- if (s->session && (!s->tlsext_hostname ? s->session->tlsext_hostname : s->tlsext_hostname))
- return TLSEXT_NAMETYPE_host_name;
- return -1;
- }
-#endif
-
-unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
- {
- unsigned long l;
-
- l=(unsigned long)
- ((unsigned int) a->session_id[0] )|
- ((unsigned int) a->session_id[1]<< 8L)|
- ((unsigned long)a->session_id[2]<<16L)|
- ((unsigned long)a->session_id[3]<<24L);
- return(l);
- }
-
-/* NB: If this function (or indeed the hash function which uses a sort of
- * coarser function than this one) is changed, ensure
- * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
- * able to construct an SSL_SESSION that will collide with any existing session
- * with a matching session ID. */
-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
- {
- if (a->ssl_version != b->ssl_version)
- return(1);
- if (a->session_id_length != b->session_id_length)
- return(1);
- return(memcmp(a->session_id,b->session_id,a->session_id_length));
- }
-
-/* These wrapper functions should remain rather than redeclaring
- * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
- * variable. The reason is that the functions aren't static, they're exposed via
- * ssl.h. */
-static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *)
-static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *)
-
-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
- {
- SSL_CTX *ret=NULL;
-
- if (meth == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
- return(NULL);
- }
-
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && (meth->version < TLS1_VERSION))
- {
- SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
- return NULL;
- }
-#endif
-
- if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
- goto err;
- }
- ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
- if (ret == NULL)
- goto err;
-
- memset(ret,0,sizeof(SSL_CTX));
-
- ret->method=meth;
-
- ret->cert_store=NULL;
- ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
- ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
- ret->session_cache_head=NULL;
- ret->session_cache_tail=NULL;
-
- /* We take the system default */
- ret->session_timeout=meth->get_timeout();
-
- ret->new_session_cb=0;
- ret->remove_session_cb=0;
- ret->get_session_cb=0;
- ret->generate_session_id=0;
-
- memset((char *)&ret->stats,0,sizeof(ret->stats));
-
- ret->references=1;
- ret->quiet_shutdown=0;
-
-/* ret->cipher=NULL;*/
-/* ret->s2->challenge=NULL;
- ret->master_key=NULL;
- ret->key_arg=NULL;
- ret->s2->conn_id=NULL; */
-
- ret->info_callback=NULL;
-
- ret->app_verify_callback=0;
- ret->app_verify_arg=NULL;
-
- ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
- ret->read_ahead=0;
- ret->msg_callback=0;
- ret->msg_callback_arg=NULL;
- ret->verify_mode=SSL_VERIFY_NONE;
-#if 0
- ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
-#endif
- ret->sid_ctx_length=0;
- ret->default_verify_callback=NULL;
- if ((ret->cert=ssl_cert_new()) == NULL)
- goto err;
-
- ret->default_passwd_callback=0;
- ret->default_passwd_callback_userdata=NULL;
- ret->client_cert_cb=0;
- ret->app_gen_cookie_cb=0;
- ret->app_verify_cookie_cb=0;
-
- ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
- LHASH_COMP_FN(SSL_SESSION_cmp));
- if (ret->sessions == NULL) goto err;
- ret->cert_store=X509_STORE_new();
- if (ret->cert_store == NULL) goto err;
-
- ssl_create_cipher_list(ret->method,
- &ret->cipher_list,&ret->cipher_list_by_id,
- SSL_DEFAULT_CIPHER_LIST);
- if (ret->cipher_list == NULL
- || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
- goto err2;
- }
-
- ret->param = X509_VERIFY_PARAM_new();
- if (!ret->param)
- goto err;
-
- if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
- goto err2;
- }
- if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
- goto err2;
- }
- if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
- goto err2;
- }
-
- if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
- goto err;
-
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
-
- ret->extra_certs=NULL;
- /* No compression for DTLS */
- if (meth->version != DTLS1_VERSION)
- ret->comp_methods=SSL_COMP_get_compression_methods();
-
-#ifndef OPENSSL_NO_TLSEXT
- ret->tlsext_servername_callback = 0;
- ret->tlsext_servername_arg = NULL;
- /* Setup RFC4507 ticket keys */
- if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
- || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
- || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
- ret->options |= SSL_OP_NO_TICKET;
-
- ret->tlsext_status_cb = 0;
- ret->tlsext_status_arg = NULL;
-
-#endif
-
-#ifndef OPENSSL_NO_ENGINE
- ret->client_cert_engine = NULL;
-#ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
-#define eng_strx(x) #x
-#define eng_str(x) eng_strx(x)
- /* Use specific client engine automatically... ignore errors */
- {
- ENGINE *eng;
- eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
- if (!eng)
- {
- ERR_clear_error();
- ENGINE_load_builtin_engines();
- eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
- }
- if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
- ERR_clear_error();
- }
-#endif
-#endif
- /* Default is to connect to non-RI servers. When RI is more widely
- * deployed might change this.
- */
- ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
-
- return(ret);
-err:
- SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
-err2:
- if (ret != NULL) SSL_CTX_free(ret);
- return(NULL);
- }
-
-#if 0
-static void SSL_COMP_free(SSL_COMP *comp)
- { OPENSSL_free(comp); }
-#endif
-
-void SSL_CTX_free(SSL_CTX *a)
- {
- int i;
-
- if (a == NULL) return;
-
- i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
-#ifdef REF_PRINT
- REF_PRINT("SSL_CTX",a);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"SSL_CTX_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- if (a->param)
- X509_VERIFY_PARAM_free(a->param);
-
- /*
- * Free internal session cache. However: the remove_cb() may reference
- * the ex_data of SSL_CTX, thus the ex_data store can only be removed
- * after the sessions were flushed.
- * As the ex_data handling routines might also touch the session cache,
- * the most secure solution seems to be: empty (flush) the cache, then
- * free ex_data, then finally free the cache.
- * (See ticket [openssl.org #212].)
- */
- if (a->sessions != NULL)
- SSL_CTX_flush_sessions(a,0);
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
-
- if (a->sessions != NULL)
- lh_free(a->sessions);
-
- if (a->cert_store != NULL)
- X509_STORE_free(a->cert_store);
- if (a->cipher_list != NULL)
- sk_SSL_CIPHER_free(a->cipher_list);
- if (a->cipher_list_by_id != NULL)
- sk_SSL_CIPHER_free(a->cipher_list_by_id);
- if (a->cert != NULL)
- ssl_cert_free(a->cert);
- if (a->client_CA != NULL)
- sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
- if (a->extra_certs != NULL)
- sk_X509_pop_free(a->extra_certs,X509_free);
-#if 0 /* This should never be done, since it removes a global database */
- if (a->comp_methods != NULL)
- sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
-#else
- a->comp_methods = NULL;
-#endif
-#ifndef OPENSSL_NO_ENGINE
- if (a->client_cert_engine)
- ENGINE_finish(a->client_cert_engine);
-#endif
- OPENSSL_free(a);
- }
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
- {
- ctx->default_passwd_callback=cb;
- }
-
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
- {
- ctx->default_passwd_callback_userdata=u;
- }
-
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
- {
- ctx->app_verify_callback=cb;
- ctx->app_verify_arg=arg;
- }
-
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
- {
- ctx->verify_mode=mode;
- ctx->default_verify_callback=cb;
- }
-
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
- {
- X509_VERIFY_PARAM_set_depth(ctx->param, depth);
- }
-
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
- {
- CERT_PKEY *cpk;
- int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
- int rsa_enc_export,dh_rsa_export,dh_dsa_export;
- int rsa_tmp_export,dh_tmp_export,kl;
- unsigned long mask,emask;
- int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
-#ifndef OPENSSL_NO_ECDH
- int have_ecdh_tmp;
-#endif
- X509 *x = NULL;
- EVP_PKEY *ecc_pkey = NULL;
- int signature_nid = 0;
-
- if (c == NULL) return;
-
- kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
-
-#ifndef OPENSSL_NO_RSA
- rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
- rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
- (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
-#else
- rsa_tmp=rsa_tmp_export=0;
-#endif
-#ifndef OPENSSL_NO_DH
- dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
- dh_tmp_export=(c->dh_tmp_cb != NULL ||
- (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
-#else
- dh_tmp=dh_tmp_export=0;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
-#endif
- cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
- rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
- rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
- cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
- rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
- cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
- dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
- cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
- dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
- dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
- cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
-/* FIX THIS EAY EAY EAY */
- dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
- dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
- cpk= &(c->pkeys[SSL_PKEY_ECC]);
- have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
- mask=0;
- emask=0;
-
-#ifdef CIPHER_DEBUG
- printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
- rsa_tmp,rsa_tmp_export,dh_tmp,
- rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
-#endif
-
- if (rsa_enc || (rsa_tmp && rsa_sign))
- mask|=SSL_kRSA;
- if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
- emask|=SSL_kRSA;
-
-#if 0
- /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
- if ( (dh_tmp || dh_rsa || dh_dsa) &&
- (rsa_enc || rsa_sign || dsa_sign))
- mask|=SSL_kEDH;
- if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
- (rsa_enc || rsa_sign || dsa_sign))
- emask|=SSL_kEDH;
-#endif
-
- if (dh_tmp_export)
- emask|=SSL_kEDH;
-
- if (dh_tmp)
- mask|=SSL_kEDH;
-
- if (dh_rsa) mask|=SSL_kDHr;
- if (dh_rsa_export) emask|=SSL_kDHr;
-
- if (dh_dsa) mask|=SSL_kDHd;
- if (dh_dsa_export) emask|=SSL_kDHd;
-
- if (rsa_enc || rsa_sign)
- {
- mask|=SSL_aRSA;
- emask|=SSL_aRSA;
- }
-
- if (dsa_sign)
- {
- mask|=SSL_aDSS;
- emask|=SSL_aDSS;
- }
-
- mask|=SSL_aNULL;
- emask|=SSL_aNULL;
-
-#ifndef OPENSSL_NO_KRB5
- mask|=SSL_kKRB5|SSL_aKRB5;
- emask|=SSL_kKRB5|SSL_aKRB5;
-#endif
-
- /* An ECC certificate may be usable for ECDH and/or
- * ECDSA cipher suites depending on the key usage extension.
- */
- if (have_ecc_cert)
- {
- /* This call populates extension flags (ex_flags) */
- x = (c->pkeys[SSL_PKEY_ECC]).x509;
- X509_check_purpose(x, -1, 0);
- ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
- (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
- ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
- (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
- ecc_pkey = X509_get_pubkey(x);
- ecc_pkey_size = (ecc_pkey != NULL) ?
- EVP_PKEY_bits(ecc_pkey) : 0;
- EVP_PKEY_free(ecc_pkey);
- if ((x->sig_alg) && (x->sig_alg->algorithm))
- signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-#ifndef OPENSSL_NO_ECDH
- if (ecdh_ok)
- {
- if ((signature_nid == NID_md5WithRSAEncryption) ||
- (signature_nid == NID_md4WithRSAEncryption) ||
- (signature_nid == NID_md2WithRSAEncryption))
- {
- mask|=SSL_kECDH|SSL_aRSA;
- if (ecc_pkey_size <= 163)
- emask|=SSL_kECDH|SSL_aRSA;
- }
- if (signature_nid == NID_ecdsa_with_SHA1)
- {
- mask|=SSL_kECDH|SSL_aECDSA;
- if (ecc_pkey_size <= 163)
- emask|=SSL_kECDH|SSL_aECDSA;
- }
- }
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (ecdsa_ok)
- {
- mask|=SSL_aECDSA;
- emask|=SSL_aECDSA;
- }
-#endif
- }
-
-#ifndef OPENSSL_NO_ECDH
- if (have_ecdh_tmp)
- {
- mask|=SSL_kECDHE;
- emask|=SSL_kECDHE;
- }
-#endif
- c->mask=mask;
- c->export_mask=emask;
- c->valid=1;
- }
-
-/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
-#define ku_reject(x, usage) \
- (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-
-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
- {
- unsigned long alg = cs->algorithms;
- EVP_PKEY *pkey = NULL;
- int keysize = 0;
- int signature_nid = 0;
-
- if (SSL_C_IS_EXPORT(cs))
- {
- /* ECDH key length in export ciphers must be <= 163 bits */
- pkey = X509_get_pubkey(x);
- if (pkey == NULL) return 0;
- keysize = EVP_PKEY_bits(pkey);
- EVP_PKEY_free(pkey);
- if (keysize > 163) return 0;
- }
-
- /* This call populates the ex_flags field correctly */
- X509_check_purpose(x, -1, 0);
- if ((x->sig_alg) && (x->sig_alg->algorithm))
- signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
- if (alg & SSL_kECDH)
- {
- /* key usage, if present, must allow key agreement */
- if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
- {
- return 0;
- }
- if (alg & SSL_aECDSA)
- {
- /* signature alg must be ECDSA */
- if (signature_nid != NID_ecdsa_with_SHA1)
- {
- return 0;
- }
- }
- if (alg & SSL_aRSA)
- {
- /* signature alg must be RSA */
- if ((signature_nid != NID_md5WithRSAEncryption) &&
- (signature_nid != NID_md4WithRSAEncryption) &&
- (signature_nid != NID_md2WithRSAEncryption))
- {
- return 0;
- }
- }
- }
- else if (alg & SSL_aECDSA)
- {
- /* key usage, if present, must allow signing */
- if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
- {
- return 0;
- }
- }
-
- return 1; /* all checks are ok */
- }
-
-/* THIS NEEDS CLEANING UP */
-CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
- {
- unsigned long alg,kalg;
- CERT *c;
- int i;
-
- c=s->cert;
- ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
- alg=s->s3->tmp.new_cipher->algorithms;
- kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-
- if (kalg & SSL_kECDH)
- {
- /* we don't need to look at SSL_kECDHE
- * since no certificate is needed for
- * anon ECDH and for authenticated
- * ECDHE, the check for the auth
- * algorithm will set i correctly
- * NOTE: For ECDH-RSA, we need an ECC
- * not an RSA cert but for ECDHE-RSA
- * we need an RSA cert. Placing the
- * checks for SSL_kECDH before RSA
- * checks ensures the correct cert is chosen.
- */
- i=SSL_PKEY_ECC;
- }
- else if (kalg & SSL_aECDSA)
- {
- i=SSL_PKEY_ECC;
- }
- else if (kalg & SSL_kDHr)
- i=SSL_PKEY_DH_RSA;
- else if (kalg & SSL_kDHd)
- i=SSL_PKEY_DH_DSA;
- else if (kalg & SSL_aDSS)
- i=SSL_PKEY_DSA_SIGN;
- else if (kalg & SSL_aRSA)
- {
- if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
- i=SSL_PKEY_RSA_SIGN;
- else
- i=SSL_PKEY_RSA_ENC;
- }
- else if (kalg & SSL_aKRB5)
- {
- /* VRS something else here? */
- return(NULL);
- }
- else /* if (kalg & SSL_aNULL) */
- {
- SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR);
- return(NULL);
- }
-
- return c->pkeys + i;
- }
-
-X509 *ssl_get_server_send_cert(const SSL *s)
- {
- CERT_PKEY *cpk;
- cpk = ssl_get_server_send_pkey(s);
- if (!cpk)
- return NULL;
- return cpk->x509;
- }
-
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
- {
- unsigned long alg;
- CERT *c;
-
- alg=cipher->algorithms;
- c=s->cert;
-
- if ((alg & SSL_aDSS) &&
- (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
- return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
- else if (alg & SSL_aRSA)
- {
- if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
- return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
- else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
- return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
- else
- return(NULL);
- }
- else if ((alg & SSL_aECDSA) &&
- (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
- return(c->pkeys[SSL_PKEY_ECC].privatekey);
- else /* if (alg & SSL_aNULL) */
- {
- SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
- return(NULL);
- }
- }
-
-void ssl_update_cache(SSL *s,int mode)
- {
- int i;
-
- /* If the session_id_length is 0, we are not supposed to cache it,
- * and it would be rather hard to do anyway :-) */
- if (s->session->session_id_length == 0) return;
-
- i=s->ctx->session_cache_mode;
- if ((i & mode) && (!s->hit)
- && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
- || SSL_CTX_add_session(s->ctx,s->session))
- && (s->ctx->new_session_cb != NULL))
- {
- CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
- if (!s->ctx->new_session_cb(s,s->session))
- SSL_SESSION_free(s->session);
- }
-
- /* auto flush every 255 connections */
- if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
- ((i & mode) == mode))
- {
- if ( (((mode & SSL_SESS_CACHE_CLIENT)
- ?s->ctx->stats.sess_connect_good
- :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
- {
- SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL));
- }
- }
- }
-
-SSL_METHOD *SSL_get_ssl_method(SSL *s)
- {
- return(s->method);
- }
-
-int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
- {
- int conn= -1;
- int ret=1;
-
- if (s->method != meth)
- {
- if (s->handshake_func != NULL)
- conn=(s->handshake_func == s->method->ssl_connect);
-
- if (s->method->version == meth->version)
- s->method=meth;
- else
- {
- s->method->ssl_free(s);
- s->method=meth;
- ret=s->method->ssl_new(s);
- }
-
- if (conn == 1)
- s->handshake_func=meth->ssl_connect;
- else if (conn == 0)
- s->handshake_func=meth->ssl_accept;
- }
- return(ret);
- }
-
-int SSL_get_error(const SSL *s,int i)
- {
- int reason;
- unsigned long l;
- BIO *bio;
-
- if (i > 0) return(SSL_ERROR_NONE);
-
- /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
- * etc, where we do encode the error */
- if ((l=ERR_peek_error()) != 0)
- {
- if (ERR_GET_LIB(l) == ERR_LIB_SYS)
- return(SSL_ERROR_SYSCALL);
- else
- return(SSL_ERROR_SSL);
- }
-
- if ((i < 0) && SSL_want_read(s))
- {
- bio=SSL_get_rbio(s);
- if (BIO_should_read(bio))
- return(SSL_ERROR_WANT_READ);
- else if (BIO_should_write(bio))
- /* This one doesn't make too much sense ... We never try
- * to write to the rbio, and an application program where
- * rbio and wbio are separate couldn't even know what it
- * should wait for.
- * However if we ever set s->rwstate incorrectly
- * (so that we have SSL_want_read(s) instead of
- * SSL_want_write(s)) and rbio and wbio *are* the same,
- * this test works around that bug; so it might be safer
- * to keep it. */
- return(SSL_ERROR_WANT_WRITE);
- else if (BIO_should_io_special(bio))
- {
- reason=BIO_get_retry_reason(bio);
- if (reason == BIO_RR_CONNECT)
- return(SSL_ERROR_WANT_CONNECT);
- else if (reason == BIO_RR_ACCEPT)
- return(SSL_ERROR_WANT_ACCEPT);
- else
- return(SSL_ERROR_SYSCALL); /* unknown */
- }
- }
-
- if ((i < 0) && SSL_want_write(s))
- {
- bio=SSL_get_wbio(s);
- if (BIO_should_write(bio))
- return(SSL_ERROR_WANT_WRITE);
- else if (BIO_should_read(bio))
- /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
- return(SSL_ERROR_WANT_READ);
- else if (BIO_should_io_special(bio))
- {
- reason=BIO_get_retry_reason(bio);
- if (reason == BIO_RR_CONNECT)
- return(SSL_ERROR_WANT_CONNECT);
- else if (reason == BIO_RR_ACCEPT)
- return(SSL_ERROR_WANT_ACCEPT);
- else
- return(SSL_ERROR_SYSCALL);
- }
- }
- if ((i < 0) && SSL_want_x509_lookup(s))
- {
- return(SSL_ERROR_WANT_X509_LOOKUP);
- }
-
- if (i == 0)
- {
- if (s->version == SSL2_VERSION)
- {
- /* assume it is the socket being closed */
- return(SSL_ERROR_ZERO_RETURN);
- }
- else
- {
- if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
- (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
- return(SSL_ERROR_ZERO_RETURN);
- }
- }
- return(SSL_ERROR_SYSCALL);
- }
-
-int SSL_do_handshake(SSL *s)
- {
- int ret=1;
-
- if (s->handshake_func == NULL)
- {
- SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
- return(-1);
- }
-
- s->method->ssl_renegotiate_check(s);
-
- if (SSL_in_init(s) || SSL_in_before(s))
- {
- ret=s->handshake_func(s);
- }
- return(ret);
- }
-
-/* For the next 2 functions, SSL_clear() sets shutdown and so
- * one of these calls will reset it */
-void SSL_set_accept_state(SSL *s)
- {
- s->server=1;
- s->shutdown=0;
- s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
- s->handshake_func=s->method->ssl_accept;
- /* clear the current cipher */
- ssl_clear_cipher_ctx(s);
- }
-
-void SSL_set_connect_state(SSL *s)
- {
- s->server=0;
- s->shutdown=0;
- s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
- s->handshake_func=s->method->ssl_connect;
- /* clear the current cipher */
- ssl_clear_cipher_ctx(s);
- }
-
-int ssl_undefined_function(SSL *s)
- {
- SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
-
-int ssl_undefined_void_function(void)
- {
- SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
-
-int ssl_undefined_const_function(const SSL *s)
- {
- SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
-
-SSL_METHOD *ssl_bad_method(int ver)
- {
- SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(NULL);
- }
-
-const char *SSL_get_version(const SSL *s)
- {
- if (s->version == TLS1_VERSION)
- return("TLSv1");
- else if (s->version == SSL3_VERSION)
- return("SSLv3");
- else if (s->version == SSL2_VERSION)
- return("SSLv2");
- else
- return("unknown");
- }
-
-SSL *SSL_dup(SSL *s)
- {
- STACK_OF(X509_NAME) *sk;
- X509_NAME *xn;
- SSL *ret;
- int i;
-
- if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
- return(NULL);
-
- ret->version = s->version;
- ret->type = s->type;
- ret->method = s->method;
-
- if (s->session != NULL)
- {
- /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
- SSL_copy_session_id(ret,s);
- }
- else
- {
- /* No session has been established yet, so we have to expect
- * that s->cert or ret->cert will be changed later --
- * they should not both point to the same object,
- * and thus we can't use SSL_copy_session_id. */
-
- ret->method->ssl_free(ret);
- ret->method = s->method;
- ret->method->ssl_new(ret);
-
- if (s->cert != NULL)
- {
- if (ret->cert != NULL)
- {
- ssl_cert_free(ret->cert);
- }
- ret->cert = ssl_cert_dup(s->cert);
- if (ret->cert == NULL)
- goto err;
- }
-
- SSL_set_session_id_context(ret,
- s->sid_ctx, s->sid_ctx_length);
- }
-
- ret->options=s->options;
- ret->mode=s->mode;
- SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
- SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
- ret->msg_callback = s->msg_callback;
- ret->msg_callback_arg = s->msg_callback_arg;
- SSL_set_verify(ret,SSL_get_verify_mode(s),
- SSL_get_verify_callback(s));
- SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
- ret->generate_session_id = s->generate_session_id;
-
- SSL_set_info_callback(ret,SSL_get_info_callback(s));
-
- ret->debug=s->debug;
-
- /* copy app data, a little dangerous perhaps */
- if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
- goto err;
-
- /* setup rbio, and wbio */
- if (s->rbio != NULL)
- {
- if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
- goto err;
- }
- if (s->wbio != NULL)
- {
- if (s->wbio != s->rbio)
- {
- if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
- goto err;
- }
- else
- ret->wbio=ret->rbio;
- }
- ret->rwstate = s->rwstate;
- ret->in_handshake = s->in_handshake;
- ret->handshake_func = s->handshake_func;
- ret->server = s->server;
- ret->new_session = s->new_session;
- ret->quiet_shutdown = s->quiet_shutdown;
- ret->shutdown=s->shutdown;
- ret->state=s->state; /* SSL_dup does not really work at any state, though */
- ret->rstate=s->rstate;
- ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
- ret->hit=s->hit;
-
- X509_VERIFY_PARAM_inherit(ret->param, s->param);
-
- /* dup the cipher_list and cipher_list_by_id stacks */
- if (s->cipher_list != NULL)
- {
- if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
- goto err;
- }
- if (s->cipher_list_by_id != NULL)
- if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
- == NULL)
- goto err;
-
- /* Dup the client_CA list */
- if (s->client_CA != NULL)
- {
- if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
- ret->client_CA=sk;
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- xn=sk_X509_NAME_value(sk,i);
- if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
- {
- X509_NAME_free(xn);
- goto err;
- }
- }
- }
-
- if (0)
- {
-err:
- if (ret != NULL) SSL_free(ret);
- ret=NULL;
- }
- return(ret);
- }
-
-void ssl_clear_cipher_ctx(SSL *s)
- {
- if (s->enc_read_ctx != NULL)
- {
- EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
- OPENSSL_free(s->enc_read_ctx);
- s->enc_read_ctx=NULL;
- }
- if (s->enc_write_ctx != NULL)
- {
- EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
- OPENSSL_free(s->enc_write_ctx);
- s->enc_write_ctx=NULL;
- }
-#ifndef OPENSSL_NO_COMP
- if (s->expand != NULL)
- {
- COMP_CTX_free(s->expand);
- s->expand=NULL;
- }
- if (s->compress != NULL)
- {
- COMP_CTX_free(s->compress);
- s->compress=NULL;
- }
-#endif
- }
-
-/* Fix this function so that it takes an optional type parameter */
-X509 *SSL_get_certificate(const SSL *s)
- {
- if (s->cert != NULL)
- return(s->cert->key->x509);
- else
- return(NULL);
- }
-
-/* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(SSL *s)
- {
- if (s->cert != NULL)
- return(s->cert->key->privatekey);
- else
- return(NULL);
- }
-
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
- {
- if ((s->session != NULL) && (s->session->cipher != NULL))
- return(s->session->cipher);
- return(NULL);
- }
-#ifdef OPENSSL_NO_COMP
-const void *SSL_get_current_compression(SSL *s)
- {
- return NULL;
- }
-const void *SSL_get_current_expansion(SSL *s)
- {
- return NULL;
- }
-#else
-
-const COMP_METHOD *SSL_get_current_compression(SSL *s)
- {
- if (s->compress != NULL)
- return(s->compress->meth);
- return(NULL);
- }
-
-const COMP_METHOD *SSL_get_current_expansion(SSL *s)
- {
- if (s->expand != NULL)
- return(s->expand->meth);
- return(NULL);
- }
-#endif
-
-int ssl_init_wbio_buffer(SSL *s,int push)
- {
- BIO *bbio;
-
- if (s->bbio == NULL)
- {
- bbio=BIO_new(BIO_f_buffer());
- if (bbio == NULL) return(0);
- s->bbio=bbio;
- }
- else
- {
- bbio=s->bbio;
- if (s->bbio == s->wbio)
- s->wbio=BIO_pop(s->wbio);
- }
- (void)BIO_reset(bbio);
-/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
- if (!BIO_set_read_buffer_size(bbio,1))
- {
- SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
- return(0);
- }
- if (push)
- {
- if (s->wbio != bbio)
- s->wbio=BIO_push(bbio,s->wbio);
- }
- else
- {
- if (s->wbio == bbio)
- s->wbio=BIO_pop(bbio);
- }
- return(1);
- }
-
-void ssl_free_wbio_buffer(SSL *s)
- {
- if (s->bbio == NULL) return;
-
- if (s->bbio == s->wbio)
- {
- /* remove buffering */
- s->wbio=BIO_pop(s->wbio);
-#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
- assert(s->wbio != NULL);
-#endif
- }
- BIO_free(s->bbio);
- s->bbio=NULL;
- }
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
- {
- ctx->quiet_shutdown=mode;
- }
-
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
- {
- return(ctx->quiet_shutdown);
- }
-
-void SSL_set_quiet_shutdown(SSL *s,int mode)
- {
- s->quiet_shutdown=mode;
- }
-
-int SSL_get_quiet_shutdown(const SSL *s)
- {
- return(s->quiet_shutdown);
- }
-
-void SSL_set_shutdown(SSL *s,int mode)
- {
- s->shutdown=mode;
- }
-
-int SSL_get_shutdown(const SSL *s)
- {
- return(s->shutdown);
- }
-
-int SSL_version(const SSL *s)
- {
- return(s->version);
- }
-
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
- {
- return(ssl->ctx);
- }
-
-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
- {
- if (ssl->ctx == ctx)
- return ssl->ctx;
-#ifndef OPENSSL_NO_TLSEXT
- if (ctx == NULL)
- ctx = ssl->initial_ctx;
-#endif
- if (ssl->cert != NULL)
- ssl_cert_free(ssl->cert);
- ssl->cert = ssl_cert_dup(ctx->cert);
- CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
- if (ssl->ctx != NULL)
- SSL_CTX_free(ssl->ctx); /* decrement reference count */
- ssl->ctx = ctx;
- return(ssl->ctx);
- }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
- {
- return(X509_STORE_set_default_paths(ctx->cert_store));
- }
-
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
- const char *CApath)
- {
- return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
- }
-#endif
-
-void SSL_set_info_callback(SSL *ssl,
- void (*cb)(const SSL *ssl,int type,int val))
- {
- ssl->info_callback=cb;
- }
-
-/* One compiler (Diab DCC) doesn't like argument names in returned
- function pointer. */
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
- {
- return ssl->info_callback;
- }
-
-int SSL_state(const SSL *ssl)
- {
- return(ssl->state);
- }
-
-void SSL_set_verify_result(SSL *ssl,long arg)
- {
- ssl->verify_result=arg;
- }
-
-long SSL_get_verify_result(const SSL *ssl)
- {
- return(ssl->verify_result);
- }
-
-int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int SSL_set_ex_data(SSL *s,int idx,void *arg)
- {
- return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
- }
-
-void *SSL_get_ex_data(const SSL *s,int idx)
- {
- return(CRYPTO_get_ex_data(&s->ex_data,idx));
- }
-
-int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
- {
- return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
- }
-
-void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)
- {
- return(CRYPTO_get_ex_data(&s->ex_data,idx));
- }
-
-int ssl_ok(SSL *s)
- {
- return(1);
- }
-
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
- {
- return(ctx->cert_store);
- }
-
-void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
- {
- if (ctx->cert_store != NULL)
- X509_STORE_free(ctx->cert_store);
- ctx->cert_store=store;
- }
-
-int SSL_want(const SSL *s)
- {
- return(s->rwstate);
- }
-
-/*!
- * \brief Set the callback for generating temporary RSA keys.
- * \param ctx the SSL context.
- * \param cb the callback
- */
-
-#ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
- int is_export,
- int keylength))
- {
- SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
- }
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
- int is_export,
- int keylength))
- {
- SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
- }
-#endif
-
-#ifdef DOXYGEN
-/*!
- * \brief The RSA temporary key callback function.
- * \param ssl the SSL session.
- * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
- * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
- * of the required key in bits.
- * \return the temporary RSA key.
- * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
- */
-
-RSA *cb(SSL *ssl,int is_export,int keylength)
- {}
-#endif
-
-/*!
- * \brief Set the callback for generating temporary DH keys.
- * \param ctx the SSL context.
- * \param dh the callback
- */
-
-#ifndef OPENSSL_NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
- int keylength))
- {
- SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
- }
-
-void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
- int keylength))
- {
- SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
- int keylength))
- {
- SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
- }
-
-void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
- int keylength))
- {
- SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
- }
-#endif
-
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
- {
- SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
- }
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
- {
- SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
- }
-
-
-
-#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
-#include "../crypto/bio/bss_file.c"
-#endif
-
-IMPLEMENT_STACK_OF(SSL_CIPHER)
-IMPLEMENT_STACK_OF(SSL_COMP)
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_lib.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2772 @@
+/*
+ * ! \file ssl/ssl_lib.c \brief Version independent SSL functions.
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifdef REF_CHECK
+# include <assert.h>
+#endif
+#include <stdio.h>
+#include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/objects.h>
+#include <openssl/lhash.h>
+#include <openssl/x509v3.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+const char *SSL_version_str = OPENSSL_VERSION_TEXT;
+
+SSL3_ENC_METHOD ssl3_undef_enc_method = {
+ /*
+ * evil casts, but these functions are only called if there's a library
+ * bug
+ */
+ (int (*)(SSL *, int))ssl_undefined_function,
+ (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
+ ssl_undefined_function,
+ (int (*)(SSL *, unsigned char *, unsigned char *, int))
+ ssl_undefined_function,
+ (int (*)(SSL *, int))ssl_undefined_function,
+ (int (*)
+ (SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int,
+ unsigned char *))ssl_undefined_function,
+ 0, /* finish_mac_length */
+ (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
+ NULL, /* client_finished_label */
+ 0, /* client_finished_label_len */
+ NULL, /* server_finished_label */
+ 0, /* server_finished_label_len */
+ (int (*)(int))ssl_undefined_function
+};
+
+int SSL_clear(SSL *s)
+{
+
+ if (s->method == NULL) {
+ SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
+ return (0);
+ }
+
+ if (ssl_clear_bad_session(s)) {
+ SSL_SESSION_free(s->session);
+ s->session = NULL;
+ }
+
+ s->error = 0;
+ s->hit = 0;
+ s->shutdown = 0;
+
+#if 0
+ /*
+ * Disabled since version 1.10 of this file (early return not
+ * needed because SSL_clear is not called when doing renegotiation)
+ */
+ /*
+ * This is set if we are doing dynamic renegotiation so keep
+ * the old cipher. It is sort of a SSL_clear_lite :-)
+ */
+ if (s->new_session)
+ return (1);
+#else
+ if (s->new_session) {
+ SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+#endif
+
+ s->type = 0;
+
+ s->state = SSL_ST_BEFORE | ((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
+
+ s->version = s->method->version;
+ s->client_version = s->version;
+ s->rwstate = SSL_NOTHING;
+ s->rstate = SSL_ST_READ_HEADER;
+#if 0
+ s->read_ahead = s->ctx->read_ahead;
+#endif
+
+ if (s->init_buf != NULL) {
+ BUF_MEM_free(s->init_buf);
+ s->init_buf = NULL;
+ }
+
+ ssl_clear_cipher_ctx(s);
+
+ s->first_packet = 0;
+
+#if 1
+ /*
+ * Check to see if we were changed into a different method, if so, revert
+ * back if we are not doing session-id reuse.
+ */
+ if (!s->in_handshake && (s->session == NULL)
+ && (s->method != s->ctx->method)) {
+ s->method->ssl_free(s);
+ s->method = s->ctx->method;
+ if (!s->method->ssl_new(s))
+ return (0);
+ } else
+#endif
+ s->method->ssl_clear(s);
+ return (1);
+}
+
+/** Used to change an SSL_CTXs default SSL method type */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth)
+{
+ STACK_OF(SSL_CIPHER) *sk;
+
+ ctx->method = meth;
+
+ sk = ssl_create_cipher_list(ctx->method, &(ctx->cipher_list),
+ &(ctx->cipher_list_by_id),
+ SSL_DEFAULT_CIPHER_LIST);
+ if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
+ SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,
+ SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+ return (0);
+ }
+ return (1);
+}
+
+SSL *SSL_new(SSL_CTX *ctx)
+{
+ SSL *s;
+
+ if (ctx == NULL) {
+ SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
+ return (NULL);
+ }
+ if (ctx->method == NULL) {
+ SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
+ return (NULL);
+ }
+
+ s = (SSL *)OPENSSL_malloc(sizeof(SSL));
+ if (s == NULL)
+ goto err;
+ memset(s, 0, sizeof(SSL));
+
+#ifndef OPENSSL_NO_KRB5
+ s->kssl_ctx = kssl_ctx_new();
+#endif /* OPENSSL_NO_KRB5 */
+
+ s->options = ctx->options;
+ s->mode = ctx->mode;
+ s->max_cert_list = ctx->max_cert_list;
+
+ if (ctx->cert != NULL) {
+ /*
+ * Earlier library versions used to copy the pointer to the CERT, not
+ * its contents; only when setting new parameters for the per-SSL
+ * copy, ssl_cert_new would be called (and the direct reference to
+ * the per-SSL_CTX settings would be lost, but those still were
+ * indirectly accessed for various purposes, and for that reason they
+ * used to be known as s->ctx->default_cert). Now we don't look at the
+ * SSL_CTX's CERT after having duplicated it once.
+ */
+
+ s->cert = ssl_cert_dup(ctx->cert);
+ if (s->cert == NULL)
+ goto err;
+ } else
+ s->cert = NULL; /* Cannot really happen (see SSL_CTX_new) */
+
+ s->read_ahead = ctx->read_ahead;
+ s->msg_callback = ctx->msg_callback;
+ s->msg_callback_arg = ctx->msg_callback_arg;
+ s->verify_mode = ctx->verify_mode;
+#if 0
+ s->verify_depth = ctx->verify_depth;
+#endif
+ s->sid_ctx_length = ctx->sid_ctx_length;
+ OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
+ memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
+ s->verify_callback = ctx->default_verify_callback;
+ s->generate_session_id = ctx->generate_session_id;
+
+ s->param = X509_VERIFY_PARAM_new();
+ if (!s->param)
+ goto err;
+ X509_VERIFY_PARAM_inherit(s->param, ctx->param);
+#if 0
+ s->purpose = ctx->purpose;
+ s->trust = ctx->trust;
+#endif
+ s->quiet_shutdown = ctx->quiet_shutdown;
+
+ CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
+ s->ctx = ctx;
+#ifndef OPENSSL_NO_TLSEXT
+ s->tlsext_debug_cb = 0;
+ s->tlsext_debug_arg = NULL;
+ s->tlsext_ticket_expected = 0;
+ s->tlsext_status_type = -1;
+ s->tlsext_status_expected = 0;
+ s->tlsext_ocsp_ids = NULL;
+ s->tlsext_ocsp_exts = NULL;
+ s->tlsext_ocsp_resp = NULL;
+ s->tlsext_ocsp_resplen = -1;
+ CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
+ s->initial_ctx = ctx;
+#endif
+ s->verify_result = X509_V_OK;
+
+ s->method = ctx->method;
+
+ if (!s->method->ssl_new(s))
+ goto err;
+
+ s->references = 1;
+ s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
+
+ SSL_clear(s);
+
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+
+ return (s);
+ err:
+ if (s != NULL) {
+ if (s->cert != NULL)
+ ssl_cert_free(s->cert);
+ if (s->ctx != NULL)
+ SSL_CTX_free(s->ctx); /* decrement reference count */
+ OPENSSL_free(s);
+ }
+ SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+ return (NULL);
+}
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len)
+{
+ if (sid_ctx_len > sizeof ctx->sid_ctx) {
+ SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
+ SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+ return 0;
+ }
+ ctx->sid_ctx_length = sid_ctx_len;
+ memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
+
+ return 1;
+}
+
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+ unsigned int sid_ctx_len)
+{
+ if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+ SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
+ SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+ return 0;
+ }
+ ssl->sid_ctx_length = sid_ctx_len;
+ memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
+
+ return 1;
+}
+
+int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
+{
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+ ctx->generate_session_id = cb;
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+ return 1;
+}
+
+int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
+{
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+ ssl->generate_session_id = cb;
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+ return 1;
+}
+
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+ unsigned int id_len)
+{
+ /*
+ * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
+ * we can "construct" a session to give us the desired check - ie. to
+ * find if there's a session in the hash table that would conflict with
+ * any new session built out of this id/id_len and the ssl_version in use
+ * by this SSL.
+ */
+ SSL_SESSION r, *p;
+
+ if (id_len > sizeof r.session_id)
+ return 0;
+
+ r.ssl_version = ssl->version;
+ r.session_id_length = id_len;
+ memcpy(r.session_id, id, id_len);
+ /*
+ * NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
+ * callback is calling us to check the uniqueness of a shorter ID, it
+ * must be compared as a padded-out ID because that is what it will be
+ * converted to when the callback has finished choosing it.
+ */
+ if ((r.ssl_version == SSL2_VERSION) &&
+ (id_len < SSL2_SSL_SESSION_ID_LENGTH)) {
+ memset(r.session_id + id_len, 0, SSL2_SSL_SESSION_ID_LENGTH - id_len);
+ r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
+ }
+
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+ p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+ return (p != NULL);
+}
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
+{
+ return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+}
+
+int SSL_set_purpose(SSL *s, int purpose)
+{
+ return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+}
+
+int SSL_CTX_set_trust(SSL_CTX *s, int trust)
+{
+ return X509_VERIFY_PARAM_set_trust(s->param, trust);
+}
+
+int SSL_set_trust(SSL *s, int trust)
+{
+ return X509_VERIFY_PARAM_set_trust(s->param, trust);
+}
+
+void SSL_free(SSL *s)
+{
+ int i;
+
+ if (s == NULL)
+ return;
+
+ i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
+#ifdef REF_PRINT
+ REF_PRINT("SSL", s);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "SSL_free, bad reference count\n");
+ abort(); /* ok */
+ }
+#endif
+
+ if (s->param)
+ X509_VERIFY_PARAM_free(s->param);
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+
+ if (s->bbio != NULL) {
+ /* If the buffering BIO is in place, pop it off */
+ if (s->bbio == s->wbio) {
+ s->wbio = BIO_pop(s->wbio);
+ }
+ BIO_free(s->bbio);
+ s->bbio = NULL;
+ }
+ if (s->rbio != NULL)
+ BIO_free_all(s->rbio);
+ if ((s->wbio != NULL) && (s->wbio != s->rbio))
+ BIO_free_all(s->wbio);
+
+ if (s->init_buf != NULL)
+ BUF_MEM_free(s->init_buf);
+
+ /* add extra stuff */
+ if (s->cipher_list != NULL)
+ sk_SSL_CIPHER_free(s->cipher_list);
+ if (s->cipher_list_by_id != NULL)
+ sk_SSL_CIPHER_free(s->cipher_list_by_id);
+
+ /* Make the next call work :-) */
+ if (s->session != NULL) {
+ ssl_clear_bad_session(s);
+ SSL_SESSION_free(s->session);
+ }
+
+ ssl_clear_cipher_ctx(s);
+
+ if (s->cert != NULL)
+ ssl_cert_free(s->cert);
+ /* Free up if allocated */
+
+#ifndef OPENSSL_NO_TLSEXT
+ if (s->tlsext_hostname)
+ OPENSSL_free(s->tlsext_hostname);
+ if (s->initial_ctx)
+ SSL_CTX_free(s->initial_ctx);
+ if (s->tlsext_ocsp_exts)
+ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free);
+ if (s->tlsext_ocsp_ids)
+ sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
+ if (s->tlsext_ocsp_resp)
+ OPENSSL_free(s->tlsext_ocsp_resp);
+#endif
+ if (s->client_CA != NULL)
+ sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
+
+ if (s->method != NULL)
+ s->method->ssl_free(s);
+
+ if (s->ctx)
+ SSL_CTX_free(s->ctx);
+
+#ifndef OPENSSL_NO_KRB5
+ if (s->kssl_ctx != NULL)
+ kssl_ctx_free(s->kssl_ctx);
+#endif /* OPENSSL_NO_KRB5 */
+
+ OPENSSL_free(s);
+}
+
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
+{
+ /*
+ * If the output buffering BIO is still in place, remove it
+ */
+ if (s->bbio != NULL) {
+ if (s->wbio == s->bbio) {
+ s->wbio = s->wbio->next_bio;
+ s->bbio->next_bio = NULL;
+ }
+ }
+ if ((s->rbio != NULL) && (s->rbio != rbio))
+ BIO_free_all(s->rbio);
+ if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
+ BIO_free_all(s->wbio);
+ s->rbio = rbio;
+ s->wbio = wbio;
+}
+
+BIO *SSL_get_rbio(const SSL *s)
+{
+ return (s->rbio);
+}
+
+BIO *SSL_get_wbio(const SSL *s)
+{
+ return (s->wbio);
+}
+
+int SSL_get_fd(const SSL *s)
+{
+ return (SSL_get_rfd(s));
+}
+
+int SSL_get_rfd(const SSL *s)
+{
+ int ret = -1;
+ BIO *b, *r;
+
+ b = SSL_get_rbio(s);
+ r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
+ if (r != NULL)
+ BIO_get_fd(r, &ret);
+ return (ret);
+}
+
+int SSL_get_wfd(const SSL *s)
+{
+ int ret = -1;
+ BIO *b, *r;
+
+ b = SSL_get_wbio(s);
+ r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
+ if (r != NULL)
+ BIO_get_fd(r, &ret);
+ return (ret);
+}
+
+#ifndef OPENSSL_NO_SOCK
+int SSL_set_fd(SSL *s, int fd)
+{
+ int ret = 0;
+ BIO *bio = NULL;
+
+ bio = BIO_new(BIO_s_socket());
+
+ if (bio == NULL) {
+ SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+ goto err;
+ }
+ BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ SSL_set_bio(s, bio, bio);
+ ret = 1;
+ err:
+ return (ret);
+}
+
+int SSL_set_wfd(SSL *s, int fd)
+{
+ int ret = 0;
+ BIO *bio = NULL;
+
+ if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
+ || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
+ bio = BIO_new(BIO_s_socket());
+
+ if (bio == NULL) {
+ SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
+ goto err;
+ }
+ BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ SSL_set_bio(s, SSL_get_rbio(s), bio);
+ } else
+ SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
+ ret = 1;
+ err:
+ return (ret);
+}
+
+int SSL_set_rfd(SSL *s, int fd)
+{
+ int ret = 0;
+ BIO *bio = NULL;
+
+ if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
+ || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
+ bio = BIO_new(BIO_s_socket());
+
+ if (bio == NULL) {
+ SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
+ goto err;
+ }
+ BIO_set_fd(bio, fd, BIO_NOCLOSE);
+ SSL_set_bio(s, bio, SSL_get_wbio(s));
+ } else
+ SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
+ ret = 1;
+ err:
+ return (ret);
+}
+#endif
+
+/* return length of latest Finished message we sent, copy to 'buf' */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
+{
+ size_t ret = 0;
+
+ if (s->s3 != NULL) {
+ ret = s->s3->tmp.finish_md_len;
+ if (count > ret)
+ count = ret;
+ memcpy(buf, s->s3->tmp.finish_md, count);
+ }
+ return ret;
+}
+
+/* return length of latest Finished message we expected, copy to 'buf' */
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
+{
+ size_t ret = 0;
+
+ if (s->s3 != NULL) {
+ ret = s->s3->tmp.peer_finish_md_len;
+ if (count > ret)
+ count = ret;
+ memcpy(buf, s->s3->tmp.peer_finish_md, count);
+ }
+ return ret;
+}
+
+int SSL_get_verify_mode(const SSL *s)
+{
+ return (s->verify_mode);
+}
+
+int SSL_get_verify_depth(const SSL *s)
+{
+ return X509_VERIFY_PARAM_get_depth(s->param);
+}
+
+int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
+ return (s->verify_callback);
+}
+
+int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
+{
+ return (ctx->verify_mode);
+}
+
+int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
+{
+ return X509_VERIFY_PARAM_get_depth(ctx->param);
+}
+
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
+ return (ctx->default_verify_callback);
+}
+
+void SSL_set_verify(SSL *s, int mode,
+ int (*callback) (int ok, X509_STORE_CTX *ctx))
+{
+ s->verify_mode = mode;
+ if (callback != NULL)
+ s->verify_callback = callback;
+}
+
+void SSL_set_verify_depth(SSL *s, int depth)
+{
+ X509_VERIFY_PARAM_set_depth(s->param, depth);
+}
+
+void SSL_set_read_ahead(SSL *s, int yes)
+{
+ s->read_ahead = yes;
+}
+
+int SSL_get_read_ahead(const SSL *s)
+{
+ return (s->read_ahead);
+}
+
+int SSL_pending(const SSL *s)
+{
+ /*
+ * SSL_pending cannot work properly if read-ahead is enabled
+ * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
+ * impossible to fix since SSL_pending cannot report errors that may be
+ * observed while scanning the new data. (Note that SSL_pending() is
+ * often used as a boolean value, so we'd better not return -1.)
+ */
+ return (s->method->ssl_pending(s));
+}
+
+X509 *SSL_get_peer_certificate(const SSL *s)
+{
+ X509 *r;
+
+ if ((s == NULL) || (s->session == NULL))
+ r = NULL;
+ else
+ r = s->session->peer;
+
+ if (r == NULL)
+ return (r);
+
+ CRYPTO_add(&r->references, 1, CRYPTO_LOCK_X509);
+
+ return (r);
+}
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
+{
+ STACK_OF(X509) *r;
+
+ if ((s == NULL) || (s->session == NULL)
+ || (s->session->sess_cert == NULL))
+ r = NULL;
+ else
+ r = s->session->sess_cert->cert_chain;
+
+ /*
+ * If we are a client, cert_chain includes the peer's own certificate; if
+ * we are a server, it does not.
+ */
+
+ return (r);
+}
+
+/*
+ * Now in theory, since the calling process own 't' it should be safe to
+ * modify. We need to be able to read f without being hassled
+ */
+void SSL_copy_session_id(SSL *t, const SSL *f)
+{
+ CERT *tmp;
+
+ /* Do we need to to SSL locking? */
+ SSL_set_session(t, SSL_get_session(f));
+
+ /*
+ * what if we are setup as SSLv2 but want to talk SSLv3 or vice-versa
+ */
+ if (t->method != f->method) {
+ t->method->ssl_free(t); /* cleanup current */
+ t->method = f->method; /* change method */
+ t->method->ssl_new(t); /* setup new */
+ }
+
+ tmp = t->cert;
+ if (f->cert != NULL) {
+ CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
+ t->cert = f->cert;
+ } else
+ t->cert = NULL;
+ if (tmp != NULL)
+ ssl_cert_free(tmp);
+ SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length);
+}
+
+/* Fix this so it checks all the valid key/cert options */
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+ if ((ctx == NULL) ||
+ (ctx->cert == NULL) || (ctx->cert->key->x509 == NULL)) {
+ SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
+ SSL_R_NO_CERTIFICATE_ASSIGNED);
+ return (0);
+ }
+ if (ctx->cert->key->privatekey == NULL) {
+ SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
+ SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+ return (0);
+ }
+ return (X509_check_private_key
+ (ctx->cert->key->x509, ctx->cert->key->privatekey));
+}
+
+/* Fix this function so that it takes an optional type parameter */
+int SSL_check_private_key(const SSL *ssl)
+{
+ if (ssl == NULL) {
+ SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (ssl->cert == NULL) {
+ SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+ return 0;
+ }
+ if (ssl->cert->key->x509 == NULL) {
+ SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+ return (0);
+ }
+ if (ssl->cert->key->privatekey == NULL) {
+ SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+ return (0);
+ }
+ return (X509_check_private_key(ssl->cert->key->x509,
+ ssl->cert->key->privatekey));
+}
+
+int SSL_accept(SSL *s)
+{
+ if (s->handshake_func == 0)
+ /* Not properly initialized yet */
+ SSL_set_accept_state(s);
+
+ return (s->method->ssl_accept(s));
+}
+
+int SSL_connect(SSL *s)
+{
+ if (s->handshake_func == 0)
+ /* Not properly initialized yet */
+ SSL_set_connect_state(s);
+
+ return (s->method->ssl_connect(s));
+}
+
+long SSL_get_default_timeout(const SSL *s)
+{
+ return (s->method->get_timeout());
+}
+
+int SSL_read(SSL *s, void *buf, int num)
+{
+ if (s->handshake_func == 0) {
+ SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+ return -1;
+ }
+
+ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+ s->rwstate = SSL_NOTHING;
+ return (0);
+ }
+ return (s->method->ssl_read(s, buf, num));
+}
+
+int SSL_peek(SSL *s, void *buf, int num)
+{
+ if (s->handshake_func == 0) {
+ SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
+ return -1;
+ }
+
+ if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+ return (0);
+ }
+ return (s->method->ssl_peek(s, buf, num));
+}
+
+int SSL_write(SSL *s, const void *buf, int num)
+{
+ if (s->handshake_func == 0) {
+ SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
+ return -1;
+ }
+
+ if (s->shutdown & SSL_SENT_SHUTDOWN) {
+ s->rwstate = SSL_NOTHING;
+ SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN);
+ return (-1);
+ }
+ return (s->method->ssl_write(s, buf, num));
+}
+
+int SSL_shutdown(SSL *s)
+{
+ /*
+ * Note that this function behaves differently from what one might
+ * expect. Return values are 0 for no success (yet), 1 for success; but
+ * calling it once is usually not enough, even if blocking I/O is used
+ * (see ssl3_shutdown).
+ */
+
+ if (s->handshake_func == 0) {
+ SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
+ return -1;
+ }
+
+ if ((s != NULL) && !SSL_in_init(s))
+ return (s->method->ssl_shutdown(s));
+ else
+ return (1);
+}
+
+int SSL_renegotiate(SSL *s)
+{
+ if (s->new_session == 0) {
+ s->new_session = 1;
+ }
+ return (s->method->ssl_renegotiate(s));
+}
+
+int SSL_renegotiate_pending(SSL *s)
+{
+ /*
+ * becomes true when negotiation is requested; false again once a
+ * handshake has finished
+ */
+ return (s->new_session != 0);
+}
+
+long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+ long l;
+
+ switch (cmd) {
+ case SSL_CTRL_GET_READ_AHEAD:
+ return (s->read_ahead);
+ case SSL_CTRL_SET_READ_AHEAD:
+ l = s->read_ahead;
+ s->read_ahead = larg;
+ return (l);
+
+ case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+ s->msg_callback_arg = parg;
+ return 1;
+
+ case SSL_CTRL_OPTIONS:
+ return (s->options |= larg);
+ case SSL_CTRL_CLEAR_OPTIONS:
+ return (s->options &= ~larg);
+ case SSL_CTRL_MODE:
+ return (s->mode |= larg);
+ case SSL_CTRL_CLEAR_MODE:
+ return (s->mode &= ~larg);
+ case SSL_CTRL_GET_MAX_CERT_LIST:
+ return (s->max_cert_list);
+ case SSL_CTRL_SET_MAX_CERT_LIST:
+ l = s->max_cert_list;
+ s->max_cert_list = larg;
+ return (l);
+ case SSL_CTRL_SET_MTU:
+#ifndef OPENSSL_NO_DTLS1
+ if (larg < (long)dtls1_min_mtu())
+ return 0;
+#endif
+
+ if (SSL_version(s) == DTLS1_VERSION ||
+ SSL_version(s) == DTLS1_BAD_VER) {
+ s->d1->mtu = larg;
+ return larg;
+ }
+ return 0;
+ case SSL_CTRL_GET_RI_SUPPORT:
+ if (s->s3)
+ return s->s3->send_connection_binding;
+ else
+ return 0;
+ default:
+ return (s->method->ssl_ctrl(s, cmd, larg, parg));
+ }
+}
+
+long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+ switch (cmd) {
+ case SSL_CTRL_SET_MSG_CALLBACK:
+ s->msg_callback = (void (*)
+ (int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl,
+ void *arg))(fp);
+ return 1;
+
+ default:
+ return (s->method->ssl_callback_ctrl(s, cmd, fp));
+ }
+}
+
+struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
+{
+ return ctx->sessions;
+}
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+ long l;
+
+ switch (cmd) {
+ case SSL_CTRL_GET_READ_AHEAD:
+ return (ctx->read_ahead);
+ case SSL_CTRL_SET_READ_AHEAD:
+ l = ctx->read_ahead;
+ ctx->read_ahead = larg;
+ return (l);
+
+ case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+ ctx->msg_callback_arg = parg;
+ return 1;
+
+ case SSL_CTRL_GET_MAX_CERT_LIST:
+ return (ctx->max_cert_list);
+ case SSL_CTRL_SET_MAX_CERT_LIST:
+ l = ctx->max_cert_list;
+ ctx->max_cert_list = larg;
+ return (l);
+
+ case SSL_CTRL_SET_SESS_CACHE_SIZE:
+ l = ctx->session_cache_size;
+ ctx->session_cache_size = larg;
+ return (l);
+ case SSL_CTRL_GET_SESS_CACHE_SIZE:
+ return (ctx->session_cache_size);
+ case SSL_CTRL_SET_SESS_CACHE_MODE:
+ l = ctx->session_cache_mode;
+ ctx->session_cache_mode = larg;
+ return (l);
+ case SSL_CTRL_GET_SESS_CACHE_MODE:
+ return (ctx->session_cache_mode);
+
+ case SSL_CTRL_SESS_NUMBER:
+ return (ctx->sessions->num_items);
+ case SSL_CTRL_SESS_CONNECT:
+ return (ctx->stats.sess_connect);
+ case SSL_CTRL_SESS_CONNECT_GOOD:
+ return (ctx->stats.sess_connect_good);
+ case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
+ return (ctx->stats.sess_connect_renegotiate);
+ case SSL_CTRL_SESS_ACCEPT:
+ return (ctx->stats.sess_accept);
+ case SSL_CTRL_SESS_ACCEPT_GOOD:
+ return (ctx->stats.sess_accept_good);
+ case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
+ return (ctx->stats.sess_accept_renegotiate);
+ case SSL_CTRL_SESS_HIT:
+ return (ctx->stats.sess_hit);
+ case SSL_CTRL_SESS_CB_HIT:
+ return (ctx->stats.sess_cb_hit);
+ case SSL_CTRL_SESS_MISSES:
+ return (ctx->stats.sess_miss);
+ case SSL_CTRL_SESS_TIMEOUTS:
+ return (ctx->stats.sess_timeout);
+ case SSL_CTRL_SESS_CACHE_FULL:
+ return (ctx->stats.sess_cache_full);
+ case SSL_CTRL_OPTIONS:
+ return (ctx->options |= larg);
+ case SSL_CTRL_CLEAR_OPTIONS:
+ return (ctx->options &= ~larg);
+ case SSL_CTRL_MODE:
+ return (ctx->mode |= larg);
+ case SSL_CTRL_CLEAR_MODE:
+ return (ctx->mode &= ~larg);
+ default:
+ return (ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg));
+ }
+}
+
+long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+ switch (cmd) {
+ case SSL_CTRL_SET_MSG_CALLBACK:
+ ctx->msg_callback = (void (*)
+ (int write_p, int version, int content_type,
+ const void *buf, size_t len, SSL *ssl,
+ void *arg))(fp);
+ return 1;
+
+ default:
+ return (ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp));
+ }
+}
+
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
+{
+ long l;
+
+ l = a->id - b->id;
+ if (l == 0L)
+ return (0);
+ else
+ return ((l > 0) ? 1 : -1);
+}
+
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+ const SSL_CIPHER *const *bp)
+{
+ long l;
+
+ l = (*ap)->id - (*bp)->id;
+ if (l == 0L)
+ return (0);
+ else
+ return ((l > 0) ? 1 : -1);
+}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
+{
+ if (s != NULL) {
+ if (s->cipher_list != NULL) {
+ return (s->cipher_list);
+ } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
+ return (s->ctx->cipher_list);
+ }
+ }
+ return (NULL);
+}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * algorithm id */
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
+{
+ if (s != NULL) {
+ if (s->cipher_list_by_id != NULL) {
+ return (s->cipher_list_by_id);
+ } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
+ return (s->ctx->cipher_list_by_id);
+ }
+ }
+ return (NULL);
+}
+
+/** The old interface to get the same thing as SSL_get_ciphers() */
+const char *SSL_get_cipher_list(const SSL *s, int n)
+{
+ SSL_CIPHER *c;
+ STACK_OF(SSL_CIPHER) *sk;
+
+ if (s == NULL)
+ return (NULL);
+ sk = SSL_get_ciphers(s);
+ if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
+ return (NULL);
+ c = sk_SSL_CIPHER_value(sk, n);
+ if (c == NULL)
+ return (NULL);
+ return (c->name);
+}
+
+/** specify the ciphers to be used by default by the SSL_CTX */
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
+{
+ STACK_OF(SSL_CIPHER) *sk;
+
+ sk = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
+ &ctx->cipher_list_by_id, str);
+ /*
+ * ssl_create_cipher_list may return an empty stack if it was unable to
+ * find a cipher matching the given rule string (for example if the rule
+ * string specifies a cipher which has been disabled). This is not an
+ * error as far as ssl_create_cipher_list is concerned, and hence
+ * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
+ */
+ if (sk == NULL)
+ return 0;
+ else if (sk_SSL_CIPHER_num(sk) == 0) {
+ SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+ return 0;
+ }
+ return 1;
+}
+
+/** specify the ciphers to be used by the SSL */
+int SSL_set_cipher_list(SSL *s, const char *str)
+{
+ STACK_OF(SSL_CIPHER) *sk;
+
+ sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
+ &s->cipher_list_by_id, str);
+ /* see comment in SSL_CTX_set_cipher_list */
+ if (sk == NULL)
+ return 0;
+ else if (sk_SSL_CIPHER_num(sk) == 0) {
+ SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+ return 0;
+ }
+ return 1;
+}
+
+/* works well for SSLv2, not so good for SSLv3 */
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
+{
+ char *p;
+ STACK_OF(SSL_CIPHER) *sk;
+ SSL_CIPHER *c;
+ int i;
+
+ if ((s->session == NULL) || (s->session->ciphers == NULL) || (len < 2))
+ return (NULL);
+
+ p = buf;
+ sk = s->session->ciphers;
+
+ if (sk_SSL_CIPHER_num(sk) == 0)
+ return NULL;
+
+ for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+ int n;
+
+ c = sk_SSL_CIPHER_value(sk, i);
+ n = strlen(c->name);
+ if (n + 1 > len) {
+ if (p != buf)
+ --p;
+ *p = '\0';
+ return buf;
+ }
+ strcpy(p, c->name);
+ p += n;
+ *(p++) = ':';
+ len -= n + 1;
+ }
+ p[-1] = '\0';
+ return (buf);
+}
+
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
+ unsigned char *p,
+ int (*put_cb) (const SSL_CIPHER *,
+ unsigned char *))
+{
+ int i, j = 0;
+ SSL_CIPHER *c;
+ unsigned char *q;
+#ifndef OPENSSL_NO_KRB5
+ int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
+#endif /* OPENSSL_NO_KRB5 */
+
+ if (sk == NULL)
+ return (0);
+ q = p;
+ if (put_cb == NULL)
+ put_cb = s->method->put_cipher_by_char;
+
+ for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+ c = sk_SSL_CIPHER_value(sk, i);
+#ifndef OPENSSL_NO_KRB5
+ if ((c->algorithms & SSL_KRB5) && nokrb5)
+ continue;
+#endif /* OPENSSL_NO_KRB5 */
+
+ j = put_cb(c, p);
+ p += j;
+ }
+ /*
+ * If p == q, no ciphers; caller indicates an error. Otherwise, add
+ * applicable SCSVs.
+ */
+ if (p != q) {
+ if (!s->new_session) {
+ static SSL_CIPHER scsv = {
+ 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0,
+ };
+ j = put_cb(&scsv, p);
+ p += j;
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr,
+ "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n");
+#endif
+ }
+
+ if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
+ static SSL_CIPHER scsv = {
+ 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0,
+ };
+ j = put_cb(&scsv, p);
+ p += j;
+ }
+ }
+
+ return (p - q);
+}
+
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
+ int num,
+ STACK_OF(SSL_CIPHER) **skp)
+{
+ SSL_CIPHER *c;
+ STACK_OF(SSL_CIPHER) *sk;
+ int i, n;
+
+ if (s->s3)
+ s->s3->send_connection_binding = 0;
+
+ n = ssl_put_cipher_by_char(s, NULL, NULL);
+ if (n == 0 || (num % n) != 0) {
+ SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+ SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+ return (NULL);
+ }
+ if ((skp == NULL) || (*skp == NULL))
+ sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */
+ else {
+ sk = *skp;
+ sk_SSL_CIPHER_zero(sk);
+ }
+
+ for (i = 0; i < num; i += n) {
+ /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */
+ if (s->s3 && (n != 3 || !p[0]) &&
+ (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) &&
+ (p[n - 1] == (SSL3_CK_SCSV & 0xff))) {
+ /* SCSV fatal if renegotiating */
+ if (s->new_session) {
+ SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+ SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
+ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
+ goto err;
+ }
+ s->s3->send_connection_binding = 1;
+ p += n;
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "SCSV received by server\n");
+#endif
+ continue;
+ }
+
+ /* Check for TLS_FALLBACK_SCSV */
+ if ((n != 3 || !p[0]) &&
+ (p[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) &&
+ (p[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) {
+ /*
+ * The SCSV indicates that the client previously tried a higher
+ * version. Fail if the current version is an unexpected
+ * downgrade.
+ */
+ if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) {
+ SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,
+ SSL_R_INAPPROPRIATE_FALLBACK);
+ if (s->s3)
+ ssl3_send_alert(s, SSL3_AL_FATAL,
+ SSL_AD_INAPPROPRIATE_FALLBACK);
+ goto err;
+ }
+ p += n;
+ continue;
+ }
+
+ c = ssl_get_cipher_by_char(s, p);
+ p += n;
+ if (c != NULL) {
+ if (!sk_SSL_CIPHER_push(sk, c)) {
+ SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ }
+ }
+
+ if (skp != NULL)
+ *skp = sk;
+ return (sk);
+ err:
+ if ((skp == NULL) || (*skp == NULL))
+ sk_SSL_CIPHER_free(sk);
+ return (NULL);
+}
+
+#ifndef OPENSSL_NO_TLSEXT
+/** return a servername extension value if provided in Client Hello, or NULL.
+ * So far, only host_name types are defined (RFC 3546).
+ */
+
+const char *SSL_get_servername(const SSL *s, const int type)
+{
+ if (type != TLSEXT_NAMETYPE_host_name)
+ return NULL;
+
+ return s->session && !s->tlsext_hostname ?
+ s->session->tlsext_hostname : s->tlsext_hostname;
+}
+
+int SSL_get_servername_type(const SSL *s)
+{
+ if (s->session
+ && (!s->tlsext_hostname ? s->session->
+ tlsext_hostname : s->tlsext_hostname))
+ return TLSEXT_NAMETYPE_host_name;
+ return -1;
+}
+#endif
+
+unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
+{
+ unsigned long l;
+
+ l = (unsigned long)
+ ((unsigned int)a->session_id[0]) |
+ ((unsigned int)a->session_id[1] << 8L) |
+ ((unsigned long)a->session_id[2] << 16L) |
+ ((unsigned long)a->session_id[3] << 24L);
+ return (l);
+}
+
+/*
+ * NB: If this function (or indeed the hash function which uses a sort of
+ * coarser function than this one) is changed, ensure
+ * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
+ * being able to construct an SSL_SESSION that will collide with any existing
+ * session with a matching session ID.
+ */
+int SSL_SESSION_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
+{
+ if (a->ssl_version != b->ssl_version)
+ return (1);
+ if (a->session_id_length != b->session_id_length)
+ return (1);
+ return (memcmp(a->session_id, b->session_id, a->session_id_length));
+}
+
+/*
+ * These wrapper functions should remain rather than redeclaring
+ * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
+ * variable. The reason is that the functions aren't static, they're exposed
+ * via ssl.h.
+ */
+static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *)
+static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *)
+
+SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
+{
+ SSL_CTX *ret = NULL;
+
+ if (meth == NULL) {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
+ return (NULL);
+ }
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && (meth->version < TLS1_VERSION)) {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+ return NULL;
+ }
+#endif
+
+ if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
+ goto err;
+ }
+ ret = (SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
+ if (ret == NULL)
+ goto err;
+
+ memset(ret, 0, sizeof(SSL_CTX));
+
+ ret->method = meth;
+
+ ret->cert_store = NULL;
+ ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
+ ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
+ ret->session_cache_head = NULL;
+ ret->session_cache_tail = NULL;
+
+ /* We take the system default */
+ ret->session_timeout = meth->get_timeout();
+
+ ret->new_session_cb = 0;
+ ret->remove_session_cb = 0;
+ ret->get_session_cb = 0;
+ ret->generate_session_id = 0;
+
+ memset((char *)&ret->stats, 0, sizeof(ret->stats));
+
+ ret->references = 1;
+ ret->quiet_shutdown = 0;
+
+/* ret->cipher=NULL;*/
+/*-
+ ret->s2->challenge=NULL;
+ ret->master_key=NULL;
+ ret->key_arg=NULL;
+ ret->s2->conn_id=NULL; */
+
+ ret->info_callback = NULL;
+
+ ret->app_verify_callback = 0;
+ ret->app_verify_arg = NULL;
+
+ ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
+ ret->read_ahead = 0;
+ ret->msg_callback = 0;
+ ret->msg_callback_arg = NULL;
+ ret->verify_mode = SSL_VERIFY_NONE;
+#if 0
+ ret->verify_depth = -1; /* Don't impose a limit (but x509_lu.c does) */
+#endif
+ ret->sid_ctx_length = 0;
+ ret->default_verify_callback = NULL;
+ if ((ret->cert = ssl_cert_new()) == NULL)
+ goto err;
+
+ ret->default_passwd_callback = 0;
+ ret->default_passwd_callback_userdata = NULL;
+ ret->client_cert_cb = 0;
+ ret->app_gen_cookie_cb = 0;
+ ret->app_verify_cookie_cb = 0;
+
+ ret->sessions = lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
+ LHASH_COMP_FN(SSL_SESSION_cmp));
+ if (ret->sessions == NULL)
+ goto err;
+ ret->cert_store = X509_STORE_new();
+ if (ret->cert_store == NULL)
+ goto err;
+
+ ssl_create_cipher_list(ret->method,
+ &ret->cipher_list, &ret->cipher_list_by_id,
+ meth->version == SSL2_VERSION ? "SSLv2" :
+ SSL_DEFAULT_CIPHER_LIST);
+ if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
+ goto err2;
+ }
+
+ ret->param = X509_VERIFY_PARAM_new();
+ if (!ret->param)
+ goto err;
+
+ if ((ret->rsa_md5 = EVP_get_digestbyname("ssl2-md5")) == NULL) {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
+ goto err2;
+ }
+ if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+ goto err2;
+ }
+ if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
+ SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+ goto err2;
+ }
+
+ if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
+ goto err;
+
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
+
+ ret->extra_certs = NULL;
+ /* No compression for DTLS */
+ if (meth->version != DTLS1_VERSION)
+ ret->comp_methods = SSL_COMP_get_compression_methods();
+
+#ifndef OPENSSL_NO_TLSEXT
+ ret->tlsext_servername_callback = 0;
+ ret->tlsext_servername_arg = NULL;
+ /* Setup RFC4507 ticket keys */
+ if ((RAND_pseudo_bytes(ret->tlsext_tick_key_name, 16) <= 0)
+ || (RAND_bytes(ret->tlsext_tick_hmac_key, 16) <= 0)
+ || (RAND_bytes(ret->tlsext_tick_aes_key, 16) <= 0))
+ ret->options |= SSL_OP_NO_TICKET;
+
+ ret->tlsext_status_cb = 0;
+ ret->tlsext_status_arg = NULL;
+
+#endif
+
+#ifndef OPENSSL_NO_ENGINE
+ ret->client_cert_engine = NULL;
+# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
+# define eng_strx(x) #x
+# define eng_str(x) eng_strx(x)
+ /* Use specific client engine automatically... ignore errors */
+ {
+ ENGINE *eng;
+ eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+ if (!eng) {
+ ERR_clear_error();
+ ENGINE_load_builtin_engines();
+ eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+ }
+ if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
+ ERR_clear_error();
+ }
+# endif
+#endif
+ /*
+ * Default is to connect to non-RI servers. When RI is more widely
+ * deployed might change this.
+ */
+ ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+
+ return (ret);
+ err:
+ SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ err2:
+ if (ret != NULL)
+ SSL_CTX_free(ret);
+ return (NULL);
+}
+
+#if 0
+static void SSL_COMP_free(SSL_COMP *comp)
+{
+ OPENSSL_free(comp);
+}
+#endif
+
+void SSL_CTX_free(SSL_CTX *a)
+{
+ int i;
+
+ if (a == NULL)
+ return;
+
+ i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_SSL_CTX);
+#ifdef REF_PRINT
+ REF_PRINT("SSL_CTX", a);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "SSL_CTX_free, bad reference count\n");
+ abort(); /* ok */
+ }
+#endif
+
+ if (a->param)
+ X509_VERIFY_PARAM_free(a->param);
+
+ /*
+ * Free internal session cache. However: the remove_cb() may reference
+ * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+ * after the sessions were flushed.
+ * As the ex_data handling routines might also touch the session cache,
+ * the most secure solution seems to be: empty (flush) the cache, then
+ * free ex_data, then finally free the cache.
+ * (See ticket [openssl.org #212].)
+ */
+ if (a->sessions != NULL)
+ SSL_CTX_flush_sessions(a, 0);
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+
+ if (a->sessions != NULL)
+ lh_free(a->sessions);
+
+ if (a->cert_store != NULL)
+ X509_STORE_free(a->cert_store);
+ if (a->cipher_list != NULL)
+ sk_SSL_CIPHER_free(a->cipher_list);
+ if (a->cipher_list_by_id != NULL)
+ sk_SSL_CIPHER_free(a->cipher_list_by_id);
+ if (a->cert != NULL)
+ ssl_cert_free(a->cert);
+ if (a->client_CA != NULL)
+ sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free);
+ if (a->extra_certs != NULL)
+ sk_X509_pop_free(a->extra_certs, X509_free);
+#if 0 /* This should never be done, since it
+ * removes a global database */
+ if (a->comp_methods != NULL)
+ sk_SSL_COMP_pop_free(a->comp_methods, SSL_COMP_free);
+#else
+ a->comp_methods = NULL;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ if (a->client_cert_engine)
+ ENGINE_finish(a->client_cert_engine);
+#endif
+ OPENSSL_free(a);
+}
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
+{
+ ctx->default_passwd_callback = cb;
+}
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
+{
+ ctx->default_passwd_callback_userdata = u;
+}
+
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+ int (*cb) (X509_STORE_CTX *, void *),
+ void *arg)
+{
+ ctx->app_verify_callback = cb;
+ ctx->app_verify_arg = arg;
+}
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+ int (*cb) (int, X509_STORE_CTX *))
+{
+ ctx->verify_mode = mode;
+ ctx->default_verify_callback = cb;
+}
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
+{
+ X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+}
+
+void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
+{
+ CERT_PKEY *cpk;
+ int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign;
+ int rsa_enc_export, dh_rsa_export, dh_dsa_export;
+ int rsa_tmp_export, dh_tmp_export, kl;
+ unsigned long mask, emask;
+ int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+#ifndef OPENSSL_NO_ECDH
+ int have_ecdh_tmp;
+#endif
+ X509 *x = NULL;
+ EVP_PKEY *ecc_pkey = NULL;
+ int signature_nid = 0;
+
+ if (c == NULL)
+ return;
+
+ kl = SSL_C_EXPORT_PKEYLENGTH(cipher);
+
+#ifndef OPENSSL_NO_RSA
+ rsa_tmp = (c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
+ rsa_tmp_export = (c->rsa_tmp_cb != NULL ||
+ (rsa_tmp && RSA_size(c->rsa_tmp) * 8 <= kl));
+#else
+ rsa_tmp = rsa_tmp_export = 0;
+#endif
+#ifndef OPENSSL_NO_DH
+ dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
+ dh_tmp_export = (c->dh_tmp_cb != NULL ||
+ (dh_tmp && DH_size(c->dh_tmp) * 8 <= kl));
+#else
+ dh_tmp = dh_tmp_export = 0;
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+ have_ecdh_tmp = (c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
+#endif
+ cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]);
+ rsa_enc = (cpk->x509 != NULL && cpk->privatekey != NULL);
+ rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
+ cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]);
+ rsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
+ cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]);
+ dsa_sign = (cpk->x509 != NULL && cpk->privatekey != NULL);
+ cpk = &(c->pkeys[SSL_PKEY_DH_RSA]);
+ dh_rsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
+ dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
+ cpk = &(c->pkeys[SSL_PKEY_DH_DSA]);
+/* FIX THIS EAY EAY EAY */
+ dh_dsa = (cpk->x509 != NULL && cpk->privatekey != NULL);
+ dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl);
+ cpk = &(c->pkeys[SSL_PKEY_ECC]);
+ have_ecc_cert = (cpk->x509 != NULL && cpk->privatekey != NULL);
+ mask = 0;
+ emask = 0;
+
+#ifdef CIPHER_DEBUG
+ printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+ rsa_tmp, rsa_tmp_export, dh_tmp,
+ rsa_enc, rsa_enc_export, rsa_sign, dsa_sign, dh_rsa, dh_dsa);
+#endif
+
+ if (rsa_enc || (rsa_tmp && rsa_sign))
+ mask |= SSL_kRSA;
+ if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
+ emask |= SSL_kRSA;
+
+#if 0
+ /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
+ if ((dh_tmp || dh_rsa || dh_dsa) && (rsa_enc || rsa_sign || dsa_sign))
+ mask |= SSL_kEDH;
+ if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
+ (rsa_enc || rsa_sign || dsa_sign))
+ emask |= SSL_kEDH;
+#endif
+
+ if (dh_tmp_export)
+ emask |= SSL_kEDH;
+
+ if (dh_tmp)
+ mask |= SSL_kEDH;
+
+ if (dh_rsa)
+ mask |= SSL_kDHr;
+ if (dh_rsa_export)
+ emask |= SSL_kDHr;
+
+ if (dh_dsa)
+ mask |= SSL_kDHd;
+ if (dh_dsa_export)
+ emask |= SSL_kDHd;
+
+ if (rsa_enc || rsa_sign) {
+ mask |= SSL_aRSA;
+ emask |= SSL_aRSA;
+ }
+
+ if (dsa_sign) {
+ mask |= SSL_aDSS;
+ emask |= SSL_aDSS;
+ }
+
+ mask |= SSL_aNULL;
+ emask |= SSL_aNULL;
+
+#ifndef OPENSSL_NO_KRB5
+ mask |= SSL_kKRB5 | SSL_aKRB5;
+ emask |= SSL_kKRB5 | SSL_aKRB5;
+#endif
+
+ /*
+ * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
+ * depending on the key usage extension.
+ */
+ if (have_ecc_cert) {
+ /* This call populates extension flags (ex_flags) */
+ x = (c->pkeys[SSL_PKEY_ECC]).x509;
+ X509_check_purpose(x, -1, 0);
+ ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
+ (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
+ ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
+ (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
+ ecc_pkey = X509_get_pubkey(x);
+ ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0;
+ EVP_PKEY_free(ecc_pkey);
+ if ((x->sig_alg) && (x->sig_alg->algorithm))
+ signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+#ifndef OPENSSL_NO_ECDH
+ if (ecdh_ok) {
+ if ((signature_nid == NID_md5WithRSAEncryption) ||
+ (signature_nid == NID_md4WithRSAEncryption) ||
+ (signature_nid == NID_md2WithRSAEncryption)) {
+ mask |= SSL_kECDH | SSL_aRSA;
+ if (ecc_pkey_size <= 163)
+ emask |= SSL_kECDH | SSL_aRSA;
+ }
+ if (signature_nid == NID_ecdsa_with_SHA1) {
+ mask |= SSL_kECDH | SSL_aECDSA;
+ if (ecc_pkey_size <= 163)
+ emask |= SSL_kECDH | SSL_aECDSA;
+ }
+ }
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ if (ecdsa_ok) {
+ mask |= SSL_aECDSA;
+ emask |= SSL_aECDSA;
+ }
+#endif
+ }
+#ifndef OPENSSL_NO_ECDH
+ if (have_ecdh_tmp) {
+ mask |= SSL_kECDHE;
+ emask |= SSL_kECDHE;
+ }
+#endif
+ c->mask = mask;
+ c->export_mask = emask;
+ c->valid = 1;
+}
+
+/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
+#define ku_reject(x, usage) \
+ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+
+int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
+{
+ unsigned long alg = cs->algorithms;
+ EVP_PKEY *pkey = NULL;
+ int keysize = 0;
+ int signature_nid = 0;
+
+ if (SSL_C_IS_EXPORT(cs)) {
+ /* ECDH key length in export ciphers must be <= 163 bits */
+ pkey = X509_get_pubkey(x);
+ if (pkey == NULL)
+ return 0;
+ keysize = EVP_PKEY_bits(pkey);
+ EVP_PKEY_free(pkey);
+ if (keysize > 163)
+ return 0;
+ }
+
+ /* This call populates the ex_flags field correctly */
+ X509_check_purpose(x, -1, 0);
+ if ((x->sig_alg) && (x->sig_alg->algorithm))
+ signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+ if (alg & SSL_kECDH) {
+ /* key usage, if present, must allow key agreement */
+ if (ku_reject(x, X509v3_KU_KEY_AGREEMENT)) {
+ return 0;
+ }
+ if (alg & SSL_aECDSA) {
+ /* signature alg must be ECDSA */
+ if (signature_nid != NID_ecdsa_with_SHA1) {
+ return 0;
+ }
+ }
+ if (alg & SSL_aRSA) {
+ /* signature alg must be RSA */
+ if ((signature_nid != NID_md5WithRSAEncryption) &&
+ (signature_nid != NID_md4WithRSAEncryption) &&
+ (signature_nid != NID_md2WithRSAEncryption)) {
+ return 0;
+ }
+ }
+ } else if (alg & SSL_aECDSA) {
+ /* key usage, if present, must allow signing */
+ if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE)) {
+ return 0;
+ }
+ }
+
+ return 1; /* all checks are ok */
+}
+
+/* THIS NEEDS CLEANING UP */
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
+{
+ unsigned long alg, kalg;
+ CERT *c;
+ int i;
+
+ c = s->cert;
+ ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
+ alg = s->s3->tmp.new_cipher->algorithms;
+ kalg = alg & (SSL_MKEY_MASK | SSL_AUTH_MASK);
+
+ if (kalg & SSL_kECDH) {
+ /*
+ * we don't need to look at SSL_kECDHE since no certificate is
+ * needed for anon ECDH and for authenticated ECDHE, the check for
+ * the auth algorithm will set i correctly NOTE: For ECDH-RSA, we
+ * need an ECC not an RSA cert but for ECDHE-RSA we need an RSA cert.
+ * Placing the checks for SSL_kECDH before RSA checks ensures the
+ * correct cert is chosen.
+ */
+ i = SSL_PKEY_ECC;
+ } else if (kalg & SSL_aECDSA) {
+ i = SSL_PKEY_ECC;
+ } else if (kalg & SSL_kDHr)
+ i = SSL_PKEY_DH_RSA;
+ else if (kalg & SSL_kDHd)
+ i = SSL_PKEY_DH_DSA;
+ else if (kalg & SSL_aDSS)
+ i = SSL_PKEY_DSA_SIGN;
+ else if (kalg & SSL_aRSA) {
+ if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
+ i = SSL_PKEY_RSA_SIGN;
+ else
+ i = SSL_PKEY_RSA_ENC;
+ } else if (kalg & SSL_aKRB5) {
+ /* VRS something else here? */
+ return (NULL);
+ } else { /* if (kalg & SSL_aNULL) */
+
+ SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY, ERR_R_INTERNAL_ERROR);
+ return (NULL);
+ }
+
+ return c->pkeys + i;
+}
+
+X509 *ssl_get_server_send_cert(const SSL *s)
+{
+ CERT_PKEY *cpk;
+ cpk = ssl_get_server_send_pkey(s);
+ if (!cpk)
+ return NULL;
+ return cpk->x509;
+}
+
+EVP_PKEY *ssl_get_sign_pkey(SSL *s, SSL_CIPHER *cipher)
+{
+ unsigned long alg;
+ CERT *c;
+
+ alg = cipher->algorithms;
+ c = s->cert;
+
+ if ((alg & SSL_aDSS) && (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
+ return (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
+ else if (alg & SSL_aRSA) {
+ if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
+ return (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
+ else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
+ return (c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
+ else
+ return (NULL);
+ } else if ((alg & SSL_aECDSA) &&
+ (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
+ return (c->pkeys[SSL_PKEY_ECC].privatekey);
+ else { /* if (alg & SSL_aNULL) */
+
+ SSLerr(SSL_F_SSL_GET_SIGN_PKEY, ERR_R_INTERNAL_ERROR);
+ return (NULL);
+ }
+}
+
+void ssl_update_cache(SSL *s, int mode)
+{
+ int i;
+
+ /*
+ * If the session_id_length is 0, we are not supposed to cache it, and it
+ * would be rather hard to do anyway :-)
+ */
+ if (s->session->session_id_length == 0)
+ return;
+
+ i = s->ctx->session_cache_mode;
+ if ((i & mode) && (!s->hit)
+ && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+ || SSL_CTX_add_session(s->ctx, s->session))
+ && (s->ctx->new_session_cb != NULL)) {
+ CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
+ if (!s->ctx->new_session_cb(s, s->session))
+ SSL_SESSION_free(s->session);
+ }
+
+ /* auto flush every 255 connections */
+ if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
+ if ((((mode & SSL_SESS_CACHE_CLIENT)
+ ? s->ctx->stats.sess_connect_good
+ : s->ctx->stats.sess_accept_good) & 0xff) == 0xff) {
+ SSL_CTX_flush_sessions(s->ctx, (unsigned long)time(NULL));
+ }
+ }
+}
+
+SSL_METHOD *SSL_get_ssl_method(SSL *s)
+{
+ return (s->method);
+}
+
+int SSL_set_ssl_method(SSL *s, SSL_METHOD *meth)
+{
+ int conn = -1;
+ int ret = 1;
+
+ if (s->method != meth) {
+ if (s->handshake_func != NULL)
+ conn = (s->handshake_func == s->method->ssl_connect);
+
+ if (s->method->version == meth->version)
+ s->method = meth;
+ else {
+ s->method->ssl_free(s);
+ s->method = meth;
+ ret = s->method->ssl_new(s);
+ }
+
+ if (conn == 1)
+ s->handshake_func = meth->ssl_connect;
+ else if (conn == 0)
+ s->handshake_func = meth->ssl_accept;
+ }
+ return (ret);
+}
+
+int SSL_get_error(const SSL *s, int i)
+{
+ int reason;
+ unsigned long l;
+ BIO *bio;
+
+ if (i > 0)
+ return (SSL_ERROR_NONE);
+
+ /*
+ * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
+ * where we do encode the error
+ */
+ if ((l = ERR_peek_error()) != 0) {
+ if (ERR_GET_LIB(l) == ERR_LIB_SYS)
+ return (SSL_ERROR_SYSCALL);
+ else
+ return (SSL_ERROR_SSL);
+ }
+
+ if ((i < 0) && SSL_want_read(s)) {
+ bio = SSL_get_rbio(s);
+ if (BIO_should_read(bio))
+ return (SSL_ERROR_WANT_READ);
+ else if (BIO_should_write(bio))
+ /*
+ * This one doesn't make too much sense ... We never try to write
+ * to the rbio, and an application program where rbio and wbio
+ * are separate couldn't even know what it should wait for.
+ * However if we ever set s->rwstate incorrectly (so that we have
+ * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
+ * wbio *are* the same, this test works around that bug; so it
+ * might be safer to keep it.
+ */
+ return (SSL_ERROR_WANT_WRITE);
+ else if (BIO_should_io_special(bio)) {
+ reason = BIO_get_retry_reason(bio);
+ if (reason == BIO_RR_CONNECT)
+ return (SSL_ERROR_WANT_CONNECT);
+ else if (reason == BIO_RR_ACCEPT)
+ return (SSL_ERROR_WANT_ACCEPT);
+ else
+ return (SSL_ERROR_SYSCALL); /* unknown */
+ }
+ }
+
+ if ((i < 0) && SSL_want_write(s)) {
+ bio = SSL_get_wbio(s);
+ if (BIO_should_write(bio))
+ return (SSL_ERROR_WANT_WRITE);
+ else if (BIO_should_read(bio))
+ /*
+ * See above (SSL_want_read(s) with BIO_should_write(bio))
+ */
+ return (SSL_ERROR_WANT_READ);
+ else if (BIO_should_io_special(bio)) {
+ reason = BIO_get_retry_reason(bio);
+ if (reason == BIO_RR_CONNECT)
+ return (SSL_ERROR_WANT_CONNECT);
+ else if (reason == BIO_RR_ACCEPT)
+ return (SSL_ERROR_WANT_ACCEPT);
+ else
+ return (SSL_ERROR_SYSCALL);
+ }
+ }
+ if ((i < 0) && SSL_want_x509_lookup(s)) {
+ return (SSL_ERROR_WANT_X509_LOOKUP);
+ }
+
+ if (i == 0) {
+ if (s->version == SSL2_VERSION) {
+ /* assume it is the socket being closed */
+ return (SSL_ERROR_ZERO_RETURN);
+ } else {
+ if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+ (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+ return (SSL_ERROR_ZERO_RETURN);
+ }
+ }
+ return (SSL_ERROR_SYSCALL);
+}
+
+int SSL_do_handshake(SSL *s)
+{
+ int ret = 1;
+
+ if (s->handshake_func == NULL) {
+ SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
+ return (-1);
+ }
+
+ s->method->ssl_renegotiate_check(s);
+
+ if (SSL_in_init(s) || SSL_in_before(s)) {
+ ret = s->handshake_func(s);
+ }
+ return (ret);
+}
+
+/*
+ * For the next 2 functions, SSL_clear() sets shutdown and so one of these
+ * calls will reset it
+ */
+void SSL_set_accept_state(SSL *s)
+{
+ s->server = 1;
+ s->shutdown = 0;
+ s->state = SSL_ST_ACCEPT | SSL_ST_BEFORE;
+ s->handshake_func = s->method->ssl_accept;
+ /* clear the current cipher */
+ ssl_clear_cipher_ctx(s);
+}
+
+void SSL_set_connect_state(SSL *s)
+{
+ s->server = 0;
+ s->shutdown = 0;
+ s->state = SSL_ST_CONNECT | SSL_ST_BEFORE;
+ s->handshake_func = s->method->ssl_connect;
+ /* clear the current cipher */
+ ssl_clear_cipher_ctx(s);
+}
+
+int ssl_undefined_function(SSL *s)
+{
+ SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (0);
+}
+
+int ssl_undefined_void_function(void)
+{
+ SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (0);
+}
+
+int ssl_undefined_const_function(const SSL *s)
+{
+ SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,
+ ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (0);
+}
+
+SSL_METHOD *ssl_bad_method(int ver)
+{
+ SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+ return (NULL);
+}
+
+const char *SSL_get_version(const SSL *s)
+{
+ if (s->version == TLS1_VERSION)
+ return ("TLSv1");
+ else if (s->version == SSL3_VERSION)
+ return ("SSLv3");
+ else if (s->version == SSL2_VERSION)
+ return ("SSLv2");
+ else
+ return ("unknown");
+}
+
+SSL *SSL_dup(SSL *s)
+{
+ STACK_OF(X509_NAME) *sk;
+ X509_NAME *xn;
+ SSL *ret;
+ int i;
+
+ if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
+ return (NULL);
+
+ ret->version = s->version;
+ ret->type = s->type;
+ ret->method = s->method;
+
+ if (s->session != NULL) {
+ /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
+ SSL_copy_session_id(ret, s);
+ } else {
+ /*
+ * No session has been established yet, so we have to expect that
+ * s->cert or ret->cert will be changed later -- they should not both
+ * point to the same object, and thus we can't use
+ * SSL_copy_session_id.
+ */
+
+ ret->method->ssl_free(ret);
+ ret->method = s->method;
+ ret->method->ssl_new(ret);
+
+ if (s->cert != NULL) {
+ if (ret->cert != NULL) {
+ ssl_cert_free(ret->cert);
+ }
+ ret->cert = ssl_cert_dup(s->cert);
+ if (ret->cert == NULL)
+ goto err;
+ }
+
+ SSL_set_session_id_context(ret, s->sid_ctx, s->sid_ctx_length);
+ }
+
+ ret->options = s->options;
+ ret->mode = s->mode;
+ SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
+ SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
+ ret->msg_callback = s->msg_callback;
+ ret->msg_callback_arg = s->msg_callback_arg;
+ SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
+ SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
+ ret->generate_session_id = s->generate_session_id;
+
+ SSL_set_info_callback(ret, SSL_get_info_callback(s));
+
+ ret->debug = s->debug;
+
+ /* copy app data, a little dangerous perhaps */
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
+ goto err;
+
+ /* setup rbio, and wbio */
+ if (s->rbio != NULL) {
+ if (!BIO_dup_state(s->rbio, (char *)&ret->rbio))
+ goto err;
+ }
+ if (s->wbio != NULL) {
+ if (s->wbio != s->rbio) {
+ if (!BIO_dup_state(s->wbio, (char *)&ret->wbio))
+ goto err;
+ } else
+ ret->wbio = ret->rbio;
+ }
+ ret->rwstate = s->rwstate;
+ ret->in_handshake = s->in_handshake;
+ ret->handshake_func = s->handshake_func;
+ ret->server = s->server;
+ ret->new_session = s->new_session;
+ ret->quiet_shutdown = s->quiet_shutdown;
+ ret->shutdown = s->shutdown;
+ ret->state = s->state; /* SSL_dup does not really work at any state,
+ * though */
+ ret->rstate = s->rstate;
+ ret->init_num = 0; /* would have to copy ret->init_buf,
+ * ret->init_msg, ret->init_num,
+ * ret->init_off */
+ ret->hit = s->hit;
+
+ X509_VERIFY_PARAM_inherit(ret->param, s->param);
+
+ /* dup the cipher_list and cipher_list_by_id stacks */
+ if (s->cipher_list != NULL) {
+ if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
+ goto err;
+ }
+ if (s->cipher_list_by_id != NULL)
+ if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
+ == NULL)
+ goto err;
+
+ /* Dup the client_CA list */
+ if (s->client_CA != NULL) {
+ if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL)
+ goto err;
+ ret->client_CA = sk;
+ for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+ xn = sk_X509_NAME_value(sk, i);
+ if (sk_X509_NAME_set(sk, i, X509_NAME_dup(xn)) == NULL) {
+ X509_NAME_free(xn);
+ goto err;
+ }
+ }
+ }
+
+ if (0) {
+ err:
+ if (ret != NULL)
+ SSL_free(ret);
+ ret = NULL;
+ }
+ return (ret);
+}
+
+void ssl_clear_cipher_ctx(SSL *s)
+{
+ if (s->enc_read_ctx != NULL) {
+ EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
+ OPENSSL_free(s->enc_read_ctx);
+ s->enc_read_ctx = NULL;
+ }
+ if (s->enc_write_ctx != NULL) {
+ EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
+ OPENSSL_free(s->enc_write_ctx);
+ s->enc_write_ctx = NULL;
+ }
+#ifndef OPENSSL_NO_COMP
+ if (s->expand != NULL) {
+ COMP_CTX_free(s->expand);
+ s->expand = NULL;
+ }
+ if (s->compress != NULL) {
+ COMP_CTX_free(s->compress);
+ s->compress = NULL;
+ }
+#endif
+}
+
+/* Fix this function so that it takes an optional type parameter */
+X509 *SSL_get_certificate(const SSL *s)
+{
+ if (s->cert != NULL)
+ return (s->cert->key->x509);
+ else
+ return (NULL);
+}
+
+/* Fix this function so that it takes an optional type parameter */
+EVP_PKEY *SSL_get_privatekey(SSL *s)
+{
+ if (s->cert != NULL)
+ return (s->cert->key->privatekey);
+ else
+ return (NULL);
+}
+
+SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
+{
+ if ((s->session != NULL) && (s->session->cipher != NULL))
+ return (s->session->cipher);
+ return (NULL);
+}
+
+#ifdef OPENSSL_NO_COMP
+const void *SSL_get_current_compression(SSL *s)
+{
+ return NULL;
+}
+
+const void *SSL_get_current_expansion(SSL *s)
+{
+ return NULL;
+}
+#else
+
+const COMP_METHOD *SSL_get_current_compression(SSL *s)
+{
+ if (s->compress != NULL)
+ return (s->compress->meth);
+ return (NULL);
+}
+
+const COMP_METHOD *SSL_get_current_expansion(SSL *s)
+{
+ if (s->expand != NULL)
+ return (s->expand->meth);
+ return (NULL);
+}
+#endif
+
+int ssl_init_wbio_buffer(SSL *s, int push)
+{
+ BIO *bbio;
+
+ if (s->bbio == NULL) {
+ bbio = BIO_new(BIO_f_buffer());
+ if (bbio == NULL)
+ return (0);
+ s->bbio = bbio;
+ } else {
+ bbio = s->bbio;
+ if (s->bbio == s->wbio)
+ s->wbio = BIO_pop(s->wbio);
+ }
+ (void)BIO_reset(bbio);
+/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
+ if (!BIO_set_read_buffer_size(bbio, 1)) {
+ SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
+ return (0);
+ }
+ if (push) {
+ if (s->wbio != bbio)
+ s->wbio = BIO_push(bbio, s->wbio);
+ } else {
+ if (s->wbio == bbio)
+ s->wbio = BIO_pop(bbio);
+ }
+ return (1);
+}
+
+void ssl_free_wbio_buffer(SSL *s)
+{
+ if (s->bbio == NULL)
+ return;
+
+ if (s->bbio == s->wbio) {
+ /* remove buffering */
+ s->wbio = BIO_pop(s->wbio);
+#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids
+ * adding one more preprocessor symbol */
+ assert(s->wbio != NULL);
+#endif
+ }
+ BIO_free(s->bbio);
+ s->bbio = NULL;
+}
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
+{
+ ctx->quiet_shutdown = mode;
+}
+
+int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
+{
+ return (ctx->quiet_shutdown);
+}
+
+void SSL_set_quiet_shutdown(SSL *s, int mode)
+{
+ s->quiet_shutdown = mode;
+}
+
+int SSL_get_quiet_shutdown(const SSL *s)
+{
+ return (s->quiet_shutdown);
+}
+
+void SSL_set_shutdown(SSL *s, int mode)
+{
+ s->shutdown = mode;
+}
+
+int SSL_get_shutdown(const SSL *s)
+{
+ return (s->shutdown);
+}
+
+int SSL_version(const SSL *s)
+{
+ return (s->version);
+}
+
+SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
+{
+ return (ssl->ctx);
+}
+
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
+{
+ if (ssl->ctx == ctx)
+ return ssl->ctx;
+#ifndef OPENSSL_NO_TLSEXT
+ if (ctx == NULL)
+ ctx = ssl->initial_ctx;
+#endif
+ if (ssl->cert != NULL)
+ ssl_cert_free(ssl->cert);
+ ssl->cert = ssl_cert_dup(ctx->cert);
+ CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
+ if (ssl->ctx != NULL)
+ SSL_CTX_free(ssl->ctx); /* decrement reference count */
+ ssl->ctx = ctx;
+ return (ssl->ctx);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+{
+ return (X509_STORE_set_default_paths(ctx->cert_store));
+}
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+ const char *CApath)
+{
+ return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
+}
+#endif
+
+void SSL_set_info_callback(SSL *ssl,
+ void (*cb) (const SSL *ssl, int type, int val))
+{
+ ssl->info_callback = cb;
+}
+
+/*
+ * One compiler (Diab DCC) doesn't like argument names in returned function
+ * pointer.
+ */
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
+ int /* type */ ,
+ int /* val */ ) {
+ return ssl->info_callback;
+}
+
+int SSL_state(const SSL *ssl)
+{
+ return (ssl->state);
+}
+
+void SSL_set_verify_result(SSL *ssl, long arg)
+{
+ ssl->verify_result = arg;
+}
+
+long SSL_get_verify_result(const SSL *ssl)
+{
+ return (ssl->verify_result);
+}
+
+int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int SSL_set_ex_data(SSL *s, int idx, void *arg)
+{
+ return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+}
+
+void *SSL_get_ex_data(const SSL *s, int idx)
+{
+ return (CRYPTO_get_ex_data(&s->ex_data, idx));
+}
+
+int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
+{
+ return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+}
+
+void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
+{
+ return (CRYPTO_get_ex_data(&s->ex_data, idx));
+}
+
+int ssl_ok(SSL *s)
+{
+ return (1);
+}
+
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
+{
+ return (ctx->cert_store);
+}
+
+void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
+{
+ if (ctx->cert_store != NULL)
+ X509_STORE_free(ctx->cert_store);
+ ctx->cert_store = store;
+}
+
+int SSL_want(const SSL *s)
+{
+ return (s->rwstate);
+}
+
+/**
+ * \brief Set the callback for generating temporary RSA keys.
+ * \param ctx the SSL context.
+ * \param cb the callback
+ */
+
+#ifndef OPENSSL_NO_RSA
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb) (SSL *ssl,
+ int is_export,
+ int keylength))
+{
+ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb);
+}
+
+void SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb) (SSL *ssl,
+ int is_export,
+ int keylength))
+{
+ SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB, (void (*)(void))cb);
+}
+#endif
+
+#ifdef DOXYGEN
+/**
+ * \brief The RSA temporary key callback function.
+ * \param ssl the SSL session.
+ * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
+ * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
+ * of the required key in bits.
+ * \return the temporary RSA key.
+ * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
+ */
+
+RSA *cb(SSL *ssl, int is_export, int keylength)
+{
+}
+#endif
+
+/**
+ * \brief Set the callback for generating temporary DH keys.
+ * \param ctx the SSL context.
+ * \param dh the callback
+ */
+
+#ifndef OPENSSL_NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+ DH *(*dh) (SSL *ssl, int is_export,
+ int keylength))
+{
+ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+
+void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
+ int keylength))
+{
+ SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
+ EC_KEY *(*ecdh) (SSL *ssl, int is_export,
+ int keylength))
+{
+ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
+ (void (*)(void))ecdh);
+}
+
+void SSL_set_tmp_ecdh_callback(SSL *ssl,
+ EC_KEY *(*ecdh) (SSL *ssl, int is_export,
+ int keylength))
+{
+ SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB, (void (*)(void))ecdh);
+}
+#endif
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+ void (*cb) (int write_p, int version,
+ int content_type, const void *buf,
+ size_t len, SSL *ssl, void *arg))
+{
+ SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+}
+
+void SSL_set_msg_callback(SSL *ssl,
+ void (*cb) (int write_p, int version,
+ int content_type, const void *buf,
+ size_t len, SSL *ssl, void *arg))
+{
+ SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+}
+
+#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
+# include "../crypto/bio/bss_file.c"
+#endif
+
+IMPLEMENT_STACK_OF(SSL_CIPHER)
+IMPLEMENT_STACK_OF(SSL_COMP)
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_locl.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_locl.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1044 +0,0 @@
-/* ssl/ssl_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_SSL_LOCL_H
-#define HEADER_SSL_LOCL_H
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-
-#include "e_os.h"
-
-#include <openssl/buffer.h>
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <openssl/bio.h>
-#include <openssl/stack.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include <openssl/symhacks.h>
-
-#ifdef OPENSSL_BUILD_SHLIBSSL
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#define PKCS1_CHECK
-
-#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
- l|=(((unsigned long)(*((c)++)))<< 8), \
- l|=(((unsigned long)(*((c)++)))<<16), \
- l|=(((unsigned long)(*((c)++)))<<24))
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c))))<<24; \
- case 7: l2|=((unsigned long)(*(--(c))))<<16; \
- case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
- case 5: l2|=((unsigned long)(*(--(c)))); \
- case 4: l1 =((unsigned long)(*(--(c))))<<24; \
- case 3: l1|=((unsigned long)(*(--(c))))<<16; \
- case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
- case 1: l1|=((unsigned long)(*(--(c)))); \
- } \
- }
-
-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24)&0xff))
-
-#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
- l|=((unsigned long)(*((c)++)))<<16, \
- l|=((unsigned long)(*((c)++)))<< 8, \
- l|=((unsigned long)(*((c)++))))
-
-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-#define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
- *((c)++)=(unsigned char)(((l)>>32)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-#define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
- *((c)++)=(unsigned char)(((l)>>48)&0xff), \
- *((c)++)=(unsigned char)(((l)>>40)&0xff), \
- *((c)++)=(unsigned char)(((l)>>32)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
- l|=((BN_ULLONG)(*((c)++)))<<32, \
- l|=((BN_ULLONG)(*((c)++)))<<24, \
- l|=((BN_ULLONG)(*((c)++)))<<16, \
- l|=((BN_ULLONG)(*((c)++)))<< 8, \
- l|=((BN_ULLONG)(*((c)++))))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
- } \
- }
-
-#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
- (((unsigned int)(c[1])) )),c+=2)
-#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
- c[1]=(unsigned char)(((s) )&0xff)),c+=2)
-
-#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
- (((unsigned long)(c[1]))<< 8)| \
- (((unsigned long)(c[2])) )),c+=3)
-
-#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
- c[1]=(unsigned char)(((l)>> 8)&0xff), \
- c[2]=(unsigned char)(((l) )&0xff)),c+=3)
-
-/* LOCAL STUFF */
-
-#define SSL_DECRYPT 0
-#define SSL_ENCRYPT 1
-
-#define TWO_BYTE_BIT 0x80
-#define SEC_ESC_BIT 0x40
-#define TWO_BYTE_MASK 0x7fff
-#define THREE_BYTE_MASK 0x3fff
-
-#define INC32(a) ((a)=((a)+1)&0xffffffffL)
-#define DEC32(a) ((a)=((a)-1)&0xffffffffL)
-#define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */
-
-/*
- * Define the Bitmasks for SSL_CIPHER.algorithms.
- * This bits are used packed as dense as possible. If new methods/ciphers
- * etc will be added, the bits a likely to change, so this information
- * is for internal library use only, even though SSL_CIPHER.algorithms
- * can be publicly accessed.
- * Use the according functions for cipher management instead.
- *
- * The bit mask handling in the selection and sorting scheme in
- * ssl_create_cipher_list() has only limited capabilities, reflecting
- * that the different entities within are mutually exclusive:
- * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
- */
-#define SSL_MKEY_MASK 0x000000FFL
-#define SSL_kRSA 0x00000001L /* RSA key exchange */
-#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */
-#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */
-#define SSL_kFZA 0x00000008L
-#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */
-#define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */
-#define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */
-#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
-#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
-
-#define SSL_AUTH_MASK 0x00007F00L
-#define SSL_aRSA 0x00000100L /* Authenticate with RSA */
-#define SSL_aDSS 0x00000200L /* Authenticate with DSS */
-#define SSL_DSS SSL_aDSS
-#define SSL_aFZA 0x00000400L
-#define SSL_aNULL 0x00000800L /* no Authenticate, ADH */
-#define SSL_aDH 0x00001000L /* no Authenticate, ADH */
-#define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */
-#define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */
-
-#define SSL_NULL (SSL_eNULL)
-#define SSL_ADH (SSL_kEDH|SSL_aNULL)
-#define SSL_RSA (SSL_kRSA|SSL_aRSA)
-#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH)
-#define SSL_ECDH (SSL_kECDH|SSL_kECDHE)
-#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA)
-#define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5)
-
-#define SSL_ENC_MASK 0x1C3F8000L
-#define SSL_DES 0x00008000L
-#define SSL_3DES 0x00010000L
-#define SSL_RC4 0x00020000L
-#define SSL_RC2 0x00040000L
-#define SSL_IDEA 0x00080000L
-#define SSL_eFZA 0x00100000L
-#define SSL_eNULL 0x00200000L
-#define SSL_AES 0x04000000L
-#define SSL_CAMELLIA 0x08000000L
-#define SSL_SEED 0x10000000L
-
-#define SSL_MAC_MASK 0x00c00000L
-#define SSL_MD5 0x00400000L
-#define SSL_SHA1 0x00800000L
-#define SSL_SHA (SSL_SHA1)
-
-#define SSL_SSL_MASK 0x03000000L
-#define SSL_SSLV2 0x01000000L
-#define SSL_SSLV3 0x02000000L
-#define SSL_TLSV1 SSL_SSLV3 /* for now */
-
-/* we have used 1fffffff - 3 bits left to go. */
-
-/*
- * Export and cipher strength information. For each cipher we have to decide
- * whether it is exportable or not. This information is likely to change
- * over time, since the export control rules are no static technical issue.
- *
- * Independent of the export flag the cipher strength is sorted into classes.
- * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
- * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
- * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
- * since SSL_EXP64 could be similar to SSL_LOW.
- * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
- * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
- * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
- * be possible.
- */
-#define SSL_EXP_MASK 0x00000003L
-#define SSL_NOT_EXP 0x00000001L
-#define SSL_EXPORT 0x00000002L
-
-#define SSL_STRONG_MASK 0x000000fcL
-#define SSL_STRONG_NONE 0x00000004L
-#define SSL_EXP40 0x00000008L
-#define SSL_MICRO (SSL_EXP40)
-#define SSL_EXP56 0x00000010L
-#define SSL_MINI (SSL_EXP56)
-#define SSL_LOW 0x00000020L
-#define SSL_MEDIUM 0x00000040L
-#define SSL_HIGH 0x00000080L
-#define SSL_FIPS 0x00000100L
-
-/* we have used 000001ff - 23 bits left to go */
-
-/*
- * Macros to check the export status and cipher strength for export ciphers.
- * Even though the macros for EXPORT and EXPORT40/56 have similar names,
- * their meaning is different:
- * *_EXPORT macros check the 'exportable' status.
- * *_EXPORT40/56 macros are used to check whether a certain cipher strength
- * is given.
- * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
- * algorithm structure element to be passed (algorithms, algo_strength) and no
- * typechecking can be done as they are all of type unsigned long, their
- * direct usage is discouraged.
- * Use the SSL_C_* macros instead.
- */
-#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
-#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
-#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
-#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
-#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
-#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
-
-#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
- ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
-#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
-#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms, \
- (c)->algo_strength)
-#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
-
-
-#define SSL_ALL 0xffffffffL
-#define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
- SSL_MAC_MASK)
-#define SSL_ALL_STRENGTHS (SSL_EXP_MASK|SSL_STRONG_MASK)
-
-/* Mostly for SSLv3 */
-#define SSL_PKEY_RSA_ENC 0
-#define SSL_PKEY_RSA_SIGN 1
-#define SSL_PKEY_DSA_SIGN 2
-#define SSL_PKEY_DH_RSA 3
-#define SSL_PKEY_DH_DSA 4
-#define SSL_PKEY_ECC 5
-#define SSL_PKEY_NUM 6
-
-/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
- * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
- * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
- * SSL_aRSA <- RSA_ENC | RSA_SIGN
- * SSL_aDSS <- DSA_SIGN
- */
-
-/*
-#define CERT_INVALID 0
-#define CERT_PUBLIC_KEY 1
-#define CERT_PRIVATE_KEY 2
-*/
-
-#ifndef OPENSSL_NO_EC
-/* From ECC-TLS draft, used in encoding the curve type in
- * ECParameters
- */
-#define EXPLICIT_PRIME_CURVE_TYPE 1
-#define EXPLICIT_CHAR2_CURVE_TYPE 2
-#define NAMED_CURVE_TYPE 3
-#endif /* OPENSSL_NO_EC */
-
-typedef struct cert_pkey_st
- {
- X509 *x509;
- EVP_PKEY *privatekey;
- } CERT_PKEY;
-
-typedef struct cert_st
- {
- /* Current active set */
- CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
- * Probably it would make more sense to store
- * an index, not a pointer. */
-
- /* The following masks are for the key and auth
- * algorithms that are supported by the certs below */
- int valid;
- unsigned long mask;
- unsigned long export_mask;
-#ifndef OPENSSL_NO_RSA
- RSA *rsa_tmp;
- RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-#ifndef OPENSSL_NO_DH
- DH *dh_tmp;
- DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh_tmp;
- /* Callback for generating ephemeral ECDH keys */
- EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-
- CERT_PKEY pkeys[SSL_PKEY_NUM];
-
- int references; /* >1 only if SSL_copy_session_id is used */
- } CERT;
-
-
-typedef struct sess_cert_st
- {
- STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
-
- /* The 'peer_...' members are used only by clients. */
- int peer_cert_type;
-
- CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
- CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
- /* Obviously we don't have the private keys of these,
- * so maybe we shouldn't even use the CERT_PKEY type here. */
-
-#ifndef OPENSSL_NO_RSA
- RSA *peer_rsa_tmp; /* not used for SSL 2 */
-#endif
-#ifndef OPENSSL_NO_DH
- DH *peer_dh_tmp; /* not used for SSL 2 */
-#endif
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *peer_ecdh_tmp;
-#endif
-
- int references; /* actually always 1 at the moment */
- } SESS_CERT;
-
-
-/*#define MAC_DEBUG */
-
-/*#define ERR_DEBUG */
-/*#define ABORT_DEBUG */
-/*#define PKT_DEBUG 1 */
-/*#define DES_DEBUG */
-/*#define DES_OFB_DEBUG */
-/*#define SSL_DEBUG */
-/*#define RSA_DEBUG */
-/*#define IDEA_DEBUG */
-
-#define FP_ICC (int (*)(const void *,const void *))
-#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
- ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
-#define ssl_get_cipher_by_char(ssl,ptr) \
- ((ssl)->method->get_cipher_by_char(ptr))
-
-/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
- * It is a bit of a mess of functions, but hell, think of it as
- * an opaque structure :-) */
-typedef struct ssl3_enc_method
- {
- int (*enc)(SSL *, int);
- int (*mac)(SSL *, unsigned char *, int);
- int (*setup_key_block)(SSL *);
- int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
- int (*change_cipher_state)(SSL *, int);
- int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
- int finish_mac_length;
- int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
- const char *client_finished_label;
- int client_finished_label_len;
- const char *server_finished_label;
- int server_finished_label_len;
- int (*alert_value)(int);
- } SSL3_ENC_METHOD;
-
-#ifndef OPENSSL_NO_COMP
-/* Used for holding the relevant compression methods loaded into SSL_CTX */
-typedef struct ssl3_comp_st
- {
- int comp_id; /* The identifier byte for this compression type */
- char *name; /* Text name used for the compression type */
- COMP_METHOD *method; /* The method :-) */
- } SSL3_COMP;
-#endif
-
-extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
-OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
-
-
-SSL_METHOD *ssl_bad_method(int ver);
-SSL_METHOD *sslv2_base_method(void);
-SSL_METHOD *sslv23_base_method(void);
-SSL_METHOD *sslv3_base_method(void);
-
-extern SSL3_ENC_METHOD TLSv1_enc_data;
-extern SSL3_ENC_METHOD SSLv3_enc_data;
-extern SSL3_ENC_METHOD DTLSv1_enc_data;
-
-#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void) \
- { \
- static SSL_METHOD func_name##_data= { \
- TLS1_VERSION, \
- tls1_new, \
- tls1_clear, \
- tls1_free, \
- s_accept, \
- s_connect, \
- ssl3_read, \
- ssl3_peek, \
- ssl3_write, \
- ssl3_shutdown, \
- ssl3_renegotiate, \
- ssl3_renegotiate_check, \
- ssl3_get_message, \
- ssl3_read_bytes, \
- ssl3_write_bytes, \
- ssl3_dispatch_alert, \
- ssl3_ctrl, \
- ssl3_ctx_ctrl, \
- ssl3_get_cipher_by_char, \
- ssl3_put_cipher_by_char, \
- ssl3_pending, \
- ssl3_num_ciphers, \
- ssl3_get_cipher, \
- s_get_meth, \
- tls1_default_timeout, \
- &TLSv1_enc_data, \
- ssl_undefined_void_function, \
- ssl3_callback_ctrl, \
- ssl3_ctx_callback_ctrl, \
- }; \
- return &func_name##_data; \
- }
-
-#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void) \
- { \
- static SSL_METHOD func_name##_data= { \
- SSL3_VERSION, \
- ssl3_new, \
- ssl3_clear, \
- ssl3_free, \
- s_accept, \
- s_connect, \
- ssl3_read, \
- ssl3_peek, \
- ssl3_write, \
- ssl3_shutdown, \
- ssl3_renegotiate, \
- ssl3_renegotiate_check, \
- ssl3_get_message, \
- ssl3_read_bytes, \
- ssl3_write_bytes, \
- ssl3_dispatch_alert, \
- ssl3_ctrl, \
- ssl3_ctx_ctrl, \
- ssl3_get_cipher_by_char, \
- ssl3_put_cipher_by_char, \
- ssl3_pending, \
- ssl3_num_ciphers, \
- ssl3_get_cipher, \
- s_get_meth, \
- ssl3_default_timeout, \
- &SSLv3_enc_data, \
- ssl_undefined_void_function, \
- ssl3_callback_ctrl, \
- ssl3_ctx_callback_ctrl, \
- }; \
- return &func_name##_data; \
- }
-
-#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void) \
- { \
- static SSL_METHOD func_name##_data= { \
- TLS1_VERSION, \
- tls1_new, \
- tls1_clear, \
- tls1_free, \
- s_accept, \
- s_connect, \
- ssl23_read, \
- ssl23_peek, \
- ssl23_write, \
- ssl_undefined_function, \
- ssl_undefined_function, \
- ssl_ok, \
- ssl3_get_message, \
- ssl3_read_bytes, \
- ssl3_write_bytes, \
- ssl3_dispatch_alert, \
- ssl3_ctrl, \
- ssl3_ctx_ctrl, \
- ssl23_get_cipher_by_char, \
- ssl23_put_cipher_by_char, \
- ssl_undefined_const_function, \
- ssl23_num_ciphers, \
- ssl23_get_cipher, \
- s_get_meth, \
- ssl23_default_timeout, \
- &ssl3_undef_enc_method, \
- ssl_undefined_void_function, \
- ssl3_callback_ctrl, \
- ssl3_ctx_callback_ctrl, \
- }; \
- return &func_name##_data; \
- }
-
-#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void) \
- { \
- static SSL_METHOD func_name##_data= { \
- SSL2_VERSION, \
- ssl2_new, /* local */ \
- ssl2_clear, /* local */ \
- ssl2_free, /* local */ \
- s_accept, \
- s_connect, \
- ssl2_read, \
- ssl2_peek, \
- ssl2_write, \
- ssl2_shutdown, \
- ssl_ok, /* NULL - renegotiate */ \
- ssl_ok, /* NULL - check renegotiate */ \
- NULL, /* NULL - ssl_get_message */ \
- NULL, /* NULL - ssl_get_record */ \
- NULL, /* NULL - ssl_write_bytes */ \
- NULL, /* NULL - dispatch_alert */ \
- ssl2_ctrl, /* local */ \
- ssl2_ctx_ctrl, /* local */ \
- ssl2_get_cipher_by_char, \
- ssl2_put_cipher_by_char, \
- ssl2_pending, \
- ssl2_num_ciphers, \
- ssl2_get_cipher, \
- s_get_meth, \
- ssl2_default_timeout, \
- &ssl3_undef_enc_method, \
- ssl_undefined_void_function, \
- ssl2_callback_ctrl, /* local */ \
- ssl2_ctx_callback_ctrl, /* local */ \
- }; \
- return &func_name##_data; \
- }
-
-#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void) \
- { \
- static SSL_METHOD func_name##_data= { \
- DTLS1_VERSION, \
- dtls1_new, \
- dtls1_clear, \
- dtls1_free, \
- s_accept, \
- s_connect, \
- ssl3_read, \
- ssl3_peek, \
- ssl3_write, \
- ssl3_shutdown, \
- ssl3_renegotiate, \
- ssl3_renegotiate_check, \
- dtls1_get_message, \
- dtls1_read_bytes, \
- dtls1_write_app_data_bytes, \
- dtls1_dispatch_alert, \
- dtls1_ctrl, \
- ssl3_ctx_ctrl, \
- ssl3_get_cipher_by_char, \
- ssl3_put_cipher_by_char, \
- ssl3_pending, \
- ssl3_num_ciphers, \
- dtls1_get_cipher, \
- s_get_meth, \
- dtls1_default_timeout, \
- &DTLSv1_enc_data, \
- ssl_undefined_void_function, \
- ssl3_callback_ctrl, \
- ssl3_ctx_callback_ctrl, \
- }; \
- return &func_name##_data; \
- }
-
-void ssl_clear_cipher_ctx(SSL *s);
-int ssl_clear_bad_session(SSL *s);
-CERT *ssl_cert_new(void);
-CERT *ssl_cert_dup(CERT *cert);
-int ssl_cert_inst(CERT **o);
-void ssl_cert_free(CERT *c);
-SESS_CERT *ssl_sess_cert_new(void);
-void ssl_sess_cert_free(SESS_CERT *sc);
-int ssl_set_peer_cert_type(SESS_CERT *c, int type);
-int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
-int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
- const SSL_CIPHER * const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
- STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
- int (*put_cb)(const SSL_CIPHER *, unsigned char *));
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
- STACK_OF(SSL_CIPHER) **pref,
- STACK_OF(SSL_CIPHER) **sorted,
- const char *rule_str);
-void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
- const EVP_MD **md,SSL_COMP **comp);
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
-int ssl_undefined_function(SSL *s);
-int ssl_undefined_void_function(void);
-int ssl_undefined_const_function(const SSL *s);
-CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
-X509 *ssl_get_server_send_cert(const SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
-int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
-int ssl_verify_alarm_type(long type);
-void ssl_load_ciphers(void);
-
-int ssl2_enc_init(SSL *s, int client);
-int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
-void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
-int ssl2_part_read(SSL *s, unsigned long f, int i);
-int ssl2_do_write(SSL *s);
-int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
-void ssl2_return_error(SSL *s,int reason);
-void ssl2_write_error(SSL *s);
-int ssl2_num_ciphers(void);
-SSL_CIPHER *ssl2_get_cipher(unsigned int u);
-int ssl2_new(SSL *s);
-void ssl2_free(SSL *s);
-int ssl2_accept(SSL *s);
-int ssl2_connect(SSL *s);
-int ssl2_read(SSL *s, void *buf, int len);
-int ssl2_peek(SSL *s, void *buf, int len);
-int ssl2_write(SSL *s, const void *buf, int len);
-int ssl2_shutdown(SSL *s);
-void ssl2_clear(SSL *s);
-long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
-long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
-int ssl2_pending(const SSL *s);
-long ssl2_default_timeout(void );
-
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
-void ssl3_init_finished_mac(SSL *s);
-int ssl3_send_server_certificate(SSL *s);
-int ssl3_send_newsession_ticket(SSL *s);
-int ssl3_send_cert_status(SSL *s);
-int ssl3_get_finished(SSL *s,int state_a,int state_b);
-int ssl3_setup_key_block(SSL *s);
-int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
-int ssl3_change_cipher_state(SSL *s,int which);
-void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s,int type);
-int ssl3_send_alert(SSL *s,int level, int desc);
-int ssl3_generate_master_secret(SSL *s, unsigned char *out,
- unsigned char *p, int len);
-int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
-int ssl3_num_ciphers(void);
-SSL_CIPHER *ssl3_get_cipher(unsigned int u);
-int ssl3_renegotiate(SSL *ssl);
-int ssl3_renegotiate_check(SSL *ssl);
-int ssl3_dispatch_alert(SSL *s);
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
- const char *sender, int slen,unsigned char *p);
-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-int ssl3_enc(SSL *s, int send_data);
-int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
- STACK_OF(SSL_CIPHER) *srvr);
-int ssl3_setup_buffers(SSL *s);
-int ssl3_new(SSL *s);
-void ssl3_free(SSL *s);
-int ssl3_accept(SSL *s);
-int ssl3_connect(SSL *s);
-int ssl3_read(SSL *s, void *buf, int len);
-int ssl3_peek(SSL *s, void *buf, int len);
-int ssl3_write(SSL *s, const void *buf, int len);
-int ssl3_shutdown(SSL *s);
-void ssl3_clear(SSL *s);
-long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
-long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
-int ssl3_pending(const SSL *s);
-
-void ssl3_record_sequence_update(unsigned char *seq);
-int ssl3_do_change_cipher_spec(SSL *ssl);
-long ssl3_default_timeout(void );
-
-int ssl23_num_ciphers(void );
-SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-int ssl23_read(SSL *s, void *buf, int len);
-int ssl23_peek(SSL *s, void *buf, int len);
-int ssl23_write(SSL *s, const void *buf, int len);
-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
-long ssl23_default_timeout(void );
-
-long tls1_default_timeout(void);
-int dtls1_do_write(SSL *s,int type);
-int ssl3_read_n(SSL *s, int n, int max, int extend);
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_do_compress(SSL *ssl);
-int ssl3_do_uncompress(SSL *ssl);
-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
- unsigned int len);
-unsigned char *dtls1_set_message_header(SSL *s,
- unsigned char *p, unsigned char mt, unsigned long len,
- unsigned long frag_off, unsigned long frag_len);
-
-int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
-
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
-int dtls1_read_failed(SSL *s, int code);
-int dtls1_buffer_message(SSL *s, int ccs);
-int dtls1_retransmit_message(SSL *s, unsigned short seq,
- unsigned long frag_off, int *found);
-int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
-int dtls1_retransmit_buffered_messages(SSL *s);
-void dtls1_clear_record_buffer(SSL *s);
-void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
-void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
-void dtls1_reset_seq_numbers(SSL *s, int rw);
-long dtls1_default_timeout(void);
-struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
-int dtls1_check_timeout_num(SSL *s);
-int dtls1_handle_timeout(SSL *s);
-SSL_CIPHER *dtls1_get_cipher(unsigned int u);
-void dtls1_start_timer(SSL *s);
-void dtls1_stop_timer(SSL *s);
-int dtls1_is_timer_expired(SSL *s);
-void dtls1_double_timeout(SSL *s);
-int dtls1_send_newsession_ticket(SSL *s);
-unsigned int dtls1_min_mtu(void);
-
-
-/* some client-only functions */
-int ssl3_client_hello(SSL *s);
-int ssl3_get_server_hello(SSL *s);
-int ssl3_get_certificate_request(SSL *s);
-int ssl3_get_new_session_ticket(SSL *s);
-int ssl3_get_cert_status(SSL *s);
-int ssl3_get_server_done(SSL *s);
-int ssl3_send_client_verify(SSL *s);
-int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
-int ssl3_send_client_certificate(SSL *s);
-int ssl3_send_client_key_exchange(SSL *s);
-int ssl3_get_key_exchange(SSL *s);
-int ssl3_get_server_certificate(SSL *s);
-int ssl3_check_cert_and_algorithm(SSL *s);
-#ifndef OPENSSL_NO_TLSEXT
-int ssl3_check_finished(SSL *s);
-#endif
-
-int dtls1_client_hello(SSL *s);
-int dtls1_send_client_certificate(SSL *s);
-int dtls1_send_client_key_exchange(SSL *s);
-int dtls1_send_client_verify(SSL *s);
-
-/* some server-only functions */
-int ssl3_get_client_hello(SSL *s);
-int ssl3_send_server_hello(SSL *s);
-int ssl3_send_hello_request(SSL *s);
-int ssl3_send_server_key_exchange(SSL *s);
-int ssl3_send_certificate_request(SSL *s);
-int ssl3_send_server_done(SSL *s);
-int ssl3_check_client_hello(SSL *s);
-int ssl3_get_client_certificate(SSL *s);
-int ssl3_get_client_key_exchange(SSL *s);
-int ssl3_get_cert_verify(SSL *s);
-
-int dtls1_send_hello_request(SSL *s);
-int dtls1_send_server_hello(SSL *s);
-int dtls1_send_server_certificate(SSL *s);
-int dtls1_send_server_key_exchange(SSL *s);
-int dtls1_send_certificate_request(SSL *s);
-int dtls1_send_server_done(SSL *s);
-
-
-
-int ssl23_accept(SSL *s);
-int ssl23_connect(SSL *s);
-int ssl23_read_bytes(SSL *s, int n);
-int ssl23_write_bytes(SSL *s);
-
-int tls1_new(SSL *s);
-void tls1_free(SSL *s);
-void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-SSL_METHOD *tlsv1_base_method(void );
-
-int dtls1_new(SSL *s);
-int dtls1_accept(SSL *s);
-int dtls1_connect(SSL *s);
-void dtls1_free(SSL *s);
-void dtls1_clear(SSL *s);
-long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
-SSL_METHOD *dtlsv1_base_method(void );
-
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int dtls1_get_record(SSL *s);
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
- unsigned int len, int create_empty_fragement);
-int dtls1_dispatch_alert(SSL *s);
-int dtls1_enc(SSL *s, int snd);
-
-int ssl_init_wbio_buffer(SSL *s, int push);
-void ssl_free_wbio_buffer(SSL *s);
-
-int tls1_change_cipher_state(SSL *s, int which);
-int tls1_setup_key_block(SSL *s);
-int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
- const char *str, int slen, unsigned char *p);
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
-int tls1_mac(SSL *ssl, unsigned char *md, int snd);
-int tls1_generate_master_secret(SSL *s, unsigned char *out,
- unsigned char *p, int len);
-int tls1_alert_code(int code);
-int ssl3_alert_code(int code);
-int ssl_ok(SSL *s);
-
-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
-
-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
-
-#ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit);
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
-int ssl_prepare_clienthello_tlsext(SSL *s);
-int ssl_prepare_serverhello_tlsext(SSL *s);
-int ssl_check_clienthello_tlsext_early(SSL *s);
-int ssl_check_clienthello_tlsext_late(SSL *s);
-int ssl_check_serverhello_tlsext(SSL *s);
-
-#ifdef OPENSSL_NO_SHA256
-#define tlsext_tick_md EVP_sha1
-#else
-#define tlsext_tick_md EVP_sha256
-#endif
-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
- const unsigned char *limit, SSL_SESSION **ret);
-EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
-void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
-
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
- int maxlen);
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
- int *al);
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
- int maxlen);
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
- int *al);
-#endif
-/* s3_cbc.c */
-void ssl3_cbc_copy_mac(unsigned char* out,
- const SSL3_RECORD *rec,
- unsigned md_size,unsigned orig_len);
-int ssl3_cbc_remove_padding(const SSL* s,
- SSL3_RECORD *rec,
- unsigned block_size,
- unsigned mac_size);
-int tls1_cbc_remove_padding(const SSL* s,
- SSL3_RECORD *rec,
- unsigned block_size,
- unsigned mac_size);
-char ssl3_cbc_record_digest_supported(const EVP_MD *hash);
-void ssl3_cbc_digest_record(
- const EVP_MD *hash,
- unsigned char* md_out,
- size_t* md_out_size,
- const unsigned char header[13],
- const unsigned char *data,
- size_t data_plus_mac_size,
- size_t data_plus_mac_plus_padding_size,
- const unsigned char *mac_secret,
- unsigned mac_secret_length,
- char is_sslv3);
-
-void tls_fips_digest_extra(
- const EVP_CIPHER_CTX *cipher_ctx, const EVP_MD *hash, HMAC_CTX *hctx,
- const unsigned char *data, size_t data_len, size_t orig_len);
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_locl.h (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_locl.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_locl.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_locl.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1078 @@
+/* ssl/ssl_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_SSL_LOCL_H
+# define HEADER_SSL_LOCL_H
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include <errno.h>
+
+# include "e_os.h"
+
+# include <openssl/buffer.h>
+# ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+# endif
+# include <openssl/bio.h>
+# include <openssl/stack.h>
+# ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# endif
+# ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+# endif
+# include <openssl/err.h>
+# include <openssl/ssl.h>
+# include <openssl/symhacks.h>
+
+# ifdef OPENSSL_BUILD_SHLIBSSL
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+# define PKCS1_CHECK
+
+# define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
+ l|=(((unsigned long)(*((c)++)))<< 8), \
+ l|=(((unsigned long)(*((c)++)))<<16), \
+ l|=(((unsigned long)(*((c)++)))<<24))
+
+/* NOTE - c is not incremented as per c2l */
+# define c2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c))))<<24; \
+ case 7: l2|=((unsigned long)(*(--(c))))<<16; \
+ case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
+ case 5: l2|=((unsigned long)(*(--(c)))); \
+ case 4: l1 =((unsigned long)(*(--(c))))<<24; \
+ case 3: l1|=((unsigned long)(*(--(c))))<<16; \
+ case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
+ case 1: l1|=((unsigned long)(*(--(c)))); \
+ } \
+ }
+
+# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24)&0xff))
+
+# define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
+ l|=((unsigned long)(*((c)++)))<<16, \
+ l|=((unsigned long)(*((c)++)))<< 8, \
+ l|=((unsigned long)(*((c)++))))
+
+# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+# define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+# define l2n8(l,c) (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>48)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>40)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+# define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
+ l|=((BN_ULLONG)(*((c)++)))<<32, \
+ l|=((BN_ULLONG)(*((c)++)))<<24, \
+ l|=((BN_ULLONG)(*((c)++)))<<16, \
+ l|=((BN_ULLONG)(*((c)++)))<< 8, \
+ l|=((BN_ULLONG)(*((c)++))))
+
+/* NOTE - c is not incremented as per l2c */
+# define l2cn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ } \
+ }
+
+# define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
+ (((unsigned int)(c[1])) )),c+=2)
+# define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+ c[1]=(unsigned char)(((s) )&0xff)),c+=2)
+
+# define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
+ (((unsigned long)(c[1]))<< 8)| \
+ (((unsigned long)(c[2])) )),c+=3)
+
+# define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
+ c[1]=(unsigned char)(((l)>> 8)&0xff), \
+ c[2]=(unsigned char)(((l) )&0xff)),c+=3)
+
+/* LOCAL STUFF */
+
+# define SSL_DECRYPT 0
+# define SSL_ENCRYPT 1
+
+# define TWO_BYTE_BIT 0x80
+# define SEC_ESC_BIT 0x40
+# define TWO_BYTE_MASK 0x7fff
+# define THREE_BYTE_MASK 0x3fff
+
+# define INC32(a) ((a)=((a)+1)&0xffffffffL)
+# define DEC32(a) ((a)=((a)-1)&0xffffffffL)
+# define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */
+
+/*
+ * Define the Bitmasks for SSL_CIPHER.algorithms.
+ * This bits are used packed as dense as possible. If new methods/ciphers
+ * etc will be added, the bits a likely to change, so this information
+ * is for internal library use only, even though SSL_CIPHER.algorithms
+ * can be publicly accessed.
+ * Use the according functions for cipher management instead.
+ *
+ * The bit mask handling in the selection and sorting scheme in
+ * ssl_create_cipher_list() has only limited capabilities, reflecting
+ * that the different entities within are mutually exclusive:
+ * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
+ */
+# define SSL_MKEY_MASK 0x000000FFL
+/* RSA key exchange */
+# define SSL_kRSA 0x00000001L
+/* DH cert RSA CA cert */
+# define SSL_kDHr 0x00000002L
+/* DH cert DSA CA cert */
+# define SSL_kDHd 0x00000004L
+# define SSL_kFZA 0x00000008L
+/* tmp DH key no DH cert */
+# define SSL_kEDH 0x00000010L
+/* Kerberos5 key exchange */
+# define SSL_kKRB5 0x00000020L
+/* ECDH w/ long-term keys */
+# define SSL_kECDH 0x00000040L
+/* ephemeral ECDH */
+# define SSL_kECDHE 0x00000080L
+# define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
+
+# define SSL_AUTH_MASK 0x00007F00L
+/* Authenticate with RSA */
+# define SSL_aRSA 0x00000100L
+/* Authenticate with DSS */
+# define SSL_aDSS 0x00000200L
+# define SSL_DSS SSL_aDSS
+# define SSL_aFZA 0x00000400L
+/* no Authenticate, ADH */
+# define SSL_aNULL 0x00000800L
+/* no Authenticate, ADH */
+# define SSL_aDH 0x00001000L
+/* Authenticate with KRB5 */
+# define SSL_aKRB5 0x00002000L
+/* Authenticate with ECDSA */
+# define SSL_aECDSA 0x00004000L
+
+# define SSL_NULL (SSL_eNULL)
+# define SSL_ADH (SSL_kEDH|SSL_aNULL)
+# define SSL_RSA (SSL_kRSA|SSL_aRSA)
+# define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH)
+# define SSL_ECDH (SSL_kECDH|SSL_kECDHE)
+# define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA)
+# define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5)
+
+# define SSL_ENC_MASK 0x1C3F8000L
+# define SSL_DES 0x00008000L
+# define SSL_3DES 0x00010000L
+# define SSL_RC4 0x00020000L
+# define SSL_RC2 0x00040000L
+# define SSL_IDEA 0x00080000L
+# define SSL_eFZA 0x00100000L
+# define SSL_eNULL 0x00200000L
+# define SSL_AES 0x04000000L
+# define SSL_CAMELLIA 0x08000000L
+# define SSL_SEED 0x10000000L
+
+# define SSL_MAC_MASK 0x00c00000L
+# define SSL_MD5 0x00400000L
+# define SSL_SHA1 0x00800000L
+# define SSL_SHA (SSL_SHA1)
+
+# define SSL_SSL_MASK 0x03000000L
+# define SSL_SSLV2 0x01000000L
+# define SSL_SSLV3 0x02000000L
+# define SSL_TLSV1 SSL_SSLV3/* for now */
+
+/* we have used 1fffffff - 3 bits left to go. */
+
+/*
+ * Export and cipher strength information. For each cipher we have to decide
+ * whether it is exportable or not. This information is likely to change
+ * over time, since the export control rules are no static technical issue.
+ *
+ * Independent of the export flag the cipher strength is sorted into classes.
+ * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
+ * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
+ * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
+ * since SSL_EXP64 could be similar to SSL_LOW.
+ * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
+ * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
+ * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
+ * be possible.
+ */
+# define SSL_EXP_MASK 0x00000003L
+# define SSL_NOT_EXP 0x00000001L
+# define SSL_EXPORT 0x00000002L
+
+# define SSL_STRONG_MASK 0x000000fcL
+# define SSL_STRONG_NONE 0x00000004L
+# define SSL_EXP40 0x00000008L
+# define SSL_MICRO (SSL_EXP40)
+# define SSL_EXP56 0x00000010L
+# define SSL_MINI (SSL_EXP56)
+# define SSL_LOW 0x00000020L
+# define SSL_MEDIUM 0x00000040L
+# define SSL_HIGH 0x00000080L
+# define SSL_FIPS 0x00000100L
+
+/* we have used 000001ff - 23 bits left to go */
+
+/*-
+ * Macros to check the export status and cipher strength for export ciphers.
+ * Even though the macros for EXPORT and EXPORT40/56 have similar names,
+ * their meaning is different:
+ * *_EXPORT macros check the 'exportable' status.
+ * *_EXPORT40/56 macros are used to check whether a certain cipher strength
+ * is given.
+ * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
+ * algorithm structure element to be passed (algorithms, algo_strength) and no
+ * typechecking can be done as they are all of type unsigned long, their
+ * direct usage is discouraged.
+ * Use the SSL_C_* macros instead.
+ */
+# define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
+# define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
+# define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
+# define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
+# define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
+# define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
+
+# define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
+ ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
+# define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
+# define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms, \
+ (c)->algo_strength)
+# define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
+
+# define SSL_ALL 0xffffffffL
+# define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
+ SSL_MAC_MASK)
+# define SSL_ALL_STRENGTHS (SSL_EXP_MASK|SSL_STRONG_MASK)
+
+/* Mostly for SSLv3 */
+# define SSL_PKEY_RSA_ENC 0
+# define SSL_PKEY_RSA_SIGN 1
+# define SSL_PKEY_DSA_SIGN 2
+# define SSL_PKEY_DH_RSA 3
+# define SSL_PKEY_DH_DSA 4
+# define SSL_PKEY_ECC 5
+# define SSL_PKEY_NUM 6
+
+/*-
+ * SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
+ * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
+ * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
+ * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_aRSA <- RSA_ENC | RSA_SIGN
+ * SSL_aDSS <- DSA_SIGN
+ */
+
+/*-
+#define CERT_INVALID 0
+#define CERT_PUBLIC_KEY 1
+#define CERT_PRIVATE_KEY 2
+*/
+
+# ifndef OPENSSL_NO_EC
+/*
+ * From ECC-TLS draft, used in encoding the curve type in ECParameters
+ */
+# define EXPLICIT_PRIME_CURVE_TYPE 1
+# define EXPLICIT_CHAR2_CURVE_TYPE 2
+# define NAMED_CURVE_TYPE 3
+# endif /* OPENSSL_NO_EC */
+
+typedef struct cert_pkey_st {
+ X509 *x509;
+ EVP_PKEY *privatekey;
+} CERT_PKEY;
+
+typedef struct cert_st {
+ /* Current active set */
+ /*
+ * ALWAYS points to an element of the pkeys array
+ * Probably it would make more sense to store
+ * an index, not a pointer.
+ */
+ CERT_PKEY *key;
+ /*
+ * The following masks are for the key and auth algorithms that are
+ * supported by the certs below
+ */
+ int valid;
+ unsigned long mask;
+ unsigned long export_mask;
+# ifndef OPENSSL_NO_RSA
+ RSA *rsa_tmp;
+ RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize);
+# endif
+# ifndef OPENSSL_NO_DH
+ DH *dh_tmp;
+ DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
+# endif
+# ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh_tmp;
+ /* Callback for generating ephemeral ECDH keys */
+ EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize);
+# endif
+ CERT_PKEY pkeys[SSL_PKEY_NUM];
+ int references; /* >1 only if SSL_copy_session_id is used */
+} CERT;
+
+typedef struct sess_cert_st {
+ STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
+ /* The 'peer_...' members are used only by clients. */
+ int peer_cert_type;
+ CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never
+ * NULL!) */
+ CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
+ /*
+ * Obviously we don't have the private keys of these, so maybe we
+ * shouldn't even use the CERT_PKEY type here.
+ */
+# ifndef OPENSSL_NO_RSA
+ RSA *peer_rsa_tmp; /* not used for SSL 2 */
+# endif
+# ifndef OPENSSL_NO_DH
+ DH *peer_dh_tmp; /* not used for SSL 2 */
+# endif
+# ifndef OPENSSL_NO_ECDH
+ EC_KEY *peer_ecdh_tmp;
+# endif
+ int references; /* actually always 1 at the moment */
+} SESS_CERT;
+
+/*
+ * #define MAC_DEBUG
+ */
+
+/*
+ * #define ERR_DEBUG
+ */
+/*
+ * #define ABORT_DEBUG
+ */
+/*
+ * #define PKT_DEBUG 1
+ */
+/*
+ * #define DES_DEBUG
+ */
+/*
+ * #define DES_OFB_DEBUG
+ */
+/*
+ * #define SSL_DEBUG
+ */
+/*
+ * #define RSA_DEBUG
+ */
+/*
+ * #define IDEA_DEBUG
+ */
+
+# define FP_ICC (int (*)(const void *,const void *))
+# define ssl_put_cipher_by_char(ssl,ciph,ptr) \
+ ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
+# define ssl_get_cipher_by_char(ssl,ptr) \
+ ((ssl)->method->get_cipher_by_char(ptr))
+
+/*
+ * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
+ * of a mess of functions, but hell, think of it as an opaque structure :-)
+ */
+typedef struct ssl3_enc_method {
+ int (*enc) (SSL *, int);
+ int (*mac) (SSL *, unsigned char *, int);
+ int (*setup_key_block) (SSL *);
+ int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
+ int);
+ int (*change_cipher_state) (SSL *, int);
+ int (*final_finish_mac) (SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *,
+ int, unsigned char *);
+ int finish_mac_length;
+ int (*cert_verify_mac) (SSL *, EVP_MD_CTX *, unsigned char *);
+ const char *client_finished_label;
+ int client_finished_label_len;
+ const char *server_finished_label;
+ int server_finished_label_len;
+ int (*alert_value) (int);
+} SSL3_ENC_METHOD;
+
+# ifndef OPENSSL_NO_COMP
+/* Used for holding the relevant compression methods loaded into SSL_CTX */
+typedef struct ssl3_comp_st {
+ int comp_id; /* The identifier byte for this compression
+ * type */
+ char *name; /* Text name used for the compression type */
+ COMP_METHOD *method; /* The method :-) */
+} SSL3_COMP;
+# endif
+
+extern SSL3_ENC_METHOD ssl3_undef_enc_method;
+OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
+OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
+
+SSL_METHOD *ssl_bad_method(int ver);
+SSL_METHOD *sslv2_base_method(void);
+SSL_METHOD *sslv23_base_method(void);
+SSL_METHOD *sslv3_base_method(void);
+
+extern SSL3_ENC_METHOD TLSv1_enc_data;
+extern SSL3_ENC_METHOD SSLv3_enc_data;
+extern SSL3_ENC_METHOD DTLSv1_enc_data;
+
+# define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void) \
+ { \
+ static SSL_METHOD func_name##_data= { \
+ TLS1_VERSION, \
+ tls1_new, \
+ tls1_clear, \
+ tls1_free, \
+ s_accept, \
+ s_connect, \
+ ssl3_read, \
+ ssl3_peek, \
+ ssl3_write, \
+ ssl3_shutdown, \
+ ssl3_renegotiate, \
+ ssl3_renegotiate_check, \
+ ssl3_get_message, \
+ ssl3_read_bytes, \
+ ssl3_write_bytes, \
+ ssl3_dispatch_alert, \
+ ssl3_ctrl, \
+ ssl3_ctx_ctrl, \
+ ssl3_get_cipher_by_char, \
+ ssl3_put_cipher_by_char, \
+ ssl3_pending, \
+ ssl3_num_ciphers, \
+ ssl3_get_cipher, \
+ s_get_meth, \
+ tls1_default_timeout, \
+ &TLSv1_enc_data, \
+ ssl_undefined_void_function, \
+ ssl3_callback_ctrl, \
+ ssl3_ctx_callback_ctrl, \
+ }; \
+ return &func_name##_data; \
+ }
+
+# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void) \
+ { \
+ static SSL_METHOD func_name##_data= { \
+ SSL3_VERSION, \
+ ssl3_new, \
+ ssl3_clear, \
+ ssl3_free, \
+ s_accept, \
+ s_connect, \
+ ssl3_read, \
+ ssl3_peek, \
+ ssl3_write, \
+ ssl3_shutdown, \
+ ssl3_renegotiate, \
+ ssl3_renegotiate_check, \
+ ssl3_get_message, \
+ ssl3_read_bytes, \
+ ssl3_write_bytes, \
+ ssl3_dispatch_alert, \
+ ssl3_ctrl, \
+ ssl3_ctx_ctrl, \
+ ssl3_get_cipher_by_char, \
+ ssl3_put_cipher_by_char, \
+ ssl3_pending, \
+ ssl3_num_ciphers, \
+ ssl3_get_cipher, \
+ s_get_meth, \
+ ssl3_default_timeout, \
+ &SSLv3_enc_data, \
+ ssl_undefined_void_function, \
+ ssl3_callback_ctrl, \
+ ssl3_ctx_callback_ctrl, \
+ }; \
+ return &func_name##_data; \
+ }
+
+# define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void) \
+ { \
+ static SSL_METHOD func_name##_data= { \
+ TLS1_VERSION, \
+ tls1_new, \
+ tls1_clear, \
+ tls1_free, \
+ s_accept, \
+ s_connect, \
+ ssl23_read, \
+ ssl23_peek, \
+ ssl23_write, \
+ ssl_undefined_function, \
+ ssl_undefined_function, \
+ ssl_ok, \
+ ssl3_get_message, \
+ ssl3_read_bytes, \
+ ssl3_write_bytes, \
+ ssl3_dispatch_alert, \
+ ssl3_ctrl, \
+ ssl3_ctx_ctrl, \
+ ssl23_get_cipher_by_char, \
+ ssl23_put_cipher_by_char, \
+ ssl_undefined_const_function, \
+ ssl23_num_ciphers, \
+ ssl23_get_cipher, \
+ s_get_meth, \
+ ssl23_default_timeout, \
+ &ssl3_undef_enc_method, \
+ ssl_undefined_void_function, \
+ ssl3_callback_ctrl, \
+ ssl3_ctx_callback_ctrl, \
+ }; \
+ return &func_name##_data; \
+ }
+
+# define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void) \
+ { \
+ static SSL_METHOD func_name##_data= { \
+ SSL2_VERSION, \
+ ssl2_new, /* local */ \
+ ssl2_clear, /* local */ \
+ ssl2_free, /* local */ \
+ s_accept, \
+ s_connect, \
+ ssl2_read, \
+ ssl2_peek, \
+ ssl2_write, \
+ ssl2_shutdown, \
+ ssl_ok, /* NULL - renegotiate */ \
+ ssl_ok, /* NULL - check renegotiate */ \
+ NULL, /* NULL - ssl_get_message */ \
+ NULL, /* NULL - ssl_get_record */ \
+ NULL, /* NULL - ssl_write_bytes */ \
+ NULL, /* NULL - dispatch_alert */ \
+ ssl2_ctrl, /* local */ \
+ ssl2_ctx_ctrl, /* local */ \
+ ssl2_get_cipher_by_char, \
+ ssl2_put_cipher_by_char, \
+ ssl2_pending, \
+ ssl2_num_ciphers, \
+ ssl2_get_cipher, \
+ s_get_meth, \
+ ssl2_default_timeout, \
+ &ssl3_undef_enc_method, \
+ ssl_undefined_void_function, \
+ ssl2_callback_ctrl, /* local */ \
+ ssl2_ctx_callback_ctrl, /* local */ \
+ }; \
+ return &func_name##_data; \
+ }
+
+# define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+SSL_METHOD *func_name(void) \
+ { \
+ static SSL_METHOD func_name##_data= { \
+ DTLS1_VERSION, \
+ dtls1_new, \
+ dtls1_clear, \
+ dtls1_free, \
+ s_accept, \
+ s_connect, \
+ ssl3_read, \
+ ssl3_peek, \
+ ssl3_write, \
+ ssl3_shutdown, \
+ ssl3_renegotiate, \
+ ssl3_renegotiate_check, \
+ dtls1_get_message, \
+ dtls1_read_bytes, \
+ dtls1_write_app_data_bytes, \
+ dtls1_dispatch_alert, \
+ dtls1_ctrl, \
+ ssl3_ctx_ctrl, \
+ ssl3_get_cipher_by_char, \
+ ssl3_put_cipher_by_char, \
+ ssl3_pending, \
+ ssl3_num_ciphers, \
+ dtls1_get_cipher, \
+ s_get_meth, \
+ dtls1_default_timeout, \
+ &DTLSv1_enc_data, \
+ ssl_undefined_void_function, \
+ ssl3_callback_ctrl, \
+ ssl3_ctx_callback_ctrl, \
+ }; \
+ return &func_name##_data; \
+ }
+
+void ssl_clear_cipher_ctx(SSL *s);
+int ssl_clear_bad_session(SSL *s);
+CERT *ssl_cert_new(void);
+CERT *ssl_cert_dup(CERT *cert);
+int ssl_cert_inst(CERT **o);
+void ssl_cert_free(CERT *c);
+SESS_CERT *ssl_sess_cert_new(void);
+void ssl_sess_cert_free(SESS_CERT *sc);
+int ssl_set_peer_cert_type(SESS_CERT *c, int type);
+int ssl_get_new_session(SSL *s, int session);
+int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
+ const unsigned char *limit);
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+ const SSL_CIPHER *const *bp);
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
+ int num,
+ STACK_OF(SSL_CIPHER) **skp);
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
+ unsigned char *p,
+ int (*put_cb) (const SSL_CIPHER *,
+ unsigned char *));
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
+ STACK_OF(SSL_CIPHER) **pref,
+ STACK_OF(SSL_CIPHER) **sorted,
+ const char *rule_str);
+void ssl_update_cache(SSL *s, int mode);
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+ const EVP_MD **md, SSL_COMP **comp);
+int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
+int ssl_undefined_function(SSL *s);
+int ssl_undefined_void_function(void);
+int ssl_undefined_const_function(const SSL *s);
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
+X509 *ssl_get_server_send_cert(const SSL *);
+EVP_PKEY *ssl_get_sign_pkey(SSL *, SSL_CIPHER *);
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
+void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
+int ssl_verify_alarm_type(long type);
+void ssl_load_ciphers(void);
+
+int ssl2_enc_init(SSL *s, int client);
+int ssl2_generate_key_material(SSL *s);
+void ssl2_enc(SSL *s, int send_data);
+void ssl2_mac(SSL *s, unsigned char *mac, int send_data);
+SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+int ssl2_part_read(SSL *s, unsigned long f, int i);
+int ssl2_do_write(SSL *s);
+int ssl2_set_certificate(SSL *s, int type, int len,
+ const unsigned char *data);
+void ssl2_return_error(SSL *s, int reason);
+void ssl2_write_error(SSL *s);
+int ssl2_num_ciphers(void);
+SSL_CIPHER *ssl2_get_cipher(unsigned int u);
+int ssl2_new(SSL *s);
+void ssl2_free(SSL *s);
+int ssl2_accept(SSL *s);
+int ssl2_connect(SSL *s);
+int ssl2_read(SSL *s, void *buf, int len);
+int ssl2_peek(SSL *s, void *buf, int len);
+int ssl2_write(SSL *s, const void *buf, int len);
+int ssl2_shutdown(SSL *s);
+void ssl2_clear(SSL *s);
+long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg);
+long ssl2_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+long ssl2_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
+int ssl2_pending(const SSL *s);
+long ssl2_default_timeout(void);
+
+SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+void ssl3_init_finished_mac(SSL *s);
+int ssl3_send_server_certificate(SSL *s);
+int ssl3_send_newsession_ticket(SSL *s);
+int ssl3_send_cert_status(SSL *s);
+int ssl3_get_finished(SSL *s, int state_a, int state_b);
+int ssl3_setup_key_block(SSL *s);
+int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
+int ssl3_change_cipher_state(SSL *s, int which);
+void ssl3_cleanup_key_block(SSL *s);
+int ssl3_do_write(SSL *s, int type);
+int ssl3_send_alert(SSL *s, int level, int desc);
+int ssl3_generate_master_secret(SSL *s, unsigned char *out,
+ unsigned char *p, int len);
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
+long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
+int ssl3_num_ciphers(void);
+SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+int ssl3_renegotiate(SSL *ssl);
+int ssl3_renegotiate_check(SSL *ssl);
+int ssl3_dispatch_alert(SSL *s);
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
+int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
+ const char *sender, int slen, unsigned char *p);
+int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
+void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
+int ssl3_enc(SSL *s, int send_data);
+int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
+unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
+SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
+ STACK_OF(SSL_CIPHER) *srvr);
+int ssl3_setup_buffers(SSL *s);
+int ssl3_new(SSL *s);
+void ssl3_free(SSL *s);
+int ssl3_accept(SSL *s);
+int ssl3_connect(SSL *s);
+int ssl3_read(SSL *s, void *buf, int len);
+int ssl3_peek(SSL *s, void *buf, int len);
+int ssl3_write(SSL *s, const void *buf, int len);
+int ssl3_shutdown(SSL *s);
+void ssl3_clear(SSL *s);
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
+long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
+int ssl3_pending(const SSL *s);
+
+void ssl3_record_sequence_update(unsigned char *seq);
+int ssl3_do_change_cipher_spec(SSL *ssl);
+long ssl3_default_timeout(void);
+
+int ssl23_num_ciphers(void);
+SSL_CIPHER *ssl23_get_cipher(unsigned int u);
+int ssl23_read(SSL *s, void *buf, int len);
+int ssl23_peek(SSL *s, void *buf, int len);
+int ssl23_write(SSL *s, const void *buf, int len);
+int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+long ssl23_default_timeout(void);
+
+long tls1_default_timeout(void);
+int dtls1_do_write(SSL *s, int type);
+int ssl3_read_n(SSL *s, int n, int max, int extend);
+int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+int ssl3_do_compress(SSL *ssl);
+int ssl3_do_uncompress(SSL *ssl);
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+ unsigned int len);
+unsigned char *dtls1_set_message_header(SSL *s,
+ unsigned char *p, unsigned char mt,
+ unsigned long len,
+ unsigned long frag_off,
+ unsigned long frag_len);
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
+int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
+
+int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
+int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
+unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
+int dtls1_read_failed(SSL *s, int code);
+int dtls1_buffer_message(SSL *s, int ccs);
+int dtls1_retransmit_message(SSL *s, unsigned short seq,
+ unsigned long frag_off, int *found);
+int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
+int dtls1_retransmit_buffered_messages(SSL *s);
+void dtls1_clear_record_buffer(SSL *s);
+void dtls1_get_message_header(unsigned char *data,
+ struct hm_header_st *msg_hdr);
+void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
+void dtls1_reset_seq_numbers(SSL *s, int rw);
+long dtls1_default_timeout(void);
+struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft);
+int dtls1_check_timeout_num(SSL *s);
+int dtls1_handle_timeout(SSL *s);
+SSL_CIPHER *dtls1_get_cipher(unsigned int u);
+void dtls1_start_timer(SSL *s);
+void dtls1_stop_timer(SSL *s);
+int dtls1_is_timer_expired(SSL *s);
+void dtls1_double_timeout(SSL *s);
+int dtls1_send_newsession_ticket(SSL *s);
+unsigned int dtls1_min_mtu(void);
+
+/* some client-only functions */
+int ssl3_client_hello(SSL *s);
+int ssl3_get_server_hello(SSL *s);
+int ssl3_get_certificate_request(SSL *s);
+int ssl3_get_new_session_ticket(SSL *s);
+int ssl3_get_cert_status(SSL *s);
+int ssl3_get_server_done(SSL *s);
+int ssl3_send_client_verify(SSL *s);
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
+int ssl3_send_client_certificate(SSL *s);
+int ssl3_send_client_key_exchange(SSL *s);
+int ssl3_get_key_exchange(SSL *s);
+int ssl3_get_server_certificate(SSL *s);
+int ssl3_check_cert_and_algorithm(SSL *s);
+# ifndef OPENSSL_NO_TLSEXT
+int ssl3_check_finished(SSL *s);
+# endif
+
+int dtls1_client_hello(SSL *s);
+int dtls1_send_client_certificate(SSL *s);
+int dtls1_send_client_key_exchange(SSL *s);
+int dtls1_send_client_verify(SSL *s);
+
+/* some server-only functions */
+int ssl3_get_client_hello(SSL *s);
+int ssl3_send_server_hello(SSL *s);
+int ssl3_send_hello_request(SSL *s);
+int ssl3_send_server_key_exchange(SSL *s);
+int ssl3_send_certificate_request(SSL *s);
+int ssl3_send_server_done(SSL *s);
+int ssl3_check_client_hello(SSL *s);
+int ssl3_get_client_certificate(SSL *s);
+int ssl3_get_client_key_exchange(SSL *s);
+int ssl3_get_cert_verify(SSL *s);
+
+int dtls1_send_hello_request(SSL *s);
+int dtls1_send_server_hello(SSL *s);
+int dtls1_send_server_certificate(SSL *s);
+int dtls1_send_server_key_exchange(SSL *s);
+int dtls1_send_certificate_request(SSL *s);
+int dtls1_send_server_done(SSL *s);
+
+int ssl23_accept(SSL *s);
+int ssl23_connect(SSL *s);
+int ssl23_read_bytes(SSL *s, int n);
+int ssl23_write_bytes(SSL *s);
+
+int tls1_new(SSL *s);
+void tls1_free(SSL *s);
+void tls1_clear(SSL *s);
+long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
+long tls1_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+SSL_METHOD *tlsv1_base_method(void);
+
+int dtls1_new(SSL *s);
+int dtls1_accept(SSL *s);
+int dtls1_connect(SSL *s);
+void dtls1_free(SSL *s);
+void dtls1_clear(SSL *s);
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
+SSL_METHOD *dtlsv1_base_method(void);
+
+long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
+int dtls1_get_record(SSL *s);
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+ unsigned int len, int create_empty_fragement);
+int dtls1_dispatch_alert(SSL *s);
+int dtls1_enc(SSL *s, int snd);
+
+int ssl_init_wbio_buffer(SSL *s, int push);
+void ssl_free_wbio_buffer(SSL *s);
+
+int tls1_change_cipher_state(SSL *s, int which);
+int tls1_setup_key_block(SSL *s);
+int tls1_enc(SSL *s, int snd);
+int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+ const char *str, int slen, unsigned char *p);
+int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
+int tls1_mac(SSL *ssl, unsigned char *md, int snd);
+int tls1_generate_master_secret(SSL *s, unsigned char *out,
+ unsigned char *p, int len);
+int tls1_alert_code(int code);
+int ssl3_alert_code(int code);
+int ssl_ok(SSL *s);
+
+int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
+
+# ifndef OPENSSL_NO_TLSEXT
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
+ unsigned char *limit);
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p,
+ unsigned char *limit);
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
+ unsigned char *d, int n, int *al);
+int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
+ unsigned char *d, int n, int *al);
+int ssl_prepare_clienthello_tlsext(SSL *s);
+int ssl_prepare_serverhello_tlsext(SSL *s);
+int ssl_check_clienthello_tlsext_early(SSL *s);
+int ssl_check_clienthello_tlsext_late(SSL *s);
+int ssl_check_serverhello_tlsext(SSL *s);
+
+# ifdef OPENSSL_NO_SHA256
+# define tlsext_tick_md EVP_sha1
+# else
+# define tlsext_tick_md EVP_sha256
+# endif
+int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+ const unsigned char *limit, SSL_SESSION **ret);
+EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
+
+int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+ int maxlen);
+int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+ int *al);
+int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+ int maxlen);
+int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+ int *al);
+# endif
+/* s3_cbc.c */
+void ssl3_cbc_copy_mac(unsigned char *out,
+ const SSL3_RECORD *rec,
+ unsigned md_size, unsigned orig_len);
+int ssl3_cbc_remove_padding(const SSL *s,
+ SSL3_RECORD *rec,
+ unsigned block_size, unsigned mac_size);
+int tls1_cbc_remove_padding(const SSL *s,
+ SSL3_RECORD *rec,
+ unsigned block_size, unsigned mac_size);
+char ssl3_cbc_record_digest_supported(const EVP_MD *hash);
+void ssl3_cbc_digest_record(const EVP_MD *hash,
+ unsigned char *md_out,
+ size_t *md_out_size,
+ const unsigned char header[13],
+ const unsigned char *data,
+ size_t data_plus_mac_size,
+ size_t data_plus_mac_plus_padding_size,
+ const unsigned char *mac_secret,
+ unsigned mac_secret_length, char is_sslv3);
+
+void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
+ const EVP_MD *hash, HMAC_CTX *hctx,
+ const unsigned char *data, size_t data_len,
+ size_t orig_len);
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_rsa.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_rsa.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_rsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,779 +0,0 @@
-/* ssl/ssl_rsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/bio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-static int ssl_set_cert(CERT *c, X509 *x509);
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
-int SSL_use_certificate(SSL *ssl, X509 *x)
- {
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ssl->cert))
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- return(ssl_set_cert(ssl->cert,x));
- }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
- {
- int j;
- BIO *in;
- int ret=0;
- X509 *x=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1)
- {
- j=ERR_R_ASN1_LIB;
- x=d2i_X509_bio(in,NULL);
- }
- else if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
-
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
- goto end;
- }
-
- ret=SSL_use_certificate(ssl,x);
-end:
- if (x != NULL) X509_free(x);
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
- {
- X509 *x;
- int ret;
-
- x=d2i_X509(NULL,&d,(long)len);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_use_certificate(ssl,x);
- X509_free(x);
- return(ret);
- }
-
-#ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
- {
- EVP_PKEY *pkey;
- int ret;
-
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ssl->cert))
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- if ((pkey=EVP_PKEY_new()) == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
- return(0);
- }
-
- RSA_up_ref(rsa);
- EVP_PKEY_assign_RSA(pkey,rsa);
-
- ret=ssl_set_pkey(ssl->cert,pkey);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-#endif
-
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
- {
- int i;
-
- i=ssl_cert_type(NULL,pkey);
- if (i < 0)
- {
- SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
- return(0);
- }
-
- if (c->pkeys[i].x509 != NULL)
- {
- EVP_PKEY *pktmp;
- pktmp = X509_get_pubkey(c->pkeys[i].x509);
- EVP_PKEY_copy_parameters(pktmp,pkey);
- EVP_PKEY_free(pktmp);
- ERR_clear_error();
-
-#ifndef OPENSSL_NO_RSA
- /* Don't check the public/private key, this is mostly
- * for smart cards. */
- if ((pkey->type == EVP_PKEY_RSA) &&
- (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
- ;
- else
-#endif
- if (!X509_check_private_key(c->pkeys[i].x509,pkey))
- {
- X509_free(c->pkeys[i].x509);
- c->pkeys[i].x509 = NULL;
- return 0;
- }
- }
-
- if (c->pkeys[i].privatekey != NULL)
- EVP_PKEY_free(c->pkeys[i].privatekey);
- CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
- c->pkeys[i].privatekey=pkey;
- c->key= &(c->pkeys[i]);
-
- c->valid=0;
- return(1);
- }
-
-#ifndef OPENSSL_NO_RSA
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
- {
- int j,ret=0;
- BIO *in;
- RSA *rsa=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1)
- {
- j=ERR_R_ASN1_LIB;
- rsa=d2i_RSAPrivateKey_bio(in,NULL);
- }
- else if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
- ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
- goto end;
- }
- ret=SSL_use_RSAPrivateKey(ssl,rsa);
- RSA_free(rsa);
-end:
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
- {
- int ret;
- const unsigned char *p;
- RSA *rsa;
-
- p=d;
- if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_use_RSAPrivateKey(ssl,rsa);
- RSA_free(rsa);
- return(ret);
- }
-#endif /* !OPENSSL_NO_RSA */
-
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
- {
- int ret;
-
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ssl->cert))
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- ret=ssl_set_pkey(ssl->cert,pkey);
- return(ret);
- }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
- {
- int j,ret=0;
- BIO *in;
- EVP_PKEY *pkey=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- pkey=PEM_read_bio_PrivateKey(in,NULL,
- ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
- }
- else if (type == SSL_FILETYPE_ASN1)
- {
- j = ERR_R_ASN1_LIB;
- pkey = d2i_PrivateKey_bio(in,NULL);
- }
- else
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
- goto end;
- }
- ret=SSL_use_PrivateKey(ssl,pkey);
- EVP_PKEY_free(pkey);
-end:
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
- {
- int ret;
- const unsigned char *p;
- EVP_PKEY *pkey;
-
- p=d;
- if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_use_PrivateKey(ssl,pkey);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
- {
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ctx->cert))
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- return(ssl_set_cert(ctx->cert, x));
- }
-
-static int ssl_set_cert(CERT *c, X509 *x)
- {
- EVP_PKEY *pkey;
- int i;
-
- pkey=X509_get_pubkey(x);
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
- return(0);
- }
-
- i=ssl_cert_type(x,pkey);
- if (i < 0)
- {
- SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
- EVP_PKEY_free(pkey);
- return(0);
- }
-
- if (c->pkeys[i].privatekey != NULL)
- {
- EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
- ERR_clear_error();
-
-#ifndef OPENSSL_NO_RSA
- /* Don't check the public/private key, this is mostly
- * for smart cards. */
- if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
- (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
- RSA_METHOD_FLAG_NO_CHECK))
- ;
- else
-#endif /* OPENSSL_NO_RSA */
- if (!X509_check_private_key(x,c->pkeys[i].privatekey))
- {
- /* don't fail for a cert/key mismatch, just free
- * current private key (when switching to a different
- * cert & key, first this function should be used,
- * then ssl_set_pkey */
- EVP_PKEY_free(c->pkeys[i].privatekey);
- c->pkeys[i].privatekey=NULL;
- /* clear error queue */
- ERR_clear_error();
- }
- }
-
- EVP_PKEY_free(pkey);
-
- if (c->pkeys[i].x509 != NULL)
- X509_free(c->pkeys[i].x509);
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- c->pkeys[i].x509=x;
- c->key= &(c->pkeys[i]);
-
- c->valid=0;
- return(1);
- }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
- {
- int j;
- BIO *in;
- int ret=0;
- X509 *x=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1)
- {
- j=ERR_R_ASN1_LIB;
- x=d2i_X509_bio(in,NULL);
- }
- else if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
-
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
- goto end;
- }
-
- ret=SSL_CTX_use_certificate(ctx,x);
-end:
- if (x != NULL) X509_free(x);
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
- {
- X509 *x;
- int ret;
-
- x=d2i_X509(NULL,&d,(long)len);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_CTX_use_certificate(ctx,x);
- X509_free(x);
- return(ret);
- }
-
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
- {
- int ret;
- EVP_PKEY *pkey;
-
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ctx->cert))
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- if ((pkey=EVP_PKEY_new()) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
- return(0);
- }
-
- RSA_up_ref(rsa);
- EVP_PKEY_assign_RSA(pkey,rsa);
-
- ret=ssl_set_pkey(ctx->cert, pkey);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
- {
- int j,ret=0;
- BIO *in;
- RSA *rsa=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1)
- {
- j=ERR_R_ASN1_LIB;
- rsa=d2i_RSAPrivateKey_bio(in,NULL);
- }
- else if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
- ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
- goto end;
- }
- ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
- RSA_free(rsa);
-end:
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
- {
- int ret;
- const unsigned char *p;
- RSA *rsa;
-
- p=d;
- if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
- RSA_free(rsa);
- return(ret);
- }
-#endif /* !OPENSSL_NO_RSA */
-
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
- {
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ctx->cert))
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- return(ssl_set_pkey(ctx->cert,pkey));
- }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
- {
- int j,ret=0;
- BIO *in;
- EVP_PKEY *pkey=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- pkey=PEM_read_bio_PrivateKey(in,NULL,
- ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
- }
- else if (type == SSL_FILETYPE_ASN1)
- {
- j = ERR_R_ASN1_LIB;
- pkey = d2i_PrivateKey_bio(in,NULL);
- }
- else
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
- goto end;
- }
- ret=SSL_CTX_use_PrivateKey(ctx,pkey);
- EVP_PKEY_free(pkey);
-end:
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
- long len)
- {
- int ret;
- const unsigned char *p;
- EVP_PKEY *pkey;
-
- p=d;
- if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_CTX_use_PrivateKey(ctx,pkey);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-
-#ifndef OPENSSL_NO_STDIO
-/* Read a file that contains our certificate in "PEM" format,
- * possibly followed by a sequence of CA certificates that should be
- * sent to the peer in the Certificate message.
- */
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
- {
- BIO *in;
- int ret=0;
- X509 *x=NULL;
-
- ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
- goto end;
- }
-
- x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
- goto end;
- }
-
- ret=SSL_CTX_use_certificate(ctx,x);
- if (ERR_peek_error() != 0)
- ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
- if (ret)
- {
- /* If we could set up our certificate, now proceed to
- * the CA certificates.
- */
- X509 *ca;
- int r;
- unsigned long err;
-
- if (ctx->extra_certs != NULL)
- {
- sk_X509_pop_free(ctx->extra_certs, X509_free);
- ctx->extra_certs = NULL;
- }
-
- while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
- != NULL)
- {
- r = SSL_CTX_add_extra_chain_cert(ctx, ca);
- if (!r)
- {
- X509_free(ca);
- ret = 0;
- goto end;
- }
- /* Note that we must not free r if it was successfully
- * added to the chain (while we must free the main
- * certificate, since its reference count is increased
- * by SSL_CTX_use_certificate). */
- }
- /* When the while loop ends, it's usually just EOF. */
- err = ERR_peek_last_error();
- if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
- ERR_clear_error();
- else
- ret = 0; /* some real error */
- }
-
-end:
- if (x != NULL) X509_free(x);
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_rsa.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_rsa.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_rsa.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_rsa.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,729 @@
+/* ssl/ssl_rsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/bio.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+static int ssl_set_cert(CERT *c, X509 *x509);
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
+int SSL_use_certificate(SSL *ssl, X509 *x)
+{
+ if (x == NULL) {
+ SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (!ssl_cert_inst(&ssl->cert)) {
+ SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ return (ssl_set_cert(ssl->cert, x));
+}
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
+{
+ int j;
+ BIO *in;
+ int ret = 0;
+ X509 *x = NULL;
+
+ in = BIO_new(BIO_s_file_internal());
+ if (in == NULL) {
+ SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+ goto end;
+ }
+
+ if (BIO_read_filename(in, file) <= 0) {
+ SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+ goto end;
+ }
+ if (type == SSL_FILETYPE_ASN1) {
+ j = ERR_R_ASN1_LIB;
+ x = d2i_X509_bio(in, NULL);
+ } else if (type == SSL_FILETYPE_PEM) {
+ j = ERR_R_PEM_LIB;
+ x = PEM_read_bio_X509(in, NULL, ssl->ctx->default_passwd_callback,
+ ssl->ctx->default_passwd_callback_userdata);
+ } else {
+ SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
+ goto end;
+ }
+
+ if (x == NULL) {
+ SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
+ goto end;
+ }
+
+ ret = SSL_use_certificate(ssl, x);
+ end:
+ if (x != NULL)
+ X509_free(x);
+ if (in != NULL)
+ BIO_free(in);
+ return (ret);
+}
+#endif
+
+int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
+{
+ X509 *x;
+ int ret;
+
+ x = d2i_X509(NULL, &d, (long)len);
+ if (x == NULL) {
+ SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
+ return (0);
+ }
+
+ ret = SSL_use_certificate(ssl, x);
+ X509_free(x);
+ return (ret);
+}
+
+#ifndef OPENSSL_NO_RSA
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
+{
+ EVP_PKEY *pkey;
+ int ret;
+
+ if (rsa == NULL) {
+ SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (!ssl_cert_inst(&ssl->cert)) {
+ SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ if ((pkey = EVP_PKEY_new()) == NULL) {
+ SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
+ return (0);
+ }
+
+ RSA_up_ref(rsa);
+ EVP_PKEY_assign_RSA(pkey, rsa);
+
+ ret = ssl_set_pkey(ssl->cert, pkey);
+ EVP_PKEY_free(pkey);
+ return (ret);
+}
+#endif
+
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
+{
+ int i;
+
+ i = ssl_cert_type(NULL, pkey);
+ if (i < 0) {
+ SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+ return (0);
+ }
+
+ if (c->pkeys[i].x509 != NULL) {
+ EVP_PKEY *pktmp;
+ pktmp = X509_get_pubkey(c->pkeys[i].x509);
+ EVP_PKEY_copy_parameters(pktmp, pkey);
+ EVP_PKEY_free(pktmp);
+ ERR_clear_error();
+
+#ifndef OPENSSL_NO_RSA
+ /*
+ * Don't check the public/private key, this is mostly for smart
+ * cards.
+ */
+ if ((pkey->type == EVP_PKEY_RSA) &&
+ (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) ;
+ else
+#endif
+ if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
+ X509_free(c->pkeys[i].x509);
+ c->pkeys[i].x509 = NULL;
+ return 0;
+ }
+ }
+
+ if (c->pkeys[i].privatekey != NULL)
+ EVP_PKEY_free(c->pkeys[i].privatekey);
+ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ c->pkeys[i].privatekey = pkey;
+ c->key = &(c->pkeys[i]);
+
+ c->valid = 0;
+ return (1);
+}
+
+#ifndef OPENSSL_NO_RSA
+# ifndef OPENSSL_NO_STDIO
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
+{
+ int j, ret = 0;
+ BIO *in;
+ RSA *rsa = NULL;
+
+ in = BIO_new(BIO_s_file_internal());
+ if (in == NULL) {
+ SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
+ goto end;
+ }
+
+ if (BIO_read_filename(in, file) <= 0) {
+ SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
+ goto end;
+ }
+ if (type == SSL_FILETYPE_ASN1) {
+ j = ERR_R_ASN1_LIB;
+ rsa = d2i_RSAPrivateKey_bio(in, NULL);
+ } else if (type == SSL_FILETYPE_PEM) {
+ j = ERR_R_PEM_LIB;
+ rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
+ ssl->ctx->default_passwd_callback,
+ ssl->
+ ctx->default_passwd_callback_userdata);
+ } else {
+ SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+ goto end;
+ }
+ if (rsa == NULL) {
+ SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
+ goto end;
+ }
+ ret = SSL_use_RSAPrivateKey(ssl, rsa);
+ RSA_free(rsa);
+ end:
+ if (in != NULL)
+ BIO_free(in);
+ return (ret);
+}
+# endif
+
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
+{
+ int ret;
+ const unsigned char *p;
+ RSA *rsa;
+
+ p = d;
+ if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
+ SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+ return (0);
+ }
+
+ ret = SSL_use_RSAPrivateKey(ssl, rsa);
+ RSA_free(rsa);
+ return (ret);
+}
+#endif /* !OPENSSL_NO_RSA */
+
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
+{
+ int ret;
+
+ if (pkey == NULL) {
+ SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (!ssl_cert_inst(&ssl->cert)) {
+ SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ ret = ssl_set_pkey(ssl->cert, pkey);
+ return (ret);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
+{
+ int j, ret = 0;
+ BIO *in;
+ EVP_PKEY *pkey = NULL;
+
+ in = BIO_new(BIO_s_file_internal());
+ if (in == NULL) {
+ SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
+ goto end;
+ }
+
+ if (BIO_read_filename(in, file) <= 0) {
+ SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
+ goto end;
+ }
+ if (type == SSL_FILETYPE_PEM) {
+ j = ERR_R_PEM_LIB;
+ pkey = PEM_read_bio_PrivateKey(in, NULL,
+ ssl->ctx->default_passwd_callback,
+ ssl->
+ ctx->default_passwd_callback_userdata);
+ } else if (type == SSL_FILETYPE_ASN1) {
+ j = ERR_R_ASN1_LIB;
+ pkey = d2i_PrivateKey_bio(in, NULL);
+ } else {
+ SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+ goto end;
+ }
+ if (pkey == NULL) {
+ SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
+ goto end;
+ }
+ ret = SSL_use_PrivateKey(ssl, pkey);
+ EVP_PKEY_free(pkey);
+ end:
+ if (in != NULL)
+ BIO_free(in);
+ return (ret);
+}
+#endif
+
+int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
+ long len)
+{
+ int ret;
+ const unsigned char *p;
+ EVP_PKEY *pkey;
+
+ p = d;
+ if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
+ SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+ return (0);
+ }
+
+ ret = SSL_use_PrivateKey(ssl, pkey);
+ EVP_PKEY_free(pkey);
+ return (ret);
+}
+
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
+{
+ if (x == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (!ssl_cert_inst(&ctx->cert)) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ return (ssl_set_cert(ctx->cert, x));
+}
+
+static int ssl_set_cert(CERT *c, X509 *x)
+{
+ EVP_PKEY *pkey;
+ int i;
+
+ pkey = X509_get_pubkey(x);
+ if (pkey == NULL) {
+ SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
+ return (0);
+ }
+
+ i = ssl_cert_type(x, pkey);
+ if (i < 0) {
+ SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+ EVP_PKEY_free(pkey);
+ return (0);
+ }
+
+ if (c->pkeys[i].privatekey != NULL) {
+ EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
+ ERR_clear_error();
+
+#ifndef OPENSSL_NO_RSA
+ /*
+ * Don't check the public/private key, this is mostly for smart
+ * cards.
+ */
+ if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
+ (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
+ RSA_METHOD_FLAG_NO_CHECK)) ;
+ else
+#endif /* OPENSSL_NO_RSA */
+ if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
+ /*
+ * don't fail for a cert/key mismatch, just free current private
+ * key (when switching to a different cert & key, first this
+ * function should be used, then ssl_set_pkey
+ */
+ EVP_PKEY_free(c->pkeys[i].privatekey);
+ c->pkeys[i].privatekey = NULL;
+ /* clear error queue */
+ ERR_clear_error();
+ }
+ }
+
+ EVP_PKEY_free(pkey);
+
+ if (c->pkeys[i].x509 != NULL)
+ X509_free(c->pkeys[i].x509);
+ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+ c->pkeys[i].x509 = x;
+ c->key = &(c->pkeys[i]);
+
+ c->valid = 0;
+ return (1);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
+{
+ int j;
+ BIO *in;
+ int ret = 0;
+ X509 *x = NULL;
+
+ in = BIO_new(BIO_s_file_internal());
+ if (in == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+ goto end;
+ }
+
+ if (BIO_read_filename(in, file) <= 0) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+ goto end;
+ }
+ if (type == SSL_FILETYPE_ASN1) {
+ j = ERR_R_ASN1_LIB;
+ x = d2i_X509_bio(in, NULL);
+ } else if (type == SSL_FILETYPE_PEM) {
+ j = ERR_R_PEM_LIB;
+ x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata);
+ } else {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
+ goto end;
+ }
+
+ if (x == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
+ goto end;
+ }
+
+ ret = SSL_CTX_use_certificate(ctx, x);
+ end:
+ if (x != NULL)
+ X509_free(x);
+ if (in != NULL)
+ BIO_free(in);
+ return (ret);
+}
+#endif
+
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
+ const unsigned char *d)
+{
+ X509 *x;
+ int ret;
+
+ x = d2i_X509(NULL, &d, (long)len);
+ if (x == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
+ return (0);
+ }
+
+ ret = SSL_CTX_use_certificate(ctx, x);
+ X509_free(x);
+ return (ret);
+}
+
+#ifndef OPENSSL_NO_RSA
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
+{
+ int ret;
+ EVP_PKEY *pkey;
+
+ if (rsa == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (!ssl_cert_inst(&ctx->cert)) {
+ SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ if ((pkey = EVP_PKEY_new()) == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
+ return (0);
+ }
+
+ RSA_up_ref(rsa);
+ EVP_PKEY_assign_RSA(pkey, rsa);
+
+ ret = ssl_set_pkey(ctx->cert, pkey);
+ EVP_PKEY_free(pkey);
+ return (ret);
+}
+
+# ifndef OPENSSL_NO_STDIO
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+ int j, ret = 0;
+ BIO *in;
+ RSA *rsa = NULL;
+
+ in = BIO_new(BIO_s_file_internal());
+ if (in == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
+ goto end;
+ }
+
+ if (BIO_read_filename(in, file) <= 0) {
+ SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
+ goto end;
+ }
+ if (type == SSL_FILETYPE_ASN1) {
+ j = ERR_R_ASN1_LIB;
+ rsa = d2i_RSAPrivateKey_bio(in, NULL);
+ } else if (type == SSL_FILETYPE_PEM) {
+ j = ERR_R_PEM_LIB;
+ rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
+ ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata);
+ } else {
+ SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+ goto end;
+ }
+ if (rsa == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
+ goto end;
+ }
+ ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
+ RSA_free(rsa);
+ end:
+ if (in != NULL)
+ BIO_free(in);
+ return (ret);
+}
+# endif
+
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+ long len)
+{
+ int ret;
+ const unsigned char *p;
+ RSA *rsa;
+
+ p = d;
+ if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+ return (0);
+ }
+
+ ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
+ RSA_free(rsa);
+ return (ret);
+}
+#endif /* !OPENSSL_NO_RSA */
+
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
+{
+ if (pkey == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+ return (0);
+ }
+ if (!ssl_cert_inst(&ctx->cert)) {
+ SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ return (ssl_set_pkey(ctx->cert, pkey));
+}
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+ int j, ret = 0;
+ BIO *in;
+ EVP_PKEY *pkey = NULL;
+
+ in = BIO_new(BIO_s_file_internal());
+ if (in == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
+ goto end;
+ }
+
+ if (BIO_read_filename(in, file) <= 0) {
+ SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
+ goto end;
+ }
+ if (type == SSL_FILETYPE_PEM) {
+ j = ERR_R_PEM_LIB;
+ pkey = PEM_read_bio_PrivateKey(in, NULL,
+ ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata);
+ } else if (type == SSL_FILETYPE_ASN1) {
+ j = ERR_R_ASN1_LIB;
+ pkey = d2i_PrivateKey_bio(in, NULL);
+ } else {
+ SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+ goto end;
+ }
+ if (pkey == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
+ goto end;
+ }
+ ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+ EVP_PKEY_free(pkey);
+ end:
+ if (in != NULL)
+ BIO_free(in);
+ return (ret);
+}
+#endif
+
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
+ const unsigned char *d, long len)
+{
+ int ret;
+ const unsigned char *p;
+ EVP_PKEY *pkey;
+
+ p = d;
+ if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+ return (0);
+ }
+
+ ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+ EVP_PKEY_free(pkey);
+ return (ret);
+}
+
+#ifndef OPENSSL_NO_STDIO
+/*
+ * Read a file that contains our certificate in "PEM" format, possibly
+ * followed by a sequence of CA certificates that should be sent to the peer
+ * in the Certificate message.
+ */
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+{
+ BIO *in;
+ int ret = 0;
+ X509 *x = NULL;
+
+ ERR_clear_error(); /* clear error stack for
+ * SSL_CTX_use_certificate() */
+
+ in = BIO_new(BIO_s_file_internal());
+ if (in == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
+ goto end;
+ }
+
+ if (BIO_read_filename(in, file) <= 0) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
+ goto end;
+ }
+
+ x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata);
+ if (x == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
+ goto end;
+ }
+
+ ret = SSL_CTX_use_certificate(ctx, x);
+ if (ERR_peek_error() != 0)
+ ret = 0; /* Key/certificate mismatch doesn't imply
+ * ret==0 ... */
+ if (ret) {
+ /*
+ * If we could set up our certificate, now proceed to the CA
+ * certificates.
+ */
+ X509 *ca;
+ int r;
+ unsigned long err;
+
+ if (ctx->extra_certs != NULL) {
+ sk_X509_pop_free(ctx->extra_certs, X509_free);
+ ctx->extra_certs = NULL;
+ }
+
+ while ((ca =
+ PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata))
+ != NULL) {
+ r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+ if (!r) {
+ X509_free(ca);
+ ret = 0;
+ goto end;
+ }
+ /*
+ * Note that we must not free r if it was successfully added to
+ * the chain (while we must free the main certificate, since its
+ * reference count is increased by SSL_CTX_use_certificate).
+ */
+ }
+ /* When the while loop ends, it's usually just EOF. */
+ err = ERR_peek_last_error();
+ if (ERR_GET_LIB(err) == ERR_LIB_PEM
+ && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
+ ERR_clear_error();
+ else
+ ret = 0; /* some real error */
+ }
+
+ end:
+ if (x != NULL)
+ X509_free(x);
+ if (in != NULL)
+ BIO_free(in);
+ return (ret);
+}
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_sess.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_sess.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_sess.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,911 +0,0 @@
-/* ssl/ssl_sess.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/lhash.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include "ssl_locl.h"
-
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
-static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
-
-SSL_SESSION *SSL_get_session(const SSL *ssl)
-/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
- {
- return(ssl->session);
- }
-
-SSL_SESSION *SSL_get1_session(SSL *ssl)
-/* variant of SSL_get_session: caller really gets something */
- {
- SSL_SESSION *sess;
- /* Need to lock this all up rather than just use CRYPTO_add so that
- * somebody doesn't free ssl->session between when we check it's
- * non-null and when we up the reference count. */
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
- sess = ssl->session;
- if(sess)
- sess->references++;
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
- return(sess);
- }
-
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
- }
-
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
- {
- return(CRYPTO_get_ex_data(&s->ex_data,idx));
- }
-
-SSL_SESSION *SSL_SESSION_new(void)
- {
- SSL_SESSION *ss;
-
- ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
- if (ss == NULL)
- {
- SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- memset(ss,0,sizeof(SSL_SESSION));
-
- ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
- ss->references=1;
- ss->timeout=60*5+4; /* 5 minute timeout by default */
- ss->time=(unsigned long)time(NULL);
- ss->prev=NULL;
- ss->next=NULL;
- ss->compress_meth=0;
-#ifndef OPENSSL_NO_TLSEXT
- ss->tlsext_hostname = NULL;
-#endif
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
- return(ss);
- }
-
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
- {
- if(len)
- *len = s->session_id_length;
- return s->session_id;
- }
-
-/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
- * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
- * until we have no conflict is going to complete in one iteration pretty much
- * "most" of the time (btw: understatement). So, if it takes us 10 iterations
- * and we still can't avoid a conflict - well that's a reasonable point to call
- * it quits. Either the RAND code is broken or someone is trying to open roughly
- * very close to 2^128 (or 2^256) SSL sessions to our server. How you might
- * store that many sessions is perhaps a more interesting question ... */
-
-#define MAX_SESS_ID_ATTEMPTS 10
-static int def_generate_session_id(const SSL *ssl, unsigned char *id,
- unsigned int *id_len)
-{
- unsigned int retry = 0;
- do
- if (RAND_pseudo_bytes(id, *id_len) <= 0)
- return 0;
- while(SSL_has_matching_session_id(ssl, id, *id_len) &&
- (++retry < MAX_SESS_ID_ATTEMPTS));
- if(retry < MAX_SESS_ID_ATTEMPTS)
- return 1;
- /* else - woops a session_id match */
- /* XXX We should also check the external cache --
- * but the probability of a collision is negligible, and
- * we could not prevent the concurrent creation of sessions
- * with identical IDs since we currently don't have means
- * to atomically check whether a session ID already exists
- * and make a reservation for it if it does not
- * (this problem applies to the internal cache as well).
- */
- return 0;
-}
-
-int ssl_get_new_session(SSL *s, int session)
- {
- /* This gets used by clients and servers. */
-
- unsigned int tmp;
- SSL_SESSION *ss=NULL;
- GEN_SESSION_CB cb = def_generate_session_id;
-
- if ((ss=SSL_SESSION_new()) == NULL) return(0);
-
- /* If the context has a default timeout, use it */
- if (s->ctx->session_timeout == 0)
- ss->timeout=SSL_get_default_timeout(s);
- else
- ss->timeout=s->ctx->session_timeout;
-
- if (s->session != NULL)
- {
- SSL_SESSION_free(s->session);
- s->session=NULL;
- }
-
- if (session)
- {
- if (s->version == SSL2_VERSION)
- {
- ss->ssl_version=SSL2_VERSION;
- ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == SSL3_VERSION)
- {
- ss->ssl_version=SSL3_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == TLS1_VERSION)
- {
- ss->ssl_version=TLS1_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == DTLS1_BAD_VER)
- {
- ss->ssl_version=DTLS1_BAD_VER;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == DTLS1_VERSION)
- {
- ss->ssl_version=DTLS1_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else
- {
- SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
- SSL_SESSION_free(ss);
- return(0);
- }
-#ifndef OPENSSL_NO_TLSEXT
- /* If RFC4507 ticket use empty session ID */
- if (s->tlsext_ticket_expected)
- {
- ss->session_id_length = 0;
- goto sess_id_done;
- }
-#endif
- /* Choose which callback will set the session ID */
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
- if(s->generate_session_id)
- cb = s->generate_session_id;
- else if(s->ctx->generate_session_id)
- cb = s->ctx->generate_session_id;
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
- /* Choose a session ID */
- tmp = ss->session_id_length;
- if(!cb(s, ss->session_id, &tmp))
- {
- /* The callback failed */
- SSLerr(SSL_F_SSL_GET_NEW_SESSION,
- SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
- SSL_SESSION_free(ss);
- return(0);
- }
- /* Don't allow the callback to set the session length to zero.
- * nor set it higher than it was. */
- if(!tmp || (tmp > ss->session_id_length))
- {
- /* The callback set an illegal length */
- SSLerr(SSL_F_SSL_GET_NEW_SESSION,
- SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
- SSL_SESSION_free(ss);
- return(0);
- }
- /* If the session length was shrunk and we're SSLv2, pad it */
- if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
- memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
- else
- ss->session_id_length = tmp;
- /* Finally, check for a conflict */
- if(SSL_has_matching_session_id(s, ss->session_id,
- ss->session_id_length))
- {
- SSLerr(SSL_F_SSL_GET_NEW_SESSION,
- SSL_R_SSL_SESSION_ID_CONFLICT);
- SSL_SESSION_free(ss);
- return(0);
- }
-#ifndef OPENSSL_NO_TLSEXT
- sess_id_done:
- if (s->tlsext_hostname) {
- ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
- if (ss->tlsext_hostname == NULL) {
- SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
- SSL_SESSION_free(ss);
- return 0;
- }
- }
-#endif
- }
- else
- {
- ss->session_id_length=0;
- }
-
- if (s->sid_ctx_length > sizeof ss->sid_ctx)
- {
- SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
- SSL_SESSION_free(ss);
- return 0;
- }
- memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
- ss->sid_ctx_length=s->sid_ctx_length;
- s->session=ss;
- ss->ssl_version=s->version;
- ss->verify_result = X509_V_OK;
-
- return(1);
- }
-
-int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
- const unsigned char *limit)
- {
- /* This is used only by servers. */
-
- SSL_SESSION *ret=NULL;
- int fatal = 0;
-#ifndef OPENSSL_NO_TLSEXT
- int r;
-#endif
-
- if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
- goto err;
-#ifndef OPENSSL_NO_TLSEXT
- r = tls1_process_ticket(s, session_id, len, limit, &ret);
- if (r == -1)
- {
- fatal = 1;
- goto err;
- }
- else if (r == 0 || (!ret && !len))
- goto err;
- else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
-#else
- if (len == 0)
- goto err;
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
-#endif
- {
- SSL_SESSION data;
- data.ssl_version=s->version;
- data.session_id_length=len;
- if (len == 0)
- return 0;
- memcpy(data.session_id,session_id,len);
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
- ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
- if (ret != NULL)
- /* don't allow other threads to steal it: */
- CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
- }
-
- if (ret == NULL)
- {
- int copy=1;
-
- s->ctx->stats.sess_miss++;
- ret=NULL;
- if (s->ctx->get_session_cb != NULL
- && (ret=s->ctx->get_session_cb(s,session_id,len,©))
- != NULL)
- {
- s->ctx->stats.sess_cb_hit++;
-
- /* Increment reference count now if the session callback
- * asks us to do so (note that if the session structures
- * returned by the callback are shared between threads,
- * it must handle the reference count itself [i.e. copy == 0],
- * or things won't be thread-safe). */
- if (copy)
- CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-
- /* Add the externally cached session to the internal
- * cache as well if and only if we are supposed to. */
- if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
- /* The following should not return 1, otherwise,
- * things are very strange */
- SSL_CTX_add_session(s->ctx,ret);
- }
- if (ret == NULL)
- goto err;
- }
-
- /* Now ret is non-NULL, and we own one of its reference counts. */
-
- if (ret->sid_ctx_length != s->sid_ctx_length
- || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
- {
- /* We've found the session named by the client, but we don't
- * want to use it in this context. */
-
-#if 0 /* The client cannot always know when a session is not appropriate,
- * so we shouldn't generate an error message. */
-
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-#endif
- goto err; /* treat like cache miss */
- }
-
- if((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0)
- {
- /* We can't be sure if this session is being used out of
- * context, which is especially important for SSL_VERIFY_PEER.
- * The application should have used SSL[_CTX]_set_session_id_context.
- *
- * For this error case, we generate an error instead of treating
- * the event like a cache miss (otherwise it would be easy for
- * applications to effectively disable the session cache by
- * accident without anyone noticing).
- */
-
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
- fatal = 1;
- goto err;
- }
-
- if (ret->cipher == NULL)
- {
- unsigned char buf[5],*p;
- unsigned long l;
-
- p=buf;
- l=ret->cipher_id;
- l2n(l,p);
- if ((ret->ssl_version>>8) >= SSL3_VERSION_MAJOR)
- ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
- else
- ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
- if (ret->cipher == NULL)
- goto err;
- }
-
-
-#if 0 /* This is way too late. */
-
- /* If a thread got the session, then 'swaped', and another got
- * it and then due to a time-out decided to 'OPENSSL_free' it we could
- * be in trouble. So I'll increment it now, then double decrement
- * later - am I speaking rubbish?. */
- CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-#endif
-
- if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
- {
- s->ctx->stats.sess_timeout++;
- /* remove it from the cache */
- SSL_CTX_remove_session(s->ctx,ret);
- goto err;
- }
-
- s->ctx->stats.sess_hit++;
-
- /* ret->time=time(NULL); */ /* rezero timeout? */
- /* again, just leave the session
- * if it is the same session, we have just incremented and
- * then decremented the reference count :-) */
- if (s->session != NULL)
- SSL_SESSION_free(s->session);
- s->session=ret;
- s->verify_result = s->session->verify_result;
- return(1);
-
- err:
- if (ret != NULL)
- SSL_SESSION_free(ret);
- if (fatal)
- return -1;
- else
- return 0;
- }
-
-int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
- {
- int ret=0;
- SSL_SESSION *s;
-
- /* add just 1 reference count for the SSL_CTX's session cache
- * even though it has two ways of access: each session is in a
- * doubly linked list and an lhash */
- CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
- /* if session c is in already in cache, we take back the increment later */
-
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- s=(SSL_SESSION *)lh_insert(ctx->sessions,c);
-
- /* s != NULL iff we already had a session with the given PID.
- * In this case, s == c should hold (then we did not really modify
- * ctx->sessions), or we're in trouble. */
- if (s != NULL && s != c)
- {
- /* We *are* in trouble ... */
- SSL_SESSION_list_remove(ctx,s);
- SSL_SESSION_free(s);
- /* ... so pretend the other session did not exist in cache
- * (we cannot handle two SSL_SESSION structures with identical
- * session ID in the same cache, which could happen e.g. when
- * two threads concurrently obtain the same session from an external
- * cache) */
- s = NULL;
- }
-
- /* Put at the head of the queue unless it is already in the cache */
- if (s == NULL)
- SSL_SESSION_list_add(ctx,c);
-
- if (s != NULL)
- {
- /* existing cache entry -- decrement previously incremented reference
- * count because it already takes into account the cache */
-
- SSL_SESSION_free(s); /* s == c */
- ret=0;
- }
- else
- {
- /* new cache entry -- remove old ones if cache has become too large */
-
- ret=1;
-
- if (SSL_CTX_sess_get_cache_size(ctx) > 0)
- {
- while (SSL_CTX_sess_number(ctx) >
- SSL_CTX_sess_get_cache_size(ctx))
- {
- if (!remove_session_lock(ctx,
- ctx->session_cache_tail, 0))
- break;
- else
- ctx->stats.sess_cache_full++;
- }
- }
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- return(ret);
- }
-
-int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
-{
- return remove_session_lock(ctx, c, 1);
-}
-
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
- {
- SSL_SESSION *r;
- int ret=0;
-
- if ((c != NULL) && (c->session_id_length != 0))
- {
- if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
- {
- ret=1;
- r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
- SSL_SESSION_list_remove(ctx,c);
- }
-
- if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-
- if (ret)
- {
- r->not_resumable=1;
- if (ctx->remove_session_cb != NULL)
- ctx->remove_session_cb(ctx,r);
- SSL_SESSION_free(r);
- }
- }
- else
- ret=0;
- return(ret);
- }
-
-void SSL_SESSION_free(SSL_SESSION *ss)
- {
- int i;
-
- if(ss == NULL)
- return;
-
- i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
-#ifdef REF_PRINT
- REF_PRINT("SSL_SESSION",ss);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-
- OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
- OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
- OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
- if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
- if (ss->peer != NULL) X509_free(ss->peer);
- if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
-#ifndef OPENSSL_NO_TLSEXT
- if (ss->tlsext_hostname != NULL) OPENSSL_free(ss->tlsext_hostname);
- if (ss->tlsext_tick != NULL) OPENSSL_free(ss->tlsext_tick);
-#endif
- OPENSSL_cleanse(ss,sizeof(*ss));
- OPENSSL_free(ss);
- }
-
-int SSL_set_session(SSL *s, SSL_SESSION *session)
- {
- int ret=0;
- SSL_METHOD *meth;
-
- if (session != NULL)
- {
- meth=s->ctx->method->get_ssl_method(session->ssl_version);
- if (meth == NULL)
- meth=s->method->get_ssl_method(session->ssl_version);
- if (meth == NULL)
- {
- SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
- return(0);
- }
-
- if (meth != s->method)
- {
- if (!SSL_set_ssl_method(s,meth))
- return(0);
- if (s->ctx->session_timeout == 0)
- session->timeout=SSL_get_default_timeout(s);
- else
- session->timeout=s->ctx->session_timeout;
- }
-
-#ifndef OPENSSL_NO_KRB5
- if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
- session->krb5_client_princ_len > 0)
- {
- s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
- memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
- session->krb5_client_princ_len);
- s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
- }
-#endif /* OPENSSL_NO_KRB5 */
-
- /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
- CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
- if (s->session != NULL)
- SSL_SESSION_free(s->session);
- s->session=session;
- s->verify_result = s->session->verify_result;
- /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
- ret=1;
- }
- else
- {
- if (s->session != NULL)
- {
- SSL_SESSION_free(s->session);
- s->session=NULL;
- }
-
- meth=s->ctx->method;
- if (meth != s->method)
- {
- if (!SSL_set_ssl_method(s,meth))
- return(0);
- }
- ret=1;
- }
- return(ret);
- }
-
-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
- {
- if (s == NULL) return(0);
- s->timeout=t;
- return(1);
- }
-
-long SSL_SESSION_get_timeout(const SSL_SESSION *s)
- {
- if (s == NULL) return(0);
- return(s->timeout);
- }
-
-long SSL_SESSION_get_time(const SSL_SESSION *s)
- {
- if (s == NULL) return(0);
- return(s->time);
- }
-
-long SSL_SESSION_set_time(SSL_SESSION *s, long t)
- {
- if (s == NULL) return(0);
- s->time=t;
- return(t);
- }
-
-long SSL_CTX_set_timeout(SSL_CTX *s, long t)
- {
- long l;
- if (s == NULL) return(0);
- l=s->session_timeout;
- s->session_timeout=t;
- return(l);
- }
-
-long SSL_CTX_get_timeout(const SSL_CTX *s)
- {
- if (s == NULL) return(0);
- return(s->session_timeout);
- }
-
-typedef struct timeout_param_st
- {
- SSL_CTX *ctx;
- long time;
- LHASH *cache;
- } TIMEOUT_PARAM;
-
-static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
- {
- if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
- {
- /* The reason we don't call SSL_CTX_remove_session() is to
- * save on locking overhead */
- lh_delete(p->cache,s);
- SSL_SESSION_list_remove(p->ctx,s);
- s->not_resumable=1;
- if (p->ctx->remove_session_cb != NULL)
- p->ctx->remove_session_cb(p->ctx,s);
- SSL_SESSION_free(s);
- }
- }
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION *, TIMEOUT_PARAM *)
-
-void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
- {
- unsigned long i;
- TIMEOUT_PARAM tp;
-
- tp.ctx=s;
- tp.cache=s->sessions;
- if (tp.cache == NULL) return;
- tp.time=t;
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- i=tp.cache->down_load;
- tp.cache->down_load=0;
- lh_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), &tp);
- tp.cache->down_load=i;
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- }
-
-int ssl_clear_bad_session(SSL *s)
- {
- if ( (s->session != NULL) &&
- !(s->shutdown & SSL_SENT_SHUTDOWN) &&
- !(SSL_in_init(s) || SSL_in_before(s)))
- {
- SSL_CTX_remove_session(s->ctx,s->session);
- return(1);
- }
- else
- return(0);
- }
-
-/* locked by SSL_CTX in the calling function */
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
- {
- if ((s->next == NULL) || (s->prev == NULL)) return;
-
- if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
- { /* last element in list */
- if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
- { /* only one element in list */
- ctx->session_cache_head=NULL;
- ctx->session_cache_tail=NULL;
- }
- else
- {
- ctx->session_cache_tail=s->prev;
- s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
- }
- }
- else
- {
- if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
- { /* first element in list */
- ctx->session_cache_head=s->next;
- s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
- }
- else
- { /* middle of list */
- s->next->prev=s->prev;
- s->prev->next=s->next;
- }
- }
- s->prev=s->next=NULL;
- }
-
-static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
- {
- if ((s->next != NULL) && (s->prev != NULL))
- SSL_SESSION_list_remove(ctx,s);
-
- if (ctx->session_cache_head == NULL)
- {
- ctx->session_cache_head=s;
- ctx->session_cache_tail=s;
- s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
- s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
- }
- else
- {
- s->next=ctx->session_cache_head;
- s->next->prev=s;
- s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
- ctx->session_cache_head=s;
- }
- }
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
- int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess))
- {
- ctx->new_session_cb=cb;
- }
-
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
- {
- return ctx->new_session_cb;
- }
-
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
- void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess))
- {
- ctx->remove_session_cb=cb;
- }
-
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess)
- {
- return ctx->remove_session_cb;
- }
-
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
- SSL_SESSION *(*cb)(struct ssl_st *ssl,
- unsigned char *data,int len,int *copy))
- {
- ctx->get_session_cb=cb;
- }
-
-SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
- unsigned char *data,int len,int *copy)
- {
- return ctx->get_session_cb;
- }
-
-void SSL_CTX_set_info_callback(SSL_CTX *ctx,
- void (*cb)(const SSL *ssl,int type,int val))
- {
- ctx->info_callback=cb;
- }
-
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val)
- {
- return ctx->info_callback;
- }
-
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
- int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
- {
- ctx->client_cert_cb=cb;
- }
-
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey)
- {
- return ctx->client_cert_cb;
- }
-
-#ifndef OPENSSL_NO_ENGINE
-int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
- {
- if (!ENGINE_init(e))
- {
- SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
- return 0;
- }
- if(!ENGINE_get_ssl_client_cert_function(e))
- {
- SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, SSL_R_NO_CLIENT_CERT_METHOD);
- ENGINE_finish(e);
- return 0;
- }
- ctx->client_cert_engine = e;
- return 1;
- }
-#endif
-
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
- int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
- {
- ctx->app_gen_cookie_cb=cb;
- }
-
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
- int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
- {
- ctx->app_verify_cookie_cb=cb;
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_sess.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_sess.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_sess.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_sess.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,910 @@
+/* ssl/ssl_sess.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/lhash.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include "ssl_locl.h"
+
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
+
+SSL_SESSION *SSL_get_session(const SSL *ssl)
+/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
+{
+ return (ssl->session);
+}
+
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+/* variant of SSL_get_session: caller really gets something */
+{
+ SSL_SESSION *sess;
+ /*
+ * Need to lock this all up rather than just use CRYPTO_add so that
+ * somebody doesn't free ssl->session between when we check it's non-null
+ * and when we up the reference count.
+ */
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
+ sess = ssl->session;
+ if (sess)
+ sess->references++;
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
+ return (sess);
+}
+
+int SSL_SESSION_get_ex_new_index(long argl, void *argp,
+ CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func,
+ CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
+ new_func, dup_func, free_func);
+}
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
+{
+ return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
+}
+
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
+{
+ return (CRYPTO_get_ex_data(&s->ex_data, idx));
+}
+
+SSL_SESSION *SSL_SESSION_new(void)
+{
+ SSL_SESSION *ss;
+
+ ss = (SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
+ if (ss == NULL) {
+ SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ memset(ss, 0, sizeof(SSL_SESSION));
+
+ ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
+ ss->references = 1;
+ ss->timeout = 60 * 5 + 4; /* 5 minute timeout by default */
+ ss->time = (unsigned long)time(NULL);
+ ss->prev = NULL;
+ ss->next = NULL;
+ ss->compress_meth = 0;
+#ifndef OPENSSL_NO_TLSEXT
+ ss->tlsext_hostname = NULL;
+#endif
+ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
+ return (ss);
+}
+
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+ unsigned int *len)
+{
+ if (len)
+ *len = s->session_id_length;
+ return s->session_id;
+}
+
+/*
+ * Even with SSLv2, we have 16 bytes (128 bits) of session ID space.
+ * SSLv3/TLSv1 has 32 bytes (256 bits). As such, filling the ID with random
+ * gunk repeatedly until we have no conflict is going to complete in one
+ * iteration pretty much "most" of the time (btw: understatement). So, if it
+ * takes us 10 iterations and we still can't avoid a conflict - well that's a
+ * reasonable point to call it quits. Either the RAND code is broken or
+ * someone is trying to open roughly very close to 2^128 (or 2^256) SSL
+ * sessions to our server. How you might store that many sessions is perhaps
+ * a more interesting question ...
+ */
+
+#define MAX_SESS_ID_ATTEMPTS 10
+static int def_generate_session_id(const SSL *ssl, unsigned char *id,
+ unsigned int *id_len)
+{
+ unsigned int retry = 0;
+ do
+ if (RAND_pseudo_bytes(id, *id_len) <= 0)
+ return 0;
+ while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+ (++retry < MAX_SESS_ID_ATTEMPTS)) ;
+ if (retry < MAX_SESS_ID_ATTEMPTS)
+ return 1;
+ /* else - woops a session_id match */
+ /*
+ * XXX We should also check the external cache -- but the probability of
+ * a collision is negligible, and we could not prevent the concurrent
+ * creation of sessions with identical IDs since we currently don't have
+ * means to atomically check whether a session ID already exists and make
+ * a reservation for it if it does not (this problem applies to the
+ * internal cache as well).
+ */
+ return 0;
+}
+
+int ssl_get_new_session(SSL *s, int session)
+{
+ /* This gets used by clients and servers. */
+
+ unsigned int tmp;
+ SSL_SESSION *ss = NULL;
+ GEN_SESSION_CB cb = def_generate_session_id;
+
+ if ((ss = SSL_SESSION_new()) == NULL)
+ return (0);
+
+ /* If the context has a default timeout, use it */
+ if (s->ctx->session_timeout == 0)
+ ss->timeout = SSL_get_default_timeout(s);
+ else
+ ss->timeout = s->ctx->session_timeout;
+
+ if (s->session != NULL) {
+ SSL_SESSION_free(s->session);
+ s->session = NULL;
+ }
+
+ if (session) {
+ if (s->version == SSL2_VERSION) {
+ ss->ssl_version = SSL2_VERSION;
+ ss->session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
+ } else if (s->version == SSL3_VERSION) {
+ ss->ssl_version = SSL3_VERSION;
+ ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+ } else if (s->version == TLS1_VERSION) {
+ ss->ssl_version = TLS1_VERSION;
+ ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+ } else if (s->version == DTLS1_BAD_VER) {
+ ss->ssl_version = DTLS1_BAD_VER;
+ ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+ } else if (s->version == DTLS1_VERSION) {
+ ss->ssl_version = DTLS1_VERSION;
+ ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+ } else {
+ SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
+ SSL_SESSION_free(ss);
+ return (0);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ /* If RFC4507 ticket use empty session ID */
+ if (s->tlsext_ticket_expected) {
+ ss->session_id_length = 0;
+ goto sess_id_done;
+ }
+#endif
+ /* Choose which callback will set the session ID */
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+ if (s->generate_session_id)
+ cb = s->generate_session_id;
+ else if (s->ctx->generate_session_id)
+ cb = s->ctx->generate_session_id;
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+ /* Choose a session ID */
+ tmp = ss->session_id_length;
+ if (!cb(s, ss->session_id, &tmp)) {
+ /* The callback failed */
+ SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+ SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
+ SSL_SESSION_free(ss);
+ return (0);
+ }
+ /*
+ * Don't allow the callback to set the session length to zero. nor
+ * set it higher than it was.
+ */
+ if (!tmp || (tmp > ss->session_id_length)) {
+ /* The callback set an illegal length */
+ SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+ SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
+ SSL_SESSION_free(ss);
+ return (0);
+ }
+ /* If the session length was shrunk and we're SSLv2, pad it */
+ if ((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
+ memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
+ else
+ ss->session_id_length = tmp;
+ /* Finally, check for a conflict */
+ if (SSL_has_matching_session_id(s, ss->session_id,
+ ss->session_id_length)) {
+ SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_SSL_SESSION_ID_CONFLICT);
+ SSL_SESSION_free(ss);
+ return (0);
+ }
+#ifndef OPENSSL_NO_TLSEXT
+ sess_id_done:
+ if (s->tlsext_hostname) {
+ ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
+ if (ss->tlsext_hostname == NULL) {
+ SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+ SSL_SESSION_free(ss);
+ return 0;
+ }
+ }
+#endif
+ } else {
+ ss->session_id_length = 0;
+ }
+
+ if (s->sid_ctx_length > sizeof ss->sid_ctx) {
+ SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+ SSL_SESSION_free(ss);
+ return 0;
+ }
+ memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
+ ss->sid_ctx_length = s->sid_ctx_length;
+ s->session = ss;
+ ss->ssl_version = s->version;
+ ss->verify_result = X509_V_OK;
+
+ return (1);
+}
+
+int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
+ const unsigned char *limit)
+{
+ /* This is used only by servers. */
+
+ SSL_SESSION *ret = NULL;
+ int fatal = 0;
+#ifndef OPENSSL_NO_TLSEXT
+ int r;
+#endif
+
+ if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
+ goto err;
+#ifndef OPENSSL_NO_TLSEXT
+ r = tls1_process_ticket(s, session_id, len, limit, &ret);
+ if (r == -1) {
+ fatal = 1;
+ goto err;
+ } else if (r == 0 || (!ret && !len))
+ goto err;
+ else if (!ret
+ && !(s->session_ctx->session_cache_mode &
+ SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+#else
+ if (len == 0)
+ goto err;
+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
+#endif
+ {
+ SSL_SESSION data;
+ data.ssl_version = s->version;
+ data.session_id_length = len;
+ if (len == 0)
+ return 0;
+ memcpy(data.session_id, session_id, len);
+ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+ ret = (SSL_SESSION *)lh_retrieve(s->ctx->sessions, &data);
+ if (ret != NULL)
+ /* don't allow other threads to steal it: */
+ CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION);
+ CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+ }
+
+ if (ret == NULL) {
+ int copy = 1;
+
+ s->ctx->stats.sess_miss++;
+ ret = NULL;
+ if (s->ctx->get_session_cb != NULL
+ && (ret = s->ctx->get_session_cb(s, session_id, len, ©))
+ != NULL) {
+ s->ctx->stats.sess_cb_hit++;
+
+ /*
+ * Increment reference count now if the session callback asks us
+ * to do so (note that if the session structures returned by the
+ * callback are shared between threads, it must handle the
+ * reference count itself [i.e. copy == 0], or things won't be
+ * thread-safe).
+ */
+ if (copy)
+ CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION);
+
+ /*
+ * Add the externally cached session to the internal cache as
+ * well if and only if we are supposed to.
+ */
+ if (!
+ (s->
+ ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+ /*
+ * The following should not return 1, otherwise, things are
+ * very strange
+ */
+ SSL_CTX_add_session(s->ctx, ret);
+ }
+ if (ret == NULL)
+ goto err;
+ }
+
+ /* Now ret is non-NULL, and we own one of its reference counts. */
+
+ if (ret->sid_ctx_length != s->sid_ctx_length
+ || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+ /*
+ * We've found the session named by the client, but we don't want to
+ * use it in this context.
+ */
+
+#if 0 /* The client cannot always know when a
+ * session is not appropriate, so we
+ * shouldn't generate an error message. */
+
+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,
+ SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+#endif
+ goto err; /* treat like cache miss */
+ }
+
+ if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
+ /*
+ * We can't be sure if this session is being used out of context,
+ * which is especially important for SSL_VERIFY_PEER. The application
+ * should have used SSL[_CTX]_set_session_id_context. For this error
+ * case, we generate an error instead of treating the event like a
+ * cache miss (otherwise it would be easy for applications to
+ * effectively disable the session cache by accident without anyone
+ * noticing).
+ */
+
+ SSLerr(SSL_F_SSL_GET_PREV_SESSION,
+ SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+ fatal = 1;
+ goto err;
+ }
+
+ if (ret->cipher == NULL) {
+ unsigned char buf[5], *p;
+ unsigned long l;
+
+ p = buf;
+ l = ret->cipher_id;
+ l2n(l, p);
+ if ((ret->ssl_version >> 8) >= SSL3_VERSION_MAJOR)
+ ret->cipher = ssl_get_cipher_by_char(s, &(buf[2]));
+ else
+ ret->cipher = ssl_get_cipher_by_char(s, &(buf[1]));
+ if (ret->cipher == NULL)
+ goto err;
+ }
+#if 0 /* This is way too late. */
+
+ /*
+ * If a thread got the session, then 'swaped', and another got it and
+ * then due to a time-out decided to 'OPENSSL_free' it we could be in
+ * trouble. So I'll increment it now, then double decrement later - am I
+ * speaking rubbish?.
+ */
+ CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_SSL_SESSION);
+#endif
+
+ if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */
+ s->ctx->stats.sess_timeout++;
+ /* remove it from the cache */
+ SSL_CTX_remove_session(s->ctx, ret);
+ goto err;
+ }
+
+ s->ctx->stats.sess_hit++;
+
+ /*- ret->time=time(NULL); *//*
+ * rezero timeout?
+ */
+ /*
+ * again, just leave the session if it is the same session, we have just
+ * incremented and then decremented the reference count :-)
+ */
+ if (s->session != NULL)
+ SSL_SESSION_free(s->session);
+ s->session = ret;
+ s->verify_result = s->session->verify_result;
+ return (1);
+
+ err:
+ if (ret != NULL)
+ SSL_SESSION_free(ret);
+ if (fatal)
+ return -1;
+ else
+ return 0;
+}
+
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+ int ret = 0;
+ SSL_SESSION *s;
+
+ /*
+ * add just 1 reference count for the SSL_CTX's session cache even though
+ * it has two ways of access: each session is in a doubly linked list and
+ * an lhash
+ */
+ CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION);
+ /*
+ * if session c is in already in cache, we take back the increment later
+ */
+
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+ s = (SSL_SESSION *)lh_insert(ctx->sessions, c);
+
+ /*
+ * s != NULL iff we already had a session with the given PID. In this
+ * case, s == c should hold (then we did not really modify
+ * ctx->sessions), or we're in trouble.
+ */
+ if (s != NULL && s != c) {
+ /* We *are* in trouble ... */
+ SSL_SESSION_list_remove(ctx, s);
+ SSL_SESSION_free(s);
+ /*
+ * ... so pretend the other session did not exist in cache (we cannot
+ * handle two SSL_SESSION structures with identical session ID in the
+ * same cache, which could happen e.g. when two threads concurrently
+ * obtain the same session from an external cache)
+ */
+ s = NULL;
+ }
+
+ /* Put at the head of the queue unless it is already in the cache */
+ if (s == NULL)
+ SSL_SESSION_list_add(ctx, c);
+
+ if (s != NULL) {
+ /*
+ * existing cache entry -- decrement previously incremented reference
+ * count because it already takes into account the cache
+ */
+
+ SSL_SESSION_free(s); /* s == c */
+ ret = 0;
+ } else {
+ /*
+ * new cache entry -- remove old ones if cache has become too large
+ */
+
+ ret = 1;
+
+ if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
+ while (SSL_CTX_sess_number(ctx) >
+ SSL_CTX_sess_get_cache_size(ctx)) {
+ if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
+ break;
+ else
+ ctx->stats.sess_cache_full++;
+ }
+ }
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+ return (ret);
+}
+
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+ return remove_session_lock(ctx, c, 1);
+}
+
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
+{
+ SSL_SESSION *r;
+ int ret = 0;
+
+ if ((c != NULL) && (c->session_id_length != 0)) {
+ if (lck)
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+ if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions, c)) == c) {
+ ret = 1;
+ r = (SSL_SESSION *)lh_delete(ctx->sessions, c);
+ SSL_SESSION_list_remove(ctx, c);
+ }
+
+ if (lck)
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+
+ if (ret) {
+ r->not_resumable = 1;
+ if (ctx->remove_session_cb != NULL)
+ ctx->remove_session_cb(ctx, r);
+ SSL_SESSION_free(r);
+ }
+ } else
+ ret = 0;
+ return (ret);
+}
+
+void SSL_SESSION_free(SSL_SESSION *ss)
+{
+ int i;
+
+ if (ss == NULL)
+ return;
+
+ i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
+#ifdef REF_PRINT
+ REF_PRINT("SSL_SESSION", ss);
+#endif
+ if (i > 0)
+ return;
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "SSL_SESSION_free, bad reference count\n");
+ abort(); /* ok */
+ }
+#endif
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
+
+ OPENSSL_cleanse(ss->key_arg, sizeof ss->key_arg);
+ OPENSSL_cleanse(ss->master_key, sizeof ss->master_key);
+ OPENSSL_cleanse(ss->session_id, sizeof ss->session_id);
+ if (ss->sess_cert != NULL)
+ ssl_sess_cert_free(ss->sess_cert);
+ if (ss->peer != NULL)
+ X509_free(ss->peer);
+ if (ss->ciphers != NULL)
+ sk_SSL_CIPHER_free(ss->ciphers);
+#ifndef OPENSSL_NO_TLSEXT
+ if (ss->tlsext_hostname != NULL)
+ OPENSSL_free(ss->tlsext_hostname);
+ if (ss->tlsext_tick != NULL)
+ OPENSSL_free(ss->tlsext_tick);
+#endif
+ OPENSSL_cleanse(ss, sizeof(*ss));
+ OPENSSL_free(ss);
+}
+
+int SSL_set_session(SSL *s, SSL_SESSION *session)
+{
+ int ret = 0;
+ SSL_METHOD *meth;
+
+ if (session != NULL) {
+ meth = s->ctx->method->get_ssl_method(session->ssl_version);
+ if (meth == NULL)
+ meth = s->method->get_ssl_method(session->ssl_version);
+ if (meth == NULL) {
+ SSLerr(SSL_F_SSL_SET_SESSION, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
+ return (0);
+ }
+
+ if (meth != s->method) {
+ if (!SSL_set_ssl_method(s, meth))
+ return (0);
+ if (s->ctx->session_timeout == 0)
+ session->timeout = SSL_get_default_timeout(s);
+ else
+ session->timeout = s->ctx->session_timeout;
+ }
+#ifndef OPENSSL_NO_KRB5
+ if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
+ session->krb5_client_princ_len > 0) {
+ s->kssl_ctx->client_princ =
+ (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
+ memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ,
+ session->krb5_client_princ_len);
+ s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
+ }
+#endif /* OPENSSL_NO_KRB5 */
+
+ /* CRYPTO_w_lock(CRYPTO_LOCK_SSL); */
+ CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
+ if (s->session != NULL)
+ SSL_SESSION_free(s->session);
+ s->session = session;
+ s->verify_result = s->session->verify_result;
+ /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL); */
+ ret = 1;
+ } else {
+ if (s->session != NULL) {
+ SSL_SESSION_free(s->session);
+ s->session = NULL;
+ }
+
+ meth = s->ctx->method;
+ if (meth != s->method) {
+ if (!SSL_set_ssl_method(s, meth))
+ return (0);
+ }
+ ret = 1;
+ }
+ return (ret);
+}
+
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
+{
+ if (s == NULL)
+ return (0);
+ s->timeout = t;
+ return (1);
+}
+
+long SSL_SESSION_get_timeout(const SSL_SESSION *s)
+{
+ if (s == NULL)
+ return (0);
+ return (s->timeout);
+}
+
+long SSL_SESSION_get_time(const SSL_SESSION *s)
+{
+ if (s == NULL)
+ return (0);
+ return (s->time);
+}
+
+long SSL_SESSION_set_time(SSL_SESSION *s, long t)
+{
+ if (s == NULL)
+ return (0);
+ s->time = t;
+ return (t);
+}
+
+long SSL_CTX_set_timeout(SSL_CTX *s, long t)
+{
+ long l;
+ if (s == NULL)
+ return (0);
+ l = s->session_timeout;
+ s->session_timeout = t;
+ return (l);
+}
+
+long SSL_CTX_get_timeout(const SSL_CTX *s)
+{
+ if (s == NULL)
+ return (0);
+ return (s->session_timeout);
+}
+
+typedef struct timeout_param_st {
+ SSL_CTX *ctx;
+ long time;
+ LHASH *cache;
+} TIMEOUT_PARAM;
+
+static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
+{
+ if ((p->time == 0) || (p->time > (s->time + s->timeout))) { /* timeout */
+ /*
+ * The reason we don't call SSL_CTX_remove_session() is to save on
+ * locking overhead
+ */
+ lh_delete(p->cache, s);
+ SSL_SESSION_list_remove(p->ctx, s);
+ s->not_resumable = 1;
+ if (p->ctx->remove_session_cb != NULL)
+ p->ctx->remove_session_cb(p->ctx, s);
+ SSL_SESSION_free(s);
+ }
+}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION *, TIMEOUT_PARAM *)
+
+void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
+{
+ unsigned long i;
+ TIMEOUT_PARAM tp;
+
+ tp.ctx = s;
+ tp.cache = s->sessions;
+ if (tp.cache == NULL)
+ return;
+ tp.time = t;
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+ i = tp.cache->down_load;
+ tp.cache->down_load = 0;
+ lh_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), &tp);
+ tp.cache->down_load = i;
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+}
+
+int ssl_clear_bad_session(SSL *s)
+{
+ if ((s->session != NULL) &&
+ !(s->shutdown & SSL_SENT_SHUTDOWN) &&
+ !(SSL_in_init(s) || SSL_in_before(s))) {
+ SSL_CTX_remove_session(s->ctx, s->session);
+ return (1);
+ } else
+ return (0);
+}
+
+/* locked by SSL_CTX in the calling function */
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
+{
+ if ((s->next == NULL) || (s->prev == NULL))
+ return;
+
+ if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
+ /* last element in list */
+ if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
+ /* only one element in list */
+ ctx->session_cache_head = NULL;
+ ctx->session_cache_tail = NULL;
+ } else {
+ ctx->session_cache_tail = s->prev;
+ s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
+ }
+ } else {
+ if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
+ /* first element in list */
+ ctx->session_cache_head = s->next;
+ s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+ } else {
+ /* middle of list */
+ s->next->prev = s->prev;
+ s->prev->next = s->next;
+ }
+ }
+ s->prev = s->next = NULL;
+}
+
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
+{
+ if ((s->next != NULL) && (s->prev != NULL))
+ SSL_SESSION_list_remove(ctx, s);
+
+ if (ctx->session_cache_head == NULL) {
+ ctx->session_cache_head = s;
+ ctx->session_cache_tail = s;
+ s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+ s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
+ } else {
+ s->next = ctx->session_cache_head;
+ s->next->prev = s;
+ s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+ ctx->session_cache_head = s;
+ }
+}
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+ int (*cb) (struct ssl_st *ssl,
+ SSL_SESSION *sess))
+{
+ ctx->new_session_cb = cb;
+}
+
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
+ return ctx->new_session_cb;
+}
+
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+ void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
+{
+ ctx->remove_session_cb = cb;
+}
+
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
+ SSL_SESSION *sess) {
+ return ctx->remove_session_cb;
+}
+
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+ SSL_SESSION *(*cb) (struct ssl_st *ssl,
+ unsigned char *data, int len,
+ int *copy))
+{
+ ctx->get_session_cb = cb;
+}
+
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
+ unsigned char *data,
+ int len, int *copy) {
+ return ctx->get_session_cb;
+}
+
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+ void (*cb) (const SSL *ssl, int type, int val))
+{
+ ctx->info_callback = cb;
+}
+
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+ int val) {
+ return ctx->info_callback;
+}
+
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+ int (*cb) (SSL *ssl, X509 **x509,
+ EVP_PKEY **pkey))
+{
+ ctx->client_cert_cb = cb;
+}
+
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+ EVP_PKEY **pkey) {
+ return ctx->client_cert_cb;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
+{
+ if (!ENGINE_init(e)) {
+ SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
+ return 0;
+ }
+ if (!ENGINE_get_ssl_client_cert_function(e)) {
+ SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
+ SSL_R_NO_CLIENT_CERT_METHOD);
+ ENGINE_finish(e);
+ return 0;
+ }
+ ctx->client_cert_engine = e;
+ return 1;
+}
+#endif
+
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+ int (*cb) (SSL *ssl,
+ unsigned char *cookie,
+ unsigned int *cookie_len))
+{
+ ctx->app_gen_cookie_cb = cb;
+}
+
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+ int (*cb) (SSL *ssl, unsigned char *cookie,
+ unsigned int cookie_len))
+{
+ ctx->app_verify_cookie_cb = cb;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_stat.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_stat.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_stat.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,538 +0,0 @@
-/* ssl/ssl_stat.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-
-const char *SSL_state_string_long(const SSL *s)
- {
- const char *str;
-
- switch (s->state)
- {
-case SSL_ST_BEFORE: str="before SSL initialization"; break;
-case SSL_ST_ACCEPT: str="before accept initialization"; break;
-case SSL_ST_CONNECT: str="before connect initialization"; break;
-case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
-case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break;
-case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
-case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
-case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
-case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
-#ifndef OPENSSL_NO_SSL2
-case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
-case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
-case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
-case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
-case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
-case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
-case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
-case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
-case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
-case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
-case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
-case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
-case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
-#endif
-
-#ifndef OPENSSL_NO_SSL3
-/* SSLv3 additions */
-case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break;
-case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break;
-case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break;
-case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break;
-case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break;
-case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break;
-case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break;
-case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break;
-case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break;
-case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break;
-case SSL3_ST_CR_SESSION_TICKET_A: str="SSLv3 read server session ticket A";break;
-case SSL3_ST_CR_SESSION_TICKET_B: str="SSLv3 read server session ticket B";break;
-case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break;
-case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break;
-case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break;
-case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break;
-case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break;
-case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break;
-case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break;
-case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break;
-case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break;
-case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break;
-
-case SSL3_ST_CW_CHANGE_A:
-case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break;
-case SSL3_ST_CW_CHANGE_B:
-case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break;
-case SSL3_ST_CW_FINISHED_A:
-case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break;
-case SSL3_ST_CW_FINISHED_B:
-case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break;
-case SSL3_ST_CR_CHANGE_A:
-case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break;
-case SSL3_ST_CR_CHANGE_B:
-case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break;
-case SSL3_ST_CR_FINISHED_A:
-case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break;
-case SSL3_ST_CR_FINISHED_B:
-case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break;
-
-case SSL3_ST_CW_FLUSH:
-case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break;
-
-case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break;
-case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break;
-case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break;
-case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break;
-case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break;
-case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break;
-case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break;
-case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break;
-case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break;
-case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break;
-case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break;
-case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break;
-case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break;
-case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break;
-case SSL3_ST_SW_SESSION_TICKET_A: str="SSLv3 write session ticket A"; break;
-case SSL3_ST_SW_SESSION_TICKET_B: str="SSLv3 write session ticket B"; break;
-case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break;
-case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break;
-case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break;
-case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break;
-case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break;
-case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break;
-case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break;
-case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break;
-#endif
-
-/* SSLv2/v3 compatibility states */
-/* client */
-case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
-case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break;
-case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break;
-case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break;
-/* server */
-case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break;
-case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break;
-
-/* DTLS */
-case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DTLS1 read hello verify request A"; break;
-case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DTLS1 read hello verify request B"; break;
-case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DTLS1 write hello verify request A"; break;
-case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DTLS1 write hello verify request B"; break;
-
-default: str="unknown state"; break;
- }
- return(str);
- }
-
-const char *SSL_rstate_string_long(const SSL *s)
- {
- const char *str;
-
- switch (s->rstate)
- {
- case SSL_ST_READ_HEADER: str="read header"; break;
- case SSL_ST_READ_BODY: str="read body"; break;
- case SSL_ST_READ_DONE: str="read done"; break;
- default: str="unknown"; break;
- }
- return(str);
- }
-
-const char *SSL_state_string(const SSL *s)
- {
- const char *str;
-
- switch (s->state)
- {
-case SSL_ST_BEFORE: str="PINIT "; break;
-case SSL_ST_ACCEPT: str="AINIT "; break;
-case SSL_ST_CONNECT: str="CINIT "; break;
-case SSL_ST_OK: str="SSLOK "; break;
-#ifndef OPENSSL_NO_SSL2
-case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break;
-case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break;
-case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break;
-case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break;
-case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break;
-case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break;
-case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break;
-case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break;
-case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break;
-case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break;
-case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break;
-case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break;
-case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break;
-#endif
-
-#ifndef OPENSSL_NO_SSL3
-/* SSLv3 additions */
-case SSL3_ST_SW_FLUSH:
-case SSL3_ST_CW_FLUSH: str="3FLUSH"; break;
-case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break;
-case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break;
-case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break;
-case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break;
-case SSL3_ST_CR_CERT_A: str="3RSC_A"; break;
-case SSL3_ST_CR_CERT_B: str="3RSC_B"; break;
-case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break;
-case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break;
-case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break;
-case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break;
-case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break;
-case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break;
-case SSL3_ST_CW_CERT_A: str="3WCC_A"; break;
-case SSL3_ST_CW_CERT_B: str="3WCC_B"; break;
-case SSL3_ST_CW_CERT_C: str="3WCC_C"; break;
-case SSL3_ST_CW_CERT_D: str="3WCC_D"; break;
-case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break;
-case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break;
-case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break;
-case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break;
-
-case SSL3_ST_SW_CHANGE_A:
-case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break;
-case SSL3_ST_SW_CHANGE_B:
-case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break;
-case SSL3_ST_SW_FINISHED_A:
-case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break;
-case SSL3_ST_SW_FINISHED_B:
-case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break;
-case SSL3_ST_SR_CHANGE_A:
-case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break;
-case SSL3_ST_SR_CHANGE_B:
-case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break;
-case SSL3_ST_SR_FINISHED_A:
-case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break;
-case SSL3_ST_SR_FINISHED_B:
-case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break;
-
-case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break;
-case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break;
-case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break;
-case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break;
-case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break;
-case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break;
-case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break;
-case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break;
-case SSL3_ST_SW_CERT_A: str="3WSC_A"; break;
-case SSL3_ST_SW_CERT_B: str="3WSC_B"; break;
-case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break;
-case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break;
-case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break;
-case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break;
-case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break;
-case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break;
-case SSL3_ST_SR_CERT_A: str="3RCC_A"; break;
-case SSL3_ST_SR_CERT_B: str="3RCC_B"; break;
-case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break;
-case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break;
-case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break;
-case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break;
-#endif
-
-/* SSLv2/v3 compatibility states */
-/* client */
-case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
-case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break;
-case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break;
-case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break;
-/* server */
-case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break;
-case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break;
-
-/* DTLS */
-case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str="DRCHVA"; break;
-case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B: str="DRCHVB"; break;
-case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A: str="DWCHVA"; break;
-case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B: str="DWCHVB"; break;
-
-default: str="UNKWN "; break;
- }
- return(str);
- }
-
-const char *SSL_alert_type_string_long(int value)
- {
- value>>=8;
- if (value == SSL3_AL_WARNING)
- return("warning");
- else if (value == SSL3_AL_FATAL)
- return("fatal");
- else
- return("unknown");
- }
-
-const char *SSL_alert_type_string(int value)
- {
- value>>=8;
- if (value == SSL3_AL_WARNING)
- return("W");
- else if (value == SSL3_AL_FATAL)
- return("F");
- else
- return("U");
- }
-
-const char *SSL_alert_desc_string(int value)
- {
- const char *str;
-
- switch (value & 0xff)
- {
- case SSL3_AD_CLOSE_NOTIFY: str="CN"; break;
- case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break;
- case SSL3_AD_BAD_RECORD_MAC: str="BM"; break;
- case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break;
- case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break;
- case SSL3_AD_NO_CERTIFICATE: str="NC"; break;
- case SSL3_AD_BAD_CERTIFICATE: str="BC"; break;
- case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break;
- case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break;
- case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break;
- case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break;
- case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break;
- case TLS1_AD_DECRYPTION_FAILED: str="DC"; break;
- case TLS1_AD_RECORD_OVERFLOW: str="RO"; break;
- case TLS1_AD_UNKNOWN_CA: str="CA"; break;
- case TLS1_AD_ACCESS_DENIED: str="AD"; break;
- case TLS1_AD_DECODE_ERROR: str="DE"; break;
- case TLS1_AD_DECRYPT_ERROR: str="CY"; break;
- case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break;
- case TLS1_AD_PROTOCOL_VERSION: str="PV"; break;
- case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break;
- case TLS1_AD_INTERNAL_ERROR: str="IE"; break;
- case TLS1_AD_USER_CANCELLED: str="US"; break;
- case TLS1_AD_NO_RENEGOTIATION: str="NR"; break;
- case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break;
- case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break;
- case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break;
- case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break;
- case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break;
- case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break;
- default: str="UK"; break;
- }
- return(str);
- }
-
-const char *SSL_alert_desc_string_long(int value)
- {
- const char *str;
-
- switch (value & 0xff)
- {
- case SSL3_AD_CLOSE_NOTIFY:
- str="close notify";
- break;
- case SSL3_AD_UNEXPECTED_MESSAGE:
- str="unexpected_message";
- break;
- case SSL3_AD_BAD_RECORD_MAC:
- str="bad record mac";
- break;
- case SSL3_AD_DECOMPRESSION_FAILURE:
- str="decompression failure";
- break;
- case SSL3_AD_HANDSHAKE_FAILURE:
- str="handshake failure";
- break;
- case SSL3_AD_NO_CERTIFICATE:
- str="no certificate";
- break;
- case SSL3_AD_BAD_CERTIFICATE:
- str="bad certificate";
- break;
- case SSL3_AD_UNSUPPORTED_CERTIFICATE:
- str="unsupported certificate";
- break;
- case SSL3_AD_CERTIFICATE_REVOKED:
- str="certificate revoked";
- break;
- case SSL3_AD_CERTIFICATE_EXPIRED:
- str="certificate expired";
- break;
- case SSL3_AD_CERTIFICATE_UNKNOWN:
- str="certificate unknown";
- break;
- case SSL3_AD_ILLEGAL_PARAMETER:
- str="illegal parameter";
- break;
- case TLS1_AD_DECRYPTION_FAILED:
- str="decryption failed";
- break;
- case TLS1_AD_RECORD_OVERFLOW:
- str="record overflow";
- break;
- case TLS1_AD_UNKNOWN_CA:
- str="unknown CA";
- break;
- case TLS1_AD_ACCESS_DENIED:
- str="access denied";
- break;
- case TLS1_AD_DECODE_ERROR:
- str="decode error";
- break;
- case TLS1_AD_DECRYPT_ERROR:
- str="decrypt error";
- break;
- case TLS1_AD_EXPORT_RESTRICTION:
- str="export restriction";
- break;
- case TLS1_AD_PROTOCOL_VERSION:
- str="protocol version";
- break;
- case TLS1_AD_INSUFFICIENT_SECURITY:
- str="insufficient security";
- break;
- case TLS1_AD_INTERNAL_ERROR:
- str="internal error";
- break;
- case TLS1_AD_USER_CANCELLED:
- str="user canceled";
- break;
- case TLS1_AD_NO_RENEGOTIATION:
- str="no renegotiation";
- break;
- case TLS1_AD_UNSUPPORTED_EXTENSION:
- str="unsupported extension";
- break;
- case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
- str="certificate unobtainable";
- break;
- case TLS1_AD_UNRECOGNIZED_NAME:
- str="unrecognized name";
- break;
- case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
- str="bad certificate status response";
- break;
- case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
- str="bad certificate hash value";
- break;
- case TLS1_AD_UNKNOWN_PSK_IDENTITY:
- str="unknown PSK identity";
- break;
- default: str="unknown"; break;
- }
- return(str);
- }
-
-const char *SSL_rstate_string(const SSL *s)
- {
- const char *str;
-
- switch (s->rstate)
- {
- case SSL_ST_READ_HEADER:str="RH"; break;
- case SSL_ST_READ_BODY: str="RB"; break;
- case SSL_ST_READ_DONE: str="RD"; break;
- default: str="unknown"; break;
- }
- return(str);
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_stat.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_stat.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_stat.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_stat.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1046 @@
+/* ssl/ssl_stat.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+
+const char *SSL_state_string_long(const SSL *s)
+{
+ const char *str;
+
+ switch (s->state) {
+ case SSL_ST_BEFORE:
+ str = "before SSL initialization";
+ break;
+ case SSL_ST_ACCEPT:
+ str = "before accept initialization";
+ break;
+ case SSL_ST_CONNECT:
+ str = "before connect initialization";
+ break;
+ case SSL_ST_OK:
+ str = "SSL negotiation finished successfully";
+ break;
+ case SSL_ST_RENEGOTIATE:
+ str = "SSL renegotiate ciphers";
+ break;
+ case SSL_ST_BEFORE | SSL_ST_CONNECT:
+ str = "before/connect initialization";
+ break;
+ case SSL_ST_OK | SSL_ST_CONNECT:
+ str = "ok/connect SSL initialization";
+ break;
+ case SSL_ST_BEFORE | SSL_ST_ACCEPT:
+ str = "before/accept initialization";
+ break;
+ case SSL_ST_OK | SSL_ST_ACCEPT:
+ str = "ok/accept SSL initialization";
+ break;
+#ifndef OPENSSL_NO_SSL2
+ case SSL2_ST_CLIENT_START_ENCRYPTION:
+ str = "SSLv2 client start encryption";
+ break;
+ case SSL2_ST_SERVER_START_ENCRYPTION:
+ str = "SSLv2 server start encryption";
+ break;
+ case SSL2_ST_SEND_CLIENT_HELLO_A:
+ str = "SSLv2 write client hello A";
+ break;
+ case SSL2_ST_SEND_CLIENT_HELLO_B:
+ str = "SSLv2 write client hello B";
+ break;
+ case SSL2_ST_GET_SERVER_HELLO_A:
+ str = "SSLv2 read server hello A";
+ break;
+ case SSL2_ST_GET_SERVER_HELLO_B:
+ str = "SSLv2 read server hello B";
+ break;
+ case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
+ str = "SSLv2 write client master key A";
+ break;
+ case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
+ str = "SSLv2 write client master key B";
+ break;
+ case SSL2_ST_SEND_CLIENT_FINISHED_A:
+ str = "SSLv2 write client finished A";
+ break;
+ case SSL2_ST_SEND_CLIENT_FINISHED_B:
+ str = "SSLv2 write client finished B";
+ break;
+ case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
+ str = "SSLv2 write client certificate A";
+ break;
+ case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
+ str = "SSLv2 write client certificate B";
+ break;
+ case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
+ str = "SSLv2 write client certificate C";
+ break;
+ case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
+ str = "SSLv2 write client certificate D";
+ break;
+ case SSL2_ST_GET_SERVER_VERIFY_A:
+ str = "SSLv2 read server verify A";
+ break;
+ case SSL2_ST_GET_SERVER_VERIFY_B:
+ str = "SSLv2 read server verify B";
+ break;
+ case SSL2_ST_GET_SERVER_FINISHED_A:
+ str = "SSLv2 read server finished A";
+ break;
+ case SSL2_ST_GET_SERVER_FINISHED_B:
+ str = "SSLv2 read server finished B";
+ break;
+ case SSL2_ST_GET_CLIENT_HELLO_A:
+ str = "SSLv2 read client hello A";
+ break;
+ case SSL2_ST_GET_CLIENT_HELLO_B:
+ str = "SSLv2 read client hello B";
+ break;
+ case SSL2_ST_GET_CLIENT_HELLO_C:
+ str = "SSLv2 read client hello C";
+ break;
+ case SSL2_ST_SEND_SERVER_HELLO_A:
+ str = "SSLv2 write server hello A";
+ break;
+ case SSL2_ST_SEND_SERVER_HELLO_B:
+ str = "SSLv2 write server hello B";
+ break;
+ case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
+ str = "SSLv2 read client master key A";
+ break;
+ case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
+ str = "SSLv2 read client master key B";
+ break;
+ case SSL2_ST_SEND_SERVER_VERIFY_A:
+ str = "SSLv2 write server verify A";
+ break;
+ case SSL2_ST_SEND_SERVER_VERIFY_B:
+ str = "SSLv2 write server verify B";
+ break;
+ case SSL2_ST_SEND_SERVER_VERIFY_C:
+ str = "SSLv2 write server verify C";
+ break;
+ case SSL2_ST_GET_CLIENT_FINISHED_A:
+ str = "SSLv2 read client finished A";
+ break;
+ case SSL2_ST_GET_CLIENT_FINISHED_B:
+ str = "SSLv2 read client finished B";
+ break;
+ case SSL2_ST_SEND_SERVER_FINISHED_A:
+ str = "SSLv2 write server finished A";
+ break;
+ case SSL2_ST_SEND_SERVER_FINISHED_B:
+ str = "SSLv2 write server finished B";
+ break;
+ case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
+ str = "SSLv2 write request certificate A";
+ break;
+ case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
+ str = "SSLv2 write request certificate B";
+ break;
+ case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
+ str = "SSLv2 write request certificate C";
+ break;
+ case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
+ str = "SSLv2 write request certificate D";
+ break;
+ case SSL2_ST_X509_GET_SERVER_CERTIFICATE:
+ str = "SSLv2 X509 read server certificate";
+ break;
+ case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
+ str = "SSLv2 X509 read client certificate";
+ break;
+#endif
+
+#ifndef OPENSSL_NO_SSL3
+/* SSLv3 additions */
+ case SSL3_ST_CW_CLNT_HELLO_A:
+ str = "SSLv3 write client hello A";
+ break;
+ case SSL3_ST_CW_CLNT_HELLO_B:
+ str = "SSLv3 write client hello B";
+ break;
+ case SSL3_ST_CR_SRVR_HELLO_A:
+ str = "SSLv3 read server hello A";
+ break;
+ case SSL3_ST_CR_SRVR_HELLO_B:
+ str = "SSLv3 read server hello B";
+ break;
+ case SSL3_ST_CR_CERT_A:
+ str = "SSLv3 read server certificate A";
+ break;
+ case SSL3_ST_CR_CERT_B:
+ str = "SSLv3 read server certificate B";
+ break;
+ case SSL3_ST_CR_KEY_EXCH_A:
+ str = "SSLv3 read server key exchange A";
+ break;
+ case SSL3_ST_CR_KEY_EXCH_B:
+ str = "SSLv3 read server key exchange B";
+ break;
+ case SSL3_ST_CR_CERT_REQ_A:
+ str = "SSLv3 read server certificate request A";
+ break;
+ case SSL3_ST_CR_CERT_REQ_B:
+ str = "SSLv3 read server certificate request B";
+ break;
+ case SSL3_ST_CR_SESSION_TICKET_A:
+ str = "SSLv3 read server session ticket A";
+ break;
+ case SSL3_ST_CR_SESSION_TICKET_B:
+ str = "SSLv3 read server session ticket B";
+ break;
+ case SSL3_ST_CR_SRVR_DONE_A:
+ str = "SSLv3 read server done A";
+ break;
+ case SSL3_ST_CR_SRVR_DONE_B:
+ str = "SSLv3 read server done B";
+ break;
+ case SSL3_ST_CW_CERT_A:
+ str = "SSLv3 write client certificate A";
+ break;
+ case SSL3_ST_CW_CERT_B:
+ str = "SSLv3 write client certificate B";
+ break;
+ case SSL3_ST_CW_CERT_C:
+ str = "SSLv3 write client certificate C";
+ break;
+ case SSL3_ST_CW_CERT_D:
+ str = "SSLv3 write client certificate D";
+ break;
+ case SSL3_ST_CW_KEY_EXCH_A:
+ str = "SSLv3 write client key exchange A";
+ break;
+ case SSL3_ST_CW_KEY_EXCH_B:
+ str = "SSLv3 write client key exchange B";
+ break;
+ case SSL3_ST_CW_CERT_VRFY_A:
+ str = "SSLv3 write certificate verify A";
+ break;
+ case SSL3_ST_CW_CERT_VRFY_B:
+ str = "SSLv3 write certificate verify B";
+ break;
+
+ case SSL3_ST_CW_CHANGE_A:
+ case SSL3_ST_SW_CHANGE_A:
+ str = "SSLv3 write change cipher spec A";
+ break;
+ case SSL3_ST_CW_CHANGE_B:
+ case SSL3_ST_SW_CHANGE_B:
+ str = "SSLv3 write change cipher spec B";
+ break;
+ case SSL3_ST_CW_FINISHED_A:
+ case SSL3_ST_SW_FINISHED_A:
+ str = "SSLv3 write finished A";
+ break;
+ case SSL3_ST_CW_FINISHED_B:
+ case SSL3_ST_SW_FINISHED_B:
+ str = "SSLv3 write finished B";
+ break;
+ case SSL3_ST_CR_CHANGE_A:
+ case SSL3_ST_SR_CHANGE_A:
+ str = "SSLv3 read change cipher spec A";
+ break;
+ case SSL3_ST_CR_CHANGE_B:
+ case SSL3_ST_SR_CHANGE_B:
+ str = "SSLv3 read change cipher spec B";
+ break;
+ case SSL3_ST_CR_FINISHED_A:
+ case SSL3_ST_SR_FINISHED_A:
+ str = "SSLv3 read finished A";
+ break;
+ case SSL3_ST_CR_FINISHED_B:
+ case SSL3_ST_SR_FINISHED_B:
+ str = "SSLv3 read finished B";
+ break;
+
+ case SSL3_ST_CW_FLUSH:
+ case SSL3_ST_SW_FLUSH:
+ str = "SSLv3 flush data";
+ break;
+
+ case SSL3_ST_SR_CLNT_HELLO_A:
+ str = "SSLv3 read client hello A";
+ break;
+ case SSL3_ST_SR_CLNT_HELLO_B:
+ str = "SSLv3 read client hello B";
+ break;
+ case SSL3_ST_SR_CLNT_HELLO_C:
+ str = "SSLv3 read client hello C";
+ break;
+ case SSL3_ST_SW_HELLO_REQ_A:
+ str = "SSLv3 write hello request A";
+ break;
+ case SSL3_ST_SW_HELLO_REQ_B:
+ str = "SSLv3 write hello request B";
+ break;
+ case SSL3_ST_SW_HELLO_REQ_C:
+ str = "SSLv3 write hello request C";
+ break;
+ case SSL3_ST_SW_SRVR_HELLO_A:
+ str = "SSLv3 write server hello A";
+ break;
+ case SSL3_ST_SW_SRVR_HELLO_B:
+ str = "SSLv3 write server hello B";
+ break;
+ case SSL3_ST_SW_CERT_A:
+ str = "SSLv3 write certificate A";
+ break;
+ case SSL3_ST_SW_CERT_B:
+ str = "SSLv3 write certificate B";
+ break;
+ case SSL3_ST_SW_KEY_EXCH_A:
+ str = "SSLv3 write key exchange A";
+ break;
+ case SSL3_ST_SW_KEY_EXCH_B:
+ str = "SSLv3 write key exchange B";
+ break;
+ case SSL3_ST_SW_CERT_REQ_A:
+ str = "SSLv3 write certificate request A";
+ break;
+ case SSL3_ST_SW_CERT_REQ_B:
+ str = "SSLv3 write certificate request B";
+ break;
+ case SSL3_ST_SW_SESSION_TICKET_A:
+ str = "SSLv3 write session ticket A";
+ break;
+ case SSL3_ST_SW_SESSION_TICKET_B:
+ str = "SSLv3 write session ticket B";
+ break;
+ case SSL3_ST_SW_SRVR_DONE_A:
+ str = "SSLv3 write server done A";
+ break;
+ case SSL3_ST_SW_SRVR_DONE_B:
+ str = "SSLv3 write server done B";
+ break;
+ case SSL3_ST_SR_CERT_A:
+ str = "SSLv3 read client certificate A";
+ break;
+ case SSL3_ST_SR_CERT_B:
+ str = "SSLv3 read client certificate B";
+ break;
+ case SSL3_ST_SR_KEY_EXCH_A:
+ str = "SSLv3 read client key exchange A";
+ break;
+ case SSL3_ST_SR_KEY_EXCH_B:
+ str = "SSLv3 read client key exchange B";
+ break;
+ case SSL3_ST_SR_CERT_VRFY_A:
+ str = "SSLv3 read certificate verify A";
+ break;
+ case SSL3_ST_SR_CERT_VRFY_B:
+ str = "SSLv3 read certificate verify B";
+ break;
+#endif
+
+/* SSLv2/v3 compatibility states */
+/* client */
+ case SSL23_ST_CW_CLNT_HELLO_A:
+ str = "SSLv2/v3 write client hello A";
+ break;
+ case SSL23_ST_CW_CLNT_HELLO_B:
+ str = "SSLv2/v3 write client hello B";
+ break;
+ case SSL23_ST_CR_SRVR_HELLO_A:
+ str = "SSLv2/v3 read server hello A";
+ break;
+ case SSL23_ST_CR_SRVR_HELLO_B:
+ str = "SSLv2/v3 read server hello B";
+ break;
+/* server */
+ case SSL23_ST_SR_CLNT_HELLO_A:
+ str = "SSLv2/v3 read client hello A";
+ break;
+ case SSL23_ST_SR_CLNT_HELLO_B:
+ str = "SSLv2/v3 read client hello B";
+ break;
+
+/* DTLS */
+ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
+ str = "DTLS1 read hello verify request A";
+ break;
+ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
+ str = "DTLS1 read hello verify request B";
+ break;
+ case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
+ str = "DTLS1 write hello verify request A";
+ break;
+ case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
+ str = "DTLS1 write hello verify request B";
+ break;
+
+ default:
+ str = "unknown state";
+ break;
+ }
+ return (str);
+}
+
+const char *SSL_rstate_string_long(const SSL *s)
+{
+ const char *str;
+
+ switch (s->rstate) {
+ case SSL_ST_READ_HEADER:
+ str = "read header";
+ break;
+ case SSL_ST_READ_BODY:
+ str = "read body";
+ break;
+ case SSL_ST_READ_DONE:
+ str = "read done";
+ break;
+ default:
+ str = "unknown";
+ break;
+ }
+ return (str);
+}
+
+const char *SSL_state_string(const SSL *s)
+{
+ const char *str;
+
+ switch (s->state) {
+ case SSL_ST_BEFORE:
+ str = "PINIT ";
+ break;
+ case SSL_ST_ACCEPT:
+ str = "AINIT ";
+ break;
+ case SSL_ST_CONNECT:
+ str = "CINIT ";
+ break;
+ case SSL_ST_OK:
+ str = "SSLOK ";
+ break;
+#ifndef OPENSSL_NO_SSL2
+ case SSL2_ST_CLIENT_START_ENCRYPTION:
+ str = "2CSENC";
+ break;
+ case SSL2_ST_SERVER_START_ENCRYPTION:
+ str = "2SSENC";
+ break;
+ case SSL2_ST_SEND_CLIENT_HELLO_A:
+ str = "2SCH_A";
+ break;
+ case SSL2_ST_SEND_CLIENT_HELLO_B:
+ str = "2SCH_B";
+ break;
+ case SSL2_ST_GET_SERVER_HELLO_A:
+ str = "2GSH_A";
+ break;
+ case SSL2_ST_GET_SERVER_HELLO_B:
+ str = "2GSH_B";
+ break;
+ case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
+ str = "2SCMKA";
+ break;
+ case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
+ str = "2SCMKB";
+ break;
+ case SSL2_ST_SEND_CLIENT_FINISHED_A:
+ str = "2SCF_A";
+ break;
+ case SSL2_ST_SEND_CLIENT_FINISHED_B:
+ str = "2SCF_B";
+ break;
+ case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
+ str = "2SCC_A";
+ break;
+ case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
+ str = "2SCC_B";
+ break;
+ case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
+ str = "2SCC_C";
+ break;
+ case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
+ str = "2SCC_D";
+ break;
+ case SSL2_ST_GET_SERVER_VERIFY_A:
+ str = "2GSV_A";
+ break;
+ case SSL2_ST_GET_SERVER_VERIFY_B:
+ str = "2GSV_B";
+ break;
+ case SSL2_ST_GET_SERVER_FINISHED_A:
+ str = "2GSF_A";
+ break;
+ case SSL2_ST_GET_SERVER_FINISHED_B:
+ str = "2GSF_B";
+ break;
+ case SSL2_ST_GET_CLIENT_HELLO_A:
+ str = "2GCH_A";
+ break;
+ case SSL2_ST_GET_CLIENT_HELLO_B:
+ str = "2GCH_B";
+ break;
+ case SSL2_ST_GET_CLIENT_HELLO_C:
+ str = "2GCH_C";
+ break;
+ case SSL2_ST_SEND_SERVER_HELLO_A:
+ str = "2SSH_A";
+ break;
+ case SSL2_ST_SEND_SERVER_HELLO_B:
+ str = "2SSH_B";
+ break;
+ case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
+ str = "2GCMKA";
+ break;
+ case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
+ str = "2GCMKA";
+ break;
+ case SSL2_ST_SEND_SERVER_VERIFY_A:
+ str = "2SSV_A";
+ break;
+ case SSL2_ST_SEND_SERVER_VERIFY_B:
+ str = "2SSV_B";
+ break;
+ case SSL2_ST_SEND_SERVER_VERIFY_C:
+ str = "2SSV_C";
+ break;
+ case SSL2_ST_GET_CLIENT_FINISHED_A:
+ str = "2GCF_A";
+ break;
+ case SSL2_ST_GET_CLIENT_FINISHED_B:
+ str = "2GCF_B";
+ break;
+ case SSL2_ST_SEND_SERVER_FINISHED_A:
+ str = "2SSF_A";
+ break;
+ case SSL2_ST_SEND_SERVER_FINISHED_B:
+ str = "2SSF_B";
+ break;
+ case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
+ str = "2SRC_A";
+ break;
+ case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
+ str = "2SRC_B";
+ break;
+ case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
+ str = "2SRC_C";
+ break;
+ case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
+ str = "2SRC_D";
+ break;
+ case SSL2_ST_X509_GET_SERVER_CERTIFICATE:
+ str = "2X9GSC";
+ break;
+ case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
+ str = "2X9GCC";
+ break;
+#endif
+
+#ifndef OPENSSL_NO_SSL3
+/* SSLv3 additions */
+ case SSL3_ST_SW_FLUSH:
+ case SSL3_ST_CW_FLUSH:
+ str = "3FLUSH";
+ break;
+ case SSL3_ST_CW_CLNT_HELLO_A:
+ str = "3WCH_A";
+ break;
+ case SSL3_ST_CW_CLNT_HELLO_B:
+ str = "3WCH_B";
+ break;
+ case SSL3_ST_CR_SRVR_HELLO_A:
+ str = "3RSH_A";
+ break;
+ case SSL3_ST_CR_SRVR_HELLO_B:
+ str = "3RSH_B";
+ break;
+ case SSL3_ST_CR_CERT_A:
+ str = "3RSC_A";
+ break;
+ case SSL3_ST_CR_CERT_B:
+ str = "3RSC_B";
+ break;
+ case SSL3_ST_CR_KEY_EXCH_A:
+ str = "3RSKEA";
+ break;
+ case SSL3_ST_CR_KEY_EXCH_B:
+ str = "3RSKEB";
+ break;
+ case SSL3_ST_CR_CERT_REQ_A:
+ str = "3RCR_A";
+ break;
+ case SSL3_ST_CR_CERT_REQ_B:
+ str = "3RCR_B";
+ break;
+ case SSL3_ST_CR_SRVR_DONE_A:
+ str = "3RSD_A";
+ break;
+ case SSL3_ST_CR_SRVR_DONE_B:
+ str = "3RSD_B";
+ break;
+ case SSL3_ST_CW_CERT_A:
+ str = "3WCC_A";
+ break;
+ case SSL3_ST_CW_CERT_B:
+ str = "3WCC_B";
+ break;
+ case SSL3_ST_CW_CERT_C:
+ str = "3WCC_C";
+ break;
+ case SSL3_ST_CW_CERT_D:
+ str = "3WCC_D";
+ break;
+ case SSL3_ST_CW_KEY_EXCH_A:
+ str = "3WCKEA";
+ break;
+ case SSL3_ST_CW_KEY_EXCH_B:
+ str = "3WCKEB";
+ break;
+ case SSL3_ST_CW_CERT_VRFY_A:
+ str = "3WCV_A";
+ break;
+ case SSL3_ST_CW_CERT_VRFY_B:
+ str = "3WCV_B";
+ break;
+
+ case SSL3_ST_SW_CHANGE_A:
+ case SSL3_ST_CW_CHANGE_A:
+ str = "3WCCSA";
+ break;
+ case SSL3_ST_SW_CHANGE_B:
+ case SSL3_ST_CW_CHANGE_B:
+ str = "3WCCSB";
+ break;
+ case SSL3_ST_SW_FINISHED_A:
+ case SSL3_ST_CW_FINISHED_A:
+ str = "3WFINA";
+ break;
+ case SSL3_ST_SW_FINISHED_B:
+ case SSL3_ST_CW_FINISHED_B:
+ str = "3WFINB";
+ break;
+ case SSL3_ST_SR_CHANGE_A:
+ case SSL3_ST_CR_CHANGE_A:
+ str = "3RCCSA";
+ break;
+ case SSL3_ST_SR_CHANGE_B:
+ case SSL3_ST_CR_CHANGE_B:
+ str = "3RCCSB";
+ break;
+ case SSL3_ST_SR_FINISHED_A:
+ case SSL3_ST_CR_FINISHED_A:
+ str = "3RFINA";
+ break;
+ case SSL3_ST_SR_FINISHED_B:
+ case SSL3_ST_CR_FINISHED_B:
+ str = "3RFINB";
+ break;
+
+ case SSL3_ST_SW_HELLO_REQ_A:
+ str = "3WHR_A";
+ break;
+ case SSL3_ST_SW_HELLO_REQ_B:
+ str = "3WHR_B";
+ break;
+ case SSL3_ST_SW_HELLO_REQ_C:
+ str = "3WHR_C";
+ break;
+ case SSL3_ST_SR_CLNT_HELLO_A:
+ str = "3RCH_A";
+ break;
+ case SSL3_ST_SR_CLNT_HELLO_B:
+ str = "3RCH_B";
+ break;
+ case SSL3_ST_SR_CLNT_HELLO_C:
+ str = "3RCH_C";
+ break;
+ case SSL3_ST_SW_SRVR_HELLO_A:
+ str = "3WSH_A";
+ break;
+ case SSL3_ST_SW_SRVR_HELLO_B:
+ str = "3WSH_B";
+ break;
+ case SSL3_ST_SW_CERT_A:
+ str = "3WSC_A";
+ break;
+ case SSL3_ST_SW_CERT_B:
+ str = "3WSC_B";
+ break;
+ case SSL3_ST_SW_KEY_EXCH_A:
+ str = "3WSKEA";
+ break;
+ case SSL3_ST_SW_KEY_EXCH_B:
+ str = "3WSKEB";
+ break;
+ case SSL3_ST_SW_CERT_REQ_A:
+ str = "3WCR_A";
+ break;
+ case SSL3_ST_SW_CERT_REQ_B:
+ str = "3WCR_B";
+ break;
+ case SSL3_ST_SW_SRVR_DONE_A:
+ str = "3WSD_A";
+ break;
+ case SSL3_ST_SW_SRVR_DONE_B:
+ str = "3WSD_B";
+ break;
+ case SSL3_ST_SR_CERT_A:
+ str = "3RCC_A";
+ break;
+ case SSL3_ST_SR_CERT_B:
+ str = "3RCC_B";
+ break;
+ case SSL3_ST_SR_KEY_EXCH_A:
+ str = "3RCKEA";
+ break;
+ case SSL3_ST_SR_KEY_EXCH_B:
+ str = "3RCKEB";
+ break;
+ case SSL3_ST_SR_CERT_VRFY_A:
+ str = "3RCV_A";
+ break;
+ case SSL3_ST_SR_CERT_VRFY_B:
+ str = "3RCV_B";
+ break;
+#endif
+
+/* SSLv2/v3 compatibility states */
+/* client */
+ case SSL23_ST_CW_CLNT_HELLO_A:
+ str = "23WCHA";
+ break;
+ case SSL23_ST_CW_CLNT_HELLO_B:
+ str = "23WCHB";
+ break;
+ case SSL23_ST_CR_SRVR_HELLO_A:
+ str = "23RSHA";
+ break;
+ case SSL23_ST_CR_SRVR_HELLO_B:
+ str = "23RSHA";
+ break;
+/* server */
+ case SSL23_ST_SR_CLNT_HELLO_A:
+ str = "23RCHA";
+ break;
+ case SSL23_ST_SR_CLNT_HELLO_B:
+ str = "23RCHB";
+ break;
+
+/* DTLS */
+ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
+ str = "DRCHVA";
+ break;
+ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
+ str = "DRCHVB";
+ break;
+ case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
+ str = "DWCHVA";
+ break;
+ case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
+ str = "DWCHVB";
+ break;
+
+ default:
+ str = "UNKWN ";
+ break;
+ }
+ return (str);
+}
+
+const char *SSL_alert_type_string_long(int value)
+{
+ value >>= 8;
+ if (value == SSL3_AL_WARNING)
+ return ("warning");
+ else if (value == SSL3_AL_FATAL)
+ return ("fatal");
+ else
+ return ("unknown");
+}
+
+const char *SSL_alert_type_string(int value)
+{
+ value >>= 8;
+ if (value == SSL3_AL_WARNING)
+ return ("W");
+ else if (value == SSL3_AL_FATAL)
+ return ("F");
+ else
+ return ("U");
+}
+
+const char *SSL_alert_desc_string(int value)
+{
+ const char *str;
+
+ switch (value & 0xff) {
+ case SSL3_AD_CLOSE_NOTIFY:
+ str = "CN";
+ break;
+ case SSL3_AD_UNEXPECTED_MESSAGE:
+ str = "UM";
+ break;
+ case SSL3_AD_BAD_RECORD_MAC:
+ str = "BM";
+ break;
+ case SSL3_AD_DECOMPRESSION_FAILURE:
+ str = "DF";
+ break;
+ case SSL3_AD_HANDSHAKE_FAILURE:
+ str = "HF";
+ break;
+ case SSL3_AD_NO_CERTIFICATE:
+ str = "NC";
+ break;
+ case SSL3_AD_BAD_CERTIFICATE:
+ str = "BC";
+ break;
+ case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+ str = "UC";
+ break;
+ case SSL3_AD_CERTIFICATE_REVOKED:
+ str = "CR";
+ break;
+ case SSL3_AD_CERTIFICATE_EXPIRED:
+ str = "CE";
+ break;
+ case SSL3_AD_CERTIFICATE_UNKNOWN:
+ str = "CU";
+ break;
+ case SSL3_AD_ILLEGAL_PARAMETER:
+ str = "IP";
+ break;
+ case TLS1_AD_DECRYPTION_FAILED:
+ str = "DC";
+ break;
+ case TLS1_AD_RECORD_OVERFLOW:
+ str = "RO";
+ break;
+ case TLS1_AD_UNKNOWN_CA:
+ str = "CA";
+ break;
+ case TLS1_AD_ACCESS_DENIED:
+ str = "AD";
+ break;
+ case TLS1_AD_DECODE_ERROR:
+ str = "DE";
+ break;
+ case TLS1_AD_DECRYPT_ERROR:
+ str = "CY";
+ break;
+ case TLS1_AD_EXPORT_RESTRICTION:
+ str = "ER";
+ break;
+ case TLS1_AD_PROTOCOL_VERSION:
+ str = "PV";
+ break;
+ case TLS1_AD_INSUFFICIENT_SECURITY:
+ str = "IS";
+ break;
+ case TLS1_AD_INTERNAL_ERROR:
+ str = "IE";
+ break;
+ case TLS1_AD_USER_CANCELLED:
+ str = "US";
+ break;
+ case TLS1_AD_NO_RENEGOTIATION:
+ str = "NR";
+ break;
+ case TLS1_AD_UNSUPPORTED_EXTENSION:
+ str = "UE";
+ break;
+ case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+ str = "CO";
+ break;
+ case TLS1_AD_UNRECOGNIZED_NAME:
+ str = "UN";
+ break;
+ case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+ str = "BR";
+ break;
+ case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+ str = "BH";
+ break;
+ case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+ str = "UP";
+ break;
+ default:
+ str = "UK";
+ break;
+ }
+ return (str);
+}
+
+const char *SSL_alert_desc_string_long(int value)
+{
+ const char *str;
+
+ switch (value & 0xff) {
+ case SSL3_AD_CLOSE_NOTIFY:
+ str = "close notify";
+ break;
+ case SSL3_AD_UNEXPECTED_MESSAGE:
+ str = "unexpected_message";
+ break;
+ case SSL3_AD_BAD_RECORD_MAC:
+ str = "bad record mac";
+ break;
+ case SSL3_AD_DECOMPRESSION_FAILURE:
+ str = "decompression failure";
+ break;
+ case SSL3_AD_HANDSHAKE_FAILURE:
+ str = "handshake failure";
+ break;
+ case SSL3_AD_NO_CERTIFICATE:
+ str = "no certificate";
+ break;
+ case SSL3_AD_BAD_CERTIFICATE:
+ str = "bad certificate";
+ break;
+ case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+ str = "unsupported certificate";
+ break;
+ case SSL3_AD_CERTIFICATE_REVOKED:
+ str = "certificate revoked";
+ break;
+ case SSL3_AD_CERTIFICATE_EXPIRED:
+ str = "certificate expired";
+ break;
+ case SSL3_AD_CERTIFICATE_UNKNOWN:
+ str = "certificate unknown";
+ break;
+ case SSL3_AD_ILLEGAL_PARAMETER:
+ str = "illegal parameter";
+ break;
+ case TLS1_AD_DECRYPTION_FAILED:
+ str = "decryption failed";
+ break;
+ case TLS1_AD_RECORD_OVERFLOW:
+ str = "record overflow";
+ break;
+ case TLS1_AD_UNKNOWN_CA:
+ str = "unknown CA";
+ break;
+ case TLS1_AD_ACCESS_DENIED:
+ str = "access denied";
+ break;
+ case TLS1_AD_DECODE_ERROR:
+ str = "decode error";
+ break;
+ case TLS1_AD_DECRYPT_ERROR:
+ str = "decrypt error";
+ break;
+ case TLS1_AD_EXPORT_RESTRICTION:
+ str = "export restriction";
+ break;
+ case TLS1_AD_PROTOCOL_VERSION:
+ str = "protocol version";
+ break;
+ case TLS1_AD_INSUFFICIENT_SECURITY:
+ str = "insufficient security";
+ break;
+ case TLS1_AD_INTERNAL_ERROR:
+ str = "internal error";
+ break;
+ case TLS1_AD_USER_CANCELLED:
+ str = "user canceled";
+ break;
+ case TLS1_AD_NO_RENEGOTIATION:
+ str = "no renegotiation";
+ break;
+ case TLS1_AD_UNSUPPORTED_EXTENSION:
+ str = "unsupported extension";
+ break;
+ case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+ str = "certificate unobtainable";
+ break;
+ case TLS1_AD_UNRECOGNIZED_NAME:
+ str = "unrecognized name";
+ break;
+ case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+ str = "bad certificate status response";
+ break;
+ case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+ str = "bad certificate hash value";
+ break;
+ case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+ str = "unknown PSK identity";
+ break;
+ default:
+ str = "unknown";
+ break;
+ }
+ return (str);
+}
+
+const char *SSL_rstate_string(const SSL *s)
+{
+ const char *str;
+
+ switch (s->rstate) {
+ case SSL_ST_READ_HEADER:
+ str = "RH";
+ break;
+ case SSL_ST_READ_BODY:
+ str = "RB";
+ break;
+ case SSL_ST_READ_DONE:
+ str = "RD";
+ break;
+ default:
+ str = "unknown";
+ break;
+ }
+ return (str);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_task.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_task.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_task.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,369 +0,0 @@
-/* ssl/ssl_task.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* VMS */
-/*
- * DECnet object for servicing SSL. We accept the inbound and speak a
- * simple protocol for multiplexing the 2 data streams (application and
- * ssl data) over this logical link.
- *
- * Logical names:
- * SSL_CIPHER Defines a list of cipher specifications the server
- * will support in order of preference.
- * SSL_SERVER_CERTIFICATE
- * Points to PEM (privacy enhanced mail) file that
- * contains the server certificate and private password.
- * SYS$NET Logical created by netserver.exe as hook for completing
- * DECnet logical link.
- *
- * Each NSP message sent over the DECnet link has the following structure:
- * struct rpc_msg {
- * char channel;
- * char function;
- * short length;
- * char data[MAX_DATA];
- * } msg;
- *
- * The channel field designates the virtual data stream this message applies
- * to and is one of:
- * A - Application data (payload).
- * R - Remote client connection that initiated the SSL connection. Encrypted
- * data is sent over this connection.
- * G - General data, reserved for future use.
- *
- * The data streams are half-duplex read/write and have following functions:
- * G - Get, requests that up to msg.length bytes of data be returned. The
- * data is returned in the next 'C' function response that matches the
- * requesting channel.
- * P - Put, requests that the first msg.length bytes of msg.data be appended
- * to the designated stream.
- * C - Confirms a get or put. Every get and put will get a confirm response,
- * you cannot initiate another function on a channel until the previous
- * operation has been confirmed.
- *
- * The 2 channels may interleave their operations, for example:
- * Server msg Client msg
- * A, Get, 4092 ---->
- * <---- R, get, 4092
- * R, Confirm, {hello} ---->
- * <---- R, put, {srv hello}
- * R, Confirm, 0 ---->
- * . (SSL handshake completed)
- * . (read first app data).
- * <---- A, confirm, {http data}
- * A, Put, {http data} ---->
- * <---- A, confirm, 0
- *
- * The length field is not permitted to be larger that 4092 bytes.
- *
- * Author: Dave Jones
- * Date: 22-JUL-1996
- */
-#include <stdlib.h>
-#include <stdio.h>
-#include <iodef.h> /* VMS IO$_ definitions */
-#include <descrip.h> /* VMS string descriptors */
-extern int SYS$QIOW(), SYS$ASSIGN();
-int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
-
-#include <string.h> /* from ssltest.c */
-#include <errno.h>
-
-#include "e_os.h"
-
-#include <openssl/buffer.h>
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
- int error);
-BIO *bio_err=NULL;
-BIO *bio_stdout=NULL;
-BIO_METHOD *BIO_s_rtcp();
-
-static char *cipher=NULL;
-int verbose=1;
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-#define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE"
-/*************************************************************************/
-struct rpc_msg { /* Should have member alignment inhibited */
- char channel; /* 'A'-app data. 'R'-remote client 'G'-global */
- char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
- unsigned short int length; /* Amount of data returned or max to return */
- char data[4092]; /* variable data */
-};
-#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
-
-static $DESCRIPTOR(sysnet, "SYS$NET");
-typedef unsigned short io_channel;
-
-struct io_status {
- unsigned short status;
- unsigned short count;
- unsigned long stsval;
-};
-int doit(io_channel chan, SSL_CTX *s_ctx );
-/*****************************************************************************/
-/* Decnet I/O routines.
- */
-static int get ( io_channel chan, char *buffer, int maxlen, int *length )
-{
- int status;
- struct io_status iosb;
- status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
- buffer, maxlen, 0, 0, 0, 0 );
- if ( (status&1) == 1 ) status = iosb.status;
- if ( (status&1) == 1 ) *length = iosb.count;
- return status;
-}
-
-static int put ( io_channel chan, char *buffer, int length )
-{
- int status;
- struct io_status iosb;
- status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
- buffer, length, 0, 0, 0, 0 );
- if ( (status&1) == 1 ) status = iosb.status;
- return status;
-}
-/***************************************************************************/
-/* Handle operations on the 'G' channel.
- */
-static int general_request ( io_channel chan, struct rpc_msg *msg, int length )
-{
- return 48;
-}
-/***************************************************************************/
-int main ( int argc, char **argv )
-{
- int status, length;
- io_channel chan;
- struct rpc_msg msg;
-
- char *CApath=NULL,*CAfile=NULL;
- int badop=0;
- int ret=1;
- int client_auth=0;
- int server_auth=0;
- SSL_CTX *s_ctx=NULL;
- /*
- * Confirm logical link with initiating client.
- */
- LIB$INIT_TIMER();
- status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 );
- printf("status of assign to SYS$NET: %d\n", status );
- /*
- * Initialize standard out and error files.
- */
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
- if (bio_stdout == NULL)
- if ((bio_stdout=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_stdout,stdout,BIO_NOCLOSE);
- /*
- * get the preferred cipher list and other initialization
- */
- if (cipher == NULL) cipher=getenv("SSL_CIPHER");
- printf("cipher list: %s\n", cipher ? cipher : "{undefined}" );
-
- SSL_load_error_strings();
- OpenSSL_add_all_algorithms();
-
-/* DRM, this was the original, but there is no such thing as SSLv2()
- s_ctx=SSL_CTX_new(SSLv2());
-*/
- s_ctx=SSL_CTX_new(SSLv2_server_method());
-
- if (s_ctx == NULL) goto end;
-
- SSL_CTX_use_certificate_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);
- SSL_CTX_use_RSAPrivateKey_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);
- printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT );
-
- /*
- * Take commands from client until bad status.
- */
- LIB$SHOW_TIMER();
- status = doit ( chan, s_ctx );
- LIB$SHOW_TIMER();
- /*
- * do final cleanup and exit.
- */
-end:
- if (s_ctx != NULL) SSL_CTX_free(s_ctx);
- LIB$SHOW_TIMER();
- return 1;
-}
-
-int doit(io_channel chan, SSL_CTX *s_ctx )
-{
- int status, length, link_state;
- struct rpc_msg msg;
-
- SSL *s_ssl=NULL;
- BIO *c_to_s=NULL;
- BIO *s_to_c=NULL;
- BIO *c_bio=NULL;
- BIO *s_bio=NULL;
- int i;
- int done=0;
-
- s_ssl=SSL_new(s_ctx);
- if (s_ssl == NULL) goto err;
-
- c_to_s=BIO_new(BIO_s_rtcp());
- s_to_c=BIO_new(BIO_s_rtcp());
- if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
-/* original, DRM 24-SEP-1997
- BIO_set_fd ( c_to_s, "", chan );
- BIO_set_fd ( s_to_c, "", chan );
-*/
- BIO_set_fd ( c_to_s, 0, chan );
- BIO_set_fd ( s_to_c, 0, chan );
-
- c_bio=BIO_new(BIO_f_ssl());
- s_bio=BIO_new(BIO_f_ssl());
- if ((c_bio == NULL) || (s_bio == NULL)) goto err;
-
- SSL_set_accept_state(s_ssl);
- SSL_set_bio(s_ssl,c_to_s,s_to_c);
- BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE);
-
- /* We can always do writes */
- printf("Begin doit main loop\n");
- /*
- * Link states: 0-idle, 1-read pending, 2-write pending, 3-closed.
- */
- for (link_state = 0; link_state < 3; ) {
- /*
- * Wait for remote end to request data action on A channel.
- */
- while ( link_state == 0 ) {
- status = get ( chan, (char *) &msg, sizeof(msg), &length );
- if ( (status&1) == 0 ) {
- printf("Error in main loop get: %d\n", status );
- link_state = 3;
- break;
- }
- if ( length < RPC_HDR_SIZE ) {
- printf("Error in main loop get size: %d\n", length );
- break;
- link_state = 3;
- }
- if ( msg.channel != 'A' ) {
- printf("Error in main loop, unexpected channel: %c\n",
- msg.channel );
- break;
- link_state = 3;
- }
- if ( msg.function == 'G' ) {
- link_state = 1;
- } else if ( msg.function == 'P' ) {
- link_state = 2; /* write pending */
- } else if ( msg.function == 'X' ) {
- link_state = 3;
- } else {
- link_state = 3;
- }
- }
- if ( link_state == 1 ) {
- i = BIO_read ( s_bio, msg.data, msg.length );
- if ( i < 0 ) link_state = 3;
- else {
- msg.channel = 'A';
- msg.function = 'C'; /* confirm */
- msg.length = i;
- status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE );
- if ( (status&1) == 0 ) break;
- link_state = 0;
- }
- } else if ( link_state == 2 ) {
- i = BIO_write ( s_bio, msg.data, msg.length );
- if ( i < 0 ) link_state = 3;
- else {
- msg.channel = 'A';
- msg.function = 'C'; /* confirm */
- msg.length = 0;
- status = put ( chan, (char *) &msg, RPC_HDR_SIZE );
- if ( (status&1) == 0 ) break;
- link_state = 0;
- }
- }
- }
- fprintf(stdout,"DONE\n");
-err:
- /* We have to set the BIO's to NULL otherwise they will be
- * free()ed twice. Once when th s_ssl is SSL_free()ed and
- * again when c_ssl is SSL_free()ed.
- * This is a hack required because s_ssl and c_ssl are sharing the same
- * BIO structure and SSL_set_bio() and SSL_free() automatically
- * BIO_free non NULL entries.
- * You should not normally do this or be required to do this */
- s_ssl->rbio=NULL;
- s_ssl->wbio=NULL;
-
- if (c_to_s != NULL) BIO_free(c_to_s);
- if (s_to_c != NULL) BIO_free(s_to_c);
- if (c_bio != NULL) BIO_free(c_bio);
- if (s_bio != NULL) BIO_free(s_bio);
- return(0);
-}
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_task.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_task.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_task.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_task.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,397 @@
+/* ssl/ssl_task.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* VMS */
+/*-
+ * DECnet object for servicing SSL. We accept the inbound and speak a
+ * simple protocol for multiplexing the 2 data streams (application and
+ * ssl data) over this logical link.
+ *
+ * Logical names:
+ * SSL_CIPHER Defines a list of cipher specifications the server
+ * will support in order of preference.
+ * SSL_SERVER_CERTIFICATE
+ * Points to PEM (privacy enhanced mail) file that
+ * contains the server certificate and private password.
+ * SYS$NET Logical created by netserver.exe as hook for completing
+ * DECnet logical link.
+ *
+ * Each NSP message sent over the DECnet link has the following structure:
+ * struct rpc_msg {
+ * char channel;
+ * char function;
+ * short length;
+ * char data[MAX_DATA];
+ * } msg;
+ *
+ * The channel field designates the virtual data stream this message applies
+ * to and is one of:
+ * A - Application data (payload).
+ * R - Remote client connection that initiated the SSL connection. Encrypted
+ * data is sent over this connection.
+ * G - General data, reserved for future use.
+ *
+ * The data streams are half-duplex read/write and have following functions:
+ * G - Get, requests that up to msg.length bytes of data be returned. The
+ * data is returned in the next 'C' function response that matches the
+ * requesting channel.
+ * P - Put, requests that the first msg.length bytes of msg.data be appended
+ * to the designated stream.
+ * C - Confirms a get or put. Every get and put will get a confirm response,
+ * you cannot initiate another function on a channel until the previous
+ * operation has been confirmed.
+ *
+ * The 2 channels may interleave their operations, for example:
+ * Server msg Client msg
+ * A, Get, 4092 ---->
+ * <---- R, get, 4092
+ * R, Confirm, {hello} ---->
+ * <---- R, put, {srv hello}
+ * R, Confirm, 0 ---->
+ * . (SSL handshake completed)
+ * . (read first app data).
+ * <---- A, confirm, {http data}
+ * A, Put, {http data} ---->
+ * <---- A, confirm, 0
+ *
+ * The length field is not permitted to be larger that 4092 bytes.
+ *
+ * Author: Dave Jones
+ * Date: 22-JUL-1996
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <iodef.h> /* VMS IO$_ definitions */
+#include <descrip.h> /* VMS string descriptors */
+extern int SYS$QIOW(), SYS$ASSIGN();
+int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
+
+#include <string.h> /* from ssltest.c */
+#include <errno.h>
+
+#include "e_os.h"
+
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+ int error);
+BIO *bio_err = NULL;
+BIO *bio_stdout = NULL;
+BIO_METHOD *BIO_s_rtcp();
+
+static char *cipher = NULL;
+int verbose = 1;
+#ifdef FIONBIO
+static int s_nbio = 0;
+#endif
+#define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE"
+/*************************************************************************/
+/* Should have member alignment inhibited */
+struct rpc_msg {
+ /* 'A'-app data. 'R'-remote client 'G'-global */
+ char channel;
+ /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+ char function;
+ /* Amount of data returned or max to return */
+ unsigned short int length;
+ /* variable data */
+ char data[4092];
+};
+#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
+
+static $DESCRIPTOR(sysnet, "SYS$NET");
+typedef unsigned short io_channel;
+
+struct io_status {
+ unsigned short status;
+ unsigned short count;
+ unsigned long stsval;
+};
+int doit(io_channel chan, SSL_CTX *s_ctx);
+/*****************************************************************************/
+/*
+ * Decnet I/O routines.
+ */
+static int get(io_channel chan, char *buffer, int maxlen, int *length)
+{
+ int status;
+ struct io_status iosb;
+ status = SYS$QIOW(0, chan, IO$_READVBLK, &iosb, 0, 0,
+ buffer, maxlen, 0, 0, 0, 0);
+ if ((status & 1) == 1)
+ status = iosb.status;
+ if ((status & 1) == 1)
+ *length = iosb.count;
+ return status;
+}
+
+static int put(io_channel chan, char *buffer, int length)
+{
+ int status;
+ struct io_status iosb;
+ status = SYS$QIOW(0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+ buffer, length, 0, 0, 0, 0);
+ if ((status & 1) == 1)
+ status = iosb.status;
+ return status;
+}
+
+/***************************************************************************/
+/*
+ * Handle operations on the 'G' channel.
+ */
+static int general_request(io_channel chan, struct rpc_msg *msg, int length)
+{
+ return 48;
+}
+
+/***************************************************************************/
+int main(int argc, char **argv)
+{
+ int status, length;
+ io_channel chan;
+ struct rpc_msg msg;
+
+ char *CApath = NULL, *CAfile = NULL;
+ int badop = 0;
+ int ret = 1;
+ int client_auth = 0;
+ int server_auth = 0;
+ SSL_CTX *s_ctx = NULL;
+ /*
+ * Confirm logical link with initiating client.
+ */
+ LIB$INIT_TIMER();
+ status = SYS$ASSIGN(&sysnet, &chan, 0, 0, 0);
+ printf("status of assign to SYS$NET: %d\n", status);
+ /*
+ * Initialize standard out and error files.
+ */
+ if (bio_err == NULL)
+ if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err, stderr, BIO_NOCLOSE);
+ if (bio_stdout == NULL)
+ if ((bio_stdout = BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_stdout, stdout, BIO_NOCLOSE);
+ /*
+ * get the preferred cipher list and other initialization
+ */
+ if (cipher == NULL)
+ cipher = getenv("SSL_CIPHER");
+ printf("cipher list: %s\n", cipher ? cipher : "{undefined}");
+
+ SSL_load_error_strings();
+ OpenSSL_add_all_algorithms();
+
+ /*
+ * DRM, this was the original, but there is no such thing as SSLv2()
+ * s_ctx=SSL_CTX_new(SSLv2());
+ */
+ s_ctx = SSL_CTX_new(SSLv2_server_method());
+
+ if (s_ctx == NULL)
+ goto end;
+
+ SSL_CTX_use_certificate_file(s_ctx, TEST_SERVER_CERT, SSL_FILETYPE_PEM);
+ SSL_CTX_use_RSAPrivateKey_file(s_ctx, TEST_SERVER_CERT, SSL_FILETYPE_PEM);
+ printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT);
+
+ /*
+ * Take commands from client until bad status.
+ */
+ LIB$SHOW_TIMER();
+ status = doit(chan, s_ctx);
+ LIB$SHOW_TIMER();
+ /*
+ * do final cleanup and exit.
+ */
+ end:
+ if (s_ctx != NULL)
+ SSL_CTX_free(s_ctx);
+ LIB$SHOW_TIMER();
+ return 1;
+}
+
+int doit(io_channel chan, SSL_CTX *s_ctx)
+{
+ int status, length, link_state;
+ struct rpc_msg msg;
+
+ SSL *s_ssl = NULL;
+ BIO *c_to_s = NULL;
+ BIO *s_to_c = NULL;
+ BIO *c_bio = NULL;
+ BIO *s_bio = NULL;
+ int i;
+ int done = 0;
+
+ s_ssl = SSL_new(s_ctx);
+ if (s_ssl == NULL)
+ goto err;
+
+ c_to_s = BIO_new(BIO_s_rtcp());
+ s_to_c = BIO_new(BIO_s_rtcp());
+ if ((s_to_c == NULL) || (c_to_s == NULL))
+ goto err;
+/*- original, DRM 24-SEP-1997
+ BIO_set_fd ( c_to_s, "", chan );
+ BIO_set_fd ( s_to_c, "", chan );
+*/
+ BIO_set_fd(c_to_s, 0, chan);
+ BIO_set_fd(s_to_c, 0, chan);
+
+ c_bio = BIO_new(BIO_f_ssl());
+ s_bio = BIO_new(BIO_f_ssl());
+ if ((c_bio == NULL) || (s_bio == NULL))
+ goto err;
+
+ SSL_set_accept_state(s_ssl);
+ SSL_set_bio(s_ssl, c_to_s, s_to_c);
+ BIO_set_ssl(s_bio, s_ssl, BIO_CLOSE);
+
+ /* We can always do writes */
+ printf("Begin doit main loop\n");
+ /*
+ * Link states: 0-idle, 1-read pending, 2-write pending, 3-closed.
+ */
+ for (link_state = 0; link_state < 3;) {
+ /*
+ * Wait for remote end to request data action on A channel.
+ */
+ while (link_state == 0) {
+ status = get(chan, (char *)&msg, sizeof(msg), &length);
+ if ((status & 1) == 0) {
+ printf("Error in main loop get: %d\n", status);
+ link_state = 3;
+ break;
+ }
+ if (length < RPC_HDR_SIZE) {
+ printf("Error in main loop get size: %d\n", length);
+ break;
+ link_state = 3;
+ }
+ if (msg.channel != 'A') {
+ printf("Error in main loop, unexpected channel: %c\n",
+ msg.channel);
+ break;
+ link_state = 3;
+ }
+ if (msg.function == 'G') {
+ link_state = 1;
+ } else if (msg.function == 'P') {
+ link_state = 2; /* write pending */
+ } else if (msg.function == 'X') {
+ link_state = 3;
+ } else {
+ link_state = 3;
+ }
+ }
+ if (link_state == 1) {
+ i = BIO_read(s_bio, msg.data, msg.length);
+ if (i < 0)
+ link_state = 3;
+ else {
+ msg.channel = 'A';
+ msg.function = 'C'; /* confirm */
+ msg.length = i;
+ status = put(chan, (char *)&msg, i + RPC_HDR_SIZE);
+ if ((status & 1) == 0)
+ break;
+ link_state = 0;
+ }
+ } else if (link_state == 2) {
+ i = BIO_write(s_bio, msg.data, msg.length);
+ if (i < 0)
+ link_state = 3;
+ else {
+ msg.channel = 'A';
+ msg.function = 'C'; /* confirm */
+ msg.length = 0;
+ status = put(chan, (char *)&msg, RPC_HDR_SIZE);
+ if ((status & 1) == 0)
+ break;
+ link_state = 0;
+ }
+ }
+ }
+ fprintf(stdout, "DONE\n");
+ err:
+ /*
+ * We have to set the BIO's to NULL otherwise they will be free()ed
+ * twice. Once when th s_ssl is SSL_free()ed and again when c_ssl is
+ * SSL_free()ed. This is a hack required because s_ssl and c_ssl are
+ * sharing the same BIO structure and SSL_set_bio() and SSL_free()
+ * automatically BIO_free non NULL entries. You should not normally do
+ * this or be required to do this
+ */
+ s_ssl->rbio = NULL;
+ s_ssl->wbio = NULL;
+
+ if (c_to_s != NULL)
+ BIO_free(c_to_s);
+ if (s_to_c != NULL)
+ BIO_free(s_to_c);
+ if (c_bio != NULL)
+ BIO_free(c_bio);
+ if (s_bio != NULL)
+ BIO_free(s_bio);
+ return (0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssl_txt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssl_txt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_txt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,207 +0,0 @@
-/* ssl/ssl_txt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/buffer.h>
-#include "ssl_locl.h"
-
-#ifndef OPENSSL_NO_FP_API
-int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file_internal())) == NULL)
- {
- SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=SSL_SESSION_print(b,x);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
- {
- unsigned int i;
- const char *s;
-
- if (x == NULL) goto err;
- if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
- if (x->ssl_version == SSL2_VERSION)
- s="SSLv2";
- else if (x->ssl_version == SSL3_VERSION)
- s="SSLv3";
- else if (x->ssl_version == TLS1_VERSION)
- s="TLSv1";
- else if (x->ssl_version == DTLS1_VERSION)
- s="DTLSv1";
- else if (x->ssl_version == DTLS1_BAD_VER)
- s="DTLSv1-bad";
- else
- s="unknown";
- if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;
-
- if (x->cipher == NULL)
- {
- if (((x->cipher_id) & 0xff000000) == 0x02000000)
- {
- if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0)
- goto err;
- }
- else
- {
- if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0)
- goto err;
- }
- }
- else
- {
- if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
- goto err;
- }
- if (BIO_puts(bp," Session-ID: ") <= 0) goto err;
- for (i=0; i<x->session_id_length; i++)
- {
- if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
- }
- if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err;
- for (i=0; i<x->sid_ctx_length; i++)
- {
- if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
- goto err;
- }
- if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err;
- for (i=0; i<(unsigned int)x->master_key_length; i++)
- {
- if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
- }
- if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err;
- if (x->key_arg_length == 0)
- {
- if (BIO_puts(bp,"None") <= 0) goto err;
- }
- else
- for (i=0; i<x->key_arg_length; i++)
- {
- if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
- }
-#ifndef OPENSSL_NO_KRB5
- if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err;
- if (x->krb5_client_princ_len == 0)
- {
- if (BIO_puts(bp,"None") <= 0) goto err;
- }
- else
- for (i=0; i<x->krb5_client_princ_len; i++)
- {
- if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
- }
-#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_TLSEXT
- if (x->tlsext_tick_lifetime_hint)
- {
- if (BIO_printf(bp,
- "\n TLS session ticket lifetime hint: %ld (seconds)",
- x->tlsext_tick_lifetime_hint) <=0)
- goto err;
- }
- if (x->tlsext_tick)
- {
- if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0) goto err;
- if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4) <= 0)
- goto err;
- }
-#endif
-#ifndef OPENSSL_NO_COMP
- if (x->compress_meth != 0)
- {
- SSL_COMP *comp = NULL;
-
- ssl_cipher_get_evp(x,NULL,NULL,&comp);
- if (comp == NULL)
- {
- if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err;
- }
- else
- {
- if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
- }
- }
-#endif
- if (x->time != 0L)
- {
- if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err;
- }
- if (x->timeout != 0L)
- {
- if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err;
- }
- if (BIO_puts(bp,"\n") <= 0) goto err;
-
- if (BIO_puts(bp, " Verify return code: ") <= 0) goto err;
- if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
- X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
-
- return(1);
-err:
- return(0);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssl_txt.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssl_txt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssl_txt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssl_txt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,212 @@
+/* ssl/ssl_txt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/buffer.h>
+#include "ssl_locl.h"
+
+#ifndef OPENSSL_NO_FP_API
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
+{
+ BIO *b;
+ int ret;
+
+ if ((b = BIO_new(BIO_s_file_internal())) == NULL) {
+ SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB);
+ return (0);
+ }
+ BIO_set_fp(b, fp, BIO_NOCLOSE);
+ ret = SSL_SESSION_print(b, x);
+ BIO_free(b);
+ return (ret);
+}
+#endif
+
+int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
+{
+ unsigned int i;
+ const char *s;
+
+ if (x == NULL)
+ goto err;
+ if (BIO_puts(bp, "SSL-Session:\n") <= 0)
+ goto err;
+ if (x->ssl_version == SSL2_VERSION)
+ s = "SSLv2";
+ else if (x->ssl_version == SSL3_VERSION)
+ s = "SSLv3";
+ else if (x->ssl_version == TLS1_VERSION)
+ s = "TLSv1";
+ else if (x->ssl_version == DTLS1_VERSION)
+ s = "DTLSv1";
+ else if (x->ssl_version == DTLS1_BAD_VER)
+ s = "DTLSv1-bad";
+ else
+ s = "unknown";
+ if (BIO_printf(bp, " Protocol : %s\n", s) <= 0)
+ goto err;
+
+ if (x->cipher == NULL) {
+ if (((x->cipher_id) & 0xff000000) == 0x02000000) {
+ if (BIO_printf
+ (bp, " Cipher : %06lX\n", x->cipher_id & 0xffffff) <= 0)
+ goto err;
+ } else {
+ if (BIO_printf
+ (bp, " Cipher : %04lX\n", x->cipher_id & 0xffff) <= 0)
+ goto err;
+ }
+ } else {
+ if (BIO_printf
+ (bp, " Cipher : %s\n",
+ ((x->cipher == NULL) ? "unknown" : x->cipher->name)) <= 0)
+ goto err;
+ }
+ if (BIO_puts(bp, " Session-ID: ") <= 0)
+ goto err;
+ for (i = 0; i < x->session_id_length; i++) {
+ if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
+ goto err;
+ }
+ if (BIO_puts(bp, "\n Session-ID-ctx: ") <= 0)
+ goto err;
+ for (i = 0; i < x->sid_ctx_length; i++) {
+ if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0)
+ goto err;
+ }
+ if (BIO_puts(bp, "\n Master-Key: ") <= 0)
+ goto err;
+ for (i = 0; i < (unsigned int)x->master_key_length; i++) {
+ if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
+ goto err;
+ }
+ if (BIO_puts(bp, "\n Key-Arg : ") <= 0)
+ goto err;
+ if (x->key_arg_length == 0) {
+ if (BIO_puts(bp, "None") <= 0)
+ goto err;
+ } else
+ for (i = 0; i < x->key_arg_length; i++) {
+ if (BIO_printf(bp, "%02X", x->key_arg[i]) <= 0)
+ goto err;
+ }
+#ifndef OPENSSL_NO_KRB5
+ if (BIO_puts(bp, "\n Krb5 Principal: ") <= 0)
+ goto err;
+ if (x->krb5_client_princ_len == 0) {
+ if (BIO_puts(bp, "None") <= 0)
+ goto err;
+ } else
+ for (i = 0; i < x->krb5_client_princ_len; i++) {
+ if (BIO_printf(bp, "%02X", x->krb5_client_princ[i]) <= 0)
+ goto err;
+ }
+#endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_TLSEXT
+ if (x->tlsext_tick_lifetime_hint) {
+ if (BIO_printf(bp,
+ "\n TLS session ticket lifetime hint: %ld (seconds)",
+ x->tlsext_tick_lifetime_hint) <= 0)
+ goto err;
+ }
+ if (x->tlsext_tick) {
+ if (BIO_puts(bp, "\n TLS session ticket:\n") <= 0)
+ goto err;
+ if (BIO_dump_indent(bp, (char *)x->tlsext_tick, x->tlsext_ticklen, 4)
+ <= 0)
+ goto err;
+ }
+#endif
+#ifndef OPENSSL_NO_COMP
+ if (x->compress_meth != 0) {
+ SSL_COMP *comp = NULL;
+
+ ssl_cipher_get_evp(x, NULL, NULL, &comp);
+ if (comp == NULL) {
+ if (BIO_printf(bp, "\n Compression: %d", x->compress_meth) <=
+ 0)
+ goto err;
+ } else {
+ if (BIO_printf
+ (bp, "\n Compression: %d (%s)", comp->id,
+ comp->method->name) <= 0)
+ goto err;
+ }
+ }
+#endif
+ if (x->time != 0L) {
+ if (BIO_printf(bp, "\n Start Time: %ld", x->time) <= 0)
+ goto err;
+ }
+ if (x->timeout != 0L) {
+ if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0)
+ goto err;
+ }
+ if (BIO_puts(bp, "\n") <= 0)
+ goto err;
+
+ if (BIO_puts(bp, " Verify return code: ") <= 0)
+ goto err;
+ if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
+ X509_verify_cert_error_string(x->verify_result)) <= 0)
+ goto err;
+
+ return (1);
+ err:
+ return (0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/ssltest.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/ssltest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssltest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,2318 +0,0 @@
-/* ssl/ssltest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
- on Linux and GNU platforms. */
-
-#include <assert.h>
-#include <errno.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
-#define USE_SOCKETS
-#include "e_os.h"
-
-#define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on
- VMS (at least with DECompHP C). */
-#include <ctype.h>
-
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/ssl.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
- on Compaq platforms (at least with DEC C).
- Do not try to put it earlier, or IPv6 includes
- get screwed...
- */
-
-#ifdef OPENSSL_SYS_WINDOWS
-#include <winsock.h>
-#else
-#include OPENSSL_UNISTD
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
-# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
-#elif defined(OPENSSL_SYS_WINCE)
-# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
-# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
-#elif defined(OPENSSL_SYS_NETWARE)
-# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
-# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
-#else
-# define TEST_SERVER_CERT "../apps/server.pem"
-# define TEST_CLIENT_CERT "../apps/client.pem"
-#endif
-
-/* There is really no standard for this, so let's assign some tentative
- numbers. In any case, these numbers are only for this test */
-#define COMP_RLE 255
-#define COMP_ZLIB 1
-
-static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
-static void free_tmp_rsa(void);
-#endif
-static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
-#define APP_CALLBACK_STRING "Test Callback Argument"
-struct app_verify_arg
- {
- char *string;
- int app_verify;
- int allow_proxy_certs;
- char *proxy_auth;
- char *proxy_cond;
- };
-
-#ifndef OPENSSL_NO_DH
-static DH *get_dh512(void);
-static DH *get_dh1024(void);
-static DH *get_dh1024dsa(void);
-#endif
-
-static BIO *bio_err=NULL;
-static BIO *bio_stdout=NULL;
-
-static char *cipher=NULL;
-static int verbose=0;
-static int debug=0;
-#if 0
-/* Not used yet. */
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-#endif
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
-int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
-static int do_test_cipherlist(void);
-static void sv_usage(void)
- {
- fprintf(stderr,"usage: ssltest [args ...]\n");
- fprintf(stderr,"\n");
-#ifdef OPENSSL_FIPS
- fprintf(stderr,"-F - run test in FIPS mode\n");
-#endif
- fprintf(stderr," -server_auth - check server certificate\n");
- fprintf(stderr," -client_auth - do client authentication\n");
- fprintf(stderr," -proxy - allow proxy certificates\n");
- fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
- fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");
- fprintf(stderr," -v - more output\n");
- fprintf(stderr," -d - debug output\n");
- fprintf(stderr," -reuse - use session-id reuse\n");
- fprintf(stderr," -num <val> - number of connections to perform\n");
- fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
-#ifndef OPENSSL_NO_DH
- fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
- fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
- fprintf(stderr," -no_dhe - disable DHE\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
- fprintf(stderr," -no_ecdhe - disable ECDHE\n");
-#endif
-#ifndef OPENSSL_NO_SSL2
- fprintf(stderr," -ssl2 - use SSLv2\n");
-#endif
-#ifndef OPENSSL_NO_SSL3
- fprintf(stderr," -ssl3 - use SSLv3\n");
-#endif
-#ifndef OPENSSL_NO_TLS1
- fprintf(stderr," -tls1 - use TLSv1\n");
-#endif
- fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
- fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
- fprintf(stderr," -cert arg - Server certificate file\n");
- fprintf(stderr," -key arg - Server key file (default: same as -cert)\n");
- fprintf(stderr," -c_cert arg - Client certificate file\n");
- fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n");
- fprintf(stderr," -cipher arg - The cipher list\n");
- fprintf(stderr," -bio_pair - Use BIO pairs\n");
- fprintf(stderr," -f - Test even cases that can't work\n");
- fprintf(stderr," -time - measure processor time used by client and server\n");
- fprintf(stderr," -zlib - use zlib compression\n");
- fprintf(stderr," -rle - use rle compression\n");
-#ifndef OPENSSL_NO_ECDH
- fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
- " Use \"openssl ecparam -list_curves\" for all names\n" \
- " (default is sect163r2).\n");
-#endif
- fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
- }
-
-static void print_details(SSL *c_ssl, const char *prefix)
- {
- SSL_CIPHER *ciph;
- X509 *cert;
-
- ciph=SSL_get_current_cipher(c_ssl);
- BIO_printf(bio_stdout,"%s%s, cipher %s %s",
- prefix,
- SSL_get_version(c_ssl),
- SSL_CIPHER_get_version(ciph),
- SSL_CIPHER_get_name(ciph));
- cert=SSL_get_peer_certificate(c_ssl);
- if (cert != NULL)
- {
- EVP_PKEY *pkey = X509_get_pubkey(cert);
- if (pkey != NULL)
- {
- if (0)
- ;
-#ifndef OPENSSL_NO_RSA
- else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
- && pkey->pkey.rsa->n != NULL)
- {
- BIO_printf(bio_stdout, ", %d bit RSA",
- BN_num_bits(pkey->pkey.rsa->n));
- }
-#endif
-#ifndef OPENSSL_NO_DSA
- else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
- && pkey->pkey.dsa->p != NULL)
- {
- BIO_printf(bio_stdout, ", %d bit DSA",
- BN_num_bits(pkey->pkey.dsa->p));
- }
-#endif
- EVP_PKEY_free(pkey);
- }
- X509_free(cert);
- }
- /* The SSL API does not allow us to look at temporary RSA/DH keys,
- * otherwise we should print their lengths too */
- BIO_printf(bio_stdout,"\n");
- }
-
-static void lock_dbg_cb(int mode, int type, const char *file, int line)
- {
- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
- const char *errstr = NULL;
- int rw;
-
- rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
- if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
- {
- errstr = "invalid mode";
- goto err;
- }
-
- if (type < 0 || type >= CRYPTO_NUM_LOCKS)
- {
- errstr = "type out of bounds";
- goto err;
- }
-
- if (mode & CRYPTO_LOCK)
- {
- if (modes[type])
- {
- errstr = "already locked";
- /* must not happen in a single-threaded program
- * (would deadlock) */
- goto err;
- }
-
- modes[type] = rw;
- }
- else if (mode & CRYPTO_UNLOCK)
- {
- if (!modes[type])
- {
- errstr = "not locked";
- goto err;
- }
-
- if (modes[type] != rw)
- {
- errstr = (rw == CRYPTO_READ) ?
- "CRYPTO_r_unlock on write lock" :
- "CRYPTO_w_unlock on read lock";
- }
-
- modes[type] = 0;
- }
- else
- {
- errstr = "invalid mode";
- goto err;
- }
-
- err:
- if (errstr)
- {
- /* we cannot use bio_err here */
- fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
- errstr, mode, type, file, line);
- }
- }
-
-
-int main(int argc, char *argv[])
- {
- char *CApath=NULL,*CAfile=NULL;
- int badop=0;
- int bio_pair=0;
- int force=0;
- int tls1=0,ssl2=0,ssl3=0,ret=1;
- int client_auth=0;
- int server_auth=0,i;
- struct app_verify_arg app_verify_arg =
- { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
- char *server_cert=TEST_SERVER_CERT;
- char *server_key=NULL;
- char *client_cert=TEST_CLIENT_CERT;
- char *client_key=NULL;
-#ifndef OPENSSL_NO_ECDH
- char *named_curve = NULL;
-#endif
- SSL_CTX *s_ctx=NULL;
- SSL_CTX *c_ctx=NULL;
- SSL_METHOD *meth=NULL;
- SSL *c_ssl,*s_ssl;
- int number=1,reuse=0;
- long bytes=256L;
-#ifndef OPENSSL_NO_DH
- DH *dh;
- int dhe1024 = 1, dhe1024dsa = 0;
-#endif
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh = NULL;
-#endif
- int no_dhe = 0;
- int no_ecdhe = 0;
- int print_time = 0;
- clock_t s_time = 0, c_time = 0;
- int comp = 0;
-#ifndef OPENSSL_NO_COMP
- COMP_METHOD *cm = NULL;
-#endif
- STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
- int test_cipherlist = 0;
-#ifdef OPENSSL_FIPS
- int fips_mode=0;
-#endif
-
- verbose = 0;
- debug = 0;
- cipher = 0;
-
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- CRYPTO_set_locking_callback(lock_dbg_cb);
-
- /* enable memory leak checking unless explicitly disabled */
- if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
- {
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- }
- else
- {
- /* OPENSSL_DEBUG_MEMORY=off */
- CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
- }
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- RAND_seed(rnd_seed, sizeof rnd_seed);
-
- bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
-
- argc--;
- argv++;
-
- while (argc >= 1)
- {
- if(!strcmp(*argv,"-F"))
- {
-#ifdef OPENSSL_FIPS
- fips_mode=1;
-#else
- fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
- EXIT(0);
-#endif
- }
- else if (strcmp(*argv,"-server_auth") == 0)
- server_auth=1;
- else if (strcmp(*argv,"-client_auth") == 0)
- client_auth=1;
- else if (strcmp(*argv,"-proxy_auth") == 0)
- {
- if (--argc < 1) goto bad;
- app_verify_arg.proxy_auth= *(++argv);
- }
- else if (strcmp(*argv,"-proxy_cond") == 0)
- {
- if (--argc < 1) goto bad;
- app_verify_arg.proxy_cond= *(++argv);
- }
- else if (strcmp(*argv,"-v") == 0)
- verbose=1;
- else if (strcmp(*argv,"-d") == 0)
- debug=1;
- else if (strcmp(*argv,"-reuse") == 0)
- reuse=1;
- else if (strcmp(*argv,"-dhe1024") == 0)
- {
-#ifndef OPENSSL_NO_DH
- dhe1024=1;
-#else
- fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
-#endif
- }
- else if (strcmp(*argv,"-dhe1024dsa") == 0)
- {
-#ifndef OPENSSL_NO_DH
- dhe1024dsa=1;
-#else
- fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
-#endif
- }
- else if (strcmp(*argv,"-no_dhe") == 0)
- no_dhe=1;
- else if (strcmp(*argv,"-no_ecdhe") == 0)
- no_ecdhe=1;
- else if (strcmp(*argv,"-ssl2") == 0)
- ssl2=1;
- else if (strcmp(*argv,"-tls1") == 0)
- tls1=1;
- else if (strcmp(*argv,"-ssl3") == 0)
- ssl3=1;
- else if (strncmp(*argv,"-num",4) == 0)
- {
- if (--argc < 1) goto bad;
- number= atoi(*(++argv));
- if (number == 0) number=1;
- }
- else if (strcmp(*argv,"-bytes") == 0)
- {
- if (--argc < 1) goto bad;
- bytes= atol(*(++argv));
- if (bytes == 0L) bytes=1L;
- i=strlen(argv[0]);
- if (argv[0][i-1] == 'k') bytes*=1024L;
- if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- server_cert= *(++argv);
- }
- else if (strcmp(*argv,"-s_cert") == 0)
- {
- if (--argc < 1) goto bad;
- server_cert= *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- server_key= *(++argv);
- }
- else if (strcmp(*argv,"-s_key") == 0)
- {
- if (--argc < 1) goto bad;
- server_key= *(++argv);
- }
- else if (strcmp(*argv,"-c_cert") == 0)
- {
- if (--argc < 1) goto bad;
- client_cert= *(++argv);
- }
- else if (strcmp(*argv,"-c_key") == 0)
- {
- if (--argc < 1) goto bad;
- client_key= *(++argv);
- }
- else if (strcmp(*argv,"-cipher") == 0)
- {
- if (--argc < 1) goto bad;
- cipher= *(++argv);
- }
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- }
- else if (strcmp(*argv,"-bio_pair") == 0)
- {
- bio_pair = 1;
- }
- else if (strcmp(*argv,"-f") == 0)
- {
- force = 1;
- }
- else if (strcmp(*argv,"-time") == 0)
- {
- print_time = 1;
- }
- else if (strcmp(*argv,"-zlib") == 0)
- {
- comp = COMP_ZLIB;
- }
- else if (strcmp(*argv,"-rle") == 0)
- {
- comp = COMP_RLE;
- }
- else if (strcmp(*argv,"-named_curve") == 0)
- {
- if (--argc < 1) goto bad;
-#ifndef OPENSSL_NO_ECDH
- named_curve = *(++argv);
-#else
- fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
- ++argv;
-#endif
- }
- else if (strcmp(*argv,"-app_verify") == 0)
- {
- app_verify_arg.app_verify = 1;
- }
- else if (strcmp(*argv,"-proxy") == 0)
- {
- app_verify_arg.allow_proxy_certs = 1;
- }
- else if (strcmp(*argv,"-test_cipherlist") == 0)
- {
- test_cipherlist = 1;
- }
- else
- {
- fprintf(stderr,"unknown option %s\n",*argv);
- badop=1;
- break;
- }
- argc--;
- argv++;
- }
- if (badop)
- {
-bad:
- sv_usage();
- goto end;
- }
-
- if (test_cipherlist == 1)
- {
- /* ensure that the cipher list are correctly sorted and exit */
- if (do_test_cipherlist() == 0)
- EXIT(1);
- ret = 0;
- goto end;
- }
-
- if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
- {
- fprintf(stderr, "This case cannot work. Use -f to perform "
- "the test anyway (and\n-d to see what happens), "
- "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
- "to avoid protocol mismatch.\n");
- EXIT(1);
- }
-
-#ifdef OPENSSL_FIPS
- if(fips_mode)
- {
- if(!FIPS_mode_set(1))
- {
- ERR_load_crypto_strings();
- ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
- EXIT(1);
- }
- else
- fprintf(stderr,"*** IN FIPS MODE ***\n");
- }
-#endif
-
- if (print_time)
- {
- if (!bio_pair)
- {
- fprintf(stderr, "Using BIO pair (-bio_pair)\n");
- bio_pair = 1;
- }
- if (number < 50 && !force)
- fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
- }
-
-/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
-
- SSL_library_init();
- SSL_load_error_strings();
-
-#ifndef OPENSSL_NO_COMP
- if (comp == COMP_ZLIB) cm = COMP_zlib();
- if (comp == COMP_RLE) cm = COMP_rle();
- if (cm != NULL)
- {
- if (cm->type != NID_undef)
- {
- if (SSL_COMP_add_compression_method(comp, cm) != 0)
- {
- fprintf(stderr,
- "Failed to add compression method\n");
- ERR_print_errors_fp(stderr);
- }
- }
- else
- {
- fprintf(stderr,
- "Warning: %s compression not supported\n",
- (comp == COMP_RLE ? "rle" :
- (comp == COMP_ZLIB ? "zlib" :
- "unknown")));
- ERR_print_errors_fp(stderr);
- }
- }
- ssl_comp_methods = SSL_COMP_get_compression_methods();
- fprintf(stderr, "Available compression methods:\n");
- {
- int j, n = sk_SSL_COMP_num(ssl_comp_methods);
- if (n == 0)
- fprintf(stderr, " NONE\n");
- else
- for (j = 0; j < n; j++)
- {
- SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
- fprintf(stderr, " %d: %s\n", c->id, c->name);
- }
- }
-#endif
-
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- if (ssl2)
- meth=SSLv2_method();
- else
- if (tls1)
- meth=TLSv1_method();
- else
- if (ssl3)
- meth=SSLv3_method();
- else
- meth=SSLv23_method();
-#else
-#ifdef OPENSSL_NO_SSL2
- if (tls1)
- meth=TLSv1_method();
- else
- if (ssl3)
- meth=SSLv3_method();
- else
- meth=SSLv23_method();
-#else
- meth=SSLv2_method();
-#endif
-#endif
-
- c_ctx=SSL_CTX_new(meth);
- s_ctx=SSL_CTX_new(meth);
- if ((c_ctx == NULL) || (s_ctx == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (cipher != NULL)
- {
- SSL_CTX_set_cipher_list(c_ctx,cipher);
- SSL_CTX_set_cipher_list(s_ctx,cipher);
- }
-
-#ifndef OPENSSL_NO_DH
- if (!no_dhe)
- {
- if (dhe1024dsa)
- {
- /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
- SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
- dh=get_dh1024dsa();
- }
- else if (dhe1024)
- dh=get_dh1024();
- else
- dh=get_dh512();
- SSL_CTX_set_tmp_dh(s_ctx,dh);
- DH_free(dh);
- }
-#else
- (void)no_dhe;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- if (!no_ecdhe)
- {
- int nid;
-
- if (named_curve != NULL)
- {
- nid = OBJ_sn2nid(named_curve);
- if (nid == 0)
- {
- BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
- goto end;
- }
- }
- else
- nid = NID_sect163r2;
-
- ecdh = EC_KEY_new_by_curve_name(nid);
- if (ecdh == NULL)
- {
- BIO_printf(bio_err, "unable to create curve\n");
- goto end;
- }
-
- SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
- SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
- EC_KEY_free(ecdh);
- }
-#else
- (void)no_ecdhe;
-#endif
-
-#ifndef OPENSSL_NO_RSA
- SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
-#endif
-
- if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
- {
- ERR_print_errors(bio_err);
- }
- else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
- (server_key?server_key:server_cert), SSL_FILETYPE_PEM))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (client_auth)
- {
- SSL_CTX_use_certificate_file(c_ctx,client_cert,
- SSL_FILETYPE_PEM);
- SSL_CTX_use_PrivateKey_file(c_ctx,
- (client_key?client_key:client_cert),
- SSL_FILETYPE_PEM);
- }
-
- if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
- (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(c_ctx)))
- {
- /* fprintf(stderr,"SSL_load_verify_locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
- }
-
- if (client_auth)
- {
- BIO_printf(bio_err,"client authentication\n");
- SSL_CTX_set_verify(s_ctx,
- SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
- verify_callback);
- SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg);
- }
- if (server_auth)
- {
- BIO_printf(bio_err,"server authentication\n");
- SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
- verify_callback);
- SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg);
- }
-
- {
- int session_id_context = 0;
- SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
- }
-
- c_ssl=SSL_new(c_ctx);
- s_ssl=SSL_new(s_ctx);
-
-#ifndef OPENSSL_NO_KRB5
- if (c_ssl && c_ssl->kssl_ctx)
- {
- char localhost[MAXHOSTNAMELEN+2];
-
- if (gethostname(localhost, sizeof localhost-1) == 0)
- {
- localhost[sizeof localhost-1]='\0';
- if(strlen(localhost) == sizeof localhost-1)
- {
- BIO_printf(bio_err,"localhost name too long\n");
- goto end;
- }
- kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
- localhost);
- }
- }
-#endif /* OPENSSL_NO_KRB5 */
-
- for (i=0; i<number; i++)
- {
- if (!reuse) SSL_set_session(c_ssl,NULL);
- if (bio_pair)
- ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
- else
- ret=doit(s_ssl,c_ssl,bytes);
- }
-
- if (!verbose)
- {
- print_details(c_ssl, "");
- }
- if ((number > 1) || (bytes > 1L))
- BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
- if (print_time)
- {
-#ifdef CLOCKS_PER_SEC
- /* "To determine the time in seconds, the value returned
- * by the clock function should be divided by the value
- * of the macro CLOCKS_PER_SEC."
- * -- ISO/IEC 9899 */
- BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
- "Approximate total client time: %6.2f s\n",
- (double)s_time/CLOCKS_PER_SEC,
- (double)c_time/CLOCKS_PER_SEC);
-#else
- /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
- * -- cc on NeXTstep/OpenStep */
- BIO_printf(bio_stdout,
- "Approximate total server time: %6.2f units\n"
- "Approximate total client time: %6.2f units\n",
- (double)s_time,
- (double)c_time);
-#endif
- }
-
- SSL_free(s_ssl);
- SSL_free(c_ssl);
-
-end:
- if (s_ctx != NULL) SSL_CTX_free(s_ctx);
- if (c_ctx != NULL) SSL_CTX_free(c_ctx);
-
- if (bio_stdout != NULL) BIO_free(bio_stdout);
-
-#ifndef OPENSSL_NO_RSA
- free_tmp_rsa();
-#endif
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif
- CRYPTO_cleanup_all_ex_data();
- ERR_free_strings();
- ERR_remove_state(0);
- EVP_cleanup();
- CRYPTO_mem_leaks(bio_err);
- if (bio_err != NULL) BIO_free(bio_err);
- EXIT(ret);
- return ret;
- }
-
-int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
- clock_t *s_time, clock_t *c_time)
- {
- long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
- BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
- BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
- int ret = 1;
-
- size_t bufsiz = 256; /* small buffer for testing */
-
- if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
- goto err;
- if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
- goto err;
-
- s_ssl_bio = BIO_new(BIO_f_ssl());
- if (!s_ssl_bio)
- goto err;
-
- c_ssl_bio = BIO_new(BIO_f_ssl());
- if (!c_ssl_bio)
- goto err;
-
- SSL_set_connect_state(c_ssl);
- SSL_set_bio(c_ssl, client, client);
- (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
-
- SSL_set_accept_state(s_ssl);
- SSL_set_bio(s_ssl, server, server);
- (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
-
- do
- {
- /* c_ssl_bio: SSL filter BIO
- *
- * client: pseudo-I/O for SSL library
- *
- * client_io: client's SSL communication; usually to be
- * relayed over some I/O facility, but in this
- * test program, we're the server, too:
- *
- * server_io: server's SSL communication
- *
- * server: pseudo-I/O for SSL library
- *
- * s_ssl_bio: SSL filter BIO
- *
- * The client and the server each employ a "BIO pair":
- * client + client_io, server + server_io.
- * BIO pairs are symmetric. A BIO pair behaves similar
- * to a non-blocking socketpair (but both endpoints must
- * be handled by the same thread).
- * [Here we could connect client and server to the ends
- * of a single BIO pair, but then this code would be less
- * suitable as an example for BIO pairs in general.]
- *
- * Useful functions for querying the state of BIO pair endpoints:
- *
- * BIO_ctrl_pending(bio) number of bytes we can read now
- * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
- * other side's read attempt
- * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
- *
- * ..._read_request is never more than ..._write_guarantee;
- * it depends on the application which one you should use.
- */
-
- /* We have non-blocking behaviour throughout this test program, but
- * can be sure that there is *some* progress in each iteration; so
- * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
- * -- we just try everything in each iteration
- */
-
- {
- /* CLIENT */
-
- MS_STATIC char cbuf[1024*8];
- int i, r;
- clock_t c_clock = clock();
-
- memset(cbuf, 0, sizeof(cbuf));
-
- if (debug)
- if (SSL_in_init(c_ssl))
- printf("client waiting in SSL_connect - %s\n",
- SSL_state_string_long(c_ssl));
-
- if (cw_num > 0)
- {
- /* Write to server. */
-
- if (cw_num > (long)sizeof cbuf)
- i = sizeof cbuf;
- else
- i = (int)cw_num;
- r = BIO_write(c_ssl_bio, cbuf, i);
- if (r < 0)
- {
- if (!BIO_should_retry(c_ssl_bio))
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- goto err;
- }
- /* BIO_should_retry(...) can just be ignored here.
- * The library expects us to call BIO_write with
- * the same arguments again, and that's what we will
- * do in the next iteration. */
- }
- else if (r == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("client wrote %d\n", r);
- cw_num -= r;
- }
- }
-
- if (cr_num > 0)
- {
- /* Read from server. */
-
- r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
- if (r < 0)
- {
- if (!BIO_should_retry(c_ssl_bio))
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- goto err;
- }
- /* Again, "BIO_should_retry" can be ignored. */
- }
- else if (r == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("client read %d\n", r);
- cr_num -= r;
- }
- }
-
- /* c_time and s_time increments will typically be very small
- * (depending on machine speed and clock tick intervals),
- * but sampling over a large number of connections should
- * result in fairly accurate figures. We cannot guarantee
- * a lot, however -- if each connection lasts for exactly
- * one clock tick, it will be counted only for the client
- * or only for the server or even not at all.
- */
- *c_time += (clock() - c_clock);
- }
-
- {
- /* SERVER */
-
- MS_STATIC char sbuf[1024*8];
- int i, r;
- clock_t s_clock = clock();
-
- memset(sbuf, 0, sizeof(sbuf));
-
- if (debug)
- if (SSL_in_init(s_ssl))
- printf("server waiting in SSL_accept - %s\n",
- SSL_state_string_long(s_ssl));
-
- if (sw_num > 0)
- {
- /* Write to client. */
-
- if (sw_num > (long)sizeof sbuf)
- i = sizeof sbuf;
- else
- i = (int)sw_num;
- r = BIO_write(s_ssl_bio, sbuf, i);
- if (r < 0)
- {
- if (!BIO_should_retry(s_ssl_bio))
- {
- fprintf(stderr,"ERROR in SERVER\n");
- goto err;
- }
- /* Ignore "BIO_should_retry". */
- }
- else if (r == 0)
- {
- fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("server wrote %d\n", r);
- sw_num -= r;
- }
- }
-
- if (sr_num > 0)
- {
- /* Read from client. */
-
- r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
- if (r < 0)
- {
- if (!BIO_should_retry(s_ssl_bio))
- {
- fprintf(stderr,"ERROR in SERVER\n");
- goto err;
- }
- /* blah, blah */
- }
- else if (r == 0)
- {
- fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("server read %d\n", r);
- sr_num -= r;
- }
- }
-
- *s_time += (clock() - s_clock);
- }
-
- {
- /* "I/O" BETWEEN CLIENT AND SERVER. */
-
- size_t r1, r2;
- BIO *io1 = server_io, *io2 = client_io;
- /* we use the non-copying interface for io1
- * and the standard BIO_write/BIO_read interface for io2
- */
-
- static int prev_progress = 1;
- int progress = 0;
-
- /* io1 to io2 */
- do
- {
- size_t num;
- int r;
-
- r1 = BIO_ctrl_pending(io1);
- r2 = BIO_ctrl_get_write_guarantee(io2);
-
- num = r1;
- if (r2 < num)
- num = r2;
- if (num)
- {
- char *dataptr;
-
- if (INT_MAX < num) /* yeah, right */
- num = INT_MAX;
-
- r = BIO_nread(io1, &dataptr, (int)num);
- assert(r > 0);
- assert(r <= (int)num);
- /* possibly r < num (non-contiguous data) */
- num = r;
- r = BIO_write(io2, dataptr, (int)num);
- if (r != (int)num) /* can't happen */
- {
- fprintf(stderr, "ERROR: BIO_write could not write "
- "BIO_ctrl_get_write_guarantee() bytes");
- goto err;
- }
- progress = 1;
-
- if (debug)
- printf((io1 == client_io) ?
- "C->S relaying: %d bytes\n" :
- "S->C relaying: %d bytes\n",
- (int)num);
- }
- }
- while (r1 && r2);
-
- /* io2 to io1 */
- {
- size_t num;
- int r;
-
- r1 = BIO_ctrl_pending(io2);
- r2 = BIO_ctrl_get_read_request(io1);
- /* here we could use ..._get_write_guarantee instead of
- * ..._get_read_request, but by using the latter
- * we test restartability of the SSL implementation
- * more thoroughly */
- num = r1;
- if (r2 < num)
- num = r2;
- if (num)
- {
- char *dataptr;
-
- if (INT_MAX < num)
- num = INT_MAX;
-
- if (num > 1)
- --num; /* test restartability even more thoroughly */
-
- r = BIO_nwrite0(io1, &dataptr);
- assert(r > 0);
- if (r < (int)num)
- num = r;
- r = BIO_read(io2, dataptr, (int)num);
- if (r != (int)num) /* can't happen */
- {
- fprintf(stderr, "ERROR: BIO_read could not read "
- "BIO_ctrl_pending() bytes");
- goto err;
- }
- progress = 1;
- r = BIO_nwrite(io1, &dataptr, (int)num);
- if (r != (int)num) /* can't happen */
- {
- fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
- "BIO_nwrite0() bytes");
- goto err;
- }
-
- if (debug)
- printf((io2 == client_io) ?
- "C->S relaying: %d bytes\n" :
- "S->C relaying: %d bytes\n",
- (int)num);
- }
- } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
-
- if (!progress && !prev_progress)
- if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
- {
- fprintf(stderr, "ERROR: got stuck\n");
- if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
- {
- fprintf(stderr, "This can happen for SSL2 because "
- "CLIENT-FINISHED and SERVER-VERIFY are written \n"
- "concurrently ...");
- if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
- && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
- {
- fprintf(stderr, " ok.\n");
- goto end;
- }
- }
- fprintf(stderr, " ERROR.\n");
- goto err;
- }
- prev_progress = progress;
- }
- }
- while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
-
- if (verbose)
- print_details(c_ssl, "DONE via BIO pair: ");
-end:
- ret = 0;
-
- err:
- ERR_print_errors(bio_err);
-
- if (server)
- BIO_free(server);
- if (server_io)
- BIO_free(server_io);
- if (client)
- BIO_free(client);
- if (client_io)
- BIO_free(client_io);
- if (s_ssl_bio)
- BIO_free(s_ssl_bio);
- if (c_ssl_bio)
- BIO_free(c_ssl_bio);
-
- return ret;
- }
-
-
-#define W_READ 1
-#define W_WRITE 2
-#define C_DONE 1
-#define S_DONE 2
-
-int doit(SSL *s_ssl, SSL *c_ssl, long count)
- {
- MS_STATIC char cbuf[1024*8],sbuf[1024*8];
- long cw_num=count,cr_num=count;
- long sw_num=count,sr_num=count;
- int ret=1;
- BIO *c_to_s=NULL;
- BIO *s_to_c=NULL;
- BIO *c_bio=NULL;
- BIO *s_bio=NULL;
- int c_r,c_w,s_r,s_w;
- int i,j;
- int done=0;
- int c_write,s_write;
- int do_server=0,do_client=0;
-
- memset(cbuf,0,sizeof(cbuf));
- memset(sbuf,0,sizeof(sbuf));
-
- c_to_s=BIO_new(BIO_s_mem());
- s_to_c=BIO_new(BIO_s_mem());
- if ((s_to_c == NULL) || (c_to_s == NULL))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- c_bio=BIO_new(BIO_f_ssl());
- s_bio=BIO_new(BIO_f_ssl());
- if ((c_bio == NULL) || (s_bio == NULL))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- SSL_set_connect_state(c_ssl);
- SSL_set_bio(c_ssl,s_to_c,c_to_s);
- BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
-
- SSL_set_accept_state(s_ssl);
- SSL_set_bio(s_ssl,c_to_s,s_to_c);
- BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
-
- c_r=0; s_r=1;
- c_w=1; s_w=0;
- c_write=1,s_write=0;
-
- /* We can always do writes */
- for (;;)
- {
- do_server=0;
- do_client=0;
-
- i=(int)BIO_pending(s_bio);
- if ((i && s_r) || s_w) do_server=1;
-
- i=(int)BIO_pending(c_bio);
- if ((i && c_r) || c_w) do_client=1;
-
- if (do_server && debug)
- {
- if (SSL_in_init(s_ssl))
- printf("server waiting in SSL_accept - %s\n",
- SSL_state_string_long(s_ssl));
-/* else if (s_write)
- printf("server:SSL_write()\n");
- else
- printf("server:SSL_read()\n"); */
- }
-
- if (do_client && debug)
- {
- if (SSL_in_init(c_ssl))
- printf("client waiting in SSL_connect - %s\n",
- SSL_state_string_long(c_ssl));
-/* else if (c_write)
- printf("client:SSL_write()\n");
- else
- printf("client:SSL_read()\n"); */
- }
-
- if (!do_client && !do_server)
- {
- fprintf(stdout,"ERROR IN STARTUP\n");
- ERR_print_errors(bio_err);
- break;
- }
- if (do_client && !(done & C_DONE))
- {
- if (c_write)
- {
- j = (cw_num > (long)sizeof(cbuf)) ?
- (int)sizeof(cbuf) : (int)cw_num;
- i=BIO_write(c_bio,cbuf,j);
- if (i < 0)
- {
- c_r=0;
- c_w=0;
- if (BIO_should_retry(c_bio))
- {
- if (BIO_should_read(c_bio))
- c_r=1;
- if (BIO_should_write(c_bio))
- c_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("client wrote %d\n",i);
- /* ok */
- s_r=1;
- c_write=0;
- cw_num-=i;
- }
- }
- else
- {
- i=BIO_read(c_bio,cbuf,sizeof(cbuf));
- if (i < 0)
- {
- c_r=0;
- c_w=0;
- if (BIO_should_retry(c_bio))
- {
- if (BIO_should_read(c_bio))
- c_r=1;
- if (BIO_should_write(c_bio))
- c_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("client read %d\n",i);
- cr_num-=i;
- if (sw_num > 0)
- {
- s_write=1;
- s_w=1;
- }
- if (cr_num <= 0)
- {
- s_write=1;
- s_w=1;
- done=S_DONE|C_DONE;
- }
- }
- }
- }
-
- if (do_server && !(done & S_DONE))
- {
- if (!s_write)
- {
- i=BIO_read(s_bio,sbuf,sizeof(cbuf));
- if (i < 0)
- {
- s_r=0;
- s_w=0;
- if (BIO_should_retry(s_bio))
- {
- if (BIO_should_read(s_bio))
- s_r=1;
- if (BIO_should_write(s_bio))
- s_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in SERVER\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- else if (i == 0)
- {
- ERR_print_errors(bio_err);
- fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("server read %d\n",i);
- sr_num-=i;
- if (cw_num > 0)
- {
- c_write=1;
- c_w=1;
- }
- if (sr_num <= 0)
- {
- s_write=1;
- s_w=1;
- c_write=0;
- }
- }
- }
- else
- {
- j = (sw_num > (long)sizeof(sbuf)) ?
- (int)sizeof(sbuf) : (int)sw_num;
- i=BIO_write(s_bio,sbuf,j);
- if (i < 0)
- {
- s_r=0;
- s_w=0;
- if (BIO_should_retry(s_bio))
- {
- if (BIO_should_read(s_bio))
- s_r=1;
- if (BIO_should_write(s_bio))
- s_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in SERVER\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- else if (i == 0)
- {
- ERR_print_errors(bio_err);
- fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("server wrote %d\n",i);
- sw_num-=i;
- s_write=0;
- c_r=1;
- if (sw_num <= 0)
- done|=S_DONE;
- }
- }
- }
-
- if ((done & S_DONE) && (done & C_DONE)) break;
- }
-
- if (verbose)
- print_details(c_ssl, "DONE: ");
- ret=0;
-err:
- /* We have to set the BIO's to NULL otherwise they will be
- * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
- * again when c_ssl is SSL_free()ed.
- * This is a hack required because s_ssl and c_ssl are sharing the same
- * BIO structure and SSL_set_bio() and SSL_free() automatically
- * BIO_free non NULL entries.
- * You should not normally do this or be required to do this */
- if (s_ssl != NULL)
- {
- s_ssl->rbio=NULL;
- s_ssl->wbio=NULL;
- }
- if (c_ssl != NULL)
- {
- c_ssl->rbio=NULL;
- c_ssl->wbio=NULL;
- }
-
- if (c_to_s != NULL) BIO_free(c_to_s);
- if (s_to_c != NULL) BIO_free(s_to_c);
- if (c_bio != NULL) BIO_free_all(c_bio);
- if (s_bio != NULL) BIO_free_all(s_bio);
- return(ret);
- }
-
-static int get_proxy_auth_ex_data_idx(void)
- {
- static volatile int idx = -1;
- if (idx < 0)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- if (idx < 0)
- {
- idx = X509_STORE_CTX_get_ex_new_index(0,
- "SSLtest for verify callback", NULL,NULL,NULL);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- }
- return idx;
- }
-
-static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- char *s,buf[256];
-
- s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
- sizeof buf);
- if (s != NULL)
- {
- if (ok)
- fprintf(stderr,"depth=%d %s\n",
- ctx->error_depth,buf);
- else
- {
- fprintf(stderr,"depth=%d error=%d %s\n",
- ctx->error_depth,ctx->error,buf);
- }
- }
-
- if (ok == 0)
- {
- fprintf(stderr,"Error string: %s\n",
- X509_verify_cert_error_string(ctx->error));
- switch (ctx->error)
- {
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- fprintf(stderr," ... ignored.\n");
- ok=1;
- }
- }
-
- if (ok == 1)
- {
- X509 *xs = ctx->current_cert;
-#if 0
- X509 *xi = ctx->current_issuer;
-#endif
-
- if (xs->ex_flags & EXFLAG_PROXY)
- {
- unsigned int *letters =
- X509_STORE_CTX_get_ex_data(ctx,
- get_proxy_auth_ex_data_idx());
-
- if (letters)
- {
- int found_any = 0;
- int i;
- PROXY_CERT_INFO_EXTENSION *pci =
- X509_get_ext_d2i(xs, NID_proxyCertInfo,
- NULL, NULL);
-
- switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
- {
- case NID_Independent:
- /* Completely meaningless in this
- program, as there's no way to
- grant explicit rights to a
- specific PrC. Basically, using
- id-ppl-Independent is the perfect
- way to grant no rights at all. */
- fprintf(stderr, " Independent proxy certificate");
- for (i = 0; i < 26; i++)
- letters[i] = 0;
- break;
- case NID_id_ppl_inheritAll:
- /* This is basically a NOP, we
- simply let the current rights
- stand as they are. */
- fprintf(stderr, " Proxy certificate inherits all");
- break;
- default:
- s = (char *)
- pci->proxyPolicy->policy->data;
- i = pci->proxyPolicy->policy->length;
-
- /* The algorithm works as follows:
- it is assumed that previous
- iterations or the initial granted
- rights has already set some elements
- of `letters'. What we need to do is
- to clear those that weren't granted
- by the current PrC as well. The
- easiest way to do this is to add 1
- to all the elements whose letters
- are given with the current policy.
- That way, all elements that are set
- by the current policy and were
- already set by earlier policies and
- through the original grant of rights
- will get the value 2 or higher.
- The last thing to do is to sweep
- through `letters' and keep the
- elements having the value 2 as set,
- and clear all the others. */
-
- fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
- while(i-- > 0)
- {
- int c = *s++;
- if (isascii(c) && isalpha(c))
- {
- if (islower(c))
- c = toupper(c);
- letters[c - 'A']++;
- }
- }
- for (i = 0; i < 26; i++)
- if (letters[i] < 2)
- letters[i] = 0;
- else
- letters[i] = 1;
- }
-
- found_any = 0;
- fprintf(stderr,
- ", resulting proxy rights = ");
- for(i = 0; i < 26; i++)
- if (letters[i])
- {
- fprintf(stderr, "%c", i + 'A');
- found_any = 1;
- }
- if (!found_any)
- fprintf(stderr, "none");
- fprintf(stderr, "\n");
-
- PROXY_CERT_INFO_EXTENSION_free(pci);
- }
- }
- }
-
- return(ok);
- }
-
-static void process_proxy_debug(int indent, const char *format, ...)
- {
- static const char indentation[] =
- ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
- ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
- char my_format[256];
- va_list args;
-
- BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
- indent, indent, indentation, format);
-
- va_start(args, format);
- vfprintf(stderr, my_format, args);
- va_end(args);
- }
-/* Priority levels:
- 0 [!]var, ()
- 1 & ^
- 2 |
-*/
-static int process_proxy_cond_adders(unsigned int letters[26],
- const char *cond, const char **cond_end, int *pos, int indent);
-static int process_proxy_cond_val(unsigned int letters[26],
- const char *cond, const char **cond_end, int *pos, int indent)
- {
- int c;
- int ok = 1;
- int negate = 0;
-
- while(isspace((int)*cond))
- {
- cond++; (*pos)++;
- }
- c = *cond;
-
- if (debug)
- process_proxy_debug(indent,
- "Start process_proxy_cond_val at position %d: %s\n",
- *pos, cond);
-
- while(c == '!')
- {
- negate = !negate;
- cond++; (*pos)++;
- while(isspace((int)*cond))
- {
- cond++; (*pos)++;
- }
- c = *cond;
- }
-
- if (c == '(')
- {
- cond++; (*pos)++;
- ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
- indent + 1);
- cond = *cond_end;
- if (ok < 0)
- goto end;
- while(isspace((int)*cond))
- {
- cond++; (*pos)++;
- }
- c = *cond;
- if (c != ')')
- {
- fprintf(stderr,
- "Weird condition character in position %d: "
- "%c\n", *pos, c);
- ok = -1;
- goto end;
- }
- cond++; (*pos)++;
- }
- else if (isascii(c) && isalpha(c))
- {
- if (islower(c))
- c = toupper(c);
- ok = letters[c - 'A'];
- cond++; (*pos)++;
- }
- else
- {
- fprintf(stderr,
- "Weird condition character in position %d: "
- "%c\n", *pos, c);
- ok = -1;
- goto end;
- }
- end:
- *cond_end = cond;
- if (ok >= 0 && negate)
- ok = !ok;
-
- if (debug)
- process_proxy_debug(indent,
- "End process_proxy_cond_val at position %d: %s, returning %d\n",
- *pos, cond, ok);
-
- return ok;
- }
-static int process_proxy_cond_multipliers(unsigned int letters[26],
- const char *cond, const char **cond_end, int *pos, int indent)
- {
- int ok;
- char c;
-
- if (debug)
- process_proxy_debug(indent,
- "Start process_proxy_cond_multipliers at position %d: %s\n",
- *pos, cond);
-
- ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
- cond = *cond_end;
- if (ok < 0)
- goto end;
-
- while(ok >= 0)
- {
- while(isspace((int)*cond))
- {
- cond++; (*pos)++;
- }
- c = *cond;
-
- switch(c)
- {
- case '&':
- case '^':
- {
- int save_ok = ok;
-
- cond++; (*pos)++;
- ok = process_proxy_cond_val(letters,
- cond, cond_end, pos, indent + 1);
- cond = *cond_end;
- if (ok < 0)
- break;
-
- switch(c)
- {
- case '&':
- ok &= save_ok;
- break;
- case '^':
- ok ^= save_ok;
- break;
- default:
- fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
- " STOPPING\n");
- EXIT(1);
- }
- }
- break;
- default:
- goto end;
- }
- }
- end:
- if (debug)
- process_proxy_debug(indent,
- "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
- *pos, cond, ok);
-
- *cond_end = cond;
- return ok;
- }
-static int process_proxy_cond_adders(unsigned int letters[26],
- const char *cond, const char **cond_end, int *pos, int indent)
- {
- int ok;
- char c;
-
- if (debug)
- process_proxy_debug(indent,
- "Start process_proxy_cond_adders at position %d: %s\n",
- *pos, cond);
-
- ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
- indent + 1);
- cond = *cond_end;
- if (ok < 0)
- goto end;
-
- while(ok >= 0)
- {
- while(isspace((int)*cond))
- {
- cond++; (*pos)++;
- }
- c = *cond;
-
- switch(c)
- {
- case '|':
- {
- int save_ok = ok;
-
- cond++; (*pos)++;
- ok = process_proxy_cond_multipliers(letters,
- cond, cond_end, pos, indent + 1);
- cond = *cond_end;
- if (ok < 0)
- break;
-
- switch(c)
- {
- case '|':
- ok |= save_ok;
- break;
- default:
- fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
- " STOPPING\n");
- EXIT(1);
- }
- }
- break;
- default:
- goto end;
- }
- }
- end:
- if (debug)
- process_proxy_debug(indent,
- "End process_proxy_cond_adders at position %d: %s, returning %d\n",
- *pos, cond, ok);
-
- *cond_end = cond;
- return ok;
- }
-
-static int process_proxy_cond(unsigned int letters[26],
- const char *cond, const char **cond_end)
- {
- int pos = 1;
- return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
- }
-
-static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
- {
- int ok=1;
- struct app_verify_arg *cb_arg = arg;
- unsigned int letters[26]; /* only used with proxy_auth */
-
- if (cb_arg->app_verify)
- {
- char *s = NULL,buf[256];
-
- fprintf(stderr, "In app_verify_callback, allowing cert. ");
- fprintf(stderr, "Arg is: %s\n", cb_arg->string);
- fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
- (void *)ctx, (void *)ctx->cert);
- if (ctx->cert)
- s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
- if (s != NULL)
- {
- fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
- }
- return(1);
- }
- if (cb_arg->proxy_auth)
- {
- int found_any = 0, i;
- char *sp;
-
- for(i = 0; i < 26; i++)
- letters[i] = 0;
- for(sp = cb_arg->proxy_auth; *sp; sp++)
- {
- int c = *sp;
- if (isascii(c) && isalpha(c))
- {
- if (islower(c))
- c = toupper(c);
- letters[c - 'A'] = 1;
- }
- }
-
- fprintf(stderr,
- " Initial proxy rights = ");
- for(i = 0; i < 26; i++)
- if (letters[i])
- {
- fprintf(stderr, "%c", i + 'A');
- found_any = 1;
- }
- if (!found_any)
- fprintf(stderr, "none");
- fprintf(stderr, "\n");
-
- X509_STORE_CTX_set_ex_data(ctx,
- get_proxy_auth_ex_data_idx(),letters);
- }
- if (cb_arg->allow_proxy_certs)
- {
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
- }
-
-#ifndef OPENSSL_NO_X509_VERIFY
- ok = X509_verify_cert(ctx);
-#endif
-
- if (cb_arg->proxy_auth)
- {
- if (ok > 0)
- {
- const char *cond_end = NULL;
-
- ok = process_proxy_cond(letters,
- cb_arg->proxy_cond, &cond_end);
-
- if (ok < 0)
- EXIT(3);
- if (*cond_end)
- {
- fprintf(stderr, "Stopped processing condition before it's end.\n");
- ok = 0;
- }
- if (!ok)
- fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
- cb_arg->proxy_cond);
- else
- fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
- cb_arg->proxy_cond);
- }
- }
- return(ok);
- }
-
-#ifndef OPENSSL_NO_RSA
-static RSA *rsa_tmp=NULL;
-
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
- {
- BIGNUM *bn = NULL;
- if (rsa_tmp == NULL)
- {
- bn = BN_new();
- rsa_tmp = RSA_new();
- if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4))
- {
- BIO_printf(bio_err, "Memory error...");
- goto end;
- }
- BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
- (void)BIO_flush(bio_err);
- if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL))
- {
- BIO_printf(bio_err, "Error generating key.");
- RSA_free(rsa_tmp);
- rsa_tmp = NULL;
- }
-end:
- BIO_printf(bio_err,"\n");
- (void)BIO_flush(bio_err);
- }
- if(bn) BN_free(bn);
- return(rsa_tmp);
- }
-
-static void free_tmp_rsa(void)
- {
- if (rsa_tmp != NULL)
- {
- RSA_free(rsa_tmp);
- rsa_tmp = NULL;
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* These DH parameters have been generated as follows:
- * $ openssl dhparam -C -noout 512
- * $ openssl dhparam -C -noout 1024
- * $ openssl dhparam -C -noout -dsaparam 1024
- * (The third function has been renamed to avoid name conflicts.)
- */
-static DH *get_dh512()
- {
- static unsigned char dh512_p[]={
- 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
- 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
- 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
- 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
- 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
- 0x02,0xC5,0xAE,0x23,
- };
- static unsigned char dh512_g[]={
- 0x02,
- };
- DH *dh;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- { DH_free(dh); return(NULL); }
- return(dh);
- }
-
-static DH *get_dh1024()
- {
- static unsigned char dh1024_p[]={
- 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
- 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
- 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
- 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
- 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
- 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
- 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
- 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
- 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
- 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
- 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
- };
- static unsigned char dh1024_g[]={
- 0x02,
- };
- DH *dh;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
- dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- { DH_free(dh); return(NULL); }
- return(dh);
- }
-
-static DH *get_dh1024dsa()
- {
- static unsigned char dh1024_p[]={
- 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
- 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
- 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
- 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
- 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
- 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
- 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
- 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
- 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
- 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
- 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
- };
- static unsigned char dh1024_g[]={
- 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
- 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
- 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
- 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
- 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
- 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
- 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
- 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
- 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
- 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
- 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
- };
- DH *dh;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
- dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- { DH_free(dh); return(NULL); }
- dh->length = 160;
- return(dh);
- }
-#endif
-
-static int do_test_cipherlist(void)
- {
- int i = 0;
- const SSL_METHOD *meth;
- SSL_CIPHER *ci, *tci = NULL;
-
-#ifndef OPENSSL_NO_SSL2
- fprintf(stderr, "testing SSLv2 cipher list order: ");
- meth = SSLv2_method();
- while ((ci = meth->get_cipher(i++)) != NULL)
- {
- if (tci != NULL)
- if (ci->id >= tci->id)
- {
- fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
- return 0;
- }
- tci = ci;
- }
- fprintf(stderr, "ok\n");
-#endif
-#ifndef OPENSSL_NO_SSL3
- fprintf(stderr, "testing SSLv3 cipher list order: ");
- meth = SSLv3_method();
- tci = NULL;
- while ((ci = meth->get_cipher(i++)) != NULL)
- {
- if (tci != NULL)
- if (ci->id >= tci->id)
- {
- fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
- return 0;
- }
- tci = ci;
- }
- fprintf(stderr, "ok\n");
-#endif
-#ifndef OPENSSL_NO_TLS1
- fprintf(stderr, "testing TLSv1 cipher list order: ");
- meth = TLSv1_method();
- tci = NULL;
- while ((ci = meth->get_cipher(i++)) != NULL)
- {
- if (tci != NULL)
- if (ci->id >= tci->id)
- {
- fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
- return 0;
- }
- tci = ci;
- }
- fprintf(stderr, "ok\n");
-#endif
-
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/ssltest.c (from rev 6976, vendor-crypto/openssl/dist/ssl/ssltest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/ssltest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/ssltest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,2208 @@
+/* ssl/ssltest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+/* Or gethostname won't be declared properly on Linux and GNU platforms. */
+#define _BSD_SOURCE 1
+
+#include <assert.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#define USE_SOCKETS
+#include "e_os.h"
+
+/*
+ * Or isascii won't be declared properly on VMS (at least with DECompHP C).
+ */
+#define _XOPEN_SOURCE 500
+#include <ctype.h>
+
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/ssl.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include <openssl/bn.h>
+
+/*
+ * Or gethostname won't be declared properly
+ * on Compaq platforms (at least with DEC C).
+ * Do not try to put it earlier, or IPv6 includes
+ * get screwed...
+ */
+#define _XOPEN_SOURCE_EXTENDED 1
+
+#ifdef OPENSSL_SYS_WINDOWS
+# include <winsock.h>
+#else
+# include OPENSSL_UNISTD
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
+# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
+#elif defined(OPENSSL_SYS_WINCE)
+# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
+# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
+#elif defined(OPENSSL_SYS_NETWARE)
+# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
+# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
+#else
+# define TEST_SERVER_CERT "../apps/server.pem"
+# define TEST_CLIENT_CERT "../apps/client.pem"
+#endif
+
+/*
+ * There is really no standard for this, so let's assign some tentative
+ * numbers. In any case, these numbers are only for this test
+ */
+#define COMP_RLE 255
+#define COMP_ZLIB 1
+
+static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
+static void free_tmp_rsa(void);
+#endif
+static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
+#define APP_CALLBACK_STRING "Test Callback Argument"
+struct app_verify_arg {
+ char *string;
+ int app_verify;
+ int allow_proxy_certs;
+ char *proxy_auth;
+ char *proxy_cond;
+};
+
+#ifndef OPENSSL_NO_DH
+static DH *get_dh512(void);
+static DH *get_dh1024(void);
+static DH *get_dh1024dsa(void);
+#endif
+
+static BIO *bio_err = NULL;
+static BIO *bio_stdout = NULL;
+
+static char *cipher = NULL;
+static int verbose = 0;
+static int debug = 0;
+#if 0
+/* Not used yet. */
+# ifdef FIONBIO
+static int s_nbio = 0;
+# endif
+#endif
+
+static const char rnd_seed[] =
+ "string to make the random number generator think it has entropy";
+
+int doit_biopair(SSL *s_ssl, SSL *c_ssl, long bytes, clock_t *s_time,
+ clock_t *c_time);
+int doit(SSL *s_ssl, SSL *c_ssl, long bytes);
+static int do_test_cipherlist(void);
+static void sv_usage(void)
+{
+ fprintf(stderr, "usage: ssltest [args ...]\n");
+ fprintf(stderr, "\n");
+#ifdef OPENSSL_FIPS
+ fprintf(stderr, "-F - run test in FIPS mode\n");
+#endif
+ fprintf(stderr, " -server_auth - check server certificate\n");
+ fprintf(stderr, " -client_auth - do client authentication\n");
+ fprintf(stderr, " -proxy - allow proxy certificates\n");
+ fprintf(stderr, " -proxy_auth <val> - set proxy policy rights\n");
+ fprintf(stderr,
+ " -proxy_cond <val> - experssion to test proxy policy rights\n");
+ fprintf(stderr, " -v - more output\n");
+ fprintf(stderr, " -d - debug output\n");
+ fprintf(stderr, " -reuse - use session-id reuse\n");
+ fprintf(stderr, " -num <val> - number of connections to perform\n");
+ fprintf(stderr,
+ " -bytes <val> - number of bytes to swap between client/server\n");
+#ifndef OPENSSL_NO_DH
+ fprintf(stderr,
+ " -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
+ fprintf(stderr,
+ " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
+ fprintf(stderr, " -no_dhe - disable DHE\n");
+#endif
+#ifndef OPENSSL_NO_ECDH
+ fprintf(stderr, " -no_ecdhe - disable ECDHE\n");
+#endif
+#ifndef OPENSSL_NO_SSL2
+ fprintf(stderr, " -ssl2 - use SSLv2\n");
+#endif
+#ifndef OPENSSL_NO_SSL3
+ fprintf(stderr, " -ssl3 - use SSLv3\n");
+#endif
+#ifndef OPENSSL_NO_TLS1
+ fprintf(stderr, " -tls1 - use TLSv1\n");
+#endif
+ fprintf(stderr, " -CApath arg - PEM format directory of CA's\n");
+ fprintf(stderr, " -CAfile arg - PEM format file of CA's\n");
+ fprintf(stderr, " -cert arg - Server certificate file\n");
+ fprintf(stderr,
+ " -key arg - Server key file (default: same as -cert)\n");
+ fprintf(stderr, " -c_cert arg - Client certificate file\n");
+ fprintf(stderr,
+ " -c_key arg - Client key file (default: same as -c_cert)\n");
+ fprintf(stderr, " -cipher arg - The cipher list\n");
+ fprintf(stderr, " -bio_pair - Use BIO pairs\n");
+ fprintf(stderr, " -f - Test even cases that can't work\n");
+ fprintf(stderr,
+ " -time - measure processor time used by client and server\n");
+ fprintf(stderr, " -zlib - use zlib compression\n");
+ fprintf(stderr, " -rle - use rle compression\n");
+#ifndef OPENSSL_NO_ECDH
+ fprintf(stderr,
+ " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n"
+ " Use \"openssl ecparam -list_curves\" for all names\n"
+ " (default is sect163r2).\n");
+#endif
+ fprintf(stderr,
+ " -test_cipherlist - verifies the order of the ssl cipher lists\n");
+}
+
+static void print_details(SSL *c_ssl, const char *prefix)
+{
+ SSL_CIPHER *ciph;
+ X509 *cert;
+
+ ciph = SSL_get_current_cipher(c_ssl);
+ BIO_printf(bio_stdout, "%s%s, cipher %s %s",
+ prefix,
+ SSL_get_version(c_ssl),
+ SSL_CIPHER_get_version(ciph), SSL_CIPHER_get_name(ciph));
+ cert = SSL_get_peer_certificate(c_ssl);
+ if (cert != NULL) {
+ EVP_PKEY *pkey = X509_get_pubkey(cert);
+ if (pkey != NULL) {
+ if (0) ;
+#ifndef OPENSSL_NO_RSA
+ else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
+ && pkey->pkey.rsa->n != NULL) {
+ BIO_printf(bio_stdout, ", %d bit RSA",
+ BN_num_bits(pkey->pkey.rsa->n));
+ }
+#endif
+#ifndef OPENSSL_NO_DSA
+ else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
+ && pkey->pkey.dsa->p != NULL) {
+ BIO_printf(bio_stdout, ", %d bit DSA",
+ BN_num_bits(pkey->pkey.dsa->p));
+ }
+#endif
+ EVP_PKEY_free(pkey);
+ }
+ X509_free(cert);
+ }
+ /*
+ * The SSL API does not allow us to look at temporary RSA/DH keys,
+ * otherwise we should print their lengths too
+ */
+ BIO_printf(bio_stdout, "\n");
+}
+
+static void lock_dbg_cb(int mode, int type, const char *file, int line)
+{
+ static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+ const char *errstr = NULL;
+ int rw;
+
+ rw = mode & (CRYPTO_READ | CRYPTO_WRITE);
+ if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
+ errstr = "invalid mode";
+ goto err;
+ }
+
+ if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
+ errstr = "type out of bounds";
+ goto err;
+ }
+
+ if (mode & CRYPTO_LOCK) {
+ if (modes[type]) {
+ errstr = "already locked";
+ /*
+ * must not happen in a single-threaded program (would deadlock)
+ */
+ goto err;
+ }
+
+ modes[type] = rw;
+ } else if (mode & CRYPTO_UNLOCK) {
+ if (!modes[type]) {
+ errstr = "not locked";
+ goto err;
+ }
+
+ if (modes[type] != rw) {
+ errstr = (rw == CRYPTO_READ) ?
+ "CRYPTO_r_unlock on write lock" :
+ "CRYPTO_w_unlock on read lock";
+ }
+
+ modes[type] = 0;
+ } else {
+ errstr = "invalid mode";
+ goto err;
+ }
+
+ err:
+ if (errstr) {
+ /* we cannot use bio_err here */
+ fprintf(stderr,
+ "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
+ errstr, mode, type, file, line);
+ }
+}
+
+int main(int argc, char *argv[])
+{
+ char *CApath = NULL, *CAfile = NULL;
+ int badop = 0;
+ int bio_pair = 0;
+ int force = 0;
+ int tls1 = 0, ssl2 = 0, ssl3 = 0, ret = 1;
+ int client_auth = 0;
+ int server_auth = 0, i;
+ struct app_verify_arg app_verify_arg =
+ { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
+ char *server_cert = TEST_SERVER_CERT;
+ char *server_key = NULL;
+ char *client_cert = TEST_CLIENT_CERT;
+ char *client_key = NULL;
+#ifndef OPENSSL_NO_ECDH
+ char *named_curve = NULL;
+#endif
+ SSL_CTX *s_ctx = NULL;
+ SSL_CTX *c_ctx = NULL;
+ SSL_METHOD *meth = NULL;
+ SSL *c_ssl, *s_ssl;
+ int number = 1, reuse = 0;
+ long bytes = 256L;
+#ifndef OPENSSL_NO_DH
+ DH *dh;
+ int dhe1024 = 1, dhe1024dsa = 0;
+#endif
+#ifndef OPENSSL_NO_ECDH
+ EC_KEY *ecdh = NULL;
+#endif
+ int no_dhe = 0;
+ int no_ecdhe = 0;
+ int print_time = 0;
+ clock_t s_time = 0, c_time = 0;
+ int comp = 0;
+#ifndef OPENSSL_NO_COMP
+ COMP_METHOD *cm = NULL;
+#endif
+ STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+ int test_cipherlist = 0;
+#ifdef OPENSSL_FIPS
+ int fips_mode = 0;
+#endif
+
+ verbose = 0;
+ debug = 0;
+ cipher = 0;
+
+ bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+ CRYPTO_set_locking_callback(lock_dbg_cb);
+
+ /* enable memory leak checking unless explicitly disabled */
+ if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL)
+ && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) {
+ CRYPTO_malloc_debug_init();
+ CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+ } else {
+ /* OPENSSL_DEBUG_MEMORY=off */
+ CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+ }
+ CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+ RAND_seed(rnd_seed, sizeof rnd_seed);
+
+ bio_stdout = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+ argc--;
+ argv++;
+
+ while (argc >= 1) {
+ if (!strcmp(*argv, "-F")) {
+#ifdef OPENSSL_FIPS
+ fips_mode = 1;
+#else
+ fprintf(stderr,
+ "not compiled with FIPS support, so exitting without running.\n");
+ EXIT(0);
+#endif
+ } else if (strcmp(*argv, "-server_auth") == 0)
+ server_auth = 1;
+ else if (strcmp(*argv, "-client_auth") == 0)
+ client_auth = 1;
+ else if (strcmp(*argv, "-proxy_auth") == 0) {
+ if (--argc < 1)
+ goto bad;
+ app_verify_arg.proxy_auth = *(++argv);
+ } else if (strcmp(*argv, "-proxy_cond") == 0) {
+ if (--argc < 1)
+ goto bad;
+ app_verify_arg.proxy_cond = *(++argv);
+ } else if (strcmp(*argv, "-v") == 0)
+ verbose = 1;
+ else if (strcmp(*argv, "-d") == 0)
+ debug = 1;
+ else if (strcmp(*argv, "-reuse") == 0)
+ reuse = 1;
+ else if (strcmp(*argv, "-dhe1024") == 0) {
+#ifndef OPENSSL_NO_DH
+ dhe1024 = 1;
+#else
+ fprintf(stderr,
+ "ignoring -dhe1024, since I'm compiled without DH\n");
+#endif
+ } else if (strcmp(*argv, "-dhe1024dsa") == 0) {
+#ifndef OPENSSL_NO_DH
+ dhe1024dsa = 1;
+#else
+ fprintf(stderr,
+ "ignoring -dhe1024, since I'm compiled without DH\n");
+#endif
+ } else if (strcmp(*argv, "-no_dhe") == 0)
+ no_dhe = 1;
+ else if (strcmp(*argv, "-no_ecdhe") == 0)
+ no_ecdhe = 1;
+ else if (strcmp(*argv, "-ssl2") == 0)
+ ssl2 = 1;
+ else if (strcmp(*argv, "-tls1") == 0)
+ tls1 = 1;
+ else if (strcmp(*argv, "-ssl3") == 0)
+ ssl3 = 1;
+ else if (strncmp(*argv, "-num", 4) == 0) {
+ if (--argc < 1)
+ goto bad;
+ number = atoi(*(++argv));
+ if (number == 0)
+ number = 1;
+ } else if (strcmp(*argv, "-bytes") == 0) {
+ if (--argc < 1)
+ goto bad;
+ bytes = atol(*(++argv));
+ if (bytes == 0L)
+ bytes = 1L;
+ i = strlen(argv[0]);
+ if (argv[0][i - 1] == 'k')
+ bytes *= 1024L;
+ if (argv[0][i - 1] == 'm')
+ bytes *= 1024L * 1024L;
+ } else if (strcmp(*argv, "-cert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ server_cert = *(++argv);
+ } else if (strcmp(*argv, "-s_cert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ server_cert = *(++argv);
+ } else if (strcmp(*argv, "-key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ server_key = *(++argv);
+ } else if (strcmp(*argv, "-s_key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ server_key = *(++argv);
+ } else if (strcmp(*argv, "-c_cert") == 0) {
+ if (--argc < 1)
+ goto bad;
+ client_cert = *(++argv);
+ } else if (strcmp(*argv, "-c_key") == 0) {
+ if (--argc < 1)
+ goto bad;
+ client_key = *(++argv);
+ } else if (strcmp(*argv, "-cipher") == 0) {
+ if (--argc < 1)
+ goto bad;
+ cipher = *(++argv);
+ } else if (strcmp(*argv, "-CApath") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CApath = *(++argv);
+ } else if (strcmp(*argv, "-CAfile") == 0) {
+ if (--argc < 1)
+ goto bad;
+ CAfile = *(++argv);
+ } else if (strcmp(*argv, "-bio_pair") == 0) {
+ bio_pair = 1;
+ } else if (strcmp(*argv, "-f") == 0) {
+ force = 1;
+ } else if (strcmp(*argv, "-time") == 0) {
+ print_time = 1;
+ } else if (strcmp(*argv, "-zlib") == 0) {
+ comp = COMP_ZLIB;
+ } else if (strcmp(*argv, "-rle") == 0) {
+ comp = COMP_RLE;
+ } else if (strcmp(*argv, "-named_curve") == 0) {
+ if (--argc < 1)
+ goto bad;
+#ifndef OPENSSL_NO_ECDH
+ named_curve = *(++argv);
+#else
+ fprintf(stderr,
+ "ignoring -named_curve, since I'm compiled without ECDH\n");
+ ++argv;
+#endif
+ } else if (strcmp(*argv, "-app_verify") == 0) {
+ app_verify_arg.app_verify = 1;
+ } else if (strcmp(*argv, "-proxy") == 0) {
+ app_verify_arg.allow_proxy_certs = 1;
+ } else if (strcmp(*argv, "-test_cipherlist") == 0) {
+ test_cipherlist = 1;
+ } else {
+ fprintf(stderr, "unknown option %s\n", *argv);
+ badop = 1;
+ break;
+ }
+ argc--;
+ argv++;
+ }
+ if (badop) {
+ bad:
+ sv_usage();
+ goto end;
+ }
+
+ if (test_cipherlist == 1) {
+ /*
+ * ensure that the cipher list are correctly sorted and exit
+ */
+ if (do_test_cipherlist() == 0)
+ EXIT(1);
+ ret = 0;
+ goto end;
+ }
+
+ if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force) {
+ fprintf(stderr, "This case cannot work. Use -f to perform "
+ "the test anyway (and\n-d to see what happens), "
+ "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+ "to avoid protocol mismatch.\n");
+ EXIT(1);
+ }
+#ifdef OPENSSL_FIPS
+ if (fips_mode) {
+ if (!FIPS_mode_set(1)) {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
+ EXIT(1);
+ } else
+ fprintf(stderr, "*** IN FIPS MODE ***\n");
+ }
+#endif
+
+ if (print_time) {
+ if (!bio_pair) {
+ fprintf(stderr, "Using BIO pair (-bio_pair)\n");
+ bio_pair = 1;
+ }
+ if (number < 50 && !force)
+ fprintf(stderr,
+ "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
+ }
+
+/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
+
+ SSL_library_init();
+ SSL_load_error_strings();
+
+#ifndef OPENSSL_NO_COMP
+ if (comp == COMP_ZLIB)
+ cm = COMP_zlib();
+ if (comp == COMP_RLE)
+ cm = COMP_rle();
+ if (cm != NULL) {
+ if (cm->type != NID_undef) {
+ if (SSL_COMP_add_compression_method(comp, cm) != 0) {
+ fprintf(stderr, "Failed to add compression method\n");
+ ERR_print_errors_fp(stderr);
+ }
+ } else {
+ fprintf(stderr,
+ "Warning: %s compression not supported\n",
+ (comp == COMP_RLE ? "rle" :
+ (comp == COMP_ZLIB ? "zlib" : "unknown")));
+ ERR_print_errors_fp(stderr);
+ }
+ }
+ ssl_comp_methods = SSL_COMP_get_compression_methods();
+ fprintf(stderr, "Available compression methods:\n");
+ {
+ int j, n = sk_SSL_COMP_num(ssl_comp_methods);
+ if (n == 0)
+ fprintf(stderr, " NONE\n");
+ else
+ for (j = 0; j < n; j++) {
+ SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
+ fprintf(stderr, " %d: %s\n", c->id, c->name);
+ }
+ }
+#endif
+
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ if (ssl2)
+ meth = SSLv2_method();
+ else if (tls1)
+ meth = TLSv1_method();
+ else if (ssl3)
+ meth = SSLv3_method();
+ else
+ meth = SSLv23_method();
+#else
+# ifdef OPENSSL_NO_SSL2
+ if (tls1)
+ meth = TLSv1_method();
+ else if (ssl3)
+ meth = SSLv3_method();
+ else
+ meth = SSLv23_method();
+# else
+ meth = SSLv2_method();
+# endif
+#endif
+
+ c_ctx = SSL_CTX_new(meth);
+ s_ctx = SSL_CTX_new(meth);
+ if ((c_ctx == NULL) || (s_ctx == NULL)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (cipher != NULL) {
+ SSL_CTX_set_cipher_list(c_ctx, cipher);
+ SSL_CTX_set_cipher_list(s_ctx, cipher);
+ }
+#ifndef OPENSSL_NO_DH
+ if (!no_dhe) {
+ if (dhe1024dsa) {
+ /*
+ * use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks
+ */
+ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+ dh = get_dh1024dsa();
+ } else if (dhe1024)
+ dh = get_dh1024();
+ else
+ dh = get_dh512();
+ SSL_CTX_set_tmp_dh(s_ctx, dh);
+ DH_free(dh);
+ }
+#else
+ (void)no_dhe;
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+ if (!no_ecdhe) {
+ int nid;
+
+ if (named_curve != NULL) {
+ nid = OBJ_sn2nid(named_curve);
+ if (nid == 0) {
+ BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
+ goto end;
+ }
+ } else
+ nid = NID_sect163r2;
+
+ ecdh = EC_KEY_new_by_curve_name(nid);
+ if (ecdh == NULL) {
+ BIO_printf(bio_err, "unable to create curve\n");
+ goto end;
+ }
+
+ SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
+ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
+ EC_KEY_free(ecdh);
+ }
+#else
+ (void)no_ecdhe;
+#endif
+
+#ifndef OPENSSL_NO_RSA
+ SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb);
+#endif
+
+ if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) {
+ ERR_print_errors(bio_err);
+ } else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
+ (server_key ? server_key :
+ server_cert),
+ SSL_FILETYPE_PEM)) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ if (client_auth) {
+ SSL_CTX_use_certificate_file(c_ctx, client_cert, SSL_FILETYPE_PEM);
+ SSL_CTX_use_PrivateKey_file(c_ctx,
+ (client_key ? client_key : client_cert),
+ SSL_FILETYPE_PEM);
+ }
+
+ if ((!SSL_CTX_load_verify_locations(s_ctx, CAfile, CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+ (!SSL_CTX_load_verify_locations(c_ctx, CAfile, CApath)) ||
+ (!SSL_CTX_set_default_verify_paths(c_ctx))) {
+ /* fprintf(stderr,"SSL_load_verify_locations\n"); */
+ ERR_print_errors(bio_err);
+ /* goto end; */
+ }
+
+ if (client_auth) {
+ BIO_printf(bio_err, "client authentication\n");
+ SSL_CTX_set_verify(s_ctx,
+ SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+ verify_callback);
+ SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback,
+ &app_verify_arg);
+ }
+ if (server_auth) {
+ BIO_printf(bio_err, "server authentication\n");
+ SSL_CTX_set_verify(c_ctx, SSL_VERIFY_PEER, verify_callback);
+ SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback,
+ &app_verify_arg);
+ }
+
+ {
+ int session_id_context = 0;
+ SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context,
+ sizeof session_id_context);
+ }
+
+ c_ssl = SSL_new(c_ctx);
+ s_ssl = SSL_new(s_ctx);
+
+#ifndef OPENSSL_NO_KRB5
+ if (c_ssl && c_ssl->kssl_ctx) {
+ char localhost[MAXHOSTNAMELEN + 2];
+
+ if (gethostname(localhost, sizeof localhost - 1) == 0) {
+ localhost[sizeof localhost - 1] = '\0';
+ if (strlen(localhost) == sizeof localhost - 1) {
+ BIO_printf(bio_err, "localhost name too long\n");
+ goto end;
+ }
+ kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost);
+ }
+ }
+#endif /* OPENSSL_NO_KRB5 */
+
+ for (i = 0; i < number; i++) {
+ if (!reuse)
+ SSL_set_session(c_ssl, NULL);
+ if (bio_pair)
+ ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time);
+ else
+ ret = doit(s_ssl, c_ssl, bytes);
+ }
+
+ if (!verbose) {
+ print_details(c_ssl, "");
+ }
+ if ((number > 1) || (bytes > 1L))
+ BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", number,
+ bytes);
+ if (print_time) {
+#ifdef CLOCKS_PER_SEC
+ /*
+ * "To determine the time in seconds, the value returned by the clock
+ * function should be divided by the value of the macro
+ * CLOCKS_PER_SEC." -- ISO/IEC 9899
+ */
+ BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
+ "Approximate total client time: %6.2f s\n",
+ (double)s_time / CLOCKS_PER_SEC,
+ (double)c_time / CLOCKS_PER_SEC);
+#else
+ /*
+ * "`CLOCKS_PER_SEC' undeclared (first use this function)" -- cc on
+ * NeXTstep/OpenStep
+ */
+ BIO_printf(bio_stdout,
+ "Approximate total server time: %6.2f units\n"
+ "Approximate total client time: %6.2f units\n",
+ (double)s_time, (double)c_time);
+#endif
+ }
+
+ SSL_free(s_ssl);
+ SSL_free(c_ssl);
+
+ end:
+ if (s_ctx != NULL)
+ SSL_CTX_free(s_ctx);
+ if (c_ctx != NULL)
+ SSL_CTX_free(c_ctx);
+
+ if (bio_stdout != NULL)
+ BIO_free(bio_stdout);
+
+#ifndef OPENSSL_NO_RSA
+ free_tmp_rsa();
+#endif
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+#endif
+ CRYPTO_cleanup_all_ex_data();
+ ERR_free_strings();
+ ERR_remove_state(0);
+ EVP_cleanup();
+ CRYPTO_mem_leaks(bio_err);
+ if (bio_err != NULL)
+ BIO_free(bio_err);
+ EXIT(ret);
+ return ret;
+}
+
+int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
+ clock_t *s_time, clock_t *c_time)
+{
+ long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
+ BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
+ BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
+ int ret = 1;
+
+ size_t bufsiz = 256; /* small buffer for testing */
+
+ if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
+ goto err;
+ if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
+ goto err;
+
+ s_ssl_bio = BIO_new(BIO_f_ssl());
+ if (!s_ssl_bio)
+ goto err;
+
+ c_ssl_bio = BIO_new(BIO_f_ssl());
+ if (!c_ssl_bio)
+ goto err;
+
+ SSL_set_connect_state(c_ssl);
+ SSL_set_bio(c_ssl, client, client);
+ (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
+
+ SSL_set_accept_state(s_ssl);
+ SSL_set_bio(s_ssl, server, server);
+ (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
+
+ do {
+ /*-
+ * c_ssl_bio: SSL filter BIO
+ *
+ * client: pseudo-I/O for SSL library
+ *
+ * client_io: client's SSL communication; usually to be
+ * relayed over some I/O facility, but in this
+ * test program, we're the server, too:
+ *
+ * server_io: server's SSL communication
+ *
+ * server: pseudo-I/O for SSL library
+ *
+ * s_ssl_bio: SSL filter BIO
+ *
+ * The client and the server each employ a "BIO pair":
+ * client + client_io, server + server_io.
+ * BIO pairs are symmetric. A BIO pair behaves similar
+ * to a non-blocking socketpair (but both endpoints must
+ * be handled by the same thread).
+ * [Here we could connect client and server to the ends
+ * of a single BIO pair, but then this code would be less
+ * suitable as an example for BIO pairs in general.]
+ *
+ * Useful functions for querying the state of BIO pair endpoints:
+ *
+ * BIO_ctrl_pending(bio) number of bytes we can read now
+ * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
+ * other side's read attempt
+ * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
+ *
+ * ..._read_request is never more than ..._write_guarantee;
+ * it depends on the application which one you should use.
+ */
+
+ /*
+ * We have non-blocking behaviour throughout this test program, but
+ * can be sure that there is *some* progress in each iteration; so we
+ * don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE --
+ * we just try everything in each iteration
+ */
+
+ {
+ /* CLIENT */
+
+ MS_STATIC char cbuf[1024 * 8];
+ int i, r;
+ clock_t c_clock = clock();
+
+ memset(cbuf, 0, sizeof(cbuf));
+
+ if (debug)
+ if (SSL_in_init(c_ssl))
+ printf("client waiting in SSL_connect - %s\n",
+ SSL_state_string_long(c_ssl));
+
+ if (cw_num > 0) {
+ /* Write to server. */
+
+ if (cw_num > (long)sizeof cbuf)
+ i = sizeof cbuf;
+ else
+ i = (int)cw_num;
+ r = BIO_write(c_ssl_bio, cbuf, i);
+ if (r < 0) {
+ if (!BIO_should_retry(c_ssl_bio)) {
+ fprintf(stderr, "ERROR in CLIENT\n");
+ goto err;
+ }
+ /*
+ * BIO_should_retry(...) can just be ignored here. The
+ * library expects us to call BIO_write with the same
+ * arguments again, and that's what we will do in the
+ * next iteration.
+ */
+ } else if (r == 0) {
+ fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ goto err;
+ } else {
+ if (debug)
+ printf("client wrote %d\n", r);
+ cw_num -= r;
+ }
+ }
+
+ if (cr_num > 0) {
+ /* Read from server. */
+
+ r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
+ if (r < 0) {
+ if (!BIO_should_retry(c_ssl_bio)) {
+ fprintf(stderr, "ERROR in CLIENT\n");
+ goto err;
+ }
+ /*
+ * Again, "BIO_should_retry" can be ignored.
+ */
+ } else if (r == 0) {
+ fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ goto err;
+ } else {
+ if (debug)
+ printf("client read %d\n", r);
+ cr_num -= r;
+ }
+ }
+
+ /*
+ * c_time and s_time increments will typically be very small
+ * (depending on machine speed and clock tick intervals), but
+ * sampling over a large number of connections should result in
+ * fairly accurate figures. We cannot guarantee a lot, however
+ * -- if each connection lasts for exactly one clock tick, it
+ * will be counted only for the client or only for the server or
+ * even not at all.
+ */
+ *c_time += (clock() - c_clock);
+ }
+
+ {
+ /* SERVER */
+
+ MS_STATIC char sbuf[1024 * 8];
+ int i, r;
+ clock_t s_clock = clock();
+
+ memset(sbuf, 0, sizeof(sbuf));
+
+ if (debug)
+ if (SSL_in_init(s_ssl))
+ printf("server waiting in SSL_accept - %s\n",
+ SSL_state_string_long(s_ssl));
+
+ if (sw_num > 0) {
+ /* Write to client. */
+
+ if (sw_num > (long)sizeof sbuf)
+ i = sizeof sbuf;
+ else
+ i = (int)sw_num;
+ r = BIO_write(s_ssl_bio, sbuf, i);
+ if (r < 0) {
+ if (!BIO_should_retry(s_ssl_bio)) {
+ fprintf(stderr, "ERROR in SERVER\n");
+ goto err;
+ }
+ /* Ignore "BIO_should_retry". */
+ } else if (r == 0) {
+ fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+ goto err;
+ } else {
+ if (debug)
+ printf("server wrote %d\n", r);
+ sw_num -= r;
+ }
+ }
+
+ if (sr_num > 0) {
+ /* Read from client. */
+
+ r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
+ if (r < 0) {
+ if (!BIO_should_retry(s_ssl_bio)) {
+ fprintf(stderr, "ERROR in SERVER\n");
+ goto err;
+ }
+ /* blah, blah */
+ } else if (r == 0) {
+ fprintf(stderr, "SSL SERVER STARTUP FAILED\n");
+ goto err;
+ } else {
+ if (debug)
+ printf("server read %d\n", r);
+ sr_num -= r;
+ }
+ }
+
+ *s_time += (clock() - s_clock);
+ }
+
+ {
+ /* "I/O" BETWEEN CLIENT AND SERVER. */
+
+ size_t r1, r2;
+ BIO *io1 = server_io, *io2 = client_io;
+ /*
+ * we use the non-copying interface for io1 and the standard
+ * BIO_write/BIO_read interface for io2
+ */
+
+ static int prev_progress = 1;
+ int progress = 0;
+
+ /* io1 to io2 */
+ do {
+ size_t num;
+ int r;
+
+ r1 = BIO_ctrl_pending(io1);
+ r2 = BIO_ctrl_get_write_guarantee(io2);
+
+ num = r1;
+ if (r2 < num)
+ num = r2;
+ if (num) {
+ char *dataptr;
+
+ if (INT_MAX < num) /* yeah, right */
+ num = INT_MAX;
+
+ r = BIO_nread(io1, &dataptr, (int)num);
+ assert(r > 0);
+ assert(r <= (int)num);
+ /*
+ * possibly r < num (non-contiguous data)
+ */
+ num = r;
+ r = BIO_write(io2, dataptr, (int)num);
+ if (r != (int)num) { /* can't happen */
+ fprintf(stderr, "ERROR: BIO_write could not write "
+ "BIO_ctrl_get_write_guarantee() bytes");
+ goto err;
+ }
+ progress = 1;
+
+ if (debug)
+ printf((io1 == client_io) ?
+ "C->S relaying: %d bytes\n" :
+ "S->C relaying: %d bytes\n", (int)num);
+ }
+ }
+ while (r1 && r2);
+
+ /* io2 to io1 */
+ {
+ size_t num;
+ int r;
+
+ r1 = BIO_ctrl_pending(io2);
+ r2 = BIO_ctrl_get_read_request(io1);
+ /*
+ * here we could use ..._get_write_guarantee instead of
+ * ..._get_read_request, but by using the latter we test
+ * restartability of the SSL implementation more thoroughly
+ */
+ num = r1;
+ if (r2 < num)
+ num = r2;
+ if (num) {
+ char *dataptr;
+
+ if (INT_MAX < num)
+ num = INT_MAX;
+
+ if (num > 1)
+ --num; /* test restartability even more thoroughly */
+
+ r = BIO_nwrite0(io1, &dataptr);
+ assert(r > 0);
+ if (r < (int)num)
+ num = r;
+ r = BIO_read(io2, dataptr, (int)num);
+ if (r != (int)num) { /* can't happen */
+ fprintf(stderr, "ERROR: BIO_read could not read "
+ "BIO_ctrl_pending() bytes");
+ goto err;
+ }
+ progress = 1;
+ r = BIO_nwrite(io1, &dataptr, (int)num);
+ if (r != (int)num) { /* can't happen */
+ fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
+ "BIO_nwrite0() bytes");
+ goto err;
+ }
+
+ if (debug)
+ printf((io2 == client_io) ?
+ "C->S relaying: %d bytes\n" :
+ "S->C relaying: %d bytes\n", (int)num);
+ }
+ } /* no loop, BIO_ctrl_get_read_request now
+ * returns 0 anyway */
+
+ if (!progress && !prev_progress)
+ if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0) {
+ fprintf(stderr, "ERROR: got stuck\n");
+ if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0) {
+ fprintf(stderr, "This can happen for SSL2 because "
+ "CLIENT-FINISHED and SERVER-VERIFY are written \n"
+ "concurrently ...");
+ if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
+ && strncmp("2SSV", SSL_state_string(s_ssl),
+ 4) == 0) {
+ fprintf(stderr, " ok.\n");
+ goto end;
+ }
+ }
+ fprintf(stderr, " ERROR.\n");
+ goto err;
+ }
+ prev_progress = progress;
+ }
+ }
+ while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
+
+ if (verbose)
+ print_details(c_ssl, "DONE via BIO pair: ");
+ end:
+ ret = 0;
+
+ err:
+ ERR_print_errors(bio_err);
+
+ if (server)
+ BIO_free(server);
+ if (server_io)
+ BIO_free(server_io);
+ if (client)
+ BIO_free(client);
+ if (client_io)
+ BIO_free(client_io);
+ if (s_ssl_bio)
+ BIO_free(s_ssl_bio);
+ if (c_ssl_bio)
+ BIO_free(c_ssl_bio);
+
+ return ret;
+}
+
+#define W_READ 1
+#define W_WRITE 2
+#define C_DONE 1
+#define S_DONE 2
+
+int doit(SSL *s_ssl, SSL *c_ssl, long count)
+{
+ MS_STATIC char cbuf[1024 * 8], sbuf[1024 * 8];
+ long cw_num = count, cr_num = count;
+ long sw_num = count, sr_num = count;
+ int ret = 1;
+ BIO *c_to_s = NULL;
+ BIO *s_to_c = NULL;
+ BIO *c_bio = NULL;
+ BIO *s_bio = NULL;
+ int c_r, c_w, s_r, s_w;
+ int i, j;
+ int done = 0;
+ int c_write, s_write;
+ int do_server = 0, do_client = 0;
+
+ memset(cbuf, 0, sizeof(cbuf));
+ memset(sbuf, 0, sizeof(sbuf));
+
+ c_to_s = BIO_new(BIO_s_mem());
+ s_to_c = BIO_new(BIO_s_mem());
+ if ((s_to_c == NULL) || (c_to_s == NULL)) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ c_bio = BIO_new(BIO_f_ssl());
+ s_bio = BIO_new(BIO_f_ssl());
+ if ((c_bio == NULL) || (s_bio == NULL)) {
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+
+ SSL_set_connect_state(c_ssl);
+ SSL_set_bio(c_ssl, s_to_c, c_to_s);
+ BIO_set_ssl(c_bio, c_ssl, BIO_NOCLOSE);
+
+ SSL_set_accept_state(s_ssl);
+ SSL_set_bio(s_ssl, c_to_s, s_to_c);
+ BIO_set_ssl(s_bio, s_ssl, BIO_NOCLOSE);
+
+ c_r = 0;
+ s_r = 1;
+ c_w = 1;
+ s_w = 0;
+ c_write = 1, s_write = 0;
+
+ /* We can always do writes */
+ for (;;) {
+ do_server = 0;
+ do_client = 0;
+
+ i = (int)BIO_pending(s_bio);
+ if ((i && s_r) || s_w)
+ do_server = 1;
+
+ i = (int)BIO_pending(c_bio);
+ if ((i && c_r) || c_w)
+ do_client = 1;
+
+ if (do_server && debug) {
+ if (SSL_in_init(s_ssl))
+ printf("server waiting in SSL_accept - %s\n",
+ SSL_state_string_long(s_ssl));
+/*-
+ else if (s_write)
+ printf("server:SSL_write()\n");
+ else
+ printf("server:SSL_read()\n"); */
+ }
+
+ if (do_client && debug) {
+ if (SSL_in_init(c_ssl))
+ printf("client waiting in SSL_connect - %s\n",
+ SSL_state_string_long(c_ssl));
+/*-
+ else if (c_write)
+ printf("client:SSL_write()\n");
+ else
+ printf("client:SSL_read()\n"); */
+ }
+
+ if (!do_client && !do_server) {
+ fprintf(stdout, "ERROR IN STARTUP\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ if (do_client && !(done & C_DONE)) {
+ if (c_write) {
+ j = (cw_num > (long)sizeof(cbuf)) ?
+ (int)sizeof(cbuf) : (int)cw_num;
+ i = BIO_write(c_bio, cbuf, j);
+ if (i < 0) {
+ c_r = 0;
+ c_w = 0;
+ if (BIO_should_retry(c_bio)) {
+ if (BIO_should_read(c_bio))
+ c_r = 1;
+ if (BIO_should_write(c_bio))
+ c_w = 1;
+ } else {
+ fprintf(stderr, "ERROR in CLIENT\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ } else if (i == 0) {
+ fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ goto err;
+ } else {
+ if (debug)
+ printf("client wrote %d\n", i);
+ /* ok */
+ s_r = 1;
+ c_write = 0;
+ cw_num -= i;
+ }
+ } else {
+ i = BIO_read(c_bio, cbuf, sizeof(cbuf));
+ if (i < 0) {
+ c_r = 0;
+ c_w = 0;
+ if (BIO_should_retry(c_bio)) {
+ if (BIO_should_read(c_bio))
+ c_r = 1;
+ if (BIO_should_write(c_bio))
+ c_w = 1;
+ } else {
+ fprintf(stderr, "ERROR in CLIENT\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ } else if (i == 0) {
+ fprintf(stderr, "SSL CLIENT STARTUP FAILED\n");
+ goto err;
+ } else {
+ if (debug)
+ printf("client read %d\n", i);
+ cr_num -= i;
+ if (sw_num > 0) {
+ s_write = 1;
+ s_w = 1;
+ }
+ if (cr_num <= 0) {
+ s_write = 1;
+ s_w = 1;
+ done = S_DONE | C_DONE;
+ }
+ }
+ }
+ }
+
+ if (do_server && !(done & S_DONE)) {
+ if (!s_write) {
+ i = BIO_read(s_bio, sbuf, sizeof(cbuf));
+ if (i < 0) {
+ s_r = 0;
+ s_w = 0;
+ if (BIO_should_retry(s_bio)) {
+ if (BIO_should_read(s_bio))
+ s_r = 1;
+ if (BIO_should_write(s_bio))
+ s_w = 1;
+ } else {
+ fprintf(stderr, "ERROR in SERVER\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ } else if (i == 0) {
+ ERR_print_errors(bio_err);
+ fprintf(stderr,
+ "SSL SERVER STARTUP FAILED in SSL_read\n");
+ goto err;
+ } else {
+ if (debug)
+ printf("server read %d\n", i);
+ sr_num -= i;
+ if (cw_num > 0) {
+ c_write = 1;
+ c_w = 1;
+ }
+ if (sr_num <= 0) {
+ s_write = 1;
+ s_w = 1;
+ c_write = 0;
+ }
+ }
+ } else {
+ j = (sw_num > (long)sizeof(sbuf)) ?
+ (int)sizeof(sbuf) : (int)sw_num;
+ i = BIO_write(s_bio, sbuf, j);
+ if (i < 0) {
+ s_r = 0;
+ s_w = 0;
+ if (BIO_should_retry(s_bio)) {
+ if (BIO_should_read(s_bio))
+ s_r = 1;
+ if (BIO_should_write(s_bio))
+ s_w = 1;
+ } else {
+ fprintf(stderr, "ERROR in SERVER\n");
+ ERR_print_errors(bio_err);
+ goto err;
+ }
+ } else if (i == 0) {
+ ERR_print_errors(bio_err);
+ fprintf(stderr,
+ "SSL SERVER STARTUP FAILED in SSL_write\n");
+ goto err;
+ } else {
+ if (debug)
+ printf("server wrote %d\n", i);
+ sw_num -= i;
+ s_write = 0;
+ c_r = 1;
+ if (sw_num <= 0)
+ done |= S_DONE;
+ }
+ }
+ }
+
+ if ((done & S_DONE) && (done & C_DONE))
+ break;
+ }
+
+ if (verbose)
+ print_details(c_ssl, "DONE: ");
+ ret = 0;
+ err:
+ /*
+ * We have to set the BIO's to NULL otherwise they will be
+ * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and again
+ * when c_ssl is SSL_free()ed. This is a hack required because s_ssl and
+ * c_ssl are sharing the same BIO structure and SSL_set_bio() and
+ * SSL_free() automatically BIO_free non NULL entries. You should not
+ * normally do this or be required to do this
+ */
+ if (s_ssl != NULL) {
+ s_ssl->rbio = NULL;
+ s_ssl->wbio = NULL;
+ }
+ if (c_ssl != NULL) {
+ c_ssl->rbio = NULL;
+ c_ssl->wbio = NULL;
+ }
+
+ if (c_to_s != NULL)
+ BIO_free(c_to_s);
+ if (s_to_c != NULL)
+ BIO_free(s_to_c);
+ if (c_bio != NULL)
+ BIO_free_all(c_bio);
+ if (s_bio != NULL)
+ BIO_free_all(s_bio);
+ return (ret);
+}
+
+static int get_proxy_auth_ex_data_idx(void)
+{
+ static volatile int idx = -1;
+ if (idx < 0) {
+ CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+ if (idx < 0) {
+ idx = X509_STORE_CTX_get_ex_new_index(0,
+ "SSLtest for verify callback",
+ NULL, NULL, NULL);
+ }
+ CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+ }
+ return idx;
+}
+
+static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+ char *s, buf[256];
+
+ s = X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf,
+ sizeof buf);
+ if (s != NULL) {
+ if (ok)
+ fprintf(stderr, "depth=%d %s\n", ctx->error_depth, buf);
+ else {
+ fprintf(stderr, "depth=%d error=%d %s\n",
+ ctx->error_depth, ctx->error, buf);
+ }
+ }
+
+ if (ok == 0) {
+ fprintf(stderr, "Error string: %s\n",
+ X509_verify_cert_error_string(ctx->error));
+ switch (ctx->error) {
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+ fprintf(stderr, " ... ignored.\n");
+ ok = 1;
+ }
+ }
+
+ if (ok == 1) {
+ X509 *xs = ctx->current_cert;
+#if 0
+ X509 *xi = ctx->current_issuer;
+#endif
+
+ if (xs->ex_flags & EXFLAG_PROXY) {
+ unsigned int *letters = X509_STORE_CTX_get_ex_data(ctx,
+ get_proxy_auth_ex_data_idx
+ ());
+
+ if (letters) {
+ int found_any = 0;
+ int i;
+ PROXY_CERT_INFO_EXTENSION *pci =
+ X509_get_ext_d2i(xs, NID_proxyCertInfo,
+ NULL, NULL);
+
+ switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
+ case NID_Independent:
+ /*
+ * Completely meaningless in this program, as there's no
+ * way to grant explicit rights to a specific PrC.
+ * Basically, using id-ppl-Independent is the perfect way
+ * to grant no rights at all.
+ */
+ fprintf(stderr, " Independent proxy certificate");
+ for (i = 0; i < 26; i++)
+ letters[i] = 0;
+ break;
+ case NID_id_ppl_inheritAll:
+ /*
+ * This is basically a NOP, we simply let the current
+ * rights stand as they are.
+ */
+ fprintf(stderr, " Proxy certificate inherits all");
+ break;
+ default:
+ s = (char *)
+ pci->proxyPolicy->policy->data;
+ i = pci->proxyPolicy->policy->length;
+
+ /*
+ * The algorithm works as follows: it is assumed that
+ * previous iterations or the initial granted rights has
+ * already set some elements of `letters'. What we need
+ * to do is to clear those that weren't granted by the
+ * current PrC as well. The easiest way to do this is to
+ * add 1 to all the elements whose letters are given with
+ * the current policy. That way, all elements that are
+ * set by the current policy and were already set by
+ * earlier policies and through the original grant of
+ * rights will get the value 2 or higher. The last thing
+ * to do is to sweep through `letters' and keep the
+ * elements having the value 2 as set, and clear all the
+ * others.
+ */
+
+ fprintf(stderr, " Certificate proxy rights = %*.*s", i,
+ i, s);
+ while (i-- > 0) {
+ int c = *s++;
+ if (isascii(c) && isalpha(c)) {
+ if (islower(c))
+ c = toupper(c);
+ letters[c - 'A']++;
+ }
+ }
+ for (i = 0; i < 26; i++)
+ if (letters[i] < 2)
+ letters[i] = 0;
+ else
+ letters[i] = 1;
+ }
+
+ found_any = 0;
+ fprintf(stderr, ", resulting proxy rights = ");
+ for (i = 0; i < 26; i++)
+ if (letters[i]) {
+ fprintf(stderr, "%c", i + 'A');
+ found_any = 1;
+ }
+ if (!found_any)
+ fprintf(stderr, "none");
+ fprintf(stderr, "\n");
+
+ PROXY_CERT_INFO_EXTENSION_free(pci);
+ }
+ }
+ }
+
+ return (ok);
+}
+
+static void process_proxy_debug(int indent, const char *format, ...)
+{
+ /* That's 80 > */
+ static const char indentation[] =
+ ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
+ ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>";
+ char my_format[256];
+ va_list args;
+
+ BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
+ indent, indent, indentation, format);
+
+ va_start(args, format);
+ vfprintf(stderr, my_format, args);
+ va_end(args);
+}
+
+/*-
+ * Priority levels:
+ * 0 [!]var, ()
+ * 1 & ^
+ * 2 |
+ */
+static int process_proxy_cond_adders(unsigned int letters[26],
+ const char *cond, const char **cond_end,
+ int *pos, int indent);
+static int process_proxy_cond_val(unsigned int letters[26], const char *cond,
+ const char **cond_end, int *pos, int indent)
+{
+ int c;
+ int ok = 1;
+ int negate = 0;
+
+ while (isspace((int)*cond)) {
+ cond++;
+ (*pos)++;
+ }
+ c = *cond;
+
+ if (debug)
+ process_proxy_debug(indent,
+ "Start process_proxy_cond_val at position %d: %s\n",
+ *pos, cond);
+
+ while (c == '!') {
+ negate = !negate;
+ cond++;
+ (*pos)++;
+ while (isspace((int)*cond)) {
+ cond++;
+ (*pos)++;
+ }
+ c = *cond;
+ }
+
+ if (c == '(') {
+ cond++;
+ (*pos)++;
+ ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
+ indent + 1);
+ cond = *cond_end;
+ if (ok < 0)
+ goto end;
+ while (isspace((int)*cond)) {
+ cond++;
+ (*pos)++;
+ }
+ c = *cond;
+ if (c != ')') {
+ fprintf(stderr,
+ "Weird condition character in position %d: "
+ "%c\n", *pos, c);
+ ok = -1;
+ goto end;
+ }
+ cond++;
+ (*pos)++;
+ } else if (isascii(c) && isalpha(c)) {
+ if (islower(c))
+ c = toupper(c);
+ ok = letters[c - 'A'];
+ cond++;
+ (*pos)++;
+ } else {
+ fprintf(stderr,
+ "Weird condition character in position %d: " "%c\n", *pos, c);
+ ok = -1;
+ goto end;
+ }
+ end:
+ *cond_end = cond;
+ if (ok >= 0 && negate)
+ ok = !ok;
+
+ if (debug)
+ process_proxy_debug(indent,
+ "End process_proxy_cond_val at position %d: %s, returning %d\n",
+ *pos, cond, ok);
+
+ return ok;
+}
+
+static int process_proxy_cond_multipliers(unsigned int letters[26],
+ const char *cond,
+ const char **cond_end, int *pos,
+ int indent)
+{
+ int ok;
+ char c;
+
+ if (debug)
+ process_proxy_debug(indent,
+ "Start process_proxy_cond_multipliers at position %d: %s\n",
+ *pos, cond);
+
+ ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
+ cond = *cond_end;
+ if (ok < 0)
+ goto end;
+
+ while (ok >= 0) {
+ while (isspace((int)*cond)) {
+ cond++;
+ (*pos)++;
+ }
+ c = *cond;
+
+ switch (c) {
+ case '&':
+ case '^':
+ {
+ int save_ok = ok;
+
+ cond++;
+ (*pos)++;
+ ok = process_proxy_cond_val(letters,
+ cond, cond_end, pos, indent + 1);
+ cond = *cond_end;
+ if (ok < 0)
+ break;
+
+ switch (c) {
+ case '&':
+ ok &= save_ok;
+ break;
+ case '^':
+ ok ^= save_ok;
+ break;
+ default:
+ fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
+ " STOPPING\n");
+ EXIT(1);
+ }
+ }
+ break;
+ default:
+ goto end;
+ }
+ }
+ end:
+ if (debug)
+ process_proxy_debug(indent,
+ "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
+ *pos, cond, ok);
+
+ *cond_end = cond;
+ return ok;
+}
+
+static int process_proxy_cond_adders(unsigned int letters[26],
+ const char *cond, const char **cond_end,
+ int *pos, int indent)
+{
+ int ok;
+ char c;
+
+ if (debug)
+ process_proxy_debug(indent,
+ "Start process_proxy_cond_adders at position %d: %s\n",
+ *pos, cond);
+
+ ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
+ indent + 1);
+ cond = *cond_end;
+ if (ok < 0)
+ goto end;
+
+ while (ok >= 0) {
+ while (isspace((int)*cond)) {
+ cond++;
+ (*pos)++;
+ }
+ c = *cond;
+
+ switch (c) {
+ case '|':
+ {
+ int save_ok = ok;
+
+ cond++;
+ (*pos)++;
+ ok = process_proxy_cond_multipliers(letters,
+ cond, cond_end, pos,
+ indent + 1);
+ cond = *cond_end;
+ if (ok < 0)
+ break;
+
+ switch (c) {
+ case '|':
+ ok |= save_ok;
+ break;
+ default:
+ fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
+ " STOPPING\n");
+ EXIT(1);
+ }
+ }
+ break;
+ default:
+ goto end;
+ }
+ }
+ end:
+ if (debug)
+ process_proxy_debug(indent,
+ "End process_proxy_cond_adders at position %d: %s, returning %d\n",
+ *pos, cond, ok);
+
+ *cond_end = cond;
+ return ok;
+}
+
+static int process_proxy_cond(unsigned int letters[26],
+ const char *cond, const char **cond_end)
+{
+ int pos = 1;
+ return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
+}
+
+static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
+{
+ int ok = 1;
+ struct app_verify_arg *cb_arg = arg;
+ unsigned int letters[26]; /* only used with proxy_auth */
+
+ if (cb_arg->app_verify) {
+ char *s = NULL, buf[256];
+
+ fprintf(stderr, "In app_verify_callback, allowing cert. ");
+ fprintf(stderr, "Arg is: %s\n", cb_arg->string);
+ fprintf(stderr,
+ "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
+ (void *)ctx, (void *)ctx->cert);
+ if (ctx->cert)
+ s = X509_NAME_oneline(X509_get_subject_name(ctx->cert), buf, 256);
+ if (s != NULL) {
+ fprintf(stderr, "cert depth=%d %s\n", ctx->error_depth, buf);
+ }
+ return (1);
+ }
+ if (cb_arg->proxy_auth) {
+ int found_any = 0, i;
+ char *sp;
+
+ for (i = 0; i < 26; i++)
+ letters[i] = 0;
+ for (sp = cb_arg->proxy_auth; *sp; sp++) {
+ int c = *sp;
+ if (isascii(c) && isalpha(c)) {
+ if (islower(c))
+ c = toupper(c);
+ letters[c - 'A'] = 1;
+ }
+ }
+
+ fprintf(stderr, " Initial proxy rights = ");
+ for (i = 0; i < 26; i++)
+ if (letters[i]) {
+ fprintf(stderr, "%c", i + 'A');
+ found_any = 1;
+ }
+ if (!found_any)
+ fprintf(stderr, "none");
+ fprintf(stderr, "\n");
+
+ X509_STORE_CTX_set_ex_data(ctx,
+ get_proxy_auth_ex_data_idx(), letters);
+ }
+ if (cb_arg->allow_proxy_certs) {
+ X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+ }
+#ifndef OPENSSL_NO_X509_VERIFY
+ ok = X509_verify_cert(ctx);
+#endif
+
+ if (cb_arg->proxy_auth) {
+ if (ok > 0) {
+ const char *cond_end = NULL;
+
+ ok = process_proxy_cond(letters, cb_arg->proxy_cond, &cond_end);
+
+ if (ok < 0)
+ EXIT(3);
+ if (*cond_end) {
+ fprintf(stderr,
+ "Stopped processing condition before it's end.\n");
+ ok = 0;
+ }
+ if (!ok)
+ fprintf(stderr,
+ "Proxy rights check with condition '%s' proved invalid\n",
+ cb_arg->proxy_cond);
+ else
+ fprintf(stderr,
+ "Proxy rights check with condition '%s' proved valid\n",
+ cb_arg->proxy_cond);
+ }
+ }
+ return (ok);
+}
+
+#ifndef OPENSSL_NO_RSA
+static RSA *rsa_tmp = NULL;
+
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
+{
+ BIGNUM *bn = NULL;
+ if (rsa_tmp == NULL) {
+ bn = BN_new();
+ rsa_tmp = RSA_new();
+ if (!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4)) {
+ BIO_printf(bio_err, "Memory error...");
+ goto end;
+ }
+ BIO_printf(bio_err, "Generating temp (%d bit) RSA key...", keylength);
+ (void)BIO_flush(bio_err);
+ if (!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) {
+ BIO_printf(bio_err, "Error generating key.");
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
+ end:
+ BIO_printf(bio_err, "\n");
+ (void)BIO_flush(bio_err);
+ }
+ if (bn)
+ BN_free(bn);
+ return (rsa_tmp);
+}
+
+static void free_tmp_rsa(void)
+{
+ if (rsa_tmp != NULL) {
+ RSA_free(rsa_tmp);
+ rsa_tmp = NULL;
+ }
+}
+#endif
+
+#ifndef OPENSSL_NO_DH
+/*-
+ * These DH parameters have been generated as follows:
+ * $ openssl dhparam -C -noout 512
+ * $ openssl dhparam -C -noout 1024
+ * $ openssl dhparam -C -noout -dsaparam 1024
+ * (The third function has been renamed to avoid name conflicts.)
+ */
+static DH *get_dh512()
+{
+ static unsigned char dh512_p[] = {
+ 0xCB, 0xC8, 0xE1, 0x86, 0xD0, 0x1F, 0x94, 0x17, 0xA6, 0x99, 0xF0,
+ 0xC6,
+ 0x1F, 0x0D, 0xAC, 0xB6, 0x25, 0x3E, 0x06, 0x39, 0xCA, 0x72, 0x04,
+ 0xB0,
+ 0x6E, 0xDA, 0xC0, 0x61, 0xE6, 0x7A, 0x77, 0x25, 0xE8, 0x3B, 0xB9,
+ 0x5F,
+ 0x9A, 0xB6, 0xB5, 0xFE, 0x99, 0x0B, 0xA1, 0x93, 0x4E, 0x35, 0x33,
+ 0xB8,
+ 0xE1, 0xF1, 0x13, 0x4F, 0x59, 0x1A, 0xD2, 0x57, 0xC0, 0x26, 0x21,
+ 0x33,
+ 0x02, 0xC5, 0xAE, 0x23,
+ };
+ static unsigned char dh512_g[] = {
+ 0x02,
+ };
+ DH *dh;
+
+ if ((dh = DH_new()) == NULL)
+ return (NULL);
+ dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+ dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ DH_free(dh);
+ return (NULL);
+ }
+ return (dh);
+}
+
+static DH *get_dh1024()
+{
+ static unsigned char dh1024_p[] = {
+ 0xF8, 0x81, 0x89, 0x7D, 0x14, 0x24, 0xC5, 0xD1, 0xE6, 0xF7, 0xBF,
+ 0x3A,
+ 0xE4, 0x90, 0xF4, 0xFC, 0x73, 0xFB, 0x34, 0xB5, 0xFA, 0x4C, 0x56,
+ 0xA2,
+ 0xEA, 0xA7, 0xE9, 0xC0, 0xC0, 0xCE, 0x89, 0xE1, 0xFA, 0x63, 0x3F,
+ 0xB0,
+ 0x6B, 0x32, 0x66, 0xF1, 0xD1, 0x7B, 0xB0, 0x00, 0x8F, 0xCA, 0x87,
+ 0xC2,
+ 0xAE, 0x98, 0x89, 0x26, 0x17, 0xC2, 0x05, 0xD2, 0xEC, 0x08, 0xD0,
+ 0x8C,
+ 0xFF, 0x17, 0x52, 0x8C, 0xC5, 0x07, 0x93, 0x03, 0xB1, 0xF6, 0x2F,
+ 0xB8,
+ 0x1C, 0x52, 0x47, 0x27, 0x1B, 0xDB, 0xD1, 0x8D, 0x9D, 0x69, 0x1D,
+ 0x52,
+ 0x4B, 0x32, 0x81, 0xAA, 0x7F, 0x00, 0xC8, 0xDC, 0xE6, 0xD9, 0xCC,
+ 0xC1,
+ 0x11, 0x2D, 0x37, 0x34, 0x6C, 0xEA, 0x02, 0x97, 0x4B, 0x0E, 0xBB,
+ 0xB1,
+ 0x71, 0x33, 0x09, 0x15, 0xFD, 0xDD, 0x23, 0x87, 0x07, 0x5E, 0x89,
+ 0xAB,
+ 0x6B, 0x7C, 0x5F, 0xEC, 0xA6, 0x24, 0xDC, 0x53,
+ };
+ static unsigned char dh1024_g[] = {
+ 0x02,
+ };
+ DH *dh;
+
+ if ((dh = DH_new()) == NULL)
+ return (NULL);
+ dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
+ dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ DH_free(dh);
+ return (NULL);
+ }
+ return (dh);
+}
+
+static DH *get_dh1024dsa()
+{
+ static unsigned char dh1024_p[] = {
+ 0xC8, 0x00, 0xF7, 0x08, 0x07, 0x89, 0x4D, 0x90, 0x53, 0xF3, 0xD5,
+ 0x00,
+ 0x21, 0x1B, 0xF7, 0x31, 0xA6, 0xA2, 0xDA, 0x23, 0x9A, 0xC7, 0x87,
+ 0x19,
+ 0x3B, 0x47, 0xB6, 0x8C, 0x04, 0x6F, 0xFF, 0xC6, 0x9B, 0xB8, 0x65,
+ 0xD2,
+ 0xC2, 0x5F, 0x31, 0x83, 0x4A, 0xA7, 0x5F, 0x2F, 0x88, 0x38, 0xB6,
+ 0x55,
+ 0xCF, 0xD9, 0x87, 0x6D, 0x6F, 0x9F, 0xDA, 0xAC, 0xA6, 0x48, 0xAF,
+ 0xFC,
+ 0x33, 0x84, 0x37, 0x5B, 0x82, 0x4A, 0x31, 0x5D, 0xE7, 0xBD, 0x52,
+ 0x97,
+ 0xA1, 0x77, 0xBF, 0x10, 0x9E, 0x37, 0xEA, 0x64, 0xFA, 0xCA, 0x28,
+ 0x8D,
+ 0x9D, 0x3B, 0xD2, 0x6E, 0x09, 0x5C, 0x68, 0xC7, 0x45, 0x90, 0xFD,
+ 0xBB,
+ 0x70, 0xC9, 0x3A, 0xBB, 0xDF, 0xD4, 0x21, 0x0F, 0xC4, 0x6A, 0x3C,
+ 0xF6,
+ 0x61, 0xCF, 0x3F, 0xD6, 0x13, 0xF1, 0x5F, 0xBC, 0xCF, 0xBC, 0x26,
+ 0x9E,
+ 0xBC, 0x0B, 0xBD, 0xAB, 0x5D, 0xC9, 0x54, 0x39,
+ };
+ static unsigned char dh1024_g[] = {
+ 0x3B, 0x40, 0x86, 0xE7, 0xF3, 0x6C, 0xDE, 0x67, 0x1C, 0xCC, 0x80,
+ 0x05,
+ 0x5A, 0xDF, 0xFE, 0xBD, 0x20, 0x27, 0x74, 0x6C, 0x24, 0xC9, 0x03,
+ 0xF3,
+ 0xE1, 0x8D, 0xC3, 0x7D, 0x98, 0x27, 0x40, 0x08, 0xB8, 0x8C, 0x6A,
+ 0xE9,
+ 0xBB, 0x1A, 0x3A, 0xD6, 0x86, 0x83, 0x5E, 0x72, 0x41, 0xCE, 0x85,
+ 0x3C,
+ 0xD2, 0xB3, 0xFC, 0x13, 0xCE, 0x37, 0x81, 0x9E, 0x4C, 0x1C, 0x7B,
+ 0x65,
+ 0xD3, 0xE6, 0xA6, 0x00, 0xF5, 0x5A, 0x95, 0x43, 0x5E, 0x81, 0xCF,
+ 0x60,
+ 0xA2, 0x23, 0xFC, 0x36, 0xA7, 0x5D, 0x7A, 0x4C, 0x06, 0x91, 0x6E,
+ 0xF6,
+ 0x57, 0xEE, 0x36, 0xCB, 0x06, 0xEA, 0xF5, 0x3D, 0x95, 0x49, 0xCB,
+ 0xA7,
+ 0xDD, 0x81, 0xDF, 0x80, 0x09, 0x4A, 0x97, 0x4D, 0xA8, 0x22, 0x72,
+ 0xA1,
+ 0x7F, 0xC4, 0x70, 0x56, 0x70, 0xE8, 0x20, 0x10, 0x18, 0x8F, 0x2E,
+ 0x60,
+ 0x07, 0xE7, 0x68, 0x1A, 0x82, 0x5D, 0x32, 0xA2,
+ };
+ DH *dh;
+
+ if ((dh = DH_new()) == NULL)
+ return (NULL);
+ dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
+ dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+ DH_free(dh);
+ return (NULL);
+ }
+ dh->length = 160;
+ return (dh);
+}
+#endif
+
+static int do_test_cipherlist(void)
+{
+ int i = 0;
+ const SSL_METHOD *meth;
+ SSL_CIPHER *ci, *tci = NULL;
+
+#ifndef OPENSSL_NO_SSL2
+ fprintf(stderr, "testing SSLv2 cipher list order: ");
+ meth = SSLv2_method();
+ while ((ci = meth->get_cipher(i++)) != NULL) {
+ if (tci != NULL)
+ if (ci->id >= tci->id) {
+ fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+ return 0;
+ }
+ tci = ci;
+ }
+ fprintf(stderr, "ok\n");
+#endif
+#ifndef OPENSSL_NO_SSL3
+ fprintf(stderr, "testing SSLv3 cipher list order: ");
+ meth = SSLv3_method();
+ tci = NULL;
+ while ((ci = meth->get_cipher(i++)) != NULL) {
+ if (tci != NULL)
+ if (ci->id >= tci->id) {
+ fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+ return 0;
+ }
+ tci = ci;
+ }
+ fprintf(stderr, "ok\n");
+#endif
+#ifndef OPENSSL_NO_TLS1
+ fprintf(stderr, "testing TLSv1 cipher list order: ");
+ meth = TLSv1_method();
+ tci = NULL;
+ while ((ci = meth->get_cipher(i++)) != NULL) {
+ if (tci != NULL)
+ if (ci->id >= tci->id) {
+ fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
+ return 0;
+ }
+ tci = ci;
+ }
+ fprintf(stderr, "ok\n");
+#endif
+
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/t1_clnt.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/t1_clnt.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/t1_clnt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,79 +0,0 @@
-/* ssl/t1_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *tls1_get_client_method(int ver);
-static SSL_METHOD *tls1_get_client_method(int ver)
- {
- if (ver == TLS1_VERSION)
- return(TLSv1_client_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_tls1_meth_func(TLSv1_client_method,
- ssl_undefined_function,
- ssl3_connect,
- tls1_get_client_method)
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/t1_clnt.c (from rev 6976, vendor-crypto/openssl/dist/ssl/t1_clnt.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/t1_clnt.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/t1_clnt.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,77 @@
+/* ssl/t1_clnt.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+
+static SSL_METHOD *tls1_get_client_method(int ver);
+static SSL_METHOD *tls1_get_client_method(int ver)
+{
+ if (ver == TLS1_VERSION)
+ return (TLSv1_client_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_tls1_meth_func(TLSv1_client_method,
+ ssl_undefined_function,
+ ssl3_connect, tls1_get_client_method)
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/t1_enc.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/t1_enc.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/t1_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,865 +0,0 @@
-/* ssl/t1_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
-#ifdef KSSL_DEBUG
-#include <openssl/des.h>
-#endif
-
-static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
- int sec_len, unsigned char *seed, int seed_len,
- unsigned char *out, int olen)
- {
- int chunk;
- unsigned int j;
- HMAC_CTX ctx;
- HMAC_CTX ctx_tmp;
- unsigned char A1[EVP_MAX_MD_SIZE];
- unsigned int A1_len;
-
- chunk=EVP_MD_size(md);
-
- HMAC_CTX_init(&ctx);
- HMAC_CTX_init(&ctx_tmp);
- HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
- HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
- HMAC_Update(&ctx,seed,seed_len);
- HMAC_Final(&ctx,A1,&A1_len);
-
- for (;;)
- {
- HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
- HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
- HMAC_Update(&ctx,A1,A1_len);
- HMAC_Update(&ctx_tmp,A1,A1_len);
- HMAC_Update(&ctx,seed,seed_len);
-
- if (olen > chunk)
- {
- HMAC_Final(&ctx,out,&j);
- out+=j;
- olen-=j;
- HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
- }
- else /* last one */
- {
- HMAC_Final(&ctx,A1,&A1_len);
- memcpy(out,A1,olen);
- break;
- }
- }
- HMAC_CTX_cleanup(&ctx);
- HMAC_CTX_cleanup(&ctx_tmp);
- OPENSSL_cleanse(A1,sizeof(A1));
- }
-
-static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
- unsigned char *label, int label_len,
- const unsigned char *sec, int slen, unsigned char *out1,
- unsigned char *out2, int olen)
- {
- int len,i;
- const unsigned char *S1,*S2;
-
- len=slen/2;
- S1=sec;
- S2= &(sec[len]);
- len+=(slen&1); /* add for odd, make longer */
-
-
- tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
- tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
-
- for (i=0; i<olen; i++)
- out1[i]^=out2[i];
- }
-
-static void tls1_generate_key_block(SSL *s, unsigned char *km,
- unsigned char *tmp, int num)
- {
- unsigned char *p;
- unsigned char buf[SSL3_RANDOM_SIZE*2+
- TLS_MD_MAX_CONST_SIZE];
- p=buf;
-
- memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
- TLS_MD_KEY_EXPANSION_CONST_SIZE);
- p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
- s->session->master_key,s->session->master_key_length,
- km,tmp,num);
-#ifdef KSSL_DEBUG
- printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
- s->session->master_key_length);
- {
- int i;
- for (i=0; i < s->session->master_key_length; i++)
- {
- printf("%02X", s->session->master_key[i]);
- }
- printf("\n"); }
-#endif /* KSSL_DEBUG */
- }
-
-int tls1_change_cipher_state(SSL *s, int which)
- {
- static const unsigned char empty[]="";
- unsigned char *p,*mac_secret;
- unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
- SSL3_RANDOM_SIZE*2];
- unsigned char tmp1[EVP_MAX_KEY_LENGTH];
- unsigned char tmp2[EVP_MAX_KEY_LENGTH];
- unsigned char iv1[EVP_MAX_IV_LENGTH*2];
- unsigned char iv2[EVP_MAX_IV_LENGTH*2];
- unsigned char *ms,*key,*iv;
- int client_write;
- EVP_CIPHER_CTX *dd;
- const EVP_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
- const SSL_COMP *comp;
-#endif
- const EVP_MD *m;
- int is_export,n,i,j,k,exp_label_len,cl;
- int reuse_dd = 0;
-
- is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
- c=s->s3->tmp.new_sym_enc;
- m=s->s3->tmp.new_hash;
-#ifndef OPENSSL_NO_COMP
- comp=s->s3->tmp.new_compression;
-#endif
-
-#ifdef KSSL_DEBUG
- key_block=s->s3->tmp.key_block;
-
- printf("tls1_change_cipher_state(which= %d) w/\n", which);
- printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
- (void *)comp);
- printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c);
- printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
- c->nid,c->block_size,c->key_len,c->iv_len);
- printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
- {
- int ki;
- for (ki=0; ki<s->s3->tmp.key_block_length; ki++)
- printf("%02x", s->s3->tmp.key_block[ki]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- if (which & SSL3_CC_READ)
- {
- if (s->enc_read_ctx != NULL)
- reuse_dd = 1;
- else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
- goto err;
- else
- /* make sure it's intialized in case we exit later with an error */
- EVP_CIPHER_CTX_init(s->enc_read_ctx);
- dd= s->enc_read_ctx;
- s->read_hash=m;
-#ifndef OPENSSL_NO_COMP
- if (s->expand != NULL)
- {
- COMP_CTX_free(s->expand);
- s->expand=NULL;
- }
- if (comp != NULL)
- {
- s->expand=COMP_CTX_new(comp->method);
- if (s->expand == NULL)
- {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- if (s->s3->rrec.comp == NULL)
- s->s3->rrec.comp=(unsigned char *)
- OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
- if (s->s3->rrec.comp == NULL)
- goto err;
- }
-#endif
- /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
- if (s->version != DTLS1_VERSION)
- memset(&(s->s3->read_sequence[0]),0,8);
- mac_secret= &(s->s3->read_mac_secret[0]);
- }
- else
- {
- if (s->enc_write_ctx != NULL)
- reuse_dd = 1;
- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
- goto err;
- else
- /* make sure it's intialized in case we exit later with an error */
- EVP_CIPHER_CTX_init(s->enc_write_ctx);
- dd= s->enc_write_ctx;
- s->write_hash=m;
-#ifndef OPENSSL_NO_COMP
- if (s->compress != NULL)
- {
- COMP_CTX_free(s->compress);
- s->compress=NULL;
- }
- if (comp != NULL)
- {
- s->compress=COMP_CTX_new(comp->method);
- if (s->compress == NULL)
- {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- }
-#endif
- /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
- if (s->version != DTLS1_VERSION)
- memset(&(s->s3->write_sequence[0]),0,8);
- mac_secret= &(s->s3->write_mac_secret[0]);
- }
-
- if (reuse_dd)
- EVP_CIPHER_CTX_cleanup(dd);
-
- p=s->s3->tmp.key_block;
- i=EVP_MD_size(m);
- cl=EVP_CIPHER_key_length(c);
- j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
- /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
- k=EVP_CIPHER_iv_length(c);
- if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
- (which == SSL3_CHANGE_CIPHER_SERVER_READ))
- {
- ms= &(p[ 0]); n=i+i;
- key= &(p[ n]); n+=j+j;
- iv= &(p[ n]); n+=k+k;
- exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
- exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
- client_write=1;
- }
- else
- {
- n=i;
- ms= &(p[ n]); n+=i+j;
- key= &(p[ n]); n+=j+k;
- iv= &(p[ n]); n+=k;
- exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
- exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
- client_write=0;
- }
-
- if (n > s->s3->tmp.key_block_length)
- {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
- goto err2;
- }
-
- memcpy(mac_secret,ms,i);
-#ifdef TLS_DEBUG
-printf("which = %04X\nmac key=",which);
-{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
-#endif
- if (is_export)
- {
- /* In here I set both the read and write key/iv to the
- * same value since only the correct one will be used :-).
- */
- p=buf;
- memcpy(p,exp_label,exp_label_len);
- p+=exp_label_len;
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
- tmp1,tmp2,EVP_CIPHER_key_length(c));
- key=tmp1;
-
- if (k > 0)
- {
- p=buf;
- memcpy(p,TLS_MD_IV_BLOCK_CONST,
- TLS_MD_IV_BLOCK_CONST_SIZE);
- p+=TLS_MD_IV_BLOCK_CONST_SIZE;
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
- iv1,iv2,k*2);
- if (client_write)
- iv=iv1;
- else
- iv= &(iv1[k]);
- }
- }
-
- s->session->key_arg_length=0;
-#ifdef KSSL_DEBUG
- {
- int ki;
- printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
- printf("\tkey= ");
- for (ki=0; ki<c->key_len; ki++) printf("%02x", key[ki]);
- printf("\n");
- printf("\t iv= ");
- for (ki=0; ki<c->iv_len; ki++) printf("%02x", iv[ki]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
-#ifdef TLS_DEBUG
-printf("which = %04X\nkey=",which);
-{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
-printf("\niv=");
-{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
- OPENSSL_cleanse(tmp1,sizeof(tmp1));
- OPENSSL_cleanse(tmp2,sizeof(tmp1));
- OPENSSL_cleanse(iv1,sizeof(iv1));
- OPENSSL_cleanse(iv2,sizeof(iv2));
- return(1);
-err:
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
-err2:
- return(0);
- }
-
-int tls1_setup_key_block(SSL *s)
- {
- unsigned char *p1,*p2;
- const EVP_CIPHER *c;
- const EVP_MD *hash;
- int num;
- SSL_COMP *comp;
-
-#ifdef KSSL_DEBUG
- printf ("tls1_setup_key_block()\n");
-#endif /* KSSL_DEBUG */
-
- if (s->s3->tmp.key_block_length != 0)
- return(1);
-
- if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
- {
- SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
- return(0);
- }
-
- s->s3->tmp.new_sym_enc=c;
- s->s3->tmp.new_hash=hash;
-
- num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
- num*=2;
-
- ssl3_cleanup_key_block(s);
-
- if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
- goto err;
- if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
- goto err;
-
- s->s3->tmp.key_block_length=num;
- s->s3->tmp.key_block=p1;
-
-
-#ifdef TLS_DEBUG
-printf("client random\n");
-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
-printf("server random\n");
-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
-printf("pre-master\n");
-{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
-#endif
- tls1_generate_key_block(s,p1,p2,num);
- OPENSSL_cleanse(p2,num);
- OPENSSL_free(p2);
-#ifdef TLS_DEBUG
-printf("\nkey block\n");
-{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
-#endif
-
- if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
- {
- /* enable vulnerability countermeasure for CBC ciphers with
- * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
- */
- s->s3->need_empty_fragments = 1;
-
- if (s->session->cipher != NULL)
- {
- if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
- s->s3->need_empty_fragments = 0;
-
-#ifndef OPENSSL_NO_RC4
- if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
- s->s3->need_empty_fragments = 0;
-#endif
- }
- }
-
- return(1);
-err:
- SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
- *
- * Returns:
- * 0: (in non-constant time) if the record is publically invalid (i.e. too
- * short etc).
- * 1: if the record's padding is valid / the encryption was successful.
- * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- * an internal error occured.
- */
-int tls1_enc(SSL *s, int send)
- {
- SSL3_RECORD *rec;
- EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs,i,j,k,pad=0,ret,mac_size=0;
- const EVP_CIPHER *enc;
-
- if (send)
- {
- ds=s->enc_write_ctx;
- rec= &(s->s3->wrec);
- if (s->enc_write_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
- }
- else
- {
- ds=s->enc_read_ctx;
- rec= &(s->s3->rrec);
- if (s->enc_read_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
- }
-
-#ifdef KSSL_DEBUG
- printf("tls1_enc(%d)\n", send);
-#endif /* KSSL_DEBUG */
-
- if ((s->session == NULL) || (ds == NULL) || (enc == NULL))
- {
- memmove(rec->data,rec->input,rec->length);
- rec->input=rec->data;
- ret = 1;
- }
- else
- {
- l=rec->length;
- bs=EVP_CIPHER_block_size(ds->cipher);
-
- if ((bs != 1) && send)
- {
- i=bs-((int)l%bs);
-
- /* Add weird padding of upto 256 bytes */
-
- /* we need to add 'i' padding bytes of value j */
- j=i-1;
- if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
- {
- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
- j++;
- }
- for (k=(int)l; k<(int)(l+i); k++)
- rec->input[k]=j;
- l+=i;
- rec->length+=i;
- }
-
-#ifdef KSSL_DEBUG
- {
- unsigned long ui;
- printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
- ds,rec->data,rec->input,l);
- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
- ds->buf_len, ds->cipher->key_len,
- DES_KEY_SZ, DES_SCHEDULE_SZ,
- ds->cipher->iv_len);
- printf("\t\tIV: ");
- for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
- printf("\n");
- printf("\trec->input=");
- for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- if (!send)
- {
- if (l == 0 || l%bs != 0)
- return 0;
- }
-
- EVP_Cipher(ds,rec->data,rec->input,l);
-
-#ifdef KSSL_DEBUG
- {
- unsigned long ki;
- printf("\trec->data=");
- for (ki=0; ki<l; i++)
- printf(" %02x", rec->data[ki]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- ret = 1;
- if (s->read_hash != NULL)
- mac_size = EVP_MD_size(s->read_hash);
- if ((bs != 1) && !send)
- ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
- if (pad && !send)
- rec->length -= pad;
- }
- return ret;
- }
-
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
- {
- unsigned int ret;
- EVP_MD_CTX ctx;
-
- EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_copy_ex(&ctx,in_ctx);
- EVP_DigestFinal_ex(&ctx,out,&ret);
- EVP_MD_CTX_cleanup(&ctx);
- return((int)ret);
- }
-
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
- const char *str, int slen, unsigned char *out)
- {
- unsigned int i;
- EVP_MD_CTX ctx;
- unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- unsigned char *q,buf2[12];
-
- q=buf;
- memcpy(q,str,slen);
- q+=slen;
-
- EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
- EVP_DigestFinal_ex(&ctx,q,&i);
- q+=i;
- EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
- EVP_DigestFinal_ex(&ctx,q,&i);
- q+=i;
-
- tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
- s->session->master_key,s->session->master_key_length,
- out,buf2,sizeof buf2);
- EVP_MD_CTX_cleanup(&ctx);
-
- return sizeof buf2;
- }
-
-int tls1_mac(SSL *ssl, unsigned char *md, int send)
- {
- SSL3_RECORD *rec;
- unsigned char *mac_sec,*seq;
- const EVP_MD *hash;
- size_t md_size, orig_len;
- int i;
- HMAC_CTX hmac;
- unsigned char header[13];
-
- if (send)
- {
- rec= &(ssl->s3->wrec);
- mac_sec= &(ssl->s3->write_mac_secret[0]);
- seq= &(ssl->s3->write_sequence[0]);
- hash=ssl->write_hash;
- }
- else
- {
- rec= &(ssl->s3->rrec);
- mac_sec= &(ssl->s3->read_mac_secret[0]);
- seq= &(ssl->s3->read_sequence[0]);
- hash=ssl->read_hash;
- }
-
- md_size=EVP_MD_size(hash);
-
- /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
- HMAC_CTX_init(&hmac);
- HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
-
- if (ssl->version == DTLS1_BAD_VER ||
- (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))
- {
- unsigned char dtlsseq[8],*p=dtlsseq;
- s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
- memcpy (p,&seq[2],6);
-
- memcpy(header, dtlsseq, 8);
- }
- else
- memcpy(header, seq, 8);
-
- /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
- orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
- rec->type &= 0xff;
-
- header[8]=rec->type;
- header[9]=(unsigned char)(ssl->version>>8);
- header[10]=(unsigned char)(ssl->version);
- header[11]=(rec->length)>>8;
- header[12]=(rec->length)&0xff;
-
- if (!send &&
- EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
- ssl3_cbc_record_digest_supported(hash))
- {
- /* This is a CBC-encrypted record. We must avoid leaking any
- * timing-side channel information about how many blocks of
- * data we are hashing because that gives an attacker a
- * timing-oracle. */
- ssl3_cbc_digest_record(
- hash,
- md, &md_size,
- header, rec->input,
- rec->length + md_size, orig_len,
- ssl->s3->read_mac_secret,
- EVP_MD_size(ssl->read_hash),
- 0 /* not SSLv3 */);
- }
- else
- {
- unsigned mds;
-
- HMAC_Update(&hmac,header,sizeof(header));
- HMAC_Update(&hmac,rec->input,rec->length);
- HMAC_Final(&hmac,md,&mds);
- md_size = mds;
-#ifdef OPENSSL_FIPS
- if (!send && FIPS_mode())
- tls_fips_digest_extra(
- ssl->enc_read_ctx,
- hash,
- &hmac, rec->input,
- rec->length, orig_len);
-#endif
- }
-
- HMAC_CTX_cleanup(&hmac);
-#ifdef TLS_DEBUG
-printf("seq=");
-{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
-printf("rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",rec->data[z]); printf("\n"); }
-#endif
-
- if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)
- {
- for (i=7; i>=0; i--)
- {
- ++seq[i];
- if (seq[i] != 0) break;
- }
- }
-
-#ifdef TLS_DEBUG
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
-#endif
- return(md_size);
- }
-
-int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
- int len)
- {
- unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
- unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
-
-#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", (void *)s,out, p,len);
-#endif /* KSSL_DEBUG */
-
- /* Setup the stuff to munge */
- memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
- TLS_MD_MASTER_SECRET_CONST_SIZE);
- memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
- s->s3->client_random,SSL3_RANDOM_SIZE);
- memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
- s->s3->server_random,SSL3_RANDOM_SIZE);
- tls1_PRF(s->ctx->md5,s->ctx->sha1,
- buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
- s->session->master_key,buff,sizeof buff);
-#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret() complete\n");
-#endif /* KSSL_DEBUG */
- return(SSL3_MASTER_SECRET_SIZE);
- }
-
-int tls1_alert_code(int code)
- {
- switch (code)
- {
- case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
- case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
- case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
- case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED);
- case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW);
- case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
- case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_NO_CERTIFICATE: return(-1);
- case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
- case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
- case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
- case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
- case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
- case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
- case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA);
- case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED);
- case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR);
- case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR);
- case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
- case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION);
- case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
- case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
- case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
- case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
- case SSL_AD_UNSUPPORTED_EXTENSION: return(TLS1_AD_UNSUPPORTED_EXTENSION);
- case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(TLS1_AD_CERTIFICATE_UNOBTAINABLE);
- case SSL_AD_UNRECOGNIZED_NAME: return(TLS1_AD_UNRECOGNIZED_NAME);
- case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
- case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
- case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
- case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
-#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
- case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
- (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
- default: return(-1);
- }
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/t1_enc.c (from rev 6976, vendor-crypto/openssl/dist/ssl/t1_enc.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/t1_enc.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/t1_enc.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,935 @@
+/* ssl/t1_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/md5.h>
+#ifdef KSSL_DEBUG
+# include <openssl/des.h>
+#endif
+
+static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+ int sec_len, unsigned char *seed, int seed_len,
+ unsigned char *out, int olen)
+{
+ int chunk;
+ unsigned int j;
+ HMAC_CTX ctx;
+ HMAC_CTX ctx_tmp;
+ unsigned char A1[EVP_MAX_MD_SIZE];
+ unsigned int A1_len;
+
+ chunk = EVP_MD_size(md);
+
+ HMAC_CTX_init(&ctx);
+ HMAC_CTX_init(&ctx_tmp);
+ HMAC_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ HMAC_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+ HMAC_Init_ex(&ctx, sec, sec_len, md, NULL);
+ HMAC_Init_ex(&ctx_tmp, sec, sec_len, md, NULL);
+ HMAC_Update(&ctx, seed, seed_len);
+ HMAC_Final(&ctx, A1, &A1_len);
+
+ for (;;) {
+ HMAC_Init_ex(&ctx, NULL, 0, NULL, NULL); /* re-init */
+ HMAC_Init_ex(&ctx_tmp, NULL, 0, NULL, NULL); /* re-init */
+ HMAC_Update(&ctx, A1, A1_len);
+ HMAC_Update(&ctx_tmp, A1, A1_len);
+ HMAC_Update(&ctx, seed, seed_len);
+
+ if (olen > chunk) {
+ HMAC_Final(&ctx, out, &j);
+ out += j;
+ olen -= j;
+ /* calc the next A1 value */
+ HMAC_Final(&ctx_tmp, A1, &A1_len);
+ } else { /* last one */
+
+ HMAC_Final(&ctx, A1, &A1_len);
+ memcpy(out, A1, olen);
+ break;
+ }
+ }
+ HMAC_CTX_cleanup(&ctx);
+ HMAC_CTX_cleanup(&ctx_tmp);
+ OPENSSL_cleanse(A1, sizeof(A1));
+}
+
+static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+ unsigned char *label, int label_len,
+ const unsigned char *sec, int slen, unsigned char *out1,
+ unsigned char *out2, int olen)
+{
+ int len, i;
+ const unsigned char *S1, *S2;
+
+ len = slen / 2;
+ S1 = sec;
+ S2 = &(sec[len]);
+ len += (slen & 1); /* add for odd, make longer */
+
+ tls1_P_hash(md5, S1, len, label, label_len, out1, olen);
+ tls1_P_hash(sha1, S2, len, label, label_len, out2, olen);
+
+ for (i = 0; i < olen; i++)
+ out1[i] ^= out2[i];
+}
+
+static void tls1_generate_key_block(SSL *s, unsigned char *km,
+ unsigned char *tmp, int num)
+{
+ unsigned char *p;
+ unsigned char buf[SSL3_RANDOM_SIZE * 2 + TLS_MD_MAX_CONST_SIZE];
+ p = buf;
+
+ memcpy(p, TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE);
+ p += TLS_MD_KEY_EXPANSION_CONST_SIZE;
+ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+
+ tls1_PRF(s->ctx->md5, s->ctx->sha1, buf, (int)(p - buf),
+ s->session->master_key, s->session->master_key_length,
+ km, tmp, num);
+#ifdef KSSL_DEBUG
+ printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
+ s->session->master_key_length);
+ {
+ int i;
+ for (i = 0; i < s->session->master_key_length; i++) {
+ printf("%02X", s->session->master_key[i]);
+ }
+ printf("\n");
+ }
+#endif /* KSSL_DEBUG */
+}
+
+int tls1_change_cipher_state(SSL *s, int which)
+{
+ static const unsigned char empty[] = "";
+ unsigned char *p, *mac_secret;
+ unsigned char *exp_label, buf[TLS_MD_MAX_CONST_SIZE +
+ SSL3_RANDOM_SIZE * 2];
+ unsigned char tmp1[EVP_MAX_KEY_LENGTH];
+ unsigned char tmp2[EVP_MAX_KEY_LENGTH];
+ unsigned char iv1[EVP_MAX_IV_LENGTH * 2];
+ unsigned char iv2[EVP_MAX_IV_LENGTH * 2];
+ unsigned char *ms, *key, *iv;
+ int client_write;
+ EVP_CIPHER_CTX *dd;
+ const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
+ const SSL_COMP *comp;
+#endif
+ const EVP_MD *m;
+ int is_export, n, i, j, k, exp_label_len, cl;
+ int reuse_dd = 0;
+
+ is_export = SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+ c = s->s3->tmp.new_sym_enc;
+ m = s->s3->tmp.new_hash;
+#ifndef OPENSSL_NO_COMP
+ comp = s->s3->tmp.new_compression;
+#endif
+
+#ifdef KSSL_DEBUG
+ key_block = s->s3->tmp.key_block;
+
+ printf("tls1_change_cipher_state(which= %d) w/\n", which);
+ printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
+ (void *)comp);
+ printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", (void *)c);
+ printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
+ c->nid, c->block_size, c->key_len, c->iv_len);
+ printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
+ {
+ int ki;
+ for (ki = 0; ki < s->s3->tmp.key_block_length; ki++)
+ printf("%02x", s->s3->tmp.key_block[ki]);
+ printf("\n");
+ }
+#endif /* KSSL_DEBUG */
+
+ if (which & SSL3_CC_READ) {
+ if (s->enc_read_ctx != NULL)
+ reuse_dd = 1;
+ else if ((s->enc_read_ctx =
+ OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+ goto err;
+ else
+ /*
+ * make sure it's intialized in case we exit later with an error
+ */
+ EVP_CIPHER_CTX_init(s->enc_read_ctx);
+ dd = s->enc_read_ctx;
+ s->read_hash = m;
+#ifndef OPENSSL_NO_COMP
+ if (s->expand != NULL) {
+ COMP_CTX_free(s->expand);
+ s->expand = NULL;
+ }
+ if (comp != NULL) {
+ s->expand = COMP_CTX_new(comp->method);
+ if (s->expand == NULL) {
+ SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
+ SSL_R_COMPRESSION_LIBRARY_ERROR);
+ goto err2;
+ }
+ if (s->s3->rrec.comp == NULL)
+ s->s3->rrec.comp = (unsigned char *)
+ OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+ if (s->s3->rrec.comp == NULL)
+ goto err;
+ }
+#endif
+ /*
+ * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION
+ */
+ if (s->version != DTLS1_VERSION)
+ memset(&(s->s3->read_sequence[0]), 0, 8);
+ mac_secret = &(s->s3->read_mac_secret[0]);
+ } else {
+ if (s->enc_write_ctx != NULL)
+ reuse_dd = 1;
+ else if ((s->enc_write_ctx =
+ OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+ goto err;
+ else
+ /*
+ * make sure it's intialized in case we exit later with an error
+ */
+ EVP_CIPHER_CTX_init(s->enc_write_ctx);
+ dd = s->enc_write_ctx;
+ s->write_hash = m;
+#ifndef OPENSSL_NO_COMP
+ if (s->compress != NULL) {
+ COMP_CTX_free(s->compress);
+ s->compress = NULL;
+ }
+ if (comp != NULL) {
+ s->compress = COMP_CTX_new(comp->method);
+ if (s->compress == NULL) {
+ SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,
+ SSL_R_COMPRESSION_LIBRARY_ERROR);
+ goto err2;
+ }
+ }
+#endif
+ /*
+ * this is done by dtls1_reset_seq_numbers for DTLS1_VERSION
+ */
+ if (s->version != DTLS1_VERSION)
+ memset(&(s->s3->write_sequence[0]), 0, 8);
+ mac_secret = &(s->s3->write_mac_secret[0]);
+ }
+
+ if (reuse_dd)
+ EVP_CIPHER_CTX_cleanup(dd);
+
+ p = s->s3->tmp.key_block;
+ i = EVP_MD_size(m);
+ cl = EVP_CIPHER_key_length(c);
+ j = is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+ cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+ /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+ k = EVP_CIPHER_iv_length(c);
+ if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+ (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
+ ms = &(p[0]);
+ n = i + i;
+ key = &(p[n]);
+ n += j + j;
+ iv = &(p[n]);
+ n += k + k;
+ exp_label = (unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
+ exp_label_len = TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
+ client_write = 1;
+ } else {
+ n = i;
+ ms = &(p[n]);
+ n += i + j;
+ key = &(p[n]);
+ n += j + k;
+ iv = &(p[n]);
+ n += k;
+ exp_label = (unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
+ exp_label_len = TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
+ client_write = 0;
+ }
+
+ if (n > s->s3->tmp.key_block_length) {
+ SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+ goto err2;
+ }
+
+ memcpy(mac_secret, ms, i);
+#ifdef TLS_DEBUG
+ printf("which = %04X\nmac key=", which);
+ {
+ int z;
+ for (z = 0; z < i; z++)
+ printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n');
+ }
+#endif
+ if (is_export) {
+ /*
+ * In here I set both the read and write key/iv to the same value
+ * since only the correct one will be used :-).
+ */
+ p = buf;
+ memcpy(p, exp_label, exp_label_len);
+ p += exp_label_len;
+ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+ tls1_PRF(s->ctx->md5, s->ctx->sha1, buf, (int)(p - buf), key, j,
+ tmp1, tmp2, EVP_CIPHER_key_length(c));
+ key = tmp1;
+
+ if (k > 0) {
+ p = buf;
+ memcpy(p, TLS_MD_IV_BLOCK_CONST, TLS_MD_IV_BLOCK_CONST_SIZE);
+ p += TLS_MD_IV_BLOCK_CONST_SIZE;
+ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE;
+ tls1_PRF(s->ctx->md5, s->ctx->sha1, buf, p - buf, empty, 0,
+ iv1, iv2, k * 2);
+ if (client_write)
+ iv = iv1;
+ else
+ iv = &(iv1[k]);
+ }
+ }
+
+ s->session->key_arg_length = 0;
+#ifdef KSSL_DEBUG
+ {
+ int ki;
+ printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
+ printf("\tkey= ");
+ for (ki = 0; ki < c->key_len; ki++)
+ printf("%02x", key[ki]);
+ printf("\n");
+ printf("\t iv= ");
+ for (ki = 0; ki < c->iv_len; ki++)
+ printf("%02x", iv[ki]);
+ printf("\n");
+ }
+#endif /* KSSL_DEBUG */
+
+ EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE));
+#ifdef TLS_DEBUG
+ printf("which = %04X\nkey=", which);
+ {
+ int z;
+ for (z = 0; z < EVP_CIPHER_key_length(c); z++)
+ printf("%02X%c", key[z], ((z + 1) % 16) ? ' ' : '\n');
+ }
+ printf("\niv=");
+ {
+ int z;
+ for (z = 0; z < k; z++)
+ printf("%02X%c", iv[z], ((z + 1) % 16) ? ' ' : '\n');
+ }
+ printf("\n");
+#endif
+
+ OPENSSL_cleanse(tmp1, sizeof(tmp1));
+ OPENSSL_cleanse(tmp2, sizeof(tmp1));
+ OPENSSL_cleanse(iv1, sizeof(iv1));
+ OPENSSL_cleanse(iv2, sizeof(iv2));
+ return (1);
+ err:
+ SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+ err2:
+ return (0);
+}
+
+int tls1_setup_key_block(SSL *s)
+{
+ unsigned char *p1, *p2;
+ const EVP_CIPHER *c;
+ const EVP_MD *hash;
+ int num;
+ SSL_COMP *comp;
+
+#ifdef KSSL_DEBUG
+ printf("tls1_setup_key_block()\n");
+#endif /* KSSL_DEBUG */
+
+ if (s->s3->tmp.key_block_length != 0)
+ return (1);
+
+ if (!ssl_cipher_get_evp(s->session, &c, &hash, &comp)) {
+ SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+ return (0);
+ }
+
+ s->s3->tmp.new_sym_enc = c;
+ s->s3->tmp.new_hash = hash;
+
+ num =
+ EVP_CIPHER_key_length(c) + EVP_MD_size(hash) +
+ EVP_CIPHER_iv_length(c);
+ num *= 2;
+
+ ssl3_cleanup_key_block(s);
+
+ if ((p1 = (unsigned char *)OPENSSL_malloc(num)) == NULL)
+ goto err;
+ if ((p2 = (unsigned char *)OPENSSL_malloc(num)) == NULL)
+ goto err;
+
+ s->s3->tmp.key_block_length = num;
+ s->s3->tmp.key_block = p1;
+
+#ifdef TLS_DEBUG
+ printf("client random\n");
+ {
+ int z;
+ for (z = 0; z < SSL3_RANDOM_SIZE; z++)
+ printf("%02X%c", s->s3->client_random[z],
+ ((z + 1) % 16) ? ' ' : '\n');
+ }
+ printf("server random\n");
+ {
+ int z;
+ for (z = 0; z < SSL3_RANDOM_SIZE; z++)
+ printf("%02X%c", s->s3->server_random[z],
+ ((z + 1) % 16) ? ' ' : '\n');
+ }
+ printf("pre-master\n");
+ {
+ int z;
+ for (z = 0; z < s->session->master_key_length; z++)
+ printf("%02X%c", s->session->master_key[z],
+ ((z + 1) % 16) ? ' ' : '\n');
+ }
+#endif
+ tls1_generate_key_block(s, p1, p2, num);
+ OPENSSL_cleanse(p2, num);
+ OPENSSL_free(p2);
+#ifdef TLS_DEBUG
+ printf("\nkey block\n");
+ {
+ int z;
+ for (z = 0; z < num; z++)
+ printf("%02X%c", p1[z], ((z + 1) % 16) ? ' ' : '\n');
+ }
+#endif
+
+ if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) {
+ /*
+ * enable vulnerability countermeasure for CBC ciphers with known-IV
+ * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+ */
+ s->s3->need_empty_fragments = 1;
+
+ if (s->session->cipher != NULL) {
+ if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+ s->s3->need_empty_fragments = 0;
+
+#ifndef OPENSSL_NO_RC4
+ if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+ s->s3->need_empty_fragments = 0;
+#endif
+ }
+ }
+
+ return (1);
+ err:
+ SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK, ERR_R_MALLOC_FAILURE);
+ return (0);
+}
+
+/*-
+ * tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ * 0: (in non-constant time) if the record is publically invalid (i.e. too
+ * short etc).
+ * 1: if the record's padding is valid / the encryption was successful.
+ * -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ * an internal error occured.
+ */
+int tls1_enc(SSL *s, int send)
+{
+ SSL3_RECORD *rec;
+ EVP_CIPHER_CTX *ds;
+ unsigned long l;
+ int bs, i, j, k, pad = 0, ret, mac_size = 0;
+ const EVP_CIPHER *enc;
+
+ if (send) {
+ ds = s->enc_write_ctx;
+ rec = &(s->s3->wrec);
+ if (s->enc_write_ctx == NULL)
+ enc = NULL;
+ else
+ enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+ } else {
+ ds = s->enc_read_ctx;
+ rec = &(s->s3->rrec);
+ if (s->enc_read_ctx == NULL)
+ enc = NULL;
+ else
+ enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+ }
+
+#ifdef KSSL_DEBUG
+ printf("tls1_enc(%d)\n", send);
+#endif /* KSSL_DEBUG */
+
+ if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
+ memmove(rec->data, rec->input, rec->length);
+ rec->input = rec->data;
+ ret = 1;
+ } else {
+ l = rec->length;
+ bs = EVP_CIPHER_block_size(ds->cipher);
+
+ if ((bs != 1) && send) {
+ i = bs - ((int)l % bs);
+
+ /* Add weird padding of upto 256 bytes */
+
+ /* we need to add 'i' padding bytes of value j */
+ j = i - 1;
+ if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG) {
+ if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+ j++;
+ }
+ for (k = (int)l; k < (int)(l + i); k++)
+ rec->input[k] = j;
+ l += i;
+ rec->length += i;
+ }
+#ifdef KSSL_DEBUG
+ {
+ unsigned long ui;
+ printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+ ds, rec->data, rec->input, l);
+ printf
+ ("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+ ds->buf_len, ds->cipher->key_len, DES_KEY_SZ,
+ DES_SCHEDULE_SZ, ds->cipher->iv_len);
+ printf("\t\tIV: ");
+ for (i = 0; i < ds->cipher->iv_len; i++)
+ printf("%02X", ds->iv[i]);
+ printf("\n");
+ printf("\trec->input=");
+ for (ui = 0; ui < l; ui++)
+ printf(" %02x", rec->input[ui]);
+ printf("\n");
+ }
+#endif /* KSSL_DEBUG */
+
+ if (!send) {
+ if (l == 0 || l % bs != 0)
+ return 0;
+ }
+
+ EVP_Cipher(ds, rec->data, rec->input, l);
+
+#ifdef KSSL_DEBUG
+ {
+ unsigned long ki;
+ printf("\trec->data=");
+ for (ki = 0; ki < l; i++)
+ printf(" %02x", rec->data[ki]);
+ printf("\n");
+ }
+#endif /* KSSL_DEBUG */
+
+ ret = 1;
+ if (s->read_hash != NULL)
+ mac_size = EVP_MD_size(s->read_hash);
+ if ((bs != 1) && !send)
+ ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
+ if (pad && !send)
+ rec->length -= pad;
+ }
+ return ret;
+}
+
+int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
+{
+ unsigned int ret;
+ EVP_MD_CTX ctx;
+
+ EVP_MD_CTX_init(&ctx);
+ EVP_MD_CTX_copy_ex(&ctx, in_ctx);
+ EVP_DigestFinal_ex(&ctx, out, &ret);
+ EVP_MD_CTX_cleanup(&ctx);
+ return ((int)ret);
+}
+
+int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+ const char *str, int slen, unsigned char *out)
+{
+ unsigned int i;
+ EVP_MD_CTX ctx;
+ unsigned char buf[TLS_MD_MAX_CONST_SIZE + MD5_DIGEST_LENGTH +
+ SHA_DIGEST_LENGTH];
+ unsigned char *q, buf2[12];
+
+ q = buf;
+ memcpy(q, str, slen);
+ q += slen;
+
+ EVP_MD_CTX_init(&ctx);
+ EVP_MD_CTX_copy_ex(&ctx, in1_ctx);
+ EVP_DigestFinal_ex(&ctx, q, &i);
+ q += i;
+ EVP_MD_CTX_copy_ex(&ctx, in2_ctx);
+ EVP_DigestFinal_ex(&ctx, q, &i);
+ q += i;
+
+ tls1_PRF(s->ctx->md5, s->ctx->sha1, buf, (int)(q - buf),
+ s->session->master_key, s->session->master_key_length,
+ out, buf2, sizeof buf2);
+ EVP_MD_CTX_cleanup(&ctx);
+
+ OPENSSL_cleanse(buf, (int)(q - buf));
+ OPENSSL_cleanse(buf2, sizeof(buf2));
+ return sizeof buf2;
+}
+
+int tls1_mac(SSL *ssl, unsigned char *md, int send)
+{
+ SSL3_RECORD *rec;
+ unsigned char *mac_sec, *seq;
+ const EVP_MD *hash;
+ size_t md_size, orig_len;
+ int i;
+ HMAC_CTX hmac;
+ unsigned char header[13];
+
+ if (send) {
+ rec = &(ssl->s3->wrec);
+ mac_sec = &(ssl->s3->write_mac_secret[0]);
+ seq = &(ssl->s3->write_sequence[0]);
+ hash = ssl->write_hash;
+ } else {
+ rec = &(ssl->s3->rrec);
+ mac_sec = &(ssl->s3->read_mac_secret[0]);
+ seq = &(ssl->s3->read_sequence[0]);
+ hash = ssl->read_hash;
+ }
+
+ md_size = EVP_MD_size(hash);
+
+ /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+ HMAC_CTX_init(&hmac);
+ HMAC_Init_ex(&hmac, mac_sec, EVP_MD_size(hash), hash, NULL);
+
+ if (ssl->version == DTLS1_BAD_VER ||
+ (ssl->version == DTLS1_VERSION
+ && ssl->client_version != DTLS1_BAD_VER)) {
+ unsigned char dtlsseq[8], *p = dtlsseq;
+ s2n(send ? ssl->d1->w_epoch : ssl->d1->r_epoch, p);
+ memcpy(p, &seq[2], 6);
+
+ memcpy(header, dtlsseq, 8);
+ } else
+ memcpy(header, seq, 8);
+
+ /*
+ * kludge: tls1_cbc_remove_padding passes padding length in rec->type
+ */
+ orig_len = rec->length + md_size + ((unsigned int)rec->type >> 8);
+ rec->type &= 0xff;
+
+ header[8] = rec->type;
+ header[9] = (unsigned char)(ssl->version >> 8);
+ header[10] = (unsigned char)(ssl->version);
+ header[11] = (rec->length) >> 8;
+ header[12] = (rec->length) & 0xff;
+
+ if (!send &&
+ EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+ ssl3_cbc_record_digest_supported(hash)) {
+ /*
+ * This is a CBC-encrypted record. We must avoid leaking any
+ * timing-side channel information about how many blocks of data we
+ * are hashing because that gives an attacker a timing-oracle.
+ */
+ /* Final param == not SSLv3 */
+ ssl3_cbc_digest_record(hash,
+ md, &md_size,
+ header, rec->input,
+ rec->length + md_size, orig_len,
+ ssl->s3->read_mac_secret,
+ EVP_MD_size(ssl->read_hash),
+ /* not SSLv3 */
+ 0);
+ } else {
+ unsigned mds;
+
+ HMAC_Update(&hmac, header, sizeof(header));
+ HMAC_Update(&hmac, rec->input, rec->length);
+ HMAC_Final(&hmac, md, &mds);
+ md_size = mds;
+#ifdef OPENSSL_FIPS
+ if (!send && FIPS_mode())
+ tls_fips_digest_extra(ssl->enc_read_ctx,
+ hash,
+ &hmac, rec->input, rec->length, orig_len);
+#endif
+ }
+
+ HMAC_CTX_cleanup(&hmac);
+#ifdef TLS_DEBUG
+ printf("seq=");
+ {
+ int z;
+ for (z = 0; z < 8; z++)
+ printf("%02X ", seq[z]);
+ printf("\n");
+ }
+ printf("rec=");
+ {
+ unsigned int z;
+ for (z = 0; z < rec->length; z++)
+ printf("%02X ", rec->data[z]);
+ printf("\n");
+ }
+#endif
+
+ if (SSL_version(ssl) != DTLS1_VERSION
+ && SSL_version(ssl) != DTLS1_BAD_VER) {
+ for (i = 7; i >= 0; i--) {
+ ++seq[i];
+ if (seq[i] != 0)
+ break;
+ }
+ }
+#ifdef TLS_DEBUG
+ {
+ unsigned int z;
+ for (z = 0; z < md_size; z++)
+ printf("%02X ", md[z]);
+ printf("\n");
+ }
+#endif
+ return (md_size);
+}
+
+int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+ int len)
+{
+ unsigned char buf[SSL3_RANDOM_SIZE * 2 + TLS_MD_MASTER_SECRET_CONST_SIZE];
+ unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
+
+#ifdef KSSL_DEBUG
+ printf("tls1_generate_master_secret(%p,%p, %p, %d)\n", (void *)s, out, p,
+ len);
+#endif /* KSSL_DEBUG */
+
+ /* Setup the stuff to munge */
+ memcpy(buf, TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE);
+ memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
+ s->s3->client_random, SSL3_RANDOM_SIZE);
+ memcpy(&(buf[SSL3_RANDOM_SIZE + TLS_MD_MASTER_SECRET_CONST_SIZE]),
+ s->s3->server_random, SSL3_RANDOM_SIZE);
+ tls1_PRF(s->ctx->md5, s->ctx->sha1,
+ buf, TLS_MD_MASTER_SECRET_CONST_SIZE + SSL3_RANDOM_SIZE * 2, p,
+ len, s->session->master_key, buff, sizeof buff);
+ OPENSSL_cleanse(buf, sizeof buf);
+ OPENSSL_cleanse(buff, sizeof buff);
+#ifdef KSSL_DEBUG
+ printf("tls1_generate_master_secret() complete\n");
+#endif /* KSSL_DEBUG */
+ return (SSL3_MASTER_SECRET_SIZE);
+}
+
+int tls1_alert_code(int code)
+{
+ switch (code) {
+ case SSL_AD_CLOSE_NOTIFY:
+ return (SSL3_AD_CLOSE_NOTIFY);
+ case SSL_AD_UNEXPECTED_MESSAGE:
+ return (SSL3_AD_UNEXPECTED_MESSAGE);
+ case SSL_AD_BAD_RECORD_MAC:
+ return (SSL3_AD_BAD_RECORD_MAC);
+ case SSL_AD_DECRYPTION_FAILED:
+ return (TLS1_AD_DECRYPTION_FAILED);
+ case SSL_AD_RECORD_OVERFLOW:
+ return (TLS1_AD_RECORD_OVERFLOW);
+ case SSL_AD_DECOMPRESSION_FAILURE:
+ return (SSL3_AD_DECOMPRESSION_FAILURE);
+ case SSL_AD_HANDSHAKE_FAILURE:
+ return (SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_NO_CERTIFICATE:
+ return (-1);
+ case SSL_AD_BAD_CERTIFICATE:
+ return (SSL3_AD_BAD_CERTIFICATE);
+ case SSL_AD_UNSUPPORTED_CERTIFICATE:
+ return (SSL3_AD_UNSUPPORTED_CERTIFICATE);
+ case SSL_AD_CERTIFICATE_REVOKED:
+ return (SSL3_AD_CERTIFICATE_REVOKED);
+ case SSL_AD_CERTIFICATE_EXPIRED:
+ return (SSL3_AD_CERTIFICATE_EXPIRED);
+ case SSL_AD_CERTIFICATE_UNKNOWN:
+ return (SSL3_AD_CERTIFICATE_UNKNOWN);
+ case SSL_AD_ILLEGAL_PARAMETER:
+ return (SSL3_AD_ILLEGAL_PARAMETER);
+ case SSL_AD_UNKNOWN_CA:
+ return (TLS1_AD_UNKNOWN_CA);
+ case SSL_AD_ACCESS_DENIED:
+ return (TLS1_AD_ACCESS_DENIED);
+ case SSL_AD_DECODE_ERROR:
+ return (TLS1_AD_DECODE_ERROR);
+ case SSL_AD_DECRYPT_ERROR:
+ return (TLS1_AD_DECRYPT_ERROR);
+ case SSL_AD_EXPORT_RESTRICTION:
+ return (TLS1_AD_EXPORT_RESTRICTION);
+ case SSL_AD_PROTOCOL_VERSION:
+ return (TLS1_AD_PROTOCOL_VERSION);
+ case SSL_AD_INSUFFICIENT_SECURITY:
+ return (TLS1_AD_INSUFFICIENT_SECURITY);
+ case SSL_AD_INTERNAL_ERROR:
+ return (TLS1_AD_INTERNAL_ERROR);
+ case SSL_AD_USER_CANCELLED:
+ return (TLS1_AD_USER_CANCELLED);
+ case SSL_AD_NO_RENEGOTIATION:
+ return (TLS1_AD_NO_RENEGOTIATION);
+ case SSL_AD_UNSUPPORTED_EXTENSION:
+ return (TLS1_AD_UNSUPPORTED_EXTENSION);
+ case SSL_AD_CERTIFICATE_UNOBTAINABLE:
+ return (TLS1_AD_CERTIFICATE_UNOBTAINABLE);
+ case SSL_AD_UNRECOGNIZED_NAME:
+ return (TLS1_AD_UNRECOGNIZED_NAME);
+ case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+ return (TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE);
+ case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
+ return (TLS1_AD_BAD_CERTIFICATE_HASH_VALUE);
+ case SSL_AD_UNKNOWN_PSK_IDENTITY:
+ return (TLS1_AD_UNKNOWN_PSK_IDENTITY);
+ case SSL_AD_INAPPROPRIATE_FALLBACK:
+ return (TLS1_AD_INAPPROPRIATE_FALLBACK);
+#ifdef DTLS1_AD_MISSING_HANDSHAKE_MESSAGE
+ case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE:
+ return (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
+#endif
+ default:
+ return (-1);
+ }
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/t1_lib.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/t1_lib.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/t1_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1153 +0,0 @@
-/* ssl/t1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/ocsp.h>
-#include "ssl_locl.h"
-
-const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;
-
-#ifndef OPENSSL_NO_TLSEXT
-static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
- const unsigned char *sess_id, int sesslen,
- SSL_SESSION **psess);
-#endif
-
-SSL3_ENC_METHOD TLSv1_enc_data={
- tls1_enc,
- tls1_mac,
- tls1_setup_key_block,
- tls1_generate_master_secret,
- tls1_change_cipher_state,
- tls1_final_finish_mac,
- TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
- TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
- TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
- tls1_alert_code,
- };
-
-long tls1_default_timeout(void)
- {
- /* 2 hours, the 24 hours mentioned in the TLSv1 spec
- * is way too long for http, the cache would over fill */
- return(60*60*2);
- }
-
-IMPLEMENT_tls1_meth_func(tlsv1_base_method,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl_bad_method)
-
-int tls1_new(SSL *s)
- {
- if (!ssl3_new(s)) return(0);
- s->method->ssl_clear(s);
- return(1);
- }
-
-void tls1_free(SSL *s)
- {
- ssl3_free(s);
- }
-
-void tls1_clear(SSL *s)
- {
- ssl3_clear(s);
- s->version=TLS1_VERSION;
- }
-
-#if 0
-long tls1_ctrl(SSL *s, int cmd, long larg, char *parg)
- {
- return(0);
- }
-
-long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)())
- {
- return(0);
- }
-#endif
-
-#ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
- {
- int extdatalen=0;
- unsigned char *ret = p;
-
- /* don't add extensions for SSLv3 unless doing secure renegotiation */
- if (s->client_version == SSL3_VERSION
- && !s->s3->send_connection_binding)
- return p;
-
- ret+=2;
-
- if (ret>=limit) return NULL; /* this really never occurs, but ... */
-
- if (s->tlsext_hostname != NULL)
- {
- /* Add TLS extension servername to the Client Hello message */
- unsigned long size_str;
- long lenmax;
-
- /* check for enough space.
- 4 for the servername type and entension length
- 2 for servernamelist length
- 1 for the hostname type
- 2 for hostname length
- + hostname length
- */
-
- if ((lenmax = limit - ret - 9) < 0
- || (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
- return NULL;
-
- /* extension type and length */
- s2n(TLSEXT_TYPE_server_name,ret);
- s2n(size_str+5,ret);
-
- /* length of servername list */
- s2n(size_str+3,ret);
-
- /* hostname type, length and hostname */
- *(ret++) = (unsigned char) TLSEXT_NAMETYPE_host_name;
- s2n(size_str,ret);
- memcpy(ret, s->tlsext_hostname, size_str);
- ret+=size_str;
-
- }
-
- /* Add RI if renegotiating */
- if (s->new_session)
- {
- int el;
-
- if(!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0))
- {
- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
- return NULL;
- }
-
- if((limit - p - 4 - el) < 0) return NULL;
-
- s2n(TLSEXT_TYPE_renegotiate,ret);
- s2n(el,ret);
-
- if(!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el))
- {
- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
- return NULL;
- }
-
- ret += el;
- }
-
-
- if (!(SSL_get_options(s) & SSL_OP_NO_TICKET))
- {
- int ticklen;
- if (!s->new_session && s->session && s->session->tlsext_tick)
- ticklen = s->session->tlsext_ticklen;
- else
- ticklen = 0;
- /* Check for enough room 2 for extension type, 2 for len
- * rest for ticket
- */
- if (limit - ret - 4 - ticklen < 0)
- return NULL;
- s2n(TLSEXT_TYPE_session_ticket,ret);
- s2n(ticklen,ret);
- if (ticklen)
- {
- memcpy(ret, s->session->tlsext_tick, ticklen);
- ret += ticklen;
- }
- }
-
- if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
- s->version != DTLS1_VERSION)
- {
- int i;
- long extlen, idlen, itmp;
- OCSP_RESPID *id;
-
- idlen = 0;
- for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
- {
- id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
- itmp = i2d_OCSP_RESPID(id, NULL);
- if (itmp <= 0)
- return NULL;
- idlen += itmp + 2;
- }
-
- if (s->tlsext_ocsp_exts)
- {
- extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
- if (extlen < 0)
- return NULL;
- }
- else
- extlen = 0;
-
- if ((long)(limit - ret - 7 - extlen - idlen) < 0) return NULL;
- s2n(TLSEXT_TYPE_status_request, ret);
- if (extlen + idlen > 0xFFF0)
- return NULL;
- s2n(extlen + idlen + 5, ret);
- *(ret++) = TLSEXT_STATUSTYPE_ocsp;
- s2n(idlen, ret);
- for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++)
- {
- /* save position of id len */
- unsigned char *q = ret;
- id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
- /* skip over id len */
- ret += 2;
- itmp = i2d_OCSP_RESPID(id, &ret);
- /* write id len */
- s2n(itmp, q);
- }
- s2n(extlen, ret);
- if (extlen > 0)
- i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
- }
-
- if ((extdatalen = ret-p-2)== 0)
- return p;
-
- s2n(extdatalen,p);
- return ret;
- }
-
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
- {
- int extdatalen=0;
- unsigned char *ret = p;
-
- /* don't add extensions for SSLv3, unless doing secure renegotiation */
- if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
- return p;
-
- ret+=2;
- if (ret>=limit) return NULL; /* this really never occurs, but ... */
-
- if (!s->hit && s->servername_done == 1 && s->session->tlsext_hostname != NULL)
- {
- if (limit - ret - 4 < 0) return NULL;
-
- s2n(TLSEXT_TYPE_server_name,ret);
- s2n(0,ret);
- }
-
- if(s->s3->send_connection_binding)
- {
- int el;
-
- if(!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0))
- {
- SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
- return NULL;
- }
-
- if((limit - p - 4 - el) < 0) return NULL;
-
- s2n(TLSEXT_TYPE_renegotiate,ret);
- s2n(el,ret);
-
- if(!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el))
- {
- SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
- return NULL;
- }
-
- ret += el;
- }
-
- if (s->tlsext_ticket_expected
- && !(SSL_get_options(s) & SSL_OP_NO_TICKET))
- {
- if (limit - ret - 4 < 0) return NULL;
- s2n(TLSEXT_TYPE_session_ticket,ret);
- s2n(0,ret);
- }
-
- if (s->tlsext_status_expected)
- {
- if ((long)(limit - ret - 4) < 0) return NULL;
- s2n(TLSEXT_TYPE_status_request,ret);
- s2n(0,ret);
- }
-
- if ((extdatalen = ret-p-2)== 0)
- return p;
-
- s2n(extdatalen,p);
- return ret;
- }
-
-#ifndef OPENSSL_NO_EC
-/* ssl_check_for_safari attempts to fingerprint Safari using OS X
- * SecureTransport using the TLS extension block in |d|, of length |n|.
- * Safari, since 10.6, sends exactly these extensions, in this order:
- * SNI,
- * elliptic_curves
- * ec_point_formats
- *
- * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
- * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
- * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
- * 10.8..10.8.3 (which don't work).
- */
-static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) {
- unsigned short type, size;
- static const unsigned char kSafariExtensionsBlock[] = {
- 0x00, 0x0a, /* elliptic_curves extension */
- 0x00, 0x08, /* 8 bytes */
- 0x00, 0x06, /* 6 bytes of curve ids */
- 0x00, 0x17, /* P-256 */
- 0x00, 0x18, /* P-384 */
- 0x00, 0x19, /* P-521 */
-
- 0x00, 0x0b, /* ec_point_formats */
- 0x00, 0x02, /* 2 bytes */
- 0x01, /* 1 point format */
- 0x00, /* uncompressed */
- };
-
- /* The following is only present in TLS 1.2 */
- static const unsigned char kSafariTLS12ExtensionsBlock[] = {
- 0x00, 0x0d, /* signature_algorithms */
- 0x00, 0x0c, /* 12 bytes */
- 0x00, 0x0a, /* 10 bytes */
- 0x05, 0x01, /* SHA-384/RSA */
- 0x04, 0x01, /* SHA-256/RSA */
- 0x02, 0x01, /* SHA-1/RSA */
- 0x04, 0x03, /* SHA-256/ECDSA */
- 0x02, 0x03, /* SHA-1/ECDSA */
- };
-
- if (data >= (d+n-2))
- return;
- data += 2;
-
- if (data > (d+n-4))
- return;
- n2s(data,type);
- n2s(data,size);
-
- if (type != TLSEXT_TYPE_server_name)
- return;
-
- if (data+size > d+n)
- return;
- data += size;
-
- if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
- {
- const size_t len1 = sizeof(kSafariExtensionsBlock);
- const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
-
- if (data + len1 + len2 != d+n)
- return;
- if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
- return;
- if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
- return;
- }
- else
- {
- const size_t len = sizeof(kSafariExtensionsBlock);
-
- if (data + len != d+n)
- return;
- if (memcmp(data, kSafariExtensionsBlock, len) != 0)
- return;
- }
-
- s->s3->is_probably_safari = 1;
-}
-#endif /* !OPENSSL_NO_EC */
-
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
- {
- unsigned short type;
- unsigned short size;
- unsigned short len;
- unsigned char *data = *p;
- int renegotiate_seen = 0;
-
- s->servername_done = 0;
- s->tlsext_status_type = -1;
-
-#ifndef OPENSSL_NO_EC
- if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
- ssl_check_for_safari(s, data, d, n);
-#endif /* !OPENSSL_NO_EC */
-
- if (data >= (d+n-2))
- goto ri_check;
-
- n2s(data,len);
-
- if (data > (d+n-len))
- goto ri_check;
-
- while (data <= (d+n-4))
- {
- n2s(data,type);
- n2s(data,size);
-
- if (data+size > (d+n))
- goto ri_check;
-
- if (s->tlsext_debug_cb)
- s->tlsext_debug_cb(s, 0, type, data, size,
- s->tlsext_debug_arg);
-/* The servername extension is treated as follows:
-
- - Only the hostname type is supported with a maximum length of 255.
- - The servername is rejected if too long or if it contains zeros,
- in which case an fatal alert is generated.
- - The servername field is maintained together with the session cache.
- - When a session is resumed, the servername call back invoked in order
- to allow the application to position itself to the right context.
- - The servername is acknowledged if it is new for a session or when
- it is identical to a previously used for the same session.
- Applications can control the behaviour. They can at any time
- set a 'desirable' servername for a new SSL object. This can be the
- case for example with HTTPS when a Host: header field is received and
- a renegotiation is requested. In this case, a possible servername
- presented in the new client hello is only acknowledged if it matches
- the value of the Host: field.
- - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
- if they provide for changing an explicit servername context for the session,
- i.e. when the session has been established with a servername extension.
- - On session reconnect, the servername extension may be absent.
-
-*/
-
- if (type == TLSEXT_TYPE_server_name)
- {
- unsigned char *sdata;
- int servname_type;
- int dsize;
-
- if (size < 2)
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- n2s(data,dsize);
- size -= 2;
- if (dsize > size )
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
-
- sdata = data;
- while (dsize > 3)
- {
- servname_type = *(sdata++);
- n2s(sdata,len);
- dsize -= 3;
-
- if (len > dsize)
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- if (s->servername_done == 0)
- switch (servname_type)
- {
- case TLSEXT_NAMETYPE_host_name:
- if (!s->hit)
- {
- if(s->session->tlsext_hostname)
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- if (len > TLSEXT_MAXLEN_host_name)
- {
- *al = TLS1_AD_UNRECOGNIZED_NAME;
- return 0;
- }
- if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
- {
- *al = TLS1_AD_INTERNAL_ERROR;
- return 0;
- }
- memcpy(s->session->tlsext_hostname, sdata, len);
- s->session->tlsext_hostname[len]='\0';
- if (strlen(s->session->tlsext_hostname) != len) {
- OPENSSL_free(s->session->tlsext_hostname);
- s->session->tlsext_hostname = NULL;
- *al = TLS1_AD_UNRECOGNIZED_NAME;
- return 0;
- }
- s->servername_done = 1;
-
- }
- else
- s->servername_done = s->session->tlsext_hostname
- && strlen(s->session->tlsext_hostname) == len
- && strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
-
- break;
-
- default:
- break;
- }
-
- dsize -= len;
- }
- if (dsize != 0)
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
-
- }
- else if (type == TLSEXT_TYPE_renegotiate)
- {
- if(!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
- return 0;
- renegotiate_seen = 1;
- }
- else if (type == TLSEXT_TYPE_status_request &&
- s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
- {
-
- if (size < 5)
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
-
- s->tlsext_status_type = *data++;
- size--;
- if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp)
- {
- const unsigned char *sdata;
- int dsize;
- /* Read in responder_id_list */
- n2s(data,dsize);
- size -= 2;
- if (dsize > size )
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- while (dsize > 0)
- {
- OCSP_RESPID *id;
- int idsize;
- if (dsize < 4)
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- n2s(data, idsize);
- dsize -= 2 + idsize;
- size -= 2 + idsize;
- if (dsize < 0)
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- sdata = data;
- data += idsize;
- id = d2i_OCSP_RESPID(NULL,
- &sdata, idsize);
- if (!id)
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- if (data != sdata)
- {
- OCSP_RESPID_free(id);
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- if (!s->tlsext_ocsp_ids
- && !(s->tlsext_ocsp_ids =
- sk_OCSP_RESPID_new_null()))
- {
- OCSP_RESPID_free(id);
- *al = SSL_AD_INTERNAL_ERROR;
- return 0;
- }
- if (!sk_OCSP_RESPID_push(
- s->tlsext_ocsp_ids, id))
- {
- OCSP_RESPID_free(id);
- *al = SSL_AD_INTERNAL_ERROR;
- return 0;
- }
- }
-
- /* Read in request_extensions */
- if (size < 2)
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- n2s(data,dsize);
- size -= 2;
- if (dsize != size)
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- sdata = data;
- if (dsize > 0)
- {
- if (s->tlsext_ocsp_exts)
- {
- sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
- X509_EXTENSION_free);
- }
-
- s->tlsext_ocsp_exts =
- d2i_X509_EXTENSIONS(NULL,
- &sdata, dsize);
- if (!s->tlsext_ocsp_exts
- || (data + dsize != sdata))
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- }
- }
- /* We don't know what to do with any other type
- * so ignore it.
- */
- else
- s->tlsext_status_type = -1;
- }
-
- /* session ticket processed earlier */
-
- data+=size;
- }
- *p = data;
-
- ri_check:
-
- /* Need RI if renegotiating */
-
- if (!renegotiate_seen && s->new_session &&
- !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
- {
- *al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
- SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- return 0;
- }
-
- return 1;
- }
-
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
- {
- unsigned short length;
- unsigned short type;
- unsigned short size;
- unsigned char *data = *p;
- int tlsext_servername = 0;
- int renegotiate_seen = 0;
-
- if (data >= (d+n-2))
- goto ri_check;
-
- n2s(data,length);
- if (data+length != d+n)
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
-
- while(data <= (d+n-4))
- {
- n2s(data,type);
- n2s(data,size);
-
- if (data+size > (d+n))
- goto ri_check;
-
- if (s->tlsext_debug_cb)
- s->tlsext_debug_cb(s, 1, type, data, size,
- s->tlsext_debug_arg);
-
- if (type == TLSEXT_TYPE_server_name)
- {
- if (s->tlsext_hostname == NULL || size > 0)
- {
- *al = TLS1_AD_UNRECOGNIZED_NAME;
- return 0;
- }
- tlsext_servername = 1;
- }
- else if (type == TLSEXT_TYPE_session_ticket)
- {
- if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
- || (size > 0))
- {
- *al = TLS1_AD_UNSUPPORTED_EXTENSION;
- return 0;
- }
- s->tlsext_ticket_expected = 1;
- }
- else if (type == TLSEXT_TYPE_status_request &&
- s->version != DTLS1_VERSION)
- {
- /* MUST be empty and only sent if we've requested
- * a status request message.
- */
- if ((s->tlsext_status_type == -1) || (size > 0))
- {
- *al = TLS1_AD_UNSUPPORTED_EXTENSION;
- return 0;
- }
- /* Set flag to expect CertificateStatus message */
- s->tlsext_status_expected = 1;
- }
- else if (type == TLSEXT_TYPE_renegotiate)
- {
- if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
- return 0;
- renegotiate_seen = 1;
- }
- data+=size;
- }
-
- if (data != d+n)
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
-
- if (!s->hit && tlsext_servername == 1)
- {
- if (s->tlsext_hostname)
- {
- if (s->session->tlsext_hostname == NULL)
- {
- s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
- if (!s->session->tlsext_hostname)
- {
- *al = SSL_AD_UNRECOGNIZED_NAME;
- return 0;
- }
- }
- else
- {
- *al = SSL_AD_DECODE_ERROR;
- return 0;
- }
- }
- }
-
- *p = data;
-
- ri_check:
-
- /* Determine if we need to see RI. Strictly speaking if we want to
- * avoid an attack we should *always* see RI even on initial server
- * hello because the client doesn't see any renegotiation during an
- * attack. However this would mean we could not connect to any server
- * which doesn't support RI so for the immediate future tolerate RI
- * absence on initial connect only.
- */
- if (!renegotiate_seen
- && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
- && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
- {
- *al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
- SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
- return 0;
- }
-
- return 1;
- }
-
-int ssl_check_clienthello_tlsext_early(SSL *s)
- {
- int ret=SSL_TLSEXT_ERR_NOACK;
- int al = SSL_AD_UNRECOGNIZED_NAME;
-
- if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
- ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
- else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
- ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
-
- switch (ret)
- {
- case SSL_TLSEXT_ERR_ALERT_FATAL:
- ssl3_send_alert(s, SSL3_AL_FATAL, al);
- return -1;
-
- case SSL_TLSEXT_ERR_ALERT_WARNING:
- ssl3_send_alert(s, SSL3_AL_WARNING, al);
- return 1;
-
- case SSL_TLSEXT_ERR_NOACK:
- s->servername_done = 0;
-
- default:
- return 1;
- }
- }
-
-int ssl_check_clienthello_tlsext_late(SSL *s)
- {
- int ret = SSL_TLSEXT_ERR_OK;
- int al;
-
- /* If status request then ask callback what to do.
- * Note: this must be called after servername callbacks in case
- * the certificate has changed, and must be called after the cipher
- * has been chosen because this may influence which certificate is sent
- */
- if (s->tlsext_status_type != -1 && s->ctx && s->ctx->tlsext_status_cb)
- {
- int r;
- CERT_PKEY *certpkey;
- certpkey = ssl_get_server_send_pkey(s);
- /* If no certificate can't return certificate status */
- if (certpkey == NULL)
- {
- s->tlsext_status_expected = 0;
- return 1;
- }
- /* Set current certificate to one we will use so
- * SSL_get_certificate et al can pick it up.
- */
- s->cert->key = certpkey;
- r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
- switch (r)
- {
- /* We don't want to send a status request response */
- case SSL_TLSEXT_ERR_NOACK:
- s->tlsext_status_expected = 0;
- break;
- /* status request response should be sent */
- case SSL_TLSEXT_ERR_OK:
- if (s->tlsext_ocsp_resp)
- s->tlsext_status_expected = 1;
- else
- s->tlsext_status_expected = 0;
- break;
- /* something bad happened */
- case SSL_TLSEXT_ERR_ALERT_FATAL:
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- al = SSL_AD_INTERNAL_ERROR;
- goto err;
- }
- }
- else
- s->tlsext_status_expected = 0;
-
- err:
- switch (ret)
- {
- case SSL_TLSEXT_ERR_ALERT_FATAL:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- return -1;
-
- case SSL_TLSEXT_ERR_ALERT_WARNING:
- ssl3_send_alert(s,SSL3_AL_WARNING,al);
- return 1;
-
- default:
- return 1;
- }
- }
-
-int ssl_check_serverhello_tlsext(SSL *s)
- {
- int ret=SSL_TLSEXT_ERR_NOACK;
- int al = SSL_AD_UNRECOGNIZED_NAME;
-
- if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
- ret = s->ctx->tlsext_servername_callback(s, &al, s->ctx->tlsext_servername_arg);
- else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
- ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
-
- /* If we've requested certificate status and we wont get one
- * tell the callback
- */
- if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
- && s->ctx->tlsext_status_cb)
- {
- int r;
- /* Set resp to NULL, resplen to -1 so callback knows
- * there is no response.
- */
- if (s->tlsext_ocsp_resp)
- {
- OPENSSL_free(s->tlsext_ocsp_resp);
- s->tlsext_ocsp_resp = NULL;
- }
- s->tlsext_ocsp_resplen = -1;
- r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
- if (r == 0)
- {
- al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- }
- if (r < 0)
- {
- al = SSL_AD_INTERNAL_ERROR;
- ret = SSL_TLSEXT_ERR_ALERT_FATAL;
- }
- }
-
- switch (ret)
- {
- case SSL_TLSEXT_ERR_ALERT_FATAL:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- return -1;
-
- case SSL_TLSEXT_ERR_ALERT_WARNING:
- ssl3_send_alert(s,SSL3_AL_WARNING,al);
- return 1;
-
- case SSL_TLSEXT_ERR_NOACK:
- s->servername_done=0;
- default:
- return 1;
- }
- }
-
-/* Since the server cache lookup is done early on in the processing of client
- * hello and other operations depend on the result we need to handle any TLS
- * session ticket extension at the same time.
- */
-
-int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
- const unsigned char *limit, SSL_SESSION **ret)
- {
- /* Point after session ID in client hello */
- const unsigned char *p = session_id + len;
- unsigned short i;
-
- /* If tickets disabled behave as if no ticket present
- * to permit stateful resumption.
- */
- if (SSL_get_options(s) & SSL_OP_NO_TICKET)
- return 1;
-
- if ((s->version <= SSL3_VERSION) || !limit)
- return 1;
- if (p >= limit)
- return -1;
- /* Skip past DTLS cookie */
- if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
- {
- i = *(p++);
- p+= i;
- if (p >= limit)
- return -1;
- }
- /* Skip past cipher list */
- n2s(p, i);
- p+= i;
- if (p >= limit)
- return -1;
- /* Skip past compression algorithm list */
- i = *(p++);
- p += i;
- if (p > limit)
- return -1;
- /* Now at start of extensions */
- if ((p + 2) >= limit)
- return 1;
- n2s(p, i);
- while ((p + 4) <= limit)
- {
- unsigned short type, size;
- n2s(p, type);
- n2s(p, size);
- if (p + size > limit)
- return 1;
- if (type == TLSEXT_TYPE_session_ticket)
- {
- /* If zero length note client will accept a ticket
- * and indicate cache miss to trigger full handshake
- */
- if (size == 0)
- {
- s->tlsext_ticket_expected = 1;
- return 0; /* Cache miss */
- }
- return tls_decrypt_ticket(s, p, size, session_id, len,
- ret);
- }
- p += size;
- }
- return 1;
- }
-
-static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
- const unsigned char *sess_id, int sesslen,
- SSL_SESSION **psess)
- {
- SSL_SESSION *sess;
- unsigned char *sdec;
- const unsigned char *p;
- int slen, mlen, renew_ticket = 0;
- unsigned char tick_hmac[EVP_MAX_MD_SIZE];
- HMAC_CTX hctx;
- EVP_CIPHER_CTX ctx;
- SSL_CTX *tctx = s->initial_ctx;
- /* Need at least keyname + iv + some encrypted data */
- if (eticklen < 48)
- goto tickerr;
- /* Initialize session ticket encryption and HMAC contexts */
- HMAC_CTX_init(&hctx);
- EVP_CIPHER_CTX_init(&ctx);
- if (tctx->tlsext_ticket_key_cb)
- {
- unsigned char *nctick = (unsigned char *)etick;
- int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
- &ctx, &hctx, 0);
- if (rv < 0)
- return -1;
- if (rv == 0)
- goto tickerr;
- if (rv == 2)
- renew_ticket = 1;
- }
- else
- {
- /* Check key name matches */
- if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
- goto tickerr;
- HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
- tlsext_tick_md(), NULL);
- EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
- tctx->tlsext_tick_aes_key, etick + 16);
- }
- /* Attempt to process session ticket, first conduct sanity and
- * integrity checks on ticket.
- */
- mlen = HMAC_size(&hctx);
- eticklen -= mlen;
- /* Check HMAC of encrypted ticket */
- HMAC_Update(&hctx, etick, eticklen);
- HMAC_Final(&hctx, tick_hmac, NULL);
- HMAC_CTX_cleanup(&hctx);
- if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
- {
- EVP_CIPHER_CTX_cleanup(&ctx);
- goto tickerr;
- }
- /* Attempt to decrypt session data */
- /* Move p after IV to start of encrypted ticket, update length */
- p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
- eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
- sdec = OPENSSL_malloc(eticklen);
- if (!sdec)
- {
- EVP_CIPHER_CTX_cleanup(&ctx);
- return -1;
- }
- EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
- if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
- {
- EVP_CIPHER_CTX_cleanup(&ctx);
- OPENSSL_free(sdec);
- goto tickerr;
- }
- slen += mlen;
- EVP_CIPHER_CTX_cleanup(&ctx);
- p = sdec;
-
- sess = d2i_SSL_SESSION(NULL, &p, slen);
- OPENSSL_free(sdec);
- if (sess)
- {
- /* The session ID if non-empty is used by some clients to
- * detect that the ticket has been accepted. So we copy it to
- * the session structure. If it is empty set length to zero
- * as required by standard.
- */
- if (sesslen)
- memcpy(sess->session_id, sess_id, sesslen);
- sess->session_id_length = sesslen;
- *psess = sess;
- s->tlsext_ticket_expected = renew_ticket;
- return 1;
- }
- /* If session decrypt failure indicate a cache miss and set state to
- * send a new ticket
- */
- tickerr:
- s->tlsext_ticket_expected = 1;
- return 0;
- }
-
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/t1_lib.c (from rev 6976, vendor-crypto/openssl/dist/ssl/t1_lib.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/t1_lib.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/t1_lib.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1098 @@
+/* ssl/t1_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/ocsp.h>
+#include "ssl_locl.h"
+
+const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT;
+
+#ifndef OPENSSL_NO_TLSEXT
+static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen,
+ const unsigned char *sess_id, int sesslen,
+ SSL_SESSION **psess);
+#endif
+
+SSL3_ENC_METHOD TLSv1_enc_data = {
+ tls1_enc,
+ tls1_mac,
+ tls1_setup_key_block,
+ tls1_generate_master_secret,
+ tls1_change_cipher_state,
+ tls1_final_finish_mac,
+ TLS1_FINISH_MAC_LENGTH,
+ tls1_cert_verify_mac,
+ TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+ TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+ tls1_alert_code,
+};
+
+long tls1_default_timeout(void)
+{
+ /*
+ * 2 hours, the 24 hours mentioned in the TLSv1 spec is way too long for
+ * http, the cache would over fill
+ */
+ return (60 * 60 * 2);
+}
+
+IMPLEMENT_tls1_meth_func(tlsv1_base_method,
+ ssl_undefined_function,
+ ssl_undefined_function, ssl_bad_method)
+
+int tls1_new(SSL *s)
+{
+ if (!ssl3_new(s))
+ return (0);
+ s->method->ssl_clear(s);
+ return (1);
+}
+
+void tls1_free(SSL *s)
+{
+ ssl3_free(s);
+}
+
+void tls1_clear(SSL *s)
+{
+ ssl3_clear(s);
+ s->version = TLS1_VERSION;
+}
+
+#if 0
+long tls1_ctrl(SSL *s, int cmd, long larg, char *parg)
+{
+ return (0);
+}
+
+long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp) ())
+{
+ return (0);
+}
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
+ unsigned char *limit)
+{
+ int extdatalen = 0;
+ unsigned char *ret = p;
+
+ /* don't add extensions for SSLv3 unless doing secure renegotiation */
+ if (s->client_version == SSL3_VERSION && !s->s3->send_connection_binding)
+ return p;
+
+ ret += 2;
+
+ if (ret >= limit)
+ return NULL; /* this really never occurs, but ... */
+
+ if (s->tlsext_hostname != NULL) {
+ /* Add TLS extension servername to the Client Hello message */
+ unsigned long size_str;
+ long lenmax;
+
+ /*-
+ * check for enough space.
+ * 4 for the servername type and entension length
+ * 2 for servernamelist length
+ * 1 for the hostname type
+ * 2 for hostname length
+ * + hostname length
+ */
+
+ if ((lenmax = limit - ret - 9) < 0
+ || (size_str =
+ strlen(s->tlsext_hostname)) > (unsigned long)lenmax)
+ return NULL;
+
+ /* extension type and length */
+ s2n(TLSEXT_TYPE_server_name, ret);
+ s2n(size_str + 5, ret);
+
+ /* length of servername list */
+ s2n(size_str + 3, ret);
+
+ /* hostname type, length and hostname */
+ *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name;
+ s2n(size_str, ret);
+ memcpy(ret, s->tlsext_hostname, size_str);
+ ret += size_str;
+
+ }
+
+ /* Add RI if renegotiating */
+ if (s->new_session) {
+ int el;
+
+ if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) {
+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
+
+ if ((limit - p - 4 - el) < 0)
+ return NULL;
+
+ s2n(TLSEXT_TYPE_renegotiate, ret);
+ s2n(el, ret);
+
+ if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) {
+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
+
+ ret += el;
+ }
+
+ if (!(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
+ int ticklen;
+ if (!s->new_session && s->session && s->session->tlsext_tick)
+ ticklen = s->session->tlsext_ticklen;
+ else
+ ticklen = 0;
+ /*
+ * Check for enough room 2 for extension type, 2 for len rest for
+ * ticket
+ */
+ if (limit - ret - 4 - ticklen < 0)
+ return NULL;
+ s2n(TLSEXT_TYPE_session_ticket, ret);
+ s2n(ticklen, ret);
+ if (ticklen) {
+ memcpy(ret, s->session->tlsext_tick, ticklen);
+ ret += ticklen;
+ }
+ }
+
+ if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
+ s->version != DTLS1_VERSION) {
+ int i;
+ long extlen, idlen, itmp;
+ OCSP_RESPID *id;
+
+ idlen = 0;
+ for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
+ id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
+ itmp = i2d_OCSP_RESPID(id, NULL);
+ if (itmp <= 0)
+ return NULL;
+ idlen += itmp + 2;
+ }
+
+ if (s->tlsext_ocsp_exts) {
+ extlen = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, NULL);
+ if (extlen < 0)
+ return NULL;
+ } else
+ extlen = 0;
+
+ if ((long)(limit - ret - 7 - extlen - idlen) < 0)
+ return NULL;
+ s2n(TLSEXT_TYPE_status_request, ret);
+ if (extlen + idlen > 0xFFF0)
+ return NULL;
+ s2n(extlen + idlen + 5, ret);
+ *(ret++) = TLSEXT_STATUSTYPE_ocsp;
+ s2n(idlen, ret);
+ for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
+ /* save position of id len */
+ unsigned char *q = ret;
+ id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids, i);
+ /* skip over id len */
+ ret += 2;
+ itmp = i2d_OCSP_RESPID(id, &ret);
+ /* write id len */
+ s2n(itmp, q);
+ }
+ s2n(extlen, ret);
+ if (extlen > 0)
+ i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
+ }
+
+ if ((extdatalen = ret - p - 2) == 0)
+ return p;
+
+ s2n(extdatalen, p);
+ return ret;
+}
+
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p,
+ unsigned char *limit)
+{
+ int extdatalen = 0;
+ unsigned char *ret = p;
+
+ /*
+ * don't add extensions for SSLv3, unless doing secure renegotiation
+ */
+ if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
+ return p;
+
+ ret += 2;
+ if (ret >= limit)
+ return NULL; /* this really never occurs, but ... */
+
+ if (!s->hit && s->servername_done == 1
+ && s->session->tlsext_hostname != NULL) {
+ if (limit - ret - 4 < 0)
+ return NULL;
+
+ s2n(TLSEXT_TYPE_server_name, ret);
+ s2n(0, ret);
+ }
+
+ if (s->s3->send_connection_binding) {
+ int el;
+
+ if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) {
+ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
+
+ if ((limit - p - 4 - el) < 0)
+ return NULL;
+
+ s2n(TLSEXT_TYPE_renegotiate, ret);
+ s2n(el, ret);
+
+ if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) {
+ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+ return NULL;
+ }
+
+ ret += el;
+ }
+
+ if (s->tlsext_ticket_expected && !(SSL_get_options(s) & SSL_OP_NO_TICKET)) {
+ if (limit - ret - 4 < 0)
+ return NULL;
+ s2n(TLSEXT_TYPE_session_ticket, ret);
+ s2n(0, ret);
+ }
+
+ if (s->tlsext_status_expected) {
+ if ((long)(limit - ret - 4) < 0)
+ return NULL;
+ s2n(TLSEXT_TYPE_status_request, ret);
+ s2n(0, ret);
+ }
+
+ if ((extdatalen = ret - p - 2) == 0)
+ return p;
+
+ s2n(extdatalen, p);
+ return ret;
+}
+
+# ifndef OPENSSL_NO_EC
+/*-
+ * ssl_check_for_safari attempts to fingerprint Safari using OS X
+ * SecureTransport using the TLS extension block in |d|, of length |n|.
+ * Safari, since 10.6, sends exactly these extensions, in this order:
+ * SNI,
+ * elliptic_curves
+ * ec_point_formats
+ *
+ * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
+ * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
+ * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
+ * 10.8..10.8.3 (which don't work).
+ */
+static void ssl_check_for_safari(SSL *s, const unsigned char *data,
+ const unsigned char *d, int n)
+{
+ unsigned short type, size;
+ static const unsigned char kSafariExtensionsBlock[] = {
+ 0x00, 0x0a, /* elliptic_curves extension */
+ 0x00, 0x08, /* 8 bytes */
+ 0x00, 0x06, /* 6 bytes of curve ids */
+ 0x00, 0x17, /* P-256 */
+ 0x00, 0x18, /* P-384 */
+ 0x00, 0x19, /* P-521 */
+
+ 0x00, 0x0b, /* ec_point_formats */
+ 0x00, 0x02, /* 2 bytes */
+ 0x01, /* 1 point format */
+ 0x00, /* uncompressed */
+ };
+
+ /* The following is only present in TLS 1.2 */
+ static const unsigned char kSafariTLS12ExtensionsBlock[] = {
+ 0x00, 0x0d, /* signature_algorithms */
+ 0x00, 0x0c, /* 12 bytes */
+ 0x00, 0x0a, /* 10 bytes */
+ 0x05, 0x01, /* SHA-384/RSA */
+ 0x04, 0x01, /* SHA-256/RSA */
+ 0x02, 0x01, /* SHA-1/RSA */
+ 0x04, 0x03, /* SHA-256/ECDSA */
+ 0x02, 0x03, /* SHA-1/ECDSA */
+ };
+
+ if (data >= (d + n - 2))
+ return;
+ data += 2;
+
+ if (data > (d + n - 4))
+ return;
+ n2s(data, type);
+ n2s(data, size);
+
+ if (type != TLSEXT_TYPE_server_name)
+ return;
+
+ if (data + size > d + n)
+ return;
+ data += size;
+
+ if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
+ const size_t len1 = sizeof(kSafariExtensionsBlock);
+ const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
+
+ if (data + len1 + len2 != d + n)
+ return;
+ if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
+ return;
+ if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
+ return;
+ } else {
+ const size_t len = sizeof(kSafariExtensionsBlock);
+
+ if (data + len != d + n)
+ return;
+ if (memcmp(data, kSafariExtensionsBlock, len) != 0)
+ return;
+ }
+
+ s->s3->is_probably_safari = 1;
+}
+# endif /* !OPENSSL_NO_EC */
+
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
+ int n, int *al)
+{
+ unsigned short type;
+ unsigned short size;
+ unsigned short len;
+ unsigned char *data = *p;
+ int renegotiate_seen = 0;
+
+ s->servername_done = 0;
+ s->tlsext_status_type = -1;
+
+# ifndef OPENSSL_NO_EC
+ if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+ ssl_check_for_safari(s, data, d, n);
+# endif /* !OPENSSL_NO_EC */
+
+ if (data >= (d + n - 2))
+ goto ri_check;
+
+ n2s(data, len);
+
+ if (data > (d + n - len))
+ goto ri_check;
+
+ while (data <= (d + n - 4)) {
+ n2s(data, type);
+ n2s(data, size);
+
+ if (data + size > (d + n))
+ goto ri_check;
+
+ if (s->tlsext_debug_cb)
+ s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg);
+/*-
+ * The servername extension is treated as follows:
+ *
+ * - Only the hostname type is supported with a maximum length of 255.
+ * - The servername is rejected if too long or if it contains zeros,
+ * in which case an fatal alert is generated.
+ * - The servername field is maintained together with the session cache.
+ * - When a session is resumed, the servername call back invoked in order
+ * to allow the application to position itself to the right context.
+ * - The servername is acknowledged if it is new for a session or when
+ * it is identical to a previously used for the same session.
+ * Applications can control the behaviour. They can at any time
+ * set a 'desirable' servername for a new SSL object. This can be the
+ * case for example with HTTPS when a Host: header field is received and
+ * a renegotiation is requested. In this case, a possible servername
+ * presented in the new client hello is only acknowledged if it matches
+ * the value of the Host: field.
+ * - Applications must use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ * if they provide for changing an explicit servername context for the
+ * session, i.e. when the session has been established with a servername
+ * extension.
+ * - On session reconnect, the servername extension may be absent.
+ *
+ */
+
+ if (type == TLSEXT_TYPE_server_name) {
+ unsigned char *sdata;
+ int servname_type;
+ int dsize;
+
+ if (size < 2) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ n2s(data, dsize);
+ size -= 2;
+ if (dsize > size) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ sdata = data;
+ while (dsize > 3) {
+ servname_type = *(sdata++);
+ n2s(sdata, len);
+ dsize -= 3;
+
+ if (len > dsize) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ if (s->servername_done == 0)
+ switch (servname_type) {
+ case TLSEXT_NAMETYPE_host_name:
+ if (!s->hit) {
+ if (s->session->tlsext_hostname) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ if (len > TLSEXT_MAXLEN_host_name) {
+ *al = TLS1_AD_UNRECOGNIZED_NAME;
+ return 0;
+ }
+ if ((s->session->tlsext_hostname =
+ OPENSSL_malloc(len + 1)) == NULL) {
+ *al = TLS1_AD_INTERNAL_ERROR;
+ return 0;
+ }
+ memcpy(s->session->tlsext_hostname, sdata, len);
+ s->session->tlsext_hostname[len] = '\0';
+ if (strlen(s->session->tlsext_hostname) != len) {
+ OPENSSL_free(s->session->tlsext_hostname);
+ s->session->tlsext_hostname = NULL;
+ *al = TLS1_AD_UNRECOGNIZED_NAME;
+ return 0;
+ }
+ s->servername_done = 1;
+
+ } else
+ s->servername_done = s->session->tlsext_hostname
+ && strlen(s->session->tlsext_hostname) == len
+ && strncmp(s->session->tlsext_hostname,
+ (char *)sdata, len) == 0;
+
+ break;
+
+ default:
+ break;
+ }
+
+ dsize -= len;
+ }
+ if (dsize != 0) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ } else if (type == TLSEXT_TYPE_renegotiate) {
+ if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al))
+ return 0;
+ renegotiate_seen = 1;
+ } else if (type == TLSEXT_TYPE_status_request &&
+ s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb) {
+
+ if (size < 5) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ s->tlsext_status_type = *data++;
+ size--;
+ if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) {
+ const unsigned char *sdata;
+ int dsize;
+ /* Read in responder_id_list */
+ n2s(data, dsize);
+ size -= 2;
+ if (dsize > size) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ while (dsize > 0) {
+ OCSP_RESPID *id;
+ int idsize;
+ if (dsize < 4) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ n2s(data, idsize);
+ dsize -= 2 + idsize;
+ size -= 2 + idsize;
+ if (dsize < 0) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ sdata = data;
+ data += idsize;
+ id = d2i_OCSP_RESPID(NULL, &sdata, idsize);
+ if (!id) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ if (data != sdata) {
+ OCSP_RESPID_free(id);
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ if (!s->tlsext_ocsp_ids
+ && !(s->tlsext_ocsp_ids =
+ sk_OCSP_RESPID_new_null())) {
+ OCSP_RESPID_free(id);
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
+ if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
+ OCSP_RESPID_free(id);
+ *al = SSL_AD_INTERNAL_ERROR;
+ return 0;
+ }
+ }
+
+ /* Read in request_extensions */
+ if (size < 2) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ n2s(data, dsize);
+ size -= 2;
+ if (dsize != size) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ sdata = data;
+ if (dsize > 0) {
+ if (s->tlsext_ocsp_exts) {
+ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
+ X509_EXTENSION_free);
+ }
+
+ s->tlsext_ocsp_exts =
+ d2i_X509_EXTENSIONS(NULL, &sdata, dsize);
+ if (!s->tlsext_ocsp_exts || (data + dsize != sdata)) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ }
+ }
+ /*
+ * We don't know what to do with any other type * so ignore it.
+ */
+ else
+ s->tlsext_status_type = -1;
+ }
+
+ /* session ticket processed earlier */
+
+ data += size;
+ }
+ *p = data;
+
+ ri_check:
+
+ /* Need RI if renegotiating */
+
+ if (!renegotiate_seen && s->new_session &&
+ !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+ *al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT,
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+ return 0;
+ }
+
+ return 1;
+}
+
+int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
+ int n, int *al)
+{
+ unsigned short length;
+ unsigned short type;
+ unsigned short size;
+ unsigned char *data = *p;
+ int tlsext_servername = 0;
+ int renegotiate_seen = 0;
+
+ if (data >= (d + n - 2))
+ goto ri_check;
+
+ n2s(data, length);
+ if (data + length != d + n) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ while (data <= (d + n - 4)) {
+ n2s(data, type);
+ n2s(data, size);
+
+ if (data + size > (d + n))
+ goto ri_check;
+
+ if (s->tlsext_debug_cb)
+ s->tlsext_debug_cb(s, 1, type, data, size, s->tlsext_debug_arg);
+
+ if (type == TLSEXT_TYPE_server_name) {
+ if (s->tlsext_hostname == NULL || size > 0) {
+ *al = TLS1_AD_UNRECOGNIZED_NAME;
+ return 0;
+ }
+ tlsext_servername = 1;
+ } else if (type == TLSEXT_TYPE_session_ticket) {
+ if ((SSL_get_options(s) & SSL_OP_NO_TICKET)
+ || (size > 0)) {
+ *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+ return 0;
+ }
+ s->tlsext_ticket_expected = 1;
+ } else if (type == TLSEXT_TYPE_status_request &&
+ s->version != DTLS1_VERSION) {
+ /*
+ * MUST be empty and only sent if we've requested a status
+ * request message.
+ */
+ if ((s->tlsext_status_type == -1) || (size > 0)) {
+ *al = TLS1_AD_UNSUPPORTED_EXTENSION;
+ return 0;
+ }
+ /* Set flag to expect CertificateStatus message */
+ s->tlsext_status_expected = 1;
+ } else if (type == TLSEXT_TYPE_renegotiate) {
+ if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
+ return 0;
+ renegotiate_seen = 1;
+ }
+ data += size;
+ }
+
+ if (data != d + n) {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+
+ if (!s->hit && tlsext_servername == 1) {
+ if (s->tlsext_hostname) {
+ if (s->session->tlsext_hostname == NULL) {
+ s->session->tlsext_hostname = BUF_strdup(s->tlsext_hostname);
+ if (!s->session->tlsext_hostname) {
+ *al = SSL_AD_UNRECOGNIZED_NAME;
+ return 0;
+ }
+ } else {
+ *al = SSL_AD_DECODE_ERROR;
+ return 0;
+ }
+ }
+ }
+
+ *p = data;
+
+ ri_check:
+
+ /*
+ * Determine if we need to see RI. Strictly speaking if we want to avoid
+ * an attack we should *always* see RI even on initial server hello
+ * because the client doesn't see any renegotiation during an attack.
+ * However this would mean we could not connect to any server which
+ * doesn't support RI so for the immediate future tolerate RI absence on
+ * initial connect only.
+ */
+ if (!renegotiate_seen && !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
+ && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+ *al = SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT,
+ SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+ return 0;
+ }
+
+ return 1;
+}
+
+int ssl_check_clienthello_tlsext_early(SSL *s)
+{
+ int ret = SSL_TLSEXT_ERR_NOACK;
+ int al = SSL_AD_UNRECOGNIZED_NAME;
+
+ if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
+ ret =
+ s->ctx->tlsext_servername_callback(s, &al,
+ s->ctx->tlsext_servername_arg);
+ else if (s->initial_ctx != NULL
+ && s->initial_ctx->tlsext_servername_callback != 0)
+ ret =
+ s->initial_ctx->tlsext_servername_callback(s, &al,
+ s->
+ initial_ctx->tlsext_servername_arg);
+
+ switch (ret) {
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ return -1;
+
+ case SSL_TLSEXT_ERR_ALERT_WARNING:
+ ssl3_send_alert(s, SSL3_AL_WARNING, al);
+ return 1;
+
+ case SSL_TLSEXT_ERR_NOACK:
+ s->servername_done = 0;
+
+ default:
+ return 1;
+ }
+}
+
+int ssl_check_clienthello_tlsext_late(SSL *s)
+{
+ int ret = SSL_TLSEXT_ERR_OK;
+ int al;
+
+ /*
+ * If status request then ask callback what to do. Note: this must be
+ * called after servername callbacks in case the certificate has
+ * changed, and must be called after the cipher has been chosen because
+ * this may influence which certificate is sent
+ */
+ if (s->tlsext_status_type != -1 && s->ctx && s->ctx->tlsext_status_cb) {
+ int r;
+ CERT_PKEY *certpkey;
+ certpkey = ssl_get_server_send_pkey(s);
+ /* If no certificate can't return certificate status */
+ if (certpkey == NULL) {
+ s->tlsext_status_expected = 0;
+ return 1;
+ }
+ /*
+ * Set current certificate to one we will use so SSL_get_certificate
+ * et al can pick it up.
+ */
+ s->cert->key = certpkey;
+ r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+ switch (r) {
+ /* We don't want to send a status request response */
+ case SSL_TLSEXT_ERR_NOACK:
+ s->tlsext_status_expected = 0;
+ break;
+ /* status request response should be sent */
+ case SSL_TLSEXT_ERR_OK:
+ if (s->tlsext_ocsp_resp)
+ s->tlsext_status_expected = 1;
+ else
+ s->tlsext_status_expected = 0;
+ break;
+ /* something bad happened */
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ al = SSL_AD_INTERNAL_ERROR;
+ goto err;
+ }
+ } else
+ s->tlsext_status_expected = 0;
+
+ err:
+ switch (ret) {
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ return -1;
+
+ case SSL_TLSEXT_ERR_ALERT_WARNING:
+ ssl3_send_alert(s, SSL3_AL_WARNING, al);
+ return 1;
+
+ default:
+ return 1;
+ }
+}
+
+int ssl_check_serverhello_tlsext(SSL *s)
+{
+ int ret = SSL_TLSEXT_ERR_NOACK;
+ int al = SSL_AD_UNRECOGNIZED_NAME;
+
+ if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
+ ret =
+ s->ctx->tlsext_servername_callback(s, &al,
+ s->ctx->tlsext_servername_arg);
+ else if (s->initial_ctx != NULL
+ && s->initial_ctx->tlsext_servername_callback != 0)
+ ret =
+ s->initial_ctx->tlsext_servername_callback(s, &al,
+ s->
+ initial_ctx->tlsext_servername_arg);
+
+ /*
+ * If we've requested certificate status and we wont get one tell the
+ * callback
+ */
+ if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
+ && s->ctx->tlsext_status_cb) {
+ int r;
+ /*
+ * Set resp to NULL, resplen to -1 so callback knows there is no
+ * response.
+ */
+ if (s->tlsext_ocsp_resp) {
+ OPENSSL_free(s->tlsext_ocsp_resp);
+ s->tlsext_ocsp_resp = NULL;
+ }
+ s->tlsext_ocsp_resplen = -1;
+ r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+ if (r == 0) {
+ al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+ if (r < 0) {
+ al = SSL_AD_INTERNAL_ERROR;
+ ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+ }
+
+ switch (ret) {
+ case SSL_TLSEXT_ERR_ALERT_FATAL:
+ ssl3_send_alert(s, SSL3_AL_FATAL, al);
+ return -1;
+
+ case SSL_TLSEXT_ERR_ALERT_WARNING:
+ ssl3_send_alert(s, SSL3_AL_WARNING, al);
+ return 1;
+
+ case SSL_TLSEXT_ERR_NOACK:
+ s->servername_done = 0;
+ default:
+ return 1;
+ }
+}
+
+/*
+ * Since the server cache lookup is done early on in the processing of client
+ * hello and other operations depend on the result we need to handle any TLS
+ * session ticket extension at the same time.
+ */
+
+int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+ const unsigned char *limit, SSL_SESSION **ret)
+{
+ /* Point after session ID in client hello */
+ const unsigned char *p = session_id + len;
+ unsigned short i;
+
+ /*
+ * If tickets disabled behave as if no ticket present to permit stateful
+ * resumption.
+ */
+ if (SSL_get_options(s) & SSL_OP_NO_TICKET)
+ return 1;
+
+ if ((s->version <= SSL3_VERSION) || !limit)
+ return 1;
+ if (p >= limit)
+ return -1;
+ /* Skip past DTLS cookie */
+ if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER) {
+ i = *(p++);
+ p += i;
+ if (p >= limit)
+ return -1;
+ }
+ /* Skip past cipher list */
+ n2s(p, i);
+ p += i;
+ if (p >= limit)
+ return -1;
+ /* Skip past compression algorithm list */
+ i = *(p++);
+ p += i;
+ if (p > limit)
+ return -1;
+ /* Now at start of extensions */
+ if ((p + 2) >= limit)
+ return 1;
+ n2s(p, i);
+ while ((p + 4) <= limit) {
+ unsigned short type, size;
+ n2s(p, type);
+ n2s(p, size);
+ if (p + size > limit)
+ return 1;
+ if (type == TLSEXT_TYPE_session_ticket) {
+ /*
+ * If zero length note client will accept a ticket and indicate
+ * cache miss to trigger full handshake
+ */
+ if (size == 0) {
+ s->tlsext_ticket_expected = 1;
+ return 0; /* Cache miss */
+ }
+ return tls_decrypt_ticket(s, p, size, session_id, len, ret);
+ }
+ p += size;
+ }
+ return 1;
+}
+
+static int tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+ int eticklen, const unsigned char *sess_id,
+ int sesslen, SSL_SESSION **psess)
+{
+ SSL_SESSION *sess;
+ unsigned char *sdec;
+ const unsigned char *p;
+ int slen, mlen, renew_ticket = 0;
+ unsigned char tick_hmac[EVP_MAX_MD_SIZE];
+ HMAC_CTX hctx;
+ EVP_CIPHER_CTX ctx;
+ SSL_CTX *tctx = s->initial_ctx;
+ /* Need at least keyname + iv + some encrypted data */
+ if (eticklen < 48)
+ goto tickerr;
+ /* Initialize session ticket encryption and HMAC contexts */
+ HMAC_CTX_init(&hctx);
+ EVP_CIPHER_CTX_init(&ctx);
+ if (tctx->tlsext_ticket_key_cb) {
+ unsigned char *nctick = (unsigned char *)etick;
+ int rv = tctx->tlsext_ticket_key_cb(s, nctick, nctick + 16,
+ &ctx, &hctx, 0);
+ if (rv < 0)
+ return -1;
+ if (rv == 0)
+ goto tickerr;
+ if (rv == 2)
+ renew_ticket = 1;
+ } else {
+ /* Check key name matches */
+ if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
+ goto tickerr;
+ HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
+ tlsext_tick_md(), NULL);
+ EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
+ tctx->tlsext_tick_aes_key, etick + 16);
+ }
+ /*
+ * Attempt to process session ticket, first conduct sanity and integrity
+ * checks on ticket.
+ */
+ mlen = HMAC_size(&hctx);
+ eticklen -= mlen;
+ /* Check HMAC of encrypted ticket */
+ HMAC_Update(&hctx, etick, eticklen);
+ HMAC_Final(&hctx, tick_hmac, NULL);
+ HMAC_CTX_cleanup(&hctx);
+ if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ goto tickerr;
+ }
+ /* Attempt to decrypt session data */
+ /* Move p after IV to start of encrypted ticket, update length */
+ p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+ eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx);
+ sdec = OPENSSL_malloc(eticklen);
+ if (!sdec) {
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ return -1;
+ }
+ EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
+ if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) {
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ OPENSSL_free(sdec);
+ goto tickerr;
+ }
+ slen += mlen;
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ p = sdec;
+
+ sess = d2i_SSL_SESSION(NULL, &p, slen);
+ OPENSSL_free(sdec);
+ if (sess) {
+ /*
+ * The session ID if non-empty is used by some clients to detect that
+ * the ticket has been accepted. So we copy it to the session
+ * structure. If it is empty set length to zero as required by
+ * standard.
+ */
+ if (sesslen)
+ memcpy(sess->session_id, sess_id, sesslen);
+ sess->session_id_length = sesslen;
+ *psess = sess;
+ s->tlsext_ticket_expected = renew_ticket;
+ return 1;
+ }
+ /*
+ * If session decrypt failure indicate a cache miss and set state to send
+ * a new ticket
+ */
+ tickerr:
+ s->tlsext_ticket_expected = 1;
+ return 0;
+}
+
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/t1_meth.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/t1_meth.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/t1_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,76 +0,0 @@
-/* ssl/t1_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *tls1_get_method(int ver);
-static SSL_METHOD *tls1_get_method(int ver)
- {
- if (ver == TLS1_VERSION)
- return(TLSv1_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_tls1_meth_func(TLSv1_method,
- ssl3_accept,
- ssl3_connect,
- tls1_get_method)
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/t1_meth.c (from rev 6976, vendor-crypto/openssl/dist/ssl/t1_meth.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/t1_meth.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/t1_meth.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,73 @@
+/* ssl/t1_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+static SSL_METHOD *tls1_get_method(int ver);
+static SSL_METHOD *tls1_get_method(int ver)
+{
+ if (ver == TLS1_VERSION)
+ return (TLSv1_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_tls1_meth_func(TLSv1_method,
+ ssl3_accept, ssl3_connect, tls1_get_method)
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/t1_reneg.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/t1_reneg.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/t1_reneg.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,292 +0,0 @@
-/* ssl/t1_reneg.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-/* Add the client's renegotiation binding */
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
- int maxlen)
- {
- if(p)
- {
- if((s->s3->previous_client_finished_len+1) > maxlen)
- {
- SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
- return 0;
- }
-
- /* Length byte */
- *p = s->s3->previous_client_finished_len;
- p++;
-
- memcpy(p, s->s3->previous_client_finished,
- s->s3->previous_client_finished_len);
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "%s RI extension sent by client\n",
- s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
-#endif
- }
-
- *len=s->s3->previous_client_finished_len + 1;
-
-
- return 1;
- }
-
-/* Parse the client's renegotiation binding and abort if it's not
- right */
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
- int *al)
- {
- int ilen;
-
- /* Parse the length byte */
- if(len < 1)
- {
- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
- *al=SSL_AD_ILLEGAL_PARAMETER;
- return 0;
- }
- ilen = *d;
- d++;
-
- /* Consistency check */
- if((ilen+1) != len)
- {
- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
- *al=SSL_AD_ILLEGAL_PARAMETER;
- return 0;
- }
-
- /* Check that the extension matches */
- if(ilen != s->s3->previous_client_finished_len)
- {
- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_HANDSHAKE_FAILURE;
- return 0;
- }
-
- if(memcmp(d, s->s3->previous_client_finished,
- s->s3->previous_client_finished_len))
- {
- SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_HANDSHAKE_FAILURE;
- return 0;
- }
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "%s RI extension received by server\n",
- ilen ? "Non-empty" : "Empty");
-#endif
-
- s->s3->send_connection_binding=1;
-
- return 1;
- }
-
-/* Add the server's renegotiation binding */
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
- int maxlen)
- {
- if(p)
- {
- if((s->s3->previous_client_finished_len +
- s->s3->previous_server_finished_len + 1) > maxlen)
- {
- SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATE_EXT_TOO_LONG);
- return 0;
- }
-
- /* Length byte */
- *p = s->s3->previous_client_finished_len + s->s3->previous_server_finished_len;
- p++;
-
- memcpy(p, s->s3->previous_client_finished,
- s->s3->previous_client_finished_len);
- p += s->s3->previous_client_finished_len;
-
- memcpy(p, s->s3->previous_server_finished,
- s->s3->previous_server_finished_len);
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "%s RI extension sent by server\n",
- s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
-#endif
- }
-
- *len=s->s3->previous_client_finished_len
- + s->s3->previous_server_finished_len + 1;
-
- return 1;
- }
-
-/* Parse the server's renegotiation binding and abort if it's not
- right */
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
- int *al)
- {
- int expected_len=s->s3->previous_client_finished_len
- + s->s3->previous_server_finished_len;
- int ilen;
-
- /* Check for logic errors */
- OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
- OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
-
- /* Parse the length byte */
- if(len < 1)
- {
- SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
- *al=SSL_AD_ILLEGAL_PARAMETER;
- return 0;
- }
- ilen = *d;
- d++;
-
- /* Consistency check */
- if(ilen+1 != len)
- {
- SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_ENCODING_ERR);
- *al=SSL_AD_ILLEGAL_PARAMETER;
- return 0;
- }
-
- /* Check that the extension matches */
- if(ilen != expected_len)
- {
- SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_HANDSHAKE_FAILURE;
- return 0;
- }
-
- if(memcmp(d, s->s3->previous_client_finished,
- s->s3->previous_client_finished_len))
- {
- SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_HANDSHAKE_FAILURE;
- return 0;
- }
- d += s->s3->previous_client_finished_len;
-
- if(memcmp(d, s->s3->previous_server_finished,
- s->s3->previous_server_finished_len))
- {
- SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,SSL_R_RENEGOTIATION_MISMATCH);
- *al=SSL_AD_ILLEGAL_PARAMETER;
- return 0;
- }
-#ifdef OPENSSL_RI_DEBUG
- fprintf(stderr, "%s RI extension received by client\n",
- ilen ? "Non-empty" : "Empty");
-#endif
- s->s3->send_connection_binding=1;
-
- return 1;
- }
Copied: vendor-crypto/openssl/0.9.8zf/ssl/t1_reneg.c (from rev 6976, vendor-crypto/openssl/dist/ssl/t1_reneg.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/t1_reneg.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/t1_reneg.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,292 @@
+/* ssl/t1_reneg.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2009 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay at cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh at cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_locl.h"
+
+/* Add the client's renegotiation binding */
+int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+ int maxlen)
+{
+ if (p) {
+ if ((s->s3->previous_client_finished_len + 1) > maxlen) {
+ SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT,
+ SSL_R_RENEGOTIATE_EXT_TOO_LONG);
+ return 0;
+ }
+
+ /* Length byte */
+ *p = s->s3->previous_client_finished_len;
+ p++;
+
+ memcpy(p, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len);
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "%s RI extension sent by client\n",
+ s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
+#endif
+ }
+
+ *len = s->s3->previous_client_finished_len + 1;
+
+ return 1;
+}
+
+/*
+ * Parse the client's renegotiation binding and abort if it's not right
+ */
+int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+ int *al)
+{
+ int ilen;
+
+ /* Parse the length byte */
+ if (len < 1) {
+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
+ SSL_R_RENEGOTIATION_ENCODING_ERR);
+ *al = SSL_AD_ILLEGAL_PARAMETER;
+ return 0;
+ }
+ ilen = *d;
+ d++;
+
+ /* Consistency check */
+ if ((ilen + 1) != len) {
+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
+ SSL_R_RENEGOTIATION_ENCODING_ERR);
+ *al = SSL_AD_ILLEGAL_PARAMETER;
+ return 0;
+ }
+
+ /* Check that the extension matches */
+ if (ilen != s->s3->previous_client_finished_len) {
+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
+ SSL_R_RENEGOTIATION_MISMATCH);
+ *al = SSL_AD_HANDSHAKE_FAILURE;
+ return 0;
+ }
+
+ if (memcmp(d, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len)) {
+ SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
+ SSL_R_RENEGOTIATION_MISMATCH);
+ *al = SSL_AD_HANDSHAKE_FAILURE;
+ return 0;
+ }
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "%s RI extension received by server\n",
+ ilen ? "Non-empty" : "Empty");
+#endif
+
+ s->s3->send_connection_binding = 1;
+
+ return 1;
+}
+
+/* Add the server's renegotiation binding */
+int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+ int maxlen)
+{
+ if (p) {
+ if ((s->s3->previous_client_finished_len +
+ s->s3->previous_server_finished_len + 1) > maxlen) {
+ SSLerr(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT,
+ SSL_R_RENEGOTIATE_EXT_TOO_LONG);
+ return 0;
+ }
+
+ /* Length byte */
+ *p = s->s3->previous_client_finished_len +
+ s->s3->previous_server_finished_len;
+ p++;
+
+ memcpy(p, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len);
+ p += s->s3->previous_client_finished_len;
+
+ memcpy(p, s->s3->previous_server_finished,
+ s->s3->previous_server_finished_len);
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "%s RI extension sent by server\n",
+ s->s3->previous_client_finished_len ? "Non-empty" : "Empty");
+#endif
+ }
+
+ *len = s->s3->previous_client_finished_len
+ + s->s3->previous_server_finished_len + 1;
+
+ return 1;
+}
+
+/*
+ * Parse the server's renegotiation binding and abort if it's not right
+ */
+int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+ int *al)
+{
+ int expected_len = s->s3->previous_client_finished_len
+ + s->s3->previous_server_finished_len;
+ int ilen;
+
+ /* Check for logic errors */
+ OPENSSL_assert(!expected_len || s->s3->previous_client_finished_len);
+ OPENSSL_assert(!expected_len || s->s3->previous_server_finished_len);
+
+ /* Parse the length byte */
+ if (len < 1) {
+ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
+ SSL_R_RENEGOTIATION_ENCODING_ERR);
+ *al = SSL_AD_ILLEGAL_PARAMETER;
+ return 0;
+ }
+ ilen = *d;
+ d++;
+
+ /* Consistency check */
+ if (ilen + 1 != len) {
+ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
+ SSL_R_RENEGOTIATION_ENCODING_ERR);
+ *al = SSL_AD_ILLEGAL_PARAMETER;
+ return 0;
+ }
+
+ /* Check that the extension matches */
+ if (ilen != expected_len) {
+ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
+ SSL_R_RENEGOTIATION_MISMATCH);
+ *al = SSL_AD_HANDSHAKE_FAILURE;
+ return 0;
+ }
+
+ if (memcmp(d, s->s3->previous_client_finished,
+ s->s3->previous_client_finished_len)) {
+ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
+ SSL_R_RENEGOTIATION_MISMATCH);
+ *al = SSL_AD_HANDSHAKE_FAILURE;
+ return 0;
+ }
+ d += s->s3->previous_client_finished_len;
+
+ if (memcmp(d, s->s3->previous_server_finished,
+ s->s3->previous_server_finished_len)) {
+ SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
+ SSL_R_RENEGOTIATION_MISMATCH);
+ *al = SSL_AD_ILLEGAL_PARAMETER;
+ return 0;
+ }
+#ifdef OPENSSL_RI_DEBUG
+ fprintf(stderr, "%s RI extension received by client\n",
+ ilen ? "Non-empty" : "Empty");
+#endif
+ s->s3->send_connection_binding = 1;
+
+ return 1;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/t1_srvr.c
===================================================================
--- vendor-crypto/openssl/dist/ssl/t1_srvr.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/t1_srvr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,80 +0,0 @@
-/* ssl/t1_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-static SSL_METHOD *tls1_get_server_method(int ver);
-static SSL_METHOD *tls1_get_server_method(int ver)
- {
- if (ver == TLS1_VERSION)
- return(TLSv1_server_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_tls1_meth_func(TLSv1_server_method,
- ssl3_accept,
- ssl_undefined_function,
- tls1_get_server_method)
-
Copied: vendor-crypto/openssl/0.9.8zf/ssl/t1_srvr.c (from rev 6976, vendor-crypto/openssl/dist/ssl/t1_srvr.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/t1_srvr.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/t1_srvr.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,78 @@
+/* ssl/t1_srvr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+static SSL_METHOD *tls1_get_server_method(int ver);
+static SSL_METHOD *tls1_get_server_method(int ver)
+{
+ if (ver == TLS1_VERSION)
+ return (TLSv1_server_method());
+ else
+ return (NULL);
+}
+
+IMPLEMENT_tls1_meth_func(TLSv1_server_method,
+ ssl3_accept,
+ ssl_undefined_function, tls1_get_server_method)
Deleted: vendor-crypto/openssl/0.9.8zf/ssl/tls1.h
===================================================================
--- vendor-crypto/openssl/dist/ssl/tls1.h 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/ssl/tls1.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,429 +0,0 @@
-/* ssl/tls1.h */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-
-#ifndef HEADER_TLS1_H
-#define HEADER_TLS1_H
-
-#include <openssl/buffer.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
-
-#define TLS1_VERSION 0x0301
-#define TLS1_1_VERSION 0x0302
-#define TLS1_2_VERSION 0x0303
-/* TLS 1.1 and 1.2 are not supported by this version of OpenSSL, so
- * TLS_MAX_VERSION indicates TLS 1.0 regardless of the above
- * definitions. (s23_clnt.c and s23_srvr.c have an OPENSSL_assert()
- * check that would catch the error if TLS_MAX_VERSION was too low.)
- */
-#define TLS_MAX_VERSION TLS1_VERSION
-
-#define TLS1_VERSION_MAJOR 0x03
-#define TLS1_VERSION_MINOR 0x01
-
-#define TLS1_1_VERSION_MAJOR 0x03
-#define TLS1_1_VERSION_MINOR 0x02
-
-#define TLS1_2_VERSION_MAJOR 0x03
-#define TLS1_2_VERSION_MINOR 0x03
-
-#define TLS1_get_version(s) \
- ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
-
-#define TLS1_get_client_version(s) \
- ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
-
-#define TLS1_AD_DECRYPTION_FAILED 21
-#define TLS1_AD_RECORD_OVERFLOW 22
-#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
-#define TLS1_AD_ACCESS_DENIED 49 /* fatal */
-#define TLS1_AD_DECODE_ERROR 50 /* fatal */
-#define TLS1_AD_DECRYPT_ERROR 51
-#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */
-#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */
-#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
-#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
-#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */
-#define TLS1_AD_USER_CANCELLED 90
-#define TLS1_AD_NO_RENEGOTIATION 100
-/* codes 110-114 are from RFC3546 */
-#define TLS1_AD_UNSUPPORTED_EXTENSION 110
-#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
-#define TLS1_AD_UNRECOGNIZED_NAME 112
-#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
-#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
-#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
-
-/* ExtensionType values from RFC 3546 */
-#define TLSEXT_TYPE_server_name 0
-#define TLSEXT_TYPE_max_fragment_length 1
-#define TLSEXT_TYPE_client_certificate_url 2
-#define TLSEXT_TYPE_trusted_ca_keys 3
-#define TLSEXT_TYPE_truncated_hmac 4
-#define TLSEXT_TYPE_status_request 5
-#define TLSEXT_TYPE_elliptic_curves 10
-#define TLSEXT_TYPE_ec_point_formats 11
-#define TLSEXT_TYPE_session_ticket 35
-
-/* Temporary extension type */
-#define TLSEXT_TYPE_renegotiate 0xff01
-
-/* NameType value from RFC 3546 */
-#define TLSEXT_NAMETYPE_host_name 0
-/* status request value from RFC 3546 */
-#define TLSEXT_STATUSTYPE_ocsp 1
-
-#ifndef OPENSSL_NO_TLSEXT
-
-#define TLSEXT_MAXLEN_host_name 255
-
-const char *SSL_get_servername(const SSL *s, const int type) ;
-int SSL_get_servername_type(const SSL *s) ;
-
-#define SSL_set_tlsext_host_name(s,name) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
-
-#define SSL_set_tlsext_debug_callback(ssl, cb) \
-SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
-
-#define SSL_set_tlsext_debug_arg(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
-
-#define SSL_set_tlsext_status_type(ssl, type) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
-
-#define SSL_get_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
-
-#define SSL_set_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
-
-#define SSL_get_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
-
-#define SSL_set_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
-
-#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
-
-#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
-
-#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
-
-#define SSL_TLSEXT_ERR_OK 0
-#define SSL_TLSEXT_ERR_ALERT_WARNING 1
-#define SSL_TLSEXT_ERR_ALERT_FATAL 2
-#define SSL_TLSEXT_ERR_NOACK 3
-
-#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
-
-#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
- SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
-#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
- SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
-
-#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
-
-#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
-SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
-
-#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
-
-#endif
-
-/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
- * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
- * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
- * shouldn't. */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061
-#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
-#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
-
-/* AES ciphersuites from RFC3268 */
-
-#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
-#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
-
-#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
-#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
-
-/* Camellia ciphersuites from RFC4132 */
-#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
-#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
-
-#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
-#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
-
-/* SEED ciphersuites from RFC4162 */
-#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
-#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
-#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
-#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
-#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
-#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
-
-/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
-#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
-#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
-#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
-
-#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
-#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
-#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
-
-#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
-#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
-#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
-
-#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
-#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
-#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
-
-#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
-#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
-#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
-#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
-#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
-
-/* XXX
- * Inconsistency alert:
- * The OpenSSL names of ciphers with ephemeral DH here include the string
- * "DHE", while elsewhere it has always been "EDH".
- * (The alias for the list of all such ciphers also is "EDH".)
- * The specifications speak of "EDH"; maybe we should allow both forms
- * for everything. */
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
-
-/* AES ciphersuites from RFC3268 */
-#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
-
-#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
-
-/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
-#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
-
-#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
-
-#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
-
-#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
-
-#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
-
-/* Camellia ciphersuites from RFC4132 */
-#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
-
-#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
-
-/* SEED ciphersuites from RFC4162 */
-#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
-#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
-#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
-#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
-
-#define TLS_CT_RSA_SIGN 1
-#define TLS_CT_DSS_SIGN 2
-#define TLS_CT_RSA_FIXED_DH 3
-#define TLS_CT_DSS_FIXED_DH 4
-#define TLS_CT_ECDSA_SIGN 64
-#define TLS_CT_RSA_FIXED_ECDH 65
-#define TLS_CT_ECDSA_FIXED_ECDH 66
-#define TLS_CT_NUMBER 7
-
-#define TLS1_FINISH_MAC_LENGTH 12
-
-#define TLS_MD_MAX_CONST_SIZE 20
-#define TLS_MD_CLIENT_FINISH_CONST "client finished"
-#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
-#define TLS_MD_SERVER_FINISH_CONST "server finished"
-#define TLS_MD_SERVER_FINISH_CONST_SIZE 15
-#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
-#define TLS_MD_KEY_EXPANSION_CONST "key expansion"
-#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
-#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
-#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
-#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
-#define TLS_MD_IV_BLOCK_CONST "IV block"
-#define TLS_MD_IV_BLOCK_CONST_SIZE 8
-#define TLS_MD_MASTER_SECRET_CONST "master secret"
-#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
-
-#ifdef CHARSET_EBCDIC
-#undef TLS_MD_CLIENT_FINISH_CONST
-#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/
-#undef TLS_MD_SERVER_FINISH_CONST
-#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/
-#undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
-#undef TLS_MD_KEY_EXPANSION_CONST
-#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/
-#undef TLS_MD_CLIENT_WRITE_KEY_CONST
-#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/
-#undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
-#undef TLS_MD_IV_BLOCK_CONST
-#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/
-#undef TLS_MD_MASTER_SECRET_CONST
-#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-#endif
Copied: vendor-crypto/openssl/0.9.8zf/ssl/tls1.h (from rev 6976, vendor-crypto/openssl/dist/ssl/tls1.h)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/ssl/tls1.h (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/ssl/tls1.h 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,466 @@
+/* ssl/tls1.h */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
+
+#ifndef HEADER_TLS1_H
+# define HEADER_TLS1_H
+
+# include <openssl/buffer.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
+
+# define TLS1_VERSION 0x0301
+# define TLS1_1_VERSION 0x0302
+# define TLS1_2_VERSION 0x0303
+/*
+ * TLS 1.1 and 1.2 are not supported by this version of OpenSSL, so
+ * TLS_MAX_VERSION indicates TLS 1.0 regardless of the above definitions.
+ * (s23_clnt.c and s23_srvr.c have an OPENSSL_assert() check that would catch
+ * the error if TLS_MAX_VERSION was too low.)
+ */
+# define TLS_MAX_VERSION TLS1_VERSION
+
+# define TLS1_VERSION_MAJOR 0x03
+# define TLS1_VERSION_MINOR 0x01
+
+# define TLS1_1_VERSION_MAJOR 0x03
+# define TLS1_1_VERSION_MINOR 0x02
+
+# define TLS1_2_VERSION_MAJOR 0x03
+# define TLS1_2_VERSION_MINOR 0x03
+
+# define TLS1_get_version(s) \
+ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
+
+# define TLS1_get_client_version(s) \
+ ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
+
+# define TLS1_AD_DECRYPTION_FAILED 21
+# define TLS1_AD_RECORD_OVERFLOW 22
+# define TLS1_AD_UNKNOWN_CA 48/* fatal */
+# define TLS1_AD_ACCESS_DENIED 49/* fatal */
+# define TLS1_AD_DECODE_ERROR 50/* fatal */
+# define TLS1_AD_DECRYPT_ERROR 51
+# define TLS1_AD_EXPORT_RESTRICTION 60/* fatal */
+# define TLS1_AD_PROTOCOL_VERSION 70/* fatal */
+# define TLS1_AD_INSUFFICIENT_SECURITY 71/* fatal */
+# define TLS1_AD_INTERNAL_ERROR 80/* fatal */
+# define TLS1_AD_INAPPROPRIATE_FALLBACK 86/* fatal */
+# define TLS1_AD_USER_CANCELLED 90
+# define TLS1_AD_NO_RENEGOTIATION 100
+/* codes 110-114 are from RFC3546 */
+# define TLS1_AD_UNSUPPORTED_EXTENSION 110
+# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
+# define TLS1_AD_UNRECOGNIZED_NAME 112
+# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
+# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
+# define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */
+
+/* ExtensionType values from RFC 3546 */
+# define TLSEXT_TYPE_server_name 0
+# define TLSEXT_TYPE_max_fragment_length 1
+# define TLSEXT_TYPE_client_certificate_url 2
+# define TLSEXT_TYPE_trusted_ca_keys 3
+# define TLSEXT_TYPE_truncated_hmac 4
+# define TLSEXT_TYPE_status_request 5
+# define TLSEXT_TYPE_elliptic_curves 10
+# define TLSEXT_TYPE_ec_point_formats 11
+# define TLSEXT_TYPE_session_ticket 35
+
+/* Temporary extension type */
+# define TLSEXT_TYPE_renegotiate 0xff01
+
+/* NameType value from RFC 3546 */
+# define TLSEXT_NAMETYPE_host_name 0
+/* status request value from RFC 3546 */
+# define TLSEXT_STATUSTYPE_ocsp 1
+
+# ifndef OPENSSL_NO_TLSEXT
+
+# define TLSEXT_MAXLEN_host_name 255
+
+const char *SSL_get_servername(const SSL *s, const int type);
+int SSL_get_servername_type(const SSL *s);
+
+# define SSL_set_tlsext_host_name(s,name) \
+SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
+
+# define SSL_set_tlsext_debug_callback(ssl, cb) \
+SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
+
+# define SSL_set_tlsext_debug_arg(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
+
+# define SSL_set_tlsext_status_type(ssl, type) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
+
+# define SSL_get_tlsext_status_exts(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
+
+# define SSL_set_tlsext_status_exts(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
+
+# define SSL_get_tlsext_status_ids(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
+
+# define SSL_set_tlsext_status_ids(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
+
+# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
+SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
+
+# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
+SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
+
+# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
+SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
+
+# define SSL_TLSEXT_ERR_OK 0
+# define SSL_TLSEXT_ERR_ALERT_WARNING 1
+# define SSL_TLSEXT_ERR_ALERT_FATAL 2
+# define SSL_TLSEXT_ERR_NOACK 3
+
+# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
+SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
+
+# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
+# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
+ SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
+
+# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
+
+# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
+SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg)
+
+# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
+SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+
+# endif
+
+/*
+ * Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
+ * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
+ * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
+ * shouldn't.
+ */
+# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060
+# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061
+# define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
+# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
+# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
+# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
+# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
+
+/* AES ciphersuites from RFC3268 */
+
+# define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
+# define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
+# define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
+# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
+# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
+# define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
+
+# define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
+# define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
+# define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
+# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
+# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
+# define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
+# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
+
+# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
+# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
+
+/* SEED ciphersuites from RFC4162 */
+# define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
+# define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
+# define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
+# define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099
+# define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
+# define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
+
+/*
+ * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in
+ * draft 13
+ */
+# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
+# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
+# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
+
+# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
+# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
+# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
+
+# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
+# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
+# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
+
+# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
+# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
+# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
+
+# define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
+# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
+# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
+# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
+# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
+
+/*
+ * XXX Inconsistency alert: The OpenSSL names of ciphers with ephemeral DH
+ * here include the string "DHE", while elsewhere it has always been "EDH".
+ * (The alias for the list of all such ciphers also is "EDH".) The
+ * specifications speak of "EDH"; maybe we should allow both forms for
+ * everything.
+ */
+# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
+# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
+# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
+# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
+# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
+# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
+
+/* AES ciphersuites from RFC3268 */
+# define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
+# define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
+
+# define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
+# define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
+
+/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
+# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
+
+# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
+
+# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
+
+# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
+
+# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
+
+# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
+
+/* SEED ciphersuites from RFC4162 */
+# define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
+# define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
+# define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA"
+# define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA"
+
+# define TLS_CT_RSA_SIGN 1
+# define TLS_CT_DSS_SIGN 2
+# define TLS_CT_RSA_FIXED_DH 3
+# define TLS_CT_DSS_FIXED_DH 4
+# define TLS_CT_ECDSA_SIGN 64
+# define TLS_CT_RSA_FIXED_ECDH 65
+# define TLS_CT_ECDSA_FIXED_ECDH 66
+# define TLS_CT_NUMBER 7
+
+# define TLS1_FINISH_MAC_LENGTH 12
+
+# define TLS_MD_MAX_CONST_SIZE 20
+# define TLS_MD_CLIENT_FINISH_CONST "client finished"
+# define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
+# define TLS_MD_SERVER_FINISH_CONST "server finished"
+# define TLS_MD_SERVER_FINISH_CONST_SIZE 15
+# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
+# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
+# define TLS_MD_KEY_EXPANSION_CONST "key expansion"
+# define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
+# define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
+# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
+# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
+# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
+# define TLS_MD_IV_BLOCK_CONST "IV block"
+# define TLS_MD_IV_BLOCK_CONST_SIZE 8
+# define TLS_MD_MASTER_SECRET_CONST "master secret"
+# define TLS_MD_MASTER_SECRET_CONST_SIZE 13
+
+# ifdef CHARSET_EBCDIC
+# undef TLS_MD_CLIENT_FINISH_CONST
+/*
+ * client finished
+ */
+# define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
+
+# undef TLS_MD_SERVER_FINISH_CONST
+/*
+ * server finished
+ */
+# define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
+
+# undef TLS_MD_SERVER_WRITE_KEY_CONST
+/*
+ * server write key
+ */
+# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+# undef TLS_MD_KEY_EXPANSION_CONST
+/*
+ * key expansion
+ */
+# define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"
+
+# undef TLS_MD_CLIENT_WRITE_KEY_CONST
+/*
+ * client write key
+ */
+# define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+# undef TLS_MD_SERVER_WRITE_KEY_CONST
+/*
+ * server write key
+ */
+# define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+# undef TLS_MD_IV_BLOCK_CONST
+/*
+ * IV block
+ */
+# define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b"
+
+# undef TLS_MD_MASTER_SECRET_CONST
+/*
+ * master secret
+ */
+# define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+# endif
+
+#ifdef __cplusplus
+}
+#endif
+#endif
Deleted: vendor-crypto/openssl/0.9.8zf/test/dummytest.c
===================================================================
--- vendor-crypto/openssl/dist/test/dummytest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/test/dummytest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,48 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <openssl/e_os2.h>
-#include <openssl/buffer.h>
-#include <openssl/crypto.h>
-
-int main(int argc, char *argv[])
- {
- char *p, *q = 0, *program;
-
- p = strrchr(argv[0], '/');
- if (!p) p = strrchr(argv[0], '\\');
-#ifdef OPENSSL_SYS_VMS
- if (!p) p = strrchr(argv[0], ']');
- if (p) q = strrchr(p, '>');
- if (q) p = q;
- if (!p) p = strrchr(argv[0], ':');
- q = 0;
-#endif
- if (p) p++;
- if (!p) p = argv[0];
- if (p) q = strchr(p, '.');
- if (p && !q) q = p + strlen(p);
-
- if (!p)
- program = BUF_strdup("(unknown)");
- else
- {
- program = OPENSSL_malloc((q - p) + 1);
- strncpy(program, p, q - p);
- program[q - p] = '\0';
- }
-
- for(p = program; *p; p++)
- if (islower((unsigned char)(*p)))
- *p = toupper((unsigned char)(*p));
-
- q = strstr(program, "TEST");
- if (q > p && q[-1] == '_') q--;
- *q = '\0';
-
- printf("No %s support\n", program);
-
- OPENSSL_free(program);
- return(0);
- }
Copied: vendor-crypto/openssl/0.9.8zf/test/dummytest.c (from rev 6976, vendor-crypto/openssl/dist/test/dummytest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/test/dummytest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/test/dummytest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,57 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/crypto.h>
+
+int main(int argc, char *argv[])
+{
+ char *p, *q = 0, *program;
+
+ p = strrchr(argv[0], '/');
+ if (!p)
+ p = strrchr(argv[0], '\\');
+#ifdef OPENSSL_SYS_VMS
+ if (!p)
+ p = strrchr(argv[0], ']');
+ if (p)
+ q = strrchr(p, '>');
+ if (q)
+ p = q;
+ if (!p)
+ p = strrchr(argv[0], ':');
+ q = 0;
+#endif
+ if (p)
+ p++;
+ if (!p)
+ p = argv[0];
+ if (p)
+ q = strchr(p, '.');
+ if (p && !q)
+ q = p + strlen(p);
+
+ if (!p)
+ program = BUF_strdup("(unknown)");
+ else {
+ program = OPENSSL_malloc((q - p) + 1);
+ strncpy(program, p, q - p);
+ program[q - p] = '\0';
+ }
+
+ for (p = program; *p; p++)
+ if (islower((unsigned char)(*p)))
+ *p = toupper((unsigned char)(*p));
+
+ q = strstr(program, "TEST");
+ if (q > p && q[-1] == '_')
+ q--;
+ *q = '\0';
+
+ printf("No %s support\n", program);
+
+ OPENSSL_free(program);
+ return (0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/test/igetest.c
===================================================================
--- vendor-crypto/openssl/dist/test/igetest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/test/igetest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,503 +0,0 @@
-/* test/igetest.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core at openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/rand.h>
-#include <stdio.h>
-#include <string.h>
-#include <assert.h>
-
-#define TEST_SIZE 128
-#define BIG_TEST_SIZE 10240
-
-static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
- {
- int n=0;
-
- fprintf(f,"%s",title);
- for( ; n < l ; ++n)
- {
- if((n%16) == 0)
- fprintf(f,"\n%04x",n);
- fprintf(f," %02x",s[n]);
- }
- fprintf(f,"\n");
- }
-
-#define MAX_VECTOR_SIZE 64
-
-struct ige_test
- {
- const unsigned char key[16];
- const unsigned char iv[32];
- const unsigned char in[MAX_VECTOR_SIZE];
- const unsigned char out[MAX_VECTOR_SIZE];
- const size_t length;
- const int encrypt;
- };
-
-static struct ige_test const ige_test_vectors[] = {
-{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* iv */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
- { 0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
- 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
- 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
- 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb }, /* out */
- 32, AES_ENCRYPT }, /* test vector 0 */
-
-{ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65 }, /* key */
- { 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
- 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
- 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
- 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53 }, /* iv */
- { 0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
- 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
- 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
- 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a }, /* in */
- { 0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
- 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
- 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
- 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b }, /* out */
- 32, AES_DECRYPT }, /* test vector 1 */
-};
-
-struct bi_ige_test
- {
- const unsigned char key1[32];
- const unsigned char key2[32];
- const unsigned char iv[64];
- const unsigned char in[MAX_VECTOR_SIZE];
- const unsigned char out[MAX_VECTOR_SIZE];
- const size_t keysize;
- const size_t length;
- const int encrypt;
- };
-
-static struct bi_ige_test const bi_ige_test_vectors[] = {
-{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */
- { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
- { 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
- 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
- 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
- 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */
- 16, 32, AES_ENCRYPT }, /* test vector 0 */
-{ { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
- 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
- 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
- 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */
- { 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
- 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
- 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
- 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */
- { 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
- 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
- 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
- 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
- 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
- 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
- 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
- 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */
- { 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
- 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
- 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
- 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
- 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
- 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
- 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
- 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
- { 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
- 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
- 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
- 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
- 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
- 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
- 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
- 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
- 32, 64, AES_ENCRYPT }, /* test vector 1 */
-
-};
-
-static int run_test_vectors(void)
- {
- unsigned int n;
- int errs = 0;
-
- for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n)
- {
- const struct ige_test * const v = &ige_test_vectors[n];
- AES_KEY key;
- unsigned char buf[MAX_VECTOR_SIZE];
- unsigned char iv[AES_BLOCK_SIZE*2];
-
- assert(v->length <= MAX_VECTOR_SIZE);
-
- if(v->encrypt == AES_ENCRYPT)
- AES_set_encrypt_key(v->key, 8*sizeof v->key, &key);
- else
- AES_set_decrypt_key(v->key, 8*sizeof v->key, &key);
- memcpy(iv, v->iv, sizeof iv);
- AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
-
- if(memcmp(v->out, buf, v->length))
- {
- printf("IGE test vector %d failed\n", n);
- hexdump(stdout, "key", v->key, sizeof v->key);
- hexdump(stdout, "iv", v->iv, sizeof v->iv);
- hexdump(stdout, "in", v->in, v->length);
- hexdump(stdout, "expected", v->out, v->length);
- hexdump(stdout, "got", buf, v->length);
-
- ++errs;
- }
-
- /* try with in == out */
- memcpy(iv, v->iv, sizeof iv);
- memcpy(buf, v->in, v->length);
- AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
-
- if(memcmp(v->out, buf, v->length))
- {
- printf("IGE test vector %d failed (with in == out)\n", n);
- hexdump(stdout, "key", v->key, sizeof v->key);
- hexdump(stdout, "iv", v->iv, sizeof v->iv);
- hexdump(stdout, "in", v->in, v->length);
- hexdump(stdout, "expected", v->out, v->length);
- hexdump(stdout, "got", buf, v->length);
-
- ++errs;
- }
- }
-
- for(n=0 ; n < sizeof(bi_ige_test_vectors)/sizeof(bi_ige_test_vectors[0])
- ; ++n)
- {
- const struct bi_ige_test * const v = &bi_ige_test_vectors[n];
- AES_KEY key1;
- AES_KEY key2;
- unsigned char buf[MAX_VECTOR_SIZE];
-
- assert(v->length <= MAX_VECTOR_SIZE);
-
- if(v->encrypt == AES_ENCRYPT)
- {
- AES_set_encrypt_key(v->key1, 8*v->keysize, &key1);
- AES_set_encrypt_key(v->key2, 8*v->keysize, &key2);
- }
- else
- {
- AES_set_decrypt_key(v->key1, 8*v->keysize, &key1);
- AES_set_decrypt_key(v->key2, 8*v->keysize, &key2);
- }
-
- AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
- v->encrypt);
-
- if(memcmp(v->out, buf, v->length))
- {
- printf("Bidirectional IGE test vector %d failed\n", n);
- hexdump(stdout, "key 1", v->key1, sizeof v->key1);
- hexdump(stdout, "key 2", v->key2, sizeof v->key2);
- hexdump(stdout, "iv", v->iv, sizeof v->iv);
- hexdump(stdout, "in", v->in, v->length);
- hexdump(stdout, "expected", v->out, v->length);
- hexdump(stdout, "got", buf, v->length);
-
- ++errs;
- }
- }
-
- return errs;
- }
-
-int main(int argc, char **argv)
- {
- unsigned char rkey[16];
- unsigned char rkey2[16];
- AES_KEY key;
- AES_KEY key2;
- unsigned char plaintext[BIG_TEST_SIZE];
- unsigned char ciphertext[BIG_TEST_SIZE];
- unsigned char checktext[BIG_TEST_SIZE];
- unsigned char iv[AES_BLOCK_SIZE*4];
- unsigned char saved_iv[AES_BLOCK_SIZE*4];
- int err = 0;
- unsigned int n;
- unsigned matches;
-
- assert(BIG_TEST_SIZE >= TEST_SIZE);
-
- RAND_pseudo_bytes(rkey, sizeof rkey);
- RAND_pseudo_bytes(plaintext, sizeof plaintext);
- RAND_pseudo_bytes(iv, sizeof iv);
- memcpy(saved_iv, iv, sizeof saved_iv);
-
- /* Forward IGE only... */
-
- /* Straight encrypt/decrypt */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv,
- AES_ENCRYPT);
-
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,
- AES_DECRYPT);
-
- if(memcmp(checktext, plaintext, TEST_SIZE))
- {
- printf("Encrypt+decrypt doesn't match\n");
- hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
- hexdump(stdout, "Checktext", checktext, TEST_SIZE);
- ++err;
- }
-
- /* Now check encrypt chaining works */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,
- AES_ENCRYPT);
- AES_ige_encrypt(plaintext+TEST_SIZE/2,
- ciphertext+TEST_SIZE/2, TEST_SIZE/2,
- &key, iv, AES_ENCRYPT);
-
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,
- AES_DECRYPT);
-
- if(memcmp(checktext, plaintext, TEST_SIZE))
- {
- printf("Chained encrypt+decrypt doesn't match\n");
- hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
- hexdump(stdout, "Checktext", checktext, TEST_SIZE);
- ++err;
- }
-
- /* And check decrypt chaining */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,
- AES_ENCRYPT);
- AES_ige_encrypt(plaintext+TEST_SIZE/2,
- ciphertext+TEST_SIZE/2, TEST_SIZE/2,
- &key, iv, AES_ENCRYPT);
-
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(ciphertext, checktext, TEST_SIZE/2, &key, iv,
- AES_DECRYPT);
- AES_ige_encrypt(ciphertext+TEST_SIZE/2,
- checktext+TEST_SIZE/2, TEST_SIZE/2, &key, iv,
- AES_DECRYPT);
-
- if(memcmp(checktext, plaintext, TEST_SIZE))
- {
- printf("Chained encrypt+chained decrypt doesn't match\n");
- hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
- hexdump(stdout, "Checktext", checktext, TEST_SIZE);
- ++err;
- }
-
- /* make sure garble extends forwards only */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
- AES_ENCRYPT);
-
- /* corrupt halfway through */
- ++ciphertext[sizeof ciphertext/2];
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
- AES_DECRYPT);
-
- matches=0;
- for(n=0 ; n < sizeof checktext ; ++n)
- if(checktext[n] == plaintext[n])
- ++matches;
-
- if(matches > sizeof checktext/2+sizeof checktext/100)
- {
- printf("More than 51%% matches after garbling\n");
- ++err;
- }
-
- if(matches < sizeof checktext/2)
- {
- printf("Garble extends backwards!\n");
- ++err;
- }
-
- /* Bi-directional IGE */
-
- /* Note that we don't have to recover the IV, because chaining isn't */
- /* possible with biIGE, so the IV is not updated. */
-
- RAND_pseudo_bytes(rkey2, sizeof rkey2);
-
- /* Straight encrypt/decrypt */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
- AES_ENCRYPT);
-
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
- AES_DECRYPT);
-
- if(memcmp(checktext, plaintext, TEST_SIZE))
- {
- printf("Encrypt+decrypt doesn't match\n");
- hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
- hexdump(stdout, "Checktext", checktext, TEST_SIZE);
- ++err;
- }
-
- /* make sure garble extends both ways */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
- AES_ENCRYPT);
-
- /* corrupt halfway through */
- ++ciphertext[sizeof ciphertext/2];
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
- AES_DECRYPT);
-
- matches=0;
- for(n=0 ; n < sizeof checktext ; ++n)
- if(checktext[n] == plaintext[n])
- ++matches;
-
- if(matches > sizeof checktext/100)
- {
- printf("More than 1%% matches after bidirectional garbling\n");
- ++err;
- }
-
- /* make sure garble extends both ways (2) */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
- AES_ENCRYPT);
-
- /* corrupt right at the end */
- ++ciphertext[sizeof ciphertext-1];
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
- AES_DECRYPT);
-
- matches=0;
- for(n=0 ; n < sizeof checktext ; ++n)
- if(checktext[n] == plaintext[n])
- ++matches;
-
- if(matches > sizeof checktext/100)
- {
- printf("More than 1%% matches after bidirectional garbling (2)\n");
- ++err;
- }
-
- /* make sure garble extends both ways (3) */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
- AES_ENCRYPT);
-
- /* corrupt right at the start */
- ++ciphertext[0];
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
- AES_DECRYPT);
-
- matches=0;
- for(n=0 ; n < sizeof checktext ; ++n)
- if(checktext[n] == plaintext[n])
- ++matches;
-
- if(matches > sizeof checktext/100)
- {
- printf("More than 1%% matches after bidirectional garbling (3)\n");
- ++err;
- }
-
- err += run_test_vectors();
-
- return err;
- }
Copied: vendor-crypto/openssl/0.9.8zf/test/igetest.c (from rev 6976, vendor-crypto/openssl/dist/test/igetest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/test/igetest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/test/igetest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,484 @@
+/* test/igetest.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core at openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/aes.h>
+#include <openssl/rand.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+#define TEST_SIZE 128
+#define BIG_TEST_SIZE 10240
+
+static void hexdump(FILE *f, const char *title, const unsigned char *s, int l)
+{
+ int n = 0;
+
+ fprintf(f, "%s", title);
+ for (; n < l; ++n) {
+ if ((n % 16) == 0)
+ fprintf(f, "\n%04x", n);
+ fprintf(f, " %02x", s[n]);
+ }
+ fprintf(f, "\n");
+}
+
+#define MAX_VECTOR_SIZE 64
+
+struct ige_test {
+ const unsigned char key[16];
+ const unsigned char iv[32];
+ const unsigned char in[MAX_VECTOR_SIZE];
+ const unsigned char out[MAX_VECTOR_SIZE];
+ const size_t length;
+ const int encrypt;
+};
+
+static struct ige_test const ige_test_vectors[] = {
+ {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key */
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* iv */
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
+ {0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
+ 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
+ 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
+ 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb}, /* out */
+ 32, AES_ENCRYPT}, /* test vector 0 */
+
+ {{0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
+ 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65}, /* key */
+ {0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
+ 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
+ 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
+ 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53}, /* iv */
+ {0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
+ 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
+ 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
+ 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a}, /* in */
+ {0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
+ 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
+ 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
+ 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b}, /* out */
+ 32, AES_DECRYPT}, /* test vector 1 */
+};
+
+struct bi_ige_test {
+ const unsigned char key1[32];
+ const unsigned char key2[32];
+ const unsigned char iv[64];
+ const unsigned char in[MAX_VECTOR_SIZE];
+ const unsigned char out[MAX_VECTOR_SIZE];
+ const size_t keysize;
+ const size_t length;
+ const int encrypt;
+};
+
+static struct bi_ige_test const bi_ige_test_vectors[] = {
+ {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, /* key1 */
+ {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, /* key2 */
+ {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f}, /* iv */
+ {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* in */
+ {0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
+ 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
+ 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
+ 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12}, /* out */
+ 16, 32, AES_ENCRYPT}, /* test vector 0 */
+ {{0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
+ 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
+ 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
+ 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37}, /* key1 */
+ {0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
+ 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
+ 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
+ 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4}, /* key2 */
+ {0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
+ 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
+ 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
+ 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
+ 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
+ 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
+ 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
+ 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3}, /* iv */
+ {0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
+ 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
+ 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
+ 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
+ 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
+ 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
+ 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
+ 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
+ {0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
+ 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
+ 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
+ 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
+ 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
+ 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
+ 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
+ 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
+ 32, 64, AES_ENCRYPT}, /* test vector 1 */
+
+};
+
+static int run_test_vectors(void)
+{
+ unsigned int n;
+ int errs = 0;
+
+ for (n = 0; n < sizeof(ige_test_vectors) / sizeof(ige_test_vectors[0]);
+ ++n) {
+ const struct ige_test *const v = &ige_test_vectors[n];
+ AES_KEY key;
+ unsigned char buf[MAX_VECTOR_SIZE];
+ unsigned char iv[AES_BLOCK_SIZE * 2];
+
+ assert(v->length <= MAX_VECTOR_SIZE);
+
+ if (v->encrypt == AES_ENCRYPT)
+ AES_set_encrypt_key(v->key, 8 * sizeof v->key, &key);
+ else
+ AES_set_decrypt_key(v->key, 8 * sizeof v->key, &key);
+ memcpy(iv, v->iv, sizeof iv);
+ AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
+
+ if (memcmp(v->out, buf, v->length)) {
+ printf("IGE test vector %d failed\n", n);
+ hexdump(stdout, "key", v->key, sizeof v->key);
+ hexdump(stdout, "iv", v->iv, sizeof v->iv);
+ hexdump(stdout, "in", v->in, v->length);
+ hexdump(stdout, "expected", v->out, v->length);
+ hexdump(stdout, "got", buf, v->length);
+
+ ++errs;
+ }
+
+ /* try with in == out */
+ memcpy(iv, v->iv, sizeof iv);
+ memcpy(buf, v->in, v->length);
+ AES_ige_encrypt(buf, buf, v->length, &key, iv, v->encrypt);
+
+ if (memcmp(v->out, buf, v->length)) {
+ printf("IGE test vector %d failed (with in == out)\n", n);
+ hexdump(stdout, "key", v->key, sizeof v->key);
+ hexdump(stdout, "iv", v->iv, sizeof v->iv);
+ hexdump(stdout, "in", v->in, v->length);
+ hexdump(stdout, "expected", v->out, v->length);
+ hexdump(stdout, "got", buf, v->length);
+
+ ++errs;
+ }
+ }
+
+ for (n = 0;
+ n < sizeof(bi_ige_test_vectors) / sizeof(bi_ige_test_vectors[0]);
+ ++n) {
+ const struct bi_ige_test *const v = &bi_ige_test_vectors[n];
+ AES_KEY key1;
+ AES_KEY key2;
+ unsigned char buf[MAX_VECTOR_SIZE];
+
+ assert(v->length <= MAX_VECTOR_SIZE);
+
+ if (v->encrypt == AES_ENCRYPT) {
+ AES_set_encrypt_key(v->key1, 8 * v->keysize, &key1);
+ AES_set_encrypt_key(v->key2, 8 * v->keysize, &key2);
+ } else {
+ AES_set_decrypt_key(v->key1, 8 * v->keysize, &key1);
+ AES_set_decrypt_key(v->key2, 8 * v->keysize, &key2);
+ }
+
+ AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
+ v->encrypt);
+
+ if (memcmp(v->out, buf, v->length)) {
+ printf("Bidirectional IGE test vector %d failed\n", n);
+ hexdump(stdout, "key 1", v->key1, sizeof v->key1);
+ hexdump(stdout, "key 2", v->key2, sizeof v->key2);
+ hexdump(stdout, "iv", v->iv, sizeof v->iv);
+ hexdump(stdout, "in", v->in, v->length);
+ hexdump(stdout, "expected", v->out, v->length);
+ hexdump(stdout, "got", buf, v->length);
+
+ ++errs;
+ }
+ }
+
+ return errs;
+}
+
+int main(int argc, char **argv)
+{
+ unsigned char rkey[16];
+ unsigned char rkey2[16];
+ AES_KEY key;
+ AES_KEY key2;
+ unsigned char plaintext[BIG_TEST_SIZE];
+ unsigned char ciphertext[BIG_TEST_SIZE];
+ unsigned char checktext[BIG_TEST_SIZE];
+ unsigned char iv[AES_BLOCK_SIZE * 4];
+ unsigned char saved_iv[AES_BLOCK_SIZE * 4];
+ int err = 0;
+ unsigned int n;
+ unsigned matches;
+
+ assert(BIG_TEST_SIZE >= TEST_SIZE);
+
+ RAND_pseudo_bytes(rkey, sizeof rkey);
+ RAND_pseudo_bytes(plaintext, sizeof plaintext);
+ RAND_pseudo_bytes(iv, sizeof iv);
+ memcpy(saved_iv, iv, sizeof saved_iv);
+
+ /* Forward IGE only... */
+
+ /* Straight encrypt/decrypt */
+ AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+ AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv, AES_ENCRYPT);
+
+ AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
+
+ if (memcmp(checktext, plaintext, TEST_SIZE)) {
+ printf("Encrypt+decrypt doesn't match\n");
+ hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+ hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+ ++err;
+ }
+
+ /* Now check encrypt chaining works */
+ AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
+ AES_ENCRYPT);
+ AES_ige_encrypt(plaintext + TEST_SIZE / 2,
+ ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
+ &key, iv, AES_ENCRYPT);
+
+ AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv, AES_DECRYPT);
+
+ if (memcmp(checktext, plaintext, TEST_SIZE)) {
+ printf("Chained encrypt+decrypt doesn't match\n");
+ hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+ hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+ ++err;
+ }
+
+ /* And check decrypt chaining */
+ AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE / 2, &key, iv,
+ AES_ENCRYPT);
+ AES_ige_encrypt(plaintext + TEST_SIZE / 2,
+ ciphertext + TEST_SIZE / 2, TEST_SIZE / 2,
+ &key, iv, AES_ENCRYPT);
+
+ AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(ciphertext, checktext, TEST_SIZE / 2, &key, iv,
+ AES_DECRYPT);
+ AES_ige_encrypt(ciphertext + TEST_SIZE / 2,
+ checktext + TEST_SIZE / 2, TEST_SIZE / 2, &key, iv,
+ AES_DECRYPT);
+
+ if (memcmp(checktext, plaintext, TEST_SIZE)) {
+ printf("Chained encrypt+chained decrypt doesn't match\n");
+ hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+ hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+ ++err;
+ }
+
+ /* make sure garble extends forwards only */
+ AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
+ AES_ENCRYPT);
+
+ /* corrupt halfway through */
+ ++ciphertext[sizeof ciphertext / 2];
+ AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+ memcpy(iv, saved_iv, sizeof iv);
+ AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
+ AES_DECRYPT);
+
+ matches = 0;
+ for (n = 0; n < sizeof checktext; ++n)
+ if (checktext[n] == plaintext[n])
+ ++matches;
+
+ if (matches > sizeof checktext / 2 + sizeof checktext / 100) {
+ printf("More than 51%% matches after garbling\n");
+ ++err;
+ }
+
+ if (matches < sizeof checktext / 2) {
+ printf("Garble extends backwards!\n");
+ ++err;
+ }
+
+ /* Bi-directional IGE */
+
+ /*
+ * Note that we don't have to recover the IV, because chaining isn't
+ */
+ /* possible with biIGE, so the IV is not updated. */
+
+ RAND_pseudo_bytes(rkey2, sizeof rkey2);
+
+ /* Straight encrypt/decrypt */
+ AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+ AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+ AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
+ AES_ENCRYPT);
+
+ AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+ AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+ AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
+ AES_DECRYPT);
+
+ if (memcmp(checktext, plaintext, TEST_SIZE)) {
+ printf("Encrypt+decrypt doesn't match\n");
+ hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
+ hexdump(stdout, "Checktext", checktext, TEST_SIZE);
+ ++err;
+ }
+
+ /* make sure garble extends both ways */
+ AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+ AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+ AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
+ AES_ENCRYPT);
+
+ /* corrupt halfway through */
+ ++ciphertext[sizeof ciphertext / 2];
+ AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+ AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+ AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
+ AES_DECRYPT);
+
+ matches = 0;
+ for (n = 0; n < sizeof checktext; ++n)
+ if (checktext[n] == plaintext[n])
+ ++matches;
+
+ if (matches > sizeof checktext / 100) {
+ printf("More than 1%% matches after bidirectional garbling\n");
+ ++err;
+ }
+
+ /* make sure garble extends both ways (2) */
+ AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+ AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+ AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
+ AES_ENCRYPT);
+
+ /* corrupt right at the end */
+ ++ciphertext[sizeof ciphertext - 1];
+ AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+ AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+ AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
+ AES_DECRYPT);
+
+ matches = 0;
+ for (n = 0; n < sizeof checktext; ++n)
+ if (checktext[n] == plaintext[n])
+ ++matches;
+
+ if (matches > sizeof checktext / 100) {
+ printf("More than 1%% matches after bidirectional garbling (2)\n");
+ ++err;
+ }
+
+ /* make sure garble extends both ways (3) */
+ AES_set_encrypt_key(rkey, 8 * sizeof rkey, &key);
+ AES_set_encrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+ AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
+ AES_ENCRYPT);
+
+ /* corrupt right at the start */
+ ++ciphertext[0];
+ AES_set_decrypt_key(rkey, 8 * sizeof rkey, &key);
+ AES_set_decrypt_key(rkey2, 8 * sizeof rkey2, &key2);
+ AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
+ AES_DECRYPT);
+
+ matches = 0;
+ for (n = 0; n < sizeof checktext; ++n)
+ if (checktext[n] == plaintext[n])
+ ++matches;
+
+ if (matches > sizeof checktext / 100) {
+ printf("More than 1%% matches after bidirectional garbling (3)\n");
+ ++err;
+ }
+
+ err += run_test_vectors();
+
+ return err;
+}
Deleted: vendor-crypto/openssl/0.9.8zf/test/methtest.c
===================================================================
--- vendor-crypto/openssl/dist/test/methtest.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/test/methtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,105 +0,0 @@
-/* test/methtest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-#include "meth.h"
-#include <openssl/err.h>
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- METHOD_CTX *top,*tmp1,*tmp2;
-
- top=METH_new(x509_lookup()); /* get a top level context */
- if (top == NULL) goto err;
-
- tmp1=METH_new(x509_by_file());
- if (top == NULL) goto err;
- METH_arg(tmp1,METH_TYPE_FILE,"cafile1");
- METH_arg(tmp1,METH_TYPE_FILE,"cafile2");
- METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
-
- tmp2=METH_new(x509_by_dir());
- METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");
- METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");
- METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
- METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
-
-/* tmp=METH_new(x509_by_issuer_dir);
- METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
- METH_push(top,METH_X509_BY_ISSUER,tmp);
-
- tmp=METH_new(x509_by_issuer_primary);
- METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
- METH_push(top,METH_X509_BY_ISSUER,tmp);
-*/
-
- METH_init(top);
- METH_control(tmp1,METH_CONTROL_DUMP,stdout);
- METH_control(tmp2,METH_CONTROL_DUMP,stdout);
- EXIT(0);
-err:
- ERR_load_crypto_strings();
- ERR_print_errors_fp(stderr);
- EXIT(1);
- return(0);
- }
Copied: vendor-crypto/openssl/0.9.8zf/test/methtest.c (from rev 6976, vendor-crypto/openssl/dist/test/methtest.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/test/methtest.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/test/methtest.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,107 @@
+/* test/methtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rsa.h>
+#include <openssl/x509.h>
+#include "meth.h"
+#include <openssl/err.h>
+
+int main(argc, argv)
+int argc;
+char *argv[];
+{
+ METHOD_CTX *top, *tmp1, *tmp2;
+
+ top = METH_new(x509_lookup()); /* get a top level context */
+ if (top == NULL)
+ goto err;
+
+ tmp1 = METH_new(x509_by_file());
+ if (top == NULL)
+ goto err;
+ METH_arg(tmp1, METH_TYPE_FILE, "cafile1");
+ METH_arg(tmp1, METH_TYPE_FILE, "cafile2");
+ METH_push(top, METH_X509_CA_BY_SUBJECT, tmp1);
+
+ tmp2 = METH_new(x509_by_dir());
+ METH_arg(tmp2, METH_TYPE_DIR, "/home/eay/.CAcerts");
+ METH_arg(tmp2, METH_TYPE_DIR, "/home/eay/SSLeay/certs");
+ METH_arg(tmp2, METH_TYPE_DIR, "/usr/local/ssl/certs");
+ METH_push(top, METH_X509_CA_BY_SUBJECT, tmp2);
+
+/*- tmp=METH_new(x509_by_issuer_dir);
+ METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
+ METH_push(top,METH_X509_BY_ISSUER,tmp);
+
+ tmp=METH_new(x509_by_issuer_primary);
+ METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
+ METH_push(top,METH_X509_BY_ISSUER,tmp);
+*/
+
+ METH_init(top);
+ METH_control(tmp1, METH_CONTROL_DUMP, stdout);
+ METH_control(tmp2, METH_CONTROL_DUMP, stdout);
+ EXIT(0);
+ err:
+ ERR_load_crypto_strings();
+ ERR_print_errors_fp(stderr);
+ EXIT(1);
+ return (0);
+}
Deleted: vendor-crypto/openssl/0.9.8zf/test/r160test.c
===================================================================
--- vendor-crypto/openssl/dist/test/r160test.c 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/test/r160test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,57 +0,0 @@
-/* test/r160test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay at cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh at cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay at cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
Copied: vendor-crypto/openssl/0.9.8zf/test/r160test.c (from rev 6976, vendor-crypto/openssl/dist/test/r160test.c)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/test/r160test.c (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/test/r160test.c 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,57 @@
+/* test/r160test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay at cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh at cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay at cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
Deleted: vendor-crypto/openssl/0.9.8zf/util/ck_errf.pl
===================================================================
--- vendor-crypto/openssl/dist/util/ck_errf.pl 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/util/ck_errf.pl 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,50 +0,0 @@
-#!/usr/local/bin/perl
-#
-# This is just a quick script to scan for cases where the 'error'
-# function name in a XXXerr() macro is wrong.
-#
-# Run in the top level by going
-# perl util/ck_errf.pl */*.c */*/*.c
-#
-
-foreach $file (@ARGV)
- {
- open(IN,"<$file") || die "unable to open $file\n";
- $func="";
- while (<IN>)
- {
- if (!/;$/ && /^([a-zA-Z].*[\s*])?([A-Za-z_0-9]+)\(.*[),]/)
- {
- /^([^()]*(\([^()]*\)[^()]*)*)\(/;
- $1 =~ /([A-Za-z_0-9]*)$/;
- $func = $1;
- $func =~ tr/A-Z/a-z/;
- }
- if (/([A-Z0-9]+)err\(([^,]+)/)
- {
- $errlib=$1;
- $n=$2;
-
- if ($func eq "")
- { print "$file:$.:???:$n\n"; next; }
-
- if ($n !~ /([^_]+)_F_(.+)$/)
- {
- # print "check -$file:$.:$func:$n\n";
- next;
- }
- $lib=$1;
- $n=$2;
-
- if ($lib ne $errlib)
- { print "$file:$.:$func:$n [${errlib}err]\n"; next; }
-
- $n =~ tr/A-Z/a-z/;
- if (($n ne $func) && ($errlib ne "SYS"))
- { print "$file:$.:$func:$n\n"; next; }
- # print "$func:$1\n";
- }
- }
- close(IN);
- }
-
Copied: vendor-crypto/openssl/0.9.8zf/util/ck_errf.pl (from rev 6976, vendor-crypto/openssl/dist/util/ck_errf.pl)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/util/ck_errf.pl (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/util/ck_errf.pl 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,50 @@
+#!/usr/local/bin/perl
+#
+# This is just a quick script to scan for cases where the 'error'
+# function name in a XXXerr() macro is wrong.
+#
+# Run in the top level by going
+# perl util/ck_errf.pl */*.c */*/*.c
+#
+
+foreach $file (@ARGV)
+ {
+ open(IN,"<$file") || die "unable to open $file\n";
+ $func="";
+ while (<IN>)
+ {
+ if (!/;$/ && /^\**([a-zA-Z].*[\s*])?([A-Za-z_0-9]+)\(.*([),]|$)/)
+ {
+ /^([^()]*(\([^()]*\)[^()]*)*)\(/;
+ $1 =~ /([A-Za-z_0-9]*)$/;
+ $func = $1;
+ $func =~ tr/A-Z/a-z/;
+ }
+ if (/([A-Z0-9]+)err\(([^,]+)/)
+ {
+ $errlib=$1;
+ $n=$2;
+
+ if ($func eq "")
+ { print "$file:$.:???:$n\n"; next; }
+
+ if ($n !~ /([^_]+)_F_(.+)$/)
+ {
+ # print "check -$file:$.:$func:$n\n";
+ next;
+ }
+ $lib=$1;
+ $n=$2;
+
+ if ($lib ne $errlib)
+ { print "$file:$.:$func:$n [${errlib}err]\n"; next; }
+
+ $n =~ tr/A-Z/a-z/;
+ if (($n ne $func) && ($errlib ne "SYS"))
+ { print "$file:$.:$func:$n\n"; next; }
+ # print "$func:$1\n";
+ }
+ }
+ close(IN);
+ }
+
Copied: vendor-crypto/openssl/0.9.8zf/util/indent.pro (from rev 6976, vendor-crypto/openssl/dist/util/indent.pro)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/util/indent.pro (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/util/indent.pro 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,751 @@
+-bap
+-bbo
+-br
+-brs
+-c33
+-cd33
+-ce
+-ci4
+-cli0
+-cp33
+-d0
+-di1
+-hnl
+-i4
+-il1
+-ip0
+-l78
+-lp
+-nbad
+-nbc
+-ncdb
+-ncs
+-nfc1
+-nfca
+-npcs
+-nprs
+-npsl
+-nsc
+-ppi1
+-saf
+-sai
+-saw
+-sob
+-ss
+-ts0
+-T ACCESS_DESCRIPTION
+-T ADDED_OBJ
+-T AEP_BBOOL
+-T AEP_CHAR
+-T AEP_CHAR_PTR
+-T AEP_CONNECTION_ENTRY
+-T AEP_CONNECTION_HNDL
+-T AEP_CONNECTION_HNDL_PTR
+-T AEP_FLAGS
+-T AEP_RV
+-T AEP_TRANSACTION_ID
+-T AEP_TRANSACTION_ID_PTR
+-T AEP_U16
+-T AEP_U32
+-T AEP_U32_PTR
+-T AEP_U64_PTR
+-T AEP_U8
+-T AEP_U8_PTR
+-T AEP_VOID_PTR
+-T AEP_VOID_PTR_PTR
+-T AES_KEY
+-T APP_INFO
+-T ARGS
+-T ASIdOrRange
+-T ASIdOrRanges
+-T ASIdentifierChoice
+-T ASIdentifiers
+-T ASN1_ADB
+-T ASN1_ADB_TABLE
+-T ASN1_AUX
+-T ASN1_BIT_STRING
+-T ASN1_BMPSTRING
+-T ASN1_BOOLEAN
+-T ASN1_COMPAT_FUNCS
+-T ASN1_CTX
+-T ASN1_ENCODING
+-T ASN1_ENUMERATED
+-T ASN1_EXTERN_FUNCS
+-T ASN1_GENERALIZEDTIME
+-T ASN1_GENERALSTRING
+-T ASN1_IA5STRING
+-T ASN1_INTEGER
+-T ASN1_ITEM
+-T ASN1_ITEM_EXP
+-T ASN1_NULL
+-T ASN1_OBJECT
+-T ASN1_OCTET_STRING
+-T ASN1_PCTX
+-T ASN1_PRIMITIVE_FUNCS
+-T ASN1_PRINTABLESTRING
+-T ASN1_PRINT_ARG
+-T ASN1_SCTX
+-T ASN1_STREAM_ARG
+-T ASN1_STRING
+-T ASN1_STRING_TABLE
+-T ASN1_T61STRING
+-T ASN1_TEMPLATE
+-T ASN1_TIME
+-T ASN1_TLC
+-T ASN1_TYPE
+-T ASN1_UNIVERSALSTRING
+-T ASN1_UTCTIME
+-T ASN1_UTF8STRING
+-T ASN1_VALUE
+-T ASN1_VISIBLESTRING
+-T ASN1_const_CTX
+-T AUTHORITY_INFO_ACCESS
+-T AUTHORITY_KEYID
+-T BASIC_CONSTRAINTS
+-T BF_KEY
+-T BF_LONG
+-T BIGNUM
+-T BIO
+-T BIO_ACCEPT
+-T BIO_ASN1_BUF_CTX
+-T BIO_ASN1_EX_FUNCS
+-T BIO_B64_CTX
+-T BIO_CONNECT
+-T BIO_ENC_CTX
+-T BIO_F_BUFFER_CTX
+-T BIO_LINEBUFFER_CTX
+-T BIO_METHOD
+-T BIO_OK_CTX
+-T BIO_SSL
+-T BIT_STRING_BITNAME
+-T BN_BLINDING
+-T BN_CTX
+-T BN_GENCB
+-T BN_MONT_CTX
+-T BN_POOL
+-T BN_POOL_ITEM
+-T BN_RECP_CTX
+-T BN_STACK
+-T BN_ULONG
+-T BUF_MEM
+-T BY_DIR
+-T BY_DIR_ENTRY
+-T BY_DIR_HASH
+-T Bytef
+-T CAMELLIA_KEY
+-T CAST_KEY
+-T CAST_LONG
+-T CA_DB
+-T CCM128_CONTEXT
+-T CERT
+-T CERTIFICATEPOLICIES
+-T CERT_PKEY
+-T CIPHER_ORDER
+-T CMAC_CTX
+-T CMS_AuthenticatedData
+-T CMS_CertificateChoices
+-T CMS_CompressedData
+-T CMS_ContentInfo
+-T CMS_DigestedData
+-T CMS_EncapsulatedContentInfo
+-T CMS_EncryptedContentInfo
+-T CMS_EncryptedData
+-T CMS_EnvelopedData
+-T CMS_IssuerAndSerialNumber
+-T CMS_KEKIdentifier
+-T CMS_KEKRecipientInfo
+-T CMS_KeyAgreeRecipientIdentifier
+-T CMS_KeyAgreeRecipientInfo
+-T CMS_KeyTransRecipientInfo
+-T CMS_OriginatorIdentifierOrKey
+-T CMS_OriginatorInfo
+-T CMS_OriginatorPublicKey
+-T CMS_OtherCertificateFormat
+-T CMS_OtherKeyAttribute
+-T CMS_OtherRecipientInfo
+-T CMS_OtherRevocationInfoFormat
+-T CMS_PasswordRecipientInfo
+-T CMS_Receipt
+-T CMS_ReceiptRequest
+-T CMS_ReceiptsFrom
+-T CMS_RecipientEncryptedKey
+-T CMS_RecipientIdentifier
+-T CMS_RecipientInfo
+-T CMS_RecipientKeyIdentifier
+-T CMS_RevocationInfoChoice
+-T CMS_SignedData
+-T CMS_SignerIdentifier
+-T CMS_SignerInfo
+-T COMP_CTX
+-T COMP_METHOD
+-T CONF
+-T CONF_IMODULE
+-T CONF_METHOD
+-T CONF_MODULE
+-T CONF_VALUE
+-T CRYPTO_EX_DATA
+-T CRYPTO_EX_DATA_FUNCS
+-T CRYPTO_EX_DATA_IMPL
+-T CRYPTO_EX_dup
+-T CRYPTO_EX_dup
+-T CRYPTO_EX_free
+-T CRYPTO_EX_free
+-T CRYPTO_EX_new
+-T CRYPTO_EX_new
+-T CRYPTO_MEM_LEAK_CB
+-T CRYPTO_THREADID
+-T CRYPTO_dynlock_value
+-T DB_ATTR
+-T DES_LONG
+-T DES_cblock
+-T DES_key_schedule
+-T DH
+-T DH_METHOD
+-T DH_PKEY_CTX
+-T DIST_POINT
+-T DIST_POINT_NAME
+-T DRBG_CTX
+-T DSA
+-T DSA_METHOD
+-T DSA_SIG
+-T DSO
+-T DSO_FUNC_TYPE
+-T DSO_MERGER_FUNC
+-T DSO_METHOD
+-T DSO_NAME_CONVERTER_FUNC
+-T DSO_VMS_INTERNAL
+-T DTLS1_BITMAP
+-T DTLS1_RECORD_DATA
+-T DTLS1_STATE
+-T Dl_info
+-T ECDH_DATA
+-T ECDH_METHOD
+-T ECDSA_DATA
+-T ECDSA_METHOD
+-T ECDSA_SIG
+-T ECPARAMETERS
+-T ECPKPARAMETERS
+-T EC_EXTRA_DATA
+-T EC_GROUP
+-T EC_KEY
+-T EC_METHOD
+-T EC_POINT
+-T EC_PRE_COMP
+-T EC_PRIVATEKEY
+-T EC_builtin_curve
+-T EDIPARTYNAME
+-T ENGINE
+-T ENGINE_CIPHERS_PTR
+-T ENGINE_CLEANUP_CB
+-T ENGINE_CLEANUP_ITEM
+-T ENGINE_CMD_DEFN
+-T ENGINE_CTRL_FUNC_PTR
+-T ENGINE_DIGESTS_PTR
+-T ENGINE_GEN_FUNC_PTR
+-T ENGINE_GEN_INT_FUNC_PTR
+-T ENGINE_LOAD_KEY_PTR
+-T ENGINE_PILE
+-T ENGINE_PILE_DOALL
+-T ENGINE_PKEY_ASN1_METHS_PTR
+-T ENGINE_PKEY_METHS_PTR
+-T ENGINE_SSL_CLIENT_CERT_PTR
+-T ENGINE_TABLE
+-T ENUMERATED_NAMES
+-T ERR_FNS
+-T ERR_STATE
+-T ERR_STRING_DATA
+-T ESS_CERT_ID
+-T ESS_ISSUER_SERIAL
+-T ESS_SIGNING_CERT
+-T EVP_AES_HMAC_SHA1
+-T EVP_AES_HMAC_SHA256
+-T EVP_CIPHER
+-T EVP_CIPHER_CTX
+-T EVP_CIPHER_INFO
+-T EVP_ENCODE_CTX
+-T EVP_MD
+-T EVP_MD_CTX
+-T EVP_PBE_CTL
+-T EVP_PBE_KEYGEN
+-T EVP_PKEY
+-T EVP_PKEY_ASN1_METHOD
+-T EVP_PKEY_CTX
+-T EVP_PKEY_METHOD
+-T EVP_PKEY_gen_cb
+-T EX_CLASS_ITEM
+-T E_GMP_RSA_CTX
+-T E_RSAX_MOD_CTX
+-T FILE
+-T F_DIGITALSIGNATUREVERIFY
+-T F_PUBLICKEYEXTRACT
+-T GCM128_CONTEXT
+-T GENERAL_NAME
+-T GENERAL_NAMES
+-T GENERAL_SUBTREE
+-T GEN_SESSION_CB
+-T HASH_CTX
+-T HEAPENTRY32
+-T HEAPLIST32
+-T HEARTBEAT_TEST_FIXTURE
+-T HMAC_CTX
+-T ICA_KEY_RSA_CRT
+-T ICA_KEY_RSA_CRT_REC
+-T ICA_KEY_RSA_MODEXPO
+-T ICA_KEY_RSA_MODEXPO_REC
+-T IDEA_KEY_SCHEDULE
+-T IPAddrBlocks
+-T IPAddressFamily
+-T IPAddressOrRange
+-T IPAddressOrRanges
+-T ISSUING_DIST_POINT
+-T JPAKE_CTX
+-T JPAKE_STEP1
+-T JPAKE_STEP2
+-T JPAKE_STEP3A
+-T JPAKE_STEP3B
+-T JPAKE_STEP_PART
+-T JPAKE_ZKP
+-T KEY_TABLE_TYPE
+-T KRB5_APREQBODY
+-T KRB5_AUTHDATA
+-T KRB5_AUTHENTBODY
+-T KRB5_CHECKSUM
+-T KRB5_ENCDATA
+-T KRB5_ENCKEY
+-T KRB5_PRINCNAME
+-T KRB5_TKTBODY
+-T KSSL_CTX
+-T KSSL_ERR
+-T LHASH
+-T LHASH_COMP_FN_TYPE
+-T LHASH_DOALL_ARG_FN_TYPE
+-T LHASH_DOALL_FN_TYPE
+-T LHASH_HASH_FN_TYPE
+-T LHASH_NODE
+-T LPDIR_CTX
+-T LPHEAPENTRY32
+-T LPHEAPLIST32
+-T LPMODULEENTRY32
+-T LPMODULEENTRY32W
+-T LPPROCESSENTRY32
+-T LPPROCESSENTRY32W
+-T LPTHREADENTRY32
+-T LP_DIR_CTX
+-T MD2_CTX
+-T MD4_CTX
+-T MD5_CTX
+-T MDC2_CTX
+-T MD_DATA
+-T MEM
+-T MEM_LEAK
+-T MEM_OBJECT_DATA
+-T MIME_HEADER
+-T MIME_PARAM
+-T MODULEENTRY32
+-T MODULEENTRY32W
+-T MS_FAR
+-T NAME_CONSTRAINTS
+-T NAME_FUNCS
+-T NBIO_TEST
+-T NDEF_SUPPORT
+-T NETSCAPE_CERT_SEQUENCE
+-T NETSCAPE_ENCRYPTED_PKEY
+-T NETSCAPE_PKEY
+-T NETSCAPE_SPKAC
+-T NETSCAPE_SPKI
+-T NETSCAPE_X509
+-T NET_API_FUNCTION
+-T NOTICEREF
+-T OBJ_NAME
+-T OCB128_CONTEXT
+-T OCB_BLOCK
+-T OCSP_BASICRESP
+-T OCSP_CERTID
+-T OCSP_CERTSTATUS
+-T OCSP_CRLID
+-T OCSP_ONEREQ
+-T OCSP_REQINFO
+-T OCSP_REQUEST
+-T OCSP_REQ_CTX
+-T OCSP_RESPBYTES
+-T OCSP_RESPDATA
+-T OCSP_RESPID
+-T OCSP_RESPONSE
+-T OCSP_REVOKEDINFO
+-T OCSP_SERVICELOC
+-T OCSP_SIGNATURE
+-T OCSP_SINGLERESP
+-T OCSP_TBLSTR
+-T OPENSSL_BLOCK
+-T OPENSSL_CSTRING
+-T OPENSSL_DIR_CTX
+-T OPENSSL_ITEM
+-T OPENSSL_PSTRING
+-T OPENSSL_STRING
+-T OPENSSL_STRING
+-T OTHERNAME
+-T P256_POINT
+-T P256_POINT_AFFINE
+-T PBE2PARAM
+-T PBEPARAM
+-T PBKDF2PARAM
+-T PCRYPTO_MEM_LEAK_CB
+-T PEM_CTX
+-T PEM_ENCODE_SEAL_CTX
+-T PEM_USER
+-T PHEAPENTRY32
+-T PHEAPLIST32
+-T PKCS12
+-T PKCS12_BAGS
+-T PKCS12_SAFEBAG
+-T PKCS7
+-T PKCS7_DIGEST
+-T PKCS7_ENCRYPT
+-T PKCS7_ENC_CONTENT
+-T PKCS7_ENVELOPE
+-T PKCS7_ISSUER_AND_SERIAL
+-T PKCS7_RECIP_INFO
+-T PKCS7_SIGNED
+-T PKCS7_SIGNER_INFO
+-T PKCS7_SIGN_ENVELOPE
+-T PKCS8_PRIV_KEY_INFO
+-T PKEY_USAGE_PERIOD
+-T PMODULEENTRY32
+-T PMODULEENTRY32W
+-T POLICYINFO
+-T POLICYQUALINFO
+-T POLICY_CONSTRAINTS
+-T POLICY_MAPPING
+-T POLICY_MAPPINGS
+-T PPROCESSENTRY32
+-T PPROCESSENTRY32W
+-T PRECOMP256_ROW
+-T PROCESSENTRY32
+-T PROCESSENTRY32W
+-T PROXY_CERT_INFO_EXTENSION
+-T PROXY_POLICY
+-T PTHREADENTRY32
+-T PW_CB_DATA
+-T RAND_METHOD
+-T RC2_KEY
+-T RC4_KEY
+-T RC5_32_KEY
+-T RIPEMD160_CTX
+-T RSA
+-T RSA_METHOD
+-T RSA_OAEP_PARAMS
+-T RSA_PKEY_CTX
+-T RSA_PSS_PARAMS
+-T SCT
+-T SEED_KEY_SCHEDULE
+-T SESS_CERT
+-T SHA256_CTX
+-T SHA512_CTX
+-T SHA_CTX
+-T SRP_ARG
+-T SRP_CLIENT_ARG
+-T SRP_CTX
+-T SRP_SERVER_ARG
+-T SRP_VBASE
+-T SRP_gN_cache
+-T SRP_user_pwd
+-T SRTP_PROTECTION_PROFILE
+-T SSL
+-T SSL2_STATE
+-T SSL3_BUFFER
+-T SSL3_BUF_FREELIST
+-T SSL3_BUF_FREELIST_ENTRY
+-T SSL3_COMP
+-T SSL3_ENC_METHOD
+-T SSL3_RECORD
+-T SSL3_STATE
+-T SSL_CIPHER
+-T SSL_COMP
+-T SSL_CONF_CTX
+-T SSL_CTX
+-T SSL_EXCERT
+-T SSL_METHOD
+-T SSL_SESSION
+-T SSL_SESSION_ASN1
+-T STACK_OF
+-T STORE
+-T STORE_ATTR_INFO
+-T STORE_ATTR_TYPES
+-T STORE_CERTIFICATE_STATUS
+-T STORE_CLEANUP_FUNC_PTR
+-T STORE_CTRL_FUNC_PTR
+-T STORE_END_OBJECT_FUNC_PTR
+-T STORE_GENERATE_OBJECT_FUNC_PTR
+-T STORE_GENERIC_FUNC_PTR
+-T STORE_GET_OBJECT_FUNC_PTR
+-T STORE_HANDLE_OBJECT_FUNC_PTR
+-T STORE_INITIALISE_FUNC_PTR
+-T STORE_METHOD
+-T STORE_MODIFY_OBJECT_FUNC_PTR
+-T STORE_NEXT_OBJECT_FUNC_PTR
+-T STORE_OBJECT
+-T STORE_OBJECT_TYPES
+-T STORE_PARAM_TYPES
+-T STORE_START_OBJECT_FUNC_PTR
+-T STORE_STORE_OBJECT_FUNC_PTR
+-T SW_ALGTYPE
+-T SW_BYTE
+-T SW_COMMAND_BITMAP
+-T SW_COMMAND_CODE
+-T SW_CONTEXT_HANDLE
+-T SW_CRT
+-T SW_DSA
+-T SW_EXP
+-T SW_LARGENUMBER
+-T SW_NVDATA
+-T SW_OSHANDLE
+-T SW_PARAM
+-T SW_STATE
+-T SW_STATUS
+-T SW_U16
+-T SW_U32
+-T SW_U64
+-T SXNET
+-T SXNETID
+-T TCHAR
+-T TEST_INFO
+-T THREADENTRY32
+-T TIMEOUT_PARAM
+-T TLS_SESSION_TICKET_EXT
+-T TLS_SIGALGS
+-T TS_ACCURACY
+-T TS_MSG_IMPRINT
+-T TS_REQ
+-T TS_RESP
+-T TS_RESP_CTX
+-T TS_STATUS_INFO
+-T TS_TST_INFO
+-T TS_VERIFY_CTX
+-T TXT_DB
+-T UI
+-T UINT64
+-T UI_METHOD
+-T UI_STRING
+-T USERNOTICE
+-T WCHAR
+-T WHIRLPOOL_CTX
+-T WINAPI
+-T WSAAPI
+-T X509
+-T X509V3_CONF_METHOD
+-T X509V3_CTX
+-T X509V3_EXT_D2I
+-T X509V3_EXT_FREE
+-T X509V3_EXT_I2D
+-T X509V3_EXT_I2R
+-T X509V3_EXT_I2S
+-T X509V3_EXT_METHOD
+-T X509V3_EXT_NEW
+-T X509V3_EXT_R2I
+-T X509V3_EXT_S2I
+-T X509V3_EXT_V2I
+-T X509_ALGOR
+-T X509_ATTRIBUTE
+-T X509_CERT_AUX
+-T X509_CERT_FILE_CTX
+-T X509_CERT_PAIR
+-T X509_CINF
+-T X509_CRL
+-T X509_CRL_INFO
+-T X509_CRL_METHOD
+-T X509_EXTENSION
+-T X509_INFO
+-T X509_LOOKUP
+-T X509_LOOKUP_METHOD
+-T X509_NAME
+-T X509_NAME_ENTRY
+-T X509_OBJECT
+-T X509_OBJECTS
+-T X509_PKEY
+-T X509_POLICY_CACHE
+-T X509_POLICY_DATA
+-T X509_POLICY_LEVEL
+-T X509_POLICY_NODE
+-T X509_POLICY_TREE
+-T X509_PUBKEY
+-T X509_PURPOSE
+-T X509_REQ
+-T X509_REQ_INFO
+-T X509_REVOKED
+-T X509_SIG
+-T X509_STORE
+-T X509_STORE_CTX
+-T X509_TRUST
+-T X509_VAL
+-T X509_VERIFY_PARAM
+-T X509_VERIFY_PARAM_ID
+-T X9_62_CHARACTERISTIC_TWO
+-T X9_62_CURVE
+-T X9_62_FIELDID
+-T X9_62_PENTANOMIAL
+-T XTS128_CONTEXT
+-T ZEN_MD_DATA
+-T _LHASH
+-T _STACK
+-T __int64
+-T _ossl_old_des_cblock
+-T asn1_ps_func
+-T bio_dgram_data
+-T bio_info_cb
+-T char_io
+-T conf_finish_func
+-T conf_init_func
+-T const_DES_cblock
+-T d2i_of_void
+-T des_cblock
+-T dynamic_data_ctx
+-T dynamic_fns
+-T engine_table_doall_cb
+-T i2d_of_void
+-T int_dhx942_dh
+-T nid_triple
+-T pem_password_cb
+-T pitem
+-T piterator
+-T pqueue_s
+-T session_op
+-T size_t
+-T tag_exp_arg
+-T testdata
+-T time_t
+-T time_t
+-T u32
+-T u64
+-T u8
+-T v3_ext_ctx
+-T v3_ext_method
+-T STACK_OF_ACCESS_DESCRIPTION_
+-T STACK_OF_ASIdOrRange_
+-T STACK_OF_ASN1_ADB_TABLE_
+-T STACK_OF_ASN1_INTEGER_
+-T STACK_OF_ASN1_OBJECT_
+-T STACK_OF_ASN1_STRING_TABLE_
+-T STACK_OF_ASN1_TYPE_
+-T STACK_OF_ASN1_UTF8STRING_
+-T STACK_OF_ASN1_VALUE_
+-T STACK_OF_BIO_
+-T STACK_OF_BY_DIR_ENTRY_
+-T STACK_OF_BY_DIR_HASH_
+-T STACK_OF_CMS_CertificateChoices_
+-T STACK_OF_CMS_RecipientEncryptedKey_
+-T STACK_OF_CMS_RecipientInfo_
+-T STACK_OF_CMS_RevocationInfoChoice_
+-T STACK_OF_CMS_SignerInfo_
+-T STACK_OF_CONF_IMODULE_
+-T STACK_OF_CONF_MODULE_
+-T STACK_OF_CONF_VALUE_
+-T STACK_OF_CRYPTO_EX_DATA_FUNCS_
+-T STACK_OF_CRYPTO_dynlock_
+-T STACK_OF_DIST_POINT_
+-T STACK_OF_ENGINE_
+-T STACK_OF_ENGINE_CLEANUP_ITEM_
+-T STACK_OF_ESS_CERT_ID_
+-T STACK_OF_EVP_PBE_CTL_
+-T STACK_OF_EVP_PKEY_ASN1_METHOD_
+-T STACK_OF_EVP_PKEY_METHOD_
+-T STACK_OF_GENERAL_NAMES_
+-T STACK_OF_GENERAL_NAME_
+-T STACK_OF_GENERAL_SUBTREE_
+-T STACK_OF_IPAddressFamily_
+-T STACK_OF_IPAddressOrRange_
+-T STACK_OF_KRB5_APREQBODY_
+-T STACK_OF_KRB5_AUTHENTBODY_
+-T STACK_OF_KRB5_TKTBODY_
+-T STACK_OF_MEM_OBJECT_DATA_
+-T STACK_OF_MIME_HEADER_
+-T STACK_OF_MIME_PARAM_
+-T STACK_OF_NAME_FUNCS_
+-T STACK_OF_OCSP_CERTID_
+-T STACK_OF_OCSP_ONEREQ_
+-T STACK_OF_OCSP_RESPID_
+-T STACK_OF_OCSP_SINGLERESP_
+-T STACK_OF_OPENSSL_BLOCK_
+-T STACK_OF_OPENSSL_PSTRING_
+-T STACK_OF_OPENSSL_STRING_
+-T STACK_OF_PKCS12_SAFEBAG_
+-T STACK_OF_PKCS7_
+-T STACK_OF_PKCS7_RECIP_INFO_
+-T STACK_OF_PKCS7_SIGNER_INFO_
+-T STACK_OF_POLICYINFO_
+-T STACK_OF_POLICYQUALINFO_
+-T STACK_OF_POLICY_MAPPING_
+-T STACK_OF_Request_
+-T STACK_OF_SCT_
+-T STACK_OF_SRP_gN_
+-T STACK_OF_SRP_gN_cache_
+-T STACK_OF_SRP_user_pwd_
+-T STACK_OF_SRTP_PROTECTION_PROFILE_
+-T STACK_OF_SSL_CIPHER_
+-T STACK_OF_SSL_COMP_
+-T STACK_OF_STORE_ATTR_INFO_
+-T STACK_OF_STRING_
+-T STACK_OF_SXNETID_
+-T STACK_OF_SingleResponse_
+-T STACK_OF_UI_STRING_
+-T STACK_OF_X509V3_EXT_METHOD_
+-T STACK_OF_X509_
+-T STACK_OF_X509_ALGOR_
+-T STACK_OF_X509_ATTRIBUTE_
+-T STACK_OF_X509_CRL_
+-T STACK_OF_X509_EXTENSION_
+-T STACK_OF_X509_INFO_
+-T STACK_OF_X509_LOOKUP_
+-T STACK_OF_X509_NAME_
+-T STACK_OF_X509_NAME_ENTRY_
+-T STACK_OF_X509_OBJECT_
+-T STACK_OF_X509_POLICY_DATA_
+-T STACK_OF_X509_POLICY_NODE_
+-T STACK_OF_X509_PURPOSE_
+-T STACK_OF_X509_REVOKED_
+-T STACK_OF_X509_TRUST_
+-T STACK_OF_X509_VERIFY_PARAM_
+-T STACK_OF_nid_triple_
+-T STACK_OF_void_
+-T LHASH_OF_ADDED_OBJ_
+-T LHASH_OF_APP_INFO_
+-T LHASH_OF_CONF_VALUE_
+-T LHASH_OF_ENGINE_PILE_
+-T LHASH_OF_ERR_STATE_
+-T LHASH_OF_ERR_STRING_DATA_
+-T LHASH_OF_EX_CLASS_ITEM_
+-T LHASH_OF_FUNCTION_
+-T LHASH_OF_MEM_
+-T LHASH_OF_OBJ_NAME_
+-T LHASH_OF_OPENSSL_STRING_
+-T LHASH_OF_SSL_SESSION_
+-T LHASH_OF_STRING_
+-T clock_t
+-T custom_ext_methods
+-T hm_fragment
+-T krb5_auth_context
+-T krb5_authdata
+-T KRB5_CALLCONV
+-T krb5_ccache
+-T krb5_context
+-T krb5_creds
+-T krb5_data
+-T krb5_deltat
+-T krb5_flags
+-T krb5_int32
+-T krb5_keyblock
+-T krb5_keytab
+-T krb5_keytab_entry
+-T krb5_octet
+-T krb5_principal
+-T krb5_principal_data
+-T krb5_rcache
+-T krb5_ticket
+-T krb5_ticket_times
+-T krb5_timestamp
+-T record_pqueue
+-T ssl_ctx_st
+-T ssl_flag_tbl
+-T ssl_st
+-T ssl_trace_tbl
+-T _stdcall
+-T tls12_lookup
Deleted: vendor-crypto/openssl/0.9.8zf/util/libeay.num
===================================================================
--- vendor-crypto/openssl/dist/util/libeay.num 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/util/libeay.num 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,3732 +0,0 @@
-SSLeay 1 EXIST::FUNCTION:
-SSLeay_version 2 EXIST::FUNCTION:
-ASN1_BIT_STRING_asn1_meth 3 EXIST::FUNCTION:
-ASN1_HEADER_free 4 EXIST::FUNCTION:
-ASN1_HEADER_new 5 EXIST::FUNCTION:
-ASN1_IA5STRING_asn1_meth 6 EXIST::FUNCTION:
-ASN1_INTEGER_get 7 EXIST::FUNCTION:
-ASN1_INTEGER_set 8 EXIST::FUNCTION:
-ASN1_INTEGER_to_BN 9 EXIST::FUNCTION:
-ASN1_OBJECT_create 10 EXIST::FUNCTION:
-ASN1_OBJECT_free 11 EXIST::FUNCTION:
-ASN1_OBJECT_new 12 EXIST::FUNCTION:
-ASN1_PRINTABLE_type 13 EXIST::FUNCTION:
-ASN1_STRING_cmp 14 EXIST::FUNCTION:
-ASN1_STRING_dup 15 EXIST::FUNCTION:
-ASN1_STRING_free 16 EXIST::FUNCTION:
-ASN1_STRING_new 17 EXIST::FUNCTION:
-ASN1_STRING_print 18 EXIST::FUNCTION:BIO
-ASN1_STRING_set 19 EXIST::FUNCTION:
-ASN1_STRING_type_new 20 EXIST::FUNCTION:
-ASN1_TYPE_free 21 EXIST::FUNCTION:
-ASN1_TYPE_new 22 EXIST::FUNCTION:
-ASN1_UNIVERSALSTRING_to_string 23 EXIST::FUNCTION:
-ASN1_UTCTIME_check 24 EXIST::FUNCTION:
-ASN1_UTCTIME_print 25 EXIST::FUNCTION:BIO
-ASN1_UTCTIME_set 26 EXIST::FUNCTION:
-ASN1_check_infinite_end 27 EXIST::FUNCTION:
-ASN1_d2i_bio 28 EXIST::FUNCTION:BIO
-ASN1_d2i_fp 29 EXIST::FUNCTION:FP_API
-ASN1_digest 30 EXIST::FUNCTION:EVP
-ASN1_dup 31 EXIST::FUNCTION:
-ASN1_get_object 32 EXIST::FUNCTION:
-ASN1_i2d_bio 33 EXIST::FUNCTION:BIO
-ASN1_i2d_fp 34 EXIST::FUNCTION:FP_API
-ASN1_object_size 35 EXIST::FUNCTION:
-ASN1_parse 36 EXIST::FUNCTION:BIO
-ASN1_put_object 37 EXIST::FUNCTION:
-ASN1_sign 38 EXIST::FUNCTION:EVP
-ASN1_verify 39 EXIST::FUNCTION:EVP
-BF_cbc_encrypt 40 EXIST::FUNCTION:BF
-BF_cfb64_encrypt 41 EXIST::FUNCTION:BF
-BF_ecb_encrypt 42 EXIST::FUNCTION:BF
-BF_encrypt 43 EXIST::FUNCTION:BF
-BF_ofb64_encrypt 44 EXIST::FUNCTION:BF
-BF_options 45 EXIST::FUNCTION:BF
-BF_set_key 46 EXIST::FUNCTION:BF
-BIO_CONNECT_free 47 NOEXIST::FUNCTION:
-BIO_CONNECT_new 48 NOEXIST::FUNCTION:
-BIO_accept 51 EXIST::FUNCTION:
-BIO_ctrl 52 EXIST::FUNCTION:
-BIO_int_ctrl 53 EXIST::FUNCTION:
-BIO_debug_callback 54 EXIST::FUNCTION:
-BIO_dump 55 EXIST::FUNCTION:
-BIO_dup_chain 56 EXIST::FUNCTION:
-BIO_f_base64 57 EXIST::FUNCTION:BIO
-BIO_f_buffer 58 EXIST::FUNCTION:
-BIO_f_cipher 59 EXIST::FUNCTION:BIO
-BIO_f_md 60 EXIST::FUNCTION:BIO
-BIO_f_null 61 EXIST::FUNCTION:
-BIO_f_proxy_server 62 NOEXIST::FUNCTION:
-BIO_fd_non_fatal_error 63 EXIST::FUNCTION:
-BIO_fd_should_retry 64 EXIST::FUNCTION:
-BIO_find_type 65 EXIST::FUNCTION:
-BIO_free 66 EXIST::FUNCTION:
-BIO_free_all 67 EXIST::FUNCTION:
-BIO_get_accept_socket 69 EXIST::FUNCTION:
-BIO_get_filter_bio 70 NOEXIST::FUNCTION:
-BIO_get_host_ip 71 EXIST::FUNCTION:
-BIO_get_port 72 EXIST::FUNCTION:
-BIO_get_retry_BIO 73 EXIST::FUNCTION:
-BIO_get_retry_reason 74 EXIST::FUNCTION:
-BIO_gethostbyname 75 EXIST::FUNCTION:
-BIO_gets 76 EXIST::FUNCTION:
-BIO_new 78 EXIST::FUNCTION:
-BIO_new_accept 79 EXIST::FUNCTION:
-BIO_new_connect 80 EXIST::FUNCTION:
-BIO_new_fd 81 EXIST::FUNCTION:
-BIO_new_file 82 EXIST:!WIN16:FUNCTION:FP_API
-BIO_new_fp 83 EXIST:!WIN16:FUNCTION:FP_API
-BIO_new_socket 84 EXIST::FUNCTION:
-BIO_pop 85 EXIST::FUNCTION:
-BIO_printf 86 EXIST::FUNCTION:
-BIO_push 87 EXIST::FUNCTION:
-BIO_puts 88 EXIST::FUNCTION:
-BIO_read 89 EXIST::FUNCTION:
-BIO_s_accept 90 EXIST::FUNCTION:
-BIO_s_connect 91 EXIST::FUNCTION:
-BIO_s_fd 92 EXIST::FUNCTION:
-BIO_s_file 93 EXIST:!WIN16:FUNCTION:FP_API
-BIO_s_mem 95 EXIST::FUNCTION:
-BIO_s_null 96 EXIST::FUNCTION:
-BIO_s_proxy_client 97 NOEXIST::FUNCTION:
-BIO_s_socket 98 EXIST::FUNCTION:
-BIO_set 100 EXIST::FUNCTION:
-BIO_set_cipher 101 EXIST::FUNCTION:BIO
-BIO_set_tcp_ndelay 102 EXIST::FUNCTION:
-BIO_sock_cleanup 103 EXIST::FUNCTION:
-BIO_sock_error 104 EXIST::FUNCTION:
-BIO_sock_init 105 EXIST::FUNCTION:
-BIO_sock_non_fatal_error 106 EXIST::FUNCTION:
-BIO_sock_should_retry 107 EXIST::FUNCTION:
-BIO_socket_ioctl 108 EXIST::FUNCTION:
-BIO_write 109 EXIST::FUNCTION:
-BN_CTX_free 110 EXIST::FUNCTION:
-BN_CTX_new 111 EXIST::FUNCTION:
-BN_MONT_CTX_free 112 EXIST::FUNCTION:
-BN_MONT_CTX_new 113 EXIST::FUNCTION:
-BN_MONT_CTX_set 114 EXIST::FUNCTION:
-BN_add 115 EXIST::FUNCTION:
-BN_add_word 116 EXIST::FUNCTION:
-BN_hex2bn 117 EXIST::FUNCTION:
-BN_bin2bn 118 EXIST::FUNCTION:
-BN_bn2hex 119 EXIST::FUNCTION:
-BN_bn2bin 120 EXIST::FUNCTION:
-BN_clear 121 EXIST::FUNCTION:
-BN_clear_bit 122 EXIST::FUNCTION:
-BN_clear_free 123 EXIST::FUNCTION:
-BN_cmp 124 EXIST::FUNCTION:
-BN_copy 125 EXIST::FUNCTION:
-BN_div 126 EXIST::FUNCTION:
-BN_div_word 127 EXIST::FUNCTION:
-BN_dup 128 EXIST::FUNCTION:
-BN_free 129 EXIST::FUNCTION:
-BN_from_montgomery 130 EXIST::FUNCTION:
-BN_gcd 131 EXIST::FUNCTION:
-BN_generate_prime 132 EXIST::FUNCTION:DEPRECATED
-BN_get_word 133 EXIST::FUNCTION:
-BN_is_bit_set 134 EXIST::FUNCTION:
-BN_is_prime 135 EXIST::FUNCTION:DEPRECATED
-BN_lshift 136 EXIST::FUNCTION:
-BN_lshift1 137 EXIST::FUNCTION:
-BN_mask_bits 138 EXIST::FUNCTION:
-BN_mod 139 NOEXIST::FUNCTION:
-BN_mod_exp 140 EXIST::FUNCTION:
-BN_mod_exp_mont 141 EXIST::FUNCTION:
-BN_mod_exp_simple 143 EXIST::FUNCTION:
-BN_mod_inverse 144 EXIST::FUNCTION:
-BN_mod_mul 145 EXIST::FUNCTION:
-BN_mod_mul_montgomery 146 EXIST::FUNCTION:
-BN_mod_word 148 EXIST::FUNCTION:
-BN_mul 149 EXIST::FUNCTION:
-BN_new 150 EXIST::FUNCTION:
-BN_num_bits 151 EXIST::FUNCTION:
-BN_num_bits_word 152 EXIST::FUNCTION:
-BN_options 153 EXIST::FUNCTION:
-BN_print 154 EXIST::FUNCTION:
-BN_print_fp 155 EXIST::FUNCTION:FP_API
-BN_rand 156 EXIST::FUNCTION:
-BN_reciprocal 157 EXIST::FUNCTION:
-BN_rshift 158 EXIST::FUNCTION:
-BN_rshift1 159 EXIST::FUNCTION:
-BN_set_bit 160 EXIST::FUNCTION:
-BN_set_word 161 EXIST::FUNCTION:
-BN_sqr 162 EXIST::FUNCTION:
-BN_sub 163 EXIST::FUNCTION:
-BN_to_ASN1_INTEGER 164 EXIST::FUNCTION:
-BN_ucmp 165 EXIST::FUNCTION:
-BN_value_one 166 EXIST::FUNCTION:
-BUF_MEM_free 167 EXIST::FUNCTION:
-BUF_MEM_grow 168 EXIST::FUNCTION:
-BUF_MEM_new 169 EXIST::FUNCTION:
-BUF_strdup 170 EXIST::FUNCTION:
-CONF_free 171 EXIST::FUNCTION:
-CONF_get_number 172 EXIST::FUNCTION:
-CONF_get_section 173 EXIST::FUNCTION:
-CONF_get_string 174 EXIST::FUNCTION:
-CONF_load 175 EXIST::FUNCTION:
-CRYPTO_add_lock 176 EXIST::FUNCTION:
-CRYPTO_dbg_free 177 EXIST::FUNCTION:
-CRYPTO_dbg_malloc 178 EXIST::FUNCTION:
-CRYPTO_dbg_realloc 179 EXIST::FUNCTION:
-CRYPTO_dbg_remalloc 180 NOEXIST::FUNCTION:
-CRYPTO_free 181 EXIST::FUNCTION:
-CRYPTO_get_add_lock_callback 182 EXIST::FUNCTION:
-CRYPTO_get_id_callback 183 EXIST::FUNCTION:
-CRYPTO_get_lock_name 184 EXIST::FUNCTION:
-CRYPTO_get_locking_callback 185 EXIST::FUNCTION:
-CRYPTO_get_mem_functions 186 EXIST::FUNCTION:
-CRYPTO_lock 187 EXIST::FUNCTION:
-CRYPTO_malloc 188 EXIST::FUNCTION:
-CRYPTO_mem_ctrl 189 EXIST::FUNCTION:
-CRYPTO_mem_leaks 190 EXIST::FUNCTION:
-CRYPTO_mem_leaks_cb 191 EXIST::FUNCTION:
-CRYPTO_mem_leaks_fp 192 EXIST::FUNCTION:FP_API
-CRYPTO_realloc 193 EXIST::FUNCTION:
-CRYPTO_remalloc 194 EXIST::FUNCTION:
-CRYPTO_set_add_lock_callback 195 EXIST::FUNCTION:
-CRYPTO_set_id_callback 196 EXIST::FUNCTION:
-CRYPTO_set_locking_callback 197 EXIST::FUNCTION:
-CRYPTO_set_mem_functions 198 EXIST::FUNCTION:
-CRYPTO_thread_id 199 EXIST::FUNCTION:
-DH_check 200 EXIST::FUNCTION:DH
-DH_compute_key 201 EXIST::FUNCTION:DH
-DH_free 202 EXIST::FUNCTION:DH
-DH_generate_key 203 EXIST::FUNCTION:DH
-DH_generate_parameters 204 EXIST::FUNCTION:DEPRECATED,DH
-DH_new 205 EXIST::FUNCTION:DH
-DH_size 206 EXIST::FUNCTION:DH
-DHparams_print 207 EXIST::FUNCTION:BIO,DH
-DHparams_print_fp 208 EXIST::FUNCTION:DH,FP_API
-DSA_free 209 EXIST::FUNCTION:DSA
-DSA_generate_key 210 EXIST::FUNCTION:DSA
-DSA_generate_parameters 211 EXIST::FUNCTION:DEPRECATED,DSA
-DSA_is_prime 212 NOEXIST::FUNCTION:
-DSA_new 213 EXIST::FUNCTION:DSA
-DSA_print 214 EXIST::FUNCTION:BIO,DSA
-DSA_print_fp 215 EXIST::FUNCTION:DSA,FP_API
-DSA_sign 216 EXIST::FUNCTION:DSA
-DSA_sign_setup 217 EXIST::FUNCTION:DSA
-DSA_size 218 EXIST::FUNCTION:DSA
-DSA_verify 219 EXIST::FUNCTION:DSA
-DSAparams_print 220 EXIST::FUNCTION:BIO,DSA
-DSAparams_print_fp 221 EXIST::FUNCTION:DSA,FP_API
-ERR_clear_error 222 EXIST::FUNCTION:
-ERR_error_string 223 EXIST::FUNCTION:
-ERR_free_strings 224 EXIST::FUNCTION:
-ERR_func_error_string 225 EXIST::FUNCTION:
-ERR_get_err_state_table 226 EXIST::FUNCTION:LHASH
-ERR_get_error 227 EXIST::FUNCTION:
-ERR_get_error_line 228 EXIST::FUNCTION:
-ERR_get_state 229 EXIST::FUNCTION:
-ERR_get_string_table 230 EXIST::FUNCTION:LHASH
-ERR_lib_error_string 231 EXIST::FUNCTION:
-ERR_load_ASN1_strings 232 EXIST::FUNCTION:
-ERR_load_BIO_strings 233 EXIST::FUNCTION:
-ERR_load_BN_strings 234 EXIST::FUNCTION:
-ERR_load_BUF_strings 235 EXIST::FUNCTION:
-ERR_load_CONF_strings 236 EXIST::FUNCTION:
-ERR_load_DH_strings 237 EXIST::FUNCTION:DH
-ERR_load_DSA_strings 238 EXIST::FUNCTION:DSA
-ERR_load_ERR_strings 239 EXIST::FUNCTION:
-ERR_load_EVP_strings 240 EXIST::FUNCTION:
-ERR_load_OBJ_strings 241 EXIST::FUNCTION:
-ERR_load_PEM_strings 242 EXIST::FUNCTION:
-ERR_load_PROXY_strings 243 NOEXIST::FUNCTION:
-ERR_load_RSA_strings 244 EXIST::FUNCTION:RSA
-ERR_load_X509_strings 245 EXIST::FUNCTION:
-ERR_load_crypto_strings 246 EXIST::FUNCTION:
-ERR_load_strings 247 EXIST::FUNCTION:
-ERR_peek_error 248 EXIST::FUNCTION:
-ERR_peek_error_line 249 EXIST::FUNCTION:
-ERR_print_errors 250 EXIST::FUNCTION:BIO
-ERR_print_errors_fp 251 EXIST::FUNCTION:FP_API
-ERR_put_error 252 EXIST::FUNCTION:
-ERR_reason_error_string 253 EXIST::FUNCTION:
-ERR_remove_state 254 EXIST::FUNCTION:
-EVP_BytesToKey 255 EXIST::FUNCTION:
-EVP_CIPHER_CTX_cleanup 256 EXIST::FUNCTION:
-EVP_CipherFinal 257 EXIST::FUNCTION:
-EVP_CipherInit 258 EXIST::FUNCTION:
-EVP_CipherUpdate 259 EXIST::FUNCTION:
-EVP_DecodeBlock 260 EXIST::FUNCTION:
-EVP_DecodeFinal 261 EXIST::FUNCTION:
-EVP_DecodeInit 262 EXIST::FUNCTION:
-EVP_DecodeUpdate 263 EXIST::FUNCTION:
-EVP_DecryptFinal 264 EXIST::FUNCTION:
-EVP_DecryptInit 265 EXIST::FUNCTION:
-EVP_DecryptUpdate 266 EXIST::FUNCTION:
-EVP_DigestFinal 267 EXIST::FUNCTION:
-EVP_DigestInit 268 EXIST::FUNCTION:
-EVP_DigestUpdate 269 EXIST::FUNCTION:
-EVP_EncodeBlock 270 EXIST::FUNCTION:
-EVP_EncodeFinal 271 EXIST::FUNCTION:
-EVP_EncodeInit 272 EXIST::FUNCTION:
-EVP_EncodeUpdate 273 EXIST::FUNCTION:
-EVP_EncryptFinal 274 EXIST::FUNCTION:
-EVP_EncryptInit 275 EXIST::FUNCTION:
-EVP_EncryptUpdate 276 EXIST::FUNCTION:
-EVP_OpenFinal 277 EXIST::FUNCTION:RSA
-EVP_OpenInit 278 EXIST::FUNCTION:RSA
-EVP_PKEY_assign 279 EXIST::FUNCTION:
-EVP_PKEY_copy_parameters 280 EXIST::FUNCTION:
-EVP_PKEY_free 281 EXIST::FUNCTION:
-EVP_PKEY_missing_parameters 282 EXIST::FUNCTION:
-EVP_PKEY_new 283 EXIST::FUNCTION:
-EVP_PKEY_save_parameters 284 EXIST::FUNCTION:
-EVP_PKEY_size 285 EXIST::FUNCTION:
-EVP_PKEY_type 286 EXIST::FUNCTION:
-EVP_SealFinal 287 EXIST::FUNCTION:RSA
-EVP_SealInit 288 EXIST::FUNCTION:RSA
-EVP_SignFinal 289 EXIST::FUNCTION:
-EVP_VerifyFinal 290 EXIST::FUNCTION:
-EVP_add_alias 291 NOEXIST::FUNCTION:
-EVP_add_cipher 292 EXIST::FUNCTION:
-EVP_add_digest 293 EXIST::FUNCTION:
-EVP_bf_cbc 294 EXIST::FUNCTION:BF
-EVP_bf_cfb64 295 EXIST::FUNCTION:BF
-EVP_bf_ecb 296 EXIST::FUNCTION:BF
-EVP_bf_ofb 297 EXIST::FUNCTION:BF
-EVP_cleanup 298 EXIST::FUNCTION:
-EVP_des_cbc 299 EXIST::FUNCTION:DES
-EVP_des_cfb64 300 EXIST::FUNCTION:DES
-EVP_des_ecb 301 EXIST::FUNCTION:DES
-EVP_des_ede 302 EXIST::FUNCTION:DES
-EVP_des_ede3 303 EXIST::FUNCTION:DES
-EVP_des_ede3_cbc 304 EXIST::FUNCTION:DES
-EVP_des_ede3_cfb64 305 EXIST::FUNCTION:DES
-EVP_des_ede3_ofb 306 EXIST::FUNCTION:DES
-EVP_des_ede_cbc 307 EXIST::FUNCTION:DES
-EVP_des_ede_cfb64 308 EXIST::FUNCTION:DES
-EVP_des_ede_ofb 309 EXIST::FUNCTION:DES
-EVP_des_ofb 310 EXIST::FUNCTION:DES
-EVP_desx_cbc 311 EXIST::FUNCTION:DES
-EVP_dss 312 EXIST::FUNCTION:DSA,SHA
-EVP_dss1 313 EXIST::FUNCTION:DSA,SHA
-EVP_enc_null 314 EXIST::FUNCTION:
-EVP_get_cipherbyname 315 EXIST::FUNCTION:
-EVP_get_digestbyname 316 EXIST::FUNCTION:
-EVP_get_pw_prompt 317 EXIST::FUNCTION:
-EVP_idea_cbc 318 EXIST::FUNCTION:IDEA
-EVP_idea_cfb64 319 EXIST::FUNCTION:IDEA
-EVP_idea_ecb 320 EXIST::FUNCTION:IDEA
-EVP_idea_ofb 321 EXIST::FUNCTION:IDEA
-EVP_md2 322 EXIST::FUNCTION:MD2
-EVP_md5 323 EXIST::FUNCTION:MD5
-EVP_md_null 324 EXIST::FUNCTION:
-EVP_rc2_cbc 325 EXIST::FUNCTION:RC2
-EVP_rc2_cfb64 326 EXIST::FUNCTION:RC2
-EVP_rc2_ecb 327 EXIST::FUNCTION:RC2
-EVP_rc2_ofb 328 EXIST::FUNCTION:RC2
-EVP_rc4 329 EXIST::FUNCTION:RC4
-EVP_read_pw_string 330 EXIST::FUNCTION:
-EVP_set_pw_prompt 331 EXIST::FUNCTION:
-EVP_sha 332 EXIST::FUNCTION:SHA
-EVP_sha1 333 EXIST::FUNCTION:SHA
-MD2 334 EXIST::FUNCTION:MD2
-MD2_Final 335 EXIST::FUNCTION:MD2
-MD2_Init 336 EXIST::FUNCTION:MD2
-MD2_Update 337 EXIST::FUNCTION:MD2
-MD2_options 338 EXIST::FUNCTION:MD2
-MD5 339 EXIST::FUNCTION:MD5
-MD5_Final 340 EXIST::FUNCTION:MD5
-MD5_Init 341 EXIST::FUNCTION:MD5
-MD5_Update 342 EXIST::FUNCTION:MD5
-MDC2 343 EXIST::FUNCTION:MDC2
-MDC2_Final 344 EXIST::FUNCTION:MDC2
-MDC2_Init 345 EXIST::FUNCTION:MDC2
-MDC2_Update 346 EXIST::FUNCTION:MDC2
-NETSCAPE_SPKAC_free 347 EXIST::FUNCTION:
-NETSCAPE_SPKAC_new 348 EXIST::FUNCTION:
-NETSCAPE_SPKI_free 349 EXIST::FUNCTION:
-NETSCAPE_SPKI_new 350 EXIST::FUNCTION:
-NETSCAPE_SPKI_sign 351 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_verify 352 EXIST::FUNCTION:EVP
-OBJ_add_object 353 EXIST::FUNCTION:
-OBJ_bsearch 354 EXIST::FUNCTION:
-OBJ_cleanup 355 EXIST::FUNCTION:
-OBJ_cmp 356 EXIST::FUNCTION:
-OBJ_create 357 EXIST::FUNCTION:
-OBJ_dup 358 EXIST::FUNCTION:
-OBJ_ln2nid 359 EXIST::FUNCTION:
-OBJ_new_nid 360 EXIST::FUNCTION:
-OBJ_nid2ln 361 EXIST::FUNCTION:
-OBJ_nid2obj 362 EXIST::FUNCTION:
-OBJ_nid2sn 363 EXIST::FUNCTION:
-OBJ_obj2nid 364 EXIST::FUNCTION:
-OBJ_sn2nid 365 EXIST::FUNCTION:
-OBJ_txt2nid 366 EXIST::FUNCTION:
-PEM_ASN1_read 367 EXIST:!WIN16:FUNCTION:
-PEM_ASN1_read_bio 368 EXIST::FUNCTION:BIO
-PEM_ASN1_write 369 EXIST:!WIN16:FUNCTION:
-PEM_ASN1_write_bio 370 EXIST::FUNCTION:BIO
-PEM_SealFinal 371 EXIST::FUNCTION:RSA
-PEM_SealInit 372 EXIST::FUNCTION:RSA
-PEM_SealUpdate 373 EXIST::FUNCTION:RSA
-PEM_SignFinal 374 EXIST::FUNCTION:
-PEM_SignInit 375 EXIST::FUNCTION:
-PEM_SignUpdate 376 EXIST::FUNCTION:
-PEM_X509_INFO_read 377 EXIST:!WIN16:FUNCTION:
-PEM_X509_INFO_read_bio 378 EXIST::FUNCTION:BIO
-PEM_X509_INFO_write_bio 379 EXIST::FUNCTION:BIO
-PEM_dek_info 380 EXIST::FUNCTION:
-PEM_do_header 381 EXIST::FUNCTION:
-PEM_get_EVP_CIPHER_INFO 382 EXIST::FUNCTION:
-PEM_proc_type 383 EXIST::FUNCTION:
-PEM_read 384 EXIST:!WIN16:FUNCTION:
-PEM_read_DHparams 385 EXIST:!WIN16:FUNCTION:DH
-PEM_read_DSAPrivateKey 386 EXIST:!WIN16:FUNCTION:DSA
-PEM_read_DSAparams 387 EXIST:!WIN16:FUNCTION:DSA
-PEM_read_PKCS7 388 EXIST:!WIN16:FUNCTION:
-PEM_read_PrivateKey 389 EXIST:!WIN16:FUNCTION:
-PEM_read_RSAPrivateKey 390 EXIST:!WIN16:FUNCTION:RSA
-PEM_read_X509 391 EXIST:!WIN16:FUNCTION:
-PEM_read_X509_CRL 392 EXIST:!WIN16:FUNCTION:
-PEM_read_X509_REQ 393 EXIST:!WIN16:FUNCTION:
-PEM_read_bio 394 EXIST::FUNCTION:BIO
-PEM_read_bio_DHparams 395 EXIST::FUNCTION:DH
-PEM_read_bio_DSAPrivateKey 396 EXIST::FUNCTION:DSA
-PEM_read_bio_DSAparams 397 EXIST::FUNCTION:DSA
-PEM_read_bio_PKCS7 398 EXIST::FUNCTION:
-PEM_read_bio_PrivateKey 399 EXIST::FUNCTION:
-PEM_read_bio_RSAPrivateKey 400 EXIST::FUNCTION:RSA
-PEM_read_bio_X509 401 EXIST::FUNCTION:
-PEM_read_bio_X509_CRL 402 EXIST::FUNCTION:
-PEM_read_bio_X509_REQ 403 EXIST::FUNCTION:
-PEM_write 404 EXIST:!WIN16:FUNCTION:
-PEM_write_DHparams 405 EXIST:!WIN16:FUNCTION:DH
-PEM_write_DSAPrivateKey 406 EXIST:!WIN16:FUNCTION:DSA
-PEM_write_DSAparams 407 EXIST:!WIN16:FUNCTION:DSA
-PEM_write_PKCS7 408 EXIST:!WIN16:FUNCTION:
-PEM_write_PrivateKey 409 EXIST:!WIN16:FUNCTION:
-PEM_write_RSAPrivateKey 410 EXIST:!WIN16:FUNCTION:RSA
-PEM_write_X509 411 EXIST:!WIN16:FUNCTION:
-PEM_write_X509_CRL 412 EXIST:!WIN16:FUNCTION:
-PEM_write_X509_REQ 413 EXIST:!WIN16:FUNCTION:
-PEM_write_bio 414 EXIST::FUNCTION:BIO
-PEM_write_bio_DHparams 415 EXIST::FUNCTION:DH
-PEM_write_bio_DSAPrivateKey 416 EXIST::FUNCTION:DSA
-PEM_write_bio_DSAparams 417 EXIST::FUNCTION:DSA
-PEM_write_bio_PKCS7 418 EXIST::FUNCTION:
-PEM_write_bio_PrivateKey 419 EXIST::FUNCTION:
-PEM_write_bio_RSAPrivateKey 420 EXIST::FUNCTION:RSA
-PEM_write_bio_X509 421 EXIST::FUNCTION:
-PEM_write_bio_X509_CRL 422 EXIST::FUNCTION:
-PEM_write_bio_X509_REQ 423 EXIST::FUNCTION:
-PKCS7_DIGEST_free 424 EXIST::FUNCTION:
-PKCS7_DIGEST_new 425 EXIST::FUNCTION:
-PKCS7_ENCRYPT_free 426 EXIST::FUNCTION:
-PKCS7_ENCRYPT_new 427 EXIST::FUNCTION:
-PKCS7_ENC_CONTENT_free 428 EXIST::FUNCTION:
-PKCS7_ENC_CONTENT_new 429 EXIST::FUNCTION:
-PKCS7_ENVELOPE_free 430 EXIST::FUNCTION:
-PKCS7_ENVELOPE_new 431 EXIST::FUNCTION:
-PKCS7_ISSUER_AND_SERIAL_digest 432 EXIST::FUNCTION:
-PKCS7_ISSUER_AND_SERIAL_free 433 EXIST::FUNCTION:
-PKCS7_ISSUER_AND_SERIAL_new 434 EXIST::FUNCTION:
-PKCS7_RECIP_INFO_free 435 EXIST::FUNCTION:
-PKCS7_RECIP_INFO_new 436 EXIST::FUNCTION:
-PKCS7_SIGNED_free 437 EXIST::FUNCTION:
-PKCS7_SIGNED_new 438 EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_free 439 EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_new 440 EXIST::FUNCTION:
-PKCS7_SIGN_ENVELOPE_free 441 EXIST::FUNCTION:
-PKCS7_SIGN_ENVELOPE_new 442 EXIST::FUNCTION:
-PKCS7_dup 443 EXIST::FUNCTION:
-PKCS7_free 444 EXIST::FUNCTION:
-PKCS7_new 445 EXIST::FUNCTION:
-PROXY_ENTRY_add_noproxy 446 NOEXIST::FUNCTION:
-PROXY_ENTRY_clear_noproxy 447 NOEXIST::FUNCTION:
-PROXY_ENTRY_free 448 NOEXIST::FUNCTION:
-PROXY_ENTRY_get_noproxy 449 NOEXIST::FUNCTION:
-PROXY_ENTRY_new 450 NOEXIST::FUNCTION:
-PROXY_ENTRY_set_server 451 NOEXIST::FUNCTION:
-PROXY_add_noproxy 452 NOEXIST::FUNCTION:
-PROXY_add_server 453 NOEXIST::FUNCTION:
-PROXY_check_by_host 454 NOEXIST::FUNCTION:
-PROXY_check_url 455 NOEXIST::FUNCTION:
-PROXY_clear_noproxy 456 NOEXIST::FUNCTION:
-PROXY_free 457 NOEXIST::FUNCTION:
-PROXY_get_noproxy 458 NOEXIST::FUNCTION:
-PROXY_get_proxies 459 NOEXIST::FUNCTION:
-PROXY_get_proxy_entry 460 NOEXIST::FUNCTION:
-PROXY_load_conf 461 NOEXIST::FUNCTION:
-PROXY_new 462 NOEXIST::FUNCTION:
-PROXY_print 463 NOEXIST::FUNCTION:
-RAND_bytes 464 EXIST::FUNCTION:
-RAND_cleanup 465 EXIST::FUNCTION:
-RAND_file_name 466 EXIST::FUNCTION:
-RAND_load_file 467 EXIST::FUNCTION:
-RAND_screen 468 EXIST:WIN32:FUNCTION:
-RAND_seed 469 EXIST::FUNCTION:
-RAND_write_file 470 EXIST::FUNCTION:
-RC2_cbc_encrypt 471 EXIST::FUNCTION:RC2
-RC2_cfb64_encrypt 472 EXIST::FUNCTION:RC2
-RC2_ecb_encrypt 473 EXIST::FUNCTION:RC2
-RC2_encrypt 474 EXIST::FUNCTION:RC2
-RC2_ofb64_encrypt 475 EXIST::FUNCTION:RC2
-RC2_set_key 476 EXIST::FUNCTION:RC2
-RC4 477 EXIST::FUNCTION:RC4
-RC4_options 478 EXIST::FUNCTION:RC4
-RC4_set_key 479 EXIST::FUNCTION:RC4
-RSAPrivateKey_asn1_meth 480 EXIST::FUNCTION:RSA
-RSAPrivateKey_dup 481 EXIST::FUNCTION:RSA
-RSAPublicKey_dup 482 EXIST::FUNCTION:RSA
-RSA_PKCS1_SSLeay 483 EXIST::FUNCTION:RSA
-RSA_free 484 EXIST::FUNCTION:RSA
-RSA_generate_key 485 EXIST::FUNCTION:DEPRECATED,RSA
-RSA_new 486 EXIST::FUNCTION:RSA
-RSA_new_method 487 EXIST::FUNCTION:RSA
-RSA_print 488 EXIST::FUNCTION:BIO,RSA
-RSA_print_fp 489 EXIST::FUNCTION:FP_API,RSA
-RSA_private_decrypt 490 EXIST::FUNCTION:RSA
-RSA_private_encrypt 491 EXIST::FUNCTION:RSA
-RSA_public_decrypt 492 EXIST::FUNCTION:RSA
-RSA_public_encrypt 493 EXIST::FUNCTION:RSA
-RSA_set_default_method 494 EXIST::FUNCTION:RSA
-RSA_sign 495 EXIST::FUNCTION:RSA
-RSA_sign_ASN1_OCTET_STRING 496 EXIST::FUNCTION:RSA
-RSA_size 497 EXIST::FUNCTION:RSA
-RSA_verify 498 EXIST::FUNCTION:RSA
-RSA_verify_ASN1_OCTET_STRING 499 EXIST::FUNCTION:RSA
-SHA 500 EXIST::FUNCTION:SHA,SHA0
-SHA1 501 EXIST::FUNCTION:SHA,SHA1
-SHA1_Final 502 EXIST::FUNCTION:SHA,SHA1
-SHA1_Init 503 EXIST::FUNCTION:SHA,SHA1
-SHA1_Update 504 EXIST::FUNCTION:SHA,SHA1
-SHA_Final 505 EXIST::FUNCTION:SHA,SHA0
-SHA_Init 506 EXIST::FUNCTION:SHA,SHA0
-SHA_Update 507 EXIST::FUNCTION:SHA,SHA0
-OpenSSL_add_all_algorithms 508 NOEXIST::FUNCTION:
-OpenSSL_add_all_ciphers 509 EXIST::FUNCTION:
-OpenSSL_add_all_digests 510 EXIST::FUNCTION:
-TXT_DB_create_index 511 EXIST::FUNCTION:
-TXT_DB_free 512 EXIST::FUNCTION:
-TXT_DB_get_by_index 513 EXIST::FUNCTION:
-TXT_DB_insert 514 EXIST::FUNCTION:
-TXT_DB_read 515 EXIST::FUNCTION:BIO
-TXT_DB_write 516 EXIST::FUNCTION:BIO
-X509_ALGOR_free 517 EXIST::FUNCTION:
-X509_ALGOR_new 518 EXIST::FUNCTION:
-X509_ATTRIBUTE_free 519 EXIST::FUNCTION:
-X509_ATTRIBUTE_new 520 EXIST::FUNCTION:
-X509_CINF_free 521 EXIST::FUNCTION:
-X509_CINF_new 522 EXIST::FUNCTION:
-X509_CRL_INFO_free 523 EXIST::FUNCTION:
-X509_CRL_INFO_new 524 EXIST::FUNCTION:
-X509_CRL_add_ext 525 EXIST::FUNCTION:
-X509_CRL_cmp 526 EXIST::FUNCTION:
-X509_CRL_delete_ext 527 EXIST::FUNCTION:
-X509_CRL_dup 528 EXIST::FUNCTION:
-X509_CRL_free 529 EXIST::FUNCTION:
-X509_CRL_get_ext 530 EXIST::FUNCTION:
-X509_CRL_get_ext_by_NID 531 EXIST::FUNCTION:
-X509_CRL_get_ext_by_OBJ 532 EXIST::FUNCTION:
-X509_CRL_get_ext_by_critical 533 EXIST::FUNCTION:
-X509_CRL_get_ext_count 534 EXIST::FUNCTION:
-X509_CRL_new 535 EXIST::FUNCTION:
-X509_CRL_sign 536 EXIST::FUNCTION:EVP
-X509_CRL_verify 537 EXIST::FUNCTION:EVP
-X509_EXTENSION_create_by_NID 538 EXIST::FUNCTION:
-X509_EXTENSION_create_by_OBJ 539 EXIST::FUNCTION:
-X509_EXTENSION_dup 540 EXIST::FUNCTION:
-X509_EXTENSION_free 541 EXIST::FUNCTION:
-X509_EXTENSION_get_critical 542 EXIST::FUNCTION:
-X509_EXTENSION_get_data 543 EXIST::FUNCTION:
-X509_EXTENSION_get_object 544 EXIST::FUNCTION:
-X509_EXTENSION_new 545 EXIST::FUNCTION:
-X509_EXTENSION_set_critical 546 EXIST::FUNCTION:
-X509_EXTENSION_set_data 547 EXIST::FUNCTION:
-X509_EXTENSION_set_object 548 EXIST::FUNCTION:
-X509_INFO_free 549 EXIST::FUNCTION:EVP
-X509_INFO_new 550 EXIST::FUNCTION:EVP
-X509_LOOKUP_by_alias 551 EXIST::FUNCTION:
-X509_LOOKUP_by_fingerprint 552 EXIST::FUNCTION:
-X509_LOOKUP_by_issuer_serial 553 EXIST::FUNCTION:
-X509_LOOKUP_by_subject 554 EXIST::FUNCTION:
-X509_LOOKUP_ctrl 555 EXIST::FUNCTION:
-X509_LOOKUP_file 556 EXIST::FUNCTION:
-X509_LOOKUP_free 557 EXIST::FUNCTION:
-X509_LOOKUP_hash_dir 558 EXIST::FUNCTION:
-X509_LOOKUP_init 559 EXIST::FUNCTION:
-X509_LOOKUP_new 560 EXIST::FUNCTION:
-X509_LOOKUP_shutdown 561 EXIST::FUNCTION:
-X509_NAME_ENTRY_create_by_NID 562 EXIST::FUNCTION:
-X509_NAME_ENTRY_create_by_OBJ 563 EXIST::FUNCTION:
-X509_NAME_ENTRY_dup 564 EXIST::FUNCTION:
-X509_NAME_ENTRY_free 565 EXIST::FUNCTION:
-X509_NAME_ENTRY_get_data 566 EXIST::FUNCTION:
-X509_NAME_ENTRY_get_object 567 EXIST::FUNCTION:
-X509_NAME_ENTRY_new 568 EXIST::FUNCTION:
-X509_NAME_ENTRY_set_data 569 EXIST::FUNCTION:
-X509_NAME_ENTRY_set_object 570 EXIST::FUNCTION:
-X509_NAME_add_entry 571 EXIST::FUNCTION:
-X509_NAME_cmp 572 EXIST::FUNCTION:
-X509_NAME_delete_entry 573 EXIST::FUNCTION:
-X509_NAME_digest 574 EXIST::FUNCTION:EVP
-X509_NAME_dup 575 EXIST::FUNCTION:
-X509_NAME_entry_count 576 EXIST::FUNCTION:
-X509_NAME_free 577 EXIST::FUNCTION:
-X509_NAME_get_entry 578 EXIST::FUNCTION:
-X509_NAME_get_index_by_NID 579 EXIST::FUNCTION:
-X509_NAME_get_index_by_OBJ 580 EXIST::FUNCTION:
-X509_NAME_get_text_by_NID 581 EXIST::FUNCTION:
-X509_NAME_get_text_by_OBJ 582 EXIST::FUNCTION:
-X509_NAME_hash 583 EXIST::FUNCTION:
-X509_NAME_new 584 EXIST::FUNCTION:
-X509_NAME_oneline 585 EXIST::FUNCTION:EVP
-X509_NAME_print 586 EXIST::FUNCTION:BIO
-X509_NAME_set 587 EXIST::FUNCTION:
-X509_OBJECT_free_contents 588 EXIST::FUNCTION:
-X509_OBJECT_retrieve_by_subject 589 EXIST::FUNCTION:
-X509_OBJECT_up_ref_count 590 EXIST::FUNCTION:
-X509_PKEY_free 591 EXIST::FUNCTION:
-X509_PKEY_new 592 EXIST::FUNCTION:
-X509_PUBKEY_free 593 EXIST::FUNCTION:
-X509_PUBKEY_get 594 EXIST::FUNCTION:
-X509_PUBKEY_new 595 EXIST::FUNCTION:
-X509_PUBKEY_set 596 EXIST::FUNCTION:
-X509_REQ_INFO_free 597 EXIST::FUNCTION:
-X509_REQ_INFO_new 598 EXIST::FUNCTION:
-X509_REQ_dup 599 EXIST::FUNCTION:
-X509_REQ_free 600 EXIST::FUNCTION:
-X509_REQ_get_pubkey 601 EXIST::FUNCTION:
-X509_REQ_new 602 EXIST::FUNCTION:
-X509_REQ_print 603 EXIST::FUNCTION:BIO
-X509_REQ_print_fp 604 EXIST::FUNCTION:FP_API
-X509_REQ_set_pubkey 605 EXIST::FUNCTION:
-X509_REQ_set_subject_name 606 EXIST::FUNCTION:
-X509_REQ_set_version 607 EXIST::FUNCTION:
-X509_REQ_sign 608 EXIST::FUNCTION:EVP
-X509_REQ_to_X509 609 EXIST::FUNCTION:
-X509_REQ_verify 610 EXIST::FUNCTION:EVP
-X509_REVOKED_add_ext 611 EXIST::FUNCTION:
-X509_REVOKED_delete_ext 612 EXIST::FUNCTION:
-X509_REVOKED_free 613 EXIST::FUNCTION:
-X509_REVOKED_get_ext 614 EXIST::FUNCTION:
-X509_REVOKED_get_ext_by_NID 615 EXIST::FUNCTION:
-X509_REVOKED_get_ext_by_OBJ 616 EXIST::FUNCTION:
-X509_REVOKED_get_ext_by_critical 617 EXIST:!VMS:FUNCTION:
-X509_REVOKED_get_ext_by_critic 617 EXIST:VMS:FUNCTION:
-X509_REVOKED_get_ext_count 618 EXIST::FUNCTION:
-X509_REVOKED_new 619 EXIST::FUNCTION:
-X509_SIG_free 620 EXIST::FUNCTION:
-X509_SIG_new 621 EXIST::FUNCTION:
-X509_STORE_CTX_cleanup 622 EXIST::FUNCTION:
-X509_STORE_CTX_init 623 EXIST::FUNCTION:
-X509_STORE_add_cert 624 EXIST::FUNCTION:
-X509_STORE_add_lookup 625 EXIST::FUNCTION:
-X509_STORE_free 626 EXIST::FUNCTION:
-X509_STORE_get_by_subject 627 EXIST::FUNCTION:
-X509_STORE_load_locations 628 EXIST::FUNCTION:STDIO
-X509_STORE_new 629 EXIST::FUNCTION:
-X509_STORE_set_default_paths 630 EXIST::FUNCTION:STDIO
-X509_VAL_free 631 EXIST::FUNCTION:
-X509_VAL_new 632 EXIST::FUNCTION:
-X509_add_ext 633 EXIST::FUNCTION:
-X509_asn1_meth 634 EXIST::FUNCTION:
-X509_certificate_type 635 EXIST::FUNCTION:
-X509_check_private_key 636 EXIST::FUNCTION:
-X509_cmp_current_time 637 EXIST::FUNCTION:
-X509_delete_ext 638 EXIST::FUNCTION:
-X509_digest 639 EXIST::FUNCTION:EVP
-X509_dup 640 EXIST::FUNCTION:
-X509_free 641 EXIST::FUNCTION:
-X509_get_default_cert_area 642 EXIST::FUNCTION:
-X509_get_default_cert_dir 643 EXIST::FUNCTION:
-X509_get_default_cert_dir_env 644 EXIST::FUNCTION:
-X509_get_default_cert_file 645 EXIST::FUNCTION:
-X509_get_default_cert_file_env 646 EXIST::FUNCTION:
-X509_get_default_private_dir 647 EXIST::FUNCTION:
-X509_get_ext 648 EXIST::FUNCTION:
-X509_get_ext_by_NID 649 EXIST::FUNCTION:
-X509_get_ext_by_OBJ 650 EXIST::FUNCTION:
-X509_get_ext_by_critical 651 EXIST::FUNCTION:
-X509_get_ext_count 652 EXIST::FUNCTION:
-X509_get_issuer_name 653 EXIST::FUNCTION:
-X509_get_pubkey 654 EXIST::FUNCTION:
-X509_get_pubkey_parameters 655 EXIST::FUNCTION:
-X509_get_serialNumber 656 EXIST::FUNCTION:
-X509_get_subject_name 657 EXIST::FUNCTION:
-X509_gmtime_adj 658 EXIST::FUNCTION:
-X509_issuer_and_serial_cmp 659 EXIST::FUNCTION:
-X509_issuer_and_serial_hash 660 EXIST::FUNCTION:
-X509_issuer_name_cmp 661 EXIST::FUNCTION:
-X509_issuer_name_hash 662 EXIST::FUNCTION:
-X509_load_cert_file 663 EXIST::FUNCTION:STDIO
-X509_new 664 EXIST::FUNCTION:
-X509_print 665 EXIST::FUNCTION:BIO
-X509_print_fp 666 EXIST::FUNCTION:FP_API
-X509_set_issuer_name 667 EXIST::FUNCTION:
-X509_set_notAfter 668 EXIST::FUNCTION:
-X509_set_notBefore 669 EXIST::FUNCTION:
-X509_set_pubkey 670 EXIST::FUNCTION:
-X509_set_serialNumber 671 EXIST::FUNCTION:
-X509_set_subject_name 672 EXIST::FUNCTION:
-X509_set_version 673 EXIST::FUNCTION:
-X509_sign 674 EXIST::FUNCTION:EVP
-X509_subject_name_cmp 675 EXIST::FUNCTION:
-X509_subject_name_hash 676 EXIST::FUNCTION:
-X509_to_X509_REQ 677 EXIST::FUNCTION:
-X509_verify 678 EXIST::FUNCTION:EVP
-X509_verify_cert 679 EXIST::FUNCTION:
-X509_verify_cert_error_string 680 EXIST::FUNCTION:
-X509v3_add_ext 681 EXIST::FUNCTION:
-X509v3_add_extension 682 NOEXIST::FUNCTION:
-X509v3_add_netscape_extensions 683 NOEXIST::FUNCTION:
-X509v3_add_standard_extensions 684 NOEXIST::FUNCTION:
-X509v3_cleanup_extensions 685 NOEXIST::FUNCTION:
-X509v3_data_type_by_NID 686 NOEXIST::FUNCTION:
-X509v3_data_type_by_OBJ 687 NOEXIST::FUNCTION:
-X509v3_delete_ext 688 EXIST::FUNCTION:
-X509v3_get_ext 689 EXIST::FUNCTION:
-X509v3_get_ext_by_NID 690 EXIST::FUNCTION:
-X509v3_get_ext_by_OBJ 691 EXIST::FUNCTION:
-X509v3_get_ext_by_critical 692 EXIST::FUNCTION:
-X509v3_get_ext_count 693 EXIST::FUNCTION:
-X509v3_pack_string 694 NOEXIST::FUNCTION:
-X509v3_pack_type_by_NID 695 NOEXIST::FUNCTION:
-X509v3_pack_type_by_OBJ 696 NOEXIST::FUNCTION:
-X509v3_unpack_string 697 NOEXIST::FUNCTION:
-_des_crypt 698 NOEXIST::FUNCTION:
-a2d_ASN1_OBJECT 699 EXIST::FUNCTION:
-a2i_ASN1_INTEGER 700 EXIST::FUNCTION:BIO
-a2i_ASN1_STRING 701 EXIST::FUNCTION:BIO
-asn1_Finish 702 EXIST::FUNCTION:
-asn1_GetSequence 703 EXIST::FUNCTION:
-bn_div_words 704 EXIST::FUNCTION:
-bn_expand2 705 EXIST::FUNCTION:
-bn_mul_add_words 706 EXIST::FUNCTION:
-bn_mul_words 707 EXIST::FUNCTION:
-BN_uadd 708 EXIST::FUNCTION:
-BN_usub 709 EXIST::FUNCTION:
-bn_sqr_words 710 EXIST::FUNCTION:
-_ossl_old_crypt 711 EXIST:!NeXT,!PERL5:FUNCTION:DES
-d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION:
-d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION:
-d2i_ASN1_HEADER 714 EXIST::FUNCTION:
-d2i_ASN1_IA5STRING 715 EXIST::FUNCTION:
-d2i_ASN1_INTEGER 716 EXIST::FUNCTION:
-d2i_ASN1_OBJECT 717 EXIST::FUNCTION:
-d2i_ASN1_OCTET_STRING 718 EXIST::FUNCTION:
-d2i_ASN1_PRINTABLE 719 EXIST::FUNCTION:
-d2i_ASN1_PRINTABLESTRING 720 EXIST::FUNCTION:
-d2i_ASN1_SET 721 EXIST::FUNCTION:
-d2i_ASN1_T61STRING 722 EXIST::FUNCTION:
-d2i_ASN1_TYPE 723 EXIST::FUNCTION:
-d2i_ASN1_UTCTIME 724 EXIST::FUNCTION:
-d2i_ASN1_bytes 725 EXIST::FUNCTION:
-d2i_ASN1_type_bytes 726 EXIST::FUNCTION:
-d2i_DHparams 727 EXIST::FUNCTION:DH
-d2i_DSAPrivateKey 728 EXIST::FUNCTION:DSA
-d2i_DSAPrivateKey_bio 729 EXIST::FUNCTION:BIO,DSA
-d2i_DSAPrivateKey_fp 730 EXIST::FUNCTION:DSA,FP_API
-d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA
-d2i_DSAparams 732 EXIST::FUNCTION:DSA
-d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION:
-d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION:
-d2i_Netscape_RSA 735 EXIST::FUNCTION:RC4,RSA
-d2i_PKCS7 736 EXIST::FUNCTION:
-d2i_PKCS7_DIGEST 737 EXIST::FUNCTION:
-d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION:
-d2i_PKCS7_ENC_CONTENT 739 EXIST::FUNCTION:
-d2i_PKCS7_ENVELOPE 740 EXIST::FUNCTION:
-d2i_PKCS7_ISSUER_AND_SERIAL 741 EXIST::FUNCTION:
-d2i_PKCS7_RECIP_INFO 742 EXIST::FUNCTION:
-d2i_PKCS7_SIGNED 743 EXIST::FUNCTION:
-d2i_PKCS7_SIGNER_INFO 744 EXIST::FUNCTION:
-d2i_PKCS7_SIGN_ENVELOPE 745 EXIST::FUNCTION:
-d2i_PKCS7_bio 746 EXIST::FUNCTION:
-d2i_PKCS7_fp 747 EXIST::FUNCTION:FP_API
-d2i_PrivateKey 748 EXIST::FUNCTION:
-d2i_PublicKey 749 EXIST::FUNCTION:
-d2i_RSAPrivateKey 750 EXIST::FUNCTION:RSA
-d2i_RSAPrivateKey_bio 751 EXIST::FUNCTION:BIO,RSA
-d2i_RSAPrivateKey_fp 752 EXIST::FUNCTION:FP_API,RSA
-d2i_RSAPublicKey 753 EXIST::FUNCTION:RSA
-d2i_X509 754 EXIST::FUNCTION:
-d2i_X509_ALGOR 755 EXIST::FUNCTION:
-d2i_X509_ATTRIBUTE 756 EXIST::FUNCTION:
-d2i_X509_CINF 757 EXIST::FUNCTION:
-d2i_X509_CRL 758 EXIST::FUNCTION:
-d2i_X509_CRL_INFO 759 EXIST::FUNCTION:
-d2i_X509_CRL_bio 760 EXIST::FUNCTION:BIO
-d2i_X509_CRL_fp 761 EXIST::FUNCTION:FP_API
-d2i_X509_EXTENSION 762 EXIST::FUNCTION:
-d2i_X509_NAME 763 EXIST::FUNCTION:
-d2i_X509_NAME_ENTRY 764 EXIST::FUNCTION:
-d2i_X509_PKEY 765 EXIST::FUNCTION:
-d2i_X509_PUBKEY 766 EXIST::FUNCTION:
-d2i_X509_REQ 767 EXIST::FUNCTION:
-d2i_X509_REQ_INFO 768 EXIST::FUNCTION:
-d2i_X509_REQ_bio 769 EXIST::FUNCTION:BIO
-d2i_X509_REQ_fp 770 EXIST::FUNCTION:FP_API
-d2i_X509_REVOKED 771 EXIST::FUNCTION:
-d2i_X509_SIG 772 EXIST::FUNCTION:
-d2i_X509_VAL 773 EXIST::FUNCTION:
-d2i_X509_bio 774 EXIST::FUNCTION:BIO
-d2i_X509_fp 775 EXIST::FUNCTION:FP_API
-DES_cbc_cksum 777 EXIST::FUNCTION:DES
-DES_cbc_encrypt 778 EXIST::FUNCTION:DES
-DES_cblock_print_file 779 NOEXIST::FUNCTION:
-DES_cfb64_encrypt 780 EXIST::FUNCTION:DES
-DES_cfb_encrypt 781 EXIST::FUNCTION:DES
-DES_decrypt3 782 EXIST::FUNCTION:DES
-DES_ecb3_encrypt 783 EXIST::FUNCTION:DES
-DES_ecb_encrypt 784 EXIST::FUNCTION:DES
-DES_ede3_cbc_encrypt 785 EXIST::FUNCTION:DES
-DES_ede3_cfb64_encrypt 786 EXIST::FUNCTION:DES
-DES_ede3_ofb64_encrypt 787 EXIST::FUNCTION:DES
-DES_enc_read 788 EXIST::FUNCTION:DES
-DES_enc_write 789 EXIST::FUNCTION:DES
-DES_encrypt1 790 EXIST::FUNCTION:DES
-DES_encrypt2 791 EXIST::FUNCTION:DES
-DES_encrypt3 792 EXIST::FUNCTION:DES
-DES_fcrypt 793 EXIST::FUNCTION:DES
-DES_is_weak_key 794 EXIST::FUNCTION:DES
-DES_key_sched 795 EXIST::FUNCTION:DES
-DES_ncbc_encrypt 796 EXIST::FUNCTION:DES
-DES_ofb64_encrypt 797 EXIST::FUNCTION:DES
-DES_ofb_encrypt 798 EXIST::FUNCTION:DES
-DES_options 799 EXIST::FUNCTION:DES
-DES_pcbc_encrypt 800 EXIST::FUNCTION:DES
-DES_quad_cksum 801 EXIST::FUNCTION:DES
-DES_random_key 802 EXIST::FUNCTION:DES
-_ossl_old_des_random_seed 803 EXIST::FUNCTION:DES
-_ossl_old_des_read_2passwords 804 EXIST::FUNCTION:DES
-_ossl_old_des_read_password 805 EXIST::FUNCTION:DES
-_ossl_old_des_read_pw 806 EXIST::FUNCTION:
-_ossl_old_des_read_pw_string 807 EXIST::FUNCTION:
-DES_set_key 808 EXIST::FUNCTION:DES
-DES_set_odd_parity 809 EXIST::FUNCTION:DES
-DES_string_to_2keys 810 EXIST::FUNCTION:DES
-DES_string_to_key 811 EXIST::FUNCTION:DES
-DES_xcbc_encrypt 812 EXIST::FUNCTION:DES
-DES_xwhite_in2out 813 NOEXIST::FUNCTION:
-fcrypt_body 814 NOEXIST::FUNCTION:
-i2a_ASN1_INTEGER 815 EXIST::FUNCTION:BIO
-i2a_ASN1_OBJECT 816 EXIST::FUNCTION:BIO
-i2a_ASN1_STRING 817 EXIST::FUNCTION:BIO
-i2d_ASN1_BIT_STRING 818 EXIST::FUNCTION:
-i2d_ASN1_BOOLEAN 819 EXIST::FUNCTION:
-i2d_ASN1_HEADER 820 EXIST::FUNCTION:
-i2d_ASN1_IA5STRING 821 EXIST::FUNCTION:
-i2d_ASN1_INTEGER 822 EXIST::FUNCTION:
-i2d_ASN1_OBJECT 823 EXIST::FUNCTION:
-i2d_ASN1_OCTET_STRING 824 EXIST::FUNCTION:
-i2d_ASN1_PRINTABLE 825 EXIST::FUNCTION:
-i2d_ASN1_SET 826 EXIST::FUNCTION:
-i2d_ASN1_TYPE 827 EXIST::FUNCTION:
-i2d_ASN1_UTCTIME 828 EXIST::FUNCTION:
-i2d_ASN1_bytes 829 EXIST::FUNCTION:
-i2d_DHparams 830 EXIST::FUNCTION:DH
-i2d_DSAPrivateKey 831 EXIST::FUNCTION:DSA
-i2d_DSAPrivateKey_bio 832 EXIST::FUNCTION:BIO,DSA
-i2d_DSAPrivateKey_fp 833 EXIST::FUNCTION:DSA,FP_API
-i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA
-i2d_DSAparams 835 EXIST::FUNCTION:DSA
-i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION:
-i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION:
-i2d_Netscape_RSA 838 EXIST::FUNCTION:RC4,RSA
-i2d_PKCS7 839 EXIST::FUNCTION:
-i2d_PKCS7_DIGEST 840 EXIST::FUNCTION:
-i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION:
-i2d_PKCS7_ENC_CONTENT 842 EXIST::FUNCTION:
-i2d_PKCS7_ENVELOPE 843 EXIST::FUNCTION:
-i2d_PKCS7_ISSUER_AND_SERIAL 844 EXIST::FUNCTION:
-i2d_PKCS7_RECIP_INFO 845 EXIST::FUNCTION:
-i2d_PKCS7_SIGNED 846 EXIST::FUNCTION:
-i2d_PKCS7_SIGNER_INFO 847 EXIST::FUNCTION:
-i2d_PKCS7_SIGN_ENVELOPE 848 EXIST::FUNCTION:
-i2d_PKCS7_bio 849 EXIST::FUNCTION:
-i2d_PKCS7_fp 850 EXIST::FUNCTION:FP_API
-i2d_PrivateKey 851 EXIST::FUNCTION:
-i2d_PublicKey 852 EXIST::FUNCTION:
-i2d_RSAPrivateKey 853 EXIST::FUNCTION:RSA
-i2d_RSAPrivateKey_bio 854 EXIST::FUNCTION:BIO,RSA
-i2d_RSAPrivateKey_fp 855 EXIST::FUNCTION:FP_API,RSA
-i2d_RSAPublicKey 856 EXIST::FUNCTION:RSA
-i2d_X509 857 EXIST::FUNCTION:
-i2d_X509_ALGOR 858 EXIST::FUNCTION:
-i2d_X509_ATTRIBUTE 859 EXIST::FUNCTION:
-i2d_X509_CINF 860 EXIST::FUNCTION:
-i2d_X509_CRL 861 EXIST::FUNCTION:
-i2d_X509_CRL_INFO 862 EXIST::FUNCTION:
-i2d_X509_CRL_bio 863 EXIST::FUNCTION:BIO
-i2d_X509_CRL_fp 864 EXIST::FUNCTION:FP_API
-i2d_X509_EXTENSION 865 EXIST::FUNCTION:
-i2d_X509_NAME 866 EXIST::FUNCTION:
-i2d_X509_NAME_ENTRY 867 EXIST::FUNCTION:
-i2d_X509_PKEY 868 EXIST::FUNCTION:
-i2d_X509_PUBKEY 869 EXIST::FUNCTION:
-i2d_X509_REQ 870 EXIST::FUNCTION:
-i2d_X509_REQ_INFO 871 EXIST::FUNCTION:
-i2d_X509_REQ_bio 872 EXIST::FUNCTION:BIO
-i2d_X509_REQ_fp 873 EXIST::FUNCTION:FP_API
-i2d_X509_REVOKED 874 EXIST::FUNCTION:
-i2d_X509_SIG 875 EXIST::FUNCTION:
-i2d_X509_VAL 876 EXIST::FUNCTION:
-i2d_X509_bio 877 EXIST::FUNCTION:BIO
-i2d_X509_fp 878 EXIST::FUNCTION:FP_API
-idea_cbc_encrypt 879 EXIST::FUNCTION:IDEA
-idea_cfb64_encrypt 880 EXIST::FUNCTION:IDEA
-idea_ecb_encrypt 881 EXIST::FUNCTION:IDEA
-idea_encrypt 882 EXIST::FUNCTION:IDEA
-idea_ofb64_encrypt 883 EXIST::FUNCTION:IDEA
-idea_options 884 EXIST::FUNCTION:IDEA
-idea_set_decrypt_key 885 EXIST::FUNCTION:IDEA
-idea_set_encrypt_key 886 EXIST::FUNCTION:IDEA
-lh_delete 887 EXIST::FUNCTION:
-lh_doall 888 EXIST::FUNCTION:
-lh_doall_arg 889 EXIST::FUNCTION:
-lh_free 890 EXIST::FUNCTION:
-lh_insert 891 EXIST::FUNCTION:
-lh_new 892 EXIST::FUNCTION:
-lh_node_stats 893 EXIST::FUNCTION:FP_API
-lh_node_stats_bio 894 EXIST::FUNCTION:BIO
-lh_node_usage_stats 895 EXIST::FUNCTION:FP_API
-lh_node_usage_stats_bio 896 EXIST::FUNCTION:BIO
-lh_retrieve 897 EXIST::FUNCTION:
-lh_stats 898 EXIST::FUNCTION:FP_API
-lh_stats_bio 899 EXIST::FUNCTION:BIO
-lh_strhash 900 EXIST::FUNCTION:
-sk_delete 901 EXIST::FUNCTION:
-sk_delete_ptr 902 EXIST::FUNCTION:
-sk_dup 903 EXIST::FUNCTION:
-sk_find 904 EXIST::FUNCTION:
-sk_free 905 EXIST::FUNCTION:
-sk_insert 906 EXIST::FUNCTION:
-sk_new 907 EXIST::FUNCTION:
-sk_pop 908 EXIST::FUNCTION:
-sk_pop_free 909 EXIST::FUNCTION:
-sk_push 910 EXIST::FUNCTION:
-sk_set_cmp_func 911 EXIST::FUNCTION:
-sk_shift 912 EXIST::FUNCTION:
-sk_unshift 913 EXIST::FUNCTION:
-sk_zero 914 EXIST::FUNCTION:
-BIO_f_nbio_test 915 EXIST::FUNCTION:
-ASN1_TYPE_get 916 EXIST::FUNCTION:
-ASN1_TYPE_set 917 EXIST::FUNCTION:
-PKCS7_content_free 918 NOEXIST::FUNCTION:
-ERR_load_PKCS7_strings 919 EXIST::FUNCTION:
-X509_find_by_issuer_and_serial 920 EXIST::FUNCTION:
-X509_find_by_subject 921 EXIST::FUNCTION:
-PKCS7_ctrl 927 EXIST::FUNCTION:
-PKCS7_set_type 928 EXIST::FUNCTION:
-PKCS7_set_content 929 EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_set 930 EXIST::FUNCTION:
-PKCS7_add_signer 931 EXIST::FUNCTION:
-PKCS7_add_certificate 932 EXIST::FUNCTION:
-PKCS7_add_crl 933 EXIST::FUNCTION:
-PKCS7_content_new 934 EXIST::FUNCTION:
-PKCS7_dataSign 935 NOEXIST::FUNCTION:
-PKCS7_dataVerify 936 EXIST::FUNCTION:
-PKCS7_dataInit 937 EXIST::FUNCTION:
-PKCS7_add_signature 938 EXIST::FUNCTION:
-PKCS7_cert_from_signer_info 939 EXIST::FUNCTION:
-PKCS7_get_signer_info 940 EXIST::FUNCTION:
-EVP_delete_alias 941 NOEXIST::FUNCTION:
-EVP_mdc2 942 EXIST::FUNCTION:MDC2
-PEM_read_bio_RSAPublicKey 943 EXIST::FUNCTION:RSA
-PEM_write_bio_RSAPublicKey 944 EXIST::FUNCTION:RSA
-d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:BIO,RSA
-i2d_RSAPublicKey_bio 946 EXIST::FUNCTION:BIO,RSA
-PEM_read_RSAPublicKey 947 EXIST:!WIN16:FUNCTION:RSA
-PEM_write_RSAPublicKey 949 EXIST:!WIN16:FUNCTION:RSA
-d2i_RSAPublicKey_fp 952 EXIST::FUNCTION:FP_API,RSA
-i2d_RSAPublicKey_fp 954 EXIST::FUNCTION:FP_API,RSA
-BIO_copy_next_retry 955 EXIST::FUNCTION:
-RSA_flags 956 EXIST::FUNCTION:RSA
-X509_STORE_add_crl 957 EXIST::FUNCTION:
-X509_load_crl_file 958 EXIST::FUNCTION:STDIO
-EVP_rc2_40_cbc 959 EXIST::FUNCTION:RC2
-EVP_rc4_40 960 EXIST::FUNCTION:RC4
-EVP_CIPHER_CTX_init 961 EXIST::FUNCTION:
-HMAC 962 EXIST::FUNCTION:HMAC
-HMAC_Init 963 EXIST::FUNCTION:HMAC
-HMAC_Update 964 EXIST::FUNCTION:HMAC
-HMAC_Final 965 EXIST::FUNCTION:HMAC
-ERR_get_next_error_library 966 EXIST::FUNCTION:
-EVP_PKEY_cmp_parameters 967 EXIST::FUNCTION:
-HMAC_cleanup 968 NOEXIST::FUNCTION:
-BIO_ptr_ctrl 969 EXIST::FUNCTION:
-BIO_new_file_internal 970 EXIST:WIN16:FUNCTION:FP_API
-BIO_new_fp_internal 971 EXIST:WIN16:FUNCTION:FP_API
-BIO_s_file_internal 972 EXIST:WIN16:FUNCTION:FP_API
-BN_BLINDING_convert 973 EXIST::FUNCTION:
-BN_BLINDING_invert 974 EXIST::FUNCTION:
-BN_BLINDING_update 975 EXIST::FUNCTION:
-RSA_blinding_on 977 EXIST::FUNCTION:RSA
-RSA_blinding_off 978 EXIST::FUNCTION:RSA
-i2t_ASN1_OBJECT 979 EXIST::FUNCTION:
-BN_BLINDING_new 980 EXIST::FUNCTION:
-BN_BLINDING_free 981 EXIST::FUNCTION:
-EVP_cast5_cbc 983 EXIST::FUNCTION:CAST
-EVP_cast5_cfb64 984 EXIST::FUNCTION:CAST
-EVP_cast5_ecb 985 EXIST::FUNCTION:CAST
-EVP_cast5_ofb 986 EXIST::FUNCTION:CAST
-BF_decrypt 987 EXIST::FUNCTION:BF
-CAST_set_key 988 EXIST::FUNCTION:CAST
-CAST_encrypt 989 EXIST::FUNCTION:CAST
-CAST_decrypt 990 EXIST::FUNCTION:CAST
-CAST_ecb_encrypt 991 EXIST::FUNCTION:CAST
-CAST_cbc_encrypt 992 EXIST::FUNCTION:CAST
-CAST_cfb64_encrypt 993 EXIST::FUNCTION:CAST
-CAST_ofb64_encrypt 994 EXIST::FUNCTION:CAST
-RC2_decrypt 995 EXIST::FUNCTION:RC2
-OBJ_create_objects 997 EXIST::FUNCTION:
-BN_exp 998 EXIST::FUNCTION:
-BN_mul_word 999 EXIST::FUNCTION:
-BN_sub_word 1000 EXIST::FUNCTION:
-BN_dec2bn 1001 EXIST::FUNCTION:
-BN_bn2dec 1002 EXIST::FUNCTION:
-BIO_ghbn_ctrl 1003 NOEXIST::FUNCTION:
-CRYPTO_free_ex_data 1004 EXIST::FUNCTION:
-CRYPTO_get_ex_data 1005 EXIST::FUNCTION:
-CRYPTO_set_ex_data 1007 EXIST::FUNCTION:
-ERR_load_CRYPTO_strings 1009 EXIST:!OS2,!VMS,!WIN16:FUNCTION:
-ERR_load_CRYPTOlib_strings 1009 EXIST:OS2,VMS,WIN16:FUNCTION:
-EVP_PKEY_bits 1010 EXIST::FUNCTION:
-MD5_Transform 1011 EXIST::FUNCTION:MD5
-SHA1_Transform 1012 EXIST::FUNCTION:SHA,SHA1
-SHA_Transform 1013 EXIST::FUNCTION:SHA,SHA0
-X509_STORE_CTX_get_chain 1014 EXIST::FUNCTION:
-X509_STORE_CTX_get_current_cert 1015 EXIST::FUNCTION:
-X509_STORE_CTX_get_error 1016 EXIST::FUNCTION:
-X509_STORE_CTX_get_error_depth 1017 EXIST::FUNCTION:
-X509_STORE_CTX_get_ex_data 1018 EXIST::FUNCTION:
-X509_STORE_CTX_set_cert 1020 EXIST::FUNCTION:
-X509_STORE_CTX_set_chain 1021 EXIST::FUNCTION:
-X509_STORE_CTX_set_error 1022 EXIST::FUNCTION:
-X509_STORE_CTX_set_ex_data 1023 EXIST::FUNCTION:
-CRYPTO_dup_ex_data 1025 EXIST::FUNCTION:
-CRYPTO_get_new_lockid 1026 EXIST::FUNCTION:
-CRYPTO_new_ex_data 1027 EXIST::FUNCTION:
-RSA_set_ex_data 1028 EXIST::FUNCTION:RSA
-RSA_get_ex_data 1029 EXIST::FUNCTION:RSA
-RSA_get_ex_new_index 1030 EXIST::FUNCTION:RSA
-RSA_padding_add_PKCS1_type_1 1031 EXIST::FUNCTION:RSA
-RSA_padding_add_PKCS1_type_2 1032 EXIST::FUNCTION:RSA
-RSA_padding_add_SSLv23 1033 EXIST::FUNCTION:RSA
-RSA_padding_add_none 1034 EXIST::FUNCTION:RSA
-RSA_padding_check_PKCS1_type_1 1035 EXIST::FUNCTION:RSA
-RSA_padding_check_PKCS1_type_2 1036 EXIST::FUNCTION:RSA
-RSA_padding_check_SSLv23 1037 EXIST::FUNCTION:RSA
-RSA_padding_check_none 1038 EXIST::FUNCTION:RSA
-bn_add_words 1039 EXIST::FUNCTION:
-d2i_Netscape_RSA_2 1040 NOEXIST::FUNCTION:
-CRYPTO_get_ex_new_index 1041 EXIST::FUNCTION:
-RIPEMD160_Init 1042 EXIST::FUNCTION:RIPEMD
-RIPEMD160_Update 1043 EXIST::FUNCTION:RIPEMD
-RIPEMD160_Final 1044 EXIST::FUNCTION:RIPEMD
-RIPEMD160 1045 EXIST::FUNCTION:RIPEMD
-RIPEMD160_Transform 1046 EXIST::FUNCTION:RIPEMD
-RC5_32_set_key 1047 EXIST::FUNCTION:RC5
-RC5_32_ecb_encrypt 1048 EXIST::FUNCTION:RC5
-RC5_32_encrypt 1049 EXIST::FUNCTION:RC5
-RC5_32_decrypt 1050 EXIST::FUNCTION:RC5
-RC5_32_cbc_encrypt 1051 EXIST::FUNCTION:RC5
-RC5_32_cfb64_encrypt 1052 EXIST::FUNCTION:RC5
-RC5_32_ofb64_encrypt 1053 EXIST::FUNCTION:RC5
-BN_bn2mpi 1058 EXIST::FUNCTION:
-BN_mpi2bn 1059 EXIST::FUNCTION:
-ASN1_BIT_STRING_get_bit 1060 EXIST::FUNCTION:
-ASN1_BIT_STRING_set_bit 1061 EXIST::FUNCTION:
-BIO_get_ex_data 1062 EXIST::FUNCTION:
-BIO_get_ex_new_index 1063 EXIST::FUNCTION:
-BIO_set_ex_data 1064 EXIST::FUNCTION:
-X509v3_get_key_usage 1066 NOEXIST::FUNCTION:
-X509v3_set_key_usage 1067 NOEXIST::FUNCTION:
-a2i_X509v3_key_usage 1068 NOEXIST::FUNCTION:
-i2a_X509v3_key_usage 1069 NOEXIST::FUNCTION:
-EVP_PKEY_decrypt 1070 EXIST::FUNCTION:
-EVP_PKEY_encrypt 1071 EXIST::FUNCTION:
-PKCS7_RECIP_INFO_set 1072 EXIST::FUNCTION:
-PKCS7_add_recipient 1073 EXIST::FUNCTION:
-PKCS7_add_recipient_info 1074 EXIST::FUNCTION:
-PKCS7_set_cipher 1075 EXIST::FUNCTION:
-ASN1_TYPE_get_int_octetstring 1076 EXIST::FUNCTION:
-ASN1_TYPE_get_octetstring 1077 EXIST::FUNCTION:
-ASN1_TYPE_set_int_octetstring 1078 EXIST::FUNCTION:
-ASN1_TYPE_set_octetstring 1079 EXIST::FUNCTION:
-ASN1_UTCTIME_set_string 1080 EXIST::FUNCTION:
-ERR_add_error_data 1081 EXIST::FUNCTION:BIO
-ERR_set_error_data 1082 EXIST::FUNCTION:
-EVP_CIPHER_asn1_to_param 1083 EXIST::FUNCTION:
-EVP_CIPHER_param_to_asn1 1084 EXIST::FUNCTION:
-EVP_CIPHER_get_asn1_iv 1085 EXIST::FUNCTION:
-EVP_CIPHER_set_asn1_iv 1086 EXIST::FUNCTION:
-EVP_rc5_32_12_16_cbc 1087 EXIST::FUNCTION:RC5
-EVP_rc5_32_12_16_cfb64 1088 EXIST::FUNCTION:RC5
-EVP_rc5_32_12_16_ecb 1089 EXIST::FUNCTION:RC5
-EVP_rc5_32_12_16_ofb 1090 EXIST::FUNCTION:RC5
-asn1_add_error 1091 EXIST::FUNCTION:
-d2i_ASN1_BMPSTRING 1092 EXIST::FUNCTION:
-i2d_ASN1_BMPSTRING 1093 EXIST::FUNCTION:
-BIO_f_ber 1094 NOEXIST::FUNCTION:
-BN_init 1095 EXIST::FUNCTION:
-COMP_CTX_new 1096 EXIST::FUNCTION:
-COMP_CTX_free 1097 EXIST::FUNCTION:
-COMP_CTX_compress_block 1098 NOEXIST::FUNCTION:
-COMP_CTX_expand_block 1099 NOEXIST::FUNCTION:
-X509_STORE_CTX_get_ex_new_index 1100 EXIST::FUNCTION:
-OBJ_NAME_add 1101 EXIST::FUNCTION:
-BIO_socket_nbio 1102 EXIST::FUNCTION:
-EVP_rc2_64_cbc 1103 EXIST::FUNCTION:RC2
-OBJ_NAME_cleanup 1104 EXIST::FUNCTION:
-OBJ_NAME_get 1105 EXIST::FUNCTION:
-OBJ_NAME_init 1106 EXIST::FUNCTION:
-OBJ_NAME_new_index 1107 EXIST::FUNCTION:
-OBJ_NAME_remove 1108 EXIST::FUNCTION:
-BN_MONT_CTX_copy 1109 EXIST::FUNCTION:
-BIO_new_socks4a_connect 1110 NOEXIST::FUNCTION:
-BIO_s_socks4a_connect 1111 NOEXIST::FUNCTION:
-PROXY_set_connect_mode 1112 NOEXIST::FUNCTION:
-RAND_SSLeay 1113 EXIST::FUNCTION:
-RAND_set_rand_method 1114 EXIST::FUNCTION:
-RSA_memory_lock 1115 EXIST::FUNCTION:RSA
-bn_sub_words 1116 EXIST::FUNCTION:
-bn_mul_normal 1117 NOEXIST::FUNCTION:
-bn_mul_comba8 1118 NOEXIST::FUNCTION:
-bn_mul_comba4 1119 NOEXIST::FUNCTION:
-bn_sqr_normal 1120 NOEXIST::FUNCTION:
-bn_sqr_comba8 1121 NOEXIST::FUNCTION:
-bn_sqr_comba4 1122 NOEXIST::FUNCTION:
-bn_cmp_words 1123 NOEXIST::FUNCTION:
-bn_mul_recursive 1124 NOEXIST::FUNCTION:
-bn_mul_part_recursive 1125 NOEXIST::FUNCTION:
-bn_sqr_recursive 1126 NOEXIST::FUNCTION:
-bn_mul_low_normal 1127 NOEXIST::FUNCTION:
-BN_RECP_CTX_init 1128 EXIST::FUNCTION:
-BN_RECP_CTX_new 1129 EXIST::FUNCTION:
-BN_RECP_CTX_free 1130 EXIST::FUNCTION:
-BN_RECP_CTX_set 1131 EXIST::FUNCTION:
-BN_mod_mul_reciprocal 1132 EXIST::FUNCTION:
-BN_mod_exp_recp 1133 EXIST::FUNCTION:
-BN_div_recp 1134 EXIST::FUNCTION:
-BN_CTX_init 1135 EXIST::FUNCTION:DEPRECATED
-BN_MONT_CTX_init 1136 EXIST::FUNCTION:
-RAND_get_rand_method 1137 EXIST::FUNCTION:
-PKCS7_add_attribute 1138 EXIST::FUNCTION:
-PKCS7_add_signed_attribute 1139 EXIST::FUNCTION:
-PKCS7_digest_from_attributes 1140 EXIST::FUNCTION:
-PKCS7_get_attribute 1141 EXIST::FUNCTION:
-PKCS7_get_issuer_and_serial 1142 EXIST::FUNCTION:
-PKCS7_get_signed_attribute 1143 EXIST::FUNCTION:
-COMP_compress_block 1144 EXIST::FUNCTION:
-COMP_expand_block 1145 EXIST::FUNCTION:
-COMP_rle 1146 EXIST::FUNCTION:
-COMP_zlib 1147 EXIST::FUNCTION:
-ms_time_diff 1148 EXIST::FUNCTION:
-ms_time_new 1149 EXIST::FUNCTION:
-ms_time_free 1150 EXIST::FUNCTION:
-ms_time_cmp 1151 EXIST::FUNCTION:
-ms_time_get 1152 EXIST::FUNCTION:
-PKCS7_set_attributes 1153 EXIST::FUNCTION:
-PKCS7_set_signed_attributes 1154 EXIST::FUNCTION:
-X509_ATTRIBUTE_create 1155 EXIST::FUNCTION:
-X509_ATTRIBUTE_dup 1156 EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_check 1157 EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_print 1158 EXIST::FUNCTION:BIO
-ASN1_GENERALIZEDTIME_set 1159 EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_set_string 1160 EXIST::FUNCTION:
-ASN1_TIME_print 1161 EXIST::FUNCTION:BIO
-BASIC_CONSTRAINTS_free 1162 EXIST::FUNCTION:
-BASIC_CONSTRAINTS_new 1163 EXIST::FUNCTION:
-ERR_load_X509V3_strings 1164 EXIST::FUNCTION:
-NETSCAPE_CERT_SEQUENCE_free 1165 EXIST::FUNCTION:
-NETSCAPE_CERT_SEQUENCE_new 1166 EXIST::FUNCTION:
-OBJ_txt2obj 1167 EXIST::FUNCTION:
-PEM_read_NETSCAPE_CERT_SEQUENCE 1168 EXIST:!VMS,!WIN16:FUNCTION:
-PEM_read_NS_CERT_SEQ 1168 EXIST:VMS:FUNCTION:
-PEM_read_bio_NETSCAPE_CERT_SEQUENCE 1169 EXIST:!VMS:FUNCTION:
-PEM_read_bio_NS_CERT_SEQ 1169 EXIST:VMS:FUNCTION:
-PEM_write_NETSCAPE_CERT_SEQUENCE 1170 EXIST:!VMS,!WIN16:FUNCTION:
-PEM_write_NS_CERT_SEQ 1170 EXIST:VMS:FUNCTION:
-PEM_write_bio_NETSCAPE_CERT_SEQUENCE 1171 EXIST:!VMS:FUNCTION:
-PEM_write_bio_NS_CERT_SEQ 1171 EXIST:VMS:FUNCTION:
-X509V3_EXT_add 1172 EXIST::FUNCTION:
-X509V3_EXT_add_alias 1173 EXIST::FUNCTION:
-X509V3_EXT_add_conf 1174 EXIST::FUNCTION:
-X509V3_EXT_cleanup 1175 EXIST::FUNCTION:
-X509V3_EXT_conf 1176 EXIST::FUNCTION:
-X509V3_EXT_conf_nid 1177 EXIST::FUNCTION:
-X509V3_EXT_get 1178 EXIST::FUNCTION:
-X509V3_EXT_get_nid 1179 EXIST::FUNCTION:
-X509V3_EXT_print 1180 EXIST::FUNCTION:
-X509V3_EXT_print_fp 1181 EXIST::FUNCTION:
-X509V3_add_standard_extensions 1182 EXIST::FUNCTION:
-X509V3_add_value 1183 EXIST::FUNCTION:
-X509V3_add_value_bool 1184 EXIST::FUNCTION:
-X509V3_add_value_int 1185 EXIST::FUNCTION:
-X509V3_conf_free 1186 EXIST::FUNCTION:
-X509V3_get_value_bool 1187 EXIST::FUNCTION:
-X509V3_get_value_int 1188 EXIST::FUNCTION:
-X509V3_parse_list 1189 EXIST::FUNCTION:
-d2i_ASN1_GENERALIZEDTIME 1190 EXIST::FUNCTION:
-d2i_ASN1_TIME 1191 EXIST::FUNCTION:
-d2i_BASIC_CONSTRAINTS 1192 EXIST::FUNCTION:
-d2i_NETSCAPE_CERT_SEQUENCE 1193 EXIST::FUNCTION:
-d2i_ext_ku 1194 NOEXIST::FUNCTION:
-ext_ku_free 1195 NOEXIST::FUNCTION:
-ext_ku_new 1196 NOEXIST::FUNCTION:
-i2d_ASN1_GENERALIZEDTIME 1197 EXIST::FUNCTION:
-i2d_ASN1_TIME 1198 EXIST::FUNCTION:
-i2d_BASIC_CONSTRAINTS 1199 EXIST::FUNCTION:
-i2d_NETSCAPE_CERT_SEQUENCE 1200 EXIST::FUNCTION:
-i2d_ext_ku 1201 NOEXIST::FUNCTION:
-EVP_MD_CTX_copy 1202 EXIST::FUNCTION:
-i2d_ASN1_ENUMERATED 1203 EXIST::FUNCTION:
-d2i_ASN1_ENUMERATED 1204 EXIST::FUNCTION:
-ASN1_ENUMERATED_set 1205 EXIST::FUNCTION:
-ASN1_ENUMERATED_get 1206 EXIST::FUNCTION:
-BN_to_ASN1_ENUMERATED 1207 EXIST::FUNCTION:
-ASN1_ENUMERATED_to_BN 1208 EXIST::FUNCTION:
-i2a_ASN1_ENUMERATED 1209 EXIST::FUNCTION:BIO
-a2i_ASN1_ENUMERATED 1210 EXIST::FUNCTION:BIO
-i2d_GENERAL_NAME 1211 EXIST::FUNCTION:
-d2i_GENERAL_NAME 1212 EXIST::FUNCTION:
-GENERAL_NAME_new 1213 EXIST::FUNCTION:
-GENERAL_NAME_free 1214 EXIST::FUNCTION:
-GENERAL_NAMES_new 1215 EXIST::FUNCTION:
-GENERAL_NAMES_free 1216 EXIST::FUNCTION:
-d2i_GENERAL_NAMES 1217 EXIST::FUNCTION:
-i2d_GENERAL_NAMES 1218 EXIST::FUNCTION:
-i2v_GENERAL_NAMES 1219 EXIST::FUNCTION:
-i2s_ASN1_OCTET_STRING 1220 EXIST::FUNCTION:
-s2i_ASN1_OCTET_STRING 1221 EXIST::FUNCTION:
-X509V3_EXT_check_conf 1222 NOEXIST::FUNCTION:
-hex_to_string 1223 EXIST::FUNCTION:
-string_to_hex 1224 EXIST::FUNCTION:
-DES_ede3_cbcm_encrypt 1225 EXIST::FUNCTION:DES
-RSA_padding_add_PKCS1_OAEP 1226 EXIST::FUNCTION:RSA
-RSA_padding_check_PKCS1_OAEP 1227 EXIST::FUNCTION:RSA
-X509_CRL_print_fp 1228 EXIST::FUNCTION:FP_API
-X509_CRL_print 1229 EXIST::FUNCTION:BIO
-i2v_GENERAL_NAME 1230 EXIST::FUNCTION:
-v2i_GENERAL_NAME 1231 EXIST::FUNCTION:
-i2d_PKEY_USAGE_PERIOD 1232 EXIST::FUNCTION:
-d2i_PKEY_USAGE_PERIOD 1233 EXIST::FUNCTION:
-PKEY_USAGE_PERIOD_new 1234 EXIST::FUNCTION:
-PKEY_USAGE_PERIOD_free 1235 EXIST::FUNCTION:
-v2i_GENERAL_NAMES 1236 EXIST::FUNCTION:
-i2s_ASN1_INTEGER 1237 EXIST::FUNCTION:
-X509V3_EXT_d2i 1238 EXIST::FUNCTION:
-name_cmp 1239 EXIST::FUNCTION:
-str_dup 1240 NOEXIST::FUNCTION:
-i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION:
-i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION:
-BIO_s_log 1243 EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION:
-BIO_f_reliable 1244 EXIST::FUNCTION:BIO
-PKCS7_dataFinal 1245 EXIST::FUNCTION:
-PKCS7_dataDecode 1246 EXIST::FUNCTION:
-X509V3_EXT_CRL_add_conf 1247 EXIST::FUNCTION:
-BN_set_params 1248 EXIST::FUNCTION:DEPRECATED
-BN_get_params 1249 EXIST::FUNCTION:DEPRECATED
-BIO_get_ex_num 1250 NOEXIST::FUNCTION:
-BIO_set_ex_free_func 1251 NOEXIST::FUNCTION:
-EVP_ripemd160 1252 EXIST::FUNCTION:RIPEMD
-ASN1_TIME_set 1253 EXIST::FUNCTION:
-i2d_AUTHORITY_KEYID 1254 EXIST::FUNCTION:
-d2i_AUTHORITY_KEYID 1255 EXIST::FUNCTION:
-AUTHORITY_KEYID_new 1256 EXIST::FUNCTION:
-AUTHORITY_KEYID_free 1257 EXIST::FUNCTION:
-ASN1_seq_unpack 1258 EXIST::FUNCTION:
-ASN1_seq_pack 1259 EXIST::FUNCTION:
-ASN1_unpack_string 1260 EXIST::FUNCTION:
-ASN1_pack_string 1261 EXIST::FUNCTION:
-PKCS12_pack_safebag 1262 NOEXIST::FUNCTION:
-PKCS12_MAKE_KEYBAG 1263 EXIST::FUNCTION:
-PKCS8_encrypt 1264 EXIST::FUNCTION:
-PKCS12_MAKE_SHKEYBAG 1265 EXIST::FUNCTION:
-PKCS12_pack_p7data 1266 EXIST::FUNCTION:
-PKCS12_pack_p7encdata 1267 EXIST::FUNCTION:
-PKCS12_add_localkeyid 1268 EXIST::FUNCTION:
-PKCS12_add_friendlyname_asc 1269 EXIST::FUNCTION:
-PKCS12_add_friendlyname_uni 1270 EXIST::FUNCTION:
-PKCS12_get_friendlyname 1271 EXIST::FUNCTION:
-PKCS12_pbe_crypt 1272 EXIST::FUNCTION:
-PKCS12_decrypt_d2i 1273 NOEXIST::FUNCTION:
-PKCS12_i2d_encrypt 1274 NOEXIST::FUNCTION:
-PKCS12_init 1275 EXIST::FUNCTION:
-PKCS12_key_gen_asc 1276 EXIST::FUNCTION:
-PKCS12_key_gen_uni 1277 EXIST::FUNCTION:
-PKCS12_gen_mac 1278 EXIST::FUNCTION:
-PKCS12_verify_mac 1279 EXIST::FUNCTION:
-PKCS12_set_mac 1280 EXIST::FUNCTION:
-PKCS12_setup_mac 1281 EXIST::FUNCTION:
-asc2uni 1282 EXIST:!NETWARE:FUNCTION:
-uni2asc 1283 EXIST:!NETWARE:FUNCTION:
-i2d_PKCS12_BAGS 1284 EXIST::FUNCTION:
-PKCS12_BAGS_new 1285 EXIST::FUNCTION:
-d2i_PKCS12_BAGS 1286 EXIST::FUNCTION:
-PKCS12_BAGS_free 1287 EXIST::FUNCTION:
-i2d_PKCS12 1288 EXIST::FUNCTION:
-d2i_PKCS12 1289 EXIST::FUNCTION:
-PKCS12_new 1290 EXIST::FUNCTION:
-PKCS12_free 1291 EXIST::FUNCTION:
-i2d_PKCS12_MAC_DATA 1292 EXIST::FUNCTION:
-PKCS12_MAC_DATA_new 1293 EXIST::FUNCTION:
-d2i_PKCS12_MAC_DATA 1294 EXIST::FUNCTION:
-PKCS12_MAC_DATA_free 1295 EXIST::FUNCTION:
-i2d_PKCS12_SAFEBAG 1296 EXIST::FUNCTION:
-PKCS12_SAFEBAG_new 1297 EXIST::FUNCTION:
-d2i_PKCS12_SAFEBAG 1298 EXIST::FUNCTION:
-PKCS12_SAFEBAG_free 1299 EXIST::FUNCTION:
-ERR_load_PKCS12_strings 1300 EXIST::FUNCTION:
-PKCS12_PBE_add 1301 EXIST::FUNCTION:
-PKCS8_add_keyusage 1302 EXIST::FUNCTION:
-PKCS12_get_attr_gen 1303 EXIST::FUNCTION:
-PKCS12_parse 1304 EXIST::FUNCTION:
-PKCS12_create 1305 EXIST::FUNCTION:
-i2d_PKCS12_bio 1306 EXIST::FUNCTION:
-i2d_PKCS12_fp 1307 EXIST::FUNCTION:
-d2i_PKCS12_bio 1308 EXIST::FUNCTION:
-d2i_PKCS12_fp 1309 EXIST::FUNCTION:
-i2d_PBEPARAM 1310 EXIST::FUNCTION:
-PBEPARAM_new 1311 EXIST::FUNCTION:
-d2i_PBEPARAM 1312 EXIST::FUNCTION:
-PBEPARAM_free 1313 EXIST::FUNCTION:
-i2d_PKCS8_PRIV_KEY_INFO 1314 EXIST::FUNCTION:
-PKCS8_PRIV_KEY_INFO_new 1315 EXIST::FUNCTION:
-d2i_PKCS8_PRIV_KEY_INFO 1316 EXIST::FUNCTION:
-PKCS8_PRIV_KEY_INFO_free 1317 EXIST::FUNCTION:
-EVP_PKCS82PKEY 1318 EXIST::FUNCTION:
-EVP_PKEY2PKCS8 1319 EXIST::FUNCTION:
-PKCS8_set_broken 1320 EXIST::FUNCTION:
-EVP_PBE_ALGOR_CipherInit 1321 NOEXIST::FUNCTION:
-EVP_PBE_alg_add 1322 EXIST::FUNCTION:
-PKCS5_pbe_set 1323 EXIST::FUNCTION:
-EVP_PBE_cleanup 1324 EXIST::FUNCTION:
-i2d_SXNET 1325 EXIST::FUNCTION:
-d2i_SXNET 1326 EXIST::FUNCTION:
-SXNET_new 1327 EXIST::FUNCTION:
-SXNET_free 1328 EXIST::FUNCTION:
-i2d_SXNETID 1329 EXIST::FUNCTION:
-d2i_SXNETID 1330 EXIST::FUNCTION:
-SXNETID_new 1331 EXIST::FUNCTION:
-SXNETID_free 1332 EXIST::FUNCTION:
-DSA_SIG_new 1333 EXIST::FUNCTION:DSA
-DSA_SIG_free 1334 EXIST::FUNCTION:DSA
-DSA_do_sign 1335 EXIST::FUNCTION:DSA
-DSA_do_verify 1336 EXIST::FUNCTION:DSA
-d2i_DSA_SIG 1337 EXIST::FUNCTION:DSA
-i2d_DSA_SIG 1338 EXIST::FUNCTION:DSA
-i2d_ASN1_VISIBLESTRING 1339 EXIST::FUNCTION:
-d2i_ASN1_VISIBLESTRING 1340 EXIST::FUNCTION:
-i2d_ASN1_UTF8STRING 1341 EXIST::FUNCTION:
-d2i_ASN1_UTF8STRING 1342 EXIST::FUNCTION:
-i2d_DIRECTORYSTRING 1343 EXIST::FUNCTION:
-d2i_DIRECTORYSTRING 1344 EXIST::FUNCTION:
-i2d_DISPLAYTEXT 1345 EXIST::FUNCTION:
-d2i_DISPLAYTEXT 1346 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509 1379 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509 1380 NOEXIST::FUNCTION:
-i2d_PBKDF2PARAM 1397 EXIST::FUNCTION:
-PBKDF2PARAM_new 1398 EXIST::FUNCTION:
-d2i_PBKDF2PARAM 1399 EXIST::FUNCTION:
-PBKDF2PARAM_free 1400 EXIST::FUNCTION:
-i2d_PBE2PARAM 1401 EXIST::FUNCTION:
-PBE2PARAM_new 1402 EXIST::FUNCTION:
-d2i_PBE2PARAM 1403 EXIST::FUNCTION:
-PBE2PARAM_free 1404 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_GENERAL_NAME 1421 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_GENERAL_NAME 1422 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_SXNETID 1439 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_SXNETID 1440 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_POLICYQUALINFO 1457 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_POLICYQUALINFO 1458 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_POLICYINFO 1475 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_POLICYINFO 1476 NOEXIST::FUNCTION:
-SXNET_add_id_asc 1477 EXIST::FUNCTION:
-SXNET_add_id_ulong 1478 EXIST::FUNCTION:
-SXNET_add_id_INTEGER 1479 EXIST::FUNCTION:
-SXNET_get_id_asc 1480 EXIST::FUNCTION:
-SXNET_get_id_ulong 1481 EXIST::FUNCTION:
-SXNET_get_id_INTEGER 1482 EXIST::FUNCTION:
-X509V3_set_conf_lhash 1483 EXIST::FUNCTION:
-i2d_CERTIFICATEPOLICIES 1484 EXIST::FUNCTION:
-CERTIFICATEPOLICIES_new 1485 EXIST::FUNCTION:
-CERTIFICATEPOLICIES_free 1486 EXIST::FUNCTION:
-d2i_CERTIFICATEPOLICIES 1487 EXIST::FUNCTION:
-i2d_POLICYINFO 1488 EXIST::FUNCTION:
-POLICYINFO_new 1489 EXIST::FUNCTION:
-d2i_POLICYINFO 1490 EXIST::FUNCTION:
-POLICYINFO_free 1491 EXIST::FUNCTION:
-i2d_POLICYQUALINFO 1492 EXIST::FUNCTION:
-POLICYQUALINFO_new 1493 EXIST::FUNCTION:
-d2i_POLICYQUALINFO 1494 EXIST::FUNCTION:
-POLICYQUALINFO_free 1495 EXIST::FUNCTION:
-i2d_USERNOTICE 1496 EXIST::FUNCTION:
-USERNOTICE_new 1497 EXIST::FUNCTION:
-d2i_USERNOTICE 1498 EXIST::FUNCTION:
-USERNOTICE_free 1499 EXIST::FUNCTION:
-i2d_NOTICEREF 1500 EXIST::FUNCTION:
-NOTICEREF_new 1501 EXIST::FUNCTION:
-d2i_NOTICEREF 1502 EXIST::FUNCTION:
-NOTICEREF_free 1503 EXIST::FUNCTION:
-X509V3_get_string 1504 EXIST::FUNCTION:
-X509V3_get_section 1505 EXIST::FUNCTION:
-X509V3_string_free 1506 EXIST::FUNCTION:
-X509V3_section_free 1507 EXIST::FUNCTION:
-X509V3_set_ctx 1508 EXIST::FUNCTION:
-s2i_ASN1_INTEGER 1509 EXIST::FUNCTION:
-CRYPTO_set_locked_mem_functions 1510 EXIST::FUNCTION:
-CRYPTO_get_locked_mem_functions 1511 EXIST::FUNCTION:
-CRYPTO_malloc_locked 1512 EXIST::FUNCTION:
-CRYPTO_free_locked 1513 EXIST::FUNCTION:
-BN_mod_exp2_mont 1514 EXIST::FUNCTION:
-ERR_get_error_line_data 1515 EXIST::FUNCTION:
-ERR_peek_error_line_data 1516 EXIST::FUNCTION:
-PKCS12_PBE_keyivgen 1517 EXIST::FUNCTION:
-X509_ALGOR_dup 1518 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_DIST_POINT 1535 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_DIST_POINT 1536 NOEXIST::FUNCTION:
-i2d_CRL_DIST_POINTS 1537 EXIST::FUNCTION:
-CRL_DIST_POINTS_new 1538 EXIST::FUNCTION:
-CRL_DIST_POINTS_free 1539 EXIST::FUNCTION:
-d2i_CRL_DIST_POINTS 1540 EXIST::FUNCTION:
-i2d_DIST_POINT 1541 EXIST::FUNCTION:
-DIST_POINT_new 1542 EXIST::FUNCTION:
-d2i_DIST_POINT 1543 EXIST::FUNCTION:
-DIST_POINT_free 1544 EXIST::FUNCTION:
-i2d_DIST_POINT_NAME 1545 EXIST::FUNCTION:
-DIST_POINT_NAME_new 1546 EXIST::FUNCTION:
-DIST_POINT_NAME_free 1547 EXIST::FUNCTION:
-d2i_DIST_POINT_NAME 1548 EXIST::FUNCTION:
-X509V3_add_value_uchar 1549 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_ATTRIBUTE 1555 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_ASN1_TYPE 1560 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_EXTENSION 1567 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_NAME_ENTRY 1574 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_ASN1_TYPE 1589 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_ATTRIBUTE 1615 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_EXTENSION 1624 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_NAME_ENTRY 1633 NOEXIST::FUNCTION:
-X509V3_EXT_i2d 1646 EXIST::FUNCTION:
-X509V3_EXT_val_prn 1647 EXIST::FUNCTION:
-X509V3_EXT_add_list 1648 EXIST::FUNCTION:
-EVP_CIPHER_type 1649 EXIST::FUNCTION:
-EVP_PBE_CipherInit 1650 EXIST::FUNCTION:
-X509V3_add_value_bool_nf 1651 EXIST::FUNCTION:
-d2i_ASN1_UINTEGER 1652 EXIST::FUNCTION:
-sk_value 1653 EXIST::FUNCTION:
-sk_num 1654 EXIST::FUNCTION:
-sk_set 1655 EXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_REVOKED 1661 NOEXIST::FUNCTION:
-sk_sort 1671 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_REVOKED 1674 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_ALGOR 1682 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_CRL 1685 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_ALGOR 1696 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_CRL 1702 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO 1723 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_PKCS7_RECIP_INFO 1738 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO 1748 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_PKCS7_RECIP_INFO 1753 NOEXIST::FUNCTION:
-PKCS5_PBE_add 1775 EXIST::FUNCTION:
-PEM_write_bio_PKCS8 1776 EXIST::FUNCTION:
-i2d_PKCS8_fp 1777 EXIST::FUNCTION:FP_API
-PEM_read_bio_PKCS8_PRIV_KEY_INFO 1778 EXIST:!VMS:FUNCTION:
-PEM_read_bio_P8_PRIV_KEY_INFO 1778 EXIST:VMS:FUNCTION:
-d2i_PKCS8_bio 1779 EXIST::FUNCTION:BIO
-d2i_PKCS8_PRIV_KEY_INFO_fp 1780 EXIST::FUNCTION:FP_API
-PEM_write_bio_PKCS8_PRIV_KEY_INFO 1781 EXIST:!VMS:FUNCTION:
-PEM_write_bio_P8_PRIV_KEY_INFO 1781 EXIST:VMS:FUNCTION:
-PEM_read_PKCS8 1782 EXIST:!WIN16:FUNCTION:
-d2i_PKCS8_PRIV_KEY_INFO_bio 1783 EXIST::FUNCTION:BIO
-d2i_PKCS8_fp 1784 EXIST::FUNCTION:FP_API
-PEM_write_PKCS8 1785 EXIST:!WIN16:FUNCTION:
-PEM_read_PKCS8_PRIV_KEY_INFO 1786 EXIST:!VMS,!WIN16:FUNCTION:
-PEM_read_P8_PRIV_KEY_INFO 1786 EXIST:VMS:FUNCTION:
-PEM_read_bio_PKCS8 1787 EXIST::FUNCTION:
-PEM_write_PKCS8_PRIV_KEY_INFO 1788 EXIST:!VMS,!WIN16:FUNCTION:
-PEM_write_P8_PRIV_KEY_INFO 1788 EXIST:VMS:FUNCTION:
-PKCS5_PBE_keyivgen 1789 EXIST::FUNCTION:
-i2d_PKCS8_bio 1790 EXIST::FUNCTION:BIO
-i2d_PKCS8_PRIV_KEY_INFO_fp 1791 EXIST::FUNCTION:FP_API
-i2d_PKCS8_PRIV_KEY_INFO_bio 1792 EXIST::FUNCTION:BIO
-BIO_s_bio 1793 EXIST::FUNCTION:
-PKCS5_pbe2_set 1794 EXIST::FUNCTION:
-PKCS5_PBKDF2_HMAC_SHA1 1795 EXIST::FUNCTION:
-PKCS5_v2_PBE_keyivgen 1796 EXIST::FUNCTION:
-PEM_write_bio_PKCS8PrivateKey 1797 EXIST::FUNCTION:
-PEM_write_PKCS8PrivateKey 1798 EXIST::FUNCTION:
-BIO_ctrl_get_read_request 1799 EXIST::FUNCTION:
-BIO_ctrl_pending 1800 EXIST::FUNCTION:
-BIO_ctrl_wpending 1801 EXIST::FUNCTION:
-BIO_new_bio_pair 1802 EXIST::FUNCTION:
-BIO_ctrl_get_write_guarantee 1803 EXIST::FUNCTION:
-CRYPTO_num_locks 1804 EXIST::FUNCTION:
-CONF_load_bio 1805 EXIST::FUNCTION:
-CONF_load_fp 1806 EXIST::FUNCTION:FP_API
-i2d_ASN1_SET_OF_ASN1_OBJECT 1837 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_ASN1_OBJECT 1844 NOEXIST::FUNCTION:
-PKCS7_signatureVerify 1845 EXIST::FUNCTION:
-RSA_set_method 1846 EXIST::FUNCTION:RSA
-RSA_get_method 1847 EXIST::FUNCTION:RSA
-RSA_get_default_method 1848 EXIST::FUNCTION:RSA
-RSA_check_key 1869 EXIST::FUNCTION:RSA
-OBJ_obj2txt 1870 EXIST::FUNCTION:
-DSA_dup_DH 1871 EXIST::FUNCTION:DH,DSA
-X509_REQ_get_extensions 1872 EXIST::FUNCTION:
-X509_REQ_set_extension_nids 1873 EXIST::FUNCTION:
-BIO_nwrite 1874 EXIST::FUNCTION:
-X509_REQ_extension_nid 1875 EXIST::FUNCTION:
-BIO_nread 1876 EXIST::FUNCTION:
-X509_REQ_get_extension_nids 1877 EXIST::FUNCTION:
-BIO_nwrite0 1878 EXIST::FUNCTION:
-X509_REQ_add_extensions_nid 1879 EXIST::FUNCTION:
-BIO_nread0 1880 EXIST::FUNCTION:
-X509_REQ_add_extensions 1881 EXIST::FUNCTION:
-BIO_new_mem_buf 1882 EXIST::FUNCTION:
-DH_set_ex_data 1883 EXIST::FUNCTION:DH
-DH_set_method 1884 EXIST::FUNCTION:DH
-DSA_OpenSSL 1885 EXIST::FUNCTION:DSA
-DH_get_ex_data 1886 EXIST::FUNCTION:DH
-DH_get_ex_new_index 1887 EXIST::FUNCTION:DH
-DSA_new_method 1888 EXIST::FUNCTION:DSA
-DH_new_method 1889 EXIST::FUNCTION:DH
-DH_OpenSSL 1890 EXIST::FUNCTION:DH
-DSA_get_ex_new_index 1891 EXIST::FUNCTION:DSA
-DH_get_default_method 1892 EXIST::FUNCTION:DH
-DSA_set_ex_data 1893 EXIST::FUNCTION:DSA
-DH_set_default_method 1894 EXIST::FUNCTION:DH
-DSA_get_ex_data 1895 EXIST::FUNCTION:DSA
-X509V3_EXT_REQ_add_conf 1896 EXIST::FUNCTION:
-NETSCAPE_SPKI_print 1897 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_set_pubkey 1898 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_b64_encode 1899 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_get_pubkey 1900 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_b64_decode 1901 EXIST::FUNCTION:EVP
-UTF8_putc 1902 EXIST::FUNCTION:
-UTF8_getc 1903 EXIST::FUNCTION:
-RSA_null_method 1904 EXIST::FUNCTION:RSA
-ASN1_tag2str 1905 EXIST::FUNCTION:
-BIO_ctrl_reset_read_request 1906 EXIST::FUNCTION:
-DISPLAYTEXT_new 1907 EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_free 1908 EXIST::FUNCTION:
-X509_REVOKED_get_ext_d2i 1909 EXIST::FUNCTION:
-X509_set_ex_data 1910 EXIST::FUNCTION:
-X509_reject_set_bit_asc 1911 NOEXIST::FUNCTION:
-X509_NAME_add_entry_by_txt 1912 EXIST::FUNCTION:
-X509_NAME_add_entry_by_NID 1914 EXIST::FUNCTION:
-X509_PURPOSE_get0 1915 EXIST::FUNCTION:
-PEM_read_X509_AUX 1917 EXIST:!WIN16:FUNCTION:
-d2i_AUTHORITY_INFO_ACCESS 1918 EXIST::FUNCTION:
-PEM_write_PUBKEY 1921 EXIST:!WIN16:FUNCTION:
-ACCESS_DESCRIPTION_new 1925 EXIST::FUNCTION:
-X509_CERT_AUX_free 1926 EXIST::FUNCTION:
-d2i_ACCESS_DESCRIPTION 1927 EXIST::FUNCTION:
-X509_trust_clear 1928 EXIST::FUNCTION:
-X509_TRUST_add 1931 EXIST::FUNCTION:
-ASN1_VISIBLESTRING_new 1932 EXIST::FUNCTION:
-X509_alias_set1 1933 EXIST::FUNCTION:
-ASN1_PRINTABLESTRING_free 1934 EXIST::FUNCTION:
-EVP_PKEY_get1_DSA 1935 EXIST::FUNCTION:DSA
-ASN1_BMPSTRING_new 1936 EXIST::FUNCTION:
-ASN1_mbstring_copy 1937 EXIST::FUNCTION:
-ASN1_UTF8STRING_new 1938 EXIST::FUNCTION:
-DSA_get_default_method 1941 EXIST::FUNCTION:DSA
-i2d_ASN1_SET_OF_ACCESS_DESCRIPTION 1945 NOEXIST::FUNCTION:
-ASN1_T61STRING_free 1946 EXIST::FUNCTION:
-DSA_set_method 1949 EXIST::FUNCTION:DSA
-X509_get_ex_data 1950 EXIST::FUNCTION:
-ASN1_STRING_type 1951 EXIST::FUNCTION:
-X509_PURPOSE_get_by_sname 1952 EXIST::FUNCTION:
-ASN1_TIME_free 1954 EXIST::FUNCTION:
-ASN1_OCTET_STRING_cmp 1955 EXIST::FUNCTION:
-ASN1_BIT_STRING_new 1957 EXIST::FUNCTION:
-X509_get_ext_d2i 1958 EXIST::FUNCTION:
-PEM_read_bio_X509_AUX 1959 EXIST::FUNCTION:
-ASN1_STRING_set_default_mask_asc 1960 EXIST:!VMS:FUNCTION:
-ASN1_STRING_set_def_mask_asc 1960 EXIST:VMS:FUNCTION:
-PEM_write_bio_RSA_PUBKEY 1961 EXIST::FUNCTION:RSA
-ASN1_INTEGER_cmp 1963 EXIST::FUNCTION:
-d2i_RSA_PUBKEY_fp 1964 EXIST::FUNCTION:FP_API,RSA
-X509_trust_set_bit_asc 1967 NOEXIST::FUNCTION:
-PEM_write_bio_DSA_PUBKEY 1968 EXIST::FUNCTION:DSA
-X509_STORE_CTX_free 1969 EXIST::FUNCTION:
-EVP_PKEY_set1_DSA 1970 EXIST::FUNCTION:DSA
-i2d_DSA_PUBKEY_fp 1971 EXIST::FUNCTION:DSA,FP_API
-X509_load_cert_crl_file 1972 EXIST::FUNCTION:STDIO
-ASN1_TIME_new 1973 EXIST::FUNCTION:
-i2d_RSA_PUBKEY 1974 EXIST::FUNCTION:RSA
-X509_STORE_CTX_purpose_inherit 1976 EXIST::FUNCTION:
-PEM_read_RSA_PUBKEY 1977 EXIST:!WIN16:FUNCTION:RSA
-d2i_X509_AUX 1980 EXIST::FUNCTION:
-i2d_DSA_PUBKEY 1981 EXIST::FUNCTION:DSA
-X509_CERT_AUX_print 1982 EXIST::FUNCTION:BIO
-PEM_read_DSA_PUBKEY 1984 EXIST:!WIN16:FUNCTION:DSA
-i2d_RSA_PUBKEY_bio 1985 EXIST::FUNCTION:BIO,RSA
-ASN1_BIT_STRING_num_asc 1986 EXIST::FUNCTION:
-i2d_PUBKEY 1987 EXIST::FUNCTION:
-ASN1_UTCTIME_free 1988 EXIST::FUNCTION:
-DSA_set_default_method 1989 EXIST::FUNCTION:DSA
-X509_PURPOSE_get_by_id 1990 EXIST::FUNCTION:
-ACCESS_DESCRIPTION_free 1994 EXIST::FUNCTION:
-PEM_read_bio_PUBKEY 1995 EXIST::FUNCTION:
-ASN1_STRING_set_by_NID 1996 EXIST::FUNCTION:
-X509_PURPOSE_get_id 1997 EXIST::FUNCTION:
-DISPLAYTEXT_free 1998 EXIST::FUNCTION:
-OTHERNAME_new 1999 EXIST::FUNCTION:
-X509_CERT_AUX_new 2001 EXIST::FUNCTION:
-X509_TRUST_cleanup 2007 EXIST::FUNCTION:
-X509_NAME_add_entry_by_OBJ 2008 EXIST::FUNCTION:
-X509_CRL_get_ext_d2i 2009 EXIST::FUNCTION:
-X509_PURPOSE_get0_name 2011 EXIST::FUNCTION:
-PEM_read_PUBKEY 2012 EXIST:!WIN16:FUNCTION:
-i2d_DSA_PUBKEY_bio 2014 EXIST::FUNCTION:BIO,DSA
-i2d_OTHERNAME 2015 EXIST::FUNCTION:
-ASN1_OCTET_STRING_free 2016 EXIST::FUNCTION:
-ASN1_BIT_STRING_set_asc 2017 EXIST::FUNCTION:
-X509_get_ex_new_index 2019 EXIST::FUNCTION:
-ASN1_STRING_TABLE_cleanup 2020 EXIST::FUNCTION:
-X509_TRUST_get_by_id 2021 EXIST::FUNCTION:
-X509_PURPOSE_get_trust 2022 EXIST::FUNCTION:
-ASN1_STRING_length 2023 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_ACCESS_DESCRIPTION 2024 NOEXIST::FUNCTION:
-ASN1_PRINTABLESTRING_new 2025 EXIST::FUNCTION:
-X509V3_get_d2i 2026 EXIST::FUNCTION:
-ASN1_ENUMERATED_free 2027 EXIST::FUNCTION:
-i2d_X509_CERT_AUX 2028 EXIST::FUNCTION:
-X509_STORE_CTX_set_trust 2030 EXIST::FUNCTION:
-ASN1_STRING_set_default_mask 2032 EXIST::FUNCTION:
-X509_STORE_CTX_new 2033 EXIST::FUNCTION:
-EVP_PKEY_get1_RSA 2034 EXIST::FUNCTION:RSA
-DIRECTORYSTRING_free 2038 EXIST::FUNCTION:
-PEM_write_X509_AUX 2039 EXIST:!WIN16:FUNCTION:
-ASN1_OCTET_STRING_set 2040 EXIST::FUNCTION:
-d2i_DSA_PUBKEY_fp 2041 EXIST::FUNCTION:DSA,FP_API
-d2i_RSA_PUBKEY 2044 EXIST::FUNCTION:RSA
-X509_TRUST_get0_name 2046 EXIST::FUNCTION:
-X509_TRUST_get0 2047 EXIST::FUNCTION:
-AUTHORITY_INFO_ACCESS_free 2048 EXIST::FUNCTION:
-ASN1_IA5STRING_new 2049 EXIST::FUNCTION:
-d2i_DSA_PUBKEY 2050 EXIST::FUNCTION:DSA
-X509_check_purpose 2051 EXIST::FUNCTION:
-ASN1_ENUMERATED_new 2052 EXIST::FUNCTION:
-d2i_RSA_PUBKEY_bio 2053 EXIST::FUNCTION:BIO,RSA
-d2i_PUBKEY 2054 EXIST::FUNCTION:
-X509_TRUST_get_trust 2055 EXIST::FUNCTION:
-X509_TRUST_get_flags 2056 EXIST::FUNCTION:
-ASN1_BMPSTRING_free 2057 EXIST::FUNCTION:
-ASN1_T61STRING_new 2058 EXIST::FUNCTION:
-ASN1_UTCTIME_new 2060 EXIST::FUNCTION:
-i2d_AUTHORITY_INFO_ACCESS 2062 EXIST::FUNCTION:
-EVP_PKEY_set1_RSA 2063 EXIST::FUNCTION:RSA
-X509_STORE_CTX_set_purpose 2064 EXIST::FUNCTION:
-ASN1_IA5STRING_free 2065 EXIST::FUNCTION:
-PEM_write_bio_X509_AUX 2066 EXIST::FUNCTION:
-X509_PURPOSE_get_count 2067 EXIST::FUNCTION:
-CRYPTO_add_info 2068 NOEXIST::FUNCTION:
-X509_NAME_ENTRY_create_by_txt 2071 EXIST::FUNCTION:
-ASN1_STRING_get_default_mask 2072 EXIST::FUNCTION:
-X509_alias_get0 2074 EXIST::FUNCTION:
-ASN1_STRING_data 2075 EXIST::FUNCTION:
-i2d_ACCESS_DESCRIPTION 2077 EXIST::FUNCTION:
-X509_trust_set_bit 2078 NOEXIST::FUNCTION:
-ASN1_BIT_STRING_free 2080 EXIST::FUNCTION:
-PEM_read_bio_RSA_PUBKEY 2081 EXIST::FUNCTION:RSA
-X509_add1_reject_object 2082 EXIST::FUNCTION:
-X509_check_trust 2083 EXIST::FUNCTION:
-PEM_read_bio_DSA_PUBKEY 2088 EXIST::FUNCTION:DSA
-X509_PURPOSE_add 2090 EXIST::FUNCTION:
-ASN1_STRING_TABLE_get 2091 EXIST::FUNCTION:
-ASN1_UTF8STRING_free 2092 EXIST::FUNCTION:
-d2i_DSA_PUBKEY_bio 2093 EXIST::FUNCTION:BIO,DSA
-PEM_write_RSA_PUBKEY 2095 EXIST:!WIN16:FUNCTION:RSA
-d2i_OTHERNAME 2096 EXIST::FUNCTION:
-X509_reject_set_bit 2098 NOEXIST::FUNCTION:
-PEM_write_DSA_PUBKEY 2101 EXIST:!WIN16:FUNCTION:DSA
-X509_PURPOSE_get0_sname 2105 EXIST::FUNCTION:
-EVP_PKEY_set1_DH 2107 EXIST::FUNCTION:DH
-ASN1_OCTET_STRING_dup 2108 EXIST::FUNCTION:
-ASN1_BIT_STRING_set 2109 EXIST::FUNCTION:
-X509_TRUST_get_count 2110 EXIST::FUNCTION:
-ASN1_INTEGER_free 2111 EXIST::FUNCTION:
-OTHERNAME_free 2112 EXIST::FUNCTION:
-i2d_RSA_PUBKEY_fp 2113 EXIST::FUNCTION:FP_API,RSA
-ASN1_INTEGER_dup 2114 EXIST::FUNCTION:
-d2i_X509_CERT_AUX 2115 EXIST::FUNCTION:
-PEM_write_bio_PUBKEY 2117 EXIST::FUNCTION:
-ASN1_VISIBLESTRING_free 2118 EXIST::FUNCTION:
-X509_PURPOSE_cleanup 2119 EXIST::FUNCTION:
-ASN1_mbstring_ncopy 2123 EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_new 2126 EXIST::FUNCTION:
-EVP_PKEY_get1_DH 2128 EXIST::FUNCTION:DH
-ASN1_OCTET_STRING_new 2130 EXIST::FUNCTION:
-ASN1_INTEGER_new 2131 EXIST::FUNCTION:
-i2d_X509_AUX 2132 EXIST::FUNCTION:
-ASN1_BIT_STRING_name_print 2134 EXIST::FUNCTION:BIO
-X509_cmp 2135 EXIST::FUNCTION:
-ASN1_STRING_length_set 2136 EXIST::FUNCTION:
-DIRECTORYSTRING_new 2137 EXIST::FUNCTION:
-X509_add1_trust_object 2140 EXIST::FUNCTION:
-PKCS12_newpass 2141 EXIST::FUNCTION:
-SMIME_write_PKCS7 2142 EXIST::FUNCTION:
-SMIME_read_PKCS7 2143 EXIST::FUNCTION:
-DES_set_key_checked 2144 EXIST::FUNCTION:DES
-PKCS7_verify 2145 EXIST::FUNCTION:
-PKCS7_encrypt 2146 EXIST::FUNCTION:
-DES_set_key_unchecked 2147 EXIST::FUNCTION:DES
-SMIME_crlf_copy 2148 EXIST::FUNCTION:
-i2d_ASN1_PRINTABLESTRING 2149 EXIST::FUNCTION:
-PKCS7_get0_signers 2150 EXIST::FUNCTION:
-PKCS7_decrypt 2151 EXIST::FUNCTION:
-SMIME_text 2152 EXIST::FUNCTION:
-PKCS7_simple_smimecap 2153 EXIST::FUNCTION:
-PKCS7_get_smimecap 2154 EXIST::FUNCTION:
-PKCS7_sign 2155 EXIST::FUNCTION:
-PKCS7_add_attrib_smimecap 2156 EXIST::FUNCTION:
-CRYPTO_dbg_set_options 2157 EXIST::FUNCTION:
-CRYPTO_remove_all_info 2158 EXIST::FUNCTION:
-CRYPTO_get_mem_debug_functions 2159 EXIST::FUNCTION:
-CRYPTO_is_mem_check_on 2160 EXIST::FUNCTION:
-CRYPTO_set_mem_debug_functions 2161 EXIST::FUNCTION:
-CRYPTO_pop_info 2162 EXIST::FUNCTION:
-CRYPTO_push_info_ 2163 EXIST::FUNCTION:
-CRYPTO_set_mem_debug_options 2164 EXIST::FUNCTION:
-PEM_write_PKCS8PrivateKey_nid 2165 EXIST::FUNCTION:
-PEM_write_bio_PKCS8PrivateKey_nid 2166 EXIST:!VMS:FUNCTION:
-PEM_write_bio_PKCS8PrivKey_nid 2166 EXIST:VMS:FUNCTION:
-d2i_PKCS8PrivateKey_bio 2167 EXIST::FUNCTION:
-ASN1_NULL_free 2168 EXIST::FUNCTION:
-d2i_ASN1_NULL 2169 EXIST::FUNCTION:
-ASN1_NULL_new 2170 EXIST::FUNCTION:
-i2d_PKCS8PrivateKey_bio 2171 EXIST::FUNCTION:
-i2d_PKCS8PrivateKey_fp 2172 EXIST::FUNCTION:
-i2d_ASN1_NULL 2173 EXIST::FUNCTION:
-i2d_PKCS8PrivateKey_nid_fp 2174 EXIST::FUNCTION:
-d2i_PKCS8PrivateKey_fp 2175 EXIST::FUNCTION:
-i2d_PKCS8PrivateKey_nid_bio 2176 EXIST::FUNCTION:
-i2d_PKCS8PrivateKeyInfo_fp 2177 EXIST::FUNCTION:FP_API
-i2d_PKCS8PrivateKeyInfo_bio 2178 EXIST::FUNCTION:BIO
-PEM_cb 2179 NOEXIST::FUNCTION:
-i2d_PrivateKey_fp 2180 EXIST::FUNCTION:FP_API
-d2i_PrivateKey_bio 2181 EXIST::FUNCTION:BIO
-d2i_PrivateKey_fp 2182 EXIST::FUNCTION:FP_API
-i2d_PrivateKey_bio 2183 EXIST::FUNCTION:BIO
-X509_reject_clear 2184 EXIST::FUNCTION:
-X509_TRUST_set_default 2185 EXIST::FUNCTION:
-d2i_AutoPrivateKey 2186 EXIST::FUNCTION:
-X509_ATTRIBUTE_get0_type 2187 EXIST::FUNCTION:
-X509_ATTRIBUTE_set1_data 2188 EXIST::FUNCTION:
-X509at_get_attr 2189 EXIST::FUNCTION:
-X509at_get_attr_count 2190 EXIST::FUNCTION:
-X509_ATTRIBUTE_create_by_NID 2191 EXIST::FUNCTION:
-X509_ATTRIBUTE_set1_object 2192 EXIST::FUNCTION:
-X509_ATTRIBUTE_count 2193 EXIST::FUNCTION:
-X509_ATTRIBUTE_create_by_OBJ 2194 EXIST::FUNCTION:
-X509_ATTRIBUTE_get0_object 2195 EXIST::FUNCTION:
-X509at_get_attr_by_NID 2196 EXIST::FUNCTION:
-X509at_add1_attr 2197 EXIST::FUNCTION:
-X509_ATTRIBUTE_get0_data 2198 EXIST::FUNCTION:
-X509at_delete_attr 2199 EXIST::FUNCTION:
-X509at_get_attr_by_OBJ 2200 EXIST::FUNCTION:
-RAND_add 2201 EXIST::FUNCTION:
-BIO_number_written 2202 EXIST::FUNCTION:
-BIO_number_read 2203 EXIST::FUNCTION:
-X509_STORE_CTX_get1_chain 2204 EXIST::FUNCTION:
-ERR_load_RAND_strings 2205 EXIST::FUNCTION:
-RAND_pseudo_bytes 2206 EXIST::FUNCTION:
-X509_REQ_get_attr_by_NID 2207 EXIST::FUNCTION:
-X509_REQ_get_attr 2208 EXIST::FUNCTION:
-X509_REQ_add1_attr_by_NID 2209 EXIST::FUNCTION:
-X509_REQ_get_attr_by_OBJ 2210 EXIST::FUNCTION:
-X509at_add1_attr_by_NID 2211 EXIST::FUNCTION:
-X509_REQ_add1_attr_by_OBJ 2212 EXIST::FUNCTION:
-X509_REQ_get_attr_count 2213 EXIST::FUNCTION:
-X509_REQ_add1_attr 2214 EXIST::FUNCTION:
-X509_REQ_delete_attr 2215 EXIST::FUNCTION:
-X509at_add1_attr_by_OBJ 2216 EXIST::FUNCTION:
-X509_REQ_add1_attr_by_txt 2217 EXIST::FUNCTION:
-X509_ATTRIBUTE_create_by_txt 2218 EXIST::FUNCTION:
-X509at_add1_attr_by_txt 2219 EXIST::FUNCTION:
-BN_pseudo_rand 2239 EXIST::FUNCTION:
-BN_is_prime_fasttest 2240 EXIST::FUNCTION:DEPRECATED
-BN_CTX_end 2241 EXIST::FUNCTION:
-BN_CTX_start 2242 EXIST::FUNCTION:
-BN_CTX_get 2243 EXIST::FUNCTION:
-EVP_PKEY2PKCS8_broken 2244 EXIST::FUNCTION:
-ASN1_STRING_TABLE_add 2245 EXIST::FUNCTION:
-CRYPTO_dbg_get_options 2246 EXIST::FUNCTION:
-AUTHORITY_INFO_ACCESS_new 2247 EXIST::FUNCTION:
-CRYPTO_get_mem_debug_options 2248 EXIST::FUNCTION:
-DES_crypt 2249 EXIST::FUNCTION:DES
-PEM_write_bio_X509_REQ_NEW 2250 EXIST::FUNCTION:
-PEM_write_X509_REQ_NEW 2251 EXIST:!WIN16:FUNCTION:
-BIO_callback_ctrl 2252 EXIST::FUNCTION:
-RAND_egd 2253 EXIST::FUNCTION:
-RAND_status 2254 EXIST::FUNCTION:
-bn_dump1 2255 NOEXIST::FUNCTION:
-DES_check_key_parity 2256 EXIST::FUNCTION:DES
-lh_num_items 2257 EXIST::FUNCTION:
-RAND_event 2258 EXIST:WIN32:FUNCTION:
-DSO_new 2259 EXIST::FUNCTION:
-DSO_new_method 2260 EXIST::FUNCTION:
-DSO_free 2261 EXIST::FUNCTION:
-DSO_flags 2262 EXIST::FUNCTION:
-DSO_up 2263 NOEXIST::FUNCTION:
-DSO_set_default_method 2264 EXIST::FUNCTION:
-DSO_get_default_method 2265 EXIST::FUNCTION:
-DSO_get_method 2266 EXIST::FUNCTION:
-DSO_set_method 2267 EXIST::FUNCTION:
-DSO_load 2268 EXIST::FUNCTION:
-DSO_bind_var 2269 EXIST::FUNCTION:
-DSO_METHOD_null 2270 EXIST::FUNCTION:
-DSO_METHOD_openssl 2271 EXIST::FUNCTION:
-DSO_METHOD_dlfcn 2272 EXIST::FUNCTION:
-DSO_METHOD_win32 2273 EXIST::FUNCTION:
-ERR_load_DSO_strings 2274 EXIST::FUNCTION:
-DSO_METHOD_dl 2275 EXIST::FUNCTION:
-NCONF_load 2276 EXIST::FUNCTION:
-NCONF_load_fp 2278 EXIST::FUNCTION:FP_API
-NCONF_new 2279 EXIST::FUNCTION:
-NCONF_get_string 2280 EXIST::FUNCTION:
-NCONF_free 2281 EXIST::FUNCTION:
-NCONF_get_number 2282 NOEXIST::FUNCTION:
-CONF_dump_fp 2283 EXIST::FUNCTION:
-NCONF_load_bio 2284 EXIST::FUNCTION:
-NCONF_dump_fp 2285 EXIST::FUNCTION:
-NCONF_get_section 2286 EXIST::FUNCTION:
-NCONF_dump_bio 2287 EXIST::FUNCTION:
-CONF_dump_bio 2288 EXIST::FUNCTION:
-NCONF_free_data 2289 EXIST::FUNCTION:
-CONF_set_default_method 2290 EXIST::FUNCTION:
-ERR_error_string_n 2291 EXIST::FUNCTION:
-BIO_snprintf 2292 EXIST::FUNCTION:
-DSO_ctrl 2293 EXIST::FUNCTION:
-i2d_ASN1_SET_OF_ASN1_INTEGER 2317 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_PKCS12_SAFEBAG 2320 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_PKCS7 2328 NOEXIST::FUNCTION:
-BIO_vfree 2334 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_ASN1_INTEGER 2339 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_PKCS12_SAFEBAG 2341 NOEXIST::FUNCTION:
-ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION:
-X509_REQ_digest 2362 EXIST::FUNCTION:EVP
-X509_CRL_digest 2391 EXIST::FUNCTION:EVP
-d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION:
-EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION:
-EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION:
-BN_mod_exp_mont_word 2401 EXIST::FUNCTION:
-RAND_egd_bytes 2402 EXIST::FUNCTION:
-X509_REQ_get1_email 2403 EXIST::FUNCTION:
-X509_get1_email 2404 EXIST::FUNCTION:
-X509_email_free 2405 EXIST::FUNCTION:
-i2d_RSA_NET 2406 EXIST::FUNCTION:RC4,RSA
-d2i_RSA_NET_2 2407 NOEXIST::FUNCTION:
-d2i_RSA_NET 2408 EXIST::FUNCTION:RC4,RSA
-DSO_bind_func 2409 EXIST::FUNCTION:
-CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION:
-sk_new_null 2411 EXIST::FUNCTION:
-CRYPTO_set_dynlock_destroy_callback 2412 EXIST:!VMS:FUNCTION:
-CRYPTO_set_dynlock_destroy_cb 2412 EXIST:VMS:FUNCTION:
-CRYPTO_destroy_dynlockid 2413 EXIST::FUNCTION:
-CRYPTO_set_dynlock_size 2414 NOEXIST::FUNCTION:
-CRYPTO_set_dynlock_create_callback 2415 EXIST:!VMS:FUNCTION:
-CRYPTO_set_dynlock_create_cb 2415 EXIST:VMS:FUNCTION:
-CRYPTO_set_dynlock_lock_callback 2416 EXIST:!VMS:FUNCTION:
-CRYPTO_set_dynlock_lock_cb 2416 EXIST:VMS:FUNCTION:
-CRYPTO_get_dynlock_lock_callback 2417 EXIST:!VMS:FUNCTION:
-CRYPTO_get_dynlock_lock_cb 2417 EXIST:VMS:FUNCTION:
-CRYPTO_get_dynlock_destroy_callback 2418 EXIST:!VMS:FUNCTION:
-CRYPTO_get_dynlock_destroy_cb 2418 EXIST:VMS:FUNCTION:
-CRYPTO_get_dynlock_value 2419 EXIST::FUNCTION:
-CRYPTO_get_dynlock_create_callback 2420 EXIST:!VMS:FUNCTION:
-CRYPTO_get_dynlock_create_cb 2420 EXIST:VMS:FUNCTION:
-c2i_ASN1_BIT_STRING 2421 EXIST::FUNCTION:
-i2c_ASN1_BIT_STRING 2422 EXIST::FUNCTION:
-RAND_poll 2423 EXIST::FUNCTION:
-c2i_ASN1_INTEGER 2424 EXIST::FUNCTION:
-i2c_ASN1_INTEGER 2425 EXIST::FUNCTION:
-BIO_dump_indent 2426 EXIST::FUNCTION:
-ASN1_parse_dump 2427 EXIST::FUNCTION:BIO
-c2i_ASN1_OBJECT 2428 EXIST::FUNCTION:
-X509_NAME_print_ex_fp 2429 EXIST::FUNCTION:FP_API
-ASN1_STRING_print_ex_fp 2430 EXIST::FUNCTION:FP_API
-X509_NAME_print_ex 2431 EXIST::FUNCTION:BIO
-ASN1_STRING_print_ex 2432 EXIST::FUNCTION:BIO
-MD4 2433 EXIST::FUNCTION:MD4
-MD4_Transform 2434 EXIST::FUNCTION:MD4
-MD4_Final 2435 EXIST::FUNCTION:MD4
-MD4_Update 2436 EXIST::FUNCTION:MD4
-MD4_Init 2437 EXIST::FUNCTION:MD4
-EVP_md4 2438 EXIST::FUNCTION:MD4
-i2d_PUBKEY_bio 2439 EXIST::FUNCTION:BIO
-i2d_PUBKEY_fp 2440 EXIST::FUNCTION:FP_API
-d2i_PUBKEY_bio 2441 EXIST::FUNCTION:BIO
-ASN1_STRING_to_UTF8 2442 EXIST::FUNCTION:
-BIO_vprintf 2443 EXIST::FUNCTION:
-BIO_vsnprintf 2444 EXIST::FUNCTION:
-d2i_PUBKEY_fp 2445 EXIST::FUNCTION:FP_API
-X509_cmp_time 2446 EXIST::FUNCTION:
-X509_STORE_CTX_set_time 2447 EXIST::FUNCTION:
-X509_STORE_CTX_get1_issuer 2448 EXIST::FUNCTION:
-X509_OBJECT_retrieve_match 2449 EXIST::FUNCTION:
-X509_OBJECT_idx_by_subject 2450 EXIST::FUNCTION:
-X509_STORE_CTX_set_flags 2451 EXIST::FUNCTION:
-X509_STORE_CTX_trusted_stack 2452 EXIST::FUNCTION:
-X509_time_adj 2453 EXIST::FUNCTION:
-X509_check_issued 2454 EXIST::FUNCTION:
-ASN1_UTCTIME_cmp_time_t 2455 EXIST::FUNCTION:
-DES_set_weak_key_flag 2456 NOEXIST::FUNCTION:
-DES_check_key 2457 NOEXIST::FUNCTION:
-DES_rw_mode 2458 NOEXIST::FUNCTION:
-RSA_PKCS1_RSAref 2459 NOEXIST::FUNCTION:
-X509_keyid_set1 2460 EXIST::FUNCTION:
-BIO_next 2461 EXIST::FUNCTION:
-DSO_METHOD_vms 2462 EXIST::FUNCTION:
-BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION:
-BN_bntest_rand 2464 EXIST::FUNCTION:
-OPENSSL_issetugid 2465 EXIST::FUNCTION:
-BN_rand_range 2466 EXIST::FUNCTION:
-ERR_load_ENGINE_strings 2467 EXIST::FUNCTION:ENGINE
-ENGINE_set_DSA 2468 EXIST::FUNCTION:ENGINE
-ENGINE_get_finish_function 2469 EXIST::FUNCTION:ENGINE
-ENGINE_get_default_RSA 2470 EXIST::FUNCTION:ENGINE
-ENGINE_get_BN_mod_exp 2471 NOEXIST::FUNCTION:
-DSA_get_default_openssl_method 2472 NOEXIST::FUNCTION:
-ENGINE_set_DH 2473 EXIST::FUNCTION:ENGINE
-ENGINE_set_def_BN_mod_exp_crt 2474 NOEXIST::FUNCTION:
-ENGINE_set_default_BN_mod_exp_crt 2474 NOEXIST::FUNCTION:
-ENGINE_init 2475 EXIST::FUNCTION:ENGINE
-DH_get_default_openssl_method 2476 NOEXIST::FUNCTION:
-RSA_set_default_openssl_method 2477 NOEXIST::FUNCTION:
-ENGINE_finish 2478 EXIST::FUNCTION:ENGINE
-ENGINE_load_public_key 2479 EXIST::FUNCTION:ENGINE
-ENGINE_get_DH 2480 EXIST::FUNCTION:ENGINE
-ENGINE_ctrl 2481 EXIST::FUNCTION:ENGINE
-ENGINE_get_init_function 2482 EXIST::FUNCTION:ENGINE
-ENGINE_set_init_function 2483 EXIST::FUNCTION:ENGINE
-ENGINE_set_default_DSA 2484 EXIST::FUNCTION:ENGINE
-ENGINE_get_name 2485 EXIST::FUNCTION:ENGINE
-ENGINE_get_last 2486 EXIST::FUNCTION:ENGINE
-ENGINE_get_prev 2487 EXIST::FUNCTION:ENGINE
-ENGINE_get_default_DH 2488 EXIST::FUNCTION:ENGINE
-ENGINE_get_RSA 2489 EXIST::FUNCTION:ENGINE
-ENGINE_set_default 2490 EXIST::FUNCTION:ENGINE
-ENGINE_get_RAND 2491 EXIST::FUNCTION:ENGINE
-ENGINE_get_first 2492 EXIST::FUNCTION:ENGINE
-ENGINE_by_id 2493 EXIST::FUNCTION:ENGINE
-ENGINE_set_finish_function 2494 EXIST::FUNCTION:ENGINE
-ENGINE_get_def_BN_mod_exp_crt 2495 NOEXIST::FUNCTION:
-ENGINE_get_default_BN_mod_exp_crt 2495 NOEXIST::FUNCTION:
-RSA_get_default_openssl_method 2496 NOEXIST::FUNCTION:
-ENGINE_set_RSA 2497 EXIST::FUNCTION:ENGINE
-ENGINE_load_private_key 2498 EXIST::FUNCTION:ENGINE
-ENGINE_set_default_RAND 2499 EXIST::FUNCTION:ENGINE
-ENGINE_set_BN_mod_exp 2500 NOEXIST::FUNCTION:
-ENGINE_remove 2501 EXIST::FUNCTION:ENGINE
-ENGINE_free 2502 EXIST::FUNCTION:ENGINE
-ENGINE_get_BN_mod_exp_crt 2503 NOEXIST::FUNCTION:
-ENGINE_get_next 2504 EXIST::FUNCTION:ENGINE
-ENGINE_set_name 2505 EXIST::FUNCTION:ENGINE
-ENGINE_get_default_DSA 2506 EXIST::FUNCTION:ENGINE
-ENGINE_set_default_BN_mod_exp 2507 NOEXIST::FUNCTION:
-ENGINE_set_default_RSA 2508 EXIST::FUNCTION:ENGINE
-ENGINE_get_default_RAND 2509 EXIST::FUNCTION:ENGINE
-ENGINE_get_default_BN_mod_exp 2510 NOEXIST::FUNCTION:
-ENGINE_set_RAND 2511 EXIST::FUNCTION:ENGINE
-ENGINE_set_id 2512 EXIST::FUNCTION:ENGINE
-ENGINE_set_BN_mod_exp_crt 2513 NOEXIST::FUNCTION:
-ENGINE_set_default_DH 2514 EXIST::FUNCTION:ENGINE
-ENGINE_new 2515 EXIST::FUNCTION:ENGINE
-ENGINE_get_id 2516 EXIST::FUNCTION:ENGINE
-DSA_set_default_openssl_method 2517 NOEXIST::FUNCTION:
-ENGINE_add 2518 EXIST::FUNCTION:ENGINE
-DH_set_default_openssl_method 2519 NOEXIST::FUNCTION:
-ENGINE_get_DSA 2520 EXIST::FUNCTION:ENGINE
-ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:ENGINE
-ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:ENGINE
-BN_pseudo_rand_range 2523 EXIST::FUNCTION:
-X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION:
-ERR_load_COMP_strings 2525 EXIST::FUNCTION:
-PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION:
-ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_unregister_ciphers 2528 EXIST::FUNCTION:ENGINE
-ENGINE_get_ciphers 2529 EXIST::FUNCTION:ENGINE
-d2i_OCSP_BASICRESP 2530 EXIST::FUNCTION:
-KRB5_CHECKSUM_it 2531 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_CHECKSUM_it 2531 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_POINT_add 2532 EXIST::FUNCTION:EC
-ASN1_item_ex_i2d 2533 EXIST::FUNCTION:
-OCSP_CERTID_it 2534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_CERTID_it 2534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_RESPBYTES 2535 EXIST::FUNCTION:
-X509V3_add1_i2d 2536 EXIST::FUNCTION:
-PKCS7_ENVELOPE_it 2537 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ENVELOPE_it 2537 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_add_input_boolean 2538 EXIST::FUNCTION:
-ENGINE_unregister_RSA 2539 EXIST::FUNCTION:ENGINE
-X509V3_EXT_nconf 2540 EXIST::FUNCTION:
-ASN1_GENERALSTRING_free 2541 EXIST::FUNCTION:
-d2i_OCSP_CERTSTATUS 2542 EXIST::FUNCTION:
-X509_REVOKED_set_serialNumber 2543 EXIST::FUNCTION:
-X509_print_ex 2544 EXIST::FUNCTION:BIO
-OCSP_ONEREQ_get1_ext_d2i 2545 EXIST::FUNCTION:
-ENGINE_register_all_RAND 2546 EXIST::FUNCTION:ENGINE
-ENGINE_load_dynamic 2547 EXIST::FUNCTION:ENGINE
-PBKDF2PARAM_it 2548 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PBKDF2PARAM_it 2548 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EXTENDED_KEY_USAGE_new 2549 EXIST::FUNCTION:
-EC_GROUP_clear_free 2550 EXIST::FUNCTION:EC
-OCSP_sendreq_bio 2551 EXIST::FUNCTION:
-ASN1_item_digest 2552 EXIST::FUNCTION:EVP
-OCSP_BASICRESP_delete_ext 2553 EXIST::FUNCTION:
-OCSP_SIGNATURE_it 2554 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_SIGNATURE_it 2554 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CRL_it 2555 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CRL_it 2555 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_BASICRESP_add_ext 2556 EXIST::FUNCTION:
-KRB5_ENCKEY_it 2557 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_ENCKEY_it 2557 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_method_set_closer 2558 EXIST::FUNCTION:
-X509_STORE_set_purpose 2559 EXIST::FUNCTION:
-i2d_ASN1_GENERALSTRING 2560 EXIST::FUNCTION:
-OCSP_response_status 2561 EXIST::FUNCTION:
-i2d_OCSP_SERVICELOC 2562 EXIST::FUNCTION:
-ENGINE_get_digest_engine 2563 EXIST::FUNCTION:ENGINE
-EC_GROUP_set_curve_GFp 2564 EXIST::FUNCTION:EC
-OCSP_REQUEST_get_ext_by_OBJ 2565 EXIST::FUNCTION:
-_ossl_old_des_random_key 2566 EXIST::FUNCTION:DES
-ASN1_T61STRING_it 2567 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_T61STRING_it 2567 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GROUP_method_of 2568 EXIST::FUNCTION:EC
-i2d_KRB5_APREQ 2569 EXIST::FUNCTION:
-_ossl_old_des_encrypt 2570 EXIST::FUNCTION:DES
-ASN1_PRINTABLE_new 2571 EXIST::FUNCTION:
-HMAC_Init_ex 2572 EXIST::FUNCTION:HMAC
-d2i_KRB5_AUTHENT 2573 EXIST::FUNCTION:
-OCSP_archive_cutoff_new 2574 EXIST::FUNCTION:
-EC_POINT_set_Jprojective_coordinates_GFp 2575 EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_Jproj_coords_GFp 2575 EXIST:VMS:FUNCTION:EC
-_ossl_old_des_is_weak_key 2576 EXIST::FUNCTION:DES
-OCSP_BASICRESP_get_ext_by_OBJ 2577 EXIST::FUNCTION:
-EC_POINT_oct2point 2578 EXIST::FUNCTION:EC
-OCSP_SINGLERESP_get_ext_count 2579 EXIST::FUNCTION:
-UI_ctrl 2580 EXIST::FUNCTION:
-_shadow_DES_rw_mode 2581 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
-_shadow_DES_rw_mode 2581 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
-asn1_do_adb 2582 EXIST::FUNCTION:
-ASN1_template_i2d 2583 EXIST::FUNCTION:
-ENGINE_register_DH 2584 EXIST::FUNCTION:ENGINE
-UI_construct_prompt 2585 EXIST::FUNCTION:
-X509_STORE_set_trust 2586 EXIST::FUNCTION:
-UI_dup_input_string 2587 EXIST::FUNCTION:
-d2i_KRB5_APREQ 2588 EXIST::FUNCTION:
-EVP_MD_CTX_copy_ex 2589 EXIST::FUNCTION:
-OCSP_request_is_signed 2590 EXIST::FUNCTION:
-i2d_OCSP_REQINFO 2591 EXIST::FUNCTION:
-KRB5_ENCKEY_free 2592 EXIST::FUNCTION:
-OCSP_resp_get0 2593 EXIST::FUNCTION:
-GENERAL_NAME_it 2594 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-GENERAL_NAME_it 2594 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_GENERALIZEDTIME_it 2595 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_GENERALIZEDTIME_it 2595 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_STORE_set_flags 2596 EXIST::FUNCTION:
-EC_POINT_set_compressed_coordinates_GFp 2597 EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_compr_coords_GFp 2597 EXIST:VMS:FUNCTION:EC
-OCSP_response_status_str 2598 EXIST::FUNCTION:
-d2i_OCSP_REVOKEDINFO 2599 EXIST::FUNCTION:
-OCSP_basic_add1_cert 2600 EXIST::FUNCTION:
-ERR_get_implementation 2601 EXIST::FUNCTION:
-EVP_CipherFinal_ex 2602 EXIST::FUNCTION:
-OCSP_CERTSTATUS_new 2603 EXIST::FUNCTION:
-CRYPTO_cleanup_all_ex_data 2604 EXIST::FUNCTION:
-OCSP_resp_find 2605 EXIST::FUNCTION:
-BN_nnmod 2606 EXIST::FUNCTION:
-X509_CRL_sort 2607 EXIST::FUNCTION:
-X509_REVOKED_set_revocationDate 2608 EXIST::FUNCTION:
-ENGINE_register_RAND 2609 EXIST::FUNCTION:ENGINE
-OCSP_SERVICELOC_new 2610 EXIST::FUNCTION:
-EC_POINT_set_affine_coordinates_GFp 2611 EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_affine_coords_GFp 2611 EXIST:VMS:FUNCTION:EC
-_ossl_old_des_options 2612 EXIST::FUNCTION:DES
-SXNET_it 2613 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-SXNET_it 2613 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_dup_input_boolean 2614 EXIST::FUNCTION:
-PKCS12_add_CSPName_asc 2615 EXIST::FUNCTION:
-EC_POINT_is_at_infinity 2616 EXIST::FUNCTION:EC
-ENGINE_load_cryptodev 2617 EXIST::FUNCTION:ENGINE
-DSO_convert_filename 2618 EXIST::FUNCTION:
-POLICYQUALINFO_it 2619 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICYQUALINFO_it 2619 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_register_ciphers 2620 EXIST::FUNCTION:ENGINE
-BN_mod_lshift_quick 2621 EXIST::FUNCTION:
-DSO_set_filename 2622 EXIST::FUNCTION:
-ASN1_item_free 2623 EXIST::FUNCTION:
-KRB5_TKTBODY_free 2624 EXIST::FUNCTION:
-AUTHORITY_KEYID_it 2625 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-AUTHORITY_KEYID_it 2625 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_APREQBODY_new 2626 EXIST::FUNCTION:
-X509V3_EXT_REQ_add_nconf 2627 EXIST::FUNCTION:
-ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION:ENGINE
-i2d_OCSP_RESPDATA 2629 EXIST::FUNCTION:
-EVP_MD_CTX_init 2630 EXIST::FUNCTION:
-EXTENDED_KEY_USAGE_free 2631 EXIST::FUNCTION:
-PKCS7_ATTR_SIGN_it 2632 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_add_error_string 2633 EXIST::FUNCTION:
-KRB5_CHECKSUM_free 2634 EXIST::FUNCTION:
-OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION:
-ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE
-PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS12_unpack_authsafes 2639 EXIST::FUNCTION:
-ASN1_item_unpack 2640 EXIST::FUNCTION:
-NETSCAPE_SPKAC_it 2641 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_SPKAC_it 2641 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_REVOKED_it 2642 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_REVOKED_it 2642 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_STRING_encode 2643 EXIST::FUNCTION:
-EVP_aes_128_ecb 2644 EXIST::FUNCTION:AES
-KRB5_AUTHENT_free 2645 EXIST::FUNCTION:
-OCSP_BASICRESP_get_ext_by_critical 2646 EXIST:!VMS:FUNCTION:
-OCSP_BASICRESP_get_ext_by_crit 2646 EXIST:VMS:FUNCTION:
-OCSP_cert_status_str 2647 EXIST::FUNCTION:
-d2i_OCSP_REQUEST 2648 EXIST::FUNCTION:
-UI_dup_info_string 2649 EXIST::FUNCTION:
-_ossl_old_des_xwhite_in2out 2650 NOEXIST::FUNCTION:
-PKCS12_it 2651 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_it 2651 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_SINGLERESP_get_ext_by_critical 2652 EXIST:!VMS:FUNCTION:
-OCSP_SINGLERESP_get_ext_by_crit 2652 EXIST:VMS:FUNCTION:
-OCSP_CERTSTATUS_free 2653 EXIST::FUNCTION:
-_ossl_old_des_crypt 2654 EXIST::FUNCTION:DES
-ASN1_item_i2d 2655 EXIST::FUNCTION:
-EVP_DecryptFinal_ex 2656 EXIST::FUNCTION:
-ENGINE_load_openssl 2657 EXIST::FUNCTION:ENGINE
-ENGINE_get_cmd_defns 2658 EXIST::FUNCTION:ENGINE
-ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION:ENGINE
-EVP_EncryptFinal_ex 2660 EXIST::FUNCTION:
-ENGINE_set_default_digests 2661 EXIST::FUNCTION:ENGINE
-X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION:
-asn1_ex_i2c 2663 EXIST::FUNCTION:
-ENGINE_register_RSA 2664 EXIST::FUNCTION:ENGINE
-ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE
-_ossl_old_des_key_sched 2666 EXIST::FUNCTION:DES
-X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_KRB5_AUTHENT 2668 EXIST::FUNCTION:
-SXNETID_it 2669 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-SXNETID_it 2669 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_SINGLERESP 2670 EXIST::FUNCTION:
-EDIPARTYNAME_new 2671 EXIST::FUNCTION:
-PKCS12_certbag2x509 2672 EXIST::FUNCTION:
-_ossl_old_des_ofb64_encrypt 2673 EXIST::FUNCTION:DES
-d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION:
-ERR_print_errors_cb 2675 EXIST::FUNCTION:
-ENGINE_set_ciphers 2676 EXIST::FUNCTION:ENGINE
-d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION:
-UI_method_get_flusher 2678 EXIST::FUNCTION:
-X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_PUBKEY_it 2679 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_enc_read 2680 EXIST::FUNCTION:DES
-PKCS7_ENCRYPT_it 2681 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ENCRYPT_it 2681 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_OCSP_RESPONSE 2682 EXIST::FUNCTION:
-EC_GROUP_get_cofactor 2683 EXIST::FUNCTION:EC
-PKCS12_unpack_p7data 2684 EXIST::FUNCTION:
-d2i_KRB5_AUTHDATA 2685 EXIST::FUNCTION:
-OCSP_copy_nonce 2686 EXIST::FUNCTION:
-KRB5_AUTHDATA_new 2687 EXIST::FUNCTION:
-OCSP_RESPDATA_new 2688 EXIST::FUNCTION:
-EC_GFp_mont_method 2689 EXIST::FUNCTION:EC
-OCSP_REVOKEDINFO_free 2690 EXIST::FUNCTION:
-UI_get_ex_data 2691 EXIST::FUNCTION:
-KRB5_APREQBODY_free 2692 EXIST::FUNCTION:
-EC_GROUP_get0_generator 2693 EXIST::FUNCTION:EC
-UI_get_default_method 2694 EXIST::FUNCTION:
-X509V3_set_nconf 2695 EXIST::FUNCTION:
-PKCS12_item_i2d_encrypt 2696 EXIST::FUNCTION:
-X509_add1_ext_i2d 2697 EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_it 2698 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_SIGNER_INFO_it 2698 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_PRINCNAME_new 2699 EXIST::FUNCTION:
-PKCS12_SAFEBAG_it 2700 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_SAFEBAG_it 2700 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GROUP_get_order 2701 EXIST::FUNCTION:EC
-d2i_OCSP_RESPID 2702 EXIST::FUNCTION:
-OCSP_request_verify 2703 EXIST::FUNCTION:
-NCONF_get_number_e 2704 EXIST::FUNCTION:
-_ossl_old_des_decrypt3 2705 EXIST::FUNCTION:DES
-X509_signature_print 2706 EXIST::FUNCTION:EVP
-OCSP_SINGLERESP_free 2707 EXIST::FUNCTION:
-ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:ENGINE
-i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION:
-OCSP_REQUEST_add_ext 2710 EXIST::FUNCTION:
-OCSP_RESPBYTES_new 2711 EXIST::FUNCTION:
-EVP_MD_CTX_create 2712 EXIST::FUNCTION:
-OCSP_resp_find_status 2713 EXIST::FUNCTION:
-X509_ALGOR_it 2714 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_ALGOR_it 2714 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_TIME_it 2715 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_TIME_it 2715 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_request_set1_name 2716 EXIST::FUNCTION:
-OCSP_ONEREQ_get_ext_count 2717 EXIST::FUNCTION:
-UI_get0_result 2718 EXIST::FUNCTION:
-PKCS12_AUTHSAFES_it 2719 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_AUTHSAFES_it 2719 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_aes_256_ecb 2720 EXIST::FUNCTION:AES
-PKCS12_pack_authsafes 2721 EXIST::FUNCTION:
-ASN1_IA5STRING_it 2722 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_IA5STRING_it 2722 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_get_input_flags 2723 EXIST::FUNCTION:
-EC_GROUP_set_generator 2724 EXIST::FUNCTION:EC
-_ossl_old_des_string_to_2keys 2725 EXIST::FUNCTION:DES
-OCSP_CERTID_free 2726 EXIST::FUNCTION:
-X509_CERT_AUX_it 2727 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CERT_AUX_it 2727 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-CERTIFICATEPOLICIES_it 2728 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-CERTIFICATEPOLICIES_it 2728 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_ede3_cbc_encrypt 2729 EXIST::FUNCTION:DES
-RAND_set_rand_engine 2730 EXIST::FUNCTION:ENGINE
-DSO_get_loaded_filename 2731 EXIST::FUNCTION:
-X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_ATTRIBUTE_it 2732 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_ONEREQ_get_ext_by_NID 2733 EXIST::FUNCTION:
-PKCS12_decrypt_skey 2734 EXIST::FUNCTION:
-KRB5_AUTHENT_it 2735 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_AUTHENT_it 2735 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_dup_error_string 2736 EXIST::FUNCTION:
-RSAPublicKey_it 2737 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
-RSAPublicKey_it 2737 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
-i2d_OCSP_REQUEST 2738 EXIST::FUNCTION:
-PKCS12_x509crl2certbag 2739 EXIST::FUNCTION:
-OCSP_SERVICELOC_it 2740 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_SERVICELOC_it 2740 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_item_sign 2741 EXIST::FUNCTION:EVP
-X509_CRL_set_issuer_name 2742 EXIST::FUNCTION:
-OBJ_NAME_do_all_sorted 2743 EXIST::FUNCTION:
-i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION:
-i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION:
-PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION:
-HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC
-ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE
-OCSP_RESPONSE_print 2749 EXIST::FUNCTION:
-KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_TKTBODY_it 2750 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ACCESS_DESCRIPTION_it 2751 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ACCESS_DESCRIPTION_it 2751 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS7_ISSUER_AND_SERIAL_it 2752 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ISSUER_AND_SERIAL_it 2752 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PBE2PARAM_it 2753 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PBE2PARAM_it 2753 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS12_certbag2x509crl 2754 EXIST::FUNCTION:
-PKCS7_SIGNED_it 2755 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_SIGNED_it 2755 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_cipher 2756 EXIST::FUNCTION:ENGINE
-i2d_OCSP_CRLID 2757 EXIST::FUNCTION:
-OCSP_SINGLERESP_new 2758 EXIST::FUNCTION:
-ENGINE_cmd_is_executable 2759 EXIST::FUNCTION:ENGINE
-RSA_up_ref 2760 EXIST::FUNCTION:RSA
-ASN1_GENERALSTRING_it 2761 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_GENERALSTRING_it 2761 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_register_DSA 2762 EXIST::FUNCTION:ENGINE
-X509V3_EXT_add_nconf_sk 2763 EXIST::FUNCTION:
-ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION:ENGINE
-PKCS8_decrypt 2765 EXIST::FUNCTION:
-PEM_bytes_read_bio 2766 EXIST::FUNCTION:BIO
-DIRECTORYSTRING_it 2767 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-DIRECTORYSTRING_it 2767 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_CRLID 2768 EXIST::FUNCTION:
-EC_POINT_is_on_curve 2769 EXIST::FUNCTION:EC
-CRYPTO_set_locked_mem_ex_functions 2770 EXIST:!VMS:FUNCTION:
-CRYPTO_set_locked_mem_ex_funcs 2770 EXIST:VMS:FUNCTION:
-d2i_KRB5_CHECKSUM 2771 EXIST::FUNCTION:
-ASN1_item_dup 2772 EXIST::FUNCTION:
-X509_it 2773 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_it 2773 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-BN_mod_add 2774 EXIST::FUNCTION:
-KRB5_AUTHDATA_free 2775 EXIST::FUNCTION:
-_ossl_old_des_cbc_cksum 2776 EXIST::FUNCTION:DES
-ASN1_item_verify 2777 EXIST::FUNCTION:EVP
-CRYPTO_set_mem_ex_functions 2778 EXIST::FUNCTION:
-EC_POINT_get_Jprojective_coordinates_GFp 2779 EXIST:!VMS:FUNCTION:EC
-EC_POINT_get_Jproj_coords_GFp 2779 EXIST:VMS:FUNCTION:EC
-ZLONG_it 2780 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ZLONG_it 2780 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-CRYPTO_get_locked_mem_ex_functions 2781 EXIST:!VMS:FUNCTION:
-CRYPTO_get_locked_mem_ex_funcs 2781 EXIST:VMS:FUNCTION:
-ASN1_TIME_check 2782 EXIST::FUNCTION:
-UI_get0_user_data 2783 EXIST::FUNCTION:
-HMAC_CTX_cleanup 2784 EXIST::FUNCTION:HMAC
-DSA_up_ref 2785 EXIST::FUNCTION:DSA
-_ossl_old_des_ede3_cfb64_encrypt 2786 EXIST:!VMS:FUNCTION:DES
-_ossl_odes_ede3_cfb64_encrypt 2786 EXIST:VMS:FUNCTION:DES
-ASN1_BMPSTRING_it 2787 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_BMPSTRING_it 2787 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_tag2bit 2788 EXIST::FUNCTION:
-UI_method_set_flusher 2789 EXIST::FUNCTION:
-X509_ocspid_print 2790 EXIST::FUNCTION:BIO
-KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:ENGINE
-UI_add_user_data 2793 EXIST::FUNCTION:
-OCSP_REQUEST_delete_ext 2794 EXIST::FUNCTION:
-UI_get_method 2795 EXIST::FUNCTION:
-OCSP_ONEREQ_free 2796 EXIST::FUNCTION:
-ASN1_PRINTABLESTRING_it 2797 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_PRINTABLESTRING_it 2797 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CRL_set_nextUpdate 2798 EXIST::FUNCTION:
-OCSP_REQUEST_it 2799 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_REQUEST_it 2799 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_BASICRESP_it 2800 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_BASICRESP_it 2800 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-AES_ecb_encrypt 2801 EXIST::FUNCTION:AES
-BN_mod_sqr 2802 EXIST::FUNCTION:
-NETSCAPE_CERT_SEQUENCE_it 2803 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_CERT_SEQUENCE_it 2803 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-GENERAL_NAMES_it 2804 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-GENERAL_NAMES_it 2804 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-AUTHORITY_INFO_ACCESS_it 2805 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-AUTHORITY_INFO_ACCESS_it 2805 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_FBOOLEAN_it 2806 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_set_ex_data 2807 EXIST::FUNCTION:
-_ossl_old_des_string_to_key 2808 EXIST::FUNCTION:DES
-ENGINE_register_all_RSA 2809 EXIST::FUNCTION:ENGINE
-d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION:
-OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_RESPBYTES_it 2811 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CINF_it 2812 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CINF_it 2812 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_unregister_digests 2813 EXIST::FUNCTION:ENGINE
-d2i_EDIPARTYNAME 2814 EXIST::FUNCTION:
-d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION:
-ENGINE_get_digests 2816 EXIST::FUNCTION:ENGINE
-_ossl_old_des_set_odd_parity 2817 EXIST::FUNCTION:DES
-OCSP_RESPDATA_free 2818 EXIST::FUNCTION:
-d2i_KRB5_TICKET 2819 EXIST::FUNCTION:
-OTHERNAME_it 2820 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OTHERNAME_it 2820 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_MD_CTX_cleanup 2821 EXIST::FUNCTION:
-d2i_ASN1_GENERALSTRING 2822 EXIST::FUNCTION:
-X509_CRL_set_version 2823 EXIST::FUNCTION:
-BN_mod_sub 2824 EXIST::FUNCTION:
-OCSP_SINGLERESP_get_ext_by_NID 2825 EXIST::FUNCTION:
-ENGINE_get_ex_new_index 2826 EXIST::FUNCTION:ENGINE
-OCSP_REQUEST_free 2827 EXIST::FUNCTION:
-OCSP_REQUEST_add1_ext_i2d 2828 EXIST::FUNCTION:
-X509_VAL_it 2829 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_VAL_it 2829 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_POINTs_make_affine 2830 EXIST::FUNCTION:EC
-EC_POINT_mul 2831 EXIST::FUNCTION:EC
-X509V3_EXT_add_nconf 2832 EXIST::FUNCTION:
-X509_TRUST_set 2833 EXIST::FUNCTION:
-X509_CRL_add1_ext_i2d 2834 EXIST::FUNCTION:
-_ossl_old_des_fcrypt 2835 EXIST::FUNCTION:DES
-DISPLAYTEXT_it 2836 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-DISPLAYTEXT_it 2836 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CRL_set_lastUpdate 2837 EXIST::FUNCTION:
-OCSP_BASICRESP_free 2838 EXIST::FUNCTION:
-OCSP_BASICRESP_add1_ext_i2d 2839 EXIST::FUNCTION:
-d2i_KRB5_AUTHENTBODY 2840 EXIST::FUNCTION:
-CRYPTO_set_ex_data_implementation 2841 EXIST:!VMS:FUNCTION:
-CRYPTO_set_ex_data_impl 2841 EXIST:VMS:FUNCTION:
-KRB5_ENCDATA_new 2842 EXIST::FUNCTION:
-DSO_up_ref 2843 EXIST::FUNCTION:
-OCSP_crl_reason_str 2844 EXIST::FUNCTION:
-UI_get0_result_string 2845 EXIST::FUNCTION:
-ASN1_GENERALSTRING_new 2846 EXIST::FUNCTION:
-X509_SIG_it 2847 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_SIG_it 2847 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ERR_set_implementation 2848 EXIST::FUNCTION:
-ERR_load_EC_strings 2849 EXIST::FUNCTION:EC
-UI_get0_action_string 2850 EXIST::FUNCTION:
-OCSP_ONEREQ_get_ext 2851 EXIST::FUNCTION:
-EC_POINT_method_of 2852 EXIST::FUNCTION:EC
-i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION:
-_ossl_old_des_ecb3_encrypt 2854 EXIST::FUNCTION:DES
-CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION:
-ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE
-UI_destroy_method 2857 EXIST::FUNCTION:
-ASN1_item_i2d_bio 2858 EXIST::FUNCTION:BIO
-OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION:
-ASN1_primitive_new 2860 EXIST::FUNCTION:
-ASN1_PRINTABLE_it 2861 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_PRINTABLE_it 2861 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_aes_192_ecb 2862 EXIST::FUNCTION:AES
-OCSP_SIGNATURE_new 2863 EXIST::FUNCTION:
-LONG_it 2864 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-LONG_it 2864 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_VISIBLESTRING_it 2865 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_VISIBLESTRING_it 2865 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_SINGLERESP_add1_ext_i2d 2866 EXIST::FUNCTION:
-d2i_OCSP_CERTID 2867 EXIST::FUNCTION:
-ASN1_item_d2i_fp 2868 EXIST::FUNCTION:FP_API
-CRL_DIST_POINTS_it 2869 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-CRL_DIST_POINTS_it 2869 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-GENERAL_NAME_print 2870 EXIST::FUNCTION:
-OCSP_SINGLERESP_delete_ext 2871 EXIST::FUNCTION:
-PKCS12_SAFEBAGS_it 2872 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_SAFEBAGS_it 2872 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_SIGNATURE 2873 EXIST::FUNCTION:
-OCSP_request_add1_nonce 2874 EXIST::FUNCTION:
-ENGINE_set_cmd_defns 2875 EXIST::FUNCTION:ENGINE
-OCSP_SERVICELOC_free 2876 EXIST::FUNCTION:
-EC_GROUP_free 2877 EXIST::FUNCTION:EC
-ASN1_BIT_STRING_it 2878 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_BIT_STRING_it 2878 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_REQ_it 2879 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_REQ_it 2879 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_cbc_encrypt 2880 EXIST::FUNCTION:DES
-ERR_unload_strings 2881 EXIST::FUNCTION:
-PKCS7_SIGN_ENVELOPE_it 2882 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_SIGN_ENVELOPE_it 2882 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EDIPARTYNAME_free 2883 EXIST::FUNCTION:
-OCSP_REQINFO_free 2884 EXIST::FUNCTION:
-EC_GROUP_new_curve_GFp 2885 EXIST::FUNCTION:EC
-OCSP_REQUEST_get1_ext_d2i 2886 EXIST::FUNCTION:
-PKCS12_item_pack_safebag 2887 EXIST::FUNCTION:
-asn1_ex_c2i 2888 EXIST::FUNCTION:
-ENGINE_register_digests 2889 EXIST::FUNCTION:ENGINE
-i2d_OCSP_REVOKEDINFO 2890 EXIST::FUNCTION:
-asn1_enc_restore 2891 EXIST::FUNCTION:
-UI_free 2892 EXIST::FUNCTION:
-UI_new_method 2893 EXIST::FUNCTION:
-EVP_EncryptInit_ex 2894 EXIST::FUNCTION:
-X509_pubkey_digest 2895 EXIST::FUNCTION:EVP
-EC_POINT_invert 2896 EXIST::FUNCTION:EC
-OCSP_basic_sign 2897 EXIST::FUNCTION:
-i2d_OCSP_RESPID 2898 EXIST::FUNCTION:
-OCSP_check_nonce 2899 EXIST::FUNCTION:
-ENGINE_ctrl_cmd 2900 EXIST::FUNCTION:ENGINE
-d2i_KRB5_ENCKEY 2901 EXIST::FUNCTION:
-OCSP_parse_url 2902 EXIST::FUNCTION:
-OCSP_SINGLERESP_get_ext 2903 EXIST::FUNCTION:
-OCSP_CRLID_free 2904 EXIST::FUNCTION:
-OCSP_BASICRESP_get1_ext_d2i 2905 EXIST::FUNCTION:
-RSAPrivateKey_it 2906 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
-RSAPrivateKey_it 2906 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
-ENGINE_register_all_DH 2907 EXIST::FUNCTION:ENGINE
-i2d_EDIPARTYNAME 2908 EXIST::FUNCTION:
-EC_POINT_get_affine_coordinates_GFp 2909 EXIST:!VMS:FUNCTION:EC
-EC_POINT_get_affine_coords_GFp 2909 EXIST:VMS:FUNCTION:EC
-OCSP_CRLID_new 2910 EXIST::FUNCTION:
-ENGINE_get_flags 2911 EXIST::FUNCTION:ENGINE
-OCSP_ONEREQ_it 2912 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_ONEREQ_it 2912 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_process 2913 EXIST::FUNCTION:
-ASN1_INTEGER_it 2914 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_INTEGER_it 2914 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_CipherInit_ex 2915 EXIST::FUNCTION:
-UI_get_string_type 2916 EXIST::FUNCTION:
-ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE
-ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE
-OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION:
-bn_dup_expand 2920 EXIST::FUNCTION:DEPRECATED
-OCSP_cert_id_new 2921 EXIST::FUNCTION:
-BASIC_CONSTRAINTS_it 2922 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-BASIC_CONSTRAINTS_it 2922 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-BN_mod_add_quick 2923 EXIST::FUNCTION:
-EC_POINT_new 2924 EXIST::FUNCTION:EC
-EVP_MD_CTX_destroy 2925 EXIST::FUNCTION:
-OCSP_RESPBYTES_free 2926 EXIST::FUNCTION:
-EVP_aes_128_cbc 2927 EXIST::FUNCTION:AES
-OCSP_SINGLERESP_get1_ext_d2i 2928 EXIST::FUNCTION:
-EC_POINT_free 2929 EXIST::FUNCTION:EC
-DH_up_ref 2930 EXIST::FUNCTION:DH
-X509_NAME_ENTRY_it 2931 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_NAME_ENTRY_it 2931 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_get_ex_new_index 2932 EXIST::FUNCTION:
-BN_mod_sub_quick 2933 EXIST::FUNCTION:
-OCSP_ONEREQ_add_ext 2934 EXIST::FUNCTION:
-OCSP_request_sign 2935 EXIST::FUNCTION:
-EVP_DigestFinal_ex 2936 EXIST::FUNCTION:
-ENGINE_set_digests 2937 EXIST::FUNCTION:ENGINE
-OCSP_id_issuer_cmp 2938 EXIST::FUNCTION:
-OBJ_NAME_do_all 2939 EXIST::FUNCTION:
-EC_POINTs_mul 2940 EXIST::FUNCTION:EC
-ENGINE_register_complete 2941 EXIST::FUNCTION:ENGINE
-X509V3_EXT_nconf_nid 2942 EXIST::FUNCTION:
-ASN1_SEQUENCE_it 2943 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_SEQUENCE_it 2943 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_set_default_method 2944 EXIST::FUNCTION:
-RAND_query_egd_bytes 2945 EXIST::FUNCTION:
-UI_method_get_writer 2946 EXIST::FUNCTION:
-UI_OpenSSL 2947 EXIST::FUNCTION:
-PEM_def_callback 2948 EXIST::FUNCTION:
-ENGINE_cleanup 2949 EXIST::FUNCTION:ENGINE
-DIST_POINT_it 2950 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-DIST_POINT_it 2950 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_SINGLERESP_it 2951 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_SINGLERESP_it 2951 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_KRB5_TKTBODY 2952 EXIST::FUNCTION:
-EC_POINT_cmp 2953 EXIST::FUNCTION:EC
-OCSP_REVOKEDINFO_new 2954 EXIST::FUNCTION:
-i2d_OCSP_CERTSTATUS 2955 EXIST::FUNCTION:
-OCSP_basic_add1_nonce 2956 EXIST::FUNCTION:
-ASN1_item_ex_d2i 2957 EXIST::FUNCTION:
-BN_mod_lshift1_quick 2958 EXIST::FUNCTION:
-UI_set_method 2959 EXIST::FUNCTION:
-OCSP_id_get0_info 2960 EXIST::FUNCTION:
-BN_mod_sqrt 2961 EXIST::FUNCTION:
-EC_GROUP_copy 2962 EXIST::FUNCTION:EC
-KRB5_ENCDATA_free 2963 EXIST::FUNCTION:
-_ossl_old_des_cfb_encrypt 2964 EXIST::FUNCTION:DES
-OCSP_SINGLERESP_get_ext_by_OBJ 2965 EXIST::FUNCTION:
-OCSP_cert_to_id 2966 EXIST::FUNCTION:
-OCSP_RESPID_new 2967 EXIST::FUNCTION:
-OCSP_RESPDATA_it 2968 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_RESPDATA_it 2968 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_RESPDATA 2969 EXIST::FUNCTION:
-ENGINE_register_all_complete 2970 EXIST::FUNCTION:ENGINE
-OCSP_check_validity 2971 EXIST::FUNCTION:
-PKCS12_BAGS_it 2972 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_BAGS_it 2972 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_url_svcloc_new 2973 EXIST::FUNCTION:
-ASN1_template_free 2974 EXIST::FUNCTION:
-OCSP_SINGLERESP_add_ext 2975 EXIST::FUNCTION:
-KRB5_AUTHENTBODY_it 2976 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_AUTHENTBODY_it 2976 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_supported_extension 2977 EXIST::FUNCTION:
-i2d_KRB5_AUTHDATA 2978 EXIST::FUNCTION:
-UI_method_get_opener 2979 EXIST::FUNCTION:
-ENGINE_set_ex_data 2980 EXIST::FUNCTION:ENGINE
-OCSP_REQUEST_print 2981 EXIST::FUNCTION:
-CBIGNUM_it 2982 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-CBIGNUM_it 2982 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_TICKET_new 2983 EXIST::FUNCTION:
-KRB5_APREQ_new 2984 EXIST::FUNCTION:
-EC_GROUP_get_curve_GFp 2985 EXIST::FUNCTION:EC
-KRB5_ENCKEY_new 2986 EXIST::FUNCTION:
-ASN1_template_d2i 2987 EXIST::FUNCTION:
-_ossl_old_des_quad_cksum 2988 EXIST::FUNCTION:DES
-OCSP_single_get0_status 2989 EXIST::FUNCTION:
-BN_swap 2990 EXIST::FUNCTION:
-POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICYINFO_it 2991 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_set_destroy_function 2992 EXIST::FUNCTION:ENGINE
-asn1_enc_free 2993 EXIST::FUNCTION:
-OCSP_RESPID_it 2994 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GROUP_new 2995 EXIST::FUNCTION:EC
-EVP_aes_256_cbc 2996 EXIST::FUNCTION:AES
-i2d_KRB5_PRINCNAME 2997 EXIST::FUNCTION:
-_ossl_old_des_encrypt2 2998 EXIST::FUNCTION:DES
-_ossl_old_des_encrypt3 2999 EXIST::FUNCTION:DES
-PKCS8_PRIV_KEY_INFO_it 3000 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS8_PRIV_KEY_INFO_it 3000 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_REQINFO_it 3001 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_REQINFO_it 3001 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PBEPARAM_it 3002 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PBEPARAM_it 3002 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_AUTHENTBODY_new 3003 EXIST::FUNCTION:
-X509_CRL_add0_revoked 3004 EXIST::FUNCTION:
-EDIPARTYNAME_it 3005 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-EDIPARTYNAME_it 3005 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-NETSCAPE_SPKI_it 3006 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_SPKI_it 3006 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_get0_test_string 3007 EXIST::FUNCTION:
-ENGINE_get_cipher_engine 3008 EXIST::FUNCTION:ENGINE
-ENGINE_register_all_ciphers 3009 EXIST::FUNCTION:ENGINE
-EC_POINT_copy 3010 EXIST::FUNCTION:EC
-BN_kronecker 3011 EXIST::FUNCTION:
-_ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES
-_ossl_odes_ede3_ofb64_encrypt 3012 EXIST:VMS:FUNCTION:DES
-UI_method_get_reader 3013 EXIST::FUNCTION:
-OCSP_BASICRESP_get_ext_count 3014 EXIST::FUNCTION:
-ASN1_ENUMERATED_it 3015 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_ENUMERATED_it 3015 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_set_result 3016 EXIST::FUNCTION:
-i2d_KRB5_TICKET 3017 EXIST::FUNCTION:
-X509_print_ex_fp 3018 EXIST::FUNCTION:FP_API
-EVP_CIPHER_CTX_set_padding 3019 EXIST::FUNCTION:
-d2i_OCSP_RESPONSE 3020 EXIST::FUNCTION:
-ASN1_UTCTIME_it 3021 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_UTCTIME_it 3021 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_enc_write 3022 EXIST::FUNCTION:DES
-OCSP_RESPONSE_new 3023 EXIST::FUNCTION:
-AES_set_encrypt_key 3024 EXIST::FUNCTION:AES
-OCSP_resp_count 3025 EXIST::FUNCTION:
-KRB5_CHECKSUM_new 3026 EXIST::FUNCTION:
-ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-OCSP_onereq_get0_id 3028 EXIST::FUNCTION:
-ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE
-NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NOTICEREF_it 3030 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509V3_EXT_CRL_add_nconf 3031 EXIST::FUNCTION:
-OCSP_REVOKEDINFO_it 3032 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_REVOKEDINFO_it 3032 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-AES_encrypt 3033 EXIST::FUNCTION:AES
-OCSP_REQUEST_new 3034 EXIST::FUNCTION:
-ASN1_ANY_it 3035 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_ANY_it 3035 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-CRYPTO_ex_data_new_class 3036 EXIST::FUNCTION:
-_ossl_old_des_ncbc_encrypt 3037 EXIST::FUNCTION:DES
-i2d_KRB5_TKTBODY 3038 EXIST::FUNCTION:
-EC_POINT_clear_free 3039 EXIST::FUNCTION:EC
-AES_decrypt 3040 EXIST::FUNCTION:AES
-asn1_enc_init 3041 EXIST::FUNCTION:
-UI_get_result_maxsize 3042 EXIST::FUNCTION:
-OCSP_CERTID_new 3043 EXIST::FUNCTION:
-ENGINE_unregister_RAND 3044 EXIST::FUNCTION:ENGINE
-UI_method_get_closer 3045 EXIST::FUNCTION:
-d2i_KRB5_ENCDATA 3046 EXIST::FUNCTION:
-OCSP_request_onereq_count 3047 EXIST::FUNCTION:
-OCSP_basic_verify 3048 EXIST::FUNCTION:
-KRB5_AUTHENTBODY_free 3049 EXIST::FUNCTION:
-ASN1_item_d2i 3050 EXIST::FUNCTION:
-ASN1_primitive_free 3051 EXIST::FUNCTION:
-i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION:
-i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION:
-asn1_enc_save 3054 EXIST::FUNCTION:
-ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-_ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES
-PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_accept_responses_new 3058 EXIST::FUNCTION:
-asn1_do_lock 3059 EXIST::FUNCTION:
-PKCS7_ATTR_VERIFY_it 3060 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ATTR_VERIFY_it 3060 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_APREQBODY_it 3061 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_APREQBODY_it 3061 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_OCSP_SINGLERESP 3062 EXIST::FUNCTION:
-ASN1_item_ex_new 3063 EXIST::FUNCTION:
-UI_add_verify_string 3064 EXIST::FUNCTION:
-_ossl_old_des_set_key 3065 EXIST::FUNCTION:DES
-KRB5_PRINCNAME_it 3066 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_PRINCNAME_it 3066 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_DecryptInit_ex 3067 EXIST::FUNCTION:
-i2d_OCSP_CERTID 3068 EXIST::FUNCTION:
-ASN1_item_d2i_bio 3069 EXIST::FUNCTION:BIO
-EC_POINT_dbl 3070 EXIST::FUNCTION:EC
-asn1_get_choice_selector 3071 EXIST::FUNCTION:
-i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION:
-ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE
-AES_options 3074 EXIST::FUNCTION:AES
-ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-OCSP_id_cmp 3076 EXIST::FUNCTION:
-OCSP_BASICRESP_new 3077 EXIST::FUNCTION:
-OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION:
-KRB5_APREQ_it 3079 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_APREQ_it 3079 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_destroy_function 3080 EXIST::FUNCTION:ENGINE
-CONF_set_nconf 3081 EXIST::FUNCTION:
-ASN1_PRINTABLE_free 3082 EXIST::FUNCTION:
-OCSP_BASICRESP_get_ext_by_NID 3083 EXIST::FUNCTION:
-DIST_POINT_NAME_it 3084 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-DIST_POINT_NAME_it 3084 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509V3_extensions_print 3085 EXIST::FUNCTION:
-_ossl_old_des_cfb64_encrypt 3086 EXIST::FUNCTION:DES
-X509_REVOKED_add1_ext_i2d 3087 EXIST::FUNCTION:
-_ossl_old_des_ofb_encrypt 3088 EXIST::FUNCTION:DES
-KRB5_TKTBODY_new 3089 EXIST::FUNCTION:
-ASN1_OCTET_STRING_it 3090 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_OCTET_STRING_it 3090 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ERR_load_UI_strings 3091 EXIST::FUNCTION:
-i2d_KRB5_ENCKEY 3092 EXIST::FUNCTION:
-ASN1_template_new 3093 EXIST::FUNCTION:
-OCSP_SIGNATURE_free 3094 EXIST::FUNCTION:
-ASN1_item_i2d_fp 3095 EXIST::FUNCTION:FP_API
-KRB5_PRINCNAME_free 3096 EXIST::FUNCTION:
-PKCS7_RECIP_INFO_it 3097 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_RECIP_INFO_it 3097 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EXTENDED_KEY_USAGE_it 3098 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-EXTENDED_KEY_USAGE_it 3098 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GFp_simple_method 3099 EXIST::FUNCTION:EC
-EC_GROUP_precompute_mult 3100 EXIST::FUNCTION:EC
-OCSP_request_onereq_get0 3101 EXIST::FUNCTION:
-UI_method_set_writer 3102 EXIST::FUNCTION:
-KRB5_AUTHENT_new 3103 EXIST::FUNCTION:
-X509_CRL_INFO_it 3104 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CRL_INFO_it 3104 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-DSO_set_name_converter 3105 EXIST::FUNCTION:
-AES_set_decrypt_key 3106 EXIST::FUNCTION:AES
-PKCS7_DIGEST_it 3107 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_DIGEST_it 3107 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS12_x5092certbag 3108 EXIST::FUNCTION:
-EVP_DigestInit_ex 3109 EXIST::FUNCTION:
-i2a_ACCESS_DESCRIPTION 3110 EXIST::FUNCTION:
-OCSP_RESPONSE_it 3111 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_RESPONSE_it 3111 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS7_ENC_CONTENT_it 3112 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ENC_CONTENT_it 3112 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_request_add0_id 3113 EXIST::FUNCTION:
-EC_POINT_make_affine 3114 EXIST::FUNCTION:EC
-DSO_get_filename 3115 EXIST::FUNCTION:
-OCSP_CERTSTATUS_it 3116 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_CERTSTATUS_it 3116 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_request_add1_cert 3117 EXIST::FUNCTION:
-UI_get0_output_string 3118 EXIST::FUNCTION:
-UI_dup_verify_string 3119 EXIST::FUNCTION:
-BN_mod_lshift 3120 EXIST::FUNCTION:
-KRB5_AUTHDATA_it 3121 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_AUTHDATA_it 3121 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-asn1_set_choice_selector 3122 EXIST::FUNCTION:
-OCSP_basic_add1_status 3123 EXIST::FUNCTION:
-OCSP_RESPID_free 3124 EXIST::FUNCTION:
-asn1_get_field_ptr 3125 EXIST::FUNCTION:
-UI_add_input_string 3126 EXIST::FUNCTION:
-OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION:
-OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION:
-ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-USERNOTICE_it 3132 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_REQINFO_new 3133 EXIST::FUNCTION:
-OCSP_BASICRESP_get_ext 3134 EXIST::FUNCTION:
-CRYPTO_get_ex_data_implementation 3135 EXIST:!VMS:FUNCTION:
-CRYPTO_get_ex_data_impl 3135 EXIST:VMS:FUNCTION:
-ASN1_item_pack 3136 EXIST::FUNCTION:
-i2d_KRB5_ENCDATA 3137 EXIST::FUNCTION:
-X509_PURPOSE_set 3138 EXIST::FUNCTION:
-X509_REQ_INFO_it 3139 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_REQ_INFO_it 3139 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_method_set_opener 3140 EXIST::FUNCTION:
-ASN1_item_ex_free 3141 EXIST::FUNCTION:
-ASN1_BOOLEAN_it 3142 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_BOOLEAN_it 3142 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_table_flags 3143 EXIST::FUNCTION:ENGINE
-UI_create_method 3144 EXIST::FUNCTION:
-OCSP_ONEREQ_add1_ext_i2d 3145 EXIST::FUNCTION:
-_shadow_DES_check_key 3146 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
-_shadow_DES_check_key 3146 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
-d2i_OCSP_REQINFO 3147 EXIST::FUNCTION:
-UI_add_info_string 3148 EXIST::FUNCTION:
-UI_get_result_minsize 3149 EXIST::FUNCTION:
-ASN1_NULL_it 3150 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_NULL_it 3150 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-BN_mod_lshift1 3151 EXIST::FUNCTION:
-d2i_OCSP_ONEREQ 3152 EXIST::FUNCTION:
-OCSP_ONEREQ_new 3153 EXIST::FUNCTION:
-KRB5_TICKET_it 3154 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_TICKET_it 3154 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_aes_192_cbc 3155 EXIST::FUNCTION:AES
-KRB5_TICKET_free 3156 EXIST::FUNCTION:
-UI_new 3157 EXIST::FUNCTION:
-OCSP_response_create 3158 EXIST::FUNCTION:
-_ossl_old_des_xcbc_encrypt 3159 EXIST::FUNCTION:DES
-PKCS7_it 3160 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_it 3160 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_REQUEST_get_ext_by_critical 3161 EXIST:!VMS:FUNCTION:
-OCSP_REQUEST_get_ext_by_crit 3161 EXIST:VMS:FUNCTION:
-ENGINE_set_flags 3162 EXIST::FUNCTION:ENGINE
-_ossl_old_des_ecb_encrypt 3163 EXIST::FUNCTION:DES
-OCSP_response_get1_basic 3164 EXIST::FUNCTION:
-EVP_Digest 3165 EXIST::FUNCTION:
-OCSP_ONEREQ_delete_ext 3166 EXIST::FUNCTION:
-ASN1_TBOOLEAN_it 3167 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_TBOOLEAN_it 3167 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_item_new 3168 EXIST::FUNCTION:
-ASN1_TIME_to_generalizedtime 3169 EXIST::FUNCTION:
-BIGNUM_it 3170 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-BIGNUM_it 3170 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-AES_cbc_encrypt 3171 EXIST::FUNCTION:AES
-ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION:ENGINE
-OCSP_RESPONSE_free 3173 EXIST::FUNCTION:
-UI_method_set_reader 3174 EXIST::FUNCTION:
-i2d_ASN1_T61STRING 3175 EXIST::FUNCTION:
-EC_POINT_set_to_infinity 3176 EXIST::FUNCTION:EC
-ERR_load_OCSP_strings 3177 EXIST::FUNCTION:
-EC_POINT_point2oct 3178 EXIST::FUNCTION:EC
-KRB5_APREQ_free 3179 EXIST::FUNCTION:
-ASN1_OBJECT_it 3180 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_OBJECT_it 3180 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_crlID_new 3181 EXIST:!OS2,!VMS,!WIN16:FUNCTION:
-OCSP_crlID2_new 3181 EXIST:OS2,VMS,WIN16:FUNCTION:
-CONF_modules_load_file 3182 EXIST::FUNCTION:
-CONF_imodule_set_usr_data 3183 EXIST::FUNCTION:
-ENGINE_set_default_string 3184 EXIST::FUNCTION:ENGINE
-CONF_module_get_usr_data 3185 EXIST::FUNCTION:
-ASN1_add_oid_module 3186 EXIST::FUNCTION:
-CONF_modules_finish 3187 EXIST::FUNCTION:
-OPENSSL_config 3188 EXIST::FUNCTION:
-CONF_modules_unload 3189 EXIST::FUNCTION:
-CONF_imodule_get_value 3190 EXIST::FUNCTION:
-CONF_module_set_usr_data 3191 EXIST::FUNCTION:
-CONF_parse_list 3192 EXIST::FUNCTION:
-CONF_module_add 3193 EXIST::FUNCTION:
-CONF_get1_default_config_file 3194 EXIST::FUNCTION:
-CONF_imodule_get_flags 3195 EXIST::FUNCTION:
-CONF_imodule_get_module 3196 EXIST::FUNCTION:
-CONF_modules_load 3197 EXIST::FUNCTION:
-CONF_imodule_get_name 3198 EXIST::FUNCTION:
-ERR_peek_top_error 3199 NOEXIST::FUNCTION:
-CONF_imodule_get_usr_data 3200 EXIST::FUNCTION:
-CONF_imodule_set_flags 3201 EXIST::FUNCTION:
-ENGINE_add_conf_module 3202 EXIST::FUNCTION:ENGINE
-ERR_peek_last_error_line 3203 EXIST::FUNCTION:
-ERR_peek_last_error_line_data 3204 EXIST::FUNCTION:
-ERR_peek_last_error 3205 EXIST::FUNCTION:
-DES_read_2passwords 3206 EXIST::FUNCTION:DES
-DES_read_password 3207 EXIST::FUNCTION:DES
-UI_UTIL_read_pw 3208 EXIST::FUNCTION:
-UI_UTIL_read_pw_string 3209 EXIST::FUNCTION:
-ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION:
-OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION:
-OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION:
-OPENSSL_add_all_algo_conf 3213 EXIST:VMS:FUNCTION:
-OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION:
-AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES
-AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES
-AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES
-ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES
-EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES
-EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES
-EVP_aes_128_cfb128 3222 EXIST::FUNCTION:AES
-EVP_aes_256_cfb128 3223 EXIST::FUNCTION:AES
-EVP_aes_128_ofb 3224 EXIST::FUNCTION:AES
-EVP_aes_192_cfb128 3225 EXIST::FUNCTION:AES
-CONF_modules_free 3226 EXIST::FUNCTION:
-NCONF_default 3227 EXIST::FUNCTION:
-OPENSSL_no_config 3228 EXIST::FUNCTION:
-NCONF_WIN32 3229 EXIST::FUNCTION:
-ASN1_UNIVERSALSTRING_new 3230 EXIST::FUNCTION:
-EVP_des_ede_ecb 3231 EXIST::FUNCTION:DES
-i2d_ASN1_UNIVERSALSTRING 3232 EXIST::FUNCTION:
-ASN1_UNIVERSALSTRING_free 3233 EXIST::FUNCTION:
-ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION:
-EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES
-X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO
-ENGINE_up_ref 3238 EXIST::FUNCTION:ENGINE
-BUF_MEM_grow_clean 3239 EXIST::FUNCTION:
-CRYPTO_realloc_clean 3240 EXIST::FUNCTION:
-BUF_strlcat 3241 EXIST::FUNCTION:
-BIO_indent 3242 EXIST::FUNCTION:
-BUF_strlcpy 3243 EXIST::FUNCTION:
-OpenSSLDie 3244 EXIST::FUNCTION:
-OPENSSL_cleanse 3245 EXIST::FUNCTION:
-ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
-ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH
-EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
-FIPS_corrupt_rsa 3249 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_selftest_des 3250 EXIST:OPENSSL_FIPS:FUNCTION:
-EVP_aes_128_cfb1 3251 EXIST::FUNCTION:AES
-EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES
-FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION:
-EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES
-FIPS_allow_md5 3256 NOEXIST::FUNCTION:
-DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES
-EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES
-FIPS_rand_seeded 3259 NOEXIST::FUNCTION:
-AES_cfbr_encrypt_block 3260 EXIST::FUNCTION:AES
-AES_cfb8_encrypt 3261 EXIST::FUNCTION:AES
-FIPS_rand_seed 3262 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_corrupt_des 3263 EXIST:OPENSSL_FIPS:FUNCTION:
-EVP_aes_192_cfb1 3264 EXIST::FUNCTION:AES
-FIPS_selftest_aes 3265 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_set_prng_key 3266 NOEXIST::FUNCTION:
-EVP_des_cfb8 3267 EXIST::FUNCTION:DES
-FIPS_corrupt_dsa 3268 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_test_mode 3269 NOEXIST::FUNCTION:
-FIPS_rand_method 3270 EXIST:OPENSSL_FIPS:FUNCTION:
-EVP_aes_256_cfb1 3271 EXIST::FUNCTION:AES
-ERR_load_FIPS_strings 3272 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_corrupt_aes 3273 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_selftest_sha1 3274 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_selftest_rsa 3275 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_corrupt_sha1 3276 EXIST:OPENSSL_FIPS:FUNCTION:
-EVP_des_cfb1 3277 EXIST::FUNCTION:DES
-FIPS_dsa_check 3278 NOEXIST::FUNCTION:
-AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES
-EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES
-FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_md5_allowed 3282 NOEXIST::FUNCTION:
-FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION:
-sk_is_sorted 3285 EXIST::FUNCTION:
-X509_check_ca 3286 EXIST::FUNCTION:
-private_idea_set_encrypt_key 3287 EXIST:OPENSSL_FIPS:FUNCTION:IDEA
-HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC
-private_SHA_Init 3289 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0
-private_CAST_set_key 3290 EXIST:OPENSSL_FIPS:FUNCTION:CAST
-private_RIPEMD160_Init 3291 EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD
-private_RC5_32_set_key 3292 EXIST:OPENSSL_FIPS:FUNCTION:RC5
-private_MD5_Init 3293 EXIST:OPENSSL_FIPS:FUNCTION:MD5
-private_RC4_set_key 3294 EXIST:OPENSSL_FIPS:FUNCTION:RC4
-private_MDC2_Init 3295 EXIST:OPENSSL_FIPS:FUNCTION:MDC2
-private_RC2_set_key 3296 EXIST:OPENSSL_FIPS:FUNCTION:RC2
-private_MD4_Init 3297 EXIST:OPENSSL_FIPS:FUNCTION:MD4
-private_BF_set_key 3298 EXIST:OPENSSL_FIPS:FUNCTION:BF
-private_MD2_Init 3299 EXIST:OPENSSL_FIPS:FUNCTION:MD2
-d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION:
-PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_PROXY_POLICY 3302 EXIST::FUNCTION:
-i2d_PROXY_CERT_INFO_EXTENSION 3303 EXIST::FUNCTION:
-d2i_PROXY_POLICY 3304 EXIST::FUNCTION:
-PROXY_CERT_INFO_EXTENSION_new 3305 EXIST::FUNCTION:
-PROXY_CERT_INFO_EXTENSION_free 3306 EXIST::FUNCTION:
-PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PROXY_POLICY_free 3308 EXIST::FUNCTION:
-PROXY_POLICY_new 3309 EXIST::FUNCTION:
-BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION:
-FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION:
-EVP_sha384 3312 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-EVP_sha512 3313 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256
-EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256
-FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION:
-BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION:
-RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA
-RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA
-RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA
-RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA
-RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA
-PKCS1_MGF1 3324 EXIST::FUNCTION:RSA
-BN_X931_generate_Xpq 3325 EXIST::FUNCTION:
-RSA_X931_generate_key 3326 NOEXIST::FUNCTION:
-BN_X931_derive_prime 3327 NOEXIST::FUNCTION:
-BN_X931_generate_prime 3328 NOEXIST::FUNCTION:
-RSA_X931_derive 3329 NOEXIST::FUNCTION:
-BIO_new_dgram 3330 EXIST::FUNCTION:
-BN_get0_nist_prime_384 3331 EXIST::FUNCTION:
-ERR_set_mark 3332 EXIST::FUNCTION:
-X509_STORE_CTX_set0_crls 3333 EXIST::FUNCTION:
-ENGINE_set_STORE 3334 EXIST::FUNCTION:ENGINE
-ENGINE_register_ECDSA 3335 EXIST::FUNCTION:ENGINE
-STORE_method_set_list_start_function 3336 EXIST:!VMS:FUNCTION:
-STORE_meth_set_list_start_fn 3336 EXIST:VMS:FUNCTION:
-BN_BLINDING_invert_ex 3337 EXIST::FUNCTION:
-NAME_CONSTRAINTS_free 3338 EXIST::FUNCTION:
-STORE_ATTR_INFO_set_number 3339 EXIST::FUNCTION:
-BN_BLINDING_get_thread_id 3340 EXIST::FUNCTION:
-X509_STORE_CTX_set0_param 3341 EXIST::FUNCTION:
-POLICY_MAPPING_it 3342 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_MAPPING_it 3342 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_parse_attrs_start 3343 EXIST::FUNCTION:
-POLICY_CONSTRAINTS_free 3344 EXIST::FUNCTION:
-EVP_PKEY_add1_attr_by_NID 3345 EXIST::FUNCTION:
-BN_nist_mod_192 3346 EXIST::FUNCTION:
-EC_GROUP_get_trinomial_basis 3347 EXIST::FUNCTION:EC
-STORE_set_method 3348 EXIST::FUNCTION:
-GENERAL_SUBTREE_free 3349 EXIST::FUNCTION:
-NAME_CONSTRAINTS_it 3350 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NAME_CONSTRAINTS_it 3350 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ECDH_get_default_method 3351 EXIST::FUNCTION:ECDH
-PKCS12_add_safe 3352 EXIST::FUNCTION:
-EC_KEY_new_by_curve_name 3353 EXIST::FUNCTION:EC
-STORE_method_get_update_store_function 3354 EXIST:!VMS:FUNCTION:
-STORE_meth_get_update_store_fn 3354 EXIST:VMS:FUNCTION:
-ENGINE_register_ECDH 3355 EXIST::FUNCTION:ENGINE
-SHA512_Update 3356 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-i2d_ECPrivateKey 3357 EXIST::FUNCTION:EC
-BN_get0_nist_prime_192 3358 EXIST::FUNCTION:
-STORE_modify_certificate 3359 EXIST::FUNCTION:
-EC_POINT_set_affine_coordinates_GF2m 3360 EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_affine_coords_GF2m 3360 EXIST:VMS:FUNCTION:EC
-BN_GF2m_mod_exp_arr 3361 EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_number 3362 EXIST::FUNCTION:
-X509_keyid_get0 3363 EXIST::FUNCTION:
-ENGINE_load_gmp 3364 EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
-pitem_new 3365 EXIST::FUNCTION:
-BN_GF2m_mod_mul_arr 3366 EXIST::FUNCTION:
-STORE_list_public_key_endp 3367 EXIST::FUNCTION:
-o2i_ECPublicKey 3368 EXIST::FUNCTION:EC
-EC_KEY_copy 3369 EXIST::FUNCTION:EC
-BIO_dump_fp 3370 EXIST::FUNCTION:FP_API
-X509_policy_node_get0_parent 3371 EXIST::FUNCTION:
-EC_GROUP_check_discriminant 3372 EXIST::FUNCTION:EC
-i2o_ECPublicKey 3373 EXIST::FUNCTION:EC
-EC_KEY_precompute_mult 3374 EXIST::FUNCTION:EC
-a2i_IPADDRESS 3375 EXIST::FUNCTION:
-STORE_method_set_initialise_function 3376 EXIST:!VMS:FUNCTION:
-STORE_meth_set_initialise_fn 3376 EXIST:VMS:FUNCTION:
-X509_STORE_CTX_set_depth 3377 EXIST::FUNCTION:
-X509_VERIFY_PARAM_inherit 3378 EXIST::FUNCTION:
-EC_POINT_point2bn 3379 EXIST::FUNCTION:EC
-STORE_ATTR_INFO_set_dn 3380 EXIST::FUNCTION:
-X509_policy_tree_get0_policies 3381 EXIST::FUNCTION:
-EC_GROUP_new_curve_GF2m 3382 EXIST::FUNCTION:EC
-STORE_destroy_method 3383 EXIST::FUNCTION:
-ENGINE_unregister_STORE 3384 EXIST::FUNCTION:ENGINE
-EVP_PKEY_get1_EC_KEY 3385 EXIST::FUNCTION:EC
-STORE_ATTR_INFO_get0_number 3386 EXIST::FUNCTION:
-ENGINE_get_default_ECDH 3387 EXIST::FUNCTION:ENGINE
-EC_KEY_get_conv_form 3388 EXIST::FUNCTION:EC
-ASN1_OCTET_STRING_NDEF_it 3389 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_OCTET_STRING_NDEF_it 3389 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_delete_public_key 3390 EXIST::FUNCTION:
-STORE_get_public_key 3391 EXIST::FUNCTION:
-STORE_modify_arbitrary 3392 EXIST::FUNCTION:
-ENGINE_get_static_state 3393 EXIST::FUNCTION:ENGINE
-pqueue_iterator 3394 EXIST::FUNCTION:
-ECDSA_SIG_new 3395 EXIST::FUNCTION:ECDSA
-OPENSSL_DIR_end 3396 EXIST::FUNCTION:
-BN_GF2m_mod_sqr 3397 EXIST::FUNCTION:
-EC_POINT_bn2point 3398 EXIST::FUNCTION:EC
-X509_VERIFY_PARAM_set_depth 3399 EXIST::FUNCTION:
-EC_KEY_set_asn1_flag 3400 EXIST::FUNCTION:EC
-STORE_get_method 3401 EXIST::FUNCTION:
-EC_KEY_get_key_method_data 3402 EXIST::FUNCTION:EC
-ECDSA_sign_ex 3403 EXIST::FUNCTION:ECDSA
-STORE_parse_attrs_end 3404 EXIST::FUNCTION:
-EC_GROUP_get_point_conversion_form 3405 EXIST:!VMS:FUNCTION:EC
-EC_GROUP_get_point_conv_form 3405 EXIST:VMS:FUNCTION:EC
-STORE_method_set_store_function 3406 EXIST::FUNCTION:
-STORE_ATTR_INFO_in 3407 EXIST::FUNCTION:
-PEM_read_bio_ECPKParameters 3408 EXIST::FUNCTION:EC
-EC_GROUP_get_pentanomial_basis 3409 EXIST::FUNCTION:EC
-EVP_PKEY_add1_attr_by_txt 3410 EXIST::FUNCTION:
-BN_BLINDING_set_flags 3411 EXIST::FUNCTION:
-X509_VERIFY_PARAM_set1_policies 3412 EXIST::FUNCTION:
-X509_VERIFY_PARAM_set1_name 3413 EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_purpose 3414 EXIST::FUNCTION:
-STORE_get_number 3415 EXIST::FUNCTION:
-ECDSA_sign_setup 3416 EXIST::FUNCTION:ECDSA
-BN_GF2m_mod_solve_quad_arr 3417 EXIST::FUNCTION:
-EC_KEY_up_ref 3418 EXIST::FUNCTION:EC
-POLICY_MAPPING_free 3419 EXIST::FUNCTION:
-BN_GF2m_mod_div 3420 EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_flags 3421 EXIST::FUNCTION:
-EC_KEY_free 3422 EXIST::FUNCTION:EC
-STORE_method_set_list_next_function 3423 EXIST:!VMS:FUNCTION:
-STORE_meth_set_list_next_fn 3423 EXIST:VMS:FUNCTION:
-PEM_write_bio_ECPrivateKey 3424 EXIST::FUNCTION:EC
-d2i_EC_PUBKEY 3425 EXIST::FUNCTION:EC
-STORE_method_get_generate_function 3426 EXIST:!VMS:FUNCTION:
-STORE_meth_get_generate_fn 3426 EXIST:VMS:FUNCTION:
-STORE_method_set_list_end_function 3427 EXIST:!VMS:FUNCTION:
-STORE_meth_set_list_end_fn 3427 EXIST:VMS:FUNCTION:
-pqueue_print 3428 EXIST:!VMSVAX:FUNCTION:
-EC_GROUP_have_precompute_mult 3429 EXIST::FUNCTION:EC
-EC_KEY_print_fp 3430 EXIST::FUNCTION:EC,FP_API
-BN_GF2m_mod_arr 3431 EXIST::FUNCTION:
-PEM_write_bio_X509_CERT_PAIR 3432 EXIST::FUNCTION:
-EVP_PKEY_cmp 3433 EXIST::FUNCTION:
-X509_policy_level_node_count 3434 EXIST::FUNCTION:
-STORE_new_engine 3435 EXIST::FUNCTION:
-STORE_list_public_key_start 3436 EXIST::FUNCTION:
-X509_VERIFY_PARAM_new 3437 EXIST::FUNCTION:
-ECDH_get_ex_data 3438 EXIST::FUNCTION:ECDH
-EVP_PKEY_get_attr 3439 EXIST::FUNCTION:
-ECDSA_do_sign 3440 EXIST::FUNCTION:ECDSA
-ENGINE_unregister_ECDH 3441 EXIST::FUNCTION:ENGINE
-ECDH_OpenSSL 3442 EXIST::FUNCTION:ECDH
-EC_KEY_set_conv_form 3443 EXIST::FUNCTION:EC
-EC_POINT_dup 3444 EXIST::FUNCTION:EC
-GENERAL_SUBTREE_new 3445 EXIST::FUNCTION:
-STORE_list_crl_endp 3446 EXIST::FUNCTION:
-EC_get_builtin_curves 3447 EXIST::FUNCTION:EC
-X509_policy_node_get0_qualifiers 3448 EXIST:!VMS:FUNCTION:
-X509_pcy_node_get0_qualifiers 3448 EXIST:VMS:FUNCTION:
-STORE_list_crl_end 3449 EXIST::FUNCTION:
-EVP_PKEY_set1_EC_KEY 3450 EXIST::FUNCTION:EC
-BN_GF2m_mod_sqrt_arr 3451 EXIST::FUNCTION:
-i2d_ECPrivateKey_bio 3452 EXIST::FUNCTION:BIO,EC
-ECPKParameters_print_fp 3453 EXIST::FUNCTION:EC,FP_API
-pqueue_find 3454 EXIST::FUNCTION:
-ECDSA_SIG_free 3455 EXIST::FUNCTION:ECDSA
-PEM_write_bio_ECPKParameters 3456 EXIST::FUNCTION:EC
-STORE_method_set_ctrl_function 3457 EXIST::FUNCTION:
-STORE_list_public_key_end 3458 EXIST::FUNCTION:
-EC_KEY_set_private_key 3459 EXIST::FUNCTION:EC
-pqueue_peek 3460 EXIST::FUNCTION:
-STORE_get_arbitrary 3461 EXIST::FUNCTION:
-STORE_store_crl 3462 EXIST::FUNCTION:
-X509_policy_node_get0_policy 3463 EXIST::FUNCTION:
-PKCS12_add_safes 3464 EXIST::FUNCTION:
-BN_BLINDING_convert_ex 3465 EXIST::FUNCTION:
-X509_policy_tree_free 3466 EXIST::FUNCTION:
-OPENSSL_ia32cap_loc 3467 EXIST::FUNCTION:
-BN_GF2m_poly2arr 3468 EXIST::FUNCTION:
-STORE_ctrl 3469 EXIST::FUNCTION:
-STORE_ATTR_INFO_compare 3470 EXIST::FUNCTION:
-BN_get0_nist_prime_224 3471 EXIST::FUNCTION:
-i2d_ECParameters 3472 EXIST::FUNCTION:EC
-i2d_ECPKParameters 3473 EXIST::FUNCTION:EC
-BN_GENCB_call 3474 EXIST::FUNCTION:
-d2i_ECPKParameters 3475 EXIST::FUNCTION:EC
-STORE_method_set_generate_function 3476 EXIST:!VMS:FUNCTION:
-STORE_meth_set_generate_fn 3476 EXIST:VMS:FUNCTION:
-ENGINE_set_ECDH 3477 EXIST::FUNCTION:ENGINE
-NAME_CONSTRAINTS_new 3478 EXIST::FUNCTION:
-SHA256_Init 3479 EXIST::FUNCTION:SHA,SHA256
-EC_KEY_get0_public_key 3480 EXIST::FUNCTION:EC
-PEM_write_bio_EC_PUBKEY 3481 EXIST::FUNCTION:EC
-STORE_ATTR_INFO_set_cstr 3482 EXIST::FUNCTION:
-STORE_list_crl_next 3483 EXIST::FUNCTION:
-STORE_ATTR_INFO_in_range 3484 EXIST::FUNCTION:
-ECParameters_print 3485 EXIST::FUNCTION:BIO,EC
-STORE_method_set_delete_function 3486 EXIST:!VMS:FUNCTION:
-STORE_meth_set_delete_fn 3486 EXIST:VMS:FUNCTION:
-STORE_list_certificate_next 3487 EXIST::FUNCTION:
-ASN1_generate_nconf 3488 EXIST::FUNCTION:
-BUF_memdup 3489 EXIST::FUNCTION:
-BN_GF2m_mod_mul 3490 EXIST::FUNCTION:
-STORE_method_get_list_next_function 3491 EXIST:!VMS:FUNCTION:
-STORE_meth_get_list_next_fn 3491 EXIST:VMS:FUNCTION:
-STORE_ATTR_INFO_get0_dn 3492 EXIST::FUNCTION:
-STORE_list_private_key_next 3493 EXIST::FUNCTION:
-EC_GROUP_set_seed 3494 EXIST::FUNCTION:EC
-X509_VERIFY_PARAM_set_trust 3495 EXIST::FUNCTION:
-STORE_ATTR_INFO_free 3496 EXIST::FUNCTION:
-STORE_get_private_key 3497 EXIST::FUNCTION:
-EVP_PKEY_get_attr_count 3498 EXIST::FUNCTION:
-STORE_ATTR_INFO_new 3499 EXIST::FUNCTION:
-EC_GROUP_get_curve_GF2m 3500 EXIST::FUNCTION:EC
-STORE_method_set_revoke_function 3501 EXIST:!VMS:FUNCTION:
-STORE_meth_set_revoke_fn 3501 EXIST:VMS:FUNCTION:
-STORE_store_number 3502 EXIST::FUNCTION:
-BN_is_prime_ex 3503 EXIST::FUNCTION:
-STORE_revoke_public_key 3504 EXIST::FUNCTION:
-X509_STORE_CTX_get0_param 3505 EXIST::FUNCTION:
-STORE_delete_arbitrary 3506 EXIST::FUNCTION:
-PEM_read_X509_CERT_PAIR 3507 EXIST:!WIN16:FUNCTION:
-X509_STORE_set_depth 3508 EXIST::FUNCTION:
-ECDSA_get_ex_data 3509 EXIST::FUNCTION:ECDSA
-SHA224 3510 EXIST::FUNCTION:SHA,SHA256
-BIO_dump_indent_fp 3511 EXIST::FUNCTION:FP_API
-EC_KEY_set_group 3512 EXIST::FUNCTION:EC
-BUF_strndup 3513 EXIST::FUNCTION:
-STORE_list_certificate_start 3514 EXIST::FUNCTION:
-BN_GF2m_mod 3515 EXIST::FUNCTION:
-X509_REQ_check_private_key 3516 EXIST::FUNCTION:
-EC_GROUP_get_seed_len 3517 EXIST::FUNCTION:EC
-ERR_load_STORE_strings 3518 EXIST::FUNCTION:
-PEM_read_bio_EC_PUBKEY 3519 EXIST::FUNCTION:EC
-STORE_list_private_key_end 3520 EXIST::FUNCTION:
-i2d_EC_PUBKEY 3521 EXIST::FUNCTION:EC
-ECDSA_get_default_method 3522 EXIST::FUNCTION:ECDSA
-ASN1_put_eoc 3523 EXIST::FUNCTION:
-X509_STORE_CTX_get_explicit_policy 3524 EXIST:!VMS:FUNCTION:
-X509_STORE_CTX_get_expl_policy 3524 EXIST:VMS:FUNCTION:
-X509_VERIFY_PARAM_table_cleanup 3525 EXIST::FUNCTION:
-STORE_modify_private_key 3526 EXIST::FUNCTION:
-X509_VERIFY_PARAM_free 3527 EXIST::FUNCTION:
-EC_METHOD_get_field_type 3528 EXIST::FUNCTION:EC
-EC_GFp_nist_method 3529 EXIST::FUNCTION:EC
-STORE_method_set_modify_function 3530 EXIST:!VMS:FUNCTION:
-STORE_meth_set_modify_fn 3530 EXIST:VMS:FUNCTION:
-STORE_parse_attrs_next 3531 EXIST::FUNCTION:
-ENGINE_load_padlock 3532 EXIST::FUNCTION:ENGINE
-EC_GROUP_set_curve_name 3533 EXIST::FUNCTION:EC
-X509_CERT_PAIR_it 3534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CERT_PAIR_it 3534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_method_get_revoke_function 3535 EXIST:!VMS:FUNCTION:
-STORE_meth_get_revoke_fn 3535 EXIST:VMS:FUNCTION:
-STORE_method_set_get_function 3536 EXIST::FUNCTION:
-STORE_modify_number 3537 EXIST::FUNCTION:
-STORE_method_get_store_function 3538 EXIST::FUNCTION:
-STORE_store_private_key 3539 EXIST::FUNCTION:
-BN_GF2m_mod_sqr_arr 3540 EXIST::FUNCTION:
-RSA_setup_blinding 3541 EXIST::FUNCTION:RSA
-BIO_s_datagram 3542 EXIST::FUNCTION:DGRAM
-STORE_Memory 3543 EXIST::FUNCTION:
-sk_find_ex 3544 EXIST::FUNCTION:
-EC_GROUP_set_curve_GF2m 3545 EXIST::FUNCTION:EC
-ENGINE_set_default_ECDSA 3546 EXIST::FUNCTION:ENGINE
-POLICY_CONSTRAINTS_new 3547 EXIST::FUNCTION:
-BN_GF2m_mod_sqrt 3548 EXIST::FUNCTION:
-ECDH_set_default_method 3549 EXIST::FUNCTION:ECDH
-EC_KEY_generate_key 3550 EXIST::FUNCTION:EC
-SHA384_Update 3551 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-BN_GF2m_arr2poly 3552 EXIST::FUNCTION:
-STORE_method_get_get_function 3553 EXIST::FUNCTION:
-STORE_method_set_cleanup_function 3554 EXIST:!VMS:FUNCTION:
-STORE_meth_set_cleanup_fn 3554 EXIST:VMS:FUNCTION:
-EC_GROUP_check 3555 EXIST::FUNCTION:EC
-d2i_ECPrivateKey_bio 3556 EXIST::FUNCTION:BIO,EC
-EC_KEY_insert_key_method_data 3557 EXIST::FUNCTION:EC
-STORE_method_get_lock_store_function 3558 EXIST:!VMS:FUNCTION:
-STORE_meth_get_lock_store_fn 3558 EXIST:VMS:FUNCTION:
-X509_VERIFY_PARAM_get_depth 3559 EXIST::FUNCTION:
-SHA224_Final 3560 EXIST::FUNCTION:SHA,SHA256
-STORE_method_set_update_store_function 3561 EXIST:!VMS:FUNCTION:
-STORE_meth_set_update_store_fn 3561 EXIST:VMS:FUNCTION:
-SHA224_Update 3562 EXIST::FUNCTION:SHA,SHA256
-d2i_ECPrivateKey 3563 EXIST::FUNCTION:EC
-ASN1_item_ndef_i2d 3564 EXIST::FUNCTION:
-STORE_delete_private_key 3565 EXIST::FUNCTION:
-ERR_pop_to_mark 3566 EXIST::FUNCTION:
-ENGINE_register_all_STORE 3567 EXIST::FUNCTION:ENGINE
-X509_policy_level_get0_node 3568 EXIST::FUNCTION:
-i2d_PKCS7_NDEF 3569 EXIST::FUNCTION:
-EC_GROUP_get_degree 3570 EXIST::FUNCTION:EC
-ASN1_generate_v3 3571 EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_cstr 3572 EXIST::FUNCTION:
-X509_policy_tree_level_count 3573 EXIST::FUNCTION:
-BN_GF2m_add 3574 EXIST::FUNCTION:
-EC_KEY_get0_group 3575 EXIST::FUNCTION:EC
-STORE_generate_crl 3576 EXIST::FUNCTION:
-STORE_store_public_key 3577 EXIST::FUNCTION:
-X509_CERT_PAIR_free 3578 EXIST::FUNCTION:
-STORE_revoke_private_key 3579 EXIST::FUNCTION:
-BN_nist_mod_224 3580 EXIST::FUNCTION:
-SHA512_Final 3581 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-STORE_ATTR_INFO_modify_dn 3582 EXIST::FUNCTION:
-STORE_method_get_initialise_function 3583 EXIST:!VMS:FUNCTION:
-STORE_meth_get_initialise_fn 3583 EXIST:VMS:FUNCTION:
-STORE_delete_number 3584 EXIST::FUNCTION:
-i2d_EC_PUBKEY_bio 3585 EXIST::FUNCTION:BIO,EC
-BIO_dgram_non_fatal_error 3586 EXIST::FUNCTION:
-EC_GROUP_get_asn1_flag 3587 EXIST::FUNCTION:EC
-STORE_ATTR_INFO_in_ex 3588 EXIST::FUNCTION:
-STORE_list_crl_start 3589 EXIST::FUNCTION:
-ECDH_get_ex_new_index 3590 EXIST::FUNCTION:ECDH
-STORE_method_get_modify_function 3591 EXIST:!VMS:FUNCTION:
-STORE_meth_get_modify_fn 3591 EXIST:VMS:FUNCTION:
-v2i_ASN1_BIT_STRING 3592 EXIST::FUNCTION:
-STORE_store_certificate 3593 EXIST::FUNCTION:
-OBJ_bsearch_ex 3594 EXIST::FUNCTION:
-X509_STORE_CTX_set_default 3595 EXIST::FUNCTION:
-STORE_ATTR_INFO_set_sha1str 3596 EXIST::FUNCTION:
-BN_GF2m_mod_inv 3597 EXIST::FUNCTION:
-BN_GF2m_mod_exp 3598 EXIST::FUNCTION:
-STORE_modify_public_key 3599 EXIST::FUNCTION:
-STORE_method_get_list_start_function 3600 EXIST:!VMS:FUNCTION:
-STORE_meth_get_list_start_fn 3600 EXIST:VMS:FUNCTION:
-EC_GROUP_get0_seed 3601 EXIST::FUNCTION:EC
-STORE_store_arbitrary 3602 EXIST::FUNCTION:
-STORE_method_set_unlock_store_function 3603 EXIST:!VMS:FUNCTION:
-STORE_meth_set_unlock_store_fn 3603 EXIST:VMS:FUNCTION:
-BN_GF2m_mod_div_arr 3604 EXIST::FUNCTION:
-ENGINE_set_ECDSA 3605 EXIST::FUNCTION:ENGINE
-STORE_create_method 3606 EXIST::FUNCTION:
-ECPKParameters_print 3607 EXIST::FUNCTION:BIO,EC
-EC_KEY_get0_private_key 3608 EXIST::FUNCTION:EC
-PEM_write_EC_PUBKEY 3609 EXIST:!WIN16:FUNCTION:EC
-X509_VERIFY_PARAM_set1 3610 EXIST::FUNCTION:
-ECDH_set_method 3611 EXIST::FUNCTION:ECDH
-v2i_GENERAL_NAME_ex 3612 EXIST::FUNCTION:
-ECDH_set_ex_data 3613 EXIST::FUNCTION:ECDH
-STORE_generate_key 3614 EXIST::FUNCTION:
-BN_nist_mod_521 3615 EXIST::FUNCTION:
-X509_policy_tree_get0_level 3616 EXIST::FUNCTION:
-EC_GROUP_set_point_conversion_form 3617 EXIST:!VMS:FUNCTION:EC
-EC_GROUP_set_point_conv_form 3617 EXIST:VMS:FUNCTION:EC
-PEM_read_EC_PUBKEY 3618 EXIST:!WIN16:FUNCTION:EC
-i2d_ECDSA_SIG 3619 EXIST::FUNCTION:ECDSA
-ECDSA_OpenSSL 3620 EXIST::FUNCTION:ECDSA
-STORE_delete_crl 3621 EXIST::FUNCTION:
-EC_KEY_get_enc_flags 3622 EXIST::FUNCTION:EC
-ASN1_const_check_infinite_end 3623 EXIST::FUNCTION:
-EVP_PKEY_delete_attr 3624 EXIST::FUNCTION:
-ECDSA_set_default_method 3625 EXIST::FUNCTION:ECDSA
-EC_POINT_set_compressed_coordinates_GF2m 3626 EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_compr_coords_GF2m 3626 EXIST:VMS:FUNCTION:EC
-EC_GROUP_cmp 3627 EXIST::FUNCTION:EC
-STORE_revoke_certificate 3628 EXIST::FUNCTION:
-BN_get0_nist_prime_256 3629 EXIST::FUNCTION:
-STORE_method_get_delete_function 3630 EXIST:!VMS:FUNCTION:
-STORE_meth_get_delete_fn 3630 EXIST:VMS:FUNCTION:
-SHA224_Init 3631 EXIST::FUNCTION:SHA,SHA256
-PEM_read_ECPrivateKey 3632 EXIST:!WIN16:FUNCTION:EC
-SHA512_Init 3633 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-STORE_parse_attrs_endp 3634 EXIST::FUNCTION:
-BN_set_negative 3635 EXIST::FUNCTION:
-ERR_load_ECDSA_strings 3636 EXIST::FUNCTION:ECDSA
-EC_GROUP_get_basis_type 3637 EXIST::FUNCTION:EC
-STORE_list_public_key_next 3638 EXIST::FUNCTION:
-i2v_ASN1_BIT_STRING 3639 EXIST::FUNCTION:
-STORE_OBJECT_free 3640 EXIST::FUNCTION:
-BN_nist_mod_384 3641 EXIST::FUNCTION:
-i2d_X509_CERT_PAIR 3642 EXIST::FUNCTION:
-PEM_write_ECPKParameters 3643 EXIST:!WIN16:FUNCTION:EC
-ECDH_compute_key 3644 EXIST::FUNCTION:ECDH
-STORE_ATTR_INFO_get0_sha1str 3645 EXIST::FUNCTION:
-ENGINE_register_all_ECDH 3646 EXIST::FUNCTION:ENGINE
-pqueue_pop 3647 EXIST::FUNCTION:
-STORE_ATTR_INFO_get0_cstr 3648 EXIST::FUNCTION:
-POLICY_CONSTRAINTS_it 3649 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_CONSTRAINTS_it 3649 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_get_ex_new_index 3650 EXIST::FUNCTION:
-EVP_PKEY_get_attr_by_OBJ 3651 EXIST::FUNCTION:
-X509_VERIFY_PARAM_add0_policy 3652 EXIST::FUNCTION:
-BN_GF2m_mod_solve_quad 3653 EXIST::FUNCTION:
-SHA256 3654 EXIST::FUNCTION:SHA,SHA256
-i2d_ECPrivateKey_fp 3655 EXIST::FUNCTION:EC,FP_API
-X509_policy_tree_get0_user_policies 3656 EXIST:!VMS:FUNCTION:
-X509_pcy_tree_get0_usr_policies 3656 EXIST:VMS:FUNCTION:
-OPENSSL_DIR_read 3657 EXIST::FUNCTION:
-ENGINE_register_all_ECDSA 3658 EXIST::FUNCTION:ENGINE
-X509_VERIFY_PARAM_lookup 3659 EXIST::FUNCTION:
-EC_POINT_get_affine_coordinates_GF2m 3660 EXIST:!VMS:FUNCTION:EC
-EC_POINT_get_affine_coords_GF2m 3660 EXIST:VMS:FUNCTION:EC
-EC_GROUP_dup 3661 EXIST::FUNCTION:EC
-ENGINE_get_default_ECDSA 3662 EXIST::FUNCTION:ENGINE
-EC_KEY_new 3663 EXIST::FUNCTION:EC
-SHA256_Transform 3664 EXIST::FUNCTION:SHA,SHA256
-EC_KEY_set_enc_flags 3665 EXIST::FUNCTION:EC
-ECDSA_verify 3666 EXIST::FUNCTION:ECDSA
-EC_POINT_point2hex 3667 EXIST::FUNCTION:EC
-ENGINE_get_STORE 3668 EXIST::FUNCTION:ENGINE
-SHA512 3669 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-STORE_get_certificate 3670 EXIST::FUNCTION:
-ECDSA_do_sign_ex 3671 EXIST::FUNCTION:ECDSA
-ECDSA_do_verify 3672 EXIST::FUNCTION:ECDSA
-d2i_ECPrivateKey_fp 3673 EXIST::FUNCTION:EC,FP_API
-STORE_delete_certificate 3674 EXIST::FUNCTION:
-SHA512_Transform 3675 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-X509_STORE_set1_param 3676 EXIST::FUNCTION:
-STORE_method_get_ctrl_function 3677 EXIST::FUNCTION:
-STORE_free 3678 EXIST::FUNCTION:
-PEM_write_ECPrivateKey 3679 EXIST:!WIN16:FUNCTION:EC
-STORE_method_get_unlock_store_function 3680 EXIST:!VMS:FUNCTION:
-STORE_meth_get_unlock_store_fn 3680 EXIST:VMS:FUNCTION:
-STORE_get_ex_data 3681 EXIST::FUNCTION:
-EC_KEY_set_public_key 3682 EXIST::FUNCTION:EC
-PEM_read_ECPKParameters 3683 EXIST:!WIN16:FUNCTION:EC
-X509_CERT_PAIR_new 3684 EXIST::FUNCTION:
-ENGINE_register_STORE 3685 EXIST::FUNCTION:ENGINE
-RSA_generate_key_ex 3686 EXIST::FUNCTION:RSA
-DSA_generate_parameters_ex 3687 EXIST::FUNCTION:DSA
-ECParameters_print_fp 3688 EXIST::FUNCTION:EC,FP_API
-X509V3_NAME_from_section 3689 EXIST::FUNCTION:
-EVP_PKEY_add1_attr 3690 EXIST::FUNCTION:
-STORE_modify_crl 3691 EXIST::FUNCTION:
-STORE_list_private_key_start 3692 EXIST::FUNCTION:
-POLICY_MAPPINGS_it 3693 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_MAPPINGS_it 3693 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-GENERAL_SUBTREE_it 3694 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-GENERAL_SUBTREE_it 3694 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GROUP_get_curve_name 3695 EXIST::FUNCTION:EC
-PEM_write_X509_CERT_PAIR 3696 EXIST:!WIN16:FUNCTION:
-BIO_dump_indent_cb 3697 EXIST::FUNCTION:
-d2i_X509_CERT_PAIR 3698 EXIST::FUNCTION:
-STORE_list_private_key_endp 3699 EXIST::FUNCTION:
-asn1_const_Finish 3700 EXIST::FUNCTION:
-i2d_EC_PUBKEY_fp 3701 EXIST::FUNCTION:EC,FP_API
-BN_nist_mod_256 3702 EXIST::FUNCTION:
-X509_VERIFY_PARAM_add0_table 3703 EXIST::FUNCTION:
-pqueue_free 3704 EXIST::FUNCTION:
-BN_BLINDING_create_param 3705 EXIST::FUNCTION:
-ECDSA_size 3706 EXIST::FUNCTION:ECDSA
-d2i_EC_PUBKEY_bio 3707 EXIST::FUNCTION:BIO,EC
-BN_get0_nist_prime_521 3708 EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_sha1str 3709 EXIST::FUNCTION:
-BN_generate_prime_ex 3710 EXIST::FUNCTION:
-EC_GROUP_new_by_curve_name 3711 EXIST::FUNCTION:EC
-SHA256_Final 3712 EXIST::FUNCTION:SHA,SHA256
-DH_generate_parameters_ex 3713 EXIST::FUNCTION:DH
-PEM_read_bio_ECPrivateKey 3714 EXIST::FUNCTION:EC
-STORE_method_get_cleanup_function 3715 EXIST:!VMS:FUNCTION:
-STORE_meth_get_cleanup_fn 3715 EXIST:VMS:FUNCTION:
-ENGINE_get_ECDH 3716 EXIST::FUNCTION:ENGINE
-d2i_ECDSA_SIG 3717 EXIST::FUNCTION:ECDSA
-BN_is_prime_fasttest_ex 3718 EXIST::FUNCTION:
-ECDSA_sign 3719 EXIST::FUNCTION:ECDSA
-X509_policy_check 3720 EXIST::FUNCTION:
-EVP_PKEY_get_attr_by_NID 3721 EXIST::FUNCTION:
-STORE_set_ex_data 3722 EXIST::FUNCTION:
-ENGINE_get_ECDSA 3723 EXIST::FUNCTION:ENGINE
-EVP_ecdsa 3724 EXIST::FUNCTION:SHA
-BN_BLINDING_get_flags 3725 EXIST::FUNCTION:
-PKCS12_add_cert 3726 EXIST::FUNCTION:
-STORE_OBJECT_new 3727 EXIST::FUNCTION:
-ERR_load_ECDH_strings 3728 EXIST::FUNCTION:ECDH
-EC_KEY_dup 3729 EXIST::FUNCTION:EC
-EVP_CIPHER_CTX_rand_key 3730 EXIST::FUNCTION:
-ECDSA_set_method 3731 EXIST::FUNCTION:ECDSA
-a2i_IPADDRESS_NC 3732 EXIST::FUNCTION:
-d2i_ECParameters 3733 EXIST::FUNCTION:EC
-STORE_list_certificate_end 3734 EXIST::FUNCTION:
-STORE_get_crl 3735 EXIST::FUNCTION:
-X509_POLICY_NODE_print 3736 EXIST::FUNCTION:
-SHA384_Init 3737 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-EC_GF2m_simple_method 3738 EXIST::FUNCTION:EC
-ECDSA_set_ex_data 3739 EXIST::FUNCTION:ECDSA
-SHA384_Final 3740 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-PKCS7_set_digest 3741 EXIST::FUNCTION:
-EC_KEY_print 3742 EXIST::FUNCTION:BIO,EC
-STORE_method_set_lock_store_function 3743 EXIST:!VMS:FUNCTION:
-STORE_meth_set_lock_store_fn 3743 EXIST:VMS:FUNCTION:
-ECDSA_get_ex_new_index 3744 EXIST::FUNCTION:ECDSA
-SHA384 3745 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-POLICY_MAPPING_new 3746 EXIST::FUNCTION:
-STORE_list_certificate_endp 3747 EXIST::FUNCTION:
-X509_STORE_CTX_get0_policy_tree 3748 EXIST::FUNCTION:
-EC_GROUP_set_asn1_flag 3749 EXIST::FUNCTION:EC
-EC_KEY_check_key 3750 EXIST::FUNCTION:EC
-d2i_EC_PUBKEY_fp 3751 EXIST::FUNCTION:EC,FP_API
-PKCS7_set0_type_other 3752 EXIST::FUNCTION:
-PEM_read_bio_X509_CERT_PAIR 3753 EXIST::FUNCTION:
-pqueue_next 3754 EXIST::FUNCTION:
-STORE_method_get_list_end_function 3755 EXIST:!VMS:FUNCTION:
-STORE_meth_get_list_end_fn 3755 EXIST:VMS:FUNCTION:
-EVP_PKEY_add1_attr_by_OBJ 3756 EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_time 3757 EXIST::FUNCTION:
-pqueue_new 3758 EXIST::FUNCTION:
-ENGINE_set_default_ECDH 3759 EXIST::FUNCTION:ENGINE
-STORE_new_method 3760 EXIST::FUNCTION:
-PKCS12_add_key 3761 EXIST::FUNCTION:
-DSO_merge 3762 EXIST::FUNCTION:
-EC_POINT_hex2point 3763 EXIST::FUNCTION:EC
-BIO_dump_cb 3764 EXIST::FUNCTION:
-SHA256_Update 3765 EXIST::FUNCTION:SHA,SHA256
-pqueue_insert 3766 EXIST::FUNCTION:
-pitem_free 3767 EXIST::FUNCTION:
-BN_GF2m_mod_inv_arr 3768 EXIST::FUNCTION:
-ENGINE_unregister_ECDSA 3769 EXIST::FUNCTION:ENGINE
-BN_BLINDING_set_thread_id 3770 EXIST::FUNCTION:
-get_rfc3526_prime_8192 3771 EXIST::FUNCTION:
-X509_VERIFY_PARAM_clear_flags 3772 EXIST::FUNCTION:
-get_rfc2409_prime_1024 3773 EXIST::FUNCTION:
-DH_check_pub_key 3774 EXIST::FUNCTION:DH
-get_rfc3526_prime_2048 3775 EXIST::FUNCTION:
-get_rfc3526_prime_6144 3776 EXIST::FUNCTION:
-get_rfc3526_prime_1536 3777 EXIST::FUNCTION:
-get_rfc3526_prime_3072 3778 EXIST::FUNCTION:
-get_rfc3526_prime_4096 3779 EXIST::FUNCTION:
-get_rfc2409_prime_768 3780 EXIST::FUNCTION:
-X509_VERIFY_PARAM_get_flags 3781 EXIST::FUNCTION:
-EVP_CIPHER_CTX_new 3782 EXIST::FUNCTION:
-EVP_CIPHER_CTX_free 3783 EXIST::FUNCTION:
-Camellia_cbc_encrypt 3784 EXIST::FUNCTION:CAMELLIA
-Camellia_cfb128_encrypt 3785 EXIST::FUNCTION:CAMELLIA
-Camellia_cfb1_encrypt 3786 EXIST::FUNCTION:CAMELLIA
-Camellia_cfb8_encrypt 3787 EXIST::FUNCTION:CAMELLIA
-Camellia_ctr128_encrypt 3788 EXIST::FUNCTION:CAMELLIA
-Camellia_cfbr_encrypt_block 3789 EXIST::FUNCTION:CAMELLIA
-Camellia_decrypt 3790 EXIST::FUNCTION:CAMELLIA
-Camellia_ecb_encrypt 3791 EXIST::FUNCTION:CAMELLIA
-Camellia_encrypt 3792 EXIST::FUNCTION:CAMELLIA
-Camellia_ofb128_encrypt 3793 EXIST::FUNCTION:CAMELLIA
-Camellia_set_key 3794 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_cbc 3795 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_cfb128 3796 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_cfb1 3797 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_cfb8 3798 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_ecb 3799 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_ofb 3800 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_cbc 3801 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_cfb128 3802 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_cfb1 3803 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_cfb8 3804 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_ecb 3805 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_ofb 3806 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_cbc 3807 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_cfb128 3808 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_cfb1 3809 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_cfb8 3810 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_ecb 3811 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_ofb 3812 EXIST::FUNCTION:CAMELLIA
-a2i_ipadd 3813 EXIST::FUNCTION:
-ASIdentifiers_free 3814 EXIST::FUNCTION:RFC3779
-i2d_ASIdOrRange 3815 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_block_size 3816 EXIST::FUNCTION:
-v3_asid_is_canonical 3817 EXIST::FUNCTION:RFC3779
-IPAddressChoice_free 3818 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_set_app_data 3819 EXIST::FUNCTION:
-BIO_set_callback_arg 3820 EXIST::FUNCTION:
-v3_addr_add_prefix 3821 EXIST::FUNCTION:RFC3779
-IPAddressOrRange_it 3822 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressOrRange_it 3822 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-BIO_set_flags 3823 EXIST::FUNCTION:
-ASIdentifiers_it 3824 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASIdentifiers_it 3824 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-v3_addr_get_range 3825 EXIST::FUNCTION:RFC3779
-BIO_method_type 3826 EXIST::FUNCTION:
-v3_addr_inherits 3827 EXIST::FUNCTION:RFC3779
-IPAddressChoice_it 3828 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressChoice_it 3828 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-AES_ige_encrypt 3829 EXIST::FUNCTION:AES
-v3_addr_add_range 3830 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_nid 3831 EXIST::FUNCTION:
-d2i_ASRange 3832 EXIST::FUNCTION:RFC3779
-v3_addr_add_inherit 3833 EXIST::FUNCTION:RFC3779
-v3_asid_add_id_or_range 3834 EXIST::FUNCTION:RFC3779
-v3_addr_validate_resource_set 3835 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_iv_length 3836 EXIST::FUNCTION:
-EVP_MD_type 3837 EXIST::FUNCTION:
-v3_asid_canonize 3838 EXIST::FUNCTION:RFC3779
-IPAddressRange_free 3839 EXIST::FUNCTION:RFC3779
-v3_asid_add_inherit 3840 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_key_length 3841 EXIST::FUNCTION:
-IPAddressRange_new 3842 EXIST::FUNCTION:RFC3779
-ASIdOrRange_new 3843 EXIST::FUNCTION:RFC3779
-EVP_MD_size 3844 EXIST::FUNCTION:
-EVP_MD_CTX_test_flags 3845 EXIST::FUNCTION:
-BIO_clear_flags 3846 EXIST::FUNCTION:
-i2d_ASRange 3847 EXIST::FUNCTION:RFC3779
-IPAddressRange_it 3848 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressRange_it 3848 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-IPAddressChoice_new 3849 EXIST::FUNCTION:RFC3779
-ASIdentifierChoice_new 3850 EXIST::FUNCTION:RFC3779
-ASRange_free 3851 EXIST::FUNCTION:RFC3779
-EVP_MD_pkey_type 3852 EXIST::FUNCTION:
-EVP_MD_CTX_clear_flags 3853 EXIST::FUNCTION:
-IPAddressFamily_free 3854 EXIST::FUNCTION:RFC3779
-i2d_IPAddressFamily 3855 EXIST::FUNCTION:RFC3779
-IPAddressOrRange_new 3856 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_flags 3857 EXIST::FUNCTION:
-v3_asid_validate_resource_set 3858 EXIST::FUNCTION:RFC3779
-d2i_IPAddressRange 3859 EXIST::FUNCTION:RFC3779
-AES_bi_ige_encrypt 3860 EXIST::FUNCTION:AES
-BIO_get_callback 3861 EXIST::FUNCTION:
-IPAddressOrRange_free 3862 EXIST::FUNCTION:RFC3779
-v3_addr_subset 3863 EXIST::FUNCTION:RFC3779
-d2i_IPAddressFamily 3864 EXIST::FUNCTION:RFC3779
-v3_asid_subset 3865 EXIST::FUNCTION:RFC3779
-BIO_test_flags 3866 EXIST::FUNCTION:
-i2d_ASIdentifierChoice 3867 EXIST::FUNCTION:RFC3779
-ASRange_it 3868 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASRange_it 3868 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-d2i_ASIdentifiers 3869 EXIST::FUNCTION:RFC3779
-ASRange_new 3870 EXIST::FUNCTION:RFC3779
-d2i_IPAddressChoice 3871 EXIST::FUNCTION:RFC3779
-v3_addr_get_afi 3872 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_key_length 3873 EXIST::FUNCTION:
-EVP_Cipher 3874 EXIST::FUNCTION:
-i2d_IPAddressOrRange 3875 EXIST::FUNCTION:RFC3779
-ASIdOrRange_it 3876 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASIdOrRange_it 3876 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-EVP_CIPHER_nid 3877 EXIST::FUNCTION:
-i2d_IPAddressChoice 3878 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_block_size 3879 EXIST::FUNCTION:
-ASIdentifiers_new 3880 EXIST::FUNCTION:RFC3779
-v3_addr_validate_path 3881 EXIST::FUNCTION:RFC3779
-IPAddressFamily_new 3882 EXIST::FUNCTION:RFC3779
-EVP_MD_CTX_set_flags 3883 EXIST::FUNCTION:
-v3_addr_is_canonical 3884 EXIST::FUNCTION:RFC3779
-i2d_IPAddressRange 3885 EXIST::FUNCTION:RFC3779
-IPAddressFamily_it 3886 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressFamily_it 3886 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-v3_asid_inherits 3887 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_cipher 3888 EXIST::FUNCTION:
-EVP_CIPHER_CTX_get_app_data 3889 EXIST::FUNCTION:
-EVP_MD_block_size 3890 EXIST::FUNCTION:
-EVP_CIPHER_CTX_flags 3891 EXIST::FUNCTION:
-v3_asid_validate_path 3892 EXIST::FUNCTION:RFC3779
-d2i_IPAddressOrRange 3893 EXIST::FUNCTION:RFC3779
-v3_addr_canonize 3894 EXIST::FUNCTION:RFC3779
-ASIdentifierChoice_it 3895 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASIdentifierChoice_it 3895 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-EVP_MD_CTX_md 3896 EXIST::FUNCTION:
-d2i_ASIdentifierChoice 3897 EXIST::FUNCTION:RFC3779
-BIO_method_name 3898 EXIST::FUNCTION:
-EVP_CIPHER_CTX_iv_length 3899 EXIST::FUNCTION:
-ASIdOrRange_free 3900 EXIST::FUNCTION:RFC3779
-ASIdentifierChoice_free 3901 EXIST::FUNCTION:RFC3779
-BIO_get_callback_arg 3902 EXIST::FUNCTION:
-BIO_set_callback 3903 EXIST::FUNCTION:
-d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779
-i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779
-CRYPTO_memcmp 3906 EXIST::FUNCTION:
-BN_consttime_swap 3907 EXIST::FUNCTION:
-SEED_decrypt 3908 EXIST::FUNCTION:SEED
-SEED_encrypt 3909 EXIST::FUNCTION:SEED
-SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED
-EVP_seed_ofb 3911 EXIST::FUNCTION:SEED
-SEED_cfb128_encrypt 3912 EXIST::FUNCTION:SEED
-SEED_ofb128_encrypt 3913 EXIST::FUNCTION:SEED
-EVP_seed_cbc 3914 EXIST::FUNCTION:SEED
-SEED_ecb_encrypt 3915 EXIST::FUNCTION:SEED
-EVP_seed_ecb 3916 EXIST::FUNCTION:SEED
-SEED_set_key 3917 EXIST::FUNCTION:SEED
-EVP_seed_cfb128 3918 EXIST::FUNCTION:SEED
-X509_EXTENSIONS_it 3919 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_EXTENSIONS_it 3919 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_get1_ocsp 3920 EXIST::FUNCTION:
-OCSP_REQ_CTX_free 3921 EXIST::FUNCTION:
-i2d_X509_EXTENSIONS 3922 EXIST::FUNCTION:
-OCSP_sendreq_nbio 3923 EXIST::FUNCTION:
-OCSP_sendreq_new 3924 EXIST::FUNCTION:
-d2i_X509_EXTENSIONS 3925 EXIST::FUNCTION:
-X509_ALGORS_it 3926 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_ALGORS_it 3926 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_ALGOR_get0 3927 EXIST::FUNCTION:
-X509_ALGOR_set0 3928 EXIST::FUNCTION:
-AES_unwrap_key 3929 EXIST::FUNCTION:AES
-AES_wrap_key 3930 EXIST::FUNCTION:AES
-X509at_get0_data_by_OBJ 3931 EXIST::FUNCTION:
-ASN1_TYPE_set1 3932 EXIST::FUNCTION:
-ASN1_STRING_set0 3933 EXIST::FUNCTION:
-i2d_X509_ALGORS 3934 EXIST::FUNCTION:
-BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION:
-COMP_zlib_cleanup 3936 EXIST::FUNCTION:
-d2i_X509_ALGORS 3937 EXIST::FUNCTION:
-CMS_ReceiptRequest_free 3938 EXIST::FUNCTION:CMS
-PEM_write_CMS 3939 EXIST:!WIN16:FUNCTION:CMS
-CMS_add0_CertificateChoices 3940 EXIST::FUNCTION:CMS
-CMS_unsigned_add1_attr_by_OBJ 3941 EXIST::FUNCTION:CMS
-ERR_load_CMS_strings 3942 EXIST::FUNCTION:CMS
-CMS_sign_receipt 3943 EXIST::FUNCTION:CMS
-i2d_CMS_ContentInfo 3944 EXIST::FUNCTION:CMS
-CMS_signed_delete_attr 3945 EXIST::FUNCTION:CMS
-d2i_CMS_bio 3946 EXIST::FUNCTION:CMS
-CMS_unsigned_get_attr_by_NID 3947 EXIST::FUNCTION:CMS
-CMS_verify 3948 EXIST::FUNCTION:CMS
-SMIME_read_CMS 3949 EXIST::FUNCTION:CMS
-CMS_decrypt_set1_key 3950 EXIST::FUNCTION:CMS
-CMS_SignerInfo_get0_algs 3951 EXIST::FUNCTION:CMS
-CMS_add1_cert 3952 EXIST::FUNCTION:CMS
-CMS_set_detached 3953 EXIST::FUNCTION:CMS
-CMS_encrypt 3954 EXIST::FUNCTION:CMS
-CMS_EnvelopedData_create 3955 EXIST::FUNCTION:CMS
-CMS_uncompress 3956 EXIST::FUNCTION:CMS
-CMS_add0_crl 3957 EXIST::FUNCTION:CMS
-CMS_SignerInfo_verify_content 3958 EXIST::FUNCTION:CMS
-CMS_unsigned_get0_data_by_OBJ 3959 EXIST::FUNCTION:CMS
-PEM_write_bio_CMS 3960 EXIST::FUNCTION:CMS
-CMS_unsigned_get_attr 3961 EXIST::FUNCTION:CMS
-CMS_RecipientInfo_ktri_cert_cmp 3962 EXIST::FUNCTION:CMS
-CMS_RecipientInfo_ktri_get0_algs 3963 EXIST:!VMS:FUNCTION:CMS
-CMS_RecipInfo_ktri_get0_algs 3963 EXIST:VMS:FUNCTION:CMS
-CMS_ContentInfo_free 3964 EXIST::FUNCTION:CMS
-CMS_final 3965 EXIST::FUNCTION:CMS
-CMS_add_simple_smimecap 3966 EXIST::FUNCTION:CMS
-CMS_SignerInfo_verify 3967 EXIST::FUNCTION:CMS
-CMS_data 3968 EXIST::FUNCTION:CMS
-CMS_ContentInfo_it 3969 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
-CMS_ContentInfo_it 3969 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
-d2i_CMS_ReceiptRequest 3970 EXIST::FUNCTION:CMS
-CMS_compress 3971 EXIST::FUNCTION:CMS
-CMS_digest_create 3972 EXIST::FUNCTION:CMS
-CMS_SignerInfo_cert_cmp 3973 EXIST::FUNCTION:CMS
-CMS_SignerInfo_sign 3974 EXIST::FUNCTION:CMS
-CMS_data_create 3975 EXIST::FUNCTION:CMS
-i2d_CMS_bio 3976 EXIST::FUNCTION:CMS
-CMS_EncryptedData_set1_key 3977 EXIST::FUNCTION:CMS
-CMS_decrypt 3978 EXIST::FUNCTION:CMS
-int_smime_write_ASN1 3979 EXIST::FUNCTION:
-CMS_unsigned_delete_attr 3980 EXIST::FUNCTION:CMS
-CMS_unsigned_get_attr_count 3981 EXIST::FUNCTION:CMS
-CMS_add_smimecap 3982 EXIST::FUNCTION:CMS
-PEM_read_CMS 3983 EXIST:!WIN16:FUNCTION:CMS
-CMS_signed_get_attr_by_OBJ 3984 EXIST::FUNCTION:CMS
-d2i_CMS_ContentInfo 3985 EXIST::FUNCTION:CMS
-CMS_add_standard_smimecap 3986 EXIST::FUNCTION:CMS
-CMS_ContentInfo_new 3987 EXIST::FUNCTION:CMS
-CMS_RecipientInfo_type 3988 EXIST::FUNCTION:CMS
-CMS_get0_type 3989 EXIST::FUNCTION:CMS
-CMS_is_detached 3990 EXIST::FUNCTION:CMS
-CMS_sign 3991 EXIST::FUNCTION:CMS
-CMS_signed_add1_attr 3992 EXIST::FUNCTION:CMS
-CMS_unsigned_get_attr_by_OBJ 3993 EXIST::FUNCTION:CMS
-SMIME_write_CMS 3994 EXIST::FUNCTION:CMS
-CMS_EncryptedData_decrypt 3995 EXIST::FUNCTION:CMS
-CMS_get0_RecipientInfos 3996 EXIST::FUNCTION:CMS
-CMS_add0_RevocationInfoChoice 3997 EXIST::FUNCTION:CMS
-CMS_decrypt_set1_pkey 3998 EXIST::FUNCTION:CMS
-CMS_SignerInfo_set1_signer_cert 3999 EXIST::FUNCTION:CMS
-CMS_get0_signers 4000 EXIST::FUNCTION:CMS
-CMS_ReceiptRequest_get0_values 4001 EXIST::FUNCTION:CMS
-CMS_signed_get0_data_by_OBJ 4002 EXIST::FUNCTION:CMS
-CMS_get0_SignerInfos 4003 EXIST::FUNCTION:CMS
-CMS_add0_cert 4004 EXIST::FUNCTION:CMS
-CMS_EncryptedData_encrypt 4005 EXIST::FUNCTION:CMS
-CMS_digest_verify 4006 EXIST::FUNCTION:CMS
-CMS_set1_signers_certs 4007 EXIST::FUNCTION:CMS
-CMS_signed_get_attr 4008 EXIST::FUNCTION:CMS
-CMS_RecipientInfo_set0_key 4009 EXIST::FUNCTION:CMS
-CMS_SignedData_init 4010 EXIST::FUNCTION:CMS
-CMS_RecipientInfo_kekri_get0_id 4011 EXIST::FUNCTION:CMS
-CMS_verify_receipt 4012 EXIST::FUNCTION:CMS
-CMS_ReceiptRequest_it 4013 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
-CMS_ReceiptRequest_it 4013 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
-PEM_read_bio_CMS 4014 EXIST::FUNCTION:CMS
-CMS_get1_crls 4015 EXIST::FUNCTION:CMS
-CMS_add0_recipient_key 4016 EXIST::FUNCTION:CMS
-SMIME_read_ASN1 4017 EXIST::FUNCTION:
-CMS_ReceiptRequest_new 4018 EXIST::FUNCTION:CMS
-CMS_get0_content 4019 EXIST::FUNCTION:CMS
-CMS_get1_ReceiptRequest 4020 EXIST::FUNCTION:CMS
-CMS_signed_add1_attr_by_OBJ 4021 EXIST::FUNCTION:CMS
-CMS_RecipientInfo_kekri_id_cmp 4022 EXIST::FUNCTION:CMS
-CMS_add1_ReceiptRequest 4023 EXIST::FUNCTION:CMS
-CMS_SignerInfo_get0_signer_id 4024 EXIST::FUNCTION:CMS
-CMS_unsigned_add1_attr_by_NID 4025 EXIST::FUNCTION:CMS
-CMS_unsigned_add1_attr 4026 EXIST::FUNCTION:CMS
-CMS_signed_get_attr_by_NID 4027 EXIST::FUNCTION:CMS
-CMS_get1_certs 4028 EXIST::FUNCTION:CMS
-CMS_signed_add1_attr_by_NID 4029 EXIST::FUNCTION:CMS
-CMS_unsigned_add1_attr_by_txt 4030 EXIST::FUNCTION:CMS
-CMS_dataFinal 4031 EXIST::FUNCTION:CMS
-CMS_RecipientInfo_ktri_get0_signer_id 4032 EXIST:!VMS:FUNCTION:CMS
-CMS_RecipInfo_ktri_get0_sigr_id 4032 EXIST:VMS:FUNCTION:CMS
-i2d_CMS_ReceiptRequest 4033 EXIST::FUNCTION:CMS
-CMS_add1_recipient_cert 4034 EXIST::FUNCTION:CMS
-CMS_dataInit 4035 EXIST::FUNCTION:CMS
-CMS_signed_add1_attr_by_txt 4036 EXIST::FUNCTION:CMS
-CMS_RecipientInfo_decrypt 4037 EXIST::FUNCTION:CMS
-CMS_signed_get_attr_count 4038 EXIST::FUNCTION:CMS
-CMS_get0_eContentType 4039 EXIST::FUNCTION:CMS
-CMS_set1_eContentType 4040 EXIST::FUNCTION:CMS
-CMS_ReceiptRequest_create0 4041 EXIST::FUNCTION:CMS
-CMS_add1_signer 4042 EXIST::FUNCTION:CMS
-CMS_RecipientInfo_set0_pkey 4043 EXIST::FUNCTION:CMS
-ENGINE_set_load_ssl_client_cert_function 4044 EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_set_ld_ssl_clnt_cert_fn 4044 EXIST:VMS:FUNCTION:ENGINE
-ENGINE_get_ssl_client_cert_function 4045 EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_get_ssl_client_cert_fn 4045 EXIST:VMS:FUNCTION:ENGINE
-ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE
-ENGINE_load_capi 4047 EXIST:WIN32:FUNCTION:CAPIENG,ENGINE,STATIC_ENGINE
-OPENSSL_isservice 4048 EXIST::FUNCTION:
-FIPS_dsa_sig_decode 4049 EXIST:OPENSSL_FIPS:FUNCTION:DSA
-EVP_CIPHER_CTX_clear_flags 4050 EXIST::FUNCTION:
-FIPS_rand_status 4051 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_rand_set_key 4052 EXIST:OPENSSL_FIPS:FUNCTION:
-CRYPTO_set_mem_info_functions 4053 EXIST::FUNCTION:
-RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA
-int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION:
-int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
-int_CRYPTO_set_do_dynlock_callback 4057 EXIST:!VMS:FUNCTION:
-int_CRYPTO_set_do_dynlock_cb 4057 EXIST:VMS:FUNCTION:
-FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION:
-EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION:
-BN_X931_generate_prime_ex 4060 EXIST::FUNCTION:
-FIPS_selftest_check 4061 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_rand_set_dt 4062 EXIST:OPENSSL_FIPS:FUNCTION:
-CRYPTO_dbg_pop_info 4063 EXIST::FUNCTION:
-FIPS_dsa_free 4064 EXIST:OPENSSL_FIPS:FUNCTION:DSA
-RSA_X931_derive_ex 4065 EXIST::FUNCTION:RSA
-FIPS_rsa_new 4066 EXIST:OPENSSL_FIPS:FUNCTION:RSA
-FIPS_rand_bytes 4067 EXIST:OPENSSL_FIPS:FUNCTION:
-fips_cipher_test 4068 EXIST:OPENSSL_FIPS:FUNCTION:
-EVP_CIPHER_CTX_test_flags 4069 EXIST::FUNCTION:
-CRYPTO_malloc_debug_init 4070 EXIST::FUNCTION:
-CRYPTO_dbg_push_info 4071 EXIST::FUNCTION:
-FIPS_corrupt_rsa_keygen 4072 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_dh_new 4073 EXIST:OPENSSL_FIPS:FUNCTION:DH
-FIPS_corrupt_dsa_keygen 4074 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_dh_free 4075 EXIST:OPENSSL_FIPS:FUNCTION:DH
-fips_pkey_signature_test 4076 EXIST:OPENSSL_FIPS:FUNCTION:
-EVP_add_alg_module 4077 EXIST::FUNCTION:
-int_RAND_init_engine_callbacks 4078 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
-int_EVP_CIPHER_set_engine_callbacks 4079 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
-int_EVP_MD_init_engine_callbacks 4080 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
-FIPS_rand_test_mode 4081 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_rand_reset 4082 EXIST:OPENSSL_FIPS:FUNCTION:
-FIPS_dsa_new 4083 EXIST:OPENSSL_FIPS:FUNCTION:DSA
-int_RAND_set_callbacks 4084 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
-BN_X931_derive_prime_ex 4085 EXIST::FUNCTION:
-int_ERR_lib_init 4086 EXIST:OPENSSL_FIPS:FUNCTION:
-int_EVP_CIPHER_init_engine_callbacks 4087 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
-FIPS_rsa_free 4088 EXIST:OPENSSL_FIPS:FUNCTION:RSA
-FIPS_dsa_sig_encode 4089 EXIST:OPENSSL_FIPS:FUNCTION:DSA
-CRYPTO_dbg_remove_all_info 4090 EXIST::FUNCTION:
-OPENSSL_init 4091 EXIST::FUNCTION:
-private_Camellia_set_key 4092 EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA
-CRYPTO_strdup 4093 EXIST::FUNCTION:
-JPAKE_STEP3A_process 4094 EXIST::FUNCTION:JPAKE
-JPAKE_STEP1_release 4095 EXIST::FUNCTION:JPAKE
-JPAKE_get_shared_key 4096 EXIST::FUNCTION:JPAKE
-JPAKE_STEP3B_init 4097 EXIST::FUNCTION:JPAKE
-JPAKE_STEP1_generate 4098 EXIST::FUNCTION:JPAKE
-JPAKE_STEP1_init 4099 EXIST::FUNCTION:JPAKE
-JPAKE_STEP3B_process 4100 EXIST::FUNCTION:JPAKE
-JPAKE_STEP2_generate 4101 EXIST::FUNCTION:JPAKE
-JPAKE_CTX_new 4102 EXIST::FUNCTION:JPAKE
-JPAKE_CTX_free 4103 EXIST::FUNCTION:JPAKE
-JPAKE_STEP3B_release 4104 EXIST::FUNCTION:JPAKE
-JPAKE_STEP3A_release 4105 EXIST::FUNCTION:JPAKE
-JPAKE_STEP2_process 4106 EXIST::FUNCTION:JPAKE
-JPAKE_STEP3B_generate 4107 EXIST::FUNCTION:JPAKE
-JPAKE_STEP1_process 4108 EXIST::FUNCTION:JPAKE
-JPAKE_STEP3A_generate 4109 EXIST::FUNCTION:JPAKE
-JPAKE_STEP2_release 4110 EXIST::FUNCTION:JPAKE
-JPAKE_STEP3A_init 4111 EXIST::FUNCTION:JPAKE
-ERR_load_JPAKE_strings 4112 EXIST::FUNCTION:JPAKE
-JPAKE_STEP2_init 4113 EXIST::FUNCTION:JPAKE
-pqueue_size 4114 EXIST::FUNCTION:
-OPENSSL_uni2asc 4115 EXIST:NETWARE:FUNCTION:
-OPENSSL_asc2uni 4116 EXIST:NETWARE:FUNCTION:
Copied: vendor-crypto/openssl/0.9.8zf/util/libeay.num (from rev 6969, vendor-crypto/openssl/dist/util/libeay.num)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/util/libeay.num (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/util/libeay.num 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,3734 @@
+SSLeay 1 EXIST::FUNCTION:
+SSLeay_version 2 EXIST::FUNCTION:
+ASN1_BIT_STRING_asn1_meth 3 EXIST::FUNCTION:
+ASN1_HEADER_free 4 EXIST::FUNCTION:
+ASN1_HEADER_new 5 EXIST::FUNCTION:
+ASN1_IA5STRING_asn1_meth 6 EXIST::FUNCTION:
+ASN1_INTEGER_get 7 EXIST::FUNCTION:
+ASN1_INTEGER_set 8 EXIST::FUNCTION:
+ASN1_INTEGER_to_BN 9 EXIST::FUNCTION:
+ASN1_OBJECT_create 10 EXIST::FUNCTION:
+ASN1_OBJECT_free 11 EXIST::FUNCTION:
+ASN1_OBJECT_new 12 EXIST::FUNCTION:
+ASN1_PRINTABLE_type 13 EXIST::FUNCTION:
+ASN1_STRING_cmp 14 EXIST::FUNCTION:
+ASN1_STRING_dup 15 EXIST::FUNCTION:
+ASN1_STRING_free 16 EXIST::FUNCTION:
+ASN1_STRING_new 17 EXIST::FUNCTION:
+ASN1_STRING_print 18 EXIST::FUNCTION:BIO
+ASN1_STRING_set 19 EXIST::FUNCTION:
+ASN1_STRING_type_new 20 EXIST::FUNCTION:
+ASN1_TYPE_free 21 EXIST::FUNCTION:
+ASN1_TYPE_new 22 EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_to_string 23 EXIST::FUNCTION:
+ASN1_UTCTIME_check 24 EXIST::FUNCTION:
+ASN1_UTCTIME_print 25 EXIST::FUNCTION:BIO
+ASN1_UTCTIME_set 26 EXIST::FUNCTION:
+ASN1_check_infinite_end 27 EXIST::FUNCTION:
+ASN1_d2i_bio 28 EXIST::FUNCTION:BIO
+ASN1_d2i_fp 29 EXIST::FUNCTION:FP_API
+ASN1_digest 30 EXIST::FUNCTION:EVP
+ASN1_dup 31 EXIST::FUNCTION:
+ASN1_get_object 32 EXIST::FUNCTION:
+ASN1_i2d_bio 33 EXIST::FUNCTION:BIO
+ASN1_i2d_fp 34 EXIST::FUNCTION:FP_API
+ASN1_object_size 35 EXIST::FUNCTION:
+ASN1_parse 36 EXIST::FUNCTION:BIO
+ASN1_put_object 37 EXIST::FUNCTION:
+ASN1_sign 38 EXIST::FUNCTION:EVP
+ASN1_verify 39 EXIST::FUNCTION:EVP
+BF_cbc_encrypt 40 EXIST::FUNCTION:BF
+BF_cfb64_encrypt 41 EXIST::FUNCTION:BF
+BF_ecb_encrypt 42 EXIST::FUNCTION:BF
+BF_encrypt 43 EXIST::FUNCTION:BF
+BF_ofb64_encrypt 44 EXIST::FUNCTION:BF
+BF_options 45 EXIST::FUNCTION:BF
+BF_set_key 46 EXIST::FUNCTION:BF
+BIO_CONNECT_free 47 NOEXIST::FUNCTION:
+BIO_CONNECT_new 48 NOEXIST::FUNCTION:
+BIO_accept 51 EXIST::FUNCTION:
+BIO_ctrl 52 EXIST::FUNCTION:
+BIO_int_ctrl 53 EXIST::FUNCTION:
+BIO_debug_callback 54 EXIST::FUNCTION:
+BIO_dump 55 EXIST::FUNCTION:
+BIO_dup_chain 56 EXIST::FUNCTION:
+BIO_f_base64 57 EXIST::FUNCTION:BIO
+BIO_f_buffer 58 EXIST::FUNCTION:
+BIO_f_cipher 59 EXIST::FUNCTION:BIO
+BIO_f_md 60 EXIST::FUNCTION:BIO
+BIO_f_null 61 EXIST::FUNCTION:
+BIO_f_proxy_server 62 NOEXIST::FUNCTION:
+BIO_fd_non_fatal_error 63 EXIST::FUNCTION:
+BIO_fd_should_retry 64 EXIST::FUNCTION:
+BIO_find_type 65 EXIST::FUNCTION:
+BIO_free 66 EXIST::FUNCTION:
+BIO_free_all 67 EXIST::FUNCTION:
+BIO_get_accept_socket 69 EXIST::FUNCTION:
+BIO_get_filter_bio 70 NOEXIST::FUNCTION:
+BIO_get_host_ip 71 EXIST::FUNCTION:
+BIO_get_port 72 EXIST::FUNCTION:
+BIO_get_retry_BIO 73 EXIST::FUNCTION:
+BIO_get_retry_reason 74 EXIST::FUNCTION:
+BIO_gethostbyname 75 EXIST::FUNCTION:
+BIO_gets 76 EXIST::FUNCTION:
+BIO_new 78 EXIST::FUNCTION:
+BIO_new_accept 79 EXIST::FUNCTION:
+BIO_new_connect 80 EXIST::FUNCTION:
+BIO_new_fd 81 EXIST::FUNCTION:
+BIO_new_file 82 EXIST:!WIN16:FUNCTION:FP_API
+BIO_new_fp 83 EXIST:!WIN16:FUNCTION:FP_API
+BIO_new_socket 84 EXIST::FUNCTION:
+BIO_pop 85 EXIST::FUNCTION:
+BIO_printf 86 EXIST::FUNCTION:
+BIO_push 87 EXIST::FUNCTION:
+BIO_puts 88 EXIST::FUNCTION:
+BIO_read 89 EXIST::FUNCTION:
+BIO_s_accept 90 EXIST::FUNCTION:
+BIO_s_connect 91 EXIST::FUNCTION:
+BIO_s_fd 92 EXIST::FUNCTION:
+BIO_s_file 93 EXIST:!WIN16:FUNCTION:FP_API
+BIO_s_mem 95 EXIST::FUNCTION:
+BIO_s_null 96 EXIST::FUNCTION:
+BIO_s_proxy_client 97 NOEXIST::FUNCTION:
+BIO_s_socket 98 EXIST::FUNCTION:
+BIO_set 100 EXIST::FUNCTION:
+BIO_set_cipher 101 EXIST::FUNCTION:BIO
+BIO_set_tcp_ndelay 102 EXIST::FUNCTION:
+BIO_sock_cleanup 103 EXIST::FUNCTION:
+BIO_sock_error 104 EXIST::FUNCTION:
+BIO_sock_init 105 EXIST::FUNCTION:
+BIO_sock_non_fatal_error 106 EXIST::FUNCTION:
+BIO_sock_should_retry 107 EXIST::FUNCTION:
+BIO_socket_ioctl 108 EXIST::FUNCTION:
+BIO_write 109 EXIST::FUNCTION:
+BN_CTX_free 110 EXIST::FUNCTION:
+BN_CTX_new 111 EXIST::FUNCTION:
+BN_MONT_CTX_free 112 EXIST::FUNCTION:
+BN_MONT_CTX_new 113 EXIST::FUNCTION:
+BN_MONT_CTX_set 114 EXIST::FUNCTION:
+BN_add 115 EXIST::FUNCTION:
+BN_add_word 116 EXIST::FUNCTION:
+BN_hex2bn 117 EXIST::FUNCTION:
+BN_bin2bn 118 EXIST::FUNCTION:
+BN_bn2hex 119 EXIST::FUNCTION:
+BN_bn2bin 120 EXIST::FUNCTION:
+BN_clear 121 EXIST::FUNCTION:
+BN_clear_bit 122 EXIST::FUNCTION:
+BN_clear_free 123 EXIST::FUNCTION:
+BN_cmp 124 EXIST::FUNCTION:
+BN_copy 125 EXIST::FUNCTION:
+BN_div 126 EXIST::FUNCTION:
+BN_div_word 127 EXIST::FUNCTION:
+BN_dup 128 EXIST::FUNCTION:
+BN_free 129 EXIST::FUNCTION:
+BN_from_montgomery 130 EXIST::FUNCTION:
+BN_gcd 131 EXIST::FUNCTION:
+BN_generate_prime 132 EXIST::FUNCTION:DEPRECATED
+BN_get_word 133 EXIST::FUNCTION:
+BN_is_bit_set 134 EXIST::FUNCTION:
+BN_is_prime 135 EXIST::FUNCTION:DEPRECATED
+BN_lshift 136 EXIST::FUNCTION:
+BN_lshift1 137 EXIST::FUNCTION:
+BN_mask_bits 138 EXIST::FUNCTION:
+BN_mod 139 NOEXIST::FUNCTION:
+BN_mod_exp 140 EXIST::FUNCTION:
+BN_mod_exp_mont 141 EXIST::FUNCTION:
+BN_mod_exp_simple 143 EXIST::FUNCTION:
+BN_mod_inverse 144 EXIST::FUNCTION:
+BN_mod_mul 145 EXIST::FUNCTION:
+BN_mod_mul_montgomery 146 EXIST::FUNCTION:
+BN_mod_word 148 EXIST::FUNCTION:
+BN_mul 149 EXIST::FUNCTION:
+BN_new 150 EXIST::FUNCTION:
+BN_num_bits 151 EXIST::FUNCTION:
+BN_num_bits_word 152 EXIST::FUNCTION:
+BN_options 153 EXIST::FUNCTION:
+BN_print 154 EXIST::FUNCTION:
+BN_print_fp 155 EXIST::FUNCTION:FP_API
+BN_rand 156 EXIST::FUNCTION:
+BN_reciprocal 157 EXIST::FUNCTION:
+BN_rshift 158 EXIST::FUNCTION:
+BN_rshift1 159 EXIST::FUNCTION:
+BN_set_bit 160 EXIST::FUNCTION:
+BN_set_word 161 EXIST::FUNCTION:
+BN_sqr 162 EXIST::FUNCTION:
+BN_sub 163 EXIST::FUNCTION:
+BN_to_ASN1_INTEGER 164 EXIST::FUNCTION:
+BN_ucmp 165 EXIST::FUNCTION:
+BN_value_one 166 EXIST::FUNCTION:
+BUF_MEM_free 167 EXIST::FUNCTION:
+BUF_MEM_grow 168 EXIST::FUNCTION:
+BUF_MEM_new 169 EXIST::FUNCTION:
+BUF_strdup 170 EXIST::FUNCTION:
+CONF_free 171 EXIST::FUNCTION:
+CONF_get_number 172 EXIST::FUNCTION:
+CONF_get_section 173 EXIST::FUNCTION:
+CONF_get_string 174 EXIST::FUNCTION:
+CONF_load 175 EXIST::FUNCTION:
+CRYPTO_add_lock 176 EXIST::FUNCTION:
+CRYPTO_dbg_free 177 EXIST::FUNCTION:
+CRYPTO_dbg_malloc 178 EXIST::FUNCTION:
+CRYPTO_dbg_realloc 179 EXIST::FUNCTION:
+CRYPTO_dbg_remalloc 180 NOEXIST::FUNCTION:
+CRYPTO_free 181 EXIST::FUNCTION:
+CRYPTO_get_add_lock_callback 182 EXIST::FUNCTION:
+CRYPTO_get_id_callback 183 EXIST::FUNCTION:
+CRYPTO_get_lock_name 184 EXIST::FUNCTION:
+CRYPTO_get_locking_callback 185 EXIST::FUNCTION:
+CRYPTO_get_mem_functions 186 EXIST::FUNCTION:
+CRYPTO_lock 187 EXIST::FUNCTION:
+CRYPTO_malloc 188 EXIST::FUNCTION:
+CRYPTO_mem_ctrl 189 EXIST::FUNCTION:
+CRYPTO_mem_leaks 190 EXIST::FUNCTION:
+CRYPTO_mem_leaks_cb 191 EXIST::FUNCTION:
+CRYPTO_mem_leaks_fp 192 EXIST::FUNCTION:FP_API
+CRYPTO_realloc 193 EXIST::FUNCTION:
+CRYPTO_remalloc 194 EXIST::FUNCTION:
+CRYPTO_set_add_lock_callback 195 EXIST::FUNCTION:
+CRYPTO_set_id_callback 196 EXIST::FUNCTION:
+CRYPTO_set_locking_callback 197 EXIST::FUNCTION:
+CRYPTO_set_mem_functions 198 EXIST::FUNCTION:
+CRYPTO_thread_id 199 EXIST::FUNCTION:
+DH_check 200 EXIST::FUNCTION:DH
+DH_compute_key 201 EXIST::FUNCTION:DH
+DH_free 202 EXIST::FUNCTION:DH
+DH_generate_key 203 EXIST::FUNCTION:DH
+DH_generate_parameters 204 EXIST::FUNCTION:DEPRECATED,DH
+DH_new 205 EXIST::FUNCTION:DH
+DH_size 206 EXIST::FUNCTION:DH
+DHparams_print 207 EXIST::FUNCTION:BIO,DH
+DHparams_print_fp 208 EXIST::FUNCTION:DH,FP_API
+DSA_free 209 EXIST::FUNCTION:DSA
+DSA_generate_key 210 EXIST::FUNCTION:DSA
+DSA_generate_parameters 211 EXIST::FUNCTION:DEPRECATED,DSA
+DSA_is_prime 212 NOEXIST::FUNCTION:
+DSA_new 213 EXIST::FUNCTION:DSA
+DSA_print 214 EXIST::FUNCTION:BIO,DSA
+DSA_print_fp 215 EXIST::FUNCTION:DSA,FP_API
+DSA_sign 216 EXIST::FUNCTION:DSA
+DSA_sign_setup 217 EXIST::FUNCTION:DSA
+DSA_size 218 EXIST::FUNCTION:DSA
+DSA_verify 219 EXIST::FUNCTION:DSA
+DSAparams_print 220 EXIST::FUNCTION:BIO,DSA
+DSAparams_print_fp 221 EXIST::FUNCTION:DSA,FP_API
+ERR_clear_error 222 EXIST::FUNCTION:
+ERR_error_string 223 EXIST::FUNCTION:
+ERR_free_strings 224 EXIST::FUNCTION:
+ERR_func_error_string 225 EXIST::FUNCTION:
+ERR_get_err_state_table 226 EXIST::FUNCTION:LHASH
+ERR_get_error 227 EXIST::FUNCTION:
+ERR_get_error_line 228 EXIST::FUNCTION:
+ERR_get_state 229 EXIST::FUNCTION:
+ERR_get_string_table 230 EXIST::FUNCTION:LHASH
+ERR_lib_error_string 231 EXIST::FUNCTION:
+ERR_load_ASN1_strings 232 EXIST::FUNCTION:
+ERR_load_BIO_strings 233 EXIST::FUNCTION:
+ERR_load_BN_strings 234 EXIST::FUNCTION:
+ERR_load_BUF_strings 235 EXIST::FUNCTION:
+ERR_load_CONF_strings 236 EXIST::FUNCTION:
+ERR_load_DH_strings 237 EXIST::FUNCTION:DH
+ERR_load_DSA_strings 238 EXIST::FUNCTION:DSA
+ERR_load_ERR_strings 239 EXIST::FUNCTION:
+ERR_load_EVP_strings 240 EXIST::FUNCTION:
+ERR_load_OBJ_strings 241 EXIST::FUNCTION:
+ERR_load_PEM_strings 242 EXIST::FUNCTION:
+ERR_load_PROXY_strings 243 NOEXIST::FUNCTION:
+ERR_load_RSA_strings 244 EXIST::FUNCTION:RSA
+ERR_load_X509_strings 245 EXIST::FUNCTION:
+ERR_load_crypto_strings 246 EXIST::FUNCTION:
+ERR_load_strings 247 EXIST::FUNCTION:
+ERR_peek_error 248 EXIST::FUNCTION:
+ERR_peek_error_line 249 EXIST::FUNCTION:
+ERR_print_errors 250 EXIST::FUNCTION:BIO
+ERR_print_errors_fp 251 EXIST::FUNCTION:FP_API
+ERR_put_error 252 EXIST::FUNCTION:
+ERR_reason_error_string 253 EXIST::FUNCTION:
+ERR_remove_state 254 EXIST::FUNCTION:
+EVP_BytesToKey 255 EXIST::FUNCTION:
+EVP_CIPHER_CTX_cleanup 256 EXIST::FUNCTION:
+EVP_CipherFinal 257 EXIST::FUNCTION:
+EVP_CipherInit 258 EXIST::FUNCTION:
+EVP_CipherUpdate 259 EXIST::FUNCTION:
+EVP_DecodeBlock 260 EXIST::FUNCTION:
+EVP_DecodeFinal 261 EXIST::FUNCTION:
+EVP_DecodeInit 262 EXIST::FUNCTION:
+EVP_DecodeUpdate 263 EXIST::FUNCTION:
+EVP_DecryptFinal 264 EXIST::FUNCTION:
+EVP_DecryptInit 265 EXIST::FUNCTION:
+EVP_DecryptUpdate 266 EXIST::FUNCTION:
+EVP_DigestFinal 267 EXIST::FUNCTION:
+EVP_DigestInit 268 EXIST::FUNCTION:
+EVP_DigestUpdate 269 EXIST::FUNCTION:
+EVP_EncodeBlock 270 EXIST::FUNCTION:
+EVP_EncodeFinal 271 EXIST::FUNCTION:
+EVP_EncodeInit 272 EXIST::FUNCTION:
+EVP_EncodeUpdate 273 EXIST::FUNCTION:
+EVP_EncryptFinal 274 EXIST::FUNCTION:
+EVP_EncryptInit 275 EXIST::FUNCTION:
+EVP_EncryptUpdate 276 EXIST::FUNCTION:
+EVP_OpenFinal 277 EXIST::FUNCTION:RSA
+EVP_OpenInit 278 EXIST::FUNCTION:RSA
+EVP_PKEY_assign 279 EXIST::FUNCTION:
+EVP_PKEY_copy_parameters 280 EXIST::FUNCTION:
+EVP_PKEY_free 281 EXIST::FUNCTION:
+EVP_PKEY_missing_parameters 282 EXIST::FUNCTION:
+EVP_PKEY_new 283 EXIST::FUNCTION:
+EVP_PKEY_save_parameters 284 EXIST::FUNCTION:
+EVP_PKEY_size 285 EXIST::FUNCTION:
+EVP_PKEY_type 286 EXIST::FUNCTION:
+EVP_SealFinal 287 EXIST::FUNCTION:RSA
+EVP_SealInit 288 EXIST::FUNCTION:RSA
+EVP_SignFinal 289 EXIST::FUNCTION:
+EVP_VerifyFinal 290 EXIST::FUNCTION:
+EVP_add_alias 291 NOEXIST::FUNCTION:
+EVP_add_cipher 292 EXIST::FUNCTION:
+EVP_add_digest 293 EXIST::FUNCTION:
+EVP_bf_cbc 294 EXIST::FUNCTION:BF
+EVP_bf_cfb64 295 EXIST::FUNCTION:BF
+EVP_bf_ecb 296 EXIST::FUNCTION:BF
+EVP_bf_ofb 297 EXIST::FUNCTION:BF
+EVP_cleanup 298 EXIST::FUNCTION:
+EVP_des_cbc 299 EXIST::FUNCTION:DES
+EVP_des_cfb64 300 EXIST::FUNCTION:DES
+EVP_des_ecb 301 EXIST::FUNCTION:DES
+EVP_des_ede 302 EXIST::FUNCTION:DES
+EVP_des_ede3 303 EXIST::FUNCTION:DES
+EVP_des_ede3_cbc 304 EXIST::FUNCTION:DES
+EVP_des_ede3_cfb64 305 EXIST::FUNCTION:DES
+EVP_des_ede3_ofb 306 EXIST::FUNCTION:DES
+EVP_des_ede_cbc 307 EXIST::FUNCTION:DES
+EVP_des_ede_cfb64 308 EXIST::FUNCTION:DES
+EVP_des_ede_ofb 309 EXIST::FUNCTION:DES
+EVP_des_ofb 310 EXIST::FUNCTION:DES
+EVP_desx_cbc 311 EXIST::FUNCTION:DES
+EVP_dss 312 EXIST::FUNCTION:DSA,SHA
+EVP_dss1 313 EXIST::FUNCTION:DSA,SHA
+EVP_enc_null 314 EXIST::FUNCTION:
+EVP_get_cipherbyname 315 EXIST::FUNCTION:
+EVP_get_digestbyname 316 EXIST::FUNCTION:
+EVP_get_pw_prompt 317 EXIST::FUNCTION:
+EVP_idea_cbc 318 EXIST::FUNCTION:IDEA
+EVP_idea_cfb64 319 EXIST::FUNCTION:IDEA
+EVP_idea_ecb 320 EXIST::FUNCTION:IDEA
+EVP_idea_ofb 321 EXIST::FUNCTION:IDEA
+EVP_md2 322 EXIST::FUNCTION:MD2
+EVP_md5 323 EXIST::FUNCTION:MD5
+EVP_md_null 324 EXIST::FUNCTION:
+EVP_rc2_cbc 325 EXIST::FUNCTION:RC2
+EVP_rc2_cfb64 326 EXIST::FUNCTION:RC2
+EVP_rc2_ecb 327 EXIST::FUNCTION:RC2
+EVP_rc2_ofb 328 EXIST::FUNCTION:RC2
+EVP_rc4 329 EXIST::FUNCTION:RC4
+EVP_read_pw_string 330 EXIST::FUNCTION:
+EVP_set_pw_prompt 331 EXIST::FUNCTION:
+EVP_sha 332 EXIST::FUNCTION:SHA
+EVP_sha1 333 EXIST::FUNCTION:SHA
+MD2 334 EXIST::FUNCTION:MD2
+MD2_Final 335 EXIST::FUNCTION:MD2
+MD2_Init 336 EXIST::FUNCTION:MD2
+MD2_Update 337 EXIST::FUNCTION:MD2
+MD2_options 338 EXIST::FUNCTION:MD2
+MD5 339 EXIST::FUNCTION:MD5
+MD5_Final 340 EXIST::FUNCTION:MD5
+MD5_Init 341 EXIST::FUNCTION:MD5
+MD5_Update 342 EXIST::FUNCTION:MD5
+MDC2 343 EXIST::FUNCTION:MDC2
+MDC2_Final 344 EXIST::FUNCTION:MDC2
+MDC2_Init 345 EXIST::FUNCTION:MDC2
+MDC2_Update 346 EXIST::FUNCTION:MDC2
+NETSCAPE_SPKAC_free 347 EXIST::FUNCTION:
+NETSCAPE_SPKAC_new 348 EXIST::FUNCTION:
+NETSCAPE_SPKI_free 349 EXIST::FUNCTION:
+NETSCAPE_SPKI_new 350 EXIST::FUNCTION:
+NETSCAPE_SPKI_sign 351 EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_verify 352 EXIST::FUNCTION:EVP
+OBJ_add_object 353 EXIST::FUNCTION:
+OBJ_bsearch 354 EXIST::FUNCTION:
+OBJ_cleanup 355 EXIST::FUNCTION:
+OBJ_cmp 356 EXIST::FUNCTION:
+OBJ_create 357 EXIST::FUNCTION:
+OBJ_dup 358 EXIST::FUNCTION:
+OBJ_ln2nid 359 EXIST::FUNCTION:
+OBJ_new_nid 360 EXIST::FUNCTION:
+OBJ_nid2ln 361 EXIST::FUNCTION:
+OBJ_nid2obj 362 EXIST::FUNCTION:
+OBJ_nid2sn 363 EXIST::FUNCTION:
+OBJ_obj2nid 364 EXIST::FUNCTION:
+OBJ_sn2nid 365 EXIST::FUNCTION:
+OBJ_txt2nid 366 EXIST::FUNCTION:
+PEM_ASN1_read 367 EXIST:!WIN16:FUNCTION:
+PEM_ASN1_read_bio 368 EXIST::FUNCTION:BIO
+PEM_ASN1_write 369 EXIST:!WIN16:FUNCTION:
+PEM_ASN1_write_bio 370 EXIST::FUNCTION:BIO
+PEM_SealFinal 371 EXIST::FUNCTION:RSA
+PEM_SealInit 372 EXIST::FUNCTION:RSA
+PEM_SealUpdate 373 EXIST::FUNCTION:RSA
+PEM_SignFinal 374 EXIST::FUNCTION:
+PEM_SignInit 375 EXIST::FUNCTION:
+PEM_SignUpdate 376 EXIST::FUNCTION:
+PEM_X509_INFO_read 377 EXIST:!WIN16:FUNCTION:
+PEM_X509_INFO_read_bio 378 EXIST::FUNCTION:BIO
+PEM_X509_INFO_write_bio 379 EXIST::FUNCTION:BIO
+PEM_dek_info 380 EXIST::FUNCTION:
+PEM_do_header 381 EXIST::FUNCTION:
+PEM_get_EVP_CIPHER_INFO 382 EXIST::FUNCTION:
+PEM_proc_type 383 EXIST::FUNCTION:
+PEM_read 384 EXIST:!WIN16:FUNCTION:
+PEM_read_DHparams 385 EXIST:!WIN16:FUNCTION:DH
+PEM_read_DSAPrivateKey 386 EXIST:!WIN16:FUNCTION:DSA
+PEM_read_DSAparams 387 EXIST:!WIN16:FUNCTION:DSA
+PEM_read_PKCS7 388 EXIST:!WIN16:FUNCTION:
+PEM_read_PrivateKey 389 EXIST:!WIN16:FUNCTION:
+PEM_read_RSAPrivateKey 390 EXIST:!WIN16:FUNCTION:RSA
+PEM_read_X509 391 EXIST:!WIN16:FUNCTION:
+PEM_read_X509_CRL 392 EXIST:!WIN16:FUNCTION:
+PEM_read_X509_REQ 393 EXIST:!WIN16:FUNCTION:
+PEM_read_bio 394 EXIST::FUNCTION:BIO
+PEM_read_bio_DHparams 395 EXIST::FUNCTION:DH
+PEM_read_bio_DSAPrivateKey 396 EXIST::FUNCTION:DSA
+PEM_read_bio_DSAparams 397 EXIST::FUNCTION:DSA
+PEM_read_bio_PKCS7 398 EXIST::FUNCTION:
+PEM_read_bio_PrivateKey 399 EXIST::FUNCTION:
+PEM_read_bio_RSAPrivateKey 400 EXIST::FUNCTION:RSA
+PEM_read_bio_X509 401 EXIST::FUNCTION:
+PEM_read_bio_X509_CRL 402 EXIST::FUNCTION:
+PEM_read_bio_X509_REQ 403 EXIST::FUNCTION:
+PEM_write 404 EXIST:!WIN16:FUNCTION:
+PEM_write_DHparams 405 EXIST:!WIN16:FUNCTION:DH
+PEM_write_DSAPrivateKey 406 EXIST:!WIN16:FUNCTION:DSA
+PEM_write_DSAparams 407 EXIST:!WIN16:FUNCTION:DSA
+PEM_write_PKCS7 408 EXIST:!WIN16:FUNCTION:
+PEM_write_PrivateKey 409 EXIST:!WIN16:FUNCTION:
+PEM_write_RSAPrivateKey 410 EXIST:!WIN16:FUNCTION:RSA
+PEM_write_X509 411 EXIST:!WIN16:FUNCTION:
+PEM_write_X509_CRL 412 EXIST:!WIN16:FUNCTION:
+PEM_write_X509_REQ 413 EXIST:!WIN16:FUNCTION:
+PEM_write_bio 414 EXIST::FUNCTION:BIO
+PEM_write_bio_DHparams 415 EXIST::FUNCTION:DH
+PEM_write_bio_DSAPrivateKey 416 EXIST::FUNCTION:DSA
+PEM_write_bio_DSAparams 417 EXIST::FUNCTION:DSA
+PEM_write_bio_PKCS7 418 EXIST::FUNCTION:
+PEM_write_bio_PrivateKey 419 EXIST::FUNCTION:
+PEM_write_bio_RSAPrivateKey 420 EXIST::FUNCTION:RSA
+PEM_write_bio_X509 421 EXIST::FUNCTION:
+PEM_write_bio_X509_CRL 422 EXIST::FUNCTION:
+PEM_write_bio_X509_REQ 423 EXIST::FUNCTION:
+PKCS7_DIGEST_free 424 EXIST::FUNCTION:
+PKCS7_DIGEST_new 425 EXIST::FUNCTION:
+PKCS7_ENCRYPT_free 426 EXIST::FUNCTION:
+PKCS7_ENCRYPT_new 427 EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_free 428 EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_new 429 EXIST::FUNCTION:
+PKCS7_ENVELOPE_free 430 EXIST::FUNCTION:
+PKCS7_ENVELOPE_new 431 EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_digest 432 EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_free 433 EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_new 434 EXIST::FUNCTION:
+PKCS7_RECIP_INFO_free 435 EXIST::FUNCTION:
+PKCS7_RECIP_INFO_new 436 EXIST::FUNCTION:
+PKCS7_SIGNED_free 437 EXIST::FUNCTION:
+PKCS7_SIGNED_new 438 EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_free 439 EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_new 440 EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_free 441 EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_new 442 EXIST::FUNCTION:
+PKCS7_dup 443 EXIST::FUNCTION:
+PKCS7_free 444 EXIST::FUNCTION:
+PKCS7_new 445 EXIST::FUNCTION:
+PROXY_ENTRY_add_noproxy 446 NOEXIST::FUNCTION:
+PROXY_ENTRY_clear_noproxy 447 NOEXIST::FUNCTION:
+PROXY_ENTRY_free 448 NOEXIST::FUNCTION:
+PROXY_ENTRY_get_noproxy 449 NOEXIST::FUNCTION:
+PROXY_ENTRY_new 450 NOEXIST::FUNCTION:
+PROXY_ENTRY_set_server 451 NOEXIST::FUNCTION:
+PROXY_add_noproxy 452 NOEXIST::FUNCTION:
+PROXY_add_server 453 NOEXIST::FUNCTION:
+PROXY_check_by_host 454 NOEXIST::FUNCTION:
+PROXY_check_url 455 NOEXIST::FUNCTION:
+PROXY_clear_noproxy 456 NOEXIST::FUNCTION:
+PROXY_free 457 NOEXIST::FUNCTION:
+PROXY_get_noproxy 458 NOEXIST::FUNCTION:
+PROXY_get_proxies 459 NOEXIST::FUNCTION:
+PROXY_get_proxy_entry 460 NOEXIST::FUNCTION:
+PROXY_load_conf 461 NOEXIST::FUNCTION:
+PROXY_new 462 NOEXIST::FUNCTION:
+PROXY_print 463 NOEXIST::FUNCTION:
+RAND_bytes 464 EXIST::FUNCTION:
+RAND_cleanup 465 EXIST::FUNCTION:
+RAND_file_name 466 EXIST::FUNCTION:
+RAND_load_file 467 EXIST::FUNCTION:
+RAND_screen 468 EXIST:WIN32:FUNCTION:
+RAND_seed 469 EXIST::FUNCTION:
+RAND_write_file 470 EXIST::FUNCTION:
+RC2_cbc_encrypt 471 EXIST::FUNCTION:RC2
+RC2_cfb64_encrypt 472 EXIST::FUNCTION:RC2
+RC2_ecb_encrypt 473 EXIST::FUNCTION:RC2
+RC2_encrypt 474 EXIST::FUNCTION:RC2
+RC2_ofb64_encrypt 475 EXIST::FUNCTION:RC2
+RC2_set_key 476 EXIST::FUNCTION:RC2
+RC4 477 EXIST::FUNCTION:RC4
+RC4_options 478 EXIST::FUNCTION:RC4
+RC4_set_key 479 EXIST::FUNCTION:RC4
+RSAPrivateKey_asn1_meth 480 EXIST::FUNCTION:RSA
+RSAPrivateKey_dup 481 EXIST::FUNCTION:RSA
+RSAPublicKey_dup 482 EXIST::FUNCTION:RSA
+RSA_PKCS1_SSLeay 483 EXIST::FUNCTION:RSA
+RSA_free 484 EXIST::FUNCTION:RSA
+RSA_generate_key 485 EXIST::FUNCTION:DEPRECATED,RSA
+RSA_new 486 EXIST::FUNCTION:RSA
+RSA_new_method 487 EXIST::FUNCTION:RSA
+RSA_print 488 EXIST::FUNCTION:BIO,RSA
+RSA_print_fp 489 EXIST::FUNCTION:FP_API,RSA
+RSA_private_decrypt 490 EXIST::FUNCTION:RSA
+RSA_private_encrypt 491 EXIST::FUNCTION:RSA
+RSA_public_decrypt 492 EXIST::FUNCTION:RSA
+RSA_public_encrypt 493 EXIST::FUNCTION:RSA
+RSA_set_default_method 494 EXIST::FUNCTION:RSA
+RSA_sign 495 EXIST::FUNCTION:RSA
+RSA_sign_ASN1_OCTET_STRING 496 EXIST::FUNCTION:RSA
+RSA_size 497 EXIST::FUNCTION:RSA
+RSA_verify 498 EXIST::FUNCTION:RSA
+RSA_verify_ASN1_OCTET_STRING 499 EXIST::FUNCTION:RSA
+SHA 500 EXIST::FUNCTION:SHA,SHA0
+SHA1 501 EXIST::FUNCTION:SHA,SHA1
+SHA1_Final 502 EXIST::FUNCTION:SHA,SHA1
+SHA1_Init 503 EXIST::FUNCTION:SHA,SHA1
+SHA1_Update 504 EXIST::FUNCTION:SHA,SHA1
+SHA_Final 505 EXIST::FUNCTION:SHA,SHA0
+SHA_Init 506 EXIST::FUNCTION:SHA,SHA0
+SHA_Update 507 EXIST::FUNCTION:SHA,SHA0
+OpenSSL_add_all_algorithms 508 NOEXIST::FUNCTION:
+OpenSSL_add_all_ciphers 509 EXIST::FUNCTION:
+OpenSSL_add_all_digests 510 EXIST::FUNCTION:
+TXT_DB_create_index 511 EXIST::FUNCTION:
+TXT_DB_free 512 EXIST::FUNCTION:
+TXT_DB_get_by_index 513 EXIST::FUNCTION:
+TXT_DB_insert 514 EXIST::FUNCTION:
+TXT_DB_read 515 EXIST::FUNCTION:BIO
+TXT_DB_write 516 EXIST::FUNCTION:BIO
+X509_ALGOR_free 517 EXIST::FUNCTION:
+X509_ALGOR_new 518 EXIST::FUNCTION:
+X509_ATTRIBUTE_free 519 EXIST::FUNCTION:
+X509_ATTRIBUTE_new 520 EXIST::FUNCTION:
+X509_CINF_free 521 EXIST::FUNCTION:
+X509_CINF_new 522 EXIST::FUNCTION:
+X509_CRL_INFO_free 523 EXIST::FUNCTION:
+X509_CRL_INFO_new 524 EXIST::FUNCTION:
+X509_CRL_add_ext 525 EXIST::FUNCTION:
+X509_CRL_cmp 526 EXIST::FUNCTION:
+X509_CRL_delete_ext 527 EXIST::FUNCTION:
+X509_CRL_dup 528 EXIST::FUNCTION:
+X509_CRL_free 529 EXIST::FUNCTION:
+X509_CRL_get_ext 530 EXIST::FUNCTION:
+X509_CRL_get_ext_by_NID 531 EXIST::FUNCTION:
+X509_CRL_get_ext_by_OBJ 532 EXIST::FUNCTION:
+X509_CRL_get_ext_by_critical 533 EXIST::FUNCTION:
+X509_CRL_get_ext_count 534 EXIST::FUNCTION:
+X509_CRL_new 535 EXIST::FUNCTION:
+X509_CRL_sign 536 EXIST::FUNCTION:EVP
+X509_CRL_verify 537 EXIST::FUNCTION:EVP
+X509_EXTENSION_create_by_NID 538 EXIST::FUNCTION:
+X509_EXTENSION_create_by_OBJ 539 EXIST::FUNCTION:
+X509_EXTENSION_dup 540 EXIST::FUNCTION:
+X509_EXTENSION_free 541 EXIST::FUNCTION:
+X509_EXTENSION_get_critical 542 EXIST::FUNCTION:
+X509_EXTENSION_get_data 543 EXIST::FUNCTION:
+X509_EXTENSION_get_object 544 EXIST::FUNCTION:
+X509_EXTENSION_new 545 EXIST::FUNCTION:
+X509_EXTENSION_set_critical 546 EXIST::FUNCTION:
+X509_EXTENSION_set_data 547 EXIST::FUNCTION:
+X509_EXTENSION_set_object 548 EXIST::FUNCTION:
+X509_INFO_free 549 EXIST::FUNCTION:EVP
+X509_INFO_new 550 EXIST::FUNCTION:EVP
+X509_LOOKUP_by_alias 551 EXIST::FUNCTION:
+X509_LOOKUP_by_fingerprint 552 EXIST::FUNCTION:
+X509_LOOKUP_by_issuer_serial 553 EXIST::FUNCTION:
+X509_LOOKUP_by_subject 554 EXIST::FUNCTION:
+X509_LOOKUP_ctrl 555 EXIST::FUNCTION:
+X509_LOOKUP_file 556 EXIST::FUNCTION:
+X509_LOOKUP_free 557 EXIST::FUNCTION:
+X509_LOOKUP_hash_dir 558 EXIST::FUNCTION:
+X509_LOOKUP_init 559 EXIST::FUNCTION:
+X509_LOOKUP_new 560 EXIST::FUNCTION:
+X509_LOOKUP_shutdown 561 EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_NID 562 EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_OBJ 563 EXIST::FUNCTION:
+X509_NAME_ENTRY_dup 564 EXIST::FUNCTION:
+X509_NAME_ENTRY_free 565 EXIST::FUNCTION:
+X509_NAME_ENTRY_get_data 566 EXIST::FUNCTION:
+X509_NAME_ENTRY_get_object 567 EXIST::FUNCTION:
+X509_NAME_ENTRY_new 568 EXIST::FUNCTION:
+X509_NAME_ENTRY_set_data 569 EXIST::FUNCTION:
+X509_NAME_ENTRY_set_object 570 EXIST::FUNCTION:
+X509_NAME_add_entry 571 EXIST::FUNCTION:
+X509_NAME_cmp 572 EXIST::FUNCTION:
+X509_NAME_delete_entry 573 EXIST::FUNCTION:
+X509_NAME_digest 574 EXIST::FUNCTION:EVP
+X509_NAME_dup 575 EXIST::FUNCTION:
+X509_NAME_entry_count 576 EXIST::FUNCTION:
+X509_NAME_free 577 EXIST::FUNCTION:
+X509_NAME_get_entry 578 EXIST::FUNCTION:
+X509_NAME_get_index_by_NID 579 EXIST::FUNCTION:
+X509_NAME_get_index_by_OBJ 580 EXIST::FUNCTION:
+X509_NAME_get_text_by_NID 581 EXIST::FUNCTION:
+X509_NAME_get_text_by_OBJ 582 EXIST::FUNCTION:
+X509_NAME_hash 583 EXIST::FUNCTION:
+X509_NAME_new 584 EXIST::FUNCTION:
+X509_NAME_oneline 585 EXIST::FUNCTION:EVP
+X509_NAME_print 586 EXIST::FUNCTION:BIO
+X509_NAME_set 587 EXIST::FUNCTION:
+X509_OBJECT_free_contents 588 EXIST::FUNCTION:
+X509_OBJECT_retrieve_by_subject 589 EXIST::FUNCTION:
+X509_OBJECT_up_ref_count 590 EXIST::FUNCTION:
+X509_PKEY_free 591 EXIST::FUNCTION:
+X509_PKEY_new 592 EXIST::FUNCTION:
+X509_PUBKEY_free 593 EXIST::FUNCTION:
+X509_PUBKEY_get 594 EXIST::FUNCTION:
+X509_PUBKEY_new 595 EXIST::FUNCTION:
+X509_PUBKEY_set 596 EXIST::FUNCTION:
+X509_REQ_INFO_free 597 EXIST::FUNCTION:
+X509_REQ_INFO_new 598 EXIST::FUNCTION:
+X509_REQ_dup 599 EXIST::FUNCTION:
+X509_REQ_free 600 EXIST::FUNCTION:
+X509_REQ_get_pubkey 601 EXIST::FUNCTION:
+X509_REQ_new 602 EXIST::FUNCTION:
+X509_REQ_print 603 EXIST::FUNCTION:BIO
+X509_REQ_print_fp 604 EXIST::FUNCTION:FP_API
+X509_REQ_set_pubkey 605 EXIST::FUNCTION:
+X509_REQ_set_subject_name 606 EXIST::FUNCTION:
+X509_REQ_set_version 607 EXIST::FUNCTION:
+X509_REQ_sign 608 EXIST::FUNCTION:EVP
+X509_REQ_to_X509 609 EXIST::FUNCTION:
+X509_REQ_verify 610 EXIST::FUNCTION:EVP
+X509_REVOKED_add_ext 611 EXIST::FUNCTION:
+X509_REVOKED_delete_ext 612 EXIST::FUNCTION:
+X509_REVOKED_free 613 EXIST::FUNCTION:
+X509_REVOKED_get_ext 614 EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_NID 615 EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_OBJ 616 EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_critical 617 EXIST:!VMS:FUNCTION:
+X509_REVOKED_get_ext_by_critic 617 EXIST:VMS:FUNCTION:
+X509_REVOKED_get_ext_count 618 EXIST::FUNCTION:
+X509_REVOKED_new 619 EXIST::FUNCTION:
+X509_SIG_free 620 EXIST::FUNCTION:
+X509_SIG_new 621 EXIST::FUNCTION:
+X509_STORE_CTX_cleanup 622 EXIST::FUNCTION:
+X509_STORE_CTX_init 623 EXIST::FUNCTION:
+X509_STORE_add_cert 624 EXIST::FUNCTION:
+X509_STORE_add_lookup 625 EXIST::FUNCTION:
+X509_STORE_free 626 EXIST::FUNCTION:
+X509_STORE_get_by_subject 627 EXIST::FUNCTION:
+X509_STORE_load_locations 628 EXIST::FUNCTION:STDIO
+X509_STORE_new 629 EXIST::FUNCTION:
+X509_STORE_set_default_paths 630 EXIST::FUNCTION:STDIO
+X509_VAL_free 631 EXIST::FUNCTION:
+X509_VAL_new 632 EXIST::FUNCTION:
+X509_add_ext 633 EXIST::FUNCTION:
+X509_asn1_meth 634 EXIST::FUNCTION:
+X509_certificate_type 635 EXIST::FUNCTION:
+X509_check_private_key 636 EXIST::FUNCTION:
+X509_cmp_current_time 637 EXIST::FUNCTION:
+X509_delete_ext 638 EXIST::FUNCTION:
+X509_digest 639 EXIST::FUNCTION:EVP
+X509_dup 640 EXIST::FUNCTION:
+X509_free 641 EXIST::FUNCTION:
+X509_get_default_cert_area 642 EXIST::FUNCTION:
+X509_get_default_cert_dir 643 EXIST::FUNCTION:
+X509_get_default_cert_dir_env 644 EXIST::FUNCTION:
+X509_get_default_cert_file 645 EXIST::FUNCTION:
+X509_get_default_cert_file_env 646 EXIST::FUNCTION:
+X509_get_default_private_dir 647 EXIST::FUNCTION:
+X509_get_ext 648 EXIST::FUNCTION:
+X509_get_ext_by_NID 649 EXIST::FUNCTION:
+X509_get_ext_by_OBJ 650 EXIST::FUNCTION:
+X509_get_ext_by_critical 651 EXIST::FUNCTION:
+X509_get_ext_count 652 EXIST::FUNCTION:
+X509_get_issuer_name 653 EXIST::FUNCTION:
+X509_get_pubkey 654 EXIST::FUNCTION:
+X509_get_pubkey_parameters 655 EXIST::FUNCTION:
+X509_get_serialNumber 656 EXIST::FUNCTION:
+X509_get_subject_name 657 EXIST::FUNCTION:
+X509_gmtime_adj 658 EXIST::FUNCTION:
+X509_issuer_and_serial_cmp 659 EXIST::FUNCTION:
+X509_issuer_and_serial_hash 660 EXIST::FUNCTION:
+X509_issuer_name_cmp 661 EXIST::FUNCTION:
+X509_issuer_name_hash 662 EXIST::FUNCTION:
+X509_load_cert_file 663 EXIST::FUNCTION:STDIO
+X509_new 664 EXIST::FUNCTION:
+X509_print 665 EXIST::FUNCTION:BIO
+X509_print_fp 666 EXIST::FUNCTION:FP_API
+X509_set_issuer_name 667 EXIST::FUNCTION:
+X509_set_notAfter 668 EXIST::FUNCTION:
+X509_set_notBefore 669 EXIST::FUNCTION:
+X509_set_pubkey 670 EXIST::FUNCTION:
+X509_set_serialNumber 671 EXIST::FUNCTION:
+X509_set_subject_name 672 EXIST::FUNCTION:
+X509_set_version 673 EXIST::FUNCTION:
+X509_sign 674 EXIST::FUNCTION:EVP
+X509_subject_name_cmp 675 EXIST::FUNCTION:
+X509_subject_name_hash 676 EXIST::FUNCTION:
+X509_to_X509_REQ 677 EXIST::FUNCTION:
+X509_verify 678 EXIST::FUNCTION:EVP
+X509_verify_cert 679 EXIST::FUNCTION:
+X509_verify_cert_error_string 680 EXIST::FUNCTION:
+X509v3_add_ext 681 EXIST::FUNCTION:
+X509v3_add_extension 682 NOEXIST::FUNCTION:
+X509v3_add_netscape_extensions 683 NOEXIST::FUNCTION:
+X509v3_add_standard_extensions 684 NOEXIST::FUNCTION:
+X509v3_cleanup_extensions 685 NOEXIST::FUNCTION:
+X509v3_data_type_by_NID 686 NOEXIST::FUNCTION:
+X509v3_data_type_by_OBJ 687 NOEXIST::FUNCTION:
+X509v3_delete_ext 688 EXIST::FUNCTION:
+X509v3_get_ext 689 EXIST::FUNCTION:
+X509v3_get_ext_by_NID 690 EXIST::FUNCTION:
+X509v3_get_ext_by_OBJ 691 EXIST::FUNCTION:
+X509v3_get_ext_by_critical 692 EXIST::FUNCTION:
+X509v3_get_ext_count 693 EXIST::FUNCTION:
+X509v3_pack_string 694 NOEXIST::FUNCTION:
+X509v3_pack_type_by_NID 695 NOEXIST::FUNCTION:
+X509v3_pack_type_by_OBJ 696 NOEXIST::FUNCTION:
+X509v3_unpack_string 697 NOEXIST::FUNCTION:
+_des_crypt 698 NOEXIST::FUNCTION:
+a2d_ASN1_OBJECT 699 EXIST::FUNCTION:
+a2i_ASN1_INTEGER 700 EXIST::FUNCTION:BIO
+a2i_ASN1_STRING 701 EXIST::FUNCTION:BIO
+asn1_Finish 702 EXIST::FUNCTION:
+asn1_GetSequence 703 EXIST::FUNCTION:
+bn_div_words 704 EXIST::FUNCTION:
+bn_expand2 705 EXIST::FUNCTION:
+bn_mul_add_words 706 EXIST::FUNCTION:
+bn_mul_words 707 EXIST::FUNCTION:
+BN_uadd 708 EXIST::FUNCTION:
+BN_usub 709 EXIST::FUNCTION:
+bn_sqr_words 710 EXIST::FUNCTION:
+_ossl_old_crypt 711 EXIST:!NeXT,!PERL5:FUNCTION:DES
+d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION:
+d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION:
+d2i_ASN1_HEADER 714 EXIST::FUNCTION:
+d2i_ASN1_IA5STRING 715 EXIST::FUNCTION:
+d2i_ASN1_INTEGER 716 EXIST::FUNCTION:
+d2i_ASN1_OBJECT 717 EXIST::FUNCTION:
+d2i_ASN1_OCTET_STRING 718 EXIST::FUNCTION:
+d2i_ASN1_PRINTABLE 719 EXIST::FUNCTION:
+d2i_ASN1_PRINTABLESTRING 720 EXIST::FUNCTION:
+d2i_ASN1_SET 721 EXIST::FUNCTION:
+d2i_ASN1_T61STRING 722 EXIST::FUNCTION:
+d2i_ASN1_TYPE 723 EXIST::FUNCTION:
+d2i_ASN1_UTCTIME 724 EXIST::FUNCTION:
+d2i_ASN1_bytes 725 EXIST::FUNCTION:
+d2i_ASN1_type_bytes 726 EXIST::FUNCTION:
+d2i_DHparams 727 EXIST::FUNCTION:DH
+d2i_DSAPrivateKey 728 EXIST::FUNCTION:DSA
+d2i_DSAPrivateKey_bio 729 EXIST::FUNCTION:BIO,DSA
+d2i_DSAPrivateKey_fp 730 EXIST::FUNCTION:DSA,FP_API
+d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA
+d2i_DSAparams 732 EXIST::FUNCTION:DSA
+d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION:
+d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION:
+d2i_Netscape_RSA 735 EXIST::FUNCTION:RC4,RSA
+d2i_PKCS7 736 EXIST::FUNCTION:
+d2i_PKCS7_DIGEST 737 EXIST::FUNCTION:
+d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION:
+d2i_PKCS7_ENC_CONTENT 739 EXIST::FUNCTION:
+d2i_PKCS7_ENVELOPE 740 EXIST::FUNCTION:
+d2i_PKCS7_ISSUER_AND_SERIAL 741 EXIST::FUNCTION:
+d2i_PKCS7_RECIP_INFO 742 EXIST::FUNCTION:
+d2i_PKCS7_SIGNED 743 EXIST::FUNCTION:
+d2i_PKCS7_SIGNER_INFO 744 EXIST::FUNCTION:
+d2i_PKCS7_SIGN_ENVELOPE 745 EXIST::FUNCTION:
+d2i_PKCS7_bio 746 EXIST::FUNCTION:
+d2i_PKCS7_fp 747 EXIST::FUNCTION:FP_API
+d2i_PrivateKey 748 EXIST::FUNCTION:
+d2i_PublicKey 749 EXIST::FUNCTION:
+d2i_RSAPrivateKey 750 EXIST::FUNCTION:RSA
+d2i_RSAPrivateKey_bio 751 EXIST::FUNCTION:BIO,RSA
+d2i_RSAPrivateKey_fp 752 EXIST::FUNCTION:FP_API,RSA
+d2i_RSAPublicKey 753 EXIST::FUNCTION:RSA
+d2i_X509 754 EXIST::FUNCTION:
+d2i_X509_ALGOR 755 EXIST::FUNCTION:
+d2i_X509_ATTRIBUTE 756 EXIST::FUNCTION:
+d2i_X509_CINF 757 EXIST::FUNCTION:
+d2i_X509_CRL 758 EXIST::FUNCTION:
+d2i_X509_CRL_INFO 759 EXIST::FUNCTION:
+d2i_X509_CRL_bio 760 EXIST::FUNCTION:BIO
+d2i_X509_CRL_fp 761 EXIST::FUNCTION:FP_API
+d2i_X509_EXTENSION 762 EXIST::FUNCTION:
+d2i_X509_NAME 763 EXIST::FUNCTION:
+d2i_X509_NAME_ENTRY 764 EXIST::FUNCTION:
+d2i_X509_PKEY 765 EXIST::FUNCTION:
+d2i_X509_PUBKEY 766 EXIST::FUNCTION:
+d2i_X509_REQ 767 EXIST::FUNCTION:
+d2i_X509_REQ_INFO 768 EXIST::FUNCTION:
+d2i_X509_REQ_bio 769 EXIST::FUNCTION:BIO
+d2i_X509_REQ_fp 770 EXIST::FUNCTION:FP_API
+d2i_X509_REVOKED 771 EXIST::FUNCTION:
+d2i_X509_SIG 772 EXIST::FUNCTION:
+d2i_X509_VAL 773 EXIST::FUNCTION:
+d2i_X509_bio 774 EXIST::FUNCTION:BIO
+d2i_X509_fp 775 EXIST::FUNCTION:FP_API
+DES_cbc_cksum 777 EXIST::FUNCTION:DES
+DES_cbc_encrypt 778 EXIST::FUNCTION:DES
+DES_cblock_print_file 779 NOEXIST::FUNCTION:
+DES_cfb64_encrypt 780 EXIST::FUNCTION:DES
+DES_cfb_encrypt 781 EXIST::FUNCTION:DES
+DES_decrypt3 782 EXIST::FUNCTION:DES
+DES_ecb3_encrypt 783 EXIST::FUNCTION:DES
+DES_ecb_encrypt 784 EXIST::FUNCTION:DES
+DES_ede3_cbc_encrypt 785 EXIST::FUNCTION:DES
+DES_ede3_cfb64_encrypt 786 EXIST::FUNCTION:DES
+DES_ede3_ofb64_encrypt 787 EXIST::FUNCTION:DES
+DES_enc_read 788 EXIST::FUNCTION:DES
+DES_enc_write 789 EXIST::FUNCTION:DES
+DES_encrypt1 790 EXIST::FUNCTION:DES
+DES_encrypt2 791 EXIST::FUNCTION:DES
+DES_encrypt3 792 EXIST::FUNCTION:DES
+DES_fcrypt 793 EXIST::FUNCTION:DES
+DES_is_weak_key 794 EXIST::FUNCTION:DES
+DES_key_sched 795 EXIST::FUNCTION:DES
+DES_ncbc_encrypt 796 EXIST::FUNCTION:DES
+DES_ofb64_encrypt 797 EXIST::FUNCTION:DES
+DES_ofb_encrypt 798 EXIST::FUNCTION:DES
+DES_options 799 EXIST::FUNCTION:DES
+DES_pcbc_encrypt 800 EXIST::FUNCTION:DES
+DES_quad_cksum 801 EXIST::FUNCTION:DES
+DES_random_key 802 EXIST::FUNCTION:DES
+_ossl_old_des_random_seed 803 EXIST::FUNCTION:DES
+_ossl_old_des_read_2passwords 804 EXIST::FUNCTION:DES
+_ossl_old_des_read_password 805 EXIST::FUNCTION:DES
+_ossl_old_des_read_pw 806 EXIST::FUNCTION:
+_ossl_old_des_read_pw_string 807 EXIST::FUNCTION:
+DES_set_key 808 EXIST::FUNCTION:DES
+DES_set_odd_parity 809 EXIST::FUNCTION:DES
+DES_string_to_2keys 810 EXIST::FUNCTION:DES
+DES_string_to_key 811 EXIST::FUNCTION:DES
+DES_xcbc_encrypt 812 EXIST::FUNCTION:DES
+DES_xwhite_in2out 813 NOEXIST::FUNCTION:
+fcrypt_body 814 NOEXIST::FUNCTION:
+i2a_ASN1_INTEGER 815 EXIST::FUNCTION:BIO
+i2a_ASN1_OBJECT 816 EXIST::FUNCTION:BIO
+i2a_ASN1_STRING 817 EXIST::FUNCTION:BIO
+i2d_ASN1_BIT_STRING 818 EXIST::FUNCTION:
+i2d_ASN1_BOOLEAN 819 EXIST::FUNCTION:
+i2d_ASN1_HEADER 820 EXIST::FUNCTION:
+i2d_ASN1_IA5STRING 821 EXIST::FUNCTION:
+i2d_ASN1_INTEGER 822 EXIST::FUNCTION:
+i2d_ASN1_OBJECT 823 EXIST::FUNCTION:
+i2d_ASN1_OCTET_STRING 824 EXIST::FUNCTION:
+i2d_ASN1_PRINTABLE 825 EXIST::FUNCTION:
+i2d_ASN1_SET 826 EXIST::FUNCTION:
+i2d_ASN1_TYPE 827 EXIST::FUNCTION:
+i2d_ASN1_UTCTIME 828 EXIST::FUNCTION:
+i2d_ASN1_bytes 829 EXIST::FUNCTION:
+i2d_DHparams 830 EXIST::FUNCTION:DH
+i2d_DSAPrivateKey 831 EXIST::FUNCTION:DSA
+i2d_DSAPrivateKey_bio 832 EXIST::FUNCTION:BIO,DSA
+i2d_DSAPrivateKey_fp 833 EXIST::FUNCTION:DSA,FP_API
+i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA
+i2d_DSAparams 835 EXIST::FUNCTION:DSA
+i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION:
+i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION:
+i2d_Netscape_RSA 838 EXIST::FUNCTION:RC4,RSA
+i2d_PKCS7 839 EXIST::FUNCTION:
+i2d_PKCS7_DIGEST 840 EXIST::FUNCTION:
+i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION:
+i2d_PKCS7_ENC_CONTENT 842 EXIST::FUNCTION:
+i2d_PKCS7_ENVELOPE 843 EXIST::FUNCTION:
+i2d_PKCS7_ISSUER_AND_SERIAL 844 EXIST::FUNCTION:
+i2d_PKCS7_RECIP_INFO 845 EXIST::FUNCTION:
+i2d_PKCS7_SIGNED 846 EXIST::FUNCTION:
+i2d_PKCS7_SIGNER_INFO 847 EXIST::FUNCTION:
+i2d_PKCS7_SIGN_ENVELOPE 848 EXIST::FUNCTION:
+i2d_PKCS7_bio 849 EXIST::FUNCTION:
+i2d_PKCS7_fp 850 EXIST::FUNCTION:FP_API
+i2d_PrivateKey 851 EXIST::FUNCTION:
+i2d_PublicKey 852 EXIST::FUNCTION:
+i2d_RSAPrivateKey 853 EXIST::FUNCTION:RSA
+i2d_RSAPrivateKey_bio 854 EXIST::FUNCTION:BIO,RSA
+i2d_RSAPrivateKey_fp 855 EXIST::FUNCTION:FP_API,RSA
+i2d_RSAPublicKey 856 EXIST::FUNCTION:RSA
+i2d_X509 857 EXIST::FUNCTION:
+i2d_X509_ALGOR 858 EXIST::FUNCTION:
+i2d_X509_ATTRIBUTE 859 EXIST::FUNCTION:
+i2d_X509_CINF 860 EXIST::FUNCTION:
+i2d_X509_CRL 861 EXIST::FUNCTION:
+i2d_X509_CRL_INFO 862 EXIST::FUNCTION:
+i2d_X509_CRL_bio 863 EXIST::FUNCTION:BIO
+i2d_X509_CRL_fp 864 EXIST::FUNCTION:FP_API
+i2d_X509_EXTENSION 865 EXIST::FUNCTION:
+i2d_X509_NAME 866 EXIST::FUNCTION:
+i2d_X509_NAME_ENTRY 867 EXIST::FUNCTION:
+i2d_X509_PKEY 868 EXIST::FUNCTION:
+i2d_X509_PUBKEY 869 EXIST::FUNCTION:
+i2d_X509_REQ 870 EXIST::FUNCTION:
+i2d_X509_REQ_INFO 871 EXIST::FUNCTION:
+i2d_X509_REQ_bio 872 EXIST::FUNCTION:BIO
+i2d_X509_REQ_fp 873 EXIST::FUNCTION:FP_API
+i2d_X509_REVOKED 874 EXIST::FUNCTION:
+i2d_X509_SIG 875 EXIST::FUNCTION:
+i2d_X509_VAL 876 EXIST::FUNCTION:
+i2d_X509_bio 877 EXIST::FUNCTION:BIO
+i2d_X509_fp 878 EXIST::FUNCTION:FP_API
+idea_cbc_encrypt 879 EXIST::FUNCTION:IDEA
+idea_cfb64_encrypt 880 EXIST::FUNCTION:IDEA
+idea_ecb_encrypt 881 EXIST::FUNCTION:IDEA
+idea_encrypt 882 EXIST::FUNCTION:IDEA
+idea_ofb64_encrypt 883 EXIST::FUNCTION:IDEA
+idea_options 884 EXIST::FUNCTION:IDEA
+idea_set_decrypt_key 885 EXIST::FUNCTION:IDEA
+idea_set_encrypt_key 886 EXIST::FUNCTION:IDEA
+lh_delete 887 EXIST::FUNCTION:
+lh_doall 888 EXIST::FUNCTION:
+lh_doall_arg 889 EXIST::FUNCTION:
+lh_free 890 EXIST::FUNCTION:
+lh_insert 891 EXIST::FUNCTION:
+lh_new 892 EXIST::FUNCTION:
+lh_node_stats 893 EXIST::FUNCTION:FP_API
+lh_node_stats_bio 894 EXIST::FUNCTION:BIO
+lh_node_usage_stats 895 EXIST::FUNCTION:FP_API
+lh_node_usage_stats_bio 896 EXIST::FUNCTION:BIO
+lh_retrieve 897 EXIST::FUNCTION:
+lh_stats 898 EXIST::FUNCTION:FP_API
+lh_stats_bio 899 EXIST::FUNCTION:BIO
+lh_strhash 900 EXIST::FUNCTION:
+sk_delete 901 EXIST::FUNCTION:
+sk_delete_ptr 902 EXIST::FUNCTION:
+sk_dup 903 EXIST::FUNCTION:
+sk_find 904 EXIST::FUNCTION:
+sk_free 905 EXIST::FUNCTION:
+sk_insert 906 EXIST::FUNCTION:
+sk_new 907 EXIST::FUNCTION:
+sk_pop 908 EXIST::FUNCTION:
+sk_pop_free 909 EXIST::FUNCTION:
+sk_push 910 EXIST::FUNCTION:
+sk_set_cmp_func 911 EXIST::FUNCTION:
+sk_shift 912 EXIST::FUNCTION:
+sk_unshift 913 EXIST::FUNCTION:
+sk_zero 914 EXIST::FUNCTION:
+BIO_f_nbio_test 915 EXIST::FUNCTION:
+ASN1_TYPE_get 916 EXIST::FUNCTION:
+ASN1_TYPE_set 917 EXIST::FUNCTION:
+PKCS7_content_free 918 NOEXIST::FUNCTION:
+ERR_load_PKCS7_strings 919 EXIST::FUNCTION:
+X509_find_by_issuer_and_serial 920 EXIST::FUNCTION:
+X509_find_by_subject 921 EXIST::FUNCTION:
+PKCS7_ctrl 927 EXIST::FUNCTION:
+PKCS7_set_type 928 EXIST::FUNCTION:
+PKCS7_set_content 929 EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_set 930 EXIST::FUNCTION:
+PKCS7_add_signer 931 EXIST::FUNCTION:
+PKCS7_add_certificate 932 EXIST::FUNCTION:
+PKCS7_add_crl 933 EXIST::FUNCTION:
+PKCS7_content_new 934 EXIST::FUNCTION:
+PKCS7_dataSign 935 NOEXIST::FUNCTION:
+PKCS7_dataVerify 936 EXIST::FUNCTION:
+PKCS7_dataInit 937 EXIST::FUNCTION:
+PKCS7_add_signature 938 EXIST::FUNCTION:
+PKCS7_cert_from_signer_info 939 EXIST::FUNCTION:
+PKCS7_get_signer_info 940 EXIST::FUNCTION:
+EVP_delete_alias 941 NOEXIST::FUNCTION:
+EVP_mdc2 942 EXIST::FUNCTION:MDC2
+PEM_read_bio_RSAPublicKey 943 EXIST::FUNCTION:RSA
+PEM_write_bio_RSAPublicKey 944 EXIST::FUNCTION:RSA
+d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:BIO,RSA
+i2d_RSAPublicKey_bio 946 EXIST::FUNCTION:BIO,RSA
+PEM_read_RSAPublicKey 947 EXIST:!WIN16:FUNCTION:RSA
+PEM_write_RSAPublicKey 949 EXIST:!WIN16:FUNCTION:RSA
+d2i_RSAPublicKey_fp 952 EXIST::FUNCTION:FP_API,RSA
+i2d_RSAPublicKey_fp 954 EXIST::FUNCTION:FP_API,RSA
+BIO_copy_next_retry 955 EXIST::FUNCTION:
+RSA_flags 956 EXIST::FUNCTION:RSA
+X509_STORE_add_crl 957 EXIST::FUNCTION:
+X509_load_crl_file 958 EXIST::FUNCTION:STDIO
+EVP_rc2_40_cbc 959 EXIST::FUNCTION:RC2
+EVP_rc4_40 960 EXIST::FUNCTION:RC4
+EVP_CIPHER_CTX_init 961 EXIST::FUNCTION:
+HMAC 962 EXIST::FUNCTION:HMAC
+HMAC_Init 963 EXIST::FUNCTION:HMAC
+HMAC_Update 964 EXIST::FUNCTION:HMAC
+HMAC_Final 965 EXIST::FUNCTION:HMAC
+ERR_get_next_error_library 966 EXIST::FUNCTION:
+EVP_PKEY_cmp_parameters 967 EXIST::FUNCTION:
+HMAC_cleanup 968 NOEXIST::FUNCTION:
+BIO_ptr_ctrl 969 EXIST::FUNCTION:
+BIO_new_file_internal 970 EXIST:WIN16:FUNCTION:FP_API
+BIO_new_fp_internal 971 EXIST:WIN16:FUNCTION:FP_API
+BIO_s_file_internal 972 EXIST:WIN16:FUNCTION:FP_API
+BN_BLINDING_convert 973 EXIST::FUNCTION:
+BN_BLINDING_invert 974 EXIST::FUNCTION:
+BN_BLINDING_update 975 EXIST::FUNCTION:
+RSA_blinding_on 977 EXIST::FUNCTION:RSA
+RSA_blinding_off 978 EXIST::FUNCTION:RSA
+i2t_ASN1_OBJECT 979 EXIST::FUNCTION:
+BN_BLINDING_new 980 EXIST::FUNCTION:
+BN_BLINDING_free 981 EXIST::FUNCTION:
+EVP_cast5_cbc 983 EXIST::FUNCTION:CAST
+EVP_cast5_cfb64 984 EXIST::FUNCTION:CAST
+EVP_cast5_ecb 985 EXIST::FUNCTION:CAST
+EVP_cast5_ofb 986 EXIST::FUNCTION:CAST
+BF_decrypt 987 EXIST::FUNCTION:BF
+CAST_set_key 988 EXIST::FUNCTION:CAST
+CAST_encrypt 989 EXIST::FUNCTION:CAST
+CAST_decrypt 990 EXIST::FUNCTION:CAST
+CAST_ecb_encrypt 991 EXIST::FUNCTION:CAST
+CAST_cbc_encrypt 992 EXIST::FUNCTION:CAST
+CAST_cfb64_encrypt 993 EXIST::FUNCTION:CAST
+CAST_ofb64_encrypt 994 EXIST::FUNCTION:CAST
+RC2_decrypt 995 EXIST::FUNCTION:RC2
+OBJ_create_objects 997 EXIST::FUNCTION:
+BN_exp 998 EXIST::FUNCTION:
+BN_mul_word 999 EXIST::FUNCTION:
+BN_sub_word 1000 EXIST::FUNCTION:
+BN_dec2bn 1001 EXIST::FUNCTION:
+BN_bn2dec 1002 EXIST::FUNCTION:
+BIO_ghbn_ctrl 1003 NOEXIST::FUNCTION:
+CRYPTO_free_ex_data 1004 EXIST::FUNCTION:
+CRYPTO_get_ex_data 1005 EXIST::FUNCTION:
+CRYPTO_set_ex_data 1007 EXIST::FUNCTION:
+ERR_load_CRYPTO_strings 1009 EXIST:!OS2,!VMS,!WIN16:FUNCTION:
+ERR_load_CRYPTOlib_strings 1009 EXIST:OS2,VMS,WIN16:FUNCTION:
+EVP_PKEY_bits 1010 EXIST::FUNCTION:
+MD5_Transform 1011 EXIST::FUNCTION:MD5
+SHA1_Transform 1012 EXIST::FUNCTION:SHA,SHA1
+SHA_Transform 1013 EXIST::FUNCTION:SHA,SHA0
+X509_STORE_CTX_get_chain 1014 EXIST::FUNCTION:
+X509_STORE_CTX_get_current_cert 1015 EXIST::FUNCTION:
+X509_STORE_CTX_get_error 1016 EXIST::FUNCTION:
+X509_STORE_CTX_get_error_depth 1017 EXIST::FUNCTION:
+X509_STORE_CTX_get_ex_data 1018 EXIST::FUNCTION:
+X509_STORE_CTX_set_cert 1020 EXIST::FUNCTION:
+X509_STORE_CTX_set_chain 1021 EXIST::FUNCTION:
+X509_STORE_CTX_set_error 1022 EXIST::FUNCTION:
+X509_STORE_CTX_set_ex_data 1023 EXIST::FUNCTION:
+CRYPTO_dup_ex_data 1025 EXIST::FUNCTION:
+CRYPTO_get_new_lockid 1026 EXIST::FUNCTION:
+CRYPTO_new_ex_data 1027 EXIST::FUNCTION:
+RSA_set_ex_data 1028 EXIST::FUNCTION:RSA
+RSA_get_ex_data 1029 EXIST::FUNCTION:RSA
+RSA_get_ex_new_index 1030 EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_1 1031 EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_2 1032 EXIST::FUNCTION:RSA
+RSA_padding_add_SSLv23 1033 EXIST::FUNCTION:RSA
+RSA_padding_add_none 1034 EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_1 1035 EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_2 1036 EXIST::FUNCTION:RSA
+RSA_padding_check_SSLv23 1037 EXIST::FUNCTION:RSA
+RSA_padding_check_none 1038 EXIST::FUNCTION:RSA
+bn_add_words 1039 EXIST::FUNCTION:
+d2i_Netscape_RSA_2 1040 NOEXIST::FUNCTION:
+CRYPTO_get_ex_new_index 1041 EXIST::FUNCTION:
+RIPEMD160_Init 1042 EXIST::FUNCTION:RIPEMD
+RIPEMD160_Update 1043 EXIST::FUNCTION:RIPEMD
+RIPEMD160_Final 1044 EXIST::FUNCTION:RIPEMD
+RIPEMD160 1045 EXIST::FUNCTION:RIPEMD
+RIPEMD160_Transform 1046 EXIST::FUNCTION:RIPEMD
+RC5_32_set_key 1047 EXIST::FUNCTION:RC5
+RC5_32_ecb_encrypt 1048 EXIST::FUNCTION:RC5
+RC5_32_encrypt 1049 EXIST::FUNCTION:RC5
+RC5_32_decrypt 1050 EXIST::FUNCTION:RC5
+RC5_32_cbc_encrypt 1051 EXIST::FUNCTION:RC5
+RC5_32_cfb64_encrypt 1052 EXIST::FUNCTION:RC5
+RC5_32_ofb64_encrypt 1053 EXIST::FUNCTION:RC5
+BN_bn2mpi 1058 EXIST::FUNCTION:
+BN_mpi2bn 1059 EXIST::FUNCTION:
+ASN1_BIT_STRING_get_bit 1060 EXIST::FUNCTION:
+ASN1_BIT_STRING_set_bit 1061 EXIST::FUNCTION:
+BIO_get_ex_data 1062 EXIST::FUNCTION:
+BIO_get_ex_new_index 1063 EXIST::FUNCTION:
+BIO_set_ex_data 1064 EXIST::FUNCTION:
+X509v3_get_key_usage 1066 NOEXIST::FUNCTION:
+X509v3_set_key_usage 1067 NOEXIST::FUNCTION:
+a2i_X509v3_key_usage 1068 NOEXIST::FUNCTION:
+i2a_X509v3_key_usage 1069 NOEXIST::FUNCTION:
+EVP_PKEY_decrypt 1070 EXIST::FUNCTION:
+EVP_PKEY_encrypt 1071 EXIST::FUNCTION:
+PKCS7_RECIP_INFO_set 1072 EXIST::FUNCTION:
+PKCS7_add_recipient 1073 EXIST::FUNCTION:
+PKCS7_add_recipient_info 1074 EXIST::FUNCTION:
+PKCS7_set_cipher 1075 EXIST::FUNCTION:
+ASN1_TYPE_get_int_octetstring 1076 EXIST::FUNCTION:
+ASN1_TYPE_get_octetstring 1077 EXIST::FUNCTION:
+ASN1_TYPE_set_int_octetstring 1078 EXIST::FUNCTION:
+ASN1_TYPE_set_octetstring 1079 EXIST::FUNCTION:
+ASN1_UTCTIME_set_string 1080 EXIST::FUNCTION:
+ERR_add_error_data 1081 EXIST::FUNCTION:BIO
+ERR_set_error_data 1082 EXIST::FUNCTION:
+EVP_CIPHER_asn1_to_param 1083 EXIST::FUNCTION:
+EVP_CIPHER_param_to_asn1 1084 EXIST::FUNCTION:
+EVP_CIPHER_get_asn1_iv 1085 EXIST::FUNCTION:
+EVP_CIPHER_set_asn1_iv 1086 EXIST::FUNCTION:
+EVP_rc5_32_12_16_cbc 1087 EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_cfb64 1088 EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_ecb 1089 EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_ofb 1090 EXIST::FUNCTION:RC5
+asn1_add_error 1091 EXIST::FUNCTION:
+d2i_ASN1_BMPSTRING 1092 EXIST::FUNCTION:
+i2d_ASN1_BMPSTRING 1093 EXIST::FUNCTION:
+BIO_f_ber 1094 NOEXIST::FUNCTION:
+BN_init 1095 EXIST::FUNCTION:
+COMP_CTX_new 1096 EXIST::FUNCTION:
+COMP_CTX_free 1097 EXIST::FUNCTION:
+COMP_CTX_compress_block 1098 NOEXIST::FUNCTION:
+COMP_CTX_expand_block 1099 NOEXIST::FUNCTION:
+X509_STORE_CTX_get_ex_new_index 1100 EXIST::FUNCTION:
+OBJ_NAME_add 1101 EXIST::FUNCTION:
+BIO_socket_nbio 1102 EXIST::FUNCTION:
+EVP_rc2_64_cbc 1103 EXIST::FUNCTION:RC2
+OBJ_NAME_cleanup 1104 EXIST::FUNCTION:
+OBJ_NAME_get 1105 EXIST::FUNCTION:
+OBJ_NAME_init 1106 EXIST::FUNCTION:
+OBJ_NAME_new_index 1107 EXIST::FUNCTION:
+OBJ_NAME_remove 1108 EXIST::FUNCTION:
+BN_MONT_CTX_copy 1109 EXIST::FUNCTION:
+BIO_new_socks4a_connect 1110 NOEXIST::FUNCTION:
+BIO_s_socks4a_connect 1111 NOEXIST::FUNCTION:
+PROXY_set_connect_mode 1112 NOEXIST::FUNCTION:
+RAND_SSLeay 1113 EXIST::FUNCTION:
+RAND_set_rand_method 1114 EXIST::FUNCTION:
+RSA_memory_lock 1115 EXIST::FUNCTION:RSA
+bn_sub_words 1116 EXIST::FUNCTION:
+bn_mul_normal 1117 NOEXIST::FUNCTION:
+bn_mul_comba8 1118 NOEXIST::FUNCTION:
+bn_mul_comba4 1119 NOEXIST::FUNCTION:
+bn_sqr_normal 1120 NOEXIST::FUNCTION:
+bn_sqr_comba8 1121 NOEXIST::FUNCTION:
+bn_sqr_comba4 1122 NOEXIST::FUNCTION:
+bn_cmp_words 1123 NOEXIST::FUNCTION:
+bn_mul_recursive 1124 NOEXIST::FUNCTION:
+bn_mul_part_recursive 1125 NOEXIST::FUNCTION:
+bn_sqr_recursive 1126 NOEXIST::FUNCTION:
+bn_mul_low_normal 1127 NOEXIST::FUNCTION:
+BN_RECP_CTX_init 1128 EXIST::FUNCTION:
+BN_RECP_CTX_new 1129 EXIST::FUNCTION:
+BN_RECP_CTX_free 1130 EXIST::FUNCTION:
+BN_RECP_CTX_set 1131 EXIST::FUNCTION:
+BN_mod_mul_reciprocal 1132 EXIST::FUNCTION:
+BN_mod_exp_recp 1133 EXIST::FUNCTION:
+BN_div_recp 1134 EXIST::FUNCTION:
+BN_CTX_init 1135 EXIST::FUNCTION:DEPRECATED
+BN_MONT_CTX_init 1136 EXIST::FUNCTION:
+RAND_get_rand_method 1137 EXIST::FUNCTION:
+PKCS7_add_attribute 1138 EXIST::FUNCTION:
+PKCS7_add_signed_attribute 1139 EXIST::FUNCTION:
+PKCS7_digest_from_attributes 1140 EXIST::FUNCTION:
+PKCS7_get_attribute 1141 EXIST::FUNCTION:
+PKCS7_get_issuer_and_serial 1142 EXIST::FUNCTION:
+PKCS7_get_signed_attribute 1143 EXIST::FUNCTION:
+COMP_compress_block 1144 EXIST::FUNCTION:
+COMP_expand_block 1145 EXIST::FUNCTION:
+COMP_rle 1146 EXIST::FUNCTION:
+COMP_zlib 1147 EXIST::FUNCTION:
+ms_time_diff 1148 EXIST::FUNCTION:
+ms_time_new 1149 EXIST::FUNCTION:
+ms_time_free 1150 EXIST::FUNCTION:
+ms_time_cmp 1151 EXIST::FUNCTION:
+ms_time_get 1152 EXIST::FUNCTION:
+PKCS7_set_attributes 1153 EXIST::FUNCTION:
+PKCS7_set_signed_attributes 1154 EXIST::FUNCTION:
+X509_ATTRIBUTE_create 1155 EXIST::FUNCTION:
+X509_ATTRIBUTE_dup 1156 EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_check 1157 EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_print 1158 EXIST::FUNCTION:BIO
+ASN1_GENERALIZEDTIME_set 1159 EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_set_string 1160 EXIST::FUNCTION:
+ASN1_TIME_print 1161 EXIST::FUNCTION:BIO
+BASIC_CONSTRAINTS_free 1162 EXIST::FUNCTION:
+BASIC_CONSTRAINTS_new 1163 EXIST::FUNCTION:
+ERR_load_X509V3_strings 1164 EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_free 1165 EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_new 1166 EXIST::FUNCTION:
+OBJ_txt2obj 1167 EXIST::FUNCTION:
+PEM_read_NETSCAPE_CERT_SEQUENCE 1168 EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_NS_CERT_SEQ 1168 EXIST:VMS:FUNCTION:
+PEM_read_bio_NETSCAPE_CERT_SEQUENCE 1169 EXIST:!VMS:FUNCTION:
+PEM_read_bio_NS_CERT_SEQ 1169 EXIST:VMS:FUNCTION:
+PEM_write_NETSCAPE_CERT_SEQUENCE 1170 EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_NS_CERT_SEQ 1170 EXIST:VMS:FUNCTION:
+PEM_write_bio_NETSCAPE_CERT_SEQUENCE 1171 EXIST:!VMS:FUNCTION:
+PEM_write_bio_NS_CERT_SEQ 1171 EXIST:VMS:FUNCTION:
+X509V3_EXT_add 1172 EXIST::FUNCTION:
+X509V3_EXT_add_alias 1173 EXIST::FUNCTION:
+X509V3_EXT_add_conf 1174 EXIST::FUNCTION:
+X509V3_EXT_cleanup 1175 EXIST::FUNCTION:
+X509V3_EXT_conf 1176 EXIST::FUNCTION:
+X509V3_EXT_conf_nid 1177 EXIST::FUNCTION:
+X509V3_EXT_get 1178 EXIST::FUNCTION:
+X509V3_EXT_get_nid 1179 EXIST::FUNCTION:
+X509V3_EXT_print 1180 EXIST::FUNCTION:
+X509V3_EXT_print_fp 1181 EXIST::FUNCTION:
+X509V3_add_standard_extensions 1182 EXIST::FUNCTION:
+X509V3_add_value 1183 EXIST::FUNCTION:
+X509V3_add_value_bool 1184 EXIST::FUNCTION:
+X509V3_add_value_int 1185 EXIST::FUNCTION:
+X509V3_conf_free 1186 EXIST::FUNCTION:
+X509V3_get_value_bool 1187 EXIST::FUNCTION:
+X509V3_get_value_int 1188 EXIST::FUNCTION:
+X509V3_parse_list 1189 EXIST::FUNCTION:
+d2i_ASN1_GENERALIZEDTIME 1190 EXIST::FUNCTION:
+d2i_ASN1_TIME 1191 EXIST::FUNCTION:
+d2i_BASIC_CONSTRAINTS 1192 EXIST::FUNCTION:
+d2i_NETSCAPE_CERT_SEQUENCE 1193 EXIST::FUNCTION:
+d2i_ext_ku 1194 NOEXIST::FUNCTION:
+ext_ku_free 1195 NOEXIST::FUNCTION:
+ext_ku_new 1196 NOEXIST::FUNCTION:
+i2d_ASN1_GENERALIZEDTIME 1197 EXIST::FUNCTION:
+i2d_ASN1_TIME 1198 EXIST::FUNCTION:
+i2d_BASIC_CONSTRAINTS 1199 EXIST::FUNCTION:
+i2d_NETSCAPE_CERT_SEQUENCE 1200 EXIST::FUNCTION:
+i2d_ext_ku 1201 NOEXIST::FUNCTION:
+EVP_MD_CTX_copy 1202 EXIST::FUNCTION:
+i2d_ASN1_ENUMERATED 1203 EXIST::FUNCTION:
+d2i_ASN1_ENUMERATED 1204 EXIST::FUNCTION:
+ASN1_ENUMERATED_set 1205 EXIST::FUNCTION:
+ASN1_ENUMERATED_get 1206 EXIST::FUNCTION:
+BN_to_ASN1_ENUMERATED 1207 EXIST::FUNCTION:
+ASN1_ENUMERATED_to_BN 1208 EXIST::FUNCTION:
+i2a_ASN1_ENUMERATED 1209 EXIST::FUNCTION:BIO
+a2i_ASN1_ENUMERATED 1210 EXIST::FUNCTION:BIO
+i2d_GENERAL_NAME 1211 EXIST::FUNCTION:
+d2i_GENERAL_NAME 1212 EXIST::FUNCTION:
+GENERAL_NAME_new 1213 EXIST::FUNCTION:
+GENERAL_NAME_free 1214 EXIST::FUNCTION:
+GENERAL_NAMES_new 1215 EXIST::FUNCTION:
+GENERAL_NAMES_free 1216 EXIST::FUNCTION:
+d2i_GENERAL_NAMES 1217 EXIST::FUNCTION:
+i2d_GENERAL_NAMES 1218 EXIST::FUNCTION:
+i2v_GENERAL_NAMES 1219 EXIST::FUNCTION:
+i2s_ASN1_OCTET_STRING 1220 EXIST::FUNCTION:
+s2i_ASN1_OCTET_STRING 1221 EXIST::FUNCTION:
+X509V3_EXT_check_conf 1222 NOEXIST::FUNCTION:
+hex_to_string 1223 EXIST::FUNCTION:
+string_to_hex 1224 EXIST::FUNCTION:
+DES_ede3_cbcm_encrypt 1225 EXIST::FUNCTION:DES
+RSA_padding_add_PKCS1_OAEP 1226 EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_OAEP 1227 EXIST::FUNCTION:RSA
+X509_CRL_print_fp 1228 EXIST::FUNCTION:FP_API
+X509_CRL_print 1229 EXIST::FUNCTION:BIO
+i2v_GENERAL_NAME 1230 EXIST::FUNCTION:
+v2i_GENERAL_NAME 1231 EXIST::FUNCTION:
+i2d_PKEY_USAGE_PERIOD 1232 EXIST::FUNCTION:
+d2i_PKEY_USAGE_PERIOD 1233 EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_new 1234 EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_free 1235 EXIST::FUNCTION:
+v2i_GENERAL_NAMES 1236 EXIST::FUNCTION:
+i2s_ASN1_INTEGER 1237 EXIST::FUNCTION:
+X509V3_EXT_d2i 1238 EXIST::FUNCTION:
+name_cmp 1239 EXIST::FUNCTION:
+str_dup 1240 NOEXIST::FUNCTION:
+i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION:
+i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION:
+BIO_s_log 1243 EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION:
+BIO_f_reliable 1244 EXIST::FUNCTION:BIO
+PKCS7_dataFinal 1245 EXIST::FUNCTION:
+PKCS7_dataDecode 1246 EXIST::FUNCTION:
+X509V3_EXT_CRL_add_conf 1247 EXIST::FUNCTION:
+BN_set_params 1248 EXIST::FUNCTION:DEPRECATED
+BN_get_params 1249 EXIST::FUNCTION:DEPRECATED
+BIO_get_ex_num 1250 NOEXIST::FUNCTION:
+BIO_set_ex_free_func 1251 NOEXIST::FUNCTION:
+EVP_ripemd160 1252 EXIST::FUNCTION:RIPEMD
+ASN1_TIME_set 1253 EXIST::FUNCTION:
+i2d_AUTHORITY_KEYID 1254 EXIST::FUNCTION:
+d2i_AUTHORITY_KEYID 1255 EXIST::FUNCTION:
+AUTHORITY_KEYID_new 1256 EXIST::FUNCTION:
+AUTHORITY_KEYID_free 1257 EXIST::FUNCTION:
+ASN1_seq_unpack 1258 EXIST::FUNCTION:
+ASN1_seq_pack 1259 EXIST::FUNCTION:
+ASN1_unpack_string 1260 EXIST::FUNCTION:
+ASN1_pack_string 1261 EXIST::FUNCTION:
+PKCS12_pack_safebag 1262 NOEXIST::FUNCTION:
+PKCS12_MAKE_KEYBAG 1263 EXIST::FUNCTION:
+PKCS8_encrypt 1264 EXIST::FUNCTION:
+PKCS12_MAKE_SHKEYBAG 1265 EXIST::FUNCTION:
+PKCS12_pack_p7data 1266 EXIST::FUNCTION:
+PKCS12_pack_p7encdata 1267 EXIST::FUNCTION:
+PKCS12_add_localkeyid 1268 EXIST::FUNCTION:
+PKCS12_add_friendlyname_asc 1269 EXIST::FUNCTION:
+PKCS12_add_friendlyname_uni 1270 EXIST::FUNCTION:
+PKCS12_get_friendlyname 1271 EXIST::FUNCTION:
+PKCS12_pbe_crypt 1272 EXIST::FUNCTION:
+PKCS12_decrypt_d2i 1273 NOEXIST::FUNCTION:
+PKCS12_i2d_encrypt 1274 NOEXIST::FUNCTION:
+PKCS12_init 1275 EXIST::FUNCTION:
+PKCS12_key_gen_asc 1276 EXIST::FUNCTION:
+PKCS12_key_gen_uni 1277 EXIST::FUNCTION:
+PKCS12_gen_mac 1278 EXIST::FUNCTION:
+PKCS12_verify_mac 1279 EXIST::FUNCTION:
+PKCS12_set_mac 1280 EXIST::FUNCTION:
+PKCS12_setup_mac 1281 EXIST::FUNCTION:
+asc2uni 1282 EXIST:!NETWARE:FUNCTION:
+uni2asc 1283 EXIST:!NETWARE:FUNCTION:
+i2d_PKCS12_BAGS 1284 EXIST::FUNCTION:
+PKCS12_BAGS_new 1285 EXIST::FUNCTION:
+d2i_PKCS12_BAGS 1286 EXIST::FUNCTION:
+PKCS12_BAGS_free 1287 EXIST::FUNCTION:
+i2d_PKCS12 1288 EXIST::FUNCTION:
+d2i_PKCS12 1289 EXIST::FUNCTION:
+PKCS12_new 1290 EXIST::FUNCTION:
+PKCS12_free 1291 EXIST::FUNCTION:
+i2d_PKCS12_MAC_DATA 1292 EXIST::FUNCTION:
+PKCS12_MAC_DATA_new 1293 EXIST::FUNCTION:
+d2i_PKCS12_MAC_DATA 1294 EXIST::FUNCTION:
+PKCS12_MAC_DATA_free 1295 EXIST::FUNCTION:
+i2d_PKCS12_SAFEBAG 1296 EXIST::FUNCTION:
+PKCS12_SAFEBAG_new 1297 EXIST::FUNCTION:
+d2i_PKCS12_SAFEBAG 1298 EXIST::FUNCTION:
+PKCS12_SAFEBAG_free 1299 EXIST::FUNCTION:
+ERR_load_PKCS12_strings 1300 EXIST::FUNCTION:
+PKCS12_PBE_add 1301 EXIST::FUNCTION:
+PKCS8_add_keyusage 1302 EXIST::FUNCTION:
+PKCS12_get_attr_gen 1303 EXIST::FUNCTION:
+PKCS12_parse 1304 EXIST::FUNCTION:
+PKCS12_create 1305 EXIST::FUNCTION:
+i2d_PKCS12_bio 1306 EXIST::FUNCTION:
+i2d_PKCS12_fp 1307 EXIST::FUNCTION:
+d2i_PKCS12_bio 1308 EXIST::FUNCTION:
+d2i_PKCS12_fp 1309 EXIST::FUNCTION:
+i2d_PBEPARAM 1310 EXIST::FUNCTION:
+PBEPARAM_new 1311 EXIST::FUNCTION:
+d2i_PBEPARAM 1312 EXIST::FUNCTION:
+PBEPARAM_free 1313 EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO 1314 EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_new 1315 EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO 1316 EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_free 1317 EXIST::FUNCTION:
+EVP_PKCS82PKEY 1318 EXIST::FUNCTION:
+EVP_PKEY2PKCS8 1319 EXIST::FUNCTION:
+PKCS8_set_broken 1320 EXIST::FUNCTION:
+EVP_PBE_ALGOR_CipherInit 1321 NOEXIST::FUNCTION:
+EVP_PBE_alg_add 1322 EXIST::FUNCTION:
+PKCS5_pbe_set 1323 EXIST::FUNCTION:
+EVP_PBE_cleanup 1324 EXIST::FUNCTION:
+i2d_SXNET 1325 EXIST::FUNCTION:
+d2i_SXNET 1326 EXIST::FUNCTION:
+SXNET_new 1327 EXIST::FUNCTION:
+SXNET_free 1328 EXIST::FUNCTION:
+i2d_SXNETID 1329 EXIST::FUNCTION:
+d2i_SXNETID 1330 EXIST::FUNCTION:
+SXNETID_new 1331 EXIST::FUNCTION:
+SXNETID_free 1332 EXIST::FUNCTION:
+DSA_SIG_new 1333 EXIST::FUNCTION:DSA
+DSA_SIG_free 1334 EXIST::FUNCTION:DSA
+DSA_do_sign 1335 EXIST::FUNCTION:DSA
+DSA_do_verify 1336 EXIST::FUNCTION:DSA
+d2i_DSA_SIG 1337 EXIST::FUNCTION:DSA
+i2d_DSA_SIG 1338 EXIST::FUNCTION:DSA
+i2d_ASN1_VISIBLESTRING 1339 EXIST::FUNCTION:
+d2i_ASN1_VISIBLESTRING 1340 EXIST::FUNCTION:
+i2d_ASN1_UTF8STRING 1341 EXIST::FUNCTION:
+d2i_ASN1_UTF8STRING 1342 EXIST::FUNCTION:
+i2d_DIRECTORYSTRING 1343 EXIST::FUNCTION:
+d2i_DIRECTORYSTRING 1344 EXIST::FUNCTION:
+i2d_DISPLAYTEXT 1345 EXIST::FUNCTION:
+d2i_DISPLAYTEXT 1346 EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509 1379 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509 1380 NOEXIST::FUNCTION:
+i2d_PBKDF2PARAM 1397 EXIST::FUNCTION:
+PBKDF2PARAM_new 1398 EXIST::FUNCTION:
+d2i_PBKDF2PARAM 1399 EXIST::FUNCTION:
+PBKDF2PARAM_free 1400 EXIST::FUNCTION:
+i2d_PBE2PARAM 1401 EXIST::FUNCTION:
+PBE2PARAM_new 1402 EXIST::FUNCTION:
+d2i_PBE2PARAM 1403 EXIST::FUNCTION:
+PBE2PARAM_free 1404 EXIST::FUNCTION:
+d2i_ASN1_SET_OF_GENERAL_NAME 1421 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_GENERAL_NAME 1422 NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_SXNETID 1439 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_SXNETID 1440 NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_POLICYQUALINFO 1457 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_POLICYQUALINFO 1458 NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_POLICYINFO 1475 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_POLICYINFO 1476 NOEXIST::FUNCTION:
+SXNET_add_id_asc 1477 EXIST::FUNCTION:
+SXNET_add_id_ulong 1478 EXIST::FUNCTION:
+SXNET_add_id_INTEGER 1479 EXIST::FUNCTION:
+SXNET_get_id_asc 1480 EXIST::FUNCTION:
+SXNET_get_id_ulong 1481 EXIST::FUNCTION:
+SXNET_get_id_INTEGER 1482 EXIST::FUNCTION:
+X509V3_set_conf_lhash 1483 EXIST::FUNCTION:
+i2d_CERTIFICATEPOLICIES 1484 EXIST::FUNCTION:
+CERTIFICATEPOLICIES_new 1485 EXIST::FUNCTION:
+CERTIFICATEPOLICIES_free 1486 EXIST::FUNCTION:
+d2i_CERTIFICATEPOLICIES 1487 EXIST::FUNCTION:
+i2d_POLICYINFO 1488 EXIST::FUNCTION:
+POLICYINFO_new 1489 EXIST::FUNCTION:
+d2i_POLICYINFO 1490 EXIST::FUNCTION:
+POLICYINFO_free 1491 EXIST::FUNCTION:
+i2d_POLICYQUALINFO 1492 EXIST::FUNCTION:
+POLICYQUALINFO_new 1493 EXIST::FUNCTION:
+d2i_POLICYQUALINFO 1494 EXIST::FUNCTION:
+POLICYQUALINFO_free 1495 EXIST::FUNCTION:
+i2d_USERNOTICE 1496 EXIST::FUNCTION:
+USERNOTICE_new 1497 EXIST::FUNCTION:
+d2i_USERNOTICE 1498 EXIST::FUNCTION:
+USERNOTICE_free 1499 EXIST::FUNCTION:
+i2d_NOTICEREF 1500 EXIST::FUNCTION:
+NOTICEREF_new 1501 EXIST::FUNCTION:
+d2i_NOTICEREF 1502 EXIST::FUNCTION:
+NOTICEREF_free 1503 EXIST::FUNCTION:
+X509V3_get_string 1504 EXIST::FUNCTION:
+X509V3_get_section 1505 EXIST::FUNCTION:
+X509V3_string_free 1506 EXIST::FUNCTION:
+X509V3_section_free 1507 EXIST::FUNCTION:
+X509V3_set_ctx 1508 EXIST::FUNCTION:
+s2i_ASN1_INTEGER 1509 EXIST::FUNCTION:
+CRYPTO_set_locked_mem_functions 1510 EXIST::FUNCTION:
+CRYPTO_get_locked_mem_functions 1511 EXIST::FUNCTION:
+CRYPTO_malloc_locked 1512 EXIST::FUNCTION:
+CRYPTO_free_locked 1513 EXIST::FUNCTION:
+BN_mod_exp2_mont 1514 EXIST::FUNCTION:
+ERR_get_error_line_data 1515 EXIST::FUNCTION:
+ERR_peek_error_line_data 1516 EXIST::FUNCTION:
+PKCS12_PBE_keyivgen 1517 EXIST::FUNCTION:
+X509_ALGOR_dup 1518 EXIST::FUNCTION:
+d2i_ASN1_SET_OF_DIST_POINT 1535 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_DIST_POINT 1536 NOEXIST::FUNCTION:
+i2d_CRL_DIST_POINTS 1537 EXIST::FUNCTION:
+CRL_DIST_POINTS_new 1538 EXIST::FUNCTION:
+CRL_DIST_POINTS_free 1539 EXIST::FUNCTION:
+d2i_CRL_DIST_POINTS 1540 EXIST::FUNCTION:
+i2d_DIST_POINT 1541 EXIST::FUNCTION:
+DIST_POINT_new 1542 EXIST::FUNCTION:
+d2i_DIST_POINT 1543 EXIST::FUNCTION:
+DIST_POINT_free 1544 EXIST::FUNCTION:
+i2d_DIST_POINT_NAME 1545 EXIST::FUNCTION:
+DIST_POINT_NAME_new 1546 EXIST::FUNCTION:
+DIST_POINT_NAME_free 1547 EXIST::FUNCTION:
+d2i_DIST_POINT_NAME 1548 EXIST::FUNCTION:
+X509V3_add_value_uchar 1549 EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_ATTRIBUTE 1555 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_ASN1_TYPE 1560 NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_EXTENSION 1567 NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_NAME_ENTRY 1574 NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_TYPE 1589 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_ATTRIBUTE 1615 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_EXTENSION 1624 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_NAME_ENTRY 1633 NOEXIST::FUNCTION:
+X509V3_EXT_i2d 1646 EXIST::FUNCTION:
+X509V3_EXT_val_prn 1647 EXIST::FUNCTION:
+X509V3_EXT_add_list 1648 EXIST::FUNCTION:
+EVP_CIPHER_type 1649 EXIST::FUNCTION:
+EVP_PBE_CipherInit 1650 EXIST::FUNCTION:
+X509V3_add_value_bool_nf 1651 EXIST::FUNCTION:
+d2i_ASN1_UINTEGER 1652 EXIST::FUNCTION:
+sk_value 1653 EXIST::FUNCTION:
+sk_num 1654 EXIST::FUNCTION:
+sk_set 1655 EXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_REVOKED 1661 NOEXIST::FUNCTION:
+sk_sort 1671 EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_REVOKED 1674 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_ALGOR 1682 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_CRL 1685 NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_ALGOR 1696 NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_CRL 1702 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO 1723 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7_RECIP_INFO 1738 NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO 1748 NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7_RECIP_INFO 1753 NOEXIST::FUNCTION:
+PKCS5_PBE_add 1775 EXIST::FUNCTION:
+PEM_write_bio_PKCS8 1776 EXIST::FUNCTION:
+i2d_PKCS8_fp 1777 EXIST::FUNCTION:FP_API
+PEM_read_bio_PKCS8_PRIV_KEY_INFO 1778 EXIST:!VMS:FUNCTION:
+PEM_read_bio_P8_PRIV_KEY_INFO 1778 EXIST:VMS:FUNCTION:
+d2i_PKCS8_bio 1779 EXIST::FUNCTION:BIO
+d2i_PKCS8_PRIV_KEY_INFO_fp 1780 EXIST::FUNCTION:FP_API
+PEM_write_bio_PKCS8_PRIV_KEY_INFO 1781 EXIST:!VMS:FUNCTION:
+PEM_write_bio_P8_PRIV_KEY_INFO 1781 EXIST:VMS:FUNCTION:
+PEM_read_PKCS8 1782 EXIST:!WIN16:FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_bio 1783 EXIST::FUNCTION:BIO
+d2i_PKCS8_fp 1784 EXIST::FUNCTION:FP_API
+PEM_write_PKCS8 1785 EXIST:!WIN16:FUNCTION:
+PEM_read_PKCS8_PRIV_KEY_INFO 1786 EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_P8_PRIV_KEY_INFO 1786 EXIST:VMS:FUNCTION:
+PEM_read_bio_PKCS8 1787 EXIST::FUNCTION:
+PEM_write_PKCS8_PRIV_KEY_INFO 1788 EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_P8_PRIV_KEY_INFO 1788 EXIST:VMS:FUNCTION:
+PKCS5_PBE_keyivgen 1789 EXIST::FUNCTION:
+i2d_PKCS8_bio 1790 EXIST::FUNCTION:BIO
+i2d_PKCS8_PRIV_KEY_INFO_fp 1791 EXIST::FUNCTION:FP_API
+i2d_PKCS8_PRIV_KEY_INFO_bio 1792 EXIST::FUNCTION:BIO
+BIO_s_bio 1793 EXIST::FUNCTION:
+PKCS5_pbe2_set 1794 EXIST::FUNCTION:
+PKCS5_PBKDF2_HMAC_SHA1 1795 EXIST::FUNCTION:
+PKCS5_v2_PBE_keyivgen 1796 EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey 1797 EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey 1798 EXIST::FUNCTION:
+BIO_ctrl_get_read_request 1799 EXIST::FUNCTION:
+BIO_ctrl_pending 1800 EXIST::FUNCTION:
+BIO_ctrl_wpending 1801 EXIST::FUNCTION:
+BIO_new_bio_pair 1802 EXIST::FUNCTION:
+BIO_ctrl_get_write_guarantee 1803 EXIST::FUNCTION:
+CRYPTO_num_locks 1804 EXIST::FUNCTION:
+CONF_load_bio 1805 EXIST::FUNCTION:
+CONF_load_fp 1806 EXIST::FUNCTION:FP_API
+i2d_ASN1_SET_OF_ASN1_OBJECT 1837 NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_OBJECT 1844 NOEXIST::FUNCTION:
+PKCS7_signatureVerify 1845 EXIST::FUNCTION:
+RSA_set_method 1846 EXIST::FUNCTION:RSA
+RSA_get_method 1847 EXIST::FUNCTION:RSA
+RSA_get_default_method 1848 EXIST::FUNCTION:RSA
+RSA_check_key 1869 EXIST::FUNCTION:RSA
+OBJ_obj2txt 1870 EXIST::FUNCTION:
+DSA_dup_DH 1871 EXIST::FUNCTION:DH,DSA
+X509_REQ_get_extensions 1872 EXIST::FUNCTION:
+X509_REQ_set_extension_nids 1873 EXIST::FUNCTION:
+BIO_nwrite 1874 EXIST::FUNCTION:
+X509_REQ_extension_nid 1875 EXIST::FUNCTION:
+BIO_nread 1876 EXIST::FUNCTION:
+X509_REQ_get_extension_nids 1877 EXIST::FUNCTION:
+BIO_nwrite0 1878 EXIST::FUNCTION:
+X509_REQ_add_extensions_nid 1879 EXIST::FUNCTION:
+BIO_nread0 1880 EXIST::FUNCTION:
+X509_REQ_add_extensions 1881 EXIST::FUNCTION:
+BIO_new_mem_buf 1882 EXIST::FUNCTION:
+DH_set_ex_data 1883 EXIST::FUNCTION:DH
+DH_set_method 1884 EXIST::FUNCTION:DH
+DSA_OpenSSL 1885 EXIST::FUNCTION:DSA
+DH_get_ex_data 1886 EXIST::FUNCTION:DH
+DH_get_ex_new_index 1887 EXIST::FUNCTION:DH
+DSA_new_method 1888 EXIST::FUNCTION:DSA
+DH_new_method 1889 EXIST::FUNCTION:DH
+DH_OpenSSL 1890 EXIST::FUNCTION:DH
+DSA_get_ex_new_index 1891 EXIST::FUNCTION:DSA
+DH_get_default_method 1892 EXIST::FUNCTION:DH
+DSA_set_ex_data 1893 EXIST::FUNCTION:DSA
+DH_set_default_method 1894 EXIST::FUNCTION:DH
+DSA_get_ex_data 1895 EXIST::FUNCTION:DSA
+X509V3_EXT_REQ_add_conf 1896 EXIST::FUNCTION:
+NETSCAPE_SPKI_print 1897 EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_set_pubkey 1898 EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_b64_encode 1899 EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_get_pubkey 1900 EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_b64_decode 1901 EXIST::FUNCTION:EVP
+UTF8_putc 1902 EXIST::FUNCTION:
+UTF8_getc 1903 EXIST::FUNCTION:
+RSA_null_method 1904 EXIST::FUNCTION:RSA
+ASN1_tag2str 1905 EXIST::FUNCTION:
+BIO_ctrl_reset_read_request 1906 EXIST::FUNCTION:
+DISPLAYTEXT_new 1907 EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_free 1908 EXIST::FUNCTION:
+X509_REVOKED_get_ext_d2i 1909 EXIST::FUNCTION:
+X509_set_ex_data 1910 EXIST::FUNCTION:
+X509_reject_set_bit_asc 1911 NOEXIST::FUNCTION:
+X509_NAME_add_entry_by_txt 1912 EXIST::FUNCTION:
+X509_NAME_add_entry_by_NID 1914 EXIST::FUNCTION:
+X509_PURPOSE_get0 1915 EXIST::FUNCTION:
+PEM_read_X509_AUX 1917 EXIST:!WIN16:FUNCTION:
+d2i_AUTHORITY_INFO_ACCESS 1918 EXIST::FUNCTION:
+PEM_write_PUBKEY 1921 EXIST:!WIN16:FUNCTION:
+ACCESS_DESCRIPTION_new 1925 EXIST::FUNCTION:
+X509_CERT_AUX_free 1926 EXIST::FUNCTION:
+d2i_ACCESS_DESCRIPTION 1927 EXIST::FUNCTION:
+X509_trust_clear 1928 EXIST::FUNCTION:
+X509_TRUST_add 1931 EXIST::FUNCTION:
+ASN1_VISIBLESTRING_new 1932 EXIST::FUNCTION:
+X509_alias_set1 1933 EXIST::FUNCTION:
+ASN1_PRINTABLESTRING_free 1934 EXIST::FUNCTION:
+EVP_PKEY_get1_DSA 1935 EXIST::FUNCTION:DSA
+ASN1_BMPSTRING_new 1936 EXIST::FUNCTION:
+ASN1_mbstring_copy 1937 EXIST::FUNCTION:
+ASN1_UTF8STRING_new 1938 EXIST::FUNCTION:
+DSA_get_default_method 1941 EXIST::FUNCTION:DSA
+i2d_ASN1_SET_OF_ACCESS_DESCRIPTION 1945 NOEXIST::FUNCTION:
+ASN1_T61STRING_free 1946 EXIST::FUNCTION:
+DSA_set_method 1949 EXIST::FUNCTION:DSA
+X509_get_ex_data 1950 EXIST::FUNCTION:
+ASN1_STRING_type 1951 EXIST::FUNCTION:
+X509_PURPOSE_get_by_sname 1952 EXIST::FUNCTION:
+ASN1_TIME_free 1954 EXIST::FUNCTION:
+ASN1_OCTET_STRING_cmp 1955 EXIST::FUNCTION:
+ASN1_BIT_STRING_new 1957 EXIST::FUNCTION:
+X509_get_ext_d2i 1958 EXIST::FUNCTION:
+PEM_read_bio_X509_AUX 1959 EXIST::FUNCTION:
+ASN1_STRING_set_default_mask_asc 1960 EXIST:!VMS:FUNCTION:
+ASN1_STRING_set_def_mask_asc 1960 EXIST:VMS:FUNCTION:
+PEM_write_bio_RSA_PUBKEY 1961 EXIST::FUNCTION:RSA
+ASN1_INTEGER_cmp 1963 EXIST::FUNCTION:
+d2i_RSA_PUBKEY_fp 1964 EXIST::FUNCTION:FP_API,RSA
+X509_trust_set_bit_asc 1967 NOEXIST::FUNCTION:
+PEM_write_bio_DSA_PUBKEY 1968 EXIST::FUNCTION:DSA
+X509_STORE_CTX_free 1969 EXIST::FUNCTION:
+EVP_PKEY_set1_DSA 1970 EXIST::FUNCTION:DSA
+i2d_DSA_PUBKEY_fp 1971 EXIST::FUNCTION:DSA,FP_API
+X509_load_cert_crl_file 1972 EXIST::FUNCTION:STDIO
+ASN1_TIME_new 1973 EXIST::FUNCTION:
+i2d_RSA_PUBKEY 1974 EXIST::FUNCTION:RSA
+X509_STORE_CTX_purpose_inherit 1976 EXIST::FUNCTION:
+PEM_read_RSA_PUBKEY 1977 EXIST:!WIN16:FUNCTION:RSA
+d2i_X509_AUX 1980 EXIST::FUNCTION:
+i2d_DSA_PUBKEY 1981 EXIST::FUNCTION:DSA
+X509_CERT_AUX_print 1982 EXIST::FUNCTION:BIO
+PEM_read_DSA_PUBKEY 1984 EXIST:!WIN16:FUNCTION:DSA
+i2d_RSA_PUBKEY_bio 1985 EXIST::FUNCTION:BIO,RSA
+ASN1_BIT_STRING_num_asc 1986 EXIST::FUNCTION:
+i2d_PUBKEY 1987 EXIST::FUNCTION:
+ASN1_UTCTIME_free 1988 EXIST::FUNCTION:
+DSA_set_default_method 1989 EXIST::FUNCTION:DSA
+X509_PURPOSE_get_by_id 1990 EXIST::FUNCTION:
+ACCESS_DESCRIPTION_free 1994 EXIST::FUNCTION:
+PEM_read_bio_PUBKEY 1995 EXIST::FUNCTION:
+ASN1_STRING_set_by_NID 1996 EXIST::FUNCTION:
+X509_PURPOSE_get_id 1997 EXIST::FUNCTION:
+DISPLAYTEXT_free 1998 EXIST::FUNCTION:
+OTHERNAME_new 1999 EXIST::FUNCTION:
+X509_CERT_AUX_new 2001 EXIST::FUNCTION:
+X509_TRUST_cleanup 2007 EXIST::FUNCTION:
+X509_NAME_add_entry_by_OBJ 2008 EXIST::FUNCTION:
+X509_CRL_get_ext_d2i 2009 EXIST::FUNCTION:
+X509_PURPOSE_get0_name 2011 EXIST::FUNCTION:
+PEM_read_PUBKEY 2012 EXIST:!WIN16:FUNCTION:
+i2d_DSA_PUBKEY_bio 2014 EXIST::FUNCTION:BIO,DSA
+i2d_OTHERNAME 2015 EXIST::FUNCTION:
+ASN1_OCTET_STRING_free 2016 EXIST::FUNCTION:
+ASN1_BIT_STRING_set_asc 2017 EXIST::FUNCTION:
+X509_get_ex_new_index 2019 EXIST::FUNCTION:
+ASN1_STRING_TABLE_cleanup 2020 EXIST::FUNCTION:
+X509_TRUST_get_by_id 2021 EXIST::FUNCTION:
+X509_PURPOSE_get_trust 2022 EXIST::FUNCTION:
+ASN1_STRING_length 2023 EXIST::FUNCTION:
+d2i_ASN1_SET_OF_ACCESS_DESCRIPTION 2024 NOEXIST::FUNCTION:
+ASN1_PRINTABLESTRING_new 2025 EXIST::FUNCTION:
+X509V3_get_d2i 2026 EXIST::FUNCTION:
+ASN1_ENUMERATED_free 2027 EXIST::FUNCTION:
+i2d_X509_CERT_AUX 2028 EXIST::FUNCTION:
+X509_STORE_CTX_set_trust 2030 EXIST::FUNCTION:
+ASN1_STRING_set_default_mask 2032 EXIST::FUNCTION:
+X509_STORE_CTX_new 2033 EXIST::FUNCTION:
+EVP_PKEY_get1_RSA 2034 EXIST::FUNCTION:RSA
+DIRECTORYSTRING_free 2038 EXIST::FUNCTION:
+PEM_write_X509_AUX 2039 EXIST:!WIN16:FUNCTION:
+ASN1_OCTET_STRING_set 2040 EXIST::FUNCTION:
+d2i_DSA_PUBKEY_fp 2041 EXIST::FUNCTION:DSA,FP_API
+d2i_RSA_PUBKEY 2044 EXIST::FUNCTION:RSA
+X509_TRUST_get0_name 2046 EXIST::FUNCTION:
+X509_TRUST_get0 2047 EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_free 2048 EXIST::FUNCTION:
+ASN1_IA5STRING_new 2049 EXIST::FUNCTION:
+d2i_DSA_PUBKEY 2050 EXIST::FUNCTION:DSA
+X509_check_purpose 2051 EXIST::FUNCTION:
+ASN1_ENUMERATED_new 2052 EXIST::FUNCTION:
+d2i_RSA_PUBKEY_bio 2053 EXIST::FUNCTION:BIO,RSA
+d2i_PUBKEY 2054 EXIST::FUNCTION:
+X509_TRUST_get_trust 2055 EXIST::FUNCTION:
+X509_TRUST_get_flags 2056 EXIST::FUNCTION:
+ASN1_BMPSTRING_free 2057 EXIST::FUNCTION:
+ASN1_T61STRING_new 2058 EXIST::FUNCTION:
+ASN1_UTCTIME_new 2060 EXIST::FUNCTION:
+i2d_AUTHORITY_INFO_ACCESS 2062 EXIST::FUNCTION:
+EVP_PKEY_set1_RSA 2063 EXIST::FUNCTION:RSA
+X509_STORE_CTX_set_purpose 2064 EXIST::FUNCTION:
+ASN1_IA5STRING_free 2065 EXIST::FUNCTION:
+PEM_write_bio_X509_AUX 2066 EXIST::FUNCTION:
+X509_PURPOSE_get_count 2067 EXIST::FUNCTION:
+CRYPTO_add_info 2068 NOEXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_txt 2071 EXIST::FUNCTION:
+ASN1_STRING_get_default_mask 2072 EXIST::FUNCTION:
+X509_alias_get0 2074 EXIST::FUNCTION:
+ASN1_STRING_data 2075 EXIST::FUNCTION:
+i2d_ACCESS_DESCRIPTION 2077 EXIST::FUNCTION:
+X509_trust_set_bit 2078 NOEXIST::FUNCTION:
+ASN1_BIT_STRING_free 2080 EXIST::FUNCTION:
+PEM_read_bio_RSA_PUBKEY 2081 EXIST::FUNCTION:RSA
+X509_add1_reject_object 2082 EXIST::FUNCTION:
+X509_check_trust 2083 EXIST::FUNCTION:
+PEM_read_bio_DSA_PUBKEY 2088 EXIST::FUNCTION:DSA
+X509_PURPOSE_add 2090 EXIST::FUNCTION:
+ASN1_STRING_TABLE_get 2091 EXIST::FUNCTION:
+ASN1_UTF8STRING_free 2092 EXIST::FUNCTION:
+d2i_DSA_PUBKEY_bio 2093 EXIST::FUNCTION:BIO,DSA
+PEM_write_RSA_PUBKEY 2095 EXIST:!WIN16:FUNCTION:RSA
+d2i_OTHERNAME 2096 EXIST::FUNCTION:
+X509_reject_set_bit 2098 NOEXIST::FUNCTION:
+PEM_write_DSA_PUBKEY 2101 EXIST:!WIN16:FUNCTION:DSA
+X509_PURPOSE_get0_sname 2105 EXIST::FUNCTION:
+EVP_PKEY_set1_DH 2107 EXIST::FUNCTION:DH
+ASN1_OCTET_STRING_dup 2108 EXIST::FUNCTION:
+ASN1_BIT_STRING_set 2109 EXIST::FUNCTION:
+X509_TRUST_get_count 2110 EXIST::FUNCTION:
+ASN1_INTEGER_free 2111 EXIST::FUNCTION:
+OTHERNAME_free 2112 EXIST::FUNCTION:
+i2d_RSA_PUBKEY_fp 2113 EXIST::FUNCTION:FP_API,RSA
+ASN1_INTEGER_dup 2114 EXIST::FUNCTION:
+d2i_X509_CERT_AUX 2115 EXIST::FUNCTION:
+PEM_write_bio_PUBKEY 2117 EXIST::FUNCTION:
+ASN1_VISIBLESTRING_free 2118 EXIST::FUNCTION:
+X509_PURPOSE_cleanup 2119 EXIST::FUNCTION:
+ASN1_mbstring_ncopy 2123 EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_new 2126 EXIST::FUNCTION:
+EVP_PKEY_get1_DH 2128 EXIST::FUNCTION:DH
+ASN1_OCTET_STRING_new 2130 EXIST::FUNCTION:
+ASN1_INTEGER_new 2131 EXIST::FUNCTION:
+i2d_X509_AUX 2132 EXIST::FUNCTION:
+ASN1_BIT_STRING_name_print 2134 EXIST::FUNCTION:BIO
+X509_cmp 2135 EXIST::FUNCTION:
+ASN1_STRING_length_set 2136 EXIST::FUNCTION:
+DIRECTORYSTRING_new 2137 EXIST::FUNCTION:
+X509_add1_trust_object 2140 EXIST::FUNCTION:
+PKCS12_newpass 2141 EXIST::FUNCTION:
+SMIME_write_PKCS7 2142 EXIST::FUNCTION:
+SMIME_read_PKCS7 2143 EXIST::FUNCTION:
+DES_set_key_checked 2144 EXIST::FUNCTION:DES
+PKCS7_verify 2145 EXIST::FUNCTION:
+PKCS7_encrypt 2146 EXIST::FUNCTION:
+DES_set_key_unchecked 2147 EXIST::FUNCTION:DES
+SMIME_crlf_copy 2148 EXIST::FUNCTION:
+i2d_ASN1_PRINTABLESTRING 2149 EXIST::FUNCTION:
+PKCS7_get0_signers 2150 EXIST::FUNCTION:
+PKCS7_decrypt 2151 EXIST::FUNCTION:
+SMIME_text 2152 EXIST::FUNCTION:
+PKCS7_simple_smimecap 2153 EXIST::FUNCTION:
+PKCS7_get_smimecap 2154 EXIST::FUNCTION:
+PKCS7_sign 2155 EXIST::FUNCTION:
+PKCS7_add_attrib_smimecap 2156 EXIST::FUNCTION:
+CRYPTO_dbg_set_options 2157 EXIST::FUNCTION:
+CRYPTO_remove_all_info 2158 EXIST::FUNCTION:
+CRYPTO_get_mem_debug_functions 2159 EXIST::FUNCTION:
+CRYPTO_is_mem_check_on 2160 EXIST::FUNCTION:
+CRYPTO_set_mem_debug_functions 2161 EXIST::FUNCTION:
+CRYPTO_pop_info 2162 EXIST::FUNCTION:
+CRYPTO_push_info_ 2163 EXIST::FUNCTION:
+CRYPTO_set_mem_debug_options 2164 EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey_nid 2165 EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey_nid 2166 EXIST:!VMS:FUNCTION:
+PEM_write_bio_PKCS8PrivKey_nid 2166 EXIST:VMS:FUNCTION:
+d2i_PKCS8PrivateKey_bio 2167 EXIST::FUNCTION:
+ASN1_NULL_free 2168 EXIST::FUNCTION:
+d2i_ASN1_NULL 2169 EXIST::FUNCTION:
+ASN1_NULL_new 2170 EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_bio 2171 EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_fp 2172 EXIST::FUNCTION:
+i2d_ASN1_NULL 2173 EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_fp 2174 EXIST::FUNCTION:
+d2i_PKCS8PrivateKey_fp 2175 EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_bio 2176 EXIST::FUNCTION:
+i2d_PKCS8PrivateKeyInfo_fp 2177 EXIST::FUNCTION:FP_API
+i2d_PKCS8PrivateKeyInfo_bio 2178 EXIST::FUNCTION:BIO
+PEM_cb 2179 NOEXIST::FUNCTION:
+i2d_PrivateKey_fp 2180 EXIST::FUNCTION:FP_API
+d2i_PrivateKey_bio 2181 EXIST::FUNCTION:BIO
+d2i_PrivateKey_fp 2182 EXIST::FUNCTION:FP_API
+i2d_PrivateKey_bio 2183 EXIST::FUNCTION:BIO
+X509_reject_clear 2184 EXIST::FUNCTION:
+X509_TRUST_set_default 2185 EXIST::FUNCTION:
+d2i_AutoPrivateKey 2186 EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_type 2187 EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_data 2188 EXIST::FUNCTION:
+X509at_get_attr 2189 EXIST::FUNCTION:
+X509at_get_attr_count 2190 EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_NID 2191 EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_object 2192 EXIST::FUNCTION:
+X509_ATTRIBUTE_count 2193 EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_OBJ 2194 EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_object 2195 EXIST::FUNCTION:
+X509at_get_attr_by_NID 2196 EXIST::FUNCTION:
+X509at_add1_attr 2197 EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_data 2198 EXIST::FUNCTION:
+X509at_delete_attr 2199 EXIST::FUNCTION:
+X509at_get_attr_by_OBJ 2200 EXIST::FUNCTION:
+RAND_add 2201 EXIST::FUNCTION:
+BIO_number_written 2202 EXIST::FUNCTION:
+BIO_number_read 2203 EXIST::FUNCTION:
+X509_STORE_CTX_get1_chain 2204 EXIST::FUNCTION:
+ERR_load_RAND_strings 2205 EXIST::FUNCTION:
+RAND_pseudo_bytes 2206 EXIST::FUNCTION:
+X509_REQ_get_attr_by_NID 2207 EXIST::FUNCTION:
+X509_REQ_get_attr 2208 EXIST::FUNCTION:
+X509_REQ_add1_attr_by_NID 2209 EXIST::FUNCTION:
+X509_REQ_get_attr_by_OBJ 2210 EXIST::FUNCTION:
+X509at_add1_attr_by_NID 2211 EXIST::FUNCTION:
+X509_REQ_add1_attr_by_OBJ 2212 EXIST::FUNCTION:
+X509_REQ_get_attr_count 2213 EXIST::FUNCTION:
+X509_REQ_add1_attr 2214 EXIST::FUNCTION:
+X509_REQ_delete_attr 2215 EXIST::FUNCTION:
+X509at_add1_attr_by_OBJ 2216 EXIST::FUNCTION:
+X509_REQ_add1_attr_by_txt 2217 EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_txt 2218 EXIST::FUNCTION:
+X509at_add1_attr_by_txt 2219 EXIST::FUNCTION:
+BN_pseudo_rand 2239 EXIST::FUNCTION:
+BN_is_prime_fasttest 2240 EXIST::FUNCTION:DEPRECATED
+BN_CTX_end 2241 EXIST::FUNCTION:
+BN_CTX_start 2242 EXIST::FUNCTION:
+BN_CTX_get 2243 EXIST::FUNCTION:
+EVP_PKEY2PKCS8_broken 2244 EXIST::FUNCTION:
+ASN1_STRING_TABLE_add 2245 EXIST::FUNCTION:
+CRYPTO_dbg_get_options 2246 EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_new 2247 EXIST::FUNCTION:
+CRYPTO_get_mem_debug_options 2248 EXIST::FUNCTION:
+DES_crypt 2249 EXIST::FUNCTION:DES
+PEM_write_bio_X509_REQ_NEW 2250 EXIST::FUNCTION:
+PEM_write_X509_REQ_NEW 2251 EXIST:!WIN16:FUNCTION:
+BIO_callback_ctrl 2252 EXIST::FUNCTION:
+RAND_egd 2253 EXIST::FUNCTION:
+RAND_status 2254 EXIST::FUNCTION:
+bn_dump1 2255 NOEXIST::FUNCTION:
+DES_check_key_parity 2256 EXIST::FUNCTION:DES
+lh_num_items 2257 EXIST::FUNCTION:
+RAND_event 2258 EXIST:WIN32:FUNCTION:
+DSO_new 2259 EXIST::FUNCTION:
+DSO_new_method 2260 EXIST::FUNCTION:
+DSO_free 2261 EXIST::FUNCTION:
+DSO_flags 2262 EXIST::FUNCTION:
+DSO_up 2263 NOEXIST::FUNCTION:
+DSO_set_default_method 2264 EXIST::FUNCTION:
+DSO_get_default_method 2265 EXIST::FUNCTION:
+DSO_get_method 2266 EXIST::FUNCTION:
+DSO_set_method 2267 EXIST::FUNCTION:
+DSO_load 2268 EXIST::FUNCTION:
+DSO_bind_var 2269 EXIST::FUNCTION:
+DSO_METHOD_null 2270 EXIST::FUNCTION:
+DSO_METHOD_openssl 2271 EXIST::FUNCTION:
+DSO_METHOD_dlfcn 2272 EXIST::FUNCTION:
+DSO_METHOD_win32 2273 EXIST::FUNCTION:
+ERR_load_DSO_strings 2274 EXIST::FUNCTION:
+DSO_METHOD_dl 2275 EXIST::FUNCTION:
+NCONF_load 2276 EXIST::FUNCTION:
+NCONF_load_fp 2278 EXIST::FUNCTION:FP_API
+NCONF_new 2279 EXIST::FUNCTION:
+NCONF_get_string 2280 EXIST::FUNCTION:
+NCONF_free 2281 EXIST::FUNCTION:
+NCONF_get_number 2282 NOEXIST::FUNCTION:
+CONF_dump_fp 2283 EXIST::FUNCTION:
+NCONF_load_bio 2284 EXIST::FUNCTION:
+NCONF_dump_fp 2285 EXIST::FUNCTION:
+NCONF_get_section 2286 EXIST::FUNCTION:
+NCONF_dump_bio 2287 EXIST::FUNCTION:
+CONF_dump_bio 2288 EXIST::FUNCTION:
+NCONF_free_data 2289 EXIST::FUNCTION:
+CONF_set_default_method 2290 EXIST::FUNCTION:
+ERR_error_string_n 2291 EXIST::FUNCTION:
+BIO_snprintf 2292 EXIST::FUNCTION:
+DSO_ctrl 2293 EXIST::FUNCTION:
+i2d_ASN1_SET_OF_ASN1_INTEGER 2317 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS12_SAFEBAG 2320 NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7 2328 NOEXIST::FUNCTION:
+BIO_vfree 2334 EXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_INTEGER 2339 NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS12_SAFEBAG 2341 NOEXIST::FUNCTION:
+ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION:
+X509_REQ_digest 2362 EXIST::FUNCTION:EVP
+X509_CRL_digest 2391 EXIST::FUNCTION:EVP
+d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION:
+X509_ALGOR_cmp 2398 EXIST::FUNCTION:
+EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION:
+EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION:
+BN_mod_exp_mont_word 2401 EXIST::FUNCTION:
+RAND_egd_bytes 2402 EXIST::FUNCTION:
+X509_REQ_get1_email 2403 EXIST::FUNCTION:
+X509_get1_email 2404 EXIST::FUNCTION:
+X509_email_free 2405 EXIST::FUNCTION:
+i2d_RSA_NET 2406 EXIST::FUNCTION:RC4,RSA
+d2i_RSA_NET_2 2407 NOEXIST::FUNCTION:
+d2i_RSA_NET 2408 EXIST::FUNCTION:RC4,RSA
+DSO_bind_func 2409 EXIST::FUNCTION:
+CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION:
+sk_new_null 2411 EXIST::FUNCTION:
+CRYPTO_set_dynlock_destroy_callback 2412 EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_destroy_cb 2412 EXIST:VMS:FUNCTION:
+CRYPTO_destroy_dynlockid 2413 EXIST::FUNCTION:
+CRYPTO_set_dynlock_size 2414 NOEXIST::FUNCTION:
+CRYPTO_set_dynlock_create_callback 2415 EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_create_cb 2415 EXIST:VMS:FUNCTION:
+CRYPTO_set_dynlock_lock_callback 2416 EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_lock_cb 2416 EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_lock_callback 2417 EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_lock_cb 2417 EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_destroy_callback 2418 EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_destroy_cb 2418 EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_value 2419 EXIST::FUNCTION:
+CRYPTO_get_dynlock_create_callback 2420 EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_create_cb 2420 EXIST:VMS:FUNCTION:
+c2i_ASN1_BIT_STRING 2421 EXIST::FUNCTION:
+i2c_ASN1_BIT_STRING 2422 EXIST::FUNCTION:
+RAND_poll 2423 EXIST::FUNCTION:
+c2i_ASN1_INTEGER 2424 EXIST::FUNCTION:
+i2c_ASN1_INTEGER 2425 EXIST::FUNCTION:
+BIO_dump_indent 2426 EXIST::FUNCTION:
+ASN1_parse_dump 2427 EXIST::FUNCTION:BIO
+c2i_ASN1_OBJECT 2428 EXIST::FUNCTION:
+X509_NAME_print_ex_fp 2429 EXIST::FUNCTION:FP_API
+ASN1_STRING_print_ex_fp 2430 EXIST::FUNCTION:FP_API
+X509_NAME_print_ex 2431 EXIST::FUNCTION:BIO
+ASN1_STRING_print_ex 2432 EXIST::FUNCTION:BIO
+MD4 2433 EXIST::FUNCTION:MD4
+MD4_Transform 2434 EXIST::FUNCTION:MD4
+MD4_Final 2435 EXIST::FUNCTION:MD4
+MD4_Update 2436 EXIST::FUNCTION:MD4
+MD4_Init 2437 EXIST::FUNCTION:MD4
+EVP_md4 2438 EXIST::FUNCTION:MD4
+i2d_PUBKEY_bio 2439 EXIST::FUNCTION:BIO
+i2d_PUBKEY_fp 2440 EXIST::FUNCTION:FP_API
+d2i_PUBKEY_bio 2441 EXIST::FUNCTION:BIO
+ASN1_STRING_to_UTF8 2442 EXIST::FUNCTION:
+BIO_vprintf 2443 EXIST::FUNCTION:
+BIO_vsnprintf 2444 EXIST::FUNCTION:
+d2i_PUBKEY_fp 2445 EXIST::FUNCTION:FP_API
+X509_cmp_time 2446 EXIST::FUNCTION:
+X509_STORE_CTX_set_time 2447 EXIST::FUNCTION:
+X509_STORE_CTX_get1_issuer 2448 EXIST::FUNCTION:
+X509_OBJECT_retrieve_match 2449 EXIST::FUNCTION:
+X509_OBJECT_idx_by_subject 2450 EXIST::FUNCTION:
+X509_STORE_CTX_set_flags 2451 EXIST::FUNCTION:
+X509_STORE_CTX_trusted_stack 2452 EXIST::FUNCTION:
+X509_time_adj 2453 EXIST::FUNCTION:
+X509_check_issued 2454 EXIST::FUNCTION:
+ASN1_UTCTIME_cmp_time_t 2455 EXIST::FUNCTION:
+DES_set_weak_key_flag 2456 NOEXIST::FUNCTION:
+DES_check_key 2457 NOEXIST::FUNCTION:
+DES_rw_mode 2458 NOEXIST::FUNCTION:
+RSA_PKCS1_RSAref 2459 NOEXIST::FUNCTION:
+X509_keyid_set1 2460 EXIST::FUNCTION:
+BIO_next 2461 EXIST::FUNCTION:
+DSO_METHOD_vms 2462 EXIST::FUNCTION:
+BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION:
+BN_bntest_rand 2464 EXIST::FUNCTION:
+OPENSSL_issetugid 2465 EXIST::FUNCTION:
+BN_rand_range 2466 EXIST::FUNCTION:
+ERR_load_ENGINE_strings 2467 EXIST::FUNCTION:ENGINE
+ENGINE_set_DSA 2468 EXIST::FUNCTION:ENGINE
+ENGINE_get_finish_function 2469 EXIST::FUNCTION:ENGINE
+ENGINE_get_default_RSA 2470 EXIST::FUNCTION:ENGINE
+ENGINE_get_BN_mod_exp 2471 NOEXIST::FUNCTION:
+DSA_get_default_openssl_method 2472 NOEXIST::FUNCTION:
+ENGINE_set_DH 2473 EXIST::FUNCTION:ENGINE
+ENGINE_set_def_BN_mod_exp_crt 2474 NOEXIST::FUNCTION:
+ENGINE_set_default_BN_mod_exp_crt 2474 NOEXIST::FUNCTION:
+ENGINE_init 2475 EXIST::FUNCTION:ENGINE
+DH_get_default_openssl_method 2476 NOEXIST::FUNCTION:
+RSA_set_default_openssl_method 2477 NOEXIST::FUNCTION:
+ENGINE_finish 2478 EXIST::FUNCTION:ENGINE
+ENGINE_load_public_key 2479 EXIST::FUNCTION:ENGINE
+ENGINE_get_DH 2480 EXIST::FUNCTION:ENGINE
+ENGINE_ctrl 2481 EXIST::FUNCTION:ENGINE
+ENGINE_get_init_function 2482 EXIST::FUNCTION:ENGINE
+ENGINE_set_init_function 2483 EXIST::FUNCTION:ENGINE
+ENGINE_set_default_DSA 2484 EXIST::FUNCTION:ENGINE
+ENGINE_get_name 2485 EXIST::FUNCTION:ENGINE
+ENGINE_get_last 2486 EXIST::FUNCTION:ENGINE
+ENGINE_get_prev 2487 EXIST::FUNCTION:ENGINE
+ENGINE_get_default_DH 2488 EXIST::FUNCTION:ENGINE
+ENGINE_get_RSA 2489 EXIST::FUNCTION:ENGINE
+ENGINE_set_default 2490 EXIST::FUNCTION:ENGINE
+ENGINE_get_RAND 2491 EXIST::FUNCTION:ENGINE
+ENGINE_get_first 2492 EXIST::FUNCTION:ENGINE
+ENGINE_by_id 2493 EXIST::FUNCTION:ENGINE
+ENGINE_set_finish_function 2494 EXIST::FUNCTION:ENGINE
+ENGINE_get_def_BN_mod_exp_crt 2495 NOEXIST::FUNCTION:
+ENGINE_get_default_BN_mod_exp_crt 2495 NOEXIST::FUNCTION:
+RSA_get_default_openssl_method 2496 NOEXIST::FUNCTION:
+ENGINE_set_RSA 2497 EXIST::FUNCTION:ENGINE
+ENGINE_load_private_key 2498 EXIST::FUNCTION:ENGINE
+ENGINE_set_default_RAND 2499 EXIST::FUNCTION:ENGINE
+ENGINE_set_BN_mod_exp 2500 NOEXIST::FUNCTION:
+ENGINE_remove 2501 EXIST::FUNCTION:ENGINE
+ENGINE_free 2502 EXIST::FUNCTION:ENGINE
+ENGINE_get_BN_mod_exp_crt 2503 NOEXIST::FUNCTION:
+ENGINE_get_next 2504 EXIST::FUNCTION:ENGINE
+ENGINE_set_name 2505 EXIST::FUNCTION:ENGINE
+ENGINE_get_default_DSA 2506 EXIST::FUNCTION:ENGINE
+ENGINE_set_default_BN_mod_exp 2507 NOEXIST::FUNCTION:
+ENGINE_set_default_RSA 2508 EXIST::FUNCTION:ENGINE
+ENGINE_get_default_RAND 2509 EXIST::FUNCTION:ENGINE
+ENGINE_get_default_BN_mod_exp 2510 NOEXIST::FUNCTION:
+ENGINE_set_RAND 2511 EXIST::FUNCTION:ENGINE
+ENGINE_set_id 2512 EXIST::FUNCTION:ENGINE
+ENGINE_set_BN_mod_exp_crt 2513 NOEXIST::FUNCTION:
+ENGINE_set_default_DH 2514 EXIST::FUNCTION:ENGINE
+ENGINE_new 2515 EXIST::FUNCTION:ENGINE
+ENGINE_get_id 2516 EXIST::FUNCTION:ENGINE
+DSA_set_default_openssl_method 2517 NOEXIST::FUNCTION:
+ENGINE_add 2518 EXIST::FUNCTION:ENGINE
+DH_set_default_openssl_method 2519 NOEXIST::FUNCTION:
+ENGINE_get_DSA 2520 EXIST::FUNCTION:ENGINE
+ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:ENGINE
+ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:ENGINE
+BN_pseudo_rand_range 2523 EXIST::FUNCTION:
+X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION:
+ERR_load_COMP_strings 2525 EXIST::FUNCTION:
+PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION:
+ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_unregister_ciphers 2528 EXIST::FUNCTION:ENGINE
+ENGINE_get_ciphers 2529 EXIST::FUNCTION:ENGINE
+d2i_OCSP_BASICRESP 2530 EXIST::FUNCTION:
+KRB5_CHECKSUM_it 2531 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_CHECKSUM_it 2531 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINT_add 2532 EXIST::FUNCTION:EC
+ASN1_item_ex_i2d 2533 EXIST::FUNCTION:
+OCSP_CERTID_it 2534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CERTID_it 2534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_RESPBYTES 2535 EXIST::FUNCTION:
+X509V3_add1_i2d 2536 EXIST::FUNCTION:
+PKCS7_ENVELOPE_it 2537 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENVELOPE_it 2537 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_add_input_boolean 2538 EXIST::FUNCTION:
+ENGINE_unregister_RSA 2539 EXIST::FUNCTION:ENGINE
+X509V3_EXT_nconf 2540 EXIST::FUNCTION:
+ASN1_GENERALSTRING_free 2541 EXIST::FUNCTION:
+d2i_OCSP_CERTSTATUS 2542 EXIST::FUNCTION:
+X509_REVOKED_set_serialNumber 2543 EXIST::FUNCTION:
+X509_print_ex 2544 EXIST::FUNCTION:BIO
+OCSP_ONEREQ_get1_ext_d2i 2545 EXIST::FUNCTION:
+ENGINE_register_all_RAND 2546 EXIST::FUNCTION:ENGINE
+ENGINE_load_dynamic 2547 EXIST::FUNCTION:ENGINE
+PBKDF2PARAM_it 2548 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBKDF2PARAM_it 2548 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EXTENDED_KEY_USAGE_new 2549 EXIST::FUNCTION:
+EC_GROUP_clear_free 2550 EXIST::FUNCTION:EC
+OCSP_sendreq_bio 2551 EXIST::FUNCTION:
+ASN1_item_digest 2552 EXIST::FUNCTION:EVP
+OCSP_BASICRESP_delete_ext 2553 EXIST::FUNCTION:
+OCSP_SIGNATURE_it 2554 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SIGNATURE_it 2554 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_it 2555 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_it 2555 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_BASICRESP_add_ext 2556 EXIST::FUNCTION:
+KRB5_ENCKEY_it 2557 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_ENCKEY_it 2557 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_method_set_closer 2558 EXIST::FUNCTION:
+X509_STORE_set_purpose 2559 EXIST::FUNCTION:
+i2d_ASN1_GENERALSTRING 2560 EXIST::FUNCTION:
+OCSP_response_status 2561 EXIST::FUNCTION:
+i2d_OCSP_SERVICELOC 2562 EXIST::FUNCTION:
+ENGINE_get_digest_engine 2563 EXIST::FUNCTION:ENGINE
+EC_GROUP_set_curve_GFp 2564 EXIST::FUNCTION:EC
+OCSP_REQUEST_get_ext_by_OBJ 2565 EXIST::FUNCTION:
+_ossl_old_des_random_key 2566 EXIST::FUNCTION:DES
+ASN1_T61STRING_it 2567 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_T61STRING_it 2567 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_method_of 2568 EXIST::FUNCTION:EC
+i2d_KRB5_APREQ 2569 EXIST::FUNCTION:
+_ossl_old_des_encrypt 2570 EXIST::FUNCTION:DES
+ASN1_PRINTABLE_new 2571 EXIST::FUNCTION:
+HMAC_Init_ex 2572 EXIST::FUNCTION:HMAC
+d2i_KRB5_AUTHENT 2573 EXIST::FUNCTION:
+OCSP_archive_cutoff_new 2574 EXIST::FUNCTION:
+EC_POINT_set_Jprojective_coordinates_GFp 2575 EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_Jproj_coords_GFp 2575 EXIST:VMS:FUNCTION:EC
+_ossl_old_des_is_weak_key 2576 EXIST::FUNCTION:DES
+OCSP_BASICRESP_get_ext_by_OBJ 2577 EXIST::FUNCTION:
+EC_POINT_oct2point 2578 EXIST::FUNCTION:EC
+OCSP_SINGLERESP_get_ext_count 2579 EXIST::FUNCTION:
+UI_ctrl 2580 EXIST::FUNCTION:
+_shadow_DES_rw_mode 2581 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_rw_mode 2581 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+asn1_do_adb 2582 EXIST::FUNCTION:
+ASN1_template_i2d 2583 EXIST::FUNCTION:
+ENGINE_register_DH 2584 EXIST::FUNCTION:ENGINE
+UI_construct_prompt 2585 EXIST::FUNCTION:
+X509_STORE_set_trust 2586 EXIST::FUNCTION:
+UI_dup_input_string 2587 EXIST::FUNCTION:
+d2i_KRB5_APREQ 2588 EXIST::FUNCTION:
+EVP_MD_CTX_copy_ex 2589 EXIST::FUNCTION:
+OCSP_request_is_signed 2590 EXIST::FUNCTION:
+i2d_OCSP_REQINFO 2591 EXIST::FUNCTION:
+KRB5_ENCKEY_free 2592 EXIST::FUNCTION:
+OCSP_resp_get0 2593 EXIST::FUNCTION:
+GENERAL_NAME_it 2594 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAME_it 2594 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_GENERALIZEDTIME_it 2595 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALIZEDTIME_it 2595 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_STORE_set_flags 2596 EXIST::FUNCTION:
+EC_POINT_set_compressed_coordinates_GFp 2597 EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_compr_coords_GFp 2597 EXIST:VMS:FUNCTION:EC
+OCSP_response_status_str 2598 EXIST::FUNCTION:
+d2i_OCSP_REVOKEDINFO 2599 EXIST::FUNCTION:
+OCSP_basic_add1_cert 2600 EXIST::FUNCTION:
+ERR_get_implementation 2601 EXIST::FUNCTION:
+EVP_CipherFinal_ex 2602 EXIST::FUNCTION:
+OCSP_CERTSTATUS_new 2603 EXIST::FUNCTION:
+CRYPTO_cleanup_all_ex_data 2604 EXIST::FUNCTION:
+OCSP_resp_find 2605 EXIST::FUNCTION:
+BN_nnmod 2606 EXIST::FUNCTION:
+X509_CRL_sort 2607 EXIST::FUNCTION:
+X509_REVOKED_set_revocationDate 2608 EXIST::FUNCTION:
+ENGINE_register_RAND 2609 EXIST::FUNCTION:ENGINE
+OCSP_SERVICELOC_new 2610 EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GFp 2611 EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_affine_coords_GFp 2611 EXIST:VMS:FUNCTION:EC
+_ossl_old_des_options 2612 EXIST::FUNCTION:DES
+SXNET_it 2613 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNET_it 2613 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_dup_input_boolean 2614 EXIST::FUNCTION:
+PKCS12_add_CSPName_asc 2615 EXIST::FUNCTION:
+EC_POINT_is_at_infinity 2616 EXIST::FUNCTION:EC
+ENGINE_load_cryptodev 2617 EXIST::FUNCTION:ENGINE
+DSO_convert_filename 2618 EXIST::FUNCTION:
+POLICYQUALINFO_it 2619 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYQUALINFO_it 2619 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_ciphers 2620 EXIST::FUNCTION:ENGINE
+BN_mod_lshift_quick 2621 EXIST::FUNCTION:
+DSO_set_filename 2622 EXIST::FUNCTION:
+ASN1_item_free 2623 EXIST::FUNCTION:
+KRB5_TKTBODY_free 2624 EXIST::FUNCTION:
+AUTHORITY_KEYID_it 2625 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_KEYID_it 2625 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_APREQBODY_new 2626 EXIST::FUNCTION:
+X509V3_EXT_REQ_add_nconf 2627 EXIST::FUNCTION:
+ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION:ENGINE
+i2d_OCSP_RESPDATA 2629 EXIST::FUNCTION:
+EVP_MD_CTX_init 2630 EXIST::FUNCTION:
+EXTENDED_KEY_USAGE_free 2631 EXIST::FUNCTION:
+PKCS7_ATTR_SIGN_it 2632 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_add_error_string 2633 EXIST::FUNCTION:
+KRB5_CHECKSUM_free 2634 EXIST::FUNCTION:
+OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION:
+ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE
+PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_unpack_authsafes 2639 EXIST::FUNCTION:
+ASN1_item_unpack 2640 EXIST::FUNCTION:
+NETSCAPE_SPKAC_it 2641 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKAC_it 2641 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REVOKED_it 2642 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REVOKED_it 2642 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_STRING_encode 2643 EXIST::FUNCTION:
+EVP_aes_128_ecb 2644 EXIST::FUNCTION:AES
+KRB5_AUTHENT_free 2645 EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_critical 2646 EXIST:!VMS:FUNCTION:
+OCSP_BASICRESP_get_ext_by_crit 2646 EXIST:VMS:FUNCTION:
+OCSP_cert_status_str 2647 EXIST::FUNCTION:
+d2i_OCSP_REQUEST 2648 EXIST::FUNCTION:
+UI_dup_info_string 2649 EXIST::FUNCTION:
+_ossl_old_des_xwhite_in2out 2650 NOEXIST::FUNCTION:
+PKCS12_it 2651 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_it 2651 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_get_ext_by_critical 2652 EXIST:!VMS:FUNCTION:
+OCSP_SINGLERESP_get_ext_by_crit 2652 EXIST:VMS:FUNCTION:
+OCSP_CERTSTATUS_free 2653 EXIST::FUNCTION:
+_ossl_old_des_crypt 2654 EXIST::FUNCTION:DES
+ASN1_item_i2d 2655 EXIST::FUNCTION:
+EVP_DecryptFinal_ex 2656 EXIST::FUNCTION:
+ENGINE_load_openssl 2657 EXIST::FUNCTION:ENGINE
+ENGINE_get_cmd_defns 2658 EXIST::FUNCTION:ENGINE
+ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION:ENGINE
+EVP_EncryptFinal_ex 2660 EXIST::FUNCTION:
+ENGINE_set_default_digests 2661 EXIST::FUNCTION:ENGINE
+X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION:
+asn1_ex_i2c 2663 EXIST::FUNCTION:
+ENGINE_register_RSA 2664 EXIST::FUNCTION:ENGINE
+ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE
+_ossl_old_des_key_sched 2666 EXIST::FUNCTION:DES
+X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_KRB5_AUTHENT 2668 EXIST::FUNCTION:
+SXNETID_it 2669 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNETID_it 2669 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_SINGLERESP 2670 EXIST::FUNCTION:
+EDIPARTYNAME_new 2671 EXIST::FUNCTION:
+PKCS12_certbag2x509 2672 EXIST::FUNCTION:
+_ossl_old_des_ofb64_encrypt 2673 EXIST::FUNCTION:DES
+d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION:
+ERR_print_errors_cb 2675 EXIST::FUNCTION:
+ENGINE_set_ciphers 2676 EXIST::FUNCTION:ENGINE
+d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION:
+UI_method_get_flusher 2678 EXIST::FUNCTION:
+X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_PUBKEY_it 2679 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_enc_read 2680 EXIST::FUNCTION:DES
+PKCS7_ENCRYPT_it 2681 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENCRYPT_it 2681 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_OCSP_RESPONSE 2682 EXIST::FUNCTION:
+EC_GROUP_get_cofactor 2683 EXIST::FUNCTION:EC
+PKCS12_unpack_p7data 2684 EXIST::FUNCTION:
+d2i_KRB5_AUTHDATA 2685 EXIST::FUNCTION:
+OCSP_copy_nonce 2686 EXIST::FUNCTION:
+KRB5_AUTHDATA_new 2687 EXIST::FUNCTION:
+OCSP_RESPDATA_new 2688 EXIST::FUNCTION:
+EC_GFp_mont_method 2689 EXIST::FUNCTION:EC
+OCSP_REVOKEDINFO_free 2690 EXIST::FUNCTION:
+UI_get_ex_data 2691 EXIST::FUNCTION:
+KRB5_APREQBODY_free 2692 EXIST::FUNCTION:
+EC_GROUP_get0_generator 2693 EXIST::FUNCTION:EC
+UI_get_default_method 2694 EXIST::FUNCTION:
+X509V3_set_nconf 2695 EXIST::FUNCTION:
+PKCS12_item_i2d_encrypt 2696 EXIST::FUNCTION:
+X509_add1_ext_i2d 2697 EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_it 2698 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNER_INFO_it 2698 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_PRINCNAME_new 2699 EXIST::FUNCTION:
+PKCS12_SAFEBAG_it 2700 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAG_it 2700 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_get_order 2701 EXIST::FUNCTION:EC
+d2i_OCSP_RESPID 2702 EXIST::FUNCTION:
+OCSP_request_verify 2703 EXIST::FUNCTION:
+NCONF_get_number_e 2704 EXIST::FUNCTION:
+_ossl_old_des_decrypt3 2705 EXIST::FUNCTION:DES
+X509_signature_print 2706 EXIST::FUNCTION:EVP
+OCSP_SINGLERESP_free 2707 EXIST::FUNCTION:
+ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:ENGINE
+i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION:
+OCSP_REQUEST_add_ext 2710 EXIST::FUNCTION:
+OCSP_RESPBYTES_new 2711 EXIST::FUNCTION:
+EVP_MD_CTX_create 2712 EXIST::FUNCTION:
+OCSP_resp_find_status 2713 EXIST::FUNCTION:
+X509_ALGOR_it 2714 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGOR_it 2714 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_TIME_it 2715 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TIME_it 2715 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_set1_name 2716 EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_count 2717 EXIST::FUNCTION:
+UI_get0_result 2718 EXIST::FUNCTION:
+PKCS12_AUTHSAFES_it 2719 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_AUTHSAFES_it 2719 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_256_ecb 2720 EXIST::FUNCTION:AES
+PKCS12_pack_authsafes 2721 EXIST::FUNCTION:
+ASN1_IA5STRING_it 2722 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_IA5STRING_it 2722 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_input_flags 2723 EXIST::FUNCTION:
+EC_GROUP_set_generator 2724 EXIST::FUNCTION:EC
+_ossl_old_des_string_to_2keys 2725 EXIST::FUNCTION:DES
+OCSP_CERTID_free 2726 EXIST::FUNCTION:
+X509_CERT_AUX_it 2727 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_AUX_it 2727 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CERTIFICATEPOLICIES_it 2728 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CERTIFICATEPOLICIES_it 2728 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_ede3_cbc_encrypt 2729 EXIST::FUNCTION:DES
+RAND_set_rand_engine 2730 EXIST::FUNCTION:ENGINE
+DSO_get_loaded_filename 2731 EXIST::FUNCTION:
+X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ATTRIBUTE_it 2732 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_ONEREQ_get_ext_by_NID 2733 EXIST::FUNCTION:
+PKCS12_decrypt_skey 2734 EXIST::FUNCTION:
+KRB5_AUTHENT_it 2735 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHENT_it 2735 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_dup_error_string 2736 EXIST::FUNCTION:
+RSAPublicKey_it 2737 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPublicKey_it 2737 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+i2d_OCSP_REQUEST 2738 EXIST::FUNCTION:
+PKCS12_x509crl2certbag 2739 EXIST::FUNCTION:
+OCSP_SERVICELOC_it 2740 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SERVICELOC_it 2740 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_item_sign 2741 EXIST::FUNCTION:EVP
+X509_CRL_set_issuer_name 2742 EXIST::FUNCTION:
+OBJ_NAME_do_all_sorted 2743 EXIST::FUNCTION:
+i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION:
+i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION:
+PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION:
+HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC
+ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE
+OCSP_RESPONSE_print 2749 EXIST::FUNCTION:
+KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_TKTBODY_it 2750 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ACCESS_DESCRIPTION_it 2751 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ACCESS_DESCRIPTION_it 2751 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_it 2752 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ISSUER_AND_SERIAL_it 2752 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PBE2PARAM_it 2753 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBE2PARAM_it 2753 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_certbag2x509crl 2754 EXIST::FUNCTION:
+PKCS7_SIGNED_it 2755 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNED_it 2755 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_cipher 2756 EXIST::FUNCTION:ENGINE
+i2d_OCSP_CRLID 2757 EXIST::FUNCTION:
+OCSP_SINGLERESP_new 2758 EXIST::FUNCTION:
+ENGINE_cmd_is_executable 2759 EXIST::FUNCTION:ENGINE
+RSA_up_ref 2760 EXIST::FUNCTION:RSA
+ASN1_GENERALSTRING_it 2761 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALSTRING_it 2761 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_DSA 2762 EXIST::FUNCTION:ENGINE
+X509V3_EXT_add_nconf_sk 2763 EXIST::FUNCTION:
+ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION:ENGINE
+PKCS8_decrypt 2765 EXIST::FUNCTION:
+PEM_bytes_read_bio 2766 EXIST::FUNCTION:BIO
+DIRECTORYSTRING_it 2767 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIRECTORYSTRING_it 2767 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_CRLID 2768 EXIST::FUNCTION:
+EC_POINT_is_on_curve 2769 EXIST::FUNCTION:EC
+CRYPTO_set_locked_mem_ex_functions 2770 EXIST:!VMS:FUNCTION:
+CRYPTO_set_locked_mem_ex_funcs 2770 EXIST:VMS:FUNCTION:
+d2i_KRB5_CHECKSUM 2771 EXIST::FUNCTION:
+ASN1_item_dup 2772 EXIST::FUNCTION:
+X509_it 2773 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_it 2773 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add 2774 EXIST::FUNCTION:
+KRB5_AUTHDATA_free 2775 EXIST::FUNCTION:
+_ossl_old_des_cbc_cksum 2776 EXIST::FUNCTION:DES
+ASN1_item_verify 2777 EXIST::FUNCTION:EVP
+CRYPTO_set_mem_ex_functions 2778 EXIST::FUNCTION:
+EC_POINT_get_Jprojective_coordinates_GFp 2779 EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_Jproj_coords_GFp 2779 EXIST:VMS:FUNCTION:EC
+ZLONG_it 2780 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZLONG_it 2780 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_get_locked_mem_ex_functions 2781 EXIST:!VMS:FUNCTION:
+CRYPTO_get_locked_mem_ex_funcs 2781 EXIST:VMS:FUNCTION:
+ASN1_TIME_check 2782 EXIST::FUNCTION:
+UI_get0_user_data 2783 EXIST::FUNCTION:
+HMAC_CTX_cleanup 2784 EXIST::FUNCTION:HMAC
+DSA_up_ref 2785 EXIST::FUNCTION:DSA
+_ossl_old_des_ede3_cfb64_encrypt 2786 EXIST:!VMS:FUNCTION:DES
+_ossl_odes_ede3_cfb64_encrypt 2786 EXIST:VMS:FUNCTION:DES
+ASN1_BMPSTRING_it 2787 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BMPSTRING_it 2787 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_tag2bit 2788 EXIST::FUNCTION:
+UI_method_set_flusher 2789 EXIST::FUNCTION:
+X509_ocspid_print 2790 EXIST::FUNCTION:BIO
+KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:ENGINE
+UI_add_user_data 2793 EXIST::FUNCTION:
+OCSP_REQUEST_delete_ext 2794 EXIST::FUNCTION:
+UI_get_method 2795 EXIST::FUNCTION:
+OCSP_ONEREQ_free 2796 EXIST::FUNCTION:
+ASN1_PRINTABLESTRING_it 2797 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLESTRING_it 2797 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_set_nextUpdate 2798 EXIST::FUNCTION:
+OCSP_REQUEST_it 2799 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REQUEST_it 2799 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_BASICRESP_it 2800 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_BASICRESP_it 2800 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_ecb_encrypt 2801 EXIST::FUNCTION:AES
+BN_mod_sqr 2802 EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_it 2803 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_CERT_SEQUENCE_it 2803 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_NAMES_it 2804 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAMES_it 2804 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AUTHORITY_INFO_ACCESS_it 2805 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_INFO_ACCESS_it 2805 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_FBOOLEAN_it 2806 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_ex_data 2807 EXIST::FUNCTION:
+_ossl_old_des_string_to_key 2808 EXIST::FUNCTION:DES
+ENGINE_register_all_RSA 2809 EXIST::FUNCTION:ENGINE
+d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION:
+OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPBYTES_it 2811 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CINF_it 2812 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CINF_it 2812 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_unregister_digests 2813 EXIST::FUNCTION:ENGINE
+d2i_EDIPARTYNAME 2814 EXIST::FUNCTION:
+d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION:
+ENGINE_get_digests 2816 EXIST::FUNCTION:ENGINE
+_ossl_old_des_set_odd_parity 2817 EXIST::FUNCTION:DES
+OCSP_RESPDATA_free 2818 EXIST::FUNCTION:
+d2i_KRB5_TICKET 2819 EXIST::FUNCTION:
+OTHERNAME_it 2820 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OTHERNAME_it 2820 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_MD_CTX_cleanup 2821 EXIST::FUNCTION:
+d2i_ASN1_GENERALSTRING 2822 EXIST::FUNCTION:
+X509_CRL_set_version 2823 EXIST::FUNCTION:
+BN_mod_sub 2824 EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_by_NID 2825 EXIST::FUNCTION:
+ENGINE_get_ex_new_index 2826 EXIST::FUNCTION:ENGINE
+OCSP_REQUEST_free 2827 EXIST::FUNCTION:
+OCSP_REQUEST_add1_ext_i2d 2828 EXIST::FUNCTION:
+X509_VAL_it 2829 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_VAL_it 2829 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINTs_make_affine 2830 EXIST::FUNCTION:EC
+EC_POINT_mul 2831 EXIST::FUNCTION:EC
+X509V3_EXT_add_nconf 2832 EXIST::FUNCTION:
+X509_TRUST_set 2833 EXIST::FUNCTION:
+X509_CRL_add1_ext_i2d 2834 EXIST::FUNCTION:
+_ossl_old_des_fcrypt 2835 EXIST::FUNCTION:DES
+DISPLAYTEXT_it 2836 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DISPLAYTEXT_it 2836 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_set_lastUpdate 2837 EXIST::FUNCTION:
+OCSP_BASICRESP_free 2838 EXIST::FUNCTION:
+OCSP_BASICRESP_add1_ext_i2d 2839 EXIST::FUNCTION:
+d2i_KRB5_AUTHENTBODY 2840 EXIST::FUNCTION:
+CRYPTO_set_ex_data_implementation 2841 EXIST:!VMS:FUNCTION:
+CRYPTO_set_ex_data_impl 2841 EXIST:VMS:FUNCTION:
+KRB5_ENCDATA_new 2842 EXIST::FUNCTION:
+DSO_up_ref 2843 EXIST::FUNCTION:
+OCSP_crl_reason_str 2844 EXIST::FUNCTION:
+UI_get0_result_string 2845 EXIST::FUNCTION:
+ASN1_GENERALSTRING_new 2846 EXIST::FUNCTION:
+X509_SIG_it 2847 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_SIG_it 2847 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_set_implementation 2848 EXIST::FUNCTION:
+ERR_load_EC_strings 2849 EXIST::FUNCTION:EC
+UI_get0_action_string 2850 EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext 2851 EXIST::FUNCTION:
+EC_POINT_method_of 2852 EXIST::FUNCTION:EC
+i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION:
+_ossl_old_des_ecb3_encrypt 2854 EXIST::FUNCTION:DES
+CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION:
+ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE
+UI_destroy_method 2857 EXIST::FUNCTION:
+ASN1_item_i2d_bio 2858 EXIST::FUNCTION:BIO
+OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION:
+ASN1_primitive_new 2860 EXIST::FUNCTION:
+ASN1_PRINTABLE_it 2861 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLE_it 2861 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_192_ecb 2862 EXIST::FUNCTION:AES
+OCSP_SIGNATURE_new 2863 EXIST::FUNCTION:
+LONG_it 2864 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+LONG_it 2864 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_VISIBLESTRING_it 2865 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_VISIBLESTRING_it 2865 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_add1_ext_i2d 2866 EXIST::FUNCTION:
+d2i_OCSP_CERTID 2867 EXIST::FUNCTION:
+ASN1_item_d2i_fp 2868 EXIST::FUNCTION:FP_API
+CRL_DIST_POINTS_it 2869 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CRL_DIST_POINTS_it 2869 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_NAME_print 2870 EXIST::FUNCTION:
+OCSP_SINGLERESP_delete_ext 2871 EXIST::FUNCTION:
+PKCS12_SAFEBAGS_it 2872 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAGS_it 2872 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_SIGNATURE 2873 EXIST::FUNCTION:
+OCSP_request_add1_nonce 2874 EXIST::FUNCTION:
+ENGINE_set_cmd_defns 2875 EXIST::FUNCTION:ENGINE
+OCSP_SERVICELOC_free 2876 EXIST::FUNCTION:
+EC_GROUP_free 2877 EXIST::FUNCTION:EC
+ASN1_BIT_STRING_it 2878 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BIT_STRING_it 2878 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REQ_it 2879 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_it 2879 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_cbc_encrypt 2880 EXIST::FUNCTION:DES
+ERR_unload_strings 2881 EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_it 2882 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGN_ENVELOPE_it 2882 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EDIPARTYNAME_free 2883 EXIST::FUNCTION:
+OCSP_REQINFO_free 2884 EXIST::FUNCTION:
+EC_GROUP_new_curve_GFp 2885 EXIST::FUNCTION:EC
+OCSP_REQUEST_get1_ext_d2i 2886 EXIST::FUNCTION:
+PKCS12_item_pack_safebag 2887 EXIST::FUNCTION:
+asn1_ex_c2i 2888 EXIST::FUNCTION:
+ENGINE_register_digests 2889 EXIST::FUNCTION:ENGINE
+i2d_OCSP_REVOKEDINFO 2890 EXIST::FUNCTION:
+asn1_enc_restore 2891 EXIST::FUNCTION:
+UI_free 2892 EXIST::FUNCTION:
+UI_new_method 2893 EXIST::FUNCTION:
+EVP_EncryptInit_ex 2894 EXIST::FUNCTION:
+X509_pubkey_digest 2895 EXIST::FUNCTION:EVP
+EC_POINT_invert 2896 EXIST::FUNCTION:EC
+OCSP_basic_sign 2897 EXIST::FUNCTION:
+i2d_OCSP_RESPID 2898 EXIST::FUNCTION:
+OCSP_check_nonce 2899 EXIST::FUNCTION:
+ENGINE_ctrl_cmd 2900 EXIST::FUNCTION:ENGINE
+d2i_KRB5_ENCKEY 2901 EXIST::FUNCTION:
+OCSP_parse_url 2902 EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext 2903 EXIST::FUNCTION:
+OCSP_CRLID_free 2904 EXIST::FUNCTION:
+OCSP_BASICRESP_get1_ext_d2i 2905 EXIST::FUNCTION:
+RSAPrivateKey_it 2906 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPrivateKey_it 2906 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+ENGINE_register_all_DH 2907 EXIST::FUNCTION:ENGINE
+i2d_EDIPARTYNAME 2908 EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GFp 2909 EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_affine_coords_GFp 2909 EXIST:VMS:FUNCTION:EC
+OCSP_CRLID_new 2910 EXIST::FUNCTION:
+ENGINE_get_flags 2911 EXIST::FUNCTION:ENGINE
+OCSP_ONEREQ_it 2912 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_ONEREQ_it 2912 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_process 2913 EXIST::FUNCTION:
+ASN1_INTEGER_it 2914 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_INTEGER_it 2914 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_CipherInit_ex 2915 EXIST::FUNCTION:
+UI_get_string_type 2916 EXIST::FUNCTION:
+ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE
+ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE
+OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION:
+bn_dup_expand 2920 EXIST::FUNCTION:DEPRECATED
+OCSP_cert_id_new 2921 EXIST::FUNCTION:
+BASIC_CONSTRAINTS_it 2922 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BASIC_CONSTRAINTS_it 2922 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add_quick 2923 EXIST::FUNCTION:
+EC_POINT_new 2924 EXIST::FUNCTION:EC
+EVP_MD_CTX_destroy 2925 EXIST::FUNCTION:
+OCSP_RESPBYTES_free 2926 EXIST::FUNCTION:
+EVP_aes_128_cbc 2927 EXIST::FUNCTION:AES
+OCSP_SINGLERESP_get1_ext_d2i 2928 EXIST::FUNCTION:
+EC_POINT_free 2929 EXIST::FUNCTION:EC
+DH_up_ref 2930 EXIST::FUNCTION:DH
+X509_NAME_ENTRY_it 2931 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_ENTRY_it 2931 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_ex_new_index 2932 EXIST::FUNCTION:
+BN_mod_sub_quick 2933 EXIST::FUNCTION:
+OCSP_ONEREQ_add_ext 2934 EXIST::FUNCTION:
+OCSP_request_sign 2935 EXIST::FUNCTION:
+EVP_DigestFinal_ex 2936 EXIST::FUNCTION:
+ENGINE_set_digests 2937 EXIST::FUNCTION:ENGINE
+OCSP_id_issuer_cmp 2938 EXIST::FUNCTION:
+OBJ_NAME_do_all 2939 EXIST::FUNCTION:
+EC_POINTs_mul 2940 EXIST::FUNCTION:EC
+ENGINE_register_complete 2941 EXIST::FUNCTION:ENGINE
+X509V3_EXT_nconf_nid 2942 EXIST::FUNCTION:
+ASN1_SEQUENCE_it 2943 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_it 2943 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_default_method 2944 EXIST::FUNCTION:
+RAND_query_egd_bytes 2945 EXIST::FUNCTION:
+UI_method_get_writer 2946 EXIST::FUNCTION:
+UI_OpenSSL 2947 EXIST::FUNCTION:
+PEM_def_callback 2948 EXIST::FUNCTION:
+ENGINE_cleanup 2949 EXIST::FUNCTION:ENGINE
+DIST_POINT_it 2950 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_it 2950 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_it 2951 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SINGLERESP_it 2951 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_KRB5_TKTBODY 2952 EXIST::FUNCTION:
+EC_POINT_cmp 2953 EXIST::FUNCTION:EC
+OCSP_REVOKEDINFO_new 2954 EXIST::FUNCTION:
+i2d_OCSP_CERTSTATUS 2955 EXIST::FUNCTION:
+OCSP_basic_add1_nonce 2956 EXIST::FUNCTION:
+ASN1_item_ex_d2i 2957 EXIST::FUNCTION:
+BN_mod_lshift1_quick 2958 EXIST::FUNCTION:
+UI_set_method 2959 EXIST::FUNCTION:
+OCSP_id_get0_info 2960 EXIST::FUNCTION:
+BN_mod_sqrt 2961 EXIST::FUNCTION:
+EC_GROUP_copy 2962 EXIST::FUNCTION:EC
+KRB5_ENCDATA_free 2963 EXIST::FUNCTION:
+_ossl_old_des_cfb_encrypt 2964 EXIST::FUNCTION:DES
+OCSP_SINGLERESP_get_ext_by_OBJ 2965 EXIST::FUNCTION:
+OCSP_cert_to_id 2966 EXIST::FUNCTION:
+OCSP_RESPID_new 2967 EXIST::FUNCTION:
+OCSP_RESPDATA_it 2968 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPDATA_it 2968 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_RESPDATA 2969 EXIST::FUNCTION:
+ENGINE_register_all_complete 2970 EXIST::FUNCTION:ENGINE
+OCSP_check_validity 2971 EXIST::FUNCTION:
+PKCS12_BAGS_it 2972 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_BAGS_it 2972 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_url_svcloc_new 2973 EXIST::FUNCTION:
+ASN1_template_free 2974 EXIST::FUNCTION:
+OCSP_SINGLERESP_add_ext 2975 EXIST::FUNCTION:
+KRB5_AUTHENTBODY_it 2976 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHENTBODY_it 2976 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_supported_extension 2977 EXIST::FUNCTION:
+i2d_KRB5_AUTHDATA 2978 EXIST::FUNCTION:
+UI_method_get_opener 2979 EXIST::FUNCTION:
+ENGINE_set_ex_data 2980 EXIST::FUNCTION:ENGINE
+OCSP_REQUEST_print 2981 EXIST::FUNCTION:
+CBIGNUM_it 2982 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CBIGNUM_it 2982 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_TICKET_new 2983 EXIST::FUNCTION:
+KRB5_APREQ_new 2984 EXIST::FUNCTION:
+EC_GROUP_get_curve_GFp 2985 EXIST::FUNCTION:EC
+KRB5_ENCKEY_new 2986 EXIST::FUNCTION:
+ASN1_template_d2i 2987 EXIST::FUNCTION:
+_ossl_old_des_quad_cksum 2988 EXIST::FUNCTION:DES
+OCSP_single_get0_status 2989 EXIST::FUNCTION:
+BN_swap 2990 EXIST::FUNCTION:
+POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYINFO_it 2991 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_set_destroy_function 2992 EXIST::FUNCTION:ENGINE
+asn1_enc_free 2993 EXIST::FUNCTION:
+OCSP_RESPID_it 2994 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_new 2995 EXIST::FUNCTION:EC
+EVP_aes_256_cbc 2996 EXIST::FUNCTION:AES
+i2d_KRB5_PRINCNAME 2997 EXIST::FUNCTION:
+_ossl_old_des_encrypt2 2998 EXIST::FUNCTION:DES
+_ossl_old_des_encrypt3 2999 EXIST::FUNCTION:DES
+PKCS8_PRIV_KEY_INFO_it 3000 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS8_PRIV_KEY_INFO_it 3000 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQINFO_it 3001 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REQINFO_it 3001 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PBEPARAM_it 3002 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBEPARAM_it 3002 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_AUTHENTBODY_new 3003 EXIST::FUNCTION:
+X509_CRL_add0_revoked 3004 EXIST::FUNCTION:
+EDIPARTYNAME_it 3005 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EDIPARTYNAME_it 3005 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+NETSCAPE_SPKI_it 3006 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKI_it 3006 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get0_test_string 3007 EXIST::FUNCTION:
+ENGINE_get_cipher_engine 3008 EXIST::FUNCTION:ENGINE
+ENGINE_register_all_ciphers 3009 EXIST::FUNCTION:ENGINE
+EC_POINT_copy 3010 EXIST::FUNCTION:EC
+BN_kronecker 3011 EXIST::FUNCTION:
+_ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES
+_ossl_odes_ede3_ofb64_encrypt 3012 EXIST:VMS:FUNCTION:DES
+UI_method_get_reader 3013 EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_count 3014 EXIST::FUNCTION:
+ASN1_ENUMERATED_it 3015 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ENUMERATED_it 3015 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_result 3016 EXIST::FUNCTION:
+i2d_KRB5_TICKET 3017 EXIST::FUNCTION:
+X509_print_ex_fp 3018 EXIST::FUNCTION:FP_API
+EVP_CIPHER_CTX_set_padding 3019 EXIST::FUNCTION:
+d2i_OCSP_RESPONSE 3020 EXIST::FUNCTION:
+ASN1_UTCTIME_it 3021 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTCTIME_it 3021 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_enc_write 3022 EXIST::FUNCTION:DES
+OCSP_RESPONSE_new 3023 EXIST::FUNCTION:
+AES_set_encrypt_key 3024 EXIST::FUNCTION:AES
+OCSP_resp_count 3025 EXIST::FUNCTION:
+KRB5_CHECKSUM_new 3026 EXIST::FUNCTION:
+ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+OCSP_onereq_get0_id 3028 EXIST::FUNCTION:
+ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE
+NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NOTICEREF_it 3030 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_EXT_CRL_add_nconf 3031 EXIST::FUNCTION:
+OCSP_REVOKEDINFO_it 3032 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REVOKEDINFO_it 3032 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_encrypt 3033 EXIST::FUNCTION:AES
+OCSP_REQUEST_new 3034 EXIST::FUNCTION:
+ASN1_ANY_it 3035 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ANY_it 3035 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_ex_data_new_class 3036 EXIST::FUNCTION:
+_ossl_old_des_ncbc_encrypt 3037 EXIST::FUNCTION:DES
+i2d_KRB5_TKTBODY 3038 EXIST::FUNCTION:
+EC_POINT_clear_free 3039 EXIST::FUNCTION:EC
+AES_decrypt 3040 EXIST::FUNCTION:AES
+asn1_enc_init 3041 EXIST::FUNCTION:
+UI_get_result_maxsize 3042 EXIST::FUNCTION:
+OCSP_CERTID_new 3043 EXIST::FUNCTION:
+ENGINE_unregister_RAND 3044 EXIST::FUNCTION:ENGINE
+UI_method_get_closer 3045 EXIST::FUNCTION:
+d2i_KRB5_ENCDATA 3046 EXIST::FUNCTION:
+OCSP_request_onereq_count 3047 EXIST::FUNCTION:
+OCSP_basic_verify 3048 EXIST::FUNCTION:
+KRB5_AUTHENTBODY_free 3049 EXIST::FUNCTION:
+ASN1_item_d2i 3050 EXIST::FUNCTION:
+ASN1_primitive_free 3051 EXIST::FUNCTION:
+i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION:
+i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION:
+asn1_enc_save 3054 EXIST::FUNCTION:
+ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+_ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES
+PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_accept_responses_new 3058 EXIST::FUNCTION:
+asn1_do_lock 3059 EXIST::FUNCTION:
+PKCS7_ATTR_VERIFY_it 3060 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_VERIFY_it 3060 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_APREQBODY_it 3061 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_APREQBODY_it 3061 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_OCSP_SINGLERESP 3062 EXIST::FUNCTION:
+ASN1_item_ex_new 3063 EXIST::FUNCTION:
+UI_add_verify_string 3064 EXIST::FUNCTION:
+_ossl_old_des_set_key 3065 EXIST::FUNCTION:DES
+KRB5_PRINCNAME_it 3066 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_PRINCNAME_it 3066 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_DecryptInit_ex 3067 EXIST::FUNCTION:
+i2d_OCSP_CERTID 3068 EXIST::FUNCTION:
+ASN1_item_d2i_bio 3069 EXIST::FUNCTION:BIO
+EC_POINT_dbl 3070 EXIST::FUNCTION:EC
+asn1_get_choice_selector 3071 EXIST::FUNCTION:
+i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION:
+ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE
+AES_options 3074 EXIST::FUNCTION:AES
+ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+OCSP_id_cmp 3076 EXIST::FUNCTION:
+OCSP_BASICRESP_new 3077 EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION:
+KRB5_APREQ_it 3079 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_APREQ_it 3079 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_destroy_function 3080 EXIST::FUNCTION:ENGINE
+CONF_set_nconf 3081 EXIST::FUNCTION:
+ASN1_PRINTABLE_free 3082 EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_NID 3083 EXIST::FUNCTION:
+DIST_POINT_NAME_it 3084 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_NAME_it 3084 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_extensions_print 3085 EXIST::FUNCTION:
+_ossl_old_des_cfb64_encrypt 3086 EXIST::FUNCTION:DES
+X509_REVOKED_add1_ext_i2d 3087 EXIST::FUNCTION:
+_ossl_old_des_ofb_encrypt 3088 EXIST::FUNCTION:DES
+KRB5_TKTBODY_new 3089 EXIST::FUNCTION:
+ASN1_OCTET_STRING_it 3090 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_it 3090 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_load_UI_strings 3091 EXIST::FUNCTION:
+i2d_KRB5_ENCKEY 3092 EXIST::FUNCTION:
+ASN1_template_new 3093 EXIST::FUNCTION:
+OCSP_SIGNATURE_free 3094 EXIST::FUNCTION:
+ASN1_item_i2d_fp 3095 EXIST::FUNCTION:FP_API
+KRB5_PRINCNAME_free 3096 EXIST::FUNCTION:
+PKCS7_RECIP_INFO_it 3097 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_RECIP_INFO_it 3097 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EXTENDED_KEY_USAGE_it 3098 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EXTENDED_KEY_USAGE_it 3098 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GFp_simple_method 3099 EXIST::FUNCTION:EC
+EC_GROUP_precompute_mult 3100 EXIST::FUNCTION:EC
+OCSP_request_onereq_get0 3101 EXIST::FUNCTION:
+UI_method_set_writer 3102 EXIST::FUNCTION:
+KRB5_AUTHENT_new 3103 EXIST::FUNCTION:
+X509_CRL_INFO_it 3104 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_INFO_it 3104 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+DSO_set_name_converter 3105 EXIST::FUNCTION:
+AES_set_decrypt_key 3106 EXIST::FUNCTION:AES
+PKCS7_DIGEST_it 3107 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_DIGEST_it 3107 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_x5092certbag 3108 EXIST::FUNCTION:
+EVP_DigestInit_ex 3109 EXIST::FUNCTION:
+i2a_ACCESS_DESCRIPTION 3110 EXIST::FUNCTION:
+OCSP_RESPONSE_it 3111 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPONSE_it 3111 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ENC_CONTENT_it 3112 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENC_CONTENT_it 3112 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_add0_id 3113 EXIST::FUNCTION:
+EC_POINT_make_affine 3114 EXIST::FUNCTION:EC
+DSO_get_filename 3115 EXIST::FUNCTION:
+OCSP_CERTSTATUS_it 3116 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CERTSTATUS_it 3116 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_add1_cert 3117 EXIST::FUNCTION:
+UI_get0_output_string 3118 EXIST::FUNCTION:
+UI_dup_verify_string 3119 EXIST::FUNCTION:
+BN_mod_lshift 3120 EXIST::FUNCTION:
+KRB5_AUTHDATA_it 3121 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHDATA_it 3121 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+asn1_set_choice_selector 3122 EXIST::FUNCTION:
+OCSP_basic_add1_status 3123 EXIST::FUNCTION:
+OCSP_RESPID_free 3124 EXIST::FUNCTION:
+asn1_get_field_ptr 3125 EXIST::FUNCTION:
+UI_add_input_string 3126 EXIST::FUNCTION:
+OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION:
+ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+USERNOTICE_it 3132 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQINFO_new 3133 EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext 3134 EXIST::FUNCTION:
+CRYPTO_get_ex_data_implementation 3135 EXIST:!VMS:FUNCTION:
+CRYPTO_get_ex_data_impl 3135 EXIST:VMS:FUNCTION:
+ASN1_item_pack 3136 EXIST::FUNCTION:
+i2d_KRB5_ENCDATA 3137 EXIST::FUNCTION:
+X509_PURPOSE_set 3138 EXIST::FUNCTION:
+X509_REQ_INFO_it 3139 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_INFO_it 3139 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_method_set_opener 3140 EXIST::FUNCTION:
+ASN1_item_ex_free 3141 EXIST::FUNCTION:
+ASN1_BOOLEAN_it 3142 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BOOLEAN_it 3142 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_table_flags 3143 EXIST::FUNCTION:ENGINE
+UI_create_method 3144 EXIST::FUNCTION:
+OCSP_ONEREQ_add1_ext_i2d 3145 EXIST::FUNCTION:
+_shadow_DES_check_key 3146 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_check_key 3146 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+d2i_OCSP_REQINFO 3147 EXIST::FUNCTION:
+UI_add_info_string 3148 EXIST::FUNCTION:
+UI_get_result_minsize 3149 EXIST::FUNCTION:
+ASN1_NULL_it 3150 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_NULL_it 3150 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_lshift1 3151 EXIST::FUNCTION:
+d2i_OCSP_ONEREQ 3152 EXIST::FUNCTION:
+OCSP_ONEREQ_new 3153 EXIST::FUNCTION:
+KRB5_TICKET_it 3154 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_TICKET_it 3154 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_192_cbc 3155 EXIST::FUNCTION:AES
+KRB5_TICKET_free 3156 EXIST::FUNCTION:
+UI_new 3157 EXIST::FUNCTION:
+OCSP_response_create 3158 EXIST::FUNCTION:
+_ossl_old_des_xcbc_encrypt 3159 EXIST::FUNCTION:DES
+PKCS7_it 3160 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_it 3160 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQUEST_get_ext_by_critical 3161 EXIST:!VMS:FUNCTION:
+OCSP_REQUEST_get_ext_by_crit 3161 EXIST:VMS:FUNCTION:
+ENGINE_set_flags 3162 EXIST::FUNCTION:ENGINE
+_ossl_old_des_ecb_encrypt 3163 EXIST::FUNCTION:DES
+OCSP_response_get1_basic 3164 EXIST::FUNCTION:
+EVP_Digest 3165 EXIST::FUNCTION:
+OCSP_ONEREQ_delete_ext 3166 EXIST::FUNCTION:
+ASN1_TBOOLEAN_it 3167 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TBOOLEAN_it 3167 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_item_new 3168 EXIST::FUNCTION:
+ASN1_TIME_to_generalizedtime 3169 EXIST::FUNCTION:
+BIGNUM_it 3170 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BIGNUM_it 3170 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_cbc_encrypt 3171 EXIST::FUNCTION:AES
+ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION:ENGINE
+OCSP_RESPONSE_free 3173 EXIST::FUNCTION:
+UI_method_set_reader 3174 EXIST::FUNCTION:
+i2d_ASN1_T61STRING 3175 EXIST::FUNCTION:
+EC_POINT_set_to_infinity 3176 EXIST::FUNCTION:EC
+ERR_load_OCSP_strings 3177 EXIST::FUNCTION:
+EC_POINT_point2oct 3178 EXIST::FUNCTION:EC
+KRB5_APREQ_free 3179 EXIST::FUNCTION:
+ASN1_OBJECT_it 3180 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OBJECT_it 3180 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_crlID_new 3181 EXIST:!OS2,!VMS,!WIN16:FUNCTION:
+OCSP_crlID2_new 3181 EXIST:OS2,VMS,WIN16:FUNCTION:
+CONF_modules_load_file 3182 EXIST::FUNCTION:
+CONF_imodule_set_usr_data 3183 EXIST::FUNCTION:
+ENGINE_set_default_string 3184 EXIST::FUNCTION:ENGINE
+CONF_module_get_usr_data 3185 EXIST::FUNCTION:
+ASN1_add_oid_module 3186 EXIST::FUNCTION:
+CONF_modules_finish 3187 EXIST::FUNCTION:
+OPENSSL_config 3188 EXIST::FUNCTION:
+CONF_modules_unload 3189 EXIST::FUNCTION:
+CONF_imodule_get_value 3190 EXIST::FUNCTION:
+CONF_module_set_usr_data 3191 EXIST::FUNCTION:
+CONF_parse_list 3192 EXIST::FUNCTION:
+CONF_module_add 3193 EXIST::FUNCTION:
+CONF_get1_default_config_file 3194 EXIST::FUNCTION:
+CONF_imodule_get_flags 3195 EXIST::FUNCTION:
+CONF_imodule_get_module 3196 EXIST::FUNCTION:
+CONF_modules_load 3197 EXIST::FUNCTION:
+CONF_imodule_get_name 3198 EXIST::FUNCTION:
+ERR_peek_top_error 3199 NOEXIST::FUNCTION:
+CONF_imodule_get_usr_data 3200 EXIST::FUNCTION:
+CONF_imodule_set_flags 3201 EXIST::FUNCTION:
+ENGINE_add_conf_module 3202 EXIST::FUNCTION:ENGINE
+ERR_peek_last_error_line 3203 EXIST::FUNCTION:
+ERR_peek_last_error_line_data 3204 EXIST::FUNCTION:
+ERR_peek_last_error 3205 EXIST::FUNCTION:
+DES_read_2passwords 3206 EXIST::FUNCTION:DES
+DES_read_password 3207 EXIST::FUNCTION:DES
+UI_UTIL_read_pw 3208 EXIST::FUNCTION:
+UI_UTIL_read_pw_string 3209 EXIST::FUNCTION:
+ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION:
+OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION:
+OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION:
+OPENSSL_add_all_algo_conf 3213 EXIST:VMS:FUNCTION:
+OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION:
+AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES
+AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES
+AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES
+ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
+_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES
+EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES
+EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES
+EVP_aes_128_cfb128 3222 EXIST::FUNCTION:AES
+EVP_aes_256_cfb128 3223 EXIST::FUNCTION:AES
+EVP_aes_128_ofb 3224 EXIST::FUNCTION:AES
+EVP_aes_192_cfb128 3225 EXIST::FUNCTION:AES
+CONF_modules_free 3226 EXIST::FUNCTION:
+NCONF_default 3227 EXIST::FUNCTION:
+OPENSSL_no_config 3228 EXIST::FUNCTION:
+NCONF_WIN32 3229 EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_new 3230 EXIST::FUNCTION:
+EVP_des_ede_ecb 3231 EXIST::FUNCTION:DES
+i2d_ASN1_UNIVERSALSTRING 3232 EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_free 3233 EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION:
+EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES
+X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO
+ENGINE_up_ref 3238 EXIST::FUNCTION:ENGINE
+BUF_MEM_grow_clean 3239 EXIST::FUNCTION:
+CRYPTO_realloc_clean 3240 EXIST::FUNCTION:
+BUF_strlcat 3241 EXIST::FUNCTION:
+BIO_indent 3242 EXIST::FUNCTION:
+BUF_strlcpy 3243 EXIST::FUNCTION:
+OpenSSLDie 3244 EXIST::FUNCTION:
+OPENSSL_cleanse 3245 EXIST::FUNCTION:
+ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
+ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH
+EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
+FIPS_corrupt_rsa 3249 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_des 3250 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_aes_128_cfb1 3251 EXIST::FUNCTION:AES
+EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES
+FIPS_mode_set 3253 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_dsa 3254 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES
+FIPS_allow_md5 3256 NOEXIST::FUNCTION:
+DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES
+EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES
+FIPS_rand_seeded 3259 NOEXIST::FUNCTION:
+AES_cfbr_encrypt_block 3260 EXIST::FUNCTION:AES
+AES_cfb8_encrypt 3261 EXIST::FUNCTION:AES
+FIPS_rand_seed 3262 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_des 3263 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_aes_192_cfb1 3264 EXIST::FUNCTION:AES
+FIPS_selftest_aes 3265 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_set_prng_key 3266 NOEXIST::FUNCTION:
+EVP_des_cfb8 3267 EXIST::FUNCTION:DES
+FIPS_corrupt_dsa 3268 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_test_mode 3269 NOEXIST::FUNCTION:
+FIPS_rand_method 3270 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_aes_256_cfb1 3271 EXIST::FUNCTION:AES
+ERR_load_FIPS_strings 3272 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_aes 3273 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_sha1 3274 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_rsa 3275 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_sha1 3276 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_des_cfb1 3277 EXIST::FUNCTION:DES
+FIPS_dsa_check 3278 NOEXIST::FUNCTION:
+AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES
+EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES
+FIPS_rand_check 3281 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_md5_allowed 3282 NOEXIST::FUNCTION:
+FIPS_mode 3283 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_failed 3284 EXIST:OPENSSL_FIPS:FUNCTION:
+sk_is_sorted 3285 EXIST::FUNCTION:
+X509_check_ca 3286 EXIST::FUNCTION:
+private_idea_set_encrypt_key 3287 EXIST:OPENSSL_FIPS:FUNCTION:IDEA
+HMAC_CTX_set_flags 3288 EXIST::FUNCTION:HMAC
+private_SHA_Init 3289 EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0
+private_CAST_set_key 3290 EXIST:OPENSSL_FIPS:FUNCTION:CAST
+private_RIPEMD160_Init 3291 EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD
+private_RC5_32_set_key 3292 EXIST:OPENSSL_FIPS:FUNCTION:RC5
+private_MD5_Init 3293 EXIST:OPENSSL_FIPS:FUNCTION:MD5
+private_RC4_set_key 3294 EXIST:OPENSSL_FIPS:FUNCTION:RC4
+private_MDC2_Init 3295 EXIST:OPENSSL_FIPS:FUNCTION:MDC2
+private_RC2_set_key 3296 EXIST:OPENSSL_FIPS:FUNCTION:RC2
+private_MD4_Init 3297 EXIST:OPENSSL_FIPS:FUNCTION:MD4
+private_BF_set_key 3298 EXIST:OPENSSL_FIPS:FUNCTION:BF
+private_MD2_Init 3299 EXIST:OPENSSL_FIPS:FUNCTION:MD2
+d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION:
+PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_PROXY_POLICY 3302 EXIST::FUNCTION:
+i2d_PROXY_CERT_INFO_EXTENSION 3303 EXIST::FUNCTION:
+d2i_PROXY_POLICY 3304 EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_new 3305 EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_free 3306 EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PROXY_POLICY_free 3308 EXIST::FUNCTION:
+PROXY_POLICY_new 3309 EXIST::FUNCTION:
+BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION:
+FIPS_selftest_rng 3311 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_sha384 3312 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+EVP_sha512 3313 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256
+EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256
+FIPS_selftest_hmac 3316 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rng 3317 EXIST:OPENSSL_FIPS:FUNCTION:
+BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION:
+RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA
+RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA
+RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA
+RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA
+PKCS1_MGF1 3324 EXIST::FUNCTION:RSA
+BN_X931_generate_Xpq 3325 EXIST::FUNCTION:
+RSA_X931_generate_key 3326 NOEXIST::FUNCTION:
+BN_X931_derive_prime 3327 NOEXIST::FUNCTION:
+BN_X931_generate_prime 3328 NOEXIST::FUNCTION:
+RSA_X931_derive 3329 NOEXIST::FUNCTION:
+BIO_new_dgram 3330 EXIST::FUNCTION:
+BN_get0_nist_prime_384 3331 EXIST::FUNCTION:
+ERR_set_mark 3332 EXIST::FUNCTION:
+X509_STORE_CTX_set0_crls 3333 EXIST::FUNCTION:
+ENGINE_set_STORE 3334 EXIST::FUNCTION:ENGINE
+ENGINE_register_ECDSA 3335 EXIST::FUNCTION:ENGINE
+STORE_method_set_list_start_function 3336 EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_start_fn 3336 EXIST:VMS:FUNCTION:
+BN_BLINDING_invert_ex 3337 EXIST::FUNCTION:
+NAME_CONSTRAINTS_free 3338 EXIST::FUNCTION:
+STORE_ATTR_INFO_set_number 3339 EXIST::FUNCTION:
+BN_BLINDING_get_thread_id 3340 EXIST::FUNCTION:
+X509_STORE_CTX_set0_param 3341 EXIST::FUNCTION:
+POLICY_MAPPING_it 3342 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPING_it 3342 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_parse_attrs_start 3343 EXIST::FUNCTION:
+POLICY_CONSTRAINTS_free 3344 EXIST::FUNCTION:
+EVP_PKEY_add1_attr_by_NID 3345 EXIST::FUNCTION:
+BN_nist_mod_192 3346 EXIST::FUNCTION:
+EC_GROUP_get_trinomial_basis 3347 EXIST::FUNCTION:EC
+STORE_set_method 3348 EXIST::FUNCTION:
+GENERAL_SUBTREE_free 3349 EXIST::FUNCTION:
+NAME_CONSTRAINTS_it 3350 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NAME_CONSTRAINTS_it 3350 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ECDH_get_default_method 3351 EXIST::FUNCTION:ECDH
+PKCS12_add_safe 3352 EXIST::FUNCTION:
+EC_KEY_new_by_curve_name 3353 EXIST::FUNCTION:EC
+STORE_method_get_update_store_function 3354 EXIST:!VMS:FUNCTION:
+STORE_meth_get_update_store_fn 3354 EXIST:VMS:FUNCTION:
+ENGINE_register_ECDH 3355 EXIST::FUNCTION:ENGINE
+SHA512_Update 3356 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+i2d_ECPrivateKey 3357 EXIST::FUNCTION:EC
+BN_get0_nist_prime_192 3358 EXIST::FUNCTION:
+STORE_modify_certificate 3359 EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GF2m 3360 EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_affine_coords_GF2m 3360 EXIST:VMS:FUNCTION:EC
+BN_GF2m_mod_exp_arr 3361 EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_number 3362 EXIST::FUNCTION:
+X509_keyid_get0 3363 EXIST::FUNCTION:
+ENGINE_load_gmp 3364 EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
+pitem_new 3365 EXIST::FUNCTION:
+BN_GF2m_mod_mul_arr 3366 EXIST::FUNCTION:
+STORE_list_public_key_endp 3367 EXIST::FUNCTION:
+o2i_ECPublicKey 3368 EXIST::FUNCTION:EC
+EC_KEY_copy 3369 EXIST::FUNCTION:EC
+BIO_dump_fp 3370 EXIST::FUNCTION:FP_API
+X509_policy_node_get0_parent 3371 EXIST::FUNCTION:
+EC_GROUP_check_discriminant 3372 EXIST::FUNCTION:EC
+i2o_ECPublicKey 3373 EXIST::FUNCTION:EC
+EC_KEY_precompute_mult 3374 EXIST::FUNCTION:EC
+a2i_IPADDRESS 3375 EXIST::FUNCTION:
+STORE_method_set_initialise_function 3376 EXIST:!VMS:FUNCTION:
+STORE_meth_set_initialise_fn 3376 EXIST:VMS:FUNCTION:
+X509_STORE_CTX_set_depth 3377 EXIST::FUNCTION:
+X509_VERIFY_PARAM_inherit 3378 EXIST::FUNCTION:
+EC_POINT_point2bn 3379 EXIST::FUNCTION:EC
+STORE_ATTR_INFO_set_dn 3380 EXIST::FUNCTION:
+X509_policy_tree_get0_policies 3381 EXIST::FUNCTION:
+EC_GROUP_new_curve_GF2m 3382 EXIST::FUNCTION:EC
+STORE_destroy_method 3383 EXIST::FUNCTION:
+ENGINE_unregister_STORE 3384 EXIST::FUNCTION:ENGINE
+EVP_PKEY_get1_EC_KEY 3385 EXIST::FUNCTION:EC
+STORE_ATTR_INFO_get0_number 3386 EXIST::FUNCTION:
+ENGINE_get_default_ECDH 3387 EXIST::FUNCTION:ENGINE
+EC_KEY_get_conv_form 3388 EXIST::FUNCTION:EC
+ASN1_OCTET_STRING_NDEF_it 3389 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_NDEF_it 3389 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_delete_public_key 3390 EXIST::FUNCTION:
+STORE_get_public_key 3391 EXIST::FUNCTION:
+STORE_modify_arbitrary 3392 EXIST::FUNCTION:
+ENGINE_get_static_state 3393 EXIST::FUNCTION:ENGINE
+pqueue_iterator 3394 EXIST::FUNCTION:
+ECDSA_SIG_new 3395 EXIST::FUNCTION:ECDSA
+OPENSSL_DIR_end 3396 EXIST::FUNCTION:
+BN_GF2m_mod_sqr 3397 EXIST::FUNCTION:
+EC_POINT_bn2point 3398 EXIST::FUNCTION:EC
+X509_VERIFY_PARAM_set_depth 3399 EXIST::FUNCTION:
+EC_KEY_set_asn1_flag 3400 EXIST::FUNCTION:EC
+STORE_get_method 3401 EXIST::FUNCTION:
+EC_KEY_get_key_method_data 3402 EXIST::FUNCTION:EC
+ECDSA_sign_ex 3403 EXIST::FUNCTION:ECDSA
+STORE_parse_attrs_end 3404 EXIST::FUNCTION:
+EC_GROUP_get_point_conversion_form 3405 EXIST:!VMS:FUNCTION:EC
+EC_GROUP_get_point_conv_form 3405 EXIST:VMS:FUNCTION:EC
+STORE_method_set_store_function 3406 EXIST::FUNCTION:
+STORE_ATTR_INFO_in 3407 EXIST::FUNCTION:
+PEM_read_bio_ECPKParameters 3408 EXIST::FUNCTION:EC
+EC_GROUP_get_pentanomial_basis 3409 EXIST::FUNCTION:EC
+EVP_PKEY_add1_attr_by_txt 3410 EXIST::FUNCTION:
+BN_BLINDING_set_flags 3411 EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_policies 3412 EXIST::FUNCTION:
+X509_VERIFY_PARAM_set1_name 3413 EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_purpose 3414 EXIST::FUNCTION:
+STORE_get_number 3415 EXIST::FUNCTION:
+ECDSA_sign_setup 3416 EXIST::FUNCTION:ECDSA
+BN_GF2m_mod_solve_quad_arr 3417 EXIST::FUNCTION:
+EC_KEY_up_ref 3418 EXIST::FUNCTION:EC
+POLICY_MAPPING_free 3419 EXIST::FUNCTION:
+BN_GF2m_mod_div 3420 EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_flags 3421 EXIST::FUNCTION:
+EC_KEY_free 3422 EXIST::FUNCTION:EC
+STORE_method_set_list_next_function 3423 EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_next_fn 3423 EXIST:VMS:FUNCTION:
+PEM_write_bio_ECPrivateKey 3424 EXIST::FUNCTION:EC
+d2i_EC_PUBKEY 3425 EXIST::FUNCTION:EC
+STORE_method_get_generate_function 3426 EXIST:!VMS:FUNCTION:
+STORE_meth_get_generate_fn 3426 EXIST:VMS:FUNCTION:
+STORE_method_set_list_end_function 3427 EXIST:!VMS:FUNCTION:
+STORE_meth_set_list_end_fn 3427 EXIST:VMS:FUNCTION:
+pqueue_print 3428 EXIST:!VMSVAX:FUNCTION:
+EC_GROUP_have_precompute_mult 3429 EXIST::FUNCTION:EC
+EC_KEY_print_fp 3430 EXIST::FUNCTION:EC,FP_API
+BN_GF2m_mod_arr 3431 EXIST::FUNCTION:
+PEM_write_bio_X509_CERT_PAIR 3432 EXIST::FUNCTION:
+EVP_PKEY_cmp 3433 EXIST::FUNCTION:
+X509_policy_level_node_count 3434 EXIST::FUNCTION:
+STORE_new_engine 3435 EXIST::FUNCTION:
+STORE_list_public_key_start 3436 EXIST::FUNCTION:
+X509_VERIFY_PARAM_new 3437 EXIST::FUNCTION:
+ECDH_get_ex_data 3438 EXIST::FUNCTION:ECDH
+EVP_PKEY_get_attr 3439 EXIST::FUNCTION:
+ECDSA_do_sign 3440 EXIST::FUNCTION:ECDSA
+ENGINE_unregister_ECDH 3441 EXIST::FUNCTION:ENGINE
+ECDH_OpenSSL 3442 EXIST::FUNCTION:ECDH
+EC_KEY_set_conv_form 3443 EXIST::FUNCTION:EC
+EC_POINT_dup 3444 EXIST::FUNCTION:EC
+GENERAL_SUBTREE_new 3445 EXIST::FUNCTION:
+STORE_list_crl_endp 3446 EXIST::FUNCTION:
+EC_get_builtin_curves 3447 EXIST::FUNCTION:EC
+X509_policy_node_get0_qualifiers 3448 EXIST:!VMS:FUNCTION:
+X509_pcy_node_get0_qualifiers 3448 EXIST:VMS:FUNCTION:
+STORE_list_crl_end 3449 EXIST::FUNCTION:
+EVP_PKEY_set1_EC_KEY 3450 EXIST::FUNCTION:EC
+BN_GF2m_mod_sqrt_arr 3451 EXIST::FUNCTION:
+i2d_ECPrivateKey_bio 3452 EXIST::FUNCTION:BIO,EC
+ECPKParameters_print_fp 3453 EXIST::FUNCTION:EC,FP_API
+pqueue_find 3454 EXIST::FUNCTION:
+ECDSA_SIG_free 3455 EXIST::FUNCTION:ECDSA
+PEM_write_bio_ECPKParameters 3456 EXIST::FUNCTION:EC
+STORE_method_set_ctrl_function 3457 EXIST::FUNCTION:
+STORE_list_public_key_end 3458 EXIST::FUNCTION:
+EC_KEY_set_private_key 3459 EXIST::FUNCTION:EC
+pqueue_peek 3460 EXIST::FUNCTION:
+STORE_get_arbitrary 3461 EXIST::FUNCTION:
+STORE_store_crl 3462 EXIST::FUNCTION:
+X509_policy_node_get0_policy 3463 EXIST::FUNCTION:
+PKCS12_add_safes 3464 EXIST::FUNCTION:
+BN_BLINDING_convert_ex 3465 EXIST::FUNCTION:
+X509_policy_tree_free 3466 EXIST::FUNCTION:
+OPENSSL_ia32cap_loc 3467 EXIST::FUNCTION:
+BN_GF2m_poly2arr 3468 EXIST::FUNCTION:
+STORE_ctrl 3469 EXIST::FUNCTION:
+STORE_ATTR_INFO_compare 3470 EXIST::FUNCTION:
+BN_get0_nist_prime_224 3471 EXIST::FUNCTION:
+i2d_ECParameters 3472 EXIST::FUNCTION:EC
+i2d_ECPKParameters 3473 EXIST::FUNCTION:EC
+BN_GENCB_call 3474 EXIST::FUNCTION:
+d2i_ECPKParameters 3475 EXIST::FUNCTION:EC
+STORE_method_set_generate_function 3476 EXIST:!VMS:FUNCTION:
+STORE_meth_set_generate_fn 3476 EXIST:VMS:FUNCTION:
+ENGINE_set_ECDH 3477 EXIST::FUNCTION:ENGINE
+NAME_CONSTRAINTS_new 3478 EXIST::FUNCTION:
+SHA256_Init 3479 EXIST::FUNCTION:SHA,SHA256
+EC_KEY_get0_public_key 3480 EXIST::FUNCTION:EC
+PEM_write_bio_EC_PUBKEY 3481 EXIST::FUNCTION:EC
+STORE_ATTR_INFO_set_cstr 3482 EXIST::FUNCTION:
+STORE_list_crl_next 3483 EXIST::FUNCTION:
+STORE_ATTR_INFO_in_range 3484 EXIST::FUNCTION:
+ECParameters_print 3485 EXIST::FUNCTION:BIO,EC
+STORE_method_set_delete_function 3486 EXIST:!VMS:FUNCTION:
+STORE_meth_set_delete_fn 3486 EXIST:VMS:FUNCTION:
+STORE_list_certificate_next 3487 EXIST::FUNCTION:
+ASN1_generate_nconf 3488 EXIST::FUNCTION:
+BUF_memdup 3489 EXIST::FUNCTION:
+BN_GF2m_mod_mul 3490 EXIST::FUNCTION:
+STORE_method_get_list_next_function 3491 EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_next_fn 3491 EXIST:VMS:FUNCTION:
+STORE_ATTR_INFO_get0_dn 3492 EXIST::FUNCTION:
+STORE_list_private_key_next 3493 EXIST::FUNCTION:
+EC_GROUP_set_seed 3494 EXIST::FUNCTION:EC
+X509_VERIFY_PARAM_set_trust 3495 EXIST::FUNCTION:
+STORE_ATTR_INFO_free 3496 EXIST::FUNCTION:
+STORE_get_private_key 3497 EXIST::FUNCTION:
+EVP_PKEY_get_attr_count 3498 EXIST::FUNCTION:
+STORE_ATTR_INFO_new 3499 EXIST::FUNCTION:
+EC_GROUP_get_curve_GF2m 3500 EXIST::FUNCTION:EC
+STORE_method_set_revoke_function 3501 EXIST:!VMS:FUNCTION:
+STORE_meth_set_revoke_fn 3501 EXIST:VMS:FUNCTION:
+STORE_store_number 3502 EXIST::FUNCTION:
+BN_is_prime_ex 3503 EXIST::FUNCTION:
+STORE_revoke_public_key 3504 EXIST::FUNCTION:
+X509_STORE_CTX_get0_param 3505 EXIST::FUNCTION:
+STORE_delete_arbitrary 3506 EXIST::FUNCTION:
+PEM_read_X509_CERT_PAIR 3507 EXIST:!WIN16:FUNCTION:
+X509_STORE_set_depth 3508 EXIST::FUNCTION:
+ECDSA_get_ex_data 3509 EXIST::FUNCTION:ECDSA
+SHA224 3510 EXIST::FUNCTION:SHA,SHA256
+BIO_dump_indent_fp 3511 EXIST::FUNCTION:FP_API
+EC_KEY_set_group 3512 EXIST::FUNCTION:EC
+BUF_strndup 3513 EXIST::FUNCTION:
+STORE_list_certificate_start 3514 EXIST::FUNCTION:
+BN_GF2m_mod 3515 EXIST::FUNCTION:
+X509_REQ_check_private_key 3516 EXIST::FUNCTION:
+EC_GROUP_get_seed_len 3517 EXIST::FUNCTION:EC
+ERR_load_STORE_strings 3518 EXIST::FUNCTION:
+PEM_read_bio_EC_PUBKEY 3519 EXIST::FUNCTION:EC
+STORE_list_private_key_end 3520 EXIST::FUNCTION:
+i2d_EC_PUBKEY 3521 EXIST::FUNCTION:EC
+ECDSA_get_default_method 3522 EXIST::FUNCTION:ECDSA
+ASN1_put_eoc 3523 EXIST::FUNCTION:
+X509_STORE_CTX_get_explicit_policy 3524 EXIST:!VMS:FUNCTION:
+X509_STORE_CTX_get_expl_policy 3524 EXIST:VMS:FUNCTION:
+X509_VERIFY_PARAM_table_cleanup 3525 EXIST::FUNCTION:
+STORE_modify_private_key 3526 EXIST::FUNCTION:
+X509_VERIFY_PARAM_free 3527 EXIST::FUNCTION:
+EC_METHOD_get_field_type 3528 EXIST::FUNCTION:EC
+EC_GFp_nist_method 3529 EXIST::FUNCTION:EC
+STORE_method_set_modify_function 3530 EXIST:!VMS:FUNCTION:
+STORE_meth_set_modify_fn 3530 EXIST:VMS:FUNCTION:
+STORE_parse_attrs_next 3531 EXIST::FUNCTION:
+ENGINE_load_padlock 3532 EXIST::FUNCTION:ENGINE
+EC_GROUP_set_curve_name 3533 EXIST::FUNCTION:EC
+X509_CERT_PAIR_it 3534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_PAIR_it 3534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_method_get_revoke_function 3535 EXIST:!VMS:FUNCTION:
+STORE_meth_get_revoke_fn 3535 EXIST:VMS:FUNCTION:
+STORE_method_set_get_function 3536 EXIST::FUNCTION:
+STORE_modify_number 3537 EXIST::FUNCTION:
+STORE_method_get_store_function 3538 EXIST::FUNCTION:
+STORE_store_private_key 3539 EXIST::FUNCTION:
+BN_GF2m_mod_sqr_arr 3540 EXIST::FUNCTION:
+RSA_setup_blinding 3541 EXIST::FUNCTION:RSA
+BIO_s_datagram 3542 EXIST::FUNCTION:DGRAM
+STORE_Memory 3543 EXIST::FUNCTION:
+sk_find_ex 3544 EXIST::FUNCTION:
+EC_GROUP_set_curve_GF2m 3545 EXIST::FUNCTION:EC
+ENGINE_set_default_ECDSA 3546 EXIST::FUNCTION:ENGINE
+POLICY_CONSTRAINTS_new 3547 EXIST::FUNCTION:
+BN_GF2m_mod_sqrt 3548 EXIST::FUNCTION:
+ECDH_set_default_method 3549 EXIST::FUNCTION:ECDH
+EC_KEY_generate_key 3550 EXIST::FUNCTION:EC
+SHA384_Update 3551 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+BN_GF2m_arr2poly 3552 EXIST::FUNCTION:
+STORE_method_get_get_function 3553 EXIST::FUNCTION:
+STORE_method_set_cleanup_function 3554 EXIST:!VMS:FUNCTION:
+STORE_meth_set_cleanup_fn 3554 EXIST:VMS:FUNCTION:
+EC_GROUP_check 3555 EXIST::FUNCTION:EC
+d2i_ECPrivateKey_bio 3556 EXIST::FUNCTION:BIO,EC
+EC_KEY_insert_key_method_data 3557 EXIST::FUNCTION:EC
+STORE_method_get_lock_store_function 3558 EXIST:!VMS:FUNCTION:
+STORE_meth_get_lock_store_fn 3558 EXIST:VMS:FUNCTION:
+X509_VERIFY_PARAM_get_depth 3559 EXIST::FUNCTION:
+SHA224_Final 3560 EXIST::FUNCTION:SHA,SHA256
+STORE_method_set_update_store_function 3561 EXIST:!VMS:FUNCTION:
+STORE_meth_set_update_store_fn 3561 EXIST:VMS:FUNCTION:
+SHA224_Update 3562 EXIST::FUNCTION:SHA,SHA256
+d2i_ECPrivateKey 3563 EXIST::FUNCTION:EC
+ASN1_item_ndef_i2d 3564 EXIST::FUNCTION:
+STORE_delete_private_key 3565 EXIST::FUNCTION:
+ERR_pop_to_mark 3566 EXIST::FUNCTION:
+ENGINE_register_all_STORE 3567 EXIST::FUNCTION:ENGINE
+X509_policy_level_get0_node 3568 EXIST::FUNCTION:
+i2d_PKCS7_NDEF 3569 EXIST::FUNCTION:
+EC_GROUP_get_degree 3570 EXIST::FUNCTION:EC
+ASN1_generate_v3 3571 EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_cstr 3572 EXIST::FUNCTION:
+X509_policy_tree_level_count 3573 EXIST::FUNCTION:
+BN_GF2m_add 3574 EXIST::FUNCTION:
+EC_KEY_get0_group 3575 EXIST::FUNCTION:EC
+STORE_generate_crl 3576 EXIST::FUNCTION:
+STORE_store_public_key 3577 EXIST::FUNCTION:
+X509_CERT_PAIR_free 3578 EXIST::FUNCTION:
+STORE_revoke_private_key 3579 EXIST::FUNCTION:
+BN_nist_mod_224 3580 EXIST::FUNCTION:
+SHA512_Final 3581 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+STORE_ATTR_INFO_modify_dn 3582 EXIST::FUNCTION:
+STORE_method_get_initialise_function 3583 EXIST:!VMS:FUNCTION:
+STORE_meth_get_initialise_fn 3583 EXIST:VMS:FUNCTION:
+STORE_delete_number 3584 EXIST::FUNCTION:
+i2d_EC_PUBKEY_bio 3585 EXIST::FUNCTION:BIO,EC
+BIO_dgram_non_fatal_error 3586 EXIST::FUNCTION:
+EC_GROUP_get_asn1_flag 3587 EXIST::FUNCTION:EC
+STORE_ATTR_INFO_in_ex 3588 EXIST::FUNCTION:
+STORE_list_crl_start 3589 EXIST::FUNCTION:
+ECDH_get_ex_new_index 3590 EXIST::FUNCTION:ECDH
+STORE_method_get_modify_function 3591 EXIST:!VMS:FUNCTION:
+STORE_meth_get_modify_fn 3591 EXIST:VMS:FUNCTION:
+v2i_ASN1_BIT_STRING 3592 EXIST::FUNCTION:
+STORE_store_certificate 3593 EXIST::FUNCTION:
+OBJ_bsearch_ex 3594 EXIST::FUNCTION:
+X509_STORE_CTX_set_default 3595 EXIST::FUNCTION:
+STORE_ATTR_INFO_set_sha1str 3596 EXIST::FUNCTION:
+BN_GF2m_mod_inv 3597 EXIST::FUNCTION:
+BN_GF2m_mod_exp 3598 EXIST::FUNCTION:
+STORE_modify_public_key 3599 EXIST::FUNCTION:
+STORE_method_get_list_start_function 3600 EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_start_fn 3600 EXIST:VMS:FUNCTION:
+EC_GROUP_get0_seed 3601 EXIST::FUNCTION:EC
+STORE_store_arbitrary 3602 EXIST::FUNCTION:
+STORE_method_set_unlock_store_function 3603 EXIST:!VMS:FUNCTION:
+STORE_meth_set_unlock_store_fn 3603 EXIST:VMS:FUNCTION:
+BN_GF2m_mod_div_arr 3604 EXIST::FUNCTION:
+ENGINE_set_ECDSA 3605 EXIST::FUNCTION:ENGINE
+STORE_create_method 3606 EXIST::FUNCTION:
+ECPKParameters_print 3607 EXIST::FUNCTION:BIO,EC
+EC_KEY_get0_private_key 3608 EXIST::FUNCTION:EC
+PEM_write_EC_PUBKEY 3609 EXIST:!WIN16:FUNCTION:EC
+X509_VERIFY_PARAM_set1 3610 EXIST::FUNCTION:
+ECDH_set_method 3611 EXIST::FUNCTION:ECDH
+v2i_GENERAL_NAME_ex 3612 EXIST::FUNCTION:
+ECDH_set_ex_data 3613 EXIST::FUNCTION:ECDH
+STORE_generate_key 3614 EXIST::FUNCTION:
+BN_nist_mod_521 3615 EXIST::FUNCTION:
+X509_policy_tree_get0_level 3616 EXIST::FUNCTION:
+EC_GROUP_set_point_conversion_form 3617 EXIST:!VMS:FUNCTION:EC
+EC_GROUP_set_point_conv_form 3617 EXIST:VMS:FUNCTION:EC
+PEM_read_EC_PUBKEY 3618 EXIST:!WIN16:FUNCTION:EC
+i2d_ECDSA_SIG 3619 EXIST::FUNCTION:ECDSA
+ECDSA_OpenSSL 3620 EXIST::FUNCTION:ECDSA
+STORE_delete_crl 3621 EXIST::FUNCTION:
+EC_KEY_get_enc_flags 3622 EXIST::FUNCTION:EC
+ASN1_const_check_infinite_end 3623 EXIST::FUNCTION:
+EVP_PKEY_delete_attr 3624 EXIST::FUNCTION:
+ECDSA_set_default_method 3625 EXIST::FUNCTION:ECDSA
+EC_POINT_set_compressed_coordinates_GF2m 3626 EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_compr_coords_GF2m 3626 EXIST:VMS:FUNCTION:EC
+EC_GROUP_cmp 3627 EXIST::FUNCTION:EC
+STORE_revoke_certificate 3628 EXIST::FUNCTION:
+BN_get0_nist_prime_256 3629 EXIST::FUNCTION:
+STORE_method_get_delete_function 3630 EXIST:!VMS:FUNCTION:
+STORE_meth_get_delete_fn 3630 EXIST:VMS:FUNCTION:
+SHA224_Init 3631 EXIST::FUNCTION:SHA,SHA256
+PEM_read_ECPrivateKey 3632 EXIST:!WIN16:FUNCTION:EC
+SHA512_Init 3633 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+STORE_parse_attrs_endp 3634 EXIST::FUNCTION:
+BN_set_negative 3635 EXIST::FUNCTION:
+ERR_load_ECDSA_strings 3636 EXIST::FUNCTION:ECDSA
+EC_GROUP_get_basis_type 3637 EXIST::FUNCTION:EC
+STORE_list_public_key_next 3638 EXIST::FUNCTION:
+i2v_ASN1_BIT_STRING 3639 EXIST::FUNCTION:
+STORE_OBJECT_free 3640 EXIST::FUNCTION:
+BN_nist_mod_384 3641 EXIST::FUNCTION:
+i2d_X509_CERT_PAIR 3642 EXIST::FUNCTION:
+PEM_write_ECPKParameters 3643 EXIST:!WIN16:FUNCTION:EC
+ECDH_compute_key 3644 EXIST::FUNCTION:ECDH
+STORE_ATTR_INFO_get0_sha1str 3645 EXIST::FUNCTION:
+ENGINE_register_all_ECDH 3646 EXIST::FUNCTION:ENGINE
+pqueue_pop 3647 EXIST::FUNCTION:
+STORE_ATTR_INFO_get0_cstr 3648 EXIST::FUNCTION:
+POLICY_CONSTRAINTS_it 3649 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_CONSTRAINTS_it 3649 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+STORE_get_ex_new_index 3650 EXIST::FUNCTION:
+EVP_PKEY_get_attr_by_OBJ 3651 EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_policy 3652 EXIST::FUNCTION:
+BN_GF2m_mod_solve_quad 3653 EXIST::FUNCTION:
+SHA256 3654 EXIST::FUNCTION:SHA,SHA256
+i2d_ECPrivateKey_fp 3655 EXIST::FUNCTION:EC,FP_API
+X509_policy_tree_get0_user_policies 3656 EXIST:!VMS:FUNCTION:
+X509_pcy_tree_get0_usr_policies 3656 EXIST:VMS:FUNCTION:
+OPENSSL_DIR_read 3657 EXIST::FUNCTION:
+ENGINE_register_all_ECDSA 3658 EXIST::FUNCTION:ENGINE
+X509_VERIFY_PARAM_lookup 3659 EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GF2m 3660 EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_affine_coords_GF2m 3660 EXIST:VMS:FUNCTION:EC
+EC_GROUP_dup 3661 EXIST::FUNCTION:EC
+ENGINE_get_default_ECDSA 3662 EXIST::FUNCTION:ENGINE
+EC_KEY_new 3663 EXIST::FUNCTION:EC
+SHA256_Transform 3664 EXIST::FUNCTION:SHA,SHA256
+EC_KEY_set_enc_flags 3665 EXIST::FUNCTION:EC
+ECDSA_verify 3666 EXIST::FUNCTION:ECDSA
+EC_POINT_point2hex 3667 EXIST::FUNCTION:EC
+ENGINE_get_STORE 3668 EXIST::FUNCTION:ENGINE
+SHA512 3669 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+STORE_get_certificate 3670 EXIST::FUNCTION:
+ECDSA_do_sign_ex 3671 EXIST::FUNCTION:ECDSA
+ECDSA_do_verify 3672 EXIST::FUNCTION:ECDSA
+d2i_ECPrivateKey_fp 3673 EXIST::FUNCTION:EC,FP_API
+STORE_delete_certificate 3674 EXIST::FUNCTION:
+SHA512_Transform 3675 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+X509_STORE_set1_param 3676 EXIST::FUNCTION:
+STORE_method_get_ctrl_function 3677 EXIST::FUNCTION:
+STORE_free 3678 EXIST::FUNCTION:
+PEM_write_ECPrivateKey 3679 EXIST:!WIN16:FUNCTION:EC
+STORE_method_get_unlock_store_function 3680 EXIST:!VMS:FUNCTION:
+STORE_meth_get_unlock_store_fn 3680 EXIST:VMS:FUNCTION:
+STORE_get_ex_data 3681 EXIST::FUNCTION:
+EC_KEY_set_public_key 3682 EXIST::FUNCTION:EC
+PEM_read_ECPKParameters 3683 EXIST:!WIN16:FUNCTION:EC
+X509_CERT_PAIR_new 3684 EXIST::FUNCTION:
+ENGINE_register_STORE 3685 EXIST::FUNCTION:ENGINE
+RSA_generate_key_ex 3686 EXIST::FUNCTION:RSA
+DSA_generate_parameters_ex 3687 EXIST::FUNCTION:DSA
+ECParameters_print_fp 3688 EXIST::FUNCTION:EC,FP_API
+X509V3_NAME_from_section 3689 EXIST::FUNCTION:
+EVP_PKEY_add1_attr 3690 EXIST::FUNCTION:
+STORE_modify_crl 3691 EXIST::FUNCTION:
+STORE_list_private_key_start 3692 EXIST::FUNCTION:
+POLICY_MAPPINGS_it 3693 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICY_MAPPINGS_it 3693 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_SUBTREE_it 3694 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_SUBTREE_it 3694 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_get_curve_name 3695 EXIST::FUNCTION:EC
+PEM_write_X509_CERT_PAIR 3696 EXIST:!WIN16:FUNCTION:
+BIO_dump_indent_cb 3697 EXIST::FUNCTION:
+d2i_X509_CERT_PAIR 3698 EXIST::FUNCTION:
+STORE_list_private_key_endp 3699 EXIST::FUNCTION:
+asn1_const_Finish 3700 EXIST::FUNCTION:
+i2d_EC_PUBKEY_fp 3701 EXIST::FUNCTION:EC,FP_API
+BN_nist_mod_256 3702 EXIST::FUNCTION:
+X509_VERIFY_PARAM_add0_table 3703 EXIST::FUNCTION:
+pqueue_free 3704 EXIST::FUNCTION:
+BN_BLINDING_create_param 3705 EXIST::FUNCTION:
+ECDSA_size 3706 EXIST::FUNCTION:ECDSA
+d2i_EC_PUBKEY_bio 3707 EXIST::FUNCTION:BIO,EC
+BN_get0_nist_prime_521 3708 EXIST::FUNCTION:
+STORE_ATTR_INFO_modify_sha1str 3709 EXIST::FUNCTION:
+BN_generate_prime_ex 3710 EXIST::FUNCTION:
+EC_GROUP_new_by_curve_name 3711 EXIST::FUNCTION:EC
+SHA256_Final 3712 EXIST::FUNCTION:SHA,SHA256
+DH_generate_parameters_ex 3713 EXIST::FUNCTION:DH
+PEM_read_bio_ECPrivateKey 3714 EXIST::FUNCTION:EC
+STORE_method_get_cleanup_function 3715 EXIST:!VMS:FUNCTION:
+STORE_meth_get_cleanup_fn 3715 EXIST:VMS:FUNCTION:
+ENGINE_get_ECDH 3716 EXIST::FUNCTION:ENGINE
+d2i_ECDSA_SIG 3717 EXIST::FUNCTION:ECDSA
+BN_is_prime_fasttest_ex 3718 EXIST::FUNCTION:
+ECDSA_sign 3719 EXIST::FUNCTION:ECDSA
+X509_policy_check 3720 EXIST::FUNCTION:
+EVP_PKEY_get_attr_by_NID 3721 EXIST::FUNCTION:
+STORE_set_ex_data 3722 EXIST::FUNCTION:
+ENGINE_get_ECDSA 3723 EXIST::FUNCTION:ENGINE
+EVP_ecdsa 3724 EXIST::FUNCTION:SHA
+BN_BLINDING_get_flags 3725 EXIST::FUNCTION:
+PKCS12_add_cert 3726 EXIST::FUNCTION:
+STORE_OBJECT_new 3727 EXIST::FUNCTION:
+ERR_load_ECDH_strings 3728 EXIST::FUNCTION:ECDH
+EC_KEY_dup 3729 EXIST::FUNCTION:EC
+EVP_CIPHER_CTX_rand_key 3730 EXIST::FUNCTION:
+ECDSA_set_method 3731 EXIST::FUNCTION:ECDSA
+a2i_IPADDRESS_NC 3732 EXIST::FUNCTION:
+d2i_ECParameters 3733 EXIST::FUNCTION:EC
+STORE_list_certificate_end 3734 EXIST::FUNCTION:
+STORE_get_crl 3735 EXIST::FUNCTION:
+X509_POLICY_NODE_print 3736 EXIST::FUNCTION:
+SHA384_Init 3737 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+EC_GF2m_simple_method 3738 EXIST::FUNCTION:EC
+ECDSA_set_ex_data 3739 EXIST::FUNCTION:ECDSA
+SHA384_Final 3740 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+PKCS7_set_digest 3741 EXIST::FUNCTION:
+EC_KEY_print 3742 EXIST::FUNCTION:BIO,EC
+STORE_method_set_lock_store_function 3743 EXIST:!VMS:FUNCTION:
+STORE_meth_set_lock_store_fn 3743 EXIST:VMS:FUNCTION:
+ECDSA_get_ex_new_index 3744 EXIST::FUNCTION:ECDSA
+SHA384 3745 EXIST:!VMSVAX:FUNCTION:SHA,SHA512
+POLICY_MAPPING_new 3746 EXIST::FUNCTION:
+STORE_list_certificate_endp 3747 EXIST::FUNCTION:
+X509_STORE_CTX_get0_policy_tree 3748 EXIST::FUNCTION:
+EC_GROUP_set_asn1_flag 3749 EXIST::FUNCTION:EC
+EC_KEY_check_key 3750 EXIST::FUNCTION:EC
+d2i_EC_PUBKEY_fp 3751 EXIST::FUNCTION:EC,FP_API
+PKCS7_set0_type_other 3752 EXIST::FUNCTION:
+PEM_read_bio_X509_CERT_PAIR 3753 EXIST::FUNCTION:
+pqueue_next 3754 EXIST::FUNCTION:
+STORE_method_get_list_end_function 3755 EXIST:!VMS:FUNCTION:
+STORE_meth_get_list_end_fn 3755 EXIST:VMS:FUNCTION:
+EVP_PKEY_add1_attr_by_OBJ 3756 EXIST::FUNCTION:
+X509_VERIFY_PARAM_set_time 3757 EXIST::FUNCTION:
+pqueue_new 3758 EXIST::FUNCTION:
+ENGINE_set_default_ECDH 3759 EXIST::FUNCTION:ENGINE
+STORE_new_method 3760 EXIST::FUNCTION:
+PKCS12_add_key 3761 EXIST::FUNCTION:
+DSO_merge 3762 EXIST::FUNCTION:
+EC_POINT_hex2point 3763 EXIST::FUNCTION:EC
+BIO_dump_cb 3764 EXIST::FUNCTION:
+SHA256_Update 3765 EXIST::FUNCTION:SHA,SHA256
+pqueue_insert 3766 EXIST::FUNCTION:
+pitem_free 3767 EXIST::FUNCTION:
+BN_GF2m_mod_inv_arr 3768 EXIST::FUNCTION:
+ENGINE_unregister_ECDSA 3769 EXIST::FUNCTION:ENGINE
+BN_BLINDING_set_thread_id 3770 EXIST::FUNCTION:
+get_rfc3526_prime_8192 3771 EXIST::FUNCTION:
+X509_VERIFY_PARAM_clear_flags 3772 EXIST::FUNCTION:
+get_rfc2409_prime_1024 3773 EXIST::FUNCTION:
+DH_check_pub_key 3774 EXIST::FUNCTION:DH
+get_rfc3526_prime_2048 3775 EXIST::FUNCTION:
+get_rfc3526_prime_6144 3776 EXIST::FUNCTION:
+get_rfc3526_prime_1536 3777 EXIST::FUNCTION:
+get_rfc3526_prime_3072 3778 EXIST::FUNCTION:
+get_rfc3526_prime_4096 3779 EXIST::FUNCTION:
+get_rfc2409_prime_768 3780 EXIST::FUNCTION:
+X509_VERIFY_PARAM_get_flags 3781 EXIST::FUNCTION:
+EVP_CIPHER_CTX_new 3782 EXIST::FUNCTION:
+EVP_CIPHER_CTX_free 3783 EXIST::FUNCTION:
+Camellia_cbc_encrypt 3784 EXIST::FUNCTION:CAMELLIA
+Camellia_cfb128_encrypt 3785 EXIST::FUNCTION:CAMELLIA
+Camellia_cfb1_encrypt 3786 EXIST::FUNCTION:CAMELLIA
+Camellia_cfb8_encrypt 3787 EXIST::FUNCTION:CAMELLIA
+Camellia_ctr128_encrypt 3788 EXIST::FUNCTION:CAMELLIA
+Camellia_cfbr_encrypt_block 3789 EXIST::FUNCTION:CAMELLIA
+Camellia_decrypt 3790 EXIST::FUNCTION:CAMELLIA
+Camellia_ecb_encrypt 3791 EXIST::FUNCTION:CAMELLIA
+Camellia_encrypt 3792 EXIST::FUNCTION:CAMELLIA
+Camellia_ofb128_encrypt 3793 EXIST::FUNCTION:CAMELLIA
+Camellia_set_key 3794 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_cbc 3795 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_cfb128 3796 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_cfb1 3797 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_cfb8 3798 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_ecb 3799 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_128_ofb 3800 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_cbc 3801 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_cfb128 3802 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_cfb1 3803 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_cfb8 3804 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_ecb 3805 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_192_ofb 3806 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_cbc 3807 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_cfb128 3808 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_cfb1 3809 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_cfb8 3810 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_ecb 3811 EXIST::FUNCTION:CAMELLIA
+EVP_camellia_256_ofb 3812 EXIST::FUNCTION:CAMELLIA
+a2i_ipadd 3813 EXIST::FUNCTION:
+ASIdentifiers_free 3814 EXIST::FUNCTION:RFC3779
+i2d_ASIdOrRange 3815 EXIST::FUNCTION:RFC3779
+EVP_CIPHER_block_size 3816 EXIST::FUNCTION:
+v3_asid_is_canonical 3817 EXIST::FUNCTION:RFC3779
+IPAddressChoice_free 3818 EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_set_app_data 3819 EXIST::FUNCTION:
+BIO_set_callback_arg 3820 EXIST::FUNCTION:
+v3_addr_add_prefix 3821 EXIST::FUNCTION:RFC3779
+IPAddressOrRange_it 3822 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressOrRange_it 3822 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+BIO_set_flags 3823 EXIST::FUNCTION:
+ASIdentifiers_it 3824 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifiers_it 3824 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_addr_get_range 3825 EXIST::FUNCTION:RFC3779
+BIO_method_type 3826 EXIST::FUNCTION:
+v3_addr_inherits 3827 EXIST::FUNCTION:RFC3779
+IPAddressChoice_it 3828 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressChoice_it 3828 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+AES_ige_encrypt 3829 EXIST::FUNCTION:AES
+v3_addr_add_range 3830 EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_nid 3831 EXIST::FUNCTION:
+d2i_ASRange 3832 EXIST::FUNCTION:RFC3779
+v3_addr_add_inherit 3833 EXIST::FUNCTION:RFC3779
+v3_asid_add_id_or_range 3834 EXIST::FUNCTION:RFC3779
+v3_addr_validate_resource_set 3835 EXIST::FUNCTION:RFC3779
+EVP_CIPHER_iv_length 3836 EXIST::FUNCTION:
+EVP_MD_type 3837 EXIST::FUNCTION:
+v3_asid_canonize 3838 EXIST::FUNCTION:RFC3779
+IPAddressRange_free 3839 EXIST::FUNCTION:RFC3779
+v3_asid_add_inherit 3840 EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_key_length 3841 EXIST::FUNCTION:
+IPAddressRange_new 3842 EXIST::FUNCTION:RFC3779
+ASIdOrRange_new 3843 EXIST::FUNCTION:RFC3779
+EVP_MD_size 3844 EXIST::FUNCTION:
+EVP_MD_CTX_test_flags 3845 EXIST::FUNCTION:
+BIO_clear_flags 3846 EXIST::FUNCTION:
+i2d_ASRange 3847 EXIST::FUNCTION:RFC3779
+IPAddressRange_it 3848 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressRange_it 3848 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+IPAddressChoice_new 3849 EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_new 3850 EXIST::FUNCTION:RFC3779
+ASRange_free 3851 EXIST::FUNCTION:RFC3779
+EVP_MD_pkey_type 3852 EXIST::FUNCTION:
+EVP_MD_CTX_clear_flags 3853 EXIST::FUNCTION:
+IPAddressFamily_free 3854 EXIST::FUNCTION:RFC3779
+i2d_IPAddressFamily 3855 EXIST::FUNCTION:RFC3779
+IPAddressOrRange_new 3856 EXIST::FUNCTION:RFC3779
+EVP_CIPHER_flags 3857 EXIST::FUNCTION:
+v3_asid_validate_resource_set 3858 EXIST::FUNCTION:RFC3779
+d2i_IPAddressRange 3859 EXIST::FUNCTION:RFC3779
+AES_bi_ige_encrypt 3860 EXIST::FUNCTION:AES
+BIO_get_callback 3861 EXIST::FUNCTION:
+IPAddressOrRange_free 3862 EXIST::FUNCTION:RFC3779
+v3_addr_subset 3863 EXIST::FUNCTION:RFC3779
+d2i_IPAddressFamily 3864 EXIST::FUNCTION:RFC3779
+v3_asid_subset 3865 EXIST::FUNCTION:RFC3779
+BIO_test_flags 3866 EXIST::FUNCTION:
+i2d_ASIdentifierChoice 3867 EXIST::FUNCTION:RFC3779
+ASRange_it 3868 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASRange_it 3868 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+d2i_ASIdentifiers 3869 EXIST::FUNCTION:RFC3779
+ASRange_new 3870 EXIST::FUNCTION:RFC3779
+d2i_IPAddressChoice 3871 EXIST::FUNCTION:RFC3779
+v3_addr_get_afi 3872 EXIST::FUNCTION:RFC3779
+EVP_CIPHER_key_length 3873 EXIST::FUNCTION:
+EVP_Cipher 3874 EXIST::FUNCTION:
+i2d_IPAddressOrRange 3875 EXIST::FUNCTION:RFC3779
+ASIdOrRange_it 3876 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdOrRange_it 3876 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+EVP_CIPHER_nid 3877 EXIST::FUNCTION:
+i2d_IPAddressChoice 3878 EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_block_size 3879 EXIST::FUNCTION:
+ASIdentifiers_new 3880 EXIST::FUNCTION:RFC3779
+v3_addr_validate_path 3881 EXIST::FUNCTION:RFC3779
+IPAddressFamily_new 3882 EXIST::FUNCTION:RFC3779
+EVP_MD_CTX_set_flags 3883 EXIST::FUNCTION:
+v3_addr_is_canonical 3884 EXIST::FUNCTION:RFC3779
+i2d_IPAddressRange 3885 EXIST::FUNCTION:RFC3779
+IPAddressFamily_it 3886 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+IPAddressFamily_it 3886 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+v3_asid_inherits 3887 EXIST::FUNCTION:RFC3779
+EVP_CIPHER_CTX_cipher 3888 EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_app_data 3889 EXIST::FUNCTION:
+EVP_MD_block_size 3890 EXIST::FUNCTION:
+EVP_CIPHER_CTX_flags 3891 EXIST::FUNCTION:
+v3_asid_validate_path 3892 EXIST::FUNCTION:RFC3779
+d2i_IPAddressOrRange 3893 EXIST::FUNCTION:RFC3779
+v3_addr_canonize 3894 EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_it 3895 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
+ASIdentifierChoice_it 3895 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
+EVP_MD_CTX_md 3896 EXIST::FUNCTION:
+d2i_ASIdentifierChoice 3897 EXIST::FUNCTION:RFC3779
+BIO_method_name 3898 EXIST::FUNCTION:
+EVP_CIPHER_CTX_iv_length 3899 EXIST::FUNCTION:
+ASIdOrRange_free 3900 EXIST::FUNCTION:RFC3779
+ASIdentifierChoice_free 3901 EXIST::FUNCTION:RFC3779
+BIO_get_callback_arg 3902 EXIST::FUNCTION:
+BIO_set_callback 3903 EXIST::FUNCTION:
+d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779
+i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779
+CRYPTO_memcmp 3906 EXIST::FUNCTION:
+BN_consttime_swap 3907 EXIST::FUNCTION:
+SEED_decrypt 3908 EXIST::FUNCTION:SEED
+SEED_encrypt 3909 EXIST::FUNCTION:SEED
+SEED_cbc_encrypt 3910 EXIST::FUNCTION:SEED
+EVP_seed_ofb 3911 EXIST::FUNCTION:SEED
+SEED_cfb128_encrypt 3912 EXIST::FUNCTION:SEED
+SEED_ofb128_encrypt 3913 EXIST::FUNCTION:SEED
+EVP_seed_cbc 3914 EXIST::FUNCTION:SEED
+SEED_ecb_encrypt 3915 EXIST::FUNCTION:SEED
+EVP_seed_ecb 3916 EXIST::FUNCTION:SEED
+SEED_set_key 3917 EXIST::FUNCTION:SEED
+EVP_seed_cfb128 3918 EXIST::FUNCTION:SEED
+X509_EXTENSIONS_it 3919 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSIONS_it 3919 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_get1_ocsp 3920 EXIST::FUNCTION:
+OCSP_REQ_CTX_free 3921 EXIST::FUNCTION:
+i2d_X509_EXTENSIONS 3922 EXIST::FUNCTION:
+OCSP_sendreq_nbio 3923 EXIST::FUNCTION:
+OCSP_sendreq_new 3924 EXIST::FUNCTION:
+d2i_X509_EXTENSIONS 3925 EXIST::FUNCTION:
+X509_ALGORS_it 3926 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGORS_it 3926 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_ALGOR_get0 3927 EXIST::FUNCTION:
+X509_ALGOR_set0 3928 EXIST::FUNCTION:
+AES_unwrap_key 3929 EXIST::FUNCTION:AES
+AES_wrap_key 3930 EXIST::FUNCTION:AES
+X509at_get0_data_by_OBJ 3931 EXIST::FUNCTION:
+ASN1_TYPE_set1 3932 EXIST::FUNCTION:
+ASN1_STRING_set0 3933 EXIST::FUNCTION:
+i2d_X509_ALGORS 3934 EXIST::FUNCTION:
+BIO_f_zlib 3935 EXIST:ZLIB:FUNCTION:
+COMP_zlib_cleanup 3936 EXIST::FUNCTION:
+d2i_X509_ALGORS 3937 EXIST::FUNCTION:
+CMS_ReceiptRequest_free 3938 EXIST::FUNCTION:CMS
+PEM_write_CMS 3939 EXIST:!WIN16:FUNCTION:CMS
+CMS_add0_CertificateChoices 3940 EXIST::FUNCTION:CMS
+CMS_unsigned_add1_attr_by_OBJ 3941 EXIST::FUNCTION:CMS
+ERR_load_CMS_strings 3942 EXIST::FUNCTION:CMS
+CMS_sign_receipt 3943 EXIST::FUNCTION:CMS
+i2d_CMS_ContentInfo 3944 EXIST::FUNCTION:CMS
+CMS_signed_delete_attr 3945 EXIST::FUNCTION:CMS
+d2i_CMS_bio 3946 EXIST::FUNCTION:CMS
+CMS_unsigned_get_attr_by_NID 3947 EXIST::FUNCTION:CMS
+CMS_verify 3948 EXIST::FUNCTION:CMS
+SMIME_read_CMS 3949 EXIST::FUNCTION:CMS
+CMS_decrypt_set1_key 3950 EXIST::FUNCTION:CMS
+CMS_SignerInfo_get0_algs 3951 EXIST::FUNCTION:CMS
+CMS_add1_cert 3952 EXIST::FUNCTION:CMS
+CMS_set_detached 3953 EXIST::FUNCTION:CMS
+CMS_encrypt 3954 EXIST::FUNCTION:CMS
+CMS_EnvelopedData_create 3955 EXIST::FUNCTION:CMS
+CMS_uncompress 3956 EXIST::FUNCTION:CMS
+CMS_add0_crl 3957 EXIST::FUNCTION:CMS
+CMS_SignerInfo_verify_content 3958 EXIST::FUNCTION:CMS
+CMS_unsigned_get0_data_by_OBJ 3959 EXIST::FUNCTION:CMS
+PEM_write_bio_CMS 3960 EXIST::FUNCTION:CMS
+CMS_unsigned_get_attr 3961 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_ktri_cert_cmp 3962 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_ktri_get0_algs 3963 EXIST:!VMS:FUNCTION:CMS
+CMS_RecipInfo_ktri_get0_algs 3963 EXIST:VMS:FUNCTION:CMS
+CMS_ContentInfo_free 3964 EXIST::FUNCTION:CMS
+CMS_final 3965 EXIST::FUNCTION:CMS
+CMS_add_simple_smimecap 3966 EXIST::FUNCTION:CMS
+CMS_SignerInfo_verify 3967 EXIST::FUNCTION:CMS
+CMS_data 3968 EXIST::FUNCTION:CMS
+CMS_ContentInfo_it 3969 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
+CMS_ContentInfo_it 3969 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
+d2i_CMS_ReceiptRequest 3970 EXIST::FUNCTION:CMS
+CMS_compress 3971 EXIST::FUNCTION:CMS
+CMS_digest_create 3972 EXIST::FUNCTION:CMS
+CMS_SignerInfo_cert_cmp 3973 EXIST::FUNCTION:CMS
+CMS_SignerInfo_sign 3974 EXIST::FUNCTION:CMS
+CMS_data_create 3975 EXIST::FUNCTION:CMS
+i2d_CMS_bio 3976 EXIST::FUNCTION:CMS
+CMS_EncryptedData_set1_key 3977 EXIST::FUNCTION:CMS
+CMS_decrypt 3978 EXIST::FUNCTION:CMS
+int_smime_write_ASN1 3979 EXIST::FUNCTION:
+CMS_unsigned_delete_attr 3980 EXIST::FUNCTION:CMS
+CMS_unsigned_get_attr_count 3981 EXIST::FUNCTION:CMS
+CMS_add_smimecap 3982 EXIST::FUNCTION:CMS
+PEM_read_CMS 3983 EXIST:!WIN16:FUNCTION:CMS
+CMS_signed_get_attr_by_OBJ 3984 EXIST::FUNCTION:CMS
+d2i_CMS_ContentInfo 3985 EXIST::FUNCTION:CMS
+CMS_add_standard_smimecap 3986 EXIST::FUNCTION:CMS
+CMS_ContentInfo_new 3987 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_type 3988 EXIST::FUNCTION:CMS
+CMS_get0_type 3989 EXIST::FUNCTION:CMS
+CMS_is_detached 3990 EXIST::FUNCTION:CMS
+CMS_sign 3991 EXIST::FUNCTION:CMS
+CMS_signed_add1_attr 3992 EXIST::FUNCTION:CMS
+CMS_unsigned_get_attr_by_OBJ 3993 EXIST::FUNCTION:CMS
+SMIME_write_CMS 3994 EXIST::FUNCTION:CMS
+CMS_EncryptedData_decrypt 3995 EXIST::FUNCTION:CMS
+CMS_get0_RecipientInfos 3996 EXIST::FUNCTION:CMS
+CMS_add0_RevocationInfoChoice 3997 EXIST::FUNCTION:CMS
+CMS_decrypt_set1_pkey 3998 EXIST::FUNCTION:CMS
+CMS_SignerInfo_set1_signer_cert 3999 EXIST::FUNCTION:CMS
+CMS_get0_signers 4000 EXIST::FUNCTION:CMS
+CMS_ReceiptRequest_get0_values 4001 EXIST::FUNCTION:CMS
+CMS_signed_get0_data_by_OBJ 4002 EXIST::FUNCTION:CMS
+CMS_get0_SignerInfos 4003 EXIST::FUNCTION:CMS
+CMS_add0_cert 4004 EXIST::FUNCTION:CMS
+CMS_EncryptedData_encrypt 4005 EXIST::FUNCTION:CMS
+CMS_digest_verify 4006 EXIST::FUNCTION:CMS
+CMS_set1_signers_certs 4007 EXIST::FUNCTION:CMS
+CMS_signed_get_attr 4008 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_set0_key 4009 EXIST::FUNCTION:CMS
+CMS_SignedData_init 4010 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kekri_get0_id 4011 EXIST::FUNCTION:CMS
+CMS_verify_receipt 4012 EXIST::FUNCTION:CMS
+CMS_ReceiptRequest_it 4013 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMS
+CMS_ReceiptRequest_it 4013 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMS
+PEM_read_bio_CMS 4014 EXIST::FUNCTION:CMS
+CMS_get1_crls 4015 EXIST::FUNCTION:CMS
+CMS_add0_recipient_key 4016 EXIST::FUNCTION:CMS
+SMIME_read_ASN1 4017 EXIST::FUNCTION:
+CMS_ReceiptRequest_new 4018 EXIST::FUNCTION:CMS
+CMS_get0_content 4019 EXIST::FUNCTION:CMS
+CMS_get1_ReceiptRequest 4020 EXIST::FUNCTION:CMS
+CMS_signed_add1_attr_by_OBJ 4021 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_kekri_id_cmp 4022 EXIST::FUNCTION:CMS
+CMS_add1_ReceiptRequest 4023 EXIST::FUNCTION:CMS
+CMS_SignerInfo_get0_signer_id 4024 EXIST::FUNCTION:CMS
+CMS_unsigned_add1_attr_by_NID 4025 EXIST::FUNCTION:CMS
+CMS_unsigned_add1_attr 4026 EXIST::FUNCTION:CMS
+CMS_signed_get_attr_by_NID 4027 EXIST::FUNCTION:CMS
+CMS_get1_certs 4028 EXIST::FUNCTION:CMS
+CMS_signed_add1_attr_by_NID 4029 EXIST::FUNCTION:CMS
+CMS_unsigned_add1_attr_by_txt 4030 EXIST::FUNCTION:CMS
+CMS_dataFinal 4031 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_ktri_get0_signer_id 4032 EXIST:!VMS:FUNCTION:CMS
+CMS_RecipInfo_ktri_get0_sigr_id 4032 EXIST:VMS:FUNCTION:CMS
+i2d_CMS_ReceiptRequest 4033 EXIST::FUNCTION:CMS
+CMS_add1_recipient_cert 4034 EXIST::FUNCTION:CMS
+CMS_dataInit 4035 EXIST::FUNCTION:CMS
+CMS_signed_add1_attr_by_txt 4036 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_decrypt 4037 EXIST::FUNCTION:CMS
+CMS_signed_get_attr_count 4038 EXIST::FUNCTION:CMS
+CMS_get0_eContentType 4039 EXIST::FUNCTION:CMS
+CMS_set1_eContentType 4040 EXIST::FUNCTION:CMS
+CMS_ReceiptRequest_create0 4041 EXIST::FUNCTION:CMS
+CMS_add1_signer 4042 EXIST::FUNCTION:CMS
+CMS_RecipientInfo_set0_pkey 4043 EXIST::FUNCTION:CMS
+ENGINE_set_load_ssl_client_cert_function 4044 EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_ld_ssl_clnt_cert_fn 4044 EXIST:VMS:FUNCTION:ENGINE
+ENGINE_get_ssl_client_cert_function 4045 EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_ssl_client_cert_fn 4045 EXIST:VMS:FUNCTION:ENGINE
+ENGINE_load_ssl_client_cert 4046 EXIST::FUNCTION:ENGINE
+ENGINE_load_capi 4047 EXIST:WIN32:FUNCTION:CAPIENG,ENGINE,STATIC_ENGINE
+OPENSSL_isservice 4048 EXIST::FUNCTION:
+FIPS_dsa_sig_decode 4049 EXIST:OPENSSL_FIPS:FUNCTION:DSA
+EVP_CIPHER_CTX_clear_flags 4050 EXIST::FUNCTION:
+FIPS_rand_status 4051 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_set_key 4052 EXIST:OPENSSL_FIPS:FUNCTION:
+CRYPTO_set_mem_info_functions 4053 EXIST::FUNCTION:
+RSA_X931_generate_key_ex 4054 EXIST::FUNCTION:RSA
+int_ERR_set_state_func 4055 EXIST:OPENSSL_FIPS:FUNCTION:
+int_EVP_MD_set_engine_callbacks 4056 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_CRYPTO_set_do_dynlock_callback 4057 EXIST:!VMS:FUNCTION:
+int_CRYPTO_set_do_dynlock_cb 4057 EXIST:VMS:FUNCTION:
+FIPS_rng_stick 4058 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_CIPHER_CTX_set_flags 4059 EXIST::FUNCTION:
+BN_X931_generate_prime_ex 4060 EXIST::FUNCTION:
+FIPS_selftest_check 4061 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_set_dt 4062 EXIST:OPENSSL_FIPS:FUNCTION:
+CRYPTO_dbg_pop_info 4063 EXIST::FUNCTION:
+FIPS_dsa_free 4064 EXIST:OPENSSL_FIPS:FUNCTION:DSA
+RSA_X931_derive_ex 4065 EXIST::FUNCTION:RSA
+FIPS_rsa_new 4066 EXIST:OPENSSL_FIPS:FUNCTION:RSA
+FIPS_rand_bytes 4067 EXIST:OPENSSL_FIPS:FUNCTION:
+fips_cipher_test 4068 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_CIPHER_CTX_test_flags 4069 EXIST::FUNCTION:
+CRYPTO_malloc_debug_init 4070 EXIST::FUNCTION:
+CRYPTO_dbg_push_info 4071 EXIST::FUNCTION:
+FIPS_corrupt_rsa_keygen 4072 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_dh_new 4073 EXIST:OPENSSL_FIPS:FUNCTION:DH
+FIPS_corrupt_dsa_keygen 4074 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_dh_free 4075 EXIST:OPENSSL_FIPS:FUNCTION:DH
+fips_pkey_signature_test 4076 EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_add_alg_module 4077 EXIST::FUNCTION:
+int_RAND_init_engine_callbacks 4078 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_EVP_CIPHER_set_engine_callbacks 4079 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+int_EVP_MD_init_engine_callbacks 4080 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+FIPS_rand_test_mode 4081 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_reset 4082 EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_dsa_new 4083 EXIST:OPENSSL_FIPS:FUNCTION:DSA
+int_RAND_set_callbacks 4084 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+BN_X931_derive_prime_ex 4085 EXIST::FUNCTION:
+int_ERR_lib_init 4086 EXIST:OPENSSL_FIPS:FUNCTION:
+int_EVP_CIPHER_init_engine_callbacks 4087 EXIST:OPENSSL_FIPS:FUNCTION:ENGINE
+FIPS_rsa_free 4088 EXIST:OPENSSL_FIPS:FUNCTION:RSA
+FIPS_dsa_sig_encode 4089 EXIST:OPENSSL_FIPS:FUNCTION:DSA
+CRYPTO_dbg_remove_all_info 4090 EXIST::FUNCTION:
+OPENSSL_init 4091 EXIST::FUNCTION:
+private_Camellia_set_key 4092 EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA
+CRYPTO_strdup 4093 EXIST::FUNCTION:
+JPAKE_STEP3A_process 4094 EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_release 4095 EXIST::FUNCTION:JPAKE
+JPAKE_get_shared_key 4096 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_init 4097 EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_generate 4098 EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_init 4099 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_process 4100 EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_generate 4101 EXIST::FUNCTION:JPAKE
+JPAKE_CTX_new 4102 EXIST::FUNCTION:JPAKE
+JPAKE_CTX_free 4103 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_release 4104 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3A_release 4105 EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_process 4106 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3B_generate 4107 EXIST::FUNCTION:JPAKE
+JPAKE_STEP1_process 4108 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3A_generate 4109 EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_release 4110 EXIST::FUNCTION:JPAKE
+JPAKE_STEP3A_init 4111 EXIST::FUNCTION:JPAKE
+ERR_load_JPAKE_strings 4112 EXIST::FUNCTION:JPAKE
+JPAKE_STEP2_init 4113 EXIST::FUNCTION:JPAKE
+pqueue_size 4114 EXIST::FUNCTION:
+OPENSSL_uni2asc 4115 EXIST:NETWARE:FUNCTION:
+OPENSSL_asc2uni 4116 EXIST:NETWARE:FUNCTION:
+ASN1_TYPE_cmp 4428 EXIST::FUNCTION:
Deleted: vendor-crypto/openssl/0.9.8zf/util/mk1mf.pl
===================================================================
--- vendor-crypto/openssl/dist/util/mk1mf.pl 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/util/mk1mf.pl 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,1428 +0,0 @@
-#!/usr/local/bin/perl
-# A bit of an evil hack but it post processes the file ../MINFO which
-# is generated by `make files` in the top directory.
-# This script outputs one mega makefile that has no shell stuff or any
-# funny stuff
-#
-
-$INSTALLTOP="/usr/local/ssl";
-$OPTIONS="";
-$ssl_version="";
-$banner="\t\@echo Building OpenSSL";
-
-my $no_static_engine = 0;
-my $engines = "";
-local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
-local $zlib_lib = "";
-
-local $fips_canister_path = "";
-my $fips_premain_dso_exe_path = "";
-my $fips_premain_c_path = "";
-my $fips_sha1_exe_path = "";
-
-local $fipscanisterbuild = 0;
-local $fipsdso = 0;
-
-my $fipslibdir = "";
-my $baseaddr = "";
-
-my $ex_l_libs = "";
-
-open(IN,"<Makefile") || die "unable to open Makefile!\n";
-while(<IN>) {
- $ssl_version=$1 if (/^VERSION=(.*)$/);
- $OPTIONS=$1 if (/^OPTIONS=(.*)$/);
- $INSTALLTOP=$1 if (/^INSTALLTOP=(.*$)/);
-}
-close(IN);
-
-die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
-
-$infile="MINFO";
-
-%ops=(
- "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X",
- "VC-WIN64I", "Microsoft C/C++ - Win64/IA-64",
- "VC-WIN64A", "Microsoft C/C++ - Win64/x64",
- "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
- "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY",
- "Mingw32", "GNU C++ - Windows NT or 9x",
- "Mingw32-files", "Create files with DOS copy ...",
- "BC-NT", "Borland C++ 4.5 - Windows NT",
- "linux-elf","Linux elf",
- "ultrix-mips","DEC mips ultrix",
- "FreeBSD","FreeBSD distribution",
- "OS2-EMX", "EMX GCC OS/2",
- "netware-clib", "CodeWarrior for NetWare - CLib - with WinSock Sockets",
- "netware-clib-bsdsock", "CodeWarrior for NetWare - CLib - with BSD Sockets",
- "netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets",
- "netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets",
- "default","cc under unix",
- );
-
-$platform="";
-my $xcflags="";
-foreach (@ARGV)
- {
- if (!&read_options && !defined($ops{$_}))
- {
- print STDERR "unknown option - $_\n";
- print STDERR "usage: perl mk1mf.pl [options] [system]\n";
- print STDERR "\nwhere [system] can be one of the following\n";
- foreach $i (sort keys %ops)
- { printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
- print STDERR <<"EOF";
-and [options] can be one of
- no-md2 no-md4 no-md5 no-sha no-mdc2 - Skip this digest
- no-ripemd
- no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher
- no-bf no-cast no-aes no-camellia no-seed
- no-rsa no-dsa no-dh - Skip this public key cipher
- no-ssl2 no-ssl3 - Skip this version of SSL
- just-ssl - remove all non-ssl keys/digest
- no-asm - No x86 asm
- no-krb5 - No KRB5
- no-ec - No EC
- no-ecdsa - No ECDSA
- no-ecdh - No ECDH
- no-engine - No engine
- no-hw - No hw
- nasm - Use NASM for x86 asm
- nw-nasm - Use NASM x86 asm for NetWare
- nw-mwasm - Use Metrowerks x86 asm for NetWare
- gaswin - Use GNU as with Mingw32
- no-socks - No socket code
- no-err - No error strings
- dll/shlib - Build shared libraries (MS)
- debug - Debug build
- profile - Profiling build
- gcc - Use Gcc (unix)
-
-Values that can be set
-TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
-
--L<ex_lib_path> -l<ex_lib> - extra library flags (unix)
--<ex_cc_flags> - extra 'cc' flags,
- added (MS), or replace (unix)
-EOF
- exit(1);
- }
- $platform=$_;
- }
-foreach (grep(!/^$/, split(/ /, $OPTIONS)))
- {
- print STDERR "unknown option - $_\n" if !&read_options;
- }
-
-$no_static_engine = 0 if (!$shlib);
-
-$no_mdc2=1 if ($no_des);
-
-$no_ssl3=1 if ($no_md5 || $no_sha);
-$no_ssl3=1 if ($no_rsa && $no_dh);
-
-$no_ssl2=1 if ($no_md5);
-$no_ssl2=1 if ($no_rsa);
-
-$out_def="out";
-$inc_def="outinc";
-$tmp_def="tmp";
-
-$perl="perl" unless defined $perl;
-$mkdir="-mkdir" unless defined $mkdir;
-
-($ssl,$crypto)=("ssl","crypto");
-$ranlib="echo ranlib";
-
-$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
-$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.';
-$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
-
-# $bin_dir.=$o causes a core dump on my sparc :-(
-
-
-$NT=0;
-
-push(@INC,"util/pl","pl");
-if (($platform =~ /VC-(.+)/))
- {
- $FLAVOR=$1;
- $NT = 1 if $1 eq "NT";
- require 'VC-32.pl';
- }
-elsif ($platform eq "Mingw32")
- {
- require 'Mingw32.pl';
- }
-elsif ($platform eq "Mingw32-files")
- {
- require 'Mingw32f.pl';
- }
-elsif ($platform eq "BC-NT")
- {
- $bc=1;
- require 'BC-32.pl';
- }
-elsif ($platform eq "FreeBSD")
- {
- require 'unix.pl';
- $cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer';
- }
-elsif ($platform eq "linux-elf")
- {
- require "unix.pl";
- require "linux.pl";
- $unix=1;
- }
-elsif ($platform eq "ultrix-mips")
- {
- require "unix.pl";
- require "ultrix.pl";
- $unix=1;
- }
-elsif ($platform eq "OS2-EMX")
- {
- $wc=1;
- require 'OS2-EMX.pl';
- }
-elsif (($platform eq "netware-clib") || ($platform eq "netware-libc") ||
- ($platform eq "netware-clib-bsdsock") || ($platform eq "netware-libc-bsdsock"))
- {
- $LIBC=1 if $platform eq "netware-libc" || $platform eq "netware-libc-bsdsock";
- $BSDSOCK=1 if ($platform eq "netware-libc-bsdsock") || ($platform eq "netware-clib-bsdsock");
- require 'netware.pl';
- }
-else
- {
- require "unix.pl";
-
- $unix=1;
- $cflags.=' -DTERMIO';
- }
-
-$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
-$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
-$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
-
-$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
-
-$cflags= "$xcflags$cflags" if $xcflags ne "";
-
-$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
-$cflags.=" -DOPENSSL_NO_AES" if $no_aes;
-$cflags.=" -DOPENSSL_NO_CAMELLIA" if $no_camellia;
-$cflags.=" -DOPENSSL_NO_SEED" if $no_seed;
-$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2;
-$cflags.=" -DOPENSSL_NO_RC4" if $no_rc4;
-$cflags.=" -DOPENSSL_NO_RC5" if $no_rc5;
-$cflags.=" -DOPENSSL_NO_MD2" if $no_md2;
-$cflags.=" -DOPENSSL_NO_MD4" if $no_md4;
-$cflags.=" -DOPENSSL_NO_MD5" if $no_md5;
-$cflags.=" -DOPENSSL_NO_SHA" if $no_sha;
-$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
-$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd;
-$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
-$cflags.=" -DOPENSSL_NO_BF" if $no_bf;
-$cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
-$cflags.=" -DOPENSSL_NO_DES" if $no_des;
-$cflags.=" -DOPENSSL_NO_RSA" if $no_rsa;
-$cflags.=" -DOPENSSL_NO_DSA" if $no_dsa;
-$cflags.=" -DOPENSSL_NO_DH" if $no_dh;
-$cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
-$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
-$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
-$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
-$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
-$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
-$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng;
-$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
-$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
-$cflags.=" -DOPENSSL_NO_EC" if $no_ec;
-$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
-$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
-$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
-$cflags.=" -DOPENSSL_NO_HW" if $no_hw;
-$cflags.=" -DOPENSSL_FIPS" if $fips;
-$cflags.= " -DZLIB" if $zlib_opt;
-$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
-
-if ($no_static_engine)
- {
- $cflags .= " -DOPENSSL_NO_STATIC_ENGINE";
- }
-else
- {
- $cflags .= " -DOPENSSL_NO_DYNAMIC_ENGINE";
- }
-
-#$cflags.=" -DRSAref" if $rsaref ne "";
-
-## if ($unix)
-## { $cflags="$c_flags" if ($c_flags ne ""); }
-##else
- { $cflags="$c_flags$cflags" if ($c_flags ne ""); }
-
-$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
-
-%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
- "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO",
- "FIPS" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
-
-if ($msdos)
- {
- $banner ="\t\@echo Make sure you have run 'perl Configure $platform' in the\n";
- $banner.="\t\@echo top level directory, if you don't have perl, you will\n";
- $banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n";
- $banner.="\t\@echo documentation for details.\n";
- }
-
-# have to do this to allow $(CC) under unix
-$link="$bin_dir$link" if ($link !~ /^\$/);
-
-$INSTALLTOP =~ s|/|$o|g;
-
-#############################################
-# We parse in input file and 'store' info for later printing.
-open(IN,"<$infile") || die "unable to open $infile:$!\n";
-$_=<IN>;
-for (;;)
- {
- chop;
-
- ($key,$val)=/^([^=]+)=(.*)/;
- if ($key eq "RELATIVE_DIRECTORY")
- {
- if ($lib ne "")
- {
- if ($fips && $dir =~ /^fips/)
- {
- $uc = "FIPS";
- }
- else
- {
- $uc=$lib;
- $uc =~ s/^lib(.*)\.a/$1/;
- $uc =~ tr/a-z/A-Z/;
- }
- if (($uc ne "FIPS") || $fipscanisterbuild)
- {
- $lib_nam{$uc}=$uc;
- $lib_obj{$uc}.=$libobj." ";
- }
- }
- last if ($val eq "FINISHED");
- $lib="";
- $libobj="";
- $dir=$val;
- }
-
- if ($key eq "KRB5_INCLUDES")
- { $cflags .= " $val";}
-
- if ($key eq "ZLIB_INCLUDE")
- { $cflags .= " $val" if $val ne "";}
-
- if ($key eq "LIBZLIB")
- { $zlib_lib = "$val" if $val ne "";}
-
- if ($key eq "LIBKRB5")
- { $ex_libs .= " $val" if $val ne "";}
-
- if ($key eq "TEST")
- { $test.=&var_add($dir,$val, 0); }
-
- if (($key eq "PROGS") || ($key eq "E_OBJ"))
- { $e_exe.=&var_add($dir,$val, 0); }
-
- if ($key eq "LIB")
- {
- $lib=$val;
- $lib =~ s/^.*\/([^\/]+)$/$1/;
- }
-
- if ($key eq "EXHEADER")
- { $exheader.=&var_add($dir,$val, 1); }
-
- if ($key eq "HEADER")
- { $header.=&var_add($dir,$val, 1); }
-
- if ($key eq "LIBOBJ" && ($dir ne "engines" || !$no_static_engine))
- { $libobj=&var_add($dir,$val, 0); }
- if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
- { $engines.=$val }
-
- if ($key eq "FIPS_EX_OBJ")
- {
- $fips_ex_obj=&var_add("crypto",$val,0);
- }
-
- if ($key eq "FIPSLIBDIR")
- {
- $fipslibdir=$val;
- $fipslibdir =~ s/\/$//;
- $fipslibdir =~ s/\//$o/g;
- }
-
- if ($key eq "BASEADDR")
- { $baseaddr=$val;}
-
- if (!($_=<IN>))
- { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
- }
-close(IN);
-
-if ($fips)
- {
-
- foreach (split " ", $fips_ex_obj)
- {
- $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/);
- }
-
- $fips_exclude_obj{"cpu_win32"} = 1;
- $fips_exclude_obj{"bn_asm"} = 1;
- $fips_exclude_obj{"des_enc"} = 1;
- $fips_exclude_obj{"fcrypt_b"} = 1;
- $fips_exclude_obj{"aes_core"} = 1;
- $fips_exclude_obj{"aes_cbc"} = 1;
-
- my @ltmp = split " ", $lib_obj{"CRYPTO"};
-
-
- $lib_obj{"CRYPTO"} = "";
-
- foreach(@ltmp)
- {
- if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1})
- {
- if ($fipscanisterbuild)
- {
- $lib_obj{"FIPS"} .= "$_ ";
- }
- }
- else
- {
- $lib_obj{"CRYPTO"} .= "$_ ";
- }
- }
-
- }
-
-if ($fipscanisterbuild)
- {
- $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq "";
- $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c";
- }
-else
- {
- if ($fips_canister_path eq "")
- {
- $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib";
- }
-
- if ($fips_premain_c_path eq "")
- {
- $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
- }
- }
-
-if ($fips)
- {
- if ($fips_sha1_exe_path eq "")
- {
- $fips_sha1_exe_path =
- "\$(BIN_D)${o}fips_standalone_sha1$exep";
- }
- }
- else
- {
- $fips_sha1_exe_path = "";
- }
-
-if ($fips_premain_dso_exe_path eq "")
- {
- $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
- }
-
-# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
-
-#$ex_l_libs .= " \$(L_FIPS)" if $fipsdso;
-
-if ($fips)
- {
- if (!$shlib)
- {
- $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
- $ex_l_libs .= " \$(O_FIPSCANISTER)";
- $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild;
- }
- if ($fipscanisterbuild)
- {
- $fipslibdir = "\$(LIB_D)";
- }
- else
- {
- if ($fipslibdir eq "")
- {
- open (IN, "util/fipslib_path.txt") || fipslib_error();
- $fipslibdir = <IN>;
- chomp $fipslibdir;
- close IN;
- }
- fips_check_files($fipslibdir,
- "fipscanister.lib", "fipscanister.lib.sha1",
- "fips_premain.c", "fips_premain.c.sha1");
- }
- }
-
-if ($shlib)
- {
- $extra_install= <<"EOF";
- \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\"
- \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\"
- \$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\"
- \$(CP) \"\$(L_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
-EOF
- if ($no_static_engine)
- {
- $extra_install .= <<"EOF"
- \$(MKDIR) \"\$(INSTALLTOP)${o}lib${o}engines\"
- \$(CP) \"\$(E_SHLIB)\" \"\$(INSTALLTOP)${o}lib${o}engines\"
-EOF
- }
- }
-else
- {
- $extra_install= <<"EOF";
- \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\"
- \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
-EOF
- $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
- }
-
-$defs= <<"EOF";
-# This makefile has been automatically generated from the OpenSSL distribution.
-# This single makefile will build the complete OpenSSL distribution and
-# by default leave the 'intertesting' output files in .${o}out and the stuff
-# that needs deleting in .${o}tmp.
-# The file was generated by running 'make makefile.one', which
-# does a 'make files', which writes all the environment variables from all
-# the makefiles to the file call MINFO. This file is used by
-# util${o}mk1mf.pl to generate makefile.one.
-# The 'makefile per directory' system suites me when developing this
-# library and also so I can 'distribute' indervidual library sections.
-# The one monster makefile better suits building in non-unix
-# environments.
-
-EOF
-
-$defs .= $preamble if defined $preamble;
-
-$defs.= <<"EOF";
-INSTALLTOP=$INSTALLTOP
-
-# Set your compiler options
-PLATFORM=$platform
-CC=$bin_dir${cc}
-CFLAG=$cflags
-APP_CFLAG=$app_cflag
-LIB_CFLAG=$lib_cflag
-SHLIB_CFLAG=$shl_cflag
-APP_EX_OBJ=$app_ex_obj
-SHLIB_EX_OBJ=$shlib_ex_obj
-# add extra libraries to this define, for solaris -lsocket -lnsl would
-# be added
-EX_LIBS=$ex_libs
-
-# The OpenSSL directory
-SRC_D=$src_dir
-
-LINK=$link
-LFLAGS=$lflags
-RSC=$rsc
-FIPSLINK=\$(PERL) util${o}fipslink.pl
-
-AES_ASM_OBJ=$aes_asm_obj
-AES_ASM_SRC=$aes_asm_src
-BN_ASM_OBJ=$bn_asm_obj
-BN_ASM_SRC=$bn_asm_src
-BNCO_ASM_OBJ=$bnco_asm_obj
-BNCO_ASM_SRC=$bnco_asm_src
-DES_ENC_OBJ=$des_enc_obj
-DES_ENC_SRC=$des_enc_src
-BF_ENC_OBJ=$bf_enc_obj
-BF_ENC_SRC=$bf_enc_src
-CAST_ENC_OBJ=$cast_enc_obj
-CAST_ENC_SRC=$cast_enc_src
-RC4_ENC_OBJ=$rc4_enc_obj
-RC4_ENC_SRC=$rc4_enc_src
-RC5_ENC_OBJ=$rc5_enc_obj
-RC5_ENC_SRC=$rc5_enc_src
-MD5_ASM_OBJ=$md5_asm_obj
-MD5_ASM_SRC=$md5_asm_src
-SHA1_ASM_OBJ=$sha1_asm_obj
-SHA1_ASM_SRC=$sha1_asm_src
-RMD160_ASM_OBJ=$rmd160_asm_obj
-RMD160_ASM_SRC=$rmd160_asm_src
-CPUID_ASM_OBJ=$cpuid_asm_obj
-CPUID_ASM_SRC=$cpuid_asm_src
-
-# The output directory for everything intersting
-OUT_D=$out_dir
-# The output directory for all the temporary muck
-TMP_D=$tmp_dir
-# The output directory for the header files
-INC_D=$inc_dir
-INCO_D=$inc_dir${o}openssl
-
-PERL=$perl
-CP=$cp
-RM=$rm
-RANLIB=$ranlib
-MKDIR=$mkdir
-MKLIB=$bin_dir$mklib
-MLFLAGS=$mlflags
-ASM=$bin_dir$asm
-
-# FIPS validated module and support file locations
-
-E_PREMAIN_DSO=fips_premain_dso
-
-FIPSLIB_D=$fipslibdir
-BASEADDR=$baseaddr
-FIPS_PREMAIN_SRC=$fips_premain_c_path
-O_FIPSCANISTER=$fips_canister_path
-FIPS_SHA1_EXE=$fips_sha1_exe_path
-PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
-
-######################################################
-# You should not need to touch anything below this point
-######################################################
-
-E_EXE=openssl
-SSL=$ssl
-CRYPTO=$crypto
-LIBFIPS=libosslfips
-
-# BIN_D - Binary output directory
-# TEST_D - Binary test file output directory
-# LIB_D - library output directory
-# ENG_D - dynamic engine output directory
-# Note: if you change these point to different directories then uncomment out
-# the lines around the 'NB' comment below.
-#
-BIN_D=\$(OUT_D)
-TEST_D=\$(OUT_D)
-LIB_D=\$(OUT_D)
-ENG_D=\$(OUT_D)
-
-# INCL_D - local library directory
-# OBJ_D - temp object file directory
-OBJ_D=\$(TMP_D)
-INCL_D=\$(TMP_D)
-
-O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp
-O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
-O_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp
-SO_SSL= $plib\$(SSL)$so_shlibp
-SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
-L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
-L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
-L_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$libp
-
-L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
-
-######################################################
-# Don't touch anything below this point
-######################################################
-
-INC=-I\$(INC_D) -I\$(INCL_D)
-APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
-LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
-SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
-
-#############################################
-EOF
-
-$rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
-
-banner:
-$banner
-
-\$(TMP_D):
- \$(MKDIR) \"\$(TMP_D)\"
-# NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different
-#\$(BIN_D):
-# \$(MKDIR) \$(BIN_D)
-#
-#\$(TEST_D):
-# \$(MKDIR) \$(TEST_D)
-
-\$(LIB_D):
- \$(MKDIR) \"\$(LIB_D)\"
-
-\$(INCO_D): \$(INC_D)
- \$(MKDIR) \"\$(INCO_D)\"
-
-\$(INC_D):
- \$(MKDIR) \"\$(INC_D)\"
-
-headers: \$(HEADER) \$(EXHEADER)
- @
-
-lib: \$(LIBS_DEP) \$(E_SHLIB)
-
-exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep
-
-install: all
- \$(MKDIR) \"\$(INSTALLTOP)\"
- \$(MKDIR) \"\$(INSTALLTOP)${o}bin\"
- \$(MKDIR) \"\$(INSTALLTOP)${o}include\"
- \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\"
- \$(MKDIR) \"\$(INSTALLTOP)${o}lib\"
- \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
- \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep\" \"\$(INSTALLTOP)${o}bin\"
- \$(CP) \"apps${o}openssl.cnf\" \"\$(INSTALLTOP)\"
-$extra_install
-
-
-test: \$(T_EXE)
- cd \$(BIN_D)
- ..${o}ms${o}test
-
-clean:
- \$(RM) \$(TMP_D)$o*.*
-
-vclean:
- \$(RM) \$(TMP_D)$o*.*
- \$(RM) \$(OUT_D)$o*.*
-
-EOF
-
-my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform";
-$platform_cpp_symbol =~ s/-/_/g;
-if (open(IN,"crypto/buildinf.h"))
- {
- # Remove entry for this platform in existing file buildinf.h.
-
- my $old_buildinf_h = "";
- while (<IN>)
- {
- if (/^\#ifdef $platform_cpp_symbol$/)
- {
- while (<IN>) { last if (/^\#endif/); }
- }
- else
- {
- $old_buildinf_h .= $_;
- }
- }
- close(IN);
-
- open(OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
- print OUT $old_buildinf_h;
- close(OUT);
- }
-
-open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h";
-printf OUT <<EOF;
-#ifdef $platform_cpp_symbol
- /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
- #define CFLAGS "$cc $cflags"
- #define PLATFORM "$platform"
-EOF
-printf OUT " #define DATE \"%s\"\n", scalar gmtime();
-printf OUT "#endif\n";
-close(OUT);
-
-# Strip of trailing ' '
-foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
-$test=&clean_up_ws($test);
-$e_exe=&clean_up_ws($e_exe);
-$exheader=&clean_up_ws($exheader);
-$header=&clean_up_ws($header);
-
-# First we strip the exheaders from the headers list
-foreach (split(/\s+/,$exheader)){ $h{$_}=1; }
-foreach (split(/\s+/,$header)) { $h.=$_." " unless $h{$_}; }
-chop($h); $header=$h;
-
-$defs.=&do_defs("HEADER",$header,"\$(INCL_D)","");
-$rules.=&do_copy_rule("\$(INCL_D)",$header,"");
-
-$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)","");
-$rules.=&do_copy_rule("\$(INCO_D)",$exheader,"");
-
-$defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
-$rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
-
-$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
-$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
-
-# Special case rules for fips_start and fips_end fips_premain_dso
-
-if ($fips)
- {
- if ($fipscanisterbuild)
- {
- $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
- "fips${o}fips_canister.c",
- "-DFIPS_START \$(SHLIB_CFLAGS)");
- $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
- "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
- }
- $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
- "fips${o}sha${o}fips_standalone_sha1.c",
- "\$(SHLIB_CFLAGS)");
- $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
- "fips${o}fips_premain.c",
- "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
- }
-
-foreach (values %lib_nam)
- {
- $lib_obj=$lib_obj{$_};
- local($slib)=$shlib;
-
- if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
- {
- $rules.="\$(O_SSL):\n\n";
- next;
- }
-
- if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS")))
- {
- if ($cpuid_asm_obj ne "")
- {
- $lib_obj =~ s/(\S*\/cryptlib\S*)/$1 \$(CPUID_ASM_OBJ)/;
- $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src);
- }
- if ($aes_asm_obj ne "")
- {
- $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/;
- $lib_obj =~ s/\s\S*\/aes_cbc\S*//;
- $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src);
- }
- if ($sha1_asm_obj ne "")
- {
- $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
- $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
- }
- if ($bn_asm_obj ne "")
- {
- $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
- $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
- }
- if ($bnco_asm_obj ne "")
- {
- $lib_obj .= "\$(BNCO_ASM_OBJ)";
- $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
- }
- if ($des_enc_obj ne "")
- {
- $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
- $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
- $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
- }
- }
- if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s\S*\/bf_enc\S*/ \$(BF_ENC_OBJ)/;
- $rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src);
- }
- if (($cast_enc_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/(\s\S*\/c_enc\S*)/ \$(CAST_ENC_OBJ)/;
- $rules.=&do_asm_rule($cast_enc_obj,$cast_enc_src);
- }
- if (($rc4_enc_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s\S*\/rc4_enc\S*/ \$(RC4_ENC_OBJ)/;
- $rules.=&do_asm_rule($rc4_enc_obj,$rc4_enc_src);
- }
- if (($rc5_enc_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s\S*\/rc5_enc\S*/ \$(RC5_ENC_OBJ)/;
- $rules.=&do_asm_rule($rc5_enc_obj,$rc5_enc_src);
- }
- if (($md5_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
- $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
- }
- if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
- $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
- }
- $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
- $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
- $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
- }
-
-# hack to add version info on MSVC
-if (($platform eq "VC-WIN32") || ($platform eq "VC-WIN64A")
- || ($platform eq "VC-WIN64I") || ($platform eq "VC-NT")) {
- $rules.= <<"EOF";
-\$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc
- \$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc
-
-\$(OBJ_D)\\\$(SSL).res: ms\\version32.rc
- \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc
-
-\$(OBJ_D)\\\$(LIBFIPS).res: ms\\version32.rc
- \$(RSC) /fo"\$(OBJ_D)\\\$(LIBFIPS).res" /d FIPS ms\\version32.rc
-
-EOF
-}
-
-$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
-foreach (split(/\s+/,$test))
- {
- my $t_libs;
- $t=&bname($_);
- my $ltype;
- # Check to see if test program is FIPS
- if ($fips && /fips/)
- {
- # If fipsdso link to libosslfips.dll
- # otherwise perform static link to
- # $(O_FIPSCANISTER)
- if ($fipsdso)
- {
- $t_libs = "\$(L_FIPS)";
- $ltype = 0;
- }
- else
- {
- $t_libs = "\$(O_FIPSCANISTER)";
- $ltype = 2;
- }
- }
- else
- {
- $t_libs = "\$(L_LIBS)";
- $ltype = 0;
- }
-
- $tt="\$(OBJ_D)${o}$t${obj}";
- $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype);
- }
-
-$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp);
-
-foreach (split(/\s+/,$engines))
- {
- $rules.=&do_compile_rule("\$(OBJ_D)","engines${o}e_$_",$lib);
- $rules.= &do_lib_rule("\$(OBJ_D)${o}e_${_}.obj","\$(ENG_D)$o$_$shlibp","",$shlib,"");
- }
-
-
-
-$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-
-if ($fips)
- {
- if ($shlib)
- {
- if ($fipsdso)
- {
- $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
- "\$(O_CRYPTO)", "$crypto",
- $shlib, "", "");
- $rules.= &do_lib_rule(
- "\$(O_FIPSCANISTER)",
- "\$(O_FIPS)", "\$(LIBFIPS)",
- $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
- $rules.= &do_sdef_rule();
- }
- else
- {
- $rules.= &do_lib_rule(
- "\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
- "\$(O_CRYPTO)", "$crypto",
- $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
- }
- }
- else
- {
- $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
- "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
- $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)",
- "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
- }
- }
- else
- {
- $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
- "\$(SO_CRYPTO)");
- }
-
-if ($fips)
- {
- if ($fipscanisterbuild)
- {
- $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)",
- "\$(OBJ_D)${o}fips_start$obj",
- "\$(FIPSOBJ)",
- "\$(OBJ_D)${o}fips_end$obj",
- "\$(FIPS_SHA1_EXE)", "");
- $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
- "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)",
- "","\$(EX_LIBS)", 1);
- }
- else
- {
- $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
- "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)",
- "","", 1);
-
- }
- $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
-
- }
-
-$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
-
-print $defs;
-
-if ($platform eq "linux-elf") {
- print <<"EOF";
-# Generate perlasm output files
-%.cpp:
- (cd \$(\@D)/..; PERL=perl make -f Makefile asm/\$(\@F))
-EOF
-}
-print "###################################################################\n";
-print $rules;
-
-###############################################
-# strip off any trailing .[och] and append the relative directory
-# also remembering to do nothing if we are in one of the dropped
-# directories
-sub var_add
- {
- local($dir,$val,$keepext)=@_;
- local(@a,$_,$ret);
-
- return("") if $no_engine && $dir =~ /\/engine/;
- return("") if $no_hw && $dir =~ /\/hw/;
- return("") if $no_idea && $dir =~ /\/idea/;
- return("") if $no_aes && $dir =~ /\/aes/;
- return("") if $no_camellia && $dir =~ /\/camellia/;
- return("") if $no_seed && $dir =~ /\/seed/;
- return("") if $no_rc2 && $dir =~ /\/rc2/;
- return("") if $no_rc4 && $dir =~ /\/rc4/;
- return("") if $no_rc5 && $dir =~ /\/rc5/;
- return("") if $no_rsa && $dir =~ /\/rsa/;
- return("") if $no_rsa && $dir =~ /^rsaref/;
- return("") if $no_dsa && $dir =~ /\/dsa/;
- return("") if $no_dh && $dir =~ /\/dh/;
- return("") if $no_ec && $dir =~ /\/ec/;
- return("") if $no_cms && $dir =~ /\/cms/;
- return("") if $no_jpake && $dir =~ /\/jpake/;
- return("") if !$fips && $dir =~ /^fips/;
- if ($no_des && $dir =~ /\/des/)
- {
- if ($val =~ /read_pwd/)
- { return("$dir/read_pwd "); }
- else
- { return(""); }
- }
- return("") if $no_mdc2 && $dir =~ /\/mdc2/;
- return("") if $no_sock && $dir =~ /\/proxy/;
- return("") if $no_bf && $dir =~ /\/bf/;
- return("") if $no_cast && $dir =~ /\/cast/;
-
- $val =~ s/^\s*(.*)\s*$/$1/;
- @a=split(/\s+/,$val);
- grep(s/\.[och]$//, at a) unless $keepext;
-
- @a=grep(!/^e_.*_3d$/, at a) if $no_des;
- @a=grep(!/^e_.*_d$/, at a) if $no_des;
- @a=grep(!/^e_.*_ae$/, at a) if $no_idea;
- @a=grep(!/^e_.*_i$/, at a) if $no_aes;
- @a=grep(!/^e_.*_r2$/, at a) if $no_rc2;
- @a=grep(!/^e_.*_r5$/, at a) if $no_rc5;
- @a=grep(!/^e_.*_bf$/, at a) if $no_bf;
- @a=grep(!/^e_.*_c$/, at a) if $no_cast;
- @a=grep(!/^e_rc4$/, at a) if $no_rc4;
- @a=grep(!/^e_camellia$/, at a) if $no_camellia;
- @a=grep(!/^e_seed$/, at a) if $no_seed;
-
- @a=grep(!/(^s2_)|(^s23_)/, at a) if $no_ssl2;
- @a=grep(!/(^s3_)|(^s23_)/, at a) if $no_ssl3;
-
- @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/, at a) if $no_sock;
-
- @a=grep(!/(^md2)|(_md2$)/, at a) if $no_md2;
- @a=grep(!/(^md4)|(_md4$)/, at a) if $no_md4;
- @a=grep(!/(^md5)|(_md5$)/, at a) if $no_md5;
- @a=grep(!/(rmd)|(ripemd)/, at a) if $no_ripemd;
-
- @a=grep(!/(^d2i_r_)|(^i2d_r_)/, at a) if $no_rsa;
- @a=grep(!/(^p_open$)|(^p_seal$)/, at a) if $no_rsa;
- @a=grep(!/(^pem_seal$)/, at a) if $no_rsa;
-
- @a=grep(!/(m_dss$)|(m_dss1$)/, at a) if $no_dsa;
- @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/, at a) if $no_dsa;
-
- @a=grep(!/^n_pkey$/, at a) if $no_rsa || $no_rc4;
-
- @a=grep(!/_dhp$/, at a) if $no_dh;
-
- @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/, at a) if $no_sha;
- @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/, at a) if $no_sha1;
- @a=grep(!/_mdc2$/, at a) if $no_mdc2;
-
- @a=grep(!/^engine$/, at a) if $no_engine;
- @a=grep(!/^hw$/, at a) if $no_hw;
- @a=grep(!/(^rsa$)|(^genrsa$)/, at a) if $no_rsa;
- @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/, at a) if $no_dsa;
- @a=grep(!/^gendsa$/, at a) if $no_sha1;
- @a=grep(!/(^dh$)|(^gendh$)/, at a) if $no_dh;
-
- @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/, at a) if $no_sha1;
-
- grep($_="$dir/$_", at a);
- @a=grep(!/(^|\/)s_/, at a) if $no_sock;
- @a=grep(!/(^|\/)bio_sock/, at a) if $no_sock;
- $ret=join(' ', at a)." ";
- return($ret);
- }
-
-# change things so that each 'token' is only separated by one space
-sub clean_up_ws
- {
- local($w)=@_;
-
- $w =~ s/^\s*(.*)\s*$/$1/;
- $w =~ s/\s+/ /g;
- return($w);
- }
-
-sub do_defs
- {
- local($var,$files,$location,$postfix)=@_;
- local($_,$ret,$pf);
- local(*OUT,$tmp,$t);
-
- $files =~ s/\//$o/g if $o ne '/';
- $ret="$var=";
- $n=1;
- $Vars{$var}.="";
- foreach (split(/ /,$files))
- {
- $orig=$_;
- $_=&bname($_) unless /^\$/;
- if ($n++ == 2)
- {
- $n=0;
- $ret.="\\\n\t";
- }
- if (($_ =~ /bss_file/) && ($postfix eq ".h"))
- { $pf=".c"; }
- else { $pf=$postfix; }
- if ($_ =~ /BN_ASM/) { $t="$_ "; }
- elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; }
- elsif ($_ =~ /DES_ENC/) { $t="$_ "; }
- elsif ($_ =~ /BF_ENC/) { $t="$_ "; }
- elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
- elsif ($_ =~ /RC4_ENC/) { $t="$_ "; }
- elsif ($_ =~ /RC5_ENC/) { $t="$_ "; }
- elsif ($_ =~ /MD5_ASM/) { $t="$_ "; }
- elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
- elsif ($_ =~ /AES_ASM/){ $t="$_ "; }
- elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
- elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; }
- else { $t="$location${o}$_$pf "; }
-
- $Vars{$var}.="$t ";
- $ret.=$t;
- }
- # hack to add version info on MSVC
- if ($shlib && (($platform eq "VC-WIN32") || ($platfrom eq "VC-WIN64I") || ($platform eq "VC-WIN64A") || ($platform eq "VC-NT")))
- {
- if ($var eq "CRYPTOOBJ")
- { $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; }
- elsif ($var eq "SSLOBJ")
- { $ret.="\$(OBJ_D)\\\$(SSL).res "; }
- }
- chomp($ret);
- $ret.="\n\n";
- return($ret);
- }
-
-# return the name with the leading path removed
-sub bname
- {
- local($ret)=@_;
- $ret =~ s/^.*[\\\/]([^\\\/]+)$/$1/;
- return($ret);
- }
-
-
-##############################################################
-# do a rule for each file that says 'compile' to new direcory
-# compile the files in '$files' into $to
-sub do_compile_rule
- {
- local($to,$files,$ex)=@_;
- local($ret,$_,$n);
-
- $files =~ s/\//$o/g if $o ne '/';
- foreach (split(/\s+/,$files))
- {
- $n=&bname($_);
- $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
- }
- return($ret);
- }
-
-##############################################################
-# do a rule for each file that says 'compile' to new direcory
-sub cc_compile_target
- {
- local($target,$source,$ex_flags)=@_;
- local($ret);
-
- $ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
- $target =~ s/\//$o/g if $o ne "/";
- $source =~ s/\//$o/g if $o ne "/";
- $ret ="$target: \$(SRC_D)$o$source\n\t";
- $ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n";
- return($ret);
- }
-
-##############################################################
-sub do_asm_rule
- {
- local($target,$src)=@_;
- local($ret, at s, at t,$i);
-
- $target =~ s/\//$o/g if $o ne "/";
- $src =~ s/\//$o/g if $o ne "/";
-
- @s=split(/\s+/,$src);
- @t=split(/\s+/,$target);
-
- for ($i=0; $i<=$#s; $i++)
- {
- $ret.="$t[$i]: $s[$i]\n";
- $ret.="\t\$(ASM) $afile$t[$i] \$(SRC_D)$o$s[$i]\n\n";
- }
- return($ret);
- }
-
-sub do_shlib_rule
- {
- local($n,$def)=@_;
- local($ret,$nn);
- local($t);
-
- ($nn=$n) =~ tr/a-z/A-Z/;
- $ret.="$n.dll: \$(${nn}OBJ)\n";
- if ($vc && $w32)
- {
- $ret.="\t\$(MKSHLIB) $efile$n.dll $def @<<\n \$(${nn}OBJ_F)\n<<\n";
- }
- $ret.="\n";
- return($ret);
- }
-
-# do a rule for each file that says 'copy' to new direcory on change
-sub do_copy_rule
- {
- local($to,$files,$p)=@_;
- local($ret,$_,$n,$pp);
-
- $files =~ s/\//$o/g if $o ne '/';
- foreach (split(/\s+/,$files))
- {
- $n=&bname($_);
- if ($n =~ /bss_file/)
- { $pp=".c"; }
- else { $pp=$p; }
- $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \"\$(SRC_D)$o$_$pp\" \"$to${o}$n$pp\"\n\n";
- }
- return($ret);
- }
-
-sub read_options
- {
- # Many options are handled in a similar way. In particular
- # no-xxx sets zero or more scalars to 1.
- # Process these using a hash containing the option name and
- # reference to the scalars to set.
-
- my %valid_options = (
- "no-rc2" => \$no_rc2,
- "no-rc4" => \$no_rc4,
- "no-rc5" => \$no_rc5,
- "no-idea" => \$no_idea,
- "no-aes" => \$no_aes,
- "no-camellia" => \$no_camellia,
- "no-seed" => \$no_seed,
- "no-des" => \$no_des,
- "no-bf" => \$no_bf,
- "no-cast" => \$no_cast,
- "no-md2" => \$no_md2,
- "no-md4" => \$no_md4,
- "no-md5" => \$no_md5,
- "no-sha" => \$no_sha,
- "no-sha1" => \$no_sha1,
- "no-ripemd" => \$no_ripemd,
- "no-mdc2" => \$no_mdc2,
- "no-patents" =>
- [\$no_rc2, \$no_rc4, \$no_rc5, \$no_idea, \$no_rsa],
- "no-rsa" => \$no_rsa,
- "no-dsa" => \$no_dsa,
- "no-dh" => \$no_dh,
- "no-hmac" => \$no_hmac,
- "no-asm" => \$no_asm,
- "nasm" => \$nasm,
- "ml64" => \$ml64,
- "nw-nasm" => \$nw_nasm,
- "nw-mwasm" => \$nw_mwasm,
- "gaswin" => \$gaswin,
- "no-ssl2" => \$no_ssl2,
- "no-ssl3" => \$no_ssl3,
- "no-tlsext" => \$no_tlsext,
- "no-cms" => \$no_cms,
- "no-jpake" => \$no_jpake,
- "no-capieng" => \$no_capieng,
- "no-err" => \$no_err,
- "no-sock" => \$no_sock,
- "no-krb5" => \$no_krb5,
- "no-ec" => \$no_ec,
- "no-ecdsa" => \$no_ecdsa,
- "no-ecdh" => \$no_ecdh,
- "no-engine" => \$no_engine,
- "no-hw" => \$no_hw,
- "just-ssl" =>
- [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
- \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
- \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
- \$no_aes, \$no_camellia, \$no_seed],
- "rsaref" => 0,
- "gcc" => \$gcc,
- "debug" => \$debug,
- "profile" => \$profile,
- "shlib" => \$shlib,
- "dll" => \$shlib,
- "shared" => 0,
- "no-gmp" => 0,
- "no-rfc3779" => 0,
- "no-montasm" => 0,
- "no-shared" => 0,
- "no-zlib" => 0,
- "no-zlib-dynamic" => 0,
- "fips" => \$fips,
- "fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
- "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso],
- );
-
- if (exists $valid_options{$_})
- {
- my $r = $valid_options{$_};
- if ( ref $r eq "SCALAR")
- { $$r = 1;}
- elsif ( ref $r eq "ARRAY")
- {
- my $r2;
- foreach $r2 (@$r)
- {
- $$r2 = 1;
- }
- }
- }
- elsif (/^no-comp$/) { $xcflags = "-DOPENSSL_NO_COMP $xcflags"; }
- elsif (/^enable-zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
- elsif (/^enable-zlib-dynamic$/)
- {
- $zlib_opt = 2;
- }
- elsif (/^no-static-engine/)
- {
- $no_static_engine = 1;
- }
- elsif (/^enable-static-engine/)
- {
- $no_static_engine = 0;
- }
- # There are also enable-xxx options which correspond to
- # the no-xxx. Since the scalars are enabled by default
- # these can be ignored.
- elsif (/^enable-/)
- {
- my $t = $_;
- $t =~ s/^enable/no/;
- if (exists $valid_options{$t})
- {return 1;}
- return 0;
- }
- # experimental-xxx is mostly like enable-xxx, but opensslconf.v
- # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
- # (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
- elsif (/^experimental-/)
- {
- my $algo, $ALGO;
- ($algo = $_) =~ s/^experimental-//;
- ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
-
- $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
-
- }
- elsif (/^--with-krb5-flavor=(.*)$/)
- {
- my $krb5_flavor = $1;
- if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
- {
- $xcflags="-DKRB5_HEIMDAL $xcflags";
- }
- elsif ($krb5_flavor =~ /^MIT/i)
- {
- $xcflags="-DKRB5_MIT $xcflags";
- if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
- {
- $xcflags="-DKRB5_MIT_OLD11 $xcflags"
- }
- }
- }
- elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
- elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
- elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
- { $c_flags.="$_ "; }
- else { return(0); }
- return(1);
- }
-
-sub fipslib_error
- {
- print STDERR "***FIPS module directory sanity check failed***\n";
- print STDERR "FIPS module build failed, or was deleted\n";
- print STDERR "Please rebuild FIPS module.\n";
- exit 1;
- }
-
-sub fips_check_files
- {
- my $dir = shift @_;
- my $ret = 1;
- if (!-d $dir)
- {
- print STDERR "FIPS module directory $dir does not exist\n";
- fipslib_error();
- }
- foreach (@_)
- {
- if (!-f "$dir${o}$_")
- {
- print STDERR "FIPS module file $_ does not exist!\n";
- $ret = 0;
- }
- }
- fipslib_error() if ($ret == 0);
- }
Copied: vendor-crypto/openssl/0.9.8zf/util/mk1mf.pl (from rev 6969, vendor-crypto/openssl/dist/util/mk1mf.pl)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/util/mk1mf.pl (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/util/mk1mf.pl 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,1422 @@
+#!/usr/local/bin/perl
+# A bit of an evil hack but it post processes the file ../MINFO which
+# is generated by `make files` in the top directory.
+# This script outputs one mega makefile that has no shell stuff or any
+# funny stuff
+#
+
+$INSTALLTOP="/usr/local/ssl";
+$OPTIONS="";
+$ssl_version="";
+$banner="\t\@echo Building OpenSSL";
+
+my $no_static_engine = 0;
+my $engines = "";
+local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
+local $zlib_lib = "";
+
+local $fips_canister_path = "";
+my $fips_premain_dso_exe_path = "";
+my $fips_premain_c_path = "";
+my $fips_sha1_exe_path = "";
+
+local $fipscanisterbuild = 0;
+local $fipsdso = 0;
+
+my $fipslibdir = "";
+my $baseaddr = "";
+
+my $ex_l_libs = "";
+
+open(IN,"<Makefile") || die "unable to open Makefile!\n";
+while(<IN>) {
+ $ssl_version=$1 if (/^VERSION=(.*)$/);
+ $OPTIONS=$1 if (/^OPTIONS=(.*)$/);
+ $INSTALLTOP=$1 if (/^INSTALLTOP=(.*$)/);
+}
+close(IN);
+
+die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
+
+$infile="MINFO";
+
+%ops=(
+ "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X",
+ "VC-WIN64I", "Microsoft C/C++ - Win64/IA-64",
+ "VC-WIN64A", "Microsoft C/C++ - Win64/x64",
+ "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
+ "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY",
+ "Mingw32", "GNU C++ - Windows NT or 9x",
+ "Mingw32-files", "Create files with DOS copy ...",
+ "BC-NT", "Borland C++ 4.5 - Windows NT",
+ "linux-elf","Linux elf",
+ "ultrix-mips","DEC mips ultrix",
+ "FreeBSD","FreeBSD distribution",
+ "OS2-EMX", "EMX GCC OS/2",
+ "netware-clib", "CodeWarrior for NetWare - CLib - with WinSock Sockets",
+ "netware-clib-bsdsock", "CodeWarrior for NetWare - CLib - with BSD Sockets",
+ "netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets",
+ "netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets",
+ "default","cc under unix",
+ );
+
+$platform="";
+my $xcflags="";
+foreach (@ARGV)
+ {
+ if (!&read_options && !defined($ops{$_}))
+ {
+ print STDERR "unknown option - $_\n";
+ print STDERR "usage: perl mk1mf.pl [options] [system]\n";
+ print STDERR "\nwhere [system] can be one of the following\n";
+ foreach $i (sort keys %ops)
+ { printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
+ print STDERR <<"EOF";
+and [options] can be one of
+ no-md2 no-md4 no-md5 no-sha no-mdc2 - Skip this digest
+ no-ripemd
+ no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher
+ no-bf no-cast no-aes no-camellia no-seed
+ no-rsa no-dsa no-dh - Skip this public key cipher
+ no-ssl2 no-ssl3 - Skip this version of SSL
+ just-ssl - remove all non-ssl keys/digest
+ no-asm - No x86 asm
+ no-krb5 - No KRB5
+ no-ec - No EC
+ no-ecdsa - No ECDSA
+ no-ecdh - No ECDH
+ no-engine - No engine
+ no-hw - No hw
+ nasm - Use NASM for x86 asm
+ nw-nasm - Use NASM x86 asm for NetWare
+ nw-mwasm - Use Metrowerks x86 asm for NetWare
+ gaswin - Use GNU as with Mingw32
+ no-socks - No socket code
+ no-err - No error strings
+ dll/shlib - Build shared libraries (MS)
+ debug - Debug build
+ profile - Profiling build
+ gcc - Use Gcc (unix)
+
+Values that can be set
+TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
+
+-L<ex_lib_path> -l<ex_lib> - extra library flags (unix)
+-<ex_cc_flags> - extra 'cc' flags,
+ added (MS), or replace (unix)
+EOF
+ exit(1);
+ }
+ $platform=$_;
+ }
+foreach (grep(!/^$/, split(/ /, $OPTIONS)))
+ {
+ print STDERR "unknown option - $_\n" if !&read_options;
+ }
+
+$no_static_engine = 0 if (!$shlib);
+
+$no_mdc2=1 if ($no_des);
+
+$no_ssl3=1 if ($no_md5 || $no_sha);
+$no_ssl3=1 if ($no_rsa && $no_dh);
+
+$no_ssl2=1 if ($no_md5);
+$no_ssl2=1 if ($no_rsa);
+
+$out_def="out";
+$inc_def="outinc";
+$tmp_def="tmp";
+
+$perl="perl" unless defined $perl;
+$mkdir="-mkdir" unless defined $mkdir;
+
+($ssl,$crypto)=("ssl","crypto");
+$ranlib="echo ranlib";
+
+$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
+$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.';
+$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
+
+# $bin_dir.=$o causes a core dump on my sparc :-(
+
+
+$NT=0;
+
+push(@INC,"util/pl","pl");
+if (($platform =~ /VC-(.+)/))
+ {
+ $FLAVOR=$1;
+ $NT = 1 if $1 eq "NT";
+ require 'VC-32.pl';
+ }
+elsif ($platform eq "Mingw32")
+ {
+ require 'Mingw32.pl';
+ }
+elsif ($platform eq "Mingw32-files")
+ {
+ require 'Mingw32f.pl';
+ }
+elsif ($platform eq "BC-NT")
+ {
+ $bc=1;
+ require 'BC-32.pl';
+ }
+elsif ($platform eq "FreeBSD")
+ {
+ require 'unix.pl';
+ $cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer';
+ }
+elsif ($platform eq "linux-elf")
+ {
+ require "unix.pl";
+ require "linux.pl";
+ $unix=1;
+ }
+elsif ($platform eq "ultrix-mips")
+ {
+ require "unix.pl";
+ require "ultrix.pl";
+ $unix=1;
+ }
+elsif ($platform eq "OS2-EMX")
+ {
+ $wc=1;
+ require 'OS2-EMX.pl';
+ }
+elsif (($platform eq "netware-clib") || ($platform eq "netware-libc") ||
+ ($platform eq "netware-clib-bsdsock") || ($platform eq "netware-libc-bsdsock"))
+ {
+ $LIBC=1 if $platform eq "netware-libc" || $platform eq "netware-libc-bsdsock";
+ $BSDSOCK=1 if ($platform eq "netware-libc-bsdsock") || ($platform eq "netware-clib-bsdsock");
+ require 'netware.pl';
+ }
+else
+ {
+ require "unix.pl";
+
+ $unix=1;
+ $cflags.=' -DTERMIO';
+ }
+
+$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
+$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
+$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
+
+$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
+
+$cflags= "$xcflags$cflags" if $xcflags ne "";
+
+$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
+$cflags.=" -DOPENSSL_NO_AES" if $no_aes;
+$cflags.=" -DOPENSSL_NO_CAMELLIA" if $no_camellia;
+$cflags.=" -DOPENSSL_NO_SEED" if $no_seed;
+$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2;
+$cflags.=" -DOPENSSL_NO_RC4" if $no_rc4;
+$cflags.=" -DOPENSSL_NO_RC5" if $no_rc5;
+$cflags.=" -DOPENSSL_NO_MD2" if $no_md2;
+$cflags.=" -DOPENSSL_NO_MD4" if $no_md4;
+$cflags.=" -DOPENSSL_NO_MD5" if $no_md5;
+$cflags.=" -DOPENSSL_NO_SHA" if $no_sha;
+$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
+$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd;
+$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
+$cflags.=" -DOPENSSL_NO_BF" if $no_bf;
+$cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
+$cflags.=" -DOPENSSL_NO_DES" if $no_des;
+$cflags.=" -DOPENSSL_NO_RSA" if $no_rsa;
+$cflags.=" -DOPENSSL_NO_DSA" if $no_dsa;
+$cflags.=" -DOPENSSL_NO_DH" if $no_dh;
+$cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
+$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
+$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
+$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
+$cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
+$cflags.=" -DOPENSSL_NO_JPAKE" if $no_jpake;
+$cflags.=" -DOPENSSL_NO_CAPIENG" if $no_capieng;
+$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
+$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
+$cflags.=" -DOPENSSL_NO_EC" if $no_ec;
+$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
+$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
+$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
+$cflags.=" -DOPENSSL_NO_HW" if $no_hw;
+$cflags.=" -DOPENSSL_FIPS" if $fips;
+$cflags.= " -DZLIB" if $zlib_opt;
+$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
+
+if ($no_static_engine)
+ {
+ $cflags .= " -DOPENSSL_NO_STATIC_ENGINE";
+ }
+else
+ {
+ $cflags .= " -DOPENSSL_NO_DYNAMIC_ENGINE";
+ }
+
+#$cflags.=" -DRSAref" if $rsaref ne "";
+
+## if ($unix)
+## { $cflags="$c_flags" if ($c_flags ne ""); }
+##else
+ { $cflags="$c_flags$cflags" if ($c_flags ne ""); }
+
+$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
+
+%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
+ "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO",
+ "FIPS" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
+
+if ($msdos)
+ {
+ $banner ="\t\@echo Make sure you have run 'perl Configure $platform' in the\n";
+ $banner.="\t\@echo top level directory, if you don't have perl, you will\n";
+ $banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n";
+ $banner.="\t\@echo documentation for details.\n";
+ }
+
+# have to do this to allow $(CC) under unix
+$link="$bin_dir$link" if ($link !~ /^\$/);
+
+$INSTALLTOP =~ s|/|$o|g;
+
+#############################################
+# We parse in input file and 'store' info for later printing.
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+ {
+ chop;
+
+ ($key,$val)=/^([^=]+)=(.*)/;
+ if ($key eq "RELATIVE_DIRECTORY")
+ {
+ if ($lib ne "")
+ {
+ if ($fips && $dir =~ /^fips/)
+ {
+ $uc = "FIPS";
+ }
+ else
+ {
+ $uc=$lib;
+ $uc =~ s/^lib(.*)\.a/$1/;
+ $uc =~ tr/a-z/A-Z/;
+ }
+ if (($uc ne "FIPS") || $fipscanisterbuild)
+ {
+ $lib_nam{$uc}=$uc;
+ $lib_obj{$uc}.=$libobj." ";
+ }
+ }
+ last if ($val eq "FINISHED");
+ $lib="";
+ $libobj="";
+ $dir=$val;
+ }
+
+ if ($key eq "KRB5_INCLUDES")
+ { $cflags .= " $val";}
+
+ if ($key eq "ZLIB_INCLUDE")
+ { $cflags .= " $val" if $val ne "";}
+
+ if ($key eq "LIBZLIB")
+ { $zlib_lib = "$val" if $val ne "";}
+
+ if ($key eq "LIBKRB5")
+ { $ex_libs .= " $val" if $val ne "";}
+
+ if ($key eq "TEST")
+ { $test.=&var_add($dir,$val, 0); }
+
+ if (($key eq "PROGS") || ($key eq "E_OBJ"))
+ { $e_exe.=&var_add($dir,$val, 0); }
+
+ if ($key eq "LIB")
+ {
+ $lib=$val;
+ $lib =~ s/^.*\/([^\/]+)$/$1/;
+ }
+
+ if ($key eq "EXHEADER")
+ { $exheader.=&var_add($dir,$val, 1); }
+
+ if ($key eq "HEADER")
+ { $header.=&var_add($dir,$val, 1); }
+
+ if ($key eq "LIBOBJ" && ($dir ne "engines" || !$no_static_engine))
+ { $libobj=&var_add($dir,$val, 0); }
+ if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
+ { $engines.=$val }
+
+ if ($key eq "FIPS_EX_OBJ")
+ {
+ $fips_ex_obj=&var_add("crypto",$val,0);
+ }
+
+ if ($key eq "FIPSLIBDIR")
+ {
+ $fipslibdir=$val;
+ $fipslibdir =~ s/\/$//;
+ $fipslibdir =~ s/\//$o/g;
+ }
+
+ if ($key eq "BASEADDR")
+ { $baseaddr=$val;}
+
+ if (!($_=<IN>))
+ { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+ }
+close(IN);
+
+if ($fips)
+ {
+
+ foreach (split " ", $fips_ex_obj)
+ {
+ $fips_exclude_obj{$1} = 1 if (/\/([^\/]*)$/);
+ }
+
+ $fips_exclude_obj{"cpu_win32"} = 1;
+ $fips_exclude_obj{"bn_asm"} = 1;
+ $fips_exclude_obj{"des_enc"} = 1;
+ $fips_exclude_obj{"fcrypt_b"} = 1;
+ $fips_exclude_obj{"aes_core"} = 1;
+ $fips_exclude_obj{"aes_cbc"} = 1;
+
+ my @ltmp = split " ", $lib_obj{"CRYPTO"};
+
+
+ $lib_obj{"CRYPTO"} = "";
+
+ foreach(@ltmp)
+ {
+ if (/\/([^\/]*)$/ && exists $fips_exclude_obj{$1})
+ {
+ if ($fipscanisterbuild)
+ {
+ $lib_obj{"FIPS"} .= "$_ ";
+ }
+ }
+ else
+ {
+ $lib_obj{"CRYPTO"} .= "$_ ";
+ }
+ }
+
+ }
+
+if ($fipscanisterbuild)
+ {
+ $fips_canister_path = "\$(LIB_D)${o}fipscanister.lib" if $fips_canister_path eq "";
+ $fips_premain_c_path = "\$(LIB_D)${o}fips_premain.c";
+ }
+else
+ {
+ if ($fips_canister_path eq "")
+ {
+ $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.lib";
+ }
+
+ if ($fips_premain_c_path eq "")
+ {
+ $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
+ }
+ }
+
+if ($fips)
+ {
+ if ($fips_sha1_exe_path eq "")
+ {
+ $fips_sha1_exe_path =
+ "\$(BIN_D)${o}fips_standalone_sha1$exep";
+ }
+ }
+ else
+ {
+ $fips_sha1_exe_path = "";
+ }
+
+if ($fips_premain_dso_exe_path eq "")
+ {
+ $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
+ }
+
+# $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
+
+#$ex_l_libs .= " \$(L_FIPS)" if $fipsdso;
+
+if ($fips)
+ {
+ if (!$shlib)
+ {
+ $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
+ $ex_l_libs .= " \$(O_FIPSCANISTER)";
+ $ex_libs_dep .= " \$(O_FIPSCANISTER)" if $fipscanisterbuild;
+ }
+ if ($fipscanisterbuild)
+ {
+ $fipslibdir = "\$(LIB_D)";
+ }
+ else
+ {
+ if ($fipslibdir eq "")
+ {
+ open (IN, "util/fipslib_path.txt") || fipslib_error();
+ $fipslibdir = <IN>;
+ chomp $fipslibdir;
+ close IN;
+ }
+ fips_check_files($fipslibdir,
+ "fipscanister.lib", "fipscanister.lib.sha1",
+ "fips_premain.c", "fips_premain.c.sha1");
+ }
+ }
+
+if ($shlib)
+ {
+ $extra_install= <<"EOF";
+ \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}bin\"
+ \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}bin\"
+ \$(CP) \"\$(L_SSL)\" \"\$(INSTALLTOP)${o}lib\"
+ \$(CP) \"\$(L_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
+EOF
+ if ($no_static_engine)
+ {
+ $extra_install .= <<"EOF"
+ \$(MKDIR) \"\$(INSTALLTOP)${o}lib${o}engines\"
+ \$(CP) \"\$(E_SHLIB)\" \"\$(INSTALLTOP)${o}lib${o}engines\"
+EOF
+ }
+ }
+else
+ {
+ $extra_install= <<"EOF";
+ \$(CP) \"\$(O_SSL)\" \"\$(INSTALLTOP)${o}lib\"
+ \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
+EOF
+ $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
+ }
+
+$defs= <<"EOF";
+# This makefile has been automatically generated from the OpenSSL distribution.
+# This single makefile will build the complete OpenSSL distribution and
+# by default leave the 'intertesting' output files in .${o}out and the stuff
+# that needs deleting in .${o}tmp.
+# The file was generated by running 'make makefile.one', which
+# does a 'make files', which writes all the environment variables from all
+# the makefiles to the file call MINFO. This file is used by
+# util${o}mk1mf.pl to generate makefile.one.
+# The 'makefile per directory' system suites me when developing this
+# library and also so I can 'distribute' indervidual library sections.
+# The one monster makefile better suits building in non-unix
+# environments.
+
+EOF
+
+$defs .= $preamble if defined $preamble;
+
+$defs.= <<"EOF";
+INSTALLTOP=$INSTALLTOP
+
+# Set your compiler options
+PLATFORM=$platform
+CC=$bin_dir${cc}
+CFLAG=$cflags
+APP_CFLAG=$app_cflag
+LIB_CFLAG=$lib_cflag
+SHLIB_CFLAG=$shl_cflag
+APP_EX_OBJ=$app_ex_obj
+SHLIB_EX_OBJ=$shlib_ex_obj
+# add extra libraries to this define, for solaris -lsocket -lnsl would
+# be added
+EX_LIBS=$ex_libs
+
+# The OpenSSL directory
+SRC_D=$src_dir
+
+LINK=$link
+LFLAGS=$lflags
+RSC=$rsc
+FIPSLINK=\$(PERL) util${o}fipslink.pl
+
+AES_ASM_OBJ=$aes_asm_obj
+AES_ASM_SRC=$aes_asm_src
+BN_ASM_OBJ=$bn_asm_obj
+BN_ASM_SRC=$bn_asm_src
+BNCO_ASM_OBJ=$bnco_asm_obj
+BNCO_ASM_SRC=$bnco_asm_src
+DES_ENC_OBJ=$des_enc_obj
+DES_ENC_SRC=$des_enc_src
+BF_ENC_OBJ=$bf_enc_obj
+BF_ENC_SRC=$bf_enc_src
+CAST_ENC_OBJ=$cast_enc_obj
+CAST_ENC_SRC=$cast_enc_src
+RC4_ENC_OBJ=$rc4_enc_obj
+RC4_ENC_SRC=$rc4_enc_src
+RC5_ENC_OBJ=$rc5_enc_obj
+RC5_ENC_SRC=$rc5_enc_src
+MD5_ASM_OBJ=$md5_asm_obj
+MD5_ASM_SRC=$md5_asm_src
+SHA1_ASM_OBJ=$sha1_asm_obj
+SHA1_ASM_SRC=$sha1_asm_src
+RMD160_ASM_OBJ=$rmd160_asm_obj
+RMD160_ASM_SRC=$rmd160_asm_src
+CPUID_ASM_OBJ=$cpuid_asm_obj
+CPUID_ASM_SRC=$cpuid_asm_src
+
+# The output directory for everything intersting
+OUT_D=$out_dir
+# The output directory for all the temporary muck
+TMP_D=$tmp_dir
+# The output directory for the header files
+INC_D=$inc_dir
+INCO_D=$inc_dir${o}openssl
+
+PERL=$perl
+CP=$cp
+RM=$rm
+RANLIB=$ranlib
+MKDIR=$mkdir
+MKLIB=$bin_dir$mklib
+MLFLAGS=$mlflags
+ASM=$bin_dir$asm
+
+# FIPS validated module and support file locations
+
+E_PREMAIN_DSO=fips_premain_dso
+
+FIPSLIB_D=$fipslibdir
+BASEADDR=$baseaddr
+FIPS_PREMAIN_SRC=$fips_premain_c_path
+O_FIPSCANISTER=$fips_canister_path
+FIPS_SHA1_EXE=$fips_sha1_exe_path
+PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
+
+######################################################
+# You should not need to touch anything below this point
+######################################################
+
+E_EXE=openssl
+SSL=$ssl
+CRYPTO=$crypto
+LIBFIPS=libosslfips
+
+# BIN_D - Binary output directory
+# TEST_D - Binary test file output directory
+# LIB_D - library output directory
+# ENG_D - dynamic engine output directory
+# Note: if you change these point to different directories then uncomment out
+# the lines around the 'NB' comment below.
+#
+BIN_D=\$(OUT_D)
+TEST_D=\$(OUT_D)
+LIB_D=\$(OUT_D)
+ENG_D=\$(OUT_D)
+
+# INCL_D - local library directory
+# OBJ_D - temp object file directory
+OBJ_D=\$(TMP_D)
+INCL_D=\$(TMP_D)
+
+O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp
+O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
+O_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$shlibp
+SO_SSL= $plib\$(SSL)$so_shlibp
+SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
+L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
+L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
+L_FIPS= \$(LIB_D)$o$plib\$(LIBFIPS)$libp
+
+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
+
+######################################################
+# Don't touch anything below this point
+######################################################
+
+INC=-I\$(INC_D) -I\$(INCL_D)
+APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
+LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
+SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
+
+#############################################
+EOF
+
+$rules=<<"EOF";
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
+
+banner:
+$banner
+
+\$(TMP_D):
+ \$(MKDIR) \"\$(TMP_D)\"
+# NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different
+#\$(BIN_D):
+# \$(MKDIR) \$(BIN_D)
+#
+#\$(TEST_D):
+# \$(MKDIR) \$(TEST_D)
+
+\$(LIB_D):
+ \$(MKDIR) \"\$(LIB_D)\"
+
+\$(INCO_D): \$(INC_D)
+ \$(MKDIR) \"\$(INCO_D)\"
+
+\$(INC_D):
+ \$(MKDIR) \"\$(INC_D)\"
+
+headers: \$(HEADER) \$(EXHEADER)
+ @
+
+lib: \$(LIBS_DEP) \$(E_SHLIB)
+
+exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep
+
+install: all
+ \$(MKDIR) \"\$(INSTALLTOP)\"
+ \$(MKDIR) \"\$(INSTALLTOP)${o}bin\"
+ \$(MKDIR) \"\$(INSTALLTOP)${o}include\"
+ \$(MKDIR) \"\$(INSTALLTOP)${o}include${o}openssl\"
+ \$(MKDIR) \"\$(INSTALLTOP)${o}lib\"
+ \$(CP) \"\$(INCO_D)${o}*.\[ch\]\" \"\$(INSTALLTOP)${o}include${o}openssl\"
+ \$(CP) \"\$(BIN_D)$o\$(E_EXE)$exep\" \"\$(INSTALLTOP)${o}bin\"
+ \$(CP) \"apps${o}openssl.cnf\" \"\$(INSTALLTOP)\"
+$extra_install
+
+
+test: \$(T_EXE)
+ cd \$(BIN_D)
+ ..${o}ms${o}test
+
+clean:
+ \$(RM) \$(TMP_D)$o*.*
+
+vclean:
+ \$(RM) \$(TMP_D)$o*.*
+ \$(RM) \$(OUT_D)$o*.*
+
+EOF
+
+my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform";
+$platform_cpp_symbol =~ s/-/_/g;
+if (open(IN,"crypto/buildinf.h"))
+ {
+ # Remove entry for this platform in existing file buildinf.h.
+
+ my $old_buildinf_h = "";
+ while (<IN>)
+ {
+ if (/^\#ifdef $platform_cpp_symbol$/)
+ {
+ while (<IN>) { last if (/^\#endif/); }
+ }
+ else
+ {
+ $old_buildinf_h .= $_;
+ }
+ }
+ close(IN);
+
+ open(OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+ print OUT $old_buildinf_h;
+ close(OUT);
+ }
+
+open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h";
+printf OUT <<EOF;
+#ifdef $platform_cpp_symbol
+ /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
+ #define CFLAGS "$cc $cflags"
+ #define PLATFORM "$platform"
+EOF
+printf OUT " #define DATE \"%s\"\n", scalar gmtime();
+printf OUT "#endif\n";
+close(OUT);
+
+# Strip of trailing ' '
+foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
+$test=&clean_up_ws($test);
+$e_exe=&clean_up_ws($e_exe);
+$exheader=&clean_up_ws($exheader);
+$header=&clean_up_ws($header);
+
+# First we strip the exheaders from the headers list
+foreach (split(/\s+/,$exheader)){ $h{$_}=1; }
+foreach (split(/\s+/,$header)) { $h.=$_." " unless $h{$_}; }
+chop($h); $header=$h;
+
+$defs.=&do_defs("HEADER",$header,"\$(INCL_D)","");
+$rules.=&do_copy_rule("\$(INCL_D)",$header,"");
+
+$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)","");
+$rules.=&do_copy_rule("\$(INCO_D)",$exheader,"");
+
+$defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
+
+$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+
+# Special case rules for fips_start and fips_end fips_premain_dso
+
+if ($fips)
+ {
+ if ($fipscanisterbuild)
+ {
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
+ "fips${o}fips_canister.c",
+ "-DFIPS_START \$(SHLIB_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
+ "fips${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
+ }
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
+ "fips${o}sha${o}fips_standalone_sha1.c",
+ "\$(SHLIB_CFLAGS)");
+ $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
+ "fips${o}fips_premain.c",
+ "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
+ }
+
+foreach (values %lib_nam)
+ {
+ $lib_obj=$lib_obj{$_};
+ local($slib)=$shlib;
+
+ if ((!$fips && ($_ eq "CRYPTO")) || ($fips && ($_ eq "FIPS")))
+ {
+ if ($cpuid_asm_obj ne "")
+ {
+ $lib_obj =~ s/(\S*\/cryptlib\S*)/$1 \$(CPUID_ASM_OBJ)/;
+ $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src);
+ }
+ if ($aes_asm_obj ne "")
+ {
+ $lib_obj =~ s/\s(\S*\/aes_core\S*)/ \$(AES_ASM_OBJ)/;
+ $lib_obj =~ s/\s\S*\/aes_cbc\S*//;
+ $rules.=&do_asm_rule($aes_asm_obj,$aes_asm_src);
+ }
+ if ($sha1_asm_obj ne "")
+ {
+ $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
+ $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
+ }
+ if ($bn_asm_obj ne "")
+ {
+ $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
+ $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
+ }
+ if ($bnco_asm_obj ne "")
+ {
+ $lib_obj .= "\$(BNCO_ASM_OBJ)";
+ $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
+ }
+ if ($des_enc_obj ne "")
+ {
+ $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
+ $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
+ $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
+ }
+ }
+ if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
+ {
+ $lib_obj =~ s/\s\S*\/bf_enc\S*/ \$(BF_ENC_OBJ)/;
+ $rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src);
+ }
+ if (($cast_enc_obj ne "") && ($_ eq "CRYPTO"))
+ {
+ $lib_obj =~ s/(\s\S*\/c_enc\S*)/ \$(CAST_ENC_OBJ)/;
+ $rules.=&do_asm_rule($cast_enc_obj,$cast_enc_src);
+ }
+ if (($rc4_enc_obj ne "") && ($_ eq "CRYPTO"))
+ {
+ $lib_obj =~ s/\s\S*\/rc4_enc\S*/ \$(RC4_ENC_OBJ)/;
+ $rules.=&do_asm_rule($rc4_enc_obj,$rc4_enc_src);
+ }
+ if (($rc5_enc_obj ne "") && ($_ eq "CRYPTO"))
+ {
+ $lib_obj =~ s/\s\S*\/rc5_enc\S*/ \$(RC5_ENC_OBJ)/;
+ $rules.=&do_asm_rule($rc5_enc_obj,$rc5_enc_src);
+ }
+ if (($md5_asm_obj ne "") && ($_ eq "CRYPTO"))
+ {
+ $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
+ $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
+ }
+ if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
+ {
+ $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
+ $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
+ }
+ $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
+ $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
+ $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
+ }
+
+# hack to add version info on MSVC
+if (($platform eq "VC-WIN32") || ($platform eq "VC-WIN64A")
+ || ($platform eq "VC-WIN64I") || ($platform eq "VC-NT")) {
+ $rules.= <<"EOF";
+\$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc
+ \$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc
+
+\$(OBJ_D)\\\$(SSL).res: ms\\version32.rc
+ \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc
+
+\$(OBJ_D)\\\$(LIBFIPS).res: ms\\version32.rc
+ \$(RSC) /fo"\$(OBJ_D)\\\$(LIBFIPS).res" /d FIPS ms\\version32.rc
+
+EOF
+}
+
+$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
+foreach (split(/\s+/,$test))
+ {
+ my $t_libs;
+ $t=&bname($_);
+ my $ltype;
+ # Check to see if test program is FIPS
+ if ($fips && /fips/)
+ {
+ # If fipsdso link to libosslfips.dll
+ # otherwise perform static link to
+ # $(O_FIPSCANISTER)
+ if ($fipsdso)
+ {
+ $t_libs = "\$(L_FIPS)";
+ $ltype = 0;
+ }
+ else
+ {
+ $t_libs = "\$(O_FIPSCANISTER)";
+ $ltype = 2;
+ }
+ }
+ else
+ {
+ $t_libs = "\$(L_LIBS)";
+ $ltype = 0;
+ }
+
+ $tt="\$(OBJ_D)${o}$t${obj}";
+ $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","$t_libs \$(EX_LIBS)", $ltype);
+ }
+
+$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp);
+
+foreach (split(/\s+/,$engines))
+ {
+ $rules.=&do_compile_rule("\$(OBJ_D)","engines${o}e_$_",$lib);
+ $rules.= &do_lib_rule("\$(OBJ_D)${o}e_${_}.obj","\$(ENG_D)$o$_$shlibp","",$shlib,"");
+ }
+
+
+
+$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
+
+if ($fips)
+ {
+ if ($shlib)
+ {
+ if ($fipsdso)
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+ "\$(O_CRYPTO)", "$crypto",
+ $shlib, "", "");
+ $rules.= &do_lib_rule(
+ "\$(O_FIPSCANISTER)",
+ "\$(O_FIPS)", "\$(LIBFIPS)",
+ $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+ $rules.= &do_sdef_rule();
+ }
+ else
+ {
+ $rules.= &do_lib_rule(
+ "\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+ "\$(O_CRYPTO)", "$crypto",
+ $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+ }
+ }
+ else
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+ "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(FIPSOBJ)",
+ "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+ }
+ }
+ else
+ {
+ $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
+ "\$(SO_CRYPTO)");
+ }
+
+if ($fips)
+ {
+ if ($fipscanisterbuild)
+ {
+ $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)",
+ "\$(OBJ_D)${o}fips_start$obj",
+ "\$(FIPSOBJ)",
+ "\$(OBJ_D)${o}fips_end$obj",
+ "\$(FIPS_SHA1_EXE)", "");
+ $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
+ "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}sha1dgst$obj \$(SHA1_ASM_OBJ)",
+ "","\$(EX_LIBS)", 1);
+ }
+ else
+ {
+ $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)",
+ "\$(OBJ_D)${o}fips_standalone_sha1$obj \$(O_FIPSCANISTER)",
+ "","", 1);
+
+ }
+ $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
+
+ }
+
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
+
+print $defs;
+
+if ($platform eq "linux-elf") {
+ print <<"EOF";
+# Generate perlasm output files
+%.cpp:
+ (cd \$(\@D)/..; PERL=perl make -f Makefile asm/\$(\@F))
+EOF
+}
+print "###################################################################\n";
+print $rules;
+
+###############################################
+# strip off any trailing .[och] and append the relative directory
+# also remembering to do nothing if we are in one of the dropped
+# directories
+sub var_add
+ {
+ local($dir,$val,$keepext)=@_;
+ local(@a,$_,$ret);
+
+ return("") if $no_engine && $dir =~ /\/engine/;
+ return("") if $no_hw && $dir =~ /\/hw/;
+ return("") if $no_idea && $dir =~ /\/idea/;
+ return("") if $no_aes && $dir =~ /\/aes/;
+ return("") if $no_camellia && $dir =~ /\/camellia/;
+ return("") if $no_seed && $dir =~ /\/seed/;
+ return("") if $no_rc2 && $dir =~ /\/rc2/;
+ return("") if $no_rc4 && $dir =~ /\/rc4/;
+ return("") if $no_rc5 && $dir =~ /\/rc5/;
+ return("") if $no_rsa && $dir =~ /\/rsa/;
+ return("") if $no_rsa && $dir =~ /^rsaref/;
+ return("") if $no_dsa && $dir =~ /\/dsa/;
+ return("") if $no_dh && $dir =~ /\/dh/;
+ return("") if $no_ec && $dir =~ /\/ec/;
+ return("") if $no_cms && $dir =~ /\/cms/;
+ return("") if $no_jpake && $dir =~ /\/jpake/;
+ return("") if !$fips && $dir =~ /^fips/;
+ if ($no_des && $dir =~ /\/des/)
+ {
+ if ($val =~ /read_pwd/)
+ { return("$dir/read_pwd "); }
+ else
+ { return(""); }
+ }
+ return("") if $no_mdc2 && $dir =~ /\/mdc2/;
+ return("") if $no_sock && $dir =~ /\/proxy/;
+ return("") if $no_bf && $dir =~ /\/bf/;
+ return("") if $no_cast && $dir =~ /\/cast/;
+
+ $val =~ s/^\s*(.*)\s*$/$1/;
+ @a=split(/\s+/,$val);
+ grep(s/\.[och]$//, at a) unless $keepext;
+
+ @a=grep(!/^e_.*_3d$/, at a) if $no_des;
+ @a=grep(!/^e_.*_d$/, at a) if $no_des;
+ @a=grep(!/^e_.*_ae$/, at a) if $no_idea;
+ @a=grep(!/^e_.*_i$/, at a) if $no_aes;
+ @a=grep(!/^e_.*_r2$/, at a) if $no_rc2;
+ @a=grep(!/^e_.*_r5$/, at a) if $no_rc5;
+ @a=grep(!/^e_.*_bf$/, at a) if $no_bf;
+ @a=grep(!/^e_.*_c$/, at a) if $no_cast;
+ @a=grep(!/^e_rc4$/, at a) if $no_rc4;
+ @a=grep(!/^e_camellia$/, at a) if $no_camellia;
+ @a=grep(!/^e_seed$/, at a) if $no_seed;
+
+ @a=grep(!/(^s2_)|(^s23_)/, at a) if $no_ssl2;
+ @a=grep(!/(^s3_)|(^s23_)/, at a) if $no_ssl3;
+
+ @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/, at a) if $no_sock;
+
+ @a=grep(!/(^md2)|(_md2$)/, at a) if $no_md2;
+ @a=grep(!/(^md4)|(_md4$)/, at a) if $no_md4;
+ @a=grep(!/(^md5)|(_md5$)/, at a) if $no_md5;
+ @a=grep(!/(rmd)|(ripemd)/, at a) if $no_ripemd;
+
+ @a=grep(!/(^d2i_r_)|(^i2d_r_)/, at a) if $no_rsa;
+ @a=grep(!/(^p_open$)|(^p_seal$)/, at a) if $no_rsa;
+ @a=grep(!/(^pem_seal$)/, at a) if $no_rsa;
+
+ @a=grep(!/(m_dss$)|(m_dss1$)/, at a) if $no_dsa;
+ @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/, at a) if $no_dsa;
+
+ @a=grep(!/^n_pkey$/, at a) if $no_rsa || $no_rc4;
+
+ @a=grep(!/_dhp$/, at a) if $no_dh;
+
+ @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/, at a) if $no_sha;
+ @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/, at a) if $no_sha1;
+ @a=grep(!/_mdc2$/, at a) if $no_mdc2;
+
+ @a=grep(!/^engine$/, at a) if $no_engine;
+ @a=grep(!/^hw$/, at a) if $no_hw;
+ @a=grep(!/(^rsa$)|(^genrsa$)/, at a) if $no_rsa;
+ @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/, at a) if $no_dsa;
+ @a=grep(!/^gendsa$/, at a) if $no_sha1;
+ @a=grep(!/(^dh$)|(^gendh$)/, at a) if $no_dh;
+
+ @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/, at a) if $no_sha1;
+
+ grep($_="$dir/$_", at a);
+ @a=grep(!/(^|\/)s_/, at a) if $no_sock;
+ @a=grep(!/(^|\/)bio_sock/, at a) if $no_sock;
+ $ret=join(' ', at a)." ";
+ return($ret);
+ }
+
+# change things so that each 'token' is only separated by one space
+sub clean_up_ws
+ {
+ local($w)=@_;
+
+ $w =~ s/^\s*(.*)\s*$/$1/;
+ $w =~ s/\s+/ /g;
+ return($w);
+ }
+
+sub do_defs
+ {
+ local($var,$files,$location,$postfix)=@_;
+ local($_,$ret,$pf);
+ local(*OUT,$tmp,$t);
+
+ $files =~ s/\//$o/g if $o ne '/';
+ $ret="$var=";
+ $n=1;
+ $Vars{$var}.="";
+ foreach (split(/ /,$files))
+ {
+ $orig=$_;
+ $_=&bname($_) unless /^\$/;
+ if ($n++ == 2)
+ {
+ $n=0;
+ $ret.="\\\n\t";
+ }
+ if (($_ =~ /bss_file/) && ($postfix eq ".h"))
+ { $pf=".c"; }
+ else { $pf=$postfix; }
+ if ($_ =~ /BN_ASM/) { $t="$_ "; }
+ elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; }
+ elsif ($_ =~ /DES_ENC/) { $t="$_ "; }
+ elsif ($_ =~ /BF_ENC/) { $t="$_ "; }
+ elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
+ elsif ($_ =~ /RC4_ENC/) { $t="$_ "; }
+ elsif ($_ =~ /RC5_ENC/) { $t="$_ "; }
+ elsif ($_ =~ /MD5_ASM/) { $t="$_ "; }
+ elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
+ elsif ($_ =~ /AES_ASM/){ $t="$_ "; }
+ elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
+ elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; }
+ else { $t="$location${o}$_$pf "; }
+
+ $Vars{$var}.="$t ";
+ $ret.=$t;
+ }
+ # hack to add version info on MSVC
+ if ($shlib && (($platform eq "VC-WIN32") || ($platfrom eq "VC-WIN64I") || ($platform eq "VC-WIN64A") || ($platform eq "VC-NT")))
+ {
+ if ($var eq "CRYPTOOBJ")
+ { $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; }
+ elsif ($var eq "SSLOBJ")
+ { $ret.="\$(OBJ_D)\\\$(SSL).res "; }
+ }
+ chomp($ret);
+ $ret.="\n\n";
+ return($ret);
+ }
+
+# return the name with the leading path removed
+sub bname
+ {
+ local($ret)=@_;
+ $ret =~ s/^.*[\\\/]([^\\\/]+)$/$1/;
+ return($ret);
+ }
+
+
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+# compile the files in '$files' into $to
+sub do_compile_rule
+ {
+ local($to,$files,$ex)=@_;
+ local($ret,$_,$n);
+
+ $files =~ s/\//$o/g if $o ne '/';
+ foreach (split(/\s+/,$files))
+ {
+ $n=&bname($_);
+ $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
+ }
+ return($ret);
+ }
+
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+sub cc_compile_target
+ {
+ local($target,$source,$ex_flags)=@_;
+ local($ret);
+
+ $ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
+ $target =~ s/\//$o/g if $o ne "/";
+ $source =~ s/\//$o/g if $o ne "/";
+ $ret ="$target: \$(SRC_D)$o$source\n\t";
+ $ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n";
+ return($ret);
+ }
+
+##############################################################
+sub do_asm_rule
+ {
+ local($target,$src)=@_;
+ local($ret, at s, at t,$i);
+
+ $target =~ s/\//$o/g if $o ne "/";
+ $src =~ s/\//$o/g if $o ne "/";
+
+ @s=split(/\s+/,$src);
+ @t=split(/\s+/,$target);
+
+ for ($i=0; $i<=$#s; $i++)
+ {
+ $ret.="$t[$i]: $s[$i]\n";
+ $ret.="\t\$(ASM) $afile$t[$i] \$(SRC_D)$o$s[$i]\n\n";
+ }
+ return($ret);
+ }
+
+sub do_shlib_rule
+ {
+ local($n,$def)=@_;
+ local($ret,$nn);
+ local($t);
+
+ ($nn=$n) =~ tr/a-z/A-Z/;
+ $ret.="$n.dll: \$(${nn}OBJ)\n";
+ if ($vc && $w32)
+ {
+ $ret.="\t\$(MKSHLIB) $efile$n.dll $def @<<\n \$(${nn}OBJ_F)\n<<\n";
+ }
+ $ret.="\n";
+ return($ret);
+ }
+
+# do a rule for each file that says 'copy' to new direcory on change
+sub do_copy_rule
+ {
+ local($to,$files,$p)=@_;
+ local($ret,$_,$n,$pp);
+
+ $files =~ s/\//$o/g if $o ne '/';
+ foreach (split(/\s+/,$files))
+ {
+ $n=&bname($_);
+ if ($n =~ /bss_file/)
+ { $pp=".c"; }
+ else { $pp=$p; }
+ $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \"\$(SRC_D)$o$_$pp\" \"$to${o}$n$pp\"\n\n";
+ }
+ return($ret);
+ }
+
+sub read_options
+ {
+ # Many options are handled in a similar way. In particular
+ # no-xxx sets zero or more scalars to 1.
+ # Process these using a hash containing the option name and
+ # reference to the scalars to set.
+
+ my %valid_options = (
+ "no-rc2" => \$no_rc2,
+ "no-rc4" => \$no_rc4,
+ "no-rc5" => \$no_rc5,
+ "no-idea" => \$no_idea,
+ "no-aes" => \$no_aes,
+ "no-camellia" => \$no_camellia,
+ "no-seed" => \$no_seed,
+ "no-des" => \$no_des,
+ "no-bf" => \$no_bf,
+ "no-cast" => \$no_cast,
+ "no-md2" => \$no_md2,
+ "no-md4" => \$no_md4,
+ "no-md5" => \$no_md5,
+ "no-sha" => \$no_sha,
+ "no-sha1" => \$no_sha1,
+ "no-ripemd" => \$no_ripemd,
+ "no-mdc2" => \$no_mdc2,
+ "no-patents" =>
+ [\$no_rc2, \$no_rc4, \$no_rc5, \$no_idea, \$no_rsa],
+ "no-rsa" => \$no_rsa,
+ "no-dsa" => \$no_dsa,
+ "no-dh" => \$no_dh,
+ "no-hmac" => \$no_hmac,
+ "no-asm" => \$no_asm,
+ "nasm" => \$nasm,
+ "ml64" => \$ml64,
+ "nw-nasm" => \$nw_nasm,
+ "nw-mwasm" => \$nw_mwasm,
+ "gaswin" => \$gaswin,
+ "no-ssl2" => \$no_ssl2,
+ "no-ssl3" => \$no_ssl3,
+ "no-tlsext" => \$no_tlsext,
+ "no-cms" => \$no_cms,
+ "no-jpake" => \$no_jpake,
+ "no-capieng" => \$no_capieng,
+ "no-err" => \$no_err,
+ "no-sock" => \$no_sock,
+ "no-krb5" => \$no_krb5,
+ "no-ec" => \$no_ec,
+ "no-ecdsa" => \$no_ecdsa,
+ "no-ecdh" => \$no_ecdh,
+ "no-engine" => \$no_engine,
+ "no-hw" => \$no_hw,
+ "just-ssl" =>
+ [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
+ \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
+ \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
+ \$no_aes, \$no_camellia, \$no_seed],
+ "rsaref" => 0,
+ "gcc" => \$gcc,
+ "debug" => \$debug,
+ "profile" => \$profile,
+ "shlib" => \$shlib,
+ "dll" => \$shlib,
+ "shared" => 0,
+ "no-gmp" => 0,
+ "no-rfc3779" => 0,
+ "no-montasm" => 0,
+ "no-shared" => 0,
+ "no-zlib" => 0,
+ "no-zlib-dynamic" => 0,
+ "fips" => \$fips,
+ "fipscanisterbuild" => [\$fips, \$fipscanisterbuild],
+ "fipsdso" => [\$fips, \$fipscanisterbuild, \$fipsdso],
+ );
+
+ if (exists $valid_options{$_})
+ {
+ my $r = $valid_options{$_};
+ if ( ref $r eq "SCALAR")
+ { $$r = 1;}
+ elsif ( ref $r eq "ARRAY")
+ {
+ my $r2;
+ foreach $r2 (@$r)
+ {
+ $$r2 = 1;
+ }
+ }
+ }
+ elsif (/^no-comp$/) { $xcflags = "-DOPENSSL_NO_COMP $xcflags"; }
+ elsif (/^enable-zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
+ elsif (/^enable-zlib-dynamic$/)
+ {
+ $zlib_opt = 2;
+ }
+ elsif (/^no-static-engine/)
+ {
+ $no_static_engine = 1;
+ }
+ elsif (/^enable-static-engine/)
+ {
+ $no_static_engine = 0;
+ }
+ # There are also enable-xxx options which correspond to
+ # the no-xxx. Since the scalars are enabled by default
+ # these can be ignored.
+ elsif (/^enable-/)
+ {
+ my $t = $_;
+ $t =~ s/^enable/no/;
+ if (exists $valid_options{$t})
+ {return 1;}
+ return 0;
+ }
+ # experimental-xxx is mostly like enable-xxx, but opensslconf.v
+ # will still set OPENSSL_NO_xxx unless we set OPENSSL_EXPERIMENTAL_xxx.
+ # (No need to fail if we don't know the algorithm -- this is for adventurous users only.)
+ elsif (/^experimental-/)
+ {
+ my $algo, $ALGO;
+ ($algo = $_) =~ s/^experimental-//;
+ ($ALGO = $algo) =~ tr/[a-z]/[A-Z]/;
+
+ $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags";
+
+ }
+ elsif (/^--with-krb5-flavor=(.*)$/)
+ {
+ my $krb5_flavor = $1;
+ if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
+ {
+ $xcflags="-DKRB5_HEIMDAL $xcflags";
+ }
+ elsif ($krb5_flavor =~ /^MIT/i)
+ {
+ $xcflags="-DKRB5_MIT $xcflags";
+ if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
+ {
+ $xcflags="-DKRB5_MIT_OLD11 $xcflags"
+ }
+ }
+ }
+ elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
+ elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
+ elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
+ { $c_flags.="$_ "; }
+ else { return(0); }
+ return(1);
+ }
+
+sub fipslib_error
+ {
+ print STDERR "***FIPS module directory sanity check failed***\n";
+ print STDERR "FIPS module build failed, or was deleted\n";
+ print STDERR "Please rebuild FIPS module.\n";
+ exit 1;
+ }
+
+sub fips_check_files
+ {
+ my $dir = shift @_;
+ my $ret = 1;
+ if (!-d $dir)
+ {
+ print STDERR "FIPS module directory $dir does not exist\n";
+ fipslib_error();
+ }
+ foreach (@_)
+ {
+ if (!-f "$dir${o}$_")
+ {
+ print STDERR "FIPS module file $_ does not exist!\n";
+ $ret = 0;
+ }
+ }
+ fipslib_error() if ($ret == 0);
+ }
Deleted: vendor-crypto/openssl/0.9.8zf/util/mkerr.pl
===================================================================
--- vendor-crypto/openssl/dist/util/mkerr.pl 2015-02-25 14:44:54 UTC (rev 6968)
+++ vendor-crypto/openssl/0.9.8zf/util/mkerr.pl 2015-03-20 00:02:03 UTC (rev 6977)
@@ -1,715 +0,0 @@
-#!/usr/local/bin/perl -w
-
-my $config = "crypto/err/openssl.ec";
-my $debug = 0;
-my $rebuild = 0;
-my $static = 1;
-my $recurse = 0;
-my $reindex = 0;
-my $dowrite = 0;
-my $staticloader = "";
-
-my $pack_errcode;
-my $load_errcode;
-
-while (@ARGV) {
- my $arg = $ARGV[0];
- if($arg eq "-conf") {
- shift @ARGV;
- $config = shift @ARGV;
- } elsif($arg eq "-debug") {
- $debug = 1;
- shift @ARGV;
- } elsif($arg eq "-rebuild") {
- $rebuild = 1;
- shift @ARGV;
- } elsif($arg eq "-recurse") {
- $recurse = 1;
- shift @ARGV;
- } elsif($arg eq "-reindex") {
- $reindex = 1;
- shift @ARGV;
- } elsif($arg eq "-nostatic") {
- $static = 0;
- shift @ARGV;
- } elsif($arg eq "-staticloader") {
- $staticloader = "static ";
- shift @ARGV;
- } elsif($arg eq "-write") {
- $dowrite = 1;
- shift @ARGV;
- } else {
- last;
- }
-}
-
-if($recurse) {
- @source = ( <crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>,
- <fips/*.c>, <fips/*/*.c>);
-} else {
- @source = @ARGV;
-}
-
-# Read in the config file
-
-open(IN, "<$config") || die "Can't open config file $config";
-
-# Parse config file
-
-while(<IN>)
-{
- if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) {
- $hinc{$1} = $2;
- $libinc{$2} = $1;
- $cskip{$3} = $1;
- if($3 ne "NONE") {
- $csrc{$1} = $3;
- $fmax{$1} = 99;
- $rmax{$1} = 99;
- $fassigned{$1} = ":";
- $rassigned{$1} = ":";
- $fnew{$1} = 0;
- $rnew{$1} = 0;
- }
- } elsif (/^F\s+(\S+)/) {
- # Add extra function with $1
- } elsif (/^R\s+(\S+)\s+(\S+)/) {
- $rextra{$1} = $2;
- $rcodes{$1} = $2;
- }
-}
-
-close IN;
-
-# Scan each header file in turn and make a list of error codes
-# and function names
-
-while (($hdr, $lib) = each %libinc)
-{
- next if($hdr eq "NONE");
- print STDERR "Scanning header file $hdr\n" if $debug;
- my $line = "", $def= "", $linenr = 0, $gotfile = 0;
- if (open(IN, "<$hdr")) {
- $gotfile = 1;
- while(<IN>) {
- $linenr++;
- print STDERR "line: $linenr\r" if $debug;
-
- last if(/BEGIN\s+ERROR\s+CODES/);
- if ($line ne '') {
- $_ = $line . $_;
- $line = '';
- }
-
- if (/\\$/) {
- $line = $_;
- next;
- }
-
- if(/\/\*/) {
- if (not /\*\//) { # multiline comment...
- $line = $_; # ... just accumulate
- next;
- } else {
- s/\/\*.*?\*\///gs; # wipe it
- }
- }
-
- if ($cpp) {
- $cpp++ if /^#\s*if/;
- $cpp-- if /^#\s*endif/;
- next;
- }
- $cpp = 1 if /^#.*ifdef.*cplusplus/; # skip "C" declaration
-
- next if (/^\#/); # skip preprocessor directives
-
- s/{[^{}]*}//gs; # ignore {} blocks
-
- if (/\{|\/\*/) { # Add a } so editor works...
- $line = $_;
- } else {
- $def .= $_;
- }
- }
- }
-
- print STDERR " \r" if $debug;
- $defnr = 0;
- # Delete any DECLARE_ macros
- $def =~ s/DECLARE_\w+\([\w,\s]+\)//gs;
- foreach (split /;/, $def) {
- $defnr++;
- print STDERR "def: $defnr\r" if $debug;
-
- # The goal is to collect function names from function declarations.
-
- s/^[\n\s]*//g;
- s/[\n\s]*$//g;
-
- # Skip over recognized non-function declarations
- next if(/typedef\W/ or /DECLARE_STACK_OF/ or /TYPEDEF_.*_OF/);
-
- # Remove STACK_OF(foo)
- s/STACK_OF\(\w+\)/void/;
-
- # Reduce argument lists to empty ()
- # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
- while(/\(.*\)/s) {
- s/\([^\(\)]+\)/\{\}/gs;
- s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs; #(*f{}) -> f
- }
- # pretend as we didn't use curly braces: {} -> ()
- s/\{\}/\(\)/gs;
-
- if (/(\w+)\s*\(\).*/s) { # first token prior [first] () is
- my $name = $1; # a function name!
- $name =~ tr/[a-z]/[A-Z]/;
- $ftrans{$name} = $1;
- } elsif (/[\(\)]/ and not (/=/)) {
- print STDERR "Header $hdr: cannot parse: $_;\n";
- }
- }
-
- print STDERR " \r" if $debug;
-
- next if $reindex;
-
- # Scan function and reason codes and store them: keep a note of the
- # maximum code used.
-
- if ($gotfile) {
- while(<IN>) {
- if(/^\#define\s+(\S+)\s+(\S+)/) {
- $name = $1;
- $code = $2;
- next if $name =~ /^${lib}err/;
- unless($name =~ /^${lib}_([RF])_(\w+)$/) {
- print STDERR "Invalid error code $name\n";
- next;
- }
- if($1 eq "R") {
- $rcodes{$name} = $code;
- if ($rassigned{$lib} =~ /:$code:/) {
- print STDERR "!! ERROR: $lib reason code $code assigned twice\n";
- }
- $rassigned{$lib} .= "$code:";
- if(!(exists $rextra{$name}) &&
- ($code > $rmax{$lib}) ) {
- $rmax{$lib} = $code;
- }
- } else {
- if ($fassigned{$lib} =~ /:$code:/) {
- print STDERR "!! ERROR: $lib function code $code assigned twice\n";
- }
- $fassigned{$lib} .= "$code:";
- if($code > $fmax{$lib}) {
- $fmax{$lib} = $code;
- }
- $fcodes{$name} = $code;
- }
- }
- }
- }
-
- if ($debug) {
- if (defined($fmax{$lib})) {
- print STDERR "Max function code fmax" . "{" . "$lib" . "} = $fmax{$lib}\n";
- $fassigned{$lib} =~ m/^:(.*):$/;
- @fassigned = sort {$a <=> $b} split(":", $1);
- print STDERR " @fassigned\n";
- }
- if (defined($rmax{$lib})) {
- print STDERR "Max reason code rmax" . "{" . "$lib" . "} = $rmax{$lib}\n";
- $rassigned{$lib} =~ m/^:(.*):$/;
- @rassigned = sort {$a <=> $b} split(":", $1);
- print STDERR " @rassigned\n";
- }
- }
-
- if ($lib eq "SSL") {
- if ($rmax{$lib} >= 1000) {
- print STDERR "!! ERROR: SSL error codes 1000+ are reserved for alerts.\n";
- print STDERR "!! Any new alerts must be added to $config.\n";
- print STDERR "\n";
- }
- }
- close IN;
-}
-
-# Scan each C source file and look for function and reason codes
-# This is done by looking for strings that "look like" function or
-# reason codes: basically anything consisting of all upper case and
-# numerics which has _F_ or _R_ in it and which has the name of an
-# error library at the start. This seems to work fine except for the
-# oddly named structure BIO_F_CTX which needs to be ignored.
-# If a code doesn't exist in list compiled from headers then mark it
-# with the value "X" as a place holder to give it a value later.
-# Store all function and reason codes found in %ufcodes and %urcodes
-# so all those unreferenced can be printed out.
-
-
-foreach $file (@source) {
- # Don't parse the error source file.
- next if exists $cskip{$file};
- print STDERR "File loaded: ".$file."\r" if $debug;
- open(IN, "<$file") || die "Can't open source file $file\n";
- while(<IN>) {
- if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
- next unless exists $csrc{$2};
- next if($1 eq "BIO_F_BUFFER_CTX");
- $ufcodes{$1} = 1;
- if(!exists $fcodes{$1}) {
- $fcodes{$1} = "X";
- $fnew{$2}++;
- }
- $notrans{$1} = 1 unless exists $ftrans{$3};
- }
- if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) {
- next unless exists $csrc{$2};
- $urcodes{$1} = 1;
- if(!exists $rcodes{$1}) {
- $rcodes{$1} = "X";
- $rnew{$2}++;
- }
- }
- }
- close IN;
-}
-print STDERR " \n" if $debug;
-
-# Now process each library in turn.
-
-foreach $lib (keys %csrc)
-{
- my $hfile = $hinc{$lib};
- my $cfile = $csrc{$lib};
- if(!$fnew{$lib} && !$rnew{$lib}) {
- print STDERR "$lib:\t\tNo new error codes\n";
- next unless $rebuild;
- } else {
- print STDERR "$lib:\t\t$fnew{$lib} New Functions,";
- print STDERR " $rnew{$lib} New Reasons.\n";
- next unless $dowrite;
- }
-
- # If we get here then we have some new error codes so we
- # need to rebuild the header file and C file.
-
- # Make a sorted list of error and reason codes for later use.
-
- my @function = sort grep(/^${lib}_/,keys %fcodes);
- my @reasons = sort grep(/^${lib}_/,keys %rcodes);
-
- # Rewrite the header file
-
- if (open(IN, "<$hfile")) {
- # Copy across the old file
- while(<IN>) {
- push @out, $_;
- last if (/BEGIN ERROR CODES/);
- }
- close IN;
- } else {
- push @out,
-"/* ====================================================================\n",
-" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n",
-" *\n",
-" * Redistribution and use in source and binary forms, with or without\n",
-" * modification, are permitted provided that the following conditions\n",
-" * are met:\n",
-" *\n",
-" * 1. Redistributions of source code must retain the above copyright\n",
-" * notice, this list of conditions and the following disclaimer. \n",
-" *\n",
-" * 2. Redistributions in binary form must reproduce the above copyright\n",
-" * notice, this list of conditions and the following disclaimer in\n",
-" * the documentation and/or other materials provided with the\n",
-" * distribution.\n",
-" *\n",
-" * 3. All advertising materials mentioning features or use of this\n",
-" * software must display the following acknowledgment:\n",
-" * \"This product includes software developed by the OpenSSL Project\n",
-" * for use in the OpenSSL Toolkit. (http://www.openssl.org/)\"\n",
-" *\n",
-" * 4. The names \"OpenSSL Toolkit\" and \"OpenSSL Project\" must not be used to\n",
-" * endorse or promote products derived from this software without\n",
-" * prior written permission. For written permission, please contact\n",
-" * openssl-core\@openssl.org.\n",
-" *\n",
-" * 5. Products derived from this software may not be called \"OpenSSL\"\n",
-" * nor may \"OpenSSL\" appear in their names without prior written\n",
-" * permission of the OpenSSL Project.\n",
-" *\n",
-" * 6. Redistributions of any form whatsoever must retain the following\n",
-" * acknowledgment:\n",
-" * \"This product includes software developed by the OpenSSL Project\n",
-" * for use in the OpenSSL Toolkit (http://www.openssl.org/)\"\n",
-" *\n",
-" * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY\n",
-" * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n",
-" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n",
-" * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR\n",
-" * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n",
-" * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n",
-" * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\n",
-" * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n",
-" * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n",
-" * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\n",
-" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\n",
-" * OF THE POSSIBILITY OF SUCH DAMAGE.\n",
-" * ====================================================================\n",
-" *\n",
-" * This product includes cryptographic software written by Eric Young\n",
-" * (eay\@cryptsoft.com). This product includes software written by Tim\n",
-" * Hudson (tjh\@cryptsoft.com).\n",
-" *\n",
-" */\n",
-"\n",
-"#ifndef HEADER_${lib}_ERR_H\n",
-"#define HEADER_${lib}_ERR_H\n",
-"\n",
-"/* BEGIN ERROR CODES */\n";
- }
- open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n";
-
- print OUT @out;
- undef @out;
- print OUT <<"EOF";
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-EOF
- if($static) {
- print OUT <<"EOF";
-${staticloader}void ERR_load_${lib}_strings(void);
-
-EOF
- } else {
- print OUT <<"EOF";
-${staticloader}void ERR_load_${lib}_strings(void);
-${staticloader}void ERR_unload_${lib}_strings(void);
-${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
-#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
-
-EOF
- }
- print OUT <<"EOF";
-/* Error codes for the $lib functions. */
-
-/* Function codes. */
-EOF
-
- foreach $i (@function) {
- $z=6-int(length($i)/8);
- if($fcodes{$i} eq "X") {
- $fassigned{$lib} =~ m/^:([^:]*):/;
- $findcode = $1;
- if (!defined($findcode)) {
- $findcode = $fmax{$lib};
- }
- while ($fassigned{$lib} =~ m/:$findcode:/) {
- $findcode++;
- }
- $fcodes{$i} = $findcode;
- $fassigned{$lib} .= "$findcode:";
- print STDERR "New Function code $i\n" if $debug;
- }
- printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z;
- }
-
- print OUT "\n/* Reason codes. */\n";
-
- foreach $i (@reasons) {
- $z=6-int(length($i)/8);
- if($rcodes{$i} eq "X") {
- $rassigned{$lib} =~ m/^:([^:]*):/;
- $findcode = $1;
- if (!defined($findcode)) {
- $findcode = $rmax{$lib};
- }
- while ($rassigned{$lib} =~ m/:$findcode:/) {
- $findcode++;
- }
- $rcodes{$i} = $findcode;
- $rassigned{$lib} .= "$findcode:";
- print STDERR "New Reason code $i\n" if $debug;
- }
- printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z;
- }
- print OUT <<"EOF";
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-EOF
- close OUT;
-
- # Rewrite the C source file containing the error details.
-
- # First, read any existing reason string definitions:
- my %err_reason_strings;
- if (open(IN,"<$cfile")) {
- while (<IN>) {
- if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
- $err_reason_strings{$1} = $2;
- }
- }
- close(IN);
- }
-
- my $hincf;
- if($static) {
- $hfile =~ /([^\/]+)$/;
- $hincf = "<openssl/$1>";
- } else {
- $hincf = "\"$hfile\"";
- }
-
- # If static we know the error code at compile time so use it
- # in error definitions.
-
- if ($static)
- {
- $pack_errcode = "ERR_LIB_${lib}";
- $load_errcode = "0";
- }
- else
- {
- $pack_errcode = "0";
- $load_errcode = "ERR_LIB_${lib}";
- }
-
-
- open (OUT,">$cfile") || die "Can't open $cfile for writing";
-
- print OUT <<"EOF";
-/* $cfile */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core\@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay\@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh\@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include $hincf
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
-#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
-
-static ERR_STRING_DATA ${lib}_str_functs[]=
- {
-EOF
- # Add each function code: if a function name is found then use it.
- foreach $i (@function) {
- my $fn;
- $i =~ /^${lib}_F_(\S+)$/;
- $fn = $1;
- if(exists $ftrans{$fn}) {
- $fn = $ftrans{$fn};
- }
-# print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
- print OUT "{ERR_FUNC($i),\t\"$fn\"},\n";
- }
- print OUT <<"EOF";
-{0,NULL}
- };
-
-static ERR_STRING_DATA ${lib}_str_reasons[]=
- {
-EOF
- # Add each reason code.
- foreach $i (@reasons) {
- my $rn;
- my $rstr = "ERR_REASON($i)";
- my $nspc = 0;
- if (exists $err_reason_strings{$i}) {
- $rn = $err_reason_strings{$i};
- } else {
- $i =~ /^${lib}_R_(\S+)$/;
- $rn = $1;
- $rn =~ tr/_[A-Z]/ [a-z]/;
- }
- $nspc = 40 - length($rstr) unless length($rstr) > 40;
- $nspc = " " x $nspc;
- print OUT "{${rstr}${nspc},\"$rn\"},\n";
- }
-if($static) {
- print OUT <<"EOF";
-{0,NULL}
- };
-
-#endif
-
-${staticloader}void ERR_load_${lib}_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL)
- {
- ERR_load_strings($load_errcode,${lib}_str_functs);
- ERR_load_strings($load_errcode,${lib}_str_reasons);
- }
-#endif
- }
-EOF
-} else {
- print OUT <<"EOF";
-{0,NULL}
- };
-
-#endif
-
-#ifdef ${lib}_LIB_NAME
-static ERR_STRING_DATA ${lib}_lib_name[]=
- {
-{0 ,${lib}_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int ${lib}_lib_error_code=0;
-static int ${lib}_error_init=1;
-
-${staticloader}void ERR_load_${lib}_strings(void)
- {
- if (${lib}_lib_error_code == 0)
- ${lib}_lib_error_code=ERR_get_next_error_library();
-
- if (${lib}_error_init)
- {
- ${lib}_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs);
- ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons);
-#endif
-
-#ifdef ${lib}_LIB_NAME
- ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0);
- ERR_load_strings(0,${lib}_lib_name);
-#endif
- }
- }
-
-${staticloader}void ERR_unload_${lib}_strings(void)
- {
- if (${lib}_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs);
- ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons);
-#endif
-
-#ifdef ${lib}_LIB_NAME
- ERR_unload_strings(0,${lib}_lib_name);
-#endif
- ${lib}_error_init=1;
- }
- }
-
-${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line)
- {
- if (${lib}_lib_error_code == 0)
- ${lib}_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line);
- }
-EOF
-
-}
-
- close OUT;
- undef %err_reason_strings;
-}
-
-if($debug && %notrans) {
- print STDERR "The following function codes were not translated:\n";
- foreach(sort keys %notrans)
- {
- print STDERR "$_\n";
- }
-}
-
-# Make a list of unreferenced function and reason codes
-
-foreach (keys %fcodes) {
- push (@funref, $_) unless exists $ufcodes{$_};
-}
-
-foreach (keys %rcodes) {
- push (@runref, $_) unless exists $urcodes{$_};
-}
-
-if($debug && @funref) {
- print STDERR "The following function codes were not referenced:\n";
- foreach(sort @funref)
- {
- print STDERR "$_\n";
- }
-}
-
-if($debug && @runref) {
- print STDERR "The following reason codes were not referenced:\n";
- foreach(sort @runref)
- {
- print STDERR "$_\n";
- }
-}
Copied: vendor-crypto/openssl/0.9.8zf/util/mkerr.pl (from rev 6976, vendor-crypto/openssl/dist/util/mkerr.pl)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/util/mkerr.pl (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/util/mkerr.pl 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,715 @@
+#!/usr/local/bin/perl -w
+
+my $config = "crypto/err/openssl.ec";
+my $debug = 0;
+my $rebuild = 0;
+my $static = 1;
+my $recurse = 0;
+my $reindex = 0;
+my $dowrite = 0;
+my $staticloader = "";
+
+my $pack_errcode;
+my $load_errcode;
+
+while (@ARGV) {
+ my $arg = $ARGV[0];
+ if($arg eq "-conf") {
+ shift @ARGV;
+ $config = shift @ARGV;
+ } elsif($arg eq "-debug") {
+ $debug = 1;
+ shift @ARGV;
+ } elsif($arg eq "-rebuild") {
+ $rebuild = 1;
+ shift @ARGV;
+ } elsif($arg eq "-recurse") {
+ $recurse = 1;
+ shift @ARGV;
+ } elsif($arg eq "-reindex") {
+ $reindex = 1;
+ shift @ARGV;
+ } elsif($arg eq "-nostatic") {
+ $static = 0;
+ shift @ARGV;
+ } elsif($arg eq "-staticloader") {
+ $staticloader = "static ";
+ shift @ARGV;
+ } elsif($arg eq "-write") {
+ $dowrite = 1;
+ shift @ARGV;
+ } else {
+ last;
+ }
+}
+
+if($recurse) {
+ @source = ( <crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>,
+ <fips/*.c>, <fips/*/*.c>);
+} else {
+ @source = @ARGV;
+}
+
+# Read in the config file
+
+open(IN, "<$config") || die "Can't open config file $config";
+
+# Parse config file
+
+while(<IN>)
+{
+ if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) {
+ $hinc{$1} = $2;
+ $libinc{$2} = $1;
+ $cskip{$3} = $1;
+ if($3 ne "NONE") {
+ $csrc{$1} = $3;
+ $fmax{$1} = 99;
+ $rmax{$1} = 99;
+ $fassigned{$1} = ":";
+ $rassigned{$1} = ":";
+ $fnew{$1} = 0;
+ $rnew{$1} = 0;
+ }
+ } elsif (/^F\s+(\S+)/) {
+ # Add extra function with $1
+ } elsif (/^R\s+(\S+)\s+(\S+)/) {
+ $rextra{$1} = $2;
+ $rcodes{$1} = $2;
+ }
+}
+
+close IN;
+
+# Scan each header file in turn and make a list of error codes
+# and function names
+
+while (($hdr, $lib) = each %libinc)
+{
+ next if($hdr eq "NONE");
+ print STDERR "Scanning header file $hdr\n" if $debug;
+ my $line = "", $def= "", $linenr = 0, $gotfile = 0;
+ if (open(IN, "<$hdr")) {
+ $gotfile = 1;
+ while(<IN>) {
+ $linenr++;
+ print STDERR "line: $linenr\r" if $debug;
+
+ last if(/BEGIN\s+ERROR\s+CODES/);
+ if ($line ne '') {
+ $_ = $line . $_;
+ $line = '';
+ }
+
+ if (/\\$/) {
+ $line = $_;
+ next;
+ }
+
+ if(/\/\*/) {
+ if (not /\*\//) { # multiline comment...
+ $line = $_; # ... just accumulate
+ next;
+ } else {
+ s/\/\*.*?\*\///gs; # wipe it
+ }
+ }
+
+ if ($cpp) {
+ $cpp++ if /^#\s*if/;
+ $cpp-- if /^#\s*endif/;
+ next;
+ }
+ $cpp = 1 if /^#.*ifdef.*cplusplus/; # skip "C" declaration
+
+ next if (/^\#/); # skip preprocessor directives
+
+ s/{[^{}]*}//gs; # ignore {} blocks
+
+ if (/\{|\/\*/) { # Add a } so editor works...
+ $line = $_;
+ } else {
+ $def .= $_;
+ }
+ }
+ }
+
+ print STDERR " \r" if $debug;
+ $defnr = 0;
+ # Delete any DECLARE_ macros
+ $def =~ s/DECLARE_\w+\([\w,\s]+\)//gs;
+ foreach (split /;/, $def) {
+ $defnr++;
+ print STDERR "def: $defnr\r" if $debug;
+
+ # The goal is to collect function names from function declarations.
+
+ s/^[\n\s]*//g;
+ s/[\n\s]*$//g;
+
+ # Skip over recognized non-function declarations
+ next if(/typedef\W/ or /DECLARE_STACK_OF/ or /TYPEDEF_.*_OF/);
+
+ # Remove STACK_OF(foo)
+ s/STACK_OF\(\w+\)/void/;
+
+ # Reduce argument lists to empty ()
+ # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
+ while(/\(.*\)/s) {
+ s/\([^\(\)]+\)/\{\}/gs;
+ s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs; #(*f{}) -> f
+ }
+ # pretend as we didn't use curly braces: {} -> ()
+ s/\{\}/\(\)/gs;
+
+ if (/(\w+)\s*\(\).*/s) { # first token prior [first] () is
+ my $name = $1; # a function name!
+ $name =~ tr/[a-z]/[A-Z]/;
+ $ftrans{$name} = $1;
+ } elsif (/[\(\)]/ and not (/=/)) {
+ print STDERR "Header $hdr: cannot parse: $_;\n";
+ }
+ }
+
+ print STDERR " \r" if $debug;
+
+ next if $reindex;
+
+ # Scan function and reason codes and store them: keep a note of the
+ # maximum code used.
+
+ if ($gotfile) {
+ while(<IN>) {
+ if(/^\#\s*define\s+(\S+)\s+(\S+)/) {
+ $name = $1;
+ $code = $2;
+ next if $name =~ /^${lib}err/;
+ unless($name =~ /^${lib}_([RF])_(\w+)$/) {
+ print STDERR "Invalid error code $name\n";
+ next;
+ }
+ if($1 eq "R") {
+ $rcodes{$name} = $code;
+ if ($rassigned{$lib} =~ /:$code:/) {
+ print STDERR "!! ERROR: $lib reason code $code assigned twice\n";
+ }
+ $rassigned{$lib} .= "$code:";
+ if(!(exists $rextra{$name}) &&
+ ($code > $rmax{$lib}) ) {
+ $rmax{$lib} = $code;
+ }
+ } else {
+ if ($fassigned{$lib} =~ /:$code:/) {
+ print STDERR "!! ERROR: $lib function code $code assigned twice\n";
+ }
+ $fassigned{$lib} .= "$code:";
+ if($code > $fmax{$lib}) {
+ $fmax{$lib} = $code;
+ }
+ $fcodes{$name} = $code;
+ }
+ }
+ }
+ }
+
+ if ($debug) {
+ if (defined($fmax{$lib})) {
+ print STDERR "Max function code fmax" . "{" . "$lib" . "} = $fmax{$lib}\n";
+ $fassigned{$lib} =~ m/^:(.*):$/;
+ @fassigned = sort {$a <=> $b} split(":", $1);
+ print STDERR " @fassigned\n";
+ }
+ if (defined($rmax{$lib})) {
+ print STDERR "Max reason code rmax" . "{" . "$lib" . "} = $rmax{$lib}\n";
+ $rassigned{$lib} =~ m/^:(.*):$/;
+ @rassigned = sort {$a <=> $b} split(":", $1);
+ print STDERR " @rassigned\n";
+ }
+ }
+
+ if ($lib eq "SSL") {
+ if ($rmax{$lib} >= 1000) {
+ print STDERR "!! ERROR: SSL error codes 1000+ are reserved for alerts.\n";
+ print STDERR "!! Any new alerts must be added to $config.\n";
+ print STDERR "\n";
+ }
+ }
+ close IN;
+}
+
+# Scan each C source file and look for function and reason codes
+# This is done by looking for strings that "look like" function or
+# reason codes: basically anything consisting of all upper case and
+# numerics which has _F_ or _R_ in it and which has the name of an
+# error library at the start. This seems to work fine except for the
+# oddly named structure BIO_F_CTX which needs to be ignored.
+# If a code doesn't exist in list compiled from headers then mark it
+# with the value "X" as a place holder to give it a value later.
+# Store all function and reason codes found in %ufcodes and %urcodes
+# so all those unreferenced can be printed out.
+
+
+foreach $file (@source) {
+ # Don't parse the error source file.
+ next if exists $cskip{$file};
+ print STDERR "File loaded: ".$file."\r" if $debug;
+ open(IN, "<$file") || die "Can't open source file $file\n";
+ while(<IN>) {
+ if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
+ next unless exists $csrc{$2};
+ next if($1 eq "BIO_F_BUFFER_CTX");
+ $ufcodes{$1} = 1;
+ if(!exists $fcodes{$1}) {
+ $fcodes{$1} = "X";
+ $fnew{$2}++;
+ }
+ $notrans{$1} = 1 unless exists $ftrans{$3};
+ }
+ if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) {
+ next unless exists $csrc{$2};
+ $urcodes{$1} = 1;
+ if(!exists $rcodes{$1}) {
+ $rcodes{$1} = "X";
+ $rnew{$2}++;
+ }
+ }
+ }
+ close IN;
+}
+print STDERR " \n" if $debug;
+
+# Now process each library in turn.
+
+foreach $lib (keys %csrc)
+{
+ my $hfile = $hinc{$lib};
+ my $cfile = $csrc{$lib};
+ if(!$fnew{$lib} && !$rnew{$lib}) {
+ print STDERR "$lib:\t\tNo new error codes\n";
+ next unless $rebuild;
+ } else {
+ print STDERR "$lib:\t\t$fnew{$lib} New Functions,";
+ print STDERR " $rnew{$lib} New Reasons.\n";
+ next unless $dowrite;
+ }
+
+ # If we get here then we have some new error codes so we
+ # need to rebuild the header file and C file.
+
+ # Make a sorted list of error and reason codes for later use.
+
+ my @function = sort grep(/^${lib}_/,keys %fcodes);
+ my @reasons = sort grep(/^${lib}_/,keys %rcodes);
+
+ # Rewrite the header file
+
+ if (open(IN, "<$hfile")) {
+ # Copy across the old file
+ while(<IN>) {
+ push @out, $_;
+ last if (/BEGIN ERROR CODES/);
+ }
+ close IN;
+ } else {
+ push @out,
+"/* ====================================================================\n",
+" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n",
+" *\n",
+" * Redistribution and use in source and binary forms, with or without\n",
+" * modification, are permitted provided that the following conditions\n",
+" * are met:\n",
+" *\n",
+" * 1. Redistributions of source code must retain the above copyright\n",
+" * notice, this list of conditions and the following disclaimer. \n",
+" *\n",
+" * 2. Redistributions in binary form must reproduce the above copyright\n",
+" * notice, this list of conditions and the following disclaimer in\n",
+" * the documentation and/or other materials provided with the\n",
+" * distribution.\n",
+" *\n",
+" * 3. All advertising materials mentioning features or use of this\n",
+" * software must display the following acknowledgment:\n",
+" * \"This product includes software developed by the OpenSSL Project\n",
+" * for use in the OpenSSL Toolkit. (http://www.openssl.org/)\"\n",
+" *\n",
+" * 4. The names \"OpenSSL Toolkit\" and \"OpenSSL Project\" must not be used to\n",
+" * endorse or promote products derived from this software without\n",
+" * prior written permission. For written permission, please contact\n",
+" * openssl-core\@openssl.org.\n",
+" *\n",
+" * 5. Products derived from this software may not be called \"OpenSSL\"\n",
+" * nor may \"OpenSSL\" appear in their names without prior written\n",
+" * permission of the OpenSSL Project.\n",
+" *\n",
+" * 6. Redistributions of any form whatsoever must retain the following\n",
+" * acknowledgment:\n",
+" * \"This product includes software developed by the OpenSSL Project\n",
+" * for use in the OpenSSL Toolkit (http://www.openssl.org/)\"\n",
+" *\n",
+" * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY\n",
+" * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n",
+" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n",
+" * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR\n",
+" * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n",
+" * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n",
+" * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\n",
+" * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n",
+" * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n",
+" * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\n",
+" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\n",
+" * OF THE POSSIBILITY OF SUCH DAMAGE.\n",
+" * ====================================================================\n",
+" *\n",
+" * This product includes cryptographic software written by Eric Young\n",
+" * (eay\@cryptsoft.com). This product includes software written by Tim\n",
+" * Hudson (tjh\@cryptsoft.com).\n",
+" *\n",
+" */\n",
+"\n",
+"#ifndef HEADER_${lib}_ERR_H\n",
+"#define HEADER_${lib}_ERR_H\n",
+"\n",
+"/* BEGIN ERROR CODES */\n";
+ }
+ open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n";
+
+ print OUT @out;
+ undef @out;
+ print OUT <<"EOF";
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+EOF
+ if($static) {
+ print OUT <<"EOF";
+${staticloader}void ERR_load_${lib}_strings(void);
+
+EOF
+ } else {
+ print OUT <<"EOF";
+${staticloader}void ERR_load_${lib}_strings(void);
+${staticloader}void ERR_unload_${lib}_strings(void);
+${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
+# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
+
+EOF
+ }
+ print OUT <<"EOF";
+/* Error codes for the $lib functions. */
+
+/* Function codes. */
+EOF
+
+ foreach $i (@function) {
+ $z=48 - length($i);
+ if($fcodes{$i} eq "X") {
+ $fassigned{$lib} =~ m/^:([^:]*):/;
+ $findcode = $1;
+ if (!defined($findcode)) {
+ $findcode = $fmax{$lib};
+ }
+ while ($fassigned{$lib} =~ m/:$findcode:/) {
+ $findcode++;
+ }
+ $fcodes{$i} = $findcode;
+ $fassigned{$lib} .= "$findcode:";
+ print STDERR "New Function code $i\n" if $debug;
+ }
+ printf OUT "# define $i%s $fcodes{$i}\n"," " x $z;
+ }
+
+ print OUT "\n/* Reason codes. */\n";
+
+ foreach $i (@reasons) {
+ $z=48 - length($i);
+ if($rcodes{$i} eq "X") {
+ $rassigned{$lib} =~ m/^:([^:]*):/;
+ $findcode = $1;
+ if (!defined($findcode)) {
+ $findcode = $rmax{$lib};
+ }
+ while ($rassigned{$lib} =~ m/:$findcode:/) {
+ $findcode++;
+ }
+ $rcodes{$i} = $findcode;
+ $rassigned{$lib} .= "$findcode:";
+ print STDERR "New Reason code $i\n" if $debug;
+ }
+ printf OUT "# define $i%s $rcodes{$i}\n"," " x $z;
+ }
+ print OUT <<"EOF";
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+EOF
+ close OUT;
+
+ # Rewrite the C source file containing the error details.
+
+ # First, read any existing reason string definitions:
+ my %err_reason_strings;
+ if (open(IN,"<$cfile")) {
+ while (<IN>) {
+ if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
+ $err_reason_strings{$1} = $2;
+ }
+ }
+ close(IN);
+ }
+
+ my $hincf;
+ if($static) {
+ $hfile =~ /([^\/]+)$/;
+ $hincf = "<openssl/$1>";
+ } else {
+ $hincf = "\"$hfile\"";
+ }
+
+ # If static we know the error code at compile time so use it
+ # in error definitions.
+
+ if ($static)
+ {
+ $pack_errcode = "ERR_LIB_${lib}";
+ $load_errcode = "0";
+ }
+ else
+ {
+ $pack_errcode = "0";
+ $load_errcode = "ERR_LIB_${lib}";
+ }
+
+
+ open (OUT,">$cfile") || die "Can't open $cfile for writing";
+
+ print OUT <<"EOF";
+/* $cfile */
+/* ====================================================================
+ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core\@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay\@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh\@cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include $hincf
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
+# define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
+
+static ERR_STRING_DATA ${lib}_str_functs[] = {
+EOF
+ # Add each function code: if a function name is found then use it.
+ foreach $i (@function) {
+ my $fn;
+ $i =~ /^${lib}_F_(\S+)$/;
+ $fn = $1;
+ if(exists $ftrans{$fn}) {
+ $fn = $ftrans{$fn};
+ }
+# print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
+ if(length($i) + length($fn) > 58) {
+ print OUT " {ERR_FUNC($i),\n \"$fn\"},\n";
+ } else {
+ print OUT " {ERR_FUNC($i), \"$fn\"},\n";
+ }
+ }
+ print OUT <<"EOF";
+ {0, NULL}
+};
+
+static ERR_STRING_DATA ${lib}_str_reasons[] = {
+EOF
+ # Add each reason code.
+ foreach $i (@reasons) {
+ my $rn;
+ my $rstr = "ERR_REASON($i)";
+ if (exists $err_reason_strings{$i}) {
+ $rn = $err_reason_strings{$i};
+ } else {
+ $i =~ /^${lib}_R_(\S+)$/;
+ $rn = $1;
+ $rn =~ tr/_[A-Z]/ [a-z]/;
+ }
+ if(length($i) + length($rn) > 56) {
+ print OUT " {${rstr},\n \"$rn\"},\n";
+ } else {
+ print OUT " {${rstr}, \"$rn\"},\n";
+ }
+ }
+if($static) {
+ print OUT <<"EOF";
+ {0, NULL}
+};
+
+#endif
+
+${staticloader}void ERR_load_${lib}_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+
+ if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) {
+ ERR_load_strings($load_errcode, ${lib}_str_functs);
+ ERR_load_strings($load_errcode, ${lib}_str_reasons);
+ }
+#endif
+}
+EOF
+} else {
+ print OUT <<"EOF";
+ {0, NULL}
+};
+
+#endif
+
+#ifdef ${lib}_LIB_NAME
+static ERR_STRING_DATA ${lib}_lib_name[] = {
+ {0, ${lib}_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int ${lib}_lib_error_code = 0;
+static int ${lib}_error_init = 1;
+
+${staticloader}void ERR_load_${lib}_strings(void)
+{
+ if (${lib}_lib_error_code == 0)
+ ${lib}_lib_error_code = ERR_get_next_error_library();
+
+ if (${lib}_error_init) {
+ ${lib}_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(${lib}_lib_error_code, ${lib}_str_functs);
+ ERR_load_strings(${lib}_lib_error_code, ${lib}_str_reasons);
+#endif
+
+#ifdef ${lib}_LIB_NAME
+ ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code, 0, 0);
+ ERR_load_strings(0, ${lib}_lib_name);
+#endif
+ }
+}
+
+${staticloader}void ERR_unload_${lib}_strings(void)
+{
+ if (${lib}_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_functs);
+ ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_reasons);
+#endif
+
+#ifdef ${lib}_LIB_NAME
+ ERR_unload_strings(0, ${lib}_lib_name);
+#endif
+ ${lib}_error_init = 1;
+ }
+}
+
+${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line)
+{
+ if (${lib}_lib_error_code == 0)
+ ${lib}_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(${lib}_lib_error_code, function, reason, file, line);
+}
+EOF
+
+}
+
+ close OUT;
+ undef %err_reason_strings;
+}
+
+if($debug && %notrans) {
+ print STDERR "The following function codes were not translated:\n";
+ foreach(sort keys %notrans)
+ {
+ print STDERR "$_\n";
+ }
+}
+
+# Make a list of unreferenced function and reason codes
+
+foreach (keys %fcodes) {
+ push (@funref, $_) unless exists $ufcodes{$_};
+}
+
+foreach (keys %rcodes) {
+ push (@runref, $_) unless exists $urcodes{$_};
+}
+
+if($debug && @funref) {
+ print STDERR "The following function codes were not referenced:\n";
+ foreach(sort @funref)
+ {
+ print STDERR "$_\n";
+ }
+}
+
+if($debug && @runref) {
+ print STDERR "The following reason codes were not referenced:\n";
+ foreach(sort @runref)
+ {
+ print STDERR "$_\n";
+ }
+}
Copied: vendor-crypto/openssl/0.9.8zf/util/openssl-format-source (from rev 6976, vendor-crypto/openssl/dist/util/openssl-format-source)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/util/openssl-format-source (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/util/openssl-format-source 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,148 @@
+#!/bin/sh
+#
+# openssl-format-source
+# - format source tree according to OpenSSL coding style using indent
+#
+# usage:
+# openssl-format-source [-v] [-n] [file|directory] ...
+#
+# note: the indent options assume GNU indent v2.2.10 which was released
+# Feb-2009 so if you have an older indent the options may not
+# match what is expected
+#
+# any marked block comment blocks have to be moved to align manually after
+# the reformatting has been completed as marking a block causes indent to
+# not move it at all ...
+#
+
+PATH=/usr/local/bin:/bin:/usr/bin:$PATH
+export PATH
+HERE="`dirname $0`"
+
+set -e
+
+if [ $# -eq 0 ]; then
+ echo "usage: $0 [-v] [-n] [-c] [sourcefile|sourcedir] ..." >&2
+ exit 1
+fi
+
+VERBOSE=false
+DONT=false
+STOPARGS=false
+COMMENTS=false
+DEBUG=""
+
+# for this exercise, we want to force the openssl style, so we roll
+# our own indent profile, which is at a well known location
+INDENT_PROFILE="$HERE/indent.pro"
+export INDENT_PROFILE
+if [ ! -f "$INDENT_PROFILE" ]; then
+ echo "$0: unable to locate the openssl indent.pro file" >&2
+ exit 1
+fi
+
+# Extra arguments; for adding the comment-formatting
+INDENT_ARGS=""
+for i
+do
+ if [ "$STOPARGS" != "true" ]; then
+ case $i in
+ --) STOPARGS="true"; continue;;
+ -n) DONT="true"; continue;;
+ -v) VERBOSE="true";
+ echo "INDENT_PROFILE=$INDENT_PROFILE";
+ continue;;
+ -c) COMMENTS="true";
+ INDENT_ARGS="-fc1 -fca -cdb -sc";
+ continue;;
+ -nc) COMMENTS="true";
+ continue;;
+ -d) DEBUG='eval tee "$j.pre" |'
+ continue;;
+ esac
+ fi
+
+ if [ -d "$i" ]; then
+ LIST=`find "$i" -name '*.[ch]' -print`
+ else
+ if [ ! -f "$i" ]; then
+ echo "$0: source file not found: $i" >&2
+ exit 1
+ fi
+ LIST="$i"
+ fi
+
+ for j in $LIST
+ do
+ # ignore symlinks - we only ever process the base file - so if we
+ # expand a directory tree we need to ignore any located symlinks
+ if [ -d "$i" ]; then
+ if [ -h "$j" ]; then
+ continue;
+ fi
+ fi
+
+ if [ "$VERBOSE" = "true" ]; then
+ echo "$j"
+ fi
+
+ if [ "$DONT" = "false" ]; then
+ tmp=$(mktemp /tmp/indent.XXXXXX)
+ trap 'rm -f "$tmp"' HUP INT TERM EXIT
+
+ case `basename $j` in
+ # the list of files that indent is unable to handle correctly
+ # that we simply leave alone for manual formatting now
+ obj_dat.h|aes_core.c|aes_x86core.c|ecp_nistz256.c)
+ echo "skipping $j"
+ ;;
+ *)
+ if [ "$COMMENTS" = "true" ]; then
+ # we have to mark single line comments as /*- ...*/ to stop indent
+ # messing with them, run expand then indent as usual but with the
+ # the process-comments options and then undo that marking, and then
+ # finally re-run indent without process-comments so the marked-to-
+ # be-ignored comments we did automatically end up getting moved
+ # into the right possition within the code as indent leaves marked
+ # comments entirely untouched - we appear to have no way to avoid
+ # the double processing and get the desired output
+ cat "$j" | \
+ expand | \
+ perl -0 -np \
+ -e 's/(\n#[ \t]*ifdef[ \t]+__cplusplus\n[^\n]*\n#[ \t]*endif\n)/\n\/**INDENT-OFF**\/$1\/**INDENT-ON**\/\n/g;' \
+ -e 's/(\n\/\*\!)/\n\/**/g;' \
+ -e 's/(STACK_OF|LHASH_OF)\(([^ \t,\)]+)\)( |\n)/$1_$2_$3/g;' \
+ | \
+ perl -np \
+ -e 's/^([ \t]*)\/\*([ \t]+.*)\*\/[ \t]*$/if (length("$1$2")<75) {$c="-"}else{$c=""}; "$1\/*$c$2*\/"/e;' \
+ -e 's/^\/\* ((Copyright|=|----).*)$/\/*-$1/;' \
+ -e 's/^((DECLARE|IMPLEMENT)_(EXTERN_ASN1|ASN1|ADB|STACK_OF|PKCS12_STACK_OF).*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
+ -e 's/^([ \t]*(make_dh|make_dh_bn|make_rfc5114_td)\(.*\)[ \t,]*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
+ -e 's/^(ASN1_ADB_TEMPLATE\(.*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \
+ -e 's/^((ASN1|ADB)_.*_(end|END)\(.*[\){=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \
+ -e '/ASN1_(ITEM_ref|ITEM_ptr|ITEM_rptr|PCTX)/ || s/^((ASN1|ADB)_[^\*]*[){=,]+[ \t]*)$/\/**INDENT-OFF**\/\n$1/;' \
+ -e 's/^(} (ASN1|ADB)_[^\*]*[\){=,;]+)$/$1\n\/**INDENT-ON**\//;' \
+ | \
+ $DEBUG indent $INDENT_ARGS | \
+ perl -np \
+ -e 's/^([ \t]*)\/\*-(.*)\*\/[ \t]*$/$1\/*$2*\//;' \
+ -e 's/^\/\*-((Copyright|=|----).*)$/\/* $1/;' \
+ | indent | \
+ perl -0 -np \
+ -e 's/\/\*\*INDENT-(ON|OFF)\*\*\/\n//g;' \
+ | perl -np \
+ -e 's/(STACK_OF|LHASH_OF)_([^ \t,]+)_( |\/)/$1($2)$3/g;' \
+ -e 's/(STACK_OF|LHASH_OF)_([^ \t,]+)_$/$1($2)/g;' \
+ | perl "$HERE"/su-filter.pl \
+ > "$tmp"
+ else
+ expand "$j" | indent $INDENT_ARGS > "$tmp"
+ fi;
+ mv "$tmp" "$j"
+ ;;
+ esac
+ fi
+ done
+done
+
+
Copied: vendor-crypto/openssl/0.9.8zf/util/su-filter.pl (from rev 6976, vendor-crypto/openssl/dist/util/su-filter.pl)
===================================================================
--- vendor-crypto/openssl/0.9.8zf/util/su-filter.pl (rev 0)
+++ vendor-crypto/openssl/0.9.8zf/util/su-filter.pl 2015-03-20 00:02:03 UTC (rev 6977)
@@ -0,0 +1,260 @@
+#!/usr/bin/env perl
+#
+# su-filter.pl
+#
+use strict;
+
+my $in_su = 0;
+my $indent = 0;
+my $out;
+my $braces = 0;
+my $arrcnt;
+my $data;
+my $tststr;
+my $incomm = 0;
+
+while(<>) {
+ $tststr = $_;
+ $incomm++ while $tststr =~ /\/\*/g;
+ $incomm-- while $tststr =~ /\*\//g;
+
+ if($in_su == 1) {
+ if(/}(.*);/) {
+ $out .= $_;
+ do_output($out);
+ $in_su = 0;
+ } elsif(/^ *\} [^\s]+(\[\d*\])* = \{/) {
+ $tststr = $1;
+ $arrcnt = 0;
+ $arrcnt++ while $tststr =~ /\[/g;
+ $in_su++;
+ $braces = 1;
+ /^(.* = \{)(.*)$/;
+ $data = $2;
+ $out .= $1."\n";
+ } else {
+ $out .= $_;
+ }
+ } elsif($in_su == 2) {
+ $data .= $_;
+ if(/};$/) {
+ #$data = "\n$data";
+ $data =~ s/\n */\n/g;
+ $data =~ s/};\n?//s;
+ my @strucdata = structureData($data);
+ $out .= displayData($indent, 0, \@strucdata);
+ $out .= "\n$indent};\n";
+ do_output($out);
+ $in_su = 0;
+ }
+ } elsif($incomm <= 0 && /( *)(static )?(const )?(union|struct) ([^\s]+ )?\{/) {
+ $in_su = 1;
+ $indent = $1;
+ $out = $_;
+ next;
+ } else {
+ do_output($_);
+ }
+}
+
+
+sub structureData {
+ my $data = $_[0];
+ my @datalist = split(/(\{|\}|,|"|#|\n|\/\*|\*\/|\(|\))/, $data);
+ my $item;
+ my $dataitem = "";
+ my @struclist = ();
+ my $substruc;
+ my $inquote = 0;
+ my $inbrace = 0;
+ my $preproc = 0;
+ my $comment = 0;
+ my $inparen = 0;
+
+
+ foreach $item (@datalist) {
+ if($comment) {
+ if($item eq "*/") {
+ $comment = 0;
+ $dataitem .= "*/";
+ push @struclist, $dataitem;
+ $dataitem = "";
+ next;
+ }
+ $dataitem .= $item;
+ next;
+ }
+ if($inquote) {
+ $dataitem .= $item;
+ if($item eq "\"") {
+ $inquote--;
+ }
+ next;
+ }
+ if($preproc) {
+ if($item eq "\n") {
+ $preproc = 0;
+ push @struclist, $dataitem;
+ $dataitem = "";
+ next;
+ }
+ $dataitem .= $item;
+ next;
+ }
+ if($inbrace) {
+ if($item eq "}") {
+ $inbrace --;
+
+ if(!$inbrace) {
+ $substruc = structureData($dataitem);
+ $dataitem = $substruc;
+ next;
+ }
+ } elsif($item eq "{") {
+ $inbrace++;
+ } elsif ($item eq "\"") {
+ $inquote++;
+ }
+ $dataitem .= $item;
+ next;
+ }
+ if($inparen) {
+ if($item eq ")") {
+ $inparen--;
+ }
+ $dataitem .= $item;
+ next;
+ }
+ if($item eq "\n") {
+ next;
+ }
+ if($item eq "#") {
+ $preproc = 1;
+ push @struclist, $dataitem;
+ $dataitem = "#";
+ next;
+ }
+ if($item eq "/*") {
+ $comment = 1;
+ push @struclist, $dataitem;
+ $dataitem= "/*";
+ next;
+ }
+ if($item eq "\"") {
+ $dataitem .= $item;
+ $inquote++;
+ next;
+ }
+ if($item eq "{") {
+ $inbrace++;
+ next;
+ }
+ if($item eq ",") {
+ push @struclist, $dataitem;
+ $dataitem = "";
+ next;
+ }
+ if($item eq "(") {
+ $dataitem .= $item;
+ $inparen++;
+ next;
+ }
+ if($item =~ /^\s*$/) {
+ next;
+ }
+ if(ref $dataitem eq 'ARRAY') {
+ push @struclist, $dataitem;
+ $dataitem = "";
+ }
+ $dataitem .= $item;
+ }
+ push @struclist, $dataitem;
+ return \@struclist;
+}
+
+sub displayData {
+ my $indent = shift;
+ my $depth = shift;
+ my $data = shift;
+ my $item;
+ my $out = "";
+ my $currline = "";
+ my $first = 1;
+ my $prevpreproc = 0;
+ my $prevcomment = 0;
+
+ foreach $item (@{$data}) {
+ if($item =~ /^\/\*/) {
+ #Comment
+ $item =~ s/\n/\n$indent/g;
+ if($out =~ /\n\s*$/s) {
+ $out .= $item."\n".$indent;
+ } else {
+ $out .= "\n".$indent.$item."\n".$indent;
+ }
+ $currline = $indent;
+ $prevcomment = 1;
+ next;
+ }
+ $item =~ s/^\s+//;
+ if($item =~ /^#/) {
+ #Pre-processor directive
+ if($out =~ /\n\s*$/s) {
+ $out =~ s/\n\s*$/\n/;
+ $out .= $item."\n".$indent;
+ } else {
+ $out .= "\n".$item."\n".$indent;
+ }
+ $currline = $indent;
+ $prevpreproc = 1;
+ next;
+ }
+ if($first) {
+ $first = 0;
+ if($depth != 0) {
+ $out .= $indent;
+ $currline = $indent;
+ }
+ } else {
+ if(!$prevpreproc && !$prevcomment) {
+ $out .= ", ";
+ $currline .= ", ";
+ if($depth == 1) {
+ $out .= "\n";
+ $currline = "";
+ }
+ if($depth == 1) {
+ $out .= $indent;
+ $currline .= $indent;
+ }
+ }
+
+ }
+ $prevpreproc = 0;
+ $prevcomment = 0;
+
+ if (ref $item eq 'ARRAY') {
+ if($depth == 0) {
+ $out .= displayData("$indent ", $depth+1, $item);
+ } else {
+ $out .= "{\n".displayData("$indent ", $depth+1, $item)."\n".$indent."}";
+ $currline = $indent."}";
+ }
+ } else {
+ if(length $currline.$item > 79) {
+ $currline = $indent;
+ $out .= "\n$indent";
+ }
+ $out .= $item;
+ $currline .= $item;
+ }
+ }
+ return $out;
+}
+
+sub do_output {
+ my $out = shift;
+ # Strip any trailing whitespace
+ $out =~ s/\s+\n/\n/g;
+ print $out;
+}
More information about the Midnightbsd-cvs
mailing list